wallenstein/void-packages
1
0
Fork 0
mirror of https://github.com/void-linux/void-packages.git synced 2025-06-08 08:03:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

jq: patch for CVE-2015-8863

Browse source
This commit is contained in:
Alessio Sergi 2016-04-24 19:25:29 +02:00
parent ba3d7f4b82
commit 087e9cd71b
2 changed files with 30 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
srcpkgs/jq/patches/CVE-2015-8863.patch Normal file
View file

@ -0,0 +1,22 @@
https://github.com/stedolan/jq/issues/995
--- jv_parse.c.orig
+++ jv_parse.c
@@ -383,7 +383,7 @@ static pfunc stream_token(struct jv_parser* p, char ch) {
static void tokenadd(struct jv_parser* p, char c) {
assert(p->tokenpos <= p->tokenlen);
- if (p->tokenpos == p->tokenlen) {
+ if (p->tokenpos >= (p->tokenlen - 1)) {
p->tokenlen = p->tokenlen*2 + 256;
p->tokenbuf = jv_mem_realloc(p->tokenbuf, p->tokenlen);
}
@@ -485,7 +485,7 @@ static pfunc check_literal(struct jv_parser* p) {
TRY(value(p, v));
} else {
// FIXME: better parser
- p->tokenbuf[p->tokenpos] = 0; // FIXME: invalid
+ p->tokenbuf[p->tokenpos] = 0;
char* end = 0;
double d = jvp_strtod(&p->dtoa, p->tokenbuf, &end);
if (end == 0 || *end != 0)

20
srcpkgs/jq/template
View file

@ -1,31 +1,27 @@
# Template file for 'jq' # Template file for 'jq'
pkgname=jq pkgname=jq
version=1.5 version=1.5
revision=2 revision=3
wrksrc="${pkgname}-${pkgname}-${version}"
build_style=gnu-configure build_style=gnu-configure
hostmakedepends="automake libtool"
makedepends="oniguruma-devel" makedepends="oniguruma-devel"
short_desc="Command-line JSON processor" short_desc="Command-line JSON processor"
maintainer="Christian Neukirchen <chneukirchen@gmail.com>" maintainer="Christian Neukirchen <chneukirchen@gmail.com>"
license="MIT" license="MIT"
homepage="http://stedolan.github.io/jq/" homepage="http://stedolan.github.io/jq/"
distfiles="https://github.com/stedolan/${pkgname}/archive/${pkgname}-${version}.tar.gz" distfiles="https://github.com/stedolan/jq/releases/download/jq-${version}/jq-${version}.tar.gz"
checksum=d644aded536167e0cb7e3547d13decf0000312b5ed8e75be8f053b0ecdf39d83 checksum=c4d2bfec6436341113419debf479d833692cc5cdab7eb0326b5a4d4fbe9f493c
post_extract() {
autoreconf -fi
}
post_install() { post_install() {
rm -r ${DESTDIR}/usr/share/doc/$pkgname rm -rf ${DESTDIR}/usr/share/doc/$pkgname
vlicense COPYING vlicense COPYING
} }
jq-devel_package() { jq-devel_package() {
depends="${sourcepkg}>=${version}_${revision}" depends="${sourcepkg}>=${version}_${revision}"
short_desc+=" -- development files" short_desc+=" - development files"
pkg_install() { pkg_install() {
vmove usr/include vmove usr/include
vmove "usr/lib/*.a" vmove usr/lib/*.a
vmove "usr/lib/*.so*" vmove usr/lib/*.so*
} }
} }