Update for 2015.02

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

CHANGES

@@ -1,3 +1,17 @@
+2015.02, Released March 1st, 2015
+
+	Minor fixes.
+
+	Updated/fixed packages: civetweb, ding-libs,
+	directfb-examples, glibc, gnupg, gnupg2, gpm,
+	gst-plugins-good, gst1-plugins-good, freetype, libao, libevas,
+	libevent, libfribidi, libgcrypt, libgtk2, libshout, libsrtp,
+	libtheora, libupnpp, libxmlrpc, linux, make, opus, pinentry,
+	rpi-firmware, shared-mime-info, vlc, vorbis-tools,
+	xcb-util-keysyms
+
+	Removed packages: libgc
+
 2015.02-rc3, Released February 24th, 2015
 
 	Minor fixes.

Config.in.legacy

@@ -102,6 +102,14 @@ endif
 
 comment "Legacy options removed in 2015.02"
 
+config BR2_PACKAGE_LIBGC
+	bool "libgc package removed"
+	select BR2_LEGACY
+	select BR2_PACKAGE_BDWGC
+	help
+	  libgc has been removed because we have the same package under a
+	  different name, bdwgc.
+
 config BR2_PACKAGE_WDCTL
 	bool "util-linux' wdctl option has been renamed"
 	select BR2_LEGACY

Makefile

@@ -28,7 +28,7 @@
 all:
 
 # Set and export the version string
-export BR2_VERSION := 2015.02-rc3
+export BR2_VERSION := 2015.02
 
 # Check for minimal make version (note: this check will break at make 10.x)
 MIN_MAKE_VERSION = 3.81

configs/raspberrypi_dt_defconfig

@@ -1,12 +1,22 @@
 BR2_arm=y
 BR2_arm1176jzf_s=y
+
 BR2_TARGET_GENERIC_GETTY_PORT="tty1"
+
+# Lock to 3.18 headers as the RPi kernel with
+# DT support is based off the 3.18 branch
+BR2_KERNEL_HEADERS_VERSION=y
+BR2_DEFAULT_KERNEL_VERSION="3.18"
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_18=y
+
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_GIT=y
 BR2_LINUX_KERNEL_CUSTOM_REPO_URL="git://github.com/raspberrypi/linux.git"
-BR2_LINUX_KERNEL_CUSTOM_REPO_VERSION="03d0d9c73c17f74a7afa64ed9f022565e89b8dd5"
+BR2_LINUX_KERNEL_CUSTOM_REPO_VERSION="246530ff8a4f302b8666c6d9cf509407d8c1257a"
 BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
 BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/raspberrypi/linux-3.18-rpi-dt.defconfig"
 BR2_LINUX_KERNEL_ZIMAGE=y
+
+# Install the DTB files
 BR2_PACKAGE_RPI_FIRMWARE=y
 BR2_PACKAGE_RPI_FIRMWARE_INSTALL_DTBS=y

docs/website/download.html

@@ -7,17 +7,17 @@
 
 <p>
 
-The latest stable release is <b>2014.11</b>, which can be downloaded
+The latest stable release is <b>2015.02</b>, which can be downloaded
 here:<p>
 
-<a href="/downloads/buildroot-2014.11.tar.gz">buildroot-2014.11.tar.gz</a>
-(<a href="/downloads/buildroot-2014.11.tar.gz.sign">PGP signature</a>)
+<a href="/downloads/buildroot-2015.02.tar.gz">buildroot-2015.02.tar.gz</a>
+(<a href="/downloads/buildroot-2015.02.tar.gz.sign">PGP signature</a>)
 or
-<a href="/downloads/buildroot-2014.11.tar.bz2">buildroot-2014.11.tar.bz2</a>
-(<a href="/downloads/buildroot-2014.11.tar.bz2.sign">PGP signature</a>).
+<a href="/downloads/buildroot-2015.02.tar.bz2">buildroot-2015.02.tar.bz2</a>
+(<a href="/downloads/buildroot-2015.02.tar.bz2.sign">PGP signature</a>).
 
 <p>
-
+<!--
 The latest release candidate is <b>2015.02-rc3</b>, which can be
 downloaded here:<p>
 
@@ -32,7 +32,7 @@ This and earlier releases (and their PGP signatures) can always be downloaded fr
 <a href="/downloads/">http://buildroot.net/downloads/</a>.
 
 <p>
-
+-->
 You can also obtain daily snapshots of the latest Buildroot source tree if you
 want to follow development, but cannot or do not wish to use Git.
 

docs/website/news.html

@@ -8,7 +8,16 @@
 <p>
 
 <ul>
-  <li><b>24 February 2015 -- 2015.02-rc3 released</b>
+  <li><b>1 March 2015 -- 2015.02 released</b>
+
+    <p>The stable 2015.02 release is out - Thanks to everyone
+    contributing and testing the release candidates. See the
+    <a href="http://git.buildroot.net/buildroot/plain/CHANGES?id=2015.02">CHANGES</a>
+    file for more details,
+    and go to the <a href="/downloads/">downloads page</a> to pick up the
+    <a href="/downloads/buildroot-2015.02.tar.bz2">2015.02 release</a>.</p>
+
+ <li><b>24 February 2015 -- 2015.02-rc3 released</b>
 
     <p>Release candidate 3 is out with more cleanups and security / build fixes. See the <a
     href="http://git.buildroot.net/buildroot/plain/CHANGES?id=2015.02-rc3">CHANGES</a>

linux/linux.mk

@@ -25,12 +25,14 @@ LINUX_SITE_METHOD = hg
 else
 LINUX_SOURCE = linux-$(LINUX_VERSION).tar.xz
 # In X.Y.Z, get X and Y. We replace dots and dashes by spaces in order
-# to use the $(word) function. We support versions such as 3.1,
+# to use the $(word) function. We support versions such as 4.0, 3.1,
 # 2.6.32, 2.6.32-rc1, 3.0-rc6, etc.
 ifeq ($(findstring x2.6.,x$(LINUX_VERSION)),x2.6.)
 LINUX_SITE = $(BR2_KERNEL_MIRROR)/linux/kernel/v2.6
-else
+else ifeq ($(findstring x3.,x$(LINUX_VERSION)),x3.)
 LINUX_SITE = $(BR2_KERNEL_MIRROR)/linux/kernel/v3.x
+else ifeq ($(findstring x4.,x$(LINUX_VERSION)),x4.)
+LINUX_SITE = $(BR2_KERNEL_MIRROR)/linux/kernel/v4.x
 endif
 # release candidates are in testing/ subdir
 ifneq ($(findstring -rc,$(LINUX_VERSION)),)

package/Config.in

@@ -948,7 +948,6 @@ menu "Other"
 	source "package/libevdev/Config.in"
 	source "package/libevent/Config.in"
 	source "package/libffi/Config.in"
-	source "package/libgc/Config.in"
 	source "package/libglib2/Config.in"
 	source "package/libical/Config.in"
 	source "package/liblinear/Config.in"

package/civetweb/0001-Lua-fix-a-typo-changing-LFS_DIR-to-LFS_DIR.patch

@@ -0,0 +1,27 @@
+From 0821066f9adf8410891cd07684ecac50a9bc36a4 Mon Sep 17 00:00:00 2001
+From: Fabio Porcedda <fabio.porcedda@gmail>
+Date: Wed, 25 Feb 2015 18:40:24 +0100
+Subject: [PATCH] Lua: fix a typo changing %(LFS_DIR) to $(LFS_DIR)
+
+Also this fix a error on GNU Make v4.0:
+  Makefile:203: *** mixed implicit and normal rules.  Stop.
+
+Signed-off-by: Fabio Porcedda <fabio.porcedda@gmail>
+---
+ resources/Makefile.in-lua | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/resources/Makefile.in-lua b/resources/Makefile.in-lua
+index 0902f11..f3d95fd 100644
+--- a/resources/Makefile.in-lua
++++ b/resources/Makefile.in-lua
+@@ -57,5 +57,5 @@ LFS_CFLAGS = -I$(LFS_DIR)
+ 
+ OBJECTS += $(LUA_OBJECTS) $(SQLITE_OBJECTS) $(LFS_OBJECTS)
+ CFLAGS += $(LUA_CFLAGS) $(SQLITE_CFLAGS) $(LFS_CFLAGS) -DUSE_LUA -DUSE_LUA_SQLITE3 -DUSE_LUA_FILE_SYSTEM
+-SOURCE_DIRS = $(LUA_DIR) $(SQLITE_DIR) %(LFS_DIR)
++SOURCE_DIRS = $(LUA_DIR) $(SQLITE_DIR) $(LFS_DIR)
+ 
+-- 
+2.3.0
+

package/ding-libs/Config.in

@@ -1,6 +1,7 @@
 config BR2_PACKAGE_DING_LIBS
 	bool "ding-libs"
 	select BR2_PACKAGE_GETTEXT if BR2_NEEDS_GETTEXT
+	select BR2_PACKAGE_LIBICONV if !BR2_ENABLE_LOCALE
 	depends on BR2_USE_WCHAR || !BR2_NEEDS_GETTEXT
 	help
 	  The ding-libs packages contain a set of libraries used by

package/ding-libs/ding-libs.mk

@@ -7,7 +7,9 @@
 DING_LIBS_VERSION = 0_4_0
 DING_LIBS_SOURCE = ding_libs-$(DING_LIBS_VERSION).tar.xz
 DING_LIBS_SITE = https://git.fedorahosted.org/cgit/ding-libs.git/snapshot
-DING_LIBS_DEPENDENCIES = $(if $(BR2_PACKAGE_GETTEXT),gettext) host-pkgconf
+DING_LIBS_DEPENDENCIES = host-pkgconf \
+	$(if $(BR2_PACKAGE_GETTEXT),gettext) \
+	$(if $(BR2_PACKAGE_LIBICONV),libiconv)
 DING_LIBS_INSTALL_STAGING = YES
 DING_LIBS_LICENSE = LGPLv3+ (library),GPLv3+ (test programs)
 DING_LIBS_LICENSE_FILES = COPYING COPYING.LESSER

package/directfb-examples/Config.in

@@ -11,146 +11,146 @@ config BR2_PACKAGE_DIRECTFB_EXAMPLES
 if BR2_PACKAGE_DIRECTFB_EXAMPLES
 
 config BR2_PACKAGE_DIRECTFB_EXAMPLES_ANDI
-	bool "usr/bin/df_andi"
+	bool "df_andi"
 	help
 	  Penguin demo, press 'space' to form convergence logo,
 	  's'/'d' to spawn/destroy 'a' penguin, 'r' to revive penguin
 	  after space was pressed, 'c' tests clipping.
 
 config BR2_PACKAGE_DIRECTFB_EXAMPLES_BLTLOAD
-	bool "usr/bin/df_bltload"
+	bool "df_bltload"
 	help
 	  Reads information from /proc/bltstat.
 
 config BR2_PACKAGE_DIRECTFB_EXAMPLES_CPULOAD
-	bool "usr/bin/df_cpuload"
+	bool "df_cpuload"
 	help
 	  CPU Load with data from /proc/stat.
 
 config BR2_PACKAGE_DIRECTFB_EXAMPLES_DATABUFFER
-	bool "usr/bin/df_databuffer"
+	bool "df_databuffer"
 	help
 	  Simple test application for data buffers.
 
 config BR2_PACKAGE_DIRECTFB_EXAMPLES_DIOLOAD
-	bool "usr/bin/df_dioload"
+	bool "df_dioload"
 	help
 	  Disk IO with data from /proc/stat.
 
 config BR2_PACKAGE_DIRECTFB_EXAMPLES_DOK
-	bool "usr/bin/df_dok"
+	bool "df_dok"
 	help
 	  DirectFB benchmark application, runs some tests and
 	  displays benchmark results afterwards.
 
 config BR2_PACKAGE_DIRECTFB_EXAMPLES_DRIVERTEST
-	bool "usr/bin/df_drivertest"
+	bool "df_drivertest"
 	help
 	  Tool to check drivers for bugs and accuracy.
 
 config BR2_PACKAGE_DIRECTFB_EXAMPLES_FIRE
-	bool "usr/bin/df_fire"
+	bool "df_fire"
 	help
 	  The famous fire effect ported to DirectFB (16 bpp only).
 
 config BR2_PACKAGE_DIRECTFB_EXAMPLES_FLIP
-	bool "usr/bin/df_flip"
+	bool "df_flip"
 	help
 	  Raw Flip() benchmark.
 
 config BR2_PACKAGE_DIRECTFB_EXAMPLES_FONTS
-	bool "usr/bin/df_fonts"
+	bool "df_fonts"
 	help
 	  Takes a list of font files and shows character tables.
 
 config BR2_PACKAGE_DIRECTFB_EXAMPLES_INPUT
-	bool "usr/bin/df_input"
+	bool "df_input"
 	help
 	  Test application for input devices.
 
 config BR2_PACKAGE_DIRECTFB_EXAMPLES_JOYSTICK
-	bool "usr/bin/df_joystick"
+	bool "df_joystick"
 	help
 	  A colored version of df_particle, fointain can be moved with
 	  joystick. The particles of different colors can be spawned
 	  with different joystick buttons (1-4).
 
 config BR2_PACKAGE_DIRECTFB_EXAMPLES_KNUCKLES
-	bool "usr/bin/df_knuckles"
+	bool "df_knuckles"
 	help
 	  3D skull drawn using triangles that can be rotated using
 	  the mouse. 'Space' switches to wireframe, 'b' toggles
 	  backface culling.
 
 config BR2_PACKAGE_DIRECTFB_EXAMPLES_LAYER
-	bool "usr/bin/df_layer"
+	bool "df_layer"
 	help
 	  Simple videoplayer with layers.
 
 config BR2_PACKAGE_DIRECTFB_EXAMPLES_MATRIX
-	bool "usr/bin/df_matrix"
+	bool "df_matrix"
 	help
 	  Testing SetMatrix() for free transforms.
 
 config BR2_PACKAGE_DIRECTFB_EXAMPLES_MATRIX_WATER
-	bool "usr/bin/df_matrix_water"
+	bool "df_matrix_water"
 	help
 	  Same as df_matrix, but using new Water API.
 
 config BR2_PACKAGE_DIRECTFB_EXAMPLES_NEO
-	bool "usr/bin/df_neo"
+	bool "df_neo"
 	help
 	  Port from a gdk-pixbuf demo to DirectFB, uses scaling,
 	  alpha blending and color modulation, use cursor keys and
 	  space to change parameters.
 
 config BR2_PACKAGE_DIRECTFB_EXAMPLES_NETLOAD
-	bool "usr/bin/df_netload"
+	bool "df_netload"
 	help
 	  Network statistica from /proc/net/dev.
 
 config BR2_PACKAGE_DIRECTFB_EXAMPLES_PALETTE
-	bool "usr/bin/df_palette"
+	bool "df_palette"
 	help
 	  A example blitting from a surface with a
 	  rotating/morphing palette.
 
 config BR2_PACKAGE_DIRECTFB_EXAMPLES_PARTICLE
-	bool "usr/bin/df_particle"
+	bool "df_particle"
 	help
 	  A moving fountain consisting of alphablended rectangles,
 	  nice and fast if hardware accelerated.
 
 config BR2_PACKAGE_DIRECTFB_EXAMPLES_PORTER
-	bool "usr/bin/df_porter"
+	bool "df_porter"
 	help
 	  Shows porter/duff blending rules.
 
 config BR2_PACKAGE_DIRECTFB_EXAMPLES_STRESS
-	bool "usr/bin/df_stress"
+	bool "df_stress"
 	help
 	  Stress tests surface manager, for debugging purposes only.
 
 config BR2_PACKAGE_DIRECTFB_EXAMPLES_TEXTURE
-	bool "usr/bin/df_texture"
+	bool "df_texture"
 	help
 	  A simple texture example. The 3d windows can be rotated
 	  with the mouse.
 
 config BR2_PACKAGE_DIRECTFB_EXAMPLES_VIDEO
-	bool "usr/bin/df_video"
+	bool "df_video"
 	help
 	  Shows window stack with alpha blending and video playback
 	  in a moving window.
 
 config BR2_PACKAGE_DIRECTFB_EXAMPLES_VIDEO_PARTICLE
-	bool "usr/bin/df_video_particle"
+	bool "df_video_particle"
 	help
 	  Same as df_particle, but the rectangles have been
 	  replaced by a video (via video4linux). Nice color effects.
 
 config BR2_PACKAGE_DIRECTFB_EXAMPLES_WINDOW
-	bool "usr/bin/df_window"
+	bool "df_window"
 	help
 	  Simple demonstration of the DirectFB window stack, follow
 	  the instructions in the upper left corner. Pass a video

package/directfb-examples/directfb-examples.mk

@@ -12,6 +12,10 @@ DIRECTFB_EXAMPLES_LICENSE_FILES = COPYING
 DIRECTFB_EXAMPLES_INSTALL_STAGING = YES
 DIRECTFB_EXAMPLES_DEPENDENCIES = directfb
 
+ifeq ($(BR2_STATIC_LIBS),y)
+        DIRECTFB_EXAMPLES_CONF_OPTS += LIBS=-lstdc++
+endif
+
 DIRECTFB_EXAMPLES_TARGETS_ =
 DIRECTFB_EXAMPLES_TARGETS_y =
 
@@ -94,7 +98,6 @@ define DIRECTFB_EXAMPLES_INSTALL_TARGET_CMDS
 	$(Q)mkdir -p $(TARGET_DIR)/usr/share/directfb-examples/fonts/
 	$(Q)for file in $(DIRECTFB_EXAMPLES_TARGETS_y); do \
 	        cp -dpf $(STAGING_DIR)/$$file $(TARGET_DIR)/$$file; \
-		$(STRIPCMD) $(STRIP_STRIP_UNNEEDED) $(TARGET_DIR)/$$file; \
 	done
 	$(Q)cp -rdpf $(STAGING_DIR)/usr/share/directfb-examples/fonts/decker.ttf $(TARGET_DIR)/usr/share/directfb-examples/fonts/
 	$(Q)for file in $(DIRECTFB_EXAMPLES_FONT_y); do \

package/efl/libevas/libevas.mk

@@ -225,6 +225,13 @@ else
 LIBEVAS_CONF_OPTS += --disable-fontconfig
 endif
 
+ifeq ($(BR2_PACKAGE_LIBFRIBIDI),y)
+LIBEVAS_CONF_OPTS += --enable-fribidi
+LIBEVAS_DEPENDENCIES += libfribidi
+else
+LIBEVAS_CONF_OPTS += --disable-fribidi
+endif
+
 # libevas installs the source code of examples on the target, which
 # are generally not useful.
 define LIBEVAS_REMOVE_EXAMPLES

package/freetype/freetype.mk

@@ -98,6 +98,7 @@ HOST_FREETYPE_POST_INSTALL_HOOKS += HOST_FREETYPE_FIX_FREETYPE_INCLUDE
 $(eval $(autotools-package))
 $(eval $(host-autotools-package))
 
-# freetype-patch uses autogen.sh so add it as a order-only-prerequisite
-# because it is a phony target.
-$(FREETYPE_TARGET_PATCH): | host-automake
+# freetype-patch and host-freetype-patch use autogen.sh so add
+# host-automake as a order-only-prerequisite because it is a phony
+# target.
+$(FREETYPE_TARGET_PATCH) $(HOST_FREETYPE_TARGET_PATCH): | host-automake

package/glibc/2.18-svnr23787/0005-CVE-2015-1472.patch

@@ -0,0 +1,88 @@
+Fix CVE-2015-1472 - heap buffer overflow in wscanf
+Backport from upstream:
+https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06
+See: https://bugzilla.redhat.com/show_bug.cgi?id=1188235
+
+Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
+
+diff --git a/stdio-common/tst-sscanf.c b/stdio-common/tst-sscanf.c
+index aece3f2..8a2eb9e 100644
+--- a/libc/stdio-common/tst-sscanf.c
++++ b/libc/stdio-common/tst-sscanf.c
+@@ -233,5 +233,38 @@ main (void)
+ 	}
+     }
+ 
++  /* BZ #16618
++     The test will segfault during SSCANF if the buffer overflow
++     is not fixed.  The size of `s` is such that it forces the use
++     of malloc internally and this triggers the incorrect computation.
++     Thus the value for SIZE is arbitrariy high enough that malloc
++     is used.  */
++  {
++#define SIZE 131072
++    CHAR *s = malloc ((SIZE + 1) * sizeof (*s));
++    if (s == NULL)
++      abort ();
++    for (size_t i = 0; i < SIZE; i++)
++      s[i] = L('0');
++    s[SIZE] = L('\0');
++    int i = 42;
++    /* Scan multi-digit zero into `i`.  */
++    if (SSCANF (s, L("%d"), &i) != 1)
++      {
++	printf ("FAIL: bug16618: SSCANF did not read one input item.\n");
++	result = 1;
++      }
++    if (i != 0)
++      {
++	printf ("FAIL: bug16618: Value of `i` was not zero as expected.\n");
++	result = 1;
++      }
++    free (s);
++    if (result != 1)
++      printf ("PASS: bug16618: Did not crash.\n");
++#undef SIZE
++  }
++
++
+   return result;
+ }
+diff --git a/stdio-common/vfscanf.c b/stdio-common/vfscanf.c
+index cd129a8..0e204e7 100644
+--- a/libc/stdio-common/vfscanf.c
++++ b/libc/stdio-common/vfscanf.c
+@@ -272,9 +272,10 @@ _IO_vfscanf_internal (_IO_FILE *s, const char *format, _IO_va_list argptr,
+       if (__glibc_unlikely (wpsize == wpmax))				      \
+ 	{								    \
+ 	  CHAR_T *old = wp;						    \
+-	  size_t newsize = (UCHAR_MAX + 1 > 2 * wpmax			    \
+-			    ? UCHAR_MAX + 1 : 2 * wpmax);		    \
+-	  if (use_malloc || !__libc_use_alloca (newsize))		    \
++	  bool fits = __glibc_likely (wpmax <= SIZE_MAX / sizeof (CHAR_T) / 2); \
++	  size_t wpneed = MAX (UCHAR_MAX + 1, 2 * wpmax);		    \
++	  size_t newsize = fits ? wpneed * sizeof (CHAR_T) : SIZE_MAX;	    \
++	  if (!__libc_use_alloca (newsize))				    \
+ 	    {								    \
+ 	      wp = realloc (use_malloc ? wp : NULL, newsize);		    \
+ 	      if (wp == NULL)						    \
+@@ -286,14 +287,13 @@ _IO_vfscanf_internal (_IO_FILE *s, const char *format, _IO_va_list argptr,
+ 		}							    \
+ 	      if (! use_malloc)						    \
+ 		MEMCPY (wp, old, wpsize);				    \
+-	      wpmax = newsize;						    \
++	      wpmax = wpneed;						    \
+ 	      use_malloc = true;					    \
+ 	    }								    \
+ 	  else								    \
+ 	    {								    \
+ 	      size_t s = wpmax * sizeof (CHAR_T);			    \
+-	      wp = (CHAR_T *) extend_alloca (wp, s,			    \
+-					     newsize * sizeof (CHAR_T));    \
++	      wp = (CHAR_T *) extend_alloca (wp, s, newsize);		    \
+ 	      wpmax = s / sizeof (CHAR_T);				    \
+ 	      if (old != NULL)						    \
+ 		MEMCPY (wp, old, wpsize);				    \
+-- 
+1.9.4
+

package/glibc/2.19-svnr25243/0004-CVE-2015-1472.patch

@@ -0,0 +1,88 @@
+Fix CVE-2015-1472 - heap buffer overflow in wscanf
+Backport from upstream:
+https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06
+See: https://bugzilla.redhat.com/show_bug.cgi?id=1188235
+
+Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
+
+diff --git a/stdio-common/tst-sscanf.c b/stdio-common/tst-sscanf.c
+index aece3f2..8a2eb9e 100644
+--- a/libc/stdio-common/tst-sscanf.c
++++ b/libc/stdio-common/tst-sscanf.c
+@@ -233,5 +233,38 @@ main (void)
+ 	}
+     }
+ 
++  /* BZ #16618
++     The test will segfault during SSCANF if the buffer overflow
++     is not fixed.  The size of `s` is such that it forces the use
++     of malloc internally and this triggers the incorrect computation.
++     Thus the value for SIZE is arbitrariy high enough that malloc
++     is used.  */
++  {
++#define SIZE 131072
++    CHAR *s = malloc ((SIZE + 1) * sizeof (*s));
++    if (s == NULL)
++      abort ();
++    for (size_t i = 0; i < SIZE; i++)
++      s[i] = L('0');
++    s[SIZE] = L('\0');
++    int i = 42;
++    /* Scan multi-digit zero into `i`.  */
++    if (SSCANF (s, L("%d"), &i) != 1)
++      {
++	printf ("FAIL: bug16618: SSCANF did not read one input item.\n");
++	result = 1;
++      }
++    if (i != 0)
++      {
++	printf ("FAIL: bug16618: Value of `i` was not zero as expected.\n");
++	result = 1;
++      }
++    free (s);
++    if (result != 1)
++      printf ("PASS: bug16618: Did not crash.\n");
++#undef SIZE
++  }
++
++
+   return result;
+ }
+diff --git a/stdio-common/vfscanf.c b/stdio-common/vfscanf.c
+index cd129a8..0e204e7 100644
+--- a/libc/stdio-common/vfscanf.c
++++ b/libc/stdio-common/vfscanf.c
+@@ -272,9 +272,10 @@ _IO_vfscanf_internal (_IO_FILE *s, const char *format, _IO_va_list argptr,
+       if (__glibc_unlikely (wpsize == wpmax))				      \
+ 	{								    \
+ 	  CHAR_T *old = wp;						    \
+-	  size_t newsize = (UCHAR_MAX + 1 > 2 * wpmax			    \
+-			    ? UCHAR_MAX + 1 : 2 * wpmax);		    \
+-	  if (use_malloc || !__libc_use_alloca (newsize))		    \
++	  bool fits = __glibc_likely (wpmax <= SIZE_MAX / sizeof (CHAR_T) / 2); \
++	  size_t wpneed = MAX (UCHAR_MAX + 1, 2 * wpmax);		    \
++	  size_t newsize = fits ? wpneed * sizeof (CHAR_T) : SIZE_MAX;	    \
++	  if (!__libc_use_alloca (newsize))				    \
+ 	    {								    \
+ 	      wp = realloc (use_malloc ? wp : NULL, newsize);		    \
+ 	      if (wp == NULL)						    \
+@@ -286,14 +287,13 @@ _IO_vfscanf_internal (_IO_FILE *s, const char *format, _IO_va_list argptr,
+ 		}							    \
+ 	      if (! use_malloc)						    \
+ 		MEMCPY (wp, old, wpsize);				    \
+-	      wpmax = newsize;						    \
++	      wpmax = wpneed;						    \
+ 	      use_malloc = true;					    \
+ 	    }								    \
+ 	  else								    \
+ 	    {								    \
+ 	      size_t s = wpmax * sizeof (CHAR_T);			    \
+-	      wp = (CHAR_T *) extend_alloca (wp, s,			    \
+-					     newsize * sizeof (CHAR_T));    \
++	      wp = (CHAR_T *) extend_alloca (wp, s, newsize);		    \
+ 	      wpmax = s / sizeof (CHAR_T);				    \
+ 	      if (old != NULL)						    \
+ 		MEMCPY (wp, old, wpsize);				    \
+-- 
+1.9.4
+

package/glibc/2.19/0004-CVE-2015-1472.patch

@@ -0,0 +1,88 @@
+Fix CVE-2015-1472 - heap buffer overflow in wscanf
+Backport from upstream:
+https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06
+See: https://bugzilla.redhat.com/show_bug.cgi?id=1188235
+
+Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
+
+diff --git a/stdio-common/tst-sscanf.c b/stdio-common/tst-sscanf.c
+index aece3f2..8a2eb9e 100644
+--- a/stdio-common/tst-sscanf.c
++++ b/stdio-common/tst-sscanf.c
+@@ -233,5 +233,38 @@ main (void)
+ 	}
+     }
+ 
++  /* BZ #16618
++     The test will segfault during SSCANF if the buffer overflow
++     is not fixed.  The size of `s` is such that it forces the use
++     of malloc internally and this triggers the incorrect computation.
++     Thus the value for SIZE is arbitrariy high enough that malloc
++     is used.  */
++  {
++#define SIZE 131072
++    CHAR *s = malloc ((SIZE + 1) * sizeof (*s));
++    if (s == NULL)
++      abort ();
++    for (size_t i = 0; i < SIZE; i++)
++      s[i] = L('0');
++    s[SIZE] = L('\0');
++    int i = 42;
++    /* Scan multi-digit zero into `i`.  */
++    if (SSCANF (s, L("%d"), &i) != 1)
++      {
++	printf ("FAIL: bug16618: SSCANF did not read one input item.\n");
++	result = 1;
++      }
++    if (i != 0)
++      {
++	printf ("FAIL: bug16618: Value of `i` was not zero as expected.\n");
++	result = 1;
++      }
++    free (s);
++    if (result != 1)
++      printf ("PASS: bug16618: Did not crash.\n");
++#undef SIZE
++  }
++
++
+   return result;
+ }
+diff --git a/stdio-common/vfscanf.c b/stdio-common/vfscanf.c
+index cd129a8..0e204e7 100644
+--- a/stdio-common/vfscanf.c
++++ b/stdio-common/vfscanf.c
+@@ -272,9 +272,10 @@ _IO_vfscanf_internal (_IO_FILE *s, const char *format, _IO_va_list argptr,
+       if (__glibc_unlikely (wpsize == wpmax))				      \
+ 	{								    \
+ 	  CHAR_T *old = wp;						    \
+-	  size_t newsize = (UCHAR_MAX + 1 > 2 * wpmax			    \
+-			    ? UCHAR_MAX + 1 : 2 * wpmax);		    \
+-	  if (use_malloc || !__libc_use_alloca (newsize))		    \
++	  bool fits = __glibc_likely (wpmax <= SIZE_MAX / sizeof (CHAR_T) / 2); \
++	  size_t wpneed = MAX (UCHAR_MAX + 1, 2 * wpmax);		    \
++	  size_t newsize = fits ? wpneed * sizeof (CHAR_T) : SIZE_MAX;	    \
++	  if (!__libc_use_alloca (newsize))				    \
+ 	    {								    \
+ 	      wp = realloc (use_malloc ? wp : NULL, newsize);		    \
+ 	      if (wp == NULL)						    \
+@@ -286,14 +287,13 @@ _IO_vfscanf_internal (_IO_FILE *s, const char *format, _IO_va_list argptr,
+ 		}							    \
+ 	      if (! use_malloc)						    \
+ 		MEMCPY (wp, old, wpsize);				    \
+-	      wpmax = newsize;						    \
++	      wpmax = wpneed;						    \
+ 	      use_malloc = true;					    \
+ 	    }								    \
+ 	  else								    \
+ 	    {								    \
+ 	      size_t s = wpmax * sizeof (CHAR_T);			    \
+-	      wp = (CHAR_T *) extend_alloca (wp, s,			    \
+-					     newsize * sizeof (CHAR_T));    \
++	      wp = (CHAR_T *) extend_alloca (wp, s, newsize);		    \
+ 	      wpmax = s / sizeof (CHAR_T);				    \
+ 	      if (old != NULL)						    \
+ 		MEMCPY (wp, old, wpsize);				    \
+-- 
+1.9.4
+

package/glibc/2.20/0003-CVE-2015-1472.patch

@@ -0,0 +1,88 @@
+Fix CVE-2015-1472 - heap buffer overflow in wscanf
+Backport from upstream:
+https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06
+See: https://bugzilla.redhat.com/show_bug.cgi?id=1188235
+
+Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
+
+diff --git a/stdio-common/tst-sscanf.c b/stdio-common/tst-sscanf.c
+index aece3f2..8a2eb9e 100644
+--- a/stdio-common/tst-sscanf.c
++++ b/stdio-common/tst-sscanf.c
+@@ -233,5 +233,38 @@ main (void)
+ 	}
+     }
+ 
++  /* BZ #16618
++     The test will segfault during SSCANF if the buffer overflow
++     is not fixed.  The size of `s` is such that it forces the use
++     of malloc internally and this triggers the incorrect computation.
++     Thus the value for SIZE is arbitrariy high enough that malloc
++     is used.  */
++  {
++#define SIZE 131072
++    CHAR *s = malloc ((SIZE + 1) * sizeof (*s));
++    if (s == NULL)
++      abort ();
++    for (size_t i = 0; i < SIZE; i++)
++      s[i] = L('0');
++    s[SIZE] = L('\0');
++    int i = 42;
++    /* Scan multi-digit zero into `i`.  */
++    if (SSCANF (s, L("%d"), &i) != 1)
++      {
++	printf ("FAIL: bug16618: SSCANF did not read one input item.\n");
++	result = 1;
++      }
++    if (i != 0)
++      {
++	printf ("FAIL: bug16618: Value of `i` was not zero as expected.\n");
++	result = 1;
++      }
++    free (s);
++    if (result != 1)
++      printf ("PASS: bug16618: Did not crash.\n");
++#undef SIZE
++  }
++
++
+   return result;
+ }
+diff --git a/stdio-common/vfscanf.c b/stdio-common/vfscanf.c
+index cd129a8..0e204e7 100644
+--- a/stdio-common/vfscanf.c
++++ b/stdio-common/vfscanf.c
+@@ -272,9 +272,10 @@ _IO_vfscanf_internal (_IO_FILE *s, const char *format, _IO_va_list argptr,
+       if (__glibc_unlikely (wpsize == wpmax))				      \
+ 	{								    \
+ 	  CHAR_T *old = wp;						    \
+-	  size_t newsize = (UCHAR_MAX + 1 > 2 * wpmax			    \
+-			    ? UCHAR_MAX + 1 : 2 * wpmax);		    \
+-	  if (use_malloc || !__libc_use_alloca (newsize))		    \
++	  bool fits = __glibc_likely (wpmax <= SIZE_MAX / sizeof (CHAR_T) / 2); \
++	  size_t wpneed = MAX (UCHAR_MAX + 1, 2 * wpmax);		    \
++	  size_t newsize = fits ? wpneed * sizeof (CHAR_T) : SIZE_MAX;	    \
++	  if (!__libc_use_alloca (newsize))				    \
+ 	    {								    \
+ 	      wp = realloc (use_malloc ? wp : NULL, newsize);		    \
+ 	      if (wp == NULL)						    \
+@@ -286,14 +287,13 @@ _IO_vfscanf_internal (_IO_FILE *s, const char *format, _IO_va_list argptr,
+ 		}							    \
+ 	      if (! use_malloc)						    \
+ 		MEMCPY (wp, old, wpsize);				    \
+-	      wpmax = newsize;						    \
++	      wpmax = wpneed;						    \
+ 	      use_malloc = true;					    \
+ 	    }								    \
+ 	  else								    \
+ 	    {								    \
+ 	      size_t s = wpmax * sizeof (CHAR_T);			    \
+-	      wp = (CHAR_T *) extend_alloca (wp, s,			    \
+-					     newsize * sizeof (CHAR_T));    \
++	      wp = (CHAR_T *) extend_alloca (wp, s, newsize);		    \
+ 	      wpmax = s / sizeof (CHAR_T);				    \
+ 	      if (old != NULL)						    \
+ 		MEMCPY (wp, old, wpsize);				    \
+-- 
+1.9.4
+

package/gnupg/gnupg.hash

@@ -1,2 +1,2 @@
-# Locally calculated after checking pgp signature
-sha256	b7b5fdda78849955e0cdbc5a085f3a08f8b7fba126c622085debb62def5d6388	gnupg-1.4.18.tar.bz2
+# From http://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html
+sha1	5503f7faa0a0e84450838706a67621546241ca50	gnupg-1.4.19.tar.bz2

package/gnupg/gnupg.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-GNUPG_VERSION = 1.4.18
+GNUPG_VERSION = 1.4.19
 GNUPG_SOURCE = gnupg-$(GNUPG_VERSION).tar.bz2
 GNUPG_SITE = ftp://ftp.gnupg.org/gcrypt/gnupg
 GNUPG_LICENSE = GPLv3+

package/gnupg2/Config.in

@@ -1,3 +1,7 @@
+comment "gnupg2 needs a toolchain w/ dynamic library"
+	depends on BR2_USE_MMU
+	depends on BR2_STATIC_LIBS
+
 config BR2_PACKAGE_GNUPG2
 	bool "gnupg2"
 	select BR2_PACKAGE_ZLIB
@@ -9,6 +13,7 @@ config BR2_PACKAGE_GNUPG2
 	select BR2_PACKAGE_LIBPTHSEM_COMPAT
 	select BR2_PACKAGE_LIBICONV if !BR2_ENABLE_LOCALE
 	depends on BR2_USE_MMU # libassuan
+	depends on !BR2_STATIC_LIBS
 	help
 	  GnuPG is the GNU project's complete and free implementation
 	  of the OpenPGP standard as defined by RFC4880. GnuPG allows

package/gnupg2/gnupg2.hash

@@ -1,2 +1,2 @@
-# Locally calculated after checking pgp signature
-sha256	7758e30dc382ae7a7167ed41b7f936aa50af5ea2d6fccdef663b5b750b65b8e0	gnupg-2.0.26.tar.bz2
+# From http://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000362.html
+sha1	d065be185f5bac8ea07b210ab7756e79b83b63d4	gnupg-2.0.27.tar.bz2

package/gnupg2/gnupg2.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-GNUPG2_VERSION = 2.0.26
+GNUPG2_VERSION = 2.0.27
 GNUPG2_SOURCE = gnupg-$(GNUPG2_VERSION).tar.bz2
 GNUPG2_SITE = ftp://ftp.gnupg.org/gcrypt/gnupg
 GNUPG2_LICENSE = GPLv3+

package/gpm/gpm.mk

@@ -15,7 +15,8 @@ GPM_DEPENDENCIES = host-bison
 # if not already installed in staging dir, gpm Makefile may fail to find some
 # of the headers needed to generate build dependencies, the first time it is
 # built. CPPFLAGS is used to pass the right include path to dependency rules.
-GPM_CONF_ENV = CPPFLAGS="$(TARGET_CPPFLAGS) -I$(@D)/src/headers/"
+GPM_CONF_ENV = CPPFLAGS="$(TARGET_CPPFLAGS) -I$(@D)/src/headers/" \
+			   ac_cv_path_emacs=no
 
 # For some reason, Microblaze gcc does not define __ELF__, which gpm
 # configure script uses to determine whether the architecture uses ELF

package/gstreamer/gst-plugins-good/Config.in

@@ -27,11 +27,11 @@ config BR2_PACKAGE_GST_PLUGINS_GOOD_BZ2
 
 config BR2_PACKAGE_GST_PLUGINS_GOOD_ZLIB
 	bool "zlib support"
-	depends on BR2_PACKAGE_GST_PLUGINS_GOOD_PLUGIN_QTDEMUX || BR2_PACKAGE_GST_PLUGINS_GOOD_PLUGIN_ID3DEMUX || BR2_PACKAGE_GST_PLUGINS_GOOD_PLUGIN_MATROSKA
+	depends on BR2_PACKAGE_GST_PLUGINS_GOOD_PLUGIN_ISOMP4 || BR2_PACKAGE_GST_PLUGINS_GOOD_PLUGIN_ID3DEMUX || BR2_PACKAGE_GST_PLUGINS_GOOD_PLUGIN_MATROSKA
 	select BR2_PACKAGE_ZLIB
 	help
 	  Enable zlib support for the following plugins:
-	  id3demux, qtdemux, matroska
+	  id3demux, isomp4, matroska
 
 comment "dependency-less plugins"
 

package/gstreamer1/gst1-plugins-good/Config.in

@@ -34,11 +34,11 @@ config BR2_PACKAGE_GST1_PLUGINS_GOOD_BZ2
 
 config BR2_PACKAGE_GST1_PLUGINS_GOOD_ZLIB
 	bool "zlib support"
-	depends on BR2_PACKAGE_GST1_PLUGINS_GOOD_PLUGIN_QTDEMUX || BR2_PACKAGE_GST1_PLUGINS_GOOD_PLUGIN_ID3DEMUX || BR2_PACKAGE_GST1_PLUGINS_GOOD_PLUGIN_MATROSKA
+	depends on BR2_PACKAGE_GST1_PLUGINS_GOOD_PLUGIN_ISOMP4 || BR2_PACKAGE_GST1_PLUGINS_GOOD_PLUGIN_ID3DEMUX || BR2_PACKAGE_GST1_PLUGINS_GOOD_PLUGIN_MATROSKA
 	select BR2_PACKAGE_ZLIB
 	help
 	  Enable zlib support for the following plugins:
-	  id3demux, qtdemux, matroska
+	  id3demux, isomp4, matroska
 
 comment "dependency-less plugins"
 

package/libao/libao.hash

@@ -0,0 +1,2 @@
+# From http://downloads.xiph.org/releases/ao/SHA256SUMS.txt
+sha256	03ad231ad1f9d64b52474392d63c31197b0bc7bd416e58b1c10a329a5ed89caf	libao-1.2.0.tar.gz

package/libevent/libevent.mk

@@ -26,6 +26,11 @@ endif
 ifeq ($(BR2_PACKAGE_OPENSSL),y)
 LIBEVENT_DEPENDENCIES += openssl
 LIBEVENT_CONF_OPTS += --enable-openssl
+# openssl needs zlib but configure forgets to link against it causing
+# openssl detection to fail
+ifeq ($(BR2_STATIC_LIBS),y)
+LIBEVENT_CONF_ENV += OPENSSL_LIBADD='-lz'
+endif
 else
 LIBEVENT_CONF_OPTS += --disable-openssl
 endif

package/libfribidi/libfribidi.mk

@@ -15,4 +15,10 @@ LIBFRIBIDI_INSTALL_STAGING = YES
 LIBFRIBIDI_AUTORECONF = YES
 LIBFRIBIDI_DEPENDENCIES = host-pkgconf
 
+ifeq ($(BR2_PACKAGE_LIBGLIB2),y)
+ LIBFRIBIDI_DEPENDENCIES += libglib2
+else
+ LIBFRIBIDI_CONF_OPTS += --with-glib=no
+endif
+
 $(eval $(autotools-package))

package/libgc/0001-Fix-build-on-Linux-x86_64-under-uClibc.patch

@@ -1,32 +0,0 @@
-From 9cbd876ebc6ef8cbe647d4a914d03f527f822424 Mon Sep 17 00:00:00 2001
-Message-Id: <9cbd876ebc6ef8cbe647d4a914d03f527f822424.1398253762.git.baruch@tkos.co.il>
-From: Baruch Siach <baruch@tkos.co.il>
-Date: Wed, 23 Apr 2014 14:42:21 +0300
-Subject: [PATCH] Fix build on Linux/x86_64 under uClibc
-
-* include/private/gcconfig.h (GETCONTEXT_FPU_EXCMASK_BUG): don't define for
-uClibc, as it may not have fenv.h
-
-Patch status: sent upstream
-
-Signed-off-by: Baruch Siach <baruch@tkos.co.il>
----
- include/private/gcconfig.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/include/private/gcconfig.h b/include/private/gcconfig.h
-index de7998be0f54..f866cc4ed8cc 100644
---- a/include/private/gcconfig.h
-+++ b/include/private/gcconfig.h
-@@ -2235,7 +2235,7 @@
-              extern int etext[];
- #            define DATASTART ((ptr_t)((((word) (etext)) + 0xfff) & ~0xfff))
- #       endif
--#       if defined(__GLIBC__)
-+#       if defined(__GLIBC__) && !defined(__UCLIBC__)
-           /* At present, there's a bug in GLibc getcontext() on         */
-           /* Linux/x64 (it clears FPU exception mask).  We define this  */
-           /* macro to workaround it.                                    */
--- 
-1.9.2
-

package/libgc/Config.in

@@ -1,11 +0,0 @@
-config BR2_PACKAGE_LIBGC
-	bool "libgc"
-	select BR2_PACKAGE_LIBATOMIC_OPS
-	depends on BR2_PACKAGE_LIBATOMIC_ARCH_SUPPORTS
-	help
-	  The Boehm-Demers-Weiser conservative garbage collector can be used
-	  as a garbage collecting replacement for C malloc or C++ new. It allows
-	  you to allocate memory basically as you normally would, without
-	  explicitly deallocating memory that is no longer useful.
-
-	  http://www.hboehm.info/gc/

package/libgc/libgc.mk

@@ -1,15 +0,0 @@
-################################################################################
-#
-# libgc
-#
-################################################################################
-
-LIBGC_VERSION = 7.4.0
-LIBGC_SOURCE = gc-$(LIBGC_VERSION).tar.gz
-LIBGC_SITE = http://www.hboehm.info/gc/gc_source
-LIBGC_DEPENDENCIES = libatomic_ops host-pkgconf
-LIBGC_LICENSE = Permissive X11-style
-LIBGC_LICENSE_FILES = README.md
-LIBGC_INSTALL_STAGING = YES
-
-$(eval $(autotools-package))

package/libgcrypt/libgcrypt.hash

@@ -1,2 +1,2 @@
-# From http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000355.html
-sha1	cc31aca87e4a3769cb86884a3f5982b2cc8eb7ec	libgcrypt-1.6.2.tar.bz2
+# From http://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html
+sha1	9456e7b64db9df8360a1407a38c8c958da80bbf1	libgcrypt-1.6.3.tar.bz2

package/libgcrypt/libgcrypt.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBGCRYPT_VERSION = 1.6.2
+LIBGCRYPT_VERSION = 1.6.3
 LIBGCRYPT_SOURCE = libgcrypt-$(LIBGCRYPT_VERSION).tar.bz2
 LIBGCRYPT_LICENSE = LGPLv2.1+
 LIBGCRYPT_LICENSE_FILES = COPYING.LIB

package/libgtk2/libgtk2.mk

@@ -69,7 +69,8 @@ LIBGTK2_CONF_ENV = \
 	ac_cv_path_GTK_UPDATE_ICON_CACHE=$(HOST_DIR)/usr/bin/gtk-update-icon-cache \
 	ac_cv_path_GDK_PIXBUF_CSOURCE=$(HOST_DIR)/usr/bin/gdk-pixbuf-csource \
 	ac_cv_prog_F77=no \
-	ac_cv_path_CUPS_CONFIG=no
+	ac_cv_path_CUPS_CONFIG=no \
+	DB2HTML=false
 
 LIBGTK2_CONF_OPTS = --disable-glibtest --enable-explicit-deps=no
 

package/libshout/libshout.hash

@@ -0,0 +1,2 @@
+# From http://downloads.xiph.org/releases/libshout/SHA256SUMS
+sha256	cf3c5f6b4a5e3fcfbe09fb7024aa88ad4099a9945f7cb037ec06bcee7a23926e	libshout-2.3.1.tar.gz

package/libsrtp/0002-A-autoconf-checks-for-libz-and-libdl-when-OpenSSL-is.patch

@@ -0,0 +1,33 @@
+From 3107a0161bf30f7e3e0c356c3d040d99634fbf5b Mon Sep 17 00:00:00 2001
+From: jfigus <foleyj@cisco.com>
+Date: Thu, 26 Feb 2015 12:25:08 -0500
+Subject: [PATCH] A autoconf checks for libz and libdl when OpenSSL is enabled
+ to allow for static linking of OpenSSL (via CFLAGS=-static).
+
+[Romain:
+  Drop the configure part of the patch since Buildroot
+  use AUTORECONF in libsrtp.mk]
+
+Signed-off-by: Romain Naour <romain.naour@openwide.fr>
+---
+ configure.in | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/configure.in b/configure.in
+index ee30daf..71df46b 100644
+--- a/configure.in
++++ b/configure.in
+@@ -147,6 +147,10 @@ if test "$enable_openssl" = "yes"; then
+    LDFLAGS="$LDFLAGS $(pkg-config --libs openssl)";
+    CFLAGS="$CFLAGS $(pkg-config --cflags openssl)";
+ 
++   AC_CHECK_LIB([dl], [dlopen], [],
++             [AC_MSG_FAILURE([can't find libdl])])
++   AC_CHECK_LIB([z], [inflate], [],
++             [AC_MSG_FAILURE([can't find libz])])
+    AC_CHECK_LIB([crypto], [EVP_EncryptInit], [],
+              [AC_MSG_FAILURE([can't find openssl >1.0.1 crypto lib])])
+    AC_CHECK_LIB([crypto], [EVP_aes_128_ctr], [],
+-- 
+1.9.3
+

package/libsrtp/libsrtp.mk

@@ -25,7 +25,8 @@ endif
 # host-pkgconf to make sure pkg-config is installed.
 LIBSRTP_DEPENDENCIES = host-pkgconf
 
-ifeq ($(BR2_PACKAGE_OPENSSL),y)
+# openssl handling needs libdl support
+ifeq ($(BR2_PACKAGE_OPENSSL)x$(BR2_STATIC_LIBS),yx)
 LIBSRTP_DEPENDENCIES += openssl
 LIBSRTP_CONF_OPTS += --enable-openssl
 else

package/libtheora/libtheora.hash

@@ -0,0 +1,2 @@
+# From http://downloads.xiph.org/releases/theora/SHA256SUMS
+sha256	f36da409947aa2b3dcc6af0a8c2e3144bc19db2ed547d64e9171c59c66561c61	libtheora-1.1.1.tar.xz

package/libupnpp/libupnpp.mk

@@ -11,4 +11,10 @@ LIBUPNPP_LICENSE_FILES = COPYING
 LIBUPNPP_INSTALL_STAGING = YES
 LIBUPNPP_DEPENDENCIES = expat libcurl libupnp
 
+# configure script fails to link against the dependencies of libupnp
+# causing upnp detection to fail when statically linking
+ifeq ($(BR2_STATIC_LIBS),y)
+LIBUPNPP_CONF_ENV += LIBS='-lthreadutil -lixml -pthread'
+endif
+
 $(eval $(autotools-package))

package/libxmlrpc/0004-use-correct-curl-config.patch

@@ -55,7 +55,7 @@ Index: b/lib/curl_transport/Makefile
  $(SRCDIR)/common.mk: srcdir blddir
  
 -CURL_VERSION := $(shell curl-config --vernum)
-+CURL_VERSION := $(shell $CURL_CONFIG --vernum)
++CURL_VERSION := $(shell $(CURL_CONFIG) --vernum)
  
  # Some time at or before Curl 7.12, <curl/types.h> became an empty file
  # (no-op).  Some time after Curl 7.18, <curl/types.h> ceased to exist.
@@ -64,7 +64,7 @@ Index: b/lib/curl_transport/Makefile
  endif
  
 -CURL_INCLUDES := $(shell curl-config --cflags)
-+CURL_INCLUDES := $(shell $CURL_CONFIG --cflags)
++CURL_INCLUDES := $(shell $(CURL_CONFIG) --cflags)
  # We expect that curl-config --cflags just gives us -I options, because
  # we need just the -I options for 'make dep'.  Plus, it's scary to think
  # of what any other compiler flag would do to our compile.
@@ -77,7 +77,7 @@ Index: b/src/cpp/test/Makefile
  
  ifeq ($(MUST_BUILD_CURL_CLIENT),yes)
 -  LIBS += $(shell curl-config --libs)
-+  LIBS += $(shell $CURL_CONFIG --libs)
++  LIBS += $(shell $(CURL_CONFIG) --libs)
  endif
  ifeq ($(MUST_BUILD_LIBWWW_CLIENT),yes)
    LIBS += $(shell libwww-config --libs)
@@ -90,7 +90,7 @@ Index: b/tools/common.mk
  endif
  ifeq ($(MUST_BUILD_CURL_CLIENT),yes)
 -  CLIENT_LDLIBS += $(shell curl-config --libs)
-+  CLIENT_LDLIBS += $(shell $CURL_CONFIG --libs)
++  CLIENT_LDLIBS += $(shell $(CURL_CONFIG) --libs)
  endif
  ifeq ($(MUST_BUILD_WININET_CLIENT),yes)
    CLIENT_LDLIBS += $(shell wininet-config --libs)

package/make/make.mk

@@ -16,4 +16,11 @@ ifeq ($(BR2_STATIC_LIBS),y)
 	MAKE_CONF_OPTS += --disable-load
 endif
 
+ifeq ($(BR2_PACKAGE_GUILE),y)
+MAKE_DEPENDENCIES += guile
+MAKE_CONF_OPTS += --with-guile
+else
+MAKE_CONF_OPTS += --without-guile
+endif
+
 $(eval $(autotools-package))

package/opus/opus.hash

@@ -0,0 +1,2 @@
+# From http://downloads.xiph.org/releases/opus/SHA256SUMS.txt
+sha256	b9727015a58affcf3db527322bf8c4d2fcf39f5f6b8f15dbceca20206cbe1d95	opus-1.1.tar.gz

package/pinentry/pinentry.mk

@@ -21,7 +21,7 @@ endif
 
 # pinentry-ncurses backend
 ifeq ($(BR2_PACKAGE_PINENTRY_NCURSES),y)
-PINENTRY_CONF_OPTS += --enable-ncurses
+PINENTRY_CONF_OPTS += --enable-ncurses --with-ncurses-include-dir=none
 PINENTRY_DEPENDENCIES += ncurses
 else
 PINENTRY_CONF_OPTS += --disable-ncurses

package/rpi-firmware/rpi-firmware.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-RPI_FIRMWARE_VERSION = 393dcc0e76f18f6ac1b67ba45d36058410670034
+RPI_FIRMWARE_VERSION = b9fac65dd9ff607d0c2c4ea1bbba2bbf3fbc4a10
 RPI_FIRMWARE_SITE = $(call github,raspberrypi,firmware,$(RPI_FIRMWARE_VERSION))
 RPI_FIRMWARE_LICENSE = BSD-3c
 RPI_FIRMWARE_LICENSE_FILES = boot/LICENCE.broadcom
@@ -16,7 +16,7 @@ RPI_FIRMWARE_DEPENDENCIES += host-rpi-firmware
 # The Device Tree blobs are not yet in the master branch of the
 # raspberrypi firmware project, so we have to use a separate branch
 # for now.
-RPI_FIRMWARE_VERSION = 09627457b9e15bf4ea4e6751d3c173a3fb65df07
+RPI_FIRMWARE_VERSION = 6c0acfbbdba9908a4a4d21eab63c49ab72cb528b
 define RPI_FIRMWARE_INSTALL_DTB
 	$(INSTALL) -D -m 0644 $(@D)/boot/bcm2708-rpi-b.dtb $(BINARIES_DIR)/rpi-firmware/bcm2708-rpi-b.dtb
 	$(INSTALL) -D -m 0644 $(@D)/boot/bcm2708-rpi-b-plus.dtb $(BINARIES_DIR)/rpi-firmware/bcm2708-rpi-b-plus.dtb

package/shared-mime-info/shared-mime-info.mk

@@ -9,13 +9,14 @@ SHARED_MIME_INFO_SOURCE = shared-mime-info-$(SHARED_MIME_INFO_VERSION).tar.bz2
 SHARED_MIME_INFO_SITE = http://freedesktop.org/~hadess
 SHARED_MIME_INFO_INSTALL_STAGING = YES
 SHARED_MIME_INFO_CONF_ENV = XMLLINT=$(HOST_DIR)/usr/bin/xmllint
-SHARED_MIME_INFO_DEPENDENCIES = host-pkgconf host-libglib2 host-libxml2 host-shared-mime-info libxml2 libglib2
+SHARED_MIME_INFO_DEPENDENCIES = host-shared-mime-info libxml2 libglib2
 SHARED_MIME_INFO_CONF_OPTS = --disable-update-mimedb
 SHARED_MIME_INFO_MAKE = $(MAKE1)
 SHARED_MIME_INFO_LICENSE = GPLv2
 SHARED_MIME_INFO_LICENSE_FILES = COPYING
 
-HOST_SHARED_MIME_INFO_DEPENDENCIES = host-pkgconf host-intltool
+HOST_SHARED_MIME_INFO_DEPENDENCIES = \
+	host-pkgconf host-intltool host-libxml2 host-libglib2
 
 HOST_SHARED_MIME_INFO_CONF_OPTS = --disable-update-mimedb
 HOST_SHARED_MIME_INFO_MAKE = $(MAKE1)

package/vlc/vlc.hash

@@ -0,0 +1,2 @@
+# From http://get.videolan.org/vlc/2.1.6/vlc-2.1.6.tar.xz.sha256
+sha256	1b76cf4b96e18cf224d21b91343f7e579790c5d3e499c8a230f53da695687c04	vlc-2.1.6.tar.xz

package/vlc/vlc.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-VLC_VERSION = 2.1.5
+VLC_VERSION = 2.1.6
 VLC_SITE = http://get.videolan.org/vlc/$(VLC_VERSION)
 VLC_SOURCE = vlc-$(VLC_VERSION).tar.xz
 VLC_LICENSE = GPLv2+ LGPLv2.1+

package/vorbis-tools/vorbis-tools.hash

@@ -0,0 +1,2 @@
+# From http://downloads.xiph.org/releases/vorbis/SHA256SUMS
+sha256	a389395baa43f8e5a796c99daf62397e435a7e73531c9f44d9084055a05d22bc	vorbis-tools-1.4.0.tar.gz

package/x11r7/xcb-util-keysyms/Config.in

@@ -1,5 +1,6 @@
 config BR2_PACKAGE_XCB_UTIL_KEYSYMS
 	bool "xcb-util-keysyms"
+	select BR2_PACKAGE_LIBXCB
 	help
 	  The XCB util modules provides a number of libraries which sit on top
 	  of libxcb, the core X protocol library, and some of the extension

package/x11r7/xcb-util-keysyms/xcb-util-keysyms.mk

@@ -13,4 +13,6 @@ XCB_UTIL_KEYSYMS_LICENSE = MIT
 
 XCB_UTIL_KEYSYMS_INSTALL_STAGING = YES
 
+XCB_UTIL_KEYSYMS_DEPENDENCIES = host-pkgconf libxcb
+
 $(eval $(autotools-package))