Sync from SUSE:SLFO:Main jq revision dffe5d2e2f2caf64504b329a1bb4a832

This commit is contained in:
Adrian Schröter 2024-09-30 10:42:21 +02:00
parent 5346ad34b4
commit cc093f7c78
4 changed files with 149 additions and 25 deletions

BIN
jq-1.6.tar.gz (Stored with Git LFS)

Binary file not shown.

BIN
jq-1.7.1.tar.gz (Stored with Git LFS) Normal file

Binary file not shown.

View File

@ -1,3 +1,121 @@
-------------------------------------------------------------------
Wed Dec 13 20:28:23 UTC 2023 - Martin Hauke <mardnh@gmx.de>
- Update to version 1.7.1
Security
* Fix CVE-2023-50246 (boo#1218034)
+ Fix heap buffer overflow in jvp_literal_number_literal.
* Fix CVE-2023-50268 (boo#1218038)
fix stack-buffer-overflow if comparing nan with payload.
CLI changes
* Make the default background color more suitable for bright
backgrounds.
* Allow passing the inline jq script after --.
* Fix possible uninitialised value dereference if jq_init() fails
Language changes
* Simplify paths/0 and paths/1.
* Reject U+001F in string literals.
* Remove unused nref accumulator in block_bind_library.
* Remove a bunch of unused variables, and useless assignments.
* main.c: Remove unused EXIT_STATUS_EXACT option.
* Actually use the number correctly casted from double to int as
index.
* src/builtin.c: remove unnecessary jv_copy-s in
type_error/type_error2.
* Remove undefined behavior caught by LLVM 10 UBSAN.
* Convert decnum to binary64 (double) instead of decimal64.
This makes jq behave like the JSON specification suggests and
more similar to other languages.
* Fix memory leaks on invalid input for ltrimstr/1 and
rtrimstr/1.
* Fix memory leak on failed get for setpath/2.
* Fix nan from json parsing also for nans with payload that
start with 'n'.
* Allow carriage return characters in comments.
Documentation changes
* Generate links in the man page.
libjq
* Add extern C for C++.
-------------------------------------------------------------------
Wed Nov 15 10:26:07 UTC 2023 - Dirk Müller <dmueller@suse.com>
- build with valgrind only on 64 bit architectures
-------------------------------------------------------------------
Wed Sep 27 04:32:39 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
- switch to bootstrapped upstream tarball to fix version output
[boo#1215737]
-------------------------------------------------------------------
Thu Sep 7 13:42:19 UTC 2023 - Martin Hauke <mardnh@gmx.de>
- Update to version 1.7
* Make object key color configurable using JQ_COLORS environment
variable.
* Change the default color of null to Bright Black.
* Respect NO_COLOR environment variable to disable color output.
* Improved --help output. Now mentions all options and nicer
order.
* Fix multiple issues of exit code using --exit-code/-e option.
* Add --raw-output0 for NUL (zero byte) separated output.
* Fix assert crash and validate JSON for --jsonarg.
* Remove deprecated --argfile option.
Language changes
* Use decimal number literals to preserve precision. Comparison
operations respects precision but arithmetic operations might
truncate.
* Adds new builtin pick(stream) to emit a projection of the
input object or array.
* Adds new builtin debug(msgs) that works like debug but applies
a filter on the input before writing to stderr.
* Adds new builtin scan($re; $flags). Was documented but not
implemented.
* Adds new builtin abs to get absolute value. This potentially
allows the literal value of numbers to be preserved as length
and fabs convert to float.
* Allow if without else-branch. When skipped the else-branch
will be . (identity).
* Allow use of $binding as key in object literals.
* Allow dot between chained indexes when using .["index"]
* Allow dot for chained value iterator .[], .[]?
* Fix try/catch catches more than it should.
* Speed up and refactor some builtins, also remove
scalars_or_empty/0.
* Now halt and halt_error exit immediately instead of continuing
to the next input.
* Fix issue converting string to number after previous convert
error.
* Fix issue representing large numbers on some platforms causing
invalid JSON output.
* Fix deletion using assigning empty against arrays.
* Allow keywords to be used as binding name in more places.
* Allow using nan as NaN in JSON.
* Expose a module's function names in modulemeta.
* Fix contains/1 to handle strings with NUL.
* Fix stderr/0 to output raw text without any decoration.
* Fix nth/2 to emit empty on index out of range.
* Fix implode to not assert and instead replace invalid unicode
codepoints.
* Fix indices/1 and rindex/1 in case of overlapping matches in
strings.
* Fix sub/3 to resolve issues involving global search-and-replace
(gsub) operations.
* Fix empty regular expression matches.
* Fix overflow exception of the modulo operator.
* Fix string multiplication by 0 (and less than 1) to emit empty
string.
* Fix segfault when using libjq and threads.
* Fix constant folding of division and reminder with zero
divisor.
* Fix error/0, error/1 to throw null error.
* Simpler and faster transpose.
* Simple and efficient implementation of walk/1.
* Remove deprecated filters leaf_paths, recurse_down.
- Adjust URL/Source - new upstream
https://github.com/stedolan/jq -> https://github.com/jqlang
-------------------------------------------------------------------
Fri Sep 23 16:16:46 UTC 2022 - Dirk Müller <dmueller@suse.com>
@ -49,7 +167,7 @@ Sat Jul 16 10:14:33 UTC 2016 - mpluskal@suse.com
-------------------------------------------------------------------
Mon Apr 25 11:48:27 UTC 2016 - idonmez@suse.com
- Add CVE-2015-8863.patch to fix a heap overflow bsc#976992
- Add CVE-2015-8863.patch to fix a heap overflow bsc#976992
-------------------------------------------------------------------
Tue Aug 18 09:12:21 UTC 2015 - idonmez@suse.com

48
jq.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package jq
#
# Copyright (c) 2022 SUSE LLC
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -16,21 +16,23 @@
#
%define jq_sover 1
Name: jq
Version: 1.6
Version: 1.7.1
Release: 0
Summary: A lightweight and flexible command-line JSON processor
License: CC-BY-3.0 AND MIT
Group: Productivity/Text/Utilities
URL: https://stedolan.github.io/jq/
Source: https://github.com/stedolan/jq/releases/download/jq-%{version}/jq-%{version}.tar.gz
URL: https://github.com/jqlang
Source: https://github.com/jqlang/jq/releases/download/%{name}-%{version}/%{name}-%{version}.tar.gz
BuildRequires: chrpath
BuildRequires: flex
BuildRequires: oniguruma-devel
%ifnarch riscv64
BuildRequires: pkgconfig
BuildRequires: pkgconfig(oniguruma)
# https://github.com/stedolan/jq/issues/1904
Requires: libjq%{jq_sover} = %{version}
%ifarch aarch64 x86_64 ppc64le s390x
BuildRequires: valgrind
%endif
Requires: libjq1 = %{version}
%description
A lightweight and flexible command-line JSON processor. jq is like sed for
@ -38,32 +40,34 @@ JSON data you can use it to slice and filter and map and transform
structured data with the same ease that sed, awk, grep and friends let
you play with text.
%package -n libjq1
%package -n libjq%{jq_sover}
Summary: Library for a lightweight and flexible command-line JSON processor
Group: System/Libraries
%description -n libjq1
%description -n libjq%{jq_sover}
Library for a lightweight and flexible command-line JSON processor.
%package -n libjq-devel
Summary: Development files for jq
Group: Development/Languages/C and C++
Requires: libjq1 = %{version}
Requires: libjq%{jq_sover} = %{version}
%description -n libjq-devel
Development files (headers and libraries for jq).
%prep
%setup -q
%autosetup -p1
%build
%configure \
--disable-static \
%ifarch riscv64
%ifarch aarch64 x86_64 ppc64le s390x
--enable-valgrind \
%else
--disable-valgrind \
%endif
--disable-silent-rules
make %{?_smp_mflags}
%{nil}
%make_build
%install
%make_install
@ -79,24 +83,26 @@ rm -rf %{buildroot}%{_datadir}/doc/%{name}
%check
%if "%{qemu_user_space_build}" == "0"
make %{?_smp_mflags} check
%make_build check
%endif
%post -n libjq1 -p /sbin/ldconfig
%postun -n libjq1 -p /sbin/ldconfig
%ldconfig_scriptlets -n libjq%{jq_sover}
%files
%license COPYING
%doc AUTHORS ChangeLog NEWS README.md
%doc AUTHORS ChangeLog NEWS.md README.md
%{_bindir}/%{name}
%{_mandir}/man1/%{name}.1%{?ext_man}
%files -n libjq1
%{_libdir}/libjq.so.1*
%files -n libjq%{jq_sover}
%license COPYING
%{_libdir}/libjq.so.%{jq_sover}*
%files -n libjq-devel
%license COPYING
%{_includedir}/jq.h
%{_includedir}/jv.h
%{_libdir}/libjq.so
%{_libdir}/pkgconfig/libjq.pc
%changelog