[libyaml-libyaml-perl] 03/07: Drop a bunch of patches which all have been applied upstream.
gregor herrmann
gregoa at debian.org
Sun Feb 14 15:11:19 UTC 2016
This is an automated email from the git hooks/post-receive script.
gregoa pushed a commit to branch master
in repository libyaml-libyaml-perl.
commit b577019bbf0f8c3d1b6fca43a219663399bde21b
Author: gregor herrmann <gregoa at debian.org>
Date: Sun Feb 14 15:45:47 2016 +0100
Drop a bunch of patches which all have been applied upstream.
---
debian/patches/CVE-2014-2525.patch | 35 ---------
debian/patches/CVE-2014-9130.patch | 26 -------
debian/patches/fix_ftbfs_hardening_flags.diff | 42 -----------
...gainst-overflows-in-indent-and-flow_level.patch | 86 ----------------------
debian/patches/libyaml-string-overflow.patch | 26 -------
debian/patches/series | 5 --
6 files changed, 220 deletions(-)
diff --git a/debian/patches/CVE-2014-2525.patch b/debian/patches/CVE-2014-2525.patch
deleted file mode 100644
index c0f3226..0000000
--- a/debian/patches/CVE-2014-2525.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-Description: CVE-2014-2525: Heap overflow when parsing YAML tags
- The heap overflow is caused by not properly expanding a string before
- writing to it in function yaml_parser_scan_uri_escapes in scanner.c.
-Origin: upstream
-Last-Update: 2014-03-23
-
---- a/LibYAML/scanner.c
-+++ b/LibYAML/scanner.c
-@@ -2629,6 +2629,9 @@
- /* Check if it is a URI-escape sequence. */
-
- if (CHECK(parser->buffer, '%')) {
-+ if (!STRING_EXTEND(parser, string))
-+ goto error;
-+
- if (!yaml_parser_scan_uri_escapes(parser,
- directive, start_mark, &string)) goto error;
- }
---- a/LibYAML/yaml_private.h
-+++ b/LibYAML/yaml_private.h
-@@ -134,9 +134,12 @@
- (string).start = (string).pointer = (string).end = 0)
-
- #define STRING_EXTEND(context,string) \
-- (((string).pointer+5 < (string).end) \
-+ ((((string).pointer+5 < (string).end) \
- || yaml_string_extend(&(string).start, \
-- &(string).pointer, &(string).end))
-+ &(string).pointer, &(string).end)) ? \
-+ 1 : \
-+ ((context)->error = YAML_MEMORY_ERROR, \
-+ 0))
-
- #define CLEAR(context,string) \
- ((string).pointer = (string).start, \
diff --git a/debian/patches/CVE-2014-9130.patch b/debian/patches/CVE-2014-9130.patch
deleted file mode 100644
index 3528d7f..0000000
--- a/debian/patches/CVE-2014-9130.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-Description: Remove invalid simple key assertion
- CVE-2014-9130: denial-of-service/application crash with untrusted
- yaml input
-Origin: upstream, https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2
-Bug: https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure
-Bug-Debian: https://bugs.debian.org/771365
-Forwarded: no
-Author: Salvatore Bonaccorso <carnil at debian.org>
-Last-Update: 2014-11-29
-
---- a/LibYAML/scanner.c
-+++ b/LibYAML/scanner.c
-@@ -1106,13 +1106,6 @@ yaml_parser_save_simple_key(yaml_parser_
- && parser->indent == (ptrdiff_t)parser->mark.column);
-
- /*
-- * A simple key is required only when it is the first token in the current
-- * line. Therefore it is always allowed. But we add a check anyway.
-- */
--
-- assert(parser->simple_key_allowed || !required); /* Impossible. */
--
-- /*
- * If the current position may start a simple key, save it.
- */
-
diff --git a/debian/patches/fix_ftbfs_hardening_flags.diff b/debian/patches/fix_ftbfs_hardening_flags.diff
deleted file mode 100644
index 1fab025..0000000
--- a/debian/patches/fix_ftbfs_hardening_flags.diff
+++ /dev/null
@@ -1,42 +0,0 @@
-Description: Fix ftbfs with hardening flags (CVE-2012-1152)
-Forwarded: https://rt.cpan.org/Ticket/Display.html?id=75365
-Author: Julián Moreno Patiño <darkjunix at gmail.com>
-Last-Update: 2012-02-28
---- a/LibYAML/perl_libyaml.c
-+++ b/LibYAML/perl_libyaml.c
-@@ -188,7 +188,7 @@
- return;
-
- load_error:
-- croak(loader_error_msg(&loader, NULL));
-+ croak("%s", loader_error_msg(&loader, NULL));
- }
-
- /*
-@@ -271,7 +271,7 @@
- return return_sv;
-
- load_error:
-- croak(loader_error_msg(loader, NULL));
-+ croak("%s", loader_error_msg(loader, NULL));
- }
-
- /*
-@@ -313,7 +313,7 @@
- }
- else if (strlen(tag) <= strlen(prefix) ||
- ! strnEQ(tag, prefix, strlen(prefix))
-- ) croak(
-+ ) croak("%s",
- loader_error_msg(loader, form("bad tag found for hash: '%s'", tag))
- );
- class = tag + strlen(prefix);
-@@ -346,7 +346,7 @@
- prefix = "!";
- else if (strlen(tag) <= strlen(prefix) ||
- ! strnEQ(tag, prefix, strlen(prefix))
-- ) croak(
-+ ) croak("%s",
- loader_error_msg(loader, form("bad tag found for array: '%s'", tag))
- );
- class = tag + strlen(prefix);
diff --git a/debian/patches/libyaml-guard-against-overflows-in-indent-and-flow_level.patch b/debian/patches/libyaml-guard-against-overflows-in-indent-and-flow_level.patch
deleted file mode 100644
index bdf7cb5..0000000
--- a/debian/patches/libyaml-guard-against-overflows-in-indent-and-flow_level.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-Description: Guard against overflows in indent and flow_level
-Origin: upstream, https://bitbucket.org/xi/libyaml/commits/f859ed1eb757a3562b98a28a8ce69274bfd4b3f2,
- https://bitbucket.org/xi/libyaml/commits/af3599437a87162554787c52d8b16eab553f537b
-Last-Update: 2014-02-10
-Applied-Upstream: 0.1.5
-
---- a/LibYAML/scanner.c
-+++ b/LibYAML/scanner.c
-@@ -615,11 +615,11 @@
- */
-
- static int
--yaml_parser_roll_indent(yaml_parser_t *parser, int column,
-- int number, yaml_token_type_t type, yaml_mark_t mark);
-+yaml_parser_roll_indent(yaml_parser_t *parser, ptrdiff_t column,
-+ ptrdiff_t number, yaml_token_type_t type, yaml_mark_t mark);
-
- static int
--yaml_parser_unroll_indent(yaml_parser_t *parser, int column);
-+yaml_parser_unroll_indent(yaml_parser_t *parser, ptrdiff_t column);
-
- /*
- * Token fetchers.
-@@ -1103,7 +1103,7 @@
- */
-
- int required = (!parser->flow_level
-- && parser->indent == (int)parser->mark.column);
-+ && parser->indent == (ptrdiff_t)parser->mark.column);
-
- /*
- * A simple key is required only when it is the first token in the current
-@@ -1176,6 +1176,11 @@
-
- /* Increase the flow level. */
-
-+ if (parser->flow_level == INT_MAX) {
-+ parser->error = YAML_MEMORY_ERROR;
-+ return 0;
-+ }
-+
- parser->flow_level++;
-
- return 1;
-@@ -1206,8 +1211,8 @@
- */
-
- static int
--yaml_parser_roll_indent(yaml_parser_t *parser, int column,
-- int number, yaml_token_type_t type, yaml_mark_t mark)
-+yaml_parser_roll_indent(yaml_parser_t *parser, ptrdiff_t column,
-+ ptrdiff_t number, yaml_token_type_t type, yaml_mark_t mark)
- {
- yaml_token_t token;
-
-@@ -1226,6 +1231,11 @@
- if (!PUSH(parser, parser->indents, parser->indent))
- return 0;
-
-+ if (column > INT_MAX) {
-+ parser->error = YAML_MEMORY_ERROR;
-+ return 0;
-+ }
-+
- parser->indent = column;
-
- /* Create a token and insert it into the queue. */
-@@ -1254,7 +1264,7 @@
-
-
- static int
--yaml_parser_unroll_indent(yaml_parser_t *parser, int column)
-+yaml_parser_unroll_indent(yaml_parser_t *parser, ptrdiff_t column)
- {
- yaml_token_t token;
-
---- a/LibYAML/yaml_private.h
-+++ b/LibYAML/yaml_private.h
-@@ -8,6 +8,7 @@
-
- #include <assert.h>
- #include <limits.h>
-+#include <stddef.h>
-
- /*
- * Memory management.
diff --git a/debian/patches/libyaml-string-overflow.patch b/debian/patches/libyaml-string-overflow.patch
deleted file mode 100644
index d0d14ff..0000000
--- a/debian/patches/libyaml-string-overflow.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-Description: CVE-2013-6393: yaml_parser_scan_tag_uri: fix int overflow leading to buffer overflow
- This is a proposed patch from Florian Weimer <fweimer at redhat.com> for
- the string overflow issue. It has been ack'd by upstream.
-Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1033990
-Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1033990
-Last-Update: 2014-01-29
----
-# HG changeset patch
-# User Florian Weimer <fweimer at redhat.com>
-# Date 1389273500 -3600
-# Thu Jan 09 14:18:20 2014 +0100
-# Node ID a54d7af707f25dc298a7be60fd152001d2b3035b
-# Parent 3e6507fa0c26d20c09f8f468f2bd04aa2fd1b5b5
-yaml_parser_scan_tag_uri: fix int overflow leading to buffer overflow
-
---- a/LibYAML/scanner.c
-+++ b/LibYAML/scanner.c
-@@ -2574,7 +2574,7 @@
-
- /* Resize the string to include the head. */
-
-- while (string.end - string.start <= (int)length) {
-+ while ((size_t)(string.end - string.start) <= length) {
- if (!yaml_string_extend(&string.start, &string.pointer, &string.end)) {
- parser->error = YAML_MEMORY_ERROR;
- goto error;
diff --git a/debian/patches/series b/debian/patches/series
index ae79641..daae630 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,7 +1,2 @@
-fix_ftbfs_hardening_flags.diff
disable-update.sh.patch
-libyaml-string-overflow.patch
libyaml-node-id-hardening.patch
-libyaml-guard-against-overflows-in-indent-and-flow_level.patch
-CVE-2014-2525.patch
-CVE-2014-9130.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libyaml-libyaml-perl.git
More information about the Pkg-perl-cvs-commits
mailing list