diff options
Diffstat (limited to 'system/perl/CVE-2021-36770.patch')
| -rw-r--r-- | system/perl/CVE-2021-36770.patch | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/system/perl/CVE-2021-36770.patch b/system/perl/CVE-2021-36770.patch new file mode 100644 index 000000000..c3c443900 --- /dev/null +++ b/system/perl/CVE-2021-36770.patch @@ -0,0 +1,29 @@ +From c1a937fef07c061600a0078f4cb53fe9c2136bb9 Mon Sep 17 00:00:00 2001 +From: Ricardo Signes <rjbs@semiotic.systems> +Date: Mon, 9 Aug 2021 08:14:05 -0400 +Subject: [PATCH] Encode.pm: apply a local patch for CVE-2021-36770 + +I expect Encode to see a new release today. + +Without this fix, Encode::ConfigLocal can be loaded from a path relative +to the current directory, because the || operator will evaluate @INC in +scalar context, putting an integer as the only value in @INC. +--- + cpan/Encode/Encode.pm | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/cpan/Encode/Encode.pm b/cpan/Encode/Encode.pm +index a56a99947fd..b96a8504169 100644 +--- a/cpan/Encode/Encode.pm ++++ b/cpan/Encode/Encode.pm +@@ -65,8 +66,8 @@ require Encode::Config; + eval { + local $SIG{__DIE__}; + local $SIG{__WARN__}; +- local @INC = @INC || (); +- pop @INC if $INC[-1] eq '.'; ++ local @INC = @INC; ++ pop @INC if @INC && $INC[-1] eq '.'; + require Encode::ConfigLocal; + }; + |