pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/lang/perl5
Module Name: pkgsrc
Committed By: kim
Date: Fri Aug 20 22:06:23 UTC 2021
Modified Files:
pkgsrc/lang/perl5: Makefile distinfo
Added Files:
pkgsrc/lang/perl5/patches: patch-cpan_Encode_Encode.pm
Log Message:
perl5: Address CVE-2021-36770
To generate a diff of this commit:
cvs rdiff -u -r1.271 -r1.272 pkgsrc/lang/perl5/Makefile
cvs rdiff -u -r1.171 -r1.172 pkgsrc/lang/perl5/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/lang/perl5/patches/patch-cpan_Encode_Encode.pm
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/lang/perl5/Makefile
diff -u pkgsrc/lang/perl5/Makefile:1.271 pkgsrc/lang/perl5/Makefile:1.272
--- pkgsrc/lang/perl5/Makefile:1.271 Sat May 29 13:04:21 2021
+++ pkgsrc/lang/perl5/Makefile Fri Aug 20 22:06:23 2021
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.271 2021/05/29 13:04:21 rin Exp $
+# $NetBSD: Makefile,v 1.272 2021/08/20 22:06:23 kim Exp $
-PKGREVISION= 2
+PKGREVISION= 3
.include "license.mk"
.include "Makefile.common"
Index: pkgsrc/lang/perl5/distinfo
diff -u pkgsrc/lang/perl5/distinfo:1.171 pkgsrc/lang/perl5/distinfo:1.172
--- pkgsrc/lang/perl5/distinfo:1.171 Sat May 29 13:04:21 2021
+++ pkgsrc/lang/perl5/distinfo Fri Aug 20 22:06:23 2021
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.171 2021/05/29 13:04:21 rin Exp $
+$NetBSD: distinfo,v 1.172 2021/08/20 22:06:23 kim Exp $
SHA1 (perl-5.34.0.tar.xz) = d461e206a1dca5e79d39e77debf0b564f6d77d37
RMD160 (perl-5.34.0.tar.xz) = ea671a6789db48db0036f763b5068db67be951d0
@@ -8,6 +8,7 @@ SHA1 (patch-Configure) = a72983dba63f32f
SHA1 (patch-Makefile.SH) = 56203aea57c429a94760f039a978463b8859b0a9
SHA1 (patch-caretx.c) = b76b4175a58123fa4dfd2adf36b2207dcb6cf65a
SHA1 (patch-cflags.SH) = e940e4452768ccc1bdf21d435094e7efffceb925
+SHA1 (patch-cpan_Encode_Encode.pm) = fa49f95e79825a716d4e24995e23cea59a20b7ba
SHA1 (patch-cpan_ExtUtils-MakeMaker_lib_ExtUtils_MM__BeOS.pm) = 79e5aeccfa272ca5ec08bffc616d8053ae90ac51
SHA1 (patch-cpan_ExtUtils-MakeMaker_lib_ExtUtils_MM__Unix.pm) = 7b1caaea7327ebf492f8cde6b459286ecf7dd5ad
SHA1 (patch-cpan_ExtUtils-MakeMaker_t_MM__BeOS.t) = 9b0e7ab85fdab4887b1754599a8879bd7d9f36cc
Added files:
Index: pkgsrc/lang/perl5/patches/patch-cpan_Encode_Encode.pm
diff -u /dev/null pkgsrc/lang/perl5/patches/patch-cpan_Encode_Encode.pm:1.1
--- /dev/null Fri Aug 20 22:06:23 2021
+++ pkgsrc/lang/perl5/patches/patch-cpan_Encode_Encode.pm Fri Aug 20 22:06:23 2021
@@ -0,0 +1,34 @@
+$NetBSD: patch-cpan_Encode_Encode.pm,v 1.1 2021/08/20 22:06:23 kim Exp $
+
+perl5: patch Encode.pm for CVE-2021-36770
+
+Without this fix, Encode::ConfigLocal can be loaded from a path relative
+to the current directory, because the || operator will evaluate @INC in
+scalar context, putting an integer as the only value in @INC.
+
+Ref: https://github.com/Perl/perl5/commit/c1a937fef07c061600a0078f4cb53fe9c2136bb9.patch
+
+--- cpan/Encode/Encode.pm.orig 2021-01-20 23:04:44.000000000 +0000
++++ cpan/Encode/Encode.pm 2021-08-20 21:36:16.700846398 +0000
+@@ -7,7 +7,9 @@ use warnings;
+ use constant DEBUG => !!$ENV{PERL_ENCODE_DEBUG};
+ our $VERSION;
+ BEGIN {
+- $VERSION = sprintf "%d.%02d", q$Revision: 1.1 $ =~ /(\d+)/g;
++ # $VERSION = sprintf "%d.%02d", q$Revision: 1.1 $ =~ /(\d+)/g;
++ $VERSION = "3.08_01";
++ $VERSION = eval $VERSION;
+ require XSLoader;
+ XSLoader::load( __PACKAGE__, $VERSION );
+ }
+@@ -65,8 +67,8 @@ require Encode::Config;
+ eval {
+ local $SIG{__DIE__};
+ local $SIG{__WARN__};
+- local @INC = @INC || ();
+- pop @INC if $INC[-1] eq '.';
++ local @INC = @INC;
++ pop @INC if @INC && $INC[-1] eq '.';
+ require Encode::ConfigLocal;
+ };
+
Home |
Main Index |
Thread Index |
Old Index