Mon Apr 28 21:35:25 2008 UTC ()
Apply patches to fix CVE-2008-0171 in boost-headers and boost-libs.
This is a fix for a possible DoS when using Boost.Regex in an application.
Note that the fix goes into a header, so all applications that use
Boost.Regex may be affected by the problem and need to be rebuilt.
(jmmv)
diff -r1.10 -r1.11 pkgsrc/devel/boost-headers/Makefile
diff -r1.9 -r1.10 pkgsrc/devel/boost-libs/Makefile
diff -r1.11 -r1.12 pkgsrc/meta-pkgs/boost/distinfo
diff -r0 -r1.1 pkgsrc/meta-pkgs/boost/patches/patch-r42674
diff -r0 -r1.1 pkgsrc/meta-pkgs/boost/patches/patch-r42745
--- pkgsrc/devel/boost-headers/Makefile 2008/02/05 23:00:27 1.10
+++ pkgsrc/devel/boost-headers/Makefile 2008/04/28 21:35:25 1.11
--- pkgsrc/devel/boost-libs/Makefile 2008/02/05 23:01:14 1.9
+++ pkgsrc/devel/boost-libs/Makefile 2008/04/28 21:35:25 1.10
| @@ -1,21 +1,23 @@ | | | @@ -1,21 +1,23 @@ |
1 | # $NetBSD: Makefile,v 1.9 2008/02/05 23:01:14 heinz Exp $ | | 1 | # $NetBSD: Makefile,v 1.10 2008/04/28 21:35:25 jmmv Exp $ |
2 | # | | 2 | # |
3 | | | 3 | |
4 | BOOST_PACKAGE= libs | | 4 | BOOST_PACKAGE= libs |
5 | BOOST_COMMENT= (binary libraries) | | 5 | BOOST_COMMENT= (binary libraries) |
6 | BOOST_CONFIG= installed | | 6 | BOOST_CONFIG= installed |
7 | BOOST_INSTALL_LIBS= yes | | 7 | BOOST_INSTALL_LIBS= yes |
8 | | | 8 | |
| | | 9 | PKG_REVISION= 1 |
| | | 10 | |
9 | PKG_DESTDIR_SUPPORT= user-destdir | | 11 | PKG_DESTDIR_SUPPORT= user-destdir |
10 | | | 12 | |
11 | .include "../../meta-pkgs/boost/Makefile.common" | | 13 | .include "../../meta-pkgs/boost/Makefile.common" |
12 | | | 14 | |
13 | BJAM_ARGS+= --without-python | | 15 | BJAM_ARGS+= --without-python |
14 | | | 16 | |
15 | .include "../../devel/boost-jam/bjam.mk" | | 17 | .include "../../devel/boost-jam/bjam.mk" |
16 | | | 18 | |
17 | do-build: bjam-build | | 19 | do-build: bjam-build |
18 | | | 20 | |
19 | do-install: boost-install-libs | | 21 | do-install: boost-install-libs |
20 | | | 22 | |
21 | .include "../../archivers/bzip2/buildlink3.mk" | | 23 | .include "../../archivers/bzip2/buildlink3.mk" |
--- pkgsrc/meta-pkgs/boost/distinfo 2008/01/04 19:58:41 1.11
+++ pkgsrc/meta-pkgs/boost/distinfo 2008/04/28 21:35:25 1.12
$NetBSD: patch-r42674,v 1.1 2008/04/28 21:35:25 jmmv Exp $
Fix for CVE-2008-0171. Patch from Boost's svn repository, r42674.
--- boost/regex/v4/basic_regex_parser.hpp (revision 38864)
+++ boost/regex/v4/basic_regex_parser.hpp (revision 42674)
@@ -785,4 +785,5 @@
case syntax_element_jump:
case syntax_element_startmark:
+ case syntax_element_backstep:
// can't legally repeat any of the above:
fail(regex_constants::error_badrepeat, m_position - m_base);
@@ -1870,4 +1871,5 @@
{
re_syntax_base* b = this->getaddress(expected_alt_point);
+ // Make sure we have exactly one alternative following this state:
if(b->type != syntax_element_alt)
{
@@ -1878,4 +1880,13 @@
{
fail(regex_constants::error_bad_pattern, m_position - m_base);
+ return false;
+ }
+ // check for invalid repetition of next state:
+ b = this->getaddress(expected_alt_point);
+ b = this->getaddress(static_cast<re_alt*>(b)->next.i, b);
+ if((b->type != syntax_element_assert_backref)
+ && (b->type != syntax_element_startmark))
+ {
+ fail(regex_constants::error_badrepeat, m_position - m_base);
return false;
}
--- libs/regex/test/regress/test_perl_ex.cpp (revision 30980)
+++ libs/regex/test/regress/test_perl_ex.cpp (revision 42674)
@@ -122,4 +122,15 @@
TEST_INVALID_REGEX("(?:(a)|b)(?(?<", perl);
TEST_INVALID_REGEX("(?:(a)|b)(?(?<a", perl);
+
+ TEST_INVALID_REGEX("(?(?!#?)+)", perl);
+ TEST_INVALID_REGEX("(?(?=:-){0})", perl);
+ TEST_INVALID_REGEX("(?(123){1})", perl);
+ TEST_INVALID_REGEX("(?(?<=A)*)", perl);
+ TEST_INVALID_REGEX("(?(?<=A)+)", perl);
+
+ TEST_INVALID_REGEX("(?<!*|^)", perl);
+ TEST_INVALID_REGEX("(?<!*|A)", perl);
+ TEST_INVALID_REGEX("(?<=?|A)", perl);
+ TEST_INVALID_REGEX("(?<=*|\B)", perl);
}
$NetBSD: patch-r42745,v 1.1 2008/04/28 21:35:25 jmmv Exp $
Fix for CVE-2008-0171. Patch from Boost's svn repository, r42745.
--- libs/regex/test/regress/test_perl_ex.cpp (revision 42674)
+++ libs/regex/test/regress/test_perl_ex.cpp (revision 42745)
@@ -132,5 +132,5 @@
TEST_INVALID_REGEX("(?<!*|A)", perl);
TEST_INVALID_REGEX("(?<=?|A)", perl);
- TEST_INVALID_REGEX("(?<=*|\B)", perl);
+ TEST_INVALID_REGEX("(?<=*|\\B)", perl);
}