Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/media-gfx/freecad/files/freecad-0.19.2-0001-Backport-of-0004809-Security-vulnerability-in-DWG-im.patch
diff options
context:
space:
mode:
Diffstat (limited to 'media-gfx/freecad/files/freecad-0.19.2-0001-Backport-of-0004809-Security-vulnerability-in-DWG-im.patch')
-rw-r--r--media-gfx/freecad/files/freecad-0.19.2-0001-Backport-of-0004809-Security-vulnerability-in-DWG-im.patch59
1 files changed, 59 insertions, 0 deletions
diff --git a/media-gfx/freecad/files/freecad-0.19.2-0001-Backport-of-0004809-Security-vulnerability-in-DWG-im.patch b/media-gfx/freecad/files/freecad-0.19.2-0001-Backport-of-0004809-Security-vulnerability-in-DWG-im.patch
new file mode 100644
index 000000000000..2df44ff66ac8
--- /dev/null
+++ b/media-gfx/freecad/files/freecad-0.19.2-0001-Backport-of-0004809-Security-vulnerability-in-DWG-im.patch
@@ -0,0 +1,59 @@
+From 4006e62860c73f0943e71c7da478256a7337941d Mon Sep 17 00:00:00 2001
+From: Bernd Waibel <waebbl-gentoo@posteo.net>
+Date: Mon, 31 Jan 2022 08:12:35 +0100
+Subject: [PATCH 1/2] Backport of 0004809: Security vulnerability in DWG import
+ when using ODA file converter
+
+Original patch commit id 1742d7ff82af1653253c4a4183c262c9af3b26d6 by
+wmayer <wmayer@users.sourceforge.net>.
+
+Signed-off-by: Bernd Waibel <waebbl-gentoo@posteo.net>
+--- a/src/Mod/Draft/importDWG.py
++++ b/src/Mod/Draft/importDWG.py
+@@ -44,8 +44,6 @@ https://knowledge.autodesk.com/support/autocad/downloads/
+ # * *
+ # ***************************************************************************
+
+-# TODO: use subprocess.popen() instead of subprocess.call()
+-
+ import six
+ import FreeCAD
+ from FreeCAD import Console as FCC
+@@ -217,15 +215,10 @@ def convertToDxf(dwgfilename):
+ indir = os.path.dirname(dwgfilename)
+ outdir = tempfile.mkdtemp()
+ basename = os.path.basename(dwgfilename)
+- cmdline = ('"%s" "%s" "%s" "ACAD2000" "DXF" "0" "1" "%s"'
+- % (teigha, indir, outdir, basename))
+- FCC.PrintMessage(translate("ImportDWG", "Converting: ")
+- + cmdline + "\n")
+- if six.PY2:
+- if isinstance(cmdline, six.text_type):
+- encoding = sys.getfilesystemencoding()
+- cmdline = cmdline.encode(encoding)
+- subprocess.call(cmdline, shell=True) # os.system(cmdline)
++ cmdline = [teigha, indir, outdir, "ACAD2000", "DXF", "0", "1", basename]
++ FCC.PrintMessage(translate("draft", "Converting:") + " " + str(cmdline) + "\n")
++ proc = subprocess.Popen(cmdline)
++ proc.communicate()
+ result = outdir + os.sep + os.path.splitext(basename)[0] + ".dxf"
+ if os.path.exists(result):
+ FCC.PrintMessage(translate("ImportDWG",
+@@ -270,10 +263,9 @@ def convertToDwg(dxffilename, dwgfilename):
+ indir = os.path.dirname(dxffilename)
+ outdir = os.path.dirname(dwgfilename)
+ basename = os.path.basename(dxffilename)
+- cmdline = ('"%s" "%s" "%s" "ACAD2000" "DWG" "0" "1" "%s"'
+- % (teigha, indir, outdir, basename))
+- FCC.PrintMessage(translate("ImportDWG", "Converting: ")
+- + cmdline + "\n")
+- subprocess.call(cmdline, shell=True) # os.system(cmdline)
++ cmdline = [teigha, indir, outdir, "ACAD2000", "DWG", "0", "1", basename]
++ FCC.PrintMessage(translate("draft", "Converting:") + " " + str(cmdline) + "\n")
++ proc = subprocess.Popen(cmdline)
++ proc.communicate()
+ return dwgfilename
+ return None
+--
+2.35.0
+