--- a/components/python/pygments/patches/CVE-2015-8557.patch Wed Jan 20 10:50:52 2016 -0800
+++ b/components/python/pygments/patches/CVE-2015-8557.patch Wed Jan 20 16:02:48 2016 -0800
@@ -1,24 +1,31 @@
This patch is pulled from upstream; once we pull in 2.1 or newer, it will
no longer be necessary.
---- Pygments-1.6/pygments/formatters/img.py Tue Jan 12 15:06:52 2016
-+++ Pygments-1.6/pygments/formatters/img.py Tue Jan 12 15:08:24 2016
-@@ -9,6 +9,7 @@
- :license: BSD, see LICENSE for details.
- """
+--- Pygments-1.6/pygments/formatters/img.py Sun Feb 3 01:26:49 2013
++++ Pygments-1.6/pygments/formatters/img.py Wed Jan 20 13:33:20 2016
+@@ -15,6 +15,8 @@
+ from pygments.util import get_bool_opt, get_int_opt, \
+ get_list_opt, get_choice_opt
-+import shlex
- import sys
-
- from pygments.formatter import Formatter
-@@ -73,8 +74,8 @@
++import subprocess
++
+ # Import this carefully
+ try:
+ from PIL import Image, ImageDraw, ImageFont
+@@ -72,11 +74,11 @@
+ self._create_nix()
def _get_nix_font_path(self, name, style):
- from commands import getstatusoutput
+- from commands import getstatusoutput
- exit, out = getstatusoutput('fc-list "%s:style=%s" file' %
- (name, style))
-+ exit, out = getstatusoutput('fc-list %s file' %
-+ shlex.quote("%s:style=%s" % (name, style)))
- if not exit:
- lines = out.splitlines()
+- if not exit:
+- lines = out.splitlines()
++ proc = subprocess.Popen(['fc-list', "%s:style=%s" % (name, style), 'file'],
++ stdout=subprocess.PIPE, stderr=None)
++ stdout, _ = proc.communicate()
++ if proc.returncode == 0:
++ lines = stdout.splitlines()
if lines:
+ path = lines[0].strip().strip(':')
+ return path