From 0dbd6a20b1abeffa0e30a302657332f7f706c269 Mon Sep 17 00:00:00 2001 From: Julien Cristau Date: Mon, 3 Feb 2014 10:54:20 +0100 Subject: Remove pdf_ext module (closes #207561) Addresses CVE-2014-1838. --- ChangeLog | 2 ++ README | 2 -- pdf_ext.py | 111 ------------------------------------------------------------- 3 files changed, 2 insertions(+), 113 deletions(-) delete mode 100644 pdf_ext.py diff --git a/ChangeLog b/ChangeLog index bea18b7..c836182 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,8 @@ ChangeLog for logilab.common ============================ -- + * pdf_ext: removed, it had no known users (CVE-2014-1838) + * pytest: use 'env' to run the python interpreter * graph: ensure output is ordered on node and graph ids (#202314) diff --git a/README b/README index 9eb6b92..4915e55 100644 --- a/README +++ b/README @@ -123,8 +123,6 @@ Modules extending some external modules * `hg`, some Mercurial_ utility functions. -* `pdf_ext`, pdf and fdf file manipulations, with pdftk. - * `pyro_ext`, some Pyro_ utility functions. * `sphinx_ext`, Sphinx_ plugin defining a `autodocstring` directive. diff --git a/pdf_ext.py b/pdf_ext.py deleted file mode 100644 index 71c483b..0000000 --- a/pdf_ext.py +++ /dev/null @@ -1,111 +0,0 @@ -# copyright 2003-2011 LOGILAB S.A. (Paris, FRANCE), all rights reserved. -# contact http://www.logilab.fr/ -- mailto:contact@logilab.fr -# -# This file is part of logilab-common. -# -# logilab-common is free software: you can redistribute it and/or modify it under -# the terms of the GNU Lesser General Public License as published by the Free -# Software Foundation, either version 2.1 of the License, or (at your option) any -# later version. -# -# logilab-common is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS -# FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more -# details. -# -# You should have received a copy of the GNU Lesser General Public License along -# with logilab-common. If not, see . -"""Manipulate pdf and fdf files (pdftk recommended). - -Notes regarding pdftk, pdf forms and fdf files (form definition file) -fields names can be extracted with: - - pdftk orig.pdf generate_fdf output truc.fdf - -to merge fdf and pdf: - - pdftk orig.pdf fill_form test.fdf output result.pdf [flatten] - -without flatten, one could further edit the resulting form. -with flatten, everything is turned into text. - - - - -""" -__docformat__ = "restructuredtext en" -# XXX seems very unix specific -# TODO: check availability of pdftk at import - - -import os - -HEAD="""%FDF-1.2 -%\xE2\xE3\xCF\xD3 -1 0 obj -<< -/FDF -<< -/Fields [ -""" - -TAIL="""] ->> ->> -endobj -trailer - -<< -/Root 1 0 R ->> -%%EOF -""" - -def output_field( f ): - return "\xfe\xff" + "".join( [ "\x00"+c for c in f ] ) - -def extract_keys(lines): - keys = [] - for line in lines: - if line.startswith('/V'): - pass #print 'value',line - elif line.startswith('/T'): - key = line[7:-2] - key = ''.join(key.split('\x00')) - keys.append( key ) - return keys - -def write_field(out, key, value): - out.write("<<\n") - if value: - out.write("/V (%s)\n" %value) - else: - out.write("/V /\n") - out.write("/T (%s)\n" % output_field(key) ) - out.write(">> \n") - -def write_fields(out, fields): - out.write(HEAD) - for (key, value, comment) in fields: - write_field(out, key, value) - write_field(out, key+"a", value) # pour copie-carbone sur autres pages - out.write(TAIL) - -def extract_keys_from_pdf(filename): - # what about using 'pdftk filename dump_data_fields' and parsing the output ? - os.system('pdftk %s generate_fdf output /tmp/toto.fdf' % filename) - lines = file('/tmp/toto.fdf').readlines() - return extract_keys(lines) - - -def fill_pdf(infile, outfile, fields): - write_fields(file('/tmp/toto.fdf', 'w'), fields) - os.system('pdftk %s fill_form /tmp/toto.fdf output %s flatten' % (infile, outfile)) - -def testfill_pdf(infile, outfile): - keys = extract_keys_from_pdf(infile) - fields = [] - for key in keys: - fields.append( (key, key, '') ) - fill_pdf(infile, outfile, fields) - -- cgit v1.2.1