Git-Url:
http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-current.git;a=commitdiff;h=b76c90a3b9f8e4b6ebad5da8a4d3c2faa32854e6
commit b76c90a3b9f8e4b6ebad5da8a4d3c2faa32854e6
Author: crazy <[EMAIL PROTECTED]>
Date: Tue Jan 22 16:13:37 2008 +0100
boost-1.34.1-2-i686
* [SEC] release bump
* added CVE-2008-0171.patch and CVE-2008-0172.patch
* closes #2720 in -current
diff --git a/source/devel-extra/boost/CVE-2008-0171.patch
b/source/devel-extra/boost/CVE-2008-0171.patch
new file mode 100644
index 0000000..3226b2e
--- /dev/null
+++ b/source/devel-extra/boost/CVE-2008-0171.patch
@@ -0,0 +1,19 @@
+Index: /libs/regex/test/regress/test_perl_ex.cpp
+===================================================================
+--- /libs/regex/test/regress/test_perl_ex.cpp (revision 30980)
++++ /libs/regex/test/regress/test_perl_ex.cpp (revision 42674)
+@@ -122,4 +122,15 @@
+ TEST_INVALID_REGEX("(?:(a)|b)(?(?<", perl);
+ TEST_INVALID_REGEX("(?:(a)|b)(?(?<a", perl);
++
++ TEST_INVALID_REGEX("(?(?!#?)+)", perl);
++ TEST_INVALID_REGEX("(?(?=:-){0})", perl);
++ TEST_INVALID_REGEX("(?(123){1})", perl);
++ TEST_INVALID_REGEX("(?(?<=A)*)", perl);
++ TEST_INVALID_REGEX("(?(?<=A)+)", perl);
++
++ TEST_INVALID_REGEX("(?<!*|^)", perl);
++ TEST_INVALID_REGEX("(?<!*|A)", perl);
++ TEST_INVALID_REGEX("(?<=?|A)", perl);
++ TEST_INVALID_REGEX("(?<=*|\B)", perl);
+ }
diff --git a/source/devel-extra/boost/CVE-2008-0172.patch
b/source/devel-extra/boost/CVE-2008-0172.patch
new file mode 100644
index 0000000..e4aa614
--- /dev/null
+++ b/source/devel-extra/boost/CVE-2008-0172.patch
@@ -0,0 +1,30 @@
+Index: /boost/regex/v4/basic_regex_parser.hpp
+===================================================================
+--- /boost/regex/v4/basic_regex_parser.hpp (revision 38864)
++++ /boost/regex/v4/basic_regex_parser.hpp (revision 42674)
+@@ -785,4 +785,5 @@
+ case syntax_element_jump:
+ case syntax_element_startmark:
++ case syntax_element_backstep:
+ // can't legally repeat any of the above:
+ fail(regex_constants::error_badrepeat, m_position - m_base);
+@@ -1870,4 +1871,5 @@
+ {
+ re_syntax_base* b = this->getaddress(expected_alt_point);
++ // Make sure we have exactly one alternative following this state:
+ if(b->type != syntax_element_alt)
+ {
+@@ -1878,4 +1880,13 @@
+ {
+ fail(regex_constants::error_bad_pattern, m_position - m_base);
++ return false;
++ }
++ // check for invalid repetition of next state:
++ b = this->getaddress(expected_alt_point);
++ b = this->getaddress(static_cast<re_alt*>(b)->next.i, b);
++ if((b->type != syntax_element_assert_backref)
++ && (b->type != syntax_element_startmark))
++ {
++ fail(regex_constants::error_badrepeat, m_position - m_base);
+ return false;
+ }
diff --git a/source/devel-extra/boost/FrugalBuild
b/source/devel-extra/boost/FrugalBuild
index 91599b0..408447f 100644
--- a/source/devel-extra/boost/FrugalBuild
+++ b/source/devel-extra/boost/FrugalBuild
@@ -4,7 +4,7 @@
pkgname=boost
pkgver=1.34.1
-pkgrel=1
+pkgrel=2
pkgdesc="Boost header files , examples and tools"
_F_sourceforge_ext=".tar.bz2"
Finclude sourceforge python
@@ -14,9 +14,11 @@ makedepends=('boost-jam>=3.1.16' 'python' 'icu>=3.8' 'bzip2'
'zlib')
groups=('devel-extra')
archs=('i686' 'x86_64')
up2date="lynx -dump http://sourceforge.net/project/showfiles.php?group_id=7586
| grep 'Latest.*Notes' | sed -n 's/.*\]\([0-9\.]\+\) \[.*/\1/;1 p'"
-source=(${source/-$pkgver/_${pkgver//./_}})
+source=(${source/-$pkgver/_${pkgver//./_}} CVE-2008-0171.patch
CVE-2008-0172.patch)
_F_cd_path="${pkgname}_`echo $pkgver|tr . _`"
-sha1sums=('b771271d5cbd3bdb0f119dd66dfd36bad7a66866')
+sha1sums=('b771271d5cbd3bdb0f119dd66dfd36bad7a66866' \
+ 'd793699347692e5f56eb9d09343ed8bb1c9bd7ce' \
+ 'dded66ac4a086653a51fc66e07ff038b52ee5d2c')
subpkgs=("libboost" "libboost-mt" "libboost-static" "libboost-mt-static")
subdescs=('Boost libraries.' 'Boost libraries with multithreading support.' \
_______________________________________________
Frugalware-git mailing list
[email protected]
http://frugalware.org/mailman/listinfo/frugalware-git
