Patch to address the following issues:

* CVE-2013-6371: hash collision denial of service
* CVE-2013-6370: buffer overflow if size_t is larger than int

json_tokener.h

@@ -33,7 +33,8 @@ enum json_tokener_error {
   json_tokener_error_parse_object_key_sep,
   json_tokener_error_parse_object_value_sep,
   json_tokener_error_parse_string,
-  json_tokener_error_parse_comment
+  json_tokener_error_parse_comment,
+  json_tokener_error_size
 };
 
 enum json_tokener_state {
@@ -163,6 +164,11 @@ extern void json_tokener_set_flags(struct json_tokener *tok, int flags);
  * responsible for calling json_tokener_parse_ex with an appropriate str
  * parameter starting with the extra characters.
  *
+ * This interface is presently not 64-bit clean due to the int len argument
+ * so the function limits the maximum string size to INT32_MAX (2GB).
+ * If the function is called with len == -1 then strlen is called to check
+ * the string length is less than INT32_MAX (2GB)
+ *
  * Example:
  * @code
 json_object *jobj = NULL;