diff options
author | Leo Famulari <leo@famulari.name> | 2016-05-28 01:16:43 -0400 |
---|---|---|
committer | Leo Famulari <leo@famulari.name> | 2016-05-29 23:48:28 -0400 |
commit | 0d567b553153921488ddf18879768b4125c9613e (patch) | |
tree | d13b9bd05fee2dff9dab0e47e71cb67879f9481d | |
parent | d8862778c1b334cefafb92cc88e158b2cdf82a76 (diff) | |
download | guix-0d567b553153921488ddf18879768b4125c9613e.tar guix-0d567b553153921488ddf18879768b4125c9613e.tar.gz |
gnu: libyaml: Fix CVE-2014-9130.
* gnu/packages/patches/libyaml-CVE-2014-9130.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/web.scm (libyaml): Use it.
-rw-r--r-- | gnu/local.mk | 1 | ||||
-rw-r--r-- | gnu/packages/patches/libyaml-CVE-2014-9130.patch | 30 | ||||
-rw-r--r-- | gnu/packages/web.scm | 1 |
3 files changed, 32 insertions, 0 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 8844d1dbdc..eab390d228 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -809,6 +809,7 @@ dist_patch_DATA = \ %D%/packages/patches/xfce4-session-fix-xflock4.patch \ %D%/packages/patches/xfce4-settings-defaults.patch \ %D%/packages/patches/xmodmap-asprintf.patch \ + %D%/packages/patches/libyaml-CVE-2014-9130.patch \ %D%/packages/patches/zathura-plugindir-environment-variable.patch MISC_DISTRO_FILES = \ diff --git a/gnu/packages/patches/libyaml-CVE-2014-9130.patch b/gnu/packages/patches/libyaml-CVE-2014-9130.patch new file mode 100644 index 0000000000..800358c0d6 --- /dev/null +++ b/gnu/packages/patches/libyaml-CVE-2014-9130.patch @@ -0,0 +1,30 @@ +Fixes CVE-2014-9130 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9130 + +Upstream source: +https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2 + +# HG changeset patch +# User Kirill Simonov <xi@resolvent.net> +# Date 1417197312 21600 +# Node ID 2b9156756423e967cfd09a61d125d883fca6f4f2 +# Parent 053f53a381ff6adbbc93a31ab7fdee06a16c8a33 +Removed invalid simple key assertion (thank to Jonathan Gray). + +diff --git a/src/scanner.c b/src/scanner.c +--- a/src/scanner.c ++++ b/src/scanner.c +@@ -1106,13 +1106,6 @@ + && parser->indent == (ptrdiff_t)parser->mark.column); + + /* +- * A simple key is required only when it is the first token in the current +- * line. Therefore it is always allowed. But we add a check anyway. +- */ +- +- assert(parser->simple_key_allowed || !required); /* Impossible. */ +- +- /* + * If the current position may start a simple key, save it. + */ + diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm index 03f15e8bf4..7cadf9b930 100644 --- a/gnu/packages/web.scm +++ b/gnu/packages/web.scm @@ -611,6 +611,7 @@ of people.") (uri (string-append "http://pyyaml.org/download/libyaml/yaml-" version ".tar.gz")) + (patches (search-patches "libyaml-CVE-2014-9130.patch")) (sha256 (base32 "0j9731s5zjb8mjx7wzf6vh7bsqi38ay564x6s9nri2nh9cdrg9kx")))) |