From: <wenzong.fan@windriver.com>
To: <openembedded-devel@lists.openembedded.org>
Subject: [PATCH 1/2][meta-oe] libyaml: update from 0.1.5 to 0.1.6
Date: Tue, 19 May 2015 11:26:33 +0800 [thread overview]
Message-ID: <1432005994-32642-1-git-send-email-wenzong.fan@windriver.com> (raw)
From: Wenzong Fan <wenzong.fan@windriver.com>
removed patch:
- libyaml-CVE-2014-2525.patch (included by 0.1.6)
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
.../libyaml/files/libyaml-CVE-2014-2525.patch | 42 ----------------------
meta-oe/recipes-support/libyaml/libyaml_0.1.5.bb | 21 -----------
meta-oe/recipes-support/libyaml/libyaml_0.1.6.bb | 20 +++++++++++
3 files changed, 20 insertions(+), 63 deletions(-)
delete mode 100644 meta-oe/recipes-support/libyaml/files/libyaml-CVE-2014-2525.patch
delete mode 100644 meta-oe/recipes-support/libyaml/libyaml_0.1.5.bb
create mode 100644 meta-oe/recipes-support/libyaml/libyaml_0.1.6.bb
diff --git a/meta-oe/recipes-support/libyaml/files/libyaml-CVE-2014-2525.patch b/meta-oe/recipes-support/libyaml/files/libyaml-CVE-2014-2525.patch
deleted file mode 100644
index 2fdcba3..0000000
--- a/meta-oe/recipes-support/libyaml/files/libyaml-CVE-2014-2525.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function
-in LibYAML before 0.1.6 allows context-dependent attackers to execute
-arbitrary code via a long sequence of percent-encoded characters in a
-URI in a YAML file.
-
-Upstream-Status: Backport
-
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
----
-diff --git a/src/scanner.c.old b/src/scanner.c
-index a2e8619..c6cde3b 100644
---- a/src/scanner.c.old
-+++ b/src/scanner.c
-@@ -2619,6 +2619,9 @@ yaml_parser_scan_tag_uri(yaml_parser_t *parser, int directive,
- /* Check if it is a URI-escape sequence. */
-
- if (CHECK(parser->buffer, '%')) {
-+ if (!STRING_EXTEND(parser, string))
-+ goto error;
-+
- if (!yaml_parser_scan_uri_escapes(parser,
- directive, start_mark, &string)) goto error;
- }
-diff --git a/src/yaml_private.h.old b/src/yaml_private.h
-index ed5ea66..d72acb4 100644
---- a/src/yaml_private.h.old
-+++ b/src/yaml_private.h
-@@ -132,9 +132,12 @@ yaml_string_join(
- (string).start = (string).pointer = (string).end = 0)
-
- #define STRING_EXTEND(context,string) \
-- (((string).pointer+5 < (string).end) \
-+ ((((string).pointer+5 < (string).end) \
- || yaml_string_extend(&(string).start, \
-- &(string).pointer, &(string).end))
-+ &(string).pointer, &(string).end)) ? \
-+ 1 : \
-+ ((context)->error = YAML_MEMORY_ERROR, \
-+ 0))
-
- #define CLEAR(context,string) \
- ((string).pointer = (string).start, \
diff --git a/meta-oe/recipes-support/libyaml/libyaml_0.1.5.bb b/meta-oe/recipes-support/libyaml/libyaml_0.1.5.bb
deleted file mode 100644
index 1279541..0000000
--- a/meta-oe/recipes-support/libyaml/libyaml_0.1.5.bb
+++ /dev/null
@@ -1,21 +0,0 @@
-SUMMARY = "LibYAML is a YAML 1.1 parser and emitter written in C."
-DESCRIPTION = "LibYAML is a C library for parsing and emitting data in YAML 1.1, \
-a human-readable data serialization format. "
-HOMEPAGE = "http://pyyaml.org/wiki/LibYAML"
-SECTION = "libs/devel"
-
-LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=6015f088759b10e0bc2bf64898d4ae17"
-
-SRC_URI = "http://pyyaml.org/download/libyaml/yaml-${PV}.tar.gz \
- file://libyaml-CVE-2014-2525.patch \
- "
-
-SRC_URI[md5sum] = "24f6093c1e840ca5df2eb09291a1dbf1"
-SRC_URI[sha256sum] = "fa87ee8fb7b936ec04457bc044cd561155e1000a4d25029867752e543c2d3bef"
-
-S = "${WORKDIR}/yaml-${PV}"
-
-inherit autotools
-
-BBCLASSEXTEND = "native"
diff --git a/meta-oe/recipes-support/libyaml/libyaml_0.1.6.bb b/meta-oe/recipes-support/libyaml/libyaml_0.1.6.bb
new file mode 100644
index 0000000..8a624f7
--- /dev/null
+++ b/meta-oe/recipes-support/libyaml/libyaml_0.1.6.bb
@@ -0,0 +1,20 @@
+SUMMARY = "LibYAML is a YAML 1.1 parser and emitter written in C."
+DESCRIPTION = "LibYAML is a C library for parsing and emitting data in YAML 1.1, \
+a human-readable data serialization format. "
+HOMEPAGE = "http://pyyaml.org/wiki/LibYAML"
+SECTION = "libs/devel"
+
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=6015f088759b10e0bc2bf64898d4ae17"
+
+SRC_URI = "http://pyyaml.org/download/libyaml/yaml-${PV}.tar.gz \
+ "
+
+SRC_URI[md5sum] = "5fe00cda18ca5daeb43762b80c38e06e"
+SRC_URI[sha256sum] = "7da6971b4bd08a986dd2a61353bc422362bd0edcc67d7ebaac68c95f74182749"
+
+S = "${WORKDIR}/yaml-${PV}"
+
+inherit autotools
+
+BBCLASSEXTEND = "native"
--
1.9.1
next reply other threads:[~2015-05-19 3:28 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-19 3:26 wenzong.fan [this message]
2015-05-19 3:26 ` [PATCH 2/2][meta-oe] libyaml: Security Advisory - libyaml - CVE-2014-9130 wenzong.fan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1432005994-32642-1-git-send-email-wenzong.fan@windriver.com \
--to=wenzong.fan@windriver.com \
--cc=openembedded-devel@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.