From 4fb0785db88e2a0fb513a4b554e0be125cc5e616 Mon Sep 17 00:00:00 2001
From: gaoyukun <gaoyukun@kylinos.cn>
Date: Fri, 7 Nov 2025 16:32:11 +0800
Subject: [PATCH] fix CVE-2017-11692

(cherry picked from commit dc0c68bf65a855b3c3d89b4a58eb8ab4013bb004)
---
 backport-CVE-2017-11692.patch | 37 +++++++++++++++++++++++++++++++++++
 yaml-cpp.spec                 |  9 ++++++++-
 2 files changed, 45 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2017-11692.patch

diff --git a/backport-CVE-2017-11692.patch b/backport-CVE-2017-11692.patch
new file mode 100644
index 0000000..6b72e59
--- /dev/null
+++ b/backport-CVE-2017-11692.patch
@@ -0,0 +1,37 @@
+diff -Nur old/src/singledocparser.cpp new/src/singledocparser.cpp
+Origin: https://github.com/jbeder/yaml-cpp/issues/519
+https://github.com/jbeder/yaml-cpp/commit/c9460110e072df84b7dee3eb651f2ec5df75fb18
+
+Fix reading empty token stack with a node with properties but no scalar.
+E.g. `!2`.
+---
+
+--- old/src/singledocparser.cpp	2025-06-13 10:50:47.845447021 +0800
++++ new/src/singledocparser.cpp	2025-06-13 10:55:35.609307604 +0800
+@@ -81,6 +81,12 @@
+   if (!anchor_name.empty())
+     eventHandler.OnAnchor(mark, anchor_name);
+ 
++  // after parsing properties, an empty node is again a possibility
++  if (m_scanner.empty()) {
++    eventHandler.OnNull(mark, anchor);
++    return;
++  }
++
+   const Token& token = m_scanner.peek();
+ 
+   if (token.type == Token::PLAIN_SCALAR && IsNullString(token.value)) {
+
+--- a/test/integration/load_node_test.cpp	2019-09-26 00:56:00.000000000 +0800
++++ b/test/integration/load_node_test.cpp	2025-11-07 11:43:29.801096833 +0800
+@@ -257,5 +257,10 @@
+     EXPECT_EQ(node.as<std::string>(), "foo");
+ }
+ 
++TEST(NodeTest, LoadTagWithNullScalar) {
++  Node node = Load("!2");
++  EXPECT_TRUE(node.IsNull());
++}
++
+ }  // namespace
+ }  // namespace YAML
diff --git a/yaml-cpp.spec b/yaml-cpp.spec
index 5a4033b..9429be3 100755
--- a/yaml-cpp.spec
+++ b/yaml-cpp.spec
@@ -1,12 +1,13 @@
 Name:               yaml-cpp
 Version:            0.6.3
-Release:            2
+Release:            3
 Summary:            A YAML parser and emitter in C++.
 License:            MIT
 URL:                https://github.com/jbeder/yaml-cpp
 Source0:            https://github.com/jbeder/yaml-cpp/archive/%{name}-%{version}.tar.gz
 Patch0001:          CVE-2017-5950.patch
 Patch0002:          Add-the-support-to-parsing-a-null-value.patch
+Patch0003:          backport-CVE-2017-11692.patch
 BuildRequires:      cmake gcc gcc-c++
 
 %description
@@ -69,6 +70,12 @@ cd -
 
 
 %changelog
+* Fri Nov 07 2025 gaoyukun <gaoyukun@kylinos.cn> - 0.6.3-3
+- Type:cves
+- CVE:CVE-2017-11692
+- SUG:NA
+- DESC:fix CVE-2017-11692
+
 * Fri Jun 14 2024 xu_ping <707078654@qq.com> - 0.6.3-2
 - Add the support to parsing a null value.
 
-- 
Gitee