yaml-cpp: 0.6.3 -> 0.7.0

2021-07-13 21:33:55 +02:00 · 2021-07-13 21:33:55 +02:00 · a1f4e1e409
commit a1f4e1e409
parent cb01afe646
6 changed files with 58 additions and 218 deletions
--- a/yaml-cpp/.footprint
+++ b/yaml-cpp/.footprint
@ -19,7 +19,6 @@ drwxr-xr-x	root/root	usr/include/yaml-cpp/contrib/
 drwxr-xr-x	root/root	usr/include/yaml-cpp/node/
 -rw-r--r--	root/root	usr/include/yaml-cpp/node/convert.h
 drwxr-xr-x	root/root	usr/include/yaml-cpp/node/detail/
-rw-r--r--	root/root	usr/include/yaml-cpp/node/detail/bool_type.h
 -rw-r--r--	root/root	usr/include/yaml-cpp/node/detail/impl.h
 -rw-r--r--	root/root	usr/include/yaml-cpp/node/detail/iterator.h
 -rw-r--r--	root/root	usr/include/yaml-cpp/node/detail/iterator_fwd.h
@ -35,6 +34,7 @@ drwxr-xr-x	root/root	usr/include/yaml-cpp/node/detail/
 -rw-r--r--	root/root	usr/include/yaml-cpp/node/parse.h
 -rw-r--r--	root/root	usr/include/yaml-cpp/node/ptr.h
 -rw-r--r--	root/root	usr/include/yaml-cpp/node/type.h
+-rw-r--r--	root/root	usr/include/yaml-cpp/noexcept.h
 -rw-r--r--	root/root	usr/include/yaml-cpp/null.h
 -rw-r--r--	root/root	usr/include/yaml-cpp/ostream_wrapper.h
 -rw-r--r--	root/root	usr/include/yaml-cpp/parser.h
@ -42,14 +42,15 @@ drwxr-xr-x	root/root	usr/include/yaml-cpp/node/detail/
 -rw-r--r--	root/root	usr/include/yaml-cpp/traits.h
 -rw-r--r--	root/root	usr/include/yaml-cpp/yaml.h
 drwxr-xr-x	root/root	usr/lib/
-drwxr-xr-x	root/root	usr/lib/cmake/
-drwxr-xr-x	root/root	usr/lib/cmake/yaml-cpp/
-rw-r--r--	root/root	usr/lib/cmake/yaml-cpp/yaml-cpp-config-version.cmake
-rw-r--r--	root/root	usr/lib/cmake/yaml-cpp/yaml-cpp-config.cmake
-rw-r--r--	root/root	usr/lib/cmake/yaml-cpp/yaml-cpp-targets-release.cmake
-rw-r--r--	root/root	usr/lib/cmake/yaml-cpp/yaml-cpp-targets.cmake
-lrwxrwxrwx	root/root	usr/lib/libyaml-cpp.so -> libyaml-cpp.so.0.6
-lrwxrwxrwx	root/root	usr/lib/libyaml-cpp.so.0.6 -> libyaml-cpp.so.0.6.3
-rwxr-xr-x	root/root	usr/lib/libyaml-cpp.so.0.6.3
-drwxr-xr-x	root/root	usr/lib/pkgconfig/
-rw-r--r--	root/root	usr/lib/pkgconfig/yaml-cpp.pc
+lrwxrwxrwx	root/root	usr/lib/libyaml-cpp.so -> libyaml-cpp.so.0.7
+lrwxrwxrwx	root/root	usr/lib/libyaml-cpp.so.0.7 -> libyaml-cpp.so.0.7.0
+-rwxr-xr-x	root/root	usr/lib/libyaml-cpp.so.0.7.0
+drwxr-xr-x	root/root	usr/share/
+drwxr-xr-x	root/root	usr/share/cmake/
+drwxr-xr-x	root/root	usr/share/cmake/yaml-cpp/
+-rw-r--r--	root/root	usr/share/cmake/yaml-cpp/yaml-cpp-config-version.cmake
+-rw-r--r--	root/root	usr/share/cmake/yaml-cpp/yaml-cpp-config.cmake
+-rw-r--r--	root/root	usr/share/cmake/yaml-cpp/yaml-cpp-targets-release.cmake
+-rw-r--r--	root/root	usr/share/cmake/yaml-cpp/yaml-cpp-targets.cmake
+drwxr-xr-x	root/root	usr/share/pkgconfig/
+-rw-r--r--	root/root	usr/share/pkgconfig/yaml-cpp.pc
--- a/yaml-cpp/.signature
+++ b/yaml-cpp/.signature
@ -1,8 +1,7 @@
 untrusted comment: verify with /etc/ports/contrib.pub
-RWSagIOpLGJF30aYpSuMR3UvTdu4drg7ZM7TLdgeoQpWShusb5v2yd2dVKfOPewOilcp8N2B0ms16ZOyCRwNVf13pPX97eUnJgE=
-SHA256 (Pkgfile) = bd1592f6a7ea0dc94746569695631c32cb0c4a299af2f4af9584ed1a9ec8ddba
-SHA256 (.footprint) = b838e7061c0739dc1c7b57523e18367b3d5096258f09d2c6678f44cb6ec49cf3
-SHA256 (yaml-cpp-0.6.3.tar.gz) = 77ea1b90b3718aa0c324207cb29418f5bced2354c2e483a9523d98c3460af1ed
-SHA256 (yaml-cpp-0.6.3-CVE-2017-11692.patch) = 0af6f285653d2abccc04ac09ca3b5e57505896afe32da76ed7e03a91be97b85a
+RWSagIOpLGJF315FFe6R3M0RyS8kobUZzi4x9zrsVTbLRwO9pKOEKlwIBj5P7gEYAY83VZXjRws1L+wfgwSbuq1jLo6GbFx4SAM=
+SHA256 (Pkgfile) = 3b22774596b509d167302caca62c4ce10013a8b796b07ebf78941a98c82c1b7d
+SHA256 (.footprint) = 3a23569dc2bd6300bfbec95b836a6653efdbf6be86f0566c49d5c73020cb72d2
+SHA256 (yaml-cpp-0.7.0.tar.gz) = 43e6a9fcb146ad871515f0d0873947e5d497a1c9c60c58cb102a97b47208b7c3
 SHA256 (yaml-cpp-0.6.3-abi-breakage.patch) = 613a94953bee42e48d2a357348c9a36a57a455c7ebc2f99999c7ecc150c2d61d
-SHA256 (yaml-cpp-0.6.3-fix-overflows.patch) = a5dc378170559ae42709a59e99e09ac69dc9acddb831ef0a60c67c6fa24090e3
+SHA256 (patch-yaml-cpp-config.cmake.in) = ec9a629417494d425994ccb8822c8a9d09719c5d5becefd5b97292c8c7ac3ddd
--- a/yaml-cpp/Pkgfile
+++ b/yaml-cpp/Pkgfile
@ -5,21 +5,24 @@
 # Optional: ninja

 name=yaml-cpp
-version=0.6.3
-release=2
+version=0.7.0
+release=1
 source=(https://github.com/jbeder/yaml-cpp/archive/yaml-cpp-$version/$name-$version.tar.gz
-  yaml-cpp-0.6.3-CVE-2017-11692.patch yaml-cpp-0.6.3-abi-breakage.patch yaml-cpp-0.6.3-fix-overflows.patch)
+  yaml-cpp-0.6.3-abi-breakage.patch patch-yaml-cpp-config.cmake.in)
+

 build() {
-  patch -Np1 -d $name-$name-$version -i $SRC/yaml-cpp-0.6.3-CVE-2017-11692.patch
  patch -Np1 -d $name-$name-$version -i $SRC/yaml-cpp-0.6.3-abi-breakage.patch
-  patch -Np1 -d $name-$name-$version -i $SRC/yaml-cpp-0.6.3-fix-overflows.patch
+  sed -e 's|%%PREFIX%%|/usr|' -i $SRC/patch-yaml-cpp-config.cmake.in
+  patch -Np0 -d $name-$name-$version -i $SRC/patch-yaml-cpp-config.cmake.in

-  cmake -S $name-$name-$version -B build -G Ninja \
+  prt-get isinst ninja && PKGMK_YAMLCPP+=' -G Ninja'
+
+  cmake -S $name-$name-$version -B build $PKGMK_YAMLCPP \
    -D CMAKE_INSTALL_PREFIX=/usr \
+    -D CMAKE_INSTALL_LIBDIR=lib \
    -D CMAKE_BUILD_TYPE=Release \
    -D CMAKE_CXX_FLAGS_RELEASE="$CXXFLAGS" \
-    -D CMAKE_C_FLAGS_RELEASE="$CFLAGS" \
    -D BUILD_SHARED_LIBS=ON \
    -D YAML_BUILD_SHARED_LIBS=ON \
    -D YAML_CPP_BUILD_TESTS=OFF \
@ -27,4 +30,17 @@ build() {
    -Wno-dev
  cmake --build build
  DESTDIR=$PKG cmake --install build
+
+  cmake -S $name-$name-$version -B build-static $PKGMK_YAMLCPP \
+    -D CMAKE_INSTALL_PREFIX=/usr \
+    -D CMAKE_INSTALL_LIBDIR=lib \
+    -D CMAKE_BUILD_TYPE=Release \
+    -D CMAKE_CXX_FLAGS_RELEASE="$CXXFLAGS" \
+    -D BUILD_SHARED_LIBS=OFF \
+    -D YAML_BUILD_SHARED_LIBS=OFF \
+    -D YAML_CPP_BUILD_TESTS=OFF \
+    -D YAML_CPP_BUILD_TOOLS=OFF \
+    -Wno-dev
+  cmake --build build-static
+  DESTDIR=$PKG cmake --install build-static
 }
--- a/yaml-cpp/patch-yaml-cpp-config.cmake.in
+++ b/yaml-cpp/patch-yaml-cpp-config.cmake.in
@ -0,0 +1,17 @@
+--- yaml-cpp-config.cmake.in.orig	2021-07-10 15:53:22 UTC
+++ yaml-cpp-config.cmake.in
+@@ -3,12 +3,5 @@
+ #  YAML_CPP_INCLUDE_DIR - include directory
+ #  YAML_CPP_LIBRARIES    - libraries to link against
+ 
+-# Compute paths
+-get_filename_component(YAML_CPP_CMAKE_DIR "${CMAKE_CURRENT_LIST_FILE}" PATH)
+-set(YAML_CPP_INCLUDE_DIR "@CONFIG_INCLUDE_DIRS@")
+-
+-# Our library dependencies (contains definitions for IMPORTED targets)
+-include("${YAML_CPP_CMAKE_DIR}/yaml-cpp-targets.cmake")
+-
+-# These are IMPORTED targets created by yaml-cpp-targets.cmake
+-set(YAML_CPP_LIBRARIES "@EXPORT_TARGETS@")
+set(YAML_CPP_INCLUDE_DIR "%%PREFIX%%/include")
+set(YAML_CPP_LIBRARIES "yaml-cpp")
--- a/yaml-cpp/yaml-cpp-0.6.3-CVE-2017-11692.patch
+++ b/yaml-cpp/yaml-cpp-0.6.3-CVE-2017-11692.patch
@ -1,44 +0,0 @@
-From c9460110e072df84b7dee3eb651f2ec5df75fb18 Mon Sep 17 00:00:00 2001
-From: Jesse Beder <jbeder@gmail.com>
-Date: Mon, 20 Jan 2020 18:05:15 -0600
-Subject: [PATCH] Fix reading empty token stack with a node with properties but
- no scalar.
-
-E.g. `!2`.
---
- src/singledocparser.cpp             | 6 ++++++
- test/integration/load_node_test.cpp | 5 +++++
- 2 files changed, 11 insertions(+)
-
-diff --git a/src/singledocparser.cpp b/src/singledocparser.cpp
-index 52544dd6..47e9e047 100644
--- a/src/singledocparser.cpp
-+++ b/src/singledocparser.cpp
-@@ -79,6 +79,12 @@ void SingleDocParser::HandleNode(EventHandler& eventHandler) {
-   if (!anchor_name.empty())
-     eventHandler.OnAnchor(mark, anchor_name);
- 
-+  // after parsing properties, an empty node is again a possibility
-+  if (m_scanner.empty()) {
-+    eventHandler.OnNull(mark, anchor);
-+    return;
-+  }
-+
-   const Token& token = m_scanner.peek();
- 
-   if (token.type == Token::PLAIN_SCALAR && IsNullString(token.value)) {
-diff --git a/test/integration/load_node_test.cpp b/test/integration/load_node_test.cpp
-index 4f4f28e8..0e0dd6bc 100644
--- a/test/integration/load_node_test.cpp
-+++ b/test/integration/load_node_test.cpp
-@@ -257,5 +257,10 @@ TEST(NodeTest, LoadTagWithParenthesis) {
-     EXPECT_EQ(node.as<std::string>(), "foo");
- }
- 
-+TEST(NodeTest, LoadTagWithNullScalar) {
-+  Node node = Load("!2");
-+  EXPECT_TRUE(node.IsNull());
-+}
-+
- }  // namespace
- }  // namespace YAML
--- a/yaml-cpp/yaml-cpp-0.6.3-fix-overflows.patch
+++ b/yaml-cpp/yaml-cpp-0.6.3-fix-overflows.patch
@ -1,149 +0,0 @@
-This patch comes from the upstream commit here[1], slightly modified to
-apply to 0.6.3. The pull request[2] mentions fixing CVE-2017-5950,
-CVE-2018-{20573,20574}, and CVE-2019-6285. Note that CVE-2019-6292 appears to
-be a duplicate of CVE-2019-6285 [3].
-
-[1] https://github.com/jbeder/yaml-cpp/commit/4edff1fa5dbfca16fc72d89870841bee89f8ef89
-[2] https://github.com/jbeder/yaml-cpp/pull/807
-[3] https://github.com/jbeder/yaml-cpp/issues/660
-
-diff --git a/include/yaml-cpp/depthguard.h b/include/yaml-cpp/depthguard.h
-new file mode 100644
-index 00000000..8ca61ac6
--- /dev/null
-+++ b/include/yaml-cpp/depthguard.h
-@@ -0,0 +1,77 @@
-+#ifndef DEPTH_GUARD_H_00000000000000000000000000000000000000000000000000000000
-+#define DEPTH_GUARD_H_00000000000000000000000000000000000000000000000000000000
-+
-+#if defined(_MSC_VER) ||                                            \
-+    (defined(__GNUC__) && (__GNUC__ == 3 && __GNUC_MINOR__ >= 4) || \
-+     (__GNUC__ >= 4))  // GCC supports "pragma once" correctly since 3.4
-+#pragma once
-+#endif
-+
-+#include "exceptions.h"
-+
-+namespace YAML {
-+
-+/**
-+ * @brief The DeepRecursion class
-+ *  An exception class which is thrown by DepthGuard. Ideally it should be
-+ * a member of DepthGuard. However, DepthGuard is a templated class which means
-+ * that any catch points would then need to know the template parameters. It is
-+ * simpler for clients to not have to know at the catch point what was the
-+ * maximum depth.
-+ */
-+class DeepRecursion : public ParserException {
-+public:
-+  virtual ~DeepRecursion() = default;
-+
-+  DeepRecursion(int depth, const Mark& mark_, const std::string& msg_);
-+
-+  // Returns the recursion depth when the exception was thrown
-+  int depth() const {
-+    return m_depth;
-+  }
-+
-+private:
-+  int m_depth = 0;
-+};
-+
-+/**
-+ * @brief The DepthGuard class
-+ *  DepthGuard takes a reference to an integer. It increments the integer upon
-+ * construction of DepthGuard and decrements the integer upon destruction.
-+ *
-+ * If the integer would be incremented past max_depth, then an exception is
-+ * thrown. This is ideally geared toward guarding against deep recursion.
-+ *
-+ * @param max_depth
-+ *  compile-time configurable maximum depth.
-+ */
-+template <int max_depth = 2000>
-+class DepthGuard final {
-+public:
-+  DepthGuard(int & depth_, const Mark& mark_, const std::string& msg_) : m_depth(depth_) {
-+    ++m_depth;
-+    if ( max_depth <= m_depth ) {
-+        throw DeepRecursion{m_depth, mark_, msg_};
-+    }
-+  }
-+
-+  DepthGuard(const DepthGuard & copy_ctor) = delete;
-+  DepthGuard(DepthGuard && move_ctor) = delete;
-+  DepthGuard & operator=(const DepthGuard & copy_assign) = delete;
-+  DepthGuard & operator=(DepthGuard && move_assign) = delete;
-+
-+  ~DepthGuard() {
-+    --m_depth;
-+  }
-+
-+  int current_depth() const {
-+    return m_depth;
-+  }
-+
-+private:
-+    int & m_depth;
-+};
-+
-+} // namespace YAML
-+
-+#endif // DEPTH_GUARD_H_00000000000000000000000000000000000000000000000000000000
-diff --git a/src/depthguard.cpp b/src/depthguard.cpp
-new file mode 100644
-index 00000000..b88cd340
--- /dev/null
-+++ b/src/depthguard.cpp
-@@ -0,0 +1,10 @@
-+#include "yaml-cpp/depthguard.h"
-+
-+namespace YAML {
-+
-+DeepRecursion::DeepRecursion(int depth, const Mark& mark_, const std::string& msg_)
-+    : ParserException(mark_, msg_),
-+      m_depth(depth) {
-+}
-+
-+} // namespace YAML
-diff --git a/src/singledocparser.cpp b/src/singledocparser.cpp
-index 47e9e047..3e5638be 100644
--- a/src/singledocparser.cpp
-+++ b/src/singledocparser.cpp
-@@ -7,6 +7,7 @@
- #include "singledocparser.h"
- #include "tag.h"
- #include "token.h"
-+#include "yaml-cpp/depthguard.h"
- #include "yaml-cpp/emitterstyle.h"
- #include "yaml-cpp/eventhandler.h"
- #include "yaml-cpp/exceptions.h"  // IWYU pragma: keep
-@@ -47,6 +48,8 @@ void SingleDocParser::HandleDocument(EventHandler& eventHandler) {
- }
- 
- void SingleDocParser::HandleNode(EventHandler& eventHandler) {
-+  DepthGuard<2000> depthguard(depth, m_scanner.mark(), ErrorMsg::BAD_FILE);
-+
-   // an empty node *is* a possibility
-   if (m_scanner.empty()) {
-     eventHandler.OnNull(m_scanner.mark(), NullAnchor);
-diff --git a/src/singledocparser.h b/src/singledocparser.h
-index c8cfca9d..f484eb1f 100644
--- a/src/singledocparser.h
-+++ b/src/singledocparser.h
-@@ -15,6 +15,7 @@
- 
- namespace YAML {
- class CollectionStack;
-+template <int> class DepthGuard; // depthguard.h
- class EventHandler;
- class Node;
- class Scanner;
-@@ -55,6 +56,7 @@ class SingleDocParser {
-   anchor_t LookupAnchor(const Mark& mark, const std::string& name) const;
- 
-  private:
-+  int depth = 0;
-   Scanner& m_scanner;
-   const Directives& m_directives;
-   std::unique_ptr<CollectionStack> m_pCollectionStack;