Update for 2018.11.4

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

CHANGES

@@ -1,3 +1,15 @@
+2018.11.4, Released March 28th, 2019
+
+	Important / security related fixes.
+
+	Updated/fixed packages: avahi, beecrypt, binutils, botan,
+	busybox, clamav, cups, devmem2, efl, fetchmail, file, fltk,
+	gcc, gdb, git, go, gst-plugins-bad, iproute2, jq,
+	kf5-modemmanager-qt, leveldb, libopenssl, libraw, libseccomp,
+	libsoxr, libssh2, mariadb, mosquitto, nodejs, ntp, openjpeg,
+	perl, php, putty, qt5webkit, rdesktop, runc, samba4, swupdate,
+	systemd, tor, vsftpd, wireshark, xapp_xdm, xen, xlib_libXdmcp
+
 2018.11.3, Released February 23th, 2019
 
 	Important / security related fixes.

Makefile

@@ -92,9 +92,9 @@ all:
 .PHONY: all
 
 # Set and export the version string
-export BR2_VERSION := 2018.11.3
+export BR2_VERSION := 2018.11.4
 # Actual time the release is cut (for reproducible builds)
-BR2_VERSION_EPOCH = 1550960000
+BR2_VERSION_EPOCH = 1553810000
 
 # Save running make version since it's clobbered by the make package
 RUNNING_MAKE_VERSION := $(MAKE_VERSION)

linux/linux.hash

@@ -1,9 +1,9 @@
 # From https://www.kernel.org/pub/linux/kernel/v4.x/sha256sums.asc
 sha256 68ac319e0fb7edd6b6051541d9cf112cd4f77a29e16a69ae1e133ff51117f653  linux-4.18.20.tar.xz
 sha256 41026d713ba4f7a5e9d514b876ce4ed28a1d993c0c58b42b2a2597d6a0e83021  linux-4.16.18.tar.xz
-sha256 8ff98caed5b20b733dedcbe99559d71a0e09e239c0c2488b3fd799c96489eb0a  linux-4.14.99.tar.xz
-sha256 5eb1b9ba43370512ab637452089bb93f8c0fdd7d5399e99561d382f74517a816  linux-4.9.156.tar.xz
-sha256 be5211dd90142568199cd546c0893e1eb71c78774a11660a8bb8070bb9ebba39  linux-4.4.174.tar.xz
+sha256 7aa43e34e4c9e5965da29cef5ae196e06006f8c0d1d65fd755a2f197f0796a11  linux-4.14.103.tar.xz
+sha256 c09af067af62d299f5e33c279968de58c88fb7c59bd05e8f3bb460f611f60515  linux-4.9.160.tar.xz
+sha256 27da5401aa691762f3361c143f453877f499c02ea6c9c743b09538cb1af1c75d  linux-4.4.176.tar.xz
 sha256 6ad9389e55e0ea57768eae173747058a4487fa3630e10a7999cfec9f945e559c  linux-4.1.52.tar.xz
 # From https://www.kernel.org/pub/linux/kernel/v3.x/sha256sums.asc
 sha256 ad96d797571496c969aa71bf5d08e9d2a8c84458090d29a120f1b2981185a99e  linux-3.2.102.tar.xz

package/avahi/0001-Drop-legacy-unicast-queries-from-address-not-on-loca.patch

@@ -0,0 +1,48 @@
+From e111def44a7df4624a4aa3f85fe98054bffb6b4f Mon Sep 17 00:00:00 2001
+From: Trent Lloyd <trent@lloyd.id.au>
+Date: Sat, 22 Dec 2018 09:06:07 +0800
+Subject: [PATCH] Drop legacy unicast queries from address not on local link
+
+When handling legacy unicast queries, ensure that the source IP is
+inside a subnet on the local link, otherwise drop the packet.
+
+Fixes #145
+Fixes #203
+CVE-2017-6519
+CVE-2018-100084
+
+Backported from: e111def44a7df4624a4aa3f85fe98054bffb6b4f
+Signed-off-by: Artem Panfilov <panfilov.artyom@gmail.com>
+---
+ avahi-core/server.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/avahi-core/server.c b/avahi-core/server.c
+index a2cb19a8..a2580e38 100644
+--- a/avahi-core/server.c
++++ b/avahi-core/server.c
+@@ -930,6 +930,7 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres
+ 
+     if (avahi_dns_packet_is_query(p)) {
+         int legacy_unicast = 0;
++        char t[AVAHI_ADDRESS_STR_MAX];
+ 
+         /* For queries EDNS0 might allow ARCOUNT != 0. We ignore the
+          * AR section completely here, so far. Until the day we add
+@@ -947,6 +948,13 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres
+             legacy_unicast = 1;
+         }
+ 
++        if (!is_mdns_mcast_address(dst_address) &&
++            !avahi_interface_address_on_link(i, src_address)) {
++
++            avahi_log_debug("Received non-local unicast query from host %s on interface '%s.%i'.", avahi_address_snprint(t, sizeof(t), src_address), i->hardware->name, i->protocol);
++            return;
++        }
++
+         if (legacy_unicast)
+             reflect_legacy_unicast_query_packet(s, p, i, src_address, port);
+ 
+-- 
+2.19.1
+

package/beecrypt/0003-don-t-check-for-cplusplus-compiler.patch

@@ -0,0 +1,27 @@
+configure.ac: don't check for C++ compiler
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+
+diff -durN beecrypt-4.2.1-orig/configure.ac beecrypt-4.2.1/configure.ac
+--- beecrypt-4.2.1-orig/configure.ac	2019-03-01 19:58:16.516117640 +0100
++++ beecrypt-4.2.1/configure.ac	2019-03-01 21:10:17.707391803 +0100
+@@ -119,9 +119,6 @@
+ 
+ # Checks for C compiler and preprocessor
+ AC_PROG_CC
+-AC_PROG_CPP
+-AC_PROG_CXX
+-AC_PROG_CXXCPP
+ AM_PROG_AS
+ AC_PROG_LD
+ AC_PROG_LN_S
+@@ -133,9 +130,6 @@
+ AC_LANG_PUSH(C)
+ AC_OPENMP
+ AC_LANG_POP(C)
+-AC_LANG_PUSH(C++)
+-AC_OPENMP
+-AC_LANG_POP(C++)
+ 
+ # Checks for compiler characteristics and flags
+ if test "$ac_enable_expert_mode" = no; then

package/binutils/2.31.1/0012-x86-Add-a-GNU_PROPERTY_X86_ISA_1_USED-note-if-needed.patch

@@ -0,0 +1,568 @@
+From 6737a6b34f4823deb7142f27b4074831a37ac1e1 Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Fri, 20 Jul 2018 09:18:47 -0700
+Subject: [PATCH] x86: Add a GNU_PROPERTY_X86_ISA_1_USED note if needed
+
+When -z separate-code, which is enabled by default for Linux/x86, is
+used to create executable, ld won't place any data in the code-only
+PT_LOAD segment.  If there are no data sections placed before the
+code-only PT_LOAD segment, the program headers won't be mapped into
+any PT_LOAD segment.  When the executable tries to access it (based
+on the program header address passed in AT_PHDR), it will lead to
+segfault.  This patch inserts a GNU_PROPERTY_X86_ISA_1_USED note if
+there may be no data sections before the text section so that the
+first PT_LOAD segment won't be code-only and will contain the program
+header.
+
+Testcases are adjusted to either pass "-z noseparate-code" to ld or
+discard the .note.gnu.property section.  A Linux/x86 run-time test is
+added.
+
+bfd/
+
+	PR ld/23428
+	* elfxx-x86.c (_bfd_x86_elf_link_setup_gnu_properties): If the
+	separate code program header is needed, make sure that the first
+	read-only PT_LOAD segment has no code by adding a
+	GNU_PROPERTY_X86_ISA_1_USED note.
+
+ld/
+
+	PR ld/23428
+	* testsuite/ld-elf/linux-x86.S: New file.
+	* testsuite/ld-elf/linux-x86.exp: Likewise.
+	* testsuite/ld-elf/pr23428.c: Likewise.
+	* testsuite/ld-elf/sec64k.exp: Pass "-z noseparate-code" to ld
+	for Linux/x86 targets.
+	* testsuite/ld-i386/abs-iamcu.d: Likewise.
+	* testsuite/ld-i386/abs.d: Likewise.
+	* testsuite/ld-i386/pr12718.d: Likewise.
+	* testsuite/ld-i386/pr12921.d: Likewise.
+	* testsuite/ld-x86-64/abs-k1om.d: Likewise.
+	* testsuite/ld-x86-64/abs-l1om.d: Likewise.
+	* testsuite/ld-x86-64/abs.d: Likewise.
+	* testsuite/ld-x86-64/pr12718.d: Likewise.
+	* testsuite/ld-x86-64/pr12921.d: Likewise.
+	* testsuite/ld-linkonce/zeroeh.ld: Discard .note.gnu.property
+	section.
+	* testsuite/ld-scripts/print-memory-usage.t: Likewise.
+	* testsuite/ld-scripts/size-2.t: Likewise.
+	* testsuite/lib/ld-lib.exp (run_ld_link_exec_tests): Use ld
+	to create executable if language is "asm".
+
+(cherry picked from commit 241e64e3b42cd9eba514b8e0ad2ef39a337f10a5)
+Signed-off-by: Norbert Lange <nolange79@gmail.com>
+---
+ bfd/ChangeLog                                |  8 ++++
+ bfd/elfxx-x86.c                              | 60 +++++++++++++++++++-------
+ ld/ChangeLog                                 | 24 +++++++++++
+ ld/testsuite/ld-elf/linux-x86.S              | 63 ++++++++++++++++++++++++++++
+ ld/testsuite/ld-elf/linux-x86.exp            | 46 ++++++++++++++++++++
+ ld/testsuite/ld-elf/pr23428.c                | 43 +++++++++++++++++++
+ ld/testsuite/ld-elf/sec64k.exp               |  2 +
+ ld/testsuite/ld-i386/abs-iamcu.d             |  2 +-
+ ld/testsuite/ld-i386/abs.d                   |  2 +-
+ ld/testsuite/ld-i386/pr12718.d               |  2 +-
+ ld/testsuite/ld-i386/pr12921.d               |  2 +-
+ ld/testsuite/ld-linkonce/zeroeh.ld           |  1 +
+ ld/testsuite/ld-scripts/print-memory-usage.t |  2 +
+ ld/testsuite/ld-scripts/size-2.t             |  1 +
+ ld/testsuite/ld-x86-64/abs-k1om.d            |  2 +-
+ ld/testsuite/ld-x86-64/abs-l1om.d            |  2 +-
+ ld/testsuite/ld-x86-64/abs.d                 |  2 +-
+ ld/testsuite/ld-x86-64/pr12718.d             |  2 +-
+ ld/testsuite/ld-x86-64/pr12921.d             |  2 +-
+ ld/testsuite/lib/ld-lib.exp                  |  5 ++-
+ 20 files changed, 248 insertions(+), 25 deletions(-)
+ create mode 100644 ld/testsuite/ld-elf/linux-x86.S
+ create mode 100644 ld/testsuite/ld-elf/linux-x86.exp
+ create mode 100644 ld/testsuite/ld-elf/pr23428.c
+
+diff --git a/bfd/ChangeLog b/bfd/ChangeLog
+index 1c1174a..d3831b7 100644
+--- a/bfd/ChangeLog
++++ b/bfd/ChangeLog
+@@ -1,3 +1,11 @@
++2018-07-23  H.J. Lu  <hongjiu.lu@intel.com>
++
++	PR ld/23428
++	* elfxx-x86.c (_bfd_x86_elf_link_setup_gnu_properties): If the
++	separate code program header is needed, make sure that the first
++	read-only PT_LOAD segment has no code by adding a
++	GNU_PROPERTY_X86_ISA_1_USED note.
++
+ 2018-07-18  Nick Clifton  <nickc@redhat.com>
+
+ 	* development.sh: Set to true.
+diff --git a/bfd/elfxx-x86.c b/bfd/elfxx-x86.c
+index a2497aa..2e4ff88 100644
+--- a/bfd/elfxx-x86.c
++++ b/bfd/elfxx-x86.c
+@@ -2524,6 +2524,7 @@ _bfd_x86_elf_link_setup_gnu_properties
+   const struct elf_backend_data *bed;
+   unsigned int class_align = ABI_64_P (info->output_bfd) ? 3 : 2;
+   unsigned int got_align;
++  bfd_boolean has_text = FALSE;
+
+   features = 0;
+   if (info->ibt)
+@@ -2538,24 +2539,59 @@ _bfd_x86_elf_link_setup_gnu_properties
+     if (bfd_get_flavour (pbfd) == bfd_target_elf_flavour
+ 	&& bfd_count_sections (pbfd) != 0)
+       {
++	if (!has_text)
++	  {
++	    /* Check if there is no non-empty text section.  */
++	    sec = bfd_get_section_by_name (pbfd, ".text");
++	    if (sec != NULL && sec->size != 0)
++	      has_text = TRUE;
++	  }
++
+ 	ebfd = pbfd;
+
+ 	if (elf_properties (pbfd) != NULL)
+ 	  break;
+       }
+
+-  if (ebfd != NULL && features)
++  bed = get_elf_backend_data (info->output_bfd);
++
++  htab = elf_x86_hash_table (info, bed->target_id);
++  if (htab == NULL)
++    return pbfd;
++
++  if (ebfd != NULL)
+     {
+-      /* If features is set, add GNU_PROPERTY_X86_FEATURE_1_IBT and
+-	 GNU_PROPERTY_X86_FEATURE_1_SHSTK.  */
+-      prop = _bfd_elf_get_property (ebfd,
+-				    GNU_PROPERTY_X86_FEATURE_1_AND,
+-				    4);
+-      prop->u.number |= features;
+-      prop->pr_kind = property_number;
++      prop = NULL;
++      if (features)
++	{
++	  /* If features is set, add GNU_PROPERTY_X86_FEATURE_1_IBT and
++	     GNU_PROPERTY_X86_FEATURE_1_SHSTK.  */
++	  prop = _bfd_elf_get_property (ebfd,
++					GNU_PROPERTY_X86_FEATURE_1_AND,
++					4);
++	  prop->u.number |= features;
++	  prop->pr_kind = property_number;
++	}
++      else if (has_text
++	       && elf_properties (ebfd) == NULL
++	       && elf_tdata (info->output_bfd)->o->build_id.sec == NULL
++	       && !htab->elf.dynamic_sections_created
++	       && !info->traditional_format
++	       && (info->output_bfd->flags & D_PAGED) != 0
++	       && info->separate_code)
++	{
++	  /* If the separate code program header is needed, make sure
++	     that the first read-only PT_LOAD segment has no code by
++	     adding a GNU_PROPERTY_X86_ISA_1_USED note.  */
++	  prop = _bfd_elf_get_property (ebfd,
++					GNU_PROPERTY_X86_ISA_1_USED,
++					4);
++	  prop->u.number = GNU_PROPERTY_X86_ISA_1_486;
++	  prop->pr_kind = property_number;
++	}
+
+       /* Create the GNU property note section if needed.  */
+-      if (pbfd == NULL)
++      if (prop != NULL && pbfd == NULL)
+ 	{
+ 	  sec = bfd_make_section_with_flags (ebfd,
+ 					     NOTE_GNU_PROPERTY_SECTION_NAME,
+@@ -2581,12 +2617,6 @@ error_alignment:
+
+   pbfd = _bfd_elf_link_setup_gnu_properties (info);
+
+-  bed = get_elf_backend_data (info->output_bfd);
+-
+-  htab = elf_x86_hash_table (info, bed->target_id);
+-  if (htab == NULL)
+-    return pbfd;
+-
+   htab->r_info = init_table->r_info;
+   htab->r_sym = init_table->r_sym;
+
+diff --git a/ld/ChangeLog b/ld/ChangeLog
+index c07e442..cfadbd4 100644
+--- a/ld/ChangeLog
++++ b/ld/ChangeLog
+@@ -1,3 +1,27 @@
++2018-07-23  H.J. Lu  <hongjiu.lu@intel.com>
++
++	PR ld/23428
++	* testsuite/ld-elf/linux-x86.S: New file.
++	* testsuite/ld-elf/linux-x86.exp: Likewise.
++	* testsuite/ld-elf/pr23428.c: Likewise.
++	* testsuite/ld-elf/sec64k.exp: Pass "-z noseparate-code" to ld
++	for Linux/x86 targets.
++	* testsuite/ld-i386/abs-iamcu.d: Likewise.
++	* testsuite/ld-i386/abs.d: Likewise.
++	* testsuite/ld-i386/pr12718.d: Likewise.
++	* testsuite/ld-i386/pr12921.d: Likewise.
++	* testsuite/ld-x86-64/abs-k1om.d: Likewise.
++	* testsuite/ld-x86-64/abs-l1om.d: Likewise.
++	* testsuite/ld-x86-64/abs.d: Likewise.
++	* testsuite/ld-x86-64/pr12718.d: Likewise.
++	* testsuite/ld-x86-64/pr12921.d: Likewise.
++	* testsuite/ld-linkonce/zeroeh.ld: Discard .note.gnu.property
++	section.
++	* testsuite/ld-scripts/print-memory-usage.t: Likewise.
++	* testsuite/ld-scripts/size-2.t: Likewise.
++	* testsuite/lib/ld-lib.exp (run_ld_link_exec_tests): Use ld to
++	create executable if language is "asm".
++
+ 2018-07-18  Nick Clifton  <nickc@redhat.com>
+
+ 	2.31.1 Release point.
+diff --git a/ld/testsuite/ld-elf/linux-x86.S b/ld/testsuite/ld-elf/linux-x86.S
+new file mode 100644
+index 0000000..bdf40c6
+--- /dev/null
++++ b/ld/testsuite/ld-elf/linux-x86.S
+@@ -0,0 +1,63 @@
++	.text
++	.globl _start
++	.type _start,@function
++	.p2align 4
++_start:
++	xorl %ebp, %ebp
++#ifdef __LP64__
++	popq %rdi
++	movq %rsp, %rsi
++	andq  $~15, %rsp
++#elif defined __x86_64__
++	mov (%rsp),%edi
++	addl $4,%esp
++	movl %esp, %esi
++	andl  $~15, %esp
++#else
++	popl %esi
++	movl %esp, %ecx
++	andl  $~15, %esp
++
++	subl $8,%esp
++	pushl %ecx
++	pushl %esi
++#endif
++
++	call main
++
++	hlt
++
++	.type syscall,  @function
++	.globl syscall
++	.p2align 4
++syscall:
++#ifdef __x86_64__
++	movq %rdi, %rax		/* Syscall number -> rax.  */
++	movq %rsi, %rdi		/* shift arg1 - arg5.  */
++	movq %rdx, %rsi
++	movq %rcx, %rdx
++	movq %r8, %r10
++	movq %r9, %r8
++	movq 8(%rsp),%r9	/* arg6 is on the stack.  */
++	syscall			/* Do the system call.  */
++#else
++	push %ebp
++	push %edi
++	push %esi
++	push %ebx
++	mov 0x2c(%esp),%ebp
++	mov 0x28(%esp),%edi
++	mov 0x24(%esp),%esi
++	mov 0x20(%esp),%edx
++	mov 0x1c(%esp),%ecx
++	mov 0x18(%esp),%ebx
++	mov 0x14(%esp),%eax
++	int $0x80
++	pop %ebx
++	pop %esi
++	pop %edi
++	pop %ebp
++#endif
++	ret			/* Return to caller.  */
++	.size syscall, .-syscall
++	.section .note.GNU-stack,"",@progbits
+diff --git a/ld/testsuite/ld-elf/linux-x86.exp b/ld/testsuite/ld-elf/linux-x86.exp
+new file mode 100644
+index 0000000..36217c6
+--- /dev/null
++++ b/ld/testsuite/ld-elf/linux-x86.exp
+@@ -0,0 +1,46 @@
++# Expect script for simple native Linux/x86 tests.
++#   Copyright (C) 2018 Free Software Foundation, Inc.
++#
++# This file is part of the GNU Binutils.
++#
++# This program is free software; you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation; either version 3 of the License, or
++# (at your option) any later version.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program; if not, write to the Free Software
++# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston,
++# MA 02110-1301, USA.
++#
++
++# Test very simple native Linux/x86 programs with linux-x86.S.
++if { ![isnative] || [which $CC] == 0 \
++     || (![istarget "i?86-*-linux*"] \
++         && ![istarget "x86_64-*-linux*"] \
++         && ![istarget "amd64-*-linux*"]) } {
++    return
++}
++
++# Add $PLT_CFLAGS if PLT is expected.
++global PLT_CFLAGS
++# Add $NOPIE_CFLAGS and $NOPIE_LDFLAGS if non-PIE is required.
++global NOPIE_CFLAGS NOPIE_LDFLAGS
++
++run_ld_link_exec_tests [list \
++    [list \
++	"Run PR ld/23428 test" \
++	"--no-dynamic-linker -z separate-code" \
++	"" \
++	{ linux-x86.S pr23428.c } \
++	"pr23428" \
++	"pass.out" \
++	"$NOPIE_CFLAGS -fno-asynchronous-unwind-tables" \
++	"asm" \
++    ] \
++]
+diff --git a/ld/testsuite/ld-elf/pr23428.c b/ld/testsuite/ld-elf/pr23428.c
+new file mode 100644
+index 0000000..3631ed7
+--- /dev/null
++++ b/ld/testsuite/ld-elf/pr23428.c
+@@ -0,0 +1,43 @@
++#include <unistd.h>
++#include <link.h>
++#include <syscall.h>
++
++#define STRING_COMMA_LEN(STR) (STR), (sizeof (STR) - 1)
++
++int
++main (int argc, char **argv)
++{
++  char **ev = &argv[argc + 1];
++  char **evp = ev;
++  ElfW(auxv_t) *av;
++  const ElfW(Phdr) *phdr = NULL;
++  size_t phnum = 0;
++  size_t loadnum = 0;
++  int fd = STDOUT_FILENO;
++  size_t i;
++
++  while (*evp++ != NULL)
++    ;
++
++  av = (ElfW(auxv_t) *) evp;
++
++  for (; av->a_type != AT_NULL; ++av)
++    switch (av->a_type)
++      {
++      case AT_PHDR:
++	phdr = (const void *) av->a_un.a_val;
++	break;
++      case AT_PHNUM:
++	phnum = av->a_un.a_val;
++	break;
++      }
++
++  for (i = 0; i < phnum; i++, phdr++)
++    if (phdr->p_type == PT_LOAD)
++      loadnum++;
++
++  syscall (SYS_write, fd, STRING_COMMA_LEN ("PASS\n"));
++
++  syscall (SYS_exit, !loadnum);
++  return 0;
++}
+diff --git a/ld/testsuite/ld-elf/sec64k.exp b/ld/testsuite/ld-elf/sec64k.exp
+index b58139e..3909c0e 100644
+--- a/ld/testsuite/ld-elf/sec64k.exp
++++ b/ld/testsuite/ld-elf/sec64k.exp
+@@ -177,6 +177,8 @@ if { ![istarget "d10v-*-*"]
+     foreach sfile $sfiles { puts $ofd "#source: $sfile" }
+     if { [istarget spu*-*-*] } {
+ 	puts $ofd "#ld: --local-store 0:0"
++    } elseif { [istarget "i?86-*-linux*"] || [istarget "x86_64-*-linux*"] } {
++	puts $ofd "#ld: -z noseparate-code"
+     } else {
+ 	puts $ofd "#ld:"
+     }
+diff --git a/ld/testsuite/ld-i386/abs-iamcu.d b/ld/testsuite/ld-i386/abs-iamcu.d
+index ac9beff..aba7d6b 100644
+--- a/ld/testsuite/ld-i386/abs-iamcu.d
++++ b/ld/testsuite/ld-i386/abs-iamcu.d
+@@ -2,7 +2,7 @@
+ #source: abs.s
+ #source: zero.s
+ #as: --32 -march=iamcu
+-#ld: -m elf_iamcu
++#ld: -m elf_iamcu -z noseparate-code
+ #objdump: -rs -j .text
+
+ .*:     file format .*
+diff --git a/ld/testsuite/ld-i386/abs.d b/ld/testsuite/ld-i386/abs.d
+index e660aca..191ee44 100644
+--- a/ld/testsuite/ld-i386/abs.d
++++ b/ld/testsuite/ld-i386/abs.d
+@@ -2,7 +2,7 @@
+ #as: --32
+ #source: abs.s
+ #source: zero.s
+-#ld: -melf_i386
++#ld: -melf_i386 -z noseparate-code
+ #objdump: -rs
+
+ .*:     file format .*
+diff --git a/ld/testsuite/ld-i386/pr12718.d b/ld/testsuite/ld-i386/pr12718.d
+index ec51540..7eba52d 100644
+--- a/ld/testsuite/ld-i386/pr12718.d
++++ b/ld/testsuite/ld-i386/pr12718.d
+@@ -1,6 +1,6 @@
+ #name: PR ld/12718
+ #as: --32
+-#ld: -melf_i386
++#ld: -melf_i386 -z noseparate-code
+ #readelf: -S
+
+ There are 5 section headers, starting at offset 0x[0-9a-f]+:
+diff --git a/ld/testsuite/ld-i386/pr12921.d b/ld/testsuite/ld-i386/pr12921.d
+index e49079b..ea2da3e 100644
+--- a/ld/testsuite/ld-i386/pr12921.d
++++ b/ld/testsuite/ld-i386/pr12921.d
+@@ -1,6 +1,6 @@
+ #name: PR ld/12921
+ #as: --32
+-#ld: -melf_i386
++#ld: -melf_i386 -z noseparate-code
+ #readelf: -S --wide
+
+ There are 7 section headers, starting at offset 0x[0-9a-f]+:
+diff --git a/ld/testsuite/ld-linkonce/zeroeh.ld b/ld/testsuite/ld-linkonce/zeroeh.ld
+index b22eaa1..f89855a 100644
+--- a/ld/testsuite/ld-linkonce/zeroeh.ld
++++ b/ld/testsuite/ld-linkonce/zeroeh.ld
+@@ -2,4 +2,5 @@ SECTIONS {
+  .text 0xa00 : { *(.text); *(.gnu.linkonce.t.*) }
+  .gcc_except_table 0x2000 : { *(.gcc_except_table) }
+  .eh_frame 0x4000 : { *(.eh_frame) }
++  /DISCARD/ : { *(.note.gnu.property) }
+ }
+diff --git a/ld/testsuite/ld-scripts/print-memory-usage.t b/ld/testsuite/ld-scripts/print-memory-usage.t
+index 5ff057a..6eda1d2 100644
+--- a/ld/testsuite/ld-scripts/print-memory-usage.t
++++ b/ld/testsuite/ld-scripts/print-memory-usage.t
+@@ -11,4 +11,6 @@ SECTIONS
+     *(.data)
+     *(.rw)
+   }
++
++  /DISCARD/ : { *(.note.gnu.property) }
+ }
+diff --git a/ld/testsuite/ld-scripts/size-2.t b/ld/testsuite/ld-scripts/size-2.t
+index 7238639..c3c4edd 100644
+--- a/ld/testsuite/ld-scripts/size-2.t
++++ b/ld/testsuite/ld-scripts/size-2.t
+@@ -18,4 +18,5 @@ SECTIONS
+     LONG (SIZEOF (.tdata))
+     LONG (SIZEOF (.tbss))
+   } :image
++  /DISCARD/ : { *(.note.gnu.property) }
+ }
+diff --git a/ld/testsuite/ld-x86-64/abs-k1om.d b/ld/testsuite/ld-x86-64/abs-k1om.d
+index 2c26639..6b0fde0 100644
+--- a/ld/testsuite/ld-x86-64/abs-k1om.d
++++ b/ld/testsuite/ld-x86-64/abs-k1om.d
+@@ -2,7 +2,7 @@
+ #source: ../ld-i386/abs.s
+ #source: ../ld-i386/zero.s
+ #as: --64 -march=k1om
+-#ld: -m elf_k1om
++#ld: -m elf_k1om -z noseparate-code
+ #objdump: -rs -j .text
+
+ .*:     file format .*
+diff --git a/ld/testsuite/ld-x86-64/abs-l1om.d b/ld/testsuite/ld-x86-64/abs-l1om.d
+index 1fb96d4..f87869f 100644
+--- a/ld/testsuite/ld-x86-64/abs-l1om.d
++++ b/ld/testsuite/ld-x86-64/abs-l1om.d
+@@ -2,7 +2,7 @@
+ #source: ../ld-i386/abs.s
+ #source: ../ld-i386/zero.s
+ #as: --64 -march=l1om
+-#ld: -m elf_l1om
++#ld: -m elf_l1om -z noseparate-code
+ #objdump: -rs -j .text
+ #target: x86_64-*-linux*
+
+diff --git a/ld/testsuite/ld-x86-64/abs.d b/ld/testsuite/ld-x86-64/abs.d
+index b24b018..d99ab46 100644
+--- a/ld/testsuite/ld-x86-64/abs.d
++++ b/ld/testsuite/ld-x86-64/abs.d
+@@ -1,7 +1,7 @@
+ #name: Absolute non-overflowing relocs
+ #source: ../ld-i386/abs.s
+ #source: ../ld-i386/zero.s
+-#ld:
++#ld: -z noseparate-code
+ #objdump: -rs
+
+ .*:     file format .*
+diff --git a/ld/testsuite/ld-x86-64/pr12718.d b/ld/testsuite/ld-x86-64/pr12718.d
+index 07d1732..2c503ff 100644
+--- a/ld/testsuite/ld-x86-64/pr12718.d
++++ b/ld/testsuite/ld-x86-64/pr12718.d
+@@ -1,6 +1,6 @@
+ #name: PR ld/12718
+ #as: --64
+-#ld: -melf_x86_64
++#ld: -melf_x86_64 -z noseparate-code
+ #readelf: -S --wide
+
+ There are 5 section headers, starting at offset 0x[0-9a-f]+:
+diff --git a/ld/testsuite/ld-x86-64/pr12921.d b/ld/testsuite/ld-x86-64/pr12921.d
+index 6fe6abe..1162d55 100644
+--- a/ld/testsuite/ld-x86-64/pr12921.d
++++ b/ld/testsuite/ld-x86-64/pr12921.d
+@@ -1,6 +1,6 @@
+ #name: PR ld/12921
+ #as: --64
+-#ld: -melf_x86_64
++#ld: -melf_x86_64 -z noseparate-code
+ #readelf: -S --wide
+
+ There are 7 section headers, starting at offset 0x[0-9a-f]+:
+diff --git a/ld/testsuite/lib/ld-lib.exp b/ld/testsuite/lib/ld-lib.exp
+index cfbefe9..1095091 100644
+--- a/ld/testsuite/lib/ld-lib.exp
++++ b/ld/testsuite/lib/ld-lib.exp
+@@ -1482,7 +1482,10 @@ proc run_ld_link_exec_tests { ldtests args } {
+ 	    continue
+ 	}
+
+-	if { [ string match "c++" $lang ] } {
++	if { [ string match "asm" $lang ] } {
++	    set link_proc ld_link
++	    set link_cmd $ld
++	} elseif { [ string match "c++" $lang ] } {
+ 	    set link_proc ld_link
+ 	    set link_cmd $CXX
+ 	} else {
+--
+2.9.3
+

package/binutils/2.31.1/0013-x86-Properly-merge-GNU_PROPERTY_X86_ISA_1_USED.patch

@@ -0,0 +1,588 @@
+From d55c3e36094f06bb1fb02f5eac19fdccf1d91f7e Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Wed, 8 Aug 2018 06:09:15 -0700
+Subject: [PATCH] x86: Properly merge GNU_PROPERTY_X86_ISA_1_USED
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+Without the GNU_PROPERTY_X86_ISA_1_USED property, all ISAs may be used.
+If a bit in the GNU_PROPERTY_X86_ISA_1_USED property is unset, the
+corresponding x86 instruction set isn’t used.  When merging properties
+from 2 input files and one input file doesn't have the
+GNU_PROPERTY_X86_ISA_1_USED property, the output file shouldn't have
+it neither.  This patch removes the GNU_PROPERTY_X86_ISA_1_USED
+property if an input file doesn't have it.
+
+This patch replaces the GNU_PROPERTY_X86_ISA_1_USED property with the
+GNU_PROPERTY_X86_ISA_1_NEEDED property which is the minimum ISA
+requirement.
+
+bfd/
+
+	PR ld/23486
+	* elfxx-x86.c (_bfd_x86_elf_merge_gnu_properties): Remove
+	GNU_PROPERTY_X86_ISA_1_USED if an input file doesn't have it.
+	(_bfd_x86_elf_link_setup_gnu_properties): Adding the
+	GNU_PROPERTY_X86_ISA_1_NEEDED, instead of
+	GNU_PROPERTY_X86_ISA_1_USED, property.
+
+ld/
+
+	PR ld/23486
+	* testsuite/ld-i386/i386.exp: Run PR ld/23486 tests.
+	* testsuite/ld-x86-64/x86-64.exp: Likewise.
+	* testsuite/ld-i386/pr23486a.d: New file.
+	* testsuite/ld-i386/pr23486b.d: Likewise.
+	* testsuite/ld-x86-64/pr23486a-x32.d: Likewise.
+	* testsuite/ld-x86-64/pr23486a.d: Likewise.
+	* testsuite/ld-x86-64/pr23486a.s: Likewise.
+	* testsuite/ld-x86-64/pr23486b-x32.d: Likewise.
+	* testsuite/ld-x86-64/pr23486b.d: Likewise.
+	* testsuite/ld-x86-64/pr23486b.s: Likewise.
+	* testsuite/ld-i386/property-3.r: Remove "x86 ISA used".
+	* testsuite/ld-i386/property-4.r: Likewise.
+	* testsuite/ld-i386/property-5.r: Likewise.
+	* testsuite/ld-i386/property-x86-ibt3a.d: Likewise.
+	* testsuite/ld-i386/property-x86-ibt3b.d: Likewise.
+	* testsuite/ld-i386/property-x86-shstk3a.d: Likewise.
+	* testsuite/ld-i386/property-x86-shstk3b.d: Likewise.
+	* testsuite/ld-x86-64/property-3.r: Likewise.
+	* testsuite/ld-x86-64/property-4.r: Likewise.
+	* testsuite/ld-x86-64/property-5.r: Likewise.
+	* testsuite/ld-x86-64/property-x86-ibt3a-x32.d: Likewise.
+	* testsuite/ld-x86-64/property-x86-ibt3a.d: Likewise.
+	* testsuite/ld-x86-64/property-x86-ibt3b-x32.d: Likewise.
+	* testsuite/ld-x86-64/property-x86-ibt3b.d: Likewise.
+	* testsuite/ld-x86-64/property-x86-shstk3a-x32.d: Likewise.
+	* testsuite/ld-x86-64/property-x86-shstk3a.d: Likewise.
+	* testsuite/ld-x86-64/property-x86-shstk3b-x32.d: Likewise.
+	* testsuite/ld-x86-64/property-x86-shstk3b.d: Likewise.
+
+(cherry picked from commit f7309df20c4e787041cedc4a6aced89c15259e54)
+Signed-off-by: Norbert Lange <nolange79@gmail.com>
+---
+ bfd/ChangeLog                                     |  9 +++++++
+ bfd/elfxx-x86.c                                   | 25 ++++++++++++++----
+ ld/ChangeLog                                      | 32 +++++++++++++++++++++++
+ ld/testsuite/ld-i386/i386.exp                     |  2 ++
+ ld/testsuite/ld-i386/pr23486a.d                   | 10 +++++++
+ ld/testsuite/ld-i386/pr23486b.d                   | 10 +++++++
+ ld/testsuite/ld-i386/property-3.r                 |  1 -
+ ld/testsuite/ld-i386/property-4.r                 |  1 -
+ ld/testsuite/ld-i386/property-5.r                 |  1 -
+ ld/testsuite/ld-i386/property-x86-ibt3a.d         |  5 ++--
+ ld/testsuite/ld-i386/property-x86-ibt3b.d         |  5 ++--
+ ld/testsuite/ld-i386/property-x86-shstk3a.d       |  5 ++--
+ ld/testsuite/ld-i386/property-x86-shstk3b.d       |  5 ++--
+ ld/testsuite/ld-x86-64/pr23486a-x32.d             | 10 +++++++
+ ld/testsuite/ld-x86-64/pr23486a.d                 | 10 +++++++
+ ld/testsuite/ld-x86-64/pr23486a.s                 | 30 +++++++++++++++++++++
+ ld/testsuite/ld-x86-64/pr23486b-x32.d             | 10 +++++++
+ ld/testsuite/ld-x86-64/pr23486b.d                 | 10 +++++++
+ ld/testsuite/ld-x86-64/pr23486b.s                 | 30 +++++++++++++++++++++
+ ld/testsuite/ld-x86-64/property-3.r               |  1 -
+ ld/testsuite/ld-x86-64/property-4.r               |  1 -
+ ld/testsuite/ld-x86-64/property-5.r               |  1 -
+ ld/testsuite/ld-x86-64/property-x86-ibt3a-x32.d   |  5 ++--
+ ld/testsuite/ld-x86-64/property-x86-ibt3a.d       |  5 ++--
+ ld/testsuite/ld-x86-64/property-x86-ibt3b-x32.d   |  5 ++--
+ ld/testsuite/ld-x86-64/property-x86-ibt3b.d       |  5 ++--
+ ld/testsuite/ld-x86-64/property-x86-shstk3a-x32.d |  5 ++--
+ ld/testsuite/ld-x86-64/property-x86-shstk3a.d     |  5 ++--
+ ld/testsuite/ld-x86-64/property-x86-shstk3b-x32.d |  5 ++--
+ ld/testsuite/ld-x86-64/property-x86-shstk3b.d     |  5 ++--
+ ld/testsuite/ld-x86-64/x86-64.exp                 |  4 +++
+ 31 files changed, 211 insertions(+), 47 deletions(-)
+ create mode 100644 ld/testsuite/ld-i386/pr23486a.d
+ create mode 100644 ld/testsuite/ld-i386/pr23486b.d
+ create mode 100644 ld/testsuite/ld-x86-64/pr23486a-x32.d
+ create mode 100644 ld/testsuite/ld-x86-64/pr23486a.d
+ create mode 100644 ld/testsuite/ld-x86-64/pr23486a.s
+ create mode 100644 ld/testsuite/ld-x86-64/pr23486b-x32.d
+ create mode 100644 ld/testsuite/ld-x86-64/pr23486b.d
+ create mode 100644 ld/testsuite/ld-x86-64/pr23486b.s
+
+diff --git a/bfd/elfxx-x86.c b/bfd/elfxx-x86.c
+index 2e4ff88..7ccfd25 100644
+--- a/bfd/elfxx-x86.c
++++ b/bfd/elfxx-x86.c
+@@ -2407,12 +2407,27 @@ _bfd_x86_elf_merge_gnu_properties (struct bfd_link_info *info,
+   switch (pr_type)
+     {
+     case GNU_PROPERTY_X86_ISA_1_USED:
++      if (aprop == NULL || bprop == NULL)
++	{
++	  /* Only one of APROP and BPROP can be NULL.  */
++	  if (aprop != NULL)
++	    {
++	      /* Remove this property since the other input file doesn't
++		 have it.  */
++	      aprop->pr_kind = property_remove;
++	      updated = TRUE;
++	    }
++	  break;
++	}
++      goto or_property;
++
+     case GNU_PROPERTY_X86_ISA_1_NEEDED:
+       if (aprop != NULL && bprop != NULL)
+ 	{
++or_property:
+ 	  number = aprop->u.number;
+ 	  aprop->u.number = number | bprop->u.number;
+-	  /* Remove the property if ISA bits are empty.  */
++	  /* Remove the property if all bits are empty.  */
+ 	  if (aprop->u.number == 0)
+ 	    {
+ 	      aprop->pr_kind = property_remove;
+@@ -2428,14 +2443,14 @@ _bfd_x86_elf_merge_gnu_properties (struct bfd_link_info *info,
+ 	    {
+ 	      if (aprop->u.number == 0)
+ 		{
+-		  /* Remove APROP if ISA bits are empty.  */
++		  /* Remove APROP if all bits are empty.  */
+ 		  aprop->pr_kind = property_remove;
+ 		  updated = TRUE;
+ 		}
+ 	    }
+ 	  else
+ 	    {
+-	      /* Return TRUE if APROP is NULL and ISA bits of BPROP
++	      /* Return TRUE if APROP is NULL and all bits of BPROP
+ 		 aren't empty to indicate that BPROP should be added
+ 		 to ABFD.  */
+ 	      updated = bprop->u.number != 0;
+@@ -2582,9 +2597,9 @@ _bfd_x86_elf_link_setup_gnu_properties
+ 	{
+ 	  /* If the separate code program header is needed, make sure
+ 	     that the first read-only PT_LOAD segment has no code by
+-	     adding a GNU_PROPERTY_X86_ISA_1_USED note.  */
++	     adding a GNU_PROPERTY_X86_ISA_1_NEEDED note.  */
+ 	  prop = _bfd_elf_get_property (ebfd,
+-					GNU_PROPERTY_X86_ISA_1_USED,
++					GNU_PROPERTY_X86_ISA_1_NEEDED,
+ 					4);
+ 	  prop->u.number = GNU_PROPERTY_X86_ISA_1_486;
+ 	  prop->pr_kind = property_number;
+diff --git a/ld/testsuite/ld-i386/i386.exp b/ld/testsuite/ld-i386/i386.exp
+index 6d794fe..78dad02 100644
+--- a/ld/testsuite/ld-i386/i386.exp
++++ b/ld/testsuite/ld-i386/i386.exp
+@@ -462,6 +462,8 @@ run_dump_test "pr23189"
+ run_dump_test "pr23194"
+ run_dump_test "pr23372a"
+ run_dump_test "pr23372b"
++run_dump_test "pr23486a"
++run_dump_test "pr23486b"
+
+ if { !([istarget "i?86-*-linux*"]
+        || [istarget "i?86-*-gnu*"]
+diff --git a/ld/testsuite/ld-i386/pr23486a.d b/ld/testsuite/ld-i386/pr23486a.d
+new file mode 100644
+index 0000000..41a6dcf
+--- /dev/null
++++ b/ld/testsuite/ld-i386/pr23486a.d
+@@ -0,0 +1,10 @@
++#source: ../ld-x86-64/pr23486a.s
++#source: ../ld-x86-64/pr23486b.s
++#as: --32
++#ld: -r -m elf_i386
++#readelf: -n
++
++Displaying notes found in: .note.gnu.property
++  Owner                 Data size	Description
++  GNU                  0x0000000c	NT_GNU_PROPERTY_TYPE_0
++      Properties: x86 ISA needed: i486, 586
+diff --git a/ld/testsuite/ld-i386/pr23486b.d b/ld/testsuite/ld-i386/pr23486b.d
+new file mode 100644
+index 0000000..08019b7
+--- /dev/null
++++ b/ld/testsuite/ld-i386/pr23486b.d
+@@ -0,0 +1,10 @@
++#source: ../ld-x86-64/pr23486b.s
++#source: ../ld-x86-64/pr23486a.s
++#as: --32
++#ld: -r -m elf_i386
++#readelf: -n
++
++Displaying notes found in: .note.gnu.property
++  Owner                 Data size	Description
++  GNU                  0x0000000c	NT_GNU_PROPERTY_TYPE_0
++      Properties: x86 ISA needed: i486, 586
+diff --git a/ld/testsuite/ld-i386/property-3.r b/ld/testsuite/ld-i386/property-3.r
+index 0ed91f5..d03203c 100644
+--- a/ld/testsuite/ld-i386/property-3.r
++++ b/ld/testsuite/ld-i386/property-3.r
+@@ -3,6 +3,5 @@ Displaying notes found in: .note.gnu.property
+   Owner                 Data size	Description
+   GNU                  0x[0-9a-f]+	NT_GNU_PROPERTY_TYPE_0
+       Properties: stack size: 0x800000
+-	x86 ISA used: 586, SSE
+ 	x86 ISA needed: i486, 586
+ #pass
+diff --git a/ld/testsuite/ld-i386/property-4.r b/ld/testsuite/ld-i386/property-4.r
+index cb2bc15..da295eb 100644
+--- a/ld/testsuite/ld-i386/property-4.r
++++ b/ld/testsuite/ld-i386/property-4.r
+@@ -3,6 +3,5 @@ Displaying notes found in: .note.gnu.property
+   Owner                 Data size	Description
+   GNU                  0x[0-9a-f]+	NT_GNU_PROPERTY_TYPE_0
+       Properties: stack size: 0x800000
+-	x86 ISA used: i486, 586, SSE
+ 	x86 ISA needed: i486, 586, SSE
+ #pass
+diff --git a/ld/testsuite/ld-i386/property-5.r b/ld/testsuite/ld-i386/property-5.r
+index 5529650..e414159 100644
+--- a/ld/testsuite/ld-i386/property-5.r
++++ b/ld/testsuite/ld-i386/property-5.r
+@@ -3,6 +3,5 @@ Displaying notes found in: .note.gnu.property
+   Owner                 Data size	Description
+   GNU                  0x[0-9a-f]+	NT_GNU_PROPERTY_TYPE_0
+       Properties: stack size: 0x900000
+-	x86 ISA used: i486, 586, SSE
+ 	x86 ISA needed: i486, 586, SSE
+ #pass
+diff --git a/ld/testsuite/ld-i386/property-x86-ibt3a.d b/ld/testsuite/ld-i386/property-x86-ibt3a.d
+index 4bb35b0..0aedea1 100644
+--- a/ld/testsuite/ld-i386/property-x86-ibt3a.d
++++ b/ld/testsuite/ld-i386/property-x86-ibt3a.d
+@@ -6,6 +6,5 @@
+
+ Displaying notes found in: .note.gnu.property
+   Owner                 Data size	Description
+-  GNU                  0x00000018	NT_GNU_PROPERTY_TYPE_0
+-      Properties: x86 ISA used: i486, 586, SSE2, SSE3
+-	x86 ISA needed: 586, SSE, SSE3, SSE4_1
++  GNU                  0x0000000c	NT_GNU_PROPERTY_TYPE_0
++      Properties: x86 ISA needed: 586, SSE, SSE3, SSE4_1
+diff --git a/ld/testsuite/ld-i386/property-x86-ibt3b.d b/ld/testsuite/ld-i386/property-x86-ibt3b.d
+index 418d58a..bd69ac6 100644
+--- a/ld/testsuite/ld-i386/property-x86-ibt3b.d
++++ b/ld/testsuite/ld-i386/property-x86-ibt3b.d
+@@ -6,6 +6,5 @@
+
+ Displaying notes found in: .note.gnu.property
+   Owner                 Data size	Description
+-  GNU                  0x00000018	NT_GNU_PROPERTY_TYPE_0
+-      Properties: x86 ISA used: i486, 586, SSE2, SSE3
+-	x86 ISA needed: 586, SSE, SSE3, SSE4_1
++  GNU                  0x0000000c	NT_GNU_PROPERTY_TYPE_0
++      Properties: x86 ISA needed: 586, SSE, SSE3, SSE4_1
+diff --git a/ld/testsuite/ld-i386/property-x86-shstk3a.d b/ld/testsuite/ld-i386/property-x86-shstk3a.d
+index e261038..76d2a39 100644
+--- a/ld/testsuite/ld-i386/property-x86-shstk3a.d
++++ b/ld/testsuite/ld-i386/property-x86-shstk3a.d
+@@ -6,6 +6,5 @@
+
+ Displaying notes found in: .note.gnu.property
+   Owner                 Data size	Description
+-  GNU                  0x00000018	NT_GNU_PROPERTY_TYPE_0
+-      Properties: x86 ISA used: i486, 586, SSE2, SSE3
+-	x86 ISA needed: 586, SSE, SSE3, SSE4_1
++  GNU                  0x0000000c	NT_GNU_PROPERTY_TYPE_0
++      Properties: x86 ISA needed: 586, SSE, SSE3, SSE4_1
+diff --git a/ld/testsuite/ld-i386/property-x86-shstk3b.d b/ld/testsuite/ld-i386/property-x86-shstk3b.d
+index 25f3d23..e770ecf 100644
+--- a/ld/testsuite/ld-i386/property-x86-shstk3b.d
++++ b/ld/testsuite/ld-i386/property-x86-shstk3b.d
+@@ -6,6 +6,5 @@
+
+ Displaying notes found in: .note.gnu.property
+   Owner                 Data size	Description
+-  GNU                  0x00000018	NT_GNU_PROPERTY_TYPE_0
+-      Properties: x86 ISA used: i486, 586, SSE2, SSE3
+-	x86 ISA needed: 586, SSE, SSE3, SSE4_1
++  GNU                  0x0000000c	NT_GNU_PROPERTY_TYPE_0
++      Properties: x86 ISA needed: 586, SSE, SSE3, SSE4_1
+diff --git a/ld/testsuite/ld-x86-64/pr23486a-x32.d b/ld/testsuite/ld-x86-64/pr23486a-x32.d
+new file mode 100644
+index 0000000..6d9fa68
+--- /dev/null
++++ b/ld/testsuite/ld-x86-64/pr23486a-x32.d
+@@ -0,0 +1,10 @@
++#source: pr23486a.s
++#source: pr23486b.s
++#as: --x32
++#ld: -r -m elf32_x86_64
++#readelf: -n
++
++Displaying notes found in: .note.gnu.property
++  Owner                 Data size	Description
++  GNU                  0x0000000c	NT_GNU_PROPERTY_TYPE_0
++      Properties: x86 ISA needed: i486, 586
+diff --git a/ld/testsuite/ld-x86-64/pr23486a.d b/ld/testsuite/ld-x86-64/pr23486a.d
+new file mode 100644
+index 0000000..dc2b7bf
+--- /dev/null
++++ b/ld/testsuite/ld-x86-64/pr23486a.d
+@@ -0,0 +1,10 @@
++#source: pr23486a.s
++#source: pr23486b.s
++#as: --64 -defsym __64_bit__=1
++#ld: -r -m elf_x86_64
++#readelf: -n
++
++Displaying notes found in: .note.gnu.property
++  Owner                 Data size	Description
++  GNU                  0x00000010	NT_GNU_PROPERTY_TYPE_0
++      Properties: x86 ISA needed: i486, 586
+diff --git a/ld/testsuite/ld-x86-64/pr23486a.s b/ld/testsuite/ld-x86-64/pr23486a.s
+new file mode 100644
+index 0000000..a07d0c7
+--- /dev/null
++++ b/ld/testsuite/ld-x86-64/pr23486a.s
+@@ -0,0 +1,30 @@
++	.section ".note.gnu.property", "a"
++.ifdef __64_bit__
++	.p2align 3
++.else
++	.p2align 2
++.endif
++	.long 1f - 0f		/* name length.  */
++	.long 4f - 1f		/* data length.  */
++	/* NT_GNU_PROPERTY_TYPE_0 */
++	.long 5			/* note type.  */
++0:
++	.asciz "GNU"		/* vendor name.  */
++1:
++.ifdef __64_bit__
++	.p2align 3
++.else
++	.p2align 2
++.endif
++	/* GNU_PROPERTY_X86_ISA_1_USED */
++	.long 0xc0000000	/* pr_type.  */
++	.long 3f - 2f		/* pr_datasz.  */
++2:
++	.long 0xa
++3:
++.ifdef __64_bit__
++	.p2align 3
++.else
++	.p2align 2
++.endif
++4:
+diff --git a/ld/testsuite/ld-x86-64/pr23486b-x32.d b/ld/testsuite/ld-x86-64/pr23486b-x32.d
+new file mode 100644
+index 0000000..0445e69
+--- /dev/null
++++ b/ld/testsuite/ld-x86-64/pr23486b-x32.d
+@@ -0,0 +1,10 @@
++#source: pr23486b.s
++#source: pr23486a.s
++#as: --x32
++#ld: -r -m elf32_x86_64
++#readelf: -n
++
++Displaying notes found in: .note.gnu.property
++  Owner                 Data size	Description
++  GNU                  0x0000000c	NT_GNU_PROPERTY_TYPE_0
++      Properties: x86 ISA needed: i486, 586
+diff --git a/ld/testsuite/ld-x86-64/pr23486b.d b/ld/testsuite/ld-x86-64/pr23486b.d
+new file mode 100644
+index 0000000..dc2b7bf
+--- /dev/null
++++ b/ld/testsuite/ld-x86-64/pr23486b.d
+@@ -0,0 +1,10 @@
++#source: pr23486a.s
++#source: pr23486b.s
++#as: --64 -defsym __64_bit__=1
++#ld: -r -m elf_x86_64
++#readelf: -n
++
++Displaying notes found in: .note.gnu.property
++  Owner                 Data size	Description
++  GNU                  0x00000010	NT_GNU_PROPERTY_TYPE_0
++      Properties: x86 ISA needed: i486, 586
+diff --git a/ld/testsuite/ld-x86-64/pr23486b.s b/ld/testsuite/ld-x86-64/pr23486b.s
+new file mode 100644
+index 0000000..c5167ee
+--- /dev/null
++++ b/ld/testsuite/ld-x86-64/pr23486b.s
+@@ -0,0 +1,30 @@
++	.section ".note.gnu.property", "a"
++.ifdef __64_bit__
++	.p2align 3
++.else
++	.p2align 2
++.endif
++	.long 1f - 0f		/* name length.  */
++	.long 4f - 1f		/* data length.  */
++	/* NT_GNU_PROPERTY_TYPE_0 */
++	.long 5			/* note type.  */
++0:
++	.asciz "GNU"		/* vendor name.  */
++1:
++.ifdef __64_bit__
++	.p2align 3
++.else
++	.p2align 2
++.endif
++	/* GNU_PROPERTY_X86_ISA_1_NEEDED */
++	.long 0xc0000001	/* pr_type.  */
++	.long 3f - 2f		/* pr_datasz.  */
++2:
++	.long 0x3
++3:
++.ifdef __64_bit__
++	.p2align 3
++.else
++	.p2align 2
++.endif
++4:
+diff --git a/ld/testsuite/ld-x86-64/property-3.r b/ld/testsuite/ld-x86-64/property-3.r
+index 0ed91f5..d03203c 100644
+--- a/ld/testsuite/ld-x86-64/property-3.r
++++ b/ld/testsuite/ld-x86-64/property-3.r
+@@ -3,6 +3,5 @@ Displaying notes found in: .note.gnu.property
+   Owner                 Data size	Description
+   GNU                  0x[0-9a-f]+	NT_GNU_PROPERTY_TYPE_0
+       Properties: stack size: 0x800000
+-	x86 ISA used: 586, SSE
+ 	x86 ISA needed: i486, 586
+ #pass
+diff --git a/ld/testsuite/ld-x86-64/property-4.r b/ld/testsuite/ld-x86-64/property-4.r
+index cb2bc15..da295eb 100644
+--- a/ld/testsuite/ld-x86-64/property-4.r
++++ b/ld/testsuite/ld-x86-64/property-4.r
+@@ -3,6 +3,5 @@ Displaying notes found in: .note.gnu.property
+   Owner                 Data size	Description
+   GNU                  0x[0-9a-f]+	NT_GNU_PROPERTY_TYPE_0
+       Properties: stack size: 0x800000
+-	x86 ISA used: i486, 586, SSE
+ 	x86 ISA needed: i486, 586, SSE
+ #pass
+diff --git a/ld/testsuite/ld-x86-64/property-5.r b/ld/testsuite/ld-x86-64/property-5.r
+index 5529650..e414159 100644
+--- a/ld/testsuite/ld-x86-64/property-5.r
++++ b/ld/testsuite/ld-x86-64/property-5.r
+@@ -3,6 +3,5 @@ Displaying notes found in: .note.gnu.property
+   Owner                 Data size	Description
+   GNU                  0x[0-9a-f]+	NT_GNU_PROPERTY_TYPE_0
+       Properties: stack size: 0x900000
+-	x86 ISA used: i486, 586, SSE
+ 	x86 ISA needed: i486, 586, SSE
+ #pass
+diff --git a/ld/testsuite/ld-x86-64/property-x86-ibt3a-x32.d b/ld/testsuite/ld-x86-64/property-x86-ibt3a-x32.d
+index 011426f..4cec728 100644
+--- a/ld/testsuite/ld-x86-64/property-x86-ibt3a-x32.d
++++ b/ld/testsuite/ld-x86-64/property-x86-ibt3a-x32.d
+@@ -6,6 +6,5 @@
+
+ Displaying notes found in: .note.gnu.property
+   Owner                 Data size	Description
+-  GNU                  0x00000018	NT_GNU_PROPERTY_TYPE_0
+-      Properties: x86 ISA used: 586, SSE, SSE3, SSE4_1
+-	x86 ISA needed: i486, 586, SSE2, SSE3
++  GNU                  0x0000000c	NT_GNU_PROPERTY_TYPE_0
++      Properties: x86 ISA needed: i486, 586, SSE2, SSE3
+diff --git a/ld/testsuite/ld-x86-64/property-x86-ibt3a.d b/ld/testsuite/ld-x86-64/property-x86-ibt3a.d
+index 1b4229a..a8df49a 100644
+--- a/ld/testsuite/ld-x86-64/property-x86-ibt3a.d
++++ b/ld/testsuite/ld-x86-64/property-x86-ibt3a.d
+@@ -6,6 +6,5 @@
+
+ Displaying notes found in: .note.gnu.property
+   Owner                 Data size	Description
+-  GNU                  0x00000020	NT_GNU_PROPERTY_TYPE_0
+-      Properties: x86 ISA used: 586, SSE, SSE3, SSE4_1
+-	x86 ISA needed: i486, 586, SSE2, SSE3
++  GNU                  0x00000010	NT_GNU_PROPERTY_TYPE_0
++      Properties: x86 ISA needed: i486, 586, SSE2, SSE3
+diff --git a/ld/testsuite/ld-x86-64/property-x86-ibt3b-x32.d b/ld/testsuite/ld-x86-64/property-x86-ibt3b-x32.d
+index 290ed6a..c112626 100644
+--- a/ld/testsuite/ld-x86-64/property-x86-ibt3b-x32.d
++++ b/ld/testsuite/ld-x86-64/property-x86-ibt3b-x32.d
+@@ -6,6 +6,5 @@
+
+ Displaying notes found in: .note.gnu.property
+   Owner                 Data size	Description
+-  GNU                  0x00000018	NT_GNU_PROPERTY_TYPE_0
+-      Properties: x86 ISA used: 586, SSE, SSE3, SSE4_1
+-	x86 ISA needed: i486, 586, SSE2, SSE3
++  GNU                  0x0000000c	NT_GNU_PROPERTY_TYPE_0
++      Properties: x86 ISA needed: i486, 586, SSE2, SSE3
+diff --git a/ld/testsuite/ld-x86-64/property-x86-ibt3b.d b/ld/testsuite/ld-x86-64/property-x86-ibt3b.d
+index 1142e03..f10dffd 100644
+--- a/ld/testsuite/ld-x86-64/property-x86-ibt3b.d
++++ b/ld/testsuite/ld-x86-64/property-x86-ibt3b.d
+@@ -6,6 +6,5 @@
+
+ Displaying notes found in: .note.gnu.property
+   Owner                 Data size	Description
+-  GNU                  0x00000020	NT_GNU_PROPERTY_TYPE_0
+-      Properties: x86 ISA used: 586, SSE, SSE3, SSE4_1
+-	x86 ISA needed: i486, 586, SSE2, SSE3
++  GNU                  0x00000010	NT_GNU_PROPERTY_TYPE_0
++      Properties: x86 ISA needed: i486, 586, SSE2, SSE3
+diff --git a/ld/testsuite/ld-x86-64/property-x86-shstk3a-x32.d b/ld/testsuite/ld-x86-64/property-x86-shstk3a-x32.d
+index 819542d..0147a3c 100644
+--- a/ld/testsuite/ld-x86-64/property-x86-shstk3a-x32.d
++++ b/ld/testsuite/ld-x86-64/property-x86-shstk3a-x32.d
+@@ -6,6 +6,5 @@
+
+ Displaying notes found in: .note.gnu.property
+   Owner                 Data size	Description
+-  GNU                  0x00000018	NT_GNU_PROPERTY_TYPE_0
+-      Properties: x86 ISA used: 586, SSE, SSE3, SSE4_1
+-	x86 ISA needed: i486, 586, SSE2, SSE3
++  GNU                  0x0000000c	NT_GNU_PROPERTY_TYPE_0
++      Properties: x86 ISA needed: i486, 586, SSE2, SSE3
+diff --git a/ld/testsuite/ld-x86-64/property-x86-shstk3a.d b/ld/testsuite/ld-x86-64/property-x86-shstk3a.d
+index 4c5d0e0..1f8c2dc 100644
+--- a/ld/testsuite/ld-x86-64/property-x86-shstk3a.d
++++ b/ld/testsuite/ld-x86-64/property-x86-shstk3a.d
+@@ -6,6 +6,5 @@
+
+ Displaying notes found in: .note.gnu.property
+   Owner                 Data size	Description
+-  GNU                  0x00000020	NT_GNU_PROPERTY_TYPE_0
+-      Properties: x86 ISA used: 586, SSE, SSE3, SSE4_1
+-	x86 ISA needed: i486, 586, SSE2, SSE3
++  GNU                  0x00000010	NT_GNU_PROPERTY_TYPE_0
++      Properties: x86 ISA needed: i486, 586, SSE2, SSE3
+diff --git a/ld/testsuite/ld-x86-64/property-x86-shstk3b-x32.d b/ld/testsuite/ld-x86-64/property-x86-shstk3b-x32.d
+index ba181e0..7ca2539 100644
+--- a/ld/testsuite/ld-x86-64/property-x86-shstk3b-x32.d
++++ b/ld/testsuite/ld-x86-64/property-x86-shstk3b-x32.d
+@@ -6,6 +6,5 @@
+
+ Displaying notes found in: .note.gnu.property
+   Owner                 Data size	Description
+-  GNU                  0x00000018	NT_GNU_PROPERTY_TYPE_0
+-      Properties: x86 ISA used: 586, SSE, SSE3, SSE4_1
+-	x86 ISA needed: i486, 586, SSE2, SSE3
++  GNU                  0x0000000c	NT_GNU_PROPERTY_TYPE_0
++      Properties: x86 ISA needed: i486, 586, SSE2, SSE3
+diff --git a/ld/testsuite/ld-x86-64/property-x86-shstk3b.d b/ld/testsuite/ld-x86-64/property-x86-shstk3b.d
+index 5216f38..f66a40e 100644
+--- a/ld/testsuite/ld-x86-64/property-x86-shstk3b.d
++++ b/ld/testsuite/ld-x86-64/property-x86-shstk3b.d
+@@ -6,6 +6,5 @@
+
+ Displaying notes found in: .note.gnu.property
+   Owner                 Data size	Description
+-  GNU                  0x00000020	NT_GNU_PROPERTY_TYPE_0
+-      Properties: x86 ISA used: 586, SSE, SSE3, SSE4_1
+-	x86 ISA needed: i486, 586, SSE2, SSE3
++  GNU                  0x00000010	NT_GNU_PROPERTY_TYPE_0
++      Properties: x86 ISA needed: i486, 586, SSE2, SSE3
+diff --git a/ld/testsuite/ld-x86-64/x86-64.exp b/ld/testsuite/ld-x86-64/x86-64.exp
+index 6edb9e8..ae21e55 100644
+--- a/ld/testsuite/ld-x86-64/x86-64.exp
++++ b/ld/testsuite/ld-x86-64/x86-64.exp
+@@ -403,6 +403,10 @@ run_dump_test "pr23372a"
+ run_dump_test "pr23372a-x32"
+ run_dump_test "pr23372b"
+ run_dump_test "pr23372b-x32"
++run_dump_test "pr23486a"
++run_dump_test "pr23486a-x32"
++run_dump_test "pr23486b"
++run_dump_test "pr23486b-x32"
+
+ if { ![istarget "x86_64-*-linux*"] && ![istarget "x86_64-*-nacl*"]} {
+     return
+--
+2.9.3
+

package/binutils/2.31.1/0014-x86-Properly-add-X86_ISA_1_NEEDED-property.patch

@@ -0,0 +1,140 @@
+From 28a27bdbb9500797e6767f80c8128b09112aeed5 Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Sat, 11 Aug 2018 06:41:33 -0700
+Subject: [PATCH] x86: Properly add X86_ISA_1_NEEDED property
+
+Existing properties may be removed during property merging.  We avoid
+adding X86_ISA_1_NEEDED property only if existing properties won't be
+removed.
+
+bfd/
+
+	PR ld/23428
+	* elfxx-x86.c (_bfd_x86_elf_link_setup_gnu_properties): Don't
+	add X86_ISA_1_NEEDED property only if existing properties won't
+	be removed.
+
+ld/
+
+	PR ld/23428
+	* testsuite/ld-elf/dummy.s: New file.
+	* testsuite/ld-elf/linux-x86.S: Add X86_FEATURE_1_AND property.
+	* testsuite/ld-elf/linux-x86.exp: Add dummy.s to pr23428.
+
+(cherry picked from commit ab9e342807d132182892de1be1a92d6e91a5c1da)
+Signed-off-by: Norbert Lange <nolange79@gmail.com>
+---
+ bfd/ChangeLog                     |  7 +++++++
+ bfd/elfxx-x86.c                   | 28 ++++++++++++++++++++++------
+ ld/ChangeLog                      |  7 +++++++
+ ld/testsuite/ld-elf/dummy.s       |  1 +
+ ld/testsuite/ld-elf/linux-x86.S   | 28 ++++++++++++++++++++++++++++
+ ld/testsuite/ld-elf/linux-x86.exp |  2 +-
+ 6 files changed, 66 insertions(+), 7 deletions(-)
+ create mode 100644 ld/testsuite/ld-elf/dummy.s
+
+diff --git a/bfd/elfxx-x86.c b/bfd/elfxx-x86.c
+index 7ccfd25..2d8f7b6 100644
+--- a/bfd/elfxx-x86.c
++++ b/bfd/elfxx-x86.c
+@@ -2588,7 +2588,6 @@ _bfd_x86_elf_link_setup_gnu_properties
+ 	  prop->pr_kind = property_number;
+ 	}
+       else if (has_text
+-	       && elf_properties (ebfd) == NULL
+ 	       && elf_tdata (info->output_bfd)->o->build_id.sec == NULL
+ 	       && !htab->elf.dynamic_sections_created
+ 	       && !info->traditional_format
+@@ -2598,11 +2597,28 @@ _bfd_x86_elf_link_setup_gnu_properties
+ 	  /* If the separate code program header is needed, make sure
+ 	     that the first read-only PT_LOAD segment has no code by
+ 	     adding a GNU_PROPERTY_X86_ISA_1_NEEDED note.  */
+-	  prop = _bfd_elf_get_property (ebfd,
+-					GNU_PROPERTY_X86_ISA_1_NEEDED,
+-					4);
+-	  prop->u.number = GNU_PROPERTY_X86_ISA_1_486;
+-	  prop->pr_kind = property_number;
++	  elf_property_list *list;
++	  bfd_boolean need_property = TRUE;
++
++	  for (list = elf_properties (ebfd); list; list = list->next)
++	    switch (list->property.pr_type)
++	      {
++	      case GNU_PROPERTY_STACK_SIZE:
++	      case GNU_PROPERTY_NO_COPY_ON_PROTECTED:
++	      case GNU_PROPERTY_X86_ISA_1_NEEDED:
++		/* These properties won't be removed during merging.  */
++		need_property = FALSE;
++		break;
++	      }
++
++	  if (need_property)
++	    {
++	      prop = _bfd_elf_get_property (ebfd,
++					    GNU_PROPERTY_X86_ISA_1_NEEDED,
++					    4);
++	      prop->u.number = GNU_PROPERTY_X86_ISA_1_486;
++	      prop->pr_kind = property_number;
++	    }
+ 	}
+
+       /* Create the GNU property note section if needed.  */
+diff --git a/ld/testsuite/ld-elf/dummy.s b/ld/testsuite/ld-elf/dummy.s
+new file mode 100644
+index 0000000..403f980
+--- /dev/null
++++ b/ld/testsuite/ld-elf/dummy.s
+@@ -0,0 +1 @@
++# Dummy
+diff --git a/ld/testsuite/ld-elf/linux-x86.S b/ld/testsuite/ld-elf/linux-x86.S
+index bdf40c6..d94abc1 100644
+--- a/ld/testsuite/ld-elf/linux-x86.S
++++ b/ld/testsuite/ld-elf/linux-x86.S
+@@ -61,3 +61,31 @@ syscall:
+ 	ret			/* Return to caller.  */
+ 	.size syscall, .-syscall
+ 	.section .note.GNU-stack,"",@progbits
++
++	.section ".note.gnu.property", "a"
++#ifdef __LP64__
++	.p2align 3
++#else
++	.p2align 2
++#endif
++	.long 1f - 0f		/* name length */
++	.long 5f - 2f		/* data length */
++	.long 5			/* note type */
++0:	.asciz "GNU"		/* vendor name */
++1:
++#ifdef __LP64__
++	.p2align 3
++#else
++	.p2align 2
++#endif
++2:	.long 0xc0000002	/* pr_type.  */
++	.long 4f - 3f		/* pr_datasz.  */
++3:
++	.long 0x2
++4:
++#ifdef __LP64__
++	.p2align 3
++#else
++	.p2align 2
++#endif
++5:
+diff --git a/ld/testsuite/ld-elf/linux-x86.exp b/ld/testsuite/ld-elf/linux-x86.exp
+index 36217c6..f6f5a80 100644
+--- a/ld/testsuite/ld-elf/linux-x86.exp
++++ b/ld/testsuite/ld-elf/linux-x86.exp
+@@ -37,7 +37,7 @@ run_ld_link_exec_tests [list \
+ 	"Run PR ld/23428 test" \
+ 	"--no-dynamic-linker -z separate-code" \
+ 	"" \
+-	{ linux-x86.S pr23428.c } \
++	{ linux-x86.S pr23428.c dummy.s } \
+ 	"pr23428" \
+ 	"pass.out" \
+ 	"$NOPIE_CFLAGS -fno-asynchronous-unwind-tables" \
+--
+2.9.3
+

package/botan/botan.mk

@@ -17,9 +17,16 @@ BOTAN_CONF_OPTS = \
 	--os=linux \
 	--cc=gcc \
 	--cc-bin="$(TARGET_CXX)" \
+	--ldflags="$(BOTAN_LDFLAGS)" \
 	--prefix=/usr \
 	--without-documentation
 
+BOTAN_LDFLAGS = $(TARGET_LDFLAGS)
+
+ifeq ($(BR2_TOOLCHAIN_HAS_LIBATOMIC),y)
+BOTAN_LDFLAGS += -latomic
+endif
+
 ifeq ($(BR2_SHARED_LIBS),y)
 BOTAN_CONF_OPTS += \
 	--disable-static-library \

package/busybox/0004-udhcpc-check-that-4-byte-options-are-indeed-4-byte-closes-11506.patch

@@ -0,0 +1,137 @@
+From 6d3b4bb24da9a07c263f3c1acf8df85382ff562c Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Mon, 17 Dec 2018 18:07:18 +0100
+Subject: udhcpc: check that 4-byte options are indeed 4-byte, closes 11506
+
+function                                             old     new   delta
+udhcp_get_option32                                     -      27     +27
+udhcp_get_option                                     231     248     +17
+------------------------------------------------------------------------------
+(add/remove: 1/0 grow/shrink: 1/0 up/down: 44/0)               Total: 44 bytes
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
+---
+ networking/udhcp/common.c | 19 +++++++++++++++++++
+ networking/udhcp/common.h |  4 ++++
+ networking/udhcp/dhcpc.c  |  6 +++---
+ networking/udhcp/dhcpd.c  |  6 +++---
+ 4 files changed, 29 insertions(+), 6 deletions(-)
+
+diff --git a/networking/udhcp/common.c b/networking/udhcp/common.c
+index e5fd74f91..41b05b855 100644
+--- a/networking/udhcp/common.c
++++ b/networking/udhcp/common.c
+@@ -272,6 +272,15 @@ uint8_t* FAST_FUNC udhcp_get_option(struct dhcp_packet *packet, int code)
+ 			goto complain; /* complain and return NULL */
+ 
+ 		if (optionptr[OPT_CODE] == code) {
++			if (optionptr[OPT_LEN] == 0) {
++				/* So far no valid option with length 0 known.
++				 * Having this check means that searching
++				 * for DHCP_MESSAGE_TYPE need not worry
++				 * that returned pointer might be unsafe
++				 * to dereference.
++				 */
++				goto complain; /* complain and return NULL */
++			}
+ 			log_option("option found", optionptr);
+ 			return optionptr + OPT_DATA;
+ 		}
+@@ -289,6 +298,16 @@ uint8_t* FAST_FUNC udhcp_get_option(struct dhcp_packet *packet, int code)
+ 	return NULL;
+ }
+ 
++uint8_t* FAST_FUNC udhcp_get_option32(struct dhcp_packet *packet, int code)
++{
++	uint8_t *r = udhcp_get_option(packet, code);
++	if (r) {
++		if (r[-1] != 4)
++			r = NULL;
++	}
++	return r;
++}
++
+ /* Return the position of the 'end' option (no bounds checking) */
+ int FAST_FUNC udhcp_end_option(uint8_t *optionptr)
+ {
+diff --git a/networking/udhcp/common.h b/networking/udhcp/common.h
+index 7ad603d33..9511152ff 100644
+--- a/networking/udhcp/common.h
++++ b/networking/udhcp/common.h
+@@ -205,6 +205,10 @@ extern const uint8_t dhcp_option_lengths[] ALIGN1;
+ unsigned FAST_FUNC udhcp_option_idx(const char *name, const char *option_strings);
+ 
+ uint8_t *udhcp_get_option(struct dhcp_packet *packet, int code) FAST_FUNC;
++/* Same as above + ensures that option length is 4 bytes
++ * (returns NULL if size is different)
++ */
++uint8_t *udhcp_get_option32(struct dhcp_packet *packet, int code) FAST_FUNC;
+ int udhcp_end_option(uint8_t *optionptr) FAST_FUNC;
+ void udhcp_add_binary_option(struct dhcp_packet *packet, uint8_t *addopt) FAST_FUNC;
+ #if ENABLE_UDHCPC || ENABLE_UDHCPD
+diff --git a/networking/udhcp/dhcpc.c b/networking/udhcp/dhcpc.c
+index 4b23e4d39..5b3fd531c 100644
+--- a/networking/udhcp/dhcpc.c
++++ b/networking/udhcp/dhcpc.c
+@@ -1691,7 +1691,7 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
+  * They say ISC DHCP client supports this case.
+  */
+ 				server_addr = 0;
+-				temp = udhcp_get_option(&packet, DHCP_SERVER_ID);
++				temp = udhcp_get_option32(&packet, DHCP_SERVER_ID);
+ 				if (!temp) {
+ 					bb_error_msg("no server ID, using 0.0.0.0");
+ 				} else {
+@@ -1718,7 +1718,7 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
+ 				struct in_addr temp_addr;
+ 				uint8_t *temp;
+ 
+-				temp = udhcp_get_option(&packet, DHCP_LEASE_TIME);
++				temp = udhcp_get_option32(&packet, DHCP_LEASE_TIME);
+ 				if (!temp) {
+ 					bb_error_msg("no lease time with ACK, using 1 hour lease");
+ 					lease_seconds = 60 * 60;
+@@ -1813,7 +1813,7 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
+ 					uint32_t svid;
+ 					uint8_t *temp;
+ 
+-					temp = udhcp_get_option(&packet, DHCP_SERVER_ID);
++					temp = udhcp_get_option32(&packet, DHCP_SERVER_ID);
+ 					if (!temp) {
+  non_matching_svid:
+ 						log1("received DHCP NAK with wrong"
+diff --git a/networking/udhcp/dhcpd.c b/networking/udhcp/dhcpd.c
+index a8cd3f03b..477856d11 100644
+--- a/networking/udhcp/dhcpd.c
++++ b/networking/udhcp/dhcpd.c
+@@ -640,7 +640,7 @@ static void add_server_options(struct dhcp_packet *packet)
+ static uint32_t select_lease_time(struct dhcp_packet *packet)
+ {
+ 	uint32_t lease_time_sec = server_config.max_lease_sec;
+-	uint8_t *lease_time_opt = udhcp_get_option(packet, DHCP_LEASE_TIME);
++	uint8_t *lease_time_opt = udhcp_get_option32(packet, DHCP_LEASE_TIME);
+ 	if (lease_time_opt) {
+ 		move_from_unaligned32(lease_time_sec, lease_time_opt);
+ 		lease_time_sec = ntohl(lease_time_sec);
+@@ -987,7 +987,7 @@ int udhcpd_main(int argc UNUSED_PARAM, char **argv)
+ 		}
+ 
+ 		/* Get SERVER_ID if present */
+-		server_id_opt = udhcp_get_option(&packet, DHCP_SERVER_ID);
++		server_id_opt = udhcp_get_option32(&packet, DHCP_SERVER_ID);
+ 		if (server_id_opt) {
+ 			uint32_t server_id_network_order;
+ 			move_from_unaligned32(server_id_network_order, server_id_opt);
+@@ -1011,7 +1011,7 @@ int udhcpd_main(int argc UNUSED_PARAM, char **argv)
+ 		}
+ 
+ 		/* Get REQUESTED_IP if present */
+-		requested_ip_opt = udhcp_get_option(&packet, DHCP_REQUESTED_IP);
++		requested_ip_opt = udhcp_get_option32(&packet, DHCP_REQUESTED_IP);
+ 		if (requested_ip_opt) {
+ 			move_from_unaligned32(requested_nip, requested_ip_opt);
+ 		}
+-- 
+cgit v1.2.1
+

package/busybox/0005-udhcpc-when-decoding-DHCP_SUBNET-ensure-it-is-4-bytes-long.patch

@@ -0,0 +1,58 @@
+From 74d9f1ba37010face4bd1449df4d60dd84450b06 Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Mon, 7 Jan 2019 15:33:42 +0100
+Subject: udhcpc: when decoding DHCP_SUBNET, ensure it is 4 bytes long
+
+function                                             old     new   delta
+udhcp_run_script                                     795     801      +6
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
+---
+ networking/udhcp/common.c | 2 +-
+ networking/udhcp/common.h | 2 +-
+ networking/udhcp/dhcpc.c  | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/networking/udhcp/common.c b/networking/udhcp/common.c
+index 4c2221b77..fc4de5716 100644
+--- a/networking/udhcp/common.c
++++ b/networking/udhcp/common.c
+@@ -302,7 +302,7 @@ uint8_t* FAST_FUNC udhcp_get_option32(struct dhcp_packet *packet, int code)
+ {
+ 	uint8_t *r = udhcp_get_option(packet, code);
+ 	if (r) {
+-		if (r[-1] != 4)
++		if (r[-OPT_DATA + OPT_LEN] != 4)
+ 			r = NULL;
+ 	}
+ 	return r;
+diff --git a/networking/udhcp/common.h b/networking/udhcp/common.h
+index 9511152ff..62f9a2a4a 100644
+--- a/networking/udhcp/common.h
++++ b/networking/udhcp/common.h
+@@ -119,7 +119,7 @@ enum {
+ //#define DHCP_TIME_SERVER      0x04 /* RFC 868 time server (32-bit, 0 = 1.1.1900) */
+ //#define DHCP_NAME_SERVER      0x05 /* IEN 116 _really_ ancient kind of NS */
+ //#define DHCP_DNS_SERVER       0x06
+-//#define DHCP_LOG_SERVER       0x07 /* port 704 UDP log (not syslog)
++//#define DHCP_LOG_SERVER       0x07 /* port 704 UDP log (not syslog) */
+ //#define DHCP_COOKIE_SERVER    0x08 /* "quote of the day" server */
+ //#define DHCP_LPR_SERVER       0x09
+ #define DHCP_HOST_NAME          0x0c /* 12: either client informs server or server gives name to client */
+diff --git a/networking/udhcp/dhcpc.c b/networking/udhcp/dhcpc.c
+index 5b3fd531c..dcec8cdfd 100644
+--- a/networking/udhcp/dhcpc.c
++++ b/networking/udhcp/dhcpc.c
+@@ -531,7 +531,7 @@ static char **fill_envp(struct dhcp_packet *packet)
+ 		temp = udhcp_get_option(packet, code);
+ 		*curr = xmalloc_optname_optval(temp, &dhcp_optflags[i], opt_name);
+ 		putenv(*curr++);
+-		if (code == DHCP_SUBNET) {
++		if (code == DHCP_SUBNET && temp[-OPT_DATA + OPT_LEN] == 4) {
+ 			/* Subnet option: make things like "$ip/$mask" possible */
+ 			uint32_t subnet;
+ 			move_from_unaligned32(subnet, temp);
+-- 
+cgit v1.2.1
+

package/clamav/0003-m4-reorganization-libs-curl.m4-fix-curl-config-detec.patch

@@ -1,75 +0,0 @@
-From 6b6ff53b5931c162be13504a1efc53fc5212f9d1 Mon Sep 17 00:00:00 2001
-From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
-Date: Mon, 7 May 2018 22:57:34 +0200
-Subject: [PATCH] m4/reorganization/libs/curl.m4: fix curl-config detection
- logic
-
-The current logic in curl.m4 doesn't behave properly when
---without-libcurl is passed to the ./configure script.
-
-Indeed, in this case what happens is that:
-
- (1) Since --without-libcurl is passed, LIBCURL_HOME is set to nothing
-
- (2) find_curl is set to "no"
-
- (3) Due to find_curl being "no", LIBCURL_HOME is not set to
-     /usr/local and remains empty
-
- (4) We test if $LIBCURL_HOME/bin/curl_config exists, which is
-     equivalent to testing if /bin/curl-config exists. So curl.m4 is
-     looking at /bin/curl-config, which is irrelevant in a
-     cross-compilation context: it is not because the build machine
-     has libcurl installed that it is available for the target.
-
-     Due to this mistake, it sets have_curl="yes"
-
-Due to this, the ./configure script assumes it can build the
-clamsubmit program, which fails at build time because curl/curl.h
-doesn't exist.
-
-To fix this, this commit rewrites the curl-config detection logic with
-a simpler loop. If find_curl=yes, it means we have to find libcurl
-ourselves, so we iterate over /usr/local and /usr, and check if a
-bin/curl-config binary is available there. If so, we use this path as
-LIBCURL_HOME and set have_curl="yes".
-
-This preserves the existing behavior, while fixing the situation where
---without-libcurl is passed, but /bin/curl-config exists.
-
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
-Upstream-status: https://github.com/Cisco-Talos/clamav-devel/pull/87
----
- m4/reorganization/libs/curl.m4 | 15 +++++----------
- 1 file changed, 5 insertions(+), 10 deletions(-)
-
-diff --git a/m4/reorganization/libs/curl.m4 b/m4/reorganization/libs/curl.m4
-index 2a5966ee7..b6a9c2137 100644
---- a/m4/reorganization/libs/curl.m4
-+++ b/m4/reorganization/libs/curl.m4
-@@ -19,17 +19,12 @@ fi
- [find_curl="yes"])
- 
- if test "X$find_curl" = "Xyes"; then
--    LIBCURL_HOME=/usr/local
--fi
--if test -f "$LIBCURL_HOME/bin/curl-config"; then
--    have_curl="yes"
--else
--    if test "X$find_curl" = "Xyes"; then
--        LIBCURL_HOME=/usr
--        if test -f "$LIBCURL_HOME/bin/curl-config"; then
--            have_curl="yes"
-+    for p in /usr/local /usr ; do
-+        if test -f "${p}/bin/curl-config"; then
-+           LIBCURL_HOME=$p
-+           have_curl="yes"
-         fi
--    fi
-+    done
- fi
- 
- if test "X$have_curl" = "Xyes"; then
--- 
-2.14.3
-

package/clamav/Config.in

@@ -1,7 +1,9 @@
 config BR2_PACKAGE_CLAMAV
 	bool "clamav"
+	depends on BR2_INSTALL_LIBSTDCPP
 	depends on BR2_TOOLCHAIN_HAS_THREADS
 	depends on BR2_USE_MMU # fork()
+	depends on BR2_USE_WCHAR
 	select BR2_PACKAGE_LIBTOOL
 	select BR2_PACKAGE_OPENSSL
 	select BR2_PACKAGE_ZLIB
@@ -11,6 +13,7 @@ config BR2_PACKAGE_CLAMAV
 
 	  http://www.clamav.net
 
-comment "clamav needs a toolchain w/ threads"
-	depends on !BR2_TOOLCHAIN_HAS_THREADS
+comment "clamav needs a toolchain w/ C++, threads, wchar"
+	depends on !BR2_INSTALL_LIBSTDCPP \
+		|| !BR2_TOOLCHAIN_HAS_THREADS || !BR2_USE_WCHAR
 	depends on BR2_USE_MMU

package/clamav/clamav.hash

@@ -1,5 +1,5 @@
 # Locally calculated
-sha256 4a2e4f0cd41e62adb5a713b4a1857c49145cd09a69957e6d946ecad575206dd6  clamav-0.100.2.tar.gz
+sha256 0a12ebdf6ff7a74c0bde2bdc2b55cae33449e6dd953ec90824a9e01291277634  clamav-0.101.2.tar.gz
 sha256 0c4fd2fa9733fc9122503797648710851e4ee6d9e4969dd33fcbd8c63cd2f584  COPYING
 sha256 d72a145c90918184a05ef65a04c9e6f7466faa59bc1b82c8f6a8ddc7ddcb9bed  COPYING.bzip2
 sha256 dfb818a0d41411c6fb1c193c68b73018ceadd1994bda41ad541cbff292894bc6  COPYING.file

package/clamav/clamav.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-CLAMAV_VERSION = 0.100.2
+CLAMAV_VERSION = 0.101.2
 CLAMAV_SITE = https://www.clamav.net/downloads/production
 CLAMAV_LICENSE = GPL-2.0
 CLAMAV_LICENSE_FILES = COPYING COPYING.bzip2 COPYING.file COPYING.getopt \
@@ -16,14 +16,16 @@ CLAMAV_DEPENDENCIES = \
 	openssl \
 	zlib \
 	$(TARGET_NLS_DEPENDENCIES)
-# 0003-m4-reorganization-libs-curl.m4-fix-curl-config-detec.patch
-CLAMAV_AUTORECONF = YES
 
 # mmap cannot be detected when cross-compiling, needed for mempool support
 CLAMAV_CONF_ENV = \
 	ac_cv_c_mmap_private=yes \
 	have_cv_ipv6=yes
 
+ifeq ($(BR2_TOOLCHAIN_HAS_LIBATOMIC),y)
+CLAMAV_CONF_ENV += LIBS=-latomic
+endif
+
 # UCLIBC_HAS_FTS is disabled, therefore disable fanotify (missing fts.h)
 CLAMAV_CONF_OPTS = \
 	--with-dbdir=/var/lib/clamav \

package/cups/0005-Fix-builds-without-PAM-Issue-5283.patch

@@ -1,189 +0,0 @@
-From 570933a6a3597371bae1beeb754ee8711d6305ab Mon Sep 17 00:00:00 2001
-From: Michael R Sweet <michael.r.sweet@gmail.com>
-Date: Mon, 2 Apr 2018 20:05:13 -0400
-Subject: [PATCH] Fix builds without PAM (Issue #5283)
-
-[baruch: drop CHANGES.md hunk]
-Signed-off-by: Baruch Siach <baruch@tkos.co.il>
----
-Upstream status: commit 570933a6a3
-
- CHANGES.md       |   8 ++-
- scheduler/auth.c | 134 ++---------------------------------------------
- 2 files changed, 11 insertions(+), 131 deletions(-)
-
-diff --git a/scheduler/auth.c b/scheduler/auth.c
-index 8b134b5d7257..fa4e2715de34 100644
---- a/scheduler/auth.c
-+++ b/scheduler/auth.c
-@@ -1,8 +1,8 @@
- /*
-  * Authorization routines for the CUPS scheduler.
-  *
-- * Copyright 2007-2016 by Apple Inc.
-- * Copyright 1997-2007 by Easy Software Products, all rights reserved.
-+ * Copyright © 2007-2018 by Apple Inc.
-+ * Copyright © 1997-2007 by Easy Software Products, all rights reserved.
-  *
-  * This file contains Kerberos support code, copyright 2006 by
-  * Jelmer Vernooij.
-@@ -71,9 +71,6 @@ static int		check_authref(cupsd_client_t *con, const char *right);
- static int		compare_locations(cupsd_location_t *a,
- 			                  cupsd_location_t *b);
- static cupsd_authmask_t	*copy_authmask(cupsd_authmask_t *am, void *data);
--#if !HAVE_LIBPAM
--static char		*cups_crypt(const char *pw, const char *salt);
--#endif /* !HAVE_LIBPAM */
- static void		free_authmask(cupsd_authmask_t *am, void *data);
- #if HAVE_LIBPAM
- static int		pam_func(int, const struct pam_message **,
-@@ -694,14 +691,14 @@ cupsdAuthorize(cupsd_client_t *con)	/* I - Client connection */
- 	    * client...
- 	    */
- 
--	    pass = cups_crypt(password, pw->pw_passwd);
-+	    pass = crypt(password, pw->pw_passwd);
- 
- 	    if (!pass || strcmp(pw->pw_passwd, pass))
- 	    {
- #  ifdef HAVE_SHADOW_H
- 	      if (spw)
- 	      {
--		pass = cups_crypt(password, spw->sp_pwdp);
-+		pass = crypt(password, spw->sp_pwdp);
- 
- 		if (pass == NULL || strcmp(spw->sp_pwdp, pass))
- 		{
-@@ -1995,129 +1992,6 @@ copy_authmask(cupsd_authmask_t *mask,	/* I - Existing auth mask */
- }
- 
- 
--#if !HAVE_LIBPAM
--/*
-- * 'cups_crypt()' - Encrypt the password using the DES or MD5 algorithms,
-- *                  as needed.
-- */
--
--static char *				/* O - Encrypted password */
--cups_crypt(const char *pw,		/* I - Password string */
--           const char *salt)		/* I - Salt (key) string */
--{
--  if (!strncmp(salt, "$1$", 3))
--  {
--   /*
--    * Use MD5 passwords without the benefit of PAM; this is for
--    * Slackware Linux, and the algorithm was taken from the
--    * old shadow-19990827/lib/md5crypt.c source code... :(
--    */
--
--    int			i;		/* Looping var */
--    unsigned long	n;		/* Output number */
--    int			pwlen;		/* Length of password string */
--    const char		*salt_end;	/* End of "salt" data for MD5 */
--    char		*ptr;		/* Pointer into result string */
--    _cups_md5_state_t	state;		/* Primary MD5 state info */
--    _cups_md5_state_t	state2;		/* Secondary MD5 state info */
--    unsigned char	digest[16];	/* MD5 digest result */
--    static char		result[120];	/* Final password string */
--
--
--   /*
--    * Get the salt data between dollar signs, e.g. $1$saltdata$md5.
--    * Get a maximum of 8 characters of salt data after $1$...
--    */
--
--    for (salt_end = salt + 3; *salt_end && (salt_end - salt) < 11; salt_end ++)
--      if (*salt_end == '$')
--        break;
--
--   /*
--    * Compute the MD5 sum we need...
--    */
--
--    pwlen = strlen(pw);
--
--    _cupsMD5Init(&state);
--    _cupsMD5Append(&state, (unsigned char *)pw, pwlen);
--    _cupsMD5Append(&state, (unsigned char *)salt, salt_end - salt);
--
--    _cupsMD5Init(&state2);
--    _cupsMD5Append(&state2, (unsigned char *)pw, pwlen);
--    _cupsMD5Append(&state2, (unsigned char *)salt + 3, salt_end - salt - 3);
--    _cupsMD5Append(&state2, (unsigned char *)pw, pwlen);
--    _cupsMD5Finish(&state2, digest);
--
--    for (i = pwlen; i > 0; i -= 16)
--      _cupsMD5Append(&state, digest, i > 16 ? 16 : i);
--
--    for (i = pwlen; i > 0; i >>= 1)
--      _cupsMD5Append(&state, (unsigned char *)((i & 1) ? "" : pw), 1);
--
--    _cupsMD5Finish(&state, digest);
--
--    for (i = 0; i < 1000; i ++)
--    {
--      _cupsMD5Init(&state);
--
--      if (i & 1)
--        _cupsMD5Append(&state, (unsigned char *)pw, pwlen);
--      else
--        _cupsMD5Append(&state, digest, 16);
--
--      if (i % 3)
--        _cupsMD5Append(&state, (unsigned char *)salt + 3, salt_end - salt - 3);
--
--      if (i % 7)
--        _cupsMD5Append(&state, (unsigned char *)pw, pwlen);
--
--      if (i & 1)
--        _cupsMD5Append(&state, digest, 16);
--      else
--        _cupsMD5Append(&state, (unsigned char *)pw, pwlen);
--
--      _cupsMD5Finish(&state, digest);
--    }
--
--   /*
--    * Copy the final sum to the result string and return...
--    */
--
--    memcpy(result, salt, (size_t)(salt_end - salt));
--    ptr = result + (salt_end - salt);
--    *ptr++ = '$';
--
--    for (i = 0; i < 5; i ++, ptr += 4)
--    {
--      n = ((((unsigned)digest[i] << 8) | (unsigned)digest[i + 6]) << 8);
--
--      if (i < 4)
--        n |= (unsigned)digest[i + 12];
--      else
--        n |= (unsigned)digest[5];
--
--      to64(ptr, n, 4);
--    }
--
--    to64(ptr, (unsigned)digest[11], 2);
--    ptr += 2;
--    *ptr = '\0';
--
--    return (result);
--  }
--  else
--  {
--   /*
--    * Use the standard crypt() function...
--    */
--
--    return (crypt(pw, salt));
--  }
--}
--#endif /* !HAVE_LIBPAM */
--
--
- /*
-  * 'free_authmask()' - Free function for auth masks.
-  */
--- 
-2.17.0
-

package/cups/cups.hash

@@ -1,3 +1,3 @@
 # Locally calculated:
-sha256 3c4b637b737077565ccdfbd5f61785d03f49461ae736fcc2c0ffaf41d2c6ea6a  cups-2.2.7-source.tar.gz
+sha256 77c8b2b3bb7fe8b5fbfffc307f2c817b2d7ec67b657f261a1dd1c61ab81205bb  cups-2.2.10-source.tar.gz
 sha256 6e0e0ffbde118aae709f7ef65590de9071e8b2cd322f84fd645c6b64f3cc452c  LICENSE.txt

package/cups/cups.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-CUPS_VERSION = 2.2.7
+CUPS_VERSION = 2.2.10
 CUPS_SOURCE = cups-$(CUPS_VERSION)-source.tar.gz
 CUPS_SITE = https://github.com/apple/cups/releases/download/v$(CUPS_VERSION)
 CUPS_LICENSE = GPL-2.0, LGPL-2.0

package/devmem2/Config.in

@@ -4,4 +4,4 @@ config BR2_PACKAGE_DEVMEM2
 	help
 	  Simple program to read/write from/to any location in memory.
 
-	  http://free-electrons.com/pub/mirror/devmem2.c
+	  http://bootlin.com/pub/mirror/devmem2.c

package/devmem2/devmem2.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DEVMEM2_SITE = http://free-electrons.com/pub/mirror
+DEVMEM2_SITE = http://bootlin.com/pub/mirror
 DEVMEM2_SOURCE = devmem2.c
 DEVMEM2_VERSION = 1
 DEVMEM2_LICENSE = GPL-2.0+

package/docker-containerd/Config.in

@@ -3,7 +3,9 @@ config BR2_PACKAGE_DOCKER_CONTAINERD
 	depends on BR2_PACKAGE_HOST_GO_ARCH_SUPPORTS
 	depends on BR2_PACKAGE_HOST_GO_CGO_LINKING_SUPPORTS
 	depends on BR2_TOOLCHAIN_HAS_THREADS
+	depends on BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_11 # runc
 	depends on !BR2_TOOLCHAIN_USES_UCLIBC # runc
+	depends on !BR2_TOOLCHAIN_EXTERNAL_CODESOURCERY_ARM # runc
 	depends on BR2_USE_MMU # util-linux
 	select BR2_PACKAGE_RUNC # runtime dependency
 	select BR2_PACKAGE_UTIL_LINUX # runtime dependency
@@ -32,4 +34,6 @@ comment "docker-containerd needs a glibc or musl toolchain w/ threads"
 	depends on BR2_PACKAGE_HOST_GO_ARCH_SUPPORTS
 	depends on BR2_PACKAGE_HOST_GO_CGO_LINKING_SUPPORTS
 	depends on BR2_USE_MMU
-	depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_TOOLCHAIN_USES_UCLIBC
+	depends on !BR2_TOOLCHAIN_HAS_THREADS || \
+		!BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_11 || BR2_TOOLCHAIN_USES_UCLIBC
+	depends on !BR2_TOOLCHAIN_EXTERNAL_CODESOURCERY_ARM

package/docker-engine/Config.in

@@ -3,7 +3,9 @@ config BR2_PACKAGE_DOCKER_ENGINE
 	depends on BR2_PACKAGE_HOST_GO_ARCH_SUPPORTS
 	depends on BR2_PACKAGE_HOST_GO_CGO_LINKING_SUPPORTS
 	depends on BR2_TOOLCHAIN_HAS_THREADS
+	depends on BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_11 # docker-containerd -> runc
 	depends on !BR2_TOOLCHAIN_USES_UCLIBC # docker-containerd -> runc
+	depends on !BR2_TOOLCHAIN_EXTERNAL_CODESOURCERY_ARM # docker-containerd -> runc
 	depends on BR2_USE_MMU # docker-containerd
 	select BR2_PACKAGE_DOCKER_CONTAINERD # runtime dependency
 	select BR2_PACKAGE_DOCKER_PROXY # runtime dependency
@@ -50,8 +52,10 @@ config BR2_PACKAGE_DOCKER_ENGINE_DRIVER_VFS
 
 endif
 
-comment "docker-engine needs a glibc or musl toolchain w/ threads"
+comment "docker-engine needs a glibc or musl toolchain w/ threads, headers >= 3.11"
 	depends on BR2_PACKAGE_HOST_GO_ARCH_SUPPORTS
 	depends on BR2_PACKAGE_HOST_GO_CGO_LINKING_SUPPORTS
-	depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_TOOLCHAIN_USES_UCLIBC
+	depends on !BR2_TOOLCHAIN_HAS_THREADS || \
+		!BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_11 || BR2_TOOLCHAIN_USES_UCLIBC
+	depends on !BR2_TOOLCHAIN_EXTERNAL_CODESOURCERY_ARM
 	depends on BR2_USE_MMU

package/efl/0001-evas-gl-make-GLintptr-etc.-also-ndefed-for-GL_VERSIO.patch

@@ -0,0 +1,34 @@
+From d045dd99acdd47be238642d4f9384dccacde2b42 Mon Sep 17 00:00:00 2001
+From: "Carsten Haitzler (Rasterman)" <raster@rasterman.com>
+Date: Sat, 15 Dec 2018 16:19:01 +0000
+Subject: [PATCH] evas gl - make GLintptr etc. also ndefed for GL_VERSION_1_5
+ fix typedef
+
+It seems that GL_VERSION_1_5 define == these provided by gl already. At
+least reading the mesa headers I do, so this should fix T7502
+
+Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
+---
+ src/lib/evas/Evas_GL.h | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/lib/evas/Evas_GL.h b/src/lib/evas/Evas_GL.h
+index fa3e6f4..5524d82 100644
+--- a/src/lib/evas/Evas_GL.h
++++ b/src/lib/evas/Evas_GL.h
+@@ -4272,9 +4272,11 @@ typedef signed int       GLfixed;      // Changed khronos_int32_t
+ 
+ #ifndef GL_ES_VERSION_2_0
+ /* GL types for handling large vertex buffer objects */
+-#include <stddef.h>
++# ifndef GL_VERSION_1_5
++#  include <stddef.h>
+ typedef ptrdiff_t GLintptr;     // Changed khronos_intptr_t
+ typedef ptrdiff_t GLsizeiptr;   // Changed khronos_ssize_t
++# endif
+ #endif
+ 
+ /* Some definitions from GLES 3.0.
+-- 
+2.14.1
+

package/fetchmail/0001-fix-openssl-static-link.patch

@@ -1,30 +0,0 @@
-Fix checking for statically build OpenSSL with libz dependency
-
-Fixes
-http://autobuild.buildroot.net/results/48a/48ad6d3659cf1f04581b7e3d115bebf454ff17fd/
-
-configure: Enabling OpenSSL support in /home/br/br/output/host/usr/i486-buildroot-linux-uclibc/sysroot/usr.
-checking for additional library dependencies of SSL... error
-configure: error: cannot link with SSL - check config.log
-
-In config.log multiple linking errors to libz can be found:
-
-configure:10099: /home/br/br/output/host/usr/bin/i486-ctng-linux-uclibc-gcc -o
-  conftest -D_LARGEFILE_SOURCE -D_LARGEFILE64
-  /home/br/br/output/host/usr/i486-buildroot-linux-uclibc/sysroot/usr/lib/libcrypto.a(c_zlib.o):
-  In function `zlib_stateful_c_zlib.c:(.text+0x56): undefined reference to `inflate'
-
-Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
-
-diff -uNr fetchmail-6.3.26.org/configure.ac fetchmail-6.3.26/configure.ac
---- fetchmail-6.3.26.org/configure.ac	2013-04-23 22:51:10.000000000 +0200
-+++ fetchmail-6.3.26/configure.ac	2014-07-27 09:20:25.000000000 +0200
-@@ -778,7 +778,7 @@
-     AC_MSG_ERROR([SSL support enabled, but OpenSSL not found])
-   fi
-   LDFLAGS="$LDFLAGS -L$with_ssl/lib"
--  LIBS="$LIBS -lssl -lcrypto"
-+  LIBS="-lssl -lcrypto $LIBS"
-   dnl check if -ldl is needed
-   AC_MSG_CHECKING([for additional library dependencies of SSL])
-   found=0

package/fetchmail/0002-configure.ac-use-pkg-config-to-find-openssl.patch

@@ -0,0 +1,69 @@
+From 1ed0af7f1bbcaccbd7356bd90596f5c942b64720 Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Fri, 22 Mar 2019 20:24:54 +0100
+Subject: [PATCH 1/1] configure.ac: use pkg-config to find openssl
+
+openssl can have multiples dependencies such as libatomic on sparcv8
+32 bits
+
+Fixes:
+ - http://autobuild.buildroot.org/results/58e5aa7c6ba8fe7474071d7a3cba6ed3a1b4cff4
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Upstream status:
+https://gitlab.com/fetchmail/fetchmail/merge_requests/14]
+---
+ configure.ac | 37 +++++++++++++++++++------------------
+ 1 file changed, 19 insertions(+), 18 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 16b0fcba..3a75ec6e 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -778,24 +778,25 @@ then
+   else
+     AC_MSG_ERROR([SSL support enabled, but OpenSSL not found])
+   fi
+-  LDFLAGS="$LDFLAGS -L$with_ssl/lib"
+-  LIBS="$LIBS -lssl -lcrypto"
+-  dnl check if -ldl is needed
+-  AC_MSG_CHECKING([for additional library dependencies of SSL])
+-  found=0
+-  save_LIBS="$LIBS"
+-  for i in "" "-ldl" ; do
+-      LIBS="$LDFLAGS $save_LIBS $i"
+-      AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <openssl/ssl.h>],[SSL_library_init()])],[found=1; break])
+-  done
+-  if test $found = 0 ; then
+-      AC_MSG_RESULT([error])
+-      AC_MSG_ERROR([cannot link with SSL - check config.log])
+-  fi
+-  LIBS="$save_LIBS $i"
+-  if test "$i" = "" ; then i="(none)" ; fi
+-  AC_MSG_RESULT($i)
+-  dnl XXX FIXME: use pkg-config if available!
++  PKG_CHECK_MODULES([SSL],[libssl libcrypto],[LIBS="$LIBS $SSL_LIBS"],[
++    LDFLAGS="$LDFLAGS -L$with_ssl/lib"
++    LIBS="$LIBS -lssl -lcrypto"
++    dnl check if -ldl is needed
++    AC_MSG_CHECKING([for additional library dependencies of SSL])
++    found=0
++    save_LIBS="$LIBS"
++    for i in "" "-ldl" ; do
++        LIBS="$LDFLAGS $save_LIBS $i"
++        AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <openssl/ssl.h>],[SSL_library_init()])],[found=1; break])
++    done
++    if test $found = 0 ; then
++        AC_MSG_RESULT([error])
++        AC_MSG_ERROR([cannot link with SSL - check config.log])
++    fi
++    LIBS="$save_LIBS $i"
++    if test "$i" = "" ; then i="(none)" ; fi
++    AC_MSG_RESULT($i)
++  ])
+   AC_DEFINE(SSL_ENABLE)
+ else
+   AC_MSG_WARN(Disabling SSL support.)
+-- 
+2.20.1
+

package/fetchmail/fetchmail.mk

@@ -13,17 +13,12 @@ FETCHMAIL_LICENSE_FILES = COPYING
 FETCHMAIL_AUTORECONF = YES
 FETCHMAIL_GETTEXTIZE = YES
 
-# needed to help fetchmail detecting the availability of openssl,
-# because it doesn't use pkg-config
-ifeq ($(BR2_STATIC_LIBS),y)
-FETCHMAIL_CONF_ENV += LIBS="-lz"
-endif
-
 FETCHMAIL_CONF_OPTS = \
 	--with-ssl=$(STAGING_DIR)/usr
 
 FETCHMAIL_DEPENDENCIES = \
 	ca-certificates \
+	host-pkgconf \
 	openssl \
 	$(TARGET_NLS_DEPENDENCIES)
 

package/file/file.hash

@@ -1,5 +1,7 @@
-# Locally calculated
-sha256 f15a50dbbfa83fec0bd1161e8e191b092ec832720e30cd14536e044ac623b20a  file-5.34.tar.gz
-sha256 3c0ad13c36f891a9b4f951e59eb2fc108065a46f849697cc6fd3cdb41cc23a3d  COPYING
-sha256 d98ee4d8d95e7d021a5dfc41f137ecc3b624a7b98e8bd793130202d12a21ed57  src/mygetopt.h
-sha256 85e358d575ad4ac5b38b623a25b24246ccff3c7e680d930c0a9ff5228fe434b6  src/vasprintf.c
+# Locally calculated after verifying signature
+# ftp://ftp.astron.com/pub/file/file-5.36.tar.gz.asc
+# using key BE04995BA8F90ED0C0C176C471112AB16CB33B3A
+sha256 fb608290c0fd2405a8f63e5717abf6d03e22e183fb21884413d1edd918184379  file-5.36.tar.gz
+sha256 0bfa856a9930bddadbef95d1be1cf4e163c0be618e76ea3275caaf255283e274  COPYING
+sha256 4ccb60d623884ef637af4a5bc16b2cb350163e2135e967655837336019a64462  src/mygetopt.h
+sha256 7ac061e1a1c840c4dfa0573aec6f3497676c9295b5ec4190d3576646eb1646bf  src/vasprintf.c

package/file/file.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-FILE_VERSION = 5.34
+FILE_VERSION = 5.36
 FILE_SITE = ftp://ftp.astron.com/pub/file
 FILE_DEPENDENCIES = host-file zlib
 HOST_FILE_DEPENDENCIES = host-zlib

package/fltk/fltk.mk

@@ -54,4 +54,11 @@ else
 FLTK_CONF_OPTS += --disable-xinerama
 endif
 
+ifeq ($(BR2_PACKAGE_XLIB_LIBXRENDER),y)
+FLTK_DEPENDENCIES += xlib_libXrender
+FLTK_CONF_OPTS += --enable-xrender
+else
+FLTK_CONF_OPTS += --disable-xrender
+endif
+
 $(eval $(autotools-package))

package/gcc/gcc.mk

@@ -87,7 +87,7 @@ HOST_GCC_COMMON_DEPENDENCIES = \
 HOST_GCC_COMMON_CONF_OPTS = \
 	--target=$(GNU_TARGET_NAME) \
 	--with-sysroot=$(STAGING_DIR) \
-	--disable-__cxa_atexit \
+	--enable-__cxa_atexit \
 	--with-gnu-ld \
 	--disable-libssp \
 	--disable-multilib \

package/gdb/gdb.mk

@@ -139,6 +139,11 @@ ifneq ($(BR2_INSTALL_LIBSTDCPP),y)
 GDB_CONF_OPTS += --disable-build-with-cxx
 endif
 
+# inprocess-agent can't be built statically
+ifeq ($(BR2_STATIC_LIBS),y)
+GDB_CONF_OPTS += --disable-inprocess-agent
+endif
+
 ifeq ($(BR2_PACKAGE_GDB_TUI),y)
 GDB_CONF_OPTS += --enable-tui
 else

package/git/git.mk

@@ -12,9 +12,9 @@ GIT_LICENSE_FILES = COPYING LGPL-2.1
 GIT_DEPENDENCIES = zlib $(TARGET_NLS_DEPENDENCIES)
 
 ifeq ($(BR2_PACKAGE_OPENSSL),y)
-GIT_DEPENDENCIES += openssl
+GIT_DEPENDENCIES += host-pkgconf openssl
 GIT_CONF_OPTS += --with-openssl
-GIT_CONF_ENV_LIBS += $(if $(BR2_STATIC_LIBS),-lz)
+GIT_MAKE_OPTS += LIB_4_CRYPTO="`$(PKG_CONFIG_HOST_BINARY) --libs libssl libcrypto`"
 else
 GIT_CONF_OPTS += --without-openssl
 endif

package/go/go.mk

@@ -37,12 +37,16 @@ GO_GOARCH = mips64le
 endif
 
 HOST_GO_DEPENDENCIES = host-go-bootstrap
+HOST_GO_HOST_CACHE = $(HOST_DIR)/usr/share/host-go-cache
 HOST_GO_ROOT = $(HOST_DIR)/lib/go
+HOST_GO_TARGET_CACHE = $(HOST_DIR)/usr/share/go-cache
 
 # For the convienience of target packages.
 HOST_GO_TOOLDIR = $(HOST_GO_ROOT)/pkg/tool/linux_$(GO_GOARCH)
 HOST_GO_TARGET_ENV = \
+	GO111MODULE=off \
 	GOARCH=$(GO_GOARCH) \
+	GOCACHE="$(HOST_GO_TARGET_CACHE)" \
 	GOROOT="$(HOST_GO_ROOT)" \
 	CC="$(TARGET_CC)" \
 	CXX="$(TARGET_CXX)" \
@@ -61,6 +65,8 @@ endif
 # The go build system is not compatible with ccache, so use
 # HOSTCC_NOCCACHE.  See https://github.com/golang/go/issues/11685.
 HOST_GO_MAKE_ENV = \
+	GO111MODULE=off \
+	GOCACHE=$(HOST_GO_HOST_CACHE) \
 	GOROOT_BOOTSTRAP=$(HOST_GO_BOOTSTRAP_ROOT) \
 	GOROOT_FINAL=$(HOST_GO_ROOT) \
 	GOROOT="$(@D)" \

package/gstreamer/gst-plugins-bad/gst-plugins-bad.mk

@@ -12,7 +12,8 @@ GST_PLUGINS_BAD_LICENSE = LGPL-2.1+, GPL-2.0+
 GST_PLUGINS_BAD_LICENSE_FILES = COPYING.LIB COPYING
 
 GST_PLUGINS_BAD_CONF_OPTS = \
-	--disable-examples
+	--disable-examples \
+	--disable-spandsp
 
 GST_PLUGINS_BAD_DEPENDENCIES = gst-plugins-base gstreamer
 

package/iproute2/0002-ss-fix-compilation-under-glibc-2.18.patch

@@ -0,0 +1,39 @@
+From 9700927a008a803ac119bdf816bdc1baa69d705c Mon Sep 17 00:00:00 2001
+From: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
+Date: Wed, 20 Feb 2019 15:41:51 +0100
+Subject: [PATCH] ss: fix compilation under glibc < 2.18
+
+Commit c759116a0b2b6da8df9687b0a40ac69050132c77 introduced support for
+AF_VSOCK. This define is only provided since glibc version 2.18, so
+compilation fails when using older toolchains.
+
+Provide the necessary definitions if needed.
+
+Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
+Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
+---
+ misc/ss.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/misc/ss.c b/misc/ss.c
+index 9e821faf..766fdc5f 100644
+--- a/misc/ss.c
++++ b/misc/ss.c
+@@ -51,6 +51,14 @@
+ #include <linux/tipc_netlink.h>
+ #include <linux/tipc_sockets_diag.h>
+ 
++/* AF_VSOCK/PF_VSOCK is only provided since glibc 2.18 */
++#ifndef PF_VSOCK
++#define PF_VSOCK 40
++#endif
++#ifndef AF_VSOCK
++#define AF_VSOCK PF_VSOCK
++#endif
++
+ #define MAGIC_SEQ 123456
+ #define BUF_CHUNK (1024 * 1024)
+ #define LEN_ALIGN(x) (((x) + 1) & ~1)
+-- 
+2.19.2
+

package/jq/jq.hash

@@ -1,2 +1,3 @@
 # Locally calculated
-sha256  c4d2bfec6436341113419debf479d833692cc5cdab7eb0326b5a4d4fbe9f493c  jq-1.5.tar.gz
+sha256  5de8c8e29aaa3fb9cc6b47bb27299f271354ebb72514e3accadc7d38b5bbaa72  jq-1.6.tar.gz
+sha256  111136aebcbfa68b6b0084e582b30e981da76adcff84eab6f9be32a1f38c5bf1  COPYING

package/jq/jq.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-JQ_VERSION = 1.5
+JQ_VERSION = 1.6
 JQ_SITE = https://github.com/stedolan/jq/releases/download/jq-$(JQ_VERSION)
 JQ_LICENSE = MIT (code), CC-BY-3.0 (documentation)
 JQ_LICENSE_FILES = COPYING
@@ -17,8 +17,8 @@ JQ_CONF_ENV += CFLAGS="$(TARGET_CFLAGS) -std=c99 -D_GNU_SOURCE"
 HOST_JQ_CONF_ENV += CFLAGS="$(HOST_CFLAGS) -std=c99 -D_GNU_SOURCE"
 
 # jq explicitly enables maintainer mode, which we don't need/want
-JQ_CONF_OPTS += --disable-maintainer-mode
-HOST_JQ_CONF_OPTS += --disable-maintainer-mode
+JQ_CONF_OPTS += --disable-maintainer-mode --without-oniguruma
+HOST_JQ_CONF_OPTS += --disable-maintainer-mode --without-oniguruma
 
 $(eval $(autotools-package))
 $(eval $(host-autotools-package))

package/kf5/kf5-modemmanager-qt/kf5-modemmanager-qt.mk

@@ -13,4 +13,9 @@ KF5_MODEMMANAGER_QT_LICENSE_FILE = COPYING.LIB
 KF5_MODEMMANAGER_QT_DEPENDENCIES = kf5-extra-cmake-modules modem-manager qt5base
 KF5_MODEMMANAGER_QT_INSTALL_STAGING = YES
 
+# Uses __atomic_fetch_add_4
+ifeq ($(BR2_TOOLCHAIN_HAS_LIBATOMIC),y)
+KF5_MODEMMANAGER_QT_CONF_OPTS += -DCMAKE_CXX_FLAGS="$(TARGET_CXXFLAGS) -latomic"
+endif
+
 $(eval $(cmake-package))

package/leveldb/0003-Generate-position-independant-code-for-static-librar.patch

@@ -0,0 +1,52 @@
+From 6ed1b57ef6bcee0d497c181730710b2b0fafbfb3 Mon Sep 17 00:00:00 2001
+From: =?utf-8?q?Ga=C3=ABl=20PORTAY?= <gael.portay@savoirfairelinux.com>
+Date: Fri, 31 Aug 2018 12:23:46 -0400
+Subject: [PATCH] Generate position independant code for static library
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf-8
+Content-Transfer-Encoding: 8bit
+
+Currently, only shared libraries are using the PIC flag.
+
+Generalize this flag for static libraries in order to let them linkable
+by dynamic libraries.
+
+Fixes:
+
+	/home/gportay/src/buildroot/output/host/opt/ext-toolchain/bin/../lib/gcc/x86_64-amd-linux-gnu/6.2.0/../../../../x86_64-amd-linux-gnu/bin/ld: /home/gportay/src/buildroot/output/host/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libmemenv.a(memenv.o): relocation R_X86_64_32S against `.rodata' can not be used when making a shared object; recompile with -fPIC
+	/home/gportay/src/buildroot/output/host/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libmemenv.a: error adding symbols: Bad value
+	collect2: error: ld returned 1 exit status
+
+Upstream-Status: Inappropriate [upstream has migrated to cmake]
+Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com>
+---
+ build_detect_platform | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/build_detect_platform b/build_detect_platform
+index d2a20ce..4839444 100755
+--- a/build_detect_platform
++++ b/build_detect_platform
+@@ -55,8 +55,8 @@ fi
+ 
+ COMMON_FLAGS=
+ CROSS_COMPILE=
+-PLATFORM_CCFLAGS=
+-PLATFORM_CXXFLAGS=
++PLATFORM_CCFLAGS="-fPIC"
++PLATFORM_CXXFLAGS="-fPIC"
+ PLATFORM_LDFLAGS=
+ PLATFORM_LIBS=
+ PLATFORM_SHARED_EXT="so"
+@@ -197,7 +197,7 @@ else
+ EOF
+     if [ "$?" = 0 ]; then
+         COMMON_FLAGS="$COMMON_FLAGS -DLEVELDB_PLATFORM_POSIX -DLEVELDB_ATOMIC_PRESENT"
+-        PLATFORM_CXXFLAGS="-std=c++0x"
++        PLATFORM_CXXFLAGS="$PLATFORM_CXXFLAGS -std=c++0x"
+     else
+         COMMON_FLAGS="$COMMON_FLAGS -DLEVELDB_PLATFORM_POSIX"
+     fi
+-- 
+2.18.0
+

package/leveldb/leveldb.mk

@@ -25,6 +25,8 @@ define LEVELDB_INSTALL_STAGING_CMDS
 	$(TARGET_MAKE_ENV) $(MAKE1) \
 		INSTALL_ROOT=$(STAGING_DIR) INSTALL_PREFIX=/usr \
 		$(LEVELDB_MAKE_ARGS) -C $(@D) install
+	$(INSTALL) -D -m 0644 $(@D)/out-static/libmemenv.a $(STAGING_DIR)/usr/lib/libmemenv.a
+	$(INSTALL) -D -m 0644 $(@D)/helpers/memenv/memenv.h $(STAGING_DIR)/usr/include/helpers/memenv/memenv.h
 endef
 
 define LEVELDB_INSTALL_TARGET_CMDS

package/libopenssl/libopenssl.hash

@@ -1,7 +1,7 @@
-# From https://www.openssl.org/source/openssl-1.0.2q.tar.gz.sha256
-sha256	5744cfcbcec2b1b48629f7354203bc1e5e9b5466998bbccc5b5fcde3b18eb684	openssl-1.0.2q.tar.gz
-# From https://www.openssl.org/source/openssl-1.0.2q.tar.gz.sha1
-sha1	692f5f2f1b114f8adaadaa3e7be8cce1907f38c5				openssl-1.0.2q.tar.gz
+# From https://www.openssl.org/source/openssl-1.0.2r.tar.gz.sha256
+sha256	ae51d08bba8a83958e894946f15303ff894d75c2b8bbd44a852b64e3fe11d0d6	openssl-1.0.2r.tar.gz
+# From https://www.openssl.org/source/openssl-1.0.2r.tar.gz.sha1
+sha1	b9aec1fa5cedcfa433aed37c8fe06b0ab0ce748d				openssl-1.0.2r.tar.gz
 # Locally computed
 sha256	eddd8a5123748052c598214487ac178e4bfa4e31ba2ec520c70d59c8c5bfa2e9	openssl-1.0.2a-parallel-install-dirs.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d
 sha256	147c3eeaad614c044749ea527cb433eae5e2d5cad34a78c6ba61cd967bfbe01f	openssl-1.0.2a-parallel-obj-headers.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d

package/libopenssl/libopenssl.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBOPENSSL_VERSION = 1.0.2q
+LIBOPENSSL_VERSION = 1.0.2r
 LIBOPENSSL_SITE = https://www.openssl.org/source
 LIBOPENSSL_SOURCE = openssl-$(LIBOPENSSL_VERSION).tar.gz
 LIBOPENSSL_LICENSE = OpenSSL or SSLeay

package/libraw/libraw.hash

@@ -1,5 +1,5 @@
 # Locally calculated
-sha256	7cf724a40a0d8915869498f51062a952167e4f5bae2b6920542c9e0e079a471d	LibRaw-0.18.11.tar.gz
+sha256	400d47969292291d297873a06fb0535ccce70728117463927ddd9452aa849644	LibRaw-0.19.2.tar.gz
 sha256	eea173a556abac0370461e57e12aab266894ea6be3874c2be05fd87871f75449	LICENSE.LGPL
 sha256	0e3098d2d54a12434715f6679ea408d57da5e8d613c385c58ecc6fe5d30cc81f	LICENSE.CDDL
-sha256	7fe7564c5d48c5d353d7c1966dcddada3791586a4c2eedbc68ad56e96955e75d	README
+sha256	eee0055723d3483ef3ee7920e2178177b14a334c2a622be4101bcfb05d21407e	README.md

package/libraw/libraw.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBRAW_VERSION = 0.18.11
+LIBRAW_VERSION = 0.19.2
 LIBRAW_SOURCE = LibRaw-$(LIBRAW_VERSION).tar.gz
 LIBRAW_SITE = http://www.libraw.org/data
 LIBRAW_INSTALL_STAGING = YES
@@ -14,7 +14,7 @@ LIBRAW_CONF_OPTS += \
 	--disable-demosaic-pack-gpl2 \
 	--disable-demosaic-pack-gpl3
 LIBRAW_LICENSE = LGPL-2.1 or CDDL-1.0
-LIBRAW_LICENSE_FILES = LICENSE.LGPL LICENSE.CDDL README
+LIBRAW_LICENSE_FILES = LICENSE.LGPL LICENSE.CDDL README.md
 LIBRAW_DEPENDENCIES = host-pkgconf
 LIBRAW_CXXFLAGS = $(TARGET_CXXFLAGS)
 LIBRAW_CONF_ENV = CXXFLAGS="$(LIBRAW_CXXFLAGS)"

package/libseccomp/0001-remove-static.patch

@@ -1,4 +1,4 @@
-From 8632287cf6863b580340f846ac14adf2609abdb0 Mon Sep 17 00:00:00 2001
+From 5d010fb06eae43b284e5ccc322f6de47eb42b751 Mon Sep 17 00:00:00 2001
 From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 Date: Sat, 2 Jun 2018 13:45:22 +0200
 Subject: [PATCH] remove static
@@ -14,16 +14,18 @@ and slighly updated to work with 2.3.3
 
 Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Peter: updated for v2.4.0 which adds scmp_api_level]
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 ---
- tools/Makefile.am | 2 --
- 1 file changed, 2 deletions(-)
+ tools/Makefile.am | 3 ---
+ 1 file changed, 3 deletions(-)
 
 diff --git a/tools/Makefile.am b/tools/Makefile.am
-index 70b4aed..ef74270 100644
+index f768365..5f9d571 100644
 --- a/tools/Makefile.am
 +++ b/tools/Makefile.am
-@@ -35,8 +35,6 @@ scmp_bpf_disasm_SOURCES = scmp_bpf_disasm.c bpf.h util.h
- scmp_bpf_sim_SOURCES = scmp_bpf_sim.c bpf.h util.h
+@@ -37,10 +37,7 @@ scmp_bpf_sim_SOURCES = scmp_bpf_sim.c bpf.h util.h
+ scmp_api_level_SOURCES = scmp_api_level.c
  
  scmp_sys_resolver_LDADD = ../src/libseccomp.la
 -scmp_sys_resolver_LDFLAGS = -static
@@ -31,6 +33,8 @@ index 70b4aed..ef74270 100644
 -scmp_arch_detect_LDFLAGS = -static
  scmp_bpf_disasm_LDADD = util.la
  scmp_bpf_sim_LDADD = util.la
+ scmp_api_level_LDADD = ../src/libseccomp.la
+-scmp_api_level_LDFLAGS = -static
 -- 
-2.14.1
+2.11.0
 

package/libseccomp/libseccomp.hash

@@ -1,3 +1,3 @@
 # Locally calculated
-sha256 5a52495207f00d1254707f11226e17c16ec53f5038d65bbabf1892873fa2fe5b libseccomp-v2.3.3.tar.gz
+sha256 b7ee0299157fb7a6a81c99f2e0d7e64429b7d7c0eae43c3a6ef91e87eeed2868 libseccomp-v2.4.0.tar.gz
 sha256 102900208eef27b766380135906d431dba87edaa7ec6aa72e6ebd3dd67f3a97b LICENSE

package/libseccomp/libseccomp.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBSECCOMP_VERSION = v2.3.3
+LIBSECCOMP_VERSION = v2.4.0
 LIBSECCOMP_SITE = $(call github,seccomp,libseccomp,$(LIBSECCOMP_VERSION))
 LIBSECCOMP_LICENSE = LGPL-2.1
 LIBSECCOMP_LICENSE_FILES = LICENSE

package/libsoxr/0001-Add-Libs.private-for-static-linking.patch

@@ -0,0 +1,43 @@
+From 7d2d1039f303b6322ecb72eebae39b699fd28d19 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?J=C3=B6rg=20Krause?= <joerg.krause@embedded.rocks>
+Date: Fri, 22 Feb 2019 01:31:11 +0100
+Subject: [PATCH] Add Libs.private in soxr.pc.in for static linking
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+If libsoxr is build statically against libavutil other applications
+needs to know that they must link with `-lavutil` when building in a
+static context.
+
+Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
+---
+ CMakeLists.txt | 1 +
+ src/soxr.pc.in | 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index ee48f6c..714bd4d 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -139,6 +139,7 @@ if (WITH_AVFFT OR (CMAKE_SYSTEM_PROCESSOR MATCHES "^arm" AND SIMD32_FOUND AND WI
+   if (AVUTIL_FOUND)
+     include_directories (${AVUTIL_INCLUDE_DIRS})
+     set (LIBS ${LIBS} ${AVUTIL_LIBRARIES})
++    set (PKGCONF_LIBS_PRIV ${PKGCONF_LIBS_PRIV} -lavutil)
+   endif ()
+ endif ()
+ 
+diff --git a/src/soxr.pc.in b/src/soxr.pc.in
+index 69d225b..6c530a6 100644
+--- a/src/soxr.pc.in
++++ b/src/soxr.pc.in
+@@ -2,4 +2,5 @@ Name: ${PROJECT_NAME}
+ Description: ${DESCRIPTION_SUMMARY}
+ Version: ${PROJECT_VERSION}
+ Libs: -L${LIB_INSTALL_DIR} -l${PROJECT_NAME}
++Libs.private: ${PKGCONF_LIBS_PRIV}
+ Cflags: -I${INCLUDE_INSTALL_DIR}
+-- 
+2.20.1
+

package/libsoxr/0001-soxr.pc.in-add-avutil-libraries.patch

@@ -1,33 +0,0 @@
-From 8c1edfc22f8b714062b149e3d80ab4357a1a4e49 Mon Sep 17 00:00:00 2001
-From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-Date: Thu, 22 Nov 2018 19:10:03 +0100
-Subject: [PATCH] soxr.pc.in: add avutil libraries
-
-Add ${AVUTIL_LIBRARIES} to soxr.pc.in so applications such as
-shairport-sync will know that they must link with -lavutil when
-building statically
-
-Fixes:
- - http://autobuild.buildroot.org/results/839c0ce6475accc1de7e8a180d4358edb6750c64
-
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-[Upstream status: https://sourceforge.net/p/soxr/code/merge-requests/2]
-[Thomas: move to Libs.private.]
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
----
- src/soxr.pc.in | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/soxr.pc.in b/src/soxr.pc.in
-index 69d225b..ed212a8 100644
---- a/src/soxr.pc.in
-+++ b/src/soxr.pc.in
-@@ -2,4 +2,5 @@ Name: ${PROJECT_NAME}
- Description: ${DESCRIPTION_SUMMARY}
- Version: ${PROJECT_VERSION}
- Libs: -L${LIB_INSTALL_DIR} -l${PROJECT_NAME}
-+Libs.private: ${AVUTIL_LIBRARIES}
- Cflags: -I${INCLUDE_INSTALL_DIR}
--- 
-2.19.1
-

package/libssh2/0003-openssl-fix-dereferencing-ambiguity-potentially-caus.patch

@@ -1,51 +0,0 @@
-From 28fe5e4de437f8fce6e428b7db9bc8640cda4c61 Mon Sep 17 00:00:00 2001
-From: Giulio Benetti <giulio.benetti@micronovasrl.com>
-Date: Thu, 13 Sep 2018 09:51:35 +0200
-Subject: [PATCH] openssl: fix dereferencing ambiguity potentially causing
- build failure
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-When dereferencing from *aes_ctr_cipher, being a pointer itself,
-ambiguity can occur with compiler and build can fail reporting:
-openssl.c:574:20: error: ‘*aes_ctr_cipher’ is a pointer; did you mean to use ‘->’?
-     *aes_ctr_cipher->nid = type;
-
-Sorround every *aes_ctr_cipher-> occurence with paranthesis like this
-(*aes_ctr_cipher)->
-
-Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
-Upstream: https://github.com/libssh2/libssh2/commit/b5b6673c2823a18753a14571a6c01bde33fa3a8b
----
- src/openssl.c | 14 +++++++-------
- 1 file changed, 7 insertions(+), 7 deletions(-)
-
-diff --git a/src/openssl.c b/src/openssl.c
-index 678d5de..c26aaec 100644
---- a/src/openssl.c
-+++ b/src/openssl.c
-@@ -571,13 +571,13 @@ make_ctr_evp (size_t keylen, EVP_CIPHER **aes_ctr_cipher, int type)
-         EVP_CIPHER_meth_set_cleanup(*aes_ctr_cipher, aes_ctr_cleanup);
-     }
- #else
--    *aes_ctr_cipher->nid = type;
--    *aes_ctr_cipher->block_size = 16;
--    *aes_ctr_cipher->key_len = keylen;
--    *aes_ctr_cipher->iv_len = 16;
--    *aes_ctr_cipher->init = aes_ctr_init;
--    *aes_ctr_cipher->do_cipher = aes_ctr_do_cipher;
--    *aes_ctr_cipher->cleanup = aes_ctr_cleanup;
-+    (*aes_ctr_cipher)->nid = type;
-+    (*aes_ctr_cipher)->block_size = 16;
-+    (*aes_ctr_cipher)->key_len = keylen;
-+    (*aes_ctr_cipher)->iv_len = 16;
-+    (*aes_ctr_cipher)->init = aes_ctr_init;
-+    (*aes_ctr_cipher)->do_cipher = aes_ctr_do_cipher;
-+    (*aes_ctr_cipher)->cleanup = aes_ctr_cleanup;
- #endif
- 
-     return *aes_ctr_cipher;
--- 
-2.17.1
-

package/libssh2/libssh2.hash

@@ -1,3 +1,3 @@
 # Locally calculated
-sha256 ec2b32b44ae5f8fe094f663f63953fb31314de838eb36e8c47e5a89137b5a1bc  libssh2-8b870ad771cbd9cd29edbb3dbb0878e950f868ab.tar.gz
+sha256 468e7a81a8121c06cb099eef2e17106b0b8c2e1d890b1c0e34e1951f182babb1  libssh2-1b3cbaff518f32e5b70650d4b7b52361b1410d37.tar.gz
 sha256 e15ed284a15e80115467d6d7f030f0d89d8fabbecd78fb6e0f861f0cfc128fd9  COPYING

package/libssh2/libssh2.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBSSH2_VERSION = 8b870ad771cbd9cd29edbb3dbb0878e950f868ab
+LIBSSH2_VERSION = 1b3cbaff518f32e5b70650d4b7b52361b1410d37
 LIBSSH2_SITE = $(call github,libssh2,libssh2,$(LIBSSH2_VERSION))
 LIBSSH2_LICENSE = BSD
 LIBSSH2_LICENSE_FILES = COPYING

package/linux-headers/Config.in.host

@@ -290,9 +290,9 @@ config BR2_DEFAULT_KERNEL_HEADERS
 	string
 	default "3.2.102"	if BR2_KERNEL_HEADERS_3_2
 	default "4.1.52"	if BR2_KERNEL_HEADERS_4_1
-	default "4.4.174"	if BR2_KERNEL_HEADERS_4_4
-	default "4.9.156"	if BR2_KERNEL_HEADERS_4_9
-	default "4.14.99"	if BR2_KERNEL_HEADERS_4_14
+	default "4.4.176"	if BR2_KERNEL_HEADERS_4_4
+	default "4.9.160"	if BR2_KERNEL_HEADERS_4_9
+	default "4.14.103"	if BR2_KERNEL_HEADERS_4_14
 	default "4.16.18"	if BR2_KERNEL_HEADERS_4_16
 	default "4.18.20"	if BR2_KERNEL_HEADERS_4_18
 	default BR2_DEFAULT_KERNEL_VERSION if BR2_KERNEL_HEADERS_VERSION

package/mariadb/mariadb.hash

@@ -1,9 +1,9 @@
-# From https://downloads.mariadb.org/mariadb/10.3.11
-md5 e13ab133060886cda814d68ebd1dc27b  mariadb-10.3.11.tar.gz
-sha1 7b75d7ec06642f26ce197e07f5ba16283061cc87  mariadb-10.3.11.tar.gz
-sha256 211655b794c9d5397ba3be6c90737eac02e882f296268299239db47ba328f1b2  mariadb-10.3.11.tar.gz
-sha512 1adc1f9bbabf848726c669a7a0ab01257ba31882758b53fbf3b1316f2295670dba1c3d1f3292d7c1a749c701504588694a55d020839e690595897b0e20435298  mariadb-10.3.11.tar.gz
+# From https://downloads.mariadb.org/mariadb/10.3.13
+md5 603ce42e35b9a688f2cca05275acb5cb  mariadb-10.3.13.tar.gz
+sha1 08467885412184e99b835732913d445fd2c4b1b3  mariadb-10.3.13.tar.gz
+sha256 b2aa857ef5b84f85a7ea60a1eac7b34c0ca5151c71a0d44ce2d7fb028d71459a  mariadb-10.3.13.tar.gz
+sha512 3cbd93291aa43b235e5b81d953ea69fb32df54fb518f922f69b5485952f01fae693c77b0efac37f414ed7ff132d3b58f899812bdb7be8a5b344c3640e2c3a0dd  mariadb-10.3.13.tar.gz
 
 # Hash for license files
-sha256 a298aaf95cb7e594d15b29ae6b5a9ee22a2be4344379fd29304df4e0f19f695a  README.md
+sha256 43f4b5b13cecbbdb04a180cbf6c2bd64237819d1a32165b7d475c1b392e6a8d1  README.md
 sha256 ab15fd526bd8dd18a9e77ebc139656bf4d33e97fc7238cd11bf60e2b9b8666c6  COPYING

package/mariadb/mariadb.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-MARIADB_VERSION = 10.3.11
+MARIADB_VERSION = 10.3.13
 MARIADB_SITE = https://downloads.mariadb.org/interstitial/mariadb-$(MARIADB_VERSION)/source
 MARIADB_LICENSE = GPL-2.0 (server), GPL-2.0 with FLOSS exception (GPL client library), LGPL-2.0 (LGPL client library)
 # Tarball no longer contains LGPL license text

package/mosquitto/mosquitto.hash

@@ -1,5 +1,5 @@
 # Locally calculated after checking gpg signature
-sha256 d4024c3388502d50be4192991e90d66dfb344376104df3f63846c9f201779955  mosquitto-1.5.7.tar.gz
+sha256 78d7e70c3794dc3a1d484b4f2f8d3addebe9c2da3f5a1cebe557f7d13beb0da4  mosquitto-1.5.8.tar.gz
 
 # License files
 sha256 cc77e25bafd40637b7084f04086d606f0a200051b61806f97c93405926670bc1  LICENSE.txt

package/mosquitto/mosquitto.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-MOSQUITTO_VERSION = 1.5.7
+MOSQUITTO_VERSION = 1.5.8
 MOSQUITTO_SITE = https://mosquitto.org/files/source
 MOSQUITTO_LICENSE = EPL-1.0 or EDLv1.0
 MOSQUITTO_LICENSE_FILES = LICENSE.txt epl-v10 edl-v10

package/nodejs/nodejs.hash

@@ -1,5 +1,5 @@
-# From https://nodejs.org/dist/v8.15.0/SHASUMS256.txt
-sha256 968523333947cc3f769d73dedc6c9c60580826d8714bc0e62ca4589de6a7c633  node-v8.15.0.tar.xz
+# From https://nodejs.org/dist/v8.15.1/SHASUMS256.txt
+sha256 6b6486a3f452624941f6e11dd5f878c298d43e9c21b5f43ca1721dc7ce25add1  node-v8.15.1.tar.xz
 
 # Hash for license file
 sha256 b87be6c1479ed977481115869c2dd8b6d59e5ea55aa09939d6c898242121b2f5  LICENSE

package/nodejs/nodejs.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-NODEJS_VERSION = 8.15.0
+NODEJS_VERSION = 8.15.1
 NODEJS_SOURCE = node-v$(NODEJS_VERSION).tar.xz
 NODEJS_SITE = http://nodejs.org/dist/v$(NODEJS_VERSION)
 NODEJS_DEPENDENCIES = host-python host-nodejs c-ares \

package/ntp/0003-fix-nommu.patch

@@ -1,29 +0,0 @@
-Fix no-MMU build
-
-The detach_from_terminal() is unused for no-MMU, but it depends on symbols
-that are not defined for no-MMU. Don't define detach_from_terminal() when
-HAVE_WORKING_FORK is not defined.
-
-Signed-off-by: Baruch Siach <baruch@tkos.co.il>
----
-Upstream status: http://bugs.ntp.org/show_bug.cgi?id=3538
-
-diff -Nuar ntp-4.2.8p12.orig/ntpd/ntpd.c ntp-4.2.8p12/ntpd/ntpd.c
---- ntp-4.2.8p12.orig/ntpd/ntpd.c	2018-08-14 14:51:30.000000000 +0300
-+++ ntp-4.2.8p12/ntpd/ntpd.c	2018-10-13 21:25:25.858261249 +0300
-@@ -534,6 +534,7 @@
-  * Detach from terminal (much like daemon())
-  * Nothe that this function calls exit()
-  */
-+# ifdef HAVE_WORKING_FORK
- static void
- detach_from_terminal(
- 	int pipe_fds[2],
-@@ -617,6 +618,7 @@
- 
- 	return;
- }
-+# endif /* HAVE_WORKING_FORK */
- 
- #ifdef HAVE_DROPROOT
- /*

package/ntp/0004-fix-work-fork-without-droproot.patch

@@ -1,26 +0,0 @@
-Fix work_fork build when droproot is disabled
-
-The set_user_group_ids() depends on HAVE_DROPROOT. When HAVE_DROPROOT is not
-enabled, work_fork.c code causes a link failure:
-
-../libntp/libntp.a(work_fork.o): In function `send_blocking_req_internal':
-work_fork.c:(.text+0x498): undefined reference to `set_user_group_ids'
-
-Make the set_user_group_ids() call depend on HAVE_DROPROOT.
-
-Signed-off-by: Baruch Siach <baruch@tkos.co.il>
----
-Upstream status: http://bugs.ntp.org/show_bug.cgi?id=3539
-
---- ntp-4.2.8p12.orig/libntp/work_fork.c	2018-08-14 14:51:06.000000000 +0300
-+++ ntp-4.2.8p12/libntp/work_fork.c	2018-10-15 21:10:54.580917962 +0300
-@@ -594,7 +594,9 @@
- 	init_logging("ntp_intres", 0, FALSE);
- 	setup_logfile(NULL);
- 
-+#if defined(HAVE_DROPROOT)
- 	(void) set_user_group_ids();
-+#endif
- 
- 	/*
- 	 * And now back to the portable code

package/ntp/ntp.hash

@@ -1,5 +1,5 @@
-# From https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.8p12.tar.gz.md5
-md5 1522d66574bae14abb2622746dad2bdc  ntp-4.2.8p12.tar.gz
+# From https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.8p13.tar.gz.md5
+md5 ea040ab9b4ca656b5229b89d6b822f13  ntp-4.2.8p13.tar.gz
 # Calculated based on the hash above
-sha256 709b222b5013d77d26bfff532b5ea470a8039497ef29d09363931c036cb30454  ntp-4.2.8p12.tar.gz
-sha256 62c87b269365b38b55359b16dfde7ec28c683c722ef489db90afd0f2e478e4a1  COPYRIGHT
+sha256 288772cecfcd9a53694ffab108d1825a31ba77f3a8466b0401baeca3bc232a38  ntp-4.2.8p13.tar.gz
+sha256 3828da5fc8126889d6a64432288ace08526c490bf5427d799931689069968d91  COPYRIGHT

package/ntp/ntp.mk

@@ -5,7 +5,7 @@
 ################################################################################
 
 NTP_VERSION_MAJOR = 4.2
-NTP_VERSION = $(NTP_VERSION_MAJOR).8p12
+NTP_VERSION = $(NTP_VERSION_MAJOR).8p13
 NTP_SITE = https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-$(NTP_VERSION_MAJOR)
 NTP_DEPENDENCIES = host-pkgconf libevent
 NTP_LICENSE = NTP

package/openjpeg/0004-install-static-lib.patch

@@ -1,27 +0,0 @@
-From 66297f07a43d2770a97c8456d20202f3d051d980 Mon Sep 17 00:00:00 2001
-From: Even Rouault <even.rouault@spatialys.com>
-Date: Mon, 9 Oct 2017 11:40:43 +0200
-Subject: [PATCH] Unix build: fix regression of 2.3.0 where a shared-only or
- static-only build lacks the installation target for the library (#1019, fixes
- regression introduced by 3dfc6ca2bcf06fd1adb6b6b4cecc6c092f08ba0b)
-
-Downloaded from upstream commit
-https://github.com/uclouvain/openjpeg/commit/66297f07a43d2770a97c8456d20202f3d051d980
-
-Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
----
- src/lib/openjp2/CMakeLists.txt | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/lib/openjp2/CMakeLists.txt b/src/lib/openjp2/CMakeLists.txt
-index 0b4520384..f8990ccf0 100644
---- a/src/lib/openjp2/CMakeLists.txt
-+++ b/src/lib/openjp2/CMakeLists.txt
-@@ -99,6 +99,7 @@ else()
-     set(INSTALL_LIBS ${OPENJPEG_LIBRARY_NAME} openjp2_static)
-   else()
-     add_library(${OPENJPEG_LIBRARY_NAME} ${OPENJPEG_SRCS})
-+    set(INSTALL_LIBS ${OPENJPEG_LIBRARY_NAME})
-   endif()
- endif()
- 

package/openjpeg/openjpeg.hash

@@ -1,2 +1,3 @@
 # Locally computed:
-sha256 3dc787c1bb6023ba846c2a0d9b1f6e179f1cd255172bde9eb75b01f1e6c7d71a  openjpeg-2.3.0.tar.gz
+sha256 3389a1aa908c2b577863da213db3a170df3edbb1432e99ae5fd3f2ac721d69d3  openjpeg-51f097e6d5754ddae93e716276fe8176b44ec548.tar.gz
+sha256 a6af136f3e15038a666b61f376612a07d9a4e48cb7c01adbf3e33b3f14ab49b6  LICENSE

package/openjpeg/openjpeg.mk

@@ -4,8 +4,8 @@
 #
 ################################################################################
 
-OPENJPEG_VERSION = 2.3.0
-OPENJPEG_SITE = $(call github,uclouvain,openjpeg,v$(OPENJPEG_VERSION))
+OPENJPEG_VERSION = 51f097e6d5754ddae93e716276fe8176b44ec548
+OPENJPEG_SITE = $(call github,uclouvain,openjpeg,$(OPENJPEG_VERSION))
 OPENJPEG_LICENSE = BSD-2-Clause
 OPENJPEG_LICENSE_FILES = LICENSE
 OPENJPEG_INSTALL_STAGING = YES

package/perl/perl.hash

@@ -1,7 +1,7 @@
-# Hashes from: http://www.cpan.org/src/5.0/perl-5.26.2.tar.xz.{md5,sha1,sha256}.txt
-md5    1fa1b53eeff76aa37b17bfc9b2771671                                 perl-5.26.2.tar.xz
-sha1   bfa5c7921ed7bf5e035dbf2f7ff81367b81e372c                         perl-5.26.2.tar.xz
-sha256 0f8c0fb1b0db4681adb75c3ba0dd77a0472b1b359b9e80efd79fc27b4352132c perl-5.26.2.tar.xz
+# Hashes from: http://www.cpan.org/src/5.0/perl-5.26.3.tar.xz.{md5,sha1,sha256}.txt
+md5    218d73f2334d2f3fdaff5a1f35358247                                 perl-5.26.3.tar.xz
+sha1   ca73432ac07288fdce2063f5e09c642e28584226                         perl-5.26.3.tar.xz
+sha256 e0a17cdaed5304aea1783e507e56bb0001dd72c46f211553ead3a580c3f38135 perl-5.26.3.tar.xz
 
-# Hashes from: https://github.com/arsv/perl-cross/releases/download/1.2/perl-cross-1.2.hash
-sha256	599077beb86af5e6097da8922a84474a5484f61475d2899eae0f8634e9619109  perl-cross-1.2.tar.gz
+# Hashes from: http://github.com/arsv/perl-cross/releases/download/1.2.2/perl-cross-1.2.2.hash
+sha256	e6987838f27d8cd3368ea68fc56a68cc52371505950927b8b7c5cb76e3a94caa  perl-cross-1.2.2.tar.gz

package/perl/perl.mk

@@ -6,14 +6,14 @@
 
 # When updating the version here, also update utils/scancpan
 PERL_VERSION_MAJOR = 26
-PERL_VERSION = 5.$(PERL_VERSION_MAJOR).2
+PERL_VERSION = 5.$(PERL_VERSION_MAJOR).3
 PERL_SITE = http://www.cpan.org/src/5.0
 PERL_SOURCE = perl-$(PERL_VERSION).tar.xz
 PERL_LICENSE = Artistic or GPL-1.0+
 PERL_LICENSE_FILES = Artistic Copying README
 PERL_INSTALL_STAGING = YES
 
-PERL_CROSS_VERSION = 1.2
+PERL_CROSS_VERSION = 1.2.2
 # DO NOT refactor with the github helper (the result is not the same)
 PERL_CROSS_SITE = https://github.com/arsv/perl-cross/releases/download/$(PERL_CROSS_VERSION)
 PERL_CROSS_SOURCE = perl-cross-$(PERL_CROSS_VERSION).tar.gz

package/php/0004-OPcache-flock-mechanism-is-obviously-linux-so-force-.patch

@@ -1,80 +0,0 @@
-From bedbd41ef0a5ce80b83a6f6eaebd7c90f0bc5615 Mon Sep 17 00:00:00 2001
-From: Gustavo Zacarias <gustavo@zacarias.com.ar>
-Date: Tue, 9 Aug 2016 11:52:19 +0200
-Subject: [PATCH] OPcache: flock mechanism is obviously linux so force it.
-
-Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
-Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
-[Bernd: update for 7.2.12 & 7.2.15]
----
- ext/opcache/config.m4 | 34 ++--------------------------------
- 1 file changed, 2 insertions(+), 32 deletions(-)
-
-diff --git a/ext/opcache/config.m4 b/ext/opcache/config.m4
-index fbb9b21..ffddc8e 100644
---- a/ext/opcache/config.m4
-+++ b/ext/opcache/config.m4
-@@ -343,58 +343,8 @@ int main() {
-     msg=yes,msg=no,msg=no)
-   AC_MSG_RESULT([$msg])
- 
--flock_type=unknown
--AC_MSG_CHECKING(for struct flock layout)
--
--if test "$flock_type" = "unknown"; then
--AC_TRY_RUN([
--  #include <fcntl.h>
--  struct flock lock = { 1, 2, 3, 4, 5, 6, 7 };
--  int main() {
--    if(lock.l_type == 1 && lock.l_whence == 2 && lock.l_start == 6 && lock.l_len== 7) {
--		return 0;
--    }
--    return 1;
--  }
--], [
--    flock_type=aix64
--    AC_DEFINE([HAVE_FLOCK_AIX64], [], [Struct flock is 64-bit AIX-type])
--], [])
--fi
--
--if test "$flock_type" = "unknown"; then
--AC_TRY_RUN([
--  #include <fcntl.h>
--  struct flock lock = { 1, 2, 3, 4, 5 };
--  int main() {
--    if(lock.l_type == 1 && lock.l_whence == 2 && lock.l_start == 3 && lock.l_len == 4) {
--		return 0;
--    }
--    return 1;
--  }
--], [
--	flock_type=linux
--    AC_DEFINE([HAVE_FLOCK_LINUX], [], [Struct flock is Linux-type])
--], [])
--fi
--
--if test "$flock_type" = "unknown"; then
--AC_TRY_RUN([
--  #include <fcntl.h>
--  struct flock lock = { 1, 2, 3, 4, 5 };
--  int main() {
--    if(lock.l_start == 1 && lock.l_len == 2 && lock.l_type == 4 && lock.l_whence == 5) {
--		return 0;
--    }
--    return 1;
--  }
--], [
--	flock_type=bsd
--    AC_DEFINE([HAVE_FLOCK_BSD], [], [Struct flock is BSD-type])
--], [])
--fi
--
--AC_MSG_RESULT([$flock_type])
-+flock_type=linux
-+AC_DEFINE([HAVE_FLOCK_LINUX], [], [Struct flock is Linux-type])
- 
- if test "$flock_type" = "unknown"; then
- 	AC_MSG_ERROR([Don't know how to define struct flock on this system[,] set --enable-opcache=no])
--- 
-2.7.4
-

package/php/php.hash

@@ -1,5 +1,5 @@
 # From http://php.net/downloads.php
-sha256 75e90012faef700dffb29311f3d24fa25f1a5e0f70254a9b8d5c794e25e938ce  php-7.2.15.tar.xz
+sha256 7d91ed3c1447c6358a3d53f84599ef854aca4c3622de7435e2df115bf196e482  php-7.2.16.tar.xz
 
 # License file
 sha256 f689b8fa63bea7950ce6a21bf52ed88ea0d77673ee76e6de12f51191174d91b8  LICENSE

package/php/php.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-PHP_VERSION = 7.2.15
+PHP_VERSION = 7.2.16
 PHP_SITE = http://www.php.net/distributions
 PHP_SOURCE = php-$(PHP_VERSION).tar.xz
 PHP_INSTALL_STAGING = YES

package/putty/0001-Fix-compilation-with-NO_GSSAPI.patch

@@ -0,0 +1,266 @@
+From 7ad08649a223a4cd61e67d8334a147f55c79399d Mon Sep 17 00:00:00 2001
+From: Jacob Nevins <jacobn@chiark.greenend.org.uk>
+Date: Mon, 25 Mar 2019 23:46:59 +0000
+Subject: [PATCH] Fix compilation with NO_GSSAPI.
+
+This is a fairly shallow patch, which removes the UI and interactions
+with external libraries. Some other machinery (which is dead code in
+this configuration) is left in place.
+
+Adapted by me from a patch by Jeroen Roovers.
+
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Upstream status: commit 7ad08649a22
+
+ config.c        |  4 ++++
+ settings.c      | 12 ++++++++++--
+ ssh.c           | 16 +++++++++++++++-
+ ssh2transport.c |  3 +--
+ ssh2userauth.c  |  8 ++++++--
+ sshserver.c     | 13 ++++++++++++-
+ 6 files changed, 48 insertions(+), 8 deletions(-)
+
+diff --git a/config.c b/config.c
+index 9c299feecc21..6528a9696584 100644
+--- a/config.c
++++ b/config.c
+@@ -2442,10 +2442,12 @@ void setup_config_box(struct controlbox *b, bool midsession,
+ 			      HELPCTX(ssh_kexlist),
+ 			      kexlist_handler, P(NULL));
+             c->listbox.height = KEX_MAX;
++#ifndef NO_GSSAPI
+ 	    ctrl_checkbox(s, "Attempt GSSAPI key exchange",
+ 			  'k', HELPCTX(ssh_gssapi),
+ 			  conf_checkbox_handler,
+ 			  I(CONF_try_gssapi_kex));
++#endif
+ 
+ 	    s = ctrl_getset(b, "Connection/SSH/Kex", "repeat",
+ 			    "Options controlling key re-exchange");
+@@ -2455,11 +2457,13 @@ void setup_config_box(struct controlbox *b, bool midsession,
+ 			 conf_editbox_handler,
+ 			 I(CONF_ssh_rekey_time),
+ 			 I(-1));
++#ifndef NO_GSSAPI
+             ctrl_editbox(s, "Minutes between GSS checks (0 for never)", NO_SHORTCUT, 20,
+                          HELPCTX(ssh_kex_repeat),
+                          conf_editbox_handler,
+                          I(CONF_gssapirekey),
+                          I(-1));
++#endif
+ 	    ctrl_editbox(s, "Max data before rekey (0 for no limit)", 'x', 20,
+ 			 HELPCTX(ssh_kex_repeat),
+ 			 conf_editbox_handler,
+diff --git a/settings.c b/settings.c
+index 8d56302677d9..54f5ab7b2919 100644
+--- a/settings.c
++++ b/settings.c
+@@ -592,21 +592,25 @@ void save_open_settings(settings_w *sesskey, Conf *conf)
+     write_setting_b(sesskey, "Compression", conf_get_bool(conf, CONF_compression));
+     write_setting_b(sesskey, "TryAgent", conf_get_bool(conf, CONF_tryagent));
+     write_setting_b(sesskey, "AgentFwd", conf_get_bool(conf, CONF_agentfwd));
++#ifndef NO_GSSAPI
+     write_setting_b(sesskey, "GssapiFwd", conf_get_bool(conf, CONF_gssapifwd));
++#endif
+     write_setting_b(sesskey, "ChangeUsername", conf_get_bool(conf, CONF_change_username));
+     wprefs(sesskey, "Cipher", ciphernames, CIPHER_MAX, conf, CONF_ssh_cipherlist);
+     wprefs(sesskey, "KEX", kexnames, KEX_MAX, conf, CONF_ssh_kexlist);
+     wprefs(sesskey, "HostKey", hknames, HK_MAX, conf, CONF_ssh_hklist);
+     write_setting_i(sesskey, "RekeyTime", conf_get_int(conf, CONF_ssh_rekey_time));
++#ifndef NO_GSSAPI
+     write_setting_i(sesskey, "GssapiRekey", conf_get_int(conf, CONF_gssapirekey));
++#endif
+     write_setting_s(sesskey, "RekeyBytes", conf_get_str(conf, CONF_ssh_rekey_data));
+     write_setting_b(sesskey, "SshNoAuth", conf_get_bool(conf, CONF_ssh_no_userauth));
+     write_setting_b(sesskey, "SshBanner", conf_get_bool(conf, CONF_ssh_show_banner));
+     write_setting_b(sesskey, "AuthTIS", conf_get_bool(conf, CONF_try_tis_auth));
+     write_setting_b(sesskey, "AuthKI", conf_get_bool(conf, CONF_try_ki_auth));
++#ifndef NO_GSSAPI
+     write_setting_b(sesskey, "AuthGSSAPI", conf_get_bool(conf, CONF_try_gssapi_auth));
+     write_setting_b(sesskey, "AuthGSSAPIKEX", conf_get_bool(conf, CONF_try_gssapi_kex));
+-#ifndef NO_GSSAPI
+     wprefs(sesskey, "GSSLibs", gsslibkeywords, ngsslibs, conf, CONF_ssh_gsslist);
+     write_setting_filename(sesskey, "GSSCustom", conf_get_filename(conf, CONF_ssh_gss_custom));
+ #endif
+@@ -937,7 +941,9 @@ void load_open_settings(settings_r *sesskey, Conf *conf)
+     gppb(sesskey, "TryAgent", true, conf, CONF_tryagent);
+     gppb(sesskey, "AgentFwd", false, conf, CONF_agentfwd);
+     gppb(sesskey, "ChangeUsername", false, conf, CONF_change_username);
++#ifndef NO_GSSAPI
+     gppb(sesskey, "GssapiFwd", false, conf, CONF_gssapifwd);
++#endif
+     gprefs(sesskey, "Cipher", "\0",
+ 	   ciphernames, CIPHER_MAX, conf, CONF_ssh_cipherlist);
+     {
+@@ -990,7 +996,9 @@ void load_open_settings(settings_r *sesskey, Conf *conf)
+     gprefs(sesskey, "HostKey", "ed25519,ecdsa,rsa,dsa,WARN",
+            hknames, HK_MAX, conf, CONF_ssh_hklist);
+     gppi(sesskey, "RekeyTime", 60, conf, CONF_ssh_rekey_time);
++#ifndef NO_GSSAPI
+     gppi(sesskey, "GssapiRekey", GSS_DEF_REKEY_MINS, conf, CONF_gssapirekey);
++#endif
+     gpps(sesskey, "RekeyBytes", "1G", conf, CONF_ssh_rekey_data);
+     {
+ 	/* SSH-2 only by default */
+@@ -1007,9 +1015,9 @@ void load_open_settings(settings_r *sesskey, Conf *conf)
+     gppb(sesskey, "SshBanner", true, conf, CONF_ssh_show_banner);
+     gppb(sesskey, "AuthTIS", false, conf, CONF_try_tis_auth);
+     gppb(sesskey, "AuthKI", true, conf, CONF_try_ki_auth);
++#ifndef NO_GSSAPI
+     gppb(sesskey, "AuthGSSAPI", true, conf, CONF_try_gssapi_auth);
+     gppb(sesskey, "AuthGSSAPIKEX", true, conf, CONF_try_gssapi_kex);
+-#ifndef NO_GSSAPI
+     gprefs(sesskey, "GSSLibs", "\0",
+ 	   gsslibkeywords, ngsslibs, conf, CONF_ssh_gsslist);
+     gppfile(sesskey, "GSSCustom", conf, CONF_ssh_gss_custom);
+diff --git a/ssh.c b/ssh.c
+index e35ebc64e2b5..e8ad61b8085d 100644
+--- a/ssh.c
++++ b/ssh.c
+@@ -50,7 +50,9 @@ struct Ssh {
+     ssh_sharing_state *connshare;
+     bool attempting_connshare;
+ 
++#ifndef NO_GSSAPI
+     struct ssh_connection_shared_gss_state gss_state;
++#endif
+ 
+     char *savedhost;
+     int savedport;
+@@ -252,10 +254,18 @@ static void ssh_got_ssh_version(struct ssh_version_receiver *rcv,
+                     conf_get_bool(ssh->conf, CONF_tryagent), username,
+                     conf_get_bool(ssh->conf, CONF_change_username),
+                     conf_get_bool(ssh->conf, CONF_try_ki_auth),
++#ifndef NO_GSSAPI
+                     conf_get_bool(ssh->conf, CONF_try_gssapi_auth),
+                     conf_get_bool(ssh->conf, CONF_try_gssapi_kex),
+                     conf_get_bool(ssh->conf, CONF_gssapifwd),
+-                    &ssh->gss_state);
++                    &ssh->gss_state
++#else
++                    false,
++                    false,
++                    false,
++                    NULL
++#endif
++                    );
+                 ssh_connect_ppl(ssh, userauth_layer);
+                 transport_child_layer = userauth_layer;
+ 
+@@ -267,7 +277,11 @@ static void ssh_got_ssh_version(struct ssh_version_receiver *rcv,
+                 ssh->fullhostname,
+                 ssh_verstring_get_local(old_bpp),
+                 ssh_verstring_get_remote(old_bpp),
++#ifndef NO_GSSAPI
+                 &ssh->gss_state,
++#else
++                NULL,
++#endif
+                 &ssh->stats, transport_child_layer, false);
+             ssh_connect_ppl(ssh, ssh->base_layer);
+ 
+diff --git a/ssh2transport.c b/ssh2transport.c
+index 8640d89d4be4..5e8955a0275f 100644
+--- a/ssh2transport.c
++++ b/ssh2transport.c
+@@ -1781,6 +1781,7 @@ static void ssh2_transport_gss_update(struct ssh2_transport_state *s,
+     if (mins > 0 && s->gss_ctxt_lifetime <= mins * 60)
+         s->gss_status |= GSS_CTXT_EXPIRES;
+ }
++#endif /* NO_GSSAPI */
+ 
+ ptrlen ssh2_transport_get_session_id(PacketProtocolLayer *ppl)
+ {
+@@ -1805,8 +1806,6 @@ void ssh2_transport_notify_auth_done(PacketProtocolLayer *ppl)
+     queue_idempotent_callback(&s->ppl.ic_process_queue);
+ }
+ 
+-#endif /* NO_GSSAPI */
+-
+ static bool ssh2_transport_get_specials(
+     PacketProtocolLayer *ppl, add_special_fn_t add_special, void *ctx)
+ {
+diff --git a/ssh2userauth.c b/ssh2userauth.c
+index fc4139230557..7f5a129295ab 100644
+--- a/ssh2userauth.c
++++ b/ssh2userauth.c
+@@ -613,8 +613,10 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
+                  * Scan it for method identifiers we know about.
+                  */
+                 bool srv_pubkey = false, srv_passwd = false;
+-                bool srv_keyb_inter = false, srv_gssapi = false;
+-                bool srv_gssapi_keyex_auth = false;
++                bool srv_keyb_inter = false;
++#ifndef NO_GSSAPI
++                bool srv_gssapi = false, srv_gssapi_keyex_auth = false;
++#endif
+ 
+                 for (ptrlen method; get_commasep_word(&methods, &method) ;) {
+                     if (ptrlen_eq_string(method, "publickey"))
+@@ -623,10 +625,12 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
+                         srv_passwd = true;
+                     else if (ptrlen_eq_string(method, "keyboard-interactive"))
+                         srv_keyb_inter = true;
++#ifndef NO_GSSAPI
+                     else if (ptrlen_eq_string(method, "gssapi-with-mic"))
+                         srv_gssapi = true;
+                     else if (ptrlen_eq_string(method, "gssapi-keyex"))
+                         srv_gssapi_keyex_auth = true;
++#endif
+                 }
+ 
+                 /*
+diff --git a/sshserver.c b/sshserver.c
+index 5f6e7ddeeaec..5c34bb356757 100644
+--- a/sshserver.c
++++ b/sshserver.c
+@@ -50,7 +50,9 @@ struct server {
+     PacketProtocolLayer *base_layer;
+     ConnectionLayer *cl;
+ 
++#ifndef NO_GSSAPI
+     struct ssh_connection_shared_gss_state gss_state;
++#endif
+ };
+ 
+ static void ssh_server_free_callback(void *vsrv);
+@@ -245,9 +247,11 @@ Plug *ssh_server_plug(
+     bufchain_init(&srv->out_raw);
+     bufchain_init(&srv->dummy_user_input);
+ 
++#ifndef NO_GSSAPI
+     /* FIXME: replace with sensible */
+     srv->gss_state.libs = snew(struct ssh_gss_liblist);
+     srv->gss_state.libs->nlibraries = 0;
++#endif
+ 
+     return &srv->plug;
+ }
+@@ -297,7 +301,9 @@ static void ssh_server_free_callback(void *vsrv)
+     conf_free(srv->conf);
+     log_free(srv->logctx);
+ 
++#ifndef NO_GSSAPI
+     sfree(srv->gss_state.libs);        /* FIXME: replace with sensible */
++#endif
+ 
+     sfree(srv);
+ 
+@@ -442,7 +448,12 @@ static void server_got_ssh_version(struct ssh_version_receiver *rcv,
+             srv->conf, NULL, 0, NULL,
+             ssh_verstring_get_remote(old_bpp),
+             ssh_verstring_get_local(old_bpp),
+-            &srv->gss_state, &srv->stats, transport_child_layer, true);
++#ifndef NO_GSSAPI
++            &srv->gss_state,
++#else
++            NULL,
++#endif
++            &srv->stats, transport_child_layer, true);
+         ssh2_transport_provide_hostkeys(
+             srv->base_layer, srv->hostkeys, srv->nhostkeys);
+         if (userauth_layer)
+-- 
+2.20.1
+

package/putty/0002-unix-uxpoll-need-_XOPEN_SOURCE.patch

@@ -0,0 +1,39 @@
+From c1b9d07d39e33e40d2ad04be176367cf48271cfd Mon Sep 17 00:00:00 2001
+From: Baruch Siach <baruch@tkos.co.il>
+Date: Tue, 26 Mar 2019 20:00:45 +0200
+Subject: [PATCH] unix/uxpoll: need _XOPEN_SOURCE
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The code needs _XOPEN_SOURCE for some poll() flags.
+
+Fix this build failure with uClibc:
+
+./../unix/uxpoll.c: In function ‘pollwrap_add_fd_rwx’:
+./../unix/uxpoll.c:75:32: error: ‘POLLRDNORM’ undeclared (first use in this function); did you mean ‘POLLNVAL’?
+ #define SELECT_R_IN (POLLIN  | POLLRDNORM | POLLRDBAND)
+                                ^
+./../unix/uxpoll.c:87:19: note: in expansion of macro ‘SELECT_R_IN’
+         events |= SELECT_R_IN;
+                   ^~~~~~~~~~~
+
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Upstream status: issue reported to upstream developers
+
+ unix/uxpoll.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/unix/uxpoll.c b/unix/uxpoll.c
+index bbc5490d125d..6fe6ac7ba0c1 100644
+--- a/unix/uxpoll.c
++++ b/unix/uxpoll.c
+@@ -1,3 +1,4 @@
++#define _XOPEN_SOURCE
+ #include <poll.h>
+ 
+ #include "putty.h"
+-- 
+2.20.1
+

package/putty/0003-Fix-uClibc-build-issues.patch

@@ -0,0 +1,93 @@
+From 0554cfbb926a2ba26efda08865b270af8536e0bb Mon Sep 17 00:00:00 2001
+From: Simon Tatham <anakin@pobox.com>
+Date: Tue, 26 Mar 2019 20:03:09 +0200
+Subject: [PATCH] Fix uClibc build issues
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix two uClibc build failures.
+
+Missing sys/auxv.h header:
+
+./../unix/uxutils.c:5:10: fatal error: sys/auxv.h: No such file or directory
+ #include <sys/auxv.h>
+          ^~~~~~~~~~~~
+
+Missing futimes() implementation:
+
+./../unix/uxsftpserver.c: In function ‘uss_fsetstat’:
+./../unix/uxsftpserver.c:441:25: warning: implicit declaration of function ‘futimes’; did you mean ‘lutimes’? [-Wimplicit-function-declaration]
+ #define FD_PREFIX(func) f ## func
+                         ^
+./../unix/uxsftpserver.c:435:17: note: in expansion of macro ‘FD_PREFIX’
+             if (api_prefix(utimes)(api_arg, tv) < 0)                    \
+                 ^~~~~~~~~~
+./../unix/uxsftpserver.c:470:5: note: in expansion of macro ‘SETSTAT_GUTS’
+     SETSTAT_GUTS(FD_PREFIX, fd, attrs, success);
+     ^~~~~~~~~~~~
+
+unix/uxsftpserver.o: In function `uss_fsetstat':
+uxsftpserver.c:(.text+0x1058): undefined reference to `futimes'
+
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Upstream status: patch suggested by upstream developer Simon Tatham
+
+ configure.ac        |  3 ++-
+ unix/uxsftpserver.c | 10 ++++++++++
+ unix/uxutils.c      |  3 ++-
+ 3 files changed, 14 insertions(+), 2 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 35552ed24dbe..1949ef62f219 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -173,8 +173,9 @@ AC_CHECK_LIB(X11, XOpenDisplay,
+              [GTK_LIBS="-lX11 $GTK_LIBS"
+               AC_DEFINE([HAVE_LIBX11],[],[Define if libX11.a is available])])
+ 
+-AC_CHECK_FUNCS([getaddrinfo posix_openpt ptsname setresuid strsignal updwtmpx fstatat dirfd])
++AC_CHECK_FUNCS([getaddrinfo posix_openpt ptsname setresuid strsignal updwtmpx fstatat dirfd futimes])
+ AC_CHECK_DECLS([CLOCK_MONOTONIC], [], [], [[#include <time.h>]])
++AC_CHECK_HEADERS([sys/auxv.h asm/hwcap.h])
+ AC_SEARCH_LIBS([clock_gettime], [rt], [AC_DEFINE([HAVE_CLOCK_GETTIME],[],[Define if clock_gettime() is available])])
+ 
+ AC_CACHE_CHECK([for SO_PEERCRED and dependencies], [x_cv_linux_so_peercred], [
+diff --git a/unix/uxsftpserver.c b/unix/uxsftpserver.c
+index 6fab0ba090d6..a90344e04219 100644
+--- a/unix/uxsftpserver.c
++++ b/unix/uxsftpserver.c
+@@ -412,6 +412,16 @@ static void uss_fstat(SftpServer *srv, SftpReplyBuilder *reply,
+     }
+ }
+ 
++#if !HAVE_FUTIMES
++static inline int futimes(int fd, const struct timeval tv[2])
++{
++    /* If the OS doesn't support futimes(3) then we have to pretend it
++     * always returns failure */
++    errno = EINVAL;
++    return -1;
++}
++#endif
++
+ /*
+  * The guts of setstat and fsetstat, macroised so that they can call
+  * fchown(fd,...) or chown(path,...) depending on parameters.
+diff --git a/unix/uxutils.c b/unix/uxutils.c
+index fcbcc4d422c1..f01bc2c14a2d 100644
+--- a/unix/uxutils.c
++++ b/unix/uxutils.c
+@@ -1,6 +1,7 @@
+ #include "ssh.h"
+ 
+-#if defined __linux__ && (defined __arm__ || defined __aarch64__)
++#if defined __linux__ && (defined __arm__ || defined __aarch64__) && \
++    HAVE_SYS_AUXV_H && HAVE_ASM_HWCAP_H
+ 
+ #include <sys/auxv.h>
+ #include <asm/hwcap.h>
+-- 
+2.20.1
+

package/putty/putty.hash

@@ -1,3 +1,6 @@
-# Hashes from: http://the.earth.li/~sgtatham/putty/0.70/{sha256,sha512}sums
-sha256 bb8aa49d6e96c5a8e18a057f3150a1695ed99a24eef699e783651d1f24e7b0be                                                                 putty-0.70.tar.gz
-sha512 2aaf4fa2b4ad2d82eb5cdc4419ade79e0c5d8bd3c093db92b3c048e6107f85a5f1647f9d8203cda0906ce2b926725a75319f981cb32e6f1ebf50b1f738564fed putty-0.70.tar.gz
+# Hashes from: http://the.earth.li/~sgtatham/putty/0.71/{sha256,sha512}sums
+sha256 2f931ce2f89780cc8ca7bbed90fcd22c44515d2773f5fa954069e209b48ec6b8                                                                 putty-0.71.tar.gz
+sha512 f8791210bd5925b26d51b13f0558eea15dbac40808051165b236d6436226f5c2b0aa7d69288ed9e2bddc1066455678cfd0af73ef6b715a136c42f3b6f754ac07 putty-0.71.tar.gz
+
+# Locally calculated
+sha256 b517b4a9504ba0f651d5e590245197b88d9a81d073905cc798cc9464c5ca7ba8  LICENCE

package/putty/putty.mk

@@ -4,13 +4,14 @@
 #
 ################################################################################
 
-PUTTY_VERSION = 0.70
+PUTTY_VERSION = 0.71
 PUTTY_SITE = http://the.earth.li/~sgtatham/putty/$(PUTTY_VERSION)
-PUTTY_SUBDIR = unix
 PUTTY_LICENSE = MIT
 PUTTY_LICENSE_FILES = LICENCE
 PUTTY_CONF_OPTS = --disable-gtktest
 PUTTY_CONF_ENV = CFLAGS="$(TARGET_CFLAGS) -Wno-error"
+# Patching configure.ac
+PUTTY_AUTORECONF = YES
 
 ifeq ($(BR2_PACKAGE_LIBGTK2),y)
 PUTTY_CONF_OPTS += --with-gtk=2

package/qt5/qt5webkit/Config.in

@@ -3,10 +3,13 @@ config BR2_PACKAGE_QT5WEBKIT
 	depends on !BR2_STATIC_LIBS
 	depends on BR2_PACKAGE_QT5_JSCORE_AVAILABLE
 	depends on BR2_HOST_GCC_AT_LEAST_4_8 # icu
+	depends on BR2_INSTALL_LIBSTDCPP # leveldb
 	depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_8 # icu
+	depends on BR2_TOOLCHAIN_HAS_THREADS # leveldb
 	depends on !BR2_BINFMT_FLAT # icu
 	# assumes a FPU is available on MIPS
 	depends on !BR2_MIPS_SOFT_FLOAT
+	select BR2_PACKAGE_LEVELDB
 	select BR2_PACKAGE_QT5BASE
 	select BR2_PACKAGE_QT5BASE_ICU
 	select BR2_PACKAGE_QT5BASE_GUI

package/qt5/qt5webkit/qt5webkit.mk

@@ -16,7 +16,7 @@ endif
 QT5WEBKIT_SOURCE = qtwebkit-opensource-src-$(QT5WEBKIT_VERSION).tar.xz
 QT5WEBKIT_DEPENDENCIES = \
 	host-bison host-flex host-gperf host-python host-ruby \
-	qt5base sqlite
+	leveldb qt5base sqlite
 QT5WEBKIT_INSTALL_STAGING = YES
 
 QT5WEBKIT_LICENSE_FILES = Source/WebCore/LICENSE-LGPL-2 Source/WebCore/LICENSE-LGPL-2.1
@@ -45,7 +45,7 @@ endef
 QT5WEBKIT_PRE_CONFIGURE_HOOKS += QT5WEBKIT_PYTHON2_SYMLINK
 
 define QT5WEBKIT_CONFIGURE_CMDS
-	(cd $(@D); $(TARGET_MAKE_ENV) $(QT5WEBKIT_ENV) $(HOST_DIR)/bin/qmake)
+	(cd $(@D); $(TARGET_MAKE_ENV) $(QT5WEBKIT_ENV) $(HOST_DIR)/bin/qmake WEBKIT_CONFIG+=use_system_leveldb)
 endef
 
 define QT5WEBKIT_BUILD_CMDS

package/rdesktop/0002-openssl11.patch

@@ -1,130 +0,0 @@
-From bd6aa6acddf0ba640a49834807872f4cc0d0a773 Mon Sep 17 00:00:00 2001
-From: Jani Hakala <jjhakala@gmail.com>
-Date: Thu, 16 Jun 2016 14:28:15 +0300
-Subject: [PATCH] Fix OpenSSL 1.1 compability issues
-
-Some data types have been made opaque in OpenSSL version 1.1 so
-stack allocation and accessing struct fields directly does not work.
-
-Downloaded from upstream commit
-https://github.com/rdesktop/rdesktop/commit/bd6aa6acddf0ba640a49834807872f4cc0d0a773
-
-Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
----
- ssl.c | 65 ++++++++++++++++++++++++++++++++++++-----------------------
- 1 file changed, 40 insertions(+), 25 deletions(-)
-
-diff --git a/ssl.c b/ssl.c
-index 48751255..032e9b9e 100644
---- a/ssl.c
-+++ b/ssl.c
-@@ -88,7 +88,7 @@ rdssl_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 *
- 		  uint8 * exponent)
- {
- 	BN_CTX *ctx;
--	BIGNUM mod, exp, x, y;
-+	BIGNUM *mod, *exp, *x, *y;
- 	uint8 inr[SEC_MAX_MODULUS_SIZE];
- 	int outlen;
- 
-@@ -98,24 +98,24 @@ rdssl_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 *
- 	reverse(inr, len);
- 
- 	ctx = BN_CTX_new();
--	BN_init(&mod);
--	BN_init(&exp);
--	BN_init(&x);
--	BN_init(&y);
--
--	BN_bin2bn(modulus, modulus_size, &mod);
--	BN_bin2bn(exponent, SEC_EXPONENT_SIZE, &exp);
--	BN_bin2bn(inr, len, &x);
--	BN_mod_exp(&y, &x, &exp, &mod, ctx);
--	outlen = BN_bn2bin(&y, out);
-+	mod = BN_new();
-+	exp = BN_new();
-+	x = BN_new();
-+	y = BN_new();
-+
-+	BN_bin2bn(modulus, modulus_size, mod);
-+	BN_bin2bn(exponent, SEC_EXPONENT_SIZE, exp);
-+	BN_bin2bn(inr, len, x);
-+	BN_mod_exp(y, x, exp, mod, ctx);
-+	outlen = BN_bn2bin(y, out);
- 	reverse(out, outlen);
- 	if (outlen < (int) modulus_size)
- 		memset(out + outlen, 0, modulus_size - outlen);
- 
--	BN_free(&y);
--	BN_clear_free(&x);
--	BN_free(&exp);
--	BN_free(&mod);
-+	BN_free(y);
-+	BN_clear_free(x);
-+	BN_free(exp);
-+	BN_free(mod);
- 	BN_CTX_free(ctx);
- }
- 
-@@ -146,12 +146,20 @@ rdssl_cert_to_rkey(RDSSL_CERT * cert, uint32 * key_len)
- 
- 	   Kudos to Richard Levitte for the following (. intiutive .) 
- 	   lines of code that resets the OID and let's us extract the key. */
--	nid = OBJ_obj2nid(cert->cert_info->key->algor->algorithm);
-+
-+	X509_PUBKEY *key = NULL;
-+	X509_ALGOR *algor = NULL;
-+
-+	key = X509_get_X509_PUBKEY(cert);
-+	algor = X509_PUBKEY_get0_param(NULL, NULL, 0, &algor, key);
-+
-+	nid = OBJ_obj2nid(algor->algorithm);
-+
- 	if ((nid == NID_md5WithRSAEncryption) || (nid == NID_shaWithRSAEncryption))
- 	{
- 		DEBUG_RDP5(("Re-setting algorithm type to RSA in server certificate\n"));
--		ASN1_OBJECT_free(cert->cert_info->key->algor->algorithm);
--		cert->cert_info->key->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption);
-+		X509_PUBKEY_set0_param(key, OBJ_nid2obj(NID_rsaEncryption),
-+				       0, NULL, NULL, 0);
- 	}
- 	epk = X509_get_pubkey(cert);
- 	if (NULL == epk)
-@@ -201,14 +209,24 @@ rdssl_rkey_get_exp_mod(RDSSL_RKEY * rkey, uint8 * exponent, uint32 max_exp_len,
- {
- 	int len;
- 
--	if ((BN_num_bytes(rkey->e) > (int) max_exp_len) ||
--	    (BN_num_bytes(rkey->n) > (int) max_mod_len))
-+	BIGNUM *e = NULL;
-+	BIGNUM *n = NULL;
-+
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+	e = rkey->e;
-+	n = rkey->n;
-+#else
-+	RSA_get0_key(rkey, &e, &n, NULL);
-+#endif
-+
-+	if ((BN_num_bytes(e) > (int) max_exp_len) ||
-+	    (BN_num_bytes(n) > (int) max_mod_len))
- 	{
- 		return 1;
- 	}
--	len = BN_bn2bin(rkey->e, exponent);
-+	len = BN_bn2bin(e, exponent);
- 	reverse(exponent, len);
--	len = BN_bn2bin(rkey->n, modulus);
-+	len = BN_bn2bin(n, modulus);
- 	reverse(modulus, len);
- 	return 0;
- }
-@@ -229,8 +247,5 @@ void
- rdssl_hmac_md5(const void *key, int key_len, const unsigned char *msg, int msg_len,
- 	       unsigned char *md)
- {
--	HMAC_CTX ctx;
--	HMAC_CTX_init(&ctx);
- 	HMAC(EVP_md5(), key, key_len, msg, msg_len, md, NULL);
--	HMAC_CTX_cleanup(&ctx);
- }

package/rdesktop/rdesktop.hash

@@ -1,3 +1,3 @@
-# From http://sourceforge.net/projects/rdesktop/files/rdesktop/1.8.3/
-md5	86e8b368a7c715e74ded92e0d7912dc5	rdesktop-1.8.3.tar.gz
-sha1	aa1e56043782e04a0121357b24874e3ad6ae7b1d	rdesktop-1.8.3.tar.gz
+# Locally calculated
+sha256	516f04df92f16eba04c96bbf9aeb05b9da686689c2bb5c107e0941583e09f933	rdesktop-1.8.4.tar.gz
+sha256	fc82ca8b6fdb18d4e3e85cfd8ab58d1bcd3f1b29abe782895abd91d64763f8e7	COPYING

package/rdesktop/rdesktop.mk

@@ -4,8 +4,8 @@
 #
 ################################################################################
 
-RDESKTOP_VERSION = 1.8.3
-RDESKTOP_SITE = http://downloads.sourceforge.net/project/rdesktop/rdesktop/$(RDESKTOP_VERSION)
+RDESKTOP_VERSION = 1.8.4
+RDESKTOP_SITE = $(call github,rdesktop,rdesktop,v$(RDESKTOP_VERSION))
 RDESKTOP_DEPENDENCIES = host-pkgconf openssl xlib_libX11 xlib_libXt \
 	$(if $(BR2_PACKAGE_ALSA_LIB_PCM),alsa-lib) \
 	$(if $(BR2_PACKAGE_LIBAO),libao) \
@@ -13,6 +13,8 @@ RDESKTOP_DEPENDENCIES = host-pkgconf openssl xlib_libX11 xlib_libXt \
 RDESKTOP_CONF_OPTS = --with-openssl=$(STAGING_DIR)/usr --disable-credssp
 RDESKTOP_LICENSE = GPL-3.0+
 RDESKTOP_LICENSE_FILES = COPYING
+# From git
+RDESKTOP_AUTORECONF = YES
 
 ifeq ($(BR2_PACKAGE_PCSC_LITE),y)
 RDESKTOP_DEPENDENCIES += pcsc-lite

package/runc/Config.in

@@ -3,14 +3,18 @@ config BR2_PACKAGE_RUNC
 	depends on BR2_PACKAGE_HOST_GO_ARCH_SUPPORTS
 	depends on BR2_PACKAGE_HOST_GO_CGO_LINKING_SUPPORTS
 	depends on BR2_TOOLCHAIN_HAS_THREADS
+	depends on BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_11 # O_TMPFILE
 	depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve
+	depends on !BR2_TOOLCHAIN_EXTERNAL_CODESOURCERY_ARM # glibc < 2.19
 	help
 	  runC is a CLI tool for spawning and running containers
 	  according to the OCP specification.
 
 	  https://github.com/opencontainers/runc
 
-comment "runc needs a glibc or musl toolchain toolchain w/ threads"
+comment "runc needs a glibc or musl toolchain w/ threads, headers >= 3.11"
 	depends on BR2_PACKAGE_HOST_GO_ARCH_SUPPORTS && \
 		BR2_PACKAGE_HOST_GO_CGO_LINKING_SUPPORTS
-	depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_TOOLCHAN_USES_UCLIBC
+	depends on !BR2_TOOLCHAIN_HAS_THREADS || \
+		!BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_11 || BR2_TOOLCHAN_USES_UCLIBC
+	depends on !BR2_TOOLCHAIN_EXTERNAL_CODESOURCERY_ARM

package/samba4/samba4.hash

@@ -1,4 +1,4 @@
 # Locally calculated after checking pgp signature
-# https://download.samba.org/pub/samba/stable/samba-4.9.4.tar.asc
-sha256 6d98a8d8bcccbe788e4bbb406362e6676311aca711a3f3cc9b3a404bb9ff0b4f  samba-4.9.4.tar.gz
+# https://download.samba.org/pub/samba/stable/samba-4.9.5.tar.asc
+sha256 078956d2d98e22011265afd4b7221efe4861067dcba4a031583b01f34d423700  samba-4.9.5.tar.gz
 sha256 8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903  COPYING

package/samba4/samba4.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-SAMBA4_VERSION = 4.9.4
+SAMBA4_VERSION = 4.9.5
 SAMBA4_SITE = https://download.samba.org/pub/samba/stable
 SAMBA4_SOURCE = samba-$(SAMBA4_VERSION).tar.gz
 SAMBA4_INSTALL_STAGING = YES

package/swupdate/0001-Makefile-fix-static-build.patch

@@ -0,0 +1,62 @@
+From 15a324f8c67548f219256a5a75ba8123cc5bdac6 Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Mon, 4 Mar 2019 21:51:36 +0100
+Subject: [PATCH] Makefile: fix static build
+
+Don't build and install lua_swupdate.so if HAVE_LUA isn't set to y
+otherwise build will fail if the toolchain only suports building static
+libraries
+
+Fixes:
+ - http://autobuild.buildroot.org/results/c11c4d26983e0347d96f3dda62e6d72b031967bb
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Upstream status: https://github.com/sbabic/swupdate/pull/49]
+---
+ Makefile | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index cfeb9a6..cac99b5 100644
+--- a/Makefile
++++ b/Makefile
+@@ -369,11 +369,15 @@ tools-bins	:= $(patsubst $(tools-y)/%.c,$(tools-y)/%,$(wildcard $(tools-y)/*.c))
+ tools-bins-unstr:= $(patsubst %,%_unstripped,$(tools-bins))
+ tools-all	:= $(tools-objs)
+ 
++ifeq ($(HAVE_LUA),y)
++lua_swupdate	:= lua_swupdate.so
++endif
++
+ shared-dirs	:= $(shareds-y)
+ shared-libs	:= $(patsubst %,%/built-in.o, $(shareds-y))
+ shared-all	:= $(shared-libs)
+ 
+-all: swupdate ${tools-bins} lua_swupdate.so
++all: swupdate ${tools-bins} ${lua_swupdate}
+ 
+ # Do modpost on a prelinked vmlinux. The finally linked vmlinux has
+ # relevant sections renamed as per the linker script.
+@@ -434,7 +438,6 @@ install: all
+ 	install -d ${DESTDIR}/usr/bin
+ 	install -d ${DESTDIR}/usr/include
+ 	install -d ${DESTDIR}/usr/lib
+-	install -d ${DESTDIR}/usr/lib/lua/$(LUAVER)
+ 	install -m 755 swupdate ${DESTDIR}/usr/bin
+ 	for i in ${tools-bins};do \
+ 		install -m 755 $$i ${DESTDIR}/usr/bin; \
+@@ -443,7 +446,10 @@ install: all
+ 	install -m 0644 include/swupdate_status.h ${DESTDIR}/usr/include
+ 	install -m 0644 include/progress_ipc.h ${DESTDIR}/usr/include
+ 	install -m 0755 ipc/lib.a ${DESTDIR}/usr/lib/libswupdate.a
+-	install -m 0755 lua_swupdate.so $(DESTDIR)/usr/lib/lua/$(LUAVER)
++	if [ $(HAVE_LUA) = y ]; then \
++		install -d ${DESTDIR}/usr/lib/lua/$(LUAVER); \
++		install -m 0755 ${lua_swupdate} $(DESTDIR)/usr/lib/lua/$(LUAVER); \
++	fi
+ 
+ PHONY += run-tests
+ tests: \
+-- 
+2.14.1
+

package/systemd/0018-Refuse-dbus-message-paths-longer-than-BUS_PATH_SIZE_.patch

@@ -0,0 +1,53 @@
+From febef5e18558c114f4fb7c94f6c8ed3520c50cdf Mon Sep 17 00:00:00 2001
+From: Riccardo Schirone <rschiron@redhat.com>
+Date: Mon, 4 Feb 2019 14:29:09 +0100
+Subject: [PATCH] Refuse dbus message paths longer than BUS_PATH_SIZE_MAX
+ limit.
+
+Even though the dbus specification does not enforce any length limit on the
+path of a dbus message, having to analyze too long strings in PID1 may be
+time-consuming and it may have security impacts.
+
+In any case, the limit is set so high that real-life applications should not
+have a problem with it.
+
+(cherry picked from commit 61397a60d98e368a5720b37e83f3169e3eb511c4)
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Upstream status: commit 61397a60d98
+
+ src/libsystemd/sd-bus/bus-internal.c | 2 +-
+ src/libsystemd/sd-bus/bus-internal.h | 4 ++++
+ 2 files changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/libsystemd/sd-bus/bus-internal.c b/src/libsystemd/sd-bus/bus-internal.c
+index 40acae213381..598b7f110c73 100644
+--- a/src/libsystemd/sd-bus/bus-internal.c
++++ b/src/libsystemd/sd-bus/bus-internal.c
+@@ -43,7 +43,7 @@ bool object_path_is_valid(const char *p) {
+         if (slash)
+                 return false;
+ 
+-        return true;
++        return (q - p) <= BUS_PATH_SIZE_MAX;
+ }
+ 
+ char* object_path_startswith(const char *a, const char *b) {
+diff --git a/src/libsystemd/sd-bus/bus-internal.h b/src/libsystemd/sd-bus/bus-internal.h
+index f208b294d8f1..a8d61bf72a4e 100644
+--- a/src/libsystemd/sd-bus/bus-internal.h
++++ b/src/libsystemd/sd-bus/bus-internal.h
+@@ -332,6 +332,10 @@ struct sd_bus {
+ 
+ #define BUS_MESSAGE_SIZE_MAX (128*1024*1024)
+ #define BUS_AUTH_SIZE_MAX (64*1024)
++/* Note that the D-Bus specification states that bus paths shall have no size limit. We enforce here one
++ * anyway, since truly unbounded strings are a security problem. The limit we pick is relatively large however,
++ * to not clash unnecessarily with real-life applications. */
++#define BUS_PATH_SIZE_MAX (64*1024)
+ 
+ #define BUS_CONTAINER_DEPTH 128
+ 
+-- 
+2.20.1
+

package/systemd/0019-Allocate-temporary-strings-to-hold-dbus-paths-on-the.patch

@@ -0,0 +1,194 @@
+From 9e3f5a77226d5320270c92df001f6c79be735af3 Mon Sep 17 00:00:00 2001
+From: Riccardo Schirone <rschiron@redhat.com>
+Date: Mon, 4 Feb 2019 14:29:28 +0100
+Subject: [PATCH] Allocate temporary strings to hold dbus paths on the heap
+
+Paths are limited to BUS_PATH_SIZE_MAX but the maximum size is anyway too big
+to be allocated on the stack, so let's switch to the heap where there is a
+clear way to understand if the allocation fails.
+
+(cherry picked from commit f519a19bcd5afe674a9b8fc462cd77d8bad403c1)
+[baruch: backport to v240]
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Upstream status: commit f519a19bcd5
+
+ src/libsystemd/sd-bus/bus-objects.c | 68 +++++++++++++++++++++++------
+ 1 file changed, 54 insertions(+), 14 deletions(-)
+
+diff --git a/src/libsystemd/sd-bus/bus-objects.c b/src/libsystemd/sd-bus/bus-objects.c
+index d0538104ae25..54b977418e03 100644
+--- a/src/libsystemd/sd-bus/bus-objects.c
++++ b/src/libsystemd/sd-bus/bus-objects.c
+@@ -1133,7 +1133,8 @@ static int object_manager_serialize_path_and_fallbacks(
+                 const char *path,
+                 sd_bus_error *error) {
+ 
+-        char *prefix;
++        _cleanup_free_ char *prefix = NULL;
++        size_t pl;
+         int r;
+ 
+         assert(bus);
+@@ -1149,7 +1150,12 @@ static int object_manager_serialize_path_and_fallbacks(
+                 return 0;
+ 
+         /* Second, add fallback vtables registered for any of the prefixes */
+-        prefix = alloca(strlen(path) + 1);
++        pl = strlen(path);
++        assert(pl <= BUS_PATH_SIZE_MAX);
++        prefix = new(char, pl + 1);
++        if (!prefix)
++                return -ENOMEM;
++
+         OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
+                 r = object_manager_serialize_path(bus, reply, prefix, path, true, error);
+                 if (r < 0)
+@@ -1345,6 +1351,7 @@ static int object_find_and_run(
+ }
+ 
+ int bus_process_object(sd_bus *bus, sd_bus_message *m) {
++        _cleanup_free_ char *prefix = NULL;
+         int r;
+         size_t pl;
+         bool found_object = false;
+@@ -1369,9 +1376,12 @@ int bus_process_object(sd_bus *bus, sd_bus_message *m) {
+         assert(m->member);
+ 
+         pl = strlen(m->path);
+-        do {
+-                char prefix[pl+1];
++        assert(pl <= BUS_PATH_SIZE_MAX);
++        prefix = new(char, pl + 1);
++        if (!prefix)
++                return -ENOMEM;
+ 
++        do {
+                 bus->nodes_modified = false;
+ 
+                 r = object_find_and_run(bus, m, m->path, false, &found_object);
+@@ -1498,9 +1508,15 @@ static int bus_find_parent_object_manager(sd_bus *bus, struct node **out, const
+ 
+         n = hashmap_get(bus->nodes, path);
+         if (!n) {
+-                char *prefix;
++                _cleanup_free_ char *prefix = NULL;
++                size_t pl;
++
++                pl = strlen(path);
++                assert(pl <= BUS_PATH_SIZE_MAX);
++                prefix = new(char, pl + 1);
++                if (!prefix)
++                        return -ENOMEM;
+ 
+-                prefix = alloca(strlen(path) + 1);
+                 OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
+                         n = hashmap_get(bus->nodes, prefix);
+                         if (n)
+@@ -2083,8 +2099,9 @@ _public_ int sd_bus_emit_properties_changed_strv(
+                 const char *interface,
+                 char **names) {
+ 
++        _cleanup_free_ char *prefix = NULL;
+         bool found_interface = false;
+-        char *prefix;
++        size_t pl;
+         int r;
+ 
+         assert_return(bus, -EINVAL);
+@@ -2105,6 +2122,12 @@ _public_ int sd_bus_emit_properties_changed_strv(
+ 
+         BUS_DONT_DESTROY(bus);
+ 
++        pl = strlen(path);
++        assert(pl <= BUS_PATH_SIZE_MAX);
++        prefix = new(char, pl + 1);
++        if (!prefix)
++                return -ENOMEM;
++
+         do {
+                 bus->nodes_modified = false;
+ 
+@@ -2114,7 +2137,6 @@ _public_ int sd_bus_emit_properties_changed_strv(
+                 if (bus->nodes_modified)
+                         continue;
+ 
+-                prefix = alloca(strlen(path) + 1);
+                 OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
+                         r = emit_properties_changed_on_interface(bus, prefix, path, interface, true, &found_interface, names);
+                         if (r != 0)
+@@ -2246,7 +2268,8 @@ static int object_added_append_all_prefix(
+ 
+ static int object_added_append_all(sd_bus *bus, sd_bus_message *m, const char *path) {
+         _cleanup_set_free_ Set *s = NULL;
+-        char *prefix;
++        _cleanup_free_ char *prefix = NULL;
++        size_t pl;
+         int r;
+ 
+         assert(bus);
+@@ -2291,7 +2314,12 @@ static int object_added_append_all(sd_bus *bus, sd_bus_message *m, const char *p
+         if (bus->nodes_modified)
+                 return 0;
+ 
+-        prefix = alloca(strlen(path) + 1);
++        pl = strlen(path);
++        assert(pl <= BUS_PATH_SIZE_MAX);
++        prefix = new(char, pl + 1);
++        if (!prefix)
++                return -ENOMEM;
++
+         OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
+                 r = object_added_append_all_prefix(bus, m, s, prefix, path, true);
+                 if (r < 0)
+@@ -2430,7 +2458,8 @@ static int object_removed_append_all_prefix(
+ 
+ static int object_removed_append_all(sd_bus *bus, sd_bus_message *m, const char *path) {
+         _cleanup_set_free_ Set *s = NULL;
+-        char *prefix;
++        _cleanup_free_ char *prefix = NULL;
++        size_t pl;
+         int r;
+ 
+         assert(bus);
+@@ -2462,7 +2491,12 @@ static int object_removed_append_all(sd_bus *bus, sd_bus_message *m, const char
+         if (bus->nodes_modified)
+                 return 0;
+ 
+-        prefix = alloca(strlen(path) + 1);
++        pl = strlen(path);
++        assert(pl <= BUS_PATH_SIZE_MAX);
++        prefix = new(char, pl + 1);
++        if (!prefix)
++                return -ENOMEM;
++
+         OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
+                 r = object_removed_append_all_prefix(bus, m, s, prefix, path, true);
+                 if (r < 0)
+@@ -2612,7 +2646,8 @@ static int interfaces_added_append_one(
+                 const char *path,
+                 const char *interface) {
+ 
+-        char *prefix;
++        _cleanup_free_ char *prefix = NULL;
++        size_t pl;
+         int r;
+ 
+         assert(bus);
+@@ -2626,7 +2661,12 @@ static int interfaces_added_append_one(
+         if (bus->nodes_modified)
+                 return 0;
+ 
+-        prefix = alloca(strlen(path) + 1);
++        pl = strlen(path);
++        assert(pl <= BUS_PATH_SIZE_MAX);
++        prefix = new(char, pl + 1);
++        if (!prefix)
++                return -ENOMEM;
++
+         OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
+                 r = interfaces_added_append_one_prefix(bus, m, prefix, path, interface, true);
+                 if (r != 0)
+-- 
+2.20.1
+

package/systemd/systemd.mk

@@ -376,19 +376,26 @@ endef
 
 ifneq ($(call qstrip,$(BR2_TARGET_GENERIC_GETTY_PORT)),)
 # systemd needs getty.service for VTs and serial-getty.service for serial ttys
+# note that console-getty.service should be used on /dev/console as it should not have dependencies
 # also patch the file to use the correct baud-rate, the default baudrate is 115200 so look for that
 define SYSTEMD_INSTALL_SERVICE_TTY
-	if echo $(BR2_TARGET_GENERIC_GETTY_PORT) | egrep -q 'tty[0-9]*$$'; \
+	if [ $(BR2_TARGET_GENERIC_GETTY_PORT) = "console" ]; \
 	then \
-		SERVICE="getty"; \
+		TARGET="console-getty.service"; \
+		LINK_NAME="console-getty.service"; \
+	elif echo $(BR2_TARGET_GENERIC_GETTY_PORT) | egrep -q 'tty[0-9]*$$'; \
+	then \
+		TARGET="getty@.service"; \
+		LINK_NAME="getty@$(call qstrip,$(BR2_TARGET_GENERIC_GETTY_PORT)).service"; \
 	else \
-		SERVICE="serial-getty"; \
+		TARGET="serial-getty@.service"; \
+		LINK_NAME="serial-getty@$(call qstrip,$(BR2_TARGET_GENERIC_GETTY_PORT)).service"; \
 	fi; \
-	ln -fs ../../../../lib/systemd/system/$${SERVICE}@.service \
-		$(TARGET_DIR)/etc/systemd/system/getty.target.wants/$${SERVICE}@$(BR2_TARGET_GENERIC_GETTY_PORT).service; \
+	ln -fs ../../../../lib/systemd/system/$${TARGET} \
+		$(TARGET_DIR)/etc/systemd/system/getty.target.wants/$${LINK_NAME}; \
 	if [ $(call qstrip,$(BR2_TARGET_GENERIC_GETTY_BAUDRATE)) -gt 0 ] ; \
 	then \
-		$(SED) 's,115200,$(BR2_TARGET_GENERIC_GETTY_BAUDRATE),' $(TARGET_DIR)/lib/systemd/system/$${SERVICE}@.service; \
+		$(SED) 's,115200,$(BR2_TARGET_GENERIC_GETTY_BAUDRATE),' $(TARGET_DIR)/lib/systemd/system/$${TARGET}; \
 	fi
 endef
 endif

package/tor/tor.hash

@@ -1,3 +1,3 @@
 # Locally computed
-sha256 1a171081f02b9a6ff9e28c0898defb7670e5bbb3bdbcaddfcf4e4304aedd164a  tor-0.3.4.9.tar.gz
+sha256 58c65dc7728fbf92e36c2d95f1f2cc9b82b6e5466d5a19c9524a176fd0148412  tor-0.3.4.11.tar.gz
 sha256 f9a4f724d8037711dde7d3f1d17094fb7d211545b3a3bbb1b03e769e13ca5608  LICENSE

package/tor/tor.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-TOR_VERSION = 0.3.4.9
+TOR_VERSION = 0.3.4.11
 TOR_SITE = https://dist.torproject.org
 TOR_LICENSE = BSD-3-Clause
 TOR_LICENSE_FILES = LICENSE

package/vsftpd/0004-Prevent-hang-in-SIGCHLD-handler.patch

@@ -0,0 +1,87 @@
+From 1e65a0a15f819b8bf1b551bd84f71d0da1f5a00c Mon Sep 17 00:00:00 2001
+From: Martin Sehnoutka <msehnout@redhat.com>
+Date: Thu, 17 Nov 2016 13:02:27 +0100
+Subject: [PATCH] Prevent hanging in SIGCHLD handler.
+
+vsftpd can now handle pam_exec.so in pam.d config without hanging
+in SIGCHLD handler.
+
+[Abdelmalek:
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1198259
+Fetched from:
+https://src.fedoraproject.org/cgit/rpms/vsftpd.git/plain/0026-Prevent-hanging-in-SIGCHLD-handler.patch]
+Signed-off-by: Abdelmalek Benelouezzane <abdelmalek.benelouezzane@savoirfairelinux.com>
+---
+ sysutil.c    |  4 ++--
+ sysutil.h    |  2 +-
+ twoprocess.c | 13 +++++++++++--
+ 3 files changed, 14 insertions(+), 5 deletions(-)
+
+diff --git a/sysutil.c b/sysutil.c
+index 6d7cb3f..099748f 100644
+--- a/sysutil.c
++++ b/sysutil.c
+@@ -608,13 +608,13 @@ vsf_sysutil_exit(int exit_code)
+ }
+ 
+ struct vsf_sysutil_wait_retval
+-vsf_sysutil_wait(void)
++vsf_sysutil_wait(int hang)
+ {
+   struct vsf_sysutil_wait_retval retval;
+   vsf_sysutil_memclr(&retval, sizeof(retval));
+   while (1)
+   {
+-    int sys_ret = wait(&retval.exit_status);
++    int sys_ret = waitpid(-1, &retval.exit_status, hang ? 0 : WNOHANG);
+     if (sys_ret < 0 && errno == EINTR)
+     {
+       vsf_sysutil_check_pending_actions(kVSFSysUtilUnknown, 0, 0);
+diff --git a/sysutil.h b/sysutil.h
+index c145bdf..13153cd 100644
+--- a/sysutil.h
++++ b/sysutil.h
+@@ -177,7 +177,7 @@ struct vsf_sysutil_wait_retval
+   int PRIVATE_HANDS_OFF_syscall_retval;
+   int PRIVATE_HANDS_OFF_exit_status;
+ };
+-struct vsf_sysutil_wait_retval vsf_sysutil_wait(void);
++struct vsf_sysutil_wait_retval vsf_sysutil_wait(int hang);
+ int vsf_sysutil_wait_reap_one(void);
+ int vsf_sysutil_wait_get_retval(
+   const struct vsf_sysutil_wait_retval* p_waitret);
+diff --git a/twoprocess.c b/twoprocess.c
+index 33d84dc..b1891e7 100644
+--- a/twoprocess.c
++++ b/twoprocess.c
+@@ -47,8 +47,17 @@ static void
+ handle_sigchld(void* duff)
+ {
+ 
+-  struct vsf_sysutil_wait_retval wait_retval = vsf_sysutil_wait();
++  struct vsf_sysutil_wait_retval wait_retval = vsf_sysutil_wait(0);
+   (void) duff;
++  if (!vsf_sysutil_wait_get_exitcode(&wait_retval) &&
++      !vsf_sysutil_wait_get_retval(&wait_retval))
++    /* There was nobody to wait for, possibly caused by underlying library
++     * which created a new process through fork()/vfork() and already picked
++     * it up, e.g. by pam_exec.so or integrity check routines for libraries
++     * when FIPS mode is on (nss freebl), which can lead to calling prelink
++     * if the prelink package is installed.
++     */
++    return;
+   /* Child died, so we'll do the same! Report it as an error unless the child
+    * exited normally with zero exit code
+    */
+@@ -390,7 +399,7 @@ common_do_login(struct vsf_session* p_sess, const struct mystr* p_user_str,
+   priv_sock_send_result(p_sess->parent_fd, PRIV_SOCK_RESULT_OK);
+   if (!p_sess->control_use_ssl)
+   {
+-    (void) vsf_sysutil_wait();
++    (void) vsf_sysutil_wait(1);
+   }
+   else
+   {
+-- 
+2.14.4
+

package/wireshark/0001-packet-gtp-c-remove-unneeded-named-structures.patch

@@ -0,0 +1,75 @@
+From 020e25b660250c97c8085e64cf85074ccfcdd06b Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Tue, 5 Mar 2019 20:59:49 +0100
+Subject: [PATCH] packet-gtp.c: remove unneeded named structures
+
+In uclibc, _header is already in sigcontext.h:
+
+packet-gtp.c:2361:16: error: redefinition of 'struct _header'
+ typedef struct _header {
+                ^~~~~~~
+In file included from /home/dawncrow/buildroot-test/scripts/instance-0/output/host/i686-buildroot-linux-uclibc/sysroot/usr/include/bits/sigcontext.h:30:0,
+                 from /home/dawncrow/buildroot-test/scripts/instance-0/output/host/i686-buildroot-linux-uclibc/sysroot/usr/include/signal.h:311,
+                 from /home/dawncrow/buildroot-test/scripts/instance-0/output/host/i686-buildroot-linux-uclibc/sysroot/usr/include/glib-2.0/glib/gbacktrace.h:36,
+                 from /home/dawncrow/buildroot-test/scripts/instance-0/output/host/i686-buildroot-linux-uclibc/sysroot/usr/include/glib-2.0/glib.h:34,
+                 from ../../epan/proto.h:28,
+                 from ../../epan/packet.h:14,
+                 from packet-gtp.c:43:
+/home/dawncrow/buildroot-test/scripts/instance-0/output/host/i686-buildroot-linux-uclibc/sysroot/usr/include/asm/sigcontext.h:173:8: note: originally defined here
+ struct _header {
+
+To fix this issue, transform _header and other named structures (with
+the exception of gtp_conv_info_t) into unnamed structures
+
+Fixes:
+ - http://autobuild.buildroot.org/results/c41d42fe3489bc63c42e7ce7a9eccb1b4ca7b9b2
+
+Change-Id: I78116233c2a8dd7c54723b7cb558254bd5143bd2
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Reviewed-on: https://code.wireshark.org/review/32335
+Petri-Dish: Guy Harris <guy@alum.mit.edu>
+Tested-by: Petri Dish Buildbot
+Reviewed-by: Guy Harris <guy@alum.mit.edu>
+[Retrieved from:
+https://github.com/wireshark/wireshark/commit/020e25b660250c97c8085e64cf85074ccfcdd06b]
+---
+ epan/dissectors/packet-gtp.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/epan/dissectors/packet-gtp.c b/epan/dissectors/packet-gtp.c
+index 4c40e7aa54..971197e4ae 100644
+--- a/epan/dissectors/packet-gtp.c
++++ b/epan/dissectors/packet-gtp.c
+@@ -2170,7 +2170,7 @@ GHashTable* session_table;
+ /* Relation between <teid,ip> -> frame */
+ wmem_tree_t* frame_tree;
+ 
+-typedef struct gtp_info {
++typedef struct {
+     guint32 teid;
+     guint32 frame;
+ } gtp_info_t;
+@@ -2482,7 +2482,7 @@ static int decode_gtp_node_addr(tvbuff_t * tvb, int offset, packet_info * pinfo,
+ static int decode_gtp_priv_ext(tvbuff_t * tvb, int offset, packet_info * pinfo, proto_tree * tree, session_args_t * args _U_);
+ static int decode_gtp_unknown(tvbuff_t * tvb, int offset, packet_info * pinfo, proto_tree * tree, session_args_t * args _U_);
+ 
+-typedef struct _gtp_opt {
++typedef struct {
+     int optcode;
+     int (*decode) (tvbuff_t *, int, packet_info *, proto_tree *, session_args_t *);
+ } gtp_opt_t;
+@@ -2661,12 +2661,12 @@ id_to_str(tvbuff_t *tvb, gint offset)
+ /* Next definitions and function check_field_presence checks if given field
+  * in GTP packet is compliant with ETSI
+  */
+-typedef struct _header {
++typedef struct {
+     guint8 code;
+     guint8 presence;
+ } ext_header;
+ 
+-typedef struct _message {
++typedef struct {
+     guint8 code;
+     ext_header fields[32];
+ } _gtp_mess_items;

package/wireshark/wireshark.hash

@@ -1,4 +1,4 @@
-# From: https://www.wireshark.org/download/src/all-versions/SIGNATURES-2.6.6.txt
-sha256 487933ea075bdbb25d8df06017d9c4f49fc20eb7f6ec80af086718ed5550e863  wireshark-2.6.6.tar.xz
+# From: https://www.wireshark.org/download/src/all-versions/SIGNATURES-2.6.7.txt
+sha256 747b3e7a37414942959f76f198be49dcbcca936bda538c4408942ce71bfd2b71  wireshark-2.6.7.tar.xz
 # Locally calculated
 sha256 7cdbed2b697efaa45576a033f1ac0e73cd045644a91c79bbf41d4a7d81dac7bf  COPYING

package/wireshark/wireshark.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-WIRESHARK_VERSION = 2.6.6
+WIRESHARK_VERSION = 2.6.7
 WIRESHARK_SOURCE = wireshark-$(WIRESHARK_VERSION).tar.xz
 WIRESHARK_SITE = https://www.wireshark.org/download/src/all-versions
 WIRESHARK_LICENSE = wireshark license
@@ -145,6 +145,13 @@ else
 WIRESHARK_CONF_OPTS += --without-snappy
 endif
 
+ifeq ($(BR2_PACKAGE_SPANDSP),y)
+WIRESHARK_CONF_OPTS += --with-spandsp
+WIRESHARK_DEPENDENCIES += spandsp
+else
+WIRESHARK_CONF_OPTS += --without-spandsp
+endif
+
 define WIRESHARK_REMOVE_DOCS
 	find $(TARGET_DIR)/usr/share/wireshark -name '*.txt' -print0 \
 		-o -name '*.html' -print0 | xargs -0 rm -f

package/x11r7/xapp_xdm/xapp_xdm.hash

@@ -1,2 +1,7 @@
-# From http://lists.x.org/archives/xorg-announce/2011-September/001737.html
-sha256	d4da426ddea0124279a3f2e00a26db61944690628ee818a64df9d27352081c47	xdm-1.1.11.tar.bz2
+# From https://lists.x.org/archives/xorg-announce/2019-March/002959.html
+md5 47c4c3bf8d59b64b64d134df8b5e5ec5  xdm-1.1.12.tar.bz2
+sha1 5cc5590e40837949b1a63cb030878f8ceebd4d85  xdm-1.1.12.tar.bz2
+sha256 0dd283f72dda098d09e2925b9278c95e21551e693a5802ab442d1b577d8327f4  xdm-1.1.12.tar.bz2
+sha512 1a4be0a070ced5db8fda6fc74794c9f9ed0cb37fa440fda6a3a7652aff62dfc3d7ba68b9facf054671ebf0f4db2a0eec29d0aa3716e3407ccd5529bac3553bdb  xdm-1.1.12.tar.bz2
+# Locally computed
+sha256 b33b4bebbd6511b3e15315e8e29d67f25334ee45da8b7da6e6e97c53a70c6923  COPYING

package/x11r7/xapp_xdm/xapp_xdm.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-XAPP_XDM_VERSION = 1.1.11
+XAPP_XDM_VERSION = 1.1.12
 XAPP_XDM_SOURCE = xdm-$(XAPP_XDM_VERSION).tar.bz2
 XAPP_XDM_SITE = http://xorg.freedesktop.org/releases/individual/app
 XAPP_XDM_LICENSE = MIT

package/x11r7/xlib_libXdmcp/xlib_libXdmcp.hash

@@ -1,2 +1,7 @@
-# From http://lists.x.org/archives/xorg-announce/2015-March/002554.html
-sha256	81fe09867918fff258296e1e1e159f0dc639cb30d201c53519f25ab73af4e4e2	libXdmcp-1.1.2.tar.bz2
+# From https://lists.x.org/archives/xorg-announce/2019-March/002974.html
+md5 115c5c12ecce0e749cd91d999a5fd160  libXdmcp-1.1.3.tar.bz2
+sha1 0a8f8a274f829331efb1e8e2027c38631b204dd0  libXdmcp-1.1.3.tar.bz2
+sha256 20523b44aaa513e17c009e873ad7bbc301507a3224c232610ce2e099011c6529  libXdmcp-1.1.3.tar.bz2
+sha512 cb1d4650f97d66e73acd2465ec7d757b9b797cce2f85e301860a44997a461837eea845ec9bd5b639ec5ca34c804f8bdd870697a5ce3f4e270b687c9ef74f25ec  libXdmcp-1.1.3.tar.bz2
+# Locally computed
+sha256 8a3c3f35b0dbcb60a4e242b9e4394a352a65bb27deb2938ea1e2e62a626e16e9  COPYING

package/x11r7/xlib_libXdmcp/xlib_libXdmcp.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-XLIB_LIBXDMCP_VERSION = 1.1.2
+XLIB_LIBXDMCP_VERSION = 1.1.3
 XLIB_LIBXDMCP_SOURCE = libXdmcp-$(XLIB_LIBXDMCP_VERSION).tar.bz2
 XLIB_LIBXDMCP_SITE = http://xorg.freedesktop.org/releases/individual/lib
 XLIB_LIBXDMCP_LICENSE = MIT

package/xen/0004-xenpmd-make-32-bit-gcc-8-1-non-debug-build-work.patch

@@ -0,0 +1,79 @@
+From e75c9dc85fdeeeda0b98d8cd8d784e0508c3ffb8 Mon Sep 17 00:00:00 2001
+From: Wei Liu <wei.liu2@citrix.com>
+Date: Thu, 26 Jul 2018 15:58:54 +0100
+Subject: [PATCH] xenpmd: make 32 bit gcc 8.1 non-debug build work
+
+32 bit gcc 8.1 non-debug build yields:
+
+xenpmd.c:354:23: error: '%02x' directive output may be truncated writing between 2 and 8 bytes into a region of size 3 [-Werror=format-truncation=]
+     snprintf(val, 3, "%02x",
+                       ^~~~
+xenpmd.c:354:22: note: directive argument in the range [40, 2147483778]
+     snprintf(val, 3, "%02x",
+                      ^~~~~~
+xenpmd.c:354:5: note: 'snprintf' output between 3 and 9 bytes into a destination of size 3
+     snprintf(val, 3, "%02x",
+     ^~~~~~~~~~~~~~~~~~~~~~~~
+              (unsigned int)(9*4 +
+              ~~~~~~~~~~~~~~~~~~~~
+                             strlen(info->model_number) +
+                             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+                             strlen(info->serial_number) +
+                             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+                             strlen(info->battery_type) +
+                             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+                             strlen(info->oem_info) + 4));
+                             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+All info->* used in calculation are 32 bytes long, and the parsing
+code makes sure they are null-terminated, so the end result of the
+expression won't exceed 255, which should be able to be fit into 3
+bytes in hexadecimal format.
+
+Add an assertion to make gcc happy.
+
+Signed-off-by: Wei Liu <wei.liu2@citrix.com>
+Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Retrieved from:
+https://github.com/xen-project/xen/commit/e75c9dc85fdeeeda0b98d8cd8d784e0508c3ffb8]
+---
+ tools/xenpmd/xenpmd.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/tools/xenpmd/xenpmd.c b/tools/xenpmd/xenpmd.c
+index 56412a9a81c..1c801caa712 100644
+--- a/tools/xenpmd/xenpmd.c
++++ b/tools/xenpmd/xenpmd.c
+@@ -40,6 +40,7 @@
+ #include <unistd.h>
+ #include <sys/stat.h>
+ #include <xenstore.h>
++#include <assert.h>
+ 
+ /* #define RUN_STANDALONE */
+ #define RUN_IN_SIMULATE_MODE
+@@ -345,18 +346,17 @@ void write_ulong_lsb_first(char *temp_val, unsigned long val)
+ void write_battery_info_to_xenstore(struct battery_info *info)
+ {
+     char val[1024], string_info[256];
++    unsigned int len;
+ 
+     xs_mkdir(xs, XBT_NULL, "/pm");
+    
+     memset(val, 0, 1024);
+     memset(string_info, 0, 256);
+     /* write 9 dwords (so 9*4) + length of 4 strings + 4 null terminators */
+-    snprintf(val, 3, "%02x", 
+-             (unsigned int)(9*4 +
+-                            strlen(info->model_number) +
+-                            strlen(info->serial_number) +
+-                            strlen(info->battery_type) +
+-                            strlen(info->oem_info) + 4));
++    len = 9 * 4 + strlen(info->model_number) + strlen(info->serial_number) +
++          strlen(info->battery_type) + strlen(info->oem_info) + 4;
++    assert(len < 255);
++    snprintf(val, 3, "%02x", len);
+     write_ulong_lsb_first(val+2, info->present);
+     write_ulong_lsb_first(val+10, info->design_capacity);
+     write_ulong_lsb_first(val+18, info->last_full_capacity);