From 1219bf8a90a7bf8cd3a5363551ef635d51e8fc8e Mon Sep 17 00:00:00 2001 From: Tudor Florea Date: Thu, 8 Oct 2015 22:51:41 +0200 Subject: initial commit for Enea Linux 5.0 arm Signed-off-by: Tudor Florea --- .../libyaml/files/libyaml-CVE-2014-2525.patch | 42 ++++++++++++++++++++++ meta-oe/recipes-support/libyaml/libyaml_0.1.5.bb | 21 +++++++++++ 2 files changed, 63 insertions(+) create mode 100644 meta-oe/recipes-support/libyaml/files/libyaml-CVE-2014-2525.patch create mode 100644 meta-oe/recipes-support/libyaml/libyaml_0.1.5.bb (limited to 'meta-oe/recipes-support/libyaml') diff --git a/meta-oe/recipes-support/libyaml/files/libyaml-CVE-2014-2525.patch b/meta-oe/recipes-support/libyaml/files/libyaml-CVE-2014-2525.patch new file mode 100644 index 0000000000..2fdcba3eca --- /dev/null +++ b/meta-oe/recipes-support/libyaml/files/libyaml-CVE-2014-2525.patch @@ -0,0 +1,42 @@ +Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function +in LibYAML before 0.1.6 allows context-dependent attackers to execute +arbitrary code via a long sequence of percent-encoded characters in a +URI in a YAML file. + +Upstream-Status: Backport + +Signed-off-by: Kai Kang +--- +diff --git a/src/scanner.c.old b/src/scanner.c +index a2e8619..c6cde3b 100644 +--- a/src/scanner.c.old ++++ b/src/scanner.c +@@ -2619,6 +2619,9 @@ yaml_parser_scan_tag_uri(yaml_parser_t *parser, int directive, + /* Check if it is a URI-escape sequence. */ + + if (CHECK(parser->buffer, '%')) { ++ if (!STRING_EXTEND(parser, string)) ++ goto error; ++ + if (!yaml_parser_scan_uri_escapes(parser, + directive, start_mark, &string)) goto error; + } +diff --git a/src/yaml_private.h.old b/src/yaml_private.h +index ed5ea66..d72acb4 100644 +--- a/src/yaml_private.h.old ++++ b/src/yaml_private.h +@@ -132,9 +132,12 @@ yaml_string_join( + (string).start = (string).pointer = (string).end = 0) + + #define STRING_EXTEND(context,string) \ +- (((string).pointer+5 < (string).end) \ ++ ((((string).pointer+5 < (string).end) \ + || yaml_string_extend(&(string).start, \ +- &(string).pointer, &(string).end)) ++ &(string).pointer, &(string).end)) ? \ ++ 1 : \ ++ ((context)->error = YAML_MEMORY_ERROR, \ ++ 0)) + + #define CLEAR(context,string) \ + ((string).pointer = (string).start, \ diff --git a/meta-oe/recipes-support/libyaml/libyaml_0.1.5.bb b/meta-oe/recipes-support/libyaml/libyaml_0.1.5.bb new file mode 100644 index 0000000000..1279541966 --- /dev/null +++ b/meta-oe/recipes-support/libyaml/libyaml_0.1.5.bb @@ -0,0 +1,21 @@ +SUMMARY = "LibYAML is a YAML 1.1 parser and emitter written in C." +DESCRIPTION = "LibYAML is a C library for parsing and emitting data in YAML 1.1, \ +a human-readable data serialization format. " +HOMEPAGE = "http://pyyaml.org/wiki/LibYAML" +SECTION = "libs/devel" + +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://LICENSE;md5=6015f088759b10e0bc2bf64898d4ae17" + +SRC_URI = "http://pyyaml.org/download/libyaml/yaml-${PV}.tar.gz \ + file://libyaml-CVE-2014-2525.patch \ + " + +SRC_URI[md5sum] = "24f6093c1e840ca5df2eb09291a1dbf1" +SRC_URI[sha256sum] = "fa87ee8fb7b936ec04457bc044cd561155e1000a4d25029867752e543c2d3bef" + +S = "${WORKDIR}/yaml-${PV}" + +inherit autotools + +BBCLASSEXTEND = "native" -- cgit v1.2.3-54-g00ecf