jq: patch for CVE-2015-8863
This commit is contained in:
Alessio Sergi
parent
ba3d7f4b82
commit
087e9cd71b
2 changed files with 30 additions and 12 deletions
22
srcpkgs/jq/patches/CVE-2015-8863.patch
Normal file
22
srcpkgs/jq/patches/CVE-2015-8863.patch
Normal file
|
|
@ -0,0 +1,22 @@
|
|||
https://github.com/stedolan/jq/issues/995
|
||||
|
||||
--- jv_parse.c.orig
|
||||
+++ jv_parse.c
|
||||
@@ -383,7 +383,7 @@ static pfunc stream_token(struct jv_parser* p, char ch) {
|
||||
|
||||
static void tokenadd(struct jv_parser* p, char c) {
|
||||
assert(p->tokenpos <= p->tokenlen);
|
||||
- if (p->tokenpos == p->tokenlen) {
|
||||
+ if (p->tokenpos >= (p->tokenlen - 1)) {
|
||||
p->tokenlen = p->tokenlen*2 + 256;
|
||||
p->tokenbuf = jv_mem_realloc(p->tokenbuf, p->tokenlen);
|
||||
}
|
||||
@@ -485,7 +485,7 @@ static pfunc check_literal(struct jv_parser* p) {
|
||||
TRY(value(p, v));
|
||||
} else {
|
||||
// FIXME: better parser
|
||||
- p->tokenbuf[p->tokenpos] = 0; // FIXME: invalid
|
||||
+ p->tokenbuf[p->tokenpos] = 0;
|
||||
char* end = 0;
|
||||
double d = jvp_strtod(&p->dtoa, p->tokenbuf, &end);
|
||||
if (end == 0 || *end != 0)
|
||||
|
|
@ -1,31 +1,27 @@
|
|||
# Template file for 'jq'
|
||||
pkgname=jq
|
||||
version=1.5
|
||||
revision=2
|
||||
wrksrc="${pkgname}-${pkgname}-${version}"
|
||||
revision=3
|
||||
build_style=gnu-configure
|
||||
hostmakedepends="automake libtool"
|
||||
makedepends="oniguruma-devel"
|
||||
short_desc="Command-line JSON processor"
|
||||
maintainer="Christian Neukirchen <chneukirchen@gmail.com>"
|
||||
license="MIT"
|
||||
homepage="http://stedolan.github.io/jq/"
|
||||
distfiles="https://github.com/stedolan/${pkgname}/archive/${pkgname}-${version}.tar.gz"
|
||||
checksum=d644aded536167e0cb7e3547d13decf0000312b5ed8e75be8f053b0ecdf39d83
|
||||
distfiles="https://github.com/stedolan/jq/releases/download/jq-${version}/jq-${version}.tar.gz"
|
||||
checksum=c4d2bfec6436341113419debf479d833692cc5cdab7eb0326b5a4d4fbe9f493c
|
||||
|
||||
post_extract() {
|
||||
autoreconf -fi
|
||||
}
|
||||
post_install() {
|
||||
rm -r ${DESTDIR}/usr/share/doc/$pkgname
|
||||
rm -rf ${DESTDIR}/usr/share/doc/$pkgname
|
||||
vlicense COPYING
|
||||
}
|
||||
|
||||
jq-devel_package() {
|
||||
depends="${sourcepkg}>=${version}_${revision}"
|
||||
short_desc+=" -- development files"
|
||||
short_desc+=" - development files"
|
||||
pkg_install() {
|
||||
vmove usr/include
|
||||
vmove "usr/lib/*.a"
|
||||
vmove "usr/lib/*.so*"
|
||||
vmove usr/lib/*.a
|
||||
vmove usr/lib/*.so*
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue