aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2014-04-18 14:08:41 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2014-04-18 14:26:04 +0000
commit7c6f59eb07ed9c9fd46b1d2b74aff8d1bf18d7b8 (patch)
tree3c649b57dcc5ffc51e864d3f409751707486c086
parentdbbec23e368ed2962d9d85b8f25fcaf0e61d1781 (diff)
downloadaports-7c6f59eb07ed9c9fd46b1d2b74aff8d1bf18d7b8.tar.bz2
aports-7c6f59eb07ed9c9fd46b1d2b74aff8d1bf18d7b8.tar.xz
main/json-c: security upgrade to 0.12 (CVE-2013-6371,CVE-2013-6370)
fixes #2849 (cherry picked from commit 14cbf73416b6e1d6839c573967901260e464deb2)
Diffstat
-rw-r--r--main/json-c/APKBUILD17
-rw-r--r--main/json-c/size-set-but-not-used.patch19
2 files changed, 30 insertions, 6 deletions
diff --git a/main/json-c/APKBUILD b/main/json-c/APKBUILD
index a5b14da3a7..2bf24ed857 100644
--- a/main/json-c/APKBUILD
+++ b/main/json-c/APKBUILD
@@ -1,6 +1,6 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=json-c
-pkgver=0.11
+pkgver=0.12
pkgrel=0
pkgdesc="A JSON implementation in C"
url="https://github.com/json-c/json-c/wiki"
@@ -8,10 +8,12 @@ arch="all"
license="MIT"
depends=""
depends_dev=""
-makedepends="$depends_dev"
+makedepends="$depends_dev autoconf"
install=""
subpackages="$pkgname-dev"
-source="https://s3.amazonaws.com/${pkgname}_releases/releases/$pkgname-${pkgver}.tar.gz"
+source="https://s3.amazonaws.com/${pkgname}_releases/releases/$pkgname-${pkgver}.tar.gz
+ size-set-but-not-used.patch
+ "
_builddir="$srcdir"/json-c-$pkgver
prepare() {
@@ -43,6 +45,9 @@ package() {
rm -f "$pkgdir"/usr/lib/*.la
}
-md5sums="aa02367d2f7a830bf1e3376f77881e98 json-c-0.11.tar.gz"
-sha256sums="28dfc65145dc0d4df1dfe7701ac173c4e5f9347176c8983edbfac9149494448c json-c-0.11.tar.gz"
-sha512sums="65ab563fe908d585ba05fff3b77283050ec4f94114ff6e4b916557013d75498271cf65b2660a0aaf74b23beaa80385c80d37ab6a700ba967dd859fa779a81cb0 json-c-0.11.tar.gz"
+md5sums="3ca4bbb881dfc4017e8021b5e0a8c491 json-c-0.12.tar.gz
+ff9d703a13744d4a67c074dfa25d3eea size-set-but-not-used.patch"
+sha256sums="000c01b2b3f82dcb4261751eb71f1b084404fb7d6a282f06074d3c17078b9f3f json-c-0.12.tar.gz
+71cd883f54d46f023eaf2e530344c301dbbe9bd5090d64a1abe4dd8394afb2b4 size-set-but-not-used.patch"
+sha512sums="c959804362386f6b77e9d04b5fedf6d6aff1fcd0ab50250edb25f759b510b402e7ad4b33d1cbadc3337b63a3145d19f310812a9ee351748348304b384dc2dc35 json-c-0.12.tar.gz
+881faff046ae3608c82456276788b4a72e0abd75f8c2d57e192a8a40c887cd78e535f3a009ca69180c29dfcf07f3d823b4cd84b944103a4c7d5b1a7a5eb98103 size-set-but-not-used.patch"
diff --git a/main/json-c/size-set-but-not-used.patch b/main/json-c/size-set-but-not-used.patch
new file mode 100644
index 0000000000..1cb1ab1d24
--- /dev/null
+++ b/main/json-c/size-set-but-not-used.patch
@@ -0,0 +1,19 @@
+https://github.com/json-c/json-c/issues/134
+
+diff --git a/json_tokener.c b/json_tokener.c
+index 19de8ef..9a76293 100644
+--- a/json_tokener.c
++++ b/json_tokener.c
+@@ -352,12 +352,10 @@ struct json_object* json_tokener_parse_ex(struct json_tokener *tok,
+
+ case json_tokener_state_inf: /* aka starts with 'i' */
+ {
+- int size;
+ int size_inf;
+ int is_negative = 0;
+
+ printbuf_memappend_fast(tok->pb, &c, 1);
+- size = json_min(tok->st_pos+1, json_null_str_len);
+ size_inf = json_min(tok->st_pos+1, json_inf_str_len);
+ char *infbuf = tok->pb->buf;
+ if (*infbuf == '-')
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-30 12:58:29 +0000