Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package cJSON for openSUSE:Factory checked
in at 2023-12-28 22:54:57
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/cJSON (Old)
and /work/SRC/openSUSE:Factory/.cJSON.new.28375 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cJSON"
Thu Dec 28 22:54:57 2023 rev:5 rq:1135432 version:1.7.17
Changes:
--------
--- /work/SRC/openSUSE:Factory/cJSON/cJSON.changes 2023-07-18
21:55:08.638635012 +0200
+++ /work/SRC/openSUSE:Factory/.cJSON.new.28375/cJSON.changes 2023-12-28
22:55:03.516398473 +0100
@@ -1,0 +2,8 @@
+Tue Dec 26 09:29:11 UTC 2023 - Martin Hauke <mar...@gmx.de>
+
+- Update to version 1.7.17 (bsc#1218098, CVE-2023-50472,
+ bsc#1218099, CVE-2023-50471):
+ * Fix null reference in cJSON_SetValuestring (CVE-2023-50472).
+ * Fix null reference in cJSON_InsertItemInArray (CVE-2023-50471).
+
+-------------------------------------------------------------------
Old:
----
cJSON-1.7.16.tar.gz
New:
----
cJSON-1.7.17.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ cJSON.spec ++++++
--- /var/tmp/diff_new_pack.G1HNQw/_old 2023-12-28 22:55:04.060418333 +0100
+++ /var/tmp/diff_new_pack.G1HNQw/_new 2023-12-28 22:55:04.064418479 +0100
@@ -2,7 +2,7 @@
# spec file for package cJSON
#
# Copyright (c) 2023 SUSE LLC
-# Copyright (c) 2020-2021, Martin Hauke <mar...@gmx.de>
+# Copyright (c) 2020-2023, Martin Hauke <mar...@gmx.de>
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -20,7 +20,7 @@
%global sover 1
%global libname libcjson%{sover}
Name: cJSON
-Version: 1.7.16
+Version: 1.7.17
Release: 0
Summary: JSON parser library written in ANSI C
License: MIT
++++++ cJSON-1.7.16.tar.gz -> cJSON-1.7.17.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cJSON-1.7.16/CHANGELOG.md
new/cJSON-1.7.17/CHANGELOG.md
--- old/cJSON-1.7.16/CHANGELOG.md 2023-07-05 05:22:19.000000000 +0200
+++ new/cJSON-1.7.17/CHANGELOG.md 2023-12-26 03:24:36.000000000 +0100
@@ -1,3 +1,10 @@
+1.7.17 (Dec 26, 2023)
+======
+Fixes:
+------
+* Fix null reference in cJSON_SetValuestring(CVE-2023-50472), see #809
+* Fix null reference in cJSON_InsertItemInArray(CVE-2023-50471), see #809 and
#810
+
1.7.16 (Jul 5, 2023)
======
Features:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cJSON-1.7.16/CMakeLists.txt
new/cJSON-1.7.17/CMakeLists.txt
--- old/cJSON-1.7.16/CMakeLists.txt 2023-07-05 05:22:19.000000000 +0200
+++ new/cJSON-1.7.17/CMakeLists.txt 2023-12-26 03:24:36.000000000 +0100
@@ -2,7 +2,7 @@
cmake_minimum_required(VERSION 3.0)
project(cJSON
- VERSION 1.7.16
+ VERSION 1.7.17
LANGUAGES C)
cmake_policy(SET CMP0054 NEW) # set CMP0054 policy
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cJSON-1.7.16/Makefile new/cJSON-1.7.17/Makefile
--- old/cJSON-1.7.16/Makefile 2023-07-05 05:22:19.000000000 +0200
+++ new/cJSON-1.7.17/Makefile 2023-12-26 03:24:36.000000000 +0100
@@ -8,7 +8,7 @@
LDLIBS = -lm
-LIBVERSION = 1.7.16
+LIBVERSION = 1.7.17
CJSON_SOVERSION = 1
UTILS_SOVERSION = 1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cJSON-1.7.16/cJSON.c new/cJSON-1.7.17/cJSON.c
--- old/cJSON-1.7.16/cJSON.c 2023-07-05 05:22:19.000000000 +0200
+++ new/cJSON-1.7.17/cJSON.c 2023-12-26 03:24:36.000000000 +0100
@@ -117,7 +117,7 @@
}
/* This is a safeguard to prevent copy-pasters from using incompatible C and
header files */
-#if (CJSON_VERSION_MAJOR != 1) || (CJSON_VERSION_MINOR != 7) ||
(CJSON_VERSION_PATCH != 16)
+#if (CJSON_VERSION_MAJOR != 1) || (CJSON_VERSION_MINOR != 7) ||
(CJSON_VERSION_PATCH != 17)
#error cJSON.h and cJSON.c have different versions. Make sure that both
have the same.
#endif
@@ -401,7 +401,12 @@
{
char *copy = NULL;
/* if object's type is not cJSON_String or is cJSON_IsReference, it should
not set valuestring */
- if (!(object->type & cJSON_String) || (object->type & cJSON_IsReference))
+ if ((object == NULL) || !(object->type & cJSON_String) || (object->type &
cJSON_IsReference))
+ {
+ return NULL;
+ }
+ /* return NULL if the object is corrupted */
+ if (object->valuestring == NULL)
{
return NULL;
}
@@ -2264,7 +2269,7 @@
{
cJSON *after_inserted = NULL;
- if (which < 0)
+ if (which < 0 || newitem == NULL)
{
return false;
}
@@ -2275,6 +2280,11 @@
return add_item_to_array(array, newitem);
}
+ if (after_inserted != array->child && after_inserted->prev == NULL) {
+ /* return false if after_inserted is a corrupted array item */
+ return false;
+ }
+
newitem->next = after_inserted;
newitem->prev = after_inserted->prev;
after_inserted->prev = newitem;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cJSON-1.7.16/cJSON.h new/cJSON-1.7.17/cJSON.h
--- old/cJSON-1.7.16/cJSON.h 2023-07-05 05:22:19.000000000 +0200
+++ new/cJSON-1.7.17/cJSON.h 2023-12-26 03:24:36.000000000 +0100
@@ -81,7 +81,7 @@
/* project version */
#define CJSON_VERSION_MAJOR 1
#define CJSON_VERSION_MINOR 7
-#define CJSON_VERSION_PATCH 16
+#define CJSON_VERSION_PATCH 17
#include <stddef.h>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cJSON-1.7.16/tests/misc_tests.c
new/cJSON-1.7.17/tests/misc_tests.c
--- old/cJSON-1.7.16/tests/misc_tests.c 2023-07-05 05:22:19.000000000 +0200
+++ new/cJSON-1.7.17/tests/misc_tests.c 2023-12-26 03:24:36.000000000 +0100
@@ -352,6 +352,19 @@
{
char buffer[10];
cJSON *item = cJSON_CreateString("item");
+ cJSON *array = cJSON_CreateArray();
+ cJSON *item1 = cJSON_CreateString("item1");
+ cJSON *item2 = cJSON_CreateString("corrupted array item3");
+ cJSON *corruptedString = cJSON_CreateString("corrupted");
+ struct cJSON *originalPrev;
+
+ add_item_to_array(array, item1);
+ add_item_to_array(array, item2);
+
+ originalPrev = item2->prev;
+ item2->prev = NULL;
+ free(corruptedString->valuestring);
+ corruptedString->valuestring = NULL;
cJSON_InitHooks(NULL);
TEST_ASSERT_NULL(cJSON_Parse(NULL));
@@ -411,6 +424,8 @@
cJSON_DeleteItemFromObject(item, NULL);
cJSON_DeleteItemFromObjectCaseSensitive(NULL, "item");
cJSON_DeleteItemFromObjectCaseSensitive(item, NULL);
+ TEST_ASSERT_FALSE(cJSON_InsertItemInArray(array, 0, NULL));
+ TEST_ASSERT_FALSE(cJSON_InsertItemInArray(array, 1, item));
TEST_ASSERT_FALSE(cJSON_InsertItemInArray(NULL, 0, item));
TEST_ASSERT_FALSE(cJSON_InsertItemInArray(item, 0, NULL));
TEST_ASSERT_FALSE(cJSON_ReplaceItemViaPointer(NULL, item, item));
@@ -427,10 +442,16 @@
TEST_ASSERT_NULL(cJSON_Duplicate(NULL, true));
TEST_ASSERT_FALSE(cJSON_Compare(item, NULL, false));
TEST_ASSERT_FALSE(cJSON_Compare(NULL, item, false));
+ TEST_ASSERT_NULL(cJSON_SetValuestring(NULL, "test"));
+ TEST_ASSERT_NULL(cJSON_SetValuestring(corruptedString, "test"));
cJSON_Minify(NULL);
/* skipped because it is only used via a macro that checks for NULL */
/* cJSON_SetNumberHelper(NULL, 0); */
+ /* restore corrupted item2 to delete it */
+ item2->prev = originalPrev;
+ cJSON_Delete(corruptedString);
+ cJSON_Delete(array);
cJSON_Delete(item);
}
