Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 29 Jul 2015 17:01:44 +0000 (UTC)
From:      Mark Felder <feld@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org
Subject:   svn commit: r393187 - in branches/2015Q3/lang: v8 v8-devel v8-devel/files v8/files
Message-ID:  <201507291701.t6TH1iRR038417@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: feld
Date: Wed Jul 29 17:01:43 2015
New Revision: 393187
URL: https://svnweb.freebsd.org/changeset/ports/393187

Log:
  MFH: r393186
  
  lang/v8, lang/v8-devel: Backport CVE fix
  
  This fix has been backported instead of upgrading to a newer release as
  the upstream release process is a complicated fast-moving target and the
  current ports are using custom snapshots created by the port maintainer.
  
  This will also limit the amount of potential fallout as we know the
  existing v8 port works well enough to keep mongodb up to date.
  
  PR:		201450
  Security:	CVE-2015-5380
  Security:	864e6f75-2372-11e5-86ff-14dae9d210b8
  Approved by:	ports-secteam (with hat)

Added:
  branches/2015Q3/lang/v8-devel/files/patch-CVE-2015-5380
     - copied unchanged from r393186, head/lang/v8-devel/files/patch-CVE-2015-5380
  branches/2015Q3/lang/v8/files/
     - copied from r393186, head/lang/v8/files/
Modified:
  branches/2015Q3/lang/v8-devel/Makefile
  branches/2015Q3/lang/v8/Makefile
Directory Properties:
  branches/2015Q3/   (props changed)

Modified: branches/2015Q3/lang/v8-devel/Makefile
==============================================================================
--- branches/2015Q3/lang/v8-devel/Makefile	Wed Jul 29 17:00:29 2015	(r393186)
+++ branches/2015Q3/lang/v8-devel/Makefile	Wed Jul 29 17:01:43 2015	(r393187)
@@ -3,7 +3,7 @@
 
 PORTNAME=	v8
 PORTVERSION=	3.27.7
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	lang
 MASTER_SITES=	LOCAL/vanilla
 PKGNAMESUFFIX=	-devel

Copied: branches/2015Q3/lang/v8-devel/files/patch-CVE-2015-5380 (from r393186, head/lang/v8-devel/files/patch-CVE-2015-5380)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2015Q3/lang/v8-devel/files/patch-CVE-2015-5380	Wed Jul 29 17:01:43 2015	(r393187, copy of r393186, head/lang/v8-devel/files/patch-CVE-2015-5380)
@@ -0,0 +1,95 @@
+Backport of fix found here:
+https://github.com/joyent/node/commit/78b0e30954111cfaba0edbeee85450d8cbc6fdf6
+
+Note, this patch is modified to use ASSERT instead of DCHECK because
+this version of node is from before the rename which happened here:
+https://codereview.chromium.org/430503007
+
+--- src/unicode-inl.h.orig	2013-05-01 12:56:29 UTC
++++ src/unicode-inl.h
+@@ -168,6 +168,7 @@ unsigned Utf8::Length(uchar c, int previ
+ 
+ Utf8DecoderBase::Utf8DecoderBase()
+   : unbuffered_start_(NULL),
++    unbuffered_length_(0),
+     utf16_length_(0),
+     last_byte_of_buffer_unused_(false) {}
+ 
+@@ -207,8 +208,7 @@ unsigned Utf8Decoder<kBufferSize>::Write
+   if (length <= buffer_length) return length;
+   ASSERT(unbuffered_start_ != NULL);
+   // Copy the rest the slow way.
+-  WriteUtf16Slow(unbuffered_start_,
+-                 data + buffer_length,
++  WriteUtf16Slow(unbuffered_start_, unbuffered_length_, data + buffer_length,
+                  length - buffer_length);
+   return length;
+ }
+--- src/unicode.cc.orig	2013-05-01 12:56:29 UTC
++++ src/unicode.cc
+@@ -284,6 +284,7 @@ void Utf8DecoderBase::Reset(uint16_t* bu
+   // Assume everything will fit in the buffer and stream won't be needed.
+   last_byte_of_buffer_unused_ = false;
+   unbuffered_start_ = NULL;
++  unbuffered_length_ = 0;
+   bool writing_to_buffer = true;
+   // Loop until stream is read, writing to buffer as long as buffer has space.
+   unsigned utf16_length = 0;
+@@ -310,6 +311,7 @@ void Utf8DecoderBase::Reset(uint16_t* bu
+         // Just wrote last character of buffer
+         writing_to_buffer = false;
+         unbuffered_start_ = stream;
++        unbuffered_length_ = stream_length;
+       }
+       continue;
+     }
+@@ -319,20 +321,24 @@ void Utf8DecoderBase::Reset(uint16_t* bu
+     writing_to_buffer = false;
+     last_byte_of_buffer_unused_ = true;
+     unbuffered_start_ = stream - cursor;
++    unbuffered_length_ = stream_length + cursor;
+   }
+   utf16_length_ = utf16_length;
+ }
+ 
+ 
+ void Utf8DecoderBase::WriteUtf16Slow(const uint8_t* stream,
++                                     unsigned stream_length,
+                                      uint16_t* data,
+                                      unsigned data_length) {
+   while (data_length != 0) {
+     unsigned cursor = 0;
+-    uint32_t character = Utf8::ValueOf(stream, Utf8::kMaxEncodedSize, &cursor);
++
++    uint32_t character = Utf8::ValueOf(stream, stream_length, &cursor);
+     // There's a total lack of bounds checking for stream
+     // as it was already done in Reset.
+     stream += cursor;
++    stream_length -= cursor;
+     if (character > unibrow::Utf16::kMaxNonSurrogateCharCode) {
+       *data++ = Utf16::LeadSurrogate(character);
+       *data++ = Utf16::TrailSurrogate(character);
+@@ -343,6 +349,7 @@ void Utf8DecoderBase::WriteUtf16Slow(con
+       data_length -= 1;
+     }
+   }
++  ASSERT(stream_length >= 0);
+ }
+ 
+ 
+--- src/unicode.h.orig	2013-05-01 12:56:29 UTC
++++ src/unicode.h
+@@ -184,10 +184,10 @@ class Utf8DecoderBase {
+              unsigned buffer_length,
+              const uint8_t* stream,
+              unsigned stream_length);
+-  static void WriteUtf16Slow(const uint8_t* stream,
+-                             uint16_t* data,
+-                             unsigned length);
++  static void WriteUtf16Slow(const uint8_t* stream, unsigned stream_length,
++                             uint16_t* data, unsigned length);
+   const uint8_t* unbuffered_start_;
++  unsigned unbuffered_length_;
+   unsigned utf16_length_;
+   bool last_byte_of_buffer_unused_;
+  private:

Modified: branches/2015Q3/lang/v8/Makefile
==============================================================================
--- branches/2015Q3/lang/v8/Makefile	Wed Jul 29 17:00:29 2015	(r393186)
+++ branches/2015Q3/lang/v8/Makefile	Wed Jul 29 17:01:43 2015	(r393187)
@@ -3,6 +3,7 @@
 
 PORTNAME=	v8
 PORTVERSION=	3.18.5
+PORTREVISION=	1
 CATEGORIES=	lang
 MASTER_SITES=	LOCAL/vanilla
 



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201507291701.t6TH1iRR038417>