package/python-docker: bump version to 3.5.1

Pypi now proves a sha256 hash as well.

Drop 0001-setup.py-make-pip-optional.patch as upstream has now completely
removed the docker-py checks:

https://github.com/docker/docker-py/commit/accb9de52f6e383ad0335807f73c8c35bd6e7426

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

python-docker-pycreds: bump version to 0.4.0

Needed by newer python-docker versions.

Pypi now proves a sha256 hash as well.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

packages/glibc: Fix mcontext_t error that breaks RISC-V package builds

The riscv-glibc repository version of glibc 2.26 will build for
RISC-V 32bit, but when many packages are built against the resulting
library an 'unknown type name mcontext_t' error is reported. The
definition of mcontext_h in the ucontext.h header file needs to be
moved outside of the '#ifdef __USE_MISC' structure to fix this
issue.

Fixes:
  http://autobuild.buildroot.net/results/5aa9cb29c459f511dc9c4fcf218dc9a842505aa3

Signed-off-by: Mark Corbin <mark.corbin@embecosm.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

libtommath: bump to version 1.1.0

The library was re-licensed to The Unlicense (https://unlicense.org/),
more details on https://www.libtom.net/news/LTM_1.1.0RC1/

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/pamtester: new package

Utility for testing pluggable authentication modules (PAM) facility.

While specifically designed to help PAM module authors to test their
modules, that might also be handy for system administrators interested
in building a centralised authentication system using common standards
such as NIS, SASL and LDAP.

Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[Peter: drop spelling fix patch]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

arch/mips: add (Marvell) Octeon III processor

The compiler recognizes a specific 'march' value for Octeon III processors,
so create a 'Target Architecture Variant' entry for it in the target menu.

Note: support for '-march=octeon3' was added in gcc 5.x. However, the
official compiler provided by Marvell (Cavium Networks) uses gcc 4.7.x (and
supports -march=octeon3 via their own modifications). For this reason, no
line 'select BR2_ARCH_NEEDS_GCC_AT_LEAST_5' is added.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

arch/mips: add (Marvell) Octeon II processor

The compiler recognizes a specific 'march' value for Octeon II processors,
so create a 'Target Architecture Variant' entry for it in the target menu.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

arch/mips: introduce mips32r3 and mips64r3

It's unclear why Buildroot only defined MIPS 32/64 releases 1, 2, 5 and 6
while 3 exists as well.

Interesting fact:
"Release 4 was skipped because the number four is perceived as unlucky in
many Asian cultures."
https://en.wikipedia.org/wiki/MIPS_architecture#MIPS32/MIPS64

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

support/testing/tests/download/gitremote: remove trailing whitespace

Fixes the following flake8 warnings:

support/testing/tests/download/gitremote.py:29:67: W291 trailing whitespace
support/testing/tests/download/gitremote.py:30:60: W291 trailing whitespace

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/bird: bump version to 2.0.3

Patch 0001 is no longer needed as it has been ported to this version.
Also, the README changes but the licence is still GPL-2.0+

Signed-off-by: Adrien Gallouët <adrien@gallouet.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

Makefile: respect strip exclusions for special libraries

ld-*.so and libpthread*.so* are not stripped in the same way as other
binaries because some applications need symbols in these libraries in
order to operate correctly.

However, the special handling for these binaries ignores the usual
BR2_STRIP_EXCLUDE_* rules so it is not possible to build an image which
has debugging symbols in these binaries.

Pull out the common find functionality so that we can build two find
commands that re-use the common exclusion rules.

Fix-suggested-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: John Keeping <john@metanate.com>
Tested-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

testing/tests/download: add git hash test

Add one test case to ensure the hash is checked for git packages:
 - correct hash;
 - wrong hash;
 - no hash file.

Add required infra:
 - a GitRemote class, that can start a git server in the host machine to
   emulate a remote git server under the control of the test;
 - a new base class, called GitTestBase, that inherits from BRTest and
   must be subclassed by all git test cases.
   Its setUp() method takes care of configuring the build with a
   br2-external, avoiding to hit http://sources.buildroot.net by using
   an empty BR2_BACKUP_SITE. It also avoids downloading not
   pre-installed dependencies (i.e. lzip) every time by calling 'make
   dependencies' using the common dl directory, and it instantiates the
   GitRemote object.

Besides the Python scripts, add some fixtures used during the tests:
 - a br2-external (git-hash) with one package for each part of the test
   case;
 - a static git bare repo (repo.git) to be served using GitRemote class.

Neither the br2-external nor the check hash functionalities are the
subject of these tests per se, so for simplicity limit the check to the
error codes and don't look for the messages in the log.

Thanks to Arnout for the hint about how to add a bare repo to test.

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@datacom.ind.br>
Cc: Arnout Vandecappelle <arnout@mind.be>
Tested-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[Arnout: split long line; reorder imports to satisfy flake8]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/utp_com: new package

This tool is used to send commands to imx6 based hardware using NXP's
UTP protocol.

Cc: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Vincent Prince <vincent.prince.fr@gmail.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/sg3_utils: add support for building host variant

Initially used by the host build of the utp_com package.

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

infra: add force build flag for host dependencies

This commit adds a config option which will force buildroot to
build all host dependencies even if they are already present on the
host system. This may be a desirable option if different hosts are
used to build the same source. In this case, some packages will be
built on one host that are not built on another. This is problematic
if build source archives are cached afterwards for offline builds.

Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Bryce Ferguson <bryce.ferguson@rockwellcollins.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
[Peter: reword, drop exit 1, reshuffle]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

support/scripts/graph-build-time: replace confusing colors

The color for 'extract' is very similar to the one for 'install-images'.
Both are cyan-like.

Replace the former by a pale blue to make all colors sufficiently distinct.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Tested-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

support/scripts/graph-build-time: add download times

Total build time also involves download. Getting a visibility on the impact
of that step can be important for users/admins, e.g. to evaluate different
methods of BR2_PRIMARY_SITE.

Colors used are some kind of purple (primary scheme) and light orange
(alternate scheme).

Signed-off-by: Mathias De Maré <mathias.de_mare@nokia.com>
[ThomasDS: rebase and update colors to avoid confusion]
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Tested-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/pugixml: add support for a limited set of configuration options

Add config options for a few pugixml configurables.

- Xpath support is enabled by default but has a size impact. Disabling it
  reduces the size significantly (it almost halves). Output of 'size' on the
  library compiled for x86:
  - Xpath support enabled
 160374    1244      28  161646   2776e output/target/usr/lib/libpugixml.so.1.7
  - Xpath support disabled
  92754     880       8   93642   16dca usr/lib/libpugixml.so.1.7

- Compact and header-only modes are not strictly needed for our use case, but we
  did the work anyway and may be useful for someone else.

Signed-off-by: Wouter Vermeiren <wouter.vermeiren@nokia.com>
[ThomasDS:
- align with Buildroot coding style
- retain only feature options: xpath, compact mode, header-only]
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Tested-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/ntp: use common sysv init install

Previously the sysv init script install was conditional based on ntpd
being selected, now that sntp also has an init script and could be
selected independent of ntpd, a common install is necessary.

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

docs/website: fixing query.yahooapis.com shutdown

This patch rework the use of query.yahooapis.com to do the conversion
from xml to json required by our script and moves to the use of a js
library. Datas are therefore now converted in json format on the client.

Unfortunately, cause of the CORS restriction on nabble and
buildroot.org, we cannot retrieve directly the xml data from these
servers and we need a CORS proxy to do that.

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[Peter: use sha256 integrity]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

docs/website: consolidate CDN's and enable SRI

Some of our cdn's are going discontinued (rawgit) and some others are
not recommended anymore, thus we update to the recommended cdnjs.
This patch enables also SRI protection on js to be sure the modules we
download are not manipulated in any way.

About SRI:
https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/systemd: fix build on mips32

Fixes:
 - http://autobuild.buildroot.org/results/e484bc976266633029b26c8e21959ae4e9137da3

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

Makefile: add update-defconfig target

For symmetry with the Kconfig-based packages offering comprehensive
targets like linux-update-defconfig, barebox-update-defconfig and so
on, add a new top level update-defconfig target to run savedefconfig.

Signed-off-by: Vivien Didelot <vivien.didelot@gmail.com>
Reviewed-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/{clapack,armadillo}: re-enable on MIPS

Commit d2b52cebf3b8b4a922a54d38a44a8a183406c5f1 disabled clapack on MIPS
platforms, to fix an autobuild failure (unfortunately, the results are no
longer available). The argument was:

    "Disable this package for MIPS because it needs IRIX headers and
    libraries."

Nevertheless, today compilation on MIPS seems to work fine. Testing was done
with test-pkg (armadillo depends on clapack):

$ echo "BR2_PACKAGE_ARMADILLO=y" > config.snippet;
$ utils/test-pkg -p armadillo -a -c config.snippet
                 br-mips32r6-el-hf-glibc [1/8]: OK
                      br-mips64-n64-full [2/8]: OK
                 br-mips64r6-el-hf-glibc [3/8]: OK
                      br-mipsel-o32-full [4/8]: OK
             mips64el-ctng_n32-linux-gnu [5/8]: OK
             mips64el-ctng_n64-linux-gnu [6/8]: OK
                         sourcery-mips64 [7/8]: OK
                           sourcery-mips [8/8]: OK
8 builds, 0 skipped, 0 build failed, 0 legal-info failed

Manual build tests were also done for mips32r2 with gcc 4.9.x and gcc 7.x,
and for M5150 with gcc 7.x (Buildroot-built toolchains in these three
cases).

Also building and running on Octeon III, using the toolchain provided by
Cavium Networks / Marvell, works fine.

Not seeing any problem (but also not understanding the original problem),
re-enable clapack (and armadillo) on MIPS.  If any problems would pop up in
the future, they should be investigated in detail and a more fine-grained
solution should be taken than disabling on MIPS altogether.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libgeotiff: add optional proj dependency

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/qemu: remove host-python dependency.

Now that Buildroot requires python >= 2.7, qemu no longer needs a
host-python, as it does not use any external Python modules to build.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libcpprestsdk: bump to version v2.10.10

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/opentracing-cpp: needs threads

opentracing-cpp uses std::mutex since 1.3.0.

Fixes: http://autobuild.buildroot.net/results/121a9f2aacf9e7b1f5d0b3f2c55bc1da36c7cfb6/
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

prerequisite.txt: Bump python dependency to 2.7

We now require python 2.7+, so update prerequisite.txt to match.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

dependencies.sh: Check for a host python version >= 2.7

Older distributions such as CentOS6 come with python2.6, which causes build
failures in packages such as host-libglib2 because they require python2.7 and
above.

host-libglib2 will produce the error message:
/bin/sh: python2.7: command not found

Python2.7 is a hard-coded value in configure.ac. If one changes the value to
just "python," the following stack trace is produced:

Traceback (most recent call last):
  File "./gdbus-2.0/codegen/gdbus-codegen.in", line 55, in <module>
    self.outfile.write(LICENSE_STR.format(config.VERSION))
ValueError    : sys.exit(codegen_main.codegen_main())
zero length field name in format

Instead of supporting an ancient version of Python that had its support ended
in October os 2013, it would be more pragmatic only to support Python2.7 and
above.

Luckily; CentOS6 has the centos-release-scl repository, which allows users to
install python2.7, and Debian 8 comes with Python2.7 already, making this patch
relatively low impact.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[Peter: only look at major.minor to handle x.y.z with z < 10]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libpcap: bump to version 1.9.0

- Disable Endace DAG card support as libdag is not available in
  buildroot
- Add upstream patch to fix build on musl

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Titouan Christophe <titouan.christophe@railnova.eu>
Tested-by: Yann E . MORIN <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/systemd: add optional iptables dependency

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/kf5/kf5-kcoreaddons: new package

KCoreAddons provides classes built on top of QtCore to perform various
tasks such as manipulating mime types, autosaving files, creating
backup files, generating random sequences, performing text
manipulations such as macro replacement, accessing user information
and many more.

Signed-off-by: Pierre Ducroquet <pinaraf@pinaraf.info>
[yann.morin.1998@free.fr + titouan.christophe@railnova.eu:
  - add missing qt5tools select
  - fix hash for new version
  - fix check-package
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
[Thomas:
 - fix typo in LICENSE_FILE -> LICENSE_FILES
 - add hash for license file
 - change license to LGPL-2.1 instead of LGPL-2.1+, since at least one
   file says "2.1" without the "or later" option, and so saying just
   LGPL-2.1 is the safe choice
]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

Introduce the variable BR2_TOOLCHAIN_HAS_UCONTEXT

It is set when the platform exposes the struct ucontext_t.

This avoids duplication of logic inside each package requiring
the use of that type.

Signed-off-by: Patrick Havelange <patrick.havelange@essensium.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libgeotiff: fix build without C++

Do not check for C++ compiler as libgeotiff is written in C otherwise
build will fail on toolchains without a working C++ compiler:

checking how to run the C++ preprocessor... /lib/cpp
configure: error: in
`/data/buildroot/buildroot-test/instance-1/output/build/libgeotiff-1.4.2':
configure: error: C++ preprocessor "/lib/cpp" fails sanity check

Fixes:
 - http://autobuild.buildroot.org/results/72f1c5c1b8fc337a1cff4b280abe99afd65f945b

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/intel-gmmlib: new package

Signed-off-by: Louis-Paul Cordier <lpdev@cordier.org>
[Thomas: updated DEVELOPERS file, bump to 18.4.1.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/ncdu: bump to version 1.13

Also added license hash

Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
[Thomas: use a sha256 hash for the license file.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/openssh: Set /var/empty permissions

The openssh privilege separation feature, enabled by default,
requires that the path /var/empty exists and has certain permissions
(not writable by the sshd user). Note that nothing ever gets writting
in this directory, so it works fine on a readonly rootfs.

See README.privsep included as part of the openssh distribution.

Signed-off-by: Chris Lesiak <chris.lesiak@licor.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/netsurf: use TMP_PREFIX inside the build directory

The netsurf build system creates a stamp file inside TMP_PREFIX to
know if the build was done, and if the stamp file exists, it doesn't
do any build. Therefore, having this stamp file in STAGING_DIR
prevents from rebuilding netsurf, even after removing its entire build
directory: the stamp file exists in STAGING_DIR, and netsurf doesn't
build anything, causing the installation to fail.

We fix this by putting this temporary directory inside the netsurf
build directory. We must mkdir this directory manually, otherwise the
build fails with:

COMPILE: src/stylesheet.c
In file included from src/stylesheet.c:12:0:
src/stylesheet.h:14:10: fatal error: libwapcaplet/libwapcaplet.h: No such file or directory
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
compilation terminated.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Arnout: mkdir it first]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/ntp: sntp time sync script

This patch adds the installation of a startup script if the sntp
utility is selected as an option. The utility is design to do a
one time step/slew adjustment of the system time (similar to the
ntpdate tool http://support.ntp.org/bin/view/Dev/DeprecatingNtpdate).
One nice benefit over ntpdate is that sntp can run while ntpd is still
running. However, ntpd may still need to be restarted if the time
step was large enough.

The script provides the ability to override the arguments as part of a
/etc/defaults/sntp file.

On a local LAN, the initial large step adjustment took less then
one second to be retrieved and system time updated. If a user already
has a RTC maintaining the time and the system was powered off for
a long period of time, the script assumes a slew adjustment when
+/- 128ms, rather then a time step(jump). This could be further
tuned by a user with the /etc/defaults/sntp configuration file.

One NTP pool server is being set as sntp uses all of the servers
provided when the DNS is resolved as servers to attempt to retrieve
time from before timing out. It looks like currently that is 4 servers
per *pool.ntp.org hostname.

Cc: Oscar Gomez Fuente <oscargomezf@gmail.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Tested-by: Oscar Gomez Fuente <oscargomezf@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

linux: add option to enable support for Device Tree overlays

Add an option to compile device trees in Linux with symbol generation
such that device tree overlays can be loaded on the target system

Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
[Arnout: remove "default n" and move setting of LINUX_MAKE_ENV to the
 place where the rest is set.]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

libpcap: add support for bluez5_utils

bluez5_utils support has been added since version 1.8.0 and
https://github.com/the-tcpdump-group/libpcap/commit/b3776f3d50df9de9fcf702bd21a3ecb2539ffef4

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

libpcap: remove unrecognized canusb option

canusb has been removed since version 1.8.1 and
https://github.com/the-tcpdump-group/libpcap/commit/93ca5ff7030aaf1219e1de05ec89a68384bfc50b

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/wireguard: bump version to 0.0.20190123

For details of the changes, see the announcement:
https://lists.zx2c4.com/pipermail/wireguard/2019-January/003805.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/s6-linux-utils: bump to 2.5.0.0

In 2.4.0.2, compilation under glibc 2.28 is fixed (and our local patch can
thus be removed).
While at it, bump to the latest released version 2.5.0.0.

Note: change in COPYING file is only the copyright year.

>From the NEWS file:
"""
In 2.5.0.0
----------
 - Optional nsss support.
 - s6-devd, s6-uevent-listener, s6-uevent-spawner removed.

In 2.4.0.2
----------
 - s6-logwatch rewrite.
 - Better portability with old glibc versions.
 - s6-uevent-listener and s6-uevent-spawner are marked as deprecated. (The
   mdevd package obsoletes them.)
"""

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

pcre2: bump to version 10.32

- Remove patch (already in version)
- Update hash of license file:
  https://vcs.pcre.org/pcre2/code/trunk/LICENCE?r1=1001&r2=910

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/opentracing-cpp: bump version to v1.5.1

Bump opentracing-cpp from 1.2.0 to 1.5.1.
The license has changed from MIT to Apache-2.0.
The patch is removed because it has been upstreamed.

Signed-off-by: Jan Heylen <jan.heylen@nokia.com>
[ThomasDS: Additional bump from v1.3.0 to v1.5.1]
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/aircrack-ng: bump to version 1.5.2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/aircrack-ng: add optional cmocka dependency

cmocka dependency has been added in version 1.3 with
https://github.com/aircrack-ng/aircrack-ng/commit/e3a3a6db30ca99c2473928621a1ba234abcaebf3

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/aircrack-ng: add optional hwloc dependency

hwloc dependency has been added in version 1.4 with
https://github.com/aircrack-ng/aircrack-ng/commit/c31b27449962bc69638b32ec14e0ffdb8997dfcf

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python3: add upstream security fix for CVE-2019-5010

Fixes CVE-2019-5010: NULL pointer dereference using a specially crafted X509
certificate

https://bugs.python.org/issue35746

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/python: add upstream security fix for CVE-2019-5010

Fixes CVE-2019-5010: NULL pointer dereference using a specially crafted X509
certificate

https://bugs.python.org/issue35746

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/docker-engine: drop unused _DAEMON option

Since commit de336584d2 (package/docker-engine: split docker-{cli, engine},
bump to v18.09.0), the docker-engine package only builds the daemon part,
and the .mk file no longer use the _DAEMON option, so drop it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Tested-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

python-cython: bump to version 0.29.4

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

docs/website: update for 2018.02.10

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Update for 2018.02.10

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5a697610a0af405aac0f7bd98ddf38bc48bc1b7a)
[Peter: drop Makefile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Update for 2018.11.2

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 49dfa901e1b16563045bb0f5456fcadc9b62e380)
[Peter: drop Makefile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

docker-compose: backport upstream patch for pyyaml 4.x support

Otherwise docker-compose fails at runtime with:

docker-compose
Traceback (most recent call last):
  File "/usr/bin/docker-compose", line 6, in <module>
    from pkg_resources import load_entry_point
  File "usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3123, in <module>
  File "usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3107, in _call_aside
  File "usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3136, in _initialize_master_working_set
  File "usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 580, in _build_master
  File "usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 593, in _build_from_requirements
  File "usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 781, in resolve
pkg_resources.DistributionNotFound: The 'PyYAML<4,>=3.10' distribution was not found and is required by docker-compose

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/docker-engine: add sysv init script

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

docs/website: update for 2018.11.2

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

leveldb: disable parallel build

Commit abba4e701246f69bc22ca9045e9932abfe9228e9 did not succeed in
fixing all parallel build failures because sometimes $(SHARED_OUTDIR) is
created but not $(SHARED_OUTDIR)/db so instead of fixing this mess,
revert the patch and disable parallel build as upstream switched to
cmake

Fixes:
 - http://autobuild.buildroot.org/results/9c33692aa130a20b0f8e868156e49990e862d6ee

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Revert "leveldb: fix parallel build"

This reverts commit abba4e701246f69bc22ca9045e9932abfe9228e9.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

mbedtls: security bump to version 2.7.9

CVE-2018-19608 is fixed by bumping mbdedtls to a version greater or
equal to 2.7.8, see
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-03

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/syslog-ng: allow building with static libraries

Bring in an upstream patch to fix builds for targets which lack dlfcn.h
and revert "package/syslog-ng: depend on !BR2_STATIC_LIBS".

This reverts commit 44dbd2907c5995b0b0c56cb2274dc60415205dd8. Now that
upstream has different fix for the build issues with a static libc we
can re-enable syslog-ng on these systems.

Signed-off-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

support/testing/infra/basetest: support br2-external

Some upcoming test cases can use one or more br2-external trees as
fixtures that provide packages used only in runtime tests.

Add support for br2-external into the BRTest class. Any test case can
then provide a list of paths for being used as br2-external trees
during the build of the image to test.

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@datacom.ind.br>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Daniel J. Leach <dleach@belcan.com>
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Tested-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[Thomas: use named argument for make_extra_opts.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

support/testing/infra/builder: configure and build with make target and environment

Make the builder able to call 'VAR1=1 make VAR2=2 target'.

Allow sending extra parameters to be added to the end of make command
line. Uses for these purposes:
 - to configure a br2-external, using the 'BR2_EXTERNAL="dir" variable.
 - to specify a make target, such as 'foo-source.'

Allow adding variables to the environment when calling make.
These added variables allow a user to override default values from BuildRoot,
such as 'BR2_DL_DIR="dl"'.

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@datacom.ind.br>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Daniel J. Leach <dleach@belcan.com>
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/nut: Add support for openssl 1.1.x

Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Patrick Havelange <patrick.havelange@essensium.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libshout: Add support for openssl 1.1.x

Add patch from Debian:

https://sources.debian.org/data/main/libs/libshout/2.4.1-2/debian/patches/01-libshout-tls-compile-with-OpenSSL-1.1.0.patch

Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Patrick Havelange <patrick.havelange@essensium.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

utils/check-package: handle ifdef/ifndef in .mk files

Currently check-package only knows about ifeq/ifneq.
Add code to handle ifdef/ifndef as well.

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

utils/check-package: allow to disable warning for a line

Currently any exceptions for a check function need to be coded into the
check-package script itself.

Create a pattern that can be used in a comment to make check-package
ignore one or more warning types in the line immediately below:
 # check-package Indent, VariableWithBraces

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/busybox: drop empty configure command

Since commit 50dc350c65 (package/busybox: update to 1.29.0), we no
longer define the BUSYBOX_NOCLOBBER_INSTALL macro, so it expands to an
empty string, so we end up with no action in BUSYBOX_CONFIGURE_CMDS.

Drop BUSYBOX_CONFIGURE_CMDS now that it serves no purpose.

Signed-off-by: Yann MORIN <yann.morin@orange.com>
Cc: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Revert "ffmpeg: fix static linking build failure when using libavutil"

This reverts commit 483db9908985d023b858c0b59d4016f9abb4b6f9.

It was a test commit that was not supposed to be pushed. The patch
doesn't apply to ffmpeg 3.4.5.

Fixes:
  http://autobuild.buildroot.net/results/f3e/f3eaaff9e55ca7c75fe7094547dc2394b1288849

and many more.

docs/manual: update package-make-target.txt with more targets

This commit updates package-make-target.txt with a few additional
useful per-package targets that have been added in recent times.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

ffmpeg: fix static linking build failure when using libavutil

If a package tries to static link with libavutil it fails due to the
lack of libavutil private dependencies in libavutil.pc (-ldrm in this
case).

Add patch to:
- Check if libdrm is present.
- Add it to Libs.private: in libavutil.pc if present.

Fixes:
http://autobuild.buildroot.net/results/766/766de487f394490df8c712652ac364ebb4a3ab14/
http://autobuild.buildroot.net/results/041/041e29dfddb2da3309ac7d34a576c60c5a75fe4d/
http://autobuild.buildroot.net/results/780/78061b61cfe3f42554a475c048d54dacacfe11d5/
http://autobuild.buildroot.net/results/275/275e4e0030d26c029085b408cfb272d5633969c6/
http://autobuild.buildroot.net/results/515/5152dcca58944cf732d09fba6e6c9af8a9243c75/
http://autobuild.buildroot.net/results/395/395be1a9cab824b82ef34c2ebd84d54243029b33/

Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

skeleton-init-common: improve /etc/hosts generation

If BR2_TARGET_GENERIC_HOSTNAME contains a FQDN, strip the host part and
add it as an alias, e.g.

    127.0.1.1 hostname.example.com hostname

Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

jemalloc: allow on MIPS64

jemalloc uses architecture #ifdefs to determine LG_QUANTUM and gives an
error when an unsupported architecture is used.
For this reason, Buildroot commit 3baf996c6a2b57ffaaa4627c1e04ff67c30e9754
introduced BR2_PACKAGE_JEMALLOC_ARCH_SUPPORTS.

In the jemalloc sources, 'mips' is checked via '__mips__' which is set both
for 32-bit as 64-bit MIPS (including MIPS64 n32).
However, the Buildroot arch selection only includes 32-bit MIPS via BR2_mips
and BR2_mipsel.

Update the arch selection to support MIPS64.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

tpm2-tools: drop dependency on tpm2-abrmd

tpm2-tools is commonly used with the resource manager, tpm2-abrmd - But it
CAN be used without, E.G. by setting the TPM2TOOLS_TCTI_NAME environment
variable to communicate directly with the kernel driver:

export TPM2TOOLS_TCTI_NAME=device

Either directly with the TPM device (/dev/tpmN) or through the in-kernel
resource manager provided by Linux kernel since 4.12 (/dev/tpmrmN)

For some use cases (E.G. initramfs) it makes sense to use tpm2-tools
without abrmd, so remove the tpm2-abrmd select, and instead a note in the
help text that it may be needed.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

libxml2: security bump to version 2.9.9

- Fixes CVE-2018-9251 and CVE-2018-14567:
  https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74
- Fixes CVE-2018-14404: https://gitlab.gnome.org/GNOME/libxml2/issues/5
- Remove patch: CVE-2017-8872 was fixed by
  https://gitlab.gnome.org/GNOME/libxml2/issues/26

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

minizip: disable compatibility headers

minizip enables zip.h and unzip.h compatibility headers since version
2.7.2 and
https://github.com/nmoinvaz/minizip/commit/1b2b32c8b8c7ea441b14a2fd827d7e2dc886776c

This is an issue as php fails to build if minizip is built after libzip
because minizip installs a zip.h header without zip_stat, ZIP_CREATE,
ZIP_FL_NOCASE, zip_fopen, etc ...

So until the compatibility headers are enhanced/fixed in minizip, disable them

Fixes:
 - http://autobuild.buildroot.org/results/7b41f4e4a521b1e17aa885aac4419b26e0dd8700

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

haproxy: disable on sh4 with gcc < 7

Build fails on sh4:
src/dns.c:290:1: error: unable to find a register to spill in class 'R0_REGS'
 }

This build failure seems related to a known gcc bug that has been fixed
only in gcc 7:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60040

Fixes:
 - http://autobuild.buildroot.org/results/2e181cc874d5389f10ecddb0d11253c3aa5e7fc4

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

libkcapi: bump to version 1.1.4

Update hash of COPYING (year has been updated):
https://github.com/smuellerDD/libkcapi/commit/3c56934f44a8f5a1257c342942e6e034fc6f20be

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

jansson: bump to version 2.12

Update hash of license file (update in year):
https://github.com/akheron/jansson/commit/3e13f514ce5185a057a686221b61d9a9d9e86889

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

clamav: needs C++

clamav needs C++ since bump to version 0.101.1 and
https://github.com/Cisco-Talos/clamav-devel/commit/d39cb6581f3c854476044f069d2393fc44702c36

Fixes:
 - http://autobuild.buildroot.org/results/be14aa571309cda32a5963feed9fd7f220e87fe6

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

qemu_riscv64_virt_defconfig: fix linux header selection

When the kernel is built by Buildroot BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_X_YY
must be used and not BR2_KERNEL_HEADERS_X_YY.

Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/gnutls: bump to version 3.6.6

Drop now upstreamed 0001-configure.ac-check-if-libatomic-is-needed.patch and
autoreconf.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

gnutls: fix build on sparc

gnutls source code uses the C++11 <atomic> functionality since
https://github.com/gnutls/gnutls/commit/7978a733460f92b31033affd0e487c86d66c643d,
which internally is implemented using the __atomic_*() gcc built-ins

On certain architectures, the __atomic_*() built-ins are implemented in
the libatomic library that comes with the rest of the gcc runtime. Due
to this, code using <atomic> might need to link against libatomic,
otherwise one hits build issues such as:

../lib/.libs/libgnutls.so: undefined reference to `__atomic_fetch_sub_4'

on an architecture like SPARC.

To solve this, a configure.ac check is added to know if we need to
link against libatomic or not. The library is also added to gnutls.pc.

Fixes:
 - http://autobuild.buildroot.org/results/6c749bd592ceffeacadd2ab570d127936cce64b2
 - http://autobuild.buildroot.org/results/30aa83d3cf3482af8a59250c196c85f4a278d343

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Tested-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

support/testing: add atop test

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/atop: bump to version 2.4.0

Drop patch 0001 as it was applied upstream [1].
This new version uses PERF_FLAG_FD_CLOEXEC therefore it needs a
toolchain with headers >= 3.14.

[1] https://github.com/Atoptool/atop/commit/414127c03669b4eedc85778a7bff80cf601311d8

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

zbar: needs kernel headers >= 3.17

v4l2_query_ext_ctrl has been added in kernel 3.17:
https://github.com/torvalds/linux/commit/5082c2417841e64df975789011e182ce99a9dacd

Fixes:
 - http://autobuild.buildroot.org/results/d7b244cf9488eafb59ba8575f17884f4f8512db1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

libva-utils: fix build with gcc 4.8

Fixes:
 - http://autobuild.buildroot.org/results/64d9b79de5d31eb5a0c219081479bebb1f2527ed

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

qemu/aarch64-virt: Emulate cortex-a53 in qemu to match Buildroot config

qemu_aarch64_virt_defconfig (implicitly) specifies cortex-a53, so adjust the
QEMU command line to also emulate a a53 instead of a57.

Also adjust the defconfig to explicitly specify a53 for consistency/clarity.

Signed-off-by: Gerome Burlats <gerome.burlats@smile.fr>
Cc: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/usb_modeswitch: avoid overriding variables

Overriding variables in packages recipes is an error-prone practice.

Current behavior of installing either only as a script or only as a
binary is intended, as describe in the commit log of "d3e4db4e34
usb_modeswitch: bump to version 1.2.6" from 2013.

Rewrite the code to keep the same behavior while replacing variable
override [1] by conditional assignments [2].

[1]
VAR = ...
if ...
VAR = ...

[2]
if ...
VAR = ...
else
VAR = ...

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/usb_modeswitch: drop unicode space in comment

Commit "a554109af8 package/usb_modeswitch: disable parallel build" added
a unicode space in a comment. Replace it with a normal ASCII space for
consistency with elsewhere.

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Revert "avrdude: add license information"

This reverts commit d1f545004bf0533064363d87c2d7c71e7acf7435 from 2014
because the added variables already existed. The real problem at the
time was that one of the pre-existent variables had a typo, fixed in a
later commit.

Currently AVRDUDE_LICENSE and AVRDUDE_LICENSE_FILES are declared twice
with the same values for each one. So remove one of them.

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Wojciech M. Zabolotny <wzab01@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/sdl_sound: actually use the optional CONF_OPTS

Since "57ace26b6c package/sdl_sound: add optional support for
libmodplug" from 2016, optional CONF_OPTS are added but they do not
really take effect because there is an unconditional override below the
conditional append.

Currently this does not cause build failures, but it can lead to wrong
detection of dependencies because many explicit --enable/--disable are
not passed to configure.

Fix this by moving the unconditional code to the top.

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/s6-networking: fix dependency when libressl is enabled

Commit "c5b85231fb s6-networking: enable SSL if libressl is selected"
actually dropped the dependency on s6-dns and s6 when libressl is
enabled.
Fix this by using += inside the conditional code.

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/lighttpd: bump to version 1.4.53

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/vboot-utils: Add support for openssl 1.1.x

Backported changes from commit bce7904376beee2912932433a4634c1c25afe2f5,
there was some conflicts in few places which includes openssl_compat.h and
1 place in vb2_rsa_sig_alg function.

Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Patrick Havelange <patrick.havelange@essensium.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/upmpdcli: fix static build issue

The spotify plugin requires shared library support and needs <dlfcn.h>.
Explicitly disable the spotify plugin when building upmpdcli in a static
context.

Fixes:
http://autobuild.buildroot.net/results/cb942d3c5f68959d6cbc85535ccff4a275369f91/

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libarchive: add four security patches

Add backported patches for the following four security issues in libarchive.
There is no new release yet including these patches.

- CVE-2018-1000877 (https://nvd.nist.gov/vuln/detail/CVE-2018-1000877)

"libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards
(release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in
RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(),
realloc(rar->lzss.window, new_size) with new_size = 0 that can result in
Crash/DoS. This attack appear to be exploitable via the victim must open a
specially crafted RAR archive."

- CVE-2018-1000878 (https://nvd.nist.gov/vuln/detail/CVE-2018-1000878)

"libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards
(release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in
RAR decoder - libarchive/archive_read_support_format_rar.c that can result
in Crash/DoS - it is unknown if RCE is possible. This attack appear to be
exploitable via the victim must open a specially crafted RAR archive."

- CVE-2018-1000879 (https://nvd.nist.gov/vuln/detail/CVE-2018-1000879)

"libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards
(release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference
vulnerability in ACL parser - libarchive/archive_acl.c,
archive_acl_from_text_l() that can result in Crash/DoS. This attack appear
to be exploitable via the victim must open a specially crafted archive
file."

- CVE-2018-1000880 (https://nvd.nist.gov/vuln/detail/CVE-2018-1000880)

"libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards
(release v3.2.0 onwards) contains a CWE-20: Improper Input Validation
vulnerability in WARC parser -
libarchive/archive_read_support_format_warc.c, _warc_read() that can result
in DoS - quasi-infinite run time and disk usage from tiny file. This attack
appear to be exploitable via the victim must open a specially crafted WARC
file."

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>