aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/perl/files/CVE-2021-36770.patch
blob: 1ef548b305f2b606ae1ae2287f9b9bfe04e39c43 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
Backport patch to fix CVE-2021-36770. And drop the section of code which
updates version.

Upstream-Status: Backport [https://github.com/Perl/perl5/commit/c1a937f]
CVE: CVE-2021-36770

Signed-off-by: Kai Kang <kai.kang@windriver.com>

From c1a937fef07c061600a0078f4cb53fe9c2136bb9 Mon Sep 17 00:00:00 2001
From: Ricardo Signes <rjbs@semiotic.systems>
Date: Mon, 9 Aug 2021 08:14:05 -0400
Subject: [PATCH] Encode.pm: apply a local patch for CVE-2021-36770

I expect Encode to see a new release today.

Without this fix, Encode::ConfigLocal can be loaded from a path relative
to the current directory, because the || operator will evaluate @INC in
scalar context, putting an integer as the only value in @INC.
---
 cpan/Encode/Encode.pm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cpan/Encode/Encode.pm b/cpan/Encode/Encode.pm
index a56a99947f..b96a850416 100644
--- a/cpan/Encode/Encode.pm
+++ b/cpan/Encode/Encode.pm
@@ -65,8 +66,8 @@ require Encode::Config;
 eval {
     local $SIG{__DIE__};
     local $SIG{__WARN__};
-    local @INC = @INC || ();
-    pop @INC if $INC[-1] eq '.';
+    local @INC = @INC;
+    pop @INC if @INC && $INC[-1] eq '.';
     require Encode::ConfigLocal;
 };
 
-- 
2.33.0