aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLeo Famulari <leo@famulari.name>2016-05-28 01:16:43 -0400
committerLeo Famulari <leo@famulari.name>2016-05-29 23:48:28 -0400
commit0d567b553153921488ddf18879768b4125c9613e (patch)
treed13b9bd05fee2dff9dab0e47e71cb67879f9481d
parentd8862778c1b334cefafb92cc88e158b2cdf82a76 (diff)
downloadguix-0d567b553153921488ddf18879768b4125c9613e.tar.gz
guix-0d567b553153921488ddf18879768b4125c9613e.zip
gnu: libyaml: Fix CVE-2014-9130.
* gnu/packages/patches/libyaml-CVE-2014-9130.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/web.scm (libyaml): Use it.
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/patches/libyaml-CVE-2014-9130.patch30
-rw-r--r--gnu/packages/web.scm1
3 files changed, 32 insertions, 0 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 8844d1dbdc..eab390d228 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -809,6 +809,7 @@ dist_patch_DATA = \
%D%/packages/patches/xfce4-session-fix-xflock4.patch \
%D%/packages/patches/xfce4-settings-defaults.patch \
%D%/packages/patches/xmodmap-asprintf.patch \
+ %D%/packages/patches/libyaml-CVE-2014-9130.patch \
%D%/packages/patches/zathura-plugindir-environment-variable.patch
MISC_DISTRO_FILES = \
diff --git a/gnu/packages/patches/libyaml-CVE-2014-9130.patch b/gnu/packages/patches/libyaml-CVE-2014-9130.patch
new file mode 100644
index 0000000000..800358c0d6
--- /dev/null
+++ b/gnu/packages/patches/libyaml-CVE-2014-9130.patch
@@ -0,0 +1,30 @@
+Fixes CVE-2014-9130
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9130
+
+Upstream source:
+https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2
+
+# HG changeset patch
+# User Kirill Simonov <xi@resolvent.net>
+# Date 1417197312 21600
+# Node ID 2b9156756423e967cfd09a61d125d883fca6f4f2
+# Parent 053f53a381ff6adbbc93a31ab7fdee06a16c8a33
+Removed invalid simple key assertion (thank to Jonathan Gray).
+
+diff --git a/src/scanner.c b/src/scanner.c
+--- a/src/scanner.c
++++ b/src/scanner.c
+@@ -1106,13 +1106,6 @@
+ && parser->indent == (ptrdiff_t)parser->mark.column);
+
+ /*
+- * A simple key is required only when it is the first token in the current
+- * line. Therefore it is always allowed. But we add a check anyway.
+- */
+-
+- assert(parser->simple_key_allowed || !required); /* Impossible. */
+-
+- /*
+ * If the current position may start a simple key, save it.
+ */
+
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 03f15e8bf4..7cadf9b930 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -611,6 +611,7 @@ of people.")
(uri (string-append
"http://pyyaml.org/download/libyaml/yaml-"
version ".tar.gz"))
+ (patches (search-patches "libyaml-CVE-2014-9130.patch"))
(sha256
(base32
"0j9731s5zjb8mjx7wzf6vh7bsqi38ay564x6s9nri2nh9cdrg9kx"))))