diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2014-04-18 14:08:41 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2014-04-18 14:08:41 +0000 |
commit | 14cbf73416b6e1d6839c573967901260e464deb2 (patch) | |
tree | 26e12b07d1f55b0b72607b98a24c79d8349ae48d | |
parent | a518b8afc48b8fa81d565fff644af4c41adbbb99 (diff) | |
download | aports-14cbf73416b6e1d6839c573967901260e464deb2.tar.bz2 aports-14cbf73416b6e1d6839c573967901260e464deb2.tar.xz |
main/json-c: security upgrade to 0.12 (CVE-2013-6371,CVE-2013-6370)
ref #2849
-rw-r--r-- | main/json-c/APKBUILD | 15 | ||||
-rw-r--r-- | main/json-c/size-set-but-not-used.patch | 19 |
2 files changed, 29 insertions, 5 deletions
diff --git a/main/json-c/APKBUILD b/main/json-c/APKBUILD index a5b14da3a7..ce85acabd1 100644 --- a/main/json-c/APKBUILD +++ b/main/json-c/APKBUILD @@ -1,6 +1,6 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=json-c -pkgver=0.11 +pkgver=0.12 pkgrel=0 pkgdesc="A JSON implementation in C" url="https://github.com/json-c/json-c/wiki" @@ -11,7 +11,9 @@ depends_dev="" makedepends="$depends_dev" install="" subpackages="$pkgname-dev" -source="https://s3.amazonaws.com/${pkgname}_releases/releases/$pkgname-${pkgver}.tar.gz" +source="https://s3.amazonaws.com/${pkgname}_releases/releases/$pkgname-${pkgver}.tar.gz + size-set-but-not-used.patch + " _builddir="$srcdir"/json-c-$pkgver prepare() { @@ -43,6 +45,9 @@ package() { rm -f "$pkgdir"/usr/lib/*.la } -md5sums="aa02367d2f7a830bf1e3376f77881e98 json-c-0.11.tar.gz" -sha256sums="28dfc65145dc0d4df1dfe7701ac173c4e5f9347176c8983edbfac9149494448c json-c-0.11.tar.gz" -sha512sums="65ab563fe908d585ba05fff3b77283050ec4f94114ff6e4b916557013d75498271cf65b2660a0aaf74b23beaa80385c80d37ab6a700ba967dd859fa779a81cb0 json-c-0.11.tar.gz" +md5sums="3ca4bbb881dfc4017e8021b5e0a8c491 json-c-0.12.tar.gz +ff9d703a13744d4a67c074dfa25d3eea size-set-but-not-used.patch" +sha256sums="000c01b2b3f82dcb4261751eb71f1b084404fb7d6a282f06074d3c17078b9f3f json-c-0.12.tar.gz +71cd883f54d46f023eaf2e530344c301dbbe9bd5090d64a1abe4dd8394afb2b4 size-set-but-not-used.patch" +sha512sums="c959804362386f6b77e9d04b5fedf6d6aff1fcd0ab50250edb25f759b510b402e7ad4b33d1cbadc3337b63a3145d19f310812a9ee351748348304b384dc2dc35 json-c-0.12.tar.gz +881faff046ae3608c82456276788b4a72e0abd75f8c2d57e192a8a40c887cd78e535f3a009ca69180c29dfcf07f3d823b4cd84b944103a4c7d5b1a7a5eb98103 size-set-but-not-used.patch" diff --git a/main/json-c/size-set-but-not-used.patch b/main/json-c/size-set-but-not-used.patch new file mode 100644 index 0000000000..1cb1ab1d24 --- /dev/null +++ b/main/json-c/size-set-but-not-used.patch @@ -0,0 +1,19 @@ +https://github.com/json-c/json-c/issues/134 + +diff --git a/json_tokener.c b/json_tokener.c +index 19de8ef..9a76293 100644 +--- a/json_tokener.c ++++ b/json_tokener.c +@@ -352,12 +352,10 @@ struct json_object* json_tokener_parse_ex(struct json_tokener *tok, + + case json_tokener_state_inf: /* aka starts with 'i' */ + { +- int size; + int size_inf; + int is_negative = 0; + + printbuf_memappend_fast(tok->pb, &c, 1); +- size = json_min(tok->st_pos+1, json_null_str_len); + size_inf = json_min(tok->st_pos+1, json_inf_str_len); + char *infbuf = tok->pb->buf; + if (*infbuf == '-') |