svn commit: r316538 - in head/devel/boost-libs: . files

[Jung-uk Kim]

Author: jkim
Date: Thu Apr 25 23:50:23 2013
New Revision: 316538
URL: http://svnweb.freebsd.org/changeset/ports/316538

Log:
  Fix a minor security vulnerability.
  
  http://www.boost.org/users/news/boost_locale_security_notice.html

Added:
  head/devel/boost-libs/files/patch-boost-locale-utf   (contents, props changed)
Modified:
  head/devel/boost-libs/Makefile

Modified: head/devel/boost-libs/Makefile
==============================================================================
--- head/devel/boost-libs/Makefile	Thu Apr 25 23:44:29 2013	(r316537)
+++ head/devel/boost-libs/Makefile	Thu Apr 25 23:50:23 2013	(r316538)
@@ -4,7 +4,7 @@
 PORTNAME=	boost-libs
 COMMENT=	Free portable C++ libraries (without Boost.Python)
 
-PORTREVISION=	1
+PORTREVISION=	2
 
 BUILD_DEPENDS+=	bjam:${PORTSDIR}/devel/boost-jam
 

Added: head/devel/boost-libs/files/patch-boost-locale-utf
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/devel/boost-libs/files/patch-boost-locale-utf	Thu Apr 25 23:50:23 2013	(r316538)
@@ -0,0 +1,52 @@
+Index: boost/locale/utf.hpp
+===================================================================
+--- boost/locale/utf.hpp	(revision 81589)
++++ boost/locale/utf.hpp	(revision 81590)
+@@ -219,16 +219,22 @@
+                 if(BOOST_LOCALE_UNLIKELY(p==e))
+                     return incomplete;
+                 tmp = *p++;
++                if (!is_trail(tmp))
++                    return illegal;
+                 c = (c << 6) | ( tmp & 0x3F);
+             case 2:
+                 if(BOOST_LOCALE_UNLIKELY(p==e))
+                     return incomplete;
+                 tmp = *p++;
++                if (!is_trail(tmp))
++                    return illegal;
+                 c = (c << 6) | ( tmp & 0x3F);
+             case 1:
+                 if(BOOST_LOCALE_UNLIKELY(p==e))
+                     return incomplete;
+                 tmp = *p++;
++                if (!is_trail(tmp))
++                    return illegal;
+                 c = (c << 6) | ( tmp & 0x3F);
+             }
+ 
+Index: libs/locale/test/test_codepage_converter.cpp
+===================================================================
+--- libs/locale/test/test_codepage_converter.cpp	(revision 81589)
++++ libs/locale/test/test_codepage_converter.cpp	(revision 81590)
+@@ -140,6 +140,20 @@
+         TEST_TO("\xf8\x90\x80\x80\x80",illegal);  // 400 0000
+         TEST_TO("\xfd\xbf\xbf\xbf\xbf\xbf",illegal);  // 7fff ffff
+ 
++        std::cout << "-- Invalid trail" << std::endl;
++        TEST_TO("\xC2\x7F",illegal);
++        TEST_TO("\xdf\x7F",illegal);
++        TEST_TO("\xe0\x7F\x80",illegal);
++        TEST_TO("\xef\xbf\x7F",illegal);
++        TEST_TO("\xe0\x7F\x80",illegal);
++        TEST_TO("\xef\xbf\x7F",illegal);
++        TEST_TO("\xf0\x7F\x80\x80",illegal);
++        TEST_TO("\xf4\x7f\xbf\xbf",illegal);
++        TEST_TO("\xf0\x90\x7F\x80",illegal);
++        TEST_TO("\xf4\x8f\x7F\xbf",illegal);
++        TEST_TO("\xf0\x90\x80\x7F",illegal);
++        TEST_TO("\xf4\x8f\xbf\x7F",illegal);
++
+         std::cout << "-- Invalid length" << std::endl;
+ 
+         /// Test that this actually works