From 3a5d21d87ab9e41e0368731b057563c76ec8031c Mon Sep 17 00:00:00 2001 From: B. Watson Date: Sun, 29 Mar 2020 14:58:19 -0400 Subject: accessibility/xdotool: Fix potential security issue. Signed-off-by: B. Watson Signed-off-by: Willy Sudiarto Raharjo --- accessibility/xdotool/xdotool.SlackBuild | 44 ++++++++++++++++++++++++-------- 1 file changed, 34 insertions(+), 10 deletions(-) diff --git a/accessibility/xdotool/xdotool.SlackBuild b/accessibility/xdotool/xdotool.SlackBuild index adc0c6780a..22c2082077 100644 --- a/accessibility/xdotool/xdotool.SlackBuild +++ b/accessibility/xdotool/xdotool.SlackBuild @@ -6,6 +6,13 @@ # Licensed under the WTFPL. See http://www.wtfpl.net/txt/copying/ for details. +# 20200329 bkw: +# - BUILD=3 +# - Stop including references to the build and $PKG dirs in the binary. This +# was a potential security risk. Thanks to Leonardo Citrolo for reporting +# this (along with a solution). +# - Actually install the binary stripped. + # 20191219 bkw: # - BUILD=2 # - install API (doxygen) docs. @@ -43,7 +50,7 @@ PRGNAM=xdotool VERSION=${VERSION:-3.20160805.1} -BUILD=${BUILD:-2} +BUILD=${BUILD:-3} TAG=${TAG:-_SBo} if [ -z "$ARCH" ]; then @@ -85,21 +92,38 @@ chown -R root:root . find -L . -perm /111 -a \! -perm 755 -a -exec chmod 755 {} \+ -o \ \! -perm /111 -a \! -perm 644 -a -exec chmod 644 {} \+ -mkdir -p $PKG/usr/lib$LIBDIRSUFFIX -make WARNFLAGS="$SLKCFLAGS" PREFIX=/usr INSTALLLIB=/usr/lib$LIBDIRSUFFIX -strip $PRGNAM libxdo.so -make install PREFIX=$PKG/usr INSTALLLIB=$PKG/usr/lib$LIBDIRSUFFIX LDCONFIG=true +# 20200329 bkw: make this section a bit more readable I hope. +# The LDCONFIG=true is counter-intuitive: it means "run the 'true' +# command instead of the 'ldconfig' command". In other words, do +# NOT run ldconfig (opposite of what it seems to mean in English). +COMMON="WITHOUT_RPATH_FIX=1 LDCONFIG=true" +LIBDIR=/usr/lib$LIBDIRSUFFIX + +mkdir -p $PKG/$LIBDIR + +make \ + WARNFLAGS="$SLKCFLAGS" \ + PREFIX=/usr \ + INSTALLLIB=$LIBDIR \ + $COMMON + +make install \ + PREFIX=$PKG/usr \ + INSTALLLIB=$PKG/$LIBDIR \ + $COMMON + +# 20200329 bkw: strip binary *after* installing, since 'make install' is +# relinking it. +strip $PKG/usr/bin/$PRGNAM $PKG/usr/lib$LIBDIRSUFFIX/libxdo.so.? + make docs $PRGNAM.html gzip -9 $PKG/usr/man/man1/$PRGNAM.1 -chmod 755 examples/*.sh -chmod 644 $PKG/usr/include/*.h - mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION -chmod 0644 examples/*.sh +chmod 0644 examples/*.sh $PKG/usr/include/*.h cp -a CHANGELIST README COPYRIGHT examples $PRGNAM.html docs/html \ - $PKG/usr/doc/$PRGNAM-$VERSION + $PKG/usr/doc/$PRGNAM-$VERSION cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild mkdir -p $PKG/install -- cgit v1.2.3