Update for 2017.02.8

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

CHANGES

@@ -1,3 +1,78 @@
+2017.02.8, Released November 27th, 2017
+
+	Important / security related fixes.
+
+	Qt: 5.6 version updated to 5.6.3.
+
+	Reproducible: Do not override SOURCE_DATE_EPOCH if already set
+	in the environment.
+
+	Updated/fixed packages: apr, apr-util, arqp-standalone,
+	collectd, dvb-apps, ffmpeg, google-breakpad, gstreamer,
+	imagemagick, libfastjson, libglib2, libpjsip, libplist,
+	localedef, luajit, mesa3d, openssh, openssl, postgresql,
+	python3, python-pyqt5, qt5base, qt5canvas3d, qt5connectivity,
+	qt5declarative, qt5engineio, qt5graphicaleffects,
+	qt5imageformats, qt5location, qt5multimedia, qt5quickcontrols,
+	qt5quickcontrols2, qt5script, qt5sensors, qt5serialbus,
+	qt5serialport, qt5svg, qt5tools, qt5webchannel, qt5webkit,
+	qt5websockets, qt5x11extras, qt5xmlpatterns, quagga, ruby,
+	samba4, snmppp, ti-gfx, vboot-utils, webkitgtk, wireshark,
+	xapp_xdriinfo.
+
+	Issues resolved (http://bugs.buildroot.org):
+
+	10326: mesa3d package fails to build when BR2_SHARED_STATIC_LIBS=y
+	10361: python3 python-config script generates invalid includes
+	10501: host-localedef fails to compile on Ubuntu 17.10
+
+2017.02.7, Released October 28th, 2017
+
+	Important / security related fixes.
+
+	Webkitgtk bumped to the 2.18.x series, fixing a large number
+	of security issues.
+
+	Defconfigs: wandboard: Correct rootfs offset
+
+	Toolchain: Linaro toolchains updated to 2017.08 release,
+	fixing a number of issues. Musl: fix for CVE-2017-15650.
+
+	Updated/fixed packages: busybox, bzip2, dnsmasq, git, go,
+	hostapd, irssi, iucode-tool, lame, libcurl, libffi, libnspr,
+	libnss, nodejs, openssh, openvpn, qemu, qt, redis, sdl2,
+	webkitgtk, wget, wpa_supplicant, xen, xlib_libXfont,
+	xlib_libXfont2, xserver_xorg-server
+
+2017.02.6, Released September 24th, 2017
+
+	Important / security related fixes.
+
+	Cmake: Ensure correct pkg-config is used when building host
+	packages
+
+	fs/iso9660: Ensure files from earlier builds are not included.
+
+	Updated/fixed packages: apache, bcusdk, bind, binutils,
+	bluez5_utils, botan, cmake, connman, dbus, dialog, e2fsprogs,
+	faad2, fakeroot, ffmpeg, file, flashrom, gcc, gd, gdb,
+	gdk-pixbuf, git, gnupg, gpsd, grub2, gst1-plugins-bad,
+	imagemagick, iostat, iucode-tool, jack2, libarchive, libcurl,
+	libgcrypt, libidn, libphidget, librsync, librsvg, libsoup,
+	libxml2, linux-tools, lua, mariadb, mbedtls, mediastreamer,
+	minidlna, netplug, nss-pam-ldapd, nvidia-driver, openjpeg,
+	postgresql, proxychains-ng, python-libconfig,
+	python-service-identity, qt, rpcbind, ruby, samba4, squashfs,
+	squid, strongswan, subversion, supervisor, sysvinit, tcpdump,
+	tor, transmission, unrar, valgrind, vim, webkitgtk, whois,
+	xen, zmqpp
+
+	Issues resolved (http://bugs.buildroot.org):
+
+	#10141: Squashfs extended attribute failures
+	#10261: Grub2 fails to build for x86_64
+	#10276: BR2_PACKAGE_LINUX_TOOLS_GPIO fails for MIPS with...
+
 2017.02.5, Released July 27th, 2017
 
 	Important / security related fixes.

Config.in

@@ -467,7 +467,7 @@ choice
 config BR2_OPTIMIZE_0
 	bool "optimization level 0"
 	help
-	  Do not optimize. This is the default.
+	  Do not optimize.
 
 config BR2_OPTIMIZE_1
 	bool "optimization level 1"
@@ -534,6 +534,7 @@ config BR2_OPTIMIZE_S
 	  -falign-loops -falign-labels -freorder-blocks
 	  -freorder-blocks-and-partition -fprefetch-loop-arrays
 	  -ftree-vect-loop-version
+	  This is the default.
 
 endchoice
 

Makefile

@@ -86,9 +86,9 @@ else # umask / $(CURDIR) / $(O)
 all:
 
 # Set and export the version string
-export BR2_VERSION := 2017.02.5
+export BR2_VERSION := 2017.02.8
 # Actual time the release is cut (for reproducible builds)
-BR2_VERSION_EPOCH = 1501100000
+BR2_VERSION_EPOCH = 1511823000
 
 # Save running make version since it's clobbered by the make package
 RUNNING_MAKE_VERSION := $(MAKE_VERSION)
@@ -253,7 +253,7 @@ export LANG = C
 export LC_ALL = C
 export GZIP = -n
 BR2_VERSION_GIT_EPOCH = $(shell GIT_DIR=$(TOPDIR)/.git $(GIT) log -1 --format=%at)
-export SOURCE_DATE_EPOCH = $(if $(wildcard $(TOPDIR)/.git),$(BR2_VERSION_GIT_EPOCH),$(BR2_VERSION_EPOCH))
+export SOURCE_DATE_EPOCH ?= $(if $(wildcard $(TOPDIR)/.git),$(BR2_VERSION_GIT_EPOCH),$(BR2_VERSION_EPOCH))
 DEPENDENCIES_HOST_PREREQ += host-fakedate
 endif
 
@@ -481,6 +481,8 @@ include Makefile.legacy
 include package/Makefile.in
 include support/dependencies/dependencies.mk
 
+PACKAGES += $(DEPENDENCIES_HOST_PREREQ)
+
 include toolchain/*.mk
 include toolchain/*/*.mk
 

board/wandboard/genimage.cfg

@@ -26,6 +26,7 @@ image sdcard.img {
   partition rootfs {
     partition-type = 0x83
     image = "rootfs.ext4"
+    offset = 1M
     size = 512M
   }
 }

boot/grub2/grub2.mk

@@ -53,7 +53,7 @@ GRUB2_CONF_ENV = \
 	$(HOST_CONFIGURE_OPTS) \
 	CPP="$(HOSTCC) -E" \
 	TARGET_CC="$(TARGET_CC)" \
-	TARGET_CFLAGS="$(TARGET_CFLAGS)" \
+	TARGET_CFLAGS="$(TARGET_CFLAGS) -fno-stack-protector" \
 	TARGET_CPPFLAGS="$(TARGET_CPPFLAGS)" \
 	TARGET_LDFLAGS="$(TARGET_LDFLAGS)" \
 	NM="$(TARGET_NM)" \

docs/manual/customize-outside-br.txt

@@ -199,7 +199,7 @@ and to the kernel configuration file as follows (e.g. by running
 ----
 BR2_GLOBAL_PATCH_DIR=$(BR2_EXTERNAL_BAR_42_PATH)/patches/
 BR2_ROOTFS_OVERLAY=$(BR2_EXTERNAL_BAR_42_PATH)/board/<boardname>/overlay/
-BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE=$(BR2_EXTERNAL_BAR_42_FOO)/board/<boardname>/kernel.config
+BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE=$(BR2_EXTERNAL_BAR_42_PATH)/board/<boardname>/kernel.config
 ----
 
 ===== Example layout
@@ -263,7 +263,7 @@ illustration, of course):
   |     |BR2_GLOBAL_PATCH_DIR="$(BR2_EXTERNAL_BAR_42_PATH)/patches/"
   |     |BR2_ROOTFS_OVERLAY="$(BR2_EXTERNAL_BAR_42_PATH)/board/my-board/overlay/"
   |     |BR2_ROOTFS_POST_IMAGE_SCRIPT="$(BR2_EXTERNAL_BAR_42_PATH)/board/my-board/post-image.sh"
-  |     |BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="$(BR2_EXTERNAL_BAR_42_FOO)/board/my-board/kernel.config"
+  |     |BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="$(BR2_EXTERNAL_BAR_42_PATH)/board/my-board/kernel.config"
   |     `----
   |
   |- patches/linux/0001-some-change.patch

docs/manual/using-buildroot-development.txt

@@ -50,11 +50,11 @@ BUSYBOX_OVERRIDE_SRCDIR = /home/bob/busybox/
 When Buildroot finds that for a given package, an
 +<pkg>_OVERRIDE_SRCDIR+ has been defined, it will no longer attempt to
 download, extract and patch the package. Instead, it will directly use
-the source code available in in the specified directory and +make
-clean+ will not touch this directory. This allows to point Buildroot
-to your own directories, that can be managed by Git, Subversion, or
-any other version control system. To achieve this, Buildroot will use
-_rsync_ to copy the source code of the component from the specified
+the source code available in the specified directory and +make clean+
+will not touch this directory. This allows to point Buildroot to your
+own directories, that can be managed by Git, Subversion, or any other
+version control system. To achieve this, Buildroot will use _rsync_ to
+copy the source code of the component from the specified
 +<pkg>_OVERRIDE_SRCDIR+ to +output/build/<package>-custom/+.
 
 This mechanism is best used in conjunction with the +make

fs/iso9660/iso9660.mk

@@ -40,6 +40,7 @@ define ROOTFS_ISO9660_CREATE_TEMPDIR
 	$(RM) -rf $(ROOTFS_ISO9660_TARGET_DIR)
 	mkdir -p $(ROOTFS_ISO9660_TARGET_DIR)
 endef
+ROOTFS_ISO9660_PRE_GEN_HOOKS += ROOTFS_ISO9660_CREATE_TEMPDIR
 else
 ROOTFS_ISO9660_TARGET_DIR = $(TARGET_DIR)
 endif

package/apache/0003-CVS-2017-9798.patch

@@ -0,0 +1,30 @@
+core: Disallow Methods' registration at run time (.htaccess), they may
+be used only if registered at init time (httpd.conf).
+
+Calling ap_method_register() in children processes is not the right scope
+since it won't be shared for all requests.
+
+git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1807655 13f79535-47bb-0310-9956-ffa450edef68
+
+Fixes CVE-2017-9798: https://nvd.nist.gov/vuln/detail/CVE-2017-9798
+
+Downloaded from upstream repo:
+https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch
+
+Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
+
+--- a/server/core.c	2017/08/16 16:50:29	1805223
++++ b/server/core.c	2017/09/08 13:13:11	1807754
+@@ -2266,6 +2266,12 @@
+             /* method has not been registered yet, but resource restriction
+              * is always checked before method handling, so register it.
+              */
++            if (cmd->pool == cmd->temp_pool) {
++                /* In .htaccess, we can't globally register new methods. */
++                return apr_psprintf(cmd->pool, "Could not register method '%s' "
++                                   "for %s from .htaccess configuration",
++                                    method, cmd->cmd->name);
++            }
+             methnum = ap_method_register(cmd->pool,
+                                          apr_pstrdup(cmd->pool, method));
+         }

package/apr-util/apr-util.hash

@@ -1,2 +1,4 @@
-# From http://archive.apache.org/dist/apr/apr-util-1.5.4.tar.gz.sha1
-sha1	72cc3ac693b52fb831063d5c0de18723bc8e0095	apr-util-1.5.4.tar.gz
+# From http://www.apache.org/dist/apr/apr-util-1.6.1.tar.bz2.sha256
+sha256	d3e12f7b6ad12687572a3a39475545a072608f4ba03a6ce8a3778f607dd0035b	apr-util-1.6.1.tar.bz2
+# Locally calculated
+sha256	ef5609d18601645ad6fe22c6c122094be40e976725c1d0490778abacc836e7a2	LICENSE

package/apr-util/apr-util.mk

@@ -4,7 +4,8 @@
 #
 ################################################################################
 
-APR_UTIL_VERSION = 1.5.4
+APR_UTIL_VERSION = 1.6.1
+APR_UTIL_SOURCE = apr-util-$(APR_UTIL_VERSION).tar.bz2
 APR_UTIL_SITE = http://archive.apache.org/dist/apr
 APR_UTIL_LICENSE = Apache-2.0
 APR_UTIL_LICENSE_FILES = LICENSE

package/apr/0001-cross-compile.patch

@@ -42,10 +42,10 @@ diff -uNr apr-1.5.1.org/Makefile.in apr-1.5.1/Makefile.in
  
  # get substituted into some targets
  APR_MAJOR_VERSION=@APR_MAJOR_VERSION@
-@@ -134,8 +136,13 @@
+@@ -134,8 +134,13 @@
+ 	$(APR_MKDIR) tools
+ 	$(LT_COMPILE)
  
- OBJECTS_gen_test_char = tools/gen_test_char.lo $(LOCAL_LIBS)
- tools/gen_test_char.lo: make_tools_dir
 +ifdef CC_FOR_BUILD
 +tools/gen_test_char@EXEEXT@: tools/gen_test_char.c $(LOCAL_LIBS)
 +	$(CC_FOR_BUILD) $(CFLAGS_FOR_BUILD) -DCROSS_COMPILE -o $@ $<

package/apr/apr.hash

@@ -1,2 +1,4 @@
-# From http://archive.apache.org/dist/apr/apr-1.5.1.tar.gz.sha1
-sha1	9caa83e3f50f3abc9fab7c4a3f2739a12b14c3a3	apr-1.5.1.tar.gz
+# From http://www.apache.org/dist/apr/apr-1.6.3.tar.bz2.sha256
+sha256 131f06d16d7aabd097fa992a33eec2b6af3962f93e6d570a9bd4d85e95993172  apr-1.6.3.tar.bz2
+# Locally calculated
+sha256 f854aeef66ecd55a126226e82b3f26793fc3b1c584647f6a0edc5639974c38ad  LICENSE

package/apr/apr.mk

@@ -4,7 +4,8 @@
 #
 ################################################################################
 
-APR_VERSION = 1.5.1
+APR_VERSION = 1.6.3
+APR_SOURCE = apr-$(APR_VERSION).tar.bz2
 APR_SITE = http://archive.apache.org/dist/apr
 APR_LICENSE = Apache-2.0
 APR_LICENSE_FILES = LICENSE

package/argp-standalone/0003-fix_build_with_c99_compilers.patch

@@ -66,15 +66,3 @@ index e797b11..828f435 100644
  
  /* Internal routines.  */
  extern void _argp_fmtstream_update (argp_fmtstream_t __fs);
-@@ -216,7 +220,11 @@
- #endif
- 
- #ifndef ARGP_FS_EI
-+#if defined(__GNUC__) && !defined(__GNUC_STDC_INLINE__)
- #define ARGP_FS_EI extern inline
-+#else
-+#define ARGP_FS_EI inline
-+#endif
- #endif
- 
- ARGP_FS_EI size_t

package/argp-standalone/argp-standalone.mk

@@ -10,7 +10,7 @@ ARGP_STANDALONE_INSTALL_STAGING = YES
 ARGP_STANDALONE_LICENSE = LGPLv2+
 
 ARGP_STANDALONE_CONF_ENV = \
-	CFLAGS="$(TARGET_CFLAGS) -fPIC"
+	CFLAGS="$(TARGET_CFLAGS) -fPIC -fgnu89-inline"
 
 define ARGP_STANDALONE_INSTALL_STAGING_CMDS
 	$(INSTALL) -D $(@D)/libargp.a $(STAGING_DIR)/usr/lib/libargp.a

package/bcusdk/0002-eibd-fix-endless-recursion-when-using-USB-backends.patch

@@ -0,0 +1,35 @@
+From 6bd1b4958e949d83468e053c34bf6c89d14d687a Mon Sep 17 00:00:00 2001
+From: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
+Date: Fri, 25 Aug 2017 23:01:14 +0200
+Subject: [PATCH] eibd: drop local clock_gettime in USB backends
+
+clock_gettime is defined locally, and calls pth_int_time, which
+in turn calls clock_gettime.
+The USB backend shouldn't overrule clock_gettime in the first place.
+This patch fixes this endless recursion by removing the local defition.
+
+Signed-off-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
+---
+ eibd/usb/linux_usbfs.c | 6 ------
+ 1 file changed, 6 deletions(-)
+
+diff --git a/eibd/usb/linux_usbfs.c b/eibd/usb/linux_usbfs.c
+index c3ec410..957b908 100644
+--- a/eibd/usb/linux_usbfs.c
++++ b/eibd/usb/linux_usbfs.c
+@@ -52,12 +52,6 @@ int pthread_mutex_trylock(pthread_mutex_t *mutex)
+ 	return 0;
+ }
+ 
+-int clock_gettime(clockid_t clk_id, struct timespec *tp)
+-{
+-	pth_int_time (tp);
+-	return 0;
+-}
+-
+ /* sysfs vs usbfs:
+  * opening a usbfs node causes the device to be resumed, so we attempt to
+  * avoid this during enumeration.
+-- 
+1.8.5.rc3
+

package/bind/bind.hash

@@ -1,3 +1,3 @@
-# Verified from http://ftp.isc.org/isc/bind9/9.11.1-P3/bind-9.11.1-P3.tar.gz.sha256.asc
-sha256 52426e75432e46996dc90f24fca027805a341c38fbbb022b60dc9acd2677ccf4 bind-9.11.1-P3.tar.gz
+# Verified from http://ftp.isc.org/isc/bind9/9.11.2/bind-9.11.2.tar.gz.sha256.asc
+sha256 7f46ad8620f7c3b0ac375d7a5211b15677708fda84ce25d7aeb7222fe2e3c77a bind-9.11.2.tar.gz
 sha256 d3906dfe153e2c48440d3ca1d5319f5e89b4b820cdfc5d0779c23d7ac2b175e9 COPYRIGHT

package/bind/bind.mk

@@ -4,8 +4,8 @@
 #
 ################################################################################
 
-BIND_VERSION = 9.11.1-P3
-BIND_SITE = ftp://ftp.isc.org/isc/bind9/$(BIND_VERSION)
+BIND_VERSION = 9.11.2
+BIND_SITE = http://ftp.isc.org/isc/bind9/$(BIND_VERSION)
 # bind does not support parallel builds.
 BIND_MAKE = $(MAKE1)
 BIND_INSTALL_STAGING = YES
@@ -24,6 +24,7 @@ BIND_CONF_ENV = \
 	BUILD_CC="$(TARGET_CC)" \
 	BUILD_CFLAGS="$(TARGET_CFLAGS)"
 BIND_CONF_OPTS = \
+	--without-lmdb \
 	--with-libjson=no \
 	--with-randomdev=/dev/urandom \
 	--enable-epoll \

package/binutils/2.25.1/131-xtensa-fix-memory-corruption-by-broken-sysregs.patch

@@ -0,0 +1,42 @@
+From 3c8788dbb70b40e737d4b8e30cab81406e5c5091 Mon Sep 17 00:00:00 2001
+From: Max Filippov <jcmvbkbc@gmail.com>
+Date: Wed, 2 Aug 2017 00:36:05 -0700
+Subject: [PATCH] xtensa: fix memory corruption by broken sysregs
+
+In some xtensa configurations there may be system/user registers in
+xtensa-modules with negative index. ISA initialization for such config
+may clobber heap and result in program termination.
+Don't update lookup table entries for register with negative indices.
+They are not directly accessible via RSR/WSR/XSR or RUR/WUR, so this
+change should not affect processing of valid assembly/binary code.
+
+bfd/
+2017-08-02  Max Filippov  <jcmvbkbc@gmail.com>
+
+	* xtensa-isa.c (xtensa_isa_init): Don't update lookup table
+	entries for sysregs with negative indices.
+
+Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
+---
+Backported from: d84ed528d4817b0ff854006b65a9f6ec75f0407a
+
+ bfd/xtensa-isa.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/bfd/xtensa-isa.c b/bfd/xtensa-isa.c
+index 8da75bea8109..8c6ee88fdeae 100644
+--- a/bfd/xtensa-isa.c
++++ b/bfd/xtensa-isa.c
+@@ -292,7 +292,8 @@ xtensa_isa_init (xtensa_isa_status *errno_p, char **error_msg_p)
+       xtensa_sysreg_internal *sreg = &isa->sysregs[n];
+       is_user = sreg->is_user;
+ 
+-      isa->sysreg_table[is_user][sreg->number] = n;
++      if (sreg->number >= 0)
++	isa->sysreg_table[is_user][sreg->number] = n;
+     }
+ 
+   /* Set up the interface lookup table.  */
+-- 
+2.1.4
+

package/binutils/2.26.1/0131-xtensa-fix-memory-corruption-by-broken-sysregs.patch

@@ -0,0 +1,42 @@
+From 3c8788dbb70b40e737d4b8e30cab81406e5c5091 Mon Sep 17 00:00:00 2001
+From: Max Filippov <jcmvbkbc@gmail.com>
+Date: Wed, 2 Aug 2017 00:36:05 -0700
+Subject: [PATCH] xtensa: fix memory corruption by broken sysregs
+
+In some xtensa configurations there may be system/user registers in
+xtensa-modules with negative index. ISA initialization for such config
+may clobber heap and result in program termination.
+Don't update lookup table entries for register with negative indices.
+They are not directly accessible via RSR/WSR/XSR or RUR/WUR, so this
+change should not affect processing of valid assembly/binary code.
+
+bfd/
+2017-08-02  Max Filippov  <jcmvbkbc@gmail.com>
+
+	* xtensa-isa.c (xtensa_isa_init): Don't update lookup table
+	entries for sysregs with negative indices.
+
+Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
+---
+Backported from: d84ed528d4817b0ff854006b65a9f6ec75f0407a
+
+ bfd/xtensa-isa.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/bfd/xtensa-isa.c b/bfd/xtensa-isa.c
+index 8da75bea8109..8c6ee88fdeae 100644
+--- a/bfd/xtensa-isa.c
++++ b/bfd/xtensa-isa.c
+@@ -292,7 +292,8 @@ xtensa_isa_init (xtensa_isa_status *errno_p, char **error_msg_p)
+       xtensa_sysreg_internal *sreg = &isa->sysregs[n];
+       is_user = sreg->is_user;
+ 
+-      isa->sysreg_table[is_user][sreg->number] = n;
++      if (sreg->number >= 0)
++	isa->sysreg_table[is_user][sreg->number] = n;
+     }
+ 
+   /* Set up the interface lookup table.  */
+-- 
+2.1.4
+

package/binutils/2.27/0131-xtensa-fix-memory-corruption-by-broken-sysregs.patch

@@ -0,0 +1,42 @@
+From 3c8788dbb70b40e737d4b8e30cab81406e5c5091 Mon Sep 17 00:00:00 2001
+From: Max Filippov <jcmvbkbc@gmail.com>
+Date: Wed, 2 Aug 2017 00:36:05 -0700
+Subject: [PATCH] xtensa: fix memory corruption by broken sysregs
+
+In some xtensa configurations there may be system/user registers in
+xtensa-modules with negative index. ISA initialization for such config
+may clobber heap and result in program termination.
+Don't update lookup table entries for register with negative indices.
+They are not directly accessible via RSR/WSR/XSR or RUR/WUR, so this
+change should not affect processing of valid assembly/binary code.
+
+bfd/
+2017-08-02  Max Filippov  <jcmvbkbc@gmail.com>
+
+	* xtensa-isa.c (xtensa_isa_init): Don't update lookup table
+	entries for sysregs with negative indices.
+
+Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
+---
+Backported from: d84ed528d4817b0ff854006b65a9f6ec75f0407a
+
+ bfd/xtensa-isa.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/bfd/xtensa-isa.c b/bfd/xtensa-isa.c
+index 8da75bea8109..8c6ee88fdeae 100644
+--- a/bfd/xtensa-isa.c
++++ b/bfd/xtensa-isa.c
+@@ -292,7 +292,8 @@ xtensa_isa_init (xtensa_isa_status *errno_p, char **error_msg_p)
+       xtensa_sysreg_internal *sreg = &isa->sysregs[n];
+       is_user = sreg->is_user;
+ 
+-      isa->sysreg_table[is_user][sreg->number] = n;
++      if (sreg->number >= 0)
++	isa->sysreg_table[is_user][sreg->number] = n;
+     }
+ 
+   /* Set up the interface lookup table.  */
+-- 
+2.1.4
+

package/bluez5_utils/0002-sdp-Fix-Out-of-bounds-heap-read-in-service_search_at.patch

@@ -0,0 +1,29 @@
+From 9e009647b14e810e06626dde7f1bb9ea3c375d09 Mon Sep 17 00:00:00 2001
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Date: Wed, 13 Sep 2017 10:01:40 +0300
+Subject: [PATCH] sdp: Fix Out-of-bounds heap read in service_search_attr_req
+ function
+
+Check if there is enough data to continue otherwise return an error.
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ src/sdpd-request.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/sdpd-request.c b/src/sdpd-request.c
+index 1eefdce1a..318d04467 100644
+--- a/src/sdpd-request.c
++++ b/src/sdpd-request.c
+@@ -917,7 +917,7 @@ static int service_search_attr_req(sdp_req_t *req, sdp_buf_t *buf)
+ 	} else {
+ 		/* continuation State exists -> get from cache */
+ 		sdp_buf_t *pCache = sdp_get_cached_rsp(cstate);
+-		if (pCache) {
++		if (pCache && cstate->cStateValue.maxBytesSent < pCache->data_size) {
+ 			uint16_t sent = MIN(max, pCache->data_size - cstate->cStateValue.maxBytesSent);
+ 			pResponse = pCache->data;
+ 			memcpy(buf->data, pResponse + cstate->cStateValue.maxBytesSent, sent);
+-- 
+2.11.0
+

package/botan/botan.hash

@@ -1,2 +1,2 @@
 # Locally calculated after checking pgp signature
-sha256	23ec973d4b4a4fe04f490d409e08ac5638afe3aa09acd7f520daaff38ba19b90  Botan-1.10.13.tgz
+sha256 6c5472401d06527e87adcb53dd270f3c9b1fb688703b04dd7a7cfb86289efe52  Botan-1.10.16.tgz

package/botan/botan.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-BOTAN_VERSION = 1.10.13
+BOTAN_VERSION = 1.10.16
 BOTAN_SOURCE = Botan-$(BOTAN_VERSION).tgz
 BOTAN_SITE = http://botan.randombit.net/releases
 BOTAN_LICENSE = BSD-2c

package/busybox/0003-wget-fix-for-brain-damaged-HTTP-servers.-Closes-9471.patch

@@ -0,0 +1,87 @@
+From dac762a702d01c8c2d42135795cc9bf23ff324a2 Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Wed, 11 Jan 2017 20:16:45 +0100
+Subject: [PATCH] wget: fix for brain-damaged HTTP servers. Closes 9471
+
+write(3, "GET / HTTP/1.1\r\nUser-Agent: Wget\r\nConnection: close\r\n\r\n", 74) = 74
+shutdown(3, SHUT_WR)    = 0
+alarm(900)              = 900
+read(3, "", 1024)       = 0
+write(2, "wget: error getting response\n", 29) = 29
+exit(1)
+
+The peer simply does not return anything. It closes its connection.
+
+Probably it detects wget closing its writing end: shutdown(3, SHUT_WR).
+
+The point it, closing write side of the socket is _valid_ for HTTP.
+wget sent the full request, it won't be sending anything more:
+it will only receive the response, and that's it.
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ networking/wget.c | 26 ++++++++++++++++++--------
+ 1 file changed, 18 insertions(+), 8 deletions(-)
+
+diff --git a/networking/wget.c b/networking/wget.c
+index b082a0f59..afb09f587 100644
+--- a/networking/wget.c
++++ b/networking/wget.c
+@@ -141,6 +141,8 @@
+ #endif
+ 
+ 
++#define SSL_SUPPORTED (ENABLE_FEATURE_WGET_OPENSSL || ENABLE_FEATURE_WGET_SSL_HELPER)
++
+ struct host_info {
+ 	char *allocated;
+ 	const char *path;
+@@ -151,7 +153,7 @@ struct host_info {
+ };
+ static const char P_FTP[] ALIGN1 = "ftp";
+ static const char P_HTTP[] ALIGN1 = "http";
+-#if ENABLE_FEATURE_WGET_OPENSSL || ENABLE_FEATURE_WGET_SSL_HELPER
++#if SSL_SUPPORTED
+ static const char P_HTTPS[] ALIGN1 = "https";
+ #endif
+ 
+@@ -452,7 +454,7 @@ static void parse_url(const char *src_url, struct host_info *h)
+ 		if (strcmp(url, P_FTP) == 0) {
+ 			h->port = bb_lookup_port(P_FTP, "tcp", 21);
+ 		} else
+-#if ENABLE_FEATURE_WGET_OPENSSL || ENABLE_FEATURE_WGET_SSL_HELPER
++#if SSL_SUPPORTED
+ 		if (strcmp(url, P_HTTPS) == 0) {
+ 			h->port = bb_lookup_port(P_HTTPS, "tcp", 443);
+ 			h->protocol = P_HTTPS;
+@@ -1093,12 +1095,20 @@ static void download_one_url(const char *url)
+ 		}
+ 
+ 		fflush(sfp);
+-		/* If we use SSL helper, keeping our end of the socket open for writing
+-		 * makes our end (i.e. the same fd!) readable (EAGAIN instead of EOF)
+-		 * even after child closes its copy of the fd.
+-		 * This helps:
+-		 */
+-		shutdown(fileno(sfp), SHUT_WR);
++
++/* Tried doing this unconditionally.
++ * Cloudflare and nginx/1.11.5 are shocked to see SHUT_WR on non-HTTPS.
++ */
++#if SSL_SUPPORTED
++		if (target.protocol == P_HTTPS) {
++			/* If we use SSL helper, keeping our end of the socket open for writing
++			 * makes our end (i.e. the same fd!) readable (EAGAIN instead of EOF)
++			 * even after child closes its copy of the fd.
++			 * This helps:
++			 */
++			shutdown(fileno(sfp), SHUT_WR);
++		}
++#endif
+ 
+ 		/*
+ 		 * Retrieve HTTP response line and check for "200" status code.
+-- 
+2.11.0
+

package/busybox/0004-unzip-properly-use-CDF-to-find-compressed-files.-Clo.patch

@@ -0,0 +1,494 @@
+From fa654812e79d2422b41cfff6443e2abcb7737517 Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Thu, 5 Jan 2017 11:43:53 +0100
+Subject: [PATCH] unzip: properly use CDF to find compressed files. Closes 9536
+
+function                                             old     new   delta
+unzip_main                                          2437    2350     -87
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ archival/unzip.c      | 285 +++++++++++++++++++++++++++++---------------------
+ testsuite/unzip.tests |   6 +-
+ 2 files changed, 168 insertions(+), 123 deletions(-)
+
+diff --git a/archival/unzip.c b/archival/unzip.c
+index c540485ac..edef22f75 100644
+--- a/archival/unzip.c
++++ b/archival/unzip.c
+@@ -16,7 +16,6 @@
+  * TODO
+  * Zip64 + other methods
+  */
+-
+ //config:config UNZIP
+ //config:	bool "unzip"
+ //config:	default y
+@@ -24,8 +23,17 @@
+ //config:	  unzip will list or extract files from a ZIP archive,
+ //config:	  commonly found on DOS/WIN systems. The default behavior
+ //config:	  (with no options) is to extract the archive into the
+-//config:	  current directory. Use the `-d' option to extract to a
+-//config:	  directory of your choice.
++//config:	  current directory.
++//config:
++//config:config FEATURE_UNZIP_CDF
++//config:	bool "Read and use Central Directory data"
++//config:	default y
++//config:	depends on UNZIP
++//config:	help
++//config:	  If you know that you only need to deal with simple
++//config:	  ZIP files without deleted/updated files, SFX archves etc,
++//config:	  you can reduce code size by unselecting this option.
++//config:	  To support less trivial ZIPs, say Y.
+ 
+ //applet:IF_UNZIP(APPLET(unzip, BB_DIR_USR_BIN, BB_SUID_DROP))
+ //kbuild:lib-$(CONFIG_UNZIP) += unzip.o
+@@ -80,30 +88,20 @@ typedef union {
+ 		uint32_t ucmpsize PACKED;       /* 18-21 */
+ 		uint16_t filename_len;          /* 22-23 */
+ 		uint16_t extra_len;             /* 24-25 */
++		/* filename follows (not NUL terminated) */
++		/* extra field follows */
++		/* data follows */
+ 	} formatted PACKED;
+ } zip_header_t; /* PACKED - gcc 4.2.1 doesn't like it (spews warning) */
+ 
+-/* Check the offset of the last element, not the length.  This leniency
+- * allows for poor packing, whereby the overall struct may be too long,
+- * even though the elements are all in the right place.
+- */
+-struct BUG_zip_header_must_be_26_bytes {
+-	char BUG_zip_header_must_be_26_bytes[
+-		offsetof(zip_header_t, formatted.extra_len) + 2
+-			== ZIP_HEADER_LEN ? 1 : -1];
+-};
+-
+-#define FIX_ENDIANNESS_ZIP(zip_header) do { \
+-	(zip_header).formatted.version      = SWAP_LE16((zip_header).formatted.version     ); \
+-	(zip_header).formatted.method       = SWAP_LE16((zip_header).formatted.method      ); \
+-	(zip_header).formatted.modtime      = SWAP_LE16((zip_header).formatted.modtime     ); \
+-	(zip_header).formatted.moddate      = SWAP_LE16((zip_header).formatted.moddate     ); \
++#define FIX_ENDIANNESS_ZIP(zip_header) \
++do { if (BB_BIG_ENDIAN) { \
+ 	(zip_header).formatted.crc32        = SWAP_LE32((zip_header).formatted.crc32       ); \
+ 	(zip_header).formatted.cmpsize      = SWAP_LE32((zip_header).formatted.cmpsize     ); \
+ 	(zip_header).formatted.ucmpsize     = SWAP_LE32((zip_header).formatted.ucmpsize    ); \
+ 	(zip_header).formatted.filename_len = SWAP_LE16((zip_header).formatted.filename_len); \
+ 	(zip_header).formatted.extra_len    = SWAP_LE16((zip_header).formatted.extra_len   ); \
+-} while (0)
++}} while (0)
+ 
+ #define CDF_HEADER_LEN 42
+ 
+@@ -115,8 +113,8 @@ typedef union {
+ 		uint16_t version_needed;        /* 2-3 */
+ 		uint16_t cdf_flags;             /* 4-5 */
+ 		uint16_t method;                /* 6-7 */
+-		uint16_t mtime;                 /* 8-9 */
+-		uint16_t mdate;                 /* 10-11 */
++		uint16_t modtime;               /* 8-9 */
++		uint16_t moddate;               /* 10-11 */
+ 		uint32_t crc32;                 /* 12-15 */
+ 		uint32_t cmpsize;               /* 16-19 */
+ 		uint32_t ucmpsize;              /* 20-23 */
+@@ -127,27 +125,27 @@ typedef union {
+ 		uint16_t internal_file_attributes; /* 32-33 */
+ 		uint32_t external_file_attributes PACKED; /* 34-37 */
+ 		uint32_t relative_offset_of_local_header PACKED; /* 38-41 */
++		/* filename follows (not NUL terminated) */
++		/* extra field follows */
++		/* comment follows */
+ 	} formatted PACKED;
+ } cdf_header_t;
+ 
+-struct BUG_cdf_header_must_be_42_bytes {
+-	char BUG_cdf_header_must_be_42_bytes[
+-		offsetof(cdf_header_t, formatted.relative_offset_of_local_header) + 4
+-			== CDF_HEADER_LEN ? 1 : -1];
+-};
+-
+-#define FIX_ENDIANNESS_CDF(cdf_header) do { \
++#define FIX_ENDIANNESS_CDF(cdf_header) \
++do { if (BB_BIG_ENDIAN) { \
++	(cdf_header).formatted.version_made_by = SWAP_LE16((cdf_header).formatted.version_made_by); \
++	(cdf_header).formatted.version_needed = SWAP_LE16((cdf_header).formatted.version_needed); \
++	(cdf_header).formatted.method       = SWAP_LE16((cdf_header).formatted.method      ); \
++	(cdf_header).formatted.modtime      = SWAP_LE16((cdf_header).formatted.modtime     ); \
++	(cdf_header).formatted.moddate      = SWAP_LE16((cdf_header).formatted.moddate     ); \
+ 	(cdf_header).formatted.crc32        = SWAP_LE32((cdf_header).formatted.crc32       ); \
+ 	(cdf_header).formatted.cmpsize      = SWAP_LE32((cdf_header).formatted.cmpsize     ); \
+ 	(cdf_header).formatted.ucmpsize     = SWAP_LE32((cdf_header).formatted.ucmpsize    ); \
+ 	(cdf_header).formatted.file_name_length = SWAP_LE16((cdf_header).formatted.file_name_length); \
+ 	(cdf_header).formatted.extra_field_length = SWAP_LE16((cdf_header).formatted.extra_field_length); \
+ 	(cdf_header).formatted.file_comment_length = SWAP_LE16((cdf_header).formatted.file_comment_length); \
+-	IF_DESKTOP( \
+-	(cdf_header).formatted.version_made_by = SWAP_LE16((cdf_header).formatted.version_made_by); \
+ 	(cdf_header).formatted.external_file_attributes = SWAP_LE32((cdf_header).formatted.external_file_attributes); \
+-	) \
+-} while (0)
++}} while (0)
+ 
+ #define CDE_HEADER_LEN 16
+ 
+@@ -166,20 +164,38 @@ typedef union {
+ 	} formatted PACKED;
+ } cde_header_t;
+ 
+-struct BUG_cde_header_must_be_16_bytes {
++#define FIX_ENDIANNESS_CDE(cde_header) \
++do { if (BB_BIG_ENDIAN) { \
++	(cde_header).formatted.cdf_offset = SWAP_LE32((cde_header).formatted.cdf_offset); \
++}} while (0)
++
++struct BUG {
++	/* Check the offset of the last element, not the length.  This leniency
++	 * allows for poor packing, whereby the overall struct may be too long,
++	 * even though the elements are all in the right place.
++	 */
++	char BUG_zip_header_must_be_26_bytes[
++		offsetof(zip_header_t, formatted.extra_len) + 2
++			== ZIP_HEADER_LEN ? 1 : -1];
++	char BUG_cdf_header_must_be_42_bytes[
++		offsetof(cdf_header_t, formatted.relative_offset_of_local_header) + 4
++			== CDF_HEADER_LEN ? 1 : -1];
+ 	char BUG_cde_header_must_be_16_bytes[
+ 		sizeof(cde_header_t) == CDE_HEADER_LEN ? 1 : -1];
+ };
+ 
+-#define FIX_ENDIANNESS_CDE(cde_header) do { \
+-	(cde_header).formatted.cdf_offset = SWAP_LE32((cde_header).formatted.cdf_offset); \
+-} while (0)
+ 
+ enum { zip_fd = 3 };
+ 
+ 
+-#if ENABLE_DESKTOP
++/* This value means that we failed to find CDF */
++#define BAD_CDF_OFFSET ((uint32_t)0xffffffff)
++
++#if !ENABLE_FEATURE_UNZIP_CDF
+ 
++# define find_cdf_offset() BAD_CDF_OFFSET
++
++#else
+ /* Seen in the wild:
+  * Self-extracting PRO2K3XP_32.exe contains 19078464 byte zip archive,
+  * where CDE was nearly 48 kbytes before EOF.
+@@ -188,25 +204,26 @@ enum { zip_fd = 3 };
+  * To make extraction work, bumped PEEK_FROM_END from 16k to 64k.
+  */
+ #define PEEK_FROM_END (64*1024)
+-
+-/* This value means that we failed to find CDF */
+-#define BAD_CDF_OFFSET ((uint32_t)0xffffffff)
+-
+ /* NB: does not preserve file position! */
+ static uint32_t find_cdf_offset(void)
+ {
+ 	cde_header_t cde_header;
++	unsigned char *buf;
+ 	unsigned char *p;
+ 	off_t end;
+-	unsigned char *buf = xzalloc(PEEK_FROM_END);
+ 	uint32_t found;
+ 
+-	end = xlseek(zip_fd, 0, SEEK_END);
++	end = lseek(zip_fd, 0, SEEK_END);
++	if (end == (off_t) -1)
++		return BAD_CDF_OFFSET;
++
+ 	end -= PEEK_FROM_END;
+ 	if (end < 0)
+ 		end = 0;
++
+ 	dbg("Looking for cdf_offset starting from 0x%"OFF_FMT"x", end);
+  	xlseek(zip_fd, end, SEEK_SET);
++	buf = xzalloc(PEEK_FROM_END);
+ 	full_read(zip_fd, buf, PEEK_FROM_END);
+ 
+ 	found = BAD_CDF_OFFSET;
+@@ -252,30 +269,36 @@ static uint32_t find_cdf_offset(void)
+ static uint32_t read_next_cdf(uint32_t cdf_offset, cdf_header_t *cdf_ptr)
+ {
+ 	off_t org;
++	uint32_t magic;
+ 
+-	org = xlseek(zip_fd, 0, SEEK_CUR);
++	if (cdf_offset == BAD_CDF_OFFSET)
++		return cdf_offset;
+ 
+-	if (!cdf_offset)
+-		cdf_offset = find_cdf_offset();
+-
+-	if (cdf_offset != BAD_CDF_OFFSET) {
+-		dbg("Reading CDF at 0x%x", (unsigned)cdf_offset);
+-		xlseek(zip_fd, cdf_offset + 4, SEEK_SET);
+-		xread(zip_fd, cdf_ptr->raw, CDF_HEADER_LEN);
+-		FIX_ENDIANNESS_CDF(*cdf_ptr);
+-		dbg("  file_name_length:%u extra_field_length:%u file_comment_length:%u",
+-			(unsigned)cdf_ptr->formatted.file_name_length,
+-			(unsigned)cdf_ptr->formatted.extra_field_length,
+-			(unsigned)cdf_ptr->formatted.file_comment_length
+-		);
+-		cdf_offset += 4 + CDF_HEADER_LEN
+-			+ cdf_ptr->formatted.file_name_length
+-			+ cdf_ptr->formatted.extra_field_length
+-			+ cdf_ptr->formatted.file_comment_length;
++	org = xlseek(zip_fd, 0, SEEK_CUR);
++	dbg("Reading CDF at 0x%x", (unsigned)cdf_offset);
++	xlseek(zip_fd, cdf_offset, SEEK_SET);
++	xread(zip_fd, &magic, 4);
++	/* Central Directory End? */
++	if (magic == ZIP_CDE_MAGIC) {
++		dbg("got ZIP_CDE_MAGIC");
++		return 0; /* EOF */
+ 	}
++	xread(zip_fd, cdf_ptr->raw, CDF_HEADER_LEN);
++	/* Caller doesn't need this: */
++	/* dbg("Returning file position to 0x%"OFF_FMT"x", org); */
++	/* xlseek(zip_fd, org, SEEK_SET); */
++
++	FIX_ENDIANNESS_CDF(*cdf_ptr);
++	dbg("  file_name_length:%u extra_field_length:%u file_comment_length:%u",
++		(unsigned)cdf_ptr->formatted.file_name_length,
++		(unsigned)cdf_ptr->formatted.extra_field_length,
++		(unsigned)cdf_ptr->formatted.file_comment_length
++	);
++	cdf_offset += 4 + CDF_HEADER_LEN
++		+ cdf_ptr->formatted.file_name_length
++		+ cdf_ptr->formatted.extra_field_length
++		+ cdf_ptr->formatted.file_comment_length;
+ 
+-	dbg("Returning file position to 0x%"OFF_FMT"x", org);
+-	xlseek(zip_fd, org, SEEK_SET);
+ 	return cdf_offset;
+ };
+ #endif
+@@ -324,6 +347,7 @@ static void unzip_extract(zip_header_t *zip_header, int dst_fd)
+ 			bb_error_msg("bad length");
+ 		}
+ 	}
++	/* TODO? method 12: bzip2, method 14: LZMA */
+ }
+ 
+ static void my_fgets80(char *buf80)
+@@ -339,15 +363,12 @@ int unzip_main(int argc, char **argv)
+ {
+ 	enum { O_PROMPT, O_NEVER, O_ALWAYS };
+ 
+-	zip_header_t zip_header;
+ 	smallint quiet = 0;
+-	IF_NOT_DESKTOP(const) smallint verbose = 0;
++	IF_NOT_FEATURE_UNZIP_CDF(const) smallint verbose = 0;
+ 	smallint listing = 0;
+ 	smallint overwrite = O_PROMPT;
+ 	smallint x_opt_seen;
+-#if ENABLE_DESKTOP
+ 	uint32_t cdf_offset;
+-#endif
+ 	unsigned long total_usize;
+ 	unsigned long total_size;
+ 	unsigned total_entries;
+@@ -430,7 +451,7 @@ int unzip_main(int argc, char **argv)
+ 			break;
+ 
+ 		case 'v': /* Verbose list */
+-			IF_DESKTOP(verbose++;)
++			IF_FEATURE_UNZIP_CDF(verbose++;)
+ 			listing = 1;
+ 			break;
+ 
+@@ -545,78 +566,102 @@ int unzip_main(int argc, char **argv)
+ 	total_usize = 0;
+ 	total_size = 0;
+ 	total_entries = 0;
+-#if ENABLE_DESKTOP
+-	cdf_offset = 0;
+-#endif
++	cdf_offset = find_cdf_offset();	/* try to seek to the end, find CDE and CDF start */
+ 	while (1) {
+-		uint32_t magic;
++		zip_header_t zip_header;
+ 		mode_t dir_mode = 0777;
+-#if ENABLE_DESKTOP
++#if ENABLE_FEATURE_UNZIP_CDF
+ 		mode_t file_mode = 0666;
+ #endif
+ 
+-		/* Check magic number */
+-		xread(zip_fd, &magic, 4);
+-		/* Central directory? It's at the end, so exit */
+-		if (magic == ZIP_CDF_MAGIC) {
+-			dbg("got ZIP_CDF_MAGIC");
+-			break;
+-		}
+-#if ENABLE_DESKTOP
+-		/* Data descriptor? It was a streaming file, go on */
+-		if (magic == ZIP_DD_MAGIC) {
+-			dbg("got ZIP_DD_MAGIC");
+-			/* skip over duplicate crc32, cmpsize and ucmpsize */
+-			unzip_skip(3 * 4);
+-			continue;
+-		}
+-#endif
+-		if (magic != ZIP_FILEHEADER_MAGIC)
+-			bb_error_msg_and_die("invalid zip magic %08X", (int)magic);
+-		dbg("got ZIP_FILEHEADER_MAGIC");
+-
+-		/* Read the file header */
+-		xread(zip_fd, zip_header.raw, ZIP_HEADER_LEN);
+-		FIX_ENDIANNESS_ZIP(zip_header);
+-		if ((zip_header.formatted.method != 0) && (zip_header.formatted.method != 8)) {
+-			bb_error_msg_and_die("unsupported method %d", zip_header.formatted.method);
+-		}
+-#if !ENABLE_DESKTOP
+-		if (zip_header.formatted.zip_flags & SWAP_LE16(0x0009)) {
+-			bb_error_msg_and_die("zip flags 1 and 8 are not supported");
+-		}
+-#else
+-		if (zip_header.formatted.zip_flags & SWAP_LE16(0x0001)) {
+-			/* 0x0001 - encrypted */
+-			bb_error_msg_and_die("zip flag 1 (encryption) is not supported");
+-		}
++		if (!ENABLE_FEATURE_UNZIP_CDF || cdf_offset == BAD_CDF_OFFSET) {
++			/* Normally happens when input is unseekable.
++			 *
++			 * Valid ZIP file has Central Directory at the end
++			 * with central directory file headers (CDFs).
++			 * After it, there is a Central Directory End structure.
++			 * CDFs identify what files are in the ZIP and where
++			 * they are located. This allows ZIP readers to load
++			 * the list of files without reading the entire ZIP archive.
++			 * ZIP files may be appended to, only files specified in
++			 * the CD are valid. Scanning for local file headers is
++			 * not a correct algorithm.
++			 *
++			 * We try to do the above, and resort to "linear" reading
++			 * of ZIP file only if seek failed or CDE wasn't found.
++			 */
++			uint32_t magic;
+ 
+-		if (cdf_offset != BAD_CDF_OFFSET) {
++			/* Check magic number */
++			xread(zip_fd, &magic, 4);
++			/* Central directory? It's at the end, so exit */
++			if (magic == ZIP_CDF_MAGIC) {
++				dbg("got ZIP_CDF_MAGIC");
++				break;
++			}
++			/* Data descriptor? It was a streaming file, go on */
++			if (magic == ZIP_DD_MAGIC) {
++				dbg("got ZIP_DD_MAGIC");
++				/* skip over duplicate crc32, cmpsize and ucmpsize */
++				unzip_skip(3 * 4);
++				continue;
++			}
++			if (magic != ZIP_FILEHEADER_MAGIC)
++				bb_error_msg_and_die("invalid zip magic %08X", (int)magic);
++			dbg("got ZIP_FILEHEADER_MAGIC");
++
++			xread(zip_fd, zip_header.raw, ZIP_HEADER_LEN);
++			FIX_ENDIANNESS_ZIP(zip_header);
++			if ((zip_header.formatted.method != 0)
++			 && (zip_header.formatted.method != 8)
++			) {
++				/* TODO? method 12: bzip2, method 14: LZMA */
++				bb_error_msg_and_die("unsupported method %d", zip_header.formatted.method);
++			}
++			if (zip_header.formatted.zip_flags & SWAP_LE16(0x0009)) {
++				bb_error_msg_and_die("zip flags 1 and 8 are not supported");
++			}
++		}
++#if ENABLE_FEATURE_UNZIP_CDF
++		else {
++			/* cdf_offset is valid (and we know the file is seekable) */
+ 			cdf_header_t cdf_header;
+ 			cdf_offset = read_next_cdf(cdf_offset, &cdf_header);
+-			/*
+-			 * Note: cdf_offset can become BAD_CDF_OFFSET after the above call.
+-			 */
++			if (cdf_offset == 0) /* EOF? */
++				break;
++# if 0
++			xlseek(zip_fd,
++				SWAP_LE32(cdf_header.formatted.relative_offset_of_local_header) + 4,
++				SEEK_SET);
++			xread(zip_fd, zip_header.raw, ZIP_HEADER_LEN);
++			FIX_ENDIANNESS_ZIP(zip_header);
+ 			if (zip_header.formatted.zip_flags & SWAP_LE16(0x0008)) {
+ 				/* 0x0008 - streaming. [u]cmpsize can be reliably gotten
+-				 * only from Central Directory. See unzip_doc.txt
++				 * only from Central Directory.
+ 				 */
+ 				zip_header.formatted.crc32    = cdf_header.formatted.crc32;
+ 				zip_header.formatted.cmpsize  = cdf_header.formatted.cmpsize;
+ 				zip_header.formatted.ucmpsize = cdf_header.formatted.ucmpsize;
+ 			}
++# else
++			/* CDF has the same data as local header, no need to read the latter */
++			memcpy(&zip_header.formatted.version,
++				&cdf_header.formatted.version_needed, ZIP_HEADER_LEN);
++			xlseek(zip_fd,
++				SWAP_LE32(cdf_header.formatted.relative_offset_of_local_header) + 4 + ZIP_HEADER_LEN,
++				SEEK_SET);
++# endif
+ 			if ((cdf_header.formatted.version_made_by >> 8) == 3) {
+ 				/* This archive is created on Unix */
+ 				dir_mode = file_mode = (cdf_header.formatted.external_file_attributes >> 16);
+ 			}
+ 		}
+-		if (cdf_offset == BAD_CDF_OFFSET
+-		 && (zip_header.formatted.zip_flags & SWAP_LE16(0x0008))
+-		) {
+-			/* If it's a streaming zip, we _require_ CDF */
+-			bb_error_msg_and_die("can't find file table");
+-		}
+ #endif
++
++		if (zip_header.formatted.zip_flags & SWAP_LE16(0x0001)) {
++			/* 0x0001 - encrypted */
++			bb_error_msg_and_die("zip flag 1 (encryption) is not supported");
++		}
+ 		dbg("File cmpsize:0x%x extra_len:0x%x ucmpsize:0x%x",
+ 			(unsigned)zip_header.formatted.cmpsize,
+ 			(unsigned)zip_header.formatted.extra_len,
+@@ -751,7 +796,7 @@ int unzip_main(int argc, char **argv)
+ 			overwrite = O_ALWAYS;
+ 		case 'y': /* Open file and fall into unzip */
+ 			unzip_create_leading_dirs(dst_fn);
+-#if ENABLE_DESKTOP
++#if ENABLE_FEATURE_UNZIP_CDF
+ 			dst_fd = xopen3(dst_fn, O_WRONLY | O_CREAT | O_TRUNC, file_mode);
+ #else
+ 			dst_fd = xopen(dst_fn, O_WRONLY | O_CREAT | O_TRUNC);
+diff --git a/testsuite/unzip.tests b/testsuite/unzip.tests
+index d8738a3bd..d9c45242c 100755
+--- a/testsuite/unzip.tests
++++ b/testsuite/unzip.tests
+@@ -31,11 +31,10 @@ rmdir foo
+ rm foo.zip
+ 
+ # File containing some damaged encrypted stream
++optional FEATURE_UNZIP_CDF
+ testing "unzip (bad archive)" "uudecode; unzip bad.zip 2>&1; echo \$?" \
+ "Archive:  bad.zip
+-  inflating: ]3j½r«IK-%Ix
+-unzip: corrupted data
+-unzip: inflate error
++unzip: short read
+ 1
+ " \
+ "" "\
+@@ -49,6 +48,7 @@ BDYAAAAMAAEADQAAADIADQAAAEEAAAASw73Ct1DKokohPXQiNzA+FAI1HCcW
+ NzITNFBLBQUKAC4JAA04Cw0EOhZQSwUGAQAABAIAAgCZAAAAeQAAAAIALhM=
+ ====
+ "
++SKIP=
+ 
+ rm *
+ 
+-- 
+2.11.0
+

package/busybox/0005-typo-fix-in-config-help-text.patch

@@ -0,0 +1,27 @@
+From f8692dc6a0035788a83821fa18b987d8748f97a7 Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Thu, 5 Jan 2017 11:47:28 +0100
+Subject: [PATCH] typo fix in config help text
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ archival/unzip.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/archival/unzip.c b/archival/unzip.c
+index edef22f75..f1726439d 100644
+--- a/archival/unzip.c
++++ b/archival/unzip.c
+@@ -31,7 +31,7 @@
+ //config:	depends on UNZIP
+ //config:	help
+ //config:	  If you know that you only need to deal with simple
+-//config:	  ZIP files without deleted/updated files, SFX archves etc,
++//config:	  ZIP files without deleted/updated files, SFX archives etc,
+ //config:	  you can reduce code size by unselecting this option.
+ //config:	  To support less trivial ZIPs, say Y.
+ 
+-- 
+2.11.0
+

package/busybox/0006-unzip-remove-now-pointless-lseek-which-returns-curre.patch

@@ -0,0 +1,50 @@
+From 50504d3a3badb8ab80bd33797abcbb3b7427c267 Mon Sep 17 00:00:00 2001
+From: Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn@axis.com>
+Date: Thu, 5 Jan 2017 19:07:54 +0100
+Subject: [PATCH] unzip: remove now-pointless lseek which returns current
+ position
+
+archival/unzip.c: In function 'read_next_cdf':
+archival/unzip.c:271:8: warning: variable 'org' set but
+                                 not used [-Wunused-but-set-variable]
+  off_t org;
+        ^~~
+
+Signed-off-by: Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn@axis.com>
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ archival/unzip.c | 5 -----
+ 1 file changed, 5 deletions(-)
+
+diff --git a/archival/unzip.c b/archival/unzip.c
+index f1726439d..98a71c09d 100644
+--- a/archival/unzip.c
++++ b/archival/unzip.c
+@@ -268,13 +268,11 @@ static uint32_t find_cdf_offset(void)
+ 
+ static uint32_t read_next_cdf(uint32_t cdf_offset, cdf_header_t *cdf_ptr)
+ {
+-	off_t org;
+ 	uint32_t magic;
+ 
+ 	if (cdf_offset == BAD_CDF_OFFSET)
+ 		return cdf_offset;
+ 
+-	org = xlseek(zip_fd, 0, SEEK_CUR);
+ 	dbg("Reading CDF at 0x%x", (unsigned)cdf_offset);
+ 	xlseek(zip_fd, cdf_offset, SEEK_SET);
+ 	xread(zip_fd, &magic, 4);
+@@ -284,9 +282,6 @@ static uint32_t read_next_cdf(uint32_t cdf_offset, cdf_header_t *cdf_ptr)
+ 		return 0; /* EOF */
+ 	}
+ 	xread(zip_fd, cdf_ptr->raw, CDF_HEADER_LEN);
+-	/* Caller doesn't need this: */
+-	/* dbg("Returning file position to 0x%"OFF_FMT"x", org); */
+-	/* xlseek(zip_fd, org, SEEK_SET); */
+ 
+ 	FIX_ENDIANNESS_CDF(*cdf_ptr);
+ 	dbg("  file_name_length:%u extra_field_length:%u file_comment_length:%u",
+-- 
+2.11.0
+

package/busybox/0007-unzip-do-not-use-CDF.extra_len-read-local-file-heade.patch

@@ -0,0 +1,509 @@
+From ee72302ac5e3b0b2217f616ab316d3c89e5a1f4c Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Sun, 8 Jan 2017 14:14:19 +0100
+Subject: [PATCH] unzip: do not use CDF.extra_len, read local file header.
+ Closes 9536
+
+While at it, shorten many field and variable names.
+
+function                                             old     new   delta
+unzip_main                                          2334    2376     +42
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ archival/unzip.c      | 236 ++++++++++++++++++++++++++------------------------
+ testsuite/unzip.tests |   4 +-
+ 2 files changed, 125 insertions(+), 115 deletions(-)
+
+diff --git a/archival/unzip.c b/archival/unzip.c
+index 98a71c09d..921493591 100644
+--- a/archival/unzip.c
++++ b/archival/unzip.c
+@@ -62,8 +62,8 @@
+ enum {
+ #if BB_BIG_ENDIAN
+ 	ZIP_FILEHEADER_MAGIC = 0x504b0304,
+-	ZIP_CDF_MAGIC        = 0x504b0102, /* central directory's file header */
+-	ZIP_CDE_MAGIC        = 0x504b0506, /* "end of central directory" record */
++	ZIP_CDF_MAGIC        = 0x504b0102, /* CDF item */
++	ZIP_CDE_MAGIC        = 0x504b0506, /* End of CDF */
+ 	ZIP_DD_MAGIC         = 0x504b0708,
+ #else
+ 	ZIP_FILEHEADER_MAGIC = 0x04034b50,
+@@ -91,16 +91,16 @@ typedef union {
+ 		/* filename follows (not NUL terminated) */
+ 		/* extra field follows */
+ 		/* data follows */
+-	} formatted PACKED;
++	} fmt PACKED;
+ } zip_header_t; /* PACKED - gcc 4.2.1 doesn't like it (spews warning) */
+ 
+-#define FIX_ENDIANNESS_ZIP(zip_header) \
++#define FIX_ENDIANNESS_ZIP(zip) \
+ do { if (BB_BIG_ENDIAN) { \
+-	(zip_header).formatted.crc32        = SWAP_LE32((zip_header).formatted.crc32       ); \
+-	(zip_header).formatted.cmpsize      = SWAP_LE32((zip_header).formatted.cmpsize     ); \
+-	(zip_header).formatted.ucmpsize     = SWAP_LE32((zip_header).formatted.ucmpsize    ); \
+-	(zip_header).formatted.filename_len = SWAP_LE16((zip_header).formatted.filename_len); \
+-	(zip_header).formatted.extra_len    = SWAP_LE16((zip_header).formatted.extra_len   ); \
++	(zip).fmt.crc32         = SWAP_LE32((zip).fmt.crc32       ); \
++	(zip).fmt.cmpsize       = SWAP_LE32((zip).fmt.cmpsize     ); \
++	(zip).fmt.ucmpsize      = SWAP_LE32((zip).fmt.ucmpsize    ); \
++	(zip).fmt.filename_len  = SWAP_LE16((zip).fmt.filename_len); \
++	(zip).fmt.extra_len     = SWAP_LE16((zip).fmt.extra_len   ); \
+ }} while (0)
+ 
+ #define CDF_HEADER_LEN 42
+@@ -118,39 +118,39 @@ typedef union {
+ 		uint32_t crc32;                 /* 12-15 */
+ 		uint32_t cmpsize;               /* 16-19 */
+ 		uint32_t ucmpsize;              /* 20-23 */
+-		uint16_t file_name_length;      /* 24-25 */
+-		uint16_t extra_field_length;    /* 26-27 */
++		uint16_t filename_len;          /* 24-25 */
++		uint16_t extra_len;             /* 26-27 */
+ 		uint16_t file_comment_length;   /* 28-29 */
+ 		uint16_t disk_number_start;     /* 30-31 */
+-		uint16_t internal_file_attributes; /* 32-33 */
+-		uint32_t external_file_attributes PACKED; /* 34-37 */
++		uint16_t internal_attributes;   /* 32-33 */
++		uint32_t external_attributes PACKED; /* 34-37 */
+ 		uint32_t relative_offset_of_local_header PACKED; /* 38-41 */
+ 		/* filename follows (not NUL terminated) */
+ 		/* extra field follows */
+-		/* comment follows */
+-	} formatted PACKED;
++		/* file comment follows */
++	} fmt PACKED;
+ } cdf_header_t;
+ 
+-#define FIX_ENDIANNESS_CDF(cdf_header) \
++#define FIX_ENDIANNESS_CDF(cdf) \
+ do { if (BB_BIG_ENDIAN) { \
+-	(cdf_header).formatted.version_made_by = SWAP_LE16((cdf_header).formatted.version_made_by); \
+-	(cdf_header).formatted.version_needed = SWAP_LE16((cdf_header).formatted.version_needed); \
+-	(cdf_header).formatted.method       = SWAP_LE16((cdf_header).formatted.method      ); \
+-	(cdf_header).formatted.modtime      = SWAP_LE16((cdf_header).formatted.modtime     ); \
+-	(cdf_header).formatted.moddate      = SWAP_LE16((cdf_header).formatted.moddate     ); \
+-	(cdf_header).formatted.crc32        = SWAP_LE32((cdf_header).formatted.crc32       ); \
+-	(cdf_header).formatted.cmpsize      = SWAP_LE32((cdf_header).formatted.cmpsize     ); \
+-	(cdf_header).formatted.ucmpsize     = SWAP_LE32((cdf_header).formatted.ucmpsize    ); \
+-	(cdf_header).formatted.file_name_length = SWAP_LE16((cdf_header).formatted.file_name_length); \
+-	(cdf_header).formatted.extra_field_length = SWAP_LE16((cdf_header).formatted.extra_field_length); \
+-	(cdf_header).formatted.file_comment_length = SWAP_LE16((cdf_header).formatted.file_comment_length); \
+-	(cdf_header).formatted.external_file_attributes = SWAP_LE32((cdf_header).formatted.external_file_attributes); \
++	(cdf).fmt.version_made_by = SWAP_LE16((cdf).fmt.version_made_by); \
++	(cdf).fmt.version_needed = SWAP_LE16((cdf).fmt.version_needed); \
++	(cdf).fmt.method        = SWAP_LE16((cdf).fmt.method      ); \
++	(cdf).fmt.modtime       = SWAP_LE16((cdf).fmt.modtime     ); \
++	(cdf).fmt.moddate       = SWAP_LE16((cdf).fmt.moddate     ); \
++	(cdf).fmt.crc32         = SWAP_LE32((cdf).fmt.crc32       ); \
++	(cdf).fmt.cmpsize       = SWAP_LE32((cdf).fmt.cmpsize     ); \
++	(cdf).fmt.ucmpsize      = SWAP_LE32((cdf).fmt.ucmpsize    ); \
++	(cdf).fmt.filename_len  = SWAP_LE16((cdf).fmt.filename_len); \
++	(cdf).fmt.extra_len     = SWAP_LE16((cdf).fmt.extra_len   ); \
++	(cdf).fmt.file_comment_length = SWAP_LE16((cdf).fmt.file_comment_length); \
++	(cdf).fmt.external_attributes = SWAP_LE32((cdf).fmt.external_attributes); \
+ }} while (0)
+ 
+-#define CDE_HEADER_LEN 16
++#define CDE_LEN 16
+ 
+ typedef union {
+-	uint8_t raw[CDE_HEADER_LEN];
++	uint8_t raw[CDE_LEN];
+ 	struct {
+ 		/* uint32_t signature; 50 4b 05 06 */
+ 		uint16_t this_disk_no;
+@@ -159,14 +159,14 @@ typedef union {
+ 		uint16_t cdf_entries_total;
+ 		uint32_t cdf_size;
+ 		uint32_t cdf_offset;
+-		/* uint16_t file_comment_length; */
+-		/* .ZIP file comment (variable size) */
+-	} formatted PACKED;
+-} cde_header_t;
++		/* uint16_t archive_comment_length; */
++		/* archive comment follows */
++	} fmt PACKED;
++} cde_t;
+ 
+-#define FIX_ENDIANNESS_CDE(cde_header) \
++#define FIX_ENDIANNESS_CDE(cde) \
+ do { if (BB_BIG_ENDIAN) { \
+-	(cde_header).formatted.cdf_offset = SWAP_LE32((cde_header).formatted.cdf_offset); \
++	(cde).fmt.cdf_offset = SWAP_LE32((cde).fmt.cdf_offset); \
+ }} while (0)
+ 
+ struct BUG {
+@@ -175,13 +175,13 @@ struct BUG {
+ 	 * even though the elements are all in the right place.
+ 	 */
+ 	char BUG_zip_header_must_be_26_bytes[
+-		offsetof(zip_header_t, formatted.extra_len) + 2
++		offsetof(zip_header_t, fmt.extra_len) + 2
+ 			== ZIP_HEADER_LEN ? 1 : -1];
+ 	char BUG_cdf_header_must_be_42_bytes[
+-		offsetof(cdf_header_t, formatted.relative_offset_of_local_header) + 4
++		offsetof(cdf_header_t, fmt.relative_offset_of_local_header) + 4
+ 			== CDF_HEADER_LEN ? 1 : -1];
+-	char BUG_cde_header_must_be_16_bytes[
+-		sizeof(cde_header_t) == CDE_HEADER_LEN ? 1 : -1];
++	char BUG_cde_must_be_16_bytes[
++		sizeof(cde_t) == CDE_LEN ? 1 : -1];
+ };
+ 
+ 
+@@ -207,7 +207,7 @@ enum { zip_fd = 3 };
+ /* NB: does not preserve file position! */
+ static uint32_t find_cdf_offset(void)
+ {
+-	cde_header_t cde_header;
++	cde_t cde;
+ 	unsigned char *buf;
+ 	unsigned char *p;
+ 	off_t end;
+@@ -228,7 +228,7 @@ static uint32_t find_cdf_offset(void)
+ 
+ 	found = BAD_CDF_OFFSET;
+ 	p = buf;
+-	while (p <= buf + PEEK_FROM_END - CDE_HEADER_LEN - 4) {
++	while (p <= buf + PEEK_FROM_END - CDE_LEN - 4) {
+ 		if (*p != 'P') {
+ 			p++;
+ 			continue;
+@@ -240,19 +240,19 @@ static uint32_t find_cdf_offset(void)
+ 		if (*++p != 6)
+ 			continue;
+ 		/* we found CDE! */
+-		memcpy(cde_header.raw, p + 1, CDE_HEADER_LEN);
+-		FIX_ENDIANNESS_CDE(cde_header);
++		memcpy(cde.raw, p + 1, CDE_LEN);
++		FIX_ENDIANNESS_CDE(cde);
+ 		/*
+ 		 * I've seen .ZIP files with seemingly valid CDEs
+ 		 * where cdf_offset points past EOF - ??
+ 		 * This check ignores such CDEs:
+ 		 */
+-		if (cde_header.formatted.cdf_offset < end + (p - buf)) {
+-			found = cde_header.formatted.cdf_offset;
++		if (cde.fmt.cdf_offset < end + (p - buf)) {
++			found = cde.fmt.cdf_offset;
+ 			dbg("Possible cdf_offset:0x%x at 0x%"OFF_FMT"x",
+ 				(unsigned)found, end + (p-3 - buf));
+ 			dbg("  cdf_offset+cdf_size:0x%x",
+-				(unsigned)(found + SWAP_LE32(cde_header.formatted.cdf_size)));
++				(unsigned)(found + SWAP_LE32(cde.fmt.cdf_size)));
+ 			/*
+ 			 * We do not "break" here because only the last CDE is valid.
+ 			 * I've seen a .zip archive which contained a .zip file,
+@@ -266,7 +266,7 @@ static uint32_t find_cdf_offset(void)
+ 	return found;
+ };
+ 
+-static uint32_t read_next_cdf(uint32_t cdf_offset, cdf_header_t *cdf_ptr)
++static uint32_t read_next_cdf(uint32_t cdf_offset, cdf_header_t *cdf)
+ {
+ 	uint32_t magic;
+ 
+@@ -276,23 +276,25 @@ static uint32_t read_next_cdf(uint32_t cdf_offset, cdf_header_t *cdf_ptr)
+ 	dbg("Reading CDF at 0x%x", (unsigned)cdf_offset);
+ 	xlseek(zip_fd, cdf_offset, SEEK_SET);
+ 	xread(zip_fd, &magic, 4);
+-	/* Central Directory End? */
++	/* Central Directory End? Assume CDF has ended.
++	 * (more correct method is to use cde.cdf_entries_total counter)
++	 */
+ 	if (magic == ZIP_CDE_MAGIC) {
+ 		dbg("got ZIP_CDE_MAGIC");
+ 		return 0; /* EOF */
+ 	}
+-	xread(zip_fd, cdf_ptr->raw, CDF_HEADER_LEN);
++	xread(zip_fd, cdf->raw, CDF_HEADER_LEN);
+ 
+-	FIX_ENDIANNESS_CDF(*cdf_ptr);
+-	dbg("  file_name_length:%u extra_field_length:%u file_comment_length:%u",
+-		(unsigned)cdf_ptr->formatted.file_name_length,
+-		(unsigned)cdf_ptr->formatted.extra_field_length,
+-		(unsigned)cdf_ptr->formatted.file_comment_length
++	FIX_ENDIANNESS_CDF(*cdf);
++	dbg("  filename_len:%u extra_len:%u file_comment_length:%u",
++		(unsigned)cdf->fmt.filename_len,
++		(unsigned)cdf->fmt.extra_len,
++		(unsigned)cdf->fmt.file_comment_length
+ 	);
+ 	cdf_offset += 4 + CDF_HEADER_LEN
+-		+ cdf_ptr->formatted.file_name_length
+-		+ cdf_ptr->formatted.extra_field_length
+-		+ cdf_ptr->formatted.file_comment_length;
++		+ cdf->fmt.filename_len
++		+ cdf->fmt.extra_len
++		+ cdf->fmt.file_comment_length;
+ 
+ 	return cdf_offset;
+ };
+@@ -315,28 +317,28 @@ static void unzip_create_leading_dirs(const char *fn)
+ 	free(name);
+ }
+ 
+-static void unzip_extract(zip_header_t *zip_header, int dst_fd)
++static void unzip_extract(zip_header_t *zip, int dst_fd)
+ {
+-	if (zip_header->formatted.method == 0) {
++	if (zip->fmt.method == 0) {
+ 		/* Method 0 - stored (not compressed) */
+-		off_t size = zip_header->formatted.ucmpsize;
++		off_t size = zip->fmt.ucmpsize;
+ 		if (size)
+ 			bb_copyfd_exact_size(zip_fd, dst_fd, size);
+ 	} else {
+ 		/* Method 8 - inflate */
+ 		transformer_state_t xstate;
+ 		init_transformer_state(&xstate);
+-		xstate.bytes_in = zip_header->formatted.cmpsize;
++		xstate.bytes_in = zip->fmt.cmpsize;
+ 		xstate.src_fd = zip_fd;
+ 		xstate.dst_fd = dst_fd;
+ 		if (inflate_unzip(&xstate) < 0)
+ 			bb_error_msg_and_die("inflate error");
+ 		/* Validate decompression - crc */
+-		if (zip_header->formatted.crc32 != (xstate.crc32 ^ 0xffffffffL)) {
++		if (zip->fmt.crc32 != (xstate.crc32 ^ 0xffffffffL)) {
+ 			bb_error_msg_and_die("crc error");
+ 		}
+ 		/* Validate decompression - size */
+-		if (zip_header->formatted.ucmpsize != xstate.bytes_out) {
++		if (zip->fmt.ucmpsize != xstate.bytes_out) {
+ 			/* Don't die. Who knows, maybe len calculation
+ 			 * was botched somewhere. After all, crc matched! */
+ 			bb_error_msg("bad length");
+@@ -563,7 +565,7 @@ int unzip_main(int argc, char **argv)
+ 	total_entries = 0;
+ 	cdf_offset = find_cdf_offset();	/* try to seek to the end, find CDE and CDF start */
+ 	while (1) {
+-		zip_header_t zip_header;
++		zip_header_t zip;
+ 		mode_t dir_mode = 0777;
+ #if ENABLE_FEATURE_UNZIP_CDF
+ 		mode_t file_mode = 0666;
+@@ -589,7 +591,7 @@ int unzip_main(int argc, char **argv)
+ 
+ 			/* Check magic number */
+ 			xread(zip_fd, &magic, 4);
+-			/* Central directory? It's at the end, so exit */
++			/* CDF item? Assume there are no more files, exit */
+ 			if (magic == ZIP_CDF_MAGIC) {
+ 				dbg("got ZIP_CDF_MAGIC");
+ 				break;
+@@ -605,71 +607,74 @@ int unzip_main(int argc, char **argv)
+ 				bb_error_msg_and_die("invalid zip magic %08X", (int)magic);
+ 			dbg("got ZIP_FILEHEADER_MAGIC");
+ 
+-			xread(zip_fd, zip_header.raw, ZIP_HEADER_LEN);
+-			FIX_ENDIANNESS_ZIP(zip_header);
+-			if ((zip_header.formatted.method != 0)
+-			 && (zip_header.formatted.method != 8)
++			xread(zip_fd, zip.raw, ZIP_HEADER_LEN);
++			FIX_ENDIANNESS_ZIP(zip);
++			if ((zip.fmt.method != 0)
++			 && (zip.fmt.method != 8)
+ 			) {
+ 				/* TODO? method 12: bzip2, method 14: LZMA */
+-				bb_error_msg_and_die("unsupported method %d", zip_header.formatted.method);
++				bb_error_msg_and_die("unsupported method %d", zip.fmt.method);
+ 			}
+-			if (zip_header.formatted.zip_flags & SWAP_LE16(0x0009)) {
++			if (zip.fmt.zip_flags & SWAP_LE16(0x0009)) {
+ 				bb_error_msg_and_die("zip flags 1 and 8 are not supported");
+ 			}
+ 		}
+ #if ENABLE_FEATURE_UNZIP_CDF
+ 		else {
+ 			/* cdf_offset is valid (and we know the file is seekable) */
+-			cdf_header_t cdf_header;
+-			cdf_offset = read_next_cdf(cdf_offset, &cdf_header);
++			cdf_header_t cdf;
++			cdf_offset = read_next_cdf(cdf_offset, &cdf);
+ 			if (cdf_offset == 0) /* EOF? */
+ 				break;
+-# if 0
++# if 1
+ 			xlseek(zip_fd,
+-				SWAP_LE32(cdf_header.formatted.relative_offset_of_local_header) + 4,
++				SWAP_LE32(cdf.fmt.relative_offset_of_local_header) + 4,
+ 				SEEK_SET);
+-			xread(zip_fd, zip_header.raw, ZIP_HEADER_LEN);
+-			FIX_ENDIANNESS_ZIP(zip_header);
+-			if (zip_header.formatted.zip_flags & SWAP_LE16(0x0008)) {
++			xread(zip_fd, zip.raw, ZIP_HEADER_LEN);
++			FIX_ENDIANNESS_ZIP(zip);
++			if (zip.fmt.zip_flags & SWAP_LE16(0x0008)) {
+ 				/* 0x0008 - streaming. [u]cmpsize can be reliably gotten
+ 				 * only from Central Directory.
+ 				 */
+-				zip_header.formatted.crc32    = cdf_header.formatted.crc32;
+-				zip_header.formatted.cmpsize  = cdf_header.formatted.cmpsize;
+-				zip_header.formatted.ucmpsize = cdf_header.formatted.ucmpsize;
++				zip.fmt.crc32    = cdf.fmt.crc32;
++				zip.fmt.cmpsize  = cdf.fmt.cmpsize;
++				zip.fmt.ucmpsize = cdf.fmt.ucmpsize;
+ 			}
+ # else
+-			/* CDF has the same data as local header, no need to read the latter */
+-			memcpy(&zip_header.formatted.version,
+-				&cdf_header.formatted.version_needed, ZIP_HEADER_LEN);
++			/* CDF has the same data as local header, no need to read the latter...
++			 * ...not really. An archive was seen with cdf.extra_len == 6 but
++			 * zip.extra_len == 0.
++			 */
++			memcpy(&zip.fmt.version,
++				&cdf.fmt.version_needed, ZIP_HEADER_LEN);
+ 			xlseek(zip_fd,
+-				SWAP_LE32(cdf_header.formatted.relative_offset_of_local_header) + 4 + ZIP_HEADER_LEN,
++				SWAP_LE32(cdf.fmt.relative_offset_of_local_header) + 4 + ZIP_HEADER_LEN,
+ 				SEEK_SET);
+ # endif
+-			if ((cdf_header.formatted.version_made_by >> 8) == 3) {
++			if ((cdf.fmt.version_made_by >> 8) == 3) {
+ 				/* This archive is created on Unix */
+-				dir_mode = file_mode = (cdf_header.formatted.external_file_attributes >> 16);
++				dir_mode = file_mode = (cdf.fmt.external_attributes >> 16);
+ 			}
+ 		}
+ #endif
+ 
+-		if (zip_header.formatted.zip_flags & SWAP_LE16(0x0001)) {
++		if (zip.fmt.zip_flags & SWAP_LE16(0x0001)) {
+ 			/* 0x0001 - encrypted */
+ 			bb_error_msg_and_die("zip flag 1 (encryption) is not supported");
+ 		}
+ 		dbg("File cmpsize:0x%x extra_len:0x%x ucmpsize:0x%x",
+-			(unsigned)zip_header.formatted.cmpsize,
+-			(unsigned)zip_header.formatted.extra_len,
+-			(unsigned)zip_header.formatted.ucmpsize
++			(unsigned)zip.fmt.cmpsize,
++			(unsigned)zip.fmt.extra_len,
++			(unsigned)zip.fmt.ucmpsize
+ 		);
+ 
+ 		/* Read filename */
+ 		free(dst_fn);
+-		dst_fn = xzalloc(zip_header.formatted.filename_len + 1);
+-		xread(zip_fd, dst_fn, zip_header.formatted.filename_len);
++		dst_fn = xzalloc(zip.fmt.filename_len + 1);
++		xread(zip_fd, dst_fn, zip.fmt.filename_len);
+ 
+ 		/* Skip extra header bytes */
+-		unzip_skip(zip_header.formatted.extra_len);
++		unzip_skip(zip.fmt.extra_len);
+ 
+ 		/* Guard against "/abspath", "/../" and similar attacks */
+ 		overlapping_strcpy(dst_fn, strip_unsafe_prefix(dst_fn));
+@@ -684,32 +689,32 @@ int unzip_main(int argc, char **argv)
+ 				/* List entry */
+ 				char dtbuf[sizeof("mm-dd-yyyy hh:mm")];
+ 				sprintf(dtbuf, "%02u-%02u-%04u %02u:%02u",
+-					(zip_header.formatted.moddate >> 5) & 0xf,  // mm: 0x01e0
+-					(zip_header.formatted.moddate)      & 0x1f, // dd: 0x001f
+-					(zip_header.formatted.moddate >> 9) + 1980, // yy: 0xfe00
+-					(zip_header.formatted.modtime >> 11),       // hh: 0xf800
+-					(zip_header.formatted.modtime >> 5) & 0x3f  // mm: 0x07e0
+-					// seconds/2 are not shown, encoded in ----------- 0x001f
++					(zip.fmt.moddate >> 5) & 0xf,  // mm: 0x01e0
++					(zip.fmt.moddate)      & 0x1f, // dd: 0x001f
++					(zip.fmt.moddate >> 9) + 1980, // yy: 0xfe00
++					(zip.fmt.modtime >> 11),       // hh: 0xf800
++					(zip.fmt.modtime >> 5) & 0x3f  // mm: 0x07e0
++					// seconds/2 not shown, encoded in -- 0x001f
+ 				);
+ 				if (!verbose) {
+ 					//      "  Length      Date    Time    Name\n"
+ 					//      "---------  ---------- -----   ----"
+ 					printf(       "%9u  " "%s   "         "%s\n",
+-						(unsigned)zip_header.formatted.ucmpsize,
++						(unsigned)zip.fmt.ucmpsize,
+ 						dtbuf,
+ 						dst_fn);
+ 				} else {
+-					unsigned long percents = zip_header.formatted.ucmpsize - zip_header.formatted.cmpsize;
++					unsigned long percents = zip.fmt.ucmpsize - zip.fmt.cmpsize;
+ 					if ((int32_t)percents < 0)
+ 						percents = 0; /* happens if ucmpsize < cmpsize */
+ 					percents = percents * 100;
+-					if (zip_header.formatted.ucmpsize)
+-						percents /= zip_header.formatted.ucmpsize;
++					if (zip.fmt.ucmpsize)
++						percents /= zip.fmt.ucmpsize;
+ 					//      " Length   Method    Size  Cmpr    Date    Time   CRC-32   Name\n"
+ 					//      "--------  ------  ------- ---- ---------- ----- --------  ----"
+ 					printf(      "%8u  %s"        "%9u%4u%% " "%s "         "%08x  "  "%s\n",
+-						(unsigned)zip_header.formatted.ucmpsize,
+-						zip_header.formatted.method == 0 ? "Stored" : "Defl:N", /* Defl is method 8 */
++						(unsigned)zip.fmt.ucmpsize,
++						zip.fmt.method == 0 ? "Stored" : "Defl:N", /* Defl is method 8 */
+ /* TODO: show other methods?
+  *  1 - Shrunk
+  *  2 - Reduced with compression factor 1
+@@ -722,15 +727,16 @@ int unzip_main(int argc, char **argv)
+  * 10 - PKWARE Data Compression Library Imploding
+  * 11 - Reserved by PKWARE
+  * 12 - BZIP2
++ * 14 - LZMA
+  */
+-						(unsigned)zip_header.formatted.cmpsize,
++						(unsigned)zip.fmt.cmpsize,
+ 						(unsigned)percents,
+ 						dtbuf,
+-						zip_header.formatted.crc32,
++						zip.fmt.crc32,
+ 						dst_fn);
+-					total_size += zip_header.formatted.cmpsize;
++					total_size += zip.fmt.cmpsize;
+ 				}
+-				total_usize += zip_header.formatted.ucmpsize;
++				total_usize += zip.fmt.ucmpsize;
+ 				i = 'n';
+ 			} else if (dst_fd == STDOUT_FILENO) {
+ 				/* Extracting to STDOUT */
+@@ -798,9 +804,11 @@ int unzip_main(int argc, char **argv)
+ #endif
+ 		case -1: /* Unzip */
+ 			if (!quiet) {
+-				printf("  inflating: %s\n", dst_fn);
++				printf(/* zip.fmt.method == 0
++					? " extracting: %s\n"
++					: */ "  inflating: %s\n", dst_fn);
+ 			}
+-			unzip_extract(&zip_header, dst_fd);
++			unzip_extract(&zip, dst_fd);
+ 			if (dst_fd != STDOUT_FILENO) {
+ 				/* closing STDOUT is potentially bad for future business */
+ 				close(dst_fd);
+@@ -811,7 +819,7 @@ int unzip_main(int argc, char **argv)
+ 			overwrite = O_NEVER;
+ 		case 'n':
+ 			/* Skip entry data */
+-			unzip_skip(zip_header.formatted.cmpsize);
++			unzip_skip(zip.fmt.cmpsize);
+ 			break;
+ 
+ 		case 'r':
+diff --git a/testsuite/unzip.tests b/testsuite/unzip.tests
+index d9c45242c..2e4becdb8 100755
+--- a/testsuite/unzip.tests
++++ b/testsuite/unzip.tests
+@@ -34,7 +34,9 @@ rm foo.zip
+ optional FEATURE_UNZIP_CDF
+ testing "unzip (bad archive)" "uudecode; unzip bad.zip 2>&1; echo \$?" \
+ "Archive:  bad.zip
+-unzip: short read
++  inflating: ]3j½r«IK-%Ix
++unzip: corrupted data
++unzip: inflate error
+ 1
+ " \
+ "" "\
+-- 
+2.11.0
+

package/busybox/0008-httpd-fix-handling-of-range-requests.patch

@@ -0,0 +1,27 @@
+From 4316dff48aacb29307e1b52cb761fef603759b9d Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Mon, 18 Sep 2017 13:09:11 +0200
+Subject: [PATCH] httpd: fix handling of range requests
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ networking/httpd.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/networking/httpd.c b/networking/httpd.c
+index d301d598d..84d819723 100644
+--- a/networking/httpd.c
++++ b/networking/httpd.c
+@@ -2337,7 +2337,7 @@ static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr)
+ 			if (STRNCASECMP(iobuf, "Range:") == 0) {
+ 				/* We know only bytes=NNN-[MMM] */
+ 				char *s = skip_whitespace(iobuf + sizeof("Range:")-1);
+-				if (is_prefixed_with(s, "bytes=") == 0) {
++				if (is_prefixed_with(s, "bytes=")) {
+ 					s += sizeof("bytes=")-1;
+ 					range_start = BB_STRTOOFF(s, &s, 10);
+ 					if (s[0] != '-' || range_start < 0) {
+-- 
+2.11.0
+

package/bzip2/bzip2.mk

@@ -12,13 +12,13 @@ BZIP2_LICENSE_FILES = LICENSE
 
 ifeq ($(BR2_STATIC_LIBS),)
 define BZIP2_BUILD_SHARED_CMDS
-	$(TARGET_MAKE_ENV)
+	$(TARGET_MAKE_ENV) \
 		$(MAKE) -C $(@D) -f Makefile-libbz2_so $(TARGET_CONFIGURE_OPTS)
 endef
 endif
 
 define BZIP2_BUILD_CMDS
-	$(TARGET_MAKE_ENV)
+	$(TARGET_MAKE_ENV) \
 		$(MAKE) -C $(@D) libbz2.a bzip2 bzip2recover $(TARGET_CONFIGURE_OPTS)
 	$(BZIP2_BUILD_SHARED_CMDS)
 endef

package/cmake/cmake.mk

@@ -46,6 +46,7 @@ define HOST_CMAKE_CONFIGURE_CMDS
 			-DCMAKE_C_FLAGS="$(HOST_CMAKE_CFLAGS)" \
 			-DCMAKE_CXX_FLAGS="$(HOST_CMAKE_CXXFLAGS)" \
 			-DCMAKE_EXE_LINKER_FLAGS="$(HOST_LDFLAGS)" \
+			-DCMAKE_USE_OPENSSL:BOOL=OFF \
 			-DBUILD_CursesDialog=OFF \
 	)
 endef

package/collectd/collectd.mk

@@ -24,9 +24,23 @@ COLLECTD_PLUGINS_DISABLE = \
 
 COLLECTD_CONF_ENV += LIBS="-lm"
 
+#
+# NOTE: There's also a third availible setting "intswap", which might
+# be needed on some old ARM hardware (see [2]), but is not being
+# accounted for as per discussion [1]
+#
+# [1] http://lists.busybox.net/pipermail/buildroot/2017-November/206100.html
+# [2] http://lists.busybox.net/pipermail/buildroot/2017-November/206251.html
+#
+ifeq ($(BR2_ENDIAN),"BIG")
+COLLECTD_FP_LAYOUT=endianflip
+else
+COLLECTD_FP_LAYOUT=nothing
+endif
+
 COLLECTD_CONF_OPTS += \
 	--with-nan-emulation \
-	--with-fp-layout=nothing \
+	--with-fp-layout=$(COLLECTD_FP_LAYOUT) \
 	--with-perl-bindings=no \
 	$(foreach p, $(COLLECTD_PLUGINS_DISABLE), --disable-$(p)) \
 	$(if $(BR2_PACKAGE_COLLECTD_AGGREGATION),--enable-aggregation,--disable-aggregation) \

package/connman/connman.hash

@@ -1,2 +1,2 @@
 # From https://www.kernel.org/pub/linux/network/connman/sha256sums.asc
-sha256	bc8946036fa70124d663136f9f6b6238d897ca482782df907b07a428b09df5a0	connman-1.33.tar.xz
+sha256	66d7deb98371545c6e417239a9b3b3e3201c1529d08eedf40afbc859842cf2aa	connman-1.35.tar.xz

package/connman/connman.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-CONNMAN_VERSION = 1.33
+CONNMAN_VERSION = 1.35
 CONNMAN_SOURCE = connman-$(CONNMAN_VERSION).tar.xz
 CONNMAN_SITE = $(BR2_KERNEL_MIRROR)/linux/network/connman
 CONNMAN_DEPENDENCIES = libglib2 dbus iptables

package/dbus/0001-config-loader-expat-Tell-Expat-not-to-defend-against.patch

@@ -0,0 +1,78 @@
+From 1252dc1d1f465b8ab6b36ff7252e395e66a040cf Mon Sep 17 00:00:00 2001
+From: Simon McVittie <smcv@debian.org>
+Date: Fri, 21 Jul 2017 10:46:39 +0100
+Subject: [PATCH 1/2] config-loader-expat: Tell Expat not to defend against
+ hash collisions
+
+By default, Expat uses cryptographic-quality random numbers as a salt for
+its hash algorithm, and since 2.2.1 it gets them from the getrandom
+syscall on Linux. That syscall refuses to return any entropy until the
+kernel's CSPRNG (random pool) has been initialized. Unfortunately, this
+can take as long as 40 seconds on embedded devices with few entropy
+sources, which is too long: if the system dbus-daemon blocks for that
+length of time, important D-Bus clients like systemd and systemd-logind
+time out and fail to connect to it.
+
+We're parsing small configuration files here, and we trust them
+completely, so we don't need to defend against hash collisions: nobody
+is going to be crafting them to cause pathological performance.
+
+Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101858
+Signed-off-by: Simon McVittie <smcv@debian.org>
+Tested-by: Christopher Hewitt <hewitt@ieee.org>
+Reviewed-by: Philip Withnall <withnall@endlessm.com>
+
+Upstream commit 1252dc1d1f465b8ab6b36ff7252e395e66a040cf
+Signed-off-by: Marcus Hoffmann <m.hoffmann@cartelsol.com>
+---
+ bus/config-loader-expat.c | 14 ++++++++++++++
+ configure.ac              |  8 ++++++++
+ 2 files changed, 22 insertions(+)
+
+diff --git a/bus/config-loader-expat.c b/bus/config-loader-expat.c
+index b571fda3..27cbe2d0 100644
+--- a/bus/config-loader-expat.c
++++ b/bus/config-loader-expat.c
+@@ -203,6 +203,20 @@ bus_config_load (const DBusString      *file,
+       goto failed;
+     }
+ 
++  /* We do not need protection against hash collisions (CVE-2012-0876)
++   * because we are only parsing trusted XML; and if we let Expat block
++   * waiting for the CSPRNG to be initialized, as it does by default to
++   * defeat CVE-2012-0876, it can cause timeouts during early boot on
++   * entropy-starved embedded devices.
++   *
++   * TODO: When Expat gets a more explicit API for this than
++   * XML_SetHashSalt, check for that too, and use it preferentially.
++   * https://github.com/libexpat/libexpat/issues/91 */
++#if defined(HAVE_XML_SETHASHSALT)
++  /* Any nonzero number will do. https://xkcd.com/221/ */
++  XML_SetHashSalt (expat, 4);
++#endif
++
+   if (!_dbus_string_get_dirname (file, &dirname))
+     {
+       dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
+diff --git a/configure.ac b/configure.ac
+index 52da11fb..c4022ed7 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -938,6 +938,14 @@ XML_CFLAGS=
+ AC_SUBST([XML_CFLAGS])
+ AC_SUBST([XML_LIBS])
+ 
++save_cflags="$CFLAGS"
++save_libs="$LIBS"
++CFLAGS="$CFLAGS $XML_CFLAGS"
++LIBS="$LIBS $XML_LIBS"
++AC_CHECK_FUNCS([XML_SetHashSalt])
++CFLAGS="$save_cflags"
++LIBS="$save_libs"
++
+ # Thread lib detection
+ AC_ARG_VAR([THREAD_LIBS])
+ save_libs="$LIBS"
+-- 
+2.11.0
+

package/dbus/dbus.mk

@@ -7,6 +7,8 @@
 DBUS_VERSION = 1.10.16
 DBUS_SITE = http://dbus.freedesktop.org/releases/dbus
 DBUS_LICENSE = AFLv2.1 or GPLv2+ (library, tools), GPLv2+ (tools)
+# 0001-config-loader-expat-Tell-Expat-not-to-defend-against.patch
+DBUS_AUTORECONF = YES
 DBUS_LICENSE_FILES = COPYING
 DBUS_INSTALL_STAGING = YES
 

package/dialog/dialog.mk

@@ -6,7 +6,7 @@
 
 DIALOG_VERSION = 1.2-20150125
 DIALOG_SOURCE = dialog-$(DIALOG_VERSION).tgz
-DIALOG_SITE = ftp://invisible-island.net/dialog
+DIALOG_SITE = ftp://ftp.invisible-island.net/dialog
 DIALOG_CONF_OPTS = --with-ncurses --with-curses-dir=$(STAGING_DIR)/usr \
 	--disable-rpath-hack
 DIALOG_DEPENDENCIES = host-pkgconf ncurses

package/dnsmasq/dnsmasq.hash

@@ -1,2 +1,6 @@
 # Locally calculated after checking pgp signature
-sha256	4b92698dee19ca0cb2a8f2e48f1d2dffd01a21eb15d1fbed4cf085630c8c9f96	dnsmasq-2.76.tar.xz
+# http://www.thekelleys.org.uk/dnsmasq/dnsmasq-2.78.tar.xz.asc
+sha256	89949f438c74b0c7543f06689c319484bd126cc4b1f8c745c742ab397681252b	dnsmasq-2.78.tar.xz
+# Locally calculated
+sha256	dcc100d4161cc0b7177545ab6e47216f84857cda3843847c792a25289852dcaa	COPYING
+sha256	8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903	COPYING-v3

package/dnsmasq/dnsmasq.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DNSMASQ_VERSION = 2.76
+DNSMASQ_VERSION = 2.78
 DNSMASQ_SOURCE = dnsmasq-$(DNSMASQ_VERSION).tar.xz
 DNSMASQ_SITE = http://thekelleys.org.uk/dnsmasq
 DNSMASQ_MAKE_ENV = $(TARGET_MAKE_ENV) CC="$(TARGET_CC)"
@@ -58,7 +58,7 @@ DNSMASQ_MAKE_OPTS += LIBS+="-ldl"
 endif
 
 define DNSMASQ_ENABLE_LUA
-	$(SED) 's/lua5.1/lua/g' $(DNSMASQ_DIR)/Makefile
+	$(SED) 's/lua5.2/lua/g' $(DNSMASQ_DIR)/Makefile
 	$(SED) 's^.*#define HAVE_LUASCRIPT.*^#define HAVE_LUASCRIPT^' \
 		$(DNSMASQ_DIR)/src/config.h
 endef

package/dvb-apps/dvb-apps.mk

@@ -15,6 +15,8 @@ DVB_APPS_DEPENDENCIES = libiconv
 DVB_APPS_LDLIBS += -liconv
 endif
 
+DVB_APPS_MAKE_OPTS = PERL5LIB=$(@D)/util/scan
+
 ifeq ($(BR2_STATIC_LIBS),y)
 DVB_APPS_MAKE_OPTS += enable_shared=no
 else ifeq ($(BR2_SHARED_LIBS),y)
@@ -25,7 +27,7 @@ DVB_APPS_INSTALL_STAGING = YES
 
 define DVB_APPS_BUILD_CMDS
 	$(TARGET_CONFIGURE_OPTS) LDLIBS="$(DVB_APPS_LDLIBS)" \
-		$(MAKE) -C $(@D) CROSS_ROOT=$(STAGING_DIR) \
+		$(MAKE1) -C $(@D) CROSS_ROOT=$(STAGING_DIR) \
 		$(DVB_APPS_MAKE_OPTS)
 endef
 

package/e2fsprogs/0002-include-sys-sysmacros.h-as-needed.patch

@@ -0,0 +1,129 @@
+From 3fb715b55426875902dfef3056b2cf7335953178 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Fri, 19 May 2017 13:25:59 -0400
+Subject: [PATCH] include sys/sysmacros.h as needed
+
+The minor/major/makedev macros are not entirely standard.  glibc has had
+the definitions in sys/sysmacros.h since the start, and wants to move away
+from always defining them implicitly via sys/types.h (as this pollutes the
+namespace in violation of POSIX).  Other C libraries have already dropped
+them.  Since the configure script already checks for this header, use that
+to pull in the header in files that use these macros.
+
+Signed-off-by: Mike Frysinger <vapier@gentoo.org>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+
+Upstream commit 3fb715b55426875902dfef3056b2cf7335953178
+Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
+---
+ debugfs/debugfs.c      | 3 +++
+ lib/blkid/devname.c    | 3 +++
+ lib/blkid/devno.c      | 3 +++
+ lib/ext2fs/finddev.c   | 3 +++
+ lib/ext2fs/ismounted.c | 3 +++
+ misc/create_inode.c    | 4 ++++
+ misc/mk_hugefiles.c    | 3 +++
+ 7 files changed, 22 insertions(+)
+
+diff --git a/debugfs/debugfs.c b/debugfs/debugfs.c
+index 059ddc39..453f5b52 100644
+--- a/debugfs/debugfs.c
++++ b/debugfs/debugfs.c
+@@ -26,6 +26,9 @@ extern char *optarg;
+ #include <errno.h>
+ #endif
+ #include <fcntl.h>
++#ifdef HAVE_SYS_SYSMACROS_H
++#include <sys/sysmacros.h>
++#endif
+ 
+ #include "debugfs.h"
+ #include "uuid/uuid.h"
+diff --git a/lib/blkid/devname.c b/lib/blkid/devname.c
+index 3e2efa9d..671e781f 100644
+--- a/lib/blkid/devname.c
++++ b/lib/blkid/devname.c
+@@ -36,6 +36,9 @@
+ #if HAVE_SYS_MKDEV_H
+ #include <sys/mkdev.h>
+ #endif
++#ifdef HAVE_SYS_SYSMACROS_H
++#include <sys/sysmacros.h>
++#endif
+ #include <time.h>
+ 
+ #include "blkidP.h"
+diff --git a/lib/blkid/devno.c b/lib/blkid/devno.c
+index aa6eb907..480030f2 100644
+--- a/lib/blkid/devno.c
++++ b/lib/blkid/devno.c
+@@ -31,6 +31,9 @@
+ #if HAVE_SYS_MKDEV_H
+ #include <sys/mkdev.h>
+ #endif
++#ifdef HAVE_SYS_SYSMACROS_H
++#include <sys/sysmacros.h>
++#endif
+ 
+ #include "blkidP.h"
+ 
+diff --git a/lib/ext2fs/finddev.c b/lib/ext2fs/finddev.c
+index 311608de..62fa0dbe 100644
+--- a/lib/ext2fs/finddev.c
++++ b/lib/ext2fs/finddev.c
+@@ -31,6 +31,9 @@
+ #if HAVE_SYS_MKDEV_H
+ #include <sys/mkdev.h>
+ #endif
++#ifdef HAVE_SYS_SYSMACROS_H
++#include <sys/sysmacros.h>
++#endif
+ 
+ #include "ext2_fs.h"
+ #include "ext2fs.h"
+diff --git a/lib/ext2fs/ismounted.c b/lib/ext2fs/ismounted.c
+index bcac0f15..7d524715 100644
+--- a/lib/ext2fs/ismounted.c
++++ b/lib/ext2fs/ismounted.c
+@@ -49,6 +49,9 @@
+ #if HAVE_SYS_TYPES_H
+ #include <sys/types.h>
+ #endif
++#ifdef HAVE_SYS_SYSMACROS_H
++#include <sys/sysmacros.h>
++#endif
+ 
+ #include "ext2_fs.h"
+ #include "ext2fs.h"
+diff --git a/misc/create_inode.c b/misc/create_inode.c
+index ae22ff6f..8ce3fafa 100644
+--- a/misc/create_inode.c
++++ b/misc/create_inode.c
+@@ -22,6 +22,10 @@
+ #include <attr/xattr.h>
+ #endif
+ #include <sys/ioctl.h>
++#ifdef HAVE_SYS_SYSMACROS_H
++#include <sys/sysmacros.h>
++#endif
++
+ #include <ext2fs/ext2fs.h>
+ #include <ext2fs/ext2_types.h>
+ #include <ext2fs/fiemap.h>
+diff --git a/misc/mk_hugefiles.c b/misc/mk_hugefiles.c
+index 049c6f41..5882394d 100644
+--- a/misc/mk_hugefiles.c
++++ b/misc/mk_hugefiles.c
+@@ -35,6 +35,9 @@ extern int optind;
+ #include <sys/ioctl.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
++#ifdef HAVE_SYS_SYSMACROS_H
++#include <sys/sysmacros.h>
++#endif
+ #include <libgen.h>
+ #include <limits.h>
+ #include <blkid/blkid.h>
+-- 
+2.13.3
+

package/faad2/0001-getopt-fix-strncmp-declaration.patch

@@ -0,0 +1,40 @@
+From 6787914efad562e4097a153988109c5c7158abf7 Mon Sep 17 00:00:00 2001
+From: Baruch Siach <baruch@tkos.co.il>
+Date: Wed, 16 Aug 2017 13:35:57 +0300
+Subject: [PATCH] getopt: fix strncmp() declaration
+
+The strncmp() declaration does not conform with the standard as to the
+type of the 'n' parameter. Fix this to avoid the following build failure
+with musl libc:
+
+n file included from main.c:61:0:
+getopt.c:175:13: error: conflicting types for 'strncmp'
+ extern int  strncmp(const char *s1, const char *s2, unsigned int n);
+             ^~~~~~~
+In file included from main.c:49:0:
+.../host/x86_64-buildroot-linux-musl/sysroot/usr/include/string.h:38:5: note: previous declaration of 'strncmp' was here
+ int strncmp (const char *, const char *, size_t);
+     ^~~~~~~
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Upstream status: https://sourceforge.net/p/faac/bugs/217/
+
+ frontend/getopt.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/frontend/getopt.c b/frontend/getopt.c
+index 185d49b804dd..40c7a2242551 100644
+--- a/frontend/getopt.c
++++ b/frontend/getopt.c
+@@ -172,7 +172,7 @@ static enum
+ #if __STDC__ || defined(PROTO)
+ extern char *getenv(const char *name);
+ extern int  strcmp (const char *s1, const char *s2);
+-extern int  strncmp(const char *s1, const char *s2, unsigned int n);
++extern int  strncmp(const char *s1, const char *s2, size_t n);
+ 
+ static int my_strlen(const char *s);
+ static char *my_index (const char *str, int chr);
+-- 
+2.14.1
+

package/faad2/faad2.hash

@@ -1,4 +1,4 @@
-# From http://sourceforge.net/projects/faac/files/faad2-src/faad2-2.7/ (used by upstream):
-sha1	80eaaa5cc576c35dd28863767b795c50cbcc0511  faad2-2.7.tar.gz
+# From http://sourceforge.net/projects/faac/files/faad2-src/faad2-2.8.0/ (used by upstream):
+sha1	a5caa71cd915acd502d96cba56f38296277f2350  faad2-2.8.1.tar.bz2
 # Locally computed
-sha256  ee26ed1e177c0cd8fa8458a481b14a0b24ca0b51468c8b4c8b676fd3ceccd330  faad2-2.7.tar.gz
+sha256  f4042496f6b0a60f5ded6acd11093230044ef8a2fd965360c1bbd5b58780933d  faad2-2.8.1.tar.bz2

package/faad2/faad2.mk

@@ -4,10 +4,14 @@
 #
 ################################################################################
 
-FAAD2_VERSION = 2.7
-FAAD2_SITE = http://downloads.sourceforge.net/project/faac/faad2-src/faad2-$(FAAD2_VERSION)
+FAAD2_VERSION_MAJOR = 2.8
+FAAD2_VERSION = $(FAAD2_VERSION_MAJOR).1
+FAAD2_SITE = http://downloads.sourceforge.net/project/faac/faad2-src/faad2-$(FAAD2_VERSION_MAJOR).0
+FAAD2_SOURCE = faad2-$(FAAD2_VERSION).tar.bz2
 FAAD2_LICENSE = GPLv2
 FAAD2_LICENSE_FILES = COPYING
+# No configure script in upstream tarball
+FAAD2_AUTORECONF = YES
 # frontend/faad calls frexp()
 FAAD2_CONF_ENV = LIBS=-lm
 FAAD2_INSTALL_STAGING = YES

package/fakeroot/0002-communicate-check-return-status-of-msgrcv.patch

@@ -0,0 +1,46 @@
+From a853f21633693f9eefc4949660253a5328d2d2f3 Mon Sep 17 00:00:00 2001
+From: "Yann E. MORIN" <yann.morin.1998@free.fr>
+Date: Sun, 13 Aug 2017 23:21:54 +0200
+Subject: [PATCH 1/1] communicate: check return status of msgrcv()
+
+msgrcv can return with -1 to indicate an error condition.
+One such error is to have been interrupted by a signal.
+
+Being interrupted by a signal is very rare in this code, except in a
+very special condition: a highly-parallel (1000 jobs!) mksquashfs on
+a filesystem with extended attributes, where we see errors like (those
+are mksquashfs errors):
+    llistxattr for titi/603/883 failed in read_attrs, because Unknown
+    error 1716527536
+
+See: https://bugs.busybox.net/show_bug.cgi?id=10141
+
+In this case, we just have to retry the call to msgrcv().
+
+Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
+---
+ communicate.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/communicate.c b/communicate.c
+index 293f404..787bb63 100644
+--- a/communicate.c
++++ b/communicate.c
+@@ -553,10 +553,13 @@ void send_get_fakem(struct fake_msg *buf)
+       l=msgrcv(msg_get,
+                (struct my_msgbuf*)buf,
+                sizeof(*buf)-sizeof(buf->mtype),0,0);
+-    while((buf->serial!=serial)||buf->pid!=pid);
++    while(((l==-1)&&(errno==EINTR))||(buf->serial!=serial)||buf->pid!=pid);
+ 
+     semaphore_down();
+ 
++    if(l==-1)
++      buf->xattr.flags_rc=errno;
++
+     /*
+     (nah, may be wrong, due to allignment)
+ 
+-- 
+2.11.0
+

package/ffmpeg/ffmpeg.hash

@@ -1,2 +1,2 @@
 # Locally calculated
-sha256 54ce502aca10b7e6059f19220ea2f68fa0c9c4c4d255ae13e615f08f0c94dcc5  ffmpeg-3.2.3.tar.xz
+sha256 1131d37890ed3dcbc3970452b200a56ceb36b73eaa51d1c23c770c90f928537f  ffmpeg-3.2.9.tar.xz

package/ffmpeg/ffmpeg.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-FFMPEG_VERSION = 3.2.3
+FFMPEG_VERSION = 3.2.9
 FFMPEG_SOURCE = ffmpeg-$(FFMPEG_VERSION).tar.xz
 FFMPEG_SITE = http://ffmpeg.org/releases
 FFMPEG_INSTALL_STAGING = YES

package/file/file.hash

@@ -1,2 +1,2 @@
 # Locally calculated
-sha256 ea661277cd39bf8f063d3a83ee875432cc3680494169f952787e002bdd3884c0  file-5.29.tar.gz
+sha256 8639dc4d1b21e232285cd483604afc4a6ee810710e00e579dbe9591681722b50  file-5.32.tar.gz

package/file/file.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-FILE_VERSION = 5.29
+FILE_VERSION = 5.32
 FILE_SITE = ftp://ftp.astron.com/pub/file
 FILE_DEPENDENCIES = host-file zlib
 HOST_FILE_DEPENDENCIES = host-zlib

package/flashrom/flashrom.mk

@@ -12,7 +12,8 @@ FLASHROM_LICENSE = GPLv2+
 FLASHROM_LICENSE_FILES = COPYING
 
 define FLASHROM_BUILD_CMDS
-	$(TARGET_MAKE_ENV) $(MAKE) $(TARGET_CONFIGURE_OPTS) -C $(@D)
+	$(TARGET_MAKE_ENV) $(MAKE) $(TARGET_CONFIGURE_OPTS) \
+		CFLAGS="$(TARGET_CFLAGS) -DHAVE_STRNLEN" -C $(@D)
 endef
 
 define FLASHROM_INSTALL_TARGET_CMDS

package/gcc/4.8.5/875-xtensa-fix-PR-target-82181.patch

@@ -0,0 +1,31 @@
+From 65a3028024a5963d9b988d70fe7ebe116c731310 Mon Sep 17 00:00:00 2001
+From: jcmvbkbc <jcmvbkbc@138bc75d-0d04-0410-961f-82ee72b054a4>
+Date: Mon, 11 Sep 2017 21:53:38 +0000
+Subject: [PATCH] xtensa: fix PR target/82181
+
+2017-09-11  Max Filippov  <jcmvbkbc@gmail.com>
+gcc/
+	Backport from mainline
+	* config/xtensa/xtensa.c (xtensa_mem_offset): Check that both
+	words of DImode object are reachable by xtensa_uimm8x4 access.
+
+Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
+---
+ gcc/config/xtensa/xtensa.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/gcc/config/xtensa/xtensa.c b/gcc/config/xtensa/xtensa.c
+index f08854729f50..4b94179636e0 100644
+--- a/gcc/config/xtensa/xtensa.c
++++ b/gcc/config/xtensa/xtensa.c
+@@ -599,6 +599,7 @@ xtensa_mem_offset (unsigned v, enum machine_mode mode)
+     case HImode:
+       return xtensa_uimm8x2 (v);
+ 
++    case DImode:
+     case DFmode:
+       return (xtensa_uimm8x4 (v) && xtensa_uimm8x4 (v + 4));
+ 
+-- 
+2.1.4
+

package/gcc/4.9.4/875-xtensa-fix-PR-target-82181.patch

@@ -0,0 +1,31 @@
+From 672910e3d1215b781cf0e4757e473f6a25ebf756 Mon Sep 17 00:00:00 2001
+From: jcmvbkbc <jcmvbkbc@138bc75d-0d04-0410-961f-82ee72b054a4>
+Date: Mon, 11 Sep 2017 21:53:38 +0000
+Subject: [PATCH] xtensa: fix PR target/82181
+
+2017-09-11  Max Filippov  <jcmvbkbc@gmail.com>
+gcc/
+	Backport from mainline
+	* config/xtensa/xtensa.c (xtensa_mem_offset): Check that both
+	words of DImode object are reachable by xtensa_uimm8x4 access.
+
+Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
+---
+ gcc/config/xtensa/xtensa.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/gcc/config/xtensa/xtensa.c b/gcc/config/xtensa/xtensa.c
+index 67b369f015ad..3d1d981f885d 100644
+--- a/gcc/config/xtensa/xtensa.c
++++ b/gcc/config/xtensa/xtensa.c
+@@ -612,6 +612,7 @@ xtensa_mem_offset (unsigned v, enum machine_mode mode)
+     case HImode:
+       return xtensa_uimm8x2 (v);
+ 
++    case DImode:
+     case DFmode:
+       return (xtensa_uimm8x4 (v) && xtensa_uimm8x4 (v + 4));
+ 
+-- 
+2.1.4
+

package/gcc/5.4.0/877-xtensa-fix-PR-target-82181.patch

@@ -0,0 +1,31 @@
+From 329c471661493e48e0fc65fa6c17ef86517483ed Mon Sep 17 00:00:00 2001
+From: jcmvbkbc <jcmvbkbc@138bc75d-0d04-0410-961f-82ee72b054a4>
+Date: Mon, 11 Sep 2017 21:53:38 +0000
+Subject: [PATCH] xtensa: fix PR target/82181
+
+2017-09-11  Max Filippov  <jcmvbkbc@gmail.com>
+gcc/
+	Backport from mainline
+	* config/xtensa/xtensa.c (xtensa_mem_offset): Check that both
+	words of DImode object are reachable by xtensa_uimm8x4 access.
+
+Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
+---
+ gcc/config/xtensa/xtensa.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/gcc/config/xtensa/xtensa.c b/gcc/config/xtensa/xtensa.c
+index 36ab1e370853..bf02fceb416e 100644
+--- a/gcc/config/xtensa/xtensa.c
++++ b/gcc/config/xtensa/xtensa.c
+@@ -637,6 +637,7 @@ xtensa_mem_offset (unsigned v, machine_mode mode)
+     case HImode:
+       return xtensa_uimm8x2 (v);
+ 
++    case DImode:
+     case DFmode:
+       return (xtensa_uimm8x4 (v) && xtensa_uimm8x4 (v + 4));
+ 
+-- 
+2.1.4
+

package/gcc/6.3.0/872-xtensa-fix-PR-target-82181.patch

@@ -0,0 +1,31 @@
+From dc90c186f755e726a097c9bb8bf6c4e7a45d8a07 Mon Sep 17 00:00:00 2001
+From: jcmvbkbc <jcmvbkbc@138bc75d-0d04-0410-961f-82ee72b054a4>
+Date: Mon, 11 Sep 2017 21:53:38 +0000
+Subject: [PATCH] xtensa: fix PR target/82181
+
+2017-09-11  Max Filippov  <jcmvbkbc@gmail.com>
+gcc/
+	Backport from mainline
+	* config/xtensa/xtensa.c (xtensa_mem_offset): Check that both
+	words of DImode object are reachable by xtensa_uimm8x4 access.
+
+Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
+---
+ gcc/config/xtensa/xtensa.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/gcc/config/xtensa/xtensa.c b/gcc/config/xtensa/xtensa.c
+index 70f698aba0ae..750b685b23e7 100644
+--- a/gcc/config/xtensa/xtensa.c
++++ b/gcc/config/xtensa/xtensa.c
+@@ -601,6 +601,7 @@ xtensa_mem_offset (unsigned v, machine_mode mode)
+     case HImode:
+       return xtensa_uimm8x2 (v);
+ 
++    case DImode:
+     case DFmode:
+       return (xtensa_uimm8x4 (v) && xtensa_uimm8x4 (v + 4));
+ 
+-- 
+2.1.4
+

package/gd/0001-gdlib-config.patch

@@ -1,32 +0,0 @@
-Fix gdlib-config
-
-Since the @LIBICONV@ macro doesn't get replaced at compile time, we
-end up installing an invalid gdlib-config: the gdlib-config --libs
-says that one should link against @LIBICONV@ which obviously doesn't
-work.
-
-Use the OpenWRT patch from
-https://dev.openwrt.org/browser/packages/libs/gd/patches/101-gdlib-config.patch
-
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
-
---- a/config/gdlib-config.in
-+++ b/config/gdlib-config.in
-@@ -71,7 +71,7 @@ while test $# -gt 0; do
- 	echo @LDFLAGS@
- 	;;
-     --libs)
--	echo -lgd @LIBS@ @LIBICONV@
-+	echo -lgd @LIBS@
- 	;;
-     --cflags|--includes)
- 	echo -I@includedir@
-@@ -84,7 +84,7 @@ while test $# -gt 0; do
- 	echo "includedir: $includedir"
- 	echo "cflags:     -I@includedir@"
- 	echo "ldflags:    @LDFLAGS@"
--	echo "libs:       @LIBS@ @LIBICONV@"
-+	echo "libs:       @LIBS@"
- 	echo "libdir:     $libdir"
- 	echo "features:   @FEATURES@"
- 	;;

package/gd/0002-gd_bmp-fix-build-with-uClibc.patch

@@ -1,50 +0,0 @@
-From ea2a03e983acf34a1320b460dcad43b7e0b0b14f Mon Sep 17 00:00:00 2001
-Message-Id: <ea2a03e983acf34a1320b460dcad43b7e0b0b14f.1397134306.git.baruch@tkos.co.il>
-From: Baruch Siach <baruch@tkos.co.il>
-Date: Thu, 10 Apr 2014 15:49:13 +0300
-Subject: [PATCH] gd_bmp: fix build with uClibc
-
-Some architectures (like ARM) don't have the long double variants of math
-functions under uClibc. Add a local ceill definition in this case.
-
-Patch status: reported upstream, 
-https://bitbucket.org/libgd/gd-libgd/issue/123/build-failure-agains-uclibc-arm
-
-Signed-off-by: Baruch Siach <baruch@tkos.co.il>
----
- src/gd_bmp.c | 12 ++++++++++++
- 1 file changed, 12 insertions(+)
-
-diff --git a/src/gd_bmp.c b/src/gd_bmp.c
-index 0fc021909f1b..11b3ec1baa01 100644
---- a/src/gd_bmp.c
-+++ b/src/gd_bmp.c
-@@ -25,6 +25,11 @@
- #include "gdhelpers.h"
- #include "bmp.h"
- 
-+#include <features.h>
-+#if defined (__UCLIBC__) && !defined(__UCLIBC_HAS_LONG_DOUBLE_MATH__)
-+#define NO_LONG_DOUBLE
-+#endif
-+
- static int compress_row(unsigned char *uncompressed_row, int length);
- static int build_rle_packet(unsigned char *row, int packet_type, int length, unsigned char *data);
- 
-@@ -42,6 +47,13 @@ static int bmp_read_rle(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info);
- 
- #define BMP_DEBUG(s)
- 
-+#ifdef NO_LONG_DOUBLE
-+long double ceill(long double x)
-+{
-+	return (long double) ceil((double) x);
-+}
-+#endif
-+
- static int gdBMPPutWord(gdIOCtx *out, int w)
- {
- 	/* Byte order is little-endian */
--- 
-1.9.1
-

package/gd/gd.hash

@@ -1,2 +1,3 @@
 # Locally calculated
-sha256	137f13a7eb93ce72e32ccd7cebdab6874f8cf7ddf31d3a455a68e016ecd9e4e6	libgd-2.2.4.tar.xz
+sha256	8c302ccbf467faec732f0741a859eef4ecae22fea2d2ab87467be940842bde51	libgd-2.2.5.tar.xz
+sha256  d02dae2141d49b8a6b09b2b73e68a8f17d7bbeaaf02b3b841ee11fea2d9e328d	COPYING

package/gd/gd.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-GD_VERSION = 2.2.4
+GD_VERSION = 2.2.5
 GD_SOURCE = libgd-$(GD_VERSION).tar.xz
 GD_SITE = https://github.com/libgd/libgd/releases/download/gd-$(GD_VERSION)
 GD_INSTALL_STAGING = YES

package/gdb/7.12.1/0006-nat-linux-ptrace.c-add-missing-gdb_byte-cast.patch

@@ -0,0 +1,41 @@
+From 09a2c3e0164545324a1ddee70f5c9fdee71e2079 Mon Sep 17 00:00:00 2001
+From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+Date: Sun, 18 Jun 2017 23:09:43 +0200
+Subject: [PATCH] nat/linux-ptrace.c: add missing gdb_byte* cast
+
+On noMMU platforms, the following code gets compiled:
+
+  child_stack = xmalloc (STACK_SIZE * 4);
+
+Where child_stack is a gdb_byte*, and xmalloc() returns a void*. While
+the lack of cast is valid in C, it is not in C++, causing the
+following build failure:
+
+../nat/linux-ptrace.c: In function 'int linux_fork_to_function(gdb_byte*, int (*)(void*))':
+../nat/linux-ptrace.c:273:29: error: invalid conversion from 'void*' to 'gdb_byte* {aka unsigned char*}' [-fpermissive]
+       child_stack = xmalloc (STACK_SIZE * 4);
+
+Therefore, this commit adds the appropriate cast.
+
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+[Upstream commit: ffce45d2243e5f52f411e314fc4e1a69f431a81f]
+---
+ gdb/nat/linux-ptrace.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gdb/nat/linux-ptrace.c b/gdb/nat/linux-ptrace.c
+index 3447e07..33833e2 100644
+--- a/gdb/nat/linux-ptrace.c
++++ b/gdb/nat/linux-ptrace.c
+@@ -270,7 +270,7 @@ linux_fork_to_function (gdb_byte *child_stack, int (*function) (void *))
+ #define STACK_SIZE 4096
+ 
+     if (child_stack == NULL)
+-      child_stack = xmalloc (STACK_SIZE * 4);
++      child_stack = (gdb_byte*) xmalloc (STACK_SIZE * 4);
+ 
+     /* Use CLONE_VM instead of fork, to support uClinux (no MMU).  */
+ #ifdef __ia64__
+-- 
+2.9.4
+

package/gdb/gdb.mk

@@ -189,6 +189,7 @@ HOST_GDB_CONF_OPTS = \
 	--enable-threads \
 	--disable-werror \
 	--without-included-gettext \
+	--with-curses \
 	$(GDB_DISABLE_BINUTILS_CONF_OPTS)
 
 ifeq ($(BR2_PACKAGE_HOST_GDB_TUI),y)

package/gdk-pixbuf/gdk-pixbuf.hash

@@ -1,2 +1,4 @@
-# From http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/2.36/gdk-pixbuf-2.36.4.sha256sum
-sha256	0b19901c3eb0596141d2d48ddb9dac79ad1524bdf59366af58ab38fcb9ee7463	gdk-pixbuf-2.36.4.tar.xz
+# From http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/2.36/gdk-pixbuf-2.36.10.sha256sum
+sha256 f8f6fa896b89475c73b6e9e8d2a2b062fc359c4b4ccb8e96470d6ab5da949ace  gdk-pixbuf-2.36.10.tar.xz
+# Locally calculated
+sha256 d245807f90032872d1438d741ed21e2490e1175dc8aa3afa5ddb6c8e529b58e5  COPYING

package/gdk-pixbuf/gdk-pixbuf.mk

@@ -5,7 +5,7 @@
 ################################################################################
 
 GDK_PIXBUF_VERSION_MAJOR = 2.36
-GDK_PIXBUF_VERSION = $(GDK_PIXBUF_VERSION_MAJOR).4
+GDK_PIXBUF_VERSION = $(GDK_PIXBUF_VERSION_MAJOR).10
 GDK_PIXBUF_SOURCE = gdk-pixbuf-$(GDK_PIXBUF_VERSION).tar.xz
 GDK_PIXBUF_SITE = http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/$(GDK_PIXBUF_VERSION_MAJOR)
 GDK_PIXBUF_LICENSE = LGPLv2+
@@ -20,6 +20,9 @@ GDK_PIXBUF_CONF_ENV = \
 	ac_cv_path_GLIB_GENMARSHAL=$(LIBGLIB2_HOST_BINARY) \
 	gio_can_sniff=no
 
+HOST_GDK_PIXBUF_CONF_ENV = \
+	gio_can_sniff=no
+
 GDK_PIXBUF_CONF_OPTS = --disable-glibtest
 
 ifneq ($(BR2_PACKAGE_LIBPNG),y)
@@ -73,5 +76,14 @@ define GDK_PIXBUF_DISABLE_TESTS
 endef
 GDK_PIXBUF_POST_PATCH_HOOKS += GDK_PIXBUF_DISABLE_TESTS
 
+# Target gdk-pixbuf needs loaders.cache populated to build for the
+# thumbnailer. Use the host-built since it matches the target options
+# regarding mime types (which is the used information).
+define GDK_PIXBUF_COPY_LOADERS_CACHE
+	cp -f $(HOST_DIR)/usr/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache \
+		$(@D)/gdk-pixbuf
+endef
+GDK_PIXBUF_PRE_BUILD_HOOKS += GDK_PIXBUF_COPY_LOADERS_CACHE
+
 $(eval $(autotools-package))
 $(eval $(host-autotools-package))

package/git/git.hash

@@ -1,2 +1,2 @@
 # From: https://www.kernel.org/pub/software/scm/git/sha256sums.asc
-sha256 016124c54ce2db7a4c2bd26b0de21fbf8f6bcaee04842aa221c7243141df4e42  git-2.12.3.tar.xz
+sha256 a8c3b3c7dd9202d0e80f824ceb74b4340b60aa8f1ec4ffdde3e982fa5ae16eab  git-2.12.5.tar.xz

package/git/git.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-GIT_VERSION = 2.12.3
+GIT_VERSION = 2.12.5
 GIT_SOURCE = git-$(GIT_VERSION).tar.xz
 GIT_SITE = https://www.kernel.org/pub/software/scm/git
 GIT_LICENSE = GPLv2, LGPLv2.1+

package/gnupg/gnupg.hash

@@ -1,4 +1,3 @@
-# From https://lists.gnu.org/archive/html/info-gnu/2016-08/msg00008.html
-sha1	e3bdb585026f752ae91360f45c28e76e4a15d338	gnupg-1.4.21.tar.bz2
-# Locally computed
-sha256	6b47a3100c857dcab3c60e6152e56a997f2c7862c1b8b2b25adf3884a1ae2276	gnupg-1.4.21.tar.bz2
+# Locally computed based on signature
+# https://gnupg.org/ftp/gcrypt/gnupg/gnupg-1.4.22.tar.bz2.sig
+sha256	9594a24bec63a21568424242e3f198b9d9828dea5ff0c335e47b06f835f930b4	gnupg-1.4.22.tar.bz2

package/gnupg/gnupg.mk

@@ -4,9 +4,9 @@
 #
 ################################################################################
 
-GNUPG_VERSION = 1.4.21
+GNUPG_VERSION = 1.4.22
 GNUPG_SOURCE = gnupg-$(GNUPG_VERSION).tar.bz2
-GNUPG_SITE = ftp://ftp.gnupg.org/gcrypt/gnupg
+GNUPG_SITE = https://gnupg.org/ftp/gcrypt/gnupg
 GNUPG_LICENSE = GPLv3+
 GNUPG_LICENSE_FILES = COPYING
 GNUPG_DEPENDENCIES = zlib ncurses $(if $(BR2_PACKAGE_LIBICONV),libiconv)

package/go/go.mk

@@ -52,7 +52,7 @@ HOST_GO_TARGET_ENV = \
 # set, build in cgo support for any go programs that may need it.  Note that
 # any target package needing cgo support must include
 # 'depends on BR2_TOOLCHAIN_HAS_THREADS' in its config file.
-ifeq (BR2_TOOLCHAIN_HAS_THREADS,y)
+ifeq ($(BR2_TOOLCHAIN_HAS_THREADS),y)
 HOST_GO_CGO_ENABLED = 1
 else
 HOST_GO_CGO_ENABLED = 0
@@ -74,8 +74,8 @@ HOST_GO_MAKE_ENV = \
 	GOARCH=$(GO_GOARCH) \
 	$(if $(GO_GOARM),GOARM=$(GO_GOARM)) \
 	GOOS=linux \
-	CGO_ENABLED=$(HOST_GO_CGO_ENABLED) \
-	CC=$(HOSTCC_NOCCACHE)
+	CC=$(HOSTCC_NOCCACHE) \
+	CXX=$(HOSTCXX_NOCCACHE)
 
 HOST_GO_TARGET_CC = \
 	CC_FOR_TARGET="$(TARGET_CC)" \
@@ -83,16 +83,18 @@ HOST_GO_TARGET_CC = \
 
 HOST_GO_HOST_CC = \
 	CC_FOR_TARGET=$(HOSTCC_NOCCACHE) \
-	CXX_FOR_TARGET=$(HOSTCC_NOCCACHE)
+	CXX_FOR_TARGET=$(HOSTCXX_NOCCACHE)
 
 HOST_GO_TMP = $(@D)/host-go-tmp
 
 define HOST_GO_BUILD_CMDS
-	cd $(@D)/src && $(HOST_GO_MAKE_ENV) $(HOST_GO_HOST_CC) ./make.bash
+	cd $(@D)/src && \
+		$(HOST_GO_MAKE_ENV) $(HOST_GO_HOST_CC) CGO_ENABLED=0 ./make.bash
 	mkdir -p $(HOST_GO_TMP)
 	mv $(@D)/pkg/tool $(HOST_GO_TMP)/
 	mv $(@D)/bin/ $(HOST_GO_TMP)/
-	cd $(@D)/src && $(HOST_GO_MAKE_ENV) $(HOST_GO_TARGET_CC) ./make.bash
+	cd $(@D)/src && \
+		$(HOST_GO_MAKE_ENV) $(HOST_GO_TARGET_CC) CGO_ENABLED=$(HOST_GO_CGO_ENABLED) ./make.bash
 endef
 
 define HOST_GO_INSTALL_CMDS

package/google-breakpad/0002-Replace-remaining-references-to-struct-ucontext-with.patch

@@ -0,0 +1,257 @@
+From 7975a962e1d6dbad5a46792a54e647abd7caf5f1 Mon Sep 17 00:00:00 2001
+From: Mark Mentovai <mark@chromium.org>
+Date: Tue, 19 Sep 2017 22:48:30 -0400
+Subject: [PATCH] Replace remaining references to 'struct ucontext' with
+ 'ucontext_t'
+
+This relands
+https://chromium.googlesource.com/breakpad/breakpad/src/+/e3035bc406cee8a4d765e59ad46eb828705f17f4,
+which was accidentally committed to breakpad/breakpad/src, the read-only
+mirror of src in breakpad/breakpad. (Well, it should have been
+read-only.) See https://crbug.com/766164.
+
+This fixes issues with glibc-2.26.
+
+See https://bugs.gentoo.org/show_bug.cgi?id=628782 ,
+https://sourceware.org/git/?p=glibc.git;h=251287734e89a52da3db682a8241eb6bccc050c9 , and
+https://sourceware.org/ml/libc-alpha/2017-08/msg00010.html for context.
+Change-Id: Id66f474d636dd2afa450bab925c5514a800fdd6f
+Reviewed-on: https://chromium-review.googlesource.com/674304
+Reviewed-by: Mark Mentovai <mark@chromium.org>
+
+(cherry picked from commit bddcc58860f522a0d4cbaa7e9d04058caee0db9d)
+[Romain: backport from upstream]
+Signed-off-by: Romain Naour <romain.naour@gmail.com>
+---
+ .../linux/dump_writer_common/ucontext_reader.cc    | 32 +++++++++++-----------
+ .../linux/dump_writer_common/ucontext_reader.h     | 14 +++++-----
+ src/client/linux/handler/exception_handler.cc      | 10 +++----
+ src/client/linux/handler/exception_handler.h       |  6 ++--
+ .../linux/microdump_writer/microdump_writer.cc     |  2 +-
+ .../linux/minidump_writer/minidump_writer.cc       |  2 +-
+ 6 files changed, 33 insertions(+), 33 deletions(-)
+
+diff --git a/src/client/linux/dump_writer_common/ucontext_reader.cc b/src/client/linux/dump_writer_common/ucontext_reader.cc
+index c80724d..052ce37 100644
+--- a/src/client/linux/dump_writer_common/ucontext_reader.cc
++++ b/src/client/linux/dump_writer_common/ucontext_reader.cc
+@@ -36,19 +36,19 @@ namespace google_breakpad {
+ 
+ // Minidump defines register structures which are different from the raw
+ // structures which we get from the kernel. These are platform specific
+-// functions to juggle the ucontext and user structures into minidump format.
++// functions to juggle the ucontext_t and user structures into minidump format.
+ 
+ #if defined(__i386__)
+ 
+-uintptr_t UContextReader::GetStackPointer(const struct ucontext* uc) {
++uintptr_t UContextReader::GetStackPointer(const ucontext_t* uc) {
+   return uc->uc_mcontext.gregs[REG_ESP];
+ }
+ 
+-uintptr_t UContextReader::GetInstructionPointer(const struct ucontext* uc) {
++uintptr_t UContextReader::GetInstructionPointer(const ucontext_t* uc) {
+   return uc->uc_mcontext.gregs[REG_EIP];
+ }
+ 
+-void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext *uc,
++void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext_t *uc,
+                                     const struct _libc_fpstate* fp) {
+   const greg_t* regs = uc->uc_mcontext.gregs;
+ 
+@@ -88,15 +88,15 @@ void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext *uc,
+ 
+ #elif defined(__x86_64)
+ 
+-uintptr_t UContextReader::GetStackPointer(const struct ucontext* uc) {
++uintptr_t UContextReader::GetStackPointer(const ucontext_t* uc) {
+   return uc->uc_mcontext.gregs[REG_RSP];
+ }
+ 
+-uintptr_t UContextReader::GetInstructionPointer(const struct ucontext* uc) {
++uintptr_t UContextReader::GetInstructionPointer(const ucontext_t* uc) {
+   return uc->uc_mcontext.gregs[REG_RIP];
+ }
+ 
+-void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext *uc,
++void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext_t *uc,
+                                     const struct _libc_fpstate* fpregs) {
+   const greg_t* regs = uc->uc_mcontext.gregs;
+ 
+@@ -145,15 +145,15 @@ void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext *uc,
+ 
+ #elif defined(__ARM_EABI__)
+ 
+-uintptr_t UContextReader::GetStackPointer(const struct ucontext* uc) {
++uintptr_t UContextReader::GetStackPointer(const ucontext_t* uc) {
+   return uc->uc_mcontext.arm_sp;
+ }
+ 
+-uintptr_t UContextReader::GetInstructionPointer(const struct ucontext* uc) {
++uintptr_t UContextReader::GetInstructionPointer(const ucontext_t* uc) {
+   return uc->uc_mcontext.arm_pc;
+ }
+ 
+-void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext *uc) {
++void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext_t *uc) {
+   out->context_flags = MD_CONTEXT_ARM_FULL;
+ 
+   out->iregs[0] = uc->uc_mcontext.arm_r0;
+@@ -184,15 +184,15 @@ void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext *uc) {
+ 
+ #elif defined(__aarch64__)
+ 
+-uintptr_t UContextReader::GetStackPointer(const struct ucontext* uc) {
++uintptr_t UContextReader::GetStackPointer(const ucontext_t* uc) {
+   return uc->uc_mcontext.sp;
+ }
+ 
+-uintptr_t UContextReader::GetInstructionPointer(const struct ucontext* uc) {
++uintptr_t UContextReader::GetInstructionPointer(const ucontext_t* uc) {
+   return uc->uc_mcontext.pc;
+ }
+ 
+-void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext *uc,
++void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext_t *uc,
+                                     const struct fpsimd_context* fpregs) {
+   out->context_flags = MD_CONTEXT_ARM64_FULL;
+ 
+@@ -210,15 +210,15 @@ void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext *uc,
+ 
+ #elif defined(__mips__)
+ 
+-uintptr_t UContextReader::GetStackPointer(const struct ucontext* uc) {
++uintptr_t UContextReader::GetStackPointer(const ucontext_t* uc) {
+   return uc->uc_mcontext.gregs[MD_CONTEXT_MIPS_REG_SP];
+ }
+ 
+-uintptr_t UContextReader::GetInstructionPointer(const struct ucontext* uc) {
++uintptr_t UContextReader::GetInstructionPointer(const ucontext_t* uc) {
+   return uc->uc_mcontext.pc;
+ }
+ 
+-void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext *uc) {
++void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext_t *uc) {
+ #if _MIPS_SIM == _ABI64
+   out->context_flags = MD_CONTEXT_MIPS64_FULL;
+ #elif _MIPS_SIM == _ABIO32
+diff --git a/src/client/linux/dump_writer_common/ucontext_reader.h b/src/client/linux/dump_writer_common/ucontext_reader.h
+index b6e77b4..2de80b7 100644
+--- a/src/client/linux/dump_writer_common/ucontext_reader.h
++++ b/src/client/linux/dump_writer_common/ucontext_reader.h
+@@ -39,23 +39,23 @@
+ 
+ namespace google_breakpad {
+ 
+-// Wraps platform-dependent implementations of accessors to ucontext structs.
++// Wraps platform-dependent implementations of accessors to ucontext_t structs.
+ struct UContextReader {
+-  static uintptr_t GetStackPointer(const struct ucontext* uc);
++  static uintptr_t GetStackPointer(const ucontext_t* uc);
+ 
+-  static uintptr_t GetInstructionPointer(const struct ucontext* uc);
++  static uintptr_t GetInstructionPointer(const ucontext_t* uc);
+ 
+-  // Juggle a arch-specific ucontext into a minidump format
++  // Juggle a arch-specific ucontext_t into a minidump format
+   //   out: the minidump structure
+   //   info: the collection of register structures.
+ #if defined(__i386__) || defined(__x86_64)
+-  static void FillCPUContext(RawContextCPU *out, const ucontext *uc,
++  static void FillCPUContext(RawContextCPU *out, const ucontext_t *uc,
+                              const struct _libc_fpstate* fp);
+ #elif defined(__aarch64__)
+-  static void FillCPUContext(RawContextCPU *out, const ucontext *uc,
++  static void FillCPUContext(RawContextCPU *out, const ucontext_t *uc,
+                              const struct fpsimd_context* fpregs);
+ #else
+-  static void FillCPUContext(RawContextCPU *out, const ucontext *uc);
++  static void FillCPUContext(RawContextCPU *out, const ucontext_t *uc);
+ #endif
+ };
+ 
+diff --git a/src/client/linux/handler/exception_handler.cc b/src/client/linux/handler/exception_handler.cc
+index b63f973..3d809b8 100644
+--- a/src/client/linux/handler/exception_handler.cc
++++ b/src/client/linux/handler/exception_handler.cc
+@@ -439,9 +439,9 @@ bool ExceptionHandler::HandleSignal(int sig, siginfo_t* info, void* uc) {
+   // Fill in all the holes in the struct to make Valgrind happy.
+   memset(&g_crash_context_, 0, sizeof(g_crash_context_));
+   memcpy(&g_crash_context_.siginfo, info, sizeof(siginfo_t));
+-  memcpy(&g_crash_context_.context, uc, sizeof(struct ucontext));
++  memcpy(&g_crash_context_.context, uc, sizeof(ucontext_t));
+ #if defined(__aarch64__)
+-  struct ucontext* uc_ptr = (struct ucontext*)uc;
++  ucontext_t* uc_ptr = (ucontext_t*)uc;
+   struct fpsimd_context* fp_ptr =
+       (struct fpsimd_context*)&uc_ptr->uc_mcontext.__reserved;
+   if (fp_ptr->head.magic == FPSIMD_MAGIC) {
+@@ -450,9 +450,9 @@ bool ExceptionHandler::HandleSignal(int sig, siginfo_t* info, void* uc) {
+   }
+ #elif !defined(__ARM_EABI__) && !defined(__mips__)
+   // FP state is not part of user ABI on ARM Linux.
+-  // In case of MIPS Linux FP state is already part of struct ucontext
++  // In case of MIPS Linux FP state is already part of ucontext_t
+   // and 'float_state' is not a member of CrashContext.
+-  struct ucontext* uc_ptr = (struct ucontext*)uc;
++  ucontext_t* uc_ptr = (ucontext_t*)uc;
+   if (uc_ptr->uc_mcontext.fpregs) {
+     memcpy(&g_crash_context_.float_state, uc_ptr->uc_mcontext.fpregs,
+            sizeof(g_crash_context_.float_state));
+@@ -476,7 +476,7 @@ bool ExceptionHandler::SimulateSignalDelivery(int sig) {
+   // ExceptionHandler::HandleSignal().
+   siginfo.si_code = SI_USER;
+   siginfo.si_pid = getpid();
+-  struct ucontext context;
++  ucontext_t context;
+   getcontext(&context);
+   return HandleSignal(sig, &siginfo, &context);
+ }
+diff --git a/src/client/linux/handler/exception_handler.h b/src/client/linux/handler/exception_handler.h
+index 591c310..42f4055 100644
+--- a/src/client/linux/handler/exception_handler.h
++++ b/src/client/linux/handler/exception_handler.h
+@@ -191,11 +191,11 @@ class ExceptionHandler {
+   struct CrashContext {
+     siginfo_t siginfo;
+     pid_t tid;  // the crashing thread.
+-    struct ucontext context;
++    ucontext_t context;
+ #if !defined(__ARM_EABI__) && !defined(__mips__)
+     // #ifdef this out because FP state is not part of user ABI for Linux ARM.
+-    // In case of MIPS Linux FP state is already part of struct
+-    // ucontext so 'float_state' is not required.
++    // In case of MIPS Linux FP state is already part of ucontext_t so
++    // 'float_state' is not required.
+     fpstate_t float_state;
+ #endif
+   };
+diff --git a/src/client/linux/microdump_writer/microdump_writer.cc b/src/client/linux/microdump_writer/microdump_writer.cc
+index 6f5b435..a508667 100644
+--- a/src/client/linux/microdump_writer/microdump_writer.cc
++++ b/src/client/linux/microdump_writer/microdump_writer.cc
+@@ -571,7 +571,7 @@ class MicrodumpWriter {
+ 
+   void* Alloc(unsigned bytes) { return dumper_->allocator()->Alloc(bytes); }
+ 
+-  const struct ucontext* const ucontext_;
++  const ucontext_t* const ucontext_;
+ #if !defined(__ARM_EABI__) && !defined(__mips__)
+   const google_breakpad::fpstate_t* const float_state_;
+ #endif
+diff --git a/src/client/linux/minidump_writer/minidump_writer.cc b/src/client/linux/minidump_writer/minidump_writer.cc
+index 86009b9..f2aec73 100644
+--- a/src/client/linux/minidump_writer/minidump_writer.cc
++++ b/src/client/linux/minidump_writer/minidump_writer.cc
+@@ -1248,7 +1248,7 @@ class MinidumpWriter {
+   const int fd_;  // File descriptor where the minidum should be written.
+   const char* path_;  // Path to the file where the minidum should be written.
+ 
+-  const struct ucontext* const ucontext_;  // also from the signal handler
++  const ucontext_t* const ucontext_;  // also from the signal handler
+ #if !defined(__ARM_EABI__) && !defined(__mips__)
+   const google_breakpad::fpstate_t* const float_state_;  // ditto
+ #endif
+-- 
+2.9.5
+

package/gpsd/0002-SConstruct-do-not-force-O2-by-default.patch

@@ -0,0 +1,29 @@
+From eb7cce5dbb53a64cf55ac0d9a7fa4dcbebd4b173 Mon Sep 17 00:00:00 2001
+From: Waldemar Brodkorb <wbx@openadk.org>
+Date: Mon, 14 Aug 2017 23:24:38 +0200
+Subject: [PATCH] SConstruct: do not force -O2 by default
+
+-O2 can cause problems on some architectures, so do not force it by
+ default.
+
+Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
+---
+ SConstruct | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/SConstruct b/SConstruct
+index fe444a2..93d91a4 100644
+--- a/SConstruct
++++ b/SConstruct
+@@ -330,8 +330,6 @@ if not 'CCFLAGS' in os.environ:
+     # Should we build with optimisation?
+     if env['debug'] or env['coveraging']:
+         env.Append(CCFLAGS=['-O0'])
+-    else:
+-        env.Append(CCFLAGS=['-O2'])
+ 
+ # Get a slight speedup by not doing automatic RCS and SCCS fetches.
+ env.SourceCode('.', None)
+-- 
+2.9.4
+

package/gpsd/gpsd.mk

@@ -44,7 +44,7 @@ endif
 # A bug was reported to the gcc bug tracker:
 # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68485
 ifeq ($(BR2_microblaze),y)
-GPSD_CFLAGS += -fno-expensive-optimizations -fno-schedule-insns
+GPSD_CFLAGS += -O0
 endif
 
 # Enable or disable Qt binding

package/gstreamer/gstreamer/Config.in

@@ -1,12 +1,14 @@
-comment "gstreamer 0.10 needs a toolchain w/ wchar, threads"
+comment "gstreamer 0.10 needs a toolchain w/ wchar, threads, dynamic library"
 	depends on BR2_USE_MMU
-	depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS
+	depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS || \
+		BR2_STATIC_LIBS
 
 config BR2_PACKAGE_GSTREAMER
 	bool "gstreamer 0.10"
 	depends on BR2_USE_WCHAR # glib2
 	depends on BR2_TOOLCHAIN_HAS_THREADS # glib2
 	depends on BR2_USE_MMU # glib2
+	depends on !BR2_STATIC_LIBS
 	select BR2_PACKAGE_LIBGLIB2
 	help
 	  GStreamer is an open source multimedia framework.

package/gstreamer1/gst1-plugins-bad/0001-openjpeg-Fix-build-against-openjpeg-2.2.patch

@@ -0,0 +1,60 @@
+From daaf649bda7231fd0d760802232a36ba62a4ea2d Mon Sep 17 00:00:00 2001
+From: Clemens Lang <cal@macports.org>
+Date: Sun, 13 Aug 2017 21:17:18 +0200
+Subject: [PATCH] openjpeg: Fix build against openjpeg 2.2
+
+OpenJPEG 2.2 has some API changes and thus ships its headers in a new
+include path. Add a configure check (to both meson and autoconf) to
+detect the newer version of OpenJPEG and add conditional includes.
+
+Fix the autoconf test for OpenJPEG 2.1, which checked for HAVE_OPENJPEG,
+which was always set even for 2.0.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=786250
+
+[Peter: drop meson changes for 2017.02.x]
+Upstream: https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/patch/?id=15f24fef53a955c7c76fc966302cb0453732e657
+Signed-off-by: Peter Seiderer <ps.report@gmx.net>
+---
+ configure.ac               |  7 ++++++-
+ ext/openjpeg/gstopenjpeg.h |  4 +++-
+ 2 files changed, 22 insertions(+), 10 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 30e26b8..c4f08c7 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -2813,8 +2813,13 @@ AG_GST_CHECK_FEATURE(OPENJPEG, [openjpeg library], openjpeg, [
+   if test x"$HAVE_OPENJPEG" = x"yes"; then
+     dnl minor API changes in v2.1
+     AG_GST_PKG_CHECK_MODULES(OPENJPEG_2_1, libopenjp2 >= 2.1)
+-    if test x"$HAVE_OPENJPEG" = x"yes"; then
++    if test x"$HAVE_OPENJPEG_2_1" = x"yes"; then
+       AC_DEFINE([HAVE_OPENJPEG_2_1], 1, [Define if OpenJPEG 2.1 is used])
++        dnl include paths changed for v2.2
++        AG_GST_PKG_CHECK_MODULES(OPENJPEG_2_2, libopenjp2 >= 2.2)
++        if test x"$HAVE_OPENJPEG_2_2" = x"yes"; then
++          AC_DEFINE([HAVE_OPENJPEG_2_2], 1, [Define if OpenJPEG 2.2 is used])
++        fi
+     fi
+   else
+     # Fallback to v1.5
+diff --git a/ext/openjpeg/gstopenjpeg.h b/ext/openjpeg/gstopenjpeg.h
+index 03ce52e..52410a4 100644
+--- a/ext/openjpeg/gstopenjpeg.h
++++ b/ext/openjpeg/gstopenjpeg.h
+@@ -38,7 +38,9 @@
+ #define OPJ_CPRL CPRL
+ #else
+ #include <stdio.h>
+-# ifdef HAVE_OPENJPEG_2_1
++# if defined(HAVE_OPENJPEG_2_2)
++#  include <openjpeg-2.2/openjpeg.h>
++# elif defined(HAVE_OPENJPEG_2_1)
+ #  include <openjpeg-2.1/openjpeg.h>
+ # else
+ #  include <openjpeg-2.0/openjpeg.h>
+ 
+-- 
+2.12.3
+

package/gstreamer1/gst1-plugins-bad/gst1-plugins-bad.mk

@@ -13,6 +13,10 @@ GST1_PLUGINS_BAD_LICENSE_FILES = COPYING COPYING.LIB
 # enabled.
 GST1_PLUGINS_BAD_LICENSE = LGPLv2+, LGPLv2.1+
 
+# patch 0001-openjpeg-Fix-build-against-openjpeg-2.2.patch touches configure.ac
+GST1_PLUGINS_BAD_AUTORECONF = YES
+GST1_PLUGINS_BAD_GETTEXTIZE = YES
+
 GST1_PLUGINS_BAD_CONF_OPTS = \
 	--disable-examples \
 	--disable-valgrind \

package/hostapd/Config.in

@@ -10,7 +10,7 @@ config BR2_PACKAGE_HOSTAPD
 	  IEEE 802.1X/WPA/WPA2/EAP authenticators, RADIUS client,
 	  EAP server and RADIUS authentication server.
 
-	  http://hostap.epitest.fi/
+	  http://w1.fi/hostapd/
 
 if BR2_PACKAGE_HOSTAPD
 

package/hostapd/hostapd.hash

@@ -1,2 +1,4 @@
 # Locally calculated
 sha256  01526b90c1d23bec4b0f052039cc4456c2fd19347b4d830d1d58a0a6aea7117d  hostapd-2.6.tar.gz
+sha256  529113cc81256c6178f3c1cf25dd8d3f33e6d770e4a180bd31c6ab7e4917f40b  rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
+sha256  147c8abe07606905d16404fb2d2c8849796ca7c85ed8673c09bb50038bcdeb9e  rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch

package/hostapd/hostapd.mk

@@ -5,7 +5,10 @@
 ################################################################################
 
 HOSTAPD_VERSION = 2.6
-HOSTAPD_SITE = http://hostap.epitest.fi/releases
+HOSTAPD_SITE = http://w1.fi/releases
+HOSTAPD_PATCH = \
+	http://w1.fi/security/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch \
+	http://w1.fi/security/2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
 HOSTAPD_SUBDIR = hostapd
 HOSTAPD_CONFIG = $(HOSTAPD_DIR)/$(HOSTAPD_SUBDIR)/.config
 HOSTAPD_DEPENDENCIES = host-pkgconf libnl

package/imagemagick/imagemagick.hash

@@ -1,2 +1,2 @@
-# From http://www.imagemagick.org/download/releases/digest.rdf
-sha256 0058fcde533986334458a5c99600b1b9633182dd9562cbad4ba618c5ccf2a28f  ImageMagick-7.0.5-10.tar.xz
+# Locally computed
+sha256 924d1161ed2399bcb72f98419072b3130a466e07d9a6fce43d27458ffa907ffa  7.0.7-10.tar.gz

package/imagemagick/imagemagick.mk

@@ -4,9 +4,9 @@
 #
 ################################################################################
 
-IMAGEMAGICK_VERSION = 7.0.5-10
-IMAGEMAGICK_SOURCE = ImageMagick-$(IMAGEMAGICK_VERSION).tar.xz
-IMAGEMAGICK_SITE = http://www.imagemagick.org/download/releases
+IMAGEMAGICK_VERSION = 7.0.7-10
+IMAGEMAGICK_SOURCE = $(IMAGEMAGICK_VERSION).tar.gz
+IMAGEMAGICK_SITE = https://github.com/ImageMagick/ImageMagick/archive
 IMAGEMAGICK_LICENSE = Apache-2.0
 IMAGEMAGICK_LICENSE_FILES = LICENSE
 

package/iostat/iostat.mk

@@ -5,7 +5,7 @@
 ################################################################################
 
 IOSTAT_VERSION = 2.2
-IOSTAT_SITE = http://www.linuxinsight.com/files
+IOSTAT_SITE = http://linuxinsight.com/sites/default/files
 IOSTAT_LICENSE = GPL
 IOSTAT_LICENSE_FILES = LICENSE
 

package/irssi/irssi.hash

@@ -1,2 +1,4 @@
 # Locally calculated after checking pgp signature
-sha256	b85c07dbafe178213eccdc69f5f8f0ac024dea01c67244668f91ec1c06b986ca	irssi-1.0.4.tar.xz
+sha256	c2556427e12eb06cabfed40839ac6f57eb8b1aa6365fab6dfcd331b7a04bb914  irssi-1.0.5.tar.xz
+# Locally calculated
+sha256	a1a27cb2ecee8d5378fbb3562f577104a445d6d66fee89286e16758305e63e2b  COPYING

package/irssi/irssi.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-IRSSI_VERSION = 1.0.4
+IRSSI_VERSION = 1.0.5
 IRSSI_SOURCE = irssi-$(IRSSI_VERSION).tar.xz
 # Do not use the github helper here. The generated tarball is *NOT* the
 # same as the one uploaded by upstream for the release.

package/iucode-tool/iucode-tool.hash

@@ -1,2 +1,3 @@
 # Locally computed
-sha256	33271652032f20f866a212bc98ea01a8db65c4ac839fa820aa23da974fd6ff62	iucode-tool_1.5.tar.xz
+sha256 9810daf925b8a9ca244adc4e1916bcab65601c9ebe87e91c2281f78055982971  iucode-tool_2.2.tar.xz
+sha256 ab15fd526bd8dd18a9e77ebc139656bf4d33e97fc7238cd11bf60e2b9b8666c6  COPYING

package/iucode-tool/iucode-tool.mk

@@ -4,11 +4,10 @@
 #
 ################################################################################
 
-IUCODE_TOOL_VERSION = 1.5
+IUCODE_TOOL_VERSION = 2.2
 IUCODE_TOOL_SOURCE = iucode-tool_$(IUCODE_TOOL_VERSION).tar.xz
-IUCODE_TOOL_SITE = https://gitlab.com/iucode-tool/releases/raw/latest
+IUCODE_TOOL_SITE = https://gitlab.com/iucode-tool/releases/raw/master
 ifeq ($(BR2_PACKAGE_ARGP_STANDALONE),y)
-IUCODE_TOOL_CONF_ENV = LIBS="-largp"
 IUCODE_TOOL_DEPENDENCIES = argp-standalone
 endif
 IUCODE_TOOL_LICENSE = GPLv2+

package/jack2/0001-Fix-initialization-in-test-iodelay.patch

@@ -0,0 +1,65 @@
+From ff1ed2c4524095055140370c1008a2d9cccc5645 Mon Sep 17 00:00:00 2001
+From: Adrian Knoth <adi@drcomp.erfurt.thur.de>
+Date: Sat, 11 Jun 2016 05:35:07 +0200
+Subject: [PATCH] Fix initialization in test/iodelay.cpp
+
+jack_latency_range_t is
+
+struct _jack_latency_range {
+    jack_nframes_t min;
+    jack_nframes_t max;
+};
+
+and jack_nframes_t is
+
+typedef uint32_t        jack_nframes_t;
+
+so it's unsigned. Initialising it with -1 is invalid (at least in C++14). We cannot use {0, 0}, because latency_cb has
+
+   jack_latency_range_t range;
+   range.min = range.max = 0;
+   if ((range.min != capture_latency.min) || (range.max !=
+       capture_latency.max)) {
+       capture_latency = range;
+   }
+
+so we must not have {0, 0}, otherwise the condition would never be true.
+
+Using UINT32_MAX should be equivalent to the previous -1.
+
+[Upstream commit https://github.com/jackaudio/jack2/commit/ff1ed2c4524095055140370c1008a2d9cccc5645]
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+---
+ tests/iodelay.cpp | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/tests/iodelay.cpp b/tests/iodelay.cpp
+index e1ba63fa..1ef470fd 100644
+--- a/tests/iodelay.cpp
++++ b/tests/iodelay.cpp
+@@ -20,6 +20,7 @@
+ 
+ #include <stdlib.h>
+ #include <stdio.h>
++#include <stdint.h>
+ #include <math.h>
+ #include <unistd.h>
+ #include <jack/jack.h>
+@@ -167,8 +168,8 @@ static jack_client_t  *jack_handle;
+ static jack_port_t    *jack_capt;
+ static jack_port_t    *jack_play;
+ 
+-jack_latency_range_t   capture_latency = {-1, -1};
+-jack_latency_range_t   playback_latency = {-1, -1};
++jack_latency_range_t   capture_latency = {UINT32_MAX, UINT32_MAX};
++jack_latency_range_t   playback_latency = {UINT32_MAX, UINT32_MAX};
+ 
+ void
+ latency_cb (jack_latency_callback_mode_t mode, void *arg)
+@@ -266,4 +267,4 @@ int main (int ac, char *av [])
+     return 0;
+ }
+ 
+-// --------------------------------------------------------------------------------
+\ No newline at end of file
++// --------------------------------------------------------------------------------

package/jack2/0005-gcc7.patch

@@ -0,0 +1,31 @@
+From f7bccdca651592cc4082b28fd4a01ed6ef8ab655 Mon Sep 17 00:00:00 2001
+From: Kjetil Matheussen <k.s.matheussen@notam02.no>
+Date: Sat, 15 Jul 2017 13:21:59 +0200
+Subject: [PATCH] Tests: Fix compilation with gcc7
+
+Fixes
+../tests/test.cpp: In function ‘int process4(jack_nframes_t, void*)’:
+../tests/test.cpp:483:73: error: call of overloaded ‘abs(jack_nframes_t)’ is ambiguous
+  if (delta_time > 0  && (jack_nframes_t)abs(delta_time - cur_buffer_size) > tolerance) {
+
+Downloaded from upstream commit
+https://github.com/jackaudio/jack2/commit/f7bccdca651592cc4082b28fd4a01ed6ef8ab655
+
+Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
+---
+ tests/test.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tests/test.cpp b/tests/test.cpp
+index 8a8a8117..d2ef9a05 100644
+--- a/tests/test.cpp
++++ b/tests/test.cpp
+@@ -479,7 +479,7 @@ int process4(jack_nframes_t nframes, void *arg)
+ 	jack_nframes_t delta_time = cur_time - last_time;
+ 
+ 	Log("calling process4 callback : jack_frame_time = %ld delta_time = %ld\n", cur_time, delta_time);
+-	if (delta_time > 0  && (jack_nframes_t)abs(delta_time - cur_buffer_size) > tolerance) {
++	if (delta_time > 0  && abs((int64_t)delta_time - (int64_t)cur_buffer_size) > (int64_t)tolerance) {
+ 		printf("!!! ERROR !!! jack_frame_time seems to return incorrect values cur_buffer_size = %d, delta_time = %d tolerance %d\n", cur_buffer_size, delta_time, tolerance);
+ 	}
+ 

package/jack2/0006-fix-ftbfs-with-clang.patch

@@ -0,0 +1,28 @@
+From d3c8e2d8d78899fba40a3e677ed4dbe388d82269 Mon Sep 17 00:00:00 2001
+From: Adrian Knoth <adi@drcomp.erfurt.thur.de>
+Date: Thu, 18 Sep 2014 18:29:23 +0200
+Subject: [PATCH] Fix FTBFS with clang++
+
+Forwarded from http://bugs.debian.org/757820
+
+Downloaded from upstream commit
+https://github.com/jackaudio/jack2/commit/d3c8e2d8d78899fba40a3e677ed4dbe388d82269
+
+Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
+---
+ common/memops.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/common/memops.c b/common/memops.c
+index 27f6194a..2d416b64 100644
+--- a/common/memops.c
++++ b/common/memops.c
+@@ -198,7 +198,7 @@ static inline __m128i float_24_sse(__m128 s)
+  */
+ static unsigned int seed = 22222;
+ 
+-inline unsigned int fast_rand() {
++static inline unsigned int fast_rand() {
+ 	seed = (seed * 96314165) + 907633515;
+ 	return seed;
+ }

package/jack2/jack2.hash

@@ -1,3 +1,2 @@
 # Locally calculated
 sha256 88f1b6601b7c8950e6a2d5940b423a33ee628ae5583da40bdce3d9317d8c600d  jack2-v1.9.10.tar.gz
-sha256 f372c4300e3fb2c1ce053e47829df44f3f8b933feb820759392187723ae8e640  ff1ed2c4524095055140370c1008a2d9cccc5645.patch

package/jack2/jack2.mk

@@ -9,7 +9,6 @@ JACK2_SITE = $(call github,jackaudio,jack2,$(JACK2_VERSION))
 JACK2_LICENSE = GPLv2+ (jack server), LGPLv2.1+ (jack library)
 JACK2_DEPENDENCIES = libsamplerate libsndfile alsa-lib host-python
 JACK2_INSTALL_STAGING = YES
-JACK2_PATCH = https://github.com/jackaudio/jack2/commit/ff1ed2c4524095055140370c1008a2d9cccc5645.patch
 
 JACK2_CONF_OPTS = --alsa
 

package/lame/0001-configure.patch

@@ -1,69 +0,0 @@
-Various patches to fix autoreconf errors.
-
-All patches besides
-- AM_ICONV in configure.in
-are already applied upstream:
-http://lame.cvs.sourceforge.net/viewvc/lame/lame/configure.in?r1=1.145&r2=1.146
-http://lame.cvs.sourceforge.net/viewvc/lame/lame/doc/html/Makefile.am?r1=1.8&r2=1.9
-http://lame.cvs.sourceforge.net/viewvc/lame/lame/doc/man/Makefile.am?r1=1.1&r2=1.2
-
-libmp3lame/i386/Makefile.am patch ported from Debian
-http://anonscm.debian.org/cgit/pkg-multimedia/lame.git/tree/debian/patches/ansi2knr2devnull.patch
-
-Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
-
-diff -uNr lame-3.99.5.org/configure.in lame-3.99.5/configure.in
---- lame-3.99.5.org/configure.in	2012-02-28 19:50:27.000000000 +0100
-+++ lame-3.99.5/configure.in	2015-04-11 11:36:15.464835008 +0200
-@@ -77,9 +77,6 @@
- 	AC_MSG_RESULT(${GCC_version})
- fi
- 
--dnl more automake stuff
--AM_C_PROTOTYPES
--
- AC_CHECK_HEADER(dmalloc.h)
- if test "${ac_cv_header_dmalloc_h}" = "yes"; then
- 	AM_WITH_DMALLOC
-@@ -376,8 +373,6 @@
- AC_CHECK_LIB(curses, initscr, HAVE_TERMCAP="curses")
- AC_CHECK_LIB(ncurses, initscr, HAVE_TERMCAP="ncurses")
- 
--AM_ICONV
-- 
- dnl math lib
- AC_CHECK_LIB(m, cos, USE_LIBM="-lm")
- dnl free fast math library
-diff -uNr lame-3.99.5.org/doc/html/Makefile.am lame-3.99.5/doc/html/Makefile.am
---- lame-3.99.5.org/doc/html/Makefile.am	2010-09-30 22:58:40.000000000 +0200
-+++ lame-3.99.5/doc/html/Makefile.am	2015-04-11 11:37:02.880239754 +0200
-@@ -1,6 +1,6 @@
- ## $Id: Makefile.am,v 1.7 2010/09/30 20:58:40 jaz001 Exp $
- 
--AUTOMAKE_OPTIONS = foreign ansi2knr
-+AUTOMAKE_OPTIONS = foreign
- 
- docdir = $(datadir)/doc
- pkgdocdir = $(docdir)/$(PACKAGE)
-diff -uNr lame-3.99.5.org/doc/man/Makefile.am lame-3.99.5/doc/man/Makefile.am
---- lame-3.99.5.org/doc/man/Makefile.am	2000-10-22 13:39:44.000000000 +0200
-+++ lame-3.99.5/doc/man/Makefile.am	2015-04-11 11:37:08.704167318 +0200
-@@ -1,6 +1,6 @@
- ## $Id: Makefile.am,v 1.1 2000/10/22 11:39:44 aleidinger Exp $
- 
--AUTOMAKE_OPTIONS = foreign ansi2knr
-+AUTOMAKE_OPTIONS = foreign
- 
- man_MANS = lame.1
- EXTRA_DIST = ${man_MANS}
-diff -uNr lame-3.99.5.org/libmp3lame/i386/Makefile.am lame-3.99.5/libmp3lame/i386/Makefile.am
---- lame-3.99.5.org/libmp3lame/i386/Makefile.am	2011-04-04 11:42:34.000000000 +0200
-+++ lame-3.99.5/libmp3lame/i386/Makefile.am	2015-04-11 11:37:35.191833351 +0200
-@@ -1,6 +1,6 @@
- ## $Id: Makefile.am,v 1.26 2011/04/04 09:42:34 aleidinger Exp $
- 
--AUTOMAKE_OPTIONS = foreign $(top_srcdir)/ansi2knr
-+AUTOMAKE_OPTIONS = foreign
- 
- DEFS = @DEFS@ @CONFIG_DEFS@
- 

package/lame/0002-gtk1-ac-directives.patch

@@ -1,210 +0,0 @@
-Include GTK-1 autoconf directives in build system.
-Applied-Upstream: http://lame.cvs.sf.net/viewvc/lame/lame/acinclude.m4?r1=1.5&r2=1.6
-
-Downloaded from
-http://lame.cvs.sf.net/viewvc/lame/lame/acinclude.m4?r1=1.5&r2=1.6&view=patch
-
-to fix autoreconf.
-
-Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
-
---- a/acinclude.m4	2006/12/21 09:03:03	1.5
-+++ b/acinclude.m4	2012/06/18 20:51:05	1.6
-@@ -85,4 +85,197 @@
- [AC_MSG_WARN(can't check for IEEE854 compliant 80 bit floats)]
- )])]) # alex_IEEE854_FLOAT80
- 
-+# Configure paths for GTK+
-+# Owen Taylor     97-11-3
- 
-+dnl AM_PATH_GTK([MINIMUM-VERSION, [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND [, MODULES]]]])
-+dnl Test for GTK, and define GTK_CFLAGS and GTK_LIBS
-+dnl
-+AC_DEFUN([AM_PATH_GTK],
-+[dnl
-+dnl Get the cflags and libraries from the gtk-config script
-+dnl
-+AC_ARG_WITH(gtk-prefix,[  --with-gtk-prefix=PFX   Prefix where GTK is installed (optional)],
-+            gtk_config_prefix="$withval", gtk_config_prefix="")
-+AC_ARG_WITH(gtk-exec-prefix,[  --with-gtk-exec-prefix=PFX Exec prefix where GTK is installed (optional)],
-+            gtk_config_exec_prefix="$withval", gtk_config_exec_prefix="")
-+AC_ARG_ENABLE(gtktest, [  --disable-gtktest       Do not try to compile and run a test GTK program],
-+        , enable_gtktest=yes)
-+
-+  for module in . $4
-+  do
-+      case "$module" in
-+         gthread)
-+             gtk_config_args="$gtk_config_args gthread"
-+         ;;
-+      esac
-+  done
-+
-+  if test x$gtk_config_exec_prefix != x ; then
-+     gtk_config_args="$gtk_config_args --exec-prefix=$gtk_config_exec_prefix"
-+     if test x${GTK_CONFIG+set} != xset ; then
-+        GTK_CONFIG=$gtk_config_exec_prefix/bin/gtk-config
-+     fi
-+  fi
-+  if test x$gtk_config_prefix != x ; then
-+     gtk_config_args="$gtk_config_args --prefix=$gtk_config_prefix"
-+     if test x${GTK_CONFIG+set} != xset ; then
-+        GTK_CONFIG=$gtk_config_prefix/bin/gtk-config
-+     fi
-+  fi
-+
-+  AC_PATH_PROG(GTK_CONFIG, gtk-config, no)
-+  min_gtk_version=ifelse([$1], ,0.99.7,$1)
-+  AC_MSG_CHECKING(for GTK - version >= $min_gtk_version)
-+  no_gtk=""
-+  if test "$GTK_CONFIG" = "no" ; then
-+    no_gtk=yes
-+  else
-+    GTK_CFLAGS=`$GTK_CONFIG $gtk_config_args --cflags`
-+    GTK_LIBS=`$GTK_CONFIG $gtk_config_args --libs`
-+    gtk_config_major_version=`$GTK_CONFIG $gtk_config_args --version | \
-+           sed 's/\([[0-9]]*\).\([[0-9]]*\).\([[0-9]]*\)/\1/'`
-+    gtk_config_minor_version=`$GTK_CONFIG $gtk_config_args --version | \
-+           sed 's/\([[0-9]]*\).\([[0-9]]*\).\([[0-9]]*\)/\2/'`
-+    gtk_config_micro_version=`$GTK_CONFIG $gtk_config_args --version | \
-+           sed 's/\([[0-9]]*\).\([[0-9]]*\).\([[0-9]]*\)/\3/'`
-+    if test "x$enable_gtktest" = "xyes" ; then
-+      ac_save_CFLAGS="$CFLAGS"
-+      ac_save_LIBS="$LIBS"
-+      CFLAGS="$CFLAGS $GTK_CFLAGS"
-+      LIBS="$GTK_LIBS $LIBS"
-+dnl
-+dnl Now check if the installed GTK is sufficiently new. (Also sanity
-+dnl checks the results of gtk-config to some extent
-+dnl
-+      rm -f conf.gtktest
-+      AC_TRY_RUN([
-+#include <gtk/gtk.h>
-+#include <stdio.h>
-+#include <stdlib.h>
-+
-+int
-+main ()
-+{
-+  int major, minor, micro;
-+  char *tmp_version;
-+
-+  system ("touch conf.gtktest");
-+
-+  /* HP/UX 9 (%@#!) writes to sscanf strings */
-+  tmp_version = g_strdup("$min_gtk_version");
-+  if (sscanf(tmp_version, "%d.%d.%d", &major, &minor, &micro) != 3) {
-+     printf("%s, bad version string\n", "$min_gtk_version");
-+     exit(1);
-+   }
-+
-+  if ((gtk_major_version != $gtk_config_major_version) ||
-+      (gtk_minor_version != $gtk_config_minor_version) ||
-+      (gtk_micro_version != $gtk_config_micro_version))
-+    {
-+      printf("\n*** 'gtk-config --version' returned %d.%d.%d, but GTK+ (%d.%d.%d)\n",
-+             $gtk_config_major_version, $gtk_config_minor_version, $gtk_config_micro_version,
-+             gtk_major_version, gtk_minor_version, gtk_micro_version);
-+      printf ("*** was found! If gtk-config was correct, then it is best\n");
-+      printf ("*** to remove the old version of GTK+. You may also be able to fix the error\n");
-+      printf("*** by modifying your LD_LIBRARY_PATH enviroment variable, or by editing\n");
-+      printf("*** /etc/ld.so.conf. Make sure you have run ldconfig if that is\n");
-+      printf("*** required on your system.\n");
-+      printf("*** If gtk-config was wrong, set the environment variable GTK_CONFIG\n");
-+      printf("*** to point to the correct copy of gtk-config, and remove the file config.cache\n");
-+      printf("*** before re-running configure\n");
-+    }
-+#if defined (GTK_MAJOR_VERSION) && defined (GTK_MINOR_VERSION) && defined (GTK_MICRO_VERSION)
-+  else if ((gtk_major_version != GTK_MAJOR_VERSION) ||
-+     (gtk_minor_version != GTK_MINOR_VERSION) ||
-+           (gtk_micro_version != GTK_MICRO_VERSION))
-+    {
-+      printf("*** GTK+ header files (version %d.%d.%d) do not match\n",
-+       GTK_MAJOR_VERSION, GTK_MINOR_VERSION, GTK_MICRO_VERSION);
-+      printf("*** library (version %d.%d.%d)\n",
-+       gtk_major_version, gtk_minor_version, gtk_micro_version);
-+    }
-+#endif /* defined (GTK_MAJOR_VERSION) ... */
-+  else
-+    {
-+      if ((gtk_major_version > major) ||
-+        ((gtk_major_version == major) && (gtk_minor_version > minor)) ||
-+        ((gtk_major_version == major) && (gtk_minor_version == minor) && (gtk_micro_version >= micro)))
-+      {
-+        return 0;
-+       }
-+     else
-+      {
-+        printf("\n*** An old version of GTK+ (%d.%d.%d) was found.\n",
-+               gtk_major_version, gtk_minor_version, gtk_micro_version);
-+        printf("*** You need a version of GTK+ newer than %d.%d.%d. The latest version of\n",
-+         major, minor, micro);
-+        printf("*** GTK+ is always available from ftp://ftp.gtk.org.\n");
-+        printf("***\n");
-+        printf("*** If you have already installed a sufficiently new version, this error\n");
-+        printf("*** probably means that the wrong copy of the gtk-config shell script is\n");
-+        printf("*** being found. The easiest way to fix this is to remove the old version\n");
-+        printf("*** of GTK+, but you can also set the GTK_CONFIG environment to point to the\n");
-+        printf("*** correct copy of gtk-config. (In this case, you will have to\n");
-+        printf("*** modify your LD_LIBRARY_PATH enviroment variable, or edit /etc/ld.so.conf\n");
-+        printf("*** so that the correct libraries are found at run-time))\n");
-+      }
-+    }
-+  return 1;
-+}
-+],, no_gtk=yes,[echo $ac_n "cross compiling; assumed OK... $ac_c"])
-+       CFLAGS="$ac_save_CFLAGS"
-+       LIBS="$ac_save_LIBS"
-+     fi
-+  fi
-+  if test "x$no_gtk" = x ; then
-+     AC_MSG_RESULT(yes)
-+     ifelse([$2], , :, [$2])
-+  else
-+     AC_MSG_RESULT(no)
-+     if test "$GTK_CONFIG" = "no" ; then
-+       echo "*** The gtk-config script installed by GTK could not be found"
-+       echo "*** If GTK was installed in PREFIX, make sure PREFIX/bin is in"
-+       echo "*** your path, or set the GTK_CONFIG environment variable to the"
-+       echo "*** full path to gtk-config."
-+     else
-+       if test -f conf.gtktest ; then
-+        :
-+       else
-+          echo "*** Could not run GTK test program, checking why..."
-+          CFLAGS="$CFLAGS $GTK_CFLAGS"
-+          LIBS="$LIBS $GTK_LIBS"
-+          AC_TRY_LINK([
-+#include <gtk/gtk.h>
-+#include <stdio.h>
-+],      [ return ((gtk_major_version) || (gtk_minor_version) || (gtk_micro_version)); ],
-+        [ echo "*** The test program compiled, but did not run. This usually means"
-+          echo "*** that the run-time linker is not finding GTK or finding the wrong"
-+          echo "*** version of GTK. If it is not finding GTK, you'll need to set your"
-+          echo "*** LD_LIBRARY_PATH environment variable, or edit /etc/ld.so.conf to point"
-+          echo "*** to the installed location  Also, make sure you have run ldconfig if that"
-+          echo "*** is required on your system"
-+    echo "***"
-+          echo "*** If you have an old version installed, it is best to remove it, although"
-+          echo "*** you may also be able to get things to work by modifying LD_LIBRARY_PATH"
-+          echo "***"
-+          echo "*** If you have a RedHat 5.0 system, you should remove the GTK package that"
-+          echo "*** came with the system with the command"
-+          echo "***"
-+          echo "***    rpm --erase --nodeps gtk gtk-devel" ],
-+        [ echo "*** The test program failed to compile or link. See the file config.log for the"
-+          echo "*** exact error that occured. This usually means GTK was incorrectly installed"
-+          echo "*** or that you have moved GTK since it was installed. In the latter case, you"
-+          echo "*** may want to edit the gtk-config script: $GTK_CONFIG" ])
-+          CFLAGS="$ac_save_CFLAGS"
-+          LIBS="$ac_save_LIBS"
-+       fi
-+     fi
-+     GTK_CFLAGS=""
-+     GTK_LIBS=""
-+     ifelse([$3], , :, [$3])
-+  fi
-+  AC_SUBST(GTK_CFLAGS)
-+  AC_SUBST(GTK_LIBS)
-+  rm -f conf.gtktest
-+])

package/lame/0003-msse.patch

@@ -1,24 +0,0 @@
-Fix compile on 32bit Intel
-
-Downloaded from
-http://anonscm.debian.org/cgit/pkg-multimedia/lame.git/tree/debian/patches/msse.patch
-
-Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
-
-Description: Build xmm_quantize_sub.c with -msse
-Author: Sebastian Ramacher <sramacher@debian.org>
-Bug: http://sourceforge.net/p/lame/bugs/443/
-Bug-Debian: https://bugs.debian.org/760047
-Forwarded: http://sourceforge.net/p/lame/bugs/443/
-Last-Update: 2014-08-31
-
---- lame-3.99.5+repack1.orig/libmp3lame/vector/Makefile.am
-+++ lame-3.99.5+repack1/libmp3lame/vector/Makefile.am
-@@ -20,6 +20,7 @@ xmm_sources = xmm_quantize_sub.c
- 
- if WITH_XMM
- liblamevectorroutines_la_SOURCES = $(xmm_sources)
-+liblamevectorroutines_la_CFLAGS = -msse
- endif
- 
- noinst_HEADERS = lame_intrin.h

package/lame/lame.hash

@@ -1,2 +1,3 @@
 # Locally computed:
-sha256  24346b4158e4af3bd9f2e194bb23eb473c75fb7377011523353196b19b9a23ff  lame-3.99.5.tar.gz
+sha256  ddfe36cab873794038ae2c1210557ad34857a4b6bdc515785d1da9e175b1da1e  lame-3.100.tar.gz
+sha256  bfe4a52dc4645385f356a8e83cc54216a293e3b6f1cb4f79f5fc0277abf937fd  COPYING

package/lame/lame.mk

@@ -4,11 +4,9 @@
 #
 ################################################################################
 
-LAME_VERSION_MAJOR = 3.99
-LAME_VERSION = $(LAME_VERSION_MAJOR).5
-LAME_SITE = http://downloads.sourceforge.net/project/lame/lame/$(LAME_VERSION_MAJOR)
+LAME_VERSION = 3.100
+LAME_SITE = http://downloads.sourceforge.net/project/lame/lame/$(LAME_VERSION)
 LAME_DEPENDENCIES = host-pkgconf
-LAME_AUTORECONF = YES
 LAME_INSTALL_STAGING = YES
 LAME_CONF_ENV = GTK_CONFIG=/bin/false
 LAME_CONF_OPTS = --enable-dynamic-frontends

package/libarchive/0001-Do-something-sensible-for-empty-strings-to-make-fuzz.patch

@@ -0,0 +1,42 @@
+From fa7438a0ff4033e4741c807394a9af6207940d71 Mon Sep 17 00:00:00 2001
+From: Joerg Sonnenberger <joerg@bec.de>
+Date: Tue, 5 Sep 2017 18:12:19 +0200
+Subject: [PATCH] Do something sensible for empty strings to make fuzzers
+ happy.
+
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Upstream status: commit fa7438a0ff
+
+ libarchive/archive_read_support_format_xar.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/libarchive/archive_read_support_format_xar.c b/libarchive/archive_read_support_format_xar.c
+index 7a22beb9d8e4..93eeacc5e6eb 100644
+--- a/libarchive/archive_read_support_format_xar.c
++++ b/libarchive/archive_read_support_format_xar.c
+@@ -1040,6 +1040,9 @@ atol10(const char *p, size_t char_cnt)
+ 	uint64_t l;
+ 	int digit;
+ 
++	if (char_cnt == 0)
++		return (0);
++
+ 	l = 0;
+ 	digit = *p - '0';
+ 	while (digit >= 0 && digit < 10  && char_cnt-- > 0) {
+@@ -1054,7 +1057,10 @@ atol8(const char *p, size_t char_cnt)
+ {
+ 	int64_t l;
+ 	int digit;
+-        
++
++	if (char_cnt == 0)
++		return (0);
++
+ 	l = 0;
+ 	while (char_cnt-- > 0) {
+ 		if (*p >= '0' && *p <= '7')
+-- 
+2.14.1
+

package/libarchive/libarchive.hash

@@ -1,2 +1,2 @@
 # Locally computed:
-sha256  72ee1a4e3fd534525f13a0ba1aa7b05b203d186e0c6072a8a4738649d0b3cfd2  libarchive-3.2.1.tar.gz
+sha256  ed2dbd6954792b2c054ccf8ec4b330a54b85904a80cef477a1c74643ddafa0ce  libarchive-3.3.2.tar.gz