0006-fix-memory-leak-of-ctx-root.patch

@@ -1,27 +0,0 @@
-From d6d0aeb5f6432763929d4096344ec2caf6d13d89 Mon Sep 17 00:00:00 2001
-From: haozi007 <liuhao27@huawei.com>
-Date: Sat, 28 May 2022 10:06:46 +0100
-Subject: [PATCH] fix memory leak of ctx root
-
-Signed-off-by: haozi007 <liuhao27@huawei.com>
----
- src/yajl_tree.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/src/yajl_tree.c b/src/yajl_tree.c
-index 4b3cf2b..dc55f74 100644
---- a/src/yajl_tree.c
-+++ b/src/yajl_tree.c
-@@ -449,6 +449,9 @@ yajl_val yajl_tree_parse (const char *input,
-              yajl_tree_free(v);
-         }
-         yajl_free (handle);
-+        //If the requested memory is not released in time, it will cause memory leakage
-+        if(ctx.root)
-+            yajl_tree_free(ctx.root);
-         return NULL;
-     }
- 
--- 
-2.20.1
-

0007-add-cmake-option-for-test-and-binary.patch

@@ -1,54 +0,0 @@
-From 255917e92717c491ffb66eb63a3333682d13df60 Mon Sep 17 00:00:00 2001
-From: haozi007 <liuhao27@huawei.com>
-Date: Wed, 8 Jun 2022 07:27:46 +0100
-Subject: [PATCH] add cmake option for test and binary
-
-Signed-off-by: haozi007 <liuhao27@huawei.com>
----
- CMakeLists.txt | 27 ++++++++++++++++++---------
- 1 file changed, 18 insertions(+), 9 deletions(-)
-
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 4c0a9be..9cc63c5 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -64,18 +64,27 @@ ENDIF (WIN32)
- 
- 
- ADD_SUBDIRECTORY(src)
--ADD_SUBDIRECTORY(test)
--ADD_SUBDIRECTORY(reformatter)
--ADD_SUBDIRECTORY(verify)
-+
-+IF (NOT DISABLE_TEST)
-+  ADD_SUBDIRECTORY(test)
-+ENDIF ()
-+
-+IF (NOT DISABLE_BIN)
-+  ADD_SUBDIRECTORY(reformatter)
-+  ADD_SUBDIRECTORY(verify)
-+ENDIF ()
-+
- ADD_SUBDIRECTORY(example)
- ADD_SUBDIRECTORY(perf)
- 
- INCLUDE(YAJLDoc.cmake)
- 
--# a test target
--ADD_CUSTOM_TARGET(test
--                  ./run_tests.sh ${CMAKE_CURRENT_BINARY_DIR}/test/parsing/yajl_test
--                  WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/test/parsing)
-+IF (NOT DISABLE_TEST)
-+  # a test target
-+  ADD_CUSTOM_TARGET(test
-+                    ./run_tests.sh ${CMAKE_CURRENT_BINARY_DIR}/test/parsing/yajl_test
-+                    WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/test/parsing)
- 
--ADD_CUSTOM_TARGET(test-api ${CMAKE_CURRENT_SOURCE_DIR}/test/api/run_tests.sh
--                  WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/test/api)
-+  ADD_CUSTOM_TARGET(test-api ${CMAKE_CURRENT_SOURCE_DIR}/test/api/run_tests.sh
-+                    WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/test/api)
-+ENDIF ()
--- 
-2.20.1
-

backport-CVE-2022-24795.patch

@@ -1,58 +0,0 @@
-From 23cea2d7677e396efed78bbf1bf153961fab6bad Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
-Date: Thu, 7 Apr 2022 17:29:54 +0200
-Subject: [PATCH] Fix CVE-2022-24795
-
-There was an integer overflow in yajl_buf_ensure_available() leading
-to allocating less memory than requested. Then data were written past
-the allocated heap buffer in yajl_buf_append(), the only caller of
-yajl_buf_ensure_available(). Another result of the overflow was an
-infinite loop without a return from yajl_buf_ensure_available().
-
-yajl-ruby project, which bundles yajl, fixed it
-<https://github.com/brianmario/yajl-ruby/pull/211> by checking for the
-integer overflow, fortifying buffer allocations, and report the
-failures to a caller. But then the caller yajl_buf_append() skips
-a memory write if yajl_buf_ensure_available() failed leading to a data
-corruption.
-
-A yajl fork mainter recommended calling memory allocation callbacks with
-the large memory request and let them to handle it. But that has the
-problem that it's not possible pass the overely large size to the
-callbacks.
-
-This patch catches the integer overflow and terminates the process
-with abort().
-
-https://github.com/lloyd/yajl/issues/239
-https://github.com/brianmario/yajl-ruby/security/advisories/GHSA-jj47-x69x-mxrm
----
- src/yajl_buf.c | 12 +++++++++++-
- 1 file changed, 11 insertions(+), 1 deletion(-)
-
-diff --git a/src/yajl_buf.c b/src/yajl_buf.c
-index 1aeafde..55c11ad 100644
---- a/src/yajl_buf.c
-+++ b/src/yajl_buf.c
-@@ -45,7 +45,17 @@ void yajl_buf_ensure_available(yajl_buf buf, size_t want)
- 
-     need = buf->len;
- 
--    while (want >= (need - buf->used)) need <<= 1;
-+    if (((buf->used > want) ? buf->used : want) > (size_t)(buf->used + want)) {
-+        /* We cannot allocate more memory than SIZE_MAX. */
-+        abort();
-+    }
-+    while (want >= (need - buf->used)) {
-+        if (need >= (size_t)((size_t)(-1)<<1)>>1) {
-+            /* need would overflow. */
-+            abort();
-+        }
-+        need <<= 1;
-+    }
- 
-     if (need != buf->len) {
-         buf->data = (unsigned char *) YA_REALLOC(buf->alloc, buf->data, need);
--- 
-2.27.0
-

backport-fix-memory-leaks.patch

@@ -0,0 +1,26 @@
+From 23a122eddaa28165a6c219000adcc31ff9a8a698 Mon Sep 17 00:00:00 2001
+From: "zhang.jiujiu" <282627424@qq.com>
+Date: Tue, 7 Dec 2021 22:37:02 +0800
+Subject: [PATCH] fix memory leaks
+
+---
+ src/yajl_tree.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/yajl_tree.c b/src/yajl_tree.c
+index b9e6604..0e7bde9 100644
+--- a/src/yajl_tree.c
++++ b/src/yajl_tree.c
+@@ -456,6 +456,9 @@ yajl_val yajl_tree_parse (const char *input,
+              yajl_tree_free(v);
+         }
+         yajl_free (handle);
++	//If the requested memory is not released in time, it will cause memory leakage
++	if(ctx.root)
++	     yajl_tree_free(ctx.root);
+         return NULL;
+     }
+ 
+-- 
+1.8.3.1
+

yajl-assert-error-when-memory-allocation-failed.patch

@@ -1,109 +0,0 @@
-From 941bc5f96825e9178b8354cf16b033fb61221021 Mon Sep 17 00:00:00 2001
-From: Ruoshu Gao <gaoruoshu@huawei.com>
-Date: Thu, 8 Sep 2022 19:15:58 +0800
-Subject: [PATCH] yajl: assert error when memory allocation failed
-
-Signed-off-by: Ruoshu Gao <gaoruoshu@huawei.com>
----
- src/yajl.c               | 2 ++
- src/yajl_buf.c           | 3 +++
- src/yajl_bytestack.h     | 2 ++
- src/yajl_lex.c           | 1 +
- test/parsing/yajl_test.c | 1 +
- 5 files changed, 9 insertions(+)
-
-diff --git a/src/yajl.c b/src/yajl.c
-index d477893..c0f3094 100644
---- a/src/yajl.c
-+++ b/src/yajl.c
-@@ -62,6 +62,7 @@ yajl_alloc(const yajl_callbacks * callbacks,
-     }
- 
-     hand = (yajl_handle) YA_MALLOC(afs, sizeof(struct yajl_handle_t));
-+    if (!hand) abort();
- 
-     /* copy in pointers to allocation routines */
-     memcpy((void *) &(hand->alloc), (void *) afs, sizeof(yajl_alloc_funcs));
-@@ -145,6 +146,7 @@ yajl_complete_parse(yajl_handle hand)
-         hand->lexer = yajl_lex_alloc(&(hand->alloc),
-                                      hand->flags & yajl_allow_comments,
-                                      !(hand->flags & yajl_dont_validate_strings));
-+        if (!hand->lexer) abort();
-     }
- 
-     return yajl_do_finish(hand);
-diff --git a/src/yajl_buf.c b/src/yajl_buf.c
-index 1aeafde..5556a17 100644
---- a/src/yajl_buf.c
-+++ b/src/yajl_buf.c
-@@ -40,6 +40,7 @@ void yajl_buf_ensure_available(yajl_buf buf, size_t want)
-     if (buf->data == NULL) {
-         buf->len = YAJL_BUF_INIT_SIZE;
-         buf->data = (unsigned char *) YA_MALLOC(buf->alloc, buf->len);
-+        if (!buf->data) abort();
-         buf->data[0] = 0;
-     }
- 
-@@ -49,6 +50,7 @@ void yajl_buf_ensure_available(yajl_buf buf, size_t want)
- 
-     if (need != buf->len) {
-         buf->data = (unsigned char *) YA_REALLOC(buf->alloc, buf->data, need);
-+        if (!buf->data) abort();
-         buf->len = need;
-     }
- }
-@@ -56,6 +58,7 @@ void yajl_buf_ensure_available(yajl_buf buf, size_t want)
- yajl_buf yajl_buf_alloc(yajl_alloc_funcs * alloc)
- {
-     yajl_buf b = YA_MALLOC(alloc, sizeof(struct yajl_buf_t));
-+    if (!b) abort();
-     memset((void *) b, 0, sizeof(struct yajl_buf_t));
-     b->alloc = alloc;
-     return b;
-diff --git a/src/yajl_bytestack.h b/src/yajl_bytestack.h
-index 9ea7d15..1072081 100644
---- a/src/yajl_bytestack.h
-+++ b/src/yajl_bytestack.h
-@@ -23,6 +23,7 @@
- #define __YAJL_BYTESTACK_H__
- 
- #include "api/yajl_common.h"
-+#include <stdlib.h>
- 
- #define YAJL_BS_INC 128
- 
-@@ -56,6 +57,7 @@ typedef struct yajl_bytestack_t
-         (obs).stack = (obs).yaf->realloc((obs).yaf->ctx,\
-                                          (void *) (obs).stack, (obs).size);\
-     }                                                   \
-+    if (!(obs).stack) abort();                          \
-     (obs).stack[((obs).used)++] = (byte);               \
- }
- 
-diff --git a/src/yajl_lex.c b/src/yajl_lex.c
-index 0b6f7cc..a08e703 100644
---- a/src/yajl_lex.c
-+++ b/src/yajl_lex.c
-@@ -105,6 +105,7 @@ yajl_lex_alloc(yajl_alloc_funcs * alloc,
-                unsigned int allowComments, unsigned int validateUTF8)
- {
-     yajl_lexer lxr = (yajl_lexer) YA_MALLOC(alloc, sizeof(struct yajl_lexer_t));
-+    if (!lxr) abort();
-     memset((void *) lxr, 0, sizeof(struct yajl_lexer_t));
-     lxr->buf = yajl_buf_alloc(alloc);
-     lxr->allowComments = allowComments;
-diff --git a/test/parsing/yajl_test.c b/test/parsing/yajl_test.c
-index c50755b..8d67ed9 100644
---- a/test/parsing/yajl_test.c
-+++ b/test/parsing/yajl_test.c
-@@ -102,6 +102,7 @@ static int test_yajl_map_key(void *ctx, const unsigned char * stringVal,
-                              size_t stringLen)
- {
-     char * str = (char *) malloc(stringLen + 1);
-+    if (!str) abort();
-     str[stringLen] = 0;
-     memcpy(str, stringVal, stringLen);
-     printf("key: '%s'\n", str);
--- 
-2.33.0
-

yajl.spec

@@ -1,20 +1,17 @@
 Name:           yajl
 Version:        2.1.0
-Release:        20
+Release:        15
 Summary:        Yet Another JSON Library
 License:        ISC
-URL:            https://github.com/lloyd/yajl
-Source0:        https://github.com/lloyd/yajl/archive/refs/tags/%{version}.tar.gz
+URL:            http://lloyd.github.com/yajl/
+Source0:        https://github.com/lloyd/yajl/archive/%{version}.tar.gz
 
-Patch1:         0001-yajl-2.1.0-pkgconfig-location.patch
-Patch2:         0002-yajl-2.1.0-pkgconfig-includedir.patch
-Patch3:         0003-yajl-2.1.0-test-location.patch
-Patch4:         0004-yajl-2.1.0-dynlink-binaries.patch
-Patch5:         0005-yajl-2.1.0-fix-memory-leak.patch
-Patch6:         0006-fix-memory-leak-of-ctx-root.patch
-Patch7:         0007-add-cmake-option-for-test-and-binary.patch
-Patch8:         backport-CVE-2022-24795.patch
-Patch9:         yajl-assert-error-when-memory-allocation-failed.patch
+Patch1:         yajl-2.1.0-pkgconfig-location.patch
+Patch2:         yajl-2.1.0-pkgconfig-includedir.patch
+Patch3:         yajl-2.1.0-test-location.patch
+Patch4:         yajl-2.1.0-dynlink-binaries.patch
+Patch5:         yajl-2.1.0-fix-memory-leak.patch
+Patch6:         backport-fix-memory-leaks.patch
 
 BuildRequires:  cmake gcc
 
@@ -71,21 +68,6 @@ cd ../api
 %{_libdir}/libyajl_s.a
 
 %changelog
-* Wed Nov 16 2022 fuanan <fuanan3@h-partners.com> - 2.1.0-20
-- Modify Source0
-
-* Thu Sep 22 2022 panxiaohe <panxh.life@foxmail.com> - 2.1.0-19
-- modify URL
-
-* Fri Sep 9 2022 panxiaohe <panxh.life@foxmail.com> - 2.1.0-18
-- assert error when memory allocation failed
-
-* Fri Sep 9 2022 panxiaohe <panxh.life@foxmail.com> - 2.1.0-17
-- fix CVE-2022-24795
-
-* Wed Jun 8 2022 haozi007 <liuhao27@h-partners.com> - 2.1.0-16
-- add index for patch and add cmake options
-
 * Sat Feb 12 2022 fuanan <fuanan3@h-partners.com> - 2.1.0-15
 - fix memory leaks in yajl_tree_parse