commit libyaml for openSUSE:Factory
Hello community, here is the log from the commit of package libyaml for openSUSE:Factory checked in at 2014-12-19 09:39:57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libyaml (Old) and /work/SRC/openSUSE:Factory/.libyaml.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "libyaml" Changes: -------- --- /work/SRC/openSUSE:Factory/libyaml/libyaml.changes 2014-04-01 11:34:20.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.libyaml.new/libyaml.changes 2014-12-19 09:38:49.000000000 +0100 @@ -1,0 +2,8 @@ +Wed Dec 3 12:49:34 UTC 2014 - jmassaguerpla@suse.com + +- fix CVE-2014-9130: libyaml: assert failure when processing + wrapped strings (bnc#907809) + + CVE-2014-9130.patch contains the fix + +------------------------------------------------------------------- New: ---- CVE-2014-9130.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libyaml.spec ++++++ --- /var/tmp/diff_new_pack.AHbmE6/_old 2014-12-19 09:38:50.000000000 +0100 +++ /var/tmp/diff_new_pack.AHbmE6/_new 2014-12-19 09:38:50.000000000 +0100 @@ -22,6 +22,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build Url: http://pyyaml.org/wiki/LibYAML Source: http://pyyaml.org/download/libyaml/yaml-%{version}.tar.gz +Patch0: CVE-2014-9130.patch BuildRequires: pkg-config Summary: A YAML 1.1 parser and emitter written in C License: MIT @@ -53,6 +54,7 @@ %prep %setup -n yaml-%{version} +%patch0 -p1 %build %configure --with-pic --disable-static ++++++ CVE-2014-9130.patch ++++++ diff --git a/src/scanner.c b/src/scanner.c index 88d4fa5..c5f3d2f 100644 --- a/src/scanner.c +++ b/src/scanner.c @@ -1110,7 +1110,9 @@ yaml_parser_save_simple_key(yaml_parser_t *parser) * line. Therefore it is always allowed. But we add a check anyway. */ - assert(parser->simple_key_allowed || !required); /* Impossible. */ + /* XXX This caused: + * https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failu... + assert(parser->simple_key_allowed || !required); */ /* Impossible. */ /* * If the current position may start a simple key, save it. -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@hilbert.suse.de