boost149: fix CVE-2013-0252 by upstream patch

Also have just one patch per line in the expression.
2014-02-06 21:57:23 +01:00 · 2014-02-06 21:57:23 +01:00 · 35c586e624
commit 35c586e624
parent 2ceb44b9a9
2 changed files with 54 additions and 1 deletions
--- a/pkgs/development/libraries/boost/1.49.nix
+++ b/pkgs/development/libraries/boost/1.49.nix
@ -57,7 +57,12 @@ stdenv.mkDerivation {
  };

  # See <http://svn.boost.org/trac/boost/ticket/4688>.
-  patches = [ ./boost_filesystem_post_1_49_0.patch ./time_utc.patch ./boost-149-cstdint.patch ] ++ (stdenv.lib.optional stdenv.isDarwin ./boost-149-darwin.patch );
+  patches = [
+    ./CVE-2013-0252.patch # https://svn.boost.org/trac/boost/ticket/7743
+    ./boost_filesystem_post_1_49_0.patch
+    ./time_utc.patch
+    ./boost-149-cstdint.patch
+  ] ++ (stdenv.lib.optional stdenv.isDarwin ./boost-149-darwin.patch );

  enableParallelBuilding = true;

--- a/pkgs/development/libraries/boost/CVE-2013-0252.patch
+++ b/pkgs/development/libraries/boost/CVE-2013-0252.patch
@ -0,0 +1,48 @@
+Index: /boost/locale/utf.hpp
+===================================================================
+--- /boost/locale/utf.hpp	(revision 78304)
+++ /boost/locale/utf.hpp	(revision 81590)
+@@ -220,4 +220,6 @@
+                     return incomplete;
+                 tmp = *p++;
+                if (!is_trail(tmp))
+                    return illegal;
+                 c = (c << 6) | ( tmp & 0x3F);
+             case 2:
+@@ -225,4 +227,6 @@
+                     return incomplete;
+                 tmp = *p++;
+                if (!is_trail(tmp))
+                    return illegal;
+                 c = (c << 6) | ( tmp & 0x3F);
+             case 1:
+@@ -230,4 +234,6 @@
+                     return incomplete;
+                 tmp = *p++;
+                if (!is_trail(tmp))
+                    return illegal;
+                 c = (c << 6) | ( tmp & 0x3F);
+             }
+Index: /libs/locale/test/test_codepage_converter.cpp
+===================================================================
+--- /libs/locale/test/test_codepage_converter.cpp	(revision 73786)
+++ /libs/locale/test/test_codepage_converter.cpp	(revision 81590)
+@@ -140,4 +140,18 @@
+         TEST_TO("\xf8\x90\x80\x80\x80",illegal);  // 400 0000
+         TEST_TO("\xfd\xbf\xbf\xbf\xbf\xbf",illegal);  // 7fff ffff
+
+        std::cout << "-- Invalid trail" << std::endl;
+        TEST_TO("\xC2\x7F",illegal);
+        TEST_TO("\xdf\x7F",illegal);
+        TEST_TO("\xe0\x7F\x80",illegal);
+        TEST_TO("\xef\xbf\x7F",illegal);
+        TEST_TO("\xe0\x7F\x80",illegal);
+        TEST_TO("\xef\xbf\x7F",illegal);
+        TEST_TO("\xf0\x7F\x80\x80",illegal);
+        TEST_TO("\xf4\x7f\xbf\xbf",illegal);
+        TEST_TO("\xf0\x90\x7F\x80",illegal);
+        TEST_TO("\xf4\x8f\x7F\xbf",illegal);
+        TEST_TO("\xf0\x90\x80\x7F",illegal);
+        TEST_TO("\xf4\x8f\xbf\x7F",illegal);
+ 
+         std::cout << "-- Invalid length" << std::endl;