summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/patches/libyaml-CVE-2014-9130.patch30
-rw-r--r--gnu/packages/web.scm5
3 files changed, 2 insertions, 34 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index cdb1edbfb7..dfd25c7088 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1211,7 +1211,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/xinetd-fix-fd-leak.patch			\
   %D%/packages/patches/xinetd-CVE-2013-4342.patch		\
   %D%/packages/patches/xmodmap-asprintf.patch 			\
-  %D%/packages/patches/libyaml-CVE-2014-9130.patch 		\
   %D%/packages/patches/zathura-plugindir-environment-variable.patch
 
 MISC_DISTRO_FILES =				\
diff --git a/gnu/packages/patches/libyaml-CVE-2014-9130.patch b/gnu/packages/patches/libyaml-CVE-2014-9130.patch
deleted file mode 100644
index 800358c0d6..0000000000
--- a/gnu/packages/patches/libyaml-CVE-2014-9130.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-Fixes CVE-2014-9130
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9130
-
-Upstream source:
-https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2
-
-# HG changeset patch
-# User Kirill Simonov <xi@resolvent.net>
-# Date 1417197312 21600
-# Node ID 2b9156756423e967cfd09a61d125d883fca6f4f2
-# Parent  053f53a381ff6adbbc93a31ab7fdee06a16c8a33
-Removed invalid simple key assertion (thank to Jonathan Gray).
-
-diff --git a/src/scanner.c b/src/scanner.c
---- a/src/scanner.c
-+++ b/src/scanner.c
-@@ -1106,13 +1106,6 @@
-             && parser->indent == (ptrdiff_t)parser->mark.column);
- 
-     /*
--     * A simple key is required only when it is the first token in the current
--     * line.  Therefore it is always allowed.  But we add a check anyway.
--     */
--
--    assert(parser->simple_key_allowed || !required);    /* Impossible. */
--
--    /*
-      * If the current position may start a simple key, save it.
-      */
- 
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 19058de2d3..aaf8505ef4 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -1025,17 +1025,16 @@ hash/signatures.")
 (define-public libyaml
   (package
     (name "libyaml")
-    (version "0.1.6")
+    (version "0.1.7")
     (source
      (origin
        (method url-fetch)
        (uri (string-append
              "http://pyyaml.org/download/libyaml/yaml-"
              version ".tar.gz"))
-       (patches (search-patches "libyaml-CVE-2014-9130.patch"))
        (sha256
         (base32
-         "0j9731s5zjb8mjx7wzf6vh7bsqi38ay564x6s9nri2nh9cdrg9kx"))))
+         "0a87931cx5m14a1x8rbjix3nz7agrcgndf4h392vm62a4rby9240"))))
     (build-system gnu-build-system)
     (home-page "http://pyyaml.org/wiki/LibYAML")
     (synopsis "YAML 1.1 parser and emitter written in C")