Hello community, here is the log from the commit of package libyaml.2556 for openSUSE:13.1:Update checked in at 2014-02-21 17:43:32 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1:Update/libyaml.2556 (Old) and /work/SRC/openSUSE:13.1:Update/.libyaml.2556.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libyaml.2556" Changes: -------- New Changes file: --- /dev/null 2014-02-13 01:09:38.344032506 +0100 +++ /work/SRC/openSUSE:13.1:Update/.libyaml.2556.new/libyaml.changes 2014-02-21 17:43:33.000000000 +0100 @@ -0,0 +1,30 @@ +------------------------------------------------------------------- +Fri Feb 7 14:50:25 UTC 2014 - [email protected] + +- fix CVE-2013-6393: libyaml: heap based buffer, overflow due to + integer misuse, bnc#860617 + +- added patches: + * CVE-2013-6393.patch +------------------------------------------------------------------- +Tue Mar 26 12:25:02 UTC 2013 - [email protected] + +- update to 0.1.4: + * documentation update + * add pkgconfig support + +------------------------------------------------------------------- +Sun Jan 29 21:44:24 UTC 2012 - [email protected] + +- Remove redundant tags/sections per specfile guideline suggestions + +------------------------------------------------------------------- +Wed Feb 9 19:05:55 UTC 2011 - [email protected] + +- fixed erroneous license from GPLv2 to MIT, bnc#670525 + +------------------------------------------------------------------- +Tue Apr 6 22:55:47 UTC 2010 - [email protected] + +- initial package of version 0.1.3 + New: ---- CVE-2013-6393.patch libyaml.changes libyaml.spec yaml-0.1.4.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libyaml.spec ++++++ # # spec file for package libyaml # # Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: libyaml Version: 0.1.4 Release: 0 # # BuildRoot: %{_tmppath}/%{name}-%{version}-build # Url: http://pyyaml.org/wiki/LibYAML Source: http://pyyaml.org/download/libyaml/yaml-%{version}.tar.gz Patch: CVE-2013-6393.patch # Summary: A YAML 1.1 parser and emitter written in C License: MIT Group: Development/Libraries/C and C++ %description A YAML 1.1 parser and emitter written in C %define lib_name libyaml-0-2 %package -n %{lib_name} # Summary: Shared library from libyaml Group: Development/Libraries/C and C++ %description -n %{lib_name} A YAML 1.1 parser and emitter written in C This package holds the shared library of libyaml. %package devel Requires: %{lib_name} = %{version} # Summary: Development files for libyaml Group: Development/Libraries/C and C++ %description devel A YAML 1.1 parser and emitter written in C This package holds the development files for libyaml. %prep %setup -n yaml-%{version} %patch -p1 %build %configure --with-pic --disable-static make %{?_smp_flags} %install %makeinstall find %{buildroot} -name \*.la -delete -print %check make check %post -n %{lib_name} -p /sbin/ldconfig %postun -n %{lib_name} -p /sbin/ldconfig %files -n %{lib_name} %defattr(-,root,root,-) %{_libdir}/libyaml-0.so.2 %{_libdir}/libyaml-0.so.2.0.* %files devel %defattr(-,root,root,-) %{_includedir}/yaml.h %{_libdir}/libyaml.so %{_libdir}/pkgconfig/yaml-0.1.pc %changelog ++++++ CVE-2013-6393.patch ++++++ diff -Naur a/src/api.c b/src/api.c --- a/src/api.c 2014-02-07 15:08:50.989301858 +0100 +++ b/src/api.c 2014-02-07 15:09:12.976302188 +0100 @@ -117,7 +117,12 @@ YAML_DECLARE(int) yaml_stack_extend(void **start, void **top, void **end) { - void *new_start = yaml_realloc(*start, ((char *)*end - (char *)*start)*2); + void *new_start; + + if ((char *)*end - (char *)*start >= INT_MAX / 2) + return 0; + + new_start = yaml_realloc(*start, ((char *)*end - (char *)*start)*2); if (!new_start) return 0; diff -Naur a/src/scanner.c b/src/scanner.c --- a/src/scanner.c 2014-02-07 15:08:50.989301858 +0100 +++ b/src/scanner.c 2014-02-07 15:09:18.329302268 +0100 @@ -615,11 +615,14 @@ */ static int -yaml_parser_roll_indent(yaml_parser_t *parser, int column, +yaml_parser_roll_indent(yaml_parser_t *parser, size_t column, int number, yaml_token_type_t type, yaml_mark_t mark); static int -yaml_parser_unroll_indent(yaml_parser_t *parser, int column); +yaml_parser_unroll_indent(yaml_parser_t *parser, size_t column); + +static int +yaml_parser_reset_indent(yaml_parser_t *parser); /* * Token fetchers. @@ -1206,7 +1209,7 @@ */ static int -yaml_parser_roll_indent(yaml_parser_t *parser, int column, +yaml_parser_roll_indent(yaml_parser_t *parser, size_t column, int number, yaml_token_type_t type, yaml_mark_t mark) { yaml_token_t token; @@ -1216,7 +1219,7 @@ if (parser->flow_level) return 1; - if (parser->indent < column) + if (parser->indent == -1 || parser->indent < column) { /* * Push the current indentation level to the stack and set the new @@ -1254,7 +1257,7 @@ static int -yaml_parser_unroll_indent(yaml_parser_t *parser, int column) +yaml_parser_unroll_indent(yaml_parser_t *parser, size_t column) { yaml_token_t token; @@ -1263,6 +1266,15 @@ if (parser->flow_level) return 1; + /* + * column is unsigned and parser->indent is signed, so if + * parser->indent is less than zero the conditional in the while + * loop below is incorrect. Guard against that. + */ + + if (parser->indent < 0) + return 1; + /* Loop through the intendation levels in the stack. */ while (parser->indent > column) @@ -1283,6 +1295,41 @@ } /* + * Pop indentation levels from the indents stack until the current + * level resets to -1. For each intendation level, append the + * BLOCK-END token. + */ + +static int +yaml_parser_reset_indent(yaml_parser_t *parser) +{ + yaml_token_t token; + + /* In the flow context, do nothing. */ + + if (parser->flow_level) + return 1; + + /* Loop through the intendation levels in the stack. */ + + while (parser->indent > -1) + { + /* Create a token and append it to the queue. */ + + TOKEN_INIT(token, YAML_BLOCK_END_TOKEN, parser->mark, parser->mark); + + if (!ENQUEUE(parser, parser->tokens, token)) + return 0; + + /* Pop the indentation level. */ + + parser->indent = POP(parser, parser->indents); + } + + return 1; +} + +/* * Initialize the scanner and produce the STREAM-START token. */ @@ -1338,7 +1385,7 @@ /* Reset the indentation level. */ - if (!yaml_parser_unroll_indent(parser, -1)) + if (!yaml_parser_reset_indent(parser)) return 0; /* Reset simple keys. */ @@ -1369,7 +1416,7 @@ /* Reset the indentation level. */ - if (!yaml_parser_unroll_indent(parser, -1)) + if (!yaml_parser_reset_indent(parser)) return 0; /* Reset simple keys. */ @@ -1407,7 +1454,7 @@ /* Reset the indentation level. */ - if (!yaml_parser_unroll_indent(parser, -1)) + if (!yaml_parser_reset_indent(parser)) return 0; /* Reset simple keys. */ @@ -2574,7 +2621,7 @@ /* Resize the string to include the head. */ - while (string.end - string.start <= (int)length) { + while ((size_t)(string.end - string.start) <= length) { if (!yaml_string_extend(&string.start, &string.pointer, &string.end)) { parser->error = YAML_MEMORY_ERROR; goto error; -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
