Hello community, here is the log from the commit of package libyaml.2694 for openSUSE:12.3:Update checked in at 2014-04-09 18:04:29 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.3:Update/libyaml.2694 (Old) and /work/SRC/openSUSE:12.3:Update/.libyaml.2694.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libyaml.2694" Changes: -------- New Changes file: --- /dev/null 2014-02-13 01:09:38.344032506 +0100 +++ /work/SRC/openSUSE:12.3:Update/.libyaml.2694.new/libyaml.changes 2014-04-09 18:04:30.000000000 +0200 @@ -0,0 +1,33 @@ +------------------------------------------------------------------- +Wed Mar 19 15:42:14 UTC 2014 - jmassaguer...@suse.com + +- fix CVE-2014-2525: libyaml: heap overflow during parsing (bnc#868944) + +- added patches: + * CVE-2014-2525.patch +------------------------------------------------------------------- +Fri Mar 7 16:42:40 UTC 2014 - jmassaguer...@suse.com + +- fix regression introduced by the patch. see + https://bugzilla.novell.com/show_bug.cgi?id=860617#c17 + +- modified patches: + * CVE-2013-6393.patch +------------------------------------------------------------------- +Fri Feb 7 14:11:39 UTC 2014 - jmassaguer...@suse.com + +- fix CVE-2013-6393: libyaml: heap based buffer, overflow due to + integer misuse, bnc#860617 + +- added patches: + * CVE-2013-6393.patch +------------------------------------------------------------------- +Wed Feb 9 19:05:55 UTC 2011 - pascal.ble...@opensuse.org + +- fixed erroneous license from GPLv2 to MIT, bnc#670525 + +------------------------------------------------------------------- +Tue Apr 6 22:55:47 UTC 2010 - mrueck...@suse.de + +- initial package of version 0.1.3 + New: ---- CVE-2013-6393.patch CVE-2014-2525.patch libyaml.changes libyaml.spec yaml-0.1.3.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libyaml.spec ++++++ # # spec file for package libyaml # # Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: libyaml Version: 0.1.3 Release: 0 # # BuildRoot: %{_tmppath}/%{name}-%{version}-build # Url: http://pyyaml.org/wiki/LibYAML Source: http://pyyaml.org/download/libyaml/yaml-0.1.3.tar.gz Patch: CVE-2013-6393.patch Patch1: CVE-2014-2525.patch # Summary: A YAML 1.1 parser and emitter written in C License: MIT Group: Development/Libraries/C and C++ %description A YAML 1.1 parser and emitter written in C %define lib_name libyaml-0-2 %package -n %{lib_name} # Summary: Shared library from libyaml Group: Development/Libraries/C and C++ %description -n %{lib_name} A YAML 1.1 parser and emitter written in C This package holds the shared library of libyaml. %package devel Requires: %{lib_name} = %{version} # Summary: Development files for libyaml Group: Development/Libraries/C and C++ %description devel A YAML 1.1 parser and emitter written in C This package holds the development files for libyaml. %prep %setup -n yaml-%{version} %patch -p1 %patch1 -p1 %build %configure --with-pic --disable-static make %{?_smp_flags} %install %makeinstall find %{buildroot} -name \*.la -delete -print %check make check %clean rm -rf %{buildroot} %post -n %{lib_name} -p /sbin/ldconfig %postun -n %{lib_name} -p /sbin/ldconfig %files -n %{lib_name} %defattr(-,root,root,-) %{_libdir}/libyaml-0.so.2 %{_libdir}/libyaml-0.so.2.0.1 %files devel %defattr(-,root,root,-) %{_includedir}/yaml.h %{_libdir}/libyaml.so %changelog ++++++ CVE-2013-6393.patch ++++++ diff -Naur a/src/api.c b/src/api.c --- a/src/api.c 2009-08-30 21:50:47.000000000 +0200 +++ b/src/api.c 2014-03-07 17:33:59.345442851 +0100 @@ -117,7 +117,12 @@ YAML_DECLARE(int) yaml_stack_extend(void **start, void **top, void **end) { - void *new_start = yaml_realloc(*start, ((char *)*end - (char *)*start)*2); + void *new_start; + + if ((char *)*end - (char *)*start >= INT_MAX / 2) + return 0; + + new_start = yaml_realloc(*start, ((char *)*end - (char *)*start)*2); if (!new_start) return 0; diff -Naur a/src/scanner.c b/src/scanner.c --- a/src/scanner.c 2009-08-30 21:50:47.000000000 +0200 +++ b/src/scanner.c 2014-03-07 17:34:08.431442987 +0100 @@ -615,11 +615,11 @@ */ static int -yaml_parser_roll_indent(yaml_parser_t *parser, int column, - int number, yaml_token_type_t type, yaml_mark_t mark); +yaml_parser_roll_indent(yaml_parser_t *parser, ptrdiff_t column, + ptrdiff_t number, yaml_token_type_t type, yaml_mark_t mark); static int -yaml_parser_unroll_indent(yaml_parser_t *parser, int column); +yaml_parser_unroll_indent(yaml_parser_t *parser, ptrdiff_t column); /* * Token fetchers. @@ -1103,7 +1103,7 @@ */ int required = (!parser->flow_level - && parser->indent == (int)parser->mark.column); + && parser->indent == (ptrdiff_t)parser->mark.column); /* * A simple key is required only when it is the first token in the current @@ -1176,6 +1176,11 @@ /* Increase the flow level. */ + if (parser->flow_level == INT_MAX) { + parser->error = YAML_MEMORY_ERROR; + return 0; + } + parser->flow_level++; return 1; @@ -1206,8 +1211,8 @@ */ static int -yaml_parser_roll_indent(yaml_parser_t *parser, int column, - int number, yaml_token_type_t type, yaml_mark_t mark) +yaml_parser_roll_indent(yaml_parser_t *parser, ptrdiff_t column, + ptrdiff_t number, yaml_token_type_t type, yaml_mark_t mark) { yaml_token_t token; @@ -1226,6 +1231,11 @@ if (!PUSH(parser, parser->indents, parser->indent)) return 0; + if (column > INT_MAX) { + parser->error = YAML_MEMORY_ERROR; + return 0; + } + parser->indent = column; /* Create a token and insert it into the queue. */ @@ -1254,7 +1264,7 @@ static int -yaml_parser_unroll_indent(yaml_parser_t *parser, int column) +yaml_parser_unroll_indent(yaml_parser_t *parser, ptrdiff_t column) { yaml_token_t token; @@ -2574,7 +2584,7 @@ /* Resize the string to include the head. */ - while (string.end - string.start <= (int)length) { + while ((size_t)(string.end - string.start) <= length) { if (!yaml_string_extend(&string.start, &string.pointer, &string.end)) { parser->error = YAML_MEMORY_ERROR; goto error; diff -Naur a/src/yaml_private.h b/src/yaml_private.h --- a/src/yaml_private.h 2009-08-30 21:50:47.000000000 +0200 +++ b/src/yaml_private.h 2014-03-07 17:34:04.399442926 +0100 @@ -7,6 +7,7 @@ #include <assert.h> #include <limits.h> +#include <stddef.h> /* * Memory management. ++++++ CVE-2014-2525.patch ++++++ diff -Naur a/src/scanner.c b/src/scanner.c --- a/src/scanner.c 2014-03-19 13:11:22.817162337 +0100 +++ b/src/scanner.c 2014-03-19 13:11:35.733162531 +0100 @@ -2619,6 +2619,9 @@ /* Check if it is a URI-escape sequence. */ if (CHECK(parser->buffer, '%')) { + if (!STRING_EXTEND(parser, string)) + goto error; + if (!yaml_parser_scan_uri_escapes(parser, directive, start_mark, &string)) goto error; } diff -Naur a/src/yaml_private.h b/src/yaml_private.h --- a/src/yaml_private.h 2014-03-19 13:11:22.816162337 +0100 +++ b/src/yaml_private.h 2014-03-19 13:11:35.734162531 +0100 @@ -132,9 +132,12 @@ (string).start = (string).pointer = (string).end = 0) #define STRING_EXTEND(context,string) \ - (((string).pointer+5 < (string).end) \ + ((((string).pointer+5 < (string).end) \ || yaml_string_extend(&(string).start, \ - &(string).pointer, &(string).end)) + &(string).pointer, &(string).end)) ? \ + 1 : \ + ((context)->error = YAML_MEMORY_ERROR, \ + 0)) #define CLEAR(context,string) \ ((string).pointer = (string).start, \ -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
