[gentoo-commits] repo/gentoo:master commit in: app-misc/jq/files/, app-misc/jq/ - gentoo-commits

From:	Tim Harder <radhermit@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: app-misc/jq/files/, app-misc/jq/
Date:	Sat, 30 Apr 2016 03:55:43
Message-Id:	`1461988427.251e0d08bf9303fbbd2ccb66b550def65f609db5.radhermit@gentoo`

1

commit:     251e0d08bf9303fbbd2ccb66b550def65f609db5

2

Author:     Jan Chren <dev.rindeal <AT> gmail <DOT> com>

3

AuthorDate: Thu Apr 28 13:03:45 2016 +0000

4

Commit:     Tim Harder <radhermit <AT> gentoo <DOT> org>

5

CommitDate: Sat Apr 30 03:53:47 2016 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=251e0d08

7

8

app-misc/jq: fix buffer overflow (bug #580606) and other updates

9

10

- add upstream metadata

11

- add arm architecture

12

- refactor econf args to an array

13

- move DOCS and PATCHES to their appropriate functions

14

- replace custom find with prune_libtool_files()

15

16

Gentoo-Bug: 580606

17

18

 .../jq-1.5-heap_buffer_overflow_in_tokenadd.patch  | 34 ++++++++++++

19

 app-misc/jq/jq-1.5-r2.ebuild                       | 60 ++++++++++++++++++++++

20

 2 files changed, 94 insertions(+)

21

22

diff --git a/app-misc/jq/files/jq-1.5-heap_buffer_overflow_in_tokenadd.patch b/app-misc/jq/files/jq-1.5-heap_buffer_overflow_in_tokenadd.patch

23

new file mode 100644

24

index 0000000..edb07d8

25

--- /dev/null

26

+++ b/app-misc/jq/files/jq-1.5-heap_buffer_overflow_in_tokenadd.patch

27

@@ -0,0 +1,34 @@

28

+From 8eb1367ca44e772963e704a700ef72ae2e12babd Mon Sep 17 00:00:00 2001

29

+From: Nicolas Williams <nico@××××××××××××.com>

30

+Date: Sat, 24 Oct 2015 17:24:57 -0500

31

+Subject: [PATCH] Heap buffer overflow in tokenadd() (fix #105)

32

+

33

+This was an off-by one: the NUL terminator byte was not allocated on

34

+resize.  This was triggered by JSON-encoded numbers longer than 256

35

+bytes.

36

+---

37

+ src/jv_parse.c | 4 ++--

38

+ 1 file changed, 2 insertions(+), 2 deletions(-)

39

+

40

+diff --git a/src/jv_parse.c b/src/jv_parse.c

41

+index 3102ed4..84245b8 100644

42

+--- a/jv_parse.c

43

++++ b/jv_parse.c

44

+@@ -383,7 +383,7 @@ static pfunc stream_token(struct jv_parser* p, char ch) {

45

+

46

+ static void tokenadd(struct jv_parser* p, char c) {

47

+   assert(p->tokenpos <= p->tokenlen);

48

+-  if (p->tokenpos == p->tokenlen) {

49

++  if (p->tokenpos >= (p->tokenlen - 1)) {

50

+     p->tokenlen = p->tokenlen*2 + 256;

51

+     p->tokenbuf = jv_mem_realloc(p->tokenbuf, p->tokenlen);

52

+   }

53

+@@ -485,7 +485,7 @@ static pfunc check_literal(struct jv_parser* p) {

54

+     TRY(value(p, v));

55

+   } else {

56

+     // FIXME: better parser

57

+-    p->tokenbuf[p->tokenpos] = 0; // FIXME: invalid

58

++    p->tokenbuf[p->tokenpos] = 0;

59

+     char* end = 0;

60

+     double d = jvp_strtod(&p->dtoa, p->tokenbuf, &end);

61

+     if (end == 0 || *end != 0)

62

63

diff --git a/app-misc/jq/jq-1.5-r2.ebuild b/app-misc/jq/jq-1.5-r2.ebuild

64

new file mode 100644

65

index 0000000..df58a52

66

--- /dev/null

67

+++ b/app-misc/jq/jq-1.5-r2.ebuild

68

@@ -0,0 +1,60 @@

69

+# Copyright 1999-2016 Gentoo Foundation

70

+# Distributed under the terms of the GNU General Public License v2

71

+# $Id$

72

+

73

+EAPI=6

74

+

75

+inherit autotools eutils

76

+

77

+DESCRIPTION="A lightweight and flexible command-line JSON processor"

78

+HOMEPAGE="https://stedolan.github.com/jq/"

79

+SRC_URI="https://github.com/stedolan/jq/releases/download/${P}/${P}.tar.gz"

80

+

81

+LICENSE="MIT CC-BY-3.0"

82

+SLOT="0"

83

+KEYWORDS="~amd64 ~arm ~x86 ~x64-macos"

84

+IUSE="oniguruma static-libs test"

85

+

86

+DEPEND="

87

+	>=sys-devel/bison-3.0

88

+	sys-devel/flex

89

+	oniguruma? ( dev-libs/oniguruma[static-libs?] )

90

+	test? ( dev-util/valgrind )

91

+"

92

+RDEPEND="

93

+	!static-libs? (

94

+		oniguruma? ( dev-libs/oniguruma[static-libs?] )

95

+	)

96

+"

97

+

98

+src_prepare() {

99

+	local PATCHES=(

100

+		"${FILESDIR}"/${PN}-1.5-dynamic-link.patch

101

+		"${FILESDIR}"/${PN}-1.5-remove-automagic-dep-on-oniguruma.patch

102

+		"${FILESDIR}"/${PN}-1.5-heap_buffer_overflow_in_tokenadd.patch

103

+	)

104

+

105

+	sed -i '/^dist_doc_DATA/d' Makefile.am || die

106

+	sed -i -r "s:(m4_define\(\[jq_version\],) .+\):\1 \[${PV}\]):" \

107

+		configure.ac || die

108

+

109

+	default

110

+	eautoreconf

111

+}

112

+

113

+src_configure() {

114

+	local econfargs=(

115

+		# don't try to rebuild docs

116

+		--disable-docs

117

+		$(use_enable static-libs static)

118

+		$(use_with oniguruma)

119

+	)

120

+	econf "${econfargs[@]}"

121

+}

122

+

123

+src_install() {

124

+	local DOCS=( AUTHORS README )

125

+	default

126

+

127

+	use static-libs || prune_libtool_files

128

+}

1	commit: 251e0d08bf9303fbbd2ccb66b550def65f609db5
2	Author: Jan Chren <dev.rindeal <AT> gmail <DOT> com>
3	AuthorDate: Thu Apr 28 13:03:45 2016 +0000
4	Commit: Tim Harder <radhermit <AT> gentoo <DOT> org>
5	CommitDate: Sat Apr 30 03:53:47 2016 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=251e0d08
7
8	app-misc/jq: fix buffer overflow (bug #580606) and other updates
9
10	- add upstream metadata
11	- add arm architecture
12	- refactor econf args to an array
13	- move DOCS and PATCHES to their appropriate functions
14	- replace custom find with prune_libtool_files()
15
16	Gentoo-Bug: 580606
17
18	.../jq-1.5-heap_buffer_overflow_in_tokenadd.patch \| 34 ++++++++++++
19	app-misc/jq/jq-1.5-r2.ebuild \| 60 ++++++++++++++++++++++
20	2 files changed, 94 insertions(+)
21
22	diff --git a/app-misc/jq/files/jq-1.5-heap_buffer_overflow_in_tokenadd.patch b/app-misc/jq/files/jq-1.5-heap_buffer_overflow_in_tokenadd.patch
23	new file mode 100644
24	index 0000000..edb07d8
25	--- /dev/null
26	+++ b/app-misc/jq/files/jq-1.5-heap_buffer_overflow_in_tokenadd.patch
27	@@ -0,0 +1,34 @@
28	+From 8eb1367ca44e772963e704a700ef72ae2e12babd Mon Sep 17 00:00:00 2001
29	+From: Nicolas Williams <nico@××××××××××××.com>
30	+Date: Sat, 24 Oct 2015 17:24:57 -0500
31	+Subject: [PATCH] Heap buffer overflow in tokenadd() (fix #105)
32	+
33	+This was an off-by one: the NUL terminator byte was not allocated on
34	+resize. This was triggered by JSON-encoded numbers longer than 256
35	+bytes.
36	+---
37	+ src/jv_parse.c \| 4 ++--
38	+ 1 file changed, 2 insertions(+), 2 deletions(-)
39	+
40	+diff --git a/src/jv_parse.c b/src/jv_parse.c
41	+index 3102ed4..84245b8 100644
42	+--- a/jv_parse.c
43	++++ b/jv_parse.c
44	+@@ -383,7 +383,7 @@ static pfunc stream_token(struct jv_parser* p, char ch) {
45	+
46	+ static void tokenadd(struct jv_parser* p, char c) {
47	+ assert(p->tokenpos <= p->tokenlen);
48	+- if (p->tokenpos == p->tokenlen) {
49	++ if (p->tokenpos >= (p->tokenlen - 1)) {
50	+ p->tokenlen = p->tokenlen*2 + 256;
51	+ p->tokenbuf = jv_mem_realloc(p->tokenbuf, p->tokenlen);
52	+ }
53	+@@ -485,7 +485,7 @@ static pfunc check_literal(struct jv_parser* p) {
54	+ TRY(value(p, v));
55	+ } else {
56	+ // FIXME: better parser
57	+- p->tokenbuf[p->tokenpos] = 0; // FIXME: invalid
58	++ p->tokenbuf[p->tokenpos] = 0;
59	+ char* end = 0;
60	+ double d = jvp_strtod(&p->dtoa, p->tokenbuf, &end);
61	+ if (end == 0 \|\| *end != 0)
62
63	diff --git a/app-misc/jq/jq-1.5-r2.ebuild b/app-misc/jq/jq-1.5-r2.ebuild
64	new file mode 100644
65	index 0000000..df58a52
66	--- /dev/null
67	+++ b/app-misc/jq/jq-1.5-r2.ebuild
68	@@ -0,0 +1,60 @@
69	+# Copyright 1999-2016 Gentoo Foundation
70	+# Distributed under the terms of the GNU General Public License v2
71	+# $Id$
72	+
73	+EAPI=6
74	+
75	+inherit autotools eutils
76	+
77	+DESCRIPTION="A lightweight and flexible command-line JSON processor"
78	+HOMEPAGE="https://stedolan.github.com/jq/"
79	+SRC_URI="https://github.com/stedolan/jq/releases/download/${P}/${P}.tar.gz"
80	+
81	+LICENSE="MIT CC-BY-3.0"
82	+SLOT="0"
83	+KEYWORDS="~amd64 ~arm ~x86 ~x64-macos"
84	+IUSE="oniguruma static-libs test"
85	+
86	+DEPEND="
87	+ >=sys-devel/bison-3.0
88	+ sys-devel/flex
89	+ oniguruma? ( dev-libs/oniguruma[static-libs?] )
90	+ test? ( dev-util/valgrind )
91	+"
92	+RDEPEND="
93	+ !static-libs? (
94	+ oniguruma? ( dev-libs/oniguruma[static-libs?] )
95	+ )
96	+"
97	+
98	+src_prepare() {
99	+ local PATCHES=(
100	+ "${FILESDIR}"/${PN}-1.5-dynamic-link.patch
101	+ "${FILESDIR}"/${PN}-1.5-remove-automagic-dep-on-oniguruma.patch
102	+ "${FILESDIR}"/${PN}-1.5-heap_buffer_overflow_in_tokenadd.patch
103	+ )
104	+
105	+ sed -i '/^dist_doc_DATA/d' Makefile.am \|\| die
106	+ sed -i -r "s:(m4_define\(\[jq_version\],) .+\):\1 \[${PV}\]):" \
107	+ configure.ac \|\| die
108	+
109	+ default
110	+ eautoreconf
111	+}
112	+
113	+src_configure() {
114	+ local econfargs=(
115	+ # don't try to rebuild docs
116	+ --disable-docs
117	+ $(use_enable static-libs static)
118	+ $(use_with oniguruma)
119	+ )
120	+ econf "${econfargs[@]}"
121	+}
122	+
123	+src_install() {
124	+ local DOCS=( AUTHORS README )
125	+ default
126	+
127	+ use static-libs \|\| prune_libtool_files
128	+}

Gentoo Archives: gentoo-commits