diff options
| author | Roland Kovacs <roland.kovacs@est.tech> | 2025-08-02 23:55:36 +0200 |
|---|---|---|
| committer | Anuj Mittal <anuj.mittal@intel.com> | 2025-09-12 08:15:10 +0800 |
| commit | e099b1462db0289d04ff2d89b55519faee0403b5 (patch) | |
| tree | a5f759fd3a555129ee7a365478be7a125086b7ef /meta-oe/recipes-devtools | |
| parent | 3fbbd2c0804a7a7f0478f46dabea35e55a48707e (diff) | |
| download | meta-openembedded-e099b1462db0289d04ff2d89b55519faee0403b5.tar.gz | |
jq: add Upstream-Status and CVE tags into .patch files
v1 version was merged instead of v2 from:
https://lists.openembedded.org/g/openembedded-devel/message/118302
add missing Upstream-Status and CVE tags from v2.
Signed-off-by: Roland Kovacs <roland.kovacs@est.tech>
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Diffstat (limited to 'meta-oe/recipes-devtools')
| -rw-r--r-- | meta-oe/recipes-devtools/jq/jq/CVE-2024-23337.patch | 3 | ||||
| -rw-r--r-- | meta-oe/recipes-devtools/jq/jq/CVE-2024-53427.patch | 3 | ||||
| -rw-r--r-- | meta-oe/recipes-devtools/jq/jq/CVE-2025-48060.patch | 3 |
3 files changed, 9 insertions, 0 deletions
diff --git a/meta-oe/recipes-devtools/jq/jq/CVE-2024-23337.patch b/meta-oe/recipes-devtools/jq/jq/CVE-2024-23337.patch index 93f55eecd0..8b8243b752 100644 --- a/meta-oe/recipes-devtools/jq/jq/CVE-2024-23337.patch +++ b/meta-oe/recipes-devtools/jq/jq/CVE-2024-23337.patch | |||
| @@ -8,6 +8,9 @@ This commit fixes signed integer overflow and SEGV issues on growing | |||
| 8 | arrays and objects. The size of arrays and objects is now limited to | 8 | arrays and objects. The size of arrays and objects is now limited to |
| 9 | `536870912` (`0x20000000`). This fixes CVE-2024-23337 and fixes #3262. | 9 | `536870912` (`0x20000000`). This fixes CVE-2024-23337 and fixes #3262. |
| 10 | 10 | ||
| 11 | Upstream-Status: Backport [https://github.com/jqlang/jq.git/commit/de21386681c0df0104a99d9d09db23a9b2a78b1e] | ||
| 12 | CVE: CVE-2024-23337 | ||
| 13 | |||
| 11 | (cherry picked from commit de21386681c0df0104a99d9d09db23a9b2a78b1e) | 14 | (cherry picked from commit de21386681c0df0104a99d9d09db23a9b2a78b1e) |
| 12 | Signed-off-by: Roland Kovacs <roland.kovacs@est.tech> | 15 | Signed-off-by: Roland Kovacs <roland.kovacs@est.tech> |
| 13 | --- | 16 | --- |
diff --git a/meta-oe/recipes-devtools/jq/jq/CVE-2024-53427.patch b/meta-oe/recipes-devtools/jq/jq/CVE-2024-53427.patch index 3e27a13036..64a44a1307 100644 --- a/meta-oe/recipes-devtools/jq/jq/CVE-2024-53427.patch +++ b/meta-oe/recipes-devtools/jq/jq/CVE-2024-53427.patch | |||
| @@ -7,6 +7,9 @@ This commit drops support for parsing NaN with payload in JSON like | |||
| 7 | `NaN123` and fixes CVE-2024-53427. Other JSON extensions like `NaN` and | 7 | `NaN123` and fixes CVE-2024-53427. Other JSON extensions like `NaN` and |
| 8 | `Infinity` are still supported. Fixes #3023, fixes #3196, fixes #3246. | 8 | `Infinity` are still supported. Fixes #3023, fixes #3196, fixes #3246. |
| 9 | 9 | ||
| 10 | Upstream-Status: Backport [https://github.com/jqlang/jq.git/commit/a09a4dfd55e6c24d04b35062ccfe4509748b1dd3] | ||
| 11 | CVE: CVE-2024-53427 | ||
| 12 | |||
| 10 | (cherry picked from commit a09a4dfd55e6c24d04b35062ccfe4509748b1dd3) | 13 | (cherry picked from commit a09a4dfd55e6c24d04b35062ccfe4509748b1dd3) |
| 11 | Signed-off-by: Roland Kovacs <roland.kovacs@est.tech> | 14 | Signed-off-by: Roland Kovacs <roland.kovacs@est.tech> |
| 12 | --- | 15 | --- |
diff --git a/meta-oe/recipes-devtools/jq/jq/CVE-2025-48060.patch b/meta-oe/recipes-devtools/jq/jq/CVE-2025-48060.patch index 237a50413f..c3dfd8ce21 100644 --- a/meta-oe/recipes-devtools/jq/jq/CVE-2025-48060.patch +++ b/meta-oe/recipes-devtools/jq/jq/CVE-2025-48060.patch | |||
| @@ -9,6 +9,9 @@ GHSA-p7rr-28xf-3m5w (`0[""*0]`) was fixed by the commit dc849e9bb74a, | |||
| 9 | but another case (`0[[]|implode]`) was still vulnerable. This commit | 9 | but another case (`0[[]|implode]`) was still vulnerable. This commit |
| 10 | ensures string data is properly null-terminated, and fixes CVE-2025-48060. | 10 | ensures string data is properly null-terminated, and fixes CVE-2025-48060. |
| 11 | 11 | ||
| 12 | Upstream-Status: Backport [https://github.com/jqlang/jq.git/commit/c6e041699d8cd31b97375a2596217aff2cfca85b] | ||
| 13 | CVE: CVE-2025-48060 | ||
| 14 | |||
| 12 | (cherry picked from commit c6e041699d8cd31b97375a2596217aff2cfca85b) | 15 | (cherry picked from commit c6e041699d8cd31b97375a2596217aff2cfca85b) |
| 13 | Signed-off-by: Roland Kovacs <roland.kovacs@est.tech> | 16 | Signed-off-by: Roland Kovacs <roland.kovacs@est.tech> |
| 14 | --- | 17 | --- |
