From 83df087118efd8acb0a21f69095edeae677842ba Mon Sep 17 00:00:00 2001
From: Sheng Yu <sheng.yu@canonical.com>
Date: Wed, 13 Dec 2023 10:34:23 -0500
Subject: [PATCH 1/2] ci(appveyor): fix pyinstaller

CVE-2023-49797
---
 appveyor.yml                      | 2 +-
 requirements-devel.txt            | 2 +-
 snapcraft_legacy/internal/dirs.py | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/appveyor.yml b/appveyor.yml
index d6a5083206..7f4a447663 100644
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -27,7 +27,7 @@ build_script:
 - cmd: |
     echo "Building snapcraft.exe..."
     venv\Scripts\activate.bat
-    pyinstaller.exe --copy-metadata lazr.restfulclient --onefile snapcraft.spec
+    pyinstaller.exe snapcraft.spec
     venv\Scripts\deactivate.bat
 
     echo "Test signing snapcraft.exe..."
diff --git a/requirements-devel.txt b/requirements-devel.txt
index 47e21d867e..b6ca4ec971 100644
--- a/requirements-devel.txt
+++ b/requirements-devel.txt
@@ -129,4 +129,4 @@ zope.deprecation==5.0
 zope.interface==6.1
 python-apt @ https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/python-apt/2.4.0ubuntu1/python-apt_2.4.0ubuntu1.tar.xz; sys.platform == "linux"
 setuptools<66
-pyinstaller==4.10; sys.platform == "win32"
+pyinstaller==5.13.1; sys.platform == "win32"
diff --git a/snapcraft_legacy/internal/dirs.py b/snapcraft_legacy/internal/dirs.py
index de3cb4d79b..b0a7676702 100644
--- a/snapcraft_legacy/internal/dirs.py
+++ b/snapcraft_legacy/internal/dirs.py
@@ -49,7 +49,7 @@ def _find_windows_data_dir(topdir):
     # > c:\program files\python37\share\snapcraft
 
     # Handle Option (a).
-    if topdir.startswith(site.USER_BASE):
+    if site.USER_BASE and topdir.startswith(site.USER_BASE):
         data_dir = os.path.join(site.USER_BASE, "share", "snapcraft")
         if os.path.exists(data_dir):
             return data_dir

From ba08b9cae8748533b510e872e8b71ecce8d0e6dd Mon Sep 17 00:00:00 2001
From: Sheng Yu <sheng.yu@canonical.com>
Date: Thu, 14 Dec 2023 08:32:53 -0500
Subject: [PATCH 2/2] update freeze-requirements.sh

---
 tools/freeze-requirements.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/freeze-requirements.sh b/tools/freeze-requirements.sh
index a59b967aca..0435706dd0 100755
--- a/tools/freeze-requirements.sh
+++ b/tools/freeze-requirements.sh
@@ -17,7 +17,7 @@ requirements_fixups() {
   # Pinned pyinstaller for windows.
   if [[ "$req_file" == "requirements-devel.txt" ]]; then
       sed -i '/pyinstaller/d' "$req_file"
-      echo 'pyinstaller==4.10; sys.platform == "win32"' >> "$req_file"
+      echo 'pyinstaller==5.13.1; sys.platform == "win32"' >> "$req_file"
   fi
 }