| author | Evgeniy Alekseev
<arcanis@archlinux.org> 2016-08-10 10:54:03 UTC |
| committer | Evgeniy Alekseev
<arcanis@archlinux.org> 2016-08-10 10:54:03 UTC |
| parent | b715e3e3cc00440585a1ffec31fdbed07e930ada |
| ChangeLog | +3 | -0 |
| PKGBUILD | +10 | -3 |
diff --git a/ChangeLog b/ChangeLog index 8ce0390..3d3ef49 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +1.5-4: +fix CVE-2015-8863 (FS#50330) + 1.5-2: add oniguruma for regexp support diff --git a/PKGBUILD b/PKGBUILD index c64c2f7..d6623d5 100644 --- a/PKGBUILD +++ b/PKGBUILD @@ -4,16 +4,23 @@ pkgname=jq pkgver=1.5 -pkgrel=3 +pkgrel=4 pkgdesc='Command-line JSON processor' arch=('i686' 'x86_64') url='http://stedolan.github.io/jq/' license=('MIT') depends=('glibc' 'oniguruma') makedepends=('autoconf' 'automake' 'bison' 'flex' 'python2') -source=("https://github.com/stedolan/jq/releases/download/${pkgname}-${pkgver}/${pkgname}-${pkgver}.tar.gz") +source=("https://github.com/stedolan/jq/releases/download/${pkgname}-${pkgver}/${pkgname}-${pkgver}.tar.gz" + "cve-2015-8863.patch::https://github.com/stedolan/jq/commit/8eb1367ca44e772963e704a700ef72ae2e12babd.patch") changelog=ChangeLog -md5sums=('0933532b086bd8b6a41c1b162b1731f9') +md5sums=('0933532b086bd8b6a41c1b162b1731f9' + '104f363774c8f312943db55a4dd59ac6') + +prepare() { + cd "${pkgname}-${pkgver}" + patch -p2 -i "${srcdir}/cve-2015-8863.patch" +} build() { cd "${pkgname}-${pkgver}"