diff options
Diffstat (limited to 'dev-cpp/yaml-cpp')
| -rw-r--r-- | dev-cpp/yaml-cpp/Manifest | 7 | ||||
| -rw-r--r-- | dev-cpp/yaml-cpp/files/yaml-cpp-0.6.2-CVE-2017-5950.patch | 45 | ||||
| -rw-r--r-- | dev-cpp/yaml-cpp/files/yaml-cpp-0.6.2-unbundle-gtest.patch | 70 | ||||
| -rw-r--r-- | dev-cpp/yaml-cpp/files/yaml-cpp-0.6.3-fix-overflows.patch | 149 | ||||
| -rw-r--r-- | dev-cpp/yaml-cpp/yaml-cpp-0.6.2.ebuild | 42 | ||||
| -rw-r--r-- | dev-cpp/yaml-cpp/yaml-cpp-0.6.3-r3.ebuild (renamed from dev-cpp/yaml-cpp/yaml-cpp-0.6.3-r1.ebuild) | 10 |
6 files changed, 158 insertions, 165 deletions
diff --git a/dev-cpp/yaml-cpp/Manifest b/dev-cpp/yaml-cpp/Manifest index 976eb80b9f81..2dbb99626733 100644 --- a/dev-cpp/yaml-cpp/Manifest +++ b/dev-cpp/yaml-cpp/Manifest @@ -1,10 +1,7 @@ -AUX yaml-cpp-0.6.2-CVE-2017-5950.patch 1697 BLAKE2B 7b13c947e471aa08ec718cecfd43666689cbf0137ed6328ab550f722c409f19ec6437a5458180a3c334ebfe899ef67cbee04237fd230ac06fde863c3adc231f3 SHA512 0ba8bb8d81a98b77cde3dd386fe237dd11aae53011419042ff0b72b643ac2c1fdb7753ff524d0c5d319f7d601b417d1c6ab2419c728c4015197f83ce3eaa34b2 -AUX yaml-cpp-0.6.2-unbundle-gtest.patch 2204 BLAKE2B 733b6eed366ca33085251c3c6f3655060d3cc02a77f5f53a21c9163b894400c7418c3d9f032c8f6d460d58b35594f6ba1cd8eea0a667fbe1849a8eb866074ce5 SHA512 8cb227c2e156bd642be29b15ae7a7de9e4839d6f4b5e0132982659eaab442347d3ef3eedd1bfb8f936a5a1dc98b6d41be915f7da53fd6764f8b6becbaf6cff98 AUX yaml-cpp-0.6.3-CVE-2017-11692.patch 1433 BLAKE2B 9218756605cf721c86e9ab01b0d8cb7a13371cc32282395dd96a82d184222afb18bf780e1d224ea1ea6d1e4c3e796cb822fb12a4705d54bc6b244007c5b612b1 SHA512 a95e40f6718b099567a37731a09db6679920bb91046632dbc0671b0d99c4c1e706954b39ca7b798732289b4a0d129dba9fa75f198e99db53152ceaf3a259a160 AUX yaml-cpp-0.6.3-abi-breakage.patch 1911 BLAKE2B e595bdf3dff91624aa75a233a6a95db3862a7bbe645a6219704fa25c0887321dc5c461d13b6694ebca31d0da795bb750701ad0c6b9f79be0eecd85b07a71a256 SHA512 0a3c0655a1319eda09796a7ddbcef8a27884cdcbc95d34d82b6202652da3b15d7afa6e22563af39f6c6c87b7a70bdee3c1216a5523604d309345d556ada702b9 -DIST yaml-cpp-0.6.2.tar.gz 1396250 BLAKE2B be342c212c980cdb03349dbafbe1db0bb581123b4dd6909393d3cdc86145b997a9d2f9b57a5e9d7c8cc60cdfd03f1c37e9db610d8784f2d29fdeada5ab322894 SHA512 fea8ce0a20a00cbc75023d1db442edfcd32d0ac57a3c41b32ec8d56f87cc1d85d7dd7a923ce662f5d3a315f91a736d6be0d649997acd190915c1d68cc93795e4 +AUX yaml-cpp-0.6.3-fix-overflows.patch 4671 BLAKE2B 77a4256a41bc5f0de98ada425c15cea6b377430c0303205895136eaa7588f30d646af1cb670d74b3be405e392f1f3648ef3c3378ce115b983c6ff8bfe398d3fd SHA512 ed6a472e712511ccac1c94c837bc64b933e301476a6d19f59f468487d4ace3e1862e7da310214e5f25b81c907d92f3f9690eebce0ec4f7661fc6584de393c5fb DIST yaml-cpp-0.6.3.tar.gz 1398768 BLAKE2B 07abe1c56740105a0af2335bb1cd48086cb614d9d04c61342e53788bfb043fd7eb2629e441a0a5be50898b288f3526f1707c5fdf1d734395b6450c3103773b14 SHA512 68b9ce987cabc1dec79382f922de20cc2c222cb9c090ecb93dc686b048da5c917facf4fce6d8f72feea44b61e5a6770ed3b0c199c4cd4e6bde5b6245c09f8e49 -EBUILD yaml-cpp-0.6.2.ebuild 923 BLAKE2B 56c096aaa6f7be157e5d83594968e2e65bfee0ea152a95f6a8d0d3b7aeff202a97ef8b70739b8430120978ecb416ddd94c15b9c20e25580fb12c4f011bf8251b SHA512 41a527eec285e4ce2122cedbcc6aed7ae38eb6b5ab21ae5d691205d7990a7fb6bebb9d8b93d4253939b96cd3b232e7b3ec596d5d3fc8ddaa2df35b13f0396af1 -EBUILD yaml-cpp-0.6.3-r1.ebuild 972 BLAKE2B ce630cbf1b1f58728cda0a79f8d922f8fa57eb1dbd11e64efe3983bf1fbe52412c59d651ca9bd7d53006670238953e67ecea4e9b224590020635d6431cf3fd29 SHA512 8796a6ce430f75762a7b3689a2c5a85922ee6329aefe1d998d9b4b99f0b1dbbad6ca5dc492a8104dd99c392606073cc02ef14d656db766647b5177227efcead7 EBUILD yaml-cpp-0.6.3-r2.ebuild 1008 BLAKE2B 72db675270af1fbdeb3ccf2281a262c75ecabd8ace9098f793bae08a663c2ed6219b9882bc482fb6b5e9240a7af4da2a7f32d04d3e3a5d7456fd6b3cf5123821 SHA512 6dac3f63470f1c4e82f16195cfa24726b281c83de7915b261d98833a0b7e882afdfb89d5d8dbd4babacdab1e467046b2139147376dbcc764169e4612758961b4 +EBUILD yaml-cpp-0.6.3-r3.ebuild 1049 BLAKE2B d3bd7c04f5b6657e100cdfa3ccf6327bf2e2e2c2bb428ebc44f85cdde11d190948c87131f668782f46bba73f9b5e9d5b3cac39667a28955af381e7aa696fee49 SHA512 ab100fe154a189ccde2b602bc5fb437f6368523d6df3bbf850f144020286e2b3e02a5ea83d86852033557d82ab3617dfcdf082ce500885fae245a1c11de54f46 MISC metadata.xml 325 BLAKE2B 8e094a75d87d80e86efaf6ee191225ad0772dac343ae12ec84e73faffc17464c8431ee78018602127fd52441a6b18d09b58127b7d7ea1ee02163f58d327f0f3f SHA512 a4a5de1911c7bfeb37a3ca5aca8b3c044d51230164ac7d14566a9a4064e5202fac0e613089191ea959d0bb3df157049932d394d167e32fc8a432ab35e4cf24ae diff --git a/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.2-CVE-2017-5950.patch b/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.2-CVE-2017-5950.patch deleted file mode 100644 index 2892108bd250..000000000000 --- a/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.2-CVE-2017-5950.patch +++ /dev/null @@ -1,45 +0,0 @@ -From d540476e31b080aa1f903ad20ec0426dd3838be7 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= <anarcat@debian.org> -Date: Tue, 25 Apr 2017 20:10:20 -0400 -Subject: [PATCH] fix stack overflow in HandleNode() (CVE-2017-5950) - -simply set a hardcoded recursion limit to 2000 (inspired by Python's) -to avoid infinitely recursing into arbitrary data structures - -assert() the depth. unsure if this is the right approach, but given -that HandleNode() is "void", I am not sure how else to return an -error. the problem with this approach of course is that it will still -crash the caller, unless they have proper exception handling in place. - -Closes: #459 ---- - src/singledocparser.cpp | 2 ++ - src/singledocparser.h | 2 ++ - 2 files changed, 4 insertions(+) - -diff --git a/src/singledocparser.cpp b/src/singledocparser.cpp -index a27c1c3b..1b4262ee 100644 ---- a/src/singledocparser.cpp -+++ b/src/singledocparser.cpp -@@ -46,6 +46,8 @@ void SingleDocParser::HandleDocument(EventHandler& eventHandler) { - } - - void SingleDocParser::HandleNode(EventHandler& eventHandler) { -+ assert(depth < depth_limit); -+ depth++; - // an empty node *is* a possibility - if (m_scanner.empty()) { - eventHandler.OnNull(m_scanner.mark(), NullAnchor); -diff --git a/src/singledocparser.h b/src/singledocparser.h -index 2b92067c..7046f1e2 100644 ---- a/src/singledocparser.h -+++ b/src/singledocparser.h -@@ -51,6 +51,8 @@ class SingleDocParser : private noncopyable { - anchor_t LookupAnchor(const Mark& mark, const std::string& name) const; - - private: -+ int depth = 0; -+ int depth_limit = 2000; - Scanner& m_scanner; - const Directives& m_directives; - std::unique_ptr<CollectionStack> m_pCollectionStack; diff --git a/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.2-unbundle-gtest.patch b/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.2-unbundle-gtest.patch deleted file mode 100644 index 671bde36704a..000000000000 --- a/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.2-unbundle-gtest.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 259f944bc3e45420f5891737101260f07ab3030a Mon Sep 17 00:00:00 2001 -From: "Azamat H. Hackimov" <azamat.hackimov@gmail.com> -Date: Tue, 27 Feb 2018 14:17:49 +0500 -Subject: [PATCH] Externalize googletest project - -Externalize gtest to avoid installation, fixes #539. ---- - test/CMakeLists.txt | 35 ++++++++++++++++++++++++++--------- - 1 file changed, 26 insertions(+), 9 deletions(-) - -diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt -index 3633da5..7b39dd4 100644 ---- a/test/CMakeLists.txt -+++ b/test/CMakeLists.txt -@@ -1,16 +1,27 @@ -+include(ExternalProject) -+ -+ExternalProject_Add( -+ googletest_project -+ SOURCE_DIR "${CMAKE_SOURCE_DIR}/test/gtest-1.8.0" -+ INSTALL_DIR "${CMAKE_BINARY_DIR}/prefix" -+ CMAKE_ARGS -DCMAKE_INSTALL_PREFIX:PATH=<INSTALL_DIR> -DBUILD_GMOCK=ON -+) -+ -+add_library(gmock UNKNOWN IMPORTED) -+set_target_properties(gmock PROPERTIES -+ IMPORTED_LOCATION ${PROJECT_BINARY_DIR}/prefix/lib/libgmock.a -+) -+ -+find_package(Threads) -+ -+include_directories(SYSTEM "${PROJECT_BINARY_DIR}/prefix/include") -+ - set(gtest_force_shared_crt ${MSVC_SHARED_RT} CACHE BOOL - "Use shared (DLL) run-time lib even when Google Test built as a static lib.") --add_subdirectory(gtest-1.8.0) --include_directories(SYSTEM gtest-1.8.0/googlemock/include) --include_directories(SYSTEM gtest-1.8.0/googletest/include) -- --if(WIN32 AND BUILD_SHARED_LIBS) -- add_definitions("-DGTEST_LINKED_AS_SHARED_LIBRARY") --endif() - - if(CMAKE_CXX_COMPILER_ID MATCHES "GNU" OR - CMAKE_CXX_COMPILER_ID MATCHES "Clang") -- set(yaml_test_flags "-Wno-variadic-macros -Wno-sign-compare") -+ set(yaml_test_flags "-Wno-variadic-macros -Wno-sign-compare") - - if(CMAKE_CXX_COMPILER_ID MATCHES "Clang") - set(yaml_test_flags "${yaml_test_flags} -Wno-c99-extensions") -@@ -36,9 +47,15 @@ add_executable(run-tests - ${test_sources} - ${test_headers} - ) -+ -+add_dependencies(run-tests googletest_project) -+ - set_target_properties(run-tests PROPERTIES - COMPILE_FLAGS "${yaml_c_flags} ${yaml_cxx_flags} ${yaml_test_flags}" - ) --target_link_libraries(run-tests yaml-cpp gmock) -+target_link_libraries(run-tests -+ yaml-cpp -+ gmock -+ ${CMAKE_THREAD_LIBS_INIT}) - - add_test(yaml-test ${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/run-tests) --- -2.16.1 - diff --git a/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.3-fix-overflows.patch b/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.3-fix-overflows.patch new file mode 100644 index 000000000000..4c5418db22d3 --- /dev/null +++ b/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.3-fix-overflows.patch @@ -0,0 +1,149 @@ +This patch comes from the upstream commit here[1], slightly modified to +apply to 0.6.3. The pull request[2] mentions fixing CVE-2017-5950, +CVE-2018-{20573,20574}, and CVE-2019-6285. Note that CVE-2019-6292 appears to +be a duplicate of CVE-2019-6285 [3]. + +[1] https://github.com/jbeder/yaml-cpp/commit/4edff1fa5dbfca16fc72d89870841bee89f8ef89 +[2] https://github.com/jbeder/yaml-cpp/pull/807 +[3] https://github.com/jbeder/yaml-cpp/issues/660 + +diff --git a/include/yaml-cpp/depthguard.h b/include/yaml-cpp/depthguard.h +new file mode 100644 +index 00000000..8ca61ac6 +--- /dev/null ++++ b/include/yaml-cpp/depthguard.h +@@ -0,0 +1,77 @@ ++#ifndef DEPTH_GUARD_H_00000000000000000000000000000000000000000000000000000000 ++#define DEPTH_GUARD_H_00000000000000000000000000000000000000000000000000000000 ++ ++#if defined(_MSC_VER) || \ ++ (defined(__GNUC__) && (__GNUC__ == 3 && __GNUC_MINOR__ >= 4) || \ ++ (__GNUC__ >= 4)) // GCC supports "pragma once" correctly since 3.4 ++#pragma once ++#endif ++ ++#include "exceptions.h" ++ ++namespace YAML { ++ ++/** ++ * @brief The DeepRecursion class ++ * An exception class which is thrown by DepthGuard. Ideally it should be ++ * a member of DepthGuard. However, DepthGuard is a templated class which means ++ * that any catch points would then need to know the template parameters. It is ++ * simpler for clients to not have to know at the catch point what was the ++ * maximum depth. ++ */ ++class DeepRecursion : public ParserException { ++public: ++ virtual ~DeepRecursion() = default; ++ ++ DeepRecursion(int depth, const Mark& mark_, const std::string& msg_); ++ ++ // Returns the recursion depth when the exception was thrown ++ int depth() const { ++ return m_depth; ++ } ++ ++private: ++ int m_depth = 0; ++}; ++ ++/** ++ * @brief The DepthGuard class ++ * DepthGuard takes a reference to an integer. It increments the integer upon ++ * construction of DepthGuard and decrements the integer upon destruction. ++ * ++ * If the integer would be incremented past max_depth, then an exception is ++ * thrown. This is ideally geared toward guarding against deep recursion. ++ * ++ * @param max_depth ++ * compile-time configurable maximum depth. ++ */ ++template <int max_depth = 2000> ++class DepthGuard final { ++public: ++ DepthGuard(int & depth_, const Mark& mark_, const std::string& msg_) : m_depth(depth_) { ++ ++m_depth; ++ if ( max_depth <= m_depth ) { ++ throw DeepRecursion{m_depth, mark_, msg_}; ++ } ++ } ++ ++ DepthGuard(const DepthGuard & copy_ctor) = delete; ++ DepthGuard(DepthGuard && move_ctor) = delete; ++ DepthGuard & operator=(const DepthGuard & copy_assign) = delete; ++ DepthGuard & operator=(DepthGuard && move_assign) = delete; ++ ++ ~DepthGuard() { ++ --m_depth; ++ } ++ ++ int current_depth() const { ++ return m_depth; ++ } ++ ++private: ++ int & m_depth; ++}; ++ ++} // namespace YAML ++ ++#endif // DEPTH_GUARD_H_00000000000000000000000000000000000000000000000000000000 +diff --git a/src/depthguard.cpp b/src/depthguard.cpp +new file mode 100644 +index 00000000..b88cd340 +--- /dev/null ++++ b/src/depthguard.cpp +@@ -0,0 +1,10 @@ ++#include "yaml-cpp/depthguard.h" ++ ++namespace YAML { ++ ++DeepRecursion::DeepRecursion(int depth, const Mark& mark_, const std::string& msg_) ++ : ParserException(mark_, msg_), ++ m_depth(depth) { ++} ++ ++} // namespace YAML +diff --git a/src/singledocparser.cpp b/src/singledocparser.cpp +index 47e9e047..3e5638be 100644 +--- a/src/singledocparser.cpp ++++ b/src/singledocparser.cpp +@@ -7,6 +7,7 @@ + #include "singledocparser.h" + #include "tag.h" + #include "token.h" ++#include "yaml-cpp/depthguard.h" + #include "yaml-cpp/emitterstyle.h" + #include "yaml-cpp/eventhandler.h" + #include "yaml-cpp/exceptions.h" // IWYU pragma: keep +@@ -47,6 +48,8 @@ void SingleDocParser::HandleDocument(EventHandler& eventHandler) { + } + + void SingleDocParser::HandleNode(EventHandler& eventHandler) { ++ DepthGuard<2000> depthguard(depth, m_scanner.mark(), ErrorMsg::BAD_FILE); ++ + // an empty node *is* a possibility + if (m_scanner.empty()) { + eventHandler.OnNull(m_scanner.mark(), NullAnchor); +diff --git a/src/singledocparser.h b/src/singledocparser.h +index c8cfca9d..f484eb1f 100644 +--- a/src/singledocparser.h ++++ b/src/singledocparser.h +@@ -15,6 +15,7 @@ + + namespace YAML { + class CollectionStack; ++template <int> class DepthGuard; // depthguard.h + class EventHandler; + class Node; + class Scanner; +@@ -55,6 +56,7 @@ class SingleDocParser { + anchor_t LookupAnchor(const Mark& mark, const std::string& name) const; + + private: ++ int depth = 0; + Scanner& m_scanner; + const Directives& m_directives; + std::unique_ptr<CollectionStack> m_pCollectionStack; diff --git a/dev-cpp/yaml-cpp/yaml-cpp-0.6.2.ebuild b/dev-cpp/yaml-cpp/yaml-cpp-0.6.2.ebuild deleted file mode 100644 index 925e955fe1d7..000000000000 --- a/dev-cpp/yaml-cpp/yaml-cpp-0.6.2.ebuild +++ /dev/null @@ -1,42 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -inherit cmake-multilib - -DESCRIPTION="YAML parser and emitter in C++" -HOMEPAGE="https://github.com/jbeder/yaml-cpp" -SRC_URI="https://github.com/jbeder/${PN}/archive/${P}.tar.gz" - -LICENSE="MIT" -SLOT="0/0.6" -KEYWORDS="amd64 ~arm arm64 ~hppa ppc ppc64 sparc x86 ~amd64-linux ~x86-linux" -IUSE="test" -RESTRICT="!test? ( test )" - -DEPEND="test? ( dev-cpp/gtest )" - -S="${WORKDIR}/${PN}-${P}" - -PATCHES=( - "${FILESDIR}/${P}-CVE-2017-5950.patch" - "${FILESDIR}/${P}-unbundle-gtest.patch" -) - -src_prepare() { - sed -i \ - -e 's:INCLUDE_INSTALL_ROOT_DIR:INCLUDE_INSTALL_DIR:g' \ - yaml-cpp.pc.cmake || die - - cmake-utils_src_prepare -} - -src_configure() { - local mycmakeargs=( - -DBUILD_SHARED_LIBS=ON - -DYAML_CPP_BUILD_TOOLS=OFF # Don't have install rule - -DYAML_CPP_BUILD_TESTS=$(usex test) - ) - cmake-multilib_src_configure -} diff --git a/dev-cpp/yaml-cpp/yaml-cpp-0.6.3-r1.ebuild b/dev-cpp/yaml-cpp/yaml-cpp-0.6.3-r3.ebuild index 8a579eada7c4..52d1f54deaa2 100644 --- a/dev-cpp/yaml-cpp/yaml-cpp-0.6.3-r1.ebuild +++ b/dev-cpp/yaml-cpp/yaml-cpp-0.6.3-r3.ebuild @@ -12,18 +12,22 @@ SRC_URI="https://github.com/jbeder/${PN}/archive/${P}.tar.gz" LICENSE="MIT" SLOT="0/0.6" -KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ppc ~ppc64 ~sparc ~x86 ~amd64-linux ~x86-linux" +KEYWORDS="amd64 ~arm arm64 ~hppa ~ppc ~ppc64 sparc x86 ~amd64-linux ~x86-linux" IUSE="test" # test breaks build -# RESTRICT="!test? ( test )" +#RESTRICT="!test? ( test )" RESTRICT+="test" DEPEND="test? ( dev-cpp/gtest )" S="${WORKDIR}/${PN}-${P}" -PATCHES=( "${FILESDIR}/${P}-abi-breakage.patch" ) +PATCHES=( + "${FILESDIR}/${P}-abi-breakage.patch" + "${FILESDIR}/${P}-CVE-2017-11692.patch" + "${FILESDIR}/${P}-fix-overflows.patch" +) src_prepare() { sed -i \ |