diff --git a/.gitignore b/.gitignore index 5618d1a..0515ecc 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ json-c.spec~ clog /json-c-0.11-20130402.tar.gz +/json-c-0.12-20140410.tar.gz diff --git a/90.patch b/90.patch deleted file mode 100644 index 8f32ecf..0000000 --- a/90.patch +++ /dev/null @@ -1,28 +0,0 @@ -From e9ee4ae18a9fca8c31eac44669364034658b3d51 Mon Sep 17 00:00:00 2001 -From: Remi Collet -Date: Thu, 13 Jun 2013 13:40:01 +0200 -Subject: [PATCH] in strick mode, number must not start with 0 - ---- - json_tokener.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/json_tokener.c b/json_tokener.c -index b2b47f9..4491cec 100644 ---- a/json_tokener.c -+++ b/json_tokener.c -@@ -611,6 +611,11 @@ struct json_object* json_tokener_parse_ex(struct json_tokener *tok, - int64_t num64; - double numd; - if (!tok->is_double && json_parse_int64(tok->pb->buf, &num64) == 0) { -+ if (num64 && tok->pb->buf[0]=='0' && (tok->flags & JSON_TOKENER_STRICT)) { -+ /* in strick mode, number must not start with 0 */ -+ tok->err = json_tokener_error_parse_number; -+ goto out; -+ } - current = json_object_new_int64(num64); - } else if(tok->is_double && json_parse_double(tok->pb->buf, &numd) == 0) { - current = json_object_new_double(numd); --- -1.8.1.6 - diff --git a/94.patch b/94.patch deleted file mode 100644 index f507ff0..0000000 --- a/94.patch +++ /dev/null @@ -1,88 +0,0 @@ -From a07ef3d19763094ab35cc009657c85bcbb9dd9ae Mon Sep 17 00:00:00 2001 -From: Remi Collet -Date: Tue, 6 Aug 2013 10:41:14 +0200 -Subject: [PATCH 1/3] no single-quote string in strict mode - ---- - json_tokener.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/json_tokener.c b/json_tokener.c -index a6924a1..45390ac 100644 ---- a/json_tokener.c -+++ b/json_tokener.c -@@ -293,8 +293,13 @@ struct json_object* json_tokener_parse_ex(struct json_tokener *tok, - printbuf_reset(tok->pb); - tok->st_pos = 0; - goto redo_char; -- case '"': - case '\'': -+ if (tok->flags & JSON_TOKENER_STRICT) { -+ /* in STRICT mode only double-quote are allowed */ -+ tok->err = json_tokener_error_parse_unexpected; -+ goto out; -+ } -+ case '"': - state = json_tokener_state_string; - printbuf_reset(tok->pb); - tok->quote_char = c; --- -1.8.1.6 - - -From 87fa32dfe013d961ced5252ffacef0beefc8f62f Mon Sep 17 00:00:00 2001 -From: Remi Collet -Date: Wed, 21 Aug 2013 15:41:40 +0200 -Subject: [PATCH 2/3] no comment in strict mode - ---- - json_tokener.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/json_tokener.c b/json_tokener.c -index 45390ac..7ce53ca 100644 ---- a/json_tokener.c -+++ b/json_tokener.c -@@ -265,7 +265,7 @@ struct json_object* json_tokener_parse_ex(struct json_tokener *tok, - if ((!ADVANCE_CHAR(str, tok)) || (!PEEK_CHAR(c, tok))) - goto out; - } -- if(c == '/') { -+ if(c == '/' && !(tok->flags & JSON_TOKENER_STRICT)) { - printbuf_reset(tok->pb); - printbuf_memappend_fast(tok->pb, &c, 1); - state = json_tokener_state_comment_start; --- -1.8.1.6 - - -From 4039f91cab283b483094dbe59202818bb1733d66 Mon Sep 17 00:00:00 2001 -From: Remi Collet -Date: Fri, 23 Aug 2013 13:40:01 +0200 -Subject: [PATCH 3/3] trailing char not allowed in strict mode - ---- - json_tokener.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/json_tokener.c b/json_tokener.c -index 7ce53ca..def6e10 100644 ---- a/json_tokener.c -+++ b/json_tokener.c -@@ -769,6 +769,13 @@ struct json_object* json_tokener_parse_ex(struct json_tokener *tok, - } /* while(POP_CHAR) */ - - out: -+ if (c && -+ (state == json_tokener_state_finish) && -+ (tok->depth == 0) && -+ (tok->flags & JSON_TOKENER_STRICT)) { -+ /* unexpected char after JSON data */ -+ tok->err = json_tokener_error_parse_unexpected; -+ } - if (!c) { /* We hit an eof char (0) */ - if(state != json_tokener_state_finish && - saved_state != json_tokener_state_finish) --- -1.8.1.6 - diff --git a/json-c-0.11-cve.patch b/json-c-0.11-cve.patch deleted file mode 100644 index 81130f2..0000000 --- a/json-c-0.11-cve.patch +++ /dev/null @@ -1,845 +0,0 @@ -diff -up json-c-json-c-0.11-20130402/config.h.in.cve json-c-json-c-0.11-20130402/config.h.in ---- json-c-json-c-0.11-20130402/config.h.in.cve 2013-04-03 05:04:18.000000000 +0300 -+++ json-c-json-c-0.11-20130402/config.h.in 2014-04-09 20:04:46.991239201 +0300 -@@ -1,5 +1,8 @@ - /* config.h.in. Generated from configure.in by autoheader. */ - -+/* Enable RDRANR Hardware RNG Hash Seed */ -+#undef ENABLE_RDRAND -+ - /* Define if .gnu.warning accepts long strings. */ - #undef HAS_GNU_WARNING_LONG - -@@ -9,6 +12,12 @@ - /* Define to 1 if you don't have `vprintf' but do have `_doprnt.' */ - #undef HAVE_DOPRNT - -+/* Define to 1 if you have the header file. */ -+#undef HAVE_ENDIAN_H -+ -+/* Define to 1 if you have the header file. */ -+#undef HAVE_ENDIAN_H -+ - /* Define to 1 if you have the header file. */ - #undef HAVE_FCNTL_H - -diff -up json-c-json-c-0.11-20130402/configure.in.cve json-c-json-c-0.11-20130402/configure.in ---- json-c-json-c-0.11-20130402/configure.in.cve 2013-04-03 05:04:18.000000000 +0300 -+++ json-c-json-c-0.11-20130402/configure.in 2014-04-09 20:06:13.647999321 +0300 -@@ -15,6 +15,20 @@ AC_ARG_ENABLE(oldname-compat, - ) - AM_CONDITIONAL(ENABLE_OLDNAME_COMPAT, [test "x${enable_oldname_compat}" != "xno"]) - -+AC_ARG_ENABLE(rdrand, -+ AS_HELP_STRING([--enable-rdrand], -+ [Enable RDRAND Hardware RNG Hash Seed generation on supported x86/x64 platforms.]), -+ [if test x$enableval = xyes; then -+ enable_rdrand=yes -+ AC_DEFINE(ENABLE_RDRAND, 1, [Enable RDRANR Hardware RNG Hash Seed]) -+ fi]) -+ -+if test "x$enable_rdrand" = "xyes"; then -+ AC_MSG_RESULT([RDRAND Hardware RNG Hash Seed enabled on supported x86/x64 platforms]) -+else -+ AC_MSG_RESULT([RDRAND Hardware RNG Hash Seed disabled. Use --enable-rdrand to enable]) -+fi -+ - # Checks for programs. - - # Checks for libraries. -@@ -23,7 +37,7 @@ AM_CONDITIONAL(ENABLE_OLDNAME_COMPAT, [t - AC_CONFIG_HEADER(config.h) - AC_CONFIG_HEADER(json_config.h) - AC_HEADER_STDC --AC_CHECK_HEADERS(fcntl.h limits.h strings.h syslog.h unistd.h [sys/cdefs.h] [sys/param.h] stdarg.h locale.h) -+AC_CHECK_HEADERS(fcntl.h limits.h strings.h syslog.h unistd.h [sys/cdefs.h] [sys/param.h] stdarg.h locale.h endian.h) - AC_CHECK_HEADER(inttypes.h,[AC_DEFINE([JSON_C_HAVE_INTTYPES_H],[1],[Public define for json_inttypes.h])]) - - # Checks for typedefs, structures, and compiler characteristics. -diff -up json-c-json-c-0.11-20130402/json_object.h.cve json-c-json-c-0.11-20130402/json_object.h ---- json-c-json-c-0.11-20130402/json_object.h.cve 2013-04-03 05:04:18.000000000 +0300 -+++ json-c-json-c-0.11-20130402/json_object.h 2014-04-09 19:59:46.201002788 +0300 -@@ -13,6 +13,14 @@ - #ifndef _json_object_h_ - #define _json_object_h_ - -+#ifdef __GNUC__ -+#define THIS_FUNCTION_IS_DEPRECATED(func) func __attribute__ ((deprecated)) -+#elif defined(_MSC_VER) -+#define THIS_FUNCTION_IS_DEPRECATED(func) __declspec(deprecated) func -+#else -+#define THIS_FUNCTION_IS_DEPRECATED(func) func -+#endif -+ - #include "json_inttypes.h" - - #ifdef __cplusplus -@@ -260,8 +268,8 @@ extern void json_object_object_add(struc - * @returns the json_object associated with the given field name - * @deprecated Please use json_object_object_get_ex - */ --extern struct json_object* json_object_object_get(struct json_object* obj, -- const char *key); -+THIS_FUNCTION_IS_DEPRECATED(extern struct json_object* json_object_object_get(struct json_object* obj, -+ const char *key)); - - /** Get the json_object associated with a given object field. - * -diff -up json-c-json-c-0.11-20130402/json_tokener.c.cve json-c-json-c-0.11-20130402/json_tokener.c ---- json-c-json-c-0.11-20130402/json_tokener.c.cve 2014-04-09 19:59:46.197002891 +0300 -+++ json-c-json-c-0.11-20130402/json_tokener.c 2014-04-09 19:59:46.202002762 +0300 -@@ -69,6 +69,7 @@ const char* json_tokener_errors[] = { - "object value separator ',' expected", - "invalid string sequence", - "expected comment", -+ "buffer size overflow" - }; - - const char *json_tokener_error_desc(enum json_tokener_error jerr) -@@ -254,6 +255,16 @@ struct json_object* json_tokener_parse_e - tok->char_offset = 0; - tok->err = json_tokener_success; - -+ /* this interface is presently not 64-bit clean due to the int len argument -+ and the internal printbuf interface that takes 32-bit int len arguments -+ so the function limits the maximum string size to INT32_MAX (2GB). -+ If the function is called with len == -1 then strlen is called to check -+ the string length is less than INT32_MAX (2GB) */ -+ if ((len < -1) || (len == -1 && strlen(str) > INT32_MAX)) { -+ tok->err = json_tokener_error_size; -+ return NULL; -+ } -+ - while (PEEK_CHAR(c, tok)) { - - redo_char: -diff -up json-c-json-c-0.11-20130402/json_tokener.h.cve json-c-json-c-0.11-20130402/json_tokener.h ---- json-c-json-c-0.11-20130402/json_tokener.h.cve 2013-04-03 05:04:18.000000000 +0300 -+++ json-c-json-c-0.11-20130402/json_tokener.h 2014-04-09 19:59:46.202002762 +0300 -@@ -33,7 +33,8 @@ enum json_tokener_error { - json_tokener_error_parse_object_key_sep, - json_tokener_error_parse_object_value_sep, - json_tokener_error_parse_string, -- json_tokener_error_parse_comment -+ json_tokener_error_parse_comment, -+ json_tokener_error_size - }; - - enum json_tokener_state { -@@ -170,6 +171,11 @@ extern void json_tokener_set_flags(struc - * responsible for calling json_tokener_parse_ex with an appropriate str - * parameter starting with the extra characters. - * -+ * This interface is presently not 64-bit clean due to the int len argument -+ * so the function limits the maximum string size to INT32_MAX (2GB). -+ * If the function is called with len == -1 then strlen is called to check -+ * the string length is less than INT32_MAX (2GB) -+ * - * Example: - * @code - json_object *jobj = NULL; -diff -up json-c-json-c-0.11-20130402/linkhash.c.cve json-c-json-c-0.11-20130402/linkhash.c ---- json-c-json-c-0.11-20130402/linkhash.c.cve 2013-04-03 05:04:18.000000000 +0300 -+++ json-c-json-c-0.11-20130402/linkhash.c 2014-04-09 19:59:46.202002762 +0300 -@@ -17,6 +17,11 @@ - #include - #include - -+#ifdef HAVE_ENDIAN_H -+# include /* attempt to define endianness */ -+#endif -+ -+#include "random_seed.h" - #include "linkhash.h" - - void lh_abort(const char *msg, ...) -@@ -39,14 +44,378 @@ int lh_ptr_equal(const void *k1, const v - return (k1 == k2); - } - -+/* -+ * hashlittle from lookup3.c, by Bob Jenkins, May 2006, Public Domain. -+ * http://burtleburtle.net/bob/c/lookup3.c -+ * minor modifications to make functions static so no symbols are exported -+ * minor mofifications to compile with -Werror -+ */ -+ -+/* -+------------------------------------------------------------------------------- -+lookup3.c, by Bob Jenkins, May 2006, Public Domain. -+ -+These are functions for producing 32-bit hashes for hash table lookup. -+hashword(), hashlittle(), hashlittle2(), hashbig(), mix(), and final() -+are externally useful functions. Routines to test the hash are included -+if SELF_TEST is defined. You can use this free for any purpose. It's in -+the public domain. It has no warranty. -+ -+You probably want to use hashlittle(). hashlittle() and hashbig() -+hash byte arrays. hashlittle() is is faster than hashbig() on -+little-endian machines. Intel and AMD are little-endian machines. -+On second thought, you probably want hashlittle2(), which is identical to -+hashlittle() except it returns two 32-bit hashes for the price of one. -+You could implement hashbig2() if you wanted but I haven't bothered here. -+ -+If you want to find a hash of, say, exactly 7 integers, do -+ a = i1; b = i2; c = i3; -+ mix(a,b,c); -+ a += i4; b += i5; c += i6; -+ mix(a,b,c); -+ a += i7; -+ final(a,b,c); -+then use c as the hash value. If you have a variable length array of -+4-byte integers to hash, use hashword(). If you have a byte array (like -+a character string), use hashlittle(). If you have several byte arrays, or -+a mix of things, see the comments above hashlittle(). -+ -+Why is this so big? I read 12 bytes at a time into 3 4-byte integers, -+then mix those integers. This is fast (you can do a lot more thorough -+mixing with 12*3 instructions on 3 integers than you can with 3 instructions -+on 1 byte), but shoehorning those bytes into integers efficiently is messy. -+------------------------------------------------------------------------------- -+*/ -+ -+/* -+ * My best guess at if you are big-endian or little-endian. This may -+ * need adjustment. -+ */ -+#if (defined(__BYTE_ORDER) && defined(__LITTLE_ENDIAN) && \ -+ __BYTE_ORDER == __LITTLE_ENDIAN) || \ -+ (defined(i386) || defined(__i386__) || defined(__i486__) || \ -+ defined(__i586__) || defined(__i686__) || defined(vax) || defined(MIPSEL)) -+# define HASH_LITTLE_ENDIAN 1 -+# define HASH_BIG_ENDIAN 0 -+#elif (defined(__BYTE_ORDER) && defined(__BIG_ENDIAN) && \ -+ __BYTE_ORDER == __BIG_ENDIAN) || \ -+ (defined(sparc) || defined(POWERPC) || defined(mc68000) || defined(sel)) -+# define HASH_LITTLE_ENDIAN 0 -+# define HASH_BIG_ENDIAN 1 -+#else -+# define HASH_LITTLE_ENDIAN 0 -+# define HASH_BIG_ENDIAN 0 -+#endif -+ -+#define hashsize(n) ((uint32_t)1<<(n)) -+#define hashmask(n) (hashsize(n)-1) -+#define rot(x,k) (((x)<<(k)) | ((x)>>(32-(k)))) -+ -+/* -+------------------------------------------------------------------------------- -+mix -- mix 3 32-bit values reversibly. -+ -+This is reversible, so any information in (a,b,c) before mix() is -+still in (a,b,c) after mix(). -+ -+If four pairs of (a,b,c) inputs are run through mix(), or through -+mix() in reverse, there are at least 32 bits of the output that -+are sometimes the same for one pair and different for another pair. -+This was tested for: -+* pairs that differed by one bit, by two bits, in any combination -+ of top bits of (a,b,c), or in any combination of bottom bits of -+ (a,b,c). -+* "differ" is defined as +, -, ^, or ~^. For + and -, I transformed -+ the output delta to a Gray code (a^(a>>1)) so a string of 1's (as -+ is commonly produced by subtraction) look like a single 1-bit -+ difference. -+* the base values were pseudorandom, all zero but one bit set, or -+ all zero plus a counter that starts at zero. -+ -+Some k values for my "a-=c; a^=rot(c,k); c+=b;" arrangement that -+satisfy this are -+ 4 6 8 16 19 4 -+ 9 15 3 18 27 15 -+ 14 9 3 7 17 3 -+Well, "9 15 3 18 27 15" didn't quite get 32 bits diffing -+for "differ" defined as + with a one-bit base and a two-bit delta. I -+used http://burtleburtle.net/bob/hash/avalanche.html to choose -+the operations, constants, and arrangements of the variables. -+ -+This does not achieve avalanche. There are input bits of (a,b,c) -+that fail to affect some output bits of (a,b,c), especially of a. The -+most thoroughly mixed value is c, but it doesn't really even achieve -+avalanche in c. -+ -+This allows some parallelism. Read-after-writes are good at doubling -+the number of bits affected, so the goal of mixing pulls in the opposite -+direction as the goal of parallelism. I did what I could. Rotates -+seem to cost as much as shifts on every machine I could lay my hands -+on, and rotates are much kinder to the top and bottom bits, so I used -+rotates. -+------------------------------------------------------------------------------- -+*/ -+#define mix(a,b,c) \ -+{ \ -+ a -= c; a ^= rot(c, 4); c += b; \ -+ b -= a; b ^= rot(a, 6); a += c; \ -+ c -= b; c ^= rot(b, 8); b += a; \ -+ a -= c; a ^= rot(c,16); c += b; \ -+ b -= a; b ^= rot(a,19); a += c; \ -+ c -= b; c ^= rot(b, 4); b += a; \ -+} -+ -+/* -+------------------------------------------------------------------------------- -+final -- final mixing of 3 32-bit values (a,b,c) into c -+ -+Pairs of (a,b,c) values differing in only a few bits will usually -+produce values of c that look totally different. This was tested for -+* pairs that differed by one bit, by two bits, in any combination -+ of top bits of (a,b,c), or in any combination of bottom bits of -+ (a,b,c). -+* "differ" is defined as +, -, ^, or ~^. For + and -, I transformed -+ the output delta to a Gray code (a^(a>>1)) so a string of 1's (as -+ is commonly produced by subtraction) look like a single 1-bit -+ difference. -+* the base values were pseudorandom, all zero but one bit set, or -+ all zero plus a counter that starts at zero. -+ -+These constants passed: -+ 14 11 25 16 4 14 24 -+ 12 14 25 16 4 14 24 -+and these came close: -+ 4 8 15 26 3 22 24 -+ 10 8 15 26 3 22 24 -+ 11 8 15 26 3 22 24 -+------------------------------------------------------------------------------- -+*/ -+#define final(a,b,c) \ -+{ \ -+ c ^= b; c -= rot(b,14); \ -+ a ^= c; a -= rot(c,11); \ -+ b ^= a; b -= rot(a,25); \ -+ c ^= b; c -= rot(b,16); \ -+ a ^= c; a -= rot(c,4); \ -+ b ^= a; b -= rot(a,14); \ -+ c ^= b; c -= rot(b,24); \ -+} -+ -+ -+/* -+------------------------------------------------------------------------------- -+hashlittle() -- hash a variable-length key into a 32-bit value -+ k : the key (the unaligned variable-length array of bytes) -+ length : the length of the key, counting by bytes -+ initval : can be any 4-byte value -+Returns a 32-bit value. Every bit of the key affects every bit of -+the return value. Two keys differing by one or two bits will have -+totally different hash values. -+ -+The best hash table sizes are powers of 2. There is no need to do -+mod a prime (mod is sooo slow!). If you need less than 32 bits, -+use a bitmask. For example, if you need only 10 bits, do -+ h = (h & hashmask(10)); -+In which case, the hash table should have hashsize(10) elements. -+ -+If you are hashing n strings (uint8_t **)k, do it like this: -+ for (i=0, h=0; i 12) -+ { -+ a += k[0]; -+ b += k[1]; -+ c += k[2]; -+ mix(a,b,c); -+ length -= 12; -+ k += 3; -+ } -+ -+ /*----------------------------- handle the last (probably partial) block */ -+ /* -+ * "k[2]&0xffffff" actually reads beyond the end of the string, but -+ * then masks off the part it's not allowed to read. Because the -+ * string is aligned, the masked-off tail is in the same word as the -+ * rest of the string. Every machine with memory protection I've seen -+ * does it on word boundaries, so is OK with this. But VALGRIND will -+ * still catch it and complain. The masking trick does make the hash -+ * noticably faster for short strings (like English words). -+ */ -+#ifndef VALGRIND -+ -+ switch(length) -+ { -+ case 12: c+=k[2]; b+=k[1]; a+=k[0]; break; -+ case 11: c+=k[2]&0xffffff; b+=k[1]; a+=k[0]; break; -+ case 10: c+=k[2]&0xffff; b+=k[1]; a+=k[0]; break; -+ case 9 : c+=k[2]&0xff; b+=k[1]; a+=k[0]; break; -+ case 8 : b+=k[1]; a+=k[0]; break; -+ case 7 : b+=k[1]&0xffffff; a+=k[0]; break; -+ case 6 : b+=k[1]&0xffff; a+=k[0]; break; -+ case 5 : b+=k[1]&0xff; a+=k[0]; break; -+ case 4 : a+=k[0]; break; -+ case 3 : a+=k[0]&0xffffff; break; -+ case 2 : a+=k[0]&0xffff; break; -+ case 1 : a+=k[0]&0xff; break; -+ case 0 : return c; /* zero length strings require no mixing */ -+ } -+ -+#else /* make valgrind happy */ -+ -+ const uint8_t *k8 = (const uint8_t *)k; -+ switch(length) -+ { -+ case 12: c+=k[2]; b+=k[1]; a+=k[0]; break; -+ case 11: c+=((uint32_t)k8[10])<<16; /* fall through */ -+ case 10: c+=((uint32_t)k8[9])<<8; /* fall through */ -+ case 9 : c+=k8[8]; /* fall through */ -+ case 8 : b+=k[1]; a+=k[0]; break; -+ case 7 : b+=((uint32_t)k8[6])<<16; /* fall through */ -+ case 6 : b+=((uint32_t)k8[5])<<8; /* fall through */ -+ case 5 : b+=k8[4]; /* fall through */ -+ case 4 : a+=k[0]; break; -+ case 3 : a+=((uint32_t)k8[2])<<16; /* fall through */ -+ case 2 : a+=((uint32_t)k8[1])<<8; /* fall through */ -+ case 1 : a+=k8[0]; break; -+ case 0 : return c; -+ } -+ -+#endif /* !valgrind */ -+ -+ } else if (HASH_LITTLE_ENDIAN && ((u.i & 0x1) == 0)) { -+ const uint16_t *k = (const uint16_t *)key; /* read 16-bit chunks */ -+ const uint8_t *k8; -+ -+ /*--------------- all but last block: aligned reads and different mixing */ -+ while (length > 12) -+ { -+ a += k[0] + (((uint32_t)k[1])<<16); -+ b += k[2] + (((uint32_t)k[3])<<16); -+ c += k[4] + (((uint32_t)k[5])<<16); -+ mix(a,b,c); -+ length -= 12; -+ k += 6; -+ } -+ -+ /*----------------------------- handle the last (probably partial) block */ -+ k8 = (const uint8_t *)k; -+ switch(length) -+ { -+ case 12: c+=k[4]+(((uint32_t)k[5])<<16); -+ b+=k[2]+(((uint32_t)k[3])<<16); -+ a+=k[0]+(((uint32_t)k[1])<<16); -+ break; -+ case 11: c+=((uint32_t)k8[10])<<16; /* fall through */ -+ case 10: c+=k[4]; -+ b+=k[2]+(((uint32_t)k[3])<<16); -+ a+=k[0]+(((uint32_t)k[1])<<16); -+ break; -+ case 9 : c+=k8[8]; /* fall through */ -+ case 8 : b+=k[2]+(((uint32_t)k[3])<<16); -+ a+=k[0]+(((uint32_t)k[1])<<16); -+ break; -+ case 7 : b+=((uint32_t)k8[6])<<16; /* fall through */ -+ case 6 : b+=k[2]; -+ a+=k[0]+(((uint32_t)k[1])<<16); -+ break; -+ case 5 : b+=k8[4]; /* fall through */ -+ case 4 : a+=k[0]+(((uint32_t)k[1])<<16); -+ break; -+ case 3 : a+=((uint32_t)k8[2])<<16; /* fall through */ -+ case 2 : a+=k[0]; -+ break; -+ case 1 : a+=k8[0]; -+ break; -+ case 0 : return c; /* zero length requires no mixing */ -+ } -+ -+ } else { /* need to read the key one byte at a time */ -+ const uint8_t *k = (const uint8_t *)key; -+ -+ /*--------------- all but the last block: affect some 32 bits of (a,b,c) */ -+ while (length > 12) -+ { -+ a += k[0]; -+ a += ((uint32_t)k[1])<<8; -+ a += ((uint32_t)k[2])<<16; -+ a += ((uint32_t)k[3])<<24; -+ b += k[4]; -+ b += ((uint32_t)k[5])<<8; -+ b += ((uint32_t)k[6])<<16; -+ b += ((uint32_t)k[7])<<24; -+ c += k[8]; -+ c += ((uint32_t)k[9])<<8; -+ c += ((uint32_t)k[10])<<16; -+ c += ((uint32_t)k[11])<<24; -+ mix(a,b,c); -+ length -= 12; -+ k += 12; -+ } -+ -+ /*-------------------------------- last block: affect all 32 bits of (c) */ -+ switch(length) /* all the case statements fall through */ -+ { -+ case 12: c+=((uint32_t)k[11])<<24; -+ case 11: c+=((uint32_t)k[10])<<16; -+ case 10: c+=((uint32_t)k[9])<<8; -+ case 9 : c+=k[8]; -+ case 8 : b+=((uint32_t)k[7])<<24; -+ case 7 : b+=((uint32_t)k[6])<<16; -+ case 6 : b+=((uint32_t)k[5])<<8; -+ case 5 : b+=k[4]; -+ case 4 : a+=((uint32_t)k[3])<<24; -+ case 3 : a+=((uint32_t)k[2])<<16; -+ case 2 : a+=((uint32_t)k[1])<<8; -+ case 1 : a+=k[0]; -+ break; -+ case 0 : return c; -+ } -+ } -+ -+ final(a,b,c); -+ return c; -+} -+ - unsigned long lh_char_hash(const void *k) - { -- unsigned int h = 0; -- const char* data = (const char*)k; -- -- while( *data!=0 ) h = h*129 + (unsigned int)(*data++) + LH_PRIME; -+ static volatile int random_seed = -1; -+ -+ if (random_seed == -1) { -+ int seed; -+ /* we can't use -1 as it is the unitialized sentinel */ -+ while ((seed = json_c_get_random_seed()) == -1); -+#if defined __GNUC__ -+ __sync_val_compare_and_swap(&random_seed, -1, seed); -+#elif defined _MSC_VER -+ InterlockedCompareExchange(&random_seed, seed, -1); -+#else -+#warning "racy random seed initializtion if used by multiple threads" -+ random_seed = seed; /* potentially racy */ -+#endif -+ } - -- return h; -+ return hashlittle((const char*)k, strlen((const char*)k), random_seed); - } - - int lh_char_equal(const void *k1, const void *k2) -diff -up json-c-json-c-0.11-20130402/linkhash.h.cve json-c-json-c-0.11-20130402/linkhash.h ---- json-c-json-c-0.11-20130402/linkhash.h.cve 2013-04-03 05:04:18.000000000 +0300 -+++ json-c-json-c-0.11-20130402/linkhash.h 2014-04-09 19:59:46.202002762 +0300 -@@ -246,7 +246,7 @@ extern struct lh_entry* lh_table_lookup_ - * @return a pointer to the found value or NULL if it does not exist. - * @deprecated Use lh_table_lookup_ex instead. - */ --extern const void* lh_table_lookup(struct lh_table *t, const void *k); -+THIS_FUNCTION_IS_DEPRECATED(extern const void* lh_table_lookup(struct lh_table *t, const void *k)); - - /** - * Lookup a record in the table -diff -up json-c-json-c-0.11-20130402/Makefile.am.cve json-c-json-c-0.11-20130402/Makefile.am ---- json-c-json-c-0.11-20130402/Makefile.am.cve 2013-04-03 05:04:18.000000000 +0300 -+++ json-c-json-c-0.11-20130402/Makefile.am 2014-04-09 19:59:46.200002814 +0300 -@@ -29,7 +29,8 @@ libjson_cinclude_HEADERS = \ - json_tokener.h \ - json_util.h \ - linkhash.h \ -- printbuf.h -+ printbuf.h \ -+ random_seed.h - - #libjsonx_includedir = $(libdir)/json-c-@VERSION@ - # -@@ -55,7 +56,8 @@ libjson_c_la_SOURCES = \ - json_tokener.c \ - json_util.c \ - linkhash.c \ -- printbuf.c -+ printbuf.c \ -+ random_seed.c - - - distclean-local: -diff -up json-c-json-c-0.11-20130402/Makefile.am.inc.cve json-c-json-c-0.11-20130402/Makefile.am.inc -diff -up json-c-json-c-0.11-20130402/random_seed.c.cve json-c-json-c-0.11-20130402/random_seed.c ---- json-c-json-c-0.11-20130402/random_seed.c.cve 2014-04-09 19:59:46.203002736 +0300 -+++ json-c-json-c-0.11-20130402/random_seed.c 2014-04-09 19:59:46.202002762 +0300 -@@ -0,0 +1,237 @@ -+/* -+ * random_seed.c -+ * -+ * Copyright (c) 2013 Metaparadigm Pte. Ltd. -+ * Michael Clark -+ * -+ * This library is free software; you can redistribute it and/or modify -+ * it under the terms of the MIT license. See COPYING for details. -+ * -+ */ -+ -+#include -+#include "config.h" -+ -+#define DEBUG_SEED(s) -+ -+ -+#if defined ENABLE_RDRAND -+ -+/* cpuid */ -+ -+#if defined __GNUC__ && (defined __i386__ || defined __x86_64__) -+#define HAS_X86_CPUID 1 -+ -+static void do_cpuid(int regs[], int h) -+{ -+ __asm__ __volatile__( -+#if defined __x86_64__ -+ "pushq %%rbx;\n" -+#else -+ "pushl %%ebx;\n" -+#endif -+ "cpuid;\n" -+#if defined __x86_64__ -+ "popq %%rbx;\n" -+#else -+ "popl %%ebx;\n" -+#endif -+ : "=a"(regs[0]), [ebx] "=r"(regs[1]), "=c"(regs[2]), "=d"(regs[3]) -+ : "a"(h)); -+} -+ -+#elif defined _MSC_VER -+ -+#define HAS_X86_CPUID 1 -+#define do_cpuid __cpuid -+ -+#endif -+ -+/* has_rdrand */ -+ -+#if HAS_X86_CPUID -+ -+static int has_rdrand() -+{ -+ // CPUID.01H:ECX.RDRAND[bit 30] == 1 -+ int regs[4]; -+ do_cpuid(regs, 1); -+ return (regs[2] & (1 << 30)) != 0; -+} -+ -+#endif -+ -+/* get_rdrand_seed - GCC x86 and X64 */ -+ -+#if defined __GNUC__ && (defined __i386__ || defined __x86_64__) -+ -+#define HAVE_RDRAND 1 -+ -+static int get_rdrand_seed() -+{ -+ DEBUG_SEED("get_rdrand_seed"); -+ int _eax; -+ // rdrand eax -+ __asm__ __volatile__("1: .byte 0x0F\n" -+ " .byte 0xC7\n" -+ " .byte 0xF0\n" -+ " jnc 1b;\n" -+ : "=a" (_eax)); -+ return _eax; -+} -+ -+#endif -+ -+#if defined _MSC_VER -+ -+#if _MSC_VER >= 1700 -+#define HAVE_RDRAND 1 -+ -+/* get_rdrand_seed - Visual Studio 2012 and above */ -+ -+static int get_rdrand_seed() -+{ -+ DEBUG_SEED("get_rdrand_seed"); -+ int r; -+ while (_rdrand32_step(&r) == 0); -+ return r; -+} -+ -+#elif defined _M_IX86 -+#define HAVE_RDRAND 1 -+ -+/* get_rdrand_seed - Visual Studio 2010 and below - x86 only */ -+ -+static int get_rdrand_seed() -+{ -+ DEBUG_SEED("get_rdrand_seed"); -+ int _eax; -+retry: -+ // rdrand eax -+ __asm _emit 0x0F __asm _emit 0xC7 __asm _emit 0xF0 -+ __asm jnc retry -+ __asm mov _eax, eax -+ return _eax; -+} -+ -+#endif -+#endif -+ -+#endif /* defined ENABLE_RDRAND */ -+ -+ -+/* has_dev_urandom */ -+ -+#if defined (__APPLE__) || defined(__unix__) || defined(__linux__) -+ -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#define HAVE_DEV_RANDOM 1 -+ -+static const char *dev_random_file = "/dev/urandom"; -+ -+static int has_dev_urandom() -+{ -+ struct stat buf; -+ if (stat(dev_random_file, &buf)) { -+ return 0; -+ } -+ return ((buf.st_mode & S_IFCHR) != 0); -+} -+ -+ -+/* get_dev_random_seed */ -+ -+static int get_dev_random_seed() -+{ -+ DEBUG_SEED("get_dev_random_seed"); -+ -+ int fd = open(dev_random_file, O_RDONLY); -+ if (fd < 0) { -+ fprintf(stderr, "error opening %s: %s", dev_random_file, strerror(errno)); -+ exit(1); -+ } -+ -+ int r; -+ ssize_t nread = read(fd, &r, sizeof(r)); -+ if (nread != sizeof(r)) { -+ fprintf(stderr, "error read %s: %s", dev_random_file, strerror(errno)); -+ exit(1); -+ } -+ else if (nread != sizeof(r)) { -+ fprintf(stderr, "error short read %s", dev_random_file); -+ exit(1); -+ } -+ close(fd); -+ return r; -+} -+ -+#endif -+ -+ -+/* get_cryptgenrandom_seed */ -+ -+#ifdef WIN32 -+ -+#define HAVE_CRYPTGENRANDOM 1 -+ -+#include -+#pragma comment(lib, "advapi32.lib") -+ -+static int get_cryptgenrandom_seed() -+{ -+ DEBUG_SEED("get_cryptgenrandom_seed"); -+ -+ HCRYPTPROV hProvider = 0; -+ int r; -+ -+ if (!CryptAcquireContextW(&hProvider, 0, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) { -+ fprintf(stderr, "error CryptAcquireContextW"); -+ exit(1); -+ } -+ -+ if (!CryptGenRandom(hProvider, sizeof(r), (BYTE*)&r)) { -+ fprintf(stderr, "error CryptGenRandom"); -+ exit(1); -+ } -+ -+ CryptReleaseContext(hProvider, 0); -+ -+ return r; -+} -+ -+#endif -+ -+ -+/* get_time_seed */ -+ -+#include -+ -+static int get_time_seed() -+{ -+ DEBUG_SEED("get_time_seed"); -+ -+ return (int)time(NULL) * 433494437; -+} -+ -+ -+/* json_c_get_random_seed */ -+ -+int json_c_get_random_seed() -+{ -+#if HAVE_RDRAND -+ if (has_rdrand()) return get_rdrand_seed(); -+#endif -+#if HAVE_DEV_RANDOM -+ if (has_dev_urandom()) return get_dev_random_seed(); -+#endif -+#if HAVE_CRYPTGENRANDOM -+ return get_cryptgenrandom_seed(); -+#endif -+ return get_time_seed(); -+} -diff -up json-c-json-c-0.11-20130402/random_seed.h.cve json-c-json-c-0.11-20130402/random_seed.h ---- json-c-json-c-0.11-20130402/random_seed.h.cve 2014-04-09 19:59:46.203002736 +0300 -+++ json-c-json-c-0.11-20130402/random_seed.h 2014-04-09 19:59:46.203002736 +0300 -@@ -0,0 +1,25 @@ -+/* -+ * random_seed.h -+ * -+ * Copyright (c) 2013 Metaparadigm Pte. Ltd. -+ * Michael Clark -+ * -+ * This library is free software; you can redistribute it and/or modify -+ * it under the terms of the MIT license. See COPYING for details. -+ * -+ */ -+ -+#ifndef seed_h -+#define seed_h -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+extern int json_c_get_random_seed(); -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif diff --git a/json-c.spec b/json-c.spec index f6f406f..6194355 100644 --- a/json-c.spec +++ b/json-c.spec @@ -1,62 +1,42 @@ -%global reldate 20130402 +%global reldate 20140410 Name: json-c -Version: 0.11 -Release: 8%{?dist} +Version: 0.12 +Release: 1%{?dist} Summary: A JSON implementation in C -Group: Development/Libraries License: MIT URL: https://github.com/json-c/json-c/wiki Source0: https://github.com/json-c/json-c/archive/json-c-%{version}-%{reldate}.tar.gz - -# increaser parser strictness (for php compatibility) -Patch0: https://github.com/json-c/json-c/pull/90.patch -Patch1: https://github.com/json-c/json-c/pull/94.patch - -# Disable default compiler warning flags -Patch2: json-c-0.11-cflags.patch - -# Fix CVE issues CVE-2013-6370 and CVE-2013-6371, patch backported from upstream -Patch3: json-c-0.11-cve.patch - -BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) -BuildRequires: libtool autoconf +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool %description JSON-C implements a reference counting object model that allows you to easily construct JSON objects in C, output them as JSON formatted strings and parse JSON formatted strings back into the C representation of JSON objects. -%package devel -Summary: Development headers and library for json-c -Group: Development/Libraries -Requires: %{name} = %{version}-%{release} -Requires: pkgconfig +%package devel +Summary: Development files for %{name} +Requires: %{name}%{?_isa} = %{version}-%{release} -%description devel -This package contains the development headers and library for json-c. +%description devel +This package contains libraries and header files for +developing applications that use %{name}. - -%package doc +%package doc Summary: Reference manual for json-c -Group: Documentation -%if 0%{?fedora} > 10 || 0%{?rhel}>5 +%if 0%{?fedora} > 10 || 0%{?rhel} > 5 BuildArch: noarch %endif -%description doc +%description doc This package contains the reference manual for json-c. %prep -%setup -q -n json-c-json-c-%{version}-%{reldate} - -%patch0 -p1 -b .strict90 -%patch1 -p1 -b .strict94 -%patch2 -p1 -b .cflags -%patch3 -p1 -b .cve - -# regenerate auto stuff to avoid rpath issue and cve stuff -autoreconf -fi +%setup -qn json-c-json-c-%{version}-%{reldate} +# Get rid of maintainer mode cflags. +sed -i 's|-Werror ||g' Makefile.am.inc for doc in ChangeLog; do iconv -f iso-8859-1 -t utf8 $doc > $doc.new && @@ -64,61 +44,43 @@ for doc in ChangeLog; do mv $doc.new $doc done - %build +autoreconf -fiv %configure --enable-shared --disable-static --disable-rpath --enable-rdrand # parallel build is broken for now, make %{?_smp_mflags} -make +make %{?_smp_mflags} %install -rm -rf %{buildroot} -make install DESTDIR=%{buildroot} +%make_install # Get rid of la files -rm -rf %{buildroot}%{_libdir}/*.la - -# yum cannot replace a dir by a link -# so switch the dir names -rm %{buildroot}%{_includedir}/json -mv %{buildroot}%{_includedir}/json-c \ - %{buildroot}%{_includedir}/json -ln -s json \ - %{buildroot}%{_includedir}/json-c +find %{buildroot} -name '*.la' -delete -print %check make check -%clean -rm -rf %{buildroot} - - %post -p /sbin/ldconfig + %postun -p /sbin/ldconfig - %files -%defattr(-,root,root,-) -%doc AUTHORS ChangeLog README README.html %{!?_licensedir:%global license %%doc} %license COPYING -%{_libdir}/libjson.so.* %{_libdir}/libjson-c.so.* %files devel -%defattr(-,root,root,-) -%{_includedir}/json -%{_includedir}/json-c -%{_libdir}/libjson.so +%doc AUTHORS ChangeLog README README.html +%{_includedir}/json-c/ %{_libdir}/libjson-c.so -%{_libdir}/pkgconfig/json.pc %{_libdir}/pkgconfig/json-c.pc %files doc -%defattr(-,root,root,-) %doc doc/html/* - %changelog +* Thu Jul 24 2014 Christopher Meng - 0.12-1 +- Update to 0.12 + * Sat Jul 12 2014 Tom Callaway - 0.11-8 - fix license handling diff --git a/sources b/sources index 35a0559..262d10b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -7013b2471a507942eb8ed72a5d872d16 json-c-0.11-20130402.tar.gz +39705ae46b1c0c64f1d32d26653c8e7e json-c-0.12-20140410.tar.gz