diff options
author | Yue Tao <Yue.Tao@windriver.com> | 2015-05-19 11:26:34 +0800 |
---|---|---|
committer | Martin Jansa <Martin.Jansa@gmail.com> | 2015-05-22 20:14:05 +0200 |
commit | a3fd44bd1cba2ae55226b6cabec18347473197f4 (patch) | |
tree | cfd2667507f161235d1f74bc9ede10adb1d44a9a | |
parent | b130b13cadd46332b7d0288ebe834212198ec9f6 (diff) | |
download | meta-openembedded-a3fd44bd1cba2ae55226b6cabec18347473197f4.tar.gz |
libyaml: Security Advisory - libyaml - CVE-2014-9130
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9130
The patch comes from:
https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2
Removed invalid simple key assertion (thank to Jonathan Gray)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
-rw-r--r-- | meta-oe/recipes-support/libyaml/files/libyaml-CVE-2014-9130.patch | 32 | ||||
-rw-r--r-- | meta-oe/recipes-support/libyaml/libyaml_0.1.6.bb | 1 |
2 files changed, 33 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/libyaml/files/libyaml-CVE-2014-9130.patch b/meta-oe/recipes-support/libyaml/files/libyaml-CVE-2014-9130.patch new file mode 100644 index 0000000000..3c4a00ef3e --- /dev/null +++ b/meta-oe/recipes-support/libyaml/files/libyaml-CVE-2014-9130.patch @@ -0,0 +1,32 @@ +# HG changeset patch +# User Kirill Simonov <xi@resolvent.net> +# Date 1417197312 21600 +# Node ID 2b9156756423e967cfd09a61d125d883fca6f4f2 +# Parent 053f53a381ff6adbbc93a31ab7fdee06a16c8a33 +Removed invalid simple key assertion (thank to Jonathan Gray). + +The patch comes from + +https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2 + +Upstream-Status: Backport + +Signed-off-by: Yue Tao <yue.tao@windriver.com> + +diff -r 053f53a381ff -r 2b9156756423 src/scanner.c +--- a/src/scanner.c Wed Mar 26 13:55:54 2014 -0500 ++++ b/src/scanner.c Fri Nov 28 11:55:12 2014 -0600 +@@ -1106,13 +1106,6 @@ + && parser->indent == (ptrdiff_t)parser->mark.column); + + /* +- * A simple key is required only when it is the first token in the current +- * line. Therefore it is always allowed. But we add a check anyway. +- */ +- +- assert(parser->simple_key_allowed || !required); /* Impossible. */ +- +- /* + * If the current position may start a simple key, save it. + */ + diff --git a/meta-oe/recipes-support/libyaml/libyaml_0.1.6.bb b/meta-oe/recipes-support/libyaml/libyaml_0.1.6.bb index 8a624f7f9b..b0155774d2 100644 --- a/meta-oe/recipes-support/libyaml/libyaml_0.1.6.bb +++ b/meta-oe/recipes-support/libyaml/libyaml_0.1.6.bb @@ -8,6 +8,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=6015f088759b10e0bc2bf64898d4ae17" SRC_URI = "http://pyyaml.org/download/libyaml/yaml-${PV}.tar.gz \ + file://libyaml-CVE-2014-9130.patch \ " SRC_URI[md5sum] = "5fe00cda18ca5daeb43762b80c38e06e" |