Adds support for BeagleY-AI board by introducing the
beagley_ai_defconfig file and related support files.
The BeagleY-AI uses the TI J722S SoC, also known as AM67A, also
known as TDA4VEN or TDA4AEN.
Retrieve BSP settings from meta-ti (may be useful for other TI boards):
- Set BR2_TARGET_ARM_TRUSTED_FIRMWARE_TARGET_BOARD = "lite"
meta-ti-bsp/conf/machine/include/j722s.inc:TFA_BOARD = "lite"
- Set BR2_TARGET_UBOOT_NEEDS_ATF_BL31 to provide BL31 variable pointing
to ATF bl31.bin to the U-Boot build process [1].
- Set BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL32_OPTEE to OP-TEE as BL32
secure payload. meta-ti set "SPD=opteed" to build ATF [2].
- Set BR2_TARGET_OPTEE_OS_PLATFORM to "k3-am62x".
meta-ti uses the OPTEEMACHINE to set optee-os platform [3].
meta-ti]$ git grep OPTEEMACHINE
meta-ti-bsp/conf/machine/include/j722s.inc:OPTEEMACHINE = "k3-am62x"
- Use am67a_beagley_ai_a53 and am67a_beagley_ai_r5 u-boot
defconfigs introduced in u-boot v2025.07 [4]
- u-boot distroboot (bootflow) detect extlinux.conf file from the first
SDcard partition, so we have to install the kernel and its dtb file.
Use devicetreedir instead of devicetree in extlinux.conf file to
avoid hardcoding the devicetree file name. TI boards are able to
retrieve dtb file name from an EEPROM (see TI_I2C_BOARD_DETECT in
uboot).
- Use 6.15.6 stable release instead of the latest 6.12 LTS since the
k3-j722s support was only introduced in 6.11 kernels.
- Provide a hash file for all custom package version
(arm-trusted-firmware, linux, ti-k3-r5-loader, uboot) to enable
BR2_DOWNLOAD_FORCE_CHECK_HASHES.
[1] https://git.yoctoproject.org/meta-ti/commit/?id=e74b9a1746d4d04757c87c1920a0f743e55ff096
[2] https://git.yoctoproject.org/meta-ti/tree/meta-ti-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-ti.inc?h=09.02.00.004#n7
[3] https://git.yoctoproject.org/meta-arm/tree/meta-arm/recipes-security/optee/optee-os.inc?h=4.0.3#n23
[4] b27c94958b
More information about the board can be found at:
https://www.beagleboard.org/boards/beagley-ai
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The patch bumps the Linux kernel to version 6.12.23-ti-arm32-r11 and
U-Boot to version 2025.07.
Tested on beaglebone black.
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This patch bumps:
- U-Boot to version v2025.07
- Linux kernel to version 6.12.36 (LTS)
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Reviewed-by: Bryan Brattlof <bb@ti.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Adding _GNU_SOURCE to CFLAGS was necessary to fix the following error
raised during the compilation of the new version:
ufs_emon.c: In function ‘do_emon’:
ufs_emon.c:455:51: error: ‘O_DIRECT’ undeclared (first use in this function); did you mean ‘O_DIRECTORY’?
455 | fill_data_fd = open("fill_file", O_RDWR | O_DIRECT | O_CREAT,
| ^~~~~~~~
| O_DIRECTORY
ufs_emon.c:455:51: note: each undeclared identifier is reported only once for each function it appears in
This _GNU_SOURCE define was added upstream in commit [1] in the Makefile
default CFLAGS, but since Buildroot redefines those it needs to be added
back.
Release notes:
https://github.com/SanDisk-Open-Source/ufs-utils/releases/tag/v7.14.11
[1] 183e0deb28
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
[Julien: add link to upstream commit to justify _GNU_SOURCE]
Signed-off-by: Julien Olivain <ju.o@free.fr>
This brings the init script in line with current standards, including
PID file management.
The chown & chmod commands in the check_device function will run only
for systems without udev, and the permissions have been adjusted to
those udev would set.
Signed-off-by: Fiona Klute (WIWA) <fiona.klute@gmx.de>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Default policies should go to /usr/share, /etc should be used to
override them locally if needed.
Signed-off-by: Fiona Klute (WIWA) <fiona.klute@gmx.de>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Read the announcement: https://lwn.net/ml/all/xmqq5xg2wrd1.fsf@gitster.g/
This fixes the following vulnerabilities:
- CVE-2025-27613 (Gitk):
When a user clones an untrusted repository and runs Gitk without
additional command arguments, any writable file can be created and
truncated. The option "Support per-file encoding" must have been
enabled. The operation "Show origin of this line" is affected as
well, regardless of the option being enabled or not.
https://www.cve.org/CVERecord?id=CVE-2025-27613
- CVE-2025-27614 (Gitk):
A Git repository can be crafted in such a way that a user who has
cloned the repository can be tricked into running any script
supplied by the attacker by invoking `gitk filename`, where
`filename` has a particular structure.
https://www.cve.org/CVERecord?id=CVE-2025-27614
- CVE-2025-46835 (Git GUI):
When a user clones an untrusted repository and is tricked into
editing a file located in a maliciously named directory in the
repository, then Git GUI can create and overwrite any writable
file.
https://www.cve.org/CVERecord?id=CVE-2025-46835
- CVE-2025-48384:
When reading a config value, Git strips any trailing carriage
return and line feed (CRLF). When writing a config entry, values
with a trailing CR are not quoted, causing the CR to be lost when
the config is later read. When initializing a submodule, if the
submodule path contains a trailing CR, the altered path is read
resulting in the submodule being checked out to an incorrect
location. If a symlink exists that points the altered path to the
submodule hooks directory, and the submodule contains an executable
post-checkout hook, the script may be unintentionally executed
after checkout.
https://www.cve.org/CVERecord?id=CVE-2025-48384
- CVE-2025-48385:
When cloning a repository Git knows to optionally fetch a bundle
advertised by the remote server, which allows the server-side to
offload parts of the clone to a CDN. The Git client does not
perform sufficient validation of the advertised bundles, which
allows the remote side to perform protocol injection.
This protocol injection can cause the client to write the fetched
bundle to a location controlled by the adversary. The fetched
content is fully controlled by the server, which can in the worst
case lead to arbitrary code execution.
https://www.cve.org/CVERecord?id=CVE-2025-48385
- CVE-2025-48386:
The wincred credential helper uses a static buffer (`target`) as a
unique key for storing and comparing against internal storage. This
credential helper does not properly bounds check the available
space remaining in the buffer before appending to it with
`wcsncat()`, leading to potential buffer overflows.
https://www.cve.org/CVERecord?id=CVE-2025-48386
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
See the release notes:
- https://github.com/irontec/sngrep/releases/tag/v1.7.0
- https://github.com/irontec/sngrep/releases/tag/v1.8.0
- https://github.com/irontec/sngrep/releases/tag/v1.8.1
- https://github.com/irontec/sngrep/releases/tag/v1.8.2
This fixes the following vulnerabilities:
- CVE-2024-3119:
A buffer overflow vulnerability exists in all versions of sngrep since
v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID' SIP
headers. The functions sip_get_callid and sip_get_xcallid in sip.c use
the strncpy function to copy header contents into fixed-size buffers
without checking the data length. This flaw allows remote attackers to
execute arbitrary code or cause a denial of service (DoS) through
specially crafted SIP messages.
https://www.cve.org/CVERecord?id=CVE-2024-3119
- CVE-2024-3120:
A stack-buffer overflow vulnerability exists in all versions of sngrep
since v1.4.1. The flaw is due to inadequate bounds checking when
copying 'Content-Length' and 'Warning' headers into fixed-size buffers
in the sip_validate_packet and sip_parse_extra_headers functions
within src/sip.c. This vulnerability allows remote attackers to
execute arbitrary code or cause a denial of service (DoS) via crafted
SIP messages.
https://www.cve.org/CVERecord?id=CVE-2024-3120
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Since the version bump of sudo to 1.9.17p1 [1], the sed command in
SUDO_ENABLE_SUDO_GROUP_RULE no longer matches the the line in the
example sudoers file shipped with the sudo package. This is due to
upstream commit [2].
This commit fixes the regexp to match the new sudoers file.
[1] ee86844e63
[2] 7c121ff834
Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
[Julien: add link to upstream commit introducing the issue]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Since the mbedtls bump to v3.6 [1] the libiec61850 package is failling
on the autobuilder with the following error:
```
[ 2%] Building C object hal/CMakeFiles/hal.dir/tls/mbedtls/tls_mbedtls.c.o
/workdir/instance-0/output-1/build/libiec61850-1.6.0/hal/tls/mbedtls/tls_mbedtls.c: In function 'compareCertificates':
/workdir/instance-0/output-1/build/libiec61850-1.6.0/hal/tls/mbedtls/tls_mbedtls.c:122:17: error: 'mbedtls_x509_crt' has no member named 'sig'
122 | if (crt1->sig.len == crt2->sig.len)
| ^~
/workdir/instance-0/output-1/build/libiec61850-1.6.0/hal/tls/mbedtls/tls_mbedtls.c:122:34: error: 'mbedtls_x509_crt' has no member named 'sig'
122 | if (crt1->sig.len == crt2->sig.len)
| ^~
...
```
The logic to support mbedtls v3 is already present on the version
present in buildroot.
This patch ensures that the CMake build uses the mbedtls headers and
libraries provided by buildroot rather than the bundled copy.
By setting the following variable the mbedtls v3.6 is correctly found
during the configuration of the package.
```
Found mbedtls 3.6 -> can compile HAL with TLS 1.3 support
```
[1] 3481a9643f package/mbedtls: bump to version 3.6.3.1
Fixes: https://autobuild.buildroot.org/results/5fc/5fca384510d2fb9dd1d01736dee34b53339d62ff/build-end.log
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Since [1] when trying to build this package with mbedtls v3.6 the
following error is happening:
```
player.h:12:10: fatal error: mbedtls/havege.h: No such file or directory
12 | #include <mbedtls/havege.h>
| ^~~~~~~~~~~~~~~~~~
compilation terminated.
```
This error can be reproduced with the following config:
```
cat <<EOF >.config
BR2_arm=y
BR2_cortex_a7=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_PACKAGE_MBEDTLS=y
BR2_PACKAGE_SHAIRPORT_SYNC=y
EOF
make olddefconfig
make
```
This patch backport the upstream commit [2] that add support for
mbedtls v3.
[1] 3481a9643f package/mbedtls: bump to version 3.6.3.1
[2] d73b585c6f
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Since the mbedtls bump to v3.6 [1] the ustream-ssl package is failling
on the autobuilder with the following error:
```
In file included from /home/buildroot/instance-0/output-1/build/ustream-ssl-68d09243b6fd4473004b27ff6483352e76e6af1a/ustream-internal.h:25,
from /home/buildroot/instance-0/output-1/build/ustream-ssl-68d09243b6fd4473004b27ff6483352e76e6af1a/ustream-ssl.c:25:
/home/buildroot/instance-0/output-1/build/ustream-ssl-68d09243b6fd4473004b27ff6483352e76e6af1a/ustream-mbedtls.h:24:10: fatal error: mbedtls/certs.h: No such file or directory
24 | #include <mbedtls/certs.h>
| ^~~~~~~~~~~~~~~~~
compilation terminated.
```
This error can be reproduced with the following config:
```
cat <<EOF >.config
BR2_arm=y
BR2_cortex_a7=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_PACKAGE_MBEDTLS=y
BR2_PACKAGE_USTREAM_SSL=y
EOF
make olddefconfig
make
```
This patch backport upstream commit that address the compatibility with
mbedtls v3.6.
- [2] rename the `_random` function used by the mbedtls functions
- [3] update `mbedtls_pk_parse_keyfile` function to support new mbedtls
definition and use `mbedtls_pk_get_type`.
[1] 3481a9643f package/mbedtls: bump to version 3.6.3.1
[2] 0001-ustream-mbedtls-use-getrandom-instead-of-dev-urandom.patch
[3] 0002-ustream-mbedtls-add-compatibility-with-mbed-tls-3-0-0.patch
Fixes: https://autobuild.buildroot.org/results/c20/c20dac7cbe5def2c6036d2e1d06de0bfea68b57c
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Xen currently fails to build for 32-bit Arm v7 with binutils >= 2.41,
with the following error:
proc-v7.S:33: Error: junk at end of line, first unrecognized character is `#'
The failure can be reproduced with the commands:
cat >.config <<EOF
BR2_arm=y
BR2_cortex_a9=y
BR2_ARM_ENABLE_VFP=y
BR2_ARM_EABIHF=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_PACKAGE_XEN=y
BR2_PACKAGE_XEN_HYPERVISOR=y
BR2_PACKAGE_XEN_TOOLS=y
EOF
make olddefconfig
make xen
Backport a patch from Xen 4.18 plus one patch it depends on to fix the
build.
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Alistair Francis <alistair@alistair23.me>
[Julien:
- reword commit title
- add commands to reproduce the issue in commit log
- add missing SoB lines to patches
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Commit 1e97b27873 ("ccache: support changing the output directory") added
the CCACHE_BASEDIR logic, but added a comment (presumably from cut'n'paste)
about compilercheck instead, fix that.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Switch to meson build system.
Remove an upstreamed patch.
The license files are now gathered in the LICENSES folder.
Add support for the libsocketcan library.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
[Julien:
- use "git describe --tags" format in commit title
- use "git describe --tags --abbrev=40" in _VERSION
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
The error appears on autobuilder with the build using GCC14:
FAILED: ncmpc.p/src_Styles.cxx.o
In file included from ../src/Styles.cxx:7:
/home/buildroot/instance-0/output-1/host/microblazeel-buildroot-linux-gnu/sysroot/usr/include/libintl.h:39:14: error: expected unqualified-id before 'const'
39 | extern char *gettext (const char *__msgid)
| ^~~~~~~
/home/buildroot/instance-0/output-1/host/microblazeel-buildroot-linux-gnu/sysroot/usr/include/libintl.h:39:14: error: expected ')' before 'const'
../src/i18n.h:22:20: note: to match this '('
22 | #define gettext(x) (x)
| ^
[80/102] Compiling C++ object ncmpc.p/src_xterm_title.cxx.o
[81/102] Compiling C++ object ncmpc.p/src_db_completion.cxx.o
[82/102] Compiling C++ object ncmpc.p/src_signals.cxx.o
ninja: build stopped: subcommand failed.
make: *** [package/pkg-generic.mk:273: /home/buildroot/instance-0/output-1/build/ncmpc-0.49/.stamp_built] Error 1
make: Leaving directory '/home/buildroot/instance-0/buildroot'
Starting GCC14 the C++ standard library includes libintl.h that contains
a definition of gettext which caused a clash with the definition present
in ncmpc. This patch resolved this build error seen in [1] by
backporting an upstream commit [2] that renamed the internal gettext
implementation.
Applying the commits of [2], fixes the build error [1].
[1] https://autobuild.buildroot.org/results/cb2/cb292f2c99cdca742a8f52dbfc25f193fe513c6e/build-end.log
[2] 249b62fc9f
Fixes: https://autobuild.buildroot.org/results/cb2/cb292f2c99cdca742a8f52dbfc25f193fe513c6e/build-end.log
Signed-off-by: Tim Soubry <tim.soubry@mind.be>
[Julien:
- mention gcc-14 in commit title
- remove patch numbering to fix check-package error
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
With gcc 15-20241117 compile fails with the below error, update the
do_version declaration to match the header in command.h
../../parted/parted.c: In function '_init_commands':
../../parted/parted.c:2469:9: error: passing argument 2 of 'command_create' from incompatible pointer type [-Wincompatible-pointer-types]
2469 | do_version,
| ^~~~~~~~~~
| |
| int (*)(void)
In file included from ../../parted/parted.c:28:
../../parted/command.h:35:39: note: expected 'int (*)(PedDevice **, PedDisk **)' {aka 'int (*)(struct _PedDevice **, struct _PedDisk **)'} but argument is of type 'int (*)(void)'
35 | int (*method) (PedDevice** dev, PedDisk** diskp),
| ~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Upstream: https://cgit.git.savannah.gnu.org/cgit/parted.git/commit/?id=16343bda6ce0d41edf43f8dac368db3bbb63d271
Fixes:
https://autobuild.buildroot.org/results/283f52d50ffef91d82a1bdc1f4dde1d54c5ffc23/build-end.log
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
[Julien: reword commit title]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Since upstream commit [1], first included in version 1.6.0,
libunwind supports 64-bit riscv, at least with glibc.
[1] abd15da8af
Signed-off-by: Vladimir Kondratiev <vladimir.kondratiev@mobileye.com>
[Julien: add link to upstream commit and fix version in commit log]
Signed-off-by: Julien Olivain <ju.o@free.fr>
This is just a minor upgrade for fixed deprecation warning
Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
[Julien: fix hash file spacing to resolve check-package error]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Since the mbedtls bump to v3.6 [1] the libuhttpd fails to build with the
following error:
```
[ 8%] Building C object src/ssl/CMakeFiles/xssl.dir/mbedtls.c.o
.../buildroot/output/build/libuhttpd-3.14.1/src/ssl/mbedtls.c:52:10: fatal error: mbedtls/certs.h: No such file or directory
52 | #include <mbedtls/certs.h>
| ^~~~~~~~~~~~~~~~~
compilation terminated.
```
This error can be reproduced with the following config:
```
cat <<EOF >.config
BR2_arm=y
BR2_cortex_a7=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_PACKAGE_MBEDTLS=y
BR2_PACKAGE_LIBUHTTPD=y
EOF
make olddefconfig
make
```
The compatibility with mbedtls v3 has been addressed upstream in the
zhaojh329/ssl project included as a submodule of libuhttpd [2].
This patch backport this upstream commit to be applied on the submodule
directory. This required adaptation of the line numbers (see [3]) and
renaming a function reference passed as parameter of
'mbedtls_pk_parse_keyfile' caused by the commit [4].
[1] 3481a9643f package/mbedtls: bump to version 3.6.3.1
[2] 28cc9b5d98
[3] 8092b5a490 (diff-fbc46fa2db83f8649ccf1f46c6a044473b7b228edc7d4c0f7cc04b5a879f6fb7)
[4] 0e7d2f73d7 (diff-fbc46fa2db83f8649ccf1f46c6a044473b7b228edc7d4c0f7cc04b5a879f6fb7R92)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
nilfs-utils provides an "nilfs.h" header file and libnilfs.so that other
packages which depend upon it may require in order to build.
Signed-off-by: Matt Silva <dev@matt-silva.com>
[Romain: add libnilfs.so in commit log]
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Building at91bootstrap3 with GCC 15 fails with:
include/types.h:23:23: error: ‘bool’ cannot be defined via ‘typedef’
23 | typedef unsigned char bool;
| ^~~~
include/types.h:23:23: note: ‘bool’ is a keyword with ‘-std=c23’ onwards
This is due to GCC 15 defaulting to the C23 language dialect.
Signed-off-by: Edgar Bonet <bonet@grenoble.cnrs.fr>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
It is a portable Python 3.x interpreter, written in C11. It has no
dependencies other than the C standard library, which can be easily
integrated into your C/C++ project
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
