summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--textproc/libyaml/Makefile3
-rw-r--r--textproc/libyaml/distinfo3
-rw-r--r--textproc/libyaml/patches/patch-src_scanner.c21
3 files changed, 25 insertions, 2 deletions
diff --git a/textproc/libyaml/Makefile b/textproc/libyaml/Makefile
index 79104b57374..ccd6f423f9e 100644
--- a/textproc/libyaml/Makefile
+++ b/textproc/libyaml/Makefile
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.8 2014/04/01 21:10:34 wiz Exp $
+# $NetBSD: Makefile,v 1.9 2014/12/20 21:04:32 wiz Exp $
DISTNAME= yaml-0.1.6
PKGNAME= lib${DISTNAME}
+PKGREVISION= 1
CATEGORIES= textproc
MASTER_SITES= http://pyyaml.org/download/libyaml/
diff --git a/textproc/libyaml/distinfo b/textproc/libyaml/distinfo
index 65a9afc14bd..f69418e9631 100644
--- a/textproc/libyaml/distinfo
+++ b/textproc/libyaml/distinfo
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.6 2014/04/01 21:10:34 wiz Exp $
+$NetBSD: distinfo,v 1.7 2014/12/20 21:04:32 wiz Exp $
SHA1 (yaml-0.1.6.tar.gz) = f3d404e11bec3c4efcddfd14c42d46f1aabe0b5d
RMD160 (yaml-0.1.6.tar.gz) = c37f04eb6d8c3c587bf241c2f3daf74b6d24f513
Size (yaml-0.1.6.tar.gz) = 503012 bytes
+SHA1 (patch-src_scanner.c) = a273f2b3bdf499a76270ee82aa851b772e207ed9
diff --git a/textproc/libyaml/patches/patch-src_scanner.c b/textproc/libyaml/patches/patch-src_scanner.c
new file mode 100644
index 00000000000..d9e15c12d3d
--- /dev/null
+++ b/textproc/libyaml/patches/patch-src_scanner.c
@@ -0,0 +1,21 @@
+$NetBSD: patch-src_scanner.c,v 1.1 2014/12/20 21:04:32 wiz Exp $
+
+Fix CVE-2014-9130:
+https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2
+
+--- src/scanner.c.orig 2014-03-26 18:54:02.000000000 +0000
++++ src/scanner.c
+@@ -1106,13 +1106,6 @@ yaml_parser_save_simple_key(yaml_parser_
+ && parser->indent == (ptrdiff_t)parser->mark.column);
+
+ /*
+- * A simple key is required only when it is the first token in the current
+- * line. Therefore it is always allowed. But we add a check anyway.
+- */
+-
+- assert(parser->simple_key_allowed || !required); /* Impossible. */
+-
+- /*
+ * If the current position may start a simple key, save it.
+ */
+