summaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-devtools
diff options
context:
space:
mode:
authorRoland Kovacs <roland.kovacs@est.tech>2025-08-02 23:55:36 +0200
committerAnuj Mittal <anuj.mittal@intel.com>2025-09-12 08:15:10 +0800
commite099b1462db0289d04ff2d89b55519faee0403b5 (patch)
treea5f759fd3a555129ee7a365478be7a125086b7ef /meta-oe/recipes-devtools
parent3fbbd2c0804a7a7f0478f46dabea35e55a48707e (diff)
downloadmeta-openembedded-e099b1462db0289d04ff2d89b55519faee0403b5.tar.gz
jq: add Upstream-Status and CVE tags into .patch files
v1 version was merged instead of v2 from: https://lists.openembedded.org/g/openembedded-devel/message/118302 add missing Upstream-Status and CVE tags from v2. Signed-off-by: Roland Kovacs <roland.kovacs@est.tech> Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Diffstat (limited to 'meta-oe/recipes-devtools')
-rw-r--r--meta-oe/recipes-devtools/jq/jq/CVE-2024-23337.patch3
-rw-r--r--meta-oe/recipes-devtools/jq/jq/CVE-2024-53427.patch3
-rw-r--r--meta-oe/recipes-devtools/jq/jq/CVE-2025-48060.patch3
3 files changed, 9 insertions, 0 deletions
diff --git a/meta-oe/recipes-devtools/jq/jq/CVE-2024-23337.patch b/meta-oe/recipes-devtools/jq/jq/CVE-2024-23337.patch
index 93f55eecd0..8b8243b752 100644
--- a/meta-oe/recipes-devtools/jq/jq/CVE-2024-23337.patch
+++ b/meta-oe/recipes-devtools/jq/jq/CVE-2024-23337.patch
@@ -8,6 +8,9 @@ This commit fixes signed integer overflow and SEGV issues on growing
8arrays and objects. The size of arrays and objects is now limited to 8arrays and objects. The size of arrays and objects is now limited to
9`536870912` (`0x20000000`). This fixes CVE-2024-23337 and fixes #3262. 9`536870912` (`0x20000000`). This fixes CVE-2024-23337 and fixes #3262.
10 10
11Upstream-Status: Backport [https://github.com/jqlang/jq.git/commit/de21386681c0df0104a99d9d09db23a9b2a78b1e]
12CVE: CVE-2024-23337
13
11(cherry picked from commit de21386681c0df0104a99d9d09db23a9b2a78b1e) 14(cherry picked from commit de21386681c0df0104a99d9d09db23a9b2a78b1e)
12Signed-off-by: Roland Kovacs <roland.kovacs@est.tech> 15Signed-off-by: Roland Kovacs <roland.kovacs@est.tech>
13--- 16---
diff --git a/meta-oe/recipes-devtools/jq/jq/CVE-2024-53427.patch b/meta-oe/recipes-devtools/jq/jq/CVE-2024-53427.patch
index 3e27a13036..64a44a1307 100644
--- a/meta-oe/recipes-devtools/jq/jq/CVE-2024-53427.patch
+++ b/meta-oe/recipes-devtools/jq/jq/CVE-2024-53427.patch
@@ -7,6 +7,9 @@ This commit drops support for parsing NaN with payload in JSON like
7`NaN123` and fixes CVE-2024-53427. Other JSON extensions like `NaN` and 7`NaN123` and fixes CVE-2024-53427. Other JSON extensions like `NaN` and
8`Infinity` are still supported. Fixes #3023, fixes #3196, fixes #3246. 8`Infinity` are still supported. Fixes #3023, fixes #3196, fixes #3246.
9 9
10Upstream-Status: Backport [https://github.com/jqlang/jq.git/commit/a09a4dfd55e6c24d04b35062ccfe4509748b1dd3]
11CVE: CVE-2024-53427
12
10(cherry picked from commit a09a4dfd55e6c24d04b35062ccfe4509748b1dd3) 13(cherry picked from commit a09a4dfd55e6c24d04b35062ccfe4509748b1dd3)
11Signed-off-by: Roland Kovacs <roland.kovacs@est.tech> 14Signed-off-by: Roland Kovacs <roland.kovacs@est.tech>
12--- 15---
diff --git a/meta-oe/recipes-devtools/jq/jq/CVE-2025-48060.patch b/meta-oe/recipes-devtools/jq/jq/CVE-2025-48060.patch
index 237a50413f..c3dfd8ce21 100644
--- a/meta-oe/recipes-devtools/jq/jq/CVE-2025-48060.patch
+++ b/meta-oe/recipes-devtools/jq/jq/CVE-2025-48060.patch
@@ -9,6 +9,9 @@ GHSA-p7rr-28xf-3m5w (`0[""*0]`) was fixed by the commit dc849e9bb74a,
9but another case (`0[[]|implode]`) was still vulnerable. This commit 9but another case (`0[[]|implode]`) was still vulnerable. This commit
10ensures string data is properly null-terminated, and fixes CVE-2025-48060. 10ensures string data is properly null-terminated, and fixes CVE-2025-48060.
11 11
12Upstream-Status: Backport [https://github.com/jqlang/jq.git/commit/c6e041699d8cd31b97375a2596217aff2cfca85b]
13CVE: CVE-2025-48060
14
12(cherry picked from commit c6e041699d8cd31b97375a2596217aff2cfca85b) 15(cherry picked from commit c6e041699d8cd31b97375a2596217aff2cfca85b)
13Signed-off-by: Roland Kovacs <roland.kovacs@est.tech> 16Signed-off-by: Roland Kovacs <roland.kovacs@est.tech>
14--- 17---