Sync from SUSE:ALP:Source:Standard:1.0 libyajl revision 4e0990556511a0e72b17594882a13799

.gitattributes

@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text

baselibs.conf

@@ -0,0 +1,4 @@
+libyajl2
+libyajl-devel
+	requires -libyajl-<targettype>
+	requires "libyajl2-<targettype> = <version>"

json_reformat.1

@@ -0,0 +1,22 @@
+.TH json_reformat 1
+.SH NAME
+json_reformat \- Reformat json from stdin
+.SH SYNOPSIS
+.B json_reformat
+[
+.I OPTION
+]
+.SH "DESCRIPTION"
+A sample program to demonstrate the use of yajl.  json_reformat reformats json from stdin.
+.SH OPTIONS
+.TP
+.B \-m
+minimize json rather than beautify (default)
+.TP
+.B \-u
+allow invalid UTF8 inside strings during parsing
+.BR
+.SH AUTHORS
+     Lloyd Hilaiel <lloyd@hilaiel.com>
+
+

json_verify.1

@@ -0,0 +1,25 @@
+.TH json_verify 1
+.SH NAME
+json_verify \- Validate json from stdin
+.SH SYNOPSIS
+.B json_verify
+[
+.I OPTION
+]
+.SH "DESCRIPTION"
+A sample program to demonstrate the use of yajl.  json_verify validates json from stdin.
+.SH OPTIONS
+.TP
+.B \-q
+quiet mode
+.TP
+.B \-c
+allow comments
+.TP
+.B \-u
+allow invalid utf8 inside strings
+.BR
+.SH AUTHORS
+     Lloyd Hilaiel <lloyd@hilaiel.com>
+
+

libyajl-CVE-2022-24795.patch

@@ -0,0 +1,36 @@
+From d3a528c788ba9e531fab91db41d3a833c54da325 Mon Sep 17 00:00:00 2001
+From: Jacek Tomasiak <jacek.tomasiak@gmail.com>
+Date: Thu, 12 May 2022 13:02:47 +0200
+Subject: [PATCH] Fix CVE-2022-24795 (from brianmario/yajl-ruby)
+
+The buffer reallocation could cause heap corruption because of `need`
+overflow for large inputs. In addition, there's a possible infinite loop
+in case `need` reaches zero.
+
+The fix is to `abort()` if the loop ends with lower value of `need` than
+when it started.
+---
+ src/yajl_buf.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+Index: yajl-2.1.0/src/yajl_buf.c
+===================================================================
+--- yajl-2.1.0.orig/src/yajl_buf.c
++++ yajl-2.1.0/src/yajl_buf.c
+@@ -45,7 +45,15 @@ void yajl_buf_ensure_available(yajl_buf
+ 
+     need = buf->len;
+ 
+-    while (want >= (need - buf->used)) need <<= 1;
++    while (need > 0 && want >= (need - buf->used)) {
++        /* this eventually "overflows" to zero */
++        need <<= 1;
++    }
++
++    /* overflow */
++    if (need < buf->len) {
++        abort();
++    }
+ 
+     if (need != buf->len) {
+         buf->data = (unsigned char *) YA_REALLOC(buf->alloc, buf->data, need);

libyajl-CVE-2023-33460.patch

@@ -0,0 +1,27 @@
+From c5597ea8483116d4f4cd104b8c3d641e4d4385fa Mon Sep 17 00:00:00 2001
+From: Jim Fehlig <jfehlig@suse.com>
+Date: Fri, 7 Jul 2023 15:21:21 -0600
+Subject: [PATCH] Fix for CVE-2023-33460
+
+Fix memory leak in yajl_tree_parse function
+---
+ src/yajl_tree.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+Index: yajl-2.1.0/src/yajl_tree.c
+===================================================================
+--- yajl-2.1.0.orig/src/yajl_tree.c
++++ yajl-2.1.0/src/yajl_tree.c
+@@ -445,6 +445,12 @@ yajl_val yajl_tree_parse (const char *in
+              YA_FREE(&(handle->alloc), internal_err_str);
+         }
+         yajl_free (handle);
++        /*
++         * If the requested memory is not released in time, it will cause
++         * memory leakage
++         */
++        if(ctx.root)
++            yajl_tree_free(ctx.root);
+         return NULL;
+     }
+ 

libyajl-lib_suffix.patch

@@ -0,0 +1,13 @@
+Index: yajl-2.1.0/src/CMakeLists.txt
+===================================================================
+--- yajl-2.1.0.orig/src/CMakeLists.txt
++++ yajl-2.1.0/src/CMakeLists.txt
+@@ -28,7 +28,7 @@ SET (PUB_HDRS api/yajl_parse.h api/yajl_
+ ADD_DEFINITIONS(-DYAJL_BUILD)
+ 
+ # set up some paths
+-SET (libDir ${CMAKE_CURRENT_BINARY_DIR}/../${YAJL_DIST_NAME}/lib)
++SET (libDir ${CMAKE_CURRENT_BINARY_DIR}/../${YAJL_DIST_NAME}/${LIB_SUFFIX})
+ SET (incDir ${CMAKE_CURRENT_BINARY_DIR}/../${YAJL_DIST_NAME}/include/yajl)
+ SET (shareDir ${CMAKE_CURRENT_BINARY_DIR}/../${YAJL_DIST_NAME}/share/pkgconfig)
+ 

libyajl-optflags.patch

@@ -0,0 +1,13 @@
+Index: yajl-2.1.0/CMakeLists.txt
+===================================================================
+--- yajl-2.1.0.orig/CMakeLists.txt
++++ yajl-2.1.0/CMakeLists.txt
+@@ -59,7 +59,7 @@ ELSE (WIN32)
+       "${CMAKE_C_FLAGS} -std=c99 -pedantic -Wpointer-arith -Wno-format-y2k -Wstrict-prototypes -Wmissing-declarations -Wnested-externs -Wextra	-Wundef -Wwrite-strings -Wold-style-definition -Wredundant-decls -Wno-unused-parameter -Wno-sign-compare -Wmissing-prototypes")
+ 
+   SET(CMAKE_C_FLAGS_DEBUG "-DDEBUG -g")
+-  SET(CMAKE_C_FLAGS_RELEASE "-DNDEBUG -O2 -Wuninitialized")
++  SET(CMAKE_C_FLAGS_RELEASE "$ENV{OPTFLAGS} -Wuninitialized")
+ ENDIF (WIN32)
+ 
+ 

libyajl-pkgconfig.patch

@@ -0,0 +1,10 @@
+Index: yajl-2.1.0/src/CMakeLists.txt
+===================================================================
+--- yajl-2.1.0.orig/src/CMakeLists.txt
++++ yajl-2.1.0/src/CMakeLists.txt
+@@ -84,4 +84,4 @@ INSTALL(TARGETS yajl
+ INSTALL(TARGETS yajl_s ARCHIVE DESTINATION lib${LIB_SUFFIX})
+ INSTALL(FILES ${PUB_HDRS} DESTINATION include/yajl)
+ INSTALL(FILES ${incDir}/yajl_version.h DESTINATION include/yajl)
+-INSTALL(FILES ${shareDir}/yajl.pc DESTINATION share/pkgconfig)
++INSTALL(FILES ${shareDir}/yajl.pc DESTINATION lib${LIB_SUFFIX}/pkgconfig)

libyajl-rpmlintrc

@@ -0,0 +1,4 @@
+addFilter("no-dependency-on libyajl/libyajl-libs/liblibyajl")
+addFilter("libyajl-devel-static..*: W: shlib-policy-missing-lib")
+addFilter("no-manual-page-for-binary .*")
+addFilter("macro-in-comment .*")

libyajl.changes

@@ -0,0 +1,191 @@
+-------------------------------------------------------------------
+Fri Jul  7 21:27:27 UTC 2023 - James Fehlig <jfehlig@suse.com>
+
+- add libyajl-CVE-2023-33460.patch (CVE-2023-33460, bsc#1212928)
+
+-------------------------------------------------------------------
+Mon May 22 21:27:50 UTC 2023 - Jiri Srain <jsrain@suse.com> 
+
+- update the upstream source URL
+
+-------------------------------------------------------------------
+Fri May 13 10:24:20 UTC 2022 - Jacek Tomasiak <jtomasiak@suse.com>
+
+- add libyajl-CVE-2022-24795.patch (CVE-2022-24795, bsc#1198405)
+
+-------------------------------------------------------------------
+Fri Aug  2 08:00:08 UTC 2019 - Martin Liška <mliska@suse.cz>
+
+- Use FAT LTO objects in order to provide proper static library.
+
+-------------------------------------------------------------------
+Mon Mar 25 16:58:41 UTC 2019 - olaf@aepfle.de
+
+- Install pkgconfig into libdir instead of datadir with libyajl-pkgconfig.patch
+- Use autosetup and cmake_build macro
+- Rename macro soname to sover
+
+-------------------------------------------------------------------
+Tue Mar 27 11:44:33 CEST 2018 - kukuk@suse.de
+
+- Use %license instead of %doc [bsc#1082318]
+- Move other docu to -devel package where it better fits
+
+-------------------------------------------------------------------
+Sun Apr 26 13:12:49 UTC 2015 - mpluskal@suse.com
+
+- Use correct url for download
+- Add dependency on doxygen for doc generation
+- Cleanup spec file with spec-clener
+
+-------------------------------------------------------------------
+Wed Nov 05 12:00:00 UTC 2014 - ku.b@gmx.de
+
+- update to 2.1.0
+- 2.1.0
+    - @nonodename, @patperry - fixed some compiler warnings
+    - @yep, @emaste - documentation improvements
+    - @sgravrock - build fix for NetBSD (and whenever sh != bash)
+    - @rotty, @brimstone3, @lloyd - allow client to reset generator
+    - @sgravrock - remove bash dependencies
+    - @lloyd - add api tests
+    - @rflynn - remove ruby dependency
+    - @cloderic - nmake install works on windows
+    - @shahbag - build fix for qnx
+    - @breese - debugging improvements
+    - @lloyd - json_verify supports -s flag for stream processing
+    - @lloyd - json_reformat supports -s flag for stream processing
+- 2.0.4
+    - @jcekstrom - additional checking in integer parsing
+    - @jcekstrom - fix a bug in yajl_tree that would cause valid json integersto fail to parse
+    - @plaguemorin - fix a memory leak in yajl_tree (error strings were being leaked)
+    - @7AC - reset errno
+    - @ConradIrwin - include flags to reformatter to allow toggling of escape solidus option
+- 2.0.3
+    - John Stamp generation of a pkgconfig file at build time.
+    - @robzuber bugfix in yajl_tree_get()
+    - @lloyd - fix for compilation on 64 bit windows
+- 2.0.2
+    - lth fix typos in yajl_tree.h macros YAJL_IS_INTEGER and YAJL_IS_DOUBLE,
+      contributed by Artem S Vybornov.
+    - lth add #ifdef __cplusplus wrappers to yajl_tree to allow proper
+      usage from many populer C++ compilers.
+- fix array access
+
+-------------------------------------------------------------------
+Sun Jan 29 21:47:14 UTC 2012 - jengelh@medozas.de
+
+- Remove redundant tags/sections per specfile guideline suggestions
+
+-------------------------------------------------------------------
+Fri Sep 16 17:21:42 UTC 2011 - jengelh@medozas.de
+
+- Add libyajl-devel to baselibs
+
+-------------------------------------------------------------------
+Tue Aug 16 16:38:57 UTC 2011 - mrueckert@suse.de
+
+- bump baselibs.conf
+
+-------------------------------------------------------------------
+Fri Aug 12 11:09:08 UTC 2011 - mrueckert@suse.de
+
+- update to 2.0.1
+  - lth generator flag to allow client to specify they want escaped
+    solidi '/'.  issue #28
+  - lth crash fix when yajl_parse() is never called. issue #27
+- additional changes from 2.0.0
+  - lth YAJL is now ISC licensed:
+    http://en.wikipedia.org/wiki/ISC_license
+  - lth 20-35% (osx and linux respectively) parsing performance
+    improvement attained by tweaking string scanning (idea:
+    @michaelrhanson).
+  - Florian Forster & lth - yajl_tree interface introduced as a
+    higher level interface to the parser (eats JSON, poops a memory
+    representation)
+  - lth require a C99 compiler
+  - lth integers are now represented with long long (64bit+) on all
+    platforms.
+  - lth size_t now used throughout to represent buffer lengths, so
+    you can safely manage buffers greater than 4GB.
+  - gno semantic improvements to yajl's API regarding partial value
+    parsing and trailing garbage
+  - lth new configuration mechanism for yajl, see yajl_config() and
+    yajl_gen_config()
+  - gno more allocation checking in more places
+  - gno remove usage of strtol, replace with custom implementation
+    that cares not about your locale.
+  - lth yajl_parse_complete renamed to yajl_complete_parse.
+  - lth add a switch to validate utf8 strings as they are
+    generated.
+  - lth tests are a lot quieter in their output.
+  - lth addition of a little in tree performance benchmark,
+    `perftest` in perf/perftest.c
+- additional changes from 1.0.12
+  - Conrad Irwin - Parse null bytes correctly
+  - Mirek Rusin - fix LLVM warnings
+  - gno - Don't generate numbers for keys. closes #13
+  - lth - various win32 fixes, including build documentation
+    improvements
+  - John Stamp - Don't export private symbols.
+  - John Stamp - Install yajl_version.h, not the template.
+  - John Stamp - Don't use -fPIC for static lib.  Cmake will
+    automatically add it for the shared.
+  - lth 0 fix paths embedded in dylib upon installation on osx.
+    closes #11
+- refreshed optflags patch
+
+-------------------------------------------------------------------
+Wed Jun  1 22:33:07 MDT 2011 - jfehlig@novell.com
+
+- Add man pages for json_{reformat,verify}
+
+-------------------------------------------------------------------
+Wed Apr 13 10:43:49 MDT 2011 - jfehlig@novell.com
+
+- Add filters to rpmlintrc
+- spec file: Document githash usage in tarbal name
+
+-------------------------------------------------------------------
+Wed Apr 13 10:43:49 MDT 2011 - jfehlig@novell.com
+
+- Add filters to rpmlintrc
+- spec file: Document githash usage in tarbal name
+
+-------------------------------------------------------------------
+Fri Apr  8 20:43:36 UTC 2011 - coolo@novell.com
+
+- add baselibs.conf for 32bit library support
+
+-------------------------------------------------------------------
+Wed Feb  9 19:03:53 UTC 2011 - pascal.bleser@opensuse.org
+
+- revert last change, it is BSD3c indeed, and totally unrelated to
+  bnc#670525
+
+-------------------------------------------------------------------
+Wed Feb  9 18:57:38 UTC 2011 - pascal.bleser@opensuse.org
+
+- fix license, changed from erroneous BSD3c to MIT, as stated on
+  http://pyyaml.org/wiki/LibYAML, sort of fixes bnc#670525
+
+-------------------------------------------------------------------
+Tue Dec 21 23:02:41 UTC 2010 - pascal.bleser@opensuse.org
+
+- merge yajl package from darix:
+  * lib -> LIBDIR patch
+  * -devel-static subpackage
+
+-------------------------------------------------------------------
+Wed Dec  1 21:38:19 UTC 2010 - pascal.bleser@opensuse.org
+
+- update to 1.0.11: no user-visible changes
+
+- changes from 1.0.10:
+  * yajl version number now programatically accessible
+
+-------------------------------------------------------------------
+Mon Jul 12 19:11:08 UTC 2010 - pascal.bleser@opensuse.org
+
+- initial package (1.0.9)
+

libyajl.spec

@@ -0,0 +1,136 @@
+#
+# spec file for package libyajl
+#
+# Copyright (c) 2023 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%define sover 2
+Name:           libyajl
+Version:        2.1.0
+Release:        0
+Summary:        Yet Another JSON Library
+License:        ISC
+Group:          System/Libraries
+URL:            http://lloyd.github.com/yajl/
+Source0:        https://github.com/lloyd/yajl/archive/refs/tags/%{version}.tar.gz
+Source1:        baselibs.conf
+Source2:        json_reformat.1
+Source3:        json_verify.1
+Source99:       %{name}-rpmlintrc
+Patch1:         libyajl-optflags.patch
+Patch2:         libyajl-lib_suffix.patch
+Patch3:         libyajl-pkgconfig.patch
+Patch4:         libyajl-CVE-2022-24795.patch
+Patch5:         libyajl-CVE-2023-33460.patch
+BuildRequires:  bison
+BuildRequires:  cmake
+BuildRequires:  doxygen
+BuildRequires:  flex
+BuildRequires:  gcc-c++
+BuildRequires:  pkg-config
+BuildRoot:      %{_tmppath}/%{name}-%{version}-build
+
+%description
+YAJL is a small event-driven (SAX-style) JSON parser written in ANSI C, and a
+small validating JSON generator.
+
+%package -n %{name}%{sover}
+Summary:        Yet Another JSON Library
+Group:          System/Libraries
+
+%description -n %{name}%{sover}
+YAJL is a small event-driven (SAX-style) JSON parser written in ANSI C, and a
+small validating JSON generator.
+
+%package -n %{name}-devel
+Summary:        Yet Another JSON Library (Development Environment)
+Group:          Development/Libraries/C and C++
+Requires:       %{name}%{sover} = %{version}
+
+%description -n %{name}-devel
+YAJL is a small event-driven (SAX-style) JSON parser written in ANSI C, and a
+small validating JSON generator.
+
+This package provides the necessary environment for compiling and linking
+against %{name}.
+
+%package -n %{name}-devel-static
+Summary:        Yet Another JSON Library (Static Library)
+Group:          Development/Libraries/C and C++
+Requires:       %{name}-devel = %{version}
+
+%description -n %{name}-devel-static
+YAJL is a small event-driven (SAX-style) JSON parser written in ANSI C, and a
+small validating JSON generator.
+
+This package provides the necessary environment for linking statically
+against %{name}.
+
+%package -n yajl
+Summary:        Yet Another JSON Library Tools
+Group:          Productivity/Text/Utilities
+Requires:       %{name}%{sover} = %{version}
+
+%description -n yajl
+YAJL is a small event-driven (SAX-style) JSON parser written in ANSI C, and a
+small validating JSON generator.
+
+This package provides a few command-line utilities for processing JSON files.
+
+%prep
+%autosetup -p1 -n yajl-%{version}
+
+%build
+%global _lto_cflags %{_lto_cflags} -ffat-lto-objects
+%cmake
+%cmake_build
+
+%install
+%cmake_install
+install -d -m 0755 %{buildroot}%{_mandir}/man1
+install -m644 %{SOURCE2} %{SOURCE3} %{buildroot}/%{_mandir}/man1
+
+%check
+make %{?_smp_mflags} test
+
+%post   -n %{name}%{sover} -p /sbin/ldconfig
+
+%postun -n %{name}%{sover} -p /sbin/ldconfig
+
+%files -n %{name}%{sover}
+%defattr(-,root,root)
+%license COPYING
+%{_libdir}/libyajl.so.%{sover}
+%{_libdir}/libyajl.so.%{sover}.*
+
+%files -n %{name}-devel
+%defattr(-,root,root)
+%doc README TODO
+%{_includedir}/yajl
+%{_libdir}/libyajl.so
+%{_libdir}/pkgconfig/yajl.pc
+
+%files -n %{name}-devel-static
+%defattr(-,root,root)
+%{_libdir}/libyajl_s.a
+
+%files -n yajl
+%defattr(-,root,root)
+%{_mandir}/man1/json_reformat.1*
+%{_mandir}/man1/json_verify.1*
+%{_bindir}/json_reformat
+%{_bindir}/json_verify
+
+%changelog