Resolves: rhbz#1984005, CVE-2021-36770 - mitigate @INC pollution when loading ConfigLocal
This commit is contained in:
parent
0d27bc5d58
commit
63533dd5b4
1
.perl-Encode.metadata
Normal file
1
.perl-Encode.metadata
Normal file
@ -0,0 +1 @@
|
||||
733b698bdb0c77e597eba1e87fda958d31c93b55 Encode-3.08.tar.gz
|
@ -0,0 +1,27 @@
|
||||
From 3772892b334a631b7bbf9a8ffbcb19e327d96e29 Mon Sep 17 00:00:00 2001
|
||||
From: Ricardo Signes <rjbs@semiotic.systems>
|
||||
Date: Sat, 17 Jul 2021 14:46:10 -0400
|
||||
Subject: [PATCH] mitigate @INC pollution when loading ConfigLocal
|
||||
|
||||
---
|
||||
Encode.pm | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/Encode.pm b/Encode.pm
|
||||
index a56a999..9691382 100644
|
||||
--- a/Encode.pm
|
||||
+++ b/Encode.pm
|
||||
@@ -65,8 +65,8 @@ require Encode::Config;
|
||||
eval {
|
||||
local $SIG{__DIE__};
|
||||
local $SIG{__WARN__};
|
||||
- local @INC = @INC || ();
|
||||
- pop @INC if $INC[-1] eq '.';
|
||||
+ local @INC = @INC;
|
||||
+ pop @INC if @INC && $INC[-1] eq '.';
|
||||
require Encode::ConfigLocal;
|
||||
};
|
||||
|
||||
--
|
||||
2.30.1 (Apple Git-130)
|
||||
|
6
gating.yaml
Normal file
6
gating.yaml
Normal file
@ -0,0 +1,6 @@
|
||||
--- !Policy
|
||||
product_versions:
|
||||
- rhel-9
|
||||
decision_context: osci_compose_gate
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
|
@ -8,7 +8,7 @@ Version: %{cpan_version}
|
||||
# perl-encoding sub-package has independent version which does not change
|
||||
# often and consecutive builds would clash on perl-encoding NEVRA. This is the
|
||||
# same case as in perl.spec.
|
||||
Release: 461%{?dist}
|
||||
Release: 462%{?dist}
|
||||
Summary: Character encodings in Perl
|
||||
# ucm: UCD
|
||||
# bin/encguess: Artistic 2.0
|
||||
@ -16,6 +16,8 @@ Summary: Character encodings in Perl
|
||||
License: (GPL+ or Artistic) and Artistic 2.0 and UCD
|
||||
URL: https://metacpan.org/release/Encode
|
||||
Source0: https://cpan.metacpan.org/authors/id/D/DA/DANKOGAI/Encode-%{cpan_version}.tar.gz
|
||||
# Encode.pm does not load code from outside expected @INC (rhbz#1984005, CVE-2021-36770)
|
||||
Patch0: Encode-3.08-mitigate-INC-pollution-when-loading-ConfigLocal.patch
|
||||
BuildRequires: findutils
|
||||
BuildRequires: gcc
|
||||
BuildRequires: make
|
||||
@ -127,6 +129,7 @@ your own encoding to perl. No knowledge of XS is necessary.
|
||||
|
||||
%prep
|
||||
%setup -q -n Encode-%{cpan_version}
|
||||
%patch0 -p1
|
||||
|
||||
%build
|
||||
# Additional scripts can be installed by appending MORE_SCRIPTS, UCM files by
|
||||
@ -170,6 +173,10 @@ make test
|
||||
%{perl_vendorarch}/Encode/encode.h
|
||||
|
||||
%changelog
|
||||
* Tue Aug 10 2021 Jitka Plesnikova <jplesnik@redhat.com> - 4:3.08-462
|
||||
- Resolves: rhbz#1984005, CVE-2021-36770 - mitigate @INC pollution when
|
||||
loading ConfigLocal
|
||||
|
||||
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 4:3.08-461
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
|
Loading…
Reference in New Issue
Block a user