import yajl-2.1.0-22.el9

1 year ago · 990cf8318f
commit 990cf8318f
10 changed files with 418 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+SOURCES/yajl-2.1.0.tar.gz
--- a/.yajl.metadata
+++ b/.yajl.metadata
@ -0,0 +1 @@
+29ce2b9695ae93e1b0b349a22cea8067f25a9025 SOURCES/yajl-2.1.0.tar.gz
--- a/SOURCES/23a122eddaa28165a6c219000adcc31ff9a8a698.patch
+++ b/SOURCES/23a122eddaa28165a6c219000adcc31ff9a8a698.patch
@ -0,0 +1,23 @@
+From 23a122eddaa28165a6c219000adcc31ff9a8a698 Mon Sep 17 00:00:00 2001
+From: "zhang.jiujiu" <282627424@qq.com>
+Date: Tue, 7 Dec 2021 22:37:02 +0800
+Subject: [PATCH] fix memory leaks
+
+---
+ src/yajl_tree.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/yajl_tree.c b/src/yajl_tree.c
+index b9e66043..0e7bde98 100644
+--- a/src/yajl_tree.c
+++ b/src/yajl_tree.c
+@@ -456,6 +456,9 @@ yajl_val yajl_tree_parse (const char *input,
+              yajl_tree_free(v);
+         }
+         yajl_free (handle);
+	//If the requested memory is not released in time, it will cause memory leakage
+	if(ctx.root)
+	     yajl_tree_free(ctx.root);
+         return NULL;
+     }
+ 
--- a/SOURCES/3d65cb0c6db4d433e5e42ee7d91d8a04e21337cf.patch
+++ b/SOURCES/3d65cb0c6db4d433e5e42ee7d91d8a04e21337cf.patch
@ -0,0 +1,34 @@
+From 3d65cb0c6db4d433e5e42ee7d91d8a04e21337cf Mon Sep 17 00:00:00 2001
+From: wujing <wujing50@huawei.com>
+Date: Thu, 14 Feb 2019 03:12:30 +0800
+Subject: [PATCH] yajl: fix memory leak problem
+
+reason: fix memory leak problem
+---
+ src/yajl_tree.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/yajl_tree.c b/src/yajl_tree.c
+index 3d357a32..4b3cf2b1 100644
+--- a/src/yajl_tree.c
+++ b/src/yajl_tree.c
+@@ -143,7 +143,7 @@ static yajl_val context_pop(context_t *ctx)
+     ctx->stack = stack->next;
+ 
+     v = stack->value;
+-
+    free (stack->key);
+     free (stack);
+ 
+     return (v);
+@@ -444,6 +444,10 @@ yajl_val yajl_tree_parse (const char *input,
+              snprintf(error_buffer, error_buffer_size, "%s", internal_err_str);
+              YA_FREE(&(handle->alloc), internal_err_str);
+         }
+        while(ctx.stack != NULL) {
+             yajl_val v = context_pop(&ctx);
+             yajl_tree_free(v);
+        }
+         yajl_free (handle);
+         return NULL;
+     }
--- a/SOURCES/49923ccb2143e36850bcdeb781e2bcdf5ce22f15.patch
+++ b/SOURCES/49923ccb2143e36850bcdeb781e2bcdf5ce22f15.patch
@ -0,0 +1,54 @@
+From 49923ccb2143e36850bcdeb781e2bcdf5ce22f15 Mon Sep 17 00:00:00 2001
+From: John Hawthorn <john@hawthorn.email>
+Date: Wed, 2 Mar 2022 14:17:59 -0800
+Subject: [PATCH] Check need < buf->used
+
+We're guaranteed a power of 2 so that this becomes 0, but we might as
+well use a check for overflow that works in more cases.
+
+Unsigned integer overflow is defined behaviour, so this should be safe.
+
+(cherry picked from commit 36410d536b676e836637bb20574a56ebc920eb83)
+---
+ src/yajl_buf.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/src/yajl_buf.c b/src/yajl_buf.c
+index 1aeafde0..8bd1bea7 100644
+--- a/src/yajl_buf.c
+++ b/src/yajl_buf.c
+@@ -30,7 +30,7 @@ struct yajl_buf_t {
+ };
+ 
+ static
+-void yajl_buf_ensure_available(yajl_buf buf, size_t want)
+int yajl_buf_ensure_available(yajl_buf buf, size_t want)
+ {
+     size_t need;
+     
+@@ -46,11 +46,15 @@ void yajl_buf_ensure_available(yajl_buf buf, size_t want)
+     need = buf->len;
+ 
+     while (want >= (need - buf->used)) need <<= 1;
+    if (need < buf->used) {
+         return -1;
+    }
+ 
+     if (need != buf->len) {
+         buf->data = (unsigned char *) YA_REALLOC(buf->alloc, buf->data, need);
+         buf->len = need;
+     }
+    return 0;
+ }
+ 
+ yajl_buf yajl_buf_alloc(yajl_alloc_funcs * alloc)
+@@ -70,7 +74,8 @@ void yajl_buf_free(yajl_buf buf)
+ 
+ void yajl_buf_append(yajl_buf buf, const void * data, size_t len)
+ {
+-    yajl_buf_ensure_available(buf, len);
+    if (yajl_buf_ensure_available(buf, len))
+        return;
+     if (len > 0) {
+         assert(data != NULL);
+         memcpy(buf->data + buf->used, data, len);
--- a/SOURCES/yajl-2.1.0-dynlink-binaries.patch
+++ b/SOURCES/yajl-2.1.0-dynlink-binaries.patch
@ -0,0 +1,28 @@
+diff -rup yajl-2.1.0.orig/reformatter/CMakeLists.txt yajl-2.1.0.new/reformatter/CMakeLists.txt
+--- yajl-2.1.0.orig/reformatter/CMakeLists.txt	2014-03-19 04:58:29.000000000 +0000
+++ yajl-2.1.0.new/reformatter/CMakeLists.txt	2014-04-28 11:36:11.909478329 +0100
+@@ -26,7 +26,7 @@ LINK_DIRECTORIES(${CMAKE_CURRENT_BINARY_
+ 
+ ADD_EXECUTABLE(json_reformat ${SRCS})
+ 
+-TARGET_LINK_LIBRARIES(json_reformat yajl_s)
+TARGET_LINK_LIBRARIES(json_reformat yajl)
+ 
+ # In some environments, we must explicitly link libm (like qnx,
+ # thanks @shahbag)
+Only in yajl-2.1.0.new/reformatter: CMakeLists.txt.orig
+Only in yajl-2.1.0.new/src: CMakeLists.txt~
+Only in yajl-2.1.0.new/test/api: run_tests.sh~
+Only in yajl-2.1.0.new/test/parsing: run_tests.sh~
+diff -rup yajl-2.1.0.orig/verify/CMakeLists.txt yajl-2.1.0.new/verify/CMakeLists.txt
+--- yajl-2.1.0.orig/verify/CMakeLists.txt	2014-03-19 04:58:29.000000000 +0000
+++ yajl-2.1.0.new/verify/CMakeLists.txt	2014-04-28 11:36:11.909478329 +0100
+@@ -26,7 +26,7 @@ LINK_DIRECTORIES(${CMAKE_CURRENT_BINARY_
+ 
+ ADD_EXECUTABLE(json_verify ${SRCS})
+ 
+-TARGET_LINK_LIBRARIES(json_verify yajl_s)
+TARGET_LINK_LIBRARIES(json_verify yajl)
+ 
+ # copy in the binary
+ GET_TARGET_PROPERTY(binPath json_verify LOCATION)
--- a/SOURCES/yajl-2.1.0-pkgconfig-includedir.patch
+++ b/SOURCES/yajl-2.1.0-pkgconfig-includedir.patch
@ -0,0 +1,11 @@
+diff -rup yajl-2.1.0.orig/src/yajl.pc.cmake yajl-2.1.0.new/src/yajl.pc.cmake
+--- yajl-2.1.0.orig/src/yajl.pc.cmake	2014-03-19 04:58:29.000000000 +0000
+++ yajl-2.1.0.new/src/yajl.pc.cmake	2014-04-28 11:12:23.505791003 +0100
+@@ -1,6 +1,6 @@
+ prefix=${CMAKE_INSTALL_PREFIX}
+ libdir=${dollar}{prefix}/lib${LIB_SUFFIX}
+-includedir=${dollar}{prefix}/include/yajl
+includedir=${dollar}{prefix}/include
+ 
+ Name: Yet Another JSON Library
+ Description: A Portable JSON parsing and serialization library in ANSI C
--- a/SOURCES/yajl-2.1.0-pkgconfig-location.patch
+++ b/SOURCES/yajl-2.1.0-pkgconfig-location.patch
@ -0,0 +1,27 @@
+diff -rup yajl-2.1.0.orig/src/CMakeLists.txt yajl-2.1.0.new/src/CMakeLists.txt
+--- yajl-2.1.0.orig/src/CMakeLists.txt	2014-03-19 04:58:29.000000000 +0000
+++ yajl-2.1.0.new/src/CMakeLists.txt	2014-04-28 11:19:28.431492533 +0100
+@@ -30,7 +30,7 @@ ADD_DEFINITIONS(-DYAJL_BUILD)
+ # set up some paths
+ SET (libDir ${CMAKE_CURRENT_BINARY_DIR}/../${YAJL_DIST_NAME}/lib)
+ SET (incDir ${CMAKE_CURRENT_BINARY_DIR}/../${YAJL_DIST_NAME}/include/yajl)
+-SET (shareDir ${CMAKE_CURRENT_BINARY_DIR}/../${YAJL_DIST_NAME}/share/pkgconfig)
+SET (pkgconfigDir ${CMAKE_CURRENT_BINARY_DIR}/../${YAJL_DIST_NAME}/lib/pkgconfig)
+ 
+ # set the output path for libraries
+ SET(LIBRARY_OUTPUT_PATH ${libDir})
+@@ -61,7 +61,7 @@ FILE(MAKE_DIRECTORY ${incDir})
+ # generate build-time source
+ SET(dollar $)
+ CONFIGURE_FILE(api/yajl_version.h.cmake ${incDir}/yajl_version.h)
+-CONFIGURE_FILE(yajl.pc.cmake ${shareDir}/yajl.pc)
+CONFIGURE_FILE(yajl.pc.cmake ${pkgconfigDir}/yajl.pc)
+ 
+ # copy public headers to output directory
+ FOREACH (header ${PUB_HDRS})
+@@ -84,4 +84,4 @@ INSTALL(TARGETS yajl
+ INSTALL(TARGETS yajl_s ARCHIVE DESTINATION lib${LIB_SUFFIX})
+ INSTALL(FILES ${PUB_HDRS} DESTINATION include/yajl)
+ INSTALL(FILES ${incDir}/yajl_version.h DESTINATION include/yajl)
+-INSTALL(FILES ${shareDir}/yajl.pc DESTINATION share/pkgconfig)
+INSTALL(FILES ${pkgconfigDir}/yajl.pc DESTINATION lib${LIB_SUFFIX}/pkgconfig)
--- a/SOURCES/yajl-2.1.0-test-location.patch
+++ b/SOURCES/yajl-2.1.0-test-location.patch
@ -0,0 +1,30 @@
+diff -rup yajl-2.1.0.orig/test/api/run_tests.sh yajl-2.1.0.new/test/api/run_tests.sh
+--- yajl-2.1.0.orig/test/api/run_tests.sh	2014-03-19 04:58:29.000000000 +0000
+++ yajl-2.1.0.new/test/api/run_tests.sh	2014-04-28 11:27:26.006405320 +0100
+@@ -5,7 +5,7 @@ echo Running api tests:
+ tests=0
+ passed=0
+ 
+-for file in `ls`; do
+for file in `ls ../../build/test/api`; do
+     [ ! -x $file -o -d $file ] && continue
+     tests=`expr 1 + $tests`
+     printf " test(%s): " $file
+diff -rup yajl-2.1.0.orig/test/parsing/run_tests.sh yajl-2.1.0.new/test/parsing/run_tests.sh
+--- yajl-2.1.0.orig/test/parsing/run_tests.sh	2014-03-19 04:58:29.000000000 +0000
+++ yajl-2.1.0.new/test/parsing/run_tests.sh	2014-04-28 11:25:51.239025722 +0100
+@@ -16,11 +16,11 @@ fi
+ # find test binary on both platforms.  allow the caller to force a
+ # particular test binary (useful for non-cmake build systems).
+ if [ -z "$testBin" ]; then
+-    testBin="../build/test/parsing/Release/yajl_test.exe"
+    testBin="../../build/test/parsing/Release/yajl_test.exe"
+     if [ ! -x $testBin ] ; then
+-        testBin="../build/test/parsing/Debug/yajl_test.exe"
+        testBin="../../build/test/parsing/Debug/yajl_test.exe"
+         if [ ! -x $testBin ] ; then
+-            testBin="../build/test/parsing/yajl_test"
+            testBin="../../build/test/parsing/yajl_test"
+             if [  ! -x $testBin ] ; then
+                 ${ECHO} "cannot execute test binary: '$testBin'"
+                 exit 1;
--- a/SPECS/yajl.spec
+++ b/SPECS/yajl.spec
@ -0,0 +1,209 @@
+%undefine __cmake_in_source_build
+%global _vpath_builddir build
+
+Name: yajl
+Version: 2.1.0
+Release: 22%{?dist}
+Summary: Yet Another JSON Library (YAJL)
+
+License: ISC
+URL: http://lloyd.github.com/yajl/
+
+#
+# NB, upstream does not provide pre-built tar.gz downloads. Instead
+# they make you use the 'on the fly' generated tar.gz from GITHub's
+# web interface
+#
+# The Source0 for any version is obtained by a URL
+#
+#   https://github.com/lloyd/yajl/releases/tag/2.1.0
+#
+Source0: %{name}-%{version}.tar.gz
+Patch1: %{name}-%{version}-pkgconfig-location.patch
+Patch2: %{name}-%{version}-pkgconfig-includedir.patch
+Patch3: %{name}-%{version}-test-location.patch
+Patch4: %{name}-%{version}-dynlink-binaries.patch
+Patch5: https://github.com/containers/yajl/commit/49923ccb2143e36850bcdeb781e2bcdf5ce22f15.patch
+Patch6: https://github.com/openEuler-BaseService/yajl/commit/3d65cb0c6db4d433e5e42ee7d91d8a04e21337cf.patch
+Patch7: https://github.com/openEuler-BaseService/yajl/commit/23a122eddaa28165a6c219000adcc31ff9a8a698.patch
+
+BuildRequires:  gcc
+BuildRequires: cmake
+
+%package devel
+Summary: Libraries, includes, etc to develop with YAJL
+Requires: %{name} = %{version}-%{release}
+
+%description
+Yet Another JSON Library. YAJL is a small event-driven
+(SAX-style) JSON parser written in ANSI C, and a small
+validating JSON generator.
+
+%description devel
+Yet Another JSON Library. YAJL is a small event-driven
+(SAX-style) JSON parser written in ANSI C, and a small
+validating JSON generator.
+
+This sub-package provides the libraries and includes
+necessary for developing against the YAJL library
+
+%prep
+%setup -q
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1
+%patch6 -p1
+%patch7 -p1
+
+%build
+# NB, we are not using upstream's 'configure'/'make'
+# wrapper, instead we use cmake directly to better
+# align with Fedora standards
+%cmake
+%cmake_build
+
+
+%install
+%cmake_install
+
+
+# No static libraries
+rm -f $RPM_BUILD_ROOT%{_libdir}/libyajl_s.a
+
+
+%check
+cd test
+(cd parsing && ./run_tests.sh)
+(cd api && ./run_tests.sh)
+
+%ldconfig_scriptlets
+
+%files
+%license COPYING
+%doc ChangeLog README TODO
+%{_bindir}/json_reformat
+%{_bindir}/json_verify
+%{_libdir}/libyajl.so.2
+%{_libdir}/libyajl.so.2.*
+
+%files devel
+%dir %{_includedir}/yajl
+%{_includedir}/yajl/yajl_common.h
+%{_includedir}/yajl/yajl_gen.h
+%{_includedir}/yajl/yajl_parse.h
+%{_includedir}/yajl/yajl_tree.h
+%{_includedir}/yajl/yajl_version.h
+%{_libdir}/libyajl.so
+%{_libdir}/pkgconfig/yajl.pc
+
+
+%changelog
+* Fri Sep 22 2023 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 2.1.0-22
+- Rebuilt for MSVSphere 9.3 beta
+
+* Wed Jul 12 2023 Jindrich Novy <jnovy@redhat.com> - 2.1.0-22
+- fix CVE-2023-33460
+- Resolves: #2221253
+
+* Tue Apr 26 2022 Jindrich Novy <jnovy@redhat.com> - 2.1.0-21
+- fix CVE-2022-24795
+- Related: #2061316
+
+* Fri Oct 01 2021 Jindrich Novy <jnovy@redhat.com> - 2.1.0-20
+- perform only sanity/installability tests for now
+- Related: #2000051
+
+* Wed Sep 29 2021 Jindrich Novy <jnovy@redhat.com> - 2.1.0-19
+- add gating.yaml
+- Related: #2000051
+
+* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 2.1.0-18
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
+
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.1.0-17
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Thu Jan 28 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.0-16
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.0-15
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.0-14
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.0-13
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.0-12
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.0-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.0-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Sat Feb 03 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.1.0-9
+- Switch to %%ldconfig_scriptlets
+
+* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.0-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.0-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.0-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Mon Apr 28 2014 Daniel P. Berrange <berrange@redhat.com> - 2.1.0-1
+- Update to 2.1.0 release (rhbz #1080935)
+
+* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.4-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Fri Feb 15 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.4-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Mon Aug  6 2012 Daniel P. Berrange <berrange@redhat.com> - 2.0.4-1
+- Update to 2.0.4 release (rhbz #845777)
+- Fix License tag to reflect change in 2.0.0 series from BSD to ISC
+
+* Sun Jul 22 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Thu Nov 10 2011 Daniel P. Berrange <berrange@redhat.com> - 2.0.1-1
+- Update to 2.0.1 release
+
+* Tue May  3 2011 Daniel P. Berrange <berrange@redhat.com> - 1.0.12-1
+- Update to 1.0.12 release
+
+* Fri Dec 17 2010 Daniel P. Berrange <berrange@redhat.com> - 1.0.11-1
+- Update to 1.0.11 release
+
+* Mon Jan 11 2010 Daniel P. Berrange <berrange@redhat.com> - 1.0.7-3
+- Fix ignoring of cflags (rhbz #547500)
+
+* Tue Dec  8 2009 Daniel P. Berrange <berrange@redhat.com> - 1.0.7-2
+- Change use of 'define' to 'global'
+
+* Mon Dec  7 2009 Daniel P. Berrange <berrange@redhat.com> - 1.0.7-1
+- Initial Fedora package
				`@ -0,0 +1 @@`
				`29ce2b9695ae93e1b0b349a22cea8067f25a9025 SOURCES/yajl-2.1.0.tar.gz`