Add upstream patch to fix CVE-2015-8557.

PR: 206072 Approved by: ports-secteam (miwi) Security: 5f276780-b6ce-11e5-9731-5453ed2e2b49
svn path=/head/; revision=406304
2016-01-17 12:03:37 +00:00 · 2016-01-17 12:03:37 +00:00 · 736773e0b4 · 2021-03-31 03:12:20 +00:00
commit 736773e0b4
parent 5b98991e66
2 changed files with 50 additions and 0 deletions
--- a/textproc/py-pygments/Makefile
+++ b/textproc/py-pygments/Makefile
@ -3,6 +3,7 @@

 PORTNAME=	pygments
 PORTVERSION=	2.0.2
+PORTREVISION=	1
 CATEGORIES=	textproc python
 MASTER_SITES=	CHEESESHOP
 PKGNAMEPREFIX=	${PYTHON_PKGNAMEPREFIX}
--- a/textproc/py-pygments/files/patch-CVE-2015-8557
+++ b/textproc/py-pygments/files/patch-CVE-2015-8557
@ -0,0 +1,49 @@
+# HG changeset patch
+# User Tim Hatch <tim@timhatch.com>
+# Date 1445007300 25200
+# Node ID 0036ab1c99e256298094505e5e92fdacdfc5b0a8
+# Parent  c0c0d4049a7c325cd69b764c6ceb7747d319212d
+Avoid the shell entirely when finding fonts.
+
+Manually tested on OS X.
+
+--- pygments/formatters/img.py.orig	2014-11-10 19:17:51 UTC
+++ pygments/formatters/img.py
+@@ -15,6 +15,8 @@ from pygments.formatter import Formatter
+ from pygments.util import get_bool_opt, get_int_opt, get_list_opt, \
+     get_choice_opt, xrange
+ 
+import subprocess
+
+ # Import this carefully
+ try:
+     from PIL import Image, ImageDraw, ImageFont
+@@ -75,14 +77,11 @@ class FontManager(object):
+             self._create_nix()
+ 
+     def _get_nix_font_path(self, name, style):
+-        try:
+-            from commands import getstatusoutput
+-        except ImportError:
+-            from subprocess import getstatusoutput
+-        exit, out = getstatusoutput('fc-list "%s:style=%s" file' %
+-                                    (name, style))
+-        if not exit:
+-            lines = out.splitlines()
+        proc = subprocess.Popen(['fc-list', "%s:style=%s" % (name, style), 'file'],
+                                stdout=subprocess.PIPE, stderr=None)
+        stdout, _ = proc.communicate()
+        if proc.returncode == 0:
+            lines = stdout.splitlines()
+             if lines:
+                 path = lines[0].strip().strip(':')
+                 return path
+@@ -197,7 +196,7 @@ class ImageFormatter(Formatter):
+         bold and italic fonts will be generated.  This really should be a
+         monospace font to look sane.
+ 
+-        Default: "Bitstream Vera Sans Mono"
+        Default: "Bitstream Vera Sans Mono" on Windows, Courier New on *nix
+ 
+     `font_size`
+         The font size in points to be used.