package/jq: security bump to version 1.8.1
Changelog:
https://github.com/jqlang/jq/releases/tag/jq-1.8.1
COPYING:
Add LICENSE notice of NetBSD's strptime() to COPYING
https://github.com/jqlang/jq/commit/78045d8aa9d155ec0f82ab102aa752300c2349f1
Fixes the following security issues:
- CVE-2025-49014: Fix heap use after free in f_strftime, f_strflocaltime.
https://www.cve.org/CVERecord?id=CVE-2025-49014
- GHSA-f946-j5j2-4w5m: Fix stack overflow in node_min_byte_len of oniguruma.
https://github.com/jqlang/jq/security/advisories/GHSA-f946-j5j2-4w5m
Signed-off-by: Angelo Compagnucci <angelo.compagnucci@gmail.com>
[Peter: fix license info]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
diff --git a/package/jq/jq.hash b/package/jq/jq.hash
index 344f73d..4596134 100644
--- a/package/jq/jq.hash
+++ b/package/jq/jq.hash
@@ -1,3 +1,3 @@
# Locally calculated
-sha256 91811577f91d9a6195ff50c2bffec9b72c8429dc05ec3ea022fd95c06d2b319c jq-1.8.0.tar.gz
-sha256 ea9e53f5974239869c51ace8bb6849c9751dee7c9d592180957987a1a133caff COPYING
+sha256 2be64e7129cecb11d5906290eba10af694fb9e3e7f9fc208a311dc33ca837eb0 jq-1.8.1.tar.gz
+sha256 ad2b4a266b2268939c1446979759706077421cf906a203aa188c6f396e8cfd74 COPYING
diff --git a/package/jq/jq.mk b/package/jq/jq.mk
index f3f4704..b077602 100644
--- a/package/jq/jq.mk
+++ b/package/jq/jq.mk
@@ -4,9 +4,10 @@
#
################################################################################
-JQ_VERSION = 1.8.0
+JQ_VERSION = 1.8.1
JQ_SITE = https://github.com/jqlang/jq/releases/download/jq-$(JQ_VERSION)
-JQ_LICENSE = MIT (code), ICU (decNumber), CC-BY-3.0 (documentation)
+JQ_LICENSE = MIT (code), ICU (decNumber), CC-BY-3.0 (documentation), \
+ BSD-2-Clause (strptime)
JQ_LICENSE_FILES = COPYING
JQ_CPE_ID_VALID = YES
JQ_INSTALL_STAGING = YES
