[PyYAML/el5] Add patch for CVE-2014-9130 (bug 1204829)

[John Eckersberg]

commit 4ef1fd5366a96ddb1d21ccaa536a09317290b3c4
Author: John Eckersberg <jeckersb at redhat.com>
Date:   Mon Mar 23 12:43:21 2015 -0400

    Add patch for CVE-2014-9130 (bug 1204829)

 PyYAML-CVE-2014-9130.patch | 35 +++++++++++++++++++++++++++++++++++
 PyYAML.spec                | 11 ++++++++++-
 2 files changed, 45 insertions(+), 1 deletion(-)
---
diff --git a/PyYAML-CVE-2014-9130.patch b/PyYAML-CVE-2014-9130.patch
new file mode 100644
index 0000000..c47a9b5
--- /dev/null
+++ b/PyYAML-CVE-2014-9130.patch
@@ -0,0 +1,35 @@
+# HG changeset patch
+# User Kirill Simonov <xi at resolvent.net>
+# Date 1417197216 21600
+# Node ID ddf211a41bb231c365fece5599b7e484e6dc33fc
+# Parent  263dff6f9664ccdc532283ba5c7b282c0e436a7b
+Removed invalid simple key assertion.
+
+diff --git a/lib/yaml/scanner.py b/lib/yaml/scanner.py
+--- a/lib/yaml/scanner.py
++++ b/lib/yaml/scanner.py
+@@ -297,10 +297,6 @@
+         # Check if a simple key is required at the current position.
+         required = not self.flow_level and self.indent == self.column
+ 
+-        # A simple key is required only if it is the first token in the current
+-        # line. Therefore it is always allowed.
+-        assert self.allow_simple_key or not required
+-
+         # The next token might be a simple key. Let's save it's number and
+         # position.
+         if self.allow_simple_key:
+diff --git a/lib3/yaml/scanner.py b/lib3/yaml/scanner.py
+--- a/lib3/yaml/scanner.py
++++ b/lib3/yaml/scanner.py
+@@ -297,10 +297,6 @@
+         # Check if a simple key is required at the current position.
+         required = not self.flow_level and self.indent == self.column
+ 
+-        # A simple key is required only if it is the first token in the current
+-        # line. Therefore it is always allowed.
+-        assert self.allow_simple_key or not required
+-
+         # The next token might be a simple key. Let's save it's number and
+         # position.
+         if self.allow_simple_key:
diff --git a/PyYAML.spec b/PyYAML.spec
index 57ab575..1fa8a4d 100644
--- a/PyYAML.spec
+++ b/PyYAML.spec
@@ -6,7 +6,7 @@
 
 Name:           PyYAML
 Version:        3.09
-Release:        10%{?dist}
+Release:        11%{?dist}
 Summary:        YAML parser and emitter for Python
 
 Group:          Development/Libraries
@@ -22,6 +22,10 @@ BuildRequires: python3-devel
 BuildRequires: python3-setuptools
 %endif
 
+# CVE-2014-9130 assert failure when processing wrapped strings
+# https://bugzilla.redhat.com/show_bug.cgi?id=1204829
+Patch1: PyYAML-CVE-2014-9130.patch
+
 %description
 YAML is a data serialization format designed for human readability and
 interaction with scripting languages.  PyYAML is a YAML parser and
@@ -64,6 +68,8 @@ rm -rf %{py3dir}
 cp -a . %{py3dir}
 %endif
 
+%patch1 -p1
+
 
 %build
 CFLAGS="${RPM_OPT_FLAGS}" %{__python} setup.py --with-libyaml build
@@ -114,6 +120,9 @@ rm -rf %{buildroot}
 
 
 %changelog
+* Mon Mar 23 2015 John Eckersberg <eck at redhat.com> - 3.09-11
+- Add patch for CVE-2014-9130 (bug 1204829)
+
 * Mon Feb  3 2014 John Eckersberg <jeckersb at redhat.com> - 3.09-10
 - Add Provides for python-yaml (BZ#740390)