[pull] master from buildroot:master #845
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The new target provides a convenient way to run utils/check-package on
any external trees, using .checkpackageignore files from the
respective trees if present.
While .checkpackageignore should be used as little as possible, in a
few cases adding overrides for false-positives to the affected files
is not feasible, a practical example of this is a Markdown file
misidentified as Python by libmagic (likely due to code blocks).
Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
[Arnout: set ${ignore} explicitly to empty, in case it exists in the
environment.]
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
Drop all local patches that are committed to github benetti-engineering repositories. Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com> Acked-by: Kris Bahnsen <Kris@embeddedTS.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Arm Trusted Firmware (TF-A) can be used to load U-Boot or another bootloader, which in turn loads the Linux kernel. However, TF-A is capable of loading the kernel directly. To this end, we need to define the BL33 and BL33_CFG compile options containing, respectively, the zImage and the DTB. This config introduces a new config option, BR2_TARGET_ARM_TRUSTED_FIRMWARE_LINUX_AS_BL33, which sets the BL33 and BL33_CFG parameters, and ensures that the kernel is built before the TF-A by having linux as a _DEPENDENCY of the TF-A. Signed-off-by: Jakob Kastelic <kastelic.jakob@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Backport a fix to support python 3.14 [1]. depot-tools is used to build flutter package but it doesn't run due to deprecated ast.Str et al. (since Py3.8) that was removed from python 3.14. Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/12944797062 [1] https://chromium.googlesource.com/chromium/tools/depot_tools/+/80d6ca1b1ac55fbd9dd8f506417824591251b8eb Cc: Adam Duskett <adam.duskett@amarulasolutions.com> Signed-off-by: Romain Naour <romain.naour@smile.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
mpg123 supports (and prefers) SDL2 as well for the sdl backends since 1.26.9 with: madebr/mpg123@792615f So support that here as well. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
According to the official requirements, bindgen needs libclang to parse C/C++ headers. libclang is loaded at runtime by bindgen, which is why we didn't notice any build issue. However, using bindgen on a simple header file blows up: thread 'main' panicked at bindgen/lib.rs:616:27: Unable to find libclang: "couldn't find any valid shared libraries matching: ['libclang.so', 'libclang-*.so', 'libclang.so.*', 'libclang-*.so.*'], s et the `LIBCLANG_PATH` environment variable to a path where one of these files can be found (invalid: [])" note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace So far, bindgen was only used by mesa3d, and it turns out that mesa3d also depends on clang, which pulls in host-clang, so the problem was not visible. However, as we're about to use bindgen for other things (namely Rust support in Linux), this issue needs to be fixed. See: https://rust-lang.github.io/rust-bindgen/requirements.html Signed-off-by: El Mehdi YOUNES <elmehdi.younes@smile.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Patch 0001 has the upstream information, just not properly formatted, so we fix this. Signed-off-by: Bernd Kuhls <bernd@kuhls.net> [Thomas: extracted from a bigger patch from Bernd] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Backport two upstream patches to fix build errors introduced by the bump of gcc to 14.x. Fixes: https://autobuild.buildroot.net/results/af6/af65e6386439098ddf706ca43e99320cf5e9fd80/ Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
https://github.com/rurban/safeclib/blob/v3.9.1/ChangeLog Removed backports from patches 0001 & 0002. Removed patch 0003 which is included in this release. Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
While `docker:docker` is not marked as deprecated by NVD after a scan through the CVEs the last entry for `docker:docker` is CVE-2022-34883 [1]. Replacing this tuple with `mobyproject:moby` that is referenced in the upstream project GHSA [2]. The last entry for this CPE is CVE-2025-54410 [3]. Note: Quoting [4], "Moby is an open framework created by Docker to assemble specialized container systems without reinventing the wheel". The old github URL [5] redirects to [6]. [1] https://nvd.nist.gov//vuln/detail/CVE-2023-5166 [2] https://github.com/moby/moby/security/advisories [3] https://nvd.nist.gov//vuln/detail/CVE-2025-54410 [4] https://mobyproject.org/ [5] https://github.com/docker/docker [6] https://github.com/moby/moby Signed-off-by: Thomas Perale <thomas.perale@mind.be> [Julien: add the note about the Moby project] Signed-off-by: Julien Olivain <ju.o@free.fr>
Add the `podman_project:podman` CPE referenced in the GHSA page [1]. The last entry with this CPE is CVE-2024-3056 [2]. Dropping the `v` prefix from the version to track the CPE version correctly. [1] https://github.com/containers/podman/security [2] https://nvd.nist.gov//vuln/detail/CVE-2024-3056 Signed-off-by: Thomas Perale <thomas.perale@mind.be> Signed-off-by: Julien Olivain <ju.o@free.fr>
The CPE `mp4v2:mp4v2` is valid for the package mp4v2. See the latest CVE: CVE-2023-33719 that reference the upstream repository. [1] https://nvd.nist.gov//vuln/detail/CVE-2023-33719 Signed-off-by: Thomas Perale <thomas.perale@mind.be> Signed-off-by: Julien Olivain <ju.o@free.fr>
The CPE `openvpn:easy-rsa` is valid for the EasyRsa package. The last CVE is CVE-2024-13454 [1] that is reference in the upstream bug tracker [2]. [1] https://nvd.nist.gov/vuln/detail/CVE-2024-13454 [2] OpenVPN/easy-rsa#1122 Signed-off-by: Thomas Perale <thomas.perale@mind.be> Signed-off-by: Julien Olivain <ju.o@free.fr>
The CPE `pali:igmpproxy` is a valid CPE for the package igmpproxy. See the latest CVE: CVE-2025-50681 [1] that reference the upstream repository. [1] https://nvd.nist.gov/vuln/detail/CVE-2025-50681 Signed-off-by: Thomas Perale <thomas.perale@mind.be> Signed-off-by: Julien Olivain <ju.o@free.fr>
The CPE `vstakhov:libucl` is a valid CPE for the package libucl. See the latest CVE: CVE-2025-6499 [1] that reference the upstream repository. [1] https://nvd.nist.gov/vuln/detail/CVE-2025-6499 Signed-off-by: Thomas Perale <thomas.perale@mind.be> Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
[Peter: Fix flake8 warning, use http.server instead of relying on
connectivity]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit [1] added the "Upstream:" package patch tag, but forgot to
remove the corresponding .checkpackageignore entry.
This commit fixes that.
Fixes:
package/efl/0001-ecore_fb-fix-build-with-tslib.patch:0: lib_patch.Upstream was expected to fail, did you fix the file and forget to update .checkpackageignore?
[1] https://gitlab.com/buildroot.org/buildroot/-/commit/bac34296bfed5282df07496c845d74924beb5da6
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The dependencies on Boost.System, Boost.Filesystem were removed in v23.0 [0][1] and Boost.Thread in v21.99 [2]. This was never reflected in the Buildroot package so do it now. [0] bitcoin/bitcoin@0726932 [1] bitcoin/bitcoin@b87f9c5 [2] bitcoin/bitcoin@06e1d7d Signed-off-by: Michael Nosthoff <buildroot@heine.tech> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The cpe:2.3:a:containers:aardvark-dns:*:*:*:*:*:*:*:* is valid for this package. See https://nvd.nist.gov/products/cpe/detail/5F79D5CD-D716-4190-BE08-31EB5EEB233F The CPE version strip the 'v' prefix from the version. Signed-off-by: Thomas Perale <thomas.perale@mind.be> Reviewed-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Julien Olivain <ju.o@free.fr>
Backport two security fixes from upstream. They are in newer releases, but to facilitate backporting to our LTS releases, this backports the fixes. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
https://gitlab.com/gpsd/gpsd/-/blob/release-3.27.2/NEWS All patches can be dropped as they are in this upstream release. Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
10 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )