Remove the search of libs in local source dirs for security reasons

2 files changed, 22 insertions, 0 deletions

diff --git a/debian/patches/0020-secure_script_scons.patch b/debian/patches/0020-secure_script_scons.patch
new file mode 100644
index 0000000..7463f32
--- /dev/null
+++ b/debian/patches/0020-secure_script_scons.patch
@@ -0,0 +1,21 @@
+Description: Comment out the search for libs in local source dirs
+Author: Jörg Frings-Fürst <debian@jff-webhosting.net>
+Forwarded: https://pairlist2.pair.net/pipermail/scons-dev/2014-November/002008.html
+Last-Update: 2015-02-11
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+Index: trunk/script/scons
+===================================================================
+--- trunk.orig/script/scons
++++ trunk/script/scons
+@@ -75,8 +75,8 @@ if "SCONS_LIB_DIR" in os.environ:
+ 
+ # - running from source takes priority (since 2.3.2), excluding SCONS_LIB_DIR settings
+ script_path = os.path.abspath(os.path.dirname(__file__))
+-source_path = os.path.join(script_path, '..', 'engine')
+-libs.append(source_path)
++# source_path = os.path.join(script_path, '..', 'engine')
++# libs.append(source_path)
+ 
+ local_version = 'scons-local-' + __version__
+ local = 'scons-local'
diff --git a/debian/patches/series b/debian/patches/series
index b5afaea..cd8e885 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
+0020-secure_script_scons.patch
 manpage-spelling.patch
 java_ignore_nonexistent_files.patch
 remove_stale_files.patch