Compare commits
No commits in common. "c8s" and "imports/c8/yajl-2.1.0-12.el8" have entirely different histories.
c8s
...
imports/c8
6
.gitignore
vendored
6
.gitignore
vendored
@ -1,5 +1 @@
|
||||
.build*.log
|
||||
*.rpm
|
||||
i386
|
||||
x86_64
|
||||
*.tar.gz
|
||||
SOURCES/yajl-2.1.0.tar.gz
|
||||
|
1
.yajl.metadata
Normal file
1
.yajl.metadata
Normal file
@ -0,0 +1 @@
|
||||
29ce2b9695ae93e1b0b349a22cea8067f25a9025 SOURCES/yajl-2.1.0.tar.gz
|
@ -3,7 +3,7 @@
|
||||
|
||||
Name: yajl
|
||||
Version: 2.1.0
|
||||
Release: 13%{?dist}
|
||||
Release: 12%{?dist}
|
||||
Summary: Yet Another JSON Library (YAJL)
|
||||
|
||||
License: ISC
|
||||
@ -26,7 +26,6 @@ Patch4: %{name}-%{version}-dynlink-binaries.patch
|
||||
Patch5: https://github.com/containers/yajl/commit/49923ccb2143e36850bcdeb781e2bcdf5ce22f15.patch
|
||||
Patch6: https://github.com/openEuler-BaseService/yajl/commit/3d65cb0c6db4d433e5e42ee7d91d8a04e21337cf.patch
|
||||
Patch7: https://github.com/openEuler-BaseService/yajl/commit/23a122eddaa28165a6c219000adcc31ff9a8a698.patch
|
||||
Patch8: yajl-2.1.0-CVE-2022-24795.patch
|
||||
|
||||
BuildRequires: gcc
|
||||
BuildRequires: cmake
|
||||
@ -57,7 +56,6 @@ necessary for developing against the YAJL library
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
%patch8 -p1
|
||||
|
||||
%build
|
||||
# NB, we are not using upstream's 'configure'/'make'
|
||||
@ -102,10 +100,6 @@ cd test
|
||||
|
||||
|
||||
%changelog
|
||||
* Fri Jan 05 2024 Jindrich Novy <jnovy@redhat.com> - 2.1.0-13
|
||||
- fix CVE-2022-24795
|
||||
- Related: RHEL-18753
|
||||
|
||||
* Wed Jul 12 2023 Jindrich Novy <jnovy@redhat.com> - 2.1.0-12
|
||||
- fix CVE-2023-33460
|
||||
- Resolves: #2221252
|
@ -1,6 +0,0 @@
|
||||
# recipients: jnovy, lsm5, santiago
|
||||
--- !Policy
|
||||
product_versions:
|
||||
- rhel-8
|
||||
decision_context: osci_compose_gate
|
||||
rules: []
|
@ -1,13 +0,0 @@
|
||||
Only in lloyd-yajl-fee1ebe.new/src: CMakeLists.txt~
|
||||
diff -rup lloyd-yajl-fee1ebe.orig/src/yajl.pc.cmake lloyd-yajl-fee1ebe.new/src/yajl.pc.cmake
|
||||
--- lloyd-yajl-fee1ebe.orig/src/yajl.pc.cmake 2011-12-20 00:23:22.000000000 +0000
|
||||
+++ lloyd-yajl-fee1ebe.new/src/yajl.pc.cmake 2012-08-06 14:05:49.639854538 +0100
|
||||
@@ -1,6 +1,6 @@
|
||||
prefix=${CMAKE_INSTALL_PREFIX}
|
||||
libdir=${dollar}{prefix}/lib${LIB_SUFFIX}
|
||||
-includedir=${dollar}{prefix}/include/yajl
|
||||
+includedir=${dollar}{prefix}/include
|
||||
|
||||
Name: Yet Another JSON Library
|
||||
Description: A Portable JSON parsing and serialization library in ANSI C
|
||||
Only in lloyd-yajl-fee1ebe.new/src: yajl.pc.cmake~
|
@ -1,29 +0,0 @@
|
||||
diff -rup lloyd-yajl-fee1ebe.orig/src/CMakeLists.txt lloyd-yajl-fee1ebe.new/src/CMakeLists.txt
|
||||
--- lloyd-yajl-fee1ebe.orig/src/CMakeLists.txt 2011-12-20 00:23:22.000000000 +0000
|
||||
+++ lloyd-yajl-fee1ebe.new/src/CMakeLists.txt 2012-08-06 13:59:02.222065755 +0100
|
||||
@@ -30,7 +30,7 @@ ADD_DEFINITIONS(-DYAJL_BUILD)
|
||||
# set up some paths
|
||||
SET (libDir ${CMAKE_CURRENT_BINARY_DIR}/../${YAJL_DIST_NAME}/lib)
|
||||
SET (incDir ${CMAKE_CURRENT_BINARY_DIR}/../${YAJL_DIST_NAME}/include/yajl)
|
||||
-SET (shareDir ${CMAKE_CURRENT_BINARY_DIR}/../${YAJL_DIST_NAME}/share/pkgconfig)
|
||||
+SET (pkgconfigDir ${CMAKE_CURRENT_BINARY_DIR}/../${YAJL_DIST_NAME}/lib/pkgconfig)
|
||||
|
||||
# set the output path for libraries
|
||||
SET(LIBRARY_OUTPUT_PATH ${libDir})
|
||||
@@ -61,7 +61,7 @@ FILE(MAKE_DIRECTORY ${incDir})
|
||||
# generate build-time source
|
||||
SET(dollar $)
|
||||
CONFIGURE_FILE(api/yajl_version.h.cmake ${incDir}/yajl_version.h)
|
||||
-CONFIGURE_FILE(yajl.pc.cmake ${shareDir}/yajl.pc)
|
||||
+CONFIGURE_FILE(yajl.pc.cmake ${pkgconfigDir}/yajl.pc)
|
||||
|
||||
# copy public headers to output directory
|
||||
FOREACH (header ${PUB_HDRS})
|
||||
@@ -82,5 +82,5 @@ IF(NOT WIN32)
|
||||
INSTALL(TARGETS yajl_s ARCHIVE DESTINATION lib${LIB_SUFFIX})
|
||||
INSTALL(FILES ${PUB_HDRS} DESTINATION include/yajl)
|
||||
INSTALL(FILES ${incDir}/yajl_version.h DESTINATION include/yajl)
|
||||
- INSTALL(FILES ${shareDir}/yajl.pc DESTINATION share/pkgconfig)
|
||||
+ INSTALL(FILES ${pkgconfigDir}/yajl.pc DESTINATION lib${LIB_SUFFIX}/pkgconfig)
|
||||
ENDIF()
|
||||
Only in lloyd-yajl-fee1ebe.new/src: CMakeLists.txt~
|
1
sources
1
sources
@ -1 +0,0 @@
|
||||
SHA512 (yajl-2.1.0.tar.gz) = 9e786d080803df80ec03a9c2f447501e6e8e433a6baf636824bc1d50ecf4f5f80d7dfb1d47958aeb0a30fe459bd0ef033d41bc6a79e1dc6e6b5eade930b19b02
|
@ -1,38 +0,0 @@
|
||||
From d3a528c788ba9e531fab91db41d3a833c54da325 Mon Sep 17 00:00:00 2001
|
||||
From: Jacek Tomasiak <jacek.tomasiak@gmail.com>
|
||||
Date: Thu, 12 May 2022 13:02:47 +0200
|
||||
Subject: [PATCH] Fix CVE-2022-24795 (from brianmario/yajl-ruby)
|
||||
|
||||
The buffer reallocation could cause heap corruption because of `need`
|
||||
overflow for large inputs. In addition, there's a possible infinite loop
|
||||
in case `need` reaches zero.
|
||||
|
||||
The fix is to `abort()` if the loop ends with lower value of `need` than
|
||||
when it started.
|
||||
---
|
||||
src/yajl_buf.c | 10 +++++++++-
|
||||
1 file changed, 9 insertions(+), 1 deletion(-)
|
||||
|
||||
Index: yajl-2.1.0/src/yajl_buf.c
|
||||
===================================================================
|
||||
diff -up yajl-2.1.0/src/yajl_buf.c.CVE-2022-24795 yajl-2.1.0/src/yajl_buf.c
|
||||
--- yajl-2.1.0/src/yajl_buf.c.CVE-2022-24795 2024-01-05 14:37:48.291676702 +0100
|
||||
+++ yajl-2.1.0/src/yajl_buf.c 2024-01-05 14:38:48.088674110 +0100
|
||||
@@ -45,7 +45,16 @@ int yajl_buf_ensure_available(yajl_buf b
|
||||
|
||||
need = buf->len;
|
||||
|
||||
- while (want >= (need - buf->used)) need <<= 1;
|
||||
+ while (need > 0 && want >= (need - buf->used)) {
|
||||
+ /* this eventually "overflows" to zero */
|
||||
+ need <<= 1;
|
||||
+ }
|
||||
+
|
||||
+ /* overflow */
|
||||
+ if (need < buf->len) {
|
||||
+ abort();
|
||||
+ }
|
||||
+
|
||||
if (need < buf->used) {
|
||||
return -1;
|
||||
}
|
Loading…
Reference in New Issue
Block a user