38494a0a61
This commit adds four upstream patches fixing the CVE-2025-31115 vulnerability. The reason there is four patches instead of one is to exactly follow the advisory recommendation [1], which proposes the patch [2]. This patch is in fact a concatenation of four commits. In Buildroot, we track package patches as formatted by git, with extra "Upstream:" headers. The patch [2] was split here in four for a clearer traceability. With the addition of those patches, the XZ_IGNORE_CVES is set accordingly. Fixes: https://www.cve.org/CVERecord?id=CVE-2025-31115 [1] https://github.com/tukaani-project/xz/security/advisories/GHSA-6cc8-p5mm-29w2 [2] https://tukaani.org/xz/xz-cve-2025-31115.patch Signed-off-by: Julien Olivain <ju.o@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Buildroot is a simple, efficient and easy-to-use tool to generate embedded Linux systems through cross-compilation. The documentation can be found in docs/manual. You can generate a text document with 'make manual-text' and read output/docs/manual/manual.text. Online documentation can be found at http://buildroot.org/docs.html To build and use the buildroot stuff, do the following: 1) run 'make menuconfig' 2) select the target architecture and the packages you wish to compile 3) run 'make' 4) wait while it compiles 5) find the kernel, bootloader, root filesystem, etc. in output/images You do not need to be root to build or run buildroot. Have fun! Buildroot comes with a basic configuration for a number of boards. Run 'make list-defconfigs' to view the list of provided configurations. Please feed suggestions, bug reports, insults, and bribes back to the buildroot mailing list: buildroot@buildroot.org You can also find us on #buildroot on OFTC IRC. If you would like to contribute patches, please read https://buildroot.org/manual.html#submitting-patches