Fixes the following security issue:
- CVE-2025-48432: Internal HTTP response logging does not escape
request.path, which allows remote attackers to potentially manipulate
log output via crafted URLs. This may lead to log injection or forgery
when logs are viewed in terminals or processed by external systems.
For more information, see:
- https://nvd.nist.gov/vuln/detail/CVE-2025-48432
For more details on the version bump, see the release notes:
- https://docs.djangoproject.com/en/5.1/releases/5.1.11/
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Those security patches have been fetched from the debian patches for
this package version [1].
Fixes the following CVEs:
- CVE-2024-23337: an integer overflow arises when assigning value using
an index of 2147483647, the signed integer limit. This causes a denial
of service.
For more information, see:
- https://nvd.nist.gov/vuln/detail/CVE-2024-23337
- de21386681
- CVE-2024-53427: decNumberCopy in decNumber.c does not properly
consider that NaN is interpreted as numeric, which has a resultant
stack-based buffer overflow and out-of-bounds write, as demonstrated
by use of --slurp with subtraction, such as a filter of .-. when the
input has a certain form of digit string with NaN (e.g., "1 NaN123"
immediately followed by many more digits).
For more information, see:
- https://nvd.nist.gov/vuln/detail/CVE-2024-53427
- a09a4dfd55
[1] https://udd.debian.org/patches.cgi?src=jq&version=1.7.1-6
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Since the package bump [1] the fluent-bit package started to fail
because of an update introduced in fluent-bit v3.2.7 (see [2]).
The following error appeared on the autobuilder in the LTS branch.
```
CMake Error at /home/buildroot/instance-0/output-1/host/share/cmake-3.31/Modules/CMakeTestCXXCompiler.cmake:73 (message):
The C++ compiler
"/bin/false"
is not able to compile a simple test program.
It fails with the following output:
Change Dir: '/home/buildroot/instance-0/output-1/build/fluent-bit-3.2.10/CMakeFiles/CMakeScratch/TryCompile-u4rLgc'
Run Build Command(s): /home/buildroot/instance-0/output-1/host/bin/ninja -v cmTC_71bbf
[1/2] /bin/false -o CMakeFiles/cmTC_71bbf.dir/testCXXCompiler.cxx.o -c /home/buildroot/instance-0/output-1/build/fluent-bit-3.2.10/CMakeFiles/CMakeScratch/TryCompile-u4rLgc/testCXXCompiler.cxx
FAILED: CMakeFiles/cmTC_71bbf.dir/testCXXCompiler.cxx.o
/bin/false -o CMakeFiles/cmTC_71bbf.dir/testCXXCompiler.cxx.o -c /home/buildroot/instance-0/output-1/build/fluent-bit-3.2.10/CMakeFiles/CMakeScratch/TryCompile-u4rLgc/testCXXCompiler.cxx
ninja: build stopped: subcommand failed.
CMake will not be able to correctly generate this project.
Call Stack (most recent call first):
lib/zstd-1.5.7/build/cmake/CMakeLists.txt:36 (project)
```
The commit [3] included two patches to fix the build error
for configs using toolchains without CXX.
Since the build error was already present on v3.2.10,
those patches actually fix the error for LTS version as well.
This patch pick them from the series to apply them on the LTS
branch.
[1] 8bc18fad29 package/fluent-bit: bump to 3.2.10
[2] 0ce59cecdc
[3] 8181727e23 package/fluent-bit: bump to 4.0.0
Fixes: https://autobuild.buildroot.org/results/4b0/4b0646e8fcc3f023ab0173ea8725f381e5055152/
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Buildroot commit [1] removed mysql and replaced it by mariadb in all
packages, but did not propagated all dependencies.
This commit fixes the issue.
Fixes:
WARNING: unmet direct dependencies detected for BR2_PACKAGE_MARIADB
Depends on [n]: BR2_INSTALL_LIBSTDCPP [=y] && !BR2_STATIC_LIBS [=n] && BR2_USE_MMU [=y] && BR2_TOOLCHAIN_HAS_THREADS [=y] && (BR2_TOOLCHAIN_HAS_ATOMIC [=n] || BR2_TOOLCHAIN_HAS_SYNC_8 [=n]) && BR2_USE_WCHAR [=y]
Selected by [y]:
- BR2_PACKAGE_DOVECOT_MYSQL [=y] && BR2_PACKAGE_DOVECOT [=y] && BR2_INSTALL_LIBSTDCPP [=y] && BR2_TOOLCHAIN_HAS_THREADS [=y]
[1] 8708f3a23a
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6967ed93b6)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Commit [1] "package/gstreamer1/gst1-plugins-bad: bump version
to 1.24.11" added new requirements for webrtc which selects the
sctp plugin, but forgot to propagate its dependencies. The sctp
plugin depends on BR2_TOOLCHAIN_HAS_SYNC_4.
This commit fixes this issue.
Fixes:
WARNING: unmet direct dependencies detected for BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_SCTP
Depends on [n]: BR2_PACKAGE_GSTREAMER1 [=y] && BR2_PACKAGE_GST1_PLUGINS_BAD [=y] && BR2_TOOLCHAIN_HAS_SYNC_4 [=n]
Selected by [y]:
- BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_WEBRTC [=y] && BR2_PACKAGE_GSTREAMER1 [=y] && BR2_PACKAGE_GST1_PLUGINS_BAD [=y] && !BR2_STATIC_LIBS [=n]
[1] 90b3cfedf4
Cc: Thomas Bonnefille <thomas.bonnefille@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e34a113b32)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Fix the following autobuild error on configs with host GCC15.
```
/workdir/instance-0/output-1/host/bin/ccache /usr/bin/gcc -O2 -DNDEBUG -Wall -Wstrict-prototypes -Wundef -Wmissing-declarations -Wmissing-prototypes -Wwrite-strings -fno-strict-aliasing -Werror=declaration-after-statement -fno-builtin -fno-common -Werror=return-type -Wno-unused-local-typedefs -DHAVE_STDINT_H=1 -DHAVE_DIRENT_H=1 -DHAVE_SYS_DIR_H=1 -DHAVE_SYS_TIME_H=1 -DHAVE_SYS_TIMES_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_LIBDL=1 -DGX_COLOR_INDEX_TYPE="unsigned long long" -D__USE_UNIX98=1 -DHAVE_SNPRINTF -O2 -I/workdir/instance-0/output-1/host/include -L/workdir/instance-0/output-1/host/lib -Wl,-rpath,/workdir/instance-0/output-1/host/lib -DNOCONTRIB -DHAVE_RESTRICT=1 -DHAVE_LIMITS_H=1 -DHAVE_STRING_H=1 -fno-strict-aliasing -O2 -I/workdir/instance-0/output-1/host/include -L/workdir/instance-0/output-1/host/lib -Wl,-rpath,/workdir/instance-0/output-1/host/lib -DHAVE_POPEN_PROTO=1 -I./base -o ./obj/aux/genconf ./base/genconf.c -lz
In file included from ./base/genconf.c:18:
./base/stdpre.h:348:13: error: 'bool' cannot be defined via 'typedef'
348 | typedef int bool;
| ^~~~
./base/stdpre.h:348:13: note: 'bool' is a keyword with '-std=c23' onwards
./base/stdpre.h:348:1: warning: useless type name in empty declaration
348 | typedef int bool;
| ^~~~~~~
```
This is due to the change in the default C language version in GCC15.
The patch included is not exactly the same as the upstream one, it only
picks the part that fix the `bool` definition and dropped the declaration
type changes.
Fixes: https://autobuild.buildroot.org/results/9c6/9c6cbff256635c6ab4be4c5b7bf18f9d3c4b46681
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit fa45c47fcb)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
go1.23.9 (released 2025-05-06) includes fixes to the runtime and the linker.
go1.23.10 (released 2025-06-05) includes security fixes to the net/http and
os packages, as well as bug fixes to the linker.
Fixes the following security vulnerabilities:
- CVE-2025-4673: net/http: sensitive headers not cleared on cross-origin
redirect
Proxy-Authorization and Proxy-Authenticate headers persisted on
cross-origin redirects potentially leaking sensitive information
- CVE-2025-0913: os: inconsistent handling of O_CREATE|O_EXCL on Unix and
Windows
os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and
Windows systems when the target path was a dangling symlink. On Unix
systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks.
On Windows, when the target path was a symlink to a nonexistent location,
OpenFile would create a file in that location.
- CVE-2025-22874: crypto/x509: usage of ExtKeyUsageAny disables policy validation
Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny
unintentionally disabled policy validation. This only affected
certificate chains which contain policy graphs, which are rather uncommon.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 00f0fca15a)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Fix the following autobuild error that started appearing with host GCC15
configs.
```
/usr/bin/gcc -DHAVE_CONFIG_H -I. -I/workdir/instance-0/output-1/host/include -O2 -I/workdir/instance-0/output-1/host/include -c -o modules/arch/x86/x86arch.o modules/arch/x86/x86arch.c
In file included from modules/arch/x86/x86arch.h:30,
from modules/arch/x86/x86arch.c:31:
./libyasm/bitvect.h:86:32: error: cannot use keyword 'false' as enumeration constant
86 | typedef enum boolean { false = FALSE, true = TRUE } boolean;
| ^~~~~
./libyasm/bitvect.h:86:32: note: 'false' is a keyword with '-std=c23' onwards
```
This is due to the change in the default C language version in GCC15.
Fixes: https://autobuild.buildroot.org/results/d1d/d1d9a6e73c2ec278941dd90c6b07cce01b372feb/
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit aa9ee17701)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Fixes:
If external clang is available on the host system, the buildsystem tries
to use it. The result will be unpredictable. We can't use the version of
clang that is shipped with buildroot either, because it is too old. See:
https://code.qt.io/cgit/qt/qttools.git/tree/.cmake.conf?h=6.8.1. So we
disable clang support in qt6tools for now.
Signed-off-by: Roy Kollen Svendsen <roykollensvendsen@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
(cherry picked from commit ac7f65d83e)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The previous commit removed its only user. It was a blind option so no
legacy handling is needed.
Signed-off-by: Roy Kollen Svendsen <roykollensvendsen@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
(cherry picked from commit 1fad08d32f)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Since we don't need assistant, designer or linguist on target, and we
don't need assistant or designer on host, we unconditionally disable
these tools, to avoid build failures without inreasing the complexity of
the package.
Fixes target linguist build:
-- Could NOT find Qt6LinguistTools (missing: Qt6LinguistTools_DIR)
CMake Error at <...>/output/build/qt6base-6.8.1/cmake/QtToolHelpers.cmake:768 (message):
Failed to find the host tool "Qt6::lconvert". It is part of the
Qt6LinguistTools package, but the package could not be found. Make sure
you have built and installed the host Linguist module, which will ensure
the creation of the Qt6LinguistTools package.
Call Stack (most recent call first):
<...>/output/build/qt6base-6.8.1/cmake/QtToolHelpers.cmake:83 (qt_internal_find_tool)
src/linguist/lconvert/CMakeLists.txt:9 (qt_internal_add_tool)
The following defconfig triggers a target linguist build without
building the necessary lconvert host tool. See:
https://code.qt.io/cgit/qt/qttools.git/tree/src/linguist/CMakeLists.txt?h=6.8.1#n17
BR2_arm=y
BR2_cortex_a9=y
BR2_ARM_ENABLE_VFP=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN_ARMV7_EABIHF_MUSL_STABLE=y
BR2_PACKAGE_QT6=y
BR2_PACKAGE_QT6BASE_GUI=y
BR2_PACKAGE_QT6BASE_PNG=y
BR2_PACKAGE_QT6BASE_WIDGETS=y
BR2_PACKAGE_QT6TOOLS=y
Fixes target designer build:
CMake Error at <...>/output/build/qt6base-6.8.1/cmake/QtPublicWalkLibsHelpers.cmake:267 (message):
The Xml target is mentioned as a dependency for Designer, but not declared.
Call Stack (most recent call first):
<...>/output/build/qt6base-6.8.1/cmake/QtPrlHelpers.cmake:8 (__qt_internal_walk_libs)
<...>/output/build/qt6base-6.8.1/cmake/QtPrlHelpers.cmake:47 (qt_collect_libs)
<...>/buildroot/output/build/qt6base-6.8.1/cmake/QtModuleHelpers.cmake:1027 (qt_generate_prl_file)
<...>/buildroot/output/build/qt6base-6.8.1/cmake/QtScopeFinalizerHelpers.cmake:24:EVAL:1 (qt_finalize_module)
src/designer/src/lib/CMakeLists.txt:DEFERRED
The following defconfig triggers a target designer build, without
selecting the necessary xml qt6base option. See:
https://code.qt.io/cgit/qt/qttools.git/tree/configure.cmake?h=6.8.1#n64https://code.qt.io/cgit/qt/qttools.git/tree/src/designer/src/lib/CMakeLists.txt?h=6.8.1#n182
BR2_arm=y
BR2_cortex_a9=y
BR2_ARM_ENABLE_VFP=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN_ARMV7_EABIHF_MUSL_STABLE=y
BR2_PACKAGE_QT6=y
BR2_PACKAGE_QT6BASE_GUI=y
BR2_PACKAGE_QT6BASE_PNG=y
BR2_PACKAGE_QT6BASE_WIDGETS=y
BR2_PACKAGE_QT6TOOLS=y
Fixes target assistant build:
CMake Error at <...>/output/build/qt6base-6.8.1/cmake/QtToolHelpers.cmake:768 (message):
Failed to find the host tool "Qt6::qhelpgenerator". It is part of the
Qt6ToolsTools package, but the package did not contain the tool. Make sure
that the host module Tools was built with all features enabled (no
explicitly disabled tools).
Call Stack (most recent call first):
<...>/buildroot/output/build/qt6base-6.8.1/cmake/QtToolHelpers.cmake:83 (qt_internal_find_tool)
src/assistant/qhelpgenerator/CMakeLists.txt:9 (qt_internal_add_tool)
The following defconfig triggers a target assistant build, without
building the necessary qhelpgenerator host tool. See:
https://code.qt.io/cgit/qt/qttools.git/tree/configure.cmake?h=6.8.1#n45https://code.qt.io/cgit/qt/qttools.git/tree/src/assistant/CMakeLists.txt?h=6.8.1#n4https://code.qt.io/cgit/qt/qttools.git/tree/src/assistant/CMakeLists.txt?h=6.8.1#n21
BR2_arm=y
BR2_cortex_a9=y
BR2_ARM_ENABLE_VFP=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN_ARMV7_EABIHF_MUSL_STABLE=y
BR2_PACKAGE_QT6=y
BR2_PACKAGE_QT6BASE_GUI=y
BR2_PACKAGE_QT6BASE_PNG=y
BR2_PACKAGE_QT6BASE_PRINTSUPPORT=y
BR2_PACKAGE_QT6BASE_SQL=y
BR2_PACKAGE_QT6BASE_SQLITE=y
BR2_PACKAGE_QT6BASE_WIDGETS=y
BR2_PACKAGE_QT6TOOLS=y
Signed-off-by: Roy Kollen Svendsen <roykollensvendsen@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
(cherry picked from commit bd255e9e9c)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Since version bump to 7.12 (upstream commit [1]) the openssl/mbedtls support
defines changed from MG_ENABLE_OPENSSL/MG_ENABLE_MBEDTLS to
MG_TLS=MG_TLS_OPENSSL and MG_TLS=MG_TLS_MBED.
[1] 0613cc62f4
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 77d6929804)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The aarch64 virt platform doesn't have any default VGA devices so we
don't need to configure them here.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit b877b8379f)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Add a patch that removes part of the logic that attempts to detect if
thumb is supported. This logic simply doesn't work at all in the
Buildroot context. In fact, thumb is supported on all 32-bit ARM on
which we can build qt5webengine.
Fixes:
WARNING: Thumb instruction set is required to build ffmpeg for QtWebEngine.
[...]
FAILED: obj/third_party/ffmpeg/ffmpeg_internal/vp8.o
[...] -c ../../3rdparty/chromium/third_party/ffmpeg/libavcodec/vp8.c -o obj/third_party/ffmpeg/ffmpeg_internal/vp8.o
{standard input}: Assembler messages:
{standard input}:1119: Error: bad instruction `ldrhcs r0,[ip],#2'
{standard input}:1156: Error: bad instruction `ldrhcs r9,[ip],#2'
{standard input}:1190: Error: bad instruction `ldrhcs lr,[ip],#2'
{standard input}:1253: Error: bad instruction `ldrhcs r9,[r7],#2'
[...]
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
Cc: Gaël PORTAY <gael.portay@rtone.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 2b2120dc4a)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Ideally we should update our version of qt5webengine-chromium first,
we're more than 600 commits behind on the stable branch from KDE.
However, this is a quick fix solution that allows us to build the
current state in Fedora 42.
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit c9ae932c94)
[thomas: rename patch from 0012-.. to 0011-..]
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Add a patch that adds missing #include statements, which becomes an
error in GCC 15.
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 1495863b98)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Since Buildroot commit [1], the runtime test emulator infra is setting
the emulated system date to the host date.
While this is desired in general, this behaviour is introducing a
variability in the test execution. Depending if the test is executed
during winter or summer time, the output of the command "date +%Z"
will produce a different output.
This commit fixes the issue by setting a fixed date and time on the
emulated system. The date is fixed to Unix Epoch plus one hour. This
is because Linux cannot set the system date to a value less than the
system uptime. So we cannot set the time back to Unix Epoch with the
command "date -s @0" (this would result to a EINVAL Invalid argument).
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/9922589073https://gitlab.com/buildroot.org/buildroot/-/jobs/9922589081
[1] cf8641b73e
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 0839545a9b)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Commit 4e95062f8 ("package/pkg-meson: use buildroot-build for build
directory") changed the build directory for meson packages to
'buildroot-build', so update the find invocation to match.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c9355a3869)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Commit 4e95062f8 ("package/pkg-meson: use buildroot-build for build directory")
changed the build directory for meson packages to 'buildroot-build'.
Thus accessing the build directory for installing the extra utils needs
to be adopted to this directory. Otherwise the install will fail when
BR2_PACKAGE_KMSXX_INSTALL_TESTS is enabled.
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 55979f081d)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
When the meson build directory was changed to buildroot-build in
4e95062f82 we forgot to update the
install path for the systemd-boot efi binary.
Fixes:
/usr/bin/install: cannot stat '/home/buildroot/buildroot/output/build/systemd-256.7/build/src/boot/efi/systemd-bootx64.efi': No such file or directory
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b6b96b7bdc)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Since commit d1757fdfb0, at-spi2-core
depends on !BR2_STATIC_LIBS, but this wasn't properly propagated to
reverse dependencies, so let's do this propagation now.
Fixes the following warning:
WARNING: unmet direct dependencies detected for BR2_PACKAGE_AT_SPI2_CORE
Depends on [n]: BR2_TOOLCHAIN_HAS_THREADS [=y] && BR2_USE_MMU [=y] && BR2_USE_WCHAR [=y] && !BR2_STATIC_LIBS [=y]
Selected by [y]:
- BR2_PACKAGE_ATKMM [=y] && BR2_INSTALL_LIBSTDCPP [=y] && BR2_TOOLCHAIN_GCC_AT_LEAST_7 [=y] && BR2_TOOLCHAIN_HAS_THREADS [=y] && BR2_USE_MMU [=y] && BR2_USE_WCHAR [=y]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a9bfc39660)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Commit 8c9c1222b7 (package/uacme: bump version to 1.7.6) bumperd the
version to 1.7.6 which includes the patch we carried, so the patch was
dropped, but the corresponding autoreconf was not.
Do so now.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Nicola Di Lieto <nicola.dilieto@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2fb527fcf9)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The esp-hosted package was introduced in [1] defining the variable
ESP_HOSTED_LICENSE_FILE (singular). The name should be
ESP_HOSTED_LICENSE_FILES (plural). This typo makes the license file
being ignored during a "make legal-info" which shows a warning at
the end:
WARNING: esp-hosted-9a2312b0b: cannot save license (ESP_HOSTED_LICENSE_FILES not defined)
Fixing the variable name also reveals the license file path was
incorrect. The "esp_hosted_ng/host/" directory prefix is missing.
Finally, setting the correct path shows the hash was wrong (it was
the hash of the Apache-2.0 [2] file, which corresponds to another
unused code portion). So the license file hash is also changed to
correspond to the correct GPL-2.0 license file.
This commit fixes all the needed esp-hosted legal-info.
[1] 7b2e5e6550
[2] https://github.com/espressif/esp-hosted/blob/release/ng-v1.0.4.0.0/LICENSES/Apache-2.0
Cc: Giulio Benetti <giulio.benetti@benettiengineering.com>
Reviewed-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit bd9a6c2b36)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Fixes the following CVEs:
- CVE-2025-3015: A vulnerability classified as critical has been found in
Open Asset Import Library Assimp 5.4.3. This affects the
function Assimp::ASEImporter::BuildUniqueRepresentation of
the file code/AssetLib/ASE/ASELoader.cpp of the component
ASE File Handler. The manipulation of the argument mIndices
leads to out-of-bounds read. It is possible to initiate the
attack remotely. The exploit has been disclosed to the
public and may be used.
See: https://www.cve.org/CVERecord?id=CVE-2025-3015
- CVE-2025-3016: A vulnerability classified as problematic was found in
Open Asset Import Library Assimp 5.4.3. This vulnerability
affects the function Assimp::MDLImporter::ParseTextureColorData
of the file code/AssetLib/MDL/MDLMaterialLoader.cpp of the
component MDL File Handler. The manipulation of the argument
mWidth/mHeight leads to resource consumption.
The attack can be initiated remotely
See: https://www.cve.org/CVERecord?id=CVE-2025-3016
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 9d92c7e3ff)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
This fixes the following CVE:
- CVE-2025-48432: An issue was discovered in Django 5.2 before 5.2.2,
5.1 before 5.1.10, and 4.2 before 4.2.22.
Internal HTTP response logging does not escape request.path,
which allows remote attackers to potentially manipulate log
output via crafted URLs.
This may lead to log injection or forgery when logs are
viewed in terminals or processed by external systems.
See https://www.cve.org/CVERecord?id=CVE-2025-48432
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
This commit introduces the silicon revision number configuration.
This value will be used by packages for specific configurations
(such as security firmware).
Signed-off-by: Juan Pablo MONTERO CASTRO <juanpablo.monterocastro@nxp.com>
[Julien: split original commit 1/3]
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 0645c83cd6)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Django includes code from a couple of other projects, add their
respective license files and licenses to the django package.
./utils/scanpypi finds most of these. Additionally this was
cross-checked against debian's license list [1], not including some
things that no longer exist or no longer indicate separate licensing
upstream:
* django/contrib/admin/static/admin/fonts/
* django/utils/baseconv.py
* django/utils/ipv6.py
* django/utils/autoreload.py
Also not included are separate licensing for docs, which buildroot
doesn't package:
* docs/_theme/djangodocs/static/reset-fonts-grids.css
* docs/_theme/djangodocs/static/fontawesome/LICENSE.txt
[1] https://metadata.ftp-master.debian.org/changelogs//main/p/python-django/python-django_5.2-1_copyright
Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
[Peter: Indent with single tab]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 15fdc8b0ca)
[Thomas: Changed the hash of
django/contrib/admin/static/admin/js/inlines.js to match 5.1.9
]
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
This fixes the following CVE:
- CVE-2025-47287: When Tornado's ``multipart/form-data`` parser encounters
certain errors, it logs a warning but continues trying to
parse the remainder of the data. This allows remote
attackers to generate an extremely high volume of logs,
constituting a DoS attack.
Fixes:
https://www.cve.org/CVERecord?id=CVE-2025-47287
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
[Julien: reword commit log]
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 4c890bc46d)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
This fixes a memory leaks that affects both binutils 2.43 and 2.44,
see https://www.cve.org/CVERecord?id=CVE-2025-3198
Fixes the following CVE:
- CVE-2025-3198: A vulnerability has been found in GNU Binutils 2.43/2.44
and classified as problematic. Affected by this
vulnerability is the function display_info of the file
binutils/bucomm.c of the component objdump.
The manipulation leads to memory leak.
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 4dc951f3ee)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The test_xen.py runtime test, introduced in [1] and improved in [2],
is calling a "stty raw" command, just after the emulated machine
login, to avoid double-cooking the consoles. This double-cooking
prevents the test controller to correctly get the command error codes.
Buildroot commit [3] "support/testing: set date in emulated machine"
introduced an invocation of the date command to set time on the
emulated machine, just after the login. The returned error code is also
checked. Since this commit [3], the test_xen runtime test is failing
while attempting to set the date. This is because it is invoked before
the test script executes this "stty raw" command.
The need of executing a command just after the login, and just
before we set the emulated machine date is very limited. It is almost
specific to this test. So, rather than changing the test
infrastructure, this commit simply moves this "stty raw" invocation
from the runtime test script to a custom /etc/profile.d/stty-raw.sh
file on target rootfs overlay, to do this call just at the login.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/10000011350
[1] 055f82ebbd
[2] cd0ffd598c
[3] cf8641b73e
Cc: Vincent Stehlé <vincent.stehle@laposte.net>
Tested-by: Vincent Stehlé <vincent.stehle@laposte.net>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 04c9ecd788)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Fixes the following security issues:
- CVE-2025-23166: Improper error handling in async cryptographic operations
crashes process
- CVE-2025-23165: Corrupted pointer in node::fs::ReadFileUtf8(const
FunctionCallbackInfo<Value>& args) when args[0] is a string
https://nodejs.org/en/blog/vulnerability/may-2025-security-releases
Update the license hash for the addition of zstd 1.5.6 (BSD-3-Clause):
f9f611fb58
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit c84fcef123)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Since the bump of Samba to version 4.21.4 in commit
716461af94, <crypt.h> is needed, due to
upstream comit 0dccda38f27b3bbda5d2a4de588a333ff554651a. Since
<crypt.h> is no longer provided by glibc, a dependency on libxcrypt is
needed, to avoid the following build failure:
../../lib/util/util_crypt.c:5:10: fatal error: crypt.h: No such file or directory
5 | #include <crypt.h>
| ^~~~~~~~~
compilation terminated.
This has not been detected by the autobuilders, presumably because a
lot of glibc configurations end up having libxcrypt selected by other
packages, but the issue is reproducible by building:
BR2_arm=y
BR2_cortex_a9=y
BR2_ARM_ENABLE_VFP=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_PACKAGE_SAMBA4=y
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6c3f01fde1)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
We currently check for unsafe paths right between adding our arguments,
and adding the one passed from the command line. This not very
consistent.
Unsafe paths can only come from the command line, as we are not adding
any of our own (hopefully, we know better!), so we can run the check as
early as possible.
Move the check very early, but not before we handle --help.
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Giulio Benetti <giulio.benetti@benettiengineering.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 53e1772682)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
With the recent addition in pkg-stats to detect stale ignore CVE
entries, the CVE-2021-42260 ignore CVE entry is reported as
stale. This is because TINYXML_VERSION is 2.6.2_2, and the CVE is
annotated as affecting versions up to and including 2.6.2.
But in fact, 2.6.2_2 is a special version from the Kodi community, but
it's close to the 2.6.2 release, and CVE-2021-42260 is not fixed in
it. To get meaningful results, let's tell our CVE checking logic that
the tinyxml version is 2.6.2 by setting TINYXML_CPE_ID_VERSION (we're
splitting on the _ and keeping the part before).
Because we're now setting TINYXML_CPE_ID_VERSION, we must drop
TINYXML_CPE_ID_VALID to avoid a check-package warning.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 677b24ebaf)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Due to the "From:" in the commit log itself, this patch was not
applicable using git am:
$ git am 0001-Make-SoX-support-uclibc-based-toolchains.patch
Applying: Make SoX support uclibc-based toolchains
fatal: empty ident name (for <>) not allowed
Thanks to Arnout who found the issue.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit aea1dd9b20)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Commit b6871f9d93 ("package/sox:
security bump to latest git commit") forgot to annotate the ignore CVE
entries, so let's do this.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit e3a15862fb)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
All ignore CVE entries of the sox package are considered stale because
SOX_VERSION is a Git commit and therefore the version matching logic
doesn't do the right thing.
This commit sets SOX_CPE_ID_VERSION to 14.4.2, which is the closest
upstream version on which we are based: our Git commit is 14.4.2 plus
a number of commits that fix a large number of CVEs.
Thanks to this change, the ignore CVE entries are no longer stale.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 9c482f525a)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The ignore CVE entry was added because the vulnerability only affects
Windows. But it also only affected ripgrep versions < 13, and we're
using ripgrep 14.x now, so the CVE is anyway no longer relevant, and
the ignore CVE entry can be dropped.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 107e935e1c)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The qt5base was reported to have 2 stale ignore CVE entries, one not
stale. Turns out that because the version is a Git commit hash, the
version comparaison did not make a lot of sense.
This commit adds QT5BASE_CPE_ID_VERSION, assigned to the closest
upstream version that we package (the Git repo we fetch is 5.15.14
plus a number of fixes). With this done, all 3 ignore CVE entries are
stale because the vulnerabilities have been fixed prior to 5.15.14.
In addition, setting QT5BASE_CPE_ID_VERSION allows to reduce the
number of CVEs affecting qt5base from 20 to 8.
Cc: Roy Kollen Svendsen <roykollensvendsen@gmail.com>
Cc: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Cc: Christian Hitz <christian.hitz@bbv.ch>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 381ff2bf69)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The 0001-snmp_agent-disallow-SET-with-NULL-varbind.patch patch has
been dropped as part of the bump from 5.9.3 to 5.9.4 in commit
1799cfebfd, which means 5.9.4 has the
security fix, and therefore the ignore CVE entry is no longer needed.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 4a3eab8341)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
CVE-2023-3603 has never affected any release, but NVD decided to
document it as affecting all versions up to 0.8.9. While this is
incorrect, we don't really care much, as we're now using 0.11 which
according to NVD is not affected, making our ignore CVE entry stale.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit ae116161ac)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
We no longer have the patch fixing CVE-2022-3559 because we've updated
to a version of exim that includes it. However, the ignore CVE entry
is not stale because the NVD database is incorrect on this CVE. We
reported the issue to upstream NVD at:
https://lore.kernel.org/buildroot/20250517183423.07951665@windsurf/
Let's document this above the ignore CVE entry.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 114784cb7b)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The CVE-2022-3620 entry is not reported as affecting our exim package
by pkg-stats. Currently it's because the NVD entry is
incorrect (incorrect exim version), but we sent a bug report [1] to
the NVD database so that it gets updated. Once updated, pkg-stats
still won't report the CVE as affecting us because the issue has been
fixed in exim 4.97, and we're using a newer version.
[1] https://lore.kernel.org/buildroot/20250517183000.40b28b4d@windsurf/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 463e21fdcb)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The 0001-set-default-maximum-dns-udp-package-size.patch is no longer
in Buildroot since the bump to 2.90 in commit
213cfb3435, which renders the
CVE-2023-28450 ignore CVE entry no longer needed.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 1799aa7eb4)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
All of CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366
were fixed by patches that we no longer have since we bumped
Busybox. Those IGNORE_CVES entries are therefore no longer needed.
The CVE-2022-28391 ignore CVE entry is also reported as stale, but we
believe the NVD database is incorrect in saying this vulnerability
only affects Busybox up to 1.35.0. Indeed, Busybox 1.37.0 still
doesn't have the fixes and is therefore still affected.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit f88537c46b)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
CVE-2020-15705 is only applicable to grub versions up to 2.04, and
we're using a more recent version, so it is no longer needed to ignore
it.
CVE-2021-46705 is only applicable to grub versions up to 2.06, and
we're using a more recent version, so it is no longer needed to ignore
it.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 06afaf5347)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The configure flag -feature-webengine-system-jpeg[1] checks if a jpeg
library is in the sysroot.
It compiles a test file linked against the symbols jpeg_crop_scanline()
and jpeg_skip_scanlines()[2] that are specific to jpep-turbo.
As a consequence, the configure scripts fails if the libjpeg is selected
as the jpeg variant as the symbols mentionend above are not part of the
jpeg library installed in the sysroots.
ERROR: Feature 'webengine-system-jpeg' was enabled, but the pre-condition 'config.unix && features.system-jpeg && libs.webengine-jpeglib' failed.
Additionally, see the log below, extracted from config.log:
> /home/gportay/src/buildroot/output/host/bin/arm-buildroot-linux-gnueabihf-g++ -c -pipe -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -g0 -D_FORTIFY_SOURCE=1 -mtune=arm1176jzf-s -march=armv6 --sysroot=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot -w -fPIC -I. -I/home/gportay/src/buildroot/output/host/mkspecs/devices/linux-buildroot-g++ -o main.o main.cpp
> main.cpp: In function ‘int main(int, char**)’:
> main.cpp:12:5: error: ‘jpeg_crop_scanline’ was not declared in this scope; did you mean ‘jpeg_write_scanlines’?
> 12 | jpeg_crop_scanline(nullptr, &dummy, &dummy);
> | ^~~~~~~~~~~~~~~~~~
> | jpeg_write_scanlines
> main.cpp:13:5: error: ‘jpeg_skip_scanlines’ was not declared in this scope; did you mean ‘jpeg_write_scanlines’?
> 13 | jpeg_skip_scanlines(nullptr, dummy);
> | ^~~~~~~~~~~~~~~~~~~
> | jpeg_write_scanlines
> make[1]: *** [Makefile:334: main.o] Error 1
> make[1]: Leaving directory '/home/gportay/src/buildroot/output/build/qt5webengine-5.15.14/config.tests/webengine-jpeglib'
We could build some complicated logic to make sure what qt5webengine is
only used with jpeg-turbo. However, Chromium bundles jpeg-turbo[3][4]
and uses it if not using the system jpeg library or qt-jpeg[5]. It is
simpler to just always use that version instead of the system jpeg
library.
This sets the configure option -nofeature-webengine-system-jpeg and
removes jpeg from the dependencies.
Note that host-libjpeg and qt-jpeg (and therefore, system libjpeg or
jpeg-turbo) are still needed for the Qt integration layer, even if
chromium uses the bundled jpeg-turbo.
[1]: https://github.com/qt/qtwebengine/blob/v5.15.14-lts/src/buildtools/configure.json#L609-L613
[2]: https://github.com/qt/qtwebengine/blob/v5.15.14-lts/src/buildtools/configure.json#L95-L116
[3]: 18c9261dc5/chromium/third_party/libjpeg_turbo
[4]: 18c9261dc5/chromium/third_party/libjpeg.gni
[5]: https://github.com/qt/qtwebengine/blob/v5.15.14-lts/src/buildtools/configure.json#L614-618
Fixes:
looking for library webengine-jpeglib
Trying source 0 (type pkgConfig) of library webengine-jpeglib ...
+ PKG_CONFIG_SYSROOT_DIR=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot PKG_CONFIG_LIBDIR=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/pkgconfig:/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/share/pkgconfig:/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/arm-buildroot-linux-gnueabihf/pkgconfig /home/gportay/src/buildroot/output/host/bin/pkg-config --exists --silence-errors libjpeg
+ PKG_CONFIG_SYSROOT_DIR=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot PKG_CONFIG_LIBDIR=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/pkgconfig:/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/share/pkgconfig:/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/arm-buildroot-linux-gnueabihf/pkgconfig /home/gportay/src/buildroot/output/host/bin/pkg-config --modversion libjpeg
> 9.6.0
+ PKG_CONFIG_SYSROOT_DIR=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot PKG_CONFIG_LIBDIR=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/pkgconfig:/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/share/pkgconfig:/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/arm-buildroot-linux-gnueabihf/pkgconfig /home/gportay/src/buildroot/output/host/bin/pkg-config --libs-only-L libjpeg
> -L/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib
+ PKG_CONFIG_SYSROOT_DIR=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot PKG_CONFIG_LIBDIR=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/pkgconfig:/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/share/pkgconfig:/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/arm-buildroot-linux-gnueabihf/pkgconfig /home/gportay/src/buildroot/output/host/bin/pkg-config --libs-only-l libjpeg
> -ljpeg
+ PKG_CONFIG_SYSROOT_DIR=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot PKG_CONFIG_LIBDIR=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/pkgconfig:/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/share/pkgconfig:/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/arm-buildroot-linux-gnueabihf/pkgconfig /home/gportay/src/buildroot/output/host/bin/pkg-config --cflags libjpeg
> -I/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/include
+ cd /home/gportay/src/buildroot/output/build/qt5webengine-5.15.14/config.tests/webengine-jpeglib && PKG_CONFIG_SYSROOT_DIR=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot PKG_CONFIG_LIBDIR=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/pkgconfig:/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/share/pkgconfig:/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/arm-buildroot-linux-gnueabihf/pkgconfig /home/gportay/src/buildroot/output/host/bin/qmake "CONFIG -= qt debug_and_release app_bundle lib_bundle" "CONFIG += shared warn_off console single_arch" -early "CONFIG += cross_compile" 'QMAKE_USE += webengine-jpeglib' 'QMAKE_LIBS_WEBENGINE_JPEGLIB = -L/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib -ljpeg' /home/gportay/src/buildroot/output/build/qt5webengine-5.15.14/config.tests/webengine-jpeglib
+ cd /home/gportay/src/buildroot/output/build/qt5webengine-5.15.14/config.tests/webengine-jpeglib && MAKEFLAGS= make
> make[1]: Entering directory '/home/gportay/src/buildroot/output/build/qt5webengine-5.15.14/config.tests/webengine-jpeglib'
> /home/gportay/src/buildroot/output/host/bin/arm-buildroot-linux-gnueabihf-g++ -c -pipe -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -g0 -D_FORTIFY_SOURCE=1 -mtune=arm1176jzf-s -march=armv6 --sysroot=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot -w -fPIC -I. -I/home/gportay/src/buildroot/output/host/mkspecs/devices/linux-buildroot-g++ -o main.o main.cpp
> main.cpp: In function ‘int main(int, char**)’:
> main.cpp:12:5: error: ‘jpeg_crop_scanline’ was not declared in this scope; did you mean ‘jpeg_write_scanlines’?
> 12 | jpeg_crop_scanline(nullptr, &dummy, &dummy);
> | ^~~~~~~~~~~~~~~~~~
> | jpeg_write_scanlines
> main.cpp:13:5: error: ‘jpeg_skip_scanlines’ was not declared in this scope; did you mean ‘jpeg_write_scanlines’?
> 13 | jpeg_skip_scanlines(nullptr, dummy);
> | ^~~~~~~~~~~~~~~~~~~
> | jpeg_write_scanlines
> make[1]: *** [Makefile:334: main.o] Error 1
> make[1]: Leaving directory '/home/gportay/src/buildroot/output/build/qt5webengine-5.15.14/config.tests/webengine-jpeglib'
=> source failed verification.
Trying source 1 (type inline) of library webengine-jpeglib ...
+ cd /home/gportay/src/buildroot/output/build/qt5webengine-5.15.14/config.tests/webengine-jpeglib && PKG_CONFIG_SYSROOT_DIR=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot PKG_CONFIG_LIBDIR=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/pkgconfig:/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/share/pkgconfig:/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/arm-buildroot-linux-gnueabihf/pkgconfig /home/gportay/src/buildroot/output/host/bin/qmake "CONFIG -= qt debug_and_release app_bundle lib_bundle" "CONFIG += shared warn_off console single_arch" -early "CONFIG += cross_compile" 'QMAKE_USE += webengine-jpeglib' 'QMAKE_LIBS_WEBENGINE_JPEGLIB = -ljpeg' /home/gportay/src/buildroot/output/build/qt5webengine-5.15.14/config.tests/webengine-jpeglib
+ cd /home/gportay/src/buildroot/output/build/qt5webengine-5.15.14/config.tests/webengine-jpeglib && MAKEFLAGS= make clean && MAKEFLAGS= make
> make[1]: Entering directory '/home/gportay/src/buildroot/output/build/qt5webengine-5.15.14/config.tests/webengine-jpeglib'
> rm -f main.o
> rm -f *~ core *.core
> make[1]: Leaving directory '/home/gportay/src/buildroot/output/build/qt5webengine-5.15.14/config.tests/webengine-jpeglib'
> make[1]: Entering directory '/home/gportay/src/buildroot/output/build/qt5webengine-5.15.14/config.tests/webengine-jpeglib'
> /home/gportay/src/buildroot/output/host/bin/arm-buildroot-linux-gnueabihf-g++ -c -pipe -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -g0 -D_FORTIFY_SOURCE=1 -mtune=arm1176jzf-s -march=armv6 --sysroot=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot -w -fPIC -I. -I/home/gportay/src/buildroot/output/host/mkspecs/devices/linux-buildroot-g++ -o main.o main.cpp
> main.cpp: In function ‘int main(int, char**)’:
> main.cpp:12:5: error: ‘jpeg_crop_scanline’ was not declared in this scope; did you mean ‘jpeg_write_scanlines’?
> 12 | jpeg_crop_scanline(nullptr, &dummy, &dummy);
> | ^~~~~~~~~~~~~~~~~~
> | jpeg_write_scanlines
> main.cpp:13:5: error: ‘jpeg_skip_scanlines’ was not declared in this scope; did you mean ‘jpeg_write_scanlines’?
> 13 | jpeg_skip_scanlines(nullptr, dummy);
> | ^~~~~~~~~~~~~~~~~~~
> | jpeg_write_scanlines
> make[1]: *** [Makefile:334: main.o] Error 1
> make[1]: Leaving directory '/home/gportay/src/buildroot/output/build/qt5webengine-5.15.14/config.tests/webengine-jpeglib'
=> source failed verification.
test config.qtwebengine_buildtools.libraries.webengine-jpeglib FAILED
Signed-off-by: Gaël PORTAY <gael.portay@rtone.fr>
[Arnout: always use the bundled jpeg-turbo]
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
(cherry picked from commit 3271ce10f2)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
For portability reason, it isn't preferable to include an absolute path
in the link to fw_printenv which is in the same directory as fw_setenv.
Fixes: 42646265d5 ("package/uboot-tools: add fw_printenv to host uboot tools")
Signed-off-by: Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0b02091235)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Fixes:
https://autobuild.buildroot.net/results/924b1015d4b81385409ef00f1a14be3ca1959c8e/
As part of building flex for the target a few files are built for the host,
including a rpl_malloc() implementation containing a malloc() forward
declaration without any function parameters.
GCC 15 defaults to -std=gnu23, which handles function declarations without
parameters differently from earlier C standards leading to compilation
errors:
../lib/malloc.c:6:12: warning: conflicting types for built-in function 'malloc'; expected 'void *(long unsigned int)' [-Wbuiltin-declaration-mismatch]
6 | void *malloc ();
| ^~~~~~
../lib/malloc.c:5:1: note: 'malloc' is declared in header '<stdlib.h>'
4 | #include <sys/types.h>
+++ |+#include <stdlib.h>
5 |
../lib/malloc.c: In function 'rpl_malloc':
../lib/malloc.c:16:15: error: too many arguments to function 'malloc'; expected 0, have 1
https://gcc.gnu.org/gcc-15/porting_to.html#c23-fn-decls-without-parameters
Add a patch submitted upstream to correct the prototype.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 7b98e2ce2c)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
It allows to download files from smb share in buildroot packages.
Usage is specified in manual.
Signed-off-by: Guillaume Chaye <guillaume.chaye@zeetim.com>
[Peter: reword documentation]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e240b889f1)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The NVD database contains some CPEs that are wrongly not associated
with any version number. They are for example sometimes associated
with very old CVEs.
Those CPEs are annoying, because they pollute our pkg-stat CVE results
with CVE entries which actually don't affect us.
The proper way to solve it is, and should remain, to fix the NVD
database by reporting these issues. Having to deal with a lot of
CVEs/CPEs, the NVD database is however slow to be updated.
To reduce the noise in our pkg-stats results in the meantime, one
possibility is to add <PKG_IGNORE_CVES> entries for those CVEs. This
however comes with the downside that even once the NVD database gets
fixed, those ignored entries risk remaining in Buildroot forever
because they are undetected.
This commit tries to address this downside by checking for and
reporting CVEs that are ignored in Buildroot, but where the
NVD reports our package version as unaffected. Those CVEs will appear
in the 'CVEs Ignored' column as '(stale)', and the cell will be
colored the same way warnings are. This should allow us to detect and
remove those entries.
It can be tested for example by adding the following variable to the
apache package (for a CVE that was recently fixed in the NVD database):
APACHE_IGNORE_CVES = CVE-1999-0236
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 56ea5a0226)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
When building the bluez5_utils package with HoG plugin without enabling
the HID plugin the following linker error would occur:
```
/workdir/instance-0/output-1/per-package/bluez5_utils/host/bin/../lib/gcc/x86_64-buildroot-linux-uclibc/13.3.0/../../../../x86_64-buildroot-linux-uclibc/bin/ld: profiles/input/bluetoothd-hog.o: in function `hog_disconnect':
hog.c:(.text.hog_disconnect+0x12): undefined reference to `input_get_userspace_hid'
collect2: error: ld returned 1 exit status
```
This patch adds two upstream commits that decouple both the HID
and the HoG plugin.
As a consequence of this patch the HID plugin can be compiled without
the HoG one as well but to keep the compatibility the same in buildroot
the selection of the HoG plugin is kept when selecting the HID plugin.
The error can be reproduced with the following defconfig
```
BR2_arm=y
BR2_cortex_a7=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_PACKAGE_BLUEZ5_UTILS=y
BR2_PACKAGE_BLUEZ5_UTILS_PLUGINS_HOG=y
```
Fixes: https://autobuild.buildroot.org/results/78e/78ed7664f3a2dd5858fd71bd63836c822c106cc0
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 57eb26837b)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The package opus is selected but it is not listed in the dependencies.
This adds opus to QT5WEBENGINE_DEPENDENCIES.
Fixes:
$ make qt5webengine
(...)
ERROR: Feature 'webengine-system-opus' was enabled, but the pre-condition 'config.unix && libs.webengine-opus' failed.
Signed-off-by: Gaël PORTAY <gael.portay@rtone.fr>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
(cherry picked from commit 7319e4af19)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
TL;DR; This turns the configure flag -no-feature-webengine-noexecstack
to -feature-webengine-noexecstack to workaround a link issue on ARM
32-bit if chromium requests for an executable stack.
And now, the long story...
The configure flag -no-feature-webengine-noexecstack was introduced with
commit 675cbaf9aa (package/qt5/qt5webengine: bump to version 5.15.8).
That configure flag controls the feature webengine-noexecstack[1][2];
the -no-feature-webengine-noexecstack causes qmake to **NOT** append the
linker flags -Wl,-z,noexecstack[3] to QMAKE_LFLAGS.
It results in the linkage issue below on ARM 32-bit at the creation of
its Qt module, i.e. after qmake has built the chromium third party via
gn:
ulimit -n 4096 && /home/gportay/src/buildroot/output/host/bin/arm-buildroot-linux-gnueabihf-g++ --sysroot=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot @/home/gportay/src/buildroot/output/build/qt5webengine-5.15.14/src/core/release/QtWebEngineCore_o.rsp -Wl,--start-group @/home/gportay/src/buildroot/output/build/qt5webengine-5.15.14/src/core/release/QtWebEngineCore_a.rsp -Wl,--end-group -Wl,--fatal-warnings -Wl,--build-id=sha1 -fPIC -Wl,-z,relro -Wl,-z,now -Wl,-z,defs -Wl,-O2 -Wl,--gc-sections --sysroot=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot --sysroot=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot -Wl,-O1 -Wl,--enable-new-dtags -Wl,-whole-archive -lqtwebenginecoreapi -Wl,-no-whole-archive -Wl,--no-undefined -Wl,--version-script,QtWebEngineCore.version -Wl,-O1 -Wl,--enable-new-dtags -shared -Wl,-soname,libQt5WebEngineCore.so.5 -o libQt5WebEngineCore.so.5.15.14 -latomic /home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/libQt5Quick.so /home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/libQt5Gui.so /home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/libQt5QmlModels.so /home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/libQt5WebChannel.so /home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/libQt5Qml.so /home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/libQt5Network.so /home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/libQt5Core.so -lpthread -L/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib -latomic -lGLESv2 -lpthread -ldl -lrt -lnss3 -lnssutil3 -lsmime3 -lplds4 -lplc4 -lnspr4 -levent -lresolv -ljpeg -lopus -lm -lz -lvpx -lpng16 -lwebp -lwebpmux -lwebpdemux -lfreetype -lexpat -lfontconfig -lharfbuzz-subset -lharfbuzz -lsnappy -lxml2 -lxslt -ldbus-1 -L/home/gportay/src/buildroot/output/build/qt5webengine-5.15.14/src/core/api/release -lGLESv2 -lrt -lpthread -ldl
/home/gportay/src/buildroot/output/host/lib/gcc/arm-buildroot-linux-gnueabihf/13.3.0/../../../../arm-buildroot-linux-gnueabihf/bin/ld: warning: /home/gportay/src/buildroot/output/build/qt5webengine-5.15.14/src/core/release/obj/third_party/blink/renderer/platform/heap/asm/asm/SaveRegisters_arm.o: missing .note.GNU-stack section implies executable stack
/home/gportay/src/buildroot/output/host/lib/gcc/arm-buildroot-linux-gnueabihf/13.3.0/../../../../arm-buildroot-linux-gnueabihf/bin/ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
collect2: error: ld returned 1 exit status
The link succeeds if the missing linker flags are appended manually to
the command-line:
ulimit -n 4096 && /home/gportay/src/buildroot/output/host/bin/arm-buildroot-linux-gnueabihf-g++ --sysroot=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot @/home/gportay/src/buildroot/output/build/qt5webengine-5.15.14/src/core/release/QtWebEngineCore_o.rsp -Wl,--start-group @/home/gportay/src/buildroot/output/build/qt5webengine-5.15.14/src/core/release/QtWebEngineCore_a.rsp -Wl,--end-group -Wl,--fatal-warnings -Wl,--build-id=sha1 -fPIC -Wl,-z,relro -Wl,-z,now -Wl,-z,defs -Wl,-O2 -Wl,--gc-sections --sysroot=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot --sysroot=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot -Wl,-O1 -Wl,--enable-new-dtags -Wl,-whole-archive -lqtwebenginecoreapi -Wl,-no-whole-archive -Wl,--no-undefined -Wl,--version-script,QtWebEngineCore.version -Wl,-O1 -Wl,--enable-new-dtags -shared -Wl,-soname,libQt5WebEngineCore.so.5 -o libQt5WebEngineCore.so.5.15.14 -latomic /home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/libQt5Quick.so /home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/libQt5Gui.so /home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/libQt5QmlModels.so /home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/libQt5WebChannel.so /home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/libQt5Qml.so /home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/libQt5Network.so /home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/libQt5Core.so -lpthread -L/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib -latomic -lGLESv2 -lpthread -ldl -lrt -lnss3 -lnssutil3 -lsmime3 -lplds4 -lplc4 -lnspr4 -levent -lresolv -ljpeg -lopus -lvpx -lm -lpng16 -lwebp -lwebpmux -lwebpdemux -lfreetype -lexpat -lfontconfig -lharfbuzz-subset -lharfbuzz -lsnappy -lxml2 -lxslt -ldbus-1 -L/home/gportay/src/buildroot/output/build/qt5webengine-5.15.14/src/core/api/release -lGLESv2 -lrt -lpthread -ldl -Wl,-z,noexecstack && echo completed
completed
Note: The configure flag is not forwarded to chromium in any manner; its
scope is limited to the Qt WebEngine module. That configure flag appears
to be a workaround if the does not assemble, compile and link the Elf
object correctly[4][5].
The linker flag -z noexecstack is responsible for marking the object as
not requiring an executable stack by adding the section .note.GNU-stack
in the Elf object.
The file SaveRegisters_arm.S is assembled from the command-line below;
there is no noexecstack flag set:
/home/gportay/src/buildroot/output/host/bin/arm-buildroot-linux-gnueabihf-gcc -MMD -MF obj/third_party/blink/renderer/platform/heap/asm/asm/SaveRegisters_arm.o.d -DARM=1 -DUSE_UDEV -DUSE_AURA=1 -DUSE_NSS_CERTS=1 -DUSE_OZONE=1 -DOFFICIAL_BUILD -DTOOLKIT_QT -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -DNO_UNWIND_TABLES -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS -DCR_SYSROOT_HASH=c2e54f675b83a61301dcdb22e8e7a2b85c01d58c -DNDEBUG -DNVALGRIND -DDYNAMIC_ANNOTATIONS_ENABLED=0 -Igen -I../../3rdparty/chromium -fPIC -fno-strict-aliasing --param=ssp-buffer-size=4 -fstack-protector -fno-unwind-tables -fno-asynchronous-unwind-tables -fPIC -pipe -pthread -std=gnu11 -march=armv7-a -mfloat-abi=hard -mtune=generic-armv7-a -mfpu=vfpv3-d16 -marm -g0 --sysroot=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot -c ../../3rdparty/chromium/third_party/blink/renderer/platform/heap/asm/SaveRegisters_arm.S -o obj/third_party/blink/renderer/platform/heap/asm/asm/SaveRegisters_arm.o
The GNU assembler supports the assembler flag -Wa,--{,no}execstack to
require, or not, an executable stack for the object to assemble.
The BUILD.gn does **NOT** set it for the assembler files of the blink
third-party; but it does it for boringssl[6] (see also the project file
CMakeLists.txt[7]).
See below what readelf says if the file is assembled manually with the
flag --noexecstack:
$ /home/gportay/src/buildroot/output/host/bin/arm-buildroot-linux-gnueabihf-gcc -MMD -MF obj/third_party/blink/renderer/platform/heap/asm/asm/SaveRegisters_arm.o.d -DARM=1 -DUSE_UDEV -DUSE_AURA=1 -DUSE_NSS_CERTS=1 -DUSE_OZONE=1 -DOFFICIAL_BUILD -DTOOLKIT_QT -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -DNO_UNWIND_TABLES -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS -DCR_SYSROOT_HASH=c2e54f675b83a61301dcdb22e8e7a2b85c01d58c -DNDEBUG -DNVALGRIND -DDYNAMIC_ANNOTATIONS_ENABLED=0 -Igen -I../../3rdparty/chromium -fPIC -fno-strict-aliasing --param=ssp-buffer-size=4 -fstack-protector -fno-unwind-tables -fno-asynchronous-unwind-tables -fPIC -pipe -pthread -std=gnu11 -march=armv7-a -mfloat-abi=hard -mtune=generic-armv7-a -mfpu=vfpv3-d16 -marm -g0 --sysroot=/home/gportay/src/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot -c ../../3rdparty/chromium/third_party/blink/renderer/platform/heap/asm/SaveRegisters_arm.S -o obj/third_party/blink/renderer/platform/heap/asm/asm/SaveRegisters_arm.o -Wa,--noexecstack
$ readelf -a /home/gportay/src/buildroot/output/build/qt5webengine-5.15.14/src/core/release/obj/third_party/blink/renderer/platform/heap/asm/asm/SaveRegisters_arm.o
(...)
Section Headers:
[Nr] Name Type Addr Off Size ES Flg Lk Inf Al
(...)
[ 4] .note.GNU-stack PROGBITS 00000000 000058 000000 00 0 0 1
The section the linker claims for is now part of the Elf object; and
qmake is now able to link its Qt WebEngine module.
Note: Alternatively, the patching the file SaveRegisters_arm.S to set
explicitly the section in the source file works as well (this reduces
the impact to the very single file causing the link issue):
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
#endif
Instead of fixing directly the origin of the issue and setting the
missing assembler flag -Wa,--noexecstack to blink; this works around the
link issue by turning on the feature noexecstack to qtwebengine to force
qmake to link its module using the linker flag -Wl,-z,noexecstack.
[1]: https://github.com/qt/qtwebengine/blob/5.15.14/src/buildtools/configure.json#L353-L357
[2]: https://github.com/qt/qtwebengine/blob/5.15.14/src/buildtools/configure.json#L720-L724
[3]: https://github.com/qt/qtwebengine/blob/5.15.14/src/buildtools/config/linking.pri#L61-L62
[4]: 597359a16a
[5]: https://codereview.qt-project.org/c/qt/qtwebengine/+/263545
[6]: https://github.com/qt/qtwebengine-chromium/blob/87-based/chromium/third_party/boringssl/src/util/BUILD.toplevel#L64
[7]: https://github.com/qt/qtwebengine-chromium/blob/87-based/chromium/third_party/boringssl/src/crypto/CMakeLists.txt#L33
Signed-off-by: Gaël PORTAY <gael.portay@rtone.fr>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
(cherry picked from commit aa017484ea)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
See the code snippet below, which typically is used to check if
C++ support can be enabled.
If we manually set CMAKE_CXX_COMPILER to /bin/false, then cmake
will assume that it's fine, without having a real check. Otherwise,
it will do a test run but somehow it falls back to /bin/c++, even
when cross-compiling. Fix that by setting CXX to /bin/false.
```cmake
include(CheckLanguage)
check_language(CXX)
if(CMAKE_CXX_COMPILER)
enable_language(CXX)
endif()
```
Signed-off-by: Thomas Devoogdt <thomas@devoogdt.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b34e0d27ab)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
This updates the VC4/V3D driver messages with the addition of the
current supported hardwares (VideoCore and Raspberry Pi).
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 15cfdf4915)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The Gallium VC4 driver does not require NEON[1]; Gallium V3D does. Also,
the Gallium VC4 driver supports the Raspberry Pi from 0 to 3[2].
Mesa’s VC4 graphics driver supports multiple implementations of
Broadcom’s VideoCore IV GPU. It is notably used in the Raspberry
Pi 0 through Raspberry Pi 3 hardware, and the driver is included
as an option as of the 2016-02-09 Raspbian release using
raspi-config. On most other distributions such as Debian or
Fedora, you need no configuration to enable the driver.
This reverts commit a5cdb54ed7.
That commit is superseded by 85c95e3614
that patches the sources to disable NEON via an option[3]; the sources
using NEON (tiling) are disabled if the CPU does not have that feature.
Thus, the VC4 driver compiles with toolchain without the NEON support
enabled as the one targetting the Raspberry Pi (ARMv6).
This removes the depends on BR2_ARM_CPU_HAS_NEON config since a meson
option disables NEON if the CPU does not support for it. It allows
building Gallium VC4 on Raspberry Pi, Raspberry Pi Zero and Compute
Module.
Note: kmscube with OpenGLES and Gallium/VC4 runs on Raspberry Pi B+ Rev
1.2.
# uname -a
Linux buildroot 6.12.20 #1 Fri Apr 25 02:54:03 CEST 2025 armv6l GNU/Linux
# cat /sys/firmware/devicetree/base/model
Raspberry Pi Model B Plus Rev 1.2#
# dmesg
(...)
[ 39.817806] rpi-gpiomem 20200000.gpiomem: window base 0x20200000 size 0x00001000
[ 39.837139] rpi-gpiomem 20200000.gpiomem: initialised 1 regions as /dev/gpiomem
[ 40.693845] Console: switching to colour dummy device 80x30
[ 40.717223] vc4-drm soc:gpu: bound 20400000.hvs (ops vc4_hvs_ops [vc4])
[ 40.793911] vc4-drm soc:gpu: bound 20400000.hvs (ops vc4_hvs_ops [vc4])
[ 40.824330] Registered IR keymap rc-cec
[ 40.828596] rc rc0: vc4-hdmi as /devices/platform/soc/20902000.hdmi/rc/rc0
[ 40.844139] input: vc4-hdmi as /devices/platform/soc/20902000.hdmi/rc/rc0/input0
[ 40.873434] input: vc4-hdmi HDMI Jack as /devices/platform/soc/20902000.hdmi/sound/card0/input1
[ 40.895848] vc4-drm soc:gpu: bound 20902000.hdmi (ops vc4_hdmi_ops [vc4])
[ 40.914034] vc4-drm soc:gpu: bound 20004000.txp (ops vc4_txp_ops [vc4])
[ 40.921843] vc4-drm soc:gpu: bound 20206000.pixelvalve (ops vc4_crtc_ops [vc4])
[ 40.943543] vc4-drm soc:gpu: bound 20207000.pixelvalve (ops vc4_crtc_ops [vc4])
[ 40.951969] vc4-drm soc:gpu: bound 20807000.pixelvalve (ops vc4_crtc_ops [vc4])
[ 40.983322] vc4-drm soc:gpu: bound 20c00000.v3d (ops vc4_v3d_ops [vc4])
[ 41.010210] [drm] Initialized vc4 0.0.0 for soc:gpu on minor 0
[ 41.151906] Console: switching to colour frame buffer device 240x67
[ 41.223414] vc4-drm soc:gpu: [drm] fb0: vc4drmfb frame buffer device
# kmscube
Using display 0x1f12530 with EGL version 1.4
===================================
EGL information:
version: "1.4"
vendor: "Mesa Project"
client extensions: "EGL_EXT_client_extensions EGL_EXT_device_base EGL_EXT_device_enumeration EGL_EXT_device_query EGL_EXT_platform_base EGL_KHR_client_get_all_proc_addresses EGL_KHR_debug EGL_EXT_platform_device EGL_EXT_explicit_device EGL_MESA_platform_gbm EGL_KHR_platform_gbm EGL_MESA_platform_surfaceless"
display extensions: "EGL_ANDROID_blob_cache EGL_ANDROID_native_fence_sync EGL_EXT_buffer_age EGL_EXT_image_dma_buf_import EGL_EXT_image_dma_buf_import_modifiers EGL_KHR_cl_event2 EGL_KHR_config_attribs EGL_KHR_context_flush_control EGL_KHR_create_context EGL_KHR_create_context_no_error EGL_KHR_fence_sync EGL_KHR_get_all_proc_addresses EGL_KHR_gl_colorspace EGL_KHR_gl_renderbuffer_image EGL_KHR_gl_texture_2D_image EGL_KHR_gl_texture_cubemap_image EGL_KHR_image EGL_KHR_image_base EGL_KHR_image_pixmap EGL_KHR_no_config_context EGL_KHR_reusable_sync EGL_KHR_surfaceless_context EGL_EXT_pixel_format_float EGL_KHR_wait_sync EGL_MESA_configless_context EGL_MESA_drm_image EGL_MESA_gl_interop EGL_MESA_image_dma_buf_export EGL_MESA_query_driver "
===================================
OpenGL ES 2.x information:
version: "OpenGL ES 2.0 Mesa 24.0.9"
shading language version: "OpenGL ES GLSL ES 1.0.16"
vendor: "Broadcom"
renderer: "VC4 V3D 2.1"
extensions: "GL_EXT_blend_minmax GL_EXT_multi_draw_arrays GL_EXT_texture_compression_s3tc GL_EXT_texture_compression_dxt1 GL_EXT_texture_format_BGRA8888 GL_OES_compressed_ETC1_RGB8_texture GL_OES_depth24 GL_OES_element_index_uint GL_OES_fbo_render_mipmap GL_OES_mapbuffer GL_OES_rgb8_rgba8 GL_OES_stencil8 GL_OES_texture_npot GL_OES_vertex_half_float GL_OES_EGL_image GL_OES_depth_texture GL_AMD_performance_monitor GL_OES_packed_depth_stencil GL_OES_get_program_binary GL_APPLE_texture_max_level GL_EXT_discard_framebuffer GL_EXT_read_format_bgra GL_NV_pack_subimage GL_NV_texture_barrier GL_EXT_frag_depth GL_NV_fbo_color_attachments GL_OES_EGL_image_external GL_OES_EGL_sync GL_OES_vertex_array_object GL_ANGLE_pack_reverse_row_order GL_ANGLE_texture_compression_dxt3 GL_ANGLE_texture_compression_dxt5 GL_EXT_unpack_subimage GL_NV_draw_buffers GL_NV_read_buffer GL_NV_read_depth GL_NV_read_depth_stencil GL_NV_read_stencil GL_APPLE_sync GL_EXT_draw_buffers GL_EXT_map_buffer_range GL_KHR_debug GL_KHR_texture_compression_astc_ldr GL_NV_generate_mipmap_sRGB GL_NV_pixel_buffer_object GL_OES_required_internalformat GL_OES_surfaceless_context GL_EXT_debug_label GL_EXT_separate_shader_objects GL_EXT_compressed_ETC1_RGB8_sub_texture GL_EXT_draw_elements_base_vertex GL_EXT_texture_border_clamp GL_KHR_context_flush_control GL_OES_draw_elements_base_vertex GL_OES_texture_border_clamp GL_KHR_no_error GL_KHR_texture_compression_astc_sliced_3d GL_EXT_texture_compression_s3tc_srgb GL_KHR_parallel_shader_compile GL_MESA_tile_raster_order GL_MESA_sampler_objects GL_MESA_bgra "
===================================
Rendered 120 frames in 2.000020 sec (59.999400 fps)
[1]: 932ed9c00b
[2]: https://docs.mesa3d.org/drivers/vc4.html
[3]: https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/4114
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 3f1f404b5c)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Buildroot commit [1] introduced the firmware-ele-imx package and was
using the "mx93a1-ahab-container.img" firmware image for i.MX91.
For i.MX91, it is in fact the firmware file "mx91a0-ahab-container.img"
which needs to be used.
This commit adds this special case.
[1] 69d127fe29
Signed-off-by: Juan Pablo MONTERO CASTRO <juanpablo.monterocastro@nxp.com>
[Julien: split original commit 2/3]
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 1ce2484a8b)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Since commit [1] "package/binutils: make 2.43 the default version",
the freescale_t1040d4rdb_defconfig fails to build the Linux
kernel, with the error:
arch/powerpc/boot/util.S: Assembler messages:
arch/powerpc/boot/util.S:49: Error: junk at end of line, first unrecognized character is `0'
arch/powerpc/boot/util.S:54: Error: syntax error; found `b', expected `,'
arch/powerpc/boot/util.S:54: Error: junk at end of line: `b'
This commit fixes the issue by updating the Linux kernel to the latest
LTS version.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/9967089767
[1] 360fd01de2
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6ad8090920)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The last usage of each_product() was removed in commit
52ae092046 ("support/scripts/cve.py: use
the JSON data in 1.1 schema").
Since it's now unused, remove it.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d0a7a46813)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Since the bump of rpm from 4.17.0 to 4.18.0 in Buildroot commit
4b4046e919, tools/rpmuncompress.c uses
basename() without including <libgen.h> which causes a build failure
with the musl C library:
tools/rpmuncompress.c: In function ‘doUntar’:
tools/rpmuncompress.c:100:30: error: implicit declaration of function ‘basename’ [-Wimplicit-function-declaration]
100 | const char *bn = basename(fn);
| ^~~~~~~~
tools/rpmuncompress.c:100:30: error: initialization of ‘const char *’ from ‘int’ makes pointer from integer without a cast [-Wint-conversion]
make[4]: *** [Makefile:1082: tools/rpmuncompress.o] Error 1
This issue was not found by the autobuilders, but it can be reproduced
with:
BR2_arm=y
BR2_cortex_a9=y
BR2_ARM_ENABLE_VFP=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN_ARMV7_EABIHF_MUSL_BLEEDING_EDGE=y
BR2_PACKAGE_LUA=y
BR2_PACKAGE_RPM=y
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 745aa4d060)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
GCC 14.x brought some more strict checks on pointer types, causing a
build issue in the rpm package when python support is enabled. These
issues have been fixed upstream, initially because Clang >= 16 also
added similar stricter checks.
The build issue goes like this:
header-py.c:744:9: error: initialization of 'Py_hash_t (*)(PyObject *)' {aka 'int (*)(struct _object *)'} from incompatible pointer type 'long int (*)(PyObject *)' {aka 'long int (*)(struct _object *)'} [-Wincompatible-pointer-types]
744 | hdr_hash, /* tp_hash */
| ^~~~~~~~
header-py.c:744:9: note: (near initialization for 'hdr_Type.tp_hash')
make[3]: *** [Makefile:664: header-py.lo] Error 1
make[3]: *** Waiting for unfinished jobs....
It never happened in the autobuilders, but it can be reproduced with
the following configuration:
BR2_arm=y
BR2_cortex_a9=y
BR2_ARM_ENABLE_VFP=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_PACKAGE_LUA=y
BR2_PACKAGE_PYTHON3=y
BR2_PACKAGE_RPM=y
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 67e10ac898)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
If an attempt is made to create a UBI volume and it already exists, the
operation fails. Therefore, before requesting the creation of a UBI
volume, we erase the entire NAND to ensure that no errors occur.
Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 97ac89eb11)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The V4L2 code in the ffmpeg plugin uses V4L2_PIX_FMT_BGRA32 which was
only introduced in kernel headers 5.2, in upstream kernel commit
e25ec9141114c7124eeba09385e272dd76fbe617.
Fixes:
/home/thomas/buildroot/buildroot/outputs/qt/build/qt6multimedia-6.8.1/src/plugins/multimedia/ffmpeg/qv4l2camera.cpp:36:43: error: ‘V4L2_PIX_FMT_BGRA
32’ was not declared in this scope; did you mean ‘V4L2_PIX_FMT_BGR32’?
36 | { QVideoFrameFormat::Format_BGRA8888, V4L2_PIX_FMT_BGRA32 },
| ^~~~~~~~~~~~~~~~~~~
| V4L2_PIX_FMT_BGR32
when building:
BR2_arm=y
BR2_cortex_a9=y
BR2_ARM_ENABLE_VFP=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN_ARMV7_EABIHF_MUSL_STABLE=y
BR2_PACKAGE_QT6=y
BR2_PACKAGE_QT6BASE_XCB=y
BR2_PACKAGE_QT6MULTIMEDIA=y
BR2_PACKAGE_QT6MULTIMEDIA_FFMPEG=y
BR2_PACKAGE_XORG7=y
at a time when the Bootlin stable toolchain was using Linux 4.19
headers.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
(cherry picked from commit fe783b16b3)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The following defconfig:
BR2_arm=y
BR2_cortex_a9=y
BR2_ARM_ENABLE_VFP=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN_ARMV7_EABIHF_MUSL_STABLE=y
BR2_PACKAGE_QT6=y
BR2_PACKAGE_QT6BASE_XCB=y
BR2_PACKAGE_QT6MULTIMEDIA=y
BR2_PACKAGE_QT6MULTIMEDIA_FFMPEG=y
BR2_PACKAGE_XORG7=y
would fail to build, due to <X11/extensions/Xext.h> being not found,
and then <X11/extensions/Xrandr.h> being not found. Fix that up by
introducing the necessary dependencies.
There are no build failures reported for qt6multimedia in the
autobuilders, so there is no reference to a build failure.
Signed-off-by: Roy Kollen Svendsen <roykollensvendsen@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
(cherry picked from commit 04d1ee0105)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Fixes:
ERROR: Feature "xcb": Forcing to "ON" breaks its condition:
QT_FEATURE_thread AND TARGET XCB::XCB AND TEST_xcb_syslibs AND QT_FEATURE_xkbcommon_x11
Condition values dump:
QT_FEATURE_thread = "ON"
TARGET XCB::XCB found
TEST_xcb_syslibs = "FALSE"
QT_FEATURE_xkbcommon_x11 not evaluated
The xcb feature is defined in [2].
According to [1] XCB::CURSOR is needed for xcb support.
[1] https://code.qt.io/cgit/qt/qtbase.git/tree/src/gui/configure.cmake?h=6.9.0#n522
[2] https://code.qt.io/cgit/qt/qtbase.git/tree/src/gui/configure.cmake?h=6.9.0#n1016
This bug was introduced in e634be8906,
and fixes the build with the following defconfig:
BR2_arm=y
BR2_cortex_a9=y
BR2_ARM_ENABLE_VFP=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN_ARMV7_EABIHF_MUSL_STABLE=y
BR2_PACKAGE_QT6=y
BR2_PACKAGE_QT6BASE_GUI=y
BR2_PACKAGE_QT6BASE_XCB=y
BR2_PACKAGE_XORG7=y
Signed-off-by: Roy Kollen Svendsen <roykollensvendsen@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
(cherry picked from commit adff0d37ba)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Buildroot packaging pretty much assumes that the sources it downloads
are publicly available. In general, however, Buildroot is also used to
download sources from private repositories. Nowadays, that mostly means
from a github or gitlab instance.
Although git-over-ssh can be used for that, this poses a problem for CI,
because the CI runners integrated with github and gitlab only have
access to the repository itself, not to other private repositories. And
creating ssh key pairs for CI runners is tricky.
Therefore, document how standard tools can be used to make private
repositories available both to developers and to CI. There are quite a
few alternative approaches possible, but they're more complicated or
less generically applicable.
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
[Peter: Fix insteadOf example, capitalize SSH/HTTPS]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1026abbcf9)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Fixup S20audit to pass shellcheck -oall and check-package. The file now
closely resembles package/busybox/S01syslogd.
Tested with qemu_x86_64_defconfig. start, stop, restart, reload, and rotate
all work with busybox ash shell.
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
[Arnout: remove it from .checkpackageignore]
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
(cherry picked from commit cbabeb5077)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The new version bundles an updated gnulib that includes support for
-std=c23 which is the default for gcc 15.
Signed-off-by: Vincent Fazio <vfazio@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
(cherry picked from commit d9aabc1af3)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Commit 7dd56b6cd9 ("boot/grub2/readme.txt: don't specify /dev/loop0")
changed the description of the loopback mounting to use losetup -f <img>,
but forgot to add the --show option, causing losetup to not print the
loopback device name.
Fix that by adding the --show option.
Signed-off-by: Cherniaev Andrei <dungeonlords789@naver.com>
[Peter: Reword commit message]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a480ae9ffe)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Currently, list-defconfigs only lists the defconfigs that live
live in the top-level configs/ directory. For the in-tree defconfigs
this is indeed the case, but it is possible to manage the configs in a
br2-external tree with sub-directories.
A few examples:
- for a given board, a first defconfig is the full system, and a
second is the rescue system;
- for a given board, two defconfigs implement an A/B feature set;
- a set of configurations targetting various famillies of systems each
running on different hardware, sorted per familly.
Extend list-defconfigs to look for and report defconfigs in
sub-directories of the top-level configs/.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
(cherry picked from commit 5009fd2436)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Note: this test was not working in Buildroot test infrastructure
before commit [1] was merged, because dieharder has the string "# "
in its output.
[1] 0cad947b96
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
(cherry picked from commit e9498b4faa)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
PYTHON_FOO_BUILD_OPTS are passed to the build module call of the package
build, this allows passing options to the python build *backend* by
using the --config-setting= option. setup.py is no longer involved since
even the setuptools backend now used the pep517 build method.
The note about the options being passed to
support/scripts/pyinstaller.py seems to be no longer accurate.
Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
[Arnout: also mention -C (suggested by James)]
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
(cherry picked from commit b15cd1d8fe)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
While in theory, the fastapi tests finds problems with the pydantic
package, it's not obvious that this test should be run when the pydantic
package is updated.
Add a new test that just covers pydantic.
Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
(cherry picked from commit 45321879e1)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
In ConnMan through 1.44, parse_rr in dnsproxy.c has a memcpy length
that depends on an RR RDLENGTH value (i.e., *rdlen=ntohs(rr->rdlen)
and memcpy(response+offset,*end,*rdlen)). Here, rdlen may be larger
than the amount of remaining packet data in the current state of
parsing. As a result, values of stack memory locations may be sent
over the network in a response.
Fixes:
https://www.cve.org/CVERecord?id=CVE-2025-32366
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a8cfe9986c)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Fix the board flashing by adding the bootloader, which I had mistakenly
forgotten to include in the script.
Fixes: 322e8d8451 ("configs/imx6ulz_bsh_smm_m2_defconfig: new defconfig")
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit a7ea1e658d)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c
can be NULL or an empty string when the TC (Truncated) bit is set in
a DNS response. This allows attackers to cause a denial of service
(application crash) or possibly execute arbitrary code, because those
lookup values lead to incorrect length calculations and incorrect
memcpy operations.
Fixes:
https://www.cve.org/CVERecord?id=CVE-2025-32743
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
[Julien: add link to cve]
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 6c4da559cc)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Release notes:
- ver 1.44:
* Fix issue with handling oFono context integration.
* Fix issue with handling web context for online detection.
* Fix issue with handling flags used when deleting routes.
* Fix issue with handling PAC proxy integration.
- ver 1.43:
* Fix issue with device creation when using LTE.
* Fix issue with regulatory domain when powering up.
* Fix issue with resolving ISO3166 code from timezone data.
* Fix issue with handling DNS proxy zero termination of buffers.
* Fix issue with handling DHCP packet length in L3 mode.
* Fix issue with handling DHCP upper length checks.
* Fix issue with handling IPv6 and URL parsing.
* Fix issue with handling online check updates.
* Fix issue with handling proxy method and WISPr.
* Fix issue with handling default gateway setup.
* Add support for low-priority default routes.
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit ce9a64b5d1)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The commit [1] updated the version of libical to version 3.0.20 which
included a number of build fixes for newer CMake version.
This patch is not included in the 2025.02.x branch and libical remained
subject to a number of build error with CMake 4.
This patch backport the fix to remove the usage of the now deprecated
CMP0005 policy with CMake version 4 (see [2]).
[1] 8cdeeb536c package/libical: bump to version 3.0.20
[2] https://cmake.org/cmake/help/latest/policy/CMP0005.html
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Fixes the following security issues:
CVE-2025-24223
Versions affected: WebKitGTK and WPE WebKit before 2.48.2.
Credit to rheza (@ginggilBesel) and an anonymous researcher.
Impact: Processing maliciously crafted web content may lead to
memory corruption. Description: The issue was addressed with
improved memory handling.
WebKit Bugzilla: 287577
CVE-2025-31204
Versions affected: WebKitGTK and WPE WebKit before 2.48.2.
Credit to Nan Wang (@eternalsakura13).
Impact: Processing maliciously crafted web content may lead to
memory corruption. Description: The issue was addressed with
improved memory handling.
WebKit Bugzilla: 291506
CVE-2025-31205
Versions affected: WebKitGTK and WPE WebKit before 2.48.2.
Credit to Ivan Fratric of Google Project Zero.
Impact: A malicious website may exfiltrate data cross-origin.
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 290992
CVE-2025-31206
Versions affected: WebKitGTK and WPE WebKit before 2.48.2.
Credit to an anonymous researcher.
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash. Description: A type confusion issue was
addressed with improved state handling.
WebKit Bugzilla: 290834
CVE-2025-31215
Versions affected: WebKitGTK and WPE WebKit before 2.48.2.
Credit to Jiming Wang and Jikai Ren.
Impact: Processing maliciously crafted web content may lead to an
unexpected process crash. Description: The issue was addressed with
improved checks.
WebKit Bugzilla: 288814
CVE-2025-31257
Versions affected: WebKitGTK and WPE WebKit before 2.48.2.
Credit to Juergen Schmied of Lynck GmbH.
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash. Description: This issue was addressed with
improved memory handling.
WebKit Bugzilla: 290985
https://webkitgtk.org/security/WSA-2025-0004.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7a09fcf7c6)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Fixes the following security issue:
CVE-2025-4207: PostgreSQL GB18030 encoding validation can read one byte past
end of allocation for text that fails validation
A buffer over-read in PostgreSQL GB18030 encoding validation allows a
database input provider to achieve temporary denial of service on platforms
where a 1-byte over-read can elicit process termination. This affects the
database server and also libpq.
https://www.postgresql.org/about/news/postgresql-175-169-1513-1418-and-1321-released-3072/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit a8f53a907b)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Since commit [1], the host-nodejs package was turned into a virtual
package. However, the target nodejs package was intentionally not
turned into a virtual package and became an empty package.
The reason for this is:
- No alternatives providers were introduced for the target nodejs
package.
- The Config.in remained unchaged for the target package.
As a result, running `make show-info` with a config that includes the
target nodejs package, outputs an entry for the empty package:
```
"nodejs": {
"type": "target",
"name": "nodejs",
"virtual": false,
"version": "",
...
"cpe-id": "cpe:2.3:a:nodejs:node.js::*:*:*:*:*:*:*"
},
```
This can be an issue because the CPE ID of the empty nodejs package
is the following `cpe:2.3:a:nodejs:node.js::*:*:*:*:*:*:*`.
Reporting such a CPE ID can be an issue for certain software that consume
the SBOM and could be interpreted as CPE that matches with every versions
of the package.
This patch converts the target nodejs package into a virtual package to
prevents the empty package from being included in the SBOM.
[1] 4cbc2af604 package/nodejs: rename to nodejs-src and convert to virtual package
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Tested-by: johan.derycke@barco.com
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ccf3536fcb)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Version 6.1.2 of ffmpeg fails to build with GCC 14.x due to the V4L2
ioctl code:
libavdevice/v4l2.c:137:17: error: assignment to ‘int (*)(int, long unsigned int, ...)’ from incompatible pointer type ‘int (*)(int, int, ...)’ [-W
incompatible-pointer-types]
137 | s->ioctl_f = prefix ## ioctl; \
| ^
libavdevice/v4l2.c:151:9: note: in expansion of macro ‘SET_WRAPPERS’
151 | SET_WRAPPERS();
| ^~~~~~~~~~~~
This has been fixed upstream in the release/6.1 branch, which has 27
fixes on top of 6.1.2. The commits necessary to fix our issue are:
f71076c009f84917e7a0f2f1ece86b718de2d8d3 configure: improve check for POSIX ioctl
60593d6c06c9b610359bd6af26a268feff1293eb configure: restore autodetection of v4l2 and fbdev
However, since all other commits are fixes, we believe bumping to the
latest commit in the release/6.1 branch is a better idea.
This allows to drop
0008-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch, which
is upstream as of:
4c688845a50f7dce3af9afebe60f0f7a493c4f07 libavcodec/arm/mlpdsp_armv5te: fix label format to work with binutils 2.43
Note that we set FFMPEG_CPE_ID_VERSION to get proper CVE matching even
with FFMPEG_VERSION being set to n6.1.2-27-ge16ff06adb. One who have
ideally set FFMPEG_VERSION to n$(FFMPEG_CPE_ID_VERSION)-ge16ff06adb,
but that makes check-package unhappy with:
WARNING: package/ffmpeg/ffmpeg.mk:7: expecting package version to be set before CPE_ID_VERSION
Fixes:
https://autobuild.buildroot.net/results/fe1574443acd50ca7e576bb4beb24467be1713e3/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
(cherry picked from commit 32df543fa3)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Fixes:
Build with gcc-15 was fixed upstream in 10.11.11:
https://github.com/MariaDB/server/commit/1d6f857
Remove patch, since the problem was fixed upstream:
https://github.com/MariaDB/server/commit/4375245
After bumping the version to 10.11.11 the configuration step failed for target:
CMake Error: try_run() invoked in cross-compiling mode, please set the following cache variables appropriately:
HAVE_SYSTEM_LIBFMT_EXITCODE (advanced)
To fx this problem we set HAVE_SYSTEM_LIBFMT_EXITCODE=0.
Fix legal-info after changes to README.md.
Signed-off-by: Roy Kollen Svendsen <roykollensvendsen@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6cd8f95346)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
dbus has a session socket directory configuration setting,
that, if not set, will be autodeducted based on env vars
like TMPDIR during configuration time.
Becuse of that, the builder's environment variables will
lead to an image with a broken session bus while
leaking builder's details to the image.
Add an explicit setting of session-socket-dir to /tmp dir.
Fixes: https://gitlab.com/buildroot.org/buildroot/-/issues/67
Signed-off-by: Nikita Kiryushin <kiryushin@ancud.ru>
Reviewed-by: Fiona Klute <fiona.klute@gmx.de>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
(cherry picked from commit f777c79912)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
A set of `unterminated-string-initialization` errors appeared when
building the micropython package with GCC15 on the host.
The autobuilder failed to build the package micropython with the
following error:
```
CC ../py/emitinlinethumb.c
../py/emitinlinethumb.c:153:9: error: initializer-string for array of 'unsigned char' truncates NUL terminator but destination lacks 'nonstring' attribute (4 chars into 3 available) [-Werror=unterminated-string-initialization]
153 | {0, "r0\0"},
| ^~~~~~
../py/emitinlinethumb.c:154:9: error: initializer-string for array of 'unsigned char' truncates NUL terminator but destination lacks 'nonstring' attribute (4 chars into 3 available) [-Werror=unterminated-string-initialization]
154 | {1, "r1\0"},
| ^~~~~~
...
```
This patch adds the set of upstream commits to fix the compatbility with
GCC15 (see [1]).
The patches were backported to micropython v1.22.2. The main difference
with the upstream version is that since the v1.23, the project removed the
use of the `STATIC` macro (see [2]).
Also, in the codebase of v1.22.2 the 'unterminated-string-initialization'
error occured in another file that was reworked in the patch [3] and
included in v1.25. This patch is included as well to remove the error in
v1.22.2.
[1] package/micropython/0003-Fixes-for-GCC-15-1-unterminated-string-literal-warning.patch
[2] decf8e6a8b
[3] package/micropython/0002-py-emitinlinextensa-Simplify-register-name-lookup.patch
Fixes: https://autobuild.buildroot.org/results/fdf/fdf1d7c3e3a51e6fc7fa5abea57de6c9ce792015
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 0814b614c2)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Inspired by
c250c61cc3
"GCC 15 defaults to C23. The last release of this package was over a
decade ago, and it is no longer maintained, therefore it should not be
expected to compile to the latest standards."
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit c1d422edde)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
This commit adds the same patch that was already added to GDB 14.x,
15.x and 16.x to fix a GCC 15.x build issue.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit dc0691f038)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
This commit backports an upstream patch fixing the bundled readline
library so that it builds with GCC 15.x.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 56c834400e)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
bash uses K&R function declarations which have been removed in C23.
Since part of the build process (like the mkbuiltins helper) is written
in C, building bash now fails on hosts with GCC 15 (which defaults to
C23).
Since properly fixing this on the source code level is a larger
endeavor, just set the C standard to an old enough version for now.
Signed-off-by: Florian Larysch <fl@n621.de>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 6d09b25d08)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
On systems running GCC 15, host-cpio will fail to build with errors like
copyout.c:646:12: error: too many arguments to function 'xstat'; expected 0, have 2
and
main.c:407:13: error: assignment to 'int (*)(void)' from incompatible pointer type 'int (*)(const char * restrict, struct stat * restrict)' [-Wincompatible-pointer-types]
This was reported[1] and fixed upstream, but there is no new release
yet. Import the upstream patch for now.
Fixes:
https://autobuild.buildroot.org/results/a10c5f2b0f9cb05b2550fe97f1133deaaac97277/
(and many more)
[1] https://lists.gnu.org/archive/html/bug-cpio/2025-05/msg00000.html
Signed-off-by: Florian Larysch <fl@n621.de>
[Julien:
- add missing "Signed-off-by:" in patch to fix check-package error
- change "Upstream:" link to use the commitdiff in patch
- add "Fixes:" in commit log
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit e3cae9e1ca)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
When using host gcc 15, host-gmp fails at configure time with
error message:
configure: error: could not find a working compiler, see config.log for details
The error is due to the macro GMP_PROG_CC_WORKS in the file
acinclude.m4 containing C-code declaring functions without declaring
its parameters. This construct is now an error in C23, which is the
new default in gcc 15. See:
https://gcc.gnu.org/gcc-15/porting_to.html#c23
This commit fixes the issue by adding a package patch from
upstream changesets, not yet published in a release.
Even if gcc 15 is not yet included in Buildroot, this commit also
sets _AUTORECONF = YES for the target package in order to have this
package already fixed.
Fixes:
https://autobuild.buildroot.org/results/623634fa7bbeceeb6d90b15ce0abb1b9b4b24045/
Tested-by: Brigham Campbell <me@brighamcampbell.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 31569bcc1b)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
When compiling host-m4 1.4.19 with a host gcc 15 (which is the version
included in Fedora 42, released on 2025-04-15), compilation fails with
error:
In file included from gl_avltree_oset.h:21,
from gl_avltree_oset.c:21:
gl_oset.h:275:1: warning: 'nodiscard' attribute ignored [-Wattributes]
275 | GL_OSET_INLINE _GL_ATTRIBUTE_NODISCARD int
| ^~~~~~~~~~~~~~
gl_oset.h:275:40: error: expected identifier or '(' before 'int'
275 | GL_OSET_INLINE _GL_ATTRIBUTE_NODISCARD int
| ^~~
This error is due to the gnulib copy included in m4 1.4.19, which does
not detect properly the default C language standard of gcc 15 which
has been changed from "gnu17" to "gnu23". See [1]. Note that m4 1.4.19
is the latest version available at the time of this commit, and was
released in May 2021. The issue is tracked upstream in [2].
Upcoming m4 release is expected to fix this issue, by updating its
gnulib copy. See [3], which states: "Update to comply with newer C
standards, and inherit portability improvements from gnulib".
Until this new m4 version is released, this commit fixes the issue by
forcing the C langage standard to "-std=gnu17" (the previous gcc
default) when host-gcc 15 is detected.
Note that the "-std=gnu17" option was introduced in gcc 8. See [4].
This is the reason why this patch adds this option only when the
problematic gcc 15 version is detected.
See also the discussions around this patch at [5].
Fixes:
https://autobuild.buildroot.org/results/1c33ef0a710cfae13e496485787b351c8f951217/
(and many, many others)
[1] https://gcc.gnu.org/gcc-15/changes.html#c
[2] https://savannah.gnu.org/support/?111150
[3] https://git.savannah.gnu.org/cgit/m4.git/commit/?h=branch-1.4&id=a22c9802dd7e724eaefb21dc21d84ac2d3a49c89
[4] https://gcc.gnu.org/gcc-8/changes.html#c
[5] https://lore.kernel.org/buildroot/CAPWx8vsoJUt8YMJG1aUqFRK1=yizNbgjVjGL1Q1+9ygjJGnZLA@mail.gmail.com/
Signed-off-by: Joseph Zikusooka (ZIK) <zik@jambula.net>
Tested-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
[Julien:
- change mail url to lore.kernel.org for stable link
- reword, reflow and add extra info in the commit log
- force -std=gnu17 only when host gcc-15 is detected
- add a comment in .mk to remove the workaround at next bump
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 7a07a9d155)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
A basic Fedora 42 container does not have 'awk' installed, but it is
needed by Buildroot. First by check-host-python3.sh:
support/dependencies/check-host-python3.sh: line 6: awk: command not found
support/dependencies/check-host-python3.sh: line 19: awk: command not found
support/dependencies/check-host-python3.sh: line 19: awk: command not found
but then even building host-expat assumes awk is available:
config.status: creating Makefile
./config.status: line 1404: awk: command not found
config.status: creating expat.pc
./config.status: line 1404: awk: command not found
Since it's a pretty basic tool, make it part of the tools checked by
dependencies.sh. One minor annoyance is that check-host-python3.sh is
executed *before* dependencies.sh does its thing, so when 'awk' is not
available, we end up seeing:
support/dependencies/check-host-python3.sh: line 6: awk: command not found
support/dependencies/check-host-python3.sh: line 19: awk: command not found
support/dependencies/check-host-python3.sh: line 19: awk: command not found
which: no awk in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin)
You must install 'awk' on your build machine
make: *** [support/dependencies/dependencies.mk:27: dependencies] Error 1
It would be nice to have the awk check *before* it gets used in
check-host-python3.sh, but that's a topic for another patch.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 448ceefa78)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Changes:
Set GDB version number to 15.2.
[gdb/python] Make sure python sys.exit makes gdb exit
[gdb/symtab] Revert "Change handling of DW_TAG_enumeration_type in DWARF scanner"
[gdb/testsuite] Add regression test for PR32158
[gdb/testsuite] Add gdb.dwarf2/enum-type-c++.exp, regression test for PR31900.
gdb-15-branch: Clear the X86_XSTATE_MPX bit in XCRO for x32
Recognize -2 as a tombstone value in .debug_line
[gdb] Handle ^C during disassembly
Mark unavailable bytes of limited-length arrays when allocating contents
gdb/solib-frv: move lm_info object to solib
Fix loading a saved recording
Bump GDB's version number to 15.1.90.DATE-git.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit e40bf89e40)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Changes:
Set GDB version number to 16.3.
gstack: [downstream regression] Output file names and line numbers
Fix build failure for gdbserver's raw_compare self test
Fix gdbserver crashes on SVE/SME-enabled systems
gdb: allow selecting default fg/bg colors in tui mode
gdb: Fix assertion failure when inline frame #0 is duplicated
[gdb/tdep] Rewrite i386_canonicalize_syscall
[gdb/record] Fix out-of-bounds write in aarch64_record_asimd_load_store
gdb/dwarf: save DWARF version in dwarf2_loclist_baton, remove it from dwarf2_per_cu
Fix segfault if target_fileio_read_alloc fails
gdb/tui: use wrefresh if output is not surpressed
[gdb/corefiles] Fix segfault in core_target_open
Bump GDB's version number to 16.2.90.DATE-git.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit b793160964)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
This patch was commited upstream, and released as part of sqlite 3.49.1
However, the configuration system changed between sqlite 3.48 and 3.49
from autotools to autosetup, and this has proven challenging to support
in Buildroot (see `git log package/sqlite`), hence why we are still on
sqlite 3.48.
Therefore, until the package build infrastructure correctly supports
building sqlite 3.49, let's simply import the upstream patch to address
the CVE.
Note: the upstream patch is on the orignal sqlite sources. Buildroot is
using the sqlite "amalgamation" source archive, which basically
concatenate all the source files in a single "sqlite3.c" file. So the
patch was reformated to apply correctly on the sqlite release archive.
Fixes:
https://www.cve.org/CVERecord?id=CVE-2025-29087
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
[Julien:
- reformat patch to be applicable on amalgamated sqlite sources
- add comment in commit log about patch format
- add "Fixes:" in commit log
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 835b5659ea)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Since its introduction in commit [1], the
friendlyarm_nanopi_r3s_defconfig is failing to build with error:
Incorrect selection of kernel headers: expected 6.12.x, got 6.13.x
The error happens because the defconfig has:
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_12=y
and
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="6.13.4"
This commit fixes the issue by setting instead:
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="6.12.28"
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/9887216429
[1] 41734e00c0
Cc: Sergey Kuzminov <kuzminov.sergey81@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 74c4dd4150)
[Thomas:
Since this has been introduced in LTS branch I set the kernel
version to 6.12.x present in LTS instead of changing the linux header
version.
]
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
This commit adds BR2_DOWNLOAD_FORCE_CHECK_HASHES=y in the defconfig
and adds custom hash files. The exception entry in .checkpackageignore
is also removed.
Cc: Fabio Estevam <festevam@gmail.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 683681261b)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The 'bird' package with only the `BR2_PACKAGE_BIRD_BFD=y` protocol
enabled fails to build with the following error
```
bison -Dparse.lac=full -Dparse.error=verbose -dv -pcf_ -b obj/conf/cf-parse obj/conf/cf-parse.y
proto/bfd/config.Y:204.27-33: error: symbol 'ADDRESS' is used, but is not defined as a token and has no rules
204 | | bfd_show_sessions_args ADDRESS net_or_ipa { net_copy(&($$->address...
| ^~~~~~~
```
The `ADDRESS` token is defined only when certain protocols (e.g. OSPF,
RIP, RPKI, or BGP) are enabled. As a result, builds including any of
these protocols do not encounter the issue.
The issue can be reproduced with the commands:
cat >.config <<EOF
BR2_aarch64=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_PACKAGE_BIRD=y
BR2_PACKAGE_BIRD_BFD=y
# BR2_PACKAGE_BIRD_BGP is not set
EOF
make olddefconfig
make bird
This patch backports upstream commits that define the `ADDRESS` token
for the BFD protocol.
Fixes:
https://autobuild.buildroot.org/results/68c5dd84585a7018ad57ea3e7134748c08858ef7/
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
[Julien: add commands to reproduce the issue]
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 80cfdcb86b)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
This patch fixes the `S_IFMT` undeclared error in `statx.c` when musl
is used.
Signed-off-by: José Luis Salvador Rufo <salvador.joseluis@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 9a672635a1)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
This fixes a potential NULL pointer dereference
As a side note, this package has many opened CVEs, but upstream doesn't seem
to really consider them as security issues, see their disclaimer here:
https://github.com/yasm/yasm/blob/master/SECURITY.md
We could speculate that this disclaimer has been written as a consequence of
the many small CVEs opened in a short time, that don't have a substantial
security impact (besides the command line tool crashing). All of these small
CVEs have been opened for bug reports issued by a third party who used a
fuzzy tester to manipulate the assembler input
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 875f5670aa)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
This fixes the following CVE:
- CVE-2025-1492: The Bundle Protocol and CBOR dissectors could crash
It may be possible to make Wireshark crash by injecting a malformed
packet onto the wire or by convincing someone to read a malformed
packet trace file.
See https://www.wireshark.org/security/wnpa-sec-2025-01
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 032b268890)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Annoyingly, using "--disable warning" does not disable the warnings
checks.
It turns out that we look for "warnings" (i.e. with an 's') to know if
we should disable the warnings check, so update the help text
accordingly.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 92e7ab78d6)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Since commit fd562315, which updated waf to v2.1.1, Buildroot has
encountered issues building mpv, likely due to an outdated version of
the waf build system.
Starting with mpv v0.35, meson was introduced as an alternative to waf,
and in mpv v0.37, waf was completely removed.
This commit updates the mpv makefile to use meson, resolving the build
issues and simplifying future updates to newer versions of mpv.
All options previously used for Waf have been translated to the new
build system by replacing `--disable-feature` with `-Dfeature=disabled`
(and similarly for enabling features). Some features have special
handling:
- The `/usr` prefix is automatically passed to meson packages by
default.
- The Android feature "has been removed since meson can detect if a
machine is Android"[1].
- The `libmpv` parameter has been enabled in the makefile as `libmpv`
must be built by default with mpv.
- Meson packages automatically set whether the library should be built
statically using the `default_library` meson parameter.
- Meson automatically detects the presence of `libatomic` and passes the
correct argument to the linker. However, it is possible to set the
`stdatomic` meson parameter to specify whether `libatomic` must or
must not be used.
Fixes:
https://autobuild.buildroot.org/results/68d42441fc0da34e1bf2a4247726f5f4ec3b8e77/
[1]: 140ec21c89/DOCS/build-system-differences.md (L48)
Signed-off-by: Thomas Bonnefille <thomas.bonnefille@bootlin.com>
Tested-by: J. Neuschäfer <j.ne@posteo.net>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 8f69974c20)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Changelog:
- afa57cc libubus: add support for using channels
- d996988 libubus: close file descriptor after sending it from a request
- 252a9b0 libubus: Make UBUS_* macros work cleanly in C++
- 65bb027 CMakeLists.txt: bump minimum cmake version
- f84eb59 libubus: fix initial subscribe with autosubscribe
- 2b39a27 libubus: fix reconnect with auto subscribe
- b3e8c4e Add auto subscribe support
Signed-off-by: Lance Fredrickson <lancethepants@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9af9b4b304)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Changelog:
- 3868f47 blob: constify attr argument to blob_memdup
- eb9bcb6 ustream: prevent recursive calls to the read callback
- 12bda4b CI: add CodeQL workflow tests
- a2fce00 CI: add build test run
- c1be505 udebug: fix crash in udebug_entry_vprintf with longer strings
- 6339204 CMakeLists.txt: bump minimum cmake version
- ca3f6d0 udebug: fix file descriptor initialization for __udebug_buf_map
- df5b714 udebug: add mips specific quirk
- d27acfe udebug: add more checks for uninitialized buffers
- 40acbe3 udebug: wait for response after buffer add/remove
- e84c000 udebug: add inline helper function to test if a buffer is allocated
- 325fea5 udebug: add functions for manipulating entry length
- e80dc00 link librt if needed for shm_open
- 260ad5b udebug: add ulog support
- b77f2a4 uloop: fix build using C++ compilers
- d4c3066 udebug: add udebug library code
- b3fa3d9 uloop: reset flags after __uloop_fd_delete call
- 8a5a431 uloop: fix typo in signal handling rework
- f7d1569 uloop: properly initialize signal handler mask
- 13d9b04 uloop: add support for user defined signal handlers
- 82fa648 uloop: add support for interval timers
Signed-off-by: Lance Fredrickson <lancethepants@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 44c11a6862)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The package strongswan relies on the `wc_RsaKeyToDer` & `wc_MakeRsaKey`
functions of WolfSSL. Building this package with the WolfSSL backend
by selecting the variable `BR2_PACKAGE_STRONGSWAN_WOLFSSL` would give
the following error:
```
libtool: compile: /home/buildroot/instance-0/output-1/host/bin/sparc-linux-gcc -DHAVE_CONFIG_H -I. -I../../../.. -I../../../../src/libstrongswan -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -DWC_NO_RNG -rdynamic -Wno-format -Wno-format-security -Wno-implicit-fallthrough -Wno-missing-field-initializers -Wno-pointer-sign -Wno-sign-compare -Wno-type-limits -Wno-unused-parameter -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Og -g0 -include /home/buildroot/instance-0/output-1/build/strongswan-5.9.14/config.h -c wolfssl_ed_public_key.c -o wolfssl_ed_public_key.o >/dev/null 2>&1
wolfssl_rsa_private_key.c: In function 'get_encoding':
wolfssl_rsa_private_key.c:366:31: error: implicit declaration of function 'wc_RsaKeyToDer'; did you mean 'wc_EccKeyToDer'? [-Wimplicit-function-declaration]
366 | len = wc_RsaKeyToDer(&this->rsa, encoding->ptr, len);
| ^~~~~~~~~~~~~~
| wc_EccKeyToDer
libtool: compile: /home/buildroot/instance-0/output-1/host/bin/sparc-linux-gcc -DHAVE_CONFIG_H -I. -I../../../.. -I../../../../src/libstrongswan -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -DWC_NO_RNG -rdynamic -Wno-format -Wno-format-security -Wno-implicit-fallthrough -Wno-missing-field-initializers -Wno-pointer-sign -Wno-sign-compare -Wno-type-limits -Wno-unused-parameter -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Og -g0 -include /home/buildroot/instance-0/output-1/build/strongswan-5.9.14/config.h -c wolfssl_ec_private_key.c -o wolfssl_ec_private_key.o >/dev/null 2>&1
wolfssl_rsa_private_key.c: In function 'wolfssl_rsa_private_key_gen':
wolfssl_rsa_private_key.c:490:13: error: implicit declaration of function 'wc_MakeRsaKey'; did you mean 'wc_FreeRsaKey'? [-Wimplicit-function-declaration]
490 | if (wc_MakeRsaKey(&this->rsa, key_size, WC_RSA_EXPONENT, &this->rng) < 0)
| ^~~~~~~~~~~~~
| wc_FreeRsaKey
```
Those functions are only present when building the WolfSSL library with
the keygen supports (`--enable-keygen`).
This patch change the selected package to enable all the option of
WolfSSL, which include the keygen as well.
Fixes:
- https://autobuild.buildroot.org/results/d0e/d0e94f501ad1afd25ae4112443f9af101dfa5dea
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 6c18375434)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
This version bump removes CVE-2023-7152, which was incorrectly associated
with the micropython package in pkg-stats.
Although the CVE fix was already present in 1.22.0 the CVE only applied
to the preview version of 1.22.0. The CPE ID of the 1.22.0 matched with the
CPE ID of the 1.22.0 preview version as well.
This patch bumps to the latest patch-level version available in the 1.22.x
series to include additional fixes, rather than just adding the CVE to the
'MICROPYTHON_IGNORE_CVES' list.
The LICENSE hash has been updated, as the licenses used for the ports and
libraries have also been updated in the LICENSE file.
For more details on the version bump, see the release notes:
- https://github.com/micropython/micropython/releases/tag/v1.22.2
- https://github.com/micropython/micropython/releases/tag/v1.22.1
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 294e3a40bb)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The Config.in comment in the dpdk package was wrong for a number of
reasons:
- It didn't mention the glibc dependency
- It didn't mention the gcc >= 4.9 dependency
- It mentioned a wchar dependency that isn't listed in the dpdk
dependencies
- It mentioned a dynamic library dependency that isn't listed in the
dpdk dependencies
- It used "kernel headers >= 4.19", while for brievity we use "headers
>= 4.19" everywhere in Buildroot
- Minor nit: DPDK was written allcaps, while we write package names
lower-case in Buildroot
Fixes: d17d1b6bde ("package/dpdk: add 24.07")
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 0e0b65781b)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Add a runtime test for the 'dust' package to verify that the binary
executes correctly in a minimal buildroot rootfs. The test checks that:
- 'dust --version' runs without error
- 'dust' can analyze a directory structure with files
- The output includes the expected directory names
Signed-off-by: El Mehdi YOUNES <elmehdi.younes@smile.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 5bca9d741d)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Add a runtime test for the 'bat' package to verify that the binary executes
correctly in a minimal Buildroot rootfs.The test cheks that:
- 'bat --version' runs without error
- 'bat' can read and display a text file
- the displayed content matches the expected string
Signed-off-by: El Mehdi YOUNES <elmehdi.younes@smile.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit dacf8e3c39)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The v1 of the patch that is in Buildroot ended up being reworked and
merged from a v2, therefore let's update the patch by using the merged
commit instead.
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0f2249a484)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
libcamera migrated to use an ioctl for detecting frame sizes which is
only available in kernels 6.4 and later. If it doesn't exist, default
frame sizes are used. However the min and max resolutions supported by
the pipeline weren't initialized for kernels where that ioctl isn't
available and ended up creating invalid configuration that later
crashed.
The introducing commit was part of the v0.4.0 release.
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d12d1a7f5e)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Release:
https://github.com/bootandy/dust/releases/tag/v1.1.2
Note: version 0.9.0 of dust fails to build when running
the runtime test on the armv7 architecture due to an
unconditional import of Atomicu64.
error:
Compiling config-file v0.2.3
error[E0432]: unresolved import `std::sync::atomic::AtomicU64`
--> src/progress.rs:6:18
|
6 | atomic::{AtomicU64, AtomicU8, AtomicUsize, Ordering},
| ^^^^^^^^^
| |
| no `AtomicU64` in `sync::atomic`
| help: a similar name exists in the module: `AtomicU32`
For more information about this error, try `rustc --explain E0432`.
error: could not compile `du-dust` (bin "dust") due to 1 previous error
This issue was discovered while writing a runtime test
for dust. upgrading to version 1.1.2 resolves the issue.
More details available in the following issue:
https://github.com/bootandy/dust/issues/423
For now, we bump to the latest compatible version
which builds and runs correctly. We can't bump to the latest
version 1.2.0 since it requires a cargo version newer than
1.82.0.
error:
-- The package requires the Cargo feature called `edition2024`, but that feature is not stabilized in this version of Cargo (1.82.0 (8f40fc59f 2024-08-21)).
Consider trying a newer version of Cargo (this may require the nightly release).
The upgrade to 1.2.0 will be considered once the patch for
Rust 1.86.0 is accepted.
Signed-off-by: El Mehdi YOUNES <elmehdi.younes@smile.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 3abc3b97ba)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
1.3.44 added the following security fixes:
* TIFF: Fixed multiple heap and stack buffer overflows (directed by
the source EXIF profile) while writing EXIF into the native TIFF
IFD.
* FITS: Fix problem that the FITS reader could return invalid image
frames with rows or columns set to zero. Other code in the library
crashes, or even asserts, if invalid image frames with rows or
columns set to zero are returned.
* Coverity fixes: Various fixes for Coverity issues raised after the
update to version 2023.12.2.
* Clang Analyzer (scan-build) fixes: Various fixes for new issues
discovered by Clang Analyzer.
7046c34427
In addition 1.3.45 fixes a off-by-one issue introduced in 1.3.44:
96f765a2e3
Update the Copyright.txt hash for a change in copyright years:
f0bba104ee26fce89276
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 055547ff12)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The version bump in [1] introduced the upstream commit [2] which made
builds using toolchain without thread support fail to build libcoap.
This patch adds an option check in the libcoap.mk file to verify
the toolchain has thread support and passes the correct configuration
options introduced in [2] as well.
The build can be tested with the following config.
```
BR2_armeb=y
BR2_cortex_a76_a55=y
BR2_ARM_EABI=y
BR2_ARM_SOFT_FLOAT=y
BR2_TOOLCHAIN_BUILDROOT_UCLIBC=y
BR2_PTHREADS_NONE=y
BR2_PACKAGE_LIBCOAP=y
```
Fixes:
https://autobuild.buildroot.org/results/9c0/9c0b675a64fb2576bc34457043f118cffe5fe555//
[1] 4df4d1d312 package/libcoap: bump version to 4.3.5
[2] c69c5d5af0
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 70ca62fb49)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Jugurtha's email address is bounding:
550 5.1.1 The email account that you tried to reach does not exist. Please try double-checking the recipient's email address for typos or unnecessary spaces.
Remove it from the DEVELOPERS file so that utils/get-developers
doesn't send emails to non-existent addresses.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit cd6141ab15)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
linux-tools opportunistically set linux as only a patch dependency. This
unfortunately introduces a race condition in the shared linux scripts
when using PER_PACKAGE_DIRECTORIES and using top level parallelism. The
race manifests as the error "/bin/sh: 1: scripts/basic/fixdep:
Permission denied". This happens when the linux package and the
linux-tools package are being compiled in parallel.
The linux-tools currently using fixdep are perf and rtla. When the
timing is correct, perf, rtla, or the kernel Makefile will try to use
fixdep while one of the others is compiling fixed, resulting in fixdep
being briefly not available.
To fix this, set linux as a build dependency instead of a patch
dependency.
Signed-off-by: Charlie Jenkins <charlie@rivosinc.com>
Reviewed-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b074f6b72b)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Pixman defaults to building with the riscv vector extension. Instead,
only build with vector if the buildroot user has selected
BR2_RISCV_ISA_RVV.
This option exists since pixman 0.44.0, to which the Buildroot package
was updated as part of Buildroot commit
ba2fb599cd.
Signed-off-by: Charlie Jenkins <charlie@rivosinc.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 386e6bb479)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
This will be part of 6.15.0 release.
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
[Julien: fix check-package error by adding "Upstream:" tag in patch]
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 6bcefa73b1)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The "modprobe brcmfmac" command is not necessary because this driver
is automatically loaded.
Remove the "iwconfig" line as it is considered deprecated:
warning: `iwconfig' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
Remove the "-Dwext" parameter as it is not supported by the default kernel
configuration:
wlan0: Unsupported driver 'wext'
Tested Wifi by following the updated commands.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 6240b75d0c)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Restart would regularly fail because it did not wait for the old
process to be gone before starting the new one. Rewrite the script
according to current style to fix that, and add reload support (see
mosquitto docs for limitations of reload).
Signed-off-by: Fiona Klute (WIWA) <fiona.klute@gmx.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 340a4bd4f8)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Importing urllib3 already allows us to check that for example zlib can
be loaded at runtime.
For good measure, also create the PoolManager object mentioned in the
user guide ([1]), and check that we can normalize a URL like it is
done in urllib3's 'test/test_util.py'.
[1]: https://urllib3.readthedocs.io/en/stable/user-guide.html
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 3e931caf84)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
See release announce [1].
The src/mygetopt.h file license was updated from BSD-4-Clause to
BSD-2-Clause in upstream commit [2]. This change makes this file using
the same license as most other files. So this commit removes the
license entry for this file and update the _LICENSE accordingly.
This commit also replaces the mention "one file" on BSD-3-Clause, to
the actual file name using it, which is "vasprintf.c".
This commit also updates the Config.in package homepage URL,
to use https.
[1] https://mailman.astron.com/pipermail/file/2024-November/001435.html
[2] d605bb4047
Signed-off-by: Julien Olivain <ju.o@free.fr>
Reviewed-by: Vincent Jardin <vjardin@free.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 104449d0cb)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Commit 675cbaf9aa (package/qt5/qt5webengine: bump to version 5.15.8)
moved the chromium submodule in a separate qt5webengine-chromium
package. It removed the inclusion of
"package/qt5/qt5webengine/chromium-latest.inc" but forgot to remove
the file.
A similar file was introduced in commit 577d886886
(package/qt5/qt5webengine-chromium: new package), included in its
own qt5webengine-chromium.mk package recipe.
This commit drops the chromium-latest.inc file in qt5webengine
which is no longer used.
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
[Julien: add extra explanation in commit log]
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 272e56d1ce)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The upstream URL has changed to github.com/python-sdbus/python-sdbus.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
[Julien: add link to release note in commit log]
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit e3ba797873)
[Thomas: do not include the bump only the repo address fix]
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The bump of packages rpi-firmware and linux have to by synced, since the
linux package does not install yet its device-tree overlay blobs.
This adds a note to remind to keep in sync the versions of rpi-firmware
package and kernel (set in the defconfigs).
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
[Julien: rebase patch to resolve context conflict with commit 80ccb3e667]
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 5926b3b3ae)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
$ fluent-bit
fluent-bit: error while loading shared libraries: libminiz.so.3: cannot open shared object file: No such file or directory
Commit 527deef "package/fluent-bit: bump to 3.2.10",
dropped the BUILD_SHARED_LIBS=OFF off part, because miniz uses
static linking by default now, but runtime execution shows otherwise,
so revert to fix.
Signed-off-by: Thomas Devoogdt <thomas.devoogdt@barco.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit f2c15f00d4)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Commit [1] "support/testing: improve weston test reliability" moved
out the wait time from the emulator (to run on the test controller).
While doing so, the sleep time which was initially _after_ the
"killall weston" invocation to in stop_weston() was incorrectly
moved before the command invocation. In this state, the test can
succeed on fast host computer running the test. But it will most
likely fail on an average computer.
This commit fixes this issue by moving the sleep time after
the command invocation.
[1] 6561a5d773
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit bedc44c073)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The patch bumps the Linux kernel to version 6.1.133. The size of xipImage
has increased by only 22 bytes (1671804 bytes compared to 1671782 in
version 6.1.126).
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit cb6729d214)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
lmbench dependency discovery relies on implicit return types for
main(). This causes compiler errors when -Wimplicit-int is enabled,
which has become the default with recent gcc versions. The failure of
the dependcy discovery causes lmbench to redifine typedefs the
compiler already has in an incompatible manner. Add a patch to fix the
discovery.
Fixes:
bench.h:81:13: error: conflicting types for ‘socklen_t’; have ‘int’
81 | typedef int socklen_t;
bench.h:85:15: error: conflicting types for ‘off64_t’; have ‘int64’ {aka ‘long long int’}
85 | typedef int64 off64_t;
Fixes:
http://autobuild.buildroot.net/results/33cf97a79125c20f67f620eb6a7b5ad2206b2503/
Signed-off-by: Charlie Jenkins <charlie@rivosinc.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit fd914e9e4c)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
libcamera has some optional dependencies that automatically detected at
build time.
To improve reproducibility, we should add a dependency on those optional
dependencies if the symbols that build them are enabled so that the
order in which packages are built does not influence the libcamera
package.
Note that the optional libyuv dependency isn't added as:
1) it is only used for the virtual pipeline and the android feature,
both of which are disabled/not supported right now,
2) libcamera has it in a submodule if missing (though if that works with
Buildroot is to be determined),
3) adding the dependency isn't enough as meson somehow doesn't find the
dependency,
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 028bdac7ed)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
meson allows to force all features set to "auto" to default to disabled
except if explicitly enabled via the auto_features argument, c.f.
https://mesonbuild.com/Build-options.html#features
"""
If the value of a feature option is set to auto, that value is
overridden by the global auto_features option (which defaults to auto).
This is intended to be used by packagers who want to have full control
on which dependencies are required and which are disabled, and not rely
on build-deps being installed (at the right version) to get a feature
enabled.
"""
The only auto feature that we hadn't disabled explicitly is the
gstreamer plugin. It is however expected that this wasn't a mistake as
the dependencies for the gstreamer pluging wouldn't have been met
thanks to the explicit LIBCAMERA_DEPENDENCIES we have based on the
presence of the gstreamer symbols in the global config.
This should make it less likely for future releases of libcamera to
regress in terms of reproducibility because of "auto" features (though
changes from "auto" to "enabled" wouldn't be caught and would be
susceptible to race conditions with their dependencies in case they
aren't properly specified and built after libcamera is).
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ef3c3bc9b1)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
We currently disable building the documentation via the "documentation"
feature, but it is enabled nonetheless by meson if sphinx-build-3 is
found on the host.
This makes sure it doesn't happen by making the sphinx-build-3 check
only happen when the "documentation" feature is "auto" or "enabled",
which isn't the case for Buildroot.
The bug seems to have been introduced in v0.0.1 release.
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 569272be91)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Commit c1597f989654 ("ipa: raspberrypi: Use YamlParser to replace
dependency on boost"), part of the v0.0.1 release, removed the
dependency on boost, so let's remove it from the pipeline option and
dependency for Buildroot.
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 65721c6e0a)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Some EDK II configurations have complex dependencies on several packages
and additional build options; build tests help keeping track of those
more easily.
Factorize some code common to all the build tests into a new
TestEdk2BuildBase class, which defines a base configuration and a method
to assert that binaries do indeed exist after the build.
While at it, add myself in DEVELOPERS.
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Dick Olsson <hi@senzilla.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4f7e3f0bdd)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The manual states that FOO_DL_OPTS are valid for all the different
download backends, but that is not the case: at least the git backend
does not use them (it does not fail, it just ignores them).
Accept FOO_DL_OPTS in the git backend, and pass them to 'git fetch'.
There is no way that we can pass such options to submodules or lfs,
though.
Update the manual accordingly.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a1012b363a)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The dependencies for pulseview are not entirely clean:
- arch deps are not first;
- second-level inherited deps are listed;
- deps are not alphabetically ordered (for deps on packages);
- the comment is hidden even when the arch deps are met, because of an
incorrect dependency on Qt5;
- qt5 is a depends-on when it could be a select.
Update the dependencies to fix all the points above.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 70bcb7655b)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Some protocol decoders in libsigrokdecode need the zlib module:
srd: ModuleNotFoundError: Failed to load decoder usb_power_delivery: import by name failed: No module named 'zlib'
srd: Traceback (most recent call last):
File "/usr/share/libsigrokdecode/decoders/usb_power_delivery/__init__.py", line 24, in <module>
from .pd import *
File "/usr/share/libsigrokdecode/decoders/usb_power_delivery/pd.py", line 24, in <module>
import zlib # for crc32
^^^^^^^^^^^
ModuleNotFoundError: No module named 'zlib'
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9d6ab1244a)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Since iptables v1.8.11, `iptables -C` commands return unexpected zero status
even for cases when the rules don't exist. This breaks e.g. standard Docker
operation, where checking for existing rules is used extensively when creating
networks.
The patch fixing the behavior is available upstream - apply it to v1.8.11
before a newer version is available.
Signed-off-by: Jan Čermák <sairon@sairon.cz>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f5e7cefe77)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The ARMV7-A toolchains are capable to compile binaries for ARMv8-A CPU
in AArch32 execution state.
This adds the BR2_ARM_CPU_ARMV8A option in the 'conditions' to allow
ARMV8-A CPU such as Cortex-A53 or Cortex-A72 to use ARMV7-A toolchains.
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8fd537ae05)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Without this, packages using libopenmpt are not able to find
the dependency.
Signed-off-by: J. Neuschäfer <j.neuschaefer@gmx.net>
[Julien: reword commit log]
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 24a41c8fb5)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The VideoCore blobs for the Raspberry Pi 1, 2, 3, Zero, Zero W and Zero
2 W are differents from the ones for the Raspberry Pi 4 and the Compute
Module 4.
The VideoCore blobs for the Raspberry Pi 4 are named with a 4[1] (i.e.
start4.elf, start4x.elf, start4db.elf and start4cd.elf).
This precises which VideoCore firmware blob files are present on the
Raspberry Pi 1, 2, 3, Zero W, Zero 2 W and which files are present on
the the Rapsberry Pi 4 and the Compute Module 4.
Note: The VideoCore blobs for the Raspberry Pi 5 are self-contained in
its bootloader EEPROM[1][2]; there is no additional files for pi5.
[1]: https://www.raspberrypi.com/documentation/computers/configuration.html#start-elf
[2]: https://www.raspberrypi.com/documentation/computers/config_txt.html#start_file-fixup_file
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 7ebcfe3cb9)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Any Raspberry Pi may use device-tree overlays; it is not restricted to
Raspberry Pi 3 and 4.
The defconfigs for the Raspberry Pi 3, 4, 400, Zero W, Zero 2 W, Compute
Module 4 and 4s use the miniuart-bt dtoverlay to switch the Bluetooth to
the mini-UART (ttyS0) and restore UART0 (ttyAMA0) over GPIOs 14 and 15
to enable the serial console (like the Raspberry Pi 1 and 2 that have no
Bluetooth)[1][2].
As a consequence, the Raspberry Pi Zero W, Zero 2 W, 400, Compute Module
4 and 4s install the device-tree overlays as well.
This rewords the note by adding the three missing hardwares installing
the images/rpi-firmware/overlays directory. It rewords the miniuart note
at the same time.
[1]: https://www.raspberrypi.com/documentation/computers/configuration.html#uarts-and-device-tree
[2]: https://github.com/raspberrypi/linux/blob/rpi-6.6.y/arch/arm/boot/dts/overlays/miniuart-bt-overlay.dts#L4-L6
Signed-off-by: Gaël PORTAY <gael.portay+rtone@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit a642bed09a)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Changelog:
* v2.4.3 - 02/28/2025
* Fix memory safety with some older `strerror_r()` implementations in error
formatters for all modules.
* Build
* Fix character device GPIO support tests in Makefile for alternate
shells and older versions of make.
* Fix cross-compilation in Makefile from Windows.
* Fix CMake minimum required version.
* Add CMake package generation.
* Contributors
* Ryan Barnett, @rjbarnet - ec31b39
* javalikescript, @javalikescript - 024a25d
* HopeCollector, @HopeCollector - aca6815, b5e53e6
The hash of the license file has changed due to a copyright year
change:
- Copyright (c) 2014-2023 vsergeev / Ivan (Vanya) A. Sergeev
+ Copyright (c) 2014-2025 vsergeev / Ivan (Vanya) A. Sergeev
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 638fe82e8b)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Upstream changelog from
https://github.com/google/double-conversion/releases/tag/v3.3.1:
Hash pin Github workflows by @joycebrum in #198
Create dependabot.yml by @joycebrum in #199
Add _ITERATOR_DEBUG_LEVEL=2 and _DEBUG defines by @ffa-csturdy in #202
Add bzlmod MODULE.bazel file by @jsharpe in #205
Add CIFuzz Github Action by @DavidKorczynski in #203
Update MODULE.bazel and README.md. by @BYVoid in #234
Remove the explicit dependency on rules_cc. by @BYVoid in #235
Add missing headers by @BhavikaSharma in #239
Tested with the following configuration, which includes the only two
reverse dependencies of double-conversion.
BR2_arm=y
BR2_cortex_a9=y
BR2_ARM_ENABLE_VFP=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_INIT_NONE=y
BR2_SYSTEM_BIN_SH_NONE=y
# BR2_PACKAGE_BUSYBOX is not set
BR2_PACKAGE_QT6=y
BR2_PACKAGE_PYTHON3=y
BR2_PACKAGE_PYTHON_UJSON=y
# BR2_TARGET_ROOTFS_TAR is not set
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 7ffdf75311)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
When building a firmware for the MACCHIATObin with edk2 and
arm-trusted-firmware, the build can randomly fail with the
following make error:
make[1]: Circular output/build/edk2-edk2-stable202411/.stamp_configured <- arm-trusted-firmware dependency dropped.
The message appears also when the build is not failing, depending on
the number of parallel jobs and the build order.
The issue can be observed with the following commands:
cat >.config <<EOF
BR2_aarch64=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TARGET_ARM_TRUSTED_FIRMWARE=y
BR2_TARGET_ARM_TRUSTED_FIRMWARE_PLATFORM="a80x0_mcbin"
BR2_TARGET_ARM_TRUSTED_FIRMWARE_EDK2_AS_BL33=y
BR2_TARGET_BINARIES_MARVELL=y
BR2_TARGET_EDK2=y
BR2_TARGET_EDK2_PLATFORM_SOLIDRUN_ARMADA80X0MCBIN=y
BR2_TARGET_MV_DDR_MARVELL=y
EOF
make olddefconfig
utils/brmake
grep -FC5 'dependency dropped' br.log
The circular dependency happen due to [1] and [2].
In fact, only TF-A depends on EDK II (passed as BL33) for building and
not vice versa. See [3]. The EDK II "SolidRun MacchiatoBin" platform
build does not need any TF-A image, compared to some other platforms
such as "Socionext DeveloperBox" or "QEMU SBSA" which are referencing
TF-A images in a hook added in EDK2_PRE_BUILD_HOOKS.
Drop the false dependency on TF-A to fix the build.
This issue has been present since the EDK2 introduction in commit [4].
[1] https://gitlab.com/buildroot.org/buildroot/-/blob/2025.02/boot/arm-trusted-firmware/arm-trusted-firmware.mk#L121
[2] https://gitlab.com/buildroot.org/buildroot/-/blob/2025.02/boot/edk2/edk2.mk#L118
[3] https://github.com/Semihalf/edk2-platforms/wiki/Build_firmware
[4] 1074a37e78
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Dick Olsson <hi@senzilla.io>
[Julien: add extra info in commit log]
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 7361a155ef)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
When Building arm-trusted-firmware for the Macchiatobin platform
(a80x0_mcbin), which depends on the mv-ddr-marvell package, the build fails
complaining that this package's folder "does not contain valid
mv-ddr-marvell git repository".
This is expected under Buildroot, where we use intermediate archives.
The issue can be reproduced with the commands:
cat >.config <<EOF
BR2_aarch64=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TARGET_ARM_TRUSTED_FIRMWARE=y
BR2_TARGET_ARM_TRUSTED_FIRMWARE_PLATFORM="a80x0_mcbin"
BR2_TARGET_ARM_TRUSTED_FIRMWARE_EDK2_AS_BL33=y
BR2_TARGET_BINARIES_MARVELL=y
BR2_TARGET_EDK2=y
BR2_TARGET_EDK2_PLATFORM_SOLIDRUN_ARMADA80X0MCBIN=y
BR2_TARGET_MV_DDR_MARVELL=y
EOF
make olddefconfig
make
The build is failing with the error message:
plat/marvell/armada/a8k/common/ble/ble.mk:34: *** "'MV_DDR_PATH=/buildroot/output/build/mv-ddr-marvell-d5acc10c287e40cc2feeb28710b92e45c93c702c' was specified, but '/buildroot/output/build/mv-ddr-marvell-d5acc10c287e40cc2feeb28710b92e45c93c702c' does not contain valid mv-ddr-marvell git repository". Stop.
Add patches to fix the build for this platform, for a few versions of TF-A
(v2.6, v2.7, v2.8, lts-v2.8.20, v2.9, v2.10, lts-v2.10.5, v2.11, v2.12 and
lts-v2.12.1).
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Dick Olsson <hi@senzilla.io>
Cc: Sergey Matyukevich <geomatsi@gmail.com>
[Julien: add commands to reproduce the issue]
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit fd02add21b)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
libv4l has some really special code that is built explicitly with
_FILE_OFFSET_BITS=32, which doesn't work with _TIME_BITS=64, causing
build failures when BR2_TIME_BITS_64=y. This build issue has been
fixed upstream. While how the upstream patch exactly works is unclear,
it's the patch that upstream has decided to implement to resolve the
build issue, so we simply backport it.
The issue exists since at least upstream commit
99f245f5e2826c7ae3ac8de530bc2fbd906eb62b, which was merged in
v4l-utils 1.26.0.
Fixes:
https://autobuild.buildroot.org/results/616608ef2a44efff67fa21b3263b341da82744c4/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Julien: add upstream commit url in patch]
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit bdb5809adf)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
host-pahole build fails with recent host-cmake versions, producing the
following error:
CMake Deprecation Warning at CMakeLists.txt:1 (cmake_minimum_required):
Compatibility with CMake < 3.5 will be removed from a future version
of
CMake.
Update the VERSION argument <min> value or use a ...<max> suffix to
tell
CMake that the project does not need compatibility with older
versions.
The issue can be reproduced with a minimal defconfig:
BR2_arm=y
BR2_cortex_a7=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_DEFCONFIG="versatile"
BR2_LINUX_KERNEL_NEEDS_HOST_PAHOLE=y
And host-cmake >= 4.0.0
The issue has already been fixed in the upstream pahole project and is
included in versions >= 1.28.
Fix the issue on the current LTS branch by bringing the fixing commit
from upstream.
Signed-off-by: Alexis Lothoré <alexis.lothore@bootlin.com>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
Fixes the following security issues:
- CVE-2025-27830: An issue was discovered in Artifex Ghostscript before
10.05.0. A buffer overflow occurs during serialization of DollarBlend in
a font, for base/write_t1.c and psi/zfapi.c.
- CVE-2025-27831: An issue was discovered in Artifex Ghostscript before
10.05.0. The DOCXWRITE TXTWRITE device has a text buffer overflow via
long characters to devices/vector/doc_common.c.
- CVE-2025-27832: An issue was discovered in Artifex Ghostscript before
10.05.0. The NPDL device has a Compression buffer overflow for
contrib/japanese/gdevnpdl.c.
- CVE-2025-27833: An issue was discovered in Artifex Ghostscript before
10.05.0. A buffer overflow occurs for a long TTF font name to
pdf/pdf_fmap.c.
- CVE-2025-27834: An issue was discovered in Artifex Ghostscript before
10.05.0. A buffer overflow occurs via an oversized Type 4 function in a
PDF document to pdf/pdf_func.c.
- CVE-2025-27835: An issue was discovered in Artifex Ghostscript before
10.05.0. A buffer overflow occurs when converting glyphs to Unicode in
psi/zbfont.c.
- CVE-2025-27836: An issue was discovered in Artifex Ghostscript before
10.05.0. The BJ10V device has a Print buffer overflow in
contrib/japanese/gdev10v.c.
- CVE-2025-27837: An issue was discovered in Artifex Ghostscript before
10.05.0. Access to arbitrary files can occur through a truncated path
with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp.
https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/tag/gs10050
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 9abf662cfd)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Both openh264 2.6.0 and 2.5.1 contain the fix for this CVE (see the
release notes at [1]).
In other words the version we have is no longer vulnerable since
a7aeb5a46e ("package/libopenh264:
security bump to version 2.5.1") but pkg-stats still reports it.
An email was sent to the NVD to fix the CPE version number, but in the
meantime let's ignore it to reduce the noise in our CVE checker.
[1]: https://github.com/cisco/openh264/releases/tag/2.5.1
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2488d97719)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Upstream did a change in sqlite3.pc.in that does work with their
default build system, but not with the autoconf-based amalgamation
that we use. This issue has been reported and fixed upstream, but the
fix is not yet in any new release.
For the time being, we just revert the upstream change. We don't do a
direct revert ("git revert") as multiple upstream commits touched this
very line, so we simply revert to what it was prior to the different
changes, and to what the upstream fix ends up doing.
This issue is causing build issue for all packages that use sqlite's
pkg-config file, in a static-linking configuration.
Fixes:
https://autobuild.buildroot.org/results/1824a76eee4a877a2f19c1fd19a710ef9f059168/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit db481210e9)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
- Update syslogd -T documentation, it applies to messages originating
both locally and from remote syslog servers
- Fix hostname filtering support, introduced in v2.7.0, broken
- Fix parsing of userspace messages in /dev/kmsg, inserted an
extra space before the message payload
From https://github.com/troglobit/sysklogd/releases/tag/v2.7.1
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 7a0725723b)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Running pkg-stats is currently quite verbose, as it shows one line per
package when checking for the upstream URL, and another one line per
package when checking for the latest version on
release-monitoring.org.
This noisy output is a bit annoying when pkg-stats is run in a
cronjob, like we do to update https://autobuild.buildroot.net/stats/
every day. This commit adds a -v/--verbose option, off by default, to
have a less noisy output.
Suggested-by: Peter Korsgaard <peter@korsgaard.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 203e9def71)
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
This reverts commit 27ab880ebb.
With the (proposed) fix from the openssl developers added as
0004-Serialize-install-process-to-avoid-multiple-make-dep.patch, the
workaround can now be dropped so openssl can again be built and installed in
parallel, significantly speeding up builds.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 86f173a744)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The openssl developers have proposed a fix for the parallel installation
issue worked around by commit 27ab880ebb (package/libopenssl do not build
in parallel).
Add the fix here so the workaround can dropped again.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 36b0a3ef9c)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Since Buildroot commit [1] which introduced this defconfig using a
Kernel 6.6.x series, the build can fail with error:
certs/extract-cert.c:21:10: fatal error: openssl/bio.h: No such file or directory
The issue is generally masked by the build order, as
arm-trusted-firmware selects BR2_TARGET_ARM_TRUSTED_FIRMWARE_FIP=y
which requires host-openssl.
The issue can be reproduced in the Buildroot Docker reference image,
using the commands:
utils/docker-run
make ls1043a-rdb_defconfig
make linux
This commit fixes the issue by explicitly adding
BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y to the defconfig.
[1] 34b047a442
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 11315d4787)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Since Buildroot commit [1] which introduced this defconfig using a
Kernel 6.6.x series, the build can fail with error:
certs/extract-cert.c:21:10: fatal error: openssl/bio.h: No such file or directory
The issue is generally masked by the build order, as
arm-trusted-firmware selects BR2_TARGET_ARM_TRUSTED_FIRMWARE_FIP=y
which requires host-openssl.
The issue can be reproduced in the Buildroot Docker reference image,
using the commands:
utils/docker-run
make ls1046a-rdb_defconfig
make linux
This commit fixes the issue by explicitly adding
BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y to the defconfig.
[1] 774035189f
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit a83242f131)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Since Buildroot commit [1] updating the defconfig to use Kernel 6.6.x
series, the build can fail with error:
certs/extract-cert.c:21:10: fatal error: openssl/bio.h: No such file or directory
The issue is generally masked by the build order, as
arm-trusted-firmware selects BR2_TARGET_ARM_TRUSTED_FIRMWARE_FIP=y
which requires host-openssl.
The issue can be reproduced in the Buildroot Docker reference image,
using the commands:
utils/docker-run
make ls1046a-frwy_defconfig
make linux
This commit fixes the issue by explicitly adding
BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y to the defconfig.
[1] 0344e5dae6
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 094f7a5b86)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Since Buildroot commit [1] updating the defconfig to use Kernel 6.6.x
series, the build can fail with error:
certs/extract-cert.c:21:10: fatal error: openssl/bio.h: No such file or directory
The issue is generally masked by the build order, as
arm-trusted-firmware selects BR2_TARGET_ARM_TRUSTED_FIRMWARE_FIP=y
which requires host-openssl.
The issue can be reproduced in the Buildroot Docker reference image,
using the commands:
utils/docker-run
make ls1028ardb_defconfig
make linux
This commit fixes the issue by explicitly adding
BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y to the defconfig.
[1] 7cbc240ac2
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 5d0ec3b6a4)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Fixes the following security issues:
- CVE-2024-57970: libarchive through 3.7.7 has a heap-based buffer
over-read in header_gnu_longlink in archive_read_support_format_tar.c
via a TAR archive because it mishandles truncation in the middle of a
GNU long linkname.
For more information, see:
- https://nvd.nist.gov/vuln/detail/CVE-2024-57970
- 8291210321
- CVE-2025-1632: This affects the function list of the file bsdunzip.c.
The manipulation leads to null pointer dereference. It is possible
to launch the attack on the local host.
For more information, see:
- https://nvd.nist.gov/vuln/detail/CVE-2025-1632
- c9bc934e7e
- CVE-2025-25724: list_item_verbose in tar/util.c in libarchive through 3.7.7
does not check an strftime return value, which can lead to a denial of
service or unspecified other impact via a crafted TAR archive that is read
with a verbose value of 2.
For example, the 100-byte buffer may not be sufficient for a custom locale.
For more information, see:
- https://nvd.nist.gov/vuln/detail/CVE-2025-25724
- c9bc934e7e
The patch added in [1] are still needed for this version bump.
For more details on the version bump, see the release notes:
- https://github.com/libarchive/libarchive/releases/tag/v3.7.8
- https://github.com/libarchive/libarchive/releases/tag/v3.7.9
[1] 9ac63a3360 package/libarchive: fix uclibc build with libiconv (again)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit fde0b3fe1c)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Fixes the following security issue:
- CVE-2025-2588: This vulnerability affects the function
re_case_expand of the file src/fa.c. The manipulation of the
argument re leads to null pointer dereference
For more information, see:
- https://nvd.nist.gov/vuln/detail/CVE-2025-2588
- af2aa88ab3
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
[Julien: add patch name in comment near _IGNORE_CVES]
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit c497e5fcc7)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The patch introduced in [1] that fixed the CVE-2024-0962 is now
available upstream in the 4.3.5 release [2].
This commit also updates the LICENSE file hash, after adding reference
to wolfSSL in [3].
For more details see the release note:
https://github.com/obgm/libcoap/blob/v4.3.5/ChangeLog
[1] 9002b818be package/libcoap: fix CVE-2024-0962
[2] 2b28d8b0e9
[3] e3a662a934
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
[Julien: fix LICENSE file hash]
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 4df4d1d312)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
No functional change, but bump for consistency.
The patch that was applied by Buildroot has been applied to gstreamer.
The kate plugin has disappeared from gstreamer.
The webp plugin now requires webp_mux to compile.
The webrtc plugin now requires to be compile with plugins dtls, sctp and
srtp.
For more details, see the release notes:
https://gstreamer.freedesktop.org/releases/1.24/
Signed-off-by: Thomas Bonnefille <thomas.bonnefille@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 90b3cfedf4)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Tested on QEMU using the qemu_m68k_q800_defconfig configuration, with a
switch of the toolchain to uclibc-ng and enabling rsyslog.
This patch addresses an issue where rsyslog’s pthread_cond_wait was
busy-looping due to futex_time64 repeatedly returning EINVAL. The
correction in NPTL alignment resolves the 100% CPU usage problem.
This patch is fixed upstream [1] so apply it until it is tagged.
[1]: 278ac6b30 ("m68k: fix alignment in NPTL code")
Signed-off-by: Jean-Michel Hautbois <jeanmichel.hautbois@yoseli.org>
[Julien:
- rename patch to 0002
- add "Upstream:" tag in patch to fix check-package error
- add "Signed-off-by:" in patch
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 53eae986a5)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
uClibc-ng unconditionally exposes a reallocarray() prototype, but only
provides the implementation when the malloc-standard implementation is
selected in the configuration.
As noMMU configurations can't use malloc-standard, they use malloc or
malloc-simple that don't provide reallocarray().
As a result of reallocarray() being missing, some packages such as
util-linux provide their own replacement implementation... but its
prototype clashes with the one provided by uClibc, causing build
failures such as:
In file included from lib/color-names.c:7:
./include/c.h:586:21: error: static declaration of ‘reallocarray’ follows non-static declaration
586 | static inline void *reallocarray(void *ptr, size_t nmemb, size_t size)
| ^~~~~~~~~~~~
In file included from ./include/c.h:16:
/home/thomas/projets/buildroot/output/host/arm-buildroot-uclinux-uclibcgnueabi/sysroot/usr/include/stdlib.h:898:14: note: previous declaration of ‘reallocarray’ with type ‘void *(void *, size_t, size_t)’ {aka ‘void *(void *, unsigned int, unsigned int)’}
898 | extern void *reallocarray (void *__ptr, size_t __m, size_t __n);
| ^~~~~~~~~~~~
make[3]: *** [Makefile:12354: lib/libtcolors_la-color-names.lo] Error 1
This is addressed by a patch on uClibc, submitted upstream, which
makes sure the prototype is only exposed when the implementation is
provided.
The issue can be reproduced with commands:
cat <<EOF >.config
BR2_arm=y
BR2_cortex_m4=y
BR2_TOOLCHAIN_BUILDROOT_UCLIBC=y
BR2_PACKAGE_UTIL_LINUX=y
BR2_PACKAGE_UTIL_LINUX_KILL=y
EOF
make olddefconfig
make util-linux
Fixes:
https://autobuild.buildroot.net/results/157aa82aa4cd57eacc4defe6cace16e464261e9a/ (RISC-V noMMU)
https://autobuild.buildroot.net/results/ce1a24c1465b82686ae375ac688a553fb65df5ea/ (ARM noMMU)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Julien: add commands to reproduce the issue in commit log]
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 01895663d3)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
glibc fails to build on RISC-V 32-bit with the ilp32f ABI and on
RISC-V 64-bit with the lp64f: both use single-point precision floating
point, which glibc doesn't support, failing during the configure step
with:
configure: error: glibc does not yet support the single floating-point ABI
Fix that by disabling glibc support on those configurations.
Fixes:
https://autobuild.buildroot.org/results/fe8d569cab507992978ef0da649278dd3a9e0b23/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 8292b8fb89)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Use the 'C' locale when retrieving the date of the last change using
'svn info' since the svn download helper script expect
"Last Changed Date" string.
If another locale is used, the 'date' is empty so the generated
archive (by mk_tar_gz) will not match the expected hash since
the file timestamp is not set properly.
If LANG=fr_FR.UTF-8 is defined in the host system, svn print some
"French encrypted" text:
eval svn --non-interactive --config-option servers:global:http-timeout=10 info ''\''https://svn.code.sf.net/p/xmlrpc-c/code/advanced@r3176'\'''
...
Date de la dernière modification: 2023-09-02 19:13:35 +0200 (sam. 02 sept. 2023)
diffoscope confirm that the file timestamp is not set correctly
in the generated archive:
$ diffoscope NOK/libxmlrpc-r3176-svn5.tar.gz OK/libxmlrpc-r3176-svn5.tar.gz
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 8d3b1781f6)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Fixes the following security issue:
CVE-2025-27091: OpenH264 Decoding Functions Heap Overflow Vulnerability
A vulnerability in the decoding functions of OpenH264 codec library could
allow a remote, unauthenticated attacker to trigger a heap overflow.
This vulnerability is due to a race condition between a Sequence Parameter
Set (SPS) memory allocation and a subsequent non Instantaneous Decoder
Refresh (non-IDR) Network Abstraction Layer (NAL) unit memory usage. An
attacker could exploit this vulnerability by crafting a malicious bitstream
and tricking a victim user into processing an arbitrary video containing the
malicious bitstream. An exploit could allow the attacker to cause an
unexpected crash in the victim's user decoding client and, possibly, perform
arbitrary commands on the victim's host by abusing the heap overflow.
https://github.com/cisco/openh264/security/advisories/GHSA-m99q-5j7x-7m9xhttps://github.com/cisco/openh264/releases/tag/2.5.1
The upstream tag now has no 'v' prefix, so drop it from _SITE.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit a7aeb5a46e)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
23.2.5 fixes the following security issues:
1) CVE-2024-31080: Heap buffer overread/data leakage in ProcXIGetSelectedEvents
Introduced in: xorg-server-1.7.0 (2009)
Fixed in: xorg-server-21.1.12 and xwayland-23.2.5
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/96798fc1967491c80a4d0
Found by: Alan Coopersmith of Oracle Solaris, while investigating
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=69762
The ProcXIGetSelectedEvents() function uses the byte-swapped length of the
return data for the amount of data to return to the client, if the client
has a different endianness than the X server.
2) CVE-2024-31081: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice
Introduced in: xorg-server-1.7.0 (2009)
Fixed in: xorg-server-21.1.12 and xwayland-23.2.5
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/3e77295f888c67fc7645d
Found by: Alan Coopersmith of Oracle Solaris
The ProcXIPassiveGrabDevice() function uses the byte-swapped length of the
return data for the amount of data to return to the client, if the client
has a different endianness than the X server.
3) CVE-2024-31083: User-after-free in ProcRenderAddGlyphs
Introduced in: prior to X11R6.7 (2004)
Fixed in: xorg-server-21.1.12 and xwayland-23.2.5
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/bdca6c3d1f5057eeb3160
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
The ProcRenderAddGlyphs() function calls the AllocateGlyph() function
to store new glyphs sent by the client to the X server. AllocateGlyph()
would return a new glyph with refcount=0 and a re-used glyph would end up
not changing the refcount at all. The resulting glyph_new array would thus
have multiple entries pointing to the same non-refcounted glyphs.
ProcRenderAddGlyphs() may free a glyph, resulting in a use-after-free when
the same glyph pointer is then later used.
https://lists.x.org/archives/xorg-announce/2024-April/003497.html
24.1.4 fixes the following security issues:
1) CVE-2024-9632: Heap-based buffer overflow privilege escalation in
_XkbSetCompatMap
Introduced in: xorg-server-1.1.1 (2006)
Fixed in: xorg-server-21.1.14 and xwayland-24.1.4
Fix:
85b7765714
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
The _XkbSetCompatMap() function attempts to resize the `sym_interpret`
buffer.
However, It didn't update its size properly. It updated `num_si` only,
without updating `size_si`.
This may lead to local privilege escalation if the server is run as root
or remote code execution (e.g. x11 over ssh).
xorg-server-21.1.14 and xwayland-24.1.4 have been patched to fix this issue.
https://lists.x.org/archives/xorg-announce/2024-October/003545.html
24.1.6 fixes the following security issues:
1) CVE-2025-26594: Use-after-free of the root cursor
Introduced in: Unknown - Prior to X11R6.6 Xorg baseline
Fixed in: xorg-server-21.1.16 and xwayland-24.1.6
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/01642f26https://gitlab.freedesktop.org/xorg/xserver/-/commit/b0a09ba6
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
The root cursor is referenced in the xserver as a global variable. If
a client manages to free the root cursor, the internal reference points
to freed memory and causes a use-after-free.
xorg-server-21.1.16 and xwayland-24.1.6 have been patched to fix this issue.
2) CVE-2025-26595: Buffer overflow in XkbVModMaskText()
Introduced in: Prior to X11R6.1
Fixed in: xorg-server-21.1.16 and xwayland-24.1.6
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/11fcda87
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
The code in XkbVModMaskText() allocates a fixed sized buffer on the
stack and copies the names of the virtual modifiers to that buffer.
The code however fails to check the bounds of the buffer correctly and
would copy the data regardless of the size, which may lead to a buffer
overflow.
xorg-server-21.1.16 and xwayland-24.1.6 have been patched to fix this issue.
3) CVE-2025-26596: Heap overflow in XkbWriteKeySyms()
Introduced in: initial version of xc/programs/Xserver/xkb/xkb.c in X11R6
Fixed in: xorg-server-21.1.16 and xwayland-24.1.6
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/80d69f01
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
The computation of the length in XkbSizeKeySyms() differs from what is
actually written in XkbWriteKeySyms(), which may lead to a heap based
buffer overflow.
xorg-server-21.1.16 and xwayland-24.1.6 have been patched to fix this issue.
4) CVE-2025-26597: Buffer overflow in XkbChangeTypesOfKey()
Introduced in: X11R6.1
Fixed in: xorg-server-21.1.16 and xwayland-24.1.6
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/0e4ed949
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
If XkbChangeTypesOfKey() is called with 0 group, it will resize the key
symbols table to 0 but leave the key actions unchanged.
If later, the same function is called with a non-zero value of groups,
this will cause a buffer overflow because the key actions are of the wrong
size.
5) CVE-2025-26598: Out-of-bounds write in CreatePointerBarrierClient()
Introduced in: xorg-server-1.14.0
Fixed in: xorg-server-21.1.16 and xwayland-24.1.6
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/bba9df1a
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
The function GetBarrierDevice() searches for the pointer device based on
its device id and returns the matching value, or supposedly NULL if no
match was found.
However the code will return the last element of the list if no matching
device id was found which can lead to out of bounds memory access.
6) CVE-2025-26599: Use of uninitialized pointer in compRedirectWindow()
Introduced in: Xorg 6.8.0.
Fixed in: xorg-server-21.1.16 and xwayland-24.1.6
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/c1ff84behttps://gitlab.freedesktop.org/xorg/xserver/-/commit/b07192a8
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
The function compCheckRedirect() may fail if it cannot allocate the backing
pixmap. In that case, compRedirectWindow() will return a BadAlloc error
without the validation of the window tree marked just before, which leaves
the validate data partly initialized, and the use of an uninitialized pointer
later.
7) CVE-2025-26600: Use-after-free in PlayReleasedEvents()
Introduced in: X11R5
Fixed in: xorg-server-21.1.16 and xwayland-24.1.6
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/6e0f332b
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
When a device is removed while still frozen, the events queued for that
device remain while the device itself is freed and replaying the events
will cause a use after free.
8) CVE-2025-26601: Use-after-free in SyncInitTrigger()
Introduced in: X11R6
Fixed in: xorg-server-21.1.16 and xwayland-24.1.6
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/16a1242dhttps://gitlab.freedesktop.org/xorg/xserver/-/commit/f52cea2fhttps://gitlab.freedesktop.org/xorg/xserver/-/commit/8cbc90c8https://gitlab.freedesktop.org/xorg/xserver/-/commit/c2857989
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
When changing an alarm, the values of the change mask are evaluated one
after the other, changing the trigger values as requested and eventually,
SyncInitTrigger() is called.
If one of the changes triggers an error, the function will return early,
not adding the new sync object.
This can be used to cause a use after free when the alarm eventually
triggers.
https://lists.x.org/archives/xorg-announce/2025-February/003584.html
Drop now removed xwayland_eglstream option:
701284f057
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 57d2bdb123)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Commit f2a862fe60 (package/dillo: move to github) changed the source
site for the Dillo package. This change introduced a trailing slash at
the end of the URL.
This cause an error when running `make show-info` with `BR2_PACKAGE_DILLO=y`:
```
package/dillo/dillo.mk:46: *** DILLO_SITE (https://github.com/dillo-browser/dillo/releases/download/v3.0.5/) cannot have a trailing slash. Stop.
```
This commit removes the trailing slash.
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit a3b4ae2eac)
Fixes the following security issues:
- CVE-2024-24258: freeglut 3.4.0 was discovered to contain a memory leak
via the menuEntry variable in the glutAddSubMenu function.
- CVE-2024-24259: freeglut through 3.4.0 was discovered to contain a
memory leak via the menuEntry variable in the glutAddMenuEntry
function.
https://nvd.nist.gov/vuln/detail/CVE-2024-24258https://nvd.nist.gov/vuln/detail/CVE-2024-24259
The CVEs are not technically reported for the libfreeglut package
itself (which doesn't have a CPE identifier) but for mupdf.
Note that mudpf provides its own (old) version of freeglut, but our
mupdf package uses the Buildroot-provided freeglut (which now contains
the fix).
It also has to be noted that a more recent release of libfreeglut
exists upstream, and it fixes the same CVEs. Bumping our package
version however requires more work that can be done separately.
Including this patch first also has the advantage that it can easily
be backported wherever it's needed.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
(cherry picked from commit 0f4fef076f)
FreeRDP fails to build on newer gcc:
/freerdp-2.11.7/libfreerdp/core/info.c:88:39: error: initialization of 'const WCHAR *' {aka 'const short unsigned int *'} from incompatible pointer type 'BYTE *' {aka 'unsigned char *'} [-Wincompatible-pointer-types]
88 | const WCHAR* domain = Stream_Pointer(s);
| ^~~~~~~~~~~~~~
There is a patch upstream [0] to fix that one, but then another similar
build failure triggers, which is also fixed upstream, but then a third
failre triggers, again fixed upstream [2], but then...
FreeRDP 2.x has been kinda discontinued, and the new stable is 3.x.
However, bumping to 3.x looks like a huge leap.
So, rather than backport, just bump to the latest commit on the
stable-2.0 branch, which carries 12 non-merge commits with build fixes:
562ae3588 [winpr,pubsub] add NULL parameter checks
68c7c21b9 X11 client: ignore grab related LeaveNotify events
a9deecc99 fix [core]: 'invalid hHandle' errors
052c525e0 [core] eliminate rdpRdp::instance
be23ed4ba [server,proxy] deactivate capture module
5b2b53b15 [warnings] fix -Wincompatible-pointer-types
67818bddb [client,wayland] fix const correctness
d2b6771c7 X11: fix pointer/integer type mismatch
[2] 7894a7dfc redirection: Fix incompatible pointer type
[1] f3ed1f1ac redirection: Fix incompatible pointer type
[0] 4f411197d info: Fix incompatible pointer type
a383740a2 next-dev-2.11.8-dev
Fixes:
http://autobuild.buildroot.org/results/e1b/e1b95b4fb0005d4e933b027b508cec9ad510bd73/http://autobuild.buildroot.org/results/ba0/ba0beae13e1be2573878ee50b1566f4427b269a3/
...
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 15f15cfe01)
The libcap Makefile is hand-coded (i.e. not autotools), and hard-codes
calls to /sbin/ldconfig, unless it is installed out-of-tree. For target
packages, this is done, but for host package this is not done, as we
do set PREFIX instead, which causes libcap's Makefile to call ldconfig
and emits a spurious warning (twice):
install -m 0755 libcap.so.2.73 /home/ymorin/dev/buildroot/O/master/per-package/host-libcap/host/lib/libcap.so.2.73
ln -sf libcap.so.2.73 /home/ymorin/dev/buildroot/O/master/per-package/host-libcap/host/lib/libcap.so.2
ln -sf libcap.so.2 /home/ymorin/dev/buildroot/O/master/per-package/host-libcap/host/lib/libcap.so
/sbin/ldconfig
/sbin/ldconfig: Can't create temporary cache file /etc/ld.so.cache~: Permission denied
make[4]: [Makefile:200: install-shared-cap] Error 1 (ignored)
This is just a warning, but it is incorrect still.
Fake an out-of-tree install with a non-empy DESTDIR that is just '/',
and thus does in fact not install out-of-tree. This is enough to
actually silence the warning. Add a little comment to explain that.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Bernd Kuhls <bernd@kuhls.net>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit e172bb48d3)
Since upstream commit [1] the original v4l2loopback-ctl bash script was
replaced by a C version, so add a proper compile step (and remove bash
runtime dependency) to fix '[help] v4l2loopback package build fails for
raspberrypi5' [2].
The issue can be reproduced with the commands:
cat <<EOF >.config
BR2_aarch64=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_USE_ARCH_DEFAULT_CONFIG=y
BR2_PACKAGE_V4L2LOOPBACK=y
BR2_PACKAGE_V4L2LOOPBACK_UTILS=y
EOF
make olddefconfig
make v4l2loopback
Note: upstream commit [1] was introduced in version v0.13.0.
Buildroot bumped v4l2loopback to v0.13.2 in [3].
Fixes:
/usr/bin/install: cannot stat
'.../build/v4l2loopback-0.13.2/utils/v4l2loopback-ctl':
No such file or directory
[1] 33922fa4e9
[2] https://lists.busybox.net/pipermail/buildroot/2025-March/775911.html
[3] 02540771bc
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[Julien:
- add commands to reproduce the issue
- add reference to buildroot commit introducing the issue
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 5d85d23e16)
This is a corrective release over GDB 16.1, fixing the following issues:
PR build/32578 (cannot build GDB 16.1 out of tree when calling the configure script with a relative path)
PR tui/32592 ([gdb/tui] internal error in tui-winsource.c:340:refresh_window)
PR remote/32593 (Incompatibilities between GDB's and LLDB's 'x' packet implementation)
PR build/32610 (Missing #include file in darwin_nat.c)
None of which is really super important for Buildroot, but at least
we're using the latest without wondering why we're not.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 0a5a0772c2)
21.1.14 fixes the following security issues:
1) CVE-2024-9632: Heap-based buffer overflow privilege escalation in
_XkbSetCompatMap
Introduced in: xorg-server-1.1.1 (2006)
Fixed in: xorg-server-21.1.14 and xwayland-24.1.4
Fix:
85b7765714
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
The _XkbSetCompatMap() function attempts to resize the `sym_interpret`
buffer.
However, It didn't update its size properly. It updated `num_si` only,
without updating `size_si`.
This may lead to local privilege escalation if the server is run as root
or remote code execution (e.g. x11 over ssh).
xorg-server-21.1.14 and xwayland-24.1.4 have been patched to fix this issue.
https://lists.x.org/archives/xorg-announce/2024-October/003545.htmlhttps://lists.x.org/archives/xorg-announce/2024-October/003546.html
21.1.16 fixes the following security issues:
1) CVE-2025-26594: Use-after-free of the root cursor
Introduced in: Unknown - Prior to X11R6.6 Xorg baseline
Fixed in: xorg-server-21.1.16 and xwayland-24.1.6
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/01642f26https://gitlab.freedesktop.org/xorg/xserver/-/commit/b0a09ba6
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
The root cursor is referenced in the xserver as a global variable. If
a client manages to free the root cursor, the internal reference points
to freed memory and causes a use-after-free.
xorg-server-21.1.16 and xwayland-24.1.6 have been patched to fix this issue.
2) CVE-2025-26595: Buffer overflow in XkbVModMaskText()
Introduced in: Prior to X11R6.1
Fixed in: xorg-server-21.1.16 and xwayland-24.1.6
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/11fcda87
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
The code in XkbVModMaskText() allocates a fixed sized buffer on the
stack and copies the names of the virtual modifiers to that buffer.
The code however fails to check the bounds of the buffer correctly and
would copy the data regardless of the size, which may lead to a buffer
overflow.
xorg-server-21.1.16 and xwayland-24.1.6 have been patched to fix this issue.
3) CVE-2025-26596: Heap overflow in XkbWriteKeySyms()
Introduced in: initial version of xc/programs/Xserver/xkb/xkb.c in X11R6
Fixed in: xorg-server-21.1.16 and xwayland-24.1.6
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/80d69f01
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
The computation of the length in XkbSizeKeySyms() differs from what is
actually written in XkbWriteKeySyms(), which may lead to a heap based
buffer overflow.
xorg-server-21.1.16 and xwayland-24.1.6 have been patched to fix this issue.
4) CVE-2025-26597: Buffer overflow in XkbChangeTypesOfKey()
Introduced in: X11R6.1
Fixed in: xorg-server-21.1.16 and xwayland-24.1.6
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/0e4ed949
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
If XkbChangeTypesOfKey() is called with 0 group, it will resize the key
symbols table to 0 but leave the key actions unchanged.
If later, the same function is called with a non-zero value of groups,
this will cause a buffer overflow because the key actions are of the wrong
size.
5) CVE-2025-26598: Out-of-bounds write in CreatePointerBarrierClient()
Introduced in: xorg-server-1.14.0
Fixed in: xorg-server-21.1.16 and xwayland-24.1.6
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/bba9df1a
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
The function GetBarrierDevice() searches for the pointer device based on
its device id and returns the matching value, or supposedly NULL if no
match was found.
However the code will return the last element of the list if no matching
device id was found which can lead to out of bounds memory access.
6) CVE-2025-26599: Use of uninitialized pointer in compRedirectWindow()
Introduced in: Xorg 6.8.0.
Fixed in: xorg-server-21.1.16 and xwayland-24.1.6
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/c1ff84behttps://gitlab.freedesktop.org/xorg/xserver/-/commit/b07192a8
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
The function compCheckRedirect() may fail if it cannot allocate the backing
pixmap. In that case, compRedirectWindow() will return a BadAlloc error
without the validation of the window tree marked just before, which leaves
the validate data partly initialized, and the use of an uninitialized pointer
later.
7) CVE-2025-26600: Use-after-free in PlayReleasedEvents()
Introduced in: X11R5
Fixed in: xorg-server-21.1.16 and xwayland-24.1.6
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/6e0f332b
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
When a device is removed while still frozen, the events queued for that
device remain while the device itself is freed and replaying the events
will cause a use after free.
8) CVE-2025-26601: Use-after-free in SyncInitTrigger()
Introduced in: X11R6
Fixed in: xorg-server-21.1.16 and xwayland-24.1.6
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/16a1242dhttps://gitlab.freedesktop.org/xorg/xserver/-/commit/f52cea2fhttps://gitlab.freedesktop.org/xorg/xserver/-/commit/8cbc90c8https://gitlab.freedesktop.org/xorg/xserver/-/commit/c2857989
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
When changing an alarm, the values of the change mask are evaluated one
after the other, changing the trigger values as requested and eventually,
SyncInitTrigger() is called.
If one of the changes triggers an error, the function will return early,
not adding the new sync object.
This can be used to cause a use after free when the alarm eventually
triggers.
https://lists.x.org/archives/xorg-announce/2025-February/003584.htmlhttps://lists.x.org/archives/xorg-announce/2025-February/003585.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 65be2c6ac0)
Since Buildroot commit [1], the test_gstreamer1 runtime test is
failing to build the tesseract-ocr package. The root cause is that
the test uses the default arm external toolchain, which is the Linaro
ARM 2018.05 based on gcc 7.3.1.
Since [1], tesseract-orc no longer compiles with gcc 7 (it requires at
least gcc 8).
This commit fixes the issue by switching the toolchain to the
bootlin versions (based on gcc 14 at the time of this commit).
Also, changing the compiler version slightly slowed down the video
encoding. This commit also increases the encoding command timeout.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/9407846232
[1] f32da8b984
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 356c70677c)
Since Buildroot commit [1] tesseract-ocr fails to build with gcc 7,
with error:
src/api/baseapi.cpp:67:10: fatal error: filesystem: No such file or directory
#include <filesystem> // for std::filesystem
^~~~~~~~~~~~
In Buildroot, tesseract-ocr has a C++17 requirement captured as
gcc >= 7. Gcc 7 has only a partial and experimental C++17 support,
which was sufficient, prior [1].
The tesseract-ocr upstream commit [2] introduced a usage of
std::filesystem. This commit is included in version 5.5.0,
bumped in [1].
The C++17 with std::filesystem support was introduced in gcc 8.1.
See [3].
This commit fixes the issue by raising the gcc version requirement to
8.x.
Fixes: f32da8b984
[1] f32da8b984
[2] 4e42f9de54
[3] https://gcc.gnu.org/gcc-8/changes.html#libstdcxx
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 22ffdea9e6)
The busybox date applet accepts the following:
date @1234567
but this confuses the coreutils version which doesn't implicitly set
time. As some tests might need coreutils binaries we should ensure the
emulator login will work with both. Fix this by passing the -s (set)
option to the command.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit bfb490799e)
When time comes to check certificates, the date and time in the emulated
machine should be close enough to the actual values, so that certificate
validity can be checked.
Some Qemu machines have an RTC (e.g. arm vexpress-a9 has a pl031), and
the kernel needs a driver for those RTC. It is not guaranteed that the
machine used for a test meets those two conditions; in such a case, the
time in the machine starts way back in the past (1970-01-01T00:00:00Z on
sysv, or the release date of systemd). This is the case with the default
kernel, so such tests do not have the proper time.
Set the date to the date of the host system. This is going to be accurate
to the second, which is, by far, enough for our purpose.
To avoid having to consider what combination of emulated machine and kernel
configuration are being used, we always set the date, as this is a
generic step that should be done by the infra (like login in as root is).
The Emulator() class doesn't inherit from unittest.TestCase, so we can't
call any of the usual self.assertXXX() methods; instead, we just raise
a standard exception, like is done a few lines above to detect the login
prompt.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Ricardo Martincoski <ricardo.martincoski@datacom.com.br>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit cf8641b73e)
Add the LTS sponsors who engaged already for 2025: EVS, Open Home
Foundation, and Sense Labs. There is one more sponsor but they prefer to
remain anonymous.
For Open Home Foundation, we can reuse the existing logo. For the other
two, add their logo.
Add a new class panel-lts-sponsor for sizing the panels. It is different
from panel-sponsor because there doesn't need to be space for an
explanation of what type of sponsorship is done, we just need to have
space for the company name. So the minimum height is 200px instead of
350px.
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit b111e07fd5)
The Open Home Foundation logo is in a white area that is too large for
how we display it on the sponsors page. As a result, it ends up at the
bottom of the logo area and it looks very unbalanced.
Crop the logo to a tigher area. Since it is going to end up being
scaled, it's difficult to predict what the best size it is, but cropping
at a height of 300 pixels gives a visually pleasing layout at at least
some resolutions.
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit e287bc7f44)
Patch has been on upstream main for close to 2 years.
The "uint" use was introduced with [1] and [2], released with
mesa3d-demos 9.0.0 from March 2023, and added to Buildroot with commit
80304d9911 "package/mesa3d-demos: bump version to 9.0.0". The affected
code is built only if Wayland and Vulkan support are enabled, that is:
BR2_PACKAGE_LIBDECOR=y
BR2_PACKAGE_VULKAN_LOADER=y
BR2_PACKAGE_WAYLAND=y
[1] 813ebef767
[2] 5aaa7faeb4
Signed-off-by: Fiona Klute (WIWA) <fiona.klute@gmx.de>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit cf4f2f858d)
Vulkan support in mesa3d-demos requires vulkan-loader. Without an
explicit config flag it is autodetected, and may or may not be enabled
depending on build order, leading to unpredictable results.
Fix this by explicitly enabling Vulkan support and depending on
vulkan-loader if BR2_PACKAGE_VULKAN_LOADER=y, and disabling Vulkan
support otherwise.
Signed-off-by: Fiona Klute (WIWA) <fiona.klute@gmx.de>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 7a55e82cb8)
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[Julien: rebase patch after merge of next branch]
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 76f9e5dede)
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[Julien: rebase patch after merge of next branch]
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 03cda9370f)
Enabling BR2_PACKAGE_LINUX_TOOLS_SELFTESTS (on rock5b_defconfig,
which uses kernel 6.12 at the time of writing), results in:
make[1]: Leaving directory '/br/output/build/linux-endpoint-test/tools/testing/selftests'
ERROR: architecture for "/usr/lib/kselftests/tc-testing/action-ebpf" is "Linux BPF", should be "AArch64"
make: *** [package/pkg-generic.mk:402: /br/output/build/linux-tools/.stamp_installed] Error 1
To solve this, add /usr/lib/kselftests/tc-testing/ to
LINUX_TOOLS_BIN_ARCH_EXCLUDE.
Signed-off-by: Niklas Cassel <cassel@kernel.org>
Acked-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 3a03cb2ad6)
support/scripts/check-bin-arch has an option -i to exclude a path
(or many paths by using -i multiple times).
This was implemented in commit 01d90f0d09 ("spport/check-bin-arch:
accept arbitrary per-package ignore paths").
Looking at this feature (which hasn't changed since being added),
we can see that check-bin-arch automatically adds a trailing slash
to all entries specified using -i.
Thus, specifying a path to a file, e.g.
"/usr/libexec/perf-core/tests/pe-file.exe" will cause check-bin-arch
to add "/usr/libexec/perf-core/tests/pe-file.exe/" to the IGNORES array.
When running the main loop, the file
"/usr/libexec/perf-core/tests/pe-file.exe" will thus not be ignored,
since it will not trigger a match the pattern that was added to the
IGNORES array ("/usr/libexec/perf-core/tests/pe-file.exe/").
This means that the -i option in check-bin-arch only supports directories
and not files.
Fix the LINUX_TOOLS_BIN_ARCH_EXCLUDE in
package/linux-tools/linux-tool-perf.mk.in to specify a directory, as the
existing LINUX_TOOLS_BIN_ARCH_EXCLUDE can never have actually worked.
Fixes: a7ad781626 ("package/linux-tools: Exclude checking PE binaries from perf test")
Signed-off-by: Niklas Cassel <cassel@kernel.org>
Acked-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 4d7292675a)
Due to how menuconfig works, a 'comment' entry following a 'config' entry
prevents correct indentation of items depending on the 'config'
entry. xilinx-embeddedsw currently shows as:
[*] xilinx-embeddedsw
*** xilinx-embeddedsw needs a bare metal toolchain for tuple microblazeel-xilinx-elf ***
(xilinx_v2024.2) xilinx-embeddedsw version (NEW)
[ ] versal plm (NEW)
[ ] versal psmfw (NEW)
[ ] zynqmp pmufw (NEW)
[ ] xilinx-prebuilt
So the 'versal *' and 'zynqmp pmufw' items are not indented even though
they should be.
Do like most other Config.in files which have the 'comment' before the
'config' entry, makeing it render as expected:
*** xilinx-embeddedsw needs a bare metal toolchain for tuple microblazeel-xilinx-elf ***
[*] xilinx-embeddedsw
(xilinx_v2024.2) xilinx-embeddedsw version (NEW)
[ ] versal plm (NEW)
[ ] versal psmfw (NEW)
[ ] zynqmp pmufw (NEW)
[ ] xilinx-prebuilt
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Reviewed-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 088808ccc7)
This is in the mainline kernel since v5.1-rc3:
9c38f1f04408 ("kconfig/[mn]conf: handle backspace (^H) key")
Quoting the commit's log:
"
Backspace is not working on some terminal emulators which do not send the
key code defined by terminfo. Terminals either send '^H' (8) or '^?' (127).
But currently only '^?' is handled. Let's also handle '^H' for those
terminals.
"
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit d65c10c20a)
# Do not remove! Following checks are required to ensure correct TF-A builds, removing these checks leads to broken TF-A builds
$(if $(value MV_DDR_PATH),,$(error "Platform '$(PLAT)' for BLE requires MV_DDR_PATH. Please set MV_DDR_PATH to point to the right directory"))
$(if $(wildcard $(value MV_DDR_PATH)/*),,$(error "'MV_DDR_PATH=$(value MV_DDR_PATH)' was specified, but '$(value MV_DDR_PATH)' directory does not exist"))
- $(if $(shell git -C $(value MV_DDR_PATH) rev-parse --show-cdup 2>&1),$(error "'MV_DDR_PATH=$(value MV_DDR_PATH)' was specified, but '$(value MV_DDR_PATH)' does not contain valid mv-ddr-marvell git repository"))
# Do not remove! Following checks are required to ensure correct TF-A builds, removing these checks leads to broken TF-A builds
$(if $(value MV_DDR_PATH),,$(error "Platform '$(PLAT)' for BLE requires MV_DDR_PATH. Please set MV_DDR_PATH to point to the right directory"))
$(if $(wildcard $(value MV_DDR_PATH)/*),,$(error "'MV_DDR_PATH=$(value MV_DDR_PATH)' was specified, but '$(value MV_DDR_PATH)' directory does not exist"))
- $(if $(shell git -C $(value MV_DDR_PATH) rev-parse --show-cdup 2>&1),$(error "'MV_DDR_PATH=$(value MV_DDR_PATH)' was specified, but '$(value MV_DDR_PATH)' does not contain valid mv-ddr-marvell git repository"))
# Do not remove! Following checks are required to ensure correct TF-A builds, removing these checks leads to broken TF-A builds
$(if $(value MV_DDR_PATH),,$(error "Platform '$(PLAT)' for BLE requires MV_DDR_PATH. Please set MV_DDR_PATH to point to the right directory"))
$(if $(wildcard $(value MV_DDR_PATH)/*),,$(error "'MV_DDR_PATH=$(value MV_DDR_PATH)' was specified, but '$(value MV_DDR_PATH)' directory does not exist"))
- $(if $(shell git -C $(value MV_DDR_PATH) rev-parse --show-cdup 2>&1),$(error "'MV_DDR_PATH=$(value MV_DDR_PATH)' was specified, but '$(value MV_DDR_PATH)' does not contain valid mv-ddr-marvell git repository"))
# Do not remove! Following checks are required to ensure correct TF-A builds, removing these checks leads to broken TF-A builds
$(if $(value MV_DDR_PATH),,$(error "Platform '$(PLAT)' for BLE requires MV_DDR_PATH. Please set MV_DDR_PATH to point to the right directory"))
$(if $(wildcard $(value MV_DDR_PATH)/*),,$(error "'MV_DDR_PATH=$(value MV_DDR_PATH)' was specified, but '$(value MV_DDR_PATH)' directory does not exist"))
- $(if $(shell git -C $(value MV_DDR_PATH) rev-parse --show-cdup 2>&1),$(error "'MV_DDR_PATH=$(value MV_DDR_PATH)' was specified, but '$(value MV_DDR_PATH)' does not contain valid mv-ddr-marvell git repository"))
# Do not remove! Following checks are required to ensure correct TF-A builds, removing these checks leads to broken TF-A builds
$(if $(value MV_DDR_PATH),,$(error "Platform '$(PLAT)' for BLE requires MV_DDR_PATH. Please set MV_DDR_PATH to point to the right directory"))
$(if $(wildcard $(value MV_DDR_PATH)/*),,$(error "'MV_DDR_PATH=$(value MV_DDR_PATH)' was specified, but '$(value MV_DDR_PATH)' directory does not exist"))
- $(if $(shell git -C $(value MV_DDR_PATH) rev-parse --show-cdup 2>&1),$(error "'MV_DDR_PATH=$(value MV_DDR_PATH)' was specified, but '$(value MV_DDR_PATH)' does not contain valid mv-ddr-marvell git repository"))
# Do not remove! Following checks are required to ensure correct TF-A builds, removing these checks leads to broken TF-A builds
$(if $(value MV_DDR_PATH),,$(error "Platform '$(PLAT)' for BLE requires MV_DDR_PATH. Please set MV_DDR_PATH to point to the right directory"))
$(if $(wildcard $(value MV_DDR_PATH)/*),,$(error "'MV_DDR_PATH=$(value MV_DDR_PATH)' was specified, but '$(value MV_DDR_PATH)' directory does not exist"))
- $(if $(shell git -C $(value MV_DDR_PATH) rev-parse --show-cdup 2>&1),$(error "'MV_DDR_PATH=$(value MV_DDR_PATH)' was specified, but '$(value MV_DDR_PATH)' does not contain valid mv-ddr-marvell git repository"))
# Do not remove! Following checks are required to ensure correct TF-A builds, removing these checks leads to broken TF-A builds
$(if $(value MV_DDR_PATH),,$(error "Platform '$(PLAT)' for BLE requires MV_DDR_PATH. Please set MV_DDR_PATH to point to the right directory"))
$(if $(wildcard $(value MV_DDR_PATH)/*),,$(error "'MV_DDR_PATH=$(value MV_DDR_PATH)' was specified, but '$(value MV_DDR_PATH)' directory does not exist"))
- $(if $(shell git -C $(value MV_DDR_PATH) rev-parse --show-cdup 2>&1),$(error "'MV_DDR_PATH=$(value MV_DDR_PATH)' was specified, but '$(value MV_DDR_PATH)' does not contain valid mv-ddr-marvell git repository"))
# Do not remove! Following checks are required to ensure correct TF-A builds, removing these checks leads to broken TF-A builds
$(if $(value MV_DDR_PATH),,$(error "Platform '$(PLAT)' for BLE requires MV_DDR_PATH. Please set MV_DDR_PATH to point to the right directory"))
$(if $(wildcard $(value MV_DDR_PATH)/*),,$(error "'MV_DDR_PATH=$(value MV_DDR_PATH)' was specified, but '$(value MV_DDR_PATH)' directory does not exist"))
- $(if $(shell git -C $(value MV_DDR_PATH) rev-parse --show-cdup 2>&1),$(error "'MV_DDR_PATH=$(value MV_DDR_PATH)' was specified, but '$(value MV_DDR_PATH)' does not contain valid mv-ddr-marvell git repository"))
# Do not remove! Following checks are required to ensure correct TF-A builds, removing these checks leads to broken TF-A builds
$(if $(value MV_DDR_PATH),,$(error "Platform '$(PLAT)' for BLE requires MV_DDR_PATH. Please set MV_DDR_PATH to point to the right directory"))
$(if $(wildcard $(value MV_DDR_PATH)/*),,$(error "'MV_DDR_PATH=$(value MV_DDR_PATH)' was specified, but '$(value MV_DDR_PATH)' directory does not exist"))
- $(if $(shell git -C $(value MV_DDR_PATH) rev-parse --show-cdup 2>&1),$(error "'MV_DDR_PATH=$(value MV_DDR_PATH)' was specified, but '$(value MV_DDR_PATH)' does not contain valid mv-ddr-marvell git repository"))
# Do not remove! Following checks are required to ensure correct TF-A builds, removing these checks leads to broken TF-A builds
$(if $(value MV_DDR_PATH),,$(error "Platform '$(PLAT)' for BLE requires MV_DDR_PATH. Please set MV_DDR_PATH to point to the right directory"))
$(if $(wildcard $(value MV_DDR_PATH)/*),,$(error "'MV_DDR_PATH=$(value MV_DDR_PATH)' was specified, but '$(value MV_DDR_PATH)' directory does not exist"))
- $(if $(shell git -C $(value MV_DDR_PATH) rev-parse --show-cdup 2>&1),$(error "'MV_DDR_PATH=$(value MV_DDR_PATH)' was specified, but '$(value MV_DDR_PATH)' does not contain valid mv-ddr-marvell git repository"))
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
