aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2014-04-18 14:08:41 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2014-04-18 14:08:41 +0000
commit14cbf73416b6e1d6839c573967901260e464deb2 (patch)
tree26e12b07d1f55b0b72607b98a24c79d8349ae48d
parenta518b8afc48b8fa81d565fff644af4c41adbbb99 (diff)
downloadaports-14cbf73416b6e1d6839c573967901260e464deb2.tar.bz2
aports-14cbf73416b6e1d6839c573967901260e464deb2.tar.xz
main/json-c: security upgrade to 0.12 (CVE-2013-6371,CVE-2013-6370)
ref #2849
-rw-r--r--main/json-c/APKBUILD15
-rw-r--r--main/json-c/size-set-but-not-used.patch19
2 files changed, 29 insertions, 5 deletions
diff --git a/main/json-c/APKBUILD b/main/json-c/APKBUILD
index a5b14da3a7..ce85acabd1 100644
--- a/main/json-c/APKBUILD
+++ b/main/json-c/APKBUILD
@@ -1,6 +1,6 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=json-c
-pkgver=0.11
+pkgver=0.12
pkgrel=0
pkgdesc="A JSON implementation in C"
url="https://github.com/json-c/json-c/wiki"
@@ -11,7 +11,9 @@ depends_dev=""
makedepends="$depends_dev"
install=""
subpackages="$pkgname-dev"
-source="https://s3.amazonaws.com/${pkgname}_releases/releases/$pkgname-${pkgver}.tar.gz"
+source="https://s3.amazonaws.com/${pkgname}_releases/releases/$pkgname-${pkgver}.tar.gz
+ size-set-but-not-used.patch
+ "
_builddir="$srcdir"/json-c-$pkgver
prepare() {
@@ -43,6 +45,9 @@ package() {
rm -f "$pkgdir"/usr/lib/*.la
}
-md5sums="aa02367d2f7a830bf1e3376f77881e98 json-c-0.11.tar.gz"
-sha256sums="28dfc65145dc0d4df1dfe7701ac173c4e5f9347176c8983edbfac9149494448c json-c-0.11.tar.gz"
-sha512sums="65ab563fe908d585ba05fff3b77283050ec4f94114ff6e4b916557013d75498271cf65b2660a0aaf74b23beaa80385c80d37ab6a700ba967dd859fa779a81cb0 json-c-0.11.tar.gz"
+md5sums="3ca4bbb881dfc4017e8021b5e0a8c491 json-c-0.12.tar.gz
+ff9d703a13744d4a67c074dfa25d3eea size-set-but-not-used.patch"
+sha256sums="000c01b2b3f82dcb4261751eb71f1b084404fb7d6a282f06074d3c17078b9f3f json-c-0.12.tar.gz
+71cd883f54d46f023eaf2e530344c301dbbe9bd5090d64a1abe4dd8394afb2b4 size-set-but-not-used.patch"
+sha512sums="c959804362386f6b77e9d04b5fedf6d6aff1fcd0ab50250edb25f759b510b402e7ad4b33d1cbadc3337b63a3145d19f310812a9ee351748348304b384dc2dc35 json-c-0.12.tar.gz
+881faff046ae3608c82456276788b4a72e0abd75f8c2d57e192a8a40c887cd78e535f3a009ca69180c29dfcf07f3d823b4cd84b944103a4c7d5b1a7a5eb98103 size-set-but-not-used.patch"
diff --git a/main/json-c/size-set-but-not-used.patch b/main/json-c/size-set-but-not-used.patch
new file mode 100644
index 0000000000..1cb1ab1d24
--- /dev/null
+++ b/main/json-c/size-set-but-not-used.patch
@@ -0,0 +1,19 @@
+https://github.com/json-c/json-c/issues/134
+
+diff --git a/json_tokener.c b/json_tokener.c
+index 19de8ef..9a76293 100644
+--- a/json_tokener.c
++++ b/json_tokener.c
+@@ -352,12 +352,10 @@ struct json_object* json_tokener_parse_ex(struct json_tokener *tok,
+
+ case json_tokener_state_inf: /* aka starts with 'i' */
+ {
+- int size;
+ int size_inf;
+ int is_negative = 0;
+
+ printbuf_memappend_fast(tok->pb, &c, 1);
+- size = json_min(tok->st_pos+1, json_null_str_len);
+ size_inf = json_min(tok->st_pos+1, json_inf_str_len);
+ char *infbuf = tok->pb->buf;
+ if (*infbuf == '-')