diff options
Diffstat (limited to 'dev-cpp/yaml-cpp/files')
3 files changed, 149 insertions, 115 deletions
diff --git a/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.2-CVE-2017-5950.patch b/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.2-CVE-2017-5950.patch deleted file mode 100644 index 2892108bd250..000000000000 --- a/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.2-CVE-2017-5950.patch +++ /dev/null @@ -1,45 +0,0 @@ -From d540476e31b080aa1f903ad20ec0426dd3838be7 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= <anarcat@debian.org> -Date: Tue, 25 Apr 2017 20:10:20 -0400 -Subject: [PATCH] fix stack overflow in HandleNode() (CVE-2017-5950) - -simply set a hardcoded recursion limit to 2000 (inspired by Python's) -to avoid infinitely recursing into arbitrary data structures - -assert() the depth. unsure if this is the right approach, but given -that HandleNode() is "void", I am not sure how else to return an -error. the problem with this approach of course is that it will still -crash the caller, unless they have proper exception handling in place. - -Closes: #459 ---- - src/singledocparser.cpp | 2 ++ - src/singledocparser.h | 2 ++ - 2 files changed, 4 insertions(+) - -diff --git a/src/singledocparser.cpp b/src/singledocparser.cpp -index a27c1c3b..1b4262ee 100644 ---- a/src/singledocparser.cpp -+++ b/src/singledocparser.cpp -@@ -46,6 +46,8 @@ void SingleDocParser::HandleDocument(EventHandler& eventHandler) { - } - - void SingleDocParser::HandleNode(EventHandler& eventHandler) { -+ assert(depth < depth_limit); -+ depth++; - // an empty node *is* a possibility - if (m_scanner.empty()) { - eventHandler.OnNull(m_scanner.mark(), NullAnchor); -diff --git a/src/singledocparser.h b/src/singledocparser.h -index 2b92067c..7046f1e2 100644 ---- a/src/singledocparser.h -+++ b/src/singledocparser.h -@@ -51,6 +51,8 @@ class SingleDocParser : private noncopyable { - anchor_t LookupAnchor(const Mark& mark, const std::string& name) const; - - private: -+ int depth = 0; -+ int depth_limit = 2000; - Scanner& m_scanner; - const Directives& m_directives; - std::unique_ptr<CollectionStack> m_pCollectionStack; diff --git a/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.2-unbundle-gtest.patch b/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.2-unbundle-gtest.patch deleted file mode 100644 index 671bde36704a..000000000000 --- a/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.2-unbundle-gtest.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 259f944bc3e45420f5891737101260f07ab3030a Mon Sep 17 00:00:00 2001 -From: "Azamat H. Hackimov" <azamat.hackimov@gmail.com> -Date: Tue, 27 Feb 2018 14:17:49 +0500 -Subject: [PATCH] Externalize googletest project - -Externalize gtest to avoid installation, fixes #539. ---- - test/CMakeLists.txt | 35 ++++++++++++++++++++++++++--------- - 1 file changed, 26 insertions(+), 9 deletions(-) - -diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt -index 3633da5..7b39dd4 100644 ---- a/test/CMakeLists.txt -+++ b/test/CMakeLists.txt -@@ -1,16 +1,27 @@ -+include(ExternalProject) -+ -+ExternalProject_Add( -+ googletest_project -+ SOURCE_DIR "${CMAKE_SOURCE_DIR}/test/gtest-1.8.0" -+ INSTALL_DIR "${CMAKE_BINARY_DIR}/prefix" -+ CMAKE_ARGS -DCMAKE_INSTALL_PREFIX:PATH=<INSTALL_DIR> -DBUILD_GMOCK=ON -+) -+ -+add_library(gmock UNKNOWN IMPORTED) -+set_target_properties(gmock PROPERTIES -+ IMPORTED_LOCATION ${PROJECT_BINARY_DIR}/prefix/lib/libgmock.a -+) -+ -+find_package(Threads) -+ -+include_directories(SYSTEM "${PROJECT_BINARY_DIR}/prefix/include") -+ - set(gtest_force_shared_crt ${MSVC_SHARED_RT} CACHE BOOL - "Use shared (DLL) run-time lib even when Google Test built as a static lib.") --add_subdirectory(gtest-1.8.0) --include_directories(SYSTEM gtest-1.8.0/googlemock/include) --include_directories(SYSTEM gtest-1.8.0/googletest/include) -- --if(WIN32 AND BUILD_SHARED_LIBS) -- add_definitions("-DGTEST_LINKED_AS_SHARED_LIBRARY") --endif() - - if(CMAKE_CXX_COMPILER_ID MATCHES "GNU" OR - CMAKE_CXX_COMPILER_ID MATCHES "Clang") -- set(yaml_test_flags "-Wno-variadic-macros -Wno-sign-compare") -+ set(yaml_test_flags "-Wno-variadic-macros -Wno-sign-compare") - - if(CMAKE_CXX_COMPILER_ID MATCHES "Clang") - set(yaml_test_flags "${yaml_test_flags} -Wno-c99-extensions") -@@ -36,9 +47,15 @@ add_executable(run-tests - ${test_sources} - ${test_headers} - ) -+ -+add_dependencies(run-tests googletest_project) -+ - set_target_properties(run-tests PROPERTIES - COMPILE_FLAGS "${yaml_c_flags} ${yaml_cxx_flags} ${yaml_test_flags}" - ) --target_link_libraries(run-tests yaml-cpp gmock) -+target_link_libraries(run-tests -+ yaml-cpp -+ gmock -+ ${CMAKE_THREAD_LIBS_INIT}) - - add_test(yaml-test ${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/run-tests) --- -2.16.1 - diff --git a/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.3-fix-overflows.patch b/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.3-fix-overflows.patch new file mode 100644 index 000000000000..4c5418db22d3 --- /dev/null +++ b/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.3-fix-overflows.patch @@ -0,0 +1,149 @@ +This patch comes from the upstream commit here[1], slightly modified to +apply to 0.6.3. The pull request[2] mentions fixing CVE-2017-5950, +CVE-2018-{20573,20574}, and CVE-2019-6285. Note that CVE-2019-6292 appears to +be a duplicate of CVE-2019-6285 [3]. + +[1] https://github.com/jbeder/yaml-cpp/commit/4edff1fa5dbfca16fc72d89870841bee89f8ef89 +[2] https://github.com/jbeder/yaml-cpp/pull/807 +[3] https://github.com/jbeder/yaml-cpp/issues/660 + +diff --git a/include/yaml-cpp/depthguard.h b/include/yaml-cpp/depthguard.h +new file mode 100644 +index 00000000..8ca61ac6 +--- /dev/null ++++ b/include/yaml-cpp/depthguard.h +@@ -0,0 +1,77 @@ ++#ifndef DEPTH_GUARD_H_00000000000000000000000000000000000000000000000000000000 ++#define DEPTH_GUARD_H_00000000000000000000000000000000000000000000000000000000 ++ ++#if defined(_MSC_VER) || \ ++ (defined(__GNUC__) && (__GNUC__ == 3 && __GNUC_MINOR__ >= 4) || \ ++ (__GNUC__ >= 4)) // GCC supports "pragma once" correctly since 3.4 ++#pragma once ++#endif ++ ++#include "exceptions.h" ++ ++namespace YAML { ++ ++/** ++ * @brief The DeepRecursion class ++ * An exception class which is thrown by DepthGuard. Ideally it should be ++ * a member of DepthGuard. However, DepthGuard is a templated class which means ++ * that any catch points would then need to know the template parameters. It is ++ * simpler for clients to not have to know at the catch point what was the ++ * maximum depth. ++ */ ++class DeepRecursion : public ParserException { ++public: ++ virtual ~DeepRecursion() = default; ++ ++ DeepRecursion(int depth, const Mark& mark_, const std::string& msg_); ++ ++ // Returns the recursion depth when the exception was thrown ++ int depth() const { ++ return m_depth; ++ } ++ ++private: ++ int m_depth = 0; ++}; ++ ++/** ++ * @brief The DepthGuard class ++ * DepthGuard takes a reference to an integer. It increments the integer upon ++ * construction of DepthGuard and decrements the integer upon destruction. ++ * ++ * If the integer would be incremented past max_depth, then an exception is ++ * thrown. This is ideally geared toward guarding against deep recursion. ++ * ++ * @param max_depth ++ * compile-time configurable maximum depth. ++ */ ++template <int max_depth = 2000> ++class DepthGuard final { ++public: ++ DepthGuard(int & depth_, const Mark& mark_, const std::string& msg_) : m_depth(depth_) { ++ ++m_depth; ++ if ( max_depth <= m_depth ) { ++ throw DeepRecursion{m_depth, mark_, msg_}; ++ } ++ } ++ ++ DepthGuard(const DepthGuard & copy_ctor) = delete; ++ DepthGuard(DepthGuard && move_ctor) = delete; ++ DepthGuard & operator=(const DepthGuard & copy_assign) = delete; ++ DepthGuard & operator=(DepthGuard && move_assign) = delete; ++ ++ ~DepthGuard() { ++ --m_depth; ++ } ++ ++ int current_depth() const { ++ return m_depth; ++ } ++ ++private: ++ int & m_depth; ++}; ++ ++} // namespace YAML ++ ++#endif // DEPTH_GUARD_H_00000000000000000000000000000000000000000000000000000000 +diff --git a/src/depthguard.cpp b/src/depthguard.cpp +new file mode 100644 +index 00000000..b88cd340 +--- /dev/null ++++ b/src/depthguard.cpp +@@ -0,0 +1,10 @@ ++#include "yaml-cpp/depthguard.h" ++ ++namespace YAML { ++ ++DeepRecursion::DeepRecursion(int depth, const Mark& mark_, const std::string& msg_) ++ : ParserException(mark_, msg_), ++ m_depth(depth) { ++} ++ ++} // namespace YAML +diff --git a/src/singledocparser.cpp b/src/singledocparser.cpp +index 47e9e047..3e5638be 100644 +--- a/src/singledocparser.cpp ++++ b/src/singledocparser.cpp +@@ -7,6 +7,7 @@ + #include "singledocparser.h" + #include "tag.h" + #include "token.h" ++#include "yaml-cpp/depthguard.h" + #include "yaml-cpp/emitterstyle.h" + #include "yaml-cpp/eventhandler.h" + #include "yaml-cpp/exceptions.h" // IWYU pragma: keep +@@ -47,6 +48,8 @@ void SingleDocParser::HandleDocument(EventHandler& eventHandler) { + } + + void SingleDocParser::HandleNode(EventHandler& eventHandler) { ++ DepthGuard<2000> depthguard(depth, m_scanner.mark(), ErrorMsg::BAD_FILE); ++ + // an empty node *is* a possibility + if (m_scanner.empty()) { + eventHandler.OnNull(m_scanner.mark(), NullAnchor); +diff --git a/src/singledocparser.h b/src/singledocparser.h +index c8cfca9d..f484eb1f 100644 +--- a/src/singledocparser.h ++++ b/src/singledocparser.h +@@ -15,6 +15,7 @@ + + namespace YAML { + class CollectionStack; ++template <int> class DepthGuard; // depthguard.h + class EventHandler; + class Node; + class Scanner; +@@ -55,6 +56,7 @@ class SingleDocParser { + anchor_t LookupAnchor(const Mark& mark, const std::string& name) const; + + private: ++ int depth = 0; + Scanner& m_scanner; + const Directives& m_directives; + std::unique_ptr<CollectionStack> m_pCollectionStack; |