packages/libs/libuv, branch master

treewide: fix spelling and grammar in Makefiles

2025-12-31T07:12:36Z

Fix spelling and grammar in package definitions, configs, comments and other strings. Signed-off-by: George Sapkin

libs/libuv: fix PKG_CPE_ID

2025-05-11T18:26:15Z

libuv:libuv is a better CPE ID than libuv_project:libuv as this CPE ID has the latest CVEs (whereas libuv_project:libuv only has a CVE from 2015): https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:libuv:libuv Fixes: f8ecbf529bad57970e4ff8f90484ba58d06b4a39 (libuv: update to 1.32.0) Signed-off-by: Fabrice Fontaine

libuv: fix CVE-2024-24806

2024-02-20T05:46:50Z

Update to 1.48.0 CVE-2024-24806 : Improper Domain Lookup that potentially leads to SSRF attacks Vulnerabilities fixed * CVE-2024-24806 / GHSA-f74f-cvh7-c6q6 0f2d7e7, 3530bcc and e0327e1 Notable Changes * linux: disable io_uring on ppc64 and ppc64le #4285 * linux: disable io_uring on hppa below kernel 6.1.51 #4224 * win/spawn: optionally run executable paths with no file extension #4292 (We recommend that most users consider setting this by default) Important Bugs Fixed * unix,win: fix busy loop with zero timeout timers #4250, #4304. Signed-off-by: Hirokazu MORIKAWA

libuv: bump to 1.45.0

2023-06-18T06:00:00Z

1.45.0 * linux: introduce io_uring support * src: add new metrics APIs * unix,win: give thread pool threads an 8 MB stack * win,unix: change execution order of timers 1.44.2 * loop: better align order-of-events behavior between platforms * zos: fix fs event not fired if the watched file is moved/removed/recreated * win: Fix pipe resource leak if closed during connect (and other bugs) * zos: don't error when killing a zombie process * macos: avoid posix_spawnp() cwd bug * kqueue: skip EVFILT_PROC events when invalidating events for an fd. Signed-off-by: Hirokazu MORIKAWA

treewide: remove AUTORELEASE

2023-04-21T20:46:58Z

Automatically compute and substitute current values for all $(AUTORELEASE) instances as this feature is deprecated and shouldn't be used. The following temporary change was made to the core: diff --git a/rules.mk b/rules.mk index 57d7995d4fa8..f16367de87a8 100644 --- a/rules.mk +++ b/rules.mk @@ -429,7 +429,7 @@ endef abi_version_str = $(subst -,,$(subst _,,$(subst .,,$(1)))) COMMITCOUNT = $(if $(DUMP),0,$(call commitcount)) -AUTORELEASE = $(if $(DUMP),0,$(call commitcount,1)) +AUTORELEASE = $(if $(DUMP),0,$(shell sed -i "s/\$$(AUTORELEASE)/$(call commitcount,1)/" $(CURDIR)/Makefile)) all: FORCE: ; And this command used to fix affected packages: for i in $(cd feeds/packages; git grep -l PKG_RELEASE:=.*AUTORELEASE | \ sed 's^.*/$[^/]*$/Makefile^\1^';); do make package/$i/download done Signed-off-by: Paul Fertser

libuv: bump to v1.44.1

2022-03-31T02:38:57Z

Changes: * bumped version to 1.44.1 * bumped maintainer email Signed-off-by: Marko Ratkaj

libuv: bump to 1.41.1

2021-07-12T05:20:33Z

Update to 1.41.1 include fix CVE-2021-22918 Signed-off-by: Hirokazu MORIKAWA

libuv: fix CVE-2021-22918

2021-07-06T04:49:15Z

idna: fix OOB read in punycode decoder libuv was vulnerable to out-of-bounds reads in the uv__idna_toascii() function which is used to convert strings to ASCII. This is called by the DNS resolution function and can lead to information disclosures or crashes. https://github.com/libuv/libuv/commit/b7466e31e4bee160d82a68fca11b1f61d46debae https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990561 https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/ Signed-off-by: Hirokazu MORIKAWA

treewide: back to cmake.mk

2021-06-13T04:05:01Z

Ninja was merged to base and therefore we can now use normal cmake.mk Signed-off-by: Rosen Penev

libuv: update to 1.41.0

2021-03-21T00:23:30Z

Switch to AUTORELEASE for simplicity. Switch to building with Ninja for faster compilation. Signed-off-by: Rosen Penev