Accepting request 646096 from home:avindra:branches:utilities
- Update to version 1.6 * Destructuring Alternation * many new builtins (see docs) * Add support for ASAN and UBSAN * Make it easier to use jq with shebangs * Add $ENV builtin variable to access environment * Add JQ_COLORS env var for configuring the output colors * change: Calling jq without a program argument now always assumes "." for the program, regardless of stdin/stdout * fix: Make sorting stable regardless of qsort. - cleanup with spec-cleaner - drop CVE-2015-8863.patch (upstreamed in 8eb1367ca44e772963e704a700ef72ae2e12babd) - drop CVE-2016-4074.patch (upstreamed in fd4ae8304e23007672af9a37855c7a76de7c78cf) OBS-URL: https://build.opensuse.org/request/show/646096 OBS-URL: https://build.opensuse.org/package/show/utilities/jq?expand=0&rev=19
This commit is contained in:
parent
5a15dfb3c6
commit
f604510b4e
@ -1,34 +0,0 @@
|
|||||||
From 8eb1367ca44e772963e704a700ef72ae2e12babd Mon Sep 17 00:00:00 2001
|
|
||||||
From: Nicolas Williams <nico@cryptonector.com>
|
|
||||||
Date: Sat, 24 Oct 2015 17:24:57 -0500
|
|
||||||
Subject: [PATCH] Heap buffer overflow in tokenadd() (fix #105)
|
|
||||||
|
|
||||||
This was an off-by one: the NUL terminator byte was not allocated on
|
|
||||||
resize. This was triggered by JSON-encoded numbers longer than 256
|
|
||||||
bytes.
|
|
||||||
---
|
|
||||||
src/jv_parse.c | 4 ++--
|
|
||||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/jv_parse.c b/src/jv_parse.c
|
|
||||||
index 3102ed4..84245b8 100644
|
|
||||||
--- a/src/jv_parse.c
|
|
||||||
+++ b/src/jv_parse.c
|
|
||||||
@@ -383,7 +383,7 @@ static pfunc stream_token(struct jv_parser* p, char ch) {
|
|
||||||
|
|
||||||
static void tokenadd(struct jv_parser* p, char c) {
|
|
||||||
assert(p->tokenpos <= p->tokenlen);
|
|
||||||
- if (p->tokenpos == p->tokenlen) {
|
|
||||||
+ if (p->tokenpos >= (p->tokenlen - 1)) {
|
|
||||||
p->tokenlen = p->tokenlen*2 + 256;
|
|
||||||
p->tokenbuf = jv_mem_realloc(p->tokenbuf, p->tokenlen);
|
|
||||||
}
|
|
||||||
@@ -485,7 +485,7 @@ static pfunc check_literal(struct jv_parser* p) {
|
|
||||||
TRY(value(p, v));
|
|
||||||
} else {
|
|
||||||
// FIXME: better parser
|
|
||||||
- p->tokenbuf[p->tokenpos] = 0; // FIXME: invalid
|
|
||||||
+ p->tokenbuf[p->tokenpos] = 0;
|
|
||||||
char* end = 0;
|
|
||||||
double d = jvp_strtod(&p->dtoa, p->tokenbuf, &end);
|
|
||||||
if (end == 0 || *end != 0)
|
|
@ -1,76 +0,0 @@
|
|||||||
From 83e2cf607f3599d208b6b3129092fa7deb2e5292 Mon Sep 17 00:00:00 2001
|
|
||||||
From: W-Mark Kubacki <wmark@hurrikane.de>
|
|
||||||
Date: Fri, 19 Aug 2016 19:50:39 +0200
|
|
||||||
Subject: [PATCH] Skip printing what's below a MAX_PRINT_DEPTH
|
|
||||||
|
|
||||||
This addresses #1136, and mitigates a stack exhaustion when printing
|
|
||||||
a very deeply nested term.
|
|
||||||
---
|
|
||||||
src/jv_print.c | 8 +++++++-
|
|
||||||
1 file changed, 7 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/src/jv_print.c b/src/jv_print.c
|
|
||||||
index 5f4f234..ce4a59a 100644
|
|
||||||
--- a/src/jv_print.c
|
|
||||||
+++ b/src/jv_print.c
|
|
||||||
@@ -13,6 +13,10 @@
|
|
||||||
#include "jv_dtoa.h"
|
|
||||||
#include "jv_unicode.h"
|
|
||||||
|
|
||||||
+#ifndef MAX_PRINT_DEPTH
|
|
||||||
+#define MAX_PRINT_DEPTH (256)
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
#define ESC "\033"
|
|
||||||
#define COL(c) (ESC "[" c "m")
|
|
||||||
#define COLRESET (ESC "[0m")
|
|
||||||
@@ -150,7 +154,9 @@ static void jv_dump_term(struct dtoa_context* C, jv x, int flags, int indent, FI
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
- switch (jv_get_kind(x)) {
|
|
||||||
+ if (indent > MAX_PRINT_DEPTH) {
|
|
||||||
+ put_str("<skipped: too deep>", F, S, flags & JV_PRINT_ISATTY);
|
|
||||||
+ } else switch (jv_get_kind(x)) {
|
|
||||||
default:
|
|
||||||
case JV_KIND_INVALID:
|
|
||||||
if (flags & JV_PRINT_INVALID) {
|
|
||||||
From fd4ae8304e23007672af9a37855c7a76de7c78cf Mon Sep 17 00:00:00 2001
|
|
||||||
From: W-Mark Kubacki <wmark@hurrikane.de>
|
|
||||||
Date: Fri, 19 Aug 2016 20:10:21 +0200
|
|
||||||
Subject: [PATCH] Parse no deeper than MAX_PARSING_DEPTH
|
|
||||||
|
|
||||||
while true; do printf '{"deeper": '; done | jq .
|
|
||||||
---
|
|
||||||
src/jv_parse.c | 6 ++++++
|
|
||||||
1 file changed, 6 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/src/jv_parse.c b/src/jv_parse.c
|
|
||||||
index 84245b8..51ad9f0 100644
|
|
||||||
--- a/src/jv_parse.c
|
|
||||||
+++ b/src/jv_parse.c
|
|
||||||
@@ -10,6 +10,10 @@
|
|
||||||
|
|
||||||
typedef const char* presult;
|
|
||||||
|
|
||||||
+#ifndef MAX_PARSING_DEPTH
|
|
||||||
+#define MAX_PARSING_DEPTH (256)
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
#define TRY(x) do {presult msg__ = (x); if (msg__) return msg__; } while(0)
|
|
||||||
#ifdef __GNUC__
|
|
||||||
#define pfunc __attribute__((warn_unused_result)) presult
|
|
||||||
@@ -147,11 +151,13 @@ static void push(struct jv_parser* p, jv v) {
|
|
||||||
static pfunc parse_token(struct jv_parser* p, char ch) {
|
|
||||||
switch (ch) {
|
|
||||||
case '[':
|
|
||||||
+ if (p->stackpos >= MAX_PARSING_DEPTH) return "Exceeds depth limit for parsing";
|
|
||||||
if (jv_is_valid(p->next)) return "Expected separator between values";
|
|
||||||
push(p, jv_array());
|
|
||||||
break;
|
|
||||||
|
|
||||||
case '{':
|
|
||||||
+ if (p->stackpos >= MAX_PARSING_DEPTH) return "Exceeds depth limit for parsing";
|
|
||||||
if (jv_is_valid(p->next)) return "Expected separator between values";
|
|
||||||
push(p, jv_object());
|
|
||||||
break;
|
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:c4d2bfec6436341113419debf479d833692cc5cdab7eb0326b5a4d4fbe9f493c
|
|
||||||
size 739309
|
|
BIN
jq-1.6.tar.gz
(Stored with Git LFS)
Normal file
BIN
jq-1.6.tar.gz
(Stored with Git LFS)
Normal file
Binary file not shown.
17
jq.changes
17
jq.changes
@ -1,3 +1,20 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Nov 2 12:35:25 UTC 2018 - Avindra Goolcharan <aavindraa@gmail.com>
|
||||||
|
|
||||||
|
- Update to version 1.6
|
||||||
|
* Destructuring Alternation
|
||||||
|
* many new builtins (see docs)
|
||||||
|
* Add support for ASAN and UBSAN
|
||||||
|
* Make it easier to use jq with shebangs
|
||||||
|
* Add $ENV builtin variable to access environment
|
||||||
|
* Add JQ_COLORS env var for configuring the output colors
|
||||||
|
* change: Calling jq without a program argument now always assumes
|
||||||
|
"." for the program, regardless of stdin/stdout
|
||||||
|
* fix: Make sorting stable regardless of qsort.
|
||||||
|
- cleanup with spec-cleaner
|
||||||
|
- drop CVE-2015-8863.patch (upstreamed in 8eb1367ca44e772963e704a700ef72ae2e12babd)
|
||||||
|
- drop CVE-2016-4074.patch (upstreamed in fd4ae8304e23007672af9a37855c7a76de7c78cf)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Feb 3 09:26:17 UTC 2017 - idonmez@suse.com
|
Fri Feb 3 09:26:17 UTC 2017 - idonmez@suse.com
|
||||||
|
|
||||||
|
23
jq.spec
23
jq.spec
@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# spec file for package jq
|
# spec file for package jq
|
||||||
#
|
#
|
||||||
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
|
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||||
#
|
#
|
||||||
# All modifications and additions to the file contributed by third parties
|
# All modifications and additions to the file contributed by third parties
|
||||||
# remain the property of their copyright owners, unless otherwise agreed
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
@ -12,25 +12,22 @@
|
|||||||
# license that conforms to the Open Source Definition (Version 1.9)
|
# license that conforms to the Open Source Definition (Version 1.9)
|
||||||
# published by the Open Source Initiative.
|
# published by the Open Source Initiative.
|
||||||
|
|
||||||
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||||
#
|
#
|
||||||
|
|
||||||
|
|
||||||
Name: jq
|
Name: jq
|
||||||
Version: 1.5
|
Version: 1.6
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: A lightweight and flexible command-line JSON processor
|
Summary: A lightweight and flexible command-line JSON processor
|
||||||
License: MIT and CC-BY-3.0
|
License: MIT AND CC-BY-3.0
|
||||||
Group: Productivity/Text/Utilities
|
Group: Productivity/Text/Utilities
|
||||||
Url: http://stedolan.github.io/jq/
|
URL: http://stedolan.github.io/jq/
|
||||||
Source: https://github.com/stedolan/jq/releases/download/jq-%{version}/jq-%{version}.tar.gz
|
Source: https://github.com/stedolan/jq/releases/download/jq-%{version}/jq-%{version}.tar.gz
|
||||||
Patch1: CVE-2015-8863.patch
|
|
||||||
Patch2: CVE-2016-4074.patch
|
|
||||||
BuildRequires: chrpath
|
BuildRequires: chrpath
|
||||||
BuildRequires: flex
|
BuildRequires: flex
|
||||||
BuildRequires: oniguruma-devel
|
BuildRequires: oniguruma-devel
|
||||||
BuildRequires: valgrind
|
BuildRequires: valgrind
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
|
||||||
|
|
||||||
%description
|
%description
|
||||||
A lightweight and flexible command-line JSON processor. jq is like sed for
|
A lightweight and flexible command-line JSON processor. jq is like sed for
|
||||||
@ -55,8 +52,6 @@ Development files (headers and libraries for jq).
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
%patch1 -p2
|
|
||||||
%patch2 -p2
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%configure \
|
%configure \
|
||||||
@ -85,17 +80,15 @@ make %{?_smp_mflags} check
|
|||||||
%postun -n libjq1 -p /sbin/ldconfig
|
%postun -n libjq1 -p /sbin/ldconfig
|
||||||
|
|
||||||
%files
|
%files
|
||||||
%defattr(-,root,root)
|
%license COPYING
|
||||||
%doc AUTHORS ChangeLog COPYING NEWS README.md
|
%doc AUTHORS ChangeLog NEWS README.md
|
||||||
%{_bindir}/%{name}
|
%{_bindir}/%{name}
|
||||||
%{_mandir}/man1/%{name}.1%{ext_man}
|
%{_mandir}/man1/%{name}.1%{?ext_man}
|
||||||
|
|
||||||
%files -n libjq1
|
%files -n libjq1
|
||||||
%defattr(-,root,root)
|
|
||||||
%{_libdir}/libjq.so.1*
|
%{_libdir}/libjq.so.1*
|
||||||
|
|
||||||
%files -n libjq-devel
|
%files -n libjq-devel
|
||||||
%defattr(-,root,root)
|
|
||||||
%{_includedir}/jq.h
|
%{_includedir}/jq.h
|
||||||
%{_includedir}/jv.h
|
%{_includedir}/jv.h
|
||||||
%{_libdir}/libjq.so
|
%{_libdir}/libjq.so
|
||||||
|
Loading…
Reference in New Issue
Block a user