[Python-apps-commits] r6140 - in packages/ocrodjvu/branches/0.4.6/debian (3 files)
jwilk at users.alioth.debian.org
jwilk at users.alioth.debian.org
Sun Sep 26 19:19:59 UTC 2010
Date: Sunday, September 26, 2010 @ 19:19:48
Author: jwilk
Revision: 6140
Fix insecure use of temporary files.
Added:
packages/ocrodjvu/branches/0.4.6/debian/patches/cuneiform-temp-files.diff
Modified:
packages/ocrodjvu/branches/0.4.6/debian/changelog
packages/ocrodjvu/branches/0.4.6/debian/patches/series
Modified: packages/ocrodjvu/branches/0.4.6/debian/changelog
===================================================================
--- packages/ocrodjvu/branches/0.4.6/debian/changelog 2010-09-26 19:03:37 UTC (rev 6139)
+++ packages/ocrodjvu/branches/0.4.6/debian/changelog 2010-09-26 19:19:48 UTC (rev 6140)
@@ -4,8 +4,9 @@
* Preserve environment variables (except LC_*, LANG and LANGUAGE) when
calling external programs (closes: #594385). [preserve-environment.diff]
* Fix crash on hOCR with image elements. [hocr-no-bbox.diff]
+ * Fix insecure use of temporary files. [cuneiform-temp-files.diff]
- -- Jakub Wilk <jwilk at debian.org> Sun, 26 Sep 2010 21:01:50 +0200
+ -- Jakub Wilk <jwilk at debian.org> Sun, 26 Sep 2010 21:12:18 +0200
ocrodjvu (0.4.6-1) unstable; urgency=low
Added: packages/ocrodjvu/branches/0.4.6/debian/patches/cuneiform-temp-files.diff
===================================================================
--- packages/ocrodjvu/branches/0.4.6/debian/patches/cuneiform-temp-files.diff (rev 0)
+++ packages/ocrodjvu/branches/0.4.6/debian/patches/cuneiform-temp-files.diff 2010-09-26 19:19:48 UTC (rev 6140)
@@ -0,0 +1,52 @@
+Description: Fix insecure use of temporary files.
+Origin: backport, http://bitbucket.org/jwilk/ocrodjvu/changeset/dedea346339f
+Last-Update: 2010-09-26
+
+--- a/lib/cuneiform.py
++++ b/lib/cuneiform.py
+@@ -11,8 +11,12 @@
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ # General Public License for more details.
+
++from __future__ import with_statement
++
+ import contextlib
+ import re
++import os
++import shutil
+ import tempfile
+ from cStringIO import StringIO
+
+@@ -67,17 +71,24 @@
+ return language in get_languages()
+
+ def recognize(pbm_file, language):
+- hocr_file = tempfile.NamedTemporaryFile(prefix='ocrodjvu.', suffix='.html')
+- worker = ipc.Subprocess(
+- ['cuneiform', '-l', iso_to_cuneiform(language), '-f', 'hocr', '-o', hocr_file.name, pbm_file.name],
+- stdout=ipc.PIPE,
+- env={}, # locale=POSIX
+- )
+- worker.wait()
++ hocr_directory = tempfile.mkdtemp(prefix='ocrodjvu.')
++ # A separate non-world-writable directory is needed, as Cuneiform
++ # can create additional files, e.g. images.
++ try:
++ hocr_file_name = os.path.join(hocr_directory, 'ocr.html')
++ worker = ipc.Subprocess(
++ ['cuneiform', '-l', iso_to_cuneiform(language), '-f', 'hocr', '-o', hocr_file_name, pbm_file.name],
++ stdout=ipc.PIPE,
++ env={}, # locale=POSIX
++ )
++ worker.wait()
++ with open(hocr_file_name, 'r') as hocr_file:
++ contents = hocr_file.read()
++ finally:
++ shutil.rmtree(hocr_directory)
+ # Sometimes Cuneiform returns files with broken encoding or with control
+ # characters: https://bugs.launchpad.net/cuneiform-linux/+bug/585418
+ # Let's fix it.
+- contents = hocr_file.read()
+ contents = utils.sanitize_utf8(contents)
+ return contextlib.closing(StringIO(contents))
+
Modified: packages/ocrodjvu/branches/0.4.6/debian/patches/series
===================================================================
--- packages/ocrodjvu/branches/0.4.6/debian/patches/series 2010-09-26 19:03:37 UTC (rev 6139)
+++ packages/ocrodjvu/branches/0.4.6/debian/patches/series 2010-09-26 19:19:48 UTC (rev 6140)
@@ -2,3 +2,4 @@
tests-version.diff
preserve-environment.diff
hocr-no-bbox.diff
+cuneiform-temp-files.diff
More information about the Python-apps-commits
mailing list