[oe-commits] Wenzong Fan : libyaml: update from 0.1.5 to 0.1.6
git at git.openembedded.org
git at git.openembedded.org
Fri May 22 18:17:20 UTC 2015
Module: meta-openembedded.git
Branch: master-next
Commit: b130b13cadd46332b7d0288ebe834212198ec9f6
URL: http://git.openembedded.org/?p=meta-openembedded.git&a=commit;h=b130b13cadd46332b7d0288ebe834212198ec9f6
Author: Wenzong Fan <wenzong.fan at windriver.com>
Date: Tue May 19 11:26:33 2015 +0800
libyaml: update from 0.1.5 to 0.1.6
removed patch:
- libyaml-CVE-2014-2525.patch (included by 0.1.6)
Signed-off-by: Wenzong Fan <wenzong.fan at windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa at gmail.com>
---
.../libyaml/files/libyaml-CVE-2014-2525.patch | 42 ----------------------
.../libyaml/{libyaml_0.1.5.bb => libyaml_0.1.6.bb} | 5 ++-
2 files changed, 2 insertions(+), 45 deletions(-)
diff --git a/meta-oe/recipes-support/libyaml/files/libyaml-CVE-2014-2525.patch b/meta-oe/recipes-support/libyaml/files/libyaml-CVE-2014-2525.patch
deleted file mode 100644
index 2fdcba3..0000000
--- a/meta-oe/recipes-support/libyaml/files/libyaml-CVE-2014-2525.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function
-in LibYAML before 0.1.6 allows context-dependent attackers to execute
-arbitrary code via a long sequence of percent-encoded characters in a
-URI in a YAML file.
-
-Upstream-Status: Backport
-
-Signed-off-by: Kai Kang <kai.kang at windriver.com>
----
-diff --git a/src/scanner.c.old b/src/scanner.c
-index a2e8619..c6cde3b 100644
---- a/src/scanner.c.old
-+++ b/src/scanner.c
-@@ -2619,6 +2619,9 @@ yaml_parser_scan_tag_uri(yaml_parser_t *parser, int directive,
- /* Check if it is a URI-escape sequence. */
-
- if (CHECK(parser->buffer, '%')) {
-+ if (!STRING_EXTEND(parser, string))
-+ goto error;
-+
- if (!yaml_parser_scan_uri_escapes(parser,
- directive, start_mark, &string)) goto error;
- }
-diff --git a/src/yaml_private.h.old b/src/yaml_private.h
-index ed5ea66..d72acb4 100644
---- a/src/yaml_private.h.old
-+++ b/src/yaml_private.h
-@@ -132,9 +132,12 @@ yaml_string_join(
- (string).start = (string).pointer = (string).end = 0)
-
- #define STRING_EXTEND(context,string) \
-- (((string).pointer+5 < (string).end) \
-+ ((((string).pointer+5 < (string).end) \
- || yaml_string_extend(&(string).start, \
-- &(string).pointer, &(string).end))
-+ &(string).pointer, &(string).end)) ? \
-+ 1 : \
-+ ((context)->error = YAML_MEMORY_ERROR, \
-+ 0))
-
- #define CLEAR(context,string) \
- ((string).pointer = (string).start, \
diff --git a/meta-oe/recipes-support/libyaml/libyaml_0.1.5.bb b/meta-oe/recipes-support/libyaml/libyaml_0.1.6.bb
similarity index 72%
rename from meta-oe/recipes-support/libyaml/libyaml_0.1.5.bb
rename to meta-oe/recipes-support/libyaml/libyaml_0.1.6.bb
index 1279541..8a624f7 100644
--- a/meta-oe/recipes-support/libyaml/libyaml_0.1.5.bb
+++ b/meta-oe/recipes-support/libyaml/libyaml_0.1.6.bb
@@ -8,11 +8,10 @@ LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE;md5=6015f088759b10e0bc2bf64898d4ae17"
SRC_URI = "http://pyyaml.org/download/libyaml/yaml-${PV}.tar.gz \
- file://libyaml-CVE-2014-2525.patch \
"
-SRC_URI[md5sum] = "24f6093c1e840ca5df2eb09291a1dbf1"
-SRC_URI[sha256sum] = "fa87ee8fb7b936ec04457bc044cd561155e1000a4d25029867752e543c2d3bef"
+SRC_URI[md5sum] = "5fe00cda18ca5daeb43762b80c38e06e"
+SRC_URI[sha256sum] = "7da6971b4bd08a986dd2a61353bc422362bd0edcc67d7ebaac68c95f74182749"
S = "${WORKDIR}/yaml-${PV}"
More information about the Openembedded-commits
mailing list