<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-openembedded.git/meta-oe/recipes-devtools/jq, branch master-next</title>
<subtitle>Mirror of git.openembedded.org/meta-openembedded</subtitle>
<id>https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=master-next</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=master-next'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/'/>
<updated>2026-06-16T05:43:45+00:00</updated>
<entry>
<title>jq: patch CVE-2026-49839</title>
<updated>2026-06-16T05:43:45+00:00</updated>
<author>
<name>Anton Skorup</name>
<email>anton@skorup.se</email>
</author>
<published>2026-06-15T13:49:59+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=8c08427759702b0e93ad62b0a4ce582b136e0c74'/>
<id>urn:sha1:8c08427759702b0e93ad62b0a4ce582b136e0c74</id>
<content type='text'>
CVE details: https://vulert.com/vuln-db/--4743

Signed-off-by: Anton Skorup &lt;anton.skorup@axis.com&gt;
Signed-off-by: Khem Raj &lt;khem.raj@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>jq: patch CVE-2026-47770</title>
<updated>2026-06-08T01:21:31+00:00</updated>
<author>
<name>Anton Skorup</name>
<email>anton@skorup.se</email>
</author>
<published>2026-05-29T09:40:36+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=e4aae1b880aec8d49832b120c0801bc5246e4312'/>
<id>urn:sha1:e4aae1b880aec8d49832b120c0801bc5246e4312</id>
<content type='text'>
This patch adds the upstream fix for CVE-2026-47770.

CVE details: https://ubuntu.com/security/CVE-2026-47770

Signed-off-by: Anton Skorup &lt;antonsk@axis.com&gt;
Signed-off-by: Khem Raj &lt;khem.raj@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>jq: patch CVE-2026-39979</title>
<updated>2026-04-20T14:35:33+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2026-04-20T06:27:37+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=2b1e34f0f51b103fa37f163cdccdeebf821ac7c1'/>
<id>urn:sha1:2b1e34f0f51b103fa37f163cdccdeebf821ac7c1</id>
<content type='text'>
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-39979

Backport the patch that is referenced by the NVD advisory.y

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
Signed-off-by: Khem Raj &lt;khem.raj@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>jq: patch CVE-2026-33948</title>
<updated>2026-04-20T14:35:33+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2026-04-20T06:27:36+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=8d399af3337b25d71f8cd4308b9788ac4e88b730'/>
<id>urn:sha1:8d399af3337b25d71f8cd4308b9788ac4e88b730</id>
<content type='text'>
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-33948

Backport the patch that is referenced by the NVD advisory.

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
Signed-off-by: Khem Raj &lt;khem.raj@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>jq: patch CVE-2026-33947</title>
<updated>2026-04-20T14:35:33+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2026-04-20T06:27:35+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=525e18ce214213193d9a280de3bfd2deb847110e'/>
<id>urn:sha1:525e18ce214213193d9a280de3bfd2deb847110e</id>
<content type='text'>
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-33947

Backport the patch that is referenced by the NVD report.

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
Signed-off-by: Khem Raj &lt;khem.raj@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>jq: patch CVE-2026-32316</title>
<updated>2026-04-20T14:35:33+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2026-04-20T06:27:34+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=e94ab85126f12d77253107084dc8463c79b3e776'/>
<id>urn:sha1:e94ab85126f12d77253107084dc8463c79b3e776</id>
<content type='text'>
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-32316

Backport the patch that is referenced by the NVD advisory.

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
Signed-off-by: Khem Raj &lt;khem.raj@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>jq: Use Git to fetch the code</title>
<updated>2026-04-10T14:59:52+00:00</updated>
<author>
<name>Peter Kjellerstedt</name>
<email>pkj@axis.com</email>
</author>
<published>2026-04-08T17:47:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=ed33569f822a3a8d41f82f6980a046d17aca37d5'/>
<id>urn:sha1:ed33569f822a3a8d41f82f6980a046d17aca37d5</id>
<content type='text'>
There is a bug (see https://github.com/jqlang/jq/issues/434), which
results in an empty version being used if autoreconf is run on the jq
sources when using a release tar ball. The incorrect assumption is that
autoreconf is only used when fetching the code using Git.

The empty version results in an incorrect libjq.pc file being created
where the version is not set, which results in, e.g.,
`pkgconf --libs 'libjq &gt; 1.6'` failing even if version 1.8.1 of jq is
actually installed.

Switch to fetching the code using Git to workaround the bug.

Signed-off-by: Peter Kjellerstedt &lt;peter.kjellerstedt@axis.com&gt;
Signed-off-by: Khem Raj &lt;khem.raj@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>jq: upgrade 1.8.0 -&gt; 1.8.1</title>
<updated>2025-07-09T16:16:09+00:00</updated>
<author>
<name>Wang Mingyu</name>
<email>wangmy@fujitsu.com</email>
</author>
<published>2025-07-09T08:41:45+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=95bec3d58ac813085b502e2b0d9eb7a13d09e827'/>
<id>urn:sha1:95bec3d58ac813085b502e2b0d9eb7a13d09e827</id>
<content type='text'>
License-Update: Add LICENSE notice of NetBSD's strptime() to COPYING

Signed-off-by: Wang Mingyu &lt;wangmy@fujitsu.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>jq: Add tzdata to ptest rdeps</title>
<updated>2025-07-03T06:27:07+00:00</updated>
<author>
<name>Khem Raj</name>
<email>raj.khem@gmail.com</email>
</author>
<published>2025-07-03T06:22:08+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=b7e233f84aeca74147c3e3cdf16cbe58bd0239f0'/>
<id>urn:sha1:b7e233f84aeca74147c3e3cdf16cbe58bd0239f0</id>
<content type='text'>
This is needed for some ptests to pass

Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>jq: upgrade 1.7.1 -&gt; 1.8.0</title>
<updated>2025-06-04T05:01:47+00:00</updated>
<author>
<name>Vijay Anusuri</name>
<email>vanusuri@mvista.com</email>
</author>
<published>2025-06-04T03:40:53+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=547f2a0939cb0335592fefaa5ad52f8514d68cd4'/>
<id>urn:sha1:547f2a0939cb0335592fefaa5ad52f8514d68cd4</id>
<content type='text'>
Changelog:
==========
https://github.com/jqlang/jq/releases/tag/jq-1.8.0

Security fixes

* CVE-2024-23337: Fix signed integer overflow in jvp_array_write and jvp_object_rehash. @itchyny de21386
     The fix for this issue now limits the maximum size of arrays and objects to 536870912 (2^29) elements.
* CVE-2024-53427: Reject NaN with payload while parsing JSON. @itchyny a09a4df
     The fix for this issue now drops support for NaN with payload in JSON (like NaN123).
     Other JSON extensions like NaN and Infinity are still supported.
* CVE-2025-48060: Fix heap buffer overflow in jv_string_vfmt. @itchyny c6e0416
* Fix use of uninitialized value in check_literal. @itchyny #3324
* Fix segmentation fault on strftime/1, strflocaltime/1. @itchyny #3271
* Fix unhandled overflow in @base64d. @emanuele6 #3080

Signed-off-by: Vijay Anusuri &lt;vanusuri@mvista.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
</feed>
