package/kodi-pvr-mediaportal-tvserver: bump version to 8.2.1-Matrix

Changelog:
https://github.com/kodi-pvr/pvr.mediaportal.tvserver/blob/Matrix/pvr.mediaportal.tvserver/changelog.txt

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/kodi-pvr-hdhomerun: bump version to 7.1.1-Matrix

Changelog:
https://github.com/kodi-pvr/pvr.hdhomerun/blob/Matrix/pvr.hdhomerun/changelog.txt

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/kodi-pvr-dvblink: bump version to 9.1.2-Matrix

Changelog:
https://github.com/kodi-pvr/pvr.dvblink/blob/Matrix/pvr.dvblink/changelog.txt

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/kodi-pvr-argustv: bump version to 7.1.2-Matrix

Changelog:
https://github.com/kodi-pvr/pvr.argustv/blob/Matrix/pvr.argustv/changelog.txt

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/nfs-utils: needs uuid

Build of nfs-utils without uuid is broken since bump to version 2.5.4 in
commit 0ce30de72fb303768c5865949b8ce9260d0c43f5: the --enable-uuid
option is now ill-named, it now only checks for libblkid:
    http://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commitdiff;h=c5528f40f9db5061e06dcf1f9b7fce5185b376c6

Cleaning this up is upstream's role, though.

Fixes:
 - http://autobuild.buildroot.org/results/510b3425943f2e31b024c99b3552419a80c2f9f3

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/dovecot: ignore CVE-2016-4983

CVE-2016-4983 is an issue in a postinstall script in the dovecot rpm,
which is part of the Red Hat packaging and not part of upstream dovecot

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/libuci: ignore CVE-2019-15513

CVE-2019-15513 was fixed upstream in 2015 with commit
19e29ffc15dbd958e8e6a648ee0982c68353516f, which is older than the commit
we currently use in LIBUCI_VERSION.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: reword comment and commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/libuci: add LIBUCI_CPE_ID_VENDOR

cpe:2.3:a:openwrt:libuci is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aopenwrt%3Alibuci

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/qt5base: fix another gcc-11 compile failure

- add upstream patch fixing gcc-11 compile failure (missing
  limits include)

Fixes:

  In file included from ../../../include/QtCore/5.15.2/QtCore/private/qoffsetstringarray_p.h:1,
                   from ../../dbus/qdbuserror.cpp:44:
  ../../../src/corelib/tools/qoffsetstringarray_p.h:70:22: error: ‘numeric_limits’ is not a member of ‘std’
     70 |         Last <= std::numeric_limits<quint8>::max(),
        |                      ^~~~~~~~~~~~~~
  ../../../src/corelib/tools/qoffsetstringarray_p.h:70:43: error: wrong number of template arguments (1, should be 3)
     70 |         Last <= std::numeric_limits<quint8>::max(),
        |                                           ^

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/feh: add FEH_CPE_ID_VENDOR

cpe:2.3:a:feh_project:feh is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Afeh_project%3Afeh

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/nfs-utils: fix build with libtirpc

Help nfs-utils to find the path of libtirpc

Fixes:
 - http://autobuild.buildroot.org/results/a5eaf19f58729c4c00a2131b6a0c378c0fc0effb

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
  - take the opportunity to move HOST_NFS_UTILS_DEPENDENCIES
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/libtirpc: install full host package

Install full host package for rpc.h and all other headers to avoid the
following build failure with host-nfs-utils in version 2.5.4 raised
since commit 0ce30de72fb303768c5865949b8ce9260d0c43f5:

checking rpc/rpc.h usability... no
checking rpc/rpc.h presence... no
checking for rpc/rpc.h... no
configure: error: Header file rpc/rpc.h not found - maybe try building with --enable-tirpc

This build failure is raised by
http://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commit;h=be7365239abf8556773b063730621967b9971708

Fixes:
 - http://autobuild.buildroot.org/results/a5eaf19f58729c4c00a2131b6a0c378c0fc0effb

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

Revert "package/libtirpc: install rpc.h"

This reverts commit b991962993357092625e5b18d8203acd1e9b8b1f, which was
incomplete and did not actually fix the issue it purported to fix, and
we'll soon commit a proper fix.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: explain the reason for reverting]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

boot/uboot: add missing dependency to host-pkgconf

Commit 2eaa6d0f3629 (boot/uboot: fix uboot building host tools on x86
architecture) added use of $(PKG_CONFIG_HOST_BINARY), but forgot to add
the corresponding build-ordr dependency.

Add this missing depenency now.

Additionally, the associated test had an explicit host pkgconf enbled in
its configuration. This is superfluous now that uboot properly depends
on host-pkgconf, so drop that from the test.

Note: it hapenned to work, because host-pkgconf, when explicitly enabled
in the configuration, and without per-package directories, would build
before uboot and thus be available. This would fail with PPD, though,
and thus would break for TLPB.

Reported-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/avahi: fix CVE-2021-36217

Avahi 0.8 allows a local denial of service (NULL pointer dereference and
daemon crash) against avahi-daemon via the D-Bus interface or a "ping
.local" command.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/putty: fix CVE-2021-36367

PuTTY through 0.75 proceeds with establishing an SSH session even if it
has never sent a substantive authentication response. This makes it
easier for an attacker-controlled SSH server to present a later spoofed
authentication prompt (that the attacker can use to capture credential
data, and use that data for purposes that are undesired by the client
user).

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/pcre2: add PCRE2_CPE_ID_VENDOR

cpe:2.3:a:pcre:pcre2 is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apcre%3Apcre2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/trinity: add TRINITY_CPE_ID_VENDOR

cpe:2.3:a:trinity_project:trinity is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atrinity_project%3Atrinity

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/solarus: fix OpenGLES2 build

1. Adds a patch that fixes OpenGLES2 build
   https://gitlab.com/solarus-games/solarus/-/merge_requests/1364

2. Updates Config.in and solarus.mk to support OpenGLES2

Signed-off-by: Gleb Mazovetskiy <glex.spb@gmail.com>
[yann.morin.1998@free.fr: renumber patch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/seatd: fix uclibc build

Fix uclibc build which is broken since addition of the package in commit
daae31149017cbf8b03634cfc56da132f7e1ad83

We backport an upstream feature patch, because it includes the actual
fix as a side-effect (including stdarg.h at the proper location).

Fixes:
 - http://autobuild.buildroot.org/results/ad5020c5c1a7730f1ae82bf8215ed63df83421fe

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/mpg123: remove --disable-lfs-alias option

Commit 56b28d3ee1e5 (mpg123: bump to version 1.13.1) added the
--disable-lfs-alias option, without explaining why it was needed.

However, this causes undefined references for apps that want to link
against mpg123.

The help for that option is pretty explicit that this is a dangerous
option to use:

    disable alias wrappers for largefile bitness (mpg123_seek_32 or
    mpg123_seek_64 in addition to mpg123_seek, or the other way around;
    It is a mess, do not play with this!)

The default is that it is enabled, so leave it at it.

Signed-off-by: Bruno Marie <gameblabla@protonmail.com>
[yann.morin.1998@free.fr: rework commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/duktape: add and install a duktape.pc file

Most distributions include a duktape.pc file bundled with the duktape
development package. As the duktape source does not include a .pc file,
add one to the package/duktape directory and install it to the staging
directory. This is used by the polkit duktape patch later in the series.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python{3}-cryptography: bump to version 3.3.2

This is the last version to support python2.

License hash change due to removal of OpenSSL locking reference:
https://github.com/pyca/cryptography/commit/49109ce1a6e870cb6cc87f05d9ae7c03d70a684b

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libnice: bump to version 0.1.18

- Update indentation in hash file (two spaces)
- Switch to meson-package

https://github.com/libnice/libnice/blob/0.1.18/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libnice: add gobject-introspection optional dependency

gobject-introspection is an optional dependency which is enabled by
default since version 0.1.8 and
https://github.com/libnice/libnice/commit/0388646bdba5f91bb6bb509f5a1c6e9e3f068555

Fixes:
 - http://autobuild.buildroot.org/results/1cba7aa233e19472a69ffc2d8f7324d363a22deb

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/swupdate: bump to version 2021.04

Add new optional dependencies.

Drop patches that are now upstream.

License update details

LICENSES/BSD-1-Clause.txt:
https://github.com/sbabic/swupdate/commit/e419b06b497ee627b05cbc33d4b4df064137d0de

LICENSES/BSD-2-Clause.txt:
https://github.com/sbabic/swupdate/commit/32c1f98eaca69e362be074197f84a59d994c0876

LICENSES/BSD-3-Clause.txt:
https://github.com/sbabic/swupdate/commit/32c1f98eaca69e362be074197f84a59d994c0876

LICENSES/CC0-1.0.txt:
https://github.com/sbabic/swupdate/commit/7c3630f572e6d00d7c51b7c4925494c7a822aef9

LICENSES/CC-BY-ND-4.0.txt:
https://github.com/sbabic/swupdate/commit/b66db00c56f9960e9983e1a6d36eef4f151124a8

LICENSES/GPL-2.0-only.txt:
https://github.com/sbabic/swupdate/commit/af2cc98b44cc6a066c0be4511406294e9113e4b1

LICENSES/GPL-2.0-or-later.txt:
https://github.com/sbabic/swupdate/commit/11af069b85475f5bcaa094261259a6b40e363986

LICENSES/ISC.txt:
https://github.com/sbabic/swupdate/commit/6500f1e89a097bd12d0ac42f6c7cc7ee284a6e17

LICENSES/LGPL-2.1-or-later.txt:
https://github.com/sbabic/swupdate/commit/4ef88a9df89ddd445597ef49309563d29cb72607

LICENSES/LicenseRef-OpenSSL-Exception.txt:
https://github.com/sbabic/swupdate/commit/2f513d117c5948ca9d950bbb82f05e8e38cbab50

LICENSES/MIT.txt:
https://github.com/sbabic/swupdate/commit/c1bad02cb93ff9bc616029cd27318134d36cfacb

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/php: requires DES support in openssl

Enable DES in openssl to fix build failure raised since commit
a83d41867c8d69a77d5cd0a665aa216af5340359

Fixes:
 - http://autobuild.buildroot.org/results/c10800fde50b123809557ed50e0a86acb59404a4

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/keepalived: fix build with kernel >= 5.13

Fixes:
 - http://autobuild.buildroot.org/results/9a93d7d76b0a4319c29fbf7b5986bcc78539ae8b

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Tested-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libsoup: fix build with gcc 4.8

Fix build failure with gcc 4.8 which is raised since bump to version
2.72.0 in commit 8e5f7f1cfc8fd7a9d5270f6a9707eb9eecfd21da:

In file included from /tmp/instance-0/output-1/host/arm-buildroot-linux-gnueabi/sysroot/usr/include/resolv.h:65:0,
                 from /tmp/instance-0/output-1/host/arm-buildroot-linux-gnueabi/sysroot/usr/include/glib-2.0/gio/gnetworking.h:40,
                 from ../libsoup/soup-address.c:14:
/tmp/instance-0/output-1/host/arm-buildroot-linux-gnueabi/sysroot/usr/include/arpa/nameser.h:115:2: error: unknown type name 'u_char'
  const u_char *_msg, *_eom;
  ^

Fixes:
 - http://autobuild.buildroot.org/results/56b9cb987e25b99d6fed16c537552f47c3376f21

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/qt5/qt5base: fix build with gcc 11

Fix the following build failure with gcc 11:

text/qbytearraymatcher.h:103:38: error: 'numeric_limits' is not a member of 'std'
  103 |         const auto uchar_max = (std::numeric_limits<uchar>::max)();
      |                                      ^~~~~~~~~~~~~~

Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Tested-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/systemd: bump to version 249

Add config option for systemd-sysext.

Add config option for systemd-oomd.

Add new host-python3-jinja2 dependency.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libtipc: renumber patches

Commit 883a33ece55c6ef23c33a41196fddabadf140427 forgot to renumber
remaining patches

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libtirpc: install rpc.h

Install rpc.h to avoid the following build failure with host-nfs-utils
in version 2.5.4 raised since commit
0ce30de72fb303768c5865949b8ce9260d0c43f5:

checking rpc/rpc.h usability... no
checking rpc/rpc.h presence... no
checking for rpc/rpc.h... no
configure: error: Header file rpc/rpc.h not found - maybe try building with --enable-tirpc

This build failure is raised by
http://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commit;h=be7365239abf8556773b063730621967b9971708

Fixes:
 - http://autobuild.buildroot.org/results/a5eaf19f58729c4c00a2131b6a0c378c0fc0effb

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/tpm2-tools: add TPM2_TOOLS_CPE_ID_VENDOR

cpe:2.3:a:tpm2-tools_project:tpm2-tools is a valid CPE identifier for
this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atpm2-tools_project%3Atpm2-tools

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/linuxptp: add LINUXPTP_CPE_ID_VENDOR

cpe:2.3:a:linuxptp_project:linuxptp is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alinuxptp_project%3Alinuxptp

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/suricata: security bump to version 6.0.3

Various security, performance, accuracy and stability issues have been
fixed, including a critical evasion assigned CVE-2021-35063.

https://forum.suricata.io/t/suricata-6-0-3-and-5-0-7-released/1489

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libhtp: bump to version 0.5.38

https://github.com/OISF/libhtp/releases/tag/0.5.38

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/mbedtls: security bump to version 2.16.11

https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-07-1
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-07-2

https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.11

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/linuxptp: security bump version to 3.1.1

This fixes the following CVEs:
 - CVE-2021-3570 linuxptp: missing length check of forwarded messages
 - CVE-2021-3571 linuxptp: wrong length of one-step follow-up in transparent clock

See mailing list post for details: https://sourceforge.net/p/linuxptp/mailman/message/37315519/

Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python-urllib3: security bump to version 1.26.6

Fix CVE-2021-33503: An issue was discovered in urllib3 before 1.26.5.
When provided with a URL containing many @ characters in the authority
component, the authority regular expression exhibits catastrophic
backtracking, causing a denial of service if a URL were passed as a
parameter or redirected to via an HTTP redirect.

https://github.com/urllib3/urllib3/blob/1.26.6/CHANGES.rst

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

boot/uboot: bump to version 2021.07

See: https://lists.denx.de/pipermail/u-boot/2021-July/453729.html

Signed-off-by: Pierre-Jean Texier <texier.pj2@gmail.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

configs/warp7: bump Kernel and U-Boot version

Bump U-Boot to 2021.07 and kernel to version 5.13

Signed-off-by: Pierre-Jean Texier <texier.pj2@gmail.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/uboot-tools: bump to version 2021.07

Signed-off-by: Pierre-Jean Texier <texier.pj2@gmail.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gcr: bump to version 3.40.0

- Switch to meson-package
- Update indention in hash file (two spaces)

https://gitlab.gnome.org/GNOME/gcr/-/blob/3.40.0/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gcr: fix introspection option

introspection option was wrongly named --with-introspection instead of
--enable-introspection since commit
d4e7c720aa78dbe659db82f4eb38ff58ebae4c57:

configure: WARNING: unrecognized options: --disable-doc, --disable-docs, --disable-documentation, --with-xmlto, --with-fop, --enable-ipv6, --with-introspection

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/iproute2: bump version to 5.13.0

NOTE: 0001-lib-fs-fix-issue-when-name-open-_to_handle_at-is-not.patch
will be merged in 5.14.0.

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/webkitgtk: bump to version 2.32.2

Bugfix release, mainly solves a few issues with input events,
drag-and-drop, and a few crashes. Release notes:

  https://webkitgtk.org/2021/07/09/webkitgtk2.32.2-released.html

The patch for building against uClibc has been included in this release,
therefore "0001-Support-building-against-uClibc.patch" is removed.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/wpewebkit: bump to version 2.32.2

Bugfix release, mainly solves a few issues with input events and a
few crashes. Release notes:

  https://wpewebkit.org/release/wpewebkit-2.32.2.html

The patch for building against uClibc has been included in this release,
therefore "0001-Support-building-against-uClibc.patch" is removed.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/kexec-tools: fix build with gcc 10

Build is broken with gcc 10 since bump to version 2.0.22 in commit
cadb8f2f317bf37c13aea98ac1c81bf8566aad92:

/tmp/instance-1/output-1/host/lib/gcc/powerpc-buildroot-linux-uclibc/10.3.0/../../../../powerpc-buildroot-linux-uclibc/bin/ld: kexec/arch/ppc/kexec-elf-ppc.o:(.sbss+0x0): multiple definition of `ramdisk'; kexec/arch/ppc/kexec-ppc.o:(.sbss+0x0): first defined here

Fixes:
 - http://autobuild.buildroot.org/results/22932529f925630ec6db3c6a4eaebbda68b3fc16

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libuhttpd: fix build with wolfssl

Build with wolfssl is broken since bump to version 3.12.1 in commit
4d85defa7103aadc74223868fb83ed0bed144f4d:

/data/buildroot-autobuilder/instance-0/output-1/build/libuhttpd-3.12.1/src/ssl/openssl.c: In function 'ssl_context_new':
/data/buildroot-autobuilder/instance-0/output-1/build/libuhttpd-3.12.1/src/ssl/openssl.c:180:32: error: 'SSL_OP_NO_SSLv3' undeclared (first use in this function); did you mean 'WOLFSSL_OP_NO_SSLv3'?
  180 |         SSL_CTX_set_options(c, SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1);
      |                                ^~~~~~~~~~~~~~~
      |                                WOLFSSL_OP_NO_SSLv3

This build failure is raised by
https://github.com/zhaojh329/libuhttpd/commit/0fb46935f0cd5f737c6f4e6053d62268aca793a7
as since this commit, libuhttpd expects that SSL_OP_NO_xxx are defined
by wolfssl

Fixes:
 - http://autobuild.buildroot.org/results/79e3fa697537f2e33863e490b74ec881993eae73

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/x11vnc: requires blowfish, RC4 and RMD160 support in openssl

Enable blowfish, RC4 and RMD160 in openssl to fix build failure raised since
commit a83d41867c8d69a77d5cd0a665aa216af5340359

Fixes:
 - http://autobuild.buildroot.org/results/1872c9ce57490455946679efcc654bd111fd3d7b

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/qemu: virtfs needs system

build of qemu with virtfs but without system fails since bump to version
6.0.0 in commit 6b86c9335fc3ff381878156c6243454d4b688df9:

../meson.build:1077:6: ERROR: Problem encountered: virtio-9p (virtfs) needs system emulation support

Indeed virtfs needs system support since switch to meson in
https://gitlab.com/qemu-project/qemu/-/commit/69202b406e3a42621a063c3afe80f580d343f59e

Fixes:
 - http://autobuild.buildroot.org/results/ee4b2bbc08c58dc972d285eafa43b7ad6586f270

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/qpid-proton: bump to version 0.35.0

- Drop patches (already in version)
- host-python3 is mandatory since
  https://github.com/apache/qpid-proton/commit/70ace037684f39c2d68681ef32302d38a9e06fac

https://qpid.apache.org/releases/qpid-proton-0.35.0/release-notes.html
https://qpid.apache.org/releases/qpid-proton-0.34.0/release-notes.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/kodi-pvr-vuplus: bump version to 7.4.7-Matrix

Changelog:
https://github.com/kodi-pvr/pvr.vuplus/blob/Matrix/pvr.vuplus/changelog.txt

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/stm32flash: bump to version 0.6

Bump to latest official version.

Signed-off-by: Bernhard Petschina <bernhard.petschina@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/{mesa3d, mesa3d-headers}: bump version to 21.1.5

Switch site to https://archive.mesa3d.org

Release notes:
- 21.1.2
  https://lists.freedesktop.org/archives/mesa-announce/2021-June/000632.html
- 21.1.3
  https://lists.freedesktop.org/archives/mesa-announce/2021-June/000633.html
- 21.1.4
  https://lists.freedesktop.org/archives/mesa-announce/2021-June/000635.html
- 21.1.5
  https://lists.freedesktop.org/archives/mesa-announce/2021-July/000637.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python{3}-cython: bump to version 0.29.23

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python-cbor2: bump to version 5.4.0

Python 2 is no longer supported.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python-certifi: bump to version 2021.5.30

License hash changed due to typo fix:
https://github.com/certifi/python-certifi/commit/c5311ad0533e78240f34b0e35451794d0e261d54

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python-cchardet: bump to version 2.1.7

Python 2 is no longer supported.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python-pycares: bump to version 4.0.0

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python-aiodns: bump to version 3.0.0

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python-bcrypt: bump to version 3.2.0

Python 2 is no longer supported, depend on python3 and propagate
reverse dependency.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python-aiohttp: bump to version 3.7.4.post0

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/{chrony, ntp, openntpd}: turn off DNSSEC validation

We have a chicken and egg problem: validation of DNSSEC signatures
doesn't work without a correct clock, but to set the correct clock we
need to contact NTP servers which requires resolving a hostname, which
would normally require DNSSEC validation.

Let's break the cycle by excluding NTP hostname resolution from
validation for now.

Details:
https://github.com/systemd/systemd/commit/abf4e5c1d3ad767bc0ed67883e8e4d916af095ec

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libmbim: bump to version 1.24.8

https://lists.freedesktop.org/archives/libmbim-devel/2021-June/001151.html

Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/tpm2-pkcs11: bump version to 1.6.0

Signed-off-by: Yair Ben-Avraham <yairba@protonmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/binutils: fix linker assert on OpenRisc

When building openal we were seeing the assert failure:

/home/buildroot/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/or1k-buildroot-linux-uclibc/9.3.0/../../../../or1k-buildroot-linux-uclibc/bin/ld: CMakeFiles/OpenAL.dir/al/source.cpp.o:
pc-relative relocation against dynamic symbol alSourcePausev
/home/buildroot/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/or1k-buildroot-linux-uclibc/9.3.0/../../../../or1k-buildroot-linux-uclibc/bin/ld: CMakeFiles/OpenAL.dir/al/source.cpp.o:
pc-relative relocation against dynamic symbol alSourceStopv
/home/buildroot/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/or1k-buildroot-linux-uclibc/9.3.0/../../../../or1k-buildroot-linux-uclibc/bin/ld: CMakeFiles/OpenAL.dir/al/source.cpp.o:
pc-relative relocation against dynamic symbol alSourceRewindv
/home/buildroot/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/or1k-buildroot-linux-uclibc/9.3.0/../../../../or1k-buildroot-linux-uclibc/bin/ld: CMakeFiles/OpenAL.dir/al/source.cpp.o:
pc-relative relocation against dynamic symbol alSourcePlayv
collect2: error: ld returned 1 exit status

So add patches to fix this binutils assert link failure on OpenRisc.
It's been suggested upstream and it's pending here:
https://sourceware.org/pipermail/binutils/2021-July/117334.html

Fixes:
http://autobuild.buildroot.net/results/c96/c96f2600f227d6c76114b9fbc41f74a57e40415a/

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/fbgrab: bump to version 1.5

See changelog: https://github.com/GunnarMonell/fbgrab/releases/tag/1.5

Signed-off-by: Pierre-Jean Texier <texier.pj2@gmail.com>
Tested-by: Timo Ketola <timo.ketola@exertus.fi>
Acked-by: Timo Ketola <timo.ketola@exertus.fi>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

configs/imx7dpico: bump Kernel and U-Boot version

Bump U-Boot to 2021.07 and kernel to version 5.13

Signed-off-by: Pierre-Jean Texier <texier.pj2@gmail.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

configs/olimex_a20_olinuxino_lime*: bump Linux and U-Boot versions

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libgtk3: bump to version 3.24.29

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/harfbuzz: bump to version 2.8.2

The hash of the COPYING file is updated due to the following changes:

 Copyright © 2010,2011,2012,2013,2014,2015,2016,2017,2018,2019,2020  Google, Inc.
 Copyright © 2018,2019,2020  Ebrahim Byagowi
-Copyright © 2019,2020  Facebook, Inc.
+Copyright © 2019,2020  Facebook, Inc.
 Copyright © 2012  Mozilla Foundation
 Copyright © 2011  Codethink Limited
 Copyright © 2008,2010  Nokia Corporation and/or its subsidiary(-ies)
 Copyright © 2009  Keith Stribley
 Copyright © 2009  Martin Hosken and SIL International
 Copyright © 2007  Chris Wilson
-Copyright © 2006  Behdad Esfahbod
+Copyright © 2005,2006,2020,2021  Behdad Esfahbod
 Copyright © 2005  David Turner
 Copyright © 2004,2007,2008,2009,2010  Red Hat, Inc.
 Copyright © 1998-2004  David Turner and Werner Lemberg

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/pango: bump to version 1.48.7

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/nettle: bump to version 3.7.3

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/spi-tools: bump to version 1.0.0

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/nano: bump to version 5.8

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/can-utils: bump to version 2021.06.0

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/nfs-utils: enable nfsv4/nfsv4.1 support

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/kodi-visualisation-matrix: bump version to 1.0.1-Matrix

Changelog:
https://github.com/xbmc/visualization.matrix/blob/Matrix/visualization.matrix/changelog.txt

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/kodi-pvr-vuplus: bump version to 7.4.6-Matrix

Changelog:
https://github.com/kodi-pvr/pvr.vuplus/blob/Matrix/pvr.vuplus/changelog.txt

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/kodi-pvr-iptvsimple: bump version to 7.6.9-Matrix

Changelog:
https://github.com/kodi-pvr/pvr.iptvsimple/blob/Matrix/pvr.iptvsimple/changelog.txt

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/kodi-pvr-filmon: bump version to 6.1.2-Matrix

Changelog:
https://github.com/kodi-pvr/pvr.filmon/blob/Matrix/pvr.filmon/changelog.txt

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/kodi-pvr-dvbviewer: bump version to 7.3.3-Matrix

Changelog:
https://github.com/kodi-pvr/pvr.dvbviewer/blob/Matrix/pvr.dvbviewer/changelog.txt

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python-django: security bump to version 3.2.5

Fix CVE-2021-35042: Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5
allows QuerySet.order_by SQL injection if order_by is untrusted input
from a client of a web application.

https://www.djangoproject.com/weblog/2021/jul/01/security-releases
https://docs.djangoproject.com/en/dev/releases/3.2.5

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/kodi-pvr-hts: bump version to 8.3.3-Matrix

Changelog:
https://github.com/kodi-pvr/pvr.hts/blob/Matrix/pvr.hts/changelog.txt

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/kodi-inputstream-adaptive: bump version to 2.6.18

Changelog:
https://github.com/xbmc/inputstream.adaptive/blob/Matrix/inputstream.adaptive/addon.xml.in#L22

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/nfs-utils: enable optional uuid support

Enable when libuuid and libblkid are available.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/libmodsecurity: security bump to version 3.0.5

Security Impacting Issues

    Handle URI received with uri-fragment
    [@martinhsv]

- Drop patches (already in version) and so drop autoreconf
- Static linking is supported since
  https://github.com/SpiderLabs/ModSecurity/commit/f76a1a667b8fdbcfe0d943daca9b41eb59cc61f3
- Update indentation in hash file (two spaces)

https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.5

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libmodsecurity: drop AC_CHECK_FILE workaround

Drop AC_CHECK_FILE workaround as it is not needed since version 3.0.4:
https://github.com/SpiderLabs/ModSecurity/commit/8af8cad90779a64af87d29b3a44f3ea2e0a270c2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/nginx-modsecurity: drop unneeded select on pcre

Drop unneeded select on pcre which has been added by commit
d35873ab0ce5921974239354f8c6e1b4ccc6e565

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

configs/stm32mp157a_dk1: bump TF-A, Linux, U-Boot versions

Runtime tested:

NOTICE:  Model: STMicroelectronics STM32MP157A-DK1 Discovery Board
NOTICE:  Board: MB1272 Var1.0 Rev.C-01
...
U-Boot 2021.07 (Jul 09 2021 - 20:53:05 +0200)
...
Starting kernel ...

[    0.000000] Booting Linux on physical CPU 0x0
[    0.000000] Linux version 5.13.0 ...
...
Welcome to Buildroot
buildroot login:

Signed-off-by: Pierre-Jean Texier <texier.pj2@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/nfs-utils: bump to version 2.5.4

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/libqb: add LIBQB_CPE_ID_VENDOR

cpe:2.3:a:clusterlabs:libqb is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aclusterlabs%3Alibqb

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/lua-silva: bump to version 0.1.7

diff COPYRIGHT:
-Copyright (C) 2017-2019 Francois Perrad.
+Copyright (C) 2017-2021 Francois Perrad.

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

configs/stm32mp157c_dk2: remove uboot config fragment

Running stm32mp1 watchdog is properly recognized and handled by kernel
watchdog framework since Linux v5.6. For details see the Linux commit
85fdc63fe256 ("drivers: watchdog: stm32_iwdg: set WDOG_HW_RUNNING at
probe"). So U-Boot config fragment can be safely removed without
adding userspace watchdog daemon.

Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

board/stmicroelectronics/common/stm32mp157: fix U-Boot corruption on the first boot

The stm32mp157 images successfully boot only once. Subsequent boot
attempts fail to reach U-Boot. The root cause turns out to be in U-Boot
corruption during the first boot. The stm32mp1 U-Boot stores its
environment at the end of GPT partition named 'ssbl' since v2020.10-rc2.
However Buildroot genimage template for stm32mp157 boards creates 'ssbl'
partition w/o extra space for U-Boot primary and redundant environments.
This patch explicitly specifies 'ssbl' partition size that should be
enough for both u-boot.stm32 image (~1M) and both environments (16K).

Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Tested-by: Pierre-Jean Texier <texier.pj2@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/syslog-ng: bump version to 3.33.1

https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.33.1
https://github.com/syslog-ng/syslog-ng/compare/syslog-ng-3.32.1...syslog-ng-3.33.1

Signed-off-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/syslog-ng: fix tarball hash

Tarball hash added by commit 1054a7aaa238253db8b60e4a520a66ad9e1b1eb1 is
wrong

Fixes:
 - http://autobuild.buildroot.org/results/1ed64d9a2a707cbd06f9d2af29101b70b668bc06

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

DEVELOPERS: drop Yann Cardaillac

Unfortunately, this e-mail is boucing:

<ycardaillac@sepro-group.com>: host
    seprogroup-com01c.mail.protection.outlook.com[104.47.9.36] said: 550 5.4.1
    Recipient address rejected: Access denied. AS(201806281)
    [VE1EUR03FT036.eop-EUR03.prod.protection.outlook.com] (in reply to RCPT TO
    command)

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>