From 5b45d9ea8d6c72b12ad84fe1a1e85df21d95e630 Mon Sep 17 00:00:00 2001
From: wangjiang <wangjiang37@h-partners.com>
Date: Mon, 28 Feb 2022 19:11:45 +0800
Subject: [PATCH] fix CVE-2021-36770

---
 backport-CVE-2021-36770.patch | 36 +++++++++++++++++++++++++++++++++++
 perl-Encode.spec              | 11 ++++++++++-
 2 files changed, 46 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2021-36770.patch

diff --git a/backport-CVE-2021-36770.patch b/backport-CVE-2021-36770.patch
new file mode 100644
index 0000000..a7adaad
--- /dev/null
+++ b/backport-CVE-2021-36770.patch
@@ -0,0 +1,36 @@
+From 527e482dc70b035d0df4f8c77a00d81f8d775c74 Mon Sep 17 00:00:00 2001
+From: Dan Kogai <dankogai+github@github.com>
+Date: Mon, 9 Aug 2021 23:19:25 +0900
+Subject: [PATCH] version 3.12 to address CVE-2021-36770
+
+---
+ Encode.pm | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/Encode.pm b/Encode.pm
+index de06ba1..0bb44dd 100644
+--- a/Encode.pm
++++ b/Encode.pm
+@@ -7,7 +7,7 @@ use warnings;
+ use constant DEBUG => !!$ENV{PERL_ENCODE_DEBUG};
+ our $VERSION;
+ BEGIN {
+-    $VERSION = sprintf "%d.%02d", q$Revision: 3.06 $ =~ /(\d+)/g;
++    $VERSION = sprintf "%d.%02d", q$Revision: 3.12 $ =~ /(\d+)/g;
+     require XSLoader;
+     XSLoader::load( __PACKAGE__, $VERSION );
+ }
+@@ -65,8 +65,8 @@ require Encode::Config;
+ eval {
+     local $SIG{__DIE__};
+     local $SIG{__WARN__};
+-    local @INC = @INC || ();
+-    pop @INC if $INC[-1] eq '.';
++    local @INC = @INC;
++    pop @INC if @INC && $INC[-1] eq '.';
+     require Encode::ConfigLocal;
+ };
+ 
+-- 
+2.27.0
+
diff --git a/perl-Encode.spec b/perl-Encode.spec
index 7966148..ee06322 100644
--- a/perl-Encode.spec
+++ b/perl-Encode.spec
@@ -2,11 +2,14 @@
 Name:           perl-Encode
 Epoch:          1
 Version:        %{cpan_version}
-Release:        1
+Release:        2
 Summary:        Character encodings in Perl
 License:        (GPL+ or Artistic) and Artistic 2.0 and UCD
 URL:            https://metacpan.org/release/Encode
 Source0:        https://cpan.metacpan.org/authors/id/D/DA/DANKOGAI/Encode-%{cpan_version}.tar.gz
+
+Patch6000:	backport-CVE-2021-36770.patch
+
 BuildRequires:  findutils gcc make perl-devel perl-generators perl-interpreter perl(Config) perl(ExtUtils::MakeMaker) perl(File::Spec) perl(File::Spec::Functions) perl(strict) perl(warnings)
 BuildRequires:  perl(bytes) perl(Carp) perl(constant) perl(Exporter) perl(File::Basename) perl(File::Find) perl(Filter::Util::Call) perl(Getopt::Long) perl(Getopt::Std)
 BuildRequires:  perl(MIME::Base64) perl(overload) perl(parent) perl(re) perl(Storable) perl(utf8) perl(vars) perl(XSLoader)
@@ -93,6 +96,12 @@ make test
 %{_mandir}/man3/Encode::*
 
 %changelog
+* Mon Feb 28 2022 wangjiang <wangjiang37@h-partners.com> - 1:3.06-2
+- Type:CVE
+- ID:CVE-2021-36770
+- SUG:NA
+- DESC:fix CVE-2021-36770
+
 * Wed Jul 23 2020 xinghe <xinghe1@huawei.com> - 1:3.06-1
 - Type:enhancement
 - ID:NA
-- 
Gitee