Hello community, here is the log from the commit of package libyaml.2631 for openSUSE:12.3:Update checked in at 2014-03-17 09:56:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.3:Update/libyaml.2631 (Old) and /work/SRC/openSUSE:12.3:Update/.libyaml.2631.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libyaml.2631" Changes: -------- New Changes file: --- /dev/null 2014-02-13 01:09:38.344032506 +0100 +++ /work/SRC/openSUSE:12.3:Update/.libyaml.2631.new/libyaml.changes 2014-03-17 09:56:50.000000000 +0100 @@ -0,0 +1,26 @@ +------------------------------------------------------------------- +Fri Mar 7 16:42:40 UTC 2014 - [email protected] + +- fix regression introduced by the patch. see + https://bugzilla.novell.com/show_bug.cgi?id=860617#c17 + +- modified patches: + * CVE-2013-6393.patch +------------------------------------------------------------------- +Fri Feb 7 14:11:39 UTC 2014 - [email protected] + +- fix CVE-2013-6393: libyaml: heap based buffer, overflow due to + integer misuse, bnc#860617 + +- added patches: + * CVE-2013-6393.patch +------------------------------------------------------------------- +Wed Feb 9 19:05:55 UTC 2011 - [email protected] + +- fixed erroneous license from GPLv2 to MIT, bnc#670525 + +------------------------------------------------------------------- +Tue Apr 6 22:55:47 UTC 2010 - [email protected] + +- initial package of version 0.1.3 + New: ---- CVE-2013-6393.patch libyaml.changes libyaml.spec yaml-0.1.3.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libyaml.spec ++++++ # # spec file for package libyaml # # Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: libyaml Version: 0.1.3 Release: 0 # # BuildRoot: %{_tmppath}/%{name}-%{version}-build # Url: http://pyyaml.org/wiki/LibYAML Source: http://pyyaml.org/download/libyaml/yaml-0.1.3.tar.gz Patch: CVE-2013-6393.patch # Summary: A YAML 1.1 parser and emitter written in C License: MIT Group: Development/Libraries/C and C++ %description A YAML 1.1 parser and emitter written in C %define lib_name libyaml-0-2 %package -n %{lib_name} # Summary: Shared library from libyaml Group: Development/Libraries/C and C++ %description -n %{lib_name} A YAML 1.1 parser and emitter written in C This package holds the shared library of libyaml. %package devel Requires: %{lib_name} = %{version} # Summary: Development files for libyaml Group: Development/Libraries/C and C++ %description devel A YAML 1.1 parser and emitter written in C This package holds the development files for libyaml. %prep %setup -n yaml-%{version} %patch -p1 %build %configure --with-pic --disable-static make %{?_smp_flags} %install %makeinstall find %{buildroot} -name \*.la -delete -print %check make check %clean rm -rf %{buildroot} %post -n %{lib_name} -p /sbin/ldconfig %postun -n %{lib_name} -p /sbin/ldconfig %files -n %{lib_name} %defattr(-,root,root,-) %{_libdir}/libyaml-0.so.2 %{_libdir}/libyaml-0.so.2.0.1 %files devel %defattr(-,root,root,-) %{_includedir}/yaml.h %{_libdir}/libyaml.so %changelog ++++++ CVE-2013-6393.patch ++++++ diff -Naur a/src/api.c b/src/api.c --- a/src/api.c 2009-08-30 21:50:47.000000000 +0200 +++ b/src/api.c 2014-03-07 17:33:59.345442851 +0100 @@ -117,7 +117,12 @@ YAML_DECLARE(int) yaml_stack_extend(void **start, void **top, void **end) { - void *new_start = yaml_realloc(*start, ((char *)*end - (char *)*start)*2); + void *new_start; + + if ((char *)*end - (char *)*start >= INT_MAX / 2) + return 0; + + new_start = yaml_realloc(*start, ((char *)*end - (char *)*start)*2); if (!new_start) return 0; diff -Naur a/src/scanner.c b/src/scanner.c --- a/src/scanner.c 2009-08-30 21:50:47.000000000 +0200 +++ b/src/scanner.c 2014-03-07 17:34:08.431442987 +0100 @@ -615,11 +615,11 @@ */ static int -yaml_parser_roll_indent(yaml_parser_t *parser, int column, - int number, yaml_token_type_t type, yaml_mark_t mark); +yaml_parser_roll_indent(yaml_parser_t *parser, ptrdiff_t column, + ptrdiff_t number, yaml_token_type_t type, yaml_mark_t mark); static int -yaml_parser_unroll_indent(yaml_parser_t *parser, int column); +yaml_parser_unroll_indent(yaml_parser_t *parser, ptrdiff_t column); /* * Token fetchers. @@ -1103,7 +1103,7 @@ */ int required = (!parser->flow_level - && parser->indent == (int)parser->mark.column); + && parser->indent == (ptrdiff_t)parser->mark.column); /* * A simple key is required only when it is the first token in the current @@ -1176,6 +1176,11 @@ /* Increase the flow level. */ + if (parser->flow_level == INT_MAX) { + parser->error = YAML_MEMORY_ERROR; + return 0; + } + parser->flow_level++; return 1; @@ -1206,8 +1211,8 @@ */ static int -yaml_parser_roll_indent(yaml_parser_t *parser, int column, - int number, yaml_token_type_t type, yaml_mark_t mark) +yaml_parser_roll_indent(yaml_parser_t *parser, ptrdiff_t column, + ptrdiff_t number, yaml_token_type_t type, yaml_mark_t mark) { yaml_token_t token; @@ -1226,6 +1231,11 @@ if (!PUSH(parser, parser->indents, parser->indent)) return 0; + if (column > INT_MAX) { + parser->error = YAML_MEMORY_ERROR; + return 0; + } + parser->indent = column; /* Create a token and insert it into the queue. */ @@ -1254,7 +1264,7 @@ static int -yaml_parser_unroll_indent(yaml_parser_t *parser, int column) +yaml_parser_unroll_indent(yaml_parser_t *parser, ptrdiff_t column) { yaml_token_t token; @@ -2574,7 +2584,7 @@ /* Resize the string to include the head. */ - while (string.end - string.start <= (int)length) { + while ((size_t)(string.end - string.start) <= length) { if (!yaml_string_extend(&string.start, &string.pointer, &string.end)) { parser->error = YAML_MEMORY_ERROR; goto error; diff -Naur a/src/yaml_private.h b/src/yaml_private.h --- a/src/yaml_private.h 2009-08-30 21:50:47.000000000 +0200 +++ b/src/yaml_private.h 2014-03-07 17:34:04.399442926 +0100 @@ -7,6 +7,7 @@ #include <assert.h> #include <limits.h> +#include <stddef.h> /* * Memory management. -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
