summaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-devtools
Commit message (Collapse)AuthorAgeFilesLines
* suiteparse: Adapt to upstream branch name changesRichard Purdie2023-11-031-1/+1
| | | | | | | meta-oe master branch already made this change. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nodejs: fix CVE-2022-25883Polampalli, Archana2023-09-042-0/+263
| | | | | | | | | | | | | | | Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range. References: https://nvd.nist.gov/vuln/detail/CVE-2022-25883 Upstream patches: https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441 Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nlohmann-json: Avoid usage of nobranch=1Sourav Pramanik2023-08-301-1/+1
| | | | | | | | | The usage of nobranch=1 in SRC_URI allows using unprotected branches. This change updates the real branch name in place of nobranch=1. Signed-off-by: Sourav Kumar Pramanik <pramanik.souravkumar@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* rapidjson: Avoid usage of nobranch=1Sourav Pramanik2023-08-301-1/+1
| | | | | | | | | The usage of nobranch=1 in SRC_URI allows using unprotected branches. This change updates the real branch name in place of nobranch=1. Signed-off-by: Sourav Kumar Pramanik <pramanik.souravkumar@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* php: upgrade 8.1.16 -> 8.1.22Polampalli, Archana2023-08-251-1/+1
| | | | | | | | | | | | | | Upgrade php to 8.1.22 Security fixes: CVE-2023-3824 CVE-2023-3823 CVE-2023-3247 https://www.php.net/ChangeLog-8.php#8.1.22 Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nodejs: upgrade 16.20.1 -> 16.20.2Polampalli, Archana2023-08-111-1/+1
| | | | | | | | | | | | | | | | | | | | | | | This release contains bug fixes only. The following CVEs have been addressed: CVE-2023-32002 CVE-2023-32006 CVE-2023-32559 $ git log --oneline v16.20.1..v16.20.2 dadbde963f (tag: v16.20.2) 2023-08-09, Version 16.20.2 'Gallium' (LTS) d8ccfe9ad4 policy: handle Module.constructor and main.extensions bypass 242aaa0caa policy: disable process.binding() when enabled 40c3958a5a deps: update archs files for OpenSSL-1.1.1v a9ac9da89a deps: fix openssl crypto clean 362d4c7494 deps: upgrade openssl sources to OpenSSL_1_1_1v 7447de2794 Working on v16.20.2 https://github.com/nodejs/node/releases/tag/v16.20.2 Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* yasm: fix CVE-2023-31975Polampalli, Archana2023-08-032-0/+30
| | | | | | | | | | | | | | | yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c. References: https://nvd.nist.gov/vuln/detail/CVE-2023-31975 https://github.com/yasm/yasm/issues/210 Upstream patches: https://github.com/yasm/yasm/commit/b2cc5a1693b17ac415df76d0795b15994c106441 Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nodejs: upgrade 16.19.1 -> 16.20.1Polampalli, Archana2023-07-164-77/+1
| | | | | | | | | | | | | | | | | | | Drop the gcc13.patch as it has been merged in 16.20.1 56cbc7fdda deps: V8: cherry-pick c2792e58035f The list of the CVEs are fixed in this relase: CVE-2023-30581 CVE-2023-30585 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 https://nodejs.org/en/blog/release/v16.20.0 https://nodejs.org/en/blog/release/v16.20.1 Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* yajl: CVE-2023-33460 memory leak in yajl_tree_parse functionHitendra Prajapati2023-07-022-1/+32
| | | | | | | Upstream-Status: Backport from https://github.com/openEuler-BaseService/yajl/commit/23a122eddaa28165a6c219000adcc31ff9a8a698 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* grpc: ignore CVE-2023-32732Peter Marko2023-07-021-0/+3
| | | | | | | | | It was introduced in in v1.53.0 and not backported to v1.46.x branch. NVD references PR which intrioduces the vulnerability: https://github.com/grpc/grpc/pull/32309#issuecomment-1589561295 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ExprTk: Update package to release/0.0.2Arash Partow2023-06-191-2/+2
| | | | | | | Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 0522e66a26b1f4778948553a193a4728fb239efe) [The SRC_URI HASH no longer exists in repo so use 0.0.2 version] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* lapack: add packageconfig for lapackeAdrian Zaharia2023-06-151-0/+3
| | | | | | | | | | backport of commit: d799db35d lapack: add packageconfig for lapacke Signed-off-by: Adrian Zaharia <Adrian.Zaharia@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Revert "pahole: fix native package build error"Xiangyu Chen2023-05-231-1/+0
| | | | | | | | | | This reverts commit 0cc8e22c463324ddd833239116b1ff82ef82f42c. The pahole-native package should use the header from libbpf instead of linux-libc-headers, the 0cc8e22c would cause compile error, so revert it. Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nodejs: Fix build with gcc13Khem Raj2023-05-192-0/+76
| | | | | | Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* abseil-cpp: backport a fix for build with gcc-13Martin Jansa2023-05-192-0/+32
| | | | | | | * needed for abseil-cpp-native on hosts with gcc-13" Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* capnproto: upgrade to 0.9.2Chee Yang Lee2023-05-091-1/+1
| | | | | | | upgrade include fix for CVE-2022-46149 Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* pahole: fix native package build errorXiangyu Chen2023-05-061-0/+1
| | | | | | | | | | pahole-native package needs some uapi headers such like linux/btf.h, otherwise it would report error as below: btf_loader.c:342:54: error: invalid use of undefined type ‘struct btf_enum64’ Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* pahole: respect libdirMartin Jansa2023-04-131-1/+1
| | | | | | | | | | * use the same expression as cmake.bbclass is using: CMAKE_INSTALL_LIBDIR:PATH=${@os.path.relpath(d.getVar('libdir'), d.getVar('prefix') + '/')} but ${baselib} should work here as well Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* flatbuffers: adapt for cross-compilation environmentsBINDU2023-04-131-1/+6
| | | | | | | | | | | | | | | | | | | | | | | Flatbuffers contains a library and a schema compiler. The package contains cmake files to discover the libraries and the compiler tool. Currently, all of these cmake files are installed into the target sysroot. However, the compiler utility isn't installed into the sysroot (as it is not runnable on the build machine). When an application that depends on flatbuffers gets built, it uses flatbuffers' exported cmake targets to configure the project. One of the exported targets is FlatcTarget.cmake which expects to see flatc binary in /usr/bin of the sysroot. Since binaries for target don't end up in target sysroot, cmake configuration fails. This patch addresses this problem of flatbuffers' build infrastructure in cross-compiling environments. By removing FlatcTarget.cmake for target builds from the sysroot we essentially skip this step of flatbuffers' configuration. Signed-off-by: Ivan Stepic <Ivan.Stepic@bmw.de> Signed-off-by: Bhabu Bindu <bindudaniel1996@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nodejs: Upgrade 16.19.0 -> 16.19.1Polampalli, Archana2023-03-131-1/+1
| | | | | | | | | | | | The following CVEs fixed in this version: CVE-2023-23918 CVE-2023-23919 CVE-2023-23920 CVE-2023-23936 CVE-2023-24807 Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nlohmann-json: Allow empty main package for SDKTom Hochstein2023-03-131-1/+1
| | | | | | | | | | | | | | | | | The header-only package cannot be included in the SDK without marking the main package with ALLOW_EMPTY. Fixes rootfs problem: ``` The following packages have unmet dependencies: imx-gpu-sdk : Depends: nlohmann-json but it is not installable E: Unable to correct problems, you have held broken packages. ``` Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit f9c9e7a448b9d9f7d54bbf09970223db467eedb2) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* php: Upgrade to 8.1.16Mingli Yu2023-03-131-1/+1
| | | | | | | | | Upgrade php to 8.1.16 [1]. [1] https://www.php.net/ChangeLog-8.php#8.1.16 Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* grpc: upgrade 1.46.6 -> 1.46.7Andrej Valek2023-03-051-1/+1
| | | | | | | Includes fix for CVE-2023-0286 Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nodejs: upgrade 16.18.1 -> 16.19.0Tim Orling2023-02-043-3/+3
| | | | | | | | | | | | | | | | * 16.18.0 (npm 8.19.2) introduced a regression in git+ssh urls - https://github.com/nodejs/node/issues/44992 - https://github.com/npm/cli/pull/5761 https://nodejs.org/ko/blog/release/v16.19.0/ License-Update: Clarify vendored OpenSSL Toolkit is OpenSSL and SSLeay License-Update: JS Foundation -> OpenJS Foundation https://github.com/nodejs/node/commit/e7ed56f501389978e4619ab697a812631c4061ff Signed-off-by: Tim Orling <tim.orling@konsulko.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* grpc: upgrade 1.45.2 -> 1.46.6Andrej Valek2023-01-291-2/+2
| | | | | | | | Backporting the version from master (1.50.1) would a big risk. So use the version 1.46.6 which also includes fixes of bundled z-lib library. Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* php: Upgrade to 8.1.12Mingli Yu2022-12-261-1/+1
| | | | | | | | | This is a security release[1]. [1] https://www.php.net/ChangeLog-8.php#8.1.12 Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Nodejs: Fixed python3 DeprecationWarningArchana Polampalli2022-12-202-1/+37
| | | | | | | Distutils package and pipes are deprecated and slated for removal in Python 3.13 for Nodejs 16.18 Replaced distutils with setuptools Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
* protobuf: upgrade 3.19.4 -> 3.19.6He Zhe2022-12-111-1/+1
| | | | | Signed-off-by: He Zhe <zhe.he@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Nodejs - Upgrade to 16.18.1Archana Polampalli2022-11-196-268/+27
| | | | | | | | | * Drop Openssl legacy provider patch and install both binaries patch which are already available in 16.x * Refresh native binaries patch against 16.x base Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* php: upgrade 8.1.9 -> 8.1.10wangmy2022-09-201-1/+1
| | | | | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 2e768a2846968bf306b3d70eb768aafa3ae6e3d1) [Bug fix only release] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* php: upgrade 8.1.8 -> 8.1.9Wang Mingyu2022-09-151-1/+1
| | | | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 610b8fdfd45467ae1007878cc98baae2e73fb0cb) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nodejs-oe-cache-native: initial checkinEnrico Scholz2022-09-152-0/+98
| | | | | | | | | | | | | This implements an 'npm cache add' like functionality but allows to specify the key of the data and sets metadata which are required to find the data. It is used to cache information as done during 'npm install'. Keyformat and metadata are nodejs version specific. Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* yasm: fix buildpaths warningAnuj Mittal2022-08-071-0/+5
| | | | | | | | | | | | ax_create_stdint_h.m4 includes $CC as a comment in the generated header which leads to buildpaths warning: | WARNING: yasm-1.3.0+gitAUTOINC+ba463d3c26-r0 do_package_qa: QA Issue: File /usr/include/libyasm-stdint.h in package yasm-dev contains reference to TMPDIR [buildpaths] Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit a7346d2bb1a60289225cce78d760e4d264d1b2a2) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* php: upgrade 8.1.7 -> 8.1.8Wang Mingyu2022-07-211-1/+1
| | | | | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 8d7b56ff235ea3b6da8e2b8a391176a99ca07327) [Bug fix only update] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* php: ignore patched CVEsDavide Gardenal2022-07-211-0/+6
| | | | | | | | | | | CVE-2007-2728, CVE-2007-3205 and CVE-2007-4596 are patched in our version of php but they don't have a vulnerable version range in the NVD database, that's why they need to be ignored. Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 1642bfcb071aadb542c488bf79922842e32f1db5) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-oe: ignore patched CVEsDavide Gardenal2022-07-211-0/+4
| | | | | | | | | | | Some old CVEs don't have a vulnerable version range in the NVD database, this causes come mismatch with cve-check. Ignore many CVEs that are picked up by the class but are patched in our products. Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit efa12676dd0676fd0aa63457d7ba360fe8a6fae2) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* protobuf-c: update to 1.4.1 fix CVE-2022-33070Wentao Zhang2022-07-141-2/+2
| | | | | | | Signed-off-by: Wentao Zhang <wzhang4@ala-lpd-susbld2.wrs.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 95904cca4a23de395069b01f1518d98fa8502afc) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* php: upgrade 8.1.6 -> 8.1.7wangmy2022-07-091-1/+1
| | | | | | | | | | | | Changelog: ========== https://www.php.net/ChangeLog-8.php#8.1.7 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 75749fa360f32ed0b5c2e09c359e245e58cc7131) Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* unattended-upgrades: Disable auto-detecting modulesKhem Raj2022-06-032-0/+29
| | | | | | Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit e7193af6c94436a577ebd472c6294eaef7c7cd15) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* php: upgrade 8.1.5 -> 8.1.6wangmy2022-05-301-1/+1
| | | | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit b7bef320005a7e44f28f871d3ecd825dae9c14b8) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* php: upgrade 8.1.4 -> 8.1.5wangmy2022-05-301-1/+1
| | | | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 412638c21b09ecc6dbe4bd480fbc8a0a83d05da5) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* jq: Fix typo OE_EXTRACONF -> EXTRA_OECONFJoerg Vehlow2022-05-301-1/+1
| | | | | | | Signed-off-by: Joerg Vehlow <joerg.vehlow@aox.de> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 1aa9d7d53d05b01727a8fdc2079f7c00e273fc13) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* absil-cpp: Update SRC_URI to to the latest google internal syncWilly Tu2022-05-032-12/+12
| | | | | | | | | | | https://github.com/abseil/abseil-cpp/commit/7c6608d0dbe43cf9bdf7f77787bc6bc89cc42f8b The internal sync are tested within Google and ready for use. Signed-off-by: Willy Tu <wltu@google.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 3c1c07e9a5477df68bfa1f739b38f10a5e78b07e) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ltrace: Fix build on ppc64 with gcc12Khem Raj2022-04-202-0/+30
| | | | | | | gcc-12 has a better static analyser and finds additional use-after-free case, addressed by removing the double free Signed-off-by: Khem Raj <raj.khem@gmail.com>
* grpc: Fix build with rv32/rv64Khem Raj2022-04-202-0/+33
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nodejs: Upgrade to 16.14.2Khem Raj2022-04-202-1/+36
| | | | | | Fix build with mips32, found with gcc12 Signed-off-by: Khem Raj <raj.khem@gmail.com>
* libconfig-general-perl: move from meta-openstackMingli Yu2022-04-181-0/+25
| | | | | | | tgt rdepends on libconfig-general-perl. Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* squashfs-tools-ng: upgrade 1.0.2 -> 1.1.4wangmy2022-04-141-3/+4
| | | | | | | | | | | | | | | Changelog from 1.0.2 to 1.1.4: https://github.com/AgentD/squashfs-tools-ng/blob/master/CHANGELOG.md License-Update: - COPYING.md Add exceptions to files under **GNU Lesser General Public License version 3 or later** Add description to examples - zstd.txt Delete blank lines at the end of the text Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* pax-utils: upgrade 1.2.2 -> 1.3.3wangmy2022-04-141-2/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* octave: upgrade 6.4.0 -> 7.1.0wangmy2022-04-131-1/+1
| | | | | | | | Changelog from 6.4.0 to 7.1.0: https://www.gnu.org/software/octave/news.html Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-08-07 08:07:33 +0000