CVE-2020-11105 fix vs. boost::intrusive_ptr

[jamesjer]

The fix for CVE-2020-11105 in version 1.3.1 requires that std::shared_ptr be used, but at least one cereal consumer, e-antic, uses boost::intrusive_ptr instead. It might be possible to subclass OutputArchive to deal with this, but the relevant member variables are all private, not protected. As a result, the e-antic package has been left in an unbuildable state in Fedora ever since we upgraded to cereal 1.3.1. Would you consider making itsSharedPointerMap protected so that consumers can deal with this situation? Or explicitly add support for boost::intrusive_ptr?

[AzothAmmo]

Going to protected wouldn't be a big deal - can you provide a link to how e-antic is using boost::intrusitve_ptr in relation to cereal?

[saraedum]

We managed to produce a workaround, so I think this can be closed: https://github.com/flatsurf/e-antic/pull/242/files#diff-ec3c5ba2da803488d40687a86e9398c02b99cdf46d000d8a2eb7218182fcb1ddR32

[redchairman]

您的邮件我已收到，谢谢合作！