From owner-freebsd-ports-bugs@FreeBSD.ORG Sun Mar 30 11:50:01 2014 Return-Path: Delivered-To: freebsd-ports-bugs@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 992A31B9 for ; Sun, 30 Mar 2014 11:50:01 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7122D2E4 for ; Sun, 30 Mar 2014 11:50:01 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s2UBo1eh098323 for ; Sun, 30 Mar 2014 11:50:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s2UBo1jq098317; Sun, 30 Mar 2014 11:50:01 GMT (envelope-from gnats) Resent-Date: Sun, 30 Mar 2014 11:50:01 GMT Resent-Message-Id: <201403301150.s2UBo1jq098317@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Yasuhiro KIMURA Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 925F212C; Sun, 30 Mar 2014 11:40:04 +0000 (UTC) Received: from gate.utahime.jp (ipq210.utahime.jp [183.180.29.210]) by mx1.freebsd.org (Postfix) with ESMTP id 37CD023E; Sun, 30 Mar 2014 11:40:03 +0000 (UTC) Received: from eastasia.home.utahime.org (eastasia.home.utahime.org [192.168.174.1]) by gate.utahime.jp (Postfix) with ESMTP id B2EB24E641; Sun, 30 Mar 2014 20:39:55 +0900 (JST) Received: from eastasia.home.utahime.org (localhost [127.0.0.1]) by localhost-backdoor.home.utahime.org (Postfix) with ESMTP id 7A05C7594C; Sun, 30 Mar 2014 20:39:55 +0900 (JST) Received: from rolling-vm-freebsd2.home.utahime.org (rolling-vm-freebsd2.home.utahime.org [192.168.174.54]) by eastasia.home.utahime.org (Postfix) with ESMTP id 29A5D75920; Sun, 30 Mar 2014 20:39:55 +0900 (JST) Received: by rolling-vm-freebsd2.home.utahime.org (Postfix, from userid 1000) id E1870C3F5F; Sun, 30 Mar 2014 20:39:54 +0900 (JST) Message-Id: <20140330113954.E1870C3F5F@rolling-vm-freebsd2.home.utahime.org> Date: Sun, 30 Mar 2014 20:39:54 +0900 (JST) From: Yasuhiro KIMURA To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.113 Subject: ports/188075: [PATCH] textproc/libyaml: update to 0.1.6 Cc: jpaetzel@FreeBSD.org X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Mar 2014 11:50:01 -0000 >Number: 188075 >Category: ports >Synopsis: [PATCH] textproc/libyaml: update to 0.1.6 >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Sun Mar 30 11:50:00 UTC 2014 >Closed-Date: >Last-Modified: >Originator: Yasuhiro KIMURA >Release: FreeBSD 10.0-RELEASE amd64 >Organization: >Environment: System: FreeBSD xxxx 10.0-RELEASE FreeBSD 10.0-RELEASE #0 r260673: Mon Feb 10 14:35:30 JST >Description: - Update to 0.1.6, which fixes buffer overflow vulnerability (CVE-2014-2525). - Strip shared library. Port maintainer (jpaetzel@FreeBSD.org) is cc'd. Generated with FreeBSD Port Tools 1.00.2014.03.23 (mode: update, diff: SVN) >How-To-Repeat: >Fix: --- libyaml-0.1.6.patch begins here --- Index: Makefile =================================================================== --- Makefile (revision 349613) +++ Makefile (working copy) @@ -2,8 +2,7 @@ # $FreeBSD$ PORTNAME= libyaml -PORTVERSION= 0.1.4 -PORTREVISION= 3 +PORTVERSION= 0.1.6 CATEGORIES= textproc MASTER_SITES= http://pyyaml.org/download/libyaml/ DISTNAME= yaml-${PORTVERSION} @@ -16,4 +15,7 @@ USES= pathfix USE_LDCONFIG= yes +post-install: + ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/libyaml.so + .include Index: distinfo =================================================================== --- distinfo (revision 349613) +++ distinfo (working copy) @@ -1,2 +1,2 @@ -SHA256 (repacked/yaml-0.1.4.tar.gz) = 7bf81554ae5ab2d9b6977da398ea789722e0db75b86bffdaeb4e66d961de6a37 -SIZE (repacked/yaml-0.1.4.tar.gz) = 471759 +SHA256 (repacked/yaml-0.1.6.tar.gz) = 7da6971b4bd08a986dd2a61353bc422362bd0edcc67d7ebaac68c95f74182749 +SIZE (repacked/yaml-0.1.6.tar.gz) = 503012 Index: files/patch-src-api.c =================================================================== --- files/patch-src-api.c (revision 349613) +++ files/patch-src-api.c (working copy) @@ -1,26 +0,0 @@ -# HG changeset patch -# User Florian Weimer -# Date 1389274355 -3600 -# Thu Jan 09 14:32:35 2014 +0100 -# Node ID 034d7a91581ac930e5958683f1a06f41e96d24a2 -# Parent a54d7af707f25dc298a7be60fd152001d2b3035b -yaml_stack_extend: guard against integer overflow - -diff --git a/src/api.c b/src/api.c ---- src/api.c -+++ src/api.c -@@ -117,7 +117,12 @@ - YAML_DECLARE(int) - yaml_stack_extend(void **start, void **top, void **end) - { -- void *new_start = yaml_realloc(*start, ((char *)*end - (char *)*start)*2); -+ void *new_start; -+ -+ if ((char *)*end - (char *)*start >= INT_MAX / 2) -+ return 0; -+ -+ new_start = yaml_realloc(*start, ((char *)*end - (char *)*start)*2); - - if (!new_start) return 0; - - Index: files/patch-src-scanner.c =================================================================== --- files/patch-src-scanner.c (revision 349613) +++ files/patch-src-scanner.c (working copy) @@ -1,141 +0,0 @@ -# HG changeset patch -# User John Eckersberg -# Date 1390870108 18000 -# Mon Jan 27 19:48:28 2014 -0500 -# Node ID 7179aa474f31e73834adda26b77bfc25bfe5143d -# Parent 3e6507fa0c26d20c09f8f468f2bd04aa2fd1b5b5 -yaml_parser-{un,}roll-indent: fix int overflow in column argument - -diff -r 3e6507fa0c26 -r 7179aa474f31 src/scanner.c ---- src/scanner.c Mon Dec 24 03:51:32 2012 +0000 -+++ src/scanner.c Mon Jan 27 19:48:28 2014 -0500 -@@ -615,11 +615,14 @@ - */ - - static int --yaml_parser_roll_indent(yaml_parser_t *parser, int column, -+yaml_parser_roll_indent(yaml_parser_t *parser, size_t column, - int number, yaml_token_type_t type, yaml_mark_t mark); - - static int --yaml_parser_unroll_indent(yaml_parser_t *parser, int column); -+yaml_parser_unroll_indent(yaml_parser_t *parser, size_t column); -+ -+static int -+yaml_parser_reset_indent(yaml_parser_t *parser); - - /* - * Token fetchers. -@@ -1206,7 +1209,7 @@ - */ - - static int --yaml_parser_roll_indent(yaml_parser_t *parser, int column, -+yaml_parser_roll_indent(yaml_parser_t *parser, size_t column, - int number, yaml_token_type_t type, yaml_mark_t mark) - { - yaml_token_t token; -@@ -1216,7 +1219,7 @@ - if (parser->flow_level) - return 1; - -- if (parser->indent < column) -+ if (parser->indent == -1 || parser->indent < column) - { - /* - * Push the current indentation level to the stack and set the new -@@ -1254,7 +1257,7 @@ - - - static int --yaml_parser_unroll_indent(yaml_parser_t *parser, int column) -+yaml_parser_unroll_indent(yaml_parser_t *parser, size_t column) - { - yaml_token_t token; - -@@ -1263,6 +1266,15 @@ - if (parser->flow_level) - return 1; - -+ /* -+ * column is unsigned and parser->indent is signed, so if -+ * parser->indent is less than zero the conditional in the while -+ * loop below is incorrect. Guard against that. -+ */ -+ -+ if (parser->indent < 0) -+ return 1; -+ - /* Loop through the intendation levels in the stack. */ - - while (parser->indent > column) -@@ -1283,6 +1295,41 @@ - } - - /* -+ * Pop indentation levels from the indents stack until the current -+ * level resets to -1. For each intendation level, append the -+ * BLOCK-END token. -+ */ -+ -+static int -+yaml_parser_reset_indent(yaml_parser_t *parser) -+{ -+ yaml_token_t token; -+ -+ /* In the flow context, do nothing. */ -+ -+ if (parser->flow_level) -+ return 1; -+ -+ /* Loop through the intendation levels in the stack. */ -+ -+ while (parser->indent > -1) -+ { -+ /* Create a token and append it to the queue. */ -+ -+ TOKEN_INIT(token, YAML_BLOCK_END_TOKEN, parser->mark, parser->mark); -+ -+ if (!ENQUEUE(parser, parser->tokens, token)) -+ return 0; -+ -+ /* Pop the indentation level. */ -+ -+ parser->indent = POP(parser, parser->indents); -+ } -+ -+ return 1; -+} -+ -+/* - * Initialize the scanner and produce the STREAM-START token. - */ - -@@ -1338,7 +1385,7 @@ - - /* Reset the indentation level. */ - -- if (!yaml_parser_unroll_indent(parser, -1)) -+ if (!yaml_parser_reset_indent(parser)) - return 0; - - /* Reset simple keys. */ -@@ -1369,7 +1416,7 @@ - - /* Reset the indentation level. */ - -- if (!yaml_parser_unroll_indent(parser, -1)) -+ if (!yaml_parser_reset_indent(parser)) - return 0; - - /* Reset simple keys. */ -@@ -1407,7 +1454,7 @@ - - /* Reset the indentation level. */ - -- if (!yaml_parser_unroll_indent(parser, -1)) -+ if (!yaml_parser_reset_indent(parser)) - return 0; - - /* Reset simple keys. */ - --- libyaml-0.1.6.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted: