Summary: | devel/jansson: patch for CVE-2016-4425 (r414586) breaks jansson: now it fails to parse large flat json files | ||||||
---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Yuri Victorovich <yuri> | ||||
Component: | Individual Port(s) | Assignee: | Vanilla I. Shu <vanilla> | ||||
Status: | Closed FIXED | ||||||
Severity: | Affects Only Me | CC: | junovitch | ||||
Priority: | --- | Keywords: | regression | ||||
Version: | Latest | Flags: | bugzilla:
maintainer-feedback?
(vanilla) junovitch: merge-quarterly+ |
||||
Hardware: | Any | ||||||
OS: | Any | ||||||
Attachments: |
|
Description
Yuri Victorovich
![]() ![]() Hi Yuri, Thanks for the report. The reference to this PR has been attached to the original upstream issue at https://github.com/akheron/jansson/issues/282. Let's see what they want to do about this regression. Reported as https://github.com/akheron/jansson/issues/286 per their request. Yuri, can you upload a copy of the test case either here or to the upstream issue? Created attachment 170278 [details] jansson-test.c Please build the attached C testcase with this command: > cc -o jansson-test -I /usr/local/include -L/usr/local/lib -ljansson jansson-test.c A commit references this bug: Author: vanilla Date: Mon May 16 02:25:41 UTC 2016 New revision: 415303 URL: https://svnweb.freebsd.org/changeset/ports/415303 Log: Fix issue to parse large flat json files. PR: 209492 Reported by: yuri@rawbw.com Changes: head/devel/jansson/Makefile head/devel/jansson/files/patch-CVE-2016-4425 I think I missing some part of upstream, after review whole patches, It should be ok now, please try it again, thanks. A commit references this bug: Author: junovitch Date: Fri May 20 01:39:07 UTC 2016 New revision: 415538 URL: https://svnweb.freebsd.org/changeset/ports/415538 Log: MFH: r415303 Fix issue to parse large flat json files. PR: 209492 Reported by: yuri@rawbw.com Approved by: ports-secteam (with hat) Changes: _U branches/2016Q2/ branches/2016Q2/devel/jansson/Makefile branches/2016Q2/devel/jansson/files/patch-CVE-2016-4425 Set merge-quarterly+ appropriately. The original fix and fix for the regression it caused both should be in quarterly. This works. Thanks! |