Bug 28614 - LibreCAD: File permissions on shared user resources needlessly set to executable.
Summary: LibreCAD: File permissions on shared user resources needlessly set to execut...
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact:
URL:
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2021-03-18 22:29 CET by John L. ten Wolde
Modified: 2021-04-02 22:26 CEST (History)
3 users (show)

See Also:
Source RPM: librecad-data-2.1.3-12.mga8 ; librecad-parts-2.1.3-12.mga8
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description John L. ten Wolde 2021-03-18 22:29:25 CET 
Hey there gents.  The summary in my subject line pretty much says it all.  Take a peek in (or run tree on)

    /usr/share/librecad

Practically every file in its subdirectories is set to executable.  All that's contained there are shared LFF fonts, DXF part blocks and hatch patterns, as well as QM files.  I'm not sure what those QM ones are for, but they appear to be i18n, so my guess is UI translations (?).  Anyway, there's no need for any of that stuff to be executable.

Errant RPMs:

    librecad-data-2.1.3-12.mga8
    librecad-parts-2.1.3-12.mga8


Thanks for attending to this issue and all your hard work besides.  Mageia 8 is great!
Comment 1 David GEIGER 2021-03-19 08:02:34 CET 
Assigning to QA now,


Advisory:
========================

In our current librecad package all data files (i18n, fonts, parts, patterns, etc) are set with a wrong permission as they are executable and this is really not needed.
So this update fixes this issue.

========================

Packages in 8/core/updates_testing:
========================
librecad-plugins-2.1.3-12.1.mga8.i586.rpm
librecad-2.1.3-12.1.mga8.i586.rpm
librecad-doc-2.1.3-12.1.mga8.noarch.rpm
librecad-parts-2.1.3-12.1.mga8.noarch.rpm
librecad-plugins-2.1.3-12.1.mga8.x86_64.rpm
librecad-2.1.3-12.1.mga8.x86_64.rpm
librecad-data-2.1.3-12.1.mga8.noarch.rpm

Source RPM: 
========================
librecad-2.1.3-12.1.mga8.src.rpm

Assignee: bugsquad => qa-bugs
CC: (none) => geiger.david68210

Comment 2 Thomas Andrews 2021-04-02 16:54:10 CEST 
Tested in a VirtualBox 64-bit Plasma guest.

Installed librecad packages, and checked /usr/share/librecad/ with Dolphin for files that were executable. None of the fonts were, but all of the patterns and a lot of other files that I didn't try to identify were, too. I ran the app, did some simple drawing, and it seemed to function correctly, anyway.

All packages updated cleanly. I checked /usr/share/librecad/ once more, and found the files that had been executable before no longer were. Ran the app again, did some simple drawing and played with a few more functions, all of which seemed to work OK.

Giving this a 64-bit OK and validating. Advisory in Comment 1.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Thomas Backlund 2021-04-02 21:28:59 CEST

Keywords: (none) => advisory

Comment 3 Mageia Robot 2021-04-02 22:26:29 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGAA-2021-0063.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.