SOURCES/23a122eddaa28165a6c219000adcc31ff9a8a698.patch

@@ -0,0 +1,23 @@
+From 23a122eddaa28165a6c219000adcc31ff9a8a698 Mon Sep 17 00:00:00 2001
+From: "zhang.jiujiu" <282627424@qq.com>
+Date: Tue, 7 Dec 2021 22:37:02 +0800
+Subject: [PATCH] fix memory leaks
+
+---
+ src/yajl_tree.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/yajl_tree.c b/src/yajl_tree.c
+index b9e66043..0e7bde98 100644
+--- a/src/yajl_tree.c
++++ b/src/yajl_tree.c
+@@ -456,6 +456,9 @@ yajl_val yajl_tree_parse (const char *input,
+              yajl_tree_free(v);
+         }
+         yajl_free (handle);
++	//If the requested memory is not released in time, it will cause memory leakage
++	if(ctx.root)
++	     yajl_tree_free(ctx.root);
+         return NULL;
+     }
+ 

SOURCES/3d65cb0c6db4d433e5e42ee7d91d8a04e21337cf.patch

@@ -0,0 +1,34 @@
+From 3d65cb0c6db4d433e5e42ee7d91d8a04e21337cf Mon Sep 17 00:00:00 2001
+From: wujing <wujing50@huawei.com>
+Date: Thu, 14 Feb 2019 03:12:30 +0800
+Subject: [PATCH] yajl: fix memory leak problem
+
+reason: fix memory leak problem
+---
+ src/yajl_tree.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/yajl_tree.c b/src/yajl_tree.c
+index 3d357a32..4b3cf2b1 100644
+--- a/src/yajl_tree.c
++++ b/src/yajl_tree.c
+@@ -143,7 +143,7 @@ static yajl_val context_pop(context_t *ctx)
+     ctx->stack = stack->next;
+ 
+     v = stack->value;
+-
++    free (stack->key);
+     free (stack);
+ 
+     return (v);
+@@ -444,6 +444,10 @@ yajl_val yajl_tree_parse (const char *input,
+              snprintf(error_buffer, error_buffer_size, "%s", internal_err_str);
+              YA_FREE(&(handle->alloc), internal_err_str);
+         }
++        while(ctx.stack != NULL) {
++             yajl_val v = context_pop(&ctx);
++             yajl_tree_free(v);
++        }
+         yajl_free (handle);
+         return NULL;
+     }

SPECS/yajl.spec

@@ -3,7 +3,7 @@
 
 Name: yajl
 Version: 2.1.0
-Release: 11%{?dist}
+Release: 12%{?dist}
 Summary: Yet Another JSON Library (YAJL)
 
 License: ISC
@@ -24,6 +24,8 @@ Patch2: %{name}-%{version}-pkgconfig-includedir.patch
 Patch3: %{name}-%{version}-test-location.patch
 Patch4: %{name}-%{version}-dynlink-binaries.patch
 Patch5: https://github.com/containers/yajl/commit/49923ccb2143e36850bcdeb781e2bcdf5ce22f15.patch
+Patch6: https://github.com/openEuler-BaseService/yajl/commit/3d65cb0c6db4d433e5e42ee7d91d8a04e21337cf.patch
+Patch7: https://github.com/openEuler-BaseService/yajl/commit/23a122eddaa28165a6c219000adcc31ff9a8a698.patch
 
 BuildRequires:  gcc
 BuildRequires: cmake
@@ -52,6 +54,8 @@ necessary for developing against the YAJL library
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
+%patch6 -p1
+%patch7 -p1
 
 %build
 # NB, we are not using upstream's 'configure'/'make'
@@ -96,6 +100,10 @@ cd test
 
 
 %changelog
+* Wed Jul 12 2023 Jindrich Novy <jnovy@redhat.com> - 2.1.0-12
+- fix CVE-2023-33460
+- Resolves: #2221252
+
 * Wed Apr 27 2022 Jindrich Novy <jnovy@redhat.com> - 2.1.0-11
 - fix CVE-2022-24795
 - Related: #2061390