packages/cjson
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
cjson/cjson.spec
Zhao Mengmeng 1243399bf7 Set free'd pointers to NULL whenever they are not reassigned 
Backport from upstream:
542fb0eadd

A double free vulnerability was discovered in cJSON_Delete function through
fuzzing. Fix it by set pointers to NULL immediately after they are deallocated.

Links: https://github.com/DaveGamble/cJSON/issues/833

Signed-off-by: Zhao Mengmeng <zhaomengmeng@kylinos.cn>
2024-05-29 14:45:05 +08:00

91 lines
2.6 KiB
RPMSpec
Raw Blame History

Name: cjson
Version: 1.7.15
Release: 9
Summary: Ultralightweight JSON parser in ANSI C
License: MIT and ASL 2.0
URL: https://github.com/DaveGamble/cJSON
Source0: https://github.com/DaveGamble/cJSON/archive/refs/tags/v1.7.15.tar.gz
Patch0001: backport-CVE-2023-50471_50472.patch
Patch0002: backport-fix-potential-memory-leak-in-merge_patch.patch
Patch0003: CVE-2024-31755.patch
Patch0004: Fix-a-null-pointer-crash-in-cJSON_ReplaceItemViaPoin.patch
Patch0005: backport-fix-add-allocate-check-for-replace_item_in_object-67.patch
Patch0006: backport-fix-print-int-without-decimal-places-630.patch
Patch0007: backport-Add-test-for-heap-buffer-overflow.patch
Patch0008: backport-Fix-heap-buffer-overflow.patch
Patch0009: backport-Set-free-d-pointers-to-NULL-whenever-they-are-not-re.patch
BuildRequires: gcc
BuildRequires: cmake
%description
cJSON aims to be the dumbest possible parser that you can get your job
done with. It's a single file of C, and a single header file.
%package devel
Summary: Development files for cJSON
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: pkgconfig
%description devel
The cjson-devel package contains libraries and header files for
developing applications that use cJSON.
%prep
%autosetup -n cJSON-%{version} -p1
%build
%cmake
%make_build
%install
%make_install
rm -f %{buildroot}%{_libdir}/*.{la,a}
rm -f %{buildroot}%{_libdir}/cmake/cJSON/*.cmake
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%files
%license LICENSE
%doc README.md
%{_libdir}/libcjson*.so.*
%files devel
%doc CHANGELOG.md CONTRIBUTORS.md
%{_libdir}/libcjson.so
%{_libdir}/pkgconfig/libcjson.pc
%{_includedir}/cjson/
%changelog
* Wed May 29 2024 Zhao Mengmeng <zhaomengmeng@kylinos.cn> - 1.7.15-9
- Set free'd pointers to NULL to avoid double free
* Wed May 22 2024 xiejing <xiejing@kylinos.cn> - 1.7.15-8
- Fix heap buffer overflow
* Fri May 10 2024 wuzhaomin <wuzhaomin@kylinos.cn> - 1.7.15-7
- Fix print int without decimal places
* Wed May 8 2024 wuzhaomin <wuzhaomin@kylinos.cn> - 1.7.15-6
- add allocate check for replace_item_in_object
* Tue May 07 2024 xiaozai <xiaozai@kylinos.cn> - 1.7.15-5
- Fix a null pointer crash in cJSON_ReplaceItemViaPointer
* Fri Apr 26 2024 lvfei <lvfei@kylinos.cn> - 1.7.15-4
- fix CVE-2024-31755
* Tue Mar 05 2024 xiejing <xiejing@kylinos.cn> - 1.7.15-3
- fix potential memory leak in merge_patch()
* Sun Dec 24 2023 liningjie <liningjie@xfusion.com> - 1.7.15-2
- Fix CVE-2023-50471 CVE-2023-50472
* Thu Sep 23 2021 jiangxinyu <jiangxinyu@kylinos.cn> - 1.7.15-1
- Package Init
Reference in New Issue View Git Blame Copy Permalink