summaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-devtools
Commit message (Collapse)AuthorAgeFilesLines
* nodejs: mark CVE-2026-21710 patchedGyorgy Sarvari2026-05-081-0/+1
| | | | | | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-21710 The CVE is fixed in the current recipe version[1], but NVD tracks it without verison info. Mark it as patched in the recipe. [1]: https://github.com/nodejs/node/blob/v22.x/doc/changelogs/CHANGELOG_V22.md Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit b483760dba76bb66bad820ea0246a38692c28c45) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* protobuf, python3-protobuf: ignore CVE-2026-6409Gyorgy Sarvari2026-05-081-0/+1
| | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-6409 The vulnerability impacts only the PHP library component, not the cpp/python one. Ignore this CVE due to this. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit aef8bc34225cd0a56057749d0db1dfac773b17cb) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* lshw: Fix binmergeJörg Sommer2026-04-241-2/+2
| | | | | | | | | In case $sbindir = $bindir we have to pass this setting to make. Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit d09f50438f5d6bda37413e583776f177c3ccd343) Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* jq: patch CVE-2026-39979Gyorgy Sarvari2026-04-242-0/+32
| | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-39979 Backport the patch that is referenced by the NVD advisory.y Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit 2b1e34f0f51b103fa37f163cdccdeebf821ac7c1) Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* jq: patch CVE-2026-33948Gyorgy Sarvari2026-04-242-0/+50
| | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-33948 Backport the patch that is referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit 8d399af3337b25d71f8cd4308b9788ac4e88b730) Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* jq: patch CVE-2026-33947Gyorgy Sarvari2026-04-242-0/+105
| | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-33947 Backport the patch that is referenced by the NVD report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit 525e18ce214213193d9a280de3bfd2deb847110e) Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* jq: patch CVE-2026-32316Gyorgy Sarvari2026-04-242-5/+58
| | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-32316 Backport the patch that is referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit e94ab85126f12d77253107084dc8463c79b3e776) Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* jq: Use Git to fetch the codePeter Kjellerstedt2026-04-242-6/+52
| | | | | | | | | | | | | | | | | | | There is a bug (see https://github.com/jqlang/jq/issues/434), which results in an empty version being used if autoreconf is run on the jq sources when using a release tar ball. The incorrect assumption is that autoreconf is only used when fetching the code using Git. The empty version results in an incorrect libjq.pc file being created where the version is not set, which results in, e.g., `pkgconf --libs 'libjq > 1.6'` failing even if version 1.8.1 of jq is actually installed. Switch to fetching the code using Git to workaround the bug. Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit ed33569f822a3a8d41f82f6980a046d17aca37d5) Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* php: upgrade 8.4.19 -> 8.4.20Jason Schonberg2026-04-241-1/+1
| | | | | | | | | This is a bug fix release. Changelog: https://www.php.net/ChangeLog-8.php#8.4.20 Signed-off-by: Jason Schonberg <schonm@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* giflib: patch CVE-2025-31344Gyorgy Sarvari2026-04-242-1/+30
| | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-31344 Backport the commit that mentions this CVE ID explicitly in its message. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* nodejs: ignore fixed CVEsGyorgy Sarvari2026-04-241-0/+7
| | | | | | | | | | | | | All these CVEs are fixed in v22.22.2[1], except for CVE-2026-21712, which does not affect v22 series, because it was introduced in a later version[2]. All these CVEs are tracked without version info by NVD at the time of creating this patch. [1]: https://github.com/nodejs/node/blob/v22.x/doc/changelogs/CHANGELOG_V22.md [2]: https://nodejs.org/en/blog/vulnerability/march-2026-security-releases Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* nodejs: upgrade 22.22.1 -> 22.22.2Jason Schonberg2026-04-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is the March 2026 security release. 2 high severity issues. 5 medium severity issues. 2 low severity issues. High priority fixes: CVE-2026-21637 CVE-2026-21710 Medium priority fixes: CVE-2026-21711 (affects only nodejs v25) CVE-2026-21712 (affects only nodejs v24 & v25) CVE-2026-21713 CVE-2026-21714 CVE-2026-21717 Low priority fixes: CVE-2026-21715 CVE-2026-21716 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases Changelog: https://github.com/nodejs/node/releases/tag/v22.22.2 Signed-off-by: Jason Schonberg <schonm@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit d32cd27eaaa13b296c268df234d2fb2cefa62946) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* nodejs: upgrade 22.22.0 -> 22.22.1Jason Schonberg2026-04-241-3/+3
| | | | | | | | | | | | | License Update: Add sorttable.js under the MIT license - https://github.com/nodejs/node/pull/61348/files Update minimatch to the Blue Oak Model License - https://github.com/nodejs/node/commit/e72da8c7544727f90b857ba86b8c7755e631fe96 Changelog: https://github.com/nodejs/node/releases/tag/v22.22.1 Signed-off-by: Jason Schonberg <schonm@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit db05f827bb680d6e12e27ed55adf6b32688f7466) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* giflib: Fix CVE-2026-23868Vijay Anusuri2026-04-242-0/+35
| | | | | | | | | | | | Pick patch according to [1] [1] https://www.facebook.com/security/advisories/cve-2026-23868 [2] https://nvd.nist.gov/vuln/detail/CVE-2026-23868 Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* capnproto: patch CVE-2026-32239 and CVE-2026-32240Gyorgy Sarvari2026-03-262-1/+163
| | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-32239 https://nvd.nist.gov/vuln/detail/CVE-2026-32240 Backport the patch that is referenced by the NVD advisories. (Same patch for both vulnerabilities) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* php: upgrade 8.4.18 -> 8.4.19Ankur Tyagi2026-03-261-1/+1
| | | | | | | https://www.php.net/ChangeLog-8.php#8.4.19 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* exiftool: ignore CVE-2026-3102Gyorgy Sarvari2026-03-091-0/+2
| | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-3102 The vulnerability impacts only MacOS - ignore it. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* protobuf: ignore CVE-2026-0994Gyorgy Sarvari2026-03-061-0/+2
| | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0994 The vulnerability impacts only the python bindings of protobuf, which is in a separate recipe (python3-protobuf, where it is patched). Ignore this CVE in this recipe due to this. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* php: upgrade 8.4.17 -> 8.4.18Jason Schonberg2026-02-191-1/+1
| | | | | | | | | This is a bug fix release. Changelog: https://www.php.net/ChangeLog-8.php#8.4.18 Signed-off-by: Jason Schonberg <schonm@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* nodejs: upgrade 22.21.1 -> 22.22.0Jason Schonberg2026-02-033-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is the December 2025 security release that the nodejs team released January 13, 2026. 3 high severity issues. 4 medium severity issues. 1 low severity issue. High priority fixes: CVE-2025-55131 CVE-2025-55130 CVE-2025-59465 Medium priority fixes: CVE-2025-59466 CVE-2025-59464 CVE-2026-21636 * CVE-2026-21637 Low priority fixes: CVE-2025-55132 * note that this medium priority CVE only effects Nodejs v25. https://nodejs.org/en/blog/vulnerability/december-2025-security-releases Changelog: https://github.com/nodejs/node/releases/tag/v22.22.0 Signed-off-by: Jason Schonberg <schonm@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 0bb156371e433cf3e9fdc4291da2319d63a83575) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* xerces-c: set CVE_PRODUCTGyorgy Sarvari2026-01-201-0/+2
| | | | | | | | | | | | | | | | | | | The related CVEs are tracked with "xerces-c\+\+" (sic). See CVE db query: sqlite> select vendor, product, count(*) from PRODUCTs where product like '%xerces%' group by 1, 2; apache|xerces-c\+\+|29 apache|xerces-j|2 apache|xerces2_java|3 redhat|xerces|3 Set CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 29a272744a314564035ec4a337704eb6d31e879e) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* nodejs: remove extra CVE_PRODUCTGyorgy Sarvari2026-01-201-2/+0
| | | | | | | | | | | | | CVE_PRODUCT is specified twice - the second instance only duplicates one value from the first instance. Remove this extra CVE_PRODUCT. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 6ff92524842233efb68eb92d4bf7637ef378900d) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* php: upgrade 8.4.16 -> 8.4.17Ankur Tyagi2026-01-201-1/+1
| | | | | | | Changelog: https://www.php.net/ChangeLog-8.php#8.4.17 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* microsoft-gsl: upgrade 4.2.0 -> 4.2.1Wang Mingyu2026-01-201-4/+4
| | | | | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 1d33fb39d9700a125a02d5bbd8292db2756b6f6c) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-psycopg: upgrade 3.2.12 -> 3.2.13Wang Mingyu2026-01-201-1/+1
| | | | | | | | | | | | | | | Changelog: ============== - Show the host name in the error message in case of name resolution error - Fix Cursor.copy() and AsyncCursor.copy() to hold the connection lock for the entire operation, preventing concurrent access issues - Fix GSSAPI check with C extension built with libpq < v16 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 4b297312d7d256ddbca007f9fbdb1daa337fe431) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* php: upgrade 8.4.15 -> 8.4.16Gyorgy Sarvari2026-01-061-1/+1
| | | | | | | | | | This is a bugfix release, containing fixes for CVE-2025-14177, CVE-2025-14178 and CVE-2025-14180. Changelog: https://www.php.net/ChangeLog-8.php#8.4.16 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* fex: ignore unrelated CVEsGyorgy Sarvari2026-01-051-0/+6
| | | | | | | | | | | | | These CVEs were filed for "Fram's Fast File Exchange" application, which has the same abbreviated name as fex. Currently this recipe has no historical CVEs associated, so I couldn't set the correct CVE_PRODUCT. Rather ignore these irrelevant CVEs explicitly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit b990486203b8eca688cfb6fc9bebf8b138e0b334) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* breakpad: correct SRC_URI branchGyorgy Sarvari2025-12-171-1/+1
| | | | | | | | | | master was renamed to main Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 185ff8cbccb99768fca91537b9cf4d47b4117825) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* debootstrap: upgrade 1.0.141 -> 1.0.142Wang Mingyu2025-12-171-1/+1
| | | | | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 75c786b537ac01f28cd6a185c3d152eca781975a) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* php: upgrade 8.4.14 -> 8.4.15Jason Schonberg2025-12-171-1/+1
| | | | | | | | | | | | This is a bug fix release. Changelog: https://www.php.net/ChangeLog-8.php#8.4.15 Signed-off-by: Jason Schonberg <schonm@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 53db086b3504fe9e92b39e5a74fe0ec760f28ed2) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* exiftool: Upgrade 12.89 -> 13.42Leon Anavi2025-11-201-2/+9
| | | | | | | | | | | | | | | | | | | | | | | | Upgrade to release 13.42: - Added warning if tag arguments come before -csv= or -json= in a command - Added a new CanonModelID and RFLensType (thanks Norbert Wasser) - Added ability to read XML as a block from Sony MP4 videos - Added "EOS" to the R5 Mark II CanonModelID string - Decode ReEditData in Samsung trailer - Decode a couple more Sony rtmd tags from MP4 videos - Tolerate some types of trailer corruption as caused by Samsung Gallery - Restrict decoding of MetaImageSize to HEIC files only - Fixed issue writing Keys tags to Sony PMW-EX1R videos - Fixed behaviour of CSV/JSON import when specifying tags to import into an existing list, or when importing ValueConv values (ie. "TAG#"), or when specifying a group name of "All" This work was sponsored by GOVCERT.LU. Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* php: remove php-phar to support reproducible buildHongxu Jia2025-11-183-39/+37
| | | | | | | | | | | | | | | | | | | | | | | | | | | | According to [1][2], generate phar.php during cross-compile can't be done, but upstream test res of $(TEST_PHP_EXECUTABLE) is not suitable for Yocto. Explicitly set TEST_PHP_EXECUTABLE_RES = "1" to not generate phar.php for target recipe Drop 0005-sapi-cli-config.m4-fix-build-directory.patch which is obsolete for generating phar.php After apply this commit ...log.do_compile... Generating phar.php Skipping phar.php generating during cross compilation Generating phar.phar Skipping phar.phar generating during cross compilation ...log.do_compile... Then php supports reproducible build [1] https://github.com/php/php-src/issues/11099 [2] https://github.com/php/php-src/commit/93fa9613e162d1a0e8479ba83c4b6a399846e209 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* ctags: upgrade 6.2.20251109.0 -> 6.2.20251116.0Wang Mingyu2025-11-181-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* yasm: patch CVE-2021-33456Gyorgy Sarvari2025-11-152-0/+36
| | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2021-33465 The patch was taken from Debian: https://sources.debian.org/patches/yasm/1.3.0-8/1020-hash-null-CVE-2021-33456.patch/ Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* yasm: patch CVE-2021-33464Gyorgy Sarvari2025-11-152-0/+35
| | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2021-33464 The patch was taken from Debian: https://sources.debian.org/patches/yasm/1.3.0-8/1010-nasm-pp-no-env-CVE-2021-33464.patch/ Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* yasm: patch CVE-2023-29579Gyorgy Sarvari2025-11-152-1/+41
| | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2023-29579 The patch was taken from Debian: https://sources.debian.org/patches/yasm/1.3.0-8/1000-x86-dir-cpu-CVE-2023-29579.patch/ Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* yasm: add alternative CVE_PRODUCTGyorgy Sarvari2025-11-151-0/+2
| | | | | | | | | | | | | There are multiple vendors for yasm: $ sqlite3 ./nvdcve_2-2.db "select distinct vendor, product from products where product = 'yasm';" tortall|yasm yasm_project|yasm Both products refer to the same application Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* cbindgen: Fix getrandom build with musl/riscv32Khem Raj2025-11-132-0/+55
| | | | | | New upgrade to 0.29.2 broke it. Signed-off-by: Khem Raj <raj.khem@gmail.com>
* fex: add recipeMarkus Volk2025-11-131-0/+56
| | | | | | | | | | Fex is a fast usermode x86 and x86-64 emulator for Arm64 Linux It is used by 'valve' to run windows games on snapdragon Compilation requires TOOLCHAIN = "clang" Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* protobuf: update UPSTREAM_CHECK_GITTAGREGEXYi Zhao2025-11-121-2/+1
| | | | | | | | | | | | | | | | | | | Update UPSTREAM_CHECK_GITTAGREGEX to check the correct latest stable verison. Before the patch: $ devtool latest-version protobuf INFO: Current version: 6.31.1 INFO: Latest version: After the patch: $ devtool latest-version protobuf INFO: Current version: 6.31.1 INFO: Latest version: 6.31.1 INFO: Latest version's commit: 74211c0dfc2777318ab53c2cd2c317a2ef9012de Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* php: add UPSTREAM_CHECK_URIYi Zhao2025-11-121-0/+3
| | | | | | | | | | | | | | | | | | Add UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX to check the correct latest stable verison. Before the patch: $ devtool latest-version php INFO: Current version: 8.4.14 INFO: Latest version: After the patch: $ devtool latest-version php INFO: Current version: 8.4.14 INFO: Latest version: 8.4.14 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* abseil-cpp: add UPSTREAM_CHECK_URIYi Zhao2025-11-121-0/+3
| | | | | | | | | | | | | | | | | | Add UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX to check the correct latest stable verison. Before the patch: $ devtool latest-version abseil-cpp INFO: Current version: 20250814.1 INFO: Latest version: After the patch: $ devtool latest-version abseil-cpp INFO: Current version: 20250814.1 INFO: Latest version: 20250814.1 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* json-schema-validator: upgrade 2.3.0 -> 2.4.0Wang Mingyu2025-11-111-2/+2
| | | | | | | | | | | | | | | | | | | Changelog: =========== - Added CI job to publish GitHub release - Maintenance to Fedora CI infrastructure - Reference validation using contains() result rather than exception handling - add support for $defs instead of definitions - Apply clang-format / fix "test / Check pre-commit" failures - Adding verbose error messages for logical combinations - fix: issue-311 - Fix cmake install target on windows - error-messages: Numeric limit errors should show maximum precision - Add Fedora packaging - Improve and fix bugs in Conanfile Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* ctags: upgrade 6.2.20251026.0 -> 6.2.20251109.0Wang Mingyu2025-11-111-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* heaptrack: Update to latest tip of trunkKhem Raj2025-11-108-328/+80
| | | | | | | | | * It has cmake 4 fixes * Drop all patches, they are no more needed * Fix build with glibc-2.43/c23 * Enabled on riscv64, since libunwind now supports it Signed-off-by: Khem Raj <raj.khem@gmail.com>
* tk: disable zipfs in configurationJan Vermaete2025-11-101-0/+1
| | | | | | | | | | | | | | | | | | | | The tk.tcl file was missing on the rootfs. File "/usr/lib/python3.13/tkinter/__init__.py", line 2459, in __init__ self.tk = _tkinter.create(screenName, baseName, className, interactive, wantobjects, useTk, sync, use) ~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ _tkinter.TclError: Can't find a usable tk.tcl in the following directories: //zipfs:/app/tk_library //zipfs:/lib/tk/tk_library //zipfs:/lib/tk /usr/lib/tk9.0 /usr/lib/tcl9.0/tk9.0 /usr/lib/tk9.0 /usr/lib/tk9.0 /lib/tk9.0 /usr/library By disabling the zipfs options the tk.tcl is in the rootfs. Debian did also disable this option. @see: https://sources.debian.org/src/tk9.0/9.0.2-1/debian/rules#L39 Tested on Walnascar. But master does have the same version of Tk. Signed-off-by: Jan Vermaete <jan.vermaete@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* cbindgen: upgrade 0.28.0 -> 0.29.2Gyorgy Sarvari2025-11-084-186/+162
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Drop patch that is incorporated in this release. Changelog: 0.29.2 * Request serde's std feature to avoid issues with newer toml versions. 0.29.1 * enum: Track dependencies properly in enumerations. * constant: Handle cfg in associated constants. * Remove "display" feature from the toml crate * Fix incorrect detection of duplicated constants * docs: Correct after_include type in example config (fix) * cargo update * Update toml to 0.9 0.29.0 * Support no-export annotation for statics and functions. * Fixed conditional fields of constexpr literal structs * Add rename rule for generated associated constant * Upgrade heck to 0.5 * Add support for an optional nullable attribute * docs.md: Fix deprecated_with_note and deprecated_variant_with_note being spelled as 'notes' * Fix generic with "void" default * Fixed error generation of structures using the keyword as inside arrays * Added test for unsafe(no_mangle) attribute * Fixed handling of trait methods containing the unsafe attribute * Rename -Zparse-only Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* gpp: Add recipeMichael Wyraz2025-11-041-0/+13
| | | | | | | gpp is a general-purpose preprocessor Signed-off-by: Michael Wyraz <mw@brick4u.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* mercurial: set CVE_PRODUCT to "mercurial-scm:mercurial mercurial:mercurial"Ankur Tyagi2025-10-301-1/+1
| | | | | | | | | Other product "mercurial" introduce false CVE finding like: https://nvd.nist.gov/vuln/detail/CVE-2022-43410 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nodejs: fix gcc compile failed for 32 bit arm targetHongxu Jia2025-10-301-0/+4
| | | | | | | | | | | | | | | | | | | | | | Use gcc to compile failed for 32 bit arm target $ echo 'MACHINE = "qemuarm"' >> conf/local.conf $ bitbake nodejs ... 2645 | ); | ^ ../deps/llhttp/src/llhttp.c:2643:11: error: incompatible type for argument 1 of 'vandq_u16' 2643 | vcgeq_u8(input, vdupq_n_u8(' ')), | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | uint8x16_t ... Use '-flax-vector-conversions' to permit conversions between vectors with differing element types or numbers of subparts Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>