<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-openembedded.git/meta-oe/recipes-devtools, branch scarthgap-next</title>
<subtitle>Mirror of git.openembedded.org/meta-openembedded</subtitle>
<id>https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=scarthgap-next</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=scarthgap-next'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/'/>
<updated>2025-07-11T00:23:11+00:00</updated>
<entry>
<title>jq-1.7.1: Backport multiple CVE fixes</title>
<updated>2025-07-11T00:23:11+00:00</updated>
<author>
<name>Roland Kovacs</name>
<email>roland.kovacs@est.tech</email>
</author>
<published>2025-07-07T06:38:09+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=3d03058fe2b2eacbd4ebe081032f85063599221c'/>
<id>urn:sha1:3d03058fe2b2eacbd4ebe081032f85063599221c</id>
<content type='text'>
CVE: CVE-2024-23337
CVE: CVE-2024-53427
CVE: CVE-2025-48060

Patches CVE-2024-23337.patch and CVE-2024-53427.patch are backported from
jq-1.8.0, and CVE-2025-48060.patch is backported from jq-1.8.1.

Signed-off-by: Roland Kovacs &lt;roland.kovacs@est.tech&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>protobuf: upgrade from 4.25.3 to 4.25.8</title>
<updated>2025-07-06T23:46:40+00:00</updated>
<author>
<name>Chen Qi</name>
<email>Qi.Chen@windriver.com</email>
</author>
<published>2025-06-24T03:05:59+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=7c3e7a6d5ddca67cddb1c493620c38a32dc36463'/>
<id>urn:sha1:7c3e7a6d5ddca67cddb1c493620c38a32dc36463</id>
<content type='text'>
0001-Add-recursion-check-when-parsing-unknown-fields-in-J.patch is
dropped because it has been in new version.

This upgrade also fixes CVE-2025-4565. The fix commit is as below:

  d31100c91 Manually backport recursion limit enforcement to 25.x

Signed-off-by: Chen Qi &lt;Qi.Chen@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>nodejs: backport a patch to prevent brotli crashing nodejs</title>
<updated>2025-05-17T18:11:15+00:00</updated>
<author>
<name>Jeroen Hofstee</name>
<email>jhofstee@victronenergy.com</email>
</author>
<published>2025-04-28T16:51:36+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=54c92c9e89c4436092a4eba74c32807ce299fb09'/>
<id>urn:sha1:54c92c9e89c4436092a4eba74c32807ce299fb09</id>
<content type='text'>
Brotli can crash nodejs (on ARM), because the memory allocated for
brotli wasn't properly aligned.

https://github.com/google/brotli/issues/1159
https://github.com/nodejs/node/commit/dc035bbc9b310ff8067bc0dad22230978489c061

Signed-off-by: Jeroen Hofstee &lt;jhofstee@victronenergy.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>php: Upgrade 8.2.26 -&gt; 8.2.28</title>
<updated>2025-04-17T00:33:53+00:00</updated>
<author>
<name>Soumya Sambu</name>
<email>soumya.sambu@windriver.com</email>
</author>
<published>2025-04-09T12:55:42+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=01eb9fb907892da37d3d88c37d1191151e2a9e31'/>
<id>urn:sha1:01eb9fb907892da37d3d88c37d1191151e2a9e31</id>
<content type='text'>
Includes fix for - CVE-2025-1219, CVE-2025-1736, CVE-2025-1861,
CVE-2025-1734 and CVE-2025-1217

Changelog:
https://www.php.net/ChangeLog-8.php#8.2.28

Signed-off-by: Soumya Sambu &lt;soumya.sambu@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>perfetto: Fix contains reference to TMPDIR [buildpaths] warning</title>
<updated>2025-04-17T00:30:23+00:00</updated>
<author>
<name>alperak</name>
<email>alperyasinak1@gmail.com</email>
</author>
<published>2024-08-08T11:20:45+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=b808d471d70e86177e15ca4070f4e90041b9043a'/>
<id>urn:sha1:b808d471d70e86177e15ca4070f4e90041b9043a</id>
<content type='text'>
WARNING:perfetto-31.0-r0 do_package_qa: QA Issue: File /usr/bin/.debug/tracebox in package perfetto-dbg contains reference to TMPDIR [buildpaths]

Signed-off-by: alperak &lt;alperyasinak1@gmail.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
Signed-off-by: Armin Kuster &lt;akuster@mvista.com&gt;
</content>
</entry>
<entry>
<title>ldns: Fix buildpaths QA issues</title>
<updated>2025-04-17T00:30:23+00:00</updated>
<author>
<name>Khem Raj</name>
<email>raj.khem@gmail.com</email>
</author>
<published>2024-07-28T06:55:23+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=e71b2ad9bf656c94716afe646cc449fd026c8393'/>
<id>urn:sha1:e71b2ad9bf656c94716afe646cc449fd026c8393</id>
<content type='text'>
MJ: Backported from 'ldns: Upgrade to 1.8.4' commit without the upgrade.

Fix buildpaths QA errors while here

Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
Signed-off-by: Martin Jansa &lt;martin.jansa@gmail.com&gt;
Signed-off-by: Armin Kuster &lt;akuster@mvista.com&gt;
</content>
</entry>
<entry>
<title>abseil-cpp: upgrade 20240116.2 -&gt; 20240116.3</title>
<updated>2025-03-03T13:05:48+00:00</updated>
<author>
<name>Changqing Li</name>
<email>changqing.li@windriver.com</email>
</author>
<published>2025-02-27T04:12:26+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=48980f26fe804e50c41d76decfc06492eb0f7b1c'/>
<id>urn:sha1:48980f26fe804e50c41d76decfc06492eb0f7b1c</id>
<content type='text'>
This upgrade include security fix for CVE-2025-0838, refer:
https://github.com/abseil/abseil-cpp/releases?page=1

git log:
54fac219 (tag: 20240116.3) Fix potential integer overflow in hash container create/resize (#1812)
d7aaad83 (tag: 20240116.2) Abseil LTS Branch, Jan 2024, Patch 2 (#1650)
2f9e432c (tag: 20240116.1) Prepare 20240116.1 patch for Apple Privacy Manifest (#1623)

Signed-off-by: Changqing Li &lt;changqing.li@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>sip: Fix homepage and license</title>
<updated>2025-03-03T12:56:57+00:00</updated>
<author>
<name>Leon Anavi</name>
<email>leon.anavi@konsulko.com</email>
</author>
<published>2025-02-06T12:36:50+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=b06d04ee6f5fd8f27e0d3f33b2b9bc3e5f5bf24b'/>
<id>urn:sha1:b06d04ee6f5fd8f27e0d3f33b2b9bc3e5f5bf24b</id>
<content type='text'>
After the migration from Mercurial to GitHub the homepage has
changed and SIP has been licensed under the BSD-2-Clause license
since Feb 9, 2024, including for release 6.8.6.

This work was sponsored by GOVCERT.LU.

License-Update: SIP is licensed under the BSD-2-Clause license.

Signed-off-by: Leon Anavi &lt;leon.anavi@konsulko.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>modejs: upgrade 20.18.0 -&gt; 20.18.2</title>
<updated>2025-02-04T23:04:57+00:00</updated>
<author>
<name>Archana Polampalli</name>
<email>archana.polampalli@windriver.com</email>
</author>
<published>2025-01-31T17:22:30+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=4f11a12b2352bbdfafb6b7d956bf424af4992977'/>
<id>urn:sha1:4f11a12b2352bbdfafb6b7d956bf424af4992977</id>
<content type='text'>
Below list of CVEs are addressed in this release
CVE-2025-23083
CVE-2025-23084
CVE-2025-23085
CVE-2025-22150

Changelog:
https://github.com/nodejs/node/releases/tag/v20.18.2
https://github.com/nodejs/node/releases/tag/v20.18.1

Signed-off-by: Archana Polampalli &lt;archana.polampalli@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>nodejs: upgrade 20.17.0 -&gt; 20.18.0</title>
<updated>2025-02-04T23:04:53+00:00</updated>
<author>
<name>J. S</name>
<email>schonm@gmail.com</email>
</author>
<published>2025-01-31T17:22:29+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=653bbb3e293af2763e591a3f875858ac6015bb26'/>
<id>urn:sha1:653bbb3e293af2763e591a3f875858ac6015bb26</id>
<content type='text'>
License checksum change due to whitespace changes.
https://github.com/nodejs/node/commit/1dfd238781

libatomic.patch change due to changes in node.gyp
https://github.com/nodejs/node/commit/25c788009f1fa7a392af51cb97d0a55f0f4a6983

Changelog :
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.18.0

Signed-off-by: Jason Schonberg &lt;schonm@gmail.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
Signed-off-by: Archana Polampalli &lt;archana.polampalli@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
</feed>
