Re: [PATCH] jq: Update to version 1.7.1

Reviewed-by: Michael Tremer michael.tremer@ipfire.org

On 20 May 2024, at 14:35, Adolf Belka adolf.belka@ipfire.org wrote:

• Update from version 1.7 to 1.7.1
• Update of rootfile not required
• Changelog 1.7.1

## Security

• CVE-2023-50246: Fix heap buffer overflow in jvp_literal_number_literal
• CVE-2023-50268: fix stack-buffer-overflow if comparing nan with payload

## CLI changes

• Make the default background color more suitable for bright backgrounds. @mjarosie @taoky @nicowilliams @itchyny #2904
• Allow passing the inline jq script after `--`. @emanuele6 #2919
• Restrict systems operations on OpenBSD and remove unused `mkstemp`. @klemensn #2934
• Fix possible uninitialised value dereference if `jq_init()` fails. @emanuele6 @nicowilliams #2935

## Language changes

• Simplify `paths/0` and `paths/1`. @asheiduk @emanuele6 #2946
• Reject `U+001F` in string literals. @torsten-schenk @itchyny @wader #2911
• Remove unused nref accumulator in `block_bind_library`. @emanuele6 #2914
• Remove a bunch of unused variables, and useless assignments. @emanuele6 #2914
• main.c: Remove unused EXIT_STATUS_EXACT option. @emanuele6 #2915
• Actually use the number correctly casted from double to int as index. @emanuele6 #2916
• src/builtin.c: remove unnecessary jv_copy-s in type_error/type_error2. @emanuele6 #2937
• Remove undefined behavior caught by LLVM 10 UBSAN. @Gaelan @emanuele6 #2926
• Convert decnum to binary64 (double) instead of decimal64. This makes jq behave like the JSON specification suggests and more similar to other languages. @wader @leonid-s-usov #2949
• Fix memory leaks on invalid input for `ltrimstr/1` and `rtrimstr/1`. @emanuele6 #2977
• Fix memory leak on failed get for `setpath/2`. @emanuele6 #2970
• Fix nan from json parsing also for nans with payload that start with 'n'. @emanuele6 #2985
• Allow carriage return characters in comments. @emanuele6 #2942 #2984

## Documentation changes

• Generate links in the man page. @emanuele6 #2931
• Standardize arch types to AMD64 & ARM64 from index page download dropdown. @owenthereal #2884

## libjq

• Add extern C for C++. @rockwotj #2953

## Build and test changes

• Fix incorrect syntax for checksum file. @kamontat @wader #2899
• Remove `-dirty` version suffix for windows release build. @itchyny #2888
• Make use of `od` in tests more compatible. @nabijaczleweli @emanuele6 @nicowilliams #2922
• Add dependabot. @yeikel #2889
• Extend fuzzing setup to fuzz parser and and JSON serializer. @DavidKorczynski @emanuele6 #2952
• Keep releasing executables with legacy names. @itchyny #2951

Signed-off-by: Adolf Belka adolf.belka@ipfire.org

lfs/jq | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lfs/jq b/lfs/jq index 17fc8e88e..518b04564 100644 --- a/lfs/jq +++ b/lfs/jq @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@

include Config

-VER = 1.7 +VER = 1.7.1

THISAPP = jq-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)

$(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_BLAKE2 = eec09a90ab1b131e18ed02ffdb7070df98f540b6c54d3cf225d2171527ec384e651cf83325569707798152af3e89d9c3fa2326c86164d2535e774ddc3926112b +$(DL_FILE)_BLAKE2 = bcd5498271b710ad4e130428f04481073aa94f9ff8f4f2dcf04cf684182cbc75a329677dbbdb1b724a313cd01a880af746565d221fc6ba55408eefd0f1ac0716

install : $(TARGET)

-- 2.44.0