git: 7182e7a63684 - main - textproc/rubygem-dartsass: fix security problem
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 27 Oct 2023 07:25:58 UTC
The branch main has been updated by mfechner:
URL: https://cgit.FreeBSD.org/ports/commit/?id=7182e7a63684aeda919490915f2b9015fdf839dd
commit 7182e7a63684aeda919490915f2b9015fdf839dd
Author: Matthias Fechner <mfechner@FreeBSD.org>
AuthorDate: 2023-10-27 07:24:35 +0000
Commit: Matthias Fechner <mfechner@FreeBSD.org>
CommitDate: 2023-10-27 07:25:40 +0000
textproc/rubygem-dartsass: fix security problem
The port installed file that are world writeable.
Fix this problem.
It is also reported upstream:
https://github.com/ayushn21/dartsass-ruby/issues/1
---
textproc/rubygem-dartsass/Makefile | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/textproc/rubygem-dartsass/Makefile b/textproc/rubygem-dartsass/Makefile
index 65f761721e21..5bcbb045e012 100644
--- a/textproc/rubygem-dartsass/Makefile
+++ b/textproc/rubygem-dartsass/Makefile
@@ -1,5 +1,6 @@
PORTNAME= dartsass
PORTVERSION= 1.49.8
+PORTREVISION= 1
CATEGORIES= textproc ruby
MASTER_SITES= RG
@@ -13,4 +14,12 @@ USES= gem
PLIST_FILES= bin/dartsass
+# The port installs binaries world writeable
+# Reported upstream here: https://github.com/ayushn21/dartsass-ruby/issues/1
+# Fix this here, till they provide an upstream fix for this security problem
+post-extract:
+ ${CHMOD} 0755 ${WRKSRC}/exe/linux/sass
+ ${CHMOD} 0755 ${WRKSRC}/exe/darwin/sass
+ ${CHMOD} 0755 ${WRKSRC}/exe/darwin/src/dart
+
.include <bsd.port.mk>