From 8e810adf8d48fb5e831fa39b8d67ff2dcf763eda Mon Sep 17 00:00:00 2001
From: Azure Linux Security Servicing Account
 <azurelinux-security@microsoft.com>
Date: Wed, 29 Oct 2025 05:40:16 +0000
Subject: [PATCH] Patch jq for CVE-2025-9403

---
 SPECS/jq/CVE-2025-9403.patch | 47 ++++++++++++++++++++++++++++++++++++
 SPECS/jq/jq.spec             |  6 ++++-
 2 files changed, 52 insertions(+), 1 deletion(-)
 create mode 100644 SPECS/jq/CVE-2025-9403.patch

diff --git a/SPECS/jq/CVE-2025-9403.patch b/SPECS/jq/CVE-2025-9403.patch
new file mode 100644
index 00000000000..b98ad581288
--- /dev/null
+++ b/SPECS/jq/CVE-2025-9403.patch
@@ -0,0 +1,47 @@
+From b5403362c386b80e4726f52897c5fe5d3705a9a6 Mon Sep 17 00:00:00 2001
+From: AllSpark <allspark@microsoft.com>
+Date: Wed, 29 Oct 2025 05:38:18 +0000
+Subject: [PATCH] Fix expected value assertion for NaN value (fix #3393): -
+ Include math.h for isnan - Skip reparsing/roundtrip assertion when expected
+ is NaN under USE_DECNUM
+
+Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
+Upstream-reference: AI Backport of https://github.com/jqlang/jq/commit/304a0f7e0ec376bf0ecabf9f96b2ab3432548819.patch
+---
+ src/jq_test.c | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/src/jq_test.c b/src/jq_test.c
+index 7a396b9..0172a76 100644
+--- a/src/jq_test.c
++++ b/src/jq_test.c
+@@ -2,6 +2,7 @@
+ #include <stdio.h>
+ #include <string.h>
+ #include <stdlib.h>
++#include <math.h>
+ #include "jv.h"
+ #include "jq.h"
+ 
+@@ -157,11 +158,13 @@ static void run_jq_tests(jv lib_dirs, int verbose, FILE *testdata) {
+         printf(" for test at line number %u: %s\n", lineno, prog);
+         pass = 0;
+       }
+-      jv as_string = jv_dump_string(jv_copy(expected), rand() & ~(JV_PRINT_COLOR|JV_PRINT_REFCOUNT));
+-      jv reparsed = jv_parse_sized(jv_string_value(as_string), jv_string_length_bytes(jv_copy(as_string)));
+-      assert(jv_equal(jv_copy(expected), jv_copy(reparsed)));
+-      jv_free(as_string);
+-      jv_free(reparsed);
++      if (!(jv_get_kind(expected) == JV_KIND_NUMBER && isnan(jv_number_value(expected)))) {
++        jv as_string = jv_dump_string(jv_copy(expected), rand() & ~(JV_PRINT_COLOR|JV_PRINT_REFCOUNT));
++        jv reparsed = jv_parse_sized(jv_string_value(as_string), jv_string_length_bytes(jv_copy(as_string)));
++        assert(jv_equal(jv_copy(expected), jv_copy(reparsed)));
++        jv_free(as_string);
++        jv_free(reparsed);
++      }
+       jv_free(expected);
+       jv_free(actual);
+     }
+-- 
+2.45.4
+
diff --git a/SPECS/jq/jq.spec b/SPECS/jq/jq.spec
index f1ff88f9a13..802a1a37512 100644
--- a/SPECS/jq/jq.spec
+++ b/SPECS/jq/jq.spec
@@ -1,7 +1,7 @@
 Summary:        jq is a lightweight and flexible command-line JSON processor.
 Name:           jq
 Version:        1.6
-Release:        4%{?dist}
+Release:        5%{?dist}
 Group:          Applications/System
 Vendor:         Microsoft Corporation
 License:        MIT
@@ -10,6 +10,7 @@ Source0:        https://github.com/stedolan/jq/releases/download/%{name}-%{versi
 Distribution:   Mariner
 Patch0:         CVE-2024-23337.patch
 Patch1:         CVE-2025-48060.patch
+Patch2:         CVE-2025-9403.patch
 BuildRequires:  bison
 BuildRequires:  chrpath
 BuildRequires:  flex
@@ -60,6 +61,9 @@ make check
 %{_includedir}/*
 
 %changelog
+* Wed Oct 29 2025 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 1.6-5
+- Patch for CVE-2025-9403
+
 * Thu Jul 24 2025 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 1.6-4
 - Patch for CVE-2025-48060