Fix CVE-2021-22204: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22204 Patch extracted from commit cf0f4e7dcd024ca99615bfd1102a841a25dde031 from upstream source repository: https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800 diff --git a/lib/Image/ExifTool/DjVu.pm b/lib/Image/ExifTool/DjVu.pm index c284d10..03b3f9f 100644 --- a/lib/Image/ExifTool/DjVu.pm +++ b/lib/Image/ExifTool/DjVu.pm @@ -18,7 +18,7 @@ use strict; use vars qw($VERSION); use Image::ExifTool qw(:DataAccess :Utils); -$VERSION = '1.06'; +$VERSION = '1.07'; sub ParseAnt($); sub ProcessAnt($$$); @@ -227,10 +227,11 @@ Tok: for (;;) { last unless $tok =~ /(\\+)$/ and length($1) & 0x01; $tok .= '"'; # quote is part of the string } - # must protect unescaped "$" and "@" symbols, and "\" at end of string - $tok =~ s{\\(.)|([\$\@]|\\$)}{'\\'.($2 || $1)}sge; - # convert C escape sequences (allowed in quoted text) - $tok = eval qq{"$tok"}; + # convert C escape sequences, allowed in quoted text + # (note: this only converts a few of them!) + my %esc = ( a => "\a", b => "\b", f => "\f", n => "\n", + r => "\r", t => "\t", '"' => '"', '\\' => '\\' ); + $tok =~ s/\\(.)/$esc{$1}||'\\'.$1/egs; } else { # key name pos($$dataPt) = pos($$dataPt) - 1; # allow anything in key but whitespace, braces and double quotes 74e7b1971c9795ab6365b8e80e5140ceba9e5'/>
path: root/gnu/packages/rdf.scm
AgeCommit message (Expand)Author
2022-05-31gnu: Remove python2-rdflib....* gnu/packages/rdf.scm (python2-rdflib): Delete variable. Maxim Cournoyer
2022-05-31gnu: Add python-pyrdfa3....* gnu/packages/rdf.scm (python-pyrdfa3): New variable. Maxim Cournoyer
2022-05-12gnu: python-sparqlwrapper: Update to 2.0.0....* gnu/packages/rdf.scm (python-sparqlwrapper): Update to 2.0.0. [source]: Adjust Git URI. Maxim Cournoyer