commit eca7341987d326c0ddff93dd5e6ba4b0d7341ceb Author: Danny Rawlins <contact@romster.me> Date: Sat Jan 16 22:35:34 2021 +1100 [notify] boost: include b2/bjam tool, security fix for CVE-2012-2677 diff --git a/boost/.footprint b/boost/.footprint index 47d13f12e..f0bb53df1 100644 --- a/boost/.footprint +++ b/boost/.footprint @@ -1,4 +1,7 @@ drwxr-xr-x root/root usr/ +drwxr-xr-x root/root usr/bin/ +-rwxr-xr-x root/root usr/bin/b2 +lrwxrwxrwx root/root usr/bin/bjam -> b2 drwxr-xr-x root/root usr/include/ drwxr-xr-x root/root usr/include/boost/ drwxr-xr-x root/root usr/include/boost/accumulators/ diff --git a/boost/.signature b/boost/.signature index 0d3dac0f0..786bb6ab4 100644 --- a/boost/.signature +++ b/boost/.signature @@ -1,5 +1,8 @@ untrusted comment: verify with /etc/ports/contrib.pub -RWSagIOpLGJF3xrkBffUPmvuGrayc3sr/5OlPhKQTHKqBCpIHrezU8loMB80JR1LX7tgsc04uMh96HaBp4RR4jDyRxJnYMr45wY= -SHA256 (Pkgfile) = 8da44242cae5c54ead8335a9804bc189e43008827a70c70976096015d085b613 -SHA256 (.footprint) = e6bd9fa28c9d3b43eed8961791c1c61f76c2edeae4c76823fff9f51e93bae1e4 +RWSagIOpLGJF3x1r6VrQCcUs010I6Z+yJTxUNa58Wyip4XliJCqkfVeq8uxKh2Rojbf97jDxmdLfR3sBH3BP/sHaS6D8rmO1wAA= +SHA256 (Pkgfile) = 9f62399df97241ac4e556cc2416ba1e37f65d74ab1d8854288a3ea44c7e4818d +SHA256 (.footprint) = 89c146efd6d50b6efae4dad44fd401f1f9de5ced2a3e00ca3da16dbbb40b582c SHA256 (boost_1_75_0.tar.bz2) = 953db31e016db7bb207f11432bef7df100516eeb746843fa0486a222e3fd49cb +SHA256 (boost-1.74-CVE-2012-2677.patch) = 22cebe2a5020b3ce362e52ccc05506dbcc885723896373409597f0b4d0de1f53 +SHA256 (boost-1.71.0-disable_icu_rpath.patch) = a47429ab9a144ed9d9a12dcdac9dbcd15c490b726fc7e1d6db204bda8a4b987e +SHA256 (boost-ublas-c++20-iterator.patch) = aa38addb40d5f44b4a8472029b475e7e6aef1c460509eb7d8edf03491dc1b5ee diff --git a/boost/Pkgfile b/boost/Pkgfile index dd816fea6..523694ee9 100644 --- a/boost/Pkgfile +++ b/boost/Pkgfile @@ -6,12 +6,21 @@ name=boost version=1.75.0 -release=1 -source=(https://dl.bintray.com/boostorg/release/$version/source/${name}_${version//./_}.tar.bz2) +release=2 +source=(https://dl.bintray.com/boostorg/release/$version/source/${name}_${version//./_}.tar.bz2 + boost-1.74-CVE-2012-2677.patch + boost-1.71.0-disable_icu_rpath.patch + boost-ublas-c++20-iterator.patch) build() { cd ${name}_${version//./_} + patch -p1 -i $SRC/boost-1.74-CVE-2012-2677.patch + patch -p1 -i $SRC/boost-1.71.0-disable_icu_rpath.patch + + # https://github.com/boostorg/ublas/commit/a31e5cffa85f.patch + patch -p2 -i $SRC/boost-ublas-c++20-iterator.patch + local config=" variant=release \ threading=multi \ @@ -28,6 +37,9 @@ toolset=gcc \ ./b2 stage $config python="$pyver2" ./b2 install threading=multi link=shared + install -m 0755 -D b2 $PKG/usr/bin/b2 + ln -s b2 $PKG/usr/bin/bjam + ## ./bootstrap.sh --prefix=$PKG/usr --with-toolset=gcc $ICU --with-python=/usr/bin/python3 --with-libraries=python local pyver3=$(/usr/bin/python3 -c 'import sys; print("%s.%s" % sys.version_info[:2])') diff --git a/boost/boost-1.71.0-disable_icu_rpath.patch b/boost/boost-1.71.0-disable_icu_rpath.patch new file mode 100644 index 000000000..32faf8d0e --- /dev/null +++ b/boost/boost-1.71.0-disable_icu_rpath.patch @@ -0,0 +1,29 @@ +--- a/libs/locale/build/Jamfile.v2 ++++ b/libs/locale/build/Jamfile.v2 +@@ -65,8 +65,8 @@ + + if $(ICU_LINK) + { +- ICU_OPTS = <include>$(ICU_PATH)/include <linkflags>$(ICU_LINK) <dll-path>$(ICU_PATH)/bin <runtime-link>shared ; +- ICU64_OPTS = <include>$(ICU_PATH)/include <linkflags>$(ICU_LINK) <dll-path>$(ICU_PATH)/bin64 <runtime-link>shared ; ++ ICU_OPTS = <include>$(ICU_PATH)/include <linkflags>$(ICU_LINK) <runtime-link>shared ; ++ ICU64_OPTS = <include>$(ICU_PATH)/include <linkflags>$(ICU_LINK) <runtime-link>shared ; + } + else + { +@@ -124,7 +124,6 @@ + <library>icuuc/<link>shared/<runtime-link>shared + <library>icudt/<link>shared/<runtime-link>shared + <library>icuin/<link>shared/<runtime-link>shared +- <dll-path>$(ICU_PATH)/bin + <runtime-link>shared ; + + +@@ -183,7 +182,6 @@ + <library>icuuc_64/<link>shared/<runtime-link>shared + <library>icudt_64/<link>shared/<runtime-link>shared + <library>icuin_64/<link>shared/<runtime-link>shared +- <dll-path>$(ICU_PATH)/bin64 + <runtime-link>shared ; + + diff --git a/boost/boost-1.74-CVE-2012-2677.patch b/boost/boost-1.74-CVE-2012-2677.patch new file mode 100644 index 000000000..ff947f74f --- /dev/null +++ b/boost/boost-1.74-CVE-2012-2677.patch @@ -0,0 +1,125 @@ +https://src.fedoraproject.org/rpms/boost/raw/master/f/boost-1.58.0-pool.patc... +https://bugzilla.redhat.com/show_bug.cgi?id=828856 +https://bugs.gentoo.org/620468 +https://svn.boost.org/trac10/ticket/6701 + +Index: boost/pool/pool.hpp +=================================================================== +--- a/boost/pool/pool.hpp (revision 78317) ++++ b/boost/pool/pool.hpp (revision 78326) +@@ -27,4 +27,6 @@ + #include <boost/pool/poolfwd.hpp> + ++// std::numeric_limits ++#include <boost/limits.hpp> + // boost::integer::static_lcm + #include <boost/integer/common_factor_ct.hpp> +@@ -358,4 +360,11 @@ + } + ++ size_type max_chunks() const ++ { //! Calculated maximum number of memory chunks that can be allocated in a single call by this Pool. ++ size_type partition_size = alloc_size(); ++ size_type POD_size = integer::static_lcm<sizeof(size_type), sizeof(void *)>::value + sizeof(size_type); ++ return (std::numeric_limits<size_type>::max() - POD_size) / alloc_size(); ++ } ++ + static void * & nextof(void * const ptr) + { //! \returns Pointer dereferenced. +@@ -377,5 +388,7 @@ + //! the first time that object needs to allocate system memory. + //! The default is 32. This parameter may not be 0. +- //! \param nmax_size is the maximum number of chunks to allocate in one block. ++ //! \param nmax_size is the maximum number of chunks to allocate in one block. ++ set_next_size(nnext_size); ++ set_max_size(nmax_size); + } + +@@ -400,7 +413,7 @@ + } + void set_next_size(const size_type nnext_size) +- { //! Set number of chunks to request from the system the next time that object needs to allocate system memory. This value should never be set to 0. +- //! \returns nnext_size. +- next_size = start_size = nnext_size; ++ { //! Set number of chunks to request from the system the next time that object needs to allocate system memory. This value should never be set to 0. ++ BOOST_USING_STD_MIN(); ++ next_size = start_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(nnext_size, max_chunks()); + } + size_type get_max_size() const +@@ -410,5 +423,6 @@ + void set_max_size(const size_type nmax_size) + { //! Set max_size. +- max_size = nmax_size; ++ BOOST_USING_STD_MIN(); ++ max_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(nmax_size, max_chunks()); + } + size_type get_requested_size() const +@@ -713,7 +727,7 @@ + BOOST_USING_STD_MIN(); + if(!max_size) +- next_size <<= 1; ++ set_next_size(next_size << 1); + else if( next_size*partition_size/requested_size < max_size) +- next_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size*requested_size/ partition_size); ++ set_next_size(min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size * requested_size / partition_size)); + + // initialize it, +@@ -753,7 +767,7 @@ + BOOST_USING_STD_MIN(); + if(!max_size) +- next_size <<= 1; ++ set_next_size(next_size << 1); + else if( next_size*partition_size/requested_size < max_size) +- next_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size*requested_size/ partition_size); ++ set_next_size(min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size * requested_size / partition_size)); + + // initialize it, +@@ -797,4 +811,6 @@ + //! \returns Address of chunk n if allocated ok. + //! \returns 0 if not enough memory for n chunks. ++ if (n > max_chunks()) ++ return 0; + + const size_type partition_size = alloc_size(); +@@ -845,7 +861,7 @@ + BOOST_USING_STD_MIN(); + if(!max_size) +- next_size <<= 1; ++ set_next_size(next_size << 1); + else if( next_size*partition_size/requested_size < max_size) +- next_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size*requested_size/ partition_size); ++ set_next_size(min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size * requested_size / partition_size)); + + // insert it into the list, +Index: libs/pool/test/test_bug_6701.cpp +=================================================================== +--- a/libs/pool/test/test_bug_6701.cpp (revision 78326) ++++ b/libs/pool/test/test_bug_6701.cpp (revision 78326) +@@ -0,0 +1,27 @@ ++/* Copyright (C) 2012 Étienne Dupuis ++* ++* Use, modification and distribution is subject to the ++* Boost Software License, Version 1.0. (See accompanying ++* file LICENSE_1_0.txt or http://www.boost.org/LICENSE_1_0.txt) ++*/ ++ ++// Test of bug #6701 (https://svn.boost.org/trac/boost/ticket/6701) ++ ++#include <boost/pool/object_pool.hpp> ++#include <boost/limits.hpp> ++ ++int main() ++{ ++ boost::pool<> p(1024, std::numeric_limits<size_t>::max() / 768); ++ ++ void *x = p.malloc(); ++ BOOST_ASSERT(!x); ++ ++ BOOST_ASSERT(std::numeric_limits<size_t>::max() / 1024 >= p.get_next_size()); ++ BOOST_ASSERT(std::numeric_limits<size_t>::max() / 1024 >= p.get_max_size()); ++ ++ void *y = p.ordered_malloc(std::numeric_limits<size_t>::max() / 768); ++ BOOST_ASSERT(!y); ++ ++ return 0; ++} diff --git a/boost/boost-ublas-c++20-iterator.patch b/boost/boost-ublas-c++20-iterator.patch new file mode 100644 index 000000000..21321cc37 --- /dev/null +++ b/boost/boost-ublas-c++20-iterator.patch @@ -0,0 +1,59 @@ +From a31e5cffa85f58b64a39fa7c4a1bd3bd9228b069 Mon Sep 17 00:00:00 2001 +From: Conrad Poelman <cpgithub@stellarscience.com> +Date: Tue, 4 Aug 2020 17:20:40 -0400 +Subject: [PATCH] Remove deprecated inheritance from std::iterator (#97) + +std::iterator was deprecated in C++17 and removed in C++20. I replaced the inheritance with the 5 equivalent typedefs, even though they're not all used by ublas, for compatibility in case clients depend on them. +--- + .../boost/numeric/ublas/detail/iterator.hpp | 24 ++++++++++++++----- + 1 file changed, 18 insertions(+), 6 deletions(-) + +diff --git a/include/boost/numeric/ublas/detail/iterator.hpp b/include/boost/numeric/ublas/detail/iterator.hpp +index 1723a301c..7aebf2f9f 100644 +--- a/include/boost/numeric/ublas/detail/iterator.hpp ++++ b/include/boost/numeric/ublas/detail/iterator.hpp +@@ -107,8 +107,12 @@ namespace boost { namespace numeric { namespace ublas { + * via the post increment operator. + */ + template<class IC, class I, class T> +- struct forward_iterator_base: +- public std::iterator<IC, T> { ++ struct forward_iterator_base { ++ typedef IC iterator_category; ++ typedef T value_type; ++ typedef std::ptrdiff_t difference_type; ++ typedef T* pointer; ++ typedef T& reference; + typedef I derived_iterator_type; + typedef T derived_value_type; + +@@ -145,8 +149,12 @@ namespace boost { namespace numeric { namespace ublas { + * via the post increment and post decrement operator. + */ + template<class IC, class I, class T> +- struct bidirectional_iterator_base: +- public std::iterator<IC, T> { ++ struct bidirectional_iterator_base { ++ typedef IC iterator_category; ++ typedef T value_type; ++ typedef std::ptrdiff_t difference_type; ++ typedef T* pointer; ++ typedef T& reference; + typedef I derived_iterator_type; + typedef T derived_value_type; + +@@ -200,8 +208,12 @@ namespace boost { namespace numeric { namespace ublas { + */ + template<class IC, class I, class T, class D = std::ptrdiff_t> + // ISSUE the default for D seems rather dangerous as it can easily be (silently) incorrect +- struct random_access_iterator_base: +- public std::iterator<IC, T> { ++ struct random_access_iterator_base { ++ typedef IC iterator_category; ++ typedef T value_type; ++ typedef D difference_type; ++ typedef T* pointer; ++ typedef T& reference; + typedef I derived_iterator_type; + typedef T derived_value_type; + typedef D derived_difference_type;