FreeBSD Bugzilla – Attachment 165313 Details for
Bug 206072
textproc/py-pygments: Add patch for CVE-2015-8557
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Proposed patch
patch-CVE-2015-8557.patch (text/plain), 2.64 KB, created by
Raphael Kubo da Costa
on 2016-01-09 13:53:24 UTC
(
hide
)
Description:
Proposed patch
Filename:
MIME Type:
Creator:
Raphael Kubo da Costa
Created:
2016-01-09 13:53:24 UTC
Size:
2.64 KB
patch
obsolete
>Index: Makefile >=================================================================== >--- Makefile (revision 405628) >+++ Makefile (working copy) >@@ -3,6 +3,7 @@ > > PORTNAME= pygments > PORTVERSION= 2.0.2 >+PORTREVISION= 1 > CATEGORIES= textproc python > MASTER_SITES= CHEESESHOP > PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} >Index: files/patch-CVE-2015-8557 >=================================================================== >--- files/patch-CVE-2015-8557 (nonexistent) >+++ files/patch-CVE-2015-8557 (working copy) >@@ -0,0 +1,49 @@ >+# HG changeset patch >+# User Tim Hatch <tim@timhatch.com> >+# Date 1445007300 25200 >+# Node ID 0036ab1c99e256298094505e5e92fdacdfc5b0a8 >+# Parent c0c0d4049a7c325cd69b764c6ceb7747d319212d >+Avoid the shell entirely when finding fonts. >+ >+Manually tested on OS X. >+ >+--- pygments/formatters/img.py.orig 2014-11-10 19:17:51 UTC >++++ pygments/formatters/img.py >+@@ -15,6 +15,8 @@ from pygments.formatter import Formatter >+ from pygments.util import get_bool_opt, get_int_opt, get_list_opt, \ >+ get_choice_opt, xrange >+ >++import subprocess >++ >+ # Import this carefully >+ try: >+ from PIL import Image, ImageDraw, ImageFont >+@@ -75,14 +77,11 @@ class FontManager(object): >+ self._create_nix() >+ >+ def _get_nix_font_path(self, name, style): >+- try: >+- from commands import getstatusoutput >+- except ImportError: >+- from subprocess import getstatusoutput >+- exit, out = getstatusoutput('fc-list "%s:style=%s" file' % >+- (name, style)) >+- if not exit: >+- lines = out.splitlines() >++ proc = subprocess.Popen(['fc-list', "%s:style=%s" % (name, style), 'file'], >++ stdout=subprocess.PIPE, stderr=None) >++ stdout, _ = proc.communicate() >++ if proc.returncode == 0: >++ lines = stdout.splitlines() >+ if lines: >+ path = lines[0].strip().strip(':') >+ return path >+@@ -197,7 +196,7 @@ class ImageFormatter(Formatter): >+ bold and italic fonts will be generated. This really should be a >+ monospace font to look sane. >+ >+- Default: "Bitstream Vera Sans Mono" >++ Default: "Bitstream Vera Sans Mono" on Windows, Courier New on *nix >+ >+ `font_size` >+ The font size in points to be used. > >Property changes on: files/patch-CVE-2015-8557 >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=165313">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 206072
: 165313