From 8e6bee4c20c8097e24d33c902872537eb725c7d9 Mon Sep 17 00:00:00 2001 From: Wang Mingyu Date: Thu, 15 Aug 2024 19:09:54 +0200 Subject: cjson: upgrade 1.7.17 -> 1.7.18 Changelog: ============ * Add NULL check to cJSON_SetValuestring()(CVE-2024-31755) * Remove non-functional list handling of compiler flags * Fix heap buffer overflow * remove misused optimization flag -01 * Set free'd pointers to NULL whenever they are not reassigned immediately after Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj (From meta-openembedded rev: 535822eff7647b6363225bb8f04d2d7d59a71204) Signed-off-by: Peter Marko Signed-off-by: Armin Kuster --- meta-oe/recipes-devtools/cjson/cjson_1.7.17.bb | 45 -------------------------- meta-oe/recipes-devtools/cjson/cjson_1.7.18.bb | 45 ++++++++++++++++++++++++++ 2 files changed, 45 insertions(+), 45 deletions(-) delete mode 100644 meta-oe/recipes-devtools/cjson/cjson_1.7.17.bb create mode 100644 meta-oe/recipes-devtools/cjson/cjson_1.7.18.bb diff --git a/meta-oe/recipes-devtools/cjson/cjson_1.7.17.bb b/meta-oe/recipes-devtools/cjson/cjson_1.7.17.bb deleted file mode 100644 index ea74f1d680..0000000000 --- a/meta-oe/recipes-devtools/cjson/cjson_1.7.17.bb +++ /dev/null @@ -1,45 +0,0 @@ -DESCRIPTION = "Ultralightweight JSON parser in ANSI C" -HOMEPAGE = "https://github.com/DaveGamble/cJSON" -SECTION = "libs" -LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://LICENSE;md5=218947f77e8cb8e2fa02918dc41c50d0" - -SRC_URI = "git://github.com/DaveGamble/cJSON.git;branch=master;protocol=https \ - file://run-ptest \ - " -SRCREV = "87d8f0961a01bf09bef98ff89bae9fdec42181ee" - -S = "${WORKDIR}/git" - -inherit cmake pkgconfig ptest - -RDEPENDS:${PN}-ptest += "cmake" - -do_install_ptest() { - # create directories - install -d ${D}${PTEST_PATH} ${D}${PTEST_PATH}/tests ${D}${PTEST_PATH}/fuzzing - install -d ${D}${PTEST_PATH}/tests/inputs ${D}${PTEST_PATH}/tests/json-patch-tests - # CTestTestfiles.cmake contain fully defined path generated by cmake. - # Change the fully defined path to ptest path on the target - sed s#${B}#${PTEST_PATH}# ${B}/CTestTestfile.cmake > ${D}${PTEST_PATH}/CTestTestfile.cmake - sed s#${B}#${PTEST_PATH}# ${B}/tests/CTestTestfile.cmake > ${D}${PTEST_PATH}/tests/CTestTestfile.cmake - sed s#${B}#${PTEST_PATH}# ${B}/fuzzing/CTestTestfile.cmake > ${D}${PTEST_PATH}/fuzzing/CTestTestfile.cmake - # The cmake files also contain full paths to original CMakeLists.txt file in _BACKTRACE_TRIPLES property; - # these are not needed for successful ptests as we don't install the CMakeLists.txt files anyway. - sed -i s#${S}#${PTEST_PATH}#g ${D}${PTEST_PATH}/CTestTestfile.cmake - sed -i s#${S}#${PTEST_PATH}#g ${D}${PTEST_PATH}/tests/CTestTestfile.cmake - sed -i s#${S}#${PTEST_PATH}#g ${D}${PTEST_PATH}/fuzzing/CTestTestfile.cmake - # install test artifacts - install ${B}/cJSON_test ${D}${PTEST_PATH} - install ${B}/tests/cjson_add ${B}/tests/*_tests ${B}/tests/parse_* ${B}/tests/print_* ${B}/tests/readme_examples ${D}${PTEST_PATH}/tests/ - install ${B}/tests/inputs/* ${D}${PTEST_PATH}/tests/inputs - install ${B}/fuzzing/fuzz_main ${D}${PTEST_PATH}/fuzzing -} - -EXTRA_OECMAKE += "\ - -DENABLE_CJSON_UTILS=On \ - -DENABLE_CUSTOM_COMPILER_FLAGS=OFF \ - -DBUILD_SHARED_AND_STATIC_LIBS=On \ -" - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta-oe/recipes-devtools/cjson/cjson_1.7.18.bb b/meta-oe/recipes-devtools/cjson/cjson_1.7.18.bb new file mode 100644 index 0000000000..bdeab3055c --- /dev/null +++ b/meta-oe/recipes-devtools/cjson/cjson_1.7.18.bb @@ -0,0 +1,45 @@ +DESCRIPTION = "Ultralightweight JSON parser in ANSI C" +HOMEPAGE = "https://github.com/DaveGamble/cJSON" +SECTION = "libs" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://LICENSE;md5=218947f77e8cb8e2fa02918dc41c50d0" + +SRC_URI = "git://github.com/DaveGamble/cJSON.git;branch=master;protocol=https \ + file://run-ptest \ + " +SRCREV = "acc76239bee01d8e9c858ae2cab296704e52d916" + +S = "${WORKDIR}/git" + +inherit cmake pkgconfig ptest + +RDEPENDS:${PN}-ptest += "cmake" + +do_install_ptest() { + # create directories + install -d ${D}${PTEST_PATH} ${D}${PTEST_PATH}/tests ${D}${PTEST_PATH}/fuzzing + install -d ${D}${PTEST_PATH}/tests/inputs ${D}${PTEST_PATH}/tests/json-patch-tests + # CTestTestfiles.cmake contain fully defined path generated by cmake. + # Change the fully defined path to ptest path on the target + sed s#${B}#${PTEST_PATH}# ${B}/CTestTestfile.cmake > ${D}${PTEST_PATH}/CTestTestfile.cmake + sed s#${B}#${PTEST_PATH}# ${B}/tests/CTestTestfile.cmake > ${D}${PTEST_PATH}/tests/CTestTestfile.cmake + sed s#${B}#${PTEST_PATH}# ${B}/fuzzing/CTestTestfile.cmake > ${D}${PTEST_PATH}/fuzzing/CTestTestfile.cmake + # The cmake files also contain full paths to original CMakeLists.txt file in _BACKTRACE_TRIPLES property; + # these are not needed for successful ptests as we don't install the CMakeLists.txt files anyway. + sed -i s#${S}#${PTEST_PATH}#g ${D}${PTEST_PATH}/CTestTestfile.cmake + sed -i s#${S}#${PTEST_PATH}#g ${D}${PTEST_PATH}/tests/CTestTestfile.cmake + sed -i s#${S}#${PTEST_PATH}#g ${D}${PTEST_PATH}/fuzzing/CTestTestfile.cmake + # install test artifacts + install ${B}/cJSON_test ${D}${PTEST_PATH} + install ${B}/tests/cjson_add ${B}/tests/*_tests ${B}/tests/parse_* ${B}/tests/print_* ${B}/tests/readme_examples ${D}${PTEST_PATH}/tests/ + install ${B}/tests/inputs/* ${D}${PTEST_PATH}/tests/inputs + install ${B}/fuzzing/fuzz_main ${D}${PTEST_PATH}/fuzzing +} + +EXTRA_OECMAKE += "\ + -DENABLE_CJSON_UTILS=On \ + -DENABLE_CUSTOM_COMPILER_FLAGS=OFF \ + -DBUILD_SHARED_AND_STATIC_LIBS=On \ +" + +BBCLASSEXTEND = "native nativesdk" -- cgit v1.2.3-54-g00ecf