diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2015-01-29 12:07:47 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2015-01-29 12:07:47 +0000 |
| commit | c26ee7ddc49f3aa15cd9e0ac6c85259d5c3f186e (patch) | |
| tree | e64aa105be954ae515f37ac6e4f5af20a12dca42 /main/yaml | |
| parent | 308b940dd2591bfa8b77bc28343ff6a266d77d31 (diff) | |
| download | aports-c26ee7ddc49f3aa15cd9e0ac6c85259d5c3f186e.tar.bz2 aports-c26ee7ddc49f3aa15cd9e0ac6c85259d5c3f186e.tar.xz | |
main/yaml: security fix for CVE-2014-9130
ref #3771
Diffstat (limited to 'main/yaml')
| -rw-r--r-- | main/yaml/APKBUILD | 15 | ||||
| -rw-r--r-- | main/yaml/CVE-2014-9130.patch | 28 |
2 files changed, 38 insertions, 5 deletions
diff --git a/main/yaml/APKBUILD b/main/yaml/APKBUILD index fc8d9caf5a..11291d77cc 100644 --- a/main/yaml/APKBUILD +++ b/main/yaml/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=yaml pkgver=0.1.6 -pkgrel=0 +pkgrel=1 pkgdesc="YAML 1.1 parser and emitter written in C" url="http://pyyaml.org/wiki/LibYAML" arch="all" @@ -11,7 +11,9 @@ depends="" makedepends="" install="" subpackages="$pkgname-dev" -source="http://pyyaml.org/download/libyaml/yaml-$pkgver.tar.gz" +source="http://pyyaml.org/download/libyaml/yaml-$pkgver.tar.gz + CVE-2014-9130.patch + " _builddir="$srcdir"/yaml-$pkgver prepare() { @@ -45,6 +47,9 @@ package() { rm -f "$pkgdir"/usr/lib/*.la } -md5sums="5fe00cda18ca5daeb43762b80c38e06e yaml-0.1.6.tar.gz" -sha256sums="7da6971b4bd08a986dd2a61353bc422362bd0edcc67d7ebaac68c95f74182749 yaml-0.1.6.tar.gz" -sha512sums="eef1f26fec0a305836b8c6a65def4e2864fe2415618e7490717d4e42f0fc51048727ab0e7e4a6c3a2783ae762fddd6b78091a76a6cd3a2710ae18e3dfb27cd44 yaml-0.1.6.tar.gz" +md5sums="5fe00cda18ca5daeb43762b80c38e06e yaml-0.1.6.tar.gz +ec710ccf96476c5eff3eba2e412560d5 CVE-2014-9130.patch" +sha256sums="7da6971b4bd08a986dd2a61353bc422362bd0edcc67d7ebaac68c95f74182749 yaml-0.1.6.tar.gz +4255081c22c7e823dc77967efcbcb2493cac991fca3648c7d825c1bc3c25d2fa CVE-2014-9130.patch" +sha512sums="eef1f26fec0a305836b8c6a65def4e2864fe2415618e7490717d4e42f0fc51048727ab0e7e4a6c3a2783ae762fddd6b78091a76a6cd3a2710ae18e3dfb27cd44 yaml-0.1.6.tar.gz +1d6e7db8b45ba4edc3d0b89951113c908c65f7477630ab3c046d4eddc1533eb32b9840d9dbe65704c9f70958e6eeb214fdbb6f393f3fdcae011aaf09bc4c5e97 CVE-2014-9130.patch" diff --git a/main/yaml/CVE-2014-9130.patch b/main/yaml/CVE-2014-9130.patch new file mode 100644 index 0000000000..00e15f32b4 --- /dev/null +++ b/main/yaml/CVE-2014-9130.patch @@ -0,0 +1,28 @@ +From e6aa721cc0e5a48f408c52355559fd36780ba32a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ingy=20d=C3=B6t=20Net?= <ingy@ingy.net> +Date: Fri, 28 Nov 2014 09:21:49 -0800 +Subject: [PATCH] Fix for https://bitbucket.org/xi/libyaml/issue/10/ + +https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure + +Commenting out the assert makes the scanner do the right thing and +results in just a simple parse failure. +--- + src/scanner.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/scanner.c b/src/scanner.c +index 88d4fa5..c5f3d2f 100644 +--- a/src/scanner.c ++++ b/src/scanner.c +@@ -1110,7 +1110,9 @@ yaml_parser_save_simple_key(yaml_parser_t *parser) + * line. Therefore it is always allowed. But we add a check anyway. + */ + +- assert(parser->simple_key_allowed || !required); /* Impossible. */ ++ /* XXX This caused: ++ * https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure ++ assert(parser->simple_key_allowed || !required); */ /* Impossible. */ + + /* + * If the current position may start a simple key, save it. |