diff --git a/backport-CVE-2021-36770.patch b/backport-CVE-2021-36770.patch new file mode 100644 index 0000000..514018b --- /dev/null +++ b/backport-CVE-2021-36770.patch @@ -0,0 +1,66 @@ +From 527e482dc70b035d0df4f8c77a00d81f8d775c74 Mon Sep 17 00:00:00 2001 +From: Dan Kogai +Date: Mon, 9 Aug 2021 23:19:25 +0900 +Subject: [PATCH] version 3.12 to address CVE-2021-36770 +--- + cpan/Encode/Encode.pm | 8 ++++---- + cpan/Encode/Unicode/Unicode.xs | 2 +- + cpan/Encode/t/Unicode.t | 2 +- + 3 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/cpan/Encode/Encode.pm b/cpan/Encode/Encode.pm +index de06ba1..3ebbf9b 100644 +--- a/cpan/Encode/Encode.pm ++++ b/cpan/Encode/Encode.pm +@@ -1,5 +1,5 @@ + # +-# $Id: Encode.pm,v 3.06 2020/05/02 02:31:14 dankogai Exp $ ++# $Id: Encode.pm,v 3.12 2021/08/09 14:17:04 dankogai Exp dankogai $ + # + package Encode; + use strict; +@@ -7,7 +7,7 @@ use warnings; + use constant DEBUG => !!$ENV{PERL_ENCODE_DEBUG}; + our $VERSION; + BEGIN { +- $VERSION = sprintf "%d.%02d", q$Revision: 3.06 $ =~ /(\d+)/g; ++ $VERSION = sprintf "%d.%02d", q$Revision: 3.12 $ =~ /(\d+)/g; + require XSLoader; + XSLoader::load( __PACKAGE__, $VERSION ); + } +@@ -65,8 +65,8 @@ require Encode::Config; + eval { + local $SIG{__DIE__}; + local $SIG{__WARN__}; +- local @INC = @INC || (); +- pop @INC if $INC[-1] eq '.'; ++ local @INC = @INC; ++ pop @INC if @INC && $INC[-1] eq '.'; + require Encode::ConfigLocal; + }; + +diff --git a/cpan/Encode/Unicode/Unicode.xs b/cpan/Encode/Unicode/Unicode.xs +index 4e111e2..18c783f 100644 +--- a/cpan/Encode/Unicode/Unicode.xs ++++ b/cpan/Encode/Unicode/Unicode.xs +@@ -1,5 +1,5 @@ + /* +- $Id: Unicode.xs,v 2.19 2019/01/21 03:09:59 dankogai Exp $ ++ $Id: Unicode.xs,v 2.20 2021/07/23 02:26:54 dankogai Exp $ + */ + + #define IN_UNICODE_XS +diff --git a/cpan/Encode/t/Unicode.t b/cpan/Encode/t/Unicode.t +index 2cc5d54..9e2bcbe 100644 +--- a/cpan/Encode/t/Unicode.t ++++ b/cpan/Encode/t/Unicode.t +@@ -1,5 +1,5 @@ + # +-# $Id: Unicode.t,v 2.3 2012/08/05 23:08:49 dankogai Exp $ ++# $Id: Unicode.t,v 2.4 2021/07/23 02:26:54 dankogai Exp $ + # + # This script is written entirely in ASCII, even though quoted literals + # do include non-BMP unicode characters -- Are you happy, jhi? +-- +2.27.0 + diff --git a/perl.spec b/perl.spec index b8db0de..93d706c 100644 --- a/perl.spec +++ b/perl.spec @@ -22,7 +22,7 @@ Name: perl License: (GPL+ or Artistic) and (GPLv2+ or Artistic) and MIT and UCD and Public Domain and BSD Epoch: 4 Version: %{perl_version} -Release: 8 +Release: 9 Summary: A highly capable, feature-rich programming language Url: https://www.perl.org/ Source0: https://www.cpan.org/src/5.0/%{name}-%{version}.tar.xz @@ -37,6 +37,8 @@ Patch3: create-libperl-soname.patch Patch4: perl-5.18.2-Destroy-GDBM-NDBM-ODBM-SDBM-_File-objects-only-from-.patch Patch5: backport-perl-5.22.0-Install-libperl.so-to-shrpdir-on-Linux.patch +Patch6000: backport-CVE-2021-36770.patch + BuildRequires: gcc bash findutils coreutils make tar procps bzip2-devel gdbm-devel BuildRequires: zlib-devel systemtap-sdt-devel perl-interpreter perl-generators @@ -483,6 +485,12 @@ make test_harness %{_mandir}/man3/* %changelog +* Thu Feb 24 2022 yuanxin 4:5.32.0-9 +- Type:CVE +- ID:CVE-2021-36770 +- SUG:NA +- DESC:fix CVE-2021-36770 + * Thu Aug 5 2021 yuanxin 4:5.32.0-8 - Type:bugfix - ID:NA