aboutsummaryrefslogtreecommitdiff
path: root/python
diff options
context:
space:
mode:
authorIsaac Yu <isaacyu1@isaacyu1.com>2022-12-20 20:36:51 -0800
committerWilly Sudiarto Raharjo <willysr@slackbuilds.org>2022-12-21 11:57:49 +0700
commit9a27b06d2a98694356bc2c1970ae7f47bfc72a86 (patch)
treec6caeb3e797ce9f1edddc4c36125dab012183a3f /python
parent8dd9d663341eb2f4dbb3f52c0607cf990b89cd13 (diff)
python/pywayland: Add CVE-2007-4559 patch, update README
Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
Diffstat (limited to 'python')
-rw-r--r--python/pywayland/CVE_2007_4559.patch38
-rw-r--r--python/pywayland/README3
-rw-r--r--python/pywayland/pywayland.SlackBuild6
3 files changed, 46 insertions, 1 deletions
diff --git a/python/pywayland/CVE_2007_4559.patch b/python/pywayland/CVE_2007_4559.patch
new file mode 100644
index 0000000000000..437747cecbcba
--- /dev/null
+++ b/python/pywayland/CVE_2007_4559.patch
@@ -0,0 +1,38 @@
+This patch was taken from upstream pywayland 0.4.15:
+https://github.com/flacjacket/pywayland/pull/42
+--- a/doc/protocol_build.py 2022-07-24 11:03:10.000000000 -0700
++++ b/doc/protocol_build.py 2022-12-20 20:00:48.659884422 -0800
+@@ -14,6 +14,24 @@
+ )
+ )
+
++def _is_within_directory(directory, target):
++ """Helper to check for CVE-2007-4559"""
++ abs_directory = os.path.abspath(directory)
++ abs_target = os.path.abspath(target)
++
++ prefix = os.path.commonprefix([abs_directory, abs_target])
++
++ return prefix == abs_directory
++
++
++def _safe_extractall(tar, path=".", members=None, *, numeric_owner=False):
++ """Helper to check for CVE-2007-4559"""
++ for member in tar.getmembers():
++ member_path = os.path.join(path, member.name)
++ if not is_within_directory(path, member_path):
++ raise Exception("Attempted Path Traversal in Tar File")
++
++ tar.extractall(path, members, numeric_owner=numeric_owner)
+
+ def protocols_build(output_dir):
+ from pywayland.scanner import Protocol
+@@ -26,7 +44,7 @@
+ protocol_dest = "wayland-protocols-{}".format(protocols_version)
+ urllib.request.urlretrieve(protocols_source, protocol_dest + ".tar.xz")
+ with tarfile.open(protocol_dest + ".tar.xz") as f:
+- f.extractall()
++ _safe_extractall(f)
+
+ # walk the directory and generate all the protocols
+ protocol_files = [wayland_file] + sorted(
diff --git a/python/pywayland/README b/python/pywayland/README
index a37152397ad49..6695b8b85bf83 100644
--- a/python/pywayland/README
+++ b/python/pywayland/README
@@ -1,3 +1,6 @@
PyWayland provides a wrapper to the libwayland library using the CFFI
library to provide access to the Wayland library calls and written in
pure Python.
+
+pywayland 0.4.14 is the last possible version for Slackware 15.0.
+Newer versions of pywayland require a newer python-setuptools.
diff --git a/python/pywayland/pywayland.SlackBuild b/python/pywayland/pywayland.SlackBuild
index 4116ce1750cc8..85ee42c6619ef 100644
--- a/python/pywayland/pywayland.SlackBuild
+++ b/python/pywayland/pywayland.SlackBuild
@@ -26,7 +26,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PRGNAM=pywayland
VERSION=${VERSION:-0.4.14}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
TAG=${TAG:-_SBo}
PKGTYPE=${PKGTYPE:-tgz}
@@ -79,6 +79,10 @@ find -L . \
\( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
-o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;
+# Backport patch from pywayland 0.4.15 for directory traversal vulnerability
+# The patch is relevant for building docs
+patch -p1 < $CWD/CVE_2007_4559.patch
+
python3 setup.py install --root=$PKG
find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \