poky/meta/recipes-devtools/perl/perl/CVE-2018-18312.patch

From 497e246e999d14efabd820c47b013d4607dbc344 Mon Sep 17 00:00:00 2001
From: Karl Williamson <khw@cpan.org>
Date: Mon, 24 Sep 2018 11:54:41 -0600
Subject: [PATCH 1/3] PATCH: [perl #133423] for 5.26 maint

CVE: CVE-2018-18312
Upstream-Status: Backport
[https://perl5.git.perl.org/perl.git/commit/5dfd9842f2802803604cf517016d4d0518226006]

Signed-off-by: Dan Tran <dantran@microsoft.com>
---
 regcomp.c       | 1 -
 t/re/reg_mesg.t | 5 +++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/regcomp.c b/regcomp.c
index edfae9cffd..00d26d9290 100644
--- a/regcomp.c
+++ b/regcomp.c
@@ -14872,7 +14872,6 @@ redo_curchar:
                     RExC_parse++;
                     assert(UCHARAT(RExC_parse) == ')');
 
-                    RExC_parse++;
                     RExC_flags = save_flags;
                     goto handle_operand;
                 }
diff --git a/t/re/reg_mesg.t b/t/re/reg_mesg.t
index 08d90c5c40..658397ac27 100644
--- a/t/re/reg_mesg.t
+++ b/t/re/reg_mesg.t
@@ -93,6 +93,8 @@ my $high_mixed_digit = ('A' lt '0') ? '0' : 'A';
 my $colon_hex = sprintf "%02X", ord(":");
 my $tab_hex = sprintf "%02X", ord("\t");
 
+my $bug133423 = "(?[(?^:(?[\\\x00]))\\]\x00|2[^^]\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80])R.\\670";
+
 ##
 ## Key-value pairs of code/error of code that should have fatal errors.
 ##
@@ -269,6 +271,9 @@ my @death =
  '/(?[()-!])/' => 'Incomplete expression within \'(?[ ])\' {#} m/(?[(){#}-!])/',    # [perl #126204]
  '/(?[!()])/' => 'Incomplete expression within \'(?[ ])\' {#} m/(?[!(){#}])/',      # [perl #126404]
  '/(?<=/' => 'Sequence (?... not terminated {#} m/(?<={#}/',                        # [perl #128170]
+ "/$bug133423/" => "Operand with no preceding operator {#} m/(?[(?^:(?[\\]))\\{#}]|2[^^]\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80])R.\\670/",
+
+
 );
 
 # These are messages that are warnings when not strict; death under 'use re
-- 
2.22.0.vfs.1.1.57.gbaf16c8