diff options
| author | Divya Chellam <divya.chellam@windriver.com> | 2025-10-24 19:21:08 +0530 |
|---|---|---|
| committer | Anuj Mittal <anuj.mittal@intel.com> | 2025-10-30 15:11:47 +0800 |
| commit | 62b9edf47be6b70d77ac6a662cedc9dbbb96e550 (patch) | |
| tree | f5239494a3a0d44cd87f01f6ce599a5c838b3de5 /meta-oe/recipes-devtools | |
| parent | 9fd485ca64a6e7a1ea7157c224ba6d8a336ce950 (diff) | |
| download | meta-openembedded-62b9edf47be6b70d77ac6a662cedc9dbbb96e550.tar.gz | |
jq: fix CVE-2025-9403
A vulnerability was determined in jqlang jq up to 1.6. Impacted is the
function run_jq_tests of the file jq_test.c of the component JSON Parser.
Executing manipulation can lead to reachable assertion. The attack
requires local access. The exploit has been publicly disclosed and may be
utilized. Other versions might be affected as well.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-9403
Upstream-patch:
https://github.com/jqlang/jq/commit/a4d9d540103ff9a262e304329c277ec89b27e5f9
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Diffstat (limited to 'meta-oe/recipes-devtools')
| -rw-r--r-- | meta-oe/recipes-devtools/jq/jq/CVE-2025-9403.patch | 49 | ||||
| -rw-r--r-- | meta-oe/recipes-devtools/jq/jq_1.7.1.bb | 1 |
2 files changed, 50 insertions, 0 deletions
diff --git a/meta-oe/recipes-devtools/jq/jq/CVE-2025-9403.patch b/meta-oe/recipes-devtools/jq/jq/CVE-2025-9403.patch new file mode 100644 index 0000000000..19d769a6f5 --- /dev/null +++ b/meta-oe/recipes-devtools/jq/jq/CVE-2025-9403.patch | |||
| @@ -0,0 +1,49 @@ | |||
| 1 | From a4d9d540103ff9a262e304329c277ec89b27e5f9 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: itchyny <itchyny@cybozu.co.jp> | ||
| 3 | Date: Mon, 15 Sep 2025 07:47:51 +0900 | ||
| 4 | Subject: [PATCH] Fix expected value assertion for NaN value (fix #3393) | ||
| 5 | (#3408) | ||
| 6 | |||
| 7 | CVE: CVE-2025-9403 | ||
| 8 | |||
| 9 | Upstream-Status: Backport [https://github.com/jqlang/jq/commit/a4d9d540103ff9a262e304329c277ec89b27e5f9] | ||
| 10 | |||
| 11 | Signed-off-by: Divya Chellam <divya.chellam@windriver.com> | ||
| 12 | --- | ||
| 13 | src/jq_test.c | 13 ++++++++----- | ||
| 14 | 1 file changed, 8 insertions(+), 5 deletions(-) | ||
| 15 | |||
| 16 | diff --git a/src/jq_test.c b/src/jq_test.c | ||
| 17 | index 3945686..f42b05c 100644 | ||
| 18 | --- a/src/jq_test.c | ||
| 19 | +++ b/src/jq_test.c | ||
| 20 | @@ -2,6 +2,7 @@ | ||
| 21 | #include <stdio.h> | ||
| 22 | #include <string.h> | ||
| 23 | #include <stdlib.h> | ||
| 24 | +#include <math.h> | ||
| 25 | #ifdef HAVE_PTHREAD | ||
| 26 | #include <pthread.h> | ||
| 27 | #endif | ||
| 28 | @@ -208,11 +209,13 @@ static void run_jq_tests(jv lib_dirs, int verbose, FILE *testdata, int skip, int | ||
| 29 | printf(" for test at line number %u: %s\n", lineno, prog); | ||
| 30 | pass = 0; | ||
| 31 | } | ||
| 32 | - jv as_string = jv_dump_string(jv_copy(expected), rand() & ~(JV_PRINT_COLOR|JV_PRINT_REFCOUNT)); | ||
| 33 | - jv reparsed = jv_parse_sized(jv_string_value(as_string), jv_string_length_bytes(jv_copy(as_string))); | ||
| 34 | - assert(jv_equal(jv_copy(expected), jv_copy(reparsed))); | ||
| 35 | - jv_free(as_string); | ||
| 36 | - jv_free(reparsed); | ||
| 37 | + if (!(jv_get_kind(expected) == JV_KIND_NUMBER && isnan(jv_number_value(expected)))) { | ||
| 38 | + jv as_string = jv_dump_string(jv_copy(expected), rand() & ~(JV_PRINT_COLOR|JV_PRINT_REFCOUNT)); | ||
| 39 | + jv reparsed = jv_parse_sized(jv_string_value(as_string), jv_string_length_bytes(jv_copy(as_string))); | ||
| 40 | + assert(jv_equal(jv_copy(expected), jv_copy(reparsed))); | ||
| 41 | + jv_free(as_string); | ||
| 42 | + jv_free(reparsed); | ||
| 43 | + } | ||
| 44 | jv_free(expected); | ||
| 45 | jv_free(actual); | ||
| 46 | } | ||
| 47 | -- | ||
| 48 | 2.40.0 | ||
| 49 | |||
diff --git a/meta-oe/recipes-devtools/jq/jq_1.7.1.bb b/meta-oe/recipes-devtools/jq/jq_1.7.1.bb index 9238474319..dfc8dda7ee 100644 --- a/meta-oe/recipes-devtools/jq/jq_1.7.1.bb +++ b/meta-oe/recipes-devtools/jq/jq_1.7.1.bb | |||
| @@ -14,6 +14,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/${BPN}-${PV}/${BPN}-${PV}.tar.gz \ | |||
| 14 | file://CVE-2024-23337.patch \ | 14 | file://CVE-2024-23337.patch \ |
| 15 | file://CVE-2024-53427.patch \ | 15 | file://CVE-2024-53427.patch \ |
| 16 | file://CVE-2025-48060.patch \ | 16 | file://CVE-2025-48060.patch \ |
| 17 | file://CVE-2025-9403.patch \ | ||
| 17 | " | 18 | " |
| 18 | SRC_URI[sha256sum] = "478c9ca129fd2e3443fe27314b455e211e0d8c60bc8ff7df703873deeee580c2" | 19 | SRC_URI[sha256sum] = "478c9ca129fd2e3443fe27314b455e211e0d8c60bc8ff7df703873deeee580c2" |
| 19 | 20 | ||
