mirror of
https://github.com/checkpoint-restore/criu
synced 2025-08-22 01:51:51 +00:00
68f92b551c
Currently the build scripts create the following symlink: criu-4.1/images/google/protobuf/descriptor.proto -> /usr/include/google/protobuf/descriptor.proto This symlink points to a system-wide absolute-path target. Also, this symlink ends up in the release tarball. The tarball may later be downloaded and unpacked by e.g. OS distributions. If unpacking is done using Python 3.14+, it will fail. This happens because Python 3.14 will switch the default behavior of extractall() from "fully trusting the content of archive" to "disallow common attack vectors while extracting the archive". With this new behavior, extractall() raises an exception when at least one file in the archive extracts or points to outside of the extraction directory (these are called path traversal attacks and zip slip attacks). Reported-by: Dmitrii Kuvaiskii <dimakuv@amazon.de> Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
26 lines
554 B
YAML
26 lines
554 B
YAML
extraction:
|
|
cpp:
|
|
prepare:
|
|
packages:
|
|
- "protobuf-c-compiler"
|
|
- "libprotobuf-c-dev"
|
|
- "libprotobuf-dev"
|
|
- "build-essential"
|
|
- "libprotobuf-dev"
|
|
- "libprotobuf-c-dev"
|
|
- "protobuf-c-compiler"
|
|
- "protobuf-compiler"
|
|
- "python3-protobuf"
|
|
- "libnet-dev"
|
|
- "pkg-config"
|
|
- "libnl-3-dev"
|
|
- "libbsd0"
|
|
- "libbsd-dev"
|
|
- "iproute2"
|
|
- "libcap-dev"
|
|
- "libaio-dev"
|
|
- "libbsd-dev"
|
|
- "python3-yaml"
|
|
- "libnl-route-3-dev"
|
|
- "gnutls-dev"
|