Accepting request 1307970 from devel:libraries:c_c++

OBS-URL: https://build.opensuse.org/request/show/1307970
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cJSON?expand=0&rev=9

cJSON-1.7.18-misc_tests.patch

@@ -1,60 +0,0 @@
-From 5b502cdbfb21fbe5f6cf9ffbd2b96e4281a741e6 Mon Sep 17 00:00:00 2001
-From: Alanscut <wp_scut@163.com>
-Date: Thu, 9 May 2024 10:45:16 +0800
-Subject: [PATCH] feat: add tests for #842
-
-Add some tests for setting NULL to deallocated pointers
-releated to #842 and #833
----
- tests/CMakeLists.txt |  1 +
- tests/misc_tests.c   | 18 ++++++++++++++++++
- 2 files changed, 19 insertions(+)
-
-diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
-index c7592213..9e8962f6 100644
---- a/tests/CMakeLists.txt
-+++ b/tests/CMakeLists.txt
-@@ -62,6 +62,7 @@ if(ENABLE_CJSON_TEST)
- 
-     option(ENABLE_VALGRIND OFF "Enable the valgrind memory checker for the tests.")
-     if (ENABLE_VALGRIND)
-+        add_compile_definitions(ENABLE_VALGRIND)
-         find_program(MEMORYCHECK_COMMAND valgrind)
-         if ("${MEMORYCHECK_COMMAND}" MATCHES "MEMORYCHECK_COMMAND-NOTFOUND")
-             message(WARNING "Valgrind couldn't be found.")
-diff --git a/tests/misc_tests.c b/tests/misc_tests.c
-index ba3e003e..94dd91aa 100644
---- a/tests/misc_tests.c
-+++ b/tests/misc_tests.c
-@@ -732,6 +732,23 @@ static void cjson_set_bool_value_must_not_break_objects(void)
-     cJSON_Delete(sobj);
- }
- 
-+static void deallocated_pointers_should_be_set_to_null(void)
-+{
-+    /* deallocated pointers should be set to null */
-+    /* however, valgrind on linux reports when attempting to access a freed memory, we have to skip it */
-+#ifndef ENABLE_VALGRIND
-+    cJSON *string = cJSON_CreateString("item");
-+    cJSON *root = cJSON_CreateObject();
-+
-+    cJSON_Delete(string);
-+    free(string->valuestring);
-+
-+    cJSON_AddObjectToObject(root, "object");
-+    cJSON_Delete(root->child);
-+    free(root->child->string);
-+#endif
-+}
-+
- int CJSON_CDECL main(void)
- {
-     UNITY_BEGIN();
-@@ -762,6 +779,7 @@ int CJSON_CDECL main(void)
-     RUN_TEST(cjson_delete_item_from_array_should_not_broken_list_structure);
-     RUN_TEST(cjson_set_valuestring_to_object_should_not_leak_memory);
-     RUN_TEST(cjson_set_bool_value_must_not_break_objects);
-+    RUN_TEST(deallocated_pointers_should_be_set_to_null);
- 
-     return UNITY_END();
- }

cJSON-1.7.19.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7fa616e3046edfa7a28a32d5f9eacfd23f92900fe1f8ccd988c1662f30454562
+size 356247

cJSON.changes

@@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Sun Sep 21 04:50:28 UTC 2025 - Martin Hauke <mardnh@gmx.de>
+
+- Update to version 1.7.19
+  * Check for NULL in cJSON_DetachItemViaPointer.
+  * Check overlap before calling strcpy in cJSON_SetValuestring.
+  * Fix Max recursion depth for cJSON_Duplicate to prevent stack
+    exhaustion.
+  * Allocate memory for the temporary buffer when paring numbers.
+    This fixes CVE-2023-26819 (bsc#1241502).
+  * Fix the incorrect check in decode_array_index_from_pointer.
+    This fixes CVE-2025-57052 (bsc#1249112)
+- Remove not longer needed patch:
+  * cJSON-1.7.18-misc_tests.patch
+
 -------------------------------------------------------------------
 Wed Jun  5 16:34:08 UTC 2024 - Dirk Müller <dmueller@suse.com>
 

cJSON.spec

@@ -1,8 +1,8 @@
 #
 # spec file for package cJSON
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
-# Copyright (c) 2020-2023, Martin Hauke <mardnh@gmx.de>
+# Copyright (c) 2020-2025, Martin Hauke <mardnh@gmx.de>
 # Copyright (c) 2024 Andreas Stieger <Andreas.Stieger@gmx.de>
 #
 # All modifications and additions to the file contributed by third parties
@@ -21,7 +21,7 @@
 %global sover   1
 %global libname libcjson%{sover}
 Name:           cJSON
-Version:        1.7.18
+Version:        1.7.19
 Release:        0
 Summary:        JSON parser library written in ANSI C
 License:        MIT
@@ -29,7 +29,6 @@ Group:          System/Libraries
 URL:            https://github.com/DaveGamble/cJSON
 Source:         https://github.com/DaveGamble/cJSON/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
 Patch0:         cJSON-fix-cmake-include-path.patch
-Patch1:         cJSON-1.7.18-misc_tests.patch
 BuildRequires:  cmake
 BuildRequires:  pkgconfig
 
@@ -55,10 +54,7 @@ This subpackage contains libraries and header files for developing
 applications that want to make use of libcjson.
 
 %prep
-%setup -q
+%autosetup -p1
-# test is doing an access of freed memory which is undefined and glibc
-# is poisioning our memory so it's failing
-%patch -P1 -p1 -R
 
 %build
 %cmake