git.libre-soc.org Git - buildroot.git/log

package/gqrx: link with libatomic when needed

On some architectures, atomic builtins are provided by the libatomic
library from gcc. Linking with libatomic is therefore necessary,
otherwise the build fails with:

sparc-buildroot-linux-uclibc/sysroot/lib/libatomic.so.1: error adding symbols: DSO missing from command line

Fixes:
- http://autobuild.buildroot.net/results/a003ad5324a0c0f55cb8db5d3e5d69bd21999e16/
- http://autobuild.buildroot.net/results/464602175d026d135125e5baa00e0729aec7a931/

Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
[Peter: add dependency on sync or atomic builtins in Config, addd comment]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

go: explicitly disable modules to avoid unintended network lookup

Go "modules" refers to the dependency fetching, verification (hashing), and
version control system built into Go as of 1.11.

It is not desirable to have Go modules enabled in Buildroot in the normal case,
as Buildroot manages downloading the sources, and third party dependency
managers are typically not used.

In the absence of the GO111MODULE environment variable, the Go compiler will
correctly compile using the "vendor" version of dependencies downloaded by
Buildroot during the compilation process for Go-based packages.

However, if the user sets the GO111MODULE=on environment variable, the Go
compiler will download the Go dependencies for Buildroot packages, using the
modules system. This is potentially unintended behavior from user environment
variables.

This commit sets the GO111MODULE=off variable in the Go target and host
compilation environments, disabling Go modules support for Buildroot mainline
packages.

Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/tor: fix static build with openssl

Fixes:
- http://autobuild.buildroot.org/results/102796d74e63d0d203e6ac9e2094052588188e6d

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libraw: security bump to version 0.19.2

- Fixes CVE-2018-5815 and CVE-2018-5816
- README has been renamed into README.md

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/devmem2: Fix DEVMEM2_SITE variable

The old free-electrons.com URL does not seem to work anymore,
resulting in the package failing to build. Use bootlin.com instead.

Signed-off-by: Xavier Ruppen <xruppen@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Update for 2019.02-rc3

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

utils/scanpypi: handle underscores in python packages

Some python packages seem to use underscores in inconsistent ways. We can
attempt to normalize these by always using dashes for the buildroot name and
attempting to autodetect the correct metadata name format.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/pkg-generic: speed up RECURSIVE_FINAL_DEPENDENCIES

Evaluating all the <PKG>_RECURSIVE_FINAL_DEPENDENCIES variables
(abbreviated RFD hereafter) ends up being quite slow.  Enough, on a
reasonable modern workstation, to increase the time it takes to run
"make printvars" from 13 seconds in 2018.02 to 371 seconds in 2019.02.

This patch improves this by using dynamic programming to speed the
evaluation of RFD, reducing the before mentioned printvars time to about
14.6 seconds.

The evaluation of PKG1_RFD requires recursively evaluating each of
PKG1's dependencies' RFDs, then their dependencies' RFDs, and so on.
The same is done for PKG2_RFD.  But it's likely that many of the
dependencies of PKG2 are the same as PKG1.  And when we consider all
packages, the dependencies are re-computed many thousands of times.

To avoid this re-computation we memoize, or save, the computed value of
each RFD variable when it found the first time.  Subsequent evaluations
re-use the memoized value.

Surprisingly, this ends up being not all the hard to implement in make.
The basic construct is this:

VAR = $(if !defined(VAR__X),$(eval VAR__X := value))$(VAR__X)

The first time VAR is evaluated VAR__X will not be defined, and code to
set VAR__X to the computed value is eval'd.  Then the now defined value
of VAR__X is returned.  Subsequent evaluations can just return VAR__X.

It is important to note that VAR is defined with '=', as not enough
information (namely, all packages' dependencies) is know when it is
parsed to find the correct value.  VAR will be evaluated each time it is
used.  But VAR__X is defined with ":=", so that it is evaluated once
when defined, and not each time it is used.

Signed-off-by: Trent Piepho <tpiepho@impinj.com>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Revert "testing/tests/download: test git special ref"

This reverts commit 81771cfcdc40e5909a4ec663e7c88b3a32068c05.

The download of sha1 of a special ref currently works or not depending
on the git client version in use.
With git version 2.11.0 (present in the docker image) it does not work.
With git version 2.17.1 it works.

For the sake of reproducibility, remove this part of the TestGitRefs
test case until some code gets added to the download infra to handle
sha1 of a special ref for any git client version.

Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/158295269

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/qt5/qt5base: exclude OpenSSL functionality for Qt 5.6.x

No patch back-porting OpenSSL 1.1.x support to Qt 5.6.x is available.

https://development.qt-project.narkive.com/RW4wxYXY/openssl-1-1-x-support-on-qt-5-6-5-9

Signed-off-by: James Grant <james.grant@jci.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/qt5/qt5base: add custom configure options last

This allows all options set by Buildroot to be overridden.

Signed-off-by: James Grant <james.grant@jci.com>
[Peter: drop original line as pointed out by Thomas]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

support/dependencies: require at least CMake 3.8

gerbera package in version 1.3 unfortunately now requires CMake >= 3.8
for C++17 macros:
https://github.com/gerbera/gerbera/commit/b5fd39f30fb10385ec228b71377685206a609c3a

So we need to bump our requirement from 3.1 to 3.8. If the host doesn't
have a CMake >= 3.8, Buildroot will build its own host-cmake package.

Also drop patch that relax cmake requirement on json-for-modern-cpp

Fixes:
- http://autobuild.buildroot.org/results/6405647b47b132ff5d0d211b92d407322d52d507

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/zbar: needs c99 mode

Fixes [1]:

  bar/sqcode.c: In function 'sq_scan_shape':
  zbar/sqcode.c:171:5: error: 'for' loop initial declarations are only allowed in C99 or C11 mode
       for (int x = x0 - 1; x < x0 + width + 1; x++) {
       ^
  zbar/sqcode.c:171:5: note: use option -std=c99, -std=gnu99, -std=c11 or -std=gnu11 to compile your code

[1] http://autobuild.buildroot.net/results/7d544275756f655f9d42c05562aca653923155b1

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

{linux, linux-headers}: bump 4.{4, 9, 14, 19, 20}.x series

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

runc: depend on linux headers >= 3.11 for O_TMPFILE

Fixes:
http://autobuild.buildroot.net/results/63e9d88ae5177541be463f1e2aafec59aa410479

Add dependency on headers >= 3.11 for O_TMPFILE, used by runc after the
fix for CVE-2019-5736 and propagate to the reverse dependencies of runc.

Notice that C library support for O_TMPFILE is also needed, which was added
in glibc 2.19 and musl 0.9.15.

Signed-off-by: Christian Stewart <christian@paral.in>
[Peter: squash series, extend commit message, mention C library dependency,
fix indentation]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/systemd: add upstream security fixes

CVE-2019-6454: systemd (PID1) crash with specially crafted D-Bus message
from unprivileged user

Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/stress-ng: add libbsd optional dependency

stress-ng optionally detects and uses BSD wcsl* wchar string functions.

Cc: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

DEVELOPERS: Add myself to several packages.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/cryptopp: fix dos/unix newlines in patch

Fixes:
http://autobuild.buildroot.net/results/0a26265961747600388258d32ba7dc9226c9249b/

Commit 40005b9a0da6 (package/cryptopp: fix build with gcc < 4.9) added a
patch to fix building with old toolchains. The source code unfortunately
contains a mix of DOS and UNIX newlines, and the DOS new lines got stripped
by the mailing list, causing the patch to no longer apply.

Fix up the patch manually.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/gcc: bump to version 8.3.0

Remove upsteam xtensa patches:
https://github.com/gcc-mirror/gcc/commit/68ca69a4854af36c90531b33a4c540464dbc6a23
https://github.com/gcc-mirror/gcc/commit/972057cb254e355805bfcd4a47d5c6f743cb76f4

Tested using Toolchain-builder:
https://gitlab.com/kubu93/toolchains-builder/pipelines/48904471

Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

boot/syslinux: fix build with EFI support

Commit 1a437fd22f bumped gnu-efi to version 3.0.9. This breaks the build
of syslinux with EFI support due to multiple definitions of 'memset' and
'memcpy'. Backport a patch already applied upstream to fix the problem.

Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/iproute2: backport patch to fix compilation under glibc < 2.18

When compiling iproute2 using a toolchain containing glibc 2.17 and
older, it fails due to a missing definition of AF_VSOCK.

Add a submitted and accepted upstream patch to fix this issue.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/pkg-meson: fix meson cpu_family format

meson requires a custom cpu_family format
https://mesonbuild.com/Reference-tables.html#cpu-families

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libssh: bump to version 0.8.7

Drop upstream patch.

Fixes strict-overflow build error with older toolchains.

Fixes:
http://autobuild.buildroot.net/results/b95b1939a55111fc6b90ef253a32402b87f9c4ab/
http://autobuild.buildroot.net/results/281cb7b940178e4fe98940ddeed07ad546b23931/
http://autobuild.buildroot.net/results/e95d5957c19ff01120903a66d1167279a34da2ce/

Cc: Scott Fan <fancp2007@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/stress-ng: Fix author email in 0003-test-test-bsd-wchar-...patch

Author's and sign-off's emails differs, so fix the author's one which
is not valid anymore.

Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/ibrcommon: fix dos/unix newlines in patch

Fixes:
http://autobuild.buildroot.net/results/e88/e881667f388eea4cce2f804b373af4e3038e7b52/

commit fc9f9cd76f (package/ibrcommon: fix static build with openssl) added a
patch to fix static linking. The source code unfortunately contains a mix
of DOS and UNIX newlines, and the DOS new lines got stripped by the mailing
list, causing the patch to no longer apply.

Fix up the patch manually.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/botan: link with libatomic when needed

On some architectures, atomic built-ins are provided by the libatomic
library from gcc. Linking with libatomic is therefore necessary,
otherwise the build fails with:

sparc-buildroot-linux-uclibc/sysroot/lib/libatomic.so.1: error adding symbols: DSO missing from command line

This is often for example the case on sparcv8 32 bit.

Fixes:
- http://autobuild.buildroot.org/results/a442734c570e4a02854014d831ba3aab9f592430

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libcpprestsdk: link with libatomic when needed

On some architectures, atomic binutils are provided by the libatomic
library from gcc. Linking with libatomic is therefore necessary,
otherwise the build fails with:

sparc-buildroot-linux-uclibc/sysroot/lib/libatomic.so.1: error adding symbols: DSO missing from command line

This is often for example the case on sparcv8 32 bit.

Fixes:
- http://autobuild.buildroot.org/results/983537ceb38add50ca0a2316f39a2964db1b83c5

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/i2pd: link with libatomic when needed

On some architectures, atomic binutils are provided by the libatomic
library from gcc. Linking with libatomic is therefore necessary,
otherwise the build fails with:

sparc-buildroot-linux-uclibc/sysroot/lib/libatomic.so.1: error adding symbols: DSO missing from command line

This is often for example the case on sparcv8 32 bit.

Fixes:
- http://autobuild.buildroot.org/results/515160349b11f06a090f3e13992e30da9a402c17

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/lua-curl: add variant definition of lcurl_url_t

lua-curl has separate code paths for compilers that support forward
typedef declarations and those who don't. For the latter case, one
structure was not properly defined, causing a build failure with older
compilers.

Fixes:

http://autobuild.buildroot.org/results/8d76ad49837b368a7bba3c3dfd445a035471268a/

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[Thomas: improve commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/clamav: link with libatomic when needed

Configure check for OpenSSL fails:

/accts/mlweber1/rclinux/rc-buildroot-test/scripts/instance-3/output/host/sparc-buildroot-linux-uclibc/sysroot/usr/lib/libcrypto.a(threads_pthread.o): In function `CRYPTO_atomic_add':
threads_pthread.c:(.text+0x1dc): undefined reference to `__atomic_is_lock_free'
threads_pthread.c:(.text+0x1f4): undefined reference to `__atomic_fetch_add_4'

Fixes
http://autobuild.buildroot.net/results/cae8da81adff3ba493154e0ba8b21d90367f82eb/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/qt5base: fix double-conversion compile for riscv

Fixes [1], [2]:

../3rdparty/double-conversion/include/double-conversion/utils.h:83:2: error: #error Target architecture was not detected as supported by Double-Conversion.

[1] http://autobuild.buildroot.net/results/8bdb6a2b56f6ea96649184e5fef6ce2c56b9ec2b
[2] http://autobuild.buildroot.net/results/63ba267674b424786bb10c97c565f4306147f95a

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/upmpdcli: needs NPTL

The software uses pthread_mutexattr_setrobust which isn't available in
uClibc-ng Linuxthreads support.

Fixes:
- http://autobuild.buildroot.org/results/197615ad077b0a719954024c3ba182dac43a0555

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/systemd: fix build with older kernels

These 4 patches have been sent upstream and merged in version 241:
https://github.com/systemd/systemd/pull/11641

Fixes:
- http://autobuild.buildroot.org/results/970b09e1d49b53dff12a07ca4ad424ef9dd29a69
- http://autobuild.buildroot.org/results/0a671b08d5e74ff0b04024e729c498c4444e3e92

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

docs/website: update for 2018.11.3

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Update for 2018.11.3

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8147c71039f775c8b10e6eceab78d43bb557bde5)
[Peter: drop Makefile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

docs/website: update for 2018.02.11

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Update for 2018.02.11

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 56347fc8eabc7c563bb9794ac5a9429fb9d2a6d9)
[Peter: drop Makefile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/ibrcommon: fix static build with openssl

gf_mul is already defined in libcrypto (openssl) so rename it into
ibrdtn_gf_mul to fix the following build failure in ibrdtnd package:

/home/buildroot/autobuild/instance-3/output/host/bin/../arm-buildroot-uclinux-uclibcgnueabi/sysroot/usr/lib/libcrypto.a(f_impl.o): In function `gf_mul':
f_impl.c:(.text+0x0): multiple definition of `gf_mul'
/home/buildroot/autobuild/instance-3/output/host/arm-buildroot-uclinux-uclibcgnueabi/sysroot/usr/lib/libibrcommon.a(gf128mul.o):gf128mul.cpp:(.text+0x30): first defined here
collect2: error: ld returned 1 exit status
Makefile:560: recipe for target 'dtnd' failed

Fixes:
- http://autobuild.buildroot.org/results/1d3b4b6cf043a3e185ce758b617a0a18c3d36cdb

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/luaexpat: restore getcurrentbytecount, required by prosody

Fixes:

https://gitlab.com/buildroot.org/buildroot/-/jobs/158295314

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

Update for 2019.02-rc2

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/tor: security bump to 0.3.5.8

Release notes:
https://blog.torproject.org/new-releases-tor-0402-alpha-0358-03411-and-03312

Fixes CVE-2019-8955:
KIST can write above outbuf highwater mark
https://trac.torproject.org/projects/tor/ticket/29168

Updated license hash after upstream commit
https://gitweb.torproject.org/tor.git/commit/LICENSE?h=maint-0.3.5&id=efe55b88987c2539c218fdf1f46f16f9bdc3a8eb
which bumps copyright date to 2019.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

configs/imx23evk: Bump the U-Boot version

Thomas Petazzoni reports:

"The imx23evk_defconfig no longer builds:

https://gitlab.com/buildroot.org/buildroot/-/jobs/158295124

This is due to the bump of OpenSSL to 1.1.x. This issue seems to have
been fixed in U-Boot commit 7bae13b7579a6bc42330427496330fe2a29cbd56,
which is part of U-Boot since 2017.01, but the defconfig is using
2016.09."

Bump to the U-Boot 2019.01 to fix this problem.

Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/158295124
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/stress-ng: Fix build issue with libbsd wchar check

stress-ng uses test/test-bsd-wchar.c program to check if there is
support for libbsd's wchar, but the test fails because wchar.h also
requires the FILE* definition from stdio.h which is not included
automatically, so fix it by include stdio.h explicitly.

Fixes:
http://autobuild.buildroot.net/results/6def1bba8e7ec05682e74c4edc3a35c8c118d28b

Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/cryptopp: fix build with gcc < 4.9

Disable AVX2 if gcc < 4.9

Fixes:
- http://autobuild.buildroot.org/results/195e40b34344f773da51a3fbff9d8e76c517eed1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

configs/orangepi_{lite2, one_plus}: use correct kernel headers version

In the following commits:

85f4bd9425b4ee74839202ab012d193a0175c5fa configs/orangepi_lite2: fix kernel headers option
506cdeb2d08811f309c6dc80c0098bf1ccdee21a configs/orangepi_one_plus: fix kernel headers option

We fixed the orangepi_lite2 and orangepi_one_plus defconfigs to use
the BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_X_Y option. However, we were
mistaken by the existing comment saying that 4.18 kernel headers
should be used. This was wrong, as the kernel source code in use is
4.19, so this commit fixes the
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_X_Y to use the correct version.

Fixes:

https://gitlab.com/buildroot.org/buildroot/-/jobs/165766089
https://gitlab.com/buildroot.org/buildroot/-/jobs/165766093

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/gdb: disable inprocess-agent in static build

Fixes:
- http://autobuild.buildroot.org/results/b40bdbca6669a81301fca523e982dbc9584a4e65

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

configs/rock64: Linux needs host OpenSSL

The Linux configuration used in the rock64_defconfig requires
host-openssl to be built, otherwise the build fails with:

scripts/extract-cert.c:21:25: fatal error: openssl/bio.h: No such file or directory
#include <openssl/bio.h>

So let's enable BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL.

Fixes:

https://gitlab.com/buildroot.org/buildroot/-/jobs/165766161

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/reaver: fix build on m68k

Fixes:
- http://autobuild.buildroot.org/results/935c038b921ffa0f185571de41223e4c201e964b

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

configs/zynq_zybo: remove defconfig

This defconfig was added in October 2016 and was never updated since
then. It currently fails to build because U-Boot is too old and
doesn't build with host-openssl in version 1.1.x.

On February 13, 2019, the original submitter was notified, but didn't
reply, so let's remove the defconfig for this platform.

Fixes:

https://gitlab.com/buildroot.org/buildroot/-/jobs/165766194

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/bind: security bump to version 9.11.5-P4

Fixes the following security issues:

- named could crash during recursive processing of DNAME records when
  deny-answer-aliases was in use.  This flaw is disclosed in CVE-2018-5740.
  [GL #387]

- When recursion is enabled but the allow-recursion and allow-query-cache
  ACLs are not specified, they should be limited to local networks, but they
  were inadvertently set to match the default allow-query, thus allowing
  remote queries.  This flaw is disclosed in CVE-2018-5738.  [GL #309]

- Code change #4964, intended to prevent double signatures when deleting an
  inactive zone DNSKEY in some situations, introduced a new problem during
  zone processing in which some delegation glue RRsets are incorrectly
  identified as needing RRSIGs, which are then created for them using the
  current active ZSK for the zone.  In some, but not all cases, the
  newly-signed RRsets are added to the zone's NSEC/NSEC3 chain, but
  incompletely -- this can result in a broken chain, affecting validation of
  proof of nonexistence for records in the zone.  [GL #771]

- named could crash if it managed a DNSSEC security root with managed-keys
  and the authoritative zone rolled the key to an algorithm not supported by
  BIND 9.  This flaw is disclosed in CVE-2018-5745.  [GL #780]

- named leaked memory when processing a request with multiple Key Tag EDNS
  options present.  ISC would like to thank Toshifumi Sakaguchi for bringing
  this to our attention.  This flaw is disclosed in CVE-2018-5744.  [GL
  #772]

- Zone transfer controls for writable DLZ zones were not effective as the
  allowzonexfr method was not being called for such zones.  This flaw is
  disclosed in CVE-2019-6465.  [GL #790]

For more details, see the release notes:

http://ftp.isc.org/isc/bind9/9.11.5-P4/RELEASE-NOTES-bind-9.11.5-P4.html

Change the upstream URL to HTTPS as the webserver uses HSTS:

>>> bind 9.11.5-P4 Downloading
URL transformed to HTTPS due to an HSTS policy

Update the hash of the license file to account for a change of copyright
year:

-Copyright (C) 1996-2018  Internet Systems Consortium, Inc. ("ISC")
+Copyright (C) 1996-2019  Internet Systems Consortium, Inc. ("ISC")

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/unzip: add security and bug fix patches from Debian

Debian bug #741384: Buffer overflow

Debian bug #744212: Buffer overflow

CVE-2014-8139: CRC32 verification heap-based overflow

CVE-2014-8140: Out-of-bounds write issue in test_compr_eb()

CVE-2014-8141: Out-of-bounds read issues in getZip64Data()

CVE-2014-9636: Heap overflow

CVE-2015-7696: Heap overflow when extracting password-protected archive

CVE-2015-7697: Infinite loop when extracting password-protected archive

Red Hat Bugzilla #1260944: Unsigned overflow on invalid input

Debian bug #842993: Do not ignore Unix Timestamps

CVE-2014-9913: Buffer overflow

CVE-2016-9844: Buffer overflow in zipinfo

CVE-2018-1000035: Buffer overflow in password protected ZIP archives

Cc: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/proftpd: prevent openssl pthread detection

The proftpd configure script doesn't use pkg-config to detect openssl
libraries. Instead, it just adds -lcrypto. Since openssl may be linked
with pthread, it tries to detect that by calling 'openssl version -f',
which gives the arguments with which openssl was compiled.

Since the openssl executable used is either host-openssl or the system
installed openssl, the output of 'openssl version -f' is useless in
Buildroot context. If the target toolchain doesn't have threads support,
it will wrongly pick up -pthread from host-openssl.

Fortunately there is a simple workaround: --without-openssl-cmdline says
that there is no openssl executable and skips the test, so -pthread is
not added. It turns out -pthread is never needed, even in static linking
cases, because openssl/libressl puts the thread support in a separate
object file that only gets linked in if the program actually uses
threads (which proftpd doesn't).

Fixes:
http://autobuild.buildroot.net/results/9c25c3cb3cf93b76c0538c5376a803641bf6575b

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[Rewrite commit log, after additional analysis and testing]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/dtc: additional fix of include guards for older u-boot

With recent dtc but old u-boot, compilation issues occur related to libfdt.
These problems really are u-boot issue since it does not properly set
include paths so that its own headers are included. Nevertheless, since the
u-boot version is typically decided by users and stuck at some version
provided by a SoC or board vendor, it is not feasible to fix those old
versions.

Instead, already several fixes were made in the past, in Buildroot.
See commits:

c7ffd8a75d5 "package/dtc: fix include guards for older kernel/u-boot"
f437bf547ca "uboot: fix build for older uboot source trees"
bf733342324 "uboot: fix build when libfdt-devel is installed system-wide"
0bf80e4bcd5 "uboot: ensure host includes are searched before system default
includes"
b15a7a62d3f "uboot: revert "uboot: use local libfdt.h""
baae5156ce3 "uboot: use local fdt headers"
3a6573ccee2 "uboot: use local libfdt.h"

Commit c7ffd8a75d55e24d793106eabbb80964ab91081f fixes the problem caused by
dtc having changed their include guards from _FOO_H to FOO_H (leading
underscore removed). Old u-boot would still use _FOO_H, which (combined with
host-dtc headers that use FOO_H) would cause the inclusion of two different
copies of the same nominal include file, e.g. libfdt.h or libfdt_env.h,
causing 'error: redefinition of xxx' compilation issues.
The fix sets the 'new' include guard when the 'old' one is detected,
preventing a second inclusion of the same nominal file.

For some u-boot versions, however, this change not only needs to be made in
libfdt.h and libfdt_env.h, but also in 'fdt.h'.

Update the dtc patch to do just that.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/madplay: fix static build

Add a patch to use pkg-config to find id3tag dependency (-lz)

Fixes:
- http://autobuild.buildroot.org/results/5e4882ddacf205a92a3ff1e79649cf16e4b6c0ae

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Arnout: add comment to AUTORECONF to refer to the patch]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/libid3tag: fix id3tag.pc

Add -lz to id3tag.pc, this fix is needed to be able to use pkg-config in
madplay to find id3tag dependencies

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/swupdate: update license files

COPYING contains only the license for GPL-2.0 so use the new license
files that have been added in the Licenses directory since version
2018.03 and
https://github.com/sbabic/swupdate/commit/32c1f98eaca69e362be074197f84a59d994c0876

Also update GPL-2.0+ to "GPL-2.0+ with OpenSSL exception" and add
Exceptions file, see:
https://github.com/sbabic/swupdate/commit/66d0dbe80f49eb49f8999c9d738579651fc38134

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/imagemagick: fixup help text layout

Signed-off-by: "Yann E. MORIN" <yann.morin@orange.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

DEVELOPERS: update email address for Gary Bisson

Signed-off-by: Gary Bisson <bisson.gary@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/rabbitmq-c: needs dynamic library

syslog-ng expects that rabbitmq-c is built with openssl support however
currently we're disabling openssl on rabbitmq-c in static build.

To fix this issue, add a dependency on dynamic library on rabbitmq-c and
its reverse dependencies (only BR2_PACKAGE_JANUS_GATEWAY_RABBITMQ as
php-amqp already depends on dynamic library)

Fixes:
- http://autobuild.buildroot.org/results/fce91b98fb199a26ad5f5f726c9bdec4f9d64486

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/syslog-ng: add optional rabbitmq-c dependency

rabbitmq-c is not an embedded submodule since version 3.16.1 and
https://github.com/balabit/syslog-ng/commit/c0559593c377f04662368dbecf282d2670aad12f

So enable/disable amqp depending on rabbitmq-c availability and remove
uneeded -lrt from LIBS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Fabrice Fontaine <<a href="mailto:fontaine.fabrice@gmail.com" target="_blank" rel="noreferrer">fontaine.fabrice@gmail.com</a>><br></blockquote></div></div><div dir="auto"><br></div><div dir="auto">Looks good to me</div><div dir="auto"><br></div><div dir="auto">Reviewed-by: Chris Packham <<a href="mailto:judge.packham@gmail.com">judge.packham@gmail.com</a>><br><br></div><div dir="auto"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

systemd: Remove instance name usage in a non-template unit file

console-getty.service is not a template unit file (it doesn't have the
@ specifier), so %I doesn't get properly expanded in it. Thus, getty
startup will fail due to invalid options and no getty prompt is launched
on the console.

Fixes:
No getty prompt on boot

Signed-off-by: Francois Gervais <fgervais@distech-controls.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

libcurl: fix typo in configure option w/o OpenSSL

When not using OpenSSL, the correct option to configure is --without-ssl
with two dashes.

Fixes: b8b78e7e6a ("libcurl: Allow selection of TLS package libcurl will use")
Signed-off-by: Trent Piepho <tpiepho@impinj.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/luvi: bump to version 2.9.0 to fix build with OpenSSL 1.1.1a

Bump to latest release that bundles lua-openssl 0.7.4 to fix compatibility
with OpenSSL 1.1.1a.

Drop patches 0001 and 0002 that are included in the new release.

Successfully build and runtime tested on Banana Pro, note that version string
for lua-openssl does not match the tag name (0.7.4):

```
luvi v2.9.0
zlib: 1.2.11
libuv: 1.25.0
ssl: OpenSSL 1.1.1a 20 Nov 2018, lua-openssl 0.7.3
```

Fixes:
http://autobuild.buildroot.net/results/e87994a3dc987f5aa101a5e721ac927e21453373
http://autobuild.buildroot.net/results/ea725ad90cfcd3c5e242268a593dcabd7297fe70
http://autobuild.buildroot.net/results/f2fb9eea0044e4a5f674742d29ea95af49cf5a45
http://autobuild.buildroot.net/results/de4daa1b930f907f06640dc98a708016217ddea5
.. and many more.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/poco: disable build for riscv

poco does not support the riscv target.

Fixes:
http://autobuild.buildroot.net/results/9a8/9a8213c502df53222eafc3ecd2fcfa36db20950b/
http://autobuild.buildroot.net/results/dd4/dd48cac70e8cb697b42ee51561902df81edcea40/
http://autobuild.buildroot.net/results/030/030c6cc8e2a59b015f8f3793d76234a2ef4ab772/

Cc: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/ipmiutil: fix build with openssl 1.1.x

Fixes:
- http://autobuild.buildroot.org/results/1d868798c5b80d7b41123f988449ef548dd95490

This works for libressl as well, because libressl does provide
EVP_CIPHER_CTX_new() which is what gets enabled by -DSSL11

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/postgresql: bump to version 11.2

Fixes a long standing fsync issue and a number of other bugs:
https://www.postgresql.org/docs/11/release-11-2.html

https://wiki.postgresql.org/wiki/Fsync_Errors

The hash of the license file is only changed due to a year update:

-Portions Copyright (c) 1996-2018, PostgreSQL Global Development Group
+Portions Copyright (c) 1996-2019, PostgreSQL Global Development Group

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
[Thomas: update commit log to explain why the license file hash has
changed, as repoted by Peter Seiderer]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/log4cplus: link with libatomic when needed

On some architectures, atomic binutils are provided by the libatomic
library from gcc. Linking with libatomic is therefore necessary,
otherwise the build fails with:

sparc-buildroot-linux-uclibc/sysroot/lib/libatomic.so.1: error adding symbols: DSO missing from command line

This is often for example the case on sparcv8 32 bit.

Fixes:
- http://autobuild.buildroot.org/results/16e360cb91afff7655f459a3d1fb906ca48f8464

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/xenomai: fix build with gcc 8

Fixes:
- http://autobuild.buildroot.org/results/3a53f54476828ee878602da9adddf1e1e70f7a69

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/safeclib: fix build with gcc 7

Fixes:
- http://autobuild.buildroot.org/results/f4fe6bf54d213ca75bc1f16df61f8f92e648288e

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

linux: don't check hashes for user-supplied patches

We have virtually no way to know the hashes for user-supplied patches,
so we should just ignore them.

Reported-by: Simon van der Veldt <simon.vanderveldt@gmail.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Peter Korsgaard <peter@korsgaard.com>
Tested-by: Simon van der Veldt <simon.vanderveldt@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/mender: fix sysv startup script

Mender is a service explicitly written for systemd and so it doesn't
fork on background, doesn't redirect outputs and doesn't create a pid
file by itself.
To make the service running correctly is therefore necessary to use the
-m switch of start-stop-daemon to create the pid file and -b option to
send the process to background.
Logging is preserved because the service will log anyway on syslog.

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/mender: fix missing /var/lib

Mender needs /var/lib directory to be available: on some configurations
/var/lib is not available and thus the mender package installation fails.
This patch does a mkdir to ensure the /var/lib directory is always
available.

Fixes:

http://autobuild.buildroot.net/results/d2237083a13ab7688dd2b6dc8dbcd4226ed5651a/

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/qt5/qt5base: handle sse2/sse3/ssse3/sse4.1/sse4.2/avx/avx2 configuration

The Qt configure auto detection (and announced runtime detection
feature) failes (see e.g. [1]), so override the configuration
with the buildroot determined settings.

[1] http://lists.busybox.net/pipermail/buildroot/2019-January/241862.html

Reported-by: David Picard <dplamp@gmx.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

DEVELOPERS: add entry for zynq_zybo_defconfig

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/pulseaudio: fix S50pulseaudio init script

- fix the following start warnings:

  W: [pulseaudio] main.c: Running in system mode, but --disallow-exit not set.
  W: [pulseaudio] main.c: Running in system mode, but --disallow-module-loading not set.
  N: [pulseaudio] main.c: Running in system mode, forcibly disabling SHM mode.
  N: [pulseaudio] main.c: Running in system mode, forcibly disabling exit idle time.

- fix the following stop error:

  E: [pulseaudio] main.c: Failed to kill daemon: No such process

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/qwt: needs qt5base gui support

In commit 3e99c8418af904b14b01455d68c84d7b5afd261f ("package/qwt:
remove qt4 support"), the following line was incorrectly dropped:

  select BR2_PACKAGE_QT5BASE_GUI if BR2_PACKAGE_QT5

Due to this, qt5base can now be configured with widgets enabled but
gui disabled, causing the following build issue:

  ERROR: Feature 'widgets' was enabled, but the pre-condition 'features.gui' failed.

Re-introduce the proper select, but slightly simplified since only Qt5
is supported now.

Fixes:

  http://autobuild.buildroot.net/results/c771c2d5aac3e21f908e5a118f3755dbc9301a47

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[Thomas: rework commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libcpprestsdk: disable samples

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libv4l: bump version to 1.16.3

Changes since 1.16.2:
- Makefile.am: don't use relative paths for include
- keytable: do not install bpf protocols decoders with execute permission

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/madplay: add hash for license files

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/madplay: needs autoreconf

madplay uses a very old configure script.

When the toolchain lacks C++ and the build machine lacks /lib/cpp, this
old configure script fails because it can't find a C++ preprocessor that
is valid:

    checking for arm-buildroot-linux-uclibcgnueabi-g++... no
    checking whether we are using the GNU C++ compiler... no
    checking whether no accepts -g... no
    checking dependency style of no... none
    checking how to run the C++ preprocessor... /lib/cpp
    configure: error: C++ preprocessor "/lib/cpp" fails sanity check
    See `config.log' for more details.

This is yet another case that was tentatively fixed by bd39d11d2e
(core/infra: fix build on toolchain without C++), further amended by
4cd1ab15886 (core: alternate solution to disable C++).

However, this only works on libtool scripts that are recent enough, and
thus we need to autoreconf to get it.

We also need to patch configure.ac so that it does not fail on the
missing, GNU-specific files: NEWS, AUTHORS, and Changelog.

Finally, remove also patch on ltmain.sh and MADPLAY_LIBTOOL_PATCH=NO as
autoreconf will create an up to date ltmain.sh

Fixes:
- http://autobuild.buildroot.org/results/fc927de0e9a42095789fb0a631d5facf14076f6e

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python-django: security bump to version 2.1.7

Fixes the following security issues:

CVE-2019-6975: Memory exhaustion in django.utils.numberformat.format()

If django.utils.numberformat.format() – used by contrib.admin as well as the
the floatformat, filesizeformat, and intcomma templates filters – received a
Decimal with a large number of digits or a large exponent, it could lead to
significant memory usage due to a call to '{:f}'.format().

To avoid this, decimals with more than 200 digits are now formatted using
scientific notation.

https://docs.djangoproject.com/en/2.1/releases/2.1.6/

2.1.6 contained a packaging error, fixed by 2.1.7:

https://docs.djangoproject.com/en/2.1/releases/2.1.7/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libgpiod: bump version to v1.2.1

This is a bugfix release fixing two problems with C++ bindings.

Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

support/config-fragments/autobuild: use external toolchains in RISC-V configs

This commit replaces the two RISC-V configurations used for the
autobuilders to use pre-built external toolchains rather than internal
toolchains. This saves quite a bit of build time in the autobuilders,
and also allows people to reproduce build issues in a much more
efficient way, since rebuilding the toolchain is not needed.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Mark Corbin <mark.corbin@embecosm.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

support/config-fragments/autobuild: update all pre-built Buildroot toolchains

All toolchains have been rebuilt with Buildroot 2019.02-rc1.

Changes:

- Toolchains that were using no-longer maintained kernel headers
  versions have been changed to use a variety of newer kernel headers
  versions (4.4, 4.9 or 4.14).

- Since gcc 7.x is now the default in Buildroot, most toolchains that
  simply use the default gcc version use 7.x instead of 6.x.

- br-arm-cortex-a9-glibc uses gcc 8.x, binutils 2.31 and kernel
  headers 4.20

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/mosquitto: bump to version 1.5.7

Bugfix release, fixing a number of issues discovered post-1.5.6.

Drop patches as they are now included upstream.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/qemu: fix build of host-qemu on systems with old kernel headers

Qemu assumes that when <linux/usbdevice_fs.h> is available, it can
build its USBFS code. However, some systems have
<linux/usbdevice_fs.h>, but it doesn't provide all the definitions
that Qemu needs, causing a build failure.

In order to fix this, we introduce a Qemu patch that improves the
check that determines whether USBFS support should be enabled or not.

Fixes:

http://autobuild.buildroot.net/results/c4af5505f80e1e6185df70d191e85d9393df5795/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

configs/orangepi_one_plus: fix kernel headers option

Contrary to what the comment in the defconfig says, the
orangepi_one_plus_defconfig was not using the "same as kernel" option
for kernel headers, but really selecting explicitly Linux 4.18
headers, independently from the kernel version.

Except that in the mean time, BR2_KERNEL_HEADERS_4_18 has been
removed, causing a build failure due to the legacy checking:

Makefile.legacy:9: *** "You have legacy configuration in your .config! Please check your configuration.". Stop.

This commit fixes that by using the proper
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_18 option.

Fixes:

https://gitlab.com/buildroot.org/buildroot/-/jobs/158295166

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/mender: change to use release archive

Relase archive is distributed with depencies, this prevents the go
build system to download them.

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

{linux, linux-headers}: bump 4.{4, 9, 14, 19, 20}.x series

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/efivar: needs host gcc >= 4.8

The efivar code compiled for the host machine uses
__builtin_bswap16(), which is only available starting from gcc 4.8:

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=52624

So let's add a dependency on host gcc >= 4.8 to efivar and its unique
reverse dependency, efibootmgr.

Fixes:

http://autobuild.buildroot.net/results/48ba906bb6f4dc0c8af43ec11be64f7168dd62fd/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/docker-containerd: fix typo in uclibc dependency

Commit 6e3f7fbc072c88ab344f2ffa39e402464b566f19 ("package/runc: add
upstream security fix for CVE-2019-5736") added a dependency of
docker-containerd to uclibc (inherited from runc), but the depends on
has a typo that makes it ineffective. Due to this, docker-containerd
can still be selected in uClibc configurations, causing runc to be
build, and failing to build due fexecve() being missing in uClibc.

Fixes:

http://autobuild.buildroot.net/results/64ecdb1e007106fdb05979b10b42b90591255504/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

docs/website/news.html: add 2019.02-rc1 announcement link

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Update for 2019.02-rc1

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

configs/qemu: Update defconfigs to Linux 4.19.16

Linux version are changed to 4.19.16 (LTS) for all qemu defconfigs,
except for riscv. riscv defconfigs are left unchanged because they have
a custom Linux repository causing more difficulties when upgrading to
4.19 for riscv32. And for the riscv64, it has been updated recently to
Linux 4.20 by another contributor.

Patch for arm-versatile-nommu is changed into a git format

Add cache attributes for xtensa-lx60-nommu config because the commit
https://github.com/torvalds/linux/commit/7bb516ca5424e12b42124fab2906b6da9c81ba9c
added a new config variable for memory cache attribute:
CONFIG_MEMMAP_CACHEATTR

All these updated configs have been built successfully.

Signed-off-by: Gerome Burlats <gerome.burlats@smile.fr>
Cc: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

utils/scanpypi: protect against zip-slip vulnerability in zip/tar handling

For details, see https://github.com/snyk/zip-slip-vulnerability

Older python versions do not validate that the extracted files are inside
the target directory. Detect and error out on evil paths before extracting
.zip / .tar file.

Given the scope of this (zip issue was fixed in python 2.7.4, released
2013-04-06, scanpypi is only used by a developer when adding a new python
package), the security impact is fairly minimal, but it is good to get it
fixed anyway.

Reported-by: Bas van Schaik <security-reports@semmle.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

docker-engine: fix runc version check warning

Fixes the startup warning from Docker:

failed to retrieve runc version: unknown output format: runc version commit ...

Introduces a patch to replace the faulty version detection logic in the Docker
engine.

Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

docker-engine: bump to v18.09.2

Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

docker-cli: bump to v18.09.2

Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

docker-containerd: bump to v1.2.3

Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>