From b0633db262cbddcae7c895f3b4c1958ea49e7b31 Mon Sep 17 00:00:00 2001 From: xinyingchao Date: Thu, 24 Feb 2022 16:46:06 +0800 Subject: [PATCH] fix CVE-2021-36770 --- backport-CVE-2021-36770.patch | 67 +++++++++++++++++++++++++++++++++++ perl.spec | 10 +++++- 2 files changed, 76 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2021-36770.patch diff --git a/backport-CVE-2021-36770.patch b/backport-CVE-2021-36770.patch new file mode 100644 index 0000000..016a9b5 --- /dev/null +++ b/backport-CVE-2021-36770.patch @@ -0,0 +1,67 @@ +From 527e482dc70b035d0df4f8c77a00d81f8d775c74 Mon Sep 17 00:00:00 2001 +From: Dan Kogai +Date: Mon, 9 Aug 2021 23:19:25 +0900 +Subject: [PATCH] version 3.12 to address CVE-2021-36770 + +--- + cpan/Encode/Encode.pm | 8 ++++---- + cpan/Encode/Unicode/Unicode.xs | 2 +- + cpan/Encode/t/Unicode.t | 2 +- + 3 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/cpan/Encode/Encode.pm b/cpan/Encode/Encode.pm +index d3eb3c1..769439c 100644 +--- a/cpan/Encode/Encode.pm ++++ b/cpan/Encode/Encode.pm +@@ -1,5 +1,5 @@ + # +-# $Id: Encode.pm,v 3.08 2020/12/02 01:27:44 dankogai Exp $ ++# $Id: Encode.pm,v 3.12 2021/08/09 14:17:04 dankogai Exp dankogai $ + # + package Encode; + use strict; +@@ -7,7 +7,7 @@ use warnings; + use constant DEBUG => !!$ENV{PERL_ENCODE_DEBUG}; + our $VERSION; + BEGIN { +- $VERSION = sprintf "%d.%02d", q$Revision: 3.08 $ =~ /(\d+)/g; ++ $VERSION = sprintf "%d.%02d", q$Revision: 3.12 $ =~ /(\d+)/g; + require XSLoader; + XSLoader::load( __PACKAGE__, $VERSION ); + } +@@ -65,8 +65,8 @@ require Encode::Config; + eval { + local $SIG{__DIE__}; + local $SIG{__WARN__}; +- local @INC = @INC || (); +- pop @INC if $INC[-1] eq '.'; ++ local @INC = @INC; ++ pop @INC if @INC && $INC[-1] eq '.'; + require Encode::ConfigLocal; + }; + +diff --git a/cpan/Encode/Unicode/Unicode.xs b/cpan/Encode/Unicode/Unicode.xs +index 4e111e2..18c783f 100644 +--- a/cpan/Encode/Unicode/Unicode.xs ++++ b/cpan/Encode/Unicode/Unicode.xs +@@ -1,5 +1,5 @@ + /* +- $Id: Unicode.xs,v 2.19 2019/01/21 03:09:59 dankogai Exp $ ++ $Id: Unicode.xs,v 2.20 2021/07/23 02:26:54 dankogai Exp $ + */ + + #define IN_UNICODE_XS +diff --git a/cpan/Encode/t/Unicode.t b/cpan/Encode/t/Unicode.t +index 2cc5d54..9e2bcbe 100644 +--- a/cpan/Encode/t/Unicode.t ++++ b/cpan/Encode/t/Unicode.t +@@ -1,5 +1,5 @@ + # +-# $Id: Unicode.t,v 2.3 2012/08/05 23:08:49 dankogai Exp $ ++# $Id: Unicode.t,v 2.4 2021/07/23 02:26:54 dankogai Exp $ + # + # This script is written entirely in ASCII, even though quoted literals + # do include non-BMP unicode characters -- Are you happy, jhi? +-- +2.27.0 + diff --git a/perl.spec b/perl.spec index e973c82..9a25b90 100644 --- a/perl.spec +++ b/perl.spec @@ -22,7 +22,7 @@ Name: perl License: (GPL+ or Artistic) and (GPLv2+ or Artistic) and MIT and UCD and Public Domain and BSD Epoch: 4 Version: %{perl_version} -Release: 2 +Release: 3 Summary: A highly capable, feature-rich programming language Url: https://www.perl.org/ Source0: https://www.cpan.org/src/5.0/%{name}-%{version}.tar.xz @@ -34,6 +34,8 @@ Patch4: perl-5.34.0-Destroy-GDBM-NDBM-ODBM-SDBM-_File-objects-only-from-.patch Patch5: perl-5.35.1-Fix-GDBM_File-to-compile-with-version-1.20-and-earli.patch Patch6: perl-5.35.1-Raise-version-number-in-ext-GDBM_File-GDBM_File.pm.patch +Patch6000: backport-CVE-2021-36770.patch + BuildRequires: gcc bash findutils coreutils make tar procps bzip2-devel gdbm-devel perl-File-Compare perl-File-Find BuildRequires: zlib-devel systemtap-sdt-devel perl-interpreter perl-generators @@ -486,6 +488,12 @@ make test_harness %{_mandir}/man3/* %changelog +* Thu Feb 24 2022 yuanxin 4:5.34.0-3 +- Type:CVE +- ID:CVE-2021-36770 +- SUG:NA +- DESC:fix CVE-2021-36770 + * Wed Jan 05 2022 tianwei 4:5.34.0-2 - Type:bugfix - ID:NA -- Gitee