This is an automated email from the git hooks/post-receive script. dmn pushed a commit to branch master in repository libyaml-libyaml-perl.
commit fbaa17a40bf7a90e84403577c45f7b0bacdb8dd3 Author: Damyan Ivanov <d...@debian.org> Date: Sun Jan 21 14:33:46 2018 +0000 use system-wide libyaml instead of a bundled copy the bundled copy is removed from upstream sources via repackaging --- debian/copyright | 47 +++++++------------------- debian/libyaml-libyaml-perl.lintian-overrides | 5 --- debian/patches/libyaml-node-id-hardening.patch | 34 ------------------- debian/patches/series | 2 +- debian/patches/system-libyaml.patch | 31 +++++++++++++++++ debian/rules | 2 ++ 6 files changed, 46 insertions(+), 75 deletions(-) diff --git a/debian/copyright b/debian/copyright index 57b8036..029cbd4 100644 --- a/debian/copyright +++ b/debian/copyright @@ -2,6 +2,18 @@ Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: YAML-LibYAML Upstream-Contact: Ingy döt Net <i...@cpan.org> Source: https://metacpan.org/release/YAML-LibYAML +Files-Excluded: + LibYAML/api.c + LibYAML/config.h + LibYAML/dumper.c + LibYAML/emitter.c + LibYAML/loader.c + LibYAML/parser.c + LibYAML/reader.c + LibYAML/scanner.c + LibYAML/writer.c + LibYAML/yaml.h + LibYAML/yaml_private.h Files: * Copyright: 2007-2016, Ingy döt Net <i...@cpan.org> @@ -22,21 +34,6 @@ Copyright: 2004-2009, Marcus Holland-Moritz <mhx-c...@gmx.net> 1999, Kenneth Albanowski <kja...@kjahds.com> (Version 1.x) License: Artistic or GPL-1+ -Files: - LibYAML/api.c - LibYAML/config.h - LibYAML/dumper.c - LibYAML/emitter.c - LibYAML/loader.c - LibYAML/parser.c - LibYAML/reader.c - LibYAML/scanner.c - LibYAML/writer.c - LibYAML/yaml.h - LibYAML/yaml_private.h -Copyright: 2006, Kirill Simonov -License: Expat - Files: debian/* Copyright: 2009, Ryan Niebur <r...@debian.org> 2010, Jonathan Yu <jaw...@cpan.org> @@ -60,23 +57,3 @@ License: GPL-1+ . On Debian systems, the complete text of version 1 of the GNU General Public License can be found in `/usr/share/common-licenses/GPL-1'. - -License: Expat - Permission is hereby granted, free of charge, to any person obtaining a copy of - this software and associated documentation files (the "Software"), to deal in - the Software without restriction, including without limitation the rights to - use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies - of the Software, and to permit persons to whom the Software is furnished to do - so, subject to the following conditions: - . - The above copyright notice and this permission notice shall be included in all - copies or substantial portions of the Software. - . - THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - SOFTWARE. - diff --git a/debian/libyaml-libyaml-perl.lintian-overrides b/debian/libyaml-libyaml-perl.lintian-overrides deleted file mode 100644 index 19fdc60..0000000 --- a/debian/libyaml-libyaml-perl.lintian-overrides +++ /dev/null @@ -1,5 +0,0 @@ -# (overriding since this is an ftp-master auto-reject reason) -# lintian is correct here but the embedded library is not a regression -# and we're working on getting rid of it: -# https://bugs.debian.org/664224 and https://github.com/ingydotnet/yaml-libyaml-pm/issues/49 -libyaml-libyaml-perl: embedded-library usr/lib/*/YAML/XS/LibYAML/LibYAML.so: libyaml diff --git a/debian/patches/libyaml-node-id-hardening.patch b/debian/patches/libyaml-node-id-hardening.patch deleted file mode 100644 index c92d372..0000000 --- a/debian/patches/libyaml-node-id-hardening.patch +++ /dev/null @@ -1,34 +0,0 @@ -Description: CVE-2013-6393: yaml_stack_extend: guard against integer overflow - This is a hardening patch also from Florian Weimer - <fwei...@redhat.com>. It is not required to fix this CVE however it - improves the robustness of the code against future issues by avoiding - large node ID's in a central place. -Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1033990 -Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1033990 -Last-Update: 2014-01-29 ---- -# HG changeset patch -# User Florian Weimer <fwei...@redhat.com> -# Date 1389274355 -3600 -# Thu Jan 09 14:32:35 2014 +0100 -# Node ID 034d7a91581ac930e5958683f1a06f41e96d24a2 -# Parent a54d7af707f25dc298a7be60fd152001d2b3035b -yaml_stack_extend: guard against integer overflow - -diff --git a/src/api.c b/src/api.c ---- a/LibYAML/api.c -+++ b/LibYAML/api.c -@@ -117,7 +117,12 @@ - YAML_DECLARE(int) - yaml_stack_extend(void **start, void **top, void **end) - { -- void *new_start = yaml_realloc(*start, ((char *)*end - (char *)*start)*2); -+ void *new_start; -+ -+ if ((char *)*end - (char *)*start >= INT_MAX / 2) -+ return 0; -+ -+ new_start = yaml_realloc(*start, ((char *)*end - (char *)*start)*2); - - if (!new_start) return 0; - diff --git a/debian/patches/series b/debian/patches/series index 43edb66..8c3691c 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,3 +1,3 @@ disable-update.sh.patch -libyaml-node-id-hardening.patch Load-B-Deparse-at-runtime.patch +system-libyaml.patch diff --git a/debian/patches/system-libyaml.patch b/debian/patches/system-libyaml.patch new file mode 100644 index 0000000..b0818b9 --- /dev/null +++ b/debian/patches/system-libyaml.patch @@ -0,0 +1,31 @@ +--- a/LibYAML/Makefile.PL ++++ b/LibYAML/Makefile.PL +@@ -11,7 +11,7 @@ my $obj_files = join ' ', map { + my $c = $_; + $c =~ s/\.c$/$Config::Config{_o}/; + $c; +-} glob("*.c"), 'LibYAML.c'; ++} glob("*.c"); + + my $DEFINE = $^O eq 'MSWin32' + ? '-DHAVE_CONFIG_H -DYAML_DECLARE_EXPORT' +@@ -24,7 +24,7 @@ WriteMakefile( + # CCFLAGS => '-pedantic -Wall', + # CCFLAGS => '-Wall', + DEFINE => $DEFINE, +- LIBS => [''], # e.g., '-lm' ++ LIBS => ['-lyaml'], # e.g., '-lm' + INC => '-I.', + OBJECT => $obj_files, + ABSTRACT_FROM => 'lib/YAML/XS/LibYAML.pm', +--- a/LibYAML/perl_libyaml.c ++++ b/LibYAML/perl_libyaml.c +@@ -659,6 +659,8 @@ dump_document(perl_yaml_dumper_t *dumper + yaml_emitter_emit(&dumper->emitter, &event_document_start); + dump_node(dumper, node); + yaml_document_end_event_initialize(&event_document_end, 1); ++ // suppress end-of-document marker ('...') ++ dumper->emitter.open_ended = 0; + yaml_emitter_emit(&dumper->emitter, &event_document_end); + } + diff --git a/debian/rules b/debian/rules index 73c5dbc..d8ba275 100755 --- a/debian/rules +++ b/debian/rules @@ -2,5 +2,7 @@ export DEB_BUILD_MAINT_OPTIONS = hardening=+bindnow +export USE_SYSTEM_LIBYAML = 1 + %: dh $@ -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libyaml-libyaml-perl.git _______________________________________________ Pkg-perl-cvs-commits mailing list Pkg-perl-cvs-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-perl-cvs-commits