<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-openembedded.git/meta-oe/recipes-shells/dash/dash_0.5.12.bb, branch scarthgap</title>
<subtitle>Mirror of git.openembedded.org/meta-openembedded</subtitle>
<id>https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=scarthgap</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=scarthgap'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/'/>
<updated>2026-05-21T03:27:48+00:00</updated>
<entry>
<title>dash: fix CVE-2026-31323</title>
<updated>2026-05-21T03:27:48+00:00</updated>
<author>
<name>Theo Gaige</name>
<email>tgaige.opensource@witekio.com</email>
</author>
<published>2026-05-19T13:26:14+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=7acc7441941f8af0bb78700f62e926da2bbc12c9'/>
<id>urn:sha1:7acc7441941f8af0bb78700f62e926da2bbc12c9</id>
<content type='text'>
Backport upstream fix for CVE-2026-31323 [1].

[1] https://git.kernel.org/pub/scm/utils/dash/dash.git/commit/?id=0034bfe185d3d875cebace8cb3ca5c9dabf9e0f3

Signed-off-by: Theo Gaige &lt;tgaige.opensource@witekio.com&gt;
Reviewed-by: Bruno Vernay &lt;bruno.vernay@se.com&gt;
Signed-off-by: Anuj Mittal &lt;anuj.mittal@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>dash: set CVE_PRODUCT</title>
<updated>2025-10-30T06:43:34+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2025-10-14T23:32:12+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=b2a0dd6c8d2696ff4f1a1ae5e76b983f5e3e161d'/>
<id>urn:sha1:b2a0dd6c8d2696ff4f1a1ae5e76b983f5e3e161d</id>
<content type='text'>
This removes false positive CVE-2024-21485 from cve reports.

$ sqlite3 nvdcve_2-2.db
sqlite&gt; select * from products where product = 'dash';
CVE-2009-0854|dash|dash|0.5.4|=||
CVE-2024-21485|plotly|dash|||2.13.0|&lt;
CVE-2024-21485|plotly|dash|2.14.0|&gt;=|2.15.0|&lt;

Our dash:dash did not reach major version 1 yet.

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
(cherry picked from commit e1427013e01df44b9275908f7605e8e25fc3fd83)
Signed-off-by: Ankur Tyagi &lt;ankur.tyagi85@gmail.com&gt;
Signed-off-by: Anuj Mittal &lt;anuj.mittal@intel.com&gt;
</content>
</entry>
<entry>
<title>dash: correct licence</title>
<updated>2024-04-07T15:36:35+00:00</updated>
<author>
<name>Dan McGregor</name>
<email>dan.mcgregor@usask.ca</email>
</author>
<published>2024-04-05T17:00:25+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=5cfc85d2cf08fb74097e70ea300f7b01e47a5185'/>
<id>urn:sha1:5cfc85d2cf08fb74097e70ea300f7b01e47a5185</id>
<content type='text'>
According to its copyright file, dash is only BSD-3-Clause. It has
a build time tool from bash that's under the GPL, but only the
tool's output is used, not the tool itself. So all compiled artefacts
in dash appear to share the same licence.

Signed-off-by: Dan McGregor &lt;dan.mcgregor@usask.ca&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>dash: upgrade 0.5.11.5 -&gt; 0.5.12</title>
<updated>2022-12-23T16:52:22+00:00</updated>
<author>
<name>Wang Mingyu</name>
<email>wangmy@fujitsu.com</email>
</author>
<published>2022-12-20T12:12:40+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=98480b3e1be22daba5634ee98c3f382856b1c2e7'/>
<id>urn:sha1:98480b3e1be22daba5634ee98c3f382856b1c2e7</id>
<content type='text'>
Signed-off-by: Wang Mingyu &lt;wangmy@fujitsu.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
</feed>
