mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-24 16:03:23 +00:00
json-c: update to 0.12, fixing CVE-2013-{6370,6371}
This commit is contained in:
parent
208e7cae1a
commit
d96f262166
@ -1,20 +1,32 @@
|
||||
{ stdenv, fetchurl }:
|
||||
{ stdenv, fetchurl, autoreconfHook }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "json-c-0.9";
|
||||
name = "json-c-0.12";
|
||||
src = fetchurl {
|
||||
url = "http://oss.metaparadigm.com/json-c/json-c-0.9.tar.gz";
|
||||
sha256 = "0xcl8cwzm860f8m0cdzyw6slwcddni4mraw4shvr3qgqkdn4hakh";
|
||||
url = "https://s3.amazonaws.com/json-c_releases/releases/${name}-nodoc.tar.gz";
|
||||
sha256 = "0dgvjjyb9xva63l6sy70sdch2w4ryvacdmfd3fg2f2v13lqx5mkg";
|
||||
};
|
||||
|
||||
patches = [ ./unused-variable.patch ];
|
||||
|
||||
buildInputs = [ autoreconfHook ]; # won't configure without it, no idea why
|
||||
|
||||
# compatibility hack (for mypaint at least)
|
||||
postInstall = ''
|
||||
ln -s json-c.pc "$out/lib/pkgconfig/json.pc"
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
homepage = "http://oss.metaparadigm.com/json-c/";
|
||||
description = "A JSON implementation in C";
|
||||
homepage = https://github.com/json-c/json-c/wiki;
|
||||
maintainers = with maintainers; [ lovek323 ];
|
||||
platforms = platforms.unix;
|
||||
|
||||
longDescription = ''
|
||||
JSON-C implements a reference counting object model that allows you to
|
||||
easily construct JSON objects in C, output them as JSON formatted strings
|
||||
and parse JSON formatted strings back into the C representation of JSON
|
||||
objects.
|
||||
'';
|
||||
hydraPlatforms = platforms.linux;
|
||||
};
|
||||
}
|
||||
|
18
pkgs/development/libraries/json-c/unused-variable.patch
Normal file
18
pkgs/development/libraries/json-c/unused-variable.patch
Normal file
@ -0,0 +1,18 @@
|
||||
See https://groups.google.com/forum/#!topic/json-c/TYodemkG338
|
||||
diff --git a/json_tokener.c b/json_tokener.c
|
||||
index 19de8ef..32bc8af 100644
|
||||
--- a/json_tokener.c
|
||||
+++ b/json_tokener.c
|
||||
@@ -352,12 +352,10 @@ struct json_object* json_tokener_parse_ex(struct json_tokener *tok,
|
||||
|
||||
case json_tokener_state_inf: /* aka starts with 'i' */
|
||||
{
|
||||
- int size;
|
||||
int size_inf;
|
||||
int is_negative = 0;
|
||||
|
||||
printbuf_memappend_fast(tok->pb, &c, 1);
|
||||
- size = json_min(tok->st_pos+1, json_null_str_len);
|
||||
size_inf = json_min(tok->st_pos+1, json_inf_str_len);
|
||||
char *infbuf = tok->pb->buf;
|
||||
if (*infbuf == '-')
|
@ -1112,7 +1112,9 @@ let
|
||||
*/
|
||||
graphviz_2_0 = callPackage ../tools/graphics/graphviz/2.0.nix { };
|
||||
|
||||
grive = callPackage ../tools/filesystems/grive { };
|
||||
grive = callPackage ../tools/filesystems/grive {
|
||||
json_c = json-c-0-11; # won't configure with 0.12; others are vulnerable
|
||||
};
|
||||
|
||||
groff = callPackage ../tools/text/groff {
|
||||
ghostscript = null;
|
||||
@ -4788,9 +4790,8 @@ let
|
||||
|
||||
json_glib = callPackage ../development/libraries/json-glib { };
|
||||
|
||||
json-c-0-9 = callPackage ../development/libraries/json-c { };
|
||||
json-c-0-11 = callPackage ../development/libraries/json-c/0.11.nix { };
|
||||
json_c = json-c-0-9;
|
||||
json-c-0-11 = callPackage ../development/libraries/json-c/0.11.nix { }; # vulnerable
|
||||
json_c = callPackage ../development/libraries/json-c { };
|
||||
|
||||
jsoncpp = callPackage ../development/libraries/jsoncpp { };
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user