[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[groff] 04/04: ChangeLog: Add entry for Savannah #55557 fix.
From: |
G. Branden Robinson |
Subject: |
[groff] 04/04: ChangeLog: Add entry for Savannah #55557 fix. |
Date: |
Tue, 5 Jan 2021 22:15:58 -0500 (EST) |
gbranden pushed a commit to branch master
in repository groff.
commit bd37e19c1a69b553072c153dbae58ec6ff214297
Author: G. Branden Robinson <g.branden.robinson@gmail.com>
AuthorDate: Wed Jan 6 13:58:20 2021 +1100
ChangeLog: Add entry for Savannah #55557 fix.
Fixes <https://savannah.gnu.org/bugs/?55557>.
---
ChangeLog | 30 ++++++++++++++++++++++++++++++
1 file changed, 30 insertions(+)
diff --git a/ChangeLog b/ChangeLog
index 1654a14..294ab0b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,33 @@
+2021-01-06 Colin Watson <cjwatson@debian.org>
+
+ * contrib/glilypond/glilypond.pl:
+ * contrib/gperl/gperl.pl:
+ * contrib/gpinyin/gpinyin.pl:
+ * tmac/hyphenex.pl: Avoid Perl's unsafe "<>" operator.
+
+ The "<>" operator is implemented using the two-argument form of
+ "open", which interprets magic such as pipe characters, allowing
+ execution of arbitrary commands which is unlikely to be
+ expected. Perl >= 5.22 has a "<<>>" operator which avoids this,
+ but also forbids the use of "-" to mean the standard input,
+ which is a facility that the affected groff programs document.
+
+ ARGV::readonly would probably also fix this, but I fundamentally
+ dislike the approach of escaping data in preparation for a
+ language facility to unescape it, especially when the required
+ escaping is as non-obvious as it is here. (For the same reason,
+ I prefer to use subprocess invocation facilities that allow
+ passing the argument list as a list rather than as a string to
+ be interpreted by the shell.) So I've abandoned this dubious
+ convenience and changed the affected programs to iterate over
+ command-line arguments manually using the three-argument form of
+ open.
+
+ glilypond doesn't need the initial unshift since that's already
+ handled in contrib/glilypond/args.pl.
+
+ Fixes <https://savannah.gnu.org/bugs/?55557>.
+
2021-01-06 G. Branden Robinson <g.branden.robinson@gmail.com>
* tmac/s.tmac: Set footnote line length in multi-column
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [groff] 04/04: ChangeLog: Add entry for Savannah #55557 fix.,
G. Branden Robinson <=