packages/perl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!49 fix CVE-2021-36770

Browse Source 
From: @xinyingchao 
Reviewed-by: @xiezhipeng1 
Signed-off-by: @xiezhipeng1
This commit is contained in:
openeuler-ci-bot 2022-02-24 12:07:36 +00:00 committed by Gitee
commit a77779d366
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 75 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
backport-CVE-2021-36770.patch Normal file
View File

@ -0,0 +1,66 @@
From 527e482dc70b035d0df4f8c77a00d81f8d775c74 Mon Sep 17 00:00:00 2001
From: Dan Kogai <dankogai+github@gmail.com>
Date: Mon, 9 Aug 2021 23:19:25 +0900
Subject: [PATCH] version 3.12 to address CVE-2021-36770
---
cpan/Encode/Encode.pm | 8 ++++----
cpan/Encode/Unicode/Unicode.xs | 2 +-
cpan/Encode/t/Unicode.t | 2 +-
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/cpan/Encode/Encode.pm b/cpan/Encode/Encode.pm
index de06ba1..3ebbf9b 100644
--- a/cpan/Encode/Encode.pm
+++ b/cpan/Encode/Encode.pm
@@ -1,5 +1,5 @@
#
-# $Id: Encode.pm,v 3.06 2020/05/02 02:31:14 dankogai Exp $
+# $Id: Encode.pm,v 3.12 2021/08/09 14:17:04 dankogai Exp dankogai $
#
package Encode;
use strict;
@@ -7,7 +7,7 @@ use warnings;
use constant DEBUG => !!$ENV{PERL_ENCODE_DEBUG};
our $VERSION;
BEGIN {
- $VERSION = sprintf "%d.%02d", q$Revision: 3.06 $ =~ /(\d+)/g;
+ $VERSION = sprintf "%d.%02d", q$Revision: 3.12 $ =~ /(\d+)/g;
require XSLoader;
XSLoader::load( __PACKAGE__, $VERSION );
}
@@ -65,8 +65,8 @@ require Encode::Config;
eval {
local $SIG{__DIE__};
local $SIG{__WARN__};
- local @INC = @INC || ();
- pop @INC if $INC[-1] eq '.';
+ local @INC = @INC;
+ pop @INC if @INC && $INC[-1] eq '.';
require Encode::ConfigLocal;
};
diff --git a/cpan/Encode/Unicode/Unicode.xs b/cpan/Encode/Unicode/Unicode.xs
index 4e111e2..18c783f 100644
--- a/cpan/Encode/Unicode/Unicode.xs
+++ b/cpan/Encode/Unicode/Unicode.xs
@@ -1,5 +1,5 @@
/*
- $Id: Unicode.xs,v 2.19 2019/01/21 03:09:59 dankogai Exp $
+ $Id: Unicode.xs,v 2.20 2021/07/23 02:26:54 dankogai Exp $
*/
#define IN_UNICODE_XS
diff --git a/cpan/Encode/t/Unicode.t b/cpan/Encode/t/Unicode.t
index 2cc5d54..9e2bcbe 100644
--- a/cpan/Encode/t/Unicode.t
+++ b/cpan/Encode/t/Unicode.t
@@ -1,5 +1,5 @@
#
-# $Id: Unicode.t,v 2.3 2012/08/05 23:08:49 dankogai Exp $
+# $Id: Unicode.t,v 2.4 2021/07/23 02:26:54 dankogai Exp $
#
# This script is written entirely in ASCII, even though quoted literals
# do include non-BMP unicode characters -- Are you happy, jhi?
--
2.27.0

10
perl.spec
View File

@ -22,7 +22,7 @@ Name: perl
License: (GPL+ or Artistic) and (GPLv2+ or Artistic) and MIT and UCD and Public Domain and BSD
Epoch: 4
Version: %{perl_version}
Release: 8
Release: 9
Summary: A highly capable, feature-rich programming language
Url: https://www.perl.org/
Source0: https://www.cpan.org/src/5.0/%{name}-%{version}.tar.xz
@ -37,6 +37,8 @@ Patch3: create-libperl-soname.patch
Patch4: perl-5.18.2-Destroy-GDBM-NDBM-ODBM-SDBM-_File-objects-only-from-.patch
Patch5: backport-perl-5.22.0-Install-libperl.so-to-shrpdir-on-Linux.patch
Patch6000: backport-CVE-2021-36770.patch
BuildRequires: gcc bash findutils coreutils make tar procps bzip2-devel gdbm-devel
BuildRequires: zlib-devel systemtap-sdt-devel perl-interpreter perl-generators
@ -483,6 +485,12 @@ make test_harness
%{_mandir}/man3/*
%changelog
* Thu Feb 24 2022 yuanxin<yuanxin24@h-partners.com> 4:5.32.0-9
- Type:CVE
- ID:CVE-2021-36770
- SUG:NA
- DESC:fix CVE-2021-36770
* Thu Aug 5 2021 yuanxin<yuanxin24@huawei.com> 4:5.32.0-8
- Type:bugfix
- ID:NA