diff options
author | Wenzong Fan <wenzong.fan@windriver.com> | 2015-05-19 11:26:33 +0800 |
---|---|---|
committer | Martin Jansa <Martin.Jansa@gmail.com> | 2015-05-22 20:14:05 +0200 |
commit | b130b13cadd46332b7d0288ebe834212198ec9f6 (patch) | |
tree | f03378c6ce0c2c6aff7261207107c033467fee3f /meta-oe/recipes-support | |
parent | be37c8f3bdd4ea4b1a9c340f869300bb667c21f6 (diff) | |
download | meta-openembedded-contrib-b130b13cadd46332b7d0288ebe834212198ec9f6.tar.gz |
libyaml: update from 0.1.5 to 0.1.6
removed patch:
- libyaml-CVE-2014-2525.patch (included by 0.1.6)
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Diffstat (limited to 'meta-oe/recipes-support')
-rw-r--r-- | meta-oe/recipes-support/libyaml/files/libyaml-CVE-2014-2525.patch | 42 | ||||
-rw-r--r-- | meta-oe/recipes-support/libyaml/libyaml_0.1.6.bb (renamed from meta-oe/recipes-support/libyaml/libyaml_0.1.5.bb) | 5 |
2 files changed, 2 insertions, 45 deletions
diff --git a/meta-oe/recipes-support/libyaml/files/libyaml-CVE-2014-2525.patch b/meta-oe/recipes-support/libyaml/files/libyaml-CVE-2014-2525.patch deleted file mode 100644 index 2fdcba3eca..0000000000 --- a/meta-oe/recipes-support/libyaml/files/libyaml-CVE-2014-2525.patch +++ /dev/null @@ -1,42 +0,0 @@ -Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function -in LibYAML before 0.1.6 allows context-dependent attackers to execute -arbitrary code via a long sequence of percent-encoded characters in a -URI in a YAML file. - -Upstream-Status: Backport - -Signed-off-by: Kai Kang <kai.kang@windriver.com> ---- -diff --git a/src/scanner.c.old b/src/scanner.c -index a2e8619..c6cde3b 100644 ---- a/src/scanner.c.old -+++ b/src/scanner.c -@@ -2619,6 +2619,9 @@ yaml_parser_scan_tag_uri(yaml_parser_t *parser, int directive, - /* Check if it is a URI-escape sequence. */ - - if (CHECK(parser->buffer, '%')) { -+ if (!STRING_EXTEND(parser, string)) -+ goto error; -+ - if (!yaml_parser_scan_uri_escapes(parser, - directive, start_mark, &string)) goto error; - } -diff --git a/src/yaml_private.h.old b/src/yaml_private.h -index ed5ea66..d72acb4 100644 ---- a/src/yaml_private.h.old -+++ b/src/yaml_private.h -@@ -132,9 +132,12 @@ yaml_string_join( - (string).start = (string).pointer = (string).end = 0) - - #define STRING_EXTEND(context,string) \ -- (((string).pointer+5 < (string).end) \ -+ ((((string).pointer+5 < (string).end) \ - || yaml_string_extend(&(string).start, \ -- &(string).pointer, &(string).end)) -+ &(string).pointer, &(string).end)) ? \ -+ 1 : \ -+ ((context)->error = YAML_MEMORY_ERROR, \ -+ 0)) - - #define CLEAR(context,string) \ - ((string).pointer = (string).start, \ diff --git a/meta-oe/recipes-support/libyaml/libyaml_0.1.5.bb b/meta-oe/recipes-support/libyaml/libyaml_0.1.6.bb index 1279541966..8a624f7f9b 100644 --- a/meta-oe/recipes-support/libyaml/libyaml_0.1.5.bb +++ b/meta-oe/recipes-support/libyaml/libyaml_0.1.6.bb @@ -8,11 +8,10 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=6015f088759b10e0bc2bf64898d4ae17" SRC_URI = "http://pyyaml.org/download/libyaml/yaml-${PV}.tar.gz \ - file://libyaml-CVE-2014-2525.patch \ " -SRC_URI[md5sum] = "24f6093c1e840ca5df2eb09291a1dbf1" -SRC_URI[sha256sum] = "fa87ee8fb7b936ec04457bc044cd561155e1000a4d25029867752e543c2d3bef" +SRC_URI[md5sum] = "5fe00cda18ca5daeb43762b80c38e06e" +SRC_URI[sha256sum] = "7da6971b4bd08a986dd2a61353bc422362bd0edcc67d7ebaac68c95f74182749" S = "${WORKDIR}/yaml-${PV}" |