Update to 0.12

2014-07-24 19:22:06 +08:00 · 2014-07-24 19:22:06 +08:00 · 2f6f483dcd
commit 2f6f483dcd
parent eed9c1ec7e
6 changed files with 30 additions and 1028 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,4 @@
 json-c.spec~
 clog
 /json-c-0.11-20130402.tar.gz
 /json-c-0.12-20140410.tar.gz
--- a/90.patch
+++ b/90.patch
@ -1,28 +0,0 @@
 From e9ee4ae18a9fca8c31eac44669364034658b3d51 Mon Sep 17 00:00:00 2001
 From: Remi Collet <fedora@famillecollet.com>
 Date: Thu, 13 Jun 2013 13:40:01 +0200
 Subject: [PATCH] in strick mode, number must not start with 0
 ---
 json_tokener.c | 5 +++++
 1 file changed, 5 insertions(+)
 diff --git a/json_tokener.c b/json_tokener.c
 index b2b47f9..4491cec 100644
 --- a/json_tokener.c
 +++ b/json_tokener.c
@@ -611,6 +611,11 @@ struct json_object* json_tokener_parse_ex(struct json_tokener *tok,
 	int64_t num64;
 	double  numd;
 	if (!tok->is_double && json_parse_int64(tok->pb->buf, &num64) == 0) {
 +		if (num64 && tok->pb->buf[0]=='0' && (tok->flags & JSON_TOKENER_STRICT)) {
 +			/* in strick mode, number must not start with 0 */
 +			tok->err = json_tokener_error_parse_number;
 +			goto out;
 +		}
 		current = json_object_new_int64(num64);
 	} else if(tok->is_double && json_parse_double(tok->pb->buf, &numd) == 0) {
           current = json_object_new_double(numd);
 -- 
 1.8.1.6
--- a/94.patch
+++ b/94.patch
@ -1,88 +0,0 @@
 From a07ef3d19763094ab35cc009657c85bcbb9dd9ae Mon Sep 17 00:00:00 2001
 From: Remi Collet <fedora@famillecollet.com>
 Date: Tue, 6 Aug 2013 10:41:14 +0200
 Subject: [PATCH 1/3] no single-quote string in strict mode
 ---
 json_tokener.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)
 diff --git a/json_tokener.c b/json_tokener.c
 index a6924a1..45390ac 100644
 --- a/json_tokener.c
 +++ b/json_tokener.c
@@ -293,8 +293,13 @@ struct json_object* json_tokener_parse_ex(struct json_tokener *tok,
 	printbuf_reset(tok->pb);
 	tok->st_pos = 0;
 	goto redo_char;
 -      case '"':
       case '\'':
 +        if (tok->flags & JSON_TOKENER_STRICT) {
 +            /* in STRICT mode only double-quote are allowed */
 +            tok->err = json_tokener_error_parse_unexpected;
 +            goto out;
 +        }
 +      case '"':
 	state = json_tokener_state_string;
 	printbuf_reset(tok->pb);
 	tok->quote_char = c;
 -- 
 1.8.1.6
 From 87fa32dfe013d961ced5252ffacef0beefc8f62f Mon Sep 17 00:00:00 2001
 From: Remi Collet <fedora@famillecollet.com>
 Date: Wed, 21 Aug 2013 15:41:40 +0200
 Subject: [PATCH 2/3] no comment in strict mode
 ---
 json_tokener.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/json_tokener.c b/json_tokener.c
 index 45390ac..7ce53ca 100644
 --- a/json_tokener.c
 +++ b/json_tokener.c
@@ -265,7 +265,7 @@ struct json_object* json_tokener_parse_ex(struct json_tokener *tok,
 	if ((!ADVANCE_CHAR(str, tok)) || (!PEEK_CHAR(c, tok)))
 	  goto out;
       }
 -      if(c == '/') {
 +      if(c == '/' && !(tok->flags & JSON_TOKENER_STRICT)) {
 	printbuf_reset(tok->pb);
 	printbuf_memappend_fast(tok->pb, &c, 1);
 	state = json_tokener_state_comment_start;
 -- 
 1.8.1.6
 From 4039f91cab283b483094dbe59202818bb1733d66 Mon Sep 17 00:00:00 2001
 From: Remi Collet <fedora@famillecollet.com>
 Date: Fri, 23 Aug 2013 13:40:01 +0200
 Subject: [PATCH 3/3] trailing char not allowed in strict mode
 ---
 json_tokener.c | 7 +++++++
 1 file changed, 7 insertions(+)
 diff --git a/json_tokener.c b/json_tokener.c
 index 7ce53ca..def6e10 100644
 --- a/json_tokener.c
 +++ b/json_tokener.c
@@ -769,6 +769,13 @@ struct json_object* json_tokener_parse_ex(struct json_tokener *tok,
   } /* while(POP_CHAR) */
  out:
 +  if (c &&
 +     (state == json_tokener_state_finish) &&
 +     (tok->depth == 0) &&
 +     (tok->flags & JSON_TOKENER_STRICT)) {
 +      /* unexpected char after JSON data */
 +      tok->err = json_tokener_error_parse_unexpected;
 +  }
   if (!c) { /* We hit an eof char (0) */
     if(state != json_tokener_state_finish &&
        saved_state != json_tokener_state_finish)
 -- 
 1.8.1.6
--- a/json-c-0.11-cve.patch
+++ b/json-c-0.11-cve.patch
@ -1,845 +0,0 @@
 diff -up json-c-json-c-0.11-20130402/config.h.in.cve json-c-json-c-0.11-20130402/config.h.in
 --- json-c-json-c-0.11-20130402/config.h.in.cve	2013-04-03 05:04:18.000000000 +0300
 +++ json-c-json-c-0.11-20130402/config.h.in	2014-04-09 20:04:46.991239201 +0300
@@ -1,5 +1,8 @@
 /* config.h.in.  Generated from configure.in by autoheader.  */
 +/* Enable RDRANR Hardware RNG Hash Seed */
 +#undef ENABLE_RDRAND
 +
 /* Define if .gnu.warning accepts long strings. */
 #undef HAS_GNU_WARNING_LONG
@@ -9,6 +12,12 @@
 /* Define to 1 if you don't have `vprintf' but do have `_doprnt.' */
 #undef HAVE_DOPRNT
 +/* Define to 1 if you have the <endian.h> header file. */
 +#undef HAVE_ENDIAN_H
 +
 +/* Define to 1 if you have the <endian.h> header file. */
 +#undef HAVE_ENDIAN_H
 +
 /* Define to 1 if you have the <fcntl.h> header file. */
 #undef HAVE_FCNTL_H
 diff -up json-c-json-c-0.11-20130402/configure.in.cve json-c-json-c-0.11-20130402/configure.in
 --- json-c-json-c-0.11-20130402/configure.in.cve	2013-04-03 05:04:18.000000000 +0300
 +++ json-c-json-c-0.11-20130402/configure.in	2014-04-09 20:06:13.647999321 +0300
@@ -15,6 +15,20 @@ AC_ARG_ENABLE(oldname-compat,
 )
 AM_CONDITIONAL(ENABLE_OLDNAME_COMPAT, [test "x${enable_oldname_compat}" != "xno"])
 +AC_ARG_ENABLE(rdrand,
 + AS_HELP_STRING([--enable-rdrand],
 +   [Enable RDRAND Hardware RNG Hash Seed generation on supported x86/x64 platforms.]),
 + [if test x$enableval = xyes; then
 +  enable_rdrand=yes
 +  AC_DEFINE(ENABLE_RDRAND, 1, [Enable RDRANR Hardware RNG Hash Seed])
 + fi])
 +
 +if test "x$enable_rdrand" = "xyes"; then
 +  AC_MSG_RESULT([RDRAND Hardware RNG Hash Seed enabled on supported x86/x64 platforms])
 +else
 +  AC_MSG_RESULT([RDRAND Hardware RNG Hash Seed disabled. Use --enable-rdrand to enable])
 +fi
 +
 # Checks for programs.
 # Checks for libraries.
@@ -23,7 +37,7 @@ AM_CONDITIONAL(ENABLE_OLDNAME_COMPAT, [t
 AC_CONFIG_HEADER(config.h)
 AC_CONFIG_HEADER(json_config.h)
 AC_HEADER_STDC
 -AC_CHECK_HEADERS(fcntl.h limits.h strings.h syslog.h unistd.h [sys/cdefs.h] [sys/param.h] stdarg.h locale.h)
 +AC_CHECK_HEADERS(fcntl.h limits.h strings.h syslog.h unistd.h [sys/cdefs.h] [sys/param.h] stdarg.h locale.h endian.h)
 AC_CHECK_HEADER(inttypes.h,[AC_DEFINE([JSON_C_HAVE_INTTYPES_H],[1],[Public define for json_inttypes.h])])
 # Checks for typedefs, structures, and compiler characteristics.
 diff -up json-c-json-c-0.11-20130402/json_object.h.cve json-c-json-c-0.11-20130402/json_object.h
 --- json-c-json-c-0.11-20130402/json_object.h.cve	2013-04-03 05:04:18.000000000 +0300
 +++ json-c-json-c-0.11-20130402/json_object.h	2014-04-09 19:59:46.201002788 +0300
@@ -13,6 +13,14 @@
 #ifndef _json_object_h_
 #define _json_object_h_
 +#ifdef __GNUC__
 +#define THIS_FUNCTION_IS_DEPRECATED(func) func __attribute__ ((deprecated))
 +#elif defined(_MSC_VER)
 +#define THIS_FUNCTION_IS_DEPRECATED(func) __declspec(deprecated) func
 +#else
 +#define THIS_FUNCTION_IS_DEPRECATED(func) func
 +#endif
 +
 #include "json_inttypes.h"
 #ifdef __cplusplus
@@ -260,8 +268,8 @@ extern void json_object_object_add(struc
  * @returns the json_object associated with the given field name
  * @deprecated Please use json_object_object_get_ex
  */
 -extern struct json_object* json_object_object_get(struct json_object* obj,
 -						  const char *key);
 +THIS_FUNCTION_IS_DEPRECATED(extern struct json_object* json_object_object_get(struct json_object* obj,
 +						  const char *key));
 /** Get the json_object associated with a given object field.  
  *
 diff -up json-c-json-c-0.11-20130402/json_tokener.c.cve json-c-json-c-0.11-20130402/json_tokener.c
 --- json-c-json-c-0.11-20130402/json_tokener.c.cve	2014-04-09 19:59:46.197002891 +0300
 +++ json-c-json-c-0.11-20130402/json_tokener.c	2014-04-09 19:59:46.202002762 +0300
@@ -69,6 +69,7 @@ const char* json_tokener_errors[] = {
   "object value separator ',' expected",
   "invalid string sequence",
   "expected comment",
 +  "buffer size overflow"
 };
 const char *json_tokener_error_desc(enum json_tokener_error jerr)
@@ -254,6 +255,16 @@ struct json_object* json_tokener_parse_e
   tok->char_offset = 0;
   tok->err = json_tokener_success;
 +  /* this interface is presently not 64-bit clean due to the int len argument
 +     and the internal printbuf interface that takes 32-bit int len arguments
 +     so the function limits the maximum string size to INT32_MAX (2GB).
 +     If the function is called with len == -1 then strlen is called to check
 +     the string length is less than INT32_MAX (2GB) */
 +  if ((len < -1) || (len == -1 && strlen(str) > INT32_MAX)) {
 +    tok->err = json_tokener_error_size;
 +    return NULL;
 +  }
 +
   while (PEEK_CHAR(c, tok)) {
   redo_char:
 diff -up json-c-json-c-0.11-20130402/json_tokener.h.cve json-c-json-c-0.11-20130402/json_tokener.h
 --- json-c-json-c-0.11-20130402/json_tokener.h.cve	2013-04-03 05:04:18.000000000 +0300
 +++ json-c-json-c-0.11-20130402/json_tokener.h	2014-04-09 19:59:46.202002762 +0300
@@ -33,7 +33,8 @@ enum json_tokener_error {
   json_tokener_error_parse_object_key_sep,
   json_tokener_error_parse_object_value_sep,
   json_tokener_error_parse_string,
 -  json_tokener_error_parse_comment
 +  json_tokener_error_parse_comment,
 +  json_tokener_error_size
 };
 enum json_tokener_state {
@@ -170,6 +171,11 @@ extern void json_tokener_set_flags(struc
  * responsible for calling json_tokener_parse_ex with an appropriate str
  * parameter starting with the extra characters.
  *
 + * This interface is presently not 64-bit clean due to the int len argument
 + * so the function limits the maximum string size to INT32_MAX (2GB).
 + * If the function is called with len == -1 then strlen is called to check
 + * the string length is less than INT32_MAX (2GB)
 + *
  * Example:
  * @code
 json_object *jobj = NULL;
 diff -up json-c-json-c-0.11-20130402/linkhash.c.cve json-c-json-c-0.11-20130402/linkhash.c
 --- json-c-json-c-0.11-20130402/linkhash.c.cve	2013-04-03 05:04:18.000000000 +0300
 +++ json-c-json-c-0.11-20130402/linkhash.c	2014-04-09 19:59:46.202002762 +0300
@@ -17,6 +17,11 @@
 #include <stddef.h>
 #include <limits.h>
 +#ifdef HAVE_ENDIAN_H
 +# include <endian.h>    /* attempt to define endianness */
 +#endif
 +
 +#include "random_seed.h"
 #include "linkhash.h"
 void lh_abort(const char *msg, ...)
@@ -39,14 +44,378 @@ int lh_ptr_equal(const void *k1, const v
 	return (k1 == k2);
 }
 +/* 
 + * hashlittle from lookup3.c, by Bob Jenkins, May 2006, Public Domain.
 + * http://burtleburtle.net/bob/c/lookup3.c
 + * minor modifications to make functions static so no symbols are exported
 + * minor mofifications to compile with -Werror
 + */
 +
 +/*
 +-------------------------------------------------------------------------------
 +lookup3.c, by Bob Jenkins, May 2006, Public Domain.
 +
 +These are functions for producing 32-bit hashes for hash table lookup.
 +hashword(), hashlittle(), hashlittle2(), hashbig(), mix(), and final() 
 +are externally useful functions.  Routines to test the hash are included 
 +if SELF_TEST is defined.  You can use this free for any purpose.  It's in
 +the public domain.  It has no warranty.
 +
 +You probably want to use hashlittle().  hashlittle() and hashbig()
 +hash byte arrays.  hashlittle() is is faster than hashbig() on
 +little-endian machines.  Intel and AMD are little-endian machines.
 +On second thought, you probably want hashlittle2(), which is identical to
 +hashlittle() except it returns two 32-bit hashes for the price of one.  
 +You could implement hashbig2() if you wanted but I haven't bothered here.
 +
 +If you want to find a hash of, say, exactly 7 integers, do
 +  a = i1;  b = i2;  c = i3;
 +  mix(a,b,c);
 +  a += i4; b += i5; c += i6;
 +  mix(a,b,c);
 +  a += i7;
 +  final(a,b,c);
 +then use c as the hash value.  If you have a variable length array of
 +4-byte integers to hash, use hashword().  If you have a byte array (like
 +a character string), use hashlittle().  If you have several byte arrays, or
 +a mix of things, see the comments above hashlittle().  
 +
 +Why is this so big?  I read 12 bytes at a time into 3 4-byte integers, 
 +then mix those integers.  This is fast (you can do a lot more thorough
 +mixing with 12*3 instructions on 3 integers than you can with 3 instructions
 +on 1 byte), but shoehorning those bytes into integers efficiently is messy.
 +-------------------------------------------------------------------------------
 +*/
 +
 +/*
 + * My best guess at if you are big-endian or little-endian.  This may
 + * need adjustment.
 + */
 +#if (defined(__BYTE_ORDER) && defined(__LITTLE_ENDIAN) && \
 +     __BYTE_ORDER == __LITTLE_ENDIAN) || \
 +    (defined(i386) || defined(__i386__) || defined(__i486__) || \
 +     defined(__i586__) || defined(__i686__) || defined(vax) || defined(MIPSEL))
 +# define HASH_LITTLE_ENDIAN 1
 +# define HASH_BIG_ENDIAN 0
 +#elif (defined(__BYTE_ORDER) && defined(__BIG_ENDIAN) && \
 +       __BYTE_ORDER == __BIG_ENDIAN) || \
 +      (defined(sparc) || defined(POWERPC) || defined(mc68000) || defined(sel))
 +# define HASH_LITTLE_ENDIAN 0
 +# define HASH_BIG_ENDIAN 1
 +#else
 +# define HASH_LITTLE_ENDIAN 0
 +# define HASH_BIG_ENDIAN 0
 +#endif
 +
 +#define hashsize(n) ((uint32_t)1<<(n))
 +#define hashmask(n) (hashsize(n)-1)
 +#define rot(x,k) (((x)<<(k)) | ((x)>>(32-(k))))
 +
 +/*
 +-------------------------------------------------------------------------------
 +mix -- mix 3 32-bit values reversibly.
 +
 +This is reversible, so any information in (a,b,c) before mix() is
 +still in (a,b,c) after mix().
 +
 +If four pairs of (a,b,c) inputs are run through mix(), or through
 +mix() in reverse, there are at least 32 bits of the output that
 +are sometimes the same for one pair and different for another pair.
 +This was tested for:
 +* pairs that differed by one bit, by two bits, in any combination
 +  of top bits of (a,b,c), or in any combination of bottom bits of
 +  (a,b,c).
 +* "differ" is defined as +, -, ^, or ~^.  For + and -, I transformed
 +  the output delta to a Gray code (a^(a>>1)) so a string of 1's (as
 +  is commonly produced by subtraction) look like a single 1-bit
 +  difference.
 +* the base values were pseudorandom, all zero but one bit set, or 
 +  all zero plus a counter that starts at zero.
 +
 +Some k values for my "a-=c; a^=rot(c,k); c+=b;" arrangement that
 +satisfy this are
 +    4  6  8 16 19  4
 +    9 15  3 18 27 15
 +   14  9  3  7 17  3
 +Well, "9 15 3 18 27 15" didn't quite get 32 bits diffing
 +for "differ" defined as + with a one-bit base and a two-bit delta.  I
 +used http://burtleburtle.net/bob/hash/avalanche.html to choose 
 +the operations, constants, and arrangements of the variables.
 +
 +This does not achieve avalanche.  There are input bits of (a,b,c)
 +that fail to affect some output bits of (a,b,c), especially of a.  The
 +most thoroughly mixed value is c, but it doesn't really even achieve
 +avalanche in c.
 +
 +This allows some parallelism.  Read-after-writes are good at doubling
 +the number of bits affected, so the goal of mixing pulls in the opposite
 +direction as the goal of parallelism.  I did what I could.  Rotates
 +seem to cost as much as shifts on every machine I could lay my hands
 +on, and rotates are much kinder to the top and bottom bits, so I used
 +rotates.
 +-------------------------------------------------------------------------------
 +*/
 +#define mix(a,b,c) \
 +{ \
 +  a -= c;  a ^= rot(c, 4);  c += b; \
 +  b -= a;  b ^= rot(a, 6);  a += c; \
 +  c -= b;  c ^= rot(b, 8);  b += a; \
 +  a -= c;  a ^= rot(c,16);  c += b; \
 +  b -= a;  b ^= rot(a,19);  a += c; \
 +  c -= b;  c ^= rot(b, 4);  b += a; \
 +}
 +
 +/*
 +-------------------------------------------------------------------------------
 +final -- final mixing of 3 32-bit values (a,b,c) into c
 +
 +Pairs of (a,b,c) values differing in only a few bits will usually
 +produce values of c that look totally different.  This was tested for
 +* pairs that differed by one bit, by two bits, in any combination
 +  of top bits of (a,b,c), or in any combination of bottom bits of
 +  (a,b,c).
 +* "differ" is defined as +, -, ^, or ~^.  For + and -, I transformed
 +  the output delta to a Gray code (a^(a>>1)) so a string of 1's (as
 +  is commonly produced by subtraction) look like a single 1-bit
 +  difference.
 +* the base values were pseudorandom, all zero but one bit set, or 
 +  all zero plus a counter that starts at zero.
 +
 +These constants passed:
 + 14 11 25 16 4 14 24
 + 12 14 25 16 4 14 24
 +and these came close:
 +  4  8 15 26 3 22 24
 + 10  8 15 26 3 22 24
 + 11  8 15 26 3 22 24
 +-------------------------------------------------------------------------------
 +*/
 +#define final(a,b,c) \
 +{ \
 +  c ^= b; c -= rot(b,14); \
 +  a ^= c; a -= rot(c,11); \
 +  b ^= a; b -= rot(a,25); \
 +  c ^= b; c -= rot(b,16); \
 +  a ^= c; a -= rot(c,4);  \
 +  b ^= a; b -= rot(a,14); \
 +  c ^= b; c -= rot(b,24); \
 +}
 +
 +
 +/*
 +-------------------------------------------------------------------------------
 +hashlittle() -- hash a variable-length key into a 32-bit value
 +  k       : the key (the unaligned variable-length array of bytes)
 +  length  : the length of the key, counting by bytes
 +  initval : can be any 4-byte value
 +Returns a 32-bit value.  Every bit of the key affects every bit of
 +the return value.  Two keys differing by one or two bits will have
 +totally different hash values.
 +
 +The best hash table sizes are powers of 2.  There is no need to do
 +mod a prime (mod is sooo slow!).  If you need less than 32 bits,
 +use a bitmask.  For example, if you need only 10 bits, do
 +  h = (h & hashmask(10));
 +In which case, the hash table should have hashsize(10) elements.
 +
 +If you are hashing n strings (uint8_t **)k, do it like this:
 +  for (i=0, h=0; i<n; ++i) h = hashlittle( k[i], len[i], h);
 +
 +By Bob Jenkins, 2006.  bob_jenkins@burtleburtle.net.  You may use this
 +code any way you wish, private, educational, or commercial.  It's free.
 +
 +Use for hash table lookup, or anything where one collision in 2^^32 is
 +acceptable.  Do NOT use for cryptographic purposes.
 +-------------------------------------------------------------------------------
 +*/
 +
 +static uint32_t hashlittle( const void *key, size_t length, uint32_t initval)
 +{
 +  uint32_t a,b,c;                                          /* internal state */
 +  union { const void *ptr; size_t i; } u;     /* needed for Mac Powerbook G4 */
 +
 +  /* Set up the internal state */
 +  a = b = c = 0xdeadbeef + ((uint32_t)length) + initval;
 +
 +  u.ptr = key;
 +  if (HASH_LITTLE_ENDIAN && ((u.i & 0x3) == 0)) {
 +    const uint32_t *k = (const uint32_t *)key;         /* read 32-bit chunks */
 +
 +    /*------ all but last block: aligned reads and affect 32 bits of (a,b,c) */
 +    while (length > 12)
 +    {
 +      a += k[0];
 +      b += k[1];
 +      c += k[2];
 +      mix(a,b,c);
 +      length -= 12;
 +      k += 3;
 +    }
 +
 +    /*----------------------------- handle the last (probably partial) block */
 +    /* 
 +     * "k[2]&0xffffff" actually reads beyond the end of the string, but
 +     * then masks off the part it's not allowed to read.  Because the
 +     * string is aligned, the masked-off tail is in the same word as the
 +     * rest of the string.  Every machine with memory protection I've seen
 +     * does it on word boundaries, so is OK with this.  But VALGRIND will
 +     * still catch it and complain.  The masking trick does make the hash
 +     * noticably faster for short strings (like English words).
 +     */
 +#ifndef VALGRIND
 +
 +    switch(length)
 +    {
 +    case 12: c+=k[2]; b+=k[1]; a+=k[0]; break;
 +    case 11: c+=k[2]&0xffffff; b+=k[1]; a+=k[0]; break;
 +    case 10: c+=k[2]&0xffff; b+=k[1]; a+=k[0]; break;
 +    case 9 : c+=k[2]&0xff; b+=k[1]; a+=k[0]; break;
 +    case 8 : b+=k[1]; a+=k[0]; break;
 +    case 7 : b+=k[1]&0xffffff; a+=k[0]; break;
 +    case 6 : b+=k[1]&0xffff; a+=k[0]; break;
 +    case 5 : b+=k[1]&0xff; a+=k[0]; break;
 +    case 4 : a+=k[0]; break;
 +    case 3 : a+=k[0]&0xffffff; break;
 +    case 2 : a+=k[0]&0xffff; break;
 +    case 1 : a+=k[0]&0xff; break;
 +    case 0 : return c;              /* zero length strings require no mixing */
 +    }
 +
 +#else /* make valgrind happy */
 +
 +    const uint8_t  *k8 = (const uint8_t *)k;
 +    switch(length)
 +    {
 +    case 12: c+=k[2]; b+=k[1]; a+=k[0]; break;
 +    case 11: c+=((uint32_t)k8[10])<<16;  /* fall through */
 +    case 10: c+=((uint32_t)k8[9])<<8;    /* fall through */
 +    case 9 : c+=k8[8];                   /* fall through */
 +    case 8 : b+=k[1]; a+=k[0]; break;
 +    case 7 : b+=((uint32_t)k8[6])<<16;   /* fall through */
 +    case 6 : b+=((uint32_t)k8[5])<<8;    /* fall through */
 +    case 5 : b+=k8[4];                   /* fall through */
 +    case 4 : a+=k[0]; break;
 +    case 3 : a+=((uint32_t)k8[2])<<16;   /* fall through */
 +    case 2 : a+=((uint32_t)k8[1])<<8;    /* fall through */
 +    case 1 : a+=k8[0]; break;
 +    case 0 : return c;
 +    }
 +
 +#endif /* !valgrind */
 +
 +  } else if (HASH_LITTLE_ENDIAN && ((u.i & 0x1) == 0)) {
 +    const uint16_t *k = (const uint16_t *)key;         /* read 16-bit chunks */
 +    const uint8_t  *k8;
 +
 +    /*--------------- all but last block: aligned reads and different mixing */
 +    while (length > 12)
 +    {
 +      a += k[0] + (((uint32_t)k[1])<<16);
 +      b += k[2] + (((uint32_t)k[3])<<16);
 +      c += k[4] + (((uint32_t)k[5])<<16);
 +      mix(a,b,c);
 +      length -= 12;
 +      k += 6;
 +    }
 +
 +    /*----------------------------- handle the last (probably partial) block */
 +    k8 = (const uint8_t *)k;
 +    switch(length)
 +    {
 +    case 12: c+=k[4]+(((uint32_t)k[5])<<16);
 +             b+=k[2]+(((uint32_t)k[3])<<16);
 +             a+=k[0]+(((uint32_t)k[1])<<16);
 +             break;
 +    case 11: c+=((uint32_t)k8[10])<<16;     /* fall through */
 +    case 10: c+=k[4];
 +             b+=k[2]+(((uint32_t)k[3])<<16);
 +             a+=k[0]+(((uint32_t)k[1])<<16);
 +             break;
 +    case 9 : c+=k8[8];                      /* fall through */
 +    case 8 : b+=k[2]+(((uint32_t)k[3])<<16);
 +             a+=k[0]+(((uint32_t)k[1])<<16);
 +             break;
 +    case 7 : b+=((uint32_t)k8[6])<<16;      /* fall through */
 +    case 6 : b+=k[2];
 +             a+=k[0]+(((uint32_t)k[1])<<16);
 +             break;
 +    case 5 : b+=k8[4];                      /* fall through */
 +    case 4 : a+=k[0]+(((uint32_t)k[1])<<16);
 +             break;
 +    case 3 : a+=((uint32_t)k8[2])<<16;      /* fall through */
 +    case 2 : a+=k[0];
 +             break;
 +    case 1 : a+=k8[0];
 +             break;
 +    case 0 : return c;                     /* zero length requires no mixing */
 +    }
 +
 +  } else {                        /* need to read the key one byte at a time */
 +    const uint8_t *k = (const uint8_t *)key;
 +
 +    /*--------------- all but the last block: affect some 32 bits of (a,b,c) */
 +    while (length > 12)
 +    {
 +      a += k[0];
 +      a += ((uint32_t)k[1])<<8;
 +      a += ((uint32_t)k[2])<<16;
 +      a += ((uint32_t)k[3])<<24;
 +      b += k[4];
 +      b += ((uint32_t)k[5])<<8;
 +      b += ((uint32_t)k[6])<<16;
 +      b += ((uint32_t)k[7])<<24;
 +      c += k[8];
 +      c += ((uint32_t)k[9])<<8;
 +      c += ((uint32_t)k[10])<<16;
 +      c += ((uint32_t)k[11])<<24;
 +      mix(a,b,c);
 +      length -= 12;
 +      k += 12;
 +    }
 +
 +    /*-------------------------------- last block: affect all 32 bits of (c) */
 +    switch(length)                   /* all the case statements fall through */
 +    {
 +    case 12: c+=((uint32_t)k[11])<<24;
 +    case 11: c+=((uint32_t)k[10])<<16;
 +    case 10: c+=((uint32_t)k[9])<<8;
 +    case 9 : c+=k[8];
 +    case 8 : b+=((uint32_t)k[7])<<24;
 +    case 7 : b+=((uint32_t)k[6])<<16;
 +    case 6 : b+=((uint32_t)k[5])<<8;
 +    case 5 : b+=k[4];
 +    case 4 : a+=((uint32_t)k[3])<<24;
 +    case 3 : a+=((uint32_t)k[2])<<16;
 +    case 2 : a+=((uint32_t)k[1])<<8;
 +    case 1 : a+=k[0];
 +             break;
 +    case 0 : return c;
 +    }
 +  }
 +
 +  final(a,b,c);
 +  return c;
 +}
 +
 unsigned long lh_char_hash(const void *k)
 {
 -	unsigned int h = 0;
 -	const char* data = (const char*)k;
 - 
 -	while( *data!=0 ) h = h*129 + (unsigned int)(*data++) + LH_PRIME;
 +	static volatile int random_seed = -1;
 +
 +	if (random_seed == -1) {
 +		int seed;
 +		/* we can't use -1 as it is the unitialized sentinel */
 +		while ((seed = json_c_get_random_seed()) == -1);
 +#if defined __GNUC__
 +		__sync_val_compare_and_swap(&random_seed, -1, seed);
 +#elif defined _MSC_VER
 +		InterlockedCompareExchange(&random_seed, seed, -1);
 +#else
 +#warning "racy random seed initializtion if used by multiple threads"
 +		random_seed = seed; /* potentially racy */
 +#endif
 +	}
 -	return h;
 +	return hashlittle((const char*)k, strlen((const char*)k), random_seed); 
 }
 int lh_char_equal(const void *k1, const void *k2)
 diff -up json-c-json-c-0.11-20130402/linkhash.h.cve json-c-json-c-0.11-20130402/linkhash.h
 --- json-c-json-c-0.11-20130402/linkhash.h.cve	2013-04-03 05:04:18.000000000 +0300
 +++ json-c-json-c-0.11-20130402/linkhash.h	2014-04-09 19:59:46.202002762 +0300
@@ -246,7 +246,7 @@ extern struct lh_entry* lh_table_lookup_
  * @return a pointer to the found value or NULL if it does not exist.
  * @deprecated Use lh_table_lookup_ex instead.
  */
 -extern const void* lh_table_lookup(struct lh_table *t, const void *k);
 +THIS_FUNCTION_IS_DEPRECATED(extern const void* lh_table_lookup(struct lh_table *t, const void *k));
 /**
  * Lookup a record in the table
 diff -up json-c-json-c-0.11-20130402/Makefile.am.cve json-c-json-c-0.11-20130402/Makefile.am
 --- json-c-json-c-0.11-20130402/Makefile.am.cve	2013-04-03 05:04:18.000000000 +0300
 +++ json-c-json-c-0.11-20130402/Makefile.am	2014-04-09 19:59:46.200002814 +0300
@@ -29,7 +29,8 @@ libjson_cinclude_HEADERS = \
 	json_tokener.h \
 	json_util.h \
 	linkhash.h \
 -	printbuf.h
 +	printbuf.h \
 +	random_seed.h
 #libjsonx_includedir = $(libdir)/json-c-@VERSION@
 #
@@ -55,7 +56,8 @@ libjson_c_la_SOURCES = \
 	json_tokener.c \
 	json_util.c \
 	linkhash.c \
 -	printbuf.c
 +	printbuf.c \
 +	random_seed.c
 distclean-local:
 diff -up json-c-json-c-0.11-20130402/Makefile.am.inc.cve json-c-json-c-0.11-20130402/Makefile.am.inc
 diff -up json-c-json-c-0.11-20130402/random_seed.c.cve json-c-json-c-0.11-20130402/random_seed.c
 --- json-c-json-c-0.11-20130402/random_seed.c.cve	2014-04-09 19:59:46.203002736 +0300
 +++ json-c-json-c-0.11-20130402/random_seed.c	2014-04-09 19:59:46.202002762 +0300
@@ -0,0 +1,237 @@
 +/*
 + * random_seed.c
 + *
 + * Copyright (c) 2013 Metaparadigm Pte. Ltd.
 + * Michael Clark <michael@metaparadigm.com>
 + *
 + * This library is free software; you can redistribute it and/or modify
 + * it under the terms of the MIT license. See COPYING for details.
 + *
 + */
 +
 +#include <stdio.h>
 +#include "config.h"
 +
 +#define DEBUG_SEED(s)
 +
 +
 +#if defined ENABLE_RDRAND
 +
 +/* cpuid */
 +
 +#if defined __GNUC__ && (defined __i386__ || defined __x86_64__)
 +#define HAS_X86_CPUID 1
 +
 +static void do_cpuid(int regs[], int h)
 +{
 +    __asm__ __volatile__(
 +#if defined __x86_64__
 +                         "pushq %%rbx;\n"
 +#else
 +                         "pushl %%ebx;\n"
 +#endif
 +                         "cpuid;\n"
 +#if defined __x86_64__
 +                         "popq %%rbx;\n"
 +#else
 +                         "popl %%ebx;\n"
 +#endif
 +                         : "=a"(regs[0]), [ebx] "=r"(regs[1]), "=c"(regs[2]), "=d"(regs[3])
 +                         : "a"(h));
 +}
 +
 +#elif defined _MSC_VER
 +
 +#define HAS_X86_CPUID 1
 +#define do_cpuid __cpuid
 +
 +#endif
 +
 +/* has_rdrand */
 +
 +#if HAS_X86_CPUID
 +
 +static int has_rdrand()
 +{
 +    // CPUID.01H:ECX.RDRAND[bit 30] == 1
 +    int regs[4];
 +    do_cpuid(regs, 1);
 +    return (regs[2] & (1 << 30)) != 0;
 +}
 +
 +#endif
 +
 +/* get_rdrand_seed - GCC x86 and X64 */
 +
 +#if defined __GNUC__ && (defined __i386__ || defined __x86_64__)
 +
 +#define HAVE_RDRAND 1
 +
 +static int get_rdrand_seed()
 +{
 +    DEBUG_SEED("get_rdrand_seed");
 +    int _eax;
 +    // rdrand eax
 +    __asm__ __volatile__("1: .byte 0x0F\n"
 +                         "   .byte 0xC7\n"
 +                         "   .byte 0xF0\n"
 +                         "   jnc 1b;\n"
 +                         : "=a" (_eax));
 +    return _eax;
 +}
 +
 +#endif
 +
 +#if defined _MSC_VER
 +
 +#if _MSC_VER >= 1700
 +#define HAVE_RDRAND 1
 +
 +/* get_rdrand_seed - Visual Studio 2012 and above */
 +
 +static int get_rdrand_seed()
 +{
 +    DEBUG_SEED("get_rdrand_seed");
 +    int r;
 +    while (_rdrand32_step(&r) == 0);
 +    return r;
 +}
 +
 +#elif defined _M_IX86
 +#define HAVE_RDRAND 1
 +
 +/* get_rdrand_seed - Visual Studio 2010 and below - x86 only */
 +
 +static int get_rdrand_seed()
 +{
 +	DEBUG_SEED("get_rdrand_seed");
 +	int _eax;
 +retry:
 +	// rdrand eax
 +	__asm _emit 0x0F __asm _emit 0xC7 __asm _emit 0xF0
 +	__asm jnc retry
 +	__asm mov _eax, eax
 +	return _eax;
 +}
 +
 +#endif
 +#endif
 +
 +#endif /* defined ENABLE_RDRAND */
 +
 +
 +/* has_dev_urandom */
 +
 +#if defined (__APPLE__) || defined(__unix__) || defined(__linux__)
 +
 +#include <string.h>
 +#include <fcntl.h>
 +#include <unistd.h>
 +#include <errno.h>
 +#include <stdlib.h>
 +#include <sys/stat.h>
 +
 +#define HAVE_DEV_RANDOM 1
 +
 +static const char *dev_random_file = "/dev/urandom";
 +
 +static int has_dev_urandom()
 +{
 +    struct stat buf;
 +    if (stat(dev_random_file, &buf)) {
 +        return 0;
 +    }
 +    return ((buf.st_mode & S_IFCHR) != 0);
 +}
 +
 +
 +/* get_dev_random_seed */
 +
 +static int get_dev_random_seed()
 +{
 +    DEBUG_SEED("get_dev_random_seed");
 +    
 +    int fd = open(dev_random_file, O_RDONLY);
 +    if (fd < 0) {
 +        fprintf(stderr, "error opening %s: %s", dev_random_file, strerror(errno));
 +        exit(1);
 +    }
 +    
 +    int r;
 +    ssize_t nread = read(fd, &r, sizeof(r));
 +    if (nread != sizeof(r)) {
 +        fprintf(stderr, "error read %s: %s", dev_random_file, strerror(errno));
 +        exit(1);
 +    }
 +    else if (nread != sizeof(r)) {
 +        fprintf(stderr, "error short read %s", dev_random_file);
 +        exit(1);
 +    }
 +    close(fd);
 +    return r;
 +}
 +
 +#endif
 +
 +
 +/* get_cryptgenrandom_seed */
 +
 +#ifdef WIN32
 +
 +#define HAVE_CRYPTGENRANDOM 1
 +
 +#include <windows.h>
 +#pragma comment(lib, "advapi32.lib")
 +
 +static int get_cryptgenrandom_seed()
 +{
 +    DEBUG_SEED("get_cryptgenrandom_seed");
 +    
 +    HCRYPTPROV hProvider = 0;
 +    int r;
 +    
 +    if (!CryptAcquireContextW(&hProvider, 0, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
 +        fprintf(stderr, "error CryptAcquireContextW");
 +        exit(1);
 +    }
 +    
 +    if (!CryptGenRandom(hProvider, sizeof(r), (BYTE*)&r)) {
 +        fprintf(stderr, "error CryptGenRandom");
 +        exit(1);
 +    }
 +    
 +    CryptReleaseContext(hProvider, 0);
 +    
 +    return r;
 +}
 +
 +#endif
 +
 +
 +/* get_time_seed */
 +
 +#include <time.h>
 +
 +static int get_time_seed()
 +{
 +    DEBUG_SEED("get_time_seed");
 +    
 +    return (int)time(NULL) * 433494437;
 +}
 +
 +
 +/* json_c_get_random_seed */
 +
 +int json_c_get_random_seed()
 +{
 +#if HAVE_RDRAND
 +    if (has_rdrand()) return get_rdrand_seed();
 +#endif
 +#if HAVE_DEV_RANDOM
 +    if (has_dev_urandom()) return get_dev_random_seed();
 +#endif
 +#if HAVE_CRYPTGENRANDOM
 +    return get_cryptgenrandom_seed();
 +#endif
 +    return get_time_seed();
 +}
 diff -up json-c-json-c-0.11-20130402/random_seed.h.cve json-c-json-c-0.11-20130402/random_seed.h
 --- json-c-json-c-0.11-20130402/random_seed.h.cve	2014-04-09 19:59:46.203002736 +0300
 +++ json-c-json-c-0.11-20130402/random_seed.h	2014-04-09 19:59:46.203002736 +0300
@@ -0,0 +1,25 @@
 +/*
 + * random_seed.h
 + *
 + * Copyright (c) 2013 Metaparadigm Pte. Ltd.
 + * Michael Clark <michael@metaparadigm.com>
 + *
 + * This library is free software; you can redistribute it and/or modify
 + * it under the terms of the MIT license. See COPYING for details.
 + *
 + */
 +
 +#ifndef seed_h
 +#define seed_h
 +
 +#ifdef __cplusplus
 +extern "C" {
 +#endif
 +
 +extern int json_c_get_random_seed();
 +
 +#ifdef __cplusplus
 +}
 +#endif
 +
 +#endif
--- a/json-c.spec
+++ b/json-c.spec
@ -1,62 +1,42 @@
-%global reldate 20130402
+%global reldate 20140410
 Name:		json-c
-Version:	0.11
+Version:	0.12
-Release:	8%{?dist}
+Release:	1%{?dist}
 Summary:	A JSON implementation in C
 Group:		Development/Libraries
 License:	MIT
 URL:		https://github.com/json-c/json-c/wiki
 Source0:	https://github.com/json-c/json-c/archive/json-c-%{version}-%{reldate}.tar.gz
-
+BuildRequires:  autoconf
-# increaser parser strictness (for php compatibility)
+BuildRequires:  automake
-Patch0:		https://github.com/json-c/json-c/pull/90.patch
+BuildRequires:  libtool
 Patch1:		https://github.com/json-c/json-c/pull/94.patch
 # Disable default compiler warning flags
 Patch2:		json-c-0.11-cflags.patch
 # Fix CVE issues CVE-2013-6370 and CVE-2013-6371, patch backported from upstream
 Patch3:		json-c-0.11-cve.patch
 BuildRoot:	%(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 BuildRequires:	libtool autoconf
 %description
 JSON-C implements a reference counting object model that allows you to easily
 construct JSON objects in C, output them as JSON formatted strings and parse
 JSON formatted strings back into the C representation of JSON objects.
-%package devel
+%package        devel
-Summary:	Development headers and library for json-c
+Summary:        Development files for %{name}
-Group:		Development/Libraries
+Requires:       %{name}%{?_isa} = %{version}-%{release}
 Requires:	%{name} = %{version}-%{release}
 Requires:	pkgconfig
-%description devel
+%description    devel
-This package contains the development headers and library for json-c.
+This package contains libraries and header files for
 developing applications that use %{name}.
-
+%package        doc
 %package doc
 Summary:	Reference manual for json-c
-Group:		Documentation
+%if 0%{?fedora} > 10 || 0%{?rhel} > 5
 %if 0%{?fedora} > 10 || 0%{?rhel}>5
 BuildArch:	noarch
 %endif
-%description doc
+%description    doc
 This package contains the reference manual for json-c.
 %prep
-%setup -q -n json-c-json-c-%{version}-%{reldate}
+%setup -qn json-c-json-c-%{version}-%{reldate}
-
+# Get rid of maintainer mode cflags.
-%patch0 -p1 -b .strict90
+sed -i 's|-Werror ||g' Makefile.am.inc
 %patch1 -p1 -b .strict94
 %patch2 -p1 -b .cflags
 %patch3 -p1 -b .cve
 # regenerate auto stuff to avoid rpath issue and cve stuff
 autoreconf -fi
 for doc in ChangeLog; do
 iconv -f iso-8859-1 -t utf8 $doc > $doc.new &&
@ -64,61 +44,43 @@ for doc in ChangeLog; do
 mv $doc.new $doc
 done
 %build
 autoreconf -fiv
 %configure --enable-shared --disable-static --disable-rpath --enable-rdrand
 # parallel build is broken for now, make %{?_smp_mflags}
-make
+make %{?_smp_mflags}
 %install
-rm -rf %{buildroot}
+%make_install
 make install DESTDIR=%{buildroot}
 # Get rid of la files
-rm -rf %{buildroot}%{_libdir}/*.la
+find %{buildroot} -name '*.la' -delete -print
 # yum cannot replace a dir by a link
 # so switch the dir names
 rm %{buildroot}%{_includedir}/json
 mv %{buildroot}%{_includedir}/json-c \
   %{buildroot}%{_includedir}/json
 ln -s json \
   %{buildroot}%{_includedir}/json-c
 %check
 make check
 %clean
 rm -rf %{buildroot}
 %post -p /sbin/ldconfig
 %postun -p /sbin/ldconfig
 %files
 %defattr(-,root,root,-)
 %doc AUTHORS ChangeLog README README.html
 %{!?_licensedir:%global license %%doc}
 %license COPYING
 %{_libdir}/libjson.so.*
 %{_libdir}/libjson-c.so.*
 %files devel
-%defattr(-,root,root,-)
+%doc AUTHORS ChangeLog README README.html
-%{_includedir}/json
+%{_includedir}/json-c/
 %{_includedir}/json-c
 %{_libdir}/libjson.so
 %{_libdir}/libjson-c.so
 %{_libdir}/pkgconfig/json.pc
 %{_libdir}/pkgconfig/json-c.pc
 %files doc
 %defattr(-,root,root,-)
 %doc doc/html/*
 %changelog
 * Thu Jul 24 2014 Christopher Meng <rpm@cicku.me> - 0.12-1
 - Update to 0.12
 * Sat Jul 12 2014 Tom Callaway <spot@fedoraproject.org> - 0.11-8
 - fix license handling
--- a/2
+++ b/2
@ -1 +1 @@
-7013b2471a507942eb8ed72a5d872d16  json-c-0.11-20130402.tar.gz
+39705ae46b1c0c64f1d32d26653c8e7e  json-c-0.12-20140410.tar.gz
`@ -1 +1 @@`
	`7013b2471a507942eb8ed72a5d872d16 json-c-0.11-20130402.tar.gz`	`39705ae46b1c0c64f1d32d26653c8e7e json-c-0.12-20140410.tar.gz`