Control: tags -1 upstream patch thanks On Mon, Sep 01, 2025 at 12:37:01AM +0200, [email protected] wrote: > [...] > During a test rebuild for CMake 4, cjson failed to rebuild. > [...] > CMake Error at CMakeLists.txt:2 (cmake_minimum_required): > Compatibility with CMake < 3.5 has been removed from CMake. > [...]
JFTR, there are two upstream PRs touching this issue, cf. <https://github.com/DaveGamble/cJSON/pull/935> and <https://github.com/DaveGamble/cJSON/pull/949>, both resolving this, albeit in slightly different ways. I could NMU if you are not available at the moment. It seems upstream hasn't commented yet on either, and none are part of the most recent release at <https://github.com/DaveGamble/cJSON/releases/tag/v1.7.19>, which also contains the fix for CVE-2025-57052, i.e. it fixes the incorrect check in decode_array_index_from_pointer, cf. <https://sources.debian.org/src/cjson/1.7.18-3.1%2Bdeb13u1/debian/patches/CVE-2025-57052.patch-> and <https://github.com/DaveGamble/cJSON/pull/957>. HTH, Flo
signature.asc
Description: PGP signature
