Merge pull request #6 from microsoft/joslobo/json-c-CVE-2020-12762.patch

Fix CVE-2020-12762
2020-08-10 19:04:33 -07:00 · 2020-08-10 19:04:33 -07:00 · e02dbde16c
parent 6e8641fa72 9aef25bbee
commit e02dbde16c
4 changed files with 104 additions and 7 deletions
--- a/SPECS/json-c/Fix-CVE-2020-12762.patch
+++ b/SPECS/json-c/Fix-CVE-2020-12762.patch
--- a/SPECS/json-c/json-c.spec
+++ b/SPECS/json-c/json-c.spec
@ -1,7 +1,7 @@
 Summary:        A JSON implementation in C
 Name:           json-c
 Version:        0.14
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        MIT
 Group:          System Environment/Base
 Vendor:         Microsoft Corporation
@ -10,6 +10,7 @@ URL:            https://github.com/json-c/json-c
 #Source0:       %{url}/archive/%{name}-%{version}-20200419.tar.gz
 Source0:        %{name}-%{name}-%{version}-20200419.tar.gz
 Patch0:         CVE-2020-12762.patch
+Patch1:         Fix-CVE-2020-12762.patch

 BuildRequires: cmake

@ -27,6 +28,7 @@ developing applications that use json-c.
 %prep
 %setup -q -n %{name}-%{name}-%{version}-20200419
 %patch0 -p1
+%patch1 -p1

 %build
 mkdir build
@ -57,6 +59,8 @@ make %{?_smp_mflags} check -C build
 %{_libdir}/pkgconfig/%{name}.pc

 %changelog
+*   Tue Aug 04 2020 Henry Beberman <henry.beberman@microsoft.com> 0.14-2
+-   Add a patch to fix a bug introduced by CVE-2020-12762.patch
 *   Mon Jun 08 2020 Pawel Winogrodzki <pawelwi@microsoft.com> 0.14-1
 -   Bumping up version and adding a patch to fix CVE-2020-12762.
 -   License verified.
--- a/toolkit/resources/manifests/package/toolchain_aarch64.txt
+++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt
@ -138,9 +138,9 @@ gzip-debuginfo-1.9-4.cm1.aarch64.rpm
 integritysetup-2.3.3-2.cm1.aarch64.rpm
 intltool-0.51.0-7.cm1.noarch.rpm
 itstool-2.0.6-3.cm1.noarch.rpm
-json-c-0.14-1.cm1.aarch64.rpm
-json-c-debuginfo-0.14-1.cm1.aarch64.rpm
-json-c-devel-0.14-1.cm1.aarch64.rpm
+json-c-0.14-2.cm1.aarch64.rpm
+json-c-debuginfo-0.14-2.cm1.aarch64.rpm
+json-c-devel-0.14-2.cm1.aarch64.rpm
 kbd-2.0.4-5.cm1.aarch64.rpm
 kbd-debuginfo-2.0.4-5.cm1.aarch64.rpm
 kernel-headers-5.4.42-1.cm1.noarch.rpm
--- a/toolkit/resources/manifests/package/toolchain_x86_64.txt
+++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt
@ -138,9 +138,9 @@ gzip-debuginfo-1.9-4.cm1.x86_64.rpm
 integritysetup-2.3.3-2.cm1.x86_64.rpm
 intltool-0.51.0-7.cm1.noarch.rpm
 itstool-2.0.6-3.cm1.noarch.rpm
-json-c-0.14-1.cm1.x86_64.rpm
-json-c-debuginfo-0.14-1.cm1.x86_64.rpm
-json-c-devel-0.14-1.cm1.x86_64.rpm
+json-c-0.14-2.cm1.x86_64.rpm
+json-c-debuginfo-0.14-2.cm1.x86_64.rpm
+json-c-devel-0.14-2.cm1.x86_64.rpm
 kbd-2.0.4-5.cm1.x86_64.rpm
 kbd-debuginfo-2.0.4-5.cm1.x86_64.rpm
 kernel-headers-5.4.42-1.cm1.noarch.rpm