When a new gcc version is introduced, for example gcc 15 in
commit [1], it should have also added a "depends on
!BR2_ARCH_NEEDS_GCC_AT_LEAST_15" to the previous gcc version.
This logic is described for external toolchains in commit [2],
for example. The internal Buildroot toolchains should have the
same logic. This logic existed for previous gcc version. See for
example the removal of gcc 12 in commit [3].
There is usually no problem, because all the three latest active gcc
versions supports all CPUs present in Buildroot.
However, the commit [4] recently added the support for the Arm
Cortex-A720 CPU, which needs at least gcc 14. Since there is no
logic preventing the selection of the gcc version, it is possible
to select an unsupported gcc version (i.e. gcc 13).
In such a case, the host-gcc-initial package configuration fails
with output:
Unknown cpu used in --with-cpu=cortex-a720
This commit fixes the issue by adding those missing dependencies.
Fixes:
https://autobuild.buildroot.org/results/918b90aee0b65f01efc241622015cb847b4e23a8/
[1] 75891397ab
[2] f577d8218f
[3] 58cf7c51da (66f7e875db173e5538d3511c8297acc1ba30da33_27_25)
[4] de374e06d8
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Strongswan allows to specify a path for PID and UNIX socket files at
compile time via the --with-piddir argument.
This is especially useful when Strongswan is running inside a container
where we may not want to share/mount the default path of /var/run inside
the container.
Let's add an option to configure the piddir.
Considering this is a critical path, let's add a default value to the
string option (which is currently the same as strongswan's default when
the option is missing) so that it is stable across strongswan releases
in Buildroot.
Signed-off-by: Martin Elshuber <martin.elshuber@theobroma-systems.com>
[Quentin: rewriting of commit title and commit log]
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Julien Olivain <ju.o@free.fr>
strongSwan allows to drop unneeded capabilities[1] after the IKE daemon
has been started, based on libcap, so let's allow that via a config
option.
While the "native" (capset) way of dropping capabilities is supported,
it is deprecated so its support is not added in Buildroot.
While the documentation specifically mentions the IKE daemon (charon) as
being the one impacted by this change, the ifdefery with this autotools
option exists in various libraries in the source code, hence why this is
kept independent from the charon Kconfig option status.
[1] https://docs.strongswan.org/docs/latest/install/reducedPrivileges.html#_dropping_capabilities
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Changelog:
https://codeberg.org/gumbo-parser/gumbo-parser/releases
Release 0.11.0 onwards dropped the 'v' version prefix in the tarball
name, so drop it on our side as well.
The patch no longer applied cleanly and needed to be refreshed.
It was also submitted to the new upstream, the upstream link is
updated accordingly.
A local test build was done with the toolchain from the config that
originally triggered the build to fail due to lack of C++ support:
http://autobuild.buildroot.org/results/a32b5d3b959433fd5c3543661c37f80d27fbd010
It is worth noting that we still build using autotools which is
deprecated in this version of gumbo-parser (in favor of meson).
The license file location was moved in a "doc" subdirectory, in upstream
commit [1]. This commit reflect that change.
[1] 814e2b43f7
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
[Julien: fix license file location which has moved to "doc/"]
Signed-off-by: Julien Olivain <ju.o@free.fr>
The new test requires a br2-external directory because we compile a
small test program on the host and install it on the target, but it's
not useful to have it in the main Buildroot package tree.
The test program loads and parses a sample HTML document. Taking
inspiration from 'examples/get_title.c' in gumbo-parser, it also
searches for the title of the document just to check that we can do
more than the parsing.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Development on Google's GitHub repository has stopped a long time ago.
A fork exists on Codeberg, and multiple distributions (Fedora, Arch
Linux, ...) are already using it (see [1]).
Update the source URL to use the new upstream location.
The new upstream has a different hash for the 0.10.1 tarball, so
update it as well.
[1]: https://repology.org/project/gumbo-parser/versions
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This test verifies that we can run nginx with the modsecurity
directives.
It also checks a very simple rule that blocks requests containing the
keyword "blockme".
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
[Julien:
- add / at directory end in DEVELOPERS
- sort DEVELOPERS entries alphabetically
- remove unneeded test configs already present in
BASIC_TOOLCHAIN_CONFIG
- sort test config directives alphabetically
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Backport the upstream patch that fixes the following build error when
compiling for mips with gcc 15:
In file included from mips-opc.c:29:
mips-opc.c: In function 'decode_mips_operand':
mips-formats.h:86:7: error: expected identifier or '(' before
'static_assert'
86 | static_assert[(1 << (SIZE)) == ARRAY_SIZE (MAP)]; \
| ^~~~~~~~~~~~~
The patch is already part of upstream binutils 2.44, so we only need
it for 2.42 and 2.43.1.
All 3 versions we have of host-binutils were build-tested using the
defconfig from the autobuilder failure (see the link below) and gcc 15
on the host.
Fixes:
- https://autobuild.buildroot.org/results/873/873ec25cf01d5f2b9ae7044e0b1d8d8791b781e6/
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The upstream Github repository payden/libwebsock is no longer available,
and its URL now redirects to some completely unrelated software.
We don't know for sure what happened, but at least the package does not
build anymore, because its source code has vanished.
Since no other buildroot package depends on libwebsock, and it hasn't
received any update; let's simply remove it from here.
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This fixes the following CVE:
- CVE-2025-29481:
Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to
execute arbitrary code via the bpf_object__init_prog` function of libbpf.
Fixes:
https://www.cve.org/CVERecord?id=CVE-2025-29481
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
[Julien: add direct link to CVE in commit log]
Signed-off-by: Julien Olivain <ju.o@free.fr>
Actually DTB_LIST accepts only file and not files with relative path
preprended. This leads to have vfat without .dtb files and so Linux
doesn't start. Let's fix this by including slash in sed command as done
for mxc as well as basename in front of $dt.dtb to remove possible
useless folders present in the dts path. Let's also add set -e at the
top of the script to make it more verbose on error and modify this
section according to spellcheck as done for mxc.
This commit align this "mxs/post-image.sh" with its "imx/post-image.sh"
counterpart which was improved for arm64 in commit [1].
[1] 4755bf2bd4
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
[Julien:
- change space indentation to tabs for consistency
- add note in commit log about imx/post-image.sh
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
This patch allows to use an external toolchain based on gcc 15.
Signed-off-by: Edgar Bonet <bonet@grenoble.cnrs.fr>
[Julien: change spaces to tabs to fix check-package errors]
Signed-off-by: Julien Olivain <ju.o@free.fr>
For release notes since edk2-stable202411, see:
https://github.com/tianocore/edk2/releases/tag/edk2-stable202502https://github.com/tianocore/edk2/releases/tag/edk2-stable202505
Note: the edk2-stable202505 release note mention a security fix.
This fix was already backported in Buildroot in a previous commit.
For that reason, this bump is not marked as securiy, and also
removes the backported patch and its associated _IGNORE_CVES entry.
Those versions include fixes when using gcc 15 (host and target).
This commit also updates the edk2-platforms and edk2-non-osi packages
with the last commit merged at the edk2 release date (2025-05-23).
In the case of edk2-platforms, the commit id used in this update
is few days later, to include a fix for the Arm Sgi575 platform.
Exact commit should have been [1] (to be exactly aligned to the edk2
tag date), but commit [2] is used instead. The package edk2-non-osi is
updated to commit [3].
Also, the SocioNext SynQuacer platforms (including the DeveloperBox)
were removed upstream in edk2-platforms commit [4]. This commit
reflect that change by removing those platforms choices and associated
runtime tests.
This commit has been runtime tested with tests using EDK2 package,
with commands:
support/testing/run-tests \
-d dl -o output_folder \
tests.boot.test_edk2 \
tests.boot.test_grub.TestGrubAArch64EFI \
tests.boot.test_grub.TestGrubi386EFI \
tests.boot.test_grub.TestGrubRiscV64EFI \
tests.boot.test_grub.TestGrubX8664EFI \
tests.fs.test_iso9660.TestIso9660Grub2EFI \
tests.fs.test_iso9660.TestIso9660Grub2Hybrid \
tests.package.test_fwts
It has also been runtime tested (by booting in qemu) with defconfigs
using EDK2 package:
qemu_aarch64_sbsa_defconfig
qemu_riscv64_virt_efi_defconfig
[1] 2bfe3fa99e
[2] 92f7d69e8a
[3] ea2040c2d4
[4] aaba5807f1
Cc: Dick Olsson <hi@senzilla.io>
Cc: Romain Naour <romain.naour@smile.fr>
Cc: Vincent Stehlé <vincent.stehle@arm.com>
Tested-by: Vincent Stehlé <vincent.stehle@arm.com>
Reviewed-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
gnu-efi fails to build if TOPDIR is exported in the environment since the
move to version 3.0.18 in commit 9efeb7e914 ("package/gnu-efi: bump to
version 3.0.18").
The reason is the change in TOPDIR logic introduced by upstream commit
31913f8489 ("Make: make TOPDIR actually work and get rid of unused CDIR"):
31913f8489
export TOPDIR=foo; make gnu-efi
...
/path/to/buildroot/output-gnuefi/host/bin/aarch64-linux-ld: cannot find
/path/to/buildroot/output-gnuefi/build/gnu-efi-4.0.0//apps/../aarch64/gnuefi/crt0-efi-aarch64.o:
No such file or director
make[2]: *** [Makefile:89: apps] Error 2
make[1]: *** [package/pkg-generic.mk:273: /path/to/buildroot/output-gnuefi/build/gnu-efi-4.0.0/.stamp_built] Error 2
make: *** [Makefile:23: _all] Error 2
As a workaround, unexport TOPDIR like we do for other sensitive environment
variables.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The list of environment variables to unexport has grown organically over the
years and is no longer sorted. Sort it alphabetically for clarity.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The current homepage URL leads to an HTTP 404 error.
Fix it by using the homepage URL currently mentioned in mupdf's git
repository.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Following the bump of systemd to 257.5 in commit
7d8d48cd2b, the installation of
systemd-boot fails with:
/usr/bin/install -D -m 0644 /home/thomas/projets/buildroot/outputs/3/build/systemd-257.5/buildroot-build/src/boot/efi/systemd-bootx64.efi /home/thomas/projets/buildroot/outputs/3/images/efi-part/EFI/BOOT/bootx64.efi
/usr/bin/install: cannot stat '/home/thomas/projets/buildroot/outputs/3/build/systemd-257.5/buildroot-build/src/boot/efi/systemd-bootx64.efi': No such file or directory
Indeed, the systemd-bootx64.efi binary is no longer produced in
buildroot-build/src/boot/efi/, but in buildroot-build/src/boot/.
No autobuilder failures have been found corresponding to this issue,
but it can be reproduced with:
BR2_x86_64=y
BR2_x86_corei7=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN_X86_64_CORE_I7_GLIBC_BLEEDING_EDGE=y
BR2_INIT_SYSTEMD=y
BR2_SYSTEM_BIN_SH_NONE=y
BR2_SYSTEM_DEFAULT_PATH="/bin:/sbin:/usr/bin:/usr/sbin"
# BR2_PACKAGE_BUSYBOX is not set
BR2_PACKAGE_SYSTEMD_BOOT=y
# BR2_TARGET_ROOTFS_TAR is not set
Most likely this was caused by upstream commit
97318131fd06a5bc35454da81dcbbc84f16d9940, even though we didn't check
if this commit was really the culprit.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Commit 0fce7a9623 ("package/libcurl: fix build w/ threads + c-ares") added a
conditional for threads + c-ares, but ended up with a end-parenthesis too
many - so the condition is never true. Fix that.
Reported-by: Tibault Damman <tibault.damman@basalte.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is the first tagged version of the package, so replace commit SHA
with version tag.
Change log since last version bump:
d8a8358a7207 mmc-utils: Pass key_mac buffer to rpmb_get_key()
a23ad7875b89 mmc-utils: Start to use the generic print_usage function
e769d44ecb77 mmc-utils: Introduce a generic print_usage function
6586fa5535dc mmc-utils: Simplify and streamline print_help function
ec75d4b3b671 mmc-utils: Remove unused adv_help member from struct Command
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Reviewed-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In Linux v6.8, the rtla Makefile was rewritten :
01474dc706ca ("tools/rtla: Use tools/build makefiles to build rtla")
The new Makefile uses default linker values, so the host linker being used to
produce the final rtla binary.
This results in the following error :
ld: [...] trace.o: error adding symbols: file in wrong format
Add LD=$(TARGET_LD) to the RTLA_MAKE_OPTS to fix rtla cross-compilation.
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
Reviewed-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
According to
https://lists.samba.org/archive/samba-technical/2025-June/139484.html:
A new update, version 7.4, of cifs-utils has been released today.
Users of cifs-utils version 7.3 on older kernels are encouraged to
update to 7.4 since it includes a fix for a mount problem with version
7.3 of cifs-utils on older kernels when using namespaces.
[...]
Detailed list of changes since version 7.3 was released
----------------------------------------------------------------
Enzo Matsumiya (1):
mount.cifs: retry mount on -EINPROGRESS
Henrique Carvalho (1):
cifs.upcall: correctly treat UPTARGET_UNSPECIFIED as UPTARGET_APP
Paulo Alcantara (1):
cifs.upcall: fix memory leaks in check_service_ticket_exits()
Pavel Shilovsky (1):
cifs-utils: bump version to 7.4
Z. Liu (2):
getcifsacl, setcifsacl: use <libgen.h> for basename
cifscreds: use <libgen.h> for basename
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Buildroot commit 8f69974c20 switched the
buildsystem of mpv from waf to meson but forgot to remove a patch which
fixed a waf-related build error.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Update to the current release. We now need the recently added
vulkan-sdk to have access to the volk loader. Update the depends
comments appropriately.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
[Julien:
- reword commit log title to use bash brace-expansion style
- remove "vulkan-sdk" from Kconfig comment
- remove newline before Kconfig help section
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
The principle component of this is the new volk meta-loader which is
required for more recent versions of vulkan-tools. There does seem to
be a little confusion with github Releases lagging behind tagged
versions of the sdk. I've gone for the latest SDK version to stay as
closely aligned to the rest of the system as I can.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
[Julien: remove _SOURCE to fix a check-package warning]
Signed-off-by: Julien Olivain <ju.o@free.fr>
This version bump is needed for compatibility with the upcoming bump of
ffmpeg to version 7.1.x.
Use the new configure option disable_rpi_features to allow building for
non-rbpi defconfigs.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
[Julien: use "git describe --tags --abbrev=40" format in _VERSION]
Signed-off-by: Julien Olivain <ju.o@free.fr>
