diff --git a/configure b/configure
index 7f05720e2fad62200dd1c3b42ef37f0ad98fc65b..70bf5c67e781a74293f25238b311a7f55f4b9f5b 100755
--- a/configure
+++ b/configure
@@ -9325,6 +9325,9 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
+$as_echo "#define HAVE_JANSSON_BUNDLED 1" >>confdefs.h
+
+
fi
diff --git a/include/asterisk/autoconfig.h.in b/include/asterisk/autoconfig.h.in
index 02917413f9713d51a12cd07ec3720b2a02fdeceb..59e1e3d4b6b7daa87bcc1073a719730536d67e99 100644
--- a/include/asterisk/autoconfig.h.in
+++ b/include/asterisk/autoconfig.h.in
@@ -413,6 +413,9 @@
/* Define if your system has the JANSSON libraries. */
#undef HAVE_JANSSON
+/* Define if your system has JANSSON_BUNDLED */
+#undef HAVE_JANSSON_BUNDLED
+
/* Define to 1 if you have the `kevent64' function. */
#undef HAVE_KEVENT64
diff --git a/main/json.c b/main/json.c
index 0bc1bd827770f5b6cd7d8bc39eda6488fa41e774..9a94767c23a19f5770fc2bc51f025146e096c671 100644
--- a/main/json.c
+++ b/main/json.c
@@ -292,16 +292,25 @@ struct ast_json *ast_json_stringf(const char *format, ...)
struct ast_json *ast_json_vstringf(const char *format, va_list args)
{
- char *str = NULL;
json_t *ret = NULL;
if (format) {
+ /* json_pack was not introduced until jansson-2.0 so Asterisk could never
+ * be compiled against older versions. The version check can never match
+ * anything older than 2.12. */
+#if defined(HAVE_JANSSON_BUNDLED) || JANSSON_MAJOR_VERSION > 2 || JANSSON_MINOR_VERSION > 11
+ ret = json_vsprintf(format, args);
+#else
+ char *str = NULL;
int err = ast_vasprintf(&str, format, args);
+
if (err >= 0) {
ret = json_string(str);
ast_free(str);
}
+#endif
}
+
return (struct ast_json *)ret;
}
diff --git a/third-party/jansson/configure.m4 b/third-party/jansson/configure.m4
index ec34076253330fffeb46283387c80aa781414c54..9b10cad2ce4508380bbe3af12dc7a7d7cd1d1f98 100644
--- a/third-party/jansson/configure.m4
+++ b/third-party/jansson/configure.m4
@@ -82,6 +82,7 @@ AC_DEFUN([_JANSSON_CONFIGURE],
AC_SUBST([JANSSON_LIB])
AC_SUBST([JANSSON_INCLUDE])
AC_MSG_RESULT(yes)
+ AC_DEFINE([HAVE_JANSSON_BUNDLED], 1, [Define if your system has JANSSON_BUNDLED])
])
AC_DEFUN([JANSSON_CONFIGURE],
diff --git a/third-party/jansson/patches/0022-Avoid-invalid-memory-read-in-json_pack.patch b/third-party/jansson/patches/0022-Avoid-invalid-memory-read-in-json_pack.patch
new file mode 100644
index 0000000000000000000000000000000000000000..2e8f746bb9e434389d1bb7386c4307d500d6a65b
--- /dev/null
+++ b/third-party/jansson/patches/0022-Avoid-invalid-memory-read-in-json_pack.patch
@@ -0,0 +1,38 @@
+From aed855e6920923898b94a1b922fbace27a34ddf2 Mon Sep 17 00:00:00 2001
+From: Petri Lehtinen <petri@digip.org>
+Date: Mon, 9 Jul 2018 22:26:35 +0300
+Subject: [PATCH 22/29] Avoid invalid memory read in json_pack()
+
+Initial patch by @bharjoc-bitdefender
+
+Fixes #421
+---
+ src/pack_unpack.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/pack_unpack.c b/src/pack_unpack.c
+index 6461c06..b842772 100644
+--- a/src/pack_unpack.c
++++ b/src/pack_unpack.c
+@@ -75,6 +75,9 @@ static void next_token(scanner_t *s)
+ return;
+ }
+
++ if (!token(s) && !*s->fmt)
++ return;
++
+ t = s->fmt;
+ s->column++;
+ s->pos++;
+@@ -97,7 +100,7 @@ static void next_token(scanner_t *s)
+ s->token.column = s->column;
+ s->token.pos = s->pos;
+
+- t++;
++ if (*t) t++;
+ s->fmt = t;
+ }
+
+--
+2.17.1
+
diff --git a/third-party/jansson/patches/0025-Call-va_end-after-va_copy-in-json_vsprintf.patch b/third-party/jansson/patches/0025-Call-va_end-after-va_copy-in-json_vsprintf.patch
new file mode 100644
index 0000000000000000000000000000000000000000..a56c03c3d4b55295817cbcb087db2bd5378ce7cd
--- /dev/null
+++ b/third-party/jansson/patches/0025-Call-va_end-after-va_copy-in-json_vsprintf.patch
@@ -0,0 +1,64 @@
+From 66e4ee795d21a30118f8503c966e9f9ae87db315 Mon Sep 17 00:00:00 2001
+From: Xin Long <lucien.xin@gmail.com>
+Date: Wed, 25 Jul 2018 17:39:33 +0800
+Subject: [PATCH 25/29] Call va_end after va_copy in json_vsprintf
+
+As said in man doc:
+ "Each invocation of va_copy() must be matched by a corresponding
+ invocation of va_end() in the same function."
+
+va_copy may alloc memory in some system, it's necessay to free it by
+va_end.
+
+Fixes: efe6c7b3f2b3 ("Add json_sprintf and json_vsprintf")
+Signed-off-by: Xin Long <lucien.xin@gmail.com>
+---
+ src/value.c | 17 ++++++++++++-----
+ 1 file changed, 12 insertions(+), 5 deletions(-)
+
+diff --git a/src/value.c b/src/value.c
+index 29a978c..861dce8 100644
+--- a/src/value.c
++++ b/src/value.c
+@@ -781,26 +781,33 @@ static json_t *json_string_copy(const json_t *string)
+ }
+
+ json_t *json_vsprintf(const char *fmt, va_list ap) {
++ json_t *json = NULL;
+ int length;
+ char *buf;
+ va_list aq;
+ va_copy(aq, ap);
+
+ length = vsnprintf(NULL, 0, fmt, ap);
+- if (length == 0)
+- return json_string("");
++ if (length == 0) {
++ json = json_string("");
++ goto out;
++ }
+
+ buf = jsonp_malloc(length + 1);
+ if (!buf)
+- return NULL;
++ goto out;
+
+ vsnprintf(buf, length + 1, fmt, aq);
+ if (!utf8_check_string(buf, length)) {
+ jsonp_free(buf);
+- return NULL;
++ goto out;
+ }
+
+- return jsonp_stringn_nocheck_own(buf, length);
++ json = jsonp_stringn_nocheck_own(buf, length);
++
++out:
++ va_end(aq);
++ return json;
+ }
+
+ json_t *json_sprintf(const char *fmt, ...) {
+--
+2.17.1
+
diff --git a/third-party/jansson/patches/0027-Rename-a-varialble-that-shadows-another-one.patch b/third-party/jansson/patches/0027-Rename-a-varialble-that-shadows-another-one.patch
new file mode 100644
index 0000000000000000000000000000000000000000..fc4ce07e489faa44ea510e8e8e45fec11d83ee3e
--- /dev/null
+++ b/third-party/jansson/patches/0027-Rename-a-varialble-that-shadows-another-one.patch
@@ -0,0 +1,56 @@
+From 020cc26b5cb147ae3569a3f7d314d3900b4bbc0b Mon Sep 17 00:00:00 2001
+From: Petri Lehtinen <petri@digip.org>
+Date: Sun, 12 Aug 2018 18:25:51 +0300
+Subject: [PATCH 27/29] Rename a varialble that shadows another one
+
+configure.ac changes are removed for bundled jansson.
+
+Fixes #430
+---
+ configure.ac | 2 +-
+ src/dump.c | 8 ++++----
+ 2 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/src/dump.c b/src/dump.c
+index 8e725c9..4a64aa4 100644
+--- a/src/dump.c
++++ b/src/dump.c
+@@ -306,7 +306,7 @@ static int do_dump(const json_t *json, size_t flags, int depth,
+ const char *separator;
+ int separator_length;
+ /* Space for "0x", double the sizeof a pointer for the hex and a terminator. */
+- char key[2 + (sizeof(json) * 2) + 1];
++ char loop_key[2 + (sizeof(json) * 2) + 1];
+
+ if(flags & JSON_COMPACT) {
+ separator = ":";
+@@ -318,7 +318,7 @@ static int do_dump(const json_t *json, size_t flags, int depth,
+ }
+
+ /* detect circular references */
+- if (loop_check(parents, json, key, sizeof(key)))
++ if (loop_check(parents, json, loop_key, sizeof(loop_key)))
+ return -1;
+
+ iter = json_object_iter((json_t *)json);
+@@ -326,7 +326,7 @@ static int do_dump(const json_t *json, size_t flags, int depth,
+ if(!embed && dump("{", 1, data))
+ return -1;
+ if(!iter) {
+- hashtable_del(parents, key);
++ hashtable_del(parents, loop_key);
+ return embed ? 0 : dump("}", 1, data);
+ }
+ if(dump_indent(flags, depth + 1, 0, dump, data))
+@@ -422,7 +422,7 @@ static int do_dump(const json_t *json, size_t flags, int depth,
+ }
+ }
+
+- hashtable_del(parents, key);
++ hashtable_del(parents, loop_key);
+ return embed ? 0 : dump("}", 1, data);
+ }
+
+--
+2.17.1
+