git.libre-soc.org Git - buildroot.git/log

libcurl: security bump to version 7.61.1

Fixes CVE-2018-14618: NTLM password overflow via integer overflow

For more details, see the advisory:
https://curl.haxx.se/docs/CVE-2018-14618.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

DEVELOPERS: Fix file order list maintained by me

Files list maintained by me in DEVELOPERS file is not
in proper order, fix it with ascending order.

Signed-off-by: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

qt5virtualkeyboard: add hashes of 3rd-party licenses

Add missing license hashes for those three third-parties:

- src/virtualkeyboard/3rdparty/openwnn/NOTICE
- src/virtualkeyboard/3rdparty/pinyin/NOTICE
- src/virtualkeyboard/3rdparty/tcime/COPYING

Fixes:

>>> qt5virtualkeyboard 5.11.1 Collecting legal info
LICENSE.GPL3: OK (sha256: 8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903)
ERROR: No hash found for src/virtualkeyboard/3rdparty/openwnn/NOTICE
ERROR: No hash found for src/virtualkeyboard/3rdparty/pinyin/NOTICE
ERROR: No hash found for src/virtualkeyboard/3rdparty/tcime/COPYING
src/virtualkeyboard/3rdparty/lipi-toolkit/MIT_LICENSE.txt: OK (sha256: 7a45a9769d19545480a241230e6ea520b5156fac00930dcd69b6886749743d10)

In order to make this possible, we use a different hash file for the
old version (2.0, used with Qt 5.6) and new (5.11, used with Qt 5.11)
versions of qt5virtualkeyboard.

Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

lcms2: add upstream security fix for CVE-2018-16435

Little CMS (aka Little Color Management System) 2.9 has an integer overflow
in the AllocateDataSet function in cmscgats.c, leading to a heap-based
buffer overflow in the SetData function via a crafted file in the second
argument to cmsIT8LoadFromFile.

For more details, see:
https://github.com/mm2/Little-CMS/issues/171
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16435

The upstream fix unfortunately includes a number of unrelated changes, but
thse files are not used when building for Linux.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

qt5virtualkeyboard: fix legal-info with 5.6

qt5virtualkeyboard 2.0 (shipped with Qt 5.6) doesn't contain any
"main" license files with the GPLv3 license text.

Conditionally remove LICENSE.GPL3 from QT5VIRTUALKEYBOARD_LICENSE_FILES
when Qt major version is set to 5.6.

Fixes:

>>> qt5virtualkeyboard 2.0 Collecting legal info
sha256sum: /home/gportay/src/buildroot/output/build/qt5virtualkeyboard-2.0/LICENSE.GPL3: No such file or directory
ERROR: LICENSE.GPL3 has wrong sha256 hash:
ERROR: expected: 8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903
ERROR: got :
ERROR: Incomplete download, or man-in-the-middle (MITM) attack

Also, the lipi-toolkit has a different filename between both supported
Qt major version (5.6 and latest).

Conditionally set the license in QT5VIRTUALKEYBOARD_LICENSE_FILES for
lipi-toolkit according to the Qt major version used.

Fixes:
>>> qt5virtualkeyboard 2.0 Collecting legal info
ERROR: No hash found for src/virtualkeyboard/3rdparty/openwnn/NOTICE
ERROR: No hash found for src/virtualkeyboard/3rdparty/pinyin/NOTICE
ERROR: No hash found for src/virtualkeyboard/3rdparty/tcime/COPYING
sha256sum: /home/gportay/src/buildroot/output/build/qt5virtualkeyboard-2.0/src/virtualkeyboard/3rdparty/lipi-toolkit/MIT_LICENSE.txt: No such file or directory
ERROR: src/virtualkeyboard/3rdparty/lipi-toolkit/MIT_LICENSE.txt has wrong sha256 hash:
ERROR: expected: 7a45a9769d19545480a241230e6ea520b5156fac00930dcd69b6886749743d10
ERROR: got :
ERROR: Incomplete download, or man-in-the-middle (MITM) attack

Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com>
[Thomas: add hash for lipi-toolkit license file, tweak commit log.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

qt5virtualkeyboard: fix patch applied to 2.0 version

The patch 0001-remove-weird-install-path-for-example.patch using
patch: does not apply properly and needs to be fixed.

The patch was backported from 5.7 [1] with path adaptation in commit
(cb97d9473b qt5virtualkeyboard: allow to build with qt5.6), but the
submitted patch did not reflect that said adaptation.

Apply the said patch adaptation (i.e. add missing basic subdirectory) to
apply properly the patch.

Fixes:

   >>> qt5virtualkeyboard 2.0 Patching

   Applying 0001-remove-weird-install-path-for-example.patch using patch:
   patching file examples/virtualkeyboard/basic/basic.pro
   Hunk #1 FAILED at 7.
   1 out of 1 hunk FAILED -- saving rejects to file examples/virtualkeyboard/basic/basic.pro.rej
   make: ***[/home/test/autobuild/run/instance-2/output/build/qt5virtualkeyboard-2.0/.stamp_patched] Error 1

[1]: https://github.com/qt/qtvirtualkeyboard/commit/aef55eb7b3470ba6dee4abc67acda1d308c90e97

Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

boot/uboot: Set MAKE_ENV for kconfig build system

U-Boot fails to build in a GitLab CI context because the kconfig-package
build stage is unable to find bison or flex even though they are
installed in HOST_DIR.

To fix this, set UBOOT_MAKE_ENV so that UBOOT_KCONFIG_MAKE uses the
correct PATH.

Signed-off-by: Thomas Preston <thomas.preston@codethink.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

moarvm: fix build on powerpc64 / powerpc64le

Build fails with:
In file included from dyncall_callback.c:35:0:
dyncall_callback_ppc64.c: In function 'dcbNewCallback':
dyncall_callback_ppc64.c:42:13: warning: implicit declaration of function 'dcAllocWX' [-Wimplicit-function-declaration]
   int err = dcAllocWX(sizeof(DCCallback), (void**) &pcb);
             ^~~~~~~~~
dyncall_callback_ppc64.c: In function 'dcbFreeCallback':
dyncall_callback_ppc64.c:53:3: warning: implicit declaration of function 'dcFreeWX' [-Wimplicit-function-declaration]
   dcFreeWX(pcb, sizeof(DCCallback));
   ^~~~~~~~
dyncall_callback_ppc64.S: Assembler messages:
dyncall_callback_ppc64.S:180: Error: operand out of range (3 is not between 0 and 1)

So select BR2_PACKAGE_LIBFFI for BR2_powerpc64 and BR2_powerpc64le as it
is already done for MIPS

Fixes:
- http://autobuild.buildroot.org/results/97b53a74d9847c07f26178daeb1daff3b6c24813
- http://autobuild.buildroot.org/results/c35ac4bbc5fb04aabf5a719eddeedf55f7f1f4eb

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

busybox: add patch to fix 'head -n -1'

Busybox 1.29.0 introduces a regression causing head to fail with negative
'-n' parameters, e.g. 'head -n -1'. Instead of showing all but the last one
line, no lines are printed whatsoever.

The issue was reported with
http://lists.busybox.net/pipermail/busybox/2018-August/086617.html . This
commit backports the revert applied upstream.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gcc: xtensa: fix atomic NAND code generation

xtensa gcc incorrectly generates code for atomic NAND operation as
~a1 & a2 instead of ~(a1 & a2). Fix that.

Backported from: r264087
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

screen: fix rare build failure on T_N undeclared

/usr/lfs/v0/rc-buildroot-test/scripts/instance-2/output/host/bin/arm-none-linux-gnueabi-gcc -c -I. -I.  -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -DETCSCREENRC='"/usr/etc/screenrc"' -DSCREENENCODINGS='"/usr/share/screen/utf8encodings"' -DHAVE_CONFIG_H -DGIT_REV=\"\" \
     -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64  -Os  -D_GNU_SOURCE list_display.c
In file included from screen.h:150:0,
                 from list_display.c:36:
display.h:154:19: error: 'T_N' undeclared here (not in a function)
   union tcu d_tcs[T_N];  /* terminal capabilities */

Macro T_N is defined in header file term.h but it may not be created
then fails. Backport patch to make sure term.h is created before compile
other source codes.

Fixes:
- http://autobuild.buildroot.org/results/a62bea1fd32246526d59f029df3dca60f1cd710f

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/xen: disable tools/qemu-xen/ opengl

Resolves:
http://autobuild.buildroot.net/results/a7f2bf387458c2f0db6a4b555c51004f321f9320

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

mediastreamer: fix avcodec functions conflict

Autotools miss avcodec function check when linking statically, leading to
conflicts between local functions and avcodec functions.

Add patch to swap $FFMPEG_LIBS and -lavutil which are checked when
AC_CHECK_LIB on avcodec_* functions. $FFMPEG_LIBS contain -ldrm that must
be listed after -lavutil.

Fixes:
http://autobuild.buildroot.net/results/394/3945e06ea0dd1e16013184fbab5b67b3561c87ce/
http://autobuild.buildroot.net/results/576/576c7d71313c45753848462717200b2b8ff5bb0e/
http://autobuild.buildroot.net/results/f33/f339ac6ea30815eeb8ecb144c971f56c06a9f995

[Peter: adjust commit message to clarify that this is for static linking]
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

chipmunk: fix build on musl

Build fails on:
/home/test/autobuild/run/instance-0/output/build/chipmunk-7.0.2/src/cpHastySpace.c:11:24: fatal error: sys/sysctl.h: No such file or directory

Indeed, sys/sysctl.h is not available on musl so include this header
only if __APPLE__ is defined as sysctlbyname is only used in this case.

Fixes:
- http://autobuild.buildroot.org/results/e5be2f8eb9315a9054e1c8d854dec37cbb28eed7

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

imagemagick: security bump to version 7.0.7-39

>From the release notes:

2018-06-06  7.0.7-39  <quetzlzacatenango@image...>
  * Fixed numerous use of uninitialized values, integer overflow, memory
    exceeded, and timeouts (credit to OSS Fuzz).

The most critical of these are:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8772
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8782

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

php: pdo mysql extension needs hash as well

Fixes:
http://autobuild.buildroot.net/results/69cf9326539c8df8fa50c5e7acb2ce3bb985ede2/

The PDO mysql extension also needs the hash extension - so select it,
similar to how it was done for the mysqli extension in commit 65f96452636
(php: fix build with mysqli).

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/squashfs: fix build on hosts with glibc >= 2.28

Since glibc 2.28, sys/sysmacros.h is no longer included from sys/types.h
This patch fixes the resulting build error by explicitly including
sys/sysmacros.h

See also https://github.com/plougher/squashfs-tools/pull/52

Signed-off-by: Richard Kunze <richard.kunze@web.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

sdl2: add upstream patch to fix DirectFB renderer handling

The configure script enables the DirectFB video driver, but forgets to
enable the renderer driver, causing SDL_CreateRenderer() to fail. Add an upstream patch to fix this.

[Peter: reword/extend commit text,
add git formatted patch from https://github.com/spurious/SDL-mirror]
Signed-off-by: Peter Thompson <peter.macleod.thompson@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

DEVELOPERS: add myself for some packages

Add my entry for expat, libv4l and minizip

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

qt: fix build on powerpc_e500mc

gcc bug internal compiler error: in validate_condition_mode, at
config/rs6000/rs6000.c:180744. Bug is fixed since gcc 7.
Workaround is to set -mno-isel, see
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60818 and
https://gcc.gnu.org/ml/gcc-patches/2016-02/msg01036.html

This bug is also raised on BR2_powerpc_8540, BR2_powerpc_8548 and
BR2_powerpc_e5500.

Fixes:
- http://autobuild.buildroot.net/results/9b9d11b3281a72c8f54fc675408acb96d24d8e7e

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

domoticz: do not use static version of openssl

Due to the dependency on mosquitto, domoticz depends on !BR2_STATIC_LIBS
so set USE_OPENSSL_STATIC to OFF (default value is ON)

This parameter has been added in release 4.9700.

Fixes:
- http://autobuild.buildroot.net/results/b1b84b8c12d31b9242b5732fcdd1eb76b1217366

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

qt5webengine: use QT5WEBENGINE prefix for CHROMIUM_LICENSE_FILES variable

The qt5webengine package currently uses the CHROMIUM_LICENSE_FILES
variable to hold the list of license files for the chromium source
code embedded inside the qt5webengine code.

However, using this variable would clash with a hypothetical
"chromium" package, and anyway violates our rule that all variables of
a package should be prefixed by the package name.

This commit fixes that by adding the QT5WEBENGINE to this variable.

Signed-off-by: Laurent Hartanerot <laurent.hartanerot@atos.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

qt5webengine: fix chromium-latest.inc with the current license files

chromium-latest.inc was not properly updated with the latest version
bumps of Qt, and it no longer matches the license files of
Qt5Webengine 5.11. This commit fixes this legal-info failure:

$ make qt5webengine-legal-info
[...]
cp: cannot stat '/home/thomas/projets/buildroot/output/build/qt5webengine-5.11.1/src/3rdparty/chromium/buildtools/third_party/libc++abi/trunk/LICENSE.TXT': No such file or directory

Signed-off-by: Laurent Hartanerot <laurent.hartanerot@atos.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

qt5webengine: rename chromium.inc to chromium-latest.inc

For consistency with chromium-lts.inc, rename chromium.inc to
chromium-latest.inc.

Signed-off-by: Laurent Hartanerot <laurent.hartanerot@atos.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

qt5webengine: add separate file for chromium license files for Qt LTS

The qtwebengine package used by Qt LTS has a different set of license
files for chromium, so this commit introduces a separate
chromium-lts.inc with the right contents.

This fixes legal-info of qt5webengine with Qt LTS.

Signed-off-by: Laurent Hartanerot <laurent.hartanerot@atos.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

Update for 2018.08-rc3

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

minicom: add COPYING sha256 to hash

In minicom package hash file lacks sha256 entry for COPYING file even if
it is added to MINICOM_LICENSE_FILES.

Add COPYING sha256 entry to minicom.hash file.

Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

CHANGES: add note about Vivante graphics / i.MX8MQ support for 2018.08-rc1

As requested by Gary Bisson.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

qt5quickcontrols: update license file names for Qt 5.6 version

Signed-off-by: Laurent Hartanerot <laurent.hartanerot@atos.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

board/freescale/imx8mqevk: remove hardware support section from readme

At first the support for i.MX8MQ processors was minimal, hence this
section in the readme file.

Since then, GPU support was added [1] in master and VPU in next [2].

So drop this section as it is confusing people and no one maintains it.

[1] https://git.buildroot.net/buildroot/commit/?id=84afda9c
[2] https://git.buildroot.net/buildroot/commit/?id=82732071

Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

libkcapi: bump to version 1.1.3

Remove patch (already in version). This version bump only contains a
limited set of bug fixes:

Changes 1.1.3
* Fix: default location of FIPS 140-2 HMAC control file is .<orig file>.hmac
(was accidentally moved to <orig file>.hmac with 1.1.2)

Changes 1.1.2
* Fix: Bug fixes for GCC 8.1.0 regarding string length checks by
Krzysztof Kozlowski
* Enhancement: ensure that tests execute on architectures other than X86
by Ondrej Mosnáček
* Fix: Bug fix to initialize FDs at the correct time in kcapi-kernel-if.c
by Ondrej Mosnáček
* Test fix: Support test execution outside build environment by
Ondrej Mosnáček

Changes 1.1.1
* Fix: Bug fixes for kcapi_hasher by Ondrej Mosnáček

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

linux-headers: bump 4.4.x series

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

docs/website: update for 2018.02.5

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Update for 2018.02.5

[Peter: drop Makefile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b07116644d617a0365d70eaae57c68ca273e6183)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

mender: fix ioctl build failure on powerpc64le / power8

Build fails due to missing // +build ppc64le in ioctl_64_bit.go

Add patch to append ppc64le to // +build list.

Fixes
http://autobuild.buildroot.net/results/f22/f222b4389f9308363c386da25ec22a0919bc29fb//

Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

json-c: drop host-autoconf dependency

It turns out that the configure script attempts to run autoheader
because the configure.ac timestamp is slightly later than that of
config.h.in. Update the config.h.in timestamp after tarball extract to
avoid autoheader run. With that we can drop the host-autoconf
dependency.

Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Revert "package/aircrack-ng: powerpc arch requires altivec"

This reverts commit 1f3f1fb8c7324c9a50383b1cafcbd2f9d74a91f9.

Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/aircrack-ng: powerpc support optional ALTIVEC

This patch adds support for the powerpc arch to conditionally
check if an arch provies altivec accelerator support, similar
to other SIMD on ARM/x86.

Upstream issue: aircrack-ng/aircrack-ng#1941

Fixes
http://autobuild.buildroot.net/results/87e82a5e8d0b1c1ff10ec3e59d25bcd56b329075

Tested against both a e6500 with Altivec and a e500 target.

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

cutelyst: link with libatomic when needed

On some architectures, atomic binutils are provided by the libatomic
library from gcc. Linking with libatomic is therefore necessary,
otherwise the build fails with:

sparc-buildroot-linux-uclibc/sysroot/lib/libatomic.so.1: error adding symbols: DSO missing from command line

This is often for example the case on sparcv8 32 bit.

This atomic dependency is due to Qt >= 5.8, pkconfig can't be used as
Qt5 pc files does not mention this dependency

Fixes:
- http://autobuild.buildroot.net/results/9e307ab9c7067b26d7b33a572204394808e25772

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/shairport-sync: add upstream patch to fix build issue with soxr

Add upstream patch to fix build issue detected by the Buildroot autobuilder:

```
arm-buildroot-linux-uclibcgnueabi/sysroot/usr//lib/libsoxr.a(soxr.c.o): In function `soxr_create':
soxr.c:(.text+0xd4c): undefined reference to `av_get_cpu_flags'
collect2: error: ld returned 1 exit status
```

A quick look at the soxr source code shows that `soxr_create()` might use
`av_get_cpu_flags()` depending on the architecture.

For the sake of simplicity link with `-lavutil` if it is found when using soxr.

Even better, as soxr provides a pkg-config file, this should be prefered.

Upstream issue: https://github.com/mikebrady/shairport-sync/issues/733
Upstream status: 5101ab2d13e2b89ea3c1276df5fb7413634eeccd

Fixes:
http://autobuild.buildroot.net/results/53d/53d21686780aa2485745b59e812b6280dd39f1c5
http://autobuild.buildroot.net/results/605/60576363adfca404c3a7883d5d46e8a4a9ee8171
http://autobuild.buildroot.net/results/806/806867ab1c6f42ad1b34d44844efc57272d48235
http://autobuild.buildroot.net/results/840/840810601fbb8a7957ea9dae175b959a7f9b7491
.. and more.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

postgresql: security bump to 10.5

Fixes CVE-2018-10915 & CVE-2018-10925

Changelog: https://www.postgresql.org/docs/10/static/release-10-5.html

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

json-c: needs host-autoconf

The json-c configure script uses the autoheader utility. Use the
host-autoconf provided autoheader, as this tool is not always installed
on the host.

Fixes:
http://autobuild.buildroot.net/results/030/030fddceda4f5bc6379f7bfcc405e92d2e24184a/
http://autobuild.buildroot.net/results/e48/e482f174b8124ace0690a26bb7daf073fe5fcd75/
http://autobuild.buildroot.net/results/482/4829425c38c58d9844aa07108532a93d47191d23/

Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

docs/website: update for 2018.05.2

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Update for 2018.05.2

[Peter: drop Makefile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4b8deaf34cca1a1c0196ab7e91ceb9720923d6aa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

libsoup: add upstream security fix

Fixes CVE-2018-12910: The get_cookies function in soup-cookie-jar.c in
libsoup 2.63.2 allows attackers to have unspecified impact via an empty
hostname.

Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

mbedtls: fix x86 PIC build with GCC < 5

Fixes:
http://autobuild.buildroot.net/results/d6d/d6dc9a640aa1f6650a3e7b9397f2fe2ae3433f4d/
http://autobuild.buildroot.net/results/ab5/ab5a58ea7845f9f378454ee1aa7e872448618ba9/

ebx was recently added to the x86 inline asm MULADDC_STOP clobber list to
fix #1550, but this causes the build to fail with GCC < 5 when building in
PIC mode with errors like:

include/mbedtls/bn_mul.h:46:13: error: PIC register clobbered by ‘ebx’ in ‘asm’

This is because older GCC versions treated the x86 ebx register (which is
used for the GOT) as a fixed reserved register when building as PIC.

This is fixed by an improved register allocator in GCC 5+. From the release
notes:

Register allocation improvements: Reuse of the PIC hard register, instead of
using a fixed register, was implemented on x86/x86-64 targets. This
improves generated PIC code performance as more hard registers can be used.

https://www.gnu.org/software/gcc/gcc-5/changes.html

As a workaround, add a patch to detect this situation and disable the inline
assembly, similar to the MULADDC_CANNOT_USE_R7 logic.

Patch submitted upstream: https://github.com/ARMmbed/mbedtls/pull/1986

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

cutelyst: depends on C++11

thread-local storage is a C++11 feature available since gcc 4.8:
https://gcc.gnu.org/projects/cxx-status.html#cxx11

Fixes:
- http://autobuild.buildroot.net/results/2963bd55cd7c33ded3e5a75fc86079acfae844c1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

aircrack-ng: fix build with mmx

Commit 39387fc80f90f3a9ac9ef9f3aa32da5776a0721e removed mmx support
however aircrack-ng fails to build on platforms with mmx because an
error is raised if __MMX__ is defined.

Fixes:
- http://autobuild.buildroot.net/results/b7362b69435e9ef6fb2aedc50743e88dbd7a5c72

[Upstream status: merged
(https://github.com/aircrack-ng/aircrack-ng/pull/1943)]

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

php: fix build with mysqli

This fixes autobuild failures like
http://autobuild.buildroot.net/results/3288b742cee650ee47a41c5b4d6aaef1fe67bff1

php compile breaks with:

ext/mysqlnd/mysqlnd_auth.o: In function `php_mysqlnd_scramble_sha2':
mysqlnd_auth.c:(.text+0x1054): undefined reference to `PHP_SHA256Init'
mysqlnd_auth.c:(.text+0x1064): undefined reference to `PHP_SHA256Update'
mysqlnd_auth.c:(.text+0x1070): undefined reference to `PHP_SHA256Final'
mysqlnd_auth.c:(.text+0x1078): undefined reference to `PHP_SHA256Init'
mysqlnd_auth.c:(.text+0x1088): undefined reference to `PHP_SHA256Update'
mysqlnd_auth.c:(.text+0x1094): undefined reference to `PHP_SHA256Final'
mysqlnd_auth.c:(.text+0x109c): undefined reference to `PHP_SHA256Init'
mysqlnd_auth.c:(.text+0x10ac): undefined reference to `PHP_SHA256Update'
mysqlnd_auth.c:(.text+0x10bc): undefined reference to `PHP_SHA256Update'
mysqlnd_auth.c:(.text+0x10c8): undefined reference to `PHP_SHA256Final'

It looks like the php mysqli extension needs the hash extension to work. This
seems to be a php Make dependany bug. This patch works around it until the
upstream maintainers can fix it.

Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

dropbear: add upstream security fix for CVE-2018-15599

dropbear is affected by an user enumeration vulnerability similar to the
recent issue in openssh (CVE-2018-15473). Add an upstream patch fixing the
issue.

For more details, see the discussion on the mailing list:
http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2018q3/002110.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

openpowerlink: add patch to fix musl build

This commit adds a one-liner patch that fixes the build with musl of
the openpowerlink package, caused by a missing <sys/types.h>
include. The patch has been submitted upstream.

Fixes:

http://autobuild.buildroot.net/results/8aff5f6d7bcab616129368c1fb22026bb164e454/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/brltty: fix cross-compilation

brltty has a very inventive buildsystem, where it internall runs
./configure for the build machine In doing so, it generates a list
of make variables to define what the build machine supports, like
it does for the target.

However, the build variables are generated with a convoluted sed
script that scans the target list, and appends _FOR_BUILD to each
target variables. Then, both lists are included from the Makefile,
on the assumption that the build variables will not clash with the
target variables.

Where it gets interesting, is that that sed script considers the
variables names to match '[A-Za-z][A-Za-z0-9_]*'

And there we see why ATSPI2_PACKAGE does not match: it contains a
digit.

So, some build variables will inevitably override target ones.

Fix that by simply expanding the matching regexp to allow digits
in variable names.

Fixes:
http://autobuild.buildroot.org/results/a37/a37782b3cfc1a96cc129db8fade20a36a7b2d470/
http://autobuild.buildroot.org/results/97e/97edc6a47d2140968e84b409cdc960604e5896f2/

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Mario Lang <mlang@blind.guru>
Cc: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

docs/manual: expand on why using a branch name is not supported

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

i2c-tools: include LGPL-2.1+ license for libi2c

Extend i2c-tools SPDX identifiers to include the library license.
Also include COPYING.LGPL and README to license files.

The ic2-tools readme states:

LICENSE

Check the documentation of individual tools for licensing information.
The library is released under the LGPL version 2.1 or later, while most
tools are released under the GPL version 2 or later, but there are a few
exceptions.

Signed-off-by: Brad Love <brad@nextdimension.cc>
[Thomas: add hashes for COPYING.LGPL and README.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/mesa3d: vulkan with x11 needs dri3

Vulcan with X11 needs DRI3, which in turn requires xlib-libxshmfence.

Fixes:
http://autobuild.buildroot.org/results/356/35653fc6f57dc169a8aae6baedb1acd1049b50ec/

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

rauc: add patch to make it build with Linux < 3.0

This commit adds a patch to RAUC that makes the eMMC boot partition
support optional. This allows RAUC to build successfully on systems
using Linux < 3.0.

Fixes:

http://autobuild.buildroot.net/results/7e1cbeb458cb6536a36eae0d24cefb36edb22f55/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>

package/linux-headers: add help text for manual header selection

Add kconfig help text that explains how to manually specify an
official Linux version to use for the kernel headers.

Signed-off-by: Mark Corbin <mark.corbin@embecosm.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

mbedtls: security bump to version 2.7.5

Fixes the following security issues:

- CVE-2018-0497: Remote plaintext recovery on use of CBC based ciphersuites
through a timing side-channel

- CVE-2018-0498: Plaintext recovery on use of CBC based ciphersuites through
a cache based side-channel

For more info, see the advisory:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

linux-headers: bump 4.{4, 9, 14, 17}.x series

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

linux: bump default to version 4.17.19

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

openssh: security bump to version 7.8

Fixes CVE-2018-15473: user enumeration vulnerability due to not delaying
bailout for an invalid authenticating user until after the packet
containing the request has been fully parsed.

Some OpenSSH developers don't consider this a security issue:

https://lists.mindrot.org/pipermail/openssh-unix-dev/2018-August/037138.html

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

linux-headers: bump 4.{4, 9, 14, 17}.x series

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

linux: bump default to version 4.17.18

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

mjpegtools: fix build on powerpc without altivec

mpjegtools fails to build on powerpc without altivec:

build_sub44_mests.c: In function 'build_sub44_mests_altivec':
build_sub44_mests.c:268:9: internal compiler error: Segmentation fault
     vr1 = vec_ld(rowstride, (unsigned char*)s44blk);

It seems mpjegtools is wrongly detecting altivec support:
configure:   - PowerPC Optimizations:
configure:     - AltiVec enabled             : true

Fix this by adding BR2_PACKAGE_MJPEGTOOLS_SIMD_SUPPORT and setting
--enable-simd-accel / --disable-simd-accel

Fixes:
- http://autobuild.buildroot.net/results/c9464712f43efb8954fd2e5460126ad193660353

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

DEVELOPERS: add mender to Mirza Krak

Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/x11r7/xlib_libX11: security bump to version 1.6.6

Fixes CVE-2018-14599, CVE-2018-14600 & CVE-2018-14598:
https://lists.x.org/archives/xorg-announce/2018-August/002915.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

qt5base: fix double conversion for microblazeel/microblazebe

Fixes [1]:

../3rdparty/double-conversion/include/double-conversion/utils.h:81:2: error: #error Target architecture was not detected as supported by Double-Conversion.
#error Target architecture was not detected as supported by Double-Conversion.

[1] http://autobuild.buildroot.net/results/489/4891d96f45c64c2e66fe819bd4175cc1d6243a93

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

toolchain: improve musl check to support static toolchains

The check_musl function currently builds a program and verifies if the
program interpreter starts with /lib/ld-musl. While this works fine
for dynamically linked programs, this obviously doesn't work for a
purely static musl toolchain such as [1].

There is no easy way to identify a toolchain as using the musl C
library. For glibc, dynamic linking is always supported, so we look at
the dynamic linker name. For uClibc, there is a distinctive
uClibc_config.h header file. There is no such distinctive feature in
musl.

We end up resorting to looking for the string MUSL_LOCPATH, which is
used by musl locale_map.c source file. This string has been present in
musl since 2014. It certainly isn't a very stable or convincing
solution to identify the C library as being musl, but it's the best we
could find.

Note that we are sure there is a libc.a file, because the
check_unusable_toolchain function checks that there is a such a file.

[1] http://autobuild.buildroot.net/toolchains/tarballs/br-arm-musl-static-2018.05.tar.bz2

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

busybox: don't clobber dangling symlinks

We sometimes create dangling symlinks in the target directory. That is
because we need canonical targets, as relative targets don't work well
with BR2_ROOTFS_MERGED_USR. For example, the vim package installs the
/bin/vi symlink to /usr/bin/vim. This symlink might be dangling when the
build host has no vim installed there.

Patch the busybox install.sh script to avoid clobber of dangling
symlinks.

Fixes:
http://autobuild.buildroot.net/results/796/796107430db6545401d9926e84f19eaf2040b756/

Cc: Adam Duskett <aduskett@gmail.com>
Cc: Carlos Santos <casantos@datacom.com.br>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

pv: fix build failures when building under a path containing 'yes'

Depending on the configuration, the cpp output may contain the string 'yes'
in a comment if built under a path containing 'yes', confusing the _AIX
test:

${CROSS}-cpp conftest.h
\# 1 "conftest.h"
\# 1 "<built-in>"
\# 1 "<command-line>"
\# 31 "<command-line>"
\# 1 "/home/peko/source/buildroot/output-yes/host/x86_64-buildroot-linux-gnu/sysroot/usr/include/stdc-predef.h"
\# 32 "<command-line>" 2
\# 1 "conftest.txt"

If misdetected, the configure script adds -lc128 to LIBS, causing the
AC_CHECKS_FUNCS check for stat64 to fail, which in turn causes compilation
errors about redefinition of symbols:

In file included from ./src/include/pv-internal.h:9:0,
                 from src/pv/file.c:5:
./src/include/config.h:76:18: error: redefinition of 'struct stat'
  #  define stat64 stat
                   ^
Fix it by only matching on 'yes' on a line by itself.

As pv doesn't cleanly autoreconf (it doesn't use automake and configure.in
is located in subdir), instead directly patch configure.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

systemd: add optional dependency on elfutils

systemd can use elfutils when available, so this commit adds the
detection of this library.

Signed-off-by: Keith Mok <ek9852@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

download: fix file:// BR2_PRIMARY_SITE (download cache)

wget is the only downloader currently usable with BR2_PRIMARY_SITE, and that
doesn't work at all for file:// URLs. The symptoms are these:

support/download/dl-wrapper -c '2.4.47' -d '/PATH/build/sw/source/attr' -D '/PATH/build/sw/source' -f 'attr-2.4.47.src.tar.gz' -H 'package/attr//attr.hash' -n 'attr-2.4.47' -N 'attr' -o '/PATH/build/sw/source/attr/attr-2.4.47.src.tar.gz'  -u file\|urlencode+file:///NFS/buildroot_dl_cache/attr -u file\|urlencode+file:///NFS/buildroot_dl_cache -u http+http://download.savannah.gnu.org/releases/attr -u http\|urlencode+http://sources.buildroot.net/attr -u http\|urlencode+http://sources.buildroot.net  --
file:///NFS/buildroot_dl_cache/attr/attr-2.4.47.src.tar.gz: Unsupported scheme `file'.
ERROR: attr-2.4.47.src.tar.gz has wrong sha256 hash:
ERROR: expected: 25772f653ac5b2e3ceeb89df50e4688891e21f723c460636548971652af0a859
ERROR: got     : e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ERROR: Incomplete download, or man-in-the-middle (MITM) attack

In the case of custom Linux kernel versions, this is fatal, because there isn't
necessarily a hash file to indicate that wget's empty tarball is wrong.

This seems to have been broken by commit c8ef0c03b0b, because:
1. BR2_PRIMARY_SITE always appends "urlencode" (package/pkg-download.mk)
2. Anything with the "|urlencode" suffix in $uri will end up using wget due to
   the backend case wildcarding.
3. The wget backend rejects file:/// URLs ("unsupported scheme"), and we end up
   with an empty .tar.gz file in the downloads directory.

Fix that by shell-extracting the backend name from the left of "|". I'm not
positive if all URLs will have a "|", so this code only looks for a "|" left of
the "+".

Signed-off-by: Hollis Blanchard <hollis_blanchard@mentor.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

libssh: fix download location

The current download location fails, and Buildroot falls back to
sources.b.o:

--2018-08-20 23:41:39--  https://red.libssh.org/attachments/download/218/libssh-0.7.5.tar.xz
Resolving red.libssh.org (red.libssh.org)... 78.46.80.163
Connecting to red.libssh.org (red.libssh.org)|78.46.80.163|:443... connected.
The certificate's owner does not match hostname ‘red.libssh.org’
--2018-08-20 23:41:39--  http://sources.buildroot.net/libssh/libssh-0.7.5.tar.xz
Resolving sources.buildroot.net (sources.buildroot.net)... 104.25.211.19, 104.25.210.19, 2400:cb00:2048:1::6819:d313, ...
Connecting to sources.buildroot.net (sources.buildroot.net)|104.25.211.19|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 351632 (343K) [application/x-xz]

This commit fixes the download location:

--2018-08-20 23:43:04--  https://www.libssh.org/files/0.7/libssh-0.7.5.tar.xz
Resolving www.libssh.org (www.libssh.org)... 87.98.168.187, 2001:41d0:2:f80c::4
Connecting to www.libssh.org (www.libssh.org)|87.98.168.187|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 351632 (343K) [application/x-tar]

This patch is extracted from a contribution from Bernd Kuhls who was
also bumping the package at the same time
(http://patchwork.ozlabs.org/patch/959192/).

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

mutt: fix static build with libidn2 and libunistring

When libidn2 is statically build with libunistring support, mutt needs
to add -lunistring to LIBS.
To do that, add a call to PKG_CHECK_MODULES to retrieve this information
from libidn2.pc

Fixes:
- http://autobuild.buildroot.net/results/177da8f4798f69298db5385957184f1c53cca923

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

zeromq: fix build on m68k_cf

An internal compiler error is raised on m68k_cf at dwarf2cfi.c:2752 in
connect_traces. Error can be fixed by adding -fno-defer-pop, see
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=58864

Fixes:
- http://autobuild.buildroot.net/results/dad241acbe59b1c5a24a0a2f3da6b12a553aec84

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/pkg-download: quiet the dl-wrapper call

The download wrapper call is currently always being displayed, even
without V=1, which is a bit annoying. It shows something like this:

thomas@windsurf:~/projets/buildroot (master)$ make tslib-source
>>> tslib 1.16 Downloading
PATH="/home/thomas/projets/buildroot/output/host/bin:/home/thomas/projets/buildroot/output/host/sbin:/usr/local/bin:/usr/bin:/bin:/home/thomas/.rvm/bin:/usr/local/sbin:/usr/sbin:/home/thomas/.rvm/bin:/home/thomas/sys/bin:/home/thomas/.gem/ruby/2.1.0/bin:/home/thomas/.rvm/bin" BR2_DL_DIR=/home/thomas/dl BUILD_DIR=/home/thomas/projets/buildroot/output/build O=/home/thomas/projets/buildroot/output flock /home/thomas/dl/tslib/ support/download/dl-wrapper -c '1.16' -d '/home/thomas/dl/tslib' -D '/home/thomas/dl' -f 'tslib-1.16.tar.xz' -H 'package/tslib//tslib.hash' -n 'tslib-1.16' -N 'tslib' -o '/home/thomas/dl/tslib/tslib-1.16.tar.xz' -u https+https://github.com/kergoth/tslib/releases/download/1.16 -u http\|urlencode+http://sources.buildroot.net/tslib -u http\|urlencode+http://sources.buildroot.net --

Let's silence this dl-wrapper call by prepending with $(Q).

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

oracle-mysql: fix hostname path

MySQL detects on the build machine where the hostname program is
located, and uses this value in a number of configuration files and
scripts that are generated and installed in the target:

output/target$ grep -r "bin/hostname" *
etc/inittab:::sysinit:/bin/hostname -F /etc/hostname
usr/share/mysql/mysql.server:  pid_file=$datadir/mysqlmanager-`/usr/bin/hostname`.pid
usr/share/mysql/mysql.server:  server_pid_file=$datadir/`/usr/bin/hostname`.pid
usr/bin/mysql_install_db:hostname=`/usr/bin/hostname`
usr/bin/mysqld_safe:    err_log=$DATADIR/`/usr/bin/hostname`.err
usr/bin/mysqld_safe:  pid_file="$DATADIR/`/usr/bin/hostname`.pid"

However, the hostname on the build machine may not necessarily be at
the same location as the hostname program on the target. Buildroot has
its hostname program (coming from Busybox) in /bin, but some Linux
distributions (such as Fedora) use /usr/bin/hostname, causing the
incorrect hostname paths above.

This commit fixes that by passing the appropriate autoconf cache
variable value.

Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
[Thomas: add commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

liburiparser: bump to version 0.8.6

Version 0.8.6 is a bugfix release including a nasty bug that has
potential to crash applications when parsing certain URIs (like
"//:%aa@", excluding quotes).

For more details please check the change log at

https://github.com/uriparser/uriparser/blob/uriparser-0.8.6/ChangeLog

Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libconfuse: security bump to version 3.2.2

Fixes CVE-2018-14447: https://github.com/martinh/libconfuse/issues/109

Signed-off-by: Frank Hunleth <fhunleth@troodon-software.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

gr-osmosdr: add host-python-cheetah dependency

Since b7f1b030413a51637323a755cbd985b06026990e host-python-cheetah is no more a
dependency for gnuradio. So this package must be explicitly added for
gr-osmosdr.

Fix : http://autobuild.buildroot.net/results/aa208a69996548c15d937fc7c97d267162a56c48/

Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/mender: set version in go linker

This is used when calling the mender client with the
-version option and it says "unknown" if not set in
linker.

Now it displays the following:

    # mender -version
    1.4.0
    runtime: go1.10.2

Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/mender: update legal info

Also added license checksums in mender.hash

Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/mender: use inventory and identity script from upstream source

These files are part of Mender sources and no point in keeping duplicate
files locally.

Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/mender: remove tenant.conf

Tenant Token is a configuration option that has to do with Hosted Mender,
where you you need to set this for the devices to connect to the
correct organization in a multi-tenant system.

The removal of tenant.conf usage (and /var/lib/mender/authtentoken)
was in Mender client version 1.2.0, where it was switched to be an mender.conf
option instead as the example above demonstrates. As the first version that was
integrated in Buildroot was 1.4.0, the inclusion of tenant.conf and the
creation of the symlink is not necessary.

Now it is specified as such in mender.conf:

Example:

/etc/mender/mender.conf
{
TenantToken: "very long base64 encoded string"
}

Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/mender: select BR2_PACKAGE_UBOOT_TOOLS_FWPRINTENV

The Mender client uses fw_printenv/fw_setenv to manipulate the U-boot
environment, e.g to change the boot candidate after a update has been
done.

Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/mender: create directory containing Mender state script

Mender state-scripts are essentially "hooks" that can be provided to
influence the update flow.

They should be placed inside /etc/mender/scripts and the directory must
contain a file containing the current state-script format version. It is
currently "2".

Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/mender: provide sane values in mender.conf

The current values that are in mender.conf will actually
cause the Mender client to fail to start because of invalid
values.

Provide sane default values that at least allow the Mender client
to parse the configuration options and start running.

The values provided will actually work in a "Demo Environment",
see https://docs.mender.io/getting-started/create-a-test-environment.

Though an entry is required in /etc/hosts to resolve the URL to the
local IP address of the running demo server.

Example:

echo "192.168.0.10 docker.mender.io s3.docker.mender.io" >> \
/etc/hosts

Above is required because the demo certificate
(/etc/mender/server.crt) is created for https://docker.mender.io.

Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/mender: fix install path for identity and inventory scripts

These scripts are used to generate the device identity and to populate
the the device inventory. The Mender client will call these and at least
the mender-device-identity is required to be present at the correct
location. Inventory scripts are there as an example and not
actually required.

Example output from identity script:

    $ ./mender-device-identity
    mac=de:ad:ca:fe:00:01
    cpuid=1112233

Example output from inventory script:

    $ ./mender-inventory-network
    mac_br-fbfdad18c33c=02:42:7e:74:96:85
    network_interfaces=br-fbfdad18c33c
    ipv4_br-fbfdad18c33c=172.21.0.1/16
    mac_enp0s25=de:ad:be:ef:bb:05
    network_interfaces=enp0s25
    ipv4_enp0s25=123.22.0.197/16
    ipv4_enp0s25=10.20.20.105/16
    ipv6_enp0s25=fe80::2aad:beff:feef:bb05/64

Inventory and device identity data is presented on the Mender server
front-end.

Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

boot/uboot: needs host-{flex,bison}

Recent U-Boot no longer ship the flex/bison generated kconfig parser, as
of commit e91610da7c8a9fe42f3e5a75f06c3d1a0cb5f815 (kconfig: re-sync
with Linux 4.17-rc4).

So, add the conditional kconfig dependencies, as we just did for the
kernel.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

linux: kconfig needs the toolchain

Starting with linux-4.18, the kconfig from the kernel can call
to the compiler to test its capabilities; see:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/scripts/Kconfig.include

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Jan Kundrát <jan.kundrat@cesnet.cz>
Tested-by: Jan Kundrát <jan.kundrat@cesnet.cz>
Reviewed-by: Jan Kundrát <jan.kundrat@cesnet.cz>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

linux: host-{flex, bison} only needed for DTS

host-{flex,bison} are only needed to generate the dtc parser, so we
don't need them if the kernel does not have support for device tree.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

linux: kconfig may need host-{flex, bison} to build the configurators

Rely on the system provided ones if avalable, and only resort to use our
owns if the sytem does not provide them.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Jan Kundrát <jan.kundrat@cesnet.cz>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

support/dependencies: check for system-provided bison and flex

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/bison: fix build on host with glibc-2.28

Similarly to c48f8a6462 (package/m4: fix build on host with glibc-2.28),
backport the two fixes fromn gnulib upstream, that allows building
host-bison on systems using glibc 2.28.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Reported-by: c32 on IRC
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

Update for 2018.08-rc2

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

qt5base: fix double-conversion for or1k

Fixes [1]:

../3rdparty/double-conversion/include/double-conversion/utils.h:81:2: error: #error Target architecture was not detected as supported by Double-Conversion.
#error Target architecture was not detected as supported by Double-Conversion.

[1] http://autobuild.buildroot.net/results/a3535cdf5e91df011a59a4b9f60d69195f5efdcb

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

core: drop useless assignments to BISON and FLEX

They were added back in 5432f26f0 (Adding Central config.cache options),
supposedly to be able to cache the result of configure tests, but they
were never, ever referenced anywhere in our code... Besides, we dropped
the idea of getting a configure cache long ago now (it does not work)...

They are causing spurious error messages on some distros (e.g. Fedora)
which use GNU's which (whatever package that comes from), while it is
silent on other distros (e.g. Ubuntu) which use debianutils' which.

Drop them.

Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

python-pyqt5: add Qt 5.11 compatibility patch

This commit adds a patch to python-pyqt5 to make it build properly
against Qt 5.11.

PyQt5 is using a dual-licensing model, and the commercial company
behind it (RiverBank) only provides release tarballs, and no public
Git repository, so we cannot see the individual changes they make. By
diffing the PyQt5 5.10 and 5.11 releases, we could see that they opted
for dropping entirely support for the waitForEvents() method, rather
than keeping it for Qt < 5.11. We take the same approach in the below
patch, since this is anyway what will happen when we will bump to
PyQt5 5.11.

The patch is not Git-formatted, because there is no upstream Git
repository for this project.

Fixes:

http://autobuild.buildroot.net/results/1f1e92374fe71a1d4343243db5f530c33db06698/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

wireless_tools: Fix site URL does not work

Replace broken http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux
by https://hewlettpackard.github.io/wireless-tools.

[Peter: also adjust URL in Config.in]
Signed-off-by: Vadim Kochan <vadim.kochan@petcube.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/nodejs: security bump version to 8.11.4

Release notes:
https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/

Fixes CVE-2018-12115, also CVEs were fixed in included OpenSSL code
which do not use for the target build.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>