summaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-devtools
diff options
context:
space:
mode:
authorPraveen Kumar <praveen.kumar@windriver.com>2025-10-24 17:25:09 +0530
committerAnuj Mittal <anuj.mittal@intel.com>2025-10-30 15:12:09 +0800
commit30f6c5ae79407dbbe82f0992c355bd0f9b69a2ad (patch)
treee88a54f68e7e97cc2da8e44e1b55682f8568041b /meta-oe/recipes-devtools
parent62b9edf47be6b70d77ac6a662cedc9dbbb96e550 (diff)
downloadmeta-openembedded-30f6c5ae79407dbbe82f0992c355bd0f9b69a2ad.tar.gz
cjson: upgrade 1.7.18 -> 1.7.19
This includes CVE-fix for CVE-2023-26819. Removed CVE-2025-57052, as the issue was already resolved in v1.7.19. Changelog: ========== https://github.com/DaveGamble/cJSON/blob/master/CHANGELOG.md Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Diffstat (limited to 'meta-oe/recipes-devtools')
-rw-r--r--meta-oe/recipes-devtools/cjson/cjson/CVE-2025-57052.patch33
-rw-r--r--meta-oe/recipes-devtools/cjson/cjson_1.7.19.bb (renamed from meta-oe/recipes-devtools/cjson/cjson_1.7.18.bb)3
2 files changed, 1 insertions, 35 deletions
diff --git a/meta-oe/recipes-devtools/cjson/cjson/CVE-2025-57052.patch b/meta-oe/recipes-devtools/cjson/cjson/CVE-2025-57052.patch
deleted file mode 100644
index ed3d4a7eba..0000000000
--- a/meta-oe/recipes-devtools/cjson/cjson/CVE-2025-57052.patch
+++ /dev/null
@@ -1,33 +0,0 @@
1From e53a1413304382d562176bed91609e00b4fcf87e Mon Sep 17 00:00:00 2001
2From: Lee <peteralfredlee@gmail.com>
3Date: Fri, 5 Sep 2025 14:53:20 +0800
4Subject: [PATCH] fix the incorrect check in decode_array_index_from_pointer
5 (#957)
6
7this fixes CVE-2025-57052
8
9CVE: CVE-2025-57052
10Upstream-Status: Backport [https://github.com/DaveGamble/cJSON/commit/74e1ff4994aa]
11
12(cherry picked from commit 74e1ff4994aa4139126967f6d289b675b4b36fef)
13Signed-off-by: Shubham Pushpkar <spushpka@cisco.com>
14---
15 cJSON_Utils.c | 2 +-
16 1 file changed, 1 insertion(+), 1 deletion(-)
17
18diff --git a/cJSON_Utils.c b/cJSON_Utils.c
19index 63651df..8fa24f8 100644
20--- a/cJSON_Utils.c
21+++ b/cJSON_Utils.c
22@@ -282,7 +282,7 @@ static cJSON_bool decode_array_index_from_pointer(const unsigned char * const po
23 return 0;
24 }
25
26- for (position = 0; (pointer[position] >= '0') && (pointer[0] <= '9'); position++)
27+ for (position = 0; (pointer[position] >= '0') && (pointer[position] <= '9'); position++)
28 {
29 parsed_index = (10 * parsed_index) + (size_t)(pointer[position] - '0');
30
31--
322.44.1
33
diff --git a/meta-oe/recipes-devtools/cjson/cjson_1.7.18.bb b/meta-oe/recipes-devtools/cjson/cjson_1.7.19.bb
index 67d536cf24..799eb119d6 100644
--- a/meta-oe/recipes-devtools/cjson/cjson_1.7.18.bb
+++ b/meta-oe/recipes-devtools/cjson/cjson_1.7.19.bb
@@ -6,9 +6,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=218947f77e8cb8e2fa02918dc41c50d0"
6 6
7SRC_URI = "git://github.com/DaveGamble/cJSON.git;branch=master;protocol=https \ 7SRC_URI = "git://github.com/DaveGamble/cJSON.git;branch=master;protocol=https \
8 file://run-ptest \ 8 file://run-ptest \
9 file://CVE-2025-57052.patch \
10 " 9 "
11SRCREV = "acc76239bee01d8e9c858ae2cab296704e52d916" 10SRCREV = "c859b25da02955fef659d658b8f324b5cde87be3"
12 11
13S = "${WORKDIR}/git" 12S = "${WORKDIR}/git"
14 13