From e80198562d54563bb0614e80249470ccc8c477e4 Mon Sep 17 00:00:00 2001 From: basebuilder_pel7ppc64lebuilder0 Date: Thu, 2 Dec 2021 11:50:02 +0100 Subject: [PATCH] json-c package update Signed-off-by: basebuilder_pel7ppc64lebuilder0 --- SOURCES/json-c-CVE-2013-6371.patch | 865 +++++++++++++++++++++++++++++ SPECS/json-c.spec | 153 +++++ 2 files changed, 1018 insertions(+) create mode 100644 SOURCES/json-c-CVE-2013-6371.patch create mode 100644 SPECS/json-c.spec diff --git a/SOURCES/json-c-CVE-2013-6371.patch b/SOURCES/json-c-CVE-2013-6371.patch new file mode 100644 index 00000000..b59ab25d --- /dev/null +++ b/SOURCES/json-c-CVE-2013-6371.patch @@ -0,0 +1,865 @@ +https://github.com/json-c/json-c/commit/64e36901a0614bf64a19bc3396469c66dcd0b015 + +* CVE-2013-6371: hash collision denial of service +* CVE-2013-6370: buffer overflow if size_t is larger than int + +diff --git a/Makefile.am b/Makefile.am +index 24b9bdf..26ced27 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -23,7 +23,8 @@ libjson_cinclude_HEADERS = \ + json_tokener.h \ + json_util.h \ + linkhash.h \ +- printbuf.h ++ printbuf.h \ ++ random_seed.h + + #libjsonx_includedir = $(libdir)/json-c-@VERSION@ + # +@@ -41,7 +42,8 @@ libjson_c_la_SOURCES = \ + json_tokener.c \ + json_util.c \ + linkhash.c \ +- printbuf.c ++ printbuf.c \ ++ random_seed.c + + + distclean-local: +diff --git a/Makefile.am.inc b/Makefile.am.inc +index fd68a25..fec591b 100644 +--- a/Makefile.am.inc ++++ b/Makefile.am.inc +@@ -1,2 +1,2 @@ +-AM_CFLAGS = -Wall -Werror -Wextra -Wwrite-strings -Wno-unused-parameter -std=gnu99 -D_GNU_SOURCE -D_REENTRANT ++AM_CFLAGS = -Wall -Werror -Wno-error=deprecated-declarations -Wextra -Wwrite-strings -Wno-unused-parameter -std=gnu99 -D_GNU_SOURCE -D_REENTRANT + +diff --git a/json_object.h b/json_object.h +index 1005734..200ac40 100644 +--- a/json_object.h ++++ b/json_object.h +@@ -13,6 +13,14 @@ + #ifndef _json_object_h_ + #define _json_object_h_ + ++#ifdef __GNUC__ ++#define THIS_FUNCTION_IS_DEPRECATED(func) func __attribute__ ((deprecated)) ++#elif defined(_MSC_VER) ++#define THIS_FUNCTION_IS_DEPRECATED(func) __declspec(deprecated) func ++#else ++#define THIS_FUNCTION_IS_DEPRECATED(func) func ++#endif ++ + #include "json_inttypes.h" + + #ifdef __cplusplus +@@ -279,8 +287,8 @@ extern void json_object_object_add(struct json_object* obj, const char *key, + * @returns the json_object associated with the given field name + * @deprecated Please use json_object_object_get_ex + */ +-extern struct json_object* json_object_object_get(struct json_object* obj, +- const char *key); ++THIS_FUNCTION_IS_DEPRECATED(extern struct json_object* json_object_object_get(struct json_object* obj, ++ const char *key)); + + /** Get the json_object associated with a given object field. + * +diff --git a/json_tokener.c b/json_tokener.c +index a1019c0..19de8ef 100644 +--- a/json_tokener.c ++++ b/json_tokener.c +@@ -81,6 +81,7 @@ static const char* json_tokener_errors[] = { + "object value separator ',' expected", + "invalid string sequence", + "expected comment", ++ "buffer size overflow" + }; + + const char *json_tokener_error_desc(enum json_tokener_error jerr) +@@ -243,6 +244,16 @@ struct json_object* json_tokener_parse_ex(struct json_tokener *tok, + tok->char_offset = 0; + tok->err = json_tokener_success; + ++ /* this interface is presently not 64-bit clean due to the int len argument ++ and the internal printbuf interface that takes 32-bit int len arguments ++ so the function limits the maximum string size to INT32_MAX (2GB). ++ If the function is called with len == -1 then strlen is called to check ++ the string length is less than INT32_MAX (2GB) */ ++ if ((len < -1) || (len == -1 && strlen(str) > INT32_MAX)) { ++ tok->err = json_tokener_error_size; ++ return NULL; ++ } ++ + while (PEEK_CHAR(c, tok)) { + + redo_char: +diff --git a/json_tokener.h b/json_tokener.h +index 5471d97..a72d2bd 100644 +--- a/json_tokener.h ++++ b/json_tokener.h +@@ -33,7 +33,8 @@ enum json_tokener_error { + json_tokener_error_parse_object_key_sep, + json_tokener_error_parse_object_value_sep, + json_tokener_error_parse_string, +- json_tokener_error_parse_comment ++ json_tokener_error_parse_comment, ++ json_tokener_error_size + }; + + enum json_tokener_state { +@@ -163,6 +164,11 @@ extern void json_tokener_set_flags(struct json_tokener *tok, int flags); + * responsible for calling json_tokener_parse_ex with an appropriate str + * parameter starting with the extra characters. + * ++ * This interface is presently not 64-bit clean due to the int len argument ++ * so the function limits the maximum string size to INT32_MAX (2GB). ++ * If the function is called with len == -1 then strlen is called to check ++ * the string length is less than INT32_MAX (2GB) ++ * + * Example: + * @code + json_object *jobj = NULL; +diff --git a/linkhash.c b/linkhash.c +index 5043148..712c387 100644 +--- a/linkhash.c ++++ b/linkhash.c +@@ -17,6 +17,11 @@ + #include + #include + ++#ifdef HAVE_ENDIAN_H ++# include /* attempt to define endianness */ ++#endif ++ ++#include "random_seed.h" + #include "linkhash.h" + + void lh_abort(const char *msg, ...) +@@ -39,14 +44,378 @@ int lh_ptr_equal(const void *k1, const void *k2) + return (k1 == k2); + } + ++/* ++ * hashlittle from lookup3.c, by Bob Jenkins, May 2006, Public Domain. ++ * http://burtleburtle.net/bob/c/lookup3.c ++ * minor modifications to make functions static so no symbols are exported ++ * minor mofifications to compile with -Werror ++ */ ++ ++/* ++------------------------------------------------------------------------------- ++lookup3.c, by Bob Jenkins, May 2006, Public Domain. ++ ++These are functions for producing 32-bit hashes for hash table lookup. ++hashword(), hashlittle(), hashlittle2(), hashbig(), mix(), and final() ++are externally useful functions. Routines to test the hash are included ++if SELF_TEST is defined. You can use this free for any purpose. It's in ++the public domain. It has no warranty. ++ ++You probably want to use hashlittle(). hashlittle() and hashbig() ++hash byte arrays. hashlittle() is is faster than hashbig() on ++little-endian machines. Intel and AMD are little-endian machines. ++On second thought, you probably want hashlittle2(), which is identical to ++hashlittle() except it returns two 32-bit hashes for the price of one. ++You could implement hashbig2() if you wanted but I haven't bothered here. ++ ++If you want to find a hash of, say, exactly 7 integers, do ++ a = i1; b = i2; c = i3; ++ mix(a,b,c); ++ a += i4; b += i5; c += i6; ++ mix(a,b,c); ++ a += i7; ++ final(a,b,c); ++then use c as the hash value. If you have a variable length array of ++4-byte integers to hash, use hashword(). If you have a byte array (like ++a character string), use hashlittle(). If you have several byte arrays, or ++a mix of things, see the comments above hashlittle(). ++ ++Why is this so big? I read 12 bytes at a time into 3 4-byte integers, ++then mix those integers. This is fast (you can do a lot more thorough ++mixing with 12*3 instructions on 3 integers than you can with 3 instructions ++on 1 byte), but shoehorning those bytes into integers efficiently is messy. ++------------------------------------------------------------------------------- ++*/ ++ ++/* ++ * My best guess at if you are big-endian or little-endian. This may ++ * need adjustment. ++ */ ++#if (defined(__BYTE_ORDER) && defined(__LITTLE_ENDIAN) && \ ++ __BYTE_ORDER == __LITTLE_ENDIAN) || \ ++ (defined(i386) || defined(__i386__) || defined(__i486__) || \ ++ defined(__i586__) || defined(__i686__) || defined(vax) || defined(MIPSEL)) ++# define HASH_LITTLE_ENDIAN 1 ++# define HASH_BIG_ENDIAN 0 ++#elif (defined(__BYTE_ORDER) && defined(__BIG_ENDIAN) && \ ++ __BYTE_ORDER == __BIG_ENDIAN) || \ ++ (defined(sparc) || defined(POWERPC) || defined(mc68000) || defined(sel)) ++# define HASH_LITTLE_ENDIAN 0 ++# define HASH_BIG_ENDIAN 1 ++#else ++# define HASH_LITTLE_ENDIAN 0 ++# define HASH_BIG_ENDIAN 0 ++#endif ++ ++#define hashsize(n) ((uint32_t)1<<(n)) ++#define hashmask(n) (hashsize(n)-1) ++#define rot(x,k) (((x)<<(k)) | ((x)>>(32-(k)))) ++ ++/* ++------------------------------------------------------------------------------- ++mix -- mix 3 32-bit values reversibly. ++ ++This is reversible, so any information in (a,b,c) before mix() is ++still in (a,b,c) after mix(). ++ ++If four pairs of (a,b,c) inputs are run through mix(), or through ++mix() in reverse, there are at least 32 bits of the output that ++are sometimes the same for one pair and different for another pair. ++This was tested for: ++* pairs that differed by one bit, by two bits, in any combination ++ of top bits of (a,b,c), or in any combination of bottom bits of ++ (a,b,c). ++* "differ" is defined as +, -, ^, or ~^. For + and -, I transformed ++ the output delta to a Gray code (a^(a>>1)) so a string of 1's (as ++ is commonly produced by subtraction) look like a single 1-bit ++ difference. ++* the base values were pseudorandom, all zero but one bit set, or ++ all zero plus a counter that starts at zero. ++ ++Some k values for my "a-=c; a^=rot(c,k); c+=b;" arrangement that ++satisfy this are ++ 4 6 8 16 19 4 ++ 9 15 3 18 27 15 ++ 14 9 3 7 17 3 ++Well, "9 15 3 18 27 15" didn't quite get 32 bits diffing ++for "differ" defined as + with a one-bit base and a two-bit delta. I ++used http://burtleburtle.net/bob/hash/avalanche.html to choose ++the operations, constants, and arrangements of the variables. ++ ++This does not achieve avalanche. There are input bits of (a,b,c) ++that fail to affect some output bits of (a,b,c), especially of a. The ++most thoroughly mixed value is c, but it doesn't really even achieve ++avalanche in c. ++ ++This allows some parallelism. Read-after-writes are good at doubling ++the number of bits affected, so the goal of mixing pulls in the opposite ++direction as the goal of parallelism. I did what I could. Rotates ++seem to cost as much as shifts on every machine I could lay my hands ++on, and rotates are much kinder to the top and bottom bits, so I used ++rotates. ++------------------------------------------------------------------------------- ++*/ ++#define mix(a,b,c) \ ++{ \ ++ a -= c; a ^= rot(c, 4); c += b; \ ++ b -= a; b ^= rot(a, 6); a += c; \ ++ c -= b; c ^= rot(b, 8); b += a; \ ++ a -= c; a ^= rot(c,16); c += b; \ ++ b -= a; b ^= rot(a,19); a += c; \ ++ c -= b; c ^= rot(b, 4); b += a; \ ++} ++ ++/* ++------------------------------------------------------------------------------- ++final -- final mixing of 3 32-bit values (a,b,c) into c ++ ++Pairs of (a,b,c) values differing in only a few bits will usually ++produce values of c that look totally different. This was tested for ++* pairs that differed by one bit, by two bits, in any combination ++ of top bits of (a,b,c), or in any combination of bottom bits of ++ (a,b,c). ++* "differ" is defined as +, -, ^, or ~^. For + and -, I transformed ++ the output delta to a Gray code (a^(a>>1)) so a string of 1's (as ++ is commonly produced by subtraction) look like a single 1-bit ++ difference. ++* the base values were pseudorandom, all zero but one bit set, or ++ all zero plus a counter that starts at zero. ++ ++These constants passed: ++ 14 11 25 16 4 14 24 ++ 12 14 25 16 4 14 24 ++and these came close: ++ 4 8 15 26 3 22 24 ++ 10 8 15 26 3 22 24 ++ 11 8 15 26 3 22 24 ++------------------------------------------------------------------------------- ++*/ ++#define final(a,b,c) \ ++{ \ ++ c ^= b; c -= rot(b,14); \ ++ a ^= c; a -= rot(c,11); \ ++ b ^= a; b -= rot(a,25); \ ++ c ^= b; c -= rot(b,16); \ ++ a ^= c; a -= rot(c,4); \ ++ b ^= a; b -= rot(a,14); \ ++ c ^= b; c -= rot(b,24); \ ++} ++ ++ ++/* ++------------------------------------------------------------------------------- ++hashlittle() -- hash a variable-length key into a 32-bit value ++ k : the key (the unaligned variable-length array of bytes) ++ length : the length of the key, counting by bytes ++ initval : can be any 4-byte value ++Returns a 32-bit value. Every bit of the key affects every bit of ++the return value. Two keys differing by one or two bits will have ++totally different hash values. ++ ++The best hash table sizes are powers of 2. There is no need to do ++mod a prime (mod is sooo slow!). If you need less than 32 bits, ++use a bitmask. For example, if you need only 10 bits, do ++ h = (h & hashmask(10)); ++In which case, the hash table should have hashsize(10) elements. ++ ++If you are hashing n strings (uint8_t **)k, do it like this: ++ for (i=0, h=0; i 12) ++ { ++ a += k[0]; ++ b += k[1]; ++ c += k[2]; ++ mix(a,b,c); ++ length -= 12; ++ k += 3; ++ } ++ ++ /*----------------------------- handle the last (probably partial) block */ ++ /* ++ * "k[2]&0xffffff" actually reads beyond the end of the string, but ++ * then masks off the part it's not allowed to read. Because the ++ * string is aligned, the masked-off tail is in the same word as the ++ * rest of the string. Every machine with memory protection I've seen ++ * does it on word boundaries, so is OK with this. But VALGRIND will ++ * still catch it and complain. The masking trick does make the hash ++ * noticably faster for short strings (like English words). ++ */ ++#ifndef VALGRIND ++ ++ switch(length) ++ { ++ case 12: c+=k[2]; b+=k[1]; a+=k[0]; break; ++ case 11: c+=k[2]&0xffffff; b+=k[1]; a+=k[0]; break; ++ case 10: c+=k[2]&0xffff; b+=k[1]; a+=k[0]; break; ++ case 9 : c+=k[2]&0xff; b+=k[1]; a+=k[0]; break; ++ case 8 : b+=k[1]; a+=k[0]; break; ++ case 7 : b+=k[1]&0xffffff; a+=k[0]; break; ++ case 6 : b+=k[1]&0xffff; a+=k[0]; break; ++ case 5 : b+=k[1]&0xff; a+=k[0]; break; ++ case 4 : a+=k[0]; break; ++ case 3 : a+=k[0]&0xffffff; break; ++ case 2 : a+=k[0]&0xffff; break; ++ case 1 : a+=k[0]&0xff; break; ++ case 0 : return c; /* zero length strings require no mixing */ ++ } ++ ++#else /* make valgrind happy */ ++ ++ const uint8_t *k8 = (const uint8_t *)k; ++ switch(length) ++ { ++ case 12: c+=k[2]; b+=k[1]; a+=k[0]; break; ++ case 11: c+=((uint32_t)k8[10])<<16; /* fall through */ ++ case 10: c+=((uint32_t)k8[9])<<8; /* fall through */ ++ case 9 : c+=k8[8]; /* fall through */ ++ case 8 : b+=k[1]; a+=k[0]; break; ++ case 7 : b+=((uint32_t)k8[6])<<16; /* fall through */ ++ case 6 : b+=((uint32_t)k8[5])<<8; /* fall through */ ++ case 5 : b+=k8[4]; /* fall through */ ++ case 4 : a+=k[0]; break; ++ case 3 : a+=((uint32_t)k8[2])<<16; /* fall through */ ++ case 2 : a+=((uint32_t)k8[1])<<8; /* fall through */ ++ case 1 : a+=k8[0]; break; ++ case 0 : return c; ++ } ++ ++#endif /* !valgrind */ ++ ++ } else if (HASH_LITTLE_ENDIAN && ((u.i & 0x1) == 0)) { ++ const uint16_t *k = (const uint16_t *)key; /* read 16-bit chunks */ ++ const uint8_t *k8; ++ ++ /*--------------- all but last block: aligned reads and different mixing */ ++ while (length > 12) ++ { ++ a += k[0] + (((uint32_t)k[1])<<16); ++ b += k[2] + (((uint32_t)k[3])<<16); ++ c += k[4] + (((uint32_t)k[5])<<16); ++ mix(a,b,c); ++ length -= 12; ++ k += 6; ++ } ++ ++ /*----------------------------- handle the last (probably partial) block */ ++ k8 = (const uint8_t *)k; ++ switch(length) ++ { ++ case 12: c+=k[4]+(((uint32_t)k[5])<<16); ++ b+=k[2]+(((uint32_t)k[3])<<16); ++ a+=k[0]+(((uint32_t)k[1])<<16); ++ break; ++ case 11: c+=((uint32_t)k8[10])<<16; /* fall through */ ++ case 10: c+=k[4]; ++ b+=k[2]+(((uint32_t)k[3])<<16); ++ a+=k[0]+(((uint32_t)k[1])<<16); ++ break; ++ case 9 : c+=k8[8]; /* fall through */ ++ case 8 : b+=k[2]+(((uint32_t)k[3])<<16); ++ a+=k[0]+(((uint32_t)k[1])<<16); ++ break; ++ case 7 : b+=((uint32_t)k8[6])<<16; /* fall through */ ++ case 6 : b+=k[2]; ++ a+=k[0]+(((uint32_t)k[1])<<16); ++ break; ++ case 5 : b+=k8[4]; /* fall through */ ++ case 4 : a+=k[0]+(((uint32_t)k[1])<<16); ++ break; ++ case 3 : a+=((uint32_t)k8[2])<<16; /* fall through */ ++ case 2 : a+=k[0]; ++ break; ++ case 1 : a+=k8[0]; ++ break; ++ case 0 : return c; /* zero length requires no mixing */ ++ } ++ ++ } else { /* need to read the key one byte at a time */ ++ const uint8_t *k = (const uint8_t *)key; ++ ++ /*--------------- all but the last block: affect some 32 bits of (a,b,c) */ ++ while (length > 12) ++ { ++ a += k[0]; ++ a += ((uint32_t)k[1])<<8; ++ a += ((uint32_t)k[2])<<16; ++ a += ((uint32_t)k[3])<<24; ++ b += k[4]; ++ b += ((uint32_t)k[5])<<8; ++ b += ((uint32_t)k[6])<<16; ++ b += ((uint32_t)k[7])<<24; ++ c += k[8]; ++ c += ((uint32_t)k[9])<<8; ++ c += ((uint32_t)k[10])<<16; ++ c += ((uint32_t)k[11])<<24; ++ mix(a,b,c); ++ length -= 12; ++ k += 12; ++ } ++ ++ /*-------------------------------- last block: affect all 32 bits of (c) */ ++ switch(length) /* all the case statements fall through */ ++ { ++ case 12: c+=((uint32_t)k[11])<<24; ++ case 11: c+=((uint32_t)k[10])<<16; ++ case 10: c+=((uint32_t)k[9])<<8; ++ case 9 : c+=k[8]; ++ case 8 : b+=((uint32_t)k[7])<<24; ++ case 7 : b+=((uint32_t)k[6])<<16; ++ case 6 : b+=((uint32_t)k[5])<<8; ++ case 5 : b+=k[4]; ++ case 4 : a+=((uint32_t)k[3])<<24; ++ case 3 : a+=((uint32_t)k[2])<<16; ++ case 2 : a+=((uint32_t)k[1])<<8; ++ case 1 : a+=k[0]; ++ break; ++ case 0 : return c; ++ } ++ } ++ ++ final(a,b,c); ++ return c; ++} ++ + unsigned long lh_char_hash(const void *k) + { +- unsigned int h = 0; +- const char* data = (const char*)k; +- +- while( *data!=0 ) h = h*129 + (unsigned int)(*data++) + LH_PRIME; ++ static volatile int random_seed = -1; ++ ++ if (random_seed == -1) { ++ int seed; ++ /* we can't use -1 as it is the unitialized sentinel */ ++ while ((seed = json_c_get_random_seed()) == -1); ++#if defined __GNUC__ ++ __sync_val_compare_and_swap(&random_seed, -1, seed); ++#elif defined _MSC_VER ++ InterlockedCompareExchange(&random_seed, seed, -1); ++#else ++#warning "racy random seed initializtion if used by multiple threads" ++ random_seed = seed; /* potentially racy */ ++#endif ++ } + +- return h; ++ return hashlittle((const char*)k, strlen((const char*)k), random_seed); + } + + int lh_char_equal(const void *k1, const void *k2) +diff --git a/linkhash.h b/linkhash.h +index 378de0b..950d09f 100644 +--- a/linkhash.h ++++ b/linkhash.h +@@ -246,7 +246,7 @@ extern struct lh_entry* lh_table_lookup_entry(struct lh_table *t, const void *k) + * @return a pointer to the found value or NULL if it does not exist. + * @deprecated Use lh_table_lookup_ex instead. + */ +-extern const void* lh_table_lookup(struct lh_table *t, const void *k); ++THIS_FUNCTION_IS_DEPRECATED(extern const void* lh_table_lookup(struct lh_table *t, const void *k)); + + /** + * Lookup a record in the table +diff --git a/random_seed.c b/random_seed.c +new file mode 100644 +index 0000000..3b520d4 +--- /dev/null ++++ b/random_seed.c +@@ -0,0 +1,237 @@ ++/* ++ * random_seed.c ++ * ++ * Copyright (c) 2013 Metaparadigm Pte. Ltd. ++ * Michael Clark ++ * ++ * This library is free software; you can redistribute it and/or modify ++ * it under the terms of the MIT license. See COPYING for details. ++ * ++ */ ++ ++#include ++#include "config.h" ++ ++#define DEBUG_SEED(s) ++ ++ ++#if defined ENABLE_RDRAND ++ ++/* cpuid */ ++ ++#if defined __GNUC__ && (defined __i386__ || defined __x86_64__) ++#define HAS_X86_CPUID 1 ++ ++static void do_cpuid(int regs[], int h) ++{ ++ __asm__ __volatile__( ++#if defined __x86_64__ ++ "pushq %%rbx;\n" ++#else ++ "pushl %%ebx;\n" ++#endif ++ "cpuid;\n" ++#if defined __x86_64__ ++ "popq %%rbx;\n" ++#else ++ "popl %%ebx;\n" ++#endif ++ : "=a"(regs[0]), [ebx] "=r"(regs[1]), "=c"(regs[2]), "=d"(regs[3]) ++ : "a"(h)); ++} ++ ++#elif defined _MSC_VER ++ ++#define HAS_X86_CPUID 1 ++#define do_cpuid __cpuid ++ ++#endif ++ ++/* has_rdrand */ ++ ++#if HAS_X86_CPUID ++ ++static int has_rdrand() ++{ ++ // CPUID.01H:ECX.RDRAND[bit 30] == 1 ++ int regs[4]; ++ do_cpuid(regs, 1); ++ return (regs[2] & (1 << 30)) != 0; ++} ++ ++#endif ++ ++/* get_rdrand_seed - GCC x86 and X64 */ ++ ++#if defined __GNUC__ && (defined __i386__ || defined __x86_64__) ++ ++#define HAVE_RDRAND 1 ++ ++static int get_rdrand_seed() ++{ ++ DEBUG_SEED("get_rdrand_seed"); ++ int _eax; ++ // rdrand eax ++ __asm__ __volatile__("1: .byte 0x0F\n" ++ " .byte 0xC7\n" ++ " .byte 0xF0\n" ++ " jnc 1b;\n" ++ : "=a" (_eax)); ++ return _eax; ++} ++ ++#endif ++ ++#if defined _MSC_VER ++ ++#if _MSC_VER >= 1700 ++#define HAVE_RDRAND 1 ++ ++/* get_rdrand_seed - Visual Studio 2012 and above */ ++ ++static int get_rdrand_seed() ++{ ++ DEBUG_SEED("get_rdrand_seed"); ++ int r; ++ while (_rdrand32_step(&r) == 0); ++ return r; ++} ++ ++#elif defined _M_IX86 ++#define HAVE_RDRAND 1 ++ ++/* get_rdrand_seed - Visual Studio 2010 and below - x86 only */ ++ ++static int get_rdrand_seed() ++{ ++ DEBUG_SEED("get_rdrand_seed"); ++ int _eax; ++retry: ++ // rdrand eax ++ __asm _emit 0x0F __asm _emit 0xC7 __asm _emit 0xF0 ++ __asm jnc retry ++ __asm mov _eax, eax ++ return _eax; ++} ++ ++#endif ++#endif ++ ++#endif /* defined ENABLE_RDRAND */ ++ ++ ++/* has_dev_urandom */ ++ ++#if defined (__APPLE__) || defined(__unix__) || defined(__linux__) ++ ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#define HAVE_DEV_RANDOM 1 ++ ++static const char *dev_random_file = "/dev/urandom"; ++ ++static int has_dev_urandom() ++{ ++ struct stat buf; ++ if (stat(dev_random_file, &buf)) { ++ return 0; ++ } ++ return ((buf.st_mode & S_IFCHR) != 0); ++} ++ ++ ++/* get_dev_random_seed */ ++ ++static int get_dev_random_seed() ++{ ++ DEBUG_SEED("get_dev_random_seed"); ++ ++ int fd = open(dev_random_file, O_RDONLY); ++ if (fd < 0) { ++ fprintf(stderr, "error opening %s: %s", dev_random_file, strerror(errno)); ++ exit(1); ++ } ++ ++ int r; ++ ssize_t nread = read(fd, &r, sizeof(r)); ++ if (nread != sizeof(r)) { ++ fprintf(stderr, "error read %s: %s", dev_random_file, strerror(errno)); ++ exit(1); ++ } ++ else if (nread != sizeof(r)) { ++ fprintf(stderr, "error short read %s", dev_random_file); ++ exit(1); ++ } ++ close(fd); ++ return r; ++} ++ ++#endif ++ ++ ++/* get_cryptgenrandom_seed */ ++ ++#ifdef WIN32 ++ ++#define HAVE_CRYPTGENRANDOM 1 ++ ++#include ++#pragma comment(lib, "advapi32.lib") ++ ++static int get_cryptgenrandom_seed() ++{ ++ DEBUG_SEED("get_cryptgenrandom_seed"); ++ ++ HCRYPTPROV hProvider = 0; ++ int r; ++ ++ if (!CryptAcquireContextW(&hProvider, 0, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) { ++ fprintf(stderr, "error CryptAcquireContextW"); ++ exit(1); ++ } ++ ++ if (!CryptGenRandom(hProvider, sizeof(r), (BYTE*)&r)) { ++ fprintf(stderr, "error CryptGenRandom"); ++ exit(1); ++ } ++ ++ CryptReleaseContext(hProvider, 0); ++ ++ return r; ++} ++ ++#endif ++ ++ ++/* get_time_seed */ ++ ++#include ++ ++static int get_time_seed() ++{ ++ DEBUG_SEED("get_time_seed"); ++ ++ return (int)time(NULL) * 433494437; ++} ++ ++ ++/* json_c_get_random_seed */ ++ ++int json_c_get_random_seed() ++{ ++#if HAVE_RDRAND ++ if (has_rdrand()) return get_rdrand_seed(); ++#endif ++#if HAVE_DEV_RANDOM ++ if (has_dev_urandom()) return get_dev_random_seed(); ++#endif ++#if HAVE_CRYPTGENRANDOM ++ return get_cryptgenrandom_seed(); ++#endif ++ return get_time_seed(); ++} +diff --git a/random_seed.h b/random_seed.h +new file mode 100644 +index 0000000..7362d67 +--- /dev/null ++++ b/random_seed.h +@@ -0,0 +1,25 @@ ++/* ++ * random_seed.h ++ * ++ * Copyright (c) 2013 Metaparadigm Pte. Ltd. ++ * Michael Clark ++ * ++ * This library is free software; you can redistribute it and/or modify ++ * it under the terms of the MIT license. See COPYING for details. ++ * ++ */ ++ ++#ifndef seed_h ++#define seed_h ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++extern int json_c_get_random_seed(); ++ ++#ifdef __cplusplus ++} ++#endif ++ ++#endif +-- +1.9.1 + +--- a/config.h.in 2013-04-03 04:04:18.000000000 +0200 ++++ b/config.h.in 2014-04-10 10:32:09.318409377 +0200 +@@ -3,12 +3,18 @@ + /* Define if .gnu.warning accepts long strings. */ + #undef HAS_GNU_WARNING_LONG + ++/* Enable RDRANR Hardware RNG Hash Seed */ ++#undef ENABLE_RDRAND ++ + /* Define to 1 if you have the header file. */ + #undef HAVE_DLFCN_H + + /* Define to 1 if you don't have `vprintf' but do have `_doprnt.' */ + #undef HAVE_DOPRNT + ++/* Define to 1 if you have the header file. */ ++#undef HAVE_ENDIAN_H ++ + /* Define to 1 if you have the header file. */ + #undef HAVE_FCNTL_H + +--- a/configure.in 2014-04-10 10:32:56.443006786 +0200 ++++ b/configure.in 2014-04-10 10:34:26.480080755 +0200 +@@ -15,6 +15,20 @@ + ) + AM_CONDITIONAL(ENABLE_OLDNAME_COMPAT, [test "x${enable_oldname_compat}" != "xno"]) + ++AC_ARG_ENABLE(rdrand, ++ AS_HELP_STRING([--enable-rdrand], ++ [Enable RDRAND Hardware RNG Hash Seed generation on supported x86/x64 platforms.]), ++ [if test x$enableval = xyes; then ++ enable_rdrand=yes ++ AC_DEFINE(ENABLE_RDRAND, 1, [Enable RDRANR Hardware RNG Hash Seed]) ++ fi]) ++ ++if test "x$enable_rdrand" = "xyes"; then ++ AC_MSG_RESULT([RDRAND Hardware RNG Hash Seed enabled on supported x86/x64 platforms]) ++else ++ AC_MSG_RESULT([RDRAND Hardware RNG Hash Seed disabled. Use --enable-rdrand to enable]) ++fi ++ + # Checks for programs. + + # Checks for libraries. +@@ -23,7 +37,7 @@ + AC_CONFIG_HEADER(config.h) + AC_CONFIG_HEADER(json_config.h) + AC_HEADER_STDC +-AC_CHECK_HEADERS(fcntl.h limits.h strings.h syslog.h unistd.h [sys/cdefs.h] [sys/param.h] stdarg.h locale.h) ++AC_CHECK_HEADERS(fcntl.h limits.h strings.h syslog.h unistd.h [sys/cdefs.h] [sys/param.h] stdarg.h locale.h endian.h) + AC_CHECK_HEADER(inttypes.h,[AC_DEFINE([JSON_C_HAVE_INTTYPES_H],[1],[Public define for json_inttypes.h])]) + + # Checks for typedefs, structures, and compiler characteristics. diff --git a/SPECS/json-c.spec b/SPECS/json-c.spec new file mode 100644 index 00000000..eecd5640 --- /dev/null +++ b/SPECS/json-c.spec @@ -0,0 +1,153 @@ +%global reldate 20130402 + +Name: json-c +Version: 0.11 +Release: 4%{?dist} +Summary: A JSON implementation in C +Group: Development/Libraries +License: MIT +URL: https://github.com/json-c/json-c/wiki +Source0: https://github.com/json-c/json-c/archive/json-c-%{version}-%{reldate}.tar.gz + +Patch0: json-c-CVE-2013-6371.patch + +BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) +BuildRequires: libtool + +%description +JSON-C implements a reference counting object model that allows you to easily +construct JSON objects in C, output them as JSON formatted strings and parse +JSON formatted strings back into the C representation of JSON objects. + +%package devel +Summary: Development headers and library for json-c +Group: Development/Libraries +Requires: %{name} = %{version}-%{release} +Requires: pkgconfig + +%description devel +This package contains the development headers and library for json-c. + + +%package doc +Summary: Reference manual for json-c +Group: Documentation +%if 0%{?fedora} > 10 || 0%{?rhel}>5 +BuildArch: noarch +%endif + +%description doc +This package contains the reference manual for json-c. + +%prep +%setup -q -n json-c-json-c-%{version}-%{reldate} + +%patch0 -p1 -b .cve20136371 + +for doc in ChangeLog; do + iconv -f iso-8859-1 -t utf8 $doc > $doc.new && + touch -r $doc $doc.new && + mv $doc.new $doc +done + +# regenerate auto stuff to avoid rpath issue +autoreconf -fi + + +%build +%configure \ + --enable-shared \ + --disable-static \ + --disable-rpath \ + --enable-rdrand +# parallel build is broken for now, make %{?_smp_mflags} +make + +%install +rm -rf %{buildroot} +make install DESTDIR=%{buildroot} + +# Get rid of la files +rm -rf %{buildroot}%{_libdir}/*.la + +# yum cannot replace a dir by a link +# so switch the dir names +rm %{buildroot}%{_includedir}/json +mv %{buildroot}%{_includedir}/json-c \ + %{buildroot}%{_includedir}/json +ln -s json \ + %{buildroot}%{_includedir}/json-c + + +%check +make check + + +%clean +rm -rf %{buildroot} + + +%post -p /sbin/ldconfig +%postun -p /sbin/ldconfig + + +%files +%defattr(-,root,root,-) +%doc AUTHORS ChangeLog COPYING NEWS README README.html +%{_libdir}/libjson.so.* +%{_libdir}/libjson-c.so.* + +%files devel +%defattr(-,root,root,-) +%{_includedir}/json +%{_includedir}/json-c +%{_libdir}/libjson.so +%{_libdir}/libjson-c.so +%{_libdir}/pkgconfig/json.pc +%{_libdir}/pkgconfig/json-c.pc + +%files doc +%defattr(-,root,root,-) +%doc doc/html/* + + +%changelog +* Wed Apr 9 2014 Remi Collet - 0.11-4 +- fix has collision CVE-2013-6371 +- fix buffer overflow CVE-2013-6370 +- enable upstream test suite + +* Fri Jan 24 2014 Daniel Mach - 0.11-3 +- Mass rebuild 2014-01-24 + +* Fri Dec 27 2013 Daniel Mach - 0.11-2 +- Mass rebuild 2013-12-27 + +* Mon Apr 29 2013 Remi Collet - 0.11-1 +- update to 0.11 +- fix source0 +- enable both json and json-c libraries + +* Thu Feb 14 2013 Fedora Release Engineering - 0.10-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Sat Nov 24 2012 Jussi Lehtola - 0.10-2 +- Compile and install json_object_iterator using Remi Collet's fix (BZ #879771). + +* Sat Nov 24 2012 Jussi Lehtola - 0.10-1 +- Update to 0.10 (BZ #879771). + +* Thu Jul 19 2012 Fedora Release Engineering - 0.9-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Mon Jan 23 2012 Jiri Pirko - 0.9-4 +- add json_tokener_parse_verbose, and return NULL on parser errors + +* Fri Jan 13 2012 Fedora Release Engineering - 0.9-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Wed Feb 09 2011 Fedora Release Engineering - 0.9-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Tue Apr 06 2010 Jussi Lehtola - 0.9-1 +- First release.