Bump buildroot to 2025.02.7#103
Merged
sairon merged 142 commits into2025.02.x-haosfrom Oct 13, 2025
Merged
Conversation
Fixes https://autobuild.buildroot.net/results/9526503fe8e756bd4444f1fb1e9cf1391c461901/ mbpfan uses vsyslog(), which is not in POSIX so only exposed by <syslog.h> on musl and uclibc-ng if we define _DEFAULT_SOURCE: https://git.musl-libc.org/cgit/musl/tree/include/syslog.h#n64 https://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/tree/include/sys/syslog.h#n200 Add a patch submitted upstream to do this. [Peter: add patch rather than passing _DEFAULT_SOURCE in mbpfan.mk] Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 759a08633ea80e90cb91984b5f87d82304e711b9) Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Fix link-time build failures because glibc>=2.34 no longer ships libanl.so as it has been consolidated into libc. See the inner patch message for more details. Fixes: https://autobuild.buildroot.org/results/16223cd838876abc9b6f941f7dc20d23afa32c3b/ Signed-off-by: Titouan Christophe <titouan.christophe@mind.be> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit a49354e46fcde6884703438089cb878966036763) Signed-off-by: Thomas Perale <thomas.perale@mind.be>
This fixes this security bug: GHSA-742q-gggc-473g Release notes: https://github.com/storaged-project/udisks/releases/tag/udisks-2.10.2 Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com> Signed-off-by: Julien Olivain <ju.o@free.fr> (cherry picked from commit f55145837edbaebd2182d0b81782af79843f36cf) Signed-off-by: Thomas Perale <thomas.perale@mind.be>
See the release notes: - https://www.wireshark.org/docs/relnotes/wireshark-4.2.12.html - https://www.wireshark.org/docs/relnotes/wireshark-4.2.13.html This fixes the following vulnerability: - CVE-2025-5601: Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file https://www.cve.org/CVERecord?id=CVE-2025-5601 Also update hash for COPYING because of Wireshark commit 614add27f29269e681e4d32138bea4951985fe0a that changes the FSF address Signed-off-by: Titouan Christophe <titouan.christophe@mind.be> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 891ec88b6da102035a5951d41df624decb3458ff) Signed-off-by: Thomas Perale <thomas.perale@mind.be>
This fixes the following vulnerability: - CVE-2025-6965: There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above. https://www.cve.org/CVERecord?id=CVE-2025-6965 Signed-off-by: Titouan Christophe <titouan.christophe@mind.be> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit c4c282f8ec2bec752ca41f4cfebe3c34f45ffade) Signed-off-by: Thomas Perale <thomas.perale@mind.be>
This fixes the following vulnerabilities: - CVE-2023-5341: A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. https://www.cve.org/CVERecord?id=CVE-2023-5341 - CVE-2025-55004: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, ImageMagick is vulnerable to heap-buffer overflow read around the handling of images with separate alpha channels when performing image magnification in ReadOneMNGIMage. This can likely be used to leak subsequent memory contents into the output image. This issue has been patched in version 7.1.2-1. https://www.cve.org/CVERecord?id=CVE-2025-55004 - CVE-2025-55005: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, when preparing to transform from Log to sRGB colorspaces, the logmap construction fails to handle cases where the reference-black or reference-white value is larger than 1024. This leads to corrupting memory beyond the end of the allocated logmap buffer. This issue has been patched in version 7.1.2-1. https://www.cve.org/CVERecord?id=CVE-2025-55005 - CVE-2025-55160: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, there is undefined behavior (function-type-mismatch) in splay tree cloning callback. This results in a deterministic abort under UBSan (DoS in sanitizer builds), with no crash in a non-sanitized build. This issue has been patched in versions 6.9.13-27 and 7.1.2-1. https://www.cve.org/CVERecord?id=CVE-2025-55160 Signed-off-by: Titouan Christophe <titouan.christophe@mind.be> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 0eefa1095de0f9b18987ac76979b90a55411dc68) Signed-off-by: Thomas Perale <thomas.perale@mind.be>
This is a major version bump, because it could break user code that depends on the (wrong) previous logic fixed by the new release See the release notes: - https://github.com/corydolphin/flask-cors/releases/tag/6.0.0 - https://github.com/corydolphin/flask-cors/releases/tag/6.0.1 This fixes the following vulnerabilities: - CVE-2024-6839: corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching paths, which can lead to less restrictive CORS policies being applied to sensitive endpoints. This mismatch in regex pattern priority allows unauthorized cross-origin access to sensitive data or functionality, potentially exposing confidential information and increasing the risk of unauthorized actions by malicious actors. https://www.cve.org/CVERecord?id=CVE-2024-6839 - CVE-2024-6844: A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. The request.path is passed through the unquote_plus function, which converts the '+' character to a space ' '. This behavior leads to incorrect path normalization, causing potential mismatches in CORS configuration. As a result, endpoints may not be matched correctly to their CORS settings, leading to unexpected CORS policy application. This can cause unauthorized cross-origin access or block valid requests, creating security vulnerabilities and usability issues. https://www.cve.org/CVERecord?id=CVE-2024-6844 - CVE-2024-6866: corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the `try_match` function, which is originally intended for matching hosts. This results in a mismatch because paths in URLs are case-sensitive, but the regex matching treats them as case-insensitive. This misconfiguration can lead to significant security vulnerabilities, allowing unauthorized origins to access paths meant to be restricted, resulting in data exposure and potential data leaks. https://www.cve.org/CVERecord?id=CVE-2024-6866 Signed-off-by: Titouan Christophe <titouan.christophe@mind.be> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 04cd135b26406dcc31cb66af1480d53fffe81e59) Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Fixes https://autobuild.buildroot.net/results/bf23e75461877a4ca3a189626f30cf8cde24de36/ Jose unconditionally builds a shared library since v11 with: commit b72f8cad002edc87286dd1f2331c359158c512e8 Author: Rosen Penev <rosenp@gmail.com> Date: Tue May 30 12:18:30 2023 +0300 jose: build library only as shared (#119) Needed because of constructor usage in library. So add a dependency on BR2_SHARED_LIBS. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit f84765314459c0f92c5e7f98746ba08d5d82cf1f) Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Fixes https://autobuild.buildroot.net/results/f32ae62961aac7e8344f4be109040e7de2eb415e/ The openssl logic in ecryptfs uses the openssl engines API, which is always available in libressl, but only available in libopenssl when BR2_PACKAGE_LIBOPENSSL_ENGINES is enabled, leading to build failures when it is not: ecryptfs_key_mod_openssl.c: In function 'ecryptfs_openssl_read_key': ecryptfs_key_mod_openssl.c:305:9: error: implicit declaration of function 'ENGINE_load_builtin_engines' [-Wimplicit-function-declaration] 305 | ENGINE_load_builtin_engines(); Fix it by only passing --enable-openssl if libressl or (libopenssl + engines support) is enabled. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 2f309a6e0f969c2baf9e5c1598c80aba0049742d) Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The build of avrdude sometimes fails with: avrdude: installs files in /home/autobuild/autobuild/instance-1/output-1/target//home/autobuild/autobuild/instance-1/output-1 This is due to an issue in the installation logic for the Python code. However, our avrdude.mk doesn't explicitly support building avrdude's Python support, so it's really only by luck (or lack thereof) that sometimes host-swig and python3 end up built before avrdude, causing avrdude to build its Python support, which installs at the wrong location. In order to address this, we add a small patch, submitted upstream, that allows to explicitly disable Python support, which we then use in avrdude.mk. The actual Python issue can be investigated at a later point if someone needs it. But in any case, being able to explicitly disable Python support if not needed is useful. Fixes: http://autobuild.buildroot.net/results/f18d47289d8b4dee768275a468c25b4f4399cf8c/ Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit d3229d7fa0a583ee1d0796b570c1990f1e5fd582) Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Now that firewalld has been fixed for Python 3.13,
TestFirewalldSysVInit still fail at runtime due to missing nftables json
support [1].
cat /var/log/firewalld
2025-09-02 21:34:50 Traceback (most recent call last):
File "/usr/lib/python3.13/site-packages/firewall/core/fw.py", line 649, in start
File "/usr/lib/python3.13/site-packages/firewall/core/fw.py", line 613, in _start
File "/usr/lib/python3.13/site-packages/firewall/core/fw.py", line 510, in _start_apply_objects
File "/usr/lib/python3.13/site-packages/firewall/core/fw_transaction.py", line 133, in execute
firewall.errors.FirewallError: COMMAND_FAILED: 'python-nftables' failed: Error: syntax error, unexpected '{'
{"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"table": {"family": "inet", "name": "firewalld"}}}, {"delete": {"table": {"family": "inet", "name": "firewalld"}}}, {"add": {"table": {"family": "inet", "name": "firewalld"}}}]}
^
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/11198422467 (TestFirewalldSystemd)
[1] firewalld/firewalld@1582c5d
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 6e9ede1d79513f4b54e35be557968f63dbb3aaa9)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Fixes http://autobuild.buildroot.net/results/bc52c072121286ddde3eee98ac28feb98f33dbbd/ The package has not been updated in 15 years (since commit 60ce1b0 "Bump netstat-nat to 1.4.10"), the upstream URL is gone and the package fails to build on modern gcc versions because of missing prototypes, so drop it. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit bbb0164de08f761a3399c961700db44befff5c70) Signed-off-by: Thomas Perale <thomas.perale@mind.be>
On the autobuilder the mariadb package fails to build when the
BR2_PACKAGE_LIBOPENSSL_ENABLE_RMD160 variable is not set.
See the following autobuilder error:
```
/workdir/instance-0/output-1/build/mariadb-10.11.11/libmariadb/libmariadb/secure/openssl_crypt.c: In function 'ma_hash_get_algorithm':
/workdir/instance-0/output-1/build/mariadb-10.11.11/libmariadb/libmariadb/secure/openssl_crypt.c:40:12: error: implicit declaration of function 'EVP_ripemd160'; did you mean 'LN_ripemd160'? [-Wimplicit-function-declaration]
40 | return EVP_ripemd160();
| ^~~~~~~~~~~~~
| LN_ripemd160
/workdir/instance-0/output-1/build/mariadb-10.11.11/libmariadb/libmariadb/secure/openssl_crypt.c:40:12: error: returning 'int' from a function with return type 'const EVP_MD *' {aka 'const struct evp_md_st *'} makes pointer from integer without a cast [-Wint-conversion]
40 | return EVP_ripemd160();
| ^~~~~~~~~~~~~~~
```
This error can be reproduced with the following config:
```
cat <<EOF >.config
BR2_arm=y
BR2_cortex_a7=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_PACKAGE_LIBOPENSSL=y
# BR2_PACKAGE_LIBOPENSSL_ENABLE_RMD160 is not set
BR2_PACKAGE_MARIADB=y
EOF
make olddefconfig
make mariadb
```
This patch adds a requirement to the RMD160 crypto for the MariaDB
package.
Fixes: https://autobuild.buildroot.org/results/f2b/f2b749cb7019856c5434c27987e8bfb2dc179cda
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5ce1d6f01736cf8c41b7a191e2e35b7f9efb50b4)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The swipl runtime test is unreliable, depending on the execution speed of its runner or local host. Running on a build server, the last test resolve the sudoku in 30sec while the timeout is 10sec. # time swipl -g top -t halt /root/sudoku.pl Sudoku solution: [9, 8, 7, 6, 5, 4, 3, 2, 1]. [2, 4, 6, 1, 7, 3, 9, 8, 5]. [3, 5, 1, 9, 2, 8, 7, 4, 6]. [1, 2, 8, 5, 3, 7, 6, 9, 4]. [6, 3, 4, 8, 9, 2, 1, 5, 7]. [7, 9, 5, 4, 6, 1, 8, 3, 2]. [5, 1, 9, 2, 8, 6, 4, 7, 3]. [4, 7, 2, 3, 1, 9, 5, 6, 8]. [8, 6, 3, 7, 4, 5, 2, 1, 9]. real 0m 28.53s user 0m 27.99s sys 0m 0.51s Increase the timout to 120sec. Note: On Gitlab-CI, every emulator timeout are increased by a factor 10 to avoid sporadic failures in elastic runners. https://gitlab.com/buildroot.org/buildroot/-/blame/2025.08-rc3/support/misc/gitlab-ci.yml.in?ref_type=tags#L101 Cc: Julien Olivain <ju.o@free.fr> Signed-off-by: Romain Naour <romain.naour@smile.fr> Signed-off-by: Julien Olivain <ju.o@free.fr> (cherry picked from commit dac94834cc7db00b47576cf44c7841ed12a1d55f) Signed-off-by: Thomas Perale <thomas.perale@mind.be>
stime() has been deprecated in glibc 2.31 [1] and replaced with clock_settime(). Let's replace the stime() function call used in BR2_PACKAGE_OPENJDK_JNI_TEST sources with clock_settime(). Apply the same change as busybox [2]. Make sure that timeToSet has been zeroed. With that fixed, the test "Call Native Library to Set System Time" succeed: [BRTEST# java -cp /usr/bin JniTest Test: Get JNI Version passed Test: Read Native String Constant passed Test: Write Java String to Native Library passed Test: Write Java Char Array to Native Library passed Test: Write String Member to Native Library passed Test: Set String Member from Native Library passed Test: Execeute Java Function from Native Library passed Test: Instantiate Java Class passed Test: Call Native Library to Set System Time passed [BRTEST# echo $? 0 The last external toolchain using a glibc 2.30 was the Bootlin aarch64--glibc--bleeding-edge-2020.02-2, so since then TestOpenJdk is broken. Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/11176774851 [1] https://lists.gnu.org/archive/html/info-gnu/2020-02/msg00001.html [2] https://git.busybox.net/busybox/commit/?id=d3539be8f27b8cbfdfee460fe08299158f08bcd9 [3] https://toolchains.bootlin.com/downloads/releases/toolchains/aarch64/readmes/aarch64--glibc--bleeding-edge-2020.02-2.txt Signed-off-by: Romain Naour <romain.naour@smile.fr> Signed-off-by: Julien Olivain <ju.o@free.fr> (cherry picked from commit 681b92664da62f807f836a8c28ecbf54b7ca6818) Signed-off-by: Thomas Perale <thomas.perale@mind.be>
In the process of bumping Linux kernel 6.12.10 to 6.12.40, the size of the default Linux kernel Image file for versal products is increasing from 23.4M to 26.9M. This is leaving limited free space in the vfat partition meaning users may unknowingly exceed the 32M size by just adding Linux kernel configs. To avoid potential problems, this patch doubles the size of the vfat partition to 64M, which should be plenty of space for any configuration. Signed-off-by: Neal Frager <neal.frager@amd.com> Signed-off-by: Julien Olivain <ju.o@free.fr> (cherry picked from commit dfed1003d9684d59dd1a48052003fa6212566d63) Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The Cadence QSPI driver is broken in version 6.12.36. It was fixed by a subsequent patch: https://lore.kernel.org/all/20250730093234.216392179@linuxfoundation.org/ Which was later backported to the 6.12 stable branch. Bump the kernel version to the latest 6.12.x stable version to fix QSPI support. Signed-off-by: Romain Gantois <romain.gantois@bootlin.com> Signed-off-by: Julien Olivain <ju.o@free.fr> (cherry picked from commit b24cc7f5015fe3460ef43a1396cdfe222c2273e0) Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Commit 759a08633e ("package/mbpfan: fix build on musl / uclibc-ng") added a
patch for musl / uclibc-ng, but the upstream patch did not correctly apply
to the 2.4.0 release, breaking the build.
Fix that. In the mean time the patch has been applied upstream, so add a
reference to the upstream commit.
Fixes:
https://autobuild.buildroot.net/results/785be6231c1edc4e5461ce083a3d65fd27fc5843/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 717138c83c857d1dd119750f1af6eda033d9206f)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Changelog: https://exiv2.org/whatsnew.html https://github.com/Exiv2/exiv2/blob/v0.28.7/doc/ChangeLog Release notes of 0.28.0 with a long list of security-related fixes: Exiv2/exiv2#2406 (comment) 0.28.1 fixed CVE-2023-44398: Exiv2/exiv2#2813 0.28.2 fixed CVE-2024-24826 & CVE-2024-25112: Exiv2/exiv2#2914 0.28.3 fixed CVE-2024-39695: Exiv2/exiv2#3008 0.28.5 fixed CVE-2025-26623: Exiv2/exiv2#3181 0.28.6 fixed * [CVE-2025-54080](GHSA-496f-x7cq-cq39) * [CVE-2025-55304](GHSA-m54q-mm9w-fp6g) Please read Exiv2/exiv2#2406 for the discussion whether these CVEs are relevant and their status of backporting to the 0.27.x branch. Removed patch which is included in this release. Switch to github helper due to upstream not providing tarballs anymore. Added optional support for inih: Exiv2/exiv2@43c9ec0 and brotli: Exiv2/exiv2@557a5ce both introduced in the 0.28.x branch. Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Julien Olivain <ju.o@free.fr> (cherry picked from commit 5e99e8a38282dbd810450c4be0156ea77e4c6e04) Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Backport an upstream patch adding missing limits.h. https://gitlab.com/buildroot.org/buildroot/-/jobs/11176774630 (TestLuajitUtf8) Signed-off-by: Romain Naour <romain.naour@smile.fr> Signed-off-by: Julien Olivain <ju.o@free.fr> (cherry picked from commit f255b90afcc0e9c163a711bfe483cdf39e45e672) Signed-off-by: Thomas Perale <thomas.perale@mind.be>
…ksec tests
TestRelroPartial is broken since the last checksec update to 2.7.1 [1]
(Buildroot 2024.08) due to a relro check fix [2] that doesn't work for
powerpc architecture where .got.plt doesn't exist for some reasons
(that's why the expected result "full" is replaced by "Partial").
From [3]:
if ${readelf} -d "${1}/exe" 2> /dev/null | grep -q 'BIND_NOW' || ! ${readelf} -l "${1}/exe" 2> /dev/null | grep -q '\.got\.plt'; then
echo_message '\033[32mFull RELRO \033[m ' 'Full RELRO,' ' relro="full"' '"relro":"full",'
else
echo_message '\033[33mPartial RELRO\033[m ' 'Partial RELRO,' ' relro="partial"' '"relro":"partial",'
checksec tool is problably tested upstream on more common architectures
like x86_64 or aarch64 than powerpc64 e5500. This may explain why
checksec broke on powerpc64 e5500 target.
Also, the Booltin powerpc64-e5500--glibc--stable-2018.02-2 toolchain
used by test_hardening tests was not updated since the hardening tests
were introduced back in 2018.11 release.
So, switch to the current Bootling aarch64 stable toolchain
(currently Bootlin aarch64 glibc stable 2025.08-1).
Checked that all 6 hardening tests pass with this new toolchain:
tests.core.test_hardening.TestFortifyConserv
tests.core.test_hardening.TestFortifyNone
tests.core.test_hardening.TestRelro
tests.core.test_hardening.TestRelroPartial
tests.core.test_hardening.TestSspNone
tests.core.test_hardening.TestSspStrong
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/11176773995 (TestRelroPartial)
[1] 6150564
[2] slimm609/checksec@1c80e39
[3] slimm609/checksec@1c80e39#diff-9e8d1b28dfaf1c704560ac51a5613b70d70de2dcd84e87b9fa20f28811e6484aL1491
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 10e289e0a970d2852fea18e3d9833f0f37b2959b)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Since Buildroot commit [1] "update to Bootlin toolchains 2025.08-1", the TestMicroPython segfault when testing if micropython can return a non-zero exit code. micropython -c "import sys ; sys.exit(123)" This issue is related to the gcc version used to build micropython (gcc 14 or newer). Using gcc 13 (like Bootlin toolchain 2024.05-1 previously used) micropython run without issue. The issue has been reported upstream [2] and fixed in newer micropython releases [3]. For now, apply a temporary workaround (suggested in the bug report) using -DMICROPY_NLR_SETJMP=1 only for gcc 14 or newer. MICROPY_NLR_SETJMP avoid the architecture specific implementation of nlr_push. Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/11176774762 (TestMicroPython) [1] https://gitlab.com/buildroot.org/buildroot/-/commit/947dbc92a20c5acea7882166cae7893e6ea661e1 [2] micropython/micropython#14115 [3] micropython/micropython@35f3f0a Signed-off-by: Romain Naour <romain.naour@smile.fr> Signed-off-by: Julien Olivain <ju.o@free.fr> (cherry picked from commit 50bc5aa17b320d91809048d5ef6a110f8c0b9157) Signed-off-by: Thomas Perale <thomas.perale@mind.be>
This reverts commit 1a729cb. The BR2_PACKAGE_NFTABLES_JSON variable is not present on the 2025.02.x branch and was added in commit [1]. The behaviour of commit [1] can be immitated by just selecting BR2_PACKAGE_JANSSON in firewalld. Which is already the case. [1] 2795fecc50 package/nftables: add an option to force JSON support Signed-off-by: Thomas Perale <thomas.perale@mind.be>
See the release notes: - https://docs.djangoproject.com/en/5.1/releases/5.1.12/ This fixes the following vulnerability: - CVE-2025-57833: An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias(). https://www.cve.org/CVERecord?id=CVE-2025-57833 Signed-off-by: Titouan Christophe <titouan.christophe@mind.be> Signed-off-by: Thomas Perale <thomas.perale@mind.be>
This reverts commit dd4299e. The SWIG implementation is not present on version 7.2 avaiable on 2025.02.x. It was introduced in version 8.0 of avrdude [1]. [1] avrdudes/avrdude#1714 Signed-off-by: Thomas Perale <thomas.perale@mind.be>
…4.x series Update the latest kernel releases to: - 6.12.44 -> 6.12.47 - 6.6.103 -> 6.6.106 - 6.1.149 -> 6.1.152 - 5.15.190 -> 5.15.193 - 5.10.241 -> 5.10.244 - 5.4.297 -> 5.4.299 Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
The git.ti.com cgit server continues to be plagued with reliability issues which are reportedly from heavy bot traffic. To combat this the system administrators have removed the archived downloads feature from this server. Switch to TI's Github mirror so new downloads continue to be possible. Signed-off-by: Bryan Brattlof <bb@ti.com> Signed-off-by: Romain Naour <romain.naour@smile.fr> (cherry picked from commit ebf0131e3e832e125c7fb1d9cd333e558eca663d) [thomas: adapt hash to 09.02.00 version] Signed-off-by: Thomas Perale <thomas.perale@mind.be>
On both Buildroot 2025.02.x and master branch, php-lua build fails on
the following error:
lua.c:862:44: error: assignment to 'zend_object_write_property_t' {aka
'struct _zval_struct * (*)(struct _zend_object *, struct _zend_string *,
struct _zval_struct *, void **)'} from incompatible pointer type 'void
(*)(zval *, zval *, zval *, void **)' {aka 'void (*)(struct _zval_struct
*, struct _zval_struct *, struct _zval_struct *, void **)'}
[-Wincompatible-pointer-types]
862 | lua_object_handlers.write_property =
php_lua_write_property;
| ^
lua.c:863:44: error: assignment to 'zend_object_read_property_t' {aka
'struct _zval_struct * (*)(struct _zend_object *, struct _zend_string *,
int, void **, struct _zval_struct *)'} from incompatible pointer type
'zval * (*)(zval *, zval *, int, void **, zval *)' {aka 'struct
_zval_struct * (*)(struct _zval_struct *, struct _zval_struct *, int,
void **, struct _zval_struct *)'} [-Wincompatible-pointer-types]
863 | lua_object_handlers.read_property =
php_lua_read_property;
| ^
make[2]: *** [Makefile:214: lua.lo] Error 1
The error can be reproduced with the following minimal defconfig:
BR2_arm=y
BR2_cortex_a9=y
BR2_ARM_ENABLE_NEON=y
BR2_ARM_ENABLE_VFP=y
BR2_ARM_FPU_NEON=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_PACKAGE_LUA=y
BR2_PACKAGE_PHP=y
BR2_PACKAGE_PHP_LUA=y
This build failure is the result of two events/conditions:
- the update to PHP8 has changed the prototype for
zend_object_read_property_t (see [1]). But at this time, php-lua just
generated a new warning (-Wincompatible-pointer-types)
- using bootlin bleeding-edge toolchain brings in GCC14, which now turns
this warning into a systematic error (see [2])
This issue is still present on the upstream repository, but it has been
fixed on one of its forks. Bring the relevant patch from the fork to
allow building php-lua.
[1] php/php-src@91ef4124e56
[2] https://gcc.gnu.org/gcc-14/porting_to.html#incompatible-pointer-types
Signed-off-by: Alexis Lothoré <alexis.lothore@bootlin.com>
[Romain: update Upstream link]
Signed-off-by: Romain Naour <romain.naour@smile.fr>
(cherry picked from commit b4d8147a9532cbe2abf25d69f58e0c73b82136fb)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
php-lua fails to build in buildroot 2025.08-rc3 on the following error:
in file included from [...]/usr/include/php/Zend/zend.h:32,
from [...]/usr/include/php/main/php.h:31,
from [...]/build/php-lua-2.0.7/lua.c:24:
[...]/build/php-lua-2.0.7/lua.c: In function ‘php_lua_write_property’:
[...]/build/php-lua-2.0.7/lua.c:247:37:
error: ‘val’ undeclared (first use in this function); did you mean
‘zval’?
247 | lua_pushlstring(L, ZSTR_VAL(val), ZSTR_LEN(val));
| ^~~
[...]/usr/include/php/Zend/zend_string.h:66:26:
note: in definition of macro ‘ZSTR_VAL’
66 | #define ZSTR_VAL(zstr) (zstr)->val
| ^~~~
[...]/build/php-lua-2.0.7/lua.c:247:37:
note: each undeclared identifier is reported only once for each function
it appears in
247 | lua_pushlstring(L, ZSTR_VAL(val), ZSTR_LEN(val));
| ^~~
[...]/usr/include/php/Zend/zend_string.h:66:26:
note: in definition of macro ‘ZSTR_VAL’
66 | #define ZSTR_VAL(zstr) (zstr)->val
| ^~~~
make[2]: *** [Makefile:214: lua.lo] Error 1
The issue triggers only if lua interpreter version is lower than 5.2. In
this case, php_lua_write_property calls ZSTR_VAL on the wrong variable.
Fix php-lua build by calling ZSTR_VAL on the correct variable.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/11271124501 (TestPhpLuaLuajit)
Suggested-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Alexis Lothoré <alexis.lothore@bootlin.com>
[Romain: add link to failing TestPhpLuaLuajit]
Signed-off-by: Romain Naour <romain.naour@smile.fr>
(cherry picked from commit a1daf153bf962d1797598943f8c8709ed04e4642)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
… VM CPU Since commit 947dbc92a20c5acea7882166cae7893e6ea661e1 the Bootlin stable toolchain uses headers 5.4, which can lead to build outputs incompatible with older kernels. Update to the latest 5.4 kernel to avoid this. The kernel config is updated according to the requirements of current Docker, runc, and crun. Additionally switch the CPU of the test VM to Haswell, to avoid dockerd failing to start with a "This program can only be run on AMD64 processors with v3 microarchitecture support" error. Signed-off-by: Fiona Klute (WIWA) <fiona.klute@gmx.de> Signed-off-by: Romain Naour <romain.naour@smile.fr> (cherry picked from commit efe00fb3fb1c6ab34794a2a19cc71caef1afdcd9) Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The WHENCE file [1] indicates ath10k's license file is LICENSE.QualcommAtheros_ath10k license and not LICENCE.atheros_firmware. [1] https://gitlab.com/kernel-firmware/linux-firmware/-/blob/20250627/WHENCE#L3700 Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr> [Julien: add link to WHENCE file] Signed-off-by: Julien Olivain <ju.o@free.fr> (cherry picked from commit 752fc349a05910a08b08467e2f28fd80f1c239a1) Signed-off-by: Thomas Perale <thomas.perale@mind.be>
diff LICENSE: - 2015-2019 Daurnimator <quae@daurnimator.com> + 2015-2025 Daurnimator <quae@daurnimator.com> Signed-off-by: Francois Perrad <francois.perrad@gadz.org> Signed-off-by: Julien Olivain <ju.o@free.fr> (cherry picked from commit cdb1407c0c6a9a7697e61419431cd4f1ccce08b8) Signed-off-by: Thomas Perale <thomas.perale@mind.be>
This fixes the following vulnerability: - CVE-2025-8869: When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python version that implements PEP 706. Note that this is a vulnerability in pip's fallback implementation of tar extraction for Python versions that don't implement PEP 706 and therefore are not secure to all vulnerabilities in the Python 'tarfile' module. If you're using a Python version that implements PEP 706 then pip doesn't use the "vulnerable" fallback code. Mitigations include upgrading to a version of pip that includes the fix, upgrading to a Python version that implements PEP 706 (Python >=3.9.17, >=3.10.12, >=3.11.4, or >=3.12), applying the linked patch, or inspecting source distributions (sdists) before installation as is already a best-practice. https://www.cve.org/CVERecord?id=CVE-2025-8869 Signed-off-by: Titouan Christophe <titouan.christophe@mind.be> Signed-off-by: Julien Olivain <ju.o@free.fr> (cherry picked from commit 78d687d2d236ea69cbb8e4d2a67c485bdfe3fe61) Signed-off-by: Thomas Perale <thomas.perale@mind.be>
This bump includes the security fix for CVE-2025-59375. Release notes: https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes Fixes: https://www.cve.org/CVERecord?id=CVE-2025-59375 Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com> Signed-off-by: Julien Olivain <ju.o@free.fr> (cherry picked from commit 130b35ddcf6370d73081eaf9fa49aeb576074552) Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Release notes: https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.8/ReleaseNotes https://forum.torproject.org/t/alpha-and-stable-release-0-4-8-18-and-0-4-9-3-alpha/20578 Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Julien Olivain <ju.o@free.fr> (cherry picked from commit 66ef333884a93d8acea0286fcd9f6ee0b8e1c0f9) Signed-off-by: Thomas Perale <thomas.perale@mind.be>
For release note, see: https://ghostscript.readthedocs.io/en/gs10.06.0/News.html This fixes the following vulnerabilities: - CVE-2025-59798: Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdf_write_cmap in devices/vector/gdevpdtw.c. https://www.cve.org/CVERecord?id=CVE-2025-59798 - CVE-2025-59799: Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfmark_coerce_dest in devices/vector/gdevpdfm.c via a large size value. https://www.cve.org/CVERecord?id=CVE-2025-59799 - CVE-2025-59800: In Artifex Ghostscript through 10.05.1, ocr_begin_page in devices/gdevpdfocr.c has an integer overflow that leads to a heap- based buffer overflow in ocr_line8. https://www.cve.org/CVERecord?id=CVE-2025-59800 - CVE-2025-59801: In Artifex GhostXPS before 10.06.0, there is a stack-based buffer overflow in xps_unpredict_tiff in xpstiff.c because the samplesperpixel value is not checked. https://www.cve.org/CVERecord?id=CVE-2025-59801 Also remove patch that is now applied upstream, and add new patch from upstream to fix a compilation issue on 32bits platforms Signed-off-by: Titouan Christophe <titouan.christophe@mind.be> [Julien: - add link to release note in commit log - fix URL in hash file comment ] Signed-off-by: Julien Olivain <ju.o@free.fr> (cherry picked from commit 6f984089c0ff103fca50617c9fa033eaadf61e51) Signed-off-by: Thomas Perale <thomas.perale@mind.be>
This fixes the following vulnerabilities: - CVE-2024-57822: In Raptor RDF Syntax Library through 2.0.16, there is a heap-based buffer over-read when parsing triples with the nquads parser in raptor_ntriples_parse_term_internal(). https://www.cve.org/CVERecord?id=CVE-2024-57822 - CVE-2024-57823: In Raptor RDF Syntax Library through 2.0.16, there is an integer underflow when normalizing a URI with the turtle parser in raptor_uri_normalize_path(). https://www.cve.org/CVERecord?id=CVE-2024-57823 Signed-off-by: Titouan Christophe <titouan.christophe@mind.be> Signed-off-by: Julien Olivain <ju.o@free.fr> (cherry picked from commit e94cd21e7b5f806d5daad3d93ac6712f3e00d6bd) Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Release announce: https://sourceforge.net/p/fetchmail/mailman/message/59193648/ Updated license hash due to copyright year bump: https://sourceforge.net/p/fetchmail/git/ci/62a11ca4064e5b59e57ca7a8fce08c82af259731/ Signed-off-by: Bernd Kuhls <bernd@kuhls.net> [Julien: add link to release announce] Signed-off-by: Julien Olivain <ju.o@free.fr> (cherry picked from commit 2aea00d782aa371e6d6ef6ffdca8b911ce9172a0) [Thomas: pick to include the 6.5.6 security bump] Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Release notes: https://sourceforge.net/p/fetchmail/mailman/message/59196377/ Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Julien Olivain <ju.o@free.fr> (cherry picked from commit 91967008a5d60475fe9a10293a47d3f740161fcb) [Thomas: pick to include the 6.5.6 security bump] Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Release notes: https://sourceforge.net/p/fetchmail/mailman/message/59238340/ The COPYING license file was updated in: https://sourceforge.net/p/fetchmail/git/ci/e6597cee1e5261e19106f0f47d11636dcf4161ed/ https://sourceforge.net/p/fetchmail/git/ci/a408d51154616e992be6463b2e75c19f6115ec1a/ This commit updates its hash accordingly. Signed-off-by: Bernd Kuhls <bernd@kuhls.net> [Julien: fix COPYING license file hash] Signed-off-by: Julien Olivain <ju.o@free.fr> (cherry picked from commit 8082b26a2be1669d9d55b19873d2b2b5e99c77b0) [Thomas: pick to include the 6.5.6 security bump] Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Release notes: https://sourceforge.net/p/fetchmail/mailman/message/59241831/ CVE pending assignment by MITRE: https://fetchmail.sourceforge.io/fetchmail-SA-2025-01.txt Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Julien Olivain <ju.o@free.fr> (cherry picked from commit 7cb507b31c7eb815e0446ff8ba9bc45e83783072) Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The board/versal/post-image.sh script has an unnecessary mkdir command:
mkdir -p "${BINARIES_DIR}"
This directory is created before calling the post image scripts,
in [1].
Just above the command, the script is making a symlink for the Linux DTB in
the ${BINARIES_DIR}, so if the ${BINARIES_DIR} did not already exist with
images inside, the script would fail regardless of whether this mkdir is
executed or not.
For this reason, remove the mkdir call from the script because it is not
necessary.
[1] https://gitlab.com/buildroot.org/buildroot/-/blob/2025.08/Makefile#L829
Signed-off-by: Neal Frager <neal.frager@amd.com>
[Julien: add a link showing where the directory is created]
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 018cf24c80090f1ef091ce1ac0d4a0a1dab3bec3)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Release notes: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812 CVE-2025-20109: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01249.html CVE-2025-22840: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01308.html CVE-2025-22839: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01310.html CVE-2025-22889: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01311.html CVE-2025-20053: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01313.html CVE-2025-26403: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01367.html Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Julien Olivain <ju.o@free.fr> (cherry picked from commit 0a748cddf68bace1ba91a80856aa7ff5f86b0673) Signed-off-by: Thomas Perale <thomas.perale@mind.be>
This fixes the following vulnerabilities: - CVE-2025-59681: An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods (on MySQL and MariaDB). https://www.cve.org/CVERecord?id=CVE-2025-59681 - CVE-2025-59682: An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract() function, used by the "startapp --template" and "startproject --template" commands, allows partial directory traversal via an archive with file paths sharing a common prefix with the target directory. https://www.cve.org/CVERecord?id=CVE-2025-59682 Signed-off-by: Titouan Christophe <titouan.christophe@mind.be> (cherry picked from commit 7bbc66a39e6e18d5298564167b42e56b82c9360a) Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Release notes: https://lists.gnupg.org/pipermail/gnupg-announce/2025q3/000496.html Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit d73458b3a5d15d7058835cf296cb4e5a452b2b51) Signed-off-by: Thomas Perale <thomas.perale@mind.be>
This bump includes the security fix for CVE-2025-24356. Fixes: https://www.cve.org/CVERecord?id=CVE-2025-24356. The COPYRIGHT file was renamed to LICENSE [1]. The hash file was updated because a date was removed [2] and the libmnl version was updated [3]. Release notes: https://fastd.readthedocs.io/en/stable/releases/v23.html [1] neocturne/fastd@fa88c73 [2] neocturne/fastd@318c944 [3] neocturne/fastd@c08a3d5 Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com> [Peter: update FASTD_LICENSE_FILES] Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 2b5bcfd626b3d861887518ab5fb99f96d62db7ac) Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The roseapplepi defconfig fails to build u-boot since the move to GCC 15.x: https://gitlab.com/buildroot.org/buildroot/-/jobs/11501385206 The issues are mainly related to missing includes, but given that the build has been broken for a while, there is no mainline u-boot support for the platform and the minimal kernel support has not seen any updates since it was added for v5.15, just drop the defconfig. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 56091a581854a501bc9384536d18cbbf1e86b659) Signed-off-by: Thomas Perale <thomas.perale@mind.be>
See here for changes: https://github.com/ruby/ruby/releases/tag/v3_4_4 https://github.com/ruby/ruby/releases/tag/v3_4_5 https://github.com/ruby/ruby/releases/tag/v3_4_6 Signed-off-by: Waldemar Brodkorb <wbx@openadk.org> Signed-off-by: Julien Olivain <ju.o@free.fr> (cherry picked from commit 38d49568da243b11620a58cb55420a9746653eef) Signed-off-by: Thomas Perale <thomas.perale@mind.be>
…c 14
With the change to default to gcc 14.x with commit 1e1fafa1f0f5
("package/gcc: switch to GCC 14.x as the default"), the old u-boot version
no longer builds:
board/ti/am57xx/board.c:948:17: error: implicit declaration of function 'do_cape_detect'; did you mean 'do_board_detect'? [-Wimplicit-function-declaration]
https://gitlab.com/buildroot.org/buildroot/-/jobs/11570241744
So move to u-boot 2025.04 to fix that. We still need a small patch as
(early) beagleboneai boards do not have the EEPROM (or eMMC partition)
populated, so include the bb.org patch from
beagleboard/u-boot@0b161f8
The new u-boot version needs both openssl and gnutls on the host, so enable
them.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Julien: remove patch entry in .checkpackageignore to
fix check-package error
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 7ec419fb9c07292dc28b87ccb0ed35b00437dd16)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
And adjust the dtb path to the new subdir after commit 724ba6751532 ("ARM:
dts: Move .dts files to vendor sub-directories") in v6.5.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit e993272b324da933c7684670da07f388c4210201)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
…ling When commit bbdcb75 ("package/python-pyopenssl: bump to version 25.0.0") has been added, it has silently introduced a new dependency on typing_extensions that has not been ported in the corresponding Config.in, resulting in failures at runtime when trying to import the module: ModuleNotFoundError: No module named 'typing_extensions' The upstream project has indeed introduced the following deprecation handling snippet with commit 1b2b0ed21986 ("Use type-level deprecations (#1389)"): if sys.version_info >= (3, 13): from warnings import deprecated elif sys.version_info < (3, 8): _T = typing.TypeVar("T") def deprecated(msg: str, **kwargs: object) -> Callable[[_T], _T]: return lambda f: f else: from typing_extensions import deprecated This then breaks systems with pyopenssl >= 25.0.0, python < 3.13, python >= 3.8, and without typing_extensions. Fix the missing dependency by adding it explicitely in pyopenssl Config.in Signed-off-by: Alexis Lothoré <alexis.lothore@bootlin.com> Signed-off-by: Thomas Perale <thomas.perale@mind.be>
…4.x series Update the latest kernel releases to: - 6.12.49 -> 6.12.51 - 6.6.108 -> 6.6.110 - 6.1.154 -> 6.1.155 - 5.15.193 -> 5.15.194 - 5.10.244 -> 5.10.245 - 5.4.299 -> 5.4.300 Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
fixes CVE-2025-9230, CVE-2025-9231, CVE-2025-9232 see https://github.com/openssl/openssl/releases/tag/openssl-3.4.3 Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be> Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
Release 2025.02.7
frenck
approved these changes
Oct 13, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Changed packages (ova defconfig):