/[packages]/updates/1/perl/current/SOURCES/perl-5.12-Locale-Maketext-CVE.patch
ViewVC logotype

Contents of /updates/1/perl/current/SOURCES/perl-5.12-Locale-Maketext-CVE.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 394717 - (show annotations) (download)
Tue Feb 5 19:29:12 2013 UTC (7 years, 6 months ago) by luigiwalser
File size: 2126 byte(s)
fix Locale-Maketext CVE-2012-6329 (mga#8815)
1 @@ -, +, @@
2 ---
3 --- a/dist/Locale-Maketext/lib/Locale/Maketext/Guts.pm
4 +++ a/dist/Locale-Maketext/lib/Locale/Maketext/Guts.pm
5 @@ -625,21 +625,9 @@ sub _compile {
6 # 0-length method name means to just interpolate:
7 push @code, ' (';
8 }
9 - elsif($m =~ /^\w+(?:\:\:\w+)*$/s
10 - and $m !~ m/(?:^|\:)\d/s
11 - # exclude starting a (sub)package or symbol with a digit
12 + elsif($m =~ /^\w+$/s
13 + # exclude anything fancy, especially fully-qualified module names
14 ) {
15 - # Yes, it even supports the demented (and undocumented?)
16 - # $obj->Foo::bar(...) syntax.
17 - $target->_die_pointing(
18 - $_[1], q{Can't use "SUPER::" in a bracket-group method},
19 - 2 + length($c[-1])
20 - )
21 - if $m =~ m/^SUPER::/s;
22 - # Because for SUPER:: to work, we'd have to compile this into
23 - # the right package, and that seems just not worth the bother,
24 - # unless someone convinces me otherwise.
25 -
26 push @code, ' $_[0]->' . $m . '(';
27 }
28 else {
29 @@ -693,7 +681,9 @@ sub _compile {
30 elsif(substr($1,0,1) ne '~') {
31 # it's stuff not containing "~" or "[" or "]"
32 # i.e., a literal blob
33 - $c[-1] .= $1;
34 + my $text = $1;
35 + $text =~ s/\\/\\\\/g;
36 + $c[-1] .= $text;
37
38 }
39 elsif($1 eq '~~') { # "~~"
40 @@ -731,7 +721,9 @@ sub _compile {
41 else {
42 # It's a "~X" where X is not a special character.
43 # Consider it a literal ~ and X.
44 - $c[-1] .= $1;
45 + my $text = $1;
46 + $text =~ s/\\/\\\\/g;
47 + $c[-1] .= $text;
48 }
49 }
50 }
51 --

  ViewVC Help
Powered by ViewVC 1.1.28