[pkg-boost-commits] r14144 - in boost/trunk: boost/regex/v4 debian debian/patches libs/regex/test/regress
cavok at alioth.debian.org
cavok at alioth.debian.org
Thu Jan 17 18:01:46 UTC 2008
Author: cavok
Date: 2008-01-17 18:01:36 +0000 (Thu, 17 Jan 2008)
New Revision: 14144
Added:
boost/trunk/debian/patches/05_regex_fixes.patch
Modified:
boost/trunk/boost/regex/v4/basic_regex_parser.hpp
boost/trunk/debian/changelog
boost/trunk/libs/regex/test/regress/test_perl_ex.cpp
Log:
re-synchronized with ubuntu, fixes #461236
Modified: boost/trunk/boost/regex/v4/basic_regex_parser.hpp
===================================================================
--- boost/trunk/boost/regex/v4/basic_regex_parser.hpp 2007-12-28 20:19:48 UTC (rev 14143)
+++ boost/trunk/boost/regex/v4/basic_regex_parser.hpp 2008-01-17 18:01:36 UTC (rev 14144)
@@ -777,6 +777,7 @@
case syntax_element_restart_continue:
case syntax_element_jump:
case syntax_element_startmark:
+ case syntax_element_backstep:
// can't legally repeat any of the above:
fail(regex_constants::error_badrepeat, m_position - m_base);
return false;
@@ -1862,6 +1863,7 @@
if(markid == -4)
{
re_syntax_base* b = this->getaddress(expected_alt_point);
+ // Make sure we have exactly one alternative following this state:
if(b->type != syntax_element_alt)
{
re_alt* alt = static_cast<re_alt*>(this->insert_state(expected_alt_point, syntax_element_alt, sizeof(re_alt)));
@@ -1872,6 +1874,15 @@
fail(regex_constants::error_bad_pattern, m_position - m_base);
return false;
}
+ // check for invalid repetition of next state:
+ b = this->getaddress(expected_alt_point);
+ b = this->getaddress(static_cast<re_alt*>(b)->next.i, b);
+ if((b->type != syntax_element_assert_backref)
+ && (b->type != syntax_element_startmark))
+ {
+ fail(regex_constants::error_badrepeat, m_position - m_base);
+ return false;
+ }
}
//
// append closing parenthesis state:
Modified: boost/trunk/debian/changelog
===================================================================
--- boost/trunk/debian/changelog 2007-12-28 20:19:48 UTC (rev 14143)
+++ boost/trunk/debian/changelog 2008-01-17 18:01:36 UTC (rev 14144)
@@ -1,3 +1,10 @@
+boost (1.34.1-5) experimental; urgency=low
+
+ * Re-synchronized with friends from Ubuntu. Thanks!
+ - got fixes for CVE-2008-0171 and CVE-2008-0172. Closes: #461236.
+
+ -- Domenico Andreoli <cavok at debian.org> Thu, 17 Jan 2008 19:00:27 +0100
+
boost (1.34.1-4) unstable; urgency=low
* Merged Steve Langasek's -2.1 and -2.2 changes into
@@ -5,6 +12,19 @@
-- Steve M. Robbins <smr at debian.org> Sun, 23 Dec 2007 21:14:55 -0600
+boost (1.34.1-2.3) unstable; urgency=low
+
+ * debian/patches/05_regex_fixes.patch: fix for
+ basic_regex_parser() in boost/regex/v4/basic_regex_parser.hpp to return
+ error on invalid repetition of next state
+ * References
+ CVE-2008-0171
+ CVE-2008-0172
+ http://svn.boost.org/trac/boost/changeset/42674
+ http://svn.boost.org/trac/boost/changeset/42745
+
+ -- Jamie Strandboge <jamie at strandboge.com> Tue, 15 Jan 2008 18:22:26 +0000
+
boost (1.34.1-2.2) unstable; urgency=low
* Non-maintainer upload.
Added: boost/trunk/debian/patches/05_regex_fixes.patch
===================================================================
--- boost/trunk/debian/patches/05_regex_fixes.patch (rev 0)
+++ boost/trunk/debian/patches/05_regex_fixes.patch 2008-01-17 18:01:36 UTC (rev 14144)
@@ -0,0 +1,56 @@
+diff -Naur ../unpatched/boost-1.34.1/boost/regex/v4/basic_regex_parser.hpp boost-1.34.1/boost/regex/v4/basic_regex_parser.hpp
+--- ../unpatched/boost-1.34.1/boost/regex/v4/basic_regex_parser.hpp 2006-12-20 17:19:05.000000000 +0000
++++ boost-1.34.1/boost/regex/v4/basic_regex_parser.hpp 2008-01-15 18:20:54.000000000 +0000
+@@ -777,6 +777,7 @@
+ case syntax_element_restart_continue:
+ case syntax_element_jump:
+ case syntax_element_startmark:
++ case syntax_element_backstep:
+ // can't legally repeat any of the above:
+ fail(regex_constants::error_badrepeat, m_position - m_base);
+ return false;
+@@ -1862,6 +1863,7 @@
+ if(markid == -4)
+ {
+ re_syntax_base* b = this->getaddress(expected_alt_point);
++ // Make sure we have exactly one alternative following this state:
+ if(b->type != syntax_element_alt)
+ {
+ re_alt* alt = static_cast<re_alt*>(this->insert_state(expected_alt_point, syntax_element_alt, sizeof(re_alt)));
+@@ -1872,6 +1874,15 @@
+ fail(regex_constants::error_bad_pattern, m_position - m_base);
+ return false;
+ }
++ // check for invalid repetition of next state:
++ b = this->getaddress(expected_alt_point);
++ b = this->getaddress(static_cast<re_alt*>(b)->next.i, b);
++ if((b->type != syntax_element_assert_backref)
++ && (b->type != syntax_element_startmark))
++ {
++ fail(regex_constants::error_badrepeat, m_position - m_base);
++ return false;
++ }
+ }
+ //
+ // append closing parenthesis state:
+diff -Naur ../unpatched/boost-1.34.1/libs/regex/test/regress/test_perl_ex.cpp boost-1.34.1/libs/regex/test/regress/test_perl_ex.cpp
+--- ../unpatched/boost-1.34.1/libs/regex/test/regress/test_perl_ex.cpp 2005-09-14 12:20:08.000000000 +0000
++++ boost-1.34.1/libs/regex/test/regress/test_perl_ex.cpp 2008-01-15 18:20:54.000000000 +0000
+@@ -121,6 +121,17 @@
+ TEST_INVALID_REGEX("(?:(a)|b)(?(?:", perl);
+ TEST_INVALID_REGEX("(?:(a)|b)(?(?<", perl);
+ TEST_INVALID_REGEX("(?:(a)|b)(?(?<a", perl);
++
++ TEST_INVALID_REGEX("(?(?!#?)+)", perl);
++ TEST_INVALID_REGEX("(?(?=:-){0})", perl);
++ TEST_INVALID_REGEX("(?(123){1})", perl);
++ TEST_INVALID_REGEX("(?(?<=A)*)", perl);
++ TEST_INVALID_REGEX("(?(?<=A)+)", perl);
++
++ TEST_INVALID_REGEX("(?<!*|^)", perl);
++ TEST_INVALID_REGEX("(?<!*|A)", perl);
++ TEST_INVALID_REGEX("(?<=?|A)", perl);
++ TEST_INVALID_REGEX("(?<=*|\\B)", perl);
+ }
+
+ void test_options()
Modified: boost/trunk/libs/regex/test/regress/test_perl_ex.cpp
===================================================================
--- boost/trunk/libs/regex/test/regress/test_perl_ex.cpp 2007-12-28 20:19:48 UTC (rev 14143)
+++ boost/trunk/libs/regex/test/regress/test_perl_ex.cpp 2008-01-17 18:01:36 UTC (rev 14144)
@@ -121,6 +121,17 @@
TEST_INVALID_REGEX("(?:(a)|b)(?(?:", perl);
TEST_INVALID_REGEX("(?:(a)|b)(?(?<", perl);
TEST_INVALID_REGEX("(?:(a)|b)(?(?<a", perl);
+
+ TEST_INVALID_REGEX("(?(?!#?)+)", perl);
+ TEST_INVALID_REGEX("(?(?=:-){0})", perl);
+ TEST_INVALID_REGEX("(?(123){1})", perl);
+ TEST_INVALID_REGEX("(?(?<=A)*)", perl);
+ TEST_INVALID_REGEX("(?(?<=A)+)", perl);
+
+ TEST_INVALID_REGEX("(?<!*|^)", perl);
+ TEST_INVALID_REGEX("(?<!*|A)", perl);
+ TEST_INVALID_REGEX("(?<=?|A)", perl);
+ TEST_INVALID_REGEX("(?<=*|\\B)", perl);
}
void test_options()
More information about the pkg-boost-commits
mailing list