packages/python-reportlab
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Upgrade to 3.6.10 to fix CVE-2020-28463

Browse Source 
(cherry picked from commit e143b9dbe38cdf8e593e0f1109b6b859f724b34e)
This commit is contained in:
starlet-dx 2022-08-29 17:36:37 +08:00 committed by openeuler-sync-bot
parent f5d12def27
commit c213ac4160
5 changed files with 25 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
0fbf25e4857423f6a38ca7f5aeee1c84acaa3fc1.patch
View File

@ -1,19 +0,0 @@
# HG changeset patch
# User robin <robin@reportlab.com>
# Date 1495525707 -3600
# Node ID 0fbf25e4857423f6a38ca7f5aeee1c84acaa3fc1
# Parent 0f6004ec2916b76cfbd0444de6f551bcb1949781
fix bitbucket issue 113
diff --git a/setup.py b/setup.py
--- a/setup.py
+++ b/setup.py
@@ -539,7 +539,7 @@
],
#this probably only works for setuptools, but distutils seems to ignore it
- install_requires=['pillow>=2.4.0','pip>=1.4.1', 'setuptools>=2.2'],
+ install_requires=['pillow>=2.4.0'],
)
print()
print('########## SUMMARY INFO #########')

81
CVE-2019-17626.patch
View File

@ -1,81 +0,0 @@
# HG changeset patch
# User mkasik@redhat.com
# Date 1580132768 -3600
# Mon Jan 27 14:46:08 2020 +0100
# Node ID b47055e78d8b3e49e7bb5b9cdaa55d449b996764
# Parent 9bb6ebf1b8473e3dc11740cbdce0d5dc1a1afae2
Parse input string of toColor.__call__ for color classes
It constructs respective object from the string then.
This currently supports CMYKColor, PCMYKColor, CMYKColorSep
and PCMYKColorSep.
--- a/src/reportlab/lib/colors.py
+++ b/src/reportlab/lib/colors.py
@@ -833,6 +833,53 @@ class cssParse:
cssParse=cssParse()
+def parseColorClassFromString(arg):
+ '''Parses known classes which holds color information from string
+ and constructs respective object.
+ It constructs CMYKColor, PCMYKColor, CMYKColorSep and PCMYKColorSep now.
+ '''
+
+ # Strips input string and splits it with {'(', ')', ','} delimiters
+ splitted = "".join(arg.split()).replace('(', ',').replace(')','').split(',')
+
+ # Creates a "fingerprint" of given string made of {'(', ')', ','} characters only.
+ fingerprint = ''.join(c for c in arg if c in set('(,)'))
+
+ if (len(splitted) > 0):
+ if (splitted[0] == 'Color'):
+ if (fingerprint == '(,,,)'):
+ try:
+ return Color(*list(map(float, splitted[1:5])))
+ except:
+ return None
+ elif (fingerprint == '(,,)'):
+ try:
+ return Color(*list(map(float, splitted[1:4])))
+ except:
+ return None
+ elif (splitted[0] == 'CMYKColor' and fingerprint == '(,,,)'):
+ try:
+ return CMYKColor(*list(map(float, splitted[1:5])))
+ except:
+ return None
+ elif (splitted[0] == 'PCMYKColor' and fingerprint == '(,,,)'):
+ try:
+ return PCMYKColor(*list(map(float, splitted[1:5])))
+ except:
+ return None
+ elif (splitted[0] == 'CMYKColorSep' and fingerprint == '(,,,)'):
+ try:
+ return CMYKColorSep(*list(map(float, splitted[1:5])))
+ except:
+ return None
+ elif (splitted[0] == 'PCMYKColorSep' and fingerprint == '(,,,)'):
+ try:
+ return PCMYKColorSep(*list(map(float, splitted[1:5])))
+ except:
+ return None
+ else:
+ return None
+
class toColor:
def __init__(self):
@@ -858,10 +905,8 @@ class toColor:
C = getAllNamedColors()
s = arg.lower()
if s in C: return C[s]
- try:
- return toColor(eval(arg))
- except:
- pass
+ parsedColor = parseColorClassFromString(arg)
+ if (parsedColor): return parsedColor
try:
return HexColor(arg)

35
python-reportlab.spec
View File

@ -1,21 +1,22 @@
%global cmapdir %(echo `rpm -qls ghostscript | grep CMap | awk '{print $2}'`)
%bcond_without tests
Name: python-reportlab
Version: 3.4.0
Release: 13
Version: 3.6.10
Release: 1
Summary: ReportLab library to create PDF documents and graphic
License: LGPL-2.0-only
License: BSD-3-Clause
URL: https://www.reportlab.com/
Source0: https://pypi.python.org/packages/source/r/reportlab/reportlab-%{version}.tar.gz
Patch0001: 0fbf25e4857423f6a38ca7f5aeee1c84acaa3fc1.patch
Patch0002: CVE-2019-17626.patch
BuildRequires: libart_lgpl-devel freetype-devel
%description
The ReportLab Toolkit. An Open Source Python library for generating PDFs and graphics.
%package -n python3-reportlab
Summary: ReportLab library to create PDF documents and graphic
BuildRequires: python3-devel python3-pillow
BuildRequires: python3-devel python3-pillow gcc
Requires: dejavu-sans-fonts python3-pillow
%{?python_provide:%python_provide python3-reportlab}
@ -40,16 +41,27 @@ find src -name '*.py' | xargs sed -i -e '/^#!\//d'
sed -i '/\~\/\.local\/share\/fonts\/CMap/i''\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ '\'"%{cmapdir}"\''\,' \
src/reportlab/rl_settings.py
%build
CFLAGS="%{optflags}" %py3_build
rm -rf src/reportlab.egg-info
PYTHONPATH="`pwd`/`ls -d build/lib*`" %{__python3} docs/genAll.py
rm -rf src/rl_addons/renderPM/libart_lgpl
%build
CFLAGS="${CFLAGS:-${RPM_OPT_FLAGS} -Isrc/rl_addons/renderPM -I%{_includedir}/libart-2.0}" LDFLAGS="${LDFLAGS:-${RPM_LD_FLAGS}}"\
%{__python3} setup.py --use-system-libart --no-download-t1-files build --executable="%{__python3} -s"
%install
%py3_install
CFLAGS="${CFLAGS:-${RPM_OPT_FLAGS} -Isrc/rl_addons/renderPM -I%{_includedir}/libart-2.0}" LDFLAGS="${LDFLAGS:-${RPM_LD_FLAGS}}"\
%{__python3} setup.py --use-system-libart --no-download-t1-files install -O1 --skip-build --root ${RPM_BUILD_ROOT}
%if %{with tests}
%check
# Tests need in-build compiled Python modules to be executed
# Tests pre-generate userguide PDF
cp -a build/lib.%{python3_platform}-%{python3_version}/reportlab tests/
cp -a build/lib.%{python3_platform}-%{python3_version}/reportlab docs/
cp -a build/lib.%{python3_platform}-%{python3_version}/reportlab docs/userguide/
%{__python3} setup.py tests
%endif
%files -n python3-reportlab
%doc README.txt CHANGES.md
@ -60,6 +72,9 @@ PYTHONPATH="`pwd`/`ls -d build/lib*`" %{__python3} docs/genAll.py
%doc demos/ tools/
%changelog
* Mon Aug 29 2022 yaoxin <yaoxin30@h-partners.com> - 3.6.10-1
- Upgrade to 3.6.10 to fix CVE-2020-28463
* Thu Jul 22 2021 yaoxin <yaoxin30@huawei.com> - 3.4.0-13
- Fix CVE-2019-17626

BIN
reportlab-3.4.0.tar.gz
View File

Binary file not shown.

BIN
reportlab-3.6.10.tar.gz Normal file
View File

Binary file not shown.