git.libre-soc.org Git - buildroot.git/log

configs/odroidxu4: new defconfig

This patch provides support for the board Odroid XU4. It uses a recent
4.14 kernel released by Hardkernel, and the current u-boot 2017.05
also from Hardkernel.

Signed-off-by: Pierre CROKAERT <pct@crookies.net>
[Thomas:
- Update DEVELOPERS file
- Update .gitlab-ci.yml file
- Simplify the boot.ini script
- Add missing BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_14 option
- Add BR2_PACKAGE_HOST_DOSFSTOOLS and BR2_PACKAGE_HOST_MTOOLS since a
VFAT filesystem is generated
- Keep the default root filesystem size, since it is sufficient.
- Reduce the size of the VFAT filesystem]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

wireguard: bump version to 0.0.20181018

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/mjpg-streamer: needs headers >= 3.16

Upstream commit

https://github.com/jacksonliam/mjpg-streamer/commit/29fb2b9a65630721c539a216225288fba9497c49#diff-fc82978386df1046ac9aac8cbe0a129eR825

added the usage of V4L2_EVENT_SOURCE_CHANGE which was added to kernel
version 3.16 with commit "[media] v4l: Add source change event":
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/include/uapi/linux/videodev2.h?id=3cbe6e5bcad0b102c06b9c6029fda75630045475

To compare:
- linux 3.15 without the commit:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/log/include/uapi/linux/videodev2.h?h=linux-3.15.y
- linux 3.16 is the first kernel with the commit:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/log/include/uapi/linux/videodev2.h?h=linux-3.16.y

Fixes
http://autobuild.buildroot.net/results/4f8/4f8dc7520ee692c665167fda69dc3af66263008f/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/nss-myhostname: Add package

nss-myhostname is helpful to resolve local hostname without domain.
For instance, if we set hostname to myboard and ping myboard
without .local suffix, it fails if /etc/hosts stays unchanged.

nss-myhostname modifies /etc/nsswitch.conf file.
It set myhostname resolution just after files in hosts line,
for example:
hosts: files myhostname mdns4_minimal [NOTFOUND=return] dns

This choice comes from Debian commit [1] and Yocto recipe [2].
Also, nss-myhostname author suggests myhostname should be used as
a backup and appended at the end of hosts line. Both choices are valid.

Discussion on Debian bug tracker [3] gives some details on issue
that may occurs using nss-myhostname (see fqdn).

Note nss-myhostname is already included in systemd, so ensure is conflicts
with it.

[1] http://git.nomeata.de/?p=libnss-myhostname.git;a=commit;h=5104d7f0045df55ee8be526e8c84078750e1e0ed
[2] https://git.yoctoproject.org/cgit.cgi/poky/plain/meta/recipes-support/nss-myhostname/nss-myhostname_0.3.bb
[3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756224

[Peter: simplify sed invocation, adjust Config.in]
Signed-off-by: Vincent Prince <vincent.prince.fr@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

nss-mdns: do not unconditionally override hosts: line in nsswitch.conf

Instead, add mdns4_minimal / mdns4 around the dns entry if missing.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

nss-mdns: drop nsswitch.conf installation logic

With the nsswitch.conf installation logic moved to the post-install-install
hook of the toolchain package, it is guaranteed to be available when
nss-mdns is run - So drop the logic.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

toolchain: move glibc nsswitch.conf handling to a post-target hook

nsswitch.conf is processed both by the toolchain, nss-mdns and
nss-myhostname without any guaranteed ordering in between.

The toolchain package ensures that nsswitch.conf is available, and the two
nss-* packages tweaks the content, so the toolchain processing should run
before the nss-* ones. Toolchain is a dependency of all the packages, so
ensure this is done by moving the toolchain handling to a
post-target-install hook.

Also move the variable to toolchain/toolchain/toolchain.mk where the virtual
toolchain package is defined for clarity.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/nss-mdns: move hook from post-install to finalize

Both nss-mdns and nss-myhostname patch nsswitch.conf file so it needs to be
done at the final stage to support per-package host/target directories.

[Peter: reword]
Signed-off-by: Vincent Prince <vincent.prince.fr@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Revert "cargo-bin: bump version to 0.30.0"

This reverts commit 15c00b9a235d8c087c37c9ad7770f5babbe6348a, because
the hashes do not match the upstream tarballs. We need to understand
what happened rather than blindly fixing the hashes.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

python-fastentrypoints: new package

host-package that is able to shorten the load time of entry_points declared
in setup.py of python packages.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

core: detect and reject build paths which contain an '@'

gcc does not build when the srcdir path contains a '@', because that
path is then substitued in a texi file as argument to an @include
directive. But then, the '@' in the path will start a command evaluation
of its own, thus breaking the build. For example, with a $(O) path set
to /home/ymorin/dev/buildroot/O/to@ti :

    perl ../../gcc/../contrib/texi2pod.pl ../../gcc/doc/invoke.texi > gcc.pod
    ../../gcc/doc/invoke.texi:1678: unknown command `ti'
    ../../gcc/doc/invoke.texi:1678: @include: could not find /home/ymorin/dev/buildroot/O/to/build/host-gcc-initial-7.3.0/build/gcc/../../gcc/../libiberty/at-file.texi

[Peter: use findstring instead of subst/compare]
Reported-by: c32 on IRC
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

xerces: fix build without pthread

Don't fail when pthreads is not available

Fixes:
- http://autobuild.buildroot.org/results/63cc4d3d69db19d0c639437d6996f881888a926b

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

toolchain-external-arm-aarch64-be: fix check-package warning

Fixes:

toolchain/toolchain-external/toolchain-external-arm-aarch64-be/toolchain-external-arm-aarch64-be.mk:12: consecutive empty lines

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/glibc: fix typo in hash file

Fixes:

package/glibc/arc-2018.03-release/glibc.hash:4: expected three fields (http://nightly.buildroot.org/#adding-packages-hash)
package/glibc/arc-2018.03-release/glibc.hash:4: unexpected type of hash (http://nightly.buildroot.org/#adding-packages-hash)

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

toolchain-external: add fortran support option for custom external toolchains

If a custom external toolchain is used, we can't enable the fortran
support. Add a new option for that.

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

qt download site update

The download link was broken, former qt versions are stored into a
distinct location.

Signed-off-by: Francois Gerin <francois.gerin@essensium.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

qt5wayland: remove legacy compile-without-QtQuick patch

Patch was taken from upstream [1], removing it fixes [2]:

  Applying 0001-fix-compilation-without-QtQuick.patch using patch:
  patching file src/compositor/compositor_api/compositor_api.pri
  Reversed (or previously applied) patch detected!  Skipping patch.
  3 out of 3 hunks ignored -- saving rejects to file src/compositor/compositor_api/compositor_api.pri.rej
  patching file src/compositor/hardware_integration/qwlhardwarelayerintegration_p.h
  Reversed (or previously applied) patch detected!  Skipping patch.
  1 out of 1 hunk ignored -- saving rejects to file src/compositor/hardware_integration/qwlhardwarelayerintegration_p.h.rej

[1] http://code.qt.io/cgit/qt/qtwayland.git/commit/?id=2c48ee65e8c3b894caec214641723d0777fc60b8
[2] http://autobuild.buildroot.net/results/0d31817bb4d416d01f4d1bec3e22ce0e5b2ca1c3

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

docs/manual: document location of hash files for multi-versions packages

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package: drop unversioned hash files

The download infra now knows to look for per-version hash files, so we
can now drop the unversioned hash files.

Instead of removing them, add a comment that redirects the developper to
update the per-version hash files instead (so they do not re-add a
unversioned one in the future).

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Gaël Portay <gael.portay@savoirfairelinux.com>
Cc: Peter Seiderer <ps.report@gmx.net>
Cc: Julien Corjon <corjon.j@ecagroup.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

core/download: do not hard-code the path to the package hash file

Now that packges may have hashes for their downloaded files in a
versioned subdir or in the unversioned hash file, we can no longer
hard-code the path to the package hash file anymore.

Instead, we now make use of the per-package variable, that points to the
package hash file.

Note: of the packages for which we offer a version choice, almost none,
but some of the qt5 ones, have a per-version hash file, so we still use
the unversioned hash file for them. As for the few qt5 packages that do
have a per-version hash file for their licensing terms, they've already
been updated to duplicate their download hashes in both the unversioned
and per-version hash files. So, one way or the other, no hash check
would go missing with this change.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package: prepare for per-version hash files

The Qt5 packages may have different licensing terms between the two
versions we support, and in some cases, those different terms are
expressed in similarly named files, like files named plain 'LICENSE' for
example.

Similarly, glibc also has different license files, especially since the
arc version still has libidn, which got dropped from upstream.

This is problematic, because, in a .hash file, we can't store two
different hashes for the same file. We've started to handle this case by
moving the licenses hashes to the per-version sub directories.

However, the hashes for the downloads are still stored inside the non-
versioned hash file of the package, which is not totally coherent: if we
have a per-version hash file, it should list all the hases for that
version, downloads included, and there should be no unversioned hash
file.

In preparation for this, we duplicate the downloads hashes from the main
hash files, and into the versioned ones. Once the download infra learns
to look for those hashes in these per-version subdirs, we'll remove the
unversioned hash files.

Note that, now that we have versioned hash files, the main hash files
will not be used to check license files, so we can already drop the
hashes for license files from the main hash files.

Note also that there are a few other packages for which we support
different versions (binutils, gcc, gdb, lua, xserver_xorg-server,
uboot), but none of those have different licensing terms due to the
version. Qt5 and glibc are alone in this case.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Gaël Portay <gael.portay@savoirfairelinux.com>
Cc: Peter Seiderer <ps.report@gmx.net>
Cc: Julien Corjon <corjon.j@ecagroup.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

legal-info: use the per-package variable to get the hash file

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

core: add a variable that points to the package's hash file

When a package has a version selection (e.g. Qt5), the licensing terms
may be different across versions, but lie in similarly named files (e.g.
'LICENSE').

However, when we check a file, all the hashes for it must match. So, we
can't have the hashes for two different content of the same file. We
overcame that limitation in the legal-license-file macro, which checks
whether a package has a .hash file in a versioned subdir.

For consistency, we would like to also store the source hashes in that
per-version subdir.

Rather than reconstruct the path to the hash file everywhere we need it,
add a variable that points to it.

Existing users will be converted over in followup patches.

Note: the check for a missing hash file is done in the check-hash helper
script, so this variable must always yield a filename, even of a missing
file, thus we do not use $(wildcard...) to resolve the hash file path;
we use $(wildcard...) only to check if the versioned .hash file exists.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/mjpg-streamer: bump version

This bump includes

https://github.com/jacksonliam/mjpg-streamer/commit/588db286da461ac5c02277b511ab58a7bf3f752f
https://github.com/jacksonliam/mjpg-streamer/commit/3b7d04d28a39bc697f5bd77f1072430692ac9f8b

which fixes building without c++:

http://autobuild.buildroot.net/results/1da/1da75a9d9b6e4d04d39117d2915c1d195dcae002/
http://autobuild.buildroot.net/results/3da/3da3f4099ccf62a314c099c5720dd5b1e9463914/
http://autobuild.buildroot.net/results/104/10438190453bd7ef7cc157929e74a9ffce9f7fdf/
http://autobuild.buildroot.net/results/91f/91fa80348db0c248649fe003df2dfa854f37a5a2/
http://autobuild.buildroot.net/results/4d7/4d7e722cf85a54d2813715e6b4ca1dd793e6d237/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/mjpg-streamer: fix typo in opencv3 dependencies

mjpg-streamer needs these OpenCV3 modules:
https://github.com/jacksonliam/mjpg-streamer/blob/master/mjpg-streamer-experimental/plugins/input_opencv/CMakeLists.txt#L4

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/luvi: add license hash

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Revert "package/luvi: bump version to 2.8.0"

This reverts commit ac6fedda6b43996545ff498cd19a781698a96050.

Quoting Jörg Krause:
http://lists.busybox.net/pipermail/buildroot/2018-August/228534.html

"The version bump as version 2.8.0 does only updates the projects
submodules, which we are not using at all. Instead, we always build
luvi with dependencies provided as packages in Buildroot."

[Peter: drop autobuilder reference, issue is in luv, not luvi]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

ccache: bump to version 3.5

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

perl-netaddr-ip: build the XS version

the generated subdirectory Makefiles are now fixed

now, the Pure Perl version is only useful when BR2_STATIC_LIBS

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

perl: fix the generated subdirectory Makefiles

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

scancpan: remove optional dependency

there are also runtime dependency

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

python-click: bump to version 7.0

Add license hash.
License change: LICENSE renamed to LICENSE.rst, and one parahraph
has moved down (no actual content was added/deleted/modified)

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

cargo-bin: bump version to 0.30.0

Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

rust: bump version to 1.29.2

Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

rust-bin: bump version to 1.29.2

Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

utils/get-developers: make it callable from elsewhere than the toplevel directory

get-developers tries to open DEVELOPERS in the current directory, so it
breaks when calling it from elsewhere than the toplevel Buildroot directory.

Traceback (most recent call last):
  File "../utils/get-developers", line 107, in <module>
    __main__()
  File "../utils/get-developers", line 26, in __main__
    devs = getdeveloperlib.parse_developers(os.path.dirname()
  File "/home/peko/source/buildroot/utils/getdeveloperlib.py", line 161, in parse_developers
    with open(os.path.join(basepath, "DEVELOPERS"), "r") as f:
IOError: [Errno 2] No such file or directory: '/home/peko/source/buildroot/output-foo/DEVELOPERS'

Fix it by instead figuring out where the DEVELOPERS file is relative to the
location of get-developers (E.G. one level up).

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Arnout:
  - add realpath to support a symlinked get-developers script;
  - pass devs_dir argument to check_developers() to support -c in subdir;
  - convert basepath to absolute path to support -f option.
]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/mesa3d: add explanation for the AUTORECONF = YES

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

gvfs: enable gphoto2

Enable gphoto2 if libgphoto2 and libgudev are available

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

gvfs: add optional gcr support

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

gvfs: enable cdda backend

Enable cdda if libcdio-paranoia and libgudev are available

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

gvfs: enable admin backend

Enable admin backend if libcap and polkit are available

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

gvfs: use explicit --enable-gudev option

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

gvfs: add optional libusb support

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libclc: new package

This patch provides libclc, an open source implementation of the
library requirements of the OpenCL C programming language, as
specified by the OpenCL 1.1 Specification. It is intended to be used
with Clover (Mesa3D's OpenCL implementation for AMD GPUs.

It needs to be compiled with host-clang, as it generates LLVM IR bitcode
files containing device builtin functions for each target.

Currently, libclc supports AMDGCN, R600 and NVPTX targets.

As OpenCL kernels can be built dynamically on the target using libclang and
libLLVM, it is necessary to have clc headers installed on the target. Buildroot
removes /usr/include in its target-finalize step, so clc headers are installed to
/usr/share/clc.

Signed-off-by: Valentin Korenblit <valentin.korenblit@smile.fr>
Signed-off-by: Valentin Korenblit <valentinkorenblit@gmail.com>
Reviewed-by: Romain Naour <romain.naour@smile.fr>
[Thomas:
- fix license information as noticed by Romain
- add comment to explain why --includedir=/usr/share is used]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/mesa3d: disable opencl

Preliminary patch to prevent Mesa from building OpenCL lib as
soon as libclc is available.

Signed-off-by: Valentin Korenblit <valentin.korenblit@smile.fr>
Signed-off-by: Valentin Korenblit <valentinkorenblit@gmail.com>
Acked-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

support/testing: test_hardening fix flake8 whitespace

Resolves:
support/testing/tests/core/test_hardening.py:25:42: E231 missing whitespace after ','

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

docs/website/sponsors: credit Smile for the LLVM/Clang internship

Update Smile url and logo.

Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

support/config-fragments/autobuild: test the ARM AArch64 toolchain

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

toolchain-external: add Arm AArch64-BE toolchain 8.2-2018.08

This is the same toolchain that was previously distributed by Linaro. [1]

Switch default toolchain as this toolchain supersed the Linaro AArch64-BE toolchain.
Only x86_64 host are supported, so keep Linaro toolchain for x86 host.

[1] https://developer.arm.com/open-source/gnu-toolchain/gnu-a/downloads

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

toolchain-external: add Arm AArch64 toolchain 8.2-2018.08

This is the same toolchain that was previously distributed by Linaro. [1]

Switch default toolchain as this toolchain supersed the Linaro AArch64 toolchain.
Only x86_64 host are supported, so keep Linaro toolchain for x86 host.

Tested with qemu_aarch64_virt_defconfig.

[1] https://developer.arm.com/open-source/gnu-toolchain/gnu-a/downloads

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

toolchain-external: add Arm ARM toolchain 8.2-2018.08

This is the same toolchain that was previously distributed by Linaro. [1]

Switch default toolchain as this toolchain supersed the Linaro ARM toolchain.
Only x86_64 host are supported, so keep Linaro toolchain for x86 host.

Tested with qemu_arm_vexpress_defconfig.

[1] https://developer.arm.com/open-source/gnu-toolchain/gnu-a/downloads

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

configs/cubieboard2: Update kernel to 4.18.14 and U-Boot to 2018.09

The board is well supported in upstream projects so let's update kernel
and U-Boot to the latest and greatest versions.

Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Erico Nunes <nunes.erico@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

spice: security bump to version 0.14.1

Fixes CVE-2018-10873: A vulnerability was discovered in SPICE before version
0.14.1 where the generated code used for demarshalling messages lacked
sufficient bounds checks.  A malicious client or server, after
authentication, could send specially crafted messages to its peer which
would result in a crash or, potentially, other impacts.

Drop patches as they are now upstream.

Add host-pkgconf as the configure script uses pkg-config.  Drop removed
--disable-automated-tests configure flag.

Add optional opus support, as that is now supported and needs to be
explicitly disabled to not use.  Explicitly disable optional gstreamer
support for now as the dependency tree is fairly complicated.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

spice-protocol: bump version to 0.12.14

Needed by spice 0.14.x

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

configs/wandboard: Update kernel to 4.18.14 and U-Boot to 2018.09

The board is well supported in upstream projects so let's update kernel
and U-Boot to the latest and greatest versions.

Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Fabio Estevam <festevam@gmail.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

fs/common: allow custom user table to override package-defined users

Currently, when a custom user table and a package define the same user,
the settings from the package takes precedence over the ones from the
custom user table.

However, it makes sense to allow the settings from the custom user table
take precedence. For example, it would allow redirecting the user's
home directory to an alternate location (e.g. away from tmp and into a
partition that is persistent).

The support/scripts/mkusers script will only retain settings from the
latest definition it finds.

Thus, by passing the custom user table after the package defined users,
it is possible to override the package provided user definitions.

Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

psmisc: bump to version 23.2

Drop patch #1; applied upstream.

Drop patch #2; not needed since we don't autoreconf, and the issue is
fixed upstream anyway.

Add license hash.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

psmisc: correct license

The license heading in source files includes the "or any later"
language.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

python-twisted: bummp to version 18.9.0

Remove patch since the new version supports Python 3.7
Change in LICENSE: addition of a developer to the list (hash updated).

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

python-autobahn: bump to version 18.10.1

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

python-requests: bump to version 2.20.0

LICENSE update: replaced http address with https.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

python-certifi: bump to version 2018.10.15

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

barebox: bump to version 2018.10.0

Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

mdadm: fix mdmon build without threads

Commit 45498bbc62d8df (mdadm: also install mdmon) enabled build of hte
mdmon utility. This utility requires USE_PTHREADS make variable
undefined to build when threads are not supported.

Fixes:
http://autobuild.buildroot.net/results/4bd/4bdd03b1d8f30ef32177727aae46d8cf54fbc35e/

Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

libarchive: security bump to version 3.3.3

Fixes CVE-2017-14501: An out-of-bounds read flaw exists in
parse_file_info in archive_read_support_format_iso9660.c in libarchive
3.3.2 when extracting a specially crafted iso9660 iso file, related to
archive_read_format_iso9660_read_header.

Drop upstream patches.

Use upstream provided tarball hash.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

support/config-fragments: add RISC-V 64-bit to autobuild configs

Add a minimal RISC-V 64-bit autobuild configuration for the
internal toolchain with glibc.

Signed-off-by: Mark Corbin <mark.corbin@embecosm.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/php: bump version to 7.2.11

Changelog: http://www.php.net/ChangeLog-7.php#7.2.11

Removed patch 0007, applied upstream.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/{mesa3d, mesa3d-headers}: bump version to 18.2.3

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/dtc: fix include guards for older kernel/u-boot

U-Boot has a copy of dtc in-tree. However, it has a bug in its build
system which could result in both one of the in-tree dtc include files
and the same host-installed include file to be #included.

Normally, that wouldn't be a problem, because (a) the two include files
are compatible, so it doesn't matter which one you include, and (b) the
include guards are the same in both, so only one of them really does
get included. However, upstream dtc has changed the include guards,
removing the leading underscore. Therefore, now the header file does
get included twice, which leads to multiple definitions like:

/builds/buildroot.org/buildroot/output/host/include/libfdt.h:1790:19: error: redefinition of 'fdt_appendprop_cell'
static inline int fdt_appendprop_cell(void *fdt, int nodeoffset,
                   ^~~~~~~~~~~~~~~~~~~
In file included from tools/fdt_host.h:11:0,
                 from tools/imagetool.h:24,
                 from tools/atmelimage.c:8:
tools/../include/libfdt.h:1656:19: note: previous definition of 'fdt_appendprop_cell' was here
static inline int fdt_appendprop_cell(void *fdt, int nodeoffset,
                   ^~~~~~~~~~~~~~~~~~~

To fix this, patch (host) dtc to accept the old include guard as well,
which restores the old behaviour. This patch is probably not
upstreamable, since it's really a hack to work around an issue in
U-Boot.  Note that it has been fixed upstream, but Buildroot supports
building older versions of U-Boot as well.

Note that the problem may still occur if you have libdtc-dev installed
on the host. However, now there is a simple workaround: enable
BR2_TARGET_UBOOT_NEEDS_DTC.

Note that a similar problem also occurs with the beaglebone fork of the
kernel. It's not clear if it has been fixed there.

Signed-off-by: Lothar Felten <lothar.felten@gmail.com>
[Arnout: rewrite commit message, rewrap patch commit message]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

support/testing/tests/core: SSP & hardening flags

Catch the commonly used options of SSP, Relro, and fortify.
Using the package targets of busybox and lighttpd. This
can easily be expanded to a larger list.

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

BR2_FORTIFY*: toolchain wrapper limitation note

A note is added to tie off the discussion on why moving _FORTIFY_SOURCE
related flags into the toolchain wrapper doesn't currently work.

- Currently -D_FORTIFY_SOURCE and optimizations are passed through
   CFLAGS

- Packages like linux-tools ignore CFLAGS entirely and some
   autotools toolchain testing cases dependent on not using
   CFLAGS.

- If FORTIFY_SOURCE is passed through the wrapper, then linux-tools
   will no longer be able to ignore it, because it's enforced at a
   lower-level and since the optimization -Os/g/1/2/3 are via CFLAGS,
   there is no optimization flag set.  Therefore linux-tools will do
   all its configuration tests with FORTIFY_SOURCE forcefully enabled
   at the wrapper level, but no optimization enabled, and consequently
   tests will fail.

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

toolchain/toolchain-wrapper: add BR2_SSP_* support

Migrate the stack protection flag management into the wrapper.

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

toolchain/toolchain-wrapper: add BR2_RELRO_

The RELRO/PIE flags are currently passed via CFLAGS/LDFLAGS and this patch
proposes moving them to the toolchain wrapper.

(1) The flags should _always_ be passed, without leaving the possibility
     for any package to ignore them. I.e, when BR2_RELRO_FULL=y is used
     in a build, all executables should be built PIE. Passing those
     options through the wrapper ensures they are used during the build
     of all packages.

(2) Some options are incompatible with -fPIE. For example, when
     building object files for a shared libraries, -fPIC is used, and
     -fPIE shouldn't be used in combination with -fPIE. Similarly, -r
     or -static are directly incompatible as they are different link
     time behaviors then the intent of PIE. Passing those options
     through the wrapper allows to add some "smart" logic to only pass
     -fPIE/-pie when relevant.

(3) Some toolchain, kernel and bootloader packages may want to
     explicitly disable PIE in a build where the rest of the userspace
     has intentionally enabled it. The wrapper provides an option
     to key on the -fno-pie/-no-pie and bypass the appending of RELRO
     flags.
     The current Kernel and U-boot source trees include this option.
     https://github.com/torvalds/linux/commit/8438ee76b004ef66d125ade64c91fc128047d244
     https://github.com/u-boot/u-boot/commit/6ace36e19a8cfdd16ce7c02625edf36864897bf5
     If using PIE with a older Kernel and/or U-boot version, a backport of these
     changes  might be required. However this patchset also uses the
     __KERNEL__ and __UBOOT__ defines as a way to disable PIE.

NOTE: The current implementation via CFLAGS/LDFLAGS has caused some
build time failures as the conditional logic doesn't yet exist in
Buildroot:

https://bugs.busybox.net/show_bug.cgi?id=11206
https://bugs.busybox.net/show_bug.cgi?id=11321

Good summary of the most common build failures related to
enabling pie: https://wiki.ubuntu.com/SecurityTeam/PIE

[Peter: minor cleanups]
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

netsnmp: improve linking avoiding useless -lz listing in shared build

In commit:
https://git.buildroot.net/buildroot/commit/?id=13722d58f77d0e9fea9eefc50bf083d19f835433
Patch "0003-configure-Invert-AC_CHECK_LIB-EVP_md5-.-without-lz-w.patch"
was intended to fix AC_CHECK_FUNCS() failure on openssl functions. This
was due to missing -lz during static linking.
But the patch is wrong and results in explicitly linking against -lz in
both shared and static build.
This makes no sense, since shared linking has transitive dependency so
it doesn't need to list -lz after -lssl, -lssl is enough.
Differently static linking needs -lz to be listed after -lssl.

So the real cause of previous build failure:
http://autobuild.buildroot.net/results/881/881139fb049738b16609d39ad5a49bd77ff6b4aa/
is that when AC_CHECK_FUNCS(), $LIBS variable is overwritten with
$LIBCRYPTO without taking into accout previous $LIBS content(i.e. where
-lz is present). This results in AC_CHEC_FUNCS() to fail while trying to
statically link without listing -lz.

Then:
- Remove current "0003-configure-Invert-AC_CHECK_LIB-EVP_md5-.-without-lz-w.patch"
- Add patch "0003-configure-fix-AC_CHECK_FUNCS-EVP_sha224-EVP_sha384-..patch"
  where add $LIBS content to tail of new $LIBS variable like this:
  LIBS="$LIBCRYPTO $LIBS"
  NOTE: $LIBS is at the end to ensure static linking to work correctly.
- Add patch 0004-configure-fix-AC_CHECK_FUNCS-TLS_method-TLSv1_method.patch
  where add $LIBS content to tail of new $LIBS variable like this:
  LIBS="-lssl $LIBCRYPTO $LIBS"
  NOTE: $LIBS is at the end to ensure static linking to work correctly.

This way AC_CHECK_FUNCS(), when static linking, try to link with -lz too
appending it at the end of linking library list.
And after every AC_CHECK_FUNCS(), previously saved $LIBS variable gets
back to its original value(i.e. containing -lz if present) resulting in
having or not -lz appended to library list according to static or
shared build.

Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/x11r7/xdriver_xf86-input-libinput: bump version to 0.28.1

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/x11r7/xlib_libSM: bump version to 1.2.3

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/x11r7/xlib_libX11: bump version to 1.6.7

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/x11r7/xserver_xorg-server: bump version to 1.20.2

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

vlc: fix build with libvorbis and tremor

Commit 550c42509c203891c47d934b058a19c2fa490973 "package/vlc: fix
linking with tremor" fixed build with BR2_PACKAGE_TREMOR and without
BR2_PACKAGE_LIBVORBIS. However, it breaks build if BR2_PACKAGE_TREMOR
and BR2_PACKAGE_LIBVORBIS are both enabled.
Indeed, by overiding VORBIS_LIBS by -lvorbisidec, link of
codec/.libs/libvorbis_plugin_la-vorbis.o with -lvorbis
failed because VORBIS_LIBS is normally used to save "-logg
-lvorbis -lvorbisenc":
PKG_ENABLE_MODULES_VLC([VORBIS], [], [ogg vorbis >= 1.1 vorbisenc >= 1.1], [Vorbis decoder and encoder], [auto])

So replace fourth patch by an upstreamable patch which uses pkg-config
to set TREMOR_LIBS if tremor is found instead of "hacking" VORBIS_LIBS

Fixes:
- http://autobuild.buildroot.org/results/85a7bb1996b78dee037d5900b124cbdf5b66a6ac

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

python-urllib3: bump to version 1.24

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

python-markdown2: bump to version 2.3.6

Also add license hash.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

python-crossbar: drop Python 2 support

Upstream is now Python 3 only.

Quoting the maintainer [1]: "the last version of crossbar with python 2
support: pip install crossbar==18.4.1".

[1] https://github.com/crossbario/crossbar/issues/1332

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Asaf Kahlon <asafka7@gmail.com>
Cc: Mauro Condarelli <mc5686@mclink.it>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

qt5location: copy PositioningQuick.so* for QtQuick

The Location module for QtQuick depends on this library, which was not
being copied in the build rule.

Signed-off-by: Alexander 'z33ky' Hirsch <1zeeky@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libdrm: bump version to 2.4.96

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

python-py: add dependency on host-python-setuptools-scm

Fixes:
http://autobuild.buildroot.net/results/cde7ea2fc256ff9f1f6b8d887b26543b998d7186

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

{linux, linux-headers}: fix linux-4.9.133.tar.xz checksum

The Linux tarball checksum was recently updated, including the one for
version 4.9.133. The checksum for this particular version of Linux
misses one character which lead to a build issue as the checksum does
not match:

ERROR: linux-4.9.133.tar.xz has wrong sha256 hash:
ERROR: expected: 3730fc025ba330a6f4908a6a1e4cb86d821000c84167721680ccf1b37b26563
ERROR: got : 53730fc025ba330a6f4908a6a1e4cb86d821000c84167721680ccf1b37b26563
ERROR: Incomplete download, or man-in-the-middle (MITM) attack

This patch fixes it.

Fixes: 0064c7b25125 ("{linux, linux-headers}: bump 4.{4, 9, 14, 18}.x series")
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Tested-by: Ricardo Martincoski <ricardo.martincoski@datacom.com.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

docs/website: add TkOS to the sponsors

Tk Open Systems has sponsored the Buildroot Association to organize
the Buildroot Developers Meeting.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

ntp: fix build without libcap and no threads

When threads support is missing the ntp build system builds the
work_fork code. This code added call to set_user_group_ids() that is
under HAVE_DROPROOT, which is disabled when libcap is not built.

Add a patch fixing that.

Fixes:
http://autobuild.buildroot.net/results/ab9/ab9ceff1151b8b5e6b9fa77d39c0f9b0cac1a080/

Cc: Artyom Panfilov <apanfilov@spectracom.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

python-posix-ipc: bump to version 1.0.4

Also add license hash.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

python-markdown: bump to version 3.0.1

Also add license hash.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

python-babel: bump to version 2.6.0

Also add license hash.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

{linux, linux-headers}: bump 4.{4, 9, 14, 18}.x series

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

squid: requires C++11 toolchain

The squid changelog for version 4.0.1 mentions that "C++11 compiler
support is now mandatory". The code uses the std::map::emplace method
that gcc before 4.8 does not support.

Also fixes:
http://autobuild.buildroot.net/results/370/37093f8d3395850b2db5ed645f60d1c2df92768d/
http://autobuild.buildroot.net/results/921/92117726e7b4ede08dcc0e4fd1a85171fd17aeb8/
http://autobuild.buildroot.net/results/e67/e679ef90219c5e8f9c94ddcd7d3f9582f79ef751/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

libssh: security bump to version 0.8.4

Fixes CVE-2018-10933: authentication bypass vulnerability in the server
code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in
place of the SSH2_MSG_USERAUTH_REQUEST message which the server would
expect to initiate authentication, the attacker could successfully
authenticate without any credentials.

https://www.libssh.org/security/advisories/CVE-2018-10933.txt

Drop an upstream patch.

Cc: Scott Fan <fancp2007@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/glibc: provide an upstream site link

The Config.in for glibc is a blind option and not part of the menu for
a user to select (the pkg is used for the Buildroot toolchain build),
however this patch adds the link for completeness of the pkg-stats
report and for future scripting which will generate xml updates of the
package's Common Product Enumeration (used for vunerability checking).

Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

python-py: new package

library with cross-python path, ini-parsing, io, code, log
facilities.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/nodejs: use per-build cache directories

When two Buildroot builds run in parallel, and they both happen to call
npm at roughly the same time, the two npm instances may conflict when
accessing the npm cache, which is by default ~/.npm

Although npm is supposed to lock access to the cache, it seems it does
sometimes fail to do so properly, bailling out in error, when it would
never ever crash at all when not running in parallel. We suspect that
the sequence leading to such failures are something like:

    npm-1                           npm-2
      lock(retry=few, sleep=short)    .
      does-stuff()                    .
      .                               lock(retry=few, sleep=short)
      .                               # can't lock local cache
      .                               download-module()
      .                                 # can't download
      .                                 exit(1)
      unlock()

As per the docs [0], few = 10, short = 10. So if the first npm (npm-1)
takes more than 100s (which can happen behind slow links and/or big
modules that contain native code that is compiled), then the second npm
(npm-2) will bail out (the download would fail if there is no network
access, for example, and only local modules are used).

Point npm to use a per-build cache directory, so they no longer compete
across builds.

That would still need some care when we do top-level parallel builds,
though.

Note also that the conflicts are not totally eliminated: two or more npm
instances may still compete for some other resource that has not yet
been identified.

But, at least, the conflict window has been drastically shortened now,
to the point where it now seldom occurs.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

rpi-wifi-firmware: bump version to 8c1e2bff1d

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

rpi-bt-firmware: bump version to 8c1e2bff1d

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

rpi-userland: bump version to 8f0abfb07b

- rebased 0003-Disable-Werror-everywhere.patch

- deleted 0006-host-apps-dtoverlay-don-t-install-script-in-random-l.patch
(upstream applied [1])

[1] https://github.com/raspberrypi/userland/commit/2fe51001dbd421ac35a55af443ac080b50128266

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>