From 547f2a0939cb0335592fefaa5ad52f8514d68cd4 Mon Sep 17 00:00:00 2001 From: Vijay Anusuri Date: Wed, 4 Jun 2025 09:10:53 +0530 Subject: [PATCH] jq: upgrade 1.7.1 -> 1.8.0 Changelog: ========== https://github.com/jqlang/jq/releases/tag/jq-1.8.0 Security fixes * CVE-2024-23337: Fix signed integer overflow in jvp_array_write and jvp_object_rehash. @itchyny de21386 The fix for this issue now limits the maximum size of arrays and objects to 536870912 (2^29) elements. * CVE-2024-53427: Reject NaN with payload while parsing JSON. @itchyny a09a4df The fix for this issue now drops support for NaN with payload in JSON (like NaN123). Other JSON extensions like NaN and Infinity are still supported. * CVE-2025-48060: Fix heap buffer overflow in jv_string_vfmt. @itchyny c6e0416 * Fix use of uninitialized value in check_literal. @itchyny #3324 * Fix segmentation fault on strftime/1, strflocaltime/1. @itchyny #3271 * Fix unhandled overflow in @base64d. @emanuele6 #3080 Signed-off-by: Vijay Anusuri Signed-off-by: Khem Raj --- meta-oe/recipes-devtools/jq/{jq_1.7.1.bb => jq_1.8.0.bb} | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) rename meta-oe/recipes-devtools/jq/{jq_1.7.1.bb => jq_1.8.0.bb} (87%) diff --git a/meta-oe/recipes-devtools/jq/jq_1.7.1.bb b/meta-oe/recipes-devtools/jq/jq_1.8.0.bb similarity index 87% rename from meta-oe/recipes-devtools/jq/jq_1.7.1.bb rename to meta-oe/recipes-devtools/jq/jq_1.8.0.bb index a6a1d6a07a..af35324b5f 100644 --- a/meta-oe/recipes-devtools/jq/jq_1.7.1.bb +++ b/meta-oe/recipes-devtools/jq/jq_1.8.0.bb @@ -6,13 +6,13 @@ HOMEPAGE = "https://jqlang.github.io/jq/" BUGTRACKER = "https://github.com/jqlang/jq/issues" SECTION = "utils" LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://COPYING;md5=488f4e0b04c0456337fb70d1ac1758ba" +LIC_FILES_CHKSUM = "file://COPYING;md5=08ffb5ac7e7e6bfc66968b89f01f512a" GITHUB_BASE_URI = "https://github.com/jqlang/${BPN}/releases/" SRC_URI = "${GITHUB_BASE_URI}/download/${BPN}-${PV}/${BPN}-${PV}.tar.gz \ file://run-ptest \ " -SRC_URI[sha256sum] = "478c9ca129fd2e3443fe27314b455e211e0d8c60bc8ff7df703873deeee580c2" +SRC_URI[sha256sum] = "91811577f91d9a6195ff50c2bffec9b72c8429dc05ec3ea022fd95c06d2b319c" inherit autotools github-releases ptest @@ -26,9 +26,6 @@ PACKAGECONFIG[oniguruma] = "--with-oniguruma,--without-oniguruma,onig" # enable if you want ptest running under valgrind PACKAGECONFIG[valgrind] = "--enable-valgrind,--disable-valgrind,valgrind" -# Gets going with gcc-15 but See if it can be removed with next upgrade -CFLAGS += "-std=gnu17" - do_configure:append() { sed -i -e "/^ac_cs_config=/ s:${WORKDIR}::g" ${B}/config.status }