import jq-1.5-12.el8
This commit is contained in:
commit
bd9a44b7e9
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
||||
SOURCES/jq-1.5.tar.gz
|
1
.jq.metadata
Normal file
1
.jq.metadata
Normal file
@ -0,0 +1 @@
|
||||
6eef3705ac0a322e8aa0521c57ce339671838277 SOURCES/jq-1.5.tar.gz
|
37
SOURCES/CVE-2015-8863.patch
Normal file
37
SOURCES/CVE-2015-8863.patch
Normal file
@ -0,0 +1,37 @@
|
||||
From 8eb1367ca44e772963e704a700ef72ae2e12babd Mon Sep 17 00:00:00 2001
|
||||
From: Nicolas Williams <nico@cryptonector.com>
|
||||
Date: Sat, 24 Oct 2015 17:24:57 -0500
|
||||
Subject: [PATCH] Heap buffer overflow in tokenadd() (fix #105)
|
||||
|
||||
This was an off-by one: the NUL terminator byte was not allocated on
|
||||
resize. This was triggered by JSON-encoded numbers longer than 256
|
||||
bytes.
|
||||
---
|
||||
src/jv_parse.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/jv_parse.c b/src/jv_parse.c
|
||||
index 3102ed4..84245b8 100644
|
||||
--- a/src/jv_parse.c
|
||||
+++ b/src/jv_parse.c
|
||||
@@ -383,7 +383,7 @@ static pfunc stream_token(struct jv_parser* p, char ch) {
|
||||
|
||||
static void tokenadd(struct jv_parser* p, char c) {
|
||||
assert(p->tokenpos <= p->tokenlen);
|
||||
- if (p->tokenpos == p->tokenlen) {
|
||||
+ if (p->tokenpos >= (p->tokenlen - 1)) {
|
||||
p->tokenlen = p->tokenlen*2 + 256;
|
||||
p->tokenbuf = jv_mem_realloc(p->tokenbuf, p->tokenlen);
|
||||
}
|
||||
@@ -485,7 +485,7 @@ static pfunc check_literal(struct jv_parser* p) {
|
||||
TRY(value(p, v));
|
||||
} else {
|
||||
// FIXME: better parser
|
||||
- p->tokenbuf[p->tokenpos] = 0; // FIXME: invalid
|
||||
+ p->tokenbuf[p->tokenpos] = 0;
|
||||
char* end = 0;
|
||||
double d = jvp_strtod(&p->dtoa, p->tokenbuf, &end);
|
||||
if (end == 0 || *end != 0)
|
||||
--
|
||||
2.14.3
|
||||
|
146
SPECS/jq.spec
Normal file
146
SPECS/jq.spec
Normal file
@ -0,0 +1,146 @@
|
||||
Name: jq
|
||||
Version: 1.5
|
||||
Release: 12%{?dist}
|
||||
Summary: Command-line JSON processor
|
||||
|
||||
License: MIT and ASL 2.0 and CC-BY and GPLv3
|
||||
URL: http://stedolan.github.io/jq/
|
||||
Source0: https://github.com/stedolan/jq/releases/download/%{name}-%{version}/%{name}-%{version}.tar.gz
|
||||
Patch0: CVE-2015-8863.patch
|
||||
|
||||
BuildRequires: flex
|
||||
BuildRequires: bison
|
||||
BuildRequires: oniguruma-devel
|
||||
|
||||
%ifnarch s390x
|
||||
BuildRequires: valgrind
|
||||
%endif
|
||||
|
||||
|
||||
%description
|
||||
lightweight and flexible command-line JSON processor
|
||||
|
||||
jq is like sed for JSON data – you can use it to slice
|
||||
and filter and map and transform structured data with
|
||||
the same ease that sed, awk, grep and friends let you
|
||||
play with text.
|
||||
|
||||
It is written in portable C, and it has zero runtime
|
||||
dependencies.
|
||||
|
||||
jq can mangle the data format that you have into the
|
||||
one that you want with very little effort, and the
|
||||
program to do so is often shorter and simpler than
|
||||
you'd expect.
|
||||
|
||||
%package devel
|
||||
Summary: Development files for %{name}
|
||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||
|
||||
%description devel
|
||||
Development files for %{name}
|
||||
|
||||
|
||||
%prep
|
||||
%setup -qn %{name}-%{version}
|
||||
%patch0 -p2 -b .cve-2015-8863
|
||||
|
||||
%build
|
||||
%configure --disable-static
|
||||
make %{?_smp_mflags}
|
||||
# Docs already shipped in jq's tarball.
|
||||
# In order to build the manual page, it
|
||||
# is necessary to install rake, rubygem-ronn
|
||||
# and do the following steps:
|
||||
#
|
||||
# # yum install rake rubygem-ronn
|
||||
# $ cd docs/
|
||||
# $ curl -L https://get.rvm.io | bash -s stable --ruby=1.9.3
|
||||
# $ source $HOME/.rvm/scripts/rvm
|
||||
# $ bundle install
|
||||
# $ cd ..
|
||||
# $ ./configure
|
||||
# $ make real_docs
|
||||
|
||||
%install
|
||||
make DESTDIR=%{buildroot} install
|
||||
find %{buildroot} -name '*.la' -exec rm -f {} ';'
|
||||
|
||||
%check
|
||||
# Valgrind used, so restrict architectures for check
|
||||
%ifarch %{ix86} x86_64
|
||||
make check
|
||||
%endif
|
||||
|
||||
%ldconfig_scriptlets
|
||||
|
||||
%files
|
||||
%{_bindir}/%{name}
|
||||
%{_libdir}/libjq.so.*
|
||||
%{_datadir}/man/man1/jq.1.gz
|
||||
%{_datadir}/doc/jq/AUTHORS
|
||||
%{_datadir}/doc/jq/COPYING
|
||||
%{_datadir}/doc/jq/README
|
||||
%{_datadir}/doc/jq/README.md
|
||||
|
||||
%files devel
|
||||
%{_includedir}/jq.h
|
||||
%{_includedir}/jv.h
|
||||
%{_libdir}/libjq.so
|
||||
|
||||
|
||||
%changelog
|
||||
* Sat Aug 11 2018 Troy Dawson <tdawson@redhat.com>
|
||||
- Fix typo: s390 -> s390x
|
||||
- Related: bug#1614611
|
||||
|
||||
* Sun Apr 01 2018 Mamoru TASAKA <mtasaka@fedoraproject.org> - 1.5-12
|
||||
- Rebuild against oniguruma 6.8.1
|
||||
|
||||
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.5-11
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||
|
||||
* Wed Feb 07 2018 Lon Hohberger <lon@fedoraproject.org> - 1.5-10
|
||||
- Fix CVE 2015-8863
|
||||
|
||||
* Fri Feb 02 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.5-9
|
||||
- Switch to %%ldconfig_scriptlets
|
||||
|
||||
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.5-8
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
||||
|
||||
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.5-7
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
||||
|
||||
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.5-6
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
||||
|
||||
* Sun Oct 30 2016 Mamoru TASAKA <mtasaka@fedoraproject.org> - 1.5-5
|
||||
- Rebuild for oniguruma 6.1.1
|
||||
|
||||
* Mon Jul 18 2016 Mamoru TASAKA <mtasaka@fedoraproject.org> - 1.5-4
|
||||
- Rebuild for oniguruma 6
|
||||
|
||||
* Sun Mar 13 2016 Peter Robinson <pbrobinson@fedoraproject.org> 1.5-3
|
||||
- valgrind on all but s390
|
||||
|
||||
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.5-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
||||
|
||||
* Tue Aug 25 2015 Haïkel Guémar <hguemar@fedoraproject.org> - 1.5-1
|
||||
- Upstream 1.5.0
|
||||
|
||||
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
||||
|
||||
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
|
||||
|
||||
* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
||||
|
||||
* Thu Oct 24 2013 Flavio Percoco <flavio@redhat.com> - 1.3-2
|
||||
- Added check, manpage
|
||||
|
||||
* Fri Oct 18 2013 Flavio Percoco <flavio@redhat.com> - 1.3-1
|
||||
- Initial package release.
|
Loading…
Reference in New Issue
Block a user