#13301: use ast.literal_eval() instead of eval() in Tools/i18n/msgfmt.py. Patch...

diff --git a/Misc/NEWS b/Misc/NEWS
index 6901beccf550ad7d0adf044083d7387b0a5b8641..6cfa567db47f042520f6cbf7e9ffeb2f8c9d516e 100644 (file)
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -682,6 +682,12 @@ Build
 
 - Issue #14018: Fix OS X Tcl/Tk framework checking when using OS X SDKs.
 
+Tools/Demos
+-----------
+
+- Issue #13301: use ast.literal_eval() instead of eval() in Tools/i18n/msgfmt.py
+  Patch by Serhiy Storchaka.
+
 Documentation
 -------------
 

diff --git a/Tools/i18n/msgfmt.py b/Tools/i18n/msgfmt.py
index a5544424e2437c4c64e08643ba8dd732e2198b5e..7b3a81ff93ac39945ccf49a11c528fa0a3eba773 100755 (executable)
--- a/Tools/i18n/msgfmt.py
+++ b/Tools/i18n/msgfmt.py
@@ -24,8 +24,9 @@ Options:
         Display version information and exit.
 """
 
-import sys
 import os
+import sys
+import ast
 import getopt
 import struct
 import array
@@ -180,8 +181,7 @@ def make(filename, outfile):
         l = l.strip()
         if not l:
             continue
-        # XXX: Does this always follow Python escape semantics?
-        l = eval(l)
+        l = ast.literal_eval(l)
         if section == ID:
             msgid += l.encode(encoding)
         elif section == STR: