Updating liguros repo

6 files changed, 155 insertions, 160 deletions

diff --git a/dev-cpp/yaml-cpp/Manifest b/dev-cpp/yaml-cpp/Manifest
index 9a5094e8b595..65c478502e0d 100644
--- a/dev-cpp/yaml-cpp/Manifest
+++ b/dev-cpp/yaml-cpp/Manifest
@@ -1,2 +1 @@
-DIST yaml-cpp-0.6.2.tar.gz 1396250 BLAKE2B be342c212c980cdb03349dbafbe1db0bb581123b4dd6909393d3cdc86145b997a9d2f9b57a5e9d7c8cc60cdfd03f1c37e9db610d8784f2d29fdeada5ab322894 SHA512 fea8ce0a20a00cbc75023d1db442edfcd32d0ac57a3c41b32ec8d56f87cc1d85d7dd7a923ce662f5d3a315f91a736d6be0d649997acd190915c1d68cc93795e4
 DIST yaml-cpp-0.6.3.tar.gz 1398768 BLAKE2B 07abe1c56740105a0af2335bb1cd48086cb614d9d04c61342e53788bfb043fd7eb2629e441a0a5be50898b288f3526f1707c5fdf1d734395b6450c3103773b14 SHA512 68b9ce987cabc1dec79382f922de20cc2c222cb9c090ecb93dc686b048da5c917facf4fce6d8f72feea44b61e5a6770ed3b0c199c4cd4e6bde5b6245c09f8e49
diff --git a/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.2-CVE-2017-5950.patch b/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.2-CVE-2017-5950.patch
deleted file mode 100644
index 2892108bd250..000000000000
--- a/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.2-CVE-2017-5950.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From d540476e31b080aa1f903ad20ec0426dd3838be7 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= <anarcat@debian.org>
-Date: Tue, 25 Apr 2017 20:10:20 -0400
-Subject: [PATCH] fix stack overflow in HandleNode() (CVE-2017-5950)
-
-simply set a hardcoded recursion limit to 2000 (inspired by Python's)
-to avoid infinitely recursing into arbitrary data structures
-
-assert() the depth. unsure if this is the right approach, but given
-that HandleNode() is "void", I am not sure how else to return an
-error. the problem with this approach of course is that it will still
-crash the caller, unless they have proper exception handling in place.
-
-Closes: #459
----
- src/singledocparser.cpp | 2 ++
- src/singledocparser.h   | 2 ++
- 2 files changed, 4 insertions(+)
-
-diff --git a/src/singledocparser.cpp b/src/singledocparser.cpp
-index a27c1c3b..1b4262ee 100644
---- a/src/singledocparser.cpp
-+++ b/src/singledocparser.cpp
-@@ -46,6 +46,8 @@ void SingleDocParser::HandleDocument(EventHandler& eventHandler) {
- }
- 
- void SingleDocParser::HandleNode(EventHandler& eventHandler) {
-+  assert(depth < depth_limit);
-+  depth++;
-   // an empty node *is* a possibility
-   if (m_scanner.empty()) {
-     eventHandler.OnNull(m_scanner.mark(), NullAnchor);
-diff --git a/src/singledocparser.h b/src/singledocparser.h
-index 2b92067c..7046f1e2 100644
---- a/src/singledocparser.h
-+++ b/src/singledocparser.h
-@@ -51,6 +51,8 @@ class SingleDocParser : private noncopyable {
-   anchor_t LookupAnchor(const Mark& mark, const std::string& name) const;
- 
-  private:
-+  int depth = 0;
-+  int depth_limit = 2000;
-   Scanner& m_scanner;
-   const Directives& m_directives;
-   std::unique_ptr<CollectionStack> m_pCollectionStack;
diff --git a/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.2-unbundle-gtest.patch b/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.2-unbundle-gtest.patch
deleted file mode 100644
index 671bde36704a..000000000000
--- a/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.2-unbundle-gtest.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From 259f944bc3e45420f5891737101260f07ab3030a Mon Sep 17 00:00:00 2001
-From: "Azamat H. Hackimov" <azamat.hackimov@gmail.com>
-Date: Tue, 27 Feb 2018 14:17:49 +0500
-Subject: [PATCH] Externalize googletest project
-
-Externalize gtest to avoid installation, fixes #539.
----
- test/CMakeLists.txt | 35 ++++++++++++++++++++++++++---------
- 1 file changed, 26 insertions(+), 9 deletions(-)
-
-diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt
-index 3633da5..7b39dd4 100644
---- a/test/CMakeLists.txt
-+++ b/test/CMakeLists.txt
-@@ -1,16 +1,27 @@
-+include(ExternalProject)
-+
-+ExternalProject_Add(
-+	googletest_project
-+	SOURCE_DIR "${CMAKE_SOURCE_DIR}/test/gtest-1.8.0"
-+	INSTALL_DIR "${CMAKE_BINARY_DIR}/prefix"
-+	CMAKE_ARGS -DCMAKE_INSTALL_PREFIX:PATH=<INSTALL_DIR> -DBUILD_GMOCK=ON
-+)
-+
-+add_library(gmock UNKNOWN IMPORTED)
-+set_target_properties(gmock PROPERTIES
-+	IMPORTED_LOCATION ${PROJECT_BINARY_DIR}/prefix/lib/libgmock.a
-+)
-+
-+find_package(Threads)
-+
-+include_directories(SYSTEM "${PROJECT_BINARY_DIR}/prefix/include")
-+
- set(gtest_force_shared_crt ${MSVC_SHARED_RT} CACHE BOOL
-   "Use shared (DLL) run-time lib even when Google Test built as a static lib.")
--add_subdirectory(gtest-1.8.0)
--include_directories(SYSTEM gtest-1.8.0/googlemock/include)
--include_directories(SYSTEM gtest-1.8.0/googletest/include)
--
--if(WIN32 AND BUILD_SHARED_LIBS)
--  add_definitions("-DGTEST_LINKED_AS_SHARED_LIBRARY")
--endif()
- 
- if(CMAKE_CXX_COMPILER_ID MATCHES "GNU" OR
-    CMAKE_CXX_COMPILER_ID MATCHES "Clang")
--  set(yaml_test_flags "-Wno-variadic-macros -Wno-sign-compare")
-+	set(yaml_test_flags "-Wno-variadic-macros -Wno-sign-compare")
- 
-   if(CMAKE_CXX_COMPILER_ID MATCHES "Clang")
-     set(yaml_test_flags "${yaml_test_flags} -Wno-c99-extensions")
-@@ -36,9 +47,15 @@ add_executable(run-tests
- 	${test_sources}
- 	${test_headers}
- )
-+
-+add_dependencies(run-tests googletest_project)
-+
- set_target_properties(run-tests PROPERTIES
-   COMPILE_FLAGS "${yaml_c_flags} ${yaml_cxx_flags} ${yaml_test_flags}"
- )
--target_link_libraries(run-tests yaml-cpp gmock)
-+target_link_libraries(run-tests
-+	yaml-cpp
-+	gmock
-+	${CMAKE_THREAD_LIBS_INIT})
- 
- add_test(yaml-test ${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/run-tests)
--- 
-2.16.1
-
diff --git a/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.3-fix-overflows.patch b/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.3-fix-overflows.patch
new file mode 100644
index 000000000000..4c5418db22d3
--- /dev/null
+++ b/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.3-fix-overflows.patch
@@ -0,0 +1,149 @@
+This patch comes from the upstream commit here[1], slightly modified to
+apply to 0.6.3. The pull request[2] mentions fixing CVE-2017-5950,
+CVE-2018-{20573,20574}, and CVE-2019-6285. Note that CVE-2019-6292 appears to
+be a duplicate of CVE-2019-6285 [3].
+
+[1] https://github.com/jbeder/yaml-cpp/commit/4edff1fa5dbfca16fc72d89870841bee89f8ef89
+[2] https://github.com/jbeder/yaml-cpp/pull/807
+[3] https://github.com/jbeder/yaml-cpp/issues/660
+
+diff --git a/include/yaml-cpp/depthguard.h b/include/yaml-cpp/depthguard.h
+new file mode 100644
+index 00000000..8ca61ac6
+--- /dev/null
++++ b/include/yaml-cpp/depthguard.h
+@@ -0,0 +1,77 @@
++#ifndef DEPTH_GUARD_H_00000000000000000000000000000000000000000000000000000000
++#define DEPTH_GUARD_H_00000000000000000000000000000000000000000000000000000000
++
++#if defined(_MSC_VER) ||                                            \
++    (defined(__GNUC__) && (__GNUC__ == 3 && __GNUC_MINOR__ >= 4) || \
++     (__GNUC__ >= 4))  // GCC supports "pragma once" correctly since 3.4
++#pragma once
++#endif
++
++#include "exceptions.h"
++
++namespace YAML {
++
++/**
++ * @brief The DeepRecursion class
++ *  An exception class which is thrown by DepthGuard. Ideally it should be
++ * a member of DepthGuard. However, DepthGuard is a templated class which means
++ * that any catch points would then need to know the template parameters. It is
++ * simpler for clients to not have to know at the catch point what was the
++ * maximum depth.
++ */
++class DeepRecursion : public ParserException {
++public:
++  virtual ~DeepRecursion() = default;
++
++  DeepRecursion(int depth, const Mark& mark_, const std::string& msg_);
++
++  // Returns the recursion depth when the exception was thrown
++  int depth() const {
++    return m_depth;
++  }
++
++private:
++  int m_depth = 0;
++};
++
++/**
++ * @brief The DepthGuard class
++ *  DepthGuard takes a reference to an integer. It increments the integer upon
++ * construction of DepthGuard and decrements the integer upon destruction.
++ *
++ * If the integer would be incremented past max_depth, then an exception is
++ * thrown. This is ideally geared toward guarding against deep recursion.
++ *
++ * @param max_depth
++ *  compile-time configurable maximum depth.
++ */
++template <int max_depth = 2000>
++class DepthGuard final {
++public:
++  DepthGuard(int & depth_, const Mark& mark_, const std::string& msg_) : m_depth(depth_) {
++    ++m_depth;
++    if ( max_depth <= m_depth ) {
++        throw DeepRecursion{m_depth, mark_, msg_};
++    }
++  }
++
++  DepthGuard(const DepthGuard & copy_ctor) = delete;
++  DepthGuard(DepthGuard && move_ctor) = delete;
++  DepthGuard & operator=(const DepthGuard & copy_assign) = delete;
++  DepthGuard & operator=(DepthGuard && move_assign) = delete;
++
++  ~DepthGuard() {
++    --m_depth;
++  }
++
++  int current_depth() const {
++    return m_depth;
++  }
++
++private:
++    int & m_depth;
++};
++
++} // namespace YAML
++
++#endif // DEPTH_GUARD_H_00000000000000000000000000000000000000000000000000000000
+diff --git a/src/depthguard.cpp b/src/depthguard.cpp
+new file mode 100644
+index 00000000..b88cd340
+--- /dev/null
++++ b/src/depthguard.cpp
+@@ -0,0 +1,10 @@
++#include "yaml-cpp/depthguard.h"
++
++namespace YAML {
++
++DeepRecursion::DeepRecursion(int depth, const Mark& mark_, const std::string& msg_)
++    : ParserException(mark_, msg_),
++      m_depth(depth) {
++}
++
++} // namespace YAML
+diff --git a/src/singledocparser.cpp b/src/singledocparser.cpp
+index 47e9e047..3e5638be 100644
+--- a/src/singledocparser.cpp
++++ b/src/singledocparser.cpp
+@@ -7,6 +7,7 @@
+ #include "singledocparser.h"
+ #include "tag.h"
+ #include "token.h"
++#include "yaml-cpp/depthguard.h"
+ #include "yaml-cpp/emitterstyle.h"
+ #include "yaml-cpp/eventhandler.h"
+ #include "yaml-cpp/exceptions.h"  // IWYU pragma: keep
+@@ -47,6 +48,8 @@ void SingleDocParser::HandleDocument(EventHandler& eventHandler) {
+ }
+ 
+ void SingleDocParser::HandleNode(EventHandler& eventHandler) {
++  DepthGuard<2000> depthguard(depth, m_scanner.mark(), ErrorMsg::BAD_FILE);
++
+   // an empty node *is* a possibility
+   if (m_scanner.empty()) {
+     eventHandler.OnNull(m_scanner.mark(), NullAnchor);
+diff --git a/src/singledocparser.h b/src/singledocparser.h
+index c8cfca9d..f484eb1f 100644
+--- a/src/singledocparser.h
++++ b/src/singledocparser.h
+@@ -15,6 +15,7 @@
+ 
+ namespace YAML {
+ class CollectionStack;
++template <int> class DepthGuard; // depthguard.h
+ class EventHandler;
+ class Node;
+ class Scanner;
+@@ -55,6 +56,7 @@ class SingleDocParser {
+   anchor_t LookupAnchor(const Mark& mark, const std::string& name) const;
+ 
+  private:
++  int depth = 0;
+   Scanner& m_scanner;
+   const Directives& m_directives;
+   std::unique_ptr<CollectionStack> m_pCollectionStack;
diff --git a/dev-cpp/yaml-cpp/yaml-cpp-0.6.2.ebuild b/dev-cpp/yaml-cpp/yaml-cpp-0.6.2.ebuild
deleted file mode 100644
index 925e955fe1d7..000000000000
--- a/dev-cpp/yaml-cpp/yaml-cpp-0.6.2.ebuild
+++ /dev/null
@@ -1,42 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit cmake-multilib
-
-DESCRIPTION="YAML parser and emitter in C++"
-HOMEPAGE="https://github.com/jbeder/yaml-cpp"
-SRC_URI="https://github.com/jbeder/${PN}/archive/${P}.tar.gz"
-
-LICENSE="MIT"
-SLOT="0/0.6"
-KEYWORDS="amd64 ~arm arm64 ~hppa ppc ppc64 sparc x86 ~amd64-linux ~x86-linux"
-IUSE="test"
-RESTRICT="!test? ( test )"
-
-DEPEND="test? ( dev-cpp/gtest )"
-
-S="${WORKDIR}/${PN}-${P}"
-
-PATCHES=(
-	"${FILESDIR}/${P}-CVE-2017-5950.patch"
-	"${FILESDIR}/${P}-unbundle-gtest.patch"
-)
-
-src_prepare() {
-	sed -i \
-		-e 's:INCLUDE_INSTALL_ROOT_DIR:INCLUDE_INSTALL_DIR:g' \
-		yaml-cpp.pc.cmake || die
-
-	cmake-utils_src_prepare
-}
-
-src_configure() {
-	local mycmakeargs=(
-		-DBUILD_SHARED_LIBS=ON
-		-DYAML_CPP_BUILD_TOOLS=OFF # Don't have install rule
-		-DYAML_CPP_BUILD_TESTS=$(usex test)
-	)
-	cmake-multilib_src_configure
-}
diff --git a/dev-cpp/yaml-cpp/yaml-cpp-0.6.3-r1.ebuild b/dev-cpp/yaml-cpp/yaml-cpp-0.6.3-r3.ebuild
index 8a579eada7c4..8db7bca2434f 100644
--- a/dev-cpp/yaml-cpp/yaml-cpp-0.6.3-r1.ebuild
+++ b/dev-cpp/yaml-cpp/yaml-cpp-0.6.3-r3.ebuild
@@ -16,14 +16,18 @@ KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ppc ~ppc64 ~sparc ~x86 ~amd64-linux ~x86-lin
 IUSE="test"
 
 # test breaks build
-# RESTRICT="!test? ( test )"
+#RESTRICT="!test? ( test )"
 RESTRICT+="test"
 
 DEPEND="test? ( dev-cpp/gtest )"
 
 S="${WORKDIR}/${PN}-${P}"
 
-PATCHES=( "${FILESDIR}/${P}-abi-breakage.patch" )
+PATCHES=(
+	"${FILESDIR}/${P}-abi-breakage.patch"
+	"${FILESDIR}/${P}-CVE-2017-11692.patch"
+	"${FILESDIR}/${P}-fix-overflows.patch"
+)
 
 src_prepare() {
 	sed -i \