Hello community, here is the log from the commit of package json-c for openSUSE:Factory checked in at 2014-09-23 17:16:53 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/json-c (Old) and /work/SRC/openSUSE:Factory/.json-c.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "json-c" Changes: -------- --- /work/SRC/openSUSE:Factory/json-c/json-c.changes 2014-04-11 14:40:25.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.json-c.new/json-c.changes 2014-09-23 17:16:54.000000000 +0200 @@ -1,0 +2,39 @@ +Sat Sep 20 12:07:25 UTC 2014 - [email protected] + +- json-c 0.12 + Fixes for security issues contained in this release have been + previously patched into this package, but listed for completeness: + * Address security issues: + * CVE-2013-6371: hash collision denial of service + * CVE-2013-6370: buffer overflow if size_t is larger than int +- Further changes: + * Avoid potential overflow in json_object_get_double + * Eliminate the mc_abort() function and MC_ABORT macro. + * Make the json_tokener_errors array local. It has been deprecated for + a while, and json_tokener_error_desc() should be used instead. + * change the floating point output format to %.17g so values with + more than 6 digits show up in the output. + * Remove the old libjson.so name compatibility support. The library is + only created as libjson-c.so now and headers are only installed + into the ${prefix}/json-c directory. + * When supported by the linker, add the -Bsymbolic-functions flag. + * Make strict mode more strict: + * number must not start with 0 + * no single-quote strings + * no comments + * trailing char not allowed + * only allow lowercase literals + * Added a json_object_new_double_s() convenience function to allow + an exact string representation of a double to be specified when + creating the object and use it in json_tokener_parse_ex() so + a re-serialized object more exactly matches the input. + * Add support NaN and Infinity +- packaging changes: + * json-c-hash-dos-and-overflow-random-seed-4e.patch is upstream + * Move from json-c-lfs.patch which removed warning errors and + autoconf call to json-c-0.12-unused_variable_size.patch from + upstream which fixes the warning + * except for SLE 11 where autoreconf call is required + * add licence file to main package + +------------------------------------------------------------------- Old: ---- json-c-0.11.tar.gz json-c-hash-dos-and-overflow-random-seed-4e.patch json-c-lfs.patch New: ---- json-c-0.12-unused_variable_size.patch json-c-0.12.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ json-c.spec ++++++ --- /var/tmp/diff_new_pack.httraN/_old 2014-09-23 17:16:55.000000000 +0200 +++ /var/tmp/diff_new_pack.httraN/_new 2014-09-23 17:16:55.000000000 +0200 @@ -19,23 +19,20 @@ %define libname libjson-c %define libsoname %{libname}2 %define oldlibname libjson - Name: json-c +Version: 0.12 +Release: 0 Summary: JSON implementation in C License: MIT Group: Development/Libraries/C and C++ -Version: 0.11 -Release: 0 Url: https://github.com/json-c/json-c/wiki - #Git-Clone git://github.com/json-c/json-c Source0: https://s3.amazonaws.com/json-c_releases/releases/%{name}-%{version}.tar.gz Source1: baselibs.conf -Patch0: %{name}-lfs.patch -Patch1: %{name}-hash-dos-and-overflow-random-seed-4e.patch -BuildRoot: %{_tmppath}/%{name}-%{version}-build +Patch0: json-c-0.12-unused_variable_size.patch BuildRequires: libtool BuildRequires: pkg-config +BuildRoot: %{_tmppath}/%{name}-%{version}-build %description JSON-C implements a reference counting object model that allows you to @@ -76,7 +73,7 @@ Group: Documentation/Other Provides: %{oldlibname}-doc = %{version} Obsoletes: %{oldlibname}-doc < %{version} -%if 0%{suse_version} >= 1120 +%if 0%{?suse_version} >= 1120 BuildArch: noarch %endif @@ -91,21 +88,23 @@ %prep %setup -q %patch0 -p1 -%patch1 -p1 %build +%if 0%{?suse_version} <= 1110 +sed -i 's/-Werror //g' Makefile.am.inc autoreconf -fiv +%endif %configure --disable-static --with-pic --disable-oldname-compat -%{__make} %{?_smp_mflags} +make %{?_smp_mflags} %check -%{__make} %{?_smp_mflags} check +make %{?_smp_mflags} check %install -%makeinstall DESTDIR=$RPM_BUILD_ROOT libdir=%{_libdir} mandir=%{_mandir} -rm -Rf "%buildroot/%_libdir"/*.la +make DESTDIR=%{buildroot} install %{?_smp_mflags} DESTDIR=%{buildroot} libdir=%{_libdir} mandir=%{_mandir} +find %{buildroot} -type f -name "*.la" -delete -print # create a compatibilty pkg-config file for software needing it -(cd $RPM_BUILD_ROOT%{_libdir}/pkgconfig && ln -s json-c.pc json.pc) +(cd %{buildroot}%{_libdir}/pkgconfig && ln -s json-c.pc json.pc) %post -n %{libsoname} -p /sbin/ldconfig @@ -114,6 +113,7 @@ %files -n %{libsoname} %defattr(-,root,root) %{_libdir}/%{libname}.so.* +%doc COPYING %files -n %{libname}-devel %defattr(-,root,root) ++++++ json-c-0.12-unused_variable_size.patch ++++++ Author: Petar Koretić <[email protected]> Date: Fri Apr 11 10:03:40 2014 +0200 Subject: Remove unused variable 'size' Upstream: committed References: https://github.com/json-c/json-c/commit/259c5c0b5fe87c2db41e7a989cc0ab5865170d81#diff-1a2844909ac019b51939d6a7d97c7cd0 Remove unused variable 'size' [ 31s] json_tokener.c: In function 'json_tokener_parse_ex': [ 31s] json_tokener.c:355:6: error: variable 'size' set but not used [-Werror=unused-but-set-variable] [ 31s] int size; [ 31s] ^ --- json_tokener.c | 2 -- 1 file changed, 2 deletions(-) Index: json-c-0.12/json_tokener.c =================================================================== --- json-c-0.12.orig/json_tokener.c 2014-04-11 01:41:08.000000000 +0100 +++ json-c-0.12/json_tokener.c 2014-09-20 12:33:05.000000000 +0100 @@ -352,12 +352,10 @@ struct json_object* json_tokener_parse_e case json_tokener_state_inf: /* aka starts with 'i' */ { - int size; int size_inf; int is_negative = 0; printbuf_memappend_fast(tok->pb, &c, 1); - size = json_min(tok->st_pos+1, json_null_str_len); size_inf = json_min(tok->st_pos+1, json_inf_str_len); char *infbuf = tok->pb->buf; if (*infbuf == '-') ++++++ json-c-0.11.tar.gz -> json-c-0.12.tar.gz ++++++ ++++ 43918 lines of diff (skipped) -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
