Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libyajl for openSUSE:Factory checked in at 2022-08-14 15:55:22 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libyajl (Old) and /work/SRC/openSUSE:Factory/.libyajl.new.1521 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libyajl" Sun Aug 14 15:55:22 2022 rev:24 rq:994725 version:2.1.0 Changes: -------- --- /work/SRC/openSUSE:Factory/libyajl/libyajl.changes 2019-09-05 12:03:32.603928766 +0200 +++ /work/SRC/openSUSE:Factory/.libyajl.new.1521/libyajl.changes 2022-08-14 15:55:29.611749930 +0200 @@ -1,0 +2,5 @@ +Fri May 13 10:24:20 UTC 2022 - Jacek Tomasiak <jtomas...@suse.com> + +- add libyajl-CVE-2022-24795.patch (CVE-2022-24795, bsc#1198405) + +------------------------------------------------------------------- New: ---- libyajl-CVE-2022-24795.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libyajl.spec ++++++ --- /var/tmp/diff_new_pack.K4UMvF/_old 2022-08-14 15:55:30.079750924 +0200 +++ /var/tmp/diff_new_pack.K4UMvF/_new 2022-08-14 15:55:30.083750933 +0200 @@ -1,7 +1,7 @@ # # spec file for package libyajl # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -23,7 +23,7 @@ Summary: Yet Another JSON Library License: ISC Group: System/Libraries -Url: http://lloyd.github.com/yajl/ +URL: http://lloyd.github.com/yajl/ Source0: https://github.com/lloyd/yajl/archive/%{version}.tar.gz Source1: baselibs.conf Source2: json_reformat.1 @@ -32,6 +32,7 @@ Patch1: libyajl-optflags.patch Patch2: libyajl-lib_suffix.patch Patch3: libyajl-pkgconfig.patch +Patch4: libyajl-CVE-2022-24795.patch BuildRequires: bison BuildRequires: cmake BuildRequires: doxygen ++++++ libyajl-CVE-2022-24795.patch ++++++ >From d3a528c788ba9e531fab91db41d3a833c54da325 Mon Sep 17 00:00:00 2001 From: Jacek Tomasiak <jacek.tomas...@gmail.com> Date: Thu, 12 May 2022 13:02:47 +0200 Subject: [PATCH] Fix CVE-2022-24795 (from brianmario/yajl-ruby) The buffer reallocation could cause heap corruption because of `need` overflow for large inputs. In addition, there's a possible infinite loop in case `need` reaches zero. The fix is to `abort()` if the loop ends with lower value of `need` than when it started. --- src/yajl_buf.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) Index: yajl-2.1.0/src/yajl_buf.c =================================================================== --- yajl-2.1.0.orig/src/yajl_buf.c +++ yajl-2.1.0/src/yajl_buf.c @@ -45,7 +45,15 @@ void yajl_buf_ensure_available(yajl_buf need = buf->len; - while (want >= (need - buf->used)) need <<= 1; + while (need > 0 && want >= (need - buf->used)) { + /* this eventually "overflows" to zero */ + need <<= 1; + } + + /* overflow */ + if (need < buf->len) { + abort(); + } if (need != buf->len) { buf->data = (unsigned char *) YA_REALLOC(buf->alloc, buf->data, need);
