pool/python-orjson
SHA256
17
0
Fork 2
Code Issues Pull Requests Activity

Compare commits

merge into: pool:factory
Branches Tags
pool:factory pool:slfo-main pool:slfo-1.2
...
pull from: pool:slfo-main
Branches Tags
pool:factory pool:slfo-main pool:slfo-1.2

1 Commits
factory ... slfo-main

Author SHA256 Message Date
Daniel Garcia Moreno
00f03220b9 Fix write outsize of allocated memory on json dump 
Add CVE-2025-67221.patch to fix write outsize of allocated memory
on json dump (bsc#1257121, gh#ijl/orjson#637)
 2026-01-26 09:53:38 +01:00
3 changed files with 54 additions and 1 deletions
Expand all files Collapse all files

45
CVE-2025-67221.patch Normal file
View File

@@ -0,0 +1,45 @@
From e959d90ac722022b781b19f86e6ea9adaba8e383 Mon Sep 17 00:00:00 2001
From: Daniel Garcia Moreno <dani@danigm.net>
Date: Fri, 23 Jan 2026 20:22:23 +0100
Subject: [PATCH] formatter: reserve_minimum in end_ methods
In highly nested json objects it's possible to have a lot of consecutive
closing characters that are added by end_array and end_object. These
methods adds one byte without checking the buffer capacity, so it's
possible to try to write when there's no capacity.
This patch makes sure that the buffer has at least minimum space before
writing.
This is the upstream commit that removes this check: c369ea44820e2e0798f17f99a0dff65bec2186a9
```
$ git log -p c369ea44820e2e0798f17f99a0dff65bec2186a9 -- src/serialize/writer/formatter.rs
```
Fix https://github.com/ijl/orjson/issues/636
---
src/serialize/writer/formatter.rs | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Index: orjson-3.10.15/src/serialize/writer/formatter.rs
===================================================================
--- orjson-3.10.15.orig/src/serialize/writer/formatter.rs
+++ orjson-3.10.15/src/serialize/writer/formatter.rs
@@ -202,7 +202,7 @@ pub trait Formatter {
where
W: ?Sized + io::Write + WriteExt,
{
- debug_assert_has_capacity!(writer);
+ reserve_minimum!(writer);
unsafe { writer.write_reserved_punctuation(b']').unwrap() };
Ok(())
}
@@ -244,7 +244,7 @@ pub trait Formatter {
where
W: ?Sized + io::Write + WriteExt,
{
- debug_assert_has_capacity!(writer);
+ reserve_minimum!(writer);
unsafe {
writer.write_reserved_punctuation(b'}').unwrap();
}

6
python-orjson.changes
View File

@@ -1,3 +1,9 @@
-------------------------------------------------------------------
Mon Jan 26 08:53:23 UTC 2026 - Daniel Garcia <daniel.garcia@suse.com>
- Add CVE-2025-67221.patch to fix write outsize of allocated memory
on json dump (bsc#1257121, gh#ijl/orjson#637)
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Feb 7 12:53:21 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com> Fri Feb 7 12:53:21 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>

4
python-orjson.spec
View File

@@ -29,6 +29,8 @@ Source1: vendor.tar.xz
Source2: https://files.pythonhosted.org/packages/source/o/orjson/orjson-%{version}.tar.gz Source2: https://files.pythonhosted.org/packages/source/o/orjson/orjson-%{version}.tar.gz
Source3: devendor-sdist.sh Source3: devendor-sdist.sh
Source4: PACKAGING_README.md Source4: PACKAGING_README.md
# PATCH-FIX-OPENSUSE CVE-2025-67221.patch gh#ijl/orjson#637
Patch0: CVE-2025-67221.patch
BuildRequires: %{python_module base >= 3.8} BuildRequires: %{python_module base >= 3.8}
BuildRequires: %{python_module maturin >= 1} BuildRequires: %{python_module maturin >= 1}
BuildRequires: %{python_module pip} BuildRequires: %{python_module pip}
@@ -53,7 +55,7 @@ orjson is a fast JSON library for Python.
It benchmarks as the fastest Python library for JSON. It benchmarks as the fastest Python library for JSON.
%prep %prep
%autosetup -a1 -n orjson-%{version} %autosetup -p1 -a1 -n orjson-%{version}
%build %build
%pyproject_wheel %pyproject_wheel