Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 413443 - www-apps/bugzilla-4.2.1 - missing excutable bit for scripts
Summary: www-apps/bugzilla-4.2.1 - missing excutable bit for scripts
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Server (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Andrew Hamilton
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-04-25 06:26 UTC by Alon Bar-Lev
Modified: 2013-10-21 02:43 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
revised ebuild for bugzilla 4.2.5 (bugzilla-4.2.5-r1.ebuild,2.98 KB, text/plain)
2013-09-20 02:02 UTC, Andrew Hamilton
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Alon Bar-Lev 2012-04-25 06:26:32 UTC
Hello,

At tarball, *.pl except of mod_perl.pl is executable:
# ls -la *.pl
---
-rwxrwxr-x 1 501 501 16958 Apr 18 23:32 checksetup.pl
-rwxrwxr-x 1 501 501 19292 Apr 18 23:32 collectstats.pl
-rwxrwxr-x 1 501 501 18364 Apr 18 23:32 email_in.pl
-rwxrwxr-x 1 501 501 49698 Apr 18 23:32 importxml.pl
-rwxrwxr-x 1 501 501  4962 Apr 18 23:32 install-module.pl
-rwxrwxr-x 1 501 501  2988 Apr 18 23:32 jobqueue.pl
-rwxrwxr-x 1 501 501  3350 Apr 18 23:32 migrate.pl
-rw-rw-r-- 1 501 501  5262 Apr 18 23:32 mod_perl.pl
-rwxrwxr-x 1 501 501  1152 Apr 18 23:32 runtests.pl
-rwxrwxr-x 1 501 501  3152 Apr 18 23:32 sanitycheck.pl
-rwxrwxr-x 1 501 501  8676 Apr 18 23:32 testserver.pl
-rwxrwxr-x 1 501 501  3121 Apr 18 23:32 whineatnews.pl
-rwxrwxr-x 1 501 501 25065 Apr 18 23:32 whine.pl
---

At installation:
---
# ls -la *.pl
-rwxr--r-- 2 root root 16958 Apr 24 14:23 checksetup.pl
-rw-r--r-- 2 root root 19292 Apr 24 14:23 collectstats.pl
-rw-r--r-- 2 root root 18364 Apr 24 14:23 email_in.pl
-rw-r--r-- 2 root root 49698 Apr 24 14:23 importxml.pl
-rw-r--r-- 2 root root  4962 Apr 24 14:23 install-module.pl
-rwxr--r-- 2 root root  2988 Apr 24 14:23 jobqueue.pl
-rw-r--r-- 2 root root  3350 Apr 24 14:23 migrate.pl
-rw-r--r-- 2 root root  5262 Apr 24 14:23 mod_perl.pl
-rw-r--r-- 2 root root  1152 Apr 24 14:23 runtests.pl
-rw-r--r-- 2 root root  3152 Apr 24 14:23 sanitycheck.pl
-rw-r--r-- 2 root root  8676 Apr 24 14:23 testserver.pl
-rw-r--r-- 2 root root  3121 Apr 24 14:23 whineatnews.pl
-rw-r--r-- 1 root root    14 Apr 24 16:04 whine.pl
---

Looking at ebuild, it seems that ebuild maintainer selected some special files to be executable, and not all as in upstream...
---
    chmod u+x "${D}${MY_HTDOCSDIR}"/jobqueue.pl

    # configuration must be executable
    chmod u+x "${D}${MY_HTDOCSDIR}"/checksetup.pl
---

Any reason for that?
Comment 1 Andrew Hamilton 2013-09-18 03:14:33 UTC
Taking proxy-maintenance of this bug with the approval of twitch153 and the mentorship of creffett.

The majority of the perl files being -x does not appear to cause any problems with the operation of bugzilla. Therefore, I am marking the bug as wontfix, please reopen if there are any known problems with these files being -x
Comment 2 Alon Bar-Lev gentoo-dev 2013-09-18 06:32:20 UTC
(In reply to Andrew Hamilton from comment #1)
> Taking proxy-maintenance of this bug with the approval of twitch153 and the
> mentorship of creffett.
> 
> The majority of the perl files being -x does not appear to cause any
> problems with the operation of bugzilla. Therefore, I am marking the bug as
> wontfix, please reopen if there are any known problems with these files
> being -x

Do you actually use bugzilla?

For example email_in.pl[1], this is a utility that should be executed directly, as well as other scripts[2].

Please fix that, so we don't need to manual modify file mode, nor add explicit perl.

Thanks.

[1] http://www.bugzilla.org/docs/4.0/en/html/api/email_in.html
[2] http://www.bugzilla.org/docs/tip/en/html/extraconfig.html#installation-whining-cron
Comment 3 Andrew Hamilton 2013-09-20 01:56:25 UTC
Fix added to the 4.4 ebuild attached to Bug 476470. I will backport to 4.2.5 shortly.

I do in fact maintain a Bugzilla installation where I work and use it on a daily basis. I have simply never had reason to use those perl scripts. When I looked at the files and their permissions, it appeared that the executable bit had been removed to improve security.

A simple "This is why they should be executable as upstream provides them" would have been more than sufficient for me to fix this bug without the need to question my experience with Bugzilla.
Comment 4 Andrew Hamilton 2013-09-20 02:02:52 UTC
Created attachment 359082 [details]
revised ebuild for bugzilla 4.2.5

This revised ebuild fixes Bug 413443 as well as Bug 252128
Comment 5 Alon Bar-Lev gentoo-dev 2013-09-20 06:29:19 UTC
(In reply to Andrew Hamilton from comment #4)
> Created attachment 359082 [details]
> revised ebuild for bugzilla 4.2.5
> 
> This revised ebuild fixes Bug 413443 as well as Bug 252128

Thanks.

Usually attaching diff of ebuild is better to see what changed and to apply these changes even if ebuild was changed a bit from post.

I suggest to modify the following:
---
    insinto "${MY_HTDOCSDIR}"
    doins -r . || die
---

To explicit doins with insopts modified instead of post change.

Or not to use doins and just cp -R.

This will allow you to be better future compatible with upstream changes.
Comment 6 Chris Reffett gentoo-dev Security 2013-10-21 02:43:52 UTC
Fixed in latest bump.