libyaml: update from 0.1.5 to 0.1.6

removed patch: - libyaml-CVE-2014-2525.patch (included by 0.1.6) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
author: Wenzong Fan <wenzong.fan@windriver.com> 2015-05-19 11:26:33 +0800
committer: Martin Jansa <Martin.Jansa@gmail.com> 2015-05-22 20:14:05 +0200
commit: b130b13cadd46332b7d0288ebe834212198ec9f6 (patch)
tree: f03378c6ce0c2c6aff7261207107c033467fee3f
parent: be37c8f3bdd4ea4b1a9c340f869300bb667c21f6 (diff)
download: meta-openembedded-b130b13cadd46332b7d0288ebe834212198ec9f6.tar.gz
2 files changed, 2 insertions, 45 deletions
diff --git a/meta-oe/recipes-support/libyaml/files/libyaml-CVE-2014-2525.patch b/meta-oe/recipes-support/libyaml/files/libyaml-CVE-2014-2525.patch
deleted file mode 100644
index 2fdcba3ec..000000000
--- a/meta-oe/recipes-support/libyaml/files/libyaml-CVE-2014-2525.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function
-in LibYAML before 0.1.6 allows context-dependent attackers to execute
-arbitrary code via a long sequence of percent-encoded characters in a
-URI in a YAML file.
-Upstream-Status: Backport
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
---
-diff --git a/src/scanner.c.old b/src/scanner.c
-index a2e8619..c6cde3b 100644
--- a/src/scanner.c.old
-+++ b/src/scanner.c
-@@ -2619,6 +2619,9 @@ yaml_parser_scan_tag_uri(yaml_parser_t *parser, int directive,
-         /* Check if it is a URI-escape sequence. */
- 
-         if (CHECK(parser->buffer, '%')) {
-+            if (!STRING_EXTEND(parser, string))
-+                goto error;
-+
-             if (!yaml_parser_scan_uri_escapes(parser,
-                         directive, start_mark, &string)) goto error;
-         }
-diff --git a/src/yaml_private.h.old b/src/yaml_private.h
-index ed5ea66..d72acb4 100644
--- a/src/yaml_private.h.old
-+++ b/src/yaml_private.h
-@@ -132,9 +132,12 @@ yaml_string_join(
-      (string).start = (string).pointer = (string).end = 0)
- 
- #define STRING_EXTEND(context,string)                                           \
-    (((string).pointer+5 < (string).end)                                        \
-+    ((((string).pointer+5 < (string).end)                                       \
-         || yaml_string_extend(&(string).start,                                  \
-            &(string).pointer, &(string).end))
-+            &(string).pointer, &(string).end)) ?                                \
-+         1 :                                                                    \
-+        ((context)->error = YAML_MEMORY_ERROR,                                  \
-+         0))
- 
- #define CLEAR(context,string)                                                   \
-     ((string).pointer = (string).start,                                         \
diff --git a/meta-oe/recipes-support/libyaml/libyaml_0.1.5.bb b/meta-oe/recipes-support/libyaml/libyaml_0.1.6.bb
index 127954196..8a624f7f9 100644
--- a/meta-oe/recipes-support/libyaml/libyaml_0.1.5.bb
+++ b/meta-oe/recipes-support/libyaml/libyaml_0.1.6.bb
@@ -8,11 +8,10 @@ LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=6015f088759b10e0bc2bf64898d4ae17"
 SRC_URI = "http://pyyaml.org/download/libyaml/yaml-${PV}.tar.gz \
-           file://libyaml-CVE-2014-2525.patch \
          "
-SRC_URI[md5sum] = "24f6093c1e840ca5df2eb09291a1dbf1"
+SRC_URI[md5sum] = "5fe00cda18ca5daeb43762b80c38e06e"
-SRC_URI[sha256sum] = "fa87ee8fb7b936ec04457bc044cd561155e1000a4d25029867752e543c2d3bef"
+SRC_URI[sha256sum] = "7da6971b4bd08a986dd2a61353bc422362bd0edcc67d7ebaac68c95f74182749"
 S = "${WORKDIR}/yaml-${PV}"
author	Wenzong Fan <wenzong.fan@windriver.com>	2015-05-19 11:26:33 +0800
committer	Martin Jansa <Martin.Jansa@gmail.com>	2015-05-22 20:14:05 +0200
commit	b130b13cadd46332b7d0288ebe834212198ec9f6 (patch)
tree	f03378c6ce0c2c6aff7261207107c033467fee3f
parent	be37c8f3bdd4ea4b1a9c340f869300bb667c21f6 (diff)
download	meta-openembedded-b130b13cadd46332b7d0288ebe834212198ec9f6.tar.gz

diff --git a/meta-oe/recipes-support/libyaml/files/libyaml-CVE-2014-2525.patch b/meta-oe/recipes-support/libyaml/files/libyaml-CVE-2014-2525.patch deleted file mode 100644 index 2fdcba3ec..000000000 --- a/meta-oe/recipes-support/libyaml/files/libyaml-CVE-2014-2525.patch +++ /dev/null
@@ -1,42 +0,0 @@
1	Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function
2	in LibYAML before 0.1.6 allows context-dependent attackers to execute
3	arbitrary code via a long sequence of percent-encoded characters in a
4	URI in a YAML file.
5
6	Upstream-Status: Backport
7
8	Signed-off-by: Kai Kang <kai.kang@windriver.com>
9	---
10	diff --git a/src/scanner.c.old b/src/scanner.c
11	index a2e8619..c6cde3b 100644
12	--- a/src/scanner.c.old
13	+++ b/src/scanner.c
14	@@ -2619,6 +2619,9 @@ yaml_parser_scan_tag_uri(yaml_parser_t *parser, int directive,
15	/* Check if it is a URI-escape sequence. */
16
17	if (CHECK(parser->buffer, '%')) {
18	+ if (!STRING_EXTEND(parser, string))
19	+ goto error;
20	+
21	if (!yaml_parser_scan_uri_escapes(parser,
22	directive, start_mark, &string)) goto error;
23	}
24	diff --git a/src/yaml_private.h.old b/src/yaml_private.h
25	index ed5ea66..d72acb4 100644
26	--- a/src/yaml_private.h.old
27	+++ b/src/yaml_private.h
28	@@ -132,9 +132,12 @@ yaml_string_join(
29	(string).start = (string).pointer = (string).end = 0)
30
31	#define STRING_EXTEND(context,string) \
32	- (((string).pointer+5 < (string).end) \
33	+ ((((string).pointer+5 < (string).end) \
34	\|\| yaml_string_extend(&(string).start, \
35	- &(string).pointer, &(string).end))
36	+ &(string).pointer, &(string).end)) ? \
37	+ 1 : \
38	+ ((context)->error = YAML_MEMORY_ERROR, \
39	+ 0))
40
41	#define CLEAR(context,string) \
42	((string).pointer = (string).start, \


diff --git a/meta-oe/recipes-support/libyaml/libyaml_0.1.5.bb b/meta-oe/recipes-support/libyaml/libyaml_0.1.6.bb index 127954196..8a624f7f9 100644 --- a/meta-oe/recipes-support/libyaml/libyaml_0.1.5.bb +++ b/meta-oe/recipes-support/libyaml/libyaml_0.1.6.bb
@@ -8,11 +8,10 @@ LICENSE = "MIT"
8	LIC_FILES_CHKSUM = "file://LICENSE;md5=6015f088759b10e0bc2bf64898d4ae17"	8	LIC_FILES_CHKSUM = "file://LICENSE;md5=6015f088759b10e0bc2bf64898d4ae17"
9		9
10	SRC_URI = "http://pyyaml.org/download/libyaml/yaml-${PV}.tar.gz \	10	SRC_URI = "http://pyyaml.org/download/libyaml/yaml-${PV}.tar.gz \
11	file://libyaml-CVE-2014-2525.patch \
12	"	11	"
13		12
14	SRC_URI[md5sum] = "24f6093c1e840ca5df2eb09291a1dbf1"	13	SRC_URI[md5sum] = "5fe00cda18ca5daeb43762b80c38e06e"
15	SRC_URI[sha256sum] = "fa87ee8fb7b936ec04457bc044cd561155e1000a4d25029867752e543c2d3bef"	14	SRC_URI[sha256sum] = "7da6971b4bd08a986dd2a61353bc422362bd0edcc67d7ebaac68c95f74182749"
16		15
17	S = "${WORKDIR}/yaml-${PV}"	16	S = "${WORKDIR}/yaml-${PV}"
18		17