new file mode 100644

@@ -0,0 +1,21 @@

+From df2858ea28eb2c7e00a4bd6a5ed95e4782f88333 Mon Sep 17 00:00:00 2001

+From: Karl Williamson <khw@cpan.org>

+Date: Mon, 24 Sep 2018 11:54:41 -0600

+Subject: [PATCH 242/242] PATCH: [perl #133423] for 5.26 maint

+

+---

+ regcomp.c       | 1 -

+ 1 files changed, 1 deletion(-)

+

+diff --git a/regcomp.c b/regcomp.c

+index ca47db7573..431006e855 100644

+--- a/regcomp.c

+@@ -15109,7 +15109,6 @@ redo_curchar:

+                     if (UCHARAT(RExC_parse) != ')')

+                         vFAIL("Expecting close paren for wrapper for nested extended charclass");

+ 

+-                    RExC_parse++;

+                     RExC_flags = save_flags;

+                     goto handle_operand;

+                 }

new file mode 100644

@@ -0,0 +1,77 @@

+--- a/regcomp.c	2016-07-15 00:38:08.000000000 +0530

+@@ -14582,7 +14582,7 @@ S_handle_regex_sets(pTHX_ RExC_state_t *

+      * these things, we need to realize that something preceded by a backslash

+      * is escaped, so we have to keep track of backslashes */

+     if (SIZE_ONLY) {

+-        UV depth = 0; /* how many nested (?[...]) constructs */

++        UV nest_depth = 0; /* how many nested (?[...]) constructs */

+ 

+         while (RExC_parse < RExC_end) {

+             SV* current = NULL;

+@@ -14591,8 +14591,9 @@ S_handle_regex_sets(pTHX_ RExC_state_t *

+                                     TRUE /* Force /x */ );

+ 

+             switch (*RExC_parse) {

+-                case '?':

+-                    if (RExC_parse[1] == '[') depth++, RExC_parse++;

++                case '(':

++                    if (RExC_parse[1] == '?' && RExC_parse[2] == '[')

++                        nest_depth++, RExC_parse+=2;

+                     /* FALLTHROUGH */

+                 default:

+                     break;

+@@ -14649,9 +14650,9 @@ S_handle_regex_sets(pTHX_ RExC_state_t *

+                 }

+ 

+                 case ']':

+-                    if (depth--) break;

+-                    RExC_parse++;

+-                    if (*RExC_parse == ')') {

++                    if (RExC_parse[1] == ')') {

++                        RExC_parse++;

++                        if (nest_depth--) break;

+                         node = reganode(pRExC_state, ANYOF, 0);

+                         RExC_size += ANYOF_SKIP;

+                         nextchar(pRExC_state);

+@@ -14663,7 +14664,13 @@ S_handle_regex_sets(pTHX_ RExC_state_t *

+ 

+                         return node;

+                     }

+-                    goto no_close;

++                    /* We output the messages even if warnings are off, because we'll fail

++                    * the very next thing, and these give a likely diagnosis for that */

++                    if (posix_warnings && av_tindex_nomg(posix_warnings) >= 0) {

++                        output_or_return_posix_warnings(pRExC_state, posix_warnings, NULL);

++                    }

++                    RExC_parse++;

++                    vFAIL("Unexpected ']' with no following ')' in (?[...");

+             }

+ 

+             RExC_parse += UTF ? UTF8SKIP(RExC_parse) : 1;

+@@ -14676,7 +14683,7 @@ S_handle_regex_sets(pTHX_ RExC_state_t *

+             output_or_return_posix_warnings(pRExC_state, posix_warnings, NULL);

+         }

+ 

+-        FAIL("Syntax error in (?[...])");

++        vFAIL("Syntax error in (?[...])");

+     }

+ 

+     /* Pass 2 only after this. */

+@@ -14850,12 +14857,14 @@ redo_curchar:

+                      * inversion list, and RExC_parse points to the trailing

+                      * ']'; the next character should be the ')' */

+                     RExC_parse++;

+-                    assert(UCHARAT(RExC_parse) == ')');

++                    if (UCHARAT(RExC_parse) != ')')

++                        vFAIL("Expecting close paren for nested extended charclass");

+ 

+                     /* Then the ')' matching the original '(' handled by this

+                      * case: statement */

+                     RExC_parse++;

+-                    assert(UCHARAT(RExC_parse) == ')');

++                    if (UCHARAT(RExC_parse) != ')')

++                        vFAIL("Expecting close paren for wrapper for nested extended charclass");

+ 

+                     RExC_parse++;

+                     RExC_flags = save_flags;

@@ -9,7 +9,7 @@

 Summary:        Practical Extraction and Report Language

 Name:           perl

 Version:        5.24.1

-Release:        3%{?dist}

+Release:        4%{?dist}

 License:        GPLv1+

 URL:            http://www.perl.org/

 Group:          Development/Languages

@@ -27,6 +27,8 @@ Patch5:         perl-CVE-2018-6913.patch

 Patch6:         perl-CVE-2018-12015.patch

 Patch7:         perl-CVE-2018-18311.patch

 Patch8:         perl-CVE-2018-18313.patch

+Patch9:         perl-CVE-2018-18314.patch

+Patch10:        perl-CVE-2018-18312.patch

 Provides:       perl >= 0:5.003000

 Provides:       perl(getopts.pl)

 Provides:       /bin/perl

@@ -49,6 +51,8 @@ Report Language.

 %patch6 -p1

 %patch7 -p1

 %patch8 -p1

+%patch9 -p1

+%patch10 -p1

 sed -i 's/-fstack-protector/&-all/' Configure

@@ -81,6 +85,8 @@ unset BUILD_ZLIB BUILD_BZIP2

 %{_libdir}/perl5/%{version}/*

 %{_mandir}/*/*

 %changelog

+*   Fri Mar 01 2019 Dweep Advani <dadvani@vmware.com> 5.24.1-4

+-   Fixed CVE-2018-18312 and CVE-2018-18314

 *   Fri Feb 22 2019 Dweep Advani <dadvani@vmware.com> 5.24.1-3

 -   Fixed CVE-2018-18311 and CVE-2018-18313

 *   Wed Aug 08 2018 Dweep Advani <dadvani@vmware.com> 5.24.1-2