libyaml: Security Advisory - libyaml - CVE-2014-9130

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9130 The patch comes from: https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2 Removed invalid simple key assertion (thank to Jonathan Gray) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
author: Yue Tao <Yue.Tao@windriver.com> 2015-05-19 11:26:34 +0800
committer: Martin Jansa <Martin.Jansa@gmail.com> 2015-05-22 20:14:05 +0200
commit: a3fd44bd1cba2ae55226b6cabec18347473197f4 (patch)
tree: cfd2667507f161235d1f74bc9ede10adb1d44a9a
parent: b130b13cadd46332b7d0288ebe834212198ec9f6 (diff)
download: meta-openembedded-a3fd44bd1cba2ae55226b6cabec18347473197f4.tar.gz
2 files changed, 33 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/libyaml/files/libyaml-CVE-2014-9130.patch b/meta-oe/recipes-support/libyaml/files/libyaml-CVE-2014-9130.patch
new file mode 100644
index 000000000..3c4a00ef3
--- /dev/null
+++ b/meta-oe/recipes-support/libyaml/files/libyaml-CVE-2014-9130.patch
@@ -0,0 +1,32 @@
+# HG changeset patch
+# User Kirill Simonov <xi@resolvent.net>
+# Date 1417197312 21600
+# Node ID 2b9156756423e967cfd09a61d125d883fca6f4f2
+# Parent  053f53a381ff6adbbc93a31ab7fdee06a16c8a33
+Removed invalid simple key assertion (thank to Jonathan Gray).
+The patch comes from 
+https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2
+Upstream-Status: Backport
+Signed-off-by: Yue Tao <yue.tao@windriver.com>
+diff -r 053f53a381ff -r 2b9156756423 src/scanner.c
+--- a/src/scanner.c     Wed Mar 26 13:55:54 2014 -0500
+++ b/src/scanner.c     Fri Nov 28 11:55:12 2014 -0600
+@@ -1106,13 +1106,6 @@
+             && parser->indent == (ptrdiff_t)parser->mark.column);
+ 
+     /*
+-     * A simple key is required only when it is the first token in the current
+-     * line.  Therefore it is always allowed.  But we add a check anyway.
+-     */
+-
+-    assert(parser->simple_key_allowed || !required);    /* Impossible. */
+-
+-    /*
+      * If the current position may start a simple key, save it.
+      */
+ 
diff --git a/meta-oe/recipes-support/libyaml/libyaml_0.1.6.bb b/meta-oe/recipes-support/libyaml/libyaml_0.1.6.bb
index 8a624f7f9..b0155774d 100644
--- a/meta-oe/recipes-support/libyaml/libyaml_0.1.6.bb
+++ b/meta-oe/recipes-support/libyaml/libyaml_0.1.6.bb
@@ -8,6 +8,7 @@ LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=6015f088759b10e0bc2bf64898d4ae17"
 SRC_URI = "http://pyyaml.org/download/libyaml/yaml-${PV}.tar.gz \
+           file://libyaml-CVE-2014-9130.patch \
          "
 SRC_URI[md5sum] = "5fe00cda18ca5daeb43762b80c38e06e"
author	Yue Tao <Yue.Tao@windriver.com>	2015-05-19 11:26:34 +0800
committer	Martin Jansa <Martin.Jansa@gmail.com>	2015-05-22 20:14:05 +0200
commit	a3fd44bd1cba2ae55226b6cabec18347473197f4 (patch)
tree	cfd2667507f161235d1f74bc9ede10adb1d44a9a
parent	b130b13cadd46332b7d0288ebe834212198ec9f6 (diff)
download	meta-openembedded-a3fd44bd1cba2ae55226b6cabec18347473197f4.tar.gz

diff --git a/meta-oe/recipes-support/libyaml/files/libyaml-CVE-2014-9130.patch b/meta-oe/recipes-support/libyaml/files/libyaml-CVE-2014-9130.patch new file mode 100644 index 000000000..3c4a00ef3 --- /dev/null +++ b/meta-oe/recipes-support/libyaml/files/libyaml-CVE-2014-9130.patch
@@ -0,0 +1,32 @@
		1	# HG changeset patch
		2	# User Kirill Simonov <xi@resolvent.net>
		3	# Date 1417197312 21600
		4	# Node ID 2b9156756423e967cfd09a61d125d883fca6f4f2
		5	# Parent 053f53a381ff6adbbc93a31ab7fdee06a16c8a33
		6	Removed invalid simple key assertion (thank to Jonathan Gray).
		7
		8	The patch comes from
		9
		10	https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2
		11
		12	Upstream-Status: Backport
		13
		14	Signed-off-by: Yue Tao <yue.tao@windriver.com>
		15
		16	diff -r 053f53a381ff -r 2b9156756423 src/scanner.c
		17	--- a/src/scanner.c Wed Mar 26 13:55:54 2014 -0500
		18	+++ b/src/scanner.c Fri Nov 28 11:55:12 2014 -0600
		19	@@ -1106,13 +1106,6 @@
		20	&& parser->indent == (ptrdiff_t)parser->mark.column);
		21
		22	/*
		23	- * A simple key is required only when it is the first token in the current
		24	- * line. Therefore it is always allowed. But we add a check anyway.
		25	- */
		26	-
		27	- assert(parser->simple_key_allowed \|\| !required); /* Impossible. */
		28	-
		29	- /*
		30	* If the current position may start a simple key, save it.
		31	*/
		32


diff --git a/meta-oe/recipes-support/libyaml/libyaml_0.1.6.bb b/meta-oe/recipes-support/libyaml/libyaml_0.1.6.bb index 8a624f7f9..b0155774d 100644 --- a/meta-oe/recipes-support/libyaml/libyaml_0.1.6.bb +++ b/meta-oe/recipes-support/libyaml/libyaml_0.1.6.bb
@@ -8,6 +8,7 @@ LICENSE = "MIT"
8	LIC_FILES_CHKSUM = "file://LICENSE;md5=6015f088759b10e0bc2bf64898d4ae17"	8	LIC_FILES_CHKSUM = "file://LICENSE;md5=6015f088759b10e0bc2bf64898d4ae17"
9		9
10	SRC_URI = "http://pyyaml.org/download/libyaml/yaml-${PV}.tar.gz \	10	SRC_URI = "http://pyyaml.org/download/libyaml/yaml-${PV}.tar.gz \
		11	file://libyaml-CVE-2014-9130.patch \
11	"	12	"
12		13
13	SRC_URI[md5sum] = "5fe00cda18ca5daeb43762b80c38e06e"	14	SRC_URI[md5sum] = "5fe00cda18ca5daeb43762b80c38e06e"