Since the bump to Python 3.13.2 in commit
d63e207eb8, there is a runtime assertion
in Python when the toolchain doesn't support time64 [1]. The only such
toolchain is one with uClibc and linux headers < 5.1.
Encoding this dependency in Config.in was deemed to complicated (cfr.
commit ffd0028031).
Instead, do a build-time check of the same condition. The check itself
is a bit complicated, but it is localized to python3.mk and doesn't need
to be propagated to all reverse dependencies.
Testing such a corner case toolchain is a bit complicated. It can be
done with the following configuration.
BR2_arm=y
BR2_cortex_a9=y
BR2_ARM_ENABLE_VFP=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_CUSTOM=y
BR2_TOOLCHAIN_EXTERNAL_DOWNLOAD=y
BR2_TOOLCHAIN_EXTERNAL_URL="http://toolchains.bootlin.com/downloads/releases/toolchains/armv7-eabihf/tarballs/armv7-eabihf--uclibc--stable-2018.02-1.tar.bz2"
BR2_TOOLCHAIN_EXTERNAL_GCC_6=y
BR2_TOOLCHAIN_EXTERNAL_HEADERS_4_1=y
BR2_TOOLCHAIN_EXTERNAL_LOCALE=y
BR2_TOOLCHAIN_EXTERNAL_CXX=y
BR2_PACKAGE_PYTHON3=y
It needs to be built in an environment that has libmpfr.so.4 installed
as the pre-built toolchain from that era did not include it. An easy
way to achieve this is to build this configuration under an old
Buildroot Docker container:
IMAGE=buildroot/base:20180205.0730 ./utils/docker-run make python3
With a build-time check, the autobuilders could get build failures when
generating such a config. However, the autobuilders cannot use a
toolchain with this configuration (they only use more recent
toolchains). Therefore, no update to genrandconfig is needed.
[1] https://gitlab.com/buildroot.org/buildroot/-/issues/95#note_2348479811
Cc: Vincent Fazio <vfazio@xes-inc.com>
Cc: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
TestRelroPartial is broken since the last checksec update to 2.7.1 [1]
(Buildroot 2024.08) due to a relro check fix [2] that doesn't work for
powerpc architecture where .got.plt doesn't exist for some reasons
(that's why the expected result "full" is replaced by "Partial").
From [3]:
if ${readelf} -d "${1}/exe" 2> /dev/null | grep -q 'BIND_NOW' || ! ${readelf} -l "${1}/exe" 2> /dev/null | grep -q '\.got\.plt'; then
echo_message '\033[32mFull RELRO \033[m ' 'Full RELRO,' ' relro="full"' '"relro":"full",'
else
echo_message '\033[33mPartial RELRO\033[m ' 'Partial RELRO,' ' relro="partial"' '"relro":"partial",'
checksec tool is problably tested upstream on more common architectures
like x86_64 or aarch64 than powerpc64 e5500. This may explain why
checksec broke on powerpc64 e5500 target.
Also, the Booltin powerpc64-e5500--glibc--stable-2018.02-2 toolchain
used by test_hardening tests was not updated since the hardening tests
were introduced back in 2018.11 release.
So, switch to the current Bootling aarch64 stable toolchain
(currently Bootlin aarch64 glibc stable 2025.08-1).
Checked that all 6 hardening tests pass with this new toolchain:
tests.core.test_hardening.TestFortifyConserv
tests.core.test_hardening.TestFortifyNone
tests.core.test_hardening.TestRelro
tests.core.test_hardening.TestRelroPartial
tests.core.test_hardening.TestSspNone
tests.core.test_hardening.TestSspStrong
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/11176773995 (TestRelroPartial)
[1] 6150564974
[2] https://github.com/slimm609/checksec/commit/1c80e39c4956f902ed15c4baa8d9c17851096900
[3] https://github.com/slimm609/checksec/commit/1c80e39c4956f902ed15c4baa8d9c17851096900#diff-9e8d1b28dfaf1c704560ac51a5613b70d70de2dcd84e87b9fa20f28811e6484aL1491
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
iozone releases 3.507 and 3.508 seems to be only build fixes releases
for latest GCC compiler version but since there is no public vcs
it's not easy to review the history between releases and backport
any patches.
Based on the changelog from [1]:
Revision 3.507
Fix GCC compile warnings.
Revision 3.508
Put an end to the (&*% stupid GCC breaking builds for no valid reason.
So bump to the latest 508 release.
Rebase 0001-Add-new-targets-for-iozone.patch
Rebase 0002-fix-build-without-aio.patch and convert to git format
The TestIozone build issue is not yet fixed by the version bump [2].
[1] https://www.iozone.org/src/current/Changes.txt
[2] https://gitlab.com/buildroot.org/buildroot/-/jobs/11176774405
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Commit 759a08633e ("package/mbpfan: fix build on musl / uclibc-ng") added a
patch for musl / uclibc-ng, but the upstream patch did not correctly apply
to the 2.4.0 release, breaking the build.
Fix that. In the mean time the patch has been applied upstream, so add a
reference to the upstream commit.
Fixes:
https://autobuild.buildroot.net/results/785be6231c1edc4e5461ce083a3d65fd27fc5843/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The memory leak patch is included with the Linux 6.12.40 release tag, so it no
longer needs to be applied to these defconfigs:
https://github.com/Xilinx/linux-xlnx/commit/9691533f6e6fd0a596ac7688e82eeea53f22c434
Also, since all Xilinx defconfigs have been bumped to Linux 6.12.40 with this
patch, the Linux 6.12.10 (2025.1) hash can be removed along with the
Linux 6.12.10 memory leak patch.
This patch has been run tested on the versal vek280 evaluation board.
This patch has been run tested on the versal vck190 evaluation board.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
In the process of bumping Linux kernel 6.12.10 to 6.12.40, the size of the
default Linux kernel Image file for versal products is increasing from 23.4M
to 26.9M. This is leaving limited free space in the vfat partition meaning
users may unknowingly exceed the 32M size by just adding Linux kernel configs.
To avoid potential problems, this patch doubles the size of the vfat partition
to 64M, which should be plenty of space for any configuration.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Bat pulls in the onig crate (version 6.4.0) through syntect with the
default "regex-onig" feature. This crate depends on the Oniguruma C
library (via onig_sys), which fails to build with GCC 15 due to C23
keyword conflicts. Newer versions of onig fix this issue, but bat
cannot directly update the onig version because it is pinned by syntect.
To resolve the build failure, apply a patch that replaces the
"regex-onig" feature with "regex-fancy" in bat's minimal-application
feature set. This switches bat to use the pure-Rust fancy-regex engine
instead of Oniguruma, avoiding the problematic onig_sys dependency.
Fixes:
https://autobuild.buildroot.net/results/ecc/ecc3b0c83e691e9a8ed5c7ff9d0a92ee06409f20
Signed-off-by: El Mehdi YOUNES <elmehdi.younes@smile.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
openal 1.22.0 does not build with GCC 15.x, but the backport of the
fixes to 1.22.0 turns out to be too complicated, so let's bump to
1.24.3 instead.
Since 1.24.3 uses C++17, and after testing with GCC 7.x, then GCC 8.x
then GCC 9.x, we found out that GCC 9.x at least is
necessary. Therefore, reverse dependencies are updated accordingly.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
On the autobuilder the mariadb package fails to build when the
BR2_PACKAGE_LIBOPENSSL_ENABLE_RMD160 variable is not set.
See the following autobuilder error:
```
/workdir/instance-0/output-1/build/mariadb-10.11.11/libmariadb/libmariadb/secure/openssl_crypt.c: In function 'ma_hash_get_algorithm':
/workdir/instance-0/output-1/build/mariadb-10.11.11/libmariadb/libmariadb/secure/openssl_crypt.c:40:12: error: implicit declaration of function 'EVP_ripemd160'; did you mean 'LN_ripemd160'? [-Wimplicit-function-declaration]
40 | return EVP_ripemd160();
| ^~~~~~~~~~~~~
| LN_ripemd160
/workdir/instance-0/output-1/build/mariadb-10.11.11/libmariadb/libmariadb/secure/openssl_crypt.c:40:12: error: returning 'int' from a function with return type 'const EVP_MD *' {aka 'const struct evp_md_st *'} makes pointer from integer without a cast [-Wint-conversion]
40 | return EVP_ripemd160();
| ^~~~~~~~~~~~~~~
```
This error can be reproduced with the following config:
```
cat <<EOF >.config
BR2_arm=y
BR2_cortex_a7=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_PACKAGE_LIBOPENSSL=y
# BR2_PACKAGE_LIBOPENSSL_ENABLE_RMD160 is not set
BR2_PACKAGE_MARIADB=y
EOF
make olddefconfig
make mariadb
```
This patch adds a requirement to the RMD160 crypto for the MariaDB
package.
Fixes: https://autobuild.buildroot.org/results/f2b/f2b749cb7019856c5434c27987e8bfb2dc179cda
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The build of avrdude sometimes fails with:
avrdude: installs files in /home/autobuild/autobuild/instance-1/output-1/target//home/autobuild/autobuild/instance-1/output-1
This is due to an issue in the installation logic for the Python
code. However, our avrdude.mk doesn't explicitly support building
avrdude's Python support, so it's really only by luck (or lack
thereof) that sometimes host-swig and python3 end up built before
avrdude, causing avrdude to build its Python support, which installs
at the wrong location.
In order to address this, we add a small patch, submitted upstream,
that allows to explicitly disable Python support, which we then use in
avrdude.mk.
The actual Python issue can be investigated at a later point if
someone needs it. But in any case, being able to explicitly disable
Python support if not needed is useful.
Fixes:
http://autobuild.buildroot.net/results/f18d47289d8b4dee768275a468c25b4f4399cf8c/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes https://autobuild.buildroot.net/results/f32ae62961aac7e8344f4be109040e7de2eb415e/
The openssl logic in ecryptfs uses the openssl engines API, which is always
available in libressl, but only available in libopenssl when
BR2_PACKAGE_LIBOPENSSL_ENGINES is enabled, leading to build failures when it
is not:
ecryptfs_key_mod_openssl.c: In function 'ecryptfs_openssl_read_key':
ecryptfs_key_mod_openssl.c:305:9: error: implicit declaration of function 'ENGINE_load_builtin_engines' [-Wimplicit-function-declaration]
305 | ENGINE_load_builtin_engines();
Fix it by only passing --enable-openssl if libressl or (libopenssl + engines
support) is enabled.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes https://autobuild.buildroot.net/results/9d4e2f156d76e2acc83e3a25adb5e5cf0705e7c6/
configure:781: checking whether the C compiler (/home/buildroot/instance-0/output-1/host/bin/armeb-buildroot-linux-gnueabi-gcc -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Og -g0 -D_FORTIFY_SOURCE=1 ) works
configure:797: /home/buildroot/instance-0/output-1/host/bin/armeb-buildroot-linux-gnueabi-gcc -o conftest -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Og -g0 -D_FORTIFY_SOURCE=1 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 conftest.c 1>&5
configure:794:1: error: return type defaults to 'int' [-Wimplicit-int]
794 | main(){return(0);}
| ^~~~
configure: failed program was:
#line 792 "configure"
#include "confdefs.h"
main(){return(0);}
Wipe uses a very old configure script where the compile checks are missing
the return type on main(), breaking the configure step with >= gcc-15.
As a workaround, use AUTORECONF to regenerate the configure script.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is a major version bump, because it could break user code that depends
on the (wrong) previous logic fixed by the new release
See the release notes:
- https://github.com/corydolphin/flask-cors/releases/tag/6.0.0
- https://github.com/corydolphin/flask-cors/releases/tag/6.0.1
This fixes the following vulnerabilities:
- CVE-2024-6839:
corydolphin/flask-cors version 4.0.1 contains an improper regex path
matching vulnerability. The plugin prioritizes longer regex patterns
over more specific ones when matching paths, which can lead to less
restrictive CORS policies being applied to sensitive endpoints. This
mismatch in regex pattern priority allows unauthorized cross-origin
access to sensitive data or functionality, potentially exposing
confidential information and increasing the risk of unauthorized
actions by malicious actors.
https://www.cve.org/CVERecord?id=CVE-2024-6839
- CVE-2024-6844:
A vulnerability in corydolphin/flask-cors version 4.0.1 allows for
inconsistent CORS matching due to the handling of the '+' character in
URL paths. The request.path is passed through the unquote_plus
function, which converts the '+' character to a space ' '. This
behavior leads to incorrect path normalization, causing potential
mismatches in CORS configuration. As a result, endpoints may not be
matched correctly to their CORS settings, leading to unexpected CORS
policy application. This can cause unauthorized cross-origin access or
block valid requests, creating security vulnerabilities and usability
issues.
https://www.cve.org/CVERecord?id=CVE-2024-6844
- CVE-2024-6866:
corydolphin/flask-cors version 4.01 contains a vulnerability where the
request path matching is case-insensitive due to the use of the
`try_match` function, which is originally intended for matching hosts.
This results in a mismatch because paths in URLs are case-sensitive,
but the regex matching treats them as case-insensitive. This
misconfiguration can lead to significant security vulnerabilities,
allowing unauthorized origins to access paths meant to be restricted,
resulting in data exposure and potential data leaks.
https://www.cve.org/CVERecord?id=CVE-2024-6866
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This fixes the following vulnerabilities:
- CVE-2023-5341:
A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.
https://www.cve.org/CVERecord?id=CVE-2023-5341
- CVE-2025-55004:
ImageMagick is free and open-source software used for editing and
manipulating digital images. Prior to version 7.1.2-1, ImageMagick is
vulnerable to heap-buffer overflow read around the handling of images
with separate alpha channels when performing image magnification in
ReadOneMNGIMage. This can likely be used to leak subsequent memory
contents into the output image. This issue has been patched in version
7.1.2-1.
https://www.cve.org/CVERecord?id=CVE-2025-55004
- CVE-2025-55005:
ImageMagick is free and open-source software used for editing and
manipulating digital images. Prior to version 7.1.2-1, when preparing
to transform from Log to sRGB colorspaces, the logmap construction
fails to handle cases where the reference-black or reference-white
value is larger than 1024. This leads to corrupting memory beyond the
end of the allocated logmap buffer. This issue has been patched in
version 7.1.2-1.
https://www.cve.org/CVERecord?id=CVE-2025-55005
- CVE-2025-55160:
ImageMagick is free and open-source software used for editing and
manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1,
there is undefined behavior (function-type-mismatch) in splay tree
cloning callback. This results in a deterministic abort under UBSan
(DoS in sanitizer builds), with no crash in a non-sanitized build.
This issue has been patched in versions 6.9.13-27 and 7.1.2-1.
https://www.cve.org/CVERecord?id=CVE-2025-55160
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This fixes the following vulnerability:
- CVE-2025-6965:
There exists a vulnerability in SQLite versions before 3.50.2 where
the number of aggregate terms could exceed the number of columns
available. This could lead to a memory corruption issue. We recommend
upgrading to version 3.50.2 or above.
https://www.cve.org/CVERecord?id=CVE-2025-6965
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Even though this is not mentioned in the release notes:
- https://github.com/containers/netavark/releases/tag/v1.16.0
- https://github.com/containers/netavark/releases/tag/v1.16.1
According to https://bugzilla.redhat.com/show_bug.cgi?id=2383941,
the fix for the CVE has been merged upstream, and is in netavark
since v1.16.0.
This fixes the following vulnerability:
- CVE-2025-8283:
A vulnerability was found in the netavark package, a network stack for
containers used with Podman. Due to dns.podman search domain being
removed, netavark may return external servers if a valid A/AAAA record
is sent as a response. When creating a container with a given name,
this name will be used as the hostname for the container itself, as
the podman's search domain is not added anymore the container is using
the host's resolv.conf, and the DNS resolver will try to look into the
search domains contained on it. If one of the domains contain a name
with the same hostname as the running container, the connection will
forward to unexpected external servers.
https://www.cve.org/CVERecord?id=CVE-2025-8283
Also bump package/aardvark-dns in the same lockstep, as advised in
the packages .mk version comments.
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
GCC-15 defaults to C23, which changes the meaning of an empty parameter
list:
https://gcc.gnu.org/gcc-15/porting_to.html#c23-fn-decls-without-parameters
Leading to a build failure:
tsserve.c: In function ‘set_child_exit_handler’:
tsserve.c:2988:21: error: assignment to ‘__sighandler_t’ {aka ‘void (*)(int)’} from incompatible pointer type ‘void (*)(void)’ [-Wincompatible-pointer-types]
2988 | action.sa_handler = on_child_exit;
Add a patch from an upstream PR to fix that.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 0d643a8636 which removed the
BR2_PACKAGE_LIGHTTPD_LIBEV symbol was originally meant for next and
therefore introduced the "Legacy options removed in 2025.11" comment.
However, in the end it was still applied to master for 2025.08, so the
legacy symbol was incorrectly placed.
Fix that.
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
The github repo was deleted and moved to codeberg, so use that instead:
https://lwn.net/Articles/926101/
It is unclear if the auto generated tarballs from codeberg are reproducible,
so instead fetch through git.
[Peter: set _CPE_ID_VERSION to the correct value]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bufix release fixing a number of issues:
- Bug 5352: Do not get stuck in RESPMOD after pausing peer read(2)
- Bug 5489: Fix "make check" linking on Solaris
- Fix SNMP cacheNumObjCount -- number of cached objects
- Do not duplicate received Surrogate-Capability in sent requests
- Fix Mem::Segment::open() stub to fix build without shm_open()
- ... and CI and documentation updates
https://github.com/squid-cache/squid/releases/tag/SQUID_6_14
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since Buildroot commit [1] updating qemu defconfigs from Kernel 6.6.32
to 6.12.9, qemu_aarch64_ebbr_defconfig, qemu_aarch64_sbsa_defconfig
and qemu_arm_ebbr_defconfig can fail to build with error:
/bin/sh: 1: python3: not found
make[7]: *** [drivers/gpu/drm/msm/Makefile:182: drivers/gpu/drm/msm/generated/a2xx.xml.h] Error 127
The issue can happen on build hosts without Python, and if the Linux
kernel is built before any package having host-python3 in its
dependencies (e.g. host-qemu, optee-os, ...).
Starting with Linux 6.10, the arm and arm64 architecture defconfigs need
python3 to build. [2]
This commit fixes this issue by adding
BR2_LINUX_KERNEL_NEEDS_HOST_PYTHON3=y in those defconfigs.
[1] https://gitlab.com/buildroot.org/buildroot/-/commit/44075c19555df409ea7c2859729abb02d341df29
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=0fddd045f88e34d6160785a3a5e506d374566454
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Romain Naour <romain.naour@gmail.com>
[Julien:
- reword commit log to add the commit introducing the issue
- fix qemu_aarch64_sbsa_defconfig which has the same issue
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
This patch fixes the CPE ID for both go-bin and go-src packages.
The go-src package did had a CPE ID because GO_SRC_CPE_ID_VENDOR is
defined but the generated CPE ID would be the following:
cpe:2.3:a:golang:go-src:*:*:*:*:*:*:*:*
The CPE product go-src doesn't match to anything and should be 'go'
instead.
For go-bin no CPE_ID variable were defined so no CPE ID would be
generated if using a pre-build toolchain.
This patch duplicate the definition of the CPE_ID variables, I didn't
put the definition in the 'package/go/go.mk' file to avoid generate a
CPE for the go virtual package.
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes: https://autobuild.buildroot.net/results/9c40c86a42882a6d56eb6d6d1418781a980b6f8f/
The pthread support uses pthread_atfork(), which is not available on nommu:
cap-ng.c: In function 'init_lib':
cap-ng.c:225:9: error: implicit declaration of function 'pthread_atfork';
did you mean 'pthread_join'? [-Wimplicit-function-declaration]
So disable pthread support on nommu to fix that.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
Setting the "update" field in the CPE ID to * doesn't actually make
much sense, as * is a wildcard. Instead, this field should really
reflect the "subrelease" / "update" of the package, which unless
specified explicitly by the package .mk file, is empty.
Using a wildcard causes a few CVEs to be incorrectly identified as
affecting some of our packages.
For example https://nvd.nist.gov/vuln/detail/CVE-2013-1428 has a
CPE configuration that goes like this:
cpe:2.3:a:tinc-vpn:tinc:*:pre6:*:*:*:*:*:* up to including 1.1
and this CPE configuration is currently identified as affecting our
package. This isn't correct as our package is using 1.0.36, not a
"pre6" version. But because the CPE ID generated by Buildroot uses *
as the "update" field, and * is the wildcard, it does match with this
CPE configuration.
After this change, two CVEs are no longer identified as affecting
Buildroot packages:
https://nvd.nist.gov/vuln/detail/CVE-2013-1428https://nvd.nist.gov/vuln/detail/CVE-2017-9454
and in both cases they are indeed CVEs not affecting our package.
Reported-by: Titouan Christophe <titouan.christophe@mind.be>
Cc: Titouan Christophe <titouan.christophe@mind.be>
Cc: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Titouan Christophe <titouan.christophe@mind.be>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
Fixes: https://autobuild.buildroot.net/results/8d14173f31922a737c326be75aa24c9f9471342a/
The vde2 source code uses empty argument function pointer prototypes like:
typedef ssize_t (* ssize_fun)();
extern ssize_fun vdehist_vderead;
In C17 and earlier, such prototypes means unknown number of arguments,
whereas with C23 it means no arguments, leading to build failures:
libvdehist.c:39:27: error: initialization of 'ssize_fun' {aka 'long int
(*)(void)'} from incompatible pointer type 'ssize_t (*)(int, void *,
size_t)' {aka 'long int (*)(int, void *, long unsigned int)'}
[-Wincompatible-pointer-types]
Workaround it using -std=gnu99. Vde2 is provided both as a host and target
package, so do this unconditionally for both.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
Now that the qspi.bin file is included for zynqmp images, the 32M vfat
partition is getting dangerously close to being full.
In the process of bumping Linux kernel 6.12.10 to 6.12.40, the size of the
default Linux kernel Image file for zynqmp products is increasing from 23.4M
to 26.9M. This is leaving less than 1M of free space in the vfat partition
meaning users may unknowingly exceed the 32M size by just adding Linux kernel
configs.
To avoid potential problems, this patch doubles the size of the vfat partition
to 64M, which should be plenty of space for any configuration.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Reviewed-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
This tool helps to update Linux stable releases.
The script uses the versions found in linux/linux.hash. For each of the
versions it downloads the related hash list and tries to find an updated
stable release. If found it updates all related files and hashes.
Signed-off-by: Gero Schwäricke <gero.schwaericke@grandcentrix.net>
[Arnout: commonalize the sed expression for linux and linux-headers]
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
Unbound is vulnerable to CVE-2025-5994: "Cache poisoning via the ECS-enabled
Rebirthday Attack" if built with --enable-subnet, which is not the case in
Buildroot, so mark it as not applicable.
https://nlnetlabs.nl/downloads/unbound/CVE-2025-5994.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This reverts commit fecc337d21,
re-adding optional support for pulseuadio in ffmpeg.
This is possible now that the circular dependency:
pulseaudio -> libsoxr -> ffmpeg -> pulseaudio
has been broken between libsoxr and ffmpeg.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Having support for ffmpeg in libsoxr causes several circular
dependencies:
- pulseaudio -> libsoxr -> ffmpeg -> pulseaudio
(This one was worked around in
fecc337d21 by dropping the ffmpeg ->
pulseaudio dependency, but it's annoying as being able to output
audio from ffmpeg into pulseaudio seems useful)
- libopenmpt -> pulseaudio -> libsoxr -> ffmpeg -> libopenmpt
(This is one exists, and is fixed by this commit)
To fix both circular dependencies, we propose to drop the dependency
of libsoxr on ffmpeg, which is used to get some optimized FFT
implementation. While not being useless, this is the point where
breaking the dependency seems the most logical.
Neither Debian nor Fedora build libsoxr with ffmpeg support.
In order to achieve that, we add a new patch making the option
WITH_AVFFT actually effective. Since we no longer build against
ffmpeg, the previously added patch that was fixing the pkg-config file
is no longer needed.
Fixes:
https://autobuild.buildroot.net/results/bbfce69f35cafd56245ebeae79086a8b64592a16/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
A missing include causes a build failure with GCC 15.x. There are no
known autobuilder failures for this issue, but the following defconfig
allows to reproduce the issue:
BR2_arm=y
BR2_cortex_a9=y
BR2_ARM_ENABLE_VFP=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_INIT_NONE=y
BR2_SYSTEM_BIN_SH_NONE=y
# BR2_PACKAGE_BUSYBOX is not set
BR2_PACKAGE_WEBRTC_AUDIO_PROCESSING=y
# BR2_TARGET_ROOTFS_TAR is not set
The affected code has completely changed in newer versions of
webrtc-audio-processing, so we add a non-upstream patch, which can be
dropped once we upgrade to a newer release.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This host package was only used as a build dependency of libsvgtiny,
which itself has been removed, so it can be dropped as well.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This package hasn't been updated in years. It has new releases, such
as 1.0.8 from December 2023, but nobody updated to it.
Doing the version bump is not straightforward, and the original
package submitter, Peter Korsgaard, is no longer using it. This
package also had no reverse dependency, and no maintainer in the
DEVELOPERS file.
Therefore, let's drop this package.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Peter: Add Config.in.legacy handling]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The new package_dir element contains the path of the package
directory. For Buildroot packages this is a path relative to the main
Buildroot directory, for packages from external trees an absolute
path.
Signed-off-by: Fiona Klute (WIWA) <fiona.klute@gmx.de>
Tested-by: Titouan Christophe <titouan.christophe@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Building the column store plugin (which gets automatically enabled
when Boost with a bunch of submodules is found) currently fails as it
requires a number of runtime checks that obviously cannot work when
cross-compiling.
OpenEmbedded has defined them as such:
-DLSTAT_FOLLOWS_SLASHED_SYMLINK_EXITCODE=0 \
-DSTAT_EMPTY_STRING_BUG_EXITCODE=0 \
-DMASK_LONGDOUBLE_EXITCODE=0 \
but it really isn't clear whether those values are completely correct
for all CPU architectures, especially the last one.
So instead, let's disable the column store plugin until someone
actually needs it and figures out how to set those variables properly.
The issue fixed by this commit can be reproduced using the following
defconfig:
BR2_aarch64=y
BR2_ARM_FPU_VFPV3D16=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_PACKAGE_MARIADB=y
BR2_PACKAGE_MARIADB_SERVER=y
BR2_PACKAGE_BOOST=y
BR2_PACKAGE_BOOST_DATE_TIME=y
BR2_PACKAGE_BOOST_FILESYSTEM=y
BR2_PACKAGE_BOOST_REGEX=y
BR2_PACKAGE_BOOST_THREAD=y
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The Config.in comment is between the main BR2_PACKAGE_MARIADB option
and its sub-options, causing the sub-options to not appear as nicely
indented in menuconfig.
Before:
[ ] mariadb
[ ] mariadb server
[ ] mariadb embedded server
After:
[ ] mariadb
[ ] mariadb server
[ ] mariadb embedded server
which is what we want.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Recently when trying to reproduce a build error with test-pkg on the toolchain
br-arm-basic, I had to create a new CSV file with that toolchain only to be
able to run the test in that single case.
I believe having a command-line option right away in test-pkg would make this
much easier, as I can now run: `./utils/test-pkg -T br-arm-basic -p redis`
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
In order to remove thttpd package from Buildroot, we have to replace it
from our testsuite (TestWget and TestLibCurl).
Busybox provide an httpd server applet but it's not enabled in our
default busybox configuration.
For the sake of those tests, add a new busybox option to build and
install the Busybox's httpd server and its init script.
Import S90thttpd from thttpd package to S90httpd but with some changes
following S01syslogd init script as a reference [1].
[1] https://gitlab.com/buildroot.org/buildroot/-/commit/3dc80614442cc3942a372a8c31abd22c1bc96241
Cc: Julien Olivain <ju.o@free.fr>
Cc: Fiona Klute (WIWA) <fiona.klute@gmx.de>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Reviewed-by: Fiona Klute <fiona.klute@gmx.de>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
Since Buildroot commit [1] dc0f7215c6 "package/gcc: switch to 13.x as
default", sipeed_licheepi_zero_defconfig fails when building the Linux
kernel with the error message:
drivers/ata/libahci.c: In function 'ahci_led_store':
./include/linux/compiler.h:350:45: error: call to '__compiletime_assert_1138' declared with attribute error: BUILD_BUG_ON failed: sizeof(_s) > sizeof(long)
350 | _compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
This issue is fixed by upstream Kernel commit [2].
This commit fixes this issue by updating the Linux Kernel from v5.3.5
(which is not a LTS series) to v6.12.43 (which is a LTS series
including the fixes). With this update,
BR2_LINUX_KERNEL_INTREE_DTS_NAME is updated accordingly to follow the
new DTS organization.
This commit also updates U-Boot from 2022.01 to 2025.07. This new
version now requires BR2_TARGET_UBOOT_NEEDS_GNUTLS=y.
While at it, this commit also switches to a stable glibc Bootlin
external toolchain, to follow the new guidelines from [3].
Finally, this commit adds BR2_DOWNLOAD_FORCE_CHECK_HASHES=y and the
corresponding hash files. The .checkpackageignore is also updated to
reflect that change.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/11026771001
[1] https://gitlab.com/buildroot.org/buildroot/-/commit/dc0f7215c604e845009e03784a221332867bf35a
[2] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f07788079f515ca4a681c5f595bdad19cfbd7b1d
[3] https://elinux.org/Buildroot:DeveloperDaysELCE2024#Rules_for_defconfigs
Cc: Michel Stempin <michel.stempin@wanadoo.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
- Display active Buildroot versions as a table, similarly to kernel.org
- Add latest release date for all version
- Add expected End of Life dates for all versions
- Add link to the changelog
This makes the section much more compact, which makes it easier for
users to compare the versions and know what to expect from them
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Acked-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The following dependency:
depends on !BR2_TOOLCHAIN_USES_UCLIBC || BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_1
was added by commit d63e207eb8, which
bumped python3 from 3.12.9 to 3.13.2.
The commit message doesn't state it, but this dependency was introduced
because uClibc without time64 support (i.e. with kernel headers < 5.1)
causes a runtime assertion in Python [1]:
OverflowError: timestamp too large to convert to C PyTime_t
The problem is that this dependency has not been propagated to reverse
dependencies, causing this kind of kconfig warnings:
WARNING: unmet direct dependencies detected for BR2_PACKAGE_PYTHON3
Depends on [n]: BR2_USE_WCHAR [=y] && BR2_USE_MMU [=y] && BR2_TOOLCHAIN_HAS_THREADS [=y] && !BR2_STATIC_LIBS [=n] && (!BR2_TOOLCHAIN_USES_UCLIBC [=y] || BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_1 [=n])
Selected by [y]:
- BR2_PACKAGE_AVOCADO [=y] && BR2_USE_WCHAR [=y] && BR2_USE_MMU [=y] && BR2_TOOLCHAIN_HAS_THREADS [=y] && !BR2_STATIC_LIBS [=n]
- BR2_PACKAGE_LIBSIGROKDECODE [=y] && BR2_USE_WCHAR [=y] && BR2_TOOLCHAIN_HAS_THREADS [=y] && BR2_USE_MMU [=y] && !BR2_STATIC_LIBS [=n]
- BR2_PACKAGE_OPKG_UTILS [=y] && BR2_PACKAGE_BUSYBOX [=y] && BR2_USE_MMU [=y] && BR2_USE_WCHAR [=y] && BR2_TOOLCHAIN_HAS_THREADS [=y] && !BR2_STATIC_LIBS [=n]
However, propagating this dependency to all reverse dependencies of
python3 would be pretty annoying, especially as the dependency is kind
of "clunky". A configuration with uClibc and kernel headers < 5.1 is
such a corner case that it does not merit such complexity.
A later commit will check for this corner case at build time (while
allowing it in the .config). For now, already drop the dependency in
Config.in.
Cc: Vincent Fazio <vfazio@xes-inc.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
[1] https://gitlab.com/buildroot.org/buildroot/-/issues/95#note_2348479811
Since glibc 2.28, <sys/sysmacros.h> is no longer implicitly included
by <sys/types.h>, which means major() is only defined if you include
<sys/sysmacros.h>.
This wasn't really visible for a while in loadable plugins built by
lirc-tools as they could happily be built with undefined
symbols... except they would fail to load at runtime.
But then GCC 14.x brought more strict checking of having the function
prototype around, which now detects this issue at build time.
So the actual issue has been around since we switched to glibc 2.28,
but it only started failing to build since gcc 14.x. The first failure
is on August 2024, so this patch should be backported to our stable
branches.
The fix is backport from an upstream commit, post 0.10.2.
Fixes:
https://autobuild.buildroot.net/results/2f64accd430d9467add3f1195f3f59eff8e99a4d/
Minimal reproducer:
BR2_arm=y
BR2_cortex_a9=y
BR2_ARM_ENABLE_VFP=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN_ARMV7_EABIHF_GLIBC_STABLE=y
BR2_INIT_NONE=y
BR2_SYSTEM_BIN_SH_NONE=y
# BR2_PACKAGE_BUSYBOX is not set
BR2_PACKAGE_LIRC_TOOLS=y
# BR2_TARGET_ROOTFS_TAR is not set
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, the manual doesn't mention the checkpackageignore file at
all, leaving the user under the assumption that running "make
check-package" and running utils/check-package directly on the package
they have touched would be equivalent, when the former evaluates the
checkpackageignore file while the latter does not. This could cause them
to forget to remove stale entries from that file.
Point out this difference in behavior.
Signed-off-by: Florian Larysch <fl@n621.de>
[Arnout: add that stale lines should be removed from
.checkpackageignore]
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
Since the bump of libftdi1 to version v1.5-48-g22b4667a8 in commit
d8173e084e, the libftdi1.pc file is
installed in $(STAGING_DIR)/pkgconfig/libftdi1.pc instead of
$(STAGING_DIR)/lib/pkgconfig/libftdi1.pc, making it "invisible" to
pkg-config. This is turn causes flashrom to not find libftdi1 and
failing to build when libftdi1 is needed.
This issue is cause by CMAKE_INSTALL_LIBDIR being empty in libftdi1's
CMakeLists.txt, which in turn is due to include(GNUInstallDirs) being
missing. This has been fixed upstream a few commits later, so rather
than backporting a patch, let's just update to the commit containing
the fix, 5e67403c4fb5536a2effe2e91181dd73a2cff91b. The list of changes
upstream is:
5e67403c4fb5536a2effe2e91181dd73a2cff91b cmake: fix building static lib on windows/msvc
2e714eec137f86ca1950457d8226d8cb9b71c495 msvc: quiet uninteresting warnings
d96dbea887373f26755e9873b4ab020f922b7c3b fix unit var warning if ftdi_read_eeprom_location returned error, data would not be initialized
d31e3d5697eacbe87cd310b5bce615f3d8426cc0 cmake: fix elseif statement
c2b7c25e1272222c1719daea5761093fbc9c3010 msvc: fix shadowed variable warning
c4962c38a1ab470fbdc835c231567bd582eb5a5a msvc: fix warnings by using all enum values in case statements
2a992306c0acf938b29fa0cd5fbc160e24424209 Add SHAREDLIBS option
18499a2fa496c20e5e35590bb89eb701fa9fdfea Ignore VSCode temp folder
7676fb59ecd9fac9e5ea39439905c923ee7ee8c9 python/CMakeLists.txt: rework policy CMP0078
cfaec73e0a5ad9d05d62f1f5c393ab1c59ba771b C++ wrapper: get rid of the Boost dependency
12a8de0daba0816227c7010fc1b84d0abf70a500 .editorconfig: fix insert_final_newline option
3d7293651483130af9e8c5fe685d28b226baa99b Ignore clangd specific files
72e0e1e40126a2a9498fb249ca26a727bd670139 examples/async.c: remove unused includes
bfcdea286df81660b980a3bc91902b5970ff6347 examples/async.c: fix sometimes-uninitialized warning
(Yes the commit containing the fix is titled "cmake: fix building
static lib on windows/msvc", but because it adds
include(GNUInstallDirs), it also fixes our problem).
Fixes:
https://autobuild.buildroot.net/results/3600a9b7f323b4610ac67feb7171c0e10b6383d7/
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
This defconfig no longer builds:
https://gitlab.com/buildroot.org/buildroot/-/jobs/11012272989
It has been broken for at least 2 months, and it has no maintainer in
the DEVELOPERS file. We're adding Bartosz Bilas who has been the last
person doing updates to this defconfig.
Unless some fixes are provided, this defconfig will be dropped from
Buildroot.
Cc: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
The old one lasted for 10 years, lately spam
levels reached a rather uncomfortable level ...
Signed-off-by: Andreas Ziegler <br015@umbiko.net>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This patch removes the xilinx_v2024.2 hashes since all xilinx defconfigs have
been bumped to xilinx_v2025.1.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
On both Buildroot 2025.02.x and master branch, php-lua build fails on
the following error:
lua.c:862:44: error: assignment to 'zend_object_write_property_t' {aka
'struct _zval_struct * (*)(struct _zend_object *, struct _zend_string *,
struct _zval_struct *, void **)'} from incompatible pointer type 'void
(*)(zval *, zval *, zval *, void **)' {aka 'void (*)(struct _zval_struct
*, struct _zval_struct *, struct _zval_struct *, void **)'}
[-Wincompatible-pointer-types]
862 | lua_object_handlers.write_property =
php_lua_write_property;
| ^
lua.c:863:44: error: assignment to 'zend_object_read_property_t' {aka
'struct _zval_struct * (*)(struct _zend_object *, struct _zend_string *,
int, void **, struct _zval_struct *)'} from incompatible pointer type
'zval * (*)(zval *, zval *, int, void **, zval *)' {aka 'struct
_zval_struct * (*)(struct _zval_struct *, struct _zval_struct *, int,
void **, struct _zval_struct *)'} [-Wincompatible-pointer-types]
863 | lua_object_handlers.read_property =
php_lua_read_property;
| ^
make[2]: *** [Makefile:214: lua.lo] Error 1
The error can be reproduced with the following minimal defconfig:
BR2_arm=y
BR2_cortex_a9=y
BR2_ARM_ENABLE_NEON=y
BR2_ARM_ENABLE_VFP=y
BR2_ARM_FPU_NEON=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_PACKAGE_LUA=y
BR2_PACKAGE_PHP=y
BR2_PACKAGE_PHP_LUA=y
This build failure is the result of two events/conditions:
- the update to PHP8 has changed the prototype for
zend_object_read_property_t (see [1]). But at this time, php-lua just
generated a new warning (-Wincompatible-pointer-types)
- using bootlin bleeding-edge toolchain brings in GCC14, which now turns
this warning into a systematic error (see [2])
This issue is still present on the upstream repository, but it has been
fixed on one of its forks. Bring the relevant patch from the fork to
allow building php-lua.
[1] https://github.com/php/php-src/commit/91ef4124e56
[2] https://gcc.gnu.org/gcc-14/porting_to.html#incompatible-pointer-types
Signed-off-by: Alexis Lothoré <alexis.lothore@bootlin.com>
[Romain: update Upstream link]
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Fix the following vulnerability:
- CVE-2025-46728
cpp-httplib is a C++ header-only HTTP/HTTPS server and client library.
Prior to version 0.20.1, the library fails to enforce configured size
limits on incoming request bodies when `Transfer-Encoding: chunked` is
used or when no `Content-Length` header is provided. A remote attacker
can send a chunked request without the terminating zero-length chunk,
causing uncontrolled memory allocation on the server. This leads to
potential exhaustion of system memory and results in a server crash or
unresponsiveness. Version 0.20.1 fixes the issue by enforcing limits
during parsing. If the limit is exceeded at any point during reading,
the connection is terminated immediately. A short-term workaround
through a Reverse Proxy is available. If updating the library
immediately is not feasible, deploy a reverse proxy (e.g., Nginx,
HAProxy) in front of the `cpp-httplib` application. Configure the
proxy to enforce maximum request body size limits, thereby stopping
excessively large requests before they reach the vulnerable library
code.
For more information, see:
- https://www.cve.org/CVERecord?id=CVE-2025-46728
- https://github.com/yhirose/cpp-httplib/commit/7b752106ac42bd5b907793950d9125a0972c8e8e
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
(cherry picked from commit aea7c89396)
Signed-off-by: Julien Olivain <ju.o@free.fr>
This reverts commit 559bb33ae7, which
was disabling BR2_BACKUP_SITE in our tests with the following
reasoning:
support/testing: do not use s.b.o
Currently, the runtime tests will use the sources.buildroot.org backup
mirror, which is the default setup.
However, in some cases we do not want to use the backup site, because we
want to ensure that the download actually works.
This is the case for vendored packages, like cargo or golang packages,
for whbich we want to check that gthe download still works when we
update the rust or go versions, or when our download helpers change.
So, disable the use of the backup site in all runtime tests, and drop
the no-longer needed special cases.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
However, not using the backup site is causing a LOT of random failures
in Gitlab CI, making the results barely usable. Since it's more
important to get real failures than random ones due to download
issues, let's re-enable BR2_BACKUP_SITE in our testing infrastructure.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
The 6.15.x series is now EOL upstream, so drop the linux-headers
option and add legacy handling for it.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Since upstream commit 312efb2acba7dba80b6652ccf98339dcbbd47695, the
JPEG loading code is using jpeg_read_icc_profile(), which is only
available when the jpeg-turbo implementation is used, not the classic
libjpeg. When classic jpeg is used, the build fails with:
../shared/image-loader.c:163:14: error: implicit declaration of function 'jpeg_read_icc_profile' [-Wimplicit-function-declaration]
163 | if (!jpeg_read_icc_profile(cinfo, &profdata, &proflen)) {
This commit first appeared in development version 13.0.91 and stable
version 14.0.0, which means the problem exists in Buildroot since
commit 430b80cfc1, when weston was
bumped from 13.0.3 to 14.0.0.
So let's enable the JPEG logic only when jpeg-turbo is used.
Fixes:
https://autobuild.buildroot.org/results/353e39902616bdbce40ac667e98cbaf51079f69e/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Since upstream commit 66e1614122c22d455cc3a28db08b3afac2b7be29, which
first appeared in version 1.11.0, back in 2016, jpeg is no longer a
mandatory dependency. And in fact, Buildroot no longer has it
unconditionally in WESTON_DEPENDENCIES since commit
f67a6e9b7a, but BR2_PACKAGE_WESTON is
still selecting in.
A build without libjpeg works just fine, so let's drop this select.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
When BR2_BINUTILS_GPROFNG=y, the build currently fails with GCC 15.x,
of course on architectures for which gprofng is actually
available. This issue only exists in binutils 2.42 and 2.43.1, as
binutils 2.44 has the necessary fixes.
Therefore, this commit backports the relevant commits from binutils
2.44 to 2.43.1 and 2.42.
Fixes:
https://autobuild.buildroot.net/results/7cf52019f87625c73ef3c4ca0b6270e20a4ab768/ (binutils 2.42)
https://autobuild.buildroot.net/results/478e24af1a03dea5ec64b77ca611b4f7225c9d39/ (binutils 2.43.1)
The following defconfig, built under a Fedora 42 Docker container
allows to reproduce the issue:
BR2_x86_nehalem=y
BR2_BINUTILS_VERSION_2_42_X=y
BR2_BINUTILS_GPROFNG=y
BR2_INIT_NONE=y
BR2_SYSTEM_BIN_SH_NONE=y
# BR2_PACKAGE_BUSYBOX is not set
# BR2_TARGET_ROOTFS_TAR is not set
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
The binutils-gdb code base in Git does have a copy of readline that is
used by gdb.
The release tarballs of binutils do NOT contain readline as it's not
needed for binutils itself (only gdb).
However, when we build the ARC binutils, taken from Git, the readline/
folder is present, and therefore readline is built even if it is not
actually needed.
This causes build failures as the copy of readline in ARC binutils
2024.12 (based on binutils 2.43) does not build with GCC 15.x.
To work around this problem, we use a suggestion from Waldemar
Brodkorb: pass --with-system-readline. Indeed, this disables the build
of readline... but it does not actually check that we have a system
readline, since we're not building gdb.
Fixes:
https://autobuild.buildroot.net/results/976243181f7000fe2790b3450bdae51e8c12769e/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Some packages such as SDL2 do this:
WAYLAND_SCANNER=`$PKG_CONFIG --variable=wayland_scanner wayland-scanner`
to find the path to the wayland-scanner tool.
Of course, since SDL2 is compiled for the target, it does that using
the pkg-config configured for cross-compilation, which looks at
$(STAGING_DIR)/usr/lib/pkgconfig/wayland-scanner.pc.
Since it looks at the variable wayland_scanner, which doesn't get
prefixed by PKG_CONFIG_SYSROOT_DIR, the SDL2 configure script is told
that wayland-scanner is in /usr/bin/wayland-scanner causing this kind
of build failure:
/bin/bash: line 1: /usr/bin/wayland-scanner: No such file or directory
/bin/bash: line 1: /usr/bin/wayland-scanner: No such file or directory
when building SDL2.
The target wayland package depends on host-wayland, which most notably
is responsible for installing wayland-scanner in $(HOST_DIR)/bin.
So in order to fix the SDL2 build issue but in a global way (possibly
helping other packages), what this patch does is tweak the
wayland-scanner.pc installed by the target wayland so that its
wayland_scanner variable points to the host wayland-scanner
executable. We find this a better solution than passing a
WAYLAND_SCANNER variable to each and every package that needs
wayland-scanner.
The issue is not visible in the autobuilders, but can be reproduced
using the following defconfig:
BR2_arm=y
BR2_cortex_a9=y
BR2_ARM_ENABLE_VFP=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_INIT_NONE=y
BR2_SYSTEM_BIN_SH_NONE=y
# BR2_PACKAGE_BUSYBOX is not set
BR2_PACKAGE_SDL2=y
BR2_PACKAGE_SDL2_WAYLAND=y
BR2_PACKAGE_SDL2_OPENGLES=y
BR2_PACKAGE_RPI_USERLAND=y
BR2_PACKAGE_WAYLAND=y
# BR2_TARGET_ROOTFS_TAR is not set
Note: Make sure that wayland-scanner is not be installed on the build
host to reproduce the issue.
The issue probably exists since WAYLAND_SCANNER was retrieved using
pkg-config in SDL2's configure.ac script, in upstream commit
19d3500ae19636f3f410e270f12e0bc5e83410d4, which got first introduced
in release-2.0.5 of SDL2.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Romain: add a comment about wayland-scanner to reproduce the issue]
Signed-off-by: Romain Naour <romain.naour@smile.fr>
The following defconfig:
BR2_arm=y
BR2_cortex_a9=y
BR2_ARM_ENABLE_VFP=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_INIT_NONE=y
BR2_SYSTEM_BIN_SH_NONE=y
# BR2_PACKAGE_BUSYBOX is not set
BR2_PACKAGE_RPI_USERLAND=y
# BR2_TARGET_ROOTFS_TAR is not set
will fail to build due to two issues in various part of rpi-userland
making GCC 15.x unhappy.
Patch 0008-Fix-conflicting-types-build-error.patch is taken from a
pull request already submitted by a contributor to the upstream
project.
Patch 0009-Fix-raspicommonsettings_parse_cmdline.patch is backported
from upstream, and can be dropped next time we bump rpi-userland.
Note that there are no autobuilder failures for this issue.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
When Python 3 is built with -O2 or -O3 on SuperH, the build fails
with:
Objects/obmalloc.c:503:1: error: unable to find a register to spill in class ‘R0_REGS’
503 | }
| ^
Objects/obmalloc.c:503:1: error: this is the insn:
(insn 18 243 23 2 (parallel [
(set (subreg:SI (reg:QI 176) 0)
(unspec_volatile:SI [
(mem/v:QI (reg:SI 4 r4 [175]) [-1 S1 A32])
(reg:QI 7 r7 [178])
(reg:QI 6 r6 [180])
] UNSPECV_CMPXCHG_1))
(set (mem/v:QI (reg:SI 4 r4 [175]) [-1 S1 A32])
(unspec_volatile:QI [
(const_int 0 [0])
] UNSPECV_CMPXCHG_2))
(set (reg:SI 147 t)
(unspec_volatile:SI [
(const_int 0 [0])
] UNSPECV_CMPXCHG_3))
(clobber (scratch:SI))
(clobber (reg:SI 0 r0))
(clobber (reg:SI 1 r1))
]) "./Include/cpython/pyatomic_gcc.h":105:10 407 {atomic_compare_and_swapqi_soft_gusa}
(expr_list:REG_DEAD (reg:QI 6 r6 [180])
(expr_list:REG_DEAD (reg:QI 7 r7 [178])
(expr_list:REG_UNUSED (reg:QI 176)
(expr_list:REG_UNUSED (reg:SI 1 r1)
(expr_list:REG_UNUSED (reg:SI 0 r0)
(nil)))))))
Objects/obmalloc.c:503: confused by earlier errors, bailing out
THe bug has been reported upstream, but until it gets fixed, let's
work it around by using -O1 instead. Note that
BR2_TOOLCHAIN_HAS_GCC_BUG_121567 is only set when -O2 or -O3 is
configured, so there's no need to check again.
Fixes:
https://autobuild.buildroot.net/results/cac123ee9f3a6df6263b69dce3ac0d535518ec3f/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This will be needed to work around a GCC bug affecting python3. The
bug is reported at
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=121567.
This bug affects GCC at least since 6.x, but we couldn't test earlier
versions, so we simply assume all GCC versions are affected. Even GCC
15.x is still affected, as reported to upstream GCC.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This is a minor version bump.
Release notes of 3.13.6:
https://www.python.org/downloads/release/python-3136/
"3.13.6 is the sixth maintenance release of 3.13, containing around
200 bugfixes, build improvements and documentation changes since
3.13.5.
Release notes of 3.13.7:
https://www.python.org/downloads/release/python-3137/
"3.13.7 is an expedited release to fix a significant issue with the
3.13.6 release:
gh-137583: Regression in ssl module between 3.13.5 and 3.13.6: reading
from a TLS-encrypted connection blocks"
Patches are just refreshed, except patch
0009-3.13-gh-130577-tarfile-now-validates-archives-to-ens.patch which
is dropped as it is upstream as of commit
cdae923ffe187d6ef916c0f665a31249619193fe. The corresponding
_IGNORE_CVES entry is also removed.
Passes our basic Python 3 tests:
https://gitlab.com/tpetazzoni/buildroot/-/pipelines/1990154299
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Julien: remove _IGNORE_CVES for removed patch #0009]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Since commit-2882cf4ae649 ("package/wpewebkit: security bump to version
2.48.3") wpewebkit depends on cmake 3.20.
Fixes build on current Debian LTS (bullseye) which has only 3.18.4.
>>> wpewebkit 2.48.3 Configuring
...
CMake Error at CMakeLists.txt:9 (cmake_minimum_required):
CMake 3.20 or higher is required. You are running version 3.18.4
-- Configuring incomplete, errors occurred!
make: *** [package/pkg-generic.mk:263: /../buildroot/output/build/wpewebkit-2.48.3/.stamp_configured] Error 1
Fixes: 2882cf4ae6
Signed-off-by: Henri Roosen <henri.roosen@ginzinger.com>
Acked-By: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
When building:
BR2_arm=y
BR2_cortex_a9=y
BR2_ARM_ENABLE_VFP=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_INIT_NONE=y
BR2_SYSTEM_BIN_SH_NONE=y
# BR2_PACKAGE_BUSYBOX is not set
BR2_PACKAGE_SDL=y
BR2_PACKAGE_SDL_X11=y
BR2_PACKAGE_XORG7=y
# BR2_TARGET_ROOTFS_TAR is not set
the build fails with:
./src/video/Xext/Xv/Xv.c:78:5: error: initialization of ‘int (*)(Display *, XEvent *, xEvent *)’ {aka ‘int (*)(Display *, XEvent *, struct _xEvent *)’} from incompatible pointer type ‘int (*)(void)’ [-Wincompatible-pointer-types]
and a number of similar errors in the X.org code.
We fix this by backporting an upstream commit.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
- Replace patch 0001 by a properly Git-formatted patch, cherry-picked
from the upstream Git repository at
https://github.com/libsdl-org/SDL-1.2
- Add Upstream: tags on both patches, with the upstream Git
commit. Updated .checkpackageignore accordingly.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
The each_cpe() method is careful that some CVEs have no
"configurations", but some CVEs such as
https://nvd.nist.gov/vuln/detail/CVE-2025-32915 apparently have a
"configurations" node, but no "nodes" inside the "configurations",
causing an exception:
Traceback (most recent call last):
File "/home/buildroot/buildroot-stats/./support/scripts/pkg-stats", line 1382, in <module>
__main__()
File "/home/buildroot/buildroot-stats/./support/scripts/pkg-stats", line 1371, in __main__
check_package_cves(args.nvd_path, packages)
File "/home/buildroot/buildroot-stats/./support/scripts/pkg-stats", line 679, in check_package_cves
check_package_cve_affects(cve, cpe_product_pkgs)
File "/home/buildroot/buildroot-stats/./support/scripts/pkg-stats", line 638, in check_package_cve_affects
for product in cve.affected_products:
^^^^^^^^^^^^^^^^^^^^^
File "/home/buildroot/buildroot-stats/support/scripts/cve.py", line 185, in affected_products
return set(cpe_product(p['id']) for p in self.each_cpe())
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/buildroot/buildroot-stats/support/scripts/cve.py", line 185, in <genexpr>
return set(cpe_product(p['id']) for p in self.each_cpe())
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/buildroot/buildroot-stats/support/scripts/cve.py", line 173, in each_cpe
for node in nodes['nodes']:
~~~~~^^^^^^^^^
KeyError: 'nodes'
Fixes:
54f8d97c91 ("support/scripts/pkg-stats: adapt to NVD v2 json format")
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Romain:
- add reference to buildroot commit introducing the issue
- a similar patch was sent by Daniel Lang (thanks!)
- needed on master to fix "Daily results" email]
(cherry picked from commit 67422b9d9c)
Signed-off-by: Romain Naour <romain.naour@smile.fr>
The AC_HEADER_STDBOOL macro used in configure.ac is expanded in the
shipped ./configure by a fairly old version, which misdetects our
<stdbool.h> as being not usable. Consequently, the code defines its
own bool type, with true/false, clashing with GCC 15.x.
Doing a pass of autoreconf addresses the problem.
The autoreconf needs pkg.m4, which comes from host-pkgconf, added as a
dependency.
Note that host-pkgconf was already a dependency for one of the
optional dependencies of p11-kit, and we're keeping it there even
though host-pkgconf is now also an unconditional dependency as we
expect this unconditional host-pkgconf dependency to be removed when
we drop autoreconf.
Fixes:
https://autobuild.buildroot.net/results/760df1a8c21afa893ade5181ce797e14c1f6bdce/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Add simple patch, submitted upstream, to fix the build with GCC 15.x:
userloc_formatter.c: In function 'userloc_format':
userloc_formatter.c:30:5: error: implicit declaration of function 'sd_debug' [-Wimplicit-function-declaration]
30 | sd_debug("Formatter s13_userloc checking location info for userdata %X",a_event->evt_loc->loc_data);
| ^~~~~~~~
make[4]: *** [Makefile:519: userloc_formatter.lo] Error 1
Fixes:
https://autobuild.buildroot.org/results/dab64025e6a1688d5fadc2b9bd3738a2c886aa9c/
Considering the level of upstream maintenance, we did hesitate with
dropping the package, but as the fix was quite simple, we did the fix
instead.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The source code contains a number of variables named 'bool', which conflicts
with the C23 keyword. This is fixed upstream in 1.3.9 with
https://github.com/proftpd/proftpd/commit/61be7eb14f200b97804a3cfa85fed51661067c62
but that unfortunately does not cleanly backport to 1.3.8, so instead use
-std=gnu18 when building with GCC >= 15 to fix the following issues:
table.c:1280:31: error: ‘bool’ cannot be used here
1280 | int table_handling_signal(int bool) {
| ^~~~
table.c:1280:31: note: ‘bool’ is a keyword with ‘-std=c23’ onwards
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bugfix release, fixing the following issues:
1.3.8d - Released 14-Mar-2025
--------------------------------
- Issue 1855 - Use of HideNoAccess for SFTP sessions can lead to segfault
and/or unexpected behavior.
- Issue 1876 - SFTP channel allocations can lead to high memory utilization
over time.
1.3.8c - Released 11-Dec-2024
--------------------------------
- Issue 1770 - Using FTPS after upgrading from 1.3.8a to 1.3.8b leads to crash.
- Issue 1785 - Bad handling of lack of extended attributes leads to SFTP out of
memory error.
- Issue 1529 - mod_sftp_sql logs "header value too long" due to unexpected key
header text.
- Issue 1839 - SSH ECDSA host key algorithms not be used as expected despite
configuring appropriate key.
- Issue 1840 - RADIUS Message-Authenticator verification failed with ProFTPD
mod_radius.
- Issue 1830 - Supplemental group inheritance grants unintended access to
GID 0 due to lack of supplemental groups from mod_sql.
https://github.com/proftpd/proftpd/blob/1.3.8/NEWS
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes https://autobuild.buildroot.org/results/dbf55d0fd8d779f408e7ccca4c2a9083e7a11f6a/
GCC-15 has gained a new warning about non-NUL terminated strings and
dump1090 is built with -Werror leading to build errors like:
interactive.c:143:23: error: initializer-string for array of 'char' truncates
NUL terminator but destination lacks 'nonstring' attribute (5 chars into 4
available) [-Werror=unterminated-string-initialization]
143 | char spinner[4] = "|/-\\";
Add a patch from an upstream pull request to fix this by zero terminating
the strings.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
imx6ull is compatible with VFPV4. Update it from VFPV3
Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Ever since upstream commit 01dd6da ("Rework the entire API"), first
introduced as part of release v3.0.0, openssl is a hard requirement for
building libjwt. As such, "-DWITH_OPENSSL=ON" also has become a no-op.
In Buildroot, this has been masked somewhat by the implicit select when
gnutls is disabled, but a failure can be reproduced using test-pkg with
a config like:
BR2_PACKAGE_GNUTLS=y
BR2_PACKAGE_LIBJWT=y
Fix this by requiring openssl. Furthermore, building against libressl
does not work because libjwt requires API surface that is not present
there[1], so we need to force libopenssl.
[1] https://autobuild.buildroot.org/results/463/4638a7d46c149ca0f46d3fe5f5f90dc5ee9d1e03
Signed-off-by: Florian Larysch <fl@n621.de>
[Peter: drop gnutls logic support for simplicity]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch brings the entire stack of Debian patches on grub2 titled
"cve-2025-jan" and available at:
https://salsa.debian.org/grub-team/grub/-/tree/debian/2.12-9/debian/patches/cve-2025-jan?ref_type=tags
As of this exact Debian grub2 version 2.12-9. Some minor conflicts had
to be fixed. All patches are in upstream Grub master, but mixed with
hundreds of other changes, which is why Debian's effort to backport
them has been leveraged here.
In addition to those patches, 2 extra patches are added:
0073-net-drivers-ieee1275-ofnet-Add-missing-grub_malloc.patch
0074-Constant-time-grub_crypto_memcmp.patch
The first one fixes an issue in one of the earlier patches. The fix is
not in Debian, but is in upstream Grub.
The second one fixes another CVE, not fixed in Debian, but fixed in
OpenSUSE. This fix is not upstream as upstream has decided to move to
libgcrypt instead to avoid the problem, but that's a fairly large
change.
Overall, this patch fixes all CVEs currently reported by pkg-stats
against our grub2 package, namely:
CVE-2024-45777
CVE-2024-45778
CVE-2024-45779
CVE-2024-45780
CVE-2024-45782
CVE-2024-56737
CVE-2024-56738
CVE-2025-0678
CVE-2025-0684
CVE-2025-0685
CVE-2025-0686
CVE-2025-0689
CVE-2025-1125
With the previous fixes on runtime tests added (to use glibc
toolchains to build grub2 tests), this commit successfully passes all
tests:
- The ISO9660 tests that use grub2:
https://gitlab.com/tpetazzoni/buildroot/-/pipelines/1985234563
- The grub2 tests:
https://gitlab.com/tpetazzoni/buildroot/-/pipelines/1985234685
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Julien: also tested by building and booting
- qemu_aarch64_sbsa_defconfig
- qemu_arm_ebbr_defconfig
- qemu_loongarch64_virt_efi_defconfig
- qemu_riscv64_virt_efi_defconfig
- pc_x86_64_bios_defconfig
- pc_x86_64_efi_defconfig
]
Tested-by: Julien Olivain <ju.o@free.fr>
[Julien:
- fix patch #72 upstream link to point to the initial patch
sumbission rather than a reply
- merge two _IGNORE_CVES blocks for patch #50 into a single one
- order _IGNORE_CVES blocks by numerical patch order
- order numerically the CVE list in commit log
- add a "Fixes:" tag in patch #74 since its commit log does not
mention the CVE.
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Suniel's e-mail address at Amarula Solutions is bouncing, so let's
drop this stale entry:
<sunil@amarulasolutions.com>: host aspmx.l.google.com[142.250.27.26] said:
550-5.1.1 The email account that you tried to reach does not exist. Please
try 550-5.1.1 double-checking the recipient's email address for typos or
550-5.1.1 unnecessary spaces. For more information, go to 550 5.1.1
https://support.google.com/mail/?p=NoSuchUser
a640c23a62f3a-afcdce6d5e1si493680166b.9 - gsmtp (in reply to RCPT TO
command)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The original commit (aaa2b660a9 ("setserial: convert to autotargets
and fix manpages install") wasn't entirely clear why we went for a
removal of a patch from the tarball we get from Debian.
It is assumed the original patch mainly only wanted to remove the strip
and make sure the directories are created before files are installed in
there. But doing only that made my build fail because the linker doesn't
find @CXXFLAGS@. After undoing the addition of this variable (and its
use) from 01_makefile.patch it now compiles just fine.
Therefore, instead of removing the patch from the tarball we get from
Debian, simply update the patch we carry in the tree to remove what's
necessary and simplify the patching logic.
This could also help identify notable differences between the
01_makefile.patch from two different versions whenever we upgrade.
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Debian has a newer setserial which compiles on newer toolchains, so
let's update to it.
Noteworthy is the change from a big diff to a tarball containing the
whole debian directory. The series file which contains all patches to
apply is named properly so no need to rename 00list anymore. The patches
file extension is now .patch instead of .dpatch.
This fixes the build with BR2_TOOLCHAIN_EXTERNAL_ARM_AARCH64 external
toolchain (14.2.rel1).
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Newer toolchains silently fail during configure step. After some
investigation, it is because -Wimplicit-int is returned for one of the
simplest test from the in-package configure file and thus fail the
configure step early, when checking if the compiler can produce an
executable.
Let's fix this by simply regenerating the configure file, similarly to
what Debian is doing, c.f. debian/rules.
Fixes:
https://autobuild.buildroot.net/results/ff7a9c3c42f11a2ab71fb04ff0f6d593ac9ee327/
(but there are more build failures later, fixed in a follow-up commit)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since 64ac719952 ("apply-patches.sh: add recursivity when scanning
patchdir"), patches with the .dpatch file extension are simply ignored.
Unfortunately, setserial package stopped applying the patches after that
commit.
Sadly, 0002-tiocghayesesp-build-fix.patch is breaking the patch context
for patch 18 in the debian diff because we are currently applying
patches from within Buildroot tree before applying the ones we download
from Debian. Instead of doing some hacks, let's apply Debian patches
before Buildroot's. However, this requires a few changes. First, we need
to migrate away from the SETSERIAL_PATCH mechanism because currently
_PRE_PATCH_HOOKS runs before this is applied and _POST_PATCH_HOOKS runs
after the Buildroot patches are applied.
Instead, let's use an _EXTRA_DOWNLOADS we manually extract à-la
package/android-tools/android-tools.mk. Then in the _PRE_PATCH_HOOKS, we
apply the big diff the _EXTRA_DOWNLOADS contains so that the patches
from within can be applied afterwards.
Because the big diff still contains only patches with the *.dpatch
extensions that are not supported anymore, we need to either rename all
patches or use the 00list file that lists all patches in the order they
need to be applied. Fortunately, Buildroot already supports applying
patches with `patch` regardless of their extension if they are within
such a file. Unfortunately, it needs to be called "series", hence the
renaming.
Because patch 18 from the big diff is now applied before
0002-tiocghayesesp-build-fix.patch from Buildroot tree, the latter will
fail if left unmodified, so this commit also rebases it.
Finally, we keep the removal of 01_makefile.dpatch for now even though
it only exists because it generates a conflict with
0001-build-system-fix.patch from Buildroot tree. It'll be rebased in a
later commit though.
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
For the first, unconditional assignment, there is no reason to use
append-assignment; it can even be misleading.
Fixes: b367ca32e5
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch force the usage of `-std=gnu18` for GCC15 toolchains to fix
the following issues:
- The boolean issue with C23
```
In file included from ../../src/i_sound.h:38,
from i_sound.c:58:
../../src/doomtype.h:48:15: error: cannot use keyword ‘false’ as enumeration constant
48 | typedef enum {false, true} boolean;
| ^~~~~
../../src/doomtype.h:48:15: note: ‘false’ is a keyword with ‘-std=c23’ onwards
```
- The usage of `usleep` & `struct timezone` require usage of GNU
extensions.
```
i_system.c:58:3: error: implicit declaration of function ‘usleep’; did you mean ‘sleep’? [-Wimplicit-function-declaration]
58 | usleep(usecs);
| ^~~~~~
| sleep
i_system.c: In function ‘I_GetTime_RealTime’:
i_system.c:78:19: error: storage size of ‘tz’ isn’t known
78 | struct timezone tz;
| ^~
i_system.c: In function ‘I_GetRandomTimeSeed’:
i_system.c:105:19: error: storage size of ‘tz’ isn’t known
105 | struct timezone tz;
| ^~
```
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When using gcc-14 the compilation fails with the following error
message:
```
close.c: In function 'EIBClose':
close.c:38:3: error: implicit declaration of function 'close'; did you mean 'pclose'? [-Wimplicit-function-declaration]
38 | close (con->fd);
| ^~~~~
| pclose
openlocal.c: In function 'EIBSocketLocal':
openlocal.c:57:7: error: implicit declaration of function 'close'; did you mean 'pclose'? [-Wimplicit-function-declaration]
57 | close (con->fd);
| ^~~~~
| pclose
make[6]: *** [Makefile:611: close.lo] Error 1
```
This patch include <unistd.h> to include the declaration of close.
Fixes: https://autobuild.buildroot.org/results/483/483fc4584815507c3798eb972e22e51f70f52c23/build-end.log
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Unlike glibc and uClibc, musl doesn't play tricks with transparent
unions for the second argument to bind() to accept the various sockaddr
variants, but rather just defines it as "struct sockaddr*". As GCC 14 no
longer allows arbitrary implicit pointer casts, this results in a build
error. Import the upstream patch that adds the cast.
Fixes: https://autobuild.buildroot.org/results/00b/00b42a35a80c2deb61f2cd40aedd231597bbb290
Signed-off-by: Florian Larysch <fl@n621.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
List of commits between 1.2.7..1.2.8:
f979f1b8fa202cd0d6c352de0f2b64361ce5ea33 (HEAD -> master, tag: rpcbind-1_2_8, origin/master, origin/HEAD) Release: 1.2.8
a9ecbb81940b23a4bb9814e126c1c1ae1db93b69 (tag: rpcbind-1_2_8-rc3) rpcinfo: Removed a number of "old-style function definition" warnings
8cc10d038c361f296b0a8e068c173acc33568997 rpcbind: Add -v flag to print version and config
8ef2e504df6e5ec3321c0804a8c6684d781e7a84 man/rpcbind: Update list of options
74da58dde5b1a1a7e54df1fb16315845195a69c0 (tag: rpcbind-1_2_8-rc2) Comment out ListenStream=@/run/rpcbind.sock
b78689b8f1df42eb593dc3412698aa1b8aaa3532 [nfs/nfs-utils/rpcbind] rpcbind: avoid dereferencing NULL from realloc()
fd1d5387de8078530d51eccf876afe6e6182b975 (tag: rpcbind-1_2_8-rc1) Move rpbind's default configuration to /run verses /var/run
7a6b1c58eee2e5fa74e3e4045c4950fbb4f8af0a Move rpcbind.lock to /run
be63348bd3dd9e69e151ff83f08f09e1a9df82bf systemd/rpcbind.service.in: Want/After systemd-tmpfiles-setup
626fd801a13cecd8eb79ac6e979c248d7214aad4 systemd/rpcbind.service.in: Add various hardenings options
511fc4f4bc5ca7b7c8dac877d590d0634e570e6d man/rpcbind: Add Files section to manpage
31157ba6e60b0a8c4989010df8b1cf2aa673a86c systemd/rpcbind.service.in: Add few default EnvironmentFile
So really not much.
While we're at it, let's add a sha1 hash provided directly by
Sourceforge, in addition to the locally calculated sha256.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
For more details on the version bump, see:
- https://sourceware.org/git/?p=elfutils.git;a=blob;f=NEWS;h=47bf2c6a3b1f49c7adc1d0389de375290461a44c
Fixes the following security issues:
- CVE-2025-1352
A vulnerability has been found in GNU elfutils 0.192 and classified as
critical. This vulnerability affects the function __libdw_thread_tail
in the library libdw_alloc.c of the component eu-readelf. The
manipulation of the argument w leads to memory corruption. The attack
can be initiated remotely. The complexity of an attack is rather high.
The exploitation appears to be difficult. The exploit has been
disclosed to the public and may be used. The name of the patch is
2636426a091bd6c6f7f02e49ab20d4cdc6bfc753. It is recommended to apply a
patch to fix this issue.
For more information, see:
- https://www.cve.org/CVERecord?id=CVE-2025-1352
- https://sourceware.org/git/?p=elfutils.git;a=commitdiff;h=2636426a091bd6c6f7f02e49ab20d4cdc6bfc753
- CVE-2025-1365
A vulnerability, which was classified as critical, was found in GNU
elfutils 0.192. This affects the function process_symtab of the file
readelf.c of the component eu-readelf. The manipulation of the
argument D/a leads to buffer overflow. Local access is required to
approach this attack. The exploit has been disclosed to the public and
may be used. The identifier of the patch is
5e5c0394d82c53e97750fe7b18023e6f84157b81. It is recommended to apply a
patch to fix this issue.
For more information, see:
- https://www.cve.org/CVERecord?id=CVE-2025-1365
- https://sourceware.org/git/?p=elfutils.git;a=commitdiff;h=5e5c0394d82c53e97750fe7b18023e6f84157b81
- CVE-2025-1371
A vulnerability has been found in GNU elfutils 0.192 and classified as
problematic. This vulnerability affects the function
handle_dynamic_symtab of the file readelf.c of the component eu-read.
The manipulation leads to null pointer dereference. Attacking locally
is a requirement. The exploit has been disclosed to the public and may
be used. The patch is identified as
b38e562a4c907e08171c76b8b2def8464d5a104a. It is recommended to apply a
patch to fix this issue.
For more information, see:
- https://www.cve.org/CVERecord?id=CVE-2025-1371
- https://sourceware.org/git/?p=elfutils.git;a=commitdiff;h=b38e562a4c907e08171c76b8b2def8464d5a104a
- CVE-2025-1372
A vulnerability was found in GNU elfutils 0.192. It has been declared
as critical. Affected by this vulnerability is the function
dump_data_section/print_string_section of the file readelf.c of the
component eu-readelf. The manipulation of the argument z/x leads to
buffer overflow. An attack has to be approached locally. The exploit
has been disclosed to the public and may be used. The identifier of
the patch is 73db9d2021cab9e23fd734b0a76a612d52a6f1db. It is
recommended to apply a patch to fix this issue.
For more information, see:
- https://www.cve.org/CVERecord?id=CVE-2025-1372
- https://sourceware.org/git/?p=elfutils.git;a=commitdiff;h=73db9d2021cab9e23fd734b0a76a612d52a6f1db
- CVE-2025-1376
A vulnerability classified as problematic was found in GNU elfutils
0.192. This vulnerability affects the function elf_strptr in the
library /libelf/elf_strptr.c of the component eu-strip. The
manipulation leads to denial of service. It is possible to launch the
attack on the local host. The complexity of an attack is rather high.
The exploitation appears to be difficult. The exploit has been
disclosed to the public and may be used. The name of the patch is
b16f441cca0a4841050e3215a9f120a6d8aea918. It is recommended to apply a
patch to fix this issue.
For more information, see:
- https://www.cve.org/CVERecord?id=CVE-2025-1376
- https://sourceware.org/git/?p=elfutils.git;a=commitdiff;h=b16f441cca0a4841050e3215a9f120a6d8aea918
- CVE-2025-1377
A vulnerability, which was classified as problematic, has been found
in GNU elfutils 0.192. This issue affects the function
gelf_getsymshndx of the file strip.c of the component eu-strip. The
manipulation leads to denial of service. The attack needs to be
approached locally. The exploit has been disclosed to the public and
may be used. The identifier of the patch is
fbf1df9ca286de3323ae541973b08449f8d03aba. It is recommended to apply a
patch to fix this issue.
For more information, see:
- https://www.cve.org/CVERecord?id=CVE-2025-1377
- https://sourceware.org/git/?p=elfutils.git;a=commitdiff;h=fbf1df9ca286de3323ae541973b08449f8d03aba
Patch 0003 is now part of this release.
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Since commit b536caaec0 ("package/python-cython: bump to version
3.1.2"), python-numpy fails to build:
Error compiling Cython file:
------------------------------------------------------------
...
np.issubdtype(cov.dtype, np.complexfloating)):
raise TypeError("mean and cov must not be complex")
if size is None:
shape = []
elif isinstance(size, (int, long, np.integer)):
^
------------------------------------------------------------
numpy/random/_generator.pyx:3760:36: undeclared name not builtin: long
Backport upstream patch to fix that build failure.
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This fixes the following vulnerabilities:
- CVE-2023-2794:
A flaw was found in ofono, an Open Source Telephony on Linux. A stack
overflow bug is triggered within the decode_deliver() function during
the SMS decoding. It is assumed that the attack scenario is accessible
from a compromised modem, a malicious base station, or just SMS. There
is a bound check for this memcpy length in decode_submit(), but it was
forgotten in decode_deliver().
https://www.cve.org/CVERecord?id=CVE-2023-2794
- CVE-2024-7537:
oFono QMI SMS Handling Out-Of-Bounds Read Information Disclosure
Vulnerability. This vulnerability allows local attackers to disclose
sensitive information on affected installations of oFono.
Authentication is not required to exploit this vulnerability. The
specific flaw exists within the processing of SMS message lists. The
issue results from the lack of proper validation of user-supplied
data, which can result in a read past the end of an allocated buffer.
An attacker can leverage this in conjunction with other
vulnerabilities to execute arbitrary code in the context of root. Was
ZDI-CAN-23157.
https://www.cve.org/CVERecord?id=CVE-2024-7537
- CVE-2024-7539:
oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability.
This vulnerability allows local attackers to execute arbitrary code on
affected installations of oFono. An attacker must first obtain the
ability to execute code on the target modem in order to exploit this
vulnerability. The specific flaw exists within the parsing of
responses from AT+CUSD commands. The issue results from the lack of
proper validation of the length of user-supplied data prior to copying
it to a stack-based buffer. An attacker can leverage this
vulnerability to execute code in the context of root. Was ZDI-
CAN-23195.
https://www.cve.org/CVERecord?id=CVE-2024-7539
- CVE-2024-7540:
oFono AT CMGL Command Uninitialized Variable Information Disclosure
Vulnerability. This vulnerability allows local attackers to disclose
sensitive information on affected installations of oFono. An attacker
must first obtain the ability to execute code on the target modem in
order to exploit this vulnerability. The specific flaw exists within
the parsing of responses from AT+CMGL commands. The issue results from
the lack of proper initialization of memory prior to accessing it. An
attacker can leverage this in conjunction with other vulnerabilities
to execute arbitrary code in the context of root. Was ZDI-CAN-23307.
https://www.cve.org/CVERecord?id=CVE-2024-7540
- CVE-2024-7541:
oFono AT CMT Command Uninitialized Variable Information Disclosure
Vulnerability. This vulnerability allows local attackers to disclose
sensitive information on affected installations of oFono. An attacker
must first obtain the ability to execute code on the target modem in
order to exploit this vulnerability. The specific flaw exists within
the parsing of responses from AT+CMT commands. The issue results from
the lack of proper initialization of memory prior to accessing it. An
attacker can leverage this in conjunction with other vulnerabilities
to execute arbitrary code in the context of root. Was ZDI-CAN-23308.
https://www.cve.org/CVERecord?id=CVE-2024-7541
- CVE-2024-7542:
oFono AT CMGR Command Uninitialized Variable Information Disclosure
Vulnerability. This vulnerability allows local attackers to disclose
sensitive information on affected installations of oFono. An attacker
must first obtain the ability to execute code on the target modem in
order to exploit this vulnerability. The specific flaw exists within
the parsing of responses from AT+CMGR commands. The issue results from
the lack of proper initialization of memory prior to accessing it. An
attacker can leverage this in conjunction with other vulnerabilities
to execute arbitrary code in the context of root. Was ZDI-CAN-23309.
https://www.cve.org/CVERecord?id=CVE-2024-7542
Also drop local patch that is no longer applicable, since upstream now
relies on HAS_BACKTRACE as well.
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
[Julien: remove .checkpackageignore entry to fix check-package error]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Announcement:
https://gcc.gnu.org/pipermail/gcc-announce/2025/000189.html
GCC 15.2 is a bug-fix release from the GCC 15 branch
containing important fixes for regressions and serious bugs in
GCC 15.1 with more than 123 bugs fixed since the previous release.
For the list of bugs fixed in this version, see:
https://gcc.gnu.org/gcc-15/changes.html#15.2
One patch is renamed to match the filename generated by "git
format-patch" out of the box.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Julien: add link to the bug list in commit log]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Drop the timestamp from the .tar.gz to make it reproducible, similar to how
it is done in support/download/helpers.
Notice: .xz files do not contain a timestamp
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The tarball created by git archive is reproducible, but when we append the
generated manual we leak current time and the username/uid of the person
running make release:
tar tvf buildroot-2025.08-rc1.tar.gz | tail
-rwxrwxr-x root/root 5512 2025-08-11 13:22 buildroot-2025.08-rc1/utils/update-rust
drwxr-xr-x peko/peko 0 2025-08-11 17:39 buildroot-2025.08-rc1/
drwxr-xr-x peko/peko 0 2025-08-11 17:38 buildroot-2025.08-rc1/docs/
drwxr-xr-x peko/peko 0 2025-08-11 17:39 buildroot-2025.08-rc1/docs/manual/
-rw-r--r-- peko/peko 5738 2025-08-11 17:38 buildroot-2025.08-rc1/docs/manual/docbook-xsl.css
-rw-r--r-- peko/peko 19029 2025-08-11 17:38 buildroot-2025.08-rc1/docs/manual/github_hash_mongrel2.png
-rw-r--r-- peko/peko 638866 2025-08-11 17:39 buildroot-2025.08-rc1/docs/manual/manual.pdf
-rw-r--r-- peko/peko 587892 2025-08-11 17:38 buildroot-2025.08-rc1/docs/manual/manual.html
-rw-r--r-- peko/peko 393514 2025-08-11 17:39 buildroot-2025.08-rc1/docs/manual/manual.text
-rw-r--r-- peko/peko 117499 2025-08-11 17:38 buildroot-2025.08-rc1/docs/manual/logo.png
Fix that by forcing uid as root and setting mtime to the latest commit,
similar to how we do it in support/download/{git,helpers}.
Notice that we do not use --numeric-owner to match the output of git
archive, so it does rely on uid 0=root, which is very likely but not
guaranteed.
Reported-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The manual contains build timestamps like:
Buildroot 2025.08-rc1 manual generated on 2025-08-12 06:43:37 UTC
Making it not reproducible. Luckily asciidoc respects SOURCE_DATE_EPOCH, so
use that to use the timestamp of the latest git commit instead.
Notice: The release and manual targets are marked as noconfig targets (and
need to stay like that for make release), so we cannot use the
BR2_REPRODUCIBLE logic. Instead manually set SOURCE_DATE_EPOCH.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Commit b55957fa65 ("CHANGES: Update for 2025.02.3" added an entry for
2025.02.3, but forgot to add an empty line after the title. Fix that.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit f30bf62f53 ("CHANGES: update for 2025.02.4") added the release to
the top of the file instead of below 2025.05-rc1. Fix that and indent with
a tab like the other releases.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since this package hasn't had a proper release in a while this patch set
the CPE_VERSION and CPE_UPDATE to the latest tags available.
The annotation available on NVD all refers to this last available
version `cpe:2.3:a:luajit:luajit:2.1.0:beta3:*:*:*:*:*:*`.
See https://nvd.nist.gov/vuln/detail/CVE-2020-15890 for instance.
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch adds atomic test and set support for the microblaze arch. A patch
is required to use atomic test and set with gcc 14 and 15 which has been
submitted upstream.
To test this patch with gcc 14:
$ cat > .config<<EOF
BR2_microblazeel=y
BR2_GCC_VERSION_14_X=y
BR2_TOOLCHAIN_BUILDROOT_CXX=y
BR2_PACKAGE_ACPITOOL=y
EOF
$ make olddefconfig
$ make
To test this patch with gcc 15:
$ cat > .config<<EOF
BR2_microblazeel=y
BR2_GCC_VERSION_15_X=y
BR2_TOOLCHAIN_BUILDROOT_CXX=y
BR2_PACKAGE_ACPITOOL=y
EOF
$ make olddefconfig
$ make
Fixes: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=118280
Upstream: https://patchwork.ozlabs.org/project/gcc/list/?series=466193
Signed-off-by: Neal Frager <neal.frager@amd.com>
Tested-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The company name was changed from "benetti-engineering-sas" to "benetti-engineering"
to be agnostic to the company legal form. Update all GitHub and LinkedIn links
accordingly.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The toolchains have been rebuilt with a recent Buildroot, and are
based on:
- Stable toolchains:
GCC 14.3
Binutils 2.43.1
GDB 15.2
Linux headers 5.4
glibc 2.41
musl 1.2.5
uclibc-ng 1.0.45
- Bleeding edge toolchains
GCC 15.1
Binutils 2.44
GDB 16.3
Linux headers 5.15
glibc 2.41
musl 1.2.5
uclibc-ng 1.0.45
The microblaze bleeding-edge toolchains are back, since we integrated
the "atomic issue" fix.
All tests are successful:
https://gitlab.com/tpetazzoni/buildroot/-/pipelines/1976388296
(note: the test branch had one more commit doing tweaks on the wget
option and re-enabling the backup site for unit tests, which are
needed to avoid intermittent failures of Gitlab CI jobs)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This issue has been fixed in the Bootlin toolchains thanks to the
Microblaze "atomic fix" in GCC.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The AUTORECONF variable was introduced in commit [1] with reference to
the patches that modified the m4 and Makefile.am files.
The commit [2] removed the last such patch but left the reference to the
patch and the AUTORECONF variable.
Later, commit [3] updated the mirror to the gitlab URL that no longer
bundle a pre-generated `configure` file, making the execution of
AUTORECONF necessary anyway.
This patch removes the obsolete reference to the patch 0001 removed in
[2] to avoid ambiguity with the new patch 0001 introduced in commit [4].
[1] 01a82c1401 package/libapparmor: enable python bindings
[2] 27cd0b5033 package/apparmor: bump to version 3.0.4
[3] 5649202ddc package/libapparmor: bump to version 3.1.7
[4] 2640f5dcd0 package/libapparmor: fix build w/ musl
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
[Peter: add a comment explaining why]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since the package bump to v10.05.0 the xlib libraries detection has been
improved to error missing x libraries (see [2]).
The following error is happening on the autobuilder when building
ghostscript with xlib_libX11:
```
checking for XOpenDisplay in -lX11... yes
checking for XdbeQueryExtension in -lXext... yes
checking for XtAppCreateShell in -lXt... no
configure: error: X11 libraries (libX11, libXt, libXext) not available, either install them, or rerun configure with "--without-x"
make: *** [package/pkg-generic.mk:263: /home/buildroot/instance-0/output-1/build/ghostscript-10.05.1/.stamp_configured] Error 1
```
This error can be reproduced with the following config:
```
cat <<EOF >.config
BR2_arm=y
BR2_cortex_a7=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_PACKAGE_XORG7=y
BR2_PACKAGE_XLIB_LIBX11=y
BR2_PACKAGE_GHOSTSCRIPT=y
EOF
make olddefconfig
make
```
This patch fixes the xlib dependencies of the ghostscript package to
correctly build with X support:
- The 'XtAppCreateShell' function is provided by the package
'xlib_libXt'.
- The 'XdbeQueryExtension' function is provided by the package
'xlib_libXext'.
They both select the 'xlib_libX11' package.
[1] 9abf662cfd package/ghostscript: security bump to version 10.05.0
[2] https://github.com/ArtifexSoftware/ghostpdl/commit/37eede31e12814fae69744e7842a5640004e5a65
Fixes: https://autobuild.buildroot.org/results/45d/45d0414f341feb2354478b145396fe137f9cc6a6
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
daemon provides its own getopt() declaration for non-GNU libcs. This
declaration is compatible with musl provided one with C standards before
C23. GCC 15 defaults to C23 that makes the empty params declaration
equivalent to getopt(void), which is incompatible with musl declaration.
Set C standard to gnu99 to restore the previous behaviour.
Fixes:
https://autobuild.buildroot.org/results/cc3311c86e2b14bf9a9c1ea00056e0b290ec11a3
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
GCC 15 switched to C23 by default, which made "void foo()" equivalent to
"void foo(void)". This causes a build error because init_comm() doesn't
actually take any arguments.
Signed-off-by: Florian Larysch <fl@n621.de>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Add a patch fixing cmake 4 compatibility, found in upstream pull
request #349. The patch has been modified to apply on version 0.6.1
instead of the current upstream HEAD.
Signed-off-by: Benoît Monin <benoit.monin@bootlin.com>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Since the commit [1] the janet package started failing on the
autobuilder when using musl libc:
```
[50/56] Compiling C object libjanet.so.1.35.2.p/meson-generated_.._janet.c.o
FAILED: libjanet.so.1.35.2.p/meson-generated_.._janet.c.o
/workdir/instance-0/output-1/host/bin/armeb-buildroot-linux-musleabi-gcc -Ilibjanet.so.1.35.2.p -I. -I.. -I../src/include -fdiagnostics-color=always -Wall -Winvalid-pch -std=c99 -O3 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -O1 -g3 -fPIC -pthread -fvisibility=hidden -MD -MQ libjanet.so.1.35.2.p/meson-generated_.._janet.c.o -MF libjanet.so.1.35.2.p/meson-generated_.._janet.c.o.d -o libjanet.so.1.35.2.p/meson-generated_.._janet.c.o -c janet.c
src/core/util.c: In function 'janet_strerror':
src/core/util.c:977:12: error: returning 'int' from a function with return type 'const char *' makes pointer from integer without a cast [-Wint-conversion]
[51/56] Compiling C object janet-native.p/meson-generated_.._janet.c.o
```
The commit [2] introduced the issue in v1.35.0, the `strerror` function
has different definition on glibc compared to musl. This issue has been
addressed in commit [3]. This patch add the upstream commit [3].
[1] 31212c4c58 package/janet: bump to version 1.35.2
[2] https://github.com/janet-lang/janet/commit/8334504f4e5aa253502a45db3eeb4db265490b4e
[3] https://github.com/janet-lang/janet/commit/a5d6b2283834422a9fa9e79b5c7ad9b932b52568
Fixes: https://autobuild.buildroot.org/results/ff1/ff1d6063c1a79d17cfa9910cca824e704a4a0c67/build-end.log
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
- add option for iwmon support
- enable linux kernel CONFIG_NLMON option needed for iwmon
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Since tuxfamily.org is slowly fading away, update my mail address
to something that is more future-proof.
Signed-off-by: Thomas Huth <huth@tuxfamily.org>
Signed-off-by: Julien Olivain <ju.o@free.fr>
On the autobuilder the following build error would appear for the
libzenoh-pico package when the option BR2_ENABLE_RUNTIME_DEBUG is
enabled:
```
[ 1%] Building C object CMakeFiles/zenohpico_shared.dir/src/api/encoding.c.o
In function '_z_encoding_convert_into_string',
inlined from 'z_encoding_to_string' at /workdir/instance-0/output-1/build/libzenoh-pico-1.2.1/src/api/encoding.c:261:5:
/workdir/instance-0/output-1/build/libzenoh-pico-1.2.1/src/api/encoding.c:203:15: error: 'strncat' output truncated before terminating nul copying 1 byte from a string of the same length [-Werror=stringop-truncation]
203 | (void)strncat(value, &sep, 1);
| ^~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
```
This error can be reproduced with:
```
cat >.config <<EOF
BR2_aarch64=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_PACKAGE_LIBZENOH_PICO=y
BR2_ENABLE_RUNTIME_DEBUG=y
EOF
make olddefconfig
make libzenoh-pico
```
This patch include the upstream commit [1] that fixes this issue.
[1] https://github.com/eclipse-zenoh/zenoh-pico/commit/60e635cbb1dc6be8eda559a913d4689845f0d62e
Fixes: https://autobuild.buildroot.org/results/0c4/0c4644b17646d3ec482f0a4cf02d6fde19db2c99
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
When the package was introduced in [1], it lacked a kconfig comment
indicating that it requires a toolchain with thread support.
[1] ea1cc1af55 package/cpuinfo: new package
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
On autobuilder config with BR2_TOOLCHAIN_HAS_THREADS not set the
following error happens when building the pthreadpool package:
```
-- Looking for pthread_create in pthreads
-- Looking for pthread_create in pthreads - not found
-- Looking for pthread_create in pthread
-- Looking for pthread_create in pthread - not found
-- Check if compiler accepts -pthread
-- Check if compiler accepts -pthread - no
CMake Error at /home/buildroot/instance-0/output-1/host/share/cmake-3.31/Modules/FindPackageHandleStandardArgs.cmake:233 (message):
Could NOT find Threads (missing: Threads_FOUND)
Call Stack (most recent call first):
/home/buildroot/instance-0/output-1/host/share/cmake-3.31/Modules/FindPackageHandleStandardArgs.cmake:603 (_FPHSA_FAILURE_MESSAGE)
/home/buildroot/instance-0/output-1/host/share/cmake-3.31/Modules/FindThreads.cmake:226 (FIND_PACKAGE_HANDLE_STANDARD_ARGS)
CMakeLists.txt:143 (FIND_PACKAGE)
-- Configuring incomplete, errors occurred!
```
This can be reproduced with:
```
cat >.config <<EOF
BR2_armeb=y
BR2_TOOLCHAIN_BUILDROOT_UCLIBC=y
BR2_PTHREADS_NONE=y
BR2_PACKAGE_PTHREADPOOL=y
EOF
make olddefconfig
make pthreadpool
```
Since the introduction of this package in [1], the dependency was not
included. Since this package was part of the tensorflow-lite
dependencies that required thread it was not an issue.
This patch adds BR2_TOOLCHAIN_HAS_THREADS in the dependency to avoid
errors when built as a standalone package.
[1] f2486a6cf9 package/pthreadpool: new package
Fixes: https://autobuild.buildroot.org/results/35a/35aa100d72c6875350ad10c57f028f04052cbf79
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
The following error occur on the autobuilder for static build using
buildroot toolchain and uclibc:
```
/usr/bin/make -j17 -C /home/buildroot/instance-0/output-1/build/snooze-0.5/ PREFIX=/usr CC=/home/buildroot/instance-0/output-1/host/bin/arc-buildroot-linux-uclibc-gcc CFLAGS="-D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -g0 -static -static"
make[1]: Entering directory '/home/buildroot/instance-0/output-1/build/snooze-0.5'
/home/buildroot/instance-0/output-1/host/bin/arc-buildroot-linux-uclibc-gcc -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -g0 -static -static snooze.c -o snooze
snooze.c:22:10: fatal error: sys/auxv.h: No such file or directory
22 | #include <sys/auxv.h>
| ^~~~~~~~~~~~
compilation terminated.
make[1]: *** [<builtin>: snooze] Error 1
```
This error can be reproduced with:
```
cat >.config <<EOF
BR2_arm=y
BR2_cortex_a7=y
BR2_TOOLCHAIN_BUILDROOT_UCLIBC=y
BR2_STATIC_LIBS=y
BR2_PACKAGE_SNOOZE=y
EOF
make olddefconfig
make snooze
```
The error doesn't occur on external toolchains.
The `#include <sys/auxv.h>` was orinally included in the initial commit
(see [1]) to use the `getauxval` function declaration. This function
usage has since been removed in commit [2].
This patch removes the include that is no longer needed.
[1] https://github.com/leahneukirchen/snooze/commit/56480881978a4cb5813746232de9950d46cb3369
[2] https://github.com/leahneukirchen/snooze/commit/610e6b35ec614764770d47b5974b30fd90dce6fe
Fixes: https://autobuild.buildroot.org/results/aec/aec463f87094a47ee059113f08e8ee3604dcea9b
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Reviewed-by: J. Neuschäfer <j.ne@posteo.net>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
When building tini with musl libc, the following error occurs dur to
missing declaration of 'basename':
```
/home/buildroot/instance-0/output-1/build/tini-0.19.0/src/tini.c: In function 'print_usage':
/home/buildroot/instance-0/output-1/build/tini-0.19.0/src/tini.c:227:36: error: implicit declaration of function 'basename' [-Wimplicit-function-declaration]
227 | fprintf(file, "%s (%s)\n", basename(name), TINI_VERSION_STRING);
| ^~~~~~~~
make: *** [package/pkg-generic.mk:273: /home/buildroot/instance-0/output-1/build/tini-0.19.0/.stamp_built] Error 1
make: Leaving directory '/home/buildroot/instance-0/buildroot'
```
This error can be reproduced with:
```
cat >.config <<EOF
BR2_aarch64=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN_AARCH64_MUSL_BLEEDING_EDGE=y
BR2_PACKAGE_TINI=y
EOF
make olddefconfig
make tini
```
This patch adds the upstream commit [1], that fixes this issue by
including `libgen.h`.
[1] https://github.com/krallin/tini/commit/924c4bd6028457188942ecbfdc75e6a343fa9395
Fixes: https://autobuild.buildroot.org/results/f0d/f0d10cd25f3b0e2a4af7266f7417b339ea5d242a
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
The php-pecl-dbus encouters two build issues in both buildroot 2025.02.x
and master branch, both related to PHP8 and GCC14:
/home/alexis/src/buildroot/php/build/php-pecl-dbus-b147624d480c3353e6c700e9a2d0c6f14d853941/dbus.c:465:56:
error: assignment to ‘zend_object_get_properties_t’ {aka ‘struct
_zend_array * (*)(struct _zend_object *)’} from incompatible pointer
type ‘HashTable * (*)(zval *)’ {aka ‘struct _zend_array * (*)(struct
_zval_str
uct *)’} [-Wincompatible-pointer-types]
465 | dbus_object_handlers_dbus_array.get_properties =
dbus_array_get_properties;
| ^
[...]
The build failure can be reproduced with this minimal defconfig:
BR2_arm=y
BR2_cortex_a9=y
BR2_ARM_ENABLE_NEON=y
BR2_ARM_ENABLE_VFP=y
BR2_ARM_FPU_NEON=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_PACKAGE_PHP=y
BR2_PACKAGE_PHP_PECL_DBUS=y
This build failure is the result of two events/conditions:
- the update to PHP8 has changed the prototype for
zend_object_read_property_t and zend_hash_get_current_key(see [1]).
But at this time, php-dbus just generated a new warning
(-Wincompatible-pointer-types)
- using bootlin bleeding-edge toolchain brings in GCC14, which now turns
this warning into a systematic error (see [2])
Bring the relevant patches to fix this build.
The first patch comes from an already opened PR on the upstream source.
The second patch has been written during the build failure
investigation, and has been sent upstream as well.
Fixes: https://autobuild.buildroot.net/results/e9892bbefa781b403fd3d834b6c48527c8e078ba
Signed-off-by: Alexis Lothoré <alexis.lothore@bootlin.com>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
All Go packages must depend on BR2_PACKAGE_HOST_GO_TARGET_ARCH_SUPPORTS,
which ensures that we do have a Go compiler available for that target.
BR2_PACKAGE_HOST_GO_TARGET_ARCH_SUPPORTS is currently restricted to the
availability of a full host Go compiler bootstrap. However, there are
architectures like AArch64 for which a full bootstrap is not supported.
Thus, currently, on an AArch64 host, we can't build Go packages (for
target or host), because we can't bootstrap a Go compiler.
However, note that a single Go compiler can generate code for all the
architectures supported by Go and for some host architectures, there are
pre-built toolchains available. When host-go-bin was added in commit
7b2a164b74 ("package/go/go-bin: new host-go provider"), the host
dependency was properly accounted for: It is already possible to build
host-go packages with go-bin. However, the fact that a Go compiler, in
addition to its native target, can also generate code for all supported
architectures, was missed at the time.
Thus, we can fix this problem by relaxing the condition under which
BR2_PACKAGE_HOST_GO_TARGET_ARCH_SUPPORTS is set to allowing go-bin
along with go-bootstrap. This allows a situation where the host can't
bootstrap, but for which there is a pre-built toolchain to build Go
packages for a supported target.
Signed-off-by: Florian Larysch <fl@n621.de>
Cc: Yann E. MORIN <yann.morin@orange.com>
Cc: Romain Naour <romain.naour@smile.fr>
Reviewed-by: Yann E. MORIN <yann.morin@orange.com>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
The previous method used to determine the --gcc-install-dir relied on
'ls' over the gcc installation path, which was fragile and failed in
cases where the external toolchain contained multiple gcc versions or
paths [1].
We replace it a more reliable approach using:
$(TARGET_CC) -print-search-dirs
This helps setup to register the desired GCC architecture if a
given toolchain packages includes multiple GCC architecture
installations. Which isn't possible using the actual method using 'ls'.
For example from James's report:
└── /opt/container/my-toolchain-2025.01.01.12345/lib/gcc/
├── aarch64-example-linux-gnu/
│ └── ...
├── i686-example-linux-gnu/
│ └── ...
└── x86_64-example-linux-gnu/
└── ...
Thanks to Romain Naour for suggesting this improved method.
[1] https://lore.kernel.org/buildroot/d1c773dc-8346-4077-946a-0d3b4e30a6c8@smile.fr/T/#t
Reported by: James Knight <git@jdknight.me>
Signed-off-by: El Mehdi YOUNES <elmehdi.younes@smile.fr>
Tested-by: James Knight <jdknight@jdknight.me>
Tested-by: James Knight <git@jdknight.me>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
When a br2-external tree has no defconfig, list-defconfig currently
whines with an error from find:
find: ‘[...]/my-external/configs’: No such file or directory
Fix that by only running find if the directory exists.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
When a br2-external tree description contains an odd number of single
quotes, list-defconfigs will fail with a shell error message:
/bin/sh: -c: line 1: unexpected EOF while looking for matching `"'
make[1]: *** [Makefile:1243: list-defconfigs] Error 2
Whoever wrote that code will have to write this sentence 100 times
on the blackboard:
Never, ever pass user-provided data in a printf format.
(see commit 49117c1028 (core: support description for br2-external
trees); dang, I knew it... And I should have known better when I wrote
that code, damit...)
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Grout automatically creates a TUN interface at runtime, so the target
kernel must have CONFIG_TUN enabled. Add a fix-up to ensure that option
is selected.
Signed-off-by: Maxime Leroy <maxime@leroys.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Toolchain failed to bootstrap with LP64F and LP64S ABIs.
As reported by Julien in [1]:
Testing the "lp64f" ABI with commands:
cat >.config <<EOF
BR2_loongarch64=y
BR2_LOONGARCH_FPU_32=y
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_USE_ARCH_DEFAULT_CONFIG=y
BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y
BR2_LINUX_KERNEL_NEEDS_HOST_LIBELF=y
BR2_TARGET_ROOTFS_EXT2=y
# BR2_TARGET_ROOTFS_TAR is not set
EOF
make olddefconfig
make
fails in host-gcc-initial with output:
Assembler messages:
/tmp/ccEkwSsD.s:28: Error: register save offset not a multiple of 8
/tmp/ccEkwSsD.s:30: Error: register save offset not a multiple of 8
/tmp/ccEkwSsD.s:50: Error: register save offset not a multiple of 8
See also autobuilder failures such as [2].
Testing the "lp46s" ABI with commands:
cat >.config <<EOF
BR2_loongarch64=y
BR2_LOONGARCH_FPU_NONE=y
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_USE_ARCH_DEFAULT_CONFIG=y
BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y
BR2_LINUX_KERNEL_NEEDS_HOST_LIBELF=y
BR2_TARGET_ROOTFS_EXT2=y
# BR2_TARGET_ROOTFS_TAR is not set
EOF
make olddefconfig
make
fails in host-gcc-final with output:
/buildroot/output/host/loongarch64-buildroot-linux-gnusf/bin/ld: cannot find crti.o: No such file or directory
/buildroot/output/host/loongarch64-buildroot-linux-gnusf/bin/ld: cannot find -lc: No such file or directory
/buildroot/output/host/loongarch64-buildroot-linux-gnusf/bin/ld: cannot find crtn.o: No such file or directory
See also autobuilder failures with as [3].
This commit marks those ABIs as broken at the moment to allow time
for investigation. Also, since gcc defaults to the "lp64d" ABI which
requires a 64bit FPU is present, the BR2_LOONGARCH_FPU_32 and
BR2_LOONGARCH_FPU_NONE options also needs to be marked as broken
as well. See [4].
[1] https://lore.kernel.org/buildroot/e17da108d1fb4e6abda26445dc053b35@free.fr/
[2] https://autobuild.buildroot.org/results/f98570293823867e6c43a1672e1a4b43ca1e4be5
[3] https://autobuild.buildroot.org/results/cf56c37fabcae964dbf4f96eb43a7e4d964452b6
[4] https://lore.kernel.org/buildroot/7b0f1cb629fce8a57d9b644b8beb8b2a@free.fr/
Cc: Mingcong Bai <jeffbai@aosc.io>
Cc: Xi Ruoyao <xry111@xry111.site>
Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
[Julien:
- add link to mailing list discussion
- add configuration to reproduce issues to help future investigations
- add links to autobuilder failures in commit log
- mark BR2_LOONGARCH_FPU_{32,NONE} as broken
]
Reviewed-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Version 95be71b matches with kernel 6.12.41.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Tested-by: Fiona Klute (WIWA) <fiona.klute@gmx.de>
[Fiona: tested on CM4 and Zero 2W, with the RPi bootloader
booting into U-Boot]
Signed-off-by: Julien Olivain <ju.o@free.fr>
When building a toolchain with kernel headers 6.1.x, the build fail
due to missing hash for linux-6.1.147.tar.xz
The hash was removed by mistake when bumping kernel 6.{6, 12, 15}.x
series.
Fixes: 51b27bad91
Cc: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
When building the libapparmor package with musl the following error
would appear:
```
test_multi.c: In function 'main':
test_multi.c:27:30: error: implicit declaration of function 'basename' [-Wimplicit-function-declaration]
27 | printf("File: %s\n", basename(argv[1]));
| ^~~~~~~~
test_multi.c:27:24: warning: format '%s' expects argument of type 'char *', but argument 2 has type 'int' [-Wformat=]
27 | printf("File: %s\n", basename(argv[1]));
| ~^ ~~~~~~~~~~~~~~~~~
| | |
| | int
| char *
| %d
make[3]: *** [Makefile:466: test_multi_multi-test_multi.o] Error 1
```
This error can be reproduced with the following:
```
cat >.config <<EOF
BR2_aarch64=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN_AARCH64_MUSL_BLEEDING_EDGE=y
BR2_PACKAGE_LIBAPPARMOR=y
EOF
make olddefconfig
make libapparmor
```
On musl libc the function `basename` is provided by included libgen.h.
This error has been addressed upstream in [1] by re-defining the
function `basename`.
[1] https://gitlab.com/apparmor/apparmor/-/commit/7fb040bde69ebdfce48cf1a01c1a62fd4f8eef0a
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
[Peter: drop unrelated AUTORECONF change]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following vulnerability:
- CVE-2025-8177
A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as
critical. This issue affects the function setrow of the file
tools/thumbnail.c. The manipulation leads to buffer overflow. An
attack has to be approached locally. The patch is named
e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It is recommended to apply a
patch to fix this issue. This vulnerability only affects products that
are no longer supported by the maintainer.
For more information, see:
- https://www.cve.org/CVERecord?id=CVE-2025-8177
- https://gitlab.com/libtiff/libtiff/-/merge_requests/737
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following vulnerability:
- CVE-2025-8176
A vulnerability was found in LibTIFF up to 4.7.0. It has been declared
as critical. This vulnerability affects the function get_histogram of
the file tools/tiffmedian.c. The manipulation leads to use after free.
The attack needs to be approached locally. The exploit has been
disclosed to the public and may be used. The patch is identified as
fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a
patch to fix this issue.
For more information, see:
- https://www.cve.org/CVERecord?id=CVE-2025-8176
- https://gitlab.com/libtiff/libtiff/-/merge_requests/727
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
On my laptop (i5-8365U), running cross-tesseract-ocr in QEMU takes
longer than the default timeout (5s), causing the test to fail:
# time tesseract frame10.png output
Error in pixReadMemTiff: function not present
Error in pixReadMem: tiff: no pix returned
Error in pixaGenerateFontFromString: pix not made
Error in bmfCreate: font pixa not made
Estimating resolution as 157
real 0m 8.17s
user 0m 5.36s
sys 0m 2.79s
So extend the assertRunOk() timeout with ~2x that similar to how it is done
for the gst-launch-1.0 pipeline.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This patch corrects the spelling of 'Xilinx' in the help menu for the
qemu package.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Back in commit
44a6b7866c ("configs/qemu_sh4*: switch
to initramfs"), the Qemu SuperH defconfigs were switched to initramfs
due to a bug in the Qemu disk emulation.
However, the initramfs solution has an issue: if the initramfs is
slightly too large (like just 6 MB!), the system no longer boots.
Since the disk emulation problem has apparently been resolved in Qemu
10 (according to testing), let's switch back to this.
In addition to essentially reverting
44a6b7866c, we also need to adjust the
kernel configuration so that the kernel takes its command line for the
bootloader (in our case from the Qemu -append option). Otherwise an
hardcoded command line is used, which doesn't mount /dev/sda as the
root filesystem.
This update has been tested on Gitlab CI:
https://gitlab.com/tpetazzoni/buildroot/-/pipelines/1968267919
Thanks to Romain Naour for pointing to the initramfs size as being the
issue.
Cc: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Fixes the following vulnerability:
CVE-2025-8194: There is a defect in the CPython “tarfile” module affecting
the “TarFile” extraction and entry enumeration APIs. The tar implementation
would process tar archives with negative offsets without error, resulting in
an infinite loop and deadlock during the parsing of maliciously crafted tar
archives.
https://nvd.nist.gov/vuln/detail/CVE-2025-8194https://www.openwall.com/lists/oss-security/2025/07/28/1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Fixes the following security issues:
GNUTLS-SA-2025-07-08-1 CVE-2025-32989
Severity Medium; Heap read buffer overflow
When an X.509 certificate contains an SCT (signed certificate timestamp)
extension and its length field is malformed, the library could read the memory
buffer past the boundary. The issue was reported in the issue tracker as
<https://gitlab.com/gnutls/gnutls/-/issues/1695>.
------------------------------------------------------------------------------
GNUTLS-SA-2025-07-08-2 CVE-2025-32988
Severity Low; Memory corruption on error path
When any error occurs during exporting a certificate with an otherName in the
SAN (subject alternative name) extension, the library could potentially double
free the ASN.1 structure. The issue was reported in the issue tracker as
<https://gitlab.com/gnutls/gnutls/-/issues/1694>.
------------------------------------------------------------------------------
GNUTLS-SA-2025-07-08-3 CVE-2025-32990
Severity Low; Heap write buffer overflow
When the certtool program is invoked with a template file with a number of
string pairs for a single keyword, a NULL pointer could be written past the
memory boundary. The issue was reported in the issue tracker as
<https://gitlab.com/gnutls/gnutls/-/issues/1696>.
------------------------------------------------------------------------------
GNUTLS-SA-2025-07-08-4 CVE-2025-6395
Severity Medium; Denial of service
When a TLS 1.3 handshake involves a Hello Retry Request and the second
Client Hello omits the PSK which was present in the first Client Hello,
the GnuTLS server can dereference a NULL pointer. The issue was reported
in the issue tracker as <https://gitlab.com/gnutls/gnutls/-/issues/1718>.
https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This commit updates the ARC toolchain components to the 2024.12
release, keeping the same patches.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
package/binutils and package/gcc both allow to use upstream versions
on ARC, but package/gdb allows using only the ARC version. Adjust the
packaging to align package/gdb with package/binutils and package/gcc,
so that upstream versions of gdb can be built for ARC.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The SBOM is easier to read if the dependencies are sorted alphabetically.
Signed-off-by: Fabien Lehoussel <fabien.lehoussel@smile.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add options to customize the project name and version in the generated SBOM
metadata and set buildroot generate-cyclonedx as a tool in the metadata
section.
Signed-off-by: Fabien Lehoussel <fabien.lehoussel@smile.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This makes it more readable and easier to quickly identify basic information.
Signed-off-by: Fabien Lehoussel <fabien.lehoussel@smile.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The ecvt(), fcvt(), and gcvt() functions from stdlib.h, used by the SIO
library packaged with the xinetd sources, are masked by _GNU_SOURCE in
musl libc.
Signed-off-by: Aaron Sierra <aaron@bubbl-tek.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Changelog (see [1]):
ver 3.9:
Fix issue with Access Point mode and frequency unlocking.
Fix issue with network configuration and BSS retry logic.
Fix issue with handling busy notification from Access Point.
Fix issue with handling P-192, P-224 and P-521 for SAE.
ver 3.8:
Fix issue with handling unit tests and missing kernel features.
ver 3.7:
Fix issue with handling length of EncryptedSecurity.
Fix issue with handling empty affinities lists.
Fix issue with handling survey scanning results.
Fix issue with handling duplicate values in DPP URI.
ver 3.6:
Fix issue with handling blacklisting and roaming requests.
Fix issue with handling CQM thresholds for FullMAC devices.
Add support for PMKSA when using FullMAC devices.
ver 3.5:
Add support for option to disable blacklist handling.
Add support for option to disable SAE for broken drivers.
ver 3.4:
Add support for the Test Anything Protocol.
ver 3.3:
Fix issue with handling External Authentication.
ver 3.2:
Fix issue with GCC 15 and -std=c23 build errors.
Add support for using PMKSA over SAE if available.
Add support for HighUtilization/StationCount thresholds.
Add support for disabling Multicast RX option.
ver 3.1:
Fix issue with handling OWE transition BSS selection.
Fix issue with handling oper class 136 starting frequency.
[1] https://git.kernel.org/pub/scm/network/wireless/iwd.git/tree/ChangeLog?h=3.9
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Changelog (see [1]):
ver 0.79:
Fix issue with D-Bus client and watch removal handling.
Fix issue with D-Bus client and service name handling.
Fix issue with D-Bus proxy and filter rule handling.
ver 0.78:
Fix issue with random ECC scalar generation.
ver 0.77:
Add support for precheck feature for unit tests.
Add support for license variable for pkg-config.
ver 0.76:
Fix issue with random scalar generation.
ver 0.75:
Add support for converting OID octets to strings.
Add support for NIST P-224 cuve usage with ECDH.
Add support for NIST P-521 cuve usage with ECDH.
Add support for SHA-3 series of hashing algorithms.
ver 0.74:
Add support for NIST P-192 curve usage with ECDH.
Add support for SHA-224 based checksums and HMACs.
ver 0.73:
Fix issue with parsing hwdb.bin child structures.
ver 0.72:
Add support for the Test Anything Protocol.
ver 0.71:
Fix issue with GCC 15 and -std=c23 build errors.
ver 0.70:
Add support for helper function for safe memcpy.
[1] https://git.kernel.org/pub/scm/libs/ell/ell.git/tree/ChangeLog?h=0.79
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The CVE-2025-3277 as been marked as a duplicate of CVE-2025-29087 by the
debian security tracker [1].
The CVE-2025-29087 has already been fixed in commit [2] so this patch
adds CVE-2025-3277 to the ignored CVEs.
[1] https://security-tracker.debian.org/tracker/CVE-2025-3277
[2] 835b5659ea package/sqlite: add patch to fix CVE-2025-29087
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Fixes build error with gcc-15.x:
drivers/net/3c509-eisa.c:39:26: error: initialization of 'void (*)(void)'
from incompatible pointer type 'void (*)(struct nic *, struct eisa_device *)'
[-Wincompatible-pointer-types]
For a similar fix see https://bugzilla.suse.com/show_bug.cgi?id=1243225
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This fixes the following vulnerability:
- CVE-2024-8947
A vulnerability was found in MicroPython 1.22.2. It has been declared
as critical. Affected by this vulnerability is an unknown functionality
of the file py/objarray.c. The manipulation leads to use after free.
The attack can be launched remotely. The complexity of an attack is
rather high. The exploitation appears to be difficult. Upgrading to
version 1.23.0 is able to address this issue. It is recommended to
upgrade the affected component. In micropython objarray component, when
a bytes object is resized and copied into itself, it may reference
memory that has already been freed.
For more information, see:
- https://www.cve.org/CVERecord?id=CVE-2024-8947
- https://github.com/micropython/micropython/commit/4bed614e707c0644c06e117f848fa12605c711cd
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Don't define boolean macros for C23 standard as they are implemented
as keywords.
Fixes the following error:
make[2]: Entering directory
'/home/user/Documents/versioned/oss/xmlrpc-c/lib/util'
gcc -c -DNDEBUG -pthread -Wall -W -Wno-uninitialized -Wundef
-Wno-unknown-pragmas -Wmissing-declarations -Wstrict-prototypes
-Wmissing-prototypes -Wimplicit -fno-common -g -O3
-Isrcdir/lib/util/include
-I/home/user/Documents/versioned/oss/xmlrpc-c casprintf.c
In file included from casprintf.c:9:
srcdir/lib/util/include/bool.h:13:5: error: cannot use keyword ‘false’
as enumeration constant
13 | false = 0,
| ^~~~~
srcdir/lib/util/include/bool.h:13:5: note: ‘false’ is a keyword with
‘-std=c23’ onwards
srcdir/lib/util/include/bool.h:15:3: error: expected ‘;’, identifier
or ‘(’ before ‘bool’
15 | } bool;
| ^~~~
srcdir/lib/util/include/bool.h:15:3: warning: useless type name in
empty declaration
Upstream: https://sourceforge.net/p/xmlrpc-c/code/3318/
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Reviewed-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Commit [1] introduced an Armv7 test case for Xen named TestXenArmv7,
next to the original Aarch64 test case which was simply named TestXen.
The test list shows, for example with the command
"support/testing/run-tests -l":
tests.package.test_xen.TestXen
tests.package.test_xen.TestXenArmv7
In order to make this test list a bit more explicit, this commit
renames the TestXen to TestXenAarch64. With that change, the list
becomes:
tests.package.test_xen.TestXenAarch64
tests.package.test_xen.TestXenArmv7
[1] https://gitlab.com/buildroot.org/buildroot/-/commit/5346824a83488f840008eb24f84866435ac32a12
Cc: Vincent Stehlé <vincent.stehle@arm.com>
Reviewed-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Starting GCC14 'implicit-function-declaration' are treated as errors by
default. When building kvmtool with musl libc, the following error
occurs due to missing declaration of 'basename':
```
vfio/core.c:537:22: error: implicit declaration of function ‘basename’ [-Wimplicit-function-declaration]
537 | group_name = basename(group_path);
| ^~~~~~~~
vfio/core.c:537:22: warning: nested extern declaration of ‘basename’ [-Wnested-externs]
vfio/core.c:537:20: error: assignment to ‘char *’ from ‘int’ makes pointer from integer without a cast [-Wint-conversion]
537 | group_name = basename(group_path);
| ^
```
This error can be reproduced with:
```
cat >.config <<EOF
BR2_aarch64=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN_AARCH64_MUSL_BLEEDING_EDGE=y
BR2_PACKAGE_KVMTOOL=y
EOF
make olddefconfig
make kvmtool
```
This patch adds the upstream commit that fixes this issue by including
the appropriate header, ensuring compatibility with musl and GCC14.
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Add a TestXenArmv7 class with its related files in an arm/ subfolder
under test_xen/, to test Xen on 32-bit Arm v7.
We cannot boot with UEFI in this case; we use a custom U-Boot script,
which creates the Xen configuration Devicetree during boot.
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
In preparation of adding a test for Xen on 32-bit Arm v7:
- Introduce an architecture-agnostic TestXenBase class where we move
most of the Xen test scenario and bits of the configuration.
- Re-organise the test_xen/ folder with the architecture-agnostic files
under common/ and the 64-bit Arm specific files under aarch64/.
Make the 64-bit Arm TestXen class inherit from the base class and leave
in there only the architecture-specific parts:
- The 64-bit Arm configuration bits.
- The test function, which passes the proper 64-bit Arm simulator
options to the generic test function.
No functional change intended.
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Commit a954d39a58 ("package/chartjs: bump to version 3.9.1") updated the
package version and the license file hash, but also changed the path to
the license file in the hash file. However, the path to the license file
hasn't changed, causing an error during "make legal-info". Revert the
path change.
Signed-off-by: Florian Larysch <fl@n621.de>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The LICENSE-MIT file has changed.
Commit 432aef05 fixed it for rust package but forgot
the update-rust script.
Signed-off-by: El Mehdi YOUNES <elmehdi.younes@smile.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
- Bump Linux kernel to v6.15.7 and update the hash file.
- Bump the model in the readme to version 11.29 build 27.
While at it, adjust the model's path in the readme to take the host
architecture into account.
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
A new kvm-unit-tests version has recently been tagged, so let's
update to that version.
This version also add suport for RISC-V, add RISC-V to Config.in
Signed-off-by: Jesse Taube <jesse@rivosinc.com>
Reviewed-by: Thomas Huth <huth@tuxfamily.org>
[Julien: move riscv32 before riscv64 in .mk]
Signed-off-by: Julien Olivain <ju.o@free.fr>
lib/long-options.c failed to compile with musl for the same reason
0002-lib-long-options.c-include-stdlib.h.patch was added to fix,
exit() being undefined. The fix is the same as well: include stdlib.h.
Fixes: b6784a1f1f ("package/lrzsz: fix build with GCC >= 14.x")
Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
Signed-off-by: Julien Olivain <ju.o@free.fr>
For release note, see:
https://github.com/encode/starlette/releases/tag/0.47.2
This fixes the following vulnerability:
- CVE-2025-54121:
Starlette is a lightweight ASGI (Asynchronous Server Gateway
Interface) framework/toolkit, designed for building async web services
in Python. In versions 0.47.1 and below, when parsing a multi-part
form with large files (greater than the default max spool size)
starlette will block the main thread to roll the file over to disk.
This blocks the event thread which means the application can't accept
new connections. The UploadFile code has a minor bug where instead of
just checking for self._in_memory, the logic should also check if the
additional bytes will cause a rollover. The vulnerability is fixed in
version 0.47.2.
https://www.cve.org/CVERecord?id=CVE-2025-54121
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Reviewed-by: Marcus Hoffmann <buildroot@bubu1.eu>
[Julien: add link to release note]
Signed-off-by: Julien Olivain <ju.o@free.fr>
A recent commit introduced a few lines that were indented with spaces
rather than a tab. Rectify this.
Fixes: 00b30f887a ("toolchain-wrapper.c: get rid of EXCLUSIVE_ARGS")
Signed-off-by: Markus Mayer <mmayer@broadcom.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Benetti Engineering just took over Larry Finger(lwfinger)'s repository [0]
rtl8821au since Larry unfortunately passed away[1](RIP) and there are
pending PRs that will never be checked as stated here. So basically move
github user to benetti-engineering-sas and update version with latest that
fixes build failure with Linux version 6.15. And of course let's update
package's URL due to the moving.
[0]: https://github.com/lwfinger/rtl8812au/issues/32
[1]: https://lwn.net/Articles/979419/
Fixes:
still not occured.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Benetti Engineering just took over Larry Finger(lwfinger)'s repository [0]
rtl8723ds since Larry unfortunately passed away[1](RIP) and there are
pending PRs that will never be checked as stated here. So basically move
github user to benetti-engineering-sas and update version with latest that
fixes build failure with Linux version 6.15. And let's drop local patches
that are now upstreamed as well. And of course let's update package's
URL due to the moving.
[0]: https://github.com/lwfinger/rtl8723ds/issues/53
[1]: https://lwn.net/Articles/979419/
Fixes:
still not occured.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Benetti Engineering just took over Larry Finger(lwfinger)'s repository
rtl8723bu since Larry unfortunately passed away[0](RIP) and there are
pending PRs that will never be checked as stated here[1]. So basically move
github user to benetti-engineering-sas and update version with latest that
fixes build failure with Linux version 6.15. And of course let's update
package's URL due to the moving.
[0]: https://lwn.net/Articles/979419/
[1]: https://github.com/lwfinger/rtl8723bu/issues/206
Fixes:
still not occured.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Add 2 local patches pending upstream to fix build failure with Linux 6.15.
Fixes:
still not occured.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Add local patch pending upstream to fix build failure with Linux 6.15.
Fixes:
still not occured.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
With this version we can build with Linux 6.15.
Fixes:
still not occured.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
[Julien: remove empty line in hash file to fix check-package error]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Benetti Engineering just took over Larry Finger(lwfinger)'s repository
rtl8188eu since Larry unfortunately passed away[0](RIP) and there are
pending PRs that will never be checked as stated here[1]. So basically move
github user to benetti-engineering-sas and update version with latest that
fixes build failure with Linux version 6.15. And let's drop local patches
that are now upstreamed as well. Let's also drop obsolete Config.in
informations since as stated here[2]: "This driver is under development
and has a limited feature set. In particular it does not yet support 40MHz
channels and power management". At the same time drop other suggestions
like enabling CONFIG_WIRELESS_EXT or "this package needs a firmware loading
mechanism to load the binary blob for the chip to work" since they are now
part of the package. And of course let's update package's URL due to the
moving.
[0]: https://lwn.net/Articles/979419/
[1]: https://github.com/lwfinger/rtl8188eu/pull/464
Fixes:
https://autobuild.buildroot.org/results/d59537da8eb27d737718885dc81ec257a2791455/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Reviewed-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Rather than having a hard coded amount of exclusive args (with the risk of
overflow when new logic is added), simplify the argument buffer allocation
logic to always allocate room for DEFAULT_MAX_ARGS (1024) arguments and just
realloc to grow for the rare situation where that is not enough.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
C99 section 5.1.2.2.1p2 mandates that:
- argv[argc] shall be a null pointer.
https://www.open-std.org/jtc1/sc22/wg14/www/docs/n1256.pdf
So we might as well copy the null pointer along in the memcpy() rather than
copy everything up to the null pointer and then add one afterwards for
simplicity.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The patch bumps the Linux kernel to version 6.12.39 and U-Boot to
version 2025.07. The patches applied to U-Boot by Buildroot have been
removed, as they are included in version 2025.07.
The patch has been tested on both boards.
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
When building LTP with a musl toolchain with kernel headers >= 6.14,
compilation fails with error:
In file included from listmount02.c:22:
listmount.h: In function ‘listmount’:
listmount.h:18:16: error: variable ‘req’ has initializer but incomplete type
18 | struct mnt_id_req req = {
| ^~~~~~~~~~
The issue can be reproduced with commands:
cat >.config <<EOF
BR2_aarch64=y
BR2_TOOLCHAIN_BUILDROOT_MUSL=y
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_LATEST_VERSION=y
BR2_LINUX_KERNEL_USE_ARCH_DEFAULT_CONFIG=y
BR2_PACKAGE_LTP_TESTSUITE=y
EOF
make olddefconfig
make ltp-testsuite
Backport 2 commits from upstream which fixes LTP on musl on
kernel >= 6.14.
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
[Julien:
- add commands to reproduce the issue in commit log
- move _AUTORECONF up to be nearer _VERSION
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Update the zynqmp readme.txt file to use BR2_TARGET_UBOOT_ZYNQMP_PSU_INIT_FILE
option for configuring custom zynqmp boards with Buildroot. There is no need
for any custom / manual steps since the support is included with Buildroot.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Reviewed-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Nftables should be preferred over iptables if available, which
NetworkManager will do if both paths are set.
Signed-off-by: Fiona Klute (WIWA) <fiona.klute@gmx.de>
Signed-off-by: Julien Olivain <ju.o@free.fr>
For release notes since version 5.4.3, see:
https://github.com/assimp/assimp/releases
This fixes the following vulnerabilities:
- CVE-2025-2750:
A vulnerability, which was classified as critical, was found in Open
Asset Import Library Assimp 5.4.3. This affects the function
Assimp::CSMImporter::InternReadFile of the file
code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. The
manipulation leads to out-of-bounds write. It is possible to initiate
the attack remotely. The exploit has been disclosed to the public and
may be used.
https://www.cve.org/CVERecord?id=CVE-2025-2750
- CVE-2025-2751:
A vulnerability has been found in Open Asset Import Library Assimp
5.4.3 and classified as problematic. This vulnerability affects the
function Assimp::CSMImporter::InternReadFile of the file
code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. The
manipulation of the argument na leads to out-of-bounds read. The
attack can be initiated remotely. The exploit has been disclosed to
the public and may be used.
https://www.cve.org/CVERecord?id=CVE-2025-2751
- CVE-2025-2757:
A vulnerability classified as critical was found in Open Asset Import
Library Assimp 5.4.3. This vulnerability affects the function
AI_MD5_PARSE_STRING_IN_QUOTATION of the file
code/AssetLib/MD5/MD5Parser.cpp of the component MD5 File Handler. The
manipulation of the argument data leads to heap-based buffer overflow.
The attack can be initiated remotely. The exploit has been disclosed
to the public and may be used.
https://www.cve.org/CVERecord?id=CVE-2025-2757
- CVE-2025-3158:
A vulnerability, which was classified as critical, has been found in
Open Asset Import Library Assimp 5.4.3. Affected by this issue is the
function Assimp::LWO::AnimResolver::UpdateAnimRangeSetup of the file
code/AssetLib/LWO/LWOAnimation.cpp of the component LWO File Handler.
The manipulation leads to heap-based buffer overflow. It is possible
to launch the attack on the local host. The exploit has been disclosed
to the public and may be used.
https://www.cve.org/CVERecord?id=CVE-2025-3158
Also, drop local security patches that have been applied upstream
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
[Julien: add link to relase notes]
Signed-off-by: Julien Olivain <ju.o@free.fr>
This is a security release of the Long Term Support branch, see release notes:
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.4
Also update the download location, because upstream changed the tag naming
scheme from v<...> to mbedtls-<...>
This fixes the following vulnerabilities:
- CVE-2025-47917
Fix possible use-after-free or double-free in code calling
mbedtls_x509_string_to_names(). This was caused by the function calling
mbedtls_asn1_free_named_data_list() on its head argument, while the
documentation did no suggest it did, making it likely for callers relying
on the documented behaviour to still hold pointers to memory blocks after
they were free()d, resulting in high risk of use-after-free or double-free,
with consequences ranging up to arbitrary code execution.
In particular, the two sample programs x509/cert_write and x509/cert_req
were affected (use-after-free if the san string contains more than one DN).
Code that does not call mbedtls_string_to_names() directly is not affected.
- CVE-2025-48965
Fix a bug in mbedtls_asn1_store_named_data() where it would sometimes leave
an item in the output list in an inconsistent state with val.p == NULL but
val.len > 0. This impacts applications that call this function directly,
or indirectly via mbedtls_x509_string_to_names() or one of the
mbedtls_x509write_{crt,csr}set{subject,issuer}_name() functions. The
inconsistent state of the output could then cause a NULL dereference either
inside the same call to mbedtls_x509_string_to_names(), or in subsequent
users of the output structure, such as mbedtls_x509_write_names(). This
only affects applications that create (as opposed to consume) X.509
certificates, CSRs or CRLs, or that call mbedtls_asn1_store_named_data()
- CVE-2025-49087
Fix a timing side channel in the implementation of PKCS#7 padding
which would allow an attacker who can request decryption of arbitrary
ciphertexts to recover the plaintext through a timing oracle attack.
- CVE-2025-49600:
In MbedTLS 3.3.0 before 3.6.4, mbedtls_lms_verify may accept invalid
signatures if hash computation fails and internal errors go unchecked,
enabling LMS (Leighton-Micali Signature) forgery in a fault scenario.
Specifically, unchecked return values in mbedtls_lms_verify allow an
attacker (who can induce a hardware hash accelerator fault) to bypass
LMS signature verification by reusing stale stack data, resulting in
acceptance of an invalid signature. In mbedtls_lms_verify, the return
values of the internal Merkle tree functions create_merkle_leaf_value
and create_merkle_internal_value are not checked. These functions
return an integer that indicates whether the call succeeded or not. If
a failure occurs, the output buffer (Tc_candidate_root_node) may
remain uninitialized, and the result of the signature verification is
unpredictable. When the software implementation of SHA-256 is used,
these functions will not fail. However, with hardware-accelerated
hashing, an attacker could use fault injection against the accelerator
to bypass verification.
https://www.cve.org/CVERecord?id=CVE-2025-49600
- CVE-2025-49601:
In MbedTLS 3.3.0 before 3.6.4, mbedtls_lms_import_public_key does not
check that the input buffer is at least 4 bytes before reading a
32-bit field, allowing a possible out-of-bounds read on truncated
input. Specifically, an out-of-bounds read in
mbedtls_lms_import_public_key allows context-dependent attackers to
trigger a crash or limited adjacent-memory disclosure by supplying a
truncated LMS (Leighton-Micali Signature) public-key buffer under four
bytes. An LMS public key starts with a 4-byte type indicator. The
function mbedtls_lms_import_public_key reads this type indicator
before validating the size of its input.
https://www.cve.org/CVERecord?id=CVE-2025-49601
- CVE-2025-52496:
Mbed TLS before 3.6.4 has a race condition in AESNI detection if
certain compiler optimizations occur. An attacker may be able to
extract an AES key from a multithreaded program, or perform a GCM
forgery.
https://www.cve.org/CVERecord?id=CVE-2025-52496
- CVE-2025-52497:
Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer
underflow, in mbedtls_pem_read_buffer and two mbedtls_pk_parse
functions, via untrusted PEM input.
https://www.cve.org/CVERecord?id=CVE-2025-52497
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
[Julien: fix upstream hash URL in hash file]
Signed-off-by: Julien Olivain <ju.o@free.fr>
The sunxi-mali-utgard-driver at git version 9926236a is failing
to build with kernel 6.15.
The issue has not been seen in autobuilder, but can be reproduced
with commands:
cat >.config <<EOF
BR2_aarch64=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_LATEST_VERSION=y
BR2_LINUX_KERNEL_USE_ARCH_DEFAULT_CONFIG=y
BR2_PACKAGE_SUNXI_MALI_UTGARD=y
EOF
make olddefconfig
make sunxi-mali-utgard-driver
This new version fixes the issue and builds up to Linux 6.15.
Also, _SITE URL has moved to github benetti-engineering-sas so
let's modify accordingly.
Fixes:
linux/mali_osk_timers.c: In function ‘_mali_osk_timer_del’:
linux/mali_osk_timers.c:59:9: error: implicit declaration of function ‘del_timer_sync’ [-Wimplicit-function-declaration]
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
[Julien: add commands to reproduce the issue in commit log]
Signed-off-by: Julien Olivain <ju.o@free.fr>
The previous url pointed to an unrelated but similarly named project.
Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Release Notes:
* Fixed deletion of Local values affecting other contexts. (#523)
* Skip CPython specific garbage collection test on pypy. (#521)
3.9.0 (2025-07-03)
------------------
* Adds support for Python 3.13.
* Drops support for (end-of-life) Python 3.8.
* Fixes an error with conflicting kwargs between AsyncToSync and the wrapped
function. (#471)
* Fixes Local isolation between asyncio Tasks. (#478)
* Fixes a reference cycle in Local (#508)
* Fixes a deadlock in CurrentThreadExecutor with nested async_to_sync →
sync_to_async → async_to_sync → create_task calls. (#494)
* The ApplicationCommunicator testing utility will now return the task result
if it's already completed on send_input and receive_nothing. You may need to
catch (e.g.) the asyncio.exceptions.CancelledError if sending messages to
already finished consumers in your tests. (#505)
Source: https://github.com/django/asgiref/blob/main/CHANGELOG.txt
Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This adds the experimental vulkan support for the PowerVR rogue
architecture.
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This "powervr" directory has been present in linux-firmware since
version 20231211.
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Reviewed-by: Bryan Brattlof <bb@ti.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Add an option to install the firmware files for Chips&Media Wave 521C
video processor used in the TI K3 architecture.
This "cnm/wave521c_k3_codec_fw.bin" file has been present in linux-firmware
since version 20221109.
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Reviewed-by: Bryan Brattlof <bb@ti.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
libcddb fail to build with gcc-14 with error:
cddb_net.c: In function 'timeout_connect':
cddb_net.c:328:63: error: passing argument 5 of 'getsockopt' from incompatible pointer type [-Wincompatible-pointer-types]
328 | getsockopt(sockfd, SOL_SOCKET, SO_ERROR, &rv, &l);
| ^~
| |
| size_t * {aka long unsigned int *}
This commit adds a patch to fix the issue.
Fixes:
https://autobuild.buildroot.net/results/723/7236cf5fd4f33aabd3178586f877dff04d754abe/
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
[Julien: add error message in commit log]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Drop no longer required host-python-tomli dependency.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
Drop no longer required host-python-typing-extensions dependency.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
This fixes the following vulnerability:
- CVE-2025-53643:
In aiohttp prior to version 3.12.14, the Python parser is vulnerable
to a request smuggling vulnerability due to not parsing trailer
sections of an HTTP request. If a pure Python version of aiohttp is
installed (i.e. without the usual C extensions) or
AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to
execute a request smuggling attack to bypass certain firewalls or
proxy protections. Version 3.12.14 contains a patch for this issue.
https://www.cve.org/CVERecord?id=CVE-2025-53643
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
The patch bumps the Linux kernel to version 6.12.36 and U-Boot to
version 2025.07.
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This reverts commit e44aff6b1b which added
support for linking ffmpeg against libpulse if it is present to provide
libavdevice support for the PulseAudio protocol. However, it turns out
that this creates a dependency cycle when BR2_PACKAGE_LIBSOXR is
enabled, since the pulseaudio daemon can use libsoxr for resampling and
libsoxr can use the FFT implementation from ffmpeg.
Resolving this would probably mean breaking up the pulseaudio package
into the client libraries and the daemon proper (a standalone libpulse
without the daemon is still useful since it can talk to a remote daemon
via the network or more likely today talk to a local instance of
PipeWire, which also implements the PulseAudio protocol).
For now, break the dependency cycle by reverting to the original state
(no pulseaudio client support in ffmpeg).
Reported-by: Titouan Christophe <titouan.christophe@mind.be>
Signed-off-by: Florian Larysch <fl@n621.de>
Signed-off-by: Julien Olivain <ju.o@free.fr>
For release notes since version 27.5.1, see:
https://github.com/moby/moby/releases
Since version 28.0.0, docker-engine requires the RAW netfilter table, so
enable that as part of the kernel fixups.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Christian Stewart <christian@aperture.us>
[Julien: add link to release notes]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Via the docker-compose runtime test, we can exercise the full suite of
the docker-related packages: docker-compose, of course, but also
docker-engine, which in turn allows exercising containerd. The latter
by defualt uses runc as the container runtime, but can alternatively use
crun.
Extend the docker-compose runtime test with a variant that enables crun.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Upstream passt only documents runtime dependencies; and they advertise
being able to run on kernel 3.8 or later. However, they do not document
the build dependencies.
As reported by Julien, since 2024_12_11.09478d5, upstream requires
kernel headers >= 5.0, as they make use of linux/vhost_types.h, only
introduced in 5.0.
Add a dependency to kernel headers, and propagate it to podman's passt
backend.
Reported-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
When building libesmtp on the autobuilder with gcc-14, the
following error occurs:
/workdir/instance-0/output-1/per-package/libesmtp/host/bin/arc-linux-gcc -Ilibesmtp.so.6.2.0.p -I. -I.. -I/workdir/instance-0/output-1/per-package/libesmtp/host/arc-buildroot-linux-gnu/sysroot/usr/include -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -O3 -D_POSIX_C_SOURCE=200809L -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -g0 -D_FORTIFY_SOURCE=2 -fPIC -pthread -MD -MQ libesmtp.so.6.2.0.p/smtp-api.c.o -MF libesmtp.so.6.2.0.p/smtp-api.c.o.d -o libesmtp.so.6.2.0.p/smtp-api.c.o -c ../smtp-api.c
../smtp-api.c: In function 'smtp_version':
../smtp-api.c:1183:7: error: implicit declaration of function 'strlcpy'; did you mean 'strncpy'? [-Wimplicit-function-declaration]
1183 | if (strlcpy (buf, v, len) > len)
| ^~~~~~~
| strncpy
This error has been fixed upstream in commit [1], but no new release
has been made since.
This patch update the package version to fetch the latest upstream
commit v1.1.0-14-g335ee8d.
For the changes, see:
- https://github.com/libesmtp/libESMTP/compare/v1.1.0...335ee8d2fa5cb7d30db7b818ec05563ad139ee2f
[1] https://github.com/libesmtp/libESMTP/commit/972eb547493357681b1b7012ef20618e6831cfde
Fixes: https://autobuild.buildroot.org/results/ced/ceda012506edccda1727904eb3327017b07e27d8
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
[Julien:
- mention gcc-14 as the root cause of the build failure
- use "git describe --tags --abbrev=40" format in _VERSION
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
This brings the script in line with current init script standards, and
fixes all make check-package warnings. Other notable changes:
* Use start-stop-daemon to create a PID file, so we can monitor shutdown.
* Use "udevadm control --exit" to implement stop, instead of "killall".
* Do not require /etc/udev/udev.conf to exist, the default contains
only comments and udevd works without.
* Do not parse /etc/udev/udev.conf, the udev_root configuration option
it was used for has been removed in version 1.5.1 [1].
* Implement reload using udevadm.
[1] https://github.com/eudev-project/eudev/commit/6ada823a9a0979ea145fd70add1007c21caa45c0
Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The hwdb sources are always deleted from the rootfs image (see commit
07aa585aa6), so the resulting hwdb.bin
is installed package data, not user configuration. The name of the
"--usr" flag to "udevadm hwdb" may be confusing, but it chooses the
libexecdir location, whether that is in /usr or not.
Eudev checks both locations and prefers the one in /etc if it exists,
so overriding the configuration in an installed system is possible as
before, with the advantage that /etc/udev/hwdb.bin (if any) can be
deleted to restore defaults.
Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Minimum python version is now 3.9, but also it's not really relevant to
mention this in the package description.
Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Currently, both BR2_TARGET_ROOTFS_EROFS_ALL_FRAGMENTS and
BR2_TARGET_ROOTFS_EROFS_FRAGMENTS have the same Kconfig prompt, making
them hard to distinguish.
Reword the one for -Eall-fragments to be distinct.
Signed-off-by: Florian Larysch <fl@n621.de>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Version 2.23 change log:
* support MPD protocol 0.24.0
- allow window for listplaylist and listplaylistinfo
- command "playlistlength", "protocol", "stickertypes",
"stickernamestypes", "searchplaylist"
- tag "ShowMovement"
- new sticker find api
- new subcommands for "tagtypes": "available", "reset"
* Support open end for mpd_search_add_window
* format floating-point numbers with the POSIX localew
Signed-off-by: Andreas Ziegler <br015@umbiko.net>
Tested-by: Andreas Ziegler <br015@umbiko.net>
[Julien: update signature link in hash file]
Signed-off-by: Julien Olivain <ju.o@free.fr>
This patch replaces the previous patch allowing to build with ffmpeg 6.x
with a patch which also allows to build with ffmpeg 7.x.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The following build error is happening on the autobuilder:
```
arg_int.c:60:12: error: implicit declaration of function 'isspace' [-Wimplicit-function-declaration]
60 | while (isspace(*ptr))
| ^~~~~~~
arg_int.c:33:1: note: include '<ctype.h>' or provide a declaration of 'isspace'
32 | #include <limits.h>
+++ |+#include <ctype.h>
33 |
arg_int.c:89:8: error: implicit declaration of function 'toupper' [-Wimplicit-function-declaration]
89 | if (toupper(*ptr++)!=toupper(X))
| ^~~~~~~
arg_int.c:89:8: note: include '<ctype.h>' or provide a declaration of 'toupper'
```
Both `isspace` and `toupper` are declared in the `ctype.h` header.
This build error started to happen with gcc-14.
The `ctype.h` include was added in a later upstream commit.
This patch adds that upstream commit and strip everything else to only
patch that include.
Fixes: https://autobuild.buildroot.org/results/d38/d38e3e12f52c3fde08ab446ca14a1a7bd65c9469//
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
[Julien: add comment about gcc-14]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Switch to extlinux instead of built in U-Boot script.
Drop custom U-Boot fragment and genimage config.
Update U-Boot from 2024.01 to 2025.07. This new U-Boot now
requires BR2_TARGET_UBOOT_NEEDS_PYLIBFDT=y in the defconfig.
Signed-off-by: Jesse Taube <Mr.Bossman075@gmail.com>
Reviewed-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
[Julien:
- mention U-Boot bump in commit log
- add BR2_TARGET_UBOOT_NEEDS_PYLIBFDT=y
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Adds support for BeagleY-AI board by introducing the
beagley_ai_defconfig file and related support files.
The BeagleY-AI uses the TI J722S SoC, also known as AM67A, also
known as TDA4VEN or TDA4AEN.
Retrieve BSP settings from meta-ti (may be useful for other TI boards):
- Set BR2_TARGET_ARM_TRUSTED_FIRMWARE_TARGET_BOARD = "lite"
meta-ti-bsp/conf/machine/include/j722s.inc:TFA_BOARD = "lite"
- Set BR2_TARGET_UBOOT_NEEDS_ATF_BL31 to provide BL31 variable pointing
to ATF bl31.bin to the U-Boot build process [1].
- Set BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL32_OPTEE to OP-TEE as BL32
secure payload. meta-ti set "SPD=opteed" to build ATF [2].
- Set BR2_TARGET_OPTEE_OS_PLATFORM to "k3-am62x".
meta-ti uses the OPTEEMACHINE to set optee-os platform [3].
meta-ti]$ git grep OPTEEMACHINE
meta-ti-bsp/conf/machine/include/j722s.inc:OPTEEMACHINE = "k3-am62x"
- Use am67a_beagley_ai_a53 and am67a_beagley_ai_r5 u-boot
defconfigs introduced in u-boot v2025.07 [4]
- u-boot distroboot (bootflow) detect extlinux.conf file from the first
SDcard partition, so we have to install the kernel and its dtb file.
Use devicetreedir instead of devicetree in extlinux.conf file to
avoid hardcoding the devicetree file name. TI boards are able to
retrieve dtb file name from an EEPROM (see TI_I2C_BOARD_DETECT in
uboot).
- Use 6.15.6 stable release instead of the latest 6.12 LTS since the
k3-j722s support was only introduced in 6.11 kernels.
- Provide a hash file for all custom package version
(arm-trusted-firmware, linux, ti-k3-r5-loader, uboot) to enable
BR2_DOWNLOAD_FORCE_CHECK_HASHES.
[1] https://git.yoctoproject.org/meta-ti/commit/?id=e74b9a1746d4d04757c87c1920a0f743e55ff096
[2] https://git.yoctoproject.org/meta-ti/tree/meta-ti-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-ti.inc?h=09.02.00.004#n7
[3] https://git.yoctoproject.org/meta-arm/tree/meta-arm/recipes-security/optee/optee-os.inc?h=4.0.3#n23
[4] https://source.denx.de/u-boot/u-boot/-/commit/b27c94958b976213e3f21e53943a699ffa53f16e
More information about the board can be found at:
https://www.beagleboard.org/boards/beagley-ai
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The patch bumps the Linux kernel to version 6.12.23-ti-arm32-r11 and
U-Boot to version 2025.07.
Tested on beaglebone black.
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This patch bumps:
- U-Boot to version v2025.07
- Linux kernel to version 6.12.36 (LTS)
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Reviewed-by: Bryan Brattlof <bb@ti.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Adding _GNU_SOURCE to CFLAGS was necessary to fix the following error
raised during the compilation of the new version:
ufs_emon.c: In function ‘do_emon’:
ufs_emon.c:455:51: error: ‘O_DIRECT’ undeclared (first use in this function); did you mean ‘O_DIRECTORY’?
455 | fill_data_fd = open("fill_file", O_RDWR | O_DIRECT | O_CREAT,
| ^~~~~~~~
| O_DIRECTORY
ufs_emon.c:455:51: note: each undeclared identifier is reported only once for each function it appears in
This _GNU_SOURCE define was added upstream in commit [1] in the Makefile
default CFLAGS, but since Buildroot redefines those it needs to be added
back.
Release notes:
https://github.com/SanDisk-Open-Source/ufs-utils/releases/tag/v7.14.11
[1] https://github.com/SanDisk-Open-Source/ufs-utils/commit/183e0deb28f13cfb3caf161fc6d0f3cd1edb05c2
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
[Julien: add link to upstream commit to justify _GNU_SOURCE]
Signed-off-by: Julien Olivain <ju.o@free.fr>
This brings the init script in line with current standards, including
PID file management.
The chown & chmod commands in the check_device function will run only
for systems without udev, and the permissions have been adjusted to
those udev would set.
Signed-off-by: Fiona Klute (WIWA) <fiona.klute@gmx.de>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Default policies should go to /usr/share, /etc should be used to
override them locally if needed.
Signed-off-by: Fiona Klute (WIWA) <fiona.klute@gmx.de>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Read the announcement: https://lwn.net/ml/all/xmqq5xg2wrd1.fsf@gitster.g/
This fixes the following vulnerabilities:
- CVE-2025-27613 (Gitk):
When a user clones an untrusted repository and runs Gitk without
additional command arguments, any writable file can be created and
truncated. The option "Support per-file encoding" must have been
enabled. The operation "Show origin of this line" is affected as
well, regardless of the option being enabled or not.
https://www.cve.org/CVERecord?id=CVE-2025-27613
- CVE-2025-27614 (Gitk):
A Git repository can be crafted in such a way that a user who has
cloned the repository can be tricked into running any script
supplied by the attacker by invoking `gitk filename`, where
`filename` has a particular structure.
https://www.cve.org/CVERecord?id=CVE-2025-27614
- CVE-2025-46835 (Git GUI):
When a user clones an untrusted repository and is tricked into
editing a file located in a maliciously named directory in the
repository, then Git GUI can create and overwrite any writable
file.
https://www.cve.org/CVERecord?id=CVE-2025-46835
- CVE-2025-48384:
When reading a config value, Git strips any trailing carriage
return and line feed (CRLF). When writing a config entry, values
with a trailing CR are not quoted, causing the CR to be lost when
the config is later read. When initializing a submodule, if the
submodule path contains a trailing CR, the altered path is read
resulting in the submodule being checked out to an incorrect
location. If a symlink exists that points the altered path to the
submodule hooks directory, and the submodule contains an executable
post-checkout hook, the script may be unintentionally executed
after checkout.
https://www.cve.org/CVERecord?id=CVE-2025-48384
- CVE-2025-48385:
When cloning a repository Git knows to optionally fetch a bundle
advertised by the remote server, which allows the server-side to
offload parts of the clone to a CDN. The Git client does not
perform sufficient validation of the advertised bundles, which
allows the remote side to perform protocol injection.
This protocol injection can cause the client to write the fetched
bundle to a location controlled by the adversary. The fetched
content is fully controlled by the server, which can in the worst
case lead to arbitrary code execution.
https://www.cve.org/CVERecord?id=CVE-2025-48385
- CVE-2025-48386:
The wincred credential helper uses a static buffer (`target`) as a
unique key for storing and comparing against internal storage. This
credential helper does not properly bounds check the available
space remaining in the buffer before appending to it with
`wcsncat()`, leading to potential buffer overflows.
https://www.cve.org/CVERecord?id=CVE-2025-48386
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
See the release notes:
- https://github.com/irontec/sngrep/releases/tag/v1.7.0
- https://github.com/irontec/sngrep/releases/tag/v1.8.0
- https://github.com/irontec/sngrep/releases/tag/v1.8.1
- https://github.com/irontec/sngrep/releases/tag/v1.8.2
This fixes the following vulnerabilities:
- CVE-2024-3119:
A buffer overflow vulnerability exists in all versions of sngrep since
v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID' SIP
headers. The functions sip_get_callid and sip_get_xcallid in sip.c use
the strncpy function to copy header contents into fixed-size buffers
without checking the data length. This flaw allows remote attackers to
execute arbitrary code or cause a denial of service (DoS) through
specially crafted SIP messages.
https://www.cve.org/CVERecord?id=CVE-2024-3119
- CVE-2024-3120:
A stack-buffer overflow vulnerability exists in all versions of sngrep
since v1.4.1. The flaw is due to inadequate bounds checking when
copying 'Content-Length' and 'Warning' headers into fixed-size buffers
in the sip_validate_packet and sip_parse_extra_headers functions
within src/sip.c. This vulnerability allows remote attackers to
execute arbitrary code or cause a denial of service (DoS) via crafted
SIP messages.
https://www.cve.org/CVERecord?id=CVE-2024-3120
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Since the mbedtls bump to v3.6 [1] the libiec61850 package is failling
on the autobuilder with the following error:
```
[ 2%] Building C object hal/CMakeFiles/hal.dir/tls/mbedtls/tls_mbedtls.c.o
/workdir/instance-0/output-1/build/libiec61850-1.6.0/hal/tls/mbedtls/tls_mbedtls.c: In function 'compareCertificates':
/workdir/instance-0/output-1/build/libiec61850-1.6.0/hal/tls/mbedtls/tls_mbedtls.c:122:17: error: 'mbedtls_x509_crt' has no member named 'sig'
122 | if (crt1->sig.len == crt2->sig.len)
| ^~
/workdir/instance-0/output-1/build/libiec61850-1.6.0/hal/tls/mbedtls/tls_mbedtls.c:122:34: error: 'mbedtls_x509_crt' has no member named 'sig'
122 | if (crt1->sig.len == crt2->sig.len)
| ^~
...
```
The logic to support mbedtls v3 is already present on the version
present in buildroot.
This patch ensures that the CMake build uses the mbedtls headers and
libraries provided by buildroot rather than the bundled copy.
By setting the following variable the mbedtls v3.6 is correctly found
during the configuration of the package.
```
Found mbedtls 3.6 -> can compile HAL with TLS 1.3 support
```
[1] 3481a9643f package/mbedtls: bump to version 3.6.3.1
Fixes: https://autobuild.buildroot.org/results/5fc/5fca384510d2fb9dd1d01736dee34b53339d62ff/build-end.log
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Since [1] when trying to build this package with mbedtls v3.6 the
following error is happening:
```
player.h:12:10: fatal error: mbedtls/havege.h: No such file or directory
12 | #include <mbedtls/havege.h>
| ^~~~~~~~~~~~~~~~~~
compilation terminated.
```
This error can be reproduced with the following config:
```
cat <<EOF >.config
BR2_arm=y
BR2_cortex_a7=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_PACKAGE_MBEDTLS=y
BR2_PACKAGE_SHAIRPORT_SYNC=y
EOF
make olddefconfig
make
```
This patch backport the upstream commit [2] that add support for
mbedtls v3.
[1] 3481a9643f package/mbedtls: bump to version 3.6.3.1
[2] https://github.com/mikebrady/shairport-sync/commit/d73b585c6f6d9136ae7a04243a54d734fa57d779
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Since the mbedtls bump to v3.6 [1] the ustream-ssl package is failling
on the autobuilder with the following error:
```
In file included from /home/buildroot/instance-0/output-1/build/ustream-ssl-68d09243b6fd4473004b27ff6483352e76e6af1a/ustream-internal.h:25,
from /home/buildroot/instance-0/output-1/build/ustream-ssl-68d09243b6fd4473004b27ff6483352e76e6af1a/ustream-ssl.c:25:
/home/buildroot/instance-0/output-1/build/ustream-ssl-68d09243b6fd4473004b27ff6483352e76e6af1a/ustream-mbedtls.h:24:10: fatal error: mbedtls/certs.h: No such file or directory
24 | #include <mbedtls/certs.h>
| ^~~~~~~~~~~~~~~~~
compilation terminated.
```
This error can be reproduced with the following config:
```
cat <<EOF >.config
BR2_arm=y
BR2_cortex_a7=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_PACKAGE_MBEDTLS=y
BR2_PACKAGE_USTREAM_SSL=y
EOF
make olddefconfig
make
```
This patch backport upstream commit that address the compatibility with
mbedtls v3.6.
- [2] rename the `_random` function used by the mbedtls functions
- [3] update `mbedtls_pk_parse_keyfile` function to support new mbedtls
definition and use `mbedtls_pk_get_type`.
[1] 3481a9643f package/mbedtls: bump to version 3.6.3.1
[2] 0001-ustream-mbedtls-use-getrandom-instead-of-dev-urandom.patch
[3] 0002-ustream-mbedtls-add-compatibility-with-mbed-tls-3-0-0.patch
Fixes: https://autobuild.buildroot.org/results/c20/c20dac7cbe5def2c6036d2e1d06de0bfea68b57c
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Xen currently fails to build for 32-bit Arm v7 with binutils >= 2.41,
with the following error:
proc-v7.S:33: Error: junk at end of line, first unrecognized character is `#'
The failure can be reproduced with the commands:
cat >.config <<EOF
BR2_arm=y
BR2_cortex_a9=y
BR2_ARM_ENABLE_VFP=y
BR2_ARM_EABIHF=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_PACKAGE_XEN=y
BR2_PACKAGE_XEN_HYPERVISOR=y
BR2_PACKAGE_XEN_TOOLS=y
EOF
make olddefconfig
make xen
Backport a patch from Xen 4.18 plus one patch it depends on to fix the
build.
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Alistair Francis <alistair@alistair23.me>
[Julien:
- reword commit title
- add commands to reproduce the issue in commit log
- add missing SoB lines to patches
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Commit 1e97b27873 ("ccache: support changing the output directory") added
the CCACHE_BASEDIR logic, but added a comment (presumably from cut'n'paste)
about compilercheck instead, fix that.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Switch to meson build system.
Remove an upstreamed patch.
The license files are now gathered in the LICENSES folder.
Add support for the libsocketcan library.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
[Julien:
- use "git describe --tags" format in commit title
- use "git describe --tags --abbrev=40" in _VERSION
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
The error appears on autobuilder with the build using GCC14:
FAILED: ncmpc.p/src_Styles.cxx.o
In file included from ../src/Styles.cxx:7:
/home/buildroot/instance-0/output-1/host/microblazeel-buildroot-linux-gnu/sysroot/usr/include/libintl.h:39:14: error: expected unqualified-id before 'const'
39 | extern char *gettext (const char *__msgid)
| ^~~~~~~
/home/buildroot/instance-0/output-1/host/microblazeel-buildroot-linux-gnu/sysroot/usr/include/libintl.h:39:14: error: expected ')' before 'const'
../src/i18n.h:22:20: note: to match this '('
22 | #define gettext(x) (x)
| ^
[80/102] Compiling C++ object ncmpc.p/src_xterm_title.cxx.o
[81/102] Compiling C++ object ncmpc.p/src_db_completion.cxx.o
[82/102] Compiling C++ object ncmpc.p/src_signals.cxx.o
ninja: build stopped: subcommand failed.
make: *** [package/pkg-generic.mk:273: /home/buildroot/instance-0/output-1/build/ncmpc-0.49/.stamp_built] Error 1
make: Leaving directory '/home/buildroot/instance-0/buildroot'
Starting GCC14 the C++ standard library includes libintl.h that contains
a definition of gettext which caused a clash with the definition present
in ncmpc. This patch resolved this build error seen in [1] by
backporting an upstream commit [2] that renamed the internal gettext
implementation.
Applying the commits of [2], fixes the build error [1].
[1] https://autobuild.buildroot.org/results/cb2/cb292f2c99cdca742a8f52dbfc25f193fe513c6e/build-end.log
[2] https://github.com/MusicPlayerDaemon/ncmpc/commit/249b62fc9f5e3a653ebdd22da0d75fbe87069457
Fixes: https://autobuild.buildroot.org/results/cb2/cb292f2c99cdca742a8f52dbfc25f193fe513c6e/build-end.log
Signed-off-by: Tim Soubry <tim.soubry@mind.be>
[Julien:
- mention gcc-14 in commit title
- remove patch numbering to fix check-package error
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
With gcc 15-20241117 compile fails with the below error, update the
do_version declaration to match the header in command.h
../../parted/parted.c: In function '_init_commands':
../../parted/parted.c:2469:9: error: passing argument 2 of 'command_create' from incompatible pointer type [-Wincompatible-pointer-types]
2469 | do_version,
| ^~~~~~~~~~
| |
| int (*)(void)
In file included from ../../parted/parted.c:28:
../../parted/command.h:35:39: note: expected 'int (*)(PedDevice **, PedDisk **)' {aka 'int (*)(struct _PedDevice **, struct _PedDisk **)'} but argument is of type 'int (*)(void)'
35 | int (*method) (PedDevice** dev, PedDisk** diskp),
| ~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Upstream: https://cgit.git.savannah.gnu.org/cgit/parted.git/commit/?id=16343bda6ce0d41edf43f8dac368db3bbb63d271
Fixes:
https://autobuild.buildroot.org/results/283f52d50ffef91d82a1bdc1f4dde1d54c5ffc23/build-end.log
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
[Julien: reword commit title]
Signed-off-by: Julien Olivain <ju.o@free.fr>
This is just a minor upgrade for fixed deprecation warning
Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
[Julien: fix hash file spacing to resolve check-package error]
Signed-off-by: Julien Olivain <ju.o@free.fr>
nilfs-utils provides an "nilfs.h" header file and libnilfs.so that other
packages which depend upon it may require in order to build.
Signed-off-by: Matt Silva <dev@matt-silva.com>
[Romain: add libnilfs.so in commit log]
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Building at91bootstrap3 with GCC 15 fails with:
include/types.h:23:23: error: ‘bool’ cannot be defined via ‘typedef’
23 | typedef unsigned char bool;
| ^~~~
include/types.h:23:23: note: ‘bool’ is a keyword with ‘-std=c23’ onwards
This is due to GCC 15 defaulting to the C23 language dialect.
Signed-off-by: Edgar Bonet <bonet@grenoble.cnrs.fr>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
It is a portable Python 3.x interpreter, written in C11. It has no
dependencies other than the C standard library, which can be easily
integrated into your C/C++ project
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
LoongArch64 emulation system / user emulation is supported
by QEMU.
Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
LoongArch64 OVMF target is introduced to EDK2 in edk2-202408.
Enable architecture support here.
Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Reviewed-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Introduce bread new loongarch64-efi board, with skeleton
from aarch64-efi board.
It corverd most LoongArch64 systems.
Linux 6.12, as the most recent LTS kernel, was chosen
to ensure proper architecture support is included.
This board config is validated on my Lemote A2101
Loongson 3A5000 board.
A developer entry is created for myself for future contacts
as well.
Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Reviewed-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
loongarch64-efi target presents in GRUB can be utilised
by any EFI compatible LoongArch64 machine to boot kernel.
Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Reviewed-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
vmlinux.efi and vmlinuz.efi are standard file names for LoongArch
EFISTUB kernel.
Introduce them to build system.
Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Reviewed-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Glibc introduced LoongArch64 support in 2.36, it requires kernel
5.19 to build.
Unselect BR2_ARCH_HAS_NO_TOOLCHAIN_BUILDROOT to reflect we can
build the toolchain.
Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Reviewed-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Introduce LoongArch64 at architecture level.
Config.in.loongarch is prepared for possible loongarch32
enablement in future, thus BR2_ARCH_IS_64 is being depended
by some 64bit only options.
Internal toolchain is supported, as our minimal binutils
version is already beyond LoongArch minimal version and
GCC option is limited by BR2_ARCH_NEEDS_GCC_AT_LEAST_12.
BR2_ARCH_HAS_NO_TOOLCHAIN_BUILDROOT is selected temporary
and it's going to be rmoved after we gain libc support.
Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
[Julien: fix typo in Kconfig BR2_LOONGARCH_ABI_LP64S prompt
replace "lp64d" by "lp64s"]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Since the mbedtls bump to v3.6 [1] the bmx7 package is failling on the
autobuilder:
```
/workdir/instance-0/output-1/host/bin/xtensa-buildroot-linux-uclibc-gcc -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -mlongcalls -mauto-litpools -Os -g3 -pedantic -W -Wall -Wstrict-prototypes -Wno-unused-parameter -Os -g3 -std=gnu99 -DGIT_REV=\"0\" -DAVL_5XLINKED -DDEBUG_MALLOC -DCORE_LIMIT=20000 -pedantic -W -Wall -Wstrict-prototypes -Wno-unused-parameter -Os -g3 -std=gnu99 -DGIT_REV=\"0\" -DAVL_5XLINKED -DDEBUG_MALLOC -DCORE_LIMIT=20000 -c crypt.c -o crypt.o
crypt.c:66:10: fatal error: mbedtls/compat-1.3.h: No such file or directory
66 | #include "mbedtls/compat-1.3.h"
| ^~~~~~~~~~~~~~~~~~~~~~
compilation terminated.
```
This patch includes a set of upstream patches that address the
compatibility with the v3.6 of mbedtls.
[1] 3481a9643f package/mbedtls: bump to version 3.6.3.1
Fixes: https://autobuild.buildroot.org/results/b77/b776e34d1c5bc3904ea7138bd6c4ac17a1f0fd34/
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Since the mbedtls bump to v3.6 [1] the shadowsocks-libev package is
failling on the autobuilder:
```
checking for mbedtls_cipher_setup in -lmbedcrypto... yes
checking whether mbedtls supports Cipher Feedback mode or not... configure: error: MBEDTLS_CIPHER_MODE_CFB required
make: *** [package/pkg-generic.mk:263: /workdir/instance-0/output-1/build/shadowsocks-libev-3.3.5/.stamp_configured] Error 1
make: Leaving directory '/workdir/instance-0/buildroot'
```
This is due to the breaking changes in the mbedtls API with the version
bump.
This patch adds the upstream patch [2] that address this issue by verifying
conditionally the version of mbedtls we are running on to make the API
calls and includes.
[1] 3481a9643f package/mbedtls: bump to version 3.6.3.1
[2] https://github.com/shadowsocks/shadowsocks-libev/commit/9afa3cacf947f910be46b69fc5a7a1fdd02fd5e6#
Fixes: https://autobuild.buildroot.org/results/070/070581d95f2739cee3b4cb8252639dd92b5a8421
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
When SIGINT is issued for a package test run, it will abort the active
toolchain run then proceed to the next. If a user is running the entire
default toolchain set (`-a`), they can be required to invoke SIGINT
multiple times to stop a run.
This commit uses a SIGINT hook to flag a shutdown state and stop further
attempts to run anymore toolchain tests.
Signed-off-by: James Knight <git@jdknight.me>
Signed-off-by: Julien Olivain <ju.o@free.fr>
When running check-package before completing commits for a change, if
any files are setup for removal, check-package will throw
FileNotFoundError exceptions instead of generating a warning state. For
example:
$ utils/docker-run make check-package
Traceback (most recent call last):
...
FileNotFoundError: [Errno 2] No such file or directory: 'package/.../0001-some-removed-patch.patch'
make: *** [Makefile:1264: check-package] Error 1
This commit will now catch FileNotFoundError and populate a warning
message:
$ utils/docker-run make check-package
package/.../0001-some-removed-patch.patch: missing; unstaged file removal?
package/.../0002-another-removed-patch.patch: missing; unstaged file removal?
427843 lines processed
3 warnings generated
make: *** [Makefile:1264: check-package] Error 1
Signed-off-by: James Knight <git@jdknight.me>
Reviewed-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Import all security patches from OpenEmbedded for libsoup.
This fixes the following 18 known vulnerabilities:
- CVE-2024-52530:
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some
configurations because '\0' characters at the end of header names are
ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the
same as a "Transfer-Encoding: chunked" header.
https://www.cve.org/CVERecord?id=CVE-2024-52530
- CVE-2024-52531:
GNOME libsoup before 3.6.1 allows a buffer overflow in applications that
perform conversion to UTF-8 in soup_header_parse_param_list_strict.
There is a plausible way to reach this remotely via
soup_message_headers_get_content_type (e.g., an application may want to
retrieve the content type of a request or response).
https://www.cve.org/CVERecord?id=CVE-2024-52531
- CVE-2024-52532:
GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption.
During the reading of certain patterns of WebSocket data from clients.
https://www.cve.org/CVERecord?id=CVE-2024-52532
- CVE-2025-2784:
Libsoup: heap buffer over-read in `skip_insignificant_space`
when sniffing content
https://www.cve.org/CVERecord?id=CVE-2025-2784
- CVE-2025-4476:
Libsoup: null pointer dereference in libsoup may lead to denial of service
https://www.cve.org/CVERecord?id=CVE-2025-4476
- CVE-2025-4948:
Libsoup: integer underflow in soup_multipart_new_from_message() leading to
denial of service in libsoup
https://www.cve.org/CVERecord?id=CVE-2025-4948
- CVE-2025-4969:
Libsoup: off-by-one out-of-bounds read in find_boundary() in soup-multipart.c
https://www.cve.org/CVERecord?id=CVE-2025-4969
- CVE-2025-32050:
Libsoup: integer overflow in append_param_quoted
https://www.cve.org/CVERecord?id=CVE-2025-32050
- CVE-2025-32052:
Libsoup: heap buffer overflow in sniff_unknown()
https://www.cve.org/CVERecord?id=CVE-2025-32052
- CVE-2025-32053:
Libsoup: heap buffer overflows in sniff_feed_or_html() and
skip_insignificant_space()
https://www.cve.org/CVERecord?id=CVE-2025-32053
- CVE-2025-32906:
Libsoup: out of bounds reads in soup_headers_parse_request()
https://www.cve.org/CVERecord?id=CVE-2025-32906
- CVE-2025-32910:
Libsoup: null pointer deference on libsoup via /auth/soup-auth-digest.c
through "soup_auth_digest_authenticate" on client when server omits the
"realm" parameter in an unauthorized response with digest authentication
https://www.cve.org/CVERecord?id=CVE-2025-32910
- CVE-2025-32911:
Libsoup: double free on soup_message_headers_get_content_disposition()
through "soup-message-headers.c" via "params" ghashtable value
https://www.cve.org/CVERecord?id=CVE-2025-32911
- CVE-2025-32912:
Libsoup: null pointer dereference in client when server omits the "nonce"
parameter in an unauthorized response with digest authentication
https://www.cve.org/CVERecord?id=CVE-2025-32912
- CVE-2025-32913:
Libsoup: null pointer dereference in
soup_message_headers_get_content_disposition when "filename" parameter is
present, but has no value in content-disposition header
https://www.cve.org/CVERecord?id=CVE-2025-32913
- CVE-2025-32914:
Libsoup: oob read on libsoup through function
"soup_multipart_new_from_message" in soup-multipart.c leads to crash or
exit of process
https://www.cve.org/CVERecord?id=CVE-2025-32914
- CVE-2025-46420:
Libsoup: memory leak on soup_header_parse_quality_list() via soup-headers.c
https://www.cve.org/CVERecord?id=CVE-2025-46420
- CVE-2025-46421:
Libsoup: information disclosure may leads libsoup client sends authorization
header to a different host when being redirected by a server
https://www.cve.org/CVERecord?id=CVE-2025-46421
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Fix the patch message so that it includes the "Upstream:" tag expected by
check-package, and remove this file from the check-package ignore list.
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Commit [1] introduced a patch addressing CVE-2021-23159. Since then,
CVE-2023-34432 ([2]) remained the only unresolved CVE reported
against the sox package in pkg-stat. This patch adds CVE-2023-34432
to the list of ignored CVEs for sox, based on the report from the
Debian Security Tracker ([3]) and the sox issue tracker ([4]), both
indicate that the patch introduced in [1] also resolves this CVE.
[1] 14aa0f5ec1 package/sox: add fix for CVE-2021-23159, CVE-2021-23172, CVE-2023-34318
[2] https://nvd.nist.gov/vuln/detail/CVE-2023-34432
[3] https://security-tracker.debian.org/tracker/CVE-2023-34432
[4] https://sourceforge.net/p/sox/bugs/367/
Signed-off-by: Tim Soubry <tim.soubry@mind.be>
[Julien: change commit ref [1] to use commit id from master branch]
Signed-off-by: Julien Olivain <ju.o@free.fr>
The following error appeared on the autobuilder for host using
host-gcc15:
```
p11_attr.c: In function 'pkcs11_addattr_bool':
p11_attr.c:126:25: error: expected identifier or '(' before 'true'
126 | static CK_BBOOL true = CK_TRUE;
| ^~~~
p11_attr.c:127:25: error: expected identifier or '(' before 'false'
127 | static CK_BBOOL false = CK_FALSE;
| ^~~~~
p11_attr.c:128:44: error: lvalue required as unary '&' operand
128 | pkcs11_addattr(tmpl, type, value ? &true : &false, sizeof(CK_BBOOL));
| ^
p11_attr.c:128:52: error: lvalue required as unary '&' operand
128 | pkcs11_addattr(tmpl, type, value ? &true : &false, sizeof(CK_BBOOL));
| ^
make[3]: *** [Makefile:646: libp11_la-p11_attr.lo] Error 1
```
This is due to the change in the default C language version in GCC15.
This patch backport the upstream patch that fix that issue by not using
the keywords.
Fixes: https://autobuild.buildroot.org/results/da7/da71db9b04f181b9d2e72df73ac8541709f5a1d4
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This gives a proper cpe-id string to the tailscale buildroot package
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This fixes the following vulnerabilities:
- CVE-2023-4256:
Within tcpreplay's tcprewrite, a double free vulnerability has been
identified in the tcpedit_dlt_cleanup() function within
plugins/dlt_plugins.c. This vulnerability can be exploited by
supplying a specifically crafted file to the tcprewrite binary. This
flaw enables a local attacker to initiate a Denial of Service (DoS)
attack.
https://www.cve.org/CVERecord?id=CVE-2023-4256
- CVE-2023-43279:
Null Pointer Dereference in mask_cidr6 component at cidr.c in
Tcpreplay 4.4.4 allows attackers to crash the application via crafted
tcprewrite command.
https://www.cve.org/CVERecord?id=CVE-2023-43279
- CVE-2024-22654:
tcpreplay v4.4.4 was discovered to contain an infinite loop via the
tcprewrite function at get.c.
https://www.cve.org/CVERecord?id=CVE-2024-22654
See the release notes:
https://github.com/appneta/tcpreplay/releases/tag/v4.5.1
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The website URL was outdated, resulting in an HTTP error 403 Forbidden
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This bump includes 23 minor or patch-level releases, mostly containing
bugfixes, and improvements on many filesystem backends and translations.
Specifically for the Buildroot package:
- Switch from libsoup (v2) to libsoup3, since gvfs v1.49.90
- Drop patch applied upstream
- Explicitely disable goa (gnome-online-accounts) which is enabled by default
in meson_options.txt
See the upstream changelog:
https://gitlab.gnome.org/GNOME/gvfs/-/blob/1.57.2/NEWS
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
[Julien: remove .checkpackageignore entry to fix check-package error]
Signed-off-by: Julien Olivain <ju.o@free.fr>
This is a small bugfix release, mainly containing event handling fixes
for Wayland, and the possibility to explicitly configure the gamepad
support at build time.
Release notes:
https://wpewebkit.org/release/cog-0.18.5.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This logic is to prepare for future gcc versions and their new
supported CPUs. As of today, gcc 15 is the latest gcc version
and all architectures and CPUs in Buildroot are supported by
this version.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
The daq package fails to build with GCC14 toolchains:
```
daq_nfq.c: In function 'SetPktHdr':
daq_nfq.c:395:37: error: passing argument 2 of 'nfq_get_payload' from incompatible pointer type [-Wincompatible-pointer-types]
395 | int len = nfq_get_payload(nfad, (char**)pkt);
| ^~~~~~~~~~~
| |
| char **
```
The issue can be reproduced with the following config:
```
cat > daq.config <<EOF
BR2_arm=y
BR2_cortex_a7=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_PACKAGE_DAQ=y
BR2_PACKAGE_LIBDNET=y
BR2_PACKAGE_LIBNETFILTER_QUEUE=y
EOF
```
This patch port a patch taken from openembedded meta-networking [1] and
is tested with test-pkg:
```
$ ./utils/test-pkg -c daq.config -p daq
```
[1] https://layers.openembedded.org/layerindex/recipe/37594/
Fixes: https://autobuild.buildroot.org/results/c69/c69ab134463a18eec65ded836aecf89a5cb4a75c/build-end.log
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
For release note, see:
https://github.com/urllib3/urllib3/releases/tag/2.5.0
This fixes the following vulnerabilities:
- CVE-2025-50181:
urllib3 redirects are not disabled when retries are disabled on
PoolManager instantiation
- CVE-2025-50182:
urllib3 does not control redirects in browsers and Node.js
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
[Julien: add link to release note in commit log]
Signed-off-by: Julien Olivain <ju.o@free.fr>
This fixes the following vulnerability:
- CVE-2023-34194:
StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML
through 2.6.2 has a reachable assertion (and application exit) via a
crafted XML document with a '\0' located after whitespace.
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The syslinux runtime test (which is in fact a build-only test) ensures
that syslinux does get build at least once a week (via the gitlab-CI
weekly pipeline). Runtime testing would need much more work, though, but
nothing in syslinux is currently runtime tested anyway.
Reported-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The following error occurs on the autobuilder for builds with musl
libc.
```
CC util/bitmap.o
In file included from include/linux/bitmap.h:7,
from util/bitmap.c:9:
include/linux/bitops.h:4:10: fatal error: bits/wordsize.h: No such file or directory
4 | #include <bits/wordsize.h>
| ^~~~~~~~~~~~~~~~~
```
The error occurs because bits/wordsize.h is specific to glibc.
This patch applies an upstream fix that replaces the use of __WORDSIZE
with an internal macro, making the code portable across different libc.
Fixes: https://autobuild.buildroot.org/results/30d/30d6e407e6a0fc7d85062c2d56008755c70ca733/build-end.log
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The 0.192 release of elfutils introduced the src/srcfiles.cxx program,
that lists all source files of a given ELF binary. As this is a C++
program, we need a toolchain that supports it.
Without it, the build system tries to use "no" as the CXX compiler,
resulting in the following errors :
/bin/sh: line 1: no: command not found
as can be seen here for example :
https://autobuild.buildroot.net/results/849/849221c794a469a423857a290db775d150b84900
Add a dependency to a CPP toolchain for the elfutils programs.
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The elfutils programs require Glibc to be used as the C library. Show a
comment when this libc isn't used in the toolchain.
Suggested-by: Yann E. MORIN <yann.morin@orange.com>
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This package provides a reference, functional implementation of a
registry for distributing container images. Formerly the Docker
registry, it now also handles OCI images, so can be used to distribute
all kinds of container related images: classic Docker images, OCI
images, but also helms [0] and the likes, which are also packages as OCI
images in fact.
The upstream name of the package is just "distribution" [1], but this is
a bit too generic and unsearchable; distributions like Debian and Ubuntu
traditionally provides it as the "docker-registry" package, but this is
now misleading as it is not just for Docker anymore. So we decided to
name it "distribution-registry": it contains the upstream name and will
be searchable with the 'registry' part as well.
The built executable is named "registry", which is also a bit too
generic. Again, for the same reasons as above, we name it
"distribution-registry"; this also incidentally makes our golang-package
infra "just work" and do the right thing when it installs the package.
The upstream package provides a wrapper Makefile to build the package,
but it does not do more than our infra already does; the only little nit
is that it allows updating the version file (with git infra et al.). We
can just ignore that and update the version ourselves.
We also provide a minimalist configuration file: it exposes the registry
to localhost only, as a security measure. This file will have to be
overridden (e.g. in a rootfs-overlay) with proper authentication, and
with further locally meaningful setup anyway.
Finally, we also implement a run-time test that validates that we can
push and pull images to/from the registry. Since the registry is a big
go package, it takes time to start, so wait for it a little bit (and yet
a little bit more after it starts logging), and increase the timeouts
for commands that deal with the registry.
For this simple test, the registry is directly exposed with plain HTTP,
not HTTPS, so we must declare it as insecure, so that container tools
can reach it without custom options (e.g. without using skopeo's
--{src,dest}-tls-verify=false options).
We re-use skopeo to talk to the registry. This allows us to grab an
image from the Docker hub registry, and push it to our local registry,
then retrieve it back. Since we want to diffferentiate failures to grab
the image from the Docker Hub [2], from failures to push to our
registry, we do it in two steps: copy from Docker Hub to a local OCI
image, then push that to our registry.
Since both distribution-registry and skopeo are big go-based, statically
linked binaries, running both in the standard virtual machine does not
work: the 256MiB emulated in vexpress are not enough and cause segfaults
when running both at once. The vexpress also only accepts at most
256MiB, so we must use another machine; we decided to use the same as is
used by the podman teest case, which allows at least 1Gib, which is now
enough.
[0] https://helm.sh/
[1] https://github.com/distribution/distribution
[2] in case we reach the 100-pulls-a-day limitation
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Cc: Christian Stewart <christian@aperture.us>
Signed-off-by: Julien Olivain <ju.o@free.fr>
... and extend the skopeo runtime test to make use of those.
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The container/image repository is the standards regpository that drives
the image management in container tools, like podman or skopeo. Besides
a Go library, it also prodvides the template configuration files used
by those tools; those files can also serve as default ones.
Install those files instead of the canned ones we cary in podman, and
change podman to use this new package too.
The registry file needs a fixup, as it by default does not allow
searching unqualified images (i.e. those that do not contain a registry
name) in a default registry, for security reasons. However, the Docker
Hub is traditionally a registry that can be accessed without being
specified, so we make that possible.
As was noted in ebbaac08e3 (package/podman: new package), "[p]roviding
actual files is going to be use-case dependent, and interested parties
will have to provide their own config files, e.g. in a rootfs overlay."
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
For release note, see:
https://dev.gnupg.org/T7166
This version fixes a build error which can happen with 32-bit arm
configurations.
The issue can be reproduced with commands:
cat >.config <<EOF
BR2_arm=y
BR2_cortex_a8=y
BR2_ARM_INSTRUCTIONS_THUMB2=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_PACKAGE_LIBGCRYPT=y
EOF
make olddefconfig
make libgcrypt
Build is failing with output:
ec-nist.c: In function '_gcry_mpi_ec_nist256_mod':
ec-inline.h:902:5: error: 'asm' operand has impossible constraints or there are not enough registers
902 | __asm__ ("subs %3, %7, %10\n" \
| ^~~~~~~
Details for this buggix: https://dev.gnupg.org/T7226
Signed-off-by: Bram Oosterhuis <dev@bybram.com>
[Julien: reword commit log]
Signed-off-by: Julien Olivain <ju.o@free.fr>
lpxelinux is like pxelinux, except it allows retrieving the files for
the kernel (with the KERNEL directive) and initrd (the path to initrd=
in the APPEND directive) from FTP or HTTP, rather than just from TFTP.
Using HTTP or FTP is musch faster than TFTP, so the boot time for big
kernels or big initrds is much shorter than with TFTP.
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
[Julien: fix typo in commit title]
Signed-off-by: Julien Olivain <ju.o@free.fr>
syslinux is... special. It is a target package, but it is installed in
HOST_DIR *in the target install commands*: in addition to the boot files
that run on the target, syslinux installs a set of host tools that are
to be used at build time (e.g. extlinux, to prepare bootable media, like
an iso96660 image). Then, from HOST_DIR, the actual boot files are
copied into BINARIES_DIR (i.e. images/); we do it that way because the
boot files are scattered about everywhere in the build tree, while they
are all packed together in a single directory once installed.
However, there is no dependency between the target and image install
steps. So, when using top-level parallel builds, there is no guarantee
that the target install commands are finished before the image install
commands are started.
We fix that by first installing into a temporary location, as part of
the build step, and by then copying from there as part of the install
step. This ensures that the boot files are easily available, without
needing a dependency on the target install step, that we can't express.
Note that we do not change the actual installation into HOST_DIR: it can
be set up differently that our temporary location, and we do not want
to duplicate that setup here (it's going to diverge over time).
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
At the moment, package stats indicates that libmpeg2 is affected by
https://nvd.nist.gov/vuln/detail/CVE-2022-37416
However, this CVE applies to a completely different piece of software,
that has the same name "libmpeg2" [1].
To avoid the confusion, let's add a proper CPE vendor to Buildroot's libmpeg2.
The library itself does not clearly identify any vendor name, and there isn't
any existing CPE on the NVD website. Since this library is not updated for
many years (maybe even before the introduction of the CPE system), but the
code is somehow related to the Videolan project, let's add this as the
vendor, which sould solve the matched CVE issue.
[1] https://github.com/ittiam-systems/libmpeg2
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
[Julien: fix typo in commit title]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Strongswan allows to specify a path for PID and UNIX socket files at
compile time via the --with-piddir argument.
This is especially useful when Strongswan is running inside a container
where we may not want to share/mount the default path of /var/run inside
the container.
Let's add an option to configure the piddir.
Considering this is a critical path, let's add a default value to the
string option (which is currently the same as strongswan's default when
the option is missing) so that it is stable across strongswan releases
in Buildroot.
Signed-off-by: Martin Elshuber <martin.elshuber@theobroma-systems.com>
[Quentin: rewriting of commit title and commit log]
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Julien Olivain <ju.o@free.fr>
strongSwan allows to drop unneeded capabilities[1] after the IKE daemon
has been started, based on libcap, so let's allow that via a config
option.
While the "native" (capset) way of dropping capabilities is supported,
it is deprecated so its support is not added in Buildroot.
While the documentation specifically mentions the IKE daemon (charon) as
being the one impacted by this change, the ifdefery with this autotools
option exists in various libraries in the source code, hence why this is
kept independent from the charon Kconfig option status.
[1] https://docs.strongswan.org/docs/latest/install/reducedPrivileges.html#_dropping_capabilities
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The new test requires a br2-external directory because we compile a
small test program on the host and install it on the target, but it's
not useful to have it in the main Buildroot package tree.
The test program loads and parses a sample HTML document. Taking
inspiration from 'examples/get_title.c' in gumbo-parser, it also
searches for the title of the document just to check that we can do
more than the parsing.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Development on Google's GitHub repository has stopped a long time ago.
A fork exists on Codeberg, and multiple distributions (Fedora, Arch
Linux, ...) are already using it (see [1]).
Update the source URL to use the new upstream location.
The new upstream has a different hash for the 0.10.1 tarball, so
update it as well.
[1]: https://repology.org/project/gumbo-parser/versions
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This test verifies that we can run nginx with the modsecurity
directives.
It also checks a very simple rule that blocks requests containing the
keyword "blockme".
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
[Julien:
- add / at directory end in DEVELOPERS
- sort DEVELOPERS entries alphabetically
- remove unneeded test configs already present in
BASIC_TOOLCHAIN_CONFIG
- sort test config directives alphabetically
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Backport the upstream patch that fixes the following build error when
compiling for mips with gcc 15:
In file included from mips-opc.c:29:
mips-opc.c: In function 'decode_mips_operand':
mips-formats.h:86:7: error: expected identifier or '(' before
'static_assert'
86 | static_assert[(1 << (SIZE)) == ARRAY_SIZE (MAP)]; \
| ^~~~~~~~~~~~~
The patch is already part of upstream binutils 2.44, so we only need
it for 2.42 and 2.43.1.
All 3 versions we have of host-binutils were build-tested using the
defconfig from the autobuilder failure (see the link below) and gcc 15
on the host.
Fixes:
- https://autobuild.buildroot.org/results/873/873ec25cf01d5f2b9ae7044e0b1d8d8791b781e6/
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The upstream Github repository payden/libwebsock is no longer available,
and its URL now redirects to some completely unrelated software.
We don't know for sure what happened, but at least the package does not
build anymore, because its source code has vanished.
Since no other buildroot package depends on libwebsock, and it hasn't
received any update; let's simply remove it from here.
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This fixes the following CVE:
- CVE-2025-29481:
Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to
execute arbitrary code via the bpf_object__init_prog` function of libbpf.
Fixes:
https://www.cve.org/CVERecord?id=CVE-2025-29481
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
[Julien: add direct link to CVE in commit log]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Actually DTB_LIST accepts only file and not files with relative path
preprended. This leads to have vfat without .dtb files and so Linux
doesn't start. Let's fix this by including slash in sed command as done
for mxc as well as basename in front of $dt.dtb to remove possible
useless folders present in the dts path. Let's also add set -e at the
top of the script to make it more verbose on error and modify this
section according to spellcheck as done for mxc.
This commit align this "mxs/post-image.sh" with its "imx/post-image.sh"
counterpart which was improved for arm64 in commit [1].
[1] https://gitlab.com/buildroot.org/buildroot/-/commit/4755bf2bd43a7b4c3bf4f88be790240a01b3116f
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
[Julien:
- change space indentation to tabs for consistency
- add note in commit log about imx/post-image.sh
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
This patch allows to use an external toolchain based on gcc 15.
Signed-off-by: Edgar Bonet <bonet@grenoble.cnrs.fr>
[Julien: change spaces to tabs to fix check-package errors]
Signed-off-by: Julien Olivain <ju.o@free.fr>
gnu-efi fails to build if TOPDIR is exported in the environment since the
move to version 3.0.18 in commit 9efeb7e914 ("package/gnu-efi: bump to
version 3.0.18").
The reason is the change in TOPDIR logic introduced by upstream commit
31913f8489 ("Make: make TOPDIR actually work and get rid of unused CDIR"):
https://github.com/ncroxon/gnu-efi/commit/31913f8489f8e6eb624b6447d2e5cf1f6367bebf
export TOPDIR=foo; make gnu-efi
...
/path/to/buildroot/output-gnuefi/host/bin/aarch64-linux-ld: cannot find
/path/to/buildroot/output-gnuefi/build/gnu-efi-4.0.0//apps/../aarch64/gnuefi/crt0-efi-aarch64.o:
No such file or director
make[2]: *** [Makefile:89: apps] Error 2
make[1]: *** [package/pkg-generic.mk:273: /path/to/buildroot/output-gnuefi/build/gnu-efi-4.0.0/.stamp_built] Error 2
make: *** [Makefile:23: _all] Error 2
As a workaround, unexport TOPDIR like we do for other sensitive environment
variables.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The list of environment variables to unexport has grown organically over the
years and is no longer sorted. Sort it alphabetically for clarity.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The current homepage URL leads to an HTTP 404 error.
Fix it by using the homepage URL currently mentioned in mupdf's git
repository.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Following the bump of systemd to 257.5 in commit
7d8d48cd2b, the installation of
systemd-boot fails with:
/usr/bin/install -D -m 0644 /home/thomas/projets/buildroot/outputs/3/build/systemd-257.5/buildroot-build/src/boot/efi/systemd-bootx64.efi /home/thomas/projets/buildroot/outputs/3/images/efi-part/EFI/BOOT/bootx64.efi
/usr/bin/install: cannot stat '/home/thomas/projets/buildroot/outputs/3/build/systemd-257.5/buildroot-build/src/boot/efi/systemd-bootx64.efi': No such file or directory
Indeed, the systemd-bootx64.efi binary is no longer produced in
buildroot-build/src/boot/efi/, but in buildroot-build/src/boot/.
No autobuilder failures have been found corresponding to this issue,
but it can be reproduced with:
BR2_x86_64=y
BR2_x86_corei7=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN_X86_64_CORE_I7_GLIBC_BLEEDING_EDGE=y
BR2_INIT_SYSTEMD=y
BR2_SYSTEM_BIN_SH_NONE=y
BR2_SYSTEM_DEFAULT_PATH="/bin:/sbin:/usr/bin:/usr/sbin"
# BR2_PACKAGE_BUSYBOX is not set
BR2_PACKAGE_SYSTEMD_BOOT=y
# BR2_TARGET_ROOTFS_TAR is not set
Most likely this was caused by upstream commit
97318131fd06a5bc35454da81dcbbc84f16d9940, even though we didn't check
if this commit was really the culprit.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Commit 0fce7a9623 ("package/libcurl: fix build w/ threads + c-ares") added a
conditional for threads + c-ares, but ended up with a end-parenthesis too
many - so the condition is never true. Fix that.
Reported-by: Tibault Damman <tibault.damman@basalte.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is the first tagged version of the package, so replace commit SHA
with version tag.
Change log since last version bump:
d8a8358a7207 mmc-utils: Pass key_mac buffer to rpmb_get_key()
a23ad7875b89 mmc-utils: Start to use the generic print_usage function
e769d44ecb77 mmc-utils: Introduce a generic print_usage function
6586fa5535dc mmc-utils: Simplify and streamline print_help function
ec75d4b3b671 mmc-utils: Remove unused adv_help member from struct Command
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Reviewed-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In Linux v6.8, the rtla Makefile was rewritten :
01474dc706ca ("tools/rtla: Use tools/build makefiles to build rtla")
The new Makefile uses default linker values, so the host linker being used to
produce the final rtla binary.
This results in the following error :
ld: [...] trace.o: error adding symbols: file in wrong format
Add LD=$(TARGET_LD) to the RTLA_MAKE_OPTS to fix rtla cross-compilation.
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
Reviewed-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
According to
https://lists.samba.org/archive/samba-technical/2025-June/139484.html:
A new update, version 7.4, of cifs-utils has been released today.
Users of cifs-utils version 7.3 on older kernels are encouraged to
update to 7.4 since it includes a fix for a mount problem with version
7.3 of cifs-utils on older kernels when using namespaces.
[...]
Detailed list of changes since version 7.3 was released
----------------------------------------------------------------
Enzo Matsumiya (1):
mount.cifs: retry mount on -EINPROGRESS
Henrique Carvalho (1):
cifs.upcall: correctly treat UPTARGET_UNSPECIFIED as UPTARGET_APP
Paulo Alcantara (1):
cifs.upcall: fix memory leaks in check_service_ticket_exits()
Pavel Shilovsky (1):
cifs-utils: bump version to 7.4
Z. Liu (2):
getcifsacl, setcifsacl: use <libgen.h> for basename
cifscreds: use <libgen.h> for basename
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Buildroot commit 8f69974c20 switched the
buildsystem of mpv from waf to meson but forgot to remove a patch which
fixed a waf-related build error.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Update to the current release. We now need the recently added
vulkan-sdk to have access to the volk loader. Update the depends
comments appropriately.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
[Julien:
- reword commit log title to use bash brace-expansion style
- remove "vulkan-sdk" from Kconfig comment
- remove newline before Kconfig help section
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
The principle component of this is the new volk meta-loader which is
required for more recent versions of vulkan-tools. There does seem to
be a little confusion with github Releases lagging behind tagged
versions of the sdk. I've gone for the latest SDK version to stay as
closely aligned to the rest of the system as I can.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
[Julien: remove _SOURCE to fix a check-package warning]
Signed-off-by: Julien Olivain <ju.o@free.fr>
This version bump is needed for compatibility with the upcoming bump of
ffmpeg to version 7.1.x.
Use the new configure option disable_rpi_features to allow building for
non-rbpi defconfigs.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
[Julien: use "git describe --tags --abbrev=40" format in _VERSION]
Signed-off-by: Julien Olivain <ju.o@free.fr>
See changelog:
https://github.com/KhronosGroup/glslang/blob/15.3.0/CHANGES.md
Fixes build issue: error: ‘uint32_t’ has not been declared, encountered
on GCC v15, caused by cstdint not being implicitly included.
https://bugs.gentoo.org/937261
This commit also adds host-spriv-tools in _DEPENDENCIES to use the
version packaged in Buildroot. It also adds
ALLOW_EXTERNAL_SPIRV_TOOLS=ON in _CONF_OPTS, which was added in upstream
commit [1], introduced in version 13.0.0.
Also, when trying to build this python-glslang version 15.3.0 on a host
providing cmake < 3.26, the configuration fails with the error message:
CMake Error at CMakeLists.txt:345 (add_test):
Error evaluating generator expression:
$<TARGET_RUNTIME_DLL_DIRS:spirv-remap>
Expression did not evaluate to a known generator expression
This happens in the Buildroot docker reference image, which provides a
cmake version 3.25. To workaround this issue which happen in glslang
testing code, this commit disable those tests by adding
GLSLANG_TESTS=OFF in _CONF_OPTS.
[1] https://github.com/KhronosGroup/glslang/commit/3805888a57c07904b6bbdec639bfe5f078e26342
Signed-off-by: Joseph Kogut <joseph.kogut@gmail.com>
[Julien:
- resolve merge conflict
- update changelog link to use version tag
- disable glslang tests
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
As Benetti Engineering I keep contributing since 8 years more or less on
many packages and I've learnt a lot by joining this community. Most of all
I've received precious reviews from maintainers of today and yesterday.
Also, finally I've found some time to create my company logo and so let's
add Benetti Engineering to commercial support using LinkedIn page as
placeholder until the final website will be ready.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Acked-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The squashfs 4.6.1 archive hash has been changed suddenly two weeks
ago by Github without any intended changes from the squashfs maintainer
[1].
The orginal squashfs 4.6.1 archive has been manually uploaded again.
Update the URL to download the archive that match the expected hash.
Since we don't use the github download helper anymore, the squashfs
archive name is changed from squashfs-4.6.1.tar.gz to
squashfs-tools-4.6.1.tar.gz.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/10355448207
(and many more...)
See:
[1] https://github.com/plougher/squashfs-tools/issues/313
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Add fix to build with cmake 4.x.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
[Julien: use "git describe --tags --abbrev=40" format in _VERSION]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Patch has been pending upstream for a while [1], Alpine has merged an
older version that includes some whitespace damage but is functionally
equivalent.
[1] https://github.com/jpirko/libndp/pull/29
Signed-off-by: Fiona Klute (WIWA) <fiona.klute@gmx.de>
Signed-off-by: Julien Olivain <ju.o@free.fr>
REMI hasn't received new release since July 2022 and is currently broken
with error:
Traceback (most recent call last):
File "<string>", line 26, in <module>
File "/workdir/instance-0/output-1/host/lib/python3.13/site-packages/setuptools/__init__.py", line 116, in setup
_install_setup_requires(attrs)
~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^
File "/workdir/instance-0/output-1/host/lib/python3.13/site-packages/setuptools/__init__.py", line 89, in _install_setup_requires
_fetch_build_eggs(dist)
~~~~~~~~~~~~~~~~~^^^^^^
File "/workdir/instance-0/output-1/host/lib/python3.13/site-packages/setuptools/__init__.py", line 94, in _fetch_build_eggs
dist.fetch_build_eggs(dist.setup_requires)
~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^
File "/workdir/instance-0/output-1/host/lib/python3.13/site-packages/setuptools/build_meta.py", line 80, in fetch_build_eggs
raise SetupRequirementsError(specifier_list)
setuptools.build_meta.SetupRequirementsError: ['setuptools_scm']
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/workdir/instance-0/output-1/host/lib/python3.13/site-packages/pyproject_hooks/_in_process/_in_process.py", line 389, in <module>
main()
~~~~^^
File "/workdir/instance-0/output-1/host/lib/python3.13/site-packages/pyproject_hooks/_in_process/_in_process.py", line 373, in main
json_out["return_val"] = hook(**hook_input["kwargs"])
~~~~^^^^^^^^^^^^^^^^^^^^^^^^
File "/workdir/instance-0/output-1/host/lib/python3.13/site-packages/pyproject_hooks/_in_process/_in_process.py", line 143, in get_requires_for_build_wheel
return hook(config_settings)
File "/workdir/instance-0/output-1/host/lib/python3.13/site-packages/setuptools/build_meta.py", line 331, in get_requires_for_build_wheel
return self._get_build_requires(config_settings, requirements=[])
~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/workdir/instance-0/output-1/host/lib/python3.13/site-packages/setuptools/build_meta.py", line 301, in _get_build_requires
self.run_setup()
~~~~~~~~~~~~~~^^
File "/workdir/instance-0/output-1/host/lib/python3.13/site-packages/setuptools/build_meta.py", line 512, in run_setup
super().run_setup(setup_script=setup_script)
~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/workdir/instance-0/output-1/host/lib/python3.13/site-packages/setuptools/build_meta.py", line 317, in run_setup
exec(code, locals())
~~~~^^^^^^^^^^^^^^^^
File "<string>", line 31, in <module>
File "/workdir/instance-0/output-1/host/lib/python3.13/site-packages/setuptools/__init__.py", line 117, in setup
return distutils.core.setup(**attrs)
~~~~~~~~~~~~~~~~~~~~^^^^^^^^^
File "/workdir/instance-0/output-1/host/lib/python3.13/site-packages/setuptools/_distutils/core.py", line 148, in setup
_setup_distribution = dist = klass(attrs)
~~~~~^^^^^^^
File "/workdir/instance-0/output-1/host/lib/python3.13/site-packages/setuptools/dist.py", line 323, in __init__
_Distribution.__init__(self, dist_attrs)
~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^
File "/workdir/instance-0/output-1/host/lib/python3.13/site-packages/setuptools/_distutils/dist.py", line 309, in __init__
self.finalize_options()
~~~~~~~~~~~~~~~~~~~~~^^
File "/workdir/instance-0/output-1/host/lib/python3.13/site-packages/setuptools/dist.py", line 786, in finalize_options
ep(self)
~~^^^^^^
File "/workdir/instance-0/output-1/host/lib/python3.13/site-packages/setuptools/dist.py", line 806, in _finalize_setup_keywords
ep.load()(self, ep.name, value)
~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^
File "/workdir/instance-0/output-1/host/lib/python3.13/site-packages/setuptools_scm/_integration/setuptools.py", line 82, in version_keyword
assert isinstance(value, dict), "version_keyword expects a dict or True"
~~~~~~~~~~^^^^^^^^^^^^^
AssertionError: version_keyword expects a dict or True
ERROR Backend subprocess exited when trying to invoke get_requires_for_build_wheel
make: *** [package/pkg-generic.mk:273: /workdir/instance-0/output-1/build/python-remi-2022.7.27/.stamp_built] Error 1
make: Leaving directory '/workdir/instance-0/buildroot'
Since last release code has been corrected and now build end
successfully.
Another issue with remi is related to python CGI library no more available with
python 3.13. This patch also updates Config.in to add a select BR2_PACKAGE_PYTHON_LEGACY_CGI
This commit also updates the LICENSE file hash, because line ending
changed from "CR-LF" (Windows) in old release archive to "LF" (Unix)
in the github download. Apart from that, the content is the same.
Fixes:
- https://autobuild.buildroot.org/results/f0409533ebdc31e522f2ee2ea8a5acc11dbc7430/
- https://autobuild.buildroot.org/results/a16cf5105d4b726b5d4136a2d8f82abcfdc0faba/
- https://autobuild.buildroot.org/results/e7ac28e20ad92863d337e96c225463346ee6c690/
Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
[Julien:
- use "git describe --abbrev=40" format in _VERSION
- fix LICENSE hash
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
The readme.txt file for zynqmp boards does not have documentation for working
with custom boards. This patch adds documentation for custom board support.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The readme.txt file for zynq boards has some outdated information for the
custom board section. The custom ps7_init_gpl.c is now defined by
CONFIG_XILINX_PS_INIT_FILE and Buildroot always puts the Xilinx u-boot builds
in the output/build/uboot-custom directory.
This patch updates the instructions in the readme.txt file accordingly.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The readme.txt file for versal boards does not have documentation for working
with custom boards. This patch adds documentation for custom board support.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
rt_tgsigqueueinfo01.c compilation has been fixed in 20250130, don't
needed to be removed any more.
Fixes: 2bbcda7c0e ("package/ltp-testsuite: bump version to 20250130")
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Fixes: CVE-2024-47081
Fixed an issue where a maliciously crafted URL and
trusted environment will retrieve credentials for
the wrong hostname/machine from a netrc file.
Release notes: https://github.com/psf/requests/releases/tag/v2.32.4
Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
Signed-off-by: Julien Olivain <ju.o@free.fr>
python-glslang is a host-only package and the host-python3 dependency
was wrongly added as target dependency with buildroot commit
f9fe0cf8f6.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Since the comment about the xilinx-embeddedsw package needing a bare-metal
toolchain was moved to the start of the Config.in file, it is now printing
in make menuconfig for virtually all defconfigs.
By adding the same dependencies as the xilinx-embeddedsw package, the
comment will appear only when the xilinx-embeddedsw package is actually
selectable.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The following patch is specific to the Xilinx Linux 6.12.10 release, and will
not apply to all Linux 6.12 releases. Starting with the next release based on
Linux 6.12.30, this patch will already be included.
For this reason, it is better to change the directory name to linux_6.12.10,
so that it is clear that it is only to be used with the Xilinx 2025.1 release
based on Linux 6.12.10 and not future Linux 6.12 releases.
So this patch moves:
board/xilinx/linux_6.12/patches/linux/0001-include-uapi-linux-xlnx-ai-engine.h-fix-CONFIG_XILIN.patch
to:
board/xilinx/linux_6.12.10/patches/linux/0001-include-uapi-linux-xlnx-ai-engine.h-fix-CONFIG_XILIN.patch
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
With bootgen xilinx_v2025.1, the local FlexLexer.h file is not in the same
directory as the cpp files including it, so the previous patch used to solve
the issue below needs to be updated to find the local FlexLexer.h which is in
the win_include directory of bootgen version xilinx_v2025.1.
See upstream commit [1].
So this patch corrects the path for including the local FlexLexer.h header for
fixing the below issue.
Bootgen embeds an old version of flex, but uses the system include syntax
(#include <>) to reference it, causing conflicts on systems with the
development headers for a modern flex version installed, leading to build
issues like:
../bisonflex/bif.yy.cpp: In member function 'virtual int BIF::FlexScanner::yylex()':
../bisonflex/bif.yy.cpp:1608:18: error: no match for 'operator=' (operand types are 'std::istream' {aka 'std::basic_istream'} and 'std::istream*' {aka 'std::basic_istream*'})
This build failure can also happen if the host-flex Buildroot package
is built before host-bootgen.
The failure can be reproduced, in the Buildroot docker reference image
with the commands:
utils/docker-run
make versal_vck190_defconfig
make host-flex host-bootgen
Fix it by using normal local #include statements by:
sed -i 's/<FlexLexer.h>/"../win_include/FlexLexer.h"/g' *
Fixes: https://autobuild.buildroot.org/results/60220f94cca1bcca5667afcb2acffb5aacae048b
[1] https://github.com/Xilinx/bootgen/commit/86b862096bcbdb45d4ce1504ecfe90fb29f318a5#diff-0d754a86508dc8a894b72796966f332c0316942c5d5ab42ae6a0766dcfcb52dc
Signed-off-by: Neal Frager <neal.frager@amd.com>
[Julien: add extra info in commit log]
Signed-off-by: Julien Olivain <ju.o@free.fr>
The hash has for the license file been missing since the package was
introduced in commit 992d43b373 (package/docker-credential-gcr: new
package).
Add it now.
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The hash has for the license file been missing since the package was
introduced in commit e679cd4974 (package/docker-credential-acr-env:
new package)
Add it now.
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The hash has for the license file been missing since the package was
introduced in commit 9a95806225 (package/amazon-ecr-credential-helper:
new package).
Add it now.
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Commit fc7c7d74aa ("package/mesa3d: add RustiCL support") extended the
BR2_PACKAGE_MESA3D_OPENCL dependencies to include
BR2_PACKAGE_HOST_RUSTC_TARGET_ARCH_SUPPORTS &&
BR2_PACKAGE_MESA3D_RUSTICL_SUPPORTED_DRIVER) as an alternative provider.
This is correct as in the kconfig language && has a higher priority than ||,
E.G. A || B || C && D is parsed as A || B || (C && D)
https://docs.kernel.org/kbuild/kconfig-language.html#menu-dependencies
But it is somehat unclear, so add a parenthesis for clarity.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The 6.14.x series is now EOL upstream, so drop the linux-headers
option and add legacy handling for it.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Back port four upstream fixes for those issues:
- gpsprof could not log or dump GNSS messages; gpsprof is useful
to calbrate a GNSS receiver, especially when building a static
RTK base;
- the JSON blurb reported by gpsd was sometimes broken, causing
decoding errors in clients;
- the detection of 64-bit time on 32-bit systems was borked;
- UDP mode was borked;
The runtime test is extended to test all known transports: TCP, UDP,
and PTY.
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Now that all zynqmp and versal defconfigs have bumped to version
xilinx_v2025.1, the xilinx-embeddedsw default version can also be bumped
to xilinx_v2025.1.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Now that all versal defconfigs have been bumped to xilinx_v2025.1, this patch
bumps the xilinx-prebuilt default version to xilinx_v2025.1.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This patch bumps the versal_vpk180_defconfig to xilinx-v2025.1 which includes
the following updates:
- ATF v2.12
- Linux v6.12.10
- PLM xilinx_v2025.1
- PSMFW xilinx_v2025.1
- U-Boot v2025.01
The Xilinx specific Linux 6.12 patch has been added to this defconfig:
board/xilinx/linux_6.12/patches/linux/0001-include-uapi-linux-xlnx-ai-engine.h-fix-CONFIG_XILIN.patch
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This patch bumps the versal_vck190_defconfig to xilinx-v2025.1 which includes
the following updates:
- ATF v2.12
- Linux v6.12.10
- PLM xilinx_v2025.1
- PSMFW xilinx_v2025.1
- U-Boot v2025.01
The Xilinx specific Linux 6.12 patch has been added to this defconfig:
board/xilinx/linux_6.12/patches/linux/0001-include-uapi-linux-xlnx-ai-engine.h-fix-CONFIG_XILIN.patch
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This patch bumps the versal_vek280_defconfig to xilinx-v2025.1 which includes
the following updates:
- ATF v2.12
- Linux v6.12.10
- PLM xilinx_v2025.1
- PSMFW xilinx_v2025.1
- U-Boot v2025.01
The Xilinx specific Linux 6.12 patch has been added to this defconfig:
board/xilinx/linux_6.12/patches/linux/0001-include-uapi-linux-xlnx-ai-engine.h-fix-CONFIG_XILIN.patch
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This patch adds support for version xilinx_v2025.1 without changing the
default version. This way, the zynqmp and versal defconfigs can bump
individually from xilinx_v2024.2 to xilinx_v2025.1.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
With bootgen 2025.1, the directory structure was re-done. In the process of
doing this, the source files in the bisonflex directory lost the fix below
which had been applied on an earlier version of bootgen for the issue below.
Bootgen embeds an old version of flex, but uses the system include syntax
(#include <>) to reference it, causing conflicts on systems with the
development headers for a modern flex version installed, leading to build
issues like:
../bisonflex/bif.yy.cpp: In member function 'virtual int BIF::FlexScanner::yylex()':
../bisonflex/bif.yy.cpp:1608:18: error: no match for 'operator=' (operand types are 'std::istream' {aka 'std::basic_istream'} and 'std::istream*' {aka 'std::basic_istream*'})
Fix it by using normal local #include statements by:
sed -i 's/<FlexLexer.h>/"FlexLexer.h"/g' *
This patch re-adds the patch to fix this to buildroot.
Fixes: https://autobuild.buildroot.org/results/056384322246877253cd8d0781717ce495cbe769/
Upstream: patch submitted to AMD internal jira process
Signed-off-by: Neal Frager <neal.frager@amd.com>
Reviewed-By: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Now that all zynqmp boards have bumped to xilinx_v2025.1, the zynqmp u-boot
binman patches can be removed.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This patch bumps the zynqmp_zcu106_defconfig to xilinx-v2025.1 which
includes the following updates:
- ATF v2.12
- Linux v6.12.10
- PMUFW xilinx_v2025.1
- U-Boot v2025.01
The Xilinx specific Linux 6.12 patch has been added to this defconfig:
board/xilinx/linux_6.12/patches/linux/0001-include-uapi-linux-xlnx-ai-engine.h-fix-CONFIG_XILIN.patch
The zynqmp specific u-boot binman patches are also included with the
xilinx-v2025.1 release tag, so these patches can also be removed.
The following patches have thus been removed from the defconfig:
board/zynqmp/patches/uboot/*
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This patch bumps the zynqmp_zcu104_defconfig to xilinx-v2025.1 which
includes the following updates:
- ATF v2.12
- Linux v6.12.10
- PMUFW xilinx_v2025.1
- U-Boot v2025.01
The Xilinx specific Linux 6.12 patch has been added to this defconfig:
board/xilinx/linux_6.12/patches/linux/0001-include-uapi-linux-xlnx-ai-engine.h-fix-CONFIG_XILIN.patch
The zynqmp specific u-boot binman patches are also included with the
xilinx-v2025.1 release tag, so these patches can also be removed.
The following patches have thus been removed from the defconfig:
board/zynqmp/patches/uboot/*
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This patch bumps the zynqmp_zcu102_defconfig to xilinx-v2025.1 which
includes the following updates:
- ATF v2.12
- Linux v6.12.10
- PMUFW xilinx_v2025.1
- U-Boot v2025.01
The Xilinx specific Linux 6.12 patch has been added to this defconfig:
board/xilinx/linux_6.12/patches/linux/0001-include-uapi-linux-xlnx-ai-engine.h-fix-CONFIG_XILIN.patch
The zynqmp specific u-boot binman patches are also included with the
xilinx-v2025.1 release tag, so these patches can also be removed.
The following patches have thus been removed from the defconfig:
board/zynqmp/patches/uboot/*
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Now that all 3 zynqmp_kria defconfigs have bumped to xilinx_v2025.1, the kria
specific u-boot patch can be removed.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This patch bumps the zynqmp_kria_kr260_defconfig to xilinx-v2025.1 which
includes the following updates:
- ATF v2.12
- Linux v6.12.10
- PMUFW xilinx_v2025.1
- U-Boot v2025.01
The Xilinx specific Linux 6.12 patch has been added to this defconfig:
board/xilinx/linux_6.12/patches/linux/0001-include-uapi-linux-xlnx-ai-engine.h-fix-CONFIG_XILIN.patch
The kria specific u-boot patch is no longer necessary, as it is
included with the xilinx-v2025.1 release tag.
The following patch has thus been removed from the defconfig:
board/zynqmp/kria/patches/uboot/0001-video-zynqmp-add-support-for-reset.patch
The zynqmp specific u-boot binman patches are also included with the
xilinx-v2025.1 release tag, so these patches can also be removed.
The following patches have thus been removed from the defconfig:
board/zynqmp/patches/uboot/*
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This patch bumps the zynqmp_kria_kd240_defconfig to xilinx-v2025.1 which
includes the following updates:
- ATF v2.12
- Linux v6.12.10
- PMUFW xilinx_v2025.1
- U-Boot v2025.01
The Xilinx specific Linux 6.12 patch has been added to this defconfig:
board/xilinx/linux_6.12/patches/linux/0001-include-uapi-linux-xlnx-ai-engine.h-fix-CONFIG_XILIN.patch
The kria specific u-boot patch is no longer necessary, as it is
included with the xilinx-v2025.1 release tag.
The following patch has thus been removed from the defconfig:
board/zynqmp/kria/patches/uboot/0001-video-zynqmp-add-support-for-reset.patch
The zynqmp specific u-boot binman patches are also included with the
xilinx-v2025.1 release tag, so these patches can also be removed.
The following patches have thus been removed from the defconfig:
board/zynqmp/patches/uboot/*
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This patch bumps the zynqmp_kria_kv260_defconfig to xilinx-v2025.1 which
includes the following updates:
- ATF v2.12
- Linux v6.12.10
- PMUFW xilinx_v2025.1
- U-Boot v2025.01
The Xilinx specific Linux 6.12 patch has been added to this defconfig:
board/xilinx/linux_6.12/patches/linux/0001-include-uapi-linux-xlnx-ai-engine.h-fix-CONFIG_XILIN.patch
The kria specific u-boot patch is no longer necessary, as it is
included with the xilinx-v2025.1 release tag.
The following patch has thus been removed from the defconfig:
board/zynqmp/kria/patches/uboot/0001-video-zynqmp-add-support-for-reset.patch
The zynqmp specific u-boot binman patches are also included with the
xilinx-v2025.1 release tag, so these patches can also be removed.
The following patches have thus been removed from the defconfig:
board/zynqmp/patches/uboot/*
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This patch adds support for version xilinx_v2025.1 without changing the
default version. This way, the zynqmp and versal defconfigs can bump
individually from xilinx_v2024.2 to xilinx_v2025.1.
In addition, new software apps were added to the Xilinx/embedddedsw repo.
While they do not change the buildroot xilinx-embeddedsw boot package, the
version xilinx_v2025.1 has a new license.txt file. For this reason, this
patch adds a hash file for the xilinx_v2025.1 version, so that both the
default xilinx_v2024.2 and xilinx_v2025.1 versions will have independent
hashes for their license.txt files.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This patch bumps the zynq_microzed_defconfig to xilinx-v2025.1 which includes
the following updates:
- Linux v6.12.10
- U-Boot v2025.01
The xilinx-v2025.1 Linux 6.12.10 release tag requires a patch to fix a
leak of the Kconfig CONFIG_XILINX_AIE, so this patch is now included.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Reviewed-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This patch bumps the zynq_microzed_defconfig to xilinx-v2025.1 which includes
the following updates:
- Linux v6.12.10
- U-Boot v2025.01
The xilinx-v2025.1 Linux 6.12.10 release tag requires a patch to fix a
leak of the Kconfig CONFIG_XILINX_AIE, so this patch is now included.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Reviewed-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This patch bumps the zynq_zc706_defconfig to xilinx-v2025.1 which includes
the following updates:
- Linux v6.12.10
- U-Boot v2025.01
The xilinx-v2025.1 Linux 6.12.10 release tag requires a patch to fix a
leak of the Kconfig CONFIG_XILINX_AIE, so this patch is now included.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Reviewed-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This patch bumps the zynq_zc702_defconfig to xilinx-v2025.1 which includes
the following updates:
- Linux v6.12.10
- U-Boot v2025.01
The xilinx-v2025.1 Linux 6.12.10 release tag requires a patch to fix a
leak of the Kconfig CONFIG_XILINX_AIE, so this patch is now included.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Reviewed-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Add hashes for xilinx_v2025.1 release.
xilinx_v2025.1 release includes:
- atf 2.12
- linux 6.12.10
- uboot 2025.01
In addition, the xilinx_v2025.1 linux kernel release tag has a Kconfig leak
of the CONFIG_XILINX_AIE option. This patch adds a patch that is specific to
the Xilinx Linux 6.12.10 release which fixes the problem by moving the changes
implemented by the CONFIG_XILINX_AIE option from the exposed uapi header file
to the Linux internal header file.
The patch has been added to the board/xilinx/linux_6.12/patches directory, so
that it will only be applied when a user specifies they wish to build the
xilinx_v2025.1 release or they use a defconfig that has migrated to this
release.
Since the header file that causes the issue is not yet mainline, this patch
has been "upstreamed" to the Xilinx linux-xlnx repo via the AMD internal jira
process.
Upstream: internal AMD jira process
Signed-off-by: Neal Frager <neal.frager@amd.com>
Reviewed-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
[Julien: fix check-package errors:
- remove numbering in patch subject
- add "Upstream:" tag in patch
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
This patch removes the support for the microblazeel-xilinx-elf arch tuple.
Users will now get an error message telling them to change their configuration
to the microblazeel-buildroot-elf arch tuple.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This patch migrates all the versal and zynqmp defconfigs to use the
microblazeel-buildroot-elf arch tuple for the toolchain-bare-metal-buildroot
toolchain.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Now that xilinx-embeddedsw is compatible with the toolchain vendor buildroot,
this patch modifies the toolchain-bare-metal-buildroot help example to use
the microblazeel-buildroot-elf tuple.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This patch renames the bare-metal toolchain vendor used by the
xilinx-embeddedsw package from Xilinx to Buildroot to be consistent with all
other toolchains built by Buildroot.
To build the Microblaze applications available with the xilinx-embeddedsw
package, the following config is now needed:
BR2_TOOLCHAIN_BARE_METAL_BUILDROOT_ARCH="microblazeel-buildroot-elf"
This change keeps backwards compatibility for users already using the
following architecture tuple:
BR2_TOOLCHAIN_BARE_METAL_BUILDROOT_ARCH="microblazeel-xilinx-elf"
Either vendor name is now valid, but there is a warning message to use the
Buildroot vendor name, and the support for the "microblazeel-xilinx-elf"
tuple will be removed once all zynqmp and versal defconfigs have migrated.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
With the Segmented Configuration, the Versal PDI files will have new names:
<design>_boot.pdi - Minimal DDR and PS config for booting
<design>_pld.pdi - Remainder of FPGA design to be loaded at run-time
Since this will be the new default, this patch aligns the Buildroot file
naming by replacing the obscure vpl_gen_fixed.pdi filename with a simpler
boot.pdi filename.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Reviewed-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
AMD has created a new segmented configuration for Versal products. It splits
the Vivado hardware design into two PDI files, one containing the minimal
required configuration for the DDR and booting the processors, and a second PDI
file which contains the rest of the FPGA design and can be loaded at run-time
via U-boot or Linux.
The file names generated when using the Vivado Segmented Configuration are as
follows:
<design>_boot.pdi - Minimal DDR and PS config for booting
<design>_pld.pdi - Remainder of FPGA design to be loaded at run-time
Since two PDI files will be included in the XSA file when using Segmented
Configuration, the xilinx-prebuilt package needs to be updated to support
this feature.
For Buildroot purposes, the <design>_boot.pdi is the file that needs to be
included in the boot.bin for booting the processors, so this patch checks
for a file named *boot*.pdi which will indicate that Segmented Configuration
is being used and will make sure to use the <design>_boot.pdi file and not
the <design>_pld.pdi file when generating the boot.bin image.
If no pdi files contain the word "boot" in the filename, it can be assumed
that Segmented Configuration is not being used, so the single file *.pdi
method is the appropriate one for this case, and this patch is thus
backwards compatible with prior designs not using Segmented Configuration.
Also, Segmented Configuration is going to become the default mode for Versal
products, so the xilinx-prebuilt github location will also soon have two PDI
files for each board. For this reason, this patch is also handling Segmented
Configuration for files downloaded from the xilinx-prebuilt repo.
For further information about the AMD Segmented Configuration, please see the
github tutorial below.
https://github.com/Xilinx/Vivado-Design-Tutorials/tree/2024.2/Versal/Boot_and_Config/Segmented_Configuration
Signed-off-by: Neal Frager <neal.frager@amd.com>
Reviewed-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The versal vpl_gen_fixed.pdi file is not a target executable, so the file
permissions should be 644 instead of 755.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Reviewed-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
CoolPi 4B is a rk3588s based SBC[0].
Specification:
- Rockchip RK3588S
- LPDDR4 2/4/8/16 GB
- TF scard slot
- eMMC 8/32/64/128 GB module
- Gigabit ethernet drived by PCIE with RTL8111HS
- HDMI Type D out
- Mini DP out
- USB 2.0 Host x 2
- USB 3.0 OTG x 1
- USB 3.0 Host x 1
- WIFI/BT module AIC8800
- 40 pin header
[0] https://www.cool-pi.com/product/cp4b/
Signed-off-by: Andy Yan <andyshrk@163.com>
[Julien:
- add missing BR2_GLOBAL_PATCH_DIR and hash files
- add missing BR2_TARGET_UBOOT_NEEDS_GNUTLS
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Since its inclusion in commit [1], the
BR2_PACKAGE_MENDER_UPDATE_MODULES_IPK config selects
BR2_PACKAGE_OPKG without propagating its dependencies on MMU and
wchar.
This commit fixes this issue.
Fixes:
WARNING: unmet direct dependencies detected for BR2_PACKAGE_OPKG
Depends on [n]: BR2_USE_MMU [=y] && BR2_USE_WCHAR [=n]
Selected by [y]:
- BR2_PACKAGE_MENDER_UPDATE_MODULES_IPK [=y] && BR2_PACKAGE_MENDER_UPDATE_MODULES [=y]
[1] https://gitlab.com/buildroot.org/buildroot/-/commit/a474642fdcd8c69e12126bbe8304479aa855d916
Cc: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Buildroot commit [1] removed mysql and replaced it by mariadb in all
packages, but did not propagated all dependencies.
This commit fixes the issue.
Fixes:
WARNING: unmet direct dependencies detected for BR2_PACKAGE_MARIADB
Depends on [n]: BR2_INSTALL_LIBSTDCPP [=y] && !BR2_STATIC_LIBS [=n] && BR2_USE_MMU [=y] && BR2_TOOLCHAIN_HAS_THREADS [=y] && (BR2_TOOLCHAIN_HAS_ATOMIC [=n] || BR2_TOOLCHAIN_HAS_SYNC_8 [=n]) && BR2_USE_WCHAR [=y]
Selected by [y]:
- BR2_PACKAGE_DOVECOT_MYSQL [=y] && BR2_PACKAGE_DOVECOT [=y] && BR2_INSTALL_LIBSTDCPP [=y] && BR2_TOOLCHAIN_HAS_THREADS [=y]
[1] https://gitlab.com/buildroot.org/buildroot/-/commit/8708f3a23a7e28fdb04fc57406e13e6b7ff4a337
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit [1] "package/gstreamer1/gst1-plugins-bad: bump version
to 1.24.11" added new requirements for webrtc which selects the
sctp plugin, but forgot to propagate its dependencies. The sctp
plugin depends on BR2_TOOLCHAIN_HAS_SYNC_4.
This commit fixes this issue.
Fixes:
WARNING: unmet direct dependencies detected for BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_SCTP
Depends on [n]: BR2_PACKAGE_GSTREAMER1 [=y] && BR2_PACKAGE_GST1_PLUGINS_BAD [=y] && BR2_TOOLCHAIN_HAS_SYNC_4 [=n]
Selected by [y]:
- BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_WEBRTC [=y] && BR2_PACKAGE_GSTREAMER1 [=y] && BR2_PACKAGE_GST1_PLUGINS_BAD [=y] && !BR2_STATIC_LIBS [=n]
[1] https://gitlab.com/buildroot.org/buildroot/-/commit/90b3cfedf44cc92289746aa30e439be409ca3747
Cc: Thomas Bonnefille <thomas.bonnefille@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since its introduction in commit [1], the podman package has a
dependency on a toolchain with headers >= 3.17, which was propagated
from libseccomp and slirp4netns. The podman package also selects
BR2_PACKAGE_SHADOW which has a requirement on toolchain with
headers >= 4.14. See [2]. This requirement should have been
propagated.
This commit fixes this issue.
Fixes:
WARNING: unmet direct dependencies detected for BR2_PACKAGE_SHADOW
Depends on [n]: !BR2_STATIC_LIBS [=n] && BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_14 [=n]
Selected by [y]:
- BR2_PACKAGE_PODMAN [=y] && BR2_USE_MMU [=y] && BR2_PACKAGE_HOST_GO_TARGET_ARCH_SUPPORTS [=y] && BR2_PACKAGE_HOST_RUSTC_TARGET_ARCH_SUPPORTS [=y] && BR2_PACKAGE_LIBGPG_ERROR_ARCH_SUPPORTS [=y] && BR2_PACKAGE_LIBSECCOMP_ARCH_SUPPORTS [=y] && BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_17 [=y] && BR2_TOOLCHAIN_HAS_THREADS [=y] && BR2_USE_WCHAR [=y]
[1] https://gitlab.com/buildroot.org/buildroot/-/commit/ebbaac08e3f462bf023c12077f739ed1c0543eb2
[2] https://gitlab.com/buildroot.org/buildroot/-/commit/f78c5cb5cae93a9e63dad4361d78e1787759382f
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Acked-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following autobuild error on configs with host GCC15.
```
/workdir/instance-0/output-1/host/bin/ccache /usr/bin/gcc -O2 -DNDEBUG -Wall -Wstrict-prototypes -Wundef -Wmissing-declarations -Wmissing-prototypes -Wwrite-strings -fno-strict-aliasing -Werror=declaration-after-statement -fno-builtin -fno-common -Werror=return-type -Wno-unused-local-typedefs -DHAVE_STDINT_H=1 -DHAVE_DIRENT_H=1 -DHAVE_SYS_DIR_H=1 -DHAVE_SYS_TIME_H=1 -DHAVE_SYS_TIMES_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_LIBDL=1 -DGX_COLOR_INDEX_TYPE="unsigned long long" -D__USE_UNIX98=1 -DHAVE_SNPRINTF -O2 -I/workdir/instance-0/output-1/host/include -L/workdir/instance-0/output-1/host/lib -Wl,-rpath,/workdir/instance-0/output-1/host/lib -DNOCONTRIB -DHAVE_RESTRICT=1 -DHAVE_LIMITS_H=1 -DHAVE_STRING_H=1 -fno-strict-aliasing -O2 -I/workdir/instance-0/output-1/host/include -L/workdir/instance-0/output-1/host/lib -Wl,-rpath,/workdir/instance-0/output-1/host/lib -DHAVE_POPEN_PROTO=1 -I./base -o ./obj/aux/genconf ./base/genconf.c -lz
In file included from ./base/genconf.c:18:
./base/stdpre.h:348:13: error: 'bool' cannot be defined via 'typedef'
348 | typedef int bool;
| ^~~~
./base/stdpre.h:348:13: note: 'bool' is a keyword with '-std=c23' onwards
./base/stdpre.h:348:1: warning: useless type name in empty declaration
348 | typedef int bool;
| ^~~~~~~
```
This is due to the change in the default C language version in GCC15.
The patch included is not exactly the same as the upstream one, it only
picks the part that fix the `bool` definition and dropped the declaration
type changes.
Fixes: https://autobuild.buildroot.org/results/9c6/9c6cbff256635c6ab4be4c5b7bf18f9d3c4b46681
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This test verifies that clinfo correctly detects the rustiCL platform
and llvmpipe as device.
We check:
- exit code,
- Platform name matches rusticl,
- Device name matches llvmpipe.
Signed-off-by: El Mehdi YOUNES <elmehdi.younes@smile.fr>
[Julien:
- rename file to test_mesa3d.py
- add Medhi in DEVELOPERS for this test file
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
RustiCL is an OpenCL implementation written entirely in
RUST and integrated into Mesa3D. It enables the use of OpenCL
programs on top of existing Gallium drivers. RustiCL is a
modern and maintainable replacement for the old C-implemention
Clover.
To build Rusticl in Mesa3D, the following components are required:
- host-rustc (Rust compiler)
- host-rust-bindgen (for generating bindings)
- spirv-tools
- spirv-llvm-translator (providing libLLVMSPIRVLib.so matching the LLVM version)
- LLVM built with libclc and -DLLVM_ENABLE_DUMP=ON
- Mesa headers via mesa-clc-bundle-headers=enabled
- There is a known meson bug and in order to fix it we set -Drust_std=2021, see:
https://docs.mesa3d.org/rusticl.html#known-issueshttps://github.com/mesonbuild/meson/issues/10664
More details in the Mesa documentation:
https://docs.mesa3d.org/rusticl.html
Rusticl is the provider of OpenCL in Buildroot.
However, Mesa does not provide the `libOpenCL.so` library itself.
We therefore depend on the `opencl-icd-loader` package to
install this loader in the toolchain sysroot, so that other
OpenCL-dependent packages can build and link against it.
Without the ICD loader, only `libRustiOpenCL.so` is available and
tools like `clinfo` or `clpeak` fail.
- 'Dmesa-clc-bundle-headers=enabled' ensures that the OpenCL header
files are bundled and available in the target. Without this,
runtime compilation of OpenCL kernels via clpeak or clinfo fails
with:
fatal error: 'opencl-c-base.h' file not found
see https://gitlab.freedesktop.org/mesa/mesa/-/commit/3619611b31bade726b3dd3d0583ff41a5794cad3
We add a Rust compiler override to Meson to use Buildroot’s
host Rust toolchain using MESA3D_MESON_EXTRA_BINARIES.
Rusticl requires Meson to invoke rustc with the correct target and linker:
* 'rust=['$(HOST_DIR)/bin/rustc','--target=$(RUSTC_TARGET_NAME)']'
* 'rust_ld='$(TARGET_CROSS)gcc''
Another solution was proposed to set rust and rust_ld globally in
cross-compilation.conf, we prefer to define them locally within mesa
for now to ensure precise control over the rust toolchain behavior
during the Mesa build.
see https://lore.kernel.org/buildroot/ZcOeEMfwX4XlRXO7@landeda/
Currently, we should always use RUSTICL_ENABLE= driver to use rusticl.
More information:
https://docs.mesa3d.org/envvars.html#envvar-RUSTICL_ENABLE
Signed-off-by: El Mehdi YOUNES <elmehdi.younes@smile.fr>
[Julien: add references to meson bug]
Signed-off-by: Julien Olivain <ju.o@free.fr>
This adds the OpenCL installable client driver (ICD) loader
which provides the 'libOpenCL.so' shared library needed to
run OpenCL programs.
Mesa3D can offer opencl implementations (such as rusticl),
but it does not provide 'libOpenCL.so'.
Without it, programs like 'clinfo' fail to build not
finding 'libOpenCL.so'.
see:
https://github.com/KhronosGroup/OpenCL-ICD-Loader
Signed-off-by: El Mehdi YOUNES <elmehdi.younes@smile.fr>
[Julien: add Medhi in DEVELOPERS for this package]
Signed-off-by: Julien Olivain <ju.o@free.fr>
go1.23.9 (released 2025-05-06) includes fixes to the runtime and the linker.
go1.23.10 (released 2025-06-05) includes security fixes to the net/http and
os packages, as well as bug fixes to the linker.
Fixes the following security vulnerabilities:
- CVE-2025-4673: net/http: sensitive headers not cleared on cross-origin
redirect
Proxy-Authorization and Proxy-Authenticate headers persisted on
cross-origin redirects potentially leaking sensitive information
- CVE-2025-0913: os: inconsistent handling of O_CREATE|O_EXCL on Unix and
Windows
os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and
Windows systems when the target path was a dangling symlink. On Unix
systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks.
On Windows, when the target path was a symlink to a nonexistent location,
OpenFile would create a file in that location.
- CVE-2025-22874: crypto/x509: usage of ExtKeyUsageAny disables policy validation
Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny
unintentionally disabled policy validation. This only affected
certificate chains which contain policy graphs, which are rather uncommon.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Release notes:
https://github.com/jqlang/jq/releases/tag/jq-1.8.0
Fixes the following security issues:
- CVE-2024-23337: Fix signed integer overflow in jvp_array_write and jvp_object_rehash.
- CVE-2024-53427: Reject NaN with payload while parsing JSON.
- CVE-2025-48060: Fix heap buffer overflow in jv_string_vfmt.
- Fix use of uninitialized value in check_literal.
- Fix segmentation fault on strftime/1, strflocaltime/1.
- Fix unhandled overflow in @base64d.
COPYING hash changed due to the following commit.
https://github.com/jqlang/jq/commit/9afc450930b19ca179e6ef4e744853a94a7b72cf
Signed-off-by: Kadambini Nema <kadambini.nema@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following autobuild error that started appearing with host GCC15
configs.
```
/usr/bin/gcc -DHAVE_CONFIG_H -I. -I/workdir/instance-0/output-1/host/include -O2 -I/workdir/instance-0/output-1/host/include -c -o modules/arch/x86/x86arch.o modules/arch/x86/x86arch.c
In file included from modules/arch/x86/x86arch.h:30,
from modules/arch/x86/x86arch.c:31:
./libyasm/bitvect.h:86:32: error: cannot use keyword 'false' as enumeration constant
86 | typedef enum boolean { false = FALSE, true = TRUE } boolean;
| ^~~~~
./libyasm/bitvect.h:86:32: note: 'false' is a keyword with '-std=c23' onwards
```
This is due to the change in the default C language version in GCC15.
Fixes: https://autobuild.buildroot.org/results/d1d/d1d9a6e73c2ec278941dd90c6b07cce01b372feb/
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- The check was referencing an incorrect variable name
- In the `$(QORIQ_MC_UTILS_DPC_FILES) $(QORIQ_MC_UTILS_DPL_FILES)` case,
the target directory needs to be created first
Signed-off-by: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
Reviewed-by: Vladimir Oltean <olteanv@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
MessagePack ships both in a C++ and a C variant. Add the latter to
Buildroot. This will be used by fluent-bit.
Signed-off-by: Thomas Devoogdt <thomas@devoogdt.com>
[Julien:
- switch homepage URL to use https
- add a note in package/msgpack{,-c}/Config.in to clarify C/C++
variants
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
For change log, see:
https://gitlab.com/gpsd/gpsd/-/blob/release-3.26.1/NEWS
Support for RTCM104v2 and v3, as well as for ublox, are now
unconditionally built, so drop our corresponding options. No
needfor legacy options: users that had those enabled will
still get them.
Support for Oceanserver has been dropped upstream, so drop our
option and add legacy handling to infrom users they should
complain upstream if they needed it (very unlikely).
Also, a bug introduced in gpsd 3.26 makes the Buildroot gpsd runtime
test failing. See [1]. As a workaround, this commit also changes
this runtime test to emulate a gps over TCP, instead of UDP.
[1] https://gitlab.com/gpsd/gpsd/-/issues/337
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
[Julien:
- rebased on branch next
- add gpsd version removing OceanServer option in Config.in.legacy
- add link to NEWS in commit log
- switch test_gpsd to use tcp instead of udp
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Buildroot commit 600e75b606 "remove depends on architecture for Iris/
Vulkan" forgot to remove the dependency for the comment of the iris
driver.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Privilege separation mode is undesirable in some use cases.
Let's allow the user to disable it, at least.
Signed-off-by: Konstantin Menyaev <konstantin.menyaev@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
If external clang is available on the host system, the buildsystem tries
to use it. The result will be unpredictable. We can't use the version of
clang that is shipped with buildroot either, because it is too old. See:
https://code.qt.io/cgit/qt/qttools.git/tree/.cmake.conf?h=6.8.1. So we
disable clang support in qt6tools for now.
Signed-off-by: Roy Kollen Svendsen <roykollensvendsen@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
The previous commit removed its only user. It was a blind option so no
legacy handling is needed.
Signed-off-by: Roy Kollen Svendsen <roykollensvendsen@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
Since we don't need assistant, designer or linguist on target, and we
don't need assistant or designer on host, we unconditionally disable
these tools, to avoid build failures without inreasing the complexity of
the package.
Fixes target linguist build:
-- Could NOT find Qt6LinguistTools (missing: Qt6LinguistTools_DIR)
CMake Error at <...>/output/build/qt6base-6.8.1/cmake/QtToolHelpers.cmake:768 (message):
Failed to find the host tool "Qt6::lconvert". It is part of the
Qt6LinguistTools package, but the package could not be found. Make sure
you have built and installed the host Linguist module, which will ensure
the creation of the Qt6LinguistTools package.
Call Stack (most recent call first):
<...>/output/build/qt6base-6.8.1/cmake/QtToolHelpers.cmake:83 (qt_internal_find_tool)
src/linguist/lconvert/CMakeLists.txt:9 (qt_internal_add_tool)
The following defconfig triggers a target linguist build without
building the necessary lconvert host tool. See:
https://code.qt.io/cgit/qt/qttools.git/tree/src/linguist/CMakeLists.txt?h=6.8.1#n17
BR2_arm=y
BR2_cortex_a9=y
BR2_ARM_ENABLE_VFP=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN_ARMV7_EABIHF_MUSL_STABLE=y
BR2_PACKAGE_QT6=y
BR2_PACKAGE_QT6BASE_GUI=y
BR2_PACKAGE_QT6BASE_PNG=y
BR2_PACKAGE_QT6BASE_WIDGETS=y
BR2_PACKAGE_QT6TOOLS=y
Fixes target designer build:
CMake Error at <...>/output/build/qt6base-6.8.1/cmake/QtPublicWalkLibsHelpers.cmake:267 (message):
The Xml target is mentioned as a dependency for Designer, but not declared.
Call Stack (most recent call first):
<...>/output/build/qt6base-6.8.1/cmake/QtPrlHelpers.cmake:8 (__qt_internal_walk_libs)
<...>/output/build/qt6base-6.8.1/cmake/QtPrlHelpers.cmake:47 (qt_collect_libs)
<...>/buildroot/output/build/qt6base-6.8.1/cmake/QtModuleHelpers.cmake:1027 (qt_generate_prl_file)
<...>/buildroot/output/build/qt6base-6.8.1/cmake/QtScopeFinalizerHelpers.cmake:24:EVAL:1 (qt_finalize_module)
src/designer/src/lib/CMakeLists.txt:DEFERRED
The following defconfig triggers a target designer build, without
selecting the necessary xml qt6base option. See:
https://code.qt.io/cgit/qt/qttools.git/tree/configure.cmake?h=6.8.1#n64https://code.qt.io/cgit/qt/qttools.git/tree/src/designer/src/lib/CMakeLists.txt?h=6.8.1#n182
BR2_arm=y
BR2_cortex_a9=y
BR2_ARM_ENABLE_VFP=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN_ARMV7_EABIHF_MUSL_STABLE=y
BR2_PACKAGE_QT6=y
BR2_PACKAGE_QT6BASE_GUI=y
BR2_PACKAGE_QT6BASE_PNG=y
BR2_PACKAGE_QT6BASE_WIDGETS=y
BR2_PACKAGE_QT6TOOLS=y
Fixes target assistant build:
CMake Error at <...>/output/build/qt6base-6.8.1/cmake/QtToolHelpers.cmake:768 (message):
Failed to find the host tool "Qt6::qhelpgenerator". It is part of the
Qt6ToolsTools package, but the package did not contain the tool. Make sure
that the host module Tools was built with all features enabled (no
explicitly disabled tools).
Call Stack (most recent call first):
<...>/buildroot/output/build/qt6base-6.8.1/cmake/QtToolHelpers.cmake:83 (qt_internal_find_tool)
src/assistant/qhelpgenerator/CMakeLists.txt:9 (qt_internal_add_tool)
The following defconfig triggers a target assistant build, without
building the necessary qhelpgenerator host tool. See:
https://code.qt.io/cgit/qt/qttools.git/tree/configure.cmake?h=6.8.1#n45https://code.qt.io/cgit/qt/qttools.git/tree/src/assistant/CMakeLists.txt?h=6.8.1#n4https://code.qt.io/cgit/qt/qttools.git/tree/src/assistant/CMakeLists.txt?h=6.8.1#n21
BR2_arm=y
BR2_cortex_a9=y
BR2_ARM_ENABLE_VFP=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN_ARMV7_EABIHF_MUSL_STABLE=y
BR2_PACKAGE_QT6=y
BR2_PACKAGE_QT6BASE_GUI=y
BR2_PACKAGE_QT6BASE_PNG=y
BR2_PACKAGE_QT6BASE_PRINTSUPPORT=y
BR2_PACKAGE_QT6BASE_SQL=y
BR2_PACKAGE_QT6BASE_SQLITE=y
BR2_PACKAGE_QT6BASE_WIDGETS=y
BR2_PACKAGE_QT6TOOLS=y
Signed-off-by: Roy Kollen Svendsen <roykollensvendsen@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
The CVE database was updated and includes the additional "up to
(including) 4.97" version information.
Signed-off-by: Daniel Lang <dalang@gmx.at>
Reviewed-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The biggest change for 3.14 is the maximum inittab entry size has increased
from 127 charachters to 253 characters long AND it logs a warning when a line
longer than this is found AND it refuses to run a line longer than 253
characters. It doesn't truncate too-long lines anymore, it just drops them.
Changelog: https://github.com/slicer69/sysvinit/releases/tag/3.14
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Noteable changes:
- Add -Dipe=false and -Dsysupdated=disabled as defaults to CONF_OPTS and
HOST_CONF_OPTS. If another user has a use for either, they can submit a
patch at a later date.
- systemd-networkd now requires kernel >= 5.4 due to the inclusion of the
sockios.h header, which uses the SIOCGSTAMP_OLD macro. This macro was first
introduced in kernel 5.2, but the official README recommends 5.4 as a
baseline, so stick with that. Due to this change:
- systemd-networkd now depends on BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_4
- default y only if BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_4
- Add a section in migrating.adoc about the new requirement
- The sha256sum of README.md changed due to the addition of some CentOS CI
lines.
- Add the new license file LICENSES/alg-sha1-public-domain.txt.
For change log, see:
https://github.com/systemd/systemd/blob/v257.5/NEWS
Tested with `./utils/test-pkg -p systemd -a`
40 builds, 28 skipped, 0 build failed, 0 legal-info failed, 0 show-info failed
Tested with `./support/testing/run-tests tests.init.test_systemd`
All tests passed
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Reviewed-by: Marcus Hoffmann <buildroot@bubu1.eu>
[Julien: add link to change log in commit log]
Signed-off-by: Julien Olivain <ju.o@free.fr>
The aarch64 virt platform doesn't have any default VGA devices so we
don't need to configure them here.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Both packages where added as host-only dependencies to build
package/python-aiomqtt, and are not used by any other package. With
aiomqtt switching to hatchling they are not needed any more.
Signed-off-by: Fiona Klute (WIWA) <fiona.klute@gmx.de>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Aiomqtt switched its build system to hatchling with 2.3.1, change
PYTHON_AIOMQTT_SETUP_TYPE and dependencies accordingly.
Signed-off-by: Fiona Klute (WIWA) <fiona.klute@gmx.de>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Drop the -Djs_engine=duktape option as mozjs support has been removed entirely
and as such, the option no longer exists.
Tested with `./support/testing/run-tests tests.package.test_polkit`
Both tests pass.
Also tested with `./utils/test-pkg -p polkit -a`
40 builds, 8 skipped, 0 build failed, 0 legal-info failed, 0 show-info failed
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This fixes the following CVE:
- CVE-2025-47287: When Tornado's ``multipart/form-data`` parser encounters
certain errors, it logs a warning but continues trying to
parse the remainder of the data. This allows remote
attackers to generate an extremely high volume of logs,
constituting a DoS attack.
Fixes:
https://www.cve.org/CVERecord?id=CVE-2025-47287
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
[Julien: reword commit log]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Since Python 3.13 BaseSelectorEventLoop.add_reader() and
BaseSelectorEventLoop.add_writer() use the mapping returned by
selector.get_map() to detect if a file object is already
registered. This fails with the implementation in gi.events._Selector
if some calls use a file object, and others the raw file descriptor.
Full upstream bug report:
https://gitlab.gnome.org/GNOME/pygobject/-/issues/689
This bug breaks package/python-aiomqtt, because its client object uses
file objects in some places for the connection socket, and the file
descriptor in others. The result is that the connection attempt times
out because source registration fails, and the Future that marks
successful connection never resolves.
This commit adds the fix as backported to PyGObject 3.50 [1] so it can
be cherry-picked to Buildroot stable versions using that version.
[1] https://gitlab.gnome.org/GNOME/pygobject/-/merge_requests/423
Signed-off-by: Fiona Klute (WIWA) <fiona.klute@gmx.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since Python 3.13 BaseSelectorEventLoop.add_reader() and
BaseSelectorEventLoop.add_writer() use the mapping returned by
selector.get_map() to detect if a file object is already
registered. This fails with the implementation in gi.events._Selector
if some calls use a file object, and others the raw file descriptor.
Full upstream bug report:
https://gitlab.gnome.org/GNOME/pygobject/-/issues/689
This bug breaks package/python-aiomqtt, because its client object uses
file objects in some places for the connection socket, and the file
descriptor in others. The result is that the connection attempt times
out because source registration fails, and the Future that marks
successful connection never resolves.
This commit adds the fix as backported to PyGObject 3.50 [1] so it can
be cherry-picked to Buildroot stable versions using that version.
[1] https://gitlab.gnome.org/GNOME/pygobject/-/merge_requests/423
Signed-off-by: Fiona Klute (WIWA) <fiona.klute@gmx.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bump bootgen to xilinx_v2025.1 release.
With version 2025.1, bootgen executable is now in the build/bin dir, so
the install step is changed accordingly.
The LICENSE file hash has changed as it was converted from DOS end of
lines to Unix end of lines.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add a patch that removes part of the logic that attempts to detect if
thumb is supported. This logic simply doesn't work at all in the
Buildroot context. In fact, thumb is supported on all 32-bit ARM on
which we can build qt5webengine.
Fixes:
WARNING: Thumb instruction set is required to build ffmpeg for QtWebEngine.
[...]
FAILED: obj/third_party/ffmpeg/ffmpeg_internal/vp8.o
[...] -c ../../3rdparty/chromium/third_party/ffmpeg/libavcodec/vp8.c -o obj/third_party/ffmpeg/ffmpeg_internal/vp8.o
{standard input}: Assembler messages:
{standard input}:1119: Error: bad instruction `ldrhcs r0,[ip],#2'
{standard input}:1156: Error: bad instruction `ldrhcs r9,[ip],#2'
{standard input}:1190: Error: bad instruction `ldrhcs lr,[ip],#2'
{standard input}:1253: Error: bad instruction `ldrhcs r9,[r7],#2'
[...]
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
Cc: Gaël PORTAY <gael.portay@rtone.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Ideally we should update our version of qt5webengine-chromium first,
we're more than 600 commits behind on the stable branch from KDE.
However, this is a quick fix solution that allows us to build the
current state in Fedora 42.
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Add a patch that adds missing #include statements, which becomes an
error in GCC 15.
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
For change log since 0.19.1, see:
https://github.com/bpftrace/bpftrace/blob/v0.23.3/CHANGELOG.md
Note that since commit [1] updating llvm to 20.1.5, bpftrace is
failing to build at configuration time, with error message:
CMake Error at CMakeLists.txt:184 (message):
Unsupported LLVM version found via
/buildroot/output/host/aarch64-buildroot-linux-gnu/sysroot/usr/include:
20
CMake Error at CMakeLists.txt:185 (message):
Only versions between 6 and 17 are supported
This is because bpftrace version 0.19.1 does not support this
newer llvm version. This update to bpftrace to 0.23.3 resolve this
issue.
[1] https://gitlab.com/buildroot.org/buildroot/-/commit/e29dae109a217636381acd4f7be615a8744fe675
Signed-off-by: Julien Olivain <ju.o@free.fr>
Since Buildroot commit [1], the runtime test emulator infra is setting
the emulated system date to the host date.
While this is desired in general, this behaviour is introducing a
variability in the test execution. Depending if the test is executed
during winter or summer time, the output of the command "date +%Z"
will produce a different output.
This commit fixes the issue by setting a fixed date and time on the
emulated system. The date is fixed to Unix Epoch plus one hour. This
is because Linux cannot set the system date to a value less than the
system uptime. So we cannot set the time back to Unix Epoch with the
command "date -s @0" (this would result to a EINVAL Invalid argument).
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/9922589073https://gitlab.com/buildroot.org/buildroot/-/jobs/9922589081
[1] https://gitlab.com/buildroot.org/buildroot/-/commit/cf8641b73e7f1577637bfef0ece78dd519b25d19
Signed-off-by: Julien Olivain <ju.o@free.fr>
Commit e3329a1e82 ("configs/imx8mn_bsh_smm_s2[_pro]: bump Linux to
6.12.23 and U-Boot to 2025.04") broke the U-Boot boot process on the
BSH SMM S2 board. I didn’t notice it because I mistakenly tested the
patch on the SMM S2PRO board, which boots from eMMC instead of NAND.
Next time, I won’t forget to test on both boards :).
Fixes: e3329a1e82 ("configs/imx8mn_bsh_smm_s2[_pro]: bump Linux to 6.12.23 and U-Boot to 2025.04")
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Commit 4e95062f8 ("package/pkg-meson: use buildroot-build for build
directory") changed the build directory for meson packages to
'buildroot-build', so update the find invocation to match.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 4e95062f8 ("package/pkg-meson: use buildroot-build for build directory")
changed the build directory for meson packages to 'buildroot-build'.
Thus accessing the build directory for installing the extra utils needs
to be adopted to this directory. Otherwise the install will fail when
BR2_PACKAGE_KMSXX_INSTALL_TESTS is enabled.
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When the meson build directory was changed to buildroot-build in
4e95062f82 we forgot to update the
install path for the systemd-boot efi binary.
Fixes:
/usr/bin/install: cannot stat '/home/buildroot/buildroot/output/build/systemd-256.7/build/src/boot/efi/systemd-bootx64.efi': No such file or directory
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since commit d1757fdfb0, at-spi2-core
depends on !BR2_STATIC_LIBS, but this wasn't properly propagated to
reverse dependencies, so let's do this propagation now.
Fixes the following warning:
WARNING: unmet direct dependencies detected for BR2_PACKAGE_AT_SPI2_CORE
Depends on [n]: BR2_TOOLCHAIN_HAS_THREADS [=y] && BR2_USE_MMU [=y] && BR2_USE_WCHAR [=y] && !BR2_STATIC_LIBS [=y]
Selected by [y]:
- BR2_PACKAGE_ATKMM [=y] && BR2_INSTALL_LIBSTDCPP [=y] && BR2_TOOLCHAIN_GCC_AT_LEAST_7 [=y] && BR2_TOOLCHAIN_HAS_THREADS [=y] && BR2_USE_MMU [=y] && BR2_USE_WCHAR [=y]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When the sane-airscan package was introduced in
f78280bf26, the depends on of options
that is selects were not properly accounted for, so let's fix this.
Fixes:
WARNING: unmet direct dependencies detected for BR2_PACKAGE_GNUTLS
Depends on [n]: !BR2_STATIC_LIBS [=n] && BR2_USE_WCHAR [=n]
Selected by [y]:
- BR2_PACKAGE_SANE_AIRSCAN [=y]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since the package was introduced in commit
02de349895, it selects
BR2_PACKAGE_PYTHON_JSONSCHEMA without taking care of its dependencies,
causing the following warning:
WARNING: unmet direct dependencies detected for BR2_PACKAGE_PYTHON_JSONSCHEMA
Depends on [n]: BR2_PACKAGE_PYTHON3 [=y] && BR2_PACKAGE_HOST_RUSTC_TARGET_ARCH_SUPPORTS [=n]
Selected by [y]:
- BR2_PACKAGE_PYTHON_FLASK_RESTX [=y] && BR2_PACKAGE_PYTHON3 [=y]
Fix this by adding the missing depends on.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 8c9c1222b7 (package/uacme: bump version to 1.7.6) bumperd the
version to 1.7.6 which includes the patch we carried, so the patch was
dropped, but the corresponding autoreconf was not.
Do so now.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Nicola Di Lieto <nicola.dilieto@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The esp-hosted package was introduced in [1] defining the variable
ESP_HOSTED_LICENSE_FILE (singular). The name should be
ESP_HOSTED_LICENSE_FILES (plural). This typo makes the license file
being ignored during a "make legal-info" which shows a warning at
the end:
WARNING: esp-hosted-9a2312b0b: cannot save license (ESP_HOSTED_LICENSE_FILES not defined)
Fixing the variable name also reveals the license file path was
incorrect. The "esp_hosted_ng/host/" directory prefix is missing.
Finally, setting the correct path shows the hash was wrong (it was
the hash of the Apache-2.0 [2] file, which corresponds to another
unused code portion). So the license file hash is also changed to
correspond to the correct GPL-2.0 license file.
This commit fixes all the needed esp-hosted legal-info.
[1] https://gitlab.com/buildroot.org/buildroot/-/commit/7b2e5e6550aed4f79461919c6a59e00741eb4b11
[2] https://github.com/espressif/esp-hosted/blob/release/ng-v1.0.4.0.0/LICENSES/Apache-2.0
Cc: Giulio Benetti <giulio.benetti@benettiengineering.com>
Reviewed-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Fixes the following CVEs:
- CVE-2025-3015: A vulnerability classified as critical has been found in
Open Asset Import Library Assimp 5.4.3. This affects the
function Assimp::ASEImporter::BuildUniqueRepresentation of
the file code/AssetLib/ASE/ASELoader.cpp of the component
ASE File Handler. The manipulation of the argument mIndices
leads to out-of-bounds read. It is possible to initiate the
attack remotely. The exploit has been disclosed to the
public and may be used.
See: https://www.cve.org/CVERecord?id=CVE-2025-3015
- CVE-2025-3016: A vulnerability classified as problematic was found in
Open Asset Import Library Assimp 5.4.3. This vulnerability
affects the function Assimp::MDLImporter::ParseTextureColorData
of the file code/AssetLib/MDL/MDLMaterialLoader.cpp of the
component MDL File Handler. The manipulation of the argument
mWidth/mHeight leads to resource consumption.
The attack can be initiated remotely
See: https://www.cve.org/CVERecord?id=CVE-2025-3016
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Release:
https://github.com/llvm/llvm-project/releases/tag/llvmorg-20.1.5
Major Changes and Fixes:
-- CMake 3.20 minimum required
-- Issue encountered during standalone LLVM build:
CMake Error at CMakeLists.txt:8 (include):
include could not find requested file:
This error is due to the line:
include(${LLVM_COMMON_CMAKE_UTILS}/Modules/CMakePolicy.cmake)
Upstream commit [1] harmonized policy handling by introducing this shared include
for all LLVM sub-projects. However, in the LLVM CMakeLists, LLVM_COMMON_CMAKE_UTILS
is set unconditionally, preventing external override — which is required in
Buildroot when building from separated archives.
To solve this:
We apply a patch to wrap the assignment of LLVM_COMMON_CMAKE_UTILS in an
`if(NOT DEFINED ...)` block, allowing Buildroot to set the path externally.
In the `llvm-cmake` package, we also **adjust the installation path** of the
CMake modules: instead of installing directly into `lib/cmake/llvm`, we now
install them under `lib/cmake/llvm/Modules` to match the expected layout.
This ensures that:
LLVM can include `${LLVM_COMMON_CMAKE_UTILS}/Modules/CMakePolicy.cmake`
without errors.
-- Also the Clang build system has removed support for
the GCC_INSTALL_PREFIX option, raising a fatal error when attempting to use it:
CMake Error at CMakeLists.txt:211 (message):
GCC_INSTALL_PREFIX is deprecated and will be removed.
Use configuration files (https://clang.llvm.org/docs/UsersManual.html#configuration-files)
to specify the default --gcc-install-dir= or --gcc-triple=.
--gcc-toolchain= is discouraged.
See https://github.com/llvm/llvm-project/pull/77537
for details.
Remove the use of GCC_INSTALL_PREFIX and replace it with a
Clang configuration file as recommended by upstream.
A configuration file is now automatically generated at:
$(HOST_DIR)/lib/clang/$(CLANG_VERSION_MAJOR)/$(GNU_TARGET_NAME).cfg
It contains:
--gcc-install-dir=<path to external toolchain's lib/gcc/...>
--target=<GNU target triplet>
We dynamically detect the GCC install path by scanning
$(TOOLCHAIN_EXTERNAL_INSTALL_DIR)/lib/gcc/<target>/<version>/
The Clang toolchain wrapper was also updated to add --config=<file> when
BR_CLANG_CONFIG_FILE is defined.
-- Fix LLVM_MAIN_SRC_DIR path:
set(LLVM_MAIN_SRC_DIR "${CMAKE_CURRENT_SOURCE_DIR}/../llvm" CACHE PATH ...)
This path isn't correct when using standalone archive builds. We explicitly pass
LLVM_MAIN_SRC_DIR=$(BUILD_DIR)/llvm-$(LLVM_PROJECT_VERSION) to fix the path. [2]
-- Add LLVM_ENABLE_RUNTIMES:
Upstream added LLVM_ENABLE_RUNTIMES for runtimes [3]
-- Removed LLVM_INCLUDE_GO_TESTS:
Upstream dropped this option; we remove it too [4]
-- Disable TensorFlow Lite integration:
LLVM_HAVE_TFLITE is added to the CMakelist
We now explicitly disable it to avoid unexpected
TensorFlow Lite dependency.
-- Clang introduced CLANG_ENABLE_LIBXML2 [5]
We now explicitly disable it by setting CLANG_ENABLE_LIBXLM2=OFF
since we set LLVM_ENABLE_LIBXML2 to OFF in LLVM
-- Host-python3, which is now always needed by Clang’s resource bundling
script. [6]
-- Clang explicitly request to disable llvm tests when llvm_gtest is missing.[7]
CMake Error at CMakeLists.txt:126 (message):
llvm-gtest not found. Please install llvm-gtest or disable tests with
-DLLVM_INCLUDE_TESTS=OFF
-- Also update the installation path in COMPILER_RT_SETUP_RUNTIME_LIBS
to use CLANG_VERSION_MAJOR instead of HOST_CLANG_VERSION,
ensuring that the runtime files are placed correctly
in the /lib/clang/<major>/ folder. [8]
-- Add llvm-runtimes dependency
libunwind needs runtimes [9]
-- Fix for libclc out of tree patch
Due to upstream changes in libclc, the old patch no longer
applies. Only the fix related to invoking './prepare_builtins'
directly is still relevant and preserved, as it is required to avoid
a build failure when the binary is not in PATH.
-- Upstream commit [10] removed the use of llvm-config in libclc and
replaced it with proper use of LLVM_CMAKE_DIR. We now pass
-DLLVM_CMAKE_DIR instead of DLLVM_CONFIG
-- Libclc expects to invoke some LLVM tools. We explicitly set
LIBCLC_CUSTOM_LLVM_TOOLS_BINARY_DIR to ensure it finds these tools. [11]
-- Remove LLAsm_COMPILER and CLC_COMPILER [12]
-- LIBUNWIND_INSTALL_HEADERS is On by default [13]
-- Update spirv-llvm-translator to align with LLVM 20.1.5
Release:
https://github.com/KhronosGroup/SPIRV-LLVM-Translator/releases/tag/v20.1.2
[1] https://github.com/llvm/llvm-project/commit/9dd01a5241dc5b46e92485e05bc345221df8938c
[2] https://github.com/llvm/llvm-project/commit/d2b158e29eedf4a29bf8d2142f2ed21a52fc80a7
[3] https://github.com/llvm/llvm-project/commit/176db3b3ab25ff8a9b2405f50ef5a8bd9304a6d5
[4] https://github.com/llvm/llvm-project/commit/6ce87272487711c9f0ff408a037f5ca2e1ff5c5d
[5] https://github.com/llvm/llvm-project/commit/df239a6c17fa51274e38f185e72ac02c2f8fb914
[6] https://github.com/llvm/llvm-project/commit/96962d5512fbc6af0ada0f13e6be332c026529cb
[7] https://github.com/llvm/llvm-project/commit/82169103958583d3320b3a9a1e6542e8d32ef8da
[8] https://github.com/llvm/llvm-project/commit/e1b88c8a09be25b86b13f98755a9bd744b4dbf14
[9] https://github.com/llvm/llvm-project/commit/0af67d167d6c811abf12ad6c27ee34ec1365e5fb
[10] https://github.com/llvm/llvm-project/commit/b264787453fd93e55154b98d18739ecb383d9b4c
[11] https://github.com/llvm/llvm-project/commit/0aeeff3059e79b86f55ed92a4488bdee8fa66e12
[12] https://github.com/llvm/llvm-project/commit/72f9881c3ffcf4be6361c3e4312d91c9c8d94a98
[13] https://github.com/llvm/llvm-project/commit/f8409af354c1398ebf4ece67a315c94ba19714b5
Signed-off-by: El Mehdi YOUNES <elmehdi.younes@smile.fr>
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
[Bernd: rebased, removed gcc-15 patches for llvm 15, bumped to 20.1.5]
used 'git describe' to set the version number for spirv-llvm-translator]
[Mehdi: changed llvm-runtimes version to $(LLVM_PROJECT_VERSION)]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Add a new host package to install the CMake modules provided by the
runtimes archive of LLVM. These modules are required to build components
like libunwind since upstream refactored the common flag-handling logic
into a shared file: `HandleFlags.cmake`.
This package extracts and installs the relevant files to
`$(HOST_DIR)/lib/cmake/llvm`, where other components like libunwind
will look for them.
see https://github.com/llvm/llvm-project/commit/0af67d167d6c811abf12ad6c27ee34ec1365e5fb
Signed-off-by: El Mehdi YOUNES <elmehdi.younes@smile.fr>
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
[Mehdi v3: explicitly set version to 20.1.3 for now, it will
be changed in llvm-project bump commit]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Add a kernel fragment to enable
CONFIG_ARM64_VA_BITS_48 for the AARCH64 QEMU platform in the
clang compiler -rt runtime test.
Without this setting, this sanitize-based test fails with clang-20
due to insufficient virtual adress space.
"This might potentially affect ARM platforms with 39-bit address space." from [1]
[1] https://github.com/llvm/llvm-project/commit/a588cfe37ea36ec4fae35a233a13d3557fba86e9
Signed-off-by: El Mehdi YOUNES <elmehdi.younes@smile.fr>
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Django includes code from a couple of other projects, add their
respective license files and licenses to the django package.
./utils/scanpypi finds most of these. Additionally this was
cross-checked against debian's license list [1], not including some
things that no longer exist or no longer indicate separate licensing
upstream:
* django/contrib/admin/static/admin/fonts/
* django/utils/baseconv.py
* django/utils/ipv6.py
* django/utils/autoreload.py
Also not included are separate licensing for docs, which buildroot
doesn't package:
* docs/_theme/djangodocs/static/reset-fonts-grids.css
* docs/_theme/djangodocs/static/fontawesome/LICENSE.txt
[1] https://metadata.ftp-master.debian.org/changelogs//main/p/python-django/python-django_5.2-1_copyright
Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
[Peter: Indent with single tab]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This reverts commit 0586ee6cba.
The dependency is not needed any more with package/python3 providing
3.13 (since commit d63e207eb8).
Signed-off-by: Fiona Klute (WIWA) <fiona.klute@gmx.de>
[Julien: reword commit log title]
Signed-off-by: Julien Olivain <ju.o@free.fr>
This fixes the following CVE:
- CVE-2025-47287: When Tornado's ``multipart/form-data`` parser encounters
certain errors, it logs a warning but continues trying to
parse the remainder of the data. This allows remote
attackers to generate an extremely high volume of logs,
constituting a DoS attack.
Fixes:
https://www.cve.org/CVERecord?id=CVE-2025-47287
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
[Julien: reword commit log]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Add local patch to avoid build failure on examples folder that we don't
need. That build failure is due to missing bits/pthreadtypes.h on musl and
since we don't need examples at all let's disable its building by passing
-Dexamples=false.
For release note, see:
https://github.com/linux-nvme/libnvme/releases/tag/v1.14
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
[Julien: add the "Upstream:" link in patch]
Signed-off-by: Julien Olivain <ju.o@free.fr>
This fixes a memory leaks that affects both binutils 2.43 and 2.44,
see https://www.cve.org/CVERecord?id=CVE-2025-3198
Fixes the following CVE:
- CVE-2025-3198: A vulnerability has been found in GNU Binutils 2.43/2.44
and classified as problematic. Affected by this
vulnerability is the function display_info of the file
binutils/bucomm.c of the component objdump.
The manipulation leads to memory leak.
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This configuration builds an image for the Compute Module 5 IO Board.
Note: Unlike the Raspberry Pi 5 and its dedicated debug uart connector,
the kernel console on Compute Module 5 IO Board is back to UART0
(ttyAMA0) on PIN8 (GPIO14, TX, yellow) and PIN10 (GPIO15, RX, orange) on
the 40-pin header, as the former version of the Raspberry Pi.
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Updating the hash of the WHENCE file, due to firmware additions and
firmware changes, but no changes to the redistribution/licensing
conditions.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Changelog:
https://www.alsa-project.org/wiki/Changes_v1.2.13_v1.2.14#alsa-lib
Removed patch 0002 which is included in upstream release.
Remove Kconfig options for alisp which was removed upstream.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
[Julien:
- move the legacy option to a new 2025.08 section
- add alsa-lib version in Congig.in.legacy comment
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
For a long while now, we only support building GCC >= 8.x, so the
dependency of BR2_GCC_ENABLE_GRAPHITE on GCC >= 5.x is useless, drop
it, together with the corresponding Config.in comment.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The libcilkrts library was removed from gcc 8.x, and gcc 8.x is the
oldest version we allow building (to still support PowerPC SPE). So it
means the BR2_GCC_SUPPORTS_LIBCILKRTS is basically dead code because:
default y if !BR2_TOOLCHAIN_GCC_AT_LEAST_8
Will never evaluate to 'y' in current Buildroot.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The hash for the GCC 10.4.0 tarball should have been removed a long
time ago, when support for GCC 10.x has been removed.
Fixes: d37a8f3a2e ("package/gcc: remove gcc 10.x")
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Now that we have added support for GCC 15.x, made GCC 14.x the
default, let's drop support for GCC 12.x.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Now that GCC 15.x support has been added, follow our usual strategy of
making GCC 14.x the default GCC version.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Changelog:
https://gcc.gnu.org/gcc-15/changes.html
NIOS II support has been removed, and we removed it from Buildroot
some time ago.
AArch64 ILP32 support has been deprecated, but we never supported it
in Buildroot.
In the stack of patches, just keep patch 0001.
Indeed, from 14.2.0:
- 0002-libsanitizer-also-undef-_TIME_BITS-in-sanitizer_proc.patch is
upstream as of commit fa321004f3f6288d3ee2eefa6b02177131882dca
- 0003-libquadmath-Fix-up-libquadmath-math-sqrtq.c-compilat.patch is
upstream as of commit 3ac02e67503ccffa3dfeeffc0a60fce6bdaca43b
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
In order to add gcc 15 support in follow-up commits, introduce
BR2_TOOLCHAIN_GCC_AT_LEAST_15 symbol.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Add a new initscript to save the date and time to the hardware clock
on shutdown.
Signed-off-by: Michael Walle <michael@walle.cc>
[Arnout:
- package as hwclock-initscript instead of buildroot-initscripts;
- mention in help text that it isn't needed at boot;
- rewrite initscript according to our usual pattern;
- fix shellcheck errors.
]
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
Back when the imx-gpu-viv package was enabled on AArch64 in commit
84afda9ca6, the fb output option was not
enabled.
However, according to meta-freescale [0] the framebuffer output can be
enabled on IMX8 by using the wayland libraries together with egl.pc.
[0] https://git.yoctoproject.org/meta-freescale/tree/recipes-graphics/imx-gpu-viv/imx-gpu-viv-6.inc
This commit does enable fb output on AArch64, which requires a few
precautions as the imx-gpu-viv logic is a bit convoluted:
- FB on ARM is supported using "pure" framebuffer libraries. However,
a specific egl.pc is needed: egl_linuxfb.pc. The supporting
libraries are found in the fb/ subdirectory in imx-gpu-viv "code".
- FB on AArch64 is supported using libraries that are linked with
wayland and libdrm, even though wayland/libdrm is obviously not used
for framebuffer output. pkg-config wise, this configuration can use
the default egl.pc. The supporting libraries are found in the
wayland/ subdirectory in imx-gpu-viv "code", as oddly as it seems.
- Wayland on ARM on AArch64 is supported using libraries that are
obviously linked against wayland and libdrm. pkg-config wise, egl.pc
needs to be symlinked to egl_wayland.pc.
This patch solves this situation by introducing a hidden boolean
option BR2_PACKAGE_IMX_GPU_VIV_USES_WAYLAND that indicates whether
wayland/libdrm is used by the currently selected output. This is of
course true when BR2_PACKAGE_IMX_GPU_VIV_OUTPUT_WL, but also when
BR2_PACKAGE_IMX_GPU_VIV_OUTPUT_FB on AArch64.
Signed-off-by: Daniel Lang <d.lang@abatec.at>
[Thomas: quite significant rework compared to the submission from
Daniel Lang, so we didn't keep the Reviewed-by from Gary Bisson]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In preparation for some rework of the package, let's rename the
IMX_GPU_VIV_LIB_TARGET variable to IMX_GPU_VIV_OUTPUT to make it match
the BR2_PACKAGE_IMX_GPU_VIV_OUTPUT config option it corresponds to.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issues:
CVE-2025-24223
Versions affected: WebKitGTK and WPE WebKit before 2.48.2.
Credit to rheza (@ginggilBesel) and an anonymous researcher.
Impact: Processing maliciously crafted web content may lead to
memory corruption. Description: The issue was addressed with
improved memory handling.
WebKit Bugzilla: 287577
CVE-2025-31204
Versions affected: WebKitGTK and WPE WebKit before 2.48.2.
Credit to Nan Wang (@eternalsakura13).
Impact: Processing maliciously crafted web content may lead to
memory corruption. Description: The issue was addressed with
improved memory handling.
WebKit Bugzilla: 291506
CVE-2025-31205
Versions affected: WebKitGTK and WPE WebKit before 2.48.2.
Credit to Ivan Fratric of Google Project Zero.
Impact: A malicious website may exfiltrate data cross-origin.
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 290992
CVE-2025-31206
Versions affected: WebKitGTK and WPE WebKit before 2.48.2.
Credit to an anonymous researcher.
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash. Description: A type confusion issue was
addressed with improved state handling.
WebKit Bugzilla: 290834
CVE-2025-31215
Versions affected: WebKitGTK and WPE WebKit before 2.48.2.
Credit to Jiming Wang and Jikai Ren.
Impact: Processing maliciously crafted web content may lead to an
unexpected process crash. Description: The issue was addressed with
improved checks.
WebKit Bugzilla: 288814
CVE-2025-31257
Versions affected: WebKitGTK and WPE WebKit before 2.48.2.
Credit to Juergen Schmied of Lynck GmbH.
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash. Description: This issue was addressed with
improved memory handling.
WebKit Bugzilla: 290985
https://webkitgtk.org/security/WSA-2025-0004.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The current version was more than 3 years old and had known CVEs (see
CVE-2023-36328). Since this is a host only package, we don't consider
this as a security bump.
This upgrade allows the removal of the two patches currently applied:
- The commit 1b57b62, which fixes the build with autoconf 2.72, is
already included upstream.
- We no longer need to use the JSON-PP module, as it is now
optional (commit 13d3bcf).
Also, since the latest version of Heimdal no longer depends on
e2fsprogs, the host-e2fsprogs dependency has been removed.
Signed-off-by: Guillaume Chaye <guillaume.chaye@zeetim.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since the bump of Samba to version 4.21.4 in commit
716461af94, <crypt.h> is needed, due to
upstream comit 0dccda38f27b3bbda5d2a4de588a333ff554651a. Since
<crypt.h> is no longer provided by glibc, a dependency on libxcrypt is
needed, to avoid the following build failure:
../../lib/util/util_crypt.c:5:10: fatal error: crypt.h: No such file or directory
5 | #include <crypt.h>
| ^~~~~~~~~
compilation terminated.
This has not been detected by the autobuilders, presumably because a
lot of glibc configurations end up having libxcrypt selected by other
packages, but the issue is reproducible by building:
BR2_arm=y
BR2_cortex_a9=y
BR2_ARM_ENABLE_VFP=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_PACKAGE_SAMBA4=y
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
HEIMDAL_INSTALL_STAGING = YES makes no sense since the package was
introduced in 56258f491b ("heimdal: new
package") since it's a host only package.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[Arnout: give a bit more explanation, simplify the example]
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
casync-nano is an implementation of a subset of the features of casync,
optimized for performing OTA updates on embedded systems.
Signed-off-by: Florian Larysch <fl@n621.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The python-pyproj package was introduced in
7c65b4484e, and it selects
BR2_PACKAGE_PROJ, but forgot to propagate its dependencies, so let's
do that.
Fixes:
WARNING: unmet direct dependencies detected for BR2_PACKAGE_PROJ
Depends on [n]: BR2_INSTALL_LIBSTDCPP [=n] && BR2_TOOLCHAIN_GCC_AT_LEAST_4_7 [=y] && BR2_TOOLCHAIN_HAS_THREADS_NPTL [=y] && BR2_USE_WCHAR [=y]
Selected by [y]:
- BR2_PACKAGE_PYTHON_PYPROJ [=y] && BR2_PACKAGE_PYTHON3 [=y]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Releases have been made to several skarnet.org packages[1]. The biggest
change is that static libraries are installed to /usr/lib by default.
https://skarnet.org/lists/skaware/2098.html
Some COPYRIGHT hashes changed because the copyright years were updated.
Signed-off-by: J. Neuschäfer <j.neuschaefer@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The prefix already defaults to /, so --prefix=/ is unnecessary. An
alternative course of action would be to start setting --prefix=/usr.
Signed-off-by: J. Neuschäfer <j.neuschaefer@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issue:
CVE-2025-22247: open-vm-tools contains an insecure file handling
vulnerability.
https://github.com/vmware/open-vm-tools/tree/CVE-2025-22247.patch
The upstream patch needs to be applied with -p2, so drop the open-vm-tools
prefix (sed -i 's|open-vm-tools/||g') and include it here.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
We currently check for unsafe paths right between adding our arguments,
and adding the one passed from the command line. This not very
consistent.
Unsafe paths can only come from the command line, as we are not adding
any of our own (hopefully, we know better!), so we can run the check as
early as possible.
Move the check very early, but not before we handle --help.
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Giulio Benetti <giulio.benetti@benettiengineering.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
With the recent addition in pkg-stats to detect stale ignore CVE
entries, the CVE-2021-42260 ignore CVE entry is reported as
stale. This is because TINYXML_VERSION is 2.6.2_2, and the CVE is
annotated as affecting versions up to and including 2.6.2.
But in fact, 2.6.2_2 is a special version from the Kodi community, but
it's close to the 2.6.2 release, and CVE-2021-42260 is not fixed in
it. To get meaningful results, let's tell our CVE checking logic that
the tinyxml version is 2.6.2 by setting TINYXML_CPE_ID_VERSION (we're
splitting on the _ and keeping the part before).
Because we're now setting TINYXML_CPE_ID_VERSION, we must drop
TINYXML_CPE_ID_VALID to avoid a check-package warning.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Due to the "From:" in the commit log itself, this patch was not
applicable using git am:
$ git am 0001-Make-SoX-support-uclibc-based-toolchains.patch
Applying: Make SoX support uclibc-based toolchains
fatal: empty ident name (for <>) not allowed
Thanks to Arnout who found the issue.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Commit b6871f9d93 ("package/sox:
security bump to latest git commit") forgot to annotate the ignore CVE
entries, so let's do this.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
All ignore CVE entries of the sox package are considered stale because
SOX_VERSION is a Git commit and therefore the version matching logic
doesn't do the right thing.
This commit sets SOX_CPE_ID_VERSION to 14.4.2, which is the closest
upstream version on which we are based: our Git commit is 14.4.2 plus
a number of commits that fix a large number of CVEs.
Thanks to this change, the ignore CVE entries are no longer stale.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The ignore CVE entry was added because the vulnerability only affects
Windows. But it also only affected ripgrep versions < 13, and we're
using ripgrep 14.x now, so the CVE is anyway no longer relevant, and
the ignore CVE entry can be dropped.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The qt5base was reported to have 2 stale ignore CVE entries, one not
stale. Turns out that because the version is a Git commit hash, the
version comparaison did not make a lot of sense.
This commit adds QT5BASE_CPE_ID_VERSION, assigned to the closest
upstream version that we package (the Git repo we fetch is 5.15.14
plus a number of fixes). With this done, all 3 ignore CVE entries are
stale because the vulnerabilities have been fixed prior to 5.15.14.
In addition, setting QT5BASE_CPE_ID_VERSION allows to reduce the
number of CVEs affecting qt5base from 20 to 8.
Cc: Roy Kollen Svendsen <roykollensvendsen@gmail.com>
Cc: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Cc: Christian Hitz <christian.hitz@bbv.ch>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The 0001-snmp_agent-disallow-SET-with-NULL-varbind.patch patch has
been dropped as part of the bump from 5.9.3 to 5.9.4 in commit
1799cfebfd, which means 5.9.4 has the
security fix, and therefore the ignore CVE entry is no longer needed.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
CVE-2023-3603 has never affected any release, but NVD decided to
document it as affecting all versions up to 0.8.9. While this is
incorrect, we don't really care much, as we're now using 0.11 which
according to NVD is not affected, making our ignore CVE entry stale.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
We no longer have the patch fixing CVE-2022-3559 because we've updated
to a version of exim that includes it. However, the ignore CVE entry
is not stale because the NVD database is incorrect on this CVE. We
reported the issue to upstream NVD at:
https://lore.kernel.org/buildroot/20250517183423.07951665@windsurf/
Let's document this above the ignore CVE entry.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The CVE-2022-3620 entry is not reported as affecting our exim package
by pkg-stats. Currently it's because the NVD entry is
incorrect (incorrect exim version), but we sent a bug report [1] to
the NVD database so that it gets updated. Once updated, pkg-stats
still won't report the CVE as affecting us because the issue has been
fixed in exim 4.97, and we're using a newer version.
[1] https://lore.kernel.org/buildroot/20250517183000.40b28b4d@windsurf/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The new pkg-stats feature of stale ignore CVE entry detection reports
CVE-2022-30550 as stale, but it's not correct: the NVD database is
incorrect, and this has been reported in
https://lore.kernel.org/buildroot/20250517181815.02ce0393@windsurf/.
Let's annotate this information in dovecot.mk so that we don't wonder
why it's reported stale.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The 0001-set-default-maximum-dns-udp-package-size.patch is no longer
in Buildroot since the bump to 2.90 in commit
213cfb3435, which renders the
CVE-2023-28450 ignore CVE entry no longer needed.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
All of CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366
were fixed by patches that we no longer have since we bumped
Busybox. Those IGNORE_CVES entries are therefore no longer needed.
The CVE-2022-28391 ignore CVE entry is also reported as stale, but we
believe the NVD database is incorrect in saying this vulnerability
only affects Busybox up to 1.35.0. Indeed, Busybox 1.37.0 still
doesn't have the fixes and is therefore still affected.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
CVE-2020-15705 is only applicable to grub versions up to 2.04, and
we're using a more recent version, so it is no longer needed to ignore
it.
CVE-2021-46705 is only applicable to grub versions up to 2.06, and
we're using a more recent version, so it is no longer needed to ignore
it.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The configure flag -feature-webengine-system-jpeg[1] checks if a jpeg
library is in the sysroot.
It compiles a test file linked against the symbols jpeg_crop_scanline()
and jpeg_skip_scanlines()[2] that are specific to jpep-turbo.
As a consequence, the configure scripts fails if the libjpeg is selected
as the jpeg variant as the symbols mentionend above are not part of the
jpeg library installed in the sysroots.
ERROR: Feature 'webengine-system-jpeg' was enabled, but the pre-condition 'config.unix && features.system-jpeg && libs.webengine-jpeglib' failed.
Additionally, see the log below, extracted from config.log:
> /home/gportay/src/buildroot/output/host/bin/arm-buildroot-linux-gnueabihf-g++ -c -pipe -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -g0 -D_FORTIFY_SOURCE=1 -mtune=arm1176jzf-s -march=armv6 --sysroot=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot -w -fPIC -I. -I/home/gportay/src/buildroot/output/host/mkspecs/devices/linux-buildroot-g++ -o main.o main.cpp
> main.cpp: In function ‘int main(int, char**)’:
> main.cpp:12:5: error: ‘jpeg_crop_scanline’ was not declared in this scope; did you mean ‘jpeg_write_scanlines’?
> 12 | jpeg_crop_scanline(nullptr, &dummy, &dummy);
> | ^~~~~~~~~~~~~~~~~~
> | jpeg_write_scanlines
> main.cpp:13:5: error: ‘jpeg_skip_scanlines’ was not declared in this scope; did you mean ‘jpeg_write_scanlines’?
> 13 | jpeg_skip_scanlines(nullptr, dummy);
> | ^~~~~~~~~~~~~~~~~~~
> | jpeg_write_scanlines
> make[1]: *** [Makefile:334: main.o] Error 1
> make[1]: Leaving directory '/home/gportay/src/buildroot/output/build/qt5webengine-5.15.14/config.tests/webengine-jpeglib'
We could build some complicated logic to make sure what qt5webengine is
only used with jpeg-turbo. However, Chromium bundles jpeg-turbo[3][4]
and uses it if not using the system jpeg library or qt-jpeg[5]. It is
simpler to just always use that version instead of the system jpeg
library.
This sets the configure option -nofeature-webengine-system-jpeg and
removes jpeg from the dependencies.
Note that host-libjpeg and qt-jpeg (and therefore, system libjpeg or
jpeg-turbo) are still needed for the Qt integration layer, even if
chromium uses the bundled jpeg-turbo.
[1]: https://github.com/qt/qtwebengine/blob/v5.15.14-lts/src/buildtools/configure.json#L609-L613
[2]: https://github.com/qt/qtwebengine/blob/v5.15.14-lts/src/buildtools/configure.json#L95-L116
[3]: https://github.com/qt/qtwebengine-chromium/tree/18c9261dc5b8aa57a0bdd5b62ce6f648cca1ef5e/chromium/third_party/libjpeg_turbo
[4]: https://github.com/qt/qtwebengine-chromium/blob/18c9261dc5b8aa57a0bdd5b62ce6f648cca1ef5e/chromium/third_party/libjpeg.gni
[5]: https://github.com/qt/qtwebengine/blob/v5.15.14-lts/src/buildtools/configure.json#L614-618
Fixes:
looking for library webengine-jpeglib
Trying source 0 (type pkgConfig) of library webengine-jpeglib ...
+ PKG_CONFIG_SYSROOT_DIR=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot PKG_CONFIG_LIBDIR=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/pkgconfig:/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/share/pkgconfig:/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/arm-buildroot-linux-gnueabihf/pkgconfig /home/gportay/src/buildroot/output/host/bin/pkg-config --exists --silence-errors libjpeg
+ PKG_CONFIG_SYSROOT_DIR=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot PKG_CONFIG_LIBDIR=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/pkgconfig:/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/share/pkgconfig:/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/arm-buildroot-linux-gnueabihf/pkgconfig /home/gportay/src/buildroot/output/host/bin/pkg-config --modversion libjpeg
> 9.6.0
+ PKG_CONFIG_SYSROOT_DIR=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot PKG_CONFIG_LIBDIR=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/pkgconfig:/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/share/pkgconfig:/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/arm-buildroot-linux-gnueabihf/pkgconfig /home/gportay/src/buildroot/output/host/bin/pkg-config --libs-only-L libjpeg
> -L/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib
+ PKG_CONFIG_SYSROOT_DIR=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot PKG_CONFIG_LIBDIR=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/pkgconfig:/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/share/pkgconfig:/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/arm-buildroot-linux-gnueabihf/pkgconfig /home/gportay/src/buildroot/output/host/bin/pkg-config --libs-only-l libjpeg
> -ljpeg
+ PKG_CONFIG_SYSROOT_DIR=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot PKG_CONFIG_LIBDIR=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/pkgconfig:/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/share/pkgconfig:/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/arm-buildroot-linux-gnueabihf/pkgconfig /home/gportay/src/buildroot/output/host/bin/pkg-config --cflags libjpeg
> -I/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/include
+ cd /home/gportay/src/buildroot/output/build/qt5webengine-5.15.14/config.tests/webengine-jpeglib && PKG_CONFIG_SYSROOT_DIR=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot PKG_CONFIG_LIBDIR=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/pkgconfig:/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/share/pkgconfig:/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/arm-buildroot-linux-gnueabihf/pkgconfig /home/gportay/src/buildroot/output/host/bin/qmake "CONFIG -= qt debug_and_release app_bundle lib_bundle" "CONFIG += shared warn_off console single_arch" -early "CONFIG += cross_compile" 'QMAKE_USE += webengine-jpeglib' 'QMAKE_LIBS_WEBENGINE_JPEGLIB = -L/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib -ljpeg' /home/gportay/src/buildroot/output/build/qt5webengine-5.15.14/config.tests/webengine-jpeglib
+ cd /home/gportay/src/buildroot/output/build/qt5webengine-5.15.14/config.tests/webengine-jpeglib && MAKEFLAGS= make
> make[1]: Entering directory '/home/gportay/src/buildroot/output/build/qt5webengine-5.15.14/config.tests/webengine-jpeglib'
> /home/gportay/src/buildroot/output/host/bin/arm-buildroot-linux-gnueabihf-g++ -c -pipe -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -g0 -D_FORTIFY_SOURCE=1 -mtune=arm1176jzf-s -march=armv6 --sysroot=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot -w -fPIC -I. -I/home/gportay/src/buildroot/output/host/mkspecs/devices/linux-buildroot-g++ -o main.o main.cpp
> main.cpp: In function ‘int main(int, char**)’:
> main.cpp:12:5: error: ‘jpeg_crop_scanline’ was not declared in this scope; did you mean ‘jpeg_write_scanlines’?
> 12 | jpeg_crop_scanline(nullptr, &dummy, &dummy);
> | ^~~~~~~~~~~~~~~~~~
> | jpeg_write_scanlines
> main.cpp:13:5: error: ‘jpeg_skip_scanlines’ was not declared in this scope; did you mean ‘jpeg_write_scanlines’?
> 13 | jpeg_skip_scanlines(nullptr, dummy);
> | ^~~~~~~~~~~~~~~~~~~
> | jpeg_write_scanlines
> make[1]: *** [Makefile:334: main.o] Error 1
> make[1]: Leaving directory '/home/gportay/src/buildroot/output/build/qt5webengine-5.15.14/config.tests/webengine-jpeglib'
=> source failed verification.
Trying source 1 (type inline) of library webengine-jpeglib ...
+ cd /home/gportay/src/buildroot/output/build/qt5webengine-5.15.14/config.tests/webengine-jpeglib && PKG_CONFIG_SYSROOT_DIR=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot PKG_CONFIG_LIBDIR=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/pkgconfig:/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/share/pkgconfig:/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/arm-buildroot-linux-gnueabihf/pkgconfig /home/gportay/src/buildroot/output/host/bin/qmake "CONFIG -= qt debug_and_release app_bundle lib_bundle" "CONFIG += shared warn_off console single_arch" -early "CONFIG += cross_compile" 'QMAKE_USE += webengine-jpeglib' 'QMAKE_LIBS_WEBENGINE_JPEGLIB = -ljpeg' /home/gportay/src/buildroot/output/build/qt5webengine-5.15.14/config.tests/webengine-jpeglib
+ cd /home/gportay/src/buildroot/output/build/qt5webengine-5.15.14/config.tests/webengine-jpeglib && MAKEFLAGS= make clean && MAKEFLAGS= make
> make[1]: Entering directory '/home/gportay/src/buildroot/output/build/qt5webengine-5.15.14/config.tests/webengine-jpeglib'
> rm -f main.o
> rm -f *~ core *.core
> make[1]: Leaving directory '/home/gportay/src/buildroot/output/build/qt5webengine-5.15.14/config.tests/webengine-jpeglib'
> make[1]: Entering directory '/home/gportay/src/buildroot/output/build/qt5webengine-5.15.14/config.tests/webengine-jpeglib'
> /home/gportay/src/buildroot/output/host/bin/arm-buildroot-linux-gnueabihf-g++ -c -pipe -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -g0 -D_FORTIFY_SOURCE=1 -mtune=arm1176jzf-s -march=armv6 --sysroot=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot -w -fPIC -I. -I/home/gportay/src/buildroot/output/host/mkspecs/devices/linux-buildroot-g++ -o main.o main.cpp
> main.cpp: In function ‘int main(int, char**)’:
> main.cpp:12:5: error: ‘jpeg_crop_scanline’ was not declared in this scope; did you mean ‘jpeg_write_scanlines’?
> 12 | jpeg_crop_scanline(nullptr, &dummy, &dummy);
> | ^~~~~~~~~~~~~~~~~~
> | jpeg_write_scanlines
> main.cpp:13:5: error: ‘jpeg_skip_scanlines’ was not declared in this scope; did you mean ‘jpeg_write_scanlines’?
> 13 | jpeg_skip_scanlines(nullptr, dummy);
> | ^~~~~~~~~~~~~~~~~~~
> | jpeg_write_scanlines
> make[1]: *** [Makefile:334: main.o] Error 1
> make[1]: Leaving directory '/home/gportay/src/buildroot/output/build/qt5webengine-5.15.14/config.tests/webengine-jpeglib'
=> source failed verification.
test config.qtwebengine_buildtools.libraries.webengine-jpeglib FAILED
Signed-off-by: Gaël PORTAY <gael.portay@rtone.fr>
[Arnout: always use the bundled jpeg-turbo]
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
For portability reason, it isn't preferable to include an absolute path
in the link to fw_printenv which is in the same directory as fw_setenv.
Fixes: 42646265d5 ("package/uboot-tools: add fw_printenv to host uboot tools")
Signed-off-by: Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
GCC 15 defaults to -std=gnu23, which handles function declarations without
parameters differently from earlier C standards leading to compilation
errors:
dhry_1.c: In function ‘main’:
dhry_1.c:176:19: error: too many arguments to function ‘Func_2’; expected 0, have 2
176 | Bool_Glob = ! Func_2 (Str_1_Loc, Str_2_Loc);
https://gcc.gnu.org/gcc-15/porting_to.html#c23-fn-decls-without-parameters
As a workaround, force the build to use -std=gnu99 mode.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Fixes:
https://autobuild.buildroot.net/results/924b1015d4b81385409ef00f1a14be3ca1959c8e/
As part of building flex for the target a few files are built for the host,
including a rpl_malloc() implementation containing a malloc() forward
declaration without any function parameters.
GCC 15 defaults to -std=gnu23, which handles function declarations without
parameters differently from earlier C standards leading to compilation
errors:
../lib/malloc.c:6:12: warning: conflicting types for built-in function 'malloc'; expected 'void *(long unsigned int)' [-Wbuiltin-declaration-mismatch]
6 | void *malloc ();
| ^~~~~~
../lib/malloc.c:5:1: note: 'malloc' is declared in header '<stdlib.h>'
4 | #include <sys/types.h>
+++ |+#include <stdlib.h>
5 |
../lib/malloc.c: In function 'rpl_malloc':
../lib/malloc.c:16:15: error: too many arguments to function 'malloc'; expected 0, have 1
https://gcc.gnu.org/gcc-15/porting_to.html#c23-fn-decls-without-parameters
Add a patch submitted upstream to correct the prototype.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
It allows to download files from smb share in buildroot packages.
Usage is specified in manual.
Signed-off-by: Guillaume Chaye <guillaume.chaye@zeetim.com>
[Peter: reword documentation]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The NVD database contains some CPEs that are wrongly not associated
with any version number. They are for example sometimes associated
with very old CVEs.
Those CPEs are annoying, because they pollute our pkg-stat CVE results
with CVE entries which actually don't affect us.
The proper way to solve it is, and should remain, to fix the NVD
database by reporting these issues. Having to deal with a lot of
CVEs/CPEs, the NVD database is however slow to be updated.
To reduce the noise in our pkg-stats results in the meantime, one
possibility is to add <PKG_IGNORE_CVES> entries for those CVEs. This
however comes with the downside that even once the NVD database gets
fixed, those ignored entries risk remaining in Buildroot forever
because they are undetected.
This commit tries to address this downside by checking for and
reporting CVEs that are ignored in Buildroot, but where the
NVD reports our package version as unaffected. Those CVEs will appear
in the 'CVEs Ignored' column as '(stale)', and the cell will be
colored the same way warnings are. This should allow us to detect and
remove those entries.
It can be tested for example by adding the following variable to the
apache package (for a CVE that was recently fixed in the NVD database):
APACHE_IGNORE_CVES = CVE-1999-0236
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Backport a patch fixing mbedtls 3 compatibility.
This broke in buildroot when mbedtls was bumped to 3.6.3.1 in
3481a9643f.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When building the bluez5_utils package with HoG plugin without enabling
the HID plugin the following linker error would occur:
```
/workdir/instance-0/output-1/per-package/bluez5_utils/host/bin/../lib/gcc/x86_64-buildroot-linux-uclibc/13.3.0/../../../../x86_64-buildroot-linux-uclibc/bin/ld: profiles/input/bluetoothd-hog.o: in function `hog_disconnect':
hog.c:(.text.hog_disconnect+0x12): undefined reference to `input_get_userspace_hid'
collect2: error: ld returned 1 exit status
```
This patch adds two upstream commits that decouple both the HID
and the HoG plugin.
As a consequence of this patch the HID plugin can be compiled without
the HoG one as well but to keep the compatibility the same in buildroot
the selection of the HoG plugin is kept when selecting the HID plugin.
The error can be reproduced with the following defconfig
```
BR2_arm=y
BR2_cortex_a7=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_PACKAGE_BLUEZ5_UTILS=y
BR2_PACKAGE_BLUEZ5_UTILS_PLUGINS_HOG=y
```
Fixes: https://autobuild.buildroot.org/results/78e/78ed7664f3a2dd5858fd71bd63836c822c106cc0
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The package opus is selected but it is not listed in the dependencies.
This adds opus to QT5WEBENGINE_DEPENDENCIES.
Fixes:
$ make qt5webengine
(...)
ERROR: Feature 'webengine-system-opus' was enabled, but the pre-condition 'config.unix && libs.webengine-opus' failed.
Signed-off-by: Gaël PORTAY <gael.portay@rtone.fr>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
TL;DR; This turns the configure flag -no-feature-webengine-noexecstack
to -feature-webengine-noexecstack to workaround a link issue on ARM
32-bit if chromium requests for an executable stack.
And now, the long story...
The configure flag -no-feature-webengine-noexecstack was introduced with
commit 675cbaf9aa (package/qt5/qt5webengine: bump to version 5.15.8).
That configure flag controls the feature webengine-noexecstack[1][2];
the -no-feature-webengine-noexecstack causes qmake to **NOT** append the
linker flags -Wl,-z,noexecstack[3] to QMAKE_LFLAGS.
It results in the linkage issue below on ARM 32-bit at the creation of
its Qt module, i.e. after qmake has built the chromium third party via
gn:
ulimit -n 4096 && /home/gportay/src/buildroot/output/host/bin/arm-buildroot-linux-gnueabihf-g++ --sysroot=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot @/home/gportay/src/buildroot/output/build/qt5webengine-5.15.14/src/core/release/QtWebEngineCore_o.rsp -Wl,--start-group @/home/gportay/src/buildroot/output/build/qt5webengine-5.15.14/src/core/release/QtWebEngineCore_a.rsp -Wl,--end-group -Wl,--fatal-warnings -Wl,--build-id=sha1 -fPIC -Wl,-z,relro -Wl,-z,now -Wl,-z,defs -Wl,-O2 -Wl,--gc-sections --sysroot=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot --sysroot=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot -Wl,-O1 -Wl,--enable-new-dtags -Wl,-whole-archive -lqtwebenginecoreapi -Wl,-no-whole-archive -Wl,--no-undefined -Wl,--version-script,QtWebEngineCore.version -Wl,-O1 -Wl,--enable-new-dtags -shared -Wl,-soname,libQt5WebEngineCore.so.5 -o libQt5WebEngineCore.so.5.15.14 -latomic /home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/libQt5Quick.so /home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/libQt5Gui.so /home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/libQt5QmlModels.so /home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/libQt5WebChannel.so /home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/libQt5Qml.so /home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/libQt5Network.so /home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/libQt5Core.so -lpthread -L/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib -latomic -lGLESv2 -lpthread -ldl -lrt -lnss3 -lnssutil3 -lsmime3 -lplds4 -lplc4 -lnspr4 -levent -lresolv -ljpeg -lopus -lm -lz -lvpx -lpng16 -lwebp -lwebpmux -lwebpdemux -lfreetype -lexpat -lfontconfig -lharfbuzz-subset -lharfbuzz -lsnappy -lxml2 -lxslt -ldbus-1 -L/home/gportay/src/buildroot/output/build/qt5webengine-5.15.14/src/core/api/release -lGLESv2 -lrt -lpthread -ldl
/home/gportay/src/buildroot/output/host/lib/gcc/arm-buildroot-linux-gnueabihf/13.3.0/../../../../arm-buildroot-linux-gnueabihf/bin/ld: warning: /home/gportay/src/buildroot/output/build/qt5webengine-5.15.14/src/core/release/obj/third_party/blink/renderer/platform/heap/asm/asm/SaveRegisters_arm.o: missing .note.GNU-stack section implies executable stack
/home/gportay/src/buildroot/output/host/lib/gcc/arm-buildroot-linux-gnueabihf/13.3.0/../../../../arm-buildroot-linux-gnueabihf/bin/ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
collect2: error: ld returned 1 exit status
The link succeeds if the missing linker flags are appended manually to
the command-line:
ulimit -n 4096 && /home/gportay/src/buildroot/output/host/bin/arm-buildroot-linux-gnueabihf-g++ --sysroot=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot @/home/gportay/src/buildroot/output/build/qt5webengine-5.15.14/src/core/release/QtWebEngineCore_o.rsp -Wl,--start-group @/home/gportay/src/buildroot/output/build/qt5webengine-5.15.14/src/core/release/QtWebEngineCore_a.rsp -Wl,--end-group -Wl,--fatal-warnings -Wl,--build-id=sha1 -fPIC -Wl,-z,relro -Wl,-z,now -Wl,-z,defs -Wl,-O2 -Wl,--gc-sections --sysroot=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot --sysroot=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot -Wl,-O1 -Wl,--enable-new-dtags -Wl,-whole-archive -lqtwebenginecoreapi -Wl,-no-whole-archive -Wl,--no-undefined -Wl,--version-script,QtWebEngineCore.version -Wl,-O1 -Wl,--enable-new-dtags -shared -Wl,-soname,libQt5WebEngineCore.so.5 -o libQt5WebEngineCore.so.5.15.14 -latomic /home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/libQt5Quick.so /home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/libQt5Gui.so /home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/libQt5QmlModels.so /home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/libQt5WebChannel.so /home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/libQt5Qml.so /home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/libQt5Network.so /home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/libQt5Core.so -lpthread -L/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib -latomic -lGLESv2 -lpthread -ldl -lrt -lnss3 -lnssutil3 -lsmime3 -lplds4 -lplc4 -lnspr4 -levent -lresolv -ljpeg -lopus -lvpx -lm -lpng16 -lwebp -lwebpmux -lwebpdemux -lfreetype -lexpat -lfontconfig -lharfbuzz-subset -lharfbuzz -lsnappy -lxml2 -lxslt -ldbus-1 -L/home/gportay/src/buildroot/output/build/qt5webengine-5.15.14/src/core/api/release -lGLESv2 -lrt -lpthread -ldl -Wl,-z,noexecstack && echo completed
completed
Note: The configure flag is not forwarded to chromium in any manner; its
scope is limited to the Qt WebEngine module. That configure flag appears
to be a workaround if the does not assemble, compile and link the Elf
object correctly[4][5].
The linker flag -z noexecstack is responsible for marking the object as
not requiring an executable stack by adding the section .note.GNU-stack
in the Elf object.
The file SaveRegisters_arm.S is assembled from the command-line below;
there is no noexecstack flag set:
/home/gportay/src/buildroot/output/host/bin/arm-buildroot-linux-gnueabihf-gcc -MMD -MF obj/third_party/blink/renderer/platform/heap/asm/asm/SaveRegisters_arm.o.d -DARM=1 -DUSE_UDEV -DUSE_AURA=1 -DUSE_NSS_CERTS=1 -DUSE_OZONE=1 -DOFFICIAL_BUILD -DTOOLKIT_QT -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -DNO_UNWIND_TABLES -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS -DCR_SYSROOT_HASH=c2e54f675b83a61301dcdb22e8e7a2b85c01d58c -DNDEBUG -DNVALGRIND -DDYNAMIC_ANNOTATIONS_ENABLED=0 -Igen -I../../3rdparty/chromium -fPIC -fno-strict-aliasing --param=ssp-buffer-size=4 -fstack-protector -fno-unwind-tables -fno-asynchronous-unwind-tables -fPIC -pipe -pthread -std=gnu11 -march=armv7-a -mfloat-abi=hard -mtune=generic-armv7-a -mfpu=vfpv3-d16 -marm -g0 --sysroot=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot -c ../../3rdparty/chromium/third_party/blink/renderer/platform/heap/asm/SaveRegisters_arm.S -o obj/third_party/blink/renderer/platform/heap/asm/asm/SaveRegisters_arm.o
The GNU assembler supports the assembler flag -Wa,--{,no}execstack to
require, or not, an executable stack for the object to assemble.
The BUILD.gn does **NOT** set it for the assembler files of the blink
third-party; but it does it for boringssl[6] (see also the project file
CMakeLists.txt[7]).
See below what readelf says if the file is assembled manually with the
flag --noexecstack:
$ /home/gportay/src/buildroot/output/host/bin/arm-buildroot-linux-gnueabihf-gcc -MMD -MF obj/third_party/blink/renderer/platform/heap/asm/asm/SaveRegisters_arm.o.d -DARM=1 -DUSE_UDEV -DUSE_AURA=1 -DUSE_NSS_CERTS=1 -DUSE_OZONE=1 -DOFFICIAL_BUILD -DTOOLKIT_QT -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -DNO_UNWIND_TABLES -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS -DCR_SYSROOT_HASH=c2e54f675b83a61301dcdb22e8e7a2b85c01d58c -DNDEBUG -DNVALGRIND -DDYNAMIC_ANNOTATIONS_ENABLED=0 -Igen -I../../3rdparty/chromium -fPIC -fno-strict-aliasing --param=ssp-buffer-size=4 -fstack-protector -fno-unwind-tables -fno-asynchronous-unwind-tables -fPIC -pipe -pthread -std=gnu11 -march=armv7-a -mfloat-abi=hard -mtune=generic-armv7-a -mfpu=vfpv3-d16 -marm -g0 --sysroot=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot -c ../../3rdparty/chromium/third_party/blink/renderer/platform/heap/asm/SaveRegisters_arm.S -o obj/third_party/blink/renderer/platform/heap/asm/asm/SaveRegisters_arm.o -Wa,--noexecstack
$ readelf -a /home/gportay/src/buildroot/output/build/qt5webengine-5.15.14/src/core/release/obj/third_party/blink/renderer/platform/heap/asm/asm/SaveRegisters_arm.o
(...)
Section Headers:
[Nr] Name Type Addr Off Size ES Flg Lk Inf Al
(...)
[ 4] .note.GNU-stack PROGBITS 00000000 000058 000000 00 0 0 1
The section the linker claims for is now part of the Elf object; and
qmake is now able to link its Qt WebEngine module.
Note: Alternatively, the patching the file SaveRegisters_arm.S to set
explicitly the section in the source file works as well (this reduces
the impact to the very single file causing the link issue):
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
#endif
Instead of fixing directly the origin of the issue and setting the
missing assembler flag -Wa,--noexecstack to blink; this works around the
link issue by turning on the feature noexecstack to qtwebengine to force
qmake to link its module using the linker flag -Wl,-z,noexecstack.
[1]: https://github.com/qt/qtwebengine/blob/5.15.14/src/buildtools/configure.json#L353-L357
[2]: https://github.com/qt/qtwebengine/blob/5.15.14/src/buildtools/configure.json#L720-L724
[3]: https://github.com/qt/qtwebengine/blob/5.15.14/src/buildtools/config/linking.pri#L61-L62
[4]: https://github.com/qt/qtwebengine/commit/597359a16a798df3955404200f1fc6833a7425ab
[5]: https://codereview.qt-project.org/c/qt/qtwebengine/+/263545
[6]: https://github.com/qt/qtwebengine-chromium/blob/87-based/chromium/third_party/boringssl/src/util/BUILD.toplevel#L64
[7]: https://github.com/qt/qtwebengine-chromium/blob/87-based/chromium/third_party/boringssl/src/crypto/CMakeLists.txt#L33
Signed-off-by: Gaël PORTAY <gael.portay@rtone.fr>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
See the code snippet below, which typically is used to check if
C++ support can be enabled.
If we manually set CMAKE_CXX_COMPILER to /bin/false, then cmake
will assume that it's fine, without having a real check. Otherwise,
it will do a test run but somehow it falls back to /bin/c++, even
when cross-compiling. Fix that by setting CXX to /bin/false.
```cmake
include(CheckLanguage)
check_language(CXX)
if(CMAKE_CXX_COMPILER)
enable_language(CXX)
endif()
```
Signed-off-by: Thomas Devoogdt <thomas@devoogdt.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since commit [1] "package/binutils: make 2.43 the default version",
the freescale_t2080_qds_rdb_defconfig fails to build the Linux
kernel, with the error:
arch/powerpc/boot/util.S: Assembler messages:
arch/powerpc/boot/util.S:49: Error: junk at end of line, first unrecognized character is `0'
arch/powerpc/boot/util.S:54: Error: syntax error; found `b', expected `,'
arch/powerpc/boot/util.S:54: Error: junk at end of line: `b'
This commit fixes the issue by updating the Linux kernel to the latest
LTS version.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/9967089770
[1] https://gitlab.com/buildroot.org/buildroot/-/commit/360fd01de20eb42aa0e6b5e9f7b37eaa104c6fc9
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
CVE-2025-4207: PostgreSQL GB18030 encoding validation can read one byte past
end of allocation for text that fails validation
A buffer over-read in PostgreSQL GB18030 encoding validation allows a
database input provider to achieve temporary denial of service on platforms
where a 1-byte over-read can elicit process termination. This affects the
database server and also libpq.
https://www.postgresql.org/about/news/postgresql-175-169-1513-1418-and-1321-released-3072/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The last usage of each_product() was removed in commit
52ae092046 ("support/scripts/cve.py: use
the JSON data in 1.1 schema").
Since it's now unused, remove it.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since the bump of rpm from 4.17.0 to 4.18.0 in Buildroot commit
4b4046e919, tools/rpmuncompress.c uses
basename() without including <libgen.h> which causes a build failure
with the musl C library:
tools/rpmuncompress.c: In function ‘doUntar’:
tools/rpmuncompress.c:100:30: error: implicit declaration of function ‘basename’ [-Wimplicit-function-declaration]
100 | const char *bn = basename(fn);
| ^~~~~~~~
tools/rpmuncompress.c:100:30: error: initialization of ‘const char *’ from ‘int’ makes pointer from integer without a cast [-Wint-conversion]
make[4]: *** [Makefile:1082: tools/rpmuncompress.o] Error 1
This issue was not found by the autobuilders, but it can be reproduced
with:
BR2_arm=y
BR2_cortex_a9=y
BR2_ARM_ENABLE_VFP=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN_ARMV7_EABIHF_MUSL_BLEEDING_EDGE=y
BR2_PACKAGE_LUA=y
BR2_PACKAGE_RPM=y
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
GCC 14.x brought some more strict checks on pointer types, causing a
build issue in the rpm package when python support is enabled. These
issues have been fixed upstream, initially because Clang >= 16 also
added similar stricter checks.
The build issue goes like this:
header-py.c:744:9: error: initialization of 'Py_hash_t (*)(PyObject *)' {aka 'int (*)(struct _object *)'} from incompatible pointer type 'long int (*)(PyObject *)' {aka 'long int (*)(struct _object *)'} [-Wincompatible-pointer-types]
744 | hdr_hash, /* tp_hash */
| ^~~~~~~~
header-py.c:744:9: note: (near initialization for 'hdr_Type.tp_hash')
make[3]: *** [Makefile:664: header-py.lo] Error 1
make[3]: *** Waiting for unfinished jobs....
It never happened in the autobuilders, but it can be reproduced with
the following configuration:
BR2_arm=y
BR2_cortex_a9=y
BR2_ARM_ENABLE_VFP=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_PACKAGE_LUA=y
BR2_PACKAGE_PYTHON3=y
BR2_PACKAGE_RPM=y
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Starting with mender 5.x, the docker, rpm and script modules provided by
the mender package now reside in the mender-update-modules repository.
Even though the mender package provided by Buildroot is not updated yet to 5.x,
it is best to enable the modules here to help facilitate the future update of
the mender package to 5.x, and to ensure that any future modifications or bug
fixes to these modules are easy to apply by simply bumping the upstream package
version.
Script is enabled by default to preserve the existing behavior of the mender
package.
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Contains community supported Update Modules. An Update Module is an extension
to the Mender client for supporting a new type of software update, such as a
package manager, container, bootloader or even updates of nearby
microcontrollers. An Update Module can be tailored to a specific device or
environment (e.g. update a proprietary bootloader), or be more
general-purpose (e.g. install a set of .rpm packages.).
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
linux.conf does not change after manually checking the output of
`make savedefconfig` in the kernel source directory.
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
CMake 4.0 requires to have a cmake_minimum_required() in
CMakeLists.txt, which cdrkit doesn't have, so ths commit adds a patch
adding the missing statement. We have chosen version 3.18 because that
the oldest version that we expect is 3.18. From
package/cmake/Config.in.host:
# The minimum system cmake version we expect if 3.18 as provided by
# Debian bullseye, that we use in our reference build docker image.
The patch cannot be upstreamed, as cdrkit basically no longer has any
upstream.
Fixes:
https://autobuild.buildroot.org/results/3412e47836b54928a55c12b46549d6307ab623e7/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This updates the VC4/V3D driver messages with the addition of the
current supported hardwares (VideoCore and Raspberry Pi).
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The Gallium VC4 driver does not require NEON[1]; Gallium V3D does. Also,
the Gallium VC4 driver supports the Raspberry Pi from 0 to 3[2].
Mesa’s VC4 graphics driver supports multiple implementations of
Broadcom’s VideoCore IV GPU. It is notably used in the Raspberry
Pi 0 through Raspberry Pi 3 hardware, and the driver is included
as an option as of the 2016-02-09 Raspbian release using
raspi-config. On most other distributions such as Debian or
Fedora, you need no configuration to enable the driver.
This reverts commit a5cdb54ed7.
That commit is superseded by 85c95e3614
that patches the sources to disable NEON via an option[3]; the sources
using NEON (tiling) are disabled if the CPU does not have that feature.
Thus, the VC4 driver compiles with toolchain without the NEON support
enabled as the one targetting the Raspberry Pi (ARMv6).
This removes the depends on BR2_ARM_CPU_HAS_NEON config since a meson
option disables NEON if the CPU does not support for it. It allows
building Gallium VC4 on Raspberry Pi, Raspberry Pi Zero and Compute
Module.
Note: kmscube with OpenGLES and Gallium/VC4 runs on Raspberry Pi B+ Rev
1.2.
# uname -a
Linux buildroot 6.12.20 #1 Fri Apr 25 02:54:03 CEST 2025 armv6l GNU/Linux
# cat /sys/firmware/devicetree/base/model
Raspberry Pi Model B Plus Rev 1.2#
# dmesg
(...)
[ 39.817806] rpi-gpiomem 20200000.gpiomem: window base 0x20200000 size 0x00001000
[ 39.837139] rpi-gpiomem 20200000.gpiomem: initialised 1 regions as /dev/gpiomem
[ 40.693845] Console: switching to colour dummy device 80x30
[ 40.717223] vc4-drm soc:gpu: bound 20400000.hvs (ops vc4_hvs_ops [vc4])
[ 40.793911] vc4-drm soc:gpu: bound 20400000.hvs (ops vc4_hvs_ops [vc4])
[ 40.824330] Registered IR keymap rc-cec
[ 40.828596] rc rc0: vc4-hdmi as /devices/platform/soc/20902000.hdmi/rc/rc0
[ 40.844139] input: vc4-hdmi as /devices/platform/soc/20902000.hdmi/rc/rc0/input0
[ 40.873434] input: vc4-hdmi HDMI Jack as /devices/platform/soc/20902000.hdmi/sound/card0/input1
[ 40.895848] vc4-drm soc:gpu: bound 20902000.hdmi (ops vc4_hdmi_ops [vc4])
[ 40.914034] vc4-drm soc:gpu: bound 20004000.txp (ops vc4_txp_ops [vc4])
[ 40.921843] vc4-drm soc:gpu: bound 20206000.pixelvalve (ops vc4_crtc_ops [vc4])
[ 40.943543] vc4-drm soc:gpu: bound 20207000.pixelvalve (ops vc4_crtc_ops [vc4])
[ 40.951969] vc4-drm soc:gpu: bound 20807000.pixelvalve (ops vc4_crtc_ops [vc4])
[ 40.983322] vc4-drm soc:gpu: bound 20c00000.v3d (ops vc4_v3d_ops [vc4])
[ 41.010210] [drm] Initialized vc4 0.0.0 for soc:gpu on minor 0
[ 41.151906] Console: switching to colour frame buffer device 240x67
[ 41.223414] vc4-drm soc:gpu: [drm] fb0: vc4drmfb frame buffer device
# kmscube
Using display 0x1f12530 with EGL version 1.4
===================================
EGL information:
version: "1.4"
vendor: "Mesa Project"
client extensions: "EGL_EXT_client_extensions EGL_EXT_device_base EGL_EXT_device_enumeration EGL_EXT_device_query EGL_EXT_platform_base EGL_KHR_client_get_all_proc_addresses EGL_KHR_debug EGL_EXT_platform_device EGL_EXT_explicit_device EGL_MESA_platform_gbm EGL_KHR_platform_gbm EGL_MESA_platform_surfaceless"
display extensions: "EGL_ANDROID_blob_cache EGL_ANDROID_native_fence_sync EGL_EXT_buffer_age EGL_EXT_image_dma_buf_import EGL_EXT_image_dma_buf_import_modifiers EGL_KHR_cl_event2 EGL_KHR_config_attribs EGL_KHR_context_flush_control EGL_KHR_create_context EGL_KHR_create_context_no_error EGL_KHR_fence_sync EGL_KHR_get_all_proc_addresses EGL_KHR_gl_colorspace EGL_KHR_gl_renderbuffer_image EGL_KHR_gl_texture_2D_image EGL_KHR_gl_texture_cubemap_image EGL_KHR_image EGL_KHR_image_base EGL_KHR_image_pixmap EGL_KHR_no_config_context EGL_KHR_reusable_sync EGL_KHR_surfaceless_context EGL_EXT_pixel_format_float EGL_KHR_wait_sync EGL_MESA_configless_context EGL_MESA_drm_image EGL_MESA_gl_interop EGL_MESA_image_dma_buf_export EGL_MESA_query_driver "
===================================
OpenGL ES 2.x information:
version: "OpenGL ES 2.0 Mesa 24.0.9"
shading language version: "OpenGL ES GLSL ES 1.0.16"
vendor: "Broadcom"
renderer: "VC4 V3D 2.1"
extensions: "GL_EXT_blend_minmax GL_EXT_multi_draw_arrays GL_EXT_texture_compression_s3tc GL_EXT_texture_compression_dxt1 GL_EXT_texture_format_BGRA8888 GL_OES_compressed_ETC1_RGB8_texture GL_OES_depth24 GL_OES_element_index_uint GL_OES_fbo_render_mipmap GL_OES_mapbuffer GL_OES_rgb8_rgba8 GL_OES_stencil8 GL_OES_texture_npot GL_OES_vertex_half_float GL_OES_EGL_image GL_OES_depth_texture GL_AMD_performance_monitor GL_OES_packed_depth_stencil GL_OES_get_program_binary GL_APPLE_texture_max_level GL_EXT_discard_framebuffer GL_EXT_read_format_bgra GL_NV_pack_subimage GL_NV_texture_barrier GL_EXT_frag_depth GL_NV_fbo_color_attachments GL_OES_EGL_image_external GL_OES_EGL_sync GL_OES_vertex_array_object GL_ANGLE_pack_reverse_row_order GL_ANGLE_texture_compression_dxt3 GL_ANGLE_texture_compression_dxt5 GL_EXT_unpack_subimage GL_NV_draw_buffers GL_NV_read_buffer GL_NV_read_depth GL_NV_read_depth_stencil GL_NV_read_stencil GL_APPLE_sync GL_EXT_draw_buffers GL_EXT_map_buffer_range GL_KHR_debug GL_KHR_texture_compression_astc_ldr GL_NV_generate_mipmap_sRGB GL_NV_pixel_buffer_object GL_OES_required_internalformat GL_OES_surfaceless_context GL_EXT_debug_label GL_EXT_separate_shader_objects GL_EXT_compressed_ETC1_RGB8_sub_texture GL_EXT_draw_elements_base_vertex GL_EXT_texture_border_clamp GL_KHR_context_flush_control GL_OES_draw_elements_base_vertex GL_OES_texture_border_clamp GL_KHR_no_error GL_KHR_texture_compression_astc_sliced_3d GL_EXT_texture_compression_s3tc_srgb GL_KHR_parallel_shader_compile GL_MESA_tile_raster_order GL_MESA_sampler_objects GL_MESA_bgra "
===================================
Rendered 120 frames in 2.000020 sec (59.999400 fps)
[1]: https://gitlab.freedesktop.org/mesa/mesa/-/commit/932ed9c00b99e6ec92146ec9e820f546cf3e6551
[2]: https://docs.mesa3d.org/drivers/vc4.html
[3]: https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/4114
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This dependency systematically applied with integrated GPUs but no longer
with discrete GPUs, so remove it.
Signed-off-by: Francois Dugast <francois.dugast.foss@gmail.com>
[Julien: fix conflicts after mesa3d bump in commit 317260f]
Signed-off-by: Julien Olivain <ju.o@free.fr>
If an attempt is made to create a UBI volume and it already exists, the
operation fails. Therefore, before requesting the creation of a UBI
volume, we erase the entire NAND to ensure that no errors occur.
Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This target version is needed for Rusticl which is an LLVM based OpenCL
framework[1]. Rusticl allow programs to compile OpenCL C/C++ code
at runtime with Clang. Clang generates LLVM IR which is translated into
SPIR-V by spirv-llvm-translator. Finally, mesa can use its internal
tools to manage SPIR-V.
[1]: https://docs.mesa3d.org/rusticl.html
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Sebastian Weyer <sebastian.weyer@smile.fr>
Signed-off-by: Antoine Coutant <antoine.coutant@smile.fr>
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Julien Olivain <ju.o@free.fr>
host-libdrm is needed by host-mesa3d (introduced by this patch series),
which is needed by (target) mesa3d, when enabling the Gallium Iris
driver since version 24.1.0.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Since commit [1], the host-nodejs package was turned into a virtual
package. However, the target nodejs package was intentionally not
turned into a virtual package and became an empty package.
The reason for this is:
- No alternatives providers were introduced for the target nodejs
package.
- The Config.in remained unchaged for the target package.
As a result, running `make show-info` with a config that includes the
target nodejs package, outputs an entry for the empty package:
```
"nodejs": {
"type": "target",
"name": "nodejs",
"virtual": false,
"version": "",
...
"cpe-id": "cpe:2.3:a:nodejs:node.js::*:*:*:*:*:*:*"
},
```
This can be an issue because the CPE ID of the empty nodejs package
is the following `cpe:2.3:a:nodejs:node.js::*:*:*:*:*:*:*`.
Reporting such a CPE ID can be an issue for certain software that consume
the SBOM and could be interpreted as CPE that matches with every versions
of the package.
This patch converts the target nodejs package into a virtual package to
prevents the empty package from being included in the SBOM.
[1] 4cbc2af604 package/nodejs: rename to nodejs-src and convert to virtual package
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Tested-by: johan.derycke@barco.com
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Version 6.1.2 of ffmpeg fails to build with GCC 14.x due to the V4L2
ioctl code:
libavdevice/v4l2.c:137:17: error: assignment to ‘int (*)(int, long unsigned int, ...)’ from incompatible pointer type ‘int (*)(int, int, ...)’ [-W
incompatible-pointer-types]
137 | s->ioctl_f = prefix ## ioctl; \
| ^
libavdevice/v4l2.c:151:9: note: in expansion of macro ‘SET_WRAPPERS’
151 | SET_WRAPPERS();
| ^~~~~~~~~~~~
This has been fixed upstream in the release/6.1 branch, which has 27
fixes on top of 6.1.2. The commits necessary to fix our issue are:
f71076c009f84917e7a0f2f1ece86b718de2d8d3 configure: improve check for POSIX ioctl
60593d6c06c9b610359bd6af26a268feff1293eb configure: restore autodetection of v4l2 and fbdev
However, since all other commits are fixes, we believe bumping to the
latest commit in the release/6.1 branch is a better idea.
This allows to drop
0008-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch, which
is upstream as of:
4c688845a50f7dce3af9afebe60f0f7a493c4f07 libavcodec/arm/mlpdsp_armv5te: fix label format to work with binutils 2.43
Note that we set FFMPEG_CPE_ID_VERSION to get proper CVE matching even
with FFMPEG_VERSION being set to n6.1.2-27-ge16ff06adb. One who have
ideally set FFMPEG_VERSION to n$(FFMPEG_CPE_ID_VERSION)-ge16ff06adb,
but that makes check-package unhappy with:
WARNING: package/ffmpeg/ffmpeg.mk:7: expecting package version to be set before CPE_ID_VERSION
Fixes:
https://autobuild.buildroot.net/results/fe1574443acd50ca7e576bb4beb24467be1713e3/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
The V4L2 code in the ffmpeg plugin uses V4L2_PIX_FMT_BGRA32 which was
only introduced in kernel headers 5.2, in upstream kernel commit
e25ec9141114c7124eeba09385e272dd76fbe617.
Fixes:
/home/thomas/buildroot/buildroot/outputs/qt/build/qt6multimedia-6.8.1/src/plugins/multimedia/ffmpeg/qv4l2camera.cpp:36:43: error: ‘V4L2_PIX_FMT_BGRA
32’ was not declared in this scope; did you mean ‘V4L2_PIX_FMT_BGR32’?
36 | { QVideoFrameFormat::Format_BGRA8888, V4L2_PIX_FMT_BGRA32 },
| ^~~~~~~~~~~~~~~~~~~
| V4L2_PIX_FMT_BGR32
when building:
BR2_arm=y
BR2_cortex_a9=y
BR2_ARM_ENABLE_VFP=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN_ARMV7_EABIHF_MUSL_STABLE=y
BR2_PACKAGE_QT6=y
BR2_PACKAGE_QT6BASE_XCB=y
BR2_PACKAGE_QT6MULTIMEDIA=y
BR2_PACKAGE_QT6MULTIMEDIA_FFMPEG=y
BR2_PACKAGE_XORG7=y
at a time when the Bootlin stable toolchain was using Linux 4.19
headers.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
The following defconfig:
BR2_arm=y
BR2_cortex_a9=y
BR2_ARM_ENABLE_VFP=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN_ARMV7_EABIHF_MUSL_STABLE=y
BR2_PACKAGE_QT6=y
BR2_PACKAGE_QT6BASE_XCB=y
BR2_PACKAGE_QT6MULTIMEDIA=y
BR2_PACKAGE_QT6MULTIMEDIA_FFMPEG=y
BR2_PACKAGE_XORG7=y
would fail to build, due to <X11/extensions/Xext.h> being not found,
and then <X11/extensions/Xrandr.h> being not found. Fix that up by
introducing the necessary dependencies.
There are no build failures reported for qt6multimedia in the
autobuilders, so there is no reference to a build failure.
Signed-off-by: Roy Kollen Svendsen <roykollensvendsen@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
Fixes:
ERROR: Feature "xcb": Forcing to "ON" breaks its condition:
QT_FEATURE_thread AND TARGET XCB::XCB AND TEST_xcb_syslibs AND QT_FEATURE_xkbcommon_x11
Condition values dump:
QT_FEATURE_thread = "ON"
TARGET XCB::XCB found
TEST_xcb_syslibs = "FALSE"
QT_FEATURE_xkbcommon_x11 not evaluated
The xcb feature is defined in [2].
According to [1] XCB::CURSOR is needed for xcb support.
[1] https://code.qt.io/cgit/qt/qtbase.git/tree/src/gui/configure.cmake?h=6.9.0#n522
[2] https://code.qt.io/cgit/qt/qtbase.git/tree/src/gui/configure.cmake?h=6.9.0#n1016
This bug was introduced in e634be8906,
and fixes the build with the following defconfig:
BR2_arm=y
BR2_cortex_a9=y
BR2_ARM_ENABLE_VFP=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN_ARMV7_EABIHF_MUSL_STABLE=y
BR2_PACKAGE_QT6=y
BR2_PACKAGE_QT6BASE_GUI=y
BR2_PACKAGE_QT6BASE_XCB=y
BR2_PACKAGE_XORG7=y
Signed-off-by: Roy Kollen Svendsen <roykollensvendsen@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
Buildroot packaging pretty much assumes that the sources it downloads
are publicly available. In general, however, Buildroot is also used to
download sources from private repositories. Nowadays, that mostly means
from a github or gitlab instance.
Although git-over-ssh can be used for that, this poses a problem for CI,
because the CI runners integrated with github and gitlab only have
access to the repository itself, not to other private repositories. And
creating ssh key pairs for CI runners is tricky.
Therefore, document how standard tools can be used to make private
repositories available both to developers and to CI. There are quite a
few alternative approaches possible, but they're more complicated or
less generically applicable.
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
[Peter: Fix insteadOf example, capitalize SSH/HTTPS]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is needed following the bump of libyang (3.12.2),
sysrepo (3.6.11) and libnetconf2 (3.7.1), as netopeer2 2.4.1 is the
version designed to work with those other components.
See https://github.com/CESNET/netopeer2/releases for the changes.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Changelog:
error-path data node
now using proper format so in rpc-reply uses XML XPath format instead of JSON
several bugfixes and improvements
Depends on libyang v3.12.2:
https://github.com/CESNET/libyang/releases/tag/v3.12.2
As part of this version bump, the ENABLE_SSH and ENABLE_TLS options
have been dropped by upstream in favor of a single ENABLE_SSH_TLS
option, which requires openssl or mbedtls, libcurl and libssh. Since
this is getting quite complicated to handle as an implicit optional
dependency, we make this explicit with a new sub-option
BR2_PACKAGE_LIBNETCONF2_SSH_TLS that ensures everything needed is
enabled.
In theory, libnetconf2 can use either mbedtls or openssl for crypto,
but netopeer2 will only work if OpenSSL is used, so we only allow
using OpenSSL until that gets fixed upstream.
The netopeer2 package, which needs SSH/TLS support in libnetconf2 is
updated accordingly (and actually becomes simpler).
Signed-off-by: Mattias Walström <lazzer@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Changelog:
optional xxhash faster hasing function
support for metadata in diff
lots of optimizations and fixes
License file changed due to copyright year change:
-Copyright (c) 2015-2021, CESNET
+Copyright (c) 2015-2024, CESNET
Signed-off-by: Mattias Walström <lazzer@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add a patch (found in an upstream PR) to avoid the following error when
the dbus module is not enabled:
```
policy/modules/system/selinuxutil.te:102:ERROR 'attribute
dbusd_system_bus_client is not within scope' at token ';'
on line 155976:
```
Remove the patch 0001-policy-modules-services-smartmon.te-make-fstools-opt.patch
(upstream commit 65eed16b58015b08f43a096c202dae6cba2f0a37).
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
[Arnout:
- Add patch to fix dbus issue.
- Remove dbus from default modules again.
- Remove the existing patch which is applied upstream.
]
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
Fixup S20audit to pass shellcheck -oall and check-package. The file now
closely resembles package/busybox/S01syslogd.
Tested with qemu_x86_64_defconfig. start, stop, restart, reload, and rotate
all work with busybox ash shell.
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
[Arnout: remove it from .checkpackageignore]
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
The new version bundles an updated gnulib that includes support for
-std=c23 which is the default for gcc 15.
Signed-off-by: Vincent Fazio <vfazio@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
The mtd package fails to compile when BR2_PACKAGE_MTD_TESTS=y is enabled
with the following error.
> make[1]: *** No rule to make target
> 'tests/ubifs_tools-tests/images/good.gz', needed by 'all-am'. Stop.
This issue was reported upstream and a patch submitted. However we can't
apply the patch to fix the problem. The issue is that a file is missing
from the released tarball, so only a new MTD release can fix it.
This reverts commit 0c230eef90.
Upstream: https://lore.kernel.org/linux-mtd/20250220112554.2150046-1-m.olbrich@pengutronix.de/
Reported-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Brandon Maier <brandon.maier@collins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
Build with gcc-15 was fixed upstream in 10.11.11:
https://github.com/MariaDB/server/commit/1d6f857
Remove patch, since the problem was fixed upstream:
https://github.com/MariaDB/server/commit/4375245
After bumping the version to 10.11.11 the configuration step failed for target:
CMake Error: try_run() invoked in cross-compiling mode, please set the following cache variables appropriately:
HAVE_SYSTEM_LIBFMT_EXITCODE (advanced)
To fx this problem we set HAVE_SYSTEM_LIBFMT_EXITCODE=0.
Fix legal-info after changes to README.md.
Signed-off-by: Roy Kollen Svendsen <roykollensvendsen@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 7dd56b6cd9 ("boot/grub2/readme.txt: don't specify /dev/loop0")
changed the description of the loopback mounting to use losetup -f <img>,
but forgot to add the --show option, causing losetup to not print the
loopback device name.
Fix that by adding the --show option.
Signed-off-by: Cherniaev Andrei <dungeonlords789@naver.com>
[Peter: Reword commit message]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit adds support for the i.MX 91 EVK board
https://www.nxp.com/imx93evk
Tested on board revision SCH-91080 REV A1.
Signed-off-by: Juan Pablo MONTERO CASTRO <juanpablo.monterocastro@nxp.com>
[Julien:
- split original commit 3/3
- fix check-package errors
- add link to board page in readme.txt
- reflow readme.txt
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
This commit introduces the silicon revision number configuration.
This value will be used by packages for specific configurations
(such as security firmware).
Signed-off-by: Juan Pablo MONTERO CASTRO <juanpablo.monterocastro@nxp.com>
[Julien: split original commit 1/3]
Signed-off-by: Julien Olivain <ju.o@free.fr>
We changed the suffix of tarballs for Cargo-fetched packages, which
affects out-of-tree packages, so it makes sense to document that in
the migration guide.
Reported-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
Following the "support/download: replace deprecated .cargo/config"
change, the hashes of all Cargo-fetched packages need to be
updated. This commit therefore changes the suffix of Cargo packages
from -cargo3 to -cargo4, and updates all hashes.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
With the current vendoring process, any Cargo build emits the
following warning:
warning: `.../.cargo/config` is deprecated in favor of `config.toml`
.cargo/config.toml was introduced in 1.39 [1], so there shouldn't be
backwards compatibility issues in Buildroot. However, because the
generated config file becomes part of the vendored archive, this
changes the hashes of all Cargo-based packages.
[1] https://doc.rust-lang.org/cargo/reference/config.html#hierarchical-structure
Signed-off-by: Fiona Klute (WIWA) <fiona.klute@gmx.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
Currently, list-defconfigs only lists the defconfigs that live
live in the top-level configs/ directory. For the in-tree defconfigs
this is indeed the case, but it is possible to manage the configs in a
br2-external tree with sub-directories.
A few examples:
- for a given board, a first defconfig is the full system, and a
second is the rescue system;
- for a given board, two defconfigs implement an A/B feature set;
- a set of configurations targetting various famillies of systems each
running on different hardware, sorted per familly.
Extend list-defconfigs to look for and report defconfigs in
sub-directories of the top-level configs/.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
As specified in the 2.28.10 release notes:
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.10
Mbed TLS 2.28.10 is the last release of the 2.28 LTS and won't receive bug
fixes or security fixes anymore. Users are advised to upgrade to a
maintained version.
So move to 3.6.x, which is the new LTS version:
Mbed TLS 3.6 is a long-term support (LTS) branch. It will be supported with
bug-fixes and security fixes until at least March 2027.
Drop BR2_PACKAGE_MBEDTLS_COMPRESSION and all related references
as native zlib support has been entirely removed from mbedtls.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[Peter: add note about 2.28.x / 3.6.x, add Config.in.legacy]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
dbus has a session socket directory configuration setting,
that, if not set, will be autodeducted based on env vars
like TMPDIR during configuration time.
Becuse of that, the builder's environment variables will
lead to an image with a broken session bus while
leaking builder's details to the image.
Add an explicit setting of session-socket-dir to /tmp dir.
Fixes: https://gitlab.com/buildroot.org/buildroot/-/issues/67
Signed-off-by: Nikita Kiryushin <kiryushin@ancud.ru>
Reviewed-by: Fiona Klute <fiona.klute@gmx.de>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
Commit 4662553088 ("package/sdl2: add wayland support") added an option to
enable wayland support but accidentally put the .mk logic inside the
BR2_PACKAGE_SDL2_X11, so it would only trigger if the X11 driver was
enabled.
Fix that by moving it outside the conditional.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This will be required for the upcoming python-mypy package.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
PYTHON_FOO_BUILD_OPTS are passed to the build module call of the package
build, this allows passing options to the python build *backend* by
using the --config-setting= option. setup.py is no longer involved since
even the setuptools backend now used the pep517 build method.
The note about the options being passed to
support/scripts/pyinstaller.py seems to be no longer accurate.
Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
[Arnout: also mention -C (suggested by James)]
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
While in theory, the fastapi tests finds problems with the pydantic
package, it's not obvious that this test should be run when the pydantic
package is updated.
Add a new test that just covers pydantic.
Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
Add python-typing-inspection as a newly introduced dependency of
pydantic.
Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
A set of `unterminated-string-initialization` errors appeared when
building the micropython package with GCC15 on the host.
The autobuilder failed to build the package micropython with the
following error:
```
CC ../py/emitinlinethumb.c
../py/emitinlinethumb.c:153:9: error: initializer-string for array of 'unsigned char' truncates NUL terminator but destination lacks 'nonstring' attribute (4 chars into 3 available) [-Werror=unterminated-string-initialization]
153 | {0, "r0\0"},
| ^~~~~~
../py/emitinlinethumb.c:154:9: error: initializer-string for array of 'unsigned char' truncates NUL terminator but destination lacks 'nonstring' attribute (4 chars into 3 available) [-Werror=unterminated-string-initialization]
154 | {1, "r1\0"},
| ^~~~~~
...
```
This patch adds the set of upstream commits to fix the compatbility with
GCC15 (see [1]).
The patches were backported to micropython v1.22.2. The main difference
with the upstream version is that since the v1.23, the project removed the
use of the `STATIC` macro (see [2]).
Also, in the codebase of v1.22.2 the 'unterminated-string-initialization'
error occured in another file that was reworked in the patch [3] and
included in v1.25. This patch is included as well to remove the error in
v1.22.2.
[1] package/micropython/0003-Fixes-for-GCC-15-1-unterminated-string-literal-warning.patch
[2] https://github.com/micropython/micropython/commit/decf8e6a8bb940d5829ca3296790631fcece7b21
[3] package/micropython/0002-py-emitinlinextensa-Simplify-register-name-lookup.patch
Fixes: https://autobuild.buildroot.org/results/fdf/fdf1d7c3e3a51e6fc7fa5abea57de6c9ce792015
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Add a patch fixing compilation on hosts with gcc 15.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This includes the following changes:
53ae74a configure.ac: fix autoconf code for img_fullscreen
ec1ed35 configure.ac: standardize default-enabled options
1f64c65 README: Update mailing list to point to yocto-patches ml
b1a75fd psplash: Only define bool if using C standard older than C23
5a32cf6 psplash.c: fix crash from length becoming negative
ecc1913 SECURITY.md: Add file
Signed-off-by: Olivier Benjamin <olivier.benjamin@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This commit adds support for the i.MX 93 FRDM (Freedom) board.
The i.MX93 FRDM development board is a low-cost and compact
development board featuring the i.MX93 applications processor.
See: https://nxp.com/FRDM-IMX93
This defconfig is based on freescale_imx93evk_defconfig introduced
by Sébastien, in Cc.
Note: the Linux and U-Boot repositories are forks. This is because
the NXP software team did not included all the necessary i.MX93 FRDM
patches in the standard NXP i.MX BSP at the time of this commit.
Instead, patches were published in a dedicated Yocto Layer from [1].
The forks used in this defconfig are simply the repositories [2]
and [3] with patches from [1] applied on them. This is only to make this
defconfig simpler in the meantime the BSP patches are included in the
NXP BSP repositories.
Thanks to Martin Chabot for lending a board!
[1] https://github.com/nxp-imx-support/meta-imx-frdm
[2] https://github.com/nxp-imx/uboot-imx
[3] https://github.com/nxp-imx/linux-imx
Cc: Martin Chabot <martin.chabot@gmail.com>
Cc: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Tested-by: Julien Olivain <ju.o@free.fr>
[Julien: Tested on board 700-94611 Rev B1]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Changelog: https://git.infradead.org/?p=mtd-utils.git;a=blob;f=CHANGELOG.md
The TestMtd build fails with the following error
checking pkg-config is at least version 0.9.0... ./configure: line
5375: .../output/TestMtd/host/bin/pkg-config: No such file or
directory
So we promote host-pkgconf to be a required dependency for the build.
Signed-off-by: Brandon Maier <brandon.maier@collins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This updates all SHA256 hashes for Rust packages that previously used
cargo2.tar.gz archives, following the switch to cargo3 naming in my last
patch.
Signed-off-by: El Mehdi YOUNES <elmehdi.younes@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Starting from rust 1.84.0 (cargo 1.84.0), published crates now always
include a Cargo.lock file. Originally it was only included for packages
that have executables or examples for use with cargo install. see [1]
This behaviour change alters the contents of the .tar.gz archives,
which causes SHA256 hash mistmatches when trying to build Rust packages.
Example build failure with bat-0.24.0:
ERROR: while checking hashes from package/bat/bat.hash
ERROR: bat-0.24.0-cargo2.tar.gz has wrong sha256 hash:
ERROR: expected: 45fcdd6076dc1b45698a7b6c0f4d1f5d9ae676f3ca3b155402ad24680d5b4df6
ERROR: got : 28b302b1aa325221796d4ebb25bacab19a8927ef32f4d56a965b32a7b1c102fc
After using the ne hash to download the new archive tar.gz, we have the
difference between the old archive and the new one using diffoscope:
│ │ --rw-r--r-- 0 0 0 1529 2023-10-11 17:14:12.000000 bat-0.24.0/VENDOR/bincode/.cargo-checksum.json
│ │ +-rw-r--r-- 0 0 0 1609 2023-10-11 17:14:12.000000 bat-0.24.0/VENDOR/bincode/.cargo-checksum.json
│ │ +-rw-r--r-- 0 0 0 1766 2023-10-11 17:14:12.000000 bat-0.24.0/VENDOR/bincode/Cargo.lock
│ │ -rw-r--r-- 0 0 0 1388 2023-10-11 17:14:12.000000 bat-0.24.0/VENDOR/bincode/Cargo.toml
We can see that Cargo.lock has been added.
To avoid hash mismatch issues and to clearly mark archives generated
with the new Cargo behavior, we migrate the naming from 'cargo2.tar.gz'
to 'cargo3.tar.gz'.
We did not find any alternative to disable this new cargo-publish
behavior, so this change is necessary to allow updating the hashes of
Cargo-fetched packages.
[1] https://github.com/rust-lang/cargo/pull/14815https://doc.rust-lang.org/nightly/cargo/CHANGELOG.html
Signed-off-by: El Mehdi YOUNES <elmehdi.younes@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Rust includes an option `download-ci-llvm` in config.toml that enables
downloading prebuilt LLVM binaries from Rust's CI infrastructure instead
of building LLVM from source. This option helps speed up the bootstrap
process and is enabled by default starting from Rust 1.83.
However, starting from commit [1] the bootstrap process performs
a strict check via the function
check_incompatible_options_for_ci_llvm().
This validation, implemented in the function
check_incompatible_options_for_ci_llvm(), checks for any incompatible
custom options such as `llvm.ldflags`, `llvm.cflags`, `targets`, etc.
If any of these are set locally and differ from the values used to build
the CI-provided LLVM, the build fails immediately with the error:
ERROR: Setting `llvm.ldflags` is incompatible with
`llvm.download-ci-llvm`.
Buildroot explicitly sets `llvm.ldflags` in rust.mk to ensure proper
host linking during the build of host-rust. Removing this setting may
introduce portability or reliability issues across toolchains.
To address the issue without compromising the build environment, this
patch disables the use of CI-provided LLVM by setting:
[llvm]
download-ci-llvm = false
This follows the recommendation from the Rust bootstrap script itself.
Note: this is a temporary workaround to restore compatibility with Rust
≥1.83. Other solutions will be investigated to avoid disabling the use
of prebuilt LLVM in the future, while preserving Buildroot’s reproducible
build setup.
[1] https://github.com/rust-lang/rust/commit/9df7680ecf698bf7087616b595774ee1023d3c7b
Signed-off-by: El Mehdi YOUNES <elmehdi.younes@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit U-Boot, Linux kernel and ATF (when applicable) to the
NXP BSP lf-6.12.3-1.0.0 versions.
Custom hashes are also updated accordingly.
Signed-off-by: Julien Olivain <ju.o@free.fr>
This version is aligned with NXP Linux BSP version "lf-6.12.3-1.0.0".
License hashes changed because the LA_OPT_NXP_Software_License changed
from "v57 July 2024" to "v58 November 2024".
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This version is aligned with NXP Linux BSP version "lf-6.12.3-1.0.0".
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This version is aligned with NXP Linux BSP version "lf-6.12.3-1.0.0".
License hashes changed because the LA_OPT_NXP_Software_License changed
from "v57 July 2024" to "v58 November 2024".
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This version is aligned with NXP Linux BSP version "lf-6.12.3-1.0.0".
License hashes changed because the LA_OPT_NXP_Software_License changed
from "v57 July 2024" to "v58 November 2024".
The Vivante.icd file is now in gpu-core/etc/OpenCL/vendors/ and there is
a new directory "vulkan" in gpu-core/etc/. Copy both OpenCL and vulkan
directories to /etc/.
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This version is aligned with NXP Linux BSP version "lf-6.12.3-1.0.0".
License hashes changed because the LA_OPT_NXP_Software_License changed
from "v57 July 2024" to "v58 November 2024".
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This version is aligned with NXP Linux BSP version "lf-6.12.3-1.0.0".
License hashes changed because the LA_OPT_NXP_Software_License changed
from "v57 July 2024" to "v58 November 2024".
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This version is aligned with NXP Linux BSP version "lf-6.12.3-1.0.0".
License hashes changed because the LA_OPT_NXP_Software_License changed
from "v57 July 2024" to "v58 November 2024".
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
- TF-A to version v2.12 (LTS)
- U-Boot to version v2025.04
- Linux kernel to version 6.14.6
Signed-off-by: Patrik Olsson <johan.patrik.olsson@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
JSON output is useful for building integrations, e.g. reading bundle
information into other tools.
Host-json-glib is very small / fast to build compared to the other
dependencies, so enable it unconditionally.
Signed-off-by: Fiona Klute (WIWA) <fiona.klute@gmx.de>
[Peter: unconditionally enable JSON support]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since commit [1] "package/binutils: make 2.43 the default version",
the freescale_t1040d4rdb_defconfig fails to build the Linux
kernel, with the error:
arch/powerpc/boot/util.S: Assembler messages:
arch/powerpc/boot/util.S:49: Error: junk at end of line, first unrecognized character is `0'
arch/powerpc/boot/util.S:54: Error: syntax error; found `b', expected `,'
arch/powerpc/boot/util.S:54: Error: junk at end of line: `b'
This commit fixes the issue by updating the Linux kernel to the latest
LTS version.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/9967089767
[1] https://gitlab.com/buildroot.org/buildroot/-/commit/360fd01de20eb42aa0e6b5e9f7b37eaa104c6fc9
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since commit [1] "package/binutils: make 2.43 the default version",
the freescale_p1025twr_defconfig fails to build the Linux
kernel, with the error:
arch/powerpc/boot/util.S: Assembler messages:
arch/powerpc/boot/util.S:49: Error: junk at end of line, first unrecognized character is `0'
arch/powerpc/boot/util.S:54: Error: syntax error; found `b', expected `,'
arch/powerpc/boot/util.S:54: Error: junk at end of line: `b'
This commit fixes the issue by updating the Linux kernel to the latest
LTS version.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/9967089759
[1] https://gitlab.com/buildroot.org/buildroot/-/commit/360fd01de20eb42aa0e6b5e9f7b37eaa104c6fc9
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In ConnMan through 1.44, parse_rr in dnsproxy.c has a memcpy length
that depends on an RR RDLENGTH value (i.e., *rdlen=ntohs(rr->rdlen)
and memcpy(response+offset,*end,*rdlen)). Here, rdlen may be larger
than the amount of remaining packet data in the current state of
parsing. As a result, values of stack memory locations may be sent
over the network in a response.
Fixes:
https://www.cve.org/CVERecord?id=CVE-2025-32366
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the board flashing by adding the bootloader, which I had mistakenly
forgotten to include in the script.
Fixes: 322e8d8451 ("configs/imx6ulz_bsh_smm_m2_defconfig: new defconfig")
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c
can be NULL or an empty string when the TC (Truncated) bit is set in
a DNS response. This allows attackers to cause a denial of service
(application crash) or possibly execute arbitrary code, because those
lookup values lead to incorrect length calculations and incorrect
memcpy operations.
Fixes:
https://www.cve.org/CVERecord?id=CVE-2025-32743
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
[Julien: add link to cve]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Release notes:
- ver 1.44:
* Fix issue with handling oFono context integration.
* Fix issue with handling web context for online detection.
* Fix issue with handling flags used when deleting routes.
* Fix issue with handling PAC proxy integration.
- ver 1.43:
* Fix issue with device creation when using LTE.
* Fix issue with regulatory domain when powering up.
* Fix issue with resolving ISO3166 code from timezone data.
* Fix issue with handling DNS proxy zero termination of buffers.
* Fix issue with handling DHCP packet length in L3 mode.
* Fix issue with handling DHCP upper length checks.
* Fix issue with handling IPv6 and URL parsing.
* Fix issue with handling online check updates.
* Fix issue with handling proxy method and WISPr.
* Fix issue with handling default gateway setup.
* Add support for low-priority default routes.
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Update package help text to reflect upstream project description.
Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The 6.13.x series is now EOL upstream, so drop the linux-headers
option and add legacy handling for it.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This patch bumps:
- TF-A to version v2.12 (LTS)
- U-Boot to version v2025.04
- Linux kernel to version 6.12.28 (LTS)
Signed-off-by: Patrik Olsson <johan.patrik.olsson@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Changes 5.9.3 to 5.9.4, from:
https://github.com/net-snmp/net-snmp/blob/v5.9.4/CHANGES
IMPORTANT: SNMP over TLS and/or DTLS are not functioning properly
in this release with various versions of OpenSSL and will be fixed
in a future release.
libsnmp:
- Remove the SNMP_SWIPE_MEM() macro Remove this macro since it is not
used in the Net-SNMP code base.
- DISPLAY-HINT fixes
- Miscellanious improvements to the transports
- Handle multiple oldEngineID configuration lines
- fixes for DNS names longer than 63 characters
agent:
- Added a ignoremount configuration option for the HOST-MIB
- disallow SETs with a NULL varbind
- fix the --enable-minimalist build
apps:
- snmpset: allow SET with NULL varbind for testing
- snmptrapd: improved MySQL logging code
general:
- configure: Remove -Wno-deprecated as it is no longer needed
- miscellanious ther bug fixes, build fixes and cleanups
We can drop patch 0001-snmp_agent-disallow-SET-with-NULL-varbind.patch
because it's upstream as of commit
4589352dac3ae111c7621298cf231742209efd9b, which is part of the 5.9.4
release.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Julien: add link to changelog]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Add support for a psplash configure option:
--enable-img-fullscreen, via BR2_PACKAGE_PSPLASH_FULL_SCREEN
The Buildroot option will default to 'n' to be compatible with
the previous behaviour, as it was disabled by default in psplash.
Note: the --enable-img-fullscreen configure option has been supported
in psplash since upstream commit:
https://git.yoctoproject.org/psplash/commit/?id=773a3977d255e8f59a741ad6ce37c4d40f1feaa1
Signed-off-by: Olivier Benjamin <olivier.benjamin@bootlin.com>
[Julien: add note in commit log about upstream support]
Signed-off-by: Julien Olivain <ju.o@free.fr>
A basic Fedora 42 container does not have 'awk' installed, but it is
needed by Buildroot. First by check-host-python3.sh:
support/dependencies/check-host-python3.sh: line 6: awk: command not found
support/dependencies/check-host-python3.sh: line 19: awk: command not found
support/dependencies/check-host-python3.sh: line 19: awk: command not found
but then even building host-expat assumes awk is available:
config.status: creating Makefile
./config.status: line 1404: awk: command not found
config.status: creating expat.pc
./config.status: line 1404: awk: command not found
Since it's a pretty basic tool, make it part of the tools checked by
dependencies.sh. One minor annoyance is that check-host-python3.sh is
executed *before* dependencies.sh does its thing, so when 'awk' is not
available, we end up seeing:
support/dependencies/check-host-python3.sh: line 6: awk: command not found
support/dependencies/check-host-python3.sh: line 19: awk: command not found
support/dependencies/check-host-python3.sh: line 19: awk: command not found
which: no awk in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin)
You must install 'awk' on your build machine
make: *** [support/dependencies/dependencies.mk:27: dependencies] Error 1
It would be nice to have the awk check *before* it gets used in
check-host-python3.sh, but that's a topic for another patch.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This commit adds the same patch that was already added to GDB 14.x,
15.x and 16.x to fix a GCC 15.x build issue.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This commit backports an upstream patch fixing the bundled readline
library so that it builds with GCC 15.x.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Changes:
Set GDB version number to 15.2.
[gdb/python] Make sure python sys.exit makes gdb exit
[gdb/symtab] Revert "Change handling of DW_TAG_enumeration_type in DWARF scanner"
[gdb/testsuite] Add regression test for PR32158
[gdb/testsuite] Add gdb.dwarf2/enum-type-c++.exp, regression test for PR31900.
gdb-15-branch: Clear the X86_XSTATE_MPX bit in XCRO for x32
Recognize -2 as a tombstone value in .debug_line
[gdb] Handle ^C during disassembly
Mark unavailable bytes of limited-length arrays when allocating contents
gdb/solib-frv: move lm_info object to solib
Fix loading a saved recording
Bump GDB's version number to 15.1.90.DATE-git.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Changes:
Set GDB version number to 16.3.
gstack: [downstream regression] Output file names and line numbers
Fix build failure for gdbserver's raw_compare self test
Fix gdbserver crashes on SVE/SME-enabled systems
gdb: allow selecting default fg/bg colors in tui mode
gdb: Fix assertion failure when inline frame #0 is duplicated
[gdb/tdep] Rewrite i386_canonicalize_syscall
[gdb/record] Fix out-of-bounds write in aarch64_record_asimd_load_store
gdb/dwarf: save DWARF version in dwarf2_loclist_baton, remove it from dwarf2_per_cu
Fix segfault if target_fileio_read_alloc fails
gdb/tui: use wrefresh if output is not surpressed
[gdb/corefiles] Fix segfault in core_target_open
Bump GDB's version number to 16.2.90.DATE-git.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
bash uses K&R function declarations which have been removed in C23.
Since part of the build process (like the mkbuiltins helper) is written
in C, building bash now fails on hosts with GCC 15 (which defaults to
C23).
Since properly fixing this on the source code level is a larger
endeavor, just set the C standard to an old enough version for now.
Signed-off-by: Florian Larysch <fl@n621.de>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This patch was commited upstream, and released as part of sqlite 3.49.1
However, the configuration system changed between sqlite 3.48 and 3.49
from autotools to autosetup, and this has proven challenging to support
in Buildroot (see `git log package/sqlite`), hence why we are still on
sqlite 3.48.
Therefore, until the package build infrastructure correctly supports
building sqlite 3.49, let's simply import the upstream patch to address
the CVE.
Note: the upstream patch is on the orignal sqlite sources. Buildroot is
using the sqlite "amalgamation" source archive, which basically
concatenate all the source files in a single "sqlite3.c" file. So the
patch was reformated to apply correctly on the sqlite release archive.
Fixes:
https://www.cve.org/CVERecord?id=CVE-2025-29087
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
[Julien:
- reformat patch to be applicable on amalgamated sqlite sources
- add comment in commit log about patch format
- add "Fixes:" in commit log
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
On systems running GCC 15, host-cpio will fail to build with errors like
copyout.c:646:12: error: too many arguments to function 'xstat'; expected 0, have 2
and
main.c:407:13: error: assignment to 'int (*)(void)' from incompatible pointer type 'int (*)(const char * restrict, struct stat * restrict)' [-Wincompatible-pointer-types]
This was reported[1] and fixed upstream, but there is no new release
yet. Import the upstream patch for now.
Fixes:
https://autobuild.buildroot.org/results/a10c5f2b0f9cb05b2550fe97f1133deaaac97277/
(and many more)
[1] https://lists.gnu.org/archive/html/bug-cpio/2025-05/msg00000.html
Signed-off-by: Florian Larysch <fl@n621.de>
[Julien:
- add missing "Signed-off-by:" in patch to fix check-package error
- change "Upstream:" link to use the commitdiff in patch
- add "Fixes:" in commit log
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
When using host gcc 15, host-gmp fails at configure time with
error message:
configure: error: could not find a working compiler, see config.log for details
The error is due to the macro GMP_PROG_CC_WORKS in the file
acinclude.m4 containing C-code declaring functions without declaring
its parameters. This construct is now an error in C23, which is the
new default in gcc 15. See:
https://gcc.gnu.org/gcc-15/porting_to.html#c23
This commit fixes the issue by adding a package patch from
upstream changesets, not yet published in a release.
Even if gcc 15 is not yet included in Buildroot, this commit also
sets _AUTORECONF = YES for the target package in order to have this
package already fixed.
Fixes:
https://autobuild.buildroot.org/results/623634fa7bbeceeb6d90b15ce0abb1b9b4b24045/
Tested-by: Brigham Campbell <me@brighamcampbell.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Since 8.0.0, Redis now uses the fastfloat library as a bundled
dependency, and this library is written in C++ (even though the
rest of Redis is in plain C).
Therefore, we now require a toolchain with C++ support.
From https://github.com/redis/redis/blob/8.0.0/00-RELEASENOTES:
=======================================================
8.0 GA (v8.0.0) Released Fri 2 May 2025 12:00:00 IST
=======================================================
This is the General Availability release of Redis Open Source 8.0.
Redis 8.0 deprecates previous Redis and Redis Stack versions.
Stand alone RediSearch, RedisJSON, RedisTimeSeries, and RedisBloom are no longer needed as they are now part of Redis.
- Name change: Redis Community Edition is now Redis Open Source
- License change: licensed under your choice of
- (a) the Redis Source Available License 2.0 (RSALv2); or
- (b) the Server Side Public License v1 (SSPLv1); or
- (c) the GNU Affero General Public License (AGPLv3)
- Redis Query engine and 8 new data structures are now an integral part of Redis 8
- (1) Redis Query Engine, which now supports both horizontal and vertical scaling for search, query and vector workloads
- (2) JSON - a queryable JSON document
- (3) Time series
- (4-8) Five probabilistic data structures: Bloom filter, Cuckoo filter, Count-min sketch, Top-k, and t-digest
- (9) Vector set [beta] - a data structure designed for Vector Similarity Search, inspired by Sorted set
- These nine components are included in all binary distributions
- See instructions in the README.md file on how to build from source with all these components
- New configuration file: redis-full.conf - loads Redis with all these components,
and contains new configuration parameters for Redis Query engine and the new data structures
- New ACL categories: @search, @json, @timeseries, @bloom, @cuckoo, @cms, @topk, @tdigest
- Commands are also included in the existing ACL categories (@read, @write, etc.)
- More than 30 performance and resource utilization improvements
- A new I/O threading implementation which enables throughput increase on multi-core environments
(set with `io-threads` configuration parameter)
- An improved replication mechanism which is more performant and robust
- New hash commands - `HGETDEL`, `HGETEX`, `HSETEX`
For more details, see the release notes of 8.0-M01, 8.0-M02, 8.0-M03,8.0-M04, and 8.0-RC1
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This version allows to build with Linux 6.15. Makefile hase been refactored
and variable USER_EXTRA_CFLAGS has been renamed to USER_ccflags-y so let's
rename it accordingly.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
With this version we can build with Linux 6.14 and support for
cfg80211_rtw_get_txpower() has been added.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This commit adds BR2_DOWNLOAD_FORCE_CHECK_HASHES=y in the defconfig
and adds custom hash files. The exception entry in .checkpackageignore
is also removed.
Cc: Fabio Estevam <festevam@gmail.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The 'bird' package with only the `BR2_PACKAGE_BIRD_BFD=y` protocol
enabled fails to build with the following error
```
bison -Dparse.lac=full -Dparse.error=verbose -dv -pcf_ -b obj/conf/cf-parse obj/conf/cf-parse.y
proto/bfd/config.Y:204.27-33: error: symbol 'ADDRESS' is used, but is not defined as a token and has no rules
204 | | bfd_show_sessions_args ADDRESS net_or_ipa { net_copy(&($$->address...
| ^~~~~~~
```
The `ADDRESS` token is defined only when certain protocols (e.g. OSPF,
RIP, RPKI, or BGP) are enabled. As a result, builds including any of
these protocols do not encounter the issue.
The issue can be reproduced with the commands:
cat >.config <<EOF
BR2_aarch64=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_PACKAGE_BIRD=y
BR2_PACKAGE_BIRD_BFD=y
# BR2_PACKAGE_BIRD_BGP is not set
EOF
make olddefconfig
make bird
This patch backports upstream commits that define the `ADDRESS` token
for the BFD protocol.
Fixes:
https://autobuild.buildroot.org/results/68c5dd84585a7018ad57ea3e7134748c08858ef7/
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
[Julien: add commands to reproduce the issue]
Signed-off-by: Julien Olivain <ju.o@free.fr>
This version incorporates stability fixes and support for newer chip
generations.
The license hash change is only cosmetic, see the corresponding
commit[1] in the upstream repo.
Fix up defconfigs as needed since older TPL blob versions have gotten
removed.
[1] https://github.com/rockchip-linux/rkbin/commit/385bf9f1700cc4b7ab8af1ec96da02f4837c525a
Signed-off-by: Florian Larysch <fl@n621.de>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The i.MX defconfig files follow the following name pattern:
- freescale_<board_name>_defconfig when it uses software components,
such as kernel and U-Boot from NXP.
- <SoC_name><board_name>_defconfig when it uses software components,
such as kernel and U-Boot from upsream.
This imx28evk target uses U-Boot and kernel from upstream, so rename it to
imx28evk_defconfig for consistency.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This patch fixes the `S_IFMT` undeclared error in `statx.c` when musl
is used.
Signed-off-by: José Luis Salvador Rufo <salvador.joseluis@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
When compiling host-m4 1.4.19 with a host gcc 15 (which is the version
included in Fedora 42, released on 2025-04-15), compilation fails with
error:
In file included from gl_avltree_oset.h:21,
from gl_avltree_oset.c:21:
gl_oset.h:275:1: warning: 'nodiscard' attribute ignored [-Wattributes]
275 | GL_OSET_INLINE _GL_ATTRIBUTE_NODISCARD int
| ^~~~~~~~~~~~~~
gl_oset.h:275:40: error: expected identifier or '(' before 'int'
275 | GL_OSET_INLINE _GL_ATTRIBUTE_NODISCARD int
| ^~~
This error is due to the gnulib copy included in m4 1.4.19, which does
not detect properly the default C language standard of gcc 15 which
has been changed from "gnu17" to "gnu23". See [1]. Note that m4 1.4.19
is the latest version available at the time of this commit, and was
released in May 2021. The issue is tracked upstream in [2].
Upcoming m4 release is expected to fix this issue, by updating its
gnulib copy. See [3], which states: "Update to comply with newer C
standards, and inherit portability improvements from gnulib".
Until this new m4 version is released, this commit fixes the issue by
forcing the C langage standard to "-std=gnu17" (the previous gcc
default) when host-gcc 15 is detected.
Note that the "-std=gnu17" option was introduced in gcc 8. See [4].
This is the reason why this patch adds this option only when the
problematic gcc 15 version is detected.
See also the discussions around this patch at [5].
Fixes:
https://autobuild.buildroot.org/results/1c33ef0a710cfae13e496485787b351c8f951217/
(and many, many others)
[1] https://gcc.gnu.org/gcc-15/changes.html#c
[2] https://savannah.gnu.org/support/?111150
[3] https://git.savannah.gnu.org/cgit/m4.git/commit/?h=branch-1.4&id=a22c9802dd7e724eaefb21dc21d84ac2d3a49c89
[4] https://gcc.gnu.org/gcc-8/changes.html#c
[5] https://lore.kernel.org/buildroot/CAPWx8vsoJUt8YMJG1aUqFRK1=yizNbgjVjGL1Q1+9ygjJGnZLA@mail.gmail.com/
Signed-off-by: Joseph Zikusooka (ZIK) <zik@jambula.net>
Tested-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
[Julien:
- change mail url to lore.kernel.org for stable link
- reword, reflow and add extra info in the commit log
- force -std=gnu17 only when host gcc-15 is detected
- add a comment in .mk to remove the workaround at next bump
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
This fixes a potential NULL pointer dereference
As a side note, this package has many opened CVEs, but upstream doesn't seem
to really consider them as security issues, see their disclaimer here:
https://github.com/yasm/yasm/blob/master/SECURITY.md
We could speculate that this disclaimer has been written as a consequence of
the many small CVEs opened in a short time, that don't have a substantial
security impact (besides the command line tool crashing). All of these small
CVEs have been opened for bug reports issued by a third party who used a
fuzzy tester to manipulate the assembler input
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This fixes the following CVE:
- CVE-2025-1492: The Bundle Protocol and CBOR dissectors could crash
It may be possible to make Wireshark crash by injecting a malformed
packet onto the wire or by convincing someone to read a malformed
packet trace file.
See https://www.wireshark.org/security/wnpa-sec-2025-01
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Annoyingly, using "--disable warning" does not disable the warnings
checks.
It turns out that we look for "warnings" (i.e. with an 's') to know if
we should disable the warnings check, so update the help text
accordingly.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Since commit fd562315, which updated waf to v2.1.1, Buildroot has
encountered issues building mpv, likely due to an outdated version of
the waf build system.
Starting with mpv v0.35, meson was introduced as an alternative to waf,
and in mpv v0.37, waf was completely removed.
This commit updates the mpv makefile to use meson, resolving the build
issues and simplifying future updates to newer versions of mpv.
All options previously used for Waf have been translated to the new
build system by replacing `--disable-feature` with `-Dfeature=disabled`
(and similarly for enabling features). Some features have special
handling:
- The `/usr` prefix is automatically passed to meson packages by
default.
- The Android feature "has been removed since meson can detect if a
machine is Android"[1].
- The `libmpv` parameter has been enabled in the makefile as `libmpv`
must be built by default with mpv.
- Meson packages automatically set whether the library should be built
statically using the `default_library` meson parameter.
- Meson automatically detects the presence of `libatomic` and passes the
correct argument to the linker. However, it is possible to set the
`stdatomic` meson parameter to specify whether `libatomic` must or
must not be used.
Fixes:
https://autobuild.buildroot.org/results/68d42441fc0da34e1bf2a4247726f5f4ec3b8e77/
[1]: https://github.com/mpv-player/mpv/blob/140ec21c89d671d392877a7f3b91d67e7d7b9239/DOCS/build-system-differences.md?plain=1#L48
Signed-off-by: Thomas Bonnefille <thomas.bonnefille@bootlin.com>
Tested-by: J. Neuschäfer <j.ne@posteo.net>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The package strongswan relies on the `wc_RsaKeyToDer` & `wc_MakeRsaKey`
functions of WolfSSL. Building this package with the WolfSSL backend
by selecting the variable `BR2_PACKAGE_STRONGSWAN_WOLFSSL` would give
the following error:
```
libtool: compile: /home/buildroot/instance-0/output-1/host/bin/sparc-linux-gcc -DHAVE_CONFIG_H -I. -I../../../.. -I../../../../src/libstrongswan -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -DWC_NO_RNG -rdynamic -Wno-format -Wno-format-security -Wno-implicit-fallthrough -Wno-missing-field-initializers -Wno-pointer-sign -Wno-sign-compare -Wno-type-limits -Wno-unused-parameter -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Og -g0 -include /home/buildroot/instance-0/output-1/build/strongswan-5.9.14/config.h -c wolfssl_ed_public_key.c -o wolfssl_ed_public_key.o >/dev/null 2>&1
wolfssl_rsa_private_key.c: In function 'get_encoding':
wolfssl_rsa_private_key.c:366:31: error: implicit declaration of function 'wc_RsaKeyToDer'; did you mean 'wc_EccKeyToDer'? [-Wimplicit-function-declaration]
366 | len = wc_RsaKeyToDer(&this->rsa, encoding->ptr, len);
| ^~~~~~~~~~~~~~
| wc_EccKeyToDer
libtool: compile: /home/buildroot/instance-0/output-1/host/bin/sparc-linux-gcc -DHAVE_CONFIG_H -I. -I../../../.. -I../../../../src/libstrongswan -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -DWC_NO_RNG -rdynamic -Wno-format -Wno-format-security -Wno-implicit-fallthrough -Wno-missing-field-initializers -Wno-pointer-sign -Wno-sign-compare -Wno-type-limits -Wno-unused-parameter -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Og -g0 -include /home/buildroot/instance-0/output-1/build/strongswan-5.9.14/config.h -c wolfssl_ec_private_key.c -o wolfssl_ec_private_key.o >/dev/null 2>&1
wolfssl_rsa_private_key.c: In function 'wolfssl_rsa_private_key_gen':
wolfssl_rsa_private_key.c:490:13: error: implicit declaration of function 'wc_MakeRsaKey'; did you mean 'wc_FreeRsaKey'? [-Wimplicit-function-declaration]
490 | if (wc_MakeRsaKey(&this->rsa, key_size, WC_RSA_EXPONENT, &this->rng) < 0)
| ^~~~~~~~~~~~~
| wc_FreeRsaKey
```
Those functions are only present when building the WolfSSL library with
the keygen supports (`--enable-keygen`).
This patch change the selected package to enable all the option of
WolfSSL, which include the keygen as well.
Fixes:
- https://autobuild.buildroot.org/results/d0e/d0e94f501ad1afd25ae4112443f9af101dfa5dea
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This version bump removes CVE-2023-7152, which was incorrectly associated
with the micropython package in pkg-stats.
Although the CVE fix was already present in 1.22.0 the CVE only applied
to the preview version of 1.22.0. The CPE ID of the 1.22.0 matched with the
CPE ID of the 1.22.0 preview version as well.
This patch bumps to the latest patch-level version available in the 1.22.x
series to include additional fixes, rather than just adding the CVE to the
'MICROPYTHON_IGNORE_CVES' list.
The LICENSE hash has been updated, as the licenses used for the ports and
libraries have also been updated in the LICENSE file.
For more details on the version bump, see the release notes:
- https://github.com/micropython/micropython/releases/tag/v1.22.2
- https://github.com/micropython/micropython/releases/tag/v1.22.1
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This configuration builds an image for the Raspberry Pi 2 Rev 1.2
(64-bit).
Note: Raspberry Pi 2 Model B Rev 1.2[1] switched from BCM2836[2] to
BCM2837[3] that is 64-bit.
BCM2836[2]
The Broadcom chip used in the Raspberry Pi 2 Model B. The
underlying architecture in BCM2836 is identical to BCM2835. The
only significant difference is the removal of the ARM1176JZF-S
processor and replacement with a quad-core Cortex-A7 cluster.
BCM2837[3]
This is the Broadcom chip used in the Raspberry Pi 3 Model B,
later models of the Raspberry Pi 2 Model B, and the Raspberry Pi
Compute Module 3. The underlying architecture of the BCM2837 is
identical to the BCM2836. The only significant difference is the
replacement of the ARMv7 quad core cluster with a quad-core ARM
Cortex A53 (ARMv8) cluster.
The ARM cores run at 1.2GHz, making the device about 50% faster
than the Raspberry Pi 2. The VideoCore IV runs at 400MHz.
[1]: https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#flagship-series
[2]: https://www.raspberrypi.com/documentation/computers/processors.html#bcm2836
[3]: https://www.raspberrypi.com/documentation/computers/processors.html#bcm2837
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The Config.in comment in the dpdk package was wrong for a number of
reasons:
- It didn't mention the glibc dependency
- It didn't mention the gcc >= 4.9 dependency
- It mentioned a wchar dependency that isn't listed in the dpdk
dependencies
- It mentioned a dynamic library dependency that isn't listed in the
dpdk dependencies
- It used "kernel headers >= 4.19", while for brievity we use "headers
>= 4.19" everywhere in Buildroot
- Minor nit: DPDK was written allcaps, while we write package names
lower-case in Buildroot
Fixes: d17d1b6bde ("package/dpdk: add 24.07")
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The upstream URL was missing in the help text, so add it.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Add a runtime test for the 'dust' package to verify that the binary
executes correctly in a minimal buildroot rootfs. The test checks that:
- 'dust --version' runs without error
- 'dust' can analyze a directory structure with files
- The output includes the expected directory names
Signed-off-by: El Mehdi YOUNES <elmehdi.younes@smile.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Add a runtime test for the 'bat' package to verify that the binary executes
correctly in a minimal Buildroot rootfs.The test cheks that:
- 'bat --version' runs without error
- 'bat' can read and display a text file
- the displayed content matches the expected string
Signed-off-by: El Mehdi YOUNES <elmehdi.younes@smile.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This patch bumps:
- TF-A to version v2.12 (LTS)
- U-Boot to version v2025.04
- Linux kernel to version 6.12.24 (LTS)
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Reviewed-by: Bryan Brattlof <bb@ti.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Commit f78280bf26 ("package/sane-airscan: new package") added a new entry
in DEVELOPERS, but forgot to add the email address. Fix that.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
CONFIG_SMARTCARD was unconditionally disabled which has meant that
even if OpenSSL is compiled with engine support and the supplicant is
configured to use an engine it would warn that it was compiled without
engine support.
This mechanism is used to enable the more secure forms of 802.1x
networking authentication such as EAP-TLS with hardware-delegated
cryptography and private keys protected in hardware.
Enabling the option will allow delegating private key access to TPM2,
ARM TrustZone and other specialized secure hardware for establishing a
network connection.
Signed-off-by: Lars Wikman <lars@underjord.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The v1 of the patch that is in Buildroot ended up being reworked and
merged from a v2, therefore let's update the patch by using the merged
commit instead.
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
libcamera migrated to use an ioctl for detecting frame sizes which is
only available in kernels 6.4 and later. If it doesn't exist, default
frame sizes are used. However the min and max resolutions supported by
the pipeline weren't initialized for kernels where that ioctl isn't
available and ended up creating invalid configuration that later
crashed.
The introducing commit was part of the v0.4.0 release.
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Release:
https://github.com/bootandy/dust/releases/tag/v1.1.2
Note: version 0.9.0 of dust fails to build when running
the runtime test on the armv7 architecture due to an
unconditional import of Atomicu64.
error:
Compiling config-file v0.2.3
error[E0432]: unresolved import `std::sync::atomic::AtomicU64`
--> src/progress.rs:6:18
|
6 | atomic::{AtomicU64, AtomicU8, AtomicUsize, Ordering},
| ^^^^^^^^^
| |
| no `AtomicU64` in `sync::atomic`
| help: a similar name exists in the module: `AtomicU32`
For more information about this error, try `rustc --explain E0432`.
error: could not compile `du-dust` (bin "dust") due to 1 previous error
This issue was discovered while writing a runtime test
for dust. upgrading to version 1.1.2 resolves the issue.
More details available in the following issue:
https://github.com/bootandy/dust/issues/423
For now, we bump to the latest compatible version
which builds and runs correctly. We can't bump to the latest
version 1.2.0 since it requires a cargo version newer than
1.82.0.
error:
-- The package requires the Cargo feature called `edition2024`, but that feature is not stabilized in this version of Cargo (1.82.0 (8f40fc59f 2024-08-21)).
Consider trying a newer version of Cargo (this may require the nightly release).
The upgrade to 1.2.0 will be considered once the patch for
Rust 1.86.0 is accepted.
Signed-off-by: El Mehdi YOUNES <elmehdi.younes@smile.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The version bump in [1] introduced the upstream commit [2] which made
builds using toolchain without thread support fail to build libcoap.
This patch adds an option check in the libcoap.mk file to verify
the toolchain has thread support and passes the correct configuration
options introduced in [2] as well.
The build can be tested with the following config.
```
BR2_armeb=y
BR2_cortex_a76_a55=y
BR2_ARM_EABI=y
BR2_ARM_SOFT_FLOAT=y
BR2_TOOLCHAIN_BUILDROOT_UCLIBC=y
BR2_PTHREADS_NONE=y
BR2_PACKAGE_LIBCOAP=y
```
Fixes:
https://autobuild.buildroot.org/results/9c0/9c0b675a64fb2576bc34457043f118cffe5fe555//
[1] 4df4d1d312 package/libcoap: bump version to 4.3.5
[2] https://github.com/obgm/libcoap/commit/c69c5d5af0a30859e90756f535e2ca21cdeda0b2
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Jugurtha's email address is bounding:
550 5.1.1 The email account that you tried to reach does not exist. Please try double-checking the recipient's email address for typos or unnecessary spaces.
Remove it from the DEVELOPERS file so that utils/get-developers
doesn't send emails to non-existent addresses.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Release notes:
https://github.com/harfbuzz/harfbuzz/releases/tag/11.1.0
Since the major release changed all the packages that have direct
dependency to harfbuzz have been successfully built:
- efl
- libass
- mupdf
- pango
- qt5base
- qt5webengine
- qt6base
- sdl2_ttf
- supertuxkart
- vlc
- webkitgtk
- wpewebkit
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The 2024.02.13 entry should use the timeline-inverted class to get rendered
at the right side of the screen.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The NXP BSPs have custom support for a 25G Ethernet retimer
(drivers/net/phy/in112525.c in U-Boot) for the LX2160A-RDB board.
That driver requires a text file to be located at a given offset in the
same storage device as U-Boot itself. The text file contains a list of
register addresses and values which are programmed into the retimer.
All in all, a pretty convoluted mechanism, but the driver is
non-upstreamable, and to support the board we need this "firmware" file
deployed.
Signed-off-by: Vladimir Oltean <olteanv@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The configuration files for the MC firmware binary are distributed
through a separate repository on GitHub, and need a different package.
They are licensed differently than the firmware itself, and unlike the
firmware, they are customizable.
There are two ways for a board to use this package - similar to
qoriq-rcw. If it is an NXP reference board or if the example files
otherwise work fine with it, it is recommended to set the _INTREE
variables to select a pre-existing DPL and DPC. Otherwise, if it is a
custom board, the best solution is to just provide the DPL and DPC dts
files in board/, and set the _CUSTOM_PATH variables to point to them.
There are also two ways to deploy to the target.
Traditionally in NXP BSPs, U-Boot loads the MC firmware, DPL and DPC
from given offsets in the storage medium (outside of the filesystem).
But this is not hardcoded and it doesn't have to be the case - the
mcinitcmd U-Boot environment variable is freely customizable. What can
also be done, and is done for the LX2160A-RDB, is to deploy multiple DPL
and DPC files (all the files available for a board) to a folder of the
rootfs, and just have two symlinks: dpl.dtb and dpc.dtb which point to
the currently active files. This makes easier the processes of
upgrading, downgrading and keeping multiple file versions.
Nonetheless, the "traditional" method of deploying to the target is also
possible. The selected DPL and DPC files are deployed to the "images"
folder and are freely usable with genimage or other post-image scripts.
Signed-off-by: Vladimir Oltean <olteanv@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add a package which deploys the NXP MC (Management Complex) firmware
to the target. This is necessary for NXP DPAA2 SoCs (LS1088A, LS2080A,
LS2088A, LX2160A).
The MC firmware is deployed by default to the $O/images/ folder, where
it can be used by post-build scripts. Additionally, if
BR2_PACKAGE_QORIQ_MC_BINARY_TARGET_INSTALL_PATH is specified and if the
board mcinitcmd is written as such as to pick it up, it is optionally
deployed to the filesystem.
The API exposed by the MC firmware respects backwards compatibility
principles, which means that the latest firmware version can always be
(and should always be) used on a platform, irrespective of the Linux,
U-Boot, RCW and restool versions, even though the latest features might
not be used by older API consumers.
In terms of forwards compatibility, old MC firmware versions can be
used as long as the qoriq-restool package is built with a
MC_VERSION_COMPATIBLE variable (located in its Makefile, signifying
"minimum compatible version") older than, or equal to it.
If the use of qoriq-restool is not desired (networking objects are
statically created by the DPL), old MC firmware versions are supported
by U-Boot and the Linux kernel with a limited feature set. Thus, it
is still possible to an extent to use firmware versions older than
MC_VERSION_COMPATIBLE.
According to the upstream maintainer, the latest MC firmware version
is identified by the fact that it is always located at the HEAD of the
"master" branch:
https://lore.kernel.org/buildroot/482493f17e63d2b4cb285b50049ed8e6@free.fr/T/#m62c3ec04ba546ac9b0a194d13bc35fedeaa9deb0
Currently, the latest MC firmware version is 10.39.0. This version
should be in sync with the qoriq-mc-utils package.
At this stage, the latest lf-6.12.3-1.0.0 NXP BSP has qoriq-restool with
an MC_VERSION_COMPATIBLE='10.32.0', which means that it supports this MC
firmware version.
https://github.com/nxp-qoriq/restool/blob/lf-6.12.3-1.0.0/Makefile#L23
Note that the MC firmware also used to be distributed through
linux-firmware:
https://web.git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/dpaa2/mc?h=20250311
I don't know what was the reason for doing that, but it stopped being
updated and the versions there are quite old.
Signed-off-by: Vladimir Oltean <olteanv@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
linux-tools opportunistically set linux as only a patch dependency. This
unfortunately introduces a race condition in the shared linux scripts
when using PER_PACKAGE_DIRECTORIES and using top level parallelism. The
race manifests as the error "/bin/sh: 1: scripts/basic/fixdep:
Permission denied". This happens when the linux package and the
linux-tools package are being compiled in parallel.
The linux-tools currently using fixdep are perf and rtla. When the
timing is correct, perf, rtla, or the kernel Makefile will try to use
fixdep while one of the others is compiling fixed, resulting in fixdep
being briefly not available.
To fix this, set linux as a build dependency instead of a patch
dependency.
Signed-off-by: Charlie Jenkins <charlie@rivosinc.com>
Reviewed-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When the riscv vector extension is enabled for pixman, it assumes that
the kernel headers also support riscv vector. Apply a patch that
disables riscv vector in pixman if the Linux headers do not support
COMPAT_HWCAP_ISA_V which pixman requires for vector runtime detection.
This issue exists since pixman 0.44.0, which Buildroot started using
in commit ba2fb599cd.
Fixes:
http://autobuild.buildroot.net/results/4ecdf5320716ec8b39f09fde3fcbbdcdb557f8ab/
Signed-off-by: Charlie Jenkins <charlie@rivosinc.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Pixman defaults to building with the riscv vector extension. Instead,
only build with vector if the buildroot user has selected
BR2_RISCV_ISA_RVV.
This option exists since pixman 0.44.0, to which the Buildroot package
was updated as part of Buildroot commit
ba2fb599cd.
Signed-off-by: Charlie Jenkins <charlie@rivosinc.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This will be part of 6.15.0 release.
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
[Julien: fix check-package error by adding "Upstream:" tag in patch]
Signed-off-by: Julien Olivain <ju.o@free.fr>
This release called "Бузина" (Elderberry) of the stable libmdbx branch.
Please visit https://libmdbx.dqdkfa.ru for more information, changelog,
credits and acknowledgments, documentation, C++ API description and
links to the original git repo with the source code. Questions, feedback
and suggestions are welcome to the Telegram' group https://t.me/libmdbx.
Since 0.13.x libmdbx is licensed under the Apache 2.0 License.
For notes about the license change, please refer to the COPYRIGHT file
within original libmdbx source code repository
https://gitflic.ru/project/erthink/libmdbx
Signed-off-by: Леонид Юрьев (Leonid Yuriev) <leo@yuriev.ru>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The "modprobe brcmfmac" command is not necessary because this driver
is automatically loaded.
Remove the "iwconfig" line as it is considered deprecated:
warning: `iwconfig' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
Remove the "-Dwext" parameter as it is not supported by the default kernel
configuration:
wlan0: Unsupported driver 'wext'
Tested Wifi by following the updated commands.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Both busybox.config and busybox-minimal.config set
CONFIG_FEATURE_EDITING_SAVEHISTORY=y. This causes the Busybox shell to
write the history file after every command, which can be a problem on
storage with limited write cycles (e.g. eMMC).
Set CONFIG_FEATURE_EDITING_SAVE_ON_EXIT=y to change behavior to write
the history file only on exit, which reduces writes without losing the
history feature.
Signed-off-by: Fiona Klute (WIWA) <fiona.klute@gmx.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Restart would regularly fail because it did not wait for the old
process to be gone before starting the new one. Rewrite the script
according to current style to fix that, and add reload support (see
mosquitto docs for limitations of reload).
Signed-off-by: Fiona Klute (WIWA) <fiona.klute@gmx.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
As of Flutter 3.27.4, the flutter-engine github repository is archived, and the
flutter-engine source code now resides at https://github.com/flutter/flutter/.
Because of the above, the following changes must occure:
- Paths are now prefixed with engine/src.
- The "name" field in the dot-gclient file is now "./", and the gen-tarball
script:
- Makes the dl-tmp/src dir
- Copies the dot-gclient file to the dl-tmp/src dir
- Runs gclient.py inside of the dl-tmp/src dir
Without these changes, gclient creates two directores:
dl-tmp/src/flutter and dl-tmp/src/engine, and cloning fails with the following
error:
```
python3: can't open file 'dl-tmp/src/engine/src/flutter/tools/pub_get_offline.py':
[Errno 2] No such file or directory
```
because the file resides at src/flutter/engine/src/flutter/tools.
Changing the name from src/flutter to ./ and running gclient.py directly in
the src directory creates a proper directory structure suitable for compiling.
Of course, this also means there is a new pushd in the gen_tarball method to
move to ${SCRATCH_DIR} to ensure the tarball is generated outside of the
source directory.
Tested with run-tests tests.package.test_flutter.TestFlutter.test_run.
The license file has changed, but it's still BSD-3-Clause.
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The test timeout is no longer sufficient, so double it.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Importing urllib3 already allows us to check that for example zlib can
be loaded at runtime.
For good measure, also create the PoolManager object mentioned in the
user guide ([1]), and check that we can normalize a URL like it is
done in urllib3's 'test/test_util.py'.
[1]: https://urllib3.readthedocs.io/en/stable/user-guide.html
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
See release announce [1].
The src/mygetopt.h file license was updated from BSD-4-Clause to
BSD-2-Clause in upstream commit [2]. This change makes this file using
the same license as most other files. So this commit removes the
license entry for this file and update the _LICENSE accordingly.
This commit also replaces the mention "one file" on BSD-3-Clause, to
the actual file name using it, which is "vasprintf.c".
This commit also updates the Config.in package homepage URL,
to use https.
[1] https://mailman.astron.com/pipermail/file/2024-November/001435.html
[2] https://github.com/file/file/commit/d605bb40478c4ce94aef88316d3a928b3da746f5
Signed-off-by: Julien Olivain <ju.o@free.fr>
Reviewed-by: Vincent Jardin <vjardin@free.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Commit 675cbaf9aa (package/qt5/qt5webengine: bump to version 5.15.8)
moved the chromium submodule in a separate qt5webengine-chromium
package. It removed the inclusion of
"package/qt5/qt5webengine/chromium-latest.inc" but forgot to remove
the file.
A similar file was introduced in commit 577d886886
(package/qt5/qt5webengine-chromium: new package), included in its
own qt5webengine-chromium.mk package recipe.
This commit drops the chromium-latest.inc file in qt5webengine
which is no longer used.
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
[Julien: add extra explanation in commit log]
Signed-off-by: Julien Olivain <ju.o@free.fr>
The bump of packages rpi-firmware and linux have to by synced, since the
linux package does not install yet its device-tree overlay blobs.
This adds a note to remind to keep in sync the versions of rpi-firmware
package and kernel (set in the defconfigs).
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
[Julien: rebase patch to resolve context conflict with commit 80ccb3e667]
Signed-off-by: Julien Olivain <ju.o@free.fr>
$ fluent-bit
fluent-bit: error while loading shared libraries: libminiz.so.3: cannot open shared object file: No such file or directory
Commit 527deef "package/fluent-bit: bump to 3.2.10",
dropped the BUILD_SHARED_LIBS=OFF off part, because miniz uses
static linking by default now, but runtime execution shows otherwise,
so revert to fix.
Signed-off-by: Thomas Devoogdt <thomas.devoogdt@barco.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Commit [1] "support/testing: improve weston test reliability" moved
out the wait time from the emulator (to run on the test controller).
While doing so, the sleep time which was initially _after_ the
"killall weston" invocation to in stop_weston() was incorrectly
moved before the command invocation. In this state, the test can
succeed on fast host computer running the test. But it will most
likely fail on an average computer.
This commit fixes this issue by moving the sleep time after
the command invocation.
[1] https://gitlab.com/buildroot.org/buildroot/-/commit/6561a5d773d8e159556e2b911b315e3b5a0b89b1
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The patch bumps the Linux kernel to version 5.15.179 and, for the SD
configuration, also updates U-Boot to version 2025.04.
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The patch bumps the Linux kernel to version 6.1.133. The size of xipImage
has increased by only 22 bytes (1671804 bytes compared to 1671782 in
version 6.1.126).
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
lmbench dependency discovery relies on implicit return types for
main(). This causes compiler errors when -Wimplicit-int is enabled,
which has become the default with recent gcc versions. The failure of
the dependcy discovery causes lmbench to redifine typedefs the
compiler already has in an incompatible manner. Add a patch to fix the
discovery.
Fixes:
bench.h:81:13: error: conflicting types for ‘socklen_t’; have ‘int’
81 | typedef int socklen_t;
bench.h:85:15: error: conflicting types for ‘off64_t’; have ‘int64’ {aka ‘long long int’}
85 | typedef int64 off64_t;
Fixes:
http://autobuild.buildroot.net/results/33cf97a79125c20f67f620eb6a7b5ad2206b2503/
Signed-off-by: Charlie Jenkins <charlie@rivosinc.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
libcamera has some optional dependencies that automatically detected at
build time.
To improve reproducibility, we should add a dependency on those optional
dependencies if the symbols that build them are enabled so that the
order in which packages are built does not influence the libcamera
package.
Note that the optional libyuv dependency isn't added as:
1) it is only used for the virtual pipeline and the android feature,
both of which are disabled/not supported right now,
2) libcamera has it in a submodule if missing (though if that works with
Buildroot is to be determined),
3) adding the dependency isn't enough as meson somehow doesn't find the
dependency,
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
meson allows to force all features set to "auto" to default to disabled
except if explicitly enabled via the auto_features argument, c.f.
https://mesonbuild.com/Build-options.html#features
"""
If the value of a feature option is set to auto, that value is
overridden by the global auto_features option (which defaults to auto).
This is intended to be used by packagers who want to have full control
on which dependencies are required and which are disabled, and not rely
on build-deps being installed (at the right version) to get a feature
enabled.
"""
The only auto feature that we hadn't disabled explicitly is the
gstreamer plugin. It is however expected that this wasn't a mistake as
the dependencies for the gstreamer pluging wouldn't have been met
thanks to the explicit LIBCAMERA_DEPENDENCIES we have based on the
presence of the gstreamer symbols in the global config.
This should make it less likely for future releases of libcamera to
regress in terms of reproducibility because of "auto" features (though
changes from "auto" to "enabled" wouldn't be caught and would be
susceptible to race conditions with their dependencies in case they
aren't properly specified and built after libcamera is).
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We currently disable building the documentation via the "documentation"
feature, but it is enabled nonetheless by meson if sphinx-build-3 is
found on the host.
This makes sure it doesn't happen by making the sphinx-build-3 check
only happen when the "documentation" feature is "auto" or "enabled",
which isn't the case for Buildroot.
The bug seems to have been introduced in v0.0.1 release.
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit c1597f989654 ("ipa: raspberrypi: Use YamlParser to replace
dependency on boost"), part of the v0.0.1 release, removed the
dependency on boost, so let's remove it from the pipeline option and
dependency for Buildroot.
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Python was bumped from 3.12.x to 3.13.x since the commit
d63e207eb8.
The module pipes is no longer part of the Python standard library. It
was removed in Python 3.13 after being deprecated in Python 3.11. The
last version of Python that provided the pipes module was Python 3.12.
See[1].
The chromium project in qt5webengine-chromium is very old (87-based[2]).
This backports a change removing the use of pipes that was first
introduced in 114.0.5696.0[3] to fix the error below:
[174/23445] ACTION //components/resources:about_credits(/builds/buildroot.org/buildroot/output/build/qt5webengine-5.15.14/src/toolchain:target)
FAILED: gen/components/resources/about_credits.html
/builds/buildroot.org/buildroot/output/build/qt5webengine-5.15.14/host-bin/python ../../3rdparty/chromium/tools/licenses.py --target-os=linux --depfile gen/components/resources/about_credits.d credits gen/components/resources/about_credits.html
/builds/buildroot.org/buildroot/output/build/qt5webengine-5.15.14/src/3rdparty/chromium/build/android/gyp/util/build_utils.py:628: SyntaxWarning: invalid escape sequence '\('
r = re.compile('@FileArg\((.*?)\)')
Traceback (most recent call last):
File "/builds/buildroot.org/buildroot/output/build/qt5webengine-5.15.14/src/core/release/../../3rdparty/chromium/tools/licenses.py", line 37, in <module>
from util import build_utils
File "/builds/buildroot.org/buildroot/output/build/qt5webengine-5.15.14/src/3rdparty/chromium/build/android/gyp/util/build_utils.py", line 15, in <module>
import pipes
ModuleNotFoundError: No module named 'pipes'
[1]: https://docs.python.org/3/library/pipes.html
[2]: https://github.com/qt/qtwebengine/blob/v5.15.14-lts-lgpl/CHROMIUM_VERSION
[3]: https://github.com/chromium/chromium/commit/4c6fc1984970af4b2b1765014c9ddcd957ad7dda
Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/9677167367
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Some EDK II configurations have complex dependencies on several packages
and additional build options; build tests help keeping track of those
more easily.
Factorize some code common to all the build tests into a new
TestEdk2BuildBase class, which defines a base configuration and a method
to assert that binaries do indeed exist after the build.
While at it, add myself in DEVELOPERS.
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Dick Olsson <hi@senzilla.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The patch bumps Arm Trusted Firmware (TF-A) to version 2.10 LTS for
- stm32mp157a_dk1_defconfig
- stm32mp157c_dk2_defconfig
the Linux kernel to version 6.12.22 and U-Boot to version 2025.04 for
- stm32mp135f_dk_defconfig
- stm32mp157a_dk1_defconfig
- stm32mp157c_dk2_defconfig
The new version of U-Boot has added EFI Capsule support, which depends on
GnuTLS, thus requiring the activation of BR2_TARGET_UBOOT_NEEDS_GNUTLS
for stm32mp135f_dk_defconfig.
Tested on STM32MP157C-DK2 Discovery Board.
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Reviewed-by: Raphaël Gallais-Pou <rgallaispou@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The manual states that FOO_DL_OPTS are valid for all the different
download backends, but that is not the case: at least the git backend
does not use them (it does not fail, it just ignores them).
Accept FOO_DL_OPTS in the git backend, and pass them to 'git fetch'.
There is no way that we can pass such options to submodules or lfs,
though.
Update the manual accordingly.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The dependencies for pulseview are not entirely clean:
- arch deps are not first;
- second-level inherited deps are listed;
- deps are not alphabetically ordered (for deps on packages);
- the comment is hidden even when the arch deps are met, because of an
incorrect dependency on Qt5;
- qt5 is a depends-on when it could be a select.
Update the dependencies to fix all the points above.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The currently referenced homepage is a cyber-squatter. Switch to the new
official homepage.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Some protocol decoders in libsigrokdecode need the zlib module:
srd: ModuleNotFoundError: Failed to load decoder usb_power_delivery: import by name failed: No module named 'zlib'
srd: Traceback (most recent call last):
File "/usr/share/libsigrokdecode/decoders/usb_power_delivery/__init__.py", line 24, in <module>
from .pd import *
File "/usr/share/libsigrokdecode/decoders/usb_power_delivery/pd.py", line 24, in <module>
import zlib # for crc32
^^^^^^^^^^^
ModuleNotFoundError: No module named 'zlib'
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Changelog:
- afa57cc libubus: add support for using channels
- d996988 libubus: close file descriptor after sending it from a request
- 252a9b0 libubus: Make UBUS_* macros work cleanly in C++
- 65bb027 CMakeLists.txt: bump minimum cmake version
- f84eb59 libubus: fix initial subscribe with autosubscribe
- 2b39a27 libubus: fix reconnect with auto subscribe
- b3e8c4e Add auto subscribe support
Signed-off-by: Lance Fredrickson <lancethepants@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Changelog:
- 3868f47 blob: constify attr argument to blob_memdup
- eb9bcb6 ustream: prevent recursive calls to the read callback
- 12bda4b CI: add CodeQL workflow tests
- a2fce00 CI: add build test run
- c1be505 udebug: fix crash in udebug_entry_vprintf with longer strings
- 6339204 CMakeLists.txt: bump minimum cmake version
- ca3f6d0 udebug: fix file descriptor initialization for __udebug_buf_map
- df5b714 udebug: add mips specific quirk
- d27acfe udebug: add more checks for uninitialized buffers
- 40acbe3 udebug: wait for response after buffer add/remove
- e84c000 udebug: add inline helper function to test if a buffer is allocated
- 325fea5 udebug: add functions for manipulating entry length
- e80dc00 link librt if needed for shm_open
- 260ad5b udebug: add ulog support
- b77f2a4 uloop: fix build using C++ compilers
- d4c3066 udebug: add udebug library code
- b3fa3d9 uloop: reset flags after __uloop_fd_delete call
- 8a5a431 uloop: fix typo in signal handling rework
- f7d1569 uloop: properly initialize signal handler mask
- 13d9b04 uloop: add support for user defined signal handlers
- 82fa648 uloop: add support for interval timers
Signed-off-by: Lance Fredrickson <lancethepants@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since iptables v1.8.11, `iptables -C` commands return unexpected zero status
even for cases when the rules don't exist. This breaks e.g. standard Docker
operation, where checking for existing rules is used extensively when creating
networks.
The patch fixing the behavior is available upstream - apply it to v1.8.11
before a newer version is available.
Signed-off-by: Jan Čermák <sairon@sairon.cz>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The ARMV7-A toolchains are capable to compile binaries for ARMv8-A CPU
in AArch32 execution state.
This adds the BR2_ARM_CPU_ARMV8A option in the 'conditions' to allow
ARMV8-A CPU such as Cortex-A53 or Cortex-A72 to use ARMV7-A toolchains.
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Without this, packages using libopenmpt are not able to find
the dependency.
Signed-off-by: J. Neuschäfer <j.neuschaefer@gmx.net>
[Julien: reword commit log]
Signed-off-by: Julien Olivain <ju.o@free.fr>
The patch bumps the Linux kernel to version 6.12.23 and U-Boot to
version 2025.04.
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The patch bumps the Linux kernel to version 6.1.134 and U-Boot to
version 2025.04.
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This installs the device-tree blob for the Raspberry Pi 500.
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The ARM64 bcmrpi3_defconfig has been deleted since 6.12.20[1]. It was
introduced since 4.9.11[2]. It appears to be the 64-bit version of the
ARM bcm2709_defconfig used by Raspberry Pi 2 and Raspberry Pi 3.
The .github/workflows/kernel-build.yml was introduced in 5.15.81[3], and
it shows the ARM64 bcm2711_defconfig is used to build the kernel8.img of
the Raspberry Pi 4 (released in June 2019). The ARM64 bcmrpi3_defconfig
appears to be not used officially, even it was still maintained accross
the different bumps.
The raspberrypi-firmware[5] repository has introduced the kernel8.img
image with 4.19.69[6], and the Raspberry Pi 4 was released a little bit
earlier since 4.19.50 with the ARM64 kernel8.img[7] image (and the ARM
kernel7l.img[8]) (released in September 2019). That kernel8.img appears
to boot the Raspberry Pi 4 (using the ARM64 bcm2711_defconfig).
Raspberry Pi OS 64-bit boots the image kernel8.img on Raspberry 3. The
64-bit version was released in February 2022. It is not certain it takes
the kernel images from the raspberrypi-firmware repository. However, the
firmware boots the exact same image kernel8.img on a Raspberry Pi 3 and
on a Raspberry Pi 4.
Raspberry Pi OS 64-bit on Raspberry Pi 3:
MESS:00:00:01.423488:0: brfs: File read: /mfs/sd/config.txt
MESS:00:00:01.428389:0: brfs: File read: 1361 bytes
MESS:00:00:01.493416:0: brfs: File read: /mfs/sd/config.txt
MESS:00:00:01.498339:0: gpioman: gpioman_get_pin_num: pin LEDS_PWR_OK not defined
MESS:00:00:02.009915:0: gpioman: gpioman_get_pin_num: pin DISPLAY_DSI_PORT not defined
MESS:00:00:02.016952:0: gpioman: gpioman_get_pin_num: pin DISPLAY_DSI_PORT not defined
MESS:00:00:02.024731:0: gpioman: gpioman_get_pin_num: pin LEDS_PWR_OK not defined
MESS:00:00:02.031018:0: *** Restart logging
MESS:00:00:02.034892:0: brfs: File read: 1361 bytes
MESS:00:00:02.067531:0: gpioman: gpioman_get_pin_num: pin EMMC_ENABLE not defined
MESS:00:00:02.083340:0: HDMI0: hdmi_pixel_encoding: 162000000
MESS:00:00:03.164055:0: brfs: File read: /mfs/sd/initramfs8
MESS:00:00:03.167936:0: Loaded 'initramfs8' to 0x0 size 0x110451e
MESS:00:00:03.193834:0: initramfs loaded to 0x2defb000 (size 0x110451e)
MESS:00:00:03.208482:0: dtb_file 'bcm2710-rpi-3-b.dtb'
MESS:00:00:03.211926:0: brfs: File read: 17843486 bytes
MESS:00:00:03.221150:0: brfs: File read: /mfs/sd/bcm2710-rpi-3-b.dtb
MESS:00:00:03.225810:0: Loaded 'bcm2710-rpi-3-b.dtb' to 0x100 size 0x8783
MESS:00:00:03.247884:0: brfs: File read: 34691 bytes
MESS:00:00:03.264054:0: brfs: File read: /mfs/sd/overlays/overlay_map.dtb
MESS:00:00:03.296063:0: brfs: File read: 5423 bytes
MESS:00:00:03.302800:0: brfs: File read: /mfs/sd/config.txt
MESS:00:00:03.306807:0: dtparam: audio=on
MESS:00:00:03.317529:0: brfs: File read: 1361 bytes
MESS:00:00:03.341294:0: brfs: File read: /mfs/sd/overlays/vc4-kms-v3d.dtbo
MESS:00:00:03.392937:0: Loaded overlay 'vc4-kms-v3d'
MESS:00:00:03.500706:0: brfs: File read: 2760 bytes
MESS:00:00:03.504586:0: brfs: File read: /mfs/sd/cmdline.txt
MESS:00:00:03.509305:0: Read command line from file 'cmdline.txt':
MESS:00:00:03.515172:0: 'console=serial0,115200 console=tty1 root=PARTUUID=28fec58e-02 rootfstype=ext4 fsck.repair=yes rootwait cfg80211.ieee80211_regdom=GB'
MESS:00:00:03.658110:0: brfs: File read: 132 bytes
MESS:00:00:04.203939:0: brfs: File read: /mfs/sd/kernel8.img
MESS:00:00:04.207882:0: Loaded 'kernel8.img' to 0x200000 size 0x8dab16
MESS:00:00:05.880351:0: Device tree loaded to 0x2def2300 (size 0x8c7c)
MESS:00:00:05.886331:0: uart: Set PL011 baud rate to 103448.300000 Hz
MESS:00:00:05.892855:0: uart: Baud rate change done...
MESS:00:00:05.896271:0: uart: Baud rate
Raspberry Pi OS 64-bit on Raspberry Pi 4:
MESS:00:00:04.721959:0: brfs: File read: /mfs/sd/config.txt
MESS:00:00:04.725196:0: brfs: File read: 1361 bytes
MESS:00:00:04.750539:0: HDMI0:EDID error reading EDID block 0 attempt 0
MESS:00:00:04.755048:0: HDMI0:EDID giving up on reading EDID block 0
MESS:00:00:04.771935:0: HDMI1:EDID error reading EDID block 0 attempt 0
MESS:00:00:04.776437:0: HDMI1:EDID giving up on reading EDID block 0
MESS:00:00:04.783084:0: brfs: File read: /mfs/sd/config.txt
MESS:00:00:05.589127:0: gpioman: gpioman_get_pin_num: pin DISPLAY_DSI_PORT not defined
MESS:00:00:05.594675:0: gpioman: gpioman_get_pin_num: pin DISPLAY_DSI_PORT not defined
MESS:00:00:05.603705:0: *** Restart logging
MESS:00:00:05.605484:0: brfs: File read: 1361 bytes
MESS:00:00:05.615585:0: hdmi: HDMI0:EDID error reading EDID block 0 attempt 0
MESS:00:00:05.620610:0: hdmi: HDMI0:EDID giving up on reading EDID block 0
MESS:00:00:05.631233:0: hdmi: HDMI0:EDID error reading EDID block 0 attempt 0
MESS:00:00:05.636263:0: hdmi: HDMI0:EDID giving up on reading EDID block 0
MESS:00:00:05.641861:0: hdmi: HDMI:hdmi_get_state is deprecated, use hdmi_get_display_state instead
MESS:00:00:05.655652:0: hdmi: HDMI1:EDID error reading EDID block 0 attempt 0
MESS:00:00:05.660683:0: hdmi: HDMI1:EDID giving up on reading EDID block 0
MESS:00:00:05.671304:0: hdmi: HDMI1:EDID error reading EDID block 0 attempt 0
MESS:00:00:05.676328:0: hdmi: HDMI1:EDID giving up on reading EDID block 0
MESS:00:00:05.681926:0: hdmi: HDMI:hdmi_get_state is deprecated, use hdmi_get_display_state instead
MESS:00:00:05.690690:0: HDMI0: hdmi_pixel_encoding: 300000000
MESS:00:00:05.696162:0: HDMI1: hdmi_pixel_encoding: 300000000
MESS:00:00:07.208184:0: brfs: File read: /mfs/sd/initramfs8
MESS:00:00:07.210644:0: Loaded 'initramfs8' to 0x0 size 0x110451e
MESS:00:00:07.230307:0: initramfs loaded to 0x2defb000 (size 0x110451e)
MESS:00:00:07.243252:0: dtb_file 'bcm2711-rpi-4-b.dtb'
MESS:00:00:07.245284:0: brfs: File read: 17843486 bytes
MESS:00:00:07.256366:0: brfs: File read: /mfs/sd/bcm2711-rpi-4-b.dtb
MESS:00:00:07.259609:0: Loaded 'bcm2711-rpi-4-b.dtb' to 0x100 size 0xdb30
MESS:00:00:07.279767:0: brfs: File read: 56112 bytes
MESS:00:00:07.296967:0: brfs: File read: /mfs/sd/overlays/overlay_map.dtb
MESS:00:00:07.324428:0: brfs: File read: 5423 bytes
MESS:00:00:07.328614:0: brfs: File read: /mfs/sd/config.txt
MESS:00:00:07.331591:0: dtparam: audio=on
MESS:00:00:07.340485:0: brfs: File read: 1361 bytes
MESS:00:00:07.363861:0: brfs: File read: /mfs/sd/overlays/vc4-kms-v3d-pi4.dtbo
MESS:00:00:07.431733:0: Loaded overlay 'vc4-kms-v3d-pi4'
MESS:00:00:07.603996:0: brfs: File read: 3913 bytes
MESS:00:00:07.606532:0: brfs: File read: /mfs/sd/cmdline.txt
MESS:00:00:07.611170:0: Read command line from file 'cmdline.txt':
MESS:00:00:07.617044:0: 'console=serial0,115200 console=tty1 root=PARTUUID=28fec58e-02 rootfstype=ext4 fsck.repair=yes rootwait cfg80211.ieee80211_regdom=GB'
MESS:00:00:07.756492:0: brfs: File read: 132 bytes
MESS:00:00:08.544420:0: brfs: File read: /mfs/sd/kernel8.img
MESS:00:00:08.546973:0: Loaded 'kernel8.img' to 0x200000 size 0x8dab16
MESS:00:00:09.864045:0: Device tree loaded to 0x2deed000 (size 0xdfb8)
MESS:00:00:09.869518:0: uart: Set PL011 baud rate to 103448.300000 Hz
MESS:00:00:09.876542:0: uart: Baud rate change done...
Considering all of this, the now disappeared ARM64 bcmrpi3_defconfig may
have never been used to release official 64-bit kernels, and the ARM64
bcm2711_defconfig is used by Raspberry Pi 3 and Raspberry Pi 4.
Thus, it is safe to reuse the ARM64 bcm2711_defconfig for the both
raspberrypi3_64_defconfig and raspberrypizero2w_64_defconfig.
This updates the defconfig for the two BCM2710/BCM2837 64-bit hardwares
(i.e. Raspberry Pi 3 and Raspberry Pi Zero 2 W) to reuse the downstream
ARM64 bcm2711_deconfig (i.e. the one used by Raspberry Pi 4).
Hardware ARM 32-bit ARM 64-bit
-------------------------------------------------------------
Raspberry Pi 1/Zero/ZeroW bcmrpi_defconfig N/A
Raspberry Pi 2 bcm2709_defconfig N/A
Raspberry Pi 3/3+/Zero2W bcm2709_defconfig bcm2711_defconfig
Raspberry Pi 4/400/CM4-IO bcm2711_defconfig bcm2711_defconfig
Raspberry Pi 5 N/A bcm2712_defconfig
[1]: https://github.com/raspberrypi/linux/commit/7713244d3baee3493108fb98edd82f5b2042ce48
[2]: https://github.com/raspberrypi/linux/commit/3682d6279419c30a72c7100ef68938e4f1a05bfb
[3]: https://github.com/raspberrypi/linux/commit/200e40ee35e0c22a34bdf5609d1a023f6a764986
[4]: https://www.raspberrypi.com/documentation/computers/config_txt.html#kernel
[5]: https://github.com/raspberrypi/firmware/commit/d21cd6bbab22bba1615df15354015bc50b085ddc
[6]: https://github.com/raspberrypi/linux/commit/935eb6f9a31971ef5537ac5d1b62148f8bcbad2f
[7]: https://github.com/raspberrypi/linux/commit/cdb78ce891f6c6367a69c0a46b5779a58164bd4b
[8]: https://github.com/raspberrypi/linux/commit/e879019c1947beceea2b37fd58656daa8ece9d4e
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This adds hints for the Raspberry Pi 400, Compute Module 1, 3, 4, and
4s.
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This adds the missing Raspberry Pi Zero models to the list.
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The VideoCore blobs for the Raspberry Pi 1, 2, 3, Zero, Zero W and Zero
2 W are differents from the ones for the Raspberry Pi 4 and the Compute
Module 4.
The VideoCore blobs for the Raspberry Pi 4 are named with a 4[1] (i.e.
start4.elf, start4x.elf, start4db.elf and start4cd.elf).
This precises which VideoCore firmware blob files are present on the
Raspberry Pi 1, 2, 3, Zero W, Zero 2 W and which files are present on
the the Rapsberry Pi 4 and the Compute Module 4.
Note: The VideoCore blobs for the Raspberry Pi 5 are self-contained in
its bootloader EEPROM[1][2]; there is no additional files for pi5.
[1]: https://www.raspberrypi.com/documentation/computers/configuration.html#start-elf
[2]: https://www.raspberrypi.com/documentation/computers/config_txt.html#start_file-fixup_file
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Any Raspberry Pi may use device-tree overlays; it is not restricted to
Raspberry Pi 3 and 4.
The defconfigs for the Raspberry Pi 3, 4, 400, Zero W, Zero 2 W, Compute
Module 4 and 4s use the miniuart-bt dtoverlay to switch the Bluetooth to
the mini-UART (ttyS0) and restore UART0 (ttyAMA0) over GPIOs 14 and 15
to enable the serial console (like the Raspberry Pi 1 and 2 that have no
Bluetooth)[1][2].
As a consequence, the Raspberry Pi Zero W, Zero 2 W, 400, Compute Module
4 and 4s install the device-tree overlays as well.
This rewords the note by adding the three missing hardwares installing
the images/rpi-firmware/overlays directory. It rewords the miniuart note
at the same time.
[1]: https://www.raspberrypi.com/documentation/computers/configuration.html#uarts-and-device-tree
[2]: https://github.com/raspberrypi/linux/blob/rpi-6.6.y/arch/arm/boot/dts/overlays/miniuart-bt-overlay.dts#L4-L6
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Patches 0002-arc-Fix-warnings.patch and
0003-arc-Do-not-use-mov_s-and-movl_s-instructions.patch are upstream
as part of commit 30e887f84e70c16df5c421983f074d07a93b4e58 (yes they
have been squashed into a single commit upstream).
Patches 0004-src-or1k-ffi.c-fix-prototype-of-ffi_call_SYSV.patch and
0005-src-or1k-ffi.c-fix-incompatible-pointer-type.patch are upstream
as part of commit 8a0d029244d9b0393db19898e603f24febfb53ee (here as
well, they have been squashed into a single commit upstream).
Changes 3.4.6..3.4.7:
Add static trampoline support for Linux on s390x.
Fix BTI support for ARM64.
Support pointer authentication for ARM64.
Fix ASAN compatibility.
Fix x86-64 calls with 6 GP registers and some SSE registers.
Miscellaneous fixes for ARC and Darwin ARM64.
Fix OpenRISC or1k and Solaris 10 builds.
Remove nios2 port.
Changes 3.4.7..3.4.8:
aarch64: add PAC to GNU Notes by @billatarm in #882
MIPS: Dont import asm/sgidefs.h on linux by @fossdd in #885
Update the Simple Example from the Docs to fix a compile error by @Nikitf777 in #886
Fix bugs in the x86-64 and x32 target (#887) by @mikulas-patocka in #889
Add the "ABI_ATTR" attribute to called functions (#891) by @mikulas-patocka in #892
powerpc: Add static trampoline support (#894) by @peter-bergner in #895
testsuite: add two tests to Makefile.am by @thesamesam in #893
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This reverts commit 27ab880ebb.
With the (proposed) fix from the openssl developers added as
0004-Serialize-install-process-to-avoid-multiple-make-dep.patch, the
workaround can now be dropped so openssl can again be built and installed in
parallel, significantly speeding up builds.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The openssl developers have proposed a fix for the parallel installation
issue worked around by commit 27ab880ebb (package/libopenssl do not build
in parallel).
Add the fix here so the workaround can dropped again.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Changelog 2.73 -> 2.74:
- ERRATA: Bug 219838 the psx go package fails to build standalone.
- This release addresses Bug 219687 reported by David Runge.
- Group syntax parsing bugfix for pam_cap from Tianjia Zhang.
- Doc typo fix for cap_get_proc.3 from Tianjia Zhang.
- Fix transitive include in capsh.c from Leo.
- Go package documentation updates, including more cap examples.
Changelog 2.74 -> 2.75:
- This release is devoted to a fix for Bug 219838 reported by Frank.
Changelog 2.75 -> 2.76:
- More libpsx and psx Go package mechanism fixes (many thanks to
Christial Kastner for helping dive into the off-piste
architectures. See Bug 219915.)
- To make the various .so files continue to be runnable as standalone
programs added another workaround for glibc. (Bug 219880 reported by
Christian Kastner.)
- Made a new man page cap_text_formats(7). This makes it possible to
separate the tool man pages from the developer man pages. I believe
this was the second time this was requested, by Carlos
Rodriguez-Fernandez this time (can't find the former request in my
email).
- Dropped Make.Rules definition of SYSTEM_HEADERS Thanks to Ross
Burton for reporting.
- Removed a spurious debugging printf() from setcap tool.
- Removed cap_ workarounds for go.dev cap package examples. The
website bugs have been resolved: go/issues/70611; go/issues/70630.
- Added a Makefile to the contrib/seccomp example.
See
https://sites.google.com/site/fullycapable/release-notes-for-libcap
for all release notes.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Changelog:
* v2.4.3 - 02/28/2025
* Fix memory safety with some older `strerror_r()` implementations in error
formatters for all modules.
* Build
* Fix character device GPIO support tests in Makefile for alternate
shells and older versions of make.
* Fix cross-compilation in Makefile from Windows.
* Fix CMake minimum required version.
* Add CMake package generation.
* Contributors
* Ryan Barnett, @rjbarnet - ec31b39
* javalikescript, @javalikescript - 024a25d
* HopeCollector, @HopeCollector - aca6815, b5e53e6
The hash of the license file has changed due to a copyright year
change:
- Copyright (c) 2014-2023 vsergeev / Ivan (Vanya) A. Sergeev
+ Copyright (c) 2014-2025 vsergeev / Ivan (Vanya) A. Sergeev
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Upstream changelog from
https://github.com/google/double-conversion/releases/tag/v3.3.1:
Hash pin Github workflows by @joycebrum in #198
Create dependabot.yml by @joycebrum in #199
Add _ITERATOR_DEBUG_LEVEL=2 and _DEBUG defines by @ffa-csturdy in #202
Add bzlmod MODULE.bazel file by @jsharpe in #205
Add CIFuzz Github Action by @DavidKorczynski in #203
Update MODULE.bazel and README.md. by @BYVoid in #234
Remove the explicit dependency on rules_cc. by @BYVoid in #235
Add missing headers by @BhavikaSharma in #239
Tested with the following configuration, which includes the only two
reverse dependencies of double-conversion.
BR2_arm=y
BR2_cortex_a9=y
BR2_ARM_ENABLE_VFP=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_INIT_NONE=y
BR2_SYSTEM_BIN_SH_NONE=y
# BR2_PACKAGE_BUSYBOX is not set
BR2_PACKAGE_QT6=y
BR2_PACKAGE_PYTHON3=y
BR2_PACKAGE_PYTHON_UJSON=y
# BR2_TARGET_ROOTFS_TAR is not set
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The current comment is not very helpful; extend it to be more explicit.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
When building a firmware for the MACCHIATObin with edk2 and
arm-trusted-firmware, the build can randomly fail with the
following make error:
make[1]: Circular output/build/edk2-edk2-stable202411/.stamp_configured <- arm-trusted-firmware dependency dropped.
The message appears also when the build is not failing, depending on
the number of parallel jobs and the build order.
The issue can be observed with the following commands:
cat >.config <<EOF
BR2_aarch64=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TARGET_ARM_TRUSTED_FIRMWARE=y
BR2_TARGET_ARM_TRUSTED_FIRMWARE_PLATFORM="a80x0_mcbin"
BR2_TARGET_ARM_TRUSTED_FIRMWARE_EDK2_AS_BL33=y
BR2_TARGET_BINARIES_MARVELL=y
BR2_TARGET_EDK2=y
BR2_TARGET_EDK2_PLATFORM_SOLIDRUN_ARMADA80X0MCBIN=y
BR2_TARGET_MV_DDR_MARVELL=y
EOF
make olddefconfig
utils/brmake
grep -FC5 'dependency dropped' br.log
The circular dependency happen due to [1] and [2].
In fact, only TF-A depends on EDK II (passed as BL33) for building and
not vice versa. See [3]. The EDK II "SolidRun MacchiatoBin" platform
build does not need any TF-A image, compared to some other platforms
such as "Socionext DeveloperBox" or "QEMU SBSA" which are referencing
TF-A images in a hook added in EDK2_PRE_BUILD_HOOKS.
Drop the false dependency on TF-A to fix the build.
This issue has been present since the EDK2 introduction in commit [4].
[1] https://gitlab.com/buildroot.org/buildroot/-/blob/2025.02/boot/arm-trusted-firmware/arm-trusted-firmware.mk#L121
[2] https://gitlab.com/buildroot.org/buildroot/-/blob/2025.02/boot/edk2/edk2.mk#L118
[3] https://github.com/Semihalf/edk2-platforms/wiki/Build_firmware
[4] https://gitlab.com/buildroot.org/buildroot/-/commit/1074a37e783b023bd0491ba4f4f7acab7f289e1d
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Dick Olsson <hi@senzilla.io>
[Julien: add extra info in commit log]
Signed-off-by: Julien Olivain <ju.o@free.fr>
When Building arm-trusted-firmware for the Macchiatobin platform
(a80x0_mcbin), which depends on the mv-ddr-marvell package, the build fails
complaining that this package's folder "does not contain valid
mv-ddr-marvell git repository".
This is expected under Buildroot, where we use intermediate archives.
The issue can be reproduced with the commands:
cat >.config <<EOF
BR2_aarch64=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TARGET_ARM_TRUSTED_FIRMWARE=y
BR2_TARGET_ARM_TRUSTED_FIRMWARE_PLATFORM="a80x0_mcbin"
BR2_TARGET_ARM_TRUSTED_FIRMWARE_EDK2_AS_BL33=y
BR2_TARGET_BINARIES_MARVELL=y
BR2_TARGET_EDK2=y
BR2_TARGET_EDK2_PLATFORM_SOLIDRUN_ARMADA80X0MCBIN=y
BR2_TARGET_MV_DDR_MARVELL=y
EOF
make olddefconfig
make
The build is failing with the error message:
plat/marvell/armada/a8k/common/ble/ble.mk:34: *** "'MV_DDR_PATH=/buildroot/output/build/mv-ddr-marvell-d5acc10c287e40cc2feeb28710b92e45c93c702c' was specified, but '/buildroot/output/build/mv-ddr-marvell-d5acc10c287e40cc2feeb28710b92e45c93c702c' does not contain valid mv-ddr-marvell git repository". Stop.
Add patches to fix the build for this platform, for a few versions of TF-A
(v2.6, v2.7, v2.8, lts-v2.8.20, v2.9, v2.10, lts-v2.10.5, v2.11, v2.12 and
lts-v2.12.1).
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Dick Olsson <hi@senzilla.io>
Cc: Sergey Matyukevich <geomatsi@gmail.com>
[Julien: add commands to reproduce the issue]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Switch the test assert to use 'Europe/Berlin' instead of
'posix/Europe/Berlin'. The tz-name is an internal implementation detail
anyway and the lookup changed to prefer the stated name in /etc/timezone
again, if it matches the configured timezone via /usr/share/zoneinfo.
Ref: https://github.com/regebro/tzlocal/commit/4ffac9232bc854a0fa25df9f275a4267fb232850
Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
Signed-off-by: Julien Olivain <ju.o@free.fr>
libv4l has some really special code that is built explicitly with
_FILE_OFFSET_BITS=32, which doesn't work with _TIME_BITS=64, causing
build failures when BR2_TIME_BITS_64=y. This build issue has been
fixed upstream. While how the upstream patch exactly works is unclear,
it's the patch that upstream has decided to implement to resolve the
build issue, so we simply backport it.
The issue exists since at least upstream commit
99f245f5e2826c7ae3ac8de530bc2fbd906eb62b, which was merged in
v4l-utils 1.26.0.
Fixes:
https://autobuild.buildroot.org/results/616608ef2a44efff67fa21b3263b341da82744c4/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Julien: add upstream commit url in patch]
Signed-off-by: Julien Olivain <ju.o@free.fr>
On hosts with a recent version of cmake (eg: 4.0.0), builds involving
host-pahole fail with the following error:
CMake Deprecation Warning at CMakeLists.txt:1 (cmake_minimum_required):
Compatibility with CMake < 3.5 will be removed from a future version of
CMake.
Update the VERSION argument <min> value or use a ...<max> suffix to tell
CMake that the project does not need compatibility with older versions.
The issue can be reproduced on hosts with cmake >= 4.0.0 with commands:
cat <<EOF >.config
BR2_arm=y
BR2_cortex_a7=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_DEFCONFIG="versatile"
BR2_LINUX_KERNEL_NEEDS_HOST_PAHOLE=y
EOF
make olddefconfig
make
The issue has already fixed in the upstream project with commit
12ca11281912 ("CMakeLists.txt: Require cmake 3.5 or higher"), which is
part of version 1.28.
Upgrade pahole to get rid of this error.
https://git.kernel.org/pub/scm/devel/pahole/pahole.git/tree/NEWS?h=v1.28
Signed-off-by: Alexis Lothoré <alexis.lothore@bootlin.com>
[Julien: add commands to reproduce the issue in commit log]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Fixes the following security issues:
- CVE-2025-27830: An issue was discovered in Artifex Ghostscript before
10.05.0. A buffer overflow occurs during serialization of DollarBlend in
a font, for base/write_t1.c and psi/zfapi.c.
- CVE-2025-27831: An issue was discovered in Artifex Ghostscript before
10.05.0. The DOCXWRITE TXTWRITE device has a text buffer overflow via
long characters to devices/vector/doc_common.c.
- CVE-2025-27832: An issue was discovered in Artifex Ghostscript before
10.05.0. The NPDL device has a Compression buffer overflow for
contrib/japanese/gdevnpdl.c.
- CVE-2025-27833: An issue was discovered in Artifex Ghostscript before
10.05.0. A buffer overflow occurs for a long TTF font name to
pdf/pdf_fmap.c.
- CVE-2025-27834: An issue was discovered in Artifex Ghostscript before
10.05.0. A buffer overflow occurs via an oversized Type 4 function in a
PDF document to pdf/pdf_func.c.
- CVE-2025-27835: An issue was discovered in Artifex Ghostscript before
10.05.0. A buffer overflow occurs when converting glyphs to Unicode in
psi/zbfont.c.
- CVE-2025-27836: An issue was discovered in Artifex Ghostscript before
10.05.0. The BJ10V device has a Print buffer overflow in
contrib/japanese/gdev10v.c.
- CVE-2025-27837: An issue was discovered in Artifex Ghostscript before
10.05.0. Access to arbitrary files can occur through a truncated path
with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp.
https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/tag/gs10050
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Changes 7.1..7.2:
- Security enhancements including support for password rotation,
better credential management, and namespaces
- Various improvements to man pages
Changes 7.2..7.3:
- Three fixes, including a fix for "guest" mount problem introduced
with version 7.2
Our patch is upstream as of 7.2, so we can drop it.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Both openh264 2.6.0 and 2.5.1 contain the fix for this CVE (see the
release notes at [1]).
In other words the version we have is no longer vulnerable since
a7aeb5a46e ("package/libopenh264:
security bump to version 2.5.1") but pkg-stats still reports it.
An email was sent to the NVD to fix the CPE version number, but in the
meantime let's ignore it to reduce the noise in our CVE checker.
[1]: https://github.com/cisco/openh264/releases/tag/2.5.1
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Upstream did a change in sqlite3.pc.in that does work with their
default build system, but not with the autoconf-based amalgamation
that we use. This issue has been reported and fixed upstream, but the
fix is not yet in any new release.
For the time being, we just revert the upstream change. We don't do a
direct revert ("git revert") as multiple upstream commits touched this
very line, so we simply revert to what it was prior to the different
changes, and to what the upstream fix ends up doing.
This issue is causing build issue for all packages that use sqlite's
pkg-config file, in a static-linking configuration.
Fixes:
https://autobuild.buildroot.org/results/1824a76eee4a877a2f19c1fd19a710ef9f059168/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Since version 0.24.0, support for SoundCloud was removed and
yajl replaced with with json-for-modern-cpp.
Consolidated list of changes:
* decoder
- ffmpeg: support WMA
- mpg123: fix trailing space in tag values
- flac: enable chained Ogg decoding
* input
- qobuz: use nlohmann_json instead of yajl
- io_uring: fix stuck seek after I/O error
- curl: fix malformed "Range" header
* log: include year in time stamp
* output
- oss: fix error "Resource temporarily unavailable"
- shout: fix hang on activating shout output
- snapcast: use nlohmann_json instead of yajl to generate JSON tags
- sndio: fix rounding error in volume calculation
* player
- fix stalled playback after queue modification
- fix deadlock with "single" mode
* playlist
- soundcloud: remove defunct plugin
* tags
- libid3tag: fix Meson subproject configure error
- libid3tag: add missing zlib dependency to Meson subproject
- fix build failure in the "id3tag" Meson subproject
* Linux
- allow using io_uring on Linux kernels older than 6.0
- fix build failure with ancient kernel headers
- add configure-time check for openat2()
- fix use-after-free bug on io_uring shutdown
* DSD: support channel conversion
Change log:
https://raw.githubusercontent.com/MusicPlayerDaemon/MPD/v0.24.3/NEWS
Signed-off-by: Andreas Ziegler <br015@umbiko.net>
[Julien:
- remove test logs from commit log
- add the removed config entry in Config.in.legacy
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
This "amd-ucode" directory has been present in linux-firmware since
version 20190312.
Signed-off-by: Christian Stewart <christian@aperture.us>
[Julien: add comment about version in commit log]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Running pkg-stats is currently quite verbose, as it shows one line per
package when checking for the upstream URL, and another one line per
package when checking for the latest version on
release-monitoring.org.
This noisy output is a bit annoying when pkg-stats is run in a
cronjob, like we do to update https://autobuild.buildroot.net/stats/
every day. This commit adds a -v/--verbose option, off by default, to
have a less noisy output.
Suggested-by: Peter Korsgaard <peter@korsgaard.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The DDR PHY on the NXP LX2160A SoC needs firmware. This is distributed
as prebuilt binaries by NXP through GitHub.
There have been discussions and other opinions on previous revisions of
the patch on how it should be integrated:
https://lore.kernel.org/buildroot/20250318163228.9989-1-vjardin@free.fr/
But I haven't integrated any of that feedback. It is a simple package
which copies the pre-built FIP image containing DDR PHY firmware files
to the images/ folder, to be used by post-image scripts.
Signed-off-by: Vladimir Oltean <olteanv@gmail.com>
Reviewed-by: Romain Naour <romain.naour@smile.fr>
Reviewed-by: Vincent Jardin <vjardin@free.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Since optee_os bump to 4.5.0 in commit [1], the ti_am62px_sk_defconfig
fails to build with error:
core/arch/arm/plat-k3/drivers/sa2ul.c:36:42: error: 'SA2UL_BASE' undeclared here (not in a function); did you mean 'SCU_BASE'?
36 | register_phys_mem_pgdir(MEM_AREA_IO_SEC, SA2UL_BASE, SA2UL_REG_SIZE);
| ^~~~~~~~~~
This is due to a logic change in platform flavor selection in upstream.
See [2].
There is unfortunately no SA2UL_BASE defined for the am62px in op-tee
which is causing the op-tee builds to fail however the platform is
identical to the am62x platform. So for now let's switch to using the
am62x which has the proper configuration for this SoC even if it's
mislabeled.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/9690373039
[1] https://gitlab.com/buildroot.org/buildroot/-/commit/14ef1ed7d27ba2f6d99bbdd0d80f67df50fccce9
[2] https://github.com/OP-TEE/optee_os/commit/35c75f355c98242290e342c04648e91baf35a4f3
Signed-off-by: Bryan Brattlof <bb@ti.com>
[Julien: add extra info in commit log]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Since optee_os bump to 4.5.0 in commit [1], the ti_am62ax_sk_defconfig
fails to build with error:
core/arch/arm/plat-k3/drivers/sa2ul.c:36:42: error: 'SA2UL_BASE' undeclared here (not in a function); did you mean 'SCU_BASE'?
36 | register_phys_mem_pgdir(MEM_AREA_IO_SEC, SA2UL_BASE, SA2UL_REG_SIZE);
| ^~~~~~~~~~
This is due to a logic change in platform flavor selection in upstream.
See [2].
There is unfortunately no SA2UL_BASE defined for the am62ax in op-tee
which is causing the op-tee builds to fail however the platform is
identical to the am62x platform. So for now let's switch to using the
am62x which has the proper configuration for this SoC even if it's
mislabeled.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/9690372425
[1] https://gitlab.com/buildroot.org/buildroot/-/commit/14ef1ed7d27ba2f6d99bbdd0d80f67df50fccce9
[2] https://github.com/OP-TEE/optee_os/commit/35c75f355c98242290e342c04648e91baf35a4f3
Signed-off-by: Bryan Brattlof <bb@ti.com>
[Julien: add extra info in commit log]
Signed-off-by: Julien Olivain <ju.o@free.fr>
The latest Linux Factory tag is lf-6.12.3-1.0.0 (Q1 2025), update to
that.
The LS1043A-RDB board is currently supported by NXP through a BSP
called LDLSDK. That isn't what we use, so update the documentation to
reflect that for awareness, and provide a link.
Signed-off-by: Vladimir Oltean <olteanv@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The latest Linux Factory tag is lf-6.12.3-1.0.0 (Q1 2025), update to
that.
The LS1046A-RDB board is currently supported by NXP through a BSP
called LDLSDK. That isn't what we use, so update the documentation to
reflect that for awareness, and provide a link.
Signed-off-by: Vladimir Oltean <olteanv@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The latest Linux Factory tag is lf-6.12.3-1.0.0 (Q1 2025), update to
that.
The LS1046A-FRWY board is currently supported by NXP through a BSP
called LDLSDK. That isn't what we use, so update the documentation to
reflect that for awareness, and provide a link.
Signed-off-by: Vladimir Oltean <olteanv@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Update the kernel, U-Boot, ATF tags, as well as documentation, used by
the LS1028A-RDB to the latest Linux Factory release.
Signed-off-by: Vladimir Oltean <olteanv@gmail.com>
[Julien: reword commit one liner title for consistency]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Concretely, no change. But saves people the hassle of checking whether
any updates have been missed.
Signed-off-by: Vladimir Oltean <olteanv@gmail.com>
[Julien: reword commit one liner title for consistency]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Concretely, no change. But prevents people from going to Github and
checking whether the package is up to date.
Signed-off-by: Vladimir Oltean <olteanv@gmail.com>
[Julien: reword commit one liner title]
Signed-off-by: Julien Olivain <ju.o@free.fr>
This is technically the master branch, a few commits post release tag.
Change log:
7a58ecaf0d90 fm_lib: explicit conversion to ioc_fm_pcd_exceptions in FM_PCD_SetException()
22a0d3f1867e fm_lib: make REPORT_ERROR() definition more function-like
08ac8b3112a8 fm_lib: fix conversion warnings between e_FmPcdEngine and enum ioc_fm_pcd_engine
168eae74fd8a fm_lib: fix integer-to-pointer conversion build warning in GetDeviceId()
The build fix patch from Buildroot is no longer necessary, remove it.
Signed-off-by: Vladimir Oltean <olteanv@gmail.com>
[Julien: switch _VERSION to use git describe syntax]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Technically, this is lf-6.12.3-1.0.0 plus a few patches on top (the
current master branch). Change log:
45e692536904 rcw: ls1028a: Add configuration for audio codec usage
3c51083d0cdf lx2160asi: e100g1_split.rcw: fix parse error
The second patch is necessary to fix a build error which was signalled
previously here on the lists:
https://lore.kernel.org/buildroot/20250318213839.17470-1-vjardin@free.fr/
Signed-off-by: Vladimir Oltean <olteanv@gmail.com>
[Julien: switch _VERSION to use git describe syntax]
Signed-off-by: Julien Olivain <ju.o@free.fr>
This commit updates the qoriq-cadence-dp-firmware to the version
included in the 6.12.3-1.0.0 QorIQ BSP.
The firmware archive was refactored and its location has changed.
Those qoriq firmware files are now reused from the firmware-imx
archive, which is also included in Buildroot in the directory
"package/freescale-imx/firmware-imx". This commit keeps the Buildroot
package name qoriq-cadence-dp-firmware, first to keep compatibility
or Buildroot configs, and also because QorIQ BSP uses a different
version of the firmware-imx package, compared to the i.MX BSP (at a
same BSP version).
This commit updates the archive name, the archive version and the
download URL following the NXP Yocto BSP at [1]. More precisely,
the information was taken from the recipe at [2].
Note that regarding this qoriq-cadence-dp-firmware version:
- the QorIQ BSP version is: 6.12.3-1.0.0
- the Yocto dp-firmware-cadence package version is: 22.04
- the firmware-imx archive version is: 8.16
The important version we want to align with the rest of other QorIQ
components is indeed the BSP version "6.12.3-1.0.0".
This commit also updates license hashes. The license was updated from:
LA_OPT_NXP_Software_License v17 October 2020
to:
LA_OPT_NXP_Software_License v35 May 2022
Also, the license file EULA.txt was removed, so _LICENSE_FILES is
updated accordingly.
[1] https://github.com/nxp-qoriq/yocto-sdk
[2] https://github.com/Freescale/meta-freescale/blob/6fb8816cb32db4ba9391157036fa97914cc7d103/recipes-bsp/dp-firmware-cadence/dp-firmware-cadence_22.04.bb
Signed-off-by: Vladimir Oltean <olteanv@gmail.com>
[Julien:
- reword commit log to add info on different version schemes
- fix license hashes
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Since LS1043A-RDB uses the Linux Factory-supplied lsdk.config, it
disables the upstream DPAA1 kernel networking drivers and enables their
SDK counterparts. These SDK kernel drivers are configured using the fmc
tool to do basic things such as apply a default PCD, so it seems a
reasonable idea to enable this package by default.
Since fmc uses C++, we need to add the standard library for that, which
also seems to increase the rootfs size.
Signed-off-by: Vladimir Oltean <olteanv@gmail.com>
[Julien: regenerate with "make savedefconfig"]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Since LS1046A-RDB uses the Linux Factory-supplied lsdk.config, it
disables the upstream DPAA1 kernel networking drivers and enables their
SDK counterparts. These SDK kernel drivers are configured using the fmc
tool to do basic things such as apply a default PCD, so it seems a
reasonable idea to enable this package by default.
Since fmc uses C++, we need to add the standard library for that, which
also seems to increase the rootfs size.
Signed-off-by: Vladimir Oltean <olteanv@gmail.com>
[Julien: regenerate with "make savedefconfig"]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Since LS1046A-FRWY uses the Linux Factory-supplied lsdk.config, it
disables the upstream DPAA1 kernel networking drivers and enables their
SDK counterparts. These SDK kernel drivers are configured using the fmc
tool to do basic things such as apply a default PCD, so it seems a
reasonable idea to enable this package by default.
Since fmc uses C++, we need to add the standard library for that, which
also seems to increase the rootfs size.
Signed-off-by: Vladimir Oltean <olteanv@gmail.com>
[Julien: regenerate with "make savedefconfig"]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Since Buildroot commit [1] which introduced this defconfig using a
Kernel 6.6.x series, the build can fail with error:
certs/extract-cert.c:21:10: fatal error: openssl/bio.h: No such file or directory
The issue is generally masked by the build order, as
arm-trusted-firmware selects BR2_TARGET_ARM_TRUSTED_FIRMWARE_FIP=y
which requires host-openssl.
The issue can be reproduced in the Buildroot Docker reference image,
using the commands:
utils/docker-run
make ls1043a-rdb_defconfig
make linux
This commit fixes the issue by explicitly adding
BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y to the defconfig.
[1] https://gitlab.com/buildroot.org/buildroot/-/commit/34b047a442b1b3c64713972fc54d98c05a672c7c
Signed-off-by: Julien Olivain <ju.o@free.fr>
Since Buildroot commit [1] which introduced this defconfig using a
Kernel 6.6.x series, the build can fail with error:
certs/extract-cert.c:21:10: fatal error: openssl/bio.h: No such file or directory
The issue is generally masked by the build order, as
arm-trusted-firmware selects BR2_TARGET_ARM_TRUSTED_FIRMWARE_FIP=y
which requires host-openssl.
The issue can be reproduced in the Buildroot Docker reference image,
using the commands:
utils/docker-run
make ls1046a-rdb_defconfig
make linux
This commit fixes the issue by explicitly adding
BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y to the defconfig.
[1] https://gitlab.com/buildroot.org/buildroot/-/commit/774035189fc211fccedb856b1718c8836be94387
Signed-off-by: Julien Olivain <ju.o@free.fr>
Since Buildroot commit [1] updating the defconfig to use Kernel 6.6.x
series, the build can fail with error:
certs/extract-cert.c:21:10: fatal error: openssl/bio.h: No such file or directory
The issue is generally masked by the build order, as
arm-trusted-firmware selects BR2_TARGET_ARM_TRUSTED_FIRMWARE_FIP=y
which requires host-openssl.
The issue can be reproduced in the Buildroot Docker reference image,
using the commands:
utils/docker-run
make ls1046a-frwy_defconfig
make linux
This commit fixes the issue by explicitly adding
BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y to the defconfig.
[1] https://gitlab.com/buildroot.org/buildroot/-/commit/0344e5dae647c5cc23eea11fcbeddd7fec776d75
Signed-off-by: Julien Olivain <ju.o@free.fr>
Since Buildroot commit [1] updating the defconfig to use Kernel 6.6.x
series, the build can fail with error:
certs/extract-cert.c:21:10: fatal error: openssl/bio.h: No such file or directory
The issue is generally masked by the build order, as
arm-trusted-firmware selects BR2_TARGET_ARM_TRUSTED_FIRMWARE_FIP=y
which requires host-openssl.
The issue can be reproduced in the Buildroot Docker reference image,
using the commands:
utils/docker-run
make ls1028ardb_defconfig
make linux
This commit fixes the issue by explicitly adding
BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y to the defconfig.
[1] https://gitlab.com/buildroot.org/buildroot/-/commit/7cbc240ac2c3a5d7cbbec9826fb99854bdd156a7
Signed-off-by: Julien Olivain <ju.o@free.fr>
Bugfix release with a number of fixes, it also adds support for the
Steam Deck gamepad. Release notes:
https://gitlab.gnome.org/GNOME/libmanette/-/blob/0.2.11/NEWS
This version introduces a dependency on the hidapi package.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
[Julien:
- change release note link to use version tag
- propagate hidapi dependencies in Config.in
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
The patch bumps the Linux kernel to version 6.12.22 and U-Boot to
version 2025.04.
Signed-off-by: Meena Murthy <meena.murthy@amarulasolutions.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This version add support for esp32c5 and local patch has been committed so
drop it.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
No functional change, but bump for consistency.
The patch that was applied by Buildroot has been applied to gstreamer.
The kate plugin has disappeared from gstreamer.
The webp plugin now requires webp_mux to compile.
The webrtc plugin now requires to be compile with plugins dtls, sctp and
srtp.
For more details, see the release notes:
https://gstreamer.freedesktop.org/releases/1.24/
Signed-off-by: Thomas Bonnefille <thomas.bonnefille@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Release notes:
https://downloads.apache.org/apr/CHANGES-APR-1.7
Note: the upstream release note mention v1.7.5 is a security update.
The package patch 0004-Merge-r1920082-from-1.8.x.patch in Buildroot
was already fixing this security issue. This is why this commit is
not marked as a security bump.
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Tested on QEMU using the qemu_m68k_q800_defconfig configuration, with a
switch of the toolchain to uclibc-ng and enabling rsyslog.
This patch addresses an issue where rsyslog’s pthread_cond_wait was
busy-looping due to futex_time64 repeatedly returning EINVAL. The
correction in NPTL alignment resolves the 100% CPU usage problem.
This patch is fixed upstream [1] so apply it until it is tagged.
[1]: 278ac6b30 ("m68k: fix alignment in NPTL code")
Signed-off-by: Jean-Michel Hautbois <jeanmichel.hautbois@yoseli.org>
[Julien:
- rename patch to 0002
- add "Upstream:" tag in patch to fix check-package error
- add "Signed-off-by:" in patch
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
uClibc-ng unconditionally exposes a reallocarray() prototype, but only
provides the implementation when the malloc-standard implementation is
selected in the configuration.
As noMMU configurations can't use malloc-standard, they use malloc or
malloc-simple that don't provide reallocarray().
As a result of reallocarray() being missing, some packages such as
util-linux provide their own replacement implementation... but its
prototype clashes with the one provided by uClibc, causing build
failures such as:
In file included from lib/color-names.c:7:
./include/c.h:586:21: error: static declaration of ‘reallocarray’ follows non-static declaration
586 | static inline void *reallocarray(void *ptr, size_t nmemb, size_t size)
| ^~~~~~~~~~~~
In file included from ./include/c.h:16:
/home/thomas/projets/buildroot/output/host/arm-buildroot-uclinux-uclibcgnueabi/sysroot/usr/include/stdlib.h:898:14: note: previous declaration of ‘reallocarray’ with type ‘void *(void *, size_t, size_t)’ {aka ‘void *(void *, unsigned int, unsigned int)’}
898 | extern void *reallocarray (void *__ptr, size_t __m, size_t __n);
| ^~~~~~~~~~~~
make[3]: *** [Makefile:12354: lib/libtcolors_la-color-names.lo] Error 1
This is addressed by a patch on uClibc, submitted upstream, which
makes sure the prototype is only exposed when the implementation is
provided.
The issue can be reproduced with commands:
cat <<EOF >.config
BR2_arm=y
BR2_cortex_m4=y
BR2_TOOLCHAIN_BUILDROOT_UCLIBC=y
BR2_PACKAGE_UTIL_LINUX=y
BR2_PACKAGE_UTIL_LINUX_KILL=y
EOF
make olddefconfig
make util-linux
Fixes:
https://autobuild.buildroot.net/results/157aa82aa4cd57eacc4defe6cace16e464261e9a/ (RISC-V noMMU)
https://autobuild.buildroot.net/results/ce1a24c1465b82686ae375ac688a553fb65df5ea/ (ARM noMMU)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Julien: add commands to reproduce the issue in commit log]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Python3 uses mimalloc by default, however, mimalloc did not compile for
big-endian ARM and generated the wrong instructions for ARMv7+ targets.
These issues have been fixed upstream in both mimalloc and CPython.
The issue can be reproduced with commands:
cat <<EOF >.config
BR2_armeb=y
BR2_cortex_a15=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_PACKAGE_PYTHON3=y
EOF
make olddefconfig
make python3
Fixes: https://autobuild.buildroot.org/results/26b752738022e8b46e810a08e28d687120e5c4e3/
Signed-off-by: Vincent Fazio <vfazio@xes-inc.com>
[Julien: add commands to reproduce the issue in commit log]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Bump to the latest version of optee-client
Signed-off-by: Nayab Sayed <nayabbasha.sayed@microchip.com>
[Julien: move package archive hash to the "Locally computed" section]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Update OP-TEE to its latest tag
Signed-off-by: Nayab Sayed <nayabbasha.sayed@microchip.com>
[Julien: move package archive hash to the "Locally computed" section]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Commit f2a862fe60 (package/dillo: move to github) changed the source
site for the Dillo package. This change introduced a trailing slash at
the end of the URL.
This cause an error when running `make show-info` with `BR2_PACKAGE_DILLO=y`:
```
package/dillo/dillo.mk:46: *** DILLO_SITE (https://github.com/dillo-browser/dillo/releases/download/v3.0.5/) cannot have a trailing slash. Stop.
```
This commit removes the trailing slash.
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Add python-smbus2 as an alternative for python-smbus-cffi as the latter
has not seen updates in 8 years and was archived on Jan 4 2024.
Signed-off-by: Vincent Fazio <vfazio@xes-inc.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
glibc fails to build on RISC-V 32-bit with the ilp32f ABI and on
RISC-V 64-bit with the lp64f: both use single-point precision floating
point, which glibc doesn't support, failing during the configure step
with:
configure: error: glibc does not yet support the single floating-point ABI
Fix that by disabling glibc support on those configurations.
Fixes:
https://autobuild.buildroot.org/results/fe8d569cab507992978ef0da649278dd3a9e0b23/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Use the 'C' locale when retrieving the date of the last change using
'svn info' since the svn download helper script expect
"Last Changed Date" string.
If another locale is used, the 'date' is empty so the generated
archive (by mk_tar_gz) will not match the expected hash since
the file timestamp is not set properly.
If LANG=fr_FR.UTF-8 is defined in the host system, svn print some
"French encrypted" text:
eval svn --non-interactive --config-option servers:global:http-timeout=10 info ''\''https://svn.code.sf.net/p/xmlrpc-c/code/advanced@r3176'\'''
...
Date de la dernière modification: 2023-09-02 19:13:35 +0200 (sam. 02 sept. 2023)
diffoscope confirm that the file timestamp is not set correctly
in the generated archive:
$ diffoscope NOK/libxmlrpc-r3176-svn5.tar.gz OK/libxmlrpc-r3176-svn5.tar.gz
Signed-off-by: Julien Olivain <ju.o@free.fr>
Add an option to install the firmware files for Intel Neural Processing
Unit (NPU) device.
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Updating the hash of the WHENCE file, due to firmware additions and
firmware changes, but no changes to the redistribution/licensing
conditions.
Additionally, the files intel/vpu/{vpu_37xx_v1.bin,vpu_40xx_v1.bin} have
been added along with the corresponding license LICENSE.intel_vpu.
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Fixes the following security issues:
- CVE-2024-24258: freeglut 3.4.0 was discovered to contain a memory leak
via the menuEntry variable in the glutAddSubMenu function.
- CVE-2024-24259: freeglut through 3.4.0 was discovered to contain a
memory leak via the menuEntry variable in the glutAddMenuEntry
function.
https://nvd.nist.gov/vuln/detail/CVE-2024-24258https://nvd.nist.gov/vuln/detail/CVE-2024-24259
The CVEs are not technically reported for the libfreeglut package
itself (which doesn't have a CPE identifier) but for mupdf.
Note that mudpf provides its own (old) version of freeglut, but our
mupdf package uses the Buildroot-provided freeglut (which now contains
the fix).
It also has to be noted that a more recent release of libfreeglut
exists upstream, and it fixes the same CVEs. Bumping our package
version however requires more work that can be done separately.
Including this patch first also has the advantage that it can easily
be backported wherever it's needed.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
Some packages have their actual source tree in a sub-directory (even if
that is the only source in the repository); this is the case for example
with the Amazon ECR credential helper (to be packaged in a follow up
commit):
https://github.com/awslabs/amazon-ecr-credential-helper
Do the build in _SUBDIR, and also do the vendoring in there.
We don't need the build to generate executables inside _SUBDIR, so we
just keep using $(@D)/bin as a place to generate them (and install them
from).
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Cc: Christian Stewart <christian@aperture.us>
Reviewed-by: Christian Stewart <christian@aperture.us>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This commit bumps Linux to 6.12.20 and U-Boot to 2025.01, to
align versions to those used in the Hifive Unmatched defconfig
to make maintenance easier. The new U-Boot version needs gnutls.
This commit also enabled BR2_DOWNLOAD_FORCE_CHECK_HASHES in
defconfigs. The .checkpackageignore is updated to reflect that change.
Signed-off-by: Francois Dugast <francois.dugast.foss@gmail.com>
[Julien:
- reword commit log
- add missing BR2_TARGET_UBOOT_NEEDS_GNUTLS=y
- change linux.hash comment to take hash from upstream
- change linux-headers.hash file to a symlink
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
This patch adds support for the HiFive Unmatched board. This includes
building the firmware, kernel and rootFS for the HiFive Unmatched.
The configuration is similar to the one for the HiFive Unleashed, this
is why most of it is shared in board/sifive/common.
Signed-off-by: Francois Dugast <francois.dugast.foss@gmail.com>
[Julien:
- add missing BR2_TARGET_UBOOT_NEEDS_GNUTLS=y
- change linux.hash comment to take hash from upstream
- change linux-headers.hash file to a symlink
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Move the generic part of the configuration into a new "common" directory
so that it is easier to add similar boards without duplicating the files.
Signed-off-by: Francois Dugast <francois.dugast.foss@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This removes a warning reported by shellcheck: "Double quote to prevent
globbing and word splitting". As a result, the file can be removed from
.checkpackageignore.
Signed-off-by: Francois Dugast <francois.dugast.foss@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
FreeRDP fails to build on newer gcc:
/freerdp-2.11.7/libfreerdp/core/info.c:88:39: error: initialization of 'const WCHAR *' {aka 'const short unsigned int *'} from incompatible pointer type 'BYTE *' {aka 'unsigned char *'} [-Wincompatible-pointer-types]
88 | const WCHAR* domain = Stream_Pointer(s);
| ^~~~~~~~~~~~~~
There is a patch upstream [0] to fix that one, but then another similar
build failure triggers, which is also fixed upstream, but then a third
failre triggers, again fixed upstream [2], but then...
FreeRDP 2.x has been kinda discontinued, and the new stable is 3.x.
However, bumping to 3.x looks like a huge leap.
So, rather than backport, just bump to the latest commit on the
stable-2.0 branch, which carries 12 non-merge commits with build fixes:
562ae3588 [winpr,pubsub] add NULL parameter checks
68c7c21b9 X11 client: ignore grab related LeaveNotify events
a9deecc99 fix [core]: 'invalid hHandle' errors
052c525e0 [core] eliminate rdpRdp::instance
be23ed4ba [server,proxy] deactivate capture module
5b2b53b15 [warnings] fix -Wincompatible-pointer-types
67818bddb [client,wayland] fix const correctness
d2b6771c7 X11: fix pointer/integer type mismatch
[2] 7894a7dfc redirection: Fix incompatible pointer type
[1] f3ed1f1ac redirection: Fix incompatible pointer type
[0] 4f411197d info: Fix incompatible pointer type
a383740a2 next-dev-2.11.8-dev
Fixes:
http://autobuild.buildroot.org/results/e1b/e1b95b4fb0005d4e933b027b508cec9ad510bd73/http://autobuild.buildroot.org/results/ba0/ba0beae13e1be2573878ee50b1566f4427b269a3/
...
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The libcap Makefile is hand-coded (i.e. not autotools), and hard-codes
calls to /sbin/ldconfig, unless it is installed out-of-tree. For target
packages, this is done, but for host package this is not done, as we
do set PREFIX instead, which causes libcap's Makefile to call ldconfig
and emits a spurious warning (twice):
install -m 0755 libcap.so.2.73 /home/ymorin/dev/buildroot/O/master/per-package/host-libcap/host/lib/libcap.so.2.73
ln -sf libcap.so.2.73 /home/ymorin/dev/buildroot/O/master/per-package/host-libcap/host/lib/libcap.so.2
ln -sf libcap.so.2 /home/ymorin/dev/buildroot/O/master/per-package/host-libcap/host/lib/libcap.so
/sbin/ldconfig
/sbin/ldconfig: Can't create temporary cache file /etc/ld.so.cache~: Permission denied
make[4]: [Makefile:200: install-shared-cap] Error 1 (ignored)
This is just a warning, but it is incorrect still.
Fake an out-of-tree install with a non-empy DESTDIR that is just '/',
and thus does in fact not install out-of-tree. This is enough to
actually silence the warning. Add a little comment to explain that.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Bernd Kuhls <bernd@kuhls.net>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Commit 44355f7998 ("package/freescale-imx/imx-gpu-g2d: install the
specific library for i.MX8MM") accidentally remove the headers'
installation to the staging directory. Fix that.
Fixes: 44355f7998 ("package/freescale-imx/imx-gpu-g2d: install the specific library for i.MX8MM")
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Since upstream commit [1] the original v4l2loopback-ctl bash script was
replaced by a C version, so add a proper compile step (and remove bash
runtime dependency) to fix '[help] v4l2loopback package build fails for
raspberrypi5' [2].
The issue can be reproduced with the commands:
cat <<EOF >.config
BR2_aarch64=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_USE_ARCH_DEFAULT_CONFIG=y
BR2_PACKAGE_V4L2LOOPBACK=y
BR2_PACKAGE_V4L2LOOPBACK_UTILS=y
EOF
make olddefconfig
make v4l2loopback
Note: upstream commit [1] was introduced in version v0.13.0.
Buildroot bumped v4l2loopback to v0.13.2 in [3].
Fixes:
/usr/bin/install: cannot stat
'.../build/v4l2loopback-0.13.2/utils/v4l2loopback-ctl':
No such file or directory
[1] https://github.com/v4l2loopback/v4l2loopback/commit/33922fa4e9965d400edcc2761e55fedf84bbb22a
[2] https://lists.busybox.net/pipermail/buildroot/2025-March/775911.html
[3] https://gitlab.com/buildroot.org/buildroot/-/commit/02540771bccf7b10c7daecce5f0e1e41a73c1e07
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[Julien:
- add commands to reproduce the issue
- add reference to buildroot commit introducing the issue
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
This is a corrective release over GDB 16.1, fixing the following issues:
PR build/32578 (cannot build GDB 16.1 out of tree when calling the configure script with a relative path)
PR tui/32592 ([gdb/tui] internal error in tui-winsource.c:340:refresh_window)
PR remote/32593 (Incompatibilities between GDB's and LLDB's 'x' packet implementation)
PR build/32610 (Missing #include file in darwin_nat.c)
None of which is really super important for Buildroot, but at least
we're using the latest without wondering why we're not.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Fixes the following security issue:
CVE-2025-27091: OpenH264 Decoding Functions Heap Overflow Vulnerability
A vulnerability in the decoding functions of OpenH264 codec library could
allow a remote, unauthenticated attacker to trigger a heap overflow.
This vulnerability is due to a race condition between a Sequence Parameter
Set (SPS) memory allocation and a subsequent non Instantaneous Decoder
Refresh (non-IDR) Network Abstraction Layer (NAL) unit memory usage. An
attacker could exploit this vulnerability by crafting a malicious bitstream
and tricking a victim user into processing an arbitrary video containing the
malicious bitstream. An exploit could allow the attacker to cause an
unexpected crash in the victim's user decoding client and, possibly, perform
arbitrary commands on the victim's host by abusing the heap overflow.
https://github.com/cisco/openh264/security/advisories/GHSA-m99q-5j7x-7m9xhttps://github.com/cisco/openh264/releases/tag/2.5.1
The upstream tag now has no 'v' prefix, so drop it from _SITE.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
23.2.5 fixes the following security issues:
1) CVE-2024-31080: Heap buffer overread/data leakage in ProcXIGetSelectedEvents
Introduced in: xorg-server-1.7.0 (2009)
Fixed in: xorg-server-21.1.12 and xwayland-23.2.5
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/96798fc1967491c80a4d0
Found by: Alan Coopersmith of Oracle Solaris, while investigating
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=69762
The ProcXIGetSelectedEvents() function uses the byte-swapped length of the
return data for the amount of data to return to the client, if the client
has a different endianness than the X server.
2) CVE-2024-31081: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice
Introduced in: xorg-server-1.7.0 (2009)
Fixed in: xorg-server-21.1.12 and xwayland-23.2.5
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/3e77295f888c67fc7645d
Found by: Alan Coopersmith of Oracle Solaris
The ProcXIPassiveGrabDevice() function uses the byte-swapped length of the
return data for the amount of data to return to the client, if the client
has a different endianness than the X server.
3) CVE-2024-31083: User-after-free in ProcRenderAddGlyphs
Introduced in: prior to X11R6.7 (2004)
Fixed in: xorg-server-21.1.12 and xwayland-23.2.5
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/bdca6c3d1f5057eeb3160
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
The ProcRenderAddGlyphs() function calls the AllocateGlyph() function
to store new glyphs sent by the client to the X server. AllocateGlyph()
would return a new glyph with refcount=0 and a re-used glyph would end up
not changing the refcount at all. The resulting glyph_new array would thus
have multiple entries pointing to the same non-refcounted glyphs.
ProcRenderAddGlyphs() may free a glyph, resulting in a use-after-free when
the same glyph pointer is then later used.
https://lists.x.org/archives/xorg-announce/2024-April/003497.html
24.1.4 fixes the following security issues:
1) CVE-2024-9632: Heap-based buffer overflow privilege escalation in
_XkbSetCompatMap
Introduced in: xorg-server-1.1.1 (2006)
Fixed in: xorg-server-21.1.14 and xwayland-24.1.4
Fix:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/85b776571487f52e756f68a069c768757369bfe3
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
The _XkbSetCompatMap() function attempts to resize the `sym_interpret`
buffer.
However, It didn't update its size properly. It updated `num_si` only,
without updating `size_si`.
This may lead to local privilege escalation if the server is run as root
or remote code execution (e.g. x11 over ssh).
xorg-server-21.1.14 and xwayland-24.1.4 have been patched to fix this issue.
https://lists.x.org/archives/xorg-announce/2024-October/003545.html
24.1.6 fixes the following security issues:
1) CVE-2025-26594: Use-after-free of the root cursor
Introduced in: Unknown - Prior to X11R6.6 Xorg baseline
Fixed in: xorg-server-21.1.16 and xwayland-24.1.6
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/01642f26https://gitlab.freedesktop.org/xorg/xserver/-/commit/b0a09ba6
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
The root cursor is referenced in the xserver as a global variable. If
a client manages to free the root cursor, the internal reference points
to freed memory and causes a use-after-free.
xorg-server-21.1.16 and xwayland-24.1.6 have been patched to fix this issue.
2) CVE-2025-26595: Buffer overflow in XkbVModMaskText()
Introduced in: Prior to X11R6.1
Fixed in: xorg-server-21.1.16 and xwayland-24.1.6
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/11fcda87
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
The code in XkbVModMaskText() allocates a fixed sized buffer on the
stack and copies the names of the virtual modifiers to that buffer.
The code however fails to check the bounds of the buffer correctly and
would copy the data regardless of the size, which may lead to a buffer
overflow.
xorg-server-21.1.16 and xwayland-24.1.6 have been patched to fix this issue.
3) CVE-2025-26596: Heap overflow in XkbWriteKeySyms()
Introduced in: initial version of xc/programs/Xserver/xkb/xkb.c in X11R6
Fixed in: xorg-server-21.1.16 and xwayland-24.1.6
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/80d69f01
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
The computation of the length in XkbSizeKeySyms() differs from what is
actually written in XkbWriteKeySyms(), which may lead to a heap based
buffer overflow.
xorg-server-21.1.16 and xwayland-24.1.6 have been patched to fix this issue.
4) CVE-2025-26597: Buffer overflow in XkbChangeTypesOfKey()
Introduced in: X11R6.1
Fixed in: xorg-server-21.1.16 and xwayland-24.1.6
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/0e4ed949
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
If XkbChangeTypesOfKey() is called with 0 group, it will resize the key
symbols table to 0 but leave the key actions unchanged.
If later, the same function is called with a non-zero value of groups,
this will cause a buffer overflow because the key actions are of the wrong
size.
5) CVE-2025-26598: Out-of-bounds write in CreatePointerBarrierClient()
Introduced in: xorg-server-1.14.0
Fixed in: xorg-server-21.1.16 and xwayland-24.1.6
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/bba9df1a
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
The function GetBarrierDevice() searches for the pointer device based on
its device id and returns the matching value, or supposedly NULL if no
match was found.
However the code will return the last element of the list if no matching
device id was found which can lead to out of bounds memory access.
6) CVE-2025-26599: Use of uninitialized pointer in compRedirectWindow()
Introduced in: Xorg 6.8.0.
Fixed in: xorg-server-21.1.16 and xwayland-24.1.6
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/c1ff84behttps://gitlab.freedesktop.org/xorg/xserver/-/commit/b07192a8
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
The function compCheckRedirect() may fail if it cannot allocate the backing
pixmap. In that case, compRedirectWindow() will return a BadAlloc error
without the validation of the window tree marked just before, which leaves
the validate data partly initialized, and the use of an uninitialized pointer
later.
7) CVE-2025-26600: Use-after-free in PlayReleasedEvents()
Introduced in: X11R5
Fixed in: xorg-server-21.1.16 and xwayland-24.1.6
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/6e0f332b
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
When a device is removed while still frozen, the events queued for that
device remain while the device itself is freed and replaying the events
will cause a use after free.
8) CVE-2025-26601: Use-after-free in SyncInitTrigger()
Introduced in: X11R6
Fixed in: xorg-server-21.1.16 and xwayland-24.1.6
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/16a1242dhttps://gitlab.freedesktop.org/xorg/xserver/-/commit/f52cea2fhttps://gitlab.freedesktop.org/xorg/xserver/-/commit/8cbc90c8https://gitlab.freedesktop.org/xorg/xserver/-/commit/c2857989
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
When changing an alarm, the values of the change mask are evaluated one
after the other, changing the trigger values as requested and eventually,
SyncInitTrigger() is called.
If one of the changes triggers an error, the function will return early,
not adding the new sync object.
This can be used to cause a use after free when the alarm eventually
triggers.
https://lists.x.org/archives/xorg-announce/2025-February/003584.html
Drop now removed xwayland_eglstream option:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/701284f057b41bba0b0cc4b3f851958af95ac978
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
21.1.14 fixes the following security issues:
1) CVE-2024-9632: Heap-based buffer overflow privilege escalation in
_XkbSetCompatMap
Introduced in: xorg-server-1.1.1 (2006)
Fixed in: xorg-server-21.1.14 and xwayland-24.1.4
Fix:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/85b776571487f52e756f68a069c768757369bfe3
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
The _XkbSetCompatMap() function attempts to resize the `sym_interpret`
buffer.
However, It didn't update its size properly. It updated `num_si` only,
without updating `size_si`.
This may lead to local privilege escalation if the server is run as root
or remote code execution (e.g. x11 over ssh).
xorg-server-21.1.14 and xwayland-24.1.4 have been patched to fix this issue.
https://lists.x.org/archives/xorg-announce/2024-October/003545.htmlhttps://lists.x.org/archives/xorg-announce/2024-October/003546.html
21.1.16 fixes the following security issues:
1) CVE-2025-26594: Use-after-free of the root cursor
Introduced in: Unknown - Prior to X11R6.6 Xorg baseline
Fixed in: xorg-server-21.1.16 and xwayland-24.1.6
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/01642f26https://gitlab.freedesktop.org/xorg/xserver/-/commit/b0a09ba6
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
The root cursor is referenced in the xserver as a global variable. If
a client manages to free the root cursor, the internal reference points
to freed memory and causes a use-after-free.
xorg-server-21.1.16 and xwayland-24.1.6 have been patched to fix this issue.
2) CVE-2025-26595: Buffer overflow in XkbVModMaskText()
Introduced in: Prior to X11R6.1
Fixed in: xorg-server-21.1.16 and xwayland-24.1.6
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/11fcda87
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
The code in XkbVModMaskText() allocates a fixed sized buffer on the
stack and copies the names of the virtual modifiers to that buffer.
The code however fails to check the bounds of the buffer correctly and
would copy the data regardless of the size, which may lead to a buffer
overflow.
xorg-server-21.1.16 and xwayland-24.1.6 have been patched to fix this issue.
3) CVE-2025-26596: Heap overflow in XkbWriteKeySyms()
Introduced in: initial version of xc/programs/Xserver/xkb/xkb.c in X11R6
Fixed in: xorg-server-21.1.16 and xwayland-24.1.6
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/80d69f01
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
The computation of the length in XkbSizeKeySyms() differs from what is
actually written in XkbWriteKeySyms(), which may lead to a heap based
buffer overflow.
xorg-server-21.1.16 and xwayland-24.1.6 have been patched to fix this issue.
4) CVE-2025-26597: Buffer overflow in XkbChangeTypesOfKey()
Introduced in: X11R6.1
Fixed in: xorg-server-21.1.16 and xwayland-24.1.6
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/0e4ed949
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
If XkbChangeTypesOfKey() is called with 0 group, it will resize the key
symbols table to 0 but leave the key actions unchanged.
If later, the same function is called with a non-zero value of groups,
this will cause a buffer overflow because the key actions are of the wrong
size.
5) CVE-2025-26598: Out-of-bounds write in CreatePointerBarrierClient()
Introduced in: xorg-server-1.14.0
Fixed in: xorg-server-21.1.16 and xwayland-24.1.6
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/bba9df1a
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
The function GetBarrierDevice() searches for the pointer device based on
its device id and returns the matching value, or supposedly NULL if no
match was found.
However the code will return the last element of the list if no matching
device id was found which can lead to out of bounds memory access.
6) CVE-2025-26599: Use of uninitialized pointer in compRedirectWindow()
Introduced in: Xorg 6.8.0.
Fixed in: xorg-server-21.1.16 and xwayland-24.1.6
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/c1ff84behttps://gitlab.freedesktop.org/xorg/xserver/-/commit/b07192a8
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
The function compCheckRedirect() may fail if it cannot allocate the backing
pixmap. In that case, compRedirectWindow() will return a BadAlloc error
without the validation of the window tree marked just before, which leaves
the validate data partly initialized, and the use of an uninitialized pointer
later.
7) CVE-2025-26600: Use-after-free in PlayReleasedEvents()
Introduced in: X11R5
Fixed in: xorg-server-21.1.16 and xwayland-24.1.6
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/6e0f332b
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
When a device is removed while still frozen, the events queued for that
device remain while the device itself is freed and replaying the events
will cause a use after free.
8) CVE-2025-26601: Use-after-free in SyncInitTrigger()
Introduced in: X11R6
Fixed in: xorg-server-21.1.16 and xwayland-24.1.6
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/16a1242dhttps://gitlab.freedesktop.org/xorg/xserver/-/commit/f52cea2fhttps://gitlab.freedesktop.org/xorg/xserver/-/commit/8cbc90c8https://gitlab.freedesktop.org/xorg/xserver/-/commit/c2857989
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
When changing an alarm, the values of the change mask are evaluated one
after the other, changing the trigger values as requested and eventually,
SyncInitTrigger() is called.
If one of the changes triggers an error, the function will return early,
not adding the new sync object.
This can be used to cause a use after free when the alarm eventually
triggers.
https://lists.x.org/archives/xorg-announce/2025-February/003584.htmlhttps://lists.x.org/archives/xorg-announce/2025-February/003585.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Since Buildroot commit [1], the test_gstreamer1 runtime test is
failing to build the tesseract-ocr package. The root cause is that
the test uses the default arm external toolchain, which is the Linaro
ARM 2018.05 based on gcc 7.3.1.
Since [1], tesseract-orc no longer compiles with gcc 7 (it requires at
least gcc 8).
This commit fixes the issue by switching the toolchain to the
bootlin versions (based on gcc 14 at the time of this commit).
Also, changing the compiler version slightly slowed down the video
encoding. This commit also increases the encoding command timeout.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/9407846232
[1] https://gitlab.com/buildroot.org/buildroot/-/commit/f32da8b9844ae5f1b9dc6b7a89d7d9bd9d194f55
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Add an option to install the firmware files used by the xe driver.
Signed-off-by: Francois Dugast <francois.dugast@intel.com>
[Julien: add LICENSE.xe license hash]
Signed-off-by: Julien Olivain <ju.o@free.fr>
The busybox date applet accepts the following:
date @1234567
but this confuses the coreutils version which doesn't implicitly set
time. As some tests might need coreutils binaries we should ensure the
emulator login will work with both. Fix this by passing the -s (set)
option to the command.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Add the LTS sponsors who engaged already for 2025: EVS, Open Home
Foundation, and Sense Labs. There is one more sponsor but they prefer to
remain anonymous.
For Open Home Foundation, we can reuse the existing logo. For the other
two, add their logo.
Add a new class panel-lts-sponsor for sizing the panels. It is different
from panel-sponsor because there doesn't need to be space for an
explanation of what type of sponsorship is done, we just need to have
space for the company name. So the minimum height is 200px instead of
350px.
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The Open Home Foundation logo is in a white area that is too large for
how we display it on the sponsors page. As a result, it ends up at the
bottom of the logo area and it looks very unbalanced.
Crop the logo to a tigher area. Since it is going to end up being
scaled, it's difficult to predict what the best size it is, but cropping
at a height of 300 pixels gives a visually pleasing layout at at least
some resolutions.
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Vulkan support in mesa3d-demos requires vulkan-loader. Without an
explicit config flag it is autodetected, and may or may not be enabled
depending on build order, leading to unpredictable results.
Fix this by explicitly enabling Vulkan support and depending on
vulkan-loader if BR2_PACKAGE_VULKAN_LOADER=y, and disabling Vulkan
support otherwise.
Signed-off-by: Fiona Klute (WIWA) <fiona.klute@gmx.de>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Buildroot bumped Python from 3.12.x to version 3.13.x with commit
d63e207eb8
This python bump removed telnetlib which is needed by nut.
Add upstream patches to fix a build error not yet caught by autobuilders.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
[Julien: fix patch Upstream: tags generating check-package errors]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[Julien: rebase patch after merge of next branch]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[Julien: rebase patch after merge of next branch]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Enabling BR2_PACKAGE_LINUX_TOOLS_SELFTESTS (on rock5b_defconfig,
which uses kernel 6.12 at the time of writing), results in:
make[1]: Leaving directory '/br/output/build/linux-endpoint-test/tools/testing/selftests'
ERROR: architecture for "/usr/lib/kselftests/tc-testing/action-ebpf" is "Linux BPF", should be "AArch64"
make: *** [package/pkg-generic.mk:402: /br/output/build/linux-tools/.stamp_installed] Error 1
To solve this, add /usr/lib/kselftests/tc-testing/ to
LINUX_TOOLS_BIN_ARCH_EXCLUDE.
Signed-off-by: Niklas Cassel <cassel@kernel.org>
Acked-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
support/scripts/check-bin-arch has an option -i to exclude a path
(or many paths by using -i multiple times).
This was implemented in commit 01d90f0d09 ("spport/check-bin-arch:
accept arbitrary per-package ignore paths").
Looking at this feature (which hasn't changed since being added),
we can see that check-bin-arch automatically adds a trailing slash
to all entries specified using -i.
Thus, specifying a path to a file, e.g.
"/usr/libexec/perf-core/tests/pe-file.exe" will cause check-bin-arch
to add "/usr/libexec/perf-core/tests/pe-file.exe/" to the IGNORES array.
When running the main loop, the file
"/usr/libexec/perf-core/tests/pe-file.exe" will thus not be ignored,
since it will not trigger a match the pattern that was added to the
IGNORES array ("/usr/libexec/perf-core/tests/pe-file.exe/").
This means that the -i option in check-bin-arch only supports directories
and not files.
Fix the LINUX_TOOLS_BIN_ARCH_EXCLUDE in
package/linux-tools/linux-tool-perf.mk.in to specify a directory, as the
existing LINUX_TOOLS_BIN_ARCH_EXCLUDE can never have actually worked.
Fixes: a7ad781626 ("package/linux-tools: Exclude checking PE binaries from perf test")
Signed-off-by: Niklas Cassel <cassel@kernel.org>
Acked-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Change all Kconfig entries for packages in the "Bootloaders" menu to
submenus.
Currently many bootloaders and firmwares in this menu use a 'config'
keyword and thus menuconfig presents their sub-options as a flat list in
the same menu. This is not very convenient as some have a lot of
sub-options, and in (more and more common) configurations with multiple
such packages enabled the menuconfig screen becomes very crowded. Moreover
options of 'string' type don't have a visible indentation when their value
exceeds a few characters, thus making it visually hard to grasp which
package the various options belong to.
Non-bootloader packages having suboptions usually use a 'menuconfig'
keywork to have sub-options in a submenu. Do the same for packages in the
"Bootloaders" menu which have more than one sub-option.
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Reviewed-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Due to how menuconfig works, a 'comment' entry following a 'config' entry
prevents correct indentation of items depending on the 'config'
entry. xilinx-embeddedsw currently shows as:
[*] xilinx-embeddedsw
*** xilinx-embeddedsw needs a bare metal toolchain for tuple microblazeel-xilinx-elf ***
(xilinx_v2024.2) xilinx-embeddedsw version (NEW)
[ ] versal plm (NEW)
[ ] versal psmfw (NEW)
[ ] zynqmp pmufw (NEW)
[ ] xilinx-prebuilt
So the 'versal *' and 'zynqmp pmufw' items are not indented even though
they should be.
Do like most other Config.in files which have the 'comment' before the
'config' entry, makeing it render as expected:
*** xilinx-embeddedsw needs a bare metal toolchain for tuple microblazeel-xilinx-elf ***
[*] xilinx-embeddedsw
(xilinx_v2024.2) xilinx-embeddedsw version (NEW)
[ ] versal plm (NEW)
[ ] versal psmfw (NEW)
[ ] zynqmp pmufw (NEW)
[ ] xilinx-prebuilt
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Reviewed-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This is in the mainline kernel since v5.1-rc3:
9c38f1f04408 ("kconfig/[mn]conf: handle backspace (^H) key")
Quoting the commit's log:
"
Backspace is not working on some terminal emulators which do not send the
key code defined by terminfo. Terminals either send '^H' (8) or '^?' (127).
But currently only '^?' is handled. Let's also handle '^H' for those
terminals.
"
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Update CPython to 3.13.2.
The package selection logic has changed to require time64 support for
uClibc by mirroring the logic from uclibc.mk (kernel headers >=5.1).
The following patches have been removed:
- Quirking ac_cv_buggy_getaddrinfo on cross compile
* This is resolved by always assuming it's not bugged via
ac_cv_buggy_getaddrinfo=no
- Disabling lib2to3 in builds
* CPython 3.13 no longer ships lib2to3
- Fix cross compiles when host and target are on the same SOABI
* This was fixed upstream [0]
- Fixing the MULTIARCH value for musl/uClibc
* CPython 3.13 moved to new platform triplet detection logic [1] which
supports musl. uClibc does not generate a platform triplet so will
not fail the check against MULTIARCH. See also [2].
One patch has been added that fixes thread identifiers on 32bit musl.
This commit also updates the license hash, after year change. See [3].
[0]: https://github.com/python/cpython/commit/909d5ac2959ea88e1d3b38f35676a1c7e5dd44f6
[1]: https://github.com/python/cpython/commit/c163d7f0b67a568e9b64eeb9c1cbbaa127818596
[2]: https://github.com/python/cpython/issues/118942
[3]: https://github.com/python/cpython/commit/c86571e4c9765a88ba05a7d9b874b40af0e1d6ab
Signed-off-by: Vincent Fazio <vfazio@gmail.com>
[Julien: fix license hash]
Signed-off-by: Julien Olivain <ju.o@free.fr>
In commit ba70f94e62 (subversion makes it so we do not need a separate
tarball to store empty directories and symlinks for the target_skeleton.)
/etc/resolv.conf was made a symlink to ../tmp/resolv.conf. There was no
rationale behind this change, but back at the time (2006!), the only
location that Buildroot guaranteed to be writable was /tmp, and we
needed a writable location to create resolv.conf from a DHCP reply for
example, so the change made sense.
Commits 2f67d9e2fe (preparation for BR2_PACKAGE_BUSYBOX_SKELETON), in
2007, then d9119c0bc5 (move default skeleton to fs/ and drop busybox
skeleton), in 2010, and finally 6c3e3ad419 (New top-level directory:
system), in 2012, propagated that /etc/resolv.conf without any change in
the target of the symlink.
However, since commit d380dde1d2 (skeleton: make /run a proper
directory/filesystem), in 2015, a tmpfs has been mounted on /run, so it
is now guaranteed to be writable as well for SYS-V-based systems. That
has also been the case for openrc since commit a840e485d1
(package/skeleton-init-openrc: new package), in 2019. This has also
always been the case for systemd as well.
resolv.conf is not a temporary file [0]; it is really more of a runtime
data; its location in /tmp is just a historical artefact of a long-wrong
assertion.
Nowadays, distributions either have an actual file as /etc/resolv.conf
(when /etc is writable), or it is a symlink to a location below /run.
Although resolv.conf is used by the C library resolver, a lot of
applications now will directly use it; this is the case for some
container management tools, such as podman (and its helpers, like
netavark), that expect /etc/resolv.conf to either be a file or a symlink
to somewhere in /run, and fail to provide DNS services if that is not
the case.
So, we move the target of /etc/resolv.conf to ../run/resolv.conf.
As a consequence, we can drop the workaround in podman's runtime test.
To be noted: there are tow custom fstab files in Buildroot that do not
explicitly mount a tmpfs on /run:
- one for a systemd runtime test, so /run would also be a tmpfs there
anyway, as systemd does mount one;
- one for the mender_x86_64_efi_defconfig; that's a not a problem:
/ is an ext4 that is mounted r/w (and /tmp is not a tmpfs either, so
the symlink to /tmp would not not have worked if / was not r/w
anyway).
This leaves people with their own fstab, to adapt. Cater to them by
adding a little blurb in the documentation.
Note: the following 43 tests all built and ran successfully:
tests.init
tests.package.test_apache
tests.package.test_docker_compose
tests.package.test_dropbear
tests.package.test_iputils
tests.package.test_podman
tests.package.test_skopeo
tests.package.test_wget
(no other runtime test were attempted)
[0] temporary, as in relatively short-lived.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
passt/pasta is the officially supported network backend, with slirp4netns
only considered a legacy solution. However, some people have experienced
corner cases when using passt/pasta (as it still is a young stack), so we
do not want to do a blanket replace of slirp4netns just yet. Still, we
make passt/pasta the default option.
As a consequence, the existing runtime tests will now test passt/pasta,
so we introduce two new tests for slirp4netns as a network backend.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Podman is a container manager not unlike Docker, but is daemon-less.
Similarly to docker-engine, quite a few kernel config options are
required; as they are very similar in goals and features, the options
from docker-engine have been duplicated for podman. As that was not
enough, a few additional options have been added after trial-and-error
testing (they are not explicitly listed in the documentation).
The documentation [0] states that seccomp can be disabled (i.e. not
enabled). However, without seccomp support, starting containers requires
--security-opt=seccomp=unconfined to be specified; it does not look
trivial to make that the default, though [1]. Furthermore, containers
are about security, so disabling a security measure does not sound too
good. So we make seccomp support mandatory.
Podman needs netavark as a the network backend (it missing is a hard
error at runtime). It is supposed to also require aardvark-dns, an
authoritative DNS resolver, but it missing does not look to adversely
affect networking, so it is not used (as not even packaged in Buildroot
yet).
Podman can run either as the root user, or it can run rootless, i.e. by
a non-root user, which requires a bit of setup (see below, in the
runtime test) and a few other dependencies: slirp4netns [2] (to provide
network connectivity in userland), and support for subordinate UIDs and
GIDs with the shadow library. Rootless mode is one of the main selling
point for podman, so we decided that this would not be configurable in
Buildroot.
Similar to Docker, podman can inject a minimalist init as PID1 in
containers, and like Docker, this is optional; podman however by default
uses catatonit as such an init [3]. As for Docker-engine, we offer a
choice of which init package to use to provide podman-init.
Podman requires at least three config files; they can be either per-user
or system-wide:
- containers.conf [4]: defines various settings for the container
runtimes;
- policy.json [5]: defines what signature to accept to validate
images; without one such file, podman just refuses to pull images;
- registries.conf [6]: defines where to pull images from; without it,
podman does not know how to pull un-qualified images (i.e. images
where the registry is not specified in the path, and which Docker
would fetch from the Docker Hub, e.g. "busybox:latest").
For those three files, we provide a very minimal default that (in the
same order as above):
- uses the slirp4netns network backend for rootless operation (the
default in podman is to use pasta [1], so we need to explicitly
configure it to use slirp4netns);
- allows pulling images which signature can't be verified;
- pulls unqualified images from the Docker Hub, as is traditional.
Providing actual files is going to be use-case dependent, and interested
parties will have to provide their own config files, e.g. in a rootfs
overlay.
Finally, we add a runtime test for podman. Podman is a huge binary, and
may call other huge binaries (netavark...); this can be quite slow in
the emulated machine (even when running on a very fast host machine), so
we use a huge timeout for all commands involving podman, even those that
exit the containers, as that may need to tear down podman setup.
The default kernel used in runtime tests is missing a lot of features,
so we need to build our own; we use the same version as the bundled
kernel. We can't use cpio either, because we need a filesystem that can
be used as a lower and upper of overlayfs, which is not possible with
the filesystem the cpio is extracted into; ext2 fits the bill, so we use
that. We need a bit of space to store images and stuff, so let's be
generous and allocate 256M.
To test rootless operation, we need a non-root user that has some
special setup [7]; it is easier to run the commands from the infra
rather than carry a user-definition table and a rootfs overlay. We need
that user to have the same prompts (main and continuation) so that the
REPLWrapper still detects those; it has the unfortunate side effect that
it is not immediately obvious whether a command was run as root or not,
and one has to look back up in the run-log to see whether there was a
transition to another user earlier.
Still for rootless containers, podman/netavark expect /etc/resolv.conf
to be either a plain file, or a symlink that points either deeper in
/etc or anywhere in /run; if resolv.conf resolves to any other location,
DNS in rootless containers does not work. This is reasonable, and is
what already happens on a systemd-based system (and thus all major
distributions nowadays. However, in Buildroot, we put the actual file in
/tmp; this is historical, and dates back to the days where Buildroot did
not have a guaranteed-writable /run. So, we work around this limitation
in the test (for now).
The official busybox image on the Docker Hub supports a lot of
architectures, of which armv7 which we use for this runtime test.
Finding a small image that also supports armv7 on other registries was
a bit of a challenge; we eventually found one busybox image on quay.io,
but it is not an official busybox image; still, it fits the bill, so we
use it.
There is no runtime test with systemd, as this requires quite some
additional setup that does not look very trivial to do; when it detects
it is running under systemd in rootless mode, podman expects that a full
user session exists, or it whines about it every time it is started,
reverting to non-systemd behaviour; getting a full user session does not
look to be that trivial (PAM?), so this would not exercise the actual
integration with systemd, so the test would not be meaningful, so it is
not provided. This is left as an exercise to an interested party to
extend the tests.
PS: Hat-tip to Raphael, who provided some pointers and hints on this
change, especially for rootless mode. Thanks! 👍
[0] https://podman.io/docs/installation#get-source-code
[1] it looks like we can provide a custom seccomp profile, by specifying
seccomp_profile="PATH" in containers.conf; that would still require
seccomp support to use that file, though, so that does not change the
outcome.
[2] it is possible to use another backend, but it is not packaged in
in Buildroot yet: https://passt.top/passt/about/#pasta-pack-a-subtle-tap-abstraction
[3] podman expects a 'catatonit' helper in /usr/libexec/podman, so even
if tini would be usable instead, it would not feel right to use it to
impersonate catatonit. So let's assume that only catatonit is supported.
[4] https://github.com/containers/common/blob/main/docs/containers.conf.5.md
[5] https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md
[6] https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md
[7] https://github.com/containers/podman/blob/main/docs/tutorials/rootless_tutorial.md
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Raphael Pavlidis <raphael.pavlidis@gmail.com>
Cc: Christian Stewart <christian@aperture.us>
Cc: Julien Olivain <ju.o@free.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Currently, nftables JSON support is implicit: if jansson is enabled,
JSON support is enabled, otherwise it is not.
Some packages will require that nftables be built with JSON support;
that's the case of netavarks, for example (to come in a later patch).
So, in the current state, it would mean a package would have to select
jansson, although it does not itself use it, so that nftables has JSON
support. This does not feel right.
Instead, introduce an option to nftables, to explicitly enabled JSON
support. Packages such as netavark would then just have to require JSON
support in nftables.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Currently, the cgroupfs-mount package only mounts a cgroup v1 hierarchy,
but v1 is considered legacy and obsolete, while v2 has been around for a
while now, and is required by some packages (e.g. podman whines about
v1).
cgroupfs-mount has not had a release in almost 8 years now, and only the
occasional commit since then and until more than 3 years ago. It's not
going to evolve...
Add a new package with a simple-enough sysv startup script, that mounts
the cgroup v2 hierarchy filesystem. For systemd, there's nothing to do,
as systemd handles the mount by itself.
Since both cgroup v1 and v2 use the same mountpoint, we can't have both
enabled at the same time, and thus we restrict the v2 to be hidden when
v1 is enabled (quite a few packages select the v1; changing those would
require that they be validated against v2 first...)
Note that, due to limitations in Kconfig, cgroupfs-v2-mount will appear
indented below cgroupfs-mount, because it has a (negative) dependency on
it. This spurious indentation is unfortunate and annoying, but benign;
fixing that would require breaking the dependency with a random Kconfig
symbol, which we don't have, and which we decided not to introduce just
for this one use-case (well, there's host-gnupg and host-gnupg2 that
have the exact same issue, but meh...)
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Fiona Klute <fiona.klute@gmx.de>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
When it was introduced in 2016 with commit 0e1547a87c (cgroupfs-mount:
new package), we did not yet have the infrastructure for package to set
kernel config options, which only came 4 years later with commit
0aed4c2dae (linux: allow packages to set kernel config options).
So at that time, the requirements for cgroupfs-mount were documented in
the help for the Kconfig symbol.
But now that we do have the infrastructure in place, actually use it to
set the required options, and drop the list from the Kconfig entry (that
would be duplication, prone to bit-rot with time, and other packages do
not document their requirements in Kconfig, they just use the infra to
set the options).
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Skopeo can be used to manipulate container images, and so can be useful
on target devices that are going to be used as a host to run containers.
So, add a target variant for skopeo.
... with a runtime test while at it.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Christian Stewart <christian@aperture.us>
Cc: Yann E. MORIN <yann.morin@orange.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
When it detects it runs under systemd, conmon will want to log to the
journal. However, it needs to be linked with libsystemd to do so and if
not, will error out:
Feb 22 11:10:03 buildroot conmon[199]: conmon 3b462ce6f2cc64f75c42 <error>: Include journald in compilation path to log to systemd journal
This prevents starting any container.
Add a dependency to systemd when it is enabled.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Christian Stewart <christian@aperture.us>
Signed-off-by: Julien Olivain <ju.o@free.fr>
When the subids feature is enabled, shadow will install a library and a
header:
$ sort output/build/shadow-4.16.0/.files-list.txt
[...]
shadow,./lib/libsubid.la
shadow,./lib/libsubid.so
shadow,./lib/libsubid.so.5
shadow,./lib/libsubid.so.5.0.0
[...]
shadow,./usr/include/shadow/subid.h
[...]
Install to staging in that case.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Raphael Pavlidis <raphael.pavlidis@gmail.com>
Reviewed-by: Raphael Pavlidis <raphael.pavlidis@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
When time comes to check certificates, the date and time in the emulated
machine should be close enough to the actual values, so that certificate
validity can be checked.
Some Qemu machines have an RTC (e.g. arm vexpress-a9 has a pl031), and
the kernel needs a driver for those RTC. It is not guaranteed that the
machine used for a test meets those two conditions; in such a case, the
time in the machine starts way back in the past (1970-01-01T00:00:00Z on
sysv, or the release date of systemd). This is the case with the default
kernel, so such tests do not have the proper time.
Set the date to the date of the host system. This is going to be accurate
to the second, which is, by far, enough for our purpose.
To avoid having to consider what combination of emulated machine and kernel
configuration are being used, we always set the date, as this is a
generic step that should be done by the infra (like login in as root is).
The Emulator() class doesn't inherit from unittest.TestCase, so we can't
call any of the usual self.assertXXX() methods; instead, we just raise
a standard exception, like is done a few lines above to detect the login
prompt.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Ricardo Martincoski <ricardo.martincoski@datacom.com.br>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Like the existing tini, catatonit can be used as minimal init to be
used as PID-1.
Add it to the list of init systems, like was done for tini in
24cac9c4e6 (system: add tini as init system) and tinyinit in
c1daa35cd9 (package/tinyinit: new package).
Unlike the "main" init systems, there is no historical preference for
those minimalist init systems, so just keep them alphabetically
ordered.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
currently, docker-engine can only use tini as injected init. catatonit
as a package exists, but it does not create the symlink that would be
needed at runtime [0].
Add a choice at the docker-engine level, for which injected init to use,
bringing catatonit to the integration level of tini.
[0] that could be done in a post-build script, but that's not practical.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Christian Stewart <christian@aperture.us>
Cc: Fiona Klute (WIWA) <fiona.klute@gmx.de>
Tested-by: Fiona Klute (WIWA) <fiona.klute@gmx.de>
[Julien: move the legacy option to a new 2025.05 section]
Signed-off-by: Julien Olivain <ju.o@free.fr>
tini can be used standalone, not just as an init injected by docker.
As such, creating the docker-engine's init symlink does not belong to
tini itself, but to docker-engine.
This will also help later, when we allow docker-engine to use another
init alternative, catatonit (already paclkaged in Buildroot, but not
integrated with docker).
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Christian Stewart <christian@aperture.us>
Cc: Fiona Klute (WIWA) <fiona.klute@gmx.de>
Tested-by: Fiona Klute (WIWA) <fiona.klute@gmx.de>
Signed-off-by: Julien Olivain <ju.o@free.fr>
- Updated Linux, U-Boot, and TF-A to lf-6.6.52-2.2.0 tag.
- Updated readme.txt
Signed-off-by: Akhilesh Nema <nemaakhilesh@gmail.com>
[Julien: remove fmc and fmlib in readme.txt to reflect
comment from Brandon Maier]
Signed-off-by: Julien Olivain <ju.o@free.fr>
- The license file was renamed from COPYING to LICENSE.
- Added a patch to fix build errors with gcc-14.
Signed-off-by: Akhilesh Nema <nemaakhilesh@gmail.com>
Reviewed-by: Brandon Maier <brandon.maier@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The package is unchanged; a new tag was added to match other NXP QorIQ package versions.
Signed-off-by: Akhilesh Nema <nemaakhilesh@gmail.com>
Reviewed-by: Brandon Maier <brandon.maier@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Remove patches that are now included in upstream release.
Package switched from autotools to cmake based build.
Backport two build fixes that are already merged upstream.
* 0001-Include-time.h-for-timespec-struct-definition.patch fixes a musl
build issue
* 0002-CMakeLists.txt-add-an-option-to-control-shared-libra.patch fixes
static only builds
Release Notes: https://github.com/linux-can/can-utils/releases/tag/v2025.01
Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Changelog:
2025-01-04 Jess Thrysoee
* all: sync with upstream source
2024-08-08 Jess Thrysoee
* all: sync with upstream source
* doc/Makefile.am: fix regression. Name all manpage links as el_*
(e.g. el_history.3) to avoid conflicts.
Reported by Zopolis4
2024-05-17 Jess Thrysoee
* all: sync with upstream source
Upstream changes are theoretically viewable at [1] but not
in a very readable form.
[1] http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libedit
Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Add support for the LicheePi 4A with mainline component:
- Linux Kernel 6.12
The following components are provided by vendor:
- U-Boot 2020.01
- OpenSBI v0.9
Board homepage and more usable wiki:
- https://wiki.sipeed.com/hardware/en/lichee/th1520/lpi4a/1_intro.html
th1520-boot-firmware is selected from the package sipeed-lpi4abin.
This is inspired from lone0's fork of buildroot for th1520.[1]
[1] https://github.com/lone0/buildroot-th1520
Signed-off-by: Kanak Shilledar <kanakshilledar@gmail.com>
[Julien: Tested on cpu board version 51601
on base board version 51602]
Tested-by: Julien Olivain <ju.o@free.fr>
[Julien:
- add Signed-off-by line in commit log
- reorder defconfig entries with "make savedefconfig"
- fixed post-image.sh shellcheck warnings
(found with "make check-package")
- add extra info in readme.txt
- change linux-headers.hash to a symlink
- change linux.hash comment to take hash from upstream
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Sipeed LicheePi 4A requires some proprietary binaries
for booting, these are provided in the th1520-boot-firmware
repo [1]. These binaries are also required for the onboard
sound and wifi.
[1] https://github.com/revyos/th1520-boot-firmware
Signed-off-by: Kanak Shilledar <kanakshilledar@gmail.com>
[Julien:
- add Signed-off-by line in commit log
- reindent SIPEED_LPI4ABIN_FILES with 1 tab
- fix DEVELOPERS entry (remove extra 's')
- add upstream url in Config.in
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
- Update syslogd -T documentation, it applies to messages originating
both locally and from remote syslog servers
- Fix hostname filtering support, introduced in v2.7.0, broken
- Fix parsing of userspace messages in /dev/kmsg, inserted an
extra space before the message payload
From https://github.com/troglobit/sysklogd/releases/tag/v2.7.1
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Note: configs/freescale_imx6{dl,q,sx}* corresponds to the five:
freescale_imx6dlsabreauto_defconfig
freescale_imx6dlsabresd_defconfig
freescale_imx6qsabreauto_defconfig
freescale_imx6qsabresd_defconfig
freescale_imx6sxsabresd_defconfig
Those i.MX6 Sabre defconfigs have a lot in common. This is why they are
all updated at once in this single commit.
This commit bumps U-Boot and Linux kernel to the NXP BSP
lf-6.6.52-2.2.0 versions
Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Tested-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Bump U-Boot and Linux kernel to the NXP BSP lf-6.6.52-2.2.0 versions.
Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Bump U-Boot and Linux kernel to the NXP BSP lf-6.6.52-2.2.0 versions.
Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Bump ATF, U-Boot and Linux kernel to the NXP BSP lf-6.6.52-2.2.0
versions.
Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Bump ATF, U-Boot and Linux kernel to the NXP BSP lf-6.6.52-2.2.0
versions.
Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Bump ATF, U-Boot and Linux kernel to the NXP BSP lf-6.6.52-2.2.0
versions.
Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Bump ATF, U-Boot and Linux kernel to the NXP BSP lf-6.6.52-2.2.0
versions.
Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Bump ATF, U-Boot and Linux kernel to the NXP BSP lf-6.6.52-2.2.0
versions.
Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Bump ATF, U-Boot and Linux kernel to the NXP BSP lf-6.6.52-2.2.0
versions.
Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Bump ATF, U-Boot and Linux kernel to the NXP BSP lf-6.6.52-2.2.0
versions.
Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This version is aligned with NXP Linux BSP version "lf-6.6.52-2.2.0".
License hashes changed because the LA_OPT_NXP_Software_License changed
from "v56 April 2024" to "v57 July 2024".
Add SCR.txt to _LICENSE_FILES.
Note: in this release, the package source archive name changed to
include a revision. This commit adds a new _REVISION variable with the
value published in the corresponding NXP BSP.
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
[Julien: fixed the bsp version name in commit log]
Signed-off-by: Julien Olivain <ju.o@free.fr>
This version is aligned with NXP Linux BSP version "lf-6.6.52-2.2.0".
License hashes changed because the LA_OPT_NXP_Software_License changed
from "v56 April 2024" to "v57 July 2024".
Add SCR.txt to _LICENSE_FILES.
Note: in this release, the package source archive name changed to
include a revision. This commit adds a new _REVISION variable with the
value published in the corresponding NXP BSP.
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
[Julien: fixed the bsp version name in commit log]
Signed-off-by: Julien Olivain <ju.o@free.fr>
This version is aligned with NXP Linux BSP version "lf-6.6.52-2.2.0".
License hashes changed because the LA_OPT_NXP_Software_License changed
from "v56 April 2024" to "v57 July 2024".
Add SCR.txt to _LICENSE_FILES.
Note: in this release, the package source archive name changed to
include a revision. This commit adds a new _REVISION variable with the
value published in the corresponding NXP BSP.
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
[Julien: fixed the bsp version name in commit log]
Signed-off-by: Julien Olivain <ju.o@free.fr>
This version is aligned with NXP Linux BSP version "lf-6.6.52-2.2.0".
License hashes changed because the LA_OPT_NXP_Software_License changed
from "v56 April 2024" to "v57 July 2024".
Add SCR.txt and SCR-imx-seco.txt to _LICENSE_FILES.
Note: in this release, the package source archive name changed to
include a revision. This commit adds a new _REVISION variable with the
value published in the corresponding NXP BSP.
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
[Julien: fixed the bsp version name in commit log]
Signed-off-by: Julien Olivain <ju.o@free.fr>
This version is aligned with NXP Linux BSP version "lf-6.6.52-2.2.0".
Add SCR-imx-vpu-hantro-daemon.txt to _LICENSE_FILES.
Note: in this release, the package source archive name changed to
include a revision. This commit adds a new _REVISION variable with the
value published in the corresponding NXP BSP.
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
[Julien: fixed the bsp version name in commit log]
Signed-off-by: Julien Olivain <ju.o@free.fr>
This version is aligned with NXP Linux BSP version "lf-6.6.52-2.2.0".
License hashes changed because the LA_OPT_NXP_Software_License changed
from "v48 July 2023" to "v57 July 2024".
Add SCR-imx-vpu-hantro.txt to _LICENSE_FILES.
Note: in this release, the package source archive name changed to
include a revision. This commit adds a new _REVISION variable with the
value published in the corresponding NXP BSP.
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
[Julien: fixed the bsp version name in commit log]
Signed-off-by: Julien Olivain <ju.o@free.fr>
This version is aligned with NXP Linux BSP version "lf-6.6.52-2.2.0".
License hashes changed because the LA_OPT_NXP_Software_License changed
from "v49 September 2023" to "v57 July 2024".
Add SCR-imx-vpu-hantro.txt to _LICENSE_FILES.
Note: in this release, the package source archive name changed to
include a revision. This commit adds a new _REVISION variable with the
value published in the corresponding NXP BSP.
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
[Julien: fixed the bsp version name in commit log and SoB email]
Signed-off-by: Julien Olivain <ju.o@free.fr>
This version is aligned with NXP Linux BSP version "lf-6.6.52-2.2.0".
License hashes changed because the LA_OPT_NXP_Software_License changed
from "v56 April 2024" to "v57 July 2024".
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
[Julien: fixed the bsp version name in commit log]
Signed-off-by: Julien Olivain <ju.o@free.fr>
This version is aligned with NXP Linux BSP version "lf-6.6.52-2.2.0".
License hashes changed because the LA_OPT_NXP_Software_License changed
from "v49 September 2023" to "v56 April 2024".
Add SCR-imx-codec.txt to _LICENSE_FILES.
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
[Julien: fixed the bsp version name in commit log]
Signed-off-by: Julien Olivain <ju.o@free.fr>
This version is aligned with NXP Linux BSP version "lf-6.6.52-2.2.0".
License hashes changed because the LA_OPT_NXP_Software_License changed
from "v49 September 2023" to "v57 July 2024".
Add SCR.txt file to _LICENSE_FILES.
Note: in this release, the package source archive name changed to
include a revision. This commit adds a new _REVISION variable with the
value published in the corresponding NXP BSP.
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
[Julien: fixed the bsp version name in commit log]
Signed-off-by: Julien Olivain <ju.o@free.fr>
For the i.MX8MM, this package contains a specific library that is not
linked to OpenCL because there is no openCL support on i.MX8MM GPU.
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This version allows to build with Linux 6.14.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
[Julien: add back new line in hash file to fix check-package error]
Signed-off-by: Julien Olivain <ju.o@free.fr>
This removes warnings in editors/IDEs with MyPy typechecking
integration. Test classes override "config" with strings (different
type than None).
Signed-off-by: Fiona Klute (WIWA) <fiona.klute@gmx.de>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Check a save/start/stop cycle based on the rules created by direct
commands in the pre-existing test.
Signed-off-by: Fiona Klute (WIWA) <fiona.klute@gmx.de>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The new test checks that a pre-defined rules file can be loaded and
works as expected, and that after flushing the blocked IP responds to
ping again.
Signed-off-by: Fiona Klute (WIWA) <fiona.klute@gmx.de>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Instead of installing an empty rules file, the init script now checks
if the rules file exists and does nothing if it doesn't. The "save"
action is exempt from that limit because it may be used to create the
rules file.
Also fix the shellcheck warning about the unused IPTABLES_ARGS
variable, and use long form options for iptables commands.
Signed-off-by: Fiona Klute (WIWA) <fiona.klute@gmx.de>
Signed-off-by: Julien Olivain <ju.o@free.fr>
For an nftables-based firewall setup it may be desirable to use
iptables-nft as the "iptables" binary, in particular to better
integrate legacy applications that do not support nftables directly
and call iptables. If the BR2_PACKAGE_IPTABLES_NFTABLES_DEFAULT option
introduced by this patch is enabled, iptables, iptables-restore, and
iptables-save are symlinked to the -nft version of iptables. The
-legacy options can still be called directly if desired.
Signed-off-by: Fiona Klute (WIWA) <fiona.klute@gmx.de>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The init script handles an nftables ruleset file with support for
atomic reloading. By default the ruleset is expected in
/etc/nftables.conf, the location can be changed in
/etc/default/nftables. If the ruleset file does not exist, the script
does nothing and shows a warning about that fact.
Signed-off-by: Fiona Klute (WIWA) <fiona.klute@gmx.de>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.