linux-headers: bump 4.{4, 9}.x series

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/mpd: fix static linking with tremor

Although tremor (the library is named vorbisidec) provides a pkg-config
file, mpd does not use it to find tremor. Since version 0.20 does throw
an error instead of a warning, that's why the issue was left unnoticed
by the autobuilders.

Help mpd to find tremor by providing the path to the library and passing
LIBS through the environment. We use the host pkg-config tool to get the
correct values from the vorbisidec.pc file.

Fixes:
http://autobuild.buildroot.net/results/6b9/6b97403e70caa12c32494b1c82ce61d3e4e456f6/

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

configs/mx6sx_udoo_neo: Bump to U-Boot 2017.01

Bump to U-Boot 2017.01, which supports mx6sx_udoo_neo by default.

Remove the U-Boot patch that we used for the previous version.

Also adjust the 'fdtfile' name as it has been changed in U-Boot
mainline.

[Peter: part 2, boot.scr / defconfig changed accidently got dropped]
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/ustr: fix ldconfig for host build

The host build of the ustr package also needs to not run the ldconfig to
prevent a build failure caused by the symlink creating a race condition.
Related commit for target build change was 22069232.

Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

collectd: fix libgcrypt support

For the newer versions the collectd configure script expects
libgcrypt-config as parameter rather than the location for the
libgcrypt-config script. Adjust the package to account for this.
Fixes:
http://autobuild.buildroot.net/results/a49/a494bc905e4509528c4932f76a094b9ea8e70bd3/

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

configs/mx6sx_udoo_neo: Bump to U-Boot 2017.01

Bump to U-Boot 2017.01, which supports mx6sx_udoo_neo by default.

Remove the U-Boot patch that we used for the previous version.

Also adjust the 'fdtfile' name as it has been changed in U-Boot
mainline.

Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

php: bump version to 7.1.0 (security)

Fixed CVEs:
 - CVE-2016-9933 (imagefilltoborder stackoverflow on truecolor images)
   http://bugs.php.net/72696
 - CVE-2016-9934 (NULL Pointer Dereference in WDDX Packet
   Deserialization with PDORow)
   http://bugs.php.net/73331

Full ChangeLog:
  http://php.net/ChangeLog-7.php#7.1.0

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

php-imagick: bump version to 3.4.3RC1

This version is marked as "stable" on php-imagick's website, plus is
necessary for the upcoming php-7.1 version bump.

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

nano: bump version to 2.7.4

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

btrfs-progs: bump version to 4.9

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

kexec-lite: add KEXEC_LITE_LICENSE_FILES

Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

flac: fix benchmark linking issue with older glibc versions

Fixes:
http://autobuild.buildroot.net/results/b64/b643824d797050d7c001a3b72598158d8f1c6128/
http://autobuild.buildroot.net/results/a2f/a2f2d7b4e9e7b57bc8691e3ec29ecf818be3f79b/

The benchmark tool uses clock_gettime which is available in librt instead of
libc in older glibc versions.  The build system correctly links with -lrt on
Linux systems, but misdetects non-x86 linux systems as !linux, causing build
failures.

Add a patch to relax the linux OS detection to also work on non-x86 systems.

Patch submitted upstream:
http://lists.xiph.org/pipermail/flac-dev/2017-January/006103.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

olimex_a20_olinuxino_lime: bump versions

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

olimex_imx233_olinuxino: bump versions

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

configs/warp7: Bump U-Boot to 2017.01 version

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

uboot-tools: bump to version 2017.01

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

boot/uboot: bump to version 2017.01

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

ser2net: bump version to 3.3

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

nano: bump version to 2.7.3

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

lua-messagepack: bump version to 0.4.0

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

libnss: bump to version 3.27.2

Fixes a memory leak in SSL_SetTrustAnchors():
https://bugzilla.mozilla.org/show_bug.cgi?id=1318561

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

libnspr: bump to version 4.13.1

Reverts a non-backwards compatible change to the pipe handling:
https://bugzilla.redhat.com/show_bug.cgi?id=1383918

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

lttng-babeltrace: bump version to 1.5.1

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

gnutls: security bump to version 3.5.8

The 3.5.x has been promoted to stable, hence 3.4.x is deprecated and
3.3.x kept as old-stable.

libdane now specifies LGPLv2.1+ so drop the README kludge (which is also
gone regarding licensing).

libunistring is a new dependency, even though gnutls ships a builtin version
we prefer to use unbundled to avoid duplication with other users and target
size growth.

Fixes:

GNUTLS-SA-2017-01 - It was found using the OSS-FUZZ fuzzer
infrastructure that decoding a specially crafted X.509 certificate with
Proxy Certificate Information extension present could lead to a double
free.
GNUTLS-SA-2017-02 - It was found using the OSS-FUZZ fuzzer
infrastructure that decoding a specially crafted OpenPGP certificate
could lead to heap and stack overflows.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

imagemagick: bump version to 7.0.4-3 (security)

Fixes CVE-2016-8707 (Fix possible buffer overflow when writing
compressed TIFFS). This CVE fix is included since 7.0.3-9:
  http://git.imagemagick.org/repos/ImageMagick/commit/fde5f55af94f189f16958535a9c22b439d71ac93

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

cjson: bump version to v1.2.0

Also remove the patch since it's already contained in this release.

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

sqlite: bump to version 3.16.2

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libvpx: disable on blackfin

Fixes
http://autobuild.buildroot.net/results/533/533810941afbdd71cdd3eaeeb654ec3728daade0/

Triggers toolchain issue:
/tmp/ccpKbTiO.s: Assembler messages:
/tmp/ccpKbTiO.s:3800: Error: pcrel too far BFD_RELOC_BFIN_5

[Peter: extend commit message]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

nmon: not available on uclibc/musl

Fixes:
http://autobuild.buildroot.net/results/70c/70ce1aa234e321884469d04282f80750bcf9abc8/

nmon uses fstab.h which is only provided by glibc.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

mysql: propagate common dependencies to toplevel config

Commit 3d707d2b (mysql: rename package to oracle-mysql, make a virtual
package) introduced a user selectable virtual BR2_PACKAGE_MYSQL package, but
didn't propagate the (common) dependencies of the two variants to it, so the
virtual package can now be selected even though neither of the variants are
available.

As several packages enable mysql support when BR2_PACKAGE_MYSQL is selected,
this causes a number of autobuilder issues:

http://autobuild.buildroot.net/results/7fe/7fe0d0a3e7ed0430852dc42b718dd037557207e8/
http://autobuild.buildroot.net/results/cc4/cc4c2d936f3e1ba6c0a9782b2218de54a4ff75d2/

Fix it by propagating the common dependencies of the two variants to the
virtual package to ensure it cannot be enabled unless at least one of them
are available.

Also move the toolchain comment outside the conditional so it is visible
when mysql isn't available.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

gst1-plugins-bad: Add kmssink support

Add support for the KMS video sink element. From the Gstreamer 1.10
release notes:

"New element kmssink to render video using Direct Rendering Manager (DRM)
and Kernel Mode Setting (KMS) subsystems in the Linux kernel. It is oriented
to be used mostly in embedded systems."

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

memcached: bump to version 1.4.34

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

linux: bump default to version 4.9.2

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

linux-headers: bump 4.{4, 8, 9}.x series

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

nodejs: bump to version 6.9.4

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

qextserialport: really disable target (and not staging) install for static builds

Commit f09b33a0a (qextserialport: fix static build) adjusted the logic for
static builds, but the change contained a typo - It disabled
_INSTALL_STAGING for static builds, not _INSTALL_TARGET.

The autobuilders didn't detect this as nothing links against qextserialport
(so the missing staging install didn't cause issues) and the target install
command was only defined for !static.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

pkg-perl: set PERL_USE_UNSAFE_INC

Recent perls are built with the `default_inc_excludes_dot` option.
As many CPAN modules rely on '.' in @INC, the toolchain
must set `PERL_USE_UNSAFE_INC`.

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

DEVELOPERS: Add entry for upower

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

nodejs: re-add 6.x patches

Commit 3fd9c062e (nodejs: bump to version 6.9.2) bumped the 6.x version but
forgot to rename the patch directory, so the patches were no longer used.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

uclibc: add locale/iconv related bugfixes

- do not remove iconv.h when UCLIBC_HAS_LOCALE enabled
- select UCLIBC_HAS_LIBICONV when UCLIBC_HAS_LOCALE enabled

Fixes:
   http://autobuild.buildroot.net/?reason=libglib2-2.50.2&step=250

Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

efl: optional 'upower' ecore system module.

Ecore will reach 'upower' using D-Bus system bus in order to detect if
the system state changes and let applications know about the power
state such as low battery or AC power in order to optimize their power
consumption.

For host this is not needed and would not work, since output/host DBus
declares its own output/host/var/run/dbus/system_bus_socket, which has
no dbus-daemon and thus no services in it.

For target it's optional and only installed if BR2_PACKAGE_UPOWER=y,
otherwise it prints error messages about missing upower service.

Signed-off-by: Gustavo Sverzut Barbieri <barbieri@profusion.mobi>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Acked-by: Romain Naour <romain.naour@gmail.com>
Tested-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/upower: new package

Backport an upstream patch.

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Gustavo Sverzut Barbieri <barbieri@profusion.mobi>
Reviewed-by: Gustavo Sverzut Barbieri <barbieri@profusion.mobi>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/x11r7/xserver_xorg-server: AIGLX Extension removed in 1.19.0

https://cgit.freedesktop.org/xorg/xserver/commit/?id=501d8e2beb337e072c93c9310fcd927a099b9c3b

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Acked-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

python-arrow: new package

Signed-off-by: David Bachelart <david.bachelart@bbright.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

python-chardet: new package

Signed-off-by: David Bachelart <david.bachelart@bbright.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

python-whoosh: new package

Signed-off-by: David Bachelart <david.bachelart@bbright.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

nmon: new package

[Peter: add _LICENSE_FILES, pass TARGET_CFLAGS/LDFLAGS, indent]
Signed-off-by: David Bachelart <david.bachelart@bbright.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

bash: add upstream fixes to patch level 5

We unfortunately cannot easily download these because of the file names (not
ending in patch) and patch format (p0), so convert to p1 format and include
in package/bash.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

ifenslave: new package

[Peter: handle busybox applet interaction, add comment explaining no build
needed]
Signed-off-by: David Bachelart <david.bachelart@bbright.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

libmad: disable ASO support for thumb-only ARM cores

Fixes:
http://autobuild.buildroot.net/results/8d4/8d4ea8613487297f2c33f3b9cbd8903cfb96e4c6/

The ARM specific optimizations enabled by LIBMAD_ASO needs classic ARM
instructions support, so disable for thumb-only cores.

[Peter: don't drop default y as pointed out by Baruch Siach]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

uclibc: add kernel module syscall wrappers

Revert the decision to remove the wrappers, but remove the extra
Config symbol and add it by default. Required for kmod package.

Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

libpng: bump to version 1.6.28

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

harfbuzz: bump to version 1.4.1

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

libvncserver: security bump to version 0.9.11

Security related fixes:
- Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer
  before 0.9.11 (CVE-2016-9941)

- Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer
  before 0.9.11 (CVE-2016-9942)

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

irssi: security bump to 0.8.21

Bugfixes:

- CVE-2017-5193: Correct a NULL pointer dereference in the nickcmp function
  found by Joseph Bisch (GL#1)

- CVE-2017-5194: Correct an error when receiving invalid nick message (GL#4,
  #466)

- CVE-2017-5195: Correct an out of bounds read in certain incomplete control
  codes found by Joseph Bisch (GL#2)

- CVE-2017-5196: Correct an out of bounds read in certain incomplete
  character sequences found by Hanno Böck and independently by J.  Bisch
  (GL#3)

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

linux: bump default to version 4.9.1

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

linux-headers: bump 4.{4, 8, 9}.x series

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

libnice: bump to version 0.1.13

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

python-pudb: new package

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

harfbuzz: bump to version 1.4.0

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/perl: change tarball compression to xz

Also update hash file.

Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

mpd: needs toolchain with C++14 support

Fixes:
http://autobuild.buildroot.net/results/3fe/3fe440c0b9d05acb44553a8f02f688570e06bca9/
http://autobuild.buildroot.net/results/9b9/9b9659ba30afde49912276fe7f9c282953a352ab/
http://autobuild.buildroot.net/results/208/208bb987f52b8ba65e3c6fc9b6e917dbd44c0fbd/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/{mesa3d, mesa3d-headers}: bump version to 13.0.3

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

heimdal: bump to version 7.1.0

Drop upstream patches and related autoreconf.
Re-enable parallel builds to check against the autobuilders.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

docs: Add bc to required tools

We check for bc under required packages.  It should be listed as such in the
docs.

Signed-off-by: Marcus Hoffmann <m.hoffmann@cartelsol.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

libgtk3: bump to version 3.22.6

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

gdk-pixbuf: bump to version 2.36.3

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

samba4: bump to version 4.4.9

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

sqlite: bump to version 3.16.1

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/mpd: bump version to 0.20

Drop patch #0002 which was already fixed upstream long time ago in
commit 276a0d9500b8efc879e4f0c23e9d0e361849e295 using a slightly
different approach.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

firmware-imx: remove Makefile from target

Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

alsa-utils: disable manpages generation from reStructured text

The alsaucm man page rst source file is missing in the tarball. When rst2man
is detected on the host, build fails:

make[2]: *** No rule to make target 'alsaucm.1', needed by 'all-am'.  Stop.

Upstream added[1] the missing file to the tarball to fix this issue. But since
we don't need the manpage to begin with, just disable rst2man to shorten build
time by a few milliseconds.

[1] http://git.alsa-project.org/?p=alsa-utils.git;a=commitdiff;h=c6bdde171e1532f7b37333a5a746b6e662f12c53

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Acked-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/nut: bump version

Update our patches:
  - drop patch 1, replaced by an upstream equivalent; adapt config
    options and env accordingly,
  - drop patch 2, applied upstream,
  - rename patch 3

gdlib-config and net-snmp-config are only used when said support is
enabled (resp. CGI and SNMP), so no need to pass them unconditionally.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

perl-cross: bump to version 1.1.2

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

perl: bump to version 5.24.0

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

clamav: fix configure breakage after zlib 1.2.10 version bump

Fixes:
http://autobuild.buildroot.net/results/b6b/b6ba2dfb42ee41ed0b8304aa8c78645245f3b341/
http://autobuild.buildroot.net/results/eef/eef9a2dda2c172cd600dc74c1e5e60476d92280d/
http://autobuild.buildroot.net/results/827/82798118795aa6334b4dd6eac06777682131da7f/

The clamav configure script by default checks for old zlib versions with
known vulnerabilities and errors out if found:

configure: error: The installed zlib version may contain a security bug.
Please upgrade to 1.2.2 or later: http://www.zlib.net.  You can omit this
check with --disable-zlib-vcheck but DO NOT REPORT any stability issues
then!

The check is unfortunately not very robust as it simply checks for a version
string matching '1.2.1' (which 1.2.10 does):

vuln=`grep "ZLIB_VERSION \"1.2.1" $ZLIB_HOME/include/zlib.h`

As a workaround, pass --disable-zlib-vcheck to skip this check.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

ca-certificates: bump to version 20161130

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

gd: security bump to version 2.2.3

Security related fixes:
This flaw is caused by loading data from external sources (file, custom ctx,
etc) and are hard to validate before calling libgd APIs:

- fix php bug 72339, Integer Overflow in _gd2GetHeader (CVE-2016-5766)
- bug #248, fix Out-Of-Bounds Read in read_image_tga
- gd: Buffer over-read issue when parsing crafted TGA file (CVE-2016-6132)

Using application provided parameters, in these cases invalid data causes
the issues:

 - Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207)
 - fix php bug 72494, invalid color index not handled, can lead to crash ( CVE-2016-6128)
 - improve color check for CropThreshold

The build system now enables -Wall and -Werror by default, so pass
--disable-werror to disable that.  Notice that this issue has been fixed
upstream post-2.2.3:

https://github.com/libgd/libgd/issues/339

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

libopenh264: bump to version 1.6.0

Contains a number of bugfixes, some of which may be security related:

http://www.openwall.com/lists/oss-security/2017/01/02/1

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

granite: bump to version 0.4.0.1

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/zlib: bump version to 1.2.10

Changed _SITE url to the upstream project site because Sourceforge does
not provide the tarball for 1.2.10 as of now.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

mpv: bump to version 0.23.0

enca and libguess options have been dropped so adjust accordingly.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

flac: bump to version 1.3.2

And delete upstream patches.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

collectd: fix riemann write plugin dependencies

Fixes:
http://autobuild.buildroot.org/results/fe5/fe5b5ed6355a794e84894c4aaf62eda6529ed184/
http://autobuild.buildroot.org/results/6c3/6c393cffb6ad4e676e311e9fc23ddbb2bcc2cf36/

The plugin uses the riemann-c-client library since commit d55584214206
(write_riemann: Use riemann-c-client), so adjust the dependencies to match.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

riemann-c-client: new package

Riemann-c-client is a C client library for the Riemann monitoring system,
providing a convenient and simple API, high test coverage and a copyleft
license, along with API and ABI stability.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

configs/mx53loco: Bump kernel and U-Boot versions

Bump Linux kernel versio to 4.9 and U-Boot to 2016.11.

Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

m4: bump to version 1.4.18

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

musl: security bump to version 1.1.16

Fixes:
CVE-2016-8859 - fixes a serious under-allocation bug in regexec due to
integer overflow.

Drop upstream patch.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

xz: bump to version 5.2.3

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

freetype: bump to version 2.7.1

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

sqlite: bump to version 3.16

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

weston: fix DEPENDENCIES typo

Fixes a build failure with the PPS patchset since libva isn't populated.

Signed-off-by: Gustavo Zacarias <gustavo.zacarias@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

mpv: fix DEPENDENCIES typo

Signed-off-by: Gustavo Zacarias <gustavo.zacarias@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

skalibs: make ld use dummy file when configuring

For some architectures, like Xtensa or HPPA, ld from binutils requires
the output file to be a regular file, as mentioned in a bug report on
the mailing list [1].

So, use a dummy file as output file for ld, instead of /dev/null, when
trying to detect some libraries at configuration time.

Fixes http://autobuild.buildroot.net/results/288/288fc31cd10ffe3cd93371c7be37d79452a91768/

[1] https://sourceware.org/bugzilla/show_bug.cgi?id=19526

Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

udoo: mx6qdl: Use the preferred form for disabling a symbol

Even though 'CONFIG_USB=n' does the job, let's switch to the more
standard way for disabling a Kconfig symbol.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

package/intltool: remove target variant

The target variant depends on BR2_HOST_ONLY which is just like BROKEN
(i.e not defined anywere). BR2_HOST_ONLY was introduced by [1] back in
2010 and nobody seems to need it. So remove intltool for the target.

[1] 0b876d39776fdec69762b988216e5ed64dbe6ba8

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

package/systemd-bootchart: bump version

Get rid of our patch, applied upstream. Which means we no longer need to
run intltoolize. So drop the dependency on host-intltool

Fixes:
    http://autobuild.buildroot.net/results/696/696254009f830134ef9398369ca2cbb257b33f52/
    http://autobuild.buildroot.org/results/aca/aca210de7d3f2eda54e5630206e9ff80d72d85c5/
    http://autobuild.buildroot.org/results/e5d/e5df8d11bfce4ba7a4c5c760b4784c31c506d8d4/

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Reviewed-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

configs/warpboard: Select BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_MDEV

BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_MDEV allows the Broadcom wireless driver
to be automatically loaded on boot.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

configs/warpboard: Bump kernel and U-Boot versions

Bump kernel to version 4.9 and U-Boot to 2016.11.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/busybox: add patch to fix dependency for IFUPDOWN_UDHCPC_CMD_OPTIONS

Upstream commit a8c696bf09d8151323f6e99348c4bc8989f829c8 makes ifup and
ifdown individually selectable, but forgets to update the dependency to
IFUPDOWN_UDHCPC_CMD_OPTIONS, so it is not selectable anymore.

Add a patch which fixes the dependency by checking for IFUP or IFDOWN,
instead of the obsolete IFUPDOWN.

Upstream status: Pending
http://lists.busybox.net/pipermail/busybox/2016-December/085034.html

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>