From c1ab788aba6915cfc8e94c4672f165a6e9bde724 Mon Sep 17 00:00:00 2001 From: Than Ngo Date: Thu, 27 Jul 2017 10:35:46 +0200 Subject: [PATCH] fixed bz#1348507, pyqt5 with python2 in isolated mode --- pylupdate5.sh | 2 +- pyrcc5.sh | 2 +- python-qt5.spec | 5 ++++- pyuic5.sh | 2 +- 4 files changed, 7 insertions(+), 4 deletions(-) diff --git a/pylupdate5.sh b/pylupdate5.sh index a2e98b9..6cbd193 100644 --- a/pylupdate5.sh +++ b/pylupdate5.sh @@ -3,6 +3,6 @@ if [ $? -eq 0 ]; then exec @PYTHON3@ -Im PyQt5.pylupdate_main ${1+"$@"} else - exec @PYTHON2@ -Esm PyQt5.pylupdate_main ${1+"$@"} + exec @PYTHON2@ -c "import sys; del sys.path[0]; import PyQt5.pylupdate_main; PyQt5.pylupdate_main.main()" ${1+"$@"} fi diff --git a/pyrcc5.sh b/pyrcc5.sh index 8db00f6..ae40c01 100644 --- a/pyrcc5.sh +++ b/pyrcc5.sh @@ -3,5 +3,5 @@ if [ $? -eq 0 ]; then exec @PYTHON3@ -Im PyQt5.pyrcc_main ${1+"$@"} else - exec @PYTHON2@ -Esm PyQt5.pyrcc_main ${1+"$@"} + exec @PYTHON2@ -c "import sys; del sys.path[0]; import PyQt5.pyrcc_main; PyQt5.pyrcc_main.main()" ${1+"$@"} fi diff --git a/python-qt5.spec b/python-qt5.spec index 0e79aeb..b2739eb 100644 --- a/python-qt5.spec +++ b/python-qt5.spec @@ -20,7 +20,7 @@ Summary: PyQt5 is Python bindings for Qt5 Name: python-qt5 Version: 5.9 -Release: 3%{?dist} +Release: 4%{?dist} # all BSD, except for GPLv2+ dbus bindings and examples License: BSD and GPLv2+ @@ -456,6 +456,9 @@ sed -i \ %changelog +* Thu Jul 27 2017 Than Ngo - 5.9-4 +- fixed bz#1348507, pyqt5 with python2 in isolated mode + * Wed Jul 26 2017 Than Ngo - 5.9-3 - fixed bz#1348507 - Arbitrary code execution due to insecure loading of Python module from CWD diff --git a/pyuic5.sh b/pyuic5.sh index 10c26fa..d06348d 100644 --- a/pyuic5.sh +++ b/pyuic5.sh @@ -3,5 +3,5 @@ if [ $? -eq 0 ]; then exec @PYTHON3@ -Im PyQt5.uic.pyuic ${1+"$@"} else - exec @PYTHON2@ -Esm PyQt5.uic.pyuic ${1+"$@"} + exec @PYTHON2@ -c "import sys; del sys.path[0]; import PyQt5.uic.pyuic; PyQt5.uic.pyuic.main()" ${1+"$@"} fi