Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/dev-python/pygments/files/2.0.2-shell-injection-backport2.patch
diff options
context:
space:
mode:
Diffstat (limited to 'dev-python/pygments/files/2.0.2-shell-injection-backport2.patch')
-rw-r--r--dev-python/pygments/files/2.0.2-shell-injection-backport2.patch56
1 files changed, 56 insertions, 0 deletions
diff --git a/dev-python/pygments/files/2.0.2-shell-injection-backport2.patch b/dev-python/pygments/files/2.0.2-shell-injection-backport2.patch
new file mode 100644
index 000000000000..78bf4478ecd7
--- /dev/null
+++ b/dev-python/pygments/files/2.0.2-shell-injection-backport2.patch
@@ -0,0 +1,56 @@
+# HG changeset patch
+# User Tim Hatch <tim@timhatch.com>
+# Date 1445007300 25200
+# Node ID 0036ab1c99e256298094505e5e92fdacdfc5b0a8
+# Parent c0c0d4049a7c325cd69b764c6ceb7747d319212d
+Avoid the shell entirely when finding fonts.
+
+Manually tested on OS X.
+
+diff --git a/pygments/formatters/img.py b/pygments/formatters/img.py
+--- a/pygments/formatters/img.py
++++ b/pygments/formatters/img.py
+@@ -10,12 +10,13 @@
+ """
+
+ import sys
+-import shlex
+
+ from pygments.formatter import Formatter
+ from pygments.util import get_bool_opt, get_int_opt, get_list_opt, \
+ get_choice_opt, xrange
+
++import subprocess
++
+ # Import this carefully
+ try:
+ from PIL import Image, ImageDraw, ImageFont
+@@ -76,14 +77,11 @@
+ self._create_nix()
+
+ def _get_nix_font_path(self, name, style):
+- try:
+- from commands import getstatusoutput
+- except ImportError:
+- from subprocess import getstatusoutput
+- exit, out = getstatusoutput('fc-list %s file' %
+- shlex.quote("%s:style=%s" % (name, style)))
+- if not exit:
+- lines = out.splitlines()
++ proc = subprocess.Popen(['fc-list', "%s:style=%s" % (name, style), 'file'],
++ stdout=subprocess.PIPE, stderr=None)
++ stdout, _ = proc.communicate()
++ if proc.returncode == 0:
++ lines = stdout.splitlines()
+ if lines:
+ path = lines[0].strip().strip(':')
+ return path
+@@ -198,7 +196,7 @@
+ bold and italic fonts will be generated. This really should be a
+ monospace font to look sane.
+
+- Default: "Bitstream Vera Sans Mono"
++ Default: "Bitstream Vera Sans Mono" on Windows, Courier New on *nix
+
+ `font_size`
+ The font size in points to be used.