Compare commits
No commits in common. "imports/c8-beta/yajl-2.1.0-10.el8" and "c8s" have entirely different histories.
imports/c8
...
c8s
6
.gitignore
vendored
6
.gitignore
vendored
@ -1 +1,5 @@
|
|||||||
SOURCES/yajl-2.1.0.tar.gz
|
.build*.log
|
||||||
|
*.rpm
|
||||||
|
i386
|
||||||
|
x86_64
|
||||||
|
*.tar.gz
|
||||||
|
@ -1 +0,0 @@
|
|||||||
29ce2b9695ae93e1b0b349a22cea8067f25a9025 SOURCES/yajl-2.1.0.tar.gz
|
|
23
23a122eddaa28165a6c219000adcc31ff9a8a698.patch
Normal file
23
23a122eddaa28165a6c219000adcc31ff9a8a698.patch
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
From 23a122eddaa28165a6c219000adcc31ff9a8a698 Mon Sep 17 00:00:00 2001
|
||||||
|
From: "zhang.jiujiu" <282627424@qq.com>
|
||||||
|
Date: Tue, 7 Dec 2021 22:37:02 +0800
|
||||||
|
Subject: [PATCH] fix memory leaks
|
||||||
|
|
||||||
|
---
|
||||||
|
src/yajl_tree.c | 3 +++
|
||||||
|
1 file changed, 3 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/yajl_tree.c b/src/yajl_tree.c
|
||||||
|
index b9e66043..0e7bde98 100644
|
||||||
|
--- a/src/yajl_tree.c
|
||||||
|
+++ b/src/yajl_tree.c
|
||||||
|
@@ -456,6 +456,9 @@ yajl_val yajl_tree_parse (const char *input,
|
||||||
|
yajl_tree_free(v);
|
||||||
|
}
|
||||||
|
yajl_free (handle);
|
||||||
|
+ //If the requested memory is not released in time, it will cause memory leakage
|
||||||
|
+ if(ctx.root)
|
||||||
|
+ yajl_tree_free(ctx.root);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
34
3d65cb0c6db4d433e5e42ee7d91d8a04e21337cf.patch
Normal file
34
3d65cb0c6db4d433e5e42ee7d91d8a04e21337cf.patch
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
From 3d65cb0c6db4d433e5e42ee7d91d8a04e21337cf Mon Sep 17 00:00:00 2001
|
||||||
|
From: wujing <wujing50@huawei.com>
|
||||||
|
Date: Thu, 14 Feb 2019 03:12:30 +0800
|
||||||
|
Subject: [PATCH] yajl: fix memory leak problem
|
||||||
|
|
||||||
|
reason: fix memory leak problem
|
||||||
|
---
|
||||||
|
src/yajl_tree.c | 6 +++++-
|
||||||
|
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/yajl_tree.c b/src/yajl_tree.c
|
||||||
|
index 3d357a32..4b3cf2b1 100644
|
||||||
|
--- a/src/yajl_tree.c
|
||||||
|
+++ b/src/yajl_tree.c
|
||||||
|
@@ -143,7 +143,7 @@ static yajl_val context_pop(context_t *ctx)
|
||||||
|
ctx->stack = stack->next;
|
||||||
|
|
||||||
|
v = stack->value;
|
||||||
|
-
|
||||||
|
+ free (stack->key);
|
||||||
|
free (stack);
|
||||||
|
|
||||||
|
return (v);
|
||||||
|
@@ -444,6 +444,10 @@ yajl_val yajl_tree_parse (const char *input,
|
||||||
|
snprintf(error_buffer, error_buffer_size, "%s", internal_err_str);
|
||||||
|
YA_FREE(&(handle->alloc), internal_err_str);
|
||||||
|
}
|
||||||
|
+ while(ctx.stack != NULL) {
|
||||||
|
+ yajl_val v = context_pop(&ctx);
|
||||||
|
+ yajl_tree_free(v);
|
||||||
|
+ }
|
||||||
|
yajl_free (handle);
|
||||||
|
return NULL;
|
||||||
|
}
|
54
49923ccb2143e36850bcdeb781e2bcdf5ce22f15.patch
Normal file
54
49923ccb2143e36850bcdeb781e2bcdf5ce22f15.patch
Normal file
@ -0,0 +1,54 @@
|
|||||||
|
From 49923ccb2143e36850bcdeb781e2bcdf5ce22f15 Mon Sep 17 00:00:00 2001
|
||||||
|
From: John Hawthorn <john@hawthorn.email>
|
||||||
|
Date: Wed, 2 Mar 2022 14:17:59 -0800
|
||||||
|
Subject: [PATCH] Check need < buf->used
|
||||||
|
|
||||||
|
We're guaranteed a power of 2 so that this becomes 0, but we might as
|
||||||
|
well use a check for overflow that works in more cases.
|
||||||
|
|
||||||
|
Unsigned integer overflow is defined behaviour, so this should be safe.
|
||||||
|
|
||||||
|
(cherry picked from commit 36410d536b676e836637bb20574a56ebc920eb83)
|
||||||
|
---
|
||||||
|
src/yajl_buf.c | 9 +++++++--
|
||||||
|
1 file changed, 7 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/yajl_buf.c b/src/yajl_buf.c
|
||||||
|
index 1aeafde0..8bd1bea7 100644
|
||||||
|
--- a/src/yajl_buf.c
|
||||||
|
+++ b/src/yajl_buf.c
|
||||||
|
@@ -30,7 +30,7 @@ struct yajl_buf_t {
|
||||||
|
};
|
||||||
|
|
||||||
|
static
|
||||||
|
-void yajl_buf_ensure_available(yajl_buf buf, size_t want)
|
||||||
|
+int yajl_buf_ensure_available(yajl_buf buf, size_t want)
|
||||||
|
{
|
||||||
|
size_t need;
|
||||||
|
|
||||||
|
@@ -46,11 +46,15 @@ void yajl_buf_ensure_available(yajl_buf buf, size_t want)
|
||||||
|
need = buf->len;
|
||||||
|
|
||||||
|
while (want >= (need - buf->used)) need <<= 1;
|
||||||
|
+ if (need < buf->used) {
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
if (need != buf->len) {
|
||||||
|
buf->data = (unsigned char *) YA_REALLOC(buf->alloc, buf->data, need);
|
||||||
|
buf->len = need;
|
||||||
|
}
|
||||||
|
+ return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
yajl_buf yajl_buf_alloc(yajl_alloc_funcs * alloc)
|
||||||
|
@@ -70,7 +74,8 @@ void yajl_buf_free(yajl_buf buf)
|
||||||
|
|
||||||
|
void yajl_buf_append(yajl_buf buf, const void * data, size_t len)
|
||||||
|
{
|
||||||
|
- yajl_buf_ensure_available(buf, len);
|
||||||
|
+ if (yajl_buf_ensure_available(buf, len))
|
||||||
|
+ return;
|
||||||
|
if (len > 0) {
|
||||||
|
assert(data != NULL);
|
||||||
|
memcpy(buf->data + buf->used, data, len);
|
6
gating.yaml
Normal file
6
gating.yaml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
# recipients: jnovy, lsm5, santiago
|
||||||
|
--- !Policy
|
||||||
|
product_versions:
|
||||||
|
- rhel-8
|
||||||
|
decision_context: osci_compose_gate
|
||||||
|
rules: []
|
13
lloyd-yajl-2.0.4-pkgconfig-includedir.patch
Normal file
13
lloyd-yajl-2.0.4-pkgconfig-includedir.patch
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
Only in lloyd-yajl-fee1ebe.new/src: CMakeLists.txt~
|
||||||
|
diff -rup lloyd-yajl-fee1ebe.orig/src/yajl.pc.cmake lloyd-yajl-fee1ebe.new/src/yajl.pc.cmake
|
||||||
|
--- lloyd-yajl-fee1ebe.orig/src/yajl.pc.cmake 2011-12-20 00:23:22.000000000 +0000
|
||||||
|
+++ lloyd-yajl-fee1ebe.new/src/yajl.pc.cmake 2012-08-06 14:05:49.639854538 +0100
|
||||||
|
@@ -1,6 +1,6 @@
|
||||||
|
prefix=${CMAKE_INSTALL_PREFIX}
|
||||||
|
libdir=${dollar}{prefix}/lib${LIB_SUFFIX}
|
||||||
|
-includedir=${dollar}{prefix}/include/yajl
|
||||||
|
+includedir=${dollar}{prefix}/include
|
||||||
|
|
||||||
|
Name: Yet Another JSON Library
|
||||||
|
Description: A Portable JSON parsing and serialization library in ANSI C
|
||||||
|
Only in lloyd-yajl-fee1ebe.new/src: yajl.pc.cmake~
|
29
lloyd-yajl-2.0.4-pkgconfig-location.patch
Normal file
29
lloyd-yajl-2.0.4-pkgconfig-location.patch
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
diff -rup lloyd-yajl-fee1ebe.orig/src/CMakeLists.txt lloyd-yajl-fee1ebe.new/src/CMakeLists.txt
|
||||||
|
--- lloyd-yajl-fee1ebe.orig/src/CMakeLists.txt 2011-12-20 00:23:22.000000000 +0000
|
||||||
|
+++ lloyd-yajl-fee1ebe.new/src/CMakeLists.txt 2012-08-06 13:59:02.222065755 +0100
|
||||||
|
@@ -30,7 +30,7 @@ ADD_DEFINITIONS(-DYAJL_BUILD)
|
||||||
|
# set up some paths
|
||||||
|
SET (libDir ${CMAKE_CURRENT_BINARY_DIR}/../${YAJL_DIST_NAME}/lib)
|
||||||
|
SET (incDir ${CMAKE_CURRENT_BINARY_DIR}/../${YAJL_DIST_NAME}/include/yajl)
|
||||||
|
-SET (shareDir ${CMAKE_CURRENT_BINARY_DIR}/../${YAJL_DIST_NAME}/share/pkgconfig)
|
||||||
|
+SET (pkgconfigDir ${CMAKE_CURRENT_BINARY_DIR}/../${YAJL_DIST_NAME}/lib/pkgconfig)
|
||||||
|
|
||||||
|
# set the output path for libraries
|
||||||
|
SET(LIBRARY_OUTPUT_PATH ${libDir})
|
||||||
|
@@ -61,7 +61,7 @@ FILE(MAKE_DIRECTORY ${incDir})
|
||||||
|
# generate build-time source
|
||||||
|
SET(dollar $)
|
||||||
|
CONFIGURE_FILE(api/yajl_version.h.cmake ${incDir}/yajl_version.h)
|
||||||
|
-CONFIGURE_FILE(yajl.pc.cmake ${shareDir}/yajl.pc)
|
||||||
|
+CONFIGURE_FILE(yajl.pc.cmake ${pkgconfigDir}/yajl.pc)
|
||||||
|
|
||||||
|
# copy public headers to output directory
|
||||||
|
FOREACH (header ${PUB_HDRS})
|
||||||
|
@@ -82,5 +82,5 @@ IF(NOT WIN32)
|
||||||
|
INSTALL(TARGETS yajl_s ARCHIVE DESTINATION lib${LIB_SUFFIX})
|
||||||
|
INSTALL(FILES ${PUB_HDRS} DESTINATION include/yajl)
|
||||||
|
INSTALL(FILES ${incDir}/yajl_version.h DESTINATION include/yajl)
|
||||||
|
- INSTALL(FILES ${shareDir}/yajl.pc DESTINATION share/pkgconfig)
|
||||||
|
+ INSTALL(FILES ${pkgconfigDir}/yajl.pc DESTINATION lib${LIB_SUFFIX}/pkgconfig)
|
||||||
|
ENDIF()
|
||||||
|
Only in lloyd-yajl-fee1ebe.new/src: CMakeLists.txt~
|
1
sources
Normal file
1
sources
Normal file
@ -0,0 +1 @@
|
|||||||
|
SHA512 (yajl-2.1.0.tar.gz) = 9e786d080803df80ec03a9c2f447501e6e8e433a6baf636824bc1d50ecf4f5f80d7dfb1d47958aeb0a30fe459bd0ef033d41bc6a79e1dc6e6b5eade930b19b02
|
38
yajl-2.1.0-CVE-2022-24795.patch
Normal file
38
yajl-2.1.0-CVE-2022-24795.patch
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
From d3a528c788ba9e531fab91db41d3a833c54da325 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jacek Tomasiak <jacek.tomasiak@gmail.com>
|
||||||
|
Date: Thu, 12 May 2022 13:02:47 +0200
|
||||||
|
Subject: [PATCH] Fix CVE-2022-24795 (from brianmario/yajl-ruby)
|
||||||
|
|
||||||
|
The buffer reallocation could cause heap corruption because of `need`
|
||||||
|
overflow for large inputs. In addition, there's a possible infinite loop
|
||||||
|
in case `need` reaches zero.
|
||||||
|
|
||||||
|
The fix is to `abort()` if the loop ends with lower value of `need` than
|
||||||
|
when it started.
|
||||||
|
---
|
||||||
|
src/yajl_buf.c | 10 +++++++++-
|
||||||
|
1 file changed, 9 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
Index: yajl-2.1.0/src/yajl_buf.c
|
||||||
|
===================================================================
|
||||||
|
diff -up yajl-2.1.0/src/yajl_buf.c.CVE-2022-24795 yajl-2.1.0/src/yajl_buf.c
|
||||||
|
--- yajl-2.1.0/src/yajl_buf.c.CVE-2022-24795 2024-01-05 14:37:48.291676702 +0100
|
||||||
|
+++ yajl-2.1.0/src/yajl_buf.c 2024-01-05 14:38:48.088674110 +0100
|
||||||
|
@@ -45,7 +45,16 @@ int yajl_buf_ensure_available(yajl_buf b
|
||||||
|
|
||||||
|
need = buf->len;
|
||||||
|
|
||||||
|
- while (want >= (need - buf->used)) need <<= 1;
|
||||||
|
+ while (need > 0 && want >= (need - buf->used)) {
|
||||||
|
+ /* this eventually "overflows" to zero */
|
||||||
|
+ need <<= 1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /* overflow */
|
||||||
|
+ if (need < buf->len) {
|
||||||
|
+ abort();
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (need < buf->used) {
|
||||||
|
return -1;
|
||||||
|
}
|
@ -1,9 +1,11 @@
|
|||||||
|
%undefine __cmake_in_source_build
|
||||||
|
%global _vpath_builddir build
|
||||||
|
|
||||||
Name: yajl
|
Name: yajl
|
||||||
Version: 2.1.0
|
Version: 2.1.0
|
||||||
Release: 10%{?dist}
|
Release: 13%{?dist}
|
||||||
Summary: Yet Another JSON Library (YAJL)
|
Summary: Yet Another JSON Library (YAJL)
|
||||||
|
|
||||||
Group: Development/Libraries
|
|
||||||
License: ISC
|
License: ISC
|
||||||
URL: http://lloyd.github.com/yajl/
|
URL: http://lloyd.github.com/yajl/
|
||||||
|
|
||||||
@ -21,8 +23,12 @@ Patch1: %{name}-%{version}-pkgconfig-location.patch
|
|||||||
Patch2: %{name}-%{version}-pkgconfig-includedir.patch
|
Patch2: %{name}-%{version}-pkgconfig-includedir.patch
|
||||||
Patch3: %{name}-%{version}-test-location.patch
|
Patch3: %{name}-%{version}-test-location.patch
|
||||||
Patch4: %{name}-%{version}-dynlink-binaries.patch
|
Patch4: %{name}-%{version}-dynlink-binaries.patch
|
||||||
|
Patch5: https://github.com/containers/yajl/commit/49923ccb2143e36850bcdeb781e2bcdf5ce22f15.patch
|
||||||
|
Patch6: https://github.com/openEuler-BaseService/yajl/commit/3d65cb0c6db4d433e5e42ee7d91d8a04e21337cf.patch
|
||||||
|
Patch7: https://github.com/openEuler-BaseService/yajl/commit/23a122eddaa28165a6c219000adcc31ff9a8a698.patch
|
||||||
|
Patch8: yajl-2.1.0-CVE-2022-24795.patch
|
||||||
|
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
BuildRequires: gcc
|
||||||
BuildRequires: cmake
|
BuildRequires: cmake
|
||||||
|
|
||||||
%package devel
|
%package devel
|
||||||
@ -48,21 +54,21 @@ necessary for developing against the YAJL library
|
|||||||
%patch2 -p1
|
%patch2 -p1
|
||||||
%patch3 -p1
|
%patch3 -p1
|
||||||
%patch4 -p1
|
%patch4 -p1
|
||||||
|
%patch5 -p1
|
||||||
|
%patch6 -p1
|
||||||
|
%patch7 -p1
|
||||||
|
%patch8 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
# NB, we are not using upstream's 'configure'/'make'
|
# NB, we are not using upstream's 'configure'/'make'
|
||||||
# wrapper, instead we use cmake directly to better
|
# wrapper, instead we use cmake directly to better
|
||||||
# align with Fedora standards
|
# align with Fedora standards
|
||||||
mkdir build
|
%cmake
|
||||||
cd build
|
%cmake_build
|
||||||
%cmake ..
|
|
||||||
make VERBOSE=1 %{?_smp_mflags}
|
|
||||||
|
|
||||||
|
|
||||||
%install
|
%install
|
||||||
rm -rf $RPM_BUILD_ROOT
|
%cmake_install
|
||||||
cd build
|
|
||||||
make install DESTDIR=$RPM_BUILD_ROOT
|
|
||||||
|
|
||||||
|
|
||||||
# No static libraries
|
# No static libraries
|
||||||
@ -96,6 +102,18 @@ cd test
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Jan 05 2024 Jindrich Novy <jnovy@redhat.com> - 2.1.0-13
|
||||||
|
- fix CVE-2022-24795
|
||||||
|
- Related: RHEL-18753
|
||||||
|
|
||||||
|
* Wed Jul 12 2023 Jindrich Novy <jnovy@redhat.com> - 2.1.0-12
|
||||||
|
- fix CVE-2023-33460
|
||||||
|
- Resolves: #2221252
|
||||||
|
|
||||||
|
* Wed Apr 27 2022 Jindrich Novy <jnovy@redhat.com> - 2.1.0-11
|
||||||
|
- fix CVE-2022-24795
|
||||||
|
- Related: #2061390
|
||||||
|
|
||||||
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.0-10
|
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.0-10
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||||
|
|
Loading…
Reference in New Issue
Block a user