From ea85872191b798b88ed0d9dd76f6fdb1139c85f5ba0ac23d468cbec2aa7a58dd Mon Sep 17 00:00:00 2001
From: Michael Vetter <jubalh@iodoru.org>
Date: Tue, 19 Dec 2023 09:44:30 +0000
Subject: [PATCH] Accepting request 1133610 from
 home:AndreasStieger:branches:utilities

jq 1.7.1
CVE-2023-50246 (boo#1218034)
CVE-2023-50268 (boo#1218038)

OBS-URL: https://build.opensuse.org/request/show/1133610
OBS-URL: https://build.opensuse.org/package/show/utilities/jq?expand=0&rev=32
---
 jq-1.7.1.tar.gz |  3 +++
 jq-1.7.tar.gz   |  3 ---
 jq.changes      | 39 +++++++++++++++++++++++++++++++++++++++
 jq.spec         |  2 +-
 4 files changed, 43 insertions(+), 4 deletions(-)
 create mode 100644 jq-1.7.1.tar.gz
 delete mode 100644 jq-1.7.tar.gz

diff --git a/jq-1.7.1.tar.gz b/jq-1.7.1.tar.gz
new file mode 100644
index 0000000..97018d9
--- /dev/null
+++ b/jq-1.7.1.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:478c9ca129fd2e3443fe27314b455e211e0d8c60bc8ff7df703873deeee580c2
+size 1950645
diff --git a/jq-1.7.tar.gz b/jq-1.7.tar.gz
deleted file mode 100644
index d5c3255..0000000
--- a/jq-1.7.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:402a0d6975d946e6f4e484d1a84320414a0ff8eb6cf49d2c11d144d4d344db62
-size 1905863
diff --git a/jq.changes b/jq.changes
index a06c7bd..6cd368b 100644
--- a/jq.changes
+++ b/jq.changes
@@ -1,3 +1,42 @@
+-------------------------------------------------------------------
+Wed Dec 13 20:28:23 UTC 2023 - Martin Hauke <mardnh@gmx.de>
+
+- Update to version 1.7.1
+  Security
+  * Fix CVE-2023-50246 (boo#1218034)
+    + Fix heap buffer overflow in jvp_literal_number_literal.
+  * Fix CVE-2023-50268 (boo#1218038)
+      fix stack-buffer-overflow if comparing nan with payload.
+  CLI changes
+  * Make the default background color more suitable for bright
+    backgrounds.
+  * Allow passing the inline jq script after --.
+  * Fix possible uninitialised value dereference if jq_init() fails
+  Language changes
+  * Simplify paths/0 and paths/1.
+  * Reject U+001F in string literals.
+  * Remove unused nref accumulator in block_bind_library.
+  * Remove a bunch of unused variables, and useless assignments.
+  * main.c: Remove unused EXIT_STATUS_EXACT option.
+  * Actually use the number correctly casted from double to int as
+    index.
+  * src/builtin.c: remove unnecessary jv_copy-s in
+    type_error/type_error2.
+  * Remove undefined behavior caught by LLVM 10 UBSAN.
+  * Convert decnum to binary64 (double) instead of decimal64.
+    This makes jq behave like the JSON specification suggests and
+    more similar to other languages.
+  * Fix memory leaks on invalid input for ltrimstr/1 and
+    rtrimstr/1.
+  * Fix memory leak on failed get for setpath/2.
+  * Fix nan from json parsing also for nans with payload that 
+    start with 'n'.
+  * Allow carriage return characters in comments.
+  Documentation changes
+  * Generate links in the man page.
+  libjq
+  * Add extern C for C++.
+
 -------------------------------------------------------------------
 Wed Nov 15 10:26:07 UTC 2023 - Dirk Müller <dmueller@suse.com>
 
diff --git a/jq.spec b/jq.spec
index 23dba76..2634b49 100644
--- a/jq.spec
+++ b/jq.spec
@@ -18,7 +18,7 @@
 
 %define jq_sover 1
 Name:           jq
-Version:        1.7
+Version:        1.7.1
 Release:        0
 Summary:        A lightweight and flexible command-line JSON processor
 License:        CC-BY-3.0 AND MIT