Patch CVE-2023-33460.patch in yajl (#5701)

SPECS/yajl/CVE-2023-33460.patch

@@ -0,0 +1,26 @@
+From 376d294b521507b7f000a7a9cee97637fb57a3ec Mon Sep 17 00:00:00 2001
+From: "zhang.jiujiu" <282627424@qq.com>
+Date: Tue, 7 Dec 2021 22:37:02 +0800
+Subject: [PATCH] fix memory leaks
+
+---
+ src/yajl_tree.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/yajl_tree.c b/src/yajl_tree.c
+index 3d357a3..30fe324 100644
+--- a/src/yajl_tree.c
++++ b/src/yajl_tree.c
+@@ -445,6 +445,9 @@ yajl_val yajl_tree_parse (const char *input,
+              YA_FREE(&(handle->alloc), internal_err_str);
+         }
+         yajl_free (handle);
++        //If the requested memory is not released in time, it will cause memory leakage
++        if(ctx.root)
++            yajl_tree_free(ctx.root);
+         return NULL;
+     }
+ 
+-- 
+2.38.1
+

SPECS/yajl/yajl.spec

@@ -1,7 +1,7 @@
 Summary:        Yet Another JSON Library (YAJL)
 Name:           yajl
 Version:        2.1.0
-Release:        18%{?dist}
+Release:        19%{?dist}
 License:        ISC
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -15,6 +15,7 @@ Patch1:         %{name}-%{version}-pkgconfig-location.patch
 Patch2:         %{name}-%{version}-pkgconfig-includedir.patch
 Patch3:         %{name}-%{version}-test-location.patch
 Patch4:         %{name}-%{version}-dynlink-binaries.patch
+Patch5:         CVE-2023-33460.patch
 BuildRequires:  cmake
 BuildRequires:  gcc
 BuildRequires:  which
@@ -81,6 +82,9 @@ cd test
 %{_libdir}/pkgconfig/yajl.pc
 
 %changelog
+* Fri Jun 16 2023 Suresh Thelkar <sthelkar@microsoft.com> - 2.1.0-19
+- Patch CVE-2023-33460
+
 * Fri Apr 29 2022 Pawel Winogrodzki <pawelwi@microsoft.com> - 2.1.0-18
 - Fixing source URL.