package/pcmanfm: bump to version 1.3.2

Update indentation in hash file (two spaces)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

pcmanfm: add PCMANFM_CPE_ID_VENDOR

cpe:2.3:a:pcmanfm_project:pcmanfm is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apcmanfm_project%3Apcmanfm

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libfm-extra: bump to version 1.3.2

Update indentation in hash file (two spaces)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libfm: bump to version 1.3.2

Update indentation in hash file (two spaces)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/mender: do not automatically select uboot tools if uboot is selected

Because uboot requires a set of unique patches for each board, the
upstream package developers are phasing out supporting uboot wherever
possible.  Instead, they recommend using Grub2 as a secondary
bootloader and using the mender-grubenv package.

Because the mender-grubenv file provides it's own fw_printenv script,
it is not possible to know if U-Boot's fw_printenv or mender-grubenv's
fw_printenv should be used.

As such, remove selecting uboot tools when uboot is selected, and
instead add a more comprehensive note in the help section about what
Mender requires for uboot and grub2-based systems, with a link to the
meta-mender github project for the base uboot patches, and a link to
the official documentation on manual uboot integration.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libnet: add LIBNET_CONFIG_SCRIPTS

Set LIBNET_CONFIG_SCRIPTS to libnet-config to fix a build failure with
syslog-ng and libnet in version 1.2 due to -L$(libdir) which has been
added with
https://github.com/libnet/libnet/commit/6859d1f198f97aad129c54fcd156700a9178204e

Fixes:
 - http://autobuild.buildroot.org/results/45e517401d14e304e9c6c990f1b4ead92c850ba2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libxcrypt: disable obsolete API

Disable obsolete API following upstream feedback as it raises build
failures on some architectures such as nds32le or arc and because this
API is unsecure: https://github.com/besser82/libxcrypt/issues/122

Fixes:
 - http://autobuild.buildroot.org/results/5ae235b6ec66ac86efadaa2847307be58064c167

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/kodi-pvr-zattoo: bump version to 19.7.9-Matrix

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/batman-adv: add note about linux mainline kernel module alternative

Since version 2.6.38 batman-adv is integreated into the linux mainline
kernel ([1], [2]) so add a note about it in the Config.in help text.

[1] https://kernelnewbies.org/Linux_2_6_38
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c6c8fea29769d998d94fcec9b9f14d4b52b349d3

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/batman-adv: needs linux kernel libcrc32c support

Fixes:

  ERROR: modpost: "crc32c" [.../build/batman-adv-2021.0/net/batman-adv/batman-adv.ko] undefined!

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/batman-adv: fix compile with BR2_PACKAGE_BATMAN_ADV_BATMAN_V disabled

Commit e8b1eeb2f3f5 (package/batman-adv: fix compile with
BR2_PACKAGE_BATMAN_ADV_BATMAN_V disabled) was tested against an RPi4
linux kernel already enabling the build-in batman-adv module inlcusive
batman-v, hence it missed the case where the in-tree module is not
enabled.

Taking a deeper look at the configure script gen-compat-autoconf.sh
reveals that the batman feature options must be explicitly set to 'y' or
'n' to work as expected.

Fixes:

  ERROR: modpost: "batadv_v_mesh_free" [.../build/batman-adv-2021.0/net/batman-adv/batman-adv.ko] undefined!
  ERROR: modpost: "batadv_v_mesh_init" [.../build/batman-adv-2021.0/net/batman-adv/batman-adv.ko] undefined!
  ERROR: modpost: "batadv_v_hardif_init" [.../build/batman-adv-2021.0/net/batman-adv/batman-adv.ko] undefined!
  ERROR: modpost: "batadv_v_init" [.../build/batman-adv-2021.0/net/batman-adv/batman-adv.ko] undefined!

Reported-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr: add blurb about tests on previous commit]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/cifs-utils: bump version to 6.12

- removed 0001-Use-DESTDIR-when-installing-mount.smb3-and-optionall.patch
  (superseded by upstream commit [1])

- adjust autoreconf comment accordingly

- add option for smb tools to avoid hard python runtime dependency
  (smbinfo and smb2-quota are python scripts)

Changelog ([2]):

  December, 2020: Release 6.12
  get/setcifsacl tools are improved to support changing owner, group and SACLs
  mount.cifs is enhanced to use SUDO_UID env variable for cruid
  smbinfo is re-written in Python language
  https://lists.samba.org/archive/samba-technical/2020-December/136156.html

[1] https://git.samba.org/?p=cifs-utils.git;a=patch;h=a00e84378d9c5e63272ff69ca18fd0e872b384d3
[2] https://wiki.samba.org/index.php/LinuxCIFS_utils

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/elfutils: bump version to 0.183

- handle new zstd option (disable for host, optional for target)

For details see [1], [2].

[1] https://sourceware.org/pipermail/elfutils-devel/2020q4/003053.html
[2] https://sourceware.org/pipermail/elfutils-devel/2021q1/003486.html

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/pcre2: bump version to 10.36

- removed 0001-Use-the-standard-code-path-of-sljit_emit_cmov-on-mips-r6.patch
  (upstream [1])

- license file hash update (email update for Philip Hazel)

[1] https://vcs.pcre.org/pcre2?view=revision&revision=1281

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libxkbcommon: bump version to 1.1.0

For details see [1].

[1] https://lists.freedesktop.org/archives/wayland-devel/2021-March/041747.html

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/siproxd: needs MMU

siproxd which has been added with commit
3efc5a250c1c98598ba4c91a7d71d11343d937ab unconditionally uses fork

Fixes:
 - http://autobuild.buildroot.org/results/0c59373ab3778cf7b15e73968295cec8d109f7cb

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/siproxd: needs threads

siproxd which has been added with commit
3efc5a250c1c98598ba4c91a7d71d11343d937ab unconditionally uses pthread

Fixes:
 - http://autobuild.buildroot.org/results/828448fff87772e1c34b3696284a44eb9fc692fb

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/kodi-pvr-zattoo: bump version to 19.7.8.1-Matrix

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/kodi-pvr-hts: bump version to 8.2.4-Matrix

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/batman-adv: fix compile with BR2_PACKAGE_BATMAN_ADV_BATMAN_V disabled

The given 'CONFIG_BATMAN_ADV_BATMAN_V=' is enough to trigger the wrong
code compile path in net/batman-adv/bat_v.h missing the static inline
dummy implementations.

Fixes:

  ERROR: modpost: "batadv_v_mesh_free" [.../build/batman-adv-2021.0/net/batman-adv/batman-adv.ko] undefined!
  ERROR: modpost: "batadv_v_mesh_init" [.../build/batman-adv-2021.0/net/batman-adv/batman-adv.ko] undefined!
  ERROR: modpost: "batadv_v_hardif_init" [.../build/batman-adv-2021.0/net/batman-adv/batman-adv.ko] undefined!
  ERROR: modpost: "batadv_v_init" [.../build/batman-adv-2021.0/net/batman-adv/batman-adv.ko] undefined!

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr:
  - move all conditional options together
  - slight cleanup/reorganise
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

toolchain: drop old BR2_TOOLCHAIN_HAS_BINUTILS_BUG_* options

The BR2_TOOLCHAIN_HAS_BINUTILS_BUG_19615 and
BR2_TOOLCHAIN_HAS_BINUTILS_BUG_20006 options were last selected by the
BR2_TOOLCHAIN_EXTERNAL_CODESOURCERY_AMD64 toolchain, but this
toolchain has been removed as part of commit
d87e114a8ffacdc71f853e7c4ea76fd3c6958d22 in August 2020.

It's time to get rid of those two options that are never enabled.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/redis: bump to v6.2.1

From the release notes:
Introduction to the Redis 6.2 release
=====================================

This release is the first significant Redis release managed by the core team
under the new project governance model.

Redis 6.2 includes many new commands and improvements, but no big features. It
mainly makes Redis more complete and addresses issues that have been requested
by many users frequently or for a long time.
=====================================

See https://github.com/redis/redis/blob/6.2/00-RELEASENOTES

Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/cog: bump to version 0.8.1

This minor release contains a number of fixes and improves the reliability
of the build system.  Release notes:

  https://wpewebkit.org/release/cog-0.8.1.html

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libgeos: disable package if binutils is affected from bug 21464

This package is affected from binutils bug 21464, since there is no
workaround, let's disable it.

Fixes:
http://autobuild.buildroot.net/results/3eb/3eb9f9d0f6d8274b2d19753c006bd83f7d536e3c/

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

support/dependencies: detect and bailout when PATH contains spaces/TABs

In Makefiles, variables are split, filtered, and otherwise mangled on
a space as a separator. In a shell, they will also be split on TABs.

We split and filter and iterate on variables in a lot of places, and
most importantly, spaces in PATH is very seldom tested, if at all, so
a lot of packages will not be working properly in such a situation.

For example, the config.guess contains constructs that are not resilient
to a space in PATH:

    PATH=$PATH:/.attbin ; export PATH

Also, our fakedate will iterate over PATH:

    for P in `echo $PATH | tr ':' ' '`; do

Those are only two cases, but the first means basically all
autotools-based packages are susceptible to subtle breakage.

Furthermore, Buildroot itself does not support that the top-level or
output directories are in a path with spaces anyway.

So, instead of chasing all cases that might be potentially broken,
let's just detect the case and bail out, like we already do when PATH
contains a \n, or when it contains the current working directory.

Reported-by: Dan Raymond <draymond@foxvalley.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/sconeserver: pcre is optional, not mandatory

pcre is optional not mandatory since
https://github.com/sconemad/sconeserver/commit/98ec61436c9ea68ffe2d70a818c1175dcafa2a79

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/sconeserver: drop unrecognized options

Drop Magick++-config, lettuce and ui options which are
not recognized since latest bump in commit
ca17e0c7a02298b0250cdc121bcacef0b58fffe1 (back in 2018).

Indeed:
- Magick++-config is not used since
  https://github.com/sconemad/sconeserver/commit/b025999b8a9a9715b72d0fc8ccbf0888e163388f
- Experimental UI and lettuce modules have been dropped since
  https://github.com/sconemad/sconeserver/commit/ccc1efdb8981fbef63a714ff6315c8a18372090a

Moreover, replace sconesite-image by image (broken since 2013 and
https://github.com/sconemad/sconeserver/commit/7693301fdb0076bf7676eb2db278c2f015ac7157)

As UI and lettuce options are broken since a long time, it does not seem
useful to add entries in Config.in.legacy

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/wpebackend-fdo: bump to version 1.8.1

This bugfix release solves a couple of leaks and sporadic crashes.
Release notes:

  https://wpewebkit.org/release/wpebackend-fdo-1.8.1.html

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/kodi-pvr-mythtv: bump version to 7.3.1-Matrix

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/kodi-pvr-hts: bump version to 8.2.3-Matrix

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/kodi-inputstream-adaptive: update project URL

Reference: https://github.com/xbmc/repo-binary-addons/pull/143

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/mender-grubenv: bump version to f39c2c7ec7c9c24aae0108a9b04a0e6e61a3e96b

According to the developers, mender-grubenv is no longer tagging releases for
the mender-grubenv project. However, they asked me if I could submit a patch
upstream to update the package to the latest commit, including quality of life
improvements since the last official 1.3.0 release.

Notable improvements are:
  - Support for separate A/B kernel partitions.
  - Use regexp to dynamically set mender_grub_storage_device
  - Add "rootwait" as a default rootfs argument

Other changes:
  - Update license hashes due to a copyright year bump.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/mender: bump version to 2.4.2

Other changes:
  - Openssl is now a dependency.
  - Set new license hashes due to new dependencies.
  - Set new license file hash due to a year change.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/mender-artifact: bump to version 3.4.1

In addition to the version bump, the hash of LICENSE is adjusted due
to copyright year change, and a new license file is added for a new
dependency.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/protobuf: disable package if binutils is affected from bug 21464

This package is affected from binutils bug 21464, since there is no
workaround, let's disable it.

Fixes:
http://autobuild.buildroot.net/results/908/9084cd777aefe0fa8235514c33767d8640ad7a5b/

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

toolchain: introduce BR2_TOOLCHAIN_HAS_BINUTILS_BUG_21464

The OpenRISC binutils is affected by a linker bug (binutils bug 21464)
for which no workaround exists. This causes build breakage in a number
of packages, so this commit introduces a
BR2_TOOLCHAIN_HAS_BINUTILS_BUG_21464 option to identify this bug. As
all binutils versions are affected, this option is true whenever the
configuration targets OpenRISC.

The bug was already reported and it's been recently updated:

  https://sourceware.org/bugzilla/show_bug.cgi?id=21464

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/nettle: bump to version 3.7.1

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/lzip: bump to version 1.22

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/kbd: bump to version 2.4.0

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gd: bump to version 2.3.2

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/glibmm: bump to version 2.66.0

- Switch to meson-package as configure is not shiped in the official
  tarball anymore and autoreconf fails due to missing MM_ARG_xxx macros
- Disable examples (enabled by default)
- Update indentation in hash file (two spaces)

https://gitlab.gnome.org/GNOME/glibmm/-/blob/2.66.0/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/bluez5_utils: bump to version 5.56

http://www.bluez.org/release-of-bluez-5-56/

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/libmatroska: bump to version 1.6.3

https://github.com/Matroska-Org/libmatroska/blob/release-1.6.3/ChangeLog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/libplist: bump to version 2.2.0

Use official tarball and so drop autoreconf

Extract from
https://github.com/libimobiledevice/libplist/releases/tag/2.2.0:

"Rename library and all related files by adding an API version resulting
in libplist-2.0 and libplist++-2.0"

The only user of libplist in buildroot is kodi which is comptatible with
libplist 2.2.0 since its version 19.0-Matrix and
https://github.com/xbmc/xbmc/commit/22ab58e8f958980c070a46cabe197b3557dda0a3
which has been commited in 148e695e37561fe45d4726cb68f6454464d17797

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/mutt: bump to version 2.0.6

Drop patches (already in version)

https://gitlab.com/muttmua/mutt/-/blob/mutt-2-0-6-rel/ChangeLog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/freerdp: bump to version 2.3.1

https://github.com/FreeRDP/FreeRDP/blob/2.3.1/ChangeLog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

DEVELOPERS: Add Ryan Barnett for opkg and opkg-utils

Signed-off-by: Ryan Barnett <ryan.barnett@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/opkg-utils: add opkg-utils as target pkg

Supports a use case of building container rootfs images where a matching
target version of the tools is required for repackaging of a installer
archive.

binutils binaries are needed for 'ar'; binutils does not work on nios2,
but busybox does, and so we can have 'ar' on nios2 with busybox.

A few other compressors can be used besides gzip, but the default in the
scripts is gzip, so we only ensure this one is enabled. Users who want
other compressors will have to enable them in their configurations.

Note: the order of 'select' is not strictly alphabetical: all packages
provided by busybox applets have been grouped together at the top, with
packages never provided by busybox applets together at the end.

Signed-off-by: Ryan Barnett <ryan.barnett@rockwellcollins.com>
[yann.morin.1998@free.fr:
  - only select full-blown packages if busybox is not enabled
  - select BR2_PACKAGE_BUSYBOX_SHOW_OTHERS, instead of 'depends on'
  - allow on nios2 when busybox is enabled
  - add binutils binaries on target (for 'ar')
  - drop _DEPENDENCIES: they all are only runtime-dpeendencies
  - add comment when python(2) is enabled
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/siproxd: new package

Siproxd is a masquerading SIP Proxy Server.  We had a buildroot package
for that in the fli4l Linux router distribution for years with different
authors contributing.

Co-authored-by: Christoph Schulz <fli4l@kristov.de>
Co-authored-by: Claas Hilbrecht <babel@fli4l.de>
Signed-off-by: Alexander Dahl <post@lespocky.de>
[yann.morin.1998@free.fr: unconditionally use an external libtool]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/openntpd: bump to version 6.8p1

- Drop patches (already in version)
- Update indentation in hash file (two spaces)

http://www.openntpd.org/txt/release-6.8p1.txt

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/python-flask-wtf: new package

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/python-flask-babel: bump version to 2.0.0

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/python-jinja2: bump version to 2.11.3

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/python-click: bump version to 7.1.2

- bump version to 7.1.2
- update license hash ('standardize license' [0] to the exact text as
  SPDX provides [1])

[0] https://github.com/pallets/click/commit/d64eddae7d59cebd24b5100d72147fcf2e7cd1dc
[1] https://spdx.org/licenses/BSD-3-Clause.html

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/upmpdcli: bump to version 1.5.10

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/libubox: bump version to 551d75b

Changelog:

  2e52c7e libubox: fix BLOBMSG_CAST_INT64 (do not override BLOBMSG_TYPE_DOUBLE)
  870acee tests: cram: test_base64: fix failing tests
  4d8995e tests: cram: test_base64: really fix failing tests
  551d75b libubox: tests: add more blobmsg/json test cases

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/python-periphery: bump to version 2.3.0

See changelog https://github.com/vsergeev/python-periphery/blob/master/CHANGELOG.md

Update the license hash for a change in copyright years:
-Copyright (c) 2015-2020 vsergeev / Ivan (Vanya) A. Sergeev
+Copyright (c) 2015-2021 vsergeev / Ivan (Vanya) A. Sergeev

Signed-off-by: Pierre-Jean Texier <texier.pj2@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/mongoose: security bump to version 7.2

- Fix CVE-2021-26530: The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0
  (compiled with OpenSSL support) is vulnerable to remote OOB write attack via
  connection request after exhausting memory pool.
- Fix CVE-2021-26529: The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0
  and 6.7-6.18 (compiled with mbedTLS support) is vulnerable to remote OOB write
  attack via connection request after exhausting memory pool.
- Fix CVE-2021-26528: The mg_http_serve_file function in Cesanta Mongoose HTTP server
  7.0 is vulnerable to remote OOB write attack via connection request after exhausting
  memory pool.

See https://github.com/cesanta/mongoose/releases/tag/7.2

Signed-off-by: Pierre-Jean Texier <texier.pj2@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/libnet: bump to version 1.2

- As stated in https://sourceforge.net/projects/libnet-dev/, "this
  project no longer uses sourceforge", so switch site to
  https://github.com/libnet/libnet
- Drop patch (already in version)
- Use the new LICENSE file, same as previous but with updated copyright
  years:
  https://github.com/libnet/libnet/commit/e4fb7e9a1ac7b1695235519ac81bfda616776504
- Update indentation in hash file (two spaces)

https://github.com/libnet/libnet/releases/tag/v1.2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/libnet: add LIBNET_CPE_ID_VENDOR

cpe:2.3:a:libnet_project:libnet is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibnet_project%3Alibnet

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/docker-engine: bump version to 20.10.5

Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/docker-cli: bump version to 20.10.5

https://docs.docker.com/engine/release-notes/

Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/docker-containerd: security bump to 1.4.4

Security fix for CVE-2021-21334:

https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4

Other changes:

 - Fix container create in CRI to prevent possible environment variable leak between containers
 - Update shim server to return grpc NotFound error
 - Add bounds on max oom_score_adj value for shim's AdjustOOMScore
 - Update task manager to use fresh context when calling shim shutdown
 - Update Docker resolver to avoid possible concurrent map access panic
 - Update shim's log file open flags to avoid containerd hang on syscall open
 - Fix incorrect usage calculation

Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/rsync: bump version to 3.2.3

- disable simd, openssl, xxhash, zstd, lz4, asm options

- update COPYING hash (add openssl and xxhash license
  enhancement):

  In addition, as a special exception, the copyright holders give
  permission to dynamically link rsync with the OpenSSL and xxhash
  libraries when those libraries are being distributed in compliance
  with their license terms, and to distribute a dynamically linked
  combination of rsync and these libraries.  This is also considered
  to be covered under the GPL's System Libraries exception.

For details see [1].

[1] https://download.samba.org/pub/rsync/NEWS#3.2.3

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Cc: Baruch Siach <baruch@tkos.co.il>
[yann.morin.1998@free.fr: add 'with exception' to _LICENSE (Baruch)]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/mc: fix build with ncurses

wchar support in ncurses is needed since version 4.8.26 and
https://github.com/MidnightCommander/mc/commit/8b4386df83ab5a525f0568113fe1e53d362f433e

Fixes:
 - http://autobuild.buildroot.org/results/446eb0a15a728e2fe7a58312bb7329983b2df647

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/meson: bump version to 0.57.1

- update patch 0001-Prefer-ext-static-libs-when-default-library-static.patch
  (use get_option(OptionKey()) instead of get_builtin_option())

- rebase patch 0002-mesonbuild-dependencies-base.py-add-pkg_config_stati.patch

For details see [1].

[1] https://mesonbuild.com/Release-notes-for-0-57-0.html

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/janet: fix static build

Fixes:
 - http://autobuild.buildroot.org/results/a4f927f73a7b80e65408c992d7b6023609a1eacc

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/janet: defaults to c99 for build.c_std

Fixes:
 - http://autobuild.buildroot.org/results/d5e46e094b27f40e12b32624d1431bfeeb617be3

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

Revert "package/janet: add -std=c99 to CFLAGS"

This reverts commit b5e8f1c1475b46c8d9b7159aafe983e72d329d29. Indeed,
this commit does not fix the build failure as c_std=c99 is already set
in default_options in meson.build.

The issue is that this parameter is not used for native executables
since meson 0.51.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/python-rpi-ws281x: bump to version 4.2.6

Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
[yann.morin.1998@free.fr: move license fix to its own commit]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/python-rpi-ws281x: set proper license

The license is BSD-2-Clause, not MIT.

Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
[yann.morin.1998@free.fr: split off into its own commit]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/kodi-pvr-iptvsimple: bump version to 7.5.0-Matrix

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/kodi-pvr-zattoo: bump version to 19.7.8-Matrix

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/luasec: bump to version 1.0

diff LICENSE:
-LuaSec 0.9 license
-Copyright (C) 2006-2019 Bruno Silvestre, UFG
+LuaSec 1.0 license
+Copyright (C) 2006-2021 Bruno Silvestre, UFG

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/lua-curl: bump to version 0.3.13

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/rng-tools: bump to version 6.12

libsysfs is not needed since
https://github.com/nhorman/rng-tools/commit/46b4e8fd8955e25ef0d5e89d26c8cf1543d2fa8a

https://github.com/nhorman/rng-tools/releases/tag/v6.12

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/libsigc: bump to version 2.10.6

- Switch to meson-package as configure is not shipped in the official
  tarball anymore
- Drop host-m4 dependency (only needed in maintainer mode)
- Disable examples and XML validation (enabled by default)
- Drop LIBSIGC_INSTALL_TARGET_FIXUP as documentation is disabled by
  default
- Update web page in Config.in
- Update indentation in hash file (two spaces)

https://github.com/libsigcplusplus/libsigcplusplus/blob/2.10.6/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/sane-backends: bump version to 1.0.32

- change from '--enable-avahi' to '--with-avahi' as advised in the
  1.0.31 release description ([1])

- add optional libcurl dependency (--with-libcurl)

- add optional poppler/libglib2 dependency (--with-poppler-glib)

- add optional libxml2 dependency (--with-usb-record-replay)

- change COPYING hash (editoral changes)

For details see [1].

[1] https://gitlab.com/sane-project/backends/-/releases

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/hwdata: bump version to 0.345

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/cjson: bump version to 1.7.14

Changelog ([1]):

  1.7.14 (Sep 3, 2020)
  Fixes:
    optimize the way to find tail node, see #503
    Fix WError error on macosx because NAN is a float. Thanks @sappo, see #484
    Fix some bugs in detach and replace. Thanks @miaoerduo, see #456

[1] https://github.com/DaveGamble/cJSON/blob/master/CHANGELOG.md

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/wget: bump version to 1.12.1

- update/fix signing key hash

For details see [1], [2].

[1] https://lists.gnu.org/archive/html/info-gnu/2020-12/msg00013.html
[2] https://lists.gnu.org/archive/html/info-gnu/2021-01/msg00007.html

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/psmisc: bump version to 23.4

Changelog ([1]):

  Changes in 23.4
  ===============
    * killall: Dynamically link to selinux and use security attributes
    * pstree: Do not crash on missing processes !21
    * pstree: fix layout when using -C !24
    * pstree: add time namespace !25
    * pstree: Dynamically link to selinux and use attr
    * fuser: Get less confused about duplicate dev_id !10
    * fuser: Only check pathname on non-block devices !31

  Changes in 23.3
  ===============
    * killall: check also truncated 16 char comm names Debian #912748
    * fuser: Return early if have nulls !18
    * peekfd: Add support for ARM64 !19
    * pstree: Add color by age #21
    * fuser: Use larger inode sizes #16

[1] https://gitlab.com/psmisc/psmisc/-/blob/master/ChangeLog

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/dos2unix: bump version to 7.4.2

- update COPYING.txt hash (update copyright year)

Changelog ([1]):

  2020-10-12: Version 7.4.2
    * New Friulian translation of the messages.
    * Updated Dutch, German, Serbian, Traditional Chinese, and Ukrainian
      translations.

[1] https://sourceforge.net/projects/dos2unix/files/dos2unix/7.4.2/

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/btrfs-progs: bump version to 5.11

For details see [1].

[1] https://btrfs.wiki.kernel.org/index.php/Changelog#btrfs-progs_v5.11_.28Mar_2021.29

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/avrdude: fix build with kernel < 4.6

Commit 03fa36df7e6a (package/avrdude: Switch to upstream)
unconditionally enabled linuxspi on the assumption that it is available
since linux-2.6.22.

However, avrdude unconditionally uses GPIO and includes linux/gpio.h,
which is only available since kernel 4.6 and:
    https://github.com/torvalds/linux/commit/3c702e9987e261042a07e43460a8148be254412e

Add a Kconfig option, enabled by default for backward compatibility, to
drive whether to enable or disable SPI support.

Fixes:
 - http://autobuild.buildroot.org/results/962a7fcff1e54a0550eafa0cbca780ba8bc8409e

Note: weirdly enough, GPIO support does not use linux/gpio.h; rather it
uses sysfs.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: add a Kconfig option]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

boot/grub2: Backport 2021/03/02 securify fixes

Details: https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

As detailed in commit 7e64a050fbd9add07ed84d48054ffee1b659d079, it is
difficult to utilize the upstream patches directly, so a number of
patches include changes to generated files so that we don't need invoke
the gentpl.py script.

In addition to the security fixes, these required patches has been
backported:

  f76a27996 efi: Make shim_lock GUID and protocol type public
  04ae030d0 efi: Return grub_efi_status_t from grub_efi_get_variable()
  ac5c93675 efi: Add a function to read EFI variables with attributes
  d7e54b2e5 efi: Add secure boot detection

The following security issues are fixed:

CVE-2020-14372 grub2: The acpi command allows privileged user to load crafted
               ACPI tables when Secure Boot is enabled
CWE-184
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

GRUB2 enables the use of the command acpi even when Secure Boot is signaled by
the firmware. An attacker with local root privileges to can drop a small SSDT
in /boot/efi and modify grub.cfg to instruct grub to load said SSDT. The SSDT
then gets run by the kernel and it overwrites the kernel lock down configuration
enabling the attacker to load unsigned kernel modules and kexec unsigned code.

Reported-by: Máté Kukri
*******************************************************************************

CVE-2020-25632 grub2: Use-after-free in rmmod command
CWE-416
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

The rmmod implementation for GRUB2 is flawed, allowing an attacker to unload
a module used as dependency without checking if any other dependent module is
still loaded. This leads to an use-after-free scenario possibly allowing an
attacker to execute arbitrary code and by-pass Secure Boot protections.

Reported-by: Chris Coulson (Canonical)
*******************************************************************************

CVE-2020-25647 grub2: Out-of-bound write in grub_usb_device_initialize()
CWE-787
6.9/CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

grub_usb_device_initialize() is called to handle USB device initialization. It
reads out the descriptors it needs from the USB device and uses that data to
fill in some USB data structures. grub_usb_device_initialize() performs very
little bounds checking and simply assumes the USB device provides sane values.
This behavior can trigger memory corruption. If properly exploited, this would
lead to arbitrary code execution allowing the attacker to by-pass Secure Boot
mechanism.

Reported-by: Joseph Tartaro (IOActive) and Ilja van Sprundel (IOActive)
*******************************************************************************

CVE-2020-27749 grub2: Stack buffer overflow in grub_parser_split_cmdline
CWE-121
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

grub_parser_split_cmdline() expands variable names present in the supplied
command line in to their corresponding variable contents and uses a 1kB stack
buffer for temporary storage without sufficient bounds checking. If the
function is called with a command line that references a variable with a
sufficiently large payload, it is possible to overflow the stack buffer,
corrupt the stack frame and control execution. An attacker may use this to
circumvent Secure Boot protections.

Reported-by: Chris Coulson (Canonical)
*******************************************************************************

CVE-2020-27779 grub2: The cutmem command allows privileged user to remove
               memory regions when Secure Boot is enabled
CWE-285
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

The GRUB2's cutmem command does not honor Secure Boot locking. This allows an
privileged attacker to remove address ranges from memory creating an
opportunity to circumvent Secure Boot protections after proper triage about
grub's memory layout.

Reported-by: Teddy Reed
*******************************************************************************

CVE-2021-3418 - grub2: GRUB 2.05 reintroduced CVE-2020-15705
CWE-281
6.4/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

The GRUB2 upstream reintroduced the CVE-2020-15705. This refers to a distro
specific flaw which made upstream in the mentioned version.

If certificates that signed GRUB2 are installed into db, GRUB2 can be booted
directly. It will then boot any kernel without signature validation. The booted
kernel will think it was booted in Secure Boot mode and will implement lock
down, yet it could have been tampered.

This flaw only affects upstream and distributions using the shim_lock verifier.

Reported-by: Dimitri John Ledkov (Canonical)
*******************************************************************************

CVE-2021-20225 grub2: Heap out-of-bounds write in short form option parser
CWE-787
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

The option parser in GRUB2 allows an attacker to write past the end of
a heap-allocated buffer by calling certain commands with a large number
of specific short forms of options.

Reported-by: Daniel Axtens (IBM)
*******************************************************************************

CVE-2021-20233 grub2: Heap out-of-bound write due to mis-calculation of
               space required for quoting
CWE-787
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

There's a flaw on GRUB2 menu rendering code setparam_prefix() in the menu
rendering code performs a length calculation on the assumption that expressing
a quoted single quote will require 3 characters, while it actually requires
4 characters. This allow an attacker to corrupt memory by one byte for each
quote in the input.

Reported-by: Daniel Axtens (IBM)
*******************************************************************************

Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

boot/uboot: fix kconfig with per-package directories and host-make

If PER_PACKAGE_DIRECTORIES=Y and using host-make package (because
BR2_FORCE_HOST_BUILD=Y or local make is too old) .stamp_dotconfig
target needs per-package/uboot/host/bin/host-make that doesn't
exist yet.

Add host-make into UBOOT_KCONFIG_DEPENDENCIES.

Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/opkg-utils: add missing dependencies for host build

opkg-utils is a collection of bash and python scripts which require
additional commands/tools be available for the bash scripts. The full
list of dependencies that the opkg-util scripts require is:

  bash
  binutils
  bzip2
  coreutils
  diffutils
  findutils
  grep
  gzip
  lz4
  python3
  sed
  tar
  xz

The Buildroot manual requires a few packages (bash, binutils, bzip2,
gzip, sed and tar) to be installed on the host system, so we need not
add those. Additionally, and even though they are not in that list,
that grep and find are also required (we already make extensive use of
both everywhere, so it is as good as them being in the list).

We have a host variant for coreutils, but only for systems that do not
already have a recent-enough one, i.e. that provides 'realpath' and
'ln --relative'. opkg-utils uses neither, so can rely on the ones on the
system.

Only add dependencies on the remaining host tools: diffutils, lz4, and
xz.

Signed-off-by: Ryan Barnett <ryan.barnett@rockwellcollins.com>
[yann.morin.1998@free.fr:
  - drop excessive dependencies,
  - reword the commit log accordingly
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/diffutils: add host package

Signed-off-by: Ryan Barnett <ryan.barnett@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/opkg-utils: remove build step

opkg-utils is a package that only provides bash and python scripts.
Upon further inspection of the Makefile for the package, invoking
`make` only ever builds the manpage. The previous commit dropped the
installation of the manpage. This makes the build step unnecessary so
remove it.

Add a comment to explain the situation

Signed-off-by: Ryan Barnett <ryan.barnett@rockwellcollins.com>
[yann.morin.1998@free.fr: reword commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/opkg-utils: install only utility scripts

When `make install` is run to install the opkg-utils scripts, it also
invokes building of the man page for opkg-build. The generation of the
man page requires `pod2man` executable which is a part of perl.

Since buildroot does not support man pages in the host directory,
patch the opkg-utils Makefile to separate the installation of man
pages and utility scripts.

With the options to install man pages and utils separately, only
install the opkg-utils scripts.

Signed-off-by: Ryan Barnett <ryan.barnett@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

DEVELOPERS: remove myself for aufs

Aufs has been deprecated for the purposes of Docker/containers since overlay2
became the mainline kernel module of choice.

Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/sysvinit: bump version to 2.99

Changelog according to [1]:

  sysvinit (2.99) released; urgency=low
    * Fixed typos and missing underlines in shutdown manual page.
      Corrections provided by Helge Kreutzmann.

[1] https://fossies.org/linux/sysvinit/doc/Changelog

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/bison: bump version to 3.7.6

- update COPYING file hash (URL update from http to https)

For details see [1].

[1] https://fossies.org/linux/bison/ChangeLog

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/dosfstools: bump version to 4.2

Upstream has not released an xz-compressed tarball this time,
so switch back to the gz-compressed one...

For details see [1].

[1] https://github.com/dosfstools/dosfstools/releases/tag/v4.2

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/e2fsprogs: bump version to 1.46.2

- removed 0001-create_inode-set-xattrs-to-the-root-directory-as-wel.patch
  (upstream [1])

[1] 0001-create_inode-set-xattrs-to-the-root-directory-as-wel.patch

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/go: security bump to 1.16.2

go1.16.1 (released 2021/03/10) includes security fixes to the archive/zip and
encoding/xml packages.

go1.16.2 (released 2021/03/11) includes fixes to cgo, the compiler, linker, the
go command, and the syscall and time packages.

https://golang.org/doc/devel/release.html#go1.16

Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/mbedtls: security bump to version 2.6.10

- Fix a buffer overflow in mbedtls_mpi_sub_abs() when calculating
  |A| - |B| where |B| is larger than |A| and has more limbs (so the
  function should return MBEDTLS_ERR_MPI_NEGATIVE_VALUE). Only
  applications calling mbedtls_mpi_sub_abs() directly are affected:
  all calls inside the library were safe since this function is
  only called with |A| >= |B|.
- Fix an errorneous estimation for an internal buffer in
  mbedtls_pk_write_key_pem(). If MBEDTLS_MPI_MAX_SIZE is set to an odd
  value the function might fail to write a private RSA keys of the
  largest supported size.
- Fix a stack buffer overflow with mbedtls_net_poll() and
  mbedtls_net_recv_timeout() when given a file descriptor that is
  beyond FD_SETSIZE.
- Guard against strong local side channel attack against base64 tables
  by making access aceess to them use constant flow code.

https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.10

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: fix the hash after upstream mess-up]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

docs/website: adjust link to Buildroot training course

The previous course has ended, announce the next one.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/bash: fix seventh patch

Since bump to version 5.1 in commit
9e778b044c949d165207150cc9e79fdcfbafcb9d, seventh patch wrongly defines
wcdequote_pathname as static which will result in the following build
failure:

smatch.c:(.text+0x22f0): undefined reference to `wcdequote_pathname'

Fixes:
 - http://autobuild.buildroot.org/results/d83f5d260dccd38984ec6fdb340835ca928bb687

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Tested-by: Peter Seiderer <ps.report@gmx.net>
Tested-by: Ryan Barnett <ryan.barnett@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>