pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/textproc/libyaml add patch from upstream to fix heap-b...
details: https://anonhg.NetBSD.org/pkgsrc/rev/127b0f8f4ef4
branches: trunk
changeset: 632425:127b0f8f4ef4
user: drochner <drochner%pkgsrc.org@localhost>
date: Fri Mar 28 16:02:01 2014 +0000
description:
add patch from upstream to fix heap-based buffer overflow which can lead
to arbitrary code execution (CVE-2014-2525)
bump PKGREV
diffstat:
textproc/libyaml/Makefile | 3 ++-
textproc/libyaml/distinfo | 4 +++-
textproc/libyaml/patches/patch-CVE-2014-2525_1 | 16 ++++++++++++++++
textproc/libyaml/patches/patch-CVE-2014-2525_2 | 19 +++++++++++++++++++
4 files changed, 40 insertions(+), 2 deletions(-)
diffs (69 lines):
diff -r 058b1eeb1caa -r 127b0f8f4ef4 textproc/libyaml/Makefile
--- a/textproc/libyaml/Makefile Fri Mar 28 14:13:55 2014 +0000
+++ b/textproc/libyaml/Makefile Fri Mar 28 16:02:01 2014 +0000
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.6 2014/02/05 11:14:07 drochner Exp $
+# $NetBSD: Makefile,v 1.7 2014/03/28 16:02:01 drochner Exp $
#
DISTNAME= yaml-0.1.5
PKGNAME= lib${DISTNAME}
+PKGREVISION= 1
CATEGORIES= textproc
MASTER_SITES= http://pyyaml.org/download/libyaml/
diff -r 058b1eeb1caa -r 127b0f8f4ef4 textproc/libyaml/distinfo
--- a/textproc/libyaml/distinfo Fri Mar 28 14:13:55 2014 +0000
+++ b/textproc/libyaml/distinfo Fri Mar 28 16:02:01 2014 +0000
@@ -1,5 +1,7 @@
-$NetBSD: distinfo,v 1.4 2014/02/05 11:14:07 drochner Exp $
+$NetBSD: distinfo,v 1.5 2014/03/28 16:02:01 drochner Exp $
SHA1 (yaml-0.1.5.tar.gz) = 8b78cb9f759c7d80db8a7328c0ebecfe34fde737
RMD160 (yaml-0.1.5.tar.gz) = 58d5a60ccc13c728bed48013cd0a5f001d7bde04
Size (yaml-0.1.5.tar.gz) = 504897 bytes
+SHA1 (patch-CVE-2014-2525_1) = b7695050a303b14c118fa4ff889cdb92ce338ac9
+SHA1 (patch-CVE-2014-2525_2) = 6239cc15e6f5503839c81fde2c31df00a880f061
diff -r 058b1eeb1caa -r 127b0f8f4ef4 textproc/libyaml/patches/patch-CVE-2014-2525_1
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/textproc/libyaml/patches/patch-CVE-2014-2525_1 Fri Mar 28 16:02:01 2014 +0000
@@ -0,0 +1,16 @@
+$NetBSD: patch-CVE-2014-2525_1,v 1.1 2014/03/28 16:02:01 drochner Exp $
+
+https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048
+
+--- src/scanner.c.orig 2014-03-28 15:47:54.000000000 +0000
++++ src/scanner.c
+@@ -2629,6 +2629,9 @@ yaml_parser_scan_tag_uri(yaml_parser_t *
+ /* Check if it is a URI-escape sequence. */
+
+ if (CHECK(parser->buffer, '%')) {
++ if (!STRING_EXTEND(parser, string))
++ goto error;
++
+ if (!yaml_parser_scan_uri_escapes(parser,
+ directive, start_mark, &string)) goto error;
+ }
diff -r 058b1eeb1caa -r 127b0f8f4ef4 textproc/libyaml/patches/patch-CVE-2014-2525_2
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/textproc/libyaml/patches/patch-CVE-2014-2525_2 Fri Mar 28 16:02:01 2014 +0000
@@ -0,0 +1,19 @@
+$NetBSD: patch-CVE-2014-2525_2,v 1.1 2014/03/28 16:02:01 drochner Exp $
+
+--- src/yaml_private.h.orig 2014-03-28 15:50:03.000000000 +0000
++++ src/yaml_private.h
+@@ -143,9 +143,12 @@ yaml_string_join(
+ (string).start = (string).pointer = (string).end = 0)
+
+ #define STRING_EXTEND(context,string) \
+- (((string).pointer+5 < (string).end) \
++ ((((string).pointer+5 < (string).end) \
+ || yaml_string_extend(&(string).start, \
+- &(string).pointer, &(string).end))
++ &(string).pointer, &(string).end)) ? \
++ 1 : \
++ ((context)->error = YAML_MEMORY_ERROR, \
++ 0))
+
+ #define CLEAR(context,string) \
+ ((string).pointer = (string).start, \
Home |
Main Index |
Thread Index |
Old Index