2 files changed, 115 insertions, 0 deletions

diff --git a/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.2-CVE-2017-5950.patch b/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.2-CVE-2017-5950.patch
new file mode 100644
index 000000000000..2892108bd250
--- /dev/null
+++ b/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.2-CVE-2017-5950.patch
@@ -0,0 +1,45 @@
+From d540476e31b080aa1f903ad20ec0426dd3838be7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= <anarcat@debian.org>
+Date: Tue, 25 Apr 2017 20:10:20 -0400
+Subject: [PATCH] fix stack overflow in HandleNode() (CVE-2017-5950)
+
+simply set a hardcoded recursion limit to 2000 (inspired by Python's)
+to avoid infinitely recursing into arbitrary data structures
+
+assert() the depth. unsure if this is the right approach, but given
+that HandleNode() is "void", I am not sure how else to return an
+error. the problem with this approach of course is that it will still
+crash the caller, unless they have proper exception handling in place.
+
+Closes: #459
+---
+ src/singledocparser.cpp | 2 ++
+ src/singledocparser.h   | 2 ++
+ 2 files changed, 4 insertions(+)
+
+diff --git a/src/singledocparser.cpp b/src/singledocparser.cpp
+index a27c1c3b..1b4262ee 100644
+--- a/src/singledocparser.cpp
++++ b/src/singledocparser.cpp
+@@ -46,6 +46,8 @@ void SingleDocParser::HandleDocument(EventHandler& eventHandler) {
+ }
+ 
+ void SingleDocParser::HandleNode(EventHandler& eventHandler) {
++  assert(depth < depth_limit);
++  depth++;
+   // an empty node *is* a possibility
+   if (m_scanner.empty()) {
+     eventHandler.OnNull(m_scanner.mark(), NullAnchor);
+diff --git a/src/singledocparser.h b/src/singledocparser.h
+index 2b92067c..7046f1e2 100644
+--- a/src/singledocparser.h
++++ b/src/singledocparser.h
+@@ -51,6 +51,8 @@ class SingleDocParser : private noncopyable {
+   anchor_t LookupAnchor(const Mark& mark, const std::string& name) const;
+ 
+  private:
++  int depth = 0;
++  int depth_limit = 2000;
+   Scanner& m_scanner;
+   const Directives& m_directives;
+   std::unique_ptr<CollectionStack> m_pCollectionStack;
diff --git a/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.2-unbundle-gtest.patch b/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.2-unbundle-gtest.patch
new file mode 100644
index 000000000000..671bde36704a
--- /dev/null
+++ b/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.2-unbundle-gtest.patch
@@ -0,0 +1,70 @@
+From 259f944bc3e45420f5891737101260f07ab3030a Mon Sep 17 00:00:00 2001
+From: "Azamat H. Hackimov" <azamat.hackimov@gmail.com>
+Date: Tue, 27 Feb 2018 14:17:49 +0500
+Subject: [PATCH] Externalize googletest project
+
+Externalize gtest to avoid installation, fixes #539.
+---
+ test/CMakeLists.txt | 35 ++++++++++++++++++++++++++---------
+ 1 file changed, 26 insertions(+), 9 deletions(-)
+
+diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt
+index 3633da5..7b39dd4 100644
+--- a/test/CMakeLists.txt
++++ b/test/CMakeLists.txt
+@@ -1,16 +1,27 @@
++include(ExternalProject)
++
++ExternalProject_Add(
++	googletest_project
++	SOURCE_DIR "${CMAKE_SOURCE_DIR}/test/gtest-1.8.0"
++	INSTALL_DIR "${CMAKE_BINARY_DIR}/prefix"
++	CMAKE_ARGS -DCMAKE_INSTALL_PREFIX:PATH=<INSTALL_DIR> -DBUILD_GMOCK=ON
++)
++
++add_library(gmock UNKNOWN IMPORTED)
++set_target_properties(gmock PROPERTIES
++	IMPORTED_LOCATION ${PROJECT_BINARY_DIR}/prefix/lib/libgmock.a
++)
++
++find_package(Threads)
++
++include_directories(SYSTEM "${PROJECT_BINARY_DIR}/prefix/include")
++
+ set(gtest_force_shared_crt ${MSVC_SHARED_RT} CACHE BOOL
+   "Use shared (DLL) run-time lib even when Google Test built as a static lib.")
+-add_subdirectory(gtest-1.8.0)
+-include_directories(SYSTEM gtest-1.8.0/googlemock/include)
+-include_directories(SYSTEM gtest-1.8.0/googletest/include)
+-
+-if(WIN32 AND BUILD_SHARED_LIBS)
+-  add_definitions("-DGTEST_LINKED_AS_SHARED_LIBRARY")
+-endif()
+ 
+ if(CMAKE_CXX_COMPILER_ID MATCHES "GNU" OR
+    CMAKE_CXX_COMPILER_ID MATCHES "Clang")
+-  set(yaml_test_flags "-Wno-variadic-macros -Wno-sign-compare")
++	set(yaml_test_flags "-Wno-variadic-macros -Wno-sign-compare")
+ 
+   if(CMAKE_CXX_COMPILER_ID MATCHES "Clang")
+     set(yaml_test_flags "${yaml_test_flags} -Wno-c99-extensions")
+@@ -36,9 +47,15 @@ add_executable(run-tests
+ 	${test_sources}
+ 	${test_headers}
+ )
++
++add_dependencies(run-tests googletest_project)
++
+ set_target_properties(run-tests PROPERTIES
+   COMPILE_FLAGS "${yaml_c_flags} ${yaml_cxx_flags} ${yaml_test_flags}"
+ )
+-target_link_libraries(run-tests yaml-cpp gmock)
++target_link_libraries(run-tests
++	yaml-cpp
++	gmock
++	${CMAKE_THREAD_LIBS_INIT})
+ 
+ add_test(yaml-test ${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/run-tests)
+-- 
+2.16.1
+