!50 [sync] PR-49: Fix read past end of buffer

From: @openeuler-sync-bot 
Reviewed-by: @yanan-rock 
Signed-off-by: @yanan-rock

backport-CVE-2021-32292-Fix-read-past-end-of-buffer.patch

@@ -0,0 +1,30 @@
+From 4e9e44e5258dee7654f74948b0dd5da39c28beec Mon Sep 17 00:00:00 2001
+From: Marc <34656315+MarcT512@users.noreply.github.com>
+Date: Fri, 7 Aug 2020 10:49:45 +0100
+Subject: [PATCH] Fix read past end of buffer
+
+Resolves https://github.com/json-c/json-c/issues/654
+
+Conflict:NA
+Reference:https://github.com/json-c/json-c/commit/4e9e44e5258dee7654f74948b0dd5da39c28beec
+
+---
+ apps/json_parse.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/apps/json_parse.c b/apps/json_parse.c
+index bba4622183..72b31a860a 100644
+--- a/apps/json_parse.c
++++ b/apps/json_parse.c
+@@ -82,7 +82,8 @@ static int parseit(int fd, int (*callback)(struct json_object *))
+ 			int parse_end = json_tokener_get_parse_end(tok);
+ 			if (obj == NULL && jerr != json_tokener_continue)
+ 			{
+-				char *aterr = &buf[start_pos + parse_end];
++				char *aterr = (start_pos + parse_end < sizeof(buf)) ?
++					&buf[start_pos + parse_end] : "";
+ 				fflush(stdout);
+ 				int fail_offset = total_read - ret + start_pos + parse_end;
+ 				fprintf(stderr, "Failed at offset %d: %s %c\n", fail_offset,
+-- 
+2.23.0

backport-json-escape-str-avoid-harmless-unsigned-integer-overflow.patch

@@ -0,0 +1,48 @@
+From 296db618e9d1862aea788e90e751b4999db41a2a Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Wed, 12 Jan 2022 23:43:03 +0100
+Subject: [PATCH] json_escape_str(): avoid harmless unsigned integer overflow
+
+Current behaviour is perfectly valid, since wrap-over upon overflow is
+well defined behaviour for unsigned types, but it is nevertheless nice to be
+able to build with -fsanitize=undefined,unsigned-integer-overflow
+
+There is no significant effect on the generated assembly as can be seen
+on the diff of objdump -d output on a optimized build (the compiler
+just decided to switch the order of a comparison):
+
+@@ -135,8 +135,8 @@
+  1d0:  0f 84 70 ff ff ff       je     146 <json_escape_str+0x146>
+  1d6:  4c 3b 24 24             cmp    (%rsp),%r12
+  1da:  0f 85 2d ff ff ff       jne    10d <json_escape_str+0x10d>
+- 1e0:  49 39 f4                cmp    %rsi,%r12
+- 1e3:  0f 87 b7 00 00 00       ja     2a0 <json_escape_str+0x2a0>
++ 1e0:  4c 39 e6                cmp    %r12,%rsi
++ 1e3:  0f 82 b7 00 00 00       jb     2a0 <json_escape_str+0x2a0>
+  1e9:  48 8b 44 24 18          mov    0x18(%rsp),%rax
+  1ee:  64 48 33 04 25 28 00    xor    %fs:0x28,%rax
+  1f5:  00 00
+
+Conflict:NA
+Reference:https://github.com/json-c/json-c/commit/296db618e9d1862aea788e90e751b4999db41a2a
+---
+ json_object.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/json_object.c b/json_object.c
+index 9198257..3216941 100644
+--- a/json_object.c
++++ b/json_object.c
+@@ -216,8 +216,9 @@ static int json_escape_str(struct printbuf *pb, const char *str, size_t len, int
+ {
+ 	int pos = 0, start_offset = 0;
+ 	unsigned char c;
+-	while (len--)
++	while (len)
+ 	{
++		--len;
+ 		c = str[pos];
+ 		switch (c)
+ 		{
+-- 
+2.27.0

json-c.spec

@@ -6,14 +6,17 @@
 
 Name:           json-c
 Version:        0.15
-Release:        1
+Release:        6
 Summary:        JSON implementation in C
 
 License:        MIT
 URL:            https://github.com/%{name}/%{name}
 Source0:        %{url}/archive/%{name}-%{version}-%{reldate}.tar.gz
 
-BuildRequires:  cmake gcc ninja-build json-c
+BuildRequires:  cmake gcc ninja-build
+
+Patch6000: backport-json-escape-str-avoid-harmless-unsigned-integer-overflow.patch
+Patch6001: backport-CVE-2021-32292-Fix-read-past-end-of-buffer.patch
 
 %description
 JSON-C implements a reference counting object model that allows you
@@ -68,23 +71,30 @@ doxygen -s -u doc/Doxyfile.in
 
 %__cmake --build "%{_vpath_builddir}" %{?_smp_mflags} --verbose --target all doc
 #%cmake_build
+
+%check
+%ninja_test -C %{_vpath_builddir}
  
 %install
 #%cmake_install
 DESTDIR="%{buildroot}" %__cmake --install "%{_vpath_builddir}"
 
-cp -a %{_libdir}/libjson-c.so.4 $RPM_BUILD_ROOT%{_libdir}
-cp -a %{_libdir}/libjson-c.so.4.0.0 $RPM_BUILD_ROOT%{_libdir}
 
 mkdir -p %{buildroot}%{_pkgdocdir}
 hardlink -cfv %{buildroot}%{_pkgdocdir}
 
+%pretrans devel -p <lua>
+path = "%{_includedir}/%{name}"
+st = posix.stat(path)
+if st and st.type == "link" then
+  os.remove(path)
+end
+
 %ldconfig_scriptlets
 
 %files
 %license AUTHORS COPYING
 %{_libdir}/lib%{name}.so.%{so_ver}*
-%{_libdir}/libjson-c.so.4*
 
 %files devel
 %{_includedir}/%{name}/
@@ -96,6 +106,25 @@ hardlink -cfv %{buildroot}%{_pkgdocdir}
 %doc %{_pkgdocdir}
 
 %changelog
+* Tue Aug 29 2023 sunhai <sunhai10@huawei.com> - 0.15-6
+- CVE:CVE-2021-32292
+- SUG:NA
+- DESC:Fix read past end of buffer
+
+* Fri Mar 17 2023 chenhaixing <chenhaixing@huawei.com> - 0.15-5
+- CVE:NA
+- SUG:NA
+- DESC:json-c:enable DT
+
+* Sat Sep 3 2022 zhangrui <zhangrui182@huawei.com> - 0.15-4
+- add remove unlink file in pretrans devel
+
+* Tue Aug 30 2022 zhouwenpei <zhouwenpei1@h-partners> - 0.15-3
+- delete old so files
+
+* Mon May  9 2022 wuchaochao <cyanrose@yeah.net> - 0.15-2
+- add backport-json-escape-str-avoid-harmless-unsigned-integer-overflow.patch
+
 * Thu Aug 20 2020 jinzhimin <jinzhimin2@huawei.com> - 0.15-1
 - update to 0.15