From cc093f7c78fb9b7835b7a23b909e21893d2266c24c26e091478f839a20e48e09 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Mon, 30 Sep 2024 10:42:21 +0200 Subject: [PATCH] Sync from SUSE:SLFO:Main jq revision dffe5d2e2f2caf64504b329a1bb4a832 --- jq-1.6.tar.gz | 3 -- jq-1.7.1.tar.gz | 3 ++ jq.changes | 120 +++++++++++++++++++++++++++++++++++++++++++++++- jq.spec | 48 ++++++++++--------- 4 files changed, 149 insertions(+), 25 deletions(-) delete mode 100644 jq-1.6.tar.gz create mode 100644 jq-1.7.1.tar.gz diff --git a/jq-1.6.tar.gz b/jq-1.6.tar.gz deleted file mode 100644 index a091feb..0000000 --- a/jq-1.6.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:9625784cf2e4fd9842f1d407681ce4878b5b0dcddbcd31c6135114a30c71e6a8 -size 1191856 diff --git a/jq-1.7.1.tar.gz b/jq-1.7.1.tar.gz new file mode 100644 index 0000000..97018d9 --- /dev/null +++ b/jq-1.7.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:478c9ca129fd2e3443fe27314b455e211e0d8c60bc8ff7df703873deeee580c2 +size 1950645 diff --git a/jq.changes b/jq.changes index bfd9b32..6cd368b 100644 --- a/jq.changes +++ b/jq.changes @@ -1,3 +1,121 @@ +------------------------------------------------------------------- +Wed Dec 13 20:28:23 UTC 2023 - Martin Hauke + +- Update to version 1.7.1 + Security + * Fix CVE-2023-50246 (boo#1218034) + + Fix heap buffer overflow in jvp_literal_number_literal. + * Fix CVE-2023-50268 (boo#1218038) + fix stack-buffer-overflow if comparing nan with payload. + CLI changes + * Make the default background color more suitable for bright + backgrounds. + * Allow passing the inline jq script after --. + * Fix possible uninitialised value dereference if jq_init() fails + Language changes + * Simplify paths/0 and paths/1. + * Reject U+001F in string literals. + * Remove unused nref accumulator in block_bind_library. + * Remove a bunch of unused variables, and useless assignments. + * main.c: Remove unused EXIT_STATUS_EXACT option. + * Actually use the number correctly casted from double to int as + index. + * src/builtin.c: remove unnecessary jv_copy-s in + type_error/type_error2. + * Remove undefined behavior caught by LLVM 10 UBSAN. + * Convert decnum to binary64 (double) instead of decimal64. + This makes jq behave like the JSON specification suggests and + more similar to other languages. + * Fix memory leaks on invalid input for ltrimstr/1 and + rtrimstr/1. + * Fix memory leak on failed get for setpath/2. + * Fix nan from json parsing also for nans with payload that + start with 'n'. + * Allow carriage return characters in comments. + Documentation changes + * Generate links in the man page. + libjq + * Add extern C for C++. + +------------------------------------------------------------------- +Wed Nov 15 10:26:07 UTC 2023 - Dirk Müller + +- build with valgrind only on 64 bit architectures + +------------------------------------------------------------------- +Wed Sep 27 04:32:39 UTC 2023 - Andreas Stieger + +- switch to bootstrapped upstream tarball to fix version output + [boo#1215737] + +------------------------------------------------------------------- +Thu Sep 7 13:42:19 UTC 2023 - Martin Hauke + +- Update to version 1.7 + * Make object key color configurable using JQ_COLORS environment + variable. + * Change the default color of null to Bright Black. + * Respect NO_COLOR environment variable to disable color output. + * Improved --help output. Now mentions all options and nicer + order. + * Fix multiple issues of exit code using --exit-code/-e option. + * Add --raw-output0 for NUL (zero byte) separated output. + * Fix assert crash and validate JSON for --jsonarg. + * Remove deprecated --argfile option. + Language changes + * Use decimal number literals to preserve precision. Comparison + operations respects precision but arithmetic operations might + truncate. + * Adds new builtin pick(stream) to emit a projection of the + input object or array. + * Adds new builtin debug(msgs) that works like debug but applies + a filter on the input before writing to stderr. + * Adds new builtin scan($re; $flags). Was documented but not + implemented. + * Adds new builtin abs to get absolute value. This potentially + allows the literal value of numbers to be preserved as length + and fabs convert to float. + * Allow if without else-branch. When skipped the else-branch + will be . (identity). + * Allow use of $binding as key in object literals. + * Allow dot between chained indexes when using .["index"] + * Allow dot for chained value iterator .[], .[]? + * Fix try/catch catches more than it should. + * Speed up and refactor some builtins, also remove + scalars_or_empty/0. + * Now halt and halt_error exit immediately instead of continuing + to the next input. + * Fix issue converting string to number after previous convert + error. + * Fix issue representing large numbers on some platforms causing + invalid JSON output. + * Fix deletion using assigning empty against arrays. + * Allow keywords to be used as binding name in more places. + * Allow using nan as NaN in JSON. + * Expose a module's function names in modulemeta. + * Fix contains/1 to handle strings with NUL. + * Fix stderr/0 to output raw text without any decoration. + * Fix nth/2 to emit empty on index out of range. + * Fix implode to not assert and instead replace invalid unicode + codepoints. + * Fix indices/1 and rindex/1 in case of overlapping matches in + strings. + * Fix sub/3 to resolve issues involving global search-and-replace + (gsub) operations. + * Fix empty regular expression matches. + * Fix overflow exception of the modulo operator. + * Fix string multiplication by 0 (and less than 1) to emit empty + string. + * Fix segfault when using libjq and threads. + * Fix constant folding of division and reminder with zero + divisor. + * Fix error/0, error/1 to throw null error. + * Simpler and faster transpose. + * Simple and efficient implementation of walk/1. + * Remove deprecated filters leaf_paths, recurse_down. +- Adjust URL/Source - new upstream + https://github.com/stedolan/jq -> https://github.com/jqlang + ------------------------------------------------------------------- Fri Sep 23 16:16:46 UTC 2022 - Dirk Müller @@ -49,7 +167,7 @@ Sat Jul 16 10:14:33 UTC 2016 - mpluskal@suse.com ------------------------------------------------------------------- Mon Apr 25 11:48:27 UTC 2016 - idonmez@suse.com -- Add CVE-2015-8863.patch to fix a heap overflow bsc#976992 +- Add CVE-2015-8863.patch to fix a heap overflow bsc#976992 ------------------------------------------------------------------- Tue Aug 18 09:12:21 UTC 2015 - idonmez@suse.com diff --git a/jq.spec b/jq.spec index d243fb9..2634b49 100644 --- a/jq.spec +++ b/jq.spec @@ -1,7 +1,7 @@ # # spec file for package jq # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,21 +16,23 @@ # +%define jq_sover 1 Name: jq -Version: 1.6 +Version: 1.7.1 Release: 0 Summary: A lightweight and flexible command-line JSON processor License: CC-BY-3.0 AND MIT Group: Productivity/Text/Utilities -URL: https://stedolan.github.io/jq/ -Source: https://github.com/stedolan/jq/releases/download/jq-%{version}/jq-%{version}.tar.gz +URL: https://github.com/jqlang +Source: https://github.com/jqlang/jq/releases/download/%{name}-%{version}/%{name}-%{version}.tar.gz BuildRequires: chrpath -BuildRequires: flex -BuildRequires: oniguruma-devel -%ifnarch riscv64 +BuildRequires: pkgconfig +BuildRequires: pkgconfig(oniguruma) +# https://github.com/stedolan/jq/issues/1904 +Requires: libjq%{jq_sover} = %{version} +%ifarch aarch64 x86_64 ppc64le s390x BuildRequires: valgrind %endif -Requires: libjq1 = %{version} %description A lightweight and flexible command-line JSON processor. jq is like sed for @@ -38,32 +40,34 @@ JSON data – you can use it to slice and filter and map and transform structured data with the same ease that sed, awk, grep and friends let you play with text. -%package -n libjq1 +%package -n libjq%{jq_sover} Summary: Library for a lightweight and flexible command-line JSON processor Group: System/Libraries -%description -n libjq1 +%description -n libjq%{jq_sover} Library for a lightweight and flexible command-line JSON processor. %package -n libjq-devel Summary: Development files for jq Group: Development/Languages/C and C++ -Requires: libjq1 = %{version} +Requires: libjq%{jq_sover} = %{version} %description -n libjq-devel Development files (headers and libraries for jq). %prep -%setup -q +%autosetup -p1 %build %configure \ --disable-static \ -%ifarch riscv64 +%ifarch aarch64 x86_64 ppc64le s390x + --enable-valgrind \ +%else --disable-valgrind \ %endif - --disable-silent-rules -make %{?_smp_mflags} +%{nil} +%make_build %install %make_install @@ -79,24 +83,26 @@ rm -rf %{buildroot}%{_datadir}/doc/%{name} %check %if "%{qemu_user_space_build}" == "0" -make %{?_smp_mflags} check +%make_build check %endif -%post -n libjq1 -p /sbin/ldconfig -%postun -n libjq1 -p /sbin/ldconfig +%ldconfig_scriptlets -n libjq%{jq_sover} %files %license COPYING -%doc AUTHORS ChangeLog NEWS README.md +%doc AUTHORS ChangeLog NEWS.md README.md %{_bindir}/%{name} %{_mandir}/man1/%{name}.1%{?ext_man} -%files -n libjq1 -%{_libdir}/libjq.so.1* +%files -n libjq%{jq_sover} +%license COPYING +%{_libdir}/libjq.so.%{jq_sover}* %files -n libjq-devel +%license COPYING %{_includedir}/jq.h %{_includedir}/jv.h %{_libdir}/libjq.so +%{_libdir}/pkgconfig/libjq.pc %changelog