guix-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/01: gnu: libyaml: Fix CVE-2014-9130.

From: Leo Famulari
Subject: 01/01: gnu: libyaml: Fix CVE-2014-9130.
Date: Mon, 30 May 2016 03:48:35 +0000 (UTC) 
lfam pushed a commit to branch master
in repository guix.

commit 0d567b553153921488ddf18879768b4125c9613e
Author: Leo Famulari <address@hidden>
Date:   Sat May 28 01:16:43 2016 -0400

    gnu: libyaml: Fix CVE-2014-9130.
    
    * gnu/packages/patches/libyaml-CVE-2014-9130.patch: New file.
    * gnu/local.mk (dist_patch_DATA): Add it.
    * gnu/packages/web.scm (libyaml): Use it.
---
 gnu/local.mk                                     |    1 +
 gnu/packages/patches/libyaml-CVE-2014-9130.patch |   30 ++++++++++++++++++++++
 gnu/packages/web.scm                             |    1 +
 3 files changed, 32 insertions(+)

diff --git a/gnu/local.mk b/gnu/local.mk
index 8844d1d..eab390d 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -809,6 +809,7 @@ dist_patch_DATA =                                           
\
   %D%/packages/patches/xfce4-session-fix-xflock4.patch         \
   %D%/packages/patches/xfce4-settings-defaults.patch           \
   %D%/packages/patches/xmodmap-asprintf.patch                  \
+  %D%/packages/patches/libyaml-CVE-2014-9130.patch             \
   %D%/packages/patches/zathura-plugindir-environment-variable.patch
 
 MISC_DISTRO_FILES =                            \
diff --git a/gnu/packages/patches/libyaml-CVE-2014-9130.patch 
b/gnu/packages/patches/libyaml-CVE-2014-9130.patch
new file mode 100644
index 0000000..800358c
--- /dev/null
+++ b/gnu/packages/patches/libyaml-CVE-2014-9130.patch
@@ -0,0 +1,30 @@
+Fixes CVE-2014-9130
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9130
+
+Upstream source:
+https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2
+
+# HG changeset patch
+# User Kirill Simonov <address@hidden>
+# Date 1417197312 21600
+# Node ID 2b9156756423e967cfd09a61d125d883fca6f4f2
+# Parent  053f53a381ff6adbbc93a31ab7fdee06a16c8a33
+Removed invalid simple key assertion (thank to Jonathan Gray).
+
+diff --git a/src/scanner.c b/src/scanner.c
+--- a/src/scanner.c
++++ b/src/scanner.c
+@@ -1106,13 +1106,6 @@
+             && parser->indent == (ptrdiff_t)parser->mark.column);
+ 
+     /*
+-     * A simple key is required only when it is the first token in the current
+-     * line.  Therefore it is always allowed.  But we add a check anyway.
+-     */
+-
+-    assert(parser->simple_key_allowed || !required);    /* Impossible. */
+-
+-    /*
+      * If the current position may start a simple key, save it.
+      */
+ 
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 03f15e8..7cadf9b 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -611,6 +611,7 @@ of people.")
        (uri (string-append
              "http://pyyaml.org/download/libyaml/yaml-";
              version ".tar.gz"))
+       (patches (search-patches "libyaml-CVE-2014-9130.patch"))
        (sha256
         (base32
          "0j9731s5zjb8mjx7wzf6vh7bsqi38ay564x6s9nri2nh9cdrg9kx"))))
reply via email to
[Prev in Thread] Current Thread [Next in Thread]