diff options
| author | wiz <wiz@pkgsrc.org> | 2014-12-20 21:04:32 +0000 |
|---|---|---|
| committer | wiz <wiz@pkgsrc.org> | 2014-12-20 21:04:32 +0000 |
| commit | 9ef66b29928c3aa8f24527869db02cef70830175 (patch) | |
| tree | cd55d352d033d446ff4bf711b934329814293d0d /textproc | |
| parent | 7acdbf69506fb480bcea1244fed3fb0a2ad4e177 (diff) | |
| download | pkgsrc-9ef66b29928c3aa8f24527869db02cef70830175.tar.gz | |
Fix CVS-2014-9130 using the upstream patch.
Bump PKGREVISION.
Diffstat (limited to 'textproc')
| -rw-r--r-- | textproc/libyaml/Makefile | 3 | ||||
| -rw-r--r-- | textproc/libyaml/distinfo | 3 | ||||
| -rw-r--r-- | textproc/libyaml/patches/patch-src_scanner.c | 21 |
3 files changed, 25 insertions, 2 deletions
diff --git a/textproc/libyaml/Makefile b/textproc/libyaml/Makefile index 79104b57374..ccd6f423f9e 100644 --- a/textproc/libyaml/Makefile +++ b/textproc/libyaml/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.8 2014/04/01 21:10:34 wiz Exp $ +# $NetBSD: Makefile,v 1.9 2014/12/20 21:04:32 wiz Exp $ DISTNAME= yaml-0.1.6 PKGNAME= lib${DISTNAME} +PKGREVISION= 1 CATEGORIES= textproc MASTER_SITES= http://pyyaml.org/download/libyaml/ diff --git a/textproc/libyaml/distinfo b/textproc/libyaml/distinfo index 65a9afc14bd..f69418e9631 100644 --- a/textproc/libyaml/distinfo +++ b/textproc/libyaml/distinfo @@ -1,5 +1,6 @@ -$NetBSD: distinfo,v 1.6 2014/04/01 21:10:34 wiz Exp $ +$NetBSD: distinfo,v 1.7 2014/12/20 21:04:32 wiz Exp $ SHA1 (yaml-0.1.6.tar.gz) = f3d404e11bec3c4efcddfd14c42d46f1aabe0b5d RMD160 (yaml-0.1.6.tar.gz) = c37f04eb6d8c3c587bf241c2f3daf74b6d24f513 Size (yaml-0.1.6.tar.gz) = 503012 bytes +SHA1 (patch-src_scanner.c) = a273f2b3bdf499a76270ee82aa851b772e207ed9 diff --git a/textproc/libyaml/patches/patch-src_scanner.c b/textproc/libyaml/patches/patch-src_scanner.c new file mode 100644 index 00000000000..d9e15c12d3d --- /dev/null +++ b/textproc/libyaml/patches/patch-src_scanner.c @@ -0,0 +1,21 @@ +$NetBSD: patch-src_scanner.c,v 1.1 2014/12/20 21:04:32 wiz Exp $ + +Fix CVE-2014-9130: +https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2 + +--- src/scanner.c.orig 2014-03-26 18:54:02.000000000 +0000 ++++ src/scanner.c +@@ -1106,13 +1106,6 @@ yaml_parser_save_simple_key(yaml_parser_ + && parser->indent == (ptrdiff_t)parser->mark.column); + + /* +- * A simple key is required only when it is the first token in the current +- * line. Therefore it is always allowed. But we add a check anyway. +- */ +- +- assert(parser->simple_key_allowed || !required); /* Impossible. */ +- +- /* + * If the current position may start a simple key, save it. + */ + |