automatic import of libyajlopeneuler22.03_LTS_SP2

10 files changed, 370 insertions, 0 deletions

diff --git a/.gitignore b/.gitignore
index e69de29..f91cd7e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+/2.1.0.tar.gz
diff --git a/baselibs.conf b/baselibs.conf
new file mode 100644
index 0000000..9c187b5
--- /dev/null
+++ b/baselibs.conf
@@ -0,0 +1,4 @@
+libyajl2
+libyajl-devel
+	requires -libyajl-<targettype>
+	requires "libyajl2-<targettype> = <version>"
diff --git a/json_reformat.1 b/json_reformat.1
new file mode 100644
index 0000000..5046435
--- /dev/null
+++ b/json_reformat.1
@@ -0,0 +1,22 @@
+.TH json_reformat 1
+.SH NAME
+json_reformat \- Reformat json from stdin
+.SH SYNOPSIS
+.B json_reformat
+[
+.I OPTION
+]
+.SH "DESCRIPTION"
+A sample program to demonstrate the use of yajl.  json_reformat reformats json from stdin.
+.SH OPTIONS
+.TP
+.B \-m
+minimize json rather than beautify (default)
+.TP
+.B \-u
+allow invalid UTF8 inside strings during parsing
+.BR
+.SH AUTHORS
+     Lloyd Hilaiel <lloyd@hilaiel.com>
+
+
diff --git a/json_verify.1 b/json_verify.1
new file mode 100644
index 0000000..10a44eb
--- /dev/null
+++ b/json_verify.1
@@ -0,0 +1,25 @@
+.TH json_verify 1
+.SH NAME
+json_verify \- Validate json from stdin
+.SH SYNOPSIS
+.B json_verify
+[
+.I OPTION
+]
+.SH "DESCRIPTION"
+A sample program to demonstrate the use of yajl.  json_verify validates json from stdin.
+.SH OPTIONS
+.TP
+.B \-q
+quiet mode
+.TP
+.B \-c
+allow comments
+.TP
+.B \-u
+allow invalid utf8 inside strings
+.BR
+.SH AUTHORS
+     Lloyd Hilaiel <lloyd@hilaiel.com>
+
+
diff --git a/libyajl-CVE-2022-24795.patch b/libyajl-CVE-2022-24795.patch
new file mode 100644
index 0000000..3fb9177
--- /dev/null
+++ b/libyajl-CVE-2022-24795.patch
@@ -0,0 +1,36 @@
+From d3a528c788ba9e531fab91db41d3a833c54da325 Mon Sep 17 00:00:00 2001
+From: Jacek Tomasiak <jacek.tomasiak@gmail.com>
+Date: Thu, 12 May 2022 13:02:47 +0200
+Subject: [PATCH] Fix CVE-2022-24795 (from brianmario/yajl-ruby)
+
+The buffer reallocation could cause heap corruption because of `need`
+overflow for large inputs. In addition, there's a possible infinite loop
+in case `need` reaches zero.
+
+The fix is to `abort()` if the loop ends with lower value of `need` than
+when it started.
+---
+ src/yajl_buf.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+Index: yajl-2.1.0/src/yajl_buf.c
+===================================================================
+--- yajl-2.1.0.orig/src/yajl_buf.c
++++ yajl-2.1.0/src/yajl_buf.c
+@@ -45,7 +45,15 @@ void yajl_buf_ensure_available(yajl_buf
+ 
+     need = buf->len;
+ 
+-    while (want >= (need - buf->used)) need <<= 1;
++    while (need > 0 && want >= (need - buf->used)) {
++        /* this eventually "overflows" to zero */
++        need <<= 1;
++    }
++
++    /* overflow */
++    if (need < buf->len) {
++        abort();
++    }
+ 
+     if (need != buf->len) {
+         buf->data = (unsigned char *) YA_REALLOC(buf->alloc, buf->data, need);
diff --git a/libyajl-lib_suffix.patch b/libyajl-lib_suffix.patch
new file mode 100644
index 0000000..8185980
--- /dev/null
+++ b/libyajl-lib_suffix.patch
@@ -0,0 +1,12 @@
+diff -aur lloyd-yajl-66cb08c_orig/src/CMakeLists.txt lloyd-yajl-66cb08c/src/CMakeLists.txt
+--- lloyd-yajl-66cb08c_orig/src/CMakeLists.txt	2014-03-19 05:58:29.000000000 +0100
++++ lloyd-yajl-66cb08c/src/CMakeLists.txt	2014-11-01 11:04:26.327902124 +0100
+@@ -28,7 +28,7 @@
+ ADD_DEFINITIONS(-DYAJL_BUILD)
+ 
+ # set up some paths
+-SET (libDir ${CMAKE_CURRENT_BINARY_DIR}/../${YAJL_DIST_NAME}/lib)
++SET (libDir ${CMAKE_CURRENT_BINARY_DIR}/../${YAJL_DIST_NAME}/${LIB_SUFFIX})
+ SET (incDir ${CMAKE_CURRENT_BINARY_DIR}/../${YAJL_DIST_NAME}/include/yajl)
+ SET (shareDir ${CMAKE_CURRENT_BINARY_DIR}/../${YAJL_DIST_NAME}/share/pkgconfig)
+ 
diff --git a/libyajl-optflags.patch b/libyajl-optflags.patch
new file mode 100644
index 0000000..c3d3882
--- /dev/null
+++ b/libyajl-optflags.patch
@@ -0,0 +1,12 @@
+diff -aur lloyd-yajl-66cb08c_orig/CMakeLists.txt lloyd-yajl-66cb08c/CMakeLists.txt
+--- lloyd-yajl-66cb08c_orig/CMakeLists.txt	2014-03-19 05:58:29.000000000 +0100
++++ lloyd-yajl-66cb08c/CMakeLists.txt	2014-11-01 11:03:10.921290296 +0100
+@@ -59,7 +59,7 @@
+       "${CMAKE_C_FLAGS} -std=c99 -pedantic -Wpointer-arith -Wno-format-y2k -Wstrict-prototypes -Wmissing-declarations -Wnested-externs -Wextra	-Wundef -Wwrite-strings -Wold-style-definition -Wredundant-decls -Wno-unused-parameter -Wno-sign-compare -Wmissing-prototypes")
+ 
+   SET(CMAKE_C_FLAGS_DEBUG "-DDEBUG -g")
+-  SET(CMAKE_C_FLAGS_RELEASE "-DNDEBUG -O2 -Wuninitialized")
++  SET(CMAKE_C_FLAGS_RELEASE "$ENV{OPTFLAGS} -Wuninitialized")
+ ENDIF (WIN32)
+ 
+ 
diff --git a/libyajl-rpmlintrc b/libyajl-rpmlintrc
new file mode 100644
index 0000000..f978e1d
--- /dev/null
+++ b/libyajl-rpmlintrc
@@ -0,0 +1,4 @@
+addFilter("no-dependency-on libyajl/libyajl-libs/liblibyajl")
+addFilter("libyajl-devel-static..*: W: shlib-policy-missing-lib")
+addFilter("no-manual-page-for-binary .*")
+addFilter("macro-in-comment .*")
diff --git a/libyajl.spec b/libyajl.spec
new file mode 100644
index 0000000..913c447
--- /dev/null
+++ b/libyajl.spec
@@ -0,0 +1,253 @@
+#
+# spec file for package libyajl
+#
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
+#
+
+
+%define soname 2
+Name:           libyajl
+Version:        2.1.0
+Release:        150000.4.3.1
+Summary:        Yet Another JSON Library
+License:        ISC
+Group:          System/Libraries
+Url:            http://lloyd.github.com/yajl/
+Source0:        https://github.com/lloyd/yajl/archive/%{version}.tar.gz
+Source1:        baselibs.conf
+Source2:        json_reformat.1
+Source3:        json_verify.1
+Source99:       %{name}-rpmlintrc
+Patch1:         libyajl-optflags.patch
+Patch2:         libyajl-lib_suffix.patch
+Patch3:         libyajl-CVE-2022-24795.patch
+BuildRequires:  bison
+BuildRequires:  cmake
+BuildRequires:  doxygen
+BuildRequires:  flex
+BuildRequires:  gcc-c++
+BuildRequires:  pkg-config
+BuildRoot:      %{_tmppath}/%{name}-%{version}-build
+
+%description
+YAJL is a small event-driven (SAX-style) JSON parser written in ANSI C, and a
+small validating JSON generator.
+
+%package -n %{name}%{soname}
+Summary:        Yet Another JSON Library
+Group:          System/Libraries
+
+%description -n %{name}%{soname}
+YAJL is a small event-driven (SAX-style) JSON parser written in ANSI C, and a
+small validating JSON generator.
+
+%package -n %{name}-devel
+Summary:        Yet Another JSON Library (Development Environment)
+Group:          Development/Libraries/C and C++
+Requires:       %{name}%{soname} = %{version}
+
+%description -n %{name}-devel
+YAJL is a small event-driven (SAX-style) JSON parser written in ANSI C, and a
+small validating JSON generator.
+
+This package provides the necessary environment for compiling and linking
+against %{name}.
+
+%package -n %{name}-devel-static
+Summary:        Yet Another JSON Library (Static Library)
+Group:          Development/Libraries/C and C++
+Requires:       %{name}-devel = %{version}
+
+%description -n %{name}-devel-static
+YAJL is a small event-driven (SAX-style) JSON parser written in ANSI C, and a
+small validating JSON generator.
+
+This package provides the necessary environment for linking statically
+against %{name}.
+
+%package -n yajl
+Summary:        Yet Another JSON Library Tools
+Group:          Productivity/Text/Utilities
+Requires:       %{name}%{soname} = %{version}
+
+%description -n yajl
+YAJL is a small event-driven (SAX-style) JSON parser written in ANSI C, and a
+small validating JSON generator.
+
+This package provides a few command-line utilities for processing JSON files.
+
+%prep
+%setup -q -n yajl-%{version}
+%patch1 -p1 -b .optflags
+%patch2 -p1 -b .lib_suffix
+%patch3 -p1
+
+%build
+%cmake
+make %{?_smp_mflags}
+
+%install
+%cmake_install
+install -d -m 0755 %{buildroot}%{_mandir}/man1
+install -m644 %{SOURCE2} %{SOURCE3} %{buildroot}/%{_mandir}/man1
+
+%check
+make %{?_smp_mflags} test
+
+%post   -n %{name}%{soname} -p /sbin/ldconfig
+
+%postun -n %{name}%{soname} -p /sbin/ldconfig
+
+%files -n %{name}%{soname}
+%defattr(-,root,root)
+%license COPYING
+%{_libdir}/libyajl.so.%{soname}
+%{_libdir}/libyajl.so.%{soname}.*
+
+%files -n %{name}-devel
+%defattr(-,root,root)
+%doc README TODO
+%{_includedir}/yajl
+%{_libdir}/libyajl.so
+%{_datadir}/pkgconfig/yajl.pc
+
+%files -n %{name}-devel-static
+%defattr(-,root,root)
+%{_libdir}/libyajl_s.a
+
+%files -n yajl
+%defattr(-,root,root)
+%{_mandir}/man1/json_reformat.1*
+%{_mandir}/man1/json_verify.1*
+%{_bindir}/json_reformat
+%{_bindir}/json_verify
+
+%changelog
+* Fri May 13 2022 jtomasiak@suse.com
+- add libyajl-CVE-2022-24795.patch (CVE-2022-24795, bsc#1198405)
+* Tue Mar 27 2018 kukuk@suse.de
+- Use %%license instead of %%doc [bsc#1082318]
+- Move other docu to -devel package where it better fits
+* Sun Apr 26 2015 mpluskal@suse.com
+- Use correct url for download
+- Add dependency on doxygen for doc generation
+- Cleanup spec file with spec-clener
+* Wed Nov  5 2014 ku.b@gmx.de
+- update to 2.1.0
+- 2.1.0
+  - @nonodename, @patperry - fixed some compiler warnings
+  - @yep, @emaste - documentation improvements
+  - @sgravrock - build fix for NetBSD (and whenever sh != bash)
+  - @rotty, @brimstone3, @lloyd - allow client to reset generator
+  - @sgravrock - remove bash dependencies
+  - @lloyd - add api tests
+  - @rflynn - remove ruby dependency
+  - @cloderic - nmake install works on windows
+  - @shahbag - build fix for qnx
+  - @breese - debugging improvements
+  - @lloyd - json_verify supports -s flag for stream processing
+  - @lloyd - json_reformat supports -s flag for stream processing
+- 2.0.4
+  - @jcekstrom - additional checking in integer parsing
+  - @jcekstrom - fix a bug in yajl_tree that would cause valid json integersto fail to parse
+  - @plaguemorin - fix a memory leak in yajl_tree (error strings were being leaked)
+  - @7AC - reset errno
+  - @ConradIrwin - include flags to reformatter to allow toggling of escape solidus option
+- 2.0.3
+  - John Stamp generation of a pkgconfig file at build time.
+  - @robzuber bugfix in yajl_tree_get()
+  - @lloyd - fix for compilation on 64 bit windows
+- 2.0.2
+  - lth fix typos in yajl_tree.h macros YAJL_IS_INTEGER and YAJL_IS_DOUBLE,
+    contributed by Artem S Vybornov.
+  - lth add #ifdef __cplusplus wrappers to yajl_tree to allow proper
+    usage from many populer C++ compilers.
+- fix array access
+* Sun Jan 29 2012 jengelh@medozas.de
+- Remove redundant tags/sections per specfile guideline suggestions
+* Fri Sep 16 2011 jengelh@medozas.de
+- Add libyajl-devel to baselibs
+* Tue Aug 16 2011 mrueckert@suse.de
+- bump baselibs.conf
+* Fri Aug 12 2011 mrueckert@suse.de
+- update to 2.0.1
+  - lth generator flag to allow client to specify they want escaped
+    solidi '/'.  issue #28
+  - lth crash fix when yajl_parse() is never called. issue #27
+- additional changes from 2.0.0
+  - lth YAJL is now ISC licensed:
+    http://en.wikipedia.org/wiki/ISC_license
+  - lth 20-35%% (osx and linux respectively) parsing performance
+    improvement attained by tweaking string scanning (idea:
+    @michaelrhanson).
+  - Florian Forster & lth - yajl_tree interface introduced as a
+    higher level interface to the parser (eats JSON, poops a memory
+    representation)
+  - lth require a C99 compiler
+  - lth integers are now represented with long long (64bit+) on all
+    platforms.
+  - lth size_t now used throughout to represent buffer lengths, so
+    you can safely manage buffers greater than 4GB.
+  - gno semantic improvements to yajl's API regarding partial value
+    parsing and trailing garbage
+  - lth new configuration mechanism for yajl, see yajl_config() and
+    yajl_gen_config()
+  - gno more allocation checking in more places
+  - gno remove usage of strtol, replace with custom implementation
+    that cares not about your locale.
+  - lth yajl_parse_complete renamed to yajl_complete_parse.
+  - lth add a switch to validate utf8 strings as they are
+    generated.
+  - lth tests are a lot quieter in their output.
+  - lth addition of a little in tree performance benchmark,
+    `perftest` in perf/perftest.c
+- additional changes from 1.0.12
+  - Conrad Irwin - Parse null bytes correctly
+  - Mirek Rusin - fix LLVM warnings
+  - gno - Don't generate numbers for keys. closes #13
+  - lth - various win32 fixes, including build documentation
+    improvements
+  - John Stamp - Don't export private symbols.
+  - John Stamp - Install yajl_version.h, not the template.
+  - John Stamp - Don't use -fPIC for static lib.  Cmake will
+    automatically add it for the shared.
+  - lth 0 fix paths embedded in dylib upon installation on osx.
+    closes #11
+- refreshed optflags patch
+* Thu Jun  2 2011 jfehlig@novell.com
+- Add man pages for json_{reformat,verify}
+* Wed Apr 13 2011 jfehlig@novell.com
+- Add filters to rpmlintrc
+- spec file: Document githash usage in tarbal name
+* Wed Apr 13 2011 jfehlig@novell.com
+- Add filters to rpmlintrc
+- spec file: Document githash usage in tarbal name
+* Fri Apr  8 2011 coolo@novell.com
+- add baselibs.conf for 32bit library support
+* Wed Feb  9 2011 pascal.bleser@opensuse.org
+- revert last change, it is BSD3c indeed, and totally unrelated to
+  bnc#670525
+* Wed Feb  9 2011 pascal.bleser@opensuse.org
+- fix license, changed from erroneous BSD3c to MIT, as stated on
+  http://pyyaml.org/wiki/LibYAML, sort of fixes bnc#670525
+* Tue Dec 21 2010 pascal.bleser@opensuse.org
+- merge yajl package from darix:
+  * lib -> LIBDIR patch
+  * -devel-static subpackage
+* Wed Dec  1 2010 pascal.bleser@opensuse.org
+- update to 1.0.11: no user-visible changes
+- changes from 1.0.10:
+  * yajl version number now programatically accessible
+* Mon Jul 12 2010 pascal.bleser@opensuse.org
+- initial package (1.0.9)
diff --git a/sources b/sources
new file mode 100644
index 0000000..f97d407
--- /dev/null
+++ b/sources
@@ -0,0 +1 @@
+6887e0ed7479d2549761a4d284d3ecb0  2.1.0.tar.gz