Pullup ticket #3807 - requested by spz

textproc/p5-YAML-LibYAML: security update Revisions pulled up: - textproc/p5-YAML-LibYAML/Makefile 1.9-1.10 - textproc/p5-YAML-LibYAML/distinfo 1.7-1.8 - textproc/p5-YAML-LibYAML/patches/patch-LibYAML_perl__libyaml.c 1.1 --- Module Name: pkgsrc Committed By: sno Date: Tue Apr 10 13:50:05 UTC 2012 Modified Files: pkgsrc/textproc/p5-YAML-LibYAML: Makefile distinfo Log Message: Updating package for CPAN module YAML::LibYAML in textproc/p5-YAML-LibYAML from 0.37 to 0.38 Upstream changes: version: 0.38 date: Tue Jan 3 22:56:01 PST 2012 changes: - Apply SPROUT++ deparse test patch. Thanks! --- Module Name: pkgsrc Committed By: spz Date: Thu May 24 20:21:18 UTC 2012 Modified Files: pkgsrc/textproc/p5-YAML-LibYAML: Makefile distinfo Added Files: pkgsrc/textproc/p5-YAML-LibYAML/patches: patch-LibYAML_perl__libyaml.c Log Message: fix for CVS-2012-1152 taken from https://rt.cpan.org/Ticket/Attachment/920541/477607/YAML-LibYAML-0.35-format-err or.patch
author: tron <tron> 2012-05-28 10:58:03 +0000
committer: tron <tron> 2012-05-28 10:58:03 +0000
commit: 1e3668c594cb053ac17ddf38ab9ac19ef24cf19c (patch)
tree: dc1a0d9e69d192c94618ac06308a7572573ce7fa
parent: 81b101c397a9e6ac560e600dc9fa08fa4296f87a (diff)
download: pkgsrc-1e3668c594cb053ac17ddf38ab9ac19ef24cf19c.tar.gz
3 files changed, 51 insertions, 6 deletions
diff --git a/textproc/p5-YAML-LibYAML/Makefile b/textproc/p5-YAML-LibYAML/Makefile
index f91f4f4f571..c25ce951bf8 100644
--- a/textproc/p5-YAML-LibYAML/Makefile
+++ b/textproc/p5-YAML-LibYAML/Makefile
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.8 2011/11/16 08:38:26 sno Exp $
+# $NetBSD: Makefile,v 1.8.4.1 2012/05/28 10:58:03 tron Exp $
 #
 
-DISTNAME=	YAML-LibYAML-0.37
+DISTNAME=	YAML-LibYAML-0.38
+PKGREVISION=	1
 PKGNAME=	p5-${DISTNAME}
 #PKGNAME=	p5-${DISTNAME:S/LibYAML/XS/}
 CATEGORIES=	textproc perl5
diff --git a/textproc/p5-YAML-LibYAML/distinfo b/textproc/p5-YAML-LibYAML/distinfo
index c02ed874b2a..5086abfe9cb 100644
--- a/textproc/p5-YAML-LibYAML/distinfo
+++ b/textproc/p5-YAML-LibYAML/distinfo
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.6 2011/11/16 08:38:26 sno Exp $
+$NetBSD: distinfo,v 1.6.4.1 2012/05/28 10:58:03 tron Exp $
 
-SHA1 (YAML-LibYAML-0.37.tar.gz) = 265a7c00ae79a2229272320114a78f875d8abe1c
-RMD160 (YAML-LibYAML-0.37.tar.gz) = e34f3e088c7dee36d5e89888ac439ac1369f65b6
-Size (YAML-LibYAML-0.37.tar.gz) = 176294 bytes
+SHA1 (YAML-LibYAML-0.38.tar.gz) = d522fac459f07f31d1f239ca7d19ccc2e29cb524
+RMD160 (YAML-LibYAML-0.38.tar.gz) = 3b3ffdc9c7a03f4301a805d61593f3468b505b9f
+Size (YAML-LibYAML-0.38.tar.gz) = 176599 bytes
+SHA1 (patch-LibYAML_perl__libyaml.c) = 6f6ebfb0efd2ac4dbc3950ff808112b7e8d292d0
diff --git a/textproc/p5-YAML-LibYAML/patches/patch-LibYAML_perl__libyaml.c b/textproc/p5-YAML-LibYAML/patches/patch-LibYAML_perl__libyaml.c
new file mode 100644
index 00000000000..7a38787081e
--- /dev/null
+++ b/textproc/p5-YAML-LibYAML/patches/patch-LibYAML_perl__libyaml.c
@@ -0,0 +1,43 @@
+$NetBSD: patch-LibYAML_perl__libyaml.c,v 1.1.2.2 2012/05/28 10:58:03 tron Exp $
+
+fix for CVS-2012-1152 taken from
+https://rt.cpan.org/Ticket/Attachment/920541/477607/YAML-LibYAML-0.35-format-error.patch
+
+--- LibYAML/perl_libyaml.c.orig	2011-04-03 16:28:08.000000000 +0000
++++ LibYAML/perl_libyaml.c
+@@ -188,7 +188,7 @@ Load(SV *yaml_sv)
+     return;
+ 
+ load_error:
+-    croak(loader_error_msg(&loader, NULL));
++    croak("%s", loader_error_msg(&loader, NULL));
+ }
+ 
+ /*
+@@ -271,7 +271,7 @@ load_node(perl_yaml_loader_t *loader)
+     return return_sv;
+ 
+     load_error:
+-        croak(loader_error_msg(loader, NULL));
++        croak("%s", loader_error_msg(loader, NULL));
+ }
+ 
+ /*
+@@ -314,7 +314,7 @@ load_mapping(perl_yaml_loader_t *loader,
+         else if (strlen(tag) <= strlen(prefix) ||
+             ! strnEQ(tag, prefix, strlen(prefix))
+         ) croak(
+-            loader_error_msg(loader, form("bad tag found for hash: '%s'", tag))
++            "%s", loader_error_msg(loader, form("bad tag found for hash: '%s'", tag))
+         );
+         class = tag + strlen(prefix);
+         sv_bless(hash_ref, gv_stashpv(class, TRUE)); 
+@@ -347,7 +347,7 @@ load_sequence(perl_yaml_loader_t *loader
+         else if (strlen(tag) <= strlen(prefix) ||
+             ! strnEQ(tag, prefix, strlen(prefix))
+         ) croak(
+-            loader_error_msg(loader, form("bad tag found for array: '%s'", tag))
++            "%s", loader_error_msg(loader, form("bad tag found for array: '%s'", tag))
+         );
+         class = tag + strlen(prefix);
+         sv_bless(array_ref, gv_stashpv(class, TRUE));
author	tron <tron>	2012-05-28 10:58:03 +0000
committer	tron <tron>	2012-05-28 10:58:03 +0000
commit	1e3668c594cb053ac17ddf38ab9ac19ef24cf19c (patch)
tree	dc1a0d9e69d192c94618ac06308a7572573ce7fa
parent	81b101c397a9e6ac560e600dc9fa08fa4296f87a (diff)
download	pkgsrc-1e3668c594cb053ac17ddf38ab9ac19ef24cf19c.tar.gz