python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2025-02-04 21:50:54 +03:00
Code Issues Packages Projects Releases Wiki Activity

Extract tar files with "data" filter in Windows build scripts (#8606)

Browse Source 
Co-authored-by: Andrew Murray <radarhere@users.noreply.github.com>
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
This commit is contained in:
Andrew Murray 2024-12-18 17:07:34 +11:00 committed by GitHub
parent feeacf46ad
commit de8335ba8f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
winbuild/build_prepare.py
View File

@ -7,6 +7,7 @@ import re
import shutil
import struct
import subprocess
import sys
from typing import Any
@ -507,7 +508,10 @@ def extract_dep(url: str, filename: str, prefs: dict[str, str]) -> None:
if sources_dir_abs != member_prefix:
msg = "Attempted Path Traversal in Tar File"
raise RuntimeError(msg)
tgz.extractall(sources_dir)
if sys.version_info >= (3, 12):
tgz.extractall(sources_dir, filter="data")
else:
tgz.extractall(sources_dir)
else:
msg = "Unknown archive type: " + filename
raise RuntimeError(msg)