<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/poky.git/meta/recipes-devtools/json-c, branch kirkstone</title>
<subtitle>Mirror of git.yoctoproject.org/poky</subtitle>
<id>https://git.enea.com/cgit/linux/poky.git/atom?h=kirkstone</id>
<link rel='self' href='https://git.enea.com/cgit/linux/poky.git/atom?h=kirkstone'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/'/>
<updated>2023-10-06T01:48:49+00:00</updated>
<entry>
<title>json-c: define CVE_VERSION</title>
<updated>2023-10-06T01:48:49+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2023-09-27T21:05:40+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=25073f9c0e0ca7ecfe8f38bf620147314c0d3ddc'/>
<id>urn:sha1:25073f9c0e0ca7ecfe8f38bf620147314c0d3ddc</id>
<content type='text'>
Recently NVD updated all CVEs for json-c and old fixed
CVE-2020-12762 is reported by cve_check now.
NVD match clause now includes full tag name including
date which is "greater" than tag without additional numbers.

Fix it by defining CVE_VERSION identical to full tag.
Put it close to hash so recipe update patch includes this line.

(From OE-Core rev: 55e9ff0fe1de70f226557529f73c28f34f6956ed)

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>json-c: fix CVE-2021-32292</title>
<updated>2023-09-09T02:09:41+00:00</updated>
<author>
<name>Adrian Freihofer</name>
<email>adrian.freihofer@gmail.com</email>
</author>
<published>2023-08-29T17:00:46+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=d01be5cf8425c2255eeebaa2277c125441785022'/>
<id>urn:sha1:d01be5cf8425c2255eeebaa2277c125441785022</id>
<content type='text'>
This is a read past end of buffer issue in the json_parse test app,
which can happened with malformed json data. It's not an issue with the
library itself. For what ever reason this CVE has a base score of 9.8.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2021-32292

Upstream issue:
https://github.com/json-c/json-c/issues/654

The CVE is fixed with version 0.16 (which is already in all active
branches of poky).

(From OE-Core rev: a7b93651028b55d71b8db53ea831eee7fd539f33)

Signed-off-by: Adrian Freihofer &lt;adrian.freihofer@siemens.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>json-c: Add ptest for json-c</title>
<updated>2023-04-11T10:31:52+00:00</updated>
<author>
<name>Simone Weiss</name>
<email>simone.weiss@elektrobit.com</email>
</author>
<published>2022-08-12T09:39:24+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=34d843dada61f91ddce07bb900f71a145ebe886f'/>
<id>urn:sha1:34d843dada61f91ddce07bb900f71a145ebe886f</id>
<content type='text'>
Adapt json-c recipe to compile and deploy a ptest for json-c.
Also add a small script for executing the tests.
All tests were successful on a trial and took around 20 seconds.

(From OE-Core rev: 7d588d0727d49dcf04d7c3d8a4ec23ca2f6cc56d)

Signed-off-by: Simone Weiß &lt;simone.weiss@elektrobit.com&gt;
Signed-off-by: Kai Tomerius &lt;kai.tomerius@elektrobit.com&gt;
Signed-off-by: Alexandre Belloni &lt;alexandre.belloni@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
(cherry picked from commit 757a5fbdeed58573c40d6e21475cc516aa49fd1c)
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>json-c: correct upstream version check</title>
<updated>2021-10-28T13:16:31+00:00</updated>
<author>
<name>Alexander Kanavin</name>
<email>alex.kanavin@gmail.com</email>
</author>
<published>2021-10-27T09:07:09+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=a72e70f991d2acdd810eb9ef57f3357bff67f5db'/>
<id>urn:sha1:a72e70f991d2acdd810eb9ef57f3357bff67f5db</id>
<content type='text'>
(From OE-Core rev: bbfa8046fc0999a0e4fdeb9a143ca0c80a7b40ec)

Signed-off-by: Alexander Kanavin &lt;alex@linutronix.de&gt;
Signed-off-by: Alexandre Belloni &lt;alexandre.belloni@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>Convert to new override syntax</title>
<updated>2021-08-02T14:44:10+00:00</updated>
<author>
<name>Richard Purdie</name>
<email>richard.purdie@linuxfoundation.org</email>
</author>
<published>2021-07-28T22:28:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=bb6ddc3691ab04162ec5fd69a2d5e7876713fd15'/>
<id>urn:sha1:bb6ddc3691ab04162ec5fd69a2d5e7876713fd15</id>
<content type='text'>
This is the result of automated script conversion:

scripts/contrib/convert-overrides.py &lt;oe-core directory&gt;

converting the metadata to use ":" as the override character instead of "_".

(From OE-Core rev: 42344347be29f0997cc2f7636d9603b1fe1875ae)

Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>json-c: update to 0.15</title>
<updated>2020-07-27T18:58:09+00:00</updated>
<author>
<name>Oleksandr Kravchuk</name>
<email>open.source@oleksandr-kravchuk.com</email>
</author>
<published>2020-07-27T09:00:35+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=7b78e1b4de0421de9f876aeb4ff11d6d017a4b7b'/>
<id>urn:sha1:7b78e1b4de0421de9f876aeb4ff11d6d017a4b7b</id>
<content type='text'>
Remove upstreamed patch.

(From OE-Core rev: 411f47cdcb74109a103166477d606c88db6175ee)

Signed-off-by: Oleksandr Kravchuk &lt;open.source@oleksandr-kravchuk.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>json-c: fix CVE-2020-12762</title>
<updated>2020-07-03T10:38:24+00:00</updated>
<author>
<name>Lee Chee Yang</name>
<email>chee.yang.lee@intel.com</email>
</author>
<published>2020-07-02T08:51:43+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=771122ebeb8b78df7a54d2b576aaef34e7c47bf3'/>
<id>urn:sha1:771122ebeb8b78df7a54d2b576aaef34e7c47bf3</id>
<content type='text'>
(From OE-Core rev: aa88429fdd3554dace7cbfb5a2894b925a99deb4)

Signed-off-by: Lee Chee Yang &lt;chee.yang.lee@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>json-c: update 0.13.1 - &gt; 0.14</title>
<updated>2020-06-04T12:27:31+00:00</updated>
<author>
<name>Alexander Kanavin</name>
<email>alex.kanavin@gmail.com</email>
</author>
<published>2020-05-31T15:52:41+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=3ff9578ec44af9ce68befddbbf512490be9c4024'/>
<id>urn:sha1:3ff9578ec44af9ce68befddbbf512490be9c4024</id>
<content type='text'>
(From OE-Core rev: caf64f85b5c57d886f3c4e5f295b12d93dd6c384)

Signed-off-by: Alexander Kanavin &lt;alex.kanavin@gmail.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>json-c: use GitHub for upstream release checking</title>
<updated>2019-09-27T12:02:17+00:00</updated>
<author>
<name>Ross Burton</name>
<email>ross.burton@intel.com</email>
</author>
<published>2019-09-20T12:03:37+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=ef637c71caf6357f79eb607fcbd92e3ec09f59e5'/>
<id>urn:sha1:ef637c71caf6357f79eb607fcbd92e3ec09f59e5</id>
<content type='text'>
(From OE-Core rev: cce4af642c3c4d94c39a254e969bc6a7f213cab2)

Signed-off-by: Ross Burton &lt;ross.burton@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>json-c: clean up recipe</title>
<updated>2019-09-27T12:02:16+00:00</updated>
<author>
<name>Ross Burton</name>
<email>ross.burton@intel.com</email>
</author>
<published>2019-09-20T11:16:02+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=eaef2d88bfc32a3e34230b7051754ee7f7974864'/>
<id>urn:sha1:eaef2d88bfc32a3e34230b7051754ee7f7974864</id>
<content type='text'>
Tidy the indentation of EXTRA_OECONF.

Remove the deletion of config.status which hasn't been in the tarballs since
0.12.

(From OE-Core rev: 32b0265a594a22ab4c2aa5d5023551f2e8d59b82)

Signed-off-by: Ross Burton &lt;ross.burton@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
</feed>
