pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/lang/perl5 perl5: Address CVE-2021-36770



details:   https://anonhg.NetBSD.org/pkgsrc/rev/05fa49ed91a9
branches:  trunk
changeset: 457197:05fa49ed91a9
user:      kim <kim%pkgsrc.org@localhost>
date:      Fri Aug 20 22:06:23 2021 +0000

description:
perl5: Address CVE-2021-36770

diffstat:

 lang/perl5/Makefile                            |   4 +-
 lang/perl5/distinfo                            |   3 +-
 lang/perl5/patches/patch-cpan_Encode_Encode.pm |  34 ++++++++++++++++++++++++++
 3 files changed, 38 insertions(+), 3 deletions(-)

diffs (67 lines):

diff -r 206f57c7eca1 -r 05fa49ed91a9 lang/perl5/Makefile
--- a/lang/perl5/Makefile       Fri Aug 20 18:08:31 2021 +0000
+++ b/lang/perl5/Makefile       Fri Aug 20 22:06:23 2021 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.271 2021/05/29 13:04:21 rin Exp $
+# $NetBSD: Makefile,v 1.272 2021/08/20 22:06:23 kim Exp $
 
-PKGREVISION= 2
+PKGREVISION= 3
 .include "license.mk"
 .include "Makefile.common"
 
diff -r 206f57c7eca1 -r 05fa49ed91a9 lang/perl5/distinfo
--- a/lang/perl5/distinfo       Fri Aug 20 18:08:31 2021 +0000
+++ b/lang/perl5/distinfo       Fri Aug 20 22:06:23 2021 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.171 2021/05/29 13:04:21 rin Exp $
+$NetBSD: distinfo,v 1.172 2021/08/20 22:06:23 kim Exp $
 
 SHA1 (perl-5.34.0.tar.xz) = d461e206a1dca5e79d39e77debf0b564f6d77d37
 RMD160 (perl-5.34.0.tar.xz) = ea671a6789db48db0036f763b5068db67be951d0
@@ -8,6 +8,7 @@
 SHA1 (patch-Makefile.SH) = 56203aea57c429a94760f039a978463b8859b0a9
 SHA1 (patch-caretx.c) = b76b4175a58123fa4dfd2adf36b2207dcb6cf65a
 SHA1 (patch-cflags.SH) = e940e4452768ccc1bdf21d435094e7efffceb925
+SHA1 (patch-cpan_Encode_Encode.pm) = fa49f95e79825a716d4e24995e23cea59a20b7ba
 SHA1 (patch-cpan_ExtUtils-MakeMaker_lib_ExtUtils_MM__BeOS.pm) = 79e5aeccfa272ca5ec08bffc616d8053ae90ac51
 SHA1 (patch-cpan_ExtUtils-MakeMaker_lib_ExtUtils_MM__Unix.pm) = 7b1caaea7327ebf492f8cde6b459286ecf7dd5ad
 SHA1 (patch-cpan_ExtUtils-MakeMaker_t_MM__BeOS.t) = 9b0e7ab85fdab4887b1754599a8879bd7d9f36cc
diff -r 206f57c7eca1 -r 05fa49ed91a9 lang/perl5/patches/patch-cpan_Encode_Encode.pm
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/perl5/patches/patch-cpan_Encode_Encode.pm    Fri Aug 20 22:06:23 2021 +0000
@@ -0,0 +1,34 @@
+$NetBSD: patch-cpan_Encode_Encode.pm,v 1.1 2021/08/20 22:06:23 kim Exp $
+
+perl5: patch Encode.pm for CVE-2021-36770
+
+Without this fix, Encode::ConfigLocal can be loaded from a path relative
+to the current directory, because the || operator will evaluate @INC in
+scalar context, putting an integer as the only value in @INC.
+
+Ref: https://github.com/Perl/perl5/commit/c1a937fef07c061600a0078f4cb53fe9c2136bb9.patch
+
+--- cpan/Encode/Encode.pm.orig 2021-01-20 23:04:44.000000000 +0000
++++ cpan/Encode/Encode.pm      2021-08-20 21:36:16.700846398 +0000
+@@ -7,7 +7,9 @@ use warnings;
+ use constant DEBUG => !!$ENV{PERL_ENCODE_DEBUG};
+ our $VERSION;
+ BEGIN {
+-    $VERSION = sprintf "%d.%02d", q$Revision: 1.1 $ =~ /(\d+)/g;
++    # $VERSION = sprintf "%d.%02d", q$Revision: 1.1 $ =~ /(\d+)/g;
++    $VERSION = "3.08_01";
++    $VERSION = eval $VERSION;
+     require XSLoader;
+     XSLoader::load( __PACKAGE__, $VERSION );
+ }
+@@ -65,8 +67,8 @@ require Encode::Config;
+ eval {
+     local $SIG{__DIE__};
+     local $SIG{__WARN__};
+-    local @INC = @INC || ();
+-    pop @INC if $INC[-1] eq '.';
++    local @INC = @INC;
++    pop @INC if @INC && $INC[-1] eq '.';
+     require Encode::ConfigLocal;
+ };
+ 



Home | Main Index | Thread Index | Old Index