diff options
author | Vladimír Čunát <vcunat@gmail.com> | 2014-02-02 10:05:25 +0100 |
---|---|---|
committer | Vladimír Čunát <vcunat@gmail.com> | 2014-02-02 10:05:25 +0100 |
commit | 6e2d3b98473523672b06ff5c90b5b387a029e566 (patch) | |
tree | 4f53d0adf17553b40031d35fae3e6f263933fd93 /pkgs/development/libraries/libyaml | |
parent | fcaa782b6ab7cd18b8ccca82cc6615b0b3c36b18 (diff) | |
parent | 14a6a059f5863bfd9e7c69336baa8a918b41a86a (diff) | |
download | nixpkgs-6e2d3b98473523672b06ff5c90b5b387a029e566.tar nixpkgs-6e2d3b98473523672b06ff5c90b5b387a029e566.tar.gz nixpkgs-6e2d3b98473523672b06ff5c90b5b387a029e566.tar.bz2 nixpkgs-6e2d3b98473523672b06ff5c90b5b387a029e566.tar.lz nixpkgs-6e2d3b98473523672b06ff5c90b5b387a029e566.tar.xz nixpkgs-6e2d3b98473523672b06ff5c90b5b387a029e566.tar.zst nixpkgs-6e2d3b98473523672b06ff5c90b5b387a029e566.zip |
Merge master into x-updates
Diffstat (limited to 'pkgs/development/libraries/libyaml')
4 files changed, 161 insertions, 0 deletions
diff --git a/pkgs/development/libraries/libyaml/cve-2013-6393_a.patch b/pkgs/development/libraries/libyaml/cve-2013-6393_a.patch new file mode 100644 index 00000000000..130107341f7 --- /dev/null +++ b/pkgs/development/libraries/libyaml/cve-2013-6393_a.patch @@ -0,0 +1,11 @@ +--- a/src/scanner.c ++++ a/src/scanner.c +@@ -2574,7 +2574,7 @@ + + /* Resize the string to include the head. */ + +- while (string.end - string.start <= (int)length) { ++ while ((size_t)(string.end - string.start) <= length) { + if (!yaml_string_extend(&string.start, &string.pointer, &string.end)) { + parser->error = YAML_MEMORY_ERROR; + goto error; diff --git a/pkgs/development/libraries/libyaml/cve-2013-6393_b.patch b/pkgs/development/libraries/libyaml/cve-2013-6393_b.patch new file mode 100644 index 00000000000..db2b9ff2bba --- /dev/null +++ b/pkgs/development/libraries/libyaml/cve-2013-6393_b.patch @@ -0,0 +1,16 @@ +--- a/src/api.c ++++ a/src/api.c +@@ -117,7 +117,12 @@ + YAML_DECLARE(int) + yaml_stack_extend(void **start, void **top, void **end) + { +- void *new_start = yaml_realloc(*start, ((char *)*end - (char *)*start)*2); ++ void *new_start; ++ ++ if ((char *)*end - (char *)*start >= INT_MAX / 2) ++ return 0; ++ ++ new_start = yaml_realloc(*start, ((char *)*end - (char *)*start)*2); + + if (!new_start) return 0; + diff --git a/pkgs/development/libraries/libyaml/cve-2013-6393_c.patch b/pkgs/development/libraries/libyaml/cve-2013-6393_c.patch new file mode 100644 index 00000000000..dc1c50da4e8 --- /dev/null +++ b/pkgs/development/libraries/libyaml/cve-2013-6393_c.patch @@ -0,0 +1,131 @@ +--- a/src/scanner.c Mon Dec 24 03:51:32 2012 +0000 ++++ a/src/scanner.c Mon Jan 27 19:48:28 2014 -0500 +@@ -615,11 +615,14 @@ + */ + + static int +-yaml_parser_roll_indent(yaml_parser_t *parser, int column, ++yaml_parser_roll_indent(yaml_parser_t *parser, size_t column, + int number, yaml_token_type_t type, yaml_mark_t mark); + + static int +-yaml_parser_unroll_indent(yaml_parser_t *parser, int column); ++yaml_parser_unroll_indent(yaml_parser_t *parser, size_t column); ++ ++static int ++yaml_parser_reset_indent(yaml_parser_t *parser); + + /* + * Token fetchers. +@@ -1206,7 +1209,7 @@ + */ + + static int +-yaml_parser_roll_indent(yaml_parser_t *parser, int column, ++yaml_parser_roll_indent(yaml_parser_t *parser, size_t column, + int number, yaml_token_type_t type, yaml_mark_t mark) + { + yaml_token_t token; +@@ -1216,7 +1219,7 @@ + if (parser->flow_level) + return 1; + +- if (parser->indent < column) ++ if (parser->indent == -1 || parser->indent < column) + { + /* + * Push the current indentation level to the stack and set the new +@@ -1254,7 +1257,7 @@ + + + static int +-yaml_parser_unroll_indent(yaml_parser_t *parser, int column) ++yaml_parser_unroll_indent(yaml_parser_t *parser, size_t column) + { + yaml_token_t token; + +@@ -1263,6 +1266,15 @@ + if (parser->flow_level) + return 1; + ++ /* ++ * column is unsigned and parser->indent is signed, so if ++ * parser->indent is less than zero the conditional in the while ++ * loop below is incorrect. Guard against that. ++ */ ++ ++ if (parser->indent < 0) ++ return 1; ++ + /* Loop through the intendation levels in the stack. */ + + while (parser->indent > column) +@@ -1283,6 +1295,41 @@ + } + + /* ++ * Pop indentation levels from the indents stack until the current ++ * level resets to -1. For each intendation level, append the ++ * BLOCK-END token. ++ */ ++ ++static int ++yaml_parser_reset_indent(yaml_parser_t *parser) ++{ ++ yaml_token_t token; ++ ++ /* In the flow context, do nothing. */ ++ ++ if (parser->flow_level) ++ return 1; ++ ++ /* Loop through the intendation levels in the stack. */ ++ ++ while (parser->indent > -1) ++ { ++ /* Create a token and append it to the queue. */ ++ ++ TOKEN_INIT(token, YAML_BLOCK_END_TOKEN, parser->mark, parser->mark); ++ ++ if (!ENQUEUE(parser, parser->tokens, token)) ++ return 0; ++ ++ /* Pop the indentation level. */ ++ ++ parser->indent = POP(parser, parser->indents); ++ } ++ ++ return 1; ++} ++ ++/* + * Initialize the scanner and produce the STREAM-START token. + */ + +@@ -1338,7 +1385,7 @@ + + /* Reset the indentation level. */ + +- if (!yaml_parser_unroll_indent(parser, -1)) ++ if (!yaml_parser_reset_indent(parser)) + return 0; + + /* Reset simple keys. */ +@@ -1369,7 +1416,7 @@ + + /* Reset the indentation level. */ + +- if (!yaml_parser_unroll_indent(parser, -1)) ++ if (!yaml_parser_reset_indent(parser)) + return 0; + + /* Reset simple keys. */ +@@ -1407,7 +1454,7 @@ + + /* Reset the indentation level. */ + +- if (!yaml_parser_unroll_indent(parser, -1)) ++ if (!yaml_parser_reset_indent(parser)) + return 0; + + /* Reset simple keys. */ diff --git a/pkgs/development/libraries/libyaml/default.nix b/pkgs/development/libraries/libyaml/default.nix index cf687c97243..93f19165e88 100644 --- a/pkgs/development/libraries/libyaml/default.nix +++ b/pkgs/development/libraries/libyaml/default.nix @@ -8,6 +8,9 @@ stdenv.mkDerivation { sha256 = "0dvavrhxjrjfxgdgysxqfpdy08lpg3m9i8vxjyvdkcjsmra1by3v"; }; + # Downloaded on 2014-02-01 from https://bugzilla.redhat.com/show_bug.cgi?id=1033990 + patches = [ ./cve-2013-6393_a.patch ./cve-2013-6393_b.patch ./cve-2013-6393_c.patch ]; + meta = { homepage = http://pyyaml.org/; description = "A YAML 1.1 parser and emitter written in C"; |