Boost-Commit mailing page: [Boost-commit] svn:boost r82684 - in website/public_html/live: feed/news generated generated/state users/news

Date view	Thread view	Subject view	Author view

Subject: [Boost-commit] svn:boost r82684 - in website/public_html/live: feed/news generated generated/state users/news
From: dnljms_at_[hidden]
Date: 2013-02-06 20:24:07

Next message: antoshkka_at_[hidden]: "[Boost-commit] svn:boost r82685 - trunk/libs/conversion/doc"
Previous message: dnljms_at_[hidden]: "[Boost-commit] svn:boost r82683 - in website/public_html/live: feed/history generated/state users/history"

Author: danieljames
Date: 2013-02-01 15:45:02 EST (Fri, 01 Feb 2013)
New Revision: 82684
URL: http://svn.boost.org/trac/boost/changeset/82684

Log:
Website: Add locale security notice.
Added:
   website/public_html/live/feed/news/locale_1_53_0.qbk (contents, props changed)
   website/public_html/live/users/news/boost_locale_security_notice.html (contents, props changed)
Text files modified:
   website/public_html/live/generated/home-items.html | 20
   website/public_html/live/generated/news-items.html | 38
   website/public_html/live/generated/news.rss | 1121 +--------------------------------------
   website/public_html/live/generated/state/feed-pages.txt | 29 +
   4 files changed, 84 insertions(+), 1124 deletions(-)

Added: website/public_html/live/feed/news/locale_1_53_0.qbk
==============================================================================
--- (empty file)
+++ website/public_html/live/feed/news/locale_1_53_0.qbk 2013-02-01 15:45:02 EST (Fri, 01 Feb 2013)
@@ -0,0 +1,25 @@
+[article Boost.Locale security notice
+ [quickbook 1.5]
+ [purpose Security flaw in Boost.Locale]
+ [authors [Beilis, Artyom]]
+ [last-revision Fri, 1 Feb 2013 02:08:31 -0800]
+]
+
+[include ext.qbk]
+
+Boost.Locale library in Boost 1.48 to 1.52 including has a security flaw.
+
+`boost::locale::utf::utf_traits` accepted some invalid UTF-8 sequences.
+
+Applications that used these functions for UTF-8 input validation could
+expose themselves to security threats as invalid UTF-8 sequece would be
+considered as valid.
+
+This bug is fixed in upcoming Boost 1.53.
+
+For more details see: [ticket 7743]
+
+Users who can't upgrade to the latest versions may apply the following
+patch to fix the problem.
+
+[@http://cppcms.com/files/locale/boost_locale_utf.patch]

Modified: website/public_html/live/generated/home-items.html
==============================================================================
--- website/public_html/live/generated/home-items.html (original)
+++ website/public_html/live/generated/home-items.html 2013-02-01 15:45:02 EST (Fri, 01 Feb 2013)
@@ -20,6 +20,14 @@
<ul id="news">

                     <li><span class=
+ "news-title">Boost.Locale security notice</span>
+ <span class=
+ "news-description"><span class="brief"><span class="purpose">
+ Security flaw in Boost.Locale
+</span></span></span>
+ <span class=
+ "news-date">February 1st, 2013 10:08 GMT</span></li>
+ <li><span class=
                     "news-title">A Special Note for Boost 1.52.0 and Higher</span>
                     <span class=
                     "news-description"><span class="brief"><span class="purpose">
@@ -36,17 +44,7 @@
       Polygon, Proto, Ratio, Result_of, Thread, uBLAS, Unordered, Uuid, Wave, xpressive.
</span></span></span>
                     <span class=
- "news-date">November 5th, 2012 16:05 GMT</span></li>
- <li><span class=
- "news-title">Version 1.51.0</span>
- <span class=
- "news-description"><span class="brief"><span class="purpose">
- New Libraries: Context. Updated Libraries: Algorithm, Asio, Config, Chrono,
- Geometry, Graph, Hash, Lexical Cast, Math, MSM, Proto, Ratio, Regex, Thread,
- Unordered, Wave, xpressive
-</span></span></span>
- <span class=
- "news-date">August 20th, 2012 23:00 GMT</span></li></ul>
+ "news-date">November 5th, 2012 16:05 GMT</span></li></ul>

<p>More News... (<a href=feed/news.rss">RSS</a>)</p>
</div>

Modified: website/public_html/live/generated/news-items.html
==============================================================================
--- website/public_html/live/generated/news-items.html (original)
+++ website/public_html/live/generated/news-items.html 2013-02-01 15:45:02 EST (Fri, 01 Feb 2013)
@@ -1,6 +1,9 @@
<ul class="toc">

                 <li><span class=
+ "news-title">Boost.Locale security notice</span></li>
+
+ <li><span class=
                 "news-title">A Special Note for Boost 1.52.0 and Higher</span></li>

                 <li><span class=
@@ -11,11 +14,22 @@

                 <li><span class=
                 "news-title">Version 1.50.0</span></li>
-
- <li><span class=
- "news-title">Version 1.49.0</span></li>
               </ul>
               <h2 class="news-title">
+ <a name="iboost_locale_security_notice" id="iboost_locale_security_notice"></a>Boost.Locale security notice</h2>
+
+ <p class="news-date">February 1st, 2013 10:08 GMT</p>
+
+ <div class="news-description">
+ <span class="brief"><span class="purpose">
+ Security flaw in Boost.Locale
+</span></span>
+ </div>
+
+<ul class="menu">
+<li>Release Notes</li>
+</ul>
+ <h2 class="news-title">
               <a name="ia_special_note_for_boost_1_52_0_and_higher" id="ia_special_note_for_boost_1_52_0_and_higher"></a>A Special Note for Boost 1.52.0 and Higher</h2>

               <p class="news-date">November 6th, 2012 09:27 GMT</p>
@@ -84,22 +98,4 @@
<li>Release Notes</li>
<li>Download</li>
<li>Documentation</li>
-</ul>
- <h2 class="news-title">
- <a name="iversion_1_49_0" id="iversion_1_49_0"></a>Version 1.49.0</h2>
-
- <p class="news-date">February 24th, 2012 21:20 GMT</p>
-
- <div class="news-description">
- <span class="brief"><span class="purpose">
- New Library: Heap. Updated Libraries: Asio, Chrono, Container, Filesystem,
- Foreach, Geometry, Graph, Icl, Interprocess, Intrusive, Lexical Cast, Locale,
- Move, Property Tree, Proto, Spirit, Thread, Unordered, Uuid, xpressive.
-</span></span>
- </div>
-
-<ul class="menu">
-<li>Release Notes</li>
-<li>Download</li>
-<li>Documentation</li>
</ul>
\ No newline at end of file

Modified: website/public_html/live/generated/news.rss
==============================================================================
--- website/public_html/live/generated/news.rss (original)
+++ website/public_html/live/generated/news.rss 2013-02-01 15:45:02 EST (Fri, 01 Feb 2013)
@@ -6,7 +6,35 @@
     <description/>
     <language>en-us</language>
     <copyright>Distributed under the Boost Software License, Version 1.0. (See accompanying file LICENSE_1_0.txt or http://www.boost.org/LICENSE_1_0.txt)</copyright>
- <item><title>A Special Note for Boost 1.52.0 and Higher</title><link>http://www.boost.org/users/news/a_special_note_for_boost_1_52_0_and_higher.html><guid>http://www.boost.org/users/news/a_special_note_for_boost_1_52_0_and_higher.html><pubDate>Tue 6 Nov 2012 09:27:25 GMT</pubDate><description>
+ <item><title>Boost.Locale security notice</title><link>http://www.boost.org/users/news/boost_locale_security_notice.html><guid>http://www.boost.org/users/news/boost_locale_security_notice.html><pubDate>Fri, 1 Feb 2013 02:08:31 -0800</pubDate><description>
+
+
+ <p>
+ Boost.Locale library in Boost 1.48 to 1.52 including has a security flaw.
+ </p>
+ <p>
+ <code><span class="identifier">boost</span><span class="special">::</span><span class="identifier">locale</span><span class="special">::</span><span class="identifier">utf</span><span class="special">::</span><span class="identifier">utf_traits</span></code>
+ accepted some invalid UTF-8 sequences.
+ </p>
+ <p>
+ Applications that used these functions for UTF-8 input validation could expose
+ themselves to security threats as invalid UTF-8 sequece would be considered as
+ valid.
+ </p>
+ <p>
+ This bug is fixed in upcoming Boost 1.53.
+ </p>
+ <p>
+ For more details see: <a href="https://svn.boost.org/trac/boost/ticket/7743">#7743</a>
+ </p>
+ <p>
+ Users who can't upgrade to the latest versions may apply the following patch
+ to fix the problem.
+ </p>
+ <p>
+ <a href="http://cppcms.com/files/locale/boost_locale_utf.patch">http://cppcms.com/files/locale/boost_locale_utf.patch</a>
+ </p>
+</description></item><item><title>A Special Note for Boost 1.52.0 and Higher</title><link>http://www.boost.org/users/news/a_special_note_for_boost_1_52_0_and_higher.html><guid>http://www.boost.org/users/news/a_special_note_for_boost_1_52_0_and_higher.html><pubDate>Tue 6 Nov 2012 09:27:25 GMT</pubDate><description>

   <p>
@@ -3383,1096 +3411,5 @@
       </p>
     </div>
   </div>
-</description></item><item><title>Version 1.49.0</title><link>http://www.boost.org/users/history/version_1_49_0.html><guid>http://www.boost.org/users/history/version_1_49_0.html><pubDate>Fri, 24 Feb 2012 16:20:32 -0500</pubDate><description>
-
-
-
- <div id="version_1_49_0.new_libraries">
- <h3><span class="link">New Libraries</span></h3>
- <ul>
- <li>
- <div>
- <span class="library"><a href="http://www.boost.org/libs/heap/index.html">Heap</a>:</span>
- Priority queue data
- structures, from Tim Blechmann.
- </div>
- </li>
- </ul>
- </div>
- <div id="version_1_49_0.updated_libraries">
- <h3><span class="link">Updated Libraries</span></h3>
- <ul>
- <li>
- <div>
- <span class="library"><a href="http://www.boost.org/libs/asio">Asio</a>:</span>
- <ul>
- <li>
- <div>
- Added a new class template <code><span class="identifier">basic_waitable_timer</span></code>
- based around the C++11 clock type requirements. It may be used with
- the clocks from the C++11 <code><span class="special">&lt;</span><span class="identifier">chrono</span><span class="special">&gt;</span></code>
- library facility or, if those are not available, Boost.Chrono. The
- typedefs <code><span class="identifier">high_resolution_timer</span></code>,
- <code><span class="identifier">steady_timer</span></code> and
- <code><span class="identifier">system_timer</span></code> may
- be used to create timer objects for the standard clock types.
- </div>
- </li>
- <li>
- <div>
- Added a new <code><span class="identifier">windows</span><span class="special">::</span><span class="identifier">object_handle</span></code>
- class for performing waits on Windows kernel objects. Thanks go to
- Boris Schaeling for contributing substantially to the development
- of this feature.
- </div>
- </li>
- <li>
- <div>
- On Linux, <code><span class="identifier">connect</span><span class="special">()</span></code> can return EAGAIN in certain circumstances.
- Remapped this to another error so that it doesn't look like a non-blocking
- operation (<a href="https://svn.boost.org/trac/boost/ticket/6048">#6048</a>).
- </div>
- </li>
- <li>
- <div>
- Fixed a compile error on NetBSD (<a href="https://svn.boost.org/trac/boost/ticket/6098">#6098</a>).
- </div>
- </li>
- <li>
- <div>
- Fixed deadlock on Mac OS X (<a href="https://svn.boost.org/trac/boost/ticket/6275">#6275</a>).
- </div>
- </li>
- <li>
- <div>
- Fixed a regression in <code><span class="identifier">buffered_write_stream</span></code>
- (<a href="https://svn.boost.org/trac/boost/ticket/6310">#6310</a>).
- </div>
- </li>
- <li>
- <div>
- Fixed a non-paged pool &quot;leak&quot; on Windows when an <code><span class="identifier">io_service</span></code> is repeatedly run without
- anything to do (<a href="https://svn.boost.org/trac/boost/ticket/6321">#6321</a>).
- </div>
- </li>
- <li>
- <div>
- Reverted earlier change to allow some speculative operations to be
- performed without holding the lock, as it introduced a race condition
- in some multithreaded scenarios.
- </div>
- </li>
- <li>
- <div>
- Fixed a bug where the second buffer in an array of two buffers may
- be ignored if the first buffer is empty.
- </div>
- </li>
- </ul>
- </div>
- </li>
- <li>
- <div>
- <span class="library"><a href="http://www.boost.org/libs/chrono">Chrono</a>:</span>
- <ul>
- <li>
- <div>
- Bug Fixes:
- <ul>
- <li>
- <div>
- <a href="http://svn.boost.org/trac/boost/ticket/6092">#6092</a>
- Input from non integral durations makes the compiler fail.
- </div>
- </li>
- <li>
- <div>
- <a href="http://svn.boost.org/trac/boost/ticket/6093">#6093</a>
- [1/3]second fails as valid duration input.
- </div>
- </li>
- <li>
- <div>
- <a href="http://svn.boost.org/trac/boost/ticket/6113">#6113</a>
- duplicate symbol when BOOST_CHRONO_HEADER_ONLY is defined.
- </div>
- </li>
- <li>
- <div>
- <a href="http://svn.boost.org/trac/boost/ticket/6243">#6243</a>
- Sandia-pgi-11.9: more than one instance of overloaded function
- &quot;min&quot; matches.
- </div>
- </li>
- <li>
- <div>
- <a href="http://svn.boost.org/trac/boost/ticket/6257">#6257</a>
- process_cpu_clock::now() on linux gives time_points 1/1000
- times.
- </div>
- </li>
- </ul>
- </div>
- </li>
- </ul>
- </div>
- </li>
- <li>
- <div>
- <span class="library"><a href="http://www.boost.org/libs/container/">Container</a>:</span>
- <ul>
- <li>
- <div>
- Fixed bugs <a href="https://svn.boost.org/trac/boost/ticket/6499">#6499</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/6336">#6336</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/6335">#6335</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/6287">#6287</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/6205">#6205</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/4383">#4383</a>.
- </div>
- </li>
- <li>
- <div>
- Added <code><span class="identifier">allocator_traits</span></code>
- support for both C++11 and C++03 compilers through an internal <code><span class="identifier">allocator_traits</span></code> clone.
- </div>
- </li>
- </ul>
- </div>
- </li>
- <li>
- <div>
- <span class="library"><a href="http://www.boost.org/libs/filesystem/">Filesystem</a>:</span>
- <ul>
- <li>
- <div>
- Fix <a href="https://svn.boost.org/trac/boost/ticket/3714">#3714</a>,
- Added test cases and fixes for class path errors when assignment
- or append used self or portion of self as source.
- </div>
- </li>
- <li>
- <div>
- Fix <a href="https://svn.boost.org/trac/boost/ticket/4889">#4889</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/6320">#6320</a>,
- Locale codecvt_facet not thread safe on Windows. Move Windows, Mac
- OS X, locale and codecvt facet back to namespace scope. POSIX except
- OS X uses local static initialization (IE lazy) to ensure exceptions
- are catchable if environmental variables are misconfigured and to
- avoid use of locale(&quot;&quot;) if not actually used.
- </div>
- </li>
- <li>
- <div>
- Fix <a href="https://svn.boost.org/trac/boost/ticket/5652">#5652</a>,
- recursive_directory_iterator fails on cyclic symbolic links. Thanks
- to Daniel Aarno for the patch.
- </div>
- </li>
- <li>
- <div>
- Fix <a href="https://svn.boost.org/trac/boost/ticket/5653">#5653</a>,
- recursive_directory_iterator(error_code) can still throw filesystem_error.
- </div>
- </li>
- <li>
- <div>
- Fix <a href="https://svn.boost.org/trac/boost/ticket/5900">#5900</a>,
- directory_iterator access violation on Windows if error is thrown.
- Thanks to Andreas Eckleder for the patch.
- </div>
- </li>
- <li>
- <div>
- Fix <a href="https://svn.boost.org/trac/boost/ticket/5900">#5900</a>
- comment 2, a bug in director_iterator construction with error_code
- argument that caused increment to be called without the ec argument
- being passed.
- </div>
- </li>
- <li>
- <div>
- Fix <a href="https://svn.boost.org/trac/boost/ticket/5989">#5989</a>
- by cleaning up test suite path_test.cpp code even though the ticket
- itself was not a defect, and clarifying docs; iteration over a path
- yields generic format.
- </div>
- </li>
- <li>
- <div>
- Fix <a href="https://svn.boost.org/trac/boost/ticket/5592">#5592</a>,
- Change Windows codecvt processing from CP_THREAD_ACP to CP_ACP.
- </div>
- </li>
- <li>
- <div>
- Operations function fixes for PGI compiler, thanks to Noel Belcourt.
- </div>
- </li>
- <li>
- <div>
- Relax permissions test to reflect reality, particularly on the Sandia
- test platforms.
- </div>
- </li>
- </ul>
- </div>
- </li>
- <li>
- <div>
- <span class="library"><a href="http://www.boost.org/libs/foreach/">Foreach</a>:</span>
- <ul>
- <li>
- <div>
- Fix for <a href="https://svn.boost.org/trac/boost/ticket/6131">#6131</a>
- </div>
- </li>
- </ul>
- </div>
- </li>
- <li>
- <div>
- <span class="library"><a href="http://www.boost.org/libs/geometry/">Geometry</a>:</span>
- <ul>
- <li>
- <div>
- Fixed bugs
- <ul>
- <li>
- <div>
- Distance for multi-geometries ignored specified distance strategy.
- </div>
- </li>
- <li>
- <div>
- In difference for polygon/multi_polygon (reported 2011/10/24
- on GGL-list).
- </div>
- </li>
- <li>
- <div>
- Raise exception for calculation of distances of multi-geometrie(s)
- where one of them is empty
- </div>
- </li>
- <li>
- <div>
- Multi DSV did not correctly use settings.
- </div>
- </li>
- <li>
- <div>
- Self-intersections could sometimes be missed (introduced in
- 1.48).
- </div>
- </li>
- <li>
- <div>
- Convex hull crashed on empty range (e.g. empty multi point).
- </div>
- </li>
- </ul>
- </div>
- </li>
- <li>
- <div>
- Solved tickets
- <ul>
- <li>
- <div>
- <a href="https://svn.boost.org/trac/boost/ticket/6028">#6028</a>
- Documentation: closure.
- </div>
- </li>
- <li>
- <div>
- <a href="https://svn.boost.org/trac/boost/ticket/6178">#6178</a>
- Missing headerfile.
- </div>
- </li>
- <li>
- <div>
- <a href="https://svn.boost.org/trac/boost/ticket/6021">#6021</a>
- convex hull of multipoint.
- </div>
- </li>
- </ul>
- </div>
- </li>
- <li>
- <div>
- Additional functionality
- <ul>
- <li>
- <div>
- Support for line/polygon intersections and differences
- </div>
- </li>
- <li>
- <div>
- Support for convert of segment/box of different point types
- </div>
- </li>
- <li>
- <div>
- Support for append for multi point
- </div>
- </li>
- <li>
- <div>
- Scalar functions (distance, area, length, perimeter) now throw
- an empty_input_exception on empty input
- </div>
- </li>
- </ul>
- </div>
- </li>
- <li>
- <div>
- Documentation
- <ul>
- <li>
- <div>
- Updated support status
- </div>
- </li>
- </ul>
- </div>
- </li>
- <li>
- <div>
- Internal changes
- <ul>
- <li>
- <div>
- Updates in specializations/not_implemented for distance/convert/assign/area
- </div>
- </li>
- <li>
- <div>
- Move of wkt/dsv to io folder, making domains redundant
- </div>
- </li>
- <li>
- <div>
- Strategy concepts assigned to zero to avoid clang warnings
- (patched by Vishnu)
- </div>
- </li>
- </ul>
- </div>
- </li>
- </ul>
- </div>
- </li>
- <li>
- <div>
- <span class="library"><a href="http://www.boost.org/libs/graph/">Graph</a>:</span>
- <ul>
- <li>
- <div>
- Fixed bugs <a href="https://svn.boost.org/trac/boost/ticket/5881">#5881</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/6033">#6033</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/6061">#6061</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/6137">#6137</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/6246">#6246</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/6239">#6239</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/6293">#6293</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/6306">#6306</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/6313">#6313</a>
- and <a href="https://svn.boost.org/trac/boost/ticket/6371">#6371</a>,
- plus others not in Trac.
- </div>
- </li>
- <li>
- <div>
- Re-enabled LEDA graph support (thanks to Jens Muller for the patch).
- </div>
- </li>
- <li>
- <div>
- Added documentation for <code><span class="identifier">edge_predecessor_recorder</span></code>.
- </div>
- </li>
- </ul>
- </div>
- </li>
- <li>
- <div>
- <span class="library"><a href="http://www.boost.org/libs/icl/">Icl</a>:</span>
- <ul>
- <li>
- <div>
- Fixed tickets <a href="https://svn.boost.org/trac/boost/ticket/6095">#6095</a>
- and <a href="https://svn.boost.org/trac/boost/ticket/6210">#6210</a>.
- </div>
- </li>
- <li>
- <div>
- Added move semantics for constructors, assignment operators and binary
- operators.
- </div>
- </li>
- </ul>
- </div>
- </li>
- <li>
- <div>
- <span class="library"><a href="http://www.boost.org/libs/interprocess/">Interprocess</a>:</span>
- <ul>
- <li>
- <div>
- Fixed bugs <a href="https://svn.boost.org/trac/boost/ticket/6531">#6531</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/6412">#6412</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/6398">#6398</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/6340">#6340</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/6319">#6319</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/6287">#6287</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/6265">#6265</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/6233">#6233</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/6147">#6147</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/6134">#6134</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/6058">#6058</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/6054">#6054</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/5772">#5772</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/5738">#5738</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/5622">#5622</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/5552">#5552</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/5518">#5518</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/4655">#4655</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/4452">#4452</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/4383">#4383</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/4297">#4297</a>.
- </div>
- </li>
- <li>
- <div>
- Fixed timed functions in mutex implementations to fulfill POSIX requirements:
- <em>Under no circumstance shall the function fail with a timeout
- if the mutex can be locked immediately. The validity of the abs_timeout
- parameter need not be checked if the mutex can be locked immediately.</em>
- </div>
- </li>
- </ul>
- </div>
- </li>
- <li>
- <div>
- <span class="library"><a href="http://www.boost.org/libs/intrusive/">Intrusive</a>:</span>
- <ul>
- <li>
- <div>
- Fixed bugs <a href="https://svn.boost.org/trac/boost/ticket/6347">#6347</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/6223">#6223</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/6153">#6153</a>.
- </div>
- </li>
- </ul>
- </div>
- </li>
- <li>
- <div>
- <span class="library"><a href="http://www.boost.org/libs/conversion/lexical_cast.htm">Lexical cast</a>:</span>
- <ul>
- <li>
- <div>
- Fixed bugs and warnings: <a href="https://svn.boost.org/trac/boost/ticket/6127">#6127</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/6132">#6132</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/6159">#6159</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/6182">#6182</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/6186">#6186</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/6193">#6193</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/6264">#6264</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/6290">#6290</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/6298">#6298</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/6400">#6400</a>.
- </div>
- </li>
- <li>
- <div>
- Better performance and less memory usage for boost::container::basic_string
- conversions.
- </div>
- </li>
- </ul>
- </div>
- </li>
- <li>
- <div>
- <span class="library"><a href="http://www.boost.org/libs/locale/">Locale</a>:</span>
- <ul>
- <li>
- <div>
- Fixed incorrect use of <code><span class="identifier">MultiByteToWideChar</span></code>
- in detection of invalid input sequences.
- </div>
- </li>
- </ul>
- </div>
- </li>
- <li>
- <div>
- <span class="library"><a href="http://www.boost.org/libs/move/">Move</a>:</span>
- <ul>
- <li>
- <div>
- Fixed bugs <a href="https://svn.boost.org/trac/boost/ticket/6417">#6417</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/6183">#6183</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/6185">#6185</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/6395">#6395</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/6396">#6396</a>,
- </div>
- </li>
- </ul>
- </div>
- </li>
- <li>
- <div>
- <span class="library"><a href="http://www.boost.org/libs/property_tree">PropertyTree</a>:</span>
- <ul>
- <li>
- <div>
- Fixes for bugs <a href="https://svn.boost.org/trac/boost/ticket/4840">#4840</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/5259">#5259</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/5281">#5281</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/5944">#5944</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/5757">#5757</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/5710">#5710</a>,
- and <a href="https://svn.boost.org/trac/boost/ticket/5307">#5307</a>.
- </div>
- </li>
- </ul>
- </div>
- </li>
- <li>
- <div>
- <span class="library"><a href="http://www.boost.org/libs/proto">Proto</a>:</span>
- <ul>
- <li>
- <div>
- Force some functions to be inline, fixes <a href="https://svn.boost.org/trac/boost/ticket/5735">#5735</a>.
- </div>
- </li>
- <li>
- <div>
- Add user documentation for per-domain <code><span class="identifier">as_expr</span></code>
- and <code><span class="identifier">as_child</span></code>; other
- doc tweaks.
- </div>
- </li>
- <li>
- <div>
- Fix some buggy and over-complicated example programs.
- </div>
- </li>
- <li>
- <div>
- Add some missing copyright notices.
- </div>
- </li>
- </ul>
- </div>
- </li>
- <li>
- <div>
- <span class="library"><a href="http://www.boost.org/libs/spirit/index.html">Spirit</a>:</span>
- <ul>
- <li>
- <div>
- Spirit V2.5.2, see the '<a href="http://www.boost.org/doc/libs/1_49_0/libs/spirit/doc/html/spirit/what_s_new/spirit_2_5_2.html">What's
- New</a>' section for details.
- </div>
- </li>
- </ul>
- </div>
- </li>
- <li>
- <div>
- <span class="library"><a href="http://www.boost.org/libs/thread">Thread</a>:</span>
- <ul>
- <li>
- <div>
- Fixed Bugs:
- <ul>
- <li>
- <div>
- <a href="http://svn.boost.org/trac/boost/ticket/2309">#2309</a>
- Lack of g++ symbol visibility support in Boost.Thread.
- </div>
- </li>
- <li>
- <div>
- <a href="http://svn.boost.org/trac/boost/ticket/2639">#2639</a>
- documentation should be extended(defer_lock, try_to_lock, ...).
- </div>
- </li>
- <li>
- <div>
- <a href="http://svn.boost.org/trac/boost/ticket/3639">#3639</a>
- Boost.Thread doesn't build with Sun-5.9 on Linux.
- </div>
- </li>
- <li>
- <div>
- <a href="http://svn.boost.org/trac/boost/ticket/3762">#3762</a>
- Thread can't be compiled with winscw (Codewarrior by Nokia).
- </div>
- </li>
- <li>
- <div>
- <a href="http://svn.boost.org/trac/boost/ticket/3885">#3885</a>
- document about mix usage of boost.thread and native thread
- api.
- </div>
- </li>
- <li>
- <div>
- <a href="http://svn.boost.org/trac/boost/ticket/3975">#3975</a>
- Incorrect precondition for promise::set_wait_callback().
- </div>
- </li>
- <li>
- <div>
- <a href="http://svn.boost.org/trac/boost/ticket/4048">#4048</a>
- thread::id formatting involves locale
- </div>
- </li>
- <li>
- <div>
- <a href="http://svn.boost.org/trac/boost/ticket/4315">#4315</a>
- gcc 4.4 Warning: inline ... declared as dllimport: attribute
- ignored.
- </div>
- </li>
- <li>
- <div>
- <a href="http://svn.boost.org/trac/boost/ticket/4480">#4480</a>
- OpenVMS patches for compiler issues workarounds.
- </div>
- </li>
- <li>
- <div>
- <a href="http://svn.boost.org/trac/boost/ticket/4819">#4819</a>
- boost.thread's documentation misprints.
- </div>
- </li>
- <li>
- <div>
- <a href="http://svn.boost.org/trac/boost/ticket/5040">#5040</a>
- future.hpp in boost::thread does not compile with /clr.
- </div>
- </li>
- <li>
- <div>
- <a href="http://svn.boost.org/trac/boost/ticket/5423">#5423</a>
- thread issues with C++0x.
- </div>
- </li>
- <li>
- <div>
- <a href="http://svn.boost.org/trac/boost/ticket/5502">#5502</a>
- race condition between shared_mutex timed_lock and lock_shared.
- </div>
- </li>
- <li>
- <div>
- <a href="http://svn.boost.org/trac/boost/ticket/5594">#5594</a>
- boost::shared_mutex not fully compatible with Windows CE.
- </div>
- </li>
- <li>
- <div>
- <a href="http://svn.boost.org/trac/boost/ticket/5617">#5617</a>
- boost::thread::id copy ctor.
- </div>
- </li>
- <li>
- <div>
- <a href="http://svn.boost.org/trac/boost/ticket/5739">#5739</a>
- set-but-not-used warnings with gcc-4.6.
- </div>
- </li>
- <li>
- <div>
- <a href="http://svn.boost.org/trac/boost/ticket/5826">#5826</a>
- threads.cpp: resource leak on threads creation failure.
- </div>
- </li>
- <li>
- <div>
- <a href="http://svn.boost.org/trac/boost/ticket/5839">#5839</a>
- thread.cpp: ThreadProxy leaks on exceptions.
- </div>
- </li>
- <li>
- <div>
- <a href="http://svn.boost.org/trac/boost/ticket/5859">#5859</a>
- win32 shared_mutex constructor leaks on exceptions.
- </div>
- </li>
- <li>
- <div>
- <a href="http://svn.boost.org/trac/boost/ticket/6100">#6100</a>
- Compute hardware_concurrency() using get_nprocs() on GLIBC
- systems.
- </div>
- </li>
- <li>
- <div>
- <a href="http://svn.boost.org/trac/boost/ticket/6141">#6141</a>
- Compilation error when boost.thread and boost.move are used
- together.
- </div>
- </li>
- <li>
- <div>
- <a href="http://svn.boost.org/trac/boost/ticket/6168">#6168</a>
- recursive_mutex is using wrong config symbol (possible typo).
- </div>
- </li>
- <li>
- <div>
- <a href="http://svn.boost.org/trac/boost/ticket/6175">#6175</a>
- Compile error with SunStudio.
- </div>
- </li>
- <li>
- <div>
- <a href="http://svn.boost.org/trac/boost/ticket/6200">#6200</a>
- patch to have condition_variable and mutex error better handle
- EINTR.
- </div>
- </li>
- <li>
- <div>
- <a href="http://svn.boost.org/trac/boost/ticket/6207">#6207</a>
- shared_lock swap compiler error on clang 3.0 c++11.
- </div>
- </li>
- <li>
- <div>
- <a href="http://svn.boost.org/trac/boost/ticket/6208">#6208</a>
- try_lock_wrapper swap compiler error on clang 3.0 c++11.
- </div>
- </li>
- </ul>
- </div>
- </li>
- </ul>
- </div>
- </li>
- <li>
- <div>
- <span class="library"><a href="http://www.boost.org/libs/unordered">Unordered</a>:</span>
- <ul>
- <li>
- <div>
- On compilers without rvalue references, the containers are no longer
- movable by default, as move emulation was causing some odd quirks
- (<a href="https://svn.boost.org/trac/boost/ticket/6167">#6167</a>,
- <a href="https://svn.boost.org/trac/boost/ticket/6311">#6311</a>).
- Define <code><span class="identifier">BOOST_UNORDERED_USE_MOVE</span></code>
- to make them movable - Boost.Move is still used for elements regardless.
- </div>
- </li>
- <li>
- <div>
- Fix sequence point warning (<a href="https://svn.boost.org/trac/boost/ticket/6370">#6370</a>).
- </div>
- </li>
- <li>
- <div>
- Better support for C++11 compilers using older standard libraries.
- </div>
- </li>
- </ul>
- </div>
- </li>
- <li>
- <div>
- <span class="library"><a href="http://www.boost.org/libs/uuid/">Uuid</a>:</span>
- <ul>
- <li>
- <div>
- fixed <a href="https://svn.boost.org/trac/boost/ticket/6258">#6258</a>
- </div>
- </li>
- <li>
- <div>
- fixed <a href="https://svn.boost.org/trac/boost/ticket/5325">#5325</a>
- (sha1 implementation handles messages as long as the specification)
- </div>
- </li>
- <li>
- <div>
- progress on <a href="https://svn.boost.org/trac/boost/ticket/6118">#6118</a>
- (there are fewer warnings)
- </div>
- </li>
- </ul>
- </div>
- </li>
- <li>
- <div>
- <span class="library"><a href="http://www.boost.org/libs/xpressive/">xpressive</a>:</span>
- <ul>
- <li>
- <div>
- Eliminate some unused variable warnings on gcc.
- </div>
- </li>
- </ul>
- </div>
- </li>
- </ul>
- </div>
- <div id="version_1_49_0.compilers_tested">
- <h3><span class="link">Compilers Tested</span></h3>
- <p>
- Boost's primary test compilers are:
- </p>
- <ul>
- <li>
- <div>
- Linux:
- <ul>
- <li>
- <div>
- Intel: 11.1
- </div>
- </li>
- <li>
- <div>
- LLVM Clang 2.8
- </div>
- </li>
- <li>
- <div>
- GCC: 3.4.6, 4.2.4, 4.3.4, 4.4.3, 4.5.2, 4.6.2
- </div>
- </li>
- <li>
- <div>
- GCC, C++0x mode: 4.3.4, 4.4.3, 4.5.2
- </div>
- </li>
- </ul>
- </div>
- </li>
- <li>
- <div>
- OS X:
- <ul>
- <li>
- <div>
- Intel: 11.1
- </div>
- </li>
- <li>
- <div>
- GCC: 4.2.1, 4.4.4
- </div>
- </li>
- <li>
- <div>
- GCC, C++0x mode: 4.4.4
- </div>
- </li>
- </ul>
- </div>
- </li>
- <li>
- <div>
- Windows:
- <ul>
- <li>
- <div>
- Visual C++ 8.0, 9.0, 10.0
- </div>
- </li>
- <li>
- <div>
- GCC, mingw: 4.4.0, 4.4.7, 4.5.4, 4.6.1, 4.7.0
- </div>
- </li>
- </ul>
- </div>
- </li>
- <li>
- <div>
- FreeBSD:
- <ul>
- <li>
- <div>
- GCC 4.2.1, 32 and 64 bit.
- </div>
- </li>
- </ul>
- </div>
- </li>
- <li>
- <div>
- QNX:
- <ul>
- <li>
- <div>
- QCC, C++0x mode: 4.4.2, 4.6.1, 4.6.2
- </div>
- </li>
- </ul>
- </div>
- </li>
- </ul>
- <p>
- Boost's additional test compilers include:
- </p>
- <ul>
- <li>
- <div>
- Linux:
- <ul>
- <li>
- <div>
- GCC: 4.2.4, 4.3.4, 4.4.4, 4.5.2, 4.6.2
- </div>
- </li>
- <li>
- <div>
- GCC, C++0x mode: 4.3.4, 4.4.4, 4.5.2
- </div>
- </li>
- <li>
- <div>
- pgCC: 11.9
- </div>
- </li>
- <li>
- <div>
- Intel: 10.1, 11.1, 12.0
- </div>
- </li>
- <li>
- <div>
- PathScale: 4.0.8
- </div>
- </li>
- <li>
- <div>
- Visual Age 10.1
- </div>
- </li>
- </ul>
- </div>
- </li>
- <li>
- <div>
- OS X:
- <ul>
- <li>
- <div>
- Clang from subversion
- </div>
- </li>
- <li>
- <div>
- Intel 11.1, 12.0
- </div>
- </li>
- <li>
- <div>
- GCC: 4.4.4
- </div>
- </li>
- <li>
- <div>
- GCC, C++0x mode: 4.4.4
- </div>
- </li>
- </ul>
- </div>
- </li>
- <li>
- <div>
- Windows:
- <ul>
- <li>
- <div>
- Visual C++ 8.0, 9.0, 10.0
- </div>
- </li>
- <li>
- <div>
- Visual C++ with STLport: 9.0
- </div>
- </li>
- <li>
- <div>
- Visual C++, Windows Mobile 5, with STLport: 9.0
- </div>
- </li>
- <li>
- <div>
- GCC, mingw: 4.4.0, 4.5.2
- </div>
- </li>
- <li>
- <div>
- GCC, C++0x mode, mingw: 4.5.2
- </div>
- </li>
- <li>
- <div>
- GCC, mingw 64-bit: 4.4.7, 4.5.4, 4.6.1
- </div>
- </li>
- </ul>
- </div>
- </li>
- <li>
- <div>
- AIX:
- <ul>
- <li>
- <div>
- IBM XL C/C++ Enterprise Edition, V11.1.0.0
- </div>
- </li>
- </ul>
- </div>
- </li>
- <li>
- <div>
- FreeBSD:
- <ul>
- <li>
- <div>
- GCC 4.2.1, 32 and 64 bit
- </div>
- </li>
- </ul>
- </div>
- </li>
- <li>
- <div>
- Solaris:
- <ul>
- <li>
- <div>
- Sun 5.10
- </div>
- </li>
- </ul>
- </div>
- </li>
- </ul>
- </div>
- <div id="version_1_49_0.acknowledgements">
- <h3><span class="link">Acknowledgements</span></h3>
- <p>
- <a href="http://www.boost.org/users/people/beman_dawes.html">Beman Dawes</a>, Eric Niebler,
- <a href="http://www.boost.org/users/people/rene_rivera.html">Rene Rivera</a>, Daniel James
- and Vladimir Prus managed this release.
- </p>
- </div>
</description></item></channel>
</rss>
\ No newline at end of file

Modified: website/public_html/live/generated/state/feed-pages.txt
==============================================================================
--- website/public_html/live/generated/state/feed-pages.txt (original)
+++ website/public_html/live/generated/state/feed-pages.txt 2013-02-01 15:45:02 EST (Fri, 01 Feb 2013)
@@ -2158,6 +2158,35 @@
-type
"release
)
+(feed/news/locale_1_53_0.qbk
+-dir_location
+-documentation
+-download
+-id
+"boost_locale_security_notice
+-last_modified
+.1359713311.0
+-location
+"users/news/boost_locale_security_notice.html
+-notice
+-notice_url
+-page_state
+-pub_date
+"Fri, 1 Feb 2013 02:08:31 -0800
+-purpose
+"
+" Security flaw in Boost.Locale
+"
+-qbk_hash
+"5038e9c931bdfe248b94c771a57f8da19fba50c75724d8b755767a04acefd448
+-release_status
+-rss_hash
+"b62d7f20aa41aac46aca706e6fb3accdfaad01c06b0cce7e2a610db0c1780d6d
+-title
+"Boost.Locale security notice
+-type
+"page
+)
(feed/news/result_of_1_52_0.qbk
-dir_location
-documentation

Added: website/public_html/live/users/news/boost_locale_security_notice.html
==============================================================================
--- (empty file)
+++ website/public_html/live/users/news/boost_locale_security_notice.html 2013-02-01 15:45:02 EST (Fri, 01 Feb 2013)
@@ -0,0 +1,89 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
+<head>
+ <title>Boost.Locale security notice</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+ <link rel="icon" href="/favicon.ico" type="image/ico" />
+ <link rel="stylesheet" type="text/css" href="/style-v2/section-boost.css" />
+
+ 
+</head>
+
+<body>
+ <div id="heading">
+  </div>
+
+ <div id="body">
+ <div id="body-inner">
+ <div id="content">
+ <div class="section" id="intro">
+ <div class="section-0">
+ <div class="section-title">
+ <h1>Boost.Locale security notice</h1>
+ </div>
+
+ <div class="section-body">
+ <h2><span class=
+ "news-title">Boost.Locale security notice</span></h2>
+
+ <p><span class=news-date">February 1st, 2013 10:08 GMT</span></p>
+
+
+ <div class="news-description">
+ <div class="description">
+
+
+ <p>
+ Boost.Locale library in Boost 1.48 to 1.52 including has a security flaw.
+ </p>
+ <p>
+ <code><span class="identifier">boost</span><span class="special">::</span><span class="identifier">locale</span><span class="special">::</span><span class="identifier">utf</span><span class="special">::</span><span class="identifier">utf_traits</span></code>
+ accepted some invalid UTF-8 sequences.
+ </p>
+ <p>
+ Applications that used these functions for UTF-8 input validation could expose
+ themselves to security threats as invalid UTF-8 sequece would be considered as
+ valid.
+ </p>
+ <p>
+ This bug is fixed in upcoming Boost 1.53.
+ </p>
+ <p>
+ For more details see: #7743
+ </p>
+ <p>
+ Users who can't upgrade to the latest versions may apply the following patch
+ to fix the problem.
+ </p>
+ <p>
+ http://cppcms.com/files/locale/boost_locale_utf.patch
+ </p>
+</div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+
+ <div id="sidebar">
+  </div>
+
+ <div class="clear"></div>
+ </div>
+ </div>
+
+ <div id="footer">
+ <div id="footer-left">
+ <div id="copyright">
+ <p>Copyright Rene Rivera 2006-2007.</p>
+ </div> </div>
+
+ <div id="footer-right">
+  </div>
+
+ <div class="clear"></div>
+ </div>
+</body>
+</html>

Next message: antoshkka_at_[hidden]: "[Boost-commit] svn:boost r82685 - trunk/libs/conversion/doc"
Previous message: dnljms_at_[hidden]: "[Boost-commit] svn:boost r82683 - in website/public_html/live: feed/history generated/state users/history"

Date view	Thread view	Subject view	Author view