FreeBSD Bugzilla – Attachment 214481 Details for
Bug 246145
devel/json-c: Update to 0.14
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for json-c v4
0001-json-c.patch (text/plain), 17.37 KB, created by
Daniel Engberg
on 2020-05-14 09:51:14 UTC
(
hide
)
Description:
Patch for json-c v4
Filename:
MIME Type:
Creator:
Daniel Engberg
Created:
2020-05-14 09:51:14 UTC
Size:
17.37 KB
patch
obsolete
>From 463fa29db60e98baa6db798c45bf502ef620635b Mon Sep 17 00:00:00 2001 >From: Daniel Engberg <daniel.engberg.lists@pyret.net> >Date: Thu, 14 May 2020 11:47:52 +0200 >Subject: [PATCH] json-c > >json-c > >Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> >--- > devel/json-c/Makefile | 23 +-- > devel/json-c/distinfo | 6 +- > devel/json-c/files/patch-CMakeLists.txt | 92 ++++++++++++ > devel/json-c/files/patch-cmake-configure | 91 ++++++++++++ > devel/json-c/files/patch-cmake_config.h.in | 27 ++++ > devel/json-c/files/patch-cve-2020-12762 | 155 ++++++++++++++++++++ > devel/json-c/files/patch-json_object.c | 14 -- > devel/json-c/files/patch-tests-test_parse.c | 17 --- > devel/json-c/pkg-plist | 9 +- > 9 files changed, 387 insertions(+), 47 deletions(-) > create mode 100644 devel/json-c/files/patch-CMakeLists.txt > create mode 100644 devel/json-c/files/patch-cmake-configure > create mode 100644 devel/json-c/files/patch-cmake_config.h.in > create mode 100644 devel/json-c/files/patch-cve-2020-12762 > delete mode 100644 devel/json-c/files/patch-json_object.c > delete mode 100644 devel/json-c/files/patch-tests-test_parse.c > >diff --git a/devel/json-c/Makefile b/devel/json-c/Makefile >index 896989ad4330..03db1d98caca 100644 >--- a/devel/json-c/Makefile >+++ b/devel/json-c/Makefile >@@ -2,11 +2,10 @@ > # $FreeBSD$ > > PORTNAME= json-c >-PORTVERSION= 0.13.1 >-PORTREVISION= 1 >+PORTVERSION= 0.14 > CATEGORIES= devel > MASTER_SITES= https://s3.amazonaws.com/json-c_releases/releases/ \ >- LOCAL/sunpoet >+ https://ftp.osuosl.org/pub/blfs/conglomeration/jsonc/ > > MAINTAINER= sunpoet@FreeBSD.org > COMMENT= JSON (JavaScript Object Notation) implementation in C >@@ -14,19 +13,23 @@ COMMENT= JSON (JavaScript Object Notation) implementation in C > LICENSE= MIT > LICENSE_FILE= ${WRKSRC}/COPYING > >-USES= autoreconf compiler:c11 cpe libtool pathfix pkgconfig >+USES= cmake compiler:c11 cpe > >-GNU_CONFIGURE= yes >-INSTALL_TARGET= install-strip >-TEST_TARGET= check >-USE_LDCONFIG= yes >+TEST_TARGET= test > > CPE_VENDOR= json-c_project > >-post-patch: >- @${REINPLACE_CMD} -e 's| -Werror||g' ${WRKSRC}/Makefile.in >+OPTIONS_DEFINE= TEST >+TEST_CMAKE_BOOL= BUILD_TESTING >+ >+.include <bsd.port.options.mk> >+.if ! ${PORT_OPTIONS:MSTATIC} >+USE_LDCONFIG= yes >+.endif > > post-install: > ${INSTALL_DATA} ${WRKSRC}/json_object_private.h ${STAGEDIR}${PREFIX}/include/json-c/ >+ # Reference: https://github.com/json-c/json-c/pull/585 >+ ${RM} ${STAGEDIR}${PREFIX}/include/json-c/config.h > > .include <bsd.port.mk> >diff --git a/devel/json-c/distinfo b/devel/json-c/distinfo >index 12ac290180a9..352b87b6e3d6 100644 >--- a/devel/json-c/distinfo >+++ b/devel/json-c/distinfo >@@ -1,3 +1,3 @@ >-TIMESTAMP = 1520527097 >-SHA256 (json-c-0.13.1.tar.gz) = b87e608d4d3f7bfdd36ef78d56d53c74e66ab278d318b71e6002a369d36f4873 >-SIZE (json-c-0.13.1.tar.gz) = 639425 >+TIMESTAMP = 1588452653 >+SHA256 (json-c-0.14.tar.gz) = b377de08c9b23ca3b37d9a9828107dff1de5ce208ff4ebb35005a794f30c6870 >+SIZE (json-c-0.14.tar.gz) = 321677 >diff --git a/devel/json-c/files/patch-CMakeLists.txt b/devel/json-c/files/patch-CMakeLists.txt >new file mode 100644 >index 000000000000..7081ebe35ef3 >--- /dev/null >+++ b/devel/json-c/files/patch-CMakeLists.txt >@@ -0,0 +1,92 @@ >+--- CMakeLists.txt.orig 2020-05-14 09:41:45 UTC >++++ CMakeLists.txt >+@@ -7,7 +7,7 @@ if(POLICY CMP0048) >+ endif() >+ >+ # JSON-C library is C only project. >+-project(json-c LANGUAGES C VERSION 0.14) >++project(json-c LANGUAGES C VERSION 0.14.99) >+ >+ # If we've got 3.0 then it's good, let's provide support. Otherwise, leave it be. >+ if(POLICY CMP0038) >+@@ -65,6 +65,7 @@ include(GNUInstallDirs) >+ include(CMakePackageConfigHelpers) >+ >+ option(BUILD_SHARED_LIBS "Default to building shared libraries" ON) >++option(BUILD_STATIC_LIBS "Default to building static libraries" ON) >+ >+ # Generate a release merge and test it to verify the correctness of republishing the package. >+ ADD_CUSTOM_TARGET(distcheck >+@@ -108,6 +109,7 @@ check_include_files("stdlib.h;stdarg.h;string.h;float. >+ >+ check_include_file(unistd.h HAVE_UNISTD_H) >+ check_include_file(sys/types.h HAVE_SYS_TYPES_H) >++check_include_file(sys/resource.h HAVE_SYS_RESOURCE_H) # for getrusage >+ >+ check_include_file("dlfcn.h" HAVE_DLFCN_H) >+ check_include_file("endian.h" HAVE_ENDIAN_H) >+@@ -165,6 +167,9 @@ endif() >+ if (HAVE_SYSLOG_H) >+ check_symbol_exists(vsyslog "syslog.h" HAVE_VSYSLOG) >+ endif() >++if (HAVE_SYS_RESOURCE_H) >++ check_symbol_exists(getrusage "sys/resource.h" HAVE_GETRUSAGE) >++endif() >+ >+ check_symbol_exists(strtoll "stdlib.h" HAVE_STRTOLL) >+ check_symbol_exists(strtoull "stdlib.h" HAVE_STRTOULL) >+@@ -299,7 +304,7 @@ if ($ENV{VALGRIND}) >+ endif() >+ >+ set(JSON_C_PUBLIC_HEADERS >+- ${PROJECT_BINARY_DIR}/config.h >++ # Note: config.h is _not_ included here >+ ${PROJECT_BINARY_DIR}/json_config.h >+ >+ ${PROJECT_SOURCE_DIR}/json.h >+@@ -383,7 +388,7 @@ add_library(${PROJECT_NAME} >+ set_target_properties(${PROJECT_NAME} PROPERTIES >+ VERSION 5.0.0 >+ SOVERSION 5) >+- >++list(APPEND CMAKE_TARGETS ${PROJECT_NAME}) >+ # If json-c is used as subroject it set to target correct interface -I flags and allow >+ # to build external target without extra include_directories(...) >+ target_include_directories(${PROJECT_NAME} >+@@ -392,7 +397,35 @@ target_include_directories(${PROJECT_NAME} >+ $<BUILD_INTERFACE:${PROJECT_BINARY_DIR}> >+ ) >+ >+-install(TARGETS ${PROJECT_NAME} >++# Allow to build static and shared libraries at the same time >++if (BUILD_STATIC_LIBS AND BUILD_SHARED_LIBS) >++ set(STATIC_LIB ${PROJECT_NAME}-static) >++ add_library(${STATIC_LIB} STATIC >++ ${JSON_C_SOURCES} >++ ${JSON_C_HEADERS} >++ ) >++ >++ # rename the static library >++ if (NOT MSVC) >++ set_target_properties(${STATIC_LIB} PROPERTIES >++ OUTPUT_NAME ${PROJECT_NAME} >++ ) >++ endif() >++ list(APPEND CMAKE_TARGETS ${STATIC_LIB}) >++endif () >++ >++# Always create new install dirs with 0755 permissions, regardless of umask >++set(CMAKE_INSTALL_DEFAULT_DIRECTORY_PERMISSIONS >++ OWNER_READ >++ OWNER_WRITE >++ OWNER_EXECUTE >++ GROUP_READ >++ GROUP_EXECUTE >++ WORLD_READ >++ WORLD_EXECUTE >++ ) >++ >++install(TARGETS ${CMAKE_TARGETS} >+ EXPORT ${PROJECT_NAME}-targets >+ RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR} >+ LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} >diff --git a/devel/json-c/files/patch-cmake-configure b/devel/json-c/files/patch-cmake-configure >new file mode 100644 >index 000000000000..ab0c6e4c32cf >--- /dev/null >+++ b/devel/json-c/files/patch-cmake-configure >@@ -0,0 +1,91 @@ >+--- cmake-configure.orig 2020-05-14 09:42:45 UTC >++++ cmake-configure >+@@ -1,87 +1 @@ >+-#!/bin/bash >+- >+-# Wrapper around cmake to emulate useful options >+-# from the previous autoconf-based configure script. >+- >+-RUNDIR=$(dirname "$0") >+-RUNDIR=$(cd "$RUNDIR" && pwd) >+-CURDIR=$(pwd) >+- >+-FLAGS=() >+- >+-usage() >+-{ >+- exitval="$1" >+- errmsg="$2" >+- >+- if [ $exitval -ne 0 ] ; then >+- exec 1>&2 >+- fi >+- if [ ! -z "$errmsg" ] ; then >+- echo "ERROR: $errmsg" 1>&2 >+- fi >+- cat <<EOF >+-$0 [<configure_options>] [-- [<cmake options>]] >+- --prefix=PREFIX install architecture-independent files in PREFIX >+- --enable-threading Enable code to support partly multi-threaded use >+- --enable-rdrand Enable RDRAND Hardware RNG Hash Seed generation on >+- supported x86/x64 platforms. >+- --enable-shared build shared libraries [default=yes] >+- --enable-static build static libraries [default=yes] >+- --disable-Bsymbolic Avoid linking with -Bsymbolic-function >+- --disable-werror Avoid treating compiler warnings as fatal errors >+- >+-EOF >+- exit >+-} >+- >+-if [ "$CURDIR" = "$RUNDIR" ] ; then >+- usage 1 "Please mkdir some other build directory, and run this script from there." >+-fi >+- >+-if ! cmake --version ; then >+- usage 1 "Unable to find a working cmake, please be sure you have it installed and on your PATH" >+-fi >+- >+-while [ $# -gt 0 ] ; do >+- case "$1" in >+- -h|--help) >+- usage 0 >+- ;; >+- --prefix) >+- FLAGS+=(-DCMAKE_INSTALL_PREFIX="$2") >+- shift >+- ;; >+- --enable-threading) >+- FLAGS+=(-DENABLE_THREADING=ON) >+- ;; >+- --enable-rdrand) >+- FLAGS+=(-DENABLE_RDRAND=ON) >+- ;; >+- --enable-shared) >+- FLAGS+=(-DBUILD_SHARED_LIBS=ON) >+- ;; >+- --enable-static) >+- FLAGS+=(-DBUILD_SHARED_LIBS=OFF) >+- ;; >+- --disable-Bsymbolic) >+- FLAGS+=(-DDISABLE_BSYMBOLIC=ON) >+- ;; >+- --disable-werror) >+- FLAGS+=(-DDISABLE_WERROR=ON) >+- ;; >+- --) >+- shift >+- break >+- ;; >+- -*) >+- usage 1 "Unknown arguments: $*" >+- ;; >+- *) >+- break >+- ;; >+- esac >+- shift >+-done >+- >+-exec cmake "${FLAGS[@]}" "$@" "${RUNDIR}" >++cmake-configure >diff --git a/devel/json-c/files/patch-cmake_config.h.in b/devel/json-c/files/patch-cmake_config.h.in >new file mode 100644 >index 000000000000..57258c5f0ddd >--- /dev/null >+++ b/devel/json-c/files/patch-cmake_config.h.in >@@ -0,0 +1,27 @@ >+--- cmake/config.h.in.orig 2020-05-14 09:44:39 UTC >++++ cmake/config.h.in >+@@ -1,4 +1,3 @@ >+-/* config.h.in. Generated from configure.ac by autoheader. */ >+ >+ /* Enable RDRAND Hardware RNG Hash Seed */ >+ #cmakedefine ENABLE_RDRAND "@ENABLE_RDRAND@" >+@@ -54,6 +53,9 @@ >+ /* Define to 1 if you have the <sys/param.h> header file. */ >+ #cmakedefine HAVE_SYS_PARAM_H @HAVE_SYS_PARAM_H@ >+ >++/* Define to 1 if you have the <sys/resource.h> header file. */ >++#cmakedefine HAVE_SYS_RESOURCE_H >++ >+ /* Define to 1 if you have the <sys/stat.h> header file. */ >+ #cmakedefine HAVE_SYS_STAT_H >+ >+@@ -134,6 +136,9 @@ >+ >+ /* Define to 1 if you have the `vsyslog' function. */ >+ #cmakedefine HAVE_VSYSLOG @HAVE_VSYSLOG@ >++ >++/* Define if you have the `getrusage' function. */ >++#cmakedefine HAVE_GETRUSAGE >+ >+ #cmakedefine HAVE_STRTOLL >+ #if !defined(HAVE_STRTOLL) >diff --git a/devel/json-c/files/patch-cve-2020-12762 b/devel/json-c/files/patch-cve-2020-12762 >new file mode 100644 >index 000000000000..32c6f342d9a1 >--- /dev/null >+++ b/devel/json-c/files/patch-cve-2020-12762 >@@ -0,0 +1,155 @@ >+From 099016b7e8d70a6d5dd814e788bba08d33d48426 Mon Sep 17 00:00:00 2001 >+From: Tobias Stoeckmann <tobias@stoeckmann.org> >+Date: Mon, 4 May 2020 19:41:16 +0200 >+Subject: [PATCH 1/3] Protect array_list_del_idx against size_t overflow. >+ >+If the assignment of stop overflows due to idx and count being >+larger than SIZE_T_MAX in sum, out of boundary access could happen. >+ >+It takes invalid usage of this function for this to happen, but >+I decided to add this check so array_list_del_idx is as safe against >+bad usage as the other arraylist functions. >+--- >+ arraylist.c | 3 +++ >+ 1 file changed, 3 insertions(+) >+ >+diff --git a/arraylist.c b/arraylist.c >+index 12ad8af6d3..e5524aca75 100644 >+--- arraylist.c >++++ arraylist.c >+@@ -136,6 +136,9 @@ int array_list_del_idx(struct array_list *arr, size_t idx, size_t count) >+ { >+ size_t i, stop; >+ >++ /* Avoid overflow in calculation with large indices. */ >++ if (idx > SIZE_T_MAX - count) >++ return -1; >+ stop = idx + count; >+ if (idx >= arr->length || stop > arr->length) >+ return -1; >+ >+From 77d935b7ae7871a1940cd827e850e6063044ec45 Mon Sep 17 00:00:00 2001 >+From: Tobias Stoeckmann <tobias@stoeckmann.org> >+Date: Mon, 4 May 2020 19:46:45 +0200 >+Subject: [PATCH 2/3] Prevent division by zero in linkhash. >+ >+If a linkhash with a size of zero is created, then modulo operations >+are prone to division by zero operations. >+ >+Purely protective measure against bad usage. >+--- >+ linkhash.c | 3 +++ >+ 1 file changed, 3 insertions(+) >+ >+diff --git a/linkhash.c b/linkhash.c >+index 7ea58c0abf..f05cc38030 100644 >+--- linkhash.c >++++ linkhash.c >+@@ -12,6 +12,7 @@ >+ >+ #include "config.h" >+ >++#include <assert.h> >+ #include <limits.h> >+ #include <stdarg.h> >+ #include <stddef.h> >+@@ -499,6 +500,8 @@ struct lh_table *lh_table_new(int size, lh_entry_free_fn *free_fn, lh_hash_fn *h >+ int i; >+ struct lh_table *t; >+ >++ /* Allocate space for elements to avoid divisions by zero. */ >++ assert(size > 0); >+ t = (struct lh_table *)calloc(1, sizeof(struct lh_table)); >+ if (!t) >+ return NULL; >+ >+From d07b91014986900a3a75f306d302e13e005e9d67 Mon Sep 17 00:00:00 2001 >+From: Tobias Stoeckmann <tobias@stoeckmann.org> >+Date: Mon, 4 May 2020 19:47:25 +0200 >+Subject: [PATCH 3/3] Fix integer overflows. >+ >+The data structures linkhash and printbuf are limited to 2 GB in size >+due to a signed integer being used to track their current size. >+ >+If too much data is added, then size variable can overflow, which is >+an undefined behaviour in C programming language. >+ >+Assuming that a signed int overflow just leads to a negative value, >+like it happens on many sytems (Linux i686/amd64 with gcc), then >+printbuf is vulnerable to an out of boundary write on 64 bit systems. >+--- >+ linkhash.c | 7 +++++-- >+ printbuf.c | 19 ++++++++++++++++--- >+ 2 files changed, 21 insertions(+), 5 deletions(-) >+ >+diff --git a/linkhash.c b/linkhash.c >+index f05cc38030..51e90b13a2 100644 >+--- linkhash.c >++++ linkhash.c >+@@ -580,9 +580,12 @@ int lh_table_insert_w_hash(struct lh_table *t, const void *k, const void *v, con >+ { >+ unsigned long n; >+ >+- if (t->count >= t->size * LH_LOAD_FACTOR) >+- if (lh_table_resize(t, t->size * 2) != 0) >++ if (t->count >= t->size * LH_LOAD_FACTOR) { >++ /* Avoid signed integer overflow with large tables. */ >++ int new_size = INT_MAX / 2 < t->size ? t->size * 2 : INT_MAX; >++ if (t->size == INT_MAX || lh_table_resize(t, new_size) != 0) >+ return -1; >++ } >+ >+ n = h % t->size; >+ >+diff --git a/printbuf.c b/printbuf.c >+index 976c12dde5..00822fac4f 100644 >+--- printbuf.c >++++ printbuf.c >+@@ -15,6 +15,7 @@ >+ >+ #include "config.h" >+ >++#include <limits.h> >+ #include <stdio.h> >+ #include <stdlib.h> >+ #include <string.h> >+@@ -65,10 +66,16 @@ static int printbuf_extend(struct printbuf *p, int min_size) >+ >+ if (p->size >= min_size) >+ return 0; >+- >+- new_size = p->size * 2; >+- if (new_size < min_size + 8) >++ /* Prevent signed integer overflows with large buffers. */ >++ if (min_size > INT_MAX - 8) >++ return -1; >++ if (p->size > INT_MAX / 2) >+ new_size = min_size + 8; >++ else { >++ new_size = p->size * 2; >++ if (new_size < min_size + 8) >++ new_size = min_size + 8; >++ } >+ #ifdef PRINTBUF_DEBUG >+ MC_DEBUG("printbuf_memappend: realloc " >+ "bpos=%d min_size=%d old_size=%d new_size=%d\n", >+@@ -83,6 +90,9 @@ static int printbuf_extend(struct printbuf *p, int min_size) >+ >+ int printbuf_memappend(struct printbuf *p, const char *buf, int size) >+ { >++ /* Prevent signed integer overflows with large buffers. */ >++ if (size > INT_MAX - p->bpos - 1) >++ return -1; >+ if (p->size <= p->bpos + size + 1) >+ { >+ if (printbuf_extend(p, p->bpos + size + 1) < 0) >+@@ -100,6 +110,9 @@ int printbuf_memset(struct printbuf *pb, int offset, int charvalue, int len) >+ >+ if (offset == -1) >+ offset = pb->bpos; >++ /* Prevent signed integer overflows with large buffers. */ >++ if (len > INT_MAX - offset) >++ return -1; >+ size_needed = offset + len; >+ if (pb->size < size_needed) >+ { >diff --git a/devel/json-c/files/patch-json_object.c b/devel/json-c/files/patch-json_object.c >deleted file mode 100644 >index 4df3946861bb..000000000000 >--- a/devel/json-c/files/patch-json_object.c >+++ /dev/null >@@ -1,14 +0,0 @@ >---- json_object.c.orig 2020-02-18 20:12:20 UTC >-+++ json_object.c >-@@ -698,9 +698,9 @@ int64_t json_object_get_int64(const struct json_object >- case json_type_int: >- return jso->o.c_int64; >- case json_type_double: >-- if (jso->o.c_double >= INT64_MAX) >-+ if (jso->o.c_double >= (double)INT64_MAX) >- return INT64_MAX; >-- if (jso->o.c_double <= INT64_MIN) >-+ if (jso->o.c_double <= (double)INT64_MIN) >- return INT64_MIN; >- return (int64_t)jso->o.c_double; >- case json_type_boolean: >diff --git a/devel/json-c/files/patch-tests-test_parse.c b/devel/json-c/files/patch-tests-test_parse.c >deleted file mode 100644 >index 59dec7aa3fab..000000000000 >--- a/devel/json-c/files/patch-tests-test_parse.c >+++ /dev/null >@@ -1,17 +0,0 @@ >---- tests/test_parse.c.orig 2018-01-16 04:33:49 UTC >-+++ tests/test_parse.c >-@@ -253,11 +253,11 @@ struct incremental_step { >- the next few tests check that parsing multiple sequential >- json objects in the input works as expected */ >- { "null123", 9, 4, json_tokener_success, 0 }, >-- { "null123" + 4, 4, 3, json_tokener_success, 1 }, >-+ { &"null123"[4], 4, 3, json_tokener_success, 1 }, >- { "nullx", 5, 4, json_tokener_success, 0 }, >-- { "nullx" + 4, 2, 0, json_tokener_error_parse_unexpected, 1 }, >-+ { &"nullx"[4], 2, 0, json_tokener_error_parse_unexpected, 1 }, >- { "{\"a\":1}{\"b\":2}",15, 7, json_tokener_success, 0 }, >-- { "{\"a\":1}{\"b\":2}" + 7, >-+ { &"{\"a\":1}{\"b\":2}"[7], >- 8, 7, json_tokener_success, 1 }, >- >- /* Some bad formatting. Check we get the correct error status */ >diff --git a/devel/json-c/pkg-plist b/devel/json-c/pkg-plist >index 173db18ea30d..49076ec4a8de 100644 >--- a/devel/json-c/pkg-plist >+++ b/devel/json-c/pkg-plist >@@ -1,5 +1,4 @@ > include/json-c/arraylist.h >-include/json-c/bits.h > include/json-c/debug.h > include/json-c/json.h > include/json-c/json_c_version.h >@@ -10,12 +9,16 @@ include/json-c/json_object_iterator.h > include/json-c/json_object_private.h > include/json-c/json_pointer.h > include/json-c/json_tokener.h >+include/json-c/json_types.h > include/json-c/json_util.h > include/json-c/json_visit.h > include/json-c/linkhash.h > include/json-c/printbuf.h >+lib/cmake/json-c/json-c-config.cmake >+lib/cmake/json-c/json-c-targets-%%CMAKE_BUILD_TYPE%%.cmake >+lib/cmake/json-c/json-c-targets.cmake > lib/libjson-c.a > lib/libjson-c.so >-lib/libjson-c.so.4 >-lib/libjson-c.so.4.0.0 >+lib/libjson-c.so.5 >+lib/libjson-c.so.5.0.0 > libdata/pkgconfig/json-c.pc >-- >2.26.2 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 246145
:
214066
|
214171
|
214403
|
214481
|
214483
|
214486
|
214488