The version of U-Boot must be explicitly set because if you keep the
default setting, the bootloader is continuously updated in buildroot with
the risk of building a non-working image.
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
go1.19.8 (released 2023-04-04) includes security fixes to the go/parser,
html/template, mime/multipart, net/http, and net/textproto packages, as well as
bug fixes to the compiler, the linker, the runtime, and the time package.
Fixes security vulnerabilities:
go/parser: infinite loop in parsing (CVE-2023-24537)
html/template: backticks not treated as string delimiters (CVE-2023-24538)
net/http, net/textproto: denial of service from excessive memory
allocation (CVE-2023-24534)
net/http, net/textproto, mime/multipart: denial of service from excessive
resource consumption (CVE-2023-24536)
https://go.dev/doc/devel/release#go1.19.8https://github.com/golang/go/issues?q=milestone%3AGo1.19.8+label%3ACherryPickApproved
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop upstream patches.
Update license to include mode licenses. Add license file hashes and
update hashes of existing files for added licenses, as well as
formatting and copyright date updates.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Although this is a "boot loader", it really is a tool that should be
part of an image that acts as the bootloader. Thus, it is not in the
bootloader menu.
A UI is required and can be provided by ncurses, X11 or fbdev. Only
ncurses is supported for now. The other two use libtwin which isn't part
of Buildroot for now.
Adapted from https://github.com/glevand/petitboot--buildroot
Updated to work with m68k architecture rather than just PlayStation3
(focused on qemu-system-m68k virt machine)
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Thomas Huth <huth@tuxfamily.org>
[Arnout:
- Add missing arch and toolchain dependencies.
- Remove nonexistent BR2_PACKAGE_NCURSES_TARGET_* selects.
- Swap kexec/kexec-lite priority.
- Add hash for license file.
- Use version without v for VERSION.
- Remove unnecessary --localstatedir=/var.
- Add --disable-busybox.
- Remove --enable-debug.
- Remove --with-ncursesw and explicit libraries.
- Add explicit arguments for all configure options.
- Always select busybox tftp.
- Add optional dependency on dtc.
- Move dtc-specific options under a single condition.
- Minor cleanups (whitespace, comments, ...).
]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
kexec supports m68k since commit
027413d822fd57dd39d2d2afab1484bc6b6b84f9 in v2.0.5
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Thomas Huth <huth@tuxfamily.org>
[Arnout:
- Split off in a separate commit.
]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
This is the fifth patch release in the 1.1.z series of runc, which fixes
three CVEs found in runc.
CVE-2023-25809 is a vulnerability involving rootless containers where
(under specific configurations), the container would have write access to the
/sys/fs/cgroup/user.slice/... cgroup hierarchy. No other hierarchies on the host
were affected. This vulnerability was discovered by Akihiro Suda.
GHSA-m8cg-xc2p-r3fc
CVE-2023-27561 was a regression which effectively re-introduced CVE-2019-19921.
This bug was present from v1.0.0-rc95 to v1.1.4. This regression was discovered
by Beuc. GHSA-vpvm-3wq2-2wvm
CVE-2023-28642 is a variant of CVE-2023-27561 and was fixed by the same patch.
This variant of the above vulnerability was reported by Lei Wang.
GHSA-g2j6-57v7-gm8c
In addition, the following other fixes are included in this release:
- Fix the inability to use /dev/null when inside a container
- Fix changing the ownership of host's /dev/null caused by fd redirection
- Fix rare runc exec/enter unshare error on older kernels, including CentOS < 7.7
- nsexec: Check for errors in write_log()
https://github.com/opencontainers/runc/releases/tag/v1.1.5
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
There's a runtime dependency on tomli, but only for Python < 3.11.
Therefore this is not applicable for us.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Extend the linux-tools package to also build the userspace USB tools,
which currently include testusb and ffs-test.
These tools are in the kernel tree since a long time, and althogh a
Makefile had been present since kernel 2.6.39, it has been entirely
rewritten (with an install rule) back with kernel 5.9, to allow building
the same way as other tools provided with the kernel.
We make use of the Makefile install rule, thus version >= 5.9 is
required. Support for older kernels may be added later if needed, and
is left as an exercise for the motivated party.
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Reviewed-by: Herve Codina <herve.codina@bootlin.com>
[yann.morin.1998@free.fr: fix history of Makefile]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
LVM relies on the glibc-specific behaviour of assigning to the
standard streams (stdin etc). As a result the package is currently
disabled when using musl.
This commit backports two patches from upstream lvm2 (not yet in a
release) that fix some build issues with musl, and two additional
patches taken from the Gentoo distribution to address more issues.
With those 4 patches combined, lvm2 builds fine with musl and can
therefore be re-enabled in musl configurations.
Signed-off-by: Simon Rowe <simon.rowe@nutanix.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This variable is no longer used anywhere in the tree so remove it.
Signed-off-by: Vincent Fazio <vfazio@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Remove all support for FOO_GETTEXTIZE and alert users to FOO_AUTOPOINT
as the recommended solution in its stead. We can use the standard
check-deprecated-variable for this, because from a user perspective
FOO_AUTOPOINT is pretty-much a drop-in replacement.
The warnings about FOO_GETTEXTIZE_OPTS are no longer relevant, because
they will only make sense if FOO_GETTEXTIZE was already set.
Signed-off-by: Vincent Fazio <vfazio@gmail.com>
[Arnout:
- use check-deprecated-variable;
- remove FOO_GETTEXTIZE_OPTS warnings;
- remove definition of GETTEXTIZE]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Commit 895bfba dropped POPT_AUTORECONF but did not drop POPT_GETTEXTIZE,
which requires POPT_AUTORECONF = YES.
Fixes: 895bfba ("package/popt: bump to version 1.19")
Signed-off-by: Vincent Fazio <vfazio@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Drop patch that is no longer necessary after moving to new package flag.
Add patch to fix builds due to missing required files.
Signed-off-by: Vincent Fazio <vfazio@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
