From b8ac8aee0736ec009381c8b2e8d8840a625b264d Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Jan 28 2015 15:41:49 +0000
Subject: import libyaml-0.1.4-11.el7_0


---

diff --git a/SOURCES/libyaml-CVE-2014-9130.patch b/SOURCES/libyaml-CVE-2014-9130.patch
new file mode 100644
index 0000000..00e15f3
--- /dev/null
+++ b/SOURCES/libyaml-CVE-2014-9130.patch
@@ -0,0 +1,28 @@
+From e6aa721cc0e5a48f408c52355559fd36780ba32a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ingy=20d=C3=B6t=20Net?= <ingy@ingy.net>
+Date: Fri, 28 Nov 2014 09:21:49 -0800
+Subject: [PATCH] Fix for https://bitbucket.org/xi/libyaml/issue/10/
+
+https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure
+
+Commenting out the assert makes the scanner do the right thing and
+results in just a simple parse failure.
+---
+ src/scanner.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/scanner.c b/src/scanner.c
+index 88d4fa5..c5f3d2f 100644
+--- a/src/scanner.c
++++ b/src/scanner.c
+@@ -1110,7 +1110,9 @@ yaml_parser_save_simple_key(yaml_parser_t *parser)
+      * line.  Therefore it is always allowed.  But we add a check anyway.
+      */
+ 
+-    assert(parser->simple_key_allowed || !required);    /* Impossible. */
++    /* XXX This caused:
++     * https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure
++    assert(parser->simple_key_allowed || !required); */    /* Impossible. */
+ 
+     /*
+      * If the current position may start a simple key, save it.
diff --git a/SPECS/libyaml.spec b/SPECS/libyaml.spec
index 2bf8d76..35a34ed 100644
--- a/SPECS/libyaml.spec
+++ b/SPECS/libyaml.spec
@@ -4,7 +4,7 @@
 
 Name:       libyaml
 Version:    0.1.4
-Release:    10%{?dist}
+Release:    11%{?dist}
 Summary:    YAML 1.1 parser and emitter written in C
 
 Group:      System Environment/Libraries
@@ -23,6 +23,7 @@ Patch2:     libyaml-CVE-2013-6393-indent-and-flow-overflow-1-of-3.patch
 Patch3:     libyaml-CVE-2013-6393-indent-and-flow-overflow-2-of-3.patch
 Patch4:     libyaml-CVE-2013-6393-indent-and-flow-overflow-3-of-3.patch
 Patch5:     libyaml-CVE-2014-2525-URL-buffer-overflow.patch
+Patch6:     libyaml-CVE-2014-9130.patch
 
 %description
 YAML is a data serialization format designed for human readability and
@@ -49,6 +50,7 @@ developing applications that use LibYAML.
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
+%patch6 -p1
 
 %build
 autoreconf -i -f
@@ -95,6 +97,9 @@ rm -rf %{buildroot}
 
 
 %changelog
+* Mon Dec 15 2014 John Eckersberg <eck@redhat.com> - 0.1.4-11
+- Add patch for CVE-2014-9130 (RHBZ#1169369)
+
 * Mon Mar 31 2014 John Eckersberg <jeckersb@redhat.com> - 0.1.4-10
 - Work around ldconfig bug with libyaml.so (bz1082822)