Compare commits
No commits in common. "imports/c9-beta/libfastjson-0.99.9-3.el9" and "c8s" have entirely different histories.
imports/c9
...
c8s
1
.gitignore
vendored
1
.gitignore
vendored
@ -1 +1,2 @@
|
||||
SOURCES/libfastjson-0.99.9.tar.gz
|
||||
/libfastjson-0.99.9.tar.gz
|
||||
|
@ -1 +0,0 @@
|
||||
44f278fb75f91b77f79f61bfa9988eee27e24088 SOURCES/libfastjson-0.99.9.tar.gz
|
6
gating.yaml
Normal file
6
gating.yaml
Normal file
@ -0,0 +1,6 @@
|
||||
--- !Policy
|
||||
product_versions:
|
||||
- rhel-8
|
||||
decision_context: osci_compose_gate
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
|
52
libfastjson-CVE-2020-12762.patch
Normal file
52
libfastjson-CVE-2020-12762.patch
Normal file
@ -0,0 +1,52 @@
|
||||
diff --git a/printbuf.c b/printbuf.c
|
||||
index e9cde11..b02a363 100644
|
||||
--- a/printbuf.c
|
||||
+++ b/printbuf.c
|
||||
@@ -13,6 +13,7 @@
|
||||
|
||||
#include "config.h"
|
||||
|
||||
+#include <limits.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
@@ -68,9 +69,16 @@ static int printbuf_extend(struct printbuf *p, int min_size)
|
||||
if (p->size >= min_size)
|
||||
return 0;
|
||||
|
||||
- new_size = p->size * 2;
|
||||
- if (new_size < min_size + 8)
|
||||
- new_size = min_size + 8;
|
||||
+ /* Prevent signed integer overflows with large buffers. */
|
||||
+ if (min_size > INT_MAX - 8)
|
||||
+ return -1;
|
||||
+ if (p->size > INT_MAX / 2)
|
||||
+ new_size = min_size + 8;
|
||||
+ else {
|
||||
+ new_size = p->size * 2;
|
||||
+ if (new_size < min_size + 8)
|
||||
+ new_size = min_size + 8;
|
||||
+ }
|
||||
#ifdef PRINTBUF_DEBUG
|
||||
MC_DEBUG("printbuf_memappend: realloc "
|
||||
"bpos=%d min_size=%d old_size=%d new_size=%d\n",
|
||||
@@ -85,6 +93,9 @@ static int printbuf_extend(struct printbuf *p, int min_size)
|
||||
|
||||
int printbuf_memappend(struct printbuf *p, const char *buf, int size)
|
||||
{
|
||||
+ /* Prevent signed integer overflows with large buffers. */
|
||||
+ if (size > INT_MAX - p->bpos - 1)
|
||||
+ return -1;
|
||||
if (p->size <= p->bpos + size + 1) {
|
||||
if (printbuf_extend(p, p->bpos + size + 1) < 0)
|
||||
return -1;
|
||||
@@ -136,6 +147,9 @@ int printbuf_memset(struct printbuf *pb, int offset, int charvalue, int len)
|
||||
|
||||
if (offset == -1)
|
||||
offset = pb->bpos;
|
||||
+ /* Prevent signed integer overflows with large buffers. */
|
||||
+ if (len > INT_MAX - offset)
|
||||
+ return -1;
|
||||
size_needed = offset + len;
|
||||
if (pb->size < size_needed)
|
||||
{
|
@ -1,13 +1,13 @@
|
||||
Name: libfastjson
|
||||
Version: 0.99.9
|
||||
Release: 3%{?dist}
|
||||
Release: 2%{?dist}
|
||||
Summary: A JSON implementation in C
|
||||
License: MIT
|
||||
URL: https://github.com/rsyslog/libfastjson
|
||||
Source0: http://download.rsyslog.com/libfastjson/libfastjson-%{version}.tar.gz
|
||||
|
||||
BuildRequires: autoconf automake libtool
|
||||
BuildRequires: make
|
||||
Patch0: libfastjson-CVE-2020-12762.patch
|
||||
|
||||
%description
|
||||
LIBFASTJSON implements a reference counting object
|
||||
@ -18,6 +18,7 @@ C representation of JSON objects.
|
||||
|
||||
%package devel
|
||||
Summary: Development files for libfastjson
|
||||
Group: Development/Libraries
|
||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||
|
||||
%description devel
|
||||
@ -26,6 +27,7 @@ developing applications that use libfastjson.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0 -p1 -b .CVE-2020-12762
|
||||
|
||||
for doc in ChangeLog; do
|
||||
iconv -f iso-8859-1 -t utf8 $doc > $doc.new &&
|
||||
@ -45,7 +47,9 @@ find %{buildroot} -name '*.la' -delete -print
|
||||
%check
|
||||
make V=1 check
|
||||
|
||||
%ldconfig_scriptlets
|
||||
%post -p /sbin/ldconfig
|
||||
|
||||
%postun -p /sbin/ldconfig
|
||||
|
||||
%files
|
||||
%{!?_licensedir:%global license %%doc}
|
||||
@ -59,34 +63,13 @@ make V=1 check
|
||||
%{_libdir}/pkgconfig/libfastjson.pc
|
||||
|
||||
%changelog
|
||||
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.99.9-3
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
* Tue May 16 2023 Attila Lakatos <alakatos@redhat.com> - 0.99.9-2
|
||||
- Address CVE-2020-12762
|
||||
Resolves: rhbz#2203171
|
||||
|
||||
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.99.9-2
|
||||
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||
|
||||
* Mon Mar 08 2021 Attila Lakatos <alakatos@redhat.com> - 0.99.9-1
|
||||
* Thu Apr 22 2021 Attila Lakatos <alakatos@redhat.com> - 0.99.9-1
|
||||
- rebase to v0.99.9
|
||||
Resolves: rhbz#1920145
|
||||
|
||||
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.99.8-8
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
|
||||
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.99.8-7
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.99.8-6
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.99.8-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
|
||||
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.99.8-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.99.8-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||
Resolves: rhbz#1936807
|
||||
|
||||
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.99.8-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
Loading…
Reference in New Issue
Block a user