diff options
author | B. Watson <yalhcru@gmail.com> | 2020-03-29 14:58:19 -0400 |
---|---|---|
committer | Willy Sudiarto Raharjo <willysr@slackbuilds.org> | 2020-04-04 09:50:04 +0700 |
commit | 3a5d21d87ab9e41e0368731b057563c76ec8031c (patch) | |
tree | d18afaea8876ec6df5cf55b7ce835a6b05c0ca8e /accessibility/xdotool | |
parent | f04e747c6e92898ec68f0dc0555f634a3248afcf (diff) | |
download | slackbuilds-3a5d21d87ab9e41e0368731b057563c76ec8031c.tar.gz |
accessibility/xdotool: Fix potential security issue.
Signed-off-by: B. Watson <yalhcru@gmail.com>
Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
Diffstat (limited to 'accessibility/xdotool')
-rw-r--r-- | accessibility/xdotool/xdotool.SlackBuild | 44 |
1 files changed, 34 insertions, 10 deletions
diff --git a/accessibility/xdotool/xdotool.SlackBuild b/accessibility/xdotool/xdotool.SlackBuild index adc0c6780a..22c2082077 100644 --- a/accessibility/xdotool/xdotool.SlackBuild +++ b/accessibility/xdotool/xdotool.SlackBuild @@ -6,6 +6,13 @@ # Licensed under the WTFPL. See http://www.wtfpl.net/txt/copying/ for details. +# 20200329 bkw: +# - BUILD=3 +# - Stop including references to the build and $PKG dirs in the binary. This +# was a potential security risk. Thanks to Leonardo Citrolo for reporting +# this (along with a solution). +# - Actually install the binary stripped. + # 20191219 bkw: # - BUILD=2 # - install API (doxygen) docs. @@ -43,7 +50,7 @@ PRGNAM=xdotool VERSION=${VERSION:-3.20160805.1} -BUILD=${BUILD:-2} +BUILD=${BUILD:-3} TAG=${TAG:-_SBo} if [ -z "$ARCH" ]; then @@ -85,21 +92,38 @@ chown -R root:root . find -L . -perm /111 -a \! -perm 755 -a -exec chmod 755 {} \+ -o \ \! -perm /111 -a \! -perm 644 -a -exec chmod 644 {} \+ -mkdir -p $PKG/usr/lib$LIBDIRSUFFIX -make WARNFLAGS="$SLKCFLAGS" PREFIX=/usr INSTALLLIB=/usr/lib$LIBDIRSUFFIX -strip $PRGNAM libxdo.so -make install PREFIX=$PKG/usr INSTALLLIB=$PKG/usr/lib$LIBDIRSUFFIX LDCONFIG=true +# 20200329 bkw: make this section a bit more readable I hope. +# The LDCONFIG=true is counter-intuitive: it means "run the 'true' +# command instead of the 'ldconfig' command". In other words, do +# NOT run ldconfig (opposite of what it seems to mean in English). +COMMON="WITHOUT_RPATH_FIX=1 LDCONFIG=true" +LIBDIR=/usr/lib$LIBDIRSUFFIX + +mkdir -p $PKG/$LIBDIR + +make \ + WARNFLAGS="$SLKCFLAGS" \ + PREFIX=/usr \ + INSTALLLIB=$LIBDIR \ + $COMMON + +make install \ + PREFIX=$PKG/usr \ + INSTALLLIB=$PKG/$LIBDIR \ + $COMMON + +# 20200329 bkw: strip binary *after* installing, since 'make install' is +# relinking it. +strip $PKG/usr/bin/$PRGNAM $PKG/usr/lib$LIBDIRSUFFIX/libxdo.so.? + make docs $PRGNAM.html gzip -9 $PKG/usr/man/man1/$PRGNAM.1 -chmod 755 examples/*.sh -chmod 644 $PKG/usr/include/*.h - mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION -chmod 0644 examples/*.sh +chmod 0644 examples/*.sh $PKG/usr/include/*.h cp -a CHANGELIST README COPYRIGHT examples $PRGNAM.html docs/html \ - $PKG/usr/doc/$PRGNAM-$VERSION + $PKG/usr/doc/$PRGNAM-$VERSION cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild mkdir -p $PKG/install |