ref #11627

ref #11607

(cherry picked from commit f430aef7)

backport fix that adds newline to each cert in the bundle. The reason is
that trailing newline is no requirement so self generated certs may not
have it.

fixes #8379

(cherry picked from commit 0b87f832)

CVE-2020-10957, CVE-2020-10958, CVE-2020-10967,
CVE-2020-7046, CVE-2020-7957

Upgrade pigeonhole plugin to 0.5.10

fixes #11557

fixes #11539

CVE-2020-2752
CVE-2020-2812
CVE-2020-2814
CVE-2020-2760

fixes #11508

See #11509

- Switch to https
- Clarify license
- Patch CVE-2019-9755

For #11400

Fixed CVEs:

- CVE-2020-11739
- CVE-2020-11740
- CVE-2020-11741
- CVE-2020-11742
- CVE-2020-11743

Patch taken from Debian.

New certificate distrusts have been added, so this should be backported

See #11389

fixes #11155

CVE-2019-10218, CVE-2019-14833, CVE-2019-14847

ref #10921

CVE-2020-8449, CVE-2020-8450, CVE-2020-8517, CVE-2019-12528

fixes #11248

fixes #11329

see #10946

use patch from Fedora

see #10814

see #11328

backported security fixes from upstream:
radius: Prevent buffer overflow in rc_mksid()
pppd: Fix bounds check in EAP code
pppd: Ignore received EAP messages when not doing EAP
add 'secfixes'