[Buildroot] [git commit branch/2025.05.x] package/jq: security bump to version 1.8.1

Thomas Perale thomas.perale at mind.be
Fri Sep 5 15:23:16 UTC 2025 

commit: https://git.buildroot.net/buildroot/commit/?id=66edaaa893439916cc5dbdb2be3e7f009ee193c0
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2025.05.x

Changelog:
https://github.com/jqlang/jq/releases/tag/jq-1.8.1

COPYING:
Add LICENSE notice of NetBSD's strptime() to COPYING
https://github.com/jqlang/jq/commit/78045d8aa9d155ec0f82ab102aa752300c2349f1

Fixes the following security issues:

- CVE-2025-49014: Fix heap use after free in f_strftime, f_strflocaltime.

  https://www.cve.org/CVERecord?id=CVE-2025-49014

- GHSA-f946-j5j2-4w5m: Fix stack overflow in node_min_byte_len of oniguruma.

  https://github.com/jqlang/jq/security/advisories/GHSA-f946-j5j2-4w5m

Signed-off-by: Angelo Compagnucci <angelo.compagnucci at gmail.com>
[Peter: fix license info]
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
(cherry picked from commit c9f4328ef4e12852e1cde814d919186846131765)
Signed-off-by: Thomas Perale <thomas.perale at mind.be>
---
 package/jq/jq.hash | 4 ++--
 package/jq/jq.mk   | 5 +++--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/package/jq/jq.hash b/package/jq/jq.hash
index 344f73d463..4596134620 100644
--- a/package/jq/jq.hash
+++ b/package/jq/jq.hash
@@ -1,3 +1,3 @@
 # Locally calculated
-sha256  91811577f91d9a6195ff50c2bffec9b72c8429dc05ec3ea022fd95c06d2b319c  jq-1.8.0.tar.gz
-sha256  ea9e53f5974239869c51ace8bb6849c9751dee7c9d592180957987a1a133caff  COPYING
+sha256  2be64e7129cecb11d5906290eba10af694fb9e3e7f9fc208a311dc33ca837eb0  jq-1.8.1.tar.gz
+sha256  ad2b4a266b2268939c1446979759706077421cf906a203aa188c6f396e8cfd74  COPYING
diff --git a/package/jq/jq.mk b/package/jq/jq.mk
index f3f4704f37..b0776021fc 100644
--- a/package/jq/jq.mk
+++ b/package/jq/jq.mk
@@ -4,9 +4,10 @@
 #
 ################################################################################
 
-JQ_VERSION = 1.8.0
+JQ_VERSION = 1.8.1
 JQ_SITE = https://github.com/jqlang/jq/releases/download/jq-$(JQ_VERSION)
-JQ_LICENSE = MIT (code), ICU (decNumber), CC-BY-3.0 (documentation)
+JQ_LICENSE = MIT (code), ICU (decNumber), CC-BY-3.0 (documentation), \
+	BSD-2-Clause (strptime)
 JQ_LICENSE_FILES = COPYING
 JQ_CPE_ID_VALID = YES
 JQ_INSTALL_STAGING = YES

More information about the buildroot mailing list