|
1 Patch from upstream, not yet available in latest stable release-- |
|
2 http://www.logilab.org/revision/207574 |
|
3 --to fix CVE-2014-1838. |
|
4 |
|
5 diff -rupN logilab-common-0.40.0-orig/ChangeLog logilab-common-0.40.0/ChangeLog |
|
6 --- logilab-common-0.40.0-orig/ChangeLog 2014-03-19 15:28:18.000000000 -0700 |
|
7 +++ logilab-common-0.40.0/ChangeLog 2014-03-19 15:45:21.685581000 -0700 |
|
8 @@ -8,6 +8,7 @@ ChangeLog for logilab.common |
|
9 * db: add time adapter for pysqlite2, fix mysql bool and string handling |
|
10 * configuration: don't print default for store_true / store_false option |
|
11 or option with None as default |
|
12 + * pdf_ext: removed, it had no known users (CVE-2014-1838) |
|
13 |
|
14 |
|
15 2009-04-07 -- 0.39.1 |
|
16 diff -rupN logilab-common-0.40.0-orig/pdf_ext.py logilab-common-0.40.0/pdf_ext.py |
|
17 --- logilab-common-0.40.0-orig/pdf_ext.py 2008-07-18 02:10:37.000000000 -0700 |
|
18 +++ logilab-common-0.40.0/pdf_ext.py 1969-12-31 16:00:00.000000000 -0800 |
|
19 @@ -1,94 +0,0 @@ |
|
20 -"""Manipulate pdf and fdf files (pdftk recommended). |
|
21 - |
|
22 -Notes regarding pdftk, pdf forms and fdf files (form definition file) |
|
23 -fields names can be extracted with: |
|
24 - |
|
25 - pdftk orig.pdf generate_fdf output truc.fdf |
|
26 - |
|
27 -to merge fdf and pdf: |
|
28 - |
|
29 - pdftk orig.pdf fill_form test.fdf output result.pdf [flatten] |
|
30 - |
|
31 -without flatten, one could further edit the resulting form. |
|
32 -with flatten, everything is turned into text. |
|
33 - |
|
34 -:copyright: 2000-2008 LOGILAB S.A. (Paris, FRANCE), all rights reserved. |
|
35 -:contact: http://www.logilab.fr/ -- mailto:[email protected] |
|
36 -:license: General Public License version 2 - http://www.gnu.org/licenses |
|
37 -""" |
|
38 -__docformat__ = "restructuredtext en" |
|
39 -# XXX seems very unix specific |
|
40 -# TODO: check availability of pdftk at import |
|
41 - |
|
42 - |
|
43 -import os |
|
44 - |
|
45 -HEAD="""%FDF-1.2 |
|
46 -%\xE2\xE3\xCF\xD3 |
|
47 -1 0 obj |
|
48 -<< |
|
49 -/FDF |
|
50 -<< |
|
51 -/Fields [ |
|
52 -""" |
|
53 - |
|
54 -TAIL="""] |
|
55 ->> |
|
56 ->> |
|
57 -endobj |
|
58 -trailer |
|
59 - |
|
60 -<< |
|
61 -/Root 1 0 R |
|
62 ->> |
|
63 -%%EOF |
|
64 -""" |
|
65 - |
|
66 -def output_field( f ): |
|
67 - return "\xfe\xff" + "".join( [ "\x00"+c for c in f ] ) |
|
68 - |
|
69 -def extract_keys(lines): |
|
70 - keys = [] |
|
71 - for line in lines: |
|
72 - if line.startswith('/V'): |
|
73 - pass #print 'value',line |
|
74 - elif line.startswith('/T'): |
|
75 - key = line[7:-2] |
|
76 - key = ''.join(key.split('\x00')) |
|
77 - keys.append( key ) |
|
78 - return keys |
|
79 - |
|
80 -def write_field(out, key, value): |
|
81 - out.write("<<\n") |
|
82 - if value: |
|
83 - out.write("/V (%s)\n" %value) |
|
84 - else: |
|
85 - out.write("/V /\n") |
|
86 - out.write("/T (%s)\n" % output_field(key) ) |
|
87 - out.write(">> \n") |
|
88 - |
|
89 -def write_fields(out, fields): |
|
90 - out.write(HEAD) |
|
91 - for (key,value,comment) in fields: |
|
92 - write_field(out, key, value) |
|
93 - write_field(out, key+"a", value) # pour copie-carbone sur autres pages |
|
94 - out.write(TAIL) |
|
95 - |
|
96 -def extract_keys_from_pdf(filename): |
|
97 - # what about using 'pdftk filename dump_data_fields' and parsing the output ? |
|
98 - os.system('pdftk %s generate_fdf output /tmp/toto.fdf' % filename) |
|
99 - lines = file('/tmp/toto.fdf').readlines() |
|
100 - return extract_keys(lines) |
|
101 - |
|
102 - |
|
103 -def fill_pdf(infile, outfile, fields): |
|
104 - write_fields(file('/tmp/toto.fdf', 'w'), fields) |
|
105 - os.system('pdftk %s fill_form /tmp/toto.fdf output %s flatten' % (infile, outfile)) |
|
106 - |
|
107 -def testfill_pdf(infile, outfile): |
|
108 - keys = extract_keys_from_pdf(infile) |
|
109 - fields = [] |
|
110 - for key in keys: |
|
111 - fields.append( (key, key, '') ) |
|
112 - fill_pdf(infile, outfile, fields) |
|
113 - |
|
114 diff -rupN logilab-common-0.40.0-orig/README logilab-common-0.40.0/README |
|
115 --- logilab-common-0.40.0-orig/README 2014-03-19 15:28:18.000000000 -0700 |
|
116 +++ logilab-common-0.40.0/README 2014-03-19 15:45:59.671252000 -0700 |
|
117 @@ -126,9 +126,6 @@ Here is a brief description of the avail |
|
118 A Python implementation of PATRICIA trie (Practical Algorithm to |
|
119 Retrieve Information Coded in Alphanumeric). |
|
120 |
|
121 -* pdf_ext.py: |
|
122 - pdf and fdf file manipulations, with pdftk. |
|
123 - |
|
124 * pytest.py: |
|
125 unittest runner. See testlib |
|
126 |