pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/lang/perl5 perl5: Address CVE-2021-36770
details: https://anonhg.NetBSD.org/pkgsrc/rev/05fa49ed91a9
branches: trunk
changeset: 457197:05fa49ed91a9
user: kim <kim%pkgsrc.org@localhost>
date: Fri Aug 20 22:06:23 2021 +0000
description:
perl5: Address CVE-2021-36770
diffstat:
lang/perl5/Makefile | 4 +-
lang/perl5/distinfo | 3 +-
lang/perl5/patches/patch-cpan_Encode_Encode.pm | 34 ++++++++++++++++++++++++++
3 files changed, 38 insertions(+), 3 deletions(-)
diffs (67 lines):
diff -r 206f57c7eca1 -r 05fa49ed91a9 lang/perl5/Makefile
--- a/lang/perl5/Makefile Fri Aug 20 18:08:31 2021 +0000
+++ b/lang/perl5/Makefile Fri Aug 20 22:06:23 2021 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.271 2021/05/29 13:04:21 rin Exp $
+# $NetBSD: Makefile,v 1.272 2021/08/20 22:06:23 kim Exp $
-PKGREVISION= 2
+PKGREVISION= 3
.include "license.mk"
.include "Makefile.common"
diff -r 206f57c7eca1 -r 05fa49ed91a9 lang/perl5/distinfo
--- a/lang/perl5/distinfo Fri Aug 20 18:08:31 2021 +0000
+++ b/lang/perl5/distinfo Fri Aug 20 22:06:23 2021 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.171 2021/05/29 13:04:21 rin Exp $
+$NetBSD: distinfo,v 1.172 2021/08/20 22:06:23 kim Exp $
SHA1 (perl-5.34.0.tar.xz) = d461e206a1dca5e79d39e77debf0b564f6d77d37
RMD160 (perl-5.34.0.tar.xz) = ea671a6789db48db0036f763b5068db67be951d0
@@ -8,6 +8,7 @@
SHA1 (patch-Makefile.SH) = 56203aea57c429a94760f039a978463b8859b0a9
SHA1 (patch-caretx.c) = b76b4175a58123fa4dfd2adf36b2207dcb6cf65a
SHA1 (patch-cflags.SH) = e940e4452768ccc1bdf21d435094e7efffceb925
+SHA1 (patch-cpan_Encode_Encode.pm) = fa49f95e79825a716d4e24995e23cea59a20b7ba
SHA1 (patch-cpan_ExtUtils-MakeMaker_lib_ExtUtils_MM__BeOS.pm) = 79e5aeccfa272ca5ec08bffc616d8053ae90ac51
SHA1 (patch-cpan_ExtUtils-MakeMaker_lib_ExtUtils_MM__Unix.pm) = 7b1caaea7327ebf492f8cde6b459286ecf7dd5ad
SHA1 (patch-cpan_ExtUtils-MakeMaker_t_MM__BeOS.t) = 9b0e7ab85fdab4887b1754599a8879bd7d9f36cc
diff -r 206f57c7eca1 -r 05fa49ed91a9 lang/perl5/patches/patch-cpan_Encode_Encode.pm
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/perl5/patches/patch-cpan_Encode_Encode.pm Fri Aug 20 22:06:23 2021 +0000
@@ -0,0 +1,34 @@
+$NetBSD: patch-cpan_Encode_Encode.pm,v 1.1 2021/08/20 22:06:23 kim Exp $
+
+perl5: patch Encode.pm for CVE-2021-36770
+
+Without this fix, Encode::ConfigLocal can be loaded from a path relative
+to the current directory, because the || operator will evaluate @INC in
+scalar context, putting an integer as the only value in @INC.
+
+Ref: https://github.com/Perl/perl5/commit/c1a937fef07c061600a0078f4cb53fe9c2136bb9.patch
+
+--- cpan/Encode/Encode.pm.orig 2021-01-20 23:04:44.000000000 +0000
++++ cpan/Encode/Encode.pm 2021-08-20 21:36:16.700846398 +0000
+@@ -7,7 +7,9 @@ use warnings;
+ use constant DEBUG => !!$ENV{PERL_ENCODE_DEBUG};
+ our $VERSION;
+ BEGIN {
+- $VERSION = sprintf "%d.%02d", q$Revision: 1.1 $ =~ /(\d+)/g;
++ # $VERSION = sprintf "%d.%02d", q$Revision: 1.1 $ =~ /(\d+)/g;
++ $VERSION = "3.08_01";
++ $VERSION = eval $VERSION;
+ require XSLoader;
+ XSLoader::load( __PACKAGE__, $VERSION );
+ }
+@@ -65,8 +67,8 @@ require Encode::Config;
+ eval {
+ local $SIG{__DIE__};
+ local $SIG{__WARN__};
+- local @INC = @INC || ();
+- pop @INC if $INC[-1] eq '.';
++ local @INC = @INC;
++ pop @INC if @INC && $INC[-1] eq '.';
+ require Encode::ConfigLocal;
+ };
+
Home |
Main Index |
Thread Index |
Old Index