Update for 2018.02.6

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

.gitlab-ci.yml

@@ -237,6 +237,7 @@ zynq_zybo_defconfig: *defconfig
 tests.boot.test_atf.TestATFAllwinner: *runtime_test
 tests.boot.test_atf.TestATFMarvell: *runtime_test
 tests.boot.test_atf.TestATFVexpress: *runtime_test
+tests.core.test_file_capabilities.TestFileCapabilities: *runtime_test
 tests.core.test_post_scripts.TestPostScripts: *runtime_test
 tests.core.test_rootfs_overlay.TestRootfsOverlay: *runtime_test
 tests.core.test_timezone.TestGlibcAllTimezone: *runtime_test

CHANGES

@@ -1,3 +1,55 @@
+2018.02.6, Released October 7th, 2018
+
+	Important / security related fixes.
+
+	Add a number of patches to fix build errors for host utilities
+	on modern distributions using glibc-2.28.
+
+	mkusers: Ensure existing group members are preserved when a
+	group is reprocessed.
+
+	printvars: Fix issue with exceeding shell command line length
+	limits for certain setups.
+
+	Updated/fixes packages: acpid, android-tools, apache,
+	arp-scan, bandwidthd, bind, bison, clamav, connman, cppcms,
+	cramfs, fio, gcc, ghostscript, glibc, gnupg, httping,
+	igmpproxy, imagemagick, imlib2, ipsec-tools, lcms2, libcurl,
+	libesmtp, libnfs, libssh, libxslt, links, linuxptp,
+	mediastreamer, minicom, moarvm, nilfs-utils, ocrad, parted,
+	php, pv, python-django, qt, qt5quickcontrols, qt5webengine,
+	screen, sdl2, shairport-sync, squashfs, strongswan,
+	vboot-utils, webkitgtk, wireguard, x265, xen, xlib_libXfont,
+	xlib_libXft
+
+	New packages: brotli, woff2
+
+2018.02.5, Released August 29th, 2018
+
+	Important / security related fixes.
+
+	Defconfigs: Raspberrypi2: Bump rootfs size, T7680: Fix
+	genimage.cfg issue, ARM Juno: Bump ATF to v1.3 to fix build
+	issue.
+
+	Updated/fixed packages: acl, apache, attr, bind,
+	boot-wrapper-aarch64, brltty, bzip2, chrony, crda, cryptsetup,
+	dahdi-tools, dmidecode, dropbear, eigen, erlang, ffmpeg, gawk,
+	gcc, ghostscript, gnutls, ipsec-tools, libarchive, libfuse,
+	libopenssl, libselinux, libsoup, lighttpd, linuxptp,
+	lttng-modules, lttng-tools, lua-flu, lvm2, m4, makedevs,
+	mariadb, mbedtls, mesa3d-headers, mtd, ncurses, nodejs,
+	openssh, php, postgresql, python-django, qt5xmlpatterns, ruby,
+	samba4, shairport-sync, stress-ng, ti-utils, uboot-tools, vim,
+	waylandpp, wireless_tools, wireshark, wpa_supplicant, xorriso,
+	znc
+
+	Issues resolved (http://bugs.uclibc.org):
+
+	#10781: cryptsetup luksOpen container_file container causes..
+	#10986: Installing package attr when already supplied by..
+	#11191: xattr and check-package issue
+
 2018.02.4, Released July 21th, 2018
 
 	Important / security related fixes.

DEVELOPERS

@@ -60,8 +60,10 @@ F:	package/setools/
 F:	package/sngrep/
 
 N:	Adrian Perez de Castro <aperez@igalia.com>
+F:	package/brotli/
 F:	package/libepoxy/
 F:	package/webkitgtk/
+F:	package/woff2/
 
 N:	Adrien Gallouët <adrien@gallouet.fr>
 F:	package/glorytun/

Makefile

@@ -87,9 +87,9 @@ all:
 .PHONY: all
 
 # Set and export the version string
-export BR2_VERSION := 2018.02.4
+export BR2_VERSION := 2018.02.6
 # Actual time the release is cut (for reproducible builds)
-BR2_VERSION_EPOCH = 1532126000
+BR2_VERSION_EPOCH = 1538896000
 
 # Save running make version since it's clobbered by the make package
 RUNNING_MAKE_VERSION := $(MAKE_VERSION)
@@ -976,7 +976,8 @@ $(BUILD_DIR)/.br2-external.in: $(BUILD_DIR)
 # displayed.
 .PHONY: printvars
 printvars:
-	@:$(foreach V, \
+	@:
+	$(foreach V, \
 		$(sort $(if $(VARS),$(filter $(VARS),$(.VARIABLES)),$(.VARIABLES))), \
 		$(if $(filter-out environment% default automatic, \
 				$(origin $V)), \
@@ -1019,8 +1020,8 @@ help:
 	@echo '  silentoldconfig        - Same as oldconfig, but quietly, additionally update deps'
 	@echo '  olddefconfig           - Same as silentoldconfig but sets new symbols to their default value'
 	@echo '  randconfig             - New config with random answer to all options'
-	@echo '  defconfig              - New config with default answer to all options'
-	@echo '                             BR2_DEFCONFIG, if set, is used as input'
+	@echo '  defconfig              - New config with default answer to all options;'
+	@echo '                             BR2_DEFCONFIG, if set on the command line, is used as input'
 	@echo '  savedefconfig          - Save current config to BR2_DEFCONFIG (minimal config)'
 	@echo '  allyesconfig           - New config where all options are accepted with yes'
 	@echo '  allnoconfig            - New config where all options are answered with no'

board/technologic/ts7680/genimage.cfg

@@ -3,7 +3,7 @@ image sdcard.img {
 	}
 
 	partition unused {
-		size =  512B
+		size =  512
 	}
 
 	partition rootfs {

boot/at91bootstrap3/Config.in

@@ -8,6 +8,8 @@ config BR2_TARGET_AT91BOOTSTRAP3
 	  - Peripheral drivers such as PIO, PMC or SDRAMC...
 	  - Physical media algorithm such as DataFlash, NandFlash, NOR Flash...
 
+	  https://www.at91.com/linux4sam/bin/view/Linux4SAM/AT91Bootstrap
+
 if BR2_TARGET_AT91BOOTSTRAP3
 
 choice

boot/boot-wrapper-aarch64/boot-wrapper-aarch64.mk

@@ -6,7 +6,7 @@
 
 BOOT_WRAPPER_AARCH64_VERSION = 4266507a84f8c06452109d38e0350d4759740694
 BOOT_WRAPPER_AARCH64_SITE = git://git.kernel.org/pub/scm/linux/kernel/git/mark/boot-wrapper-aarch64.git
-BOOT_WRAPPER_AARCH64_LICENSE = BSD3c
+BOOT_WRAPPER_AARCH64_LICENSE = BSD-3-Clause
 BOOT_WRAPPER_AARCH64_LICENSE_FILES = LICENSE.txt
 BOOT_WRAPPER_AARCH64_DEPENDENCIES = linux
 BOOT_WRAPPER_AARCH64_INSTALL_IMAGES = YES

boot/vexpress-firmware/Config.in

@@ -4,3 +4,5 @@ config BR2_TARGET_VEXPRESS_FIRMWARE
 	help
 	  Versatile Express firmware from ARM, with Linaro mods last
 	  change.
+
+	  https://git.linaro.org/arm/vexpress-firmware.git

boot/xloader/Config.in

@@ -5,6 +5,8 @@ config BR2_TARGET_XLOADER
 	  The x-loader bootloader. It is mainly used on OMAP-based
 	  platforms.
 
+	  http://omappedia.org/wiki/Linux_OMAP_Kernel_Main
+
 if BR2_TARGET_XLOADER
 config BR2_TARGET_XLOADER_BOARDNAME
 	string "x-loader board name"

configs/arm_juno_defconfig

@@ -12,7 +12,7 @@ BR2_LINUX_KERNEL_INTREE_DTS_NAME="arm/juno arm/juno-r1 arm/juno-r2"
 BR2_TARGET_ARM_TRUSTED_FIRMWARE=y
 BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_GIT=y
 BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_REPO_URL="https://github.com/ARM-software/arm-trusted-firmware.git"
-BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_REPO_VERSION="v1.2"
+BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_REPO_VERSION="v1.3"
 BR2_TARGET_ARM_TRUSTED_FIRMWARE_PLATFORM="juno"
 BR2_TARGET_ARM_TRUSTED_FIRMWARE_FIP=y
 BR2_TARGET_ARM_TRUSTED_FIRMWARE_UBOOT_AS_BL33=y

configs/raspberrypi2_defconfig

@@ -31,6 +31,7 @@ BR2_PACKAGE_HOST_MTOOLS=y
 # Filesystem / image
 BR2_TARGET_ROOTFS_EXT2=y
 BR2_TARGET_ROOTFS_EXT2_4=y
+BR2_TARGET_ROOTFS_EXT2_SIZE="120M"
 # BR2_TARGET_ROOTFS_TAR is not set
 BR2_ROOTFS_POST_BUILD_SCRIPT="board/raspberrypi2/post-build.sh"
 BR2_ROOTFS_POST_IMAGE_SCRIPT="board/raspberrypi2/post-image.sh"

docs/manual/adding-packages-generic.txt

@@ -198,11 +198,24 @@ information is (assuming the package name is +libfoo+) :
   package. Note that if +HOST_LIBFOO_VERSION+ doesn't exist, it is
   assumed to be the same as +LIBFOO_VERSION+. It can also be a
   revision number or a tag for packages that are fetched directly
-  from their version control system. Do not use a branch name as
-  version; it does not work. Examples:
+  from their version control system. Examples:
   ** a version for a release tarball: +LIBFOO_VERSION = 0.1.2+
   ** a sha1 for a git tree: +LIBFOO_VERSION = cb9d6aa9429e838f0e54faa3d455bcbab5eef057+
   ** a tag for a git tree +LIBFOO_VERSION = v0.1.2+
++
+.Note:
+Using a branch name as +FOO_VERSION+ is not supported, because it does
+not and can not work as people would expect it should:
++
+  1. due to local caching, Buildroot will not re-fetch the repository,
+     so people who expect to be able to follow the remote repository
+     would be quite surprised and disappointed;
+  2. because two builds can never be perfectly simultaneous, and because
+     the remote repository may get new commits on the branch anytime,
+     two users, using the same Buildroot tree and building the same
+     configuration, may get different source, thus rendering the build
+     non reproducible, and people would be quite surprised and
+     disappointed.
 
 * +LIBFOO_SOURCE+ may contain the name of the tarball of the package,
   which Buildroot will use to download the tarball from

docs/manual/prerequisite.txt

@@ -23,8 +23,8 @@ between distributions).
 ** +make+ (version 3.81 or any later)
 ** +binutils+
 ** +build-essential+ (only for Debian based systems)
-** +gcc+ (version 2.95 or any later)
-** `g++` (version 2.95 or any later)
+** +gcc+ (version 4.4 or any later)
+** `g++` (version 4.4 or any later)
 ** +bash+
 ** +patch+
 ** +gzip+

linux/Config.in

@@ -33,7 +33,7 @@ config BR2_LINUX_KERNEL_LATEST_VERSION
 	bool "Latest version (4.15)"
 
 config BR2_LINUX_KERNEL_LATEST_CIP_VERSION
-	bool "Latest CIP SLTS version (v4.4.130-cip23)"
+	bool "Latest CIP SLTS version (v4.4.138-cip25)"
 	help
 	  CIP launched in the spring of 2016 to address the needs of
 	  organizations in industries such as power generation and
@@ -121,7 +121,7 @@ endif
 config BR2_LINUX_KERNEL_VERSION
 	string
 	default "4.15.16" if BR2_LINUX_KERNEL_LATEST_VERSION
-	default "v4.4.130-cip23" if BR2_LINUX_KERNEL_LATEST_CIP_VERSION
+	default "v4.4.138-cip25" if BR2_LINUX_KERNEL_LATEST_CIP_VERSION
 	default BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE \
 		if BR2_LINUX_KERNEL_CUSTOM_VERSION
 	default "custom" if BR2_LINUX_KERNEL_CUSTOM_TARBALL

package/Config.in

@@ -63,6 +63,7 @@ menu "Audio and video applications"
 endmenu
 
 menu "Compressors and decompressors"
+	source "package/brotli/Config.in"
 	source "package/bzip2/Config.in"
 	source "package/gzip/Config.in"
 	source "package/lz4/Config.in"
@@ -1170,6 +1171,7 @@ menu "Graphics"
 	source "package/waylandpp/Config.in"
 	source "package/webkitgtk/Config.in"
 	source "package/webp/Config.in"
+	source "package/woff2/Config.in"
 	source "package/zbar/Config.in"
 	source "package/zxing-cpp/Config.in"
 endmenu

package/acl/0001-Build-with-old-GCC-versions.patch

@@ -0,0 +1,32 @@
+From a42519dceef0493ece45538375ae1791313f16d3 Mon Sep 17 00:00:00 2001
+From: Hollis Blanchard <hollis_blanchard@mentor.com>
+Date: Mon, 30 Jul 2018 14:29:46 -0700
+Subject: [PATCH] Remove pragmas inside functions
+
+GCC 4.4.7, as found in RHEL6, reports:
+    libacl/acl_from_text.c:307: error: #pragma GCC diagnostic not allowed inside functions
+
+Signed-off-by: Hollis Blanchard <hollis_blanchard@mentor.com>
+---
+ libacl/acl_from_text.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/libacl/acl_from_text.c b/libacl/acl_from_text.c
+index 09790c9..fb6bc07 100644
+--- a/libacl/acl_from_text.c
++++ b/libacl/acl_from_text.c
+@@ -304,11 +304,8 @@ parse_acl_entry(const char **text_p, acl_t *acl_p)
+ create_entry:
+ 	if (acl_create_entry(acl_p, &entry_d) != 0)
+ 		return -1;
+-#pragma GCC diagnostic push
+-#pragma GCC diagnostic ignored "-Waddress"
+ 	if (acl_copy_entry(entry_d, int2ext(&entry_obj)) != 0)
+ 		return -1;
+-#pragma GCC diagnostic pop
+ 	return 0;
+ 
+ fail:
+-- 
+2.13.0
+

package/acl/0001-support-static-installation.patch

@@ -1,29 +0,0 @@
-Support installation of .a file when doing static linking
-
-When doing static linking (i.e ENABLE_SHARED != yes), the acl build
-logic wasn't installing any library at all, not even the .a file which
-is needed for static linking. This patch fixes that.
-
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
-
-Index: b/include/buildmacros
-===================================================================
---- a/include/buildmacros
-+++ b/include/buildmacros
-@@ -97,7 +97,15 @@
- 
- INSTALL_LTLIB_STATIC = \
- 	cd $(TOPDIR)/$(LIBNAME)/.libs; \
--	../$(INSTALL) -m 755 -d $(PKG_DEVLIB_DIR);
-+	../$(INSTALL) -m 755 -d $(PKG_DEVLIB_DIR); \
-+	../$(INSTALL) -m 644 -T old_lib $(LIBNAME).la $(PKG_DEVLIB_DIR); \
-+	../$(INSTALL) -m 644 $(LIBNAME).la $(PKG_DEVLIB_DIR)/$(LIBNAME).la ; \
-+	../$(INSTALL) -m 755 -d $(PKG_LIB_DIR); \
-+	../$(INSTALL) -T so_base $(LIBNAME).la $(PKG_LIB_DIR); \
-+	if test "x$(PKG_DEVLIB_DIR)" != "x$(PKG_LIB_DIR)" ; then \
-+	../$(INSTALL) -S $(PKG_DEVLIB_DIR)/$(LIBNAME).a $(PKG_LIB_DIR)/$(LIBNAME).a; \
-+	../$(INSTALL) -S $(PKG_DEVLIB_DIR)/$(LIBNAME).la $(PKG_LIB_DIR)/$(LIBNAME).la; \
-+	fi
- 
- INSTALL_MAN = \
- 	@for d in $(MAN_PAGES); do \

package/acl/0002-add-__acl_-prefixes-to-internal-symbols.patch

@@ -1,292 +0,0 @@
-From debbe4f7b591b3f35d0ed65c17fa81b196b2eb2d Mon Sep 17 00:00:00 2001
-From: Mike Frysinger <vapier@gentoo.org>
-Date: Tue, 12 Aug 2014 08:37:25 -0400
-Subject: [PATCH] add __acl_ prefixes to internal symbols
-
-When static linking libacl, people sometimes run into symbol collisions
-because their own code defines symbols like "quote".  So for acl internal
-symbols, use an __acl_ prefix.
-
-[Rahul Bedarkar: backported from upstream 
-  http://git.savannah.gnu.org/cgit/acl.git/commit/?id=a2c4d71c2e84419a49db503ed59de4d3d1dca7dd ]
-Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
----
- exports                    | 12 ++----------
- getfacl/getfacl.c          |  4 ++--
- include/misc.h             |  8 ++++----
- libacl/__acl_to_any_text.c |  4 ++--
- libacl/acl_from_text.c     |  4 ++--
- libmisc/high_water_alloc.c |  2 +-
- libmisc/next_line.c        |  6 +++---
- libmisc/quote.c            |  4 ++--
- libmisc/unquote.c          |  2 +-
- setfacl/parse.c            | 10 +++++-----
- setfacl/setfacl.c          |  4 ++--
- 11 files changed, 26 insertions(+), 34 deletions(-)
-
-diff --git a/exports b/exports
-index 7d8e69e..bf15d84 100644
---- a/exports
-+++ b/exports
-@@ -59,22 +59,14 @@ ACL_1.0 {
- 	acl_to_any_text;
- 
-     local:
--    	# Library internal stuff
-+	# Library internal stuff
- 	__new_var_obj_p;
- 	__new_obj_p_here;
- 	__free_obj_p;
- 	__check_obj_p;
- 	__ext2int_and_check;
--	__acl_reorder_entry_obj_p;
--	__acl_reorder_obj_p;
--	__acl_init_obj;
--	__acl_create_entry_obj;
--	__acl_free_acl_obj;
--	__acl_to_any_text;
-+	__acl_*;
- 	__apply_mask_to_mode;
--
--	quote;
--	unquote;
- };
- 
- ACL_1.1 {
-diff --git a/getfacl/getfacl.c b/getfacl/getfacl.c
-index f8eaf25..af9e225 100644
---- a/getfacl/getfacl.c
-+++ b/getfacl/getfacl.c
-@@ -90,7 +90,7 @@ int opt_numeric;  /* don't convert id's to symbolic names */
- 
- static const char *xquote(const char *str, const char *quote_chars)
- {
--	const char *q = quote(str, quote_chars);
-+	const char *q = __acl_quote(str, quote_chars);
- 	if (q == NULL) {
- 		fprintf(stderr, "%s: %s\n", progname, strerror(errno));
- 		exit(1);
-@@ -718,7 +718,7 @@ int main(int argc, char *argv[])
- 	do {
- 		if (optind == argc ||
- 		    strcmp(argv[optind], "-") == 0) {
--			while ((line = next_line(stdin)) != NULL) {
-+			while ((line = __acl_next_line(stdin)) != NULL) {
- 				if (*line == '\0')
- 					continue;
- 
-diff --git a/include/misc.h b/include/misc.h
-index 0c5fdcc..c25accf 100644
---- a/include/misc.h
-+++ b/include/misc.h
-@@ -15,9 +15,9 @@
-   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-  */
- 
--extern int high_water_alloc(void **buf, size_t *bufsize, size_t newsize);
-+extern int __acl_high_water_alloc(void **buf, size_t *bufsize, size_t newsize);
- 
--extern const char *quote(const char *str, const char *quote_chars);
--extern char *unquote(char *str);
-+extern const char *__acl_quote(const char *str, const char *quote_chars);
-+extern char *__acl_unquote(char *str);
- 
--extern char *next_line(FILE *file);
-+extern char *__acl_next_line(FILE *file);
-diff --git a/libacl/__acl_to_any_text.c b/libacl/__acl_to_any_text.c
-index a4f9c34..19f1ccc 100644
---- a/libacl/__acl_to_any_text.c
-+++ b/libacl/__acl_to_any_text.c
-@@ -159,7 +159,7 @@ acl_entry_to_any_str(const acl_entry_t entry_d, char *text_p, ssize_t size,
- 				if (options & TEXT_NUMERIC_IDS)
- 					str = NULL;
- 				else
--					str = quote(user_name(
-+					str = __acl_quote(user_name(
- 						entry_obj_p->eid.qid), ":, \t\n\r");
- 				if (str != NULL) {
- 					strncpy(text_p, str, size);
-@@ -182,7 +182,7 @@ acl_entry_to_any_str(const acl_entry_t entry_d, char *text_p, ssize_t size,
- 				if (options & TEXT_NUMERIC_IDS)
- 					str = NULL;
- 				else
--					str = quote(group_name(
-+					str = __acl_quote(group_name(
- 						entry_obj_p->eid.qid), ":, \t\n\r");
- 				if (str != NULL) {
- 					strncpy(text_p, str, size);
-diff --git a/libacl/acl_from_text.c b/libacl/acl_from_text.c
-index 1e05322..f6165be 100644
---- a/libacl/acl_from_text.c
-+++ b/libacl/acl_from_text.c
-@@ -206,7 +206,7 @@ parse_acl_entry(const char **text_p, acl_t *acl_p)
- 			str = get_token(text_p);
- 			if (str) {
- 				entry_obj.etag = ACL_USER;
--				error = get_uid(unquote(str),
-+				error = get_uid(__acl_unquote(str),
- 						&entry_obj.eid.qid);
- 				free(str);
- 				if (error) {
-@@ -225,7 +225,7 @@ parse_acl_entry(const char **text_p, acl_t *acl_p)
- 			str = get_token(text_p);
- 			if (str) {
- 				entry_obj.etag = ACL_GROUP;
--				error = get_gid(unquote(str),
-+				error = get_gid(__acl_unquote(str),
- 						&entry_obj.eid.qid);
- 				free(str);
- 				if (error) {
-diff --git a/libmisc/high_water_alloc.c b/libmisc/high_water_alloc.c
-index c127dc1..951f4bb 100644
---- a/libmisc/high_water_alloc.c
-+++ b/libmisc/high_water_alloc.c
-@@ -21,7 +21,7 @@
- #include <stdlib.h>
- #include "misc.h"
- 
--int high_water_alloc(void **buf, size_t *bufsize, size_t newsize)
-+int __acl_high_water_alloc(void **buf, size_t *bufsize, size_t newsize)
- {
- #define CHUNK_SIZE	256
- 	/*
-diff --git a/libmisc/next_line.c b/libmisc/next_line.c
-index 0566d7a..126a364 100644
---- a/libmisc/next_line.c
-+++ b/libmisc/next_line.c
-@@ -23,7 +23,7 @@
- 
- #define LINE_SIZE getpagesize()
- 
--char *next_line(FILE *file)
-+char *__acl_next_line(FILE *file)
- {
- 	static char *line;
- 	static size_t line_size;
-@@ -31,7 +31,7 @@ char *next_line(FILE *file)
- 	int eol = 0;
- 
- 	if (!line) {
--		if (high_water_alloc((void **)&line, &line_size, LINE_SIZE))
-+		if (__acl_high_water_alloc((void **)&line, &line_size, LINE_SIZE))
- 			return NULL;
- 	}
- 	c = line;
-@@ -47,7 +47,7 @@ char *next_line(FILE *file)
- 		if (feof(file))
- 			break;
- 		if (!eol) {
--			if (high_water_alloc((void **)&line, &line_size,
-+			if (__acl_high_water_alloc((void **)&line, &line_size,
- 					     2 * line_size))
- 				return NULL;
- 			c = strrchr(line, '\0');
-diff --git a/libmisc/quote.c b/libmisc/quote.c
-index bf8f9eb..a28800c 100644
---- a/libmisc/quote.c
-+++ b/libmisc/quote.c
-@@ -23,7 +23,7 @@
- #include <string.h>
- #include "misc.h"
- 
--const char *quote(const char *str, const char *quote_chars)
-+const char *__acl_quote(const char *str, const char *quote_chars)
- {
- 	static char *quoted_str;
- 	static size_t quoted_str_len;
-@@ -40,7 +40,7 @@ const char *quote(const char *str, const char *quote_chars)
- 	if (nonpr == 0)
- 		return str;
- 
--	if (high_water_alloc((void **)&quoted_str, &quoted_str_len,
-+	if (__acl_high_water_alloc((void **)&quoted_str, &quoted_str_len,
- 			     (s - (unsigned char *)str) + nonpr * 3 + 1))
- 		return NULL;
- 	for (s = (unsigned char *)str, q = quoted_str; *s != '\0'; s++) {
-diff --git a/libmisc/unquote.c b/libmisc/unquote.c
-index bffebf9..4f4ce7c 100644
---- a/libmisc/unquote.c
-+++ b/libmisc/unquote.c
-@@ -22,7 +22,7 @@
- #include <ctype.h>
- #include "misc.h"
- 
--char *unquote(char *str)
-+char *__acl_unquote(char *str)
- {
- 	unsigned char *s, *t;
- 
-diff --git a/setfacl/parse.c b/setfacl/parse.c
-index e7e6add..7433459 100644
---- a/setfacl/parse.c
-+++ b/setfacl/parse.c
-@@ -226,7 +226,7 @@ user_entry:
- 			str = get_token(text_p);
- 			if (str) {
- 				cmd->c_tag = ACL_USER;
--				error = get_uid(unquote(str), &cmd->c_id);
-+				error = get_uid(__acl_unquote(str), &cmd->c_id);
- 				free(str);
- 				if (error) {
- 					*text_p = backup;
-@@ -245,7 +245,7 @@ user_entry:
- 			str = get_token(text_p);
- 			if (str) {
- 				cmd->c_tag = ACL_GROUP;
--				error = get_gid(unquote(str), &cmd->c_id); 
-+				error = get_gid(__acl_unquote(str), &cmd->c_id);
- 				free(str);
- 				if (error) {
- 					*text_p = backup;
-@@ -466,7 +466,7 @@ read_acl_comments(
- 		if (strncmp(cp, "file:", 5) == 0) {
- 			cp += 5;
- 			SKIP_WS(cp);
--			cp = unquote(cp);
-+			cp = __acl_unquote(cp);
- 			
- 			if (path_p) {
- 				if (*path_p)
-@@ -483,7 +483,7 @@ read_acl_comments(
- 			if (uid_p) {
- 				if (*uid_p != ACL_UNDEFINED_ID)
- 					goto fail;
--				if (get_uid(unquote(cp), uid_p) != 0)
-+				if (get_uid(__acl_unquote(cp), uid_p) != 0)
- 					continue;
- 			}
- 		} else if (strncmp(cp, "group:", 6) == 0) {
-@@ -493,7 +493,7 @@ read_acl_comments(
- 			if (gid_p) {
- 				if (*gid_p != ACL_UNDEFINED_ID)
- 					goto fail;
--				if (get_gid(unquote(cp), gid_p) != 0)
-+				if (get_gid(__acl_unquote(cp), gid_p) != 0)
- 					continue;
- 			}
- 		} else if (strncmp(cp, "flags:", 6) == 0) {
-diff --git a/setfacl/setfacl.c b/setfacl/setfacl.c
-index 81062a6..fb2d172 100644
---- a/setfacl/setfacl.c
-+++ b/setfacl/setfacl.c
-@@ -92,7 +92,7 @@ int promote_warning;
- 
- static const char *xquote(const char *str, const char *quote_chars)
- {
--	const char *q = quote(str, quote_chars);
-+	const char *q = __acl_quote(str, quote_chars);
- 	if (q == NULL) {
- 		fprintf(stderr, "%s: %s\n", progname, strerror(errno));
- 		exit(1);
-@@ -311,7 +311,7 @@ int next_file(const char *arg, seq_t seq)
- 	args.seq = seq;
- 
- 	if (strcmp(arg, "-") == 0) {
--		while ((line = next_line(stdin)))
-+		while ((line = __acl_next_line(stdin)))
- 			errors = walk_tree(line, walk_flags, 0, do_set, &args);
- 		if (!feof(stdin)) {
- 			fprintf(stderr, _("%s: Standard input: %s\n"),
--- 
-2.6.2
-

package/acl/0003-all-use-install-1-to-install-executables.patch

@@ -1,67 +0,0 @@
-From d3bd7b29b79147b4155e78a8ea06ded98b91f92a Mon Sep 17 00:00:00 2001
-From: "Yann E. MORIN" <yann.morin.1998@free.fr>
-Date: Tue, 8 May 2018 15:23:57 +0200
-Subject: [PATCH] all: use install(1) to install executables
-
-When the destination file already exists, the current install script
-will overwrite it with the new executable.
-
-However, when the existing executable is a symlink or hardlink to
-something else, like busybox, this effectively overwrites that something
-with the new executable, and thus replaces busybox and all its applets
-with the code for either of the three commands.
-
-We fix that by simply calling install(1). install(1) is sufficiently
-widespread that we don't bother checking for it, as tis is just a
-workaround while waiting for the version bump that will eventually fix
-it for good.
-
-Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
----
- chacl/Makefile   | 4 ++--
- getfacl/Makefile | 4 ++--
- setfacl/Makefile | 4 ++--
- 3 files changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/chacl/Makefile b/chacl/Makefile
-index 33858d6..c857329 100644
---- a/chacl/Makefile
-+++ b/chacl/Makefile
-@@ -30,6 +30,6 @@ default: $(LTCOMMAND)
- include $(BUILDRULES)
- 
- install: default
--	$(INSTALL) -m 755 -d $(PKG_BIN_DIR)
--	$(LTINSTALL) -m 755 $(LTCOMMAND) $(PKG_BIN_DIR)
-+	install -D -m 755 $(LTCOMMAND) $(PKG_BIN_DIR)/$(LTCOMMAND)
-+
- install-dev install-lib:
-diff --git a/getfacl/Makefile b/getfacl/Makefile
-index 7fbafda..8ac63e0 100644
---- a/getfacl/Makefile
-+++ b/getfacl/Makefile
-@@ -31,6 +31,6 @@ default: $(LTCOMMAND)
- include $(BUILDRULES)
- 
- install: default
--	$(INSTALL) -m 755 -d $(PKG_BIN_DIR)
--	$(LTINSTALL) -m 755 $(LTCOMMAND) $(PKG_BIN_DIR)
-+	install -D -m 755 $(LTCOMMAND) $(PKG_BIN_DIR)/$(LTCOMMAND)
-+
- install-dev install-lib:
-diff --git a/setfacl/Makefile b/setfacl/Makefile
-index c44e7c0..eea2ede 100644
---- a/setfacl/Makefile
-+++ b/setfacl/Makefile
-@@ -31,6 +31,6 @@ default: $(LTCOMMAND)
- include $(BUILDRULES)
- 
- install: default
--	$(INSTALL) -m 755 -d $(PKG_BIN_DIR)
--	$(LTINSTALL) -m 755 $(LTCOMMAND) $(PKG_BIN_DIR)
-+	install -D -m 755 $(LTCOMMAND) $(PKG_BIN_DIR)/$(LTCOMMAND)
-+
- install-dev install-lib:
--- 
-2.14.1
-

package/acl/acl.hash

@@ -1,2 +1,2 @@
 # Locally calculated after checking pgp signature
-sha256	179074bb0580c06c4b4137be4c5a92a701583277967acdb5546043c7874e0d23	acl-2.2.52.src.tar.gz
+sha256  06be9865c6f418d851ff4494e12406568353b891ffe1f596b34693c387af26c7  acl-2.2.53.tar.gz

package/acl/acl.mk

@@ -4,54 +4,18 @@
 #
 ################################################################################
 
-ACL_VERSION = 2.2.52
-ACL_SOURCE = acl-$(ACL_VERSION).src.tar.gz
+ACL_VERSION = 2.2.53
 ACL_SITE = http://download.savannah.gnu.org/releases/acl
-ACL_INSTALL_STAGING = YES
-ACL_DEPENDENCIES = attr
-ACL_CONF_OPTS = --enable-gettext=no
 ACL_LICENSE = GPL-2.0+ (programs), LGPL-2.1+ (libraries)
 ACL_LICENSE_FILES = doc/COPYING doc/COPYING.LGPL
 
-# While the configuration system uses autoconf, the Makefiles are
-# hand-written and do not use automake. Therefore, we have to hack
-# around their deficiencies by:
-# - explicitly passing CFLAGS (LDFLAGS are passed on from configure,
-#   CFLAGS are not).
-# - explicitly passing the installation prefix, not using DESTDIR.
-
-ACL_MAKE_ENV = CFLAGS="$(TARGET_CFLAGS)"
-
-ACL_INSTALL_STAGING_OPTS = \
-	prefix=$(STAGING_DIR)/usr \
-	exec_prefix=$(STAGING_DIR)/usr \
-	PKG_DEVLIB_DIR=$(STAGING_DIR)/usr/lib \
-	install-dev install-lib
-
-ACL_INSTALL_TARGET_OPTS = \
-	prefix=$(TARGET_DIR)/usr \
-	exec_prefix=$(TARGET_DIR)/usr \
-	install install-lib
-
-# The libdir variable in libacl.la is empty, so let's fix it. This is
-# probably due to acl not using automake, and not doing fully the
-# right thing with libtool.
-define ACL_FIX_LIBTOOL_LA_LIBDIR
-	$(SED) "s,libdir=.*,libdir='$(STAGING_DIR)'," \
-		$(STAGING_DIR)/usr/lib/libacl.la
-endef
-
-ACL_POST_INSTALL_STAGING_HOOKS += ACL_FIX_LIBTOOL_LA_LIBDIR
-
+ACL_DEPENDENCIES = attr
 HOST_ACL_DEPENDENCIES = host-attr
-HOST_ACL_CONF_OPTS = --enable-gettext=no
-HOST_ACL_MAKE_ENV = CFLAGS="$(HOST_CFLAGS)"
-HOST_ACL_INSTALL_OPTS = \
-	prefix=$(HOST_DIR) \
-	exec_prefix=$(HOST_DIR) \
-	PKG_DEVLIB_DIR=$(HOST_DIR)/lib \
-	install-dev install-lib
-# For the host, libacl.la is correct, no fixup needed.
+
+ACL_INSTALL_STAGING = YES
+
+ACL_CONF_OPTS = --disable-nls
+HOST_ACL_CONF_OPTS = --disable-nls
 
 $(eval $(autotools-package))
 $(eval $(host-autotools-package))

package/acpid/acpid.mk

@@ -15,9 +15,15 @@ define ACPID_INSTALL_INIT_SYSV
 		$(TARGET_DIR)/etc/init.d/S02acpid
 endef
 
+ifeq ($(BR2_INIT_SYSV)$(BR2_INIT_SYSTEMD),y)
+ACPID_POWEROFF_CMD = /sbin/shutdown -hP now
+else
+ACPID_POWEROFF_CMD = /sbin/poweroff
+endif
+
 define ACPID_SET_EVENTS
 	mkdir -p $(TARGET_DIR)/etc/acpi/events
-	printf "event=button[ /]power\naction=/sbin/poweroff\n" \
+	printf 'event=button[ /]power\naction=%s\n' '$(ACPID_POWEROFF_CMD)' \
 		>$(TARGET_DIR)/etc/acpi/events/powerbtn
 endef
 

package/android-tools/0008-Include-sysmacros.h-to-compile-with-glibc-2.28.patch

@@ -0,0 +1,42 @@
+usb_linux.c: fix minor()/major() build failure due to glibc 2.28
+
+glibc 2.28 no longer includes <sys/sysmacros.h> from <sys/types.h>,
+and therefore <sys/sysmacros.h> must be included explicitly when
+major()/minor() are used.
+
+This commit adds a patch to directly include <sys/sysmacros.h> into
+all usb_linux.c files where minor() and major() macros are used.
+
+diff -urpN host-android-tools-4.2.2+git20130218.orig/core/adb/usb_linux.c host-android-tools-4.2.2+git20130218/core/adb/usb_linux.c
+--- host-android-tools-4.2.2+git20130218.orig/core/adb/usb_linux.c	2013-02-18 15:49:03.000000000 +0100
++++ host-android-tools-4.2.2+git20130218/core/adb/usb_linux.c	2018-09-09 11:47:16.476292546 +0200
+@@ -20,6 +20,7 @@
+ #include <string.h>
+ 
+ #include <sys/ioctl.h>
++#include <sys/sysmacros.h>
+ #include <sys/types.h>
+ #include <sys/time.h>
+ #include <dirent.h>
+diff -urpN host-android-tools-4.2.2+git20130218.orig/core/adbd/usb_linux.c host-android-tools-4.2.2+git20130218/core/adbd/usb_linux.c
+--- host-android-tools-4.2.2+git20130218.orig/core/adbd/usb_linux.c	2018-09-09 02:32:57.154503866 +0200
++++ host-android-tools-4.2.2+git20130218/core/adbd/usb_linux.c	2018-09-09 11:47:28.148353880 +0200
+@@ -20,6 +20,7 @@
+ #include <string.h>
+ 
+ #include <sys/ioctl.h>
++#include <sys/sysmacros.h>
+ #include <sys/types.h>
+ #include <sys/time.h>
+ #include <dirent.h>
+diff -urpN host-android-tools-4.2.2+git20130218.orig/core/fastboot/usb_linux.c host-android-tools-4.2.2+git20130218/core/fastboot/usb_linux.c
+--- host-android-tools-4.2.2+git20130218.orig/core/fastboot/usb_linux.c	2013-02-18 15:49:03.000000000 +0100
++++ host-android-tools-4.2.2+git20130218/core/fastboot/usb_linux.c	2018-09-09 11:46:53.028169154 +0200
+@@ -33,6 +33,7 @@
+ 
+ #include <sys/ioctl.h>
+ #include <sys/stat.h>
++#include <sys/sysmacros.h>
+ #include <sys/types.h>
+ #include <dirent.h>
+ #include <fcntl.h>

package/android-tools/Config.in

@@ -15,6 +15,8 @@ config BR2_PACKAGE_ANDROID_TOOLS
 	  can be used to interact with target devices using of these
 	  protocols.
 
+	  https://wiki.debian.org/AndroidTools#Original_android-tools_package
+
 if BR2_PACKAGE_ANDROID_TOOLS
 
 # We need kernel headers that support the __SANE_USERSPACE_TYPES__

package/apache/apache.hash

@@ -1,3 +1,4 @@
-# From http://archive.apache.org/dist/httpd/httpd-2.4.33.tar.bz2.sha256
-sha256 de02511859b00d17845b9abdd1f975d5ccb5d0b280c567da5bf2ad4b70846f05 httpd-2.4.33.tar.bz2
+# From http://archive.apache.org/dist/httpd/httpd-2.4.35.tar.bz2.sha256
+sha256 2607c6fdd4d12ac3f583127629291e9432b247b782396a563bec5678aae69b56 httpd-2.4.35.tar.bz2
+# Locally computed
 sha256 c49c0819a726b70142621715dae3159c47b0349c2bc9db079070f28dadac0229 LICENSE

package/apache/apache.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-APACHE_VERSION = 2.4.33
+APACHE_VERSION = 2.4.35
 APACHE_SOURCE = httpd-$(APACHE_VERSION).tar.bz2
 APACHE_SITE = http://archive.apache.org/dist/httpd
 APACHE_LICENSE = Apache-2.0

package/arp-scan/Config.in

@@ -7,4 +7,4 @@ config BR2_PACKAGE_ARP_SCAN
 	  arp-scan is a command-line tool that uses the ARP protocol to
 	  discover and fingerprint IP hosts on the local network.
 
-	  http://www.nta-monitor.com/wiki/index.php/Arp-scan_Documentation
+	  https://github.com/royhills/arp-scan

package/attr/0001-build-with-older-GCCs.patch

@@ -0,0 +1,87 @@
+From 3ac428794ea0f95c854166c9c0cffb0267c5e98b Mon Sep 17 00:00:00 2001
+From: Hollis Blanchard <hollis_blanchard@mentor.com>
+Date: Mon, 30 Jul 2018 14:17:21 -0700
+Subject: [PATCH] Remove messages in "deprecated" gcc attributes
+
+GCC versions up through 4.4.7 (which is used in RHEL 6) do not accept
+any argument for the deprecated attribute. GCC 4.5 and later say the
+"msg" argument is optional. We don't need the messages during
+Buildroot builds anyways.
+
+Signed-off-by: Hollis Blanchard <hollis_blanchard@mentor.com>
+---
+ include/attributes.h | 20 ++++++++++----------
+ 1 file changed, 10 insertions(+), 10 deletions(-)
+
+diff --git a/include/attributes.h b/include/attributes.h
+index 14beb8f..23c39c8 100644
+--- a/include/attributes.h
++++ b/include/attributes.h
+@@ -127,10 +127,10 @@ typedef struct attr_multiop {
+  */
+ EXPORT int attr_get (const char *__path, const char *__attrname,
+ 			char *__attrvalue, int *__valuelength, int __flags)
+-	__attribute__ ((deprecated ("Use getxattr or lgetxattr instead")));
++	__attribute__ ((deprecated));
+ EXPORT int attr_getf (int __fd, const char *__attrname, char *__attrvalue,
+ 			int *__valuelength, int __flags)
+-	__attribute__ ((deprecated ("Use fgetxattr instead")));
++	__attribute__ ((deprecated));
+ 
+ /*
+  * Set the value of an attribute, creating the attribute if necessary.
+@@ -139,11 +139,11 @@ EXPORT int attr_getf (int __fd, const char *__attrname, char *__attrvalue,
+ EXPORT int attr_set (const char *__path, const char *__attrname,
+ 			const char *__attrvalue, const int __valuelength,
+ 			int __flags)
+-	__attribute__ ((deprecated ("Use setxattr or lsetxattr instead")));
++	__attribute__ ((deprecated));
+ EXPORT int attr_setf (int __fd, const char *__attrname,
+ 			const char *__attrvalue, const int __valuelength,
+ 			int __flags)
+-	__attribute__ ((deprecated ("Use fsetxattr instead")));
++	__attribute__ ((deprecated));
+ 
+ /*
+  * Remove an attribute.
+@@ -151,9 +151,9 @@ EXPORT int attr_setf (int __fd, const char *__attrname,
+  */
+ EXPORT int attr_remove (const char *__path, const char *__attrname,
+ 			int __flags)
+-	__attribute__ ((deprecated ("Use removexattr or lremovexattr instead")));
++	__attribute__ ((deprecated));
+ EXPORT int attr_removef (int __fd, const char *__attrname, int __flags)
+-	__attribute__ ((deprecated ("Use fremovexattr instead")));
++	__attribute__ ((deprecated));
+ 
+ /*
+  * List the names and sizes of the values of all the attributes of an object.
+@@ -164,10 +164,10 @@ EXPORT int attr_removef (int __fd, const char *__attrname, int __flags)
+  */
+ EXPORT int attr_list(const char *__path, char *__buffer, const int __buffersize,
+ 		int __flags, attrlist_cursor_t *__cursor)
+-	__attribute__ ((deprecated ("Use listxattr or llistxattr instead")));
++	__attribute__ ((deprecated));
+ EXPORT int attr_listf(int __fd, char *__buffer, const int __buffersize,
+ 		int __flags, attrlist_cursor_t *__cursor)
+-	__attribute__ ((deprecated ("Use flistxattr instead")));
++	__attribute__ ((deprecated));
+ 
+ /*
+  * Operate on multiple attributes of the same object simultaneously.
+@@ -188,10 +188,10 @@ EXPORT int attr_listf(int __fd, char *__buffer, const int __buffersize,
+  */
+ EXPORT int attr_multi (const char *__path, attr_multiop_t *__oplist,
+ 			int __count, int __flags)
+-	__attribute__ ((deprecated ("Use getxattr, setxattr, listxattr, removexattr instead")));
++	__attribute__ ((deprecated));
+ EXPORT int attr_multif (int __fd, attr_multiop_t *__oplist,
+ 			int __count, int __flags)
+-	__attribute__ ((deprecated ("Use getxattr, setxattr, listxattr, removexattr instead")));
++	__attribute__ ((deprecated));
+ 
+ #ifdef __cplusplus
+ }
+-- 
+2.13.0
+

package/attr/0001-support-static-installation.patch

@@ -1,29 +0,0 @@
-Support installation of .a file when doing static linking
-
-When doing static linking (i.e ENABLE_SHARED != yes), the attr build
-logic wasn't installing any library at all, not even the .a file which
-is needed for static linking. This patch fixes that.
-
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
-
-Index: b/include/buildmacros
-===================================================================
---- a/include/buildmacros
-+++ b/include/buildmacros
-@@ -97,7 +97,15 @@
- 
- INSTALL_LTLIB_STATIC = \
- 	cd $(TOPDIR)/$(LIBNAME)/.libs; \
--	../$(INSTALL) -m 755 -d $(PKG_DEVLIB_DIR);
-+	../$(INSTALL) -m 755 -d $(PKG_DEVLIB_DIR); \
-+	../$(INSTALL) -m 644 -T old_lib $(LIBNAME).la $(PKG_DEVLIB_DIR); \
-+	../$(INSTALL) -m 644 $(LIBNAME).la $(PKG_DEVLIB_DIR)/$(LIBNAME).la ; \
-+	../$(INSTALL) -m 755 -d $(PKG_LIB_DIR); \
-+	../$(INSTALL) -T so_base $(LIBNAME).la $(PKG_LIB_DIR); \
-+	if test "x$(PKG_DEVLIB_DIR)" != "x$(PKG_LIB_DIR)" ; then \
-+	../$(INSTALL) -S $(PKG_DEVLIB_DIR)/$(LIBNAME).a $(PKG_LIB_DIR)/$(LIBNAME).a; \
-+	../$(INSTALL) -S $(PKG_DEVLIB_DIR)/$(LIBNAME).la $(PKG_LIB_DIR)/$(LIBNAME).la; \
-+	fi
- 
- INSTALL_MAN = \
- 	@for d in $(MAN_PAGES); do \

package/attr/0002-avoid-glibc-specific-decls-defines.patch

@@ -1,37 +0,0 @@
-From 667137acaffb8d0cc62b47821a67a52ba0637d5c Mon Sep 17 00:00:00 2001
-From: Mike Frysinger <vapier@gentoo.org>
-Date: Fri, 10 Jan 2014 13:56:37 +0000
-Subject: avoid glibc-specific DECLS defines
-
-This matches what we do in all the other headers.
-
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
----
-diff --git a/include/xattr.h b/include/xattr.h
-index 70a84be..070d7c5 100644
---- a/include/xattr.h
-+++ b/include/xattr.h
-@@ -30,8 +30,9 @@
- #define XATTR_CREATE  0x1       /* set value, fail if attr already exists */
- #define XATTR_REPLACE 0x2       /* set value, fail if attr does not exist */
- 
--
--__BEGIN_DECLS
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
- 
- extern int setxattr (const char *__path, const char *__name,
- 		      const void *__value, size_t __size, int __flags) __THROW;
-@@ -58,6 +59,8 @@ extern int removexattr (const char *__path, const char *__name) __THROW;
- extern int lremovexattr (const char *__path, const char *__name) __THROW;
- extern int fremovexattr (int __filedes,   const char *__name) __THROW;
- 
--__END_DECLS
-+#ifdef __cplusplus
-+}
-+#endif
- 
- #endif	/* __XATTR_H__ */
---
-cgit v0.9.0.2

package/attr/0003-portability-fixes.patch

@@ -1,37 +0,0 @@
-From 92247401984dd9a80d9d0c8c030692323f980678 Mon Sep 17 00:00:00 2001
-From: Emmanuel Dreyfus <manu@netbsd.org>
-Date: Mon, 30 Jun 2014 13:06:05 +0000
-Subject: Portability fixes
-
-- <features.h>  is Linux specific
-- Define __THROW for non glibc based systems
-
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
----
-(limited to 'include/xattr.h')
-
-diff --git a/include/xattr.h b/include/xattr.h
-index 070d7c5..fd1f268 100644
---- a/include/xattr.h
-+++ b/include/xattr.h
-@@ -20,7 +20,18 @@
- #ifndef __XATTR_H__
- #define __XATTR_H__
- 
-+#if defined(linux)
- #include <features.h>
-+#endif
-+
-+/* Portability non glibc c++ build systems */
-+#ifndef __THROW
-+# if defined __cplusplus
-+#  define __THROW       throw ()
-+# else
-+#  define __THROW
-+# endif
-+#endif
- 
- #include <errno.h>
- #ifndef ENOATTR
---
-cgit v0.9.0.2

package/attr/0004-all-use-install-1-to-install-executables.patch

@@ -1,67 +0,0 @@
-From 4187e60ab52cac3ed36036a354977310dab68dcb Mon Sep 17 00:00:00 2001
-From: "Yann E. MORIN" <yann.morin.1998@free.fr>
-Date: Tue, 8 May 2018 15:16:10 +0200
-Subject: [PATCH] all: use install(1) to install executables
-
-When the destination file already exists, the current install script
-will overwrite it with the new executable.
-
-However, when the existing executable is a symlink or hardlink to
-something else, like busybox, this effectively overwrites that something
-with the new executable, and thus replaces busybox and all its applets
-with the code for either of the three commands.
-
-We fix that by simply calling install(1). install(1) is sufficiently
-widespread that we don't bother checking for it, as this is just a
-workaround while waiting for the version bump that will eventually fix
-it for good.
-
-Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
----
- attr/Makefile     | 4 ++--
- getfattr/Makefile | 4 ++--
- setfattr/Makefile | 4 ++--
- 3 files changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/attr/Makefile b/attr/Makefile
-index 1c467e8..326dd7e 100644
---- a/attr/Makefile
-+++ b/attr/Makefile
-@@ -29,6 +29,6 @@ default: $(LTCOMMAND)
- include $(BUILDRULES)
- 
- install: default
--	$(INSTALL) -m 755 -d $(PKG_BIN_DIR)
--	$(LTINSTALL) -m 755 $(LTCOMMAND) $(PKG_BIN_DIR)
-+	install -D -m 755 $(LTCOMMAND) $(PKG_BIN_DIR)/$(LTCOMMAND)
-+
- install-dev install-lib:
-diff --git a/getfattr/Makefile b/getfattr/Makefile
-index 91d3df2..f913172 100644
---- a/getfattr/Makefile
-+++ b/getfattr/Makefile
-@@ -30,6 +30,6 @@ default: $(LTCOMMAND)
- include $(BUILDRULES)
- 
- install: default
--	$(INSTALL) -m 755 -d $(PKG_BIN_DIR)
--	$(LTINSTALL) -m 755 $(LTCOMMAND) $(PKG_BIN_DIR)
-+	install -D -m 755 $(LTCOMMAND) $(PKG_BIN_DIR)/$(LTCOMMAND)
-+
- install-dev install-lib:
-diff --git a/setfattr/Makefile b/setfattr/Makefile
-index d55461b..26dc5d8 100644
---- a/setfattr/Makefile
-+++ b/setfattr/Makefile
-@@ -30,6 +30,6 @@ default: $(LTCOMMAND)
- include $(BUILDRULES)
- 
- install: default
--	$(INSTALL) -m 755 -d $(PKG_BIN_DIR)
--	$(LTINSTALL) -m 755 $(LTCOMMAND) $(PKG_BIN_DIR)
-+	install -D -m 755 $(LTCOMMAND) $(PKG_BIN_DIR)/$(LTCOMMAND)
-+
- install-dev install-lib:
--- 
-2.14.1
-

package/attr/attr.hash

@@ -1,2 +1,2 @@
 # Locally calculated after checking pgp signature
-sha256	25772f653ac5b2e3ceeb89df50e4688891e21f723c460636548971652af0a859	attr-2.4.47.src.tar.gz
+sha256  5ead72b358ec709ed00bbf7a9eaef1654baad937c001c044fe8b74c57f5324e7  attr-2.4.48.tar.gz

package/attr/attr.mk

@@ -4,43 +4,15 @@
 #
 ################################################################################
 
-ATTR_VERSION = 2.4.47
-ATTR_SOURCE = attr-$(ATTR_VERSION).src.tar.gz
+ATTR_VERSION = 2.4.48
 ATTR_SITE = http://download.savannah.gnu.org/releases/attr
-ATTR_INSTALL_STAGING = YES
-ATTR_CONF_OPTS = --enable-gettext=no
-HOST_ATTR_CONF_OPTS = --enable-gettext=no
 ATTR_LICENSE = GPL-2.0+ (programs), LGPL-2.1+ (libraries)
 ATTR_LICENSE_FILES = doc/COPYING doc/COPYING.LGPL
 
-# While the configuration system uses autoconf, the Makefiles are
-# hand-written and do not use automake. Therefore, we have to hack
-# around their deficiencies by passing installation paths.
-ATTR_INSTALL_STAGING_OPTS = \
-	prefix=$(STAGING_DIR)/usr \
-	exec_prefix=$(STAGING_DIR)/usr \
-	PKG_DEVLIB_DIR=$(STAGING_DIR)/usr/lib \
-	install-dev install-lib
+ATTR_INSTALL_STAGING = YES
 
-ATTR_INSTALL_TARGET_OPTS = \
-	prefix=$(TARGET_DIR)/usr \
-	exec_prefix=$(TARGET_DIR)/usr \
-	install install-lib
-
-HOST_ATTR_INSTALL_OPTS = \
-	prefix=$(HOST_DIR) \
-	exec_prefix=$(HOST_DIR) \
-	install-dev install-lib
-
-# The libdir variable in libattr.la is empty, so let's fix it. This is
-# probably due to attr not using automake, and not doing fully the
-# right thing with libtool.
-define ATTR_FIX_LIBTOOL_LA_LIBDIR
-	$(SED) "s,libdir=.*,libdir='$(STAGING_DIR)'," \
-		$(STAGING_DIR)/usr/lib/libattr.la
-endef
-
-ATTR_POST_INSTALL_STAGING_HOOKS += ATTR_FIX_LIBTOOL_LA_LIBDIR
+ATTR_CONF_OPTS = --disable-nls
+HOST_ATTR_CONF_OPTS = --disable-nls
 
 $(eval $(autotools-package))
 $(eval $(host-autotools-package))

package/bandwidthd/Config.in

@@ -25,8 +25,10 @@ config BR2_PACKAGE_BANDWIDTHD
 	  available on github that works on making BandwidthD's build
 	  process more compatible with buildroot's.
 
-	  Upstream: http://bandwidthd.sourceforge.net/
-	  Github fork: http://github.com/nroach44/bandwidthd
+	  Upstream:
+	  http://bandwidthd.sourceforge.net/
+	  Github fork:
+	  http://github.com/nroach44/bandwidthd
 
 if BR2_PACKAGE_BANDWIDTHD
 

package/bind/bind.hash

@@ -1,4 +1,4 @@
-# Verified from https://ftp.isc.org/isc/bind9/9.11.4/bind-9.11.4.tar.gz.asc
+# Verified from https://ftp.isc.org/isc/bind9/9.11.4-P1/bind-9.11.4-P1.tar.gz.asc
 # with key BE0E9748B718253A28BB89FFF1B11BF05CF02E57
-sha256 595070b031f869f8939656b5a5d11b121211967f15f6afeafa895df745279617 bind-9.11.4.tar.gz
+sha256 a85af7b629109d41285c7adeae1515daac638bbe4d5dc30d1f4b343dff09d811 bind-9.11.4-P2.tar.gz
 sha256 336f3c40e37a1a13690efb4c63e20908faa4c40498cc02f3579fb67d3a1933a5 COPYRIGHT

package/bind/bind.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-BIND_VERSION = 9.11.4
+BIND_VERSION = 9.11.4-P2
 BIND_SITE = http://ftp.isc.org/isc/bind9/$(BIND_VERSION)
 # bind does not support parallel builds.
 BIND_MAKE = $(MAKE1)

package/bison/0001-fflush-adjust-to-glibc-2.28-libio.h-removal.patch

@@ -0,0 +1,50 @@
+From 4af4a4a71827c0bc5e0ec67af23edef4f15cee8e Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert@cs.ucla.edu>
+Date: Mon, 5 Mar 2018 10:56:29 -0800
+Subject: [PATCH 1/1] fflush: adjust to glibc 2.28 libio.h removal
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Problem reported by Daniel P. Berrangé in:
+https://lists.gnu.org/r/bug-gnulib/2018-03/msg00000.html
+* lib/fbufmode.c (fbufmode):
+* lib/fflush.c (clear_ungetc_buffer_preserving_position)
+(disable_seek_optimization, rpl_fflush):
+* lib/fpending.c (__fpending):
+* lib/fpurge.c (fpurge):
+* lib/freadable.c (freadable):
+* lib/freadahead.c (freadahead):
+* lib/freading.c (freading):
+* lib/freadptr.c (freadptr):
+* lib/freadseek.c (freadptrinc):
+* lib/fseeko.c (fseeko):
+* lib/fseterr.c (fseterr):
+* lib/fwritable.c (fwritable):
+* lib/fwriting.c (fwriting):
+Check _IO_EOF_SEEN instead of _IO_ftrylockfile.
+* lib/stdio-impl.h (_IO_IN_BACKUP) [_IO_EOF_SEEN]:
+Define if not already defined.
+---
+ lib/fseterr.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+[yann.morin.1998@free.fr: partially backport from upstream gnulib]
+Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
+
+diff --git a/lib/fseterr.c b/lib/fseterr.c
+index 82649c3ac..adb637256 100644
+--- a/lib/fseterr.c
++++ b/lib/fseterr.c
+@@ -29,7 +29,7 @@ fseterr (FILE *fp)
+   /* Most systems provide FILE as a struct and the necessary bitmask in
+      <stdio.h>, because they need it for implementing getc() and putc() as
+      fast macros.  */
+-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
++#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+   fp->_flags |= _IO_ERR_SEEN;
+ #elif defined __sferror || defined __DragonFly__ || defined __ANDROID__
+   /* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Minix 3, Android */
+-- 
+2.14.1
+

package/bison/0002-fflush-be-more-paranoid-about-libio.h-change.patch

@@ -0,0 +1,46 @@
+From 74d9d6a293d7462dea8f83e7fc5ac792e956a0ad Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert@cs.ucla.edu>
+Date: Thu, 8 Mar 2018 16:42:45 -0800
+Subject: [PATCH 2/2] fflush: be more paranoid about libio.h change
+
+Suggested by Eli Zaretskii in:
+https://lists.gnu.org/r/emacs-devel/2018-03/msg00270.html
+* lib/fbufmode.c (fbufmode):
+* lib/fflush.c (clear_ungetc_buffer_preserving_position)
+(disable_seek_optimization, rpl_fflush):
+* lib/fpending.c (__fpending):
+* lib/fpurge.c (fpurge):
+* lib/freadable.c (freadable):
+* lib/freadahead.c (freadahead):
+* lib/freading.c (freading):
+* lib/freadptr.c (freadptr):
+* lib/freadseek.c (freadptrinc):
+* lib/fseeko.c (fseeko):
+* lib/fseterr.c (fseterr):
+* lib/fwritable.c (fwritable):
+* lib/fwriting.c (fwriting):
+Look at _IO_ftrylockfile as well as at _IO_EOF_SEEN.
+---
+ lib/fseterr.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+[yann.morin.1998@free.fr: partially backport from upstream gnulib]
+Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
+
+diff --git a/lib/fseterr.c b/lib/fseterr.c
+index adb637256..fd9da6338 100644
+--- a/lib/fseterr.c
++++ b/lib/fseterr.c
+@@ -29,7 +29,8 @@ fseterr (FILE *fp)
+   /* Most systems provide FILE as a struct and the necessary bitmask in
+      <stdio.h>, because they need it for implementing getc() and putc() as
+      fast macros.  */
+-#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
++#if defined _IO_EOF_SEEN || defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1
++  /* GNU libc, BeOS, Haiku, Linux libc5 */
+   fp->_flags |= _IO_ERR_SEEN;
+ #elif defined __sferror || defined __DragonFly__ || defined __ANDROID__
+   /* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Minix 3, Android */
+-- 
+2.14.1
+

package/brltty/0004-buildsys-fix-cross-compilation.patch

@@ -0,0 +1,41 @@
+From 088666535a045dae71bd2fcc6b3a1553023106ce Mon Sep 17 00:00:00 2001
+From: "Yann E. MORIN" <yann.morin.1998@free.fr>
+Date: Wed, 22 Aug 2018 10:10:19 +0200
+Subject: [PATCH] buildsys: fix cross-compilation
+
+Some identifiers for includes and libs paths may contain digit, e.g.
+X11_PACKAGE or ATSPI2_PACKAGE or GLIB2_PACKAGE...
+
+Also detect those identifiers when doing cros-compilation, so that the
+_FOR_BUILD variants are really created and do not clash with the target
+variants.
+
+Fixes:
+    http://autobuild.buildroot.org/results/a37/a37782b3cfc1a96cc129db8fade20a36a7b2d470/build-end.log
+    http://autobuild.buildroot.org/results/97e/97edc6a47d2140968e84b409cdc960604e5896f2/build-end.log
+    [...]
+
+Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
+---
+Upstram status: submitted
+https://github.com/brltty/brltty/pull/142
+---
+ mk4build | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/mk4build b/mk4build
+index db90c86a9..551283825 100755
+--- a/mk4build
++++ b/mk4build
+@@ -112,7 +112,7 @@ fi
+ 
+ sedScript="${outputName}.${sedExtension}"
+ sed -n -e '
+-s/^ *\([A-Za-z][A-Za-z_]*\) *=.*$/\1/
++s/^ *\([A-Za-z][A-Za-z0-9_]*\) *=.*$/\1/
+ t found
+ d
+ :found
+-- 
+2.14.1
+

package/brotli/0001-CMake-Allow-using-BUILD_SHARED_LIBS-to-choose-static.patch

@@ -0,0 +1,144 @@
+From b60b613e7c2c9bf7a142c3c486ac6e77ad93f5d1 Mon Sep 17 00:00:00 2001
+From: Adrian Perez de Castro <aperez@igalia.com>
+Date: Mon, 26 Mar 2018 19:08:31 +0100
+Subject: [PATCH] CMake: Allow using BUILD_SHARED_LIBS to choose static/shared
+ libs
+
+By convention projects using CMake which can build either static or
+shared libraries use a BUILD_SHARED_LIBS flag to allow selecting between
+both: the add_library() command automatically switches between both using
+this variable when the library kind is not passed to add_library(). It
+is also usual to expose the BUILD_SHARED_LIBS as an user-facing setting
+with the option() command.
+
+This way, the following will both work as expected:
+
+   % cmake -DBUILD_SHARED_LIBS=OFF ...
+   % cmake -DBUILS_SHARED_LIBS=ON ...
+
+This is helpful for distributions which need (or want) to build only
+static libraries.
+---
+ CMakeLists.txt        | 42 ++++++++++++++----------------------------
+ c/fuzz/test_fuzzer.sh |  6 +++---
+ 2 files changed, 17 insertions(+), 31 deletions(-)
+
+Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
+Upstream-Status: Submitted [https://github.com/google/brotli/pull/655]
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 99b9258..3867931 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -6,6 +6,8 @@ cmake_minimum_required(VERSION 2.8.6)
+ 
+ project(brotli C)
+ 
++option(BUILD_SHARED_LIBS "Build shared libraries" ON)
++
+ # If Brotli is being bundled in another project, we don't want to
+ # install anything.  However, we want to let people override this, so
+ # we'll use the BROTLI_BUNDLED_MODE variable to let them do that; just
+@@ -114,10 +116,6 @@ set(BROTLI_LIBRARIES_CORE brotlienc brotlidec brotlicommon)
+ set(BROTLI_LIBRARIES ${BROTLI_LIBRARIES_CORE} ${LIBM_LIBRARY})
+ mark_as_advanced(BROTLI_LIBRARIES)
+ 
+-set(BROTLI_LIBRARIES_CORE_STATIC brotlienc-static brotlidec-static brotlicommon-static)
+-set(BROTLI_LIBRARIES_STATIC ${BROTLI_LIBRARIES_CORE_STATIC} ${LIBM_LIBRARY})
+-mark_as_advanced(BROTLI_LIBRARIES_STATIC)
+-
+ if(${CMAKE_SYSTEM_NAME} MATCHES "Linux")
+   add_definitions(-DOS_LINUX)
+ elseif(${CMAKE_SYSTEM_NAME} MATCHES "FreeBSD")
+@@ -137,24 +135,22 @@ endfunction()
+ transform_sources_list("scripts/sources.lst" "${CMAKE_CURRENT_BINARY_DIR}/sources.lst.cmake")
+ include("${CMAKE_CURRENT_BINARY_DIR}/sources.lst.cmake")
+ 
+-add_library(brotlicommon SHARED ${BROTLI_COMMON_C})
+-add_library(brotlidec SHARED ${BROTLI_DEC_C})
+-add_library(brotlienc SHARED ${BROTLI_ENC_C})
+-
+-add_library(brotlicommon-static STATIC ${BROTLI_COMMON_C})
+-add_library(brotlidec-static STATIC ${BROTLI_DEC_C})
+-add_library(brotlienc-static STATIC ${BROTLI_ENC_C})
++add_library(brotlicommon ${BROTLI_COMMON_C})
++add_library(brotlidec ${BROTLI_DEC_C})
++add_library(brotlienc ${BROTLI_ENC_C})
+ 
+ # Older CMake versions does not understand INCLUDE_DIRECTORIES property.
+ include_directories(${BROTLI_INCLUDE_DIRS})
+ 
++if(BUILD_SHARED_LIBS)
++  foreach(lib brotlicommon brotlidec brotlienc)
++    target_compile_definitions(${lib} PUBLIC "BROTLI_SHARED_COMPILATION" )
++    string(TOUPPER "${lib}" LIB)
++    set_target_properties (${lib} PROPERTIES DEFINE_SYMBOL "${LIB}_SHARED_COMPILATION" )
++  endforeach()
++endif()
++
+ foreach(lib brotlicommon brotlidec brotlienc)
+-  target_compile_definitions(${lib} PUBLIC "BROTLI_SHARED_COMPILATION" )
+-  string(TOUPPER "${lib}" LIB)
+-  set_target_properties (${lib} PROPERTIES DEFINE_SYMBOL "${LIB}_SHARED_COMPILATION" )
+-endforeach()
+-
+-foreach(lib brotlicommon brotlidec brotlienc brotlicommon-static brotlidec-static brotlienc-static)
+   target_link_libraries(${lib} ${LIBM_LIBRARY})
+   set_property(TARGET ${lib} APPEND PROPERTY INCLUDE_DIRECTORIES ${BROTLI_INCLUDE_DIRS})
+   set_target_properties(${lib} PROPERTIES
+@@ -167,9 +163,6 @@ endforeach()
+ target_link_libraries(brotlidec brotlicommon)
+ target_link_libraries(brotlienc brotlicommon)
+ 
+-target_link_libraries(brotlidec-static brotlicommon-static)
+-target_link_libraries(brotlienc-static brotlicommon-static)
+-
+ # For projects stuck on older versions of CMake, this will set the
+ # BROTLI_INCLUDE_DIRS and BROTLI_LIBRARIES variables so they still
+ # have a relatively easy way to use Brotli:
+@@ -183,7 +176,7 @@ endif()
+ 
+ # Build the brotli executable
+ add_executable(brotli ${BROTLI_CLI_C})
+-target_link_libraries(brotli ${BROTLI_LIBRARIES_STATIC})
++target_link_libraries(brotli ${BROTLI_LIBRARIES})
+ 
+ # Installation
+ if(NOT BROTLI_BUNDLED_MODE)
+@@ -199,13 +192,6 @@ if(NOT BROTLI_BUNDLED_MODE)
+     RUNTIME DESTINATION "${CMAKE_INSTALL_BINDIR}"
+   )
+ 
+-  install(
+-    TARGETS ${BROTLI_LIBRARIES_CORE_STATIC}
+-    ARCHIVE DESTINATION "${CMAKE_INSTALL_LIBDIR}"
+-    LIBRARY DESTINATION "${CMAKE_INSTALL_LIBDIR}"
+-    RUNTIME DESTINATION "${CMAKE_INSTALL_BINDIR}"
+-  )
+-
+   install(
+     DIRECTORY ${BROTLI_INCLUDE_DIRS}/brotli
+     DESTINATION "${CMAKE_INSTALL_INCLUDEDIR}"
+diff --git a/c/fuzz/test_fuzzer.sh b/c/fuzz/test_fuzzer.sh
+index 5c754e1..e85e12f 100755
+--- a/c/fuzz/test_fuzzer.sh
++++ b/c/fuzz/test_fuzzer.sh
+@@ -14,12 +14,12 @@ mkdir bin
+ cd bin
+ 
+ cmake $BROTLI -DCMAKE_C_COMPILER="$CC" -DCMAKE_CXX_COMPILER="$CXX" \
+-    -DBUILD_TESTING=OFF -DENABLE_SANITIZER=address
+-make -j$(nproc) brotlidec-static
++    -DBUILD_TESTING=OFF -DBUILD_SHARED_LIBS=OFF -DENABLE_SANITIZER=address
++make -j$(nproc) brotlidec
+ 
+ ${CXX} -o run_decode_fuzzer -std=c++11 -fsanitize=address -I$SRC/include \
+     $SRC/fuzz/decode_fuzzer.cc $SRC/fuzz/run_decode_fuzzer.cc \
+-    ./libbrotlidec-static.a ./libbrotlicommon-static.a
++    ./libbrotlidec.a ./libbrotlicommon.a
+ 
+ mkdir decode_corpora
+ unzip $BROTLI/java/org/brotli/integration/fuzz_data.zip -d decode_corpora
+-- 
+2.16.3
+

package/brotli/0001-Tell-CMake-to-not-check-for-a-C-compiler.patch

@@ -0,0 +1,31 @@
+From fea0b1e46c486225d57e730cc0f94fa06b5b93fc Mon Sep 17 00:00:00 2001
+From: Adrian Perez de Castro <aperez@igalia.com>
+Date: Mon, 26 Mar 2018 12:12:00 +0100
+Subject: [PATCH] Tell CMake to not check for a C++ compiler
+
+By default CMake checks both for C and C++ compilers, while the latter
+is not needed. Setting the list of languages to just "C" in the call to
+project() removes the unneeded check.
+---
+ CMakeLists.txt | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
+Upstream-Status: Submitted [https://github.com/google/brotli/pull/653]
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 2dc7232..3fbcbfb 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -4,7 +4,7 @@
+ # support 2.8.7.
+ cmake_minimum_required(VERSION 2.8.6)
+ 
+-project(brotli)
++project(brotli LANGUAGES C)
+ 
+ # If Brotli is being bundled in another project, we don't want to
+ # install anything.  However, we want to let people override this, so
+-- 
+2.16.3
+

package/brotli/Config.in

@@ -0,0 +1,12 @@
+config BR2_PACKAGE_BROTLI
+	bool "brotli"
+	help
+	  Generic-purpose lossless compression library. The algorithm
+	  compresses data using a combination of a modern variant of
+	  the LZ77 algorithm, Huffman coding and 2nd order context
+	  modeling, with a compression ratio comparable to the best
+	  currently available general-purpose compression methods. It
+	  is similar in speed with deflate but offers more dense
+	  compression.
+
+	  https://github.com/google/brotli

package/brotli/brotli.hash

@@ -0,0 +1,5 @@
+# Locally generated:
+sha512  93adcf437d730ac403e444285ac8aefbb2c8a6b5e1b064e8ee33684c067287a8159e0ee73d2217c167881e87da73fa494792d963a15508fd42b2ac4a5b52823c  v1.0.3.tar.gz
+
+# Hash for license files:
+sha512  bae78184c2f50f86d8c727826d3982c469454c42b9af81f4ef007e39036434fa894cf5be3bf5fc65b7de2301f0a72d067a8186e303327db8a96bd14867e0a3a8  LICENSE

package/brotli/brotli.mk

@@ -0,0 +1,17 @@
+################################################################################
+#
+# brotli
+#
+################################################################################
+
+BROTLI_VERSION = 1.0.3
+BROTLI_SOURCE = v$(BROTLI_VERSION).tar.gz
+BROTLI_SITE = https://github.com/google/brotli/archive
+BROTLI_LICENSE = MIT
+BROTLI_LICENSE_FILES = LICENSE
+BROTLI_INSTALL_STAGING = YES
+BROTLI_CONF_OPTS = \
+	-DBROTLI_DISABLE_TESTS=ON \
+	-DBROTLI_BUNDLED_MODE=OFF
+
+$(eval $(cmake-package))

package/bzip2/Config.in

@@ -5,5 +5,3 @@ config BR2_PACKAGE_BZIP2
 	  It typically compresses files to within 10% to 15% of the best
 	  available techniques, while being around twice as fast at
 	  compression and six times faster at decompression.
-
-	  http://www.bzip.org

package/bzip2/bzip2.mk

@@ -5,7 +5,7 @@
 ################################################################################
 
 BZIP2_VERSION = 1.0.6
-BZIP2_SITE = http://www.bzip.org/$(BZIP2_VERSION)
+BZIP2_SITE = http://sources.buildroot.net
 BZIP2_INSTALL_STAGING = YES
 BZIP2_LICENSE = bzip2 license
 BZIP2_LICENSE_FILES = LICENSE

package/chrony/0002-util-fall-back-to-reading-dev-urandom-when-getrandom.patch

@@ -0,0 +1,42 @@
+From 7c5bd948bb7e21fa0ee22f29e97748b2d0360319 Mon Sep 17 00:00:00 2001
+From: Miroslav Lichvar <mlichvar@redhat.com>
+Date: Thu, 17 May 2018 14:16:58 +0200
+Subject: [PATCH] util: fall back to reading /dev/urandom when getrandom()
+ blocks
+
+With recent changes in the Linux kernel, the getrandom() system call may
+block for a long time after boot on machines that don't have enough
+entropy. It blocks the chronyd's initialization before it can detach
+from the terminal and may cause a chronyd service to fail to start due
+to a timeout.
+
+At least for now, enable the GRND_NONBLOCK flag to make the system call
+non-blocking and let the code fall back to reading /dev/urandom (which
+never blocks) if the system call failed with EAGAIN or any other error.
+
+This makes the start of chronyd non-deterministic with respect to files
+that it needs to open and possibly also makes it slightly easier to
+guess the transmit/receive timestamp in client requests until the
+urandom source is fully initialized.
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ util.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/util.c b/util.c
+index 4b3e455..76417d5 100644
+--- a/util.c
++++ b/util.c
+@@ -1224,7 +1224,7 @@ get_random_bytes_getrandom(char *buf, unsigned int len)
+       if (disabled)
+         break;
+ 
+-      if (getrandom(rand_buf, sizeof (rand_buf), 0) != sizeof (rand_buf)) {
++      if (getrandom(rand_buf, sizeof (rand_buf), GRND_NONBLOCK) != sizeof (rand_buf)) {
+         disabled = 1;
+         break;
+       }
+-- 
+2.11.0
+

package/clamav/clamav.hash

@@ -1,5 +1,5 @@
 # Locally calculated
-sha256 84e026655152247de7237184ee13003701c40be030dd68e0316111049f58a59f  clamav-0.100.1.tar.gz
+sha256 4a2e4f0cd41e62adb5a713b4a1857c49145cd09a69957e6d946ecad575206dd6  clamav-0.100.2.tar.gz
 sha256 0c4fd2fa9733fc9122503797648710851e4ee6d9e4969dd33fcbd8c63cd2f584  COPYING
 sha256 d72a145c90918184a05ef65a04c9e6f7466faa59bc1b82c8f6a8ddc7ddcb9bed  COPYING.bzip2
 sha256 dfb818a0d41411c6fb1c193c68b73018ceadd1994bda41ad541cbff292894bc6  COPYING.file

package/clamav/clamav.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-CLAMAV_VERSION = 0.100.1
+CLAMAV_VERSION = 0.100.2
 CLAMAV_SITE = https://www.clamav.net/downloads/production
 CLAMAV_LICENSE = GPL-2.0
 CLAMAV_LICENSE_FILES = COPYING COPYING.bzip2 COPYING.file COPYING.getopt \

package/connman/Config.in

@@ -14,7 +14,7 @@ config BR2_PACKAGE_CONNMAN
 	  for managing internet connections within embedded devices
 	  running the Linux operating system.
 
-	  For more information, see https://01.org/connman
+	  https://01.org/connman
 
 if BR2_PACKAGE_CONNMAN
 

package/cppcms/cppcms.hash

@@ -3,3 +3,5 @@ sha1	15f21897c14acfd4b0c74622e49d95857f2fe939	cppcms-1.0.5.tar.bz2
 md5	d668c201dd31fff8090380ebdc0bcc2b	cppcms-1.0.5.tar.bz2
 # Locally computed:
 sha256	84b685977bca97c3e997497f227bd5906adb80555066d811a7046b01c2f51865	cppcms-1.0.5.tar.bz2
+sha256	2ff22bab712c46dbadf9bae0f759bbc95d5d87614cacb7ebc3d5a50910603d6a	COPYING.TXT
+sha256	70fbf0194bee0f444c57ecd47e7d976a3e5a890e4421a21aab49f2d214267e69	THIRD_PARTY_SOFTWARE.TXT

package/cppcms/cppcms.mk

@@ -6,8 +6,8 @@
 
 CPPCMS_VERSION = 1.0.5
 CPPCMS_SOURCE = cppcms-$(CPPCMS_VERSION).tar.bz2
-CPPCMS_LICENSE = LGPL-3.0
-CPPCMS_LICENSE_FILES = COPYING.TXT
+CPPCMS_LICENSE = LGPL-3.0, BSL-1.0 (boost), MIT (base64.cpp), Public Domain (json2.js), Zlib (md5)
+CPPCMS_LICENSE_FILES = COPYING.TXT THIRD_PARTY_SOFTWARE.TXT
 CPPCMS_SITE = http://downloads.sourceforge.net/project/cppcms/cppcms/$(CPPCMS_VERSION)
 CPPCMS_INSTALL_STAGING = YES
 CPPCMS_CXXFLAGS = $(TARGET_CXXFLAGS)

package/cramfs/0004-Include-sysmacros.h-to-compile-with-glibc-2.28.patch

@@ -0,0 +1,33 @@
+Fix minor()/major() build failure due to glibc 2.28
+
+glibc 2.28 no longer includes <sys/sysmacros.h> from <sys/types.h>,
+and therefore <sys/sysmacros.h> must be included explicitly when
+major()/minor() are used.
+
+This commit directly includes <sys/sysmacros.h> into cramfsck.c and
+mkcramfs.c files where minor() and major() macros are used.
+
+Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
+---
+diff -urpN host-cramfs-1.1.orig/cramfsck.c host-cramfs-1.1/cramfsck.c
+--- host-cramfs-1.1.orig/cramfsck.c	2018-09-27 16:48:09.704782201 +0200
++++ host-cramfs-1.1/cramfsck.c	2018-09-27 16:49:12.841138657 +0200
+@@ -38,6 +38,7 @@
+ 
+ #define _GNU_SOURCE
+ #include <sys/types.h>
++#include <sys/sysmacros.h>
+ #include <stdio.h>
+ #include <stdarg.h>
+ #include <sys/stat.h>
+diff -urpN host-cramfs-1.1.orig/mkcramfs.c host-cramfs-1.1/mkcramfs.c
+--- host-cramfs-1.1.orig/mkcramfs.c	2018-09-27 16:48:09.712782246 +0200
++++ host-cramfs-1.1/mkcramfs.c	2018-09-27 16:48:59.777064921 +0200
+@@ -24,6 +24,7 @@
+ 
+ #define _GNU_SOURCE
+ #include <sys/types.h>
++#include <sys/sysmacros.h>
+ #include <stdio.h>
+ #include <sys/stat.h>
+ #include <unistd.h>

package/crda/Config.in

@@ -15,7 +15,7 @@ config BR2_PACKAGE_CRDA
 	  query and apply the regulatory domain settings wireless
 	  devices may operate within for a given location.
 
-	  http://linuxwireless.org/en/developers/Regulatory/CRDA
+	  https://wireless.wiki.kernel.org/en/developers/regulatory/crda
 
 comment "crda needs a toolchain w/ threads, dynamic library"
 	depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS

package/cryptsetup/0001-Remove-json_object-typedef.patch

@@ -0,0 +1,46 @@
+From 567e7f8664c621f8aeaa95d9f4ab4b590574f572 Mon Sep 17 00:00:00 2001
+From: Baruch Siach <baruch@tkos.co.il>
+Date: Wed, 15 Aug 2018 14:13:46 +0300
+Subject: [PATCH] Remove json_object typedef
+
+The json-c header already defines the same typedef. While C11 allows
+typedef redefinition to the same type, older versions of gcc disallow
+that.
+
+In file included from lib/luks2/luks2_internal.h:32,
+                 from lib/luks2/luks2_disk_metadata.c:24:
+lib/luks2/luks2.h:86: error: redefinition of typedef 'json_object'
+
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+ lib/luks2/luks2.h | 1 -
+ lib/setup.c       | 1 +
+ 2 files changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/luks2/luks2.h b/lib/luks2/luks2.h
+index ee57b41ba974..25e36190da45 100644
+--- a/lib/luks2/luks2.h
++++ b/lib/luks2/luks2.h
+@@ -83,7 +83,6 @@ struct luks2_hdr_disk {
+ /*
+  * LUKS2 header in-memory.
+  */
+-typedef struct json_object json_object;
+ struct luks2_hdr {
+ 	size_t		hdr_size;
+ 	uint64_t	seqid;
+diff --git a/lib/setup.c b/lib/setup.c
+index fddbe7ef7897..856f6e80f465 100644
+--- a/lib/setup.c
++++ b/lib/setup.c
+@@ -28,6 +28,7 @@
+ #include <sys/utsname.h>
+ #include <fcntl.h>
+ #include <errno.h>
++#include <json-c/json.h>
+ 
+ #include "libcryptsetup.h"
+ #include "luks.h"
+-- 
+2.18.0
+

package/cryptsetup/cryptsetup.hash

@@ -1,4 +1,4 @@
 # From https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/sha256sums.asc
-sha256 adc623b9e3e3ab5c14145b8baf21b741e513ee5bf90d2b4d85a745c2f05da199  cryptsetup-2.0.0.tar.xz
+sha256 4d6cca04c1f5ff4a68d045d190efb2623087eda0274ded92f92a4b6911e501d4  cryptsetup-2.0.3.tar.xz
 sha256 45670cce8b6a0ddd66c8016cd8ccef6cd71f35717cbacc7f1e895b3855207b33  COPYING
 sha256 8c33cc37871654ec7ed87e6fbb896c8cf33ef5ef05b1611a5aed857596ffafa5  COPYING.LGPL

package/cryptsetup/cryptsetup.mk

@@ -5,7 +5,7 @@
 ################################################################################
 
 CRYPTSETUP_VERSION_MAJOR = 2.0
-CRYPTSETUP_VERSION = $(CRYPTSETUP_VERSION_MAJOR).0
+CRYPTSETUP_VERSION = $(CRYPTSETUP_VERSION_MAJOR).3
 CRYPTSETUP_SOURCE = cryptsetup-$(CRYPTSETUP_VERSION).tar.xz
 CRYPTSETUP_SITE = $(BR2_KERNEL_MIRROR)/linux/utils/cryptsetup/v$(CRYPTSETUP_VERSION_MAJOR)
 CRYPTSETUP_DEPENDENCIES = lvm2 popt util-linux host-pkgconf json-c \
@@ -36,7 +36,8 @@ HOST_CRYPTSETUP_DEPENDENCIES = \
 	host-json-c \
 	host-openssl
 
-HOST_CRYPTSETUP_CONF_OPTS = --with-crypto-backend=openssl
+HOST_CRYPTSETUP_CONF_OPTS = --with-crypto_backend=openssl \
+	--disable-kernel_crypto
 
 $(eval $(autotools-package))
 $(eval $(host-autotools-package))

package/dahdi-tools/Config.in

@@ -15,9 +15,5 @@ config BR2_PACKAGE_DAHDI_TOOLS
 
 	  http://www.asterisk.org/downloads/dahdi
 
-# Two comments, otherwise it may not fit in menuconfig for narrow terminals
-comment "dahdi-tools needs a toolchain w/ threads"
+comment "dahdi-tools needs a toolchain w/ threads and a Linux kernel to be built"
 	depends on !BR2_TOOLCHAIN_HAS_THREADS || !BR2_LINUX_KERNEL
-
-comment "dahdi-tools needs a Linux kernel to be built"
-	depends on !BR2_LINUX_KERNEL

package/dmidecode/Config.in

@@ -1,6 +1,6 @@
 config BR2_PACKAGE_DMIDECODE
 	bool "dmidecode"
-	depends on BR2_i386 || BR2_x86_64
+	depends on BR2_aarch64 || BR2_i386 || BR2_x86_64
 	help
 	  Dmidecode reports information about your system's hardware
 	  as described in your system BIOS according to the SMBIOS/DMI

package/dropbear/0001-only-advertise-single-server-ecdsa-key-when-R-is-used.patch

@@ -0,0 +1,113 @@
+# HG changeset patch
+# User Matt Johnston <matt@ucc.asn.au>
+# Date 1520519133 -28800
+# Node ID 0dc3103a5900971d1d06d9101e062ddbd1112436
+# Parent  0f149d63068d90705db7fb52c8dea15ff32eedd7
+Only advertise a single server ecdsa key when -R (generate as required) is
+specified. Fixes -R now that default ecdsa key size has changed.
+
+Upstream-URL: https://secure.ucc.asn.au/hg/dropbear/rev/0dc3103a5900
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+diff -r 0f149d63068d -r 0dc3103a5900 svr-runopts.c
+--- a/svr-runopts.c	Thu Mar 08 22:22:11 2018 +0800
++++ b/svr-runopts.c	Thu Mar 08 22:25:33 2018 +0800
+@@ -526,8 +526,10 @@
+ 
+ void load_all_hostkeys() {
+ 	int i;
+-	int disable_unset_keys = 1;
+ 	int any_keys = 0;
++#ifdef DROPBEAR_ECDSA
++	int loaded_any_ecdsa = 0;
++#endif
+ 
+ 	svr_opts.hostkey = new_sign_key();
+ 
+@@ -552,14 +554,8 @@
+ #endif
+ 	}
+ 
+-#if DROPBEAR_DELAY_HOSTKEY
+-	if (svr_opts.delay_hostkey) {
+-		disable_unset_keys = 0;
+-	}
+-#endif
+-
+ #if DROPBEAR_RSA
+-	if (disable_unset_keys && !svr_opts.hostkey->rsakey) {
++	if (!svr_opts.delay_hostkey && !svr_opts.hostkey->rsakey) {
+ 		disablekey(DROPBEAR_SIGNKEY_RSA);
+ 	} else {
+ 		any_keys = 1;
+@@ -567,39 +563,54 @@
+ #endif
+ 
+ #if DROPBEAR_DSS
+-	if (disable_unset_keys && !svr_opts.hostkey->dsskey) {
++	if (!svr_opts.delay_hostkey && !svr_opts.hostkey->dsskey) {
+ 		disablekey(DROPBEAR_SIGNKEY_DSS);
+ 	} else {
+ 		any_keys = 1;
+ 	}
+ #endif
+ 
++#if DROPBEAR_ECDSA
++	/* We want to advertise a single ecdsa algorithm size.
++	- If there is a ecdsa hostkey at startup we choose that that size.
++	- If we generate at runtime we choose the default ecdsa size.
++	- Otherwise no ecdsa keys will be advertised */
+ 
+-#if DROPBEAR_ECDSA
++	/* check if any keys were loaded at startup */
++	loaded_any_ecdsa = 
++		0
+ #if DROPBEAR_ECC_256
+-	if ((disable_unset_keys || ECDSA_DEFAULT_SIZE != 256)
+-		&& !svr_opts.hostkey->ecckey256) {
++		|| svr_opts.hostkey->ecckey256
++#endif
++#if DROPBEAR_ECC_384
++		|| svr_opts.hostkey->ecckey384
++#endif
++#if DROPBEAR_ECC_521
++		|| svr_opts.hostkey->ecckey521
++#endif
++		;
++	any_keys |= loaded_any_ecdsa;
++
++	/* Or an ecdsa key could be generated at runtime */
++	any_keys |= svr_opts.delay_hostkey;
++
++	/* At most one ecdsa key size will be left enabled */
++#if DROPBEAR_ECC_256
++	if (!svr_opts.hostkey->ecckey256
++		&& (!svr_opts.delay_hostkey || loaded_any_ecdsa || ECDSA_DEFAULT_SIZE != 256 )) {
+ 		disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP256);
+-	} else {
+-		any_keys = 1;
+ 	}
+ #endif
+-
+ #if DROPBEAR_ECC_384
+-	if ((disable_unset_keys || ECDSA_DEFAULT_SIZE != 384)
+-		&& !svr_opts.hostkey->ecckey384) {
++	if (!svr_opts.hostkey->ecckey384
++		&& (!svr_opts.delay_hostkey || loaded_any_ecdsa || ECDSA_DEFAULT_SIZE != 384 )) {
+ 		disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP384);
+-	} else {
+-		any_keys = 1;
+ 	}
+ #endif
+-
+ #if DROPBEAR_ECC_521
+-	if ((disable_unset_keys || ECDSA_DEFAULT_SIZE != 521)
+-		&& !svr_opts.hostkey->ecckey521) {
++	if (!svr_opts.hostkey->ecckey521
++		&& (!svr_opts.delay_hostkey || loaded_any_ecdsa || ECDSA_DEFAULT_SIZE != 521 )) {
+ 		disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP521);
+-	} else {
+-		any_keys = 1;
+ 	}
+ #endif
+ #endif /* DROPBEAR_ECDSA */
+

package/dropbear/0002-Wait-to-fail-invalid-usernames.patch

@@ -0,0 +1,236 @@
+From 52adbb34c32d3e2e1bcdb941e20a6f81138b8248 Mon Sep 17 00:00:00 2001
+From: Matt Johnston <matt@ucc.asn.au>
+Date: Thu, 23 Aug 2018 23:43:12 +0800
+Subject: [PATCH] Wait to fail invalid usernames
+
+[hg: https://secure.ucc.asn.au/hg/dropbear/rev/5d2d1021ca00]
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ auth.h           |  6 +++---
+ svr-auth.c       | 19 +++++--------------
+ svr-authpam.c    | 26 ++++++++++++++++++++++----
+ svr-authpasswd.c | 27 ++++++++++++++-------------
+ svr-authpubkey.c | 11 ++++++++++-
+ 5 files changed, 54 insertions(+), 35 deletions(-)
+
+diff --git a/auth.h b/auth.h
+index da498f5..98f5468 100644
+--- a/auth.h
++++ b/auth.h
+@@ -37,9 +37,9 @@ void recv_msg_userauth_request(void);
+ void send_msg_userauth_failure(int partial, int incrfail);
+ void send_msg_userauth_success(void);
+ void send_msg_userauth_banner(const buffer *msg);
+-void svr_auth_password(void);
+-void svr_auth_pubkey(void);
+-void svr_auth_pam(void);
++void svr_auth_password(int valid_user);
++void svr_auth_pubkey(int valid_user);
++void svr_auth_pam(int valid_user);
+ 
+ #if DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT
+ int svr_pubkey_allows_agentfwd(void);
+diff --git a/svr-auth.c b/svr-auth.c
+index c19c090..edde86b 100644
+--- a/svr-auth.c
++++ b/svr-auth.c
+@@ -149,10 +149,8 @@ void recv_msg_userauth_request() {
+ 		if (methodlen == AUTH_METHOD_PASSWORD_LEN &&
+ 				strncmp(methodname, AUTH_METHOD_PASSWORD,
+ 					AUTH_METHOD_PASSWORD_LEN) == 0) {
+-			if (valid_user) {
+-				svr_auth_password();
+-				goto out;
+-			}
++			svr_auth_password(valid_user);
++			goto out;
+ 		}
+ 	}
+ #endif
+@@ -164,10 +162,8 @@ void recv_msg_userauth_request() {
+ 		if (methodlen == AUTH_METHOD_PASSWORD_LEN &&
+ 				strncmp(methodname, AUTH_METHOD_PASSWORD,
+ 					AUTH_METHOD_PASSWORD_LEN) == 0) {
+-			if (valid_user) {
+-				svr_auth_pam();
+-				goto out;
+-			}
++			svr_auth_pam(valid_user);
++			goto out;
+ 		}
+ 	}
+ #endif
+@@ -177,12 +173,7 @@ void recv_msg_userauth_request() {
+ 	if (methodlen == AUTH_METHOD_PUBKEY_LEN &&
+ 			strncmp(methodname, AUTH_METHOD_PUBKEY,
+ 				AUTH_METHOD_PUBKEY_LEN) == 0) {
+-		if (valid_user) {
+-			svr_auth_pubkey();
+-		} else {
+-			/* pubkey has no failure delay */
+-			send_msg_userauth_failure(0, 0);
+-		}
++		svr_auth_pubkey(valid_user);
+ 		goto out;
+ 	}
+ #endif
+diff --git a/svr-authpam.c b/svr-authpam.c
+index 05e4f3e..d201bc9 100644
+--- a/svr-authpam.c
++++ b/svr-authpam.c
+@@ -178,13 +178,14 @@ pamConvFunc(int num_msg,
+  * Keyboard interactive would be a lot nicer, but since PAM is synchronous, it
+  * gets very messy trying to send the interactive challenges, and read the
+  * interactive responses, over the network. */
+-void svr_auth_pam() {
++void svr_auth_pam(int valid_user) {
+ 
+ 	struct UserDataS userData = {NULL, NULL};
+ 	struct pam_conv pamConv = {
+ 		pamConvFunc,
+ 		&userData /* submitted to pamvConvFunc as appdata_ptr */ 
+ 	};
++	const char* printable_user = NULL;
+ 
+ 	pam_handle_t* pamHandlep = NULL;
+ 
+@@ -204,12 +205,23 @@ void svr_auth_pam() {
+ 
+ 	password = buf_getstring(ses.payload, &passwordlen);
+ 
++	/* We run the PAM conversation regardless of whether the username is valid
++	in case the conversation function has an inherent delay.
++	Use ses.authstate.username rather than ses.authstate.pw_name.
++	After PAM succeeds we then check the valid_user flag too */
++
+ 	/* used to pass data to the PAM conversation function - don't bother with
+ 	 * strdup() etc since these are touched only by our own conversation
+ 	 * function (above) which takes care of it */
+-	userData.user = ses.authstate.pw_name;
++	userData.user = ses.authstate.username;
+ 	userData.passwd = password;
+ 
++	if (ses.authstate.pw_name) {
++		printable_user = ses.authstate.pw_name;
++	} else {
++		printable_user = "<invalid username>";
++	}
++
+ 	/* Init pam */
+ 	if ((rc = pam_start("sshd", NULL, &pamConv, &pamHandlep)) != PAM_SUCCESS) {
+ 		dropbear_log(LOG_WARNING, "pam_start() failed, rc=%d, %s", 
+@@ -242,7 +254,7 @@ void svr_auth_pam() {
+ 				rc, pam_strerror(pamHandlep, rc));
+ 		dropbear_log(LOG_WARNING,
+ 				"Bad PAM password attempt for '%s' from %s",
+-				ses.authstate.pw_name,
++				printable_user,
+ 				svr_ses.addrstring);
+ 		send_msg_userauth_failure(0, 1);
+ 		goto cleanup;
+@@ -253,12 +265,18 @@ void svr_auth_pam() {
+ 				rc, pam_strerror(pamHandlep, rc));
+ 		dropbear_log(LOG_WARNING,
+ 				"Bad PAM password attempt for '%s' from %s",
+-				ses.authstate.pw_name,
++				printable_user,
+ 				svr_ses.addrstring);
+ 		send_msg_userauth_failure(0, 1);
+ 		goto cleanup;
+ 	}
+ 
++	if (!valid_user) {
++		/* PAM auth succeeded but the username isn't allowed in for another reason
++		(checkusername() failed) */
++		send_msg_userauth_failure(0, 1);
++	}
++
+ 	/* successful authentication */
+ 	dropbear_log(LOG_NOTICE, "PAM password auth succeeded for '%s' from %s",
+ 			ses.authstate.pw_name,
+diff --git a/svr-authpasswd.c b/svr-authpasswd.c
+index bdee2aa..69c7d8a 100644
+--- a/svr-authpasswd.c
++++ b/svr-authpasswd.c
+@@ -48,22 +48,14 @@ static int constant_time_strcmp(const char* a, const char* b) {
+ 
+ /* Process a password auth request, sending success or failure messages as
+  * appropriate */
+-void svr_auth_password() {
++void svr_auth_password(int valid_user) {
+ 	
+ 	char * passwdcrypt = NULL; /* the crypt from /etc/passwd or /etc/shadow */
+ 	char * testcrypt = NULL; /* crypt generated from the user's password sent */
+-	char * password;
++	char * password = NULL;
+ 	unsigned int passwordlen;
+-
+ 	unsigned int changepw;
+ 
+-	passwdcrypt = ses.authstate.pw_passwd;
+-
+-#ifdef DEBUG_HACKCRYPT
+-	/* debugging crypt for non-root testing with shadows */
+-	passwdcrypt = DEBUG_HACKCRYPT;
+-#endif
+-
+ 	/* check if client wants to change password */
+ 	changepw = buf_getbool(ses.payload);
+ 	if (changepw) {
+@@ -73,12 +65,21 @@ void svr_auth_password() {
+ 	}
+ 
+ 	password = buf_getstring(ses.payload, &passwordlen);
+-
+-	/* the first bytes of passwdcrypt are the salt */
+-	testcrypt = crypt(password, passwdcrypt);
++	if (valid_user) {
++		/* the first bytes of passwdcrypt are the salt */
++		passwdcrypt = ses.authstate.pw_passwd;
++		testcrypt = crypt(password, passwdcrypt);
++	}
+ 	m_burn(password, passwordlen);
+ 	m_free(password);
+ 
++	/* After we have got the payload contents we can exit if the username
++	is invalid. Invalid users have already been logged. */
++	if (!valid_user) {
++		send_msg_userauth_failure(0, 1);
++		return;
++	}
++
+ 	if (testcrypt == NULL) {
+ 		/* crypt() with an invalid salt like "!!" */
+ 		dropbear_log(LOG_WARNING, "User account '%s' is locked",
+diff --git a/svr-authpubkey.c b/svr-authpubkey.c
+index aa6087c..ff481c8 100644
+--- a/svr-authpubkey.c
++++ b/svr-authpubkey.c
+@@ -79,7 +79,7 @@ static int checkfileperm(char * filename);
+ 
+ /* process a pubkey auth request, sending success or failure message as
+  * appropriate */
+-void svr_auth_pubkey() {
++void svr_auth_pubkey(int valid_user) {
+ 
+ 	unsigned char testkey; /* whether we're just checking if a key is usable */
+ 	char* algo = NULL; /* pubkey algo */
+@@ -102,6 +102,15 @@ void svr_auth_pubkey() {
+ 	keybloblen = buf_getint(ses.payload);
+ 	keyblob = buf_getptr(ses.payload, keybloblen);
+ 
++	if (!valid_user) {
++		/* Return failure once we have read the contents of the packet
++		required to validate a public key. 
++		Avoids blind user enumeration though it isn't possible to prevent
++		testing for user existence if the public key is known */
++		send_msg_userauth_failure(0, 0);
++		goto out;
++	}
++
+ 	/* check if the key is valid */
+ 	if (checkpubkey(algo, algolen, keyblob, keybloblen) == DROPBEAR_FAILURE) {
+ 		send_msg_userauth_failure(0, 0);
+-- 
+2.11.0
+

package/dropbear/Config.in

@@ -1,6 +1,7 @@
 config BR2_PACKAGE_DROPBEAR
 	bool "dropbear"
 	select BR2_PACKAGE_ZLIB if !BR2_PACKAGE_DROPBEAR_SMALL
+	select BR2_PACKAGE_LIBTOMCRYPT if !BR2_PACKAGE_DROPBEAR_SMALL
 	help
 	  A small SSH 2 server designed for small memory environments.
 

package/dropbear/dropbear.hash

@@ -1,2 +1,2 @@
 # From https://matt.ucc.asn.au/dropbear/releases/SHA256SUM.asc
-sha256 6cbc1dcb1c9709d226dff669e5604172a18cf5dbf9a201474d5618ae4465098c dropbear-2017.75.tar.bz2
+sha256 f2fb9167eca8cf93456a5fc1d4faf709902a3ab70dd44e352f3acbc3ffdaea65 dropbear-2018.76.tar.bz2

package/dropbear/dropbear.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DROPBEAR_VERSION = 2017.75
+DROPBEAR_VERSION = 2018.76
 DROPBEAR_SITE = https://matt.ucc.asn.au/dropbear/releases
 DROPBEAR_SOURCE = dropbear-$(DROPBEAR_VERSION).tar.bz2
 DROPBEAR_LICENSE = MIT, BSD-2-Clause-like, BSD-2-Clause
@@ -12,6 +12,11 @@ DROPBEAR_LICENSE_FILES = LICENSE
 DROPBEAR_TARGET_BINS = dropbearkey dropbearconvert scp
 DROPBEAR_PROGRAMS = dropbear $(DROPBEAR_TARGET_BINS)
 
+# Disable hardening flags added by dropbear configure.ac, and let
+# Buildroot add them when the relevant options are enabled. This
+# prevents dropbear from using SSP support when not available.
+DROPBEAR_CONF_OPTS = --disable-harden
+
 ifeq ($(BR2_PACKAGE_DROPBEAR_CLIENT),y)
 # Build dbclient, and create a convenience symlink named ssh
 DROPBEAR_PROGRAMS += dbclient
@@ -22,33 +27,34 @@ DROPBEAR_MAKE = \
 	$(MAKE) MULTI=1 SCPPROGRESS=1 \
 	PROGRAMS="$(DROPBEAR_PROGRAMS)"
 
-ifeq ($(BR2_STATIC_LIBS),y)
-DROPBEAR_MAKE += STATIC=1
+# With BR2_SHARED_STATIC_LIBS=y the generic infrastructure adds a
+# --enable-static flags causing dropbear to be built as a static
+# binary. Adding a --disable-static reverts this
+ifeq ($(BR2_SHARED_STATIC_LIBS),y)
+DROPBEAR_CONF_OPTS += --disable-static
 endif
 
-define DROPBEAR_FIX_XAUTH
-	$(SED) 's,^#define XAUTH_COMMAND.*/xauth,#define XAUTH_COMMAND "/usr/bin/xauth,g' $(@D)/options.h
+# Ensure that dropbear doesn't use crypt() when it's not available
+define DROPBEAR_SVR_PASSWORD_AUTH
+	echo '#if !HAVE_CRYPT'                          >> $(@D)/localoptions.h
+	echo '#define DROPBEAR_SVR_PASSWORD_AUTH 0'     >> $(@D)/localoptions.h
+	echo '#endif'                                   >> $(@D)/localoptions.h
 endef
-
-DROPBEAR_POST_EXTRACT_HOOKS += DROPBEAR_FIX_XAUTH
+DROPBEAR_POST_EXTRACT_HOOKS += DROPBEAR_SVR_PASSWORD_AUTH
 
 define DROPBEAR_ENABLE_REVERSE_DNS
-	$(SED) 's:.*\(#define DO_HOST_LOOKUP\).*:\1:' $(@D)/options.h
-endef
-
-define DROPBEAR_BUILD_SMALL
-	$(SED) 's:.*\(#define NO_FAST_EXPTMOD\).*:\1:' $(@D)/options.h
+	echo '#define DO_HOST_LOOKUP 1'                 >> $(@D)/localoptions.h
 endef
 
 define DROPBEAR_BUILD_FEATURED
-	$(SED) 's:^#define DROPBEAR_SMALL_CODE::' $(@D)/options.h
-	$(SED) 's:.*\(#define DROPBEAR_BLOWFISH\).*:\1:' $(@D)/options.h
-	$(SED) 's:.*\(#define DROPBEAR_TWOFISH128\).*:\1:' $(@D)/options.h
-	$(SED) 's:.*\(#define DROPBEAR_TWOFISH256\).*:\1:' $(@D)/options.h
+	echo '#define DROPBEAR_SMALL_CODE 0'            >> $(@D)/localoptions.h
+	echo '#define DROPBEAR_BLOWFISH 1'              >> $(@D)/localoptions.h
+	echo '#define DROPBEAR_TWOFISH128 1'            >> $(@D)/localoptions.h
+	echo '#define DROPBEAR_TWOFISH256 1'            >> $(@D)/localoptions.h
 endef
 
 define DROPBEAR_DISABLE_STANDALONE
-	$(SED) 's:\(#define NON_INETD_MODE\):/*\1 */:' $(@D)/options.h
+	echo '#define NON_INETD_MODE 0'                 >> $(@D)/localoptions.h
 endef
 
 define DROPBEAR_INSTALL_INIT_SYSTEMD
@@ -73,11 +79,11 @@ DROPBEAR_POST_EXTRACT_HOOKS += DROPBEAR_ENABLE_REVERSE_DNS
 endif
 
 ifeq ($(BR2_PACKAGE_DROPBEAR_SMALL),y)
-DROPBEAR_POST_EXTRACT_HOOKS += DROPBEAR_BUILD_SMALL
-DROPBEAR_CONF_OPTS += --disable-zlib
+DROPBEAR_CONF_OPTS += --disable-zlib --enable-bundled-libtom
 else
 DROPBEAR_POST_EXTRACT_HOOKS += DROPBEAR_BUILD_FEATURED
-DROPBEAR_DEPENDENCIES += zlib
+DROPBEAR_DEPENDENCIES += zlib libtomcrypt
+DROPBEAR_CONF_OPTS += --disable-bundled-libtom
 endif
 
 ifneq ($(BR2_PACKAGE_DROPBEAR_WTMP),y)

package/efl/Config.in

@@ -97,6 +97,11 @@ config BR2_PACKAGE_EFL_LIBSNDFILE
 config BR2_PACKAGE_EFL_PULSEAUDIO
 	bool "Enable pulseaudio support (recommended)"
 	default y
+	depends on BR2_PACKAGE_PULSEAUDIO_HAS_ATOMIC
+	depends on BR2_USE_WCHAR
+	depends on BR2_TOOLCHAIN_HAS_THREADS
+	depends on !BR2_STATIC_LIBS
+	depends on BR2_USE_MMU
 	select BR2_PACKAGE_PULSEAUDIO
 	help
 	  The only audio output method supported by Ecore right now is

package/eigen/eigen.mk

@@ -23,7 +23,8 @@ endif
 # Generate the .pc file at build time
 define EIGEN_BUILD_CMDS
 	sed -r -e 's,^Version: .*,Version: $(EIGEN_VERSION),' \
-		-e 's,^Cflags: .*,Cflags: -I$(EIGEN_DEST_DIR),' \
+		-e 's,^Cflags: .*,Cflags: -I$$\{prefix\}/include/eigen3,' \
+		-e 's,^prefix.*,prefix=/usr,' \
 		$(@D)/eigen3.pc.in >$(@D)/eigen3.pc
 endef
 

package/erlang/0001-build-fix.patch

@@ -1,13 +0,0 @@
-apply-patches.sh deletes this file from the source directory.
-
---- erlang-R15B01.old/lib/tools/emacs/Makefile	2012-04-04
-+++ erlang-R15B01/lib/tools/emacs/Makefile	2012-04-04 15:55:16.978957307 +0100
-@@ -51,7 +51,7 @@
-
- ELC_FILES = $(EMACS_FILES:%=%.elc)
-
--TEST_FILES = test.erl.indented test.erl.orig
-+TEST_FILES = test.erl.indented
-
- # ----------------------------------------------------
- # Targets

package/erlang/erlang.hash

@@ -1,3 +1,4 @@
 # md5 from http://www.erlang.org/download/MD5, sha256 locally computed
-md5     2faed2c3519353e6bc2501ed4d8e6ae7        otp_src_20.0.tar.gz
-sha256  fe80e1e14a2772901be717694bb30ac4e9a07eee0cc7a28988724cbd21476811        otp_src_20.0.tar.gz
+md5 a683c8c0aacfe0305c4bf47b3abfde6a  otp_src_20.3.tar.gz
+sha256 4e19e6c403d5255531c0b870f19511c8b8e3b080618e4f9efcb44d905935b2a1  otp_src_20.3.tar.gz
+sha256 809fa1ed21450f59827d1e9aec720bbc4b687434fa22283c6cb5dd82a47ab9c0  LICENSE.txt

package/erlang/erlang.mk

@@ -5,7 +5,7 @@
 ################################################################################
 
 # See note below when updating Erlang
-ERLANG_VERSION = 20.0
+ERLANG_VERSION = 20.3
 ERLANG_SITE = http://www.erlang.org/download
 ERLANG_SOURCE = otp_src_$(ERLANG_VERSION).tar.gz
 ERLANG_DEPENDENCIES = host-erlang
@@ -19,7 +19,7 @@ ERLANG_AUTORECONF = YES
 
 # Whenever updating Erlang, this value should be updated as well, to the
 # value of EI_VSN in the file lib/erl_interface/vsn.mk
-ERLANG_EI_VSN = 3.10
+ERLANG_EI_VSN = 3.10.1
 
 # The configure checks for these functions fail incorrectly
 ERLANG_CONF_ENV = ac_cv_func_isnan=yes ac_cv_func_isinf=yes

package/espeak/Config.in

@@ -35,6 +35,7 @@ config BR2_PACKAGE_ESPEAK_AUDIO_BACKEND_ALSA
 
 config BR2_PACKAGE_ESPEAK_AUDIO_BACKEND_PULSEAUDIO
 	bool "pulseaudio"
+	depends on BR2_PACKAGE_PULSEAUDIO_HAS_ATOMIC
 	select BR2_PACKAGE_PULSEAUDIO
 
 endchoice

package/ffmpeg/ffmpeg.hash

@@ -1,5 +1,5 @@
 # Locally calculated
-sha256 2b92e9578ef8b3e49eeab229e69305f5f4cbc1fdaa22e927fc7fca18acccd740  ffmpeg-3.4.2.tar.xz
+sha256 386f7601e865df6bddde05bb6927119b5a853f0b92e2e9834f59c125a17d3fc6  ffmpeg-3.4.4.tar.xz
 sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING.GPLv2
 sha256 b634ab5640e258563c536e658cad87080553df6f34f62269a21d554844e58bfe  COPYING.LGPLv2.1
 sha256 73d99bc83313fff665b426d6672b4e0479102bc402fe22314ac9ce94a38aa5ff  LICENSE.md

package/ffmpeg/ffmpeg.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-FFMPEG_VERSION = 3.4.2
+FFMPEG_VERSION = 3.4.4
 FFMPEG_SOURCE = ffmpeg-$(FFMPEG_VERSION).tar.xz
 FFMPEG_SITE = http://ffmpeg.org/releases
 FFMPEG_INSTALL_STAGING = YES
@@ -225,6 +225,13 @@ ifeq ($(BR2_PACKAGE_FFMPEG_GPL)$(BR2_PACKAGE_LIBEBUR128),yy)
 FFMPEG_DEPENDENCIES += libebur128
 endif
 
+ifeq ($(BR2_PACKAGE_LIBDRM),y)
+FFMPEG_CONF_OPTS += --enable-libdrm
+FFMPEG_DEPENDENCIES += libdrm
+else
+FFMPEG_CONF_OPTS += --disable-libdrm
+endif
+
 ifeq ($(BR2_PACKAGE_LIBOPENH264),y)
 FFMPEG_CONF_OPTS += --enable-libopenh264
 FFMPEG_DEPENDENCIES += libopenh264

package/fio/fio.hash

@@ -1,2 +1,4 @@
 # Locally computed
 sha256 1952db4d534221e6e8454f851dfcc38328b0ed4a3f499ea25a51ca2b5ccc8136  fio-fio-2.20.tar.gz
+sha256 204d8eff92f95aac4df6c8122bc1505f468f3a901e5a4cc08940e0ede1938994  COPYING
+sha256 8a240c1ad13d1fe3e58588643d81d0695899be4a669fe6d8fafa76ca6a89db2c  MORAL-LICENSE

package/fio/fio.mk

@@ -6,8 +6,8 @@
 
 FIO_VERSION = fio-2.20
 FIO_SITE = git://git.kernel.dk/fio.git
-FIO_LICENSE = GPL-2.0 + special obligations
-FIO_LICENSE_FILES = COPYING
+FIO_LICENSE = GPL-2.0
+FIO_LICENSE_FILES = COPYING MORAL-LICENSE
 
 ifeq ($(BR2_PACKAGE_LIBAIO),y)
 FIO_DEPENDENCIES += libaio

package/gawk/gawk.mk

@@ -39,7 +39,7 @@ endif
 HOST_GAWK_CONF_OPTS = --without-readline --without-mpfr
 
 define GAWK_CREATE_SYMLINK
-	ln -sf /usr/bin/gawk $(TARGET_DIR)/usr/bin/awk
+	ln -sf gawk $(TARGET_DIR)/usr/bin/awk
 endef
 
 GAWK_POST_INSTALL_TARGET_HOOKS += GAWK_CREATE_SYMLINK

package/gcc/6.4.0/0002-fix-building-on-ppc64.patch

@@ -0,0 +1,38 @@
+From 765527ad3725c5f3e82ab2b8e5031120b409983d Mon Sep 17 00:00:00 2001
+From: marxin <marxin@138bc75d-0d04-0410-961f-82ee72b054a4>
+Date: Fri, 15 Jun 2018 08:51:28 +0000
+Subject: [PATCH] Partial backport r256656
+
+2018-06-15  Martin Liska  <mliska@suse.cz>
+
+	Backport from mainline
+	2018-01-10  Kelvin Nilsen  <kelvin@gcc.gnu.org>
+
+	* lex.c (search_line_fast): Remove illegal coercion of an
+	unaligned pointer value to vector pointer type and replace with
+	use of __builtin_vec_vsx_ld () built-in function, which operates
+	on unaligned pointer values.
+
+
+git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/branches/gcc-6-branch@261621 138bc75d-0d04-0410-961f-82ee72b054a4
+Signed-off-by: Joel Stanley <joel@jms.id.au>
+---
+ libcpp/lex.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libcpp/lex.c b/libcpp/lex.c
+index e5a0397f3099..b789686f1c49 100644
+--- a/libcpp/lex.c
++++ b/libcpp/lex.c
+@@ -568,7 +568,7 @@ search_line_fast (const uchar *s, const uchar *end ATTRIBUTE_UNUSED)
+     {
+       vc m_nl, m_cr, m_bs, m_qm;
+ 
+-      data = *((const vc *)s);
++      data = __builtin_vec_vsx_ld (0, s);
+       s += 16;
+ 
+       m_nl = (vc) __builtin_vec_cmpeq(data, repl_nl);
+-- 
+2.17.1
+

package/gcc/6.4.0/872-gcc-xtensa-fix-NAND-code-in-xtensa_expand_atomic.patch

@@ -0,0 +1,39 @@
+From 6765eecde2ed8d4be0fc217408b9e9b92a840aff Mon Sep 17 00:00:00 2001
+From: Max Filippov <jcmvbkbc@gmail.com>
+Date: Tue, 4 Sep 2018 00:39:32 -0700
+Subject: [PATCH] gcc: xtensa: fix NAND code in xtensa_expand_atomic
+
+NAND is ~(a1 & a2), but xtensa_expand_atomic does ~a1 & a2.
+That fixes libatomic tests atomic-op-{1,2}.
+
+gcc/
+2018-09-04  Max Filippov  <jcmvbkbc@gmail.com>
+
+	* config/xtensa/xtensa.c (xtensa_expand_atomic): Reorder AND and
+	XOR operations in NAND case.
+
+Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
+Backported from: r264087
+---
+ gcc/config/xtensa/xtensa.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/gcc/config/xtensa/xtensa.c b/gcc/config/xtensa/xtensa.c
+index 7cfe64d42895..080bb4ad765d 100644
+--- a/gcc/config/xtensa/xtensa.c
++++ b/gcc/config/xtensa/xtensa.c
+@@ -1614,9 +1614,9 @@ xtensa_expand_atomic (enum rtx_code code, rtx target, rtx mem, rtx val,
+       break;
+ 
+     case MULT: /* NAND */
+-      tmp = expand_simple_binop (SImode, XOR, old, ac.modemask,
++      tmp = expand_simple_binop (SImode, AND, old, val,
+ 				 NULL_RTX, 1, OPTAB_DIRECT);
+-      tmp = expand_simple_binop (SImode, AND, tmp, val,
++      tmp = expand_simple_binop (SImode, XOR, tmp, ac.modemask,
+ 				 new_rtx, 1, OPTAB_DIRECT);
+       break;
+ 
+-- 
+2.11.0
+

package/gcc/7.3.0/0002-fix-building-on-ppc64.patch

@@ -0,0 +1,40 @@
+From aa65a43516da1d48011ef621ed5988289711d99b Mon Sep 17 00:00:00 2001
+From: marxin <marxin@138bc75d-0d04-0410-961f-82ee72b054a4>
+Date: Fri, 29 Jun 2018 09:31:30 +0000
+Subject: [PATCH] Partial backport r256656
+
+2018-06-29  Martin Liska  <mliska@suse.cz>
+
+	Backport from mainline
+	2018-01-10  Kelvin Nilsen  <kelvin@gcc.gnu.org>
+
+	* lex.c (search_line_fast): Remove illegal coercion of an
+	unaligned pointer value to vector pointer type and replace with
+	use of __builtin_vec_vsx_ld () built-in function, which operates
+	on unaligned pointer values.
+
+git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/branches/gcc-6-branch@261621 138bc75d-0d04-0410-961f-82ee72b054a4
+
+
+git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/branches/gcc-7-branch@262243 138bc75d-0d04-0410-961f-82ee72b054a4
+Signed-off-by: Joel Stanley <joel@jms.id.au>
+---
+ libcpp/lex.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libcpp/lex.c b/libcpp/lex.c
+index 097c78002cbb..e0fb9e822c44 100644
+--- a/libcpp/lex.c
++++ b/libcpp/lex.c
+@@ -568,7 +568,7 @@ search_line_fast (const uchar *s, const uchar *end ATTRIBUTE_UNUSED)
+     {
+       vc m_nl, m_cr, m_bs, m_qm;
+ 
+-      data = *((const vc *)s);
++      data = __builtin_vec_vsx_ld (0, s);
+       s += 16;
+ 
+       m_nl = (vc) __builtin_vec_cmpeq(data, repl_nl);
+-- 
+2.17.1
+

package/gcc/7.3.0/0003-gcc-xtensa-fix-NAND-code-in-xtensa_expand_atomic.patch

@@ -0,0 +1,39 @@
+From 6765eecde2ed8d4be0fc217408b9e9b92a840aff Mon Sep 17 00:00:00 2001
+From: Max Filippov <jcmvbkbc@gmail.com>
+Date: Tue, 4 Sep 2018 00:39:32 -0700
+Subject: [PATCH] gcc: xtensa: fix NAND code in xtensa_expand_atomic
+
+NAND is ~(a1 & a2), but xtensa_expand_atomic does ~a1 & a2.
+That fixes libatomic tests atomic-op-{1,2}.
+
+gcc/
+2018-09-04  Max Filippov  <jcmvbkbc@gmail.com>
+
+	* config/xtensa/xtensa.c (xtensa_expand_atomic): Reorder AND and
+	XOR operations in NAND case.
+
+Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
+Backported from: r264087
+---
+ gcc/config/xtensa/xtensa.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/gcc/config/xtensa/xtensa.c b/gcc/config/xtensa/xtensa.c
+index 7cfe64d42895..080bb4ad765d 100644
+--- a/gcc/config/xtensa/xtensa.c
++++ b/gcc/config/xtensa/xtensa.c
+@@ -1614,9 +1614,9 @@ xtensa_expand_atomic (enum rtx_code code, rtx target, rtx mem, rtx val,
+       break;
+ 
+     case MULT: /* NAND */
+-      tmp = expand_simple_binop (SImode, XOR, old, ac.modemask,
++      tmp = expand_simple_binop (SImode, AND, old, val,
+ 				 NULL_RTX, 1, OPTAB_DIRECT);
+-      tmp = expand_simple_binop (SImode, AND, tmp, val,
++      tmp = expand_simple_binop (SImode, XOR, tmp, ac.modemask,
+ 				 new_rtx, 1, OPTAB_DIRECT);
+       break;
+ 
+-- 
+2.11.0
+

package/ghostscript/0001-Fix-cross-compilation-issue.patch

@@ -9,7 +9,10 @@ x86_64-linux-gcc: ERROR: unsafe header/library path used in cross-compilation: '
 Downloaded from
 http://bugs.ghostscript.com/show_bug.cgi?id=696508#c3
 
+Slightly updated to work with 9.23
+
 Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 ---
  configure.ac | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
@@ -24,6 +27,7 @@ index d0f62d7..0d49344 100644
  LIBTIFFDIR='src'
 -LIBTIFFCONFDIR=''
 +LIBTIFFCONFDIR='src'
+ TIFFCFLAGS=''
  
  TIFFDEVS_ALL='tiffs tiff12nc tiff24nc tiff48nc tiff32nc tiff64nc tiffcrle tifflzw tiffpack tiffgray tiffsep tiffsep1 tiffscaled tiffscaled4 tiffscaled8 tiffscaled24 tiffscaled32'
  FAX_DEVS_ALL='cfax dfaxlow dfaxhigh fax faxg3 faxg32d faxg4 tiffg3 tiffg32d tiffg4 tfax'

package/ghostscript/ghostscript.hash

@@ -1,4 +1,5 @@
-# From https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs922/SHA256SUMS
-sha256 c1f862e6f40f997dbe3feba89355e8cb05d55818994e10f4932b0dd9b627d1bb  ghostscript-9.22.tar.xz
-# From https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs922/SHA512SUMS
-sha512 67739ace64090ab1951cba4cb011a5a6829ee60b32ba4157d0f17e744e345ea268335304db6722677ae33565ea5b696c2ff7b889d42a463acf2933c8230523d4  ghostscript-9.22.tar.xz
+# From https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs925/SHA512SUMS
+sha512 7a1c0b7546ed523f50c1452d4a1c13fcf043d6060fc9708bbc4b543f66ecb1b619b6e71998094ac702ef44a2fd159b6523271de19b1cae352981ef51fb637651  ghostscript-9.25.tar.xz
+
+# Hash for license file:
+sha256 6f852249f975287b3efd43a5883875e47fa9f3125e2f1b18b5c09517ac30ecf2  LICENSE

package/ghostscript/ghostscript.mk

@@ -4,8 +4,8 @@
 #
 ################################################################################
 
-GHOSTSCRIPT_VERSION = 9.22
-GHOSTSCRIPT_SITE = https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs922
+GHOSTSCRIPT_VERSION = 9.25
+GHOSTSCRIPT_SITE = https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs925
 GHOSTSCRIPT_SOURCE = ghostscript-$(GHOSTSCRIPT_VERSION).tar.xz
 GHOSTSCRIPT_LICENSE = AGPL-3.0
 GHOSTSCRIPT_LICENSE_FILES = LICENSE
@@ -27,7 +27,8 @@ GHOSTSCRIPT_DEPENDENCIES = \
 # Inspired by linuxfromscratch:
 # http://www.linuxfromscratch.org/blfs/view/svn/pst/gs.html
 define GHOSTSCRIPT_REMOVE_LIBS
-	rm -rf $(@D)/freetype $(@D)/ijs $(@D)/jpeg $(@D)/lcms2 $(@D)/libpng $(@D)/tiff $(@D)/zlib
+	rm -rf $(@D)/freetype $(@D)/ijs $(@D)/jpeg $(@D)/lcms2mt \
+		$(@D)/libpng $(@D)/tiff $(@D)/zlib
 endef
 GHOSTSCRIPT_POST_PATCH_HOOKS += GHOSTSCRIPT_REMOVE_LIBS
 
@@ -39,7 +40,7 @@ GHOSTSCRIPT_CONF_OPTS = \
 	--disable-compile-inits \
 	--disable-cups \
 	--enable-fontconfig \
-	--with-fontpath=$(GHOSTSCRIPT_FONTS_TARGET_DIR) \
+	--with-fontpath=/usr/share/fonts \
 	--enable-freetype \
 	--disable-gtk \
 	--without-jbig2dec \

package/glibc/glibc.hash

@@ -1,4 +1,4 @@
 # Locally calculated (fetched from Github)
-sha256  1e18aee61dc51a5aaf7bfcb65ed01894aa82c3d3f7b9a01f20d59cd9db2f082b     glibc-glibc-2.26-160-g4df8479e6b3baf365bd4eedbba922b73471e5d73.tar.gz
+sha256   acbec224e69f29c9c59c34f15f0fbb19eecf3fce347eba8bb928fac507ae86c6    glibc-glibc-2.26-175-gc5c90b480e4f21ed1d28e0e6d942b06b8d9e8bd7.tar.gz
 # Locally calculated (fetched from Github)
 sha256  5aa9adeac09727db0b8a52794186563771e74d70410e9fd86431e339953fd4bb     glibc-arc-2017.09-release.tar.gz

package/glibc/glibc.mk

@@ -10,7 +10,7 @@ GLIBC_SITE = $(call github,foss-for-synopsys-dwc-arc-processors,glibc,$(GLIBC_VE
 else
 # Generate version string using:
 #   git describe --match 'glibc-*' --abbrev=40 origin/release/MAJOR.MINOR/master
-GLIBC_VERSION = glibc-2.26-160-g4df8479e6b3baf365bd4eedbba922b73471e5d73
+GLIBC_VERSION = glibc-2.26-175-gc5c90b480e4f21ed1d28e0e6d942b06b8d9e8bd7
 # Upstream doesn't officially provide an https download link.
 # There is one (https://sourceware.org/git/glibc.git) but it's not reliable,
 # sometimes the connection times out. So use an unofficial github mirror.

package/gnupg/Config.in

@@ -2,7 +2,6 @@ config BR2_PACKAGE_GNUPG
 	bool "gnupg"
 	depends on !BR2_PACKAGE_GNUPG2
 	select BR2_PACKAGE_ZLIB
-	select BR2_PACKAGE_NCURSES
 	help
 	  GnuPG is the GNU project's complete and free implementation
 	  of the OpenPGP standard as defined by RFC4880. GnuPG allows

package/gnupg/gnupg.mk

@@ -9,7 +9,7 @@ GNUPG_SOURCE = gnupg-$(GNUPG_VERSION).tar.bz2
 GNUPG_SITE = https://gnupg.org/ftp/gcrypt/gnupg
 GNUPG_LICENSE = GPL-3.0+
 GNUPG_LICENSE_FILES = COPYING
-GNUPG_DEPENDENCIES = zlib ncurses $(if $(BR2_PACKAGE_LIBICONV),libiconv)
+GNUPG_DEPENDENCIES = zlib $(if $(BR2_PACKAGE_LIBICONV),libiconv)
 GNUPG_CONF_ENV = ac_cv_sys_symbol_underscore=no
 GNUPG_CONF_OPTS = \
 	--disable-rpath \
@@ -18,7 +18,7 @@ GNUPG_CONF_OPTS = \
 	--enable-sha256 \
 	--enable-sha512
 
-HOST_GNUPG_DEPENDENCIES = host-zlib host-ncurses
+HOST_GNUPG_DEPENDENCIES = host-zlib
 HOST_GNUPG_CONF_OPTS = \
 	--disable-rpath \
 	--enable-minimal \

package/gnutls/gnutls.hash

@@ -1,6 +1,6 @@
 # Locally calculated after checking pgp signature
-# https://www.gnupg.org/ftp/gcrypt/gnutls/v3.5/gnutls-3.5.17.tar.xz.sig
-sha256	86b142afef587c118d63f72ccf307f3321dbc40357aae528202b65d913d20919	gnutls-3.5.17.tar.xz
+# https://www.gnupg.org/ftp/gcrypt/gnutls/v3.5/gnutls-3.5.19.tar.xz.sig
+sha256	1936eb64f03aaefd6eb16cef0567457777618573826b94d03376bb6a4afadc44	gnutls-3.5.19.tar.xz
 # Locally calculated
 sha256	8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903	doc/COPYING
 sha256	6095e9ffa777dd22839f7801aa845b31c9ed07f3d6bf8a26dc5d2dec8ccc0ef3	doc/COPYING.LESSER

package/gnutls/gnutls.mk

@@ -5,7 +5,7 @@
 ################################################################################
 
 GNUTLS_VERSION_MAJOR = 3.5
-GNUTLS_VERSION = $(GNUTLS_VERSION_MAJOR).17
+GNUTLS_VERSION = $(GNUTLS_VERSION_MAJOR).19
 GNUTLS_SOURCE = gnutls-$(GNUTLS_VERSION).tar.xz
 GNUTLS_SITE = https://www.gnupg.org/ftp/gcrypt/gnutls/v$(GNUTLS_VERSION_MAJOR)
 GNUTLS_LICENSE = LGPL-2.1+ (core library), GPL-3.0+ (gnutls-openssl library)

package/gstreamer/gst-plugins-good/Config.in

@@ -205,11 +205,14 @@ config BR2_PACKAGE_GST_PLUGINS_GOOD_PLUGIN_PULSE
 	depends on BR2_TOOLCHAIN_HAS_THREADS # pulseaudio
 	depends on BR2_USE_MMU # pulseaudio
 	depends on !BR2_STATIC_LIBS # pulseaudio
+	depends on BR2_USE_WCHAR # pulseaudio
+	depends on BR2_PACKAGE_PULSEAUDIO_HAS_ATOMIC # pulseaudio
 	select BR2_PACKAGE_PULSEAUDIO
 
-comment "pulseaudio support needs a toolchain w/ threads, dynamic library"
+comment "pulseaudio support needs a toolchain w/ threads, wchar, dynamic library"
 	depends on BR2_USE_MMU
-	depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS
+	depends on BR2_PACKAGE_PULSEAUDIO_HAS_ATOMIC
+	depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS || !BR2_USE_WCHAR
 
 config BR2_PACKAGE_GST_PLUGINS_GOOD_PLUGIN_SOUPHTTPSRC
 	bool "souphttpsrc (http client)"

package/gstreamer1/gst1-plugins-good/Config.in

@@ -321,13 +321,16 @@ config BR2_PACKAGE_GST1_PLUGINS_GOOD_PLUGIN_PULSE
 	depends on BR2_TOOLCHAIN_HAS_THREADS # pulseaudio
 	depends on BR2_USE_MMU # pulseaudio
 	depends on !BR2_STATIC_LIBS # pulseaudio
+	depends on BR2_USE_WCHAR # pulseaudio
+	depends on BR2_PACKAGE_PULSEAUDIO_HAS_ATOMIC # pulseaudio
 	select BR2_PACKAGE_PULSEAUDIO
 	help
 	  PulseAudio plugin library
 
-comment "pulseaudio support needs a toolchain w/ threads, dynamic library"
+comment "pulseaudio support needs a toolchain w/ threads, wchar, dynamic library"
 	depends on BR2_USE_MMU
-	depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS
+	depends on BR2_PACKAGE_PULSEAUDIO_HAS_ATOMIC
+	depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS || !BR2_USE_WCHAR
 
 config BR2_PACKAGE_GST1_PLUGINS_GOOD_PLUGIN_SOUPHTTPSRC
 	bool "souphttpsrc (http client)"

package/httping/httping.hash

@@ -1,2 +1,3 @@
 # Locally calculated
 sha256	3e895a0a6d7bd79de25a255a1376d4da88eb09c34efdd0476ab5a907e75bfaf8	httping-2.5.tgz
+sha256  c5db2e5b9a692fcdf2bd370f1533529063fbcf8947a8f5ee9d4b050a14e0566d	license.txt

package/igmpproxy/igmpproxy.hash

@@ -1,2 +1,5 @@
 # Locally computed:
 sha256 e60331031f85d1fb834c5272a134f32d32e7834718da19ba3f787dff68389a31  igmpproxy-f47644d8fa7266a784f3ec7b251e7d318bc2f0a9.tar.gz
+sha256 be3d05af93dbbc4650f8d641d8e1bec220af4a729e07ba71e949c25b93a1b4f6  COPYING
+sha256 c4f65d5d396ad518a37d30b83fe33897661858dc174ff64a15d0461630ce64e4  GPL.txt
+sha256 4328a21f0822caa9976356623118bcdcc9970c7a0f9a3deeba23c779b7cfb5d1  Stanford.txt

package/igmpproxy/igmpproxy.mk

@@ -7,7 +7,7 @@
 IGMPPROXY_VERSION = f47644d8fa7266a784f3ec7b251e7d318bc2f0a9
 IGMPPROXY_SITE = $(call github,pali,igmpproxy,$(IGMPPROXY_VERSION))
 IGMPPROXY_AUTORECONF = YES
-IGMPPROXY_LICENSE = GPL-2.0+
-IGMPPROXY_LICENSE_FILES = COPYING
+IGMPPROXY_LICENSE = GPL-2.0+, BSD-3-Clause (mrouted)
+IGMPPROXY_LICENSE_FILES = COPYING GPL.txt Stanford.txt
 
 $(eval $(autotools-package))

package/imagemagick/imagemagick.hash

@@ -1,3 +1,3 @@
 # Locally computed
-sha256 ac957ef303fb870cb92331947ebcdcef5b553e80c7897c0aec866889f35e1a23  7.0.7-38.tar.gz
+sha256 e7c1b19923bb97ed456c78b63b3259b809ebc8e3967c6d086450370c67eedf06  7.0.7-39.tar.gz
 sha256 2318cc05bbd2c25c1b2d13af1aadccc45b9cf6f94757421ae59a3c8ea9064f1c  LICENSE

package/imagemagick/imagemagick.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-IMAGEMAGICK_VERSION = 7.0.7-38
+IMAGEMAGICK_VERSION = 7.0.7-39
 IMAGEMAGICK_SOURCE = $(IMAGEMAGICK_VERSION).tar.gz
 IMAGEMAGICK_SITE = https://github.com/ImageMagick/ImageMagick/archive
 IMAGEMAGICK_LICENSE = Apache-2.0

package/imlib2/imlib2.hash

@@ -1,3 +1,7 @@
 # From https://sourceforge.net/projects/enlightenment/files/imlib2-src/1.4.10/
 md5 a0de8524592bbd9f24fcc6cb8352137c  imlib2-1.4.10.tar.bz2
 sha1 664df65c6265a2825d685d2f3a4f0d072eb626ac  imlib2-1.4.10.tar.bz2
+
+# Locally computed
+sha256 fb70339dd33a77b6213c7ae067fccf93d04af44ff3f937c61f8863f7970e73f6  COPYING
+sha256 8c9a2e92ed4937e2d30c2ea95439c36ed3002fc47e34efee43455a460fee8ef5  COPYING-PLAIN