Update for 2019.02.10

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

CHANGES

@@ -1,3 +1,176 @@
+2019.02.10, released March 16th, 2020
+
+	Important / security related fixes.
+
+	Core: Ensure package-file-lists data is correct after
+	incremental builds as well.
+
+	Fix a race condition related to creating the output/staging
+	symlink on systems with coreutils < 8.27.
+
+	Br2-external: Fix compatibility with make 4.3+
+
+	Util-linux: Ensure that hwclock is built without GPLv3
+	code. Notice that builds with hwclock has contained
+	GPLv3-licensed code since util-linux 2.30 (Buildroot 2017.08+)
+
+	Updated/fixed packages: armadillo, at, binutils, blktrace,
+	bootstrap, busybox, cairo, cups, czmq, dnsmasq,
+	docker-containerd, dovecot, dovecot-pigeonhole, e2fsprogs,
+	eudev, exim, exiv2, fbgrab, grep, gst1-validate, guile,
+	imagemagick, jhead, kvm-unit-tests, lapack, libcgroup,
+	libftdi1, libjpeg, libsigrok, libsndfile, libssh2, libsvgtiny,
+	libvncserver, libvorbis, libxml2, libxslt, linux, lz4,
+	mariadb, mbedtls, meson, mfgtools, mongoose, ncurses, ntfs-3g,
+	opencv3, openjpeg, openswan, openvmtools, patch, php,
+	postgresql, pppd, proftpd, pure-ftpd, python-django,
+	python-pyqt5, python3, qemu, qt5base, qt5webengine, qwt,
+	rdesktop, ruby, runc, samba4, shellinabox, smartmontools,
+	sqlcipher, squid, swupdate, sysklogd, taglib, thrift,
+	ti-cgt-pru, uboot, util-linux, vorbis-tools, webkitgtk,
+	wireshark, xen, xserver_xorg-server, zeromq, zsh
+
+	Issues resolved (http://bugs.uclibc.org):
+
+	#11996: opencv3 SIGILL on Cortex-A5 with VFPv4-D16
+	#12331: meson issue
+	#12461: libglib2 build files with deep directory structure
+	#12606: fbgrab location has changed
+
+2019.02.9, released January 12th, 2020
+
+	Important / security related fixes.
+
+	pkg-python infrastructure: Ensure correct compiler and linker
+	flags are used for compiled code
+
+	utils/scanpypi: Remind users to update DEVELOPERS
+
+	Updated/fixed packages: busybox, cc-tool, cpio, cups, dante,
+	dillo, docker-cli, docker-containerd, docker-engine, easy-rsa,
+	ecryptfs-utils, efl, git, glibc, gnupg2, gst1-plugins-bad,
+	kf5-kcoreaddons, libarchive, libgit2, libkrb5, librsvg,
+	libssh, libtomcrypt, libuio, lirc-tools, lvm2,
+	matchbox-desktop, nodejs, ntp, opencv3, openpowerlink,
+	python-django, python-ecdsa, python-pyasn-modules,
+	python-pyqt5, python-subprocess32, python3, qpdf, runc, rygel,
+	samba4, sdl2, wavpack, xserver_xorg-server, zip
+
+	Issues resolved (http://bugs.uclibc.org):
+
+	#12121: PyQt5.QtSerialPort and other modules not being built
+
+2019.02.8, released December 7th, 2019
+
+	Important / security related fixes.
+
+	Infrastructure: Make HOST_<pkg>_DL_OPTS inherit from
+	<pkg>_DL_OPTS by default, just like it is done for a number of
+	other package variables
+
+	Add <pkg>_KEEP_PY_FILES to exclude specific python .py files
+	from the removal done by BR2_PACKAGE_PYTHON{,3}_PYC_ONLY for
+	the (rare) case where the .py files are needed at runtime
+	rather than .pyc.
+
+	Fix <pkg>-reconfigure handling for packages using the kconfig
+	infrastructure.
+
+	Toolchain: ensure external toolchain kernel headers version
+	check correctly stop the build on mismatch
+
+	Deconfigs: beaglebone: fix boot issue
+
+	Updated/fixed packages: am33x-cm3, asterisk, bind, chrony,
+	clamav, collectd, connman, faifa, gob2, haproxy,
+	intel-microcode, ipsec-tools, jasper, jpeg-turbo, kodi,
+	kvm-unit-tests, libftdi, libftdi1, libnss, libstrophe,
+	libsvgtiny, lvm2, lzma, mariadb, minicom, neardal, nodejs,
+	opencv3, openvmtools, oracle-mysql, perl-gdgraph,
+	perl-gdtextutil, php, postgresql, prosody, python-django,
+	rabbitmq-c, rauc, redis, rpcbind, socat, spice,
+	spice-protocol, tftpd, tiff, webkitgtk
+
+	New packages: libmspack
+
+	Issues resolved (http://bugs.uclibc.org):
+
+	#12166: Compiling nodejs for SAMA5D3 always crash with illegal inst..
+	#12171: Python-opencv needs config.py and config-3.7.py to run..
+	#12211: host-nodejs 10.15.3 package fail to build
+	#12316: tzdata fails to install with empty "default local time"
+
+2019.02.7, Released November 10th, 2019
+
+	Important / security related fixes.
+
+	support/testing: use a kernel with HW_RANDOM_VIRTIO to work
+	around issues with lack of entrophy
+
+	Toolchain: Also copy libssp.so for external toolchains if SSP
+	is enabled to handle toolchains providing SSP support in
+	libssp rather than in the C library
+
+	Download: Also use the package download method for extra
+	downloads from the same site, so it does not get confused by
+	URLs containing '+'
+
+	Fakeroot now works correctly under Microsoft Windows 10
+	Services for Linux, which does not provide SYSV IPC support
+
+	utils/test-pkg: ensure to exit with an error upon failure
+
+	Updated/fixed packages: asterisk, azmq, cups-filters,
+	domoticz, duma, elf2flt, eudev, exfat, exfat-utils, fakeroot,
+	file, freerdp, gd, ghostscript, go, gvfs, intel-microcode,
+	kvm-unit-tests, libarchive, libnspr, libnss, libopenssl,
+	libpcap, libpciaccess, librsvg, libseccomp, libsigrok,
+	libtorrent, libunwind, linux-tools, lua-sdl2, lxc, minizip,
+	mjpegtools, mongoose, php, python, python-pysnmp-apps,
+	python3, qemu, qt5base, ruby, safeclib, samba4, sdl_mixer,
+	sox, sudo, systemd, tcpdump, unscd, util-lkinux, vtun, xvisor,
+	yaffs2utils
+
+	Issues resolved (http://bugs.uclibc.org):
+
+	#11366: [2018.08] SysV IPC not available for fakeroot on WSL
+	#12261: sudo versions prior to 1.8.28 are affected
+
+2019.02.6, Released October 3rd, 2019
+
+	Important / security related fixes.
+
+	Defconfigs: AArch64-efi: Fix grub configuration, Beaglebone:
+	Use default console settings
+
+	Dependencies: Ensure host has JSON::PP perl module installed
+	if webkitgtk/wpewebkit packages are enabled as it is needed
+	during their build process.
+
+	Toolchain: Generate check-headers program under BUILD_DIR
+	rather than /tmp to fix issues with distributions mounting
+	/tmp noexec.
+
+	Updated/fixed packages: asterisk, augeas, bind, bwm-ng, cups,
+	cups-filters, docker-cli, docker-engine, docker-proxy,
+	dropbear, e2fsprogs, eudev, exim, expat, gcc, go, ifplugd,
+	haveged, iptables, joe, kf5-extra-cmake-modules,
+	kf5-modemmanager-qt, kf5-networkmanager-qt, libcurl,
+	libgcrypt, libgpg-error, libnftl, libnspr, libnss, libopenssl,
+	luksmeta, mariadb, mbedtls, mongodb, mosquitto, ncurses,
+	nfs-utils, nghttp2, nodejs, openvmtools, php, protobuf, putty,
+	qemu, qt5base, samba4, swupdate, systemd-bootchart, thttpd,
+	uclibc, unzip, util-linux, wireshark
+
+	Issues resolved (http://bugs.uclibc.org):
+
+	#10806: Allow nfs-utils to use ipv6
+	#11781: mariadb build error
+	#12031: Build of cups-filters fails while linking, apparently due..
+	#12141: eudev package is missing "render" and "kvm" groups
+	#12181: dropbear: norootlogin (-w) no longer works when PAM is enabled
+	#12241: Permission denied while running "make"
+
 2019.02.5, Released September 2nd, 2019
 
 	Important / security related fixes.

DEVELOPERS

@@ -124,7 +124,6 @@ N:	Anders Darander <anders@chargestorm.se>
 F:	package/ktap/
 
 N:	André Hentschel <nerv@dawncrow.de>
-F:	package/azure-iot-sdk-c/
 F:	package/libkrb5/
 F:	package/openal/
 F:	package/p7zip/
@@ -203,11 +202,12 @@ F:	package/sqlcipher/
 F:	package/stress/
 
 N:	Asaf Kahlon <asafka7@gmail.com>
+F:	package/collectd/
 F:	package/libuv/
 F:	package/python*
 F:	package/zeromq/
 
-N:	Ash Charles <ash.charles@savoirfairelinux.com>
+N:	Ash Charles <ashcharles@gmail.com>
 F:	package/pru-software-support/
 F:	package/ti-cgt-pru/
 
@@ -261,7 +261,6 @@ F:	package/alsa-utils/
 F:	package/apache/
 F:	package/apr/
 F:	package/apr-util/
-F:	package/asterisk/
 F:	package/bcg729/
 F:	package/bluez-tools/
 F:	package/boinc/
@@ -310,6 +309,7 @@ F:	package/libilbc/
 F:	package/libldns/
 F:	package/libmicrohttpd/
 F:	package/libminiupnpc/
+F:	package/libmspack/
 F:	package/libnatpmp/
 F:	package/libnpth/
 F:	package/libogg/
@@ -557,9 +557,6 @@ F:	package/log4cpp/
 N:	Daniel Nicoletti <dantti12@gmail.com>
 F:	package/cutelyst/
 
-N:	Daniel Nyström <daniel.nystrom@timeterminal.se>
-F:	package/e2tools/
-
 N:	Daniel Price <daniel.price@gmail.com>
 F:	package/nodejs/
 F:	package/redis/
@@ -810,7 +807,9 @@ F:	package/ser2net/
 
 N:	Francois Perrad <francois.perrad@gadz.org>
 F:	board/olimex/a20_olinuxino
+F:	board/olimex/imx233_olinuxino/
 F:	configs/olimex_a20_olinuxino_*
+F:	configs/olimex_imx233_olinuxino_defconfig
 F:	package/4th/
 F:	package/chipmunk/
 F:	package/dado/
@@ -883,8 +882,9 @@ F:	package/tesseract-ocr/
 F:	package/webp/
 F:	package/xapian/
 
-N:	Giulio Benetti <giulio.benetti@micronovasrl.com>
+N:	Giulio Benetti <giulio.benetti@benettiengineering.com>
 F:	package/minicom/
+F:	package/nfs-utils/
 F:	package/sunxi-mali-mainline/
 F:	package/sunxi-mali-mainline-driver/
 
@@ -1122,10 +1122,6 @@ F:	package/phidgetwebservice/
 F:	package/rapidxml/
 F:	package/sphinxbase/
 
-N:	Jonathan Liu <net147@gmail.com>
-F:	package/python-meld3/
-F:	package/supervisor/
-
 N:	Jörg Krause <joerg.krause@embedded.rocks>
 F:	board/lemaker/bananapro/
 F:	configs/bananapro_defconfig
@@ -1192,9 +1188,6 @@ F:	package/python-pygame/
 N:	Julien Corjon <corjon.j@ecagroup.com>
 F:	package/qt5/
 
-N:	Julien Floret <julien.floret@6wind.com>
-F:	package/lldpd/
-
 N:	Julien Grossholtz <julien.grossholtz@openest.io>
 F:	package/paho-mqtt-c
 
@@ -1214,9 +1207,6 @@ F:	package/cpuload/
 F:	package/bwm-ng/
 F:	package/ramsmp/
 
-N:	Kevin Joly <kevin.joly@sensefly.com>
-F:	package/libgphoto2/
-
 N:	Koen Martens <gmc@sonologic.nl>
 F:	package/capnproto/
 F:	package/linuxconsoletools/
@@ -1342,7 +1332,7 @@ F:	package/lynx/
 N:	Mario Rugiero <mrugiero@gmail.com>
 F:	package/ratpoison/
 
-N:	Mark Corbin <mark.corbin@embecosm.com>
+N:	Mark Corbin <mark@dibsco.co.uk>
 F:	arch/arch.mk.riscv
 F:	arch/Config.in.riscv
 F:	board/qemu/riscv32-virt/
@@ -1371,7 +1361,7 @@ F:	package/tslib/
 F:	package/x11r7/xdriver_xf86-input-tslib/
 F:	package/x11vnc/
 
-N:	Mathieu Audat <mathieu.audat@savoirfairelinux.com>
+N:	Mathieu Audat <mathieuaudat@gmail.com>
 F:	board/technologic/ts4900/
 F:	configs/ts4900_defconfig
 F:	package/ts4900-fpga/
@@ -1523,6 +1513,10 @@ F:	board/arcturus/
 F:	configs/arcturus_ucp1020_defconfig
 F:	configs/arcturus_ucls1012a_defconfig
 
+N:	Michael Fischer <mf@go-sys.de>
+F:	package/gnuplot/
+F:	package/sdl2/
+
 N:	Michael Rommel <rommel@layer-7.net>
 F:	package/knock/
 F:	package/python-crc16/
@@ -1531,6 +1525,9 @@ F:	package/python-pyzmq/
 N:	Michael Trimarchi <michael@amarulasolutions.com>
 F:	package/python-spidev/
 
+N:	Michael Vetter <jubalh@iodoru.org>
+F:	package/jasper/
+
 N:	Michał Łyszczek <michal.lyszczek@bofc.pl>
 F:	board/altera/socrates_cyclone5/
 F:	board/pine64/rock64
@@ -1550,9 +1547,6 @@ F:	package/shadowsocks-libev/
 N:	Mirza Krak <mirza.krak@northern.tech>
 F:	package/mender/
 
-N:	Morgan Delestre <m.delestre@sinters.fr>
-F:	package/monkey/
-
 N:	Murat Demirten <mdemirten@yh.com.tr>
 F:	package/jpeg-turbo/
 F:	package/libgeotiff/
@@ -1682,6 +1676,8 @@ F:	package/python-webob/
 F:	package/python-websocket-client/
 F:	package/sedutil/
 F:	package/triggerhappy/
+F:	package/wireguard/
+F:	support/testing/tests/package/test_docker_compose.py
 
 N:	Peter Seiderer <ps.report@gmx.net>
 F:	board/raspberrypi/
@@ -1765,9 +1761,6 @@ F:	package/libdvbpsi/
 F:	package/mraa/
 F:	package/synergy/
 
-N:	Pranit Sirsat <Pranit.Sirsat@imgtec.com>
-F:	package/paho-mqtt-c/
-
 N:	Qais Yousef <Qais.Yousef@imgtec.com>
 F:	package/bellagio/
 
@@ -1798,7 +1791,13 @@ N:	Ricardo Martincoski <ricardo.martincoski@datacom.com.br>
 F:	package/atop/
 
 N:	Ricardo Martincoski <ricardo.martincoski@gmail.com>
-F:	support/testing/
+F:	support/testing/infra/
+F:	support/testing/run-tests
+F:	support/testing/tests/core/test_file_capabilities.py
+F:	support/testing/tests/download/
+F:	support/testing/tests/package/*_python*.py
+F:	support/testing/tests/package/test_atop.py
+F:	support/testing/tests/package/test_syslog_ng.py
 F:	utils/check-package
 F:	utils/checkpackagelib/
 
@@ -1806,10 +1805,6 @@ N:	Richard Braun <rbraun@sceen.net>
 F:	package/curlftpfs/
 F:	package/tzdata/
 
-N:	Rico Bachmann <bachmann@tofwerk.com>
-F:	package/apr-util/
-F:	package/subversion/
-
 N:	RJ Ascani <rj.ascani@gmail.com>
 F:	package/azmq/
 
@@ -1824,6 +1819,8 @@ F:	package/vnstat/
 N:	Romain Naour <romain.naour@gmail.com>
 F:	package/aubio/
 F:	package/bullet/
+F:	package/clang/
+F:	package/clinfo/
 F:	package/efl/
 F:	package/enlightenment/
 F:	package/flare-engine/
@@ -1831,9 +1828,11 @@ F:	package/flare-game/
 F:	package/irrlicht/
 F:	package/liblinear/
 F:	package/lensfun/
+F:	package/libclc/
 F:	package/libgta/
 F:	package/libspatialindex/
 F:	package/linux-syscall-support/
+F:	package/llvm/
 F:	package/lugaru/
 F:	package/mcelog/
 F:	package/mesa3d/
@@ -1876,10 +1875,6 @@ F:	package/mariadb/
 N:	Ryan Wilkins <ryan@deadfrog.net>
 F:	package/biosdevname/
 
-N:	Sam Bobroff <sam.bobroff@au1.ibm.com>
-F:	arch/Config.in.powerpc
-F:	package/librtas/
-
 N:	Samuel Martin <s.martin49@gmail.com>
 F:	package/armadillo/
 F:	package/canfestival/
@@ -2157,7 +2152,7 @@ F:	package/pixz/
 N:	Vinicius Tinti <viniciustinti@gmail.com>
 F:	package/python-thrift/
 
-N:	Vivien Didelot <vivien.didelot@savoirfairelinux.com>
+N:	Vivien Didelot <vivien.didelot@gmail.com>
 F:	board/technologic/ts5500/
 F:	configs/ts5500_defconfig
 
@@ -2239,6 +2234,8 @@ F:	package/zisofs-tools/
 F:	support/download/
 
 N:	Yegor Yefremov <yegorslists@googlemail.com>
+F:	configs/beaglebone_defconfig
+F:	configs/beaglebone_qt5_defconfig
 F:	package/acl/
 F:	package/attr/
 F:	package/bluez_utils/
@@ -2247,12 +2244,14 @@ F:	package/bootstrap/
 F:	package/cannelloni/
 F:	package/can-utils/
 F:	package/circus/
+F:	package/dhcpcd/
 F:	package/feh/
 F:	package/giblib/
 F:	package/imlib2/
 F:	package/jquery-datetimepicker/
 F:	package/jquery-sidebar/
 F:	package/kmod/
+F:	package/libftdi1/
 F:	package/libical/
 F:	package/libmbim/
 F:	package/libndp/
@@ -2263,6 +2262,7 @@ F:	package/libubox/
 F:	package/libuci/
 F:	package/linux-firmware/
 F:	package/modem-manager/
+F:	package/nftables/
 F:	package/nuttcp/
 F:	package/parted/
 F:	package/phytool/
@@ -2270,6 +2270,7 @@ F:	package/poco/
 F:	package/python*
 F:	package/ser2net/
 F:	package/socketcand/
+F:	package/swig/
 F:	package/qt5/qt5serialbus/
 F:	package/sdparm/
 F:	package/ti-utils/

Makefile

@@ -2,7 +2,7 @@
 #
 # Copyright (C) 1999-2005 by Erik Andersen <andersen@codepoet.org>
 # Copyright (C) 2006-2014 by the Buildroot developers <buildroot@uclibc.org>
-# Copyright (C) 2014-2019 by the Buildroot developers <buildroot@buildroot.org>
+# Copyright (C) 2014-2020 by the Buildroot developers <buildroot@buildroot.org>
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -92,9 +92,9 @@ all:
 .PHONY: all
 
 # Set and export the version string
-export BR2_VERSION := 2019.02.5
+export BR2_VERSION := 2019.02.10
 # Actual time the release is cut (for reproducible builds)
-BR2_VERSION_EPOCH = 1567455000
+BR2_VERSION_EPOCH = 1584393000
 
 # Save running make version since it's clobbered by the make package
 RUNNING_MAKE_VERSION := $(MAKE_VERSION)
@@ -189,6 +189,9 @@ ifneq ($(BR2_EXTERNAL_ERROR),)
 $(error $(BR2_EXTERNAL_ERROR))
 endif
 
+# Workaround bug in make-4.3: https://savannah.gnu.org/bugs/?57676
+$(BASE_DIR)/.br2-external.mk:;
+
 # To make sure that the environment variable overrides the .config option,
 # set this before including .config.
 ifneq ($(BR2_DL_DIR),)
@@ -465,6 +468,10 @@ $(HOST_DIR_SYMLINK): $(BASE_DIR)
 	ln -snf $(HOST_DIR) $(BASE_DIR)/host
 endif
 
+STAGING_DIR_SYMLINK = $(BASE_DIR)/staging
+$(STAGING_DIR_SYMLINK): $(BASE_DIR)
+	ln -snf $(STAGING_DIR) $(STAGING_DIR_SYMLINK)
+
 # Quotes are needed for spaces and all in the original PATH content.
 BR_PATH = "$(HOST_DIR)/bin:$(HOST_DIR)/sbin:$(PATH)"
 
@@ -730,8 +737,7 @@ target-finalize: ROOTFS=
 host-finalize: $(HOST_DIR_SYMLINK)
 
 .PHONY: staging-finalize
-staging-finalize:
-	@ln -snf $(STAGING_DIR) $(BASE_DIR)/staging
+staging-finalize: $(STAGING_DIR_SYMLINK)
 
 .PHONY: target-finalize
 target-finalize: $(PACKAGES) host-finalize
@@ -807,6 +813,16 @@ endif # merged /usr
 
 	touch $(TARGET_DIR)/usr
 
+# AFTER ALL FILE-CHANGING ACTIONS:
+# Update timestamps in internal file list to fix attribution of files
+# to packages on subsequent builds
+	$(call step_pkg_size_file_list,$(TARGET_DIR))
+	$(call step_pkg_size_finalize)
+	$(call step_pkg_size_file_list,$(STAGING_DIR),-staging)
+	$(call step_pkg_size_finalize,-staging)
+	$(call step_pkg_size_file_list,$(HOST_DIR),-host)
+	$(call step_pkg_size_finalize,-host)
+
 .PHONY: target-post-image
 target-post-image: $(TARGETS_ROOTFS) target-finalize staging-finalize
 	@rm -f $(ROOTFS_COMMON_TAR)

board/beaglebone/uEnv.txt

@@ -3,6 +3,9 @@ devtype=mmc
 bootdir=
 bootfile=zImage
 bootpartition=mmcblk0p2
+console=ttyS0,115200n8
+loadaddr=0x82000000
+fdtaddr=0x88000000
 set_mmc1=if test $board_name = A33515BB; then setenv bootpartition mmcblk1p2; fi
-set_bootargs=setenv bootargs console=ttyO0,115200n8 root=/dev/${bootpartition} rw rootfstype=ext4 rootwait
+set_bootargs=setenv bootargs console=${console} root=/dev/${bootpartition} rw rootfstype=ext4 rootwait
 uenvcmd=run set_mmc1; run set_bootargs;run loadimage;run loadfdt;printenv bootargs;bootz ${loadaddr} - ${fdtaddr}

board/ci20/genimage.cfg

@@ -24,6 +24,5 @@ image sdcard.img {
         partition-type = 0x83
         image = "rootfs.ext4"
         offset = 2M
-        size = 60M
     }
 }

boot/uboot/uboot.mk

@@ -8,7 +8,9 @@ UBOOT_VERSION = $(call qstrip,$(BR2_TARGET_UBOOT_VERSION))
 UBOOT_BOARD_NAME = $(call qstrip,$(BR2_TARGET_UBOOT_BOARDNAME))
 
 UBOOT_LICENSE = GPL-2.0+
+ifeq ($(BR2_TARGET_UBOOT_LATEST_VERSION),y)
 UBOOT_LICENSE_FILES = Licenses/gpl-2.0.txt
+endif
 
 UBOOT_INSTALL_IMAGES = YES
 

configs/aarch64_efi_defconfig

@@ -13,7 +13,7 @@ BR2_PACKAGE_HOST_GENIMAGE=y
 
 # Bootloader
 BR2_TARGET_GRUB2=y
-BR2_TARGET_GRUB2_AARCH64_EFI=y
+BR2_TARGET_GRUB2_ARM64_EFI=y
 
 # Filesystem / image
 BR2_TARGET_ROOTFS_EXT2=y

configs/beaglebone_defconfig

@@ -2,7 +2,6 @@ BR2_arm=y
 BR2_cortex_a8=y
 BR2_GLOBAL_PATCH_DIR="board/beaglebone/patches"
 BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_14=y
-BR2_TARGET_GENERIC_GETTY_PORT="ttyO0"
 BR2_ROOTFS_POST_IMAGE_SCRIPT="board/beaglebone/post-image.sh"
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_GIT=y

docs/manual/adding-packages-cargo.txt

@@ -17,7 +17,7 @@ The +Config.in+ file of Cargo-based package 'foo' should contain:
 ---------------------------
 01: config BR2_PACKAGE_FOO
 02: 	bool "foo"
-03: 	depends on BR2_PACKAGE_HOST_RUSTC_ARCH_SUPPORTS
+03: 	depends on BR2_PACKAGE_HOST_RUSTC_TARGET_ARCH_SUPPORTS
 04: 	select BR2_PACKAGE_HOST_CARGO
 05: 	help
 06: 	  This is a comment that explains what foo is.

docs/manual/adding-packages-generic.txt

@@ -358,9 +358,11 @@ not and can not work as people would expect it should:
 * +LIBFOO_DEPENDENCIES+ lists the dependencies (in terms of package
   name) that are required for the current target package to
   compile. These dependencies are guaranteed to be compiled and
-  installed before the configuration of the current package starts. In
-  a similar way, +HOST_LIBFOO_DEPENDENCIES+ lists the dependencies for
-  the current host package.
+  installed before the configuration of the current package starts.
+  However, modifications to configuration of these dependencies will
+  not force a rebuild of the current package. In a similar way,
+  +HOST_LIBFOO_DEPENDENCIES+ lists the dependencies for the current
+  host package.
 
 * +LIBFOO_EXTRACT_DEPENDENCIES+ lists the dependencies (in terms of
   package name) that are required for the current target package to be
@@ -372,9 +374,9 @@ not and can not work as people would expect it should:
 * +LIBFOO_PATCH_DEPENDENCIES+ lists the dependencies (in terms of
   package name) that are required for the current package to be
   patched. These dependencies are guaranteed to be extracted and
-  patched before the current package is patched. In a similar way,
-  +HOST_LIBFOO_PATCH_DEPENDENCIES+ lists the dependencies for the
-  current host package.
+  patched (but not necessarily built) before the current package is
+  patched. In a similar way, +HOST_LIBFOO_PATCH_DEPENDENCIES+ lists
+  the dependencies for the current host package.
   This is seldom used; usually, +LIBFOO_DEPENDENCIES+ is what you
   really want to use.
 

docs/manual/adding-packages-python.txt

@@ -67,9 +67,13 @@ Python build system, but are not Python modules, can freely choose
 their name (existing examples in Buildroot are +scons+ and
 +supervisor+).
 
-In their +Config.in+ file, they should depend on +BR2_PACKAGE_PYTHON+
-so that when Buildroot will enable Python 3 usage for modules, we will
-be able to enable Python modules progressively on Python 3.
+Packages that are only compatible with one version of Python (as in:
+Python 2 or Python 3) should depend on that version explicitely in
+their +Config.in+ file (+BR2_PACKAGE_PYTHON+ for Python 2,
++BR2_PACKAGE_PYTHON3+ for Python 3).  Packages that are compatible
+with both versions should not explicitely depend on them in their
++Config.in+ file, since that condition is already expressed for the
+whole "External python modules" menu.
 
 The main macro of the Python package infrastructure is
 +python-package+. It is similar to the +generic-package+ macro. It is

docs/manual/configure.txt

@@ -206,9 +206,9 @@ Buildroot or crosstool-NG.
 
 If you want to generate a custom toolchain for your project, that can
 be used as an external toolchain in Buildroot, our recommendation is
-definitely to build it with http://crosstool-ng.org[crosstool-NG]. We
-recommend to build the toolchain separately from Buildroot, and then
-_import_ it in Buildroot using the external toolchain backend.
+to build it either with Buildroot itself (see
+xref:build-toolchain-with-buildroot[]) or with
+http://crosstool-ng.org[crosstool-NG].
 
 Advantages of this backend:
 
@@ -223,7 +223,53 @@ Drawbacks of this backend:
 
 * If your pre-built external toolchain has a bug, may be hard to get a
   fix from the toolchain vendor, unless you build your external
-  toolchain by yourself using Crosstool-NG.
+  toolchain by yourself using Buildroot or Crosstool-NG.
+
+[[build-toolchain-with-buildroot]]
+==== Build an external toolchain with Buildroot
+
+The Buildroot internal toolchain option can be used to create an
+external toolchain. Here are a series of steps to build an internal
+toolchain and package it up for reuse by Buildroot itself (or other
+projects).
+
+Create a new Buildroot configuration, with the following details:
+
+* Select the appropriate *Target options* for your target CPU
+  architecture
+
+* In the *Toolchain* menu, keep the default of *Buildroot toolchain*
+  for *Toolchain type*, and configure your toolchain as desired
+
+* In the *System configuration* menu, select *None* as the *Init
+  system* and *none* as */bin/sh*
+
+* In the *Target packages* menu, disable *BusyBox*
+
+* In the *Filesystem images* menu, disable *tar the root filesystem*
+
+Then, we can trigger the build, and also ask Buildroot to generate a
+SDK. This will conveniently generate for us a tarball which contains
+our toolchain:
+
+-----
+make sdk
+-----
+
+This produces the SDK tarball in +$(O)/images+, with a name similar to
++arm-buildroot-linux-uclibcgnueabi_sdk-buildroot.tar.gz+. Save this
+tarball, as it is now the toolchain that you can re-use as an external
+toolchain in other Buildroot projects.
+
+In those other Buildroot projects, in the *Toolchain* menu:
+
+* Set *Toolchain type* to *External toolchain*
+
+* Set *Toolchain* to *Custom toolchain*
+
+* Set *Toolchain origin* to *Toolchain to be downloaded and installed*
+
+* Set *Toolchain URL* to +file:///path/to/your/sdk/tarball.tar.gz+
 
 ===== External toolchain wrapper
 

docs/manual/contribute.txt

@@ -487,3 +487,171 @@ preserve Unix-style line terminators when downloading raw pastes.
 Following pastebin services are known to work correctly:
 - https://gist.github.com/
 - http://code.bulix.org/
+
+=== Using the run-tests framework
+
+Buildroot includes a run-time testing framework called run-tests built
+upon Python scripting and QEMU runtime execution. There are two types of
+test cases within the framework, one for build time tests and another for
+run-time tests that have a QEMU dependency. The goals of the framework are
+the following:
+
+* build a well defined configuration
+* optionally, verify some properties of the build output
+* if it is a run-time test:
+** boot it under QEMU
+** run some test condition to verify that a given feature is working
+
+The run-tests tool has a series of options documented in the tool's help '-h'
+description. Some common options include setting the download folder, the
+output folder, keeping build output, and for multiple test cases, you can set
+the JLEVEL for each.
+
+Here is an example walk through of running a test case.
+
+* For a first step, let us see what all the test case options are. The test
+cases can be listed by executing +support/testing/run-tests -l+. These tests
+can all be run individually during test development from the console. Both
+one at a time and selectively as a group of a subset of tests.
+
+---------------------
+$ support/testing/run-tests -l
+List of tests
+test_run (tests.utils.test_check_package.TestCheckPackage)
+Test the various ways the script can be called in a simple top to ... ok
+test_run (tests.toolchain.test_external.TestExternalToolchainBuildrootMusl) ... ok
+test_run (tests.toolchain.test_external.TestExternalToolchainBuildrootuClibc) ... ok
+test_run (tests.toolchain.test_external.TestExternalToolchainCCache) ... ok
+test_run (tests.toolchain.test_external.TestExternalToolchainCtngMusl) ... ok
+test_run (tests.toolchain.test_external.TestExternalToolchainLinaroArm) ... ok
+test_run (tests.toolchain.test_external.TestExternalToolchainSourceryArmv4) ... ok
+test_run (tests.toolchain.test_external.TestExternalToolchainSourceryArmv5) ... ok
+test_run (tests.toolchain.test_external.TestExternalToolchainSourceryArmv7) ... ok
+[snip]
+test_run (tests.init.test_systemd.TestInitSystemSystemdRoFull) ... ok
+test_run (tests.init.test_systemd.TestInitSystemSystemdRoIfupdown) ... ok
+test_run (tests.init.test_systemd.TestInitSystemSystemdRoNetworkd) ... ok
+test_run (tests.init.test_systemd.TestInitSystemSystemdRwFull) ... ok
+test_run (tests.init.test_systemd.TestInitSystemSystemdRwIfupdown) ... ok
+test_run (tests.init.test_systemd.TestInitSystemSystemdRwNetworkd) ... ok
+test_run (tests.init.test_busybox.TestInitSystemBusyboxRo) ... ok
+test_run (tests.init.test_busybox.TestInitSystemBusyboxRoNet) ... ok
+test_run (tests.init.test_busybox.TestInitSystemBusyboxRw) ... ok
+test_run (tests.init.test_busybox.TestInitSystemBusyboxRwNet) ... ok
+
+Ran 157 tests in 0.021s
+
+OK
+---------------------
+
+Those runtime tests are regularly executed by Buildroot Gitlab CI
+infrastructure, see .gitlab.yml and https://gitlab.com/buildroot.org/buildroot/-/jobs.
+
+==== Creating a test case
+
+The best way to get familiar with how to create a test case is to look at a
+few of the basic file system +support/testing/tests/fs/+ and init
++support/testing/tests/init/+ test scripts. Those tests give good examples
+of a basic build and build with run type of tests. There are other more
+advanced cases that use things like nested +br2-external+ folders to provide
+skeletons and additional packages.
+
+The test cases by default use a br-arm-full-* uClibc-ng toolchain and the
+prebuild kernel for a armv5/7 cpu. It is recommended to use the default
+defconfig test configuration except when Glibc/musl or a newer kernel are
+necessary. By using the default it saves build time and the test would
+automatically inherit a kernel/std library upgrade when the default is
+updated.
+
+The basic test case definition involves
+
+* Creation of a new test file
+* Defining a unique test class
+* Determining if the default defconfig plus test options can be used
+* Implementing a +def test_run(self):+ function to optionally startup the
+emulator and provide test case conditions.
+
+Beyond creating the test script, there are a couple of additional steps that
+should be taken once you have your initial test case script. The first is
+to add yourself to the +DEVELOPERS+ file to be the maintainer of that test
+case. The second is to update the Gitlab CI yml by executing
++make .gitlab-ci.yml+.
+
+==== Debugging a test case
+
+Within the Buildroot repository, the testing framework is organized at the
+top level in +support/testing/+ by folders of +conf+, +infra+ and +tests+.
+All the test cases live under the +test+ folder and are organized in various
+folders representing the catagory of test.
+
+Lets walk through an example.
+
+* Using the Busybox Init system test case with a read/write rootfs
++tests.init.test_busybox.TestInitSystemBusyboxRw+
+* A minimal set of command line arguments when debugging a test case would
+include '-d' which points to your dl folder, '-o' to an output folder, and
+'-k' to keep any output on both pass/fail. With those options, the test will
+retain logging and build artifacts providing status of the build and
+execution of the test case.
+
+---------------------
+$ support/testing/run-tests -d dl -o output_folder -k tests.init.test_busybox.TestInitSystemBusyboxRw
+15:03:26 TestInitSystemBusyboxRw                  Starting
+15:03:28 TestInitSystemBusyboxRw                  Building
+15:08:18 TestInitSystemBusyboxRw                  Building done
+15:08:27 TestInitSystemBusyboxRw                  Cleaning up
+.
+Ran 1 test in 301.140s
+
+OK
+---------------------
+
+* For the case of a successful build, the +output_folder+ would contain a
+<test name> folder with the Buildroot build, build log and run-time log. If
+the build failed, the console output would show the stage at which it failed
+(setup / build / run). Depending on the failure stage, the build/run logs
+and/or Buildroot build artifacts can be inspected and instrumented. If the
+QEMU instance needs to be launched for additional testing, the first few
+lines of the run-time log capture it and it would allow some incremental
+testing without re-running +support/testing/run-tests+.
+
+* You can also make modifications to the current sources inside the
++output_folder+ (e.g. for debug purposes) and rerun the standard
+Buildroot make targets (in order to regenerate the complete image with
+the new modifications) and then rerun the test. Modifying the sources
+directly can speed up debugging compared to adding patch files, wiping the
+output directoy, and starting the test again.
+
+---------------------
+$ ls output_folder/
+TestInitSystemBusyboxRw/
+TestInitSystemBusyboxRw-build.log
+TestInitSystemBusyboxRw-run.log
+---------------------
+
+* The source file used to implement this example test is found under
++support/testing/tests/init/test_busybox.py+. This file outlines the
+minimal defconfig that creates the build, QEMU configuration to launch
+the built images and the test case assertions.
+
+To test an existing or new test case within Gitlab CI, there is a method of
+invoking a specific test by creating a Buildroot fork in Gitlab under your
+account. This can be handy when adding/changing a run-time test or fixing a
+bug on a use case tested by a run-time test case.
+
+
+In the examples below, the <name> component of the branch name is a unique
+string you choose to identify this specific job being created.
+
+* to trigger all run-test test case jobs:
+
+---------------------
+ $ git push gitlab HEAD:<name>-runtime-tests
+---------------------
+
+* to trigger one test case job, a specific branch naming string is used that
+includes the full test case name.
+
+---------------------
+ $ git push gitlab HEAD:<name>-<test case name>
+---------------------

docs/manual/legal-notice.txt

@@ -67,9 +67,8 @@ for packages released under BSD-like licenses, that you are not required to
 redistribute in source form.
 
 Moreover, due to technical limitations, Buildroot does not produce some
-material that you will or may need, such as the toolchain source code and the
-Buildroot source code itself (including patches to packages for which source
-distribution is required).
+material that you will or may need, such as the toolchain source code for
+some of the external toolchains and the Buildroot source code itself.
 When you run +make legal-info+, Buildroot produces warnings in the +README+
 file to inform you of relevant material that could not be saved.
 

docs/manual/manual.txt

@@ -12,7 +12,7 @@ It is licensed under the GNU General Public License, version 2. Refer to the
 http://git.buildroot.org/buildroot/tree/COPYING?id={sys:git rev-parse HEAD}[COPYING]
 file in the Buildroot sources for the full text of this license.
 
-Copyright (C) 2004-2019 The Buildroot developers
+Copyright (C) 2004-2020 The Buildroot developers
 
 image::logo.png[]
 

docs/manual/quickstart.txt

@@ -87,15 +87,21 @@ This directory contains several subdirectories:
   target). This directory contains one subdirectory for each of these
   components.
 
-* +staging/+ which contains a hierarchy similar to a root filesystem
-  hierarchy. This directory contains the headers and libraries of the
-  cross-compilation toolchain and all the userspace packages selected
-  for the target. However, this directory is 'not' intended to be
-  the root filesystem for the target: it contains a lot of development
-  files, unstripped binaries and libraries that make it far too big
-  for an embedded system. These development files are used to compile
-  libraries and applications for the target that depend on other
-  libraries.
+* +host/+ contains both the tools built for the host, and the sysroot
+  of the target toolchain. The former is an installation of tools
+  compiled for the host that are needed for the proper execution of
+  Buildroot, including the cross-compilation toolchain. The latter
+  is a hierarchy similar to a root filesystem hierarchy. It contains
+  the headers and libraries of all user-space packages that provide
+  and install libraries used by other packages. However, this
+  directory is 'not' intended to be the root filesystem for the target:
+  it contains a lot of development files, unstripped binaries and
+  libraries that make it far too big for an embedded system. These
+  development files are used to compile libraries and applications for
+  the target that depend on other libraries.
+
+* +staging/+ is a symlink to the target toolchain sysroot inside
+  +host/+, which exists for backwards compatibility.
 
 * +target/+ which contains 'almost' the complete root filesystem for
   the target: everything needed is present except the device files in
@@ -111,10 +117,6 @@ This directory contains several subdirectories:
   development files (headers, etc.) are not present, the binaries are
   stripped.
 
-* +host/+ contains the installation of tools compiled for the host
-  that are needed for the proper execution of Buildroot, including the
-  cross-compilation toolchain.
-
 These commands, +make menuconfig|nconfig|gconfig|xconfig+ and +make+, are the
 basic ones that allow to easily and quickly generate images fitting
 your needs, with all the features and applications you enabled.

docs/manual/rebuilding-packages.txt

@@ -65,6 +65,16 @@ can help you understand how to work with Buildroot:
    there is no need for a full rebuild: a simple +make+ invocation
    will take the changes into account.
 
+ * When a package listed in +FOO_DEPENDENCIES+ is rebuilt or removed,
+   the package +foo+ is not automatically rebuilt. For example, if a
+   package +bar+ is listed in +FOO_DEPENDENCIES+ with +FOO_DEPENDENCIES
+   = bar+ and the configuration of the +bar+ package is changed, the
+   configuration change would not result in a rebuild of package +foo+
+   automatically. In this scenario, you may need to either rebuild any
+   packages in your build which reference +bar+ in their +DEPENDENCIES+,
+   or perform a full rebuild to ensure any +bar+ dependent packages are
+   up to date.
+
 Generally speaking, when you're facing a build error and you're unsure
 of the potential consequences of the configuration changes you've
 made, do a full rebuild. If you get the same build error, then you are
@@ -99,16 +109,20 @@ re-configure, re-compile and re-install this package from scratch. You
 can ask buildroot to do this with the +make <package>-dirclean+ command.
 
 On the other hand, if you only want to restart the build process of a
-package from its compilation step, you can run +make
-<package>-rebuild+, followed by +make+ or +make <package>+. It will
-restart the compilation and installation of the package, but not from
-scratch: it basically re-executes +make+ and +make install+
-inside the package, so it will only rebuild files that changed.
+package from its compilation step, you can run +make <package>-rebuild+. It
+will restart the compilation and installation of the package, but not from
+scratch: it basically re-executes +make+ and +make install+ inside the package,
+so it will only rebuild files that changed.
 
-If you want to restart the build process of a package from its
-configuration step, you can run +make <package>-reconfigure+, followed
-by +make+ or +make <package>+. It will restart the configuration,
-compilation and installation of the package.
+If you want to restart the build process of a package from its configuration
+step, you can run +make <package>-reconfigure+. It will restart the
+configuration, compilation and installation of the package.
+
+While +<package>-rebuild+ implies +<package>-reinstall+ and
++<package>-reconfigure+ implies +<package>-rebuild+, these targets as well
+as +<package>+ only act on the said package, and do not trigger re-creating
+the root filesystem image. If re-creating the root filesystem in necessary,
+one should in addition run +make+ or +make all+.
 
 Internally, Buildroot creates so-called _stamp files_ to keep track of
 which build steps have been completed for each package. They are

docs/website/copyright.txt

@@ -1,6 +1,6 @@
 
 The code and graphics on this website (and it's mirror sites, if any) are
-Copyright (c) 1999-2005 by Erik Andersen, 2006-2019 The Buildroot
+Copyright (c) 1999-2005 by Erik Andersen, 2006-2020 The Buildroot
 developers. All rights reserved.
 
 Documents on this Web site including their graphical elements, design, and

linux/Config.in

@@ -122,7 +122,7 @@ endif
 
 config BR2_LINUX_KERNEL_VERSION
 	string
-	default "4.19.69" if BR2_LINUX_KERNEL_LATEST_VERSION
+	default "4.19.107" if BR2_LINUX_KERNEL_LATEST_VERSION
 	default "v4.4.176-cip31" if BR2_LINUX_KERNEL_LATEST_CIP_VERSION
 	default BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE \
 		if BR2_LINUX_KERNEL_CUSTOM_VERSION

linux/linux.hash

@@ -1,6 +1,6 @@
 # From https://www.kernel.org/pub/linux/kernel/v4.x/sha256sums.asc
-sha256 d011245629b980d4c15febf080b54804aaf215167b514a3577feddb2495f8a3e  linux-4.20.17.tar.xz
-sha256 c091760b520a4e4a4c7034a8329cc2689a0ea3f81a377b694ed196d623e2d987  linux-4.19.69.tar.xz
-sha256 0bb9f0812326ec4554de1bea02628840e03b6664b5abfd9d8510049e43203a17  linux-4.14.141.tar.xz
-sha256 fe8a1ca080a462de6832762ba8b71410b828f0e52c1e11d3c46d83e9ac1e0a16  linux-4.9.190.tar.xz
-sha256 fec8c8549a3775b922cecad74a6409b33520a669d451dc51ad47d69c2543c2e5  linux-4.4.190.tar.xz
+sha256  d011245629b980d4c15febf080b54804aaf215167b514a3577feddb2495f8a3e  linux-4.20.17.tar.xz
+sha256  28bcd3d4201da9feefdf3bcd65c516dd674acbbf45681ce3c7d784c53b33fe03  linux-4.4.215.tar.xz
+sha256  236f2f47853700f22b9925cb17917d97ff7120fcc8110ec827c5a030a8129f48  linux-4.9.215.tar.xz
+sha256  2318a1ab937580a079351ed20557c336a3d95b664f667b14e3ba49e3271b217a  linux-4.14.172.tar.xz
+sha256  654bac198d38e03e7bff9e2642b01f498dc0fa5d06198edd14bc30fe7fbf0240  linux-4.19.107.tar.xz

linux/linux.mk

@@ -59,8 +59,12 @@ BR_NO_CHECK_HASH_FOR += $(notdir $(LINUX_PATCHES))
 # be directories in the patch list (unlike for other packages).
 LINUX_PATCH = $(filter ftp://% http://% https://%,$(LINUX_PATCHES))
 
+# while the kernel is built for the target, the build may need various
+# host libraries depending on config (and version), so use
+# HOST_MAKE_ENV here. In particular, this ensures that our
+# host-pkgconf will look for host libraries and not target ones.
 LINUX_MAKE_ENV = \
-	$(TARGET_MAKE_ENV) \
+	$(HOST_MAKE_ENV) \
 	BR_BINARIES_DIR=$(BINARIES_DIR)
 
 LINUX_INSTALL_IMAGES = YES
@@ -101,12 +105,6 @@ endif
 
 ifeq ($(BR2_LINUX_KERNEL_NEEDS_HOST_LIBELF),y)
 LINUX_DEPENDENCIES += host-elfutils host-pkgconf
-LINUX_MAKE_ENV += \
-	PKG_CONFIG="$(PKG_CONFIG_HOST_BINARY)" \
-	PKG_CONFIG_SYSROOT_DIR="/" \
-	PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1 \
-	PKG_CONFIG_ALLOW_SYSTEM_LIBS=1 \
-	PKG_CONFIG_LIBDIR="$(HOST_DIR)/lib/pkgconfig:$(HOST_DIR)/share/pkgconfig"
 endif
 
 # If host-uboot-tools is selected by the user, assume it is needed to

package/Config.in

@@ -1161,6 +1161,7 @@ endmenu
 
 menu "Compression and decompression"
 	source "package/libarchive/Config.in"
+	source "package/libmspack/Config.in"
 	source "package/libsquish/Config.in"
 	source "package/libzip/Config.in"
 	source "package/lzo/Config.in"

package/Config.in.host

@@ -16,6 +16,7 @@ menu "Host utilities"
 	source "package/dtc/Config.in.host"
 	source "package/e2fsprogs/Config.in.host"
 	source "package/e2tools/Config.in.host"
+	source "package/eudev/Config.in.host"
 	source "package/f2fs-tools/Config.in.host"
 	source "package/faketime/Config.in.host"
 	source "package/fwup/Config.in.host"

package/am33x-cm3/0002-Makefile-unconditionally-disable-SSP.patch

@@ -0,0 +1,35 @@
+From 6c3b05b74ccd49d8ba246bfef0c2e549b9f2bf7b Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Tue, 29 Oct 2019 16:14:18 +0100
+Subject: [PATCH] Makefile: unconditionally disable SSP
+
+Though -nostdlib is passed in $(CFLAGS), -fno-stack-protector must also be
+passed to avoid linking errors related to undefined references to
+'__stack_chk_guard' and '__stack_chk_fail' if toolchain enforces
+-fstack-protector.
+
+Fixes:
+ - http://autobuild.buildroot.net/results/3a3a21f3c35ea025e9b93e09c2454aed0ad31034
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ Makefile | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/Makefile b/Makefile
+index c3ec071..5226006 100644
+--- a/Makefile
++++ b/Makefile
+@@ -16,7 +16,8 @@ INCLUDES = $(SRCDIR)/include
+ CFLAGS =-march=armv7-m -mcpu=cortex-m3 -mthumb -nostdlib -Wall -Wundef \
+ 	-Werror-implicit-function-declaration -Wstrict-prototypes \
+ 	-Wdeclaration-after-statement -fno-delete-null-pointer-checks \
+-	-Wempty-body -fno-strict-overflow  -g -I$(INCLUDES) -O2
++	-Wempty-body -fno-strict-overflow -fno-stack-protector \
++	-g -I$(INCLUDES) -O2
+ LDFLAGS =-nostartfiles -fno-exceptions -Tfirmware.ld
+ 
+ EXECUTABLE=am335x-pm-firmware.elf
+-- 
+2.23.0
+

package/am33x-cm3/0003-Makefile-unconditionally-disable-PIE.patch

@@ -0,0 +1,33 @@
+From 0e8c3c4851ce64268a8ae1810ef72594251d917d Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Sun, 10 Nov 2019 21:57:12 +0100
+Subject: [PATCH] Makefile: unconditionally disable PIE
+
+Though -nostdlib is passed in $(CFLAGS), -fno-pie must also be passed to
+avoid linking errors related to overlapping sections if toolchain
+enforces PIE.
+
+Fixes:
+ - http://autobuild.buildroot.org/results/418a40b995e91bc66e692dfbc4b0521db3fa5fbb
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile b/Makefile
+index 5226006..fe3d844 100644
+--- a/Makefile
++++ b/Makefile
+@@ -17,7 +17,7 @@ CFLAGS =-march=armv7-m -mcpu=cortex-m3 -mthumb -nostdlib -Wall -Wundef \
+ 	-Werror-implicit-function-declaration -Wstrict-prototypes \
+ 	-Wdeclaration-after-statement -fno-delete-null-pointer-checks \
+ 	-Wempty-body -fno-strict-overflow -fno-stack-protector \
+-	-g -I$(INCLUDES) -O2
++	-fno-pie -g -I$(INCLUDES) -O2
+ LDFLAGS =-nostartfiles -fno-exceptions -Tfirmware.ld
+ 
+ EXECUTABLE=am335x-pm-firmware.elf
+-- 
+2.23.0
+

package/armadillo/armadillo.mk

@@ -9,7 +9,7 @@ ARMADILLO_SOURCE = armadillo-$(ARMADILLO_VERSION).tar.xz
 ARMADILLO_SITE = https://downloads.sourceforge.net/project/arma
 ARMADILLO_DEPENDENCIES = clapack
 ARMADILLO_INSTALL_STAGING = YES
-ARMADILLO_LICENSE = MPL-2.0
+ARMADILLO_LICENSE = Apache-2.0
 ARMADILLO_LICENSE_FILES = LICENSE.txt
 
 $(eval $(cmake-package))

package/asterisk/asterisk.hash

@@ -1,5 +1,5 @@
 # Locally computed
-sha256  8cabb7a6ad2c35b7fb5c520977f2b2c18b471e5b825b65dc411744c6bed2b9f8  asterisk-16.4.1.tar.gz
+sha256  474cbc6f9dddee94616f8af8e097bc4d340dc9698c4165dc45be6e0be80ff725  asterisk-16.6.2.tar.gz
 
 # sha1 from: http://downloads.asterisk.org/pub/telephony/sounds/releases
 # sha256 locally computed
@@ -11,5 +11,5 @@ sha256  449fb810d16502c3052fedf02f7e77b36206ac5a145f3dacf4177843a2fcb538  asteri
 # License files, locally computed
 sha256  82af40ed7f49c08685360811993d9396320842f021df828801d733e8fdc0312f  COPYING
 sha256  ac5571f00e558e3b7c9b3f13f421b874cc12cf4250c4f70094c71544cf486312  main/sha1.c
-sha256  309462c10e84f46bda22032ebe6359f3e9e3e23afcf1fc2aaed5b59daf800d84  codecs/speex/speex_resampler.h
+sha256  6215e3ed73c3982a5c6701127d681ec0b9f1121ac78a28805bd93f93c3eb84c0  codecs/speex/speex_resampler.h
 sha256  1ca2c7a7a1ae7ccd75212a8c1e85dd9ec92bdbc9170aafd97ea60459387755fd  utils/db1-ast/include/db.h

package/asterisk/asterisk.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-ASTERISK_VERSION = 16.4.1
+ASTERISK_VERSION = 16.6.2
 # Use the github mirror: it's an official mirror maintained by Digium, and
 # provides tarballs, which the main Asterisk git tree (behind Gerrit) does not.
 ASTERISK_SITE = $(call github,asterisk,asterisk,$(ASTERISK_VERSION))

package/at/0004-Makefile-fix-parallel-build-failure.patch

@@ -0,0 +1,41 @@
+From 3ace0b57e2aacb784c01a3c7694c6c92461937ff Mon Sep 17 00:00:00 2001
+From: Giulio Benetti <giulio.benetti@benettiengineering.com>
+Date: Thu, 20 Feb 2020 22:00:11 +0100
+Subject: [PATCH] Makefile: fix parallel build failure
+
+At the moment parallel build fails due to 2 causes:
+1) parsetime.l tries to include incomplete y.tab.h, since y.tab.h is the
+result of yacc -d parsetime.y
+2) when compiling y.tab.c, y.tab.c itself is not complete, since it is
+the result of yacc -d parsetime.y
+
+So fix it by:
+1) making parsetime.l to wait for y.tab.h to be created by yacc
+2) waiting for y.tab.c and y.tab.h to be created before compile them
+
+Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
+---
+ Makefile.in | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/Makefile.in b/Makefile.in
+index 4c11913..57c3a0c 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -83,6 +83,8 @@ y.tab.c y.tab.h: parsetime.y
+ lex.yy.c: parsetime.l
+ 	$(LEX) -i parsetime.l
+ 
++parsetime.l: y.tab.h
++
+ atd.service: atd.service.in
+ 	cat $< | sed -e 's![@]sbindir[@]!$(sbindir)!g' | sed -e 's![@]atjobdir[@]!$(atjobdir)!g' > $@
+ 
+@@ -173,3 +175,4 @@ perm.o: perm.c config.h privs.h at.h
+ posixtm.o: posixtm.c posixtm.h
+ daemon.o: daemon.c config.h daemon.h privs.h
+ getloadavg.o: getloadavg.c config.h getloadavg.h
++y.tab.o: y.tab.c y.tab.h
+-- 
+2.20.1
+

package/at/at.mk

@@ -7,9 +7,6 @@
 AT_VERSION = release/3.1.23
 AT_SITE = https://salsa.debian.org/debian/at.git
 AT_SITE_METHOD = git
-# Tried to add missing deps for parsetime.l but still parallel build fails
-# in some case, so at the moment let's keep MAKE1
-AT_MAKE = $(MAKE1)
 AT_AUTORECONF = YES
 AT_DEPENDENCIES = $(if $(BR2_PACKAGE_FLEX),flex) host-bison host-flex
 AT_LICENSE = GPL-2.0+, GPL-3.0+, ISC

package/atk/Config.in

@@ -7,6 +7,8 @@ config BR2_PACKAGE_ATK
 	help
 	  The ATK accessibility toolkit, needed to build GTK+-2.x.
 
+	  https://gitlab.gnome.org/GNOME/atk
+
 comment "atk needs a toolchain w/ wchar, threads"
 	depends on BR2_USE_MMU
 	depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS

package/augeas/augeas.mk

@@ -11,9 +11,6 @@ AUGEAS_LICENSE = LGPL-2.1+
 AUGEAS_LICENSE_FILES = COPYING
 AUGEAS_DEPENDENCIES = host-pkgconf readline libxml2
 
-# patching examples/Makefile.am, can be removed when updating from version 1.9.0
-AUGEAS_AUTORECONF = YES
-
 AUGEAS_CONF_OPTS = --disable-gnulib-tests
 
 # Remove the test lenses which occupy about 1.4 MB on the target

package/azmq/Config.in

@@ -20,7 +20,7 @@ config BR2_PACKAGE_AZMQ
 
 	  https://github.com/zeromq/azmq
 
-comment "azmq needs a toolchain w/ C++11, wchar and NTPL"
+comment "azmq needs a toolchain w/ C++11, wchar and NPTL"
 	depends on !(BR2_INSTALL_LIBSTDCPP && BR2_TOOLCHAIN_GCC_AT_LEAST_4_8 \
 		&& BR2_USE_WCHAR && BR2_TOOLCHAIN_HAS_THREADS_NPTL)
 

package/bcg729/Config.in

@@ -4,4 +4,4 @@ config BR2_PACKAGE_BCG729
 	  Bcg729 is an opensource implementation of both encoder and
 	  decoder of the ITU G729 Annex A/B speech codec.
 
-	  http://www.linphone.org/technical-corner/bcg729/overview
+	  https://www.linphone.org/technical-corner/bcg729

package/bind/0001-cross.patch

@@ -1,18 +1,23 @@
 Use host compiler to build 'gen' since it's run when building.
 
 Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
+[Fabrice: updated for 9.11.10]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 
 diff -Nura bind-9.5.1-P1/lib/dns/Makefile.in bind-9.5.1-P1.gencross/lib/dns/Makefile.in
 --- bind-9.5.1-P1/lib/dns/Makefile.in	2007-09-11 22:09:08.000000000 -0300
 +++ bind-9.5.1-P1.gencross/lib/dns/Makefile.in	2009-03-04 16:35:23.000000000 -0200
-@@ -160,8 +160,8 @@
- 	./gen -s ${srcdir} > code.h
+@@ -160,10 +160,8 @@
+ 	./gen -s ${srcdir} > code.h || { rm -f $@ ; exit 1; }
 
  gen: gen.c
 -	${BUILD_CC} ${BUILD_CFLAGS} -I${top_srcdir}/lib/isc/include \
--	${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} -o $@ ${srcdir}/gen.c ${BUILD_LIBS}
+-	${LFS_CFLAGS} ${LFS_LDFLAGS} \
+-	${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} -o $@ ${srcdir}/gen.c \
+-	${BUILD_LIBS} ${LFS_LIBS}
 +	${HOSTCC} ${HOST_CFLAGS} -I${top_srcdir}/lib/isc/include \
 +	${HOST_LDFLAGS} -o $@ ${srcdir}/gen.c
 
- rbtdb64.@O@: rbtdb.c
+ timestamp: include libdns.@A@
+ 	touch timestamp
 

package/bind/0002-Replace-atomic-operations-in-bin-named-client.c-with.patch

@@ -1,133 +0,0 @@
-From ef49780d30d3ddc5735cfc32561b678a634fa72f Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@sury.org>
-Date: Wed, 17 Apr 2019 15:22:27 +0200
-Subject: [PATCH] Replace atomic operations in bin/named/client.c with
- isc_refcount reference counting
-
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
----
- bin/named/client.c                     | 18 +++++++-----------
- bin/named/include/named/interfacemgr.h |  5 +++--
- bin/named/interfacemgr.c               |  7 +++++--
- 3 files changed, 15 insertions(+), 15 deletions(-)
-
-diff --git a/bin/named/client.c b/bin/named/client.c
-index 845326abc0..29fecadca8 100644
---- a/bin/named/client.c
-+++ b/bin/named/client.c
-@@ -402,12 +402,10 @@ tcpconn_detach(ns_client_t *client) {
- static void
- mark_tcp_active(ns_client_t *client, bool active) {
- 	if (active && !client->tcpactive) {
--		isc_atomic_xadd(&client->interface->ntcpactive, 1);
-+		isc_refcount_increment0(&client->interface->ntcpactive, NULL);
- 		client->tcpactive = active;
- 	} else if (!active && client->tcpactive) {
--		uint32_t old =
--			isc_atomic_xadd(&client->interface->ntcpactive, -1);
--		INSIST(old > 0);
-+		isc_refcount_decrement(&client->interface->ntcpactive, NULL);
- 		client->tcpactive = active;
- 	}
- }
-@@ -554,7 +552,7 @@ exit_check(ns_client_t *client) {
- 		if (client->mortal && TCP_CLIENT(client) &&
- 		    client->newstate != NS_CLIENTSTATE_FREED &&
- 		    !ns_g_clienttest &&
--		    isc_atomic_xadd(&client->interface->ntcpaccepting, 0) == 0)
-+		    isc_refcount_current(&client->interface->ntcpaccepting) == 0)
- 		{
- 			/* Nobody else is accepting */
- 			client->mortal = false;
-@@ -3328,7 +3326,6 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
- 	isc_result_t result;
- 	ns_client_t *client = event->ev_arg;
- 	isc_socket_newconnev_t *nevent = (isc_socket_newconnev_t *)event;
--	uint32_t old;
- 
- 	REQUIRE(event->ev_type == ISC_SOCKEVENT_NEWCONN);
- 	REQUIRE(NS_CLIENT_VALID(client));
-@@ -3348,8 +3345,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
- 	INSIST(client->naccepts == 1);
- 	client->naccepts--;
- 
--	old = isc_atomic_xadd(&client->interface->ntcpaccepting, -1);
--	INSIST(old > 0);
-+	isc_refcount_decrement(&client->interface->ntcpaccepting, NULL);
- 
- 	/*
- 	 * We must take ownership of the new socket before the exit
-@@ -3480,8 +3476,8 @@ client_accept(ns_client_t *client) {
- 		 * quota is tcp-clients plus the number of listening
- 		 * interfaces plus 1.)
- 		 */
--		exit = (isc_atomic_xadd(&client->interface->ntcpactive, 0) >
--			(client->tcpactive ? 1 : 0));
-+		exit = (isc_refcount_current(&client->interface->ntcpactive) >
-+			(client->tcpactive ? 1U : 0U));
- 		if (exit) {
- 			client->newstate = NS_CLIENTSTATE_INACTIVE;
- 			(void)exit_check(client);
-@@ -3539,7 +3535,7 @@ client_accept(ns_client_t *client) {
- 	 * listening for connections itself to prevent the interface
- 	 * going dead.
- 	 */
--	isc_atomic_xadd(&client->interface->ntcpaccepting, 1);
-+	isc_refcount_increment0(&client->interface->ntcpaccepting, NULL);
- }
- 
- static void
-diff --git a/bin/named/include/named/interfacemgr.h b/bin/named/include/named/interfacemgr.h
-index 3535ef22a8..6e10f210fd 100644
---- a/bin/named/include/named/interfacemgr.h
-+++ b/bin/named/include/named/interfacemgr.h
-@@ -45,6 +45,7 @@
- #include <isc/magic.h>
- #include <isc/mem.h>
- #include <isc/socket.h>
-+#include <isc/refcount.h>
- 
- #include <dns/result.h>
- 
-@@ -75,11 +76,11 @@ struct ns_interface {
- 						/*%< UDP dispatchers. */
- 	isc_socket_t *		tcpsocket;	/*%< TCP socket. */
- 	isc_dscp_t		dscp;		/*%< "listen-on" DSCP value */
--	int32_t			ntcpaccepting;	/*%< Number of clients
-+	isc_refcount_t		ntcpaccepting;	/*%< Number of clients
- 						     ready to accept new
- 						     TCP connections on this
- 						     interface */
--	int32_t			ntcpactive;	/*%< Number of clients
-+	isc_refcount_t		ntcpactive;	/*%< Number of clients
- 						     servicing TCP queries
- 						     (whether accepting or
- 						     connected) */
-diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c
-index d9f6df5802..135533be6b 100644
---- a/bin/named/interfacemgr.c
-+++ b/bin/named/interfacemgr.c
-@@ -386,8 +386,8 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr,
- 	 * connections will be handled in parallel even though there is
- 	 * only one client initially.
- 	 */
--	ifp->ntcpaccepting = 0;
--	ifp->ntcpactive = 0;
-+	isc_refcount_init(&ifp->ntcpaccepting, 0);
-+	isc_refcount_init(&ifp->ntcpactive, 0);
- 
- 	ifp->nudpdispatch = 0;
- 
-@@ -618,6 +618,9 @@ ns_interface_destroy(ns_interface_t *ifp) {
- 
- 	ns_interfacemgr_detach(&ifp->mgr);
- 
-+	isc_refcount_destroy(&ifp->ntcpactive);
-+	isc_refcount_destroy(&ifp->ntcpaccepting);
-+
- 	ifp->magic = 0;
- 	isc_mem_put(mctx, ifp, sizeof(*ifp));
- }
--- 
-2.11.0
-

package/bind/Config.in

@@ -24,7 +24,7 @@ config BR2_PACKAGE_BIND
 	  intended to be linked with applications requiring name
 	  service.
 
-	  http://www.isc.org/sw/bind/
+	  https://www.isc.org/bind/
 
 if BR2_PACKAGE_BIND
 

package/bind/bind.hash

@@ -1,4 +1,4 @@
-# Verified from https://ftp.isc.org/isc/bind9/9.11.6-P1/bind-9.11.6-P1.tar.gz.asc
-# with key 156890685EA0DF6A1371EF2017CC5DB1F0088407
-sha256 58ace2abb4d048b67abcdef0649ecd6cbd3b0652734a41a1d34f942d5500f8ef bind-9.11.6-P1.tar.gz
+# Verified from https://ftp.isc.org/isc/bind9/9.11.13/bind-9.11.13.tar.gz.asc
+# with key AE3FAC796711EC59FC007AA474BB6B9A4CBB3D38
+sha256 fd3f3cc9fcfcdaa752db35eb24598afa1fdcc2509d3227fc90a8631b7b400f7d bind-9.11.13.tar.gz
 sha256 cd02c93b8dcda794f55dfd1231828d69633072a98eee4874f9cf732d22d9dcde COPYRIGHT

package/bind/bind.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-BIND_VERSION = 9.11.6-P1
+BIND_VERSION = 9.11.13
 BIND_SITE = https://ftp.isc.org/isc/bind9/$(BIND_VERSION)
 # bind does not support parallel builds.
 BIND_MAKE = $(MAKE1)

package/binutils/2.31.1/0018-bfd-xtensa-fix-PR-ld-25630.patch

@@ -0,0 +1,37 @@
+From 85dcca5997cf3822d6456a5c9c59c46b56adfbb8 Mon Sep 17 00:00:00 2001
+From: Max Filippov <jcmvbkbc@gmail.com>
+Date: Wed, 4 Mar 2020 14:54:27 -0800
+Subject: [PATCH] bfd: xtensa: fix PR ld/25630
+
+bfd/
+2020-03-05  Max Filippov  <jcmvbkbc@gmail.com>
+
+	* elf32-xtensa.c (shrink_dynamic_reloc_sections): Shrink dynamic
+	relocation sections for any removed reference to a dynamic symbol.
+
+Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
+---
+ bfd/elf32-xtensa.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/bfd/elf32-xtensa.c b/bfd/elf32-xtensa.c
+index 12ff9f772aaf..65e14d87940c 100644
+--- a/bfd/elf32-xtensa.c
++++ b/bfd/elf32-xtensa.c
+@@ -10148,10 +10148,9 @@ shrink_dynamic_reloc_sections (struct bfd_link_info *info,
+ 
+   if ((r_type == R_XTENSA_32 || r_type == R_XTENSA_PLT)
+       && (input_section->flags & SEC_ALLOC) != 0
+-      && (dynamic_symbol || bfd_link_pic (info))
+-      && (!h || h->root.type != bfd_link_hash_undefweak
+-	  || (dynamic_symbol
+-	      && (bfd_link_dll (info) || info->export_dynamic))))
++      && (dynamic_symbol
++	  || (bfd_link_pic (info)
++	      && (!h || h->root.type != bfd_link_hash_undefweak))))
+     {
+       asection *srel;
+       bfd_boolean is_plt = FALSE;
+-- 
+2.20.1
+

package/blktrace/0001-btt-make-device-devno-use-PATH_MAX-to-avoid-overflow.patch

@@ -0,0 +1,146 @@
+From d61ff409cb4dda31386373d706ea0cfb1aaac5b7 Mon Sep 17 00:00:00 2001
+From: Jens Axboe <axboe@kernel.dk>
+Date: Wed, 2 May 2018 10:24:17 -0600
+Subject: btt: make device/devno use PATH_MAX to avoid overflow
+
+Herbo Zhang reports:
+
+I found a bug in blktrace/btt/devmap.c. The code is just as follows:
+
+https://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/tree/btt/devmap.c?id=8349ad2f2d19422a6241f94ea84d696b21de4757
+
+       struct devmap {
+
+struct list_head head;
+char device[32], devno[32];    // #1
+};
+
+LIST_HEAD(all_devmaps);
+
+static int dev_map_add(char *line)
+{
+struct devmap *dmp;
+
+if (strstr(line, "Device") != NULL)
+return 1;
+
+dmp = malloc(sizeof(struct devmap));
+if (sscanf(line, "%s %s", dmp->device, dmp->devno) != 2) {  //#2
+free(dmp);
+return 1;
+}
+
+list_add_tail(&dmp->head, &all_devmaps);
+return 0;
+}
+
+int dev_map_read(char *fname)
+{
+char line[256];   // #3
+FILE *fp = my_fopen(fname, "r");
+
+if (!fp) {
+perror(fname);
+return 1;
+}
+
+while (fscanf(fp, "%255[a-zA-Z0-9 :.,/_-]\n", line) == 1) {
+if (dev_map_add(line))
+break;
+}
+
+fclose(fp);
+return 0;
+}
+
+ The line length is 256, but the dmp->device, dmp->devno  max length
+is only 32. We can put strings longer than 32 into dmp->device and
+dmp->devno , and then they will be overflowed.
+
+ we can trigger this bug just as follows:
+
+ $ python -c "print 'A'*256" > ./test
+    $ btt -M ./test
+
+    *** Error in btt': free(): invalid next size (fast): 0x000055ad7349b250 ***
+    ======= Backtrace: =========
+    /lib/x86_64-linux-gnu/libc.so.6(+0x777e5)[0x7f7f158ce7e5]
+    /lib/x86_64-linux-gnu/libc.so.6(+0x7fe0a)[0x7f7f158d6e0a]
+    /lib/x86_64-linux-gnu/libc.so.6(cfree+0x4c)[0x7f7f158da98c]
+    btt(+0x32e0)[0x55ad7306f2e0]
+    btt(+0x2c5f)[0x55ad7306ec5f]
+    btt(+0x251f)[0x55ad7306e51f]
+    /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0)[0x7f7f15877830]
+    btt(+0x26b9)[0x55ad7306e6b9]
+    ======= Memory map: ========
+    55ad7306c000-55ad7307f000 r-xp 00000000 08:14 3698139
+      /usr/bin/btt
+    55ad7327e000-55ad7327f000 r--p 00012000 08:14 3698139
+      /usr/bin/btt
+    55ad7327f000-55ad73280000 rw-p 00013000 08:14 3698139
+      /usr/bin/btt
+    55ad73280000-55ad73285000 rw-p 00000000 00:00 0
+    55ad7349a000-55ad734bb000 rw-p 00000000 00:00 0
+      [heap]
+    7f7f10000000-7f7f10021000 rw-p 00000000 00:00 0
+    7f7f10021000-7f7f14000000 ---p 00000000 00:00 0
+    7f7f15640000-7f7f15656000 r-xp 00000000 08:14 14942237
+      /lib/x86_64-linux-gnu/libgcc_s.so.1
+    7f7f15656000-7f7f15855000 ---p 00016000 08:14 14942237
+      /lib/x86_64-linux-gnu/libgcc_s.so.1
+    7f7f15855000-7f7f15856000 r--p 00015000 08:14 14942237
+      /lib/x86_64-linux-gnu/libgcc_s.so.1
+    7f7f15856000-7f7f15857000 rw-p 00016000 08:14 14942237
+      /lib/x86_64-linux-gnu/libgcc_s.so.1
+    7f7f15857000-7f7f15a16000 r-xp 00000000 08:14 14948477
+      /lib/x86_64-linux-gnu/libc-2.23.so
+    7f7f15a16000-7f7f15c16000 ---p 001bf000 08:14 14948477
+      /lib/x86_64-linux-gnu/libc-2.23.so
+    7f7f15c16000-7f7f15c1a000 r--p 001bf000 08:14 14948477
+      /lib/x86_64-linux-gnu/libc-2.23.so
+    7f7f15c1a000-7f7f15c1c000 rw-p 001c3000 08:14 14948477
+      /lib/x86_64-linux-gnu/libc-2.23.so
+    7f7f15c1c000-7f7f15c20000 rw-p 00000000 00:00 0
+    7f7f15c20000-7f7f15c46000 r-xp 00000000 08:14 14948478
+      /lib/x86_64-linux-gnu/ld-2.23.so
+    7f7f15e16000-7f7f15e19000 rw-p 00000000 00:00 0
+    7f7f15e42000-7f7f15e45000 rw-p 00000000 00:00 0
+    7f7f15e45000-7f7f15e46000 r--p 00025000 08:14 14948478
+      /lib/x86_64-linux-gnu/ld-2.23.so
+    7f7f15e46000-7f7f15e47000 rw-p 00026000 08:14 14948478
+      /lib/x86_64-linux-gnu/ld-2.23.so
+    7f7f15e47000-7f7f15e48000 rw-p 00000000 00:00 0
+    7ffdebe5c000-7ffdebe7d000 rw-p 00000000 00:00 0
+      [stack]
+    7ffdebebc000-7ffdebebe000 r--p 00000000 00:00 0
+      [vvar]
+    7ffdebebe000-7ffdebec0000 r-xp 00000000 00:00 0
+      [vdso]
+    ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0
+      [vsyscall]
+    [1]    6272 abort      btt -M test
+
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+[Retrieved from:
+https://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/commit/?id=d61ff409cb4dda31386373d706ea0cfb1aaac5b7]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ btt/devmap.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/btt/devmap.c b/btt/devmap.c
+index 0553a9e..5fc1cb2 100644
+--- a/btt/devmap.c
++++ b/btt/devmap.c
+@@ -23,7 +23,7 @@
+ 
+ struct devmap {
+ 	struct list_head head;
+-	char device[32], devno[32];
++	char device[PATH_MAX], devno[PATH_MAX];
+ };
+ 
+ LIST_HEAD(all_devmaps);
+-- 
+cgit 1.2-0.3.lf.el7
+

package/blktrace/blktrace.mk

@@ -10,6 +10,9 @@ BLKTRACE_DEPENDENCIES = libaio
 BLKTRACE_LICENSE = GPL-2.0+
 BLKTRACE_LICENSE_FILES = COPYING
 
+# 0001-btt-make-device-devno-use-PATH_MAX-to-avoid-overflow.patch
+BLKTRACE_IGNORE_CVES += CVE-2018-10689
+
 define BLKTRACE_BUILD_CMDS
 	$(TARGET_MAKE_ENV) $(MAKE1) -C $(@D) $(TARGET_CONFIGURE_OPTS)
 endef

package/bootstrap/bootstrap.hash

@@ -1,3 +1,3 @@
 # Locally computed:
-sha256	75c0325fd82e29cf524e28d8be7716c216cc507ba85b087ab36868209236aa01  bootstrap-4.1.0-dist.zip
-sha256	0ce7fbe215cdf921ed87d00a374404681d5d24898589a7fe60e068d09289b4ba  css/bootstrap.css
+sha256  888ffd30b7e192381e2f6a948ca04669fdcc2ccc2ba016de00d38c8e30793323  bootstrap-4.3.1-dist.zip
+sha256  35fbb6dc3891aacaf1ffa07abec2344fdbc454aab533a2a03bcf93577eb7837b  css/bootstrap.css

package/bootstrap/bootstrap.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-BOOTSTRAP_VERSION = 4.1.0
+BOOTSTRAP_VERSION = 4.3.1
 BOOTSTRAP_SITE = https://github.com/twbs/bootstrap/releases/download/v$(BOOTSTRAP_VERSION)
 BOOTSTRAP_SOURCE = bootstrap-$(BOOTSTRAP_VERSION)-dist.zip
 BOOTSTRAP_LICENSE = MIT
@@ -12,6 +12,7 @@ BOOTSTRAP_LICENSE_FILES = css/bootstrap.css
 
 define BOOTSTRAP_EXTRACT_CMDS
 	$(UNZIP) $(BOOTSTRAP_DL_DIR)/$(BOOTSTRAP_SOURCE) -d $(@D)
+	mv $(@D)/bootstrap-$(BOOTSTRAP_VERSION)-dist/* $(@D)
 endef
 
 define BOOTSTRAP_INSTALL_TARGET_CMDS

package/busybox/busybox.mk

@@ -262,7 +262,9 @@ endif
 
 ifeq ($(BR2_INIT_BUSYBOX),y)
 define BUSYBOX_INSTALL_INITTAB
-	$(INSTALL) -D -m 0644 package/busybox/inittab $(TARGET_DIR)/etc/inittab
+	if test ! -e $(TARGET_DIR)/etc/inittab; then \
+		$(INSTALL) -D -m 0644 package/busybox/inittab $(TARGET_DIR)/etc/inittab; \
+	fi
 endef
 endif
 
@@ -332,6 +334,7 @@ define BUSYBOX_INSTALL_TARGET_CMDS
 	# Use the 'noclobber' install rule, to prevent BusyBox from overwriting
 	# any full-blown versions of apps installed by other packages.
 	$(BUSYBOX_MAKE_ENV) $(MAKE) $(BUSYBOX_MAKE_OPTS) -C $(@D) install-noclobber
+	$(BUSYBOX_INSTALL_INDIVIDUAL_BINARIES)
 	$(BUSYBOX_INSTALL_INITTAB)
 	$(BUSYBOX_INSTALL_UDHCPC_SCRIPT)
 	$(BUSYBOX_INSTALL_MDEV_CONF)
@@ -342,7 +345,6 @@ define BUSYBOX_INSTALL_INIT_SYSV
 	$(BUSYBOX_INSTALL_LOGGING_SCRIPT)
 	$(BUSYBOX_INSTALL_WATCHDOG_SCRIPT)
 	$(BUSYBOX_INSTALL_TELNET_SCRIPT)
-	$(BUSYBOX_INSTALL_INDIVIDUAL_BINARIES)
 endef
 
 # Checks to give errors that the user can understand

package/bwm-ng/bwm-ng.mk

@@ -7,7 +7,7 @@
 BWM_NG_VERSION = f54b3fad2c80bfe63f920c9b5e7c1d80389c57ef
 BWM_NG_SITE = $(call github,vgropp,bwm-ng,$(BWM_NG_VERSION))
 BWM_NG_CONF_OPTS = --with-procnetdev --with-diskstats
-BWM_NG_LICENSE = GPL-2.0
+BWM_NG_LICENSE = GPL-2.0+
 BWM_NG_LICENSE_FILES = COPYING
 BWM_NG_AUTORECONF = YES
 

package/ca-certificates/Config.in

@@ -9,4 +9,4 @@ config BR2_PACKAGE_CA_CERTIFICATES
 	  Debian infrastructure and those shipped with Mozilla's
 	  browsers.
 
-	  http://anonscm.debian.org/gitweb/?p=collab-maint/ca-certificates.git
+	  https://salsa.debian.org/debian/ca-certificates

package/cairo/cairo.hash

@@ -1,7 +1,7 @@
-# From https://www.cairographics.org/snapshots/cairo-1.15.12.tar.xz.sha1
-sha1	4e64c6a48789edb4c60bc3fa95bd3992cc388b88	cairo-1.15.12.tar.xz
+# From https://www.cairographics.org/snapshots/cairo-1.15.14.tar.xz.sha1
+sha1	62ebffbaf4cc81c412f0ad3f87dc20499f85d046	cairo-1.15.14.tar.xz
 # Calculated based on the hash above
-sha256	7623081b94548a47ee6839a7312af34e9322997806948b6eec421a8c6d0594c9	cairo-1.15.12.tar.xz
+sha256	16566b6c015a761bb0b7595cf879b77f8de85f90b443119083c4c2769b93298d	cairo-1.15.14.tar.xz
 
 # Hash for license files:
 sha256	67228a9f7c5f9b67c58f556f1be178f62da4d9e2e6285318d8c74d567255abdf	COPYING

package/cairo/cairo.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-CAIRO_VERSION = 1.15.12
+CAIRO_VERSION = 1.15.14
 CAIRO_SOURCE = cairo-$(CAIRO_VERSION).tar.xz
 CAIRO_LICENSE = LGPL-2.1 or MPL-1.1 (library)
 CAIRO_LICENSE_FILES = COPYING COPYING-LGPL-2.1 COPYING-MPL-1.1

package/cc-tool/cc-tool.hash

@@ -1,3 +1,6 @@
 # From http://sourceforge.net/projects/cctool/files/
 sha1 f313e55f019ea5338438633f5b5e689b699343e1  cc-tool-0.26-src.tgz
 md5 26960676f3e6264e612c299fbf8ec5ea  cc-tool-0.26-src.tgz
+
+# Hash for license file
+sha256 231f7edcc7352d7734a96eef0b8030f77982678c516876fcb81e25b32d68564c  COPYING

package/chrony/chrony.mk

@@ -13,6 +13,7 @@ CHRONY_CONF_OPTS = \
 	--host-system=Linux \
 	--host-machine=$(BR2_ARCH) \
 	--prefix=/usr \
+	--without-readline \
 	--without-tomcrypt
 
 ifeq ($(BR2_PACKAGE_LIBCAP),y)
@@ -34,10 +35,10 @@ else
 CHRONY_CONF_OPTS += --without-seccomp
 endif
 
-ifeq ($(BR2_PACKAGE_READLINE),y)
-CHRONY_DEPENDENCIES += readline
+ifeq ($(BR2_PACKAGE_LIBEDIT),y)
+CHRONY_DEPENDENCIES += libedit
 else
-CHRONY_CONF_OPTS += --disable-readline
+CHRONY_CONF_OPTS += --without-editline --disable-readline
 endif
 
 # If pps-tools is available, build it before so the package can use it

package/clamav/Config.in

@@ -4,6 +4,7 @@ config BR2_PACKAGE_CLAMAV
 	depends on BR2_TOOLCHAIN_HAS_THREADS
 	depends on BR2_USE_MMU # fork()
 	depends on BR2_USE_WCHAR
+	select BR2_PACKAGE_LIBMSPACK
 	select BR2_PACKAGE_LIBTOOL
 	select BR2_PACKAGE_OPENSSL
 	select BR2_PACKAGE_ZLIB

package/clamav/clamav.hash

@@ -1,5 +1,5 @@
 # Locally calculated
-sha256 0bf094f0919d158a578421d66bc2569c8c8181233ba162bb51722f98c802bccd  clamav-0.101.4.tar.gz
+sha256 04bc4af7aa61cd4ce419a1cfbf77605ee40128455c7627fe2725dd157392d58c  clamav-0.101.5.tar.gz
 sha256 0c4fd2fa9733fc9122503797648710851e4ee6d9e4969dd33fcbd8c63cd2f584  COPYING
 sha256 d72a145c90918184a05ef65a04c9e6f7466faa59bc1b82c8f6a8ddc7ddcb9bed  COPYING.bzip2
 sha256 dfb818a0d41411c6fb1c193c68b73018ceadd1994bda41ad541cbff292894bc6  COPYING.file

package/clamav/clamav.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-CLAMAV_VERSION = 0.101.4
+CLAMAV_VERSION = 0.101.5
 CLAMAV_SITE = https://www.clamav.net/downloads/production
 CLAMAV_LICENSE = GPL-2.0
 CLAMAV_LICENSE_FILES = COPYING COPYING.bzip2 COPYING.file COPYING.getopt \
@@ -12,6 +12,7 @@ CLAMAV_LICENSE_FILES = COPYING COPYING.bzip2 COPYING.file COPYING.getopt \
 	COPYING.unrar COPYING.zlib
 CLAMAV_DEPENDENCIES = \
 	host-pkgconf \
+	libmspack \
 	libtool \
 	openssl \
 	zlib \
@@ -32,6 +33,7 @@ CLAMAV_CONF_OPTS = \
 	--with-ltdl-include=$(STAGING_DIR)/usr/include \
 	--with-ltdl-lib=$(STAGING_DIR)/usr/lib \
 	--with-openssl=$(STAGING_DIR)/usr \
+	--with-system-libmspack=$(STAGING_DIR)/usr \
 	--with-zlib=$(STAGING_DIR)/usr \
 	--disable-zlib-vcheck \
 	--disable-rpath \

package/collectd/collectd.mk

@@ -184,7 +184,7 @@ COLLECTD_CONF_OPTS += --with-libpq=$(STAGING_DIR)/usr/bin/pg_config
 COLLECTD_CONF_ENV += LIBS="-lpthread -lm"
 endif
 ifeq ($(BR2_PACKAGE_YAJL),y)
-COLLECTD_CONF_OPTS += --with-yajl=$(STAGING_DIR)/usr
+COLLECTD_CONF_OPTS += --with-libyajl=$(STAGING_DIR)/usr
 endif
 
 # network can use libgcrypt

package/connman/connman.mk

@@ -39,6 +39,7 @@ define CONNMAN_INSTALL_INIT_SYSTEMD
 endef
 
 ifeq ($(BR2_PACKAGE_CONNMAN_CLIENT),y)
+CONNMAN_LICENSE += , GPL-2.0+ (client)
 CONNMAN_CONF_OPTS += --enable-client
 CONNMAN_DEPENDENCIES += readline
 

package/copas/Config.in

@@ -8,4 +8,4 @@ config BR2_PACKAGE_COPAS
 	  servers. But it also features timers and client support for
 	  http(s), ftp and smtp requests.
 
-	  http://www.keplerproject.org/copas/
+	  http://keplerproject.github.io/copas/

package/cpio/0001-fix-CVE-2016-2037.patch

@@ -1,51 +0,0 @@
-From: Pavel Raiskup
-Subject: [Bug-cpio] [PATCH] fix 1-byte out-of-bounds write
-Date: Tue, 26 Jan 2016 23:17:54 +0100
-
-Other calls to cpio_safer_name_suffix seem to be safe.
-
-* src/copyin.c (process_copy_in):  Make sure that file_hdr.c_name
-has at least two bytes allocated.
-* src/util.c (cpio_safer_name_suffix): Document that use of this
-function requires to be careful.
-
-Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
----
-Patch status: fetched/submitted
-URL: https://lists.gnu.org/archive/html/bug-cpio/2016-01/msg00005.html
-
- src/copyin.c | 2 ++
- src/util.c   | 5 ++++-
- 2 files changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/src/copyin.c b/src/copyin.c
-index cde911e..032d35f 100644
---- a/src/copyin.c
-+++ b/src/copyin.c
-@@ -1385,6 +1385,8 @@ process_copy_in ()
-          break;
-        }
-
-+      if (file_hdr.c_namesize <= 1)
-+        file_hdr.c_name = xrealloc(file_hdr.c_name, 2);
-       cpio_safer_name_suffix (file_hdr.c_name, false, !no_abs_paths_flag,
-                              false);
-
-diff --git a/src/util.c b/src/util.c
-index 6ff6032..2763ac1 100644
---- a/src/util.c
-+++ b/src/util.c
-@@ -1411,7 +1411,10 @@ set_file_times (int fd,
- }
- 
- /* Do we have to ignore absolute paths, and if so, does the filename
--   have an absolute path?  */
-+   have an absolute path?
-+   Before calling this function make sure that the allocated NAME buffer has
-+   capacity at least 2 bytes to allow us to store the "." string inside.  */
-+
- void
- cpio_safer_name_suffix (char *name, bool link_target, bool absolute_names,
-                        bool strip_leading_dots)
---
-2.5.0

package/cpio/cpio.hash

@@ -1,2 +1,7 @@
+# From https://lists.gnu.org/archive/html/info-gnu/2019-11/msg00002.html
+md5 f3438e672e3fa273a7dc26339dd1eed6  cpio-2.13.tar.bz2
+sha1 4dcefc0e1bc36b11506a354768d82b15e3fe6bb8  cpio-2.13.tar.bz2
 # Locally calculated after checking pgp signature
-sha256	08a35e92deb3c85d269a0059a27d4140a9667a6369459299d08c17f713a92e73	cpio-2.12.tar.gz
+sha256 eab5bdc5ae1df285c59f2a4f140a98fc33678a0bf61bdba67d9436ae26b46f6d  cpio-2.13.tar.bz2
+# Locally calculated
+sha256 fc82ca8b6fdb18d4e3e85cfd8ab58d1bcd3f1b29abe782895abd91d64763f8e7  COPYING

package/cpio/cpio.mk

@@ -4,7 +4,8 @@
 #
 ################################################################################
 
-CPIO_VERSION = 2.12
+CPIO_VERSION = 2.13
+CPIO_SOURCE = cpio-$(CPIO_VERSION).tar.bz2
 CPIO_SITE = $(BR2_GNU_MIRROR)/cpio
 CPIO_CONF_OPTS = --bindir=/bin
 CPIO_LICENSE = GPL-3.0+

package/cups-filters/0001-Replace-relative-linking-with-absolute-linking.patch

@@ -1,46 +0,0 @@
-From c26b4c3550557442890f2f790d4f8b61a3734c1f Mon Sep 17 00:00:00 2001
-From: Olivier Schonken <olivier.schonken@gmail.com>
-Date: Thu, 8 Mar 2018 12:32:23 +0200
-Subject: [PATCH] install: don't use ln -r
-
-Oldish enterprise-class distributions have too old versions of
-coreutils, with ln not supporting -r.
-
-So we fake it.
-
-ln -r would create minimalist relative paths, but they are not
-trivial to generate. Instead, we always create paths relative to the
-root, i.e.:
-
-    ln -s -r /usr/bin/foo /usr/sbin/foo
-
-would create:  /usr/sbin/foo -> ../bin/foo
-while we do :  /usr/sbin/foo -> ../../usr/bin/foo
-
-Signed-off-by: Olivier Schonken <olivier.schonken@gmail.com>
----
- Makefile.am | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/Makefile.am b/Makefile.am
-index d959227..b49914a 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -998,11 +998,11 @@ install-exec-hook:
- 	$(INSTALL) -d -m 755 $(DESTDIR)$(pkgfilterdir)
- 	$(INSTALL) -d -m 755 $(DESTDIR)$(pkgbackenddir)
- if ENABLE_FOOMATIC
--	$(LN_S) -r -f $(DESTDIR)$(pkgfilterdir)/foomatic-rip $(DESTDIR)$(bindir)
-+	$(LN_S) -f ../..$(pkgfilterdir)/foomatic-rip $(DESTDIR)$(bindir)
- endif
- if ENABLE_DRIVERLESS
--	$(LN_S) -r -f $(DESTDIR)$(pkgppdgendir)/driverless $(DESTDIR)$(bindir)
--	$(LN_S) -r -f $(DESTDIR)$(pkgppdgendir)/driverless $(DESTDIR)$(pkgbackenddir)
-+	$(LN_S) -f ../..$(pkgppdgendir)/driverless $(DESTDIR)$(bindir)
-+	$(LN_S) -f ../..$(pkgppdgendir)/driverless $(DESTDIR)$(pkgbackenddir)
- endif
- if ENABLE_BRAILLE
- 	$(LN_S) -f imagetobrf $(DESTDIR)$(pkgfilterdir)/imagetoubrl
--- 
-2.14.1
-

package/cups-filters/0001-install-support-old-ln-versions-without-the-r-option.patch

@@ -0,0 +1,214 @@
+From edd44df686b4ec983a327cabc5035106addb274f Mon Sep 17 00:00:00 2001
+From: Carlos Santos <unixmania@gmail.com>
+Date: Mon, 16 Sep 2019 22:22:37 -0300
+Subject: [PATCH] install: support old ln versions without the -r option
+
+Oldish enterprise-class Linux distributions have outdated versions of
+coreutils whose ln command do not support the -r option. Also non-Linux
+systems like FreeBSD don't support that option. Use a shell script that
+mimics the missing functionality.
+
+The script creates minimalist relative paths, like ln -r does, but in
+order to simplify the logic, it requires that the arguments be absolute
+paths and do not end with '/'. This is enough for our purposes.
+
+Add configuration logic to detect if ln supports the -r option, based on
+the logic used by Autoconf to check if ln supports the -s option.
+
+Signed-off-by: Carlos Santos <unixmania@gmail.com>
+---
+ Makefile.am     |  6 ++--
+ configure.ac    |  2 ++
+ ln-srf          | 49 ++++++++++++++++++++++++++
+ m4/ac_ln_srf.m4 | 91 +++++++++++++++++++++++++++++++++++++++++++++++++
+ 4 files changed, 145 insertions(+), 3 deletions(-)
+ create mode 100755 ln-srf
+ create mode 100644 m4/ac_ln_srf.m4
+
+diff --git a/Makefile.am b/Makefile.am
+index 76b81de5..beb2882e 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -988,11 +988,11 @@ install-exec-hook:
+ 	$(INSTALL) -d -m 755 $(DESTDIR)$(pkgfilterdir)
+ 	$(INSTALL) -d -m 755 $(DESTDIR)$(pkgbackenddir)
+ if ENABLE_FOOMATIC
+-	$(LN_S) -r -f $(DESTDIR)$(pkgfilterdir)/foomatic-rip $(DESTDIR)$(bindir)
++	$(LN_SRF) $(DESTDIR)$(pkgfilterdir)/foomatic-rip $(DESTDIR)$(bindir)
+ endif
+ if ENABLE_DRIVERLESS
+-	$(LN_S) -r -f $(DESTDIR)$(pkgppdgendir)/driverless $(DESTDIR)$(bindir)
+-	$(LN_S) -r -f $(DESTDIR)$(pkgppdgendir)/driverless $(DESTDIR)$(pkgbackenddir)
++	$(LN_SRF) $(DESTDIR)$(pkgppdgendir)/driverless $(DESTDIR)$(bindir)
++	$(LN_SRF) $(DESTDIR)$(pkgppdgendir)/driverless $(DESTDIR)$(pkgbackenddir)
+ endif
+ if ENABLE_BRAILLE
+ 	$(LN_S) -f imagetobrf $(DESTDIR)$(pkgfilterdir)/imagetoubrl
+diff --git a/configure.ac b/configure.ac
+index d5a539b6..fbcf829a 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -58,6 +58,8 @@ AM_ICONV
+ AC_PROG_CPP
+ AC_PROG_INSTALL
+ AC_PROG_LN_S
++AS_LN_SRF_PREPARE
++AC_PROG_LN_SRF
+ AC_PROG_MAKE_SET
+ AC_PROG_LIBTOOL
+ PKG_PROG_PKG_CONFIG([0.20])
+diff --git a/ln-srf b/ln-srf
+new file mode 100755
+index 00000000..f395a760
+--- /dev/null
++++ b/ln-srf
+@@ -0,0 +1,49 @@
++#!/bin/sh
++#
++# Author: Carlos Santos <unixmania@gmail.com>
++# This file is in public domain.
++#
++
++error() {
++	echo "$@" 1>&2
++	exit 1
++}
++
++src="$1"
++dst="$2"
++
++check_path() {
++	case "$2" in
++		*/../*|*/./*|*/.|*/..) error "$1 path '$2' must be absolute";;
++		*/) error "$1 path '$2' must not end with '/'";;
++		/?*) ;;
++		*) error "$1 path '$2' must start with '/'";;
++	esac
++}
++
++check_path "source" "$src"
++check_path "destination" "$dst"
++
++# strip leading '/'
++src=${src#/*}
++tmp=${dst#/*}
++
++s_prefix=${src%%/*}
++d_prefix=${tmp%%/*}
++
++# strip leading common
++while [ "$s_prefix" = "$d_prefix" ]; do
++	src="${src#$s_prefix/}"
++	tmp="${tmp#$d_prefix/}"
++	s_prefix=${src%%/*}
++	d_prefix=${tmp%%/*}
++done
++
++s_prefix="../"
++while [ -n "$d_prefix" ] && [ "$tmp" != "$d_prefix" ]; do
++	s_prefix="../$s_prefix"
++	tmp="${tmp#$d_prefix/}"
++	d_prefix=${tmp%%/*}
++done
++
++ln -s -f "$s_prefix$src" "$dst"
+diff --git a/m4/ac_ln_srf.m4 b/m4/ac_ln_srf.m4
+new file mode 100644
+index 00000000..204b3439
+--- /dev/null
++++ b/m4/ac_ln_srf.m4
+@@ -0,0 +1,91 @@
++# Adapted from Autoconf Version 2.63 (GPLv2).
++#
++# Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008
++# Free Software Foundation, Inc.
++#
++# This program is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation; either version 2, or (at your option)
++# any later version.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program; if not, write to the Free Software
++# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
++# 02110-1301, USA.
++#
++# As a special exception, the Free Software Foundation gives unlimited
++# permission to copy, distribute and modify the configure scripts that
++# are the output of Autoconf.  You need not follow the terms of the GNU
++# General Public License when using or distributing such scripts, even
++# though portions of the text of Autoconf appear in them.  The GNU
++# General Public License (GPL) does govern all other use of the material
++# that constitutes the Autoconf program.
++#
++# Certain portions of the Autoconf source text are designed to be copied
++# (in certain cases, depending on the input) into the output of
++# Autoconf.  We call these the "data" portions.  The rest of the Autoconf
++# source text consists of comments plus executable code that decides which
++# of the data portions to output in any given case.  We call these
++# comments and executable code the "non-data" portions.  Autoconf never
++# copies any of the non-data portions into its output.
++#
++# This special exception to the GPL applies to versions of Autoconf
++# released by the Free Software Foundation.  When you make and
++# distribute a modified version of Autoconf, you may extend this special
++# exception to the GPL to apply to your modified version as well, *unless*
++# your modified version has the potential to copy into its output some
++# of the text that was the non-data portion of the version that you started
++# with.  (In other words, unless your change moves or copies text from
++# the non-data portions to the data portions.)  If your modification has
++# such potential, you must delete any notice of this special exception
++# to the GPL from your modified version.
++
++# AS_LN_SRF_PREPARE
++# ------------------------------------
++m4_defun([AS_LN_SRF_PREPARE],
++[rm -f conf$$ conf$$.exe conf$$.file
++if test -d conf$$.dir; then
++  rm -f conf$$.dir/conf$$.file
++else
++  rm -f conf$$.dir
++  mkdir conf$$.dir 2>/dev/null
++fi
++if (echo >conf$$.file) 2>/dev/null; then
++  if ln -s -r conf$$.file conf$$ 2>/dev/null; then
++    as_ln_srf='ln -s -r -f'
++  elif ln -s conf$$.file conf$$ 2>/dev/null; then
++    as_ln_srf='./ln-srf'
++    # ... but there are two gotchas:
++    # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
++    # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
++    # In both cases, we have to default to `cp -pRf'.
++    ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
++      as_ln_srf='cp -pRf'
++  elif ln conf$$.file conf$$ 2>/dev/null; then
++    as_ln_srf=ln
++  else
++    as_ln_srf='cp -pRf'
++  fi
++else
++  as_ln_srf='cp -pRf'
++fi
++rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
++rmdir conf$$.dir 2>/dev/null
++])# AS_LN_SRF_PREPARE
++
++# AC_PROG_LN_SRF
++# --------------------------------
++AC_DEFUN([AC_PROG_LN_SRF],
++[AC_MSG_CHECKING([whether ln -s -r -f works])
++AC_SUBST([LN_SRF], [$as_ln_srf])dnl
++if test "$LN_SRF" = "ln -s -r -f"; then
++  AC_MSG_RESULT([yes])
++else
++  AC_MSG_RESULT([no, using $LN_SRF])
++fi
++])# AC_PROG_LN_SRF
+-- 
+2.18.1
+

package/cups-filters/0002-filter-texttotext.c-link-with-libiconv-if-needed.patch

@@ -0,0 +1,122 @@
+From 734ef160b428c545d8c6ae16c4bfe3c036173aa4 Mon Sep 17 00:00:00 2001
+From: Carlos Santos <unixmania@gmail.com>
+Date: Sun, 21 Jul 2019 23:54:29 -0300
+Subject: [PATCH] filter/texttotext.c: link with libiconv if needed
+
+texttotext.c uses iconv so it should link with libiconv on platforms
+where it is a separate library (e.g. uClibc-ng without built-in NLS)
+otherwise texttotext fails to link:
+
+  CCLD     texttotext
+[...]/ld: texttotext-texttotext.o: in function `main':
+texttotext.c:(.text.startup+0xde0): undefined reference to `libiconv_open'
+[...]/ld: texttotext.c:(.text.startup+0xf9d): undefined reference to `libiconv'
+[...]/ld: texttotext.c:(.text.startup+0xfd6): undefined reference to `libiconv'
+[...]/ld: texttotext.c:(.text.startup+0x16c3): undefined reference to `libiconv_close'
+
+Modify autogen.sh to call autopoint, which adds the libiconv discovery.
+It also creates a "po" skeleton but we can discard it, since it is not
+really necessary.
+
+Fixes: https://bugs.busybox.net/show_bug.cgi?id=12031
+
+Signed-off-by: Carlos Santos <unixmania@gmail.com>
+---
+ Makefile.am  |  4 +++-
+ autogen.sh   | 17 +++++++++++++++++
+ configure.ac |  6 +++++-
+ 3 files changed, 25 insertions(+), 2 deletions(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index 72e023ed..76b81de5 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -778,7 +778,7 @@ texttotext_SOURCES = \
+ 	filter/texttotext.c
+ EXTRA_texttotext_SOURCES = filter/strcasestr.c
+ texttotext_CFLAGS = $(CUPS_CFLAGS)
+-texttotext_LDADD = $(STRCASESTR) $(CUPS_LIBS)
++texttotext_LDADD = $(STRCASESTR) $(CUPS_LIBS) $(LIBICONV)
+ texttotext_DEPENDENCIES = $(STRCASESTR)
+ 
+ pdftops_SOURCES = \
+@@ -1049,3 +1049,5 @@ if ENABLE_BRAILLE
+ 	$(RM) $(DESTDIR)$(pkgfilterdir)/vectortoubrl
+ 	$(RM) $(DESTDIR)$(pkgfilterdir)/textbrftoindexv4
+ endif
++
++SUBDIRS =
+diff --git a/autogen.sh b/autogen.sh
+index 5462a323..cd7397a9 100755
+--- a/autogen.sh
++++ b/autogen.sh
+@@ -13,11 +13,22 @@ aclocal --version > /dev/null 2> /dev/null || {
+     echo "error: aclocal not found"
+     exit 1
+ }
++
+ automake --version > /dev/null 2> /dev/null || {
+     echo "error: automake not found"
+     exit 1
+ }
+ 
++autopoint --version > /dev/null 2> /dev/null || {
++    echo "error: autopoint not found"
++    exit 1
++}
++
++gettext --version > /dev/null 2> /dev/null || {
++    echo "error: gettext not found"
++    exit 1
++}
++
+ for i in $TESTLIBTOOLIZE; do
+ 	if which $i > /dev/null 2>&1; then
+ 		LIBTOOLIZE=$i
+@@ -39,6 +50,12 @@ fi
+ 
+ rm -rf autom4te*.cache
+ 
++autopoint --force || {
++    echo "error: autopoint failed"
++    exit 1
++}
++# autopoint is for libiconv discovery; we don't want the po directory
++rm -rf po
+ $LIBTOOLIZE --force --copy || {
+     echo "error: libtoolize failed"
+     exit 1
+diff --git a/configure.ac b/configure.ac
+index 607dc17a..d5a539b6 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -18,7 +18,7 @@ AC_CONFIG_MACRO_DIR([m4])
+ m4_include([m4/ac_define_dir.m4])
+ m4_include([m4/ax_compare_version.m4])
+ m4_include([m4/basic-directories.m4])
+-AM_INIT_AUTOMAKE([1.11 gnu dist-xz dist-bzip2])
++AM_INIT_AUTOMAKE([1.11 gnu dist-xz dist-bzip2 subdir-objects])
+ AM_SILENT_RULES([yes])
+ AC_LANG([C++])
+ AC_CONFIG_HEADERS([config.h])
+@@ -54,6 +54,7 @@ AC_PROG_CC
+ AC_PROG_CXX
+ AX_CXX_COMPILE_STDCXX([11],[noext],[mandatory])
+ AM_PROG_CC_C_O
++AM_ICONV
+ AC_PROG_CPP
+ AC_PROG_INSTALL
+ AC_PROG_LN_S
+@@ -61,6 +62,9 @@ AC_PROG_MAKE_SET
+ AC_PROG_LIBTOOL
+ PKG_PROG_PKG_CONFIG([0.20])
+ 
++AM_GNU_GETTEXT_VERSION([0.18.3])
++AM_GNU_GETTEXT([external])
++
+ # ========================================
+ # Specify the fontdir patch if not default
+ # ========================================
+-- 
+2.18.1
+

package/cups-filters/cups-filters.mk

@@ -8,7 +8,7 @@ CUPS_FILTERS_VERSION = 1.21.3
 CUPS_FILTERS_SITE = http://openprinting.org/download/cups-filters
 CUPS_FILTERS_LICENSE = GPL-2.0, GPL-2.0+, GPL-3.0, GPL-3.0+, LGPL-2, LGPL-2.1+, MIT, BSD-4-Clause
 CUPS_FILTERS_LICENSE_FILES = COPYING
-# 0001-Replace-relative-linking-with-absolute-linking.patch
+# 0001-install-support-old-ln-versions-without-the-r-option.patch
 CUPS_FILTERS_AUTORECONF = YES
 
 CUPS_FILTERS_DEPENDENCIES = cups libglib2 lcms2 qpdf fontconfig freetype jpeg
@@ -16,11 +16,30 @@ CUPS_FILTERS_DEPENDENCIES = cups libglib2 lcms2 qpdf fontconfig freetype jpeg
 CUPS_FILTERS_CONF_OPTS = --disable-imagefilters \
 	--disable-mutool \
 	--disable-foomatic \
+	--disable-braille \
 	--with-cups-config=$(STAGING_DIR)/usr/bin/cups-config \
 	--with-sysroot=$(STAGING_DIR) \
 	--with-pdftops=pdftops \
 	--with-jpeg
 
+# 0001-install-support-old-ln-versions-without-the-r-option.patch adds
+# a ln-srf script for older distributions, but GNU patch < 2.7 does
+# not handle the git patch permission extensions - So ensure it is
+# executable
+define CUPS_FILTERS_MAKE_LN_SRF_EXECUTABLE
+	chmod +x $(@D)/ln-srf
+endef
+
+CUPS_FILTERS_POST_PATCH_HOOKS += CUPS_FILTERS_MAKE_LN_SRF_EXECUTABLE
+
+# After 0002-filter-texttotext.c-link-with-libiconv-if-needed.patch autoreconf
+# needs config.rpath and ABOUT-NLS, which are not in v1.25.4 yet. Fake them.
+define CUPS_FILTERS_ADD_MISSING_FILE
+	touch $(@D)/config.rpath $(@D)/ABOUT-NLS
+endef
+
+CUPS_FILTERS_PRE_CONFIGURE_HOOKS = CUPS_FILTERS_ADD_MISSING_FILE
+
 ifeq ($(BR2_PACKAGE_LIBPNG),y)
 CUPS_FILTERS_CONF_OPTS += --with-png
 CUPS_FILTERS_DEPENDENCIES += libpng

package/cups/cups.hash

@@ -1,3 +1,3 @@
 # Locally calculated:
-sha256 77c8b2b3bb7fe8b5fbfffc307f2c817b2d7ec67b657f261a1dd1c61ab81205bb  cups-2.2.10-source.tar.gz
+sha256 da375796e5e7ab6d31a853d0e5326486d41d10d42bbff9ec768b0cea85031b48  cups-2.2.13-source.tar.gz
 sha256 6e0e0ffbde118aae709f7ef65590de9071e8b2cd322f84fd645c6b64f3cc452c  LICENSE.txt

package/cups/cups.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-CUPS_VERSION = 2.2.10
+CUPS_VERSION = 2.2.13
 CUPS_SOURCE = cups-$(CUPS_VERSION)-source.tar.gz
 CUPS_SITE = https://github.com/apple/cups/releases/download/v$(CUPS_VERSION)
 CUPS_LICENSE = GPL-2.0, LGPL-2.0
@@ -23,6 +23,7 @@ CUPS_CONF_OPTS = \
 	--without-perl \
 	--without-java \
 	--without-php \
+	--with-docdir=/usr/share/cups/doc-root \
 	--disable-gssapi \
 	--disable-pam \
 	--libdir=/usr/lib

package/czmq/czmq.hash

@@ -3,4 +3,4 @@ md5 6d3a6fdd25c2bb29897c53670dce97bf czmq-4.1.1.tar.gz
 sha1 629d34e8b5c1f2dd88689350f71f9917a8d76f23 czmq-4.1.1.tar.gz
 # Locally calculated
 sha256 f00ff419881dc2a05d0686c8467cd89b4882677fc56f31c0e2cc81c134cbb0c0 czmq-4.1.1.tar.gz
-sha256 1f256ecad192880510e84ad60474eab7589218784b9a50bc7ceee34c2b91f1d5 LICENCE
+sha256 1f256ecad192880510e84ad60474eab7589218784b9a50bc7ceee34c2b91f1d5 LICENSE

package/dante/dante.mk

@@ -12,7 +12,7 @@ DANTE_LICENSE_FILES = LICENSE
 # 0002-compiler.m4-do-not-remove-g-flag.patch touches a m4 file
 DANTE_AUTORECONF = YES
 
-DANTE_CONF_OPTS += --disable-client --disable-preload --without-pam
+DANTE_CONF_OPTS += --disable-client --disable-preload
 
 ifeq ($(BR2_PACKAGE_LINUX_PAM),y)
 DANTE_DEPENDENCIES += linux-pam

package/dillo/0003-Fix-openssl-detection.patch

@@ -0,0 +1,29 @@
+From 96dde9dedf806256cdc6cbf5cacbd5c8d74e6288 Mon Sep 17 00:00:00 2001
+From: Jonathan Kimmitt <jrrk2@cam.ac.uk>
+Date: Thu, 9 Jan 2020 22:01:42 +0100
+Subject: [PATCH] Fix openssl detection
+
+SSL_library_init is now a define, use OPENSSL_init_ssl instead.
+
+Signed-off-by: Jonathan Kimmitt <jrrk2@cam.ac.uk>
+Signed-off-by: Peter Seiderer <ps.report@gmx.net>
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 66b5e9f..206fd53 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -276,7 +276,7 @@ if test "x$enable_ssl" = "xyes"; then
+ 
+   if test "x$ssl_ok" = "xyes"; then
+     old_libs="$LIBS"
+-    AC_CHECK_LIB(ssl, SSL_library_init, ssl_ok=yes, ssl_ok=no, -lcrypto)
++    AC_CHECK_LIB(ssl, OPENSSL_init_ssl, ssl_ok=yes, ssl_ok=no, -lcrypto)
+     LIBS="$old_libs"
+   fi
+ 
+-- 
+2.24.1
+

package/dillo/0004-Support-OpenSSL-1.1.0.patch

@@ -0,0 +1,33 @@
+From ff44d8b2d5211a502afdb3e612dae0e8133b5124 Mon Sep 17 00:00:00 2001
+From: Johannes Hofmann <Johannes.Hofmann@gmx.de>
+Date: Thu, 9 Jan 2020 22:07:15 +0100
+Subject: [PATCH] Support OpenSSL 1.1.0
+
+taken-from: pkgsrc (Ryo ONODERA)
+submitted-by: Jun Ebihara <jun@soum.co.jp>
+
+Upstream: https://hg.dillo.org/dillo/rev/b171b8610400
+Signed-off-by: Peter Seiderer <ps.report@gmx.net>
+---
+ dpi/https.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/dpi/https.c b/dpi/https.c
+index 766b3af..025cfc4 100644
+--- a/dpi/https.c
++++ b/dpi/https.c
+@@ -476,7 +476,11 @@ static int handle_certificate_problem(SSL * ssl_connection)
+       case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+          /*Either self signed and untrusted*/
+          /*Extract CN from certificate name information*/
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+          if ((cn = strstr(remote_cert->name, "/CN=")) == NULL) {
++#else
++         if ((cn = strstr(X509_get_subject_name(remote_cert), "/CN=")) == NULL) {
++#endif
+             strcpy(buf, "(no CN given)");
+          } else {
+             char *cn_end;
+-- 
+2.24.1
+

package/dmraid/Config.in

@@ -12,6 +12,8 @@ config BR2_PACKAGE_DMRAID
 	  dmraid uses the Linux device-mapper to create devices with
 	  respective mappings for the ATARAID sets discovered.
 
+	  http://people.redhat.com/~heinzm/sw/dmraid/
+
 comment "dmraid needs a toolchain w/ threads, dynamic library"
 	depends on BR2_USE_MMU
 	depends on BR2_STATIC_LIBS || !BR2_TOOLCHAIN_HAS_THREADS

package/dnsmasq/0001-Makefile-fix-i18n-build-with-ubus.patch

@@ -0,0 +1,33 @@
+From 08572cffb641004d86072f12aec4d6489454b897 Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Fri, 21 Jun 2019 09:26:20 +0200
+Subject: [PATCH] Makefile: fix i18n build with ubus
+
+Commit caf4d571e6d86285a3690cfcc8de9c5f394320a8 forgot adding
+ubus_libs to build_libs for all-i18n target
+
+Fixes:
+ - http://autobuild.buildroot.org/results/c0b27754b7ede024c095bdf0b3616e6f6be48c6d
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Upstream status: sent to simon@thekelleys.org.uk]
+---
+ Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile b/Makefile
+index 3fb7cbe..78e25f0 100644
+--- a/Makefile
++++ b/Makefile
+@@ -111,7 +111,7 @@ all-i18n : $(BUILDDIR)
+  top="$(top)" \
+  i18n=-DLOCALEDIR=\'\"$(LOCALEDIR)\"\' \
+  build_cflags="$(version) $(dbus_cflags) $(idn2_cflags) $(idn_cflags) $(ct_cflags) $(lua_cflags) $(nettle_cflags)" \
+- build_libs="$(dbus_libs) $(idn2_libs) $(idn_libs) $(ct_libs) $(lua_libs) $(sunos_libs) $(nettle_libs) $(gmp_libs)"  \
++ build_libs="$(dbus_libs) $(idn2_libs) $(idn_libs) $(ct_libs) $(lua_libs) $(sunos_libs) $(nettle_libs) $(gmp_libs) $(ubus_libs)"  \
+  -f $(top)/Makefile dnsmasq
+ 	for f in `cd $(PO); echo *.po`; do \
+ 		cd $(top) && cd $(BUILDDIR) && $(MAKE) top="$(top)" -f $(top)/Makefile $${f%.po}.mo; \
+-- 
+2.14.1
+

package/dnsmasq/0003-Fix-build-after-y2038-changes-in-glib.patch

@@ -0,0 +1,29 @@
+From 3052ce208acf602f0163166dcefb7330d537cedb Mon Sep 17 00:00:00 2001
+From: Jiri Slaby <jslaby@suse.cz>
+Date: Wed, 24 Jul 2019 17:34:48 +0100
+Subject: [PATCH] Fix build after y2038 changes in glib.
+
+SIOCGSTAMP is defined in linux/sockios.h, not asm/sockios.h now.
+
+[Retrieved from:
+http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=patch;h=3052ce208acf602f0163166dcefb7330d537cedb]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ src/dnsmasq.h |    1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/dnsmasq.h b/src/dnsmasq.h
+index ff3204a..3ef04ad 100644
+--- a/src/dnsmasq.h
++++ b/src/dnsmasq.h
+@@ -137,6 +137,7 @@ typedef unsigned long long u64;
+ #endif
+ 
+ #if defined(HAVE_LINUX_NETWORK)
++#include <linux/sockios.h>
+ #include <linux/capability.h>
+ /* There doesn't seem to be a universally-available 
+    userspace header for these. */
+-- 
+1.7.10.4
+

package/dnsmasq/0004-Fix-memory-leak-in-helper-c.patch

@@ -0,0 +1,49 @@
+From 69bc94779c2f035a9fffdb5327a54c3aeca73ed5 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Wed, 14 Aug 2019 20:44:50 +0100
+Subject: [PATCH] Fix memory leak in helper.c
+
+Thanks to Xu Mingjie <xumingjie1995@outlook.com> for spotting this.
+[Retrieved from:
+http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=69bc94779c2f035a9fffdb5327a54c3aeca73ed5]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ src/helper.c |   12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/src/helper.c b/src/helper.c
+index 33ba120..c392eec 100644
+--- a/src/helper.c
++++ b/src/helper.c
+@@ -80,7 +80,8 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
+   pid_t pid;
+   int i, pipefd[2];
+   struct sigaction sigact;
+-
++  unsigned char *alloc_buff = NULL;
++  
+   /* create the pipe through which the main program sends us commands,
+      then fork our process. */
+   if (pipe(pipefd) == -1 || !fix_fd(pipefd[1]) || (pid = fork()) == -1)
+@@ -186,11 +187,16 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
+       struct script_data data;
+       char *p, *action_str, *hostname = NULL, *domain = NULL;
+       unsigned char *buf = (unsigned char *)daemon->namebuff;
+-      unsigned char *end, *extradata, *alloc_buff = NULL;
++      unsigned char *end, *extradata;
+       int is6, err = 0;
+       int pipeout[2];
+ 
+-      free(alloc_buff);
++      /* Free rarely-allocated memory from previous iteration. */
++      if (alloc_buff)
++	{
++	  free(alloc_buff);
++	  alloc_buff = NULL;
++	}
+       
+       /* we read zero bytes when pipe closed: this is our signal to exit */ 
+       if (!read_write(pipefd[0], (unsigned char *)&data, sizeof(data), 1))
+-- 
+1.7.10.4
+

package/dnsmasq/Config.in

@@ -29,7 +29,6 @@ config BR2_PACKAGE_DNSMASQ_DNSSEC
 
 config BR2_PACKAGE_DNSMASQ_IDN
 	bool "IDN support"
-	depends on BR2_USE_WCHAR
 	select BR2_PACKAGE_LIBIDN
 	help
 	  Enable IDN support in dnsmasq.

package/dnsmasq/dnsmasq.hash

@@ -1,6 +1,7 @@
 # Locally calculated after checking pgp signature
 # http://www.thekelleys.org.uk/dnsmasq/dnsmasq-2.79.tar.xz.asc
 sha256	78ad74f5ca14fd85a8bac93f764cd9d60b27579e90eabd3687ca7b030e67861f	dnsmasq-2.79.tar.xz
+sha256	cdaba2785e92665cf090646cba6f94812760b9d7d8c8d0cfb07ac819377a63bb	dnsmasq-2.80.tar.xz
 # Locally calculated
 sha256	dcc100d4161cc0b7177545ab6e47216f84857cda3843847c792a25289852dcaa	COPYING
 sha256	8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903	COPYING-v3

package/dnsmasq/dnsmasq.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DNSMASQ_VERSION = 2.79
+DNSMASQ_VERSION = 2.80
 DNSMASQ_SOURCE = dnsmasq-$(DNSMASQ_VERSION).tar.xz
 DNSMASQ_SITE = http://thekelleys.org.uk/dnsmasq
 DNSMASQ_MAKE_ENV = $(TARGET_MAKE_ENV) CC="$(TARGET_CC)"
@@ -15,6 +15,9 @@ DNSMASQ_DEPENDENCIES = host-pkgconf $(TARGET_NLS_DEPENDENCIES)
 DNSMASQ_LICENSE = GPL-2.0 or GPL-3.0
 DNSMASQ_LICENSE_FILES = COPYING COPYING-v3
 
+# 0004-Fix-memory-leak-in-helper-c.patch
+DNSMASQ_IGNORE_CVES += CVE-2019-14834
+
 DNSMASQ_I18N = $(if $(BR2_SYSTEM_ENABLE_NLS),-i18n)
 
 ifneq ($(BR2_PACKAGE_DNSMASQ_DHCP),y)
@@ -67,6 +70,11 @@ define DNSMASQ_INSTALL_DBUS
 endef
 endif
 
+ifeq ($(BR2_PACKAGE_UBUS),y)
+DNSMASQ_DEPENDENCIES += ubus
+DNSMASQ_COPTS += -DHAVE_UBUS
+endif
+
 define DNSMASQ_FIX_PKGCONFIG
 	$(SED) 's^PKG_CONFIG = pkg-config^PKG_CONFIG = $(PKG_CONFIG_HOST_BINARY)^' \
 		$(DNSMASQ_DIR)/Makefile

package/docker-cli/docker-cli.hash

@@ -1,3 +1,3 @@
 # Locally calculated
-sha256  62e25a0935bee75f999fb95b224ad982054fc1adc4351ce98d704ec00114ce57  docker-cli-18.09.7.tar.gz
+sha256	00d06baf4793794c0fd9ecad5b7e95aed6eb942f24c8b6e2d7c7f7564b9743ad  docker-cli-19.03.5.tar.gz
 sha256	2d81ea060825006fc8f3fe28aa5dc0ffeb80faf325b612c955229157b8c10dc0  LICENSE

package/docker-cli/docker-cli.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DOCKER_CLI_VERSION = 18.09.7
+DOCKER_CLI_VERSION = 19.03.5
 DOCKER_CLI_SITE = $(call github,docker,cli,v$(DOCKER_CLI_VERSION))
 DOCKER_CLI_WORKSPACE = gopath
 

package/docker-containerd/docker-containerd.hash

@@ -1,3 +1,3 @@
 # Computed locally
-sha256	f2d578b743fb9faa5b3477b7cf4b33d00501087043a53b27754f14bbe741f891  docker-containerd-v1.2.6.tar.gz
-sha256  4bbe3b885e8cd1907ab4cf9a41e862e74e24b5422297a4f2fe524e6a30ada2b4	LICENSE
+sha256 318886ea1efdec36f088fd6a0a0fe2b2f0ebdfd0066bdb4bd284bad12abc0a41  docker-containerd-1.2.12.tar.gz
+sha256 4bbe3b885e8cd1907ab4cf9a41e862e74e24b5422297a4f2fe524e6a30ada2b4  LICENSE

package/docker-containerd/docker-containerd.mk

@@ -4,8 +4,8 @@
 #
 ################################################################################
 
-DOCKER_CONTAINERD_VERSION = v1.2.6
-DOCKER_CONTAINERD_SITE = $(call github,containerd,containerd,$(DOCKER_CONTAINERD_VERSION))
+DOCKER_CONTAINERD_VERSION = 1.2.12
+DOCKER_CONTAINERD_SITE = $(call github,containerd,containerd,v$(DOCKER_CONTAINERD_VERSION))
 DOCKER_CONTAINERD_LICENSE = Apache-2.0
 DOCKER_CONTAINERD_LICENSE_FILES = LICENSE
 

package/docker-engine/0001-Fix-faulty-runc-version-commit-scrape.patch

@@ -1,45 +0,0 @@
-From 324e7be4b252c13002bca6a9d82e7b2e43664634 Mon Sep 17 00:00:00 2001
-From: Christian Stewart <christian@paral.in>
-Date: Mon, 26 Nov 2018 22:59:32 -0800
-Subject: [PATCH] Fix faulty runc version commit scrape
-
-This commit replaces faulty logic to determine the runc version commit hash.
-
-The original logic takes the second line of the output of "runc --version" and
-does not work if there are a different number of lines printed from the command
-than expected. The buildroot version of runc outputs two lines instead of the
-expected three, causing the error:
-
-unknown output format: runc version commit: ...
-
-This patch replaces this logic with a simple scan of the "runc --version"
-output, searching for the "runc version commit" prefixed line.
-
-Signed-off-by: Christian Stewart <christian@paral.in>
----
- daemon/info_unix.go | 9 +++++----
- 1 file changed, 5 insertions(+), 4 deletions(-)
-
-diff --git a/daemon/info_unix.go b/daemon/info_unix.go
-index 60b2f99870..688a510796 100644
---- a/daemon/info_unix.go
-+++ b/daemon/info_unix.go
-@@ -32,10 +32,11 @@ func (daemon *Daemon) fillPlatformInfo(v *types.Info, sysInfo *sysinfo.SysInfo)
- 	defaultRuntimeBinary := daemon.configStore.GetRuntime(v.DefaultRuntime).Path
- 	if rv, err := exec.Command(defaultRuntimeBinary, "--version").Output(); err == nil {
- 		parts := strings.Split(strings.TrimSpace(string(rv)), "\n")
--		if len(parts) == 3 {
--			parts = strings.Split(parts[1], ": ")
--			if len(parts) == 2 {
--				v.RuncCommit.ID = strings.TrimSpace(parts[1])
-+		for _, pt := range parts {
-+			ptKv := strings.Split(pt, ":")
-+			if strings.HasSuffix(strings.TrimSpace(ptKv[0]), "commit") {
-+				v.RuncCommit.ID = strings.TrimSpace(ptKv[1])
-+				break
- 			}
- 		}
- 
--- 
-2.18.1
-

package/docker-engine/docker-engine.hash

@@ -1,3 +1,3 @@
 # Locally calculated
-sha256	b4f55831f5e7c5a92cd91f77aad1541ccd572eb18df2f44a01c372bceb3f9b6b  docker-engine-18.09.7.tar.gz
-sha256	2d81ea060825006fc8f3fe28aa5dc0ffeb80faf325b612c955229157b8c10dc0  LICENSE
+sha256	bc5d1ac503e44593be8003ed0ad9c75bf0da535db19837a9338429c438bd4637  docker-engine-19.03.5.tar.gz
+sha256	7c87873291f289713ac5df48b1f2010eb6963752bbd6b530416ab99fc37914a8  LICENSE

package/docker-engine/docker-engine.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DOCKER_ENGINE_VERSION = 18.09.7
+DOCKER_ENGINE_VERSION = 19.03.5
 DOCKER_ENGINE_SITE = $(call github,docker,engine,v$(DOCKER_ENGINE_VERSION))
 
 DOCKER_ENGINE_LICENSE = Apache-2.0

package/docker-proxy/docker-proxy.hash

@@ -1,2 +1,3 @@
 # Locally calculated
-sha256	2eee331b6ded567a36e7db708405b34032b93938682cf049025f48b96d755bf6	docker-proxy-7b2b1feb1de4817d522cc372af149ff48d25028e.tar.gz
+sha256	866c8d196b9396a383b437b0d775476459ed7c11f527c4f6bbf1fd08524b461d	docker-proxy-55685ba49593e67f5e1c8180539379b16736c25e.tar.gz
+sha256  cb5e8e7e5f4a3988e1063c142c60dc2df75605f4c46515e776e3aca6df976e14	LICENSE

package/docker-proxy/docker-proxy.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DOCKER_PROXY_VERSION = 7b2b1feb1de4817d522cc372af149ff48d25028e
+DOCKER_PROXY_VERSION = 55685ba49593e67f5e1c8180539379b16736c25e
 DOCKER_PROXY_SITE = $(call github,docker,libnetwork,$(DOCKER_PROXY_VERSION))
 
 DOCKER_PROXY_LICENSE = Apache-2.0

package/domoticz/0003-CMakeLists.txt-add-c-argument-to-build-precompiled-h.patch

@@ -0,0 +1,34 @@
+From 17107b876fb308e3ef3e759ab90f3d8e4755cdc4 Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Fri, 8 Nov 2019 14:17:58 +0100
+Subject: [PATCH] CMakeLists.txt: add -c argument to build precompiled headers
+
+Add "-c" argument when building precompiler headers as suggested
+by Arnout in https://patchwork.ozlabs.org/patch/1187328.
+
+This will fix the build with RELRO
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Retrieved from:
+https://github.com/domoticz/domoticz/commit/17107b876fb308e3ef3e759ab90f3d8e4755cdc4]
+---
+ CMakeLists.txt | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 32a0dd2a8c..010cdf2db8 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -277,10 +277,10 @@ MACRO(ADD_PRECOMPILED_HEADER _targetName _input)
+     ENDFOREACH(item)
+ 
+     SEPARATE_ARGUMENTS(_compiler_FLAGS)
+-    MESSAGE("${CMAKE_CXX_COMPILER} ${CMAKE_CXX_COMPILER_ARG1} ${_compiler_FLAGS} -x c++-header -o ${_output} ${_source}")
++    MESSAGE("${CMAKE_CXX_COMPILER} ${CMAKE_CXX_COMPILER_ARG1} ${_compiler_FLAGS} -x c++-header -c -o ${_output} ${_source}")
+     ADD_CUSTOM_COMMAND(
+       OUTPUT ${_output}
+-      COMMAND ${CMAKE_CXX_COMPILER} ${CMAKE_CXX_COMPILER_ARG1} ${_compiler_FLAGS} -x c++-header -o ${_output} ${_source}
++      COMMAND ${CMAKE_CXX_COMPILER} ${CMAKE_CXX_COMPILER_ARG1} ${_compiler_FLAGS} -x c++-header -c -o ${_output} ${_source}
+       DEPENDS ${_source} )
+     ADD_CUSTOM_TARGET(${_targetName}_gch DEPENDS ${_output})
+     ADD_DEPENDENCIES(${_targetName} ${_targetName}_gch)

package/doom-wad/Config.in

@@ -7,3 +7,5 @@ config BR2_PACKAGE_DOOM_WAD
 
 	  The wad file will be placed in the /usr/share/games/doom
 	  directory.
+
+	  https://doomwiki.org/wiki/DOOM1.WAD

package/dovecot-pigeonhole/dovecot-pigeonhole.hash

@@ -1,3 +1,3 @@
 # Locally computed after checking signature
-sha256 d59d0c5c5225a126e5b98bf95d75e8dd368bdeeb3da2e9766dbe4fddaa9411b0  dovecot-2.3-pigeonhole-0.5.7.2.tar.gz
+sha256 36da68aae5157b83e21383f711b8977e5b6f5477f369f71e7e22e76a738bbd05  dovecot-2.3-pigeonhole-0.5.9.tar.gz
 sha256 fc9e9522216f2a9a28b31300e3c73c1df56acc27dfae951bf516e7995366b51a  COPYING

package/dovecot-pigeonhole/dovecot-pigeonhole.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DOVECOT_PIGEONHOLE_VERSION = 0.5.7.2
+DOVECOT_PIGEONHOLE_VERSION = 0.5.9
 DOVECOT_PIGEONHOLE_SOURCE = dovecot-2.3-pigeonhole-$(DOVECOT_PIGEONHOLE_VERSION).tar.gz
 DOVECOT_PIGEONHOLE_SITE = https://pigeonhole.dovecot.org/releases/2.3
 DOVECOT_PIGEONHOLE_LICENSE = LGPL-2.1

package/dovecot/0002-lib-ssl-iostream-Do-not-build-static-test-iostream-s.patch

@@ -0,0 +1,30 @@
+From 40851dc3471809cabe8cc3f9b71980f8d82344ae Mon Sep 17 00:00:00 2001
+From: Bernd Kuhls <bernd.kuhls@t-online.de>
+Date: Sat, 4 Jan 2020 14:39:39 +0100
+Subject: [PATCH] lib-ssl-iostream: Do not build static test-iostream-ssl
+
+Fixes broken static build:
+https://dovecot.org/pipermail/dovecot/2019-October/117326.html
+
+Patch sent upstream: https://github.com/dovecot/core/pull/111
+
+Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
+---
+ src/lib-ssl-iostream/Makefile.am | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/src/lib-ssl-iostream/Makefile.am b/src/lib-ssl-iostream/Makefile.am
+index 94ead5cec..5aaea5d51 100644
+--- a/src/lib-ssl-iostream/Makefile.am
++++ b/src/lib-ssl-iostream/Makefile.am
+@@ -46,7 +46,6 @@ test_libs = \
+ 	../lib/liblib.la
+ 
+ test_iostream_ssl_SOURCES = test-iostream-ssl.c
+-test_iostream_ssl_LDFLAGS = -static
+ test_iostream_ssl_LDADD = $(test_libs) $(SSL_LIBS) $(DLLIB)
+ test_iostream_ssl_DEPENDENCIES = $(test_libs)
+ 
+-- 
+2.20.1
+

package/dovecot/dovecot.hash

@@ -1,5 +1,5 @@
 # Locally computed after checking signature
-sha256 666ce084760a47e601d49a9be3c7993c48789d332631e8dfb45f443b367b1260  dovecot-2.3.7.2.tar.gz
+sha256 f89fb69423fc5bdc05955c8fc0607eab9e33511f9a643b721763db6156c49651  dovecot-2.3.9.3.tar.gz
 sha256 a363b132e494f662d98c820d1481297e6ae72f194c2c91b6c39e1518b86240a8  COPYING
 sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551  COPYING.LGPL
 sha256 52b8c95fabb19575281874b661ef7968ea47e8f5d74ba0dd40ce512e52b3fc97  COPYING.MIT

package/dovecot/dovecot.mk

@@ -5,7 +5,7 @@
 ################################################################################
 
 DOVECOT_VERSION_MAJOR = 2.3
-DOVECOT_VERSION = $(DOVECOT_VERSION_MAJOR).7.2
+DOVECOT_VERSION = $(DOVECOT_VERSION_MAJOR).9.3
 DOVECOT_SITE = https://dovecot.org/releases/$(DOVECOT_VERSION_MAJOR)
 DOVECOT_INSTALL_STAGING = YES
 DOVECOT_LICENSE = LGPL-2.1, MIT, Public Domain, BSD-3-Clause, Unicode-DFS-2015
@@ -14,6 +14,10 @@ DOVECOT_DEPENDENCIES = \
 	host-pkgconf \
 	$(if $(BR2_PACKAGE_LIBICONV),libiconv) \
 	openssl
+# 0002-lib-ssl-iostream-Do-not-build-static-test-iostream-s.patch
+DOVECOT_AUTORECONF = YES
+# add host-gettext for AM_ICONV macro
+DOVECOT_DEPENDENCIES += host-gettext
 
 DOVECOT_CONF_ENV = \
 	RPCGEN=__disable_RPCGEN_rquota \

package/dropbear/0003-Fix-for-issue-successfull-login-of-disabled-user-78.patch

@@ -0,0 +1,35 @@
+From a0aa2749813331134452f80bb8a808bdc871ba41 Mon Sep 17 00:00:00 2001
+From: vincentto13 <33652988+vincentto13@users.noreply.github.com>
+Date: Wed, 20 Mar 2019 15:03:40 +0100
+Subject: [PATCH] Fix for issue successfull login of disabled user (#78)
+
+This commit introduces fix for scenario:
+1. Root login disabled on dropbear
+2. PAM authentication model enabled
+
+While login as root user, after prompt for password
+user is being notified about login failrue, but
+after second attempt of prompt for password within
+same session, login becames succesfull.
+
+Signed-off-by: Pawel Rapkiewicz <pawel.rapkiewicz@gmail.com>
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ svr-authpam.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/svr-authpam.c b/svr-authpam.c
+index d201bc9..e236db4 100644
+--- a/svr-authpam.c
++++ b/svr-authpam.c
+@@ -275,6 +275,7 @@ void svr_auth_pam(int valid_user) {
+ 		/* PAM auth succeeded but the username isn't allowed in for another reason
+ 		(checkusername() failed) */
+ 		send_msg_userauth_failure(0, 1);
++		goto cleanup;
+ 	}
+ 
+ 	/* successful authentication */
+-- 
+2.11.0
+

package/duma/0004-Fix-build-with-latest-glibc.patch

@@ -0,0 +1,22 @@
+Fix build with latest glibc
+
+Fixes:
+ - http://autobuild.buildroot.net/results/c7de1a1d01edced2098a804ad87dcb67b5dc6832
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+
+diff -durN duma_2_5_15.orig/print.c duma_2_5_15/print.c
+--- duma_2_5_15.orig/print.c	2019-10-28 10:21:14.080149620 +0100
++++ duma_2_5_15/print.c	2019-10-28 10:22:01.256151561 +0100
+@@ -326,9 +326,9 @@
+   if(DUMA_OUTPUT_FILE != NULL)
+   {
+ #if defined(WIN32) && !defined(__CYGWIN__)
+-    fd = _open(DUMA_OUTPUT_FILE, _O_APPEND|_O_CREAT|_O_WRONLY);
++    fd = _open(DUMA_OUTPUT_FILE, _O_APPEND|_O_CREAT|_O_WRONLY, 0600);
+ #else
+-    fd = open(DUMA_OUTPUT_FILE, O_APPEND|O_CREAT|O_WRONLY);
++    fd = open(DUMA_OUTPUT_FILE, O_APPEND|O_CREAT|O_WRONLY, 0600);
+ #endif
+     if ( fd >= 0 )
+     {

package/e2fsprogs/e2fsprogs.hash

@@ -1,6 +1,6 @@
-# From https://www.kernel.org/pub/linux/kernel/people/tytso/e2fsprogs/v1.44.5/sha256sums.asc
-sha256 ba5eb3069d69160d96818bb9700de9ab5a8458d9add1fd85d427c0000d34c5b9  e2fsprogs-1.44.5.tar.xz
+# https://mirrors.edge.kernel.org/pub/linux/kernel/people/tytso/e2fsprogs/v1.45.5/sha256sums.asc
+sha256  f9faccc0d90f73556e797dc7cc5979b582bd50d3f8609c0f2ad48c736d44aede  e2fsprogs-1.45.5.tar.xz
 # Locally calculated
-sha256 5da5ef153e559c1d990d4c3eedbedd4442db892d37eae1f35fff069de8ec9020  NOTICE
-sha256 032989b508f1a72ebee5b3417e55d06d473f9ee203e45ab11864a7e49cdec63d  lib/ss/mit-sipb-copyright.h
-sha256 47182fe6631a32f271a15bbe210751b3825b7199f588879aac7d4804fc8b4b8f  lib/et/internal.h
+sha256  5da5ef153e559c1d990d4c3eedbedd4442db892d37eae1f35fff069de8ec9020  NOTICE
+sha256  032989b508f1a72ebee5b3417e55d06d473f9ee203e45ab11864a7e49cdec63d  lib/ss/mit-sipb-copyright.h
+sha256  47182fe6631a32f271a15bbe210751b3825b7199f588879aac7d4804fc8b4b8f  lib/et/internal.h

package/e2fsprogs/e2fsprogs.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-E2FSPROGS_VERSION = 1.44.5
+E2FSPROGS_VERSION = 1.45.5
 E2FSPROGS_SOURCE = e2fsprogs-$(E2FSPROGS_VERSION).tar.xz
 E2FSPROGS_SITE = $(BR2_KERNEL_MIRROR)/linux/kernel/people/tytso/e2fsprogs/v$(E2FSPROGS_VERSION)
 E2FSPROGS_LICENSE = GPL-2.0, MIT-like with advertising clause (libss and libet)
@@ -28,7 +28,8 @@ HOST_E2FSPROGS_CONF_OPTS = \
 	--disable-libuuid \
 	--disable-testio-debug \
 	--enable-symlink-install \
-	--enable-elf-shlibs
+	--enable-elf-shlibs \
+	--with-crond-dir=no
 
 # Set the binary directories to "/bin" and "/sbin", as busybox does,
 # so that we do not end up with two versions of e2fs tools.

package/easy-rsa/Config.in

@@ -1,7 +1,8 @@
 config BR2_PACKAGE_EASY_RSA
 	bool "easy-rsa"
 	select BR2_PACKAGE_OPENSSL # runtime
-	select BR2_PACKAGE_OPENSSL_BIN
+	select BR2_PACKAGE_LIBOPENSSL_BIN if BR2_PACKAGE_LIBOPENSSL
+	select BR2_PACKAGE_LIBRESSL_BIN if BR2_PACKAGE_LIBRESSL
 	help
 	  Simple shell based CA utility
 

package/ebtables/ebtables.mk

@@ -19,19 +19,15 @@ endef
 
 ifeq ($(BR2_STATIC_LIBS),y)
 define EBTABLES_INSTALL_TARGET_CMDS
-	$(INSTALL) -m 0755 -D $(@D)/$(EBTABLES_SUBDIR)/static \
-		$(TARGET_DIR)/sbin/ebtables
+	$(INSTALL) -m 0755 -D $(@D)/static $(TARGET_DIR)/sbin/ebtables
 endef
 else
 define EBTABLES_INSTALL_TARGET_CMDS
-	for so in $(@D)/$(EBTABLES_SUBDIR)/*.so \
-		$(@D)/$(EBTABLES_SUBDIR)/extensions/*.so; \
-		do \
+	for so in $(@D)/*.so $(@D)/extensions/*.so; do \
 		$(INSTALL) -m 0755 -D $${so} \
 			$(TARGET_DIR)/lib/ebtables/`basename $${so}` || exit 1; \
 	done
-	$(INSTALL) -m 0755 -D $(@D)/$(EBTABLES_SUBDIR)/ebtables \
-		$(TARGET_DIR)/sbin/ebtables
+	$(INSTALL) -m 0755 -D $(@D)/ebtables $(TARGET_DIR)/sbin/ebtables
 	$(INSTALL) -m 0644 -D $(@D)/ethertypes $(TARGET_DIR)/etc/ethertypes
 endef
 endif

package/ecryptfs-utils/0003-fix-parallel-build-issue.patch

@@ -0,0 +1,61 @@
+fix parallel build issue
+
+Build randomly fails since December 2017 on buildroot
+(http://autobuild.buildroot.org/?reason=ecryptfs-utils-111):
+
+make[5]: Entering directory '/home/buildroot/autobuild/instance-2/output-1/build/ecryptfs-utils-111/src/utils'
+  /bin/mkdir -p '/home/buildroot/autobuild/instance-2/output-1/target/sbin'
+  /bin/bash ../../libtool   --mode=install /usr/bin/install -c mount.ecryptfs umount.ecryptfs mount.ecryptfs_private '/home/buildroot/autobuild/instance-2/output-1/target/sbin'
+libtool: install: /usr/bin/install -c mount.ecryptfs /home/buildroot/autobuild/instance-2/output-1/target/sbin/mount.ecryptfs
+/usr/bin/install: cannot create regular file '/home/buildroot/autobuild/instance-2/output-1/target/sbin/mount.ecryptfs': File exists
+Makefile:832: recipe for target 'install-rootsbinPROGRAMS' failed
+make[5]: *** [install-rootsbinPROGRAMS] Error 1
+
+As spotted by Thomas Petazzoni, build failure happens because of the
+following line in src/utils/Makefile.am:
+
+install-exec-hook:      install-rootsbinPROGRAMS
+        -rm -f "$(DESTDIR)/$(rootsbindir)/umount.ecryptfs_private"
+        $(LN_S) "mount.ecryptfs_private" "$(DESTDIR)/$(rootsbindir)/umount.ecryptfs_private"
+
+The install-exec-hook target should not have a dependency on
+install-rootsbinPROGRAMS.
+
+From https://www.gnu.org/software/automake/manual/html_node/Extending.html#Extending:
+
+"""
+In contrast, some rules also have a way to run another rule, called a
+hook; hooks are always executed after the main rule’s work is done. The
+hook is named after the principal target, with ‘-hook’ appended. The
+targets allowing hooks are install-data, install-exec, uninstall, dist,
+and distcheck.
+
+For instance, here is how to create a hard link to an installed program:
+
+install-exec-hook:
+        ln $(DESTDIR)$(bindir)/program$(EXEEXT) \
+           $(DESTDIR)$(bindir)/proglink$(EXEEXT)
+
+"""
+
+So, they explicitly say that these hooks are run after the main rule
+work is done, which means the dependency on install-rootsbinPROGRAMS is
+not needed. And the example they use to illustrate is *exactly* the
+situation of ecryptfs-utils: creating a link to a program that was
+installed.
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Upstream status: https://bugs.launchpad.net/ecryptfs/+bug/1857622]
+
+diff -Nuar ecryptfs-utils-111-orig/src/utils/Makefile.in ecryptfs-utils-111/src/utils/Makefile.in
+--- ecryptfs-utils-111-orig/src/utils/Makefile.in	2019-12-26 15:14:16.656146065 +0100
++++ ecryptfs-utils-111/src/utils/Makefile.in	2019-12-26 17:36:07.108496164 +0100
+@@ -1522,7 +1522,7 @@
+ .PRECIOUS: Makefile
+ 
+ 
+-install-exec-hook:	install-rootsbinPROGRAMS
++install-exec-hook:
+ 	-rm -f "$(DESTDIR)/$(rootsbindir)/umount.ecryptfs_private"
+ 	$(LN_S) "mount.ecryptfs_private" "$(DESTDIR)/$(rootsbindir)/umount.ecryptfs_private"
+