package/python-iso8601: bump to version 0.1.13

Update indentation in hash file (two spaces)

https://github.com/micktwomey/pyiso8601/releases/tag/0.1.13

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/snort: add SNORT_CPE_ID_VENDOR

cpe:2.3:a:snort:snort is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Asnort%3Asnort

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/qpid-proton: set CPE variables

cpe:2.3:a:apache:qpid_proton is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aapache%3Aqpid_proton

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libcpprestsdk: bump to version 2.0.18

https://github.com/microsoft/cpprestsdk/releases/tag/2.10.18
https://github.com/microsoft/cpprestsdk/releases/tag/2.10.17

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/privoxy: add PRIVOXY_CPE_ID_VENDOR

cpe:2.3:a:privoxy:privoxy is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aprivoxy%3Aprivoxy

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/busybox: Fix check for IPv6 default route in udhcpc

The check for a default route is inverted, causing the script to wait
for the timeout even when a default IPv6 route is available. Fix this up
so that it exits early as expected.

Reported-by: Bhattiprolu RaviKumar <ravikumar.bhattiprolu@gmail.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/wireguard-linux-compat: bump version to 1.0.20210124

Fixes a build issue with recent 4.14.x stable kernels.  For details, see the
announcement:

https://lists.zx2c4.com/pipermail/wireguard/2021-January/006349.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/python-django: security bump to version 3.0.12

Fixes the following security issues:

CVE-2021-3281: Potential directory-traversal via archive.extract()

The django.utils.archive.extract() function, used by startapp --template and
startproject --template, allowed directory-traversal via an archive with
absolute paths or relative paths with dot segments.

For details, see the advisory:
https://www.djangoproject.com/weblog/2021/feb/01/security-releases/

Additionally, 3.0.11 fixed a regression:
https://docs.djangoproject.com/en/3.1/releases/3.0.11/

Update indentation in hash file (two spaces).

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/privoxy: security bump to version 3.0.31

From the announcement:

ChangeLog for Privoxy 3.0.31
--------------------------------------------------------------------
- Security/Reliability:
  - Prevent an assertion from getting triggered by a crafted CGI request.
    Commit 5bba5b89193fa. OVE-20210130-0001.
    Reported by: Joshua Rogers (Opera)
  - Fixed a memory leak when decompression fails "unexpectedly".
    Commit f431d61740cc0. OVE-20210128-0001.

- Bug fixes:
  - Fixed detection of insufficient data for decompression.
    Previously Privoxy could try to decompress a partly
    uninitialized buffer.

https://www.privoxy.org/announce.txt

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

support/scripts/pkg-stats: get_config_packages(): use dict.values()

There is no need to get both the key and the value out of the dict if the
key is not used, so use dict.values() instead.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/moarvm: bump to version 2020.12

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/rtty: bump version to 7.3.1

Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/pugixml: bump to version 1.11.4

- Use LICENSE.md which has been added in the release tarball since
  version 1.11 and
  https://github.com/zeux/pugixml/commit/ccb63a91865b59d3a4c1dde61fecf12ec085c089
- Fix a build failure with gerbera >= 1.5.0 when building pugixml in
  header-only mode

Fixes:
 - http://autobuild.buildroot.org/results/9c1919bacd23da0505a4eb828a806997a23b640f

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/bdwgc: set BDWGC_CPE_ID_VALID

cpe:2.3:a:bdwgc_project:bdwgc is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Abdwgc_project%3Abdwgc

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/snappy: add SNAPPY_CPE_ID_VENDOR

cpe:2.3:a:google:snappy is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agoogle%3Asnappy

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libnss: bump version to 3.61

Release Notes:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.61_release_notes

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/luasyslog: needs host-luarocks

host-luarocks is needed since bump to version 2.2.0 as the package is
now using autotools infrastructure instead of luarocks

Fixes:
 - http://autobuild.buildroot.org/results/f6a9615e965905bdc0a1e62020e4b27d6653693f

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/websocketpp: add WEBSOCKETPP_CPE_ID_VENDOR

cpe:2.3:a:zaphoyd:websocketpp is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Azaphoyd%3Awebsocketpp

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/musl: bump to version 1.2.2

Drop 0003-rewrite-wcsnrtombs-to-fix-buffer-overflow-and-other-.patch
as it is a backport of upstream commit
3ab2a4e02682df1382955071919d8aa3c3ec40d4 which is part of the 1.2.2
release.

1.2.2 release notes

major changes:
- child restrictions lifted after fork of multithreaded parent

new features:
- _Fork function (POSIX-future)
- reallocarray function (extension from OpenBSD, now widespread)
- gettid function (kernel tid as supported concept)
- SIGEV_THREAD_ID sigevent API (Linux extension)
- tcgetwinsize and tcsetwinsize functions (POSIX-future)

performance:
- faster software sqrt on archs without native sqrt instruction

compatibility:
- realpath no longer depends on procfs availability & accuracy
- time zone parser now always prefers 64-bit tables if present
- crypt_blowfish now supports $2b$ prefix
- res_query now reports errors via h_errno
- set*id and setrlimit are now safe in vforked/cloned child
- setgroups now applies to all threads
- dlopen debugger notification is improved, should work with lldb
- setrlimit no longer needs __synccall broadcast on linux 2.6.36+
- faccessat with AT_EACCESS no longer needs child process on linux 5.8+

bugs fixed:
- buffer overflow and infinite loop errors in wcsnrtombs (CVE-2020-28928)
- sem_close unmapped still-referenced semaphores
- fork of process with active aio could deadlock or crash paren
- pthread_cond_wait was broken with priority-inheritance mutex
- getgrouplist wrongly failed when nscd reported an empty list
- abort could leak modified SIGABRT disposition to fork or posix_spawn child
- regression with mallocng: malloc_usable_size(0) crashed
- readlink wrongly gave EINVAL on zero length dest buffer
- sqrtl was severely inaccurate (not correctly rounded) on ldquad archs
- assert failure wrongly flushed stdio (possible deadlock)
- MUSL_LOCPATH search was broken with multiple components
- missing newline in herror output
- possible deadlock in pthread_exit with pshared mutex or barrier usage
- pthread_mutexattr_getprotocol didn't read back protocol
- v4l2 ioctl translation for pre-time64 kernels didn't work

arch-specific bugs fixed:
- x86_64 longjmp failed to handle 0 argument reliably
- i386 __set_thread_area fallback for pre-2.6 kernels didn't work
- missing O_LARGEFILE macro value on x86_64, x32, mips64
- unpredictable s390x breakage from failure to preserve call-saved registers

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/binutils: drop 2.33.x series

Now that 2.36.x has been added, that 2.35.x is the default version,
drop support for 2.33.x.

Note that we keep binutils 2.32.x as it is the latest version that
works for FLAT binaries (used on noMMU platforms).

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/binutils: switch to 2.35.x as the default version

Now that 2.36 has been released, let's use 2.35.x as the default
binutils version.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/binutils: add support for version 2.36

Release e-mail:

  https://sourceware.org/pipermail/binutils/2021-January/115071.html

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/binutils: bump 2.35.x series to 2.35.2

Release notes:

  https://sourceware.org/pipermail/binutils/2021-January/115150.html

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/xenomai: set 'custom' as version in case of tarball

When BR2_PACKAGE_XENOMAI_CUSTOM_TARBALL is selected, the xenomai package
declared an empty version, which among others means that the build directory
becomes output/build/xenomai without any version specification, and empty
version information in 'xenomai-show-info'.

Other packages that allow a custom tarball, like 'linux' and
'arm-trusted-firmware', specify 'custom' as version in this case.

Adapt the xenomai package accordingly.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/inadyn: bump to version 2.8.1

ChangeLog:
- https://github.com/troglobit/inadyn/releases/tag/v2.8
- https://github.com/troglobit/inadyn/releases/tag/v2.8.1

Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libevdev: bump to version 1.11.0

With this version libevdev sets the license to MIT license.  Actually
that has always been the intended license before.  Upstream made some
effort to have all contributors acknowledge that over the past months.

Link: https://lists.freedesktop.org/archives/input-tools/2021-February/001557.html
Link: https://gitlab.freedesktop.org/libevdev/libevdev/-/issues/9
Link: https://gitlab.freedesktop.org/libevdev/libevdev/-/merge_requests/69
Signed-off-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libgpiod: bump to version 1.6.2

Version 1.6.2 now builds against headers >= 4.8.x. (Previously 5.5 was
required). Functionality might still be limited depending on the kernel version.

* altered note on updating
* disable building of tests

Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/frr: bump to 7.5

Major Behavior Changes

    - As a reminder for those upgrading from older releases, as of FRR 7.4
    and beyond:

    RFC 8212 is now enabled by default. BGP will not advertise or use
    routes unless explicitly configured to do so with an export or import
    policy.

All daemons

    Minimum libyang version is now 1.0.184

bfdd

    Profile support
    Minimum TTL support

bgpd

    RPKI now has support for VRFs
    Add wide option to route show commands
    Add ability to count filtered prefixes when using maximum-prefix
    with new force option
    Add ability to show selected bestpath routes for a given neighbor
    with bestpath-routes option to neighbor show command
    Add ability to specify message when admin downing a session with bgp
    shutdown message MSG... command
    Add IPv6 support for Flowspec
    Add ability to shut down neighbor if RTT is too high with neighbor
    <neigh> shutdown rtt command
    Allow update-delay to be applied globally
    Graceful Restart fixes
    Stability and performance fixes
    EVPN
    Beginning of MultiHoming support; stay tuned

isisd

    Add VRF support
    Add support for Anycast-SIDs
    Fix adjacency timer display overflow

ospfd

    Segment Routing support for ECMP
    Prevent crash if transferring config amongst instances
    Various LSA-related fixes

pbrd

    Add JSON support to commands
    Add ability to match on DSCP/ECN fields

pimd

    Add more JSON support to commands
    Add support for MSDP SA forwarding
    (s,g,rpt) ifchannel is now cleared when (*, G) prune is received
    Fix IGMP querier election and IP address mapping
    Fix missing mesh-group commands
    Fix crash when RP is removed

staticd

    Add support for Northbound API

zebra

    Nexthop group support for FPM
    Netlink batching support
    Northbound support for RIB model
    Backup nexthop support
    Allow upper level protocols to request ARP
    Add json output for zebra ES, ES-EVI and access vlan dumps

vtysh

    Speed up output across daemons
    Fix build-time errors for some --enable flags

Northbound / YANG

    Filter and route-map support
    OSPF model definition
    BGP model definition

RPM Packaging

    Moved RPKI to subpackage
    Added SNMP subpackage

Signed-off-by: Vadym Kochan <vadym.kochan@plvision.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/webkitgtk: add WEBKITGTK_CPE_ID_VENDOR

cpe:2.3:a:webkitgtk:webkitgtk is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Awebkitgtk%3Awebkitgtk

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

configs/hifive_unleashed: use mainline Linux + U-Boot

Update to use the official linux kernel v5.10 instead of an
out-of-tree kernel, and use the official U-Boot v2021.01 as the
bootloader. Provide two configuration files of genimage for different
boot flows:

- Boot from SD card (default)
- Boot from SPI flash

A boot script is generated to automatically boot the distro.

Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

Replace LIBFOO_CPE_ID_VERSION_MINOR by LIBFOO_CPE_ID_UPDATE

Replace LIBFOO_CPE_ID_VERSION_MINOR by LIBFOO_CPE_ID_UPDATE to better
"comply" with the official "Well-Formed CPE Name Data Model" parameters:
 - https://csrc.nist.gov/publications/detail/nistir/7695/final
 - https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7695.pdf

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/efl: drop dependency on gcc >= 4.8

Drop dependency on gcc >= 4.8 for efl options as it is guaranted since
commit dbe2d2e686281c19739824d4d4faec62187d1779 which added a dependency
on gcc >= 4.9 for efl

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libcamera: bump version to ab72e66

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/xserver_xorg-server: don't install init script if nodm is enabled

Both S40xorg and S90nodm tries to run an Xserver on vt1, causing the nodm
one to fail.  If nodm is enabled, then that is likely what the user wants to
run, so skip installing S40xorg.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/brltty: bump to version 6.3

- Drop second patch (already in version)
- Update hash of README, FrankAudiodata added and update in year:
  https://github.com/brltty/brltty/commit/76852b0214edea71ce36a1f8a905294a164e7f34
  https://github.com/brltty/brltty/commit/fdf19475c9b13125c2b7cb09e7d4c18bdf308e97
  https://github.com/brltty/brltty/commit/8f040b2ab8913b182fb87e3bcfa1f315235120cd
  https://github.com/brltty/brltty/commit/90fd84da90e2354d27a12fbe47728a5491fe8e72
- Update indentation in hash file (two spaces)

https://brltty.app/doc/ChangeLog.txt

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/sysklogd: bump to version 2.2.1

https://github.com/troglobit/sysklogd/releases/tag/v2.2.1

Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

support/scripts/pkg-stats: properly handle host packages with -c option

In commit 7a607dab336e7f78ab069cff1b503d0688950583
("support/scripts/pkg-stats: support generating stats based on
configured packages"), we added a -c option to pkg-stats to generate a
report based on the list of packages enabled in the configuration,
rather than for all packages.

This is done based on the list of packages returned in JSON format by
"make show-info". However, we use the keys of the JSON dict returned
by "make show-info", which include the host- prefix of host
packages. Due to this, none of the host packages are currently
matching and therefore they are not reported in the pkg-stats -c
output.

This commit fixes that by using the recently introduced "name"
property in the "make show-info" JSON dict.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: use anonymous '_' for unused variable]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

docs/website: update for 2020.02.10

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Update for 2020.02.10

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e5d3fc5a53ec4dabfa25e6b7478e8dc9cb0c9588)
[Peter: drop Makefile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

docs/website: update for 2020.11.2

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Update for 2020.11.2

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 551cb630079316efe928d7c2eb0358a19e38fc48)
[Peter: drop Makefile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/pkg-utils.mk: introduce "name" field in show-info output

The keys of the JSON dict returned by "make show-info" is the package
name, including the "host-" prefix for host packages.

However, it is sometimes useful to get the actual name of the package,
without the "host-" prefix, so we add a "name" property that holds the
"raw name" of the package.

Suggested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/mpd: disable documentation

Disable documentation which is enabled by default since version 0.22 and
https://github.com/MusicPlayerDaemon/MPD/commit/2e73e605f78d2e6488e34465a8bfa9e4989a057f

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/intel-mediadriver: fix option

Replace INSTALL_DRIVERS_SYSCONF by INSTALL_DRIVER_SYSCONF which is the
correct name since version 18.2.0 and
https://github.com/intel/media-driver/commit/81796c8a9e44b878e26064c898e0f4730e8220cf

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/intel-mediadriver: drop unrecognized options

BUILD_ALONG_WITH_CMRTLIB has been dropped since version 18.2.0 and
https://github.com/intel/media-driver/commit/c3e13c175d12790ab70c4de3521e47f62be780de

RUN_TEST_SUITE is also unrecognized (only MEDIA_RUN_TEST_SUITE is
recognized)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/intel-mediadriver: fix build with gcc 10

Fixes:
 - http://autobuild.buildroot.org/results/d5ab36026a66a4f371fb6ef6c9ecf43e9617d119

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

board/minnowboard: grub.cfg: disable eudev network interface renaming

So the normal DHCP-on-eth0 logic works for the graphical defconfig where
eudev is used.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

configs/minnowboard_max-graphical_defconfig: bump kernel to 5.10.11

To match minnowboard_max_defconfig.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

configs/minnowboard_max_defconfig: bump kernel to 5.10.11

Explicitly enable PCI support in the kernel after commit eb01d42a77785 (PCI:
consolidate PCI config entry in drivers/pci) and change to GPT partitions /
root=PARTLABEL to find the rootfs instead of hardcoding /dev/mmcblk2p2 as
the mmc probing order has changed since commit 21b2cec61c04bd1 (mmc: Set
PROBE_PREFER_ASYNCHRONOUS for drivers that existed in v4.4).

This has the additional advantage that the same image will work when written
to a USB drive instead of a microsd.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libgeos: depends on wchar

libgeos unconditionally uses wstring which raises the following build
failure:

In file included from /srv/storage/autobuild/run/instance-3/output-1/build/libgeos-3.9.0/tools/astyle/ASLocalizer.cpp:40:
/srv/storage/autobuild/run/instance-3/output-1/build/libgeos-3.9.0/tools/astyle/ASLocalizer.h:72:34: error: 'wstring' does not name a type; did you mean 'stdin'?
  string convertToMultiByte(const wstring& wideStr) const;
                                  ^~~~~~~
                                  stdin

Fixes:
 - http://autobuild.buildroot.org/results/e97d03848d9bbf1845b994f391679a1dbf49f61e

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/sunxi-mali-mainline-driver: bump version

Bump version and drop local patches already merged upstream. Add Linux
option needed by Linux version >= 4.20 package documentation and to .mk
file that automatically adds it to Linux config when building.

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/vsftpd: set VSFTPD_CPE_ID_VALID

cpe:2.3:a:vsftpd_project:vsftpd is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Avsftpd_project%3Avsftpd

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/vdr: add VDR_CPE_ID_VENDOR

cpe:2.3:a:tvdr:vdr is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atvdr%3Avdr

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/squid: add SQUID_CPE_ID_VENDOR

cpe:2.3:a:squid-cache:squid is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Asquid-cache%3Asquid

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/leptonica: fix legal info

Commit 5159f656608cb1a136c0fed8372ffe8ec3a75b33 forgot to update hash of
leptonica-license.txt which changed due to an update in year:
https://github.com/DanBloomberg/leptonica/commit/8193d341dd56aff5fcbbaab8832e7b38f2fede0a

Fixes:
 - http://autobuild.buildroot.org/results/1644512ca52eed1b69d65d3ca145ec0d253888a8

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/leptonica: add LEPTONICA_CPE_ID_VENDOR

cpe:2.3:a:leptonica:leptonica is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aleptonica%3Aleptonica

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/leptonica: add libwebp{demux, mux} optional dependency

leptonica optionally depends on webp/demux.h and webp/mux.h since
version 1.79.0:
https://github.com/DanBloomberg/leptonica/commit/a7c5bcdf04062aad3655642bdb853561a1c49733
https://github.com/DanBloomberg/leptonica/commit/0ce4b9cc0845b198583d51f0a0df277de8f8c5fa

Fixes:
 - http://autobuild.buildroot.org/results/1f8531e1651e82a1e93707ccb205d0e7a3cae1a3

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/faad2: add CPE variables

cpe:2.3:a:audiocoding:freeware_advanced_audio_decoder_2 is a valid CPE
identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aaudiocoding%3Afreeware_advanced_audio_decoder_2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/ser2net: bump version to 4.3.2

Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gensio: bump version to 2.2.3

Drop upstream patch that is in new version.

Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/netopeer2: bump version to 1.1.53

Remove patch applied upstream.

Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/sysrepo: bump version to 1.4.104

Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libnetconf2: bump version to 1.1.36

Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libyang: bump to version 1.0.215

Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/gdk-pixbuf: link with lintl if needed

Fixes:
 - http://autobuild.buildroot.org/results/4dc94dadbc17e06a214478644f29877fe205f93d

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

support/scripts/pkg-stats: fix flake8 warnings

Fixes:

support/scripts/pkg-stats:148:17: E741 ambiguous variable name 'l'
support/scripts/pkg-stats:379:9: E741 ambiguous variable name 'l'

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

support/scripts/pkg-stats: drop unused --cpeid option

The --cpeid option was mistakenly introduced by commit
92e7089a8ca9f7dba5a5d690b7f768352cd6b983 ("support/script/pkg-stats:
show CPE ID in results") but is in fact not necessary.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

support/scripts/pkg-stats: drop unused cpeid_name() function

The cpeid_name() function is not used anywhere, drop it.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

support/scripts/pkg-stats: fix the status reporting of CVEs

Since commit bd665d182c8131d2deafa39be0f3d89adb43643f
("support/scripts/pkg-stats: improve rendering of CVE information"),
we have better reporting of CVE related information, based on
pkg.status['cve']. However, this commit broke pkg-stats when the
--nvd-path option is not passed, and therefore no CVE information is
available.

This commit fixes that, by making use of the is_status_ok(),
is_status_error() and is_status_na() methods recently introduced.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

support/scripts/pkg-stats: improvements in is_status_*() methods

Make is_status_ok() work when the given status name is not even listed
in the status dict. This will be necessary for following commits.

Introduced similar methods for the error and na status, which will be
used in following commits.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/xapian: bump to version 1.4.18

Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/opusfile: bump to version 0.12

also set the indentation to 2 spaces in hash file

Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/leptonica: bump to version 1.80.0

Also added 2 spaces indentation in hash file

Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/faad2: bump to version 2.10.0

Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

DEVELOPERS: add Gilles Talis for opusfile

Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

DEVELOPERS: Add Gilles Talis for faad2

Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/{mesa3d, mesa3d-headers}: bump version to 20.3.4

Release notes:
https://lists.freedesktop.org/archives/mesa-announce/2021-January/000618.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libgpgme: bump to version 1.15.1

Update indentation in hash file (two spaces)

http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=blob;f=NEWS;h=f6c2b0d3c53b3a62ca71a2a85b2d9764cda359c0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libgpgme: add CPE variables

cpe:2.3:a:gnupg:gpgme is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnupg%3Agpgme

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/mutt: add gpgme optional dependency

gpgme is supported since 2005 and
https://gitlab.com/muttmua/mutt/-/commit/4bb5db92a89158cc45c3480f2be62d0b435c9a4e

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/vde2: add CPE variables

cpe:2.3:a:vde_project:vde is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Avde_project%3Avde

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/haproxy: bump to version 2.2.8

https://www.mail-archive.com/haproxy@formilux.org/msg39408.html
https://www.mail-archive.com/haproxy@formilux.org/msg39470.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/logrotate: use official tarball

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/bitcoin: add CPE variables

cpe:2.3:a:bitcoin:bitcoin_core is a valid CPE identifier for this
package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Abitcoin%3Abitcoin_core

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/bitcoin: security bump to version 0.21.0

Tag as a security bump as having an up to date bitcoin is important:
https://patchwork.ozlabs.org/project/buildroot/patch/20200202085526.35742-1-james.hilliard1@gmail.com

https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-0.21.0.md

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/socat: security bump to version 1.7.4.1

Buffer size option (-b) is internally doubled for CR-CRLF conversion,
but not checked for integer overflow. This could lead to heap based
buffer overflow, assuming the attacker could provide this parameter.

- Update indentation in hash file (two spaces)
- Update hash of README file due to minor updates:
  https://repo.or.cz/socat.git/commit/b145170837d75bd7a1a5803283910ab075d47bea
  https://repo.or.cz/socat.git/commit/0a115feadc3102f17e0a8a1a985319af0295f704

http://www.dest-unreach.org/socat/doc/CHANGES

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/uclibc: Patch with updated kernel time definitions

Building uclibc 1.0.37 for SuperH architecture with linux-headers 5.10.7
fails at libpthread level due to missing time-related data structures,
usually defined by the kernel. Make uclibc correctly define those types.

A previous patch in buildroot [1] fixed the symptom by tampering with
linux-headers inclusions, but analysis [2] done in collaboration with
Linux folks concluded that the issue lied in (voluntary) include guard
"preemption" in uclibc kernel_types.h.
However, kernel_types.h was not up to date with relevant 64-bit time
data structures, so defining those here was needed.

The present uclibc patch was mailed to uclibc-ng mailing list and got
a positive response; I am not able to give a link to the discussion,
as it has not appeared yet [3] (perhaps I'm not looking at the right
place ?)
So until the patch is merged upstream and we bump uclibc version, keep
our patch here.

[1] https://git.buildroot.net/buildroot/commit/?id=742f37de8d0e3797698411dfc6a63bd7e98aafe2
[2] https://patchwork.kernel.org/project/linux-sh/patch/20210123165652.10884-1-geoffrey.legourrierec@gmail.com/
[3] https://mailman.uclibc-ng.org/pipermail/devel/2021-January/thread.html

Signed-off-by: Geoffrey Le Gourriérec <geoffrey.legourrierec@gmail.com>
Tested-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

board/qemu/sh4*: Remove linux-headers patch

Previous patch about time data structures [1] provided a dirty fix
that did not solve the real issue.

After discussing with Linux folks on the SuperH mailing list [2],
the patch was deemed unnecessary, as the problem lied in uclibc.

[1] https://git.buildroot.net/buildroot/commit/?id=742f37de8d0e3797698411dfc6a63bd7e98aafe2
[2] https://patchwork.kernel.org/project/linux-sh/patch/20210123165652.10884-1-geoffrey.legourrierec@gmail.com/

Signed-off-by: Geoffrey Le Gourriérec <geoffrey.legourrierec@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/ply: needs headers >= 4.14

ply uses BPF_JLT is available only since kernel 4.14 with:
https://github.com/torvalds/linux/commit/92b31a9af73b3a3fc801899335d6c47966351830

Fixes:
 - http://autobuild.buildroot.org/results/632187ceb7ca5e2dc5a3e5185860ddb874b4274c

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/wayland: add WAYLAND_CPE_ID_VENDOR

cpe:2.3:a:wayland:wayland is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Awayland%3Awayland

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/sox: add CPE variables

cpe:2.3:a:sound_exchange_project:sound_exchange is a valid CPE
identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Asound_exchange_project%3Asound_exchange

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libgeos: disable benchmarks

Fixes:
 - http://autobuild.buildroot.org/results/790450f7541d690cdef3917d7056759cb9b403c5

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/dhcpcd: fix build with nds32

Fix build failure with dhcpcd due to SECCOMP_AUDIT_ARCH which is used
since version 9.3.0 and
https://github.com/rsmarples/dhcpcd/commit/a926ee6d8f4eb2f04e01d72664893e3cb95fceca

Fixes:
 - http://autobuild.buildroot.org/results/af8ba07ea0c12ab8cd24d528ef98db05521f3d36

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/spice: set SPICE_CPE_ID_VALID

cpe:2.3:a:spice_project:spice is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aspice_project%3Aspice

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/pinentry: bump to version 1.1.1

- add efl optional dependency which is available since
  http://git.gnupg.org/cgi-bin/gitweb.cgi?p=pinentry.git;a=commit;h=948105b7a34ec9a9e5479d376b7c86bafee50a01
- Update indentation in hash file (two spaces)

http://git.gnupg.org/cgi-bin/gitweb.cgi?p=pinentry.git;a=blob;f=NEWS;h=c8b5195ace7bb3ffb1420ae479ac39d65b0fa17c

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/rtty: bump version to 7.3.0

Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libgcrypt: security bump version to 1.9.1

Removed patch which was applied upstream.

Release notes:
https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

{linux, linux-headers}: bump 4.19.x / 5.{4, 10}.x series

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/spdlog: bump to version 1.8.2

Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/python-remi: bump to version 2020.11.20

Add runtime dependencies to pythonX-ssl and python-setuptools.

Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>