| Message ID | 20250708080158.50374-2-roland.kovacs@est.tech |
|---|---|
| Headers | show
Return-Path: <roland.kovacs@est.tech> X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9A9ACC8303C for <webhook@archiver.kernel.org>; Tue, 8 Jul 2025 08:02:32 +0000 (UTC) Received: from DUZPR83CU001.outbound.protection.outlook.com (DUZPR83CU001.outbound.protection.outlook.com [52.101.66.27]) by mx.groups.io with SMTP id smtpd.web10.13548.1751961744772485880 for <openembedded-devel@lists.openembedded.org>; Tue, 08 Jul 2025 01:02:25 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: body hash did not verify" header.i=@est.tech header.s=selector1 header.b=Iw0NzFKI; spf=pass (domain: est.tech, ip: 52.101.66.27, mailfrom: roland.kovacs@est.tech) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=knJ1o6Y5mSem5is9zEpqLOg0BhGQDwkE2PCdkxIqEiDPu4S0mZD/c3bQEhCkknfuXxsMxNoBIG6IM6LcWc1Xlz3iways3sMXsxmavnvH6oYY9VZTMjOQsfZ0vqxoYPmeA27eaHNGD2CTkqWR2cyYIfikk6BscguwKVYKbEA6D4NP0vIez+TNgQp4DM5jSZ6jIJivWVYfNMgGQNdscrdwirQ1gxHSz22H0d6m5GN6IVZbCLytZUoPMPQ8BBblJ8Z0nX91x7RUzefWOXpszbykIXJWC+jq4h4BU8Ak8ZWvdztA8mGHAfYwgj75ceC0Ab5Hm6DIYXT0RKH/pcYKpWm6lA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ISk13G/AcLidlMHQxkF567ANmR/AeNlyNybvURwFzv8=; b=feOQDUWAL0y5YqkctVj5Vgt160wz2Y/y0W3NuwbG8cm4t44VnYknr18zy+t7wDR0skuZBOT6L4NTqo5D1neXTKY7bBpRwFxPbl06mRppOHLBqqrK63T1/IrdejyPnVdpw3nH9bRGcr+O8Uwmy6kONcxxOwIdVT1rpA59iMu2ku3r8rz1QXZbu99BWwkPKWr9vUinsU0+7K0DoouiTlnNoJkK3H+zbxRiAMGyDOaSaP+3l9+V3GGAe3F1DDSMhEmdjiN3DSVKrtTBFIm5qYDDHzxG8SunH9BfruUjoTqJNPV26S0E0mSnSPd3817nEXPdWHJ0Y3Cpo8JvsK7f7/cdoQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=est.tech; dmarc=pass action=none header.from=est.tech; dkim=pass header.d=est.tech; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=est.tech; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ISk13G/AcLidlMHQxkF567ANmR/AeNlyNybvURwFzv8=; b=Iw0NzFKI4lYA16nkdfdSpF8JTR9RPoys+vC8XkQfZzumQLETQN7JezRNbI2GxLLhB4BukYaZLBiUvcgZDE3at8lnVHGMZ7dYwhNN46ZrfAXicGKJeL5WetQ2s5vIi6zTF/GTE349Whpgon/ZFXIF1hpirg1WBVF80PcMMdiYtU2d9gYcr2z0AYkHdPoUCl0CIZRx5P9wGfxYZTZbYxZiJcb+gv5NMi5abIh0Qn5Zkt55CZmoLml61bCAB2KfwUEFXFB2U32oL2meDjuIxJwEoMSfedj6c2QvkN0yYLRsKpOW1M27bL4BdsqRZRrcq+L3m0jvkxLfJOMMFCvKRUI6rQ== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=est.tech; Received: from AM7P189MB0725.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:111::20) by GV1P189MB2884.EURP189.PROD.OUTLOOK.COM (2603:10a6:150:260::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8901.25; Tue, 8 Jul 2025 08:02:21 +0000 Received: from AM7P189MB0725.EURP189.PROD.OUTLOOK.COM ([fe80::5f39:2db5:a647:ac07]) by AM7P189MB0725.EURP189.PROD.OUTLOOK.COM ([fe80::5f39:2db5:a647:ac07%6]) with mapi id 15.20.8901.024; Tue, 8 Jul 2025 08:02:21 +0000 From: roland.kovacs@est.tech To: openembedded-devel@lists.openembedded.org CC: Roland Kovacs <roland.kovacs@est.tech> Subject: [meta-oe][scarthgap][PATCH v2 0/1] jq-1.7.1: Backport multiple CVE fixes Date: Tue, 8 Jul 2025 10:01:58 +0200 Message-ID: <20250708080158.50374-2-roland.kovacs@est.tech> X-Mailer: git-send-email 2.50.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain X-ClientProxiedBy: DU2P250CA0014.EURP250.PROD.OUTLOOK.COM (2603:10a6:10:231::19) To AM7P189MB0725.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:111::20) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM7P189MB0725:EE_|GV1P189MB2884:EE_ X-MS-Office365-Filtering-Correlation-Id: ecc2dada-c90d-41e2-5c5d-08ddbdf5c44c X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|1800799024|376014; X-Microsoft-Antispam-Message-Info: 7oBnBHwJWgvw7GVc30OwxaGzkeQ709Ku+J2pf4ku3kVcTcRB5GT+kEkNCerX09nakUBkHkaVMbHETlPjxK00ETVHIncmpBzaNZ7b80sjTB4BLPmr7VJR6wSiIydvPwymhUw6UyWecLhBKhowKMxsiOHVicCY4hPvLYK4cACVUHIcD6Z6Pcx+1YuZj6fyM7ctICNfJ3oPqULpKfKfrRjAJ/u3DscDov6OTy4e8bXNAFAVZIuiTP6F7bS+5MNMKQWYZQGB+Y7QKFD0Q0A7qXlWlIxKqhh0fwJkcdCNqe8tZ9bYsv7fe0dTqv7gT7h9MtMPtxkfb++SrWLnUXepd2K3xPnqTiqoheR5w+inHU43DLNoaRIZft9Ovc1xNZJIiPhxQGS+cWAgan2K2rxtWNjsVQnS8n30sT7C4hNVEmwHyxErIWX/PGFXWSUN+lWArE57x4l8iy5LRLwWyi09L6dRDJFppza1/yNscCkMvOpMX740RgpVm7UtoX8Htg0xUrT8m6L44/d2WA1vpyioRtB+jOe5DXJNGWHYByegeJYnqLSM0fjMlOckEPULob4S0ho6j8/m9ALW7pLWg4BXy+HzCFw3oWoNIFKzeYUzdsog1dJqn2hOa2Gb6RUqksle23+/oyxEQayl/CH7e/ikjkzvqo49J+K7hjrw4Ieyu95zb6XwG2ie4wLQEkVPHToDMirMgodXWdyL+Mn3c8PTxlIy3ZzLdU5PQAW85GbSMmQvbprsEupe3m2EOs5ZyI9zg7HcGkKE8j5xVtYzcmFh+xY6Dwh7OBl6uxObIl5OwDOy7PD1zuv7oz+1tfZbclvcjArLO7g9TjXwMK7ZXeqTZeqxYHd5Suc8kGPIt9Z9UupRgpVant9L3QhM3nPrODDUQPjJ+KShJ82WbOvD9lAlHPjEfqngSyWwf3cXpfmai5yMyiBAthhdFnQ8sUKosCIBB2TX+6jnkWVRJqri/K2CBHI7BOp0Ulc9xoA7VJqstwx17ZTRdxAvOQxJRyOlhgITNYck7GATG1q2oqmMZtIAICZQOPpakj7t0Yqxu6GgEhEyfx/OMJ3NeENz59EKzzgyUN2i94ePJC8RUzOt776aa+zEmLJcvHlRGSHrTDSc0Wy0VL7T7YkMfhHVwTODNuRQmXVzUtvtWoQ+5f+Yfu3trqGzExEl+s3PTf33vgeHESl6uyVnUUi6TGR9R4GXwQQNwhhtwINELO7dsvlfuIgJg901RdH54dWIf+1GECqjh94oH/L0uDe1ORDOBVacWPe/8zUSfJO0e++tmRfsgx2tZMNjUYLoF092I/JrPf4/6RepQ24/3NTlJyVm3vRS/7N0nefoDtTFgdOmgc/F48BWQuAOoghItQ+LH9V78922u6ekoZTV4lEazVnbQZJUYqdvBXRqQak7XHA+e6by9cw+fLeX48ZqlV4WpzGKZUkZehWSRkE= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7P189MB0725.EURP189.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(376014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 23wyylwntO5iKFaezSUAGEJDpHIyAL8NYPn2kGTPrYexXBQcSx+VAuAEvicnLTZVSwr9Y66/dgEvIVhSpUvqRbnBhqQu/0kA2TV0wNtvG+o/U8dbUOJ+2ewUcloDYhfXwaqdY8mmw/53EQBzue7Akrpu5gDl4on4qOXxabnP+bPmsPd1yWGHXCiaKtu3YkDlKcQzv6XoqKVbKhc49yfIMeeIP6flyqF1yY7UjM60t0v6mrCwRdSRgEejyxXzQuIVV506sZwUWJO2P3V4lbEeu7WqNsXG+Wr5iJ6hva0BMR1eS/26vKrwRjFT7tmH/n6bH77Hbeab6Gct0cv7HK4XhsDyljdrTZ4j526O5zvNKVaamfvENLws0W5qeiKSGZLyjcTfUlX1LCLg4YYead4rlX447GPAv+KtwLcfqRaJWrpXlsDuY8Vz8Kw5pT49CpizZxV2aA6muW9oYQLCp1ahTgu5pijlysdvz/pgaI/tDqXmo625MC49mkz6MHbiy6NYXXDhUFE4DOlw5NrMXKL9e1okmb9P7MQfjBUEsnBIdbb3Ne88gxNQSXgAPumgj23povZMziQuSQFku8ZVDEzRaBWxF99fr3nqEzbOxc4tq8oiDfLzSJZI7A8sTyn2ym0rAfG6d87IQRz0oof0yKGR7kGkZQzR2NW4LBWErpewQ+NHKJg7PrjUS+moqeag5UC8PfGW8gdEEz+AMZ60g8VBq12cZObJ+OieykgndlWqAuRMs8lRIDjESge8A9ajDQ9DGNhoc69VsKzioiRVmnbAjcfP599FhMz2mtdpBdhmPI9CI1UTuRDNSBLqRAqMtNg2PX2z1xqYPyj3NEXlb/GcCVpXVh60Du9vlrUzKTgfaXl+6SJ+EjYe5jqlqMq7jBGM1E8EV0Gs779VL8Xen3RCBU9XZj06liTcLJQGwTNK3Bi6HFrIvvvMnITM9wFzkBjnur+9Z2HoWjgNflQnR1DOLp1lpju1et+QLsfr/27uHerhTzMerd4w8TWc0TN1m2wQuszE9kO+IxxwZv2rThnhmfV2pVTT14xNq+6EjPy1lO/qcOsZ/nz5ie/4BzFgdMEViv/SMZZBzF0Qo9qW2THuh+6eC/colyURNJ6XBbYrUj2pKoyzaoxsU64gnKUKmadmuTSF2lxw9HJmICxzf5IQlLHTP0eDAF8WHJdPafAoHLc7E4CzycSkuAnnddJglWlyHj0pWo/NO7A/eUYRCT2WoBn2ugydwivdfgf/gs6s3RkKvLS4Vi0ZBiQWESAq4rQ9jfOO+ka+umiBeKPjqPZ54hPZVPrSEpIDCfCQgV/kqvt9ZxhxbPUTL3QVqyD7uvEdF/0mf3oYXpm2CqByWR+snQFuAgL7IrFyou7ecFGdyvbpQwBvKODZSVrc5T/PsNIzAsLT7B1OPtLs5b3O6vXOX8ebLsfCDe4MrVCsmkIIeywJ0BOtBEh6E06tx81hjZtUa7Q9NGsKu/50hDIOfY8xNuuqG2ZEagfX8OrCUpheOZlPIPHchWaSsdCpcW6vffz+lAbpKpGRl6tlL7CruafO767ePZibDH6gwS4EEwFzjNmPCW23WzMGsZNGiFMNQ7LY X-OriginatorOrg: est.tech X-MS-Exchange-CrossTenant-Network-Message-Id: ecc2dada-c90d-41e2-5c5d-08ddbdf5c44c X-MS-Exchange-CrossTenant-AuthSource: AM7P189MB0725.EURP189.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jul 2025 08:02:21.5242 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d2585e63-66b9-44b6-a76e-4f4b217d97fd X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: aTbjswB/hqLdjAfrQ9+oXUEnK9UfAK4Bb7K8wVSDiIu8ldunq0PEoadjkVPT/psZuWBNraUkZ5X+1sTEfvdnzA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV1P189MB2884 List-Id: <openembedded-devel.lists.openembedded.org> X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for <openembedded-devel@lists.openembedded.org>; Tue, 08 Jul 2025 08:02:32 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/118301 |
| Series |
jq-1.7.1: Backport multiple CVE fixes
|
expand
|
From: Roland Kovacs <roland.kovacs@est.tech> I forgot to run patchtest before sending v1, so this version includes the missing 'Upstream-Status' and 'CVE' fields in the added patch files. Roland Kovacs (1): jq-1.7.1: Backport multiple CVE fixes .../jq/jq/CVE-2024-23337.patch | 236 ++++++++++++++++++ .../jq/jq/CVE-2024-53427.patch | 82 ++++++ .../jq/jq/CVE-2025-48060.patch | 48 ++++ meta-oe/recipes-devtools/jq/jq_1.7.1.bb | 3 + 4 files changed, 369 insertions(+) create mode 100644 meta-oe/recipes-devtools/jq/jq/CVE-2024-23337.patch create mode 100644 meta-oe/recipes-devtools/jq/jq/CVE-2024-53427.patch create mode 100644 meta-oe/recipes-devtools/jq/jq/CVE-2025-48060.patch