package/ytree: new package

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/vnstat: bump version to 2.4

Added license hash.

vnstat as of version 2.0 requires sqlite:
https://github.com/vergoh/vnstat/commit/bb24d7bd0f5e9051872f88a98f8b7906b4959aa7

Added --disable-extra-paths to _CONF_OPTS to prevent build error:
https://github.com/vergoh/vnstat/commit/fffc15d877edf37ff42ab057e1f30c70e6e99314

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libite: bump version to 2.1.0

Added md5 hash provided by upstream.
Switched _SOURCE to .xz tarball provided by upstream.
This tarball contains a configure script so we do not need to
autoreconf anymore.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/apr: fix non-portable atomics

apr-1.7.0 added support for 8 bytes atomics for 32 bit archs
https://github.com/apache/apr/commit/2f61f960c81e4a45f3849baa7563812e7e526436

We need to adjust our _CONF_OPTS which fixes an apache build error.

Fixes:
http://autobuild.buildroot.net/results/f24/f2461c1ed542e050afd761db5faeaaff1f51775b/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Reviewed-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/jsoncpp: bump version to 1.9.1

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/jsoncpp: switch build system to meson

Bumping jsoncpp to 1.9.1 will cause a CMake-related build error:
https://github.com/open-source-parsers/jsoncpp/issues/970

To fix the bug upstream suggests to switch to meson:
"Our official policy has been only supporting the meson build, and
 having users submit fixes for the CMake build."
https://github.com/open-source-parsers/jsoncpp/issues/970#issuecomment-509794015

Remove all _CONF_OPTS as they are not supported by meson.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libpjsip: bump to 2.9

Updates:
 - remove patch now upstream
 - remove --disable-oss, not supported anymore
 - 2.9 supports gnutls, add optional dependency
 - bonus: switch to https for downloading

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/lrzip: new package

lrzip is a compression utility that excels at compressing
large files (usually > 10-50 MB)

Signed-off-by: Sam Lancia <sam@gpsm.co.uk>
[Thomas: license is GPL-2.0+, not GPL-2.0]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/expat: security bump to version 2.2.8

Fixes the following security vulnerability:

CVE-2019-15903: In libexpat before 2.2.8, crafted XML input could fool the
parser into changing from DTD parsing to document parsing too early; a
consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber)
then resulted in a heap-based buffer over-read.

While we're at it, also change to use .tar.xz rather than the bigger
.tar.bz2.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/ltp-testsuite: fix build with glibc 2.30

Fixes:
 - http://autobuild.buildroot.org/results/e8b72f5d93d3565d41364a52c0024a0292a06b41

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/luv: install libluv.pc.in

Archive 1.30.1-0 doesn't contain libluv.pc.in which will break the build

Fixes:
 - http://autobuild.buildroot.org/results/5ec6b5a3622c343f7e401b7da7d4a1da15be2733

This issue has been fixed upstream in
https://github.com/luvit/luv/commit/946784fba047bcd275554b5040949e3d70994b30,
which should be in the next release.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libcamera: link with atomic when needed

Fixes:
 - http://autobuild.buildroot.org/results/1f0b8338f5f39aa86b9d432598dae2f53c5f7c84

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/uclibc: fix termios redefinition issue for PowerPC

Fix redefinition of 'struct termios' by syncing termios powerpc headers
from glibc, the commit which fixed the same issue in glibc:

    d4795e4a43e6f0c221bc5dc64c612206a21a177b PowerPC: Fix termios definitions

    https://sourceware.org/git/?p=glibc.git;a=commit;h=d4795e4a43e6f0c221bc5dc64c612206a21a177b

it fixed the following bug request:

    https://bugzilla.redhat.com/show_bug.cgi?id=1122714

In case of Buildroot it fixes flashrom build for PowerPC.

Fixes:
http://autobuild.buildroot.net/results/797dde5cbf0e94162c7cc7b557841605c78ac2f3/

Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/x11r7/xlib_libXpm: add license file, add hashes

Add COPYRIGHT to LICENSE_FILES, and add hashes for both license files.

Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/x11r7/xlib_libXt: add license file hash

Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/x11r7/xlib_libXaw: add license file hash

Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/zsh: bump to version 5.7.1

Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/xxhash: bump to version 0.7.1

update hash for xxhsum.c, only code changes, not license.

Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/xterm: bump to version 348

Replace version.c by COPYING in LICENSE_FILES, and add a hash for the
license file.

Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
[Thomas: drop version.c in the license files, the newly introduced
COPYING file is much better]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/xtables-addons: bump to version 3.4

Add hash for LICENSE.

This version works with linux kernel 5.0 and newer. It requires
CONFIG_NF_NAT enabled in the kernel configuration, otherwise it fails
to build:

ERROR: "nf_nat_setup_info" [/home/thomas/projets/buildroot/output/build/xtables-addons-3.4/extensions/xt_DNETMAP.ko] undefined!

Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
[Thomas: enable CONFIG_NF_NAT in the kernel configuration.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/xfsprogs: bump to version 5.2.1

Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/wireshark: bump to version 3.0.3

Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/slang: bump to version 2.3.2

Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/rrdtool: bump to version 1.7.2

Update hash for license files (update in year and address, some
whitespace changes)

Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/aespipe: bump to version 2.4e

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

support/scripts/pkg-stats: simplify Git commit id retrieval

As suggested by Baruch Siach, using "git rev-parse HEAD" is a lot
simpler than playing around with "git log" to just retrieve the commit
id corresponding to the current HEAD.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/luvi: fixup the 'v' prefix in the version

In order for the luvi version to match what is given by
release-monitoring.org, the 'v' prefix should be encoded in
LUVI_SOURCE and LUVI_SITE and not LUVI_VERSION.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/openpowerlink: fixup the 'V' prefix in the version

In order for the openpowerlink version to match what is given by
release-monitoring.org, the 'V' prefix should be encoded in
OPENPOWERLINK_SOURCE and OPENPOWERLINK_SITE and not
OPENPOWERLINK_VERSION.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python-sip: add hashes for license files

Signed-off-by: Mohana Datta Yelugoti <ymdatta.work@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

configs/lafrite: new defconfig

Add basic support for the Libre Computer "La Frite" SBC.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/eudev: add missing user/groups "kvm" and "render"

They are required by the default udev rules.

Fixes: https://bugs.busybox.net/show_bug.cgi?id=12141
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

DEVELOPERS: add Pierre-Jean Texier for fping

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/fping: bump to version 4.2

See full Changelog: http://fping.org/dist/CHANGELOG.md

Also add hash for license file

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/luarocks: refactor Buildroot addon with new argparse module

The wellknown module `argparse` is now used by LuaRocks 3.2.0, instead
of a homemade argument parsing.

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/luarocks: fix generated configuration when luajit

this trick removes the need of the patch

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/luarocks: bump to version 3.2.1

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/eventlog: remove package

Since syslog-ng 3.11.1 eventlog has been bundled with the sources.
Remove the separate package.

We don't add Config.in.legacy handling because eventlog was only used
by syslog-ng, and was not really meant to be used by anyone else, so
there is no point in warning users who had this package enabled in
their configuration that it no longer exists, as it was only used by
syslog-ng, and syslog-ng now bundles eventlog.

Signed-off-by: Chris Packham <judge.packham@gmail.com>
[Thomas: extend explanation about why we don't have any
Config.in.legacy handling]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/paho-mqtt-c: bump to version 1.3.1

paho-mqtt-c 1.3.1 is the latest stable release. The latest release
contains various bug fixes and adds TLS-PSK encryption support.

Release notes: https://github.com/eclipse/paho.mqtt.c/milestone/6?closed=1

Signed-off-by: Julien Grossholtz <julien.grossholtz@openest.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

DEVELOPERS: add Yegor Yefremov to dhcpcd and nftables package

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/paho-mqtt-cpp: bump to version 1.0.1

Signed-off-by: Refik Tuzakli <refik.tuzakli@savronik.com.tr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/qemu: add optional dependency on nettle

Qemu can optionally depend on nettle if available, so we should take
into account this optional dependency.

Cc: Florian Wolters <florian@florian-wolters.de>
Signed-off-by: Alexander Dahl <post@lespocky.de>
[Thomas: reword commit log, so that it makes sense in the context of
upstream Buildroot]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/thttpd: fix systemd startup

Create the configuration file as /etc/thttpd.conf, as expected by the
systemd unit file.

This matches other web server packages that install configuration files
at /etc/lighttpd/, /etc/apache2, etc.

Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/bc: bump to 1.07.1

* Added license hash files
* Updated site to new GNU location
* Reconfig required to use newer automake
* Dropped patch for 01_array_initialize.patch as it was fixed
* Refactored patches for makeinfo variable and write io errs
* Added new dc fix exit code patch from Debian sid
* Added new libmath offline gen cross-compile patch from Yocto

Upstream patch status: Pending

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/links: add hash for COPYING file

Suggested-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

configs/raspberrypi0: use dedicated rpi0 dts file

Since the bump to the 20190819 snapshot there is now a dedicated dts file
for the rpi0, so use that rather than the rpi-b-plus one:

https://github.com/raspberrypi/linux/commit/bd1336d8b6544ce5c7ddb197c3d8c539082dac66

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

configs/raspberrypi0w: fix dts file name after kernel bump

Fixes #12816

Commit 42d22f3bdba41da ({configs/raspberrypi,package/rpi-firmware}: bump
kernel/firmware to 20190819 version) updated the kernel version but failed
to take into consideration that the rpi0w dts file has been renamed:

https://github.com/raspberrypi/linux/commit/6f91b5dbfdb62a434571a73f2dc15181963e3bea

Fix it by renaming the dts/dtb file referenced from the kernel build and
genimage.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/util-linux: create $(TARGET_DIR)/etc/pam.d if necessary

Useful for test purposes when we want to install util-linux with a
custom TARGET_DIR, e.g.

    $ make util-linux-reinstall TARGET_DIR=/tmp/util-linux

Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/kompexsqlite: use github macro

Use github macro and drop SOURCE variable to keep the default SOURCE
value which gives a much more sensible tarball name

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/thttpd: fix init script

The init script provided by thttpd is for FreeBSD. Add a custom one,
made specifically for Buildroot.

Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/flatcc: bump to version 0.6.0

Remove patch (already in version)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/findutils: bump to version 4.7

- Remove patches (already in version)
- Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/sslh: fixup the 'v' prefix in the version

In order for the sslh version to match what is given by
release-monitoring.org, the 'v' prefix should be encoded in
SSLH_SOURCE and not SSLH_VERSION.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/chrony: drop musl patch

This patch is not needed as musl defines SCM_TIMESTAMPING_PKTINFO since
version 1.1.19 and
https://git.musl-libc.org/cgit/musl/commit/?id=c35a8bf456ca6ef74e3cc7c4d8f63572bc1e1167

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/chrony: bump to version 3.5

Remove second patch (already in version)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/cbootimage: bump to version 1.8

- Remove patch (already in version)
- Remove glic or uclibc toolchain dependency, not needed since
  https://github.com/NVIDIA/cbootimage/commit/3b3c3cccf0640326229935be5ff702ac948fd51b
- Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/wireguard: bump version to 0.0.20190905

For details of the changes, see the announcement:
https://lists.zx2c4.com/pipermail/wireguard/2019-September/004483.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libnss: fix build failure on aarch64_be

Fixes:
http://autobuild.buildroot.net/results/bfd29593bb6c53d3e9e2d02d2ed6bea360d99c00/

In libnss there is a bug leading to build failure due to double declared
functions. This is due to 2 different #ifdef statements treating the
same function-set.

Add patch to fix this by making the 2 #ifdef statements equal.

Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

{linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.2.x series

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libcurl: security bump to version 7.66.0

Fixes the following security vulnerabilities:

CVE-2019-5481: FTP-KRB double-free
https://curl.haxx.se/docs/CVE-2019-5481.html

CVE-2019-5482: TFTP small blocksize heap buffer overflow
https://curl.haxx.se/docs/CVE-2019-5482.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/kompexsqlite: fixup the 'v' prefix in the version

In order for the kompexsqlite version to match what is given by
release-monitoring.org, the 'v' prefix should be encoded in
KOMPEXSQLITE_SOURCE and not KOMPEXSQLITE_VERSION.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/zziplib: fixup the 'v' prefix in the version

In order for the zziplib version to match what is given by
release-monitoring.org, the 'v' prefix should be encoded in
ZZIPLIB_SITE and not ZZIPLIB_VERSION.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/perl-class-std-fast: fixup the 'v' prefix in the version

In order for the perl-class-std-fast version to match what is given by
release-monitoring.org, the 'v' prefix should be encoded in
PERL_CLASS_STD_FAST_SOURCE and not PERL_CLASS_STD_FAST_VERSION.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/nodejs: security bump to version v10.16.3

Fixes the following security vulnerabilities:

- CVE-2019-9511 "Data Dribble": The attacker requests a large amount of data
  from a specified resource over multiple streams.  They manipulate window
  size and stream priority to force the server to queue the data in 1-byte
  chunks.  Depending on how efficiently this data is queued, this can
  consume excess CPU, memory, or both, potentially leading to a denial of
  service.

- CVE-2019-9512 "Ping Flood": The attacker sends continual pings to an
  HTTP/2 peer, causing the peer to build an internal queue of responses.
  Depending on how efficiently this data is queued, this can consume excess
  CPU, memory, or both, potentially leading to a denial of service.

- CVE-2019-9513 "Resource Loop": The attacker creates multiple request
  streams and continually shuffles the priority of the streams in a way that
  causes substantial churn to the priority tree.  This can consume excess
  CPU, potentially leading to a denial of service.

- CVE-2019-9514 "Reset Flood": The attacker opens a number of streams and
  sends an invalid request over each stream that should solicit a stream of
  RST_STREAM frames from the peer.  Depending on how the peer queues the
  RST_STREAM frames, this can consume excess memory, CPU, or both,
  potentially leading to a denial of service.

- CVE-2019-9515 "Settings Flood": The attacker sends a stream of SETTINGS
  frames to the peer.  Since the RFC requires that the peer reply with one
  acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost
  equivalent in behavior to a ping.  Depending on how efficiently this data
  is queued, this can consume excess CPU, memory, or both, potentially
  leading to a denial of service.

- CVE-2019-9516 "0-Length Headers Leak": The attacker sends a stream of
  headers with a 0-length header name and 0-length header value, optionally
  Huffman encoded into 1-byte or greater headers.  Some implementations
  allocate memory for these headers and keep the allocation alive until the
  session dies.  This can consume excess memory, potentially leading to a
  denial of service.

- CVE-2019-9517 "Internal Data Buffering": The attacker opens the HTTP/2
  window so the peer can send without constraint; however, they leave the
  TCP window closed so the peer cannot actually write (many of) the bytes on
  the wire.  The attacker then sends a stream of requests for a large
  response object.  Depending on how the servers queue the responses, this
  can consume excess memory, CPU, or both, potentially leading to a denial
  of service.

- CVE-2019-9518 "Empty Frames Flood": The attacker sends a stream of frames
  with an empty payload and without the end-of-stream flag.  These frames
  can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE.  The peer spends
  time processing each frame disproportionate to attack bandwidth.  This can
  consume excess CPU, potentially leading to a denial of service.
  (Discovered by Piotr Sikora of Google)

Notice that this version bump requires nghttp2 1.39.2.  It also includes an
(unconditional) embedded copy of brotli.

Update the license hash because of copyright year changes and the addition
of the MIT-style license text for large_pages and brotli.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/nghttp2: security bump to version 1.39.2

Fixes the following security issues:

CVE-2019-9511: Data Dribble
CVE-2019-9513: Resource Loop

For details, see the advisory:
https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/

Notice that libnghttp2 itself is not affected by these vulnerabilities, only
nghttpx and nghttpd (which are currently not built).

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/jo: bump to version 1.2

Drop the v prefix on the download URL as the 1.2 git tag is just '1.2' and
add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/ccache: bump to version 3.7.4

- Update CCACHE_SITE to github.

- The hash of the license file is updated. There were two changes:

  * The reference to the credits.html file changed from
    ccache.samba.org to ccache.dev

  * The MIT license text for minitrace.[ch] was added, but it doesn't
    change the fact that the whole is under GPL-3.0, and we anyway
    already had "GPL-3.0, others" in CCACHE_LICENSE

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
[Thomas: update the license file hash]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/luksmeta: bump to version v9

Bugfix release, fixing a potential infinite loop when handling the LUKS
header:

git shortlog v8..v9
Daniel Kopeček (2):
      Use asciidoc as the manual page source format
      Generate manual page from source during build time

Milan Broz (1):
      Fix infinite loop when initializing trimmed LUKS header.

Nathaniel McCallum (3):
      Fix invalid man page section reference
      Fix typos in the man page
      Release version 9

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/wine: bump to version 4.0.2

Signed-off-by: André Hentschel <nerv@dawncrow.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/links: bump to version 2.20

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gawk: bump to version 5.0.1

Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/nfs-utils: always use libtirpc and enable IPv6

nfs-utils selects rpcbind, and rpcbind unconditionally selects
libtirpc. Therefore, nfs-utils will never be used with the C library
RPC implementation: libtirpc will always be used. Consequently, all
the conditional logic to use libtirpc only if available is useless,
and we can use libtirpc unconditionally.

As an added bonus, this means that we can enable IPv6, because
libtirpc provides an IPv6-compatible RPC implementation.

Fixes: https://bugs.busybox.net/show_bug.cgi?id=10806
Signed-off-by: Carlos Santos <unixmania@gmail.com>
[Thomas: rework commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

support/scripts/pkg-stats: extract current commit id, not master

pkg-stats extracts the Buildroot commit id from which the package
information was collected. However, when doing so, it always assumes
we're using the master branch, by running "git log master".

But in fact, pkg-stats can be run from any branch/tag, so it makes a
lot more sense to use "git log HEAD".

Cc: victor.huesca@bootlin.com
Cc: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/zic: bump version to 2019c

Signed-off-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/tzdata: bump version to 2019c

Signed-off-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/ascii-invaders: drop the SOURCE variable

There is no need to override the SOURCE variable when the github macro
is used, and in fact keeping the default SOURCE value gives a much
more sensible tarball name, so let's drop the SOURCE variable
entirely.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/ascii-invaders: fixup the 'v' prefix in the version

In order for the ascii-invaders version to match what is given by
release-monitoring.org, the 'v' prefix should be encoded in
ASCII_INVADERS_SITE and not ASCII_INVADERS_VERSION.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/minimodem: new package

Minimodem is a command-line program which decodes (or generates)
audio modem tones at any specified baud rate, using various
framing protocols. It acts a general-purpose software FSK modem,
and includes support for various standard FSK protocols such as
Bell103, Bell202, RTTY, TTY/TDD NOAA SAME, and Caller-ID.

Signed-off-by: Alexander Kurz <akurz@blala.de>
[Thomas:
- switch from a depends on to a select for the libsndfile or
  pulseaudio or alsa dependency
- re-order statements in Config.in
- add missing host-pkgconf dependency]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

DEVELOPERS: add Pierre-Jean Texier for haveged

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/haveged: bump to version 1.9.6

This includes the following changes:

94079e6 Fixed invalid UTF-8 codes in ChangeLog
1470a82 Updated service.fedora
9596c53 Updated service.fedora
b50b59b New version 1.9.5
037e059 New version 1.9.5
2681d01 Added test for /dev/random symlink
0dac21b Update to automake 1.16
638e2f0 Fixed built issue on Cygwin
083f827 minimize diff
b38def1 minimize diff
e16369d take into account review by @nbraud
6dfce53 Remove support for CPUID on ia64
fc50dda [PATCH] Output some progress during CUSUM and RANDOM EXCURSION test
be4e481 NEWS: Cleanup extraneous whitespace
0815b3c Fixup upstream changelog
6d52229 Fix type mismatch in get_poolsize
90d00f7 service.redhat: update PIDFile
16a9726 fix segv at start
ceab89a init.d/Makefile.am: add missing dependency
01e3154 Diagnostics capture mode now works correctly by referencing the right variable during rng warmup
f219358 Fix segfault on arm machines

Also add a 'v' prefix in _SITE variable.

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/apitrace: bump to version 8.0

Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/syslog-ng: update version in config file

syslog-ng warns when using a configuration from an older version. Update
the version in the example config.

Fixes: 9695f3e069 ("package/syslog-ng: bump version to 3.22.1")
Signed-off-by: Chris Packham <judge.packham@gmail.com>
Tested-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python-sip: bump to version 4.19.13

Signed-off-by: Mohana Datta Yelugoti <ymdatta.work@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/socketcand: bump version

Change download location as the project is now part of the linux-can
organization.

Also remove an upstreamed patch.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

DEVELOPERS: adjust e-mail address for Refik Tuzakli

My email address will be deactivated in two weeks.

Signed-off-by: Refik Tuzakli <refik.tuzakli@savronik.com.tr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

docs/manual/adding-packages-python.txt: fix outdated Python 3 explanation

Python packages should no longer depend on BR2_PACKAGE_PYTHON in their
config file, unless they are only compatible with Python 2.

Signed-off-by: Raphaël Mélotte <raphael.melotte@essensium.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/iperf3: bump to 3.7

- Dropped musl and profiling patches as they were incorporated upstream.
- Profiling is set as explicitly disabled as it can now be configured.
- License file hash is changed due to an update in the copyright year:
  -"iperf, Copyright (c) 2014-2018, The Regents of the University of California,
  +"iperf, Copyright (c) 2014-2019, The Regents of the University of California,

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/uhubctl: bump to version 2.1.0

Update license file hash: copyright year update.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/protobuf: bump to version 3.9.1

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/protobuf-c: bump to version 1.3.2

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/capnproto: require GCC 5 for C++14

Adds dependency on at least GCC 5 to have C++14 language features that
are required starting in version 0.7.0 of capnproto.

Fixes:
http://autobuild.buildroot.org/results/5c09e745cab822d830f73e33647f3b0e765c9181
(capnproto build failure)

Fixes:
http://autobuild.buildroot.org/results/743c750e9932658c20965a25de89c3f21a1d43e9
(host-capnproto build failure)

This updated dependency is propagated to capnproto unique reverse
dependency, c-capnproto.

Signed-off-by: Koen Martens <gmc@sonologic.nl>
Signed-off-by: Joel Carlson <JoelsonCarl@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libqmi: bump to 1.22.6

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libuv: bump to version 1.32.0

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/smcroute: bump to 2.4.4

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/tclap: bump to 1.2.2

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

configs/acturus_ucls1012a: bump kernel and u-boot version

Fixes:

  https://gitlab.com/buildroot.org/buildroot/-/jobs/289126214

Signed-off-by: Oleksandr Zhadan <oleks@arcturusnetworks.com>
Signed-off-by: Michael Durrant <mdurrant@arcturusnetworks.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

DEVELOPERS: add Gerome Burlats as contact for Qemu defconfigs

Gerome Burlats recently took care of the Qemu defconfigs, so it makes
sense to list him as a contact for the maintenance of these
defconfigs.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Gerome Burlats <gerome.burlats@smile.fr>
Cc: Romain Naour <romain.naour@smile.fr>
Acked-by: Gerome Burlats <gerome.burlats@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

DEVELOPERS: remove Pranit Sirsat, e-mail bounces

<Pranit.Sirsat@imgtec.com>: host mxa-00376f01.gslb.pphosted.com[91.207.212.86]
    said: 550 5.1.1 User Unknown (in reply to RCPT TO command)

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/openal: bump to version 1.19.1

Add hash for license file.

Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/nmap: bump to version 7.80

The hash of the license file changed due to this single change of the
copyright year:

- * The Nmap Security Scanner is (C) 1996-2018 Insecure.Com LLC ("The Nmap  *
+ * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap  *

Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libv4l: bump to version 1.16.6

Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>