<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-openembedded.git/meta-oe/recipes-devtools, branch kirkstone-next</title>
<subtitle>Mirror of git.openembedded.org/meta-openembedded</subtitle>
<id>https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=kirkstone-next</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=kirkstone-next'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/'/>
<updated>2025-07-13T18:36:35+00:00</updated>
<entry>
<title>jq: Fix CVEs</title>
<updated>2025-07-13T18:36:35+00:00</updated>
<author>
<name>Colin McAllister</name>
<email>colin.mcallister@garmin.com</email>
</author>
<published>2025-07-07T21:39:43+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=9daee866d1b4567a40c7af8067f0ade213a7091d'/>
<id>urn:sha1:9daee866d1b4567a40c7af8067f0ade213a7091d</id>
<content type='text'>
Adds backported patches to fix CVE-2024-23339, CVE-2024-53427, and
CVE-2025-48060.

Signed-off-by: Colin Pinnell McAllister &lt;colin.mcallister@garmin.com&gt;
Change-Id: Ibc2db956b7fd5d0388dbed1a81ddf9aa58431fb1
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>protobuf: fix CVE-2025-4565</title>
<updated>2025-07-03T00:36:42+00:00</updated>
<author>
<name>Chen Qi</name>
<email>Qi.Chen@windriver.com</email>
</author>
<published>2025-06-24T08:57:48+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=72f2dd38ca1bfae31190d3791adc2a9cac4da111'/>
<id>urn:sha1:72f2dd38ca1bfae31190d3791adc2a9cac4da111</id>
<content type='text'>
Backport patch with adjustments for 3.19.6 version to fix
CVE-2025-4565.

Signed-off-by: Chen Qi &lt;Qi.Chen@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>protobuf: fix ptest with python PACKAGECONFIG enabled</title>
<updated>2025-07-03T00:36:36+00:00</updated>
<author>
<name>Chen Qi</name>
<email>Qi.Chen@windriver.com</email>
</author>
<published>2025-06-24T08:57:46+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=eafaacee695bd77be48eaa05f7b8993993e03453'/>
<id>urn:sha1:eafaacee695bd77be48eaa05f7b8993993e03453</id>
<content type='text'>
1. RDEPENDS on python3-protobuf instead of python-protobuf. The
   latter is not available anywhere.
2. Use use python3 interpreter.
3. Fix run-ptest to avoid test failure. An extra '\n' is needed
   to break out the loop.

Signed-off-by: Chen Qi &lt;Qi.Chen@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>lapack: upgrade 3.10.0 -&gt; 3.10.1</title>
<updated>2025-03-08T00:18:02+00:00</updated>
<author>
<name>wangmy</name>
<email>wangmy@fujitsu.com</email>
</author>
<published>2025-03-07T17:07:24+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=7e18b3fc774b7efabf9a20ae3cd6abd0e0715b59'/>
<id>urn:sha1:7e18b3fc774b7efabf9a20ae3cd6abd0e0715b59</id>
<content type='text'>
Changelog:
http://netlib.org/lapack/lapack-3.10.1.html

Signed-off-by: Wang Mingyu &lt;wangmy@fujitsu.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
Signed-off-by: Piotr Lewicki &lt;piotr.l.lewicki@hitachienergy.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>abseil-cpp: fix CVE-2025-0838</title>
<updated>2025-03-06T14:48:36+00:00</updated>
<author>
<name>Changqing Li</name>
<email>changqing.li@windriver.com</email>
</author>
<published>2025-02-27T06:36:50+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=6abfd35755938a30890e909854d39e379230571c'/>
<id>urn:sha1:6abfd35755938a30890e909854d39e379230571c</id>
<content type='text'>
Backport a patch to fix CVE-2025-0838

CVE-2025-0838:
There exists a heap buffer overflow vulnerable in Abseil-cpp. The sized
constructors, reserve(), and rehash() methods of
absl::{flat,node}hash{set,map} did not impose an upper bound on their
size argument. As a result, it was possible for a caller to pass a very
large size that would cause an integer overflow when computing the size
of the container's backing store, and a subsequent out-of-bounds memory
write. Subsequent accesses to the container might also access
out-of-bounds memory. We recommend upgrading past commit
5a0e2cb5e3958dd90bb8569a2766622cb74d90c1

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-0838

Signed-off-by: Changqing Li &lt;changqing.li@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>glade: fix CVE-2020-36774</title>
<updated>2025-01-23T00:13:03+00:00</updated>
<author>
<name>Zhang Peng</name>
<email>peng.zhang1.cn@windriver.com</email>
</author>
<published>2025-01-16T07:13:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=9d2f35c8ce8c65434f8c91c3bec927f38334b76c'/>
<id>urn:sha1:9d2f35c8ce8c65434f8c91c3bec927f38334b76c</id>
<content type='text'>
CVE-2020-36774:
plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x
before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a
denial of service (application crash).

Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2020-36774]

Upstream patches:
[https://gitlab.gnome.org/GNOME/glade/-/commit/7acdd3c6f6934f47b8974ebc2190a59ea5d2ed17]

Signed-off-by: Zhang Peng &lt;peng.zhang1.cn@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>meta-oe: Remove True option to getVar calls</title>
<updated>2025-01-23T00:12:54+00:00</updated>
<author>
<name>akash hadke</name>
<email>akash.hadke27@gmail.com</email>
</author>
<published>2025-01-10T11:09:04+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=198cf66134afa9d7631ee9a1e1a08d396fa58e8a'/>
<id>urn:sha1:198cf66134afa9d7631ee9a1e1a08d396fa58e8a</id>
<content type='text'>
getVar() now defaults to expanding by default, thus remove the True
option from getVar() calls with a regex search and replace.

Signed-off-by: Akash Hadke &lt;akash.hadke27@gmail.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>php: upgrade 8.1.30 -&gt; 8.1.31</title>
<updated>2024-12-31T14:00:02+00:00</updated>
<author>
<name>Vijay Anusuri</name>
<email>vanusuri@mvista.com</email>
</author>
<published>2024-12-20T15:20:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=bffcd6df7a8201b32f17b7791013f73e64db1453'/>
<id>urn:sha1:bffcd6df7a8201b32f17b7791013f73e64db1453</id>
<content type='text'>
Includes fix for CVE-2024-8929, CVE-2024-11236, CVE-2024-11234 and CVE-2024-11233

Changelog:
https://www.php.net/ChangeLog-8.php#8.1.31

Signed-off-by: Vijay Anusuri &lt;vanusuri@mvista.com&gt;
</content>
</entry>
<entry>
<title>protobuf: fix CVE-2024-7254</title>
<updated>2024-12-08T20:04:02+00:00</updated>
<author>
<name>Chen Qi</name>
<email>Qi.Chen@windriver.com</email>
</author>
<published>2024-11-26T08:12:28+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=f17b6e36fc2eef7f24d08885c50732d62f2754e5'/>
<id>urn:sha1:f17b6e36fc2eef7f24d08885c50732d62f2754e5</id>
<content type='text'>
Backport patch with tweaks for the current version to fix
CVE-2024-7254.

Signed-off-by: Chen Qi &lt;Qi.Chen@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>php: upgrade 8.1.29 -&gt; 8.1.30</title>
<updated>2024-12-08T20:03:33+00:00</updated>
<author>
<name>Yogita Urade</name>
<email>yogita.urade@windriver.com</email>
</author>
<published>2024-11-26T04:37:34+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=80dcdf37bed9638c3dc6add2c2225519d5fbac5b'/>
<id>urn:sha1:80dcdf37bed9638c3dc6add2c2225519d5fbac5b</id>
<content type='text'>
Includes fix for CVE-2024-8925, CVE-2024-8926, CVE-2024-8927
and CVE-2024-9026

Changelog:
https://www.php.net/ChangeLog-8.php#8.1.30

Signed-off-by: Yogita Urade &lt;yogita.urade@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
</feed>
