mirror of
https://git.yoctoproject.org/poky
synced 2026-02-26 19:39:40 +01:00
d5723cb241
Backport patch to fix CVE-2021-36770. And drop the section of code which updates version. CVE: CVE-2021-36770 (From OE-Core rev: 9a5e0f3ece45529358b6b712e3450a8594f531c6) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
41 lines
1.2 KiB
Diff
41 lines
1.2 KiB
Diff
Backport patch to fix CVE-2021-36770. And drop the section of code which
|
|
updates version.
|
|
|
|
Upstream-Status: Backport [https://github.com/Perl/perl5/commit/c1a937f]
|
|
CVE: CVE-2021-36770
|
|
|
|
Signed-off-by: Kai Kang <kai.kang@windriver.com>
|
|
|
|
From c1a937fef07c061600a0078f4cb53fe9c2136bb9 Mon Sep 17 00:00:00 2001
|
|
From: Ricardo Signes <rjbs@semiotic.systems>
|
|
Date: Mon, 9 Aug 2021 08:14:05 -0400
|
|
Subject: [PATCH] Encode.pm: apply a local patch for CVE-2021-36770
|
|
|
|
I expect Encode to see a new release today.
|
|
|
|
Without this fix, Encode::ConfigLocal can be loaded from a path relative
|
|
to the current directory, because the || operator will evaluate @INC in
|
|
scalar context, putting an integer as the only value in @INC.
|
|
---
|
|
cpan/Encode/Encode.pm | 4 ++--
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/cpan/Encode/Encode.pm b/cpan/Encode/Encode.pm
|
|
index a56a99947f..b96a850416 100644
|
|
--- a/cpan/Encode/Encode.pm
|
|
+++ b/cpan/Encode/Encode.pm
|
|
@@ -65,8 +66,8 @@ require Encode::Config;
|
|
eval {
|
|
local $SIG{__DIE__};
|
|
local $SIG{__WARN__};
|
|
- local @INC = @INC || ();
|
|
- pop @INC if $INC[-1] eq '.';
|
|
+ local @INC = @INC;
|
|
+ pop @INC if @INC && $INC[-1] eq '.';
|
|
require Encode::ConfigLocal;
|
|
};
|
|
|
|
--
|
|
2.33.0
|
|
|