commit: 24605313fed0a4e2ef4bdd1205e25af2d5624c8a
Author: Michael Weber <xmw <AT> gentoo <DOT> org>
AuthorDate: Thu Feb 23 12:28:14 2017 +0000
Commit: Michael Weber <xmw <AT> gentoo <DOT> org>
CommitDate: Thu Feb 23 12:28:25 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=24605313
dev-libs/libutf8proc: Revbump with security patch (bug 610684).
Package-Manager: Portage-2.3.3, Repoman-2.3.1
.../files/libutf8proc-1.3.1_p2-overrun.patch | 33 ++++++++++++++++++++++
....1_p2.ebuild => libutf8proc-1.3.1_p2-r1.ebuild} | 4 ++-
2 files changed, 36 insertions(+), 1 deletion(-)
diff --git a/dev-libs/libutf8proc/files/libutf8proc-1.3.1_p2-overrun.patch
b/dev-libs/libutf8proc/files/libutf8proc-1.3.1_p2-overrun.patch
new file mode 100644
index 0000000000..8ce7f4cfbe
--- /dev/null
+++ b/dev-libs/libutf8proc/files/libutf8proc-1.3.1_p2-overrun.patch
@@ -0,0 +1,33 @@
+--- libutf8proc-1.3.1-2/test/iterate.c
++++ libutf8proc-1.3.1-2/test/iterate.c
+@@ -13,11 +13,17 @@ static void testbytes(unsigned char *buf, int len,
utf8proc_ssize_t retval, int
+ utf8proc_int32_t out[16];
+ utf8proc_ssize_t ret;
+
++ /* Make a copy to ensure that memory is left uninitialized after "len"
++ * bytes. This way, Valgrind can detect overreads.
++ */
++ unsigned char tmp[16];
++ memcpy(tmp, buf, len);
++
+ tests++;
+- if ((ret = utf8proc_iterate(buf, len, out)) != retval) {
++ if ((ret = utf8proc_iterate(tmp, len, out)) != retval) {
+ fprintf(stderr, "Failed (%d):", line);
+ for (int i = 0; i < len ; i++) {
+- fprintf(stderr, " 0x%02x", buf[i]);
++ fprintf(stderr, " 0x%02x", tmp[i]);
+ }
+ fprintf(stderr, " -> %zd\n", ret);
+ error++;
+--- libutf8proc-1.3.1-2/src/utf8proc.c
++++ libutf8proc-1.3.1-2/src/utf8proc.c
+@@ -128,7 +128,7 @@ UTF8PROC_DLLEXPORT utf8proc_ssize_t utf8proc_iterate(
+ if ((uc - 0xc2) > (0xf4-0xc2)) return UTF8PROC_ERROR_INVALIDUTF8;
+ if (uc < 0xe0) { // 2-byte sequence
+ // Must have valid continuation character
+- if (!utf_cont(*str)) return UTF8PROC_ERROR_INVALIDUTF8;
++ if (str >= end || !utf_cont(*str)) return UTF8PROC_ERROR_INVALIDUTF8;
+ *dst = ((uc & 0x1f)<<6) | (*str & 0x3f);
+ return 2;
+ }
diff --git a/dev-libs/libutf8proc/libutf8proc-1.3.1_p2.ebuild
b/dev-libs/libutf8proc/libutf8proc-1.3.1_p2-r1.ebuild
similarity index 82%
rename from dev-libs/libutf8proc/libutf8proc-1.3.1_p2.ebuild
rename to dev-libs/libutf8proc/libutf8proc-1.3.1_p2-r1.ebuild
index 9e3662d0f1..f2d7bd1398 100644
--- a/dev-libs/libutf8proc/libutf8proc-1.3.1_p2.ebuild
+++ b/dev-libs/libutf8proc/libutf8proc-1.3.1_p2-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2016 Gentoo Foundation
+# Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
@@ -20,4 +20,6 @@ IUSE=""
RDEPEND=""
DEPEND="${RDEPEND}"
+PATCHES=( "${FILESDIR}"/${PN}-1.3.1_p2-overrun.patch )
+
S="${WORKDIR}/${P/_p/-}"
