diff options
author | tron <tron@pkgsrc.org> | 2014-04-14 17:17:02 +0000 |
---|---|---|
committer | tron <tron@pkgsrc.org> | 2014-04-14 17:17:02 +0000 |
commit | 66a660a0bd8725dc4e66b9777553eb06b6d11a4c (patch) | |
tree | 9dd01cf11c2969e6add404aeaf11bd6c74434abf /textproc | |
parent | 738c30a1266f637c562d35bc3be2bfa084eaaf02 (diff) | |
download | pkgsrc-66a660a0bd8725dc4e66b9777553eb06b6d11a4c.tar.gz |
Pullup ticket #4375 - requested by obache
textproc/p5-YAML-LibYAML: security patch
Revisions pulled up:
- textproc/p5-YAML-LibYAML/Makefile 1.15
- textproc/p5-YAML-LibYAML/distinfo 1.10
- textproc/p5-YAML-LibYAML/patches/patch-LibYAML_scanner.c 1.1
- textproc/p5-YAML-LibYAML/patches/patch-LibYAML_yaml__private.h 1.1
---
Module Name: pkgsrc
Committed By: obache
Date: Mon Apr 14 13:22:20 UTC 2014
Modified Files:
pkgsrc/textproc/p5-YAML-LibYAML: Makefile distinfo
Added Files:
pkgsrc/textproc/p5-YAML-LibYAML/patches: patch-LibYAML_scanner.c
patch-LibYAML_yaml__private.h
Log Message:
Apply patch to internal LibYAML for CVE-2013-6393 and CVE-2014-2525.
Bump PKGREVISION.
Diffstat (limited to 'textproc')
-rw-r--r-- | textproc/p5-YAML-LibYAML/Makefile | 3 | ||||
-rw-r--r-- | textproc/p5-YAML-LibYAML/distinfo | 4 | ||||
-rw-r--r-- | textproc/p5-YAML-LibYAML/patches/patch-LibYAML_scanner.c | 28 | ||||
-rw-r--r-- | textproc/p5-YAML-LibYAML/patches/patch-LibYAML_yaml__private.h | 22 |
4 files changed, 55 insertions, 2 deletions
diff --git a/textproc/p5-YAML-LibYAML/Makefile b/textproc/p5-YAML-LibYAML/Makefile index f0eb311bb90..72c2160345d 100644 --- a/textproc/p5-YAML-LibYAML/Makefile +++ b/textproc/p5-YAML-LibYAML/Makefile @@ -1,8 +1,9 @@ -# $NetBSD: Makefile,v 1.14 2013/07/21 11:24:08 wen Exp $ +# $NetBSD: Makefile,v 1.14.6.1 2014/04/14 17:17:02 tron Exp $ # DISTNAME= YAML-LibYAML-0.41 PKGNAME= p5-${DISTNAME} +PKGREVISION= 1 #PKGNAME= p5-${DISTNAME:S/LibYAML/XS/} CATEGORIES= textproc perl5 MASTER_SITES= ${MASTER_SITE_PERL_CPAN:=YAML/} diff --git a/textproc/p5-YAML-LibYAML/distinfo b/textproc/p5-YAML-LibYAML/distinfo index 0d72f13db27..3b1f13b8bb5 100644 --- a/textproc/p5-YAML-LibYAML/distinfo +++ b/textproc/p5-YAML-LibYAML/distinfo @@ -1,6 +1,8 @@ -$NetBSD: distinfo,v 1.9 2013/07/21 11:24:08 wen Exp $ +$NetBSD: distinfo,v 1.9.6.1 2014/04/14 17:17:02 tron Exp $ SHA1 (YAML-LibYAML-0.41.tar.gz) = 55291d5e786ef9ab73395b3313dfab0c4f145126 RMD160 (YAML-LibYAML-0.41.tar.gz) = 77027a1c5f9a4dea012c25e7ef642f1d7f9e892b Size (YAML-LibYAML-0.41.tar.gz) = 179218 bytes SHA1 (patch-LibYAML_perl__libyaml.c) = 6f6ebfb0efd2ac4dbc3950ff808112b7e8d292d0 +SHA1 (patch-LibYAML_scanner.c) = a137573730112f5b5a3f2bef03e0adb7d3c8d054 +SHA1 (patch-LibYAML_yaml__private.h) = 4e6cc0c37dc53dc49833d7d70663fcc73f0d7c8b diff --git a/textproc/p5-YAML-LibYAML/patches/patch-LibYAML_scanner.c b/textproc/p5-YAML-LibYAML/patches/patch-LibYAML_scanner.c new file mode 100644 index 00000000000..f35f818dbe7 --- /dev/null +++ b/textproc/p5-YAML-LibYAML/patches/patch-LibYAML_scanner.c @@ -0,0 +1,28 @@ +$NetBSD: patch-LibYAML_scanner.c,v 1.1.2.2 2014/04/14 17:17:02 tron Exp $ + +* CVE-2013-6393 + https://bitbucket.org/xi/libyaml/commits/1d73f004f49e6962cf936da98aecf0aec95c4c50 +* CVE-2014-2525 + https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048 + +--- LibYAML/scanner.c.orig 2013-03-12 17:58:04.000000000 +0000 ++++ LibYAML/scanner.c +@@ -2574,7 +2574,7 @@ yaml_parser_scan_tag_uri(yaml_parser_t * + + /* Resize the string to include the head. */ + +- while (string.end - string.start <= (int)length) { ++ while ((size_t)(string.end - string.start) <= length) { + if (!yaml_string_extend(&string.start, &string.pointer, &string.end)) { + parser->error = YAML_MEMORY_ERROR; + goto error; +@@ -2619,6 +2619,9 @@ yaml_parser_scan_tag_uri(yaml_parser_t * + /* Check if it is a URI-escape sequence. */ + + if (CHECK(parser->buffer, '%')) { ++ if (!STRING_EXTEND(parser, string)) ++ goto error; ++ + if (!yaml_parser_scan_uri_escapes(parser, + directive, start_mark, &string)) goto error; + } diff --git a/textproc/p5-YAML-LibYAML/patches/patch-LibYAML_yaml__private.h b/textproc/p5-YAML-LibYAML/patches/patch-LibYAML_yaml__private.h new file mode 100644 index 00000000000..416b2d78e7c --- /dev/null +++ b/textproc/p5-YAML-LibYAML/patches/patch-LibYAML_yaml__private.h @@ -0,0 +1,22 @@ +$NetBSD: patch-LibYAML_yaml__private.h,v 1.1.2.2 2014/04/14 17:17:02 tron Exp $ + +* CVE-2014-2525 + https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048 + +--- LibYAML/yaml_private.h.orig 2013-03-12 17:58:04.000000000 +0000 ++++ LibYAML/yaml_private.h +@@ -132,9 +132,12 @@ yaml_string_join( + (string).start = (string).pointer = (string).end = 0) + + #define STRING_EXTEND(context,string) \ +- (((string).pointer+5 < (string).end) \ ++ ((((string).pointer+5 < (string).end) \ + || yaml_string_extend(&(string).start, \ +- &(string).pointer, &(string).end)) ++ &(string).pointer, &(string).end)) ? \ ++ 1 : \ ++ ((context)->error = YAML_MEMORY_ERROR, \ ++ 0)) + + #define CLEAR(context,string) \ + ((string).pointer = (string).start, \ |