A new user interface for you! Read more...

File libyaml-CVE-2014-2525-URL-buffer-overflow.patch of Package libyaml

diff -r d7cb9c2731c0 configure.ac
--- a/configure.ac	Mon Feb 03 23:42:24 2014 -0600
+++ b/configure.ac	Fri Mar 14 17:52:43 2014 -0500
@@ -19,7 +19,7 @@
 #           YAML_AGE = 0
 m4_define([YAML_RELEASE], 0)
 m4_define([YAML_CURRENT], 2)
-m4_define([YAML_REVISION], 2)
+m4_define([YAML_REVISION], 4)
 m4_define([YAML_AGE], 0)
 
 # Initialize autoconf & automake.
diff -r d7cb9c2731c0 src/scanner.c
--- a/src/scanner.c	Mon Feb 03 23:42:24 2014 -0600
+++ b/src/scanner.c	Fri Mar 14 17:52:43 2014 -0500
@@ -2629,6 +2629,9 @@
         /* Check if it is a URI-escape sequence. */
 
         if (CHECK(parser->buffer, '%')) {
+            if (!STRING_EXTEND(parser, string))
+                goto error;
+
             if (!yaml_parser_scan_uri_escapes(parser,
                         directive, start_mark, &string)) goto error;
         }
diff -r d7cb9c2731c0 src/yaml_private.h
--- a/src/yaml_private.h	Mon Feb 03 23:42:24 2014 -0600
+++ b/src/yaml_private.h	Fri Mar 14 17:52:43 2014 -0500
@@ -143,9 +143,12 @@
      (string).start = (string).pointer = (string).end = 0)
 
 #define STRING_EXTEND(context,string)                                           \
-    (((string).pointer+5 < (string).end)                                        \
+    ((((string).pointer+5 < (string).end)                                       \
         || yaml_string_extend(&(string).start,                                  \
-            &(string).pointer, &(string).end))
+            &(string).pointer, &(string).end)) ?                                \
+         1 :                                                                    \
+        ((context)->error = YAML_MEMORY_ERROR,                                  \
+         0))
 
 #define CLEAR(context,string)                                                   \
     ((string).pointer = (string).start,                                         \
diff -r d7cb9c2731c0 win32/config.h