A basic Fedora 42 container does not have 'awk' installed, but it is
needed by Buildroot. First by check-host-python3.sh:
support/dependencies/check-host-python3.sh: line 6: awk: command not found
support/dependencies/check-host-python3.sh: line 19: awk: command not found
support/dependencies/check-host-python3.sh: line 19: awk: command not found
but then even building host-expat assumes awk is available:
config.status: creating Makefile
./config.status: line 1404: awk: command not found
config.status: creating expat.pc
./config.status: line 1404: awk: command not found
Since it's a pretty basic tool, make it part of the tools checked by
dependencies.sh. One minor annoyance is that check-host-python3.sh is
executed *before* dependencies.sh does its thing, so when 'awk' is not
available, we end up seeing:
support/dependencies/check-host-python3.sh: line 6: awk: command not found
support/dependencies/check-host-python3.sh: line 19: awk: command not found
support/dependencies/check-host-python3.sh: line 19: awk: command not found
which: no awk in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin)
You must install 'awk' on your build machine
make: *** [support/dependencies/dependencies.mk:27: dependencies] Error 1
It would be nice to have the awk check *before* it gets used in
check-host-python3.sh, but that's a topic for another patch.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 448ceefa78)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Changes:
Set GDB version number to 15.2.
[gdb/python] Make sure python sys.exit makes gdb exit
[gdb/symtab] Revert "Change handling of DW_TAG_enumeration_type in DWARF scanner"
[gdb/testsuite] Add regression test for PR32158
[gdb/testsuite] Add gdb.dwarf2/enum-type-c++.exp, regression test for PR31900.
gdb-15-branch: Clear the X86_XSTATE_MPX bit in XCRO for x32
Recognize -2 as a tombstone value in .debug_line
[gdb] Handle ^C during disassembly
Mark unavailable bytes of limited-length arrays when allocating contents
gdb/solib-frv: move lm_info object to solib
Fix loading a saved recording
Bump GDB's version number to 15.1.90.DATE-git.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit e40bf89e40)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Changes:
Set GDB version number to 16.3.
gstack: [downstream regression] Output file names and line numbers
Fix build failure for gdbserver's raw_compare self test
Fix gdbserver crashes on SVE/SME-enabled systems
gdb: allow selecting default fg/bg colors in tui mode
gdb: Fix assertion failure when inline frame #0 is duplicated
[gdb/tdep] Rewrite i386_canonicalize_syscall
[gdb/record] Fix out-of-bounds write in aarch64_record_asimd_load_store
gdb/dwarf: save DWARF version in dwarf2_loclist_baton, remove it from dwarf2_per_cu
Fix segfault if target_fileio_read_alloc fails
gdb/tui: use wrefresh if output is not surpressed
[gdb/corefiles] Fix segfault in core_target_open
Bump GDB's version number to 16.2.90.DATE-git.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit b793160964)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
This patch was commited upstream, and released as part of sqlite 3.49.1
However, the configuration system changed between sqlite 3.48 and 3.49
from autotools to autosetup, and this has proven challenging to support
in Buildroot (see `git log package/sqlite`), hence why we are still on
sqlite 3.48.
Therefore, until the package build infrastructure correctly supports
building sqlite 3.49, let's simply import the upstream patch to address
the CVE.
Note: the upstream patch is on the orignal sqlite sources. Buildroot is
using the sqlite "amalgamation" source archive, which basically
concatenate all the source files in a single "sqlite3.c" file. So the
patch was reformated to apply correctly on the sqlite release archive.
Fixes:
https://www.cve.org/CVERecord?id=CVE-2025-29087
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
[Julien:
- reformat patch to be applicable on amalgamated sqlite sources
- add comment in commit log about patch format
- add "Fixes:" in commit log
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 835b5659ea)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Since its introduction in commit [1], the
friendlyarm_nanopi_r3s_defconfig is failing to build with error:
Incorrect selection of kernel headers: expected 6.12.x, got 6.13.x
The error happens because the defconfig has:
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_12=y
and
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="6.13.4"
This commit fixes the issue by setting instead:
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="6.12.28"
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/9887216429
[1] 41734e00c0
Cc: Sergey Kuzminov <kuzminov.sergey81@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 74c4dd4150)
[Thomas:
Since this has been introduced in LTS branch I set the kernel
version to 6.12.x present in LTS instead of changing the linux header
version.
]
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
This commit adds BR2_DOWNLOAD_FORCE_CHECK_HASHES=y in the defconfig
and adds custom hash files. The exception entry in .checkpackageignore
is also removed.
Cc: Fabio Estevam <festevam@gmail.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 683681261b)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The 'bird' package with only the `BR2_PACKAGE_BIRD_BFD=y` protocol
enabled fails to build with the following error
```
bison -Dparse.lac=full -Dparse.error=verbose -dv -pcf_ -b obj/conf/cf-parse obj/conf/cf-parse.y
proto/bfd/config.Y:204.27-33: error: symbol 'ADDRESS' is used, but is not defined as a token and has no rules
204 | | bfd_show_sessions_args ADDRESS net_or_ipa { net_copy(&($$->address...
| ^~~~~~~
```
The `ADDRESS` token is defined only when certain protocols (e.g. OSPF,
RIP, RPKI, or BGP) are enabled. As a result, builds including any of
these protocols do not encounter the issue.
The issue can be reproduced with the commands:
cat >.config <<EOF
BR2_aarch64=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_PACKAGE_BIRD=y
BR2_PACKAGE_BIRD_BFD=y
# BR2_PACKAGE_BIRD_BGP is not set
EOF
make olddefconfig
make bird
This patch backports upstream commits that define the `ADDRESS` token
for the BFD protocol.
Fixes:
https://autobuild.buildroot.org/results/68c5dd84585a7018ad57ea3e7134748c08858ef7/
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
[Julien: add commands to reproduce the issue]
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 80cfdcb86b)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
This patch fixes the `S_IFMT` undeclared error in `statx.c` when musl
is used.
Signed-off-by: José Luis Salvador Rufo <salvador.joseluis@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 9a672635a1)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
This fixes a potential NULL pointer dereference
As a side note, this package has many opened CVEs, but upstream doesn't seem
to really consider them as security issues, see their disclaimer here:
https://github.com/yasm/yasm/blob/master/SECURITY.md
We could speculate that this disclaimer has been written as a consequence of
the many small CVEs opened in a short time, that don't have a substantial
security impact (besides the command line tool crashing). All of these small
CVEs have been opened for bug reports issued by a third party who used a
fuzzy tester to manipulate the assembler input
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 875f5670aa)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
This fixes the following CVE:
- CVE-2025-1492: The Bundle Protocol and CBOR dissectors could crash
It may be possible to make Wireshark crash by injecting a malformed
packet onto the wire or by convincing someone to read a malformed
packet trace file.
See https://www.wireshark.org/security/wnpa-sec-2025-01
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 032b268890)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Annoyingly, using "--disable warning" does not disable the warnings
checks.
It turns out that we look for "warnings" (i.e. with an 's') to know if
we should disable the warnings check, so update the help text
accordingly.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 92e7ab78d6)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Since commit fd562315, which updated waf to v2.1.1, Buildroot has
encountered issues building mpv, likely due to an outdated version of
the waf build system.
Starting with mpv v0.35, meson was introduced as an alternative to waf,
and in mpv v0.37, waf was completely removed.
This commit updates the mpv makefile to use meson, resolving the build
issues and simplifying future updates to newer versions of mpv.
All options previously used for Waf have been translated to the new
build system by replacing `--disable-feature` with `-Dfeature=disabled`
(and similarly for enabling features). Some features have special
handling:
- The `/usr` prefix is automatically passed to meson packages by
default.
- The Android feature "has been removed since meson can detect if a
machine is Android"[1].
- The `libmpv` parameter has been enabled in the makefile as `libmpv`
must be built by default with mpv.
- Meson packages automatically set whether the library should be built
statically using the `default_library` meson parameter.
- Meson automatically detects the presence of `libatomic` and passes the
correct argument to the linker. However, it is possible to set the
`stdatomic` meson parameter to specify whether `libatomic` must or
must not be used.
Fixes:
https://autobuild.buildroot.org/results/68d42441fc0da34e1bf2a4247726f5f4ec3b8e77/
[1]: 140ec21c89/DOCS/build-system-differences.md (L48)
Signed-off-by: Thomas Bonnefille <thomas.bonnefille@bootlin.com>
Tested-by: J. Neuschäfer <j.ne@posteo.net>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 8f69974c20)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Changelog:
- afa57cc libubus: add support for using channels
- d996988 libubus: close file descriptor after sending it from a request
- 252a9b0 libubus: Make UBUS_* macros work cleanly in C++
- 65bb027 CMakeLists.txt: bump minimum cmake version
- f84eb59 libubus: fix initial subscribe with autosubscribe
- 2b39a27 libubus: fix reconnect with auto subscribe
- b3e8c4e Add auto subscribe support
Signed-off-by: Lance Fredrickson <lancethepants@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9af9b4b304)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Changelog:
- 3868f47 blob: constify attr argument to blob_memdup
- eb9bcb6 ustream: prevent recursive calls to the read callback
- 12bda4b CI: add CodeQL workflow tests
- a2fce00 CI: add build test run
- c1be505 udebug: fix crash in udebug_entry_vprintf with longer strings
- 6339204 CMakeLists.txt: bump minimum cmake version
- ca3f6d0 udebug: fix file descriptor initialization for __udebug_buf_map
- df5b714 udebug: add mips specific quirk
- d27acfe udebug: add more checks for uninitialized buffers
- 40acbe3 udebug: wait for response after buffer add/remove
- e84c000 udebug: add inline helper function to test if a buffer is allocated
- 325fea5 udebug: add functions for manipulating entry length
- e80dc00 link librt if needed for shm_open
- 260ad5b udebug: add ulog support
- b77f2a4 uloop: fix build using C++ compilers
- d4c3066 udebug: add udebug library code
- b3fa3d9 uloop: reset flags after __uloop_fd_delete call
- 8a5a431 uloop: fix typo in signal handling rework
- f7d1569 uloop: properly initialize signal handler mask
- 13d9b04 uloop: add support for user defined signal handlers
- 82fa648 uloop: add support for interval timers
Signed-off-by: Lance Fredrickson <lancethepants@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 44c11a6862)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The package strongswan relies on the `wc_RsaKeyToDer` & `wc_MakeRsaKey`
functions of WolfSSL. Building this package with the WolfSSL backend
by selecting the variable `BR2_PACKAGE_STRONGSWAN_WOLFSSL` would give
the following error:
```
libtool: compile: /home/buildroot/instance-0/output-1/host/bin/sparc-linux-gcc -DHAVE_CONFIG_H -I. -I../../../.. -I../../../../src/libstrongswan -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -DWC_NO_RNG -rdynamic -Wno-format -Wno-format-security -Wno-implicit-fallthrough -Wno-missing-field-initializers -Wno-pointer-sign -Wno-sign-compare -Wno-type-limits -Wno-unused-parameter -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Og -g0 -include /home/buildroot/instance-0/output-1/build/strongswan-5.9.14/config.h -c wolfssl_ed_public_key.c -o wolfssl_ed_public_key.o >/dev/null 2>&1
wolfssl_rsa_private_key.c: In function 'get_encoding':
wolfssl_rsa_private_key.c:366:31: error: implicit declaration of function 'wc_RsaKeyToDer'; did you mean 'wc_EccKeyToDer'? [-Wimplicit-function-declaration]
366 | len = wc_RsaKeyToDer(&this->rsa, encoding->ptr, len);
| ^~~~~~~~~~~~~~
| wc_EccKeyToDer
libtool: compile: /home/buildroot/instance-0/output-1/host/bin/sparc-linux-gcc -DHAVE_CONFIG_H -I. -I../../../.. -I../../../../src/libstrongswan -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -DWC_NO_RNG -rdynamic -Wno-format -Wno-format-security -Wno-implicit-fallthrough -Wno-missing-field-initializers -Wno-pointer-sign -Wno-sign-compare -Wno-type-limits -Wno-unused-parameter -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Og -g0 -include /home/buildroot/instance-0/output-1/build/strongswan-5.9.14/config.h -c wolfssl_ec_private_key.c -o wolfssl_ec_private_key.o >/dev/null 2>&1
wolfssl_rsa_private_key.c: In function 'wolfssl_rsa_private_key_gen':
wolfssl_rsa_private_key.c:490:13: error: implicit declaration of function 'wc_MakeRsaKey'; did you mean 'wc_FreeRsaKey'? [-Wimplicit-function-declaration]
490 | if (wc_MakeRsaKey(&this->rsa, key_size, WC_RSA_EXPONENT, &this->rng) < 0)
| ^~~~~~~~~~~~~
| wc_FreeRsaKey
```
Those functions are only present when building the WolfSSL library with
the keygen supports (`--enable-keygen`).
This patch change the selected package to enable all the option of
WolfSSL, which include the keygen as well.
Fixes:
- https://autobuild.buildroot.org/results/d0e/d0e94f501ad1afd25ae4112443f9af101dfa5dea
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 6c18375434)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
This version bump removes CVE-2023-7152, which was incorrectly associated
with the micropython package in pkg-stats.
Although the CVE fix was already present in 1.22.0 the CVE only applied
to the preview version of 1.22.0. The CPE ID of the 1.22.0 matched with the
CPE ID of the 1.22.0 preview version as well.
This patch bumps to the latest patch-level version available in the 1.22.x
series to include additional fixes, rather than just adding the CVE to the
'MICROPYTHON_IGNORE_CVES' list.
The LICENSE hash has been updated, as the licenses used for the ports and
libraries have also been updated in the LICENSE file.
For more details on the version bump, see the release notes:
- https://github.com/micropython/micropython/releases/tag/v1.22.2
- https://github.com/micropython/micropython/releases/tag/v1.22.1
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 294e3a40bb)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
