1 |
commit: 40eeb5defc05e61c4e03830e6f071e8c1d629f68 |
2 |
Author: Azamat H. Hackimov <azamat.hackimov <AT> gmail <DOT> com> |
3 |
AuthorDate: Tue Feb 27 10:41:23 2018 +0000 |
4 |
Commit: Johannes Huber <johu <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Mar 29 18:38:21 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=40eeb5de |
7 |
|
8 |
dev-cpp/yaml-cpp: version bump to 0.6.2 |
9 |
|
10 |
Bug: https://bugs.gentoo.org/614850 |
11 |
Closes: https://bugs.gentoo.org/638326 |
12 |
Closes: https://github.com/gentoo/gentoo/pull/7294 |
13 |
Package-Manager: Portage-2.3.26, Repoman-2.3.7 |
14 |
Signed-off-by: Johannes Huber <johu <AT> gentoo.org> |
15 |
|
16 |
dev-cpp/yaml-cpp/Manifest | 1 + |
17 |
.../files/yaml-cpp-0.6.2-CVE-2017-5950.patch | 45 ++++++++++++++ |
18 |
.../files/yaml-cpp-0.6.2-unbundle-gtest.patch | 70 ++++++++++++++++++++++ |
19 |
dev-cpp/yaml-cpp/yaml-cpp-0.6.2.ebuild | 41 +++++++++++++ |
20 |
4 files changed, 157 insertions(+) |
21 |
|
22 |
diff --git a/dev-cpp/yaml-cpp/Manifest b/dev-cpp/yaml-cpp/Manifest |
23 |
index 90cc2aa7b6c..bac72aa90f8 100644 |
24 |
--- a/dev-cpp/yaml-cpp/Manifest |
25 |
+++ b/dev-cpp/yaml-cpp/Manifest |
26 |
@@ -1 +1,2 @@ |
27 |
DIST yaml-cpp-0.5.3.tar.gz 2016737 BLAKE2B 6c10d44fe04fdd81cd61c909acdb576834f5358dd44353723b04d8a42bf8a1312cfa752e445c84f93c6ce76358b2d42dee5263f6fbd47a1f928d1cd28aedef07 SHA512 5ed15fee3c6455c08e6bd8f74256b230f274ef18f8e144491e940640e41626517c7eaaf4a1f380c4179066a2a757c8a0f61878df9dc3caa15e37c4954be47fe0 |
28 |
+DIST yaml-cpp-0.6.2.tar.gz 1396250 BLAKE2B be342c212c980cdb03349dbafbe1db0bb581123b4dd6909393d3cdc86145b997a9d2f9b57a5e9d7c8cc60cdfd03f1c37e9db610d8784f2d29fdeada5ab322894 SHA512 fea8ce0a20a00cbc75023d1db442edfcd32d0ac57a3c41b32ec8d56f87cc1d85d7dd7a923ce662f5d3a315f91a736d6be0d649997acd190915c1d68cc93795e4 |
29 |
|
30 |
diff --git a/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.2-CVE-2017-5950.patch b/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.2-CVE-2017-5950.patch |
31 |
new file mode 100644 |
32 |
index 00000000000..2892108bd25 |
33 |
--- /dev/null |
34 |
+++ b/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.2-CVE-2017-5950.patch |
35 |
@@ -0,0 +1,45 @@ |
36 |
+From d540476e31b080aa1f903ad20ec0426dd3838be7 Mon Sep 17 00:00:00 2001 |
37 |
+From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= <anarcat@××××××.org> |
38 |
+Date: Tue, 25 Apr 2017 20:10:20 -0400 |
39 |
+Subject: [PATCH] fix stack overflow in HandleNode() (CVE-2017-5950) |
40 |
+ |
41 |
+simply set a hardcoded recursion limit to 2000 (inspired by Python's) |
42 |
+to avoid infinitely recursing into arbitrary data structures |
43 |
+ |
44 |
+assert() the depth. unsure if this is the right approach, but given |
45 |
+that HandleNode() is "void", I am not sure how else to return an |
46 |
+error. the problem with this approach of course is that it will still |
47 |
+crash the caller, unless they have proper exception handling in place. |
48 |
+ |
49 |
+Closes: #459 |
50 |
+--- |
51 |
+ src/singledocparser.cpp | 2 ++ |
52 |
+ src/singledocparser.h | 2 ++ |
53 |
+ 2 files changed, 4 insertions(+) |
54 |
+ |
55 |
+diff --git a/src/singledocparser.cpp b/src/singledocparser.cpp |
56 |
+index a27c1c3b..1b4262ee 100644 |
57 |
+--- a/src/singledocparser.cpp |
58 |
++++ b/src/singledocparser.cpp |
59 |
+@@ -46,6 +46,8 @@ void SingleDocParser::HandleDocument(EventHandler& eventHandler) { |
60 |
+ } |
61 |
+ |
62 |
+ void SingleDocParser::HandleNode(EventHandler& eventHandler) { |
63 |
++ assert(depth < depth_limit); |
64 |
++ depth++; |
65 |
+ // an empty node *is* a possibility |
66 |
+ if (m_scanner.empty()) { |
67 |
+ eventHandler.OnNull(m_scanner.mark(), NullAnchor); |
68 |
+diff --git a/src/singledocparser.h b/src/singledocparser.h |
69 |
+index 2b92067c..7046f1e2 100644 |
70 |
+--- a/src/singledocparser.h |
71 |
++++ b/src/singledocparser.h |
72 |
+@@ -51,6 +51,8 @@ class SingleDocParser : private noncopyable { |
73 |
+ anchor_t LookupAnchor(const Mark& mark, const std::string& name) const; |
74 |
+ |
75 |
+ private: |
76 |
++ int depth = 0; |
77 |
++ int depth_limit = 2000; |
78 |
+ Scanner& m_scanner; |
79 |
+ const Directives& m_directives; |
80 |
+ std::unique_ptr<CollectionStack> m_pCollectionStack; |
81 |
|
82 |
diff --git a/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.2-unbundle-gtest.patch b/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.2-unbundle-gtest.patch |
83 |
new file mode 100644 |
84 |
index 00000000000..671bde36704 |
85 |
--- /dev/null |
86 |
+++ b/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.2-unbundle-gtest.patch |
87 |
@@ -0,0 +1,70 @@ |
88 |
+From 259f944bc3e45420f5891737101260f07ab3030a Mon Sep 17 00:00:00 2001 |
89 |
+From: "Azamat H. Hackimov" <azamat.hackimov@×××××.com> |
90 |
+Date: Tue, 27 Feb 2018 14:17:49 +0500 |
91 |
+Subject: [PATCH] Externalize googletest project |
92 |
+ |
93 |
+Externalize gtest to avoid installation, fixes #539. |
94 |
+--- |
95 |
+ test/CMakeLists.txt | 35 ++++++++++++++++++++++++++--------- |
96 |
+ 1 file changed, 26 insertions(+), 9 deletions(-) |
97 |
+ |
98 |
+diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt |
99 |
+index 3633da5..7b39dd4 100644 |
100 |
+--- a/test/CMakeLists.txt |
101 |
++++ b/test/CMakeLists.txt |
102 |
+@@ -1,16 +1,27 @@ |
103 |
++include(ExternalProject) |
104 |
++ |
105 |
++ExternalProject_Add( |
106 |
++ googletest_project |
107 |
++ SOURCE_DIR "${CMAKE_SOURCE_DIR}/test/gtest-1.8.0" |
108 |
++ INSTALL_DIR "${CMAKE_BINARY_DIR}/prefix" |
109 |
++ CMAKE_ARGS -DCMAKE_INSTALL_PREFIX:PATH=<INSTALL_DIR> -DBUILD_GMOCK=ON |
110 |
++) |
111 |
++ |
112 |
++add_library(gmock UNKNOWN IMPORTED) |
113 |
++set_target_properties(gmock PROPERTIES |
114 |
++ IMPORTED_LOCATION ${PROJECT_BINARY_DIR}/prefix/lib/libgmock.a |
115 |
++) |
116 |
++ |
117 |
++find_package(Threads) |
118 |
++ |
119 |
++include_directories(SYSTEM "${PROJECT_BINARY_DIR}/prefix/include") |
120 |
++ |
121 |
+ set(gtest_force_shared_crt ${MSVC_SHARED_RT} CACHE BOOL |
122 |
+ "Use shared (DLL) run-time lib even when Google Test built as a static lib.") |
123 |
+-add_subdirectory(gtest-1.8.0) |
124 |
+-include_directories(SYSTEM gtest-1.8.0/googlemock/include) |
125 |
+-include_directories(SYSTEM gtest-1.8.0/googletest/include) |
126 |
+- |
127 |
+-if(WIN32 AND BUILD_SHARED_LIBS) |
128 |
+- add_definitions("-DGTEST_LINKED_AS_SHARED_LIBRARY") |
129 |
+-endif() |
130 |
+ |
131 |
+ if(CMAKE_CXX_COMPILER_ID MATCHES "GNU" OR |
132 |
+ CMAKE_CXX_COMPILER_ID MATCHES "Clang") |
133 |
+- set(yaml_test_flags "-Wno-variadic-macros -Wno-sign-compare") |
134 |
++ set(yaml_test_flags "-Wno-variadic-macros -Wno-sign-compare") |
135 |
+ |
136 |
+ if(CMAKE_CXX_COMPILER_ID MATCHES "Clang") |
137 |
+ set(yaml_test_flags "${yaml_test_flags} -Wno-c99-extensions") |
138 |
+@@ -36,9 +47,15 @@ add_executable(run-tests |
139 |
+ ${test_sources} |
140 |
+ ${test_headers} |
141 |
+ ) |
142 |
++ |
143 |
++add_dependencies(run-tests googletest_project) |
144 |
++ |
145 |
+ set_target_properties(run-tests PROPERTIES |
146 |
+ COMPILE_FLAGS "${yaml_c_flags} ${yaml_cxx_flags} ${yaml_test_flags}" |
147 |
+ ) |
148 |
+-target_link_libraries(run-tests yaml-cpp gmock) |
149 |
++target_link_libraries(run-tests |
150 |
++ yaml-cpp |
151 |
++ gmock |
152 |
++ ${CMAKE_THREAD_LIBS_INIT}) |
153 |
+ |
154 |
+ add_test(yaml-test ${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/run-tests) |
155 |
+-- |
156 |
+2.16.1 |
157 |
+ |
158 |
|
159 |
diff --git a/dev-cpp/yaml-cpp/yaml-cpp-0.6.2.ebuild b/dev-cpp/yaml-cpp/yaml-cpp-0.6.2.ebuild |
160 |
new file mode 100644 |
161 |
index 00000000000..608eab3ed61 |
162 |
--- /dev/null |
163 |
+++ b/dev-cpp/yaml-cpp/yaml-cpp-0.6.2.ebuild |
164 |
@@ -0,0 +1,41 @@ |
165 |
+# Copyright 1999-2018 Gentoo Foundation |
166 |
+# Distributed under the terms of the GNU General Public License v2 |
167 |
+ |
168 |
+EAPI=6 |
169 |
+ |
170 |
+inherit cmake-multilib |
171 |
+ |
172 |
+DESCRIPTION="YAML parser and emitter in C++" |
173 |
+HOMEPAGE="https://github.com/jbeder/yaml-cpp" |
174 |
+SRC_URI="https://github.com/jbeder/${PN}/archive/${P}.tar.gz" |
175 |
+ |
176 |
+LICENSE="MIT" |
177 |
+SLOT="0/0.6" |
178 |
+KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ppc ~ppc64 ~sparc ~x86 ~amd64-linux ~x86-linux" |
179 |
+IUSE="test" |
180 |
+ |
181 |
+DEPEND="test? ( dev-cpp/gtest )" |
182 |
+ |
183 |
+S="${WORKDIR}/${PN}-${P}" |
184 |
+ |
185 |
+PATCHES=( |
186 |
+ "${FILESDIR}/${P}-CVE-2017-5950.patch" |
187 |
+ "${FILESDIR}/${P}-unbundle-gtest.patch" |
188 |
+) |
189 |
+ |
190 |
+src_prepare() { |
191 |
+ sed -i \ |
192 |
+ -e 's:INCLUDE_INSTALL_ROOT_DIR:INCLUDE_INSTALL_DIR:g' \ |
193 |
+ yaml-cpp.pc.cmake || die |
194 |
+ |
195 |
+ cmake-utils_src_prepare |
196 |
+} |
197 |
+ |
198 |
+src_configure() { |
199 |
+ local mycmakeargs=( |
200 |
+ -DBUILD_SHARED_LIBS=ON |
201 |
+ -DYAML_CPP_BUILD_TOOLS=OFF # Don't have install rule |
202 |
+ -DYAML_CPP_BUILD_TESTS=$(usex test) |
203 |
+ ) |
204 |
+ cmake-multilib_src_configure |
205 |
+} |