[json-c/el5] Revert "2014-12-18: Retired orphaned package, because it was orphaned for more than six weeks."
Till Maas
till at fedoraproject.org
Thu Jan 1 23:18:26 UTC 2015
commit 45facef56a129338937e0905090abbd22f8414db
Author: Till Maas <opensource at till.name>
Date: Fri Jan 2 00:18:30 2015 +0100
Revert "2014-12-18: Retired orphaned package, because it was orphaned for more than six weeks."
This reverts commit 6a0fc553594743cfce88b6266ffaa69e6a179cf8.
.gitignore | 3 +
90.patch | 28 ++
94.patch | 88 +++++
dead.package | 3 -
json-c-0.11-cflags.patch | 7 +
json-c-0.11-cve.patch | 845 ++++++++++++++++++++++++++++++++++++++++++++++
json-c.spec | 167 +++++++++
sources | 1 +
8 files changed, 1139 insertions(+), 3 deletions(-)
---
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..5618d1a
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,3 @@
+json-c.spec~
+clog
+/json-c-0.11-20130402.tar.gz
diff --git a/90.patch b/90.patch
new file mode 100644
index 0000000..8f32ecf
--- /dev/null
+++ b/90.patch
@@ -0,0 +1,28 @@
+From e9ee4ae18a9fca8c31eac44669364034658b3d51 Mon Sep 17 00:00:00 2001
+From: Remi Collet <fedora at famillecollet.com>
+Date: Thu, 13 Jun 2013 13:40:01 +0200
+Subject: [PATCH] in strick mode, number must not start with 0
+
+---
+ json_tokener.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/json_tokener.c b/json_tokener.c
+index b2b47f9..4491cec 100644
+--- a/json_tokener.c
++++ b/json_tokener.c
+@@ -611,6 +611,11 @@ struct json_object* json_tokener_parse_ex(struct json_tokener *tok,
+ int64_t num64;
+ double numd;
+ if (!tok->is_double && json_parse_int64(tok->pb->buf, &num64) == 0) {
++ if (num64 && tok->pb->buf[0]=='0' && (tok->flags & JSON_TOKENER_STRICT)) {
++ /* in strick mode, number must not start with 0 */
++ tok->err = json_tokener_error_parse_number;
++ goto out;
++ }
+ current = json_object_new_int64(num64);
+ } else if(tok->is_double && json_parse_double(tok->pb->buf, &numd) == 0) {
+ current = json_object_new_double(numd);
+--
+1.8.1.6
+
diff --git a/94.patch b/94.patch
new file mode 100644
index 0000000..f507ff0
--- /dev/null
+++ b/94.patch
@@ -0,0 +1,88 @@
+From a07ef3d19763094ab35cc009657c85bcbb9dd9ae Mon Sep 17 00:00:00 2001
+From: Remi Collet <fedora at famillecollet.com>
+Date: Tue, 6 Aug 2013 10:41:14 +0200
+Subject: [PATCH 1/3] no single-quote string in strict mode
+
+---
+ json_tokener.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/json_tokener.c b/json_tokener.c
+index a6924a1..45390ac 100644
+--- a/json_tokener.c
++++ b/json_tokener.c
+@@ -293,8 +293,13 @@ struct json_object* json_tokener_parse_ex(struct json_tokener *tok,
+ printbuf_reset(tok->pb);
+ tok->st_pos = 0;
+ goto redo_char;
+- case '"':
+ case '\'':
++ if (tok->flags & JSON_TOKENER_STRICT) {
++ /* in STRICT mode only double-quote are allowed */
++ tok->err = json_tokener_error_parse_unexpected;
++ goto out;
++ }
++ case '"':
+ state = json_tokener_state_string;
+ printbuf_reset(tok->pb);
+ tok->quote_char = c;
+--
+1.8.1.6
+
+
+From 87fa32dfe013d961ced5252ffacef0beefc8f62f Mon Sep 17 00:00:00 2001
+From: Remi Collet <fedora at famillecollet.com>
+Date: Wed, 21 Aug 2013 15:41:40 +0200
+Subject: [PATCH 2/3] no comment in strict mode
+
+---
+ json_tokener.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/json_tokener.c b/json_tokener.c
+index 45390ac..7ce53ca 100644
+--- a/json_tokener.c
++++ b/json_tokener.c
+@@ -265,7 +265,7 @@ struct json_object* json_tokener_parse_ex(struct json_tokener *tok,
+ if ((!ADVANCE_CHAR(str, tok)) || (!PEEK_CHAR(c, tok)))
+ goto out;
+ }
+- if(c == '/') {
++ if(c == '/' && !(tok->flags & JSON_TOKENER_STRICT)) {
+ printbuf_reset(tok->pb);
+ printbuf_memappend_fast(tok->pb, &c, 1);
+ state = json_tokener_state_comment_start;
+--
+1.8.1.6
+
+
+From 4039f91cab283b483094dbe59202818bb1733d66 Mon Sep 17 00:00:00 2001
+From: Remi Collet <fedora at famillecollet.com>
+Date: Fri, 23 Aug 2013 13:40:01 +0200
+Subject: [PATCH 3/3] trailing char not allowed in strict mode
+
+---
+ json_tokener.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/json_tokener.c b/json_tokener.c
+index 7ce53ca..def6e10 100644
+--- a/json_tokener.c
++++ b/json_tokener.c
+@@ -769,6 +769,13 @@ struct json_object* json_tokener_parse_ex(struct json_tokener *tok,
+ } /* while(POP_CHAR) */
+
+ out:
++ if (c &&
++ (state == json_tokener_state_finish) &&
++ (tok->depth == 0) &&
++ (tok->flags & JSON_TOKENER_STRICT)) {
++ /* unexpected char after JSON data */
++ tok->err = json_tokener_error_parse_unexpected;
++ }
+ if (!c) { /* We hit an eof char (0) */
+ if(state != json_tokener_state_finish &&
+ saved_state != json_tokener_state_finish)
+--
+1.8.1.6
+
diff --git a/json-c-0.11-cflags.patch b/json-c-0.11-cflags.patch
new file mode 100644
index 0000000..f632c2c
--- /dev/null
+++ b/json-c-0.11-cflags.patch
@@ -0,0 +1,7 @@
+diff -up json-c-json-c-0.11-20130402/Makefile.am.inc.orig json-c-json-c-0.11-20130402/Makefile.am.inc
+--- json-c-json-c-0.11-20130402/Makefile.am.inc.orig 2013-04-03 05:04:18.000000000 +0300
++++ json-c-json-c-0.11-20130402/Makefile.am.inc 2013-09-10 23:16:02.537432646 +0300
+@@ -1,2 +1,2 @@
+-AM_CFLAGS = -Wall -Werror -Wextra -Wwrite-strings -Wno-unused-parameter -std=gnu99 -D_GNU_SOURCE -D_REENTRANT
++AM_CFLAGS = -std=gnu99 -D_GNU_SOURCE -D_REENTRANT
+
diff --git a/json-c-0.11-cve.patch b/json-c-0.11-cve.patch
new file mode 100644
index 0000000..81130f2
--- /dev/null
+++ b/json-c-0.11-cve.patch
@@ -0,0 +1,845 @@
+diff -up json-c-json-c-0.11-20130402/config.h.in.cve json-c-json-c-0.11-20130402/config.h.in
+--- json-c-json-c-0.11-20130402/config.h.in.cve 2013-04-03 05:04:18.000000000 +0300
++++ json-c-json-c-0.11-20130402/config.h.in 2014-04-09 20:04:46.991239201 +0300
+@@ -1,5 +1,8 @@
+ /* config.h.in. Generated from configure.in by autoheader. */
+
++/* Enable RDRANR Hardware RNG Hash Seed */
++#undef ENABLE_RDRAND
++
+ /* Define if .gnu.warning accepts long strings. */
+ #undef HAS_GNU_WARNING_LONG
+
+@@ -9,6 +12,12 @@
+ /* Define to 1 if you don't have `vprintf' but do have `_doprnt.' */
+ #undef HAVE_DOPRNT
+
++/* Define to 1 if you have the <endian.h> header file. */
++#undef HAVE_ENDIAN_H
++
++/* Define to 1 if you have the <endian.h> header file. */
++#undef HAVE_ENDIAN_H
++
+ /* Define to 1 if you have the <fcntl.h> header file. */
+ #undef HAVE_FCNTL_H
+
+diff -up json-c-json-c-0.11-20130402/configure.in.cve json-c-json-c-0.11-20130402/configure.in
+--- json-c-json-c-0.11-20130402/configure.in.cve 2013-04-03 05:04:18.000000000 +0300
++++ json-c-json-c-0.11-20130402/configure.in 2014-04-09 20:06:13.647999321 +0300
+@@ -15,6 +15,20 @@ AC_ARG_ENABLE(oldname-compat,
+ )
+ AM_CONDITIONAL(ENABLE_OLDNAME_COMPAT, [test "x${enable_oldname_compat}" != "xno"])
+
++AC_ARG_ENABLE(rdrand,
++ AS_HELP_STRING([--enable-rdrand],
++ [Enable RDRAND Hardware RNG Hash Seed generation on supported x86/x64 platforms.]),
++ [if test x$enableval = xyes; then
++ enable_rdrand=yes
++ AC_DEFINE(ENABLE_RDRAND, 1, [Enable RDRANR Hardware RNG Hash Seed])
++ fi])
++
++if test "x$enable_rdrand" = "xyes"; then
++ AC_MSG_RESULT([RDRAND Hardware RNG Hash Seed enabled on supported x86/x64 platforms])
++else
++ AC_MSG_RESULT([RDRAND Hardware RNG Hash Seed disabled. Use --enable-rdrand to enable])
++fi
++
+ # Checks for programs.
+
+ # Checks for libraries.
+@@ -23,7 +37,7 @@ AM_CONDITIONAL(ENABLE_OLDNAME_COMPAT, [t
+ AC_CONFIG_HEADER(config.h)
+ AC_CONFIG_HEADER(json_config.h)
+ AC_HEADER_STDC
+-AC_CHECK_HEADERS(fcntl.h limits.h strings.h syslog.h unistd.h [sys/cdefs.h] [sys/param.h] stdarg.h locale.h)
++AC_CHECK_HEADERS(fcntl.h limits.h strings.h syslog.h unistd.h [sys/cdefs.h] [sys/param.h] stdarg.h locale.h endian.h)
+ AC_CHECK_HEADER(inttypes.h,[AC_DEFINE([JSON_C_HAVE_INTTYPES_H],[1],[Public define for json_inttypes.h])])
+
+ # Checks for typedefs, structures, and compiler characteristics.
+diff -up json-c-json-c-0.11-20130402/json_object.h.cve json-c-json-c-0.11-20130402/json_object.h
+--- json-c-json-c-0.11-20130402/json_object.h.cve 2013-04-03 05:04:18.000000000 +0300
++++ json-c-json-c-0.11-20130402/json_object.h 2014-04-09 19:59:46.201002788 +0300
+@@ -13,6 +13,14 @@
+ #ifndef _json_object_h_
+ #define _json_object_h_
+
++#ifdef __GNUC__
++#define THIS_FUNCTION_IS_DEPRECATED(func) func __attribute__ ((deprecated))
++#elif defined(_MSC_VER)
++#define THIS_FUNCTION_IS_DEPRECATED(func) __declspec(deprecated) func
++#else
++#define THIS_FUNCTION_IS_DEPRECATED(func) func
++#endif
++
+ #include "json_inttypes.h"
+
+ #ifdef __cplusplus
+@@ -260,8 +268,8 @@ extern void json_object_object_add(struc
+ * @returns the json_object associated with the given field name
+ * @deprecated Please use json_object_object_get_ex
+ */
+-extern struct json_object* json_object_object_get(struct json_object* obj,
+- const char *key);
++THIS_FUNCTION_IS_DEPRECATED(extern struct json_object* json_object_object_get(struct json_object* obj,
++ const char *key));
+
+ /** Get the json_object associated with a given object field.
+ *
+diff -up json-c-json-c-0.11-20130402/json_tokener.c.cve json-c-json-c-0.11-20130402/json_tokener.c
+--- json-c-json-c-0.11-20130402/json_tokener.c.cve 2014-04-09 19:59:46.197002891 +0300
++++ json-c-json-c-0.11-20130402/json_tokener.c 2014-04-09 19:59:46.202002762 +0300
+@@ -69,6 +69,7 @@ const char* json_tokener_errors[] = {
+ "object value separator ',' expected",
+ "invalid string sequence",
+ "expected comment",
++ "buffer size overflow"
+ };
+
+ const char *json_tokener_error_desc(enum json_tokener_error jerr)
+@@ -254,6 +255,16 @@ struct json_object* json_tokener_parse_e
+ tok->char_offset = 0;
+ tok->err = json_tokener_success;
+
++ /* this interface is presently not 64-bit clean due to the int len argument
++ and the internal printbuf interface that takes 32-bit int len arguments
++ so the function limits the maximum string size to INT32_MAX (2GB).
++ If the function is called with len == -1 then strlen is called to check
++ the string length is less than INT32_MAX (2GB) */
++ if ((len < -1) || (len == -1 && strlen(str) > INT32_MAX)) {
++ tok->err = json_tokener_error_size;
++ return NULL;
++ }
++
+ while (PEEK_CHAR(c, tok)) {
+
+ redo_char:
+diff -up json-c-json-c-0.11-20130402/json_tokener.h.cve json-c-json-c-0.11-20130402/json_tokener.h
+--- json-c-json-c-0.11-20130402/json_tokener.h.cve 2013-04-03 05:04:18.000000000 +0300
++++ json-c-json-c-0.11-20130402/json_tokener.h 2014-04-09 19:59:46.202002762 +0300
+@@ -33,7 +33,8 @@ enum json_tokener_error {
+ json_tokener_error_parse_object_key_sep,
+ json_tokener_error_parse_object_value_sep,
+ json_tokener_error_parse_string,
+- json_tokener_error_parse_comment
++ json_tokener_error_parse_comment,
++ json_tokener_error_size
+ };
+
+ enum json_tokener_state {
+@@ -170,6 +171,11 @@ extern void json_tokener_set_flags(struc
+ * responsible for calling json_tokener_parse_ex with an appropriate str
+ * parameter starting with the extra characters.
+ *
++ * This interface is presently not 64-bit clean due to the int len argument
++ * so the function limits the maximum string size to INT32_MAX (2GB).
++ * If the function is called with len == -1 then strlen is called to check
++ * the string length is less than INT32_MAX (2GB)
++ *
+ * Example:
+ * @code
+ json_object *jobj = NULL;
+diff -up json-c-json-c-0.11-20130402/linkhash.c.cve json-c-json-c-0.11-20130402/linkhash.c
+--- json-c-json-c-0.11-20130402/linkhash.c.cve 2013-04-03 05:04:18.000000000 +0300
++++ json-c-json-c-0.11-20130402/linkhash.c 2014-04-09 19:59:46.202002762 +0300
+@@ -17,6 +17,11 @@
+ #include <stddef.h>
+ #include <limits.h>
+
++#ifdef HAVE_ENDIAN_H
++# include <endian.h> /* attempt to define endianness */
++#endif
++
++#include "random_seed.h"
+ #include "linkhash.h"
+
+ void lh_abort(const char *msg, ...)
+@@ -39,14 +44,378 @@ int lh_ptr_equal(const void *k1, const v
+ return (k1 == k2);
+ }
+
++/*
++ * hashlittle from lookup3.c, by Bob Jenkins, May 2006, Public Domain.
++ * http://burtleburtle.net/bob/c/lookup3.c
++ * minor modifications to make functions static so no symbols are exported
++ * minor mofifications to compile with -Werror
++ */
++
++/*
++-------------------------------------------------------------------------------
++lookup3.c, by Bob Jenkins, May 2006, Public Domain.
++
++These are functions for producing 32-bit hashes for hash table lookup.
++hashword(), hashlittle(), hashlittle2(), hashbig(), mix(), and final()
++are externally useful functions. Routines to test the hash are included
++if SELF_TEST is defined. You can use this free for any purpose. It's in
++the public domain. It has no warranty.
++
++You probably want to use hashlittle(). hashlittle() and hashbig()
++hash byte arrays. hashlittle() is is faster than hashbig() on
++little-endian machines. Intel and AMD are little-endian machines.
++On second thought, you probably want hashlittle2(), which is identical to
++hashlittle() except it returns two 32-bit hashes for the price of one.
++You could implement hashbig2() if you wanted but I haven't bothered here.
++
++If you want to find a hash of, say, exactly 7 integers, do
++ a = i1; b = i2; c = i3;
++ mix(a,b,c);
++ a += i4; b += i5; c += i6;
++ mix(a,b,c);
++ a += i7;
++ final(a,b,c);
++then use c as the hash value. If you have a variable length array of
++4-byte integers to hash, use hashword(). If you have a byte array (like
++a character string), use hashlittle(). If you have several byte arrays, or
++a mix of things, see the comments above hashlittle().
++
++Why is this so big? I read 12 bytes at a time into 3 4-byte integers,
++then mix those integers. This is fast (you can do a lot more thorough
++mixing with 12*3 instructions on 3 integers than you can with 3 instructions
++on 1 byte), but shoehorning those bytes into integers efficiently is messy.
++-------------------------------------------------------------------------------
++*/
++
++/*
++ * My best guess at if you are big-endian or little-endian. This may
++ * need adjustment.
++ */
++#if (defined(__BYTE_ORDER) && defined(__LITTLE_ENDIAN) && \
++ __BYTE_ORDER == __LITTLE_ENDIAN) || \
++ (defined(i386) || defined(__i386__) || defined(__i486__) || \
++ defined(__i586__) || defined(__i686__) || defined(vax) || defined(MIPSEL))
++# define HASH_LITTLE_ENDIAN 1
++# define HASH_BIG_ENDIAN 0
++#elif (defined(__BYTE_ORDER) && defined(__BIG_ENDIAN) && \
++ __BYTE_ORDER == __BIG_ENDIAN) || \
++ (defined(sparc) || defined(POWERPC) || defined(mc68000) || defined(sel))
++# define HASH_LITTLE_ENDIAN 0
++# define HASH_BIG_ENDIAN 1
++#else
++# define HASH_LITTLE_ENDIAN 0
++# define HASH_BIG_ENDIAN 0
++#endif
++
++#define hashsize(n) ((uint32_t)1<<(n))
++#define hashmask(n) (hashsize(n)-1)
++#define rot(x,k) (((x)<<(k)) | ((x)>>(32-(k))))
++
++/*
++-------------------------------------------------------------------------------
++mix -- mix 3 32-bit values reversibly.
++
++This is reversible, so any information in (a,b,c) before mix() is
++still in (a,b,c) after mix().
++
++If four pairs of (a,b,c) inputs are run through mix(), or through
++mix() in reverse, there are at least 32 bits of the output that
++are sometimes the same for one pair and different for another pair.
++This was tested for:
++* pairs that differed by one bit, by two bits, in any combination
++ of top bits of (a,b,c), or in any combination of bottom bits of
++ (a,b,c).
++* "differ" is defined as +, -, ^, or ~^. For + and -, I transformed
++ the output delta to a Gray code (a^(a>>1)) so a string of 1's (as
++ is commonly produced by subtraction) look like a single 1-bit
++ difference.
++* the base values were pseudorandom, all zero but one bit set, or
++ all zero plus a counter that starts at zero.
++
++Some k values for my "a-=c; a^=rot(c,k); c+=b;" arrangement that
++satisfy this are
++ 4 6 8 16 19 4
++ 9 15 3 18 27 15
++ 14 9 3 7 17 3
++Well, "9 15 3 18 27 15" didn't quite get 32 bits diffing
++for "differ" defined as + with a one-bit base and a two-bit delta. I
++used http://burtleburtle.net/bob/hash/avalanche.html to choose
++the operations, constants, and arrangements of the variables.
++
++This does not achieve avalanche. There are input bits of (a,b,c)
++that fail to affect some output bits of (a,b,c), especially of a. The
++most thoroughly mixed value is c, but it doesn't really even achieve
++avalanche in c.
++
++This allows some parallelism. Read-after-writes are good at doubling
++the number of bits affected, so the goal of mixing pulls in the opposite
++direction as the goal of parallelism. I did what I could. Rotates
++seem to cost as much as shifts on every machine I could lay my hands
++on, and rotates are much kinder to the top and bottom bits, so I used
++rotates.
++-------------------------------------------------------------------------------
++*/
++#define mix(a,b,c) \
++{ \
++ a -= c; a ^= rot(c, 4); c += b; \
++ b -= a; b ^= rot(a, 6); a += c; \
++ c -= b; c ^= rot(b, 8); b += a; \
++ a -= c; a ^= rot(c,16); c += b; \
++ b -= a; b ^= rot(a,19); a += c; \
++ c -= b; c ^= rot(b, 4); b += a; \
++}
++
++/*
++-------------------------------------------------------------------------------
++final -- final mixing of 3 32-bit values (a,b,c) into c
++
++Pairs of (a,b,c) values differing in only a few bits will usually
++produce values of c that look totally different. This was tested for
++* pairs that differed by one bit, by two bits, in any combination
++ of top bits of (a,b,c), or in any combination of bottom bits of
++ (a,b,c).
++* "differ" is defined as +, -, ^, or ~^. For + and -, I transformed
++ the output delta to a Gray code (a^(a>>1)) so a string of 1's (as
++ is commonly produced by subtraction) look like a single 1-bit
++ difference.
++* the base values were pseudorandom, all zero but one bit set, or
++ all zero plus a counter that starts at zero.
++
++These constants passed:
++ 14 11 25 16 4 14 24
++ 12 14 25 16 4 14 24
++and these came close:
++ 4 8 15 26 3 22 24
++ 10 8 15 26 3 22 24
++ 11 8 15 26 3 22 24
++-------------------------------------------------------------------------------
++*/
++#define final(a,b,c) \
++{ \
++ c ^= b; c -= rot(b,14); \
++ a ^= c; a -= rot(c,11); \
++ b ^= a; b -= rot(a,25); \
++ c ^= b; c -= rot(b,16); \
++ a ^= c; a -= rot(c,4); \
++ b ^= a; b -= rot(a,14); \
++ c ^= b; c -= rot(b,24); \
++}
++
++
++/*
++-------------------------------------------------------------------------------
++hashlittle() -- hash a variable-length key into a 32-bit value
++ k : the key (the unaligned variable-length array of bytes)
++ length : the length of the key, counting by bytes
++ initval : can be any 4-byte value
++Returns a 32-bit value. Every bit of the key affects every bit of
++the return value. Two keys differing by one or two bits will have
++totally different hash values.
++
++The best hash table sizes are powers of 2. There is no need to do
++mod a prime (mod is sooo slow!). If you need less than 32 bits,
++use a bitmask. For example, if you need only 10 bits, do
++ h = (h & hashmask(10));
++In which case, the hash table should have hashsize(10) elements.
++
++If you are hashing n strings (uint8_t **)k, do it like this:
++ for (i=0, h=0; i<n; ++i) h = hashlittle( k[i], len[i], h);
++
++By Bob Jenkins, 2006. bob_jenkins at burtleburtle.net. You may use this
++code any way you wish, private, educational, or commercial. It's free.
++
++Use for hash table lookup, or anything where one collision in 2^^32 is
++acceptable. Do NOT use for cryptographic purposes.
++-------------------------------------------------------------------------------
++*/
++
++static uint32_t hashlittle( const void *key, size_t length, uint32_t initval)
++{
++ uint32_t a,b,c; /* internal state */
++ union { const void *ptr; size_t i; } u; /* needed for Mac Powerbook G4 */
++
++ /* Set up the internal state */
++ a = b = c = 0xdeadbeef + ((uint32_t)length) + initval;
++
++ u.ptr = key;
++ if (HASH_LITTLE_ENDIAN && ((u.i & 0x3) == 0)) {
++ const uint32_t *k = (const uint32_t *)key; /* read 32-bit chunks */
++
++ /*------ all but last block: aligned reads and affect 32 bits of (a,b,c) */
++ while (length > 12)
++ {
++ a += k[0];
++ b += k[1];
++ c += k[2];
++ mix(a,b,c);
++ length -= 12;
++ k += 3;
++ }
++
++ /*----------------------------- handle the last (probably partial) block */
++ /*
++ * "k[2]&0xffffff" actually reads beyond the end of the string, but
++ * then masks off the part it's not allowed to read. Because the
++ * string is aligned, the masked-off tail is in the same word as the
++ * rest of the string. Every machine with memory protection I've seen
++ * does it on word boundaries, so is OK with this. But VALGRIND will
++ * still catch it and complain. The masking trick does make the hash
++ * noticably faster for short strings (like English words).
++ */
++#ifndef VALGRIND
++
++ switch(length)
++ {
++ case 12: c+=k[2]; b+=k[1]; a+=k[0]; break;
++ case 11: c+=k[2]&0xffffff; b+=k[1]; a+=k[0]; break;
++ case 10: c+=k[2]&0xffff; b+=k[1]; a+=k[0]; break;
++ case 9 : c+=k[2]&0xff; b+=k[1]; a+=k[0]; break;
++ case 8 : b+=k[1]; a+=k[0]; break;
++ case 7 : b+=k[1]&0xffffff; a+=k[0]; break;
++ case 6 : b+=k[1]&0xffff; a+=k[0]; break;
++ case 5 : b+=k[1]&0xff; a+=k[0]; break;
++ case 4 : a+=k[0]; break;
++ case 3 : a+=k[0]&0xffffff; break;
++ case 2 : a+=k[0]&0xffff; break;
++ case 1 : a+=k[0]&0xff; break;
++ case 0 : return c; /* zero length strings require no mixing */
++ }
++
++#else /* make valgrind happy */
++
++ const uint8_t *k8 = (const uint8_t *)k;
++ switch(length)
++ {
++ case 12: c+=k[2]; b+=k[1]; a+=k[0]; break;
++ case 11: c+=((uint32_t)k8[10])<<16; /* fall through */
++ case 10: c+=((uint32_t)k8[9])<<8; /* fall through */
++ case 9 : c+=k8[8]; /* fall through */
++ case 8 : b+=k[1]; a+=k[0]; break;
++ case 7 : b+=((uint32_t)k8[6])<<16; /* fall through */
++ case 6 : b+=((uint32_t)k8[5])<<8; /* fall through */
++ case 5 : b+=k8[4]; /* fall through */
++ case 4 : a+=k[0]; break;
++ case 3 : a+=((uint32_t)k8[2])<<16; /* fall through */
++ case 2 : a+=((uint32_t)k8[1])<<8; /* fall through */
++ case 1 : a+=k8[0]; break;
++ case 0 : return c;
++ }
++
++#endif /* !valgrind */
++
++ } else if (HASH_LITTLE_ENDIAN && ((u.i & 0x1) == 0)) {
++ const uint16_t *k = (const uint16_t *)key; /* read 16-bit chunks */
++ const uint8_t *k8;
++
++ /*--------------- all but last block: aligned reads and different mixing */
++ while (length > 12)
++ {
++ a += k[0] + (((uint32_t)k[1])<<16);
++ b += k[2] + (((uint32_t)k[3])<<16);
++ c += k[4] + (((uint32_t)k[5])<<16);
++ mix(a,b,c);
++ length -= 12;
++ k += 6;
++ }
++
++ /*----------------------------- handle the last (probably partial) block */
++ k8 = (const uint8_t *)k;
++ switch(length)
++ {
++ case 12: c+=k[4]+(((uint32_t)k[5])<<16);
++ b+=k[2]+(((uint32_t)k[3])<<16);
++ a+=k[0]+(((uint32_t)k[1])<<16);
++ break;
++ case 11: c+=((uint32_t)k8[10])<<16; /* fall through */
++ case 10: c+=k[4];
++ b+=k[2]+(((uint32_t)k[3])<<16);
++ a+=k[0]+(((uint32_t)k[1])<<16);
++ break;
++ case 9 : c+=k8[8]; /* fall through */
++ case 8 : b+=k[2]+(((uint32_t)k[3])<<16);
++ a+=k[0]+(((uint32_t)k[1])<<16);
++ break;
++ case 7 : b+=((uint32_t)k8[6])<<16; /* fall through */
++ case 6 : b+=k[2];
++ a+=k[0]+(((uint32_t)k[1])<<16);
++ break;
++ case 5 : b+=k8[4]; /* fall through */
++ case 4 : a+=k[0]+(((uint32_t)k[1])<<16);
++ break;
++ case 3 : a+=((uint32_t)k8[2])<<16; /* fall through */
++ case 2 : a+=k[0];
++ break;
++ case 1 : a+=k8[0];
++ break;
++ case 0 : return c; /* zero length requires no mixing */
++ }
++
++ } else { /* need to read the key one byte at a time */
++ const uint8_t *k = (const uint8_t *)key;
++
++ /*--------------- all but the last block: affect some 32 bits of (a,b,c) */
++ while (length > 12)
++ {
++ a += k[0];
++ a += ((uint32_t)k[1])<<8;
++ a += ((uint32_t)k[2])<<16;
++ a += ((uint32_t)k[3])<<24;
++ b += k[4];
++ b += ((uint32_t)k[5])<<8;
++ b += ((uint32_t)k[6])<<16;
++ b += ((uint32_t)k[7])<<24;
++ c += k[8];
++ c += ((uint32_t)k[9])<<8;
++ c += ((uint32_t)k[10])<<16;
++ c += ((uint32_t)k[11])<<24;
++ mix(a,b,c);
++ length -= 12;
++ k += 12;
++ }
++
++ /*-------------------------------- last block: affect all 32 bits of (c) */
++ switch(length) /* all the case statements fall through */
++ {
++ case 12: c+=((uint32_t)k[11])<<24;
++ case 11: c+=((uint32_t)k[10])<<16;
++ case 10: c+=((uint32_t)k[9])<<8;
++ case 9 : c+=k[8];
++ case 8 : b+=((uint32_t)k[7])<<24;
++ case 7 : b+=((uint32_t)k[6])<<16;
++ case 6 : b+=((uint32_t)k[5])<<8;
++ case 5 : b+=k[4];
++ case 4 : a+=((uint32_t)k[3])<<24;
++ case 3 : a+=((uint32_t)k[2])<<16;
++ case 2 : a+=((uint32_t)k[1])<<8;
++ case 1 : a+=k[0];
++ break;
++ case 0 : return c;
++ }
++ }
++
++ final(a,b,c);
++ return c;
++}
++
+ unsigned long lh_char_hash(const void *k)
+ {
+- unsigned int h = 0;
+- const char* data = (const char*)k;
+-
+- while( *data!=0 ) h = h*129 + (unsigned int)(*data++) + LH_PRIME;
++ static volatile int random_seed = -1;
++
++ if (random_seed == -1) {
++ int seed;
++ /* we can't use -1 as it is the unitialized sentinel */
++ while ((seed = json_c_get_random_seed()) == -1);
++#if defined __GNUC__
++ __sync_val_compare_and_swap(&random_seed, -1, seed);
++#elif defined _MSC_VER
++ InterlockedCompareExchange(&random_seed, seed, -1);
++#else
++#warning "racy random seed initializtion if used by multiple threads"
++ random_seed = seed; /* potentially racy */
++#endif
++ }
+
+- return h;
++ return hashlittle((const char*)k, strlen((const char*)k), random_seed);
+ }
+
+ int lh_char_equal(const void *k1, const void *k2)
+diff -up json-c-json-c-0.11-20130402/linkhash.h.cve json-c-json-c-0.11-20130402/linkhash.h
+--- json-c-json-c-0.11-20130402/linkhash.h.cve 2013-04-03 05:04:18.000000000 +0300
++++ json-c-json-c-0.11-20130402/linkhash.h 2014-04-09 19:59:46.202002762 +0300
+@@ -246,7 +246,7 @@ extern struct lh_entry* lh_table_lookup_
+ * @return a pointer to the found value or NULL if it does not exist.
+ * @deprecated Use lh_table_lookup_ex instead.
+ */
+-extern const void* lh_table_lookup(struct lh_table *t, const void *k);
++THIS_FUNCTION_IS_DEPRECATED(extern const void* lh_table_lookup(struct lh_table *t, const void *k));
+
+ /**
+ * Lookup a record in the table
+diff -up json-c-json-c-0.11-20130402/Makefile.am.cve json-c-json-c-0.11-20130402/Makefile.am
+--- json-c-json-c-0.11-20130402/Makefile.am.cve 2013-04-03 05:04:18.000000000 +0300
++++ json-c-json-c-0.11-20130402/Makefile.am 2014-04-09 19:59:46.200002814 +0300
+@@ -29,7 +29,8 @@ libjson_cinclude_HEADERS = \
+ json_tokener.h \
+ json_util.h \
+ linkhash.h \
+- printbuf.h
++ printbuf.h \
++ random_seed.h
+
+ #libjsonx_includedir = $(libdir)/json-c- at VERSION@
+ #
+@@ -55,7 +56,8 @@ libjson_c_la_SOURCES = \
+ json_tokener.c \
+ json_util.c \
+ linkhash.c \
+- printbuf.c
++ printbuf.c \
++ random_seed.c
+
+
+ distclean-local:
+diff -up json-c-json-c-0.11-20130402/Makefile.am.inc.cve json-c-json-c-0.11-20130402/Makefile.am.inc
+diff -up json-c-json-c-0.11-20130402/random_seed.c.cve json-c-json-c-0.11-20130402/random_seed.c
+--- json-c-json-c-0.11-20130402/random_seed.c.cve 2014-04-09 19:59:46.203002736 +0300
++++ json-c-json-c-0.11-20130402/random_seed.c 2014-04-09 19:59:46.202002762 +0300
+@@ -0,0 +1,237 @@
++/*
++ * random_seed.c
++ *
++ * Copyright (c) 2013 Metaparadigm Pte. Ltd.
++ * Michael Clark <michael at metaparadigm.com>
++ *
++ * This library is free software; you can redistribute it and/or modify
++ * it under the terms of the MIT license. See COPYING for details.
++ *
++ */
++
++#include <stdio.h>
++#include "config.h"
++
++#define DEBUG_SEED(s)
++
++
++#if defined ENABLE_RDRAND
++
++/* cpuid */
++
++#if defined __GNUC__ && (defined __i386__ || defined __x86_64__)
++#define HAS_X86_CPUID 1
++
++static void do_cpuid(int regs[], int h)
++{
++ __asm__ __volatile__(
++#if defined __x86_64__
++ "pushq %%rbx;\n"
++#else
++ "pushl %%ebx;\n"
++#endif
++ "cpuid;\n"
++#if defined __x86_64__
++ "popq %%rbx;\n"
++#else
++ "popl %%ebx;\n"
++#endif
++ : "=a"(regs[0]), [ebx] "=r"(regs[1]), "=c"(regs[2]), "=d"(regs[3])
++ : "a"(h));
++}
++
++#elif defined _MSC_VER
++
++#define HAS_X86_CPUID 1
++#define do_cpuid __cpuid
++
++#endif
++
++/* has_rdrand */
++
++#if HAS_X86_CPUID
++
++static int has_rdrand()
++{
++ // CPUID.01H:ECX.RDRAND[bit 30] == 1
++ int regs[4];
++ do_cpuid(regs, 1);
++ return (regs[2] & (1 << 30)) != 0;
++}
++
++#endif
++
++/* get_rdrand_seed - GCC x86 and X64 */
++
++#if defined __GNUC__ && (defined __i386__ || defined __x86_64__)
++
++#define HAVE_RDRAND 1
++
++static int get_rdrand_seed()
++{
++ DEBUG_SEED("get_rdrand_seed");
++ int _eax;
++ // rdrand eax
++ __asm__ __volatile__("1: .byte 0x0F\n"
++ " .byte 0xC7\n"
++ " .byte 0xF0\n"
++ " jnc 1b;\n"
++ : "=a" (_eax));
++ return _eax;
++}
++
++#endif
++
++#if defined _MSC_VER
++
++#if _MSC_VER >= 1700
++#define HAVE_RDRAND 1
++
++/* get_rdrand_seed - Visual Studio 2012 and above */
++
++static int get_rdrand_seed()
++{
++ DEBUG_SEED("get_rdrand_seed");
++ int r;
++ while (_rdrand32_step(&r) == 0);
++ return r;
++}
++
++#elif defined _M_IX86
++#define HAVE_RDRAND 1
++
++/* get_rdrand_seed - Visual Studio 2010 and below - x86 only */
++
++static int get_rdrand_seed()
++{
++ DEBUG_SEED("get_rdrand_seed");
++ int _eax;
++retry:
++ // rdrand eax
++ __asm _emit 0x0F __asm _emit 0xC7 __asm _emit 0xF0
++ __asm jnc retry
++ __asm mov _eax, eax
++ return _eax;
++}
++
++#endif
++#endif
++
++#endif /* defined ENABLE_RDRAND */
++
++
++/* has_dev_urandom */
++
++#if defined (__APPLE__) || defined(__unix__) || defined(__linux__)
++
++#include <string.h>
++#include <fcntl.h>
++#include <unistd.h>
++#include <errno.h>
++#include <stdlib.h>
++#include <sys/stat.h>
++
++#define HAVE_DEV_RANDOM 1
++
++static const char *dev_random_file = "/dev/urandom";
++
++static int has_dev_urandom()
++{
++ struct stat buf;
++ if (stat(dev_random_file, &buf)) {
++ return 0;
++ }
++ return ((buf.st_mode & S_IFCHR) != 0);
++}
++
++
++/* get_dev_random_seed */
++
++static int get_dev_random_seed()
++{
++ DEBUG_SEED("get_dev_random_seed");
++
++ int fd = open(dev_random_file, O_RDONLY);
++ if (fd < 0) {
++ fprintf(stderr, "error opening %s: %s", dev_random_file, strerror(errno));
++ exit(1);
++ }
++
++ int r;
++ ssize_t nread = read(fd, &r, sizeof(r));
++ if (nread != sizeof(r)) {
++ fprintf(stderr, "error read %s: %s", dev_random_file, strerror(errno));
++ exit(1);
++ }
++ else if (nread != sizeof(r)) {
++ fprintf(stderr, "error short read %s", dev_random_file);
++ exit(1);
++ }
++ close(fd);
++ return r;
++}
++
++#endif
++
++
++/* get_cryptgenrandom_seed */
++
++#ifdef WIN32
++
++#define HAVE_CRYPTGENRANDOM 1
++
++#include <windows.h>
++#pragma comment(lib, "advapi32.lib")
++
++static int get_cryptgenrandom_seed()
++{
++ DEBUG_SEED("get_cryptgenrandom_seed");
++
++ HCRYPTPROV hProvider = 0;
++ int r;
++
++ if (!CryptAcquireContextW(&hProvider, 0, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
++ fprintf(stderr, "error CryptAcquireContextW");
++ exit(1);
++ }
++
++ if (!CryptGenRandom(hProvider, sizeof(r), (BYTE*)&r)) {
++ fprintf(stderr, "error CryptGenRandom");
++ exit(1);
++ }
++
++ CryptReleaseContext(hProvider, 0);
++
++ return r;
++}
++
++#endif
++
++
++/* get_time_seed */
++
++#include <time.h>
++
++static int get_time_seed()
++{
++ DEBUG_SEED("get_time_seed");
++
++ return (int)time(NULL) * 433494437;
++}
++
++
++/* json_c_get_random_seed */
++
++int json_c_get_random_seed()
++{
++#if HAVE_RDRAND
++ if (has_rdrand()) return get_rdrand_seed();
++#endif
++#if HAVE_DEV_RANDOM
++ if (has_dev_urandom()) return get_dev_random_seed();
++#endif
++#if HAVE_CRYPTGENRANDOM
++ return get_cryptgenrandom_seed();
++#endif
++ return get_time_seed();
++}
+diff -up json-c-json-c-0.11-20130402/random_seed.h.cve json-c-json-c-0.11-20130402/random_seed.h
+--- json-c-json-c-0.11-20130402/random_seed.h.cve 2014-04-09 19:59:46.203002736 +0300
++++ json-c-json-c-0.11-20130402/random_seed.h 2014-04-09 19:59:46.203002736 +0300
+@@ -0,0 +1,25 @@
++/*
++ * random_seed.h
++ *
++ * Copyright (c) 2013 Metaparadigm Pte. Ltd.
++ * Michael Clark <michael at metaparadigm.com>
++ *
++ * This library is free software; you can redistribute it and/or modify
++ * it under the terms of the MIT license. See COPYING for details.
++ *
++ */
++
++#ifndef seed_h
++#define seed_h
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++extern int json_c_get_random_seed();
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif
diff --git a/json-c.spec b/json-c.spec
new file mode 100644
index 0000000..83c8272
--- /dev/null
+++ b/json-c.spec
@@ -0,0 +1,167 @@
+%global reldate 20130402
+
+Name: json-c
+Version: 0.11
+Release: 6%{?dist}
+Summary: A JSON implementation in C
+Group: Development/Libraries
+License: MIT
+URL: https://github.com/json-c/json-c/wiki
+Source0: https://github.com/json-c/json-c/archive/json-c-%{version}-%{reldate}.tar.gz
+
+# increaser parser strictness (for php compatibility)
+Patch0: https://github.com/json-c/json-c/pull/90.patch
+Patch1: https://github.com/json-c/json-c/pull/94.patch
+
+# Disable default compiler warning flags
+Patch2: json-c-0.11-cflags.patch
+
+# Fix CVE issues CVE-2013-6370 and CVE-2013-6371, patch backported from upstream
+Patch3: json-c-0.11-cve.patch
+
+BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
+BuildRequires: libtool autoconf
+
+%description
+JSON-C implements a reference counting object model that allows you to easily
+construct JSON objects in C, output them as JSON formatted strings and parse
+JSON formatted strings back into the C representation of JSON objects.
+
+%package devel
+Summary: Development headers and library for json-c
+Group: Development/Libraries
+Requires: %{name} = %{version}-%{release}
+Requires: pkgconfig
+
+%description devel
+This package contains the development headers and library for json-c.
+
+
+%package doc
+Summary: Reference manual for json-c
+Group: Documentation
+%if 0%{?fedora} > 10 || 0%{?rhel}>5
+BuildArch: noarch
+%endif
+
+%description doc
+This package contains the reference manual for json-c.
+
+%prep
+%setup -q -n json-c-json-c-%{version}-%{reldate}
+
+%patch0 -p1 -b .strict90
+%patch1 -p1 -b .strict94
+%patch2 -p1 -b .cflags
+%patch3 -p1 -b .cve
+
+# regenerate auto stuff to avoid rpath issue and cve stuff
+autoreconf -fi
+
+for doc in ChangeLog; do
+ iconv -f iso-8859-1 -t utf8 $doc > $doc.new &&
+ touch -r $doc $doc.new &&
+ mv $doc.new $doc
+done
+
+
+%build
+%configure --enable-shared --disable-static --disable-rpath --enable-rdrand
+# parallel build is broken for now, make %{?_smp_mflags}
+make
+
+%install
+rm -rf %{buildroot}
+make install DESTDIR=%{buildroot}
+
+# Get rid of la files
+rm -rf %{buildroot}%{_libdir}/*.la
+
+# yum cannot replace a dir by a link
+# so switch the dir names
+rm %{buildroot}%{_includedir}/json
+mv %{buildroot}%{_includedir}/json-c \
+ %{buildroot}%{_includedir}/json
+ln -s json \
+ %{buildroot}%{_includedir}/json-c
+
+%check
+make check
+
+%clean
+rm -rf %{buildroot}
+
+
+%post -p /sbin/ldconfig
+%postun -p /sbin/ldconfig
+
+
+%files
+%defattr(-,root,root,-)
+%doc AUTHORS ChangeLog COPYING README README.html
+%{_libdir}/libjson.so.*
+%{_libdir}/libjson-c.so.*
+
+%files devel
+%defattr(-,root,root,-)
+%{_includedir}/json
+%{_includedir}/json-c
+%{_libdir}/libjson.so
+%{_libdir}/libjson-c.so
+%{_libdir}/pkgconfig/json.pc
+%{_libdir}/pkgconfig/json-c.pc
+
+%files doc
+%defattr(-,root,root,-)
+%doc doc/html/*
+
+
+%changelog
+* Wed Apr 09 2014 Susi Lehtola <jussilehtola at fedoraproject.org> - 0.11-7
+- Address CVE-2013-6371 and CVE-2013-6370 (BZ #1085676 and #1085677).
+- Enabled rdrand support.
+
+* Mon Feb 10 2014 Susi Lehtola <jussilehtola at fedoraproject.org> - 0.11-6
+- Bump spec.
+
+* Sat Dec 21 2013 Ville Skyttä <ville.skytta at iki.fi> - 0.11-5
+- Run test suite during build.
+- Drop empty NEWS from docs.
+
+* Tue Sep 10 2013 Susi Lehtola <jussilehtola at fedoraproject.org> - 0.11-4
+- Remove default warning flags so that package builds on EPEL as well.
+
+* Sat Aug 24 2013 Remi Collet <remi at fedoraproject.org> - 0.11-3
+- increase parser strictness for php
+
+* Sat Aug 03 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.11-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Mon Apr 29 2013 Remi Collet <remi at fedoraproject.org> - 0.11-1
+- update to 0.11
+- fix source0
+- enable both json and json-c libraries
+
+* Thu Feb 14 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.10-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Sat Nov 24 2012 Jussi Lehtola <jussilehtola at fedoraproject.org> - 0.10-2
+- Compile and install json_object_iterator using Remi Collet's fix (BZ #879771).
+
+* Sat Nov 24 2012 Jussi Lehtola <jussilehtola at fedoraproject.org> - 0.10-1
+- Update to 0.10 (BZ #879771).
+
+* Thu Jul 19 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.9-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Mon Jan 23 2012 Jiri Pirko <jpirko at redhat.com> - 0.9-4
+- add json_tokener_parse_verbose, and return NULL on parser errors
+
+* Fri Jan 13 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.9-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Wed Feb 09 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.9-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Tue Apr 06 2010 Jussi Lehtola <jussilehtola at fedoraproject.org> - 0.9-1
+- First release.
diff --git a/sources b/sources
new file mode 100644
index 0000000..35a0559
--- /dev/null
+++ b/sources
@@ -0,0 +1 @@
+7013b2471a507942eb8ed72a5d872d16 json-c-0.11-20130402.tar.gz
More information about the scm-commits
mailing list