Imported Debian patch 0.1.4-2+deb7u1

diff --git a/debian/changelog b/debian/changelog
index 0dbfe670121e137a463ea43c406534fb90984151..dfa0d7ca07d1329109f492620ca7a918c5bafb84 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+libyaml (0.1.4-2+deb7u1) stable-security; urgency=low
+
+  * CVE-2013-6393
+
+ -- Moritz Muehlenhoff <jmm@debian.org>  Thu, 23 Jan 2014 21:03:55 +0000
+
 libyaml (0.1.4-2) unstable; urgency=low
 
   * Remove extra libyaml-0.so symlink from libyaml-dev.

diff --git a/debian/patches/CVE-2013-6393 b/debian/patches/CVE-2013-6393
new file mode 100644 (file)
index 0000000..1bda866
--- /dev/null
+++ b/debian/patches/CVE-2013-6393
@@ -0,0 +1,63 @@
+CVE-2013-6393
+
+Patch by Garth Mollett <gmollett@redhat.com>
+
+--- libyaml-0.1.4.orig/src/scanner.c
++++ libyaml-0.1.4/src/scanner.c
+@@ -615,11 +615,11 @@ yaml_parser_decrease_flow_level(yaml_par
+  */
+ 
+ static int
+-yaml_parser_roll_indent(yaml_parser_t *parser, int column,
++yaml_parser_roll_indent(yaml_parser_t *parser, size_t column,
+         int number, yaml_token_type_t type, yaml_mark_t mark);
+ 
+ static int
+-yaml_parser_unroll_indent(yaml_parser_t *parser, int column);
++yaml_parser_unroll_indent(yaml_parser_t *parser, size_t column);
+ 
+ /*
+  * Token fetchers.
+@@ -1206,7 +1206,7 @@ yaml_parser_decrease_flow_level(yaml_par
+  */
+ 
+ static int
+-yaml_parser_roll_indent(yaml_parser_t *parser, int column,
++yaml_parser_roll_indent(yaml_parser_t *parser, size_t column,
+         int number, yaml_token_type_t type, yaml_mark_t mark)
+ {
+     yaml_token_t token;
+@@ -1254,7 +1254,7 @@ yaml_parser_roll_indent(yaml_parser_t *p
+ 
+ 
+ static int
+-yaml_parser_unroll_indent(yaml_parser_t *parser, int column)
++yaml_parser_unroll_indent(yaml_parser_t *parser, size_t column)
+ {
+     yaml_token_t token;
+ 
+@@ -2574,7 +2574,7 @@ yaml_parser_scan_tag_uri(yaml_parser_t *
+ 
+     /* Resize the string to include the head. */
+ 
+-    while (string.end - string.start <= (int)length) {
++    while ((size_t)(string.end - string.start) <= length) {
+         if (!yaml_string_extend(&string.start, &string.pointer, &string.end)) {
+             parser->error = YAML_MEMORY_ERROR;
+             goto error;
+--- libyaml-0.1.4.orig/src/api.c
++++ libyaml-0.1.4/src/api.c
+@@ -117,7 +117,12 @@ yaml_string_join(
+ YAML_DECLARE(int)
+ yaml_stack_extend(void **start, void **top, void **end)
+ {
+-    void *new_start = yaml_realloc(*start, ((char *)*end - (char *)*start)*2);
++    void *new_start;
++
++    if ((char *)*end - (char *)*start >= INT_MAX / 2)
++      return 0;
++
++    new_start = yaml_realloc(*start, ((char *)*end - (char *)*start)*2);
+ 
+     if (!new_start) return 0;
+ 

diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644 (file)
index 0000000..0b67ae8
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+CVE-2013-6393