diff options
Diffstat (limited to 'media-gfx/freecad/files/freecad-0.19.2-0001-Backport-of-0004809-Security-vulnerability-in-DWG-im.patch')
-rw-r--r-- | media-gfx/freecad/files/freecad-0.19.2-0001-Backport-of-0004809-Security-vulnerability-in-DWG-im.patch | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/media-gfx/freecad/files/freecad-0.19.2-0001-Backport-of-0004809-Security-vulnerability-in-DWG-im.patch b/media-gfx/freecad/files/freecad-0.19.2-0001-Backport-of-0004809-Security-vulnerability-in-DWG-im.patch new file mode 100644 index 000000000000..2df44ff66ac8 --- /dev/null +++ b/media-gfx/freecad/files/freecad-0.19.2-0001-Backport-of-0004809-Security-vulnerability-in-DWG-im.patch @@ -0,0 +1,59 @@ +From 4006e62860c73f0943e71c7da478256a7337941d Mon Sep 17 00:00:00 2001 +From: Bernd Waibel <waebbl-gentoo@posteo.net> +Date: Mon, 31 Jan 2022 08:12:35 +0100 +Subject: [PATCH 1/2] Backport of 0004809: Security vulnerability in DWG import + when using ODA file converter + +Original patch commit id 1742d7ff82af1653253c4a4183c262c9af3b26d6 by +wmayer <wmayer@users.sourceforge.net>. + +Signed-off-by: Bernd Waibel <waebbl-gentoo@posteo.net> +--- a/src/Mod/Draft/importDWG.py ++++ b/src/Mod/Draft/importDWG.py +@@ -44,8 +44,6 @@ https://knowledge.autodesk.com/support/autocad/downloads/ + # * * + # *************************************************************************** + +-# TODO: use subprocess.popen() instead of subprocess.call() +- + import six + import FreeCAD + from FreeCAD import Console as FCC +@@ -217,15 +215,10 @@ def convertToDxf(dwgfilename): + indir = os.path.dirname(dwgfilename) + outdir = tempfile.mkdtemp() + basename = os.path.basename(dwgfilename) +- cmdline = ('"%s" "%s" "%s" "ACAD2000" "DXF" "0" "1" "%s"' +- % (teigha, indir, outdir, basename)) +- FCC.PrintMessage(translate("ImportDWG", "Converting: ") +- + cmdline + "\n") +- if six.PY2: +- if isinstance(cmdline, six.text_type): +- encoding = sys.getfilesystemencoding() +- cmdline = cmdline.encode(encoding) +- subprocess.call(cmdline, shell=True) # os.system(cmdline) ++ cmdline = [teigha, indir, outdir, "ACAD2000", "DXF", "0", "1", basename] ++ FCC.PrintMessage(translate("draft", "Converting:") + " " + str(cmdline) + "\n") ++ proc = subprocess.Popen(cmdline) ++ proc.communicate() + result = outdir + os.sep + os.path.splitext(basename)[0] + ".dxf" + if os.path.exists(result): + FCC.PrintMessage(translate("ImportDWG", +@@ -270,10 +263,9 @@ def convertToDwg(dxffilename, dwgfilename): + indir = os.path.dirname(dxffilename) + outdir = os.path.dirname(dwgfilename) + basename = os.path.basename(dxffilename) +- cmdline = ('"%s" "%s" "%s" "ACAD2000" "DWG" "0" "1" "%s"' +- % (teigha, indir, outdir, basename)) +- FCC.PrintMessage(translate("ImportDWG", "Converting: ") +- + cmdline + "\n") +- subprocess.call(cmdline, shell=True) # os.system(cmdline) ++ cmdline = [teigha, indir, outdir, "ACAD2000", "DWG", "0", "1", basename] ++ FCC.PrintMessage(translate("draft", "Converting:") + " " + str(cmdline) + "\n") ++ proc = subprocess.Popen(cmdline) ++ proc.communicate() + return dwgfilename + return None +-- +2.35.0 + |