package/xterm: bump version to 363

Changelog: https://invisible-island.net/xterm/xterm.log.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/zziplib: bump version to 0.13.72

Changelog: https://github.com/gdraheim/zziplib/blob/master/ChangeLog

Upstream switched the project to cmake and deprecated automake:
https://github.com/gdraheim/zziplib/commit/5116d90fef820db8a9b3e52ab5a6a11f84dcfc9d

Removed dependency to host-python3 as it is needed only for tests:
https://github.com/gdraheim/zziplib/blob/master/test/CMakeLists.txt#L21

Remove GNUmakefile to fix build error as the real makefile is Makefile.
GNUnamefile includes files which do not exist after configure and fails
to include Makefile:
https://github.com/gdraheim/zziplib/blob/master/GNUmakefile#L60

Added optional dependency to SDL2.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/mpv: bump version to 0.33.0

rsound support was removed:
https://github.com/mpv-player/mpv/commit/4583bd8cc7bf538bce424983d49729c934d13a53

libass is now mandatory:
https://github.com/mpv-player/mpv/commit/0b9ed9c2744ada1eefc1f254c5f3ade6c626ed72
Propagate new dependencies to tovid.

libsmbclient support was removed:
https://github.com/mpv-player/mpv/commit/3b8b7cb9d481828953f105f92bacc07a3cb2f332

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libnss: bump version to 3.60.1

Bump version to 3.60.1 and remove local patch that has been upstreamed.

Release Notes:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.60_1_release_notes

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

toolchain/toolchain-external/toolchain-external-bootlin: update PowerPC 440 FP toolchain

The Bootlin PowerPC 440 FP toolchain was rebuilt in version 2020.08-2,
which is rebased on Buildroot 2020.08.3 as that includes a fix for
SecurePLT support.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libcap-ng: set LIBCAP_NG_CPE_ID_VALID

cpe:2.3:a:libcap-ng_project:libcap-ng is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibcap-ng_project%3Alibcap-ng

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/json-c: set JSON_C_CPE_ID_VALID

cpe:2.3:a:json-c_project:json-c is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ajson-c_project%3Ajson-c

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/lftp: set LFTP_CPE_ID_VALID

cpe:2.3:a:lftp_project:lftp is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alftp_project%3Alftp

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/lcms2: add CPE variables

cpe:2.3:a:littlecms:little_cms is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alittlecms%3Alittle_cms

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/hiredis: add HIREDIS_CPE_ID_VENDOR

cpe:2.3:a:redislabs:hiredis is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aredislabs%3Ahiredis

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/cairo: add CAIRO_CPE_ID_VENDOR

cpe:2.3:a:cairographics:cairo is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Acairographics%3Acairo

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libmaxminddb: add LIBMAXMINDDB_CPE_ID_VENDOR

cpe:2.3:a:maxmind:libmaxminddb is a valid CPE identifier for this
package:

   https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Amaxmind%3Alibmaxminddb

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/domoticz: add DOMOTICZ_CPE_ID_VENDOR

cpe:2.3:a:domoticz:domoticz is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Adomoticz%3Adomoticz

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/wolfssl: add WOLFSSL_CPE_ID_VENDOR

cpe:2.3:a:wolfssl:wolfssl is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Awolfssl%3Awolfssl

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gst1-python: bump version to 1.18.3

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gst-omx: bump version to 1.18.3

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gstreamer1-editing-services: bump version to 1.18.3

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gst1-rtsp-server: bump version to 1.18.3

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gst1-vaapi: bump version to 1.18.3

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gst1-libav: bump version to 1.18.3

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gst1-devtools: bump version to 1.18.3

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gst1-plugins-ugly: bump version to 1.18.3

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gst1-plugins-bad: bump version to 1.18.3

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gst1-plugins-good: bump version to 1.18.3

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gst1-plugins-base: bump version to 1.18.3

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gstreamer1: bump version to 1.18.3

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/mesa3d: unconditionally needs expat

mesa3d should only need expat for a limited set of drivers. However,
the condition in their meson.build is borked:

    required: not with_platform_android or with_any_broadcom or with_any_intel

So, as soon as the platform is not android, expat is required. If it
is not already present in the configuraiotn, then meson will try to be
helpful and will try to download its own copy under the table:

    Run-time dependency expat found: NO (tried pkgconfig and cmake)
    Looking for a fallback subproject for the dependency expat
    Downloading expat source from https://github.com/libexpat/libexpat/releases/download/R_2_2_5/expat-2.2.5.tar.bz2
    <urlopen error unknown url type: https>
    A fallback URL could be specified using source_fallback_url key in the wrap file

    ../O/build/mesa3d-20.3.3/meson.build:1366:2: ERROR: could not get https://github.com/libexpat/libexpat/releases/download/R_2_2_5/expat-2.2.5.tar.bz2 is the internet available?

Ideally, we would like to fix the condition in the meson.build, to drop
the spurious and dubious condition on the android platform. However it
is not totally obvious what the prupose was, and expat compiles quikly,
so we just add expat as an unconditional mandatory dependency.

Fixes:
    http://autobuild.buildroot.org/results/f71865771482b1d71d12e77767d236ca693785d5/
    http://autobuild.buildroot.org/results/98290b9681a38b3be820017823a4a4196d474476/
    ....

Reported-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Fabio Estevam <festevam@gmail.com>
[yann.morin.1998@free.fr:
  - make it a generic fix, not tied to freedreno, reported by Fabio
  - rewrite commit log to explain the root cause
  - also reported about virgl, by Titouan
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/mesa3d: fix gallium-xa configure option

Fixes build warning:

output/build/mesa3d-20.3.2/meson.build:727: WARNING:
 gallium-xa option "false" deprecated, please use "disabled" instead.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

configs/snps_archs38_hsdk_defconfig: enable C++ support

Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
[yann.morin.1998@free.fr: only enable C++]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

configs/snps_archs38_hsdk_defconfig: use hard-float

Hard-float support is pretty stable, so make that default for HSDK
boards.

The hard-float setting is a bit convulated since current ARC gcc lacks
--with-fpu - so this is done with BR2_TARGET_OPTIMIZATION

Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
[yann.morin.1998@free.fr: split off into its own commit]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

configs/snps_archs38_hsdk_defconfig: switch to glibc

We are no longer actively working on uClibc, so make that default
for HSDK boards.

Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
[yann.morin.1998@free.fr: drop enabling hard float]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

configs/snps_archs38_hsdk_defconfig: refresh defconfig

No config changes done

| make snps_archs38_hsdk_defconfig
| make savedefconfig

Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

ARC: Add support for generic HS48 processor

For the HS48 processor, BR currently builds with -mcpu=hs4x_rel31 which
generates suboptimal code as it inhibits delay slot and back-back ST and so on.

Enable a new variant to build with -mcpu=hs4x for normal codegen.

Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
[yann.morin.1998@free.fr:
  - simplify dependencies on MMU page size
  - wrap long lines
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/linux-pam: drop useless LINUX_PAM_CPE_ID_NAME definition

This definition is useless, because it is equal to the default value
of <pkg>_CPE_ID_NAME as calculated by generic-package.

Before and after this patch, the CPE ID calculated for the linux-pam
package is exactly the same, according to "make linux-pam-show-info".

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

linux, package: do not use <pkg>_NAME when defining CPE ID variables

As we discussed on the mailing list, using $(<pkg>_NAME) when defining
CPE ID variables feels a bit odd and needlessly complicated. Just use
the package name directly.

Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/ntp: add CPE ID variables

cpe:2.3:a:ntp:ntp is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Antp%3Antp

The specification of the version needs to be reworked a little
bit. Indeed, versions look like 4.2.8p15. For the download, we need to
extract 4.2 as the folder is named ntp-4.2. However, for the CPE ID we
need to extract 4.2.8 and p15 into two separate fields.

So, we set:

NTP_VERSION_MAJOR = 4.8
NTP_VERSION_MINOR = 2
NTP_VERSION_POINT = 15

and construct the version:

NTP_VERSION = $(NTP_VERSION_MAJOR).$(NTP_VERSION_MINOR)p$(NTP_VERSION_POINT)

Note that the choice of "point" comes from
http://support.ntp.org/bin/view/Main/ReleaseNumberingScheme, which
states "The letter p followed by an increasing number indicates a
Point (i.e. incremental) Release.".

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/thrift: add THRIFT_CPE_ID_VENDOR

cpe:2.3:a:apache:thrift is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aapache%3Athrift

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/binutils: add BINUTILS_CPE_ID_VENDOR

cpe:2.3:a:gnu:binutils is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnu%3Abinutils

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/tcpreplay: add TCPREPLAY_CPE_ID_VENDOR

cpe:2.3:a:tcpreplay:tcpreplay is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atcpreplay%3Atcpreplay

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/flatbuffers: add FLATBUFFERS_CPE_ID_VENDOR

cpe:2.3:a:google:flatbuffers is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agoogle%3Aflatbuffers

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gdk-pixbuf: add GDK_PIXBUF_CPE_ID_VENDOR

cpe:2.3:a:gnome:gdk-pixbuf is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnome%3Agdk-pixbuf

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/wavpack: set WAVPACK_CPE_ID_VENDOR

cpe:2.3:a:wavpack:wavpack is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Awavpack%3Awavpack

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/jhead: set JHEAD_CPE_ID_VALID

cpe:2.3:a:jhead_project:jhead is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ajhead_project%3Ajhead

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/erofs-utils: bump version to 1.2.1

- minor maintainence release mainly to address exist build issues;
- remove the following patches since all have been upstreamed:
    0001-erofs-utils-fix-multiple-definition-of-sbi.patch;
    0002-erofs-utils-fuse-fix-linking-when-using-with-selinux.patch;
    0003-erofs-utils-fuse-disable-backtrace-if-unsupported.patch.

Signed-off-by: Gao Xiang <hsiangkao@aol.com>
[yann.morin.1998@free.fr: two spaces in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

configs/qemu_s390x_defconfig: bump kernel version to 5.10.7

Signed-off-by: Alexander Egorenkov <egorenar@linux.ibm.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/freescale-imx/firmware-imx: fix the VPU firmware location

The mainline kernel searches the coda VPU firmware inside the following
locations [1]:

/lib/firmware/
/lib/firmware/vpu/

Currently Buildroot installs the coda firmware into /lib/firmware/imx/vpu,
which is not a valid location.

Fix it by installing the coda firmwares into /lib/firmware/vpu/ which
is a valid path for both mainline and NXP vendor kernels. Also create a
symlink to /lib/firmware/ so that mainline kernels do not need to wait
more than 60 seconds to search again inside /lib/firmware/vpu/.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=8af7779f3cbc1f6720d15f00abc797493710d1ab

Reported-by: Romain Naour <romain.naour@gmail.com>
Suggested-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Acked-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/bluez-alsa: bump to version 3.0.0

Drop upstream patch which is included in the new version.

Add additional config option `--enable-a2dpconf` to build small (13 kB)
utility `a2dpconf` which does not depend on any external dependencies.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gmp: bump version to 6.2.1

Release notes: https://gmplib.org/gmp6.2

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/upmpdcli: bump to version 1.5.8

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libupnpp: bump to version 0.20.2

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/openldap: add OPENLDAP_CPE_ID_VENDOR

cpe:2.3:a:openldap:openldap is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aopenldap%3Aopenldap

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

configs/kontron_smarc_sal28: integrate RCW into rootfs image

Integrate the RCW into the storage device image, so the image can also
be used a boot source. The SoC expects the RCW at offset 4096 of the SD
card or eMMC.

Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/rcw-smarc-sal28: new package

Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

configs/kontron_smarc_sal28: enable u-boot

Enable building of the bootloader and integrate it into the resulting
image.

Signed-off-by: Michael Walle <michael@walle.cc>
Tested-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/{mesa3d, mesa3d-headers}: bump version to 20.3.3

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/wolfssl: security bump to version 4.6.0

- Fix CVE-2020-36177: RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL
  before 4.6.0 has an out-of-bounds write for certain relationships
  between key size and digest size.
- Drop patch (already in version)

https://github.com/wolfSSL/wolfssl/releases/tag/v4.6.0-stable

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gkrellm: fix client build

Set X11_LIBS to avoid the following build failure:

/home/buildroot/autobuild/run/instance-1/output-1/host/bin/aarch64-linux-gnu-gcc main.o alerts.o battery.o base64.o clock.o cpu.o disk.o fs.o hostname.o inet.o mail.o mem.o net.o proc.o sensors.o uptime.o chart.o panel.o config.o gui.o krell.o plugins.o pixops.o client.o utils.o sysdeps-unix.o deprecated.o log.o winops-x11.o  -o gkrellm \
 -L/home/buildroot/autobuild/run/instance-1/output-1/host/bin/../aarch64-buildroot-linux-gnu/sysroot/usr/lib -lgtk-x11-2.0 -lgdk-x11-2.0 -lpangocairo-1.0 -latk-1.0 -lcairo -lgdk_pixbuf-2.0 -lgio-2.0 -lpangoft2-1.0 -lpango-1.0 -lgobject-2.0 -lharfbuzz -lfontconfig -lfreetype -Wl,--export-dynamic -lgmodule-2.0 -lglib-2.0 -lgthread-2.0 -pthread -lglib-2.0   -L/usr/X11R6/lib -lX11 -lSM -lICE  -L/home/buildroot/autobuild/run/instance-1/output-1/host/bin/../aarch64-buildroot-linux-gnu/sysroot/usr/lib -lssl -lcrypto    -lm -Wl,-E
aarch64-linux-gnu-gcc: ERROR: unsafe header/library path used in cross-compilation: '-L/usr/X11R6/lib'

Fixes:
 - http://autobuild.buildroot.org/results/fff9a48efe3818f67a8f4b0fe3a3a605e4985b3b

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gkrellm: fix build with NLS

Fixes:
 - http://autobuild.buildroot.org/results/98d0eda546b09e60eebbd3c3a28493f09dff7e62

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/boost: bump version to 1.75.0

* add option for new library Boost.JSON
* drop patch 0001 as it's applied upstream
* host: disable options that were added over time but never disabled for the host-build

Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/rhash: fix build with uclinux

Fixes:
 - http://autobuild.buildroot.org/results/598ca65cf0c7ecf9ceaecb75868b656570ae00d2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/usbutils: needs gcc >= 4.9

Commit 8a26801c9fad1c7749200e22e9dfdeaeeb65f76e forgot to propagate the
gcc dependency from libusb to usbutils

Fixes:
 - http://autobuild.buildroot.org/results/ed8706a1ead398b5097b046524e710b1d3d0bb1e

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/at: bump to version 3.2.1

There is only one commit between version 3.2.1 and current commit
7c74fa1aece6bc6db351763dc012193d5d634b7e which updates the release file:

https://salsa.debian.org/debian/at/-/commit/6a9efb7dd2bd6a5e5249d9f29938acc639618e9c

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

pkg-generic: host variant use git submodules if target variant does

When a package has both a target and a host variant, and uses git
submodules, and the host variant is downloaded before the target one, we
end up with the generated archive missing the submodules.

This happens in exactly one package in our tree: c-capnproto.

This issue was not caught before because after a few days, the full
sources are added to sources.buildroot.net. So when the hash check
fails, the full tarball is simply downloaded from there.

Propagate the git submodule setting from the target variant to the host
variant, unless the host variant explicitly opted-out.

Fixes:
    http://autobuild.buildroot.org/results/2de9c6c8ce83569d18cc7140ebc60d6fe1aadcbf/

Reported-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/minicom: use official tarball

Use official tarball (this will also have the nice side-effect of making
MINICOM_VERSION compatible with release-monitoring.org)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/shairport-sync: bump to version 3.3.7

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/ncmpc: bump to version 0.42

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/mpd: bump to version 0.22.3

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libdrm: bump version to 2.4.104

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/meson: bump to version 0.56.2

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/wavpack: security bump to version 5.4.0

WavPack 5.4.0 contains a fix for CVE-2020-35738 wherein a specially
crafted WAV file could cause the WAVPACK command-line program to crash
with an out-of-bounds write (see issue #91).

Update hash of COPYING (update in year:
https://github.com/dbry/WavPack/commit/2ce3c069be548e82ea9c05741ace6583e549c6de)

https://github.com/dbry/WavPack/blob/5.4.0/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

{linux, linux-headers}: bump 5.{4, 10}.x 4.{4, 9, 14, 19} series

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/tar: update hash of cpio archive

Commit 37a909cacff9 (package/tar: drop specific version for host variant)
updated the host variant from 1.29 to 1.32.

However, because there is no longer any upper-limit to the version of
tar accepted from the system, and because tests were conducted on a
recent distribution, there was no need to build the host variant of tar.

As a consequence, updating the hash file was missed.

Do so now.

Also switch to using the new two-space separators.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/coremark-pro: clean up package

- Use the COREMARK_PRO_MARKS definition from the build recipe to
  generate the coremark-pro.sh
- Use %x:%X as the date stamp in the results file.

Suggested-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/nvidia-modprobe: new package

nvidia-modprobe package adds a utility and headers for probing the NVIDIA
hardware at runtime.

https://github.com/NVIDIA/nvidia-modprobe

Signed-off-by: Christian Stewart <christian@paral.in>
[Arnout:
 - use upstream Makefile instead of building directly;
 - don't install to staging;
 - remove dependency on host-pkgconf;
 - correct license to GPL-2.0;
 - remove dependency on threads and glibc;
 - add dependency on MMU.]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/libevdev: bump version to 1.10.1

For details see [1].

[1] https://lists.freedesktop.org/archives/input-tools/2021-January/001555.html

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/wireguard-linux-compat: bump version to 1.0.20201221

Fixes a build issue with linux-rt >= 5.4.  For details, see the
announcement:
https://lists.zx2c4.com/pipermail/wireguard/2020-December/006210.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/nano: fix tiny build

Since upstream commit
https://git.savannah.gnu.org/cgit/nano.git/commit/configure.ac?id=235f92ce093099cd81f14827ab842bd331132790

--enable-color --enable-nanorc are needed for libmagic support in tiny
builds.

Fixes:
http://autobuild.buildroot.net/results/248/24894e62d6cf89d078959b12e67596c821d64696/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/pdbg: bump to version v3.2

Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/git: bump version to 2.30.0

For details see [1].

[1] http://lkml.iu.edu/hypermail/linux/kernel/2012.3/03301.html

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/coremark-pro: add dependency on threads

Coremark-pro requires threads so add a depends on
BR2_TOOLCHAIN_HAS_THREADS.

Fixes:
- http://autobuild.buildroot.net/results/ab574485a7856fcf5cd643c154c44b4bfcb34a97/

Signed-off-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/quota: add CPE variables

cpe:2.3:a:jan_kara:linux_diskquota is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ajan_kara%3Alinux_diskquota

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/ed: add ED_CPE_ID_VENDOR

cpe:2.3:a:gnu:ed is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnu%3Aed

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/links: add LINKS_CPE_ID_VENDOR

cpe:2.3:a:twibright:links is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atwibright%3Alinks

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Matthew Weber >matthew.weber@rockwellcollins.com
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/cereal: add CEREAL_CPE_ID_VENDOR

cpe:2.3:a:usc:cereal is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ausc%3Acereal

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libtomcrypt: add LIBTOMCRYPT_CPE_ID_VENDOR

cpe:2.3:a:libtom:libtomcrypt is indeed the right CPE identifier
for this package, as can be seen from:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibtom%3Alibtomcrypt

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/go: add GO_CPE_ID_VENDOR

golang is the correct CPE ID vendor for the go package, see:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agolang%3Ago

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

docs/manual: replace LIBFOO_CPE_ID_PRODUCT

Replace LIBFOO_CPE_ID_PRODUCT by LIBFOO_CPE_ID_NAME

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libupnp: set LIBUPNP_CPE_ID_VALID

cpe:2.3:a:libupnp_project:libupnp is indeed the right CPE identifier
for this package, as can be seen from:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibupnp_project%3Alibupnp

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/netcat: set NETCAT_CPE_ID_VALID

cpe:2.3:a:netcat_project:netcat is indeed the right CPE identifier for
this package, as can be seen from:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Anetcat_project%3Anetcat

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gkrellm: new package

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/frotz: needs threads

Fixes:
 - http://autobuild.buildroot.org/results/8443316d8074bf44a82ceeda4630a9acb1254947

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

configs/qemu_*: bump kernel version to 5.4.88

Bump QEMU defconfigs to latest longterm kernel 5.4.88.

Please note that QEMU boards not based on 5.4.y were ignored:
- qemu_csky810_virt_defconfig
- qemu_csky807_virt_defconfig
- qemu_csky610_virt_defconfig
- qemu_csky860_virt_defconfig

Tests were carried out on all QEMU boards using Gitlab [1] (commit
message was slightly different, but the patch is identical)

Additional actions needed were:
- board/qemu/sh4-r2d: Remove one of the two kernel patches [2] provided
  by Alan Modra fixing rodata alignment, carried here by Romain Naour [3]
  to fix an issue preventing kernel from booting with binutils 2.23.
  Patch is present in upstream Linux now.

[1] https://gitlab.com/clumsyape/buildroot/-/pipelines/239483891
[2] https://www.sourceware.org/ml/binutils/2019-12/msg00112.html
[3] https://git.busybox.net/buildroot/commit/?id=a2331c8a61bdd71c47492efc818fb0458a349219

Signed-off-by: Geoffrey Le Gourriérec <geoffrey.legourrierec@gmail.com>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/nano: drop unrecognized option

wordbounds option has been removed since version 4.0 and
https://git.savannah.gnu.org/cgit/nano.git/commit?id=798695ff1ec0bec2605eb490008f2968a5e8c264

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

{linux, linux-headers}: bump 5.{4, 10}.x 4.{4, 9, 14, 19} series

Drop 5.9 stable (EOL).

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
[Peter: add Config.in.legacy handling for 5.9]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/tar: drop specific version for host variant

Now that we can generate reproducible archives, with all known tar
versions starting with 1.27, we don't need to clamp the host-tar
version to the old 1.29, and can now bump to any later version.

Drop the host-tar version, and use the same as the target variant.

Note that we still need the _SOURCE trick, to avoid depending on tar
to extract the tar tarball...

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>

support/dependencies: drop check for maximal tar version

So far, we checked that the tar present on the host was at most tar
1.29, because tar 1.30 changed the way it generates archives.

Having a maximum tar version requirement meant that we would eventually
always have to build our own host-tar, as distributions are updating
the version they use.

But now, we have found a way to generate reproducible archives starting
with tar 1.27 onward, so we no longer need the check for a maximum tar
version, so we can drop that requirement.

Note: this is semantically a revert of b8fa273d500b (check-host-tar.sh:
blacklist tar 1.30+), but keeping the new, mostly-linear code-path.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>

support/download: change format of archives generated from svn

Like we recently did for git, switch the archives generated from
subversion to be reproducible whatever the tar version.

We have no in-tree users of the svn backend which also has hashes,
so no hash to update.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Heiko Thiery <heiko.thiery@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>

support/download: cleanup svn backend

Commit 89f5e9893 (support/download/svn: generate reproducible svn
archives) did what it said, but can be siplified a bit.

Indeed, we are doing an svn export, so we won't have any of the .svn
directories, neither at the root of the extract, nor in any of the
sub-directories.

As such, we do not need to filter them out  when we generate the list
of files to include in the archive.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Heiko Thiery <heiko.thiery@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>

support/download: change format of archives generated from git

Switch to using the tarball helper, that can generate reproducible
archives whatever the tar version >= 1.27.

However, those archives are not identical to the previous ones generated
in the (now-broken) gnu format.

To avoid any clashing between old and new archives, and new and old
Buildroot versions, we need to name the new generated archives
differently from the existing ones.

So, we bump the git-specific format-version to -br1.

The %ci date  has been supported by git back to 1.6.0, released August
2008); it is not strictly ISO8601, but is still accepted as a PAX date
header. The strict ISO8601 placeholder, %cI, was only introduced with
2.2.0, release in November 2014, so too recent to be widely available.

As the format and the names of the archives changes, we need to update
all the hash files with the new names and hashes.

Of all the bootloaders that have a git download method, vexpress-firmware
is the only one to have a hash. Others have no hash files, or they have
explicitly set BR_NO_CHECK_HASH_FOR.

For the packages, linux-headers is the special snowflake, as the git
download is only for custom git tree, so it is excluded from the hash
verification with BR_NO_CHECK_HASH_FOR.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
    ---8<------8<------8<------8<---
    #!/bin/sh
    # Find and download all packages using git as backend.
    # Manually fix hashes for affected packages.

    # Packages that only have a host variant
    HOST_ONLY='imx-mkimage|mxsldr|netsurf-buildsystem|opkg-utils|prelink-cross|qoriq-rcw|vboot-utils'

    # Packages that have a non-git main _SOURCE, and/or which
    # have BR_NO_CHECK_HASH_FOR for the git _SOURCE
    NOT_GIT='aufs|aufs-util|xenomai|linux-headers'

    export BR2_DL_DIR=$(pwd)/temp-dl-dir

    make defconfig
    make $( git grep -l -E 'SITE_METHOD[[:space:]]*:?=[[:space:]]*git\>|_SITE[[:space:]]*:?=[[:space:]]*git:' \
                boot/vexpress-firmware/ package/ \
            |sed -r -e 's,.*/([^/]+)\.mk,\1,' \
            |sed -r -e '/^('"${NOT_GIT}"')$/d;' \
                    -e 's/^('"${HOST_ONLY}"')/host-\1/;' \
                    -e 's/$/-legal-info/;'
          )

    ---8<------8<------8<------8<---

support/download: add helper to generate a reproducible archive

We currently need to generate reproducible archives in at least two
locations: the git and svn download backends. We also know of some
future potential use (e.g. the other download backends, like cvs, or
in the upcoming download post-processors for vendoring, like cargo
and go).

However, we are currently limited to a narrow range of tar versions
that we support, to create reproducible archives, because the gnu
format we use has changed with tar 1.30.

As a consequence, and as time advances, more and more distros are,
or will eventually start, shipping with tar 1.30 or later, and thus
we need to always build our on host-tar.

Now, thanks to some grunt work by Vincent, we have a set of options
that we can pass tar, to generate reproducible archives back from
tar-1.27 and up through tar-1.32, the latest released version.

However, those options are non-trivial, so we do not want to have
to repeat those (and maintain them) in multiple locations.

Introduce a helper that can generate a reproducible archive from
an input directory.

The --pax-option, to set specific PAX headers, does not accept
RFC2822 timestamps which value are too away from some fixed point
(set atcompile-time?):
    tar: Time stamp is out of allowed range

However, the same timestamps passed as strict compliant ISO 8601 are
accepted, so that's what we expect as a date format.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
    ---8<------8<------8<------8<---
    # Here is a Makefile used to test all the versions of tar, with
    # different output formats and different sets of options:
    # Versions prior to 1.27 do not build on recent machines, because
    # 'gets()' got removed (rightfully so), so don't count them as
    # candidates.
    VERSIONS = 1.27 1.27.1 1.28 1.29 1.30 1.31 1.32
    DATE = Thu 21 May 2020 06:44:11 PM CEST

    TARS = \
     $(patsubst %,test_gnu_%.tar,$(VERSIONS)) \
     $(patsubst %,test_posix_%.tar,$(VERSIONS)) \
     $(patsubst %,test_posix_paxoption_%.tar,$(VERSIONS))

    all: $(TARS)
     sha1sum $(^)

    .INTERMEDIATE: test_%.tar
    test_gnu_%.tar: tar.% list
     ./$(<) cf - -C test \
     --transform="s#^\./#test-version/#" \
     --numeric-owner --owner=0 --group=0 \
     --mtime="$(DATE)" \
     --format=gnu \
     -T list \
     >$(@)
    test_posix_%.tar: tar.% list
     ./$(<) cf - -C test \
     --transform="s#^\./#test-version/#" \
     --numeric-owner --owner=0 --group=0 \
     --mtime="$(DATE)" \
     --format=posix \
     -T list \
     >$(@)
    test_posix_paxoption_%.tar: tar.% list
     ./$(<) cf - -C test \
     --transform="s#^\./#test-version/#" \
     --numeric-owner --owner=0 --group=0 \
     --mtime="$(DATE)" \
     --format=posix \
     --pax-option='delete=atime,delete=ctime,delete=mtime' \
     --pax-option='exthdr.name=%d/PaxHeaders/%f,exthdr.mtime={$(DATE)}' \
     -T list \
     >$(@)

    list: .FORCE
    list: test
     (cd test && find . -not -type d ) |LC_ALL=C sort >$(@)

    LONG = L$$(for i in $$(seq 1 200); do printf 'o'; done)ng
    test: .FORCE
    test:
     rm -rf test
     mkdir -p test/bar
     echo foo >test/Foo
     echo bar >test/bar/Bar
     ln -s bar/Bar test/buz
     echo long >test/Very-$(LONG)-filename
     ln test/Very-$(LONG)-filename \
        test/short

    .PRECIOUS: tar.%
    tar.%: tar-%
     cd $(<) && ./configure
     $(MAKE) -C $(<)
     install -m 0755 $(<)/src/tar $(@)

    .PRECIOUS: tar-%
    tar-%: tar-%.tar.gz
     tar xzf $(<)

    .PRECIOUS: tar-%.tar.gz
    tar-%.tar.gz:
     wget "https://ftp.gnu.org/gnu/tar/$(@)"

    .FORCE:

    clean:
     rm -rf tar-* tar.* test_* test list
    ---8<------8<------8<------8<---