git: security bump to version 2.16.4

Forward port of security fixes from the 2.13.7 release. The 2.13.7
release notes say this:

 * Submodule "names" come from the untrusted .gitmodules file, but we
   blindly append them to $GIT_DIR/modules to create our on-disk repo
   paths. This means you can do bad things by putting "../" into the
   name. We now enforce some rules for submodule names which will cause
   Git to ignore these malicious names (CVE-2018-11235).

   Credit for finding this vulnerability and the proof of concept from
   which the test script was adapted goes to Etienne Stalmans.

 * It was possible to trick the code that sanity-checks paths on NTFS
   into reading random piece of memory (CVE-2018-11233).

Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/dash: don't build in paralle

dash has races in its Makefile, but upstream is not too keen in fixing
those, and just suggests that dash not be built in parallel:

    https://www.mail-archive.com/dash@vger.kernel.org/msg01675.html

Fixes:
    http://autobuild.buildroot.org/results/793/7934c815a3009af688c2f1183e67dfe542c9a009/
    http://autobuild.buildroot.org/results/fc4/fc4e4ab47455ac47dd4a3a60083cec2848e74dbb/
    http://autobuild.buildroot.org/results/6bf/6bfdd44ea5d55a6ca3ef92254eab18c7c0416b7b/
    [...]

Reported-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

log4cplus: needs gcc >= 4.8

log4cplus needs std::map::emplace

Fixes:
 - http://autobuild.buildroot.net/results/ef0d8d7fae835ff555202f6de320945226ec00bf

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

configs/stm32f469: force usage of binutils 2.28.x

Fixes #11051

Due to runtime issue with the usage of binutils 2.29.x, we need to use the
version 2.28.x

Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Acked-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

configs/stm32f429: force usage of binutils 2.28.x

Fixes #11051

Due to runtime issue with the usage of binutils 2.29.x, we need to use the
version 2.28.x

Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Acked-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

glibc: security bump to latest 2.27 branch

Fixed issues are listed in the 2.27 branch NEWS file:

  CVE-2017-18269: An SSE2-based memmove implementation for the i386
  architecture could corrupt memory.  Reported by Max Horn.

  CVE-2018-11236: Very long pathname arguments to realpath function could
  result in an integer overflow and buffer overflow.  Reported by Alexey
  Izbyshev.

  CVE-2018-11237: The mempcpy implementation for the Intel Xeon Phi
  architecture could write beyond the target buffer, resulting in a buffer
  overflow.  Reported by Andreas Schwab.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Update for 2018.05-rc3

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/elf2flt: replace hard-links with copies to fix rpath

Do for elf2flt what we did for binutils: replace the hardlinks (which
break rpath handling) with copies of the individaul tools.

See previous commit (package/binutils: switch from symlinks to copies
and commit f9cffb6af4 (binutils: replace hard-links with soft-links to
fix rpath) for the complete story.

Fixes: #11031.
Reported-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Christophe Priouzeau <christophe.priouzeau@st.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/binutils: switch from symlinks to copies to fix rpath

Commit f9cffb6af464 (binutils: replace hard-links with soft-links to fix
rpath) has a side effect that when we build for a noMMU target, elf2flt
will in turn replace some of the programs installed by binutils, with
its own wrappers.

For example, it will rename host/TUPLE/bin/ld to ld.real, and add its
own wrapper in place of the original. It does the same for
host/bin/TUPLE-ld and host/bin/TUPLE-ld.real.

However, we had already made ld a symlink to ../../bin/TUPLE-ld, so
host/TUPLE/bin/ld.real will still point to host/bin/TUPLE-ld when we
want it to point to ld.real instead...

This ultimately confuses gcc later on.

Of course, the culprit is also elf2flt, which also installs similar
hardlinks that would ultimately exhibit the same rpath issue as the
one fixed by f9cffb6af464. Note: we haven't had an issue so far with
that, because those tools installed by elf2flt only link with libz,
which is most often present on the host system. So, all seem well,
but is nonetheless broken; this will be fixed in a subsequent commit.

But back on topic. If we were to fix elf2flt with similar symlinks,
gcc still gets confused. The underlying reason for this confusion is
not entirely clear, though... It looks like something is trying to
dereference symlinks and gets confused by the result somehow...

So, in an attempt to restore some sanity in all this mess, we try to
restore the previous behaviour, we no longer use symlinks but just copy
the individual tools.

Fixes: #11031.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Christophe Priouzeau <christophe.priouzeau@st.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

poppler: link with libatomic when needed

Following errors might occur on architectures required to use gcc libatomics:
sparc-buildroot-linux-uclibc/sysroot/lib/libatomic.so.1: error adding symbols: DSO missing from command line

This is often the case for sparcv8 32 bit toolchains.

See 55a9d6d55888b04ec6c476399e5b98a2412995f5 and 03f6e005e6a9617767b24a9026da9477848020cc.

Fixes:
  http://autobuild.buildroot.net/results/64a96663a48ab644bc03c9a3ec2d6a644119dee6
  http://autobuild.buildroot.net/results/82e85e12478fc1972b70ad728ed7c1554920c9e3

Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

linux: bump Linux CIP to v4.4.130-cip23

This patch bump the Linux CIP kernel to version v4.4.130-cip23

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

toolchain: Bump ARC tools to arc-2018.03-rc2

This commit bumps ARC toolchain to arc-2018.03-rc2, which
includes significant changes since arc-2018.03-rc1.
We want to test how new toolchain-rc2 builds packages,
so we can make fixes before release of toolcain.
This makes us closer to toolchain release which will be in a few weeks.

Please note that it is a release candidate
and it might contain some breakages,
please don't use it for production builds.

Signed-off-by: Evgeniy Didin <didin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: arc-buildroot@synopsys.com
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7aaabe8fc04006b15bb5f9aaf08ac07603fcf7fe)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

fs: ensure hard links in TARGET_DIR are correctly copied for filesystem input

Fixes #11046

Commit bb2a57a17a7 (fs: run packages' filesystem hooks in a copy of target/)
changed the file system logic to run file system hooks from packages on a
copy of TARGET_DIR, and finally use this copy as input for the file system
generation.

This copy was done with rsync, which by default does not preserve hard
links, leading to an expansion of the file system images when hard links are
present.

Fix it by passing the -H option to rsync (preserve hard links).

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

libcurl: fix build with ssh2 and static mbedtls

The ssh2 pkg-config file could contain the following lines when build
with a static version of mbedtls:
   Libs: -L${libdir} -lssh2 /xxx/libmbedcrypto.a
   Libs.private: /xxx/libmbedcrypto.a

This static mbedtls library must be used to correctly detect ssh2
support and this library must be copied in libcurl.pc otherwise
compilation of any application (such as upmpdcli) with libcurl will fail
when trying to find mbedtls functions included in libssh2.

So, replace pkg-config --libs-only-l by pkg-config --libs.

Fixes:
 - http://autobuild.buildroot.net/results/43e24b22a77f616d6198c10435dcc23cc3b9088a

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

libtirpc: use rpcgen from host-nfs-utils

Drop the patch adding local rpcgen. Instead use the host-nfs-utils
provided rpcgen. Update the patch "Automatically generate XDR header
files from .x sources using" to use external rpcgen.

Renumber the other patches.

Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

autofs: depend on host-nfs-utils

host-nfs-utils provides the host rpcgen utility. This fixes the build on
recent Fedora systems that removed rpcgen from the glibc package.

Fixes:
http://autobuild.buildroot.net/results/383/383bc8462f32a226645c9b792b8d65a25d74529d/
http://autobuild.buildroot.net/results/0c0/0c00f72512754b721813e13f0828d3a942f7b955/
http://autobuild.buildroot.net/results/50b/50b66d2a3c8264f618d7aa813b10050ed147209f/

Cc: Jonathan Ben Avraham <yba@tkos.co.il>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

samba4: depend on host-nfs-utils

host-nfs-utils provides the host rpcgen utility. This fixes the build on
recent Fedora systems that removed rpcgen from the glibc package.

Fixes:
http://autobuild.buildroot.net/results/6f8/6f869b8c7c182dfe7f1a291b5952320504540ebf/
http://autobuild.buildroot.net/results/4c2/4c228dd6369e4fc11b798af6ab2abe06d7473b78/
http://autobuild.buildroot.net/results/489/489be441abd19fba2b0c39357e64a6adcf773b60/

Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

quota: depend on host-nfs-utils

host-nfs-utils provides the host rpcgen utility. This fixes the build on
recent Fedora systems that removed rpcgen from the glibc package.

Fixes:
http://autobuild.buildroot.net/results/730/730acb23663ebbbaba847073979654670a8bc64c/
http://autobuild.buildroot.net/results/e49/e49932e9d958203d585cdddd795df06aad6ff3a9/
http://autobuild.buildroot.net/results/1b7/1b7dccf7b9742d1b9cb57bffe55eac5cfc66b15c/

Cc: Jarkko Sakkinen <jarkko.sakkinen@intel.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

nfs-utils: add host package

We only need the host package for the rpcgen utility. glibc deprecated
this utility in version 2.26. Fedora has recently removed rpcgen from
its glibc package. So we need to build the rpcgen from the nfs-utils
package.

The removal of Sun RPC from glibc also removed RPC headers from glibc.
rpcgen needs two of these headers. Add host-libtirpc to provide the RPC
headers.

Tested-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

libtirpc: add host package

The libtirpc host package is only for two headers that the host rpcgen
utility from the nfs-utils package needs to build. glibc used to provide
these headers. In version 2.26 glibc deprecated them with its bundled
Sun RPC. Recently Fedora stopped enabling Sun RPC in glibc. So we can no
longer rely on these headers being present on the host.

Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

qt-webkit-kiosk: bump to version 1.99.7-4-ga7720e5

This brings localstorage support in the app, plus a fix for the build
issue logged at [1].

[1] http://autobuild.buildroot.net/results/f29fa8ef055fe0d41db5944974272530d02ecd29/

Signed-off-by: Jérôme Oufella <jerome.oufella@savoirfairelinux.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

xfsprogs: bump to 4.16.1

Resolves build failures like:
http://autobuild.buildroot.net/results/953/95307f0f56c7ead1bd1f0ab0049aeb8b30fdc11c/

libunistring to libicu conversion required modifications to
0001-mdrestore-do-not-do-dynamic-linking-of-libtool-libra.patch and
the libicu usage doesn't require the
0005-xfs_scrub-fix-cross-compile-with-libunistring.patch patch. I
verified that the configuration time setup of the LIBICU library
works correctly and doesn't require us to remove it.

Upstream has reworked/included the following:
0003-workqueue-add-missing-pthreads-header.patch
0004-xfs_scrub-add-missing-paths-header.patch
0006-xfs_scrub-fix-build-with-older-kernel-headers.patch

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

pkg-generic: error out with 'local' site method and no _SITE

The 'local' site method is easily confused with the 'file' site method,
making people create packages like this:

    FOO_SITE_METHOD = local
    FOO_SOURCE = foo.tar.gz

    $(eval $(generic-package))

Due to the intricacies of the generic package infra, this does not
cause an error; instead, the foo.tar.gz tarball that happens to be
present in the download directory will be used. This behaviour differs
greatly from what is specified in the manual.

Instead, error out immediately if a package specifies the 'local' site
method but does not specify a _SITE.

We check for _OVERRIDE_SRCDIR rather than checking for _SITE, just
after _OVERRIDE_SRCDIR has been set to _SITE. Indeed, a package that
sets _OVERRIDE_SRCDIR but not _SITE currently works correctly. There is
no reason to make it fail.

See also
https://stackoverflow.com/questions/50364655/including-patches-to-build-root

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

linux-headers: bump 4.4.x series

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

linux-headers: bump 4.{9, 14, 16}.x series

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

linux: bump default to version 4.16.12

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/bash-completion: fix a parallel build issue

The STAGING_DIR/usr/share/bash-completion/completions directory is not
created yet.

Fixed by:
https://github.com/scop/bash-completion/commit/ee6b37ad7ff5b309cbb9b886a871252abd9398fa

Fixes:
http://autobuild.buildroot.org/results/7ee/7eea0f512695605714cf2d8c971778d4784b4c75/build-end.log

Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

cjson: bump to version 1.7.7

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

libcoap: needs host-pkgconf

The libcoap configure script uses pkg-config.

Fixes:
http://autobuild.buildroot.net/results/746/746c6dcbf3f941c7baa5b382bd264d830d839be1/
http://autobuild.buildroot.net/results/d98/d9840a22ae5eb6572b6641b93f8beadc27d2abb5/
http://autobuild.buildroot.net/results/905/905f122213ad9623ea5dd9d32c352efd151319f3/

Cc: Joris Lijssens <joris.lijssens@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

busybox: bump to version 1.28.4

Fixes to dpkg and nsenter.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

DEVELOPERS: update datacom email addresses

We are moving from datacom.ind.br to datacom.com.br. The old domain will
still be valid for an undefined period (probably forever).

Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

linux-headers: bump 4.{9, 14, 16}.x series

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

linux: bump default to version 4.16.11

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

lrzsz: install symlinks for XMODEM and YMODEM

This sets the protocol choice according to the program invocation name.
That is the common lrzsz installation practice.

Cc: Matthew Starr <mstarr@hedonline.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

procps-ng: security bump to version 3.3.15

Drop upstream patch.

This release fixes the issues listed below.

CVE-2018-1122: Local privilege escalation in top

CVE-2018-1123: Denial of service in ps

CVE-2018-1124: Local privilege escalation in libprocps

CVE-2018-1125: Stack buffer overflow in pgrep

CVE-2018-1126: Integer overflow in proc/alloc

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Update for 2018.05-rc2

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

DEVELOPERS: add myself to modem-manager

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

modem-manager: disable -Werror

Fixes:
http://autobuild.buildroot.net/results/5d9/5d9e299ff12726d07e8a584a213c1d2a2e419594/

The modem-manager build generates a number of build warnings like:

mm-base-manager.c: In function 'handle_set_logging':
mm-base-manager.c:680:15: error: assignment from incompatible pointer type [-Werror]
     ctx->self = g_object_ref (manager);

Which cause a build failure because of -Werror.  Pass
--disable-more-warnings to disable -Werror.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

toolchain: GCC bug 85862

GCC < 7.x hangs while building libnss for the Microblaze Arch.

Discovered by
http://autobuild.buildroot.net/results/158e8ebb39713e1b436a5cc1a1916f46c30694df

Reported:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85862

Simlar to:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=49218

[Peter: tweak ecryptfs comment, add comment/dependencies for qt5webengine]
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

libmediaart: rename options to have proper prefix

Options should be prefixed by BR2_PACKAGE_LIBMEDIAART and not
BR2_PACKAGE_MEDIAART, but package was using both prefixes.

This was found as default symbol was defined as
BR2_PACKAGE_LIBMEDIAART_BACKEND_NONE (correct prefix), but symbol
was actually BR2_PACKAGE_MEDIAART_BACKEND_NONE).

This commit therefore renames the incorrectly named options, and adds
Config.in.legacy handling. Since the options are part of a choice, the
legacy handling cannot select the new options, and is only here to
inform the user.

Fixes: c443830a57 libmediaart: new package
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
[Thomas: improve commit log, add Config.in.legacy handling]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

ti-sgx-km: rename options to have proper prefix

The sub-options of the ti-sgx-km package had their name option
prefixed by BR2_PACKAGE_TI_SGX, while the prefix should be
BR2_PACKAGE_TI_SGX_KM. This commit fixes that, and adds the necessary
Config.in.legacy handling.

Since those options are part of a choice, the legacy handling cannot
select the new name of the options, so the legacy handling only
informs the user of the rename.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

janus-gateway: rename options to have proper prefix

The sub-options of the janus-gateway package had their name option
prefixed by BR2_PACKAGE_JANUS, while the prefix should be
BR2_PACKAGE_JANUS_GATEWAY. This commit fixes that, and adds the
necessary Config.in.legacy handling.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

ipsec-tools: rename options to have proper prefix

A number of options in the ipsec-tools package had their Config.in
option prefixed by BR2_PACKAGE_IPSEC, while the prefix should be
BR2_PACKAGE_IPSEC_TOOLS. This commit fixes that, and adds the
necessary Config.in.legacy handling.

Since those options are part of a choice, the legacy handling cannot
select the new name of the options, so the legacy handling only
informs the user of the rename.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

libftdi: rename option to have proper prefix

The option name BR2_PACKAGE_LIBTFDI_CPP obviously had a typo: it
should have been named BR2_PACKAGE_LIBFTDI_CPP, and add the necessary
Config.in.legacy handling.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

jquery-ui-themes: rename options to have proper prefix

The choice options to select the specific jquery-ui theme to install
had a prefix of BR2_PACKAGE_JQUERY_UI_THEME_ instead of
BR2_PACKAGE_JQUERY_UI_THEMES_. This commit fixes that, and adds
Config.in.legacy handling. It's worth mentioning that since those
options are part of a choice, the legacy handling cannot select the
new name of the option: we can simply inform the user about the
renaming.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

bluez5_utils: rename options to have the proper suffix

The bluez5_utils Config.in options had a bogus prefix:
BR2_PACKAGE_BLUEZ5 instead of the expected
BR2_PACKAGE_BLUEZ5_UTILS. This commit fixes that, and adds the
appropriate Config.in.legacy handling.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

wavpack: add upstream security fixes

Fixes the following security issues:

CVE-2018-10536: An issue was discovered in WavPack 5.1.0 and earlier.  The
WAV parser component contains a vulnerability that allows writing to memory
because ParseRiffHeaderConfig in riff.c does not reject multiple format
chunks.

CVE-2018-10537: An issue was discovered in WavPack 5.1.0 and earlier.  The
W64 parser component contains a vulnerability that allows writing to memory
because ParseWave64HeaderConfig in wave64.c does not reject multiple format
chunks.

CVE-2018-10538: An issue was discovered in WavPack 5.1.0 and earlier for WAV
input.  Out-of-bounds writes can occur because ParseRiffHeaderConfig in
riff.c does not validate the sizes of unknown chunks before attempting
memory allocation, related to a lack of integer-overflow protection within a
bytes_to_copy calculation and subsequent malloc call, leading to
insufficient memory allocation.

CVE-2018-10539: An issue was discovered in WavPack 5.1.0 and earlier for
DSDiff input.  Out-of-bounds writes can occur because
ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown
chunks before attempting memory allocation, related to a lack of
integer-overflow protection within a bytes_to_copy calculation and
subsequent malloc call, leading to insufficient memory allocation.

CVE-2018-10540: An issue was discovered in WavPack 5.1.0 and earlier for W64
input.  Out-of-bounds writes can occur because ParseWave64HeaderConfig in
wave64.c does not validate the sizes of unknown chunks before attempting
memory allocation, related to a lack of integer-overflow protection within a
bytes_to_copy calculation and subsequent malloc call, leading to
insufficient memory allocation.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

linux-headers: bump 4.{9, 14, 16}.x series

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

linux: bump default to version 4.16.10

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/imx-mkimage: update hash

Due to an update in the tar logic, see commit 6e2f5d0254 (download/git: fix
transform regexp for older tar versions ) - This hash needs to be updated.

Fixes:

  http://autobuild.buildroot.net/results/7c63ab1188a45d4684e159456f561a4e7c39e612/

Signed-off-by: Erik Larsson <karl.erik.larsson@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

ltrace: fix visibility of Config.in comment

The BR2_PACKAGE_LTRACE option has some architecture dependencies, but
those architecture dependencies are not taken into account for the
Config.in comment.

To fix this, this commit introduces a BR2_PACKAGE_LTRACE_ARCH_SUPPORTS
hidden boolean that gets used by both the BR2_PACKAGE_LTRACE option
and the Config.in comment.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

ltrace: remove bogus comment in Config.in file

In commit dfaa18af00dfcff71a0159adaafb0880e58fa6a1 ("ltrace: disable
on mips/mipsel"), ltrace was disabled on mips/mipsel due to build
issues, and a comment was added in the Config.in file to explain that
even though ltrace has mips/mipsel support, it isn't enabled because
it doesn't build.

Then, in commit d23cce19c299e3010ba2dca84ab4ad35eff3cdbb ("ltrace:
enable for mips/mipsel"), the build of ltrace on mips/mipsel was
re-enabled, because it has been fixed upstream.

However, the comment in the Config.in comment was not removed in this
commit. Due to this, we have a comment that says "we don't allow
enabling ltrace on mips/mipsel" and the line right below precisely
allows to enable ltrace on mips/mipsel.

Fix this inconsistency by removing the no longer valid comment.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

gst1-plugins-bad: fix typo preventing use of the netsim plugin

Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

Revert "arch/arm: add cortex-m7 core"

This reverts commit 43884e7f5011cbd70a9a17bfd87041953cfa74ee, which
was intended for the next branch, not master.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

arch/arm: add cortex-m7 core

Nothing fancy, just a plain Cortex-M, armv7-M core...

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

libpam-radius-auth: add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

znc: add mandatory dependency on threads

Threads support is mandatory since version 1.7.0:
https://github.com/znc/znc/commit/582cd635f5a047761b1052a40088ab86e62fffc1

Fixes:
 - http://autobuild.buildroot.net/results/cc56c7dbee594056288296398772ef9e22846299

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

libpciaccess: add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

libpcap: add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

libosip2: add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/transmission: remove BR2_PACKAGE_TRANSMISSION_REMOTE

Commit 6e223241e1bb58a27eb890291f9f5c1fcc6a0818 ("Add Transmission
package"), which added the transmission package, introduced a
BR2_PACKAGE_TRANSMISSION_REMOTE Config.in option, supposedly matching
the --enable-remote/--disable-remote transmission option.

However, transmission as of version 2.33 packaged by this initial
commit, did not have a --enable-remote/--disable-remote option, and it
was apparently never part of transmission.

Therefore, this commit removes this useless option. Since the
transmission-remote tool is automatically built when the daemon is
enabled, the Config.in.legacy handling selects
BR2_PACKAGE_TRANSMISSION_DAEMON.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/transmission: fix inotify configure option

The configure option is really called --with-inotify:
https://github.com/transmission/transmission/blob/2.9x/configure.ac#L211

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/transmission: fix systemd support

Patch 0006-libsystemd.patch backports an upstream commit which renames
the systemd configure option.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

zmqpp: fix build with or1k and gcc < 6

Use CONFIG variable to disable optimizations when or1k and gcc < 6 are
detected otherwise set CONFIG to release or debug depending on
BR2_ENABLE_DEBUG

Fixes:
 - http://autobuild.buildroot.net/results/523e58eefba7ef23a09ef53160da22190ccbb098

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

libogg: add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

liboauth: add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

libnfnetlink: add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

libnfc: add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

libnetfilter_log: add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

libnetfilter_cttimeout: add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

libnetfilter_cthelper: add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

libmpd: add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

libmodplug: add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

libmodbus: add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

mbedtls: security bump to version 2.7.3

Extract from release announcement:

- (2.9, 2.7, 2.1) Fixed an issue in the X.509 module which could lead
to a buffer overread during certificate validation. Additionally, the
issue could also lead to unnecessary callback checks being made or to
some validation checks to be omitted. The overread could be triggered
remotely, while the other issues would require a non DER-compliant
certificate to be correctly signed by a trusted CA, or a trusted CA with
a non DER-compliant certificate. Found by luocm. Fixes #825.

- (2.9, 2.7, 2.1) Fixed the buffer length assertion in the
ssl_parse_certificate_request() function which could lead to an
arbitrary overread of the message buffer. The overreads could be caused
by receiving a malformed algorithms section which was too short. In
builds with debug output, this overread data was output with the debug
data.

- (2.9, 2.7, 2.1) Fixed a client-side bug in the validation of the
server's ciphersuite choice which could potentially lead to the client
accepting a ciphersuite it didn't offer or a ciphersuite that could not
be used with the TLS or DTLS version chosen by the server. This could
lead to corruption of internal data structures for some configurations.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

gst1-plugins-bad: update plugin licenses

Update several of the licenses annotated in the gst1-plugins-bad.mk file.

1. Specify GPL-2.0 in license info.
* All of the *.[ch] that specify GPL also specify version 2 or later.

2. Remove GPL from audiovisualizers.
* Changlog notes move from GPL to LGPL. (2015-04-25)
* docs/plugins/inspect/plugin-audiovisualizers.xml claims "LGPL".
* All *.[ch] files under ./gst/audiovisualizers say "GNU Library General Public License".

3. Add GPL to yadif.
* Changelog notes that yadif is "GPL". (2013-02-07)
* docs/plugins/inspect/plugin-yadif.xml claims "GPL".
* All *.[ch] files under ./gst/yadif say "GNU General Public License" except for one "GNU Library General Public License".

4. Remove UNKNOWN from fdk_aac.
* docs/plugins/inspect/plugin-fdkaac.xml claims "LGPL".
* All *.[ch] files under ./ext/fdkaac say "GNU Lesser" or "GNU Library General Public License".

5. Add BSD-2c to dtls.
* docs/plugins/inspect/plugin-dtls.xml claims "BSD".
* All *.[ch] files under ./gst/dtls have BSD-2c text.

6. Add BSD-2c to openh264.
* Changelog notes that openh264 is "BSD-2". (2014-10-03)
* docs/plugins/inspect/plugin-openh264.xml claims "BSD".
* All *.[ch] files under ./ext/openh264 have BSD-2c text.

Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

DEVELOPERS: add myself for libnss

Signed-off-by: Joseph Kogut <joseph.kogut@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

qt5wayland: fix hardwareintegration/client/xcomposite-egl compile

Add upstream patch, fixes [1]:

  ../../../hardwareintegration/client/xcomposite-egl/qwaylandxcompositeeglwindow.cpp: In member function 'void QtWaylandClient::QWaylandXCompositeEGLWindow::createEglSurface()':
  ../../../hardwareintegration/client/xcomposite-egl/qwaylandxcompositeeglwindow.cpp:124:82: error: invalid conversion from 'Window {aka long unsigned int}' to 'EGLNativeWindowType {aka void*}' [-fpermissive]
       m_surface = eglCreateWindowSurface(m_glxIntegration->eglDisplay(), m_config, m_xWindow,0);
                                                                                    ^~~~~~~~~
  In file included from ../../../hardwareintegration/client/xcomposite-egl/qwaylandxcompositeeglclientbufferintegration.h:57:0,
                   from ../../../hardwareintegration/client/xcomposite-egl/qwaylandxcompositeeglwindow.h:46,
                   from ../../../hardwareintegration/client/xcomposite-egl/qwaylandxcompositeeglwindow.cpp:40:
  .../host/arm-buildroot-linux-musleabihf/sysroot/usr/include/EGL/egl.h:265:31: note:   initializing argument 3 of 'void* eglCreateWindowSurface(EGLDisplay, EGLConfig, EGLNativeWindowType, const EGLint*)'
 EGLAPI EGLSurface EGLAPIENTRY eglCreateWindowSurface(EGLDisplay dpy, EGLConfig config,

[1] http://autobuild.buildroot.net/results/9bcc76ed9e23c0d525f20b4da7f3bb5efe3083d4

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

gdb: actually disable gdbserver if BR2_PACKAGE_GDB_SERVER is unset

The gdb configure script is given --enable-gdbserver when
BR2_PACKAGE_GDB_SERVER is set, but it is not given --disable-gdbserver
when BR2_PACKAGE_GDB_SERVER is unset.

gdb gdb/configure.ac defaults to enabling gdbserver in "native"
(host=target) cases, which is always the case when buildroot builds a
gdb which runs on the target hardware. The gdbserver will overwrite
BR2_TOOLCHAIN_EXTERNAL_GDB_SERVER_COPY gdbserver, if any.

Fix that by passing --disable-gdbserver when BR2_PACKAGE_GDB_SERVER is
unset.

Signed-off-by: Anssi Hannula <anssi.hannula@bitwise.fi>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

nfs-utils: update homepage link

The linux-nfs project switched to a new homepage. Update the help text
link.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

faketime: add patch to disable -Werror

faketime currently doesn't build on host machines that use gcc 8.x due
to stricter checks done by gcc, and the fact that it is built with
-Werror.

As a simple stop-gap measure, this commit patches the faketime
Makefile to not use -Werror anymore.

The actual fixes for the gcc 8.x issues have been submitted upstream
at https://github.com/wolfcw/libfaketime/pull/161, but disabling
-Werror is a much smaller fix.

Also, it is worth mentioning that removing -Werror makes the existing
patch 0001-Disable-the-non-null-compare-warning-error.patch (which was
just disabling one specific warning). We nonetheless keep this patch
around as it is a backport from upstream.

Fixes:

  http://autobuild.buildroot.net/results/bd223dfa1c4baa68e427d4941bd2e9917e22da84/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

libcurl: security bump to version 7.60.0

Drop upstream patch.

This release fixes the security issues listed below.

CVE-2018-1000300: curl might overflow a heap based memory buffer when
closing down an FTP connection with very long server command replies.

  https://curl.haxx.se/docs/adv_2018-82c2.html

CVE-2018-1000301: curl can be tricked into reading data beyond the end
of a heap based buffer used to store downloaded content.

  https://curl.haxx.se/docs/adv_2018-b138.html

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

libnss: backport upstream patch to fix build with gcc 8.x

This commit backports upstream patch
https://github.com/nss-dev/nss/commit/f0ce70989526fc9a0223398c99ea0d09777ea5df
to our libnss package to fix the build with gcc 8.x.

Fixes:

  http://autobuild.buildroot.net/results/1ca35171200286fa032b24606aaa50de6a2d449e/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

libkcapi: depends on BR2_TOOLCHAIN_HAS_SYNC_4

Since commit
https://github.com/smuellerDD/libkcapi/commit/4d0a5c235536b5f679e6a9b0c847f56c9cfc3835,
libkcapi uses __sync_add_and_fetch_4 and __sync_sub_and_fetch_4

Fixes:
 - http://autobuild.buildroot.net/results/de5e136ea433633d836bff1d2ac1d3b461391b83

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

imx8mqevk: readme: Write the SoC name in capital letters

Use "i.MX8MQ" (in capital letters) for the SoC name for better
readability.

Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

imx8mqevk: readme: Put switch configuration for SD card boot

Improve the documentation by adding the configuration of SW801 and SW802
switches for SD card boot.

Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

configs/mx53loco: Adjust comment to reflect the real kernel version

The kernel used is from 4.16 version, so adjust the comment.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

exim: do not link buildconfig with $(LIBS)

The existing patch 0001-Build-buildconfig-for-the-host.patch changes
the exim build system to use the host compiler to build the
"buildconfig" program instead of the cross-compiler.

However, it still uses $(LIBS) which lists the target libraries to
link with, which shouldn't be used. Since buildconfig doesn't use any
library beyond the C library, we can simply drop using $(LIBS).

This will fix build failures of exim on Fedora 28, where libnsl is no
longer provided by the C library, causing build failures such as:

/usr/bin/gcc buildconfig.c
/usr/bin/ld: cannot find -lnsl

Fixes:

  http://autobuild.buildroot.net/results/ac78fe18657558b3c12c03c08bf1081d7c06ca85/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/llvm: fix host-llvm build with GCC8

This patch fixes the build of lli for host-llvm when using GCC 8.

It was taken from llvm-5.0 package for Fedora 28.

Link to bug: https://bugzilla.redhat.com/show_bug.cgi?id=1540620

Fixes:

http://autobuild.buildroot.net/results/824c70e982d8ec7e518cf4db058767df42db6b04/

Signed-off-by: Valentin Korenblit <valentin.korenblit@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

linux: don't override HOSTCC for kconfig

Kconfig uses either pkg-config or hard-coded /usr/include paths to find
the ncurses or ncursesw library. If ncursesw is found, it will include
<ncursesw.h>. Since Buildroot's host-ncurses doesn't install a .pc file,
and linux.mk anyway doesn't pass the pkg-config options to find the host
pkg-config files, Kconfig will always find the system's ncursesw.h.

However, since commit dde090c299 (linux: fix passing of host CFLAGS and
LDFLAGS) HOST_LDFLAGS is passed to the linux build system. Thus, if
host-ncurses was already built before 'make linux-menuconfig' is called,
the build will pick up libncurses from the host directory, which is NOT
widechar. Thus, two different ncurses configurations are mixed into the
final mconf program. This will result in serious breakage in the
rendering of the menus (lots of @ and question mark characters).

As a workaround (suggested by Yann), don't pass HOST_CFLAGS and
HOST_LDFLAGS when running kconfig commands. For kconfig, we should never
need host packages anyway. This way, the kconfig calls will always use
the system's ncurses and never our host-ncurses.

Note that the same problem could pop up for other kconfig packages as
well if we ever pass HOST_CFLAGS/HOST_LDFLAGS to them. We could force
HOSTCC=$(HOSTCC) directly in kconfig-package. However, for now there
are no other packages that exhibit this problem, so this can be
revisited when they do.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: David De Grave <david.degrave@essensium.com>
Cc: Scott Fan <fancp2007@gmail.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/clang: bump to version 5.0.2

5.0.2  is API and ABI compatible with 5.0.0 and 5.0.1 and includes
mitigations for CVE-2017-5715 (Spectre Variant 2) for X86 and MIPS.

Signed-off-by: Valentin Korenblit <valentin.korenblit@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/llvm: bump to version 5.0.2

5.0.2  is API and ABI compatible with 5.0.0 and 5.0.1 and includes
mitigations for CVE-2017-5715 (Spectre Variant 2) for X86 and MIPS.

Signed-off-by: Valentin Korenblit <valentin.korenblit@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/asterisk: Fix issues building without SSL

Fixes
http://autobuild.buildroot.net/results/7d0/7d069dd5629e406cecd17bacfa818e7c8e6b2064/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

gst1-plugins-bad: rework license type construction

Use "GST1_PLUGINS_BAD_LICENSE := $(GST1_PLUGINS_BAD_LICENSE), xxxx" construct
so that the list of licenses is presented as a comma-separated list.

Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

clamav: add patch to fix build failure caused by lack of libcurl

When json-c is enabled but libcurl is disabled, clamav tries to build
the clamsubmit program, which fails with:

  CC       clamsubmit.o
clamsubmit.c:6:23: fatal error: curl/curl.h: No such file or directory
 #include <curl/curl.h>

This is due to an incorrect curl-config detection logic, leading to
/bin/curl-config being present making the configure script believe
that curl is available, even when --without-libcurl is explicitly
passed.

This commit adds a patch, submitted upstream, which fixes this
problem.

Fixes:

  http://autobuild.buildroot.net/results/c43d2ebd8ab30016969d642dbd71c297dc5f6bab/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

clamav: reformat patches as Git-formatted patches

ClamAV is using Git upstream
(https://github.com/Cisco-Talos/clamav-devel), so it makes sense to
use Git-formatted patches.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

zstd: fix host headers installation

If host-zstd builds when $(HOST_DIR)/include has not been created yet,
the install-includes target does not create this directory. Instead, the
install command copies the headers over $(HOST_DIR)/include, thus
creating a regular file instead of a directory. This leads to the
following installation failure:

Installing includes
install: cannot create directory ‘.../host/usr/include/’: File exists
Makefile:166: recipe for target 'install-pc' failed
make[1]: *** [install-pc] Error 1

Add a patch to fix that.

Cc: Peter Seiderer <ps.report@gmx.net>
Cc: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

cifs-utils: unconditionally disable PIE

PIE support in Buildroot should be enabled via the global option
BR2_RELRO_FULL option, and not done on a per-package basis, therefore
PIE should unconditionally be disabled in the cifs-utils package.

This has the added side-effect that it works around a binutils bug on
SPARC causing the linker to segfault when PIE is enabled:

sparc-linux-gcc -Wall -Wextra -D_FORTIFY_SOURCE=2 -fpie -pie -Wl,-z,relro,-z,now -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64  -Os    -o mount.cifs mount.cifs.o mtab.o resolve_host.o util.o  -lcap-ng
collect2: fatal error: ld terminated with signal 6 [Aborted], core dumped

This issue will reappear when we start testing BR2_RELRO_FULL in the
autobuilders, but in the mean time it avoids the problem.

Fixes:

  http://autobuild.buildroot.net/results/a5342890f39bdccae1324e7d3dbe0eab1aad28e5/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

lynx: add patch to fix static link issue

The lynx package incorrectly uses target LDFLAGS to build a host tool,
which causes a problem when we do a statically link build for the
target, on a host machine that doesn't support static linking.

A simple patch fixes the problematic makefile, and it has been
submitted upstream on the project mailing list.

Fixes:

  http://autobuild.buildroot.net/results/38ba2531eeeb4a7985eddd2df8bfaf0b56e6a687/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

wget: security bump to version 1.19.5

Fixes CVE-2018-0494: cookie injection vulnerability.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>