pool/jq
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1133610 from home:AndreasStieger:branches:utilities

Browse Source 
jq 1.7.1
CVE-2023-50246 (boo#1218034)
CVE-2023-50268 (boo#1218038)

OBS-URL: https://build.opensuse.org/request/show/1133610
OBS-URL: https://build.opensuse.org/package/show/utilities/jq?expand=0&rev=32
This commit is contained in:
Michael Vetter 2023-12-19 09:44:30 +00:00 committed by Git OBS Bridge
parent b29b559748
commit ea85872191
4 changed files with 43 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
jq-1.7.1.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.

3
jq-1.7.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:402a0d6975d946e6f4e484d1a84320414a0ff8eb6cf49d2c11d144d4d344db62
size 1905863

39
jq.changes
View File

@ -1,3 +1,42 @@
-------------------------------------------------------------------
Wed Dec 13 20:28:23 UTC 2023 - Martin Hauke <mardnh@gmx.de>
- Update to version 1.7.1
Security
* Fix CVE-2023-50246 (boo#1218034)
+ Fix heap buffer overflow in jvp_literal_number_literal.
* Fix CVE-2023-50268 (boo#1218038)
fix stack-buffer-overflow if comparing nan with payload.
CLI changes
* Make the default background color more suitable for bright
backgrounds.
* Allow passing the inline jq script after --.
* Fix possible uninitialised value dereference if jq_init() fails
Language changes
* Simplify paths/0 and paths/1.
* Reject U+001F in string literals.
* Remove unused nref accumulator in block_bind_library.
* Remove a bunch of unused variables, and useless assignments.
* main.c: Remove unused EXIT_STATUS_EXACT option.
* Actually use the number correctly casted from double to int as
index.
* src/builtin.c: remove unnecessary jv_copy-s in
type_error/type_error2.
* Remove undefined behavior caught by LLVM 10 UBSAN.
* Convert decnum to binary64 (double) instead of decimal64.
This makes jq behave like the JSON specification suggests and
more similar to other languages.
* Fix memory leaks on invalid input for ltrimstr/1 and
rtrimstr/1.
* Fix memory leak on failed get for setpath/2.
* Fix nan from json parsing also for nans with payload that
start with 'n'.
* Allow carriage return characters in comments.
Documentation changes
* Generate links in the man page.
libjq
* Add extern C for C++.
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Nov 15 10:26:07 UTC 2023 - Dirk Müller <dmueller@suse.com> Wed Nov 15 10:26:07 UTC 2023 - Dirk Müller <dmueller@suse.com>

2
jq.spec
View File

@ -18,7 +18,7 @@
%define jq_sover 1 %define jq_sover 1
Name: jq Name: jq
Version: 1.7 Version: 1.7.1
Release: 0 Release: 0
Summary: A lightweight and flexible command-line JSON processor Summary: A lightweight and flexible command-line JSON processor
License: CC-BY-3.0 AND MIT License: CC-BY-3.0 AND MIT