summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJustin Lecher <jlec@gentoo.org>2015-10-30 12:14:00 +0100
committerJustin Lecher <jlec@gentoo.org>2015-10-30 13:03:49 +0100
commit0bd80b2412af7bd1143f9bb9a3426ebdfab5c333 (patch)
treecfa8132cdba80db94c43ff18b0965a09290082f7 /dev-python/pygments
parentnet-analyzer/namebench: Move to virtual/dnspython (diff)
downloadgentoo-0bd80b2412af7bd1143f9bb9a3426ebdfab5c333.tar.gz
gentoo-0bd80b2412af7bd1143f9bb9a3426ebdfab5c333.tar.bz2
gentoo-0bd80b2412af7bd1143f9bb9a3426ebdfab5c333.zip
dev-python/pygments: Backport fix for shell injection
Gentoo-Bug: https://bugs.gentoo.org/show_bug.cgi?id=564478 Package-Manager: portage-2.2.23 Signed-off-by: Justin Lecher <jlec@gentoo.org>
Diffstat (limited to 'dev-python/pygments')
-rw-r--r--dev-python/pygments/files/2.0.2-shell-injection-backport.patch29
-rw-r--r--dev-python/pygments/files/2.0.2-shell-injection-backport2.patch56
-rw-r--r--dev-python/pygments/metadata.xml2
-rw-r--r--dev-python/pygments/pygments-2.0.2-r1.ebuild57
4 files changed, 143 insertions, 1 deletions
diff --git a/dev-python/pygments/files/2.0.2-shell-injection-backport.patch b/dev-python/pygments/files/2.0.2-shell-injection-backport.patch
new file mode 100644
index 000000000000..0a23adce330d
--- /dev/null
+++ b/dev-python/pygments/files/2.0.2-shell-injection-backport.patch
@@ -0,0 +1,29 @@
+# HG changeset patch
+# User Javantea <jvoss@altsci.com>
+# Date 1443460403 25200
+# Node ID 6b4baae517b6aaff7142e66f1dbadf7b9b871f61
+# Parent 655dbebddc23943b8047b3c139c51c22ef18fd91
+Fix Shell Injection in FontManager._get_nix_font_path
+
+diff --git a/pygments/formatters/img.py b/pygments/formatters/img.py
+--- a/pygments/formatters/img.py
++++ b/pygments/formatters/img.py
+@@ -10,6 +10,7 @@
+ """
+
+ import sys
++import shlex
+
+ from pygments.formatter import Formatter
+ from pygments.util import get_bool_opt, get_int_opt, get_list_opt, \
+@@ -79,8 +80,8 @@
+ from commands import getstatusoutput
+ except ImportError:
+ from subprocess import getstatusoutput
+- exit, out = getstatusoutput('fc-list "%s:style=%s" file' %
+- (name, style))
++ exit, out = getstatusoutput('fc-list %s file' %
++ shlex.quote("%s:style=%s" % (name, style)))
+ if not exit:
+ lines = out.splitlines()
+ if lines:
diff --git a/dev-python/pygments/files/2.0.2-shell-injection-backport2.patch b/dev-python/pygments/files/2.0.2-shell-injection-backport2.patch
new file mode 100644
index 000000000000..78bf4478ecd7
--- /dev/null
+++ b/dev-python/pygments/files/2.0.2-shell-injection-backport2.patch
@@ -0,0 +1,56 @@
+# HG changeset patch
+# User Tim Hatch <tim@timhatch.com>
+# Date 1445007300 25200
+# Node ID 0036ab1c99e256298094505e5e92fdacdfc5b0a8
+# Parent c0c0d4049a7c325cd69b764c6ceb7747d319212d
+Avoid the shell entirely when finding fonts.
+
+Manually tested on OS X.
+
+diff --git a/pygments/formatters/img.py b/pygments/formatters/img.py
+--- a/pygments/formatters/img.py
++++ b/pygments/formatters/img.py
+@@ -10,12 +10,13 @@
+ """
+
+ import sys
+-import shlex
+
+ from pygments.formatter import Formatter
+ from pygments.util import get_bool_opt, get_int_opt, get_list_opt, \
+ get_choice_opt, xrange
+
++import subprocess
++
+ # Import this carefully
+ try:
+ from PIL import Image, ImageDraw, ImageFont
+@@ -76,14 +77,11 @@
+ self._create_nix()
+
+ def _get_nix_font_path(self, name, style):
+- try:
+- from commands import getstatusoutput
+- except ImportError:
+- from subprocess import getstatusoutput
+- exit, out = getstatusoutput('fc-list %s file' %
+- shlex.quote("%s:style=%s" % (name, style)))
+- if not exit:
+- lines = out.splitlines()
++ proc = subprocess.Popen(['fc-list', "%s:style=%s" % (name, style), 'file'],
++ stdout=subprocess.PIPE, stderr=None)
++ stdout, _ = proc.communicate()
++ if proc.returncode == 0:
++ lines = stdout.splitlines()
+ if lines:
+ path = lines[0].strip().strip(':')
+ return path
+@@ -198,7 +196,7 @@
+ bold and italic fonts will be generated. This really should be a
+ monospace font to look sane.
+
+- Default: "Bitstream Vera Sans Mono"
++ Default: "Bitstream Vera Sans Mono" on Windows, Courier New on *nix
+
+ `font_size`
+ The font size in points to be used.
diff --git a/dev-python/pygments/metadata.xml b/dev-python/pygments/metadata.xml
index 10b24d26e8c2..f91efd2fd030 100644
--- a/dev-python/pygments/metadata.xml
+++ b/dev-python/pygments/metadata.xml
@@ -1,4 +1,4 @@
-<?xml version='1.0' encoding='UTF-8'?>
+<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<herd>python</herd>
diff --git a/dev-python/pygments/pygments-2.0.2-r1.ebuild b/dev-python/pygments/pygments-2.0.2-r1.ebuild
new file mode 100644
index 000000000000..3ee352b08972
--- /dev/null
+++ b/dev-python/pygments/pygments-2.0.2-r1.ebuild
@@ -0,0 +1,57 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+PYTHON_COMPAT=( python2_7 python3_{3,4,5} pypy pypy3 )
+
+inherit distutils-r1 bash-completion-r1 vcs-snapshot
+
+MY_PN="Pygments"
+MY_P="${MY_PN}-${PV}"
+
+DESCRIPTION="Pygments is a syntax highlighting package written in Python"
+HOMEPAGE="http://pygments.org/ https://pypi.python.org/pypi/Pygments"
+SRC_URI="mirror://pypi/${MY_PN:0:1}/${MY_PN}/${MY_P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-interix ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="doc test"
+
+RDEPEND="dev-python/setuptools[${PYTHON_USEDEP}]"
+DEPEND="${RDEPEND}
+ doc? ( dev-python/sphinx[${PYTHON_USEDEP}] )
+ test? (
+ dev-python/nose[${PYTHON_USEDEP}]
+ virtual/ttf-fonts )"
+# dev-texlive/texlive-latexrecommended
+# Removing / commenting out this dep. I can find no mention of it in tests other than
+# importing pygment's own tex module. If it's there and I missed it just uncomment and re-add
+# Tests pass without it
+
+S="${WORKDIR}/${MY_P}"
+
+PATCHES=(
+ "${FILESDIR}"/${PV}-shell-injection-backport.patch
+ "${FILESDIR}"/${PV}-shell-injection-backport2.patch
+)
+
+python_compile_all() {
+ use doc && emake -C doc html
+}
+
+python_test() {
+ cp -r -l tests "${BUILD_DIR}"/ || die
+ # With pypy3 there is 1 error out of 1556 tests when run as is and
+ # (SKIP=8, errors=1, failures=1) when run with 2to3; meh
+ nosetests -w "${BUILD_DIR}"/tests || die "Tests fail with ${EPYTHON}"
+}
+
+python_install_all() {
+ use doc && local HTML_DOCS=( doc/_build/html/. )
+
+ distutils-r1_python_install_all
+ newbashcomp external/pygments.bashcomp pygmentize
+}