diff options
| -rw-r--r-- | MANIFEST | 1 | ||||
| -rwxr-xr-x | Porting/Maintainers.pl | 2 | ||||
| -rw-r--r-- | cpan/Encode/Changes | 27 | ||||
| -rw-r--r-- | cpan/Encode/Encode.pm | 6 | ||||
| -rw-r--r-- | cpan/Encode/Encode.xs | 7 | ||||
| -rw-r--r-- | cpan/Encode/MANIFEST | 1 | ||||
| -rw-r--r-- | cpan/Encode/META.json | 4 | ||||
| -rw-r--r-- | cpan/Encode/META.yml | 4 | ||||
| -rw-r--r-- | cpan/Encode/Unicode/Unicode.xs | 11 | ||||
| -rw-r--r-- | cpan/Encode/bin/piconv | 58 | ||||
| -rw-r--r-- | cpan/Encode/encoding.pm | 11 | ||||
| -rw-r--r-- | cpan/Encode/lib/Encode/CN/HZ.pm | 8 | ||||
| -rw-r--r-- | cpan/Encode/lib/Encode/GSM0338.pm | 8 | ||||
| -rw-r--r-- | cpan/Encode/lib/Encode/Unicode/UTF7.pm | 9 | ||||
| -rw-r--r-- | cpan/Encode/t/taint.t | 15 |
15 files changed, 118 insertions, 54 deletions
@@ -779,6 +779,7 @@ cpan/Encode/t/Mod_EUCJP.pm module that t/enc_module.enc uses cpan/Encode/t/perlio.t test script cpan/Encode/t/piconv.t Test for piconv.t cpan/Encode/t/rt.pl test script +cpan/Encode/t/taint.t cpan/Encode/t/unibench.pl benchmark script cpan/Encode/t/Unicode.t test script cpan/Encode/t/utf8ref.t test script diff --git a/Porting/Maintainers.pl b/Porting/Maintainers.pl index a59477d298..eaf210d7fe 100755 --- a/Porting/Maintainers.pl +++ b/Porting/Maintainers.pl @@ -585,7 +585,7 @@ use File::Glob qw(:case); 'Encode' => { 'MAINTAINER' => 'dankogai', - 'DISTRIBUTION' => 'DANKOGAI/Encode-2.49.tar.gz', + 'DISTRIBUTION' => 'DANKOGAI/Encode-2.51.tar.gz', 'FILES' => q[cpan/Encode], 'UPSTREAM' => 'cpan', }, diff --git a/cpan/Encode/Changes b/cpan/Encode/Changes index c916db96ea..f8dd7264ee 100644 --- a/cpan/Encode/Changes +++ b/cpan/Encode/Changes @@ -1,8 +1,31 @@ # Revision history for Perl extension Encode. # -# $Id: Changes,v 2.49 2013/03/05 03:12:49 dankogai Exp dankogai $ +# $Id: Changes,v 2.51 2013/04/29 22:19:11 dankogai Exp dankogai $ # -$Revision: 2.49 $ $Date: 2013/03/05 03:12:49 $ +$Revision: 2.51 $ $Date: 2013/04/29 22:19:11 $ +! Encode.xs + Addressed: Encode.xs doesn't compile with Microsoft C compiler + https://rt.cpan.org/Public/Bug/Display.html?id=84920 +! MANIFEST + Addressed: t/taint.t missing + https://rt.cpan.org/Public/Bug/Display.html?id=84919 + +2.50 2013/04/26 18:30:46 +! Encode.xs Unicode/Unicode.xs + lib/Encode/Unicode/UTF7.pm lib/CN/HZ.pm lib/Encode/GSM0338.pm + t/taint.t + Addressed: Encode::encode and Encode::decode + gratuitously launders tainted data + Taintedness now propagates as it should. + https://rt.cpan.org/Ticket/Display.html?id=84879 +! encoding.pm + Addressed: 5.18 deprecation + https://rt.cpan.org/Ticket/Display.html?id=84709 +! bin/piconv + Applied: Update piconv documentation + https://rt.cpan.org/Ticket/Display.html?id=84695 + +2.49 2013/03/05 03:12:49 ! Encode.xs Addressed: Encoding objects leak memory if decoding fails https://github.com/dankogai/p5-encode/issues/8 diff --git a/cpan/Encode/Encode.pm b/cpan/Encode/Encode.pm index fe81119ef7..5c30031dc0 100644 --- a/cpan/Encode/Encode.pm +++ b/cpan/Encode/Encode.pm @@ -1,10 +1,10 @@ # -# $Id: Encode.pm,v 2.49 2013/03/05 03:13:47 dankogai Exp dankogai $ +# $Id: Encode.pm,v 2.51 2013/04/29 22:19:11 dankogai Exp dankogai $ # package Encode; use strict; use warnings; -our $VERSION = sprintf "%d.%02d", q$Revision: 2.49 $ =~ /(\d+)/g; +our $VERSION = sprintf "%d.%02d", q$Revision: 2.51 $ =~ /(\d+)/g; use constant DEBUG => !!$ENV{PERL_ENCODE_DEBUG}; use XSLoader (); XSLoader::load( __PACKAGE__, $VERSION ); @@ -1021,7 +1021,7 @@ who submitted code to the project. =head1 COPYRIGHT -Copyright 2002-2012 Dan Kogai I<< <dankogai@cpan.org> >>. +Copyright 2002-2013 Dan Kogai I<< <dankogai@cpan.org> >>. This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself. diff --git a/cpan/Encode/Encode.xs b/cpan/Encode/Encode.xs index f99da10157..25b0b831bc 100644 --- a/cpan/Encode/Encode.xs +++ b/cpan/Encode/Encode.xs @@ -1,5 +1,5 @@ /* - $Id: Encode.xs,v 2.21 2013/03/05 03:12:49 dankogai Exp dankogai $ + $Id: Encode.xs,v 2.23 2013/04/29 22:19:11 dankogai Exp dankogai $ */ #define PERL_NO_GET_CONTEXT @@ -101,7 +101,6 @@ encode_method(pTHX_ const encode_t * enc, const encpage_t * dir, SV * src, STRLEN tlen = slen; STRLEN ddone = 0; STRLEN sdone = 0; - /* We allocate slen+1. PerlIO dumps core if this value is smaller than this. */ SV *dst = sv_2mortal(newSV(slen+1)); @@ -111,6 +110,8 @@ encode_method(pTHX_ const encode_t * enc, const encpage_t * dir, SV * src, STRLEN trmlen = 0; U8 *trm = term ? (U8*) SvPV(term, trmlen) : NULL; + if (SvTAINTED(src)) SvTAINTED_on(dst); /* propagate taintedness */ + if (offset) { s += *offset; if (slen > *offset){ /* safeguard against slen overflow */ @@ -482,6 +483,7 @@ CODE: SvCUR_set(src, slen); } SvUTF8_on(dst); + if (SvTAINTED(src)) SvTAINTED_on(dst); /* propagate taintedness */ ST(0) = dst; XSRETURN(1); } @@ -543,6 +545,7 @@ CODE: } SvPOK_only(dst); SvUTF8_off(dst); + if (SvTAINTED(src)) SvTAINTED_on(dst); /* propagate taintedness */ ST(0) = dst; XSRETURN(1); } diff --git a/cpan/Encode/MANIFEST b/cpan/Encode/MANIFEST index 830cebcc6b..be51afdcd3 100644 --- a/cpan/Encode/MANIFEST +++ b/cpan/Encode/MANIFEST @@ -96,6 +96,7 @@ t/mime_header_iso2022jp.t test script t/perlio.t test script t/piconv.t test script t/rt.pl even more test script +t/taint.t test script t/unibench.pl benchmark script t/utf8ref.t test script t/utf8strict.t test script diff --git a/cpan/Encode/META.json b/cpan/Encode/META.json index 4895bda5b2..60e2b60b50 100644 --- a/cpan/Encode/META.json +++ b/cpan/Encode/META.json @@ -4,7 +4,7 @@ "unknown" ], "dynamic_config" : 1, - "generated_by" : "ExtUtils::MakeMaker version 6.64, CPAN::Meta::Converter version 2.120921", + "generated_by" : "ExtUtils::MakeMaker version 6.66, CPAN::Meta::Converter version 2.130880", "license" : [ "perl_5" ], @@ -35,5 +35,5 @@ } }, "release_status" : "stable", - "version" : "2.49" + "version" : "2.51" } diff --git a/cpan/Encode/META.yml b/cpan/Encode/META.yml index 398a230678..84a426dd3f 100644 --- a/cpan/Encode/META.yml +++ b/cpan/Encode/META.yml @@ -7,7 +7,7 @@ build_requires: configure_requires: ExtUtils::MakeMaker: 0 dynamic_config: 1 -generated_by: 'ExtUtils::MakeMaker version 6.64, CPAN::Meta::Converter version 2.120921' +generated_by: 'ExtUtils::MakeMaker version 6.66, CPAN::Meta::Converter version 2.130880' license: perl meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.4.html @@ -18,4 +18,4 @@ no_index: - t - inc requires: {} -version: 2.49 +version: 2.51 diff --git a/cpan/Encode/Unicode/Unicode.xs b/cpan/Encode/Unicode/Unicode.xs index 026f8fb1ca..4abbf72e3c 100644 --- a/cpan/Encode/Unicode/Unicode.xs +++ b/cpan/Encode/Unicode/Unicode.xs @@ -1,5 +1,5 @@ /* - $Id: Unicode.xs,v 2.9 2012/08/05 23:08:49 dankogai Exp $ + $Id: Unicode.xs,v 2.10 2013/04/26 18:30:46 dankogai Exp $ */ #define PERL_NO_GET_CONTEXT @@ -299,9 +299,8 @@ CODE: *SvEND(str) = '\0'; } - if (!temp_result) - shrink_buffer(result); - + if (!temp_result) shrink_buffer(result); + if (SvTAINTED(str)) SvTAINTED_on(result); /* propagate taintedness */ XSRETURN(1); } @@ -400,8 +399,8 @@ CODE: *SvEND(utf8) = '\0'; } - if (!temp_result) - shrink_buffer(result); + if (!temp_result) shrink_buffer(result); + if (SvTAINTED(utf8)) SvTAINTED_on(result); /* propagate taintedness */ SvSETMAGIC(utf8); diff --git a/cpan/Encode/bin/piconv b/cpan/Encode/bin/piconv index 9fdebd193c..74adca4bc7 100644 --- a/cpan/Encode/bin/piconv +++ b/cpan/Encode/bin/piconv @@ -1,5 +1,5 @@ #!./perl -# $Id: piconv,v 2.4 2009/07/08 13:34:15 dankogai Exp $ +# $Id: piconv,v 2.5 2013/04/26 18:30:46 dankogai Exp $ # use 5.8.0; use strict; @@ -147,9 +147,13 @@ sub help { my $message = shift; $message and print STDERR "$name error: $message\n"; print STDERR <<"EOT"; -$name [-f from_encoding] [-t to_encoding] [-s string] [files...] +$name [-f from_encoding] [-t to_encoding] + [-p|--perlqq|--htmlcref|--xmlcref] [-C N|-c] [-D] [-S scheme] + [-s string|file...] $name -l $name -r encoding_alias +$name -h +Common options: -l,--list lists all available encodings -r,--resolve encoding_alias @@ -161,13 +165,17 @@ $name -r encoding_alias -s,--string string "string" will be the input instead of STDIN or files The following are mainly of interest to Encode hackers: - -D,--debug show debug information -C N | -c check the validity of the input + -D,--debug show debug information -S,--scheme scheme use the scheme for conversion -Those are handy when you can only see ascii characters: - -p,--perlqq - --htmlcref - --xmlcref +Those are handy when you can only see ASCII characters: + -p,--perlqq transliterate characters missing in encoding to \x{HHHH} + where HHHH is the hexadecimal Unicode code point + --htmlcref transliterate characters missing in encoding to &#NNN; + where NNN is the decimal Unicode code point + --xmlcref transliterate characters missing in encoding to &#xHHHH; + where HHHH is the hexadecimal Unicode code point + EOT exit; } @@ -180,12 +188,11 @@ piconv -- iconv(1), reinvented in perl =head1 SYNOPSIS - piconv [-f from_encoding] [-t to_encoding] [-s string] [files...] + piconv [-f from_encoding] [-t to_encoding] + [-p|--perlqq|--htmlcref|--xmlcref] [-C N|-c] [-D] [-S scheme] + [-s string|file...] piconv -l - piconv [-C N|-c|-p] - piconv -S scheme ... - piconv -r encoding - piconv -D ... + piconv -r encoding_alias piconv -h =head1 DESCRIPTION @@ -198,17 +205,17 @@ place of iconv for virtually any case. piconv converts the character encoding of either STDIN or files specified in the argument and prints out to STDOUT. -Here is the list of options. Each option can be in short format (-f) -or long (--from). +Here is the list of options. Some options can be in short format (-f) +or long (--from) one. =over 4 -=item -f,--from from_encoding +=item -f,--from I<from_encoding> Specifies the encoding you are converting from. Unlike B<iconv>, this option can be omitted. In such cases, the current locale is used. -=item -t,--to to_encoding +=item -t,--to I<to_encoding> Specifies the encoding you are converting to. Unlike B<iconv>, this option can be omitted. In such cases, the current locale is used. @@ -229,6 +236,10 @@ and common aliases work, such as "latin1" for "ISO-8859-1", or "ibm850" instead of "cp850", or "winlatin1" for "cp1252". See L<Encode::Supported> for a full discussion. +=item -r,--resolve I<encoding_alias> + +Resolve I<encoding_alias> to Encode canonical encoding name. + =item -C,--check I<N> Check the validity of the stream if I<N> = 1. When I<N> = -1, something @@ -240,15 +251,18 @@ Same as C<-C 1>. =item -p,--perlqq -=item --htmlcref +Transliterate characters missing in encoding to \x{HHHH} where HHHH is the +hexadecimal Unicode code point. -=item --xmlcref +=item --htmlcref -Applies PERLQQ, HTMLCREF, XMLCREF, respectively. Try +Transliterate characters missing in encoding to &#NNN; where NNN is the +decimal Unicode code point. - piconv -f utf8 -t ascii --perlqq +=item --xmlcref -To see what it does. +Transliterate characters missing in encoding to &#xHHHH; where HHHH is the +hexadecimal Unicode code point. =item -h,--help @@ -258,7 +272,7 @@ Show usage. Invokes debugging mode. Primarily for Encode hackers. -=item -S,--scheme scheme +=item -S,--scheme I<scheme> Selects which scheme is to be used for conversion. Available schemes are as follows: diff --git a/cpan/Encode/encoding.pm b/cpan/Encode/encoding.pm index 2783c9f7e6..c0bff08873 100644 --- a/cpan/Encode/encoding.pm +++ b/cpan/Encode/encoding.pm @@ -1,6 +1,6 @@ -# $Id: encoding.pm,v 2.11 2013/02/18 02:23:56 dankogai Exp $ +# $Id: encoding.pm,v 2.12 2013/04/26 18:30:46 dankogai Exp $ package encoding; -our $VERSION = '2.6_01'; +our $VERSION = sprintf "%d.%02d", q$Revision: 2.12 $ =~ /(\d+)/g; use Encode; use strict; @@ -213,6 +213,13 @@ This module is deprecated under perl 5.18. It uses a mechanism provided by perl that is deprecated under 5.18 and higher, and may be removed in a future version. +The easiest and the best alternative is to write your script in UTF-8 +and declear: + + use utf8; # not use encoding ':utf8'; + +See L<perluniintro> and L<utf8> for details. + =head1 SYNOPSIS use encoding "greek"; # Perl like Greek to you? diff --git a/cpan/Encode/lib/Encode/CN/HZ.pm b/cpan/Encode/lib/Encode/CN/HZ.pm index 98c16a9053..7a93e2599a 100644 --- a/cpan/Encode/lib/Encode/CN/HZ.pm +++ b/cpan/Encode/lib/Encode/CN/HZ.pm @@ -5,7 +5,7 @@ use warnings; use utf8 (); use vars qw($VERSION); -$VERSION = do { my @r = ( q$Revision: 2.5 $ =~ /\d+/g ); sprintf "%d." . "%02d" x $#r, @r }; +$VERSION = do { my @r = ( q$Revision: 2.6 $ =~ /\d+/g ); sprintf "%d." . "%02d" x $#r, @r }; use Encode qw(:fallbacks); @@ -23,7 +23,7 @@ sub decode ($$;$) { my ( $obj, $str, $chk ) = @_; my $GB = Encode::find_encoding('gb2312-raw'); - my $ret = ''; + my $ret = substr($str, 0, 0); # to propagate taintedness my $in_ascii = 1; # default mode is ASCII. while ( length $str ) { @@ -133,10 +133,10 @@ sub cat_decode { } sub encode($$;$) { - my ( $obj, $str, $chk ) = @_; + my ( $obj, $str, $chk ) = @_; my $GB = Encode::find_encoding('gb2312-raw'); - my $ret = ''; + my $ret = substr($str, 0, 0); # to propagate taintedness; my $in_ascii = 1; # default mode is ASCII. no warnings 'utf8'; # $str may be malformed UTF8 at the end of a chunk. diff --git a/cpan/Encode/lib/Encode/GSM0338.pm b/cpan/Encode/lib/Encode/GSM0338.pm index aeff637978..e1a11bd96a 100644 --- a/cpan/Encode/lib/Encode/GSM0338.pm +++ b/cpan/Encode/lib/Encode/GSM0338.pm @@ -1,5 +1,5 @@ # -# $Id: GSM0338.pm,v 2.2 2012/08/15 05:36:16 dankogai Exp $ +# $Id: GSM0338.pm,v 2.3 2013/04/26 18:30:46 dankogai Exp $ # package Encode::GSM0338; @@ -8,7 +8,7 @@ use warnings; use Carp; use vars qw($VERSION); -$VERSION = do { my @r = ( q$Revision: 2.2 $ =~ /\d+/g ); sprintf "%d." . "%02d" x $#r, @r }; +$VERSION = do { my @r = ( q$Revision: 2.3 $ =~ /\d+/g ); sprintf "%d." . "%02d" x $#r, @r }; use Encode qw(:fallbacks); @@ -171,7 +171,7 @@ our $NBSP = "\x{00A0}"; sub decode ($$;$) { my ( $obj, $bytes, $chk ) = @_; - my $str; + my $str = substr($bytes, 0, 0); # to propagate taintedness; while ( length $bytes ) { my $c = substr( $bytes, 0, 1, '' ); my $u; @@ -216,7 +216,7 @@ sub decode ($$;$) { sub encode($$;$) { my ( $obj, $str, $chk ) = @_; - my $bytes; + my $bytes = substr($str, 0, 0); # to propagate taintedness while ( length $str ) { my $u = substr( $str, 0, 1, '' ); my $c; diff --git a/cpan/Encode/lib/Encode/Unicode/UTF7.pm b/cpan/Encode/lib/Encode/Unicode/UTF7.pm index ea9257b47b..0b22dbe66c 100644 --- a/cpan/Encode/lib/Encode/Unicode/UTF7.pm +++ b/cpan/Encode/lib/Encode/Unicode/UTF7.pm @@ -1,5 +1,5 @@ # -# $Id: UTF7.pm,v 2.6 2012/08/05 23:08:49 dankogai Exp $ +# $Id: UTF7.pm,v 2.7 2013/04/26 18:30:46 dankogai Exp $ # package Encode::Unicode::UTF7; use strict; @@ -7,7 +7,7 @@ use warnings; no warnings 'redefine'; use base qw(Encode::Encoding); __PACKAGE__->Define('UTF-7'); -our $VERSION = do { my @r = ( q$Revision: 2.6 $ =~ /\d+/g ); sprintf "%d." . "%02d" x $#r, @r }; +our $VERSION = do { my @r = ( q$Revision: 2.7 $ =~ /\d+/g ); sprintf "%d." . "%02d" x $#r, @r }; use MIME::Base64; use Encode; @@ -32,7 +32,7 @@ sub encode($$;$) { my ( $obj, $str, $chk ) = @_; my $len = length($str); pos($str) = 0; - my $bytes = ''; + my $bytes = substr($str, 0, 0); # to propagate taintedness while ( pos($str) < $len ) { if ( $str =~ /\G($re_asis+)/ogc ) { my $octets = $1; @@ -59,9 +59,10 @@ sub encode($$;$) { } sub decode($$;$) { + use re 'taint'; my ( $obj, $bytes, $chk ) = @_; my $len = length($bytes); - my $str = ""; + my $str = substr($bytes, 0, 0); # to propagate taintedness; pos($bytes) = 0; no warnings 'uninitialized'; while ( pos($bytes) < $len ) { diff --git a/cpan/Encode/t/taint.t b/cpan/Encode/t/taint.t new file mode 100644 index 0000000000..ade8b07c93 --- /dev/null +++ b/cpan/Encode/t/taint.t @@ -0,0 +1,15 @@ +#!/usr/bin/perl -T +use strict; +use Encode qw(encode decode); +use Scalar::Util qw(tainted); +use Test::More; + +my $str = "abc" . substr($ENV{PATH},0,0); # tainted string +my @names = Encode->encodings(':all'); +plan tests => 2 * @names; +for my $name (@names){ + my $e = encode($name, $str); + ok tainted($e), "encode $name"; + my $d = decode($name, $e); + ok tainted($d), "decode $name"; +} |