Date: Thu, 25 Apr 2013 23:50:23 +0000 (UTC) From: Jung-uk Kim <jkim@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r316538 - in head/devel/boost-libs: . files Message-ID: <201304252350.r3PNoNDh091559@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jkim Date: Thu Apr 25 23:50:23 2013 New Revision: 316538 URL: http://svnweb.freebsd.org/changeset/ports/316538 Log: Fix a minor security vulnerability. http://www.boost.org/users/news/boost_locale_security_notice.html Added: head/devel/boost-libs/files/patch-boost-locale-utf (contents, props changed) Modified: head/devel/boost-libs/Makefile Modified: head/devel/boost-libs/Makefile ============================================================================== --- head/devel/boost-libs/Makefile Thu Apr 25 23:44:29 2013 (r316537) +++ head/devel/boost-libs/Makefile Thu Apr 25 23:50:23 2013 (r316538) @@ -4,7 +4,7 @@ PORTNAME= boost-libs COMMENT= Free portable C++ libraries (without Boost.Python) -PORTREVISION= 1 +PORTREVISION= 2 BUILD_DEPENDS+= bjam:${PORTSDIR}/devel/boost-jam Added: head/devel/boost-libs/files/patch-boost-locale-utf ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/devel/boost-libs/files/patch-boost-locale-utf Thu Apr 25 23:50:23 2013 (r316538) @@ -0,0 +1,52 @@ +Index: boost/locale/utf.hpp +=================================================================== +--- boost/locale/utf.hpp (revision 81589) ++++ boost/locale/utf.hpp (revision 81590) +@@ -219,16 +219,22 @@ + if(BOOST_LOCALE_UNLIKELY(p==e)) + return incomplete; + tmp = *p++; ++ if (!is_trail(tmp)) ++ return illegal; + c = (c << 6) | ( tmp & 0x3F); + case 2: + if(BOOST_LOCALE_UNLIKELY(p==e)) + return incomplete; + tmp = *p++; ++ if (!is_trail(tmp)) ++ return illegal; + c = (c << 6) | ( tmp & 0x3F); + case 1: + if(BOOST_LOCALE_UNLIKELY(p==e)) + return incomplete; + tmp = *p++; ++ if (!is_trail(tmp)) ++ return illegal; + c = (c << 6) | ( tmp & 0x3F); + } + +Index: libs/locale/test/test_codepage_converter.cpp +=================================================================== +--- libs/locale/test/test_codepage_converter.cpp (revision 81589) ++++ libs/locale/test/test_codepage_converter.cpp (revision 81590) +@@ -140,6 +140,20 @@ + TEST_TO("\xf8\x90\x80\x80\x80",illegal); // 400 0000 + TEST_TO("\xfd\xbf\xbf\xbf\xbf\xbf",illegal); // 7fff ffff + ++ std::cout << "-- Invalid trail" << std::endl; ++ TEST_TO("\xC2\x7F",illegal); ++ TEST_TO("\xdf\x7F",illegal); ++ TEST_TO("\xe0\x7F\x80",illegal); ++ TEST_TO("\xef\xbf\x7F",illegal); ++ TEST_TO("\xe0\x7F\x80",illegal); ++ TEST_TO("\xef\xbf\x7F",illegal); ++ TEST_TO("\xf0\x7F\x80\x80",illegal); ++ TEST_TO("\xf4\x7f\xbf\xbf",illegal); ++ TEST_TO("\xf0\x90\x7F\x80",illegal); ++ TEST_TO("\xf4\x8f\x7F\xbf",illegal); ++ TEST_TO("\xf0\x90\x80\x7F",illegal); ++ TEST_TO("\xf4\x8f\xbf\x7F",illegal); ++ + std::cout << "-- Invalid length" << std::endl; + + /// Test that this actually works
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201304252350.r3PNoNDh091559>