Encode.pm: apply a local patch for CVE-2021-36770

I expect Encode to see a new release today. Without this fix, Encode::ConfigLocal can be loaded from a path relative to the current directory, because the || operator will evaluate @inc in scalar context, putting an integer as the only value in @inc.
Perl · Aug 9, 2021 · c1a937f · c1a937f
1 parent 84bf45e
commit c1a937f
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/cpan/Encode/Encode.pm b/cpan/Encode/Encode.pm
@@ -7,7 +7,8 @@ use warnings;
 use constant DEBUG => !!$ENV{PERL_ENCODE_DEBUG};
 our $VERSION;
 BEGIN {
-    $VERSION = sprintf "%d.%02d", q$Revision: 3.10 $ =~ /(\d+)/g;
+    $VERSION = "3.10_01";
+    $VERSION = eval $VERSION;
     require XSLoader;
     XSLoader::load( __PACKAGE__, $VERSION );
 }
@@ -65,8 +66,8 @@ require Encode::Config;
 eval {
     local $SIG{__DIE__};
     local $SIG{__WARN__};
-    local @INC = @INC || ();
-    pop @INC if $INC[-1] eq '.';
+    local @INC = @INC;
+    pop @INC if @INC && $INC[-1] eq '.';
     require Encode::ConfigLocal;
 };