aboutsummaryrefslogtreecommitdiff
path: root/package/libyaml
diff options
context:
space:
mode:
authorGravatar Gustavo Zacarias <gustavo@zacarias.com.ar>2014-12-15 17:55:10 -0300
committerGravatar Peter Korsgaard <peter@korsgaard.com>2014-12-15 22:03:06 +0100
commite91d3ca42c008ff860468a249177c6efdd397be9 (patch)
tree100db8b69f4396d09278372938e01ee1b77c7930 /package/libyaml
parent72695bbfc442c640b40e873bc772c8f067235fee (diff)
downloadbuildroot-e91d3ca42c008ff860468a249177c6efdd397be9.tar.gz
buildroot-e91d3ca42c008ff860468a249177c6efdd397be9.tar.bz2
libyaml: add security patch for CVE-2014-9130
Fixes: assert failure when processing wrapped strings (CVE-2014-9130). See https://bugzilla.redhat.com/show_bug.cgi?id=1169369 Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'package/libyaml')
-rw-r--r--package/libyaml/0001-fix-CVE-2014-9130.patch33
1 files changed, 33 insertions, 0 deletions
diff --git a/package/libyaml/0001-fix-CVE-2014-9130.patch b/package/libyaml/0001-fix-CVE-2014-9130.patch
new file mode 100644
index 0000000000..a267e4084c
--- /dev/null
+++ b/package/libyaml/0001-fix-CVE-2014-9130.patch
@@ -0,0 +1,33 @@
+From e6aa721cc0e5a48f408c52355559fd36780ba32a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ingy=20d=C3=B6t=20Net?= <ingy@ingy.net>
+Date: Fri, 28 Nov 2014 09:21:49 -0800
+Subject: [PATCH] Fix for https://bitbucket.org/xi/libyaml/issue/10/
+
+https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure
+
+Commenting out the assert makes the scanner do the right thing and
+results in just a simple parse failure.
+
+Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
+---
+ src/scanner.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/scanner.c b/src/scanner.c
+index 88d4fa5..c5f3d2f 100644
+--- a/src/scanner.c
++++ b/src/scanner.c
+@@ -1110,7 +1110,9 @@ yaml_parser_save_simple_key(yaml_parser_t *parser)
+ * line. Therefore it is always allowed. But we add a check anyway.
+ */
+
+- assert(parser->simple_key_allowed || !required); /* Impossible. */
++ /* XXX This caused:
++ * https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure
++ assert(parser->simple_key_allowed || !required); */ /* Impossible. */
+
+ /*
+ * If the current position may start a simple key, save it.
+--
+2.0.4
+