aboutsummaryrefslogtreecommitdiffstats
path: root/main/py-pygments
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2016-06-28 11:57:15 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2016-06-28 11:57:15 +0000
commit77c394877f06aa34a90863e93055d689aa1b1f9e (patch)
treebeaed36ef3398e831dccdfbd4a6fffa6e13a6053 /main/py-pygments
parentd679b301817b0d4f04db071b8609d67374215955 (diff)
downloadaports-77c394877f06aa34a90863e93055d689aa1b1f9e.tar.bz2
aports-77c394877f06aa34a90863e93055d689aa1b1f9e.tar.xz
main/py-pygments: security fix for CVE-2015-8557
fixes #5815
Diffstat (limited to 'main/py-pygments')
-rw-r--r--main/py-pygments/APKBUILD19
-rw-r--r--main/py-pygments/CVE-2015-8557.patch29
2 files changed, 43 insertions, 5 deletions
diff --git a/main/py-pygments/APKBUILD b/main/py-pygments/APKBUILD
index 056f824f30..c116fa6ebc 100644
--- a/main/py-pygments/APKBUILD
+++ b/main/py-pygments/APKBUILD
@@ -12,13 +12,19 @@ depends="python py-setuptools"
makedepends=""
install=""
subpackages="$pkgname-doc"
-source="http://pypi.python.org/packages/source/${_pkgname:0:1}/$_pkgname/$_pkgname-$pkgver.tar.gz"
+source="http://pypi.python.org/packages/source/${_pkgname:0:1}/$_pkgname/$_pkgname-$pkgver.tar.gz
+ CVE-2015-8557.patch
+ "
_builddir="$srcdir"/$_pkgname-$pkgver
prepare() {
cd "$_builddir"
- # apply patches here
+ for i in $source; do
+ case "$i" in
+ *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
+ esac
+ done
}
build() {
@@ -57,6 +63,9 @@ doc() {
default_doc
}
-md5sums="238587a1370d62405edabd0794b3ec4a Pygments-2.0.2.tar.gz"
-sha256sums="7320919084e6dac8f4540638a46447a3bd730fca172afc17d2c03eed22cf4f51 Pygments-2.0.2.tar.gz"
-sha512sums="b58e2cc535ba3f1fda7cb147e12af128bc2755de56cf465f8f1d642730eaef50c06551cc4cc44f25f726b00f3f1c9c2078977233b11c0b6a7e1add6a4069c27e Pygments-2.0.2.tar.gz"
+md5sums="238587a1370d62405edabd0794b3ec4a Pygments-2.0.2.tar.gz
+3e5190427dd4ac1a52f27c1f7d1b1d90 CVE-2015-8557.patch"
+sha256sums="7320919084e6dac8f4540638a46447a3bd730fca172afc17d2c03eed22cf4f51 Pygments-2.0.2.tar.gz
+c56bc3b911ece2d79bb1b7dd4d952d0139216161a0f7f95ff6143daccd24daf6 CVE-2015-8557.patch"
+sha512sums="b58e2cc535ba3f1fda7cb147e12af128bc2755de56cf465f8f1d642730eaef50c06551cc4cc44f25f726b00f3f1c9c2078977233b11c0b6a7e1add6a4069c27e Pygments-2.0.2.tar.gz
+14d0fe27195cae53dd6b998fd05c32938078bf4de0845ce388b22729e5633e5f810b738ce672de0d023099b54ac7ca44ab4273d46313e2e30138a2fb023e5add CVE-2015-8557.patch"
diff --git a/main/py-pygments/CVE-2015-8557.patch b/main/py-pygments/CVE-2015-8557.patch
new file mode 100644
index 0000000000..0a23adce33
--- /dev/null
+++ b/main/py-pygments/CVE-2015-8557.patch
@@ -0,0 +1,29 @@
+# HG changeset patch
+# User Javantea <jvoss@altsci.com>
+# Date 1443460403 25200
+# Node ID 6b4baae517b6aaff7142e66f1dbadf7b9b871f61
+# Parent 655dbebddc23943b8047b3c139c51c22ef18fd91
+Fix Shell Injection in FontManager._get_nix_font_path
+
+diff --git a/pygments/formatters/img.py b/pygments/formatters/img.py
+--- a/pygments/formatters/img.py
++++ b/pygments/formatters/img.py
+@@ -10,6 +10,7 @@
+ """
+
+ import sys
++import shlex
+
+ from pygments.formatter import Formatter
+ from pygments.util import get_bool_opt, get_int_opt, get_list_opt, \
+@@ -79,8 +80,8 @@
+ from commands import getstatusoutput
+ except ImportError:
+ from subprocess import getstatusoutput
+- exit, out = getstatusoutput('fc-list "%s:style=%s" file' %
+- (name, style))
++ exit, out = getstatusoutput('fc-list %s file' %
++ shlex.quote("%s:style=%s" % (name, style)))
+ if not exit:
+ lines = out.splitlines()
+ if lines: