# HG changeset patch
# User Danek Duvall <danek.duvall@oracle.com>
# Date 1453240851 28800
# Node ID 5c98bff030f2b36ee07e061f739eb6e1e2cdc1ab
# Parent  bb35a9811599f8ce46563841206b8a326675191f
22364960 problem in PYTHON-MOD/PYGMENTS

diff -r bb35a9811599 -r 5c98bff030f2 components/python/pygments/patches/CVE-2015-8557.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/python/pygments/patches/CVE-2015-8557.patch	Tue Jan 19 14:00:51 2016 -0800
@@ -0,0 +1,24 @@
+This patch is pulled from upstream; once we pull in 2.1 or newer, it will
+no longer be necessary.
+
+--- Pygments-1.6/pygments/formatters/img.py	Tue Jan 12 15:06:52 2016
++++ Pygments-1.6/pygments/formatters/img.py	Tue Jan 12 15:08:24 2016
+@@ -9,6 +9,7 @@
+     :license: BSD, see LICENSE for details.
+ """
+ 
++import shlex
+ import sys
+ 
+ from pygments.formatter import Formatter
+@@ -73,8 +74,8 @@
+ 
+     def _get_nix_font_path(self, name, style):
+         from commands import getstatusoutput
+-        exit, out = getstatusoutput('fc-list "%s:style=%s" file' %
+-                                    (name, style))
++        exit, out = getstatusoutput('fc-list %s file' %
++                                    shlex.quote("%s:style=%s" % (name, style)))
+         if not exit:
+             lines = out.splitlines()
+             if lines: