|
1 Patch from upstream, not yet available in latest stable release-- |
|
2 http://www.logilab.org/revision/207574 |
|
3 --to fix CVE-2014-1838. |
|
4 |
|
5 diff -rupN logilab-common-0.58.2-orig/ChangeLog logilab-common-0.58.2/ChangeLog |
|
6 --- logilab-common-0.58.2-orig/ChangeLog 2012-07-30 06:06:59.000000000 -0700 |
|
7 +++ logilab-common-0.58.2/ChangeLog 2014-03-14 10:34:00.085719000 -0700 |
|
8 @@ -1,6 +1,10 @@ |
|
9 ChangeLog for logilab.common |
|
10 ============================ |
|
11 |
|
12 +2014-02-03 |
|
13 + * pdf_ext: removed, it had no known users (CVE-2014-1838) |
|
14 + |
|
15 + |
|
16 2012-07-30 -- 0.58.2 |
|
17 * modutils: fixes (closes #100757 and #100935) |
|
18 |
|
19 diff -rupN logilab-common-0.58.2-orig/pdf_ext.py logilab-common-0.58.2/pdf_ext.py |
|
20 --- logilab-common-0.58.2-orig/pdf_ext.py 2012-07-30 06:06:59.000000000 -0700 |
|
21 +++ logilab-common-0.58.2/pdf_ext.py 1969-12-31 16:00:00.000000000 -0800 |
|
22 @@ -1,111 +0,0 @@ |
|
23 -# copyright 2003-2011 LOGILAB S.A. (Paris, FRANCE), all rights reserved. |
|
24 -# contact http://www.logilab.fr/ -- mailto:[email protected] |
|
25 -# |
|
26 -# This file is part of logilab-common. |
|
27 -# |
|
28 -# logilab-common is free software: you can redistribute it and/or modify it under |
|
29 -# the terms of the GNU Lesser General Public License as published by the Free |
|
30 -# Software Foundation, either version 2.1 of the License, or (at your option) any |
|
31 -# later version. |
|
32 -# |
|
33 -# logilab-common is distributed in the hope that it will be useful, but WITHOUT |
|
34 -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS |
|
35 -# FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more |
|
36 -# details. |
|
37 -# |
|
38 -# You should have received a copy of the GNU Lesser General Public License along |
|
39 -# with logilab-common. If not, see <http://www.gnu.org/licenses/>. |
|
40 -"""Manipulate pdf and fdf files (pdftk recommended). |
|
41 - |
|
42 -Notes regarding pdftk, pdf forms and fdf files (form definition file) |
|
43 -fields names can be extracted with: |
|
44 - |
|
45 - pdftk orig.pdf generate_fdf output truc.fdf |
|
46 - |
|
47 -to merge fdf and pdf: |
|
48 - |
|
49 - pdftk orig.pdf fill_form test.fdf output result.pdf [flatten] |
|
50 - |
|
51 -without flatten, one could further edit the resulting form. |
|
52 -with flatten, everything is turned into text. |
|
53 - |
|
54 - |
|
55 - |
|
56 - |
|
57 -""" |
|
58 -__docformat__ = "restructuredtext en" |
|
59 -# XXX seems very unix specific |
|
60 -# TODO: check availability of pdftk at import |
|
61 - |
|
62 - |
|
63 -import os |
|
64 - |
|
65 -HEAD="""%FDF-1.2 |
|
66 -%\xE2\xE3\xCF\xD3 |
|
67 -1 0 obj |
|
68 -<< |
|
69 -/FDF |
|
70 -<< |
|
71 -/Fields [ |
|
72 -""" |
|
73 - |
|
74 -TAIL="""] |
|
75 ->> |
|
76 ->> |
|
77 -endobj |
|
78 -trailer |
|
79 - |
|
80 -<< |
|
81 -/Root 1 0 R |
|
82 ->> |
|
83 -%%EOF |
|
84 -""" |
|
85 - |
|
86 -def output_field( f ): |
|
87 - return "\xfe\xff" + "".join( [ "\x00"+c for c in f ] ) |
|
88 - |
|
89 -def extract_keys(lines): |
|
90 - keys = [] |
|
91 - for line in lines: |
|
92 - if line.startswith('/V'): |
|
93 - pass #print 'value',line |
|
94 - elif line.startswith('/T'): |
|
95 - key = line[7:-2] |
|
96 - key = ''.join(key.split('\x00')) |
|
97 - keys.append( key ) |
|
98 - return keys |
|
99 - |
|
100 -def write_field(out, key, value): |
|
101 - out.write("<<\n") |
|
102 - if value: |
|
103 - out.write("/V (%s)\n" %value) |
|
104 - else: |
|
105 - out.write("/V /\n") |
|
106 - out.write("/T (%s)\n" % output_field(key) ) |
|
107 - out.write(">> \n") |
|
108 - |
|
109 -def write_fields(out, fields): |
|
110 - out.write(HEAD) |
|
111 - for (key, value, comment) in fields: |
|
112 - write_field(out, key, value) |
|
113 - write_field(out, key+"a", value) # pour copie-carbone sur autres pages |
|
114 - out.write(TAIL) |
|
115 - |
|
116 -def extract_keys_from_pdf(filename): |
|
117 - # what about using 'pdftk filename dump_data_fields' and parsing the output ? |
|
118 - os.system('pdftk %s generate_fdf output /tmp/toto.fdf' % filename) |
|
119 - lines = file('/tmp/toto.fdf').readlines() |
|
120 - return extract_keys(lines) |
|
121 - |
|
122 - |
|
123 -def fill_pdf(infile, outfile, fields): |
|
124 - write_fields(file('/tmp/toto.fdf', 'w'), fields) |
|
125 - os.system('pdftk %s fill_form /tmp/toto.fdf output %s flatten' % (infile, outfile)) |
|
126 - |
|
127 -def testfill_pdf(infile, outfile): |
|
128 - keys = extract_keys_from_pdf(infile) |
|
129 - fields = [] |
|
130 - for key in keys: |
|
131 - fields.append( (key, key, '') ) |
|
132 - fill_pdf(infile, outfile, fields) |
|
133 - |
|
134 diff -rupN logilab-common-0.58.2-orig/README logilab-common-0.58.2/README |
|
135 --- logilab-common-0.58.2-orig/README 2012-07-30 06:06:59.000000000 -0700 |
|
136 +++ logilab-common-0.58.2/README 2014-03-14 10:26:18.058139000 -0700 |
|
137 @@ -123,8 +123,6 @@ Modules extending some external modules |
|
138 |
|
139 * `hg`, some Mercurial_ utility functions. |
|
140 |
|
141 -* `pdf_ext`, pdf and fdf file manipulations, with pdftk. |
|
142 - |
|
143 * `pyro_ext`, some Pyro_ utility functions. |
|
144 |
|
145 * `sphinx_ext`, Sphinx_ plugin defining a `autodocstring` directive. |