From owner-svn-ports-all@FreeBSD.ORG Thu Apr 25 23:50:24 2013 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 14C43908; Thu, 25 Apr 2013 23:50:24 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id EB22711C5; Thu, 25 Apr 2013 23:50:23 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.6/8.14.6) with ESMTP id r3PNoNpC091561; Thu, 25 Apr 2013 23:50:23 GMT (envelope-from jkim@svn.freebsd.org) Received: (from jkim@localhost) by svn.freebsd.org (8.14.6/8.14.5/Submit) id r3PNoNDh091559; Thu, 25 Apr 2013 23:50:23 GMT (envelope-from jkim@svn.freebsd.org) Message-Id: <201304252350.r3PNoNDh091559@svn.freebsd.org> From: Jung-uk Kim Date: Thu, 25 Apr 2013 23:50:23 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r316538 - in head/devel/boost-libs: . files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Apr 2013 23:50:24 -0000 Author: jkim Date: Thu Apr 25 23:50:23 2013 New Revision: 316538 URL: http://svnweb.freebsd.org/changeset/ports/316538 Log: Fix a minor security vulnerability. http://www.boost.org/users/news/boost_locale_security_notice.html Added: head/devel/boost-libs/files/patch-boost-locale-utf (contents, props changed) Modified: head/devel/boost-libs/Makefile Modified: head/devel/boost-libs/Makefile ============================================================================== --- head/devel/boost-libs/Makefile Thu Apr 25 23:44:29 2013 (r316537) +++ head/devel/boost-libs/Makefile Thu Apr 25 23:50:23 2013 (r316538) @@ -4,7 +4,7 @@ PORTNAME= boost-libs COMMENT= Free portable C++ libraries (without Boost.Python) -PORTREVISION= 1 +PORTREVISION= 2 BUILD_DEPENDS+= bjam:${PORTSDIR}/devel/boost-jam Added: head/devel/boost-libs/files/patch-boost-locale-utf ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/devel/boost-libs/files/patch-boost-locale-utf Thu Apr 25 23:50:23 2013 (r316538) @@ -0,0 +1,52 @@ +Index: boost/locale/utf.hpp +=================================================================== +--- boost/locale/utf.hpp (revision 81589) ++++ boost/locale/utf.hpp (revision 81590) +@@ -219,16 +219,22 @@ + if(BOOST_LOCALE_UNLIKELY(p==e)) + return incomplete; + tmp = *p++; ++ if (!is_trail(tmp)) ++ return illegal; + c = (c << 6) | ( tmp & 0x3F); + case 2: + if(BOOST_LOCALE_UNLIKELY(p==e)) + return incomplete; + tmp = *p++; ++ if (!is_trail(tmp)) ++ return illegal; + c = (c << 6) | ( tmp & 0x3F); + case 1: + if(BOOST_LOCALE_UNLIKELY(p==e)) + return incomplete; + tmp = *p++; ++ if (!is_trail(tmp)) ++ return illegal; + c = (c << 6) | ( tmp & 0x3F); + } + +Index: libs/locale/test/test_codepage_converter.cpp +=================================================================== +--- libs/locale/test/test_codepage_converter.cpp (revision 81589) ++++ libs/locale/test/test_codepage_converter.cpp (revision 81590) +@@ -140,6 +140,20 @@ + TEST_TO("\xf8\x90\x80\x80\x80",illegal); // 400 0000 + TEST_TO("\xfd\xbf\xbf\xbf\xbf\xbf",illegal); // 7fff ffff + ++ std::cout << "-- Invalid trail" << std::endl; ++ TEST_TO("\xC2\x7F",illegal); ++ TEST_TO("\xdf\x7F",illegal); ++ TEST_TO("\xe0\x7F\x80",illegal); ++ TEST_TO("\xef\xbf\x7F",illegal); ++ TEST_TO("\xe0\x7F\x80",illegal); ++ TEST_TO("\xef\xbf\x7F",illegal); ++ TEST_TO("\xf0\x7F\x80\x80",illegal); ++ TEST_TO("\xf4\x7f\xbf\xbf",illegal); ++ TEST_TO("\xf0\x90\x7F\x80",illegal); ++ TEST_TO("\xf4\x8f\x7F\xbf",illegal); ++ TEST_TO("\xf0\x90\x80\x7F",illegal); ++ TEST_TO("\xf4\x8f\xbf\x7F",illegal); ++ + std::cout << "-- Invalid length" << std::endl; + + /// Test that this actually works