Commit 91e51836 authored by Luca Giambonini's avatar Luca Giambonini

security patch

parent 1e5e2252
......@@ -9,15 +9,17 @@ pkgbase=boost
pkgname=('boost-libs' 'boost')
pkgver=1.52.0
_boostver=${pkgver//./_}
pkgrel=2
pkgrel=3
pkgdesc="Free peer-reviewed portable C++ source libraries"
arch=('x86_64')
url="http://www.boost.org/"
license=('custom')
makedepends=('icu' 'python2' 'python3' 'bzip2' 'zlib' 'openmpi')
source=("http://downloads.sourceforge.net/${pkgbase}/${pkgbase}_${_boostver}.tar.gz")
source=("http://downloads.sourceforge.net/${pkgbase}/${pkgbase}_${_boostver}.tar.gz"
'boost_locale_utf.patch')
license=('custom')
md5sums=('f62451fa646ca392b0fbc08beb23ad12')
md5sums=('f62451fa646ca392b0fbc08beb23ad12'
'865da59ee8862de12642278ef642794d')
_stagedir="${srcdir}/stagedir"
......@@ -29,6 +31,9 @@ build() {
echo "using mpi ;" >> build/v2/user-config.jam
cd "${srcdir}"/${pkgbase}_${_boostver}
# security patch https://svn.boost.org/trac/boost/ticket/7743
patch -Np0 -i ../boost_locale_utf.patch
# build bjam
cd "${srcdir}/${pkgbase}_${_boostver}/tools/build/v2/engine"
......
Index: boost/locale/utf.hpp
===================================================================
--- boost/locale/utf.hpp (revision 81589)
+++ boost/locale/utf.hpp (revision 81590)
@@ -219,16 +219,22 @@
if(BOOST_LOCALE_UNLIKELY(p==e))
return incomplete;
tmp = *p++;
+ if (!is_trail(tmp))
+ return illegal;
c = (c << 6) | ( tmp & 0x3F);
case 2:
if(BOOST_LOCALE_UNLIKELY(p==e))
return incomplete;
tmp = *p++;
+ if (!is_trail(tmp))
+ return illegal;
c = (c << 6) | ( tmp & 0x3F);
case 1:
if(BOOST_LOCALE_UNLIKELY(p==e))
return incomplete;
tmp = *p++;
+ if (!is_trail(tmp))
+ return illegal;
c = (c << 6) | ( tmp & 0x3F);
}
Index: libs/locale/test/test_codepage_converter.cpp
===================================================================
--- libs/locale/test/test_codepage_converter.cpp (revision 81589)
+++ libs/locale/test/test_codepage_converter.cpp (revision 81590)
@@ -140,6 +140,20 @@
TEST_TO("\xf8\x90\x80\x80\x80",illegal); // 400 0000
TEST_TO("\xfd\xbf\xbf\xbf\xbf\xbf",illegal); // 7fff ffff
+ std::cout << "-- Invalid trail" << std::endl;
+ TEST_TO("\xC2\x7F",illegal);
+ TEST_TO("\xdf\x7F",illegal);
+ TEST_TO("\xe0\x7F\x80",illegal);
+ TEST_TO("\xef\xbf\x7F",illegal);
+ TEST_TO("\xe0\x7F\x80",illegal);
+ TEST_TO("\xef\xbf\x7F",illegal);
+ TEST_TO("\xf0\x7F\x80\x80",illegal);
+ TEST_TO("\xf4\x7f\xbf\xbf",illegal);
+ TEST_TO("\xf0\x90\x7F\x80",illegal);
+ TEST_TO("\xf4\x8f\x7F\xbf",illegal);
+ TEST_TO("\xf0\x90\x80\x7F",illegal);
+ TEST_TO("\xf4\x8f\xbf\x7F",illegal);
+
std::cout << "-- Invalid length" << std::endl;
/// Test that this actually works
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment