Request 1132946: Submit jq - openSUSE Build Service

Overview

Request 1132946 revoked

- Update to version 1.7.1
Security
* Fix CVE-2023-50246
+ Fix heap buffer overflow in jvp_literal_number_literal.
* Fix CVE-2023-50268
fix stack-buffer-overflow if comparing nan with payload.
CLI changes
* Make the default background color more suitable for bright
backgrounds.
* Allow passing the inline jq script after --.
* Fix possible uninitialised value dereference if jq_init() fails
Language changes
* Simplify paths/0 and paths/1.
* Reject U+001F in string literals.
* Remove unused nref accumulator in block_bind_library.
* Remove a bunch of unused variables, and useless assignments.
* main.c: Remove unused EXIT_STATUS_EXACT option.
* Actually use the number correctly casted from double to int as
index.
* src/builtin.c: remove unnecessary jv_copy-s in
type_error/type_error2.
* Remove undefined behavior caught by LLVM 10 UBSAN.
* Convert decnum to binary64 (double) instead of decimal64.
This makes jq behave like the JSON specification suggests and
more similar to other languages.
* Fix memory leaks on invalid input for ltrimstr/1 and
rtrimstr/1.
* Fix memory leak on failed get for setpath/2.
* Fix nan from json parsing also for nans with payload that
start with 'n'.

Created by mnhauke 6 months ago
In state revoked
Package maintainer: prusnak

Submit jq

Comments for request 1132946 1

Staging Bot (staging-bot) - 6 months ago

@prusnak: review reminder

Login required, please login in order to comment

Request History

mnhauke created request 6 months ago

- Update to version 1.7.1
Security
* Fix CVE-2023-50246
+ Fix heap buffer overflow in jvp_literal_number_literal.
* Fix CVE-2023-50268
fix stack-buffer-overflow if comparing nan with payload.
CLI changes
* Make the default background color more suitable for bright
backgrounds.
* Allow passing the inline jq script after --.
* Fix possible uninitialised value dereference if jq_init() fails
Language changes
* Simplify paths/0 and paths/1.
* Reject U+001F in string literals.
* Remove unused nref accumulator in block_bind_library.
* Remove a bunch of unused variables, and useless assignments.
* main.c: Remove unused EXIT_STATUS_EXACT option.
* Actually use the number correctly casted from double to int as
index.
* src/builtin.c: remove unnecessary jv_copy-s in
type_error/type_error2.
* Remove undefined behavior caught by LLVM 10 UBSAN.
* Convert decnum to binary64 (double) instead of decimal64.
This makes jq behave like the JSON specification suggests and
more similar to other languages.
* Fix memory leaks on invalid input for ltrimstr/1 and
rtrimstr/1.
* Fix memory leak on failed get for setpath/2.
* Fix nan from json parsing also for nans with payload that
start with 'n'.

mimi_vx declined request 5 months ago

broken ? or someone pushed different SR ?

mnhauke revoked request 5 months ago

openSUSE Build Service is sponsored by