Le 27/02/2019 à 20:06, Niko Tyni a écrit :
> On Wed, Feb 27, 2019 at 05:16:03PM +0100, gregor herrmann wrote:
>
>> 2) This fix would also suite the documentation of tv_imdb which says:
>>
>> tv_imdb --imdbdir <dir> [--help] [--quiet]
>> [--with-keywords] [--with-plot]
>> [--movies-only] [--actors NUMBER]
>> [--stats] [--debug]
>> [--output FILE] [FILE...]
>>
>> (so: pass FILE as an argument, not: read from STDIN, as the testsuite
>> does)
>
> The convention in manual pages is that optional arguments are denoted with
> brackets. My expections from just the above synopsis would be precisely
> the old behaviour (which the test suite apparently relies on): FILE is
> optional and STDIN is used if FILE is not supplied.
>
>> So it seems that XML::Parser's parsefile was able to handle '-' with
>> the 2-args-open() and fails to do so with the 3-args-open(). This is
>> a regression at first glance; although the documentation for open()
>> only mentions "<-" or "-" for STDIN in the (one-args- and)
>> two-args-form. But yeah, this has the potential to break more code
>> out there …
>
> Not sure I follow but I agree with the last sentence at least :)
> Clearly '-' needs special handling in XML::Parser if 2-arg open is
> converted to 3-arg open.
>
> (Sorry, no tuits for providing a better patch for XML::Parser.)
Patch is ready in salsa repo:
if (ref $file or $file eq '-') {
open(FILE, $file) or croak "Couldn't open $file:\n$!";
} else {
open(FILE, '<', $file) or croak "Couldn't open $file:\n$!";
}
Successfully tested with xmltv. I propose to push as this for now to
close bug before freeze. This patch fixes security bug since strange
filename are no more interpreted and autopkgtest regression is fixed.
Cheers,
Xavier
