actually add the p5-YAML-XS security patch that was intended to have gone in

the previous commit, and bump. pointed out by landry@, thanks! --/-- update to p5-YAML-XS (YAML-LibYAML) 0.38 and add a SECURITY patch to fix format string problems; https://rt.cpan.org/Public/Bug/Display.html?id=46507 --/--
2012-03-09 17:09:52 +00:00 · 2012-03-09 17:09:52 +00:00 · 57f65bb42f
commit 57f65bb42f
parent 11d2036d1a
2 changed files with 45 additions and 1 deletions
--- a/devel/p5-YAML-XS/Makefile
+++ b/devel/p5-YAML-XS/Makefile
@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.7 2012/03/09 12:33:42 sthen Exp $
+# $OpenBSD: Makefile,v 1.8 2012/03/09 17:09:52 sthen Exp $

 COMMENT =	YAML implementation using XS and libyaml
 SHARED_ONLY =	Yes
@ -6,6 +6,7 @@ SHARED_ONLY =	Yes
 MODULES =	cpan

 V =		0.38
+REVISION =	0
 DISTNAME =	YAML-LibYAML-$V
 PKGNAME =	p5-YAML-XS-$V
 CATEGORIES =	devel
--- a/devel/p5-YAML-XS/patches/patch-LibYAML_perl_libyaml_c
+++ b/devel/p5-YAML-XS/patches/patch-LibYAML_perl_libyaml_c
@ -0,0 +1,43 @@
+$OpenBSD: patch-LibYAML_perl_libyaml_c,v 1.1 2012/03/09 17:09:52 sthen Exp $
+
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661548
+https://rt.cpan.org/Public/Bug/Display.html?id=46507
+
+--- LibYAML/perl_libyaml.c.orig	Sun Apr  3 17:28:08 2011
+++ LibYAML/perl_libyaml.c	Fri Mar  9 12:30:39 2012
+@@ -188,7 +188,7 @@ Load(SV *yaml_sv)
+     return;
+ 
+ load_error:
+-    croak(loader_error_msg(&loader, NULL));
+    croak("%s", loader_error_msg(&loader, NULL));
+ }
+ 
+ /*
+@@ -271,7 +271,7 @@ load_node(perl_yaml_loader_t *loader)
+     return return_sv;
+ 
+     load_error:
+-        croak(loader_error_msg(loader, NULL));
+        croak("%s", loader_error_msg(loader, NULL));
+ }
+ 
+ /*
+@@ -314,7 +314,7 @@ load_mapping(perl_yaml_loader_t *loader, char *tag)
+         else if (strlen(tag) <= strlen(prefix) ||
+             ! strnEQ(tag, prefix, strlen(prefix))
+         ) croak(
+-            loader_error_msg(loader, form("bad tag found for hash: '%s'", tag))
+            "%s", loader_error_msg(loader, form("bad tag found for hash: '%s'", tag))
+         );
+         class = tag + strlen(prefix);
+         sv_bless(hash_ref, gv_stashpv(class, TRUE)); 
+@@ -347,7 +347,7 @@ load_sequence(perl_yaml_loader_t *loader)
+         else if (strlen(tag) <= strlen(prefix) ||
+             ! strnEQ(tag, prefix, strlen(prefix))
+         ) croak(
+-            loader_error_msg(loader, form("bad tag found for array: '%s'", tag))
+            "%s", loader_error_msg(loader, form("bad tag found for array: '%s'", tag))
+         );
+         class = tag + strlen(prefix);
+         sv_bless(array_ref, gv_stashpv(class, TRUE));