microsoft
/
CBL-Mariner
зеркало из https://github.com/microsoft/CBL-Mariner.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Update jq to v1.6 (#2327)

This commit is contained in:
Cameron E Baird 2022-02-25 11:25:16 -08:00 коммит произвёл GitHub
Родитель e2df0d9163
Коммит ad8fcabda8
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
5 изменённых файлов: 19 добавлений и 59 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

21
SPECS/jq/CVE-2015-8863.patch
Просмотреть файл

@ -1,21 +0,0 @@
diff -dupr a/jv_parse.c b/jv_parse.c
--- a/jv_parse.c 2015-07-26 16:32:03.000000000 -0700
+++ b/jv_parse.c 2017-06-07 10:06:28.040912855 -0700
@@ -383,7 +383,7 @@ static pfunc stream_token(struct jv_pars
static void tokenadd(struct jv_parser* p, char c) {
assert(p->tokenpos <= p->tokenlen);
- if (p->tokenpos == p->tokenlen) {
+ if (p->tokenpos >= (p->tokenlen - 1)) {
p->tokenlen = p->tokenlen*2 + 256;
p->tokenbuf = jv_mem_realloc(p->tokenbuf, p->tokenlen);
}
@@ -485,7 +485,7 @@ static pfunc check_literal(struct jv_par
TRY(value(p, v));
} else {
// FIXME: better parser
- p->tokenbuf[p->tokenpos] = 0; // FIXME: invalid
+ p->tokenbuf[p->tokenpos] = 0;
char* end = 0;
double d = jvp_strtod(&p->dtoa, p->tokenbuf, &end);
if (end == 0 || *end != 0)

25
SPECS/jq/CVE-2016-4074.patch
Просмотреть файл

@ -1,25 +0,0 @@
diff -dupr a/jv_print.c b/jv_print.c
--- a/jv_print.c 2015-08-15 21:37:35.000000000 -0700
+++ b/jv_print.c 2017-06-07 10:43:07.627097228 -0700
@@ -13,6 +13,10 @@
#include "jv_dtoa.h"
#include "jv_unicode.h"
+#ifndef MAX_PRINT_DEPTH
+#define MAX_PRINT_DEPTH (256)
+#endif
+
#define ESC "\033"
#define COL(c) (ESC "[" c "m")
#define COLRESET (ESC "[0m")
@@ -150,7 +154,9 @@ static void jv_dump_term(struct dtoa_con
}
}
}
- switch (jv_get_kind(x)) {
+ if (indent > MAX_PRINT_DEPTH) {
+ put_str("<skipped: too deep>", F, S, flags & JV_PRINT_ISATTY);
+ } else switch (jv_get_kind(x)) {
default:
case JV_KIND_INVALID:
if (flags & JV_PRINT_INVALID) {

2
SPECS/jq/jq.signatures.json
Просмотреть файл

@ -1,5 +1,5 @@
{ {
"Signatures": { "Signatures": {
"jq-1.5.tar.gz": "c4d2bfec6436341113419debf479d833692cc5cdab7eb0326b5a4d4fbe9f493c" "jq-1.6.tar.gz": "5de8c8e29aaa3fb9cc6b47bb27299f271354ebb72514e3accadc7d38b5bbaa72"
} }
} }

26
SPECS/jq/jq.spec
Просмотреть файл

@ -1,17 +1,17 @@
Summary: jq is a lightweight and flexible command-line JSON processor. Summary: jq is a lightweight and flexible command-line JSON processor.
Name: jq Name: jq
Version: 1.5 Version: 1.6
Release: 7%{?dist} Release: 1%{?dist}
Group: Applications/System Group: Applications/System
Vendor: Microsoft Corporation Vendor: Microsoft Corporation
License: MIT License: MIT
URL: https://github.com/stedolan/jq URL: https://github.com/stedolan/jq
Source0: https://github.com/stedolan/jq/releases/download/jq-1.5/jq-1.5.tar.gz Source0: https://github.com/stedolan/jq/releases/download/%{name}-%{version}/%{name}-%{version}.tar.gz
#https://github.com/stedolan/jq/commit/8eb1367ca44e772963e704a700ef72ae2e12babd
Patch0: CVE-2015-8863.patch
#https://github.com/wmark/jq/commit/e6f32d647b180006a90e080ab61ce6f09c3134d7
Patch1: CVE-2016-4074.patch
Distribution: Mariner Distribution: Mariner
BuildRequires: bison
BuildRequires: chrpath
BuildRequires: flex
BuildRequires: gcc
%if %{with_check} %if %{with_check}
BuildRequires: which BuildRequires: which
BuildRequires: oniguruma-devel BuildRequires: oniguruma-devel
@ -30,8 +30,6 @@ Development files for jq
%prep %prep
%setup -q %setup -q
%patch0 -p1
%patch1 -p1
%build %build
%configure \ %configure \
@ -60,6 +58,10 @@ make check
%{_includedir}/* %{_includedir}/*
%changelog %changelog
* Thu Feb 24 2022 Cameron Baird <cameronbaird@microsoft.com> - 1.6-1
- Update source to v1.6
- Remove CVE-2015-8863.patch, CVE-2016-4074.patch (changes found in this release)
* Thu Dec 16 2021 Pawel Winogrodzki <pawelwi@microsoft.com> - 1.5-7 * Thu Dec 16 2021 Pawel Winogrodzki <pawelwi@microsoft.com> - 1.5-7
- Removing the explicit %%clean stage. - Removing the explicit %%clean stage.
- License verified. - License verified.
@ -69,11 +71,15 @@ make check
* Tue Sep 03 2019 Mateusz Malisz <mamalisz@microsoft.com> 1.5-5 * Tue Sep 03 2019 Mateusz Malisz <mamalisz@microsoft.com> 1.5-5
- Initial CBL-Mariner import from Photon (license: Apache2). - Initial CBL-Mariner import from Photon (license: Apache2).
* Mon Nov 19 2018 Ashwin H<ashwinh@vmware.com> 1.5-4 * Mon Nov 19 2018 Ashwin H<ashwinh@vmware.com> 1.5-4
- Add which for %check - Add which for %check
* Tue Aug 22 2017 Chang Lee <changlee@vmware.com> 1.5-3 * Tue Aug 22 2017 Chang Lee <changlee@vmware.com> 1.5-3
- Add oniguruma for %check - Add oniguruma for %check
* Wed Jun 07 2017 Dheeraj Shetty <dheerajs@vmware.com> 1.5-2 * Wed Jun 07 2017 Dheeraj Shetty <dheerajs@vmware.com> 1.5-2
- Fix for CVE-2015-8863 and CVE-2016-4074 - Fix for CVE-2015-8863 and CVE-2016-4074
* Mon May 15 2017 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 1.5-1 * Mon May 15 2017 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 1.5-1
- Initial version - Initial version

4
cgmanifest.json
Просмотреть файл

@ -8281,8 +8281,8 @@
"type": "other", "type": "other",
"other": { "other": {
"name": "jq", "name": "jq",
"version": "1.5", "version": "1.6",
"downloadUrl": "https://github.com/stedolan/jq/releases/download/jq-1.5/jq-1.5.tar.gz" "downloadUrl": "https://github.com/stedolan/jq/releases/download/jq-1.6/jq-1.6.tar.gz"
} }
} }
}, },