yajl: backport CVE-2023-33460 fix

Removed old uclibc patches. Not relevant with modern musl or glibc.

Signed-off-by: Rosen Penev <[email protected]>
(cherry picked from commit c9ff829)

libs/yajl/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=yajl
 PKG_VERSION:=2.1.0
-PKG_RELEASE:=2
+PKG_RELEASE:=3
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/lloyd/yajl

libs/yajl/patches/010-CVE-2023-33460.patch

@@ -0,0 +1,41 @@
+From 31531a6e6b5641398237ce15b7e62da02d975fc6 Mon Sep 17 00:00:00 2001
+From: Like Ma <[email protected]>
+Date: Sat, 2 Dec 2023 19:55:55 +0800
+Subject: [PATCH] Fix for CVE-2023-33460a
+
+Memory leak in yajl 2.1.0 with use of yajl_tree_parse function
+See https://github.com/lloyd/yajl/issues/250#issuecomment-1628695214
+
+Origin: https://github.com/openEuler-BaseService/yajl/commit/23a122eddaa28165a6c219000adcc31ff9a8a698
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039984
+Bug: https://github.com/lloyd/yajl/issues/250
+---
+ src/yajl_tree.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+--- a/src/yajl_tree.c
++++ b/src/yajl_tree.c
+@@ -143,7 +143,7 @@ static yajl_val context_pop(context_t *c
+     ctx->stack = stack->next;
+
+     v = stack->value;
+-
++    free (stack->key);
+     free (stack);
+
+     return (v);
+@@ -444,7 +444,14 @@ yajl_val yajl_tree_parse (const char *in
+              snprintf(error_buffer, error_buffer_size, "%s", internal_err_str);
+              YA_FREE(&(handle->alloc), internal_err_str);
+         }
++        while(ctx.stack != NULL) {
++             yajl_val v = context_pop(&ctx);
++             yajl_tree_free(v);
++        }
+         yajl_free (handle);
++        //If the requested memory is not released in time, it will cause memory leakage
++        if(ctx.root)
++            yajl_tree_free(ctx.root);
+         return NULL;
+     }
+