This commit fixes the wrong patch folders which should have been fixed
in commit 475c79d ("package/openjdk{-bin}: bump versions to 17.0.12+7
and 21.0.4+7")
Signed-off-by: Thomas Devoogdt <thomas.devoogdt@barco.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f2992604a3267a1c5e12dfd1280199c388b9dd75)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
This brings the script in line with current standards, except the
expected PIDFILE value because changing the PID file path would
require changing build options.
The stop action now uses the PID file instead of "killall", and reload
is supported using SIGHUP (with limitations described in D-Bus
documentation). "--syslog" is added to the dbus-daemon arguments to
ensure log messages will be available, otherwise log messages after
fork may be lost.
Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f51a4752801860fff5749b03d145b6d41e3283b6)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The "servicename" environment variable was never set, so the condition
in the "condrestart" case would always evaluate to false. Nobody seems
to have noticed since it was introduced with commit
ceb2859765 in 2007, so simply remove it.
Likewise, the comment in the stop function that mentions $servicename
is incorrect, there is no safety check to the "killall" call.
With those, remove the /var/lock/subsys/dbus-daemon file that was
created but never used.
Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3dd3944097ebf333d7b8c41a0c9eb46d98cdc6d2)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Since Buildroot commit [1] the patches that fixes a security
vulnerability needs to reference the fixed vulnerability.
This patch adds the relevant information to the patches header as well
as the `Upstream` trailer.
[1] 1167d0ff3d docs/manual: mention CVE trailer
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 74b079d9e916062629148ba79374998762e1998a)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Since Buildroot commit [1] the patches that fixes a security
vulnerability needs to reference the fixed vulnerability.
This patch adds the relevant information to the patch header
and adds the `Upstream` trailer.
[1] 1167d0ff3d docs/manual: mention CVE trailer
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7c9166cd86a4d984d019996b58d7a68052a1639f)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Since Buildroot commit [1] the patches that fixes a security
vulnerability needs to reference the fixed vulnerability.
This patch adds the relevant information to the patch header
and adds the `Upstream` trailer.
[1] 1167d0ff3d docs/manual: mention CVE trailer
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7a8524a70173953e3a8a11456d25ec3fea347153)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Since Buildroot commit [1] the patches that fixes a security
vulnerability needs to reference the fixed vulnerability.
This patch adds the relevant information to the patch header
and adds the `Upstream` trailer.
[1] 1167d0ff3d docs/manual: mention CVE trailer
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ba51d53019bbc6f862b87389a90695a3dbe0670c)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Since Buildroot commit [1] the patches that fixes a security
vulnerability needs to reference the fixed vulnerability.
This patch adds the relevant information to the patch header
and adds the `Upstream` trailer.
[1] 1167d0ff3d docs/manual: mention CVE trailer
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit cef136b5f09827a8d1e98a0dce0380449ed61cd4)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Since Buildroot commit [1] the patches that fixes a security
vulnerability needs to reference the fixed vulnerability.
This patch adds the relevant information to the patch header
and adds the `Upstream` trailer.
[1] 1167d0ff3d docs/manual: mention CVE trailer
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7b8c58ae03f87e047c14585b16de19c66b8344c8)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Switched _SITE to github, old project site is down.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
[Julien: change _VERSION to use 'git describe --abbrev=40' format]
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 652dbe71c38b38f31ead4ac6f3426ec826d6d40d)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
bctoolbox was only needed as a dependency of linphone, as is anyway
bundled in more recent versions of linphone, making a separate package
unnecessary.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 37d3a2dee3)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
mediastreamer was only needed as a dependency of linphone, as is
anyway bundled in more recent versions of linphone, making a separate
package unnecessary.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b02a4ca7d7)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
This package is no longer maintained in Buildroot: no maintainer in
DEVELOPERS file, and doesn't build since we bumped mbedtls to version
3.x in commit 3481a9643f, which first
appeared in 2025.05.
Also, upstream linphone has changed their strategy, and now their
specific dependencies (bctoolbox, belle-sip, etc.) are bundled in
linphone, so anyway the packaging needs to be adapted significantly.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 90e4e80fc3)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
BOARD_DIR is not used, so drop it and quote $BINARIES_DIR to make shellcheck
happy.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 5f620e144d)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
With the change to default to gcc 14.x with commit 1e1fafa1f0
("package/gcc: switch to GCC 14.x as the default"), the old u-boot version
no longer builds:
board/ti/am57xx/board.c:948:17: error: implicit declaration of function 'do_cape_detect'; did you mean 'do_board_detect'? [-Wimplicit-function-declaration]
https://gitlab.com/buildroot.org/buildroot/-/jobs/11570241744
So move to u-boot 2025.04 to fix that. We still need a small patch as
(early) beagleboneai boards do not have the EEPROM (or eMMC partition)
populated, so include the bb.org patch from
0b161f8e89
The new u-boot version needs both openssl and gnutls on the host, so enable
them.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Julien: remove patch entry in .checkpackageignore to
fix check-package error
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 7ec419fb9c)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The roseapplepi defconfig fails to build u-boot since the move to GCC 15.x:
https://gitlab.com/buildroot.org/buildroot/-/jobs/11501385206
The issues are mainly related to missing includes, but given that the build
has been broken for a while, there is no mainline u-boot support for the
platform and the minimal kernel support has not seen any updates since it
was added for v5.15, just drop the defconfig.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 56091a5818)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
This defconfig no longer builds:
https://gitlab.com/buildroot.org/buildroot/-/jobs/11161167596
It is still based on the 4.8.6 kernel, which is not even an LTS
kernel, so we cannot easily update to fix the issues which are most
likely due to the newer gcc/binutils versions we're using now.
There is no DEVELOPERS entry attached to this configuration as well,
and this defconfig has been broken for at least 2 months, probably
more (our Gitlab CI history is only kept for ~2 months). So let's drop
it, unles someone volunteers to resurrect it.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 0590ef1a81)
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
This removes a warning reported by shellcheck: "Double quote to prevent
globbing and word splitting". As a result, the file can be removed from
.checkpackageignore.
Signed-off-by: Scott Fan <fancp2007@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit e7937c52b6)
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Using /dev/null as file source because the package doesn't provide a default
systemv service configuration file.
Signed-off-by: Angelo Compagnucci <angelo.compagnucci@gmail.com>
[Julien: remove S43htpdate .checkpackageignore entry
to fix check-package error
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 1f2b459b56)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Having support for ffmpeg in libsoxr causes several circular
dependencies:
- pulseaudio -> libsoxr -> ffmpeg -> pulseaudio
(This one was worked around in
fecc337d21 by dropping the ffmpeg ->
pulseaudio dependency, but it's annoying as being able to output
audio from ffmpeg into pulseaudio seems useful)
- libopenmpt -> pulseaudio -> libsoxr -> ffmpeg -> libopenmpt
(This is one exists, and is fixed by this commit)
To fix both circular dependencies, we propose to drop the dependency
of libsoxr on ffmpeg, which is used to get some optimized FFT
implementation. While not being useless, this is the point where
breaking the dependency seems the most logical.
Neither Debian nor Fedora build libsoxr with ffmpeg support.
In order to achieve that, we add a new patch making the option
WITH_AVFFT actually effective. Since we no longer build against
ffmpeg, the previously added patch that was fixing the pkg-config file
is no longer needed.
Fixes:
https://autobuild.buildroot.net/results/bbfce69f35cafd56245ebeae79086a8b64592a16/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4bf2a854f9)
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Since Buildroot commit [1] dc0f7215c6 "package/gcc: switch to 13.x as
default", sipeed_licheepi_zero_defconfig fails when building the Linux
kernel with the error message:
drivers/ata/libahci.c: In function 'ahci_led_store':
./include/linux/compiler.h:350:45: error: call to '__compiletime_assert_1138' declared with attribute error: BUILD_BUG_ON failed: sizeof(_s) > sizeof(long)
350 | _compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
This issue is fixed by upstream Kernel commit [2].
This commit fixes this issue by updating the Linux Kernel from v5.3.5
(which is not a LTS series) to v6.12.43 (which is a LTS series
including the fixes). With this update,
BR2_LINUX_KERNEL_INTREE_DTS_NAME is updated accordingly to follow the
new DTS organization.
This commit also updates U-Boot from 2022.01 to 2025.07. This new
version now requires BR2_TARGET_UBOOT_NEEDS_GNUTLS=y.
While at it, this commit also switches to a stable glibc Bootlin
external toolchain, to follow the new guidelines from [3].
Finally, this commit adds BR2_DOWNLOAD_FORCE_CHECK_HASHES=y and the
corresponding hash files. The .checkpackageignore is also updated to
reflect that change.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/11026771001
[1] dc0f7215c6
[2] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f07788079f515ca4a681c5f595bdad19cfbd7b1d
[3] https://elinux.org/Buildroot:DeveloperDaysELCE2024#Rules_for_defconfigs
Cc: Michel Stempin <michel.stempin@wanadoo.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
(cherry picked from commit db951a4c71)
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Since 64ac719952 ("apply-patches.sh: add recursivity when scanning
patchdir"), patches with the .dpatch file extension are simply ignored.
Unfortunately, setserial package stopped applying the patches after that
commit.
Sadly, 0002-tiocghayesesp-build-fix.patch is breaking the patch context
for patch 18 in the debian diff because we are currently applying
patches from within Buildroot tree before applying the ones we download
from Debian. Instead of doing some hacks, let's apply Debian patches
before Buildroot's. However, this requires a few changes. First, we need
to migrate away from the SETSERIAL_PATCH mechanism because currently
_PRE_PATCH_HOOKS runs before this is applied and _POST_PATCH_HOOKS runs
after the Buildroot patches are applied.
Instead, let's use an _EXTRA_DOWNLOADS we manually extract à-la
package/android-tools/android-tools.mk. Then in the _PRE_PATCH_HOOKS, we
apply the big diff the _EXTRA_DOWNLOADS contains so that the patches
from within can be applied afterwards.
Because the big diff still contains only patches with the *.dpatch
extensions that are not supported anymore, we need to either rename all
patches or use the 00list file that lists all patches in the order they
need to be applied. Fortunately, Buildroot already supports applying
patches with `patch` regardless of their extension if they are within
such a file. Unfortunately, it needs to be called "series", hence the
renaming.
Because patch 18 from the big diff is now applied before
0002-tiocghayesesp-build-fix.patch from Buildroot tree, the latter will
fail if left unmodified, so this commit also rebases it.
Finally, we keep the removal of 01_makefile.dpatch for now even though
it only exists because it generates a conflict with
0001-build-system-fix.patch from Buildroot tree. It'll be rebased in a
later commit though.
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 534147af94)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
This fixes the following vulnerabilities:
- CVE-2023-2794:
A flaw was found in ofono, an Open Source Telephony on Linux. A stack
overflow bug is triggered within the decode_deliver() function during
the SMS decoding. It is assumed that the attack scenario is accessible
from a compromised modem, a malicious base station, or just SMS. There
is a bound check for this memcpy length in decode_submit(), but it was
forgotten in decode_deliver().
https://www.cve.org/CVERecord?id=CVE-2023-2794
- CVE-2024-7537:
oFono QMI SMS Handling Out-Of-Bounds Read Information Disclosure
Vulnerability. This vulnerability allows local attackers to disclose
sensitive information on affected installations of oFono.
Authentication is not required to exploit this vulnerability. The
specific flaw exists within the processing of SMS message lists. The
issue results from the lack of proper validation of user-supplied
data, which can result in a read past the end of an allocated buffer.
An attacker can leverage this in conjunction with other
vulnerabilities to execute arbitrary code in the context of root. Was
ZDI-CAN-23157.
https://www.cve.org/CVERecord?id=CVE-2024-7537
- CVE-2024-7539:
oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability.
This vulnerability allows local attackers to execute arbitrary code on
affected installations of oFono. An attacker must first obtain the
ability to execute code on the target modem in order to exploit this
vulnerability. The specific flaw exists within the parsing of
responses from AT+CUSD commands. The issue results from the lack of
proper validation of the length of user-supplied data prior to copying
it to a stack-based buffer. An attacker can leverage this
vulnerability to execute code in the context of root. Was ZDI-
CAN-23195.
https://www.cve.org/CVERecord?id=CVE-2024-7539
- CVE-2024-7540:
oFono AT CMGL Command Uninitialized Variable Information Disclosure
Vulnerability. This vulnerability allows local attackers to disclose
sensitive information on affected installations of oFono. An attacker
must first obtain the ability to execute code on the target modem in
order to exploit this vulnerability. The specific flaw exists within
the parsing of responses from AT+CMGL commands. The issue results from
the lack of proper initialization of memory prior to accessing it. An
attacker can leverage this in conjunction with other vulnerabilities
to execute arbitrary code in the context of root. Was ZDI-CAN-23307.
https://www.cve.org/CVERecord?id=CVE-2024-7540
- CVE-2024-7541:
oFono AT CMT Command Uninitialized Variable Information Disclosure
Vulnerability. This vulnerability allows local attackers to disclose
sensitive information on affected installations of oFono. An attacker
must first obtain the ability to execute code on the target modem in
order to exploit this vulnerability. The specific flaw exists within
the parsing of responses from AT+CMT commands. The issue results from
the lack of proper initialization of memory prior to accessing it. An
attacker can leverage this in conjunction with other vulnerabilities
to execute arbitrary code in the context of root. Was ZDI-CAN-23308.
https://www.cve.org/CVERecord?id=CVE-2024-7541
- CVE-2024-7542:
oFono AT CMGR Command Uninitialized Variable Information Disclosure
Vulnerability. This vulnerability allows local attackers to disclose
sensitive information on affected installations of oFono. An attacker
must first obtain the ability to execute code on the target modem in
order to exploit this vulnerability. The specific flaw exists within
the parsing of responses from AT+CMGR commands. The issue results from
the lack of proper initialization of memory prior to accessing it. An
attacker can leverage this in conjunction with other vulnerabilities
to execute arbitrary code in the context of root. Was ZDI-CAN-23309.
https://www.cve.org/CVERecord?id=CVE-2024-7542
Also drop local patch that is no longer applicable, since upstream now
relies on HAS_BACKTRACE as well.
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
[Julien: remove .checkpackageignore entry to fix check-package error]
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 611a795cfc)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
