From c2497343a5fdbbd3ea116570ad38ca9fb1a353e8 Mon Sep 17 00:00:00 2001
From: John Eckersberg <jeckersb@redhat.com>
Date: Mon, 23 Mar 2015 12:43:21 -0400
Subject: [PATCH] Add patch for CVE-2014-9130 (bug 1204829)

---
 PyYAML-CVE-2014-9130.patch | 35 +++++++++++++++++++++++++++++++++++
 PyYAML.spec                | 11 ++++++++++-
 2 files changed, 45 insertions(+), 1 deletion(-)
 create mode 100644 PyYAML-CVE-2014-9130.patch

diff --git a/PyYAML-CVE-2014-9130.patch b/PyYAML-CVE-2014-9130.patch
new file mode 100644
index 0000000..c47a9b5
--- /dev/null
+++ b/PyYAML-CVE-2014-9130.patch
@@ -0,0 +1,35 @@
+# HG changeset patch
+# User Kirill Simonov <xi@resolvent.net>
+# Date 1417197216 21600
+# Node ID ddf211a41bb231c365fece5599b7e484e6dc33fc
+# Parent  263dff6f9664ccdc532283ba5c7b282c0e436a7b
+Removed invalid simple key assertion.
+
+diff --git a/lib/yaml/scanner.py b/lib/yaml/scanner.py
+--- a/lib/yaml/scanner.py
++++ b/lib/yaml/scanner.py
+@@ -297,10 +297,6 @@
+         # Check if a simple key is required at the current position.
+         required = not self.flow_level and self.indent == self.column
+ 
+-        # A simple key is required only if it is the first token in the current
+-        # line. Therefore it is always allowed.
+-        assert self.allow_simple_key or not required
+-
+         # The next token might be a simple key. Let's save it's number and
+         # position.
+         if self.allow_simple_key:
+diff --git a/lib3/yaml/scanner.py b/lib3/yaml/scanner.py
+--- a/lib3/yaml/scanner.py
++++ b/lib3/yaml/scanner.py
+@@ -297,10 +297,6 @@
+         # Check if a simple key is required at the current position.
+         required = not self.flow_level and self.indent == self.column
+ 
+-        # A simple key is required only if it is the first token in the current
+-        # line. Therefore it is always allowed.
+-        assert self.allow_simple_key or not required
+-
+         # The next token might be a simple key. Let's save it's number and
+         # position.
+         if self.allow_simple_key:
diff --git a/PyYAML.spec b/PyYAML.spec
index 2444c37..9f8e3aa 100644
--- a/PyYAML.spec
+++ b/PyYAML.spec
@@ -6,7 +6,7 @@
 
 Name:           PyYAML
 Version:        3.11
-Release:        6%{?dist}
+Release:        7%{?dist}
 Summary:        YAML parser and emitter for Python
 
 Group:          Development/Libraries
@@ -27,6 +27,10 @@ BuildRequires: python3-Cython
 # https://bitbucket.org/xi/pyyaml/issue/35/test-fails-on-be-s390-x-ppc64
 Patch0: debian-big-endian-fix.patch
 
+# CVE-2014-9130 assert failure when processing wrapped strings
+# https://bugzilla.redhat.com/show_bug.cgi?id=1204829
+Patch1: PyYAML-CVE-2014-9130.patch
+
 %description
 YAML is a data serialization format designed for human readability and
 interaction with scripting languages.  PyYAML is a YAML parser and
@@ -65,6 +69,8 @@ configuration files to object serialization and persistance.
 %patch0 -p1 -b .be
 chmod a-x examples/yaml-highlight/yaml_hl.py
 
+%patch1 -p1
+
 # remove pre-generated file
 rm -rf ext/_yaml.c
 
@@ -121,6 +127,9 @@ popd
 
 
 %changelog
+* Mon Mar 23 2015 John Eckersberg <eck@redhat.com> - 3.11-7
+- Add patch for CVE-2014-9130 (bug 1204829)
+
 * Mon Sep 15 2014 Jakub Čajka <jcajka@redhat.com> - 3.11-6
 - fixed typecast issues using debian patch(int->size_t)(BZ#1140189)
 - spec file cleanup