.gitignore

@@ -1,5 +1 @@
-.build*.log
+SOURCES/yajl-2.1.0.tar.gz
-*.rpm
-i386
-x86_64
-*.tar.gz

.yajl.metadata

@@ -0,0 +1 @@
+29ce2b9695ae93e1b0b349a22cea8067f25a9025 SOURCES/yajl-2.1.0.tar.gz

23a122eddaa28165a6c219000adcc31ff9a8a698.patch

@@ -1,23 +0,0 @@
-From 23a122eddaa28165a6c219000adcc31ff9a8a698 Mon Sep 17 00:00:00 2001
-From: "zhang.jiujiu" <282627424@qq.com>
-Date: Tue, 7 Dec 2021 22:37:02 +0800
-Subject: [PATCH] fix memory leaks
-
----
- src/yajl_tree.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/src/yajl_tree.c b/src/yajl_tree.c
-index b9e66043..0e7bde98 100644
---- a/src/yajl_tree.c
-+++ b/src/yajl_tree.c
-@@ -456,6 +456,9 @@ yajl_val yajl_tree_parse (const char *input,
-              yajl_tree_free(v);
-         }
-         yajl_free (handle);
-+	//If the requested memory is not released in time, it will cause memory leakage
-+	if(ctx.root)
-+	     yajl_tree_free(ctx.root);
-         return NULL;
-     }
- 

3d65cb0c6db4d433e5e42ee7d91d8a04e21337cf.patch

@@ -1,34 +0,0 @@
-From 3d65cb0c6db4d433e5e42ee7d91d8a04e21337cf Mon Sep 17 00:00:00 2001
-From: wujing <wujing50@huawei.com>
-Date: Thu, 14 Feb 2019 03:12:30 +0800
-Subject: [PATCH] yajl: fix memory leak problem
-
-reason: fix memory leak problem
----
- src/yajl_tree.c | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/src/yajl_tree.c b/src/yajl_tree.c
-index 3d357a32..4b3cf2b1 100644
---- a/src/yajl_tree.c
-+++ b/src/yajl_tree.c
-@@ -143,7 +143,7 @@ static yajl_val context_pop(context_t *ctx)
-     ctx->stack = stack->next;
- 
-     v = stack->value;
--
-+    free (stack->key);
-     free (stack);
- 
-     return (v);
-@@ -444,6 +444,10 @@ yajl_val yajl_tree_parse (const char *input,
-              snprintf(error_buffer, error_buffer_size, "%s", internal_err_str);
-              YA_FREE(&(handle->alloc), internal_err_str);
-         }
-+        while(ctx.stack != NULL) {
-+             yajl_val v = context_pop(&ctx);
-+             yajl_tree_free(v);
-+        }
-         yajl_free (handle);
-         return NULL;
-     }

SPECS/yajl.spec

@@ -3,7 +3,7 @@
 
 Name: yajl
 Version: 2.1.0
-Release: 13%{?dist}
+Release: 11%{?dist}
 Summary: Yet Another JSON Library (YAJL)
 
 License: ISC
@@ -24,9 +24,6 @@ Patch2: %{name}-%{version}-pkgconfig-includedir.patch
 Patch3: %{name}-%{version}-test-location.patch
 Patch4: %{name}-%{version}-dynlink-binaries.patch
 Patch5: https://github.com/containers/yajl/commit/49923ccb2143e36850bcdeb781e2bcdf5ce22f15.patch
-Patch6: https://github.com/openEuler-BaseService/yajl/commit/3d65cb0c6db4d433e5e42ee7d91d8a04e21337cf.patch
-Patch7: https://github.com/openEuler-BaseService/yajl/commit/23a122eddaa28165a6c219000adcc31ff9a8a698.patch
-Patch8: yajl-2.1.0-CVE-2022-24795.patch
 
 BuildRequires:  gcc
 BuildRequires: cmake
@@ -55,9 +52,6 @@ necessary for developing against the YAJL library
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
-%patch6 -p1
-%patch7 -p1
-%patch8 -p1
 
 %build
 # NB, we are not using upstream's 'configure'/'make'
@@ -102,14 +96,6 @@ cd test
 
 
 %changelog
-* Fri Jan 05 2024 Jindrich Novy <jnovy@redhat.com> - 2.1.0-13
-- fix CVE-2022-24795
-- Related: RHEL-18753
-
-* Wed Jul 12 2023 Jindrich Novy <jnovy@redhat.com> - 2.1.0-12
-- fix CVE-2023-33460
-- Resolves: #2221252
-
 * Wed Apr 27 2022 Jindrich Novy <jnovy@redhat.com> - 2.1.0-11
 - fix CVE-2022-24795
 - Related: #2061390

gating.yaml

@@ -1,6 +0,0 @@
-# recipients: jnovy, lsm5, santiago
---- !Policy
-product_versions:
-  - rhel-8
-decision_context: osci_compose_gate
-rules: []

lloyd-yajl-2.0.4-pkgconfig-includedir.patch

@@ -1,13 +0,0 @@
-Only in lloyd-yajl-fee1ebe.new/src: CMakeLists.txt~
-diff -rup lloyd-yajl-fee1ebe.orig/src/yajl.pc.cmake lloyd-yajl-fee1ebe.new/src/yajl.pc.cmake
---- lloyd-yajl-fee1ebe.orig/src/yajl.pc.cmake	2011-12-20 00:23:22.000000000 +0000
-+++ lloyd-yajl-fee1ebe.new/src/yajl.pc.cmake	2012-08-06 14:05:49.639854538 +0100
-@@ -1,6 +1,6 @@
- prefix=${CMAKE_INSTALL_PREFIX}
- libdir=${dollar}{prefix}/lib${LIB_SUFFIX}
--includedir=${dollar}{prefix}/include/yajl
-+includedir=${dollar}{prefix}/include
- 
- Name: Yet Another JSON Library
- Description: A Portable JSON parsing and serialization library in ANSI C
-Only in lloyd-yajl-fee1ebe.new/src: yajl.pc.cmake~

lloyd-yajl-2.0.4-pkgconfig-location.patch

@@ -1,29 +0,0 @@
-diff -rup lloyd-yajl-fee1ebe.orig/src/CMakeLists.txt lloyd-yajl-fee1ebe.new/src/CMakeLists.txt
---- lloyd-yajl-fee1ebe.orig/src/CMakeLists.txt	2011-12-20 00:23:22.000000000 +0000
-+++ lloyd-yajl-fee1ebe.new/src/CMakeLists.txt	2012-08-06 13:59:02.222065755 +0100
-@@ -30,7 +30,7 @@ ADD_DEFINITIONS(-DYAJL_BUILD)
- # set up some paths
- SET (libDir ${CMAKE_CURRENT_BINARY_DIR}/../${YAJL_DIST_NAME}/lib)
- SET (incDir ${CMAKE_CURRENT_BINARY_DIR}/../${YAJL_DIST_NAME}/include/yajl)
--SET (shareDir ${CMAKE_CURRENT_BINARY_DIR}/../${YAJL_DIST_NAME}/share/pkgconfig)
-+SET (pkgconfigDir ${CMAKE_CURRENT_BINARY_DIR}/../${YAJL_DIST_NAME}/lib/pkgconfig)
- 
- # set the output path for libraries
- SET(LIBRARY_OUTPUT_PATH ${libDir})
-@@ -61,7 +61,7 @@ FILE(MAKE_DIRECTORY ${incDir})
- # generate build-time source
- SET(dollar $)
- CONFIGURE_FILE(api/yajl_version.h.cmake ${incDir}/yajl_version.h)
--CONFIGURE_FILE(yajl.pc.cmake ${shareDir}/yajl.pc)
-+CONFIGURE_FILE(yajl.pc.cmake ${pkgconfigDir}/yajl.pc)
- 
- # copy public headers to output directory
- FOREACH (header ${PUB_HDRS})
-@@ -82,5 +82,5 @@ IF(NOT WIN32)
-   INSTALL(TARGETS yajl_s ARCHIVE DESTINATION lib${LIB_SUFFIX})
-   INSTALL(FILES ${PUB_HDRS} DESTINATION include/yajl)
-   INSTALL(FILES ${incDir}/yajl_version.h DESTINATION include/yajl)
--  INSTALL(FILES ${shareDir}/yajl.pc DESTINATION share/pkgconfig)
-+  INSTALL(FILES ${pkgconfigDir}/yajl.pc DESTINATION lib${LIB_SUFFIX}/pkgconfig)
- ENDIF()
-Only in lloyd-yajl-fee1ebe.new/src: CMakeLists.txt~

sources

@@ -1 +0,0 @@
-SHA512 (yajl-2.1.0.tar.gz) = 9e786d080803df80ec03a9c2f447501e6e8e433a6baf636824bc1d50ecf4f5f80d7dfb1d47958aeb0a30fe459bd0ef033d41bc6a79e1dc6e6b5eade930b19b02

yajl-2.1.0-CVE-2022-24795.patch

@@ -1,38 +0,0 @@
-From d3a528c788ba9e531fab91db41d3a833c54da325 Mon Sep 17 00:00:00 2001
-From: Jacek Tomasiak <jacek.tomasiak@gmail.com>
-Date: Thu, 12 May 2022 13:02:47 +0200
-Subject: [PATCH] Fix CVE-2022-24795 (from brianmario/yajl-ruby)
-
-The buffer reallocation could cause heap corruption because of `need`
-overflow for large inputs. In addition, there's a possible infinite loop
-in case `need` reaches zero.
-
-The fix is to `abort()` if the loop ends with lower value of `need` than
-when it started.
----
- src/yajl_buf.c | 10 +++++++++-
- 1 file changed, 9 insertions(+), 1 deletion(-)
-
-Index: yajl-2.1.0/src/yajl_buf.c
-===================================================================
-diff -up yajl-2.1.0/src/yajl_buf.c.CVE-2022-24795 yajl-2.1.0/src/yajl_buf.c
---- yajl-2.1.0/src/yajl_buf.c.CVE-2022-24795	2024-01-05 14:37:48.291676702 +0100
-+++ yajl-2.1.0/src/yajl_buf.c	2024-01-05 14:38:48.088674110 +0100
-@@ -45,7 +45,16 @@ int yajl_buf_ensure_available(yajl_buf b
- 
-     need = buf->len;
- 
--    while (want >= (need - buf->used)) need <<= 1;
-+    while (need > 0 && want >= (need - buf->used)) {
-+        /* this eventually "overflows" to zero */
-+        need <<= 1;
-+    }
-+
-+    /* overflow */
-+    if (need < buf->len) {
-+        abort();
-+    }
-+
-     if (need < buf->used) {
-          return -1;
-     }