Do not evaluate unichar element

Replace an invalid char with a correct one (rpminspect) Resolves: RHEL-7010
2023-10-19 10:55:15 +02:00 · 2023-10-19 10:55:15 +02:00 · d095c9ba1e
commit d095c9ba1e
parent 4b26d1e5de
3 changed files with 54 additions and 1 deletions
--- a/python-reportlab-3.4.0-invalid-char.patch
+++ b/python-reportlab-3.4.0-invalid-char.patch
@ -0,0 +1,11 @@
 --- python3-python-reportlab-3.4.0-6.el8_1.3/tools/pythonpoint/demos/htu.xml
 +++ python3-python-reportlab-3.4.0-6.el8_1.3/tools/pythonpoint/demos/htu.xml
@@ -34,7 +34,7 @@
             þ ø İ ı ľ ĸ
             >>> 
             -->
 -          <font name="Serif" size="32"> 0 ^  1 _</font>
 +          <font name="Serif" size="32">Ğ ğ İ ı Ş ş</font>
         </para>
       </frame>
     </slide>
--- a/python-reportlab-3.4.0-unichar-element.patch
+++ b/python-reportlab-3.4.0-unichar-element.patch
@ -0,0 +1,31 @@
 --- python3-python-reportlab-3.4.0-9.el8/src/reportlab/platypus/paraparser.py
 +++ python3-python-reportlab-3.4.0-9.el8/src/reportlab/platypus/paraparser.py
@@ -841,7 +841,11 @@ class ParaParser(HTMLParser):
                 v = '\0'
         elif 'code' in attr:
             try:
 -                v = int(eval(attr['code']))
 +                v = attr['code'].lower()
 +                if v.startswith('0x'):
 +                    v = int(v,16)
 +                else:
 +                    v = int(v,0)    #treat as a python literal would be
                 v = chr(v) if isPy3 else unichr(v)
             except:
                 self._syntax_error('<unichar/> invalid code attribute %s' % ascii(attr['code']))
 --- python3-python-reportlab-3.4.0-9.el8/tests/test_platypus_paragraphs.py
 +++ python3-python-reportlab-3.4.0-9.el8/tests/test_platypus_paragraphs.py
@@ -306,6 +306,13 @@ component delimits the traditional pract
         doc = MyDocTemplate(outputfile('test_platypus_imageandflowables.pdf'),showBoundary=1)
         doc.multiBuild(story)
 +    def test_unicharCodeSafety(self):
 +        """test a bug reported by ravi prakash giri <raviprakashgiri@gmail.com>"""
 +        normal = getSampleStyleSheet()['BodyText']
 +        self.assertRaises(Exception,Paragraph,
 +                """<unichar code="open('/tmp/test.txt','w').write('Hello from unichar')"/>""",
 +                normal)
 +
 class TwoFrameDocTemplate(BaseDocTemplate):
     "Define a simple document with two frames per page."
--- a/python-reportlab.spec
+++ b/python-reportlab.spec
@ -3,7 +3,7 @@
 Name:           python-%{pypi}
 Version:        3.4.0
-Release:        8%{?dist}
+Release:        9%{?dist}
 Summary:        Library for generating PDFs and graphics
 License:        BSD
 URL:            http://www.reportlab.org/
@ -12,6 +12,10 @@ Source0:        https://pypi.python.org/packages/source/r/%{pypi}/%{pypi}-%{vers
 # https://bugzilla.redhat.com/show_bug.cgi?id=1769661
 Patch0:         python-reportlab-3.4.0-color-eval.patch
 # https://issues.redhat.com/browse/RHEL-7010
 Patch1:         python-reportlab-3.4.0-invalid-char.patch
 Patch2:         python-reportlab-3.4.0-unichar-element.patch
 %package -n     python3-%{pypi}
 Summary:        Library for generating PDFs and graphics
 BuildRequires:  python3-devel
@ -43,6 +47,8 @@ Contains the documentation for ReportLab.
 %prep
 %setup -qn reportlab-%{version}
 %patch0 -p1 -b .color-eval
 %patch1 -p1
 %patch2 -p1 -b .unichar-element
 # clean up hashbangs from libraries
 find src -name '*.py' | xargs sed -i -e '/^#!\//d'
 # patch the CMap path by adding Fedora ghostscript path before the match
@ -78,6 +84,11 @@ rm -rf %{buildroot}%{python3_sitearch}/reportlab/fonts
 #%doc docs/*.pdf
 %changelog
 * Thu Oct 19 2023 Marek Kasik <mkasik@redhat.com> - 3.4.0-9
 - Do not evaluate unichar element
 - Replace an invalid char with a correct one (rpminspect)
 - Resolves: RHEL-7010
 * Wed Jan 15 2020 Marek Kasik <mkasik@redhat.com> - 3.4.0-8
 - Fix Requires for doc subpackage
 - Resolves: #1788556