01/01: gnu: jansson: Update to 2.9.

guix-commits
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/01: gnu: jansson: Update to 2.9.

From:	Leo Famulari
Subject:	01/01: gnu: jansson: Update to 2.9.
Date:	Mon, 7 Nov 2016 00:50:40 +0000 (UTC)
lfam pushed a commit to branch master
in repository guix.

commit 14ac8e4865206f5cd1278cd962d01ce27890d51f
Author: Leo Famulari <address@hidden>
Date:   Sun Nov 6 19:49:03 2016 -0500

    gnu: jansson: Update to 2.9.
    
    * gnu/packages/web.scm (jansson): Update to 2.9.
    [source]: Remove 'jansson-CVE-2016-4425.patch'.
    * gnu/packages/patches/jansson-CVE-2016-4425.patch: Delete file.
    * gnu/local.mk (dist_patch_DATA): Remove it.
---
 gnu/local.mk                                     |    1 -
 gnu/packages/patches/jansson-CVE-2016-4425.patch |  125 ----------------------
 gnu/packages/web.scm                             |    5 +-
 3 files changed, 2 insertions(+), 129 deletions(-)

diff --git a/gnu/local.mk b/gnu/local.mk
index 531e29b..aaa9f5c 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -613,7 +613,6 @@ dist_patch_DATA =                                           
\
   %D%/packages/patches/id3lib-CVE-2007-4460.patch                      \
   %D%/packages/patches/ilmbase-fix-tests.patch                 \
   %D%/packages/patches/inkscape-drop-wait-for-targets.patch    \
-  %D%/packages/patches/jansson-CVE-2016-4425.patch             \
   %D%/packages/patches/jbig2dec-ignore-testtest.patch          \
   %D%/packages/patches/jq-CVE-2015-8863.patch                  \
   %D%/packages/patches/khmer-use-libraries.patch                \
diff --git a/gnu/packages/patches/jansson-CVE-2016-4425.patch 
b/gnu/packages/patches/jansson-CVE-2016-4425.patch
deleted file mode 100644
index ebe9aa7..0000000
--- a/gnu/packages/patches/jansson-CVE-2016-4425.patch
+++ /dev/null
@@ -1,125 +0,0 @@
-From 64ce0ad3731ebd77e02897b07920eadd0e2cc318 Mon Sep 17 00:00:00 2001
-From: Dmitry Janushkevich <address@hidden>
-Date: Mon, 2 May 2016 13:59:26 +0200
-Subject: [PATCH] Fix for issue #282
-
-The fix limits recursion depths when parsing arrays and objects.
-The limit is configurable via the `JSON_PARSER_MAX_DEPTH` setting
-within `jansson_config.h` and is set by default to 2048.
-
-Update the RFC conformance document to note the limit; the RFC
-allows limits to be set by the implementation so nothing has
-actually changed w.r.t. conformance state.
-
-Reported by Gustavo Grieco.
----
- android/jansson_config.h                  |  4 ++++
- cmake/jansson_config.h.cmake              |  4 ++++
- doc/conformance.rst                       | 10 ++++++++++
- src/jansson_config.h.in                   |  4 ++++
- src/load.c                                | 10 ++++++++++
- test/suites/invalid/recursion-depth/error |  2 ++
- test/suites/invalid/recursion-depth/input |  1 +
- 7 files changed, 35 insertions(+)
- create mode 100644 test/suites/invalid/recursion-depth/error
- create mode 100644 test/suites/invalid/recursion-depth/input
-
---- a/android/jansson_config.h
-+++ b/android/jansson_config.h
-@@ -36,4 +36,8 @@
-    otherwise to 0. */
- #define JSON_HAVE_LOCALECONV 0
- 
-+/* Maximum recursion depth for parsing JSON input.
-+   This limits the depth of e.g. array-within-array constructions. */
-+#define JSON_PARSER_MAX_DEPTH 2048
-+
- #endif
---- a/cmake/jansson_config.h.cmake
-+++ b/cmake/jansson_config.h.cmake
-@@ -60,5 +60,9 @@
- #define JSON_HAVE_LOCALECONV @JSON_HAVE_LOCALECONV@
- 
- 
-+/* Maximum recursion depth for parsing JSON input.
-+   This limits the depth of e.g. array-within-array constructions. */
-+#define JSON_PARSER_MAX_DEPTH 2048
-+
- 
- #endif
---- a/doc/conformance.rst
-+++ b/doc/conformance.rst
-@@ -108,3 +108,13 @@
- are implicitly handled via the ordinary C type coercion rules (subject
- to overflow semantics). Also, no support or hooks are provided for any
- supplemental "bignum" type add-on packages.
-+
-+Depth of nested values
-+----------------------
-+
-+To avoid stack exhaustion, Jansson currently limits the nesting depth
-+for arrays and objects to a certain value (default: 2048), defined as
-+a macro ``JSON_PARSER_MAX_DEPTH`` within ``jansson_config.h``.
-+
-+The limit is allowed to be set by the RFC; there is no recommended value
-+or required minimum depth to be supported.
---- a/src/jansson_config.h.in
-+++ b/src/jansson_config.h.in
-@@ -36,4 +36,8 @@
-    otherwise to 0. */
- #define JSON_HAVE_LOCALECONV @json_have_localeconv@
- 
-+/* Maximum recursion depth for parsing JSON input.
-+   This limits the depth of e.g. array-within-array constructions. */
-+#define JSON_PARSER_MAX_DEPTH 2048
-+
- #endif
---- a/src/load.c
-+++ b/src/load.c
-@@ -61,6 +61,7 @@
- typedef struct {
-     stream_t stream;
-     strbuffer_t saved_text;
-+    size_t depth;
-     int token;
-     union {
-         struct {
-@@ -800,6 +801,12 @@
-     json_t *json;
-     double value;
- 
-+    lex->depth++;
-+    if(lex->depth > JSON_PARSER_MAX_DEPTH) {
-+        error_set(error, lex, "maximum parsing depth reached");
-+        return NULL;
-+    }
-+
-     switch(lex->token) {
-         case TOKEN_STRING: {
-             const char *value = lex->value.string.val;
-@@ -870,6 +877,7 @@
-     if(!json)
-         return NULL;
- 
-+    lex->depth--;
-     return json;
- }
- 
-@@ -877,6 +885,8 @@
- {
-     json_t *result;
- 
-+    lex->depth = 0;
-+
-     lex_scan(lex, error);
-     if(!(flags & JSON_DECODE_ANY)) {
-         if(lex->token != '[' && lex->token != '{') {
---- /dev/null
-+++ b/test/suites/invalid/recursion-depth/error
-@@ -0,0 +1,2 @@
-+1 2049 2049
-+maximum parsing depth reached near '['
---- /dev/null
-+++ b/test/suites/invalid/recursion-depth/input
-@@ -0,0 +1 @@
-+[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[
 [...]
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 9ea9503..119c36b 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -236,7 +236,7 @@ and UNIX socket support.")
 (define-public jansson
   (package
     (name "jansson")
-    (version "2.7")
+    (version "2.9")
     (source (origin
              (method url-fetch)
              (uri
@@ -244,8 +244,7 @@ and UNIX socket support.")
                              version ".tar.gz"))
              (sha256
               (base32
-               "1mvq9p85khsl818i4vbszyfab0fd45mdrwrxjkzw05mk1xcyc1br"))
-             (patches (search-patches "jansson-CVE-2016-4425.patch"))))
+               "19fjgfwjfj99rqa3kf96x5rssj88siazggksgrikd6h4r9sd1l0a"))))
     (build-system gnu-build-system)
     (home-page "http://www.digip.org/jansson/";)
     (synopsis "JSON C library")
[Prev in Thread]
Current Thread
[Next in Thread]
branch master updated (fd68cc2 -> 14ac8e4), Leo Famulari, 2016/11/06
- 01/01: gnu: jansson: Update to 2.9., Leo Famulari <=
Prev by Date: branch core-updates updated (8b6ad16 -> 19ac2ba)
Next by Date: branch master updated (fd68cc2 -> 14ac8e4)
Previous by thread: branch master updated (fd68cc2 -> 14ac8e4)
Next by thread: branch master updated (14ac8e4 -> fbc44ef)
Index(es):
- Date
- Thread