| Backport patch to fix CVE-2021-36770. And drop the section of code which |
| updates version. |
| |
| Upstream-Status: Backport [https://github.com/Perl/perl5/commit/c1a937f] |
| CVE: CVE-2021-36770 |
| |
| Signed-off-by: Kai Kang <kai.kang@windriver.com> |
| |
| From c1a937fef07c061600a0078f4cb53fe9c2136bb9 Mon Sep 17 00:00:00 2001 |
| From: Ricardo Signes <rjbs@semiotic.systems> |
| Date: Mon, 9 Aug 2021 08:14:05 -0400 |
| Subject: [PATCH] Encode.pm: apply a local patch for CVE-2021-36770 |
| |
| I expect Encode to see a new release today. |
| |
| Without this fix, Encode::ConfigLocal can be loaded from a path relative |
| to the current directory, because the || operator will evaluate @INC in |
| scalar context, putting an integer as the only value in @INC. |
| --- |
| cpan/Encode/Encode.pm | 4 ++-- |
| 1 file changed, 2 insertions(+), 2 deletions(-) |
| |
| diff --git a/cpan/Encode/Encode.pm b/cpan/Encode/Encode.pm |
| index a56a99947f..b96a850416 100644 |
| --- a/cpan/Encode/Encode.pm |
| +++ b/cpan/Encode/Encode.pm |
| @@ -65,8 +66,8 @@ require Encode::Config; |
| eval { |
| local $SIG{__DIE__}; |
| local $SIG{__WARN__}; |
| - local @INC = @INC || (); |
| - pop @INC if $INC[-1] eq '.'; |
| + local @INC = @INC; |
| + pop @INC if @INC && $INC[-1] eq '.'; |
| require Encode::ConfigLocal; |
| }; |
| |
| -- |
| 2.33.0 |
| |