From: Craig Andrews Date: Sat, 11 May 2019 16:11:28 +0000 (-0400) Subject: app-misc/lirc: Use pyyaml safe_load instead of load X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=004c4079cde46b2a793a4bb7b02d1d939e59aff4;p=gentoo.git app-misc/lirc: Use pyyaml safe_load instead of load See upstream report at https://sourceforge.net/p/lirc/git/merge-requests/39/ Bug: https://bugs.gentoo.org/682922 Package-Manager: Portage-2.3.66, Repoman-2.3.12 Signed-off-by: Craig Andrews --- diff --git a/app-misc/lirc/files/lirc-0.10.1-unsafe-load.patch b/app-misc/lirc/files/lirc-0.10.1-unsafe-load.patch new file mode 100644 index 000000000000..7758ebb6e899 --- /dev/null +++ b/app-misc/lirc/files/lirc-0.10.1-unsafe-load.patch @@ -0,0 +1,52 @@ +https://sourceforge.net/p/lirc/git/merge-requests/39/ + +commit 8fab503abb3fdababb1875fdc2373afe8534770e +Author: Craig Andrews +Date: Sat May 11 11:39:44 2019 -0400 + + Use pyyaml safe_load instead of load + + Using load on untrusted user input could lead to arbitrary code execution. + Therefore, upstream has disabled load, requiring the use of either + safe_load or full_load + See https://github.com/yaml/pyyaml/issues/265 + +diff --git a/python-pkg/lirc/database.py b/python-pkg/lirc/database.py +index d464c2ab..bd567181 100644 +--- a/python-pkg/lirc/database.py ++++ b/python-pkg/lirc/database.py +@@ -66,7 +66,7 @@ def _load_kerneldrivers(configdir): + ''' + + with open(os.path.join(configdir, "kernel-drivers.yaml")) as f: +- cf = yaml.load(f.read()) ++ cf = yaml.safe_load(f.read()) + drivers = cf['drivers'].copy() + for driver in cf['drivers']: + if driver == 'default': +@@ -132,14 +132,14 @@ class Database(object): + yamlpath = configdir + db = {} + with open(os.path.join(yamlpath, "confs_by_driver.yaml")) as f: +- cf = yaml.load(f.read()) ++ cf = yaml.safe_load(f.read()) + db['lircd_by_driver'] = cf['lircd_by_driver'].copy() + db['lircmd_by_driver'] = cf['lircmd_by_driver'].copy() + + db['kernel-drivers'] = _load_kerneldrivers(configdir) + db['drivers'] = db['kernel-drivers'].copy() + with open(os.path.join(yamlpath, "drivers.yaml")) as f: +- cf = yaml.load(f.read()) ++ cf = yaml.safe_load(f.read()) + db['drivers'].update(cf['drivers'].copy()) + for key, d in db['drivers'].items(): + d['id'] = key +@@ -158,7 +158,7 @@ class Database(object): + configs = {} + for path in glob.glob(configdir + '/*.conf'): + with open(path) as f: +- cf = yaml.load(f.read()) ++ cf = yaml.safe_load(f.read()) + configs[cf['config']['id']] = cf['config'] + db['configs'] = configs + self.db = db diff --git a/app-misc/lirc/lirc-0.10.1-r1.ebuild b/app-misc/lirc/lirc-0.10.1-r1.ebuild new file mode 100644 index 000000000000..b3bd462cb514 --- /dev/null +++ b/app-misc/lirc/lirc-0.10.1-r1.ebuild @@ -0,0 +1,160 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{5,6,7} ) + +inherit eutils flag-o-matic linux-info python-single-r1 systemd xdg-utils + +DESCRIPTION="decode and send infra-red signals of many commonly used remote controls" +HOMEPAGE="http://www.lirc.org/" + +LIRC_DRIVER_DEVICE="/dev/lirc0" + +MY_P=${PN}-${PV/_/-} + +if [[ "${PV/_pre/}" = "${PV}" ]]; then + SRC_URI="mirror://sourceforge/lirc/${MY_P}.tar.bz2" +else + SRC_URI="http://www.lirc.org/software/snapshots/${MY_P}.tar.bz2" +fi + +LICENSE="GPL-2+" +SLOT="0" +KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86" +IUSE="audio +devinput doc ftdi gtk inputlirc static-libs systemd +uinput usb X" + +REQUIRED_USE=" + ${PYTHON_REQUIRED_USE} + gtk? ( X ) +" + +S="${WORKDIR}/${MY_P}" + +COMMON_DEPEND=" + ${PYTHON_DEPS} + audio? ( + >media-libs/portaudio-18 + media-libs/alsa-lib + ) + dev-python/pyyaml[${PYTHON_USEDEP}] + ftdi? ( dev-embedded/libftdi:0 ) + systemd? ( sys-apps/systemd ) + usb? ( virtual/libusb:0 ) + X? ( + x11-libs/libICE + x11-libs/libSM + x11-libs/libX11 + ) +" + +DEPEND=" + ${COMMON_DEPEND} + dev-libs/libxslt + dev-python/setuptools[${PYTHON_USEDEP}] + doc? ( app-doc/doxygen ) + sys-apps/kmod + sys-kernel/linux-headers +" + +RDEPEND=" + ${COMMON_DEPEND} + gtk? ( + x11-libs/vte[introspection] + dev-python/pygobject[${PYTHON_USEDEP}] + ) + inputlirc? ( app-misc/inputlircd ) +" + +PATCHES=( + "${FILESDIR}/${P}-unsafe-load.patch" +) + +MAKEOPTS+=" -j1" + +pkg_setup() { + use uinput && CONFIG_CHECK="~INPUT_UINPUT" + python-single-r1_pkg_setup + linux-info_pkg_setup +} + +src_configure() { + xdg_environment_reset + econf \ + --localstatedir="${EPREFIX}/var" \ + $(use_enable static-libs static) \ + $(use_enable devinput) \ + $(use_enable uinput) \ + $(use_with X x) +} + +src_install() { + default + + if use !gtk ; then + # lirc-setup requires gtk + rm "${ED%/}"/usr/bin/lirc-setup || die + fi + + newinitd "${FILESDIR}"/lircd-0.8.6-r2 lircd + newinitd "${FILESDIR}"/lircmd-0.9.4a-r2 lircmd + newconfd "${FILESDIR}"/lircd.conf.4 lircd + newconfd "${FILESDIR}"/lircmd-0.10.0.conf lircmd + + insinto /etc/modprobe.d/ + newins "${FILESDIR}"/modprobed.lirc lirc.conf + + newinitd "${FILESDIR}"/irexec-initd-0.9.4a-r2 irexec + newconfd "${FILESDIR}"/irexec-confd irexec + + keepdir /etc/lirc + if [[ -e "${ED%/}"/etc/lirc/lircd.conf ]]; then + newdoc "${ED%/}"/etc/lirc/lircd.conf lircd.conf.example + fi + + find "${ED}" -name '*.la' -delete || die + + # Avoid QA notice + rm -d "${ED%/}"/var/run/lirc || die + rm -d "${ED%/}"/var/run || die +} + +pkg_preinst() { + local dir="${EROOT%/}/etc/modprobe.d" + if [[ -a "${dir}"/lirc && ! -a "${dir}"/lirc.conf ]]; then + elog "Renaming ${dir}/lirc to lirc.conf" + mv -f "${dir}/lirc" "${dir}/lirc.conf" || die + fi + + # copy the first file that can be found + if [[ -f "${EROOT%/}"/etc/lirc/lircd.conf ]]; then + cp "${EROOT%/}"/etc/lirc/lircd.conf "${T}"/lircd.conf || die + elif [[ -f "${EROOT%/}"/etc/lircd.conf ]]; then + cp "${EROOT%/}"/etc/lircd.conf "${T}"/lircd.conf || die + MOVE_OLD_LIRCD_CONF=1 + elif [[ -f "${ED%/}"/etc/lirc/lircd.conf ]]; then + cp "${ED%/}"/etc/lirc/lircd.conf "${T}"/lircd.conf || die + fi + + # stop portage from touching the config file + if [[ -e "${ED%/}"/etc/lirc/lircd.conf ]]; then + rm -f "${ED%/}"/etc/lirc/lircd.conf || die + fi +} + +pkg_postinst() { + # copy config file to new location + # without portage knowing about it + # so it will not delete it on unmerge or ever touch it again + if [[ -e "${T}"/lircd.conf ]]; then + cp "${T}"/lircd.conf "${EROOT%/}"/etc/lirc/lircd.conf || die + if [[ "$MOVE_OLD_LIRCD_CONF" = "1" ]]; then + elog "Moved /etc/lircd.conf to /etc/lirc/lircd.conf" + rm -f "${EROOT%/}"/etc/lircd.conf || die + fi + fi + + einfo "The new default location for lircd.conf is inside of" + einfo "${EROOT%/}/etc/lirc/ directory" +}