package/libmaxminddb: add LIBMAXMINDDB_CPE_ID_VENDOR

cpe:2.3:a:maxmind:libmaxminddb is a valid CPE identifier for this
package:

   https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Amaxmind%3Alibmaxminddb

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/domoticz: add DOMOTICZ_CPE_ID_VENDOR

cpe:2.3:a:domoticz:domoticz is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Adomoticz%3Adomoticz

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/wolfssl: add WOLFSSL_CPE_ID_VENDOR

cpe:2.3:a:wolfssl:wolfssl is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Awolfssl%3Awolfssl

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gst1-python: bump version to 1.18.3

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gst-omx: bump version to 1.18.3

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gstreamer1-editing-services: bump version to 1.18.3

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gst1-rtsp-server: bump version to 1.18.3

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gst1-vaapi: bump version to 1.18.3

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gst1-libav: bump version to 1.18.3

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gst1-devtools: bump version to 1.18.3

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gst1-plugins-ugly: bump version to 1.18.3

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gst1-plugins-bad: bump version to 1.18.3

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gst1-plugins-good: bump version to 1.18.3

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gst1-plugins-base: bump version to 1.18.3

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gstreamer1: bump version to 1.18.3

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/mesa3d: unconditionally needs expat

mesa3d should only need expat for a limited set of drivers. However,
the condition in their meson.build is borked:

    required: not with_platform_android or with_any_broadcom or with_any_intel

So, as soon as the platform is not android, expat is required. If it
is not already present in the configuraiotn, then meson will try to be
helpful and will try to download its own copy under the table:

    Run-time dependency expat found: NO (tried pkgconfig and cmake)
    Looking for a fallback subproject for the dependency expat
    Downloading expat source from https://github.com/libexpat/libexpat/releases/download/R_2_2_5/expat-2.2.5.tar.bz2
    <urlopen error unknown url type: https>
    A fallback URL could be specified using source_fallback_url key in the wrap file

    ../O/build/mesa3d-20.3.3/meson.build:1366:2: ERROR: could not get https://github.com/libexpat/libexpat/releases/download/R_2_2_5/expat-2.2.5.tar.bz2 is the internet available?

Ideally, we would like to fix the condition in the meson.build, to drop
the spurious and dubious condition on the android platform. However it
is not totally obvious what the prupose was, and expat compiles quikly,
so we just add expat as an unconditional mandatory dependency.

Fixes:
    http://autobuild.buildroot.org/results/f71865771482b1d71d12e77767d236ca693785d5/
    http://autobuild.buildroot.org/results/98290b9681a38b3be820017823a4a4196d474476/
    ....

Reported-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Fabio Estevam <festevam@gmail.com>
[yann.morin.1998@free.fr:
  - make it a generic fix, not tied to freedreno, reported by Fabio
  - rewrite commit log to explain the root cause
  - also reported about virgl, by Titouan
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/mesa3d: fix gallium-xa configure option

Fixes build warning:

output/build/mesa3d-20.3.2/meson.build:727: WARNING:
 gallium-xa option "false" deprecated, please use "disabled" instead.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

configs/snps_archs38_hsdk_defconfig: enable C++ support

Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
[yann.morin.1998@free.fr: only enable C++]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

configs/snps_archs38_hsdk_defconfig: use hard-float

Hard-float support is pretty stable, so make that default for HSDK
boards.

The hard-float setting is a bit convulated since current ARC gcc lacks
--with-fpu - so this is done with BR2_TARGET_OPTIMIZATION

Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
[yann.morin.1998@free.fr: split off into its own commit]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

configs/snps_archs38_hsdk_defconfig: switch to glibc

We are no longer actively working on uClibc, so make that default
for HSDK boards.

Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
[yann.morin.1998@free.fr: drop enabling hard float]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

configs/snps_archs38_hsdk_defconfig: refresh defconfig

No config changes done

| make snps_archs38_hsdk_defconfig
| make savedefconfig

Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

ARC: Add support for generic HS48 processor

For the HS48 processor, BR currently builds with -mcpu=hs4x_rel31 which
generates suboptimal code as it inhibits delay slot and back-back ST and so on.

Enable a new variant to build with -mcpu=hs4x for normal codegen.

Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
[yann.morin.1998@free.fr:
  - simplify dependencies on MMU page size
  - wrap long lines
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/linux-pam: drop useless LINUX_PAM_CPE_ID_NAME definition

This definition is useless, because it is equal to the default value
of <pkg>_CPE_ID_NAME as calculated by generic-package.

Before and after this patch, the CPE ID calculated for the linux-pam
package is exactly the same, according to "make linux-pam-show-info".

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

linux, package: do not use <pkg>_NAME when defining CPE ID variables

As we discussed on the mailing list, using $(<pkg>_NAME) when defining
CPE ID variables feels a bit odd and needlessly complicated. Just use
the package name directly.

Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/ntp: add CPE ID variables

cpe:2.3:a:ntp:ntp is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Antp%3Antp

The specification of the version needs to be reworked a little
bit. Indeed, versions look like 4.2.8p15. For the download, we need to
extract 4.2 as the folder is named ntp-4.2. However, for the CPE ID we
need to extract 4.2.8 and p15 into two separate fields.

So, we set:

NTP_VERSION_MAJOR = 4.8
NTP_VERSION_MINOR = 2
NTP_VERSION_POINT = 15

and construct the version:

NTP_VERSION = $(NTP_VERSION_MAJOR).$(NTP_VERSION_MINOR)p$(NTP_VERSION_POINT)

Note that the choice of "point" comes from
http://support.ntp.org/bin/view/Main/ReleaseNumberingScheme, which
states "The letter p followed by an increasing number indicates a
Point (i.e. incremental) Release.".

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/thrift: add THRIFT_CPE_ID_VENDOR

cpe:2.3:a:apache:thrift is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aapache%3Athrift

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/binutils: add BINUTILS_CPE_ID_VENDOR

cpe:2.3:a:gnu:binutils is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnu%3Abinutils

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/tcpreplay: add TCPREPLAY_CPE_ID_VENDOR

cpe:2.3:a:tcpreplay:tcpreplay is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atcpreplay%3Atcpreplay

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/flatbuffers: add FLATBUFFERS_CPE_ID_VENDOR

cpe:2.3:a:google:flatbuffers is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agoogle%3Aflatbuffers

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gdk-pixbuf: add GDK_PIXBUF_CPE_ID_VENDOR

cpe:2.3:a:gnome:gdk-pixbuf is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnome%3Agdk-pixbuf

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/wavpack: set WAVPACK_CPE_ID_VENDOR

cpe:2.3:a:wavpack:wavpack is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Awavpack%3Awavpack

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/jhead: set JHEAD_CPE_ID_VALID

cpe:2.3:a:jhead_project:jhead is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ajhead_project%3Ajhead

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/erofs-utils: bump version to 1.2.1

- minor maintainence release mainly to address exist build issues;
- remove the following patches since all have been upstreamed:
    0001-erofs-utils-fix-multiple-definition-of-sbi.patch;
    0002-erofs-utils-fuse-fix-linking-when-using-with-selinux.patch;
    0003-erofs-utils-fuse-disable-backtrace-if-unsupported.patch.

Signed-off-by: Gao Xiang <hsiangkao@aol.com>
[yann.morin.1998@free.fr: two spaces in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

configs/qemu_s390x_defconfig: bump kernel version to 5.10.7

Signed-off-by: Alexander Egorenkov <egorenar@linux.ibm.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/freescale-imx/firmware-imx: fix the VPU firmware location

The mainline kernel searches the coda VPU firmware inside the following
locations [1]:

/lib/firmware/
/lib/firmware/vpu/

Currently Buildroot installs the coda firmware into /lib/firmware/imx/vpu,
which is not a valid location.

Fix it by installing the coda firmwares into /lib/firmware/vpu/ which
is a valid path for both mainline and NXP vendor kernels. Also create a
symlink to /lib/firmware/ so that mainline kernels do not need to wait
more than 60 seconds to search again inside /lib/firmware/vpu/.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=8af7779f3cbc1f6720d15f00abc797493710d1ab

Reported-by: Romain Naour <romain.naour@gmail.com>
Suggested-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Acked-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/bluez-alsa: bump to version 3.0.0

Drop upstream patch which is included in the new version.

Add additional config option `--enable-a2dpconf` to build small (13 kB)
utility `a2dpconf` which does not depend on any external dependencies.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gmp: bump version to 6.2.1

Release notes: https://gmplib.org/gmp6.2

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/upmpdcli: bump to version 1.5.8

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libupnpp: bump to version 0.20.2

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/openldap: add OPENLDAP_CPE_ID_VENDOR

cpe:2.3:a:openldap:openldap is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aopenldap%3Aopenldap

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

configs/kontron_smarc_sal28: integrate RCW into rootfs image

Integrate the RCW into the storage device image, so the image can also
be used a boot source. The SoC expects the RCW at offset 4096 of the SD
card or eMMC.

Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/rcw-smarc-sal28: new package

Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

configs/kontron_smarc_sal28: enable u-boot

Enable building of the bootloader and integrate it into the resulting
image.

Signed-off-by: Michael Walle <michael@walle.cc>
Tested-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/{mesa3d, mesa3d-headers}: bump version to 20.3.3

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/wolfssl: security bump to version 4.6.0

- Fix CVE-2020-36177: RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL
  before 4.6.0 has an out-of-bounds write for certain relationships
  between key size and digest size.
- Drop patch (already in version)

https://github.com/wolfSSL/wolfssl/releases/tag/v4.6.0-stable

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gkrellm: fix client build

Set X11_LIBS to avoid the following build failure:

/home/buildroot/autobuild/run/instance-1/output-1/host/bin/aarch64-linux-gnu-gcc main.o alerts.o battery.o base64.o clock.o cpu.o disk.o fs.o hostname.o inet.o mail.o mem.o net.o proc.o sensors.o uptime.o chart.o panel.o config.o gui.o krell.o plugins.o pixops.o client.o utils.o sysdeps-unix.o deprecated.o log.o winops-x11.o  -o gkrellm \
 -L/home/buildroot/autobuild/run/instance-1/output-1/host/bin/../aarch64-buildroot-linux-gnu/sysroot/usr/lib -lgtk-x11-2.0 -lgdk-x11-2.0 -lpangocairo-1.0 -latk-1.0 -lcairo -lgdk_pixbuf-2.0 -lgio-2.0 -lpangoft2-1.0 -lpango-1.0 -lgobject-2.0 -lharfbuzz -lfontconfig -lfreetype -Wl,--export-dynamic -lgmodule-2.0 -lglib-2.0 -lgthread-2.0 -pthread -lglib-2.0   -L/usr/X11R6/lib -lX11 -lSM -lICE  -L/home/buildroot/autobuild/run/instance-1/output-1/host/bin/../aarch64-buildroot-linux-gnu/sysroot/usr/lib -lssl -lcrypto    -lm -Wl,-E
aarch64-linux-gnu-gcc: ERROR: unsafe header/library path used in cross-compilation: '-L/usr/X11R6/lib'

Fixes:
 - http://autobuild.buildroot.org/results/fff9a48efe3818f67a8f4b0fe3a3a605e4985b3b

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gkrellm: fix build with NLS

Fixes:
 - http://autobuild.buildroot.org/results/98d0eda546b09e60eebbd3c3a28493f09dff7e62

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/boost: bump version to 1.75.0

* add option for new library Boost.JSON
* drop patch 0001 as it's applied upstream
* host: disable options that were added over time but never disabled for the host-build

Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/rhash: fix build with uclinux

Fixes:
 - http://autobuild.buildroot.org/results/598ca65cf0c7ecf9ceaecb75868b656570ae00d2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/usbutils: needs gcc >= 4.9

Commit 8a26801c9fad1c7749200e22e9dfdeaeeb65f76e forgot to propagate the
gcc dependency from libusb to usbutils

Fixes:
 - http://autobuild.buildroot.org/results/ed8706a1ead398b5097b046524e710b1d3d0bb1e

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/at: bump to version 3.2.1

There is only one commit between version 3.2.1 and current commit
7c74fa1aece6bc6db351763dc012193d5d634b7e which updates the release file:

https://salsa.debian.org/debian/at/-/commit/6a9efb7dd2bd6a5e5249d9f29938acc639618e9c

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

pkg-generic: host variant use git submodules if target variant does

When a package has both a target and a host variant, and uses git
submodules, and the host variant is downloaded before the target one, we
end up with the generated archive missing the submodules.

This happens in exactly one package in our tree: c-capnproto.

This issue was not caught before because after a few days, the full
sources are added to sources.buildroot.net. So when the hash check
fails, the full tarball is simply downloaded from there.

Propagate the git submodule setting from the target variant to the host
variant, unless the host variant explicitly opted-out.

Fixes:
    http://autobuild.buildroot.org/results/2de9c6c8ce83569d18cc7140ebc60d6fe1aadcbf/

Reported-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/minicom: use official tarball

Use official tarball (this will also have the nice side-effect of making
MINICOM_VERSION compatible with release-monitoring.org)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/shairport-sync: bump to version 3.3.7

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/ncmpc: bump to version 0.42

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/mpd: bump to version 0.22.3

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libdrm: bump version to 2.4.104

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/meson: bump to version 0.56.2

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/wavpack: security bump to version 5.4.0

WavPack 5.4.0 contains a fix for CVE-2020-35738 wherein a specially
crafted WAV file could cause the WAVPACK command-line program to crash
with an out-of-bounds write (see issue #91).

Update hash of COPYING (update in year:
https://github.com/dbry/WavPack/commit/2ce3c069be548e82ea9c05741ace6583e549c6de)

https://github.com/dbry/WavPack/blob/5.4.0/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

{linux, linux-headers}: bump 5.{4, 10}.x 4.{4, 9, 14, 19} series

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/tar: update hash of cpio archive

Commit 37a909cacff9 (package/tar: drop specific version for host variant)
updated the host variant from 1.29 to 1.32.

However, because there is no longer any upper-limit to the version of
tar accepted from the system, and because tests were conducted on a
recent distribution, there was no need to build the host variant of tar.

As a consequence, updating the hash file was missed.

Do so now.

Also switch to using the new two-space separators.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/coremark-pro: clean up package

- Use the COREMARK_PRO_MARKS definition from the build recipe to
  generate the coremark-pro.sh
- Use %x:%X as the date stamp in the results file.

Suggested-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/nvidia-modprobe: new package

nvidia-modprobe package adds a utility and headers for probing the NVIDIA
hardware at runtime.

https://github.com/NVIDIA/nvidia-modprobe

Signed-off-by: Christian Stewart <christian@paral.in>
[Arnout:
 - use upstream Makefile instead of building directly;
 - don't install to staging;
 - remove dependency on host-pkgconf;
 - correct license to GPL-2.0;
 - remove dependency on threads and glibc;
 - add dependency on MMU.]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/libevdev: bump version to 1.10.1

For details see [1].

[1] https://lists.freedesktop.org/archives/input-tools/2021-January/001555.html

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/wireguard-linux-compat: bump version to 1.0.20201221

Fixes a build issue with linux-rt >= 5.4.  For details, see the
announcement:
https://lists.zx2c4.com/pipermail/wireguard/2020-December/006210.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/nano: fix tiny build

Since upstream commit
https://git.savannah.gnu.org/cgit/nano.git/commit/configure.ac?id=235f92ce093099cd81f14827ab842bd331132790

--enable-color --enable-nanorc are needed for libmagic support in tiny
builds.

Fixes:
http://autobuild.buildroot.net/results/248/24894e62d6cf89d078959b12e67596c821d64696/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/pdbg: bump to version v3.2

Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/git: bump version to 2.30.0

For details see [1].

[1] http://lkml.iu.edu/hypermail/linux/kernel/2012.3/03301.html

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/coremark-pro: add dependency on threads

Coremark-pro requires threads so add a depends on
BR2_TOOLCHAIN_HAS_THREADS.

Fixes:
- http://autobuild.buildroot.net/results/ab574485a7856fcf5cd643c154c44b4bfcb34a97/

Signed-off-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/quota: add CPE variables

cpe:2.3:a:jan_kara:linux_diskquota is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ajan_kara%3Alinux_diskquota

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/ed: add ED_CPE_ID_VENDOR

cpe:2.3:a:gnu:ed is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnu%3Aed

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/links: add LINKS_CPE_ID_VENDOR

cpe:2.3:a:twibright:links is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atwibright%3Alinks

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Matthew Weber >matthew.weber@rockwellcollins.com
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/cereal: add CEREAL_CPE_ID_VENDOR

cpe:2.3:a:usc:cereal is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ausc%3Acereal

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libtomcrypt: add LIBTOMCRYPT_CPE_ID_VENDOR

cpe:2.3:a:libtom:libtomcrypt is indeed the right CPE identifier
for this package, as can be seen from:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibtom%3Alibtomcrypt

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/go: add GO_CPE_ID_VENDOR

golang is the correct CPE ID vendor for the go package, see:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agolang%3Ago

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

docs/manual: replace LIBFOO_CPE_ID_PRODUCT

Replace LIBFOO_CPE_ID_PRODUCT by LIBFOO_CPE_ID_NAME

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libupnp: set LIBUPNP_CPE_ID_VALID

cpe:2.3:a:libupnp_project:libupnp is indeed the right CPE identifier
for this package, as can be seen from:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibupnp_project%3Alibupnp

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/netcat: set NETCAT_CPE_ID_VALID

cpe:2.3:a:netcat_project:netcat is indeed the right CPE identifier for
this package, as can be seen from:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Anetcat_project%3Anetcat

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gkrellm: new package

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/frotz: needs threads

Fixes:
 - http://autobuild.buildroot.org/results/8443316d8074bf44a82ceeda4630a9acb1254947

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

configs/qemu_*: bump kernel version to 5.4.88

Bump QEMU defconfigs to latest longterm kernel 5.4.88.

Please note that QEMU boards not based on 5.4.y were ignored:
- qemu_csky810_virt_defconfig
- qemu_csky807_virt_defconfig
- qemu_csky610_virt_defconfig
- qemu_csky860_virt_defconfig

Tests were carried out on all QEMU boards using Gitlab [1] (commit
message was slightly different, but the patch is identical)

Additional actions needed were:
- board/qemu/sh4-r2d: Remove one of the two kernel patches [2] provided
  by Alan Modra fixing rodata alignment, carried here by Romain Naour [3]
  to fix an issue preventing kernel from booting with binutils 2.23.
  Patch is present in upstream Linux now.

[1] https://gitlab.com/clumsyape/buildroot/-/pipelines/239483891
[2] https://www.sourceware.org/ml/binutils/2019-12/msg00112.html
[3] https://git.busybox.net/buildroot/commit/?id=a2331c8a61bdd71c47492efc818fb0458a349219

Signed-off-by: Geoffrey Le Gourriérec <geoffrey.legourrierec@gmail.com>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/nano: drop unrecognized option

wordbounds option has been removed since version 4.0 and
https://git.savannah.gnu.org/cgit/nano.git/commit?id=798695ff1ec0bec2605eb490008f2968a5e8c264

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

{linux, linux-headers}: bump 5.{4, 10}.x 4.{4, 9, 14, 19} series

Drop 5.9 stable (EOL).

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
[Peter: add Config.in.legacy handling for 5.9]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/tar: drop specific version for host variant

Now that we can generate reproducible archives, with all known tar
versions starting with 1.27, we don't need to clamp the host-tar
version to the old 1.29, and can now bump to any later version.

Drop the host-tar version, and use the same as the target variant.

Note that we still need the _SOURCE trick, to avoid depending on tar
to extract the tar tarball...

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>

support/dependencies: drop check for maximal tar version

So far, we checked that the tar present on the host was at most tar
1.29, because tar 1.30 changed the way it generates archives.

Having a maximum tar version requirement meant that we would eventually
always have to build our own host-tar, as distributions are updating
the version they use.

But now, we have found a way to generate reproducible archives starting
with tar 1.27 onward, so we no longer need the check for a maximum tar
version, so we can drop that requirement.

Note: this is semantically a revert of b8fa273d500b (check-host-tar.sh:
blacklist tar 1.30+), but keeping the new, mostly-linear code-path.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>

support/download: change format of archives generated from svn

Like we recently did for git, switch the archives generated from
subversion to be reproducible whatever the tar version.

We have no in-tree users of the svn backend which also has hashes,
so no hash to update.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Heiko Thiery <heiko.thiery@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>

support/download: cleanup svn backend

Commit 89f5e9893 (support/download/svn: generate reproducible svn
archives) did what it said, but can be siplified a bit.

Indeed, we are doing an svn export, so we won't have any of the .svn
directories, neither at the root of the extract, nor in any of the
sub-directories.

As such, we do not need to filter them out  when we generate the list
of files to include in the archive.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Heiko Thiery <heiko.thiery@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>

support/download: change format of archives generated from git

Switch to using the tarball helper, that can generate reproducible
archives whatever the tar version >= 1.27.

However, those archives are not identical to the previous ones generated
in the (now-broken) gnu format.

To avoid any clashing between old and new archives, and new and old
Buildroot versions, we need to name the new generated archives
differently from the existing ones.

So, we bump the git-specific format-version to -br1.

The %ci date  has been supported by git back to 1.6.0, released August
2008); it is not strictly ISO8601, but is still accepted as a PAX date
header. The strict ISO8601 placeholder, %cI, was only introduced with
2.2.0, release in November 2014, so too recent to be widely available.

As the format and the names of the archives changes, we need to update
all the hash files with the new names and hashes.

Of all the bootloaders that have a git download method, vexpress-firmware
is the only one to have a hash. Others have no hash files, or they have
explicitly set BR_NO_CHECK_HASH_FOR.

For the packages, linux-headers is the special snowflake, as the git
download is only for custom git tree, so it is excluded from the hash
verification with BR_NO_CHECK_HASH_FOR.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
    ---8<------8<------8<------8<---
    #!/bin/sh
    # Find and download all packages using git as backend.
    # Manually fix hashes for affected packages.

    # Packages that only have a host variant
    HOST_ONLY='imx-mkimage|mxsldr|netsurf-buildsystem|opkg-utils|prelink-cross|qoriq-rcw|vboot-utils'

    # Packages that have a non-git main _SOURCE, and/or which
    # have BR_NO_CHECK_HASH_FOR for the git _SOURCE
    NOT_GIT='aufs|aufs-util|xenomai|linux-headers'

    export BR2_DL_DIR=$(pwd)/temp-dl-dir

    make defconfig
    make $( git grep -l -E 'SITE_METHOD[[:space:]]*:?=[[:space:]]*git\>|_SITE[[:space:]]*:?=[[:space:]]*git:' \
                boot/vexpress-firmware/ package/ \
            |sed -r -e 's,.*/([^/]+)\.mk,\1,' \
            |sed -r -e '/^('"${NOT_GIT}"')$/d;' \
                    -e 's/^('"${HOST_ONLY}"')/host-\1/;' \
                    -e 's/$/-legal-info/;'
          )

    ---8<------8<------8<------8<---

support/download: add helper to generate a reproducible archive

We currently need to generate reproducible archives in at least two
locations: the git and svn download backends. We also know of some
future potential use (e.g. the other download backends, like cvs, or
in the upcoming download post-processors for vendoring, like cargo
and go).

However, we are currently limited to a narrow range of tar versions
that we support, to create reproducible archives, because the gnu
format we use has changed with tar 1.30.

As a consequence, and as time advances, more and more distros are,
or will eventually start, shipping with tar 1.30 or later, and thus
we need to always build our on host-tar.

Now, thanks to some grunt work by Vincent, we have a set of options
that we can pass tar, to generate reproducible archives back from
tar-1.27 and up through tar-1.32, the latest released version.

However, those options are non-trivial, so we do not want to have
to repeat those (and maintain them) in multiple locations.

Introduce a helper that can generate a reproducible archive from
an input directory.

The --pax-option, to set specific PAX headers, does not accept
RFC2822 timestamps which value are too away from some fixed point
(set atcompile-time?):
    tar: Time stamp is out of allowed range

However, the same timestamps passed as strict compliant ISO 8601 are
accepted, so that's what we expect as a date format.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
    ---8<------8<------8<------8<---
    # Here is a Makefile used to test all the versions of tar, with
    # different output formats and different sets of options:
    # Versions prior to 1.27 do not build on recent machines, because
    # 'gets()' got removed (rightfully so), so don't count them as
    # candidates.
    VERSIONS = 1.27 1.27.1 1.28 1.29 1.30 1.31 1.32
    DATE = Thu 21 May 2020 06:44:11 PM CEST

    TARS = \
     $(patsubst %,test_gnu_%.tar,$(VERSIONS)) \
     $(patsubst %,test_posix_%.tar,$(VERSIONS)) \
     $(patsubst %,test_posix_paxoption_%.tar,$(VERSIONS))

    all: $(TARS)
     sha1sum $(^)

    .INTERMEDIATE: test_%.tar
    test_gnu_%.tar: tar.% list
     ./$(<) cf - -C test \
     --transform="s#^\./#test-version/#" \
     --numeric-owner --owner=0 --group=0 \
     --mtime="$(DATE)" \
     --format=gnu \
     -T list \
     >$(@)
    test_posix_%.tar: tar.% list
     ./$(<) cf - -C test \
     --transform="s#^\./#test-version/#" \
     --numeric-owner --owner=0 --group=0 \
     --mtime="$(DATE)" \
     --format=posix \
     -T list \
     >$(@)
    test_posix_paxoption_%.tar: tar.% list
     ./$(<) cf - -C test \
     --transform="s#^\./#test-version/#" \
     --numeric-owner --owner=0 --group=0 \
     --mtime="$(DATE)" \
     --format=posix \
     --pax-option='delete=atime,delete=ctime,delete=mtime' \
     --pax-option='exthdr.name=%d/PaxHeaders/%f,exthdr.mtime={$(DATE)}' \
     -T list \
     >$(@)

    list: .FORCE
    list: test
     (cd test && find . -not -type d ) |LC_ALL=C sort >$(@)

    LONG = L$$(for i in $$(seq 1 200); do printf 'o'; done)ng
    test: .FORCE
    test:
     rm -rf test
     mkdir -p test/bar
     echo foo >test/Foo
     echo bar >test/bar/Bar
     ln -s bar/Bar test/buz
     echo long >test/Very-$(LONG)-filename
     ln test/Very-$(LONG)-filename \
        test/short

    .PRECIOUS: tar.%
    tar.%: tar-%
     cd $(<) && ./configure
     $(MAKE) -C $(<)
     install -m 0755 $(<)/src/tar $(@)

    .PRECIOUS: tar-%
    tar-%: tar-%.tar.gz
     tar xzf $(<)

    .PRECIOUS: tar-%.tar.gz
    tar-%.tar.gz:
     wget "https://ftp.gnu.org/gnu/tar/$(@)"

    .FORCE:

    clean:
     rm -rf tar-* tar.* test_* test list
    ---8<------8<------8<------8<---

core/pkg-infra: allow per site-method sub-version strings

When we want to change the format of an archive we generate (e.g. those
we generate from git trees), the hashes of those archives will change.

To avoid any issue (e.g. an older Buildroot using newer archives, or the
other way around) that would conclude that the hashes do not match, we
want to change the filenames of the generated archives whenever we
change their format.

Introduce a new internal variable, specific to each site method, that we
can set to include a "format version" for the archives generated from
that site method.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>

core/pkg-infra: prepare for alternate default source archives

The .tar.gz default extension is historical, and we initially used
to only fetch tarballs from remote sites.

When we introduced downloads from VCS repositories, we kept that
extension, and kept compressing with gz, by lack of good reason to
switch to some other compression scheme.

However, nowadays, we will want to change the way we construct the
tarballs we generate from VCS. This will de facto change the hashes
of those tarballs.

So we will want that the archives we generate do not clash with the
existing ones, so we need another filename. Thus, we need a way to
be able to use a different extension when we generate archives from
VCS.

Use a macro as suggested by Arnout.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>

package/libclc: switch to use the frozen, legacy mirror

The LLVM project has switched to using a monorepo to host all their
components. The separate, individual repositories have been closed
late 2020 / early 2021. The libclc repository is no longer.

Switch to using the libclc source from the llvm legacy and frozen
mirror.

Even though we could switch over to using the github helper, we just
keep using the git download method: it is a small repository, and it
will not impact people that were already using it.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Valentin Korenblit <valentinkorenblit@gmail.com>
Cc: Michael Opdenacker <michael.opdenacker@bootlin.com>
Acked-by: Romain Naour <romain.naour@gmail.com>
---
Changes v1 -> v2:
  - keep everything as-is, just switch to the frozen mirror

package/tzdata: drop obosolete, legacy zic option -y

The following commits:
  - 7868289fd534 package/zic: bump version to 2020f
  - c99374ecbb5e package/tzdata: bump version to 2020f

bumped the tzdata from version 2020a to 2020f. However, in 2020b, the
zic option '-y' was removed, and so was the yearistype.sh script [0].

This now spews annoying warnings:

    warning: -y ignored

Fortunately, it still consumes its argument, so the missing yearistype.sh
is simply ignored.

Drop that option.

[0] https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>

package/tzdata: bump version to 2020f

Release notes:
https://mm.icann.org/pipermail/tz-announce/2020-December/000064.html

Upstream removed timezones pacificnew and systemv:
https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/zic: bump version to 2020f

Release notes:
https://mm.icann.org/pipermail/tz-announce/2020-December/000064.html

Rebased patch.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/readline: bump to version 8.1

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/busybox: fix selinux-related build error

Fixes:
http://autobuild.buildroot.net/results/b89/b89b7d0f0601bb706e76cea31cf4e43326e5540c/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/rng-tools: bump to version 6.11

Drop patches (already in version)

https://github.com/nhorman/rng-tools/releases/tag/V6.11

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/sdl2: bump version to 2.0.14

patch 0001: already applied upstream
patch 0002: adapt patch to 2.0.14

Signed-off-by: Michael Fischer <mf@go-sys.de>
[yann.morin.1998@free.fr:
  - renumber remaining patch
  - fix space-typo in hash file
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/multipath-tools: fix license

As stated in README.md, multipath-tools is covered by several licenses
and LGPL-2.0 is "just" the default license:
 - GPL-2.0+ (e.g. libmultipath/alias.c)
 - GPL-3.0+ (e.g. libdmmp/libdmmp.c)
 - LGPL-2.1+ (e.g. libmpathcmd/mpath_cmd.c)

So replace COPYING (which is a symlink to LICENSES/LGPL-2.0) by the
approriate license files in LICENSES directory

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: further split long lines]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>