git: use BR2_KERNEL_MIRROR as download site

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

python-pathpy: bump to version 10.3.1

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

python-setuptools-scm: bum to version 1.15.6

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

kernel-module-imx-gpu-viv: bump revision to a05d9b23

Changelog since previous revision:
6a01dfb fix for memory leak in gc_hal_kernel_os.c
f73c35b Add support for PREEMPT_RT kernels

Also updating the help text to make sure users know this module won't
build with Mainline kernel but only with NXP forks.

Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

support/tests: allow properly indented config fragment

Currently, defining a config fragment in the runtime test infra requires
that the fragment not to be indented. This is beark, and causes grievance
when looking at the code (e.g. to fix it).

Just strip out all leading spaces/tabs when writing the configuration
lines into the config file, allowing in-line indented config fragments,
like so:

    class TestFoo(bla):
        config = bla.config + \
            """
            FOO=y
            # BAR is not set
            """

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

python-coherence: bump to the latest upstream commit

python-coherence is now orphaned, so unless a new maintainer
could be found, there is no ETA for the next release.

The setup.py file in the develop branch doesn't import other
Python packages, so no need for the build time dependencies.

This approach also fixes:

http://autobuild.buildroot.net/results/675/675721f773795987a2468daa33f299f7dc6ddb8a
http://autobuild.buildroot.net/results/cd9/cd99ac66af7a0cb24510bee78dd45884a8695776

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

expat: fix build on and for kernel older than 3.17

The expat build system now fails when the getrandom() system call is not
supported. This affect both host and target builds. Define XML_POOR_ENTROPY
for target kernels older than 3.17 to fix the build. For the host package
define XML_POOR_ENTROPY unconditionally since we have no easy way to know the
host kernel version. Note that expat will still use getrandom() on the host
when it is available, we don't make security any worse.

Fixes (host):
http://autobuild.buildroot.net/results/928/928dc2b56d931da84055fdfe78929d1f956de53b/
http://autobuild.buildroot.net/results/ee9/ee90d0a456cbce4c7f22e5f61006612bd9ba30d5/
http://autobuild.buildroot.net/results/dac/dac7231242123ae3dcaa6bbdd65b44fe8d8cb20c/

Fixes (target):
http://autobuild.buildroot.net/results/308/308e830219fdfebb5aa6aef51c1dc784254998f6/
http://autobuild.buildroot.net/results/73f/73fa946b0a2205e946ad414079f88e4bdb416f00/
http://autobuild.buildroot.net/results/9d7/9d7bad22ace7fa211b31d752a2255e07cede68be/

[Peter: also use HOST_CPPFLAGS]
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

expat: security bump to version 2.2.2

Changes (security fixes):

[MOX-006]      Fix non-NULL parser parameter validation in XML_Parse;
                 resulted in NULL dereference, previously

Drop upstream patch.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

libosip2: add upstream security fix

Fixes CVE-2016-10324 - In libosip2 in GNU oSIP 4.1.0, a malformed SIP
message can lead to a heap buffer overflow in the osip_clrncpy() function
defined in osipparser2/osip_port.c.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

arch/mips: add support for MIPS32 FP mode

MIPS32 support different FP modes (32,xx,64), so give the user the
opportunity to choose between them. That will cause host-gcc to be built
using the --with-fp-32=[32|xx|64] configure option. Also the
-mfp[32|xx|64] gcc option will be added to TARGET_CFLAGS and to the
toolchain wrapper.

FP mode option shouldn't be used for soft-float, so we add logic in the
toolchain wrapper if -msoft-float is among the arguments in order to not
append the -fp[[32|xx|64] option, otherwise the compilation may fail.

Information about FP modes here:

- https://sourceware.org/binutils/docs/as/MIPS-Options.html
- https://dmz-portal.imgtec.com/wiki/MIPS_O32_ABI_-_FR0_and_FR1_Interlinking#5._Generating_modeless_code

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

arch/mips: add support for MIPS NaN

MIPS supports two different NaN encodings, legacy and 2008. Information
about MIPS NaN encodings can be found here:

  https://sourceware.org/binutils/docs/as/MIPS-NaN-Encodings.html

NaN legacy is the only option available for R2 cores and older.
NaN 2008 is the only option available for R6 cores.
R5 cores can have either NaN legacy or NaN 2008, depending on the
implementation. So, if the user selects a generic R5 target architecture
variant, we show a choice menu with both options available. For well
known R5 cores we directly select the NaN enconding they use.

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

python-zope-interface: bump to version 4.4.2

Add setuptools as a runtime dependency because zope-interface
uses pkg_resources during initialization.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

package/kodi-peripheral-xarcade: new package

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

package/kodi-peripheral-steamcontroller: new package

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

package/kodi-peripheral-joystick: new package

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

grub2: move usage notes to package readme.txt

As discussed in the mailing list, grub2 usage notes were growing too big
for a Config.in documentation, and so it was agreed that a readme.txt in
the package directory is a better place to put them.

This commit simply moves the documentation as-is to preserve the
original contents as they were in Config.in which can be worked on in
further commits.

Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

grub2: bump up version

After many years since the last release and a long time with grub 2.02
in beta, there is finally a release and it brings many bug fixes and
interesting features such as support for ARM.

Patch boot/grub2/0001-remove-gets.patch doesn't seem to be required
anymore as grub-core/gnulib/stdio.in.h has changed significantly since
"053cfcd Import new gnulib." and has another treatment for gets.
Patch
boot/grub2/0002-grub-core-gettext-gettext.c-main_context-secondary_c.patch
was a backport which is present after the bump and therefore is also no
longer necessary.

Since we're adding a Config.in comment, we also introduce a
BR2_TARGET_GRUB2_ARCH_SUPPORTS hidden boolean, in order to avoid
repeating the architecture dependencies.

Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Thomas: add BR2_TARGET_GRUB2_ARCH_SUPPORTS, remove bogus dependencies
on ARM and AArch64, since enabling Grub2 on those architectures is
done in another commit.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

minnowboard_max: bump to kernel 4.12.2

And drop the version number from the linux configuration.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

minnowboard_max-graphical_defconfig: use uClibc-ng

Now that we have wordexp support in uClibc-ng and nodm is available, we can
use it for the graphical defconfig.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

package/kodi: fix build with newer gcc versions.

Using this defconfig produces a build error with kodi:

BR2_arm=y
BR2_cortex_a8=y
BR2_ARM_INSTRUCTIONS_THUMB2=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_PACKAGE_KODI=y
BR2_PACKAGE_SUNXI_MALI=y
BR2_PACKAGE_PYTHON=y
BR2_PACKAGE_PYTHON_PY_ONLY=y

/home/buildroot/buildroot/output/build/kodi-17.3-Krypton/xbmc/filesystem/FTPParse.cpp:37:1:
 error: ‘string’ does not name a type
 string CFTPParse::getName()
 ^~~~~~
/home/buildroot/buildroot/output/build/kodi-17.3-Krypton/xbmc/filesystem/FTPParse.cpp:62:25:
 error: variable or field ‘setTime’ declared void
 void CFTPParse::setTime(string str)
                         ^~~~~~
/home/buildroot/buildroot/output/build/kodi-17.3-Krypton/xbmc/filesystem/FTPParse.cpp:62:25:
 error: ‘string’ was not declared in this scope

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

qt5base: fix qthash error attribute(target("+crc")) is unknown

Add patch 0005-Fix-error-attribute-target-crc-is-unknown.patch.

Upstream: https://codereview.qt-project.org/200171

Fixes buildroot Bug 9916 ([1]).

[1] https://bugs.busybox.net/show_bug.cgi?id=9916

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

binutils/2.27: backport patch to enable CRC instructions on supported ARMv8-A CPUs

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

configs/raspberrypi3_64_defconfig: bump kernel version to 4.9.36

Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

configs/raspberrypi3_defconfig: bump kernel version to 4.9.36

Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

configs/raspberrypi2_defconfig: bump kernel version to 4.9.36

Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

configs/raspberrypi0_defconfig: bump kernel version to 4.9.36

Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

configs/raspberrypi_defconfig: bump kernel version to 4.9.36

Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

package/rpi-userland: bump version

Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

package/rpi-firmware: bump version

Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

sngrep: remove ncurses wchar support

sngrep currently doesn't really use wchar support anyways, and when
checking for wchar support, it's checking the host systems ncurses
libraries.

Remove support for ncurses wchar until it's used in sngrep, and remove
the patches used to fix ncurses wchar detection.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

git: fix build with NLS disabled

Since commit bbfb02598bf75 (git: use the new gettext logic) host-gettext is no
longer an unconditional dependency of git. When NLS is disabled host-gettext
is not built. This breaks the build of git, because the git Makefile runs
msgfmt unless NO_GETTEXT is defined.

Define NO_GETTEXT when NLS is disabled to fix the build.

Fixes:
http://autobuild.buildroot.net/results/c87/c8717619a1307f21cb9fe61196511cea44f72015/
http://autobuild.buildroot.net/results/e7a/e7acff51f988c333c3fe0c4a18eed42a273932d3/
http://autobuild.buildroot.net/results/153/153b17959847ec2079883c087cee27afbdf9571e/

Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Sagaert Johan <sagaert.johan@skynet.be>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

configs/mx53loco: Bump kernel and U-Boot versions

Bump Linux kernel version to 4.12.1 and U-Boot to 2017.05.

Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

configs/bananapro: bump Linux kernel to 4.12.1

Drop the board specific patches which has been applied upstream.

[Peter: also drop now unused BR2_GLOBAL_PATCH_DIR]
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

linux-headers: bump 4.{4, 9, 11, 12}.x series

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

linux: bump default to version 4.12.2

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/lshw: don't use NONLS when BR2_SYSTEM_ENABLE_NLS is not set

Since [1], NONLS is added to LSHW_CFLAGS even for glibc based toolchain.
Previously it was not the case since BR2_ENABLE_LOCALE is always
selected for glibc based toolchain.

With NONLS, config.h try to redefine two Intl function (textdomain and
bindtextdomain) that are used by glibc internally.

This break the build with the following error:
sysroot/usr/include/libintl.h:82:52: error: expected unqualified-id before 'throw'
 extern char *textdomain (const char *__domainname) __THROW;

The NONLS mode is really for cases where the C library does not provide
*any* gettext implementation, as would be the case with uClibc without
intl stubs enabled.

But in the context of Buildroot, all C libraries provide a gettext
implementation. It might be full-featured or minimal, but it always
exists.

So, remove NONLS from CFLAGS to avoid the build issue with glibc
toolchains.

Build tested with a uClibc toolchain without locale enabled.

Fixes:
http://autobuild.buildroot.net/results/9bf/9bf5437b4348ea8077013b80a51ce05fa328247d

[1] 3acd9f845de0489071719d52d774aab48d7f9c33

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

docs/website/support: clarify the bugtracker is for bugs only

The bugtracker is intended to be used for bug reports only, so clarify
it's not meant to be used for "any problem".

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

pulseaudio: add optional dependency on bluez5_utils

The pulseaudio configure script autodetects the presence of
bluez 4.x and 5.x packages on the system and will exclude the
bluetooth-related modules in their absence.

This commit ensures that bluez5_utils, if selected, are installed
before pulseaudio. The same already happens for bluez_utils (4.x).

Signed-off-by: Calin Crisan <ccrisan at gmail dot com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

package/libglfw: bump version to 3.2.1

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

package/bluez5_utils: bump to version 5.46

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

package/{mesa3d, mesa3d-headers}: bump version to 17.1.5

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

gcc: fix build of libsanitizer in gcc 4.9 and 5.x on PowerPC

libsanitizer in gcc fails to build on PowerPC with gcc versions 4.9
and 5.x used in conjunction with glibc 2.25, with the following error:

../../../../gcc-host/libsanitizer/asan/asan_linux.cc: In function 'bool __asan::AsanInterceptsSignal(int)':
../../../../gcc-host/libsanitizer/asan/asan_linux.cc:222:20: error: 'SIGSEGV' was not declared in this scope
   return signum == SIGSEGV && common_flags()->handle_segv;

This commit adds a patch that has been submitted to upstream gcc
(https://patchwork.ozlabs.org/patch/725596/) but not merged. The patch
is no longer needed with gcc 6.x and later because the code has been
reworked.

Fixes Buildroot bug #10061

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[Thomas: rework commit log.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

board/arcturus/ppc-ucp1020: add patch to fix build with gcc 6.x.

This commit adds a Linux kernel patch to solve a build failure with
the arcturus_ucp1020_defconfig with gcc 6.x:

arch/powerpc/kernel/ptrace.c:407:24: warning: index 32 denotes an offset greater than size of 'u64[32][1] {aka long long unsigned int[32][1]}' [-Warray-bounds]
        offsetof(struct thread_fp_state, fpr[32][0]));
                        ^

The patch is upstream in Linux, and can be dropped when
arcturus_ucp1020_defconfig is updated to use a new Linux kernel
version.

Signed-off-by: Oleksandr Zhadan <oleks@arcturusnetworks.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

kvazaar: fix build with gcc 7

Add upstream fix for a gcc 7 -Werror build failure.

Fixes:
http://autobuild.buildroot.net/results/ea1/ea1495696a0e810adb6695dad6b9f3d3363e81d5/
http://autobuild.buildroot.net/results/2c1/2c1fba63553afa735c5ac29d7f5de8368c794628/
http://autobuild.buildroot.net/results/d07/d07bfcb8efcb76cdea3c66e0cc24728f418e3872/

Cc: Alexandre Esse <alexandre.esse.dev@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

package/Makefile.in: export O= to post-build/image scripts for out-of-tree builds

Sometimes it can be interesting to call back into buildroot from a
post-build/image script (E.G. make printvars or similar). For this to work
correctly with out-of-tree builds we need to pass O= to make, but this is
currently not available in the environment of post-build/image scripts.

In concept, O could be derrived from BUILD_DIR (E.G. by stripping /build),
but directly exporting O is cleaner.

O= cannot be exported globally as it interferes with various build systems,
so instead add it to EXTRA_ENV.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

package/rpi-firmware: install missing library

The vcdbg utility is linked to a few libraries, which so far were all
provided by the rpi-userland package.

But a not-so-recent bump of rpi-firmware pulled in a vcdbg that is
linked to an additional library, which is not privided by rpi-userland,
so we must install it.

Reported-by: cluelessperson on #buildroot
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

librtlsdr: backport pull request to fix build with newer compilers

Fix:
http://autobuild.buildroot.net/results/ece/ece557db739aaad9b53130a8ecb4d98f6f67aedf

Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

libressl: bump version to 2.5.5

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

strace: bump version to 4.18

This patch bumps the strace package to 4.18 upstream version.

Patch 0001-nios2-arch_regs-fix-nios2_sp_ptr-definition.patch has been
removed because it is part of 4.18.

Signed-off-by: Evgeniy Didin <didin@synopsys.com>
Cc: Alexey Brodkin <abrodkin@synopsys.com>
Cc: arc-buildroot@synopsys.com
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

support/tests: fix ext4 runtime test

The current test fails because of a legacy option, renamed during the
recent ext overhaul.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Cc: Samuel Martin <s.martin49@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

tiff: add upstream security fix for CVE-2017-10688

Fixes CVE-2017-10688 - n LibTIFF 4.0.8, there is a assertion abort in the
TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c.  A
crafted input will lead to a remote denial of service attack.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

spice: add upstream security fixes for CVE-2017-7506

Fixes CVE-2017-7506 - Possible buffer overflow via invalid monitor
configurations.

For more details, see:
https://marc.info/?l=oss-security&m=150001782924095

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

python-simplejson: bump to version 3.11.1

Remove Python2 only dependency as the package is compatible
with Python3.

Add a dot at the end of the help text.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

nginx: security bump to version 1.12.1

Fixes CVE-2017-7529 - Nginx versions since 0.5.6 up to and including 1.13.2
are vulnerable to integer overflow vulnerability in nginx range filter
module resulting into leak of potentially sensitive information triggered by
specially crafted request.

For more details, see:
http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

nginx-upload: bump version to fix build against nginx-1.12.x

Fixes:
http://autobuild.buildroot.net/results/9ec/9ecf714667736bf61f643ad55588d3d6ebdde603/
http://autobuild.buildroot.net/results/cea/cea64e30e98543e10c8819f6337babfec6d7ac0f/

Bump to the latest commit on the 2.255 branch, which contains pull request
88 (work with latest nginx versions):

https://github.com/vkholodkov/nginx-upload-module/pull/88

git shortlog aba1e3f34c754551f4f49e572bc86863d535609d..
Anton (1):
      Add files via upload

Valery Kholodkov (5):
      Added tag for version 2.0.8
      Recreated tag for version 2.0.8
      Backported to nginx 0.5.37 by Anthony Kholodkov
      Updated Changelog
      Merge pull request #88 from antonbarinov/2.255

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/nginx: fix build

Add a patch to nginx configuration system fixing misdetected unneeded PCRE
dependency.

This patch has been submitted upstream [1].

Fixes:
  http://autobuild.buildroot.net/results/bc7/bc7458b97a88785653845afd30fe9d5f3a69905b/build-end.log

[1] http://mailman.nginx.org/pipermail/nginx-devel/2017-July/010308.html

Signed-off-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/nodejs: security bump to version 8.1.4

Fixes CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(), which
is used for parsing NAPTR responses, could be triggered to read memory
outside of the given input buffer if the passed in DNS response packet was
crafted in a particular way.  This patch checks that there is enough data
for the required elements of an NAPTR record (2 int16, 3 bytes for string
lengths) before processing a record.

See https://nodejs.org/en/blog/release/v8.1.4/

[Peter: add CVE info]
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/samba4: security bump to version 4.5.12

Fixes CVE-2017-11103:

All versions of Samba from 4.0.0 onwards using embedded Heimdal
Kerberos are vulnerable to a man-in-the-middle attack impersonating
a trusted server, who may gain elevated access to the domain by
returning malicious replication or authorization data.

Samba binaries built against MIT Kerberos are not vulnerable.

https://www.samba.org/samba/history/samba-4.5.12.html

[Peter: add CVE info]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/pcre: security bump to version 8.41

Removed patches 0003 & 0004, applied upstream.

Fixes the following security issues:

CVE-2017-7244 - The _pcre32_xclass function in pcre_xclass.c in libpcre1 in
PCRE 8.40 allows remote attackers to cause a denial of service (invalid
memory read) via a crafted file.

CVE-2017-7245 - Stack-based buffer overflow in the pcre32_copy_substring
function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to
cause a denial of service (WRITE of size 4) or possibly have unspecified
other impact via a crafted file.

CVE-2017-7246 - Stack-based buffer overflow in the pcre32_copy_substring
function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to
cause a denial of service (WRITE of size 268) or possibly have unspecified
other impact via a crafted file.

[Peter: add CVE info]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/freeswitch: bump version to 1.6.19

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

python-twisted: add missing dependency on host-python-incremental

The recent change on PYTHONPATH for Python 2.x has revealed a missing
dependency in the python-twisted package. The incremental Python
module is listed in both setup_requires and install_requires, so we
must depend on both its target *and* host variants.

Fixes:

  http://autobuild.buildroot.net/results/386bf87abba550b5477d5e15e57981b8c3cef8d6/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

DEVELOPERS: remove Sagaert Johan

The email address of Sagaert Johan is bouncing. Remove his DEVELOPERS entry.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

python: remove target Python packages from PYTHONPATH

We currently have
$(TARGET_DIR)/usr/lib/python$(PYTHON_VERSION_MAJOR)/site-packages/
inside the PYTHON_PATH variable, which gets used to define PYTHONPATH,
passed to the host Python interpreter when building/installing target
packages.

However, this is terribly wrong, as it causes the host interpreter to
potentially import target Python packages. This is wrong for several
reasons:

 - Some Python packages might need some Python modules to be installed
   on the host (described in setup_requires in setup.py), but their
   installation currently works because by luck the corresponding
   Python module is installed for the target. Some of those cases were
   happening for real, and fixed by previous patches.

 - Some Python packages include some native code, therefore built for
   a specific CPU architecture. When you point the host Python
   interpreter to native libraries built for the target, you get nice
   build failures, such as the one affecting the python-cffi related
   packages.

Making this change allows to fix the python-cffi related build
failures:

  http://autobuild.buildroot.net/results/a9af84f2d845ee25e2b7d8b92aef485112b46060/
  (python-cryptography)

  http://autobuild.buildroot.net/results/b017c4f6b4d45c0afbf06a80dbd3f2ebe5d49d20/
  (python-pynacl)

  http://autobuild.buildroot.net/results/25144ea191ad46d851b31d3a2f0ef939f215494b/
  (python-smbus-cffi)

This change has been verified with the following defconfig that
enables a lot of Python packages:

BR2_arm=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_CUSTOM=y
BR2_TOOLCHAIN_EXTERNAL_DOWNLOAD=y
BR2_TOOLCHAIN_EXTERNAL_URL="http://autobuild.buildroot.org/toolchains/tarballs/br-arm-full-2017.05-834-gb595627.tar.bz2"
BR2_TOOLCHAIN_EXTERNAL_GCC_4_9=y
BR2_TOOLCHAIN_EXTERNAL_HEADERS_3_10=y
BR2_TOOLCHAIN_EXTERNAL_LOCALE=y
BR2_TOOLCHAIN_EXTERNAL_CXX=y
BR2_INIT_NONE=y
BR2_SYSTEM_BIN_SH_NONE=y
BR2_PACKAGE_PYTHON=y
BR2_PACKAGE_PYTHON_ALSAAUDIO=y
BR2_PACKAGE_PYTHON_ARROW=y
BR2_PACKAGE_PYTHON_ATTRS=y
BR2_PACKAGE_PYTHON_AUTOBAHN=y
BR2_PACKAGE_PYTHON_BITSTRING=y
BR2_PACKAGE_PYTHON_BOTTLE=y
BR2_PACKAGE_PYTHON_CAN=y
BR2_PACKAGE_PYTHON_CBOR=y
BR2_PACKAGE_PYTHON_CHARDET=y
BR2_PACKAGE_PYTHON_CHEETAH=y
BR2_PACKAGE_PYTHON_CHERRYPY=y
BR2_PACKAGE_PYTHON_CONFIGOBJ=y
BR2_PACKAGE_PYTHON_CONFIGSHELL_FB=y
BR2_PACKAGE_PYTHON_CRC16=y
BR2_PACKAGE_PYTHON_CRCMOD=y
BR2_PACKAGE_PYTHON_CSSSELECT=y
BR2_PACKAGE_PYTHON_CSSUTILS=y
BR2_PACKAGE_PYTHON_DAEMON=y
BR2_PACKAGE_PYTHON_DIALOG=y
BR2_PACKAGE_PYTHON_DICTTOXML=y
BR2_PACKAGE_PYTHON_DJANGO=y
BR2_PACKAGE_PYTHON_DOCOPT=y
BR2_PACKAGE_PYTHON_DPKT=y
BR2_PACKAGE_PYTHON_ECDSA=y
BR2_PACKAGE_PYTHON_ENUM=y
BR2_PACKAGE_PYTHON_FLASK_BABEL=y
BR2_PACKAGE_PYTHON_FLASK_JSONRPC=y
BR2_PACKAGE_PYTHON_FLASK_LOGIN=y
BR2_PACKAGE_PYTHON_FLUP=y
BR2_PACKAGE_PYTHON_GOBJECT=y
BR2_PACKAGE_PYTHON_GUNICORN=y
BR2_PACKAGE_PYTHON_HTML5LIB=y
BR2_PACKAGE_PYTHON_HTTPLIB2=y
BR2_PACKAGE_PYTHON_HUMANIZE=y
BR2_PACKAGE_PYTHON_ID3=y
BR2_PACKAGE_PYTHON_INIPARSE=y
BR2_PACKAGE_PYTHON_IOWAIT=y
BR2_PACKAGE_PYTHON_IPADDR=y
BR2_PACKAGE_PYTHON_IPY=y
BR2_PACKAGE_PYTHON_IPYTHON=y
BR2_PACKAGE_PYTHON_JSON_SCHEMA_VALIDATOR=y
BR2_PACKAGE_PYTHON_KEYRING=y
BR2_PACKAGE_PYTHON_LIBCONFIG=y
BR2_PACKAGE_PYTHON_LMDB=y
BR2_PACKAGE_PYTHON_LXML=y
BR2_PACKAGE_PYTHON_MAD=y
BR2_PACKAGE_PYTHON_MARKDOWN=y
BR2_PACKAGE_PYTHON_MELD3=y
BR2_PACKAGE_PYTHON_MISTUNE=y
BR2_PACKAGE_PYTHON_MSGPACK=y
BR2_PACKAGE_PYTHON_MUTAGEN=y
BR2_PACKAGE_PYTHON_MWSCRAPE=y
BR2_PACKAGE_PYTHON_NETADDR=y
BR2_PACKAGE_PYTHON_NETIFACES=y
BR2_PACKAGE_PYTHON_NFC=y
BR2_PACKAGE_PYTHON_NUMPY=y
BR2_PACKAGE_PYTHON_PAHO_MQTT=y
BR2_PACKAGE_PYTHON_PAM=y
BR2_PACKAGE_PYTHON_PARAMIKO=y
BR2_PACKAGE_PYTHON_PILLOW=y
BR2_PACKAGE_PYTHON_POSIX_IPC=y
BR2_PACKAGE_PYTHON_PSUTIL=y
BR2_PACKAGE_PYTHON_PUDB=y
BR2_PACKAGE_PYTHON_PYCLI=y
BR2_PACKAGE_PYTHON_PYCPARSER=y
BR2_PACKAGE_PYTHON_PYELFTOOLS=y
BR2_PACKAGE_PYTHON_PYFTPDLIB=y
BR2_PACKAGE_PYTHON_PYGAME=y
BR2_PACKAGE_PYTHON_PYGAME_IMAGE=y
BR2_PACKAGE_PYTHON_PYGAME_EXAMPLES=y
BR2_PACKAGE_PYTHON_PYGAME_FONT=y
BR2_PACKAGE_PYTHON_PYGAME_MIXER=y
BR2_PACKAGE_PYTHON_PYINOTIFY=y
BR2_PACKAGE_PYTHON_PYLIBFTDI=y
BR2_PACKAGE_PYTHON_PYMYSQL=y
BR2_PACKAGE_PYTHON_PYPARTED=y
BR2_PACKAGE_PYTHON_PYPCAP=y
BR2_PACKAGE_PYTHON_PYQRCODE=y
BR2_PACKAGE_PYTHON_PYRATEMP=y
BR2_PACKAGE_PYTHON_PYRO=y
BR2_PACKAGE_PYTHON_PYROUTE2=y
BR2_PACKAGE_PYTHON_PYSENDFILE=y
BR2_PACKAGE_PYTHON_PYSMB=y
BR2_PACKAGE_PYTHON_PYSNMP_APPS=y
BR2_PACKAGE_PYTHON_PYSNMP_MIBS=y
BR2_PACKAGE_PYTHON_PYSOCKS=y
BR2_PACKAGE_PYTHON_PYTABLEWRITER=y
BR2_PACKAGE_PYTHON_PYTRIE=y
BR2_PACKAGE_PYTHON_PYUSB=y
BR2_PACKAGE_PYTHON_PYXB=y
BR2_PACKAGE_PYTHON_PYZMQ=y
BR2_PACKAGE_PYTHON_REQUESTS_TOOLBELT=y
BR2_PACKAGE_PYTHON_RPI_GPIO=y
BR2_PACKAGE_PYTHON_RTSLIB_FB=y
BR2_PACKAGE_PYTHON_SDNOTIFY=y
BR2_PACKAGE_PYTHON_SERIAL=y
BR2_PACKAGE_PYTHON_SETPROCTITLE=y
BR2_PACKAGE_PYTHON_SH=y
BR2_PACKAGE_PYTHON_SHUTILWHICH=y
BR2_PACKAGE_PYTHON_SIMPLEJSON=y
BR2_PACKAGE_PYTHON_SMBUS_CFFI=y
BR2_PACKAGE_PYTHON_SOCKETIO=y
BR2_PACKAGE_PYTHON_SORTEDCONTAINERS=y
BR2_PACKAGE_PYTHON_SPIDEV=y
BR2_PACKAGE_PYTHON_THRIFT=y
BR2_PACKAGE_PYTHON_TOMAKO=y
BR2_PACKAGE_PYTHON_TREQ=y
BR2_PACKAGE_PYTHON_U_MSGPACK=y
BR2_PACKAGE_PYTHON_UBJSON=y
BR2_PACKAGE_PYTHON_UJSON=y
BR2_PACKAGE_PYTHON_URLLIB3=y
BR2_PACKAGE_PYTHON_VERSIONTOOLS=y
BR2_PACKAGE_PYTHON_WATCHDOG=y
BR2_PACKAGE_PYTHON_WEB2PY=y
BR2_PACKAGE_PYTHON_WEBPY=y
BR2_PACKAGE_PYTHON_WHOOSH=y
BR2_PACKAGE_PYTHON_WS4PY=y
BR2_PACKAGE_PYTHON_WSACCEL=y
BR2_PACKAGE_PYTHON_XLUTILS=y

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

python-treq: needs host-python-incremental

The python-treq package lists the incremental Python module as part of
its setup_requires variable in setup.py, so it must be added as a host
dependency of the python-treq package to avoid build failures.

So far, this issue wasn't visible because python-treq selects
python-twisted, which itself selects the target python-incremental
package. Because python-incremental was before python-treq in the
alphabetic ordering, it was always built before python-treq. And due
to the fact that PYTHONPATH currently contains the directory with
target Python modules, the host Python interpreter was happily using
the target python-incremental while running on the host. But as we are
going to clean up PYTHONPATH, this will no longer be the case, and
hence python-treq needs to be fixed.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

python-incremental: add host variant

A host variant of the python-incremental package will be needed for
the python-treq package.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

python-json-schema-validator: needs versiontools on the host

python-json-schema-validator does not need versiontools on the target,
but only on the host, as it's listed in setup_requires in setup.py.

This was not noticed so far because host Python interpreter is started
with a PYTHONPATH that contains a directory with target Python
packages, so versiontools was found there. But as we are about to fix
PYTHONPATH to no longer include such a directory,
python-json-schema-validator would fail due to versiontools being
missed on the host.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

python-versiontools: add host variant

It will be needed by python-json-schema-validator.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

python-u-msgpack: switch to setuptools instead of distutils

python-u-msgpack can use setuptools instead of distutils, and
using setuptools is generally preferred.

In addition, using setuptools allows to make sure the package will
continue to build when we will adjust the PYTHONPATH variable to no
longer point to target Python modules. Without such a change to
setuptools, the build would fail with:

=====================================================================
running install
Checking .pth file support in /home/test/buildroot/output/target/usr/lib/python2.7/site-packages/
/home/test/buildroot/output/host/bin/python -E -c pass
TEST FAILED: /home/test/buildroot/output/target/usr/lib/python2.7/site-packages/ does NOT support .pth files
error: bad install directory or PYTHONPATH

You are attempting to install a package to a directory that is not
on PYTHONPATH and which Python does not read ".pth" files from.  The
installation directory you specified (via --install-dir, --prefix, or
the distutils default setting) was:

    /home/test/buildroot/output/target/usr/lib/python2.7/site-packages/

and your PYTHONPATH environment variable currently contains:

    '/home/test/buildroot/output/target/usr/lib/python2.7/sysconfigdata/'

Here are some of your options for correcting the problem:

* You can choose a different installation directory, i.e., one that is
  on PYTHONPATH or supports .pth files

* You can add the installation directory to the PYTHONPATH environment
  variable.  (It must then also be on PYTHONPATH whenever you run
  Python and want to use the package(s) you are installing.)

* You can set up the installation directory to support ".pth" files by
  using one of the approaches described here:

  https://setuptools.readthedocs.io/en/latest/easy_install.html#custom-installation-locations
=====================================================================

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

python-pyro: switch to setuptools instead of distutils

python-pyro can use setuptools instead of distutils, and using
setuptools is generally preferred.

In addition, using setuptools allows to make sure the package will
continue to build when we will adjust the PYTHONPATH variable to no
longer point to target Python modules. Without such a change to
setuptools, the build would fail with:

=====================================================================
running install
Checking .pth file support in /home/test/buildroot/output/target/usr/lib/python2.7/site-packages/
/home/test/buildroot/output/host/bin/python -E -c pass
TEST FAILED: /home/test/buildroot/output/target/usr/lib/python2.7/site-packages/ does NOT support .pth files
error: bad install directory or PYTHONPATH

You are attempting to install a package to a directory that is not
on PYTHONPATH and which Python does not read ".pth" files from.  The
installation directory you specified (via --install-dir, --prefix, or
the distutils default setting) was:

    /home/test/buildroot/output/target/usr/lib/python2.7/site-packages/

and your PYTHONPATH environment variable currently contains:

    '/home/test/buildroot/output/target/usr/lib/python2.7/sysconfigdata/'

Here are some of your options for correcting the problem:

* You can choose a different installation directory, i.e., one that is
  on PYTHONPATH or supports .pth files

* You can add the installation directory to the PYTHONPATH environment
  variable.  (It must then also be on PYTHONPATH whenever you run
  Python and want to use the package(s) you are installing.)

* You can set up the installation directory to support ".pth" files by
  using one of the approaches described here:

  https://setuptools.readthedocs.io/en/latest/easy_install.html#custom-installation-locations
=====================================================================

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

python-pyasn: switch to setuptools instead of distutils

python-pyasn can use setuptools instead of distutils, and using
setuptools is generally preferred.

In addition, using setuptools allows to make sure the package will
continue to build when we will adjust the PYTHONPATH variable to no
longer point to target Python modules. Without such a change to
setuptools, the build would fail with:

=====================================================================
running install
Checking .pth file support in /home/test/buildroot/output/target/usr/lib/python2.7/site-packages/
/home/test/buildroot/output/host/bin/python -E -c pass
TEST FAILED: /home/test/buildroot/output/target/usr/lib/python2.7/site-packages/ does NOT support .pth files
error: bad install directory or PYTHONPATH

You are attempting to install a package to a directory that is not
on PYTHONPATH and which Python does not read ".pth" files from.  The
installation directory you specified (via --install-dir, --prefix, or
the distutils default setting) was:

    /home/test/buildroot/output/target/usr/lib/python2.7/site-packages/

and your PYTHONPATH environment variable currently contains:

    '/home/test/buildroot/output/target/usr/lib/python2.7/sysconfigdata/'

Here are some of your options for correcting the problem:

* You can choose a different installation directory, i.e., one that is
  on PYTHONPATH or supports .pth files

* You can add the installation directory to the PYTHONPATH environment
  variable.  (It must then also be on PYTHONPATH whenever you run
  Python and want to use the package(s) you are installing.)

* You can set up the installation directory to support ".pth" files by
  using one of the approaches described here:

  https://setuptools.readthedocs.io/en/latest/easy_install.html#custom-installation-locations
=====================================================================

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

libxml-parser-perl: add LICENSE_FILES

There is copyright information in the top level README file. Use this
file as the license file which will be included by the `legal-info`
build rule.

Signed-off-by: Ben Leinweber <bleinweber@spaceflight.com>
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

linux-headers: bump 4.{9,11,12}.x series

Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

linux: bump default to version 4.12.1

Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

configs: nexbox_a95x_defconfig: bump to kernel 4.12

Main difference is that the drm driver now supports the hdmi output.

The gxl variant device tree has been renamed in:

commit 7eea67101b9713ae438955e8899b3c4b078419f9
Author: Kevin Hilman <khilman@baylibre.com>
Date:   Fri Jan 20 07:57:52 2017 -0800

    ARM64: dts: meson-gxl: rename Nexbox A95x for consistency

    Since the GXL family has S905X and S905D SoCs, we're keeping the SoC
    name in the DTS filename for clarity.  Rename this file accordingly to
    be consistent with the rest of the GXL DTS files.

Cc: Neil Armstrong <narmstrong@baylibre.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Kevin Hilman <khilman@baylibre.com>
So adjust the defconfig and boot script to match.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

python-hyperlink: new package

Though PyPI says the license is BSD, GitHub repo has an MIT license
file since April 2017 and upstream setup.py was also fixed.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

python-sh: bump to version 1.12.14

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

python-pysocks: bump to version 1.6.7

Change setup type to setuptools and use proper license file.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

python-markupsafe: bump to version 1.0

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

python-attrs: bump to version 17.2.0

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

olimex_a20_olinuxino_micro: bump to Linux 4.12

[Build- and run-tested]
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

olimex_a20_olinuxino_micro: bump to U-Boot 2017.5 and fix build

This defconfig does not build anymore since commit
6cda724efb20682bb98e6d738e5f7c909415ae07 ("package/gcc: switch to gcc
6.x as the default"). Fix by upgrading to the latest U-Boot version.

Fixes:
  In file included from include/linux/compiler.h:54:0,
                   from include/linux/bitops.h:5,
                   from ./include/common.h:20:
  include/linux/compiler-gcc.h:114:30: fatal error: linux/compiler-gcc6.h: No such file or directory
   #include gcc_header(__GNUC__)
                                ^
  compilation terminated.

[Build- and run-tested]
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

fs/squashfs: cleanup if-else cascade

And add myself to the DEVELOPPERS for squashfs.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

gcc: bump 6.x series to version 6.4.0

Drop the following patches:
  * the Xtensa patches 870 and 871 are upstream now
  * patch 942 was backported to GCC 6 branch

Note, that a bz2 release tarball is not provided anymore and is replaced by
a xz tarball file.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

pcre2: enable no MMU build

Use '--disable-pcre2grep-callout' for !BR2_USE_MMU, disables
fork usage.

Fixes [1]:

    CCLD     pcre2grep
  src/pcre2grep-pcre2grep.o: In function `pcre2grep_callout':
  pcre2grep.c:(.text+0x402): undefined reference to `fork'
  collect2: error: ld returned 1 exit status

[1] http://autobuild.buildroot.net/results/2c2/2c2665844748a3bdb010315200eea70aa3504b95

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

olimex_imx233_olinuxino: bump versions

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

libssh2: add mbedtls backend

libssh2 support mbedtls as crypto back-end library since version 1.8.0.

Default to mbedtls since it's smaller than either libgcrypt or openssl.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/apache: bump version to 2.4.27

Announcement: http://www.apache.org/dist/httpd/Announcement2.4.html
Release notes: http://www.apache.org/dist/httpd/CHANGES_2.4.27

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

mpg123: security bump to version 1.25.2

>From the release notes:

 - Extend pow tables for layer III to properly handle files with i-stereo and
   5-bit scalefactors. Never observed them for real, just as fuzzed input to
   trigger the read overflow. Note: This one goes on record as CVE-2017-11126,
   calling remote denial of service. While the accesses are out of bounds for
   the pow tables, they still are safely within libmpg123's memory (other
   static tables). Just wrong values are used for computation, no actual crash
   unless you use something like GCC's AddressSanitizer, nor any information
   disclosure.
 - Avoid left-shifts of negative integers in layer I decoding.

While we're at it, add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

mosquitto: bump version to 1.4.14

Drop CVE 2017-9868 patch as that is now upstream.

1.4.14 is a bugfix release, fixing significant websocket performance /
correctness issues.

Use HTTPS for the download as the server uses HSTS, thus saving a redirect.

While we're at it, add hashes for the license files.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

php: security bump to version 7.1.7

Fixes the following security issues:

CVE-2017-7890 - Buffer over-read into uninitialized memory.  The GIF
decoding function gdImageCreateFromGifCtx in gd_gif_in.c (which can be
reached with a call to the imagecreatefromstring() function) uses
constant-sized color tables of size 3 * 256, but does not zero-out these
arrays before use.

CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229 -
Out-of-bonds access in oniguruma regexp library.

CVE-2017-11144 - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before
7.1.7, the openssl extension PEM sealing code did not check the return value
of the OpenSSL sealing function, which could lead to a crash of the PHP
interpreter, related to an interpretation conflict for a negative number in
ext/openssl/openssl.c, and an OpenSSL documentation omission.

CVE-2017-11145 - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before
7.1.7, lack of a bounds check in the date extension's timelib_meridian
parsing code could be used by attackers able to supply date strings to leak
information from the interpreter, related to an ext/date/lib/parse_date.c
out-of-bounds read affecting the php_parse_date function.

CVE-2017-11146 - In PHP through 5.6.31, 7.x through 7.0.21, and 7.1.x
through 7.1.7, lack of bounds checks in the date extension's
timelib_meridian parsing code could be used by attackers able to supply date
strings to leak information from the interpreter, related to
ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date
function.  NOTE: this vulnerability exists because of an incomplete fix for
CVE-2017-11145.

While we're at it, add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

xserver_xorg-server: add upstream security fixes for CVE-2017-10971 / 10972

Add upstream patches fixing the following security issues:

CVE-2017-10971:
The endianess handling for X Events assumed a fixed size of X Event structures and
had a specific 32 byte stack buffer for that.

However "GenericEvents" can have any size, so if the events were sent in the wrong
endianess, this stack buffer could be overflowed easily.

So authenticated X users could overflow the stack in the X Server and with the X
server usually running as root gaining root prileveges.

CVE-2017-10972:
An information leak out of the X server due to an uninitialized stack area when swapping
event endianess.

For more details, see the advisory:

http://www.openwall.com/lists/oss-security/2017/07/06/6

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

efivar: fix build with gcc 7

Add upstream patch fixing a warning that breaks the build because of -Werror.

Fixes:
http://autobuild.buildroot.net/results/33a/33adc3ef139d6814aef4c92ae0bcc4c810ab0b86/
http://autobuild.buildroot.net/results/e7d/e7d80e823e13edc6698148244553bd90367bcd03/
http://autobuild.buildroot.net/results/3b6/3b61246f8b04a332d1c61732f0eb6e50ea8ca366/

Cc: Erico Nunes <nunes.erico@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

support/testing: unbreak run-tests -l

In commit b78b50465c20c1733753a8dd47945cf80c9155f8, the initialisation
of BRTest.builddir was moved to the __init__ function. However, it is
set based on BRTest.outputdir and that is only set when the -o argument
is given to run-tests. When called as "run-tests -l", there is no -o
argument so BRTest.outputdir remains unset.

To fix, keep BRTest.builddir at None when BRTest.outputdir is None.

While we're at it, drop the direct access to the class member. If a
subclass wishes to set outputdir to something else before calling
BRTest.__init__, they are free to do so.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reported-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

arch/arm: fix -mcpu default values for AArch64

We have to specify the -mcpu value, even in 64-bit mode.

For AArch64, +fp and +simd are the default, so they are totally useless.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

toolchain-external: default BR2_TOOLCHAIN_EXTERNAL_PATH to empty

It makes no sense to default to an arbitrary path. In addition, it in
fact works correctly when it is empty. In that case, the toolchain will
be searched in PATH.

Update the help text to explain the above, and also that the compiler
is supposed to be in the bin subdirectory.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

support/testing: move BRTest initialisation to __init__

BRTest's setUp() method contains a few assignments that initialize its
member variables. Since we will want to use these in test case
overrides, move them to the __init__ function.

Also allow the config member to be overridden, rather than always
taking the class member.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

support/testing: strip /usr/ part from HOST_DIR

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

toolchain-wrapper: remove remaining references to HOST_DIR/usr

Commit 14151d77af20ec50eeba6e30465debf87b35faaa that eliminated
$(HOST_DIR)/usr seriously missed the toolchain-wrapper - only a single
reference was updated, the other three were missed. Commit
015d68c84c9c6ad6f6d41f181d19d813f309088b removed one more. This commit
finally removes the two remaining ones.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

Makefile: properly create $(HOST_DIR)/usr compatibility symlink

Up to now we created the $(HOST_DIR)/usr compatibility symlink as part
of the creation of $(HOST_DIR) itself. However, when the user specifies
a custom BR2_HOST_DIR, it is possible that the directory already exists
so this rule will never trigger.

Therefore, add an explicit rule for creating $(HOST_DIR)/usr and add
this rule to the dependencies of the dirs target. HOST_DIR itself goes
back to the standard rule for directories. The order-only dependency of
STAGING_DIR isn't needed any more either: HOST_DIR is implicitly
created if needed by mkdir -p, and we don't need to trigger the
HOST_DIR rule any more if the directory already exists.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

i2c-tools: use upstream tarball

Tarballs of the releases are now again available:

https://www.spinics.net/lists/linux-i2c/msg30349.html

So change back to that instead of getting the source code from git.

While we're at it, add a hash for the license file.

[Peter: Also update Config.in homepage URL as pointed out by Baruch]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>