diff options
author | Patrick Williams <patrick@stwcx.xyz> | 2023-06-15 01:50:09 +0300 |
---|---|---|
committer | Patrick Williams <patrick@stwcx.xyz> | 2023-06-15 01:56:06 +0300 |
commit | c2858f16b31b065f92c42c838cf21d3592bc06e7 (patch) | |
tree | 58ffae2ee30976a58733f0ad4a3e6950b4258987 /meta-openembedded/meta-oe/recipes-devtools/jsoncpp/jsoncpp/0001-json_writer-fix-inverted-sense-in-isAnyCharRequiredQ.patch | |
parent | 841583d6ba5918b60868b708ff0b89cf0409efa7 (diff) | |
download | openbmc-dunfell.tar.xz |
subtree updatesdunfell
poky: a631bfc3a3..733d919af4:
Alex Kiernan (2):
pypi.bbclass: Set CVE_PRODUCT to PYPI_PACKAGE
openssh: Move sshdgenkeys.service to sshd.socket
Arturo Buzarra (1):
run-postinsts: Set dependency for ldconfig to avoid boot issues
Ashish Sharma (2):
connman: Fix CVE-2023-28488 DoS in client.c
golang: Fix CVE-2023-24539
Bruce Ashfield (5):
linux-yocto/5.4: update to v5.4.238
linux-yocto/5.4: update to v5.4.240
linux-yocto/5.4: update to v5.4.241
linux-yocto/5.4: update to v5.4.242
linux-yocto/5.4: update to v5.4.243
Dmitry Baryshkov (1):
linux-firmware: upgrade 20230210 -> 20230404
Hitendra Prajapati (2):
git: fix CVE-2023-29007
git: fix CVE-2023-25652
Khem Raj (1):
perf: Depend on native setuptools3
Marek Vasut (1):
cpio: Fix wrong CRC with ASCII CRC for large files
Martin Jansa (1):
populate_sdk_ext.bbclass: set METADATA_REVISION with an DISTRO override
Nikhil R (1):
ffmpeg: Fix CVE-2022-48434
Peter Marko (1):
libxml2: patch CVE-2023-28484 and CVE-2023-29469
Randolph Sapp (1):
wic/bootimg-efi: if fixed-size is set then use that for mkdosfs
Ranjitsinh Rathod (1):
libbsd: Add correct license for all packages
Shubham Kulkarni (1):
go: Security fix for CVE-2023-24538
Siddharth (1):
curl: ammend fix for CVE-2023-27534 to fix error when ssh is enabled
Steve Sakoman (1):
selftest: skip virgl test on ubuntu 22.10, fedora 37, and all rocky
Thomas Roos (1):
oeqa/utils/metadata.py: Fix running oe-selftest running with no distro set
Vijay Anusuri (3):
ghostscript: Fix CVE-2023-28879
xserver-xorg: Security fix CVE-2023-0494 and CVE-2023-1393
go: Security fix CVE-2023-24540
Vivek Kumbhar (1):
freetype: fix CVE-2023-2004 integer overflowin in tt_hvadvance_adjust() in src/truetype/ttgxvar.c
Yoann Congal (1):
linux-yocto: Exclude 294 CVEs already fixed upstream
meta-openembedded: 7007d14c25..116bfe8d5e:
Alex Yao (1):
lcov: Fix Perl Path
Hitendra Prajapati (1):
multipath-tools: CVE-2022-41973 Symlink attack multipathd operates insecurely
Hugo SIMELIERE (3):
openvpn: add CVE-2020-7224 and CVE-2020-27569 to allowlist
openvpn: upgrade 2.4.9 -> 2.4.12
libmodbus: Fix CVE-2022-0367
Jack Mitchell (2):
nss: backport fix for native build failure due to implicit casting with gcc13
nss: backport fix for native build failure due to dangling pointer with gcc13
Narpat Mali (1):
nodejs: make 14.18.1 available but not default
Valeria Petrov (1):
apache2: upgrade 2.4.56 -> 2.4.57
Viktor Rosendahl (1):
jsoncpp: Fix broken handling of escape characters
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I8260e0168ea1ddec7ee03555e4f5653155e0ab45
Diffstat (limited to 'meta-openembedded/meta-oe/recipes-devtools/jsoncpp/jsoncpp/0001-json_writer-fix-inverted-sense-in-isAnyCharRequiredQ.patch')
-rw-r--r-- | meta-openembedded/meta-oe/recipes-devtools/jsoncpp/jsoncpp/0001-json_writer-fix-inverted-sense-in-isAnyCharRequiredQ.patch | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/meta-openembedded/meta-oe/recipes-devtools/jsoncpp/jsoncpp/0001-json_writer-fix-inverted-sense-in-isAnyCharRequiredQ.patch b/meta-openembedded/meta-oe/recipes-devtools/jsoncpp/jsoncpp/0001-json_writer-fix-inverted-sense-in-isAnyCharRequiredQ.patch new file mode 100644 index 0000000000..784f175eea --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/jsoncpp/jsoncpp/0001-json_writer-fix-inverted-sense-in-isAnyCharRequiredQ.patch @@ -0,0 +1,52 @@ +From 2d5a94aeeab01f0448b5a0bb8d4a9a23a5b790d5 Mon Sep 17 00:00:00 2001 +From: Andrew Childs <lorne@cons.org.nz> +Date: Sat, 28 Dec 2019 16:04:24 +0900 +Subject: [PATCH] json_writer: fix inverted sense in isAnyCharRequiredQuoting + (#1120) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This bug is only affects platforms where `char` is unsigned. + +When char is a signed type, values >= 0x80 are also considered < 0, +and hence require escaping due to the < ' ' condition. + +When char is an unsigned type, values >= 0x80 match none of the +conditions and are considered safe to emit without escaping. + +This shows up as a test failure: + +* Detail of EscapeSequenceTest/writeEscapeSequence test failure: +/build/source/src/test_lib_json/main.cpp(3370): expected == result + Expected: '["\"","\\","\b","\f","\n","\r","\t","\u0278","\ud852\udf62"] + ' + Actual : '["\"","\\","\b","\f","\n","\r","\t","ɸ","𤭢"] + ' +Upstream-Status: Backport [https://github.com/open-source-parsers/jsoncpp/commit/f11611c8785082ead760494cba06196f14a06dcb] + +Signed-off-by: Viktor Rosendahl <Viktor.Rosendahl@bmw.de> + +--- + src/lib_json/json_writer.cpp | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/lib_json/json_writer.cpp b/src/lib_json/json_writer.cpp +index 519ce23..b68a638 100644 +--- a/src/lib_json/json_writer.cpp ++++ b/src/lib_json/json_writer.cpp +@@ -178,8 +178,9 @@ static bool isAnyCharRequiredQuoting(char const* s, size_t n) { + + char const* const end = s + n; + for (char const* cur = s; cur < end; ++cur) { +- if (*cur == '\\' || *cur == '\"' || *cur < ' ' || +- static_cast<unsigned char>(*cur) < 0x80) ++ if (*cur == '\\' || *cur == '\"' || ++ static_cast<unsigned char>(*cur) < ' ' || ++ static_cast<unsigned char>(*cur) >= 0x80) + return true; + } + return false; +-- +2.17.1 + |