diff options
| author | obache <obache@pkgsrc.org> | 2014-04-14 13:22:19 +0000 |
|---|---|---|
| committer | obache <obache@pkgsrc.org> | 2014-04-14 13:22:19 +0000 |
| commit | a7b362016a062d8e6b69f582045245132140e0cc (patch) | |
| tree | 391e95471a65e5e06eadb751f32b83b17bad9398 /textproc | |
| parent | ebbbd1ce25894c441db00b21eab2d90bcbf5a6f8 (diff) | |
| download | pkgsrc-a7b362016a062d8e6b69f582045245132140e0cc.tar.gz | |
Apply patch to internal LibYAML for CVE-2013-6393 and CVE-2014-2525.
Bump PKGREVISION.
Diffstat (limited to 'textproc')
| -rw-r--r-- | textproc/p5-YAML-LibYAML/Makefile | 3 | ||||
| -rw-r--r-- | textproc/p5-YAML-LibYAML/distinfo | 4 | ||||
| -rw-r--r-- | textproc/p5-YAML-LibYAML/patches/patch-LibYAML_scanner.c | 28 | ||||
| -rw-r--r-- | textproc/p5-YAML-LibYAML/patches/patch-LibYAML_yaml__private.h | 22 |
4 files changed, 55 insertions, 2 deletions
diff --git a/textproc/p5-YAML-LibYAML/Makefile b/textproc/p5-YAML-LibYAML/Makefile index f0eb311bb90..890f128dddc 100644 --- a/textproc/p5-YAML-LibYAML/Makefile +++ b/textproc/p5-YAML-LibYAML/Makefile @@ -1,8 +1,9 @@ -# $NetBSD: Makefile,v 1.14 2013/07/21 11:24:08 wen Exp $ +# $NetBSD: Makefile,v 1.15 2014/04/14 13:22:19 obache Exp $ # DISTNAME= YAML-LibYAML-0.41 PKGNAME= p5-${DISTNAME} +PKGREVISION= 1 #PKGNAME= p5-${DISTNAME:S/LibYAML/XS/} CATEGORIES= textproc perl5 MASTER_SITES= ${MASTER_SITE_PERL_CPAN:=YAML/} diff --git a/textproc/p5-YAML-LibYAML/distinfo b/textproc/p5-YAML-LibYAML/distinfo index 0d72f13db27..c155e3cdfeb 100644 --- a/textproc/p5-YAML-LibYAML/distinfo +++ b/textproc/p5-YAML-LibYAML/distinfo @@ -1,6 +1,8 @@ -$NetBSD: distinfo,v 1.9 2013/07/21 11:24:08 wen Exp $ +$NetBSD: distinfo,v 1.10 2014/04/14 13:22:19 obache Exp $ SHA1 (YAML-LibYAML-0.41.tar.gz) = 55291d5e786ef9ab73395b3313dfab0c4f145126 RMD160 (YAML-LibYAML-0.41.tar.gz) = 77027a1c5f9a4dea012c25e7ef642f1d7f9e892b Size (YAML-LibYAML-0.41.tar.gz) = 179218 bytes SHA1 (patch-LibYAML_perl__libyaml.c) = 6f6ebfb0efd2ac4dbc3950ff808112b7e8d292d0 +SHA1 (patch-LibYAML_scanner.c) = a137573730112f5b5a3f2bef03e0adb7d3c8d054 +SHA1 (patch-LibYAML_yaml__private.h) = 4e6cc0c37dc53dc49833d7d70663fcc73f0d7c8b diff --git a/textproc/p5-YAML-LibYAML/patches/patch-LibYAML_scanner.c b/textproc/p5-YAML-LibYAML/patches/patch-LibYAML_scanner.c new file mode 100644 index 00000000000..2173d864eaa --- /dev/null +++ b/textproc/p5-YAML-LibYAML/patches/patch-LibYAML_scanner.c @@ -0,0 +1,28 @@ +$NetBSD: patch-LibYAML_scanner.c,v 1.1 2014/04/14 13:22:20 obache Exp $ + +* CVE-2013-6393 + https://bitbucket.org/xi/libyaml/commits/1d73f004f49e6962cf936da98aecf0aec95c4c50 +* CVE-2014-2525 + https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048 + +--- LibYAML/scanner.c.orig 2013-03-12 17:58:04.000000000 +0000 ++++ LibYAML/scanner.c +@@ -2574,7 +2574,7 @@ yaml_parser_scan_tag_uri(yaml_parser_t * + + /* Resize the string to include the head. */ + +- while (string.end - string.start <= (int)length) { ++ while ((size_t)(string.end - string.start) <= length) { + if (!yaml_string_extend(&string.start, &string.pointer, &string.end)) { + parser->error = YAML_MEMORY_ERROR; + goto error; +@@ -2619,6 +2619,9 @@ yaml_parser_scan_tag_uri(yaml_parser_t * + /* Check if it is a URI-escape sequence. */ + + if (CHECK(parser->buffer, '%')) { ++ if (!STRING_EXTEND(parser, string)) ++ goto error; ++ + if (!yaml_parser_scan_uri_escapes(parser, + directive, start_mark, &string)) goto error; + } diff --git a/textproc/p5-YAML-LibYAML/patches/patch-LibYAML_yaml__private.h b/textproc/p5-YAML-LibYAML/patches/patch-LibYAML_yaml__private.h new file mode 100644 index 00000000000..1f675454394 --- /dev/null +++ b/textproc/p5-YAML-LibYAML/patches/patch-LibYAML_yaml__private.h @@ -0,0 +1,22 @@ +$NetBSD: patch-LibYAML_yaml__private.h,v 1.1 2014/04/14 13:22:20 obache Exp $ + +* CVE-2014-2525 + https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048 + +--- LibYAML/yaml_private.h.orig 2013-03-12 17:58:04.000000000 +0000 ++++ LibYAML/yaml_private.h +@@ -132,9 +132,12 @@ yaml_string_join( + (string).start = (string).pointer = (string).end = 0) + + #define STRING_EXTEND(context,string) \ +- (((string).pointer+5 < (string).end) \ ++ ((((string).pointer+5 < (string).end) \ + || yaml_string_extend(&(string).start, \ +- &(string).pointer, &(string).end)) ++ &(string).pointer, &(string).end)) ? \ ++ 1 : \ ++ ((context)->error = YAML_MEMORY_ERROR, \ ++ 0)) + + #define CLEAR(context,string) \ + ((string).pointer = (string).start, \ |