Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 620468 (CVE-2012-2677) - <dev-libs/boost-1.74.0-r2 : ordered_malloc() overflow (CVE-2012-2677)
Summary: <dev-libs/boost-1.74.0-r2 : ordered_malloc() overflow (CVE-2012-2677)
Status: RESOLVED FIXED
Alias: CVE-2012-2677
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://svn.boost.org/trac10/ticket/6701
Whiteboard: A3 [glsa+ cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-06-03 05:14 UTC by Andrey Ovcharov
Modified: 2021-05-26 08:06 UTC (History)
6 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
boost-CVE-2012-2677.patch (boost-CVE-2012-2677.patch,4.65 KB, patch)
2017-06-03 05:14 UTC, Andrey Ovcharov
no flags Details | Diff
Log of failed build with 1.74.0-r2 (build.log,428.77 KB, text/x-log)
2020-12-24 15:44 UTC, Dennis Gäbler
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Andrey Ovcharov 2017-06-03 05:14:13 UTC
Created attachment 475060 [details, diff]
boost-CVE-2012-2677.patch

dev-libs/boost-1.62.0-r1 affected CVE-2012-2677
Comment 1 Jonas Stein gentoo-dev 2017-06-03 08:13:38 UTC
Thank you.
Comment 2 Thomas Deutschmann gentoo-dev Security 2017-06-09 11:36:12 UTC
Looks like a good catch. Patch wasn't merged yet according to https://svn.boost.org/trac10/ticket/6701#comment:12 and after a short review.
Comment 3 John Helmert III gentoo-dev Security 2020-06-26 03:44:09 UTC
Andrey's patch applies cleanly for me, seems like Fedora is using a patch which is almost exactly the same as that one. Is anything holding up including this patch in Gentoo?

https://src.fedoraproject.org/rpms/boost/blob/master/f/boost-1.58.0-pool.patch
Comment 4 Larry the Git Cow gentoo-dev 2020-12-22 21:22:39 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e56515f4c40646457042b106fdf6131a9b585038

commit e56515f4c40646457042b106fdf6131a9b585038
Author:     Andreas K. Hüttel <dilfridge@gentoo.org>
AuthorDate: 2020-12-22 21:22:08 +0000
Commit:     Andreas K. Hüttel <dilfridge@gentoo.org>
CommitDate: 2020-12-22 21:22:27 +0000

    dev-libs/boost: Revbump for CVE-2012-2677
    
    Bug: https://bugs.gentoo.org/620468
    Package-Manager: Portage-3.0.9, Repoman-3.0.2
    Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>

 dev-libs/boost/boost-1.74.0-r2.ebuild              | 359 +++++++++++++++++++++
 .../boost/files/boost-1.74-CVE-2012-2677.patch     | 125 +++++++
 2 files changed, 484 insertions(+)
Comment 5 Dennis Gäbler 2020-12-24 15:43:45 UTC
The revision bump with the patch applied doesn't build anymore for me. I'll attach by build.log
Comment 6 Dennis Gäbler 2020-12-24 15:44:49 UTC
Created attachment 679383 [details]
Log of failed build with 1.74.0-r2
Comment 7 Sam James archtester gentoo-dev Security 2020-12-24 15:49:10 UTC
(In reply to Dennis Gäbler from comment #6)
> Created attachment 679383 [details]
> Log of failed build with 1.74.0-r2

Please file a new bug:
>libs/wave/src/instantiate_cpp_grammar.cpp:48:61:   required from here
>./boost/pool/pool.hpp:362:17: warning: unused variable ‘partition_size’ [-Wunused-variable]
>  362 |       size_type partition_size = alloc_size();
>      |                 ^~~~~~~~~~~~~~
>*** stack smashing detected ***: terminated
>In file included from libs/wave/src/instantiate_cpp_grammar.cpp:24:
>./boost/wave/grammars/cpp_grammar.hpp: In constructor ‘boost::wave::grammars::cpp_grammar<TokenT, ContainerT>::definition<ScannerT>::definition(const >boost::wave::grammars::cpp_grammar<TokenT, ContainerT>&) [with ScannerT = boost::spirit::classic::scanner<boost::wave::cpplexer::lex_iterator<boost::wave::cpplexer::lex_token<> >, >boost::spirit::classic::scanner_policies<boost::spirit::classic::iteration_policy, >boost::spirit::classic::pt_match_policy<boost::wave::cpplexer::lex_iterator<boost::wave::cpplexer::lex_token<> >, >boost::spirit::classic::node_val_data_factory<boost::spirit::classic::nil_t>, boost::spirit::classic::nil_t>, boost::spirit::classic::action_policy> >; TokenT = >boost::wave::cpplexer::lex_token<>; ContainerT = std::__cxx11::list<boost::wave::cpplexer::lex_token<>, boost::fast_pool_allocator<boost::wave::cpplexer::lex_token<> > >]’:
>./boost/wave/grammars/cpp_grammar.hpp:356:31: internal compiler error: Aborted
>  356 |                        !list_p(

and follow https://wiki.gentoo.org/wiki/Gcc-ICE-reporting-guide.

We're struggling to find people who can reproduce various Boost ICE issues so this is important.
Comment 8 Agostino Sarubbo gentoo-dev 2021-01-22 16:54:05 UTC
amd64 stable
Comment 9 Sam James archtester gentoo-dev Security 2021-01-22 22:29:15 UTC
sparc done
Comment 10 Sam James archtester gentoo-dev Security 2021-01-24 13:33:43 UTC
ppc64 done
Comment 11 Sam James archtester gentoo-dev Security 2021-01-24 21:52:08 UTC
arm64 done
Comment 12 Sam James archtester gentoo-dev Security 2021-01-24 22:41:32 UTC
arm done
Comment 13 Sam James archtester gentoo-dev Security 2021-01-25 19:52:26 UTC
ppc done
Comment 14 Sam James archtester gentoo-dev Security 2021-02-01 04:42:56 UTC
x86 done
Comment 15 Rolf Eike Beer archtester 2021-02-04 18:56:03 UTC
hppa stable
Comment 16 John Helmert III gentoo-dev Security 2021-02-04 19:05:12 UTC
Please cleanup.
Comment 17 NATTkA bot gentoo-dev 2021-02-04 19:09:01 UTC
Resetting sanity check; package list is empty or all packages are done.
Comment 18 Larry the Git Cow gentoo-dev 2021-02-25 08:13:12 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9fe511dc974f7542475dece67b36de2fc5b7d284

commit 9fe511dc974f7542475dece67b36de2fc5b7d284
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2021-02-25 08:13:00 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2021-02-25 08:13:00 +0000

    dev-libs/boost: Cleanup vulnerable 1.74.0-r1
    
    Bug: https://bugs.gentoo.org/620468
    Package-Manager: Portage-3.0.15, Repoman-3.0.2
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 dev-libs/boost/boost-1.74.0-r1.ebuild | 358 ----------------------------------
 1 file changed, 358 deletions(-)
Comment 19 John Helmert III gentoo-dev Security 2021-02-25 16:09:31 UTC
Thanks!
Comment 20 Thomas Deutschmann gentoo-dev Security 2021-05-25 22:13:11 UTC
New GLSA request filed.
Comment 21 GLSAMaker/CVETool Bot gentoo-dev 2021-05-26 08:06:54 UTC
This issue was resolved and addressed in
 GLSA 202105-04 at https://security.gentoo.org/glsa/202105-04
by GLSA coordinator Thomas Deutschmann (whissi).