Created attachment 475060 [details, diff] boost-CVE-2012-2677.patch dev-libs/boost-1.62.0-r1 affected CVE-2012-2677
Thank you.
Looks like a good catch. Patch wasn't merged yet according to https://svn.boost.org/trac10/ticket/6701#comment:12 and after a short review.
Andrey's patch applies cleanly for me, seems like Fedora is using a patch which is almost exactly the same as that one. Is anything holding up including this patch in Gentoo? https://src.fedoraproject.org/rpms/boost/blob/master/f/boost-1.58.0-pool.patch
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e56515f4c40646457042b106fdf6131a9b585038 commit e56515f4c40646457042b106fdf6131a9b585038 Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2020-12-22 21:22:08 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2020-12-22 21:22:27 +0000 dev-libs/boost: Revbump for CVE-2012-2677 Bug: https://bugs.gentoo.org/620468 Package-Manager: Portage-3.0.9, Repoman-3.0.2 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> dev-libs/boost/boost-1.74.0-r2.ebuild | 359 +++++++++++++++++++++ .../boost/files/boost-1.74-CVE-2012-2677.patch | 125 +++++++ 2 files changed, 484 insertions(+)
The revision bump with the patch applied doesn't build anymore for me. I'll attach by build.log
Created attachment 679383 [details] Log of failed build with 1.74.0-r2
(In reply to Dennis Gäbler from comment #6) > Created attachment 679383 [details] > Log of failed build with 1.74.0-r2 Please file a new bug: >libs/wave/src/instantiate_cpp_grammar.cpp:48:61: required from here >./boost/pool/pool.hpp:362:17: warning: unused variable ‘partition_size’ [-Wunused-variable] > 362 | size_type partition_size = alloc_size(); > | ^~~~~~~~~~~~~~ >*** stack smashing detected ***: terminated >In file included from libs/wave/src/instantiate_cpp_grammar.cpp:24: >./boost/wave/grammars/cpp_grammar.hpp: In constructor ‘boost::wave::grammars::cpp_grammar<TokenT, ContainerT>::definition<ScannerT>::definition(const >boost::wave::grammars::cpp_grammar<TokenT, ContainerT>&) [with ScannerT = boost::spirit::classic::scanner<boost::wave::cpplexer::lex_iterator<boost::wave::cpplexer::lex_token<> >, >boost::spirit::classic::scanner_policies<boost::spirit::classic::iteration_policy, >boost::spirit::classic::pt_match_policy<boost::wave::cpplexer::lex_iterator<boost::wave::cpplexer::lex_token<> >, >boost::spirit::classic::node_val_data_factory<boost::spirit::classic::nil_t>, boost::spirit::classic::nil_t>, boost::spirit::classic::action_policy> >; TokenT = >boost::wave::cpplexer::lex_token<>; ContainerT = std::__cxx11::list<boost::wave::cpplexer::lex_token<>, boost::fast_pool_allocator<boost::wave::cpplexer::lex_token<> > >]’: >./boost/wave/grammars/cpp_grammar.hpp:356:31: internal compiler error: Aborted > 356 | !list_p( and follow https://wiki.gentoo.org/wiki/Gcc-ICE-reporting-guide. We're struggling to find people who can reproduce various Boost ICE issues so this is important.
amd64 stable
sparc done
ppc64 done
arm64 done
arm done
ppc done
x86 done
hppa stable
Please cleanup.
Resetting sanity check; package list is empty or all packages are done.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9fe511dc974f7542475dece67b36de2fc5b7d284 commit 9fe511dc974f7542475dece67b36de2fc5b7d284 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2021-02-25 08:13:00 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2021-02-25 08:13:00 +0000 dev-libs/boost: Cleanup vulnerable 1.74.0-r1 Bug: https://bugs.gentoo.org/620468 Package-Manager: Portage-3.0.15, Repoman-3.0.2 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> dev-libs/boost/boost-1.74.0-r1.ebuild | 358 ---------------------------------- 1 file changed, 358 deletions(-)
Thanks!
New GLSA request filed.
This issue was resolved and addressed in GLSA 202105-04 at https://security.gentoo.org/glsa/202105-04 by GLSA coordinator Thomas Deutschmann (whissi).