path: root/system/perl/CVE-2021-36770.patch



From c1a937fef07c061600a0078f4cb53fe9c2136bb9 Mon Sep 17 00:00:00 2001
From: Ricardo Signes <rjbs@semiotic.systems>
Date: Mon, 9 Aug 2021 08:14:05 -0400
Subject: [PATCH] Encode.pm: apply a local patch for CVE-2021-36770

I expect Encode to see a new release today.

Without this fix, Encode::ConfigLocal can be loaded from a path relative
to the current directory, because the || operator will evaluate @INC in
scalar context, putting an integer as the only value in @INC.
---
 cpan/Encode/Encode.pm | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/cpan/Encode/Encode.pm b/cpan/Encode/Encode.pm
index a56a99947fd..b96a8504169 100644
--- a/cpan/Encode/Encode.pm
+++ b/cpan/Encode/Encode.pm
@@ -65,8 +66,8 @@ require Encode::Config;
 eval {
     local $SIG{__DIE__};
     local $SIG{__WARN__};
-    local @INC = @INC || ();
-    pop @INC if $INC[-1] eq '.';
+    local @INC = @INC;
+    pop @INC if @INC && $INC[-1] eq '.';
     require Encode::ConfigLocal;
 };
 
From c1a937fef07c061600a0078f4cb53fe9c2136bb9 Mon Sep 17 00:00:00 2001
From: Ricardo Signes <rjbs@semiotic.systems>
Date: Mon, 9 Aug 2021 08:14:05 -0400
Subject: [PATCH] Encode.pm: apply a local patch for CVE-2021-36770

I expect Encode to see a new release today.

Without this fix, Encode::ConfigLocal can be loaded from a path relative
to the current directory, because the || operator will evaluate @INC in
scalar context, putting an integer as the only value in @INC.
---
 cpan/Encode/Encode.pm | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/cpan/Encode/Encode.pm b/cpan/Encode/Encode.pm
index a56a99947fd..b96a8504169 100644
--- a/cpan/Encode/Encode.pm
+++ b/cpan/Encode/Encode.pm
@@ -65,8 +66,8 @@ require Encode::Config;
 eval {
     local $SIG{__DIE__};
     local $SIG{__WARN__};
-    local @INC = @INC || ();
-    pop @INC if $INC[-1] eq '.';
+    local @INC = @INC;
+    pop @INC if @INC && $INC[-1] eq '.';
     require Encode::ConfigLocal;
 };