1 files changed, 0 insertions, 38 deletions

diff --git a/python/pywayland/CVE_2007_4559.patch b/python/pywayland/CVE_2007_4559.patch
deleted file mode 100644
index 437747cecb..0000000000
--- a/python/pywayland/CVE_2007_4559.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-This patch was taken from upstream pywayland 0.4.15:
-https://github.com/flacjacket/pywayland/pull/42
---- a/doc/protocol_build.py	2022-07-24 11:03:10.000000000 -0700
-+++ b/doc/protocol_build.py	2022-12-20 20:00:48.659884422 -0800
-@@ -14,6 +14,24 @@
-     )
- )
- 
-+def _is_within_directory(directory, target):
-+    """Helper to check for CVE-2007-4559"""
-+    abs_directory = os.path.abspath(directory)
-+    abs_target = os.path.abspath(target)
-+
-+    prefix = os.path.commonprefix([abs_directory, abs_target])
-+
-+    return prefix == abs_directory
-+
-+
-+def _safe_extractall(tar, path=".", members=None, *, numeric_owner=False):
-+    """Helper to check for CVE-2007-4559"""
-+    for member in tar.getmembers():
-+        member_path = os.path.join(path, member.name)
-+        if not is_within_directory(path, member_path):
-+            raise Exception("Attempted Path Traversal in Tar File")
-+
-+    tar.extractall(path, members, numeric_owner=numeric_owner) 
- 
- def protocols_build(output_dir):
-     from pywayland.scanner import Protocol
-@@ -26,7 +44,7 @@
-     protocol_dest = "wayland-protocols-{}".format(protocols_version)
-     urllib.request.urlretrieve(protocols_source, protocol_dest + ".tar.xz")
-     with tarfile.open(protocol_dest + ".tar.xz") as f:
--        f.extractall()
-+        _safe_extractall(f)
- 
-     # walk the directory and generate all the protocols
-     protocol_files = [wayland_file] + sorted(