.gitignore

@@ -1 +1,56 @@
-SOURCES/Encode-3.01.tar.gz
+/Encode-2.47.tar.gz
+/Encode-2.48.tar.gz
+/Encode-2.49.tar.gz
+/Encode-2.50.tar.gz
+/Encode-2.51.tar.gz
+/Encode-2.52.tar.gz
+/Encode-2.54.tar.gz
+/Encode-2.55.tar.gz
+/Encode-2.57.tar.gz
+/Encode-2.58.tar.gz
+/Encode-2.59.tar.gz
+/Encode-2.60.tar.gz
+/Encode-2.62.tar.gz
+/Encode-2.63.tar.gz
+/Encode-2.64.tar.gz
+/Encode-2.66.tar.gz
+/Encode-2.67.tar.gz
+/Encode-2.68.tar.gz
+/Encode-2.70.tar.gz
+/Encode-2.71.tar.gz
+/Encode-2.72.tar.gz
+/Encode-2.73.tar.gz
+/Encode-2.74.tar.gz
+/Encode-2.75.tar.gz
+/Encode-2.76.tar.gz
+/Encode-2.77.tar.gz
+/Encode-2.78.tar.gz
+/Encode-2.79.tar.gz
+/Encode-2.80.tar.gz
+/Encode-2.82.tar.gz
+/Encode-2.83.tar.gz
+/Encode-2.84.tar.gz
+/Encode-2.85.tar.gz
+/Encode-2.86.tar.gz
+/Encode-2.87.tar.gz
+/Encode-2.88.tar.gz
+/Encode-2.89.tar.gz
+/Encode-2.90.tar.gz
+/Encode-2.91.tar.gz
+/Encode-2.92.tar.gz
+/Encode-2.93.tar.gz
+/Encode-2.94.tar.gz
+/Encode-2.95.tar.gz
+/Encode-2.96.tar.gz
+/Encode-2.97.tar.gz
+/Encode-2.98.tar.gz
+/Encode-2.99.tar.gz
+/Encode-3.00.tar.gz
+/Encode-3.01.tar.gz
+/Encode-3.02.tar.gz
+/Encode-3.03.tar.gz
+/Encode-3.04.tar.gz
+/Encode-3.05.tar.gz
+/Encode-3.06.tar.gz
+/Encode-3.07.tar.gz
+/Encode-3.08.tar.gz

.perl-Encode.metadata

@@ -1 +1 @@
-39db23dce79fda1c775099663d3ce59745847871 SOURCES/Encode-3.01.tar.gz
+733b698bdb0c77e597eba1e87fda958d31c93b55 Encode-3.08.tar.gz

Encode-3.12-mitigate-INC-pollution-when-loading-ConfigLocal.patch

@@ -0,0 +1,27 @@
+From 3772892b334a631b7bbf9a8ffbcb19e327d96e29 Mon Sep 17 00:00:00 2001
+From: Ricardo Signes <rjbs@semiotic.systems>
+Date: Sat, 17 Jul 2021 14:46:10 -0400
+Subject: [PATCH] mitigate @INC pollution when loading ConfigLocal
+
+---
+ Encode.pm | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/Encode.pm b/Encode.pm
+index a56a999..9691382 100644
+--- a/Encode.pm
++++ b/Encode.pm
+@@ -65,8 +65,8 @@ require Encode::Config;
+ eval {
+     local $SIG{__DIE__};
+     local $SIG{__WARN__};
+-    local @INC = @INC || ();
+-    pop @INC if $INC[-1] eq '.';
++    local @INC = @INC;
++    pop @INC if @INC && $INC[-1] eq '.';
+     require Encode::ConfigLocal;
+ };
+ 
+-- 
+2.30.1 (Apple Git-130)
+

Encode-3.14-Fix-memory-leak-in-function-encode_method.patch

@@ -0,0 +1,97 @@
+From d77d726d206f16232df6edd80739720bb7011aea Mon Sep 17 00:00:00 2001
+From: Pali <pali@cpan.org>
+Date: Thu, 7 Oct 2021 22:35:51 +0200
+Subject: [PATCH] Fix memory leak in function encode_method()
+
+Pull request https://github.com/dankogai/p5-encode/pull/72 fixed memory
+corruption but introduced a new memory leak as dst scalar is not mortal
+anymore and not every possible exit from every XS function properly release
+scalar's memory.
+
+Fix this memory leak by making dst scalar mortal again. To not re-introduce
+that memory corruption, first store dst scalar into temporary variable and
+then save it into stack via ST(0) macro.
+---
+ Encode.xs | 23 ++++++++++++-----------
+ 1 file changed, 12 insertions(+), 11 deletions(-)
+
+diff --git a/Encode.xs b/Encode.xs
+index 4baf296..d173c96 100644
+--- a/Encode.xs
++++ b/Encode.xs
+@@ -154,7 +154,7 @@ encode_method(pTHX_ const encode_t * enc, const encpage_t * dir, SV * src, U8 *
+     STRLEN sdone = 0;
+     /* We allocate slen+1.
+        PerlIO dumps core if this value is smaller than this. */
+-    SV *dst = newSV(slen+1);
++    SV *dst = sv_2mortal(newSV(slen+1));
+     U8 *d = (U8 *)SvPVX(dst);
+     STRLEN dlen = SvLEN(dst)-1;
+     int code = 0;
+@@ -810,13 +810,12 @@ CODE:
+     tmp = encode_method(aTHX_ enc, enc->t_utf8, src, s, slen, check,
+                 &offset, term, &code, fallback_cb);
+     sv_catsv(dst, tmp);
+-    SvREFCNT_dec(tmp);
+     SvIV_set(off, (IV)offset);
+     RETVAL = (code == ENCODE_FOUND_TERM);
+ OUTPUT:
+     RETVAL
+ 
+-SV *
++void
+ Method_decode(obj,src,check_sv = &PL_sv_no)
+ SV *	obj
+ SV *	src
+@@ -828,6 +827,7 @@ PREINIT:
+     encode_t *enc;
+     U8 *s;
+     STRLEN slen;
++    SV *ret;
+ INIT:
+     SvGETMAGIC(src);
+     SvGETMAGIC(check_sv);
+@@ -841,13 +841,13 @@ CODE:
+     s = modify ? (U8 *)SvPV_force_nomg(src, slen) : (U8 *)SvPV_nomg(src, slen);
+     if (SvUTF8(src))
+         utf8_safe_downgrade(aTHX_ &src, &s, &slen, modify);
+-    RETVAL = encode_method(aTHX_ enc, enc->t_utf8, src, s, slen, check,
++    ret = encode_method(aTHX_ enc, enc->t_utf8, src, s, slen, check,
+               NULL, Nullsv, NULL, fallback_cb);
+-    SvUTF8_on(RETVAL);
+-OUTPUT:
+-    RETVAL
++    SvUTF8_on(ret);
++    ST(0) = ret;
++    XSRETURN(1);
+ 
+-SV *
++void
+ Method_encode(obj,src,check_sv = &PL_sv_no)
+ SV *	obj
+ SV *	src
+@@ -859,6 +859,7 @@ PREINIT:
+     encode_t *enc;
+     U8 *s;
+     STRLEN slen;
++    SV *ret;
+ INIT:
+     SvGETMAGIC(src);
+     SvGETMAGIC(check_sv);
+@@ -872,10 +873,10 @@ CODE:
+     s = modify ? (U8 *)SvPV_force_nomg(src, slen) : (U8 *)SvPV_nomg(src, slen);
+     if (!SvUTF8(src))
+         utf8_safe_upgrade(aTHX_ &src, &s, &slen, modify);
+-    RETVAL = encode_method(aTHX_ enc, enc->f_utf8, src, s, slen, check,
++    ret = encode_method(aTHX_ enc, enc->f_utf8, src, s, slen, check,
+               NULL, Nullsv, NULL, fallback_cb);
+-OUTPUT:
+-    RETVAL
++    ST(0) = ret;
++    XSRETURN(1);
+ 
+ bool
+ Method_needs_lines(obj)
+-- 
+2.31.1
+

perl-Encode.rpmlintrc

@@ -0,0 +1,2 @@
+from Config import *
+addFilter("spelling-error .* (encodings|pragma|ucm)");

perl-Encode.spec

@@ -1,6 +1,6 @@
 # Because encoding sub-package has an independent version, version macro gets
 # redefined.
-%global cpan_version 3.01
+%global cpan_version 3.08
 Name:           perl-Encode
 Epoch:          4
 Version:        %{cpan_version}
@@ -8,7 +8,7 @@ Version:        %{cpan_version}
 # perl-encoding sub-package has independent version which does not change
 # often and consecutive builds would clash on perl-encoding NEVRA. This is the
 # same case as in perl.spec.
-Release:        439%{?dist}
+Release:        461%{?dist}
 Summary:        Character encodings in Perl
 # ucm:          UCD
 # bin/encguess: Artistic 2.0
@@ -16,6 +16,10 @@ Summary:        Character encodings in Perl
 License:        (GPL+ or Artistic) and Artistic 2.0 and UCD
 URL:            https://metacpan.org/release/Encode
 Source0:        https://cpan.metacpan.org/authors/id/D/DA/DANKOGAI/Encode-%{cpan_version}.tar.gz
+# Encode.pm does not load code from outside expected @INC (rhbz#1991539, CVE-2021-36770)
+Patch0:         Encode-3.12-mitigate-INC-pollution-when-loading-ConfigLocal.patch
+# Fix memory leak in function encode_method()
+Patch1:         Encode-3.14-Fix-memory-leak-in-function-encode_method.patch
 BuildRequires:  findutils
 BuildRequires:  gcc
 BuildRequires:  make
@@ -52,6 +56,7 @@ BuildRequires:  perl(vars)
 BuildRequires:  perl(XSLoader)
 # Tests:
 # Benchmark not used
+BuildRequires:  perl(blib)
 BuildRequires:  perl(charnames)
 BuildRequires:  perl(File::Compare)
 BuildRequires:  perl(File::Copy)
@@ -82,7 +87,7 @@ of the system. Perl strings are sequences of characters.
 
 %package -n perl-encoding
 Summary:        Write your Perl script in non-ASCII or non-UTF-8
-Version:        2.22
+Version:        3.00
 License:        GPL+ or Artistic
 # Keeping this sub-package arch-specific because it installs files into
 # arch-specific directories.
@@ -126,6 +131,8 @@ your own encoding to perl. No knowledge of XS is necessary.
 
 %prep
 %setup -q -n Encode-%{cpan_version}
+%patch0 -p1
+%patch1 -p1
 
 %build
 # Additional scripts can be installed by appending MORE_SCRIPTS, UCM files by
@@ -140,8 +147,8 @@ find $RPM_BUILD_ROOT -type f -name '*.bs' -empty -delete
 %{_fixperms} $RPM_BUILD_ROOT/*
 
 %check
-unset AUTHOR_TESTING ENC2XS_VERBOSE MAKEFLAGS PERL_CORE PERL_ENCODING \
+unset AUTHOR_TESTING ENC2XS_NO_COMMENTS ENC2XS_VERBOSE MAKEFLAGS PERL_CORE \
-    PERL_ENCODE_DEBUG RELEASE_TESTING
+    PERL_ENCODING PERL_ENCODE_DEBUG
 make test
 
 %files
@@ -169,6 +176,43 @@ make test
 %{perl_vendorarch}/Encode/encode.h
 
 %changelog
+* Sun Oct 10 2021 Jitka Plesnikova <jplesnik@redhat.com> - 4:3.08-461
+- Fix memory leak in function encode_method()
+- "Fix a memory leak on FB_CROAK" was reverted in Encode 3.15
+
+* Wed Oct 06 2021 Jitka Plesnikova <jplesnik@redhat.com> - 4:3.08-460
+- Fix a memory leak on FB_CROAK, backported from Encode 3.13
+
+* Mon Aug 09 2021 Jitka Plesnikova <jplesnik@redhat.com> - 4:3.08-459
+- Fix CVE-2021-36770 - mitigate @INC pollution when loading ConfigLocal
+
+* Wed Dec 02 2020 Jitka Plesnikova <jplesnik@redhat.com> - 4:3.08-458
+- 3.08 bump
+
+* Mon Jul 27 2020 Petr Pisar <ppisar@redhat.com> - 4:3.07-457
+- 3.07 bump
+
+* Mon Jun 22 2020 Jitka Plesnikova <jplesnik@redhat.com> - 4:3.06-456
+- Increase release to favour standalone package
+
+* Mon May 04 2020 Petr Pisar <ppisar@redhat.com> - 4:3.06-445
+- 3.06 bump
+
+* Thu Mar 19 2020 Petr Pisar <ppisar@redhat.com> - 4:3.05-444
+- 3.05 bump
+
+* Wed Mar 11 2020 Petr Pisar <ppisar@redhat.com> - 4:3.04-443
+- 3.04 bump
+
+* Mon Mar 02 2020 Petr Pisar <ppisar@redhat.com> - 4:3.03-442
+- 3.03 bump
+
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4:3.02-441
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Thu Jan 02 2020 Petr Pisar <ppisar@redhat.com> - 4:3.02-440
+- 3.02 bump
+
 * Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 4:3.01-439
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 

sources

@@ -0,0 +1 @@
+SHA512 (Encode-3.08.tar.gz) = 70490040347a3cc673d23c74f26a7c825691066cc3bbd16d2f72f745dd100c36de6694c44d6f78564c6cb579e43822a040ad7f29ad571ab7b4f6233eef566fee