Subject: CVS commit: [pkgsrc-2018Q1] pkgsrc/devel/jq
From: S.P.Zeidler
Date: 2018-06-17 14:43:56
Message id: 20180617124356.D2017FBEC@cvs.NetBSD.org
Log Message:
Pullup ticket #5766 - requested by bsiegert
devel/jq: security patch

Revisions pulled up:
- devel/jq/Makefile                                             1.15
- devel/jq/distinfo                                             1.9
- devel/jq/patches/patch-src_jv__print.c                        1.1

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   ginsbach
   Date:           Wed May 30 16:03:48 UTC 2018

   Modified Files:
           pkgsrc/devel/jq: Makefile distinfo
   Added Files:
           pkgsrc/devel/jq/patches: patch-src_jv__print.c

   Log Message:
   CVE-2016-4074 denial-of-service (via upstream)

   Fix present in jq-1.6rc1 (https://github.com/stedolan/jq/commit/83e2cf6).
   The fix prevents 'infinite' recursion preventing stack exhaustion.

   To generate a diff of this commit:
   cvs rdiff -u -r1.14 -r1.15 pkgsrc/devel/jq/Makefile
   cvs rdiff -u -r1.8 -r1.9 pkgsrc/devel/jq/distinfo
   cvs rdiff -u -r0 -r1.1 pkgsrc/devel/jq/patches/patch-src_jv__print.c
Files:
RevisionActionfile
1.14.2.1modifypkgsrc/devel/jq/Makefile
1.8.2.1modifypkgsrc/devel/jq/distinfo
1.1.2.2addpkgsrc/devel/jq/patches/patch-src_jv__print.c