commit libyaml for openSUSE:Factory

Fri, 19 Dec 2014 00:39:26 -0800 

Hello community,

here is the log from the commit of package libyaml for openSUSE:Factory checked 
in at 2014-12-19 09:39:57
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libyaml (Old)
 and      /work/SRC/openSUSE:Factory/.libyaml.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "libyaml"

Changes:
--------
--- /work/SRC/openSUSE:Factory/libyaml/libyaml.changes  2014-04-01 
11:34:20.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.libyaml.new/libyaml.changes     2014-12-19 
09:38:49.000000000 +0100
@@ -1,0 +2,8 @@
+Wed Dec  3 12:49:34 UTC 2014 - jmassaguer...@suse.com
+
+- fix CVE-2014-9130: libyaml: assert failure when processing
+  wrapped strings (bnc#907809)
+
+  CVE-2014-9130.patch contains the fix
+
+-------------------------------------------------------------------

New:
----
  CVE-2014-9130.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ libyaml.spec ++++++
--- /var/tmp/diff_new_pack.AHbmE6/_old  2014-12-19 09:38:50.000000000 +0100
+++ /var/tmp/diff_new_pack.AHbmE6/_new  2014-12-19 09:38:50.000000000 +0100
@@ -22,6 +22,7 @@
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Url:            http://pyyaml.org/wiki/LibYAML
 Source:         http://pyyaml.org/download/libyaml/yaml-%{version}.tar.gz
+Patch0:         CVE-2014-9130.patch 
 BuildRequires:  pkg-config
 Summary:        A YAML 1.1 parser and emitter written in C
 License:        MIT
@@ -53,6 +54,7 @@
 
 %prep
 %setup -n yaml-%{version}
+%patch0 -p1
 
 %build
 %configure --with-pic --disable-static

++++++ CVE-2014-9130.patch ++++++
diff --git a/src/scanner.c b/src/scanner.c
index 88d4fa5..c5f3d2f 100644
--- a/src/scanner.c
+++ b/src/scanner.c
@@ -1110,7 +1110,9 @@ yaml_parser_save_simple_key(yaml_parser_t *parser)
      * line.  Therefore it is always allowed.  But we add a check anyway.
      */
 
-    assert(parser->simple_key_allowed || !required);    /* Impossible. */
+    /* XXX This caused:
+     * 
https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure
+    assert(parser->simple_key_allowed || !required); */    /* Impossible. */
 
     /*
      * If the current position may start a simple key, save it.

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

Reply via email to