svn commit: r316538 - in head/devel/boost-libs: . files
Jung-uk Kim
jkim at FreeBSD.org
Thu Apr 25 23:50:24 UTC 2013
Author: jkim
Date: Thu Apr 25 23:50:23 2013
New Revision: 316538
URL: http://svnweb.freebsd.org/changeset/ports/316538
Log:
Fix a minor security vulnerability.
http://www.boost.org/users/news/boost_locale_security_notice.html
Added:
head/devel/boost-libs/files/patch-boost-locale-utf (contents, props changed)
Modified:
head/devel/boost-libs/Makefile
Modified: head/devel/boost-libs/Makefile
==============================================================================
--- head/devel/boost-libs/Makefile Thu Apr 25 23:44:29 2013 (r316537)
+++ head/devel/boost-libs/Makefile Thu Apr 25 23:50:23 2013 (r316538)
@@ -4,7 +4,7 @@
PORTNAME= boost-libs
COMMENT= Free portable C++ libraries (without Boost.Python)
-PORTREVISION= 1
+PORTREVISION= 2
BUILD_DEPENDS+= bjam:${PORTSDIR}/devel/boost-jam
Added: head/devel/boost-libs/files/patch-boost-locale-utf
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/devel/boost-libs/files/patch-boost-locale-utf Thu Apr 25 23:50:23 2013 (r316538)
@@ -0,0 +1,52 @@
+Index: boost/locale/utf.hpp
+===================================================================
+--- boost/locale/utf.hpp (revision 81589)
++++ boost/locale/utf.hpp (revision 81590)
+@@ -219,16 +219,22 @@
+ if(BOOST_LOCALE_UNLIKELY(p==e))
+ return incomplete;
+ tmp = *p++;
++ if (!is_trail(tmp))
++ return illegal;
+ c = (c << 6) | ( tmp & 0x3F);
+ case 2:
+ if(BOOST_LOCALE_UNLIKELY(p==e))
+ return incomplete;
+ tmp = *p++;
++ if (!is_trail(tmp))
++ return illegal;
+ c = (c << 6) | ( tmp & 0x3F);
+ case 1:
+ if(BOOST_LOCALE_UNLIKELY(p==e))
+ return incomplete;
+ tmp = *p++;
++ if (!is_trail(tmp))
++ return illegal;
+ c = (c << 6) | ( tmp & 0x3F);
+ }
+
+Index: libs/locale/test/test_codepage_converter.cpp
+===================================================================
+--- libs/locale/test/test_codepage_converter.cpp (revision 81589)
++++ libs/locale/test/test_codepage_converter.cpp (revision 81590)
+@@ -140,6 +140,20 @@
+ TEST_TO("\xf8\x90\x80\x80\x80",illegal); // 400 0000
+ TEST_TO("\xfd\xbf\xbf\xbf\xbf\xbf",illegal); // 7fff ffff
+
++ std::cout << "-- Invalid trail" << std::endl;
++ TEST_TO("\xC2\x7F",illegal);
++ TEST_TO("\xdf\x7F",illegal);
++ TEST_TO("\xe0\x7F\x80",illegal);
++ TEST_TO("\xef\xbf\x7F",illegal);
++ TEST_TO("\xe0\x7F\x80",illegal);
++ TEST_TO("\xef\xbf\x7F",illegal);
++ TEST_TO("\xf0\x7F\x80\x80",illegal);
++ TEST_TO("\xf4\x7f\xbf\xbf",illegal);
++ TEST_TO("\xf0\x90\x7F\x80",illegal);
++ TEST_TO("\xf4\x8f\x7F\xbf",illegal);
++ TEST_TO("\xf0\x90\x80\x7F",illegal);
++ TEST_TO("\xf4\x8f\xbf\x7F",illegal);
++
+ std::cout << "-- Invalid length" << std::endl;
+
+ /// Test that this actually works
More information about the svn-ports-head
mailing list