Fix merge issues, remove excess files - match perl-5.38.2 dist

ok gkoehler@
Commit and we'll fix fallout bluhm@
Right away, please deraadt@

Fix read/write past buffer end

From upstream commit:

From 7047915eef37fccd93e7cd985c29fe6be54650b6 Mon Sep 17 00:00:00 2001
From: Karl Williamson <khw@cpan.org>
Date: Sat, 9 Sep 2023 11:59:09 -0600
Subject: [PATCH] Fix read/write past buffer end: perl-security#140

A package name may be specified in a \p{...} regular expression
construct. If unspecified, "utf8::" is assumed, which is the package
all official Unicode properties are in. By specifying a different
package, one can create a user-defined property with the same
unqualified name as a Unicode one. Such a property is defined by a sub
whose name begins with "Is" or "In", and if the sub wishes to refer to
an official Unicode property, it must explicitly specify the "utf8::".
S_parse_uniprop_string() is used to parse the interior of both \p{} and
the user-defined sub lines.

In S_parse_uniprop_string(), it parses the input "name" parameter,
creating a modified copy, "lookup_name", malloc'ed with the same size as
"name". The modifications are essentially to create a canonicalized
version of the input, with such things as extraneous white-space
stripped off. I found it convenient to strip off the package specifier
"utf8::". To to so, the code simply pretends "lookup_name" begins just
after the "utf8::", and adjusts various other values to compensate.
However, it missed the adjustment of one required one.

This is only a problem when the property name begins with "perl" and
isn't "perlspace" nor "perlword". All such ones are undocumented
internal properties.

What happens in this case is that the input is reparsed with slightly
different rules in effect as to what is legal versus illegal. The
problem is that "lookup_name" no longer is pointing to its initial
value, but "name" is. Thus the space allocated for filling "lookup_name"
is now shorter than "name", and as this shortened "lookup_name" is
filled by copying suitable portions of "name", the write can be to
unallocated space.

The solution is to skip the "utf8::" when reparsing "name". Then both
"lookup_name" and "name" are effectively shortened by the same amount,
and there is no going off the end.

This commit also does white-space adjustment so that things align
vertically for readability.

branches: 1.33.2; 1.33.4;
Apply local patches - perl-5.36.0

OK bluhm@
a good time naddy@

Fix merge issues, remove excess files - match perl-5.36.0 dist

OK bluhm@
a good time naddy@

Fix merge issues, remove excess files - match perl-5.32.1 dist

OK sthen@

Fix various overflows and state corruption in perl

Found by: ManhND of The Tarantula Team, VinCSS (a member of Vingroup),
Hugo van der Sanden, Slaven Rezic, and Sergey Aleynikov
Fixed by: John Lightsey, Hugo van der Sanden, and Karl Williamson

Addresses:
* CVE-2020-10543
* CVE-2020-10878
* CVE-2020-12723

branches: 1.29.4;
Update perl to 5.30.2

https://metacpan.org/pod/release/SHAY/perl-5.30.2/pod/perldelta.pod

Incompatible Changes
There are no changes intentionally incompatible with 5.30.0.

Updated Modules and Pragmata
* Compress::Raw::Bzip2 has been upgraded from version 2.084 to 2.089.
* Module::CoreList has been upgraded from version 5.20191110 to 5.20200314.

Selected Bug Fixes
* printf() or sprintf() with the %n format no longer cause a panic
on debugging builds, or report an incorrectly cached length value
when producing SVfUTF8 flagged strings.
* A memory leak in regular expression patterns has been fixed.
* A read beyond buffer in grok_infnan has been fixed.
* An assertion failure in the regular expression engine has been fixed.
* (?{...}) eval groups in regular expressions no longer unintentionally
trigger "EVAL without pos change exceeded limit in regex".


Proceed when you feel comfortable. deraadt@

Fix merge issues, remove excess files - match perl-5.30.1 dist

Timing is good deraadt@, OK sthen@

branches: 1.27.4;
Fix merge issues, remove excess files - match perl-5.28.1 dist

looking good sthen@, Great! bluhm@

Fix various overflows in perl

Addresses:
* CVE-2018-18311 (Perl RT #133204)
* CVE-2018-18312 (Perl RT #133423)
* CVE-2018-18313 (Perl RT #133192)
* CVE-2018-18314 (Perl RT #131649)

branches: 1.25.2;
Correct heap overflow bugs in perl

* RT #131844: [CVE-2018-6913] heap-buffer-overflow in S_pack_rec

Reported by GwanYeong Kim, fixed by Tony Cook.

* RT #132063: [CVE-2018-6798] Heap-buffer-overflow in
Perl__byte_dump_string (utf8.c)

Reported by Nguyen Duc Manh, fixed by Karl Williamson, Yves Orton, and
Tony Cook.

* RT #132227: [CVE-2018-6797] heap-buffer-overflow (WRITE of size 1) in
S_regatom (regcomp.c)

Reported by Brian Carpenter, fixed by Yves Orton, Karl Williamson, and
Tony Cook.

Many thanks to deraadt@ tj@ bluhm@ tb@ robert@

branches: 1.24.2;
Fix merge issues, remove excess files - match perl-5.24.3 dist

ok bluhm@

branches: 1.23.4;
A buffer over-read and heap overflow in perl's regexp may result in
a crash or memory leak.

Fixes
* CVE-2017-12883 (Buffer over-read)
* CVE-2017-12837 (Heap overflow when compiling case-insensitive regexp)

Patches by Karl Williamson

branches: 1.22.4;
Fix merge issues, remove excess files - match perl-5.24.1 dist

branches: 1.21.4;
Update to perl 5.20.3

OK bluhm@

Fix merge issues, remove excess files - match perl-5.20.2 dist

Fix merge conflicts, remove extra files, match upstream perl-5.20.1

ok deraadt@ sthen@ espie@ miod@

Merge perl-5.18.2 plus local patches, remove old files

OK espie@ sthen@ deraadt@

merge/resolve conflicts
(some more to do after this one)

merge in perl 5.12.2 plus local changes

- apply fix from upstream git for CVE-2009-3626, which could cause perl to
crash on certain invalid UTF-8 codes.

ok millert@ sthen@

Merge in perl 5.10.1

fix conflicts and merge in local changes to perl 5.10.0

Fix potential heap overflow given a specially crafted regexp.
From Tavis Ormandy; adapted from fixes in the perl 5.9.x codebase.

merge in perl 5.8.8

sync in-tree perl with 5.8.6

merge 5.8.5 into HEAD
remove now-unused files
crank libperl shared library major number
update Makefile.bsd-wrapper
tweak openbsd hints file for arm and m68k

Resolve conflicts for perl 5.8.2, remove old files, and add OpenBSD-specific scaffolding

syncronous -> synchronous

Resolve conflicts, remove old files, merge local changes

merge in perl 5.6.1 with our local changes

perl-5.6.0 + local changes

perl5.005_03 (stock)

perl 5.004_04

branches: 1.1.1;
Initial revision

Fix read/write past buffer end

From upstream commit:

From 7047915eef37fccd93e7cd985c29fe6be54650b6 Mon Sep 17 00:00:00 2001
From: Karl Williamson <khw@cpan.org>
Date: Sat, 9 Sep 2023 11:59:09 -0600
Subject: [PATCH] Fix read/write past buffer end: perl-security#140

A package name may be specified in a \p{...} regular expression
construct. If unspecified, "utf8::" is assumed, which is the package
all official Unicode properties are in. By specifying a different
package, one can create a user-defined property with the same
unqualified name as a Unicode one. Such a property is defined by a sub
whose name begins with "Is" or "In", and if the sub wishes to refer to
an official Unicode property, it must explicitly specify the "utf8::".
S_parse_uniprop_string() is used to parse the interior of both \p{} and
the user-defined sub lines.

In S_parse_uniprop_string(), it parses the input "name" parameter,
creating a modified copy, "lookup_name", malloc'ed with the same size as
"name". The modifications are essentially to create a canonicalized
version of the input, with such things as extraneous white-space
stripped off. I found it convenient to strip off the package specifier
"utf8::". To to so, the code simply pretends "lookup_name" begins just
after the "utf8::", and adjusts various other values to compensate.
However, it missed the adjustment of one required one.

This is only a problem when the property name begins with "perl" and
isn't "perlspace" nor "perlword". All such ones are undocumented
internal properties.

What happens in this case is that the input is reparsed with slightly
different rules in effect as to what is legal versus illegal. The
problem is that "lookup_name" no longer is pointing to its initial
value, but "name" is. Thus the space allocated for filling "lookup_name"
is now shorter than "name", and as this shortened "lookup_name" is
filled by copying suitable portions of "name", the write can be to
unallocated space.

The solution is to skip the "utf8::" when reparsing "name". Then both
"lookup_name" and "name" are effectively shortened by the same amount,
and there is no going off the end.

This commit also does white-space adjustment so that things align
vertically for readability.

Apply local patches - perl-5.36.0

OK bluhm@
a good time naddy@

Fix merge issues, remove excess files - match perl-5.36.0 dist

OK bluhm@
a good time naddy@

Fix merge issues, remove excess files - match perl-5.32.1 dist

OK sthen@

Fix various overflows and state corruption in perl

Found by: ManhND of The Tarantula Team, VinCSS (a member of Vingroup),
Hugo van der Sanden, Slaven Rezic, and Sergey Aleynikov
Fixed by: John Lightsey, Hugo van der Sanden, and Karl Williamson

Addresses:
* CVE-2020-10543
* CVE-2020-10878
* CVE-2020-12723

branches: 1.29.4;
Update perl to 5.30.2

https://metacpan.org/pod/release/SHAY/perl-5.30.2/pod/perldelta.pod

Incompatible Changes
There are no changes intentionally incompatible with 5.30.0.

Updated Modules and Pragmata
* Compress::Raw::Bzip2 has been upgraded from version 2.084 to 2.089.
* Module::CoreList has been upgraded from version 5.20191110 to 5.20200314.

Selected Bug Fixes
* printf() or sprintf() with the %n format no longer cause a panic
on debugging builds, or report an incorrectly cached length value
when producing SVfUTF8 flagged strings.
* A memory leak in regular expression patterns has been fixed.
* A read beyond buffer in grok_infnan has been fixed.
* An assertion failure in the regular expression engine has been fixed.
* (?{...}) eval groups in regular expressions no longer unintentionally
trigger "EVAL without pos change exceeded limit in regex".


Proceed when you feel comfortable. deraadt@

Fix merge issues, remove excess files - match perl-5.30.1 dist

Timing is good deraadt@, OK sthen@

branches: 1.27.4;
Fix merge issues, remove excess files - match perl-5.28.1 dist

looking good sthen@, Great! bluhm@

Fix various overflows in perl

Addresses:
* CVE-2018-18311 (Perl RT #133204)
* CVE-2018-18312 (Perl RT #133423)
* CVE-2018-18313 (Perl RT #133192)
* CVE-2018-18314 (Perl RT #131649)

branches: 1.25.2;
Correct heap overflow bugs in perl

* RT #131844: [CVE-2018-6913] heap-buffer-overflow in S_pack_rec

Reported by GwanYeong Kim, fixed by Tony Cook.

* RT #132063: [CVE-2018-6798] Heap-buffer-overflow in
Perl__byte_dump_string (utf8.c)

Reported by Nguyen Duc Manh, fixed by Karl Williamson, Yves Orton, and
Tony Cook.

* RT #132227: [CVE-2018-6797] heap-buffer-overflow (WRITE of size 1) in
S_regatom (regcomp.c)

Reported by Brian Carpenter, fixed by Yves Orton, Karl Williamson, and
Tony Cook.

Many thanks to deraadt@ tj@ bluhm@ tb@ robert@

branches: 1.24.2;
Fix merge issues, remove excess files - match perl-5.24.3 dist

ok bluhm@

branches: 1.23.4;
A buffer over-read and heap overflow in perl's regexp may result in
a crash or memory leak.

Fixes
* CVE-2017-12883 (Buffer over-read)
* CVE-2017-12837 (Heap overflow when compiling case-insensitive regexp)

Patches by Karl Williamson

branches: 1.22.4;
Fix merge issues, remove excess files - match perl-5.24.1 dist

branches: 1.21.4;
Update to perl 5.20.3

OK bluhm@

Fix merge issues, remove excess files - match perl-5.20.2 dist

Fix merge conflicts, remove extra files, match upstream perl-5.20.1

ok deraadt@ sthen@ espie@ miod@

Merge perl-5.18.2 plus local patches, remove old files

OK espie@ sthen@ deraadt@

merge/resolve conflicts
(some more to do after this one)

merge in perl 5.12.2 plus local changes

- apply fix from upstream git for CVE-2009-3626, which could cause perl to
crash on certain invalid UTF-8 codes.

ok millert@ sthen@

Merge in perl 5.10.1

fix conflicts and merge in local changes to perl 5.10.0

Fix potential heap overflow given a specially crafted regexp.
From Tavis Ormandy; adapted from fixes in the perl 5.9.x codebase.

merge in perl 5.8.8

sync in-tree perl with 5.8.6

merge 5.8.5 into HEAD
remove now-unused files
crank libperl shared library major number
update Makefile.bsd-wrapper
tweak openbsd hints file for arm and m68k

Resolve conflicts for perl 5.8.2, remove old files, and add OpenBSD-specific scaffolding

syncronous -> synchronous

Resolve conflicts, remove old files, merge local changes

merge in perl 5.6.1 with our local changes

perl-5.6.0 + local changes

perl5.005_03 (stock)

perl 5.004_04

branches: 1.1.1;
Initial revision

Apply local patches - perl-5.36.0

OK bluhm@
a good time naddy@

Fix merge issues, remove excess files - match perl-5.36.0 dist

OK bluhm@
a good time naddy@

Fix merge issues, remove excess files - match perl-5.32.1 dist

OK sthen@

Fix various overflows and state corruption in perl

Found by: ManhND of The Tarantula Team, VinCSS (a member of Vingroup),
Hugo van der Sanden, Slaven Rezic, and Sergey Aleynikov
Fixed by: John Lightsey, Hugo van der Sanden, and Karl Williamson

Addresses:
* CVE-2020-10543
* CVE-2020-10878
* CVE-2020-12723

branches: 1.29.4;
Update perl to 5.30.2

https://metacpan.org/pod/release/SHAY/perl-5.30.2/pod/perldelta.pod

Incompatible Changes
There are no changes intentionally incompatible with 5.30.0.

Updated Modules and Pragmata
* Compress::Raw::Bzip2 has been upgraded from version 2.084 to 2.089.
* Module::CoreList has been upgraded from version 5.20191110 to 5.20200314.

Selected Bug Fixes
* printf() or sprintf() with the %n format no longer cause a panic
on debugging builds, or report an incorrectly cached length value
when producing SVfUTF8 flagged strings.
* A memory leak in regular expression patterns has been fixed.
* A read beyond buffer in grok_infnan has been fixed.
* An assertion failure in the regular expression engine has been fixed.
* (?{...}) eval groups in regular expressions no longer unintentionally
trigger "EVAL without pos change exceeded limit in regex".


Proceed when you feel comfortable. deraadt@

Fix merge issues, remove excess files - match perl-5.30.1 dist

Timing is good deraadt@, OK sthen@

branches: 1.27.4;
Fix merge issues, remove excess files - match perl-5.28.1 dist

looking good sthen@, Great! bluhm@

Fix various overflows in perl

Addresses:
* CVE-2018-18311 (Perl RT #133204)
* CVE-2018-18312 (Perl RT #133423)
* CVE-2018-18313 (Perl RT #133192)
* CVE-2018-18314 (Perl RT #131649)

branches: 1.25.2;
Correct heap overflow bugs in perl

* RT #131844: [CVE-2018-6913] heap-buffer-overflow in S_pack_rec

Reported by GwanYeong Kim, fixed by Tony Cook.

* RT #132063: [CVE-2018-6798] Heap-buffer-overflow in
Perl__byte_dump_string (utf8.c)

Reported by Nguyen Duc Manh, fixed by Karl Williamson, Yves Orton, and
Tony Cook.

* RT #132227: [CVE-2018-6797] heap-buffer-overflow (WRITE of size 1) in
S_regatom (regcomp.c)

Reported by Brian Carpenter, fixed by Yves Orton, Karl Williamson, and
Tony Cook.

Many thanks to deraadt@ tj@ bluhm@ tb@ robert@

branches: 1.24.2;
Fix merge issues, remove excess files - match perl-5.24.3 dist

ok bluhm@

branches: 1.23.4;
A buffer over-read and heap overflow in perl's regexp may result in
a crash or memory leak.

Fixes
* CVE-2017-12883 (Buffer over-read)
* CVE-2017-12837 (Heap overflow when compiling case-insensitive regexp)

Patches by Karl Williamson

branches: 1.22.4;
Fix merge issues, remove excess files - match perl-5.24.1 dist

branches: 1.21.4;
Update to perl 5.20.3

OK bluhm@

Fix merge issues, remove excess files - match perl-5.20.2 dist

Fix merge conflicts, remove extra files, match upstream perl-5.20.1

ok deraadt@ sthen@ espie@ miod@

Merge perl-5.18.2 plus local patches, remove old files

OK espie@ sthen@ deraadt@

merge/resolve conflicts
(some more to do after this one)

merge in perl 5.12.2 plus local changes

- apply fix from upstream git for CVE-2009-3626, which could cause perl to
crash on certain invalid UTF-8 codes.

ok millert@ sthen@

Merge in perl 5.10.1

fix conflicts and merge in local changes to perl 5.10.0

Fix potential heap overflow given a specially crafted regexp.
From Tavis Ormandy; adapted from fixes in the perl 5.9.x codebase.

merge in perl 5.8.8

sync in-tree perl with 5.8.6

merge 5.8.5 into HEAD
remove now-unused files
crank libperl shared library major number
update Makefile.bsd-wrapper
tweak openbsd hints file for arm and m68k

Resolve conflicts for perl 5.8.2, remove old files, and add OpenBSD-specific scaffolding

syncronous -> synchronous

Resolve conflicts, remove old files, merge local changes

merge in perl 5.6.1 with our local changes

perl-5.6.0 + local changes

perl5.005_03 (stock)

perl 5.004_04

branches: 1.1.1;
Initial revision

Fix merge issues, remove excess files - match perl-5.32.1 dist

OK sthen@

Fix various overflows and state corruption in perl

Found by: ManhND of The Tarantula Team, VinCSS (a member of Vingroup),
Hugo van der Sanden, Slaven Rezic, and Sergey Aleynikov
Fixed by: John Lightsey, Hugo van der Sanden, and Karl Williamson

Addresses:
* CVE-2020-10543
* CVE-2020-10878
* CVE-2020-12723

branches: 1.29.4;
Update perl to 5.30.2

https://metacpan.org/pod/release/SHAY/perl-5.30.2/pod/perldelta.pod

Incompatible Changes
There are no changes intentionally incompatible with 5.30.0.

Updated Modules and Pragmata
* Compress::Raw::Bzip2 has been upgraded from version 2.084 to 2.089.
* Module::CoreList has been upgraded from version 5.20191110 to 5.20200314.

Selected Bug Fixes
* printf() or sprintf() with the %n format no longer cause a panic
on debugging builds, or report an incorrectly cached length value
when producing SVfUTF8 flagged strings.
* A memory leak in regular expression patterns has been fixed.
* A read beyond buffer in grok_infnan has been fixed.
* An assertion failure in the regular expression engine has been fixed.
* (?{...}) eval groups in regular expressions no longer unintentionally
trigger "EVAL without pos change exceeded limit in regex".


Proceed when you feel comfortable. deraadt@

Fix merge issues, remove excess files - match perl-5.30.1 dist

Timing is good deraadt@, OK sthen@

branches: 1.27.4;
Fix merge issues, remove excess files - match perl-5.28.1 dist

looking good sthen@, Great! bluhm@

Fix various overflows in perl

Addresses:
* CVE-2018-18311 (Perl RT #133204)
* CVE-2018-18312 (Perl RT #133423)
* CVE-2018-18313 (Perl RT #133192)
* CVE-2018-18314 (Perl RT #131649)

branches: 1.25.2;
Correct heap overflow bugs in perl

* RT #131844: [CVE-2018-6913] heap-buffer-overflow in S_pack_rec

Reported by GwanYeong Kim, fixed by Tony Cook.

* RT #132063: [CVE-2018-6798] Heap-buffer-overflow in
Perl__byte_dump_string (utf8.c)

Reported by Nguyen Duc Manh, fixed by Karl Williamson, Yves Orton, and
Tony Cook.

* RT #132227: [CVE-2018-6797] heap-buffer-overflow (WRITE of size 1) in
S_regatom (regcomp.c)

Reported by Brian Carpenter, fixed by Yves Orton, Karl Williamson, and
Tony Cook.

Many thanks to deraadt@ tj@ bluhm@ tb@ robert@

branches: 1.24.2;
Fix merge issues, remove excess files - match perl-5.24.3 dist

ok bluhm@

branches: 1.23.4;
A buffer over-read and heap overflow in perl's regexp may result in
a crash or memory leak.

Fixes
* CVE-2017-12883 (Buffer over-read)
* CVE-2017-12837 (Heap overflow when compiling case-insensitive regexp)

Patches by Karl Williamson

branches: 1.22.4;
Fix merge issues, remove excess files - match perl-5.24.1 dist

branches: 1.21.4;
Update to perl 5.20.3

OK bluhm@

Fix merge issues, remove excess files - match perl-5.20.2 dist

Fix merge conflicts, remove extra files, match upstream perl-5.20.1

ok deraadt@ sthen@ espie@ miod@

Merge perl-5.18.2 plus local patches, remove old files

OK espie@ sthen@ deraadt@

merge/resolve conflicts
(some more to do after this one)

merge in perl 5.12.2 plus local changes

- apply fix from upstream git for CVE-2009-3626, which could cause perl to
crash on certain invalid UTF-8 codes.

ok millert@ sthen@

Merge in perl 5.10.1

fix conflicts and merge in local changes to perl 5.10.0

Fix potential heap overflow given a specially crafted regexp.
From Tavis Ormandy; adapted from fixes in the perl 5.9.x codebase.

merge in perl 5.8.8

sync in-tree perl with 5.8.6

merge 5.8.5 into HEAD
remove now-unused files
crank libperl shared library major number
update Makefile.bsd-wrapper
tweak openbsd hints file for arm and m68k

Resolve conflicts for perl 5.8.2, remove old files, and add OpenBSD-specific scaffolding

syncronous -> synchronous

Resolve conflicts, remove old files, merge local changes

merge in perl 5.6.1 with our local changes

perl-5.6.0 + local changes

perl5.005_03 (stock)

perl 5.004_04

branches: 1.1.1;
Initial revision

Fix various overflows and state corruption in perl

Found by: ManhND of The Tarantula Team, VinCSS (a member of Vingroup),
Hugo van der Sanden, Slaven Rezic, and Sergey Aleynikov
Fixed by: John Lightsey, Hugo van der Sanden, and Karl Williamson

Addresses:
* CVE-2020-10543
* CVE-2020-10878
* CVE-2020-12723

branches: 1.29.4;
Update perl to 5.30.2

https://metacpan.org/pod/release/SHAY/perl-5.30.2/pod/perldelta.pod

Incompatible Changes
There are no changes intentionally incompatible with 5.30.0.

Updated Modules and Pragmata
* Compress::Raw::Bzip2 has been upgraded from version 2.084 to 2.089.
* Module::CoreList has been upgraded from version 5.20191110 to 5.20200314.

Selected Bug Fixes
* printf() or sprintf() with the %n format no longer cause a panic
on debugging builds, or report an incorrectly cached length value
when producing SVfUTF8 flagged strings.
* A memory leak in regular expression patterns has been fixed.
* A read beyond buffer in grok_infnan has been fixed.
* An assertion failure in the regular expression engine has been fixed.
* (?{...}) eval groups in regular expressions no longer unintentionally
trigger "EVAL without pos change exceeded limit in regex".


Proceed when you feel comfortable. deraadt@

Fix merge issues, remove excess files - match perl-5.30.1 dist

Timing is good deraadt@, OK sthen@

branches: 1.27.4;
Fix merge issues, remove excess files - match perl-5.28.1 dist

looking good sthen@, Great! bluhm@

Fix various overflows in perl

Addresses:
* CVE-2018-18311 (Perl RT #133204)
* CVE-2018-18312 (Perl RT #133423)
* CVE-2018-18313 (Perl RT #133192)
* CVE-2018-18314 (Perl RT #131649)

branches: 1.25.2;
Correct heap overflow bugs in perl

* RT #131844: [CVE-2018-6913] heap-buffer-overflow in S_pack_rec

Reported by GwanYeong Kim, fixed by Tony Cook.

* RT #132063: [CVE-2018-6798] Heap-buffer-overflow in
Perl__byte_dump_string (utf8.c)

Reported by Nguyen Duc Manh, fixed by Karl Williamson, Yves Orton, and
Tony Cook.

* RT #132227: [CVE-2018-6797] heap-buffer-overflow (WRITE of size 1) in
S_regatom (regcomp.c)

Reported by Brian Carpenter, fixed by Yves Orton, Karl Williamson, and
Tony Cook.

Many thanks to deraadt@ tj@ bluhm@ tb@ robert@

branches: 1.24.2;
Fix merge issues, remove excess files - match perl-5.24.3 dist

ok bluhm@

branches: 1.23.4;
A buffer over-read and heap overflow in perl's regexp may result in
a crash or memory leak.

Fixes
* CVE-2017-12883 (Buffer over-read)
* CVE-2017-12837 (Heap overflow when compiling case-insensitive regexp)

Patches by Karl Williamson

branches: 1.22.4;
Fix merge issues, remove excess files - match perl-5.24.1 dist

branches: 1.21.4;
Update to perl 5.20.3

OK bluhm@

Fix merge issues, remove excess files - match perl-5.20.2 dist

Fix merge conflicts, remove extra files, match upstream perl-5.20.1

ok deraadt@ sthen@ espie@ miod@

Merge perl-5.18.2 plus local patches, remove old files

OK espie@ sthen@ deraadt@

merge/resolve conflicts
(some more to do after this one)

merge in perl 5.12.2 plus local changes

- apply fix from upstream git for CVE-2009-3626, which could cause perl to
crash on certain invalid UTF-8 codes.

ok millert@ sthen@

Merge in perl 5.10.1

fix conflicts and merge in local changes to perl 5.10.0

Fix potential heap overflow given a specially crafted regexp.
From Tavis Ormandy; adapted from fixes in the perl 5.9.x codebase.

merge in perl 5.8.8

sync in-tree perl with 5.8.6

merge 5.8.5 into HEAD
remove now-unused files
crank libperl shared library major number
update Makefile.bsd-wrapper
tweak openbsd hints file for arm and m68k

Resolve conflicts for perl 5.8.2, remove old files, and add OpenBSD-specific scaffolding

syncronous -> synchronous

Resolve conflicts, remove old files, merge local changes

merge in perl 5.6.1 with our local changes

perl-5.6.0 + local changes

perl5.005_03 (stock)

perl 5.004_04

branches: 1.1.1;
Initial revision

Update perl to 5.30.2

https://metacpan.org/pod/release/SHAY/perl-5.30.2/pod/perldelta.pod

Incompatible Changes
There are no changes intentionally incompatible with 5.30.0.

Updated Modules and Pragmata
* Compress::Raw::Bzip2 has been upgraded from version 2.084 to 2.089.
* Module::CoreList has been upgraded from version 5.20191110 to 5.20200314.

Selected Bug Fixes
* printf() or sprintf() with the %n format no longer cause a panic
on debugging builds, or report an incorrectly cached length value
when producing SVfUTF8 flagged strings.
* A memory leak in regular expression patterns has been fixed.
* A read beyond buffer in grok_infnan has been fixed.
* An assertion failure in the regular expression engine has been fixed.
* (?{...}) eval groups in regular expressions no longer unintentionally
trigger "EVAL without pos change exceeded limit in regex".


Proceed when you feel comfortable. deraadt@

Fix merge issues, remove excess files - match perl-5.30.1 dist

Timing is good deraadt@, OK sthen@

Fix merge issues, remove excess files - match perl-5.28.1 dist

looking good sthen@, Great! bluhm@

Fix various overflows in perl

Addresses:
* CVE-2018-18311 (Perl RT #133204)
* CVE-2018-18312 (Perl RT #133423)
* CVE-2018-18313 (Perl RT #133192)
* CVE-2018-18314 (Perl RT #131649)

branches: 1.25.2;
Correct heap overflow bugs in perl

* RT #131844: [CVE-2018-6913] heap-buffer-overflow in S_pack_rec

Reported by GwanYeong Kim, fixed by Tony Cook.

* RT #132063: [CVE-2018-6798] Heap-buffer-overflow in
Perl__byte_dump_string (utf8.c)

Reported by Nguyen Duc Manh, fixed by Karl Williamson, Yves Orton, and
Tony Cook.

* RT #132227: [CVE-2018-6797] heap-buffer-overflow (WRITE of size 1) in
S_regatom (regcomp.c)

Reported by Brian Carpenter, fixed by Yves Orton, Karl Williamson, and
Tony Cook.

Many thanks to deraadt@ tj@ bluhm@ tb@ robert@

branches: 1.24.2;
Fix merge issues, remove excess files - match perl-5.24.3 dist

ok bluhm@

branches: 1.23.4;
A buffer over-read and heap overflow in perl's regexp may result in
a crash or memory leak.

Fixes
* CVE-2017-12883 (Buffer over-read)
* CVE-2017-12837 (Heap overflow when compiling case-insensitive regexp)

Patches by Karl Williamson

branches: 1.22.4;
Fix merge issues, remove excess files - match perl-5.24.1 dist

branches: 1.21.4;
Update to perl 5.20.3

OK bluhm@

Fix merge issues, remove excess files - match perl-5.20.2 dist

Fix merge conflicts, remove extra files, match upstream perl-5.20.1

ok deraadt@ sthen@ espie@ miod@

Merge perl-5.18.2 plus local patches, remove old files

OK espie@ sthen@ deraadt@

merge/resolve conflicts
(some more to do after this one)

merge in perl 5.12.2 plus local changes

- apply fix from upstream git for CVE-2009-3626, which could cause perl to
crash on certain invalid UTF-8 codes.

ok millert@ sthen@

Merge in perl 5.10.1

fix conflicts and merge in local changes to perl 5.10.0

Fix potential heap overflow given a specially crafted regexp.
From Tavis Ormandy; adapted from fixes in the perl 5.9.x codebase.

merge in perl 5.8.8

sync in-tree perl with 5.8.6

merge 5.8.5 into HEAD
remove now-unused files
crank libperl shared library major number
update Makefile.bsd-wrapper
tweak openbsd hints file for arm and m68k

Resolve conflicts for perl 5.8.2, remove old files, and add OpenBSD-specific scaffolding

syncronous -> synchronous

Resolve conflicts, remove old files, merge local changes

merge in perl 5.6.1 with our local changes

perl-5.6.0 + local changes

perl5.005_03 (stock)

perl 5.004_04

branches: 1.1.1;
Initial revision

Fix merge issues, remove excess files - match perl-5.30.1 dist

Timing is good deraadt@, OK sthen@

Fix merge issues, remove excess files - match perl-5.28.1 dist

looking good sthen@, Great! bluhm@

Fix various overflows in perl

Addresses:
* CVE-2018-18311 (Perl RT #133204)
* CVE-2018-18312 (Perl RT #133423)
* CVE-2018-18313 (Perl RT #133192)
* CVE-2018-18314 (Perl RT #131649)

branches: 1.25.2;
Correct heap overflow bugs in perl

* RT #131844: [CVE-2018-6913] heap-buffer-overflow in S_pack_rec

Reported by GwanYeong Kim, fixed by Tony Cook.

* RT #132063: [CVE-2018-6798] Heap-buffer-overflow in
Perl__byte_dump_string (utf8.c)

Reported by Nguyen Duc Manh, fixed by Karl Williamson, Yves Orton, and
Tony Cook.

* RT #132227: [CVE-2018-6797] heap-buffer-overflow (WRITE of size 1) in
S_regatom (regcomp.c)

Reported by Brian Carpenter, fixed by Yves Orton, Karl Williamson, and
Tony Cook.

Many thanks to deraadt@ tj@ bluhm@ tb@ robert@

branches: 1.24.2;
Fix merge issues, remove excess files - match perl-5.24.3 dist

ok bluhm@

branches: 1.23.4;
A buffer over-read and heap overflow in perl's regexp may result in
a crash or memory leak.

Fixes
* CVE-2017-12883 (Buffer over-read)
* CVE-2017-12837 (Heap overflow when compiling case-insensitive regexp)

Patches by Karl Williamson

branches: 1.22.4;
Fix merge issues, remove excess files - match perl-5.24.1 dist

branches: 1.21.4;
Update to perl 5.20.3

OK bluhm@

Fix merge issues, remove excess files - match perl-5.20.2 dist

Fix merge conflicts, remove extra files, match upstream perl-5.20.1

ok deraadt@ sthen@ espie@ miod@

Merge perl-5.18.2 plus local patches, remove old files

OK espie@ sthen@ deraadt@

merge/resolve conflicts
(some more to do after this one)

merge in perl 5.12.2 plus local changes

- apply fix from upstream git for CVE-2009-3626, which could cause perl to
crash on certain invalid UTF-8 codes.

ok millert@ sthen@

Merge in perl 5.10.1

fix conflicts and merge in local changes to perl 5.10.0

Fix potential heap overflow given a specially crafted regexp.
From Tavis Ormandy; adapted from fixes in the perl 5.9.x codebase.

merge in perl 5.8.8

sync in-tree perl with 5.8.6

merge 5.8.5 into HEAD
remove now-unused files
crank libperl shared library major number
update Makefile.bsd-wrapper
tweak openbsd hints file for arm and m68k

Resolve conflicts for perl 5.8.2, remove old files, and add OpenBSD-specific scaffolding

syncronous -> synchronous

Resolve conflicts, remove old files, merge local changes

merge in perl 5.6.1 with our local changes

perl-5.6.0 + local changes

perl5.005_03 (stock)

perl 5.004_04

branches: 1.1.1;
Initial revision

Fix merge issues, remove excess files - match perl-5.28.1 dist

looking good sthen@, Great! bluhm@

Fix various overflows in perl

Addresses:
* CVE-2018-18311 (Perl RT #133204)
* CVE-2018-18312 (Perl RT #133423)
* CVE-2018-18313 (Perl RT #133192)
* CVE-2018-18314 (Perl RT #131649)

branches: 1.25.2;
Correct heap overflow bugs in perl

* RT #131844: [CVE-2018-6913] heap-buffer-overflow in S_pack_rec

Reported by GwanYeong Kim, fixed by Tony Cook.

* RT #132063: [CVE-2018-6798] Heap-buffer-overflow in
Perl__byte_dump_string (utf8.c)

Reported by Nguyen Duc Manh, fixed by Karl Williamson, Yves Orton, and
Tony Cook.

* RT #132227: [CVE-2018-6797] heap-buffer-overflow (WRITE of size 1) in
S_regatom (regcomp.c)

Reported by Brian Carpenter, fixed by Yves Orton, Karl Williamson, and
Tony Cook.

Many thanks to deraadt@ tj@ bluhm@ tb@ robert@

branches: 1.24.2;
Fix merge issues, remove excess files - match perl-5.24.3 dist

ok bluhm@

branches: 1.23.4;
A buffer over-read and heap overflow in perl's regexp may result in
a crash or memory leak.

Fixes
* CVE-2017-12883 (Buffer over-read)
* CVE-2017-12837 (Heap overflow when compiling case-insensitive regexp)

Patches by Karl Williamson

branches: 1.22.4;
Fix merge issues, remove excess files - match perl-5.24.1 dist

branches: 1.21.4;
Update to perl 5.20.3

OK bluhm@

Fix merge issues, remove excess files - match perl-5.20.2 dist

Fix merge conflicts, remove extra files, match upstream perl-5.20.1

ok deraadt@ sthen@ espie@ miod@

Merge perl-5.18.2 plus local patches, remove old files

OK espie@ sthen@ deraadt@

merge/resolve conflicts
(some more to do after this one)

merge in perl 5.12.2 plus local changes

- apply fix from upstream git for CVE-2009-3626, which could cause perl to
crash on certain invalid UTF-8 codes.

ok millert@ sthen@

Merge in perl 5.10.1

fix conflicts and merge in local changes to perl 5.10.0

Fix potential heap overflow given a specially crafted regexp.
From Tavis Ormandy; adapted from fixes in the perl 5.9.x codebase.

merge in perl 5.8.8

sync in-tree perl with 5.8.6

merge 5.8.5 into HEAD
remove now-unused files
crank libperl shared library major number
update Makefile.bsd-wrapper
tweak openbsd hints file for arm and m68k

Resolve conflicts for perl 5.8.2, remove old files, and add OpenBSD-specific scaffolding

syncronous -> synchronous

Resolve conflicts, remove old files, merge local changes

merge in perl 5.6.1 with our local changes

perl-5.6.0 + local changes

perl5.005_03 (stock)

perl 5.004_04

branches: 1.1.1;
Initial revision

Fix various overflows in perl

Addresses:
* CVE-2018-18311 (Perl RT #133204)
* CVE-2018-18312 (Perl RT #133423)
* CVE-2018-18313 (Perl RT #133192)
* CVE-2018-18314 (Perl RT #131649)

branches: 1.25.2;
Correct heap overflow bugs in perl

* RT #131844: [CVE-2018-6913] heap-buffer-overflow in S_pack_rec

Reported by GwanYeong Kim, fixed by Tony Cook.

* RT #132063: [CVE-2018-6798] Heap-buffer-overflow in
Perl__byte_dump_string (utf8.c)

Reported by Nguyen Duc Manh, fixed by Karl Williamson, Yves Orton, and
Tony Cook.

* RT #132227: [CVE-2018-6797] heap-buffer-overflow (WRITE of size 1) in
S_regatom (regcomp.c)

Reported by Brian Carpenter, fixed by Yves Orton, Karl Williamson, and
Tony Cook.

Many thanks to deraadt@ tj@ bluhm@ tb@ robert@

branches: 1.24.2;
Fix merge issues, remove excess files - match perl-5.24.3 dist

ok bluhm@

branches: 1.23.4;
A buffer over-read and heap overflow in perl's regexp may result in
a crash or memory leak.

Fixes
* CVE-2017-12883 (Buffer over-read)
* CVE-2017-12837 (Heap overflow when compiling case-insensitive regexp)

Patches by Karl Williamson

branches: 1.22.4;
Fix merge issues, remove excess files - match perl-5.24.1 dist

branches: 1.21.4;
Update to perl 5.20.3

OK bluhm@

Fix merge issues, remove excess files - match perl-5.20.2 dist

Fix merge conflicts, remove extra files, match upstream perl-5.20.1

ok deraadt@ sthen@ espie@ miod@

Merge perl-5.18.2 plus local patches, remove old files

OK espie@ sthen@ deraadt@

merge/resolve conflicts
(some more to do after this one)

merge in perl 5.12.2 plus local changes

- apply fix from upstream git for CVE-2009-3626, which could cause perl to
crash on certain invalid UTF-8 codes.

ok millert@ sthen@

Merge in perl 5.10.1

fix conflicts and merge in local changes to perl 5.10.0

Fix potential heap overflow given a specially crafted regexp.
From Tavis Ormandy; adapted from fixes in the perl 5.9.x codebase.

merge in perl 5.8.8

sync in-tree perl with 5.8.6

merge 5.8.5 into HEAD
remove now-unused files
crank libperl shared library major number
update Makefile.bsd-wrapper
tweak openbsd hints file for arm and m68k

Resolve conflicts for perl 5.8.2, remove old files, and add OpenBSD-specific scaffolding

syncronous -> synchronous

Resolve conflicts, remove old files, merge local changes

merge in perl 5.6.1 with our local changes

perl-5.6.0 + local changes

perl5.005_03 (stock)

perl 5.004_04

branches: 1.1.1;
Initial revision

Correct heap overflow bugs in perl

* RT #131844: [CVE-2018-6913] heap-buffer-overflow in S_pack_rec

Reported by GwanYeong Kim, fixed by Tony Cook.

* RT #132063: [CVE-2018-6798] Heap-buffer-overflow in
Perl__byte_dump_string (utf8.c)

Reported by Nguyen Duc Manh, fixed by Karl Williamson, Yves Orton, and
Tony Cook.

* RT #132227: [CVE-2018-6797] heap-buffer-overflow (WRITE of size 1) in
S_regatom (regcomp.c)

Reported by Brian Carpenter, fixed by Yves Orton, Karl Williamson, and
Tony Cook.

Many thanks to deraadt@ tj@ bluhm@ tb@ robert@

branches: 1.24.2;
Fix merge issues, remove excess files - match perl-5.24.3 dist

ok bluhm@

branches: 1.23.4;
A buffer over-read and heap overflow in perl's regexp may result in
a crash or memory leak.

Fixes
* CVE-2017-12883 (Buffer over-read)
* CVE-2017-12837 (Heap overflow when compiling case-insensitive regexp)

Patches by Karl Williamson

branches: 1.22.4;
Fix merge issues, remove excess files - match perl-5.24.1 dist

branches: 1.21.4;
Update to perl 5.20.3

OK bluhm@

Fix merge issues, remove excess files - match perl-5.20.2 dist

Fix merge conflicts, remove extra files, match upstream perl-5.20.1

ok deraadt@ sthen@ espie@ miod@

Merge perl-5.18.2 plus local patches, remove old files

OK espie@ sthen@ deraadt@

merge/resolve conflicts
(some more to do after this one)

merge in perl 5.12.2 plus local changes

- apply fix from upstream git for CVE-2009-3626, which could cause perl to
crash on certain invalid UTF-8 codes.

ok millert@ sthen@

Merge in perl 5.10.1

fix conflicts and merge in local changes to perl 5.10.0

Fix potential heap overflow given a specially crafted regexp.
From Tavis Ormandy; adapted from fixes in the perl 5.9.x codebase.

merge in perl 5.8.8

sync in-tree perl with 5.8.6

merge 5.8.5 into HEAD
remove now-unused files
crank libperl shared library major number
update Makefile.bsd-wrapper
tweak openbsd hints file for arm and m68k

Resolve conflicts for perl 5.8.2, remove old files, and add OpenBSD-specific scaffolding

syncronous -> synchronous

Resolve conflicts, remove old files, merge local changes

merge in perl 5.6.1 with our local changes

perl-5.6.0 + local changes

perl5.005_03 (stock)

perl 5.004_04

branches: 1.1.1;
Initial revision

Fix merge issues, remove excess files - match perl-5.24.3 dist

ok bluhm@

A buffer over-read and heap overflow in perl's regexp may result in
a crash or memory leak.

Fixes
* CVE-2017-12883 (Buffer over-read)
* CVE-2017-12837 (Heap overflow when compiling case-insensitive regexp)

Patches by Karl Williamson

branches: 1.22.4;
Fix merge issues, remove excess files - match perl-5.24.1 dist

branches: 1.21.4;
Update to perl 5.20.3

OK bluhm@

Fix merge issues, remove excess files - match perl-5.20.2 dist

Fix merge conflicts, remove extra files, match upstream perl-5.20.1

ok deraadt@ sthen@ espie@ miod@

Merge perl-5.18.2 plus local patches, remove old files

OK espie@ sthen@ deraadt@

merge/resolve conflicts
(some more to do after this one)

merge in perl 5.12.2 plus local changes

- apply fix from upstream git for CVE-2009-3626, which could cause perl to
crash on certain invalid UTF-8 codes.

ok millert@ sthen@

Merge in perl 5.10.1

fix conflicts and merge in local changes to perl 5.10.0

Fix potential heap overflow given a specially crafted regexp.
From Tavis Ormandy; adapted from fixes in the perl 5.9.x codebase.

merge in perl 5.8.8

sync in-tree perl with 5.8.6

merge 5.8.5 into HEAD
remove now-unused files
crank libperl shared library major number
update Makefile.bsd-wrapper
tweak openbsd hints file for arm and m68k

Resolve conflicts for perl 5.8.2, remove old files, and add OpenBSD-specific scaffolding

syncronous -> synchronous

Resolve conflicts, remove old files, merge local changes

merge in perl 5.6.1 with our local changes

perl-5.6.0 + local changes

perl5.005_03 (stock)

perl 5.004_04

branches: 1.1.1;
Initial revision