[perl.git] branch blead, updated. v5.13.5-169-g9607a44

Sat, 25 Sep 2010 12:20:49 -0700 

In perl.git, the branch blead has been updated

<http://perl5.git.perl.org/perl.git/commitdiff/9607a449b67cc7925ce111d98656c5e2d81c5ac2?hp=0ec7d39d922fe99b200d649d3831d277fb8140c6>

- Log -----------------------------------------------------------------
commit 9607a449b67cc7925ce111d98656c5e2d81c5ac2
Author: Father Chrysostomos <[email protected]>
Date:   Sat Sep 25 12:20:28 2010 -0700

    Locale::Maketext version bump; MANIFEST, ChangeLog, perldelta updates

M       MANIFEST
M       dist/Locale-Maketext/ChangeLog
M       dist/Locale-Maketext/lib/Locale/Maketext.pm
M       pod/perldelta.pod

commit e9c9ffcae4a8b5820dabb04674b85bb5195fcfc4
Author: Todd Rinaldo <[email protected]>
Date:   Sat Sep 25 11:20:10 2010 -0700

    This patch with tests resolves CPAN RT #40727. The issue is an infi-
    nite loop during _compile when working with tainted values. The issue
    was triggered by perlbugs 60378,27344. Both have been resolved but
    they are still broken in perl 5.12.x and earlier.
    
    The patch simply assigns $_[1] to a variable and uses that
    from then on.

M       dist/Locale-Maketext/lib/Locale/Maketext.pm
A       dist/Locale-Maketext/t/09_compile.t
-----------------------------------------------------------------------

Summary of changes:
 MANIFEST                                    |    1 +
 dist/Locale-Maketext/ChangeLog              |   20 ++++++++++++++++++++
 dist/Locale-Maketext/lib/Locale/Maketext.pm |   18 ++++++++++--------
 dist/Locale-Maketext/t/09_compile.t         |   20 ++++++++++++++++++++
 pod/perldelta.pod                           |    8 ++++++++
 5 files changed, 59 insertions(+), 8 deletions(-)
 create mode 100644 dist/Locale-Maketext/t/09_compile.t

diff --git a/MANIFEST b/MANIFEST
index cf45f27..c16eaf5 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -2752,6 +2752,7 @@ dist/Locale-Maketext/lib/Locale/Maketext/TPJ13.pod        
Locale::Maketext documentatio
 dist/Locale-Maketext/README                            Locale::Maketext
 dist/Locale-Maketext/t/01_about_verbose.t              See if Locale::Maketext 
works
 dist/Locale-Maketext/t/04_use_external_lex_cache.t     See if Locale::Maketext 
works
+dist/Locale-Maketext/t/09_compile.t    Test Locale::Maketext::_compile
 dist/Locale-Maketext/t/10_make.t                       See if Locale::Maketext 
works
 dist/Locale-Maketext/t/20_get.t                                See if 
Locale::Maketext works
 dist/Locale-Maketext/t/30_local.t                      See if Locale::Maketext 
works
diff --git a/dist/Locale-Maketext/ChangeLog b/dist/Locale-Maketext/ChangeLog
index 284d971..2398704 100644
--- a/dist/Locale-Maketext/ChangeLog
+++ b/dist/Locale-Maketext/ChangeLog
@@ -1,5 +1,25 @@
 Revision history for Perl suite Locale::Maketext
 
+<date here>
+    * Release 1.16
+
+    Fix for CPAN RT #40727: infinite loop in
+    Locale::Maketext::Guts::_compile() when working with tainted values
+
+2010−06−22
+    * Release 1.15 (included in perl 5.13.3; not released separately)
+
+    Locale::Maketext guts have been merged back into the main module
+
+    External cache support
+
+2009-11-20
+    * Release 1.14 (included in perl 5.11.2; not released separately)
+
+    In Locale::Maketext, avoid using defined @array and defined %hash.
+
+    Convert the odd Locale::Maketext test out from Test to Test::More.
+
 2008-05-28  Adriano Ferreira
     * Release 1.13
 
diff --git a/dist/Locale-Maketext/lib/Locale/Maketext.pm 
b/dist/Locale-Maketext/lib/Locale/Maketext.pm
index 929a70e..cbfcb14 100644
--- a/dist/Locale-Maketext/lib/Locale/Maketext.pm
+++ b/dist/Locale-Maketext/lib/Locale/Maketext.pm
@@ -1,3 +1,4 @@
+
 package Locale::Maketext;
 use strict;
 use vars qw( @ISA $VERSION $MATCH_SUPERS $USING_LANGUAGE_TAGS
@@ -25,7 +26,7 @@ BEGIN {
 }
 
 
-$VERSION = '1.15';
+$VERSION = '1.16';
 @ISA = ();
 
 $MATCH_SUPERS = 1;
@@ -498,7 +499,8 @@ sub _compile {
         my $in_group = 0; # start out outside a group
         my($m, @params); # scratch
 
-        while($_[1] =~  # Iterate over chunks.
+       my $string_to_compile = $_[1]; # There are taint issues using regex on 
@_ - perlbug 60378,27344
+        while($string_to_compile =~  # Iterate over chunks.
             m/\G(
                 [^\~\[\]]+  # non-~[] stuff
                 |
@@ -520,10 +522,10 @@ sub _compile {
                 #  preceding literal.
                 if($in_group) {
                     if($1 eq '') {
-                        $target->_die_pointing($_[1], 'Unterminated bracket 
group');
+                        $target->_die_pointing($string_to_compile, 
'Unterminated bracket group');
                     }
                     else {
-                        $target->_die_pointing($_[1], 'You can\'t nest bracket 
groups');
+                        $target->_die_pointing($string_to_compile, 'You can\'t 
nest bracket groups');
                     }
                 }
                 else {
@@ -533,7 +535,7 @@ sub _compile {
                     else {
                         $in_group = 1;
                     }
-                    die "How come \...@c is empty?? in <$_[1]>" unless @c; # 
sanity
+                    die "How come \...@c is empty?? in <$string_to_compile>" 
unless @c; # sanity
                     if(length $c[-1]) {
                         # Now actually processing the preceding literal
                         $big_pile .= $c[-1];
@@ -612,7 +614,7 @@ sub _compile {
                         # Yes, it even supports the demented (and 
undocumented?)
                         #  $obj->Foo::bar(...) syntax.
                         $target->_die_pointing(
-                            $_[1], q{Can't use "SUPER::" in a bracket-group 
method},
+                            $string_to_compile, q{Can't use "SUPER::" in a 
bracket-group method},
                             2 + length($c[-1])
                         )
                         if $m =~ m/^SUPER::/s;
@@ -625,7 +627,7 @@ sub _compile {
                     else {
                         # TODO: implement something?  or just too icky to 
consider?
                         $target->_die_pointing(
-                            $_[1],
+                            $string_to_compile,
                             "Can't use \"$m\" as a method name in bracket 
group",
                             2 + length($c[-1])
                         );
@@ -666,7 +668,7 @@ sub _compile {
                     push @c, '';
                 }
                 else {
-                    $target->_die_pointing($_[1], q{Unbalanced ']'});
+                    $target->_die_pointing($string_to_compile, q{Unbalanced 
']'});
                 }
 
             }
diff --git a/dist/Locale-Maketext/t/09_compile.t 
b/dist/Locale-Maketext/t/09_compile.t
new file mode 100644
index 0000000..e2bbe43
--- /dev/null
+++ b/dist/Locale-Maketext/t/09_compile.t
@@ -0,0 +1,20 @@
+#!perl -T
+
+use strict;
+use warnings;
+
+use Test::More tests => 2;
+
+use Scalar::Util qw(tainted);
+use Locale::Maketext;
+
+my @ENV_values = values %ENV;
+my $tainted_value;
+do { $tainted_value = shift @ENV_values  } while(!$tainted_value || ref 
$tainted_value);
+
+ok(tainted($tainted_value), "\$tainted_value is tainted") or die('huh... %ENV 
has no entries? I don\'t know how to test taint without it');
+
+my $result = Locale::Maketext::_compile("hello [_1]", $tainted_value);
+
+pass("_compile does not hang on tainted values");
+
diff --git a/pod/perldelta.pod b/pod/perldelta.pod
index b21f253..f1663c3 100644
--- a/pod/perldelta.pod
+++ b/pod/perldelta.pod
@@ -187,6 +187,14 @@ L<[perl 
#71710]|http://rt.perl.org/rt3//Public/Bug/Display.html?id=71710>.
 
 =item *
 
+C<Locale::Maketext> has been upgraded from version 1.15 to 1.16.
+
+It fixes an infinite loop in C<Locale::Maketext::Guts::_compile()> when
+working with tainted values
+(L<CPAN RT #40727|https://rt.cpan.org/Public/Bug/Display.html?id=40727>).
+
+=item *
+
 C<NEXT> has been upgraded from version 0.64 to 0.65.
 
 =item *

--
Perl5 Master Repository

Reply via email to