debian/0000775000000000000000000000000012317027741007174 5ustar debian/control0000664000000000000000000000300712272763736010612 0ustar Source: libyaml Section: libs Priority: optional Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Anders Kaseorg Build-Depends: autotools-dev, debhelper (>= 8.1.3~), dh-autoreconf, cdbs (>= 0.4.93~) Standards-Version: 3.9.2 Homepage: http://pyyaml.org/wiki/LibYAML Vcs-Git: git://andersk.mit.edu/libyaml.git Vcs-Browser: http://andersk.mit.edu/gitweb/libyaml.git Package: libyaml-0-2 Architecture: any Multi-Arch: same Depends: ${shlibs:Depends}, ${misc:Depends} Pre-Depends: ${misc:Pre-Depends} Description: Fast YAML 1.1 parser and emitter library LibYAML is a C library for parsing and emitting data in YAML 1.1, a human-readable data serialization format. Package: libyaml-0-2-dbg Section: debug Priority: extra Architecture: any Multi-Arch: same Depends: ${misc:Depends}, libyaml-0-2 (= ${binary:Version}) Description: Fast YAML 1.1 parser and emitter library (debugging symbols) LibYAML is a C library for parsing and emitting data in YAML 1.1, a human-readable data serialization format. . This package contains detached debuging symbols for the library found in libyaml-0-2. Package: libyaml-dev Section: libdevel Architecture: any Multi-Arch: same Depends: ${misc:Depends}, libyaml-0-2 (= ${binary:Version}) Description: Fast YAML 1.1 parser and emitter library (development) LibYAML is a C library for parsing and emitting data in YAML 1.1, a human-readable data serialization format. . This package contains development headers and static libraries. debian/control.in0000664000000000000000000000270412272763736011222 0ustar Source: libyaml Section: libs Priority: optional Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Anders Kaseorg Build-Depends: @cdbs@ Standards-Version: 3.9.2 Homepage: http://pyyaml.org/wiki/LibYAML Vcs-Git: git://andersk.mit.edu/libyaml.git Vcs-Browser: http://andersk.mit.edu/gitweb/libyaml.git Package: libyaml-0-2 Architecture: any Multi-Arch: same Depends: ${shlibs:Depends}, ${misc:Depends} Pre-Depends: ${misc:Pre-Depends} Description: Fast YAML 1.1 parser and emitter library LibYAML is a C library for parsing and emitting data in YAML 1.1, a human-readable data serialization format. Package: libyaml-0-2-dbg Section: debug Priority: extra Architecture: any Multi-Arch: same Depends: ${misc:Depends}, libyaml-0-2 (= ${binary:Version}) Description: Fast YAML 1.1 parser and emitter library (debugging symbols) LibYAML is a C library for parsing and emitting data in YAML 1.1, a human-readable data serialization format. . This package contains detached debuging symbols for the library found in libyaml-0-2. Package: libyaml-dev Section: libdevel Architecture: any Multi-Arch: same Depends: ${misc:Depends}, libyaml-0-2 (= ${binary:Version}) Description: Fast YAML 1.1 parser and emitter library (development) LibYAML is a C library for parsing and emitting data in YAML 1.1, a human-readable data serialization format. . This package contains development headers and static libraries. debian/changelog0000664000000000000000000000662712317027741011061 0ustar libyaml (0.1.4-3ubuntu3) trusty; urgency=medium * SECURITY UPDATE: denial of service and possible code execution via heap overflow in yaml_parser_scan_uri_escapes - debian/patches/CVE-2014-2525.patch: properly handle memory in src/scanner.c, src/yaml_private.h. - CVE-2014-2525 -- Marc Deslauriers Wed, 02 Apr 2014 11:38:05 -0400 libyaml (0.1.4-3ubuntu2) trusty; urgency=medium * SECURITY REGRESSION: parsing regression in security update (LP: #1279805) - debian/patches/CVE-2013-6393.patch: use upstream commits from 0.1.5. - debian/patches/libyaml-string-overflow.patch: removed - debian/patches/libyaml-node-id-hardening.patch: removed - debian/patches/libyaml-indent-column-overflow-v2.patch: removed -- Marc Deslauriers Thu, 13 Feb 2014 09:02:35 -0500 libyaml (0.1.4-3ubuntu1) trusty; urgency=medium * Merge from Debian. Remaining changes: - debian/{rules,control}: build-depend on dh-autoreconf and use it. -- Marc Deslauriers Fri, 31 Jan 2014 13:13:53 -0500 libyaml (0.1.4-3) unstable; urgency=high * Fix CVE-2013-6393: heap-based buffer overflow when parsing YAML tags. (Closes: #737076) -- Anders Kaseorg Wed, 29 Jan 2014 20:11:48 -0500 libyaml (0.1.4-2ubuntu1) trusty; urgency=low * debian/{rules,control}: build-depend on dh-autoreconf and use it. -- Adam Conrad Thu, 12 Dec 2013 01:29:25 -0700 libyaml (0.1.4-2build1) quantal; urgency=low * Rebuild for new armel compiler default of ARMv5t. -- Colin Watson Fri, 05 Oct 2012 10:49:29 +0100 libyaml (0.1.4-2) unstable; urgency=low * Remove extra libyaml-0.so symlink from libyaml-dev. * Bump Debhelper compat level to 9. * Support multiarch. (Closes: #653748) (LP: #905630) * Use 3.0 (quilt) source format. -- Anders Kaseorg Fri, 30 Dec 2011 17:14:52 -0500 libyaml (0.1.4-1) unstable; urgency=low * New upstream version 0.1.4. + Fixed a bug that prevented an empty mapping being used as a simple key. + Fixed pointer overflow when calculating the position of a potential simple key. + Added pkg-config support. (Closes: #537834) * Remove unneded libyaml.la file. (Closes: #622452) * Add libyaml-0-2-dbg package with debugging symbols. (Closes: #592747) * Bumped standards version to 3.9.2 without further change -- Anders Kaseorg Mon, 30 May 2011 22:27:27 -0400 libyaml (0.1.3-1) unstable; urgency=low * New upstream version 0.1.3. + This release fixes non-standard structure initialization and a streaming-related issue. * Bump priority from extra to optional. -- Anders Kaseorg Sun, 04 Oct 2009 14:07:18 -0400 libyaml (0.1.2-1) unstable; urgency=low * New upstream version 0.1.2. + Fixed grammar in error messages (from YAML::XS::LibYAML). + Rewritten whitespace detection in the scalar analyzer and block scalar writers (ported from PyYAML). + Fixed emitting folded scalars with trailing breaks; Forced emitting of a document end indicator when there is a possibility of ambiguous parsing. -- Anders Kaseorg Mon, 29 Dec 2008 21:10:48 -0500 libyaml (0.1.1-1) unstable; urgency=low * Initial release (Closes: #484381). -- Anders Kaseorg Tue, 10 Jun 2008 02:37:34 -0400 debian/libyaml-0-2.install0000664000000000000000000000002112272320727012502 0ustar usr/lib/*/*.so.* debian/source.lintian-overrides0000664000000000000000000000006212272320727014052 0ustar package-needs-versioned-debhelper-build-depends 9 debian/source/0000775000000000000000000000000012272320727010474 5ustar debian/source/format0000664000000000000000000000001412272320727011702 0ustar 3.0 (quilt) debian/compat0000664000000000000000000000000212272320727010372 0ustar 9 debian/patches/0000775000000000000000000000000012317027330010615 5ustar debian/patches/CVE-2014-2525.patch0000664000000000000000000000375112317027330013240 0ustar # HG changeset patch # User Kirill Simonov # Date 1395835397 18000 # Node ID bce8b60f0b9af69fa9fab3093d0a41ba243de048 # Parent d7cb9c2731c01fb5465dd61a14ebd42ce258518d Fixed heap overflow in yaml_parser_scan_uri_escapes (Thanks Ivan Fratric of the Google Security Team). Index: libyaml-0.1.4/src/scanner.c =================================================================== --- libyaml-0.1.4.orig/src/scanner.c 2014-04-02 11:37:57.992175108 -0400 +++ libyaml-0.1.4/src/scanner.c 2014-04-02 11:37:57.984175108 -0400 @@ -2629,6 +2629,9 @@ /* Check if it is a URI-escape sequence. */ if (CHECK(parser->buffer, '%')) { + if (!STRING_EXTEND(parser, string)) + goto error; + if (!yaml_parser_scan_uri_escapes(parser, directive, start_mark, &string)) goto error; } Index: libyaml-0.1.4/src/yaml_private.h =================================================================== --- libyaml-0.1.4.orig/src/yaml_private.h 2014-04-02 11:37:57.992175108 -0400 +++ libyaml-0.1.4/src/yaml_private.h 2014-04-02 11:37:57.988175108 -0400 @@ -134,9 +134,12 @@ (string).start = (string).pointer = (string).end = 0) #define STRING_EXTEND(context,string) \ - (((string).pointer+5 < (string).end) \ + ((((string).pointer+5 < (string).end) \ || yaml_string_extend(&(string).start, \ - &(string).pointer, &(string).end)) + &(string).pointer, &(string).end)) ? \ + 1 : \ + ((context)->error = YAML_MEMORY_ERROR, \ + 0)) #define CLEAR(context,string) \ ((string).pointer = (string).start, \ debian/patches/CVE-2013-6393.patch0000664000000000000000000001555612277150167013266 0ustar Description: fix denial of service and possible code execution via large yaml documents Origin: upstream, https://bitbucket.org/xi/libyaml/commits/1d73f004f49e6962cf936da98aecf0aec95c4c50 Origin: upstream, https://bitbucket.org/xi/libyaml/commits/b77d42277c32b58a114a0fa0968038a4b0ab24f4 Origin: upstream, https://bitbucket.org/xi/libyaml/commits/f859ed1eb757a3562b98a28a8ce69274bfd4b3f2 Origin: upstream, https://bitbucket.org/xi/libyaml/commits/0df2fb962294f3a6df1450a3e08c6a0f74f9078c Origin: upstream, https://bitbucket.org/xi/libyaml/commits/af3599437a87162554787c52d8b16eab553f537b Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libyaml/+bug/1279805 Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libyaml/+bug/1276156 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737076 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738587 Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1033990 Index: libyaml-0.1.4/src/loader.c =================================================================== --- libyaml-0.1.4.orig/src/loader.c 2011-05-29 01:55:42.000000000 -0400 +++ libyaml-0.1.4/src/loader.c 2014-02-13 08:32:26.228856720 -0500 @@ -286,6 +286,8 @@ int index; yaml_char_t *tag = first_event->data.scalar.tag; + if (!STACK_LIMIT(parser, parser->document->nodes, INT_MAX-1)) goto error; + if (!tag || strcmp((char *)tag, "!") == 0) { yaml_free(tag); tag = yaml_strdup((yaml_char_t *)YAML_DEFAULT_SCALAR_TAG); @@ -329,6 +331,8 @@ int index, item_index; yaml_char_t *tag = first_event->data.sequence_start.tag; + if (!STACK_LIMIT(parser, parser->document->nodes, INT_MAX-1)) goto error; + if (!tag || strcmp((char *)tag, "!") == 0) { yaml_free(tag); tag = yaml_strdup((yaml_char_t *)YAML_DEFAULT_SEQUENCE_TAG); @@ -351,6 +355,9 @@ if (!yaml_parser_parse(parser, &event)) return 0; while (event.type != YAML_SEQUENCE_END_EVENT) { + if (!STACK_LIMIT(parser, + parser->document->nodes.start[index-1].data.sequence.items, + INT_MAX-1)) return 0; item_index = yaml_parser_load_node(parser, &event); if (!item_index) return 0; if (!PUSH(parser, @@ -387,6 +394,8 @@ yaml_node_pair_t pair; yaml_char_t *tag = first_event->data.mapping_start.tag; + if (!STACK_LIMIT(parser, parser->document->nodes, INT_MAX-1)) goto error; + if (!tag || strcmp((char *)tag, "!") == 0) { yaml_free(tag); tag = yaml_strdup((yaml_char_t *)YAML_DEFAULT_MAPPING_TAG); @@ -409,6 +418,9 @@ if (!yaml_parser_parse(parser, &event)) return 0; while (event.type != YAML_MAPPING_END_EVENT) { + if (!STACK_LIMIT(parser, + parser->document->nodes.start[index-1].data.mapping.pairs, + INT_MAX-1)) return 0; pair.key = yaml_parser_load_node(parser, &event); if (!pair.key) return 0; if (!yaml_parser_parse(parser, &event)) return 0; Index: libyaml-0.1.4/src/reader.c =================================================================== --- libyaml-0.1.4.orig/src/reader.c 2011-05-29 01:55:42.000000000 -0400 +++ libyaml-0.1.4/src/reader.c 2014-02-13 08:32:30.716856793 -0500 @@ -460,6 +460,10 @@ } + if (parser->offset >= PTRDIFF_MAX) + return yaml_parser_set_reader_error(parser, "input is too long", + PTRDIFF_MAX, -1); + return 1; } Index: libyaml-0.1.4/src/scanner.c =================================================================== --- libyaml-0.1.4.orig/src/scanner.c 2014-02-13 08:31:50.000000000 -0500 +++ libyaml-0.1.4/src/scanner.c 2014-02-13 08:32:32.836856827 -0500 @@ -615,11 +615,11 @@ */ static int -yaml_parser_roll_indent(yaml_parser_t *parser, int column, - int number, yaml_token_type_t type, yaml_mark_t mark); +yaml_parser_roll_indent(yaml_parser_t *parser, ptrdiff_t column, + ptrdiff_t number, yaml_token_type_t type, yaml_mark_t mark); static int -yaml_parser_unroll_indent(yaml_parser_t *parser, int column); +yaml_parser_unroll_indent(yaml_parser_t *parser, ptrdiff_t column); /* * Token fetchers. @@ -1103,7 +1103,7 @@ */ int required = (!parser->flow_level - && parser->indent == (int)parser->mark.column); + && parser->indent == (ptrdiff_t)parser->mark.column); /* * A simple key is required only when it is the first token in the current @@ -1176,6 +1176,11 @@ /* Increase the flow level. */ + if (parser->flow_level == INT_MAX) { + parser->error = YAML_MEMORY_ERROR; + return 0; + } + parser->flow_level++; return 1; @@ -1206,8 +1211,8 @@ */ static int -yaml_parser_roll_indent(yaml_parser_t *parser, int column, - int number, yaml_token_type_t type, yaml_mark_t mark) +yaml_parser_roll_indent(yaml_parser_t *parser, ptrdiff_t column, + ptrdiff_t number, yaml_token_type_t type, yaml_mark_t mark) { yaml_token_t token; @@ -1226,6 +1231,11 @@ if (!PUSH(parser, parser->indents, parser->indent)) return 0; + if (column > INT_MAX) { + parser->error = YAML_MEMORY_ERROR; + return 0; + } + parser->indent = column; /* Create a token and insert it into the queue. */ @@ -1254,7 +1264,7 @@ static int -yaml_parser_unroll_indent(yaml_parser_t *parser, int column) +yaml_parser_unroll_indent(yaml_parser_t *parser, ptrdiff_t column) { yaml_token_t token; @@ -2574,7 +2584,7 @@ /* Resize the string to include the head. */ - while (string.end - string.start <= (int)length) { + while ((size_t)(string.end - string.start) <= length) { if (!yaml_string_extend(&string.start, &string.pointer, &string.end)) { parser->error = YAML_MEMORY_ERROR; goto error; Index: libyaml-0.1.4/src/yaml_private.h =================================================================== --- libyaml-0.1.4.orig/src/yaml_private.h 2011-05-29 01:55:42.000000000 -0400 +++ libyaml-0.1.4/src/yaml_private.h 2014-02-13 08:32:30.716856793 -0500 @@ -7,6 +7,8 @@ #include #include +#include +#include /* * Memory management. @@ -421,6 +423,12 @@ #define STACK_EMPTY(context,stack) \ ((stack).start == (stack).top) +#define STACK_LIMIT(context,stack,size) \ + ((stack).top - (stack).start < (size) ? \ + 1 : \ + ((context)->error = YAML_MEMORY_ERROR, \ + 0)) + #define PUSH(context,stack,value) \ (((stack).top != (stack).end \ || yaml_stack_extend((void **)&(stack).start, \ debian/patches/series0000664000000000000000000000005012317027324012030 0ustar CVE-2013-6393.patch CVE-2014-2525.patch debian/copyright0000664000000000000000000000262112272320727011130 0ustar This package was debianized by Anders Kaseorg on Mon, 02 Jun 2008 05:16:28 -0400. It was downloaded from Upstream Author: Kirill Simonov Copyright: Copyright (c) 2006 Kirill Simonov License: Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. The Debian packaging is released to the public domain. debian/watch0000664000000000000000000000010012272320727010214 0ustar version=3 http://pyyaml.org/download/libyaml/yaml-(.*)\.tar\.gz debian/rules0000775000000000000000000000113412272763736010266 0ustar #!/usr/bin/make -f include /usr/share/cdbs/1/rules/debhelper.mk include /usr/share/cdbs/1/class/autotools.mk include /usr/share/cdbs/1/rules/autoreconf.mk CDBS_BUILD_DEPENDS += , cdbs (>= 0.4.93~) # for $(DEB_HOST_MULTIARCH) # Debhelper 9 isn’t released yet CDBS_BUILD_DEPENDS_rules_debhelper_v9 = debhelper (>= 8.1.3~) # dh_buildinfo fails at multiarch: http://bugs.debian.org/620104 CDBS_BUILD_DEPENDS_rules_debhelper_buildinfo = DEB_CONFIGURE_EXTRA_FLAGS += --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH) DEB_DH_INSTALL_SOURCEDIR = $(DEB_DESTDIR) DEB_DBG_PACKAGE_libyaml-0-2 = libyaml-0-2-dbg debian/libyaml-dev.install0000664000000000000000000000010112272320727012761 0ustar usr/include/* usr/lib/*/*.a usr/lib/*/*.so usr/lib/*/pkgconfig/*