diff options
author | drochner <drochner@pkgsrc.org> | 2013-02-05 18:49:05 +0000 |
---|---|---|
committer | drochner <drochner@pkgsrc.org> | 2013-02-05 18:49:05 +0000 |
commit | d012422b296d2ad351d1e5eff0a2805553a66e15 (patch) | |
tree | 7ff8c8f351df6f4a0f089f44c4d6bf4163348270 | |
parent | 41c0ac00be94c1c3f697395de4e3df107e92169e (diff) | |
download | pkgsrc-d012422b296d2ad351d1e5eff0a2805553a66e15.tar.gz |
add patch from upstream to fix insuficcient validation of UTF-8 strings
which is considered a security problem
bump PKGREV for the affected header, didn't check yet where this
header is compiled into
(boost-1.53 is out, just added the patch for a possible pullup)
-rw-r--r-- | devel/boost-headers/Makefile | 4 | ||||
-rw-r--r-- | meta-pkgs/boost/distinfo | 4 | ||||
-rw-r--r-- | meta-pkgs/boost/patches/patch-CVE-2013-0252_1 | 29 | ||||
-rw-r--r-- | meta-pkgs/boost/patches/patch-CVE-2013-0252_2 | 25 |
4 files changed, 60 insertions, 2 deletions
diff --git a/devel/boost-headers/Makefile b/devel/boost-headers/Makefile index adc43dc5e09..36d852e47a9 100644 --- a/devel/boost-headers/Makefile +++ b/devel/boost-headers/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.23 2012/11/07 21:04:10 adam Exp $ +# $NetBSD: Makefile,v 1.24 2013/02/05 18:49:05 drochner Exp $ BOOST_PACKAGE= headers BOOST_COMMENT= (build-time headers) @@ -6,6 +6,8 @@ BOOST_CONFIG= generate .include "../../meta-pkgs/boost/Makefile.common" +PKGREVISION= 3 + BJAM_ARGS+= --without-* # disable all libraries .include "../../devel/boost-jam/bjam.mk" diff --git a/meta-pkgs/boost/distinfo b/meta-pkgs/boost/distinfo index 2ee9f5413da..9321ab78987 100644 --- a/meta-pkgs/boost/distinfo +++ b/meta-pkgs/boost/distinfo @@ -1,8 +1,10 @@ -$NetBSD: distinfo,v 1.55 2013/01/24 22:54:49 riz Exp $ +$NetBSD: distinfo,v 1.56 2013/02/05 18:49:05 drochner Exp $ SHA1 (boost_1_52_0.tar.bz2) = cddd6b4526a09152ddc5db856463eaa1dc29c5d9 RMD160 (boost_1_52_0.tar.bz2) = 94f72f4553a88495f2052029fb2e90cf8366e75d Size (boost_1_52_0.tar.bz2) = 54421709 bytes +SHA1 (patch-CVE-2013-0252_1) = a6e50a3c3c5478d14c44f7c4fcf5838f50a8049a +SHA1 (patch-CVE-2013-0252_2) = cd1ffc46d9d5351d62aca749888e0a9229d4f2d0 SHA1 (patch-aa) = 408a63a807aaa491130db018cd89bca6a427090d SHA1 (patch-ab) = f1c95ae229465a4d2da76ce6ff88d76ace52fdd8 SHA1 (patch-ac) = 5ecd12564259e4ad9d439990e198b889762ec733 diff --git a/meta-pkgs/boost/patches/patch-CVE-2013-0252_1 b/meta-pkgs/boost/patches/patch-CVE-2013-0252_1 new file mode 100644 index 00000000000..064b33978f6 --- /dev/null +++ b/meta-pkgs/boost/patches/patch-CVE-2013-0252_1 @@ -0,0 +1,29 @@ +$NetBSD: patch-CVE-2013-0252_1,v 1.1 2013/02/05 18:49:05 drochner Exp $ + +https://svn.boost.org/trac/boost/ticket/7743 + +--- boost/locale/utf.hpp.orig 2012-05-02 13:49:25.000000000 +0000 ++++ boost/locale/utf.hpp +@@ -219,16 +219,22 @@ namespace utf { + if(BOOST_LOCALE_UNLIKELY(p==e)) + return incomplete; + tmp = *p++; ++ if (!is_trail(tmp)) ++ return illegal; + c = (c << 6) | ( tmp & 0x3F); + case 2: + if(BOOST_LOCALE_UNLIKELY(p==e)) + return incomplete; + tmp = *p++; ++ if (!is_trail(tmp)) ++ return illegal; + c = (c << 6) | ( tmp & 0x3F); + case 1: + if(BOOST_LOCALE_UNLIKELY(p==e)) + return incomplete; + tmp = *p++; ++ if (!is_trail(tmp)) ++ return illegal; + c = (c << 6) | ( tmp & 0x3F); + } + diff --git a/meta-pkgs/boost/patches/patch-CVE-2013-0252_2 b/meta-pkgs/boost/patches/patch-CVE-2013-0252_2 new file mode 100644 index 00000000000..cfe88b1f213 --- /dev/null +++ b/meta-pkgs/boost/patches/patch-CVE-2013-0252_2 @@ -0,0 +1,25 @@ +$NetBSD: patch-CVE-2013-0252_2,v 1.1 2013/02/05 18:49:05 drochner Exp $ + +--- libs/locale/test/test_codepage_converter.cpp.orig 2011-08-15 19:04:34.000000000 +0000 ++++ libs/locale/test/test_codepage_converter.cpp +@@ -140,6 +140,20 @@ int main() + TEST_TO("\xf8\x90\x80\x80\x80",illegal); // 400 0000 + TEST_TO("\xfd\xbf\xbf\xbf\xbf\xbf",illegal); // 7fff ffff + ++ std::cout << "-- Invalid trail" << std::endl; ++ TEST_TO("\xC2\x7F",illegal); ++ TEST_TO("\xdf\x7F",illegal); ++ TEST_TO("\xe0\x7F\x80",illegal); ++ TEST_TO("\xef\xbf\x7F",illegal); ++ TEST_TO("\xe0\x7F\x80",illegal); ++ TEST_TO("\xef\xbf\x7F",illegal); ++ TEST_TO("\xf0\x7F\x80\x80",illegal); ++ TEST_TO("\xf4\x7f\xbf\xbf",illegal); ++ TEST_TO("\xf0\x90\x7F\x80",illegal); ++ TEST_TO("\xf4\x8f\x7F\xbf",illegal); ++ TEST_TO("\xf0\x90\x80\x7F",illegal); ++ TEST_TO("\xf4\x8f\xbf\x7F",illegal); ++ + std::cout << "-- Invalid length" << std::endl; + + /// Test that this actually works |