untrusted comment: signature from openbsd 6.0 base secret key

untrusted comment: signature from openbsd 6.0 base secret key
RWSho3oKSqgLQ5cFmAM9fuzSw/Nc6MHqRHojdlOqPwSDmI/ptdtOKT32Q1op9aDaHoPkCaWBRrHnRMwH9jXWvFDgzqNTxjdRqwY=

OpenBSD 6.0 errata 042, September 22, 2017:

A buffer over-read and heap overflow in perl's regexp may result in
a crash or memory leak.

Apply by doing:
signify -Vep /etc/signify/openbsd-60-base.pub -x 042_perl.patch.sig \
-m - | (cd /usr/src && patch -p0)

And then rebuild and install perl:
cd /usr/src/gnu/usr.bin/perl/
make -f Makefile.bsd-wrapper obj
make -f Makefile.bsd-wrapper depend
make -f Makefile.bsd-wrapper
make -f Makefile.bsd-wrapper install

Index: gnu/usr.bin/perl/regcomp.c
===================================================================
RCS file: /cvs/src/gnu/usr.bin/perl/regcomp.c,v
retrieving revision 1.21
diff -u -p -r1.21 regcomp.c
--- gnu/usr.bin/perl/regcomp.c 3 Jul 2016 01:07:48 -0000 1.21
+++ gnu/usr.bin/perl/regcomp.c 19 Sep 2017 02:06:07 -0000
@@ -10836,12 +10836,14 @@ S_grok_bslash_N(pTHX_ RExC_state_t *pREx
}
sv_catpv(substitute_parse, ")");

- RExC_parse = SvPV(substitute_parse, len);
+ len = SvCUR(substitute_parse);

/* Don't allow empty number */
if (len < 8) {
vFAIL("Invalid hexadecimal number in \\N{U+...}");
}
+
+ RExC_parse = SvPV_nolen(substitute_parse);
RExC_end = RExC_parse + len;

/* The values are Unicode, and therefore not subject to recoding */
@@ -11168,7 +11170,7 @@ S_regatom(pTHX_ RExC_state_t *pRExC_stat
dVAR;
regnode *ret = NULL;
I32 flags = 0;
- char *parse_start = RExC_parse;
+ char *parse_start;
U8 op;
int invert = 0;

@@ -11181,6 +11183,7 @@ S_regatom(pTHX_ RExC_state_t *pRExC_stat
PERL_ARGS_ASSERT_REGATOM;

tryagain:
+ parse_start = RExC_parse;
switch ((U8)*RExC_parse) {
case '^':
RExC_seen_zerolen++;
@@ -11269,7 +11272,7 @@ tryagain:
break;
case '{':
if (!regcurly(RExC_parse, FALSE)) {
- RExC_parse++;
+ RExC_parse = parse_start;
goto defchar;
}
/* FALL THROUGH */
@@ -11486,7 +11489,7 @@ tryagain:
FALSE /* not strict */ )) {
if (*flagp & RESTART_UTF8)
return NULL;
- RExC_parse--;
+ RExC_parse = parse_start;
goto defchar;
}
break;
@@ -11588,6 +11591,7 @@ tryagain:
&& *RExC_parse != '8' && *RExC_parse != '9'))
{
/* Probably a character specified in octal, e.g. \35 */
+ RExC_parse = parse_start;
goto defchar;
}
}
@@ -11638,7 +11642,7 @@ tryagain:
default:
/* Do not generate "unrecognized" warnings here, we fall
back into the quick-grab loop below */
- parse_start--;
+ RExC_parse = parse_start;
goto defchar;
}
break;
@@ -11652,10 +11656,6 @@ tryagain:

default:

- parse_start = RExC_parse - 1;
-
- RExC_parse++;
-
defchar: {
STRLEN len = 0;
UV ender = 0;
@@ -11719,7 +11719,12 @@ tryagain:
* could back off to end with only a code point that isn't such a
* non-final, but it is possible for there not to be any in the
* entire node. */
- for (p = RExC_parse - 1;
+
+ assert( ! UTF /* Is at the beginning of a character */
+ || UTF8_IS_INVARIANT(UCHARAT(RExC_parse))
+ || UTF8_IS_START(UCHARAT(RExC_parse)));
+
+ for (p = RExC_parse;
len < upper_parse && p < RExC_end;
len++)
{
@@ -11792,6 +11797,7 @@ tryagain:
goto loopdone;
}
p = RExC_parse;
+ RExC_parse = parse_start;
if (ender > 0xff) {
REQUIRE_UTF8;
}