commit e0af22d30128f463a36d7fc384a3915ed6a577b8
Author: Paul Howarth <paul@xxxxxxxxxxxx>
Date: Tue Dec 2 12:36:15 2014 +0000
Fix assert failure when parsing wrapped strings (CVE-2014-9130)
YAML-LibYAML-0.38-CVE-2014-9130.patch | 28 ++++++++++++++++++++++++++++
perl-YAML-LibYAML.spec | 11 ++++++++++-
2 files changed, 38 insertions(+), 1 deletions(-)
---
diff --git a/YAML-LibYAML-0.38-CVE-2014-9130.patch b/YAML-LibYAML-0.38-CVE-2014-9130.patch
new file mode 100644
index 0000000..00e15f3
--- /dev/null
+++ b/YAML-LibYAML-0.38-CVE-2014-9130.patch
@@ -0,0 +1,28 @@
+From e6aa721cc0e5a48f408c52355559fd36780ba32a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ingy=20d=C3=B6t=20Net?= <ingy@xxxxxxxx>
+Date: Fri, 28 Nov 2014 09:21:49 -0800
+Subject: [PATCH] Fix for https://bitbucket.org/xi/libyaml/issue/10/
+
+https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure
+
+Commenting out the assert makes the scanner do the right thing and
+results in just a simple parse failure.
+---
+ src/scanner.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/scanner.c b/src/scanner.c
+index 88d4fa5..c5f3d2f 100644
+--- a/src/scanner.c
++++ b/src/scanner.c
+@@ -1110,7 +1110,9 @@ yaml_parser_save_simple_key(yaml_parser_t *parser)
+ * line. Therefore it is always allowed. But we add a check anyway.
+ */
+
+- assert(parser->simple_key_allowed || !required); /* Impossible. */
++ /* XXX This caused:
++ * https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure
++ assert(parser->simple_key_allowed || !required); */ /* Impossible. */
+
+ /*
+ * If the current position may start a simple key, save it.
diff --git a/perl-YAML-LibYAML.spec b/perl-YAML-LibYAML.spec
index f069d96..dbfa9bb 100644
--- a/perl-YAML-LibYAML.spec
+++ b/perl-YAML-LibYAML.spec
@@ -1,6 +1,6 @@
Name: perl-YAML-LibYAML
Version: 0.38
-Release: 4%{?dist}
+Release: 5%{?dist}
Summary: Perl YAML Serialization using XS and libyaml
License: GPL+ or Artistic
Group: Development/Libraries
@@ -9,6 +9,7 @@ Source0: http://search.cpan.org/CPAN/authors/id/I/IN/INGY/YAML-LibYAML-%{
Patch0: YAML-LibYAML-0.35-format-error.patch
Patch1: YAML-LibYAML-0.38-CVE-2014-2525.patch
Patch2: YAML-LibYAML-0.38-CVE-2013-6393.patch
+Patch3: YAML-LibYAML-0.38-CVE-2014-9130.patch
# Install
BuildRequires: perl(Cwd)
@@ -58,6 +59,11 @@ bound to Python and was later bound to Ruby.
# Fix heap-based buffer overflow when parsing YAML tags (CVE-2013-6393)
%patch2
+# Fix for assert failure when parsing wrapped strings (CVE-2014-9130)
+cd LibYAML
+%patch3 -p2
+cd -
+
%build
perl Makefile.PL INSTALLDIRS=vendor OPTIMIZE="%{optflags}"
make %{?_smp_mflags}
@@ -79,6 +85,9 @@ make test
%{_mandir}/man3/YAML::XS::LibYAML.3pm*
%changelog
+* Tue Dec 2 2014 Paul Howarth <paul@xxxxxxxxxxxx> - 0.38-5
+- Fix assert failure when parsing wrapped strings (CVE-2014-9130)
+
* Thu Mar 27 2014 Paul Howarth <paul@xxxxxxxxxxxx> - 0.38-4
- Fix LibYAML input sanitization errors (CVE-2014-2525)
- Fix heap-based buffer overflow when parsing YAML tags (CVE-2013-6393)
--
Fedora Extras Perl SIG
http://www.fedoraproject.org/wiki/Extras/SIGs/Perl
perl-devel mailing list
perl-devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/perl-devel
