File jq.changes of Package jq
-------------------------------------------------------------------
Thu Oct 2 11:14:15 UTC 2025 - Andreas Schwab <schwab@suse.de>
- Enable valgrind on riscv64
-------------------------------------------------------------------
Tue Jul 1 15:18:11 UTC 2025 - Martin Hauke <mardnh@gmx.de>
- Update to version 1.8.1
Security fixes
* CVE-2025-49014: Fix heap use after free in f_strftime,
f_strflocaltime.
* GHSA-f946-j5j2-4w5m: Fix stack overflow in node_min_byte_len
of oniguruma.
CLI changes
* Fix assertion failure when syntax error happens at the end of
the query.
Language changes
* Revert the change of reduce/foreach state variable in 1.8.0.
* This change was reverted due to serious performance regression.
-------------------------------------------------------------------
Wed Jun 18 13:33:37 UTC 2025 - Martin Hauke <mardnh@gmx.de>
- Update to version 1.8.0
Security fixes
* CVE-2024-23337: Fix signed integer overflow in jvp_array_write
and jvp_object_rehash.
* CVE-2024-53427: Reject NaN with payload while parsing JSON.
* CVE-2025-48060: Fix heap buffer overflow in jv_string_vfmt.
* Fix use of uninitialized value in check_literal.
* Fix segmentation fault on strftime/1, strflocaltime/1.
* Fix unhandled overflow in @base64d.
CLI changes
* Fix --indent 0 implicitly enabling --compact-output.
* Improve error messages to show problematic position in the
filter.
* Include column number in parser and compiler error messages.
* Fix error message for string literal beginning with single
quote.
* Improve JQ_COLORS environment variable to support larger
escapes like truecolor.
* Add --library-path long option for -L.
* Fix --slurp --stream when input has no trailing newline
character.
* Fix --indent option to error for malformed values.
* Fix option parsing of --binary on non-Windows platforms.
* Fix issue with ~/.jq on Windows where $HOME is not set.
* Increase the maximum parsing depth for JSON to 10000.
* Parse short options in order given.
* Consistently reset color formatting.
New functions
* Add trim/0, ltrim/0 and rtrim/0 to trim leading and trailing
white spaces.
* Add trimstr/1 to trim string from both ends.
* Add add/1. Generator variant of add/0.
* Add skip/2 as the counterpart to limit/2.
* Add toboolean/0 to convert strings to booleans.
* Add @urid format. Reverse of @uri.
Changes to existing functions
* Use code point index for indices/1, index/1 and rindex/1.
* Improve tonumber/0 performance and rejects numbers with
leading or trailing white spaces.
* Populate timezone data when formatting time.
* Preserve numerical precision on unary negation, abs/0, length/0
* Make last(empty) yield no output values like first(empty).
* Make ltrimstr/1 and rtrimstr/1 error for non-string inputs.
* Make limit/2 error for negative count.
* Fix mktime/0 overflow and allow fewer elements in date-time
representation array.
* Fix non-matched optional capture group.
* Provide strptime/1 on all systems.
* Improve bsearch/1 performance by implementing in C.
* Improve unique/0 and unique_by/1 performance.
* Fix error messages including long string literal not to break
Unicode characters.
* Remove pow10/0 as it has been deprecated in glibc 2.27.
Use exp10/0 instead.
* Remove private (and undocumented) _nwise filter.
Language changes
* Fix precedence of binding syntax against unary and binary
operators.
* Support Tcl-style multiline comments.
* Fix foreach not to break init backtracking with DUPN.
* Fix reduce/foreach state variable should not be reset each
iteration.
* Support CRLF line breaks in filters.
* Improve performance of repeating strings.
- Drop not longer needed patches (fixed by upstream):
* CVE-2024-23337.patch
* CVE-2024-53427.patch
- Remove not longer needed hardcoded compiler option "-std-gnu17"
gh#3206
-------------------------------------------------------------------
Thu Jun 12 16:24:57 UTC 2025 - Nathan Cutler <ncutler@suse.com>
- Add patch CVE-2024-23337.patch (CVE-2024-23337, bsc#1243450)
-------------------------------------------------------------------
Tue May 20 17:19:29 UTC 2025 - Nathan Cutler <ncutler@suse.com>
- Add patch CVE-2024-53427.patch (CVE-2024-53427, bsc#1238078)
-------------------------------------------------------------------
Tue May 6 20:43:03 UTC 2025 - Martin Jambor <mjambor@suse.com>
- Build with compiler option -std=gnu17 to avoid issues with code
which is not valid in C23. [boo#1241922]
-------------------------------------------------------------------
Wed Dec 13 20:28:23 UTC 2023 - Martin Hauke <mardnh@gmx.de>
- Update to version 1.7.1
Security
* Fix CVE-2023-50246 (boo#1218034)
+ Fix heap buffer overflow in jvp_literal_number_literal.
* Fix CVE-2023-50268 (boo#1218038)
fix stack-buffer-overflow if comparing nan with payload.
CLI changes
* Make the default background color more suitable for bright
backgrounds.
* Allow passing the inline jq script after --.
* Fix possible uninitialised value dereference if jq_init() fails
Language changes
* Simplify paths/0 and paths/1.
* Reject U+001F in string literals.
* Remove unused nref accumulator in block_bind_library.
* Remove a bunch of unused variables, and useless assignments.
* main.c: Remove unused EXIT_STATUS_EXACT option.
* Actually use the number correctly casted from double to int as
index.
* src/builtin.c: remove unnecessary jv_copy-s in
type_error/type_error2.
* Remove undefined behavior caught by LLVM 10 UBSAN.
* Convert decnum to binary64 (double) instead of decimal64.
This makes jq behave like the JSON specification suggests and
more similar to other languages.
* Fix memory leaks on invalid input for ltrimstr/1 and
rtrimstr/1.
* Fix memory leak on failed get for setpath/2.
* Fix nan from json parsing also for nans with payload that
start with 'n'.
* Allow carriage return characters in comments.
Documentation changes
* Generate links in the man page.
libjq
* Add extern C for C++.
-------------------------------------------------------------------
Wed Nov 15 10:26:07 UTC 2023 - Dirk Müller <dmueller@suse.com>
- build with valgrind only on 64 bit architectures
-------------------------------------------------------------------
Wed Sep 27 04:32:39 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
- switch to bootstrapped upstream tarball to fix version output
[boo#1215737]
-------------------------------------------------------------------
Thu Sep 7 13:42:19 UTC 2023 - Martin Hauke <mardnh@gmx.de>
- Update to version 1.7
* Make object key color configurable using JQ_COLORS environment
variable.
* Change the default color of null to Bright Black.
* Respect NO_COLOR environment variable to disable color output.
* Improved --help output. Now mentions all options and nicer
order.
* Fix multiple issues of exit code using --exit-code/-e option.
* Add --raw-output0 for NUL (zero byte) separated output.
* Fix assert crash and validate JSON for --jsonarg.
* Remove deprecated --argfile option.
Language changes
* Use decimal number literals to preserve precision. Comparison
operations respects precision but arithmetic operations might
truncate.
* Adds new builtin pick(stream) to emit a projection of the
input object or array.
* Adds new builtin debug(msgs) that works like debug but applies
a filter on the input before writing to stderr.
* Adds new builtin scan($re; $flags). Was documented but not
implemented.
* Adds new builtin abs to get absolute value. This potentially
allows the literal value of numbers to be preserved as length
and fabs convert to float.
* Allow if without else-branch. When skipped the else-branch
will be . (identity).
* Allow use of $binding as key in object literals.
* Allow dot between chained indexes when using .["index"]
* Allow dot for chained value iterator .[], .[]?
* Fix try/catch catches more than it should.
* Speed up and refactor some builtins, also remove
scalars_or_empty/0.
* Now halt and halt_error exit immediately instead of continuing
to the next input.
* Fix issue converting string to number after previous convert
error.
* Fix issue representing large numbers on some platforms causing
invalid JSON output.
* Fix deletion using assigning empty against arrays.
* Allow keywords to be used as binding name in more places.
* Allow using nan as NaN in JSON.
* Expose a module's function names in modulemeta.
* Fix contains/1 to handle strings with NUL.
* Fix stderr/0 to output raw text without any decoration.
* Fix nth/2 to emit empty on index out of range.
* Fix implode to not assert and instead replace invalid unicode
codepoints.
* Fix indices/1 and rindex/1 in case of overlapping matches in
strings.
* Fix sub/3 to resolve issues involving global search-and-replace
(gsub) operations.
* Fix empty regular expression matches.
* Fix overflow exception of the modulo operator.
* Fix string multiplication by 0 (and less than 1) to emit empty
string.
* Fix segfault when using libjq and threads.
* Fix constant folding of division and reminder with zero
divisor.
* Fix error/0, error/1 to throw null error.
* Simpler and faster transpose.
* Simple and efficient implementation of walk/1.
* Remove deprecated filters leaf_paths, recurse_down.
- Adjust URL/Source - new upstream
https://github.com/stedolan/jq -> https://github.com/jqlang
-------------------------------------------------------------------
Fri Sep 23 16:16:46 UTC 2022 - Dirk Müller <dmueller@suse.com>
- build without valgrind on riscv64 - does not exist (yet)
-------------------------------------------------------------------
Thu Jul 4 17:27:13 UTC 2019 - myen@suse.com
- Make jq depend on libjq1, so upgrading jq upgrades both
See: https://github.com/stedolan/jq/issues/1904
-------------------------------------------------------------------
Fri Nov 2 12:35:25 UTC 2018 - Avindra Goolcharan <aavindraa@gmail.com>
- Update to version 1.6
* Destructuring Alternation
* many new builtins (see docs)
* Add support for ASAN and UBSAN
* Make it easier to use jq with shebangs
* Add $ENV builtin variable to access environment
* Add JQ_COLORS env var for configuring the output colors
* change: Calling jq without a program argument now always assumes
"." for the program, regardless of stdin/stdout
* fix: Make sorting stable regardless of qsort.
- cleanup with spec-cleaner
- drop CVE-2015-8863.patch (upstreamed in 8eb1367ca44e772963e704a700ef72ae2e12babd)
- drop CVE-2016-4074.patch (upstreamed in fd4ae8304e23007672af9a37855c7a76de7c78cf)
-------------------------------------------------------------------
Fri Feb 3 09:26:17 UTC 2017 - idonmez@suse.com
- Add CVE-2016-4074.patch to prevent a stack exhaustion
CVE-2016-4074 bsc#1014176
-------------------------------------------------------------------
Mon Jan 2 08:47:00 UTC 2017 - mpluskal@suse.com
- Update tests dependencies to increase test coverage (bsc#1017157)
* valgrind based tests were skipped
- Do not run tests in qemu builds, valgrind does not work reliably
in such conditions
-------------------------------------------------------------------
Sat Jul 16 10:14:33 UTC 2016 - mpluskal@suse.com
- Make building more verbose
- Run tests
-------------------------------------------------------------------
Mon Apr 25 11:48:27 UTC 2016 - idonmez@suse.com
- Add CVE-2015-8863.patch to fix a heap overflow bsc#976992
-------------------------------------------------------------------
Tue Aug 18 09:12:21 UTC 2015 - idonmez@suse.com
- Update to version 1.5
* Regexp support
* A proper module system
* Destructuring syntax
* Math functions
* An online streaming parser
* Minimal I/O builtins (inputs, debug)
* try/catch for catching and handling errors
* Tail call optimization
* Datetime functions
* Performance enhancements
- Add oniguruma-devel BuildRequires for regexp support
-------------------------------------------------------------------
Fri Jun 27 09:55:52 UTC 2014 - idonmez@suse.com
- Don't package static libs
- Fix rpath on the main binary
-------------------------------------------------------------------
Sun Jun 15 20:52:42 UTC 2014 - prusnak@opensuse.org
- Updated to 1.4
+ New command line arguments
* jq --arg-file variable file
* jq --unbuffered
* jq -e / --exit-status (set exit status based on outputs)
* jq -S / --sort-keys (now jq no longer sorts object keys by
default
+ Syntax changes
* .. -> like // in XPath (recursive traversal)
* question mark (e.g., .a?) to suppress errors
* ."foo" syntax (equivalent to .["foo"])
* better error handling for .foo
* added % operator (modulo)
* allow negation without requiring extra parenthesis
* more function arguments (up to six)
+ New filters
* any, all
* iterables, arrays, objects, scalars, nulls, booleans,
numbers, strings, values
+ New string built-ins
* split
* join (join an array of strings with a given separator string)
* ltrimstr, rtrimstr
* startswith, endswith
* explode, implode
* fromjson, tojson
* index, rindex, indices
+ New math functions
* floor, sqrt, cbrt, etc.
+ Addition of libjq, a C API interface to jq's JSON representation
and for running jq programs from C applications.
-------------------------------------------------------------------
Thu Oct 17 15:55:03 UTC 2013 - cdenicolo@suse.com
- license update: MIT and CC-BY-3.0
documentation is licensed under CC-BY-3.0
-------------------------------------------------------------------
Tue Oct 1 15:09:01 UTC 2013 - robert.munteanu@gmail.com
- Initial packaging of version 1.3
