packages/json-lib
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:ce6865b8e21c38ccc5169dc2ba5760bb4155ce71
Branches Tags
packages:main
...
compare: packages:1ae9d8645770fed56d9ec15f8ae6008f78373dcd
Branches Tags
packages:main

10 Commits
ce6865b8e2 ... 1ae9d86457

Author SHA1 Message Date
openeuler-ci-bot
1ae9d86457
!34 fix: Handle unbalanced comment string for CVE-2024-47855 
From: @fandeyuan 
Reviewed-by: @wk333 
Signed-off-by: @wk333
 2024-10-08 02:44:16 +00:00
fandeyuan
32bfb4e8e9 fix: Handle unbalanced comment string for CVE-2024-47855 2024-10-08 10:16:47 +08:00
openeuler-ci-bot
7235223ee6 !19 [sync] PR-17: This package depends on log4j.After the log4j vulnerability CVE-2021-44832 is fixed,the version needs to be rebuild. 
Merge pull request !19 from openeuler-sync-bot/sync-pr17-openEuler-20.03-LTS-SP1-to-openEuler-20.03-LTS-SP3
 2021-12-30 12:40:59 +00:00
starlet-dx
3aad01e668 This package depends on log4j.After the log4j vulnerability CVE-2021-44832 is fixed,the version needs to be rebuild. 
(cherry picked from commit c1a786caac594dee1fae14314924616e48f0d7c1)
 2021-12-30 14:51:03 +08:00
openeuler-ci-bot
a4b8bdb24b !13 [sync] PR-11: This package depends on log4j.After the log4j vulnerability CVE-2021-45105 is fixed,the version needs to be rebuild. 
Merge pull request !13 from openeuler-sync-bot/sync-pr11-openEuler-20.03-LTS-SP1-to-openEuler-20.03-LTS-SP3
 2021-12-25 07:26:02 +00:00
starlet-dx
876471c210 This package depends on log4j.After the log4j vulnerability CVE-2021-45105 is fixed,the version needs to be rebuild. 
(cherry picked from commit da60db2d0fe63b66deb17ce8719ba3ad854cc54f)
 2021-12-24 21:04:02 +08:00
openeuler-ci-bot
def0db6924 !7 [sync] PR-5: This package depends on log4j.After the log4j vulnerability CVE-2021-44228 is fixed,the version needs to be rebuild. 
Merge pull request !7 from openeuler-sync-bot/sync-pr5-openEuler-20.03-LTS-SP1-to-openEuler-20.03-LTS-SP3
 2021-12-19 14:51:33 +00:00
wk333
161c562b01 This package depends on log4j.After the log4j vulnerability CVE-2021-44228 is fixed,the version needs to be rebuild. 
(cherry picked from commit 0e1b4cbbe0efc1e6d8511bcbbac9eb34f17be918)
 2021-12-17 15:38:44 +08:00
openeuler-ci-bot
4394e66f5b !2 Fix build errors 
From: @wang_yue111
Reviewed-by: @small_leek
Signed-off-by: @small_leek
 2020-09-14 15:18:30 +08:00
root
cfa6262d4b Fix build errors 2020-09-14 14:22:27 +08:00
2 changed files with 103 additions and 3 deletions
Show Stats Expand all files Collapse all files

81
0001-fix-Handle-unbalanced-comment-string.patch Normal file
View File

@ -0,0 +1,81 @@
From a0c4a0eae277130e22979cf307c95dec4005a78e Mon Sep 17 00:00:00 2001
From: Andres Almiray <aalmiray@gmail.com>
Date: Thu, 26 Sep 2024 17:47:11 -0500
Subject: [PATCH] fix: Handle unbalanced comment string
---
.../src/main/java/net/sf/json/util/JSONTokener.java | 2 ++
.../src/test/java/net/sf/json/TestJSONSerializer.java | 9 +++++++++
src/main/java/net/sf/json/util/JSONTokener.java | 2 ++
src/test/java/net/sf/json/TestJSONSerializer.java | 9 +++++++++
4 files changed, 22 insertions(+)
diff --git a/jenkins-json-lib-2.4/src/main/java/net/sf/json/util/JSONTokener.java b/jenkins-json-lib-2.4/src/main/java/net/sf/json/util/JSONTokener.java
index 655cd7c..aad6f3b 100644
--- a/jenkins-json-lib-2.4/src/main/java/net/sf/json/util/JSONTokener.java
+++ b/jenkins-json-lib-2.4/src/main/java/net/sf/json/util/JSONTokener.java
@@ -192,6 +192,8 @@ public class JSONTokener {
if (c == '*') {
if (next() == '/') {
break;
+ } else if (!more()) {
+ return 0;
}
back();
}
diff --git a/jenkins-json-lib-2.4/src/test/java/net/sf/json/TestJSONSerializer.java b/jenkins-json-lib-2.4/src/test/java/net/sf/json/TestJSONSerializer.java
index 6a15863..d0c9ff4 100644
--- a/jenkins-json-lib-2.4/src/test/java/net/sf/json/TestJSONSerializer.java
+++ b/jenkins-json-lib-2.4/src/test/java/net/sf/json/TestJSONSerializer.java
@@ -139,6 +139,15 @@ public class TestJSONSerializer extends TestCase {
assertEquals(beanB.getValue(), ((ValueBean) bb).getValue());
}
+ public void testToJava_JSONObject_5() throws Exception {
+ try {
+ JSONObject.fromObject("/**");
+ fail("Should have thrown a JSONException");
+ } catch (JSONException expected) {
+ // ok
+ }
+ }
+
public void testToJava_JSONObject_and_reset() throws Exception {
String json = "{bool:true,integer:1,string:\"json\"}";
JSONObject jsonObject = JSONObject.fromObject(json);
diff --git a/src/main/java/net/sf/json/util/JSONTokener.java b/src/main/java/net/sf/json/util/JSONTokener.java
index 4f6ff94..0cdde2b 100644
--- a/src/main/java/net/sf/json/util/JSONTokener.java
+++ b/src/main/java/net/sf/json/util/JSONTokener.java
@@ -196,6 +196,8 @@ public class JSONTokener {
if( c == '*' ){
if( next() == '/' ){
break;
+ } else if (!more()){
+ return 0;
}
back();
}
diff --git a/src/test/java/net/sf/json/TestJSONSerializer.java b/src/test/java/net/sf/json/TestJSONSerializer.java
index 7397769..89c145d 100644
--- a/src/test/java/net/sf/json/TestJSONSerializer.java
+++ b/src/test/java/net/sf/json/TestJSONSerializer.java
@@ -139,6 +139,15 @@ public class TestJSONSerializer extends TestCase {
assertEquals( beanB.getValue(), ((ValueBean) bb).getValue() );
}
+ public void testToJava_JSONObject_5() throws Exception {
+ try {
+ JSONObject.fromObject("/**");
+ fail("Should have thrown a JSONException");
+ } catch (JSONException expected) {
+ // ok
+ }
+ }
+
public void testToJava_JSONObject_and_reset() throws Exception {
String json = "{bool:true,integer:1,string:\"json\"}";
JSONObject jsonObject = JSONObject.fromObject( json );
--
2.43.0

25
json-lib.spec
View File

@ -1,6 +1,6 @@
Name: json-lib
Version: 2.4
Release: 16
Release: 21
Summary: JSON library for Java
License: ASL 2.0
URL: http://json-lib.sourceforge.net/
@ -10,6 +10,8 @@ Source0: %{name}-%{version}.tar.xz
Source1: jenkins-%{name}-%{version}.tar.xz
Source2: http://repo.jenkins-ci.org/releases/org/kohsuke/stapler/json-lib/%{version}-jenkins-3/json-lib-%{version}-jenkins-3.pom
Patch1: 0001-fix-Handle-unbalanced-comment-string.patch
BuildRequires: java-devel maven-local maven-shared maven-surefire-provider-junit
BuildRequires: mvn(commons-beanutils:commons-beanutils) mvn(commons-lang:commons-lang)
BuildRequires: mvn(commons-collections:commons-collections) mvn(junit:junit) mvn(log4j:log4j)
@ -41,8 +43,10 @@ Obsoletes: %{name}-javadoc < %{version}-%{release}
Help documentation for json-lib package.
%prep
%autosetup -n %{name}-%{version} -p1
%setup -q %{name}-%{version}
tar xf %{SOURCE1}
%patch -P1 -p1
find -name "*.jar" -or -name "*.class" | xargs rm -rf
%pom_xpath_set "pom:project/pom:dependencies/pom:dependency[pom:groupId = 'org.codehaus.groovy']/pom:artifactId" groovy
@ -74,7 +78,7 @@ cd -
%build
%mvn_file : json-lib
%mvn_build -- -Dproject.build.sourceEncoding=UTF-8
%mvn_build -f -- -Dproject.build.sourceEncoding=UTF-8
cd jenkins-json-lib-%{version}
%mvn_build -f
@ -97,5 +101,20 @@ cd -
%license LICENSE.txt
%changelog
* Mon Oct 07 2024 Deyuan Fan <fandeyuan@kylinos.cn> - 2.4-21
- fix: Handle unbalanced comment string for CVE-2024-47855
* Wed Dec 29 2021 yaoxin <yaoxin30@huawei.com> - 2.4-20
- This package depends on log4j.After the log4j vulnerability CVE-2021-44832 is fixed,the version needs to be rebuild.
* Fri Dec 24 2021 yaoxin <yaoxin30@huawei.com> - 2.4-19
- This package depends on log4j.After the log4j vulnerability CVE-2021-45105 is fixed,the version needs to be rebuild.
* Thu Dec 16 2021 wangkai <wangkai385@huawei.com> - 2.4-18
- This package depends on log4j.After the log4j vulnerability CVE-2021-44228 is fixed,the version needs to be rebuild.
* Mon Sep 14 2020 wangyue <wangyue92@huawei.com> - 2.4-17
- Fix build errors
* Sat Mar 07 2020 daiqianwen <daiqianwen@huawei.com> - 2.4-16
- Package init