/[packages]/updates/1/perl/current/SOURCES/perl-5.12-Locale-Maketext-CVE.patch
ViewVC logotype

Annotation of /updates/1/perl/current/SOURCES/perl-5.12-Locale-Maketext-CVE.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 394717 - (hide annotations) (download)
Tue Feb 5 19:29:12 2013 UTC (8 years, 7 months ago) by luigiwalser
File size: 2126 byte(s)
fix Locale-Maketext CVE-2012-6329 (mga#8815)
1 luigiwalser 394717 @@ -, +, @@
2     ---
3     --- a/dist/Locale-Maketext/lib/Locale/Maketext/Guts.pm
4     +++ a/dist/Locale-Maketext/lib/Locale/Maketext/Guts.pm
5     @@ -625,21 +625,9 @@ sub _compile {
6     # 0-length method name means to just interpolate:
7     push @code, ' (';
8     }
9     - elsif($m =~ /^\w+(?:\:\:\w+)*$/s
10     - and $m !~ m/(?:^|\:)\d/s
11     - # exclude starting a (sub)package or symbol with a digit
12     + elsif($m =~ /^\w+$/s
13     + # exclude anything fancy, especially fully-qualified module names
14     ) {
15     - # Yes, it even supports the demented (and undocumented?)
16     - # $obj->Foo::bar(...) syntax.
17     - $target->_die_pointing(
18     - $_[1], q{Can't use "SUPER::" in a bracket-group method},
19     - 2 + length($c[-1])
20     - )
21     - if $m =~ m/^SUPER::/s;
22     - # Because for SUPER:: to work, we'd have to compile this into
23     - # the right package, and that seems just not worth the bother,
24     - # unless someone convinces me otherwise.
25     -
26     push @code, ' $_[0]->' . $m . '(';
27     }
28     else {
29     @@ -693,7 +681,9 @@ sub _compile {
30     elsif(substr($1,0,1) ne '~') {
31     # it's stuff not containing "~" or "[" or "]"
32     # i.e., a literal blob
33     - $c[-1] .= $1;
34     + my $text = $1;
35     + $text =~ s/\\/\\\\/g;
36     + $c[-1] .= $text;
37    
38     }
39     elsif($1 eq '~~') { # "~~"
40     @@ -731,7 +721,9 @@ sub _compile {
41     else {
42     # It's a "~X" where X is not a special character.
43     # Consider it a literal ~ and X.
44     - $c[-1] .= $1;
45     + my $text = $1;
46     + $text =~ s/\\/\\\\/g;
47     + $c[-1] .= $text;
48     }
49     }
50     }
51     --

  ViewVC Help
Powered by ViewVC 1.1.28