diff options
author | Tim Biermann <tbier@posteo.de> | 2021-07-13 21:33:55 +0200 |
---|---|---|
committer | Tim Biermann <tbier@posteo.de> | 2021-07-13 21:33:55 +0200 |
commit | a1f4e1e409bd2d1378cb65a177e692287f85ad31 (patch) | |
tree | 235427ec90cf13aba7f6117aca21957883cd5a3b /yaml-cpp | |
parent | cb01afe646cb9f2bbc4c68c6fb1c4be2ea51896c (diff) | |
download | contrib-a1f4e1e409bd2d1378cb65a177e692287f85ad31.tar.gz contrib-a1f4e1e409bd2d1378cb65a177e692287f85ad31.tar.xz |
yaml-cpp: 0.6.3 -> 0.7.0
Diffstat (limited to 'yaml-cpp')
-rw-r--r-- | yaml-cpp/.footprint | 25 | ||||
-rw-r--r-- | yaml-cpp/.signature | 11 | ||||
-rw-r--r-- | yaml-cpp/Pkgfile | 30 | ||||
-rw-r--r-- | yaml-cpp/patch-yaml-cpp-config.cmake.in | 17 | ||||
-rw-r--r-- | yaml-cpp/yaml-cpp-0.6.3-CVE-2017-11692.patch | 44 | ||||
-rw-r--r-- | yaml-cpp/yaml-cpp-0.6.3-fix-overflows.patch | 149 |
6 files changed, 58 insertions, 218 deletions
diff --git a/yaml-cpp/.footprint b/yaml-cpp/.footprint index 4616ec890..05c9b9b66 100644 --- a/yaml-cpp/.footprint +++ b/yaml-cpp/.footprint @@ -19,7 +19,6 @@ drwxr-xr-x root/root usr/include/yaml-cpp/contrib/ drwxr-xr-x root/root usr/include/yaml-cpp/node/ -rw-r--r-- root/root usr/include/yaml-cpp/node/convert.h drwxr-xr-x root/root usr/include/yaml-cpp/node/detail/ --rw-r--r-- root/root usr/include/yaml-cpp/node/detail/bool_type.h -rw-r--r-- root/root usr/include/yaml-cpp/node/detail/impl.h -rw-r--r-- root/root usr/include/yaml-cpp/node/detail/iterator.h -rw-r--r-- root/root usr/include/yaml-cpp/node/detail/iterator_fwd.h @@ -35,6 +34,7 @@ drwxr-xr-x root/root usr/include/yaml-cpp/node/detail/ -rw-r--r-- root/root usr/include/yaml-cpp/node/parse.h -rw-r--r-- root/root usr/include/yaml-cpp/node/ptr.h -rw-r--r-- root/root usr/include/yaml-cpp/node/type.h +-rw-r--r-- root/root usr/include/yaml-cpp/noexcept.h -rw-r--r-- root/root usr/include/yaml-cpp/null.h -rw-r--r-- root/root usr/include/yaml-cpp/ostream_wrapper.h -rw-r--r-- root/root usr/include/yaml-cpp/parser.h @@ -42,14 +42,15 @@ drwxr-xr-x root/root usr/include/yaml-cpp/node/detail/ -rw-r--r-- root/root usr/include/yaml-cpp/traits.h -rw-r--r-- root/root usr/include/yaml-cpp/yaml.h drwxr-xr-x root/root usr/lib/ -drwxr-xr-x root/root usr/lib/cmake/ -drwxr-xr-x root/root usr/lib/cmake/yaml-cpp/ --rw-r--r-- root/root usr/lib/cmake/yaml-cpp/yaml-cpp-config-version.cmake --rw-r--r-- root/root usr/lib/cmake/yaml-cpp/yaml-cpp-config.cmake --rw-r--r-- root/root usr/lib/cmake/yaml-cpp/yaml-cpp-targets-release.cmake --rw-r--r-- root/root usr/lib/cmake/yaml-cpp/yaml-cpp-targets.cmake -lrwxrwxrwx root/root usr/lib/libyaml-cpp.so -> libyaml-cpp.so.0.6 -lrwxrwxrwx root/root usr/lib/libyaml-cpp.so.0.6 -> libyaml-cpp.so.0.6.3 --rwxr-xr-x root/root usr/lib/libyaml-cpp.so.0.6.3 -drwxr-xr-x root/root usr/lib/pkgconfig/ --rw-r--r-- root/root usr/lib/pkgconfig/yaml-cpp.pc +lrwxrwxrwx root/root usr/lib/libyaml-cpp.so -> libyaml-cpp.so.0.7 +lrwxrwxrwx root/root usr/lib/libyaml-cpp.so.0.7 -> libyaml-cpp.so.0.7.0 +-rwxr-xr-x root/root usr/lib/libyaml-cpp.so.0.7.0 +drwxr-xr-x root/root usr/share/ +drwxr-xr-x root/root usr/share/cmake/ +drwxr-xr-x root/root usr/share/cmake/yaml-cpp/ +-rw-r--r-- root/root usr/share/cmake/yaml-cpp/yaml-cpp-config-version.cmake +-rw-r--r-- root/root usr/share/cmake/yaml-cpp/yaml-cpp-config.cmake +-rw-r--r-- root/root usr/share/cmake/yaml-cpp/yaml-cpp-targets-release.cmake +-rw-r--r-- root/root usr/share/cmake/yaml-cpp/yaml-cpp-targets.cmake +drwxr-xr-x root/root usr/share/pkgconfig/ +-rw-r--r-- root/root usr/share/pkgconfig/yaml-cpp.pc diff --git a/yaml-cpp/.signature b/yaml-cpp/.signature index 732ca0d95..6eaeffebd 100644 --- a/yaml-cpp/.signature +++ b/yaml-cpp/.signature @@ -1,8 +1,7 @@ untrusted comment: verify with /etc/ports/contrib.pub -RWSagIOpLGJF30aYpSuMR3UvTdu4drg7ZM7TLdgeoQpWShusb5v2yd2dVKfOPewOilcp8N2B0ms16ZOyCRwNVf13pPX97eUnJgE= -SHA256 (Pkgfile) = bd1592f6a7ea0dc94746569695631c32cb0c4a299af2f4af9584ed1a9ec8ddba -SHA256 (.footprint) = b838e7061c0739dc1c7b57523e18367b3d5096258f09d2c6678f44cb6ec49cf3 -SHA256 (yaml-cpp-0.6.3.tar.gz) = 77ea1b90b3718aa0c324207cb29418f5bced2354c2e483a9523d98c3460af1ed -SHA256 (yaml-cpp-0.6.3-CVE-2017-11692.patch) = 0af6f285653d2abccc04ac09ca3b5e57505896afe32da76ed7e03a91be97b85a +RWSagIOpLGJF315FFe6R3M0RyS8kobUZzi4x9zrsVTbLRwO9pKOEKlwIBj5P7gEYAY83VZXjRws1L+wfgwSbuq1jLo6GbFx4SAM= +SHA256 (Pkgfile) = 3b22774596b509d167302caca62c4ce10013a8b796b07ebf78941a98c82c1b7d +SHA256 (.footprint) = 3a23569dc2bd6300bfbec95b836a6653efdbf6be86f0566c49d5c73020cb72d2 +SHA256 (yaml-cpp-0.7.0.tar.gz) = 43e6a9fcb146ad871515f0d0873947e5d497a1c9c60c58cb102a97b47208b7c3 SHA256 (yaml-cpp-0.6.3-abi-breakage.patch) = 613a94953bee42e48d2a357348c9a36a57a455c7ebc2f99999c7ecc150c2d61d -SHA256 (yaml-cpp-0.6.3-fix-overflows.patch) = a5dc378170559ae42709a59e99e09ac69dc9acddb831ef0a60c67c6fa24090e3 +SHA256 (patch-yaml-cpp-config.cmake.in) = ec9a629417494d425994ccb8822c8a9d09719c5d5becefd5b97292c8c7ac3ddd diff --git a/yaml-cpp/Pkgfile b/yaml-cpp/Pkgfile index a1f011502..004907066 100644 --- a/yaml-cpp/Pkgfile +++ b/yaml-cpp/Pkgfile @@ -5,21 +5,24 @@ # Optional: ninja name=yaml-cpp -version=0.6.3 -release=2 +version=0.7.0 +release=1 source=(https://github.com/jbeder/yaml-cpp/archive/yaml-cpp-$version/$name-$version.tar.gz - yaml-cpp-0.6.3-CVE-2017-11692.patch yaml-cpp-0.6.3-abi-breakage.patch yaml-cpp-0.6.3-fix-overflows.patch) + yaml-cpp-0.6.3-abi-breakage.patch patch-yaml-cpp-config.cmake.in) + build() { - patch -Np1 -d $name-$name-$version -i $SRC/yaml-cpp-0.6.3-CVE-2017-11692.patch patch -Np1 -d $name-$name-$version -i $SRC/yaml-cpp-0.6.3-abi-breakage.patch - patch -Np1 -d $name-$name-$version -i $SRC/yaml-cpp-0.6.3-fix-overflows.patch + sed -e 's|%%PREFIX%%|/usr|' -i $SRC/patch-yaml-cpp-config.cmake.in + patch -Np0 -d $name-$name-$version -i $SRC/patch-yaml-cpp-config.cmake.in + + prt-get isinst ninja && PKGMK_YAMLCPP+=' -G Ninja' - cmake -S $name-$name-$version -B build -G Ninja \ + cmake -S $name-$name-$version -B build $PKGMK_YAMLCPP \ -D CMAKE_INSTALL_PREFIX=/usr \ + -D CMAKE_INSTALL_LIBDIR=lib \ -D CMAKE_BUILD_TYPE=Release \ -D CMAKE_CXX_FLAGS_RELEASE="$CXXFLAGS" \ - -D CMAKE_C_FLAGS_RELEASE="$CFLAGS" \ -D BUILD_SHARED_LIBS=ON \ -D YAML_BUILD_SHARED_LIBS=ON \ -D YAML_CPP_BUILD_TESTS=OFF \ @@ -27,4 +30,17 @@ build() { -Wno-dev cmake --build build DESTDIR=$PKG cmake --install build + + cmake -S $name-$name-$version -B build-static $PKGMK_YAMLCPP \ + -D CMAKE_INSTALL_PREFIX=/usr \ + -D CMAKE_INSTALL_LIBDIR=lib \ + -D CMAKE_BUILD_TYPE=Release \ + -D CMAKE_CXX_FLAGS_RELEASE="$CXXFLAGS" \ + -D BUILD_SHARED_LIBS=OFF \ + -D YAML_BUILD_SHARED_LIBS=OFF \ + -D YAML_CPP_BUILD_TESTS=OFF \ + -D YAML_CPP_BUILD_TOOLS=OFF \ + -Wno-dev + cmake --build build-static + DESTDIR=$PKG cmake --install build-static } diff --git a/yaml-cpp/patch-yaml-cpp-config.cmake.in b/yaml-cpp/patch-yaml-cpp-config.cmake.in new file mode 100644 index 000000000..4b85175be --- /dev/null +++ b/yaml-cpp/patch-yaml-cpp-config.cmake.in @@ -0,0 +1,17 @@ +--- yaml-cpp-config.cmake.in.orig 2021-07-10 15:53:22 UTC ++++ yaml-cpp-config.cmake.in +@@ -3,12 +3,5 @@ + # YAML_CPP_INCLUDE_DIR - include directory + # YAML_CPP_LIBRARIES - libraries to link against + +-# Compute paths +-get_filename_component(YAML_CPP_CMAKE_DIR "${CMAKE_CURRENT_LIST_FILE}" PATH) +-set(YAML_CPP_INCLUDE_DIR "@CONFIG_INCLUDE_DIRS@") +- +-# Our library dependencies (contains definitions for IMPORTED targets) +-include("${YAML_CPP_CMAKE_DIR}/yaml-cpp-targets.cmake") +- +-# These are IMPORTED targets created by yaml-cpp-targets.cmake +-set(YAML_CPP_LIBRARIES "@EXPORT_TARGETS@") ++set(YAML_CPP_INCLUDE_DIR "%%PREFIX%%/include") ++set(YAML_CPP_LIBRARIES "yaml-cpp") diff --git a/yaml-cpp/yaml-cpp-0.6.3-CVE-2017-11692.patch b/yaml-cpp/yaml-cpp-0.6.3-CVE-2017-11692.patch deleted file mode 100644 index fd7a7198c..000000000 --- a/yaml-cpp/yaml-cpp-0.6.3-CVE-2017-11692.patch +++ /dev/null @@ -1,44 +0,0 @@ -From c9460110e072df84b7dee3eb651f2ec5df75fb18 Mon Sep 17 00:00:00 2001 -From: Jesse Beder <jbeder@gmail.com> -Date: Mon, 20 Jan 2020 18:05:15 -0600 -Subject: [PATCH] Fix reading empty token stack with a node with properties but - no scalar. - -E.g. `!2`. ---- - src/singledocparser.cpp | 6 ++++++ - test/integration/load_node_test.cpp | 5 +++++ - 2 files changed, 11 insertions(+) - -diff --git a/src/singledocparser.cpp b/src/singledocparser.cpp -index 52544dd6..47e9e047 100644 ---- a/src/singledocparser.cpp -+++ b/src/singledocparser.cpp -@@ -79,6 +79,12 @@ void SingleDocParser::HandleNode(EventHandler& eventHandler) { - if (!anchor_name.empty()) - eventHandler.OnAnchor(mark, anchor_name); - -+ // after parsing properties, an empty node is again a possibility -+ if (m_scanner.empty()) { -+ eventHandler.OnNull(mark, anchor); -+ return; -+ } -+ - const Token& token = m_scanner.peek(); - - if (token.type == Token::PLAIN_SCALAR && IsNullString(token.value)) { -diff --git a/test/integration/load_node_test.cpp b/test/integration/load_node_test.cpp -index 4f4f28e8..0e0dd6bc 100644 ---- a/test/integration/load_node_test.cpp -+++ b/test/integration/load_node_test.cpp -@@ -257,5 +257,10 @@ TEST(NodeTest, LoadTagWithParenthesis) { - EXPECT_EQ(node.as<std::string>(), "foo"); - } - -+TEST(NodeTest, LoadTagWithNullScalar) { -+ Node node = Load("!2"); -+ EXPECT_TRUE(node.IsNull()); -+} -+ - } // namespace - } // namespace YAML diff --git a/yaml-cpp/yaml-cpp-0.6.3-fix-overflows.patch b/yaml-cpp/yaml-cpp-0.6.3-fix-overflows.patch deleted file mode 100644 index 4c5418db2..000000000 --- a/yaml-cpp/yaml-cpp-0.6.3-fix-overflows.patch +++ /dev/null @@ -1,149 +0,0 @@ -This patch comes from the upstream commit here[1], slightly modified to -apply to 0.6.3. The pull request[2] mentions fixing CVE-2017-5950, -CVE-2018-{20573,20574}, and CVE-2019-6285. Note that CVE-2019-6292 appears to -be a duplicate of CVE-2019-6285 [3]. - -[1] https://github.com/jbeder/yaml-cpp/commit/4edff1fa5dbfca16fc72d89870841bee89f8ef89 -[2] https://github.com/jbeder/yaml-cpp/pull/807 -[3] https://github.com/jbeder/yaml-cpp/issues/660 - -diff --git a/include/yaml-cpp/depthguard.h b/include/yaml-cpp/depthguard.h -new file mode 100644 -index 00000000..8ca61ac6 ---- /dev/null -+++ b/include/yaml-cpp/depthguard.h -@@ -0,0 +1,77 @@ -+#ifndef DEPTH_GUARD_H_00000000000000000000000000000000000000000000000000000000 -+#define DEPTH_GUARD_H_00000000000000000000000000000000000000000000000000000000 -+ -+#if defined(_MSC_VER) || \ -+ (defined(__GNUC__) && (__GNUC__ == 3 && __GNUC_MINOR__ >= 4) || \ -+ (__GNUC__ >= 4)) // GCC supports "pragma once" correctly since 3.4 -+#pragma once -+#endif -+ -+#include "exceptions.h" -+ -+namespace YAML { -+ -+/** -+ * @brief The DeepRecursion class -+ * An exception class which is thrown by DepthGuard. Ideally it should be -+ * a member of DepthGuard. However, DepthGuard is a templated class which means -+ * that any catch points would then need to know the template parameters. It is -+ * simpler for clients to not have to know at the catch point what was the -+ * maximum depth. -+ */ -+class DeepRecursion : public ParserException { -+public: -+ virtual ~DeepRecursion() = default; -+ -+ DeepRecursion(int depth, const Mark& mark_, const std::string& msg_); -+ -+ // Returns the recursion depth when the exception was thrown -+ int depth() const { -+ return m_depth; -+ } -+ -+private: -+ int m_depth = 0; -+}; -+ -+/** -+ * @brief The DepthGuard class -+ * DepthGuard takes a reference to an integer. It increments the integer upon -+ * construction of DepthGuard and decrements the integer upon destruction. -+ * -+ * If the integer would be incremented past max_depth, then an exception is -+ * thrown. This is ideally geared toward guarding against deep recursion. -+ * -+ * @param max_depth -+ * compile-time configurable maximum depth. -+ */ -+template <int max_depth = 2000> -+class DepthGuard final { -+public: -+ DepthGuard(int & depth_, const Mark& mark_, const std::string& msg_) : m_depth(depth_) { -+ ++m_depth; -+ if ( max_depth <= m_depth ) { -+ throw DeepRecursion{m_depth, mark_, msg_}; -+ } -+ } -+ -+ DepthGuard(const DepthGuard & copy_ctor) = delete; -+ DepthGuard(DepthGuard && move_ctor) = delete; -+ DepthGuard & operator=(const DepthGuard & copy_assign) = delete; -+ DepthGuard & operator=(DepthGuard && move_assign) = delete; -+ -+ ~DepthGuard() { -+ --m_depth; -+ } -+ -+ int current_depth() const { -+ return m_depth; -+ } -+ -+private: -+ int & m_depth; -+}; -+ -+} // namespace YAML -+ -+#endif // DEPTH_GUARD_H_00000000000000000000000000000000000000000000000000000000 -diff --git a/src/depthguard.cpp b/src/depthguard.cpp -new file mode 100644 -index 00000000..b88cd340 ---- /dev/null -+++ b/src/depthguard.cpp -@@ -0,0 +1,10 @@ -+#include "yaml-cpp/depthguard.h" -+ -+namespace YAML { -+ -+DeepRecursion::DeepRecursion(int depth, const Mark& mark_, const std::string& msg_) -+ : ParserException(mark_, msg_), -+ m_depth(depth) { -+} -+ -+} // namespace YAML -diff --git a/src/singledocparser.cpp b/src/singledocparser.cpp -index 47e9e047..3e5638be 100644 ---- a/src/singledocparser.cpp -+++ b/src/singledocparser.cpp -@@ -7,6 +7,7 @@ - #include "singledocparser.h" - #include "tag.h" - #include "token.h" -+#include "yaml-cpp/depthguard.h" - #include "yaml-cpp/emitterstyle.h" - #include "yaml-cpp/eventhandler.h" - #include "yaml-cpp/exceptions.h" // IWYU pragma: keep -@@ -47,6 +48,8 @@ void SingleDocParser::HandleDocument(EventHandler& eventHandler) { - } - - void SingleDocParser::HandleNode(EventHandler& eventHandler) { -+ DepthGuard<2000> depthguard(depth, m_scanner.mark(), ErrorMsg::BAD_FILE); -+ - // an empty node *is* a possibility - if (m_scanner.empty()) { - eventHandler.OnNull(m_scanner.mark(), NullAnchor); -diff --git a/src/singledocparser.h b/src/singledocparser.h -index c8cfca9d..f484eb1f 100644 ---- a/src/singledocparser.h -+++ b/src/singledocparser.h -@@ -15,6 +15,7 @@ - - namespace YAML { - class CollectionStack; -+template <int> class DepthGuard; // depthguard.h - class EventHandler; - class Node; - class Scanner; -@@ -55,6 +56,7 @@ class SingleDocParser { - anchor_t LookupAnchor(const Mark& mark, const std::string& name) const; - - private: -+ int depth = 0; - Scanner& m_scanner; - const Directives& m_directives; - std::unique_ptr<CollectionStack> m_pCollectionStack; |