diff options
| author | Isaac Yu <isaacyu1@isaacyu1.com> | 2022-12-20 20:36:51 -0800 |
|---|---|---|
| committer | Willy Sudiarto Raharjo <willysr@slackbuilds.org> | 2022-12-21 11:57:49 +0700 |
| commit | 9a27b06d2a98694356bc2c1970ae7f47bfc72a86 (patch) | |
| tree | c6caeb3e797ce9f1edddc4c36125dab012183a3f | |
| parent | 8dd9d663341eb2f4dbb3f52c0607cf990b89cd13 (diff) | |
python/pywayland: Add CVE-2007-4559 patch, update README
Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
| -rw-r--r-- | python/pywayland/CVE_2007_4559.patch | 38 | ||||
| -rw-r--r-- | python/pywayland/README | 3 | ||||
| -rw-r--r-- | python/pywayland/pywayland.SlackBuild | 6 |
3 files changed, 46 insertions, 1 deletions
diff --git a/python/pywayland/CVE_2007_4559.patch b/python/pywayland/CVE_2007_4559.patch new file mode 100644 index 000000000000..437747cecbcb --- /dev/null +++ b/python/pywayland/CVE_2007_4559.patch @@ -0,0 +1,38 @@ +This patch was taken from upstream pywayland 0.4.15: +https://github.com/flacjacket/pywayland/pull/42 +--- a/doc/protocol_build.py 2022-07-24 11:03:10.000000000 -0700 ++++ b/doc/protocol_build.py 2022-12-20 20:00:48.659884422 -0800 +@@ -14,6 +14,24 @@ + ) + ) + ++def _is_within_directory(directory, target): ++ """Helper to check for CVE-2007-4559""" ++ abs_directory = os.path.abspath(directory) ++ abs_target = os.path.abspath(target) ++ ++ prefix = os.path.commonprefix([abs_directory, abs_target]) ++ ++ return prefix == abs_directory ++ ++ ++def _safe_extractall(tar, path=".", members=None, *, numeric_owner=False): ++ """Helper to check for CVE-2007-4559""" ++ for member in tar.getmembers(): ++ member_path = os.path.join(path, member.name) ++ if not is_within_directory(path, member_path): ++ raise Exception("Attempted Path Traversal in Tar File") ++ ++ tar.extractall(path, members, numeric_owner=numeric_owner) + + def protocols_build(output_dir): + from pywayland.scanner import Protocol +@@ -26,7 +44,7 @@ + protocol_dest = "wayland-protocols-{}".format(protocols_version) + urllib.request.urlretrieve(protocols_source, protocol_dest + ".tar.xz") + with tarfile.open(protocol_dest + ".tar.xz") as f: +- f.extractall() ++ _safe_extractall(f) + + # walk the directory and generate all the protocols + protocol_files = [wayland_file] + sorted( diff --git a/python/pywayland/README b/python/pywayland/README index a37152397ad4..6695b8b85bf8 100644 --- a/python/pywayland/README +++ b/python/pywayland/README @@ -1,3 +1,6 @@ PyWayland provides a wrapper to the libwayland library using the CFFI library to provide access to the Wayland library calls and written in pure Python. + +pywayland 0.4.14 is the last possible version for Slackware 15.0. +Newer versions of pywayland require a newer python-setuptools. diff --git a/python/pywayland/pywayland.SlackBuild b/python/pywayland/pywayland.SlackBuild index 4116ce1750cc..85ee42c6619e 100644 --- a/python/pywayland/pywayland.SlackBuild +++ b/python/pywayland/pywayland.SlackBuild @@ -26,7 +26,7 @@ cd $(dirname $0) ; CWD=$(pwd) PRGNAM=pywayland VERSION=${VERSION:-0.4.14} -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} TAG=${TAG:-_SBo} PKGTYPE=${PKGTYPE:-tgz} @@ -79,6 +79,10 @@ find -L . \ \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \ -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \; +# Backport patch from pywayland 0.4.15 for directory traversal vulnerability +# The patch is relevant for building docs +patch -p1 < $CWD/CVE_2007_4559.patch + python3 setup.py install --root=$PKG find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \ |