Bug#764814: freecad downloads and executes code
D Haley
mycae at gmx.com
Sun Oct 12 14:55:48 UTC 2014
Hi and thanks for the input,
I think this bug is less about licencing, which is a large and complex
issue, than a quick fix for code execution. Upstream can make their
decisions about licencing. This is possibly not a debian question, and i
feel somewhat tangential to this bug, and the issues in the other bug
are still not entirely sorted. We have a technical solution that will
work here.
I think I disagree about the complexity of the SHA1 solution. I think it
is very simple, and looks like the attached, which is incomplete.
Notably, the other files need to be similarly patched, and the SHA1s
need computing.
Otherwise, the SSL solution could be achieved by using eg, the Requests
library. Some discussion on this topic was had a while ago:
https://lwn.net/Articles/582065/
Thanks!
-------------- next part --------------
diff -r 58946a488476 src/Mod/Arch/ArchCommands.py
--- a/src/Mod/Arch/ArchCommands.py Sun Oct 12 15:44:26 2014 +0100
+++ b/src/Mod/Arch/ArchCommands.py Sun Oct 12 15:49:30 2014 +0100
@@ -24,6 +24,8 @@
#***************************************************************************
import FreeCAD,Draft,ArchComponent,DraftVecUtils
+import hashlib
+
from FreeCAD import Vector
if FreeCAD.GuiUp:
import FreeCADGui
@@ -562,6 +564,13 @@
FreeCAD.Console.PrintMessage("downloading "+url+" ...\n")
response = urllib2.urlopen(url)
s = response.read()
+ sha = hashlib.sha1(s)
+ sha_found = sha.hexdigest()
+
+ SHA1_EXPECTED_HEX="asdf"
+ if not sha_found = SHA1_EXPECTED :
+ return None
+
f = open(filepath,'wb')
f.write(s)
f.close()
More information about the debian-science-maintainers
mailing list