Index: Makefile =================================================================== RCS file: /cvsroot/pkgsrc/lang/perl5/Makefile,v retrieving revision 1.271 diff -u -p -r1.271 Makefile --- Makefile 29 May 2021 13:04:21 -0000 1.271 +++ Makefile 20 Aug 2021 21:47:11 -0000 @@ -1,6 +1,6 @@ # $NetBSD: Makefile,v 1.271 2021/05/29 13:04:21 rin Exp $ -PKGREVISION= 2 +PKGREVISION= 3 .include "license.mk" .include "Makefile.common" Index: distinfo =================================================================== RCS file: /cvsroot/pkgsrc/lang/perl5/distinfo,v retrieving revision 1.171 diff -u -p -r1.171 distinfo --- distinfo 29 May 2021 13:04:21 -0000 1.171 +++ distinfo 20 Aug 2021 21:47:11 -0000 @@ -8,6 +8,7 @@ SHA1 (patch-Configure) = a72983dba63f32f SHA1 (patch-Makefile.SH) = 56203aea57c429a94760f039a978463b8859b0a9 SHA1 (patch-caretx.c) = b76b4175a58123fa4dfd2adf36b2207dcb6cf65a SHA1 (patch-cflags.SH) = e940e4452768ccc1bdf21d435094e7efffceb925 +SHA1 (patch-cpan_Encode_Encode.pm) = fa49f95e79825a716d4e24995e23cea59a20b7ba SHA1 (patch-cpan_ExtUtils-MakeMaker_lib_ExtUtils_MM__BeOS.pm) = 79e5aeccfa272ca5ec08bffc616d8053ae90ac51 SHA1 (patch-cpan_ExtUtils-MakeMaker_lib_ExtUtils_MM__Unix.pm) = 7b1caaea7327ebf492f8cde6b459286ecf7dd5ad SHA1 (patch-cpan_ExtUtils-MakeMaker_t_MM__BeOS.t) = 9b0e7ab85fdab4887b1754599a8879bd7d9f36cc Index: patches/patch-cpan_Encode_Encode.pm =================================================================== RCS file: patches/patch-cpan_Encode_Encode.pm diff -N patches/patch-cpan_Encode_Encode.pm --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-cpan_Encode_Encode.pm 20 Aug 2021 21:47:11 -0000 @@ -0,0 +1,34 @@ +$NetBSD$ + +perl5: patch Encode.pm for CVE-2021-36770 + +Without this fix, Encode::ConfigLocal can be loaded from a path relative +to the current directory, because the || operator will evaluate @INC in +scalar context, putting an integer as the only value in @INC. + +Ref: https://github.com/Perl/perl5/commit/c1a937fef07c061600a0078f4cb53fe9c2136bb9.patch + +--- cpan/Encode/Encode.pm.orig 2021-01-20 23:04:44.000000000 +0000 ++++ cpan/Encode/Encode.pm 2021-08-20 21:36:16.700846398 +0000 +@@ -7,7 +7,9 @@ use warnings; + use constant DEBUG => !!$ENV{PERL_ENCODE_DEBUG}; + our $VERSION; + BEGIN { +- $VERSION = sprintf "%d.%02d", q$Revision: 3.08 $ =~ /(\d+)/g; ++ # $VERSION = sprintf "%d.%02d", q$Revision: 3.08 $ =~ /(\d+)/g; ++ $VERSION = "3.08_01"; ++ $VERSION = eval $VERSION; + require XSLoader; + XSLoader::load( __PACKAGE__, $VERSION ); + } +@@ -65,8 +67,8 @@ require Encode::Config; + eval { + local $SIG{__DIE__}; + local $SIG{__WARN__}; +- local @INC = @INC || (); +- pop @INC if $INC[-1] eq '.'; ++ local @INC = @INC; ++ pop @INC if @INC && $INC[-1] eq '.'; + require Encode::ConfigLocal; + }; +