dev-libs/libutf8proc: Revbump with security patch (bug 610684).

author Michael Weber <xmw@gentoo.org>

Thu, 23 Feb 2017 12:28:14 +0000 (13:28 +0100)

committer Michael Weber <xmw@gentoo.org>

Thu, 23 Feb 2017 12:28:25 +0000 (13:28 +0100)
author Michael Weber <xmw@gentoo.org>
Thu, 23 Feb 2017 12:28:14 +0000 (13:28 +0100)
committer Michael Weber <xmw@gentoo.org>
Thu, 23 Feb 2017 12:28:25 +0000 (13:28 +0100)
diff --git a/dev-libs/libutf8proc/files/libutf8proc-1.3.1_p2-overrun.patch b/dev-libs/libutf8proc/files/libutf8proc-1.3.1_p2-overrun.patch

new file mode 100644 (file)

index 0000000..8ce7f4c
--- /dev/null
+++ b/dev-libs/libutf8proc/files/libutf8proc-1.3.1_p2-overrun.patch
@@ -0,0 +1,33 @@
+--- libutf8proc-1.3.1-2/test/iterate.c
++++ libutf8proc-1.3.1-2/test/iterate.c
+@@ -13,11 +13,17 @@ static void testbytes(unsigned char *buf, int len, utf8proc_ssize_t retval, int
+     utf8proc_int32_t out[16];
+     utf8proc_ssize_t ret;
+ 
++    /* Make a copy to ensure that memory is left uninitialized after "len"
++     * bytes. This way, Valgrind can detect overreads.
++     */
++    unsigned char tmp[16];
++    memcpy(tmp, buf, len);
++
+     tests++;
+-    if ((ret = utf8proc_iterate(buf, len, out)) != retval) {
++    if ((ret = utf8proc_iterate(tmp, len, out)) != retval) {
+         fprintf(stderr, "Failed (%d):", line);
+         for (int i = 0; i < len ; i++) {
+-            fprintf(stderr, " 0x%02x", buf[i]);
++            fprintf(stderr, " 0x%02x", tmp[i]);
+         }
+         fprintf(stderr, " -> %zd\n", ret);
+         error++;
+--- libutf8proc-1.3.1-2/src/utf8proc.c
++++ libutf8proc-1.3.1-2/src/utf8proc.c
+@@ -128,7 +128,7 @@ UTF8PROC_DLLEXPORT utf8proc_ssize_t utf8proc_iterate(
+   if ((uc - 0xc2) > (0xf4-0xc2)) return UTF8PROC_ERROR_INVALIDUTF8;
+   if (uc < 0xe0) {         // 2-byte sequence
+      // Must have valid continuation character
+-     if (!utf_cont(*str)) return UTF8PROC_ERROR_INVALIDUTF8;
++     if (str >= end || !utf_cont(*str)) return UTF8PROC_ERROR_INVALIDUTF8;
+      *dst = ((uc & 0x1f)<<6) | (*str & 0x3f);
+      return 2;
+   }
diff --git a/dev-libs/libutf8proc/libutf8proc-1.3.1_p2.ebuild b/dev-libs/libutf8proc/libutf8proc-1.3.1_p2-r1.ebuild

similarity index 82%

rename from dev-libs/libutf8proc/libutf8proc-1.3.1_p2.ebuild

rename to dev-libs/libutf8proc/libutf8proc-1.3.1_p2-r1.ebuild

index 9e3662d0f1422ce1d7d60a468f30511183467bda..f2d7bd1398cbdffe572e6ab3c4b00935a5d3d63f 100644 (file)
--- a/dev-libs/libutf8proc/libutf8proc-1.3.1_p2.ebuild
+++ b/dev-libs/libutf8proc/libutf8proc-1.3.1_p2-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2016 Gentoo Foundation
+# Copyright 1999-2017 Gentoo Foundation
  # Distributed under the terms of the GNU General Public License v2
  # $Id$
  
@@ -20,4 +20,6 @@ IUSE=""
  RDEPEND=""
  DEPEND="${RDEPEND}"
  
+PATCHES=( "${FILESDIR}"/${PN}-1.3.1_p2-overrun.patch )
+
  S="${WORKDIR}/${P/_p/-}"
author	Michael Weber <xmw@gentoo.org>
	Thu, 23 Feb 2017 12:28:14 +0000 (13:28 +0100)
committer	Michael Weber <xmw@gentoo.org>
	Thu, 23 Feb 2017 12:28:25 +0000 (13:28 +0100)
dev-libs/libutf8proc/files/libutf8proc-1.3.1_p2-overrun.patch	[new file with mode: 0644]	patch \| blob
dev-libs/libutf8proc/libutf8proc-1.3.1_p2-r1.ebuild	[moved from dev-libs/libutf8proc/libutf8proc-1.3.1_p2.ebuild with 82% similarity]	patch \| blob \| history