[oe] [meta-oe][PATCH] capnproto: upgrade 1.0.2 -> 1.4.0

Mon, 16 Mar 2026 05:21:38 -0700 

Contains fix for CVE-2026-32239 and CVE-2026-32240

Also, mark these CVEs explicitly patched, because NVD tracks them
without version info at this time.

Shortlog:
https://github.com/capnproto/capnproto/compare/v1.0.2...v1.4.0

Signed-off-by: Gyorgy Sarvari <[email protected]>
---
 .../capnproto/{capnproto_1.0.2.bb => capnproto_1.4.0.bb}   | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)
 rename meta-oe/recipes-devtools/capnproto/{capnproto_1.0.2.bb => 
capnproto_1.4.0.bb} (79%)

diff --git a/meta-oe/recipes-devtools/capnproto/capnproto_1.0.2.bb 
b/meta-oe/recipes-devtools/capnproto/capnproto_1.4.0.bb
similarity index 79%
rename from meta-oe/recipes-devtools/capnproto/capnproto_1.0.2.bb
rename to meta-oe/recipes-devtools/capnproto/capnproto_1.4.0.bb
index 0ea243fd20..948ff80345 100644
--- a/meta-oe/recipes-devtools/capnproto/capnproto_1.0.2.bb
+++ b/meta-oe/recipes-devtools/capnproto/capnproto_1.4.0.bb
@@ -5,9 +5,9 @@ SECTION = "console/tools"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://../LICENSE;md5=a05663ae6cca874123bf667a60dca8c9"
 
-SRC_URI = 
"git://github.com/sandstorm-io/capnproto.git;branch=release-${PV};protocol=https
 \
+SRC_URI = 
"git://github.com/sandstorm-io/capnproto.git;branch=release-${PV};protocol=https;tag=v${PV}
 \
            file://0001-Export-binaries-only-for-native-build.patch"
-SRCREV = "1a0e12c0a3ba1f0dbbad45ddfef555166e0a14fc"
+SRCREV = "8b892a8a11a632f5d52b877a49728808a142379a"
 
 S = "${UNPACKDIR}/${BP}/c++"
 
@@ -29,3 +29,6 @@ PACKAGE_BEFORE_PN = "${PN}-compiler"
 RDEPENDS:${PN}-dev += "${PN}-compiler"
 
 BBCLASSEXTEND = "native nativesdk"
+
+CVE_STATUS[CVE-2026-32239] = "fixed-version: fixed in 1.4.0"
+CVE_STATUS[CVE-2026-32240] = "fixed-version: fixed in 1.4.0"

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#125273): 
https://lists.openembedded.org/g/openembedded-devel/message/125273
Mute This Topic: https://lists.openembedded.org/mt/118343425/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to