Tracking: skiff vs upstream-master#19
Draft
paralin wants to merge 2404 commits intoupstream-masterfrom
Draft
Conversation
Signed-off-by: Christian Stewart <christian@aperture.us>
Signed-off-by: Christian Stewart <christian@aperture.us>
Daemonize is a command line utility to run a program as a Unix daemon. Signed-off-by: Christian Stewart <christian@aperture.us> --- TODO: Changes requested for v2: https://patchwork.ozlabs.org/project/buildroot/patch/20210124102241.1207866-1-christian@paral.in/
Adds both host and target packages for buildah. Buildah is a tool that facilitates building OCI images. https://github.com/containers/buildah The buildah tree does not ship with a default policy.json file, and instead relies on packagers to provide one. A patch is added to create a basic barebones policy.json which is installed to /etc/containers/policy.json with a hook. Signed-off-by: Christian Stewart <christian@aperture.us> --- v1 -> v2: - add package to developers - add host runc dependency for host package - add libgpgme runtime dependency v2 -> v3: - add policy.json to target: required by some commands - example: buildah pull docker.io/library/alpine - pull: tested on raspberry pi 4 v3 -> v4: - TODO: move policy.json to package dir - https://lists.buildroot.org/pipermail/buildroot/2022-January/634936.html - bump to version v1.32.1 - https://github.com/containers/buildah/releases/tag/v1.32.1 v4 -> v5: - bump to version 1.35.x Signed-off-by: Christian Stewart <christian@aperture.us>
Add a symlink to the expected location for vpdma-1ba in the root of the firmware directory. Signed-off-by: Christian Stewart <christian@aperture.us>
paralin
force-pushed
the
skiff
branch
3 times, most recently
from
0915eeb to
7af4c59
Compare
paralin
force-pushed
the
skiff
branch
4 times, most recently
from
c5e35c6 to
ba56dae
Compare
paralin
force-pushed
the
skiff
branch
3 times, most recently
from
0d083d6 to
99d3e37
Compare
Signed-off-by: Christian Stewart <christian@paral.in>
Lack of an RNG source can block boot-up on headless systems with few hardware entropy sources. This patch allows rngd to start earlier than the current "basic.target" when systemd is used. Removing the dependency on "basic.target" and by extension, "sockets.target" will allow rngd to start before, for example, docker.sock - which can take some time to become ready without entropy. This is a cherry-pick of a peer project patch: https://patchwork.openembedded.org/patch/163303/ Signed-off-by: Christian Stewart <christian@aperture.us>
paralin
force-pushed
the
skiff
branch
10 times, most recently
from
75f485c to
f8af779
Compare
Update tinycbor to the latest version. This release migrates from a hand-written Makefile to CMake, which required a number of patches to restore parity with the old system: - Fix building on toolchains without C++ support - Keep installing the json2cbor command line tool Also building on GCC versions older than 11 was fixed and subsequently broken again, so this requires a refreshed version of the patch that was already present for 0.6.1. Changelog: https://github.com/intel/tinycbor/releases/tag/v7.0 Signed-off-by: Florian Larysch <fl@n621.de> Signed-off-by: Julien Olivain <ju.o@free.fr>
Changelog: https://github.com/protocolbuffers/protobuf/releases/tag/v34.1 Signed-off-by: Michael Nosthoff <buildroot@heine.tech> Signed-off-by: Julien Olivain <ju.o@free.fr>
Changelog: https://github.com/catchorg/Catch2/releases/tag/v3.14.0 Signed-off-by: Michael Nosthoff <buildroot@heine.tech> Signed-off-by: Julien Olivain <ju.o@free.fr>
https://lists.x.org/archives/xorg-announce/2026-April/003678.html Updated license hash due to upstream commits: https://gitlab.freedesktop.org/xorg/xserver/-/commit/3069f64d691db5396706c1ec1182bd8db52ffb22 https://gitlab.freedesktop.org/xorg/xserver/-/commit/dd924b160c9b434ff7687d1e1d2a9058cdefb6b8 Fixes the following CVEs: * CVE-2026-33999: XKB Integer Underflow in XkbSetCompatMap() * CVE-2026-34000: XKB Out-of-bounds Read in CheckSetGeom() * CVE-2026-34001: XSYNC Use-after-free in miSyncTriggerFence() * CVE-2026-34002: XKB Out-of-bounds read in CheckModifierMap() * CVE-2026-34003: XKB Buffer overflow in CheckKeyTypes() Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Julien Olivain <ju.o@free.fr>
https://lists.x.org/archives/xorg-announce/2026-April/003679.html Updated license hash due to upstream commits: https://gitlab.freedesktop.org/xorg/xserver/-/commit/e5c6a5ab905e0158ec22877b4117f10bef6e4140 https://gitlab.freedesktop.org/xorg/xserver/-/commit/89f82cce4a4ca480501c130231968a72cafa952d Fixes the following CVEs: * CVE-2026-33999: XKB Integer Underflow in XkbSetCompatMap() * CVE-2026-34000: XKB Out-of-bounds Read in CheckSetGeom() * CVE-2026-34001: XSYNC Use-after-free in miSyncTriggerFence() * CVE-2026-34002: XKB Out-of-bounds read in CheckModifierMap() * CVE-2026-34003: XKB Buffer overflow in CheckKeyTypes() Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Julien Olivain <ju.o@free.fr>
Using this defconfig BR2_x86_64=y BR2_TOOLCHAIN_EXTERNAL=y BR2_PER_PACKAGE_DIRECTORIES=y BR2_PACKAGE_STRONGSWAN=y BR2_PACKAGE_STRONGSWAN_WOLFSSL=y applied after 'git reset 10a70b1 --hard' replicates the build error http://autobuild.buildroot.net/results/278b3f74c48c858ae368d59069752adb69c05246 which was fixed in 2024 by https://gitlab.com/buildroot.org/buildroot/-/commit/89d512729cfa5b2ef5c5165492789ba4441add19 Note: The git tree was reset to the commit right before the fix. Instead of using the fix mentioned above the build error is also fixed when the buildroot commit 6c18375 is cherry-picked onto 10a70b1. This means the build error mentioned above is really fixed by enabling BR2_PACKAGE_WOLFSSL_ALL. Therefore we can remove the content of commit 89d5127. This commit also prevents a build error in strongswan wolfssl_rsa_private_key.c: In function 'create_empty': wolfssl_rsa_private_key.c:450:18: error: 'RsaKey' has no member named 'rng' 450 | this->rsa.rng = &this->rng; caused by the upcoming bump of wolfSSL from 5.7.2 to 5.9.1 due to upstream commit wolfSSL/wolfssl@cd88a8a which was first included in wolfSSL 5.9.0. Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Julien Olivain <ju.o@free.fr>
https://github.com/strongswan/strongswan/releases/tag/6.0.5 Switched _SITE to https. Fixes CVE-2026-25075. Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Julien Olivain <ju.o@free.fr>
https://github.com/wolfSSL/wolfTPM/blob/v3.10.0/ChangeLog.md Version 3.9.2 fixes CVE-2025-7844: wolfSSL/wolfTPM#427 Upstream switched from GPL-2.0+ to GPL-3.0+ with version 3.9.2: wolfSSL/wolfTPM@1402d0d Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Julien Olivain <ju.o@free.fr>
wolfssl requires definition of SIZEOF_LONG_LONG. Commit 3a5e071 ("package/libcurl: security bump to version 8.19.0") removed SIZEOF_LONG_LONG definitions from libcurl autotools build system, breaking build with wolfssl. Fixes: https://autobuild.buildroot.net/results/baa/baa74a47464ed3e21d0adad64dd0c7c708c9ef85/ Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Julien Olivain <ju.o@free.fr>
https://github.com/wolfSSL/wolfssl/blob/v5.9.1-stable/ChangeLog.md Restored patch 0001 to its original state. Updated license hashes due to upstream commits: "updating license from GPLv2 to GPLv3" wolfSSL/wolfssl@629c5b4 "Add GPLv2 exception list to LICENSING" wolfSSL/wolfssl@e02de78 with various follow-up commits: wolfSSL/wolfssl@0d49df7 wolfSSL/wolfssl@32d33f2 wolfSSL/wolfssl@1e9d71a wolfSSL/wolfssl@18332fa Fixes the following CVEs: * [High] CVE-2026-5264 * [High] CVE-2026-5263 * [High] CVE-2026-5295 * [High] CVE-2026-5466 * [High] CVE-2026-5477 * [High] CVE-2026-5447 * [High] CVE-2026-5500 * [High] CVE-2026-5501 * [High] CVE-2026-5503 * [Low] CVE-2026-5187 * [Low] CVE-2026-5188 * [Low] CVE-2026-5448 * [Low] CVE-2026-5772 * [Low] CVE-2026-5778 * [High] CVE-2026-3548 * [High] CVE-2026-3549 * [High] CVE-2026-3547 * [Low] CVE-2026-0819 * [Low] CVE-2026-1005 * [Low] CVE-2026-2645 * [Low] CVE-2026-3230 * [Low] CVE-2025-12888 * [Med.] CVE-2025-11936 * [Low] CVE-2025-11935 * [Low] CVE-2025-11934 * [Low] CVE-2025-11933 * [Low] CVE-2025-11931 * [Low] CVE-2025-11932 * [Low] CVE-2025-12889 * [Low] CVE-2025-13912 * [High] CVE-2025-7395 * [Med.] CVE-2025-7394 * [Low] CVE-2025-7396 Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Julien Olivain <ju.o@free.fr>
Calian provides a diverse set of mission-critical solutions to solve complex challenges for customers in defence, space, health and other critical infrastructure industries. We thanks them for contributing to the LTS maintenance as a bronze sponsor. [1] https://www.calian.com/ [2] https://www.linkedin.com/company/calian/ Signed-off-by: Thomas Perale <thomas.perale@mind.be> Signed-off-by: Julien Olivain <ju.o@free.fr>
Lightweight finite state machine implementation in Python. https://github.com/pytransitions/transitions Signed-off-by: Vincent Cruz <mooz@blockos.org> [Julien: - remove directory for LICENSE in hash file - remove PKG-INFO entry in hash file ] Signed-off-by: Julien Olivain <ju.o@free.fr>
See release announce: 2.3.1: https://lists.infradead.org/pipermail/linux-mtd/2026-April/113302.html 2.3.0: https://lists.infradead.org/pipermail/linux-mtd/2025-February/108248.html Version 2.3.0 added the fsck.ubifs utility, so support it with the new Kconfig option BR2_PACKAGE_MTD_FSCKUBIFS. The new version also needs host-pkgconfig, as can be seen from the error triggered during build tests: checking pkg-config is at least version 0.9.0... ./configure: line 5613: buildroot/test-output/TestMtd/host/bin/pkg-config: No such file or directory no configure: error: pkg-config not found make[1]: *** [package/pkg-generic.mk:263: buildroot/test-output/TestMtd/build/mtd-2.3.1/.stamp_configured] Error 1 Changelog: https://git.infradead.org/?p=mtd-utils.git;a=blob;f=CHANGELOG.md Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com> [Julien: - add link to announce in commit log - split long host dependency line - reorder host dependencies alphabetically - fix MTD_INSTALL_DEPENDENCIES to MTD_DEPENDENCIES ] Signed-off-by: Julien Olivain <ju.o@free.fr>
Changelog: https://github.com/ilai-deutel/kibi/blob/v0.3.3/CHANGELOG.md Signed-off-by: Alexander Shirokov <shirokovalexs@gmail.com> Signed-off-by: Julien Olivain <ju.o@free.fr>
The bat 0.26.0 already depends on a newer version of the onig_sys crate, so the problem that patch is fixing was no already no longer present. Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu> Signed-off-by: Julien Olivain <ju.o@free.fr>
Release notes: https://github.com/sharkdp/bat/releases/tag/v0.26.1 Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu> Signed-off-by: Julien Olivain <ju.o@free.fr>
The old u-boot version doesn't build anymore because of the following error: ModuleNotFoundError: No module named 'pkg_resources' Bump it to the latest version 2026.04. While at it, also bump linux to the latest LTS kernel (6.18). The new kernel grew in size, thus we also have to enlarge the rootfs image. Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/13858936681 Signed-off-by: Michael Walle <mwalle@kernel.org> Signed-off-by: Julien Olivain <ju.o@free.fr>
https://github.com/libexif/libexif/blob/v0.6.26/NEWS * Security issues fixed: * CVE-2026-40386: An unsigned integer underflow in Fuji and Olympus makernote handling * CVE-2026-40385: An unsigned integer overflow on 32bit systems in Nikon makernote handling * CVE-2026-32775: A buffer overwrite via integer underflow in makernote handling Switched to xz tarball and tarball hash provided by upstream. Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Julien Olivain <ju.o@free.fr>
https://github.com/libarchive/libarchive/releases/tag/v3.8.7 "Libarchive 3.8.7 is a security and bugfix release." Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Julien Olivain <ju.o@free.fr>
While there is not a security advisory to go with the release, it includes a patch to prevent message interception that may be considered a security fix. Release notes: https://github.com/flatpak/xdg-dbus-proxy/releases/tag/0.1.7 Signed-off-by: Adrian Perez de Castro <aperez@igalia.com> Signed-off-by: Julien Olivain <ju.o@free.fr>
https://ccache.dev/releasenotes.html#_ccache_4_13_3 Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Julien Olivain <ju.o@free.fr>
https://sourceforge.net/p/giflib/code/ci/6.1.3/tree/NEWS Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Julien Olivain <ju.o@free.fr>
https://lists.freedesktop.org/archives/mesa-announce/2026-April/000845.html Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Julien Olivain <ju.o@free.fr>
Changelog: https://github.com/zellij-org/zellij/blob/v0.44.1/CHANGELOG.md Signed-off-by: Alexander Shirokov <shirokovalexs@gmail.com> Signed-off-by: Julien Olivain <ju.o@free.fr>
Fixes: https://autobuild.buildroot.net/results/9e3/9e3435752d50ed3db55b0ff03e412bf42728f73a/ Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Julien Olivain <ju.o@free.fr>
https://ghostscript.readthedocs.io/en/gs10.07.0/News.html "This release addresses CVEs: TBC (Two applied for)" Removed patch which is included in this release. Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Julien Olivain <ju.o@free.fr>
https://lists.gnu.org/archive/html/libmicrohttpd/2026-04/msg00003.html Fixes CWE-444: https://cwe.mitre.org/data/definitions/444.html Version 1.0.4 contains a bug and was never officially announced: https://lists.gnu.org/archive/html/libmicrohttpd/2026-04/msg00002.html Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Julien Olivain <ju.o@free.fr>
Announcement: - 1.46: https://lore.freedesktop.org/wayland-devel/AzTKh6JewwfUBFKaOS86DT4obISpv5b5bjFghXGwYrMPyk6Wxpz6H4_trRcEOyF9VpVV-0p1-UTNv7_esjO6ppw5SyIyGxWB8R5xI_SJYfA=@emersion.fr/T/#u - 1.47: https://lore.freedesktop.org/wayland-devel/aUAqqkhyv6-OKvUo@gmail.com/ - 1.48: https://lore.freedesktop.org/wayland-devel/ac0NAPBFafhcgzE3@gmail.com/ Signed-off-by: Thomas Devoogdt <thomas.devoogdt@barco.com> Reviewed-by: Adrian Perez de Castro <aperez@igalia.com> Signed-off-by: Julien Olivain <ju.o@free.fr>
Announcement: - 14.0.91: https://lore.freedesktop.org/wayland-devel/aUkQG3KWNC3drDYd@xpredator/T/#u - 14.0.92: https://lore.freedesktop.org/wayland-devel/aWUJ7MMZmM5yrhSx@xpredator/T/#u - 14.0.93: https://lore.freedesktop.org/wayland-devel/aW3jJBLBT_UXv1RT@xpredator/T/#u - 14.0.94: https://lore.freedesktop.org/wayland-devel/aXcyB9n8QaRyFRxw@xpredator/T/#u - 14.0.95: https://lore.freedesktop.org/wayland-devel/aYHCEa_-Q_v16WNn@xpredator/T/#u - 14.0.96: https://lore.freedesktop.org/wayland-devel/aY9Vp5A3S-FpQbjC@xpredator/T/#u - 14.0.97: https://lore.freedesktop.org/wayland-devel/aY9gbvuzD41IaNfo@xpredator/T/#u - 15.0.0: https://lore.freedesktop.org/wayland-devel/aZbDU-xtVMLhB0wD@xpredator/T/#u Changes: - Support for renderer-vulkan, and shell-lua has been added. - Some features, drm-screencast-vaapi, shell-fullscreen, and screenshare are now deprecated, but kept for this release. - 0001-build-Allow-libdisplay-info-0.3.0.patch is dropped as it is upstream. - 0001-vulkan-renderer-guard-surface-output-creation-with-b.patch has been added to fix a dependency on <xcb/xcb.h>, which is already upstream. Signed-off-by: Thomas Devoogdt <thomas.devoogdt@barco.com> Signed-off-by: Julien Olivain <ju.o@free.fr>
automated build + check-package + legal-info. Signed-off-by: Christian Stewart <christian@aperture.us>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR tracks changes vs upstream-master.