package/ninja: bump version to 1.10.2

- rebased 0001-set-minimum-cmake-version-to-3.10.patch

- removed 0002-remove-fdiagnostics-color-from-make-command.patch
  (superseeded by upstream commit [1])

- rebased package/ninja/0003-CMake-fix-object-library-usage.patch

[1] https://github.com/ninja-build/ninja/commit/418d59b8a6054ce9ef1a28c07c41d3a0bb386836

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libaio: bump version to 0.3.112

- remove 0001-src-Makefile-add-ENABLE_SHARED-boolean-to-allow-stat.patch
  (upstream committed [1])

- remove 0002-Makefile-add-missing-DESTDIR-variable-use.patch
  (upstream committed [2])

- remove 0003-Link-against-libgcc-to-avoid-unresolved-symbols.patch
  (upstream committed [3])

Changelog (from libaio.spec):
  - Add async poll support (Christoph Hellwig)
  - Use canonical DESTDIR= environment variable (Thomas Petazzoni)
  - Add ability to disable building the shared library (Thomas Petazzoni)

[1] https://pagure.io/libaio/c/970196192771eeda39fabcc59a5dae9613e871a8.patch
[2] https://pagure.io/libaio/c/4059161333a14a0c705efecc5765b6cb2a29ae02.patch
[3] https://pagure.io/libaio/c/de5775ea1b42ea83e305db9c17372e3f0a8dd3a3.patch

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/less: bump version to 563

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/iw: bump version to 5.9

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/hwdata: bump version to 0.342

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/hdparm: bump version to 9.60

Changes according to [1] and [2]:

- decode more bits from id[69], courtesy Adrián Kálazi.
- allow passing of custom LDFLAGS from the environment.
- add new "static" target.
- fix --dco-identify max sectors, courtesy of Paul Sultana.
- get rid of leftover "unknown" variables from identify.c
- fixed return values from get_log_page_data().
- support for ioSafe Solo with jMicron bridge.

[1] https://sourceforge.net/p/hdparm/news/2020/11/hdparm-959-is-released
[2] https://sourceforge.net/p/hdparm/news/2020/11/hdparm-960-is-released

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/dav1d: bump version to 0.8.0

Release notes:
https://code.videolan.org/videolan/dav1d/-/blob/master/NEWS

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/pngquant: bump version to 2.13.1

Reformatted hashes.

Changelog:
https://raw.githubusercontent.com/kornelski/pngquant/master/CHANGELOG

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/utf8proc: bump version to 2.6.0

Reformatted hashes.

Release notes:
https://github.com/JuliaStrings/utf8proc/releases/tag/v2.6.0

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/pulseaudio: bump version to 14.0

Reformatted hashes, switched _SITE to https.

Release notes:
https://lists.freedesktop.org/archives/pulseaudio-discuss/2020-November/031938.html
https://www.freedesktop.org/wiki/Software/PulseAudio/Notes/14.0/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/perl-type-tiny: bump to version 1.012000

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/perl-plack: bump to version 1.0048

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/perl-package-stash: bump to version 0.39

diff LICENSE:
-This software is copyright (c) 2018 by Jesse Luehrs.
+This software is copyright (c) 2020 by Jesse Luehrs.

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/perl-net-dns: bump to version 1.29

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/perl-moo: bump to version 2.004004

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/perl-json-maybexs: bump to version 1.004003

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/perl-http-entity-parser: bump to version 0.25

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/perl-http-cookies: bump to version 6.09

diff LICENSE:
-This software is Copyright (c) 2002-2019 by Gisle Aas.
+This software is Copyright (c) 2002 by Gisle Aas.

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/perl-file-listing: bump to version 6.14

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/perl-date-manip: bump to version 6.83

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

Merge branch 'next'

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Kickoff 2021.02 cycle

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

docs/website/news.html: add 2020.11 announcement link

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Update for 2020.11

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/gnuplot: security bump to version 5.4.1

- Fix CVE-2020-25412: com_line() in command.c in gnuplot 5.4 leads to an
  out-of-bounds-write from strncpy() that may lead to arbitrary code
  execution.
- Drop second patch (already in version)
- Update indentation in hash file (two spaces)

http://gnuplot.info/ReleaseNotes_5_4_1.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/docker-containerd: security bump to version 1.4.3

Fixes the following security issue:

- CVE-2020-15257: Access controls for the shim’s API socket verified that
  the connecting process had an effective UID of 0, but did not otherwise
  restrict access to the abstract Unix domain socket.  This would allow
  malicious containers running in the same network namespace as the shim,
  with an effective UID of 0 but otherwise reduced privileges, to cause new
  processes to be run with elevated privileges.

For more details, see the advisory:
https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/mksh: update to 59c

Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libxkbcommon: bump version to 1.0.3

For details see [1], changelog:

- Fix (hopefully) a segfault in xkb_x11_keymap_new_from_device() in some
  unclear situation (bug introduced in 1.0.2).

- Fix keymaps created with xkb_x11_keymap_new_from_device() don't have level
  names (bug introduced in 0.8.0).

[1] https://lists.freedesktop.org/archives/wayland-devel/2020-November/041660.html

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

configs/arm_foundationv8: bump to Linux 5.9.11

- Bump to the latest kernel v5.9.11 and require openssl.
- Switch to PSCI for bringing up the secondary CPUs.
- Switch to GICv3.
- Update the instruction in the readme.txt to use the latest FVP v8
  Foundation Platform 11.12 build 38, and to start 4 cores in SMP.

Signed-off-by: Vincent Stehlé <vincent.stehle@laposte.net>
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python-serial: bump to version 3.5

License hash changed due to year update.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python-serial-asyncio: bump to version 0.5

License hash changed due to year update.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python-aiohttp-jinja2: bump to version 1.4.2

License hash changed due to formatting change.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libuhttpd: fix static build with mbedtls and zlib

Fixes:
 - http://autobuild.buildroot.org/results/5891d12e90182460cde1ddfa0ca75e9fd55e3dff

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/makedumpfile: bump to version 1.6.8

Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/rust: bump to version 1.48.0

Update indentation in hash file (two spaces)

https://github.com/rust-lang/rust/blob/master/RELEASES.md#version-1480-2020-11-19

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/netsurf: fix build with gcc 10

Fixes:
 - http://autobuild.buildroot.org/results/e81568c2b4f5ef5d055c9b94e624ba2d23f50d16

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/netsurf: renumber patches

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/ejabberd: bump version to 20.07

- Fix the download url to reflect upstream website changes.
- Fix line numbers in patch 0001.

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/erlang-p1-xmpp: bump version to 1.4.10

upstream uses include_lib. Adapt the corresponding patch accordingly.

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/erlang-p1-yaml: bump version to 1.0.28

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/erlang-p1-sip: bump version to 1.0.38

upstream is finally using include_lib to include libraries. Adapt the patch
accordingly.

The hash of the license file has changed, due to:

-Copyright 2002-2019 ProcessOne SARL
+Copyright 2002-2020 ProcessOne SARL

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/erlang-p1-stun: bump version to 1.0.39

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/erlang-p1-stringprep: bump version to 1.0.23

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/erlang-p1-pkix: bump version to 1.0.6

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/erlang-p1-oauth2: bump version to 0.6.7

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/erlang-p1-acme: bump version to 1.0.9

The rebar.config.script file adds a dependency to base64url package. Since we remove
all rebar dependencies, add a patch to remove such dependency. Otherwise rebar would
try to download it during the build.

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/erlang-p1-yconf: bump version to 1.0.8

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/erlang-p1-mqtree: bump version to 1.0.10

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/erlang-jiffy: bump version to 1.0.6

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/erlang-p1-xml: bump version to 1.1.44

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/erlang-p1-tls: bump version to 1.1.9

The license file hash has changed due to:

-Copyright 2002-2019 ProcessOne SARL
+Copyright 2002-2020 ProcessOne SARL

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/erlang-p1-zlib: bump version to 1.0.9

The license file hash has changed due to:

-Copyright 2002-2019 ProcessOne SARL
+Copyright 2002-2020 ProcessOne SARL

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libcap: fix libcap.pc

libcap builds an incorrect libcap.pc because libdir is pulled from the
host os:

ifndef lib
lib=$(shell ldd /usr/bin/ld|egrep "ld-linux|ld.so"|cut -d/ -f2)
endif

Fix this error by passing lib=lib and prefix in
{HOST_LIBCAP,LIBCAP}_BUILD_CMDS

Fixes:
 - https://bugs.buildroot.org/show_bug.cgi?id=13276

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/x11r7/xserver_xorg-server: add upstream security fixes for CVE-2020-14360 / 25712

Fixes the following security issues:

* CVE-2020-14360 / ZDI CAN 11572 XkbSetMap Out-Of-Bounds Access

  Insufficient checks on the lengths of the XkbSetMap request can lead to
  out of bounds memory accesses in the X server.

* CVE-2020-25712 / ZDI-CAN-11839 XkbSetDeviceInfo Heap-based Buffer Overflow

  Insufficient checks on input of the XkbSetDeviceInfo request can lead to a
  buffer overflow on the head in the X server.

For more details, see the advisory:
https://www.openwall.com/lists/oss-security/2020/12/01/3

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

toolchain: add upstream fix for arc gcc

Fixes:
http://autobuild.buildroot.net/results/792/792e69eefc87d28b92972c452d5e230d86d9e114/

Upstream issue:
https://github.com/foss-for-synopsys-dwc-arc-processors/toolchain/issues/310

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

toolchain: update option descriptions for ARC tools arc-2020.09-release

https://git.buildroot.net/buildroot/commit/?id=0791abfba0227803b19895ea22326f4e17ac93dc

bumped
* Binutils 2.34.50 with additional ARC patches
* GCC 10.0.2 with additional ARC patches
* GDB 10.0.50 with additional ARC patches

but forgot to update the version numbers stored in option descriptions.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/erlang-eimp: bump version to 1.0.17

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/erlang-p1-cache-tab: bump version to 1.0.25

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/erlang-p1-utils: bump version to 1.0.20

Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/s390-tools: also set HAVE_LIBCURL

Set HAVE_LIBCURL when libcurl is available to enable genprotimg and
libekmfweb:
https://github.com/ibm-s390-tools/s390-tools/blob/master/README.md

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Alexander Egorenkov <egorenar@linux.ibm.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/setserial: add license hash

Also reformatted hash file.

Fixes:
http://autobuild.buildroot.net/results/d1c/d1ccecc74755155664cd17c8d33721c804a37b25/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/kmsxx: bump version to 5489056 and convert to meson build

- remove 0001-fix-compiler-errors-with-gcc-10.patch
  (upstream)

- remove 0002-added-include-string-to-card.h-to-follow-gcc10-porti.patch
  (upstream)

- convert to meson

- add patch to use system fmt instead of git submodule (fixes
  configure 'ERROR: Include dir ext/fmt/include does not exist.')

- add patch to use system pybind11 instead of git submodule (fixes
  configure 'ERROR: Include dir ext/pybind11/include does not exist.')

- add patch to use python only if pykms is enabled (fixes
  configure 'ERROR: Dependency "pybind11" not found, tried pkgconfig')

- add optional libevdev dependency (needed for utils/kmstouch)

- update LICENSE file hash (replaced short copyright notice and
  link to  http://mozilla.org/MPL/2.0/ with complete license text)

- lift toolchain headers requirement to at least 4.11 (include
  linux/dma-buf.h)

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/kmsxx: fix build with gcc 10

Fixes:
 - http://autobuild.buildroot.org/results/59f70fb725c2f07e27dc818839e02f2788ee490c

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/fmt: bump version to 7.1.3

For details see [1], [2], [3] and [4].

[1] https://github.com/fmtlib/fmt/releases/tag/7.1.0
[2] https://github.com/fmtlib/fmt/releases/tag/7.1.1
[3] https://github.com/fmtlib/fmt/releases/tag/7.1.2
[4] https://github.com/fmtlib/fmt/releases/tag/7.1.3

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/cups-filters: bump to version 1.28.4

While bumping, removing upstreamed patches. Removing also autoreconf
step cause we are not patching it anymore.
License hash is changed due to remove of notice for file
filter/sys5ippprinter.c.

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/s390-tools: fix build with netsnmp

Fix the following build failure:

/bin/sh: net-snmp-config: command not found
/home/buildroot/autobuild/run/instance-2/output-1/host/lib/gcc/s390x-buildroot-linux-gnu/9.3.0/../../../../s390x-buildroot-linux-gnu/bin/ld: osasnmpd.o: in function `main':
osasnmpd.c:(.text.startup+0xcc): undefined reference to `snmp_log_perror'

Moreover, replace perl-net-snmp dependency by netsnmp as osasnmpd is an
SNMP subagent for the net-snmp package:
https://github.com/ibm-s390-tools/s390-tools/blob/master/osasnmpd/osasnmpd.8

Fixes:
 - http://autobuild.buildroot.org/results/00796f2ebd5fb0e08ac7a05a9ee566f2bc4bd1c3

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Alexander Egorenkov <egorenar@linux.ibm.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/linux-firmware: install Ath10k QCA9377 sdio firmware

linux-firmware version 20201022 introduced a new sdio firmware for
QCA9377 sdio devices. Install it when support is selected.

Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/linux-firmware: bump version to 20201022

This update is motivated by the inclusion SDIO firmware for QCA9377 WiFi
cards in this new version. See [1].

The license file "WHENCE" content/checksum has changed, since it's an
index of firmware provenance and their licenses, and many new firmware
files were added.

For the full linux-firmware change log, see tag 20201022 log [2].

[1] https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=d7904d5b07a9e2c4cdd9f8b2c5a5faa9c6e665cf
[2] https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/log/?h=20201022

Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/linux-firmware: reformat hash file using the 2 spaces convention

For readability, this reformatting is done in a separate commit, as this
package contains many license files.

Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/bind: fix license hash

Commit 9679d3f0218519ea7a01f3b5fefb7f6dd23b138e forgot to update hash of
COPYRIGHT which was updated to replace http by https:
https://gitlab.isc.org/isc-projects/bind9/-/commit/400171aee8db87c3973987980327051a58a20a80

Fixes:
 - http://autobuild.buildroot.org/results/db614a6fa1e17af2fa5c1d4a0d51cdf770893ca9

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/environment-setup: add better kernel handling

Exporting ARCH and KERNELDIR makes easier to compile an external kernel
or out of tree kernel modules.

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/{mesa3d, mesa3d-headers}: bump version to 20.2.3

Release notes of this bugfix release:
https://lists.freedesktop.org/archives/mesa-announce/2020-November/000607.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libostree: bump to version 2020.8

Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python-pydal: bump to version 20200910.1

While bumping updating the sha256 computation method.

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/python-can: bump to verison 3.3.4

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/privoxy: security bump to version 3.0.29

From the release notes:

- Security/Reliability:
  - Fixed memory leaks when a response is buffered and the buffer
    limit is reached or Privoxy is running out of memory.
    Commits bbd53f1010b and 4490d451f9b. OVE-20201118-0001.
    Sponsored by: Robert Klemme
  - Fixed a memory leak in the show-status CGI handler when
    no action files are configured. Commit c62254a686.
    OVE-20201118-0002.
    Sponsored by: Robert Klemme
  - Fixed a memory leak in the show-status CGI handler when
    no filter files are configured. Commit 1b1370f7a8a.
    OVE-20201118-0003.
    Sponsored by: Robert Klemme
  - Fixes a memory leak when client tags are active.
    Commit 245e1cf32. OVE-20201118-0004.
    Sponsored by: Robert Klemme
  - Fixed a memory leak if multiple filters are executed
    and the last one is skipped due to a pcre error.
    Commit 5cfb7bc8fe. OVE-20201118-0005.
  - Prevent an unlikely dereference of a NULL-pointer that
    could result in a crash if accept-intercepted-requests
    was enabled, Privoxy failed to get the request destination
    from the Host header and a memory allocation failed.
    Commit 7530132349. CID 267165. OVE-20201118-0006.
  - Fixed memory leaks in the client-tags CGI handler when
    client tags are configured and memory allocations fail.
    Commit cf5640eb2a. CID 267168. OVE-20201118-0007.
  - Fixed memory leaks in the show-status CGI handler when memory
    allocations fail. Commit 064eac5fd0 and commit fdee85c0bf3.
    CID 305233. OVE-20201118-0008.

For more details, see the announcement:
https://www.openwall.com/lists/oss-security/2020/11/29/1

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libplist: drop duplicated COPYING hash

Commit 762119b4c5489352a889c2627eb37906647c375d resulted in a duplicated
line for COPYING hash so drop it

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/kmsxx: fix gcc-10.x compile

Backport upstream commit ([1]) adding missing string include.

Fixes:
  - http://autobuild.buildroot.net/results/53a5f023ae40db18f45ebe7578962914c2d22a44

  In file included from .../build/kmsxx-cb0786049f960f2bd383617151b01318e02e9ff9/kms++/inc/kms++/omap/omapcard.h:3,
                   from .../build/kmsxx-cb0786049f960f2bd383617151b01318e02e9ff9/kms++/src/omap/omapcard.cpp:2:
  .../build/kmsxx-cb0786049f960f2bd383617151b01318e02e9ff9/kms++/inc/kms++/card.h:17:18: error: 'string' in namespace 'std' does not name a type
     17 |  Card(const std::string& device);
        |                  ^~~~~~

[1] https://github.com/tomba/kmsxx/commit/b53f9d383c9189a897c44cd88a8fc1b871fdc8a2.patch

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/lynx: fix reproducible build issues

Fixes (part of) http://autobuild.buildroot.net/results/23fe4365ca65f37eace8265a70fbfb9723b8ee9d/

Lynx by default contains logic to generate a "configuration info" HTML page,
which leaks build paths, and adds the build timestamp to the version output.
Disable both when building in reproducible mode.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/jemalloc: add jemalloc-config to _CONFIG_SCRIPTS handling

Fixes (part of) http://autobuild.buildroot.net/results/23fe4365ca65f37eace8265a70fbfb9723b8ee9d/

jemalloc installs a jemalloc-config script, leaking build paths and breaking
reproducible builds (and per-package builds).

Add it to _CONFIG_SCRIPTS so the paths get fixed up for staging and the
script removed from target.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/mariadb: security bump to version 10.3.27

Fixes the following security issues:

- CVE-2020-15180: during SST a joiner sends an sst method name to the donor.
  Donor then appends it to the "wsrep_sst_" string to get the name of the
  sst script to use, e.g.  wsrep_sst_rsync.  There is no validation or
  filtering here, so if the malicious joiner sends, for example, "rsync `rm
  -rf /`" the donor will execute that too.

- CVE-2020-14812: Vulnerability in the MySQL Server product of Oracle MySQL
  (component: Server: Locking).  Supported versions that are affected are
  5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior.  Easily
  exploitable vulnerability allows high privileged attacker with network
  access via multiple protocols to compromise MySQL Server.  Successful
  attacks of this vulnerability can result in unauthorized ability to cause
  a hang or frequently repeatable crash (complete DOS) of MySQL Server.

- CVE-2020-14765: Vulnerability in the MySQL Server product of Oracle MySQL
  (component: Server: FTS).  Supported versions that are affected are 5.6.49
  and prior, 5.7.31 and prior and 8.0.21 and prior.  Easily exploitable
  vulnerability allows low privileged attacker with network access via
  multiple protocols to compromise MySQL Server.  Successful attacks of this
  vulnerability can result in unauthorized ability to cause a hang or
  frequently repeatable crash (complete DOS) of MySQL Server.

- CVE-2020-14776: Vulnerability in the MySQL Server product of Oracle MySQL
  (component: InnoDB).  Supported versions that are affected are 5.7.31 and
  prior and 8.0.21 and prior.  Easily exploitable vulnerability allows high
  privileged attacker with network access via multiple protocols to
  compromise MySQL Server.  Successful attacks of this vulnerability can
  result in unauthorized ability to cause a hang or frequently repeatable
  crash (complete DOS) of MySQL Server.

- CVE-2020-14789: Vulnerability in the MySQL Server product of Oracle MySQL
  (component: Server: FTS).  Supported versions that are affected are 5.7.31
  and prior and 8.0.21 and prior.  Easily exploitable vulnerability allows
  high privileged attacker with network access via multiple protocols to
  compromise MySQL Server.  Successful attacks of this vulnerability can
  result in unauthorized ability to cause a hang or frequently repeatable
  crash (complete DOS) of MySQL Server.

- CVE-2020-28912:
  https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-bui.pdf
  describes a named pipe privilege vulnerability, specifically for MySQL,
  where an unprivileged user, located on the same machine as the server, can
  act as man-in-the-middle between server and client.

Additionally, 10.3.27 fixes a regression added in 10.3.26.

Drop weak md5/sha1 checksums.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/gstreamer1/gst1-plugins-good: qmlgl needs gstreamer-gl-1.0

Build of qmlql fails without gstreamer-gl-1.0 since version 1.17.1 and
https://github.com/GStreamer/gst-plugins-good/commit/2ecba800bfbf177bc56999dc59ecdff00cbc353c

Fixes:
 - http://autobuild.buildroot.org/results/e1537ebac7cd70b6d868a8b7f0205ce3d8593508

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/bustle: fix license

bustle binaries are licensed under GPL-3.0:
https://gitlab.freedesktop.org/bustle/bustle/-/blob/bustle-0.7.5/LICENSE

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Update for 2020.11-rc3

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

configs/bananapi_m2_zero: bump Linux and U-Boot versions

Bump Linux kernel to 5.9.11 and U-Boot to 2020.10.

Signed-off-by: Vincent Stehlé <vincent.stehle@laposte.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

configs/aarch64_efi: bump kernel version

Bump Linux kernel version to 5.9.11.

Signed-off-by: Vincent Stehlé <vincent.stehle@laposte.net>
Cc: Erico Nunes <nunes.erico@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/lua-lyaml: bump to version 6.2.7

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/proftpd: security bump to version 1.3.6e

1.3.6e
---------
  + Fixed null pointer deference in mod_sftp when using SCP incorrectly
    (Issue #1043).

1.3.6d
---------
  + Fixed issue with FTPS uploads of large files using TLSv1.3 (Issue #959).

1.3.6c
---------
  + Fixed regression in directory listing latency (Issue #863).
  + Detect OpenSSH-specific formatted SFTPHostKeys, and log hint for
    converting them to supported format.
  + Fixed use-after-free vulnerability during data transfers (Issue #903)
    [CVE-2020-9273]
  + Fixed out-of-bounds read in mod_cap by updating the bundled libcap
    (Issue #902) [CVE-2020-9272]

http://proftpd.org/docs/RELEASE_NOTES-1.3.6e

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: mark as security bump, add CVEs]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/slirp: add upstream security fix for CVE-2020-29129 / CVE-2020-29130

While processing ARP/NCSI packets in 'arp_input' or 'ncsi_input'
routines, ensure that pkt_len is large enough to accommodate the
respective protocol headers, lest it should do an OOB access.
Add check to avoid it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libinput: bump version to 1.16.4

For details see [1].

[1] https://lists.freedesktop.org/archives/wayland-devel/2020-November/041664.html

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/x11r7/xserver_xorg-xserver: drop obsolete patch

Drop second patch following upstream review:
https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/555

Indeed, this patch has been dropped from openembedded since 2018 because
"it is forcing input to use SIGIO, despite the fact that since 2015
xserver has used an input thread.":
https://github.com/openembedded/openembedded-core/commit/cde11398e6d74ad8f27334199b4bd99cdf1f0ff7

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/qemu: use a system-wide slirp

Use a system-wide slirp now that we switched to the up to date
https://gitlab.freedesktop.org/slirp/libslirp

qemu already depends on libglib2 so we don't need to add any new
dependencies

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/vsftpd: S70vsftpd: correct -x argument to start-stop-daemon

Fixes #13341

The -x / --exec start-stop-daemon option expects the path to the executable,
not just the name, leading to errors when running the init script:

Starting vsftpd: start-stop-daemon: unable to stat //vsftpd (No such file or directory)

Reported-by: tochansky@tochlab.net
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/minidlna: security bump version to 1.3.0

Changelog:
https://sourceforge.net/p/minidlna/git/ci/master/tree/NEWS

Fixes CVE-2020-28926 & CVE-2020-12695.

Removed patch 0001 which was applied upstream:
https://sourceforge.net/p/minidlna/git/ci/b5e75ff7d160a02632cab416ff0af66504c7db8b/

Removed patch 0002 which was not applied upstream, upstream applied
a different fix for CVE-2020-12695:
https://sourceforge.net/p/minidlna/git/ci/06ee114731612462eb1eb1266f0431ccf59269d2/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/php: security bump version to 7.4.13

Rebased patches.

Changelog: https://www.php.net/ChangeLog-7.php#7.4.13

According to the release notes this is a "security bug fix release":
https://news-web.php.net/php.announce/301

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/lz4: bump version to 1.9.3

Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/linux-pam: bump to version 1.5.1

- Drop patches (already in version) and so autoreconf
- cracklib is not a dependency since
  https://github.com/linux-pam/linux-pam/commit/d702ff714c309069111899fd07c09e31c414c166

https://github.com/linux-pam/linux-pam/releases/tag/v1.5.0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/efl: fix build with wepb

webpdemux support in webp is mandatory since version 1.25.0 and
https://github.com/Enlightenment/efl/commit/df06418b6f39f3b8d73631bda33308b67736bb9d

Fixes:
 - http://autobuild.buildroot.org/results/736357e669c35bd56e818c0c7fabd1b455f40a5f

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

{linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.{4, 9}.x series

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

support/testing/tests/core/test_cpeid: new test

This commit adds a number of test cases to verify that the CPE_ID_*
variables are properly handled by the generic package infrastructure
and that the "make show-info" JSON output matches what we expect.

A total of 5 different example packages are used to exercise different
scenarios of CPE_ID_* variables usage.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>