* [gentoo-commits] proj/portage:root-deps-both commit in: lib/portage/
@ 2024-06-11 13:01 James Le Cuirot
0 siblings, 0 replies; 2+ messages in thread
From: James Le Cuirot @ 2024-06-11 13:01 UTC (permalink / raw
To: gentoo-commits
commit: eb855b8cd1248f49649003dcfb9bf009b70e88cb
Author: Zac Medico <zmedico <AT> gentoo <DOT> org>
AuthorDate: Sun Jun 2 17:56:44 2024 +0000
Commit: James Le Cuirot <chewi <AT> gentoo <DOT> org>
CommitDate: Sun Jun 2 18:05:35 2024 +0000
URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=eb855b8c
tar_stream_writer: Add missing error attribute
This attribute was previously initialized only
in an exception handler.
Fixes: b8c3f38ec5ee ("Add more error handling for binpkgs")
Bug: https://bugs.gentoo.org/933385
Signed-off-by: Zac Medico <zmedico <AT> gentoo.org>
lib/portage/gpkg.py | 1 +
1 file changed, 1 insertion(+)
diff --git a/lib/portage/gpkg.py b/lib/portage/gpkg.py
index fc4d7b1fb6..9606f6d3c8 100644
--- a/lib/portage/gpkg.py
+++ b/lib/portage/gpkg.py
@@ -100,6 +100,7 @@ class tar_stream_writer:
self.closed = False
self.container = container
self.killed = False
+ self.error = False
self.tar_format = tar_format
self.tarinfo = tarinfo
self.uid = uid
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [gentoo-commits] proj/portage:root-deps-both commit in: lib/portage/
@ 2024-06-11 13:01 James Le Cuirot
0 siblings, 0 replies; 2+ messages in thread
From: James Le Cuirot @ 2024-06-11 13:01 UTC (permalink / raw
To: gentoo-commits
commit: f620a0769a509966295954c2b0c76e46e8fb4289
Author: Zac Medico <zmedico <AT> gentoo <DOT> org>
AuthorDate: Sun Jun 2 21:53:04 2024 +0000
Commit: James Le Cuirot <chewi <AT> gentoo <DOT> org>
CommitDate: Sun Jun 9 17:53:31 2024 +0000
URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=f620a076
tar_safe_extract: Use tarfile.fully_trusted_filter
This suppresses a DeprecationWarning triggered because the
tarfile.data_filter will become the new default in python3.14.
The fully_trusted filter should be suitable here because
tar_safe_extract already performs security validation on
tar members prior to extraction.
Bug: https://bugs.gentoo.org/933433
Signed-off-by: Zac Medico <zmedico <AT> gentoo.org>
lib/portage/gpkg.py | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/lib/portage/gpkg.py b/lib/portage/gpkg.py
index 9606f6d3c8..fdb54c69b8 100644
--- a/lib/portage/gpkg.py
+++ b/lib/portage/gpkg.py
@@ -628,6 +628,15 @@ class tar_safe_extract:
if self.closed:
raise OSError("Tar file is closed.")
temp_dir = tempfile.TemporaryDirectory(dir=dest_dir)
+ # The below tar member security checks can be refactored as a filter function
+ # that raises an exception. Use tarfile.fully_trusted_filter for now, which
+ # is simply an identity function:
+ # def fully_trusted_filter(member, dest_path):
+ # return member
+ try:
+ self.tar.extraction_filter = tarfile.fully_trusted_filter
+ except AttributeError:
+ pass
try:
while True:
member = self.tar.next()
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-06-11 13:02 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-06-11 13:01 [gentoo-commits] proj/portage:root-deps-both commit in: lib/portage/ James Le Cuirot
-- strict thread matches above, loose matches on Subject: below --
2024-06-11 13:01 James Le Cuirot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox