diff options
| author | Todd C. Miller <millert@cvs.openbsd.org> | 2013-02-08 16:56:15 +0000 |
|---|---|---|
| committer | Todd C. Miller <millert@cvs.openbsd.org> | 2013-02-08 16:56:15 +0000 |
| commit | f8214d83ab287a4c151f5dc663b797d61dd4a056 (patch) | |
| tree | ac4491b889bdc73a1da3f7f6b2ac0c5f5e8a4c72 /gnu | |
| parent | c0763036888f12b698708e00663085b20c991541 (diff) | |
Fix for CVE-2012-6329; from perl git via Sebastian Trahm
Diffstat (limited to 'gnu')
| -rw-r--r-- | gnu/usr.bin/perl/dist/Locale-Maketext/lib/Locale/Maketext/Guts.pm | 24 | ||||
| -rw-r--r-- | gnu/usr.bin/perl/patchlevel.h | 1 |
2 files changed, 10 insertions, 15 deletions
diff --git a/gnu/usr.bin/perl/dist/Locale-Maketext/lib/Locale/Maketext/Guts.pm b/gnu/usr.bin/perl/dist/Locale-Maketext/lib/Locale/Maketext/Guts.pm index 9af292c61cc..338cc3c805b 100644 --- a/gnu/usr.bin/perl/dist/Locale-Maketext/lib/Locale/Maketext/Guts.pm +++ b/gnu/usr.bin/perl/dist/Locale-Maketext/lib/Locale/Maketext/Guts.pm @@ -140,20 +140,10 @@ sub _compile { # 0-length method name means to just interpolate: push @code, ' ('; } - elsif($m =~ /^\w+(?:\:\:\w+)*$/s - and $m !~ m/(?:^|\:)\d/s - # exclude starting a (sub)package or symbol with a digit + elsif($m =~ /^\w+$/s + # exclude anything fancy, especially fully-qualified + # module names ) { - # Yes, it even supports the demented (and undocumented?) - # $obj->Foo::bar(...) syntax. - $target->_die_pointing( - $_[1], q{Can't use "SUPER::" in a bracket-group method}, - 2 + length($c[-1]) - ) - if $m =~ m/^SUPER::/s; - # Because for SUPER:: to work, we'd have to compile this into - # the right package, and that seems just not worth the bother, - # unless someone convinces me otherwise. push @code, ' $_[0]->' . $m . '('; } @@ -208,7 +198,9 @@ sub _compile { elsif(substr($1,0,1) ne '~') { # it's stuff not containing "~" or "[" or "]" # i.e., a literal blob - $c[-1] .= $1; + my $text = $1; + $text =~ s/\\/\\\\/g; + $c[-1] .= $text; } elsif($1 eq '~~') { # "~~" @@ -246,7 +238,9 @@ sub _compile { else { # It's a "~X" where X is not a special character. # Consider it a literal ~ and X. - $c[-1] .= $1; + my $text = $1; + $text =~ s/\\/\\\\/g; + $c[-1] .= $text; } } } diff --git a/gnu/usr.bin/perl/patchlevel.h b/gnu/usr.bin/perl/patchlevel.h index 46b370f1bb6..063aade7e45 100644 --- a/gnu/usr.bin/perl/patchlevel.h +++ b/gnu/usr.bin/perl/patchlevel.h @@ -135,6 +135,7 @@ static const char * const local_patches[] = { ,"Updated Digest to 1.17" ,"CVE-2011-2939" ,"CVE-2012-5195" + ,"CVE-2012-6329" #ifdef PERL_GIT_UNCOMMITTED_CHANGES ,"uncommitted-changes" #endif |