head	1.2;
access;
symbols
	pkgsrc-2014Q1:1.1.0.2
	pkgsrc-2014Q1-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2014.04.01.21.10.34;	author wiz;	state dead;
branches;
next	1.1;
commitid	7N5ZM8FnbQXAy1vx;

1.1
date	2014.03.28.16.02.01;	author drochner;	state Exp;
branches;
next	;
commitid	xlvRUnqxS0CuYtux;


desc
@@


1.2
log
@Update to 0.1.6, which includes the CVE fixes.
@
text
@$NetBSD: patch-CVE-2014-2525_1,v 1.1 2014/03/28 16:02:01 drochner Exp $

https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048

--- src/scanner.c.orig	2014-03-28 15:47:54.000000000 +0000
+++ src/scanner.c
@@@@ -2629,6 +2629,9 @@@@ yaml_parser_scan_tag_uri(yaml_parser_t *
         /* Check if it is a URI-escape sequence. */
 
         if (CHECK(parser->buffer, '%')) {
+            if (!STRING_EXTEND(parser, string))
+               	goto error;
+
             if (!yaml_parser_scan_uri_escapes(parser,
                         directive, start_mark, &string)) goto error;
         }
@


1.1
log
@add patch from upstream to fix heap-based buffer overflow which can lead
to arbitrary code execution (CVE-2014-2525)
bump PKGREV
@
text
@d1 1
a1 1
$NetBSD$
@