All Go packages must depend on BR2_PACKAGE_HOST_GO_TARGET_ARCH_SUPPORTS,
which ensures that we do have a Go compiler available for that target.
BR2_PACKAGE_HOST_GO_TARGET_ARCH_SUPPORTS is currently restricted to the
availability of a full host Go compiler bootstrap. However, there are
architectures like AArch64 for which a full bootstrap is not supported.
Thus, currently, on an AArch64 host, we can't build Go packages (for
target or host), because we can't bootstrap a Go compiler.
However, note that a single Go compiler can generate code for all the
architectures supported by Go and for some host architectures, there are
pre-built toolchains available. When host-go-bin was added in commit
7b2a164b74 ("package/go/go-bin: new host-go provider"), the host
dependency was properly accounted for: It is already possible to build
host-go packages with go-bin. However, the fact that a Go compiler, in
addition to its native target, can also generate code for all supported
architectures, was missed at the time.
Thus, we can fix this problem by relaxing the condition under which
BR2_PACKAGE_HOST_GO_TARGET_ARCH_SUPPORTS is set to allowing go-bin
along with go-bootstrap. This allows a situation where the host can't
bootstrap, but for which there is a pre-built toolchain to build Go
packages for a supported target.
Signed-off-by: Florian Larysch <fl@n621.de>
Cc: Yann E. MORIN <yann.morin@orange.com>
Cc: Romain Naour <romain.naour@smile.fr>
Reviewed-by: Yann E. MORIN <yann.morin@orange.com>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
The previous method used to determine the --gcc-install-dir relied on
'ls' over the gcc installation path, which was fragile and failed in
cases where the external toolchain contained multiple gcc versions or
paths [1].
We replace it a more reliable approach using:
$(TARGET_CC) -print-search-dirs
This helps setup to register the desired GCC architecture if a
given toolchain packages includes multiple GCC architecture
installations. Which isn't possible using the actual method using 'ls'.
For example from James's report:
└── /opt/container/my-toolchain-2025.01.01.12345/lib/gcc/
├── aarch64-example-linux-gnu/
│ └── ...
├── i686-example-linux-gnu/
│ └── ...
└── x86_64-example-linux-gnu/
└── ...
Thanks to Romain Naour for suggesting this improved method.
[1] https://lore.kernel.org/buildroot/d1c773dc-8346-4077-946a-0d3b4e30a6c8@smile.fr/T/#t
Reported by: James Knight <git@jdknight.me>
Signed-off-by: El Mehdi YOUNES <elmehdi.younes@smile.fr>
Tested-by: James Knight <jdknight@jdknight.me>
Tested-by: James Knight <git@jdknight.me>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
When a br2-external tree has no defconfig, list-defconfig currently
whines with an error from find:
find: ‘[...]/my-external/configs’: No such file or directory
Fix that by only running find if the directory exists.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
When a br2-external tree description contains an odd number of single
quotes, list-defconfigs will fail with a shell error message:
/bin/sh: -c: line 1: unexpected EOF while looking for matching `"'
make[1]: *** [Makefile:1243: list-defconfigs] Error 2
Whoever wrote that code will have to write this sentence 100 times
on the blackboard:
Never, ever pass user-provided data in a printf format.
(see commit 49117c1028 (core: support description for br2-external
trees); dang, I knew it... And I should have known better when I wrote
that code, damit...)
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Grout automatically creates a TUN interface at runtime, so the target
kernel must have CONFIG_TUN enabled. Add a fix-up to ensure that option
is selected.
Signed-off-by: Maxime Leroy <maxime@leroys.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Toolchain failed to bootstrap with LP64F and LP64S ABIs.
As reported by Julien in [1]:
Testing the "lp64f" ABI with commands:
cat >.config <<EOF
BR2_loongarch64=y
BR2_LOONGARCH_FPU_32=y
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_USE_ARCH_DEFAULT_CONFIG=y
BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y
BR2_LINUX_KERNEL_NEEDS_HOST_LIBELF=y
BR2_TARGET_ROOTFS_EXT2=y
# BR2_TARGET_ROOTFS_TAR is not set
EOF
make olddefconfig
make
fails in host-gcc-initial with output:
Assembler messages:
/tmp/ccEkwSsD.s:28: Error: register save offset not a multiple of 8
/tmp/ccEkwSsD.s:30: Error: register save offset not a multiple of 8
/tmp/ccEkwSsD.s:50: Error: register save offset not a multiple of 8
See also autobuilder failures such as [2].
Testing the "lp46s" ABI with commands:
cat >.config <<EOF
BR2_loongarch64=y
BR2_LOONGARCH_FPU_NONE=y
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_USE_ARCH_DEFAULT_CONFIG=y
BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y
BR2_LINUX_KERNEL_NEEDS_HOST_LIBELF=y
BR2_TARGET_ROOTFS_EXT2=y
# BR2_TARGET_ROOTFS_TAR is not set
EOF
make olddefconfig
make
fails in host-gcc-final with output:
/buildroot/output/host/loongarch64-buildroot-linux-gnusf/bin/ld: cannot find crti.o: No such file or directory
/buildroot/output/host/loongarch64-buildroot-linux-gnusf/bin/ld: cannot find -lc: No such file or directory
/buildroot/output/host/loongarch64-buildroot-linux-gnusf/bin/ld: cannot find crtn.o: No such file or directory
See also autobuilder failures with as [3].
This commit marks those ABIs as broken at the moment to allow time
for investigation. Also, since gcc defaults to the "lp64d" ABI which
requires a 64bit FPU is present, the BR2_LOONGARCH_FPU_32 and
BR2_LOONGARCH_FPU_NONE options also needs to be marked as broken
as well. See [4].
[1] https://lore.kernel.org/buildroot/e17da108d1fb4e6abda26445dc053b35@free.fr/
[2] https://autobuild.buildroot.org/results/f98570293823867e6c43a1672e1a4b43ca1e4be5
[3] https://autobuild.buildroot.org/results/cf56c37fabcae964dbf4f96eb43a7e4d964452b6
[4] https://lore.kernel.org/buildroot/7b0f1cb629fce8a57d9b644b8beb8b2a@free.fr/
Cc: Mingcong Bai <jeffbai@aosc.io>
Cc: Xi Ruoyao <xry111@xry111.site>
Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
[Julien:
- add link to mailing list discussion
- add configuration to reproduce issues to help future investigations
- add links to autobuilder failures in commit log
- mark BR2_LOONGARCH_FPU_{32,NONE} as broken
]
Reviewed-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Version 95be71b matches with kernel 6.12.41.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Tested-by: Fiona Klute (WIWA) <fiona.klute@gmx.de>
[Fiona: tested on CM4 and Zero 2W, with the RPi bootloader
booting into U-Boot]
Signed-off-by: Julien Olivain <ju.o@free.fr>
When building a toolchain with kernel headers 6.1.x, the build fail
due to missing hash for linux-6.1.147.tar.xz
The hash was removed by mistake when bumping kernel 6.{6, 12, 15}.x
series.
Fixes: 51b27bad91
Cc: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
When building the libapparmor package with musl the following error
would appear:
```
test_multi.c: In function 'main':
test_multi.c:27:30: error: implicit declaration of function 'basename' [-Wimplicit-function-declaration]
27 | printf("File: %s\n", basename(argv[1]));
| ^~~~~~~~
test_multi.c:27:24: warning: format '%s' expects argument of type 'char *', but argument 2 has type 'int' [-Wformat=]
27 | printf("File: %s\n", basename(argv[1]));
| ~^ ~~~~~~~~~~~~~~~~~
| | |
| | int
| char *
| %d
make[3]: *** [Makefile:466: test_multi_multi-test_multi.o] Error 1
```
This error can be reproduced with the following:
```
cat >.config <<EOF
BR2_aarch64=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN_AARCH64_MUSL_BLEEDING_EDGE=y
BR2_PACKAGE_LIBAPPARMOR=y
EOF
make olddefconfig
make libapparmor
```
On musl libc the function `basename` is provided by included libgen.h.
This error has been addressed upstream in [1] by re-defining the
function `basename`.
[1] 7fb040bde6
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
[Peter: drop unrelated AUTORECONF change]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following vulnerability:
- CVE-2025-8177
A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as
critical. This issue affects the function setrow of the file
tools/thumbnail.c. The manipulation leads to buffer overflow. An
attack has to be approached locally. The patch is named
e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It is recommended to apply a
patch to fix this issue. This vulnerability only affects products that
are no longer supported by the maintainer.
For more information, see:
- https://www.cve.org/CVERecord?id=CVE-2025-8177
- https://gitlab.com/libtiff/libtiff/-/merge_requests/737
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following vulnerability:
- CVE-2025-8176
A vulnerability was found in LibTIFF up to 4.7.0. It has been declared
as critical. This vulnerability affects the function get_histogram of
the file tools/tiffmedian.c. The manipulation leads to use after free.
The attack needs to be approached locally. The exploit has been
disclosed to the public and may be used. The patch is identified as
fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a
patch to fix this issue.
For more information, see:
- https://www.cve.org/CVERecord?id=CVE-2025-8176
- https://gitlab.com/libtiff/libtiff/-/merge_requests/727
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
On my laptop (i5-8365U), running cross-tesseract-ocr in QEMU takes
longer than the default timeout (5s), causing the test to fail:
# time tesseract frame10.png output
Error in pixReadMemTiff: function not present
Error in pixReadMem: tiff: no pix returned
Error in pixaGenerateFontFromString: pix not made
Error in bmfCreate: font pixa not made
Estimating resolution as 157
real 0m 8.17s
user 0m 5.36s
sys 0m 2.79s
So extend the assertRunOk() timeout with ~2x that similar to how it is done
for the gst-launch-1.0 pipeline.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This patch corrects the spelling of 'Xilinx' in the help menu for the
qemu package.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Back in commit
44a6b7866c ("configs/qemu_sh4*: switch
to initramfs"), the Qemu SuperH defconfigs were switched to initramfs
due to a bug in the Qemu disk emulation.
However, the initramfs solution has an issue: if the initramfs is
slightly too large (like just 6 MB!), the system no longer boots.
Since the disk emulation problem has apparently been resolved in Qemu
10 (according to testing), let's switch back to this.
In addition to essentially reverting
44a6b7866c, we also need to adjust the
kernel configuration so that the kernel takes its command line for the
bootloader (in our case from the Qemu -append option). Otherwise an
hardcoded command line is used, which doesn't mount /dev/sda as the
root filesystem.
This update has been tested on Gitlab CI:
https://gitlab.com/tpetazzoni/buildroot/-/pipelines/1968267919
Thanks to Romain Naour for pointing to the initramfs size as being the
issue.
Cc: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Fixes the following vulnerability:
CVE-2025-8194: There is a defect in the CPython “tarfile” module affecting
the “TarFile” extraction and entry enumeration APIs. The tar implementation
would process tar archives with negative offsets without error, resulting in
an infinite loop and deadlock during the parsing of maliciously crafted tar
archives.
https://nvd.nist.gov/vuln/detail/CVE-2025-8194https://www.openwall.com/lists/oss-security/2025/07/28/1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Fixes the following security issues:
GNUTLS-SA-2025-07-08-1 CVE-2025-32989
Severity Medium; Heap read buffer overflow
When an X.509 certificate contains an SCT (signed certificate timestamp)
extension and its length field is malformed, the library could read the memory
buffer past the boundary. The issue was reported in the issue tracker as
<https://gitlab.com/gnutls/gnutls/-/issues/1695>.
------------------------------------------------------------------------------
GNUTLS-SA-2025-07-08-2 CVE-2025-32988
Severity Low; Memory corruption on error path
When any error occurs during exporting a certificate with an otherName in the
SAN (subject alternative name) extension, the library could potentially double
free the ASN.1 structure. The issue was reported in the issue tracker as
<https://gitlab.com/gnutls/gnutls/-/issues/1694>.
------------------------------------------------------------------------------
GNUTLS-SA-2025-07-08-3 CVE-2025-32990
Severity Low; Heap write buffer overflow
When the certtool program is invoked with a template file with a number of
string pairs for a single keyword, a NULL pointer could be written past the
memory boundary. The issue was reported in the issue tracker as
<https://gitlab.com/gnutls/gnutls/-/issues/1696>.
------------------------------------------------------------------------------
GNUTLS-SA-2025-07-08-4 CVE-2025-6395
Severity Medium; Denial of service
When a TLS 1.3 handshake involves a Hello Retry Request and the second
Client Hello omits the PSK which was present in the first Client Hello,
the GnuTLS server can dereference a NULL pointer. The issue was reported
in the issue tracker as <https://gitlab.com/gnutls/gnutls/-/issues/1718>.
https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This commit updates the ARC toolchain components to the 2024.12
release, keeping the same patches.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
package/binutils and package/gcc both allow to use upstream versions
on ARC, but package/gdb allows using only the ARC version. Adjust the
packaging to align package/gdb with package/binutils and package/gcc,
so that upstream versions of gdb can be built for ARC.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The SBOM is easier to read if the dependencies are sorted alphabetically.
Signed-off-by: Fabien Lehoussel <fabien.lehoussel@smile.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add options to customize the project name and version in the generated SBOM
metadata and set buildroot generate-cyclonedx as a tool in the metadata
section.
Signed-off-by: Fabien Lehoussel <fabien.lehoussel@smile.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This makes it more readable and easier to quickly identify basic information.
Signed-off-by: Fabien Lehoussel <fabien.lehoussel@smile.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The ecvt(), fcvt(), and gcvt() functions from stdlib.h, used by the SIO
library packaged with the xinetd sources, are masked by _GNU_SOURCE in
musl libc.
Signed-off-by: Aaron Sierra <aaron@bubbl-tek.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Changelog (see [1]):
ver 3.9:
Fix issue with Access Point mode and frequency unlocking.
Fix issue with network configuration and BSS retry logic.
Fix issue with handling busy notification from Access Point.
Fix issue with handling P-192, P-224 and P-521 for SAE.
ver 3.8:
Fix issue with handling unit tests and missing kernel features.
ver 3.7:
Fix issue with handling length of EncryptedSecurity.
Fix issue with handling empty affinities lists.
Fix issue with handling survey scanning results.
Fix issue with handling duplicate values in DPP URI.
ver 3.6:
Fix issue with handling blacklisting and roaming requests.
Fix issue with handling CQM thresholds for FullMAC devices.
Add support for PMKSA when using FullMAC devices.
ver 3.5:
Add support for option to disable blacklist handling.
Add support for option to disable SAE for broken drivers.
ver 3.4:
Add support for the Test Anything Protocol.
ver 3.3:
Fix issue with handling External Authentication.
ver 3.2:
Fix issue with GCC 15 and -std=c23 build errors.
Add support for using PMKSA over SAE if available.
Add support for HighUtilization/StationCount thresholds.
Add support for disabling Multicast RX option.
ver 3.1:
Fix issue with handling OWE transition BSS selection.
Fix issue with handling oper class 136 starting frequency.
[1] https://git.kernel.org/pub/scm/network/wireless/iwd.git/tree/ChangeLog?h=3.9
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Changelog (see [1]):
ver 0.79:
Fix issue with D-Bus client and watch removal handling.
Fix issue with D-Bus client and service name handling.
Fix issue with D-Bus proxy and filter rule handling.
ver 0.78:
Fix issue with random ECC scalar generation.
ver 0.77:
Add support for precheck feature for unit tests.
Add support for license variable for pkg-config.
ver 0.76:
Fix issue with random scalar generation.
ver 0.75:
Add support for converting OID octets to strings.
Add support for NIST P-224 cuve usage with ECDH.
Add support for NIST P-521 cuve usage with ECDH.
Add support for SHA-3 series of hashing algorithms.
ver 0.74:
Add support for NIST P-192 curve usage with ECDH.
Add support for SHA-224 based checksums and HMACs.
ver 0.73:
Fix issue with parsing hwdb.bin child structures.
ver 0.72:
Add support for the Test Anything Protocol.
ver 0.71:
Fix issue with GCC 15 and -std=c23 build errors.
ver 0.70:
Add support for helper function for safe memcpy.
[1] https://git.kernel.org/pub/scm/libs/ell/ell.git/tree/ChangeLog?h=0.79
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Julien Olivain <ju.o@free.fr>
