27 Commits

Author SHA1 Message Date
Anton Skorup e4aae1b880 jq: patch CVE-2026-47770
This patch adds the upstream fix for CVE-2026-47770.

CVE details: https://ubuntu.com/security/CVE-2026-47770

Signed-off-by: Anton Skorup <antonsk@axis.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-06-07 18:21:31 -07:00
Gyorgy Sarvari 2b1e34f0f5 jq: patch CVE-2026-39979
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-39979

Backport the patch that is referenced by the NVD advisory.y

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-20 07:35:33 -07:00
Gyorgy Sarvari 8d399af333 jq: patch CVE-2026-33948
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-33948

Backport the patch that is referenced by the NVD advisory.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-20 07:35:33 -07:00
Gyorgy Sarvari 525e18ce21 jq: patch CVE-2026-33947
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-33947

Backport the patch that is referenced by the NVD report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-20 07:35:33 -07:00
Gyorgy Sarvari e94ab85126 jq: patch CVE-2026-32316
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-32316

Backport the patch that is referenced by the NVD advisory.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-20 07:35:33 -07:00
Peter Kjellerstedt ed33569f82 jq: Use Git to fetch the code
There is a bug (see https://github.com/jqlang/jq/issues/434), which
results in an empty version being used if autoreconf is run on the jq
sources when using a release tar ball. The incorrect assumption is that
autoreconf is only used when fetching the code using Git.

The empty version results in an incorrect libjq.pc file being created
where the version is not set, which results in, e.g.,
`pkgconf --libs 'libjq > 1.6'` failing even if version 1.8.1 of jq is
actually installed.

Switch to fetching the code using Git to workaround the bug.

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-10 07:59:52 -07:00
Wang Mingyu 95bec3d58a jq: upgrade 1.8.0 -> 1.8.1
License-Update: Add LICENSE notice of NetBSD's strptime() to COPYING

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2025-07-09 09:16:09 -07:00
Khem Raj b7e233f84a jq: Add tzdata to ptest rdeps
This is needed for some ptests to pass

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2025-07-02 23:27:07 -07:00
Vijay Anusuri 547f2a0939 jq: upgrade 1.7.1 -> 1.8.0
Changelog:
==========
https://github.com/jqlang/jq/releases/tag/jq-1.8.0

Security fixes

* CVE-2024-23337: Fix signed integer overflow in jvp_array_write and jvp_object_rehash. @itchyny de21386
     The fix for this issue now limits the maximum size of arrays and objects to 536870912 (2^29) elements.
* CVE-2024-53427: Reject NaN with payload while parsing JSON. @itchyny a09a4df
     The fix for this issue now drops support for NaN with payload in JSON (like NaN123).
     Other JSON extensions like NaN and Infinity are still supported.
* CVE-2025-48060: Fix heap buffer overflow in jv_string_vfmt. @itchyny c6e0416
* Fix use of uninitialized value in check_literal. @itchyny #3324
* Fix segmentation fault on strftime/1, strflocaltime/1. @itchyny #3271
* Fix unhandled overflow in @base64d. @emanuele6 #3080

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2025-06-03 22:01:47 -07:00
Khem Raj f15ce0904f jq: Stick to C17 until next release
Patches are sprinkled in master branch of jq but the backports
regresses tests, so its better to keep it at C17 for now.

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Martin Jansa <martin.jansa@gmail.com>
2025-03-27 17:05:45 -07:00
Khem Raj 49761e984a Revert "jq: fix build with gcc-15"
This reverts commit ec9a5598e4.
2025-03-27 17:05:45 -07:00
Martin Jansa ec9a5598e4 jq: fix build with gcc-15
* backport 3 commits to fix:
  http://errors.yoctoproject.org/Errors/Details/848831/

../jq-1.7.1/src/builtin.c:1705:4: error: initialization of 'jv (*)(void)' from incompatible pointer type 'jv (*)(jq_state *, jv)' [-Wincompatible-pointer-types]
 1705 |   {f_ ## name,  #name, 1},
      |    ^~

Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2025-03-25 18:30:53 -07:00
Wang Mingyu bef4681e41 jq: upgrade 1.7 -> 1.7.1
Changelog:
==========
- CVE-2023-50246: Fix heap buffer overflow in jvp\_literal\_number\_literal
- CVE-2023-50268: fix stack-buffer-overflow if comparing nan with payload

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-12-29 09:04:17 -08:00
Alex Kiernan 3f378f7924 jq: Upgrade 1.6+git -> 1.7
Move to new upstream, drop use of autotools-brokensep as the build now
works without it, drop local patches which have been merged, fix
buildpaths leakage.

License-Update: Fix misspellings [https://github.com/jqlang/jq/commit/5cebe86a7b90e5718077c5e1d5c2165939d3f3cb]
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-09-28 21:44:26 -07:00
Martin Jansa be8c765c7c *.patch: add Upstream-Status to all patches
There is new patch-status QA check in oe-core:
https://git.openembedded.org/openembedded-core/commit/?id=76a685bfcf927593eac67157762a53259089ea8a

This is temporary work around just to hide _many_ warnings from
optional patch-status (if you add it to WARN_QA).

This just added
Upstream-Status: Pending
everywhere without actually investigating what's the proper status.

This is just to hide current QA warnings and to catch new .patch files being
added without Upstream-Status, but the number of Pending patches is now terrible:

5 (26%) 	meta-xfce
6 (50%) 	meta-perl
15 (42%)        meta-webserver
21 (36%)        meta-gnome
25 (57%)        meta-filesystems
26 (43%)        meta-initramfs
45 (45%)        meta-python
47 (55%)        meta-multimedia
312 (63%)       meta-networking
756 (61%)       meta-oe

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-06-21 09:15:20 -07:00
Zheng Qiu 3eaf01fcd4 jq: improve ptest and disable valgrind by default
Improve ptest result formatting.
In run-ptest, setting a flag to disable valgrind image unless
enabled by "valgrind" PACKAGECONFIG.
Requested jq for seprating make check, so in the future
it can be changed to utilize Makefile and reduce redudancy.

Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com>
Signed-off-by: Randy MacLeod <randy.macleod@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-10-18 15:06:37 -07:00
Zheng Qiu caca326d97 jq: add ptest
Add run-ptest to run the 7 tests provided by jq.

In do_install_ptest, add a soft link to jq in the ptest directory to avoid
having to patch the jq setup script.

While the jq tests can use valgrind, it is out of scope for integration
testing.

Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com>
Signed-off-by: Randy MacLeod <randy.macleod@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-09-17 01:09:18 -07:00
Khem Raj c803bce22b jq: Upgrade to latest and fix configure tests
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-09-07 16:44:53 -07:00
Joerg Vehlow 1aa9d7d53d jq: Fix typo OE_EXTRACONF -> EXTRA_OECONF
Signed-off-by: Joerg Vehlow <joerg.vehlow@aox.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-05-12 09:16:11 -07:00
William A. Kennington III 0d8dee9172 jq: upgrade 1.6 -> 2021-10-24 git
JQ has gone through more than 3 years of code changes and has had
significant performance improvements since the last release. The team is
still figuring out a new release process. Use the latest git commit to
pull in these changes.

Signed-off-by: William A. Kennington III <wak@google.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-01-19 09:28:51 -08:00
Pierre-Jean Texier c4fa664720 jq: fix upstream version check
Fixes:

INFO: Skip package jq (status = UNKNOWN_BROKEN, current version = 1.6, next version = N/A)

After this commit:

INFO: Skip package jq (status = MATCH, current version = 1.6, next version = 1.6)

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
2020-03-05 07:11:50 -08:00
Alex Kiernan 9ada8b1306 jq: update to 1.6
Drop backported patch as it's present in 1.6. Switch to autotools-brokensep
to avoid

| sed -e 's/\\/\\\\/g' -e 's/"/\\"/g' -e 's/^/"/' -e 's/$/\\n"/' ../jq-1.6/src/builtin.jq > src/builtin.inc
| /bin/sh: src/builtin.inc: No such file or directory

License-Update: whitespace changes
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-01-30 13:34:49 -08:00
Andre McCurdy 8b68ed985b jq: add support for jq-native + misc minor fixes
- Add PACKAGECONFIG options for docs, maintainer-mode and oniguruma

Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2016-10-05 18:21:13 +02:00
Martin Jansa 4158dd4994 jq: add dependency on onig
* configure doesn't have config option ot disable it and it's autodetected from sysroot
  causing:
  WARN: jq: jq rdepends on onig, but it isn't a build dependency?

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2016-03-25 11:27:30 +01:00
Derek Straka 19a3f18e1e jq: upgrade to 1.5
update source url and checksums
license checksum update since trailing whitespace removed upstream
disable-maintainer-mode to avoid bison > 3.0 dependency

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2016-01-27 12:43:56 +01:00
Matthieu CRAPET 31577e783a jq: upgrade to 1.4
Signed-off-by: Matthieu Crapet <Matthieu.Crapet@ingenico.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2014-08-01 14:23:46 +02:00
Matthieu CRAPET 6f0a4b9471 jq: add new recipe for version 1.3
jq is like sed but for JSON data. It's a very useful tool with no dependency.

Signed-off-by: Matthieu Crapet <Matthieu.Crapet@ingenico.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2014-05-15 12:30:20 +02:00