Bug 3053 - some rpm provide doc files with restricted permissions (only root can read them)
Summary: some rpm provide doc files with restricted permissions (only root can read them)
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Low enhancement
Target Milestone: ---
Assignee: Mageia Bug Squad
QA Contact:
URL:
Whiteboard:
Keywords: Junior_job
Depends on: 2156 3052 3054 3055 3330
Blocks:
  Show dependency treegraph
 
Reported: 2011-10-15 01:00 CEST by Philippe Didier
Modified: 2012-04-20 15:56 CEST (History)
3 users (show)

See Also:
Source RPM:
CVE:
Status comment:


Attachments

Description Philippe Didier 2011-10-15 01:00:15 CEST
This may be a tracker for a little cosmetic problem

If someone encounter such a problem, he may add the rpm to the list with the number of the bug report

for instance there's this one
perl-Curses bug 3052
Philippe Didier 2011-10-15 01:00:28 CEST

Depends on: (none) => 3052

Philippe Didier 2011-10-15 01:01:42 CEST

Keywords: (none) => Junior_job
Priority: Normal => Low
Severity: normal => enhancement

Philippe Didier 2011-10-15 01:19:08 CEST

Depends on: (none) => 3054

Comment 1 Philippe Didier 2011-10-15 01:33:46 CEST
perl-FCGI bug 3054
Philippe Didier 2011-10-15 01:42:26 CEST

Depends on: (none) => 3055

Comment 2 Philippe Didier 2011-10-15 01:43:50 CEST
iwlwifi-4965-ucode bug 3055
Comment 3 Philippe Didier 2011-10-15 02:09:52 CEST
Additional list :
SRPM                :  doc file with read permission for root only

lockdev             :  /usr/share/doc/liblockdev1/LSB.991201
python-feedparser   :  /usr/share/doc/python-feedparser/LICENSE & README
tcb                 :  /usr/share/doc/tcb/LICENSE
libgd2              :  /usr/share/doc/libgd2/README.TXT
perl-DBI            :  /usr/share/doc/perl-DBI/META.yml
readline            :  /usr/share/doc/libreadline-devel/examples/rlfe/Changelog
quota               :  /usr/share/doc/quota/ldap-scripts/setquota-ldap.pl

Need to write a bug report for each of them ?
Or may we ask an apprentice to look at them all ?
Comment 4 Kamil Rytarowski 2011-11-13 21:20:37 CET
feh https://bugs.mageia.org/show_bug.cgi?id=3330

CC: (none) => krytarowski

Kamil Rytarowski 2011-11-13 21:21:00 CET

Depends on: (none) => 3330

Comment 5 Barry Jackson 2011-12-02 01:02:26 CET
(In reply to comment #3)
> Additional list :
> SRPM                :  doc file with read permission for root only
> 
> lockdev             :  /usr/share/doc/liblockdev1/LSB.991201
> python-feedparser   :  /usr/share/doc/python-feedparser/LICENSE & README
> tcb                 :  /usr/share/doc/tcb/LICENSE
> libgd2              :  /usr/share/doc/libgd2/README.TXT
> perl-DBI            :  /usr/share/doc/perl-DBI/META.yml
> readline            :  /usr/share/doc/libreadline-devel/examples/rlfe/Changelog
> quota               :  /usr/share/doc/quota/ldap-scripts/setquota-ldap.pl
> 
> Need to write a bug report for each of them ?
> Or may we ask an apprentice to look at them all ?

I can work my way through these. 
They need fixing in mga1 as well as mga2, should I also push fixes to 1/updates_testing?

CC: (none) => zen25000

Comment 6 Barry Jackson 2011-12-05 23:05:36 CET
Update :-
lockdev fixed
python-feedparser was already fixed
tcb fixed
Comment 7 Barry Jackson 2011-12-06 00:42:41 CET
Update :-
gd fixed

Note: I am fixing these in Cauldron.
Comment 8 Barry Jackson 2011-12-07 01:32:26 CET
Update :
perl-DBI fixed

Currently, neither readline nor quota will build in Cauldron but I am working on them.
Barry Jackson 2011-12-14 23:09:26 CET

Depends on: (none) => 2156

Comment 9 Barry Jackson 2011-12-15 22:20:21 CET
Update :- 
readline fixed

(In reply to comment #3)
Regarding quota - is there really an issue? 
Does that perl script really need to be changed? (it's 600 ATM)
If it is an error and something is broken as a result, then would you please confirm this with more detail - thanks.
Comment 10 Guillaume Rousse 2012-04-18 22:04:15 CEST
There is no point shipping root-only files, especially for documentation. Either you ship them with standard permissions (644/755), or you don't ship them at all.

And there is no use to provide them as update candidates, mainly because this kind of problem doesn't qualify for an update, which are reserved for security issues and heavy problems.

CC: (none) => guillomovitch

Comment 11 Barry Jackson 2012-04-20 15:21:41 CEST
(In reply to comment #10)
> There is no point shipping root-only files, especially for documentation.
> Either you ship them with standard permissions (644/755), or you don't ship
> them at all.
> 
OK

> And there is no use to provide them as update candidates, mainly because this
> kind of problem doesn't qualify for an update, which are reserved for security
> issues and heavy problems.

I have quota-4.00 (current in Cauldron is 3.17) ready to commit, however I don't want to commit, if there is no chance of it being pushed due to freeze. There were several patches that needed removing or re-making, this permissions bug is fixed upstream in 4.00. 

Alternatively I can fix this bug in 3.17 for Cauldron. 

WDYT?
Comment 12 Barry Jackson 2012-04-20 15:56:30 CEST
Answered on IRC - fixed in Cauldron for version 3.17.

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.