Date: Sun, 30 Mar 2014 20:39:54 +0900 (JST) From: Yasuhiro KIMURA <yasu@utahime.org> To: FreeBSD-gnats-submit@freebsd.org Cc: jpaetzel@FreeBSD.org Subject: ports/188075: [PATCH] textproc/libyaml: update to 0.1.6 Message-ID: <20140330113954.E1870C3F5F@rolling-vm-freebsd2.home.utahime.org> Resent-Message-ID: <201403301150.s2UBo1jq098317@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 188075 >Category: ports >Synopsis: [PATCH] textproc/libyaml: update to 0.1.6 >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Sun Mar 30 11:50:00 UTC 2014 >Closed-Date: >Last-Modified: >Originator: Yasuhiro KIMURA >Release: FreeBSD 10.0-RELEASE amd64 >Organization: >Environment: System: FreeBSD xxxx 10.0-RELEASE FreeBSD 10.0-RELEASE #0 r260673: Mon Feb 10 14:35:30 JST >Description: - Update to 0.1.6, which fixes buffer overflow vulnerability (CVE-2014-2525). - Strip shared library. Port maintainer (jpaetzel@FreeBSD.org) is cc'd. Generated with FreeBSD Port Tools 1.00.2014.03.23 (mode: update, diff: SVN) >How-To-Repeat: >Fix: --- libyaml-0.1.6.patch begins here --- Index: Makefile =================================================================== --- Makefile (revision 349613) +++ Makefile (working copy) @@ -2,8 +2,7 @@ # $FreeBSD$ PORTNAME= libyaml -PORTVERSION= 0.1.4 -PORTREVISION= 3 +PORTVERSION= 0.1.6 CATEGORIES= textproc MASTER_SITES= http://pyyaml.org/download/libyaml/ DISTNAME= yaml-${PORTVERSION} @@ -16,4 +15,7 @@ USES= pathfix USE_LDCONFIG= yes +post-install: + ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/libyaml.so + .include <bsd.port.mk> Index: distinfo =================================================================== --- distinfo (revision 349613) +++ distinfo (working copy) @@ -1,2 +1,2 @@ -SHA256 (repacked/yaml-0.1.4.tar.gz) = 7bf81554ae5ab2d9b6977da398ea789722e0db75b86bffdaeb4e66d961de6a37 -SIZE (repacked/yaml-0.1.4.tar.gz) = 471759 +SHA256 (repacked/yaml-0.1.6.tar.gz) = 7da6971b4bd08a986dd2a61353bc422362bd0edcc67d7ebaac68c95f74182749 +SIZE (repacked/yaml-0.1.6.tar.gz) = 503012 Index: files/patch-src-api.c =================================================================== --- files/patch-src-api.c (revision 349613) +++ files/patch-src-api.c (working copy) @@ -1,26 +0,0 @@ -# HG changeset patch -# User Florian Weimer <fweimer@redhat.com> -# Date 1389274355 -3600 -# Thu Jan 09 14:32:35 2014 +0100 -# Node ID 034d7a91581ac930e5958683f1a06f41e96d24a2 -# Parent a54d7af707f25dc298a7be60fd152001d2b3035b -yaml_stack_extend: guard against integer overflow - -diff --git a/src/api.c b/src/api.c ---- src/api.c -+++ src/api.c -@@ -117,7 +117,12 @@ - YAML_DECLARE(int) - yaml_stack_extend(void **start, void **top, void **end) - { -- void *new_start = yaml_realloc(*start, ((char *)*end - (char *)*start)*2); -+ void *new_start; -+ -+ if ((char *)*end - (char *)*start >= INT_MAX / 2) -+ return 0; -+ -+ new_start = yaml_realloc(*start, ((char *)*end - (char *)*start)*2); - - if (!new_start) return 0; - - Index: files/patch-src-scanner.c =================================================================== --- files/patch-src-scanner.c (revision 349613) +++ files/patch-src-scanner.c (working copy) @@ -1,141 +0,0 @@ -# HG changeset patch -# User John Eckersberg <jeckersb@redhat.com> -# Date 1390870108 18000 -# Mon Jan 27 19:48:28 2014 -0500 -# Node ID 7179aa474f31e73834adda26b77bfc25bfe5143d -# Parent 3e6507fa0c26d20c09f8f468f2bd04aa2fd1b5b5 -yaml_parser-{un,}roll-indent: fix int overflow in column argument - -diff -r 3e6507fa0c26 -r 7179aa474f31 src/scanner.c ---- src/scanner.c Mon Dec 24 03:51:32 2012 +0000 -+++ src/scanner.c Mon Jan 27 19:48:28 2014 -0500 -@@ -615,11 +615,14 @@ - */ - - static int --yaml_parser_roll_indent(yaml_parser_t *parser, int column, -+yaml_parser_roll_indent(yaml_parser_t *parser, size_t column, - int number, yaml_token_type_t type, yaml_mark_t mark); - - static int --yaml_parser_unroll_indent(yaml_parser_t *parser, int column); -+yaml_parser_unroll_indent(yaml_parser_t *parser, size_t column); -+ -+static int -+yaml_parser_reset_indent(yaml_parser_t *parser); - - /* - * Token fetchers. -@@ -1206,7 +1209,7 @@ - */ - - static int --yaml_parser_roll_indent(yaml_parser_t *parser, int column, -+yaml_parser_roll_indent(yaml_parser_t *parser, size_t column, - int number, yaml_token_type_t type, yaml_mark_t mark) - { - yaml_token_t token; -@@ -1216,7 +1219,7 @@ - if (parser->flow_level) - return 1; - -- if (parser->indent < column) -+ if (parser->indent == -1 || parser->indent < column) - { - /* - * Push the current indentation level to the stack and set the new -@@ -1254,7 +1257,7 @@ - - - static int --yaml_parser_unroll_indent(yaml_parser_t *parser, int column) -+yaml_parser_unroll_indent(yaml_parser_t *parser, size_t column) - { - yaml_token_t token; - -@@ -1263,6 +1266,15 @@ - if (parser->flow_level) - return 1; - -+ /* -+ * column is unsigned and parser->indent is signed, so if -+ * parser->indent is less than zero the conditional in the while -+ * loop below is incorrect. Guard against that. -+ */ -+ -+ if (parser->indent < 0) -+ return 1; -+ - /* Loop through the intendation levels in the stack. */ - - while (parser->indent > column) -@@ -1283,6 +1295,41 @@ - } - - /* -+ * Pop indentation levels from the indents stack until the current -+ * level resets to -1. For each intendation level, append the -+ * BLOCK-END token. -+ */ -+ -+static int -+yaml_parser_reset_indent(yaml_parser_t *parser) -+{ -+ yaml_token_t token; -+ -+ /* In the flow context, do nothing. */ -+ -+ if (parser->flow_level) -+ return 1; -+ -+ /* Loop through the intendation levels in the stack. */ -+ -+ while (parser->indent > -1) -+ { -+ /* Create a token and append it to the queue. */ -+ -+ TOKEN_INIT(token, YAML_BLOCK_END_TOKEN, parser->mark, parser->mark); -+ -+ if (!ENQUEUE(parser, parser->tokens, token)) -+ return 0; -+ -+ /* Pop the indentation level. */ -+ -+ parser->indent = POP(parser, parser->indents); -+ } -+ -+ return 1; -+} -+ -+/* - * Initialize the scanner and produce the STREAM-START token. - */ - -@@ -1338,7 +1385,7 @@ - - /* Reset the indentation level. */ - -- if (!yaml_parser_unroll_indent(parser, -1)) -+ if (!yaml_parser_reset_indent(parser)) - return 0; - - /* Reset simple keys. */ -@@ -1369,7 +1416,7 @@ - - /* Reset the indentation level. */ - -- if (!yaml_parser_unroll_indent(parser, -1)) -+ if (!yaml_parser_reset_indent(parser)) - return 0; - - /* Reset simple keys. */ -@@ -1407,7 +1454,7 @@ - - /* Reset the indentation level. */ - -- if (!yaml_parser_unroll_indent(parser, -1)) -+ if (!yaml_parser_reset_indent(parser)) - return 0; - - /* Reset simple keys. */ - --- libyaml-0.1.6.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140330113954.E1870C3F5F>