From e4621de9ac0214b8af67e2ce35a09b35355f88a7 Mon Sep 17 00:00:00 2001
From: Funda Wang <fundawang@yeah.net>
Date: Mon, 4 Nov 2024 20:02:27 +0800
Subject: [PATCH 1/3] adopt to new cmake macro

---
 yajl.spec | 46 +++++++++++++++++++++-------------------------
 yajl.yaml |  2 +-
 2 files changed, 22 insertions(+), 26 deletions(-)

diff --git a/yajl.spec b/yajl.spec
index 6f12232..48e3571 100644
--- a/yajl.spec
+++ b/yajl.spec
@@ -1,6 +1,9 @@
+%undefine __cmake_in_source_build
+%global _vpath_builddir build
+
 Name:           yajl
 Version:        2.1.0
-Release:        20
+Release:        21
 Summary:        Yet Another JSON Library
 License:        ISC
 URL:            https://github.com/lloyd/yajl
@@ -16,7 +19,8 @@ Patch7:         0007-add-cmake-option-for-test-and-binary.patch
 Patch8:         backport-CVE-2022-24795.patch
 Patch9:         yajl-assert-error-when-memory-allocation-failed.patch
 
-BuildRequires:  cmake gcc
+BuildRequires:  gcc
+BuildRequires:  cmake >= 3.4
 
 %description
 yajl is a small event-driven JSON parser written in ANSI C, and a small
@@ -25,6 +29,7 @@ validating JSON generator.
 %package        devel
 Summary:        Development files for %{name}
 Requires:       %{name} = %{version}-%{release}
+Conflicts:      yajl < 2.1.0-21
 
 %description    devel
 This package provides the libraries and includes
@@ -34,43 +39,34 @@ necessary for developing against the yajl library.
 %autosetup -n %{name}-%{version} -p1
 
 %build
-mkdir build
-cd build
-%cmake ..
-%make_build VERBOSE=1
+%cmake
+%cmake_build
 
 %install
-rm -rf $RPM_BUILD_ROOT
-cd build
-%make_install
+%cmake_install
 
 %check
-cd test/parsing
-./run_tests.sh
-cd ../api
-./run_tests.sh
+cd test
+(cd parsing && ./run_tests.sh)
+(cd api && ./run_tests.sh)
 
 %files
-%defattr(-,root,root)
-%doc COPYING README ChangeLog TODO
+%license COPYING
+%doc README ChangeLog TODO
 %{_bindir}/json_reformat
 %{_bindir}/json_verify
-
 %{_libdir}/libyajl.so.*
-%{_libdir}/libyajl.so
 
 %files devel
-%dir %{_includedir}/yajl
-%{_includedir}/yajl/yajl_common.h
-%{_includedir}/yajl/yajl_gen.h
-%{_includedir}/yajl/yajl_parse.h
-%{_includedir}/yajl/yajl_tree.h
-%{_includedir}/yajl/yajl_version.h
-
-%{_libdir}/pkgconfig/yajl.pc
+%{_includedir}/yajl
+%{_libdir}/libyajl.so
 %{_libdir}/libyajl_s.a
+%{_libdir}/pkgconfig/yajl.pc
 
 %changelog
+* Mon Nov 04 2024 Funda Wang <fundawang@yeah.net> - 2.1.0-21
+- adopt to new cmake macro
+
 * Wed Nov 16 2022 fuanan <fuanan3@h-partners.com> - 2.1.0-20
 - Modify Source0
 
diff --git a/yajl.yaml b/yajl.yaml
index ec970a3..0d9180b 100644
--- a/yajl.yaml
+++ b/yajl.yaml
@@ -1,4 +1,4 @@
 version_control: github
 src_repo: "lloyd/yajl"
 tag_prefix:
-seperator:
+sparator:
-- 
Gitee


From 5dd51736879bee3a2e3c5e59d965d2dcbe4b1d0e Mon Sep 17 00:00:00 2001
From: fly_fzc <2385803914@qq.com>
Date: Fri, 13 Dec 2024 15:42:49 +0800
Subject: [PATCH 2/3] fix test failure

---
 yajl.spec | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/yajl.spec b/yajl.spec
index 48e3571..1815920 100644
--- a/yajl.spec
+++ b/yajl.spec
@@ -3,7 +3,7 @@
 
 Name:           yajl
 Version:        2.1.0
-Release:        21
+Release:        22
 Summary:        Yet Another JSON Library
 License:        ISC
 URL:            https://github.com/lloyd/yajl
@@ -46,9 +46,11 @@ necessary for developing against the yajl library.
 %cmake_install
 
 %check
-cd test
-(cd parsing && ./run_tests.sh)
-(cd api && ./run_tests.sh)
+#cd test
+#(cd parsing && ./run_tests.sh)
+#(cd api && ./run_tests.sh)
+#Run the 'make test' command to execute the test case temporarily
+%make_build test
 
 %files
 %license COPYING
@@ -64,6 +66,9 @@ cd test
 %{_libdir}/pkgconfig/yajl.pc
 
 %changelog
+* Fri Dec 13 2024 fuanan <fuanan3@h-partners.com> - 2.1.0-22
+- fix test failure
+
 * Mon Nov 04 2024 Funda Wang <fundawang@yeah.net> - 2.1.0-21
 - adopt to new cmake macro
 
-- 
Gitee


From 52be9bc8511c2638d71b7c0024e1c7a0e944b033 Mon Sep 17 00:00:00 2001
From: Filpped <pennycng@outlook.com>
Date: Tue, 14 Jan 2025 14:42:29 +0800
Subject: [PATCH 3/3] fix CVE-2017-16516

---
 backport-Fix-for-CVE-2017-16516.patch | 43 +++++++++++++++++++++++++++
 yajl.spec                             |  6 +++-
 2 files changed, 48 insertions(+), 1 deletion(-)
 create mode 100644 backport-Fix-for-CVE-2017-16516.patch

diff --git a/backport-Fix-for-CVE-2017-16516.patch b/backport-Fix-for-CVE-2017-16516.patch
new file mode 100644
index 0000000..7d48816
--- /dev/null
+++ b/backport-Fix-for-CVE-2017-16516.patch
@@ -0,0 +1,43 @@
+From 0b5e73c4321de0ba1d495fdc0967054b2a77931c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Mon, 10 Jul 2023 13:36:10 +0100
+Subject: [PATCH 5/8] Fix for CVE-2017-16516
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Description: Fix for CVE-2017-16516
+ Potential buffer overread: A JSON file can cause denial of service.
+Origin: https://github.com/brianmario/yajl-ruby/commit/a8ca8f476655adaa187eedc60bdc770fff3c51ce
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040036
+Bug: https://github.com/lloyd/yajl/issues/248
+
+Patch taken from Debian package source
+
+NB, Fedora code can't trigger the reported aborts since it passes the
+-DNDEBUG flag, but pulling the fix for robustness in case a future
+change enables the assert()s.
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ src/yajl_encode.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/yajl_encode.c b/src/yajl_encode.c
+index fd08258..0d97cc5 100644
+--- a/src/yajl_encode.c
++++ b/src/yajl_encode.c
+@@ -139,8 +139,8 @@ void yajl_string_decode(yajl_buf buf, const unsigned char * str,
+                     end+=3;
+                     /* check if this is a surrogate */
+                     if ((codepoint & 0xFC00) == 0xD800) {
+-                        end++;
+-                        if (str[end] == '\\' && str[end + 1] == 'u') {
++                        if (end + 2 < len && str[end + 1] == '\\' && str[end + 2] == 'u') {
++                            end++;
+                             unsigned int surrogate = 0;
+                             hexToDigit(&surrogate, str + end + 2);
+                             codepoint =
+-- 
+2.41.0
+
diff --git a/yajl.spec b/yajl.spec
index 1815920..9350d9e 100644
--- a/yajl.spec
+++ b/yajl.spec
@@ -3,7 +3,7 @@
 
 Name:           yajl
 Version:        2.1.0
-Release:        22
+Release:        23
 Summary:        Yet Another JSON Library
 License:        ISC
 URL:            https://github.com/lloyd/yajl
@@ -18,6 +18,7 @@ Patch6:         0006-fix-memory-leak-of-ctx-root.patch
 Patch7:         0007-add-cmake-option-for-test-and-binary.patch
 Patch8:         backport-CVE-2022-24795.patch
 Patch9:         yajl-assert-error-when-memory-allocation-failed.patch
+Patch10:         backport-Fix-for-CVE-2017-16516.patch
 
 BuildRequires:  gcc
 BuildRequires:  cmake >= 3.4
@@ -66,6 +67,9 @@ necessary for developing against the yajl library.
 %{_libdir}/pkgconfig/yajl.pc
 
 %changelog
+* Tue Jan 14 2025 pengjian <pengjian23@mails.ucas.ac.cn> - 2.1.0-23
+- fix CVE-2017-16516
+
 * Fri Dec 13 2024 fuanan <fuanan3@h-partners.com> - 2.1.0-22
 - fix test failure
 
-- 
Gitee