Imported Debian patch 0.1.4-3.1

diff --git a/debian/changelog b/debian/changelog
index 9d59a4a0332e13e7757bf982d5583017bd773ab3..89e244d4a2258e27f2bfad358da36bc0e2d255ca 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+libyaml (0.1.4-3.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Drop libyaml-indent-column-overflow-v2.patch patch.
+    This patch causes additional regressions on simple YAML files.
+  * Add libyaml-guard-against-overflows-in-indent-and-flow_level.patch patch.
+    Add upstream's patch to guard against overflows in indent and
+    flow_level. (Closes: #738587)
+
+ -- Salvatore Bonaccorso <carnil@debian.org>  Thu, 13 Feb 2014 07:51:58 +0100
+
 libyaml (0.1.4-3) unstable; urgency=high
 
   * Fix CVE-2013-6393: heap-based buffer overflow when parsing YAML tags.

diff --git a/debian/patches/libyaml-guard-against-overflows-in-indent-and-flow_level.patch b/debian/patches/libyaml-guard-against-overflows-in-indent-and-flow_level.patch
new file mode 100644 (file)
index 0000000..80849ab
--- /dev/null
+++ b/debian/patches/libyaml-guard-against-overflows-in-indent-and-flow_level.patch
@@ -0,0 +1,86 @@
+Description: Guard against overflows in indent and flow_level
+Origin: upstream, https://bitbucket.org/xi/libyaml/commits/f859ed1eb757a3562b98a28a8ce69274bfd4b3f2,
+ https://bitbucket.org/xi/libyaml/commits/af3599437a87162554787c52d8b16eab553f537b
+Last-Update: 2014-02-10
+Applied-Upstream: 0.1.5
+
+--- a/src/scanner.c
++++ b/src/scanner.c
+@@ -615,11 +615,11 @@
+  */
+ 
+ static int
+-yaml_parser_roll_indent(yaml_parser_t *parser, int column,
+-        int number, yaml_token_type_t type, yaml_mark_t mark);
++yaml_parser_roll_indent(yaml_parser_t *parser, ptrdiff_t column,
++        ptrdiff_t number, yaml_token_type_t type, yaml_mark_t mark);
+ 
+ static int
+-yaml_parser_unroll_indent(yaml_parser_t *parser, int column);
++yaml_parser_unroll_indent(yaml_parser_t *parser, ptrdiff_t column);
+ 
+ /*
+  * Token fetchers.
+@@ -1103,7 +1103,7 @@
+      */
+ 
+     int required = (!parser->flow_level
+-            && parser->indent == (int)parser->mark.column);
++            && parser->indent == (ptrdiff_t)parser->mark.column);
+ 
+     /*
+      * A simple key is required only when it is the first token in the current
+@@ -1176,6 +1176,11 @@
+ 
+     /* Increase the flow level. */
+ 
++    if (parser->flow_level == INT_MAX) {
++        parser->error = YAML_MEMORY_ERROR;
++        return 0;
++    }
++
+     parser->flow_level++;
+ 
+     return 1;
+@@ -1206,8 +1211,8 @@
+  */
+ 
+ static int
+-yaml_parser_roll_indent(yaml_parser_t *parser, int column,
+-        int number, yaml_token_type_t type, yaml_mark_t mark)
++yaml_parser_roll_indent(yaml_parser_t *parser, ptrdiff_t column,
++        ptrdiff_t number, yaml_token_type_t type, yaml_mark_t mark)
+ {
+     yaml_token_t token;
+ 
+@@ -1226,6 +1231,11 @@
+         if (!PUSH(parser, parser->indents, parser->indent))
+             return 0;
+ 
++        if (column > INT_MAX) {
++            parser->error = YAML_MEMORY_ERROR;
++            return 0;
++      }
++
+         parser->indent = column;
+ 
+         /* Create a token and insert it into the queue. */
+@@ -1254,7 +1264,7 @@
+ 
+ 
+ static int
+-yaml_parser_unroll_indent(yaml_parser_t *parser, int column)
++yaml_parser_unroll_indent(yaml_parser_t *parser, ptrdiff_t column)
+ {
+     yaml_token_t token;
+ 
+--- a/src/yaml_private.h
++++ b/src/yaml_private.h
+@@ -7,6 +7,7 @@
+ 
+ #include <assert.h>
+ #include <limits.h>
++#include <stddef.h>
+ 
+ /*
+  * Memory management.

diff --git a/debian/patches/series b/debian/patches/series
index 620d9b4bc3388424fac6138e791708ca035fdb5a..7729c4e4fd7f2f2d19bb6cb8dc5c2a222a537043 100644 (file)
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,3 @@
 libyaml-string-overflow.patch
 libyaml-node-id-hardening.patch
-libyaml-indent-column-overflow-v2.patch
+libyaml-guard-against-overflows-in-indent-and-flow_level.patch