PR: ports/136065 ports/127469
Submitted by: N.J. Mann <njm@njm.me.uk> and Aldis Berjoza <killasmurf86@gmail.com>
- Early identify port CONFLICTS
PR: 137855
Submitted by: Piotr Smyrak <smyru@heron.pl>
- Add --no-same-permissions to the EXTRACT_AFTER_ARGS command.
Tijl Coosemans has been reported an issue that when root is extracting from the
tarball, and the tarball contains world writable files
(sysutils/policykit as an example), there is a chance that the files
gets changed by malicious third parties right after the extraction,
which makes it possible to inject code into the package thus compromise
the system.
Submitted by: Tijl Coosemans <tijl@coosemans.org> Xin LI (delphij@)
- Fix some whitespaces
Tested with: exp-run
8ca9f0d689