head 1.7; access; symbols pkgsrc-2025Q2:1.3.0.2 pkgsrc-2025Q2-base:1.3 pkgsrc-2025Q1:1.1.0.6 pkgsrc-2025Q1-base:1.1 pkgsrc-2024Q4:1.1.0.4 pkgsrc-2024Q4-base:1.1 pkgsrc-2024Q3:1.1.0.2 pkgsrc-2024Q3-base:1.1; locks; strict; comment @ * @; 1.7 date 2026.07.02.15.26.35; author wiz; state Exp; branches; next 1.6; commitid mabc1GpjcR1gO5MG; 1.6 date 2026.06.30.13.43.04; author wiz; state dead; branches; next 1.5; commitid bBUnThLggVREiPLG; 1.5 date 2026.06.28.15.41.12; author wiz; state Exp; branches; next 1.4; commitid hjtQh9zHnnKc1ALG; 1.4 date 2025.07.06.09.07.43; author wiz; state dead; branches; next 1.3; commitid xF8hwMv4Y6ZJjF1G; 1.3 date 2025.06.22.06.16.19; author kim; state Exp; branches; next 1.2; commitid WmPMUffIEGIHOQZF; 1.2 date 2025.06.01.18.43.09; author leot; state dead; branches; next 1.1; commitid Mrs0r4Gx03wQCdXF; 1.1 date 2024.07.11.19.59.08; author riastradh; state Exp; branches; next ; commitid 0EovSOw9hMLLushF; desc @@ 1.7 log @jq: fix self tests. Bump PKGREVISION. @ text @$NetBSD: patch-src_builtin.c,v 1.5 2026/06/28 15:41:12 wiz Exp $ Workaround for timezone problem. https://github.com/jqlang/jq/issues/3568 --- src/builtin.c.orig 2026-06-20 13:36:30.000000000 +0000 +++ src/builtin.c @@@@ -1847,7 +1847,13 @@@@ static jv f_strftime(jq_state *jq, jv a, jv b) { * account ... */ tzset(); #endif +#ifdef __NetBSD__ + timezone_t tz_utc = tzalloc("UTC"); + size_t n = strftime_z(tz_utc, buf, max_size, fmt, &tm); + tzfree(tz_utc); +#else size_t n = strftime(buf, max_size, fmt, &tm); +#endif #if defined(__APPLE__) || defined(__sun) if (tz) { setenv("TZ", tz, 1); @ 1.6 log @jq: remove testing patch; update ctype(3) patch Bump PKGREVISION for ctype(3) patch. (both were committed unintentionally) @ text @d8 2 a9 10 @@@@ -1835,7 +1835,7 @@@@ static jv f_strftime(jq_state *jq, jv a, jv b) { int fmt_not_empty = *fmt != '\0'; size_t max_size = strlen(fmt) + 100; char *buf = jv_mem_alloc(max_size); -#if defined(__APPLE__) || defined(__sun) +#if defined(__APPLE__) || defined(__sun) || defined(__NetBSD__) /* Apple Libc (as of version 1669.40.2) contains a bug which causes it to * ignore the `tm.tm_gmtoff` in favor of the global timezone. To print the * proper timezone offset we temporarily switch the TZ to UTC. */ @@@@ -1848,7 +1848,7 @@@@ static jv f_strftime(jq_state *jq, jv a, jv b) { d12 5 d18 2 a19 2 -#if defined(__APPLE__) || defined(__sun) +#if defined(__APPLE__) || defined(__sun) || defined(__NetBSD__) a21 1 free(tz); @ 1.5 log @*: limit Python versions due to py-numpy dropping Python 3.11 support @ text @d1 1 a1 1 $NetBSD$ @ 1.4 log @jq: update to 1.8.1. # 1.8.1 This is a patch release to fix security, performance, and build issues found in 1.8.0. Full commit log can be found at . ## Security fixes - CVE-2025-49014: Fix heap use after free in `f_strftime`, `f_strflocaltime`. @@wader 499c91bca9d4d027833bc62787d1bb075c03680e - GHSA-f946-j5j2-4w5m: Fix stack overflow in `node_min_byte_len` of oniguruma. @@wader 5e159b34b179417e3e0404108190a2ac7d65611c ## CLI changes - Fix assertion failure when syntax error happens at the end of the query. @@itchyny #3350 ## Changes to existing functions - Fix portability of `strptime/1` especially for Windows. @@itchyny #3342 ## Language changes - Revert the change of `reduce`/`foreach` state variable in 1.8.0 (#3205). This change was reverted due to serious performance regression. @@itchyny #3349 ## Documentation changes - Add LICENSE notice of NetBSD's `strptime()` to COPYING. @@itchyny #3344 ## Build improvements - Fix build on old Mac with old sed. @@qianbinbin #3336 @ text @d1 1 a1 1 $NetBSD: patch-src_builtin.c,v 1.3 2025/06/22 06:16:19 kim Exp $ d3 2 a4 2 Fixes CVE-2025-49014 which was introduced in 1.8.0 https://github.com/jqlang/jq/commit/499c91bca9d4d027833bc62787d1bb075c03680e.patch d6 4 a9 7 --- src/builtin.c.orig 2025-06-01 05:58:31.000000000 +0000 +++ src/builtin.c 2025-06-22 06:08:48.067551402 +0000 @@@@ -1769,6 +1769,7 @@@@ return ret_error(b, jv_string("strftime/1 requires parsed datetime inputs")); const char *fmt = jv_string_value(b); + int fmt_not_empty = *fmt != '\0'; d12 7 a18 2 #ifdef __APPLE__ @@@@ -1789,7 +1790,7 @@@@ a19 14 jv_free(b); /* POSIX doesn't provide errno values for strftime() failures; weird */ - if ((n == 0 && *fmt) || n > max_size) { + if ((n == 0 && fmt_not_empty) || n > max_size) { free(buf); return jv_invalid_with_msg(jv_string("strftime/1: unknown system failure")); } @@@@ -1818,12 +1819,13 @@@@ if (!jv2tm(a, &tm, 1)) return ret_error(b, jv_string("strflocaltime/1 requires parsed datetime inputs")); const char *fmt = jv_string_value(b); + int fmt_not_empty = *fmt != '\0'; size_t max_size = strlen(fmt) + 100; char *buf = jv_mem_alloc(max_size); d21 5 a25 7 jv_free(b); /* POSIX doesn't provide errno values for strftime() failures; weird */ - if ((n == 0 && *fmt) || n > max_size) { + if ((n == 0 && fmt_not_empty) || n > max_size) { free(buf); return jv_invalid_with_msg(jv_string("strflocaltime/1: unknown system failure")); } @ 1.3 log @jq: Apply upstream patch for CVE-2025-49014 @ text @d1 1 a1 1 $NetBSD$ @ 1.2 log @jq: Update to 1.8.0 Changes: # 1.8.0 We are pleased to announce the release of version 1.8.0. This release includes a number of improvements since the last version. Note that some changes may introduce breaking changes to existing scripts, so be sure to read the following information carefully. ## Security fixes - CVE-2024-23337: Fix signed integer overflow in `jvp_array_write` and `jvp_object_rehash`. - The fix for this issue now limits the maximum size of arrays and objects to 536870912 (`2^29`) elements. - CVE-2024-53427: Reject NaN with payload while parsing JSON. - The fix for this issue now drops support for NaN with payload in JSON (like `NaN123`). Other JSON extensions like `NaN` and `Infinity` are still supported. - CVE-2025-48060: Fix heap buffer overflow in `jv_string_vfmt`. - Fix use of uninitialized value in `check_literal`. - Fix segmentation fault on `strftime/1`, `strflocaltime/1`. - Fix unhandled overflow in `@@base64d`. ## CLI changes - Fix `--indent 0` implicitly enabling `--compact-output` - Improve error messages to show problematic position in the filter - Include column number in parser and compiler error messages - Fix error message for string literal beginning with single quote - Improve `JQ_COLORS` environment variable to support larger escapes like truecolor - Add `--library-path` long option for `-L` - Fix `--slurp --stream` when input has no trailing newline character - Fix `--indent` option to error for malformed values - Fix option parsing of `--binary` on non-Windows platforms - Fix issue with `~/.jq` on Windows where `$HOME` is not set - Fix broken non-Latin output in the command help on Windows - Increase the maximum parsing depth for JSON to 10000 - Parse short options in order given - Consistently reset color formatting ## New functions - Add `trim/0`, `ltrim/0` and `rtrim/0` to trim leading and trailing white spaces - Add `trimstr/1` to trim string from both ends - Add `add/1`. Generator variant of `add/0` - Add `skip/2` as the counterpart to `limit/2` - Add `toboolean/0` to convert strings to booleans - Add `@@urid` format. Reverse of `@@uri` ## Changes to existing functions - Use code point index for `indices/1`, `index/1` and `rindex/1` - This is a breaking change. Use `utf8bytelength/0` to get byte index. - Improve `tonumber/0` performance and rejects numbers with leading or trailing white spaces - This is a breaking change. Use `trim/0` to remove leading and trailing white spaces. - Populate timezone data when formatting time. This fixes timezone name in `strftime/1`, `strflocaltime/1` for DST. - Preserve numerical precision on unary negation, `abs/0`, `length/0`. - Make `last(empty)` yield no output values like `first(empty)`. - Make `ltrimstr/1` and `rtrimstr/1` error for non-string inputs. - Make `limit/2` error for negative count. - Fix `mktime/0` overflow and allow fewer elements in date-time representation array. - Fix non-matched optional capture group. - Provide `strptime/1` on all systems. - Fix `_WIN32` port of `strptime`. - Improve `bsearch/1` performance by implementing in C. - Improve `unique/0` and `unique_by/1` performance. - Fix error messages including long string literal not to break Unicode characters. - Remove `pow10/0` as it has been deprecated in glibc 2.27. Use `exp10/0` instead. - Remove private (and undocumented) `_nwise` filter. ## Language changes - Fix precedence of binding syntax against unary and binary operators. Also, allow some expressions as object values. - This is a breaking change that may change the output of filters with binding syntax. - Support Tcl-style multiline comments - Fix `foreach` not to break init backtracking with `DUPN` - Fix `reduce`/`foreach` state variable should not be reset each iteration - Support CRLF line breaks in filters - Improve performance of repeating strings @ text @d1 1 a1 1 $NetBSD: patch-src_builtin.c,v 1.1 2024/07/11 19:59:08 riastradh Exp $ d3 2 a4 3 Fix ctype(3) abuse. https://github.com/jqlang/jq/issues/3151 https://github.com/jqlang/jq/pull/3152 d6 11 a16 4 --- src/builtin.c.orig 2023-12-13 19:24:02.000000000 +0000 +++ src/builtin.c @@@@ -1440,7 +1440,7 @@@@ static jv f_strptime(jq_state *jq, jv a, } d18 6 a23 4 const char *end = strptime(input, fmt, &tm); - if (end == NULL || (*end != '\0' && !isspace(*end))) { + if (end == NULL || (*end != '\0' && !isspace((unsigned char)*end))) { return ret_error2(a, b, jv_string_fmt("date \"%s\" does not match format \"%s\"", input, fmt)); d25 8 d34 6 @ 1.1 log @devel/jq: Fix ctype(3) abuse. https://github.com/jqlang/jq/issues/3151 https://github.com/jqlang/jq/pull/3152 @ text @d1 1 a1 1 $NetBSD$ @