- fixed bz#1348507 - Arbitrary code execution due to insecure loading

of Python module from CWD
This commit is contained in:
Than Ngo 2017-07-26 17:50:00 +02:00
parent 354f721d39
commit f74647474b
4 changed files with 15 additions and 11 deletions

View File

@ -1,8 +1,8 @@
#!/bin/sh #!/bin/sh
@PYTHON3@ -c "import PyQt5.pylupdate_main" &> /dev/null @PYTHON3@ -Ic "import PyQt5.pylupdate_main" &> /dev/null
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
exec @PYTHON3@ -m PyQt5.pylupdate_main ${1+"$@"} exec @PYTHON3@ -Im PyQt5.pylupdate_main ${1+"$@"}
else else
exec @PYTHON2@ -m PyQt5.pylupdate_main ${1+"$@"} exec @PYTHON2@ -Esm PyQt5.pylupdate_main ${1+"$@"}
fi fi

View File

@ -1,7 +1,7 @@
#!/bin/sh #!/bin/sh
@PYTHON3@ -c "import PyQt5.pyrcc_main" &> /dev/null @PYTHON3@ -Ic "import PyQt5.pyrcc_main" &> /dev/null
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
exec @PYTHON3@ -m PyQt5.pyrcc_main ${1+"$@"} exec @PYTHON3@ -Im PyQt5.pyrcc_main ${1+"$@"}
else else
exec @PYTHON2@ -m PyQt5.pyrcc_main ${1+"$@"} exec @PYTHON2@ -Esm PyQt5.pyrcc_main ${1+"$@"}
fi fi

View File

@ -20,7 +20,7 @@
Summary: PyQt5 is Python bindings for Qt5 Summary: PyQt5 is Python bindings for Qt5
Name: python-qt5 Name: python-qt5
Version: 5.9 Version: 5.9
Release: 2%{?dist} Release: 3%{?dist}
# all BSD, except for GPLv2+ dbus bindings and examples # all BSD, except for GPLv2+ dbus bindings and examples
License: BSD and GPLv2+ License: BSD and GPLv2+
@ -456,6 +456,10 @@ sed -i \
%changelog %changelog
* Wed Jul 26 2017 Than Ngo <than@redhat.com> - 5.9-3
- fixed bz#1348507 - Arbitrary code execution due to insecure loading
of Python module from CWD
* Wed Jul 19 2017 Rex Dieter <rdieter@fedoraproject.org> - 5.9-2 * Wed Jul 19 2017 Rex Dieter <rdieter@fedoraproject.org> - 5.9-2
- rebuild (qt5) - rebuild (qt5)

View File

@ -1,7 +1,7 @@
#!/bin/sh #!/bin/sh
@PYTHON3@ -c "import PyQt5.uic.pyuic" &> /dev/null @PYTHON3@ -Ic "import PyQt5.uic.pyuic" &> /dev/null
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
exec @PYTHON3@ -m PyQt5.uic.pyuic ${1+"$@"} exec @PYTHON3@ -Im PyQt5.uic.pyuic ${1+"$@"}
else else
exec @PYTHON2@ -m PyQt5.uic.pyuic ${1+"$@"} exec @PYTHON2@ -Esm PyQt5.uic.pyuic ${1+"$@"}
fi fi