yajl-2.1.0-12.el8
- fix CVE-2023-33460 - Resolves: #2221252 Signed-off-by: Jindrich Novy <jnovy@redhat.com>
This commit is contained in:
parent
db549b08a8
commit
8c1f8f301b
23
23a122eddaa28165a6c219000adcc31ff9a8a698.patch
Normal file
23
23a122eddaa28165a6c219000adcc31ff9a8a698.patch
Normal file
@ -0,0 +1,23 @@
|
||||
From 23a122eddaa28165a6c219000adcc31ff9a8a698 Mon Sep 17 00:00:00 2001
|
||||
From: "zhang.jiujiu" <282627424@qq.com>
|
||||
Date: Tue, 7 Dec 2021 22:37:02 +0800
|
||||
Subject: [PATCH] fix memory leaks
|
||||
|
||||
---
|
||||
src/yajl_tree.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/src/yajl_tree.c b/src/yajl_tree.c
|
||||
index b9e66043..0e7bde98 100644
|
||||
--- a/src/yajl_tree.c
|
||||
+++ b/src/yajl_tree.c
|
||||
@@ -456,6 +456,9 @@ yajl_val yajl_tree_parse (const char *input,
|
||||
yajl_tree_free(v);
|
||||
}
|
||||
yajl_free (handle);
|
||||
+ //If the requested memory is not released in time, it will cause memory leakage
|
||||
+ if(ctx.root)
|
||||
+ yajl_tree_free(ctx.root);
|
||||
return NULL;
|
||||
}
|
||||
|
34
3d65cb0c6db4d433e5e42ee7d91d8a04e21337cf.patch
Normal file
34
3d65cb0c6db4d433e5e42ee7d91d8a04e21337cf.patch
Normal file
@ -0,0 +1,34 @@
|
||||
From 3d65cb0c6db4d433e5e42ee7d91d8a04e21337cf Mon Sep 17 00:00:00 2001
|
||||
From: wujing <wujing50@huawei.com>
|
||||
Date: Thu, 14 Feb 2019 03:12:30 +0800
|
||||
Subject: [PATCH] yajl: fix memory leak problem
|
||||
|
||||
reason: fix memory leak problem
|
||||
---
|
||||
src/yajl_tree.c | 6 +++++-
|
||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/yajl_tree.c b/src/yajl_tree.c
|
||||
index 3d357a32..4b3cf2b1 100644
|
||||
--- a/src/yajl_tree.c
|
||||
+++ b/src/yajl_tree.c
|
||||
@@ -143,7 +143,7 @@ static yajl_val context_pop(context_t *ctx)
|
||||
ctx->stack = stack->next;
|
||||
|
||||
v = stack->value;
|
||||
-
|
||||
+ free (stack->key);
|
||||
free (stack);
|
||||
|
||||
return (v);
|
||||
@@ -444,6 +444,10 @@ yajl_val yajl_tree_parse (const char *input,
|
||||
snprintf(error_buffer, error_buffer_size, "%s", internal_err_str);
|
||||
YA_FREE(&(handle->alloc), internal_err_str);
|
||||
}
|
||||
+ while(ctx.stack != NULL) {
|
||||
+ yajl_val v = context_pop(&ctx);
|
||||
+ yajl_tree_free(v);
|
||||
+ }
|
||||
yajl_free (handle);
|
||||
return NULL;
|
||||
}
|
10
yajl.spec
10
yajl.spec
@ -3,7 +3,7 @@
|
||||
|
||||
Name: yajl
|
||||
Version: 2.1.0
|
||||
Release: 11%{?dist}
|
||||
Release: 12%{?dist}
|
||||
Summary: Yet Another JSON Library (YAJL)
|
||||
|
||||
License: ISC
|
||||
@ -24,6 +24,8 @@ Patch2: %{name}-%{version}-pkgconfig-includedir.patch
|
||||
Patch3: %{name}-%{version}-test-location.patch
|
||||
Patch4: %{name}-%{version}-dynlink-binaries.patch
|
||||
Patch5: https://github.com/containers/yajl/commit/49923ccb2143e36850bcdeb781e2bcdf5ce22f15.patch
|
||||
Patch6: https://github.com/openEuler-BaseService/yajl/commit/3d65cb0c6db4d433e5e42ee7d91d8a04e21337cf.patch
|
||||
Patch7: https://github.com/openEuler-BaseService/yajl/commit/23a122eddaa28165a6c219000adcc31ff9a8a698.patch
|
||||
|
||||
BuildRequires: gcc
|
||||
BuildRequires: cmake
|
||||
@ -52,6 +54,8 @@ necessary for developing against the YAJL library
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
|
||||
%build
|
||||
# NB, we are not using upstream's 'configure'/'make'
|
||||
@ -96,6 +100,10 @@ cd test
|
||||
|
||||
|
||||
%changelog
|
||||
* Wed Jul 12 2023 Jindrich Novy <jnovy@redhat.com> - 2.1.0-12
|
||||
- fix CVE-2023-33460
|
||||
- Resolves: #2221252
|
||||
|
||||
* Wed Apr 27 2022 Jindrich Novy <jnovy@redhat.com> - 2.1.0-11
|
||||
- fix CVE-2022-24795
|
||||
- Related: #2061390
|
||||
|
Loading…
Reference in New Issue
Block a user