diff --git a/49923ccb2143e36850bcdeb781e2bcdf5ce22f15.patch b/49923ccb2143e36850bcdeb781e2bcdf5ce22f15.patch new file mode 100644 index 0000000..ba077f8 --- /dev/null +++ b/49923ccb2143e36850bcdeb781e2bcdf5ce22f15.patch @@ -0,0 +1,54 @@ +From 49923ccb2143e36850bcdeb781e2bcdf5ce22f15 Mon Sep 17 00:00:00 2001 +From: John Hawthorn +Date: Wed, 2 Mar 2022 14:17:59 -0800 +Subject: [PATCH] Check need < buf->used + +We're guaranteed a power of 2 so that this becomes 0, but we might as +well use a check for overflow that works in more cases. + +Unsigned integer overflow is defined behaviour, so this should be safe. + +(cherry picked from commit 36410d536b676e836637bb20574a56ebc920eb83) +--- + src/yajl_buf.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/src/yajl_buf.c b/src/yajl_buf.c +index 1aeafde0..8bd1bea7 100644 +--- a/src/yajl_buf.c ++++ b/src/yajl_buf.c +@@ -30,7 +30,7 @@ struct yajl_buf_t { + }; + + static +-void yajl_buf_ensure_available(yajl_buf buf, size_t want) ++int yajl_buf_ensure_available(yajl_buf buf, size_t want) + { + size_t need; + +@@ -46,11 +46,15 @@ void yajl_buf_ensure_available(yajl_buf buf, size_t want) + need = buf->len; + + while (want >= (need - buf->used)) need <<= 1; ++ if (need < buf->used) { ++ return -1; ++ } + + if (need != buf->len) { + buf->data = (unsigned char *) YA_REALLOC(buf->alloc, buf->data, need); + buf->len = need; + } ++ return 0; + } + + yajl_buf yajl_buf_alloc(yajl_alloc_funcs * alloc) +@@ -70,7 +74,8 @@ void yajl_buf_free(yajl_buf buf) + + void yajl_buf_append(yajl_buf buf, const void * data, size_t len) + { +- yajl_buf_ensure_available(buf, len); ++ if (yajl_buf_ensure_available(buf, len)) ++ return; + if (len > 0) { + assert(data != NULL); + memcpy(buf->data + buf->used, data, len); diff --git a/yajl.spec b/yajl.spec index 17386ac..6c37176 100644 --- a/yajl.spec +++ b/yajl.spec @@ -1,9 +1,11 @@ +%undefine __cmake_in_source_build +%global _vpath_builddir build + Name: yajl Version: 2.1.0 -Release: 10%{?dist} +Release: 11%{?dist} Summary: Yet Another JSON Library (YAJL) -Group: Development/Libraries License: ISC URL: http://lloyd.github.com/yajl/ @@ -21,8 +23,9 @@ Patch1: %{name}-%{version}-pkgconfig-location.patch Patch2: %{name}-%{version}-pkgconfig-includedir.patch Patch3: %{name}-%{version}-test-location.patch Patch4: %{name}-%{version}-dynlink-binaries.patch +Patch5: https://github.com/containers/yajl/commit/49923ccb2143e36850bcdeb781e2bcdf5ce22f15.patch -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +BuildRequires: gcc BuildRequires: cmake %package devel @@ -48,21 +51,18 @@ necessary for developing against the YAJL library %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 %build # NB, we are not using upstream's 'configure'/'make' # wrapper, instead we use cmake directly to better # align with Fedora standards -mkdir build -cd build -%cmake .. -make VERBOSE=1 %{?_smp_mflags} +%cmake +%cmake_build %install -rm -rf $RPM_BUILD_ROOT -cd build -make install DESTDIR=$RPM_BUILD_ROOT +%cmake_install # No static libraries @@ -96,6 +96,10 @@ cd test %changelog +* Wed Apr 27 2022 Jindrich Novy - 2.1.0-11 +- fix CVE-2022-24795 +- Related: #2061390 + * Fri Feb 09 2018 Fedora Release Engineering - 2.1.0-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild