package/erlang-*: add hash for license files

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libnss: bump to version 3.49

Drop 2 upstreamed patches while bumping version.

Release notes:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.49_release_notes

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/moarvm: bump to version 2020.01

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

configs/olimex_a20_olinuxino_lime*: bump kernel version

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

configs/olimex_imx233_olinuxino: bump kernel version

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

configs/mx6cubox: bump kernel version

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

configs/imx6ulevk: Bump the kernel version

Bump the kernel version to 5.4.8.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libselinux: fix python module install patch

Since commit 2768a0eb4 (package/libselinux: add dependency on
host-coreutils for ln --relative), we dropped a previous patch
which touched the same line, so the python module install patch
no longer applies.

Rather than drop use of ln --relative, which we now have (and
which was all that fuss was for), just drop the use of the PYCEXT
use altogether.

Fixes:
  - http://autobuild.buildroot.org/results/c8f/c8fe5b47e422bac13b4d5fa10bd1ee5218021585/ (host)
  - http://autobuild.buildroot.org/results/402/4026a34c6c096354ba99e8c202210428fa2795d2/ (target)

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Cc: Marcus Folkesson <marcus.folkesson@gmail.com>
reviewed-by: Adam Duskett <aduskett@gmail.com>

package/angularjs: bump version to 1.7.9

Signed-off-by: Ignacy Gawędzki <ignacy.gawedzki@green-communications.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/mksh: update to version 57

Signed-off-by: Pascal de Bruijn <p.debruijn@unilogic.nl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/docker-engine: fix hash of license file

Commit 0161899ae56d2c886df890ae352665bb07c88869 forgot to update hash of
license file (update in year):
https://github.com/docker/engine/commit/68906e6dcdd115be8b12913a7d1c4d9c4db6c495

Fixes:
 - http://autobuild.buildroot.org/results/3d1ccae5f3e4eeed9a3bf2eb29fd194b868bc0a7

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/bullet: bump to version 2.89

https://github.com/bulletphysics/bullet3/releases/tag/2.89

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/clang: bump to version 9.0.1

Go back to the github url download again.

Cc: Joseph Kogut <joseph.kogut@gmail.com>
Cc: Valentin Korenblit <valentinkorenblit@gmail.com>
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/llvm: bump to version 9.0.1

Go back to the github url download again.

See:
http://lists.llvm.org/pipermail/llvm-announce/2019-December/000086.html

Cc: Joseph Kogut <joseph.kogut@gmail.com>
Cc: Valentin Korenblit <valentinkorenblit@gmail.com>
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python-colorlog: bump to version 4.1.0

Signed-off-by: Joris Offouga <offougajoris@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libubootenv: bump to version cc628ee

This includes the following changes:

cc628ee libuboot: wrap libuboot in extern "C" for C++
bf6ff63 Prepare 0.2
3393485 Fix compiler warning
8f7c00a uboot_env: fix the resarch of ubi volume

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libarchive: security bump to version 3.4.1

Fixes the following security vulnerabilities:

- CVE-2019-19221: In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c
 has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example,
 bsdtar crashes via a crafted archive.

And adds various security fixes.  For details, see :

https://github.com/libarchive/libarchive/releases/tag/v3.4.1

Also remove upstreamed patch.

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

DEVELOPERS: Fix warning with get-developers

erlang-p1-iconv does not exist as a package in buildroot and cause warning
with get-developers :

./utils/get-developers -p erlang-p1-iconv
WARNING: 'package/erlang-p1-iconv/' doesn't match any file

Signed-off-by: Joris Offouga <offougajoris@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

toolchain/toolchain-wrapper: handle __{BASE_,}FILE__ macro for reproducibility

Many tools use __FILE__ or __BASE_FILE__ for debugging and both
capture the build path. This results in non-reproducible images when
building in different directories.

If the config uses GCC 8 or above, we use -ffile-prefix-map=old=new
and let gcc take care of the path remapping in __FILE__. Since GCC
versions before v8 did not have this feature, we use an empty string
in that case, and disable the builtin-macro-redefined warning which
would otherwise trigger and cause build issues with -Werror.

Signed-off-by: Atharva Lele <itsatharva@gmail.com>
[Thomas:
 - as suggested by Arnout, use the empty string for the __FILE__ and
   __BASE_FILE__ value
 - as suggested by Romain, also handle __BASE_FILE__ in addition to
   __FILE__
 - pass -Wno-builtin-macro-redefined to avoid build errors when
   -Werror is passed]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/mender-grubenv: fix installation with genimage.sh script

mender-grubenv currently has 3 problems that prevent an x86_64-efi image from
successfully being made with the genimage.sh script.

- mender-grubenv does not currently depend on Grub2.
  While Grub2 is not needed to build the mender-grubenv package, Grub2 needs
  to be built first for mender-grubenv to overwrite the default Grub2 files
  reliably.

- The MENDER_GRUBENV_ENV_DIR variable points to /boot/efi/EFI/BOOT instead of
  /boot/EFI/BOOT, which is where the Grub2 package installs the default files.
  This variable now points to the correct location.

- The Grub2 package installs images to $(BINARIES_DIR)/efi-part, which the
  mender-grubenv package currently does not do. As such; the default Grub2
  configuration file is used instead of the one provided by mender-grubenv.
  Adding a MENDER_GRUBENV_INSTALL_IMAGES_CMDS define in mender-grubenv.mk which
  copies the installed files from $(TARGET_DIR)/boot/EFI to
  $(BINARIES_DIR)/efi-part fixes this issue.

Signed-off-by: Adam Duskett <aduskett@greenlots.com>
[Thomas:
 - drop "runtime" on the depends on BR2_TARGET_GRUB2 since we now have
   a build-time dependency on it
 - explicitly copy the files installed by mender-grubenv in
   MENDER_GRUBENV_INSTALL_IMAGES_CMDS instead of blindly copying
   everything that is in $(TARGET_DIR)/boot/EFI]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/lua-codegen: new package

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Reviewed-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libsepol: add dependency on host-coreutils for ln --relative

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Cc: Marcus Folkesson <marcus.folkesson@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libselinux: add dependency on host-coreutils for ln --relative

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Cc: Marcus Folkesson <marcus.folkesson@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/systemd: add dependency on host-coreutils

This is needed as systemd has gained a dependency on realpath(1) which
was introduced in coreutils too recently for our supported distro to
have it (Ubuntu 14.04 does not have it from coreutils, although there is
a dedicated package for it).

This also means that we now have a ln that understands --relative, so we
can drop our workaround, that upstream said they would never accept
anyway [0].

[0] https://github.com/systemd/systemd/pull/5682

Fixes:
    http://autobuild.buildroot.org/results/a9a/a9a285e482285d062892bab0d1a2e2f89928c92d/
    http://autobuild.buildroot.org/results/6f5/6f5b1065859d866af6fa719f611c3ea7f4b88760/
    ...

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

core/dependencies: check if we need to build our own host-coreutils

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/coreutils: introduce a host variant

More and more packages are now depending on ln --relative, some require
realpath, both of which only got introduced in "recent" versions of
coreutils; older distros had a separate realpath, though, but that is
not in the list of our required dependencies, and was not installed by
default.

So, we introduce a minimal host variant of coreutils to provide those
programs.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/erlang-p1-iconv: remove package

This package was a dependency to ejabberd-18.09. It is not anymore
use by any package nor maintain upstream, so remove it.

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/ejabberd: bump to version 19.09.1

There are two remainning patches to:

- change the Makefile rules so dependencies are not downloaded/compiled;
- fix ejabberd user in ejabberdctl script.

The erlang-p1-iconv package is not anymore a dependency for ejabberd.

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/erlang-p1-acme: new package

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/erlang-p1-yconf: new package

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/erlang-p1-pkix: new package

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/erlang-p1-mqtree: new package

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/erlang-idna: new package

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/erlang-jose: new package

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/erlang-base64url: new package

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/erlang-p1-yaml: bump to version 1.0.21

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/erlang-p1-xmpp: bump to version 1.4.2

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/erlang-p1-zlib: bump to version 1.0.6

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/erlang-p1-xml: bump to version 1.1.37

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/erlang-p1-stun: bump to version 1.0.29

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/erlang-p1-tls: bump to version 1.1.2

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/erlang-p1-stringprep: bump to version 1.0.17

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/erlang-p1-sip: bump to version 1.0.30

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/erlang-p1-oauth2: bump to version 0.6.5

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/erlang-p1-cache-tab: bump to version 1.0.20

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/erlang-eimp: bump to version 1.0.12

While at it, add the hash file which was missing.

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/erlang-lager: bump to version 3.6.10

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/erlang-p1-utils: bump to version 1.0.16

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

configs/raspberrypi0w_defconfig: fix post script args

Commit ada40afb324 updated the raspberrypi*defconfigs to use
 -add-miniuart-bt-overlay instead of -add-pi3-miniuart-bt-overlay.
Update raspberrypi0w_defconfig also.

Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/pcsc-lite: bump to version 1.8.26

Remove patch (already in version) and so drop autoreconf

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/ncmpc: bump to version 0.36

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/bubblewrap: bump to version 0.4.0

musl is supported since
https://github.com/containers/bubblewrap/commit/300da62ab6d14aaeeed20172a03090932bb23119

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libsigrokdecode: bump to v0.5.3

Remove the patch that's now upstream.

Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
[Peter: drop _AUTORECONF]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libsigrok: bump to v0.5.2

Remove the patch that's now upstream.

Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/doxygen: bump to v1.8.17

Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

{linux, linux-headers}: bump 4.19.x / 5.4.x series

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/docker-cli: security bump to 19.03.5

Fixes the following security vulnerabilities:

- CVE-2019-14271: In Docker 19.03.x before 19.03.1 linked against the GNU C
  Library (aka glibc), code injection can occur when the nsswitch facility
  dynamically loads a library inside a chroot that contains the contents of
  the container

Signed-off-by: Christian Stewart <christian@paral.in>
[Peter: mention security impact]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/docker-engine: security bump to 19.03.5

Fixes the following security vulnerabilities:

- CVE-2019-14271: In Docker 19.03.x before 19.03.1 linked against the GNU C
  Library (aka glibc), code injection can occur when the nsswitch facility
  dynamically loads a library inside a chroot that contains the contents of
  the container

Signed-off-by: Christian Stewart <christian@paral.in>
[Peter: mention security impact]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/docker-containerd: security bump to 1.2.11

Fixes the following security vulnerabilities:

containerd 1.2.9/gRPC:

- CVE-2019-9512: Some HTTP/2 implementations are vulnerable to ping floods,
  potentially leading to a denial of service.  The attacker sends continual
  pings to an HTTP/2 peer, causing the peer to build an internal queue of
  responses.  Depending on how efficiently this data is queued, this can
  consume excess CPU, memory, or both

- CVE-2019-9514: Some HTTP/2 implementations are vulnerable to a reset
  flood, potentially leading to a denial of service.  The attacker opens a
  number of streams and sends an invalid request over each stream that
  should solicit a stream of RST_STREAM frames from the peer.  Depending on
  how the peer queues the RST_STREAM frames, this can consume excess memory,
  CPU, or both

- CVE-2019-9515: Some HTTP/2 implementations are vulnerable to a settings
  flood, potentially leading to a denial of service.  The attacker sends a
  stream of SETTINGS frames to the peer.  Since the RFC requires that the
  peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS
  frame is almost equivalent in behavior to a ping.  Depending on how
  efficiently this data is queued, this can consume excess CPU, memory, or
  both

containerd 1.2.10/runc:

- CVE-2019-16884: runc through 1.0.0-rc8, as used in Docker through
  19.03.2-ce and other products, allows AppArmor restriction bypass because
  libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a
  malicious Docker image can mount over a /proc director

Signed-off-by: Christian Stewart <christian@paral.in>
[Peter: mention security impact]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/runc: security bump to 1.0.0-rc9

Fixes the following security vulnerability:

- CVE-2019-16884: runc through 1.0.0-rc8, as used in Docker through
  19.03.2-ce and other products, allows AppArmor restriction bypass because
  libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a
  malicious Docker image can mount over a /proc directory.

Signed-off-by: Christian Stewart <christian@paral.in>
[Peter: mention security impact]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/nano: bump version to 4.7

Release notes:
4.6: https://lists.gnu.org/archive/html/info-gnu/2019-11/msg00011.html
4.7: https://lists.gnu.org/archive/html/info-gnu/2019-12/msg00005.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libmicrohttpd: bump version to 0.9.69

Release notes:
https://lists.gnu.org/archive/html/info-gnu/2019-12/msg00003.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/jsoncpp: bump version to 1.9.2

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/tvheadend: bump version

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libva-utils: bump version to 2.6.0

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libva-intel-driver: bump version to 2.4.0

Removed patch applied upstream.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libva: bump version to 2.6.0

Added bugfix patch to fix known issue suggested by upstream:
https://github.com/intel/libva/releases/tag/2.6.0

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/x11r7/xdriver_xf86-video-intel: bump version

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/{mesa3d, mesa3d-headers}: bump version to 19.3.1

Removed patch 0004, applied upstream.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

{linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.4.x series

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/linux-headers: drop support for 5.3.x headers

The 5.3.x series is now EOL so remove the option and add legacy
handling for it.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/tor: bump version to 0.4.2.5

Release notes:
https://blog.torproject.org/new-release-0425-also-0417-0406-and-0359

Updated license hash due to upstream commit:
https://gitweb.torproject.org/tor.git/commit/LICENSE?h=maint-0.4.2&id=272265efbd89c4c2589316a20cf27064def21911

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/sqlite: bump version to 3.30.1

Release notes: https://sqlite.org/releaselog/3_30_1.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/x11r7/xdriver_xf86-video-sis: bump version to 0.12.0

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/x11r7/xlib_libXpm: bump version to 3.5.13

Removed patch applied upstream:
https://cgit.freedesktop.org/xorg/lib/libXpm/commit/?id=7af7c5e275b69daedee3696bee1e880586f30373

Removed autoreconf.

Added all hashes provided by upstream.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/x265: bump version to 3.2.1

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/stellarium: bump version to 0.19.3

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libvpx: bump version to 1.8.2

Changelog:
https://github.com/webmproject/libvpx/blob/master/CHANGELOG

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/cpio: security bump to version 2.13

Removed patch fixing CVE-2016-2037 which was applied upstream.

This release fixes CVE-2015-1197, CVE-2016-2037, CVE-2019-14866.

Switched to .bz2 tarball.
Added hashes provided by upstream and license hash.

Release notes:
https://lists.gnu.org/archive/html/info-gnu/2019-11/msg00002.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/gnupg2: bump version to 2.2.19

Release notes:
- 2.2.18
  https://lists.gnupg.org/pipermail/gnupg-announce/2019q4/000442.html
- 2.2.19
  https://lists.gnupg.org/pipermail/gnupg-announce/2019q4/000443.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/wavemon: bump to version 0.9.1

Drop patch (already in version)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/spi-tools: bump to version 0.8.4

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/mosquitto: drop patch

Drop patch (refused by upstream) and use CLIENT_STATIC_LDADD that has
been added in version 1.6.8 with
https://github.com/eclipse/mosquitto/commit/6bde2097992f7d672e4c2c36168bfb5c73579bc3

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

toolchain/toolchain-external: update Arm AArch64 toolchain 9.2-2019.12

Update to gcc 9.2.1, gdb 8.3.0, binutils 2.33.1.

See "Release Note":
https://developer.arm.com/open-source/gnu-toolchain/gnu-a/downloads#

Tested with qemu_aarch64_virt_defconfig.

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

toolchain/toolchain-external: update Arm ARM toolchain 9.2-2019.12

Update to gcc 9.2.1, gdb 8.3.0, binutils 2.33.1.

See "Release Note":
https://developer.arm.com/open-source/gnu-toolchain/gnu-a/downloads#

Tested with qemu_arm_vexpress_defconfig.

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/freeswitch: bump version to 1.10.2

Rebased patch 0001.

Release notes:
https://github.com/signalwire/freeswitch/releases/tag/v1.10.2

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/ffmpeg: bump version to 4.2.2

Changelog:
http://git.videolan.org/?p=ffmpeg.git;a=blob;f=Changelog;h=9c992b5c3e3995a0e8f3316b3087205196dc6403;hb=refs/heads/release/4.2

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/samba4: security bump version to 4.11.4

Version 4.11.3 fixes

CVE-2019-14861: Samba AD DC zone-named record Denial of Service in DNS
                management server (dnsserver).
CVE-2019-14870: DelegationNotAllowed not being enforced in protocol
                transition on Samba AD DC.

Changelog:
https://www.samba.org/samba/history/samba-4.11.3.html
https://www.samba.org/samba/history/samba-4.11.4.html

Removed patches applied upstream, rebased patch 0002.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/exim: bump version to 4.93.0.3

Removed 0004-Fix-uClibc-build.patch, committed upstream
https://git.exim.org/exim.git/commitdiff/ec5bf0b83235d01ad0b2865d1819a603441f50f2

Renumbered remaining patches.

Added hashes provided by upstream.

Explicitly disabled DANE after upstream enabled it:
https://git.exim.org/exim.git/commitdiff/59c0959a36649c4554bd0f18f2c2e74571ed41eb#patch3

Use new TLS options:
https://git.exim.org/exim.git/commitdiff/01603eec64d42431f182b33008206facfc7f800e#patch1

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/dovecot-pigeonhole: bump version to 0.5.9

Release notes:
https://dovecot.org/pipermail/dovecot-news/2019-December/000424.html
https://dovecot.org/pipermail/dovecot-news/2019-October/000420.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/dovecot: bump version to 2.3.9.2

Release notes:
https://dovecot.org/pipermail/dovecot-news/2019-October/000419.html
https://dovecot.org/pipermail/dovecot-news/2019-December/000423.html
https://dovecot.org/pipermail/dovecot-news/2019-December/000425.html
https://dovecot.org/pipermail/dovecot-news/2019-December/000427.html

Please note that according to
https://security-tracker.debian.org/tracker/CVE-2019-19722
CVE-2019-19722 fixes a bug introduced in 2.3.9 so backporting this patch
to older buildroot branches is not necessary.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/linux-tools: add hyperv integration services

The hyperv integration services offer convenience features for guest
operating systems running on the microsoft hyperv virtualization
platform. They roughly are for HyperV what openvmtools are for VMWare.

The installed binary names are derived from what seems common in large
distros like RedHat:

  linux kernel source name -> installed binary name
             hv_vss_daemon -> hypervvssd
             hv_kvp_daemon -> hypervkvpd
           hv_fcopy_daemon -> hypervfcopyd

Each tool was introduced at different points in the kernel history, so
we need to check each of them.

We provide a single init script that is responsible for starting all
enabled programs. The global status will be the status of the last
program to fail to start, or empty (i.e. success) if they all started
successfuly.

However, we provide one systemd unit per program, because it is not easy
to use a single unit to start (and monitor) more than one executable.
Additionally, we do not provide a template that is filled at tinstall
time either, because it does not gain much (three simple units vs. a
template and some replacement code in the .mk).

Finally, the key-value daemon uses a few helper scripts to get/set the
network config. All are optional (their presence is checked before
running them), but one, hv_set_ifconfig. However, it is not strictly
speaking required either, so we just symlink it to /bin/true to avoid
any warning at runtime. Providing actual helpers is left to the end
user, to adapt to their own environment.

Signed-off-by: Pascal de Bruijn <p.debruijn@unilogic.nl>
[yann.morin.1998@free.fr:
  - aggregate all three tools in a single sub-package
  - introduce the main HV option, use a sub-option for each tool
  - aggregate the three init scripts into one
  - don't install the helpers; symlink the mandatory one
  - don't create symlinks for systemd units (systemctl preset-all does
    it for us now)
  - expand commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/linux-tools: add support for installing init system files

Some linux tools (e.g. the Microsoft HyperV convenience utilities) will
install programs tostart at boot time, so they need to be able to
install init files (systemd units, sysv init script, or openrc units).

Unlike the other commands, we are redefining the real _INSTALL_INIT_*
macros, rather than use hooks, to let the infra call those at the right
moment.

We must be careful about the openrc support, though: if two tools are
enabled, one which provides sysv scripts but no openrc config, and the
other which provides openrc config, and we are using openrc as init
system, then we want to use the sysv scripts from the former as well as
the openrc config of the latter. Thus we need to duplicate a bit the
openrc logic here.

Signed-off-by: Pascal de Bruijn <p.debruijn@unilogic.nl>
[yann.morin.1998@free.fr:
  - define macros, not hooks
  - introduce support for openrc too
  - expand commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

support/testing: really fix python-gitdb2 test

The test-case for python-gitdb2 consists solely in verifying that the
module can indeed be imported.

However, flake8 errors out on unused imports. Furthermore, it also
errors about wildcard imports, as it can detect unused symbols.

Commit d8c86be9cd7 (support/testing: fix python-gitdb2 test) tried to
address this issue, by explicitly squelching the two errors, F401 and
F403.

While that works on recent distros, the image used by our docker
pipeline is laggign behind and the flake8 there only handles at most a
single error in the noqa list.

Do as is done with the other python samples, and just blindly ignore
all errors.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/libmbim: bump to version 1.20.4

Small update with several memory leaks fixed.

Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

.gitlab-ci.yml: add missing python-avro test

Commit 9fa2add810c (support/testing: add test for python-avro) added a
test for python-avro but failed to update .gitlab-ci.yml. Do that now.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/mmc-utils: fix build with SSP

Set AM_CFLAGS to an empty value to avoid the following redefinition
error when building with our custom _FORTIFY_SOURCE:

/accts/mlweber1/rc-buildroot-test/scripts/instance-1/output/host/bin/mips-linux-gnu-gcc -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Wall -Werror -Wuninitialized -Wundef -D_FILE_OFFSET_BITS=64 -D_FORTIFY_SOURCE=2 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64  -Os  -D_FORTIFY_SOURCE=1 -Wp,-MMD,3rdparty/hmac_sha/.hmac_sha2.o.d,-MT,3rdparty/hmac_sha/hmac_sha2.o -c 3rdparty/hmac_sha/hmac_sha2.c -o 3rdparty/hmac_sha/hmac_sha2.o
<command-line>:0:0: error: "_FORTIFY_SOURCE" redefined [-Werror]

Fixes:
 - http://autobuild.buildroot.org/results/cfef9315441b5f4909b58a6dccd8bea8e67ae992

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

docs/manual: fix typo

Reported-by: Dan Walkes <danwalkes@trellis-logic.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/openvpn: enable pam plugin support

If the linux-pam package is selected, add the package to the
dependency list and explicitly set --enable-plugin-auth-pam.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/samba4: AD DC needs python3

python3 is mandatory since version 4.11 and
https://gitlab.com/samba-team/samba/commit/63d20d7822ead1626f7cb41fdbae6c9300893314

As a result, AD DC needs python3

Fixes:
 - http://autobuild.buildroot.org/results/7af629b8acc92c81e006b1b87ae9a6fd461cf96d

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>