For a long while now, we only support building GCC >= 8.x, so the
dependency of BR2_GCC_ENABLE_GRAPHITE on GCC >= 5.x is useless, drop
it, together with the corresponding Config.in comment.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The libcilkrts library was removed from gcc 8.x, and gcc 8.x is the
oldest version we allow building (to still support PowerPC SPE). So it
means the BR2_GCC_SUPPORTS_LIBCILKRTS is basically dead code because:
default y if !BR2_TOOLCHAIN_GCC_AT_LEAST_8
Will never evaluate to 'y' in current Buildroot.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
The hash for the GCC 10.4.0 tarball should have been removed a long
time ago, when support for GCC 10.x has been removed.
Fixes: d37a8f3a2e ("package/gcc: remove gcc 10.x")
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Now that we have added support for GCC 15.x, made GCC 14.x the
default, let's drop support for GCC 12.x.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Now that GCC 15.x support has been added, follow our usual strategy of
making GCC 14.x the default GCC version.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Changelog:
https://gcc.gnu.org/gcc-15/changes.html
NIOS II support has been removed, and we removed it from Buildroot
some time ago.
AArch64 ILP32 support has been deprecated, but we never supported it
in Buildroot.
In the stack of patches, just keep patch 0001.
Indeed, from 14.2.0:
- 0002-libsanitizer-also-undef-_TIME_BITS-in-sanitizer_proc.patch is
upstream as of commit fa321004f3f6288d3ee2eefa6b02177131882dca
- 0003-libquadmath-Fix-up-libquadmath-math-sqrtq.c-compilat.patch is
upstream as of commit 3ac02e67503ccffa3dfeeffc0a60fce6bdaca43b
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
In order to add gcc 15 support in follow-up commits, introduce
BR2_TOOLCHAIN_GCC_AT_LEAST_15 symbol.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Add a new initscript to save the date and time to the hardware clock
on shutdown.
Signed-off-by: Michael Walle <michael@walle.cc>
[Arnout:
- package as hwclock-initscript instead of buildroot-initscripts;
- mention in help text that it isn't needed at boot;
- rewrite initscript according to our usual pattern;
- fix shellcheck errors.
]
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
Back when the imx-gpu-viv package was enabled on AArch64 in commit
84afda9ca6, the fb output option was not
enabled.
However, according to meta-freescale [0] the framebuffer output can be
enabled on IMX8 by using the wayland libraries together with egl.pc.
[0] https://git.yoctoproject.org/meta-freescale/tree/recipes-graphics/imx-gpu-viv/imx-gpu-viv-6.inc
This commit does enable fb output on AArch64, which requires a few
precautions as the imx-gpu-viv logic is a bit convoluted:
- FB on ARM is supported using "pure" framebuffer libraries. However,
a specific egl.pc is needed: egl_linuxfb.pc. The supporting
libraries are found in the fb/ subdirectory in imx-gpu-viv "code".
- FB on AArch64 is supported using libraries that are linked with
wayland and libdrm, even though wayland/libdrm is obviously not used
for framebuffer output. pkg-config wise, this configuration can use
the default egl.pc. The supporting libraries are found in the
wayland/ subdirectory in imx-gpu-viv "code", as oddly as it seems.
- Wayland on ARM on AArch64 is supported using libraries that are
obviously linked against wayland and libdrm. pkg-config wise, egl.pc
needs to be symlinked to egl_wayland.pc.
This patch solves this situation by introducing a hidden boolean
option BR2_PACKAGE_IMX_GPU_VIV_USES_WAYLAND that indicates whether
wayland/libdrm is used by the currently selected output. This is of
course true when BR2_PACKAGE_IMX_GPU_VIV_OUTPUT_WL, but also when
BR2_PACKAGE_IMX_GPU_VIV_OUTPUT_FB on AArch64.
Signed-off-by: Daniel Lang <d.lang@abatec.at>
[Thomas: quite significant rework compared to the submission from
Daniel Lang, so we didn't keep the Reviewed-by from Gary Bisson]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In preparation for some rework of the package, let's rename the
IMX_GPU_VIV_LIB_TARGET variable to IMX_GPU_VIV_OUTPUT to make it match
the BR2_PACKAGE_IMX_GPU_VIV_OUTPUT config option it corresponds to.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issues:
- CVE-2025-23166: Improper error handling in async cryptographic operations
crashes process
- CVE-2025-23165: Corrupted pointer in node::fs::ReadFileUtf8(const
FunctionCallbackInfo<Value>& args) when args[0] is a string
https://nodejs.org/en/blog/vulnerability/may-2025-security-releases
Update the license hash for the addition of zstd 1.5.6 (BSD-3-Clause):
f9f611fb58
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Fixes the following security issues:
CVE-2025-24223
Versions affected: WebKitGTK and WPE WebKit before 2.48.2.
Credit to rheza (@ginggilBesel) and an anonymous researcher.
Impact: Processing maliciously crafted web content may lead to
memory corruption. Description: The issue was addressed with
improved memory handling.
WebKit Bugzilla: 287577
CVE-2025-31204
Versions affected: WebKitGTK and WPE WebKit before 2.48.2.
Credit to Nan Wang (@eternalsakura13).
Impact: Processing maliciously crafted web content may lead to
memory corruption. Description: The issue was addressed with
improved memory handling.
WebKit Bugzilla: 291506
CVE-2025-31205
Versions affected: WebKitGTK and WPE WebKit before 2.48.2.
Credit to Ivan Fratric of Google Project Zero.
Impact: A malicious website may exfiltrate data cross-origin.
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 290992
CVE-2025-31206
Versions affected: WebKitGTK and WPE WebKit before 2.48.2.
Credit to an anonymous researcher.
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash. Description: A type confusion issue was
addressed with improved state handling.
WebKit Bugzilla: 290834
CVE-2025-31215
Versions affected: WebKitGTK and WPE WebKit before 2.48.2.
Credit to Jiming Wang and Jikai Ren.
Impact: Processing maliciously crafted web content may lead to an
unexpected process crash. Description: The issue was addressed with
improved checks.
WebKit Bugzilla: 288814
CVE-2025-31257
Versions affected: WebKitGTK and WPE WebKit before 2.48.2.
Credit to Juergen Schmied of Lynck GmbH.
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash. Description: This issue was addressed with
improved memory handling.
WebKit Bugzilla: 290985
https://webkitgtk.org/security/WSA-2025-0004.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The current version was more than 3 years old and had known CVEs (see
CVE-2023-36328). Since this is a host only package, we don't consider
this as a security bump.
This upgrade allows the removal of the two patches currently applied:
- The commit 1b57b62, which fixes the build with autoconf 2.72, is
already included upstream.
- We no longer need to use the JSON-PP module, as it is now
optional (commit 13d3bcf).
Also, since the latest version of Heimdal no longer depends on
e2fsprogs, the host-e2fsprogs dependency has been removed.
Signed-off-by: Guillaume Chaye <guillaume.chaye@zeetim.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since the bump of Samba to version 4.21.4 in commit
716461af94, <crypt.h> is needed, due to
upstream comit 0dccda38f27b3bbda5d2a4de588a333ff554651a. Since
<crypt.h> is no longer provided by glibc, a dependency on libxcrypt is
needed, to avoid the following build failure:
../../lib/util/util_crypt.c:5:10: fatal error: crypt.h: No such file or directory
5 | #include <crypt.h>
| ^~~~~~~~~
compilation terminated.
This has not been detected by the autobuilders, presumably because a
lot of glibc configurations end up having libxcrypt selected by other
packages, but the issue is reproducible by building:
BR2_arm=y
BR2_cortex_a9=y
BR2_ARM_ENABLE_VFP=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_PACKAGE_SAMBA4=y
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
HEIMDAL_INSTALL_STAGING = YES makes no sense since the package was
introduced in 56258f491b ("heimdal: new
package") since it's a host only package.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[Arnout: give a bit more explanation, simplify the example]
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
casync-nano is an implementation of a subset of the features of casync,
optimized for performing OTA updates on embedded systems.
Signed-off-by: Florian Larysch <fl@n621.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The python-pyproj package was introduced in
7c65b4484e, and it selects
BR2_PACKAGE_PROJ, but forgot to propagate its dependencies, so let's
do that.
Fixes:
WARNING: unmet direct dependencies detected for BR2_PACKAGE_PROJ
Depends on [n]: BR2_INSTALL_LIBSTDCPP [=n] && BR2_TOOLCHAIN_GCC_AT_LEAST_4_7 [=y] && BR2_TOOLCHAIN_HAS_THREADS_NPTL [=y] && BR2_USE_WCHAR [=y]
Selected by [y]:
- BR2_PACKAGE_PYTHON_PYPROJ [=y] && BR2_PACKAGE_PYTHON3 [=y]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Releases have been made to several skarnet.org packages[1]. The biggest
change is that static libraries are installed to /usr/lib by default.
https://skarnet.org/lists/skaware/2098.html
Some COPYRIGHT hashes changed because the copyright years were updated.
Signed-off-by: J. Neuschäfer <j.neuschaefer@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The prefix already defaults to /, so --prefix=/ is unnecessary. An
alternative course of action would be to start setting --prefix=/usr.
Signed-off-by: J. Neuschäfer <j.neuschaefer@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issue:
CVE-2025-22247: open-vm-tools contains an insecure file handling
vulnerability.
https://github.com/vmware/open-vm-tools/tree/CVE-2025-22247.patch
The upstream patch needs to be applied with -p2, so drop the open-vm-tools
prefix (sed -i 's|open-vm-tools/||g') and include it here.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
