From 087e9cd71bc56960ee3aa78653af5e930b0c235c Mon Sep 17 00:00:00 2001
From: Alessio Sergi <al3hex@gmail.com>
Date: Sun, 24 Apr 2016 19:25:29 +0200
Subject: [PATCH] jq: patch for CVE-2015-8863

---
 srcpkgs/jq/patches/CVE-2015-8863.patch | 22 ++++++++++++++++++++++
 srcpkgs/jq/template                    | 20 ++++++++------------
 2 files changed, 30 insertions(+), 12 deletions(-)
 create mode 100644 srcpkgs/jq/patches/CVE-2015-8863.patch

diff --git a/srcpkgs/jq/patches/CVE-2015-8863.patch b/srcpkgs/jq/patches/CVE-2015-8863.patch
new file mode 100644
index 00000000000..34036e6a104
--- /dev/null
+++ b/srcpkgs/jq/patches/CVE-2015-8863.patch
@@ -0,0 +1,22 @@
+https://github.com/stedolan/jq/issues/995
+
+--- jv_parse.c.orig
++++ jv_parse.c
+@@ -383,7 +383,7 @@ static pfunc stream_token(struct jv_parser* p, char ch) {
+ 
+ static void tokenadd(struct jv_parser* p, char c) {
+   assert(p->tokenpos <= p->tokenlen);
+-  if (p->tokenpos == p->tokenlen) {
++  if (p->tokenpos >= (p->tokenlen - 1)) {
+     p->tokenlen = p->tokenlen*2 + 256;
+     p->tokenbuf = jv_mem_realloc(p->tokenbuf, p->tokenlen);
+   }
+@@ -485,7 +485,7 @@ static pfunc check_literal(struct jv_parser* p) {
+     TRY(value(p, v));
+   } else {
+     // FIXME: better parser
+-    p->tokenbuf[p->tokenpos] = 0; // FIXME: invalid
++    p->tokenbuf[p->tokenpos] = 0;
+     char* end = 0;
+     double d = jvp_strtod(&p->dtoa, p->tokenbuf, &end);
+     if (end == 0 || *end != 0)
diff --git a/srcpkgs/jq/template b/srcpkgs/jq/template
index a27520500a9..9721354f64e 100644
--- a/srcpkgs/jq/template
+++ b/srcpkgs/jq/template
@@ -1,31 +1,27 @@
 # Template file for 'jq'
 pkgname=jq
 version=1.5
-revision=2
-wrksrc="${pkgname}-${pkgname}-${version}"
+revision=3
 build_style=gnu-configure
-hostmakedepends="automake libtool"
 makedepends="oniguruma-devel"
 short_desc="Command-line JSON processor"
 maintainer="Christian Neukirchen <chneukirchen@gmail.com>"
 license="MIT"
 homepage="http://stedolan.github.io/jq/"
-distfiles="https://github.com/stedolan/${pkgname}/archive/${pkgname}-${version}.tar.gz"
-checksum=d644aded536167e0cb7e3547d13decf0000312b5ed8e75be8f053b0ecdf39d83
+distfiles="https://github.com/stedolan/jq/releases/download/jq-${version}/jq-${version}.tar.gz"
+checksum=c4d2bfec6436341113419debf479d833692cc5cdab7eb0326b5a4d4fbe9f493c
 
-post_extract() {
-	autoreconf -fi
-}
 post_install() {
-	rm -r ${DESTDIR}/usr/share/doc/$pkgname
+	rm -rf ${DESTDIR}/usr/share/doc/$pkgname
 	vlicense COPYING
 }
+
 jq-devel_package() {
 	depends="${sourcepkg}>=${version}_${revision}"
-	short_desc+=" -- development files"
+	short_desc+=" - development files"
 	pkg_install() {
 		vmove usr/include
-		vmove "usr/lib/*.a"
-		vmove "usr/lib/*.so*"
+		vmove usr/lib/*.a
+		vmove usr/lib/*.so*
 	}
 }