- fixed bz#1348507 - Arbitrary code execution due to insecure loading

of Python module from CWD
This commit is contained in:
Than Ngo 2017-07-26 17:50:00 +02:00
parent 354f721d39
commit f74647474b
4 changed files with 15 additions and 11 deletions

View File

@ -1,8 +1,8 @@
#!/bin/sh
@PYTHON3@ -c "import PyQt5.pylupdate_main" &> /dev/null
@PYTHON3@ -Ic "import PyQt5.pylupdate_main" &> /dev/null
if [ $? -eq 0 ]; then
exec @PYTHON3@ -m PyQt5.pylupdate_main ${1+"$@"}
exec @PYTHON3@ -Im PyQt5.pylupdate_main ${1+"$@"}
else
exec @PYTHON2@ -m PyQt5.pylupdate_main ${1+"$@"}
exec @PYTHON2@ -Esm PyQt5.pylupdate_main ${1+"$@"}
fi

View File

@ -1,7 +1,7 @@
#!/bin/sh
@PYTHON3@ -c "import PyQt5.pyrcc_main" &> /dev/null
@PYTHON3@ -Ic "import PyQt5.pyrcc_main" &> /dev/null
if [ $? -eq 0 ]; then
exec @PYTHON3@ -m PyQt5.pyrcc_main ${1+"$@"}
exec @PYTHON3@ -Im PyQt5.pyrcc_main ${1+"$@"}
else
exec @PYTHON2@ -m PyQt5.pyrcc_main ${1+"$@"}
exec @PYTHON2@ -Esm PyQt5.pyrcc_main ${1+"$@"}
fi

View File

@ -18,9 +18,9 @@
%global rpm_macros_dir %(d=%{_rpmconfigdir}/macros.d; [ -d $d ] || d=%{_sysconfdir}/rpm; echo $d)
Summary: PyQt5 is Python bindings for Qt5
Name: python-qt5
Name: python-qt5
Version: 5.9
Release: 2%{?dist}
Release: 3%{?dist}
# all BSD, except for GPLv2+ dbus bindings and examples
License: BSD and GPLv2+
@ -456,6 +456,10 @@ sed -i \
%changelog
* Wed Jul 26 2017 Than Ngo <than@redhat.com> - 5.9-3
- fixed bz#1348507 - Arbitrary code execution due to insecure loading
of Python module from CWD
* Wed Jul 19 2017 Rex Dieter <rdieter@fedoraproject.org> - 5.9-2
- rebuild (qt5)

View File

@ -1,7 +1,7 @@
#!/bin/sh
@PYTHON3@ -c "import PyQt5.uic.pyuic" &> /dev/null
@PYTHON3@ -Ic "import PyQt5.uic.pyuic" &> /dev/null
if [ $? -eq 0 ]; then
exec @PYTHON3@ -m PyQt5.uic.pyuic ${1+"$@"}
exec @PYTHON3@ -Im PyQt5.uic.pyuic ${1+"$@"}
else
exec @PYTHON2@ -m PyQt5.uic.pyuic ${1+"$@"}
exec @PYTHON2@ -Esm PyQt5.uic.pyuic ${1+"$@"}
fi