For change log since v2.3.4, see:
- https://github.com/FluidSynth/fluidsynth/releases/tag/v2.3.5
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0215a6d6f6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Wireless regulatory database lists the allowed radio frequencies for
each local jurisdiction. Since linux-4.15 the kernel supports loading
the files regulatory.db/regulatory.db.p7s directly from the
/lib/firmware directory. Currently this package is not enabled and
kernel complains with the following message on every boot:
"""
platform regulatory.0: Direct firmware load for regulatory.db failed
with error -2
cfg80211: failed to load regulatory.db
"""
Add wireless regulatory database package to fix the issue.
Signed-off-by: Konstantin Aladyshev <aladyshev22@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 16e9f51490)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since the toolchain Bootlin update to 2023.11-1 [1], the arm Linux
kernel build is broken with binutils >= 2.41 with:
arch/arm/mm/proc-v7.S: Assembler messages:
arch/arm/mm/proc-v7.S:640: Error: junk at end of line, first unrecognized character is `#'
A similar issue has already be fixed for qemu m68k [2].
Bump to the latest kernel 4.19 that already include the backport
of 790756c7e022 ("ARM: 8933/1: replace Sun/Solaris style flag on section directive")
[1] 7e0e6e3b86
[2] a1ce9474e4
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/6703222383
Signed-off-by: Romain Naour <romain.naour@smile.fr>
(cherry picked from commit 7e126bd38d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The commit [1] updated the u-boot version with the one used by
orangepi_zero_plus2_defconfig but the dependency on openssl
was forgotten.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/6703221868
[1] eb16148ddd
Signed-off-by: Romain Naour <romain.naour@smile.fr>
(cherry picked from commit bc75b09b1c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
GCC14 now treats implicit int types as error so when check() from
check-lxdialog.sh is called to check whether we can link against ncurses
it will fail silently and the help text indicating to install ncurses is
printed.
However, this is not due to missing ncurses but once the stderr redirect
to /dev/null is removed we can see the root cause:
<stdin>:2:1: error: return type defaults to ‘int’ [-Wimplicit-int]
So, in order for menuconfig to work with GCC14 lets just specify the
return type of main() as int.
Npte that the upstream kconfig in the linux kernel source tree no longer
carries or uses the check-lxdialog.sh script since commit 1c5af5cf9308
(kconfig: refactor ncurses package checks for building mconf and nconf),
so there is no commit we can backport to our kconfig copy.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Tested-by: Petr Vorel <petr.vorel@gmail.com>
[yann.morin.1998@free.fr: add note about upstream kernel]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit a6210d28db)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- set CPE_ID_VENDOR to silence mismatched CVE-2001-0956 ([1], [2]) warning
clearly aiming some other product/version ("speechd 0.54 with Festival or
rsynth speech synthesis package")
[1] https://security-tracker.debian.org/tracker/CVE-2001-0956
[2] https://github.com/advisories/GHSA-67cw-4jhh-3jm7
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 206527347c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
https://github.com/moby/moby/releases/tag/v26.0.2
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 49c8154ee7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2024-32473: Ensure IPv6 is disabled on interfaces only allocated an IPv4
address by the engine
https://github.com/moby/moby/security/advisories/GHSA-x84c-p2g9-rqv9
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 8e37a887e6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2021-3575: A heap-based buffer overflow was found in openjpeg in
color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An
attacker could use this to execute arbitrary code with the permissions of
the application compiled against openjpeg.
Signed-off-by: Angelo Compagnucci <angelo.compagnucci@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ff36bc68cd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
To ensure the correct prefix is used in the generated tinycbor.pc instead of
/usr/local:
>>> tinycbor 0.6.0 Building
..
sed > tinycbor.pc < tinycbor.pc.in \
-e 's,@prefix@,/usr/local,' \
-e 's,@exec_prefix@,/usr/local,' \
-e 's,@libdir@,/usr/local/lib,' \
-e 's,@includedir@,/usr/local/include,' \
-e 's,@version@,0.6.0,'
>>> tinycbor 0.6.0 Installing to staging directory
..
install -m 644 tinycbor.pc /path/to/buildroot/output/host/aarch64-buildroot-linux-gnu/sysroot/usr/lib/pkgconfig/tinycbor.pc
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b059e08420)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because
strcpy is used instead of strncpy.
Signed-off-by: Angelo Compagnucci <angelo.compagnucci@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit dfaa34ddd3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Devoogdt <thomas@devoogdt.com>
Reviewed-by: J. Neuschäfer <j.neuschaefer@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 32753c6f9d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
cpe:2.3🅰️ttyd_project:ttyd is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/detail/DBEDA75E-4E19-48C1-92D7-43E4035BC048
Signed-off-by: TIAN Yuanhao <tianyuanhao3@163.com>
[yann.morin.1998@free.fr: Move to its own patch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 7d4ba7eaf9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
/dev/shm is a world-writable directory, like /tmp, and should also
have the sticky bit set. Without this, any user can delete and
replace another user's files in /dev/shm.
This bug has been present since /dev/shm was added to the skeleton
/etc/fstab, but appears to have been fixed for systems using systemd
by commit 76fc9275f1 "system: separate sysv and systemd parts of the
skeleton" which went into Buildroot 2017.08.
Signed-off-by: Ben Hutchings <ben.hutchings@mind.be>
Fixes: 22fde22e35
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 0b2967e158)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
TestATFVexpress is using vexpress_aemv8a_juno as as u-boot defconfig
but the Buildroot defconfig of this board was removed in 2022.11 [1]
Since both TestATFVexpress and TestATFAllwinner are now using mainline
ATF, we don't really need several ATF test anymore. Initially [2],
several runtime test were added to test ATF/U-Boot combinations when
ATF was provided by a vendor: vexpress (mainline), Allwinner and
Marvell.
Keep TestATFAllwinner as ATF mainline test.
[1] 347c108738
[2] 8cf3ce04e9
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 107bcd536d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
u-boot-2021.04 seems to be broken when pylibfdt support is enabled
and the latest python3/setuptools are used.
Since the TestATFAllwinner is using bananapi_m64 as u-boot defconfig
but the Buildroot defconfig of this board was removed in 2022.11 [1]
update TestATFAllwinner to use a newer BSP. Use the one provided
by orangepi_zero_plus2_defconfig.
[1] daf3c6661f
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/6477656317 (TestATFAllwinner)
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit eb16148ddd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The last version bump removed python-pyopenssl runtime dependency but
doing so also removed the python-cryptography runtime depdency [1] that
is actually a direct runtime dependency.
While at it, update BR2_PACKAGE_HOST_RUSTC_TARGET_ARCH_SUPPORTS
dependency comment.
[1] 6008f2b1b9
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/6477656983 (TestPythonPy3ServiceIdentity)
Cc: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ee074ddf6f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The last version bump removed python-setuptools runtime dependency
but doing so also removed the python3-pyexpat and python3-zlib
runtime depdencies [1] that are actually direct runtime
dependencies.
[1] 081162580f
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/6477656982 (TestPythonPy3Segno)
Cc: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d4833cc14d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since the toolchain Bootlin update to 2023.11-1 [1], the arm Linux
kernel build is broken with binutils >= 2.41 with:
arch/arm/mm/proc-v7.S: Assembler messages:
arch/arm/mm/proc-v7.S:640: Error: junk at end of line, first unrecognized character is `#'
A similar issue has already be fixed for qemu m68k [2].
Bump to the latest kernel 4.19 that already include the backport
of 790756c7e022 ("ARM: 8933/1: replace Sun/Solaris style flag on section directive")
[1] 7e0e6e3b86
[2] a1ce9474e4
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/6414160106 (TestFileCapabilities)
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 07ef00df9b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
zlib is an optional dependency (enabled by default) since bump to
version 3.2.0 in commit 8280400fba and
3954e5cd9e
Fixes: 8280400fba
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4b7aeee28e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
--with-xdebug is not recognized since the addition of the package in
commit 7b7dffd098:
configure: WARNING: unrecognized options: --disable-gtk-doc, --disable-gtk-doc-html, --disable-doc, --disable-docs, --disable-documentation, --with-xmlto, --with-fop, --disable-dependency-tracking, --enable-ipv6, --disable-nls, --with-xdebug
Fixes: 7b7dffd098
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 98ee9f8b49)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
zlib is an optional dependency dependency (enabled by default) since the
addition of the package in commit
8aaa7ecbce
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 05f5e5b6f8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When python performs a cross compile, it uses a host interpreter to run
steps on behalf of the foreign architecture to finalize the build.
When performing these steps, foreign modules may be loaded if the SOABI
matches that of the host. This can lead to issues if the modules are
linked against a libc not available on the host or if the binaries
include instructions unsupported by the host.
For now, patch the foreign libraries out of PYTHONPATH and explicitly
define the path to sysconfigdata so builds can complete without error.
This method currently passes all upstream CI pipelines [0] and should
also work (with some modifications) for the migration to 3.12 [1].
Fixes: http://autobuild.buildroot.net/results/c854080e003e9a7d525325073190b472a8f982aa/
[0]: https://github.com/python/cpython/pull/116294
[1]: https://lists.buildroot.org/pipermail/buildroot/2024-February/685369.html
Signed-off-by: Vincent Fazio <vfazio@gmail.com>
Tested-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit d01e13c4d4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since crucible commit 7fe0bb96da65 ("move to BSD style license") the
license has been changed to BSD-3. This changed happened for the
2023.11.02 release of crucible, to which the Buildroot package was
bumped in Buildroot commit be3f95ed14.
Change the license type and hash accordingly.
Fixes:
- http://autobuild.buildroot.net/results/14dfa0a47be54929c527c12fe9b95f34c1d8c7f5/
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9f4cae383a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Support i.MX91
- Fix a crash with -d option when change back file.
Release notes:
https://github.com/nxp-imx/mfgtools/releases/tag/uuu_1.5.177
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit dfe02734bf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
tests are enabled by default since the addition of the package in commit
5d74d39cb4
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e9e3579555)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Although -Wmain-return-type is not considered as error (unlike
-Wimplicit-int), but just a warning, let's fix it for the future.
<stdin>:1:1: warning: return type of 'main' is not 'int' [-Wmain-return-type]
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3c9d067590)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
openssl is optional, not mandatory since the addition of the package in
commit 8aaa7ecbce
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit b097ed3a4b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with gcc >= 13:
In file included from ../src/basic/macro.h:446,
from ../src/basic/alloc-util.h:10,
from ../src/shared/install.c:12:
../src/shared/install.c: In function ‘install_changes_dump’:
../src/shared/install.c:444:64: error: ‘%s’ directive argument is null [-Werror=format-overflow=]
444 | err = log_error_errno(changes[i].type, "Failed to %s unit, unit %s does not exist.",
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/e0d6b7d41fefec539a17a3ef5c89c192ce29fd04
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 066c3e67d7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix a potential denial of service caused by accepting arbitrary
length primes as potential elliptic curve parameters in ASN.1
encodings. With very large inputs the primality verification
can become computationally expensive. Now any prime field larger
than 1024 bits is rejected immediately.
https://botan.randombit.net/news.html#version-3-3-0-2024-02-20
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 2fcc74594c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Vulnerabilities
- [High] CVE-2024-0901 Potential denial of service and out of bounds
read. Affects TLS 1.3 on the server side when accepting a connection
from a malicious TLS 1.3 client. If using TLS 1.3 on the server side
it is recommended to update the version of wolfSSL used.
- [Med] CVE-2024-1545 Fault Injection vulnerability in
RsaPrivateDecryption function that potentially allows an attacker
that has access to the same system with a victims process to perform
a Rowhammer fault injection.
- [Med] Fault injection attack with EdDSA signature operations. This
affects ed25519 sign operations where the system could be susceptible
to Rowhammer attacks.
No official tarball provided so switch to github and set autoreconf
https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 3a2891621c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The LIBS environment variable is ignored since bump to version 1.0.1 and
switch to cmake build system in commit
203725a46b resulting in the following
build failure:
/home/buildroot/autobuild/run/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-musleabihf/12.3.0/../../../../arm-buildroot-linux-musleabihf/bin/ld: CMakeFiles/clamonacc.dir/inotif/hash.c.o: in function `onas_ht_add_hierarchy':
hash.c:(.text+0xa84): undefined reference to `fts_open'
Fixes: 203725a46b
- http://autobuild.buildroot.org/results/fe71ab29d02caeed609f1a181fccbd46b6feff65
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit b526b2aa15)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This bump will fix the following build failure with gcc 5 raised since
bump to version 57 in commit 65c8a9b662
thanks to
4e618f77d4:
In file included from /home/buildroot/autobuild/run/instance-1/output-1/host/opt/ext-toolchain/mips-linux-gnu/include/c++/5.3.0/cstdint:35:0,
from ../cpp/INIReader.h:17,
from ../cpp/INIReader.cpp:16:
/home/buildroot/autobuild/run/instance-1/output-1/host/opt/ext-toolchain/mips-linux-gnu/include/c++/5.3.0/bits/c++0x_warning.h:32:2: error: #error This file requires compiler and library support for the ISO C++ 2011 standard. This support is currently experimental, and must be enabled with the -std=c++11 or -std=gnu++11 compiler options.
#error This file requires compiler and library support for the \
^
https://github.com/benhoyt/inih/releases/tag/r58
Fixes: 65c8a9b662
- http://autobuild.buildroot.org/results/7a5ba516cde536e103669a0422d336dd8a3b1dbc
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit bfa4dd299f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This bump will fix the following build failure with libressl raised
since commit 9d8f9c73a2:
SSLeay.c: In function 'XS_Net__SSLeay_X509_policy_tree_free':
SSLeay.c:17730:9: error: unknown type name 'X509_POLICY_TREE'
17730 | X509_POLICY_TREE * tree = INT2PTR(X509_POLICY_TREE *,SvIV(ST(0)))
| ^~~~~~~~~~~~~~~~
https://metacpan.org/dist/Net-SSLeay/changes
Fixes: 9d8f9c73a2
- http://autobuild.buildroot.org/results/974b7cdd275249c888fc6205f6ca31a3cf28b18f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 241b18b51e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
