<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-openembedded.git/meta-oe/recipes-extended, branch scarthgap-next</title>
<subtitle>Mirror of git.openembedded.org/meta-openembedded</subtitle>
<id>https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=scarthgap-next</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=scarthgap-next'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/'/>
<updated>2025-08-02T17:37:04+00:00</updated>
<entry>
<title>minifi-cpp: patch spdlog CVE-2025-6140</title>
<updated>2025-08-02T17:37:04+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2025-07-12T12:56:57+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=e67921006fa5b0be862de0d4afe7de4d988f9d28'/>
<id>urn:sha1:e67921006fa5b0be862de0d4afe7de4d988f9d28</id>
<content type='text'>
Same patch as in spdlog recipe.

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>redis: fix CVE-2025-32023</title>
<updated>2025-08-02T17:13:18+00:00</updated>
<author>
<name>Hitendra Prajapati</name>
<email>hprajapati@mvista.com</email>
</author>
<published>2025-07-16T06:15:12+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=e66e64ee631db34daa235d928258df929f1cb8fd'/>
<id>urn:sha1:e66e64ee631db34daa235d928258df929f1cb8fd</id>
<content type='text'>
Upstream-Status: Backport from https://github.com/redis/redis/commit/50188747cbfe43528d2719399a2a3c9599169445

Signed-off-by: Hitendra Prajapati &lt;hprajapati@mvista.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>libconfig: correct the SRC_URI</title>
<updated>2025-07-11T00:23:37+00:00</updated>
<author>
<name>Guocai He</name>
<email>guocai.he.cn@windriver.com</email>
</author>
<published>2025-07-10T05:23:26+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=dde4e6d41bc681a2644933cb62df256ef334dcbb'/>
<id>urn:sha1:dde4e6d41bc681a2644933cb62df256ef334dcbb</id>
<content type='text'>
The old SRC_URI is not available.

Signed-off-by: Guocai He &lt;guocai.he.cn@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>libblockdev: fix CVE-2025-6019</title>
<updated>2025-07-06T23:47:13+00:00</updated>
<author>
<name>Changqing Li</name>
<email>changqing.li@windriver.com</email>
</author>
<published>2025-07-03T07:52:50+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=d2054d588748836ae06d2800916e9f89058465c0'/>
<id>urn:sha1:d2054d588748836ae06d2800916e9f89058465c0</id>
<content type='text'>
CVE-2025-6019:
A Local Privilege Escalation (LPE) vulnerability was found in
libblockdev. Generally, the "allow_active" setting in Polkit permits a
physically present user to take certain actions based on the session
type. Due to the way libblockdev interacts with the udisks daemon, an
"allow_active" user on a system may be able escalate to full root
privileges on the target host. Normally, udisks mounts user-provided
filesystem images with security flags like nosuid and nodev to prevent
privilege escalation. However, a local attacker can create a specially
crafted XFS image containing a SUID-root shell, then trick udisks into
resizing it. This mounts their malicious filesystem with root
privileges, allowing them to execute their SUID-root shell and gain
complete control of the system.

Refer:
https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt

Signed-off-by: Changqing Li &lt;changqing.li@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>canutils: use https instead of git protocol</title>
<updated>2025-06-23T21:03:17+00:00</updated>
<author>
<name>Bastian Krause</name>
<email>bst@pengutronix.de</email>
</author>
<published>2025-06-10T13:07:16+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=f79cb5d445583d9b683a3e0978fa93c7db9b7b9b'/>
<id>urn:sha1:f79cb5d445583d9b683a3e0978fa93c7db9b7b9b</id>
<content type='text'>
The git server at git.pengutronix.de no longer supports the git
protocol, so switch to https.

Signed-off-by: Bastian Krause &lt;bst@pengutronix.de&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>libsocketcan: use https instead of git protocol</title>
<updated>2025-06-23T21:03:14+00:00</updated>
<author>
<name>Bastian Krause</name>
<email>bst@pengutronix.de</email>
</author>
<published>2025-06-10T13:05:13+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=4f79df7459307e3f3e4cf3438f8c8aa503eb330a'/>
<id>urn:sha1:4f79df7459307e3f3e4cf3438f8c8aa503eb330a</id>
<content type='text'>
The git server at git.pengutronix.de no longer supports the git
protocol, so switch to https.

Signed-off-by: Bastian Krause &lt;bst@pengutronix.de&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>redis: upgrade 7.2.7 -&gt; 7.2.8</title>
<updated>2025-06-23T20:57:55+00:00</updated>
<author>
<name>Vijay Anusuri</name>
<email>vanusuri@mvista.com</email>
</author>
<published>2025-05-30T04:04:10+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=9a0a923b647ba9b86c22d13dda68e9b4c45e180d'/>
<id>urn:sha1:9a0a923b647ba9b86c22d13dda68e9b4c45e180d</id>
<content type='text'>
ChangeLog:
https://github.com/redis/redis/releases/tag/7.2.8

Update urgency: SECURITY: There are security fixes in the release.

Security fixes
==================
* (CVE-2025-21605) An unauthenticated client can cause an unlimited growth of output buffers

Bug fixes
=================
* #12817, #12905 Fix race condition issues between the main thread and module threads
* #13863 RANDOMKEY - infinite loop during client pause
* #13877 ShardID inconsistency when both primary and replica support it

Signed-off-by: Vijay Anusuri &lt;vanusuri@mvista.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>can-utils: handle CAN_ERR_CNT correctly</title>
<updated>2025-05-21T13:17:20+00:00</updated>
<author>
<name>Jeroen Hofstee</name>
<email>jhofstee@victronenergy.com</email>
</author>
<published>2025-05-16T10:15:10+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=c1c33c3a4b1e705df183ac06c578dc83ba647a2c'/>
<id>urn:sha1:c1c33c3a4b1e705df183ac06c578dc83ba647a2c</id>
<content type='text'>
If CAN_ERR_CNT is set, the snprintf_can_error_frame() bails out, as it
cannot decode CAN_ERR_CNT.

Signed-off-by: Jeroen Hofstee &lt;jhofstee@victronenergy.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>libmodbus: ignore CVE-2023-26793 and CVE-2024-34244</title>
<updated>2025-05-17T18:11:21+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2025-05-06T17:00:44+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=bc6cafa570a5b8cc494626b9cb2addba721b196b'/>
<id>urn:sha1:bc6cafa570a5b8cc494626b9cb2addba721b196b</id>
<content type='text'>
See discussions in closed/rejected issues linked from NVD CVE reports:
* CVE-2023-26793: https://github.com/stephane/libmodbus/issues/683#issuecomment-2615601890
* CVE-2024-34244: https://github.com/stephane/libmodbus/issues/743#issuecomment-2222214256

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>can-utils: fix printing / reading timestamps</title>
<updated>2025-05-17T18:11:18+00:00</updated>
<author>
<name>Jeroen Hofstee</name>
<email>jhofstee@victronenergy.com</email>
</author>
<published>2025-04-30T11:41:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=ef74a629a802fc9ffd476e9d68bbad78d2d3e620'/>
<id>urn:sha1:ef74a629a802fc9ffd476e9d68bbad78d2d3e620</id>
<content type='text'>
Backport a patch to correctly handle 64bit timestamps.

Signed-off-by: Jeroen Hofstee &lt;jhofstee@victronenergy.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
</feed>
