summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorB. Watson <yalhcru@gmail.com>2020-03-29 14:58:19 -0400
committerWilly Sudiarto Raharjo <willysr@slackbuilds.org>2020-04-04 09:50:04 +0700
commit3a5d21d87ab9e41e0368731b057563c76ec8031c (patch)
treed18afaea8876ec6df5cf55b7ce835a6b05c0ca8e
parentf04e747c6e92898ec68f0dc0555f634a3248afcf (diff)
downloadslackbuilds-3a5d21d87ab9e41e0368731b057563c76ec8031c.tar.gz
accessibility/xdotool: Fix potential security issue.
Signed-off-by: B. Watson <yalhcru@gmail.com> Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
-rw-r--r--accessibility/xdotool/xdotool.SlackBuild44
1 files changed, 34 insertions, 10 deletions
diff --git a/accessibility/xdotool/xdotool.SlackBuild b/accessibility/xdotool/xdotool.SlackBuild
index adc0c6780a..22c2082077 100644
--- a/accessibility/xdotool/xdotool.SlackBuild
+++ b/accessibility/xdotool/xdotool.SlackBuild
@@ -6,6 +6,13 @@
# Licensed under the WTFPL. See http://www.wtfpl.net/txt/copying/ for details.
+# 20200329 bkw:
+# - BUILD=3
+# - Stop including references to the build and $PKG dirs in the binary. This
+# was a potential security risk. Thanks to Leonardo Citrolo for reporting
+# this (along with a solution).
+# - Actually install the binary stripped.
+
# 20191219 bkw:
# - BUILD=2
# - install API (doxygen) docs.
@@ -43,7 +50,7 @@
PRGNAM=xdotool
VERSION=${VERSION:-3.20160805.1}
-BUILD=${BUILD:-2}
+BUILD=${BUILD:-3}
TAG=${TAG:-_SBo}
if [ -z "$ARCH" ]; then
@@ -85,21 +92,38 @@ chown -R root:root .
find -L . -perm /111 -a \! -perm 755 -a -exec chmod 755 {} \+ -o \
\! -perm /111 -a \! -perm 644 -a -exec chmod 644 {} \+
-mkdir -p $PKG/usr/lib$LIBDIRSUFFIX
-make WARNFLAGS="$SLKCFLAGS" PREFIX=/usr INSTALLLIB=/usr/lib$LIBDIRSUFFIX
-strip $PRGNAM libxdo.so
-make install PREFIX=$PKG/usr INSTALLLIB=$PKG/usr/lib$LIBDIRSUFFIX LDCONFIG=true
+# 20200329 bkw: make this section a bit more readable I hope.
+# The LDCONFIG=true is counter-intuitive: it means "run the 'true'
+# command instead of the 'ldconfig' command". In other words, do
+# NOT run ldconfig (opposite of what it seems to mean in English).
+COMMON="WITHOUT_RPATH_FIX=1 LDCONFIG=true"
+LIBDIR=/usr/lib$LIBDIRSUFFIX
+
+mkdir -p $PKG/$LIBDIR
+
+make \
+ WARNFLAGS="$SLKCFLAGS" \
+ PREFIX=/usr \
+ INSTALLLIB=$LIBDIR \
+ $COMMON
+
+make install \
+ PREFIX=$PKG/usr \
+ INSTALLLIB=$PKG/$LIBDIR \
+ $COMMON
+
+# 20200329 bkw: strip binary *after* installing, since 'make install' is
+# relinking it.
+strip $PKG/usr/bin/$PRGNAM $PKG/usr/lib$LIBDIRSUFFIX/libxdo.so.?
+
make docs $PRGNAM.html
gzip -9 $PKG/usr/man/man1/$PRGNAM.1
-chmod 755 examples/*.sh
-chmod 644 $PKG/usr/include/*.h
-
mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
-chmod 0644 examples/*.sh
+chmod 0644 examples/*.sh $PKG/usr/include/*.h
cp -a CHANGELIST README COPYRIGHT examples $PRGNAM.html docs/html \
- $PKG/usr/doc/$PRGNAM-$VERSION
+ $PKG/usr/doc/$PRGNAM-$VERSION
cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
mkdir -p $PKG/install