This repository was archived by the owner on Jun 28, 2021. It is now read-only.
Update buildroot fork to latest upstream master#8
Open
tmagik wants to merge 10000 commits intosifive:masterfrom
Open
Update buildroot fork to latest upstream master#8tmagik wants to merge 10000 commits intosifive:masterfrom
tmagik wants to merge 10000 commits intosifive:masterfrom
Conversation
This commit also updates olimex_a20_olinuxino_lime_defconfig olimex_a20_olinuxino_lime2_defconfig to use this new rootfs_overlay_mali directory. This is to differentiate for the upcoming patch for a20_olinuxino_micro_defconfig Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com> [Julien: add extra info in commit log] Signed-off-by: Julien Olivain <ju.o@free.fr>
…o 2026.01 The patch: * bumps Linux kernel to version 6.18.8 * bumps U-Boot to version 2026.01 * forces check hashes * switches to extlinux Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com> [Julien: change linux.hash comment to use hash from upstream] Signed-off-by: Julien Olivain <ju.o@free.fr>
The patch: * bumps Linux kernel to version 6.18.8 * bumps U-Boot to version 2026.01 * forces check hashes * switches to extlinux Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com> [Julien: change linux.hash comment to use hash from upstream] Signed-off-by: Julien Olivain <ju.o@free.fr>
The patch: * bumps Linux kernel to version 6.18.8 * bumps U-Boot to version 2026.01 * bumps ATF to version 2.14.0 * forces check hashes * switches to extlinux Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com> [Julien: change linux.hash comment to use hash from upstream] Signed-off-by: Julien Olivain <ju.o@free.fr>
libxmslec1 build fails on some configurations with the following build
logs:
CC libxmlsec1_openssl_la-kw_des.lo
kw_des.c:75:8: error: unknown type name 'xmlSecKWDes3Klass'; did you mean 'xmlSecKWAesKlass'?
75 | static xmlSecKWDes3Klass xmlSecOpenSSLKWDes3ImplKlass = {
| ^~~~~~~~~~~~~~~~~
| xmlSecKWAesKlass
kw_des.c:77:5: error: initialization of 'int' from 'int (*)(struct _xmlSecTransform *, xmlSecByte *, size_t, size_t *)' {aka 'int (*)(struct _xmlSecTransform *, unsigned char *, long unsigned int, long unsigned int *)'} makes integer from pointer without a cast [-Wint-conversion]
77 | xmlSecOpenSSLKWDes3GenerateRandom, /* xmlSecKWDes3GenerateRandomMethod generateRandom; */
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
kw_des.c:77:5: note: (near initialization for 'xmlSecOpenSSLKWDes3ImplKlass')
kw_des.c:77:5: error: initializer element is not computable at load time
kw_des.c:77:5: note: (near initialization for 'xmlSecOpenSSLKWDes3ImplKlass')
kw_des.c:78:5: error: excess elements in scalar initializer
78 | xmlSecOpenSSLKWDes3Sha1, /* xmlSecKWDes3Sha1Method sha1; */
| ^~~~~~~~~~~~~~~~~~~~~~~
kw_des.c:78:5: note: (near initialization for 'xmlSecOpenSSLKWDes3ImplKlass')
kw_des.c:79:5: error: excess elements in scalar initializer
79 | xmlSecOpenSSLKWDes3BlockEncrypt, /* xmlSecKWDes3BlockEncryptMethod encrypt; */
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
kw_des.c:79:5: note: (near initialization for 'xmlSecOpenSSLKWDes3ImplKlass')
kw_des.c:80:5: error: excess elements in scalar initializer
80 | xmlSecOpenSSLKWDes3BlockDecrypt, /* xmlSecKWDes3BlockDecryptMethod decrypt; */
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[...]
This build failure is due to those struct definitions being set
conditionally in src/kw_aes_des.h behind a XMLSEC_NO_DES define, and
this define ending up being 1 on some builds. We could assume that the
makefiles in libxmlsec should just not try to build any DES related file
when XMLSEC_NO_DES is set to 1 (and so, in this specific case, not try
to build src/openssl/kw_des.c), but the autotools tooling in the project
is not the one setting XMLSEC_NO_DES: there is a mismatch between
detected features at configure time and build time.
- at build time, the tooling just checks if user has passed
`--enable-des=no`. If so, it sets XMLSEC_NO_DES, otherwise it assumes
that DES support is available.
- at build time, libxmlsec tries to build openssl backend. This backend
checks OpenSSL features, especially whether OPENSSL_NO_DES is set (and
if so, it enforces XMLSEC_NO_DES to 1 as well)
- This OPENSSL_NO_DES comes from libopenssl configuration headers
installed in sysroot. Its presence is driven by the `no-des` option
passed at libopenssl configure time
- This `no-des` flag is driven by buildroot option
BR2_PACKAGE_LIBOPENSSL_ENABLE_DES
There are multiple options to fix this package here:
1. fixing upstream package to make the features detection more robust (eg
check openssl headers at configure time to ensure that DES is
supported)
2. enforce XMLSEC_NO_DES if BR2_PACKAGE_LIBOPENSSL_ENABLE_DES is not set
3. systematically enforce XMLSEC_NO_DES=1
Now:
- 1 may take time, and would then need a temporary patch to live in
buildroot while the fix is accepted upstream and released
- 2 works only for libopenssl, what if libressl is used ?
- DES usage is discouraged anyway, as stated by configure logs:
[...]
checking for DES support... yes (use discouraged)
[...]
As the package has been introduced very recently, there's a very low
chance to break any user use case by completely disabling DES support.
Systematically disable DES support in libxmlsec1 to discourage usage and
fix build failure when the corresponding SSL library does not expose DES
support.
Fixes: https://autobuild.buildroot.org/results/3e15f03dc0211c622125ebb69ff7230ce900029a/
Signed-off-by: Alexis Lothoré <alexis.lothore@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Changelog: https://github.com/Canop/broot/blob/v1.55.0/CHANGELOG.md Signed-off-by: Alexander Shirokov <shirokovalexs@gmail.com> Signed-off-by: Julien Olivain <ju.o@free.fr>
https://github.com/libimobiledevice/libplist/blob/2.7.0/NEWS Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Julien Olivain <ju.o@free.fr>
https://lore.freedesktop.org/wayland-devel/aY56u6fqOsHIZJXx@quokka/T/#u Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Julien Olivain <ju.o@free.fr>
The Buildroot commit [1] introduced two small typos, while doing the updates to announce new releases. The version 2025.02.10 release date is 2026-01-20 (and not 2022). See the original announce [2]. The 2025.02.10 archive link in news.html has also a missing dot. This commit fixes those typo in order to fix the website. [1] https://gitlab.com/buildroot.org/buildroot/-/commit/21dda0665e5de8ddb2a09f199679b2c4be1384fc [2] https://lore.kernel.org/buildroot/9b9654f8-6cdd-4108-b932-79509e455148@rnout.be/ Signed-off-by: Julien Olivain <ju.o@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit fixes the following vulenerability: - CVE-2025-60876: BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and other C0 control bytes in the HTTP request-target (path/query), allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw space (0x20) in the request-target must also be rejected (clients should use %20). For more information, see: - https://www.cve.org/CVERecord?id=CVE-2025-60876 - https://lists.busybox.net/pipermail/busybox/2025-November/091840.html - https://sources.debian.org/data/main/b/busybox/1%3A1.37.0-10/debian/patches/wget-disallow-control-chars-in-URLs-CVE-2025-60876.patch Signed-off-by: Thomas Perale <thomas.perale@mind.be> Signed-off-by: Julien Olivain <ju.o@free.fr>
The CVE-2023-45539 has incomplete informations (see [1]) and will be reported as exploitable by pkg-stats for haproxy v2.6.22. The vulnerability has been fixed upstream since version 2.6.15 [2][3]. This commit mark this vulnerability as ignored. [1] https://nvd.nist.gov/vuln/detail/CVE-2023-45539 [2] https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=832b672eee54866c7a42a1d46078cc9ae0d544d9 [3] https://security-tracker.debian.org/tracker/CVE-2023-45539 Signed-off-by: Thomas Perale <thomas.perale@mind.be> Signed-off-by: Julien Olivain <ju.o@free.fr>
For more information on the release, see: - https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=c3bf1ac6709072bf9984c829c3badda5a4e8fa7e This fixes the following vulnerability: - CVE-2025-11230: Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests. For more information, see: - https://www.cve.org/CVERecord?id=CVE-2025-11230 - https://www.haproxy.com/blog/october-2025-cve-2025-11230-haproxy-mjson-library-denial-of-service-vulnerability Signed-off-by: Thomas Perale <thomas.perale@mind.be> Signed-off-by: Julien Olivain <ju.o@free.fr>
Upstream does not provide hashes in sha1/sha256 format anymore. https://lists.gnu.org/archive/html/coreutils-announce/2025-11/msg00000.html https://lists.gnu.org/archive/html/coreutils-announce/2026-02/msg00000.html "'kill' and 'uptime' are no longer built by default. These programs can be built with the --enable-install-program=kill,uptime configure option." Adjust coreutils.mk to install 'kill' and 'uptime'. Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Julien Olivain <ju.o@free.fr>
For change log, see: https://www.greenwoodsoftware.com/less/news.692.html Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com> Signed-off-by: Julien Olivain <ju.o@free.fr>
When using a specific git repo and version for at91bootstrap3, BR2_TARGET_AT91BOOTSTRAP3_LICENSE_FILES defaults to "LICENSES/MIT.txt". However the git version we use (namely v3.10.3) does not provide this file. Actually, it does not provide a license file at all. This causes ‘make legal-info’ to fail with: >>> at91bootstrap3 v3.10.3 Collecting legal info sha256sum: /builds/buildroot.org/buildroot/output/build/at91bootstrap3-v3.10.3/LICENSES/MIT.txt: No such file or directory ERROR: while checking hashes from boot/at91bootstrap3/at91bootstrap3.hash ERROR: LICENSES/MIT.txt has wrong sha256 hash: ERROR: expected: 5a3809b1c2ba13b7242572322951311c584419f1f8516f665d6c06f0668d78de ERROR: got : ERROR: Incomplete download, or man-in-the-middle (MITM) attack Let's be explicit that there is no license file to check. Fixes: - https://gitlab.com/buildroot.org/buildroot/-/jobs/12992815386 - https://gitlab.com/buildroot.org/buildroot/-/jobs/12992815390 Signed-off-by: Edgar Bonet <bonet@grenoble.cnrs.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes a number of hangs and crashes found by fuzzing, a stack overflow and a use-after-free bug. https://www.php.net/ChangeLog-8.php#8.5.3 Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
https://github.com/intel/media-driver/releases/tag/intel-media-26.1.2 Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
https://github.com/intel/vpl-gpu-rt/releases/tag/intel-onevpl-26.1.2 Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
https://github.com/janbar/pvr.mythtv/blob/21.2.15-Omega/pvr.mythtv/changelog.txt Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Changes: https://github.com/Textualize/rich/releases/tag/v14.2.0 https://github.com/Textualize/rich/releases/tag/v14.3.0 https://github.com/Textualize/rich/releases/tag/v14.3.1 https://github.com/Textualize/rich/releases/tag/v14.3.2 Signed-off-by: Fiona Klute <fiona.klute@gmx.de> Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
Changes: https://github.com/Textualize/textual/releases/tag/v7.0.1 https://github.com/Textualize/textual/releases/tag/v7.0.2 https://github.com/Textualize/textual/releases/tag/v7.0.3 https://github.com/Textualize/textual/releases/tag/v7.1.0 https://github.com/Textualize/textual/releases/tag/v7.2.0 https://github.com/Textualize/textual/releases/tag/v7.3.0 https://github.com/Textualize/textual/releases/tag/v7.4.0 https://github.com/Textualize/textual/releases/tag/v7.5.0 Signed-off-by: Fiona Klute <fiona.klute@gmx.de> Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
Changes: https://github.com/simonrob/pyasynchat/releases/tag/v1.0.5 Signed-off-by: Fiona Klute <fiona.klute@gmx.de> Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
Changes: https://github.com/simonrob/pyasyncore/releases/tag/v1.0.5 Signed-off-by: Fiona Klute <fiona.klute@gmx.de> Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
A comma was missing after the rfkill license, correct that. Signed-off-by: Martin Bachmann <martin.bachmann@designwerk.com> [Peter: reword] Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
https://www.postgresql.org/about/news/postgresql-182-178-1612-1516-and-1421-released-3235/ Fixes CVE-2026-2003, CVE-2026-2004, CVE-2026-2005, CVE-2026-2006 & CVE-2026-2007. Updated license hash due to copyright year bump: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=aa4b5ebc7640f60905cd4c71db45674e5941b611 Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Reviewed-by: Maxim Kochetkov <fido_max@inbox.ru> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
It was recently announced on the list that Marcus joined the maintainer team, so add a news entry about it as well. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 50958bc ("linux: Add support for custom license files") added a default value for the license files and made the option visible (E.G. editable) when a custom VCS or tarball version is used, but it is also needed for users of an older _CUSTOM_VERSION (E.G. mainline release), as the referenced files were only added in Linux 4.16 with commit e00a844aca ("LICENSES: Add Linux syscall note exception"), so change that. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Julien Olivain <ju.o@free.fr>
The used Linux kernel (4.14.336) does not contain the default license files
as those were only added in 4.16 with commit e00a844aca ("LICENSES: Add
Linux syscall note exception"), so specify the correct license file to fix:
make legal-info
..
cp: cannot stat '/path/to/output/build/linux-headers-4.14.336/LICENSES/preferred/GPL-2.0': No such file or directory
And add the sha256sum to the .hash file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Julien: reword commit title]
Signed-off-by: Julien Olivain <ju.o@free.fr>
https://github.com/harfbuzz/harfbuzz/blob/13.0.1/NEWS Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Julien Olivain <ju.o@free.fr>
https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/tree/doc/RelNotes/v1.47.4.txt Removed patch 0001 which is included in this release: tytso/e2fsprogs@4aba12d Also removed autoreconf and its dependencies which were necessary for patch 0001. Signed-off-by: Bernd Kuhls <bernd@kuhls.net> [Julien: fix changelog url in commit log] Signed-off-by: Julien Olivain <ju.o@free.fr>
This commit will also switch to the Bootlin glibc stable toolchain. Switch to Bootlin glibc stable toolchain as requested by the 2024 Buildroot meeting report: https://elinux.org/Buildroot:DeveloperDaysELCE2024#Rules_for_defconfigs Signed-off-by: Scott Fan <fancp2007@gmail.com> [Julien: - remove no longer needed linux-headers.hash - change comment in linux.hash to take hash from upstream ] Signed-off-by: Julien Olivain <ju.o@free.fr>
https://github.com/iovisor/bcc/blob/v0.36.1/debian/changelog Added upstream commit to fix build with the upcoming bump of llvm to 22.1.0. Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Julien Olivain <ju.o@free.fr>
https://github.com/KhronosGroup/SPIRV-Tools/blob/vulkan-sdk-1.4.341.0/CHANGES Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Julien Olivain <ju.o@free.fr>
Subproject tarballs are not provided anymore: https://discourse.llvm.org/t/llvm-22-1-0-released/89950 "Please note since the last release the subproject tarballs have been removed" https://discourse.llvm.org/t/rfc-do-something-with-the-subproject-tarballs-in-the-release-page/75024/14 Used upstream tarball llvm-project-22.1.0.src.tar.xz for all packages and linked subproject hash files to ../llvm-project.hash. Removed patches which fix build errors caused by subproject tarballs. Removed handling of third-party-21.1.8.src.tar.xz which is included in the monolithic tarball. Added _SUBDIR variable or updated _INSTALL_CMDS when needed. For compiler-rt: Removed both patches, they are not needed anymore. Added patch to fix aarch64 build. Added dependency on gcc >= 15.x because libcxx now depends on gcc >= 15.x: llvm/llvm-project#165684 warning "Libc++ only supports GCC 15 and later" Building with gcc 14.x causes many build errors like output/build/compiler-rt-22.1.0/compiler-rt/buildroot-build/lib/fuzzer/libcxx_fuzzer_x86_64/build/include/c++/v1/__type_traits/is_array.h:43:68: error: expected primary-expression before ')' token output/build/compiler-rt-22.1.0/compiler-rt/buildroot-build/lib/fuzzer/libcxx_fuzzer_x86_64/build/include/c++/v1/__type_traits/is_array.h:43:44: error: there are no arguments to '__is_unbounded_array' that depend on a template parameter, so a declaration of '__is_unbounded_array' must be available [-fpermissive] output/build/compiler-rt-22.1.0/compiler-rt/buildroot-build/lib/fuzzer/libcxx_fuzzer_x86_64/build/include/c++/v1/__type_traits/decay.h:22:32: error: expected type-specifier before '__decay' A corresponding bug report sent upstream llvm/llvm-project#174203 was answered: llvm/llvm-project#174203 (comment) "Our policy is rather clear: Only the latest GCC is supported." and an update to supported compiler versions was committed: llvm/llvm-project@d1146b1 Updated TestClangCompilerRT to use a gcc 15-based toolchain. Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Julien Olivain <ju.o@free.fr>
- contains breaking changes, hence python major version is bumped to 7. Changelog: https://github.com/protocolbuffers/protobuf/releases/tag/v34.0 Signed-off-by: Michael Nosthoff <buildroot@heine.tech> Signed-off-by: Julien Olivain <ju.o@free.fr>
pull in patch from protobuf-c/protobuf-c#797 which fixes compatibility with Protobuf v34.0 Signed-off-by: Michael Nosthoff <buildroot@heine.tech> Signed-off-by: Julien Olivain <ju.o@free.fr>
Remove myself from packages that I'm no longer personally interested in. Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu> Signed-off-by: Julien Olivain <ju.o@free.fr>
https://gitweb.git.savannah.gnu.org/gitweb/?p=libiconv.git;a=blob;f=NEWS;h=1089f13a8a2c58ff90e2cbf9b4a28f063c03f855;hb=a8850dc314a906b7bbe49a7c60424c7b10f57236 https://gitweb.git.savannah.gnu.org/gitweb/?p=libiconv.git;a=blob;f=ChangeLog;h=62fd4ab5f345d8f0b98c9c385e34b19a0844e19a;hb=a8850dc314a906b7bbe49a7c60424c7b10f57236 Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Julien Olivain <ju.o@free.fr>
OP-TEE generates a few binaries that can be used by u-boot on some platforms (Rockchip, Texas Instruments K3) using TEE variable. Add a link to the OP-TEE documentation were we can find easily the desciption for each TEE format that can be used by u-boot. For convenience, copy tee.elf and tee.bin description in each option choice help text. Signed-off-by: Romain Naour <romain.naour@smile.fr> Signed-off-by: Julien Olivain <ju.o@free.fr>
Some platforms such Texas Instrument’s K3 familly of SoCs requires TEE in raw binary format to support their boot flow [1]. Add a new option to select tee-raw.bin instead of tee.bin. [1] https://docs.u-boot.org/en/latest/board/ti/k3.html#building-tispl-bin Signed-off-by: Romain Naour <romain.naour@smile.fr> Signed-off-by: Julien Olivain <ju.o@free.fr>
…E_RAW_BIN This defconfig use BR2_TARGET_UBOOT_CUSTOM_MAKEOPTS to provide the path to the TEE in raw binary format but use the legacy file name "tee-pager_v2.bin" rather than the recommended "tee-raw.bin" [1][2]. Instead of just replacing the file name, use the newly introduced BR2_TARGET_UBOOT_NEEDS_OPTEE_TEE_RAW_BIN option. Since this option needs BR2_TARGET_UBOOT_NEEDS_OPTEE_TEE, we now have an explicit dependency between u-boot and optee-os package. Previously we had an indirect dependency: optee-os <- ATF <- u-boot with both BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL32_OPTEE and BR2_TARGET_UBOOT_NEEDS_ATF_BL31 options enabled at the same time. [1] OP-TEE/optee_os@376cb12 [2] https://source.denx.de/u-boot/u-boot/-/commit/4e0b8238eea83b71713230e67e781111ea897035 Signed-off-by: Romain Naour <romain.naour@smile.fr> Signed-off-by: Julien Olivain <ju.o@free.fr>
The commit [1] update arm-trusted-firmware to v2.12 LTS without removing the custom file hash. While at it, remove unused linux-headers.hash since we already use a prebuilt toolchain. [1] https://gitlab.com/buildroot.org/buildroot/-/commit/4abb8a98b26922796b41bc913e72be487337640e Signed-off-by: Romain Naour <romain.naour@smile.fr> Signed-off-by: Julien Olivain <ju.o@free.fr>
There was a previous attempt in commit [1] to bump the kernel to 6.18 but the SD card failed at boot. It seems the actual issue is related to the "cheap" (or fake?) SD card with SD UHS SDR50 speed. This offending SD card come from a lot recently purchased in order to fix my “Too many boards, not enough SD cards” issue. [1] https://gitlab.com/buildroot.org/buildroot/-/commit/4abb8a98b26922796b41bc913e72be487337640e Signed-off-by: Romain Naour <romain.naour@smile.fr> Signed-off-by: Julien Olivain <ju.o@free.fr>
…6.01 Replace OP-TEE TEE binary file tee-pager_v2.bin by tee-raw.bin using the new option BR2_TARGET_UBOOT_NEEDS_OPTEE_TEE_RAW_BIN. Remove unsued linux-headers.hash since we use a prebuilt toolchain. Signed-off-by: Romain Naour <romain.naour@smile.fr> Signed-off-by: Julien Olivain <ju.o@free.fr>
…6.01
This commit:
- updates the Kernel from 6.10 to 6.18.16
- updates U-Boot from 2024.07 to 2026.01
- updates arm-trusted-firmware from v2.11 to v2.12 LTS
- switches to Bootlin external glibc stable toolchain
Replace OP-TEE TEE binary file tee-pager_v2.bin by tee-raw.bin using
the new option BR2_TARGET_UBOOT_NEEDS_OPTEE_TEE_RAW_BIN.
Remove unsued linux-headers.hash since we now use a prebuilt toolchain.
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
For change log since v0.3.30, see: https://github.com/OpenMathLib/OpenBLAS/releases/tag/v0.3.31 Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This commit switches the aarch64_efi_defconfig to an external glibc stable Bootlin toolchain, to follow recommendation from [1]. Since an external toolchain is used, the linux-headers.hash custom hash file is no longer needed and is removed. [1] https://elinux.org/Buildroot:DeveloperDaysELCE2024#Rules_for_defconfigs Signed-off-by: Julien Olivain <ju.o@free.fr>
Tested-by: Vincent Stehlé <vincent.stehle@arm.com>
[Vincent: tested on: IOT-GATE-iMX8 (eMMC), ROCKPro64 (SD card),
Qemu virt, Qemu SBSA and FVP Base RevC]
Signed-off-by: Julien Olivain <ju.o@free.fr>
genimage has an alias for the root-arm64 uuid [1]. [1] https://github.com/pengutronix/genimage/blob/v19/image-hd.c#L284 Signed-off-by: Julien Olivain <ju.o@free.fr>
Building Go 1.26 and later requires Go 1.24.6 or later for bootstrap. To support this we use Go version 1.25.8 as the version for go-bootstrap-stage5 and have the build for Go 1.26.1 depend on go-bootstrap-stage5. Go version 1.25.8 is the latest Go version we can build using go-bootstrap-stage4. The package build for go-bootstrap-stage5 is effectively identical to go-bootstrap-stage4 with only the Go version and stage number changed. Go 1.28 is expected to require a minor release of Go 1.26 for bootstrap. Fixes the following security vulnerabilities: - CVE-2026-25679: net/url: reject IPv6 literal not at start of host - CVE-2026-27142: html/template: URLs in meta attribute actions not escaped - CVE-2026-27137: crypto/x509: incorrect enforcement of email constraints - CVE-2026-27138: crypto/x509: panic in name constraint checking: certificates - CVE-2026-27139: os: FileInfo can escape from a Root For full release notes, see: https://go.dev/doc/devel/release#go1.26.0 Signed-off-by: Christian Stewart <christian@aperture.us> Signed-off-by: Julien Olivain <ju.o@free.fr>
https://www.musicpd.org/news/2026/03/mpd-0-24-9-released/ https://raw.githubusercontent.com/MusicPlayerDaemon/MPD/v0.24.9/NEWS " - curl: fix build failure after CURL 8.19 API change" Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Julien Olivain <ju.o@free.fr>
https://curl.se/ch/8.19.0.html https://curl.se/docs/security.html Fixes the following CVEs: CVE-2026-3805: use after free in SMB connection reuse CVE-2026-3784: wrong proxy connection reuse with credentials CVE-2026-3783: token leak with redirect and netrc CVE-2026-1965: bad reuse of HTTP Negotiate connection Switch to sha256 tarball hash provided by upstream. Updated license hash due to copyright year bump: curl/curl@e83c82f Signed-off-by: Bernd Kuhls <bernd@kuhls.net> [Julien: add back pgp signature info in hash file] Signed-off-by: Julien Olivain <ju.o@free.fr>
https://github.com/libarchive/libarchive/releases/tag/v3.8.6 "Libarchive 3.8.6 is a security and bugfix release." Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Julien Olivain <ju.o@free.fr>
Updating the hash of the WHENCE file, due to firmware additions and firmware changes, but no changes to the redistribution/licensing conditions. Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Julien Olivain <ju.o@free.fr>
https://lists.freedesktop.org/archives/mesa-announce/2026-March/000841.html Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Julien Olivain <ju.o@free.fr>
https://discourse.llvm.org/t/llvm-22-1-1-released/90150 Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Julien Olivain <ju.o@free.fr>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Update to buildroot in preparation to switch freedom-u-sdk over to replace riscv-gnu-toolchain with the toolchain supported in buildroot, which builds faster using upstream sources and takes less space.