Accepting request 1099093 from devel:libraries:c_c++

OBS-URL: https://build.opensuse.org/request/show/1099093
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libyajl?expand=0&rev=26

libyajl-CVE-2023-33460.patch

@@ -0,0 +1,27 @@
+From c5597ea8483116d4f4cd104b8c3d641e4d4385fa Mon Sep 17 00:00:00 2001
+From: Jim Fehlig <jfehlig@suse.com>
+Date: Fri, 7 Jul 2023 15:21:21 -0600
+Subject: [PATCH] Fix for CVE-2023-33460
+
+Fix memory leak in yajl_tree_parse function
+---
+ src/yajl_tree.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+Index: yajl-2.1.0/src/yajl_tree.c
+===================================================================
+--- yajl-2.1.0.orig/src/yajl_tree.c
++++ yajl-2.1.0/src/yajl_tree.c
+@@ -445,6 +445,12 @@ yajl_val yajl_tree_parse (const char *in
+              YA_FREE(&(handle->alloc), internal_err_str);
+         }
+         yajl_free (handle);
++        /*
++         * If the requested memory is not released in time, it will cause
++         * memory leakage
++         */
++        if(ctx.root)
++            yajl_tree_free(ctx.root);
+         return NULL;
+     }
+ 

libyajl.changes

@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Fri Jul  7 21:27:27 UTC 2023 - James Fehlig <jfehlig@suse.com>
+
+- add libyajl-CVE-2023-33460.patch (CVE-2023-33460, bsc#1212928)
+
 -------------------------------------------------------------------
 Mon May 22 21:27:50 UTC 2023 - Jiri Srain <jsrain@suse.com> 
 

libyajl.spec

@@ -33,6 +33,7 @@ Patch1:         libyajl-optflags.patch
 Patch2:         libyajl-lib_suffix.patch
 Patch3:         libyajl-pkgconfig.patch
 Patch4:         libyajl-CVE-2022-24795.patch
+Patch5:         libyajl-CVE-2023-33460.patch
 BuildRequires:  bison
 BuildRequires:  cmake
 BuildRequires:  doxygen