sync changes from upstream #27
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CONFIG_SMARTCARD was unconditionally disabled which has meant that even if OpenSSL is compiled with engine support and the supplicant is configured to use an engine it would warn that it was compiled without engine support. This mechanism is used to enable the more secure forms of 802.1x networking authentication such as EAP-TLS with hardware-delegated cryptography and private keys protected in hardware. Enabling the option will allow delegating private key access to TPM2, ARM TrustZone and other specialized secure hardware for establishing a network connection. Signed-off-by: Lars Wikman <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]>
This new version is required to compile grout v8.4.0. Signed-off-by: Maxime Leroy <[email protected]> Reviewed-by: Vincent Jardin <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]>
Grout is a Graph router based on DPDK. Signed-off-by: Maxime Leroy <[email protected]> Reviewed-by: Vincent Jardin <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]>
Commit f78280b ("package/sane-airscan: new package") added a new entry in DEVELOPERS, but forgot to add the email address. Fix that. Signed-off-by: Peter Korsgaard <[email protected]>
This patch bumps: - TF-A to version v2.12 (LTS) - U-Boot to version v2025.04 - Linux kernel to version 6.12.24 (LTS) Signed-off-by: Dario Binacchi <[email protected]> Reviewed-by: Bryan Brattlof <[email protected]> Signed-off-by: Julien Olivain <[email protected]>
This version of setuptools includes an update to distutils [0] which fixes an issue with determining the linker command for C++ targets when a wrapper, such as ccache, is in the command. Fixes: https://autobuild.buildroot.org/results/5f017fca3d708388c9f66afea39b090f0976d496/ [0]: pypa/distutils@b8c06ff Signed-off-by: Vincent Fazio <[email protected]> Signed-off-by: Julien Olivain <[email protected]>
Add a runtime test for the 'bat' package to verify that the binary executes correctly in a minimal Buildroot rootfs.The test cheks that: - 'bat --version' runs without error - 'bat' can read and display a text file - the displayed content matches the expected string Signed-off-by: El Mehdi YOUNES <[email protected]> Signed-off-by: Julien Olivain <[email protected]>
Add a runtime test for the 'dust' package to verify that the binary executes correctly in a minimal buildroot rootfs. The test checks that: - 'dust --version' runs without error - 'dust' can analyze a directory structure with files - The output includes the expected directory names Signed-off-by: El Mehdi YOUNES <[email protected]> Signed-off-by: Julien Olivain <[email protected]>
The upstream URL was missing in the help text, so add it. Signed-off-by: Thomas Petazzoni <[email protected]> Signed-off-by: Julien Olivain <[email protected]>
The Config.in comment in the dpdk package was wrong for a number of reasons: - It didn't mention the glibc dependency - It didn't mention the gcc >= 4.9 dependency - It mentioned a wchar dependency that isn't listed in the dpdk dependencies - It mentioned a dynamic library dependency that isn't listed in the dpdk dependencies - It used "kernel headers >= 4.19", while for brievity we use "headers >= 4.19" everywhere in Buildroot - Minor nit: DPDK was written allcaps, while we write package names lower-case in Buildroot Fixes: d17d1b6 ("package/dpdk: add 24.07") Signed-off-by: Thomas Petazzoni <[email protected]> Signed-off-by: Julien Olivain <[email protected]>
Release notes: https://github.com/iovisor/bcc/releases/tag/v0.34.0 The 'tests.package.test_bcc' test(s) were run and passed. Signed-off-by: Raphaël Mélotte <[email protected]> Signed-off-by: Julien Olivain <[email protected]>
Release notes: https://github.com/libfuse/libfuse/releases/tag/fuse-3.17.2 Drop local patches that are upstreamed now. Fixes: https://autobuild.buildroot.net/results/f3c/f3cfaa8ed63483858ffa32b719ea4be68ba6c4f3// Signed-off-by: Giulio Benetti <[email protected]> Signed-off-by: Julien Olivain <[email protected]>
For release note, see: https://github.com/sbabic/libubootenv/releases/tag/v0.3.6 Signed-off-by: James Hilliard <[email protected]> [Julien: add link to release note] Signed-off-by: Julien Olivain <[email protected]>
This configuration builds an image for the Raspberry Pi 2 Rev 1.2 (64-bit). Note: Raspberry Pi 2 Model B Rev 1.2[1] switched from BCM2836[2] to BCM2837[3] that is 64-bit. BCM2836[2] The Broadcom chip used in the Raspberry Pi 2 Model B. The underlying architecture in BCM2836 is identical to BCM2835. The only significant difference is the removal of the ARM1176JZF-S processor and replacement with a quad-core Cortex-A7 cluster. BCM2837[3] This is the Broadcom chip used in the Raspberry Pi 3 Model B, later models of the Raspberry Pi 2 Model B, and the Raspberry Pi Compute Module 3. The underlying architecture of the BCM2837 is identical to the BCM2836. The only significant difference is the replacement of the ARMv7 quad core cluster with a quad-core ARM Cortex A53 (ARMv8) cluster. The ARM cores run at 1.2GHz, making the device about 50% faster than the Raspberry Pi 2. The VideoCore IV runs at 400MHz. [1]: https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#flagship-series [2]: https://www.raspberrypi.com/documentation/computers/processors.html#bcm2836 [3]: https://www.raspberrypi.com/documentation/computers/processors.html#bcm2837 Signed-off-by: Gaël PORTAY <[email protected]> Signed-off-by: Julien Olivain <[email protected]>
This version bump removes CVE-2023-7152, which was incorrectly associated with the micropython package in pkg-stats. Although the CVE fix was already present in 1.22.0 the CVE only applied to the preview version of 1.22.0. The CPE ID of the 1.22.0 matched with the CPE ID of the 1.22.0 preview version as well. This patch bumps to the latest patch-level version available in the 1.22.x series to include additional fixes, rather than just adding the CVE to the 'MICROPYTHON_IGNORE_CVES' list. The LICENSE hash has been updated, as the licenses used for the ports and libraries have also been updated in the LICENSE file. For more details on the version bump, see the release notes: - https://github.com/micropython/micropython/releases/tag/v1.22.2 - https://github.com/micropython/micropython/releases/tag/v1.22.1 Signed-off-by: Thomas Perale <[email protected]> Signed-off-by: Julien Olivain <[email protected]>
The package strongswan relies on the `wc_RsaKeyToDer` & `wc_MakeRsaKey`
functions of WolfSSL. Building this package with the WolfSSL backend
by selecting the variable `BR2_PACKAGE_STRONGSWAN_WOLFSSL` would give
the following error:
```
libtool: compile: /home/buildroot/instance-0/output-1/host/bin/sparc-linux-gcc -DHAVE_CONFIG_H -I. -I../../../.. -I../../../../src/libstrongswan -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -DWC_NO_RNG -rdynamic -Wno-format -Wno-format-security -Wno-implicit-fallthrough -Wno-missing-field-initializers -Wno-pointer-sign -Wno-sign-compare -Wno-type-limits -Wno-unused-parameter -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Og -g0 -include /home/buildroot/instance-0/output-1/build/strongswan-5.9.14/config.h -c wolfssl_ed_public_key.c -o wolfssl_ed_public_key.o >/dev/null 2>&1
wolfssl_rsa_private_key.c: In function 'get_encoding':
wolfssl_rsa_private_key.c:366:31: error: implicit declaration of function 'wc_RsaKeyToDer'; did you mean 'wc_EccKeyToDer'? [-Wimplicit-function-declaration]
366 | len = wc_RsaKeyToDer(&this->rsa, encoding->ptr, len);
| ^~~~~~~~~~~~~~
| wc_EccKeyToDer
libtool: compile: /home/buildroot/instance-0/output-1/host/bin/sparc-linux-gcc -DHAVE_CONFIG_H -I. -I../../../.. -I../../../../src/libstrongswan -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -DWC_NO_RNG -rdynamic -Wno-format -Wno-format-security -Wno-implicit-fallthrough -Wno-missing-field-initializers -Wno-pointer-sign -Wno-sign-compare -Wno-type-limits -Wno-unused-parameter -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Og -g0 -include /home/buildroot/instance-0/output-1/build/strongswan-5.9.14/config.h -c wolfssl_ec_private_key.c -o wolfssl_ec_private_key.o >/dev/null 2>&1
wolfssl_rsa_private_key.c: In function 'wolfssl_rsa_private_key_gen':
wolfssl_rsa_private_key.c:490:13: error: implicit declaration of function 'wc_MakeRsaKey'; did you mean 'wc_FreeRsaKey'? [-Wimplicit-function-declaration]
490 | if (wc_MakeRsaKey(&this->rsa, key_size, WC_RSA_EXPONENT, &this->rng) < 0)
| ^~~~~~~~~~~~~
| wc_FreeRsaKey
```
Those functions are only present when building the WolfSSL library with
the keygen supports (`--enable-keygen`).
This patch change the selected package to enable all the option of
WolfSSL, which include the keygen as well.
Fixes:
- https://autobuild.buildroot.org/results/d0e/d0e94f501ad1afd25ae4112443f9af101dfa5dea
Signed-off-by: Thomas Perale <[email protected]>
Signed-off-by: Julien Olivain <[email protected]>
Changelog: [1]. [1]: https://github.com/shadow-maint/shadow/releases/tag/4.17.4 Signed-off-by: Raphael Pavlidis <[email protected]> Signed-off-by: Julien Olivain <[email protected]>
For change log, see: https://gitlab.com/ita1024/waf/-/blob/waf-2.1.5/ChangeLog Tested with `./utils/test-pkg -p ntpsec` (ntpsec is a waf-package) Signed-off-by: Titouan Christophe <[email protected]> Signed-off-by: Titouan Christophe <[email protected]> [Julien: add link to change log] Signed-off-by: Julien Olivain <[email protected]>
Since commit fd56231, which updated waf to v2.1.1, Buildroot has encountered issues building mpv, likely due to an outdated version of the waf build system. Starting with mpv v0.35, meson was introduced as an alternative to waf, and in mpv v0.37, waf was completely removed. This commit updates the mpv makefile to use meson, resolving the build issues and simplifying future updates to newer versions of mpv. All options previously used for Waf have been translated to the new build system by replacing `--disable-feature` with `-Dfeature=disabled` (and similarly for enabling features). Some features have special handling: - The `/usr` prefix is automatically passed to meson packages by default. - The Android feature "has been removed since meson can detect if a machine is Android"[1]. - The `libmpv` parameter has been enabled in the makefile as `libmpv` must be built by default with mpv. - Meson packages automatically set whether the library should be built statically using the `default_library` meson parameter. - Meson automatically detects the presence of `libatomic` and passes the correct argument to the linker. However, it is possible to set the `stdatomic` meson parameter to specify whether `libatomic` must or must not be used. Fixes: https://autobuild.buildroot.org/results/68d42441fc0da34e1bf2a4247726f5f4ec3b8e77/ [1]: https://github.com/mpv-player/mpv/blob/140ec21c89d671d392877a7f3b91d67e7d7b9239/DOCS/build-system-differences.md?plain=1#L48 Signed-off-by: Thomas Bonnefille <[email protected]> Tested-by: J. Neuschäfer <[email protected]> Signed-off-by: Julien Olivain <[email protected]>
Release notes: https://arma.sourceforge.net/docs.html#changelog Signed-off-by: Dario Binacchi <[email protected]> Signed-off-by: Julien Olivain <[email protected]>
For change log, see: https://www.ncftp.com/ncftp/doc/changelog.html Fixes: https://autobuild.buildroot.org/results/103b86c5473077cd95a245a762059a23f78c1a44/build-end.log Signed-off-by: Yegor Yefremov <[email protected]> [Julien: add link to change log] Signed-off-by: Julien Olivain <[email protected]>
Changelog: https://github.com/libexpat/libexpat/blob/R_2_7_1/expat/Changes Update hash of the COPYING file (year updated): libexpat/libexpat@2b2a246 Signed-off-by: Kadambini Nema <[email protected]> Signed-off-by: Julien Olivain <[email protected]>
Changelog: https://gitlab.freedesktop.org/mobile-broadband/libqmi/-/blob/qmi-1-36/NEWS Signed-off-by: Kadambini Nema <[email protected]> Signed-off-by: Julien Olivain <[email protected]>
Changelog: https://gitlab.freedesktop.org/mobile-broadband/libmbim/-/blob/mbim-1-32/NEWS Signed-off-by: Kadambini Nema <[email protected]> Signed-off-by: Julien Olivain <[email protected]>
Changelog: https://gitlab.freedesktop.org/mobile-broadband/ModemManager/-/blob/mm-1-24/NEWS Signed-off-by: Kadambini Nema <[email protected]> Signed-off-by: Julien Olivain <[email protected]>
Annoyingly, using "--disable warning" does not disable the warnings checks. It turns out that we look for "warnings" (i.e. with an 's') to know if we should disable the warnings check, so update the help text accordingly. Signed-off-by: Raphaël Mélotte <[email protected]> Signed-off-by: Julien Olivain <[email protected]>
Update OP-TEE to its latest tag Signed-off-by: Nayab Sayed <[email protected]> Signed-off-by: Julien Olivain <[email protected]>
Update optee-test to the latest tagged release Signed-off-by: Nayab Sayed <[email protected]> Signed-off-by: Julien Olivain <[email protected]>
Update optee-examples to the latest tagged release Signed-off-by: Nayab Sayed <[email protected]> Signed-off-by: Julien Olivain <[email protected]>
Bump to the latest version of optee-client Signed-off-by: Nayab Sayed <[email protected]> Signed-off-by: Julien Olivain <[email protected]>
Add python-typing-inspection as a newly introduced dependency of pydantic. Signed-off-by: Marcus Hoffmann <[email protected]> Signed-off-by: Arnout Vandecappelle <[email protected]>
Signed-off-by: Marcus Hoffmann <[email protected]> [Arnout: update hash for cargo3] Signed-off-by: Arnout Vandecappelle <[email protected]>
Signed-off-by: Marcus Hoffmann <[email protected]> Signed-off-by: Arnout Vandecappelle <[email protected]>
Signed-off-by: Marcus Hoffmann <[email protected]> Signed-off-by: Arnout Vandecappelle <[email protected]>
Signed-off-by: Marcus Hoffmann <[email protected]> Signed-off-by: Arnout Vandecappelle <[email protected]>
Release notes: https://github.com/python/typing_extensions/blob/main/CHANGELOG.md#release-4132-april-10-2025 Signed-off-by: Marcus Hoffmann <[email protected]> Signed-off-by: Arnout Vandecappelle <[email protected]>
Signed-off-by: Marcus Hoffmann <[email protected]> Signed-off-by: Arnout Vandecappelle <[email protected]>
While in theory, the fastapi tests finds problems with the pydantic package, it's not obvious that this test should be run when the pydantic package is updated. Add a new test that just covers pydantic. Signed-off-by: Marcus Hoffmann <[email protected]> Signed-off-by: Arnout Vandecappelle <[email protected]>
Signed-off-by: Marcus Hoffmann <[email protected]> Signed-off-by: Arnout Vandecappelle <[email protected]>
host-android-tools fails to build when the host gcc version is >= 15.x. A simple patch allows to fix the issue by adjusting how allocate_inode() gets called. Fixes: https://autobuild.buildroot.org/results/e8152490540ee1968182f4eb7813e5e940f3e9b3/ Signed-off-by: Thomas Petazzoni <[email protected]> Signed-off-by: Julien Olivain <[email protected]>
For a changelog see here: https://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-22.3.0.md Changes made by the package maintainer: - add systemd service file - run asterisk as non-root user asterisk - build pjsip as bundled source code, but download it like sound files - remove unused configure options - chan_alsa was removed upstream in commit de3ce178ab0282445cf25161b49f3737ac2d20ff See here for the reason behind using the bundled pjsip: asterisk/asterisk#671 Signed-off-by: Waldemar Brodkorb <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]>
Update to the latest release of tbtools. For change log, see: intel/tbtools@v0.5.0...v0.6.0 Signed-off-by: Mika Westerberg <[email protected]> [Julien: update .hash file to use -cargo3 format] Signed-off-by: Julien Olivain <[email protected]>
PYTHON_FOO_BUILD_OPTS are passed to the build module call of the package build, this allows passing options to the python build *backend* by using the --config-setting= option. setup.py is no longer involved since even the setuptools backend now used the pep517 build method. The note about the options being passed to support/scripts/pyinstaller.py seems to be no longer accurate. Signed-off-by: Marcus Hoffmann <[email protected]> [Arnout: also mention -C (suggested by James)] Signed-off-by: Arnout Vandecappelle <[email protected]>
As of GCC14, GCC no longer allows implicitly casting all pointer types to all other pointer types. We can fix this error, by adding the appropriate cast. This patch is a port of a Gentoo patch. Link: https://gitweb.gentoo.org/repo/gentoo.git/tree/media-sound/musepack-tools/files/musepack-tools-495-incompatible-pointers.patch Fixes: https://autobuild.buildroot.org/results/6412fc37d533dff27f18b09c668870bebff2bec5/ Signed-off-by: Thomas Bonnefille <[email protected]> Signed-off-by: Arnout Vandecappelle <[email protected]>
Signed-off-by: James Hilliard <[email protected]> Signed-off-by: Arnout Vandecappelle <[email protected]>
Signed-off-by: James Hilliard <[email protected]> Signed-off-by: Arnout Vandecappelle <[email protected]>
This will be required for the upcoming python-mypy package. Signed-off-by: James Hilliard <[email protected]> Signed-off-by: Arnout Vandecappelle <[email protected]>
Signed-off-by: James Hilliard <[email protected]> Signed-off-by: Arnout Vandecappelle <[email protected]>
Add new host-python-mypy and host-python-setuptools-scm build dependencies. Set --skip-dependency-check due to unnecessarily strict mypy version limit. Set CHARSET_NORMALIZER_USE_MYPYC=1 in env so that mypyc optimizations are enabled. License hash changed due to year update: jawah/charset_normalizer@deed205 Signed-off-by: James Hilliard <[email protected]> Signed-off-by: Arnout Vandecappelle <[email protected]>
Add local patch pending upstream to fix build failure with Linux 6.14. Fixes: https://autobuild.buildroot.org/results/065b9afc1c6f9f5561547b12171269adc8c12275 Signed-off-by: Giulio Benetti <[email protected]> Reviewed-by: Luca Ceresoli <[email protected]> Signed-off-by: Julien Olivain <[email protected]>
This adds a configuration option to enable the Wayland video driver support in SDL2. Signed-off-by: Thomas Devoogdt <[email protected]> [Peter: move after KMS/DRM] Tested-by: Alexander Shiyan <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]>
Commit 4662553 ("package/sdl2: add wayland support") added an option to enable wayland support but accidentally put the .mk logic inside the BR2_PACKAGE_SDL2_X11, so it would only trigger if the X11 driver was enabled. Fix that by moving it outside the conditional. Signed-off-by: Peter Korsgaard <[email protected]>
dbus has a session socket directory configuration setting, that, if not set, will be autodeducted based on env vars like TMPDIR during configuration time. Becuse of that, the builder's environment variables will lead to an image with a broken session bus while leaking builder's details to the image. Add an explicit setting of session-socket-dir to /tmp dir. Fixes: https://gitlab.com/buildroot.org/buildroot/-/issues/67 Signed-off-by: Nikita Kiryushin <[email protected]> Reviewed-by: Fiona Klute <[email protected]> Signed-off-by: Arnout Vandecappelle <[email protected]>
This commit replaces "a35" occurrences with "a55" in imx9 bootloader preparation script. i.MX9 families have Cortex-A55 processors. See [1]. This change is purely cosmetic and only for correctness, as the mkimage_imx8 tool currently uses internally the "a55" identifier as an alias for "a35". See [2]. [1] https://www.nxp.com/products/processors-and-microcontrollers/arm-processors/i-mx-applications-processors/i-mx-9-processors:IMX9-PROCESSORS [2] https://github.com/nxp-imx/imx-mkimage/blob/lf-6.6.23-2.0.0/src/mkimage_imx8.c#L773 Signed-off-by: Juan Pablo MONTERO CASTRO <[email protected]> [Julien: reword a bit and add info in commit log] Signed-off-by: Julien Olivain <[email protected]>
Note: this test was not working in Buildroot test infrastructure before commit [1] was merged, because dieharder has the string "# " in its output. [1] https://gitlab.com/buildroot.org/buildroot/-/commit/0cad947b964be5612a182413da136fcf0dc5a1f2 Signed-off-by: Julien Olivain <[email protected]> Signed-off-by: Arnout Vandecappelle <[email protected]>
The bump of rust and rust-bin from 1.82 to 1.86 in commit 072f3bc forgot to update the hash of the license files. The LICENSE-MIT file has changed with the following diff: +Copyright (c) The Rust Project Contributors + So no change to the license terms. Fixes: https://autobuild.buildroot.net/results/382489b3f5c931451bead7e232af07b70c3e29bb/ Signed-off-by: Thomas Petazzoni <[email protected]>
As specified in the 2.28.10 release notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.10 Mbed TLS 2.28.10 is the last release of the 2.28 LTS and won't receive bug fixes or security fixes anymore. Users are advised to upgrade to a maintained version. So move to 3.6.x, which is the new LTS version: Mbed TLS 3.6 is a long-term support (LTS) branch. It will be supported with bug-fixes and security fixes until at least March 2027. Drop BR2_PACKAGE_MBEDTLS_COMPRESSION and all related references as native zlib support has been entirely removed from mbedtls. Signed-off-by: James Hilliard <[email protected]> [Peter: add note about 2.28.x / 3.6.x, add Config.in.legacy] Signed-off-by: Peter Korsgaard <[email protected]>
Currently, list-defconfigs only lists the defconfigs that live
live in the top-level configs/ directory. For the in-tree defconfigs
this is indeed the case, but it is possible to manage the configs in a
br2-external tree with sub-directories.
A few examples:
- for a given board, a first defconfig is the full system, and a
second is the rescue system;
- for a given board, two defconfigs implement an A/B feature set;
- a set of configurations targetting various famillies of systems each
running on different hardware, sorted per familly.
Extend list-defconfigs to look for and report defconfigs in
sub-directories of the top-level configs/.
Signed-off-by: Yann E. MORIN <[email protected]>
Signed-off-by: Arnout Vandecappelle <[email protected]>
Fixes the following security issue: - CVE-2025-43859: A leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. For more information, see: - https://nvd.nist.gov/vuln/detail/CVE-2025-43859 - python-hyper/h11@114803a For more details on the version bump, see: - python-hyper/h11@v0.14.0...v0.16.0 Signed-off-by: Thomas Perale <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
42 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.