diff options
author | kim <kim@pkgsrc.org> | 2021-08-20 22:06:23 +0000 |
---|---|---|
committer | kim <kim@pkgsrc.org> | 2021-08-20 22:06:23 +0000 |
commit | e89fc87079a8871f7dfd02bddd6bffd7b5fd48b2 (patch) | |
tree | 76ff5c0e4ef4888ccc037980fb9b16d1b06f01d6 /lang | |
parent | b51b5282f704e2dfdadbeef6d867e29af0d15164 (diff) | |
download | pkgsrc-e89fc87079a8871f7dfd02bddd6bffd7b5fd48b2.tar.gz |
perl5: Address CVE-2021-36770
Diffstat (limited to 'lang')
-rw-r--r-- | lang/perl5/Makefile | 4 | ||||
-rw-r--r-- | lang/perl5/distinfo | 3 | ||||
-rw-r--r-- | lang/perl5/patches/patch-cpan_Encode_Encode.pm | 34 |
3 files changed, 38 insertions, 3 deletions
diff --git a/lang/perl5/Makefile b/lang/perl5/Makefile index cc40b706bf7..8c58867f5c9 100644 --- a/lang/perl5/Makefile +++ b/lang/perl5/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.271 2021/05/29 13:04:21 rin Exp $ +# $NetBSD: Makefile,v 1.272 2021/08/20 22:06:23 kim Exp $ -PKGREVISION= 2 +PKGREVISION= 3 .include "license.mk" .include "Makefile.common" diff --git a/lang/perl5/distinfo b/lang/perl5/distinfo index bac3756ebc9..9924d0038f7 100644 --- a/lang/perl5/distinfo +++ b/lang/perl5/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.171 2021/05/29 13:04:21 rin Exp $ +$NetBSD: distinfo,v 1.172 2021/08/20 22:06:23 kim Exp $ SHA1 (perl-5.34.0.tar.xz) = d461e206a1dca5e79d39e77debf0b564f6d77d37 RMD160 (perl-5.34.0.tar.xz) = ea671a6789db48db0036f763b5068db67be951d0 @@ -8,6 +8,7 @@ SHA1 (patch-Configure) = a72983dba63f32f57418f2702b039585ba7236a7 SHA1 (patch-Makefile.SH) = 56203aea57c429a94760f039a978463b8859b0a9 SHA1 (patch-caretx.c) = b76b4175a58123fa4dfd2adf36b2207dcb6cf65a SHA1 (patch-cflags.SH) = e940e4452768ccc1bdf21d435094e7efffceb925 +SHA1 (patch-cpan_Encode_Encode.pm) = fa49f95e79825a716d4e24995e23cea59a20b7ba SHA1 (patch-cpan_ExtUtils-MakeMaker_lib_ExtUtils_MM__BeOS.pm) = 79e5aeccfa272ca5ec08bffc616d8053ae90ac51 SHA1 (patch-cpan_ExtUtils-MakeMaker_lib_ExtUtils_MM__Unix.pm) = 7b1caaea7327ebf492f8cde6b459286ecf7dd5ad SHA1 (patch-cpan_ExtUtils-MakeMaker_t_MM__BeOS.t) = 9b0e7ab85fdab4887b1754599a8879bd7d9f36cc diff --git a/lang/perl5/patches/patch-cpan_Encode_Encode.pm b/lang/perl5/patches/patch-cpan_Encode_Encode.pm new file mode 100644 index 00000000000..9e2a964dbe3 --- /dev/null +++ b/lang/perl5/patches/patch-cpan_Encode_Encode.pm @@ -0,0 +1,34 @@ +$NetBSD: patch-cpan_Encode_Encode.pm,v 1.1 2021/08/20 22:06:23 kim Exp $ + +perl5: patch Encode.pm for CVE-2021-36770 + +Without this fix, Encode::ConfigLocal can be loaded from a path relative +to the current directory, because the || operator will evaluate @INC in +scalar context, putting an integer as the only value in @INC. + +Ref: https://github.com/Perl/perl5/commit/c1a937fef07c061600a0078f4cb53fe9c2136bb9.patch + +--- cpan/Encode/Encode.pm.orig 2021-01-20 23:04:44.000000000 +0000 ++++ cpan/Encode/Encode.pm 2021-08-20 21:36:16.700846398 +0000 +@@ -7,7 +7,9 @@ use warnings; + use constant DEBUG => !!$ENV{PERL_ENCODE_DEBUG}; + our $VERSION; + BEGIN { +- $VERSION = sprintf "%d.%02d", q$Revision: 1.1 $ =~ /(\d+)/g; ++ # $VERSION = sprintf "%d.%02d", q$Revision: 1.1 $ =~ /(\d+)/g; ++ $VERSION = "3.08_01"; ++ $VERSION = eval $VERSION; + require XSLoader; + XSLoader::load( __PACKAGE__, $VERSION ); + } +@@ -65,8 +67,8 @@ require Encode::Config; + eval { + local $SIG{__DIE__}; + local $SIG{__WARN__}; +- local @INC = @INC || (); +- pop @INC if $INC[-1] eq '.'; ++ local @INC = @INC; ++ pop @INC if @INC && $INC[-1] eq '.'; + require Encode::ConfigLocal; + }; + |