From 8376ef56580626e9c0f796d5b85b53a0a1c7d5f5 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@redcorelinux.org>
Date: Sat, 14 Jul 2018 21:03:06 +0100
Subject: gentoo resync : 14.07.2018

---
 dev-cpp/yaml-cpp/Manifest                          |  5 ++
 .../files/yaml-cpp-0.6.2-CVE-2017-5950.patch       | 45 ++++++++++++++
 .../files/yaml-cpp-0.6.2-unbundle-gtest.patch      | 70 ++++++++++++++++++++++
 dev-cpp/yaml-cpp/metadata.xml                      | 11 ++++
 dev-cpp/yaml-cpp/yaml-cpp-0.6.2.ebuild             | 41 +++++++++++++
 5 files changed, 172 insertions(+)
 create mode 100644 dev-cpp/yaml-cpp/Manifest
 create mode 100644 dev-cpp/yaml-cpp/files/yaml-cpp-0.6.2-CVE-2017-5950.patch
 create mode 100644 dev-cpp/yaml-cpp/files/yaml-cpp-0.6.2-unbundle-gtest.patch
 create mode 100644 dev-cpp/yaml-cpp/metadata.xml
 create mode 100644 dev-cpp/yaml-cpp/yaml-cpp-0.6.2.ebuild

(limited to 'dev-cpp/yaml-cpp')

diff --git a/dev-cpp/yaml-cpp/Manifest b/dev-cpp/yaml-cpp/Manifest
new file mode 100644
index 000000000000..5942c29be0e2
--- /dev/null
+++ b/dev-cpp/yaml-cpp/Manifest
@@ -0,0 +1,5 @@
+AUX yaml-cpp-0.6.2-CVE-2017-5950.patch 1697 BLAKE2B 7b13c947e471aa08ec718cecfd43666689cbf0137ed6328ab550f722c409f19ec6437a5458180a3c334ebfe899ef67cbee04237fd230ac06fde863c3adc231f3 SHA512 0ba8bb8d81a98b77cde3dd386fe237dd11aae53011419042ff0b72b643ac2c1fdb7753ff524d0c5d319f7d601b417d1c6ab2419c728c4015197f83ce3eaa34b2
+AUX yaml-cpp-0.6.2-unbundle-gtest.patch 2204 BLAKE2B 733b6eed366ca33085251c3c6f3655060d3cc02a77f5f53a21c9163b894400c7418c3d9f032c8f6d460d58b35594f6ba1cd8eea0a667fbe1849a8eb866074ce5 SHA512 8cb227c2e156bd642be29b15ae7a7de9e4839d6f4b5e0132982659eaab442347d3ef3eedd1bfb8f936a5a1dc98b6d41be915f7da53fd6764f8b6becbaf6cff98
+DIST yaml-cpp-0.6.2.tar.gz 1396250 BLAKE2B be342c212c980cdb03349dbafbe1db0bb581123b4dd6909393d3cdc86145b997a9d2f9b57a5e9d7c8cc60cdfd03f1c37e9db610d8784f2d29fdeada5ab322894 SHA512 fea8ce0a20a00cbc75023d1db442edfcd32d0ac57a3c41b32ec8d56f87cc1d85d7dd7a923ce662f5d3a315f91a736d6be0d649997acd190915c1d68cc93795e4
+EBUILD yaml-cpp-0.6.2.ebuild 901 BLAKE2B 1048d5123d5f034625e0caac09bfd90b36f67052a42557e05d8a445b662a295920cb5f9448414c0158b3f273ff60c7c5e46620b7a814c4e975c38e2dceab57b2 SHA512 562ffa3c2fe1f5aff2f7e3058f1280457e6f1480c6f97c1d7fb1d576327fd42390321cd4984c377d3736492fc808fdedafed8cac374d2422d4f8bcc4643b5c33
+MISC metadata.xml 325 BLAKE2B 8e094a75d87d80e86efaf6ee191225ad0772dac343ae12ec84e73faffc17464c8431ee78018602127fd52441a6b18d09b58127b7d7ea1ee02163f58d327f0f3f SHA512 a4a5de1911c7bfeb37a3ca5aca8b3c044d51230164ac7d14566a9a4064e5202fac0e613089191ea959d0bb3df157049932d394d167e32fc8a432ab35e4cf24ae
diff --git a/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.2-CVE-2017-5950.patch b/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.2-CVE-2017-5950.patch
new file mode 100644
index 000000000000..2892108bd250
--- /dev/null
+++ b/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.2-CVE-2017-5950.patch
@@ -0,0 +1,45 @@
+From d540476e31b080aa1f903ad20ec0426dd3838be7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= <anarcat@debian.org>
+Date: Tue, 25 Apr 2017 20:10:20 -0400
+Subject: [PATCH] fix stack overflow in HandleNode() (CVE-2017-5950)
+
+simply set a hardcoded recursion limit to 2000 (inspired by Python's)
+to avoid infinitely recursing into arbitrary data structures
+
+assert() the depth. unsure if this is the right approach, but given
+that HandleNode() is "void", I am not sure how else to return an
+error. the problem with this approach of course is that it will still
+crash the caller, unless they have proper exception handling in place.
+
+Closes: #459
+---
+ src/singledocparser.cpp | 2 ++
+ src/singledocparser.h   | 2 ++
+ 2 files changed, 4 insertions(+)
+
+diff --git a/src/singledocparser.cpp b/src/singledocparser.cpp
+index a27c1c3b..1b4262ee 100644
+--- a/src/singledocparser.cpp
++++ b/src/singledocparser.cpp
+@@ -46,6 +46,8 @@ void SingleDocParser::HandleDocument(EventHandler& eventHandler) {
+ }
+ 
+ void SingleDocParser::HandleNode(EventHandler& eventHandler) {
++  assert(depth < depth_limit);
++  depth++;
+   // an empty node *is* a possibility
+   if (m_scanner.empty()) {
+     eventHandler.OnNull(m_scanner.mark(), NullAnchor);
+diff --git a/src/singledocparser.h b/src/singledocparser.h
+index 2b92067c..7046f1e2 100644
+--- a/src/singledocparser.h
++++ b/src/singledocparser.h
+@@ -51,6 +51,8 @@ class SingleDocParser : private noncopyable {
+   anchor_t LookupAnchor(const Mark& mark, const std::string& name) const;
+ 
+  private:
++  int depth = 0;
++  int depth_limit = 2000;
+   Scanner& m_scanner;
+   const Directives& m_directives;
+   std::unique_ptr<CollectionStack> m_pCollectionStack;
diff --git a/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.2-unbundle-gtest.patch b/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.2-unbundle-gtest.patch
new file mode 100644
index 000000000000..671bde36704a
--- /dev/null
+++ b/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.2-unbundle-gtest.patch
@@ -0,0 +1,70 @@
+From 259f944bc3e45420f5891737101260f07ab3030a Mon Sep 17 00:00:00 2001
+From: "Azamat H. Hackimov" <azamat.hackimov@gmail.com>
+Date: Tue, 27 Feb 2018 14:17:49 +0500
+Subject: [PATCH] Externalize googletest project
+
+Externalize gtest to avoid installation, fixes #539.
+---
+ test/CMakeLists.txt | 35 ++++++++++++++++++++++++++---------
+ 1 file changed, 26 insertions(+), 9 deletions(-)
+
+diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt
+index 3633da5..7b39dd4 100644
+--- a/test/CMakeLists.txt
++++ b/test/CMakeLists.txt
+@@ -1,16 +1,27 @@
++include(ExternalProject)
++
++ExternalProject_Add(
++	googletest_project
++	SOURCE_DIR "${CMAKE_SOURCE_DIR}/test/gtest-1.8.0"
++	INSTALL_DIR "${CMAKE_BINARY_DIR}/prefix"
++	CMAKE_ARGS -DCMAKE_INSTALL_PREFIX:PATH=<INSTALL_DIR> -DBUILD_GMOCK=ON
++)
++
++add_library(gmock UNKNOWN IMPORTED)
++set_target_properties(gmock PROPERTIES
++	IMPORTED_LOCATION ${PROJECT_BINARY_DIR}/prefix/lib/libgmock.a
++)
++
++find_package(Threads)
++
++include_directories(SYSTEM "${PROJECT_BINARY_DIR}/prefix/include")
++
+ set(gtest_force_shared_crt ${MSVC_SHARED_RT} CACHE BOOL
+   "Use shared (DLL) run-time lib even when Google Test built as a static lib.")
+-add_subdirectory(gtest-1.8.0)
+-include_directories(SYSTEM gtest-1.8.0/googlemock/include)
+-include_directories(SYSTEM gtest-1.8.0/googletest/include)
+-
+-if(WIN32 AND BUILD_SHARED_LIBS)
+-  add_definitions("-DGTEST_LINKED_AS_SHARED_LIBRARY")
+-endif()
+ 
+ if(CMAKE_CXX_COMPILER_ID MATCHES "GNU" OR
+    CMAKE_CXX_COMPILER_ID MATCHES "Clang")
+-  set(yaml_test_flags "-Wno-variadic-macros -Wno-sign-compare")
++	set(yaml_test_flags "-Wno-variadic-macros -Wno-sign-compare")
+ 
+   if(CMAKE_CXX_COMPILER_ID MATCHES "Clang")
+     set(yaml_test_flags "${yaml_test_flags} -Wno-c99-extensions")
+@@ -36,9 +47,15 @@ add_executable(run-tests
+ 	${test_sources}
+ 	${test_headers}
+ )
++
++add_dependencies(run-tests googletest_project)
++
+ set_target_properties(run-tests PROPERTIES
+   COMPILE_FLAGS "${yaml_c_flags} ${yaml_cxx_flags} ${yaml_test_flags}"
+ )
+-target_link_libraries(run-tests yaml-cpp gmock)
++target_link_libraries(run-tests
++	yaml-cpp
++	gmock
++	${CMAKE_THREAD_LIBS_INIT})
+ 
+ add_test(yaml-test ${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/run-tests)
+-- 
+2.16.1
+
diff --git a/dev-cpp/yaml-cpp/metadata.xml b/dev-cpp/yaml-cpp/metadata.xml
new file mode 100644
index 000000000000..f1c1935f78d5
--- /dev/null
+++ b/dev-cpp/yaml-cpp/metadata.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<email>johu@gentoo.org</email>
+		<name>Johannes Huber</name>
+	</maintainer>
+	<upstream>
+		<remote-id type="github">jbeder/yaml-cpp</remote-id>
+	</upstream>
+</pkgmetadata>
diff --git a/dev-cpp/yaml-cpp/yaml-cpp-0.6.2.ebuild b/dev-cpp/yaml-cpp/yaml-cpp-0.6.2.ebuild
new file mode 100644
index 000000000000..ea71d30bdd92
--- /dev/null
+++ b/dev-cpp/yaml-cpp/yaml-cpp-0.6.2.ebuild
@@ -0,0 +1,41 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit cmake-multilib
+
+DESCRIPTION="YAML parser and emitter in C++"
+HOMEPAGE="https://github.com/jbeder/yaml-cpp"
+SRC_URI="https://github.com/jbeder/${PN}/archive/${P}.tar.gz"
+
+LICENSE="MIT"
+SLOT="0/0.6"
+KEYWORDS="amd64 ~arm ~arm64 ~hppa ppc ppc64 ~sparc x86 ~amd64-linux ~x86-linux"
+IUSE="test"
+
+DEPEND="test? ( dev-cpp/gtest )"
+
+S="${WORKDIR}/${PN}-${P}"
+
+PATCHES=(
+	"${FILESDIR}/${P}-CVE-2017-5950.patch"
+	"${FILESDIR}/${P}-unbundle-gtest.patch"
+)
+
+src_prepare() {
+	sed -i \
+		-e 's:INCLUDE_INSTALL_ROOT_DIR:INCLUDE_INSTALL_DIR:g' \
+		yaml-cpp.pc.cmake || die
+
+	cmake-utils_src_prepare
+}
+
+src_configure() {
+	local mycmakeargs=(
+		-DBUILD_SHARED_LIBS=ON
+		-DYAML_CPP_BUILD_TOOLS=OFF # Don't have install rule
+		-DYAML_CPP_BUILD_TESTS=$(usex test)
+	)
+	cmake-multilib_src_configure
+}
-- 
cgit v1.2.3