Accepting request 285072 from home:vitezslav_cizek:branches:devel:languages:perl

- update to 0.59 - this update fixes 3 vulnerabilities in the embedded LibYAML: * CVE-2014-9130: libyaml: assert failure when processing wrapped strings (bnc#907809) * CVE-2014-2525: libyaml: heap overflow during parsing (bnc#868944) * CVE-2013-6393: libyaml: heap based buffer, overflow due to integer misuse (bnc#860617) - dropped CVE-2012-1152-YAML-LibYAML-0.35-format-error.patch (upstream) - upstream changelog: * PR/23 Better scalar dump heuristics * More closely match YAML.pm * Add a VERSION statement to YAML::LibYAML (issue#8) * Applied fix for PR/21. nawglan++ * Use Swim cpan-tail block functions in doc * Get YAML::XS using latest libyaml * Fix for https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure * Fix e1 test failure on 5.21.4 * Remove =travis section * Meta 0.0.2 * Eliminate spurious trailing whitespace * Add t/000-compile-modules.t * Fix swim errors * Add badges to doc * Fix ReadMe * Fix Meta and add Contributing. OBS-URL: https://build.opensuse.org/request/show/285072 OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-YAML-LibYAML?expand=0&rev=13
2015-02-10 17:56:25 +00:00 · 2015-02-10 17:56:25 +00:00 · 04c0c17bcd
commit 04c0c17bcd
parent f78412b0d2
5 changed files with 35 additions and 46 deletions
--- a/CVE-2012-1152-YAML-LibYAML-0.35-format-error.patch
+++ b/CVE-2012-1152-YAML-LibYAML-0.35-format-error.patch
@ -1,39 +0,0 @@
-diff -urbaN YAML-LibYAML-0.35-orig//LibYAML/perl_libyaml.c YAML-LibYAML-0.35/LibYAML/perl_libyaml.c
--- YAML-LibYAML-0.35-orig//LibYAML/perl_libyaml.c	2011-04-03 18:28:08.000000000 +0200
-+++ YAML-LibYAML-0.35/LibYAML/perl_libyaml.c	2011-04-08 09:25:49.633009787 +0200
-@@ -188,7 +188,7 @@
-     return;
- 
- load_error:
-    croak(loader_error_msg(&loader, NULL));
-+    croak("%s", loader_error_msg(&loader, NULL));
- }
- 
- /*
-@@ -271,7 +271,7 @@
-     return return_sv;
- 
-     load_error:
-        croak(loader_error_msg(loader, NULL));
-+        croak("%s", loader_error_msg(loader, NULL));
- }
- 
- /*
-@@ -314,7 +314,7 @@
-         else if (strlen(tag) <= strlen(prefix) ||
-             ! strnEQ(tag, prefix, strlen(prefix))
-         ) croak(
-            loader_error_msg(loader, form("bad tag found for hash: '%s'", tag))
-+            "%s", loader_error_msg(loader, form("bad tag found for hash: '%s'", tag))
-         );
-         class = tag + strlen(prefix);
-         sv_bless(hash_ref, gv_stashpv(class, TRUE)); 
-@@ -347,7 +347,7 @@
-         else if (strlen(tag) <= strlen(prefix) ||
-             ! strnEQ(tag, prefix, strlen(prefix))
-         ) croak(
-            loader_error_msg(loader, form("bad tag found for array: '%s'", tag))
-+            "%s", loader_error_msg(loader, form("bad tag found for array: '%s'", tag))
-         );
-         class = tag + strlen(prefix);
-         sv_bless(array_ref, gv_stashpv(class, TRUE)); 
--- a/YAML-LibYAML-0.44.tar.gz
+++ b/YAML-LibYAML-0.44.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:027726648e78363c1a958c142b2a792c2235014bc3036499522d798ce9cd89a2
-size 153853
--- a/YAML-LibYAML-0.59.tar.gz
+++ b/YAML-LibYAML-0.59.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9df424ef5e968054042cacafa2f44354a662329df974d178dffce7529fc99f54
+size 140949
--- a/perl-YAML-LibYAML.changes
+++ b/perl-YAML-LibYAML.changes
@ -1,3 +1,33 @@
+-------------------------------------------------------------------
+Tue Feb 10 10:24:37 UTC 2015 - vcizek@suse.com
+
+- update to 0.59
+- this update fixes 3 vulnerabilities in the embedded LibYAML:
+  * CVE-2014-9130: libyaml: assert failure when processing
+    wrapped strings (bnc#907809)
+  * CVE-2014-2525: libyaml: heap overflow during parsing (bnc#868944)
+  * CVE-2013-6393: libyaml: heap based buffer, overflow due to
+    integer misuse (bnc#860617)
+- dropped CVE-2012-1152-YAML-LibYAML-0.35-format-error.patch (upstream)
+- upstream changelog:
+  * PR/23 Better scalar dump heuristics
+  * More closely match YAML.pm
+  * Add a VERSION statement to YAML::LibYAML (issue#8)
+  * Applied fix for PR/21. nawglan++
+  * Use Swim cpan-tail block functions in doc
+  * Get YAML::XS using latest libyaml
+  * Fix for
+    https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure
+  * Fix e1 test failure on 5.21.4
+  * Remove =travis section
+  * Meta 0.0.2
+  * Eliminate spurious trailing whitespace
+  * Add t/000-compile-modules.t
+  * Fix swim errors
+  * Add badges to doc
+  * Fix ReadMe
+  * Fix Meta and add Contributing.
+
 -------------------------------------------------------------------
 Mon Jul 28 05:30:44 UTC 2014 - coolo@suse.com

--- a/perl-YAML-LibYAML.spec
+++ b/perl-YAML-LibYAML.spec
@ -1,7 +1,7 @@
 #
 # spec file for package perl-YAML-LibYAML
 #
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -17,7 +17,7 @@


 Name:           perl-YAML-LibYAML
-Version:        0.44
+Version:        0.59
 Release:        0
 %define cpan_name YAML-LibYAML
 Summary:        Perl YAML Serialization using XS and libyaml
@ -25,7 +25,6 @@ License:        Artistic-1.0 or GPL-1.0+
 Group:          Development/Libraries/Perl
 Url:            http://search.cpan.org/dist/YAML-LibYAML/
 Source:         http://www.cpan.org/authors/id/I/IN/INGY/%{cpan_name}-%{version}.tar.gz
-Patch0:         CVE-2012-1152-YAML-LibYAML-0.35-format-error.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  perl
 BuildRequires:  perl-macros
@ -36,7 +35,6 @@ Perl YAML Serialization using XS and libyaml

 %prep
 %setup -q -n %{cpan_name}-%{version}
-%patch0 -p1
 find . -type f -print0 | xargs -0 chmod 644

 %build