2 files changed, 32 insertions, 0 deletions
diff --git a/meta-oe/recipes-devtools/jq/jq/CVE-2026-39979.patch b/meta-oe/recipes-devtools/jq/jq/CVE-2026-39979.patch
new file mode 100644
index 0000000000..40c57a46a0
--- /dev/null
+++ b/meta-oe/recipes-devtools/jq/jq/CVE-2026-39979.patch
@@ -0,0 +1,31 @@
+From ac09f274b6c029a23e3dffc38afac819b5daacc4 Mon Sep 17 00:00:00 2001
+From: itchyny <itchyny@cybozu.co.jp>
+Date: Mon, 13 Apr 2026 11:04:52 +0900
+Subject: [PATCH] Fix out-of-bounds read in jv_parse_sized()
+This fixes CVE-2026-39979.
+Co-authored-by: Mattias Wadman <mattias.wadman@gmail.com>
+CVE: CVE-2026-39979
+Upstream-Status: Backport [https://github.com/jqlang/jq/commit/2f09060afab23fe9390cce7cb860b10416e1bf5f]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/jv_parse.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+diff --git a/src/jv_parse.c b/src/jv_parse.c
+index ffcf51f..e6b8aa9 100644
+--- a/src/jv_parse.c
+++ b/src/jv_parse.c
+@@ -892,8 +892,9 @@ jv jv_parse_sized_custom_flags(const char* string, int length, int flags) {
+ 
+   if (!jv_is_valid(value) && jv_invalid_has_msg(jv_copy(value))) {
+     jv msg = jv_invalid_get_msg(value);
+-    value = jv_invalid_with_msg(jv_string_fmt("%s (while parsing '%s')",
+    value = jv_invalid_with_msg(jv_string_fmt("%s (while parsing '%.*s')",
+                                               jv_string_value(msg),
+                                              length,
+                                               string));
+     jv_free(msg);
+   }
diff --git a/meta-oe/recipes-devtools/jq/jq_1.8.1.bb b/meta-oe/recipes-devtools/jq/jq_1.8.1.bb
index acea1e4b27..026f6bfa71 100644
--- a/meta-oe/recipes-devtools/jq/jq_1.8.1.bb
+++ b/meta-oe/recipes-devtools/jq/jq_1.8.1.bb
@@ -16,6 +16,7 @@ SRC_URI = "git://github.com/jqlang/jq.git;protocol=https;branch=master;tag=jq-${
           file://CVE-2026-32316.patch \
           file://CVE-2026-33947.patch \
           file://CVE-2026-33948.patch \
+           file://CVE-2026-39979.patch \
           "
 inherit autotools ptest

diff --git a/meta-oe/recipes-devtools/jq/jq/CVE-2026-39979.patch b/meta-oe/recipes-devtools/jq/jq/CVE-2026-39979.patch new file mode 100644 index 0000000000..40c57a46a0 --- /dev/null +++ b/meta-oe/recipes-devtools/jq/jq/CVE-2026-39979.patch
@@ -0,0 +1,31 @@
		1	From ac09f274b6c029a23e3dffc38afac819b5daacc4 Mon Sep 17 00:00:00 2001
		2	From: itchyny <itchyny@cybozu.co.jp>
		3	Date: Mon, 13 Apr 2026 11:04:52 +0900
		4	Subject: [PATCH] Fix out-of-bounds read in jv_parse_sized()
		5
		6	This fixes CVE-2026-39979.
		7
		8	Co-authored-by: Mattias Wadman <mattias.wadman@gmail.com>
		9
		10	CVE: CVE-2026-39979
		11	Upstream-Status: Backport [https://github.com/jqlang/jq/commit/2f09060afab23fe9390cce7cb860b10416e1bf5f]
		12	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
		13	---
		14	src/jv_parse.c \| 3 ++-
		15	1 file changed, 2 insertions(+), 1 deletion(-)
		16
		17	diff --git a/src/jv_parse.c b/src/jv_parse.c
		18	index ffcf51f..e6b8aa9 100644
		19	--- a/src/jv_parse.c
		20	+++ b/src/jv_parse.c
		21	@@ -892,8 +892,9 @@ jv jv_parse_sized_custom_flags(const char* string, int length, int flags) {
		22
		23	if (!jv_is_valid(value) && jv_invalid_has_msg(jv_copy(value))) {
		24	jv msg = jv_invalid_get_msg(value);
		25	- value = jv_invalid_with_msg(jv_string_fmt("%s (while parsing '%s')",
		26	+ value = jv_invalid_with_msg(jv_string_fmt("%s (while parsing '%.*s')",
		27	jv_string_value(msg),
		28	+ length,
		29	string));
		30	jv_free(msg);
		31	}


diff --git a/meta-oe/recipes-devtools/jq/jq_1.8.1.bb b/meta-oe/recipes-devtools/jq/jq_1.8.1.bb index acea1e4b27..026f6bfa71 100644 --- a/meta-oe/recipes-devtools/jq/jq_1.8.1.bb +++ b/meta-oe/recipes-devtools/jq/jq_1.8.1.bb
@@ -16,6 +16,7 @@ SRC_URI = "git://github.com/jqlang/jq.git;protocol=https;branch=master;tag=jq-${
16	file://CVE-2026-32316.patch \	16	file://CVE-2026-32316.patch \
17	file://CVE-2026-33947.patch \	17	file://CVE-2026-33947.patch \
18	file://CVE-2026-33948.patch \	18	file://CVE-2026-33948.patch \
		19	file://CVE-2026-39979.patch \
19	"	20	"
20		21
21	inherit autotools ptest	22	inherit autotools ptest