Branch: refs/heads/blead Home: https://github.com/Perl/perl5 Commit: 30228cdc40a106845f279082f032011abc99e09d https://github.com/Perl/perl5/commit/30228cdc40a106845f279082f032011abc99e09d Author: Hugo van der Sanden <h...@crypt.org> Date: 2020-06-01 (Mon, 01 Jun 2020)
Changed paths: M embed.fnc M embed.h M proto.h M regcomp.c Log Message: ----------- study_chunk: extract rck_elide_nothing (CVE-2020-10878) (cherry picked from commit 4fccd2d99bdeb28c2937c3220ea5334999564aa8) Commit: 4b4b1fbd0d43429c43d5de8857f3266daba1dd66 https://github.com/Perl/perl5/commit/4b4b1fbd0d43429c43d5de8857f3266daba1dd66 Author: Karl Williamson <k...@cpan.org> Date: 2020-06-01 (Mon, 01 Jun 2020) Changed paths: M regcomp.c Log Message: ----------- regcomp: use long jumps if there is any possibility of overflow (CVE-2020-10878) Be conservative for backporting, we'll aim to do something more aggressive for bleadperl. (cherry picked from commit 8243e7d09fa7bd65b70935e3170c6abda3e34917) Commit: 0e9563b9242a5758c6ce11daf8385b3753e9ed9c https://github.com/Perl/perl5/commit/0e9563b9242a5758c6ce11daf8385b3753e9ed9c Author: John Lightsey <j...@cpanel.net> Date: 2020-06-01 (Mon, 01 Jun 2020) Changed paths: M regcomp.c Log Message: ----------- regcomp.c: Prevent integer overflow from nested regex quantifiers. (CVE-2020-10543) On 32bit systems the size calculations for nested regular expression quantifiers could overflow causing heap memory corruption. Fixes: Perl/perl5-security#125 (cherry picked from commit 670c54b00a47d930431dd470e72fd7d13643e169) Commit: 3a1df45e827a79d14694d18dd0141c09a0abfe5c https://github.com/Perl/perl5/commit/3a1df45e827a79d14694d18dd0141c09a0abfe5c Author: Hugo van der Sanden <h...@crypt.org> Date: 2020-06-01 (Mon, 01 Jun 2020) Changed paths: M embed.fnc M embed.h M proto.h M regcomp.c M t/re/pat.t Log Message: ----------- study_chunk: honour mutate_ok over recursion As described in #17743, study_chunk can re-enter itself either by simple recursion or by enframing. 089ad25d3f used the new mutate_ok variable to track whether we were within the framing scope of GOSUB, and to disallow mutating changes to ops if so. This commit extends that logic to reentry by recursion, passing in the current state as was_mutate_ok. (CVE-2020-12723) (cherry picked from commit 3445383845ed220eaa12cd406db2067eb7b8a741) Compare: https://github.com/Perl/perl5/compare/902f303cd950...3a1df45e827a