package/zic: bump version to 2020f

Release notes:
https://mm.icann.org/pipermail/tz-announce/2020-December/000064.html

Rebased patch.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/readline: bump to version 8.1

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/busybox: fix selinux-related build error

Fixes:
http://autobuild.buildroot.net/results/b89/b89b7d0f0601bb706e76cea31cf4e43326e5540c/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/rng-tools: bump to version 6.11

Drop patches (already in version)

https://github.com/nhorman/rng-tools/releases/tag/V6.11

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/sdl2: bump version to 2.0.14

patch 0001: already applied upstream
patch 0002: adapt patch to 2.0.14

Signed-off-by: Michael Fischer <mf@go-sys.de>
[yann.morin.1998@free.fr:
  - renumber remaining patch
  - fix space-typo in hash file
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/multipath-tools: fix license

As stated in README.md, multipath-tools is covered by several licenses
and LGPL-2.0 is "just" the default license:
 - GPL-2.0+ (e.g. libmultipath/alias.c)
 - GPL-3.0+ (e.g. libdmmp/libdmmp.c)
 - LGPL-2.1+ (e.g. libmpathcmd/mpath_cmd.c)

So replace COPYING (which is a symlink to LICENSES/LGPL-2.0) by the
approriate license files in LICENSES directory

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: further split long lines]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/casync: new package

Signed-off-by: Yair Ben-Avraham <yairba@protonmail.com>
[yann.morin.1998@free.fr:
  - correctly fix build without lzma in an upstreamable fashion
  - actually fix the build without udev
  - depend on udev, not libudev (which does not exist)
  - don't use += for the first variable assignment to _CONF_OPTS
  - explicitly disable unsupported fuzz options
  - add explicit optiopnal support for bash-completion
  - drop useless comments about "features" and "booleans"
  - fix alphabetical order in DEVELOPERS
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/nodejs: security bump to version 12.20.1

Fixes the following security issues:

- CVE-2020-8265: use-after-free in TLSWrap (High) Affected Node.js versions
  are vulnerable to a use-after-free bug in its TLS implementation.  When
  writing to a TLS enabled socket, node::StreamBase::Write calls
  node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first
  argument.  If the DoWrite method does not return an error, this object is
  passed back to the caller as part of a StreamWriteResult structure.  This
  may be exploited to corrupt memory leading to a Denial of Service or
  potentially other exploits

- CVE-2020-8287: HTTP Request Smuggling in nodejs Affected versions of
  Node.js allow two copies of a header field in a http request.  For
  example, two Transfer-Encoding header fields.  In this case Node.js
  identifies the first header field and ignores the second.  This can lead
  to HTTP Request Smuggling

- CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High)
  This is a vulnerability in OpenSSL which may be exploited through Node.js.
  You can read more about it in
  https://www.openssl.org/news/secadv/20201208.txt

Update the license hash for the addition of the (MIT licensed)
cjs-module-lexer module:
https://github.com/nodejs/node/commit/9eb1fa19248949dfc716807b1dc97dedf36da14e

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/clinfo: bump to version 3.0.20.11.20

Update indentation of hash file (two spaces).

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/poppler: use ENABLE_GLIB

Use ENABLE_GLIB which is available since version 0.60 and
https://github.com/freedesktop/poppler/commit/766a32ff59dadd9ae4639d8a79861a17be6aec52

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

DEVELOPERS: fix order

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/libiec61850: fix CVE-2020-15158

In libIEC61850 before version 1.4.3, when a message with COTP message
length field with value < 4 is received an integer underflow will happen
leading to heap buffer overflow. This can cause an application crash or
on some platforms even the execution of remote code. If your application
is used in open networks or there are untrusted nodes in the network it
is highly recommend to apply the patch. This was patched with commit
033ab5b. Users of version 1.4.x should upgrade to version 1.4.3 when
available. As a workaround changes of commit 033ab5b can be applied to
older versions.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/busybox: bump version to 1.33.0

Rebased patch 0002.

Removed patch 0003 which was applied upstream:
https://git.busybox.net/busybox/commit/?h=1_33_stable&id=1a5d6fcbb5e606ab4acdf22afa26361a25f1d43b

Switched _SITE to https.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/frotz: new package

Frotz is an interpreter for old Infocom adventures and other Z-code
games.

Signed-off-by: Thomas Huth <huth@tuxfamily.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

toolchain: CodeSourcery AArch64 2014.11 does not contain libatomic

Fixes build error

output/host/opt/ext-toolchain/bin/../lib/gcc/aarch64-amd-linux-gnu/4.9.1/../../../../aarch64-amd-linux-gnu/bin/ld:
 cannot find -latomic

using this defconfig

BR2_aarch64=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_CODESOURCERY_AARCH64=y
BR2_PACKAGE_OPENSSL=y

libopenssl is only used here as an example: all packages adding -latomic
if BR2_TOOLCHAIN_HAS_LIBATOMIC=y are broken, like dav1d, ffmpeg, gnutls,
kodi and vlc.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/xorcurses: new package

XorCurses is a remake of the 8-bit game 'Xor' by Astral Software.
Your task is to roam around a series of mazes where you have to
collect all blue masks before finding the exit. You have two 'shields'
(players) and you can use either one at any time and switch between
them. While the first level is simply a matter of navigation, the
following levels introduce further objects like bombs and teleports,
which have to be used right to solve the puzzles.

Signed-off-by: Thomas Huth <huth@tuxfamily.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/apcupsd: fix reverse dependency for libusb

Commit 8a26801c9f (package/libusb: needs gcc >= 4.9) added a dependency
to gcc >= 4.9 for libusb but forgot to propagate the reverse dependency
to BR2_PACKAGE_APCUPSD_USB.

Fixes:
http://autobuild.buildroot.net/results/f34/f348fe8e5530970a14589ca878810a3bdaf98f67/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

configs/solidrun_clearfog_gt_8k: bump BSP components

Switch to upstream ATF of recent version to fix build with recently
updated mv-ddr. The vendor does not provide public access to newer ATF
versions anymore.

Bump U-Boot and kernel to fix dtc build on hosts with gcc 10.

Increase rootfs size. The default 60MB is not enough.

Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/948622614

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/bats-core: bump version to 1.2.1

For details, see the release notes:
https://github.com/bats-core/bats-core/releases/tag/v1.2.1

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

linux: indicate proper CPE prefix

The CPE type of the Linux kernel is special, it should be "o", unlike
all other packages that use "a". We therefore need to override
<pkg>_CPE_ID_PREFIX, so that the CPE ID of the linux package matches
with the CPE dictionary.

Reported-by: Matt Weber <matthew.weber@rockwellcollins.com>
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/nano: bump to version 5.4

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/dbus: bump to version 1.12.20

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/p11-kit: security bump to version 0.23.22

- Fix memory-safety issues that affect the RPC protocol (CVE-2020-29361,
  CVE-2020-29362 and CVE-2020-29363)
- Update indentation in hash file (two spaces)

https://github.com/p11-glue/p11-kit/blob/0.23.22/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/openvpn: set OPENVPN_CPE_ID_VENDOR

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/python-s3transfer: bump to version 0.3.3

While at it, use two spaces for all the hashes.

Signed-off-by: Raphaël Mélotte <raphael.melotte@essensium.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/openjpeg: fix build with poppler

Fix build of poppler with openjpeg in version 2.4.0

Fixes:
 - http://autobuild.buildroot.org/results/e4e43519a1c70686844b08257971cc350a746636

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/multipath-tools: disable -Werror

Set the new WARNFLAGS to "" which has been added since version 0.8.5 and
https://github.com/opensvc/multipath-tools/commit/82f1b164cb21c9632b3c73f865d97777c7a61e0d

Otherwise, -Werror will raise the following build failure:

/srv/storage/autobuild/run/instance-3/output-1/host/bin/mipsel-linux-gcc --std=gnu99 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64  -O2  -D_FORTIFY_SOURCE=1  -Werror -Wall -Wextra -Wformat=2 -Werror=implicit-int -Werror=implicit-function-declaration -Werror=format-security -Wno-clobbered -Wno-error=clobbered -Werror=cast-qual -Werror=discarded-qualifiers -pipe -DBIN_DIR=\"/sbin\" -DLIB_STRING=\"lib\" -DRUN_DIR=\"run\" -MMD -MP -fPIC -I.. -I../../libmultipath/nvme -Wp,-D_FORTIFY_SOURCE=2  -c -o nvme.o nvme.c
<command-line>: error: "_FORTIFY_SOURCE" redefined [-Werror]

Fixes:
 - http://autobuild.buildroot.org/results/71f7661e7d26ca8608e902eee9f2a92376b00601

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/balena-engine: new package

Signed-off-by: Tian Yuanhao <tianyuanhao@aliyun.com>
Signed-off-by: Christian Stewart <christian@paral.in>
Reviewed-by: Christian Stewart <christian@paral.in>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/libiec61850: new package

Don't add mbedtls support since it require a bundled and specific
version.

Keep experimental Python binding support disabled for now.

Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/fluidsynth: add systemd optional dependency

systemd is an optional dependency (enabled by default) since version
2.0.5 and
https://github.com/FluidSynth/fluidsynth/commit/099369f8b7f39afe08b6a518195948b05a937af3

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/fluidsynth: add sdl2 optional dependency

sdl2 is an optional dependency (enabled by default) since version 2.1.0:
https://github.com/FluidSynth/fluidsynth/commit/978283bbf0309191a441121b7ea867e41e329d3b

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/swupdate: note init script tokenizing limitation

Command line options reference:
https://sbabic.github.io/swupdate/_sources/swupdate.txt

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/luasyslog: bump to version 2.2.0 from a fork

This commit switches the luasyslog package to use a fork of the
project that has good Lua 5.3 support.

This fork has a public repository on Github
(https://github.com/ntd/luasyslog/), and is available as a Lua Rock
(https://luarocks.org/modules/ntd/luasyslog), but unfortunately the
rockspec uses a build method that is not supported by the Buildroot
luarocks infrastructure. Therefore, we used the autotools build system
provided by this fork.

Because this fork has good support for Lua 5.3, the "Lua 5.3
compatibility" patch becomes useless and can be dropped.

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/environment-setup: fix spelling of the script file in the manual.

The manual incorrectly refers to the script file as `setup-environment';
it is actually called `environment-setup'.

Signed-off-by: Konrad Schwarz <konrad.schwarz@siemens.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/freescale-imx/firmware-imx/Config.in: install imx6q binaries for IM6UL platform

linux-*/arch/arm/boot/dts/imx6ul.dtsi
requires the install of the sdma-imx6q.bin as stated in
line 727: fsl,sdma-ram-script-name = "imx/sdma/sdma-imx6q.bin";

without the BR2_PACKAGE_FIRMWARE_IMX_SDMA_FW_NAME being set to "imx6q"
line 102 of firmware-imx.mk does not install the firmware to to target

Signed-off-by: Rob Mellor <Rob.Mellor@ultra-pals.com>
Reviewed-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/coremark-pro: new package

CoreMark-Pro is a comprehensive, advanced processor benchmark that
works with and enhances the market-proven industry-standard EEMBC
CoreMark benchmark.

https://www.eembc.org/coremark-pro/

Signed-off-by: Chris Packham <judge.packham@gmail.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/coremark: new package

CoreMark is a simple, yet sophisticated benchmark that is designed
specifically to test the functionality of a processor core. Running
CoreMark produces a single-number score allowing users to make quick
comparisons between processors.

https://www.eembc.org/coremark/

Signed-off-by: Chris Packham <judge.packham@gmail.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Tested-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/boost: drop BOOST_IGNORE_CVES

Not needed since commit 63332c33aa0771532807fd2684d4eee4eb952435

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/open62541: add patch to allow building without a C++ compiler

This patch was intended to be added in commit
b36ea68b5ad0f89ffd92cac3f91654e180683b1c ("package/open62541: new
package") but was missed, causing open62541 to not build on
configurations that lack a C++ compiler. This patch removes the need
for a C++ compiler by properly declaring the CMake project.

Fixes:

  http://autobuild.buildroot.net/results/86ca6a5a01ecfc7030c6be0da81924436b41d057/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/jasper: Bump to 2.0.24

Changes:
* Add JAS_VERSION_MAJOR, JAS_VERSION_MINOR, JAS_VERSION_PATCH for
  easier access to the JasPer version.
* Fixes stack overflow bug on Windows, where variable-length
  arrays are not available. (#256)

Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

DEVELOPERS: Add Romain Naour for qemu package

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/pkgconf: bump to version 1.6.3

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

DEVELOPERS: add myself for php

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/php: security bump version to 7.4.14

Fixes CVE-2020-7071: https://bugs.php.net/bug.php?id=77423

Release notes: https://news-web.php.net/php.announce/304
Changelog: https://www.php.net/ChangeLog-7.php#7.4.14

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/sigrok-cli: bump to version 0.7.1

https://sigrok.org/gitweb/?p=sigrok-cli.git;a=blob;f=NEWS;h=614c910b791228203dd144f0c092204ba0491e8f;hb=6bb3c3dd27c0477705a5c0684a8c3fd506a35f48

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/minizip: bump to version 2.10.6

https://github.com/nmoinvaz/minizip/releases/tag/2.10.6

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/minicom: bump to version 2.8

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/c-periphery: bump to v2.3.1

Signed-off-by: Ryan Barnett <ryanbarnett3@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libcap: bump to version 2.46

remove merged patch

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libwebsockets: bump to version 4.0.21

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libgtk3: bump to version 3.24.24

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libgtk2: bump to version 2.24.33

Update indentation in hash file (two spaces)

https://gitlab.gnome.org/GNOME/gtk/-/blob/2.24.33/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/openjpeg: security bump to version 2.4.0

- Drop upstreamed patches
- Update indentation in hash file (two spaces)
- Fix CVE-2020-27814, CVE-2020-27823, CVE-2020-27824 and
  CVE-2020-27841 to CVE-2020-27845

https://github.com/uclouvain/openjpeg/releases/v2.4.0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/ytree: bump version to 2.03

Changelog: https://www.han.de/~werner/ytree.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/dav1d: bump version to 0.8.1

Changelog: https://code.videolan.org/videolan/dav1d/-/blob/master/NEWS

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/x11r7/xfont_font-misc-ethiopic: bump version to 1.0.4

Added hashes provided by upstream.

Release notes:
https://lists.x.org/archives/xorg-announce/2020-August/003055.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/x11r7/xfont_font-alias: bump version to 1.0.4

Added hashes provided by upstream.

Release notes:
https://lists.x.org/archives/xorg-announce/2020-August/003054.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/x11r7/xapp_fonttosfnt: bump version to 1.2.1

Release notes:
https://lists.x.org/archives/xorg-announce/2020-December/003068.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libmicrohttpd: bump version to 0.9.72

Release notes:
https://lists.gnu.org/archive/html/libmicrohttpd/2020-12/msg00023.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/stellarium: bump version to 0.20.4

Release notes:
http://stellarium.org/release/2020/12/28/stellarium-0.20.4.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/dovecot-pigeonhole: bump version to 0.5.13

Release notes:
https://dovecot.org/pipermail/dovecot-news/2021-January/000449.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/dovecot: security bump version to 2.3.13

Updated license hash due to upstream commit:
https://github.com/dovecot/core/commit/bf7952d33e39358a1258697505ed25c050e14bbb

Fixes the following CVEs:

CVE-2020-24386:
https://dovecot.org/pipermail/dovecot-news/2021-January/000450.html

CVE-2020-25275:
https://dovecot.org/pipermail/dovecot-news/2021-January/000451.html

Release notes:
https://dovecot.org/pipermail/dovecot-news/2021-January/000448.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

support/scripts/pkg-stats: fix flake8 errors

support/scripts/pkg-stats:81:22: E211 whitespace before '('
support/scripts/pkg-stats:404:1: E305 expected 2 blank lines after class or function definition, found 1
support/scripts/pkg-stats:561:12: E713 test for membership should be 'not in'
support/scripts/pkg-stats:567:1: E302 expected 2 blank lines, found 1
support/scripts/pkg-stats:595:1: E302 expected 2 blank lines, found 1
support/scripts/pkg-stats:1051:1: E302 expected 2 blank lines, found 1
support/scripts/pkg-stats:1057:1: E302 expected 2 blank lines, found 1

Also fix:
support/scripts/pkg-stats:1054:5: E722 do not use bare 'except'
found by a more recent flake8 version. The exception may be either
IndexError or AttributeError, so use Exception to catch either.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

package/nginx: use /var/cache/nginx instead of /var/tmp/nginx

move
  http-client-body-temp-path
  http-proxy-temp-path
  http-fastcgi-temp-path
  http-scgi-temp-path
  http-uwsgi-temp-path

from /var/tmp/nginx to /var/cache/nginx

this allows the use of systemd constructs

  LogsDirectory=nginx
  CacheDirectory=nginx

to replace

  ExecStartPre=/usr/bin/mkdir -p /var/log/nginx /var/tmp/nginx

as there isn't a similar construct for /var/tmp.

Signed-off-by: Pascal de Bruijn <p.debruijn@unilogic.nl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/open62541: new package

Signed-off-by: Yann CARDAILLAC <ycardaillac@sepro-group.com>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/olsr: add pud plugin

pud plugin needs gpsd and has a specific license

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/perl: add option to enable threads

Add config option for Perl to enable threads usage.

Signed-off-by: Hector Kesari <hector.kesari@rockwellcollins.com>
Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/spi-tools: bump to version 0.8.6

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/pango: bump to version 1.48.0

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/lighttpd: bump to version 1.4.58

the part concerning pdf is merged upstream

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/libsecret: bump to version 0.20.4

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/harfbuzz: bump to version 2.7.4

remove merged patch

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/dash: bump to version 0.5.11.3

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/librelp: bump to version 1.9.0

Signed-off-by: David GOUARIN <david.gouarin@thalesgroup.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package: provide CPE ID details for numerous packages

This patch adds CPE ID information for a significant number of
packages.

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

support/scripts/pkg-stats: improve rendering of CVE information

This commit improves pkg-stats to fill in pkg.status['cve'] depending
on the situation for CVEs affecting this package. They are then used
in the HTML rendering.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

support/scripts/pkg-stats: ignore packages with no valid infra and no version for CVE checking

Virtual packages (with in pkg-stats speak have "no valid
infrastructure") and packages that have no version specified cannot be
used for CVE checking. They trigger a bunch of warnings from the CVE
checking code, as it cannot parse their version: they don't have any
version. So instead, we simply skip those packages.

A follow-up commit will improve the reporting to be able to
distinguish those packages from packages that have seen their CVEs
checked and don't have any reported.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

support/scripts/{pkg-stats, cve.py}: support CPE ID based matching

This commit modifies cve.py, as well as its users cve-checker and
pkg-stats to support CPE ID based matching, for packages that have CPE
ID information.

One of the non-trivial thing is that we can't simply iterate over all
CVEs, and then iterate over all our packages to see which packages
have CPE ID information that match the CPEs affected by the
CVE. Indeed, this is an O(n^2) operation.

So instead, we do a pre-filtering of packages potentially affected. In
check_package_cves(), we build a cpe_product_pkgs dict that associates
a CPE product name to the packages that have this CPE product
name. The CPE product name is either derived from the CPE information
provided by the package if available, and otherwise we use the package
name, which is what was used prior to this patch.

And then, when we look at CVEs, we only consider the packages that
have a CPE product name matching the CPE products affected by the
CVEs. This is done in check_package_cve_affects().

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

support/script/pkg-stats: show CPE ID in results

This commit improves the pkg-stats script to show the CPE ID of
packages, if available. For now, it doesn't use CPE IDs to match CVEs.

Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python-modbus-tk: bump to version 1.1.2

Also Remove md5 hash

Signed-off-by: Pierre-Jean Texier <texier.pj2@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/libarchive: bump to version 3.5.1

Libarchive 3.5.1 is a bugfix release.

Update COPYRIGHT hash due to clarification about 'archive_entry.c' source
file:

 - https://github.com/libarchive/libarchive/commit/fde4660d7bda7debe8e6c8166d49fe9fa62db61d

Signed-off-by: Pierre-Jean Texier <texier.pj2@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/mongoose: bump to to version 7.0

Update LICENSE hash; copyright year update:

-Copyright (c) 2004-2013 Sergey Lyubka <valenok@gmail.com>
-Copyright (c) 2013-2018 Cesanta Software Limited
+Copyright (c) 2004-2013 Sergey Lyubka
+Copyright (c) 2013-2020 Cesanta Software Limited

See https://github.com/cesanta/mongoose/releases/tag/7.0

Signed-off-by: Pierre-Jean Texier <texier.pj2@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/waf: bump to v2.0.21

Also add a comment in waf.hash about the mechanism for LICENSE hash check

Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/htop: bump to version 3.0.4

remove merged patch

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python3: add optional support for lib2to3

Kodi is in transition to support python3 instead of python2:
https://kodi.wiki/view/General_information_about_migration_to_Python_3

"For Kodi 18 (Leia), only addons that are compatible with both Python 2
 and 3 will be accepted to the official addon repository."

Some of these addons depend on the Kodi addon script.module.future to
provide support for both python versions.

The script.module.future addon contains python-future:
https://kodi.wiki/view/General_information_about_migration_to_Python_3#Future
which in turn needs lib2to3 to be included in the target build of
python3: http://python-future.org/automatic_conversion.html

Kodi addons depending on the script.module.future addon are crashing on
buildroot due to lib2to3 missing in the build.

LibreELEC added lib2to3 to python3 to fix the problem:
https://forum.libreelec.tv/thread/21239-lib2to3-pgen2-parse-missing/
https://github.com/LibreELEC/LibreELEC.tv/pull/4146

This patch provides the Config.in option to be used by Kodi 19.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[yann.morin.1998@free.fr:
  - fix conflicts due to local changes in author's tree
  - fix typ in variabl name (PYTHON_CONF_OPTS -> PYTHON3_CONF_OPTS)
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/quickjs: link with libatomic

Link with libatomic if available.

Fixes:

  - http://autobuild.buildroot.net/results/e0766eef95a2559d51e58d1a81a9c40df84ae509

  .../build/quickjs-2020-11-08/quickjs.c:12229: undefined reference to `__atomic_fetch_xor_1'

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr:
  - make it a generic variable, not tied to -latomic
  - pass it in all step, like CROSS_PREFIX
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/quickjs: needs host gcc >= 4.9 (C11/stdatomic.h)

Fixes:

  - http://autobuild.buildroot.net/results/c7882cc2d66984350f54d619f39cfee5065d941a

  gcc -g -Wall -MMD -MF .obj/libregexp.host.o.d -Wno-array-bounds -Wno-format-truncation -D_GNU_SOURCE -DCONFIG_VERSION=\"2020-11-08\" -DCONFIG_BIGNUM -O2 -flto -c -o .obj/libregexp.host.o libregexp.c
  quickjs.c:112:23: fatal error: stdatomic.h: No such file or directory
   #include <stdatomic.h>
                         ^
  compilation terminated.

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/bind: disable backtrace support

Disable backtrace support, fixes linking failure for uclibc/musl based
toolchains.

Fixes:

  - http://autobuild.buildroot.net/results/7a1a140314bc8d134f9eeb95ef2e46e7fb0ce9fd/

  .../arm-buildroot-linux-uclibcgnueabi/bin/ld: ../isc/.libs/libisc.so: undefined reference to `_Unwind_GetIP'

  - http://autobuild.buildroot.net/results/f0db5fe7fc6860b7270c784989c451e2e7aa2afb/

  .../arm-buildroot-linux-uclibcgnueabi/bin/ld: ../isc/.libs/libisc.so: undefined reference to `_Unwind_GetIP'

  - http://autobuild.buildroot.net/results/cb963298885df37f1e5c4d3ab3989773c01c54fc/

  .../arm-buildroot-linux-musleabihf/bin/ld: ../isc/.libs/libisc.so: undefined reference to `_Unwind_GetIP'

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/libmdbx: fix build with glibc < 2.12

Set CMAKE_BUILD_TYPE to Release to avoid the following build failure
with glibc < 2.12:

/home/buildroot/autobuild/run/instance-1/output-1/build/libmdbx-0.9.2/mdbx.c:487:5: error: #warning "libmdbx was only tested with GLIBC >= 2.12." [-Werror=cpp]
 #   warning "libmdbx was only tested with GLIBC >= 2.12."
     ^~~~~~~
cc1: all warnings being treated as errors

Fixes:
 - http://autobuild.buildroot.org/results/1a60b2c3d2f276f99a22da48e8e16fcf5744eba0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Leonid Yuriev <leo@yuriev.ru>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/trace-cmd: installs nothing in staging/

Since its introduction in Buildroot in 2013 with commit 07203d78c24d
(trace-cmd: new package), trace-cmd has declared installing in staging.

But trace-cmd is a generic-package, and has never, ever provided any
commands for staging installation.

Drop this declaration.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/nfs-utils: rpcbind is only needed for rpc.nfsd

rpcbind is only used by nfsd to export nfs share supporting older
v2, v3 protocols.

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[yann.morin.1998@free.fr:
  - move the select to the corresponding symbol
  - tweak the commit title
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/trace-cmd: bump to version 2.9.1

The layout of the pacakge direcotry has changed, as upstream has added
more than just trace-cmd in the repository (e.g. kernel-shark).

However, the buildsystem for trace-cmd is... unconventional:

  - the top-level Makefile will recurse into the trace-cmd/
    sub-directory, but does not pass any variable on the $(MAKE) command
    line; instead, it exports them in the environment, e.g.:
        export CFLAGS

  - the top-level Makefile appends some definitions to CFLAGS et al.,
    sometimes with a simple append-assignment, sometimes with an
    overriden append-assignment, e.g.:
        CFLAGS += -DVSOCK
        override CFLAGS += -DNO_PTRACE

  - the top-level Makefile does not export all the variables. For
    example, LDFLAGS is not exported;

  - the Makefile in the trace-cmd/ sub-directory expects some variables
    to be set, which is done by the top-level Makefile.

As a consequence, we can no longer pass our variable definitions as make
variable defintions on the command line; we must pass them in the
environment. Note that for some, like CFLAGS, that would still work, but
it would not for others, like LDFLAGS; for consistency, we put all in
the environment.

We can however use the provided 'make install', that behaves as
expected. But we must repeat most environment variables; especially, we
duplicate TARGET_CONFIGURE_OPTS as it has PATH et al. which are needed
by the top-level Makefile to properly detect tools (e.g. swig), which it
uses to decide what it should install.

Drop upstreamed patch.

Update the licensing information: new license files have been added in a
sub-directory, and the top-level COPYING now only references those two
(rather than being the actual text of the GPL-2).

Use two spaces in hash file.

Signed-off-by: Norbert Lange <nolange79@gmail.com>
[yann.morin.1998@free.fr:
  - keep using a git clone
  - unbreak the build:
    - use the default make target rule, or the plugins and python
      bindings be built at install time, with the host compiler
    - use the default install target rule
  - expand commit log:
    - detail buildsystem issues
  - add new license files and their hashes
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/python3: bump version to 3.9.1

Release notes:
https://www.python.org/downloads/release/python-391/

Changelog:
https://docs.python.org/release/3.9.1/whatsnew/changelog.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python-mwclient: update help text in Config.in

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/python-mwclient: fix legal info

Needed due to upstream commit
https://github.com/mwclient/mwclient/commit/213ecd23c77a6e60e1996a33cfafae1e467ee2ff

Fixes:
http://autobuild.buildroot.net/results/d40/d40f3a5122e758aaa5ff7b10d273908849e27bc7/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/multipath-tools: bump to version 0.8.5

Change github URL to https://github.com/opensvc/multipath-tools
which offers proper releases.

Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/systemd: don't fail if getty service directory already exists

Add -p argument that ignore that specified directory already exists.

Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
[yann.morin.1998@free.fr:
  - split to its own patch
  - rewrite commit title
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/syslog-ng: don't fail if systemd service directory already exists

Add -p argument that ignore that specified directory already exists.

Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
[yann.morin.1998@free.fr:
  - split to its own patch
  - rewrite commit title
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/luarocks: fix copying our custom command if dest dir exists

Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
[yann.morin.1998@free.fr:
  - use $(INSTALL), not "mkdir -p + cp"
  - split to its own patch
  - rewrite commit title
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/c-ares: bump to version 1.17.1

Drop patch (not needed since
https://github.com/c-ares/c-ares/commit/b83731ddb6b7834fa0e1eb14a523603c3c040298)
and so autoreconf

https://c-ares.haxx.se/changelog.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>