The yajl package provides a JSON library.
Download (HTTP): https://github.com/lloyd/yajl/archive/2.1.0/yajl-2.1.0.tar.gz
Required patch: https://gitlab.archlinux.org/archlinux/packaging/packages/yajl/-/raw/main/yajl-2.1.0-CVE-2017-16516.patch
Required patch: https://gitlab.archlinux.org/archlinux/packaging/packages/yajl/-/raw/main/yajl-2.1.0-CVE-2022-24795.patch
Required patch: https://gitlab.archlinux.org/archlinux/packaging/packages/yajl/-/raw/main/yajl-2.1.0-memory_leak.patch
Since the last commit to this package is almost a decade old, issues have came up and need to be fixed before building. Apply the three required patches to fix the important ones:
patch -Np1 -i ../yajl-2.1.0-CVE-2017-16516.patch && patch -Np1 -i ../yajl-2.1.0-CVE-2022-24795.patch && patch -Np1 -i ../yajl-2.1.0-memory_leak.patch
Install yajl by running the following commands:
mkdir build &&
cd build &&
cmake -D CMAKE_INSTALL_PREFIX=/usr \
-D CMAKE_BUILD_TYPE=Release \
-D BUILD_SHARED_LIBS=ON \
-D CMAKE_SKIP_INSTALL_RPATH=ON \
-W no-dev -G Ninja .. &&
ninja
Now, as the root user:
ninja install && rm -vf /usr/lib/libyajl_s.a
-D
CMAKE_SKIP_INSTALL_RPATH=ON: This switch makes
cmake remove
hardcoded library search paths (rpath) when installing a binary
executable file or a shared library. This package does not need
rpath once it's installed into the standard location, and rpath may
sometimes cause unwanted effects or even security issues.
rm -vf /usr/lib/libyajl_s.a: This command removes a useless static library.