summaryrefslogtreecommitdiff
path: root/gnu/usr.bin/perl
diff options
context:
space:
mode:
authorTodd C. Miller <millert@cvs.openbsd.org>2013-02-08 16:56:15 +0000
committerTodd C. Miller <millert@cvs.openbsd.org>2013-02-08 16:56:15 +0000
commitf8214d83ab287a4c151f5dc663b797d61dd4a056 (patch)
treeac4491b889bdc73a1da3f7f6b2ac0c5f5e8a4c72 /gnu/usr.bin/perl
parentc0763036888f12b698708e00663085b20c991541 (diff)
Fix for CVE-2012-6329; from perl git via Sebastian Trahm
Diffstat (limited to 'gnu/usr.bin/perl')
-rw-r--r--gnu/usr.bin/perl/dist/Locale-Maketext/lib/Locale/Maketext/Guts.pm24
-rw-r--r--gnu/usr.bin/perl/patchlevel.h1
2 files changed, 10 insertions, 15 deletions
diff --git a/gnu/usr.bin/perl/dist/Locale-Maketext/lib/Locale/Maketext/Guts.pm b/gnu/usr.bin/perl/dist/Locale-Maketext/lib/Locale/Maketext/Guts.pm
index 9af292c61cc..338cc3c805b 100644
--- a/gnu/usr.bin/perl/dist/Locale-Maketext/lib/Locale/Maketext/Guts.pm
+++ b/gnu/usr.bin/perl/dist/Locale-Maketext/lib/Locale/Maketext/Guts.pm
@@ -140,20 +140,10 @@ sub _compile {
# 0-length method name means to just interpolate:
push @code, ' (';
}
- elsif($m =~ /^\w+(?:\:\:\w+)*$/s
- and $m !~ m/(?:^|\:)\d/s
- # exclude starting a (sub)package or symbol with a digit
+ elsif($m =~ /^\w+$/s
+ # exclude anything fancy, especially fully-qualified
+ # module names
) {
- # Yes, it even supports the demented (and undocumented?)
- # $obj->Foo::bar(...) syntax.
- $target->_die_pointing(
- $_[1], q{Can't use "SUPER::" in a bracket-group method},
- 2 + length($c[-1])
- )
- if $m =~ m/^SUPER::/s;
- # Because for SUPER:: to work, we'd have to compile this into
- # the right package, and that seems just not worth the bother,
- # unless someone convinces me otherwise.
push @code, ' $_[0]->' . $m . '(';
}
@@ -208,7 +198,9 @@ sub _compile {
elsif(substr($1,0,1) ne '~') {
# it's stuff not containing "~" or "[" or "]"
# i.e., a literal blob
- $c[-1] .= $1;
+ my $text = $1;
+ $text =~ s/\\/\\\\/g;
+ $c[-1] .= $text;
}
elsif($1 eq '~~') { # "~~"
@@ -246,7 +238,9 @@ sub _compile {
else {
# It's a "~X" where X is not a special character.
# Consider it a literal ~ and X.
- $c[-1] .= $1;
+ my $text = $1;
+ $text =~ s/\\/\\\\/g;
+ $c[-1] .= $text;
}
}
}
diff --git a/gnu/usr.bin/perl/patchlevel.h b/gnu/usr.bin/perl/patchlevel.h
index 46b370f1bb6..063aade7e45 100644
--- a/gnu/usr.bin/perl/patchlevel.h
+++ b/gnu/usr.bin/perl/patchlevel.h
@@ -135,6 +135,7 @@ static const char * const local_patches[] = {
,"Updated Digest to 1.17"
,"CVE-2011-2939"
,"CVE-2012-5195"
+ ,"CVE-2012-6329"
#ifdef PERL_GIT_UNCOMMITTED_CHANGES
,"uncommitted-changes"
#endif