Fri Jul 25 09:29:05 2008 UTC ()
pullup ticket #2460 requested by tonnerre
byacc: patch to fix DoS vulnerability
revisions pulled up:
pkgsrc/devel/byacc/Makefile 1.9
pkgsrc/devel/byacc/distinfo 1.4
pkgsrc/devel/byacc/patches/patch-aa 1.3
Module Name: pkgsrc
Committed By: tonnerre
Date: Thu Jul 24 17:13:00 UTC 2008
Modified Files:
pkgsrc/devel/byacc: Makefile distinfo
Added Files:
pkgsrc/devel/byacc/patches: patch-aa
Log Message:
Fix denial of sevice vulnerability in Berkeley yacc (CVE-2008-3196).
(rtr)
diff -r1.8 -r1.8.4.1 pkgsrc/devel/byacc/Makefile
diff -r1.3 -r1.3.16.1 pkgsrc/devel/byacc/distinfo
diff -r0 -r1.2.14.1 pkgsrc/devel/byacc/patches/patch-aa
--- pkgsrc/devel/byacc/Makefile 2008/06/12 02:14:21 1.8
+++ pkgsrc/devel/byacc/Makefile 2008/07/25 09:29:04 1.8.4.1
| @@ -1,17 +1,18 @@ | | | @@ -1,17 +1,18 @@ |
| 1 | # $NetBSD: Makefile,v 1.8 2008/06/12 02:14:21 joerg Exp $ | | 1 | # $NetBSD: Makefile,v 1.8.4.1 2008/07/25 09:29:04 rtr Exp $ |
| 2 | # | | 2 | # |
| 3 | | | 3 | |
| 4 | DISTNAME= byacc-20050813 | | 4 | DISTNAME= byacc-20050813 |
| | | 5 | PKGREVISION= 1 |
| 5 | CATEGORIES= devel | | 6 | CATEGORIES= devel |
| 6 | MASTER_SITES= ftp://invisible-island.net/byacc/ | | 7 | MASTER_SITES= ftp://invisible-island.net/byacc/ |
| 7 | EXTRACT_SUFX= .tgz | | 8 | EXTRACT_SUFX= .tgz |
| 8 | | | 9 | |
| 9 | MAINTAINER= pkgsrc-users@NetBSD.org | | 10 | MAINTAINER= pkgsrc-users@NetBSD.org |
| 10 | HOMEPAGE= http://dickey.his.com/byacc/byacc.html | | 11 | HOMEPAGE= http://dickey.his.com/byacc/byacc.html |
| 11 | COMMENT= Berkeley Yacc | | 12 | COMMENT= Berkeley Yacc |
| 12 | | | 13 | |
| 13 | PKG_DESTDIR_SUPPORT= user-destdir | | 14 | PKG_DESTDIR_SUPPORT= user-destdir |
| 14 | | | 15 | |
| 15 | GNU_CONFIGURE= YES | | 16 | GNU_CONFIGURE= YES |
| 16 | MAKE_FILE= makefile | | 17 | MAKE_FILE= makefile |
| 17 | | | 18 | |
--- pkgsrc/devel/byacc/distinfo 2006/12/09 02:27:47 1.3
+++ pkgsrc/devel/byacc/distinfo 2008/07/25 09:29:04 1.3.16.1
| @@ -1,5 +1,6 @@ | | | @@ -1,5 +1,6 @@ |
| 1 | $NetBSD: distinfo,v 1.3 2006/12/09 02:27:47 markd Exp $ | | 1 | $NetBSD: distinfo,v 1.3.16.1 2008/07/25 09:29:04 rtr Exp $ |
| 2 | | | 2 | |
| 3 | SHA1 (byacc-20050813.tgz) = 3258494f3422eb3150944c1823af1c9c2c386062 | | 3 | SHA1 (byacc-20050813.tgz) = 3258494f3422eb3150944c1823af1c9c2c386062 |
| 4 | RMD160 (byacc-20050813.tgz) = 3ee159857a79025a83e2b0807577925fe460f816 | | 4 | RMD160 (byacc-20050813.tgz) = 3ee159857a79025a83e2b0807577925fe460f816 |
| 5 | Size (byacc-20050813.tgz) = 138684 bytes | | 5 | Size (byacc-20050813.tgz) = 138684 bytes |
| | | 6 | SHA1 (patch-aa) = decae78775a5e0f1e1f7aaaa258da53903aa1f7a |
$NetBSD: patch-aa,v 1.2.14.1 2008/07/25 09:29:04 rtr Exp $
--- skeleton.c.orig 2005-05-05 01:39:36.000000000 +0200
+++ skeleton.c
@@ -87,6 +87,7 @@ char *header[] =
"short *yyssp;",
"YYSTYPE *yyvsp;",
"YYSTYPE yyval;",
+ "static YYSTYPE yyvalzero;", /* no "const", must compile as C++ */
"YYSTYPE yylval;",
"",
"/* variables for the parser stack */",
@@ -275,7 +275,10 @@ char *body[] =
" YYPREFIX, yystate, yyn, yyrule[yyn]);",
"#endif",
" yym = yylen[yyn];",
- " yyval = yyvsp[1-yym];",
+ " if (yym)",
+ " yyval = yyvsp[1-yym];",
+ " else",
+ " yyval = yyvalzero;",
" switch (yyn)",
" {",
0