diff options
| author |   Bernd Waibel <waebbl-gentoo@posteo.net> | 2022-01-31 06:32:36 +0100 |
|---|---|---|
| committer |   Sam James <sam@gentoo.org> | 2022-02-03 02:18:14 +0000 |
| commit | a57d11c8caaa82831507a2074d19ec87cb62dbcb (patch) | |
| tree | 7b1bf3e776caf274a18aacd759a7068385f65d3f /media-gfx/freecad/files | |
| parent | net-irc/atheme-services: Drop 7.2.11 (diff) | |
| download | gentoo-a57d11c8caaa82831507a2074d19ec87cb62dbcb.tar.gz gentoo-a57d11c8caaa82831507a2074d19ec87cb62dbcb.tar.bz2 gentoo-a57d11c8caaa82831507a2074d19ec87cb62dbcb.zip | |
media-gfx/freecad: backport vulnerability patches
Bug: https://bugs.gentoo.org/832209
Package-Manager: Portage-3.0.30, Repoman-3.0.3
Signed-off-by: Bernd Waibel <waebbl-gentoo@posteo.net>
Closes: https://github.com/gentoo/gentoo/pull/24043
Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'media-gfx/freecad/files')
2 files changed, 84 insertions, 0 deletions
diff --git a/media-gfx/freecad/files/freecad-0.19.2-0001-Backport-of-0004809-Security-vulnerability-in-DWG-im.patch b/media-gfx/freecad/files/freecad-0.19.2-0001-Backport-of-0004809-Security-vulnerability-in-DWG-im.patch new file mode 100644 index 000000000000..2df44ff66ac8 --- /dev/null +++ b/media-gfx/freecad/files/freecad-0.19.2-0001-Backport-of-0004809-Security-vulnerability-in-DWG-im.patch @@ -0,0 +1,59 @@ +From 4006e62860c73f0943e71c7da478256a7337941d Mon Sep 17 00:00:00 2001 +From: Bernd Waibel <waebbl-gentoo@posteo.net> +Date: Mon, 31 Jan 2022 08:12:35 +0100 +Subject: [PATCH 1/2] Backport of 0004809: Security vulnerability in DWG import + when using ODA file converter + +Original patch commit id 1742d7ff82af1653253c4a4183c262c9af3b26d6 by +wmayer <wmayer@users.sourceforge.net>. + +Signed-off-by: Bernd Waibel <waebbl-gentoo@posteo.net> +--- a/src/Mod/Draft/importDWG.py ++++ b/src/Mod/Draft/importDWG.py +@@ -44,8 +44,6 @@ https://knowledge.autodesk.com/support/autocad/downloads/ + # * * + # *************************************************************************** + +-# TODO: use subprocess.popen() instead of subprocess.call() +- + import six + import FreeCAD + from FreeCAD import Console as FCC +@@ -217,15 +215,10 @@ def convertToDxf(dwgfilename): + indir = os.path.dirname(dwgfilename) + outdir = tempfile.mkdtemp() + basename = os.path.basename(dwgfilename) +- cmdline = ('"%s" "%s" "%s" "ACAD2000" "DXF" "0" "1" "%s"' +- % (teigha, indir, outdir, basename)) +- FCC.PrintMessage(translate("ImportDWG", "Converting: ") +- + cmdline + "\n") +- if six.PY2: +- if isinstance(cmdline, six.text_type): +- encoding = sys.getfilesystemencoding() +- cmdline = cmdline.encode(encoding) +- subprocess.call(cmdline, shell=True) # os.system(cmdline) ++ cmdline = [teigha, indir, outdir, "ACAD2000", "DXF", "0", "1", basename] ++ FCC.PrintMessage(translate("draft", "Converting:") + " " + str(cmdline) + "\n") ++ proc = subprocess.Popen(cmdline) ++ proc.communicate() + result = outdir + os.sep + os.path.splitext(basename)[0] + ".dxf" + if os.path.exists(result): + FCC.PrintMessage(translate("ImportDWG", +@@ -270,10 +263,9 @@ def convertToDwg(dxffilename, dwgfilename): + indir = os.path.dirname(dxffilename) + outdir = os.path.dirname(dwgfilename) + basename = os.path.basename(dxffilename) +- cmdline = ('"%s" "%s" "%s" "ACAD2000" "DWG" "0" "1" "%s"' +- % (teigha, indir, outdir, basename)) +- FCC.PrintMessage(translate("ImportDWG", "Converting: ") +- + cmdline + "\n") +- subprocess.call(cmdline, shell=True) # os.system(cmdline) ++ cmdline = [teigha, indir, outdir, "ACAD2000", "DWG", "0", "1", basename] ++ FCC.PrintMessage(translate("draft", "Converting:") + " " + str(cmdline) + "\n") ++ proc = subprocess.Popen(cmdline) ++ proc.communicate() + return dwgfilename + return None +-- +2.35.0 + diff --git a/media-gfx/freecad/files/freecad-0.19.2-0002-Backport-of-Use-run-instead-of-Popen-to-avoid-need-f.patch b/media-gfx/freecad/files/freecad-0.19.2-0002-Backport-of-Use-run-instead-of-Popen-to-avoid-need-f.patch new file mode 100644 index 000000000000..9b043bd34563 --- /dev/null +++ b/media-gfx/freecad/files/freecad-0.19.2-0002-Backport-of-Use-run-instead-of-Popen-to-avoid-need-f.patch @@ -0,0 +1,25 @@ +From 937d8ca9bf4c50f8a7dc0fbcf9e6ac23b0fbe033 Mon Sep 17 00:00:00 2001 +From: Bernd Waibel <waebbl-gentoo@posteo.net> +Date: Mon, 31 Jan 2022 08:17:24 +0100 +Subject: [PATCH 2/2] Backport of Use run() instead of Popen() to avoid need + for communicate + +Original patch commit id a65dbc6f8296562a12407a36f4931a80bbb628b7 by +sliptonic <shopinthewoods@gmail.com> + +Signed-off-by: Bernd Waibel <waebbl-gentoo@posteo.net> +--- a/src/Mod/Path/PathScripts/PathSanity.py ++++ b/src/Mod/Path/PathScripts/PathSanity.py +@@ -412,8 +412,7 @@ class CommandPathSanity: + FreeCAD.Console.PrintMessage('asciidoc file written to {}\n'.format(reportraw)) + + try: +- result = os.system('asciidoctor {} -o {}'.format(reportraw, +- reporthtml)) ++ result = subprocess.run(["asciidoctor", reportraw, "-o", reporthtml]) + if str(result) == "32512": + msg = "asciidoctor not found. html cannot be generated." + QtGui.QMessageBox.information(None, "Path Sanity", msg) +-- +2.35.0 + |