Update for 2018.08.4

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

.gitlab-ci.yml

@@ -63,6 +63,11 @@ check-package:
             - output/build/packages-file-list.txt
 
 .runtime_test: &runtime_test
+    # Running the runtime tests for every push is too much, so limit to
+    # explicit triggers through the API.
+    only:
+        - triggers
+        - tags
     # Keep build directories so the rootfs can be an artifact of the job. The
     # runner will clean up those files for us.
     # Multiply every emulator timeout by 10 to avoid sporadic failures in

.gitlab-ci.yml.in

@@ -63,6 +63,11 @@ check-package:
             - output/build/packages-file-list.txt
 
 .runtime_test: &runtime_test
+    # Running the runtime tests for every push is too much, so limit to
+    # explicit triggers through the API.
+    only:
+        - triggers
+        - tags
     # Keep build directories so the rootfs can be an artifact of the job. The
     # runner will clean up those files for us.
     # Multiply every emulator timeout by 10 to avoid sporadic failures in

CHANGES

@@ -1,3 +1,69 @@
+2018.08.4, Released December 20th, 2018
+
+	Important / security related fixes.
+
+	Defconfigs: Fixes for ci20, orangepi zero plus 2
+
+	Download wrapper: Fix for urlencode handling
+
+	Updated/fixed packages: c-ares, dante, docker-compose,
+	domoticz, freetype, ghostscript, gnutls, libcurl, libgpgme,
+	libid3tag, libiscsi, libmpd, libopenssl, liboping, libpjsip,
+	linux-firmware, liquid-dsp, luvi, lynx, msgpack, nginx,
+	nodejs, php, popt, pps-tools, prosody, python-numpy,
+	python-requests, samba4, sdl2_net, squashfs, swupdate,
+	systemd, uclibc, vte, webkitgtk, wine, xfsprogs
+
+	Issues resolved (http://bugs.uclibc.org):
+
+	#11426: pps-tools bash dependency
+
+2018.08.3, Released November 26th, 2018
+
+	Important / security related fixes.
+
+	fs: Drop intermediate tarball from the filesystem handling to
+	fix an issue with xattrs handling related to fakeroot. Ensure
+	tarball target includes xattrs.
+
+	download: Fix confusion in git submodule handling if dl/ is a
+	symlink.
+
+	toolchain: Only allow enabling stack protection on
+	architectures with control flow integrity (CFI) support. Only
+	allow FORTIFY_SOURCE support on gcc >= 6.
+
+	genrandconfig: Fix missing newline in BR2_WGET handling,
+	causing the following line to be ignored. This would affect
+	BR2_ENABLE_DEBUG, BR2_INIT_BUSYBOX, BR2_INIT_SYSTEMD,
+	BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_EUDEV, BR2_STATIC_LIBS or
+	BR2_PACKAGE_PYTHON_PY_ONLY depending on the randomization.
+
+	show-build-order: Also include the dependencies of
+	rootfs-common.
+
+	Defconfigs: Fixes for Armadeus APF27, imx6sabre, Olimex A20
+	olinuxino lime legacy, Orangepi zero plus 2.
+
+	graph-depends: Fix for package names starting with a non-alpha
+	character.
+
+	Updated/fixed packages: attr, audit, bind, brotli, busybox,
+	dtc, easydbus, elfutils, flare-engine, flatcc, gauche, gcc,
+	giflib, gpsd, lcdproc, libcurl, libiscsi, libkcapi, libnfs,
+	libnspr, libnss, libsemanage, liburiparser, lighttpd,
+	lua-curl, mariadb, mmc, mosquitto, mysql, ncmpc, neardal,
+	netplug, network-manager, nfs-utils, nginx, openocd, openswan,
+	p11-kit, postgresql, prosody, qemu, qt, rpm, ruby, samba4,
+	squid, supertuxkart, systemd, tar, trace-cmd, traceroute,
+	twolame, uclibc, usb_modeswitch, vtun, webkitgtk, weston,
+	xdriver_xf86-video-geode, xlib_libfontenc, xserver_xorg-server
+
+	Issues resolved (http://bugs.uclibc.org):
+
+	#11086: download/git submodule breaks on symlinked dl folder
+	#11481: Docs: Is external.desc required?
+
 2018.08.2, Released October 25th, 2018
 
 	Important / security related fixes.

Config.in

@@ -812,6 +812,8 @@ config BR2_FORTIFY_SOURCE_NONE
 
 config BR2_FORTIFY_SOURCE_1
 	bool "Conservative"
+	# gcc bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61164
+	depends on !BR2_TOOLCHAIN_BUILDROOT || BR2_TOOLCHAIN_GCC_AT_LEAST_6
 	help
 	  This option sets _FORTIFY_SOURCE to 1 and only introduces
 	  checks that shouldn't change the behavior of conforming
@@ -819,6 +821,8 @@ config BR2_FORTIFY_SOURCE_1
 
 config BR2_FORTIFY_SOURCE_2
 	bool "Aggressive"
+	# gcc bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61164
+	depends on !BR2_TOOLCHAIN_BUILDROOT || BR2_TOOLCHAIN_GCC_AT_LEAST_6
 	help
 	  This option sets _FORTIFY_SOURCES to 2 and some more
 	  checking is added, but some conforming programs might fail.

Makefile

@@ -92,9 +92,9 @@ all:
 .PHONY: all
 
 # Set and export the version string
-export BR2_VERSION := 2018.08.2
+export BR2_VERSION := 2018.08.4
 # Actual time the release is cut (for reproducible builds)
-BR2_VERSION_EPOCH = 1540470000
+BR2_VERSION_EPOCH = 1545299000
 
 # Save running make version since it's clobbered by the make package
 RUNNING_MAKE_VERSION := $(MAKE_VERSION)

board/ci20/patches/uboot/0001-mips-Remove-default-endiannes.patch

@@ -0,0 +1,66 @@
+From b3a1e97498e7987073775d49a703932c20f2df1d Mon Sep 17 00:00:00 2001
+From: Ezequiel Garcia <ezequiel@collabora.com>
+Date: Mon, 12 Nov 2018 14:04:46 -0300
+Subject: [PATCH] mips: Remove default endiannes
+
+Currently, trying to build ci20_mmc fails on little-endian
+toolchains. The problem seems to be that some targets don't
+have CONFIG_SYS_LITTLE_ENDIAN properly set, and therefore
+the default -EB switch is selected.
+
+Let's get rid of the default switch entirely, and fix this problem.
+While this may be a hack, it is a quick solution until
+U-Boot gets CI20 proper support.
+
+make ARCH=mips CROSS_COMPILE=mips-linux-gnu- ci20_mmc
+Configuring for ci20_mmc - Board: ci20, Options: SPL_MMC_SUPPORT,ENV_IS_IN_MMC
+make
+make[1]: Entering directory '/home/zeta/repos/u-boot-ci20'
+Generating include/autoconf.mk
+Generating include/autoconf.mk.dep
+mips-linux-gnu-gcc: error: may not use both -EB and -EL
+mips-linux-gnu-gcc: error: may not use both -EB and -EL
+Generating include/spl-autoconf.mk
+mips-linux-gnu-gcc: error: may not use both -EB and -EL
+Generating include/tpl-autoconf.mk
+mips-linux-gnu-gcc: error: may not use both -EB and -EL
+mips-linux-gnu-gcc -DDO_DEPS_ONLY \
+	-g  -Os   -ffunction-sections -fdata-sections -D__KERNEL__ -I/home/zeta/repos/u-boot-ci20/include -fno-builtin -ffreestanding -nostdinc -isystem /home/zeta/repos/buildroot/mips/output/host/opt/ext-toolchain/bin/../lib/gcc/mips-linux-gnu/5.3.0/include -pipe  -DCONFIG_MIPS -D__MIPS__ -G 0 -EB -msoft-float -fpic -mabicalls -march=mips32 -mabi=32 -DCONFIG_32BIT -mno-branch-likely -Wall -Wstrict-prototypes       \
+	-o lib/asm-offsets.s lib/asm-offsets.c -c -S
+if [ -f arch/mips/cpu/xburst/jz4780/asm-offsets.c ];then \
+	mips-linux-gnu-gcc -DDO_DEPS_ONLY \
+	-g  -Os   -ffunction-sections -fdata-sections -D__KERNEL__ -I/home/zeta/repos/u-boot-ci20/include -fno-builtin -ffreestanding -nostdinc -isystem /home/zeta/repos/buildroot/mips/output/host/opt/ext-toolchain/bin/../lib/gcc/mips-linux-gnu/5.3.0/include -pipe  -DCONFIG_MIPS -D__MIPS__ -G 0 -EB -msoft-float -fpic -mabicalls -march=mips32 -mabi=32 -DCONFIG_32BIT -mno-branch-likely -Wall -Wstrict-prototypes       \
+		-o arch/mips/cpu/xburst/jz4780/asm-offsets.s arch/mips/cpu/xburst/jz4780/asm-offsets.c -c -S; \
+else \
+	touch arch/mips/cpu/xburst/jz4780/asm-offsets.s; \
+fi
+mips-linux-gnu-gcc: error: may not use both -EB and -EL
+make[1]: *** [Makefile:747: lib/asm-offsets.s] Error 1
+make[1]: *** Waiting for unfinished jobs....
+make[1]: Leaving directory '/home/zeta/repos/u-boot-ci20'
+make: *** [.boards.depend:463: ci20_mmc] Error 2
+
+Signed-off-by: Ezequiel Garcia <ezequiel@collabora.com>
+---
+https://github.com/MIPS/CI20_u-boot/pull/19
+
+ arch/mips/config.mk | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/arch/mips/config.mk b/arch/mips/config.mk
+index c89279025507..43560abbc0e1 100644
+--- a/arch/mips/config.mk
++++ b/arch/mips/config.mk
+@@ -20,9 +20,6 @@ ifdef CONFIG_SYS_BIG_ENDIAN
+ ENDIANNESS := -EB
+ endif
+ 
+-# Default to EB if no endianess is configured
+-ENDIANNESS ?= -EB
+-
+ PLATFORM_CPPFLAGS += -DCONFIG_MIPS -D__MIPS__
+ 
+ #
+-- 
+2.19.1
+

board/freescale/imx6sabre/patches/uboot/0002-imx-Create-distinct-pre-processed-mkimage-config-fil.patch

@@ -0,0 +1,89 @@
+From 27a2cd6a1980adf3002412678c8fdec6528dc47d Mon Sep 17 00:00:00 2001
+From: Trent Piepho <tpiepho@impinj.com>
+Date: Fri, 6 Apr 2018 17:11:27 -0700
+Subject: [PATCH] imx: Create distinct pre-processed mkimage config files
+
+Each imx image is created by a separate sub-make and during this process
+the mkimage config file is run though cpp.
+
+The cpp output is to the same file no matter what imx image is being
+created.
+
+This means if two imx images are generated in parallel they will attempt
+to independently produce the same pre-processed mkimage config file at
+the same time.
+
+Avoid the problem by making the pre-processed config file name unique
+based on the imx image it will be used in.  This way each image will
+create a unique config file and they won't clobber each other when run
+in parallel.
+
+This should fixed the build bug referenced in b5b0e4e3 ("imximage:
+Remove failure when no IVT offset is found").
+
+Cc: Breno Lima <breno.lima@nxp.com>
+Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+Cc: Fabio Estevam <fabio.estevam@nxp.com>
+Signed-off-by: Trent Piepho <tpiepho@impinj.com>
+Tested-by: Fabio Estevam <fabio.estevam@nxp.com>
+[fabio: Adapted to imx_v2017.03_4.9.11_1.0.0_ga]
+Signed-off-by: Fabio Estevam <festevam@gmail.com>
+---
+ arch/arm/imx-common/Makefile | 15 ++++++++-------
+ 1 file changed, 8 insertions(+), 7 deletions(-)
+
+diff --git a/arch/arm/imx-common/Makefile b/arch/arm/imx-common/Makefile
+index d862258..f1bae8d 100644
+--- a/arch/arm/imx-common/Makefile
++++ b/arch/arm/imx-common/Makefile
+@@ -69,9 +69,11 @@ endif
+ quiet_cmd_cpp_cfg = CFGS    $@
+       cmd_cpp_cfg = $(CPP) $(cpp_flags) -x c -o $@ $<
+ 
+-IMX_CONFIG = $(CONFIG_IMX_CONFIG:"%"=%).cfgtmp
++# mkimage source config file
++IMX_CONFIG = $(CONFIG_IMX_CONFIG:"%"=%)
+ 
+-$(IMX_CONFIG): %.cfgtmp: % FORCE
++# How to create a cpp processed config file, they all use the same source
++%.cfgout: $(IMX_CONFIG) FORCE
+ 	$(Q)mkdir -p $(dir $@)
+ 	$(call if_changed_dep,cpp_cfg)
+ 
+@@ -79,7 +81,7 @@ MKIMAGEFLAGS_u-boot.imx = -n $(filter-out $(PLUGIN).bin $< $(PHONY),$^) -T imxim
+ 	-e $(CONFIG_SYS_TEXT_BASE)
+ u-boot.imx: MKIMAGEOUTPUT = u-boot.imx.log
+ 
+-u-boot.imx: u-boot.bin $(IMX_CONFIG) $(PLUGIN).bin FORCE
++u-boot.imx: u-boot.bin u-boot.cfgout $(PLUGIN).bin FORCE
+ 	$(call if_changed,mkimage)
+ 
+ ifeq ($(CONFIG_OF_SEPARATE),y)
+@@ -87,16 +89,15 @@ MKIMAGEFLAGS_u-boot-dtb.imx = -n $(filter-out $(PLUGIN).bin $< $(PHONY),$^) -T i
+ 	-e $(CONFIG_SYS_TEXT_BASE)
+ u-boot-dtb.imx: MKIMAGEOUTPUT = u-boot-dtb.imx.log
+ 
+-u-boot-dtb.imx: u-boot-dtb.bin $(IMX_CONFIG) $(PLUGIN).bin FORCE
++u-boot-dtb.imx: u-boot-dtb.bin u-boot-dtb.cfgout $(PLUGIN).bin FORCE
+ 	$(call if_changed,mkimage)
+ endif
+ 
+ MKIMAGEFLAGS_SPL = -n $(filter-out $(PLUGIN).bin $< $(PHONY),$^) -T imximage \
+ 	-e $(CONFIG_SPL_TEXT_BASE)
+-
+ SPL: MKIMAGEOUTPUT = SPL.log
+ 
+-SPL: spl/u-boot-spl.bin $(IMX_CONFIG) $(PLUGIN).bin FORCE
++SPL: spl/u-boot-spl.bin spl/u-boot-spl.cfgout $(PLUGIN).bin FORCE
+ 	$(call if_changed,mkimage)
+ 
+ MKIMAGEFLAGS_u-boot.uim = -A arm -O U-Boot -a $(CONFIG_SYS_TEXT_BASE) \
+@@ -124,4 +125,4 @@ cmd_u-boot-nand-spl_imx = (printf '\000\000\000\000\106\103\102\040\001' && \
+ spl/u-boot-nand-spl.imx: SPL FORCE
+ 	$(call if_changed,u-boot-nand-spl_imx)
+ 
+-targets += $(addprefix ../../../,$(IMX_CONFIG) SPL u-boot.uim spl/u-boot-nand-spl.imx)
++targets += $(addprefix ../../../,SPL spl/u-boot-spl.cfgout u-boot-dtb.cfgout u-boot.cfgout u-boot.uim spl/u-boot-nand-spl.imx)
+-- 
+2.7.4
+

board/freescale/imx6sabre/patches/uboot/0002-imximage-Remove-failure-when-no-IVT-offset-is-found.patch

@@ -1,55 +0,0 @@
-From 24ba28680abe868e8db3442a9bf523ad3af1febd Mon Sep 17 00:00:00 2001
-From: Fabio Estevam <fabio.estevam@nxp.com>
-Date: Fri, 9 Mar 2018 08:25:00 -0300
-Subject: [PATCH] imximage: Remove failure when no IVT offset is found
-
-Sometimes imximage throws the following error:
-
-  CFGS    board/freescale/vf610twr/imximage.cfg.cfgtmp
-  CFGS    board/freescale/vf610twr/imximage.cfg.cfgtmp
-  MKIMAGE u-boot-dtb.imx
-Error: No BOOT_FROM tag in board/freescale/vf610twr/imximage.cfg.cfgtmp
-arch/arm/mach-imx/Makefile:100: recipe for target 'u-boot-dtb.imx' failed
-
-Later on, when running mkimage for the u-boot.imx it will succeed in
-finding the IVT offset.
-
-Looks like some race condition happening during parallel build when
-processing mkimage for u-boot-dtb.imx and u-boot.imx.
-
-A proper fix still needs to be implemented, but as a workaround let's
-remove the error when the IVT offset is not found.
-
-It is useful to have such message, especially during bring-up phase,
-but the build error that it causes is severe, so better avoid the
-build error for now.
-
-The error checking can be re-implemented later when we have a proper
-fix.
-
-Reported-by: Breno Lima <breno.lima@nxp.com>
-Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
-Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
----
- tools/imximage.c | 5 -----
- 1 file changed, 5 deletions(-)
-
-diff --git a/tools/imximage.c b/tools/imximage.c
-index 0c43196..bef56f8 100644
---- a/tools/imximage.c
-+++ b/tools/imximage.c
-@@ -765,11 +765,6 @@ static uint32_t parse_cfg_file(struct imx_header *imxhdr, char *name)
- 	(*set_dcd_rst)(imxhdr, dcd_len, name, lineno);
- 	fclose(fd);
- 
--	/* Exit if there is no BOOT_FROM field specifying the flash_offset */
--	if (imximage_ivt_offset == FLASH_OFFSET_UNDEFINED) {
--		fprintf(stderr, "Error: No BOOT_FROM tag in %s\n", name);
--		exit(EXIT_FAILURE);
--	}
- 	return dcd_len;
- }
- 
--- 
-2.7.4
-

board/zynqmp/post-image.sh

@@ -5,7 +5,7 @@
 # devicetree listed in the config.
 
 FIRST_DT=$(sed -nr \
-               -e 's|^BR2_LINUX_KERNEL_INTREE_DTS_NAME="xilinx/([-_/[:alnum:]]*).*"$|\1|p' \
+               -e 's|^BR2_LINUX_KERNEL_INTREE_DTS_NAME="xilinx/([-_/[:alnum:]\\.]*).*"$|\1|p' \
                ${BR2_CONFIG})
 
 [ -z "${FIRST_DT}" ] || ln -fs ${FIRST_DT}.dtb ${BINARIES_DIR}/system.dtb

configs/armadeus_apf27_defconfig

@@ -28,4 +28,7 @@ BR2_LINUX_KERNEL_INTREE_DTS_NAME="imx27-apf27dev"
 
 # U-boot
 BR2_TARGET_UBOOT=y
-BR2_TARGET_UBOOT_BOARDNAME="apf27"
+BR2_TARGET_UBOOT_BUILD_SYSTEM_KCONFIG=y
+BR2_TARGET_UBOOT_CUSTOM_VERSION=y
+BR2_TARGET_UBOOT_CUSTOM_VERSION_VALUE="2018.09"
+BR2_TARGET_UBOOT_BOARD_DEFCONFIG="apf27"

configs/at91sam9x5ek_dev_defconfig

@@ -59,7 +59,6 @@ BR2_PACKAGE_DTC_PROGRAMS=y
 BR2_PACKAGE_BLUEZ_UTILS=y
 BR2_PACKAGE_BRIDGE_UTILS=y
 BR2_PACKAGE_CAN_UTILS=y
-BR2_PACKAGE_DROPBEAR=y
 BR2_PACKAGE_ETHTOOL=y
 BR2_PACKAGE_IPERF=y
 BR2_PACKAGE_IPROUTE2=y

configs/at91sam9x5ek_mmc_dev_defconfig

@@ -62,7 +62,6 @@ BR2_PACKAGE_DTC_PROGRAMS=y
 BR2_PACKAGE_BLUEZ_UTILS=y
 BR2_PACKAGE_BRIDGE_UTILS=y
 BR2_PACKAGE_CAN_UTILS=y
-BR2_PACKAGE_DROPBEAR=y
 BR2_PACKAGE_ETHTOOL=y
 BR2_PACKAGE_IPERF=y
 BR2_PACKAGE_IPROUTE2=y

configs/atmel_sama5d27_som1_ek_mmc_dev_defconfig

@@ -51,7 +51,6 @@ BR2_PACKAGE_DTC_PROGRAMS=y
 BR2_PACKAGE_BLUEZ_UTILS=y
 BR2_PACKAGE_BRIDGE_UTILS=y
 BR2_PACKAGE_CAN_UTILS=y
-BR2_PACKAGE_DROPBEAR=y
 BR2_PACKAGE_ETHTOOL=y
 BR2_PACKAGE_IPERF=y
 BR2_PACKAGE_IPROUTE2=y

configs/atmel_sama5d2_xplained_mmc_dev_defconfig

@@ -65,7 +65,6 @@ BR2_PACKAGE_DTC_PROGRAMS=y
 BR2_PACKAGE_BLUEZ_UTILS=y
 BR2_PACKAGE_BRIDGE_UTILS=y
 BR2_PACKAGE_CAN_UTILS=y
-BR2_PACKAGE_DROPBEAR=y
 BR2_PACKAGE_ETHTOOL=y
 BR2_PACKAGE_IPERF=y
 BR2_PACKAGE_IPROUTE2=y

configs/atmel_sama5d3_xplained_dev_defconfig

@@ -61,7 +61,6 @@ BR2_PACKAGE_DTC_PROGRAMS=y
 BR2_PACKAGE_BLUEZ_UTILS=y
 BR2_PACKAGE_BRIDGE_UTILS=y
 BR2_PACKAGE_CAN_UTILS=y
-BR2_PACKAGE_DROPBEAR=y
 BR2_PACKAGE_ETHTOOL=y
 BR2_PACKAGE_IPERF=y
 BR2_PACKAGE_IPROUTE2=y

configs/atmel_sama5d3_xplained_mmc_dev_defconfig

@@ -64,7 +64,6 @@ BR2_PACKAGE_DTC_PROGRAMS=y
 BR2_PACKAGE_BLUEZ_UTILS=y
 BR2_PACKAGE_BRIDGE_UTILS=y
 BR2_PACKAGE_CAN_UTILS=y
-BR2_PACKAGE_DROPBEAR=y
 BR2_PACKAGE_ETHTOOL=y
 BR2_PACKAGE_IPERF=y
 BR2_PACKAGE_IPROUTE2=y

configs/atmel_sama5d4_xplained_dev_defconfig

@@ -62,7 +62,6 @@ BR2_PACKAGE_DTC_PROGRAMS=y
 BR2_PACKAGE_BLUEZ_UTILS=y
 BR2_PACKAGE_BRIDGE_UTILS=y
 BR2_PACKAGE_CAN_UTILS=y
-BR2_PACKAGE_DROPBEAR=y
 BR2_PACKAGE_ETHTOOL=y
 BR2_PACKAGE_IPERF=y
 BR2_PACKAGE_IPROUTE2=y

configs/atmel_sama5d4_xplained_mmc_dev_defconfig

@@ -65,7 +65,6 @@ BR2_PACKAGE_DTC_PROGRAMS=y
 BR2_PACKAGE_BLUEZ_UTILS=y
 BR2_PACKAGE_BRIDGE_UTILS=y
 BR2_PACKAGE_CAN_UTILS=y
-BR2_PACKAGE_DROPBEAR=y
 BR2_PACKAGE_ETHTOOL=y
 BR2_PACKAGE_IPERF=y
 BR2_PACKAGE_IPROUTE2=y

configs/ci20_defconfig

@@ -27,6 +27,7 @@ BR2_TARGET_UBOOT_BOARDNAME="ci20_mmc"
 BR2_TARGET_UBOOT_CUSTOM_GIT=y
 BR2_TARGET_UBOOT_CUSTOM_REPO_URL="https://github.com/MIPS/CI20_u-boot"
 BR2_TARGET_UBOOT_CUSTOM_REPO_VERSION="dd3c1b95dac7d10b2ca5806f65e5c1050d7dd0fa"
+BR2_TARGET_UBOOT_PATCH="board/ci20/patches/uboot"
 BR2_TARGET_UBOOT_FORMAT_IMG=y
 BR2_TARGET_UBOOT_SPL=y
 BR2_TARGET_UBOOT_SPL_NAME="spl/u-boot-spl.bin"

configs/imx6-sabresd_qt5_defconfig

@@ -43,6 +43,7 @@ BR2_LINUX_KERNEL_DEFCONFIG="imx_v6_v7"
 BR2_LINUX_KERNEL_DTS_SUPPORT=y
 BR2_LINUX_KERNEL_INTREE_DTS_NAME="imx6q-sabresd imx6dl-sabresd imx6qp-sabresd"
 BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="board/freescale/imx6-sabresd/linux_qt5.fragment"
+BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y
 
 # GL driver
 BR2_PACKAGE_MESA3D=y

configs/olimex_a20_olinuxino_lime_mali_defconfig

@@ -3,6 +3,9 @@ BR2_arm=y
 BR2_cortex_a7=y
 BR2_ARM_EABIHF=y
 
+# The old 3.4 kernel doesn't build with gcc >= 7.x
+BR2_GCC_VERSION_6_X=y
+
 # Linux headers same as kernel, a 3.4 series
 BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_4=y
 

configs/orangepi_zero_plus2_defconfig

@@ -21,6 +21,7 @@ BR2_TARGET_UBOOT_CUSTOM_VERSION=y
 BR2_TARGET_UBOOT_CUSTOM_VERSION_VALUE="2018.01"
 BR2_TARGET_UBOOT_BOARD_DEFCONFIG="orangepi_zero_plus2"
 BR2_TARGET_UBOOT_NEEDS_DTC=y
+BR2_TARGET_UBOOT_NEEDS_PYLIBFDT=y
 BR2_TARGET_UBOOT_NEEDS_ATF_BL31=y
 BR2_TARGET_UBOOT_FORMAT_CUSTOM=y
 BR2_TARGET_UBOOT_FORMAT_CUSTOM_NAME="u-boot.itb"
@@ -37,6 +38,7 @@ BR2_LINUX_KERNEL_USE_ARCH_DEFAULT_CONFIG=y
 BR2_LINUX_KERNEL_DTS_SUPPORT=y
 BR2_LINUX_KERNEL_INTREE_DTS_NAME="allwinner/sun50i-h5-orangepi-zero-plus2"
 BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="board/orangepi/orangepi-zero-plus2/linux-extras.config"
+BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y
 
 # wireless firmware
 BR2_PACKAGE_LINUX_FIRMWARE=y

docs/manual/customize-directory-structure.txt

@@ -50,6 +50,7 @@ to you.
 |
 +-- Config.in (if using a br2-external tree)
 +-- external.mk (if using a br2-external tree)
++-- external.desc (if using a br2-external tree)
 ------
 
 Details on the files shown above are given further in this chapter.

fs/common.mk

@@ -40,47 +40,20 @@ define ROOTFS_REPRODUCIBLE
 endef
 endif
 
-ROOTFS_COMMON_TAR = $(FS_DIR)/rootfs.common.tar
-
-# Command to create the common tarball from the base target directory.
-define ROOTFS_COMMON_TAR_CMD
-	tar cf $(ROOTFS_COMMON_TAR) --numeric-owner \
-		--exclude=$(notdir $(TARGET_DIR_WARNING_FILE)) \
-		-C $(TARGET_DIR) .
-endef
-
-# Command to extract the common tarball into the per-rootfs target directory
-define ROOTFS_COMMON_UNTAR_CMD
-	mkdir -p $(TARGET_DIR)
-	tar xf $(ROOTFS_COMMON_TAR) -C $(TARGET_DIR)
-endef
-
-.PHONY: rootfs-common
-rootfs-common: $(ROOTFS_COMMON_TAR)
-
-# Emulate being in a filesystem, so that we can have our own TARGET_DIR.
-ROOTFS_COMMON_TARGET_DIR = $(FS_DIR)/target
-
 ROOTFS_COMMON_DEPENDENCIES = \
 	host-fakeroot host-makedevs \
 	$(if $(PACKAGES_USERS)$(ROOTFS_USERS_TABLES),host-mkpasswd)
 
-$(ROOTFS_COMMON_TAR): ROOTFS=COMMON
-$(ROOTFS_COMMON_TAR): FAKEROOT_SCRIPT=$(FS_DIR)/fakeroot.fs
-$(ROOTFS_COMMON_TAR): $(ROOTFS_COMMON_DEPENDENCIES) target-finalize
-	@$(call MESSAGE,"Generating common rootfs tarball")
+.PHONY: rootfs-common
+rootfs-common: $(ROOTFS_COMMON_DEPENDENCIES) target-finalize
+	@$(call MESSAGE,"Generating root filesystems common tables")
 	rm -rf $(FS_DIR)
 	mkdir -p $(FS_DIR)
-	rsync -auH $(BASE_TARGET_DIR)/ $(TARGET_DIR)
-	echo '#!/bin/sh' > $(FAKEROOT_SCRIPT)
-	echo "set -e" >> $(FAKEROOT_SCRIPT)
-	echo "chown -h -R 0:0 $(TARGET_DIR)" >> $(FAKEROOT_SCRIPT)
 
 	$(call PRINTF,$(PACKAGES_USERS)) >> $(USERS_TABLE)
 ifneq ($(ROOTFS_USERS_TABLES),)
 	cat $(ROOTFS_USERS_TABLES) >> $(USERS_TABLE)
 endif
-	PATH=$(BR_PATH) $(TOPDIR)/support/scripts/mkusers $(USERS_TABLE) $(TARGET_DIR) >> $(FAKEROOT_SCRIPT)
 ifneq ($(ROOTFS_DEVICE_TABLES),)
 	cat $(ROOTFS_DEVICE_TABLES) > $(FULL_DEVICE_TABLE)
 ifeq ($(BR2_ROOTFS_DEVICE_CREATION_STATIC),y)
@@ -88,16 +61,6 @@ ifeq ($(BR2_ROOTFS_DEVICE_CREATION_STATIC),y)
 endif
 endif
 	$(call PRINTF,$(PACKAGES_PERMISSIONS_TABLE)) >> $(FULL_DEVICE_TABLE)
-	echo "$(HOST_DIR)/bin/makedevs -d $(FULL_DEVICE_TABLE) $(TARGET_DIR)" >> $(FAKEROOT_SCRIPT)
-	$(foreach s,$(call qstrip,$(BR2_ROOTFS_POST_FAKEROOT_SCRIPT)),\
-		echo "echo '$(TERM_BOLD)>>>   Executing fakeroot script $(s)$(TERM_RESET)'" >> $(FAKEROOT_SCRIPT); \
-		echo $(EXTRA_ENV) $(s) $(TARGET_DIR) $(BR2_ROOTFS_POST_SCRIPT_ARGS) >> $(FAKEROOT_SCRIPT)$(sep))
-	$(foreach hook,$(ROOTFS_PRE_CMD_HOOKS),\
-		$(call PRINTF,$($(hook))) >> $(FAKEROOT_SCRIPT)$(sep))
-	$(call PRINTF,$(ROOTFS_COMMON_TAR_CMD)) >> $(FAKEROOT_SCRIPT)
-	chmod a+x $(FAKEROOT_SCRIPT)
-	PATH=$(BR_PATH) $(HOST_DIR)/bin/fakeroot -- $(FAKEROOT_SCRIPT)
-	$(Q)rm -rf $(TARGET_DIR)
 
 rootfs-common-show-depends:
 	@echo $(ROOTFS_COMMON_DEPENDENCIES)
@@ -146,9 +109,23 @@ $$(BINARIES_DIR)/rootfs.$(1): $$(ROOTFS_$(2)_DEPENDENCIES)
 	@$$(call MESSAGE,"Generating root filesystem image rootfs.$(1)")
 	rm -rf $$(ROOTFS_$(2)_DIR)
 	mkdir -p $$(ROOTFS_$(2)_DIR)
+	rsync -auH \
+		--exclude=/$$(notdir $$(TARGET_DIR_WARNING_FILE)) \
+		$$(BASE_TARGET_DIR)/ \
+		$$(TARGET_DIR)
+
 	echo '#!/bin/sh' > $$(FAKEROOT_SCRIPT)
 	echo "set -e" >> $$(FAKEROOT_SCRIPT)
-	$$(call PRINTF,$$(ROOTFS_COMMON_UNTAR_CMD)) >> $$(FAKEROOT_SCRIPT)
+
+	echo "chown -h -R 0:0 $$(TARGET_DIR)" >> $$(FAKEROOT_SCRIPT)
+	PATH=$$(BR_PATH) $$(TOPDIR)/support/scripts/mkusers $$(USERS_TABLE) $$(TARGET_DIR) >> $$(FAKEROOT_SCRIPT)
+	echo "$$(HOST_DIR)/bin/makedevs -d $$(FULL_DEVICE_TABLE) $$(TARGET_DIR)" >> $$(FAKEROOT_SCRIPT)
+	$$(foreach s,$$(call qstrip,$$(BR2_ROOTFS_POST_FAKEROOT_SCRIPT)),\
+		echo "echo '$$(TERM_BOLD)>>>   Executing fakeroot script $$(s)$$(TERM_RESET)'" >> $$(FAKEROOT_SCRIPT); \
+		echo $$(EXTRA_ENV) $$(s) $$(TARGET_DIR) $$(BR2_ROOTFS_POST_SCRIPT_ARGS) >> $$(FAKEROOT_SCRIPT)$$(sep))
+	$$(foreach hook,$$(ROOTFS_PRE_CMD_HOOKS),\
+		$$(call PRINTF,$$($$(hook))) >> $$(FAKEROOT_SCRIPT)$$(sep))
+
 	$$(foreach hook,$$(ROOTFS_$(2)_PRE_GEN_HOOKS),\
 		$$(call PRINTF,$$($$(hook))) >> $$(FAKEROOT_SCRIPT)$$(sep))
 	$$(call PRINTF,$$(ROOTFS_REPRODUCIBLE)) >> $$(FAKEROOT_SCRIPT)
@@ -170,7 +147,7 @@ rootfs-$(1): $$(BINARIES_DIR)/rootfs.$(1)
 
 ifeq ($$(BR2_TARGET_ROOTFS_$(2)),y)
 TARGETS_ROOTFS += rootfs-$(1)
-PACKAGES += $$(filter-out rootfs-%,$$(ROOTFS_$(2)_DEPENDENCIES))
+PACKAGES += $$(filter-out rootfs-%,$$(ROOTFS_$(2)_DEPENDENCIES) $$(ROOTFS_COMMON_DEPENDENCIES))
 endif
 
 # Check for legacy POST_TARGETS rules

fs/tar/tar.mk

@@ -10,7 +10,7 @@ ROOTFS_TAR_DEPENDENCIES = $(BR2_TAR_HOST_DEPENDENCY)
 
 define ROOTFS_TAR_CMD
 	(cd $(TARGET_DIR); find -print0 | LC_ALL=C sort -z | \
-		tar $(TAR_OPTS) -cf $@ --null --no-recursion -T - --numeric-owner)
+		tar $(TAR_OPTS) -cf $@ --null --xattrs-include='*' --no-recursion -T - --numeric-owner)
 endef
 
 $(eval $(rootfs))

linux/linux.mk

@@ -300,6 +300,7 @@ define LINUX_KCONFIG_FIXUP_CMDS
 	# replaced later by the real cpio archive, and the kernel will be
 	# rebuilt using the linux-rebuild-with-initramfs target.
 	$(if $(BR2_TARGET_ROOTFS_INITRAMFS),
+		mkdir -p $(BINARIES_DIR)
 		touch $(BINARIES_DIR)/rootfs.cpio
 		$(call KCONFIG_SET_OPT,CONFIG_INITRAMFS_SOURCE,"$${BR_BINARIES_DIR}/rootfs.cpio",$(@D)/.config)
 		$(call KCONFIG_SET_OPT,CONFIG_INITRAMFS_ROOT_UID,0,$(@D)/.config)
@@ -309,6 +310,9 @@ define LINUX_KCONFIG_FIXUP_CMDS
 		$(call KCONFIG_ENABLE_OPT,CONFIG_DEVTMPFS_MOUNT,$(@D)/.config))
 	$(if $(BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_EUDEV),
 		$(call KCONFIG_ENABLE_OPT,CONFIG_INOTIFY_USER,$(@D)/.config))
+	$(if $(BR2_PACKAGE_AUDIT),
+		$(call KCONFIG_ENABLE_OPT,CONFIG_NET,$(@D)/.config)
+		$(call KCONFIG_ENABLE_OPT,CONFIG_AUDIT,$(@D)/.config))
 	$(if $(BR2_PACKAGE_KTAP),
 		$(call KCONFIG_ENABLE_OPT,CONFIG_DEBUG_FS,$(@D)/.config)
 		$(call KCONFIG_ENABLE_OPT,CONFIG_ENABLE_DEFAULT_TRACERS,$(@D)/.config)
@@ -443,9 +447,7 @@ define LINUX_INSTALL_HOST_TOOLS
 	# Installing dtc (device tree compiler) as host tool, if selected
 	if grep -q "CONFIG_DTC=y" $(@D)/.config; then \
 		$(INSTALL) -D -m 0755 $(@D)/scripts/dtc/dtc $(HOST_DIR)/bin/linux-dtc ; \
-		if [ ! -e $(HOST_DIR)/bin/dtc ]; then \
-			ln -sf linux-dtc $(HOST_DIR)/bin/dtc ; \
-		fi \
+		$(if $(BR2_PACKAGE_HOST_DTC),,ln -sf linux-dtc $(HOST_DIR)/bin/dtc;) \
 	fi
 endef
 

package/attr/0002-Switch-back-to-syscall.patch

@@ -0,0 +1,126 @@
+From 14adc898a36948267bfe5c63b399996879e94c98 Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruenba@redhat.com>
+Date: Fri, 17 Aug 2018 14:07:31 +0200
+Subject: Switch back to syscall()
+
+Switch back to syscall() for the *xattr system calls.  The current
+mechanism of forwarding those calls to glibc breaks libraries like
+libfakeroot (fakeroot) and libasan (the gcc address sanitizer; gcc
+-fsanitize=address).
+
+Those libraries provide wrappers for functions defined in other shared
+libraries, usually glibc, do their own processing, and forward calls to
+the original symbols looke dup via dlsym(RTLD_NEXT, "symbol_name").  In
+our case, dlsym returns the libattr_*xattr wrappers.  However, when our
+wrappers try calling glibc, they end up calling the libfakeroot /
+libasan wrappers instead because those override the original symbols =>
+recursion.
+
+The libattr_*xattr wrappers will only be used when symbols are looked up
+at runtime (dlopen / dlsym).  Programs linking against libattr will
+directly use the glibc provided symbols.  Therefore, the slightly worse
+performance of syscall() won't affect any of the "normal" users of
+libattr.
+
+[nicolas.cavallari: with uclibc-ng, the recursion always happen]
+Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
+---
+ libattr/syscalls.c | 26 ++++++++++++++------------
+ 1 file changed, 14 insertions(+), 12 deletions(-)
+
+diff --git a/libattr/syscalls.c b/libattr/syscalls.c
+index 3013aa0..721ad7f 100644
+--- a/libattr/syscalls.c
++++ b/libattr/syscalls.c
+@@ -22,6 +22,8 @@
+ 
+ #include "config.h"
+ 
++#include <unistd.h>
++#include <sys/syscall.h>
+ #include <sys/xattr.h>
+ 
+ #ifdef HAVE_VISIBILITY_ATTRIBUTE
+@@ -31,67 +33,67 @@
+ int libattr_setxattr(const char *path, const char *name,
+ 		     void *value, size_t size, int flags)
+ {
+-	return setxattr(path, name, value, size, flags);
++	return syscall(__NR_setxattr, path, name, value, size, flags);
+ }
+ 
+ int libattr_lsetxattr(const char *path, const char *name,
+ 		      void *value, size_t size, int flags)
+ {
+-	return lsetxattr(path, name, value, size, flags);
++	return syscall(__NR_lsetxattr, path, name, value, size, flags);
+ }
+ 
+ int libattr_fsetxattr(int filedes, const char *name,
+ 		      void *value, size_t size, int flags)
+ {
+-	return fsetxattr(filedes, name, value, size, flags);
++	return syscall(__NR_fsetxattr, filedes, name, value, size, flags);
+ }
+ 
+ ssize_t libattr_getxattr(const char *path, const char *name,
+ 			 void *value, size_t size)
+ {
+-	return getxattr(path, name, value, size);
++	return syscall(__NR_getxattr, path, name, value, size);
+ }
+ 
+ ssize_t libattr_lgetxattr(const char *path, const char *name,
+ 			  void *value, size_t size)
+ {
+-	return lgetxattr(path, name, value, size);
++	return syscall(__NR_lgetxattr, path, name, value, size);
+ }
+ 
+ ssize_t libattr_fgetxattr(int filedes, const char *name,
+ 			  void *value, size_t size)
+ {
+-	return fgetxattr(filedes, name, value, size);
++	return syscall(__NR_fgetxattr, filedes, name, value, size);
+ }
+ 
+ ssize_t libattr_listxattr(const char *path, char *list, size_t size)
+ {
+-	return listxattr(path, list, size);
++	return syscall(__NR_listxattr, path, list, size);
+ }
+ 
+ ssize_t libattr_llistxattr(const char *path, char *list, size_t size)
+ {
+-	return llistxattr(path, list, size);
++	return syscall(__NR_llistxattr, path, list, size);
+ }
+ 
+ ssize_t libattr_flistxattr(int filedes, char *list, size_t size)
+ {
+-	return flistxattr(filedes, list, size);
++	return syscall(__NR_flistxattr, filedes, list, size);
+ }
+ 
+ int libattr_removexattr(const char *path, const char *name)
+ {
+-	return removexattr(path, name);
++	return syscall(__NR_removexattr, path, name);
+ }
+ 
+ int libattr_lremovexattr(const char *path, const char *name)
+ {
+-	return lremovexattr(path, name);
++	return syscall(__NR_lremovexattr, path, name);
+ }
+ 
+ int libattr_fremovexattr(int filedes, const char *name)
+ {
+-	return fremovexattr(filedes, name);
++	return syscall(__NR_fremovexattr, filedes, name);
+ }
+ 
+ #ifdef HAVE_VISIBILITY_ATTRIBUTE
+-- 
+cgit v1.0-41-gc330
+

package/audit/0001-Fix-audispd-path-in-auditd.conf.patch

@@ -0,0 +1,32 @@
+From 6e1fd09f7bc131c8f16d9cc43e2455ba4650c651 Mon Sep 17 00:00:00 2001
+From: Carlos Santos <casantos@datacom.com.br>
+Date: Sat, 3 Nov 2018 08:25:58 -0300
+Subject: [PATCH] Fix audispd path in auditd.conf
+
+audispd is installed at /usr/sbin but the configuration file pointed
+to /sbin, causing auditd to fail on startup.
+
+This patch cannot be sent upstream because audispd does not exist
+anymore on the master branch (it was merged to auditd).
+
+Signed-off-by: Carlos Santos <casantos@datacom.com.br>
+---
+ init.d/auditd.conf | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/init.d/auditd.conf b/init.d/auditd.conf
+index 4dcda83..998904f 100644
+--- a/init.d/auditd.conf
++++ b/init.d/auditd.conf
+@@ -13,7 +13,7 @@ max_log_file = 8
+ num_logs = 5
+ priority_boost = 4
+ disp_qos = lossy
+-dispatcher = /sbin/audispd
++dispatcher = /usr/sbin/audispd
+ name_format = NONE
+ ##name = mydomain
+ max_log_file_action = ROTATE
+-- 
+2.17.1
+

package/audit/audit.hash

@@ -1,4 +1,4 @@
 #Locally computed
-sha256 67b59b2b77afee9ed87afa4d80ffc8e6f3a1f4bbedd5f2871f387c952147bcba audit-2.8.2.tar.gz
+sha256 a410694d09fc5708d980a61a5abcb9633a591364f1ecc7e97ad5daef9c898c38 audit-2.8.4.tar.gz
 sha256 32b1062f7da84967e7019d01ab805935caa7ab7321a7ced0e30ebe75e5df1670 COPYING
 sha256 f18a0811fa0e220ccbc42f661545e77f0388631e209585ed582a1c693029c6aa COPYING.LIB

package/audit/audit.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-AUDIT_VERSION = 2.8.2
+AUDIT_VERSION = 2.8.4
 AUDIT_SITE = http://people.redhat.com/sgrubb/audit
 AUDIT_LICENSE = GPL-2.0+ (programs), LGPL-2.1+ (libraries)
 AUDIT_LICENSE_FILES = COPYING COPYING.LIB
@@ -38,7 +38,7 @@ AUDIT_CONF_OPTS += --disable-systemd
 endif
 
 define AUDIT_INSTALL_INIT_SYSV
-	$(INSTALL) -D -m 755 package/audit/S01auditd $(TARGET_DIR)/etc/init.d/S01auditd
+	$(INSTALL) -D -m 755 package/audit/S02auditd $(TARGET_DIR)/etc/init.d/S02auditd
 endef
 
 define AUDIT_INSTALL_INIT_SYSTEMD

package/bind/0003-Rename-ptrsize-to-ptr_size.patch

@@ -1,74 +0,0 @@
-From 254dc19788ba2a03504fc6d1036fef477a60035f Mon Sep 17 00:00:00 2001
-From: Gustavo Zacarias <gustavo@zacarias.com.ar>
-Date: Fri, 22 Jan 2016 08:31:02 -0300
-Subject: [PATCH] Rename ptrsize to ptr_size
-
-This is to compensate for a uClibc mess caused by commit
-70a04a287a2875c82e6822c36e071afba5b63a62 where ptrsize is defined for
-mips, hence causing build breakage under certain conditions for programs
-that use this variable name.
-
-Status: definitely not upstreamable.
-
-Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
----
- lib/dns/rbt.c   | 6 +++---
- lib/dns/rbtdb.c | 4 ++--
- 2 files changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/lib/dns/rbt.c b/lib/dns/rbt.c
-index 86b5183..5fd55de 100644
---- a/lib/dns/rbt.c
-+++ b/lib/dns/rbt.c
-@@ -113,7 +113,7 @@ struct file_header {
- 	 * information about the system on which the map file was generated
- 	 * will be used to tell if we can load the map file or not
- 	 */
--	isc_uint32_t ptrsize;
-+	isc_uint32_t ptr_size;
- 	unsigned int bigendian:1;	/* big or little endian system */
- 	unsigned int rdataset_fixed:1;	/* compiled with --enable-rrset-fixed */
- 	unsigned int nodecount;		/* shadow from rbt structure */
-@@ -517,7 +517,7 @@ write_header(FILE *file, dns_rbt_t *rbt, isc_uint64_t first_node_offset,
- 	memmove(header.version1, FILE_VERSION, sizeof(header.version1));
- 	memmove(header.version2, FILE_VERSION, sizeof(header.version2));
- 	header.first_node_offset = first_node_offset;
--	header.ptrsize = (isc_uint32_t) sizeof(void *);
-+	header.ptr_size = (isc_uint32_t) sizeof(void *);
- 	header.bigendian = (1 == htonl(1)) ? 1 : 0;
- 
- #ifdef DNS_RDATASET_FIXED
-@@ -902,7 +902,7 @@ dns_rbt_deserialize_tree(void *base_address, size_t filesize,
- 	}
- #endif
- 
--	if (header->ptrsize != (isc_uint32_t) sizeof(void *)) {
-+	if (header->ptr_size != (isc_uint32_t) sizeof(void *)) {
- 		result = ISC_R_INVALIDFILE;
- 		goto cleanup;
- 	}
-diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
-index c7168cb..dbcf944 100644
---- a/lib/dns/rbtdb.c
-+++ b/lib/dns/rbtdb.c
-@@ -114,7 +114,7 @@ typedef struct rbtdb_file_header rbtdb_file_header_t;
- 
- struct rbtdb_file_header {
- 	char version1[32];
--	isc_uint32_t ptrsize;
-+	isc_uint32_t ptr_size;
- 	unsigned int bigendian:1;
- 	isc_uint64_t tree;
- 	isc_uint64_t nsec;
-@@ -7593,7 +7593,7 @@ rbtdb_write_header(FILE *rbtfile, off_t tree_location, off_t nsec_location,
- 	memset(&header, 0, sizeof(rbtdb_file_header_t));
- 	memmove(header.version1, FILE_VERSION, sizeof(header.version1));
- 	memmove(header.version2, FILE_VERSION, sizeof(header.version2));
--	header.ptrsize = (isc_uint32_t) sizeof(void *);
-+	header.ptr_size = (isc_uint32_t) sizeof(void *);
- 	header.bigendian = (1 == htonl(1)) ? 1 : 0;
- 	header.tree = (isc_uint64_t) tree_location;
- 	header.nsec = (isc_uint64_t) nsec_location;
--- 
-2.4.10
-

package/bind/bind.hash

@@ -1,4 +1,4 @@
-# Verified from https://ftp.isc.org/isc/bind9/9.11.4-P1/bind-9.11.4-P1.tar.gz.asc
+# Verified from https://ftp.isc.org/isc/bind9/9.11.5/bind-9.11.5.tar.gz.asc
 # with key BE0E9748B718253A28BB89FFF1B11BF05CF02E57
-sha256 a85af7b629109d41285c7adeae1515daac638bbe4d5dc30d1f4b343dff09d811 bind-9.11.4-P2.tar.gz
+sha256 a4cae11dad954bdd4eb592178f875bfec09fcc7e29fe0f6b7a4e5b5c6bc61322 bind-9.11.5.tar.gz
 sha256 336f3c40e37a1a13690efb4c63e20908faa4c40498cc02f3579fb67d3a1933a5 COPYRIGHT

package/bind/bind.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-BIND_VERSION = 9.11.4-P2
+BIND_VERSION = 9.11.5
 BIND_SITE = http://ftp.isc.org/isc/bind9/$(BIND_VERSION)
 # bind does not support parallel builds.
 BIND_MAKE = $(MAKE1)

package/binutils/Config.in.host

@@ -1,5 +1,11 @@
 comment "Binutils Options"
 
+config BR2_PACKAGE_HOST_BINUTILS_SUPPORTS_CFI
+	bool
+	default y
+	depends on !BR2_microblaze
+	depends on !(BR2_nios2 && (BR2_BINUTILS_VERSION_2_28_X || BR2_BINUTILS_VERSION_2_29_X))
+
 choice
 	prompt "Binutils Version"
 	default BR2_BINUTILS_VERSION_2_28_X if BR2_ARM_INSTRUCTIONS_THUMB

package/brotli/0001-CMake-Allow-using-BUILD_SHARED_LIBS-to-choose-static.patch

@@ -1,4 +1,4 @@
-From b60b613e7c2c9bf7a142c3c486ac6e77ad93f5d1 Mon Sep 17 00:00:00 2001
+From 7289e5a378ba13801996a84d89d8fe95c3fc4c11 Mon Sep 17 00:00:00 2001
 From: Adrian Perez de Castro <aperez@igalia.com>
 Date: Mon, 26 Mar 2018 19:08:31 +0100
 Subject: [PATCH] CMake: Allow using BUILD_SHARED_LIBS to choose static/shared
@@ -27,7 +27,7 @@ Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
 Upstream-Status: Submitted [https://github.com/google/brotli/pull/655]
 
 diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 99b9258..3867931 100644
+index fc45f80..3f87f13 100644
 --- a/CMakeLists.txt
 +++ b/CMakeLists.txt
 @@ -6,6 +6,8 @@ cmake_minimum_required(VERSION 2.8.6)
@@ -120,25 +120,25 @@ index 99b9258..3867931 100644
      DIRECTORY ${BROTLI_INCLUDE_DIRS}/brotli
      DESTINATION "${CMAKE_INSTALL_INCLUDEDIR}"
 diff --git a/c/fuzz/test_fuzzer.sh b/c/fuzz/test_fuzzer.sh
-index 5c754e1..e85e12f 100755
+index 9985194..4b99947 100755
 --- a/c/fuzz/test_fuzzer.sh
 +++ b/c/fuzz/test_fuzzer.sh
-@@ -14,12 +14,12 @@ mkdir bin
+@@ -13,12 +13,12 @@ mkdir bin
  cd bin
  
- cmake $BROTLI -DCMAKE_C_COMPILER="$CC" -DCMAKE_CXX_COMPILER="$CXX" \
+ cmake $BROTLI -DCMAKE_C_COMPILER="$CC" \
 -    -DBUILD_TESTING=OFF -DENABLE_SANITIZER=address
 -make -j$(nproc) brotlidec-static
 +    -DBUILD_TESTING=OFF -DBUILD_SHARED_LIBS=OFF -DENABLE_SANITIZER=address
 +make -j$(nproc) brotlidec
  
- ${CXX} -o run_decode_fuzzer -std=c++11 -fsanitize=address -I$SRC/include \
-     $SRC/fuzz/decode_fuzzer.cc $SRC/fuzz/run_decode_fuzzer.cc \
+ ${CC} -o run_decode_fuzzer -std=c99 -fsanitize=address -I$SRC/include \
+     $SRC/fuzz/decode_fuzzer.c $SRC/fuzz/run_decode_fuzzer.c \
 -    ./libbrotlidec-static.a ./libbrotlicommon-static.a
 +    ./libbrotlidec.a ./libbrotlicommon.a
  
  mkdir decode_corpora
  unzip $BROTLI/java/org/brotli/integration/fuzz_data.zip -d decode_corpora
 -- 
-2.16.3
+2.19.1
 

package/brotli/0001-Tell-CMake-to-not-check-for-a-C-compiler.patch

@@ -1,31 +0,0 @@
-From fea0b1e46c486225d57e730cc0f94fa06b5b93fc Mon Sep 17 00:00:00 2001
-From: Adrian Perez de Castro <aperez@igalia.com>
-Date: Mon, 26 Mar 2018 12:12:00 +0100
-Subject: [PATCH] Tell CMake to not check for a C++ compiler
-
-By default CMake checks both for C and C++ compilers, while the latter
-is not needed. Setting the list of languages to just "C" in the call to
-project() removes the unneeded check.
----
- CMakeLists.txt | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
-Upstream-Status: Submitted [https://github.com/google/brotli/pull/653]
-
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 2dc7232..3fbcbfb 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -4,7 +4,7 @@
- # support 2.8.7.
- cmake_minimum_required(VERSION 2.8.6)
- 
--project(brotli)
-+project(brotli LANGUAGES C)
- 
- # If Brotli is being bundled in another project, we don't want to
- # install anything.  However, we want to let people override this, so
--- 
-2.16.3
-

package/brotli/brotli.hash

@@ -1,5 +1,5 @@
 # Locally generated:
-sha512  93adcf437d730ac403e444285ac8aefbb2c8a6b5e1b064e8ee33684c067287a8159e0ee73d2217c167881e87da73fa494792d963a15508fd42b2ac4a5b52823c  v1.0.3.tar.gz
+sha512  a82362aa36d2f2094bca0b2808d9de0d57291fb3a4c29d7c0ca0a37e73087ec5ac4df299c8c363e61106fccf2fe7f58b5cf76eb97729e2696058ef43b1d3930a  v1.0.7.tar.gz
 
 # Hash for license files:
 sha512  bae78184c2f50f86d8c727826d3982c469454c42b9af81f4ef007e39036434fa894cf5be3bf5fc65b7de2301f0a72d067a8186e303327db8a96bd14867e0a3a8  LICENSE

package/brotli/brotli.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-BROTLI_VERSION = 1.0.3
+BROTLI_VERSION = 1.0.7
 BROTLI_SOURCE = v$(BROTLI_VERSION).tar.gz
 BROTLI_SITE = https://github.com/google/brotli/archive
 BROTLI_LICENSE = MIT

package/busybox/0003-Revert-libbb-remove-unnecessary-variable-in-xmalloc_.patch

@@ -1,39 +0,0 @@
-From 0d598ab9f03dbf320f7b81c05e4a94cb303dfbc7 Mon Sep 17 00:00:00 2001
-From: Denys Vlasenko <vda.linux@googlemail.com>
-Date: Sun, 2 Sep 2018 18:35:29 +0200
-Subject: [PATCH] Revert "libbb: remove unnecessary variable in xmalloc_fgets"
-
-The variable is in fact necessary.
-
-    commit 2da9724b56169f00bd7fb6b9a11c9409a7620981
-    Author: Quentin Rameau <quinq@fifth.space>
-    Date:   Sun Apr 1 17:05:35 2018 +0200
-        libbb: remove unnecessary variable in xmalloc_fgets
-
-Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-[Thomas De Schampheleire: added to unbreak 'head -n -1',
-see http://lists.busybox.net/pipermail/busybox/2018-August/086617.html ]
-Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
-
----
- libbb/get_line_from_file.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/libbb/get_line_from_file.c b/libbb/get_line_from_file.c
-index f3d6c6203..49ef093c2 100644
---- a/libbb/get_line_from_file.c
-+++ b/libbb/get_line_from_file.c
-@@ -47,7 +47,9 @@ char* FAST_FUNC bb_get_chunk_from_file(FILE *file, size_t *end)
- /* Get line, including trailing \n if any */
- char* FAST_FUNC xmalloc_fgets(FILE *file)
- {
--	return bb_get_chunk_from_file(file, NULL);
-+	int i;
-+
-+	return bb_get_chunk_from_file(file, &i);
- }
- /* Get line.  Remove trailing \n */
- char* FAST_FUNC xmalloc_fgetline(FILE *file)
--- 
-2.16.4
-

package/busybox/busybox.hash

@@ -1,3 +1,3 @@
-# From https://busybox.net/downloads/busybox-1.29.2.tar.bz2.sha256
-sha256 67d2fa6e147a45875fe972de62d907ef866fe784c495c363bf34756c444a5d61  busybox-1.29.2.tar.bz2
+# From https://busybox.net/downloads/busybox-1.29.3.tar.bz2.sha256
+sha256 97648636e579462296478e0218e65e4bc1e9cd69089a3b1aeb810bff7621efb7  busybox-1.29.3.tar.bz2
 sha256 bbfc9843646d483c334664f651c208b9839626891d8f17604db2146962f43548  LICENSE

package/busybox/busybox.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-BUSYBOX_VERSION = 1.29.2
+BUSYBOX_VERSION = 1.29.3
 BUSYBOX_SITE = http://www.busybox.net/downloads
 BUSYBOX_SOURCE = busybox-$(BUSYBOX_VERSION).tar.bz2
 BUSYBOX_LICENSE = GPL-2.0

package/c-ares/c-ares.hash

@@ -1,2 +1,5 @@
 # Locally calculated after checking pgp signature
 sha256 45d3c1fd29263ceec2afc8ff9cd06d5f8f889636eb4e80ce3cc7f0eaf7aadc6e c-ares-1.14.0.tar.gz
+
+# Hash for license file
+sha256 db4eb63fe09daebdf57d3f79b091bb5ee5070c0d761040e83264e648d307af4c LICENSE.md

package/c-ares/c-ares.mk

@@ -11,7 +11,6 @@ C_ARES_CONF_OPTS = --with-random=/dev/urandom
 # Rebuild configure to avoid XC_CHECK_USER_CFLAGS
 C_ARES_AUTORECONF = YES
 C_ARES_LICENSE = MIT
-# No standalone, use some source file
-C_ARES_LICENSE_FILES = ares_mkquery.c
+C_ARES_LICENSE_FILES = LICENSE.md
 
 $(eval $(autotools-package))

package/dante/dante.mk

@@ -9,10 +9,10 @@ DANTE_SITE = http://www.inet.no/dante/files
 DANTE_LICENSE = BSD-3-Clause
 DANTE_LICENSE_FILES = LICENSE
 
-# Dante uses a *VERY* old configure.ac
-DANTE_LIBTOOL_PATCH = NO
+# 0002-compiler.m4-do-not-remove-g-flag.patch touches a m4 file
+DANTE_AUTORECONF = YES
 
-DANTE_CONF_OPTS += --disable-client --disable-preload
+DANTE_CONF_OPTS += --disable-client --disable-preload --without-pam
 
 define DANTE_INSTALL_CONFIG_FILE
 	$(INSTALL) -D -m 644 $(@D)/example/sockd.conf \

package/docker-compose/0001-setup.py-allow-all-recent-2.x-requests-releases.patch

@@ -0,0 +1,34 @@
+From a79152d1d621ea9d477ecc6862a03cae80b2425b Mon Sep 17 00:00:00 2001
+From: Peter Korsgaard <peter@korsgaard.com>
+Date: Sat, 15 Dec 2018 14:04:57 +0100
+Subject: [PATCH] setup.py: allow all recent 2.x requests releases
+
+Instead of having to update this for each new requests release.
+
+It it not quite clear why the restriction was added in the first place in
+commit b0480b4d04e (Bump SDK version to latest), but change it to simply
+disallow the upcoming 3.0 release to match what is done for the other
+modules.
+
+Submitted upstream: https://github.com/docker/compose/pull/6415
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ setup.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/setup.py b/setup.py
+index 96530726..3c8c7d0e 100644
+--- a/setup.py
++++ b/setup.py
+@@ -33,7 +33,7 @@ install_requires = [
+     'cached-property >= 1.2.0, < 2',
+     'docopt >= 0.6.1, < 0.7',
+     'PyYAML >= 3.10, < 4',
+-    'requests >= 2.6.1, != 2.11.0, != 2.12.2, != 2.18.0, < 2.19',
++    'requests >= 2.6.1, != 2.11.0, != 2.12.2, != 2.18.0, < 3.0',
+     'texttable >= 0.9.0, < 0.10',
+     'websocket-client >= 0.32.0, < 1.0',
+     'docker >= 3.1.4, < 4.0',
+-- 
+2.11.0
+

package/domoticz/0002-CMakeLists.txt-fix-build-with-python-and-cmake-3.7.patch

@@ -0,0 +1,40 @@
+From 4b77662232c806b8aba7680405144ad51ac3671b Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Thu, 29 Nov 2018 00:36:00 +0100
+Subject: [PATCH] CMakeLists.txt: fix build with python and cmake <= 3.7
+
+domoticz will fail to build with python and older cmake
+Indeed, find_package(PythonLibs 3.4) will not recognize python 3.7 until
+cmake 3.7 and the following commit:
+https://github.com/Kitware/CMake/commit/c31573b9641e0f1bc7a34149506db51f3494323b
+
+To fix this, add a call to find_package(PythonInterp 3.4). Indeed, if
+FindPythonInterp has already found the major and minor version, that
+version will be inserted between the user supplied versions and the
+stock version list since cmake in version 3.1 and
+https://github.com/Kitware/CMake/commit/3816cd2dc7a7cc220e4f1b1e87fee986545b9cb3
+
+Fixes:
+ - http://autobuild.buildroot.org/results/8e82501a7b49da628ec026132ffca44c0c813040
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Upstream status: https://github.com/domoticz/domoticz/pull/2889]
+---
+ CMakeLists.txt | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index f4e38b88..41003a0c 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -125,6 +125,7 @@ ENDIF(USE_BUILTIN_SQLITE)
+ 
+ option(USE_PYTHON "Use Python for Plugins and Event-Scripts" YES)
+ IF(USE_PYTHON)
++  find_package(PythonInterp 3.4)
+   find_package(PythonLibs 3.4)
+   IF(PYTHONLIBS_FOUND)
+     MESSAGE(STATUS "Python3 includes found at: ${PYTHON_INCLUDE_PATH}")
+-- 
+2.14.1
+

package/dtc/0003-checks-fix-simple-bus-compatible-matching.patch

@@ -0,0 +1,120 @@
+From 5277449e5fd13a2f3778ed3380ba157cb9d4ea55 Mon Sep 17 00:00:00 2001
+From: Rob Herring <robh@kernel.org>
+Date: Thu, 20 Sep 2018 14:30:03 -0700
+Subject: [PATCH] checks: fix simple-bus compatible matching
+
+Since commit 7975f6422260 ("Fix widespread incorrect use of strneq(),
+replace with new strprefixeq()") simple-bus checks have been silently
+skipped. The problem was 'end - str' is one more than the string length
+and the strnlen in strprefixeq fails. This can't be fixed simply by
+subtracting one as it is possible to have multiple '\0' at the end of
+the property. Fix this by making the 'compatible' property string list
+check a dependency, and then we can assume the property is null
+terminated and we can just use streq() for comparisons.
+
+Add some tests so the problem doesn't happen again.
+
+Fixes: 7975f6422260 ("Fix widespread incorrect use of strneq(), replace with new strprefixeq()")
+Reported-by: Kumar Gala <kumar.gala@linaro.org>
+Signed-off-by: Rob Herring <robh@kernel.org>
+Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
+[Backport from upstream commit e84742aa7b934cd6603e3a64f8c0966f683c5711]
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+---
+ checks.c                                    |  5 +++--
+ tests/run_tests.sh                          |  4 ++++
+ tests/unit-addr-simple-bus-compatible.dts   | 18 ++++++++++++++++++
+ tests/unit-addr-simple-bus-reg-mismatch.dts | 18 ++++++++++++++++++
+ 4 files changed, 43 insertions(+), 2 deletions(-)
+ create mode 100644 tests/unit-addr-simple-bus-compatible.dts
+ create mode 100644 tests/unit-addr-simple-bus-reg-mismatch.dts
+
+diff --git a/checks.c b/checks.c
+index a2cc103..acf91c3 100644
+--- a/checks.c
++++ b/checks.c
+@@ -910,7 +910,7 @@ static bool node_is_compatible(struct node *node, const char *compat)
+ 
+ 	for (str = prop->val.val, end = str + prop->val.len; str < end;
+ 	     str += strnlen(str, end - str) + 1) {
+-		if (strprefixeq(str, end - str, compat))
++		if (streq(str, compat))
+ 			return true;
+ 	}
+ 	return false;
+@@ -921,7 +921,8 @@ static void check_simple_bus_bridge(struct check *c, struct dt_info *dti, struct
+ 	if (node_is_compatible(node, "simple-bus"))
+ 		node->bus = &simple_bus;
+ }
+-WARNING(simple_bus_bridge, check_simple_bus_bridge, NULL, &addr_size_cells);
++WARNING(simple_bus_bridge, check_simple_bus_bridge, NULL,
++	&addr_size_cells, &compatible_is_string_list);
+ 
+ static void check_simple_bus_reg(struct check *c, struct dt_info *dti, struct node *node)
+ {
+diff --git a/tests/run_tests.sh b/tests/run_tests.sh
+index 7348c9c..c4354d2 100755
+--- a/tests/run_tests.sh
++++ b/tests/run_tests.sh
+@@ -652,6 +652,10 @@ dtc_tests () {
+     check_tests pci-bridge-bad1.dts pci_bridge
+     check_tests pci-bridge-bad2.dts pci_bridge
+ 
++    check_tests unit-addr-simple-bus-reg-mismatch.dts simple_bus_reg
++    check_tests unit-addr-simple-bus-compatible.dts simple_bus_reg
++
++
+     # Check warning options
+     run_sh_test dtc-checkfails.sh address_cells_is_cell interrupt_cells_is_cell -n size_cells_is_cell -- -Wno_size_cells_is_cell -I dts -O dtb bad-ncells.dts
+     run_sh_test dtc-fails.sh -n test-warn-output.test.dtb -I dts -O dtb bad-ncells.dts
+diff --git a/tests/unit-addr-simple-bus-compatible.dts b/tests/unit-addr-simple-bus-compatible.dts
+new file mode 100644
+index 0000000..c8f9341
+--- /dev/null
++++ b/tests/unit-addr-simple-bus-compatible.dts
+@@ -0,0 +1,18 @@
++/dts-v1/;
++
++/ {
++	#address-cells = <1>;
++	#size-cells = <1>;
++
++	bus@10000000 {
++		#address-cells = <1>;
++		#size-cells = <1>;
++		compatible = "foo-bus", "simple-bus";
++		ranges = <0x0 0x10000000 0x10000>;
++
++		node@100 {
++			reg = <0x1000 1>;
++		};
++	};
++
++};
+diff --git a/tests/unit-addr-simple-bus-reg-mismatch.dts b/tests/unit-addr-simple-bus-reg-mismatch.dts
+new file mode 100644
+index 0000000..2823377
+--- /dev/null
++++ b/tests/unit-addr-simple-bus-reg-mismatch.dts
+@@ -0,0 +1,18 @@
++/dts-v1/;
++
++/ {
++	#address-cells = <1>;
++	#size-cells = <1>;
++
++	bus@10000000 {
++		#address-cells = <1>;
++		#size-cells = <1>;
++		compatible = "simple-bus";
++		ranges = <0x0 0x10000000 0x10000>;
++
++		node@100 {
++			reg = <0x1000 1>;
++		};
++	};
++
++};
+-- 
+2.19.1
+

package/easydbus/0001-easydbus-is-a-C-project-file.patch

@@ -0,0 +1,33 @@
+From a4bd47f593fbe55bd3ab17532e64be74aff5b29d Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Sat, 17 Nov 2018 11:38:05 +0100
+Subject: [PATCH] easydbus is a C project file
+
+Specify that easydbus is a C project file otherwise build will fail if
+no C++ compiler is found by cmake
+
+Fixes:
+ - http://autobuild.buildroot.org/results/486c3cd98124e7415dee2fd1463bd5e0fcc9ba91
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Upstream status: https://github.com/mniestroj/easydbus/pull/2]
+---
+ CMakeLists.txt | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 58ccb2d..575eb24 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -5,7 +5,7 @@
+ #
+ 
+ cmake_minimum_required(VERSION 2.6)
+-project(easydbus)
++project(easydbus C)
+ 
+ add_definitions("-Wall -Wextra -Wno-unused-parameter")
+ set(CMAKE_C_FLAGS_RELEASE "-O2")
+-- 
+2.17.1
+

package/elfutils/elfutils.hash

@@ -1,5 +1,5 @@
-# From https://sourceware.org/elfutils/ftp/0.171/sha512.sum
-sha512 777be2d63ca9b11440bf358a33428d9ca974e2612a880934156c9f7194af596ed627c1ed2d48dbd47a3761c94913b8f39565f9dcb6b62c92bf229f04c96d5ee3  elfutils-0.171.tar.bz2
+# From https://sourceware.org/elfutils/ftp/0.174/sha512.sum
+sha512 696708309c2a9a076099748809ecdc0490f4a8a842b2efc1aae0d746e7c5a8b203743f5626739eff837216b0c052696516b2821f5d3cc3f2eef86597c96d42df  elfutils-0.174.tar.bz2
 # Locally calculated
 sha256 8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903  COPYING
 sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING-GPLV2

package/elfutils/elfutils.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-ELFUTILS_VERSION = 0.171
+ELFUTILS_VERSION = 0.174
 ELFUTILS_SOURCE = elfutils-$(ELFUTILS_VERSION).tar.bz2
 ELFUTILS_SITE = https://sourceware.org/elfutils/ftp/$(ELFUTILS_VERSION)
 ELFUTILS_INSTALL_STAGING = YES

package/flare-engine/flare-engine.mk

@@ -14,4 +14,9 @@ FLARE_ENGINE_DEPENDENCIES += sdl2 sdl2_image sdl2_mixer sdl2_ttf
 # Don't use /usr/games and /usr/share/games
 FLARE_ENGINE_CONF_OPTS += -DBINDIR=bin -DDATADIR=share/flare
 
+# Don't use the default Debug type as it adds -pg (gprof)
+ifeq ($(BR2_ENABLE_DEBUG),y)
+FLARE_ENGINE_CONF_OPTS += -DCMAKE_BUILD_TYPE=RelWithDebInfo
+endif
+
 $(eval $(cmake-package))

package/flatcc/0001-CMakeLists.txt-conditionally-require-C-based-on-FLAT.patch

@@ -0,0 +1,56 @@
+From 878d51187bbc1ad490b4cd15e3741bc0bd11b6b2 Mon Sep 17 00:00:00 2001
+From: Joel Carlson <JoelsonCarl@gmail.com>
+Date: Thu, 6 Sep 2018 14:53:20 -0600
+Subject: [PATCH] CMakeLists.txt: conditionally require C++ based on
+ FLATCC_TEST (#94)
+
+C++ is only used when building the tests, so only include it as a
+language via project() when FLATCC_TEST is enabled. This allows
+toolchains that don't have C++ to build flatcc.
+
+Signed-off-by: Joel Carlson <JoelsonCarl@gmail.com>
+---
+Upstream commit 878d51187bbc1ad490b4cd15e3741bc0bd11b6b2
+---
+ CMakeLists.txt | 18 ++++++++++++------
+ 1 file changed, 12 insertions(+), 6 deletions(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index b39a3d1..5df5161 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -4,7 +4,18 @@
+ #cmake_minimum_required (VERSION 2.8.11)
+ cmake_minimum_required (VERSION 2.8)
+ 
+-project (FlatCC C CXX)
++# Disable build of tests and samples. Due to custom build step
++# dependency on flatcc tool, some custom build configurations may
++# experience issues, and this option can then help.
++option(FLATCC_TEST "enable tests" ON)
++
++# Conditionally set project languages based on FLATCC_TEST, as C++ is
++# only necessary if building the tests.
++if (FLATCC_TEST)
++    project (FlatCC C CXX)
++else()
++    project (FlatCC C)
++endif()
+ 
+ #
+ # NOTE: when changing build options, clean the build using on of:
+@@ -35,11 +46,6 @@ option(FLATCC_RTONLY "enable build of runtime library only" OFF)
+ # cmake -DBUILD_SHARED_LIBS=on can override.
+ option(FLATCC_INSTALL "enable build of runtime library only" OFF)
+ 
+-# Disable build of tests and samples. Due to custom build step
+-# dependency on flatcc tool, some custom build configurations may
+-# experience issues, and this option can then help.
+-option(FLATCC_TEST "enable tests" ON)
+-
+ # Use with debug build with testing enabled only. Enables generation
+ # of coverage information during build and run. Adds target "coverage"
+ # which collects data and makes HTML report in build directory
+-- 
+2.7.4
+

package/flatcc/0001-Remove-strncpy-gcc-8-warning-add-flatbuffers_type_ha.patch

@@ -1,138 +0,0 @@
-From c0df0b6fca4fa6bca114bba4df74f1b4e53124c0 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Mikkel=20Fahn=C3=B8e=20J=C3=B8rgensen?= <mikkel@dvide.com>
-Date: Sat, 9 Jun 2018 11:10:24 +0200
-Subject: [PATCH] Remove strncpy gcc-8 warning, add
- flatbuffers_type_hash_from_string
-
-[baruch: drop CHANGELOG hunk]
-Signed-off-by: Baruch Siach <baruch@tkos.co.il>
----
-Upstream status: commit c0df0b6fca4
-
- include/flatcc/flatcc_identifier.h            | 21 +++++++++++++++++++
- .../reflection/flatbuffers_common_reader.h    |  4 +---
- src/compiler/codegen_c_reader.c               |  4 +---
- src/runtime/json_printer.c                    |  7 +++++--
- src/runtime/verifier.c                        |  5 ++---
- 6 files changed, 32 insertions(+), 11 deletions(-)
-
-diff --git a/include/flatcc/flatcc_identifier.h b/include/flatcc/flatcc_identifier.h
-index cd918cb42b48..31af3074f4db 100644
---- a/include/flatcc/flatcc_identifier.h
-+++ b/include/flatcc/flatcc_identifier.h
-@@ -77,6 +77,27 @@ static inline flatbuffers_thash_t flatbuffers_type_hash_from_identifier(const fl
-         (uint32_t)p[0] + (((uint32_t)p[1]) << 8) + (((uint32_t)p[2]) << 16) + (((uint32_t)p[3]) << 24) : 0;
- }
- 
-+/*
-+ * Convert a null terminated string identifier like "MONS" or "X" into a
-+ * native type hash identifier, usually for comparison. This will not
-+ * work with type hash strings because they can contain null bytes.
-+ */
-+static inline flatbuffers_thash_t flatbuffers_type_hash_from_string(const char *identifier)
-+{
-+    flatbuffers_thash_t h = 0;
-+    const uint8_t *p = (const uint8_t *)identifier;
-+
-+    if (!p[0]) return h;
-+    h += p[0];
-+    if (!p[1]) return h;
-+    h += p[1] << 8;
-+    if (!p[2]) return h;
-+    h += p[2] << 16;
-+    /* No need to test for termination here. */
-+    h += p[3] << 24;
-+    return h;
-+}
-+
- /*
-  * Computes the little endian wire format of the type hash. It can be
-  * used as a file identifer argument to various flatcc buffer calls.
-diff --git a/include/flatcc/reflection/flatbuffers_common_reader.h b/include/flatcc/reflection/flatbuffers_common_reader.h
-index dee44ad653f1..9604052685f6 100644
---- a/include/flatcc/reflection/flatbuffers_common_reader.h
-+++ b/include/flatcc/reflection/flatbuffers_common_reader.h
-@@ -464,9 +464,7 @@ static inline T N ## _ ## NK (N ## _struct_t t__tmp) { return t__tmp ? &(t__tmp-
- /* If fid is null, the function returns true without testing as buffer is not expected to have any id. */
- static inline int flatbuffers_has_identifier(const void *buffer, const char *fid)
- { flatbuffers_thash_t id, id2 = 0; if (fid == 0) { return 1; };
--  strncpy((char *)&id2, fid, sizeof(id2));
--  /* Identifier strings are always considered little endian. */
--  id2 = __flatbuffers_thash_cast_from_le(id2);
-+  id2 = flatbuffers_type_hash_from_string(fid);
-   id = __flatbuffers_thash_read_from_pe(((flatbuffers_uoffset_t *)buffer) + 1);
-   return id2 == 0 || id == id2; }
- static inline int flatbuffers_has_type_hash(const void *buffer, flatbuffers_thash_t thash)
-diff --git a/src/compiler/codegen_c_reader.c b/src/compiler/codegen_c_reader.c
-index e3df74754344..559731050a15 100644
---- a/src/compiler/codegen_c_reader.c
-+++ b/src/compiler/codegen_c_reader.c
-@@ -748,9 +748,7 @@ static void gen_helpers(fb_output_t *out)
-             "/* If fid is null, the function returns true without testing as buffer is not expected to have any id. */\n"
-             "static inline int %shas_identifier(const void *buffer, const char *fid)\n"
-             "{ %sthash_t id, id2 = 0; if (fid == 0) { return 1; };\n"
--            "  strncpy((char *)&id2, fid, sizeof(id2));\n"
--            "  /* Identifier strings are always considered little endian. */\n"
--            "  id2 = __%sthash_cast_from_le(id2);\n"
-+            "  id2 = %stype_hash_from_string(fid);\n"
-             "  id = __%sthash_read_from_pe(((%suoffset_t *)buffer) + 1);\n"
-             "  return id2 == 0 || id == id2; }\n"
-             "static inline int %shas_type_hash(const void *buffer, %sthash_t thash)\n"
-diff --git a/src/runtime/json_printer.c b/src/runtime/json_printer.c
-index 8fe248331f43..bc86d21f8f9d 100644
---- a/src/runtime/json_printer.c
-+++ b/src/runtime/json_printer.c
-@@ -20,6 +20,7 @@
- 
- #include "flatcc/flatcc_flatbuffers.h"
- #include "flatcc/flatcc_json_printer.h"
-+#include "flatcc/flatcc_identifier.h"
- 
- #include "flatcc/portable/pprintint.h"
- #include "flatcc/portable/pprintfp.h"
-@@ -1008,6 +1009,9 @@ void flatcc_json_printer_struct_field(flatcc_json_printer_t *ctx,
- /*
-  * Make sure the buffer identifier is valid before assuming the rest of
-  * the buffer is sane.
-+ * NOTE: this won't work with type hashes because these can contain
-+ * nulls in the fid string. In this case use null as fid to disable
-+ * check.
-  */
- static int accept_header(flatcc_json_printer_t * ctx,
-         const void *buf, size_t bufsiz, const char *fid)
-@@ -1020,8 +1024,7 @@ static int accept_header(flatcc_json_printer_t * ctx,
-         return 0;
-     }
-     if (fid != 0) {
--        strncpy((char *)&id2, fid, FLATBUFFERS_IDENTIFIER_SIZE);
--        id2 = __flatbuffers_thash_cast_from_le(id2);
-+        id2 = flatbuffers_type_hash_from_string(fid);
-         id = __flatbuffers_thash_read_from_pe((uint8_t *)buf + offset_size);
-         if (!(id2 == 0 || id == id2)) {
-             RAISE_ERROR(bad_input);
-diff --git a/src/runtime/verifier.c b/src/runtime/verifier.c
-index 68dbc1b6fb0b..3b7c68cca4d7 100644
---- a/src/runtime/verifier.c
-+++ b/src/runtime/verifier.c
-@@ -10,6 +10,7 @@
- #include "flatcc/flatcc_rtconfig.h"
- #include "flatcc/flatcc_flatbuffers.h"
- #include "flatcc/flatcc_verifier.h"
-+#include "flatcc/flatcc_identifier.h"
- 
- /* Customization for testing. */
- #if FLATCC_DEBUG_VERIFY
-@@ -110,9 +111,7 @@ static inline uoffset_t read_uoffset(const void *p, uoffset_t base)
- 
- static inline thash_t read_thash_identifier(const char *identifier)
- {
--    flatbuffers_thash_t id = 0;
--    strncpy((char *)&id, identifier, sizeof(id));
--    return __flatbuffers_thash_cast_from_le(id);
-+    return flatbuffers_type_hash_from_string(identifier);
- }
- 
- static inline thash_t read_thash(const void *p, uoffset_t base)
--- 
-2.17.1
-

package/flatcc/flatcc.hash

@@ -1,2 +1,3 @@
 # Locally calculated
-sha256	8c4560ca32e3c555716d9363bed469e2c60e0f443ec32bc08e7abfe681e25ca9  flatcc-v0.5.1.tar.gz
+sha256	02dac93d3daf8d0a290aa8711a9b8a53f047436ec5331adb1972389061ec6615  flatcc-v0.5.2.tar.gz
+sha256	c8f0d9c1f92c658d87ebd854ee7447a3d3912d2c3a5c78c117787be5d5da8af3  LICENSE

package/flatcc/flatcc.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-FLATCC_VERSION = v0.5.1
+FLATCC_VERSION = v0.5.2
 FLATCC_SITE = $(call github,dvidelabs,flatcc,$(FLATCC_VERSION))
 FLATCC_LICENSE = Apache-2.0
 FLATCC_LICENSE_FILES = LICENSE
@@ -19,8 +19,9 @@ HOST_FLATCC_CONF_OPTS += -DFLATCC_TEST=OFF
 FLATCC_CONF_OPTS += -DFLATCC_INSTALL=ON
 HOST_FLATCC_CONF_OPTS += -DFLATCC_INSTALL=ON
 
+# compiler is named flatcc or flatcc_d depending on BR2_ENABLE_DEBUG value
 define FLATCC_TARGET_REMOVE_FLATCC_COMPILER
-	rm $(TARGET_DIR)/usr/bin/flatcc
+	rm $(TARGET_DIR)/usr/bin/flatcc*
 endef
 
 FLATCC_POST_INSTALL_TARGET_HOOKS += FLATCC_TARGET_REMOVE_FLATCC_COMPILER

package/freetype/freetype.hash

@@ -1,9 +1,9 @@
-# From https://sourceforge.net/projects/freetype/files/freetype2/2.9/
-md5	513c403c110016fdc7e537216a642b1d		freetype-2.9.tar.bz2
-sha1	94c4399b1a55c5892812e732843fcb4a7c2fe657	freetype-2.9.tar.bz2
+# From https://sourceforge.net/projects/freetype/files/freetype2/2.9.1/
+md5 60ef7d8160cd4bf8cb118ee9d65367ca freetype-2.9.1.tar.bz2
+sha1 220c82062171c513e4017c523d196933c9de4a7d freetype-2.9.1.tar.bz2
 
 # Locally calculated
-sha256	e6ffba3c8cef93f557d1f767d7bc3dee860ac7a3aaff588a521e081bc36f4c8a	freetype-2.9.tar.bz2
+sha256	db8d87ea720ea9d5edc5388fc7a0497bb11ba9fe972245e0f7f4c7e8b1e1e84d	freetype-2.9.1.tar.bz2
 sha256	fd056de4196903a676208ef58cfddafc7d583d1f28fa2e44c309cf84a59e62fb	docs/LICENSE.TXT
 sha256	08c135755dd589039470f1fdbb400daaabaaa50d0b366d19cebff4d22986baa1	docs/FTL.TXT
 sha256	c4120c6752c910c299e3bd9cb3a46ff262c268303ca2069b61f92f10a5656c18	docs/GPLv2.TXT

package/freetype/freetype.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-FREETYPE_VERSION = 2.9
+FREETYPE_VERSION = 2.9.1
 FREETYPE_SOURCE = freetype-$(FREETYPE_VERSION).tar.bz2
 FREETYPE_SITE = http://download.savannah.gnu.org/releases/freetype
 FREETYPE_INSTALL_STAGING = YES
@@ -17,6 +17,10 @@ FREETYPE_CONFIG_SCRIPTS = freetype-config
 HOST_FREETYPE_DEPENDENCIES = host-pkgconf
 HOST_FREETYPE_CONF_OPTS = --without-zlib --without-bzip2 --without-png
 
+# since 2.9.1 needed for freetype-config install
+FREETYPE_CONF_OPTS += --enable-freetype-config
+HOST_FREETYPE_CONF_OPTS += --enable-freetype-config
+
 ifeq ($(BR2_PACKAGE_ZLIB),y)
 FREETYPE_DEPENDENCIES += zlib
 FREETYPE_CONF_OPTS += --with-zlib

package/gauche/0004-rfc-needs-srfi.patch

@@ -0,0 +1,35 @@
+From 33ba5e73ec09f1308f897128334e955debd9ea43 Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Wed, 21 Nov 2018 08:58:25 +0100
+Subject: [PATCH] rfc: needs srfi
+
+ext/rfc needs srfi-19 since version 0.9.5 and
+https://github.com/shirok/Gauche/commit/bd22bc82361c5eeb5d3b58c3836236566746bb96
+
+So add a dependency on srfi for rfc target in Makefile.in
+
+Fixes:
+ - http://autobuild.buildroot.org/results/f4935e29ce6aaebdaa47d46c56120b7e97145d1b
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Upstream status: https://github.com/shirok/Gauche/pull/397]
+---
+ ext/Makefile.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ext/Makefile.in b/ext/Makefile.in
+index 57ddf457e..de8d59a4d 100644
+--- a/ext/Makefile.in
++++ b/ext/Makefile.in
+@@ -54,7 +54,7 @@ bcrypt: mt-random
+ 
+ dbm : threads
+ 
+-rfc: gauche util
++rfc: gauche srfi util
+ 
+ test : check
+ 
+-- 
+2.14.1
+

package/gcc/6.4.0/0004-gcc-xtensa-don-t-force-PIC-for-uclinux-target.patch

@@ -0,0 +1,41 @@
+From 960a2552f7b418134cdf7a31e96023a3811b98dd Mon Sep 17 00:00:00 2001
+From: Max Filippov <jcmvbkbc@gmail.com>
+Date: Sun, 4 Nov 2018 23:55:59 -0800
+Subject: [PATCH] gcc: xtensa: don't force PIC for uclinux target
+
+xtensa-uclinux uses bFLT executable file format that cannot relocate
+fields representing offsets from data to code. C++ objects built as PIC
+use offsets to encode FDE structures. As a result C++ exception handling
+doesn't work correctly on xtensa-uclinux. Don't use PIC by default on
+xtensa-uclinux.
+
+gcc/
+2018-11-05  Max Filippov  <jcmvbkbc@gmail.com>
+
+	* config/xtensa/uclinux.h (XTENSA_ALWAYS_PIC): Change to 0.
+
+Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
+---
+Backported from: r265823
+
+ gcc/config/xtensa/uclinux.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/gcc/config/xtensa/uclinux.h b/gcc/config/xtensa/uclinux.h
+index ba26187c8f7a..c7743df9d97c 100644
+--- a/gcc/config/xtensa/uclinux.h
++++ b/gcc/config/xtensa/uclinux.h
+@@ -59,8 +59,8 @@ along with GCC; see the file COPYING3.  If not see
+ #undef LOCAL_LABEL_PREFIX
+ #define LOCAL_LABEL_PREFIX	"."
+ 
+-/* Always enable "-fpic" for Xtensa Linux.  */
+-#define XTENSA_ALWAYS_PIC 1
++/* Don't enable "-fpic" for Xtensa uclinux.  */
++#define XTENSA_ALWAYS_PIC 0
+ 
+ #undef TARGET_LIBC_HAS_FUNCTION
+ #define TARGET_LIBC_HAS_FUNCTION no_c99_libc_has_function
+-- 
+2.11.0
+

package/gcc/7.3.0/0005-gcc-xtensa-don-t-force-PIC-for-uclinux-target.patch

@@ -0,0 +1,41 @@
+From 960a2552f7b418134cdf7a31e96023a3811b98dd Mon Sep 17 00:00:00 2001
+From: Max Filippov <jcmvbkbc@gmail.com>
+Date: Sun, 4 Nov 2018 23:55:59 -0800
+Subject: [PATCH] gcc: xtensa: don't force PIC for uclinux target
+
+xtensa-uclinux uses bFLT executable file format that cannot relocate
+fields representing offsets from data to code. C++ objects built as PIC
+use offsets to encode FDE structures. As a result C++ exception handling
+doesn't work correctly on xtensa-uclinux. Don't use PIC by default on
+xtensa-uclinux.
+
+gcc/
+2018-11-05  Max Filippov  <jcmvbkbc@gmail.com>
+
+	* config/xtensa/uclinux.h (XTENSA_ALWAYS_PIC): Change to 0.
+
+Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
+---
+Backported from: r265823
+
+ gcc/config/xtensa/uclinux.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/gcc/config/xtensa/uclinux.h b/gcc/config/xtensa/uclinux.h
+index ba26187c8f7a..c7743df9d97c 100644
+--- a/gcc/config/xtensa/uclinux.h
++++ b/gcc/config/xtensa/uclinux.h
+@@ -59,8 +59,8 @@ along with GCC; see the file COPYING3.  If not see
+ #undef LOCAL_LABEL_PREFIX
+ #define LOCAL_LABEL_PREFIX	"."
+ 
+-/* Always enable "-fpic" for Xtensa Linux.  */
+-#define XTENSA_ALWAYS_PIC 1
++/* Don't enable "-fpic" for Xtensa uclinux.  */
++#define XTENSA_ALWAYS_PIC 0
+ 
+ #undef TARGET_LIBC_HAS_FUNCTION
+ #define TARGET_LIBC_HAS_FUNCTION no_c99_libc_has_function
+-- 
+2.11.0
+

package/gcc/8.2.0/0005-gcc-xtensa-don-t-force-PIC-for-uclinux-target.patch

@@ -0,0 +1,41 @@
+From 960a2552f7b418134cdf7a31e96023a3811b98dd Mon Sep 17 00:00:00 2001
+From: Max Filippov <jcmvbkbc@gmail.com>
+Date: Sun, 4 Nov 2018 23:55:59 -0800
+Subject: [PATCH] gcc: xtensa: don't force PIC for uclinux target
+
+xtensa-uclinux uses bFLT executable file format that cannot relocate
+fields representing offsets from data to code. C++ objects built as PIC
+use offsets to encode FDE structures. As a result C++ exception handling
+doesn't work correctly on xtensa-uclinux. Don't use PIC by default on
+xtensa-uclinux.
+
+gcc/
+2018-11-05  Max Filippov  <jcmvbkbc@gmail.com>
+
+	* config/xtensa/uclinux.h (XTENSA_ALWAYS_PIC): Change to 0.
+
+Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
+---
+Backported from: r265823
+
+ gcc/config/xtensa/uclinux.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/gcc/config/xtensa/uclinux.h b/gcc/config/xtensa/uclinux.h
+index ba26187c8f7a..c7743df9d97c 100644
+--- a/gcc/config/xtensa/uclinux.h
++++ b/gcc/config/xtensa/uclinux.h
+@@ -59,8 +59,8 @@ along with GCC; see the file COPYING3.  If not see
+ #undef LOCAL_LABEL_PREFIX
+ #define LOCAL_LABEL_PREFIX	"."
+ 
+-/* Always enable "-fpic" for Xtensa Linux.  */
+-#define XTENSA_ALWAYS_PIC 1
++/* Don't enable "-fpic" for Xtensa uclinux.  */
++#define XTENSA_ALWAYS_PIC 0
+ 
+ #undef TARGET_LIBC_HAS_FUNCTION
+ #define TARGET_LIBC_HAS_FUNCTION no_c99_libc_has_function
+-- 
+2.11.0
+

package/ghostscript/ghostscript.hash

@@ -1,5 +1,5 @@
-# From https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs925/SHA512SUMS
-sha512 7a1c0b7546ed523f50c1452d4a1c13fcf043d6060fc9708bbc4b543f66ecb1b619b6e71998094ac702ef44a2fd159b6523271de19b1cae352981ef51fb637651  ghostscript-9.25.tar.xz
+# From https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs926/SHA512SUMS
+sha512 3ddb83029edf32282357bf606f4045a9ac73df6543cd423cfad09158ec12ada083a0dbb5aac3b73ae24cbc6c1e9d7574257a5c1fae63ba8776fbb00150ef2a3e  ghostscript-9.26.tar.xz
 
 # Hash for license file:
 sha256 6f852249f975287b3efd43a5883875e47fa9f3125e2f1b18b5c09517ac30ecf2  LICENSE

package/ghostscript/ghostscript.mk

@@ -4,8 +4,8 @@
 #
 ################################################################################
 
-GHOSTSCRIPT_VERSION = 9.25
-GHOSTSCRIPT_SITE = https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs925
+GHOSTSCRIPT_VERSION = 9.26
+GHOSTSCRIPT_SITE = https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs926
 GHOSTSCRIPT_SOURCE = ghostscript-$(GHOSTSCRIPT_VERSION).tar.xz
 GHOSTSCRIPT_LICENSE = AGPL-3.0
 GHOSTSCRIPT_LICENSE_FILES = LICENSE

package/giflib/giflib.mk

@@ -18,6 +18,8 @@ GIFLIB_BINS = \
 	gifrsize gifspnge giftext giftool gifwedge icon2gif raw2gif rgb2gif \
 	text2gif
 
+GIFLIB_CONF_ENV = ac_cv_prog_have_xmlto=no
+
 define GIFLIB_BINS_CLEANUP
 	rm -f $(addprefix $(TARGET_DIR)/usr/bin/,$(GIFLIB_BINS))
 endef

package/glibc/Config.in

@@ -4,6 +4,7 @@ config BR2_PACKAGE_GLIBC
 	bool
 	default y
 	select BR2_PACKAGE_LINUX_HEADERS
-	select BR2_TOOLCHAIN_HAS_SSP
-
+	select BR2_TOOLCHAIN_HAS_SSP if BR2_PACKAGE_HOST_BINUTILS_SUPPORTS_CFI
+	help
+	  https://www.gnu.org/software/libc/
 endif

package/gnutls/gnutls.mk

@@ -95,4 +95,11 @@ else
 GNUTLS_CONF_OPTS += --without-zlib
 endif
 
+# Provide a default CA cert location
+ifeq ($(BR2_PACKAGE_P11_KIT),y)
+GNUTLS_CONF_OPTS += --with-default-trust-store-pkcs11=pkcs11:model=p11-kit-trust
+else ifeq ($(BR2_PACKAGE_CA_CERTIFICATES),y)
+GNUTLS_CONF_OPTS += --with-default-trust-store-file=/etc/ssl/certs/ca-certificates.crt
+endif
+
 $(eval $(autotools-package))

package/go/Config.in.host

@@ -1,6 +1,7 @@
 config BR2_PACKAGE_HOST_GO_ARCH_SUPPORTS
 	bool
 	default y
+	depends on !BR2_TOOLCHAIN_HAS_BINUTILS_BUG_20006
 	depends on BR2_PACKAGE_HOST_GO_BOOTSTRAP_ARCH_SUPPORTS
 	depends on (BR2_arm && BR2_TOOLCHAIN_SUPPORTS_PIE) || BR2_aarch64 \
 		|| BR2_i386 || BR2_x86_64 || BR2_powerpc64le \

package/gpsd/gpsd.mk

@@ -19,6 +19,7 @@ GPSD_SCONS_ENV = $(TARGET_CONFIGURE_OPTS)
 
 GPSD_SCONS_OPTS = \
 	arch=$(ARCH)\
+	manbuild=no \
 	prefix=/usr\
 	sysroot=$(STAGING_DIR)\
 	strip=no\

package/lcdproc/lcdproc.mk

@@ -18,7 +18,9 @@ endif
 
 LCDPROC_DEPENDENCIES = freetype ncurses zlib
 
-LCDPROC_CONF_ENV += ac_cv_path_FT2_CONFIG=$(STAGING_DIR)/usr/bin/freetype-config
+LCDPROC_CONF_ENV += \
+	ac_cv_mtab_file=/etc/mtab \
+	ac_cv_path_FT2_CONFIG=$(STAGING_DIR)/usr/bin/freetype-config
 
 ifeq ($(BR2_PACKAGE_LIBPNG),y)
 LCDPROC_DEPENDENCIES += libpng

package/libcurl/libcurl.hash

@@ -1,5 +1,5 @@
 # Locally calculated after checking pgp signature
-# https://curl.haxx.se/download/curl-7.61.1.tar.xz.asc
+# https://curl.haxx.se/download/curl-7.62.0.tar.xz.asc
 # with key 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2
-sha256 3d5913d6a39bd22e68e34dff697fd6e4c3c81563f580c76fca2009315cd81891  curl-7.61.1.tar.xz
+sha256 dab5643a5fe775ae92570b9f3df6b0ef4bc2a827a959361fb130c73b721275c1  curl-7.62.0.tar.xz
 sha256 5f3849ec38ddb927e79f514bf948890c41b8d1407286a49609b8fb1585931095  COPYING

package/libcurl/libcurl.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBCURL_VERSION = 7.61.1
+LIBCURL_VERSION = 7.62.0
 LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz
 LIBCURL_SITE = https://curl.haxx.se/download
 LIBCURL_DEPENDENCIES = host-pkgconf \
@@ -45,7 +45,8 @@ LIBCURL_CONF_ENV += LD_LIBRARY_PATH=$(if $(LD_LIBRARY_PATH),$(LD_LIBRARY_PATH):)
 LIBCURL_CONF_OPTS += --with-ssl=$(STAGING_DIR)/usr \
 	--with-ca-path=/etc/ssl/certs
 else ifeq ($(BR2_PACKAGE_GNUTLS),y)
-LIBCURL_CONF_OPTS += --with-gnutls=$(STAGING_DIR)/usr
+LIBCURL_CONF_OPTS += --with-gnutls=$(STAGING_DIR)/usr \
+	--with-ca-fallback
 LIBCURL_DEPENDENCIES += gnutls
 else ifeq ($(BR2_PACKAGE_LIBNSS),y)
 LIBCURL_CONF_OPTS += --with-nss=$(STAGING_DIR)/usr

package/libgpgme/libgpgme.mk

@@ -12,6 +12,7 @@ LIBGPGME_LICENSE_FILES = COPYING.LESSER
 LIBGPGME_INSTALL_STAGING = YES
 LIBGPGME_DEPENDENCIES = libassuan libgpg-error
 LIBGPGME_LANGUAGE_BINDINGS = cl
+LIBGPGME_CONFIG_SCRIPTS = gpgme-config
 
 LIBGPGME_CONF_OPTS = \
 	--with-gpg-error-prefix=$(STAGING_DIR)/usr \

package/libid3tag/0001-configure-automake-foreign.patch

@@ -0,0 +1,16 @@
+configure: don't require GNU-specific files when running automake
+
+Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
+
+diff -durN libid3tag-0.15.1b.orig/configure.ac libid3tag-0.15.1b/configure.ac
+--- libid3tag-0.15.1b.orig/configure.ac	2004-01-24 00:22:46.000000000 +0100
++++ libid3tag-0.15.1b/configure.ac	2018-11-25 15:31:04.184342212 +0100
+@@ -26,7 +26,7 @@
+ 
+ AC_CONFIG_SRCDIR([id3tag.h])
+ 
+-AM_INIT_AUTOMAKE
++AM_INIT_AUTOMAKE([foreign])
+ 
+ AM_CONFIG_HEADER([config.h])
+ 

package/libid3tag/libid3tag.mk

@@ -10,6 +10,9 @@ LIBID3TAG_LICENSE = GPL-2.0+
 LIBID3TAG_LICENSE_FILES = COPYING COPYRIGHT
 LIBID3TAG_INSTALL_STAGING = YES
 LIBID3TAG_DEPENDENCIES = zlib
-LIBID3TAG_LIBTOOL_PATCH = NO
+
+# Force autoreconf to be able to use a more recent libtool script, that
+# is able to properly behave in the face of a missing C++ compiler.
+LIBID3TAG_AUTORECONF = YES
 
 $(eval $(autotools-package))

package/libiscsi/0002-avoid-truncation-when-logging-message-that-includes-target-name.patch

@@ -0,0 +1,29 @@
+From bffafc1c3003c2ee05d28eaa345e5854bc36014d Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Mon, 1 Oct 2018 14:16:14 +0200
+Subject: [PATCH] avoid truncation when logging message that includes target
+ name
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Retrieved from:
+https://github.com/sahlberg/libiscsi/commit/bffafc1c3003c2ee05d28eaa345e5854bc36014d]
+---
+ lib/logging.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/logging.c b/lib/logging.c
+index be518fc5..61c74407 100644
+--- a/lib/logging.c
++++ b/lib/logging.c
+@@ -73,9 +73,9 @@ iscsi_log_message(struct iscsi_context *iscsi, int level, const char *format, ..
+ 	}
+ 
+ 	if (iscsi->target_name[0]) {
+-		static char message2[1024];
++		static char message2[1282];
+ 
+-		snprintf(message2, 1024, "%s [%s]", message, iscsi->target_name);
++		snprintf(message2, 1282, "%s [%s]", message, iscsi->target_name);
+ 		iscsi->log_fn(level, message2);
+ 	}
+ 	else

package/libiscsi/0003-avoid-fallthrough.patch

@@ -0,0 +1,24 @@
+From 679d0abe7c142df178a907397551c4d9695cc667 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Mon, 1 Oct 2018 14:14:24 +0200
+Subject: [PATCH] avoid fallthrough
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Retrieved from:
+https://github.com/sahlberg/libiscsi/commit/679d0abe7c142df178a907397551c4d9695cc667]
+---
+ lib/scsi-lowlevel.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/lib/scsi-lowlevel.c b/lib/scsi-lowlevel.c
+index 5ddd709c..747ce0c4 100644
+--- a/lib/scsi-lowlevel.c
++++ b/lib/scsi-lowlevel.c
+@@ -1086,6 +1086,7 @@ scsi_maintenancein_datain_getfullsize(struct scsi_task *task)
+ 				(task_get_uint8(task, 1) & 0x80) ? 12 : 0 +
+ 				task_get_uint16(task, 2);
+ 		}
++		return -1;
+ 	default:
+ 		return -1;
+ 	}

package/libiscsi/libiscsi.mk

@@ -11,6 +11,8 @@ LIBISCSI_LICENSE_FILES = COPYING LICENCE-GPL-2.txt LICENCE-LGPL-2.1.txt
 LIBISCSI_INSTALL_STAGING = YES
 LIBISCSI_AUTORECONF = YES
 
+LIBISCSI_CONF_OPTS = --disable-werror --disable-manpages
+
 # We need to create the m4 directory to make autoreconf work properly.
 define LIBISCSI_CREATE_M4_DIR
 	mkdir -p $(@D)/m4

package/libkcapi/libkcapi.mk

@@ -11,6 +11,10 @@ LIBKCAPI_AUTORECONF = YES
 LIBKCAPI_INSTALL_STAGING = YES
 LIBKCAPI_LICENSE = BSD-3-Clause (library), BSD-3-Clause or GPL-2.0 (programs)
 LIBKCAPI_LICENSE_FILES = COPYING COPYING.gplv2 COPYING.bsd
+LIBKCAPI_CONF_ENV = \
+	ac_cv_path_DB2PDF="" \
+	ac_cv_path_DB2PS="" \
+	ac_cv_path_XMLTO=""
 
 ifeq ($(BR2_PACKAGE_LIBKCAPI_HASHER),y)
 LIBKCAPI_CONF_OPTS += --enable-kcapi-hasher

package/libmpd/0001-Fix-build-on-archlinux-missing-include.patch

@@ -0,0 +1,24 @@
+From 4f946c01000fd97100e4a534b47f9c7ace0403df Mon Sep 17 00:00:00 2001
+From: QC <qball@gmpclient.org>
+Date: Thu, 9 Oct 2014 19:51:50 +0200
+Subject: [PATCH] Fix build on archlinux (missing include)
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Retrieved from:
+https://github.com/DaveDavenport/libmpd/commit/4f946c01000fd97100e4a534b47f9c7ace0403df]
+---
+ src/libmpd-internal.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/libmpd-internal.h b/src/libmpd-internal.h
+index c84c3a4..30cdc85 100644
+--- a/src/libmpd-internal.h
++++ b/src/libmpd-internal.h
+@@ -21,6 +21,7 @@
+ #define __MPD_INTERNAL_LIB_
+ 
+ #include "libmpdclient.h"
++#include <config.h>
+ struct _MpdData_real;
+ 
+ typedef struct _MpdData_real {

package/libnfs/0001-Fix-include-sys-time.h.patch

@@ -0,0 +1,41 @@
+From 9df082012cba1dc32d83e5e8b0bdc0892f250058 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?J=C3=B6rg=20Krause?= <joerg.krause@embedded.rocks>
+Date: Mon, 5 Nov 2018 00:43:07 +0100
+Subject: [PATCH] Fix include sys/time.h
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+POSIX says `struct timeval` is defined if <sys/time.h> is included.
+
+Instead of the mess that is currently done based on the system on which
+the stuff is being compiled, include it unconditionally.
+
+Reported upstream:
+https://github.com/sahlberg/libnfs/issues/272
+
+Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
+---
+ include/nfsc/libnfs.h | 5 -----
+ 1 file changed, 5 deletions(-)
+
+diff --git a/include/nfsc/libnfs.h b/include/nfsc/libnfs.h
+index 09dcf1c..b6db58c 100755
+--- a/include/nfsc/libnfs.h
++++ b/include/nfsc/libnfs.h
+@@ -24,12 +24,7 @@
+ #define _LIBNFS_H_
+ 
+ #include <stdint.h>
+-#if defined(__ANDROID__) || defined(AROS) \
+- || ( defined(__APPLE__) && defined(__MACH__) )
+ #include <sys/time.h>
+-#else
+-#include <time.h>
+-#endif
+ 
+ #ifdef __cplusplus
+ extern "C" {
+-- 
+2.19.1
+

package/libnspr/0001-nios2.patch

@@ -2,14 +2,16 @@ Add Nios-II support
 
 [Gustavo: update for nspr 4.10.9]
 Signed-off-by: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
+[Fabrice: update for nspr 4.20]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 
 Index: b/nspr/pr/include/md/_linux.cfg
 ===================================================================
 --- a/nspr/pr/include/md/_linux.cfg
 +++ b/nspr/pr/include/md/_linux.cfg
-@@ -1017,6 +1017,51 @@
- #define PR_BYTES_PER_WORD_LOG2   2
- #define PR_BYTES_PER_DWORD_LOG2  3
+@@ -1112,6 +1112,51 @@
+ #define PR_BYTES_PER_WORD_LOG2  3
+ #define PR_BYTES_PER_DWORD_LOG2 3
  
 +#elif defined(__nios2__)
 +
@@ -64,9 +66,9 @@ Index: b/nspr/pr/include/md/_linux.h
 --- a/nspr/pr/include/md/_linux.h
 +++ b/nspr/pr/include/md/_linux.h
 @@ -57,6 +57,8 @@
- #define _PR_SI_ARCHITECTURE "m32r"
- #elif defined(__or1k__)
- #define _PR_SI_ARCHITECTURE "or1k"
+ #define _PR_SI_ARCHITECTURE "riscv32"
+ #elif defined(__riscv) && (__riscv_xlen == 64)
+ #define _PR_SI_ARCHITECTURE "riscv64"
 +#elif defined(__nios2__)
 +#define _PR_SI_ARCHITECTURE "nios2"
  #else

package/libnspr/0002-microblaze.patch

@@ -2,12 +2,14 @@ Add Microblaze support
 
 [Gustavo: update for nspr 4.10.9]
 Signed-off-by: Spenser Gilliland <spenser@gillilanding.com>
+[Fabrice: update for nspr 4.20]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 
 Index: b/nspr/pr/include/md/_linux.cfg
 ===================================================================
 --- a/nspr/pr/include/md/_linux.cfg
 +++ b/nspr/pr/include/md/_linux.cfg
-@@ -1062,6 +1062,56 @@
+@@ -1157,6 +1157,56 @@
  #define PR_BYTES_PER_WORD_LOG2   2
  #define PR_BYTES_PER_DWORD_LOG2  3
  
@@ -69,9 +71,9 @@ Index: b/nspr/pr/include/md/_linux.h
 --- a/nspr/pr/include/md/_linux.h
 +++ b/nspr/pr/include/md/_linux.h
 @@ -57,6 +57,8 @@
- #define _PR_SI_ARCHITECTURE "m32r"
- #elif defined(__or1k__)
- #define _PR_SI_ARCHITECTURE "or1k"
+ #define _PR_SI_ARCHITECTURE "riscv32"
+ #elif defined(__riscv) && (__riscv_xlen == 64)
+ #define _PR_SI_ARCHITECTURE "riscv64"
 +#elif defined(__microblaze__)
 +#define _PR_SI_ARCHITECTURE "microblaze"
  #elif defined(__nios2__)

package/libnspr/libnspr.hash

@@ -1,4 +1,4 @@
-# From https://ftp.mozilla.org/pub/nspr/releases/v4.19/src/SHA256SUMS
-sha256	2ed95917fa2277910d1d1cf36030607dccc0ba522bba08e2af13c113dcd8f729  nspr-4.19.tar.gz
+# From https://ftp.mozilla.org/pub/nspr/releases/v4.20/src/SHA256SUMS
+sha256	2c8964913da89ffbaf464d49ce44d79e8804e1794ef9a8c52a7bff7224d1556e  nspr-4.20.tar.gz
 # Locally calculated
 sha256	fab3dd6bdab226f1c08630b1dd917e11fcb4ec5e1e020e2c16f83a0a13863e85  nspr/LICENSE

package/libnspr/libnspr.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBNSPR_VERSION = 4.19
+LIBNSPR_VERSION = 4.20
 LIBNSPR_SOURCE = nspr-$(LIBNSPR_VERSION).tar.gz
 LIBNSPR_SITE = https://ftp.mozilla.org/pub/mozilla.org/nspr/releases/v$(LIBNSPR_VERSION)/src
 LIBNSPR_SUBDIR = nspr

package/libnss/libnss.hash

@@ -1,4 +1,4 @@
-# From https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_38_RTM/src/SHA256SUMS
-sha256	2c643d3c08d6935f4d325f40743719b6990aa25a79ec2f8f712c99d086672f62  nss-3.38.tar.gz
+# From https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_39_RTM/src/SHA256SUMS
+sha256	6be64dd76f212415cc8bc34343ac1e7389048db4db9a023a84873c411dc5864b  nss-3.39.tar.gz
 # Locally calculated
 sha256	a20c1a32d1f8102432360b42e932869f7c11c7cdbacf9cac554c422132af47f4  nss/COPYING

package/libnss/libnss.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBNSS_VERSION = 3.38
+LIBNSS_VERSION = 3.39
 LIBNSS_SOURCE = nss-$(LIBNSS_VERSION).tar.gz
 LIBNSS_SITE = https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_$(subst .,_,$(LIBNSS_VERSION))_RTM/src
 LIBNSS_DISTDIR = dist

package/libopenssl/libopenssl.hash

@@ -1,7 +1,7 @@
-# From https://www.openssl.org/source/openssl-1.0.2p.tar.gz.sha256
-sha256	50a98e07b1a89eb8f6a99477f262df71c6fa7bef77df4dc83025a2845c827d00	openssl-1.0.2p.tar.gz
-# From https://www.openssl.org/source/openssl-1.0.2p.tar.gz.sha1
-sha1	f34b5322e92415755c7d58bf5d0d5cf37666382c				openssl-1.0.2p.tar.gz
+# From https://www.openssl.org/source/openssl-1.0.2q.tar.gz.sha256
+sha256	5744cfcbcec2b1b48629f7354203bc1e5e9b5466998bbccc5b5fcde3b18eb684	openssl-1.0.2q.tar.gz
+# From https://www.openssl.org/source/openssl-1.0.2q.tar.gz.sha1
+sha1	692f5f2f1b114f8adaadaa3e7be8cce1907f38c5				openssl-1.0.2q.tar.gz
 # Locally computed
 sha256	eddd8a5123748052c598214487ac178e4bfa4e31ba2ec520c70d59c8c5bfa2e9	openssl-1.0.2a-parallel-install-dirs.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d
 sha256	147c3eeaad614c044749ea527cb433eae5e2d5cad34a78c6ba61cd967bfbe01f	openssl-1.0.2a-parallel-obj-headers.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d

package/libopenssl/libopenssl.mk

@@ -4,8 +4,8 @@
 #
 ################################################################################
 
-LIBOPENSSL_VERSION = 1.0.2p
-LIBOPENSSL_SITE = http://www.openssl.org/source
+LIBOPENSSL_VERSION = 1.0.2q
+LIBOPENSSL_SITE = https://www.openssl.org/source
 LIBOPENSSL_SOURCE = openssl-$(LIBOPENSSL_VERSION).tar.gz
 LIBOPENSSL_LICENSE = OpenSSL or SSLeay
 LIBOPENSSL_LICENSE_FILES = LICENSE

package/liboping/0001-ping_host_add-Decrease-buffer-size-to-make-GCC-s-truncation-check-happy.patch

@@ -0,0 +1,31 @@
+From 18ca43507b351f339ff23062541ee8d58e813a53 Mon Sep 17 00:00:00 2001
+From: Florian Forster <ff@octo.it>
+Date: Sun, 29 Jul 2018 14:34:19 +0200
+Subject: [PATCH] ping_host_add: Decrease buffer size to make GCC's truncation
+ check happy.
+
+Fixes: #38
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Retrieved from:
+https://github.com/octo/liboping/commit/18ca43507b351f339ff23062541ee8d58e813a53]
+---
+ src/liboping.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/src/liboping.c b/src/liboping.c
+index 5253e8c..2470988 100644
+--- a/src/liboping.c
++++ b/src/liboping.c
+@@ -1636,10 +1636,8 @@ int ping_host_add (pingobj_t *obj, const char *host)
+ 		}
+ 		else
+ 		{
+-			char errmsg[PING_ERRMSG_LEN];
+-
+-			snprintf (errmsg, PING_ERRMSG_LEN, "Unknown `ai_family': %i", ai_ptr->ai_family);
+-			errmsg[PING_ERRMSG_LEN - 1] = '\0';
++			char errmsg[64];
++			snprintf (errmsg, sizeof(errmsg), "Unknown `ai_family': %d", ai_ptr->ai_family);
+ 
+ 			dprintf ("%s", errmsg);
+ 			ping_set_error (obj, "getaddrinfo", errmsg);

package/libpjsip/libpjsip.mk

@@ -26,9 +26,6 @@ LIBPJSIP_CONF_ENV = \
 
 LIBPJSIP_CONF_OPTS = \
 	--disable-sound \
-	--disable-gsm-codec \
-	--disable-speex-codec \
-	--disable-speex-aec \
 	--disable-resample \
 	--disable-video \
 	--disable-opencore-amr \
@@ -56,6 +53,16 @@ LIBPJSIP_CONF_OPTS = \
 # so we want to use it.
 LIBPJSIP_CONF_OPTS += --enable-epoll
 
+ifeq ($(BR2_PACKAGE_LIBGSM),y)
+LIBPJSIP_CONF_OPTS += \
+	--enable-gsm-codec \
+	--with-external-gsm
+LIBPJSIP_DEPENDENCIES += libgsm
+else
+LIBPJSIP_CONF_OPTS += \
+	--disable-gsm-codec
+endif
+
 ifeq ($(BR2_PACKAGE_LIBOPENSSL),y)
 LIBPJSIP_DEPENDENCIES += libopenssl
 LIBPJSIP_CONF_OPTS += --with-ssl=$(STAGING_DIR)/usr
@@ -63,8 +70,23 @@ else
 LIBPJSIP_CONF_OPTS += --disable-ssl
 endif
 
+ifeq ($(BR2_PACKAGE_SPEEX)$(BR2_PACKAGE_SPEEXDSP),yy)
+LIBPJSIP_CONF_OPTS += \
+	--enable-speex-aec \
+	--enable-speex-codec \
+	--with-external-speex
+LIBPJSIP_DEPENDENCIES += speex speexdsp
+else
+LIBPJSIP_CONF_OPTS += \
+	--disable-speex-aec \
+	--disable-speex-codec
+endif
+
 ifeq ($(BR2_PACKAGE_UTIL_LINUX_LIBUUID),y)
 LIBPJSIP_DEPENDENCIES += util-linux
 endif
 
+# disable build of test binaries
+LIBPJSIP_MAKE_OPTS = lib
+
 $(eval $(autotools-package))

package/libsemanage/libsemanage.mk

@@ -31,7 +31,8 @@ HOST_LIBSEMANAGE_DEPENDENCIES = host-bison host-audit host-libsepol host-libseli
 HOST_LIBSEMANAGE_MAKE_OPTS += \
 	$(HOST_CONFIGURE_OPTS) \
 	PREFIX=$(HOST_DIR) \
-	SWIG_LIB="$(HOST_DIR)/share/swig/$(SWIG_VERSION)/"
+	SWIG_LIB="$(HOST_DIR)/share/swig/$(SWIG_VERSION)/" \
+	DEFAULT_SEMANAGE_CONF_LOCATION=$(HOST_DIR)/etc/selinux/semanage.conf
 
 ifeq ($(BR2_PACKAGE_PYTHON3),y)
 HOST_LIBSEMANAGE_DEPENDENCIES += host-python3

package/liburiparser/liburiparser.hash

@@ -1,3 +1,3 @@
 # Locally calculated
-sha256  0709a7e572417db763f0356250d91686c19a64ab48e9da9f5a1e8055dc2a4a54  uriparser-0.8.6.tar.bz2
+sha256  ec67eb34feda8eac166f281799f03ed48387694fca44f6f5852f61f8fb535e2c  uriparser-0.9.0.tar.bz2
 sha256  ee90029e62d11f48faa59360d15c3ad8e7c094c74cc25b055716d92340da561f  COPYING

package/liburiparser/liburiparser.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBURIPARSER_VERSION = 0.8.6
+LIBURIPARSER_VERSION = 0.9.0
 LIBURIPARSER_SOURCE = uriparser-$(LIBURIPARSER_VERSION).tar.bz2
 LIBURIPARSER_SITE = https://github.com/uriparser/uriparser/releases/download/uriparser-$(LIBURIPARSER_VERSION)
 LIBURIPARSER_LICENSE = BSD-3-Clause

package/lighttpd/lighttpd.hash

@@ -1,4 +1,4 @@
-# From https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.49.sha256sum
-sha256 aedf49d7127d9e4c0ea56618e9e945a17674dc46a37ac7990120f87dd939ce09  lighttpd-1.4.49.tar.xz
+# From https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.51.sha256sum
+sha256 2af9fdb265d1f025bfa634e13770239712ecbd585e4975b8226edf1df74e9c82  lighttpd-1.4.51.tar.xz
 # Locally calculated
 sha256 5c98cad2fbaf5c5e2562bcbab401a7c557c1bb1bac9914ecc63730925052fb13  COPYING

package/lighttpd/lighttpd.mk

@@ -5,13 +5,15 @@
 ################################################################################
 
 LIGHTTPD_VERSION_MAJOR = 1.4
-LIGHTTPD_VERSION = $(LIGHTTPD_VERSION_MAJOR).49
+LIGHTTPD_VERSION = $(LIGHTTPD_VERSION_MAJOR).51
 LIGHTTPD_SOURCE = lighttpd-$(LIGHTTPD_VERSION).tar.xz
 LIGHTTPD_SITE = http://download.lighttpd.net/lighttpd/releases-$(LIGHTTPD_VERSION_MAJOR).x
 LIGHTTPD_LICENSE = BSD-3-Clause
 LIGHTTPD_LICENSE_FILES = COPYING
 LIGHTTPD_DEPENDENCIES = host-pkgconf
 LIGHTTPD_CONF_OPTS = \
+	--without-pam \
+	--without-wolfssl \
 	--libdir=/usr/lib/lighttpd \
 	--libexecdir=/usr/lib
 

package/linux-firmware/linux-firmware.mk

@@ -383,7 +383,7 @@ endif
 
 ifeq ($(BR2_PACKAGE_LINUX_FIRMWARE_QLOGIC_4X),y)
 LINUX_FIRMWARE_FILES += \
-	qed/qed_init_values_zipped-8.33.11.0.bin
+	qed/qed_init_values_zipped-*.bin
 # No license file; the license is in the file WHENCE
 # which is installed unconditionally
 endif

package/linux-headers/Config.in.host

@@ -266,13 +266,13 @@ config BR2_DEFAULT_KERNEL_HEADERS
 	string
 	default "3.2.102"	if BR2_KERNEL_HEADERS_3_2
 	default "4.1.52"	if BR2_KERNEL_HEADERS_4_1
-	default "4.4.161"	if BR2_KERNEL_HEADERS_4_4
-	default "4.9.133"	if BR2_KERNEL_HEADERS_4_9
+	default "4.4.166"	if BR2_KERNEL_HEADERS_4_4
+	default "4.9.143"	if BR2_KERNEL_HEADERS_4_9
 	default "4.10.17"	if BR2_KERNEL_HEADERS_4_10
 	default "4.11.12"	if BR2_KERNEL_HEADERS_4_11
 	default "4.12.14"	if BR2_KERNEL_HEADERS_4_12
 	default "4.13.16"	if BR2_KERNEL_HEADERS_4_13
-	default "4.14.76"	if BR2_KERNEL_HEADERS_4_14
+	default "4.14.86"	if BR2_KERNEL_HEADERS_4_14
 	default "4.15.18"	if BR2_KERNEL_HEADERS_4_15
 	default "4.16.18"	if BR2_KERNEL_HEADERS_4_16
 	default "4.17.19"	if BR2_KERNEL_HEADERS_4_17