From 9bf379e9fbbd669cfbf61adc6b833a9bbe023238 Mon Sep 17 00:00:00 2001
From: Ezio Melotti <ezio.melotti@gmail.com>
Date: Fri, 9 Nov 2012 11:46:19 +0100
Subject: #13301: use ast.literal_eval() instead of eval() in
 Tools/i18n/msgfmt.py.  Patch by Serhiy Storchaka.

---
 Misc/NEWS            | 6 ++++++
 Tools/i18n/msgfmt.py | 6 +++---
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/Misc/NEWS b/Misc/NEWS
index 6901bec..6cfa567 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -682,6 +682,12 @@ Build
 
 - Issue #14018: Fix OS X Tcl/Tk framework checking when using OS X SDKs.
 
+Tools/Demos
+-----------
+
+- Issue #13301: use ast.literal_eval() instead of eval() in Tools/i18n/msgfmt.py
+  Patch by Serhiy Storchaka.
+
 Documentation
 -------------
 
diff --git a/Tools/i18n/msgfmt.py b/Tools/i18n/msgfmt.py
index a554442..7b3a81f 100755
--- a/Tools/i18n/msgfmt.py
+++ b/Tools/i18n/msgfmt.py
@@ -24,8 +24,9 @@ Options:
         Display version information and exit.
 """
 
-import sys
 import os
+import sys
+import ast
 import getopt
 import struct
 import array
@@ -180,8 +181,7 @@ def make(filename, outfile):
         l = l.strip()
         if not l:
             continue
-        # XXX: Does this always follow Python escape semantics?
-        l = eval(l)
+        l = ast.literal_eval(l)
         if section == ID:
             msgid += l.encode(encoding)
         elif section == STR:
-- 
cgit v0.12