Sync from SUSE:ALP:Source:Standard:1.0 libyajl revision 4e0990556511a0e72b17594882a13799

This commit is contained in:
Adrian Schröter 2023-07-28 11:28:06 +02:00
commit 2048486461
13 changed files with 507 additions and 0 deletions

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

BIN
2.1.0.tar.gz (Stored with Git LFS) Normal file

Binary file not shown.

4
baselibs.conf Normal file
View File

@ -0,0 +1,4 @@
libyajl2
libyajl-devel
requires -libyajl-<targettype>
requires "libyajl2-<targettype> = <version>"

22
json_reformat.1 Normal file
View File

@ -0,0 +1,22 @@
.TH json_reformat 1
.SH NAME
json_reformat \- Reformat json from stdin
.SH SYNOPSIS
.B json_reformat
[
.I OPTION
]
.SH "DESCRIPTION"
A sample program to demonstrate the use of yajl. json_reformat reformats json from stdin.
.SH OPTIONS
.TP
.B \-m
minimize json rather than beautify (default)
.TP
.B \-u
allow invalid UTF8 inside strings during parsing
.BR
.SH AUTHORS
Lloyd Hilaiel <lloyd@hilaiel.com>

25
json_verify.1 Normal file
View File

@ -0,0 +1,25 @@
.TH json_verify 1
.SH NAME
json_verify \- Validate json from stdin
.SH SYNOPSIS
.B json_verify
[
.I OPTION
]
.SH "DESCRIPTION"
A sample program to demonstrate the use of yajl. json_verify validates json from stdin.
.SH OPTIONS
.TP
.B \-q
quiet mode
.TP
.B \-c
allow comments
.TP
.B \-u
allow invalid utf8 inside strings
.BR
.SH AUTHORS
Lloyd Hilaiel <lloyd@hilaiel.com>

View File

@ -0,0 +1,36 @@
From d3a528c788ba9e531fab91db41d3a833c54da325 Mon Sep 17 00:00:00 2001
From: Jacek Tomasiak <jacek.tomasiak@gmail.com>
Date: Thu, 12 May 2022 13:02:47 +0200
Subject: [PATCH] Fix CVE-2022-24795 (from brianmario/yajl-ruby)
The buffer reallocation could cause heap corruption because of `need`
overflow for large inputs. In addition, there's a possible infinite loop
in case `need` reaches zero.
The fix is to `abort()` if the loop ends with lower value of `need` than
when it started.
---
src/yajl_buf.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
Index: yajl-2.1.0/src/yajl_buf.c
===================================================================
--- yajl-2.1.0.orig/src/yajl_buf.c
+++ yajl-2.1.0/src/yajl_buf.c
@@ -45,7 +45,15 @@ void yajl_buf_ensure_available(yajl_buf
need = buf->len;
- while (want >= (need - buf->used)) need <<= 1;
+ while (need > 0 && want >= (need - buf->used)) {
+ /* this eventually "overflows" to zero */
+ need <<= 1;
+ }
+
+ /* overflow */
+ if (need < buf->len) {
+ abort();
+ }
if (need != buf->len) {
buf->data = (unsigned char *) YA_REALLOC(buf->alloc, buf->data, need);

View File

@ -0,0 +1,27 @@
From c5597ea8483116d4f4cd104b8c3d641e4d4385fa Mon Sep 17 00:00:00 2001
From: Jim Fehlig <jfehlig@suse.com>
Date: Fri, 7 Jul 2023 15:21:21 -0600
Subject: [PATCH] Fix for CVE-2023-33460
Fix memory leak in yajl_tree_parse function
---
src/yajl_tree.c | 6 ++++++
1 file changed, 6 insertions(+)
Index: yajl-2.1.0/src/yajl_tree.c
===================================================================
--- yajl-2.1.0.orig/src/yajl_tree.c
+++ yajl-2.1.0/src/yajl_tree.c
@@ -445,6 +445,12 @@ yajl_val yajl_tree_parse (const char *in
YA_FREE(&(handle->alloc), internal_err_str);
}
yajl_free (handle);
+ /*
+ * If the requested memory is not released in time, it will cause
+ * memory leakage
+ */
+ if(ctx.root)
+ yajl_tree_free(ctx.root);
return NULL;
}

13
libyajl-lib_suffix.patch Normal file
View File

@ -0,0 +1,13 @@
Index: yajl-2.1.0/src/CMakeLists.txt
===================================================================
--- yajl-2.1.0.orig/src/CMakeLists.txt
+++ yajl-2.1.0/src/CMakeLists.txt
@@ -28,7 +28,7 @@ SET (PUB_HDRS api/yajl_parse.h api/yajl_
ADD_DEFINITIONS(-DYAJL_BUILD)
# set up some paths
-SET (libDir ${CMAKE_CURRENT_BINARY_DIR}/../${YAJL_DIST_NAME}/lib)
+SET (libDir ${CMAKE_CURRENT_BINARY_DIR}/../${YAJL_DIST_NAME}/${LIB_SUFFIX})
SET (incDir ${CMAKE_CURRENT_BINARY_DIR}/../${YAJL_DIST_NAME}/include/yajl)
SET (shareDir ${CMAKE_CURRENT_BINARY_DIR}/../${YAJL_DIST_NAME}/share/pkgconfig)

13
libyajl-optflags.patch Normal file
View File

@ -0,0 +1,13 @@
Index: yajl-2.1.0/CMakeLists.txt
===================================================================
--- yajl-2.1.0.orig/CMakeLists.txt
+++ yajl-2.1.0/CMakeLists.txt
@@ -59,7 +59,7 @@ ELSE (WIN32)
"${CMAKE_C_FLAGS} -std=c99 -pedantic -Wpointer-arith -Wno-format-y2k -Wstrict-prototypes -Wmissing-declarations -Wnested-externs -Wextra -Wundef -Wwrite-strings -Wold-style-definition -Wredundant-decls -Wno-unused-parameter -Wno-sign-compare -Wmissing-prototypes")
SET(CMAKE_C_FLAGS_DEBUG "-DDEBUG -g")
- SET(CMAKE_C_FLAGS_RELEASE "-DNDEBUG -O2 -Wuninitialized")
+ SET(CMAKE_C_FLAGS_RELEASE "$ENV{OPTFLAGS} -Wuninitialized")
ENDIF (WIN32)

10
libyajl-pkgconfig.patch Normal file
View File

@ -0,0 +1,10 @@
Index: yajl-2.1.0/src/CMakeLists.txt
===================================================================
--- yajl-2.1.0.orig/src/CMakeLists.txt
+++ yajl-2.1.0/src/CMakeLists.txt
@@ -84,4 +84,4 @@ INSTALL(TARGETS yajl
INSTALL(TARGETS yajl_s ARCHIVE DESTINATION lib${LIB_SUFFIX})
INSTALL(FILES ${PUB_HDRS} DESTINATION include/yajl)
INSTALL(FILES ${incDir}/yajl_version.h DESTINATION include/yajl)
-INSTALL(FILES ${shareDir}/yajl.pc DESTINATION share/pkgconfig)
+INSTALL(FILES ${shareDir}/yajl.pc DESTINATION lib${LIB_SUFFIX}/pkgconfig)

4
libyajl-rpmlintrc Normal file
View File

@ -0,0 +1,4 @@
addFilter("no-dependency-on libyajl/libyajl-libs/liblibyajl")
addFilter("libyajl-devel-static..*: W: shlib-policy-missing-lib")
addFilter("no-manual-page-for-binary .*")
addFilter("macro-in-comment .*")

191
libyajl.changes Normal file
View File

@ -0,0 +1,191 @@
-------------------------------------------------------------------
Fri Jul 7 21:27:27 UTC 2023 - James Fehlig <jfehlig@suse.com>
- add libyajl-CVE-2023-33460.patch (CVE-2023-33460, bsc#1212928)
-------------------------------------------------------------------
Mon May 22 21:27:50 UTC 2023 - Jiri Srain <jsrain@suse.com>
- update the upstream source URL
-------------------------------------------------------------------
Fri May 13 10:24:20 UTC 2022 - Jacek Tomasiak <jtomasiak@suse.com>
- add libyajl-CVE-2022-24795.patch (CVE-2022-24795, bsc#1198405)
-------------------------------------------------------------------
Fri Aug 2 08:00:08 UTC 2019 - Martin Liška <mliska@suse.cz>
- Use FAT LTO objects in order to provide proper static library.
-------------------------------------------------------------------
Mon Mar 25 16:58:41 UTC 2019 - olaf@aepfle.de
- Install pkgconfig into libdir instead of datadir with libyajl-pkgconfig.patch
- Use autosetup and cmake_build macro
- Rename macro soname to sover
-------------------------------------------------------------------
Tue Mar 27 11:44:33 CEST 2018 - kukuk@suse.de
- Use %license instead of %doc [bsc#1082318]
- Move other docu to -devel package where it better fits
-------------------------------------------------------------------
Sun Apr 26 13:12:49 UTC 2015 - mpluskal@suse.com
- Use correct url for download
- Add dependency on doxygen for doc generation
- Cleanup spec file with spec-clener
-------------------------------------------------------------------
Wed Nov 05 12:00:00 UTC 2014 - ku.b@gmx.de
- update to 2.1.0
- 2.1.0
- @nonodename, @patperry - fixed some compiler warnings
- @yep, @emaste - documentation improvements
- @sgravrock - build fix for NetBSD (and whenever sh != bash)
- @rotty, @brimstone3, @lloyd - allow client to reset generator
- @sgravrock - remove bash dependencies
- @lloyd - add api tests
- @rflynn - remove ruby dependency
- @cloderic - nmake install works on windows
- @shahbag - build fix for qnx
- @breese - debugging improvements
- @lloyd - json_verify supports -s flag for stream processing
- @lloyd - json_reformat supports -s flag for stream processing
- 2.0.4
- @jcekstrom - additional checking in integer parsing
- @jcekstrom - fix a bug in yajl_tree that would cause valid json integersto fail to parse
- @plaguemorin - fix a memory leak in yajl_tree (error strings were being leaked)
- @7AC - reset errno
- @ConradIrwin - include flags to reformatter to allow toggling of escape solidus option
- 2.0.3
- John Stamp generation of a pkgconfig file at build time.
- @robzuber bugfix in yajl_tree_get()
- @lloyd - fix for compilation on 64 bit windows
- 2.0.2
- lth fix typos in yajl_tree.h macros YAJL_IS_INTEGER and YAJL_IS_DOUBLE,
contributed by Artem S Vybornov.
- lth add #ifdef __cplusplus wrappers to yajl_tree to allow proper
usage from many populer C++ compilers.
- fix array access
-------------------------------------------------------------------
Sun Jan 29 21:47:14 UTC 2012 - jengelh@medozas.de
- Remove redundant tags/sections per specfile guideline suggestions
-------------------------------------------------------------------
Fri Sep 16 17:21:42 UTC 2011 - jengelh@medozas.de
- Add libyajl-devel to baselibs
-------------------------------------------------------------------
Tue Aug 16 16:38:57 UTC 2011 - mrueckert@suse.de
- bump baselibs.conf
-------------------------------------------------------------------
Fri Aug 12 11:09:08 UTC 2011 - mrueckert@suse.de
- update to 2.0.1
- lth generator flag to allow client to specify they want escaped
solidi '/'. issue #28
- lth crash fix when yajl_parse() is never called. issue #27
- additional changes from 2.0.0
- lth YAJL is now ISC licensed:
http://en.wikipedia.org/wiki/ISC_license
- lth 20-35% (osx and linux respectively) parsing performance
improvement attained by tweaking string scanning (idea:
@michaelrhanson).
- Florian Forster & lth - yajl_tree interface introduced as a
higher level interface to the parser (eats JSON, poops a memory
representation)
- lth require a C99 compiler
- lth integers are now represented with long long (64bit+) on all
platforms.
- lth size_t now used throughout to represent buffer lengths, so
you can safely manage buffers greater than 4GB.
- gno semantic improvements to yajl's API regarding partial value
parsing and trailing garbage
- lth new configuration mechanism for yajl, see yajl_config() and
yajl_gen_config()
- gno more allocation checking in more places
- gno remove usage of strtol, replace with custom implementation
that cares not about your locale.
- lth yajl_parse_complete renamed to yajl_complete_parse.
- lth add a switch to validate utf8 strings as they are
generated.
- lth tests are a lot quieter in their output.
- lth addition of a little in tree performance benchmark,
`perftest` in perf/perftest.c
- additional changes from 1.0.12
- Conrad Irwin - Parse null bytes correctly
- Mirek Rusin - fix LLVM warnings
- gno - Don't generate numbers for keys. closes #13
- lth - various win32 fixes, including build documentation
improvements
- John Stamp - Don't export private symbols.
- John Stamp - Install yajl_version.h, not the template.
- John Stamp - Don't use -fPIC for static lib. Cmake will
automatically add it for the shared.
- lth 0 fix paths embedded in dylib upon installation on osx.
closes #11
- refreshed optflags patch
-------------------------------------------------------------------
Wed Jun 1 22:33:07 MDT 2011 - jfehlig@novell.com
- Add man pages for json_{reformat,verify}
-------------------------------------------------------------------
Wed Apr 13 10:43:49 MDT 2011 - jfehlig@novell.com
- Add filters to rpmlintrc
- spec file: Document githash usage in tarbal name
-------------------------------------------------------------------
Wed Apr 13 10:43:49 MDT 2011 - jfehlig@novell.com
- Add filters to rpmlintrc
- spec file: Document githash usage in tarbal name
-------------------------------------------------------------------
Fri Apr 8 20:43:36 UTC 2011 - coolo@novell.com
- add baselibs.conf for 32bit library support
-------------------------------------------------------------------
Wed Feb 9 19:03:53 UTC 2011 - pascal.bleser@opensuse.org
- revert last change, it is BSD3c indeed, and totally unrelated to
bnc#670525
-------------------------------------------------------------------
Wed Feb 9 18:57:38 UTC 2011 - pascal.bleser@opensuse.org
- fix license, changed from erroneous BSD3c to MIT, as stated on
http://pyyaml.org/wiki/LibYAML, sort of fixes bnc#670525
-------------------------------------------------------------------
Tue Dec 21 23:02:41 UTC 2010 - pascal.bleser@opensuse.org
- merge yajl package from darix:
* lib -> LIBDIR patch
* -devel-static subpackage
-------------------------------------------------------------------
Wed Dec 1 21:38:19 UTC 2010 - pascal.bleser@opensuse.org
- update to 1.0.11: no user-visible changes
- changes from 1.0.10:
* yajl version number now programatically accessible
-------------------------------------------------------------------
Mon Jul 12 19:11:08 UTC 2010 - pascal.bleser@opensuse.org
- initial package (1.0.9)

136
libyajl.spec Normal file
View File

@ -0,0 +1,136 @@
#
# spec file for package libyajl
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define sover 2
Name: libyajl
Version: 2.1.0
Release: 0
Summary: Yet Another JSON Library
License: ISC
Group: System/Libraries
URL: http://lloyd.github.com/yajl/
Source0: https://github.com/lloyd/yajl/archive/refs/tags/%{version}.tar.gz
Source1: baselibs.conf
Source2: json_reformat.1
Source3: json_verify.1
Source99: %{name}-rpmlintrc
Patch1: libyajl-optflags.patch
Patch2: libyajl-lib_suffix.patch
Patch3: libyajl-pkgconfig.patch
Patch4: libyajl-CVE-2022-24795.patch
Patch5: libyajl-CVE-2023-33460.patch
BuildRequires: bison
BuildRequires: cmake
BuildRequires: doxygen
BuildRequires: flex
BuildRequires: gcc-c++
BuildRequires: pkg-config
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
YAJL is a small event-driven (SAX-style) JSON parser written in ANSI C, and a
small validating JSON generator.
%package -n %{name}%{sover}
Summary: Yet Another JSON Library
Group: System/Libraries
%description -n %{name}%{sover}
YAJL is a small event-driven (SAX-style) JSON parser written in ANSI C, and a
small validating JSON generator.
%package -n %{name}-devel
Summary: Yet Another JSON Library (Development Environment)
Group: Development/Libraries/C and C++
Requires: %{name}%{sover} = %{version}
%description -n %{name}-devel
YAJL is a small event-driven (SAX-style) JSON parser written in ANSI C, and a
small validating JSON generator.
This package provides the necessary environment for compiling and linking
against %{name}.
%package -n %{name}-devel-static
Summary: Yet Another JSON Library (Static Library)
Group: Development/Libraries/C and C++
Requires: %{name}-devel = %{version}
%description -n %{name}-devel-static
YAJL is a small event-driven (SAX-style) JSON parser written in ANSI C, and a
small validating JSON generator.
This package provides the necessary environment for linking statically
against %{name}.
%package -n yajl
Summary: Yet Another JSON Library Tools
Group: Productivity/Text/Utilities
Requires: %{name}%{sover} = %{version}
%description -n yajl
YAJL is a small event-driven (SAX-style) JSON parser written in ANSI C, and a
small validating JSON generator.
This package provides a few command-line utilities for processing JSON files.
%prep
%autosetup -p1 -n yajl-%{version}
%build
%global _lto_cflags %{_lto_cflags} -ffat-lto-objects
%cmake
%cmake_build
%install
%cmake_install
install -d -m 0755 %{buildroot}%{_mandir}/man1
install -m644 %{SOURCE2} %{SOURCE3} %{buildroot}/%{_mandir}/man1
%check
make %{?_smp_mflags} test
%post -n %{name}%{sover} -p /sbin/ldconfig
%postun -n %{name}%{sover} -p /sbin/ldconfig
%files -n %{name}%{sover}
%defattr(-,root,root)
%license COPYING
%{_libdir}/libyajl.so.%{sover}
%{_libdir}/libyajl.so.%{sover}.*
%files -n %{name}-devel
%defattr(-,root,root)
%doc README TODO
%{_includedir}/yajl
%{_libdir}/libyajl.so
%{_libdir}/pkgconfig/yajl.pc
%files -n %{name}-devel-static
%defattr(-,root,root)
%{_libdir}/libyajl_s.a
%files -n yajl
%defattr(-,root,root)
%{_mandir}/man1/json_reformat.1*
%{_mandir}/man1/json_verify.1*
%{_bindir}/json_reformat
%{_bindir}/json_verify
%changelog