import jq-1.6-3.el8

2022-05-10 03:00:29 -04:00 · 2022-05-10 03:00:29 -04:00 · de0039f35a
commit de0039f35a
parent 58dce46728
5 changed files with 27618 additions and 43 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/jq-1.5.tar.gz
+SOURCES/jq-1.6.tar.gz
--- a/.jq.metadata
+++ b/.jq.metadata
@ -1 +1 @@
-6eef3705ac0a322e8aa0521c57ce339671838277 SOURCES/jq-1.5.tar.gz
+02959bca30672e0dfe678e7b36464c8fb08ec389 SOURCES/jq-1.6.tar.gz
--- a/SOURCES/0000-jq-decimal-literal-number.patch
+++ b/SOURCES/0000-jq-decimal-literal-number.patch
--- a/SOURCES/CVE-2015-8863.patch
+++ b/SOURCES/CVE-2015-8863.patch
@ -1,37 +0,0 @@
-From 8eb1367ca44e772963e704a700ef72ae2e12babd Mon Sep 17 00:00:00 2001
-From: Nicolas Williams <nico@cryptonector.com>
-Date: Sat, 24 Oct 2015 17:24:57 -0500
-Subject: [PATCH] Heap buffer overflow in tokenadd() (fix #105)
-
-This was an off-by one: the NUL terminator byte was not allocated on
-resize.  This was triggered by JSON-encoded numbers longer than 256
-bytes.
---
- src/jv_parse.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/jv_parse.c b/src/jv_parse.c
-index 3102ed4..84245b8 100644
--- a/src/jv_parse.c
-+++ b/src/jv_parse.c
-@@ -383,7 +383,7 @@ static pfunc stream_token(struct jv_parser* p, char ch) {
- 
- static void tokenadd(struct jv_parser* p, char c) {
-   assert(p->tokenpos <= p->tokenlen);
-  if (p->tokenpos == p->tokenlen) {
-+  if (p->tokenpos >= (p->tokenlen - 1)) {
-     p->tokenlen = p->tokenlen*2 + 256;
-     p->tokenbuf = jv_mem_realloc(p->tokenbuf, p->tokenlen);
-   }
-@@ -485,7 +485,7 @@ static pfunc check_literal(struct jv_parser* p) {
-     TRY(value(p, v));
-   } else {
-     // FIXME: better parser
-    p->tokenbuf[p->tokenpos] = 0; // FIXME: invalid
-+    p->tokenbuf[p->tokenpos] = 0;
-     char* end = 0;
-     double d = jvp_strtod(&p->dtoa, p->tokenbuf, &end);
-     if (end == 0 || *end != 0)
-- 
-2.14.3
-
--- a/SPECS/jq.spec
+++ b/SPECS/jq.spec
@ -1,16 +1,19 @@
 Name:           jq
-Version:        1.5
-Release:        12%{?dist}
+Version:        1.6
+Release:        3%{?dist}
 Summary:        Command-line JSON processor

 License:        MIT and ASL 2.0 and CC-BY and GPLv3
 URL:            http://stedolan.github.io/jq/
 Source0:        https://github.com/stedolan/jq/releases/download/%{name}-%{version}/%{name}-%{version}.tar.gz
-Patch0:         CVE-2015-8863.patch
+Patch0:         0000-jq-decimal-literal-number.patch

 BuildRequires:  flex
 BuildRequires:  bison
 BuildRequires:  oniguruma-devel
+BuildRequires:  autoconf
+BuildRequires:  automake
+BuildRequires:  libtool

 %ifnarch s390x
 BuildRequires:  valgrind
@ -43,9 +46,10 @@ Development files for %{name}

 %prep
 %setup -qn %{name}-%{version}
-%patch0 -p2 -b .cve-2015-8863
+%patch0 -p1 -b .bigint

 %build
+autoreconf -fi
 %configure --disable-static
 make %{?_smp_mflags}
 # Docs already shipped in jq's tarball.
@ -90,6 +94,18 @@ make check


 %changelog
+* Mon Oct 4 2021 Tomas Halman <thalman@redhat.com>
+- Fix big integers issue
+- Resolves: bug#2008717
+
+* Mon Oct 4 2021 Tomas Halman <thalman@redhat.com>
+- Releasing v1.6
+- Resolves: bug#1852514
+
+* Wed Aug 11 2021 Tomas Halman <thalman@redhat.com>
+- Publishing devel package
+- Resolves: bug#1908928
+
 * Sat Aug 11 2018 Troy Dawson <tdawson@redhat.com>
 - Fix typo: s390 -> s390x
 - Related: bug#1614611