Mon Apr 28 21:35:25 2008 UTC ()

Apply patches to fix CVE-2008-0171 in boost-headers and boost-libs.
This is a fix for a possible DoS when using Boost.Regex in an application.

Note that the fix goes into a header, so all applications that use
Boost.Regex may be affected by the problem and need to be rebuilt.


(jmmv)

diff -r1.10 -r1.11 pkgsrc/devel/boost-headers/Makefile
diff -r1.9 -r1.10 pkgsrc/devel/boost-libs/Makefile
diff -r1.11 -r1.12 pkgsrc/meta-pkgs/boost/distinfo
diff -r0 -r1.1 pkgsrc/meta-pkgs/boost/patches/patch-r42674
diff -r0 -r1.1 pkgsrc/meta-pkgs/boost/patches/patch-r42745

--- pkgsrc/devel/boost-headers/Makefile 2008/02/05 23:00:27 1.10
+++ pkgsrc/devel/boost-headers/Makefile 2008/04/28 21:35:25 1.11

 @@ -1,20 +1,22 @@
-# $NetBSD: Makefile,v 1.10 2008/02/05 23:00:27 heinz Exp $
+# $NetBSD: Makefile,v 1.11 2008/04/28 21:35:25 jmmv Exp $
+#
 BOOST_PACKAGE=		headers
 BOOST_COMMENT=		(build-time headers)
 BOOST_CONFIG=		generate
 PKGREVISION=		1
 PKG_DESTDIR_SUPPORT=	user-destdir
 .include "../../meta-pkgs/boost/Makefile.common"
 BJAM_ARGS+=		--without-* # disable all libraries
 .include "../../devel/boost-jam/bjam.mk"
 do-build:
 do-install: bjam-install
 	${FIND} ${DESTDIR}${PREFIX}/include/boost \
 		-type f -print | ${XARGS} ${CHOWN} ${SHAREOWN}:${SHAREGRP}

--- pkgsrc/devel/boost-libs/Makefile 2008/02/05 23:01:14 1.9
+++ pkgsrc/devel/boost-libs/Makefile 2008/04/28 21:35:25 1.10

 @@ -1,21 +1,23 @@
-# $NetBSD: Makefile,v 1.9 2008/02/05 23:01:14 heinz Exp $
+# $NetBSD: Makefile,v 1.10 2008/04/28 21:35:25 jmmv Exp $
+#
 BOOST_PACKAGE=		libs
 BOOST_COMMENT=		(binary libraries)
 BOOST_CONFIG=		installed
 BOOST_INSTALL_LIBS=	yes
 PKG_REVISION=		1
 PKG_DESTDIR_SUPPORT=	user-destdir
 .include "../../meta-pkgs/boost/Makefile.common"
 BJAM_ARGS+=		--without-python
 .include "../../devel/boost-jam/bjam.mk"
 do-build: bjam-build
 do-install: boost-install-libs
 .include "../../archivers/bzip2/buildlink3.mk"

--- pkgsrc/meta-pkgs/boost/distinfo 2008/01/04 19:58:41 1.11
+++ pkgsrc/meta-pkgs/boost/distinfo 2008/04/28 21:35:25 1.12

 @@ -1,14 +1,16 @@
-$NetBSD: distinfo,v 1.11 2008/01/04 19:58:41 jmmv Exp $
+$NetBSD: distinfo,v 1.12 2008/04/28 21:35:25 jmmv Exp $
 SHA1 (boost_1_34_1.tar.bz2) = b771271d5cbd3bdb0f119dd66dfd36bad7a66866
 RMD160 (boost_1_34_1.tar.bz2) = 303327ff852bc19dd7a94657fdef3c56f5882e06
 Size (boost_1_34_1.tar.bz2) = 12986931 bytes
 SHA1 (patch-ac) = 453d4107df03e96e66cbdbebceebdfcbed2710c1
 SHA1 (patch-ad) = 074db0bdee7ca145cda2c938626b7d5e3e1e7368
 SHA1 (patch-af) = f0a1fc4b9884663fbe5b9613bc61837b8e6e6af1
 SHA1 (patch-ah) = dc5d1d90998aad0f9689470166fd82f1eccdffe3
 SHA1 (patch-ak) = 32785c636ccc9be479db2d40d170f95e77d4e291
 SHA1 (patch-al) = 23756770d17d7958b0b9423e379fe0a1a2dd83f8
 SHA1 (patch-am) = 07f1e1e15d4129c7a8762ad2e81632fdd24e9515
 SHA1 (patch-an) = 91887a9a37e9d891252e0556ee40b58a1c6bc6cf
 SHA1 (patch-ao) = a8499a326f72c9fbfd31f0b0f23014729a2a0dae
 SHA1 (patch-r42674) = f115b4ae5ab3e184d711a9d8968f3a435249e5f3
 SHA1 (patch-r42745) = 432417b0ad4944c9da9f68cf2e855d91c698c4f6

$NetBSD: patch-r42674,v 1.1 2008/04/28 21:35:25 jmmv Exp $

Fix for CVE-2008-0171.  Patch from Boost's svn repository, r42674.

--- boost/regex/v4/basic_regex_parser.hpp (revision 38864)
+++ boost/regex/v4/basic_regex_parser.hpp (revision 42674)
@@ -785,4 +785,5 @@
       case syntax_element_jump:
       case syntax_element_startmark:
+      case syntax_element_backstep:
          // can't legally repeat any of the above:
          fail(regex_constants::error_badrepeat, m_position - m_base);
@@ -1870,4 +1871,5 @@
    {
       re_syntax_base* b = this->getaddress(expected_alt_point);
+      // Make sure we have exactly one alternative following this state:
       if(b->type != syntax_element_alt)
       {
@@ -1878,4 +1880,13 @@
       {
          fail(regex_constants::error_bad_pattern, m_position - m_base);
+         return false;
+      }
+      // check for invalid repetition of next state:
+      b = this->getaddress(expected_alt_point);
+      b = this->getaddress(static_cast<re_alt*>(b)->next.i, b);
+      if((b->type != syntax_element_assert_backref)
+         && (b->type != syntax_element_startmark))
+      {
+         fail(regex_constants::error_badrepeat, m_position - m_base);
          return false;
       }
--- libs/regex/test/regress/test_perl_ex.cpp (revision 30980)
+++ libs/regex/test/regress/test_perl_ex.cpp (revision 42674)
@@ -122,4 +122,15 @@
    TEST_INVALID_REGEX("(?:(a)|b)(?(?<", perl);
    TEST_INVALID_REGEX("(?:(a)|b)(?(?<a", perl);
+
+   TEST_INVALID_REGEX("(?(?!#?)+)", perl);
+   TEST_INVALID_REGEX("(?(?=:-){0})", perl);
+   TEST_INVALID_REGEX("(?(123){1})", perl);
+   TEST_INVALID_REGEX("(?(?<=A)*)", perl);
+   TEST_INVALID_REGEX("(?(?<=A)+)", perl);
+
+   TEST_INVALID_REGEX("(?<!*|^)", perl);
+   TEST_INVALID_REGEX("(?<!*|A)", perl);
+   TEST_INVALID_REGEX("(?<=?|A)", perl);
+   TEST_INVALID_REGEX("(?<=*|\B)", perl);
 }

$NetBSD: patch-r42745,v 1.1 2008/04/28 21:35:25 jmmv Exp $

Fix for CVE-2008-0171.  Patch from Boost's svn repository, r42745.

--- libs/regex/test/regress/test_perl_ex.cpp (revision 42674)
+++ libs/regex/test/regress/test_perl_ex.cpp (revision 42745)
@@ -132,5 +132,5 @@
    TEST_INVALID_REGEX("(?<!*|A)", perl);
    TEST_INVALID_REGEX("(?<=?|A)", perl);
-   TEST_INVALID_REGEX("(?<=*|\B)", perl);
+   TEST_INVALID_REGEX("(?<=*|\\B)", perl);
 }