fix CVE-2021-36770

backport-CVE-2021-36770.patch

@@ -0,0 +1,66 @@
+From 527e482dc70b035d0df4f8c77a00d81f8d775c74 Mon Sep 17 00:00:00 2001
+From: Dan Kogai <dankogai+github@gmail.com>
+Date: Mon, 9 Aug 2021 23:19:25 +0900
+Subject: [PATCH] version 3.12 to address CVE-2021-36770
+---
+ cpan/Encode/Encode.pm          | 8 ++++----
+ cpan/Encode/Unicode/Unicode.xs | 2 +-
+ cpan/Encode/t/Unicode.t        | 2 +-
+ 3 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/cpan/Encode/Encode.pm b/cpan/Encode/Encode.pm
+index de06ba1..3ebbf9b 100644
+--- a/cpan/Encode/Encode.pm
++++ b/cpan/Encode/Encode.pm
+@@ -1,5 +1,5 @@
+ #
+-# $Id: Encode.pm,v 3.06 2020/05/02 02:31:14 dankogai Exp $
++# $Id: Encode.pm,v 3.12 2021/08/09 14:17:04 dankogai Exp dankogai $
+ #
+ package Encode;
+ use strict;
+@@ -7,7 +7,7 @@ use warnings;
+ use constant DEBUG => !!$ENV{PERL_ENCODE_DEBUG};
+ our $VERSION;
+ BEGIN {
+-    $VERSION = sprintf "%d.%02d", q$Revision: 3.06 $ =~ /(\d+)/g;
++    $VERSION = sprintf "%d.%02d", q$Revision: 3.12 $ =~ /(\d+)/g;
+     require XSLoader;
+     XSLoader::load( __PACKAGE__, $VERSION );
+ }
+@@ -65,8 +65,8 @@ require Encode::Config;
+ eval {
+     local $SIG{__DIE__};
+     local $SIG{__WARN__};
+-    local @INC = @INC || ();
+-    pop @INC if $INC[-1] eq '.';
++    local @INC = @INC;
++    pop @INC if @INC && $INC[-1] eq '.';
+     require Encode::ConfigLocal;
+ };
+ 
+diff --git a/cpan/Encode/Unicode/Unicode.xs b/cpan/Encode/Unicode/Unicode.xs
+index 4e111e2..18c783f 100644
+--- a/cpan/Encode/Unicode/Unicode.xs
++++ b/cpan/Encode/Unicode/Unicode.xs
+@@ -1,5 +1,5 @@
+ /*
+- $Id: Unicode.xs,v 2.19 2019/01/21 03:09:59 dankogai Exp $
++ $Id: Unicode.xs,v 2.20 2021/07/23 02:26:54 dankogai Exp $
+  */
+ 
+ #define IN_UNICODE_XS
+diff --git a/cpan/Encode/t/Unicode.t b/cpan/Encode/t/Unicode.t
+index 2cc5d54..9e2bcbe 100644
+--- a/cpan/Encode/t/Unicode.t
++++ b/cpan/Encode/t/Unicode.t
+@@ -1,5 +1,5 @@
+ #
+-# $Id: Unicode.t,v 2.3 2012/08/05 23:08:49 dankogai Exp $
++# $Id: Unicode.t,v 2.4 2021/07/23 02:26:54 dankogai Exp $
+ #
+ # This script is written entirely in ASCII, even though quoted literals
+ # do include non-BMP unicode characters -- Are you happy, jhi?
+-- 
+2.27.0
+

perl.spec

@@ -22,7 +22,7 @@ Name:           perl
 License:        (GPL+ or Artistic) and (GPLv2+ or Artistic) and MIT and UCD and Public Domain and BSD
 Epoch:          4
 Version:        %{perl_version}
-Release:        8
+Release:        9
 Summary:        A highly capable, feature-rich programming language
 Url:            https://www.perl.org/
 Source0:        https://www.cpan.org/src/5.0/%{name}-%{version}.tar.xz
@@ -37,6 +37,8 @@ Patch3:         create-libperl-soname.patch
 Patch4:         perl-5.18.2-Destroy-GDBM-NDBM-ODBM-SDBM-_File-objects-only-from-.patch
 Patch5:		backport-perl-5.22.0-Install-libperl.so-to-shrpdir-on-Linux.patch
 
+Patch6000:      backport-CVE-2021-36770.patch
+
 BuildRequires:  gcc bash findutils coreutils make tar procps bzip2-devel gdbm-devel
 BuildRequires:  zlib-devel systemtap-sdt-devel perl-interpreter perl-generators
 
@@ -483,6 +485,12 @@ make test_harness
 %{_mandir}/man3/*
 
 %changelog
+* Thu Feb 24 2022 yuanxin<yuanxin24@h-partners.com> 4:5.32.0-9
+- Type:CVE
+- ID:CVE-2021-36770
+- SUG:NA
+- DESC:fix CVE-2021-36770
+
 * Thu Aug 5 2021 yuanxin<yuanxin24@huawei.com> 4:5.32.0-8
 - Type:bugfix
 - ID:NA