Update for 2017.11.1

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
linux-headers: bump 4.{9, 14}.x series
2026-01-09 06:10:17 +03:00 · 2017-12-31 10:03:52 +01:00 · 2017-12-30 23:57:22 +01:00 · 2017-12-28 23:16:54 +01:00 · 2017-12-27 23:38:04 +01:00 · 2017-12-27 23:36:54 +01:00
66 changed files with 500 additions and 190 deletions
--- a/12
+++ b/12
@@ -1,3 +1,15 @@
+2017.11.1, Released December 31th, 2017
+
+	Important / security related fixes.
+
+	Updated/fixed packages: asterisk, checkpolicy, dhcp, flann,
+	gdb, glibc, heimdal, kodi-pvr-mediaportal-tvserver,
+	kodi-pvr-stalker, libcue, libopenssl, libpqxx, libsoxr,
+	linknx, linux-tools, lldpd, ltp-testsuite, mariadb, mfgtools,
+	nodejs, nut, pulseaudio, python-cffi, qemu, rsync, tor, uboot,
+	uboot-tools, vlc, webkitgtk, weston, wireguard, wireshark,
+	xenomai, xfsprogs
+
 2017.11, Released November 30, 2017

 	Fixes all over the tree.
--- a/4
+++ b/4
@@ -87,9 +87,9 @@ all:
 .PHONY: all

 # Set and export the version string
-export BR2_VERSION := 2017.11
+export BR2_VERSION := 2017.11.1
 # Actual time the release is cut (for reproducible builds)
-BR2_VERSION_EPOCH = 1512070000
+BR2_VERSION_EPOCH = 1514710000

 # Save running make version since it's clobbered by the make package
 RUNNING_MAKE_VERSION := $(MAKE_VERSION)
--- a/boot/uboot/uboot.mk
+++ b/boot/uboot/uboot.mk
@@ -238,6 +238,18 @@ define UBOOT_BUILD_OMAP_IFT
 		-c $(call qstrip,$(BR2_TARGET_UBOOT_OMAP_IFT_CONFIG))
 endef

+ifneq ($(BR2_TARGET_UBOOT_ENVIMAGE),)
+define UBOOT_GENERATE_ENV_IMAGE
+	cat $(call qstrip,$(BR2_TARGET_UBOOT_ENVIMAGE_SOURCE)) \
+		>$(@D)/buildroot-env.txt
+	$(HOST_DIR)/bin/mkenvimage -s $(BR2_TARGET_UBOOT_ENVIMAGE_SIZE) \
+		$(if $(BR2_TARGET_UBOOT_ENVIMAGE_REDUNDANT),-r) \
+		$(if $(filter BIG,$(BR2_ENDIAN)),-b) \
+		-o $(BINARIES_DIR)/uboot-env.bin \
+		$(@D)/buildroot-env.txt
+endef
+endif
+
 define UBOOT_INSTALL_IMAGES_CMDS
 	$(foreach f,$(UBOOT_BINS), \
 			cp -dpf $(@D)/$(f) $(BINARIES_DIR)/
@@ -249,12 +261,7 @@ define UBOOT_INSTALL_IMAGES_CMDS
 			cp -dpf $(@D)/$(f) $(BINARIES_DIR)/
 		)
 	)
-	$(if $(BR2_TARGET_UBOOT_ENVIMAGE),
-		cat $(call qstrip,$(BR2_TARGET_UBOOT_ENVIMAGE_SOURCE)) | \
-			$(HOST_DIR)/bin/mkenvimage -s $(BR2_TARGET_UBOOT_ENVIMAGE_SIZE) \
-			$(if $(BR2_TARGET_UBOOT_ENVIMAGE_REDUNDANT),-r) \
-			$(if $(filter BIG,$(BR2_ENDIAN)),-b) \
-			-o $(BINARIES_DIR)/uboot-env.bin -)
+	$(UBOOT_GENERATE_ENV_IMAGE)
 	$(if $(BR2_TARGET_UBOOT_BOOT_SCRIPT),
 		$(HOST_DIR)/bin/mkimage -C none -A $(MKIMAGE_ARCH) -T script \
 			-d $(call qstrip,$(BR2_TARGET_UBOOT_BOOT_SCRIPT_SOURCE)) \
--- a/linux/Config.in
+++ b/linux/Config.in
@@ -29,7 +29,7 @@ config BR2_LINUX_KERNEL_LATEST_VERSION
 	bool "Latest version (4.13)"

 config BR2_LINUX_KERNEL_LATEST_CIP_VERSION
-	bool "Latest CIP SLTS version (v4.4.83-cip8)"
+	bool "Latest CIP SLTS version (v4.4.105-cip15)"
 	help
 	  CIP launched in the spring of 2016 to address the needs of
 	  organizations in industries such as power generation and
@@ -117,7 +117,7 @@ endif
 config BR2_LINUX_KERNEL_VERSION
 	string
 	default "4.13.16" if BR2_LINUX_KERNEL_LATEST_VERSION
-	default "v4.4.83-cip8" if BR2_LINUX_KERNEL_LATEST_CIP_VERSION
+	default "v4.4.105-cip15" if BR2_LINUX_KERNEL_LATEST_CIP_VERSION
 	default BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE \
 		if BR2_LINUX_KERNEL_CUSTOM_VERSION
 	default "custom" if BR2_LINUX_KERNEL_CUSTOM_TARBALL
--- a/package/asterisk/0006-install-samples-need-the-data-files.patch
+++ b/package/asterisk/0006-install-samples-need-the-data-files.patch
@@ -0,0 +1,35 @@
+From 05680ea9899c2246c23d11860c2c8e10aa8f80c7 Mon Sep 17 00:00:00 2001
+From: "Yann E. MORIN" <yann.morin.1998@free.fr>
+Date: Fri, 1 Dec 2017 11:08:16 +0100
+Subject: [PATCH] install: samples need the data files
+
+When installing samples, "sample voicemail" is generated from the
+already-installed sound files.
+
+However, when doing the install and the samples at the same time in a
+parallel install, it is possible that the sound files are not already
+installed at the time we try to generate the voicemail data.
+
+Ensure the needed dependency.
+
+Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
+---
+ Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile b/Makefile
+index f29c07f680..b58f707b61 100644
+--- a/Makefile
+++ b/Makefile
+@@ -779,7 +779,7 @@ adsi:
+ 		$(INSTALL) -m 644 "$$x" "$(DESTDIR)$(ASTETCDIR)/`$(BASENAME) $$x`" ; \
+ 	done
+ 
+-samples: adsi
+samples: adsi datafiles
+ 	@echo Installing other config files...
+ 	$(call INSTALL_CONFIGS,samples,.sample)
+ 	$(INSTALL) -d "$(DESTDIR)$(ASTSPOOLDIR)/voicemail/default/1234/INBOX"
+-- 
+2.11.0
+
--- a/package/checkpolicy/checkpolicy.mk
+++ b/package/checkpolicy/checkpolicy.mk
@@ -11,22 +11,22 @@ CHECKPOLICY_LICENSE_FILES = COPYING

 CHECKPOLICY_DEPENDENCIES = libselinux flex host-flex host-bison

-TARGET_CHECKPOLICY_MAKE_OPTS = $(TARGET_CONFIGURE_OPTS) \
+CHECKPOLICY_MAKE_OPTS = $(TARGET_CONFIGURE_OPTS) \
 	LEX="$(HOST_DIR)/bin/flex" \
 	YACC="$(HOST_DIR)/bin/bison -y"

 # DESTDIR is used at build time to find libselinux
 define CHECKPOLICY_BUILD_CMDS
-	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) $(TARGET_CHECKPOLICY_MAKE_OPTS) DESTDIR=$(STAGING_DIR)
+	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) $(CHECKPOLICY_MAKE_OPTS) DESTDIR=$(STAGING_DIR)
 endef

 define CHECKPOLICY_STAGING_CMDS
-	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) $(TARGET_CHECKPOLICY_MAKE_OPTS) DESTDIR=$(STAGING_DIR) install
+	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) $(CHECKPOLICY_MAKE_OPTS) DESTDIR=$(STAGING_DIR) install

 endef

 define CHECKPOLICY_INSTALL_TARGET_CMDS
-	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) $(TARGET_CHECKPOLICY_MAKE_OPTS) DESTDIR=$(TARGET_DIR) install
+	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) $(CHECKPOLICY_MAKE_OPTS) DESTDIR=$(TARGET_DIR) install
 endef

 HOST_CHECKPOLICY_DEPENDENCIES = host-libselinux host-flex host-bison
--- a/package/dhcp/0001-bind-cross-compile.patch
+++ b/package/dhcp/0001-bind-cross-compile.patch
--- a/package/dhcp/0002-v4_3-Plugs-a-socket-descriptor-leak-in-OMAPI.patch
+++ b/package/dhcp/0002-v4_3-Plugs-a-socket-descriptor-leak-in-OMAPI.patch
@@ -0,0 +1,51 @@
+From 5097bc0559f592683faac1f67bf350e1bddf6ed4 Mon Sep 17 00:00:00 2001
+From: Thomas Markwalder <tmark@isc.org>
+Date: Thu, 7 Dec 2017 11:39:30 -0500
+Subject: [PATCH] [v4_3] Plugs a socket descriptor leak in OMAPI
+
+        Merges in rt46767.
+
+[baruch: drop RELNOTES hunk]
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Patch status: upstream commit 5097bc0559f
+
+ omapip/buffer.c  | 9 +++++++++
+ omapip/message.c | 2 +-
+
+diff --git a/omapip/buffer.c b/omapip/buffer.c
+index f7fdc3250e82..809034d1317b 100644
+--- a/omapip/buffer.c
+++ b/omapip/buffer.c
+@@ -566,6 +566,15 @@ isc_result_t omapi_connection_writer (omapi_object_t *h)
+ 			omapi_buffer_dereference (&buffer, MDL);
+ 		}
+ 	}
+
+	/* If we had data left to write when we're told to disconnect,
+	* we need recall disconnect, now that we're done writing.
+	* See rt46767. */
+	if (c->out_bytes == 0 && c->state == omapi_connection_disconnecting) {
+		omapi_disconnect (h, 1);
+		return ISC_R_SHUTTINGDOWN;
+	}
+
+ 	return ISC_R_SUCCESS;
+ }
+ 
+diff --git a/omapip/message.c b/omapip/message.c
+index 59ccdc2c05cf..21bcfc3822e7 100644
+--- a/omapip/message.c
+++ b/omapip/message.c
+@@ -339,7 +339,7 @@ isc_result_t omapi_message_unregister (omapi_object_t *mo)
+ }
+ 
+ #ifdef DEBUG_PROTOCOL
+-static const char *omapi_message_op_name(int op) {
+const char *omapi_message_op_name(int op) {
+ 	switch (op) {
+ 	case OMAPI_OP_OPEN:    return "OMAPI_OP_OPEN";
+ 	case OMAPI_OP_REFRESH: return "OMAPI_OP_REFRESH";
+-- 
+2.15.1
+
--- a/package/dhcp/dhcp.hash
+++ b/package/dhcp/dhcp.hash
@@ -1,2 +1,4 @@
-# Verified from https://ftp.isc.org/isc/dhcp/4.3.5/dhcp-4.3.5.tar.gz.sha256.asc
-sha256 eb95936bf15d2393c55dd505bc527d1d4408289cec5a9fa8abb99f7577e7f954  dhcp-4.3.5.tar.gz
+# Verified from https://ftp.isc.org/isc/dhcp/4.3.6/dhcp-4.3.6.tar.gz.sha256.asc
+sha256 a41eaf6364f1377fe065d35671d9cf82bbbc8f21207819b2b9f33f652aec6f1b  dhcp-4.3.6.tar.gz
+# Locally calculated
+sha256 dd7ae2201c0c11c3c1e2510d731c67b2f4bc8ba735707d7348ddd65f7b598562  LICENSE
--- a/package/dhcp/dhcp.mk
+++ b/package/dhcp/dhcp.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################

-DHCP_VERSION = 4.3.5
+DHCP_VERSION = 4.3.6
 DHCP_SITE = http://ftp.isc.org/isc/dhcp/$(DHCP_VERSION)
 DHCP_INSTALL_STAGING = YES
 DHCP_LICENSE = ISC
--- a/package/flann/flann.mk
+++ b/package/flann/flann.mk
@@ -15,6 +15,7 @@ FLANN_CONF_OPTS = \
 	-DBUILD_MATLAB_BINDINGS=OFF \
 	-DBUILD_EXAMPLES=$(if $(BR2_PACKAGE_FLANN_EXAMPLES),ON,OFF) \
 	-DUSE_OPENMP=$(if $(BR2_GCC_ENABLE_OPENMP),ON,OFF) \
-	-DPYTHON_EXECUTABLE=OFF
+	-DPYTHON_EXECUTABLE=OFF \
+	-DCMAKE_DISABLE_FIND_PACKAGE_HDF5=TRUE

 $(eval $(cmake-package))
--- a/package/gdb/gdb.mk
+++ b/package/gdb/gdb.mk
@@ -55,9 +55,11 @@ endif

 # When gdb sources are fetched from the binutils-gdb repository, they
 # also contain the binutils sources, but binutils shouldn't be built,
-# so we disable it.
+# so we disable it (additionally the option --disable-install-libbfd
+# prevents the un-wanted installation of libobcodes.so and libbfd.so).
 GDB_DISABLE_BINUTILS_CONF_OPTS = \
 	--disable-binutils \
+	--disable-install-libbfd \
 	--disable-ld \
 	--disable-gas

--- a/package/glibc/glibc.hash
+++ b/package/glibc/glibc.hash
@@ -1,4 +1,4 @@
 # Locally calculated (fetched from Github)
-sha256  d66b3702961c846ead2bacf17a9b5239cc1e8a43ca6e322f3637e99f276efec1     glibc-glibc-2.26-73-g4b692dffb95ac4812b161eb6a16113d7e824982e.tar.gz
+sha256  0766875391224153502c5542a71b6e46db53b44691078b3130e1a0df41586430     glibc-glibc-2.26-107-g73a92363619e52c458146e903dfb9b1ba823aa40.tar.gz
 # Locally calculated (fetched from Github)
 sha256  5aa9adeac09727db0b8a52794186563771e74d70410e9fd86431e339953fd4bb     glibc-arc-2017.09-release.tar.gz
--- a/package/glibc/glibc.mk
+++ b/package/glibc/glibc.mk
@@ -11,7 +11,7 @@ GLIBC_SOURCE = glibc-$(GLIBC_VERSION).tar.gz
 else
 # Generate version string using:
 #   git describe --match 'glibc-*' --abbrev=40 origin/release/MAJOR.MINOR/master
-GLIBC_VERSION = glibc-2.26-73-g4b692dffb95ac4812b161eb6a16113d7e824982e
+GLIBC_VERSION = glibc-2.26-107-g73a92363619e52c458146e903dfb9b1ba823aa40
 # Upstream doesn't officially provide an https download link.
 # There is one (https://sourceware.org/git/glibc.git) but it's not reliable,
 # sometimes the connection times out. So use an unofficial github mirror.
--- a/package/heimdal/heimdal.hash
+++ b/package/heimdal/heimdal.hash
@@ -1,2 +1,2 @@
 # Locally calculated
-sha256 3de14ecd36ad21c1694a13da347512b047f4010d176fe412820664cb5d1429ad  heimdal-7.4.0.tar.gz
+sha256 c5a2a0030fcc728022fa2332bad85569084d1c3b9a59587b7ebe141b0532acad  heimdal-7.5.0.tar.gz
--- a/package/heimdal/heimdal.mk
+++ b/package/heimdal/heimdal.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################

-HEIMDAL_VERSION = 7.4.0
+HEIMDAL_VERSION = 7.5.0
 HEIMDAL_SITE = https://github.com/heimdal/heimdal/releases/download/heimdal-$(HEIMDAL_VERSION)
 HOST_HEIMDAL_DEPENDENCIES = host-e2fsprogs host-ncurses host-pkgconf
 HEIMDAL_INSTALL_STAGING = YES
--- a/package/kodi-pvr-mediaportal-tvserver/0001-live555-remove-xlocale.h-from-Locale.hh.patch
+++ b/package/kodi-pvr-mediaportal-tvserver/0001-live555-remove-xlocale.h-from-Locale.hh.patch
@@ -0,0 +1,33 @@
+From 64b264d141fd80991ac071c5370802e2d7394f6d Mon Sep 17 00:00:00 2001
+From: Bernd Kuhls <bernd.kuhls@t-online.de>
+Date: Sun, 3 Dec 2017 22:17:12 +0100
+Subject: [PATCH] live555: remove xlocale.h from Locale.hh
+
+Fixes build error with glibc 2.26:
+https://sourceware.org/glibc/wiki/Release/2.26#Removal_of_.27xlocale.h.27
+
+Patch sent upstream:
+https://github.com/kodi-pvr/pvr.mediaportal.tvserver/pull/79
+
+Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
+---
+ src/lib/live555/liveMedia/include/Locale.hh | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/src/lib/live555/liveMedia/include/Locale.hh b/src/lib/live555/liveMedia/include/Locale.hh
+index b327948..c4b4f4a 100644
+--- a/src/lib/live555/liveMedia/include/Locale.hh
+++ b/src/lib/live555/liveMedia/include/Locale.hh
+@@ -43,9 +43,6 @@ along with this library; if not, write to the Free Software Foundation, Inc.,
+ 
+ #ifndef LOCALE_NOT_USED
+ #include <locale.h>
+-#ifndef XLOCALE_NOT_USED
+-#include <xlocale.h> // because, on some systems, <locale.h> doesn't include <xlocale.h>; this makes sure that we get both
+-#endif
+ #endif
+ 
+ 
+-- 
+2.11.0
+
--- a/package/kodi-pvr-stalker/Config.in
+++ b/package/kodi-pvr-stalker/Config.in
@@ -2,6 +2,7 @@ config BR2_PACKAGE_KODI_PVR_STALKER
 	bool "kodi-pvr-stalker"
 	select BR2_PACKAGE_JSONCPP
 	select BR2_PACKAGE_KODI_PLATFORM
+	select BR2_PACKAGE_LIBXML2
 	help
 	  A PVR Client that connects Kodi to Stalker Middleware

--- a/package/kodi-pvr-stalker/kodi-pvr-stalker.mk
+++ b/package/kodi-pvr-stalker/kodi-pvr-stalker.mk
@@ -10,6 +10,6 @@ KODI_PVR_STALKER_VERSION = 2.8.6-Krypton
 KODI_PVR_STALKER_SITE = $(call github,kodi-pvr,pvr.stalker,$(KODI_PVR_STALKER_VERSION))
 KODI_PVR_STALKER_LICENSE = GPL-2.0+
 KODI_PVR_STALKER_LICENSE_FILES = src/client.h
-KODI_PVR_STALKER_DEPENDENCIES = jsoncpp kodi-platform
+KODI_PVR_STALKER_DEPENDENCIES = jsoncpp kodi-platform libxml2

 $(eval $(cmake-package))
--- a/package/libcue/libcue.mk
+++ b/package/libcue/libcue.mk
@@ -12,6 +12,8 @@ LIBCUE_DEPENDENCIES = host-bison host-flex flex
 LIBCUE_INSTALL_STAGING = YES
 LIBCUE_AUTORECONF = YES

+LIBCUE_MAKE = $(MAKE1)
+
 # Needed for autoreconf
 define LIBCUE_MAKE_CONFIG_DIR
 	mkdir $(@D)/config
--- a/package/libopenssl/libopenssl.hash
+++ b/package/libopenssl/libopenssl.hash
@@ -1,7 +1,8 @@
-# From https://www.openssl.org/source/openssl-1.0.2m.tar.gz.sha256
-sha256	8c6ff15ec6b319b50788f42c7abc2890c08ba5a1cdcd3810eb9092deada37b0f	openssl-1.0.2m.tar.gz
+# From https://www.openssl.org/source/openssl-1.0.2n.tar.gz.sha256
+sha256	370babb75f278c39e0c50e8c4e7493bc0f18db6867478341a832a982fd15a8fe	openssl-1.0.2n.tar.gz
 # Locally computed
 sha256	eddd8a5123748052c598214487ac178e4bfa4e31ba2ec520c70d59c8c5bfa2e9	openssl-1.0.2a-parallel-install-dirs.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d
 sha256	147c3eeaad614c044749ea527cb433eae5e2d5cad34a78c6ba61cd967bfbe01f	openssl-1.0.2a-parallel-obj-headers.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d
 sha256	30cb49489de5041841a74da9155cd4fabfbce33237262ba7cd23974314ae2956	openssl-1.0.2a-parallel-symlinking.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d
 sha256	deaf6f3af41874ecc6d63841ea14b8e6c71cea81d4a511a754bc90c9a993147f	openssl-1.0.2d-parallel-build.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d
+sha256	9ee37d72966bb4a841343f0606ce44d41b3eae4df4285200c5a8ddc2b935992a	LICENSE
--- a/package/libopenssl/libopenssl.mk
+++ b/package/libopenssl/libopenssl.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################

-LIBOPENSSL_VERSION = 1.0.2m
+LIBOPENSSL_VERSION = 1.0.2n
 LIBOPENSSL_SITE = http://www.openssl.org/source
 LIBOPENSSL_SOURCE = openssl-$(LIBOPENSSL_VERSION).tar.gz
 LIBOPENSSL_LICENSE = OpenSSL or SSLeay
--- a/package/libpqxx/0001-Fix-broken-sed-call-in-configure.ac.in.patch
+++ b/package/libpqxx/0001-Fix-broken-sed-call-in-configure.ac.in.patch
@@ -0,0 +1,31 @@
+From d5120738a9b6b90d19e742f3c591727d16d76c9c Mon Sep 17 00:00:00 2001
+From: Romain Naour <romain.naour@gmail.com>
+Date: Tue, 26 Dec 2017 14:09:46 +0100
+Subject: [PATCH] Fix broken sed call in configure.ac.in
+
+Upstream fix from commit [1][2]
+
+[1] 80a9d5386641ac67d4ea1b602c786b45b40b252f
+[2] 85e9336740475be25ed19924cca0961f7d844c4b
+
+Signed-off-by: Romain Naour <romain.naour@gmail.com>
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 32cf5cb5..77cf7edd 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -480,7 +480,7 @@ occurring in the file.
+ ])], -L${with_postgres_lib})
+ 
+ # Remove redundant occurrances of -lpq
+-LIBS="`echo "$LIBS" | sed -e 's/-lpq[[:space:]]*[[:space:]]-lpq\>/-lpq/g'`"
+LIBS=[`echo "$LIBS" | sed -e 's/-lpq * -lpq\>/-lpq/g'`]
+ 
+ AC_LANG_POP(C)
+ 
+-- 
+2.14.3
+
--- a/package/libpqxx/libpqxx.mk
+++ b/package/libpqxx/libpqxx.mk
@@ -11,6 +11,9 @@ LIBPQXX_DEPENDENCIES = postgresql
 LIBPQXX_LICENSE = BSD-3-Clause
 LIBPQXX_LICENSE_FILES = COPYING

+# 0001-Fix-broken-sed-call-in-configure.ac.in.patch
+LIBPQXX_AUTORECONF = YES
+
 LIBPQXX_CONF_ENV += ac_cv_path_PG_CONFIG=$(STAGING_DIR)/usr/bin/pg_config

 $(eval $(autotools-package))
--- a/package/libsoxr/Config.in
+++ b/package/libsoxr/Config.in
@@ -2,7 +2,7 @@ config BR2_PACKAGE_LIBSOXR
 	bool "libsoxr"
 	help
 	  The SoX Resampler library `libsoxr' performs one-dimensional
-	  sample-rate conversion—it may be used, for example, to
+	  sample-rate conversion. It may be used, for example, to
 	  resample PCM-encoded audio.

 	  It aims to give fast and high quality results for any constant
--- a/package/linknx/linknx.mk
+++ b/package/linknx/linknx.mk
@@ -18,6 +18,13 @@ LINKNX_CONF_OPTS = \
 LINKNX_DEPENDENCIES = libpthsem \
 	$(if $(BR2_PACKAGE_ARGP_STANDALONE),argp-standalone)

+ifeq ($(BR2_PACKAGE_LIBCURL),y)
+LINKNX_CONF_OPTS += --with-libcurl=$(STAGING_DIR)/usr
+LINKNX_DEPENDENCIES += libcurl
+else
+LINKNX_CONF_OPTS += --without-libcurl
+endif
+
 ifeq ($(BR2_PACKAGE_MYSQL),y)
 LINKNX_CONF_OPTS += --with-mysql=$(STAGING_DIR)/usr
 LINKNX_DEPENDENCIES += mysql
--- a/package/linux-headers/Config.in.host
+++ b/package/linux-headers/Config.in.host
@@ -243,9 +243,9 @@ config BR2_DEFAULT_KERNEL_HEADERS
 	default "3.4.113"	if BR2_KERNEL_HEADERS_3_4
 	default "3.10.108"	if BR2_KERNEL_HEADERS_3_10
 	default "3.12.74"	if BR2_KERNEL_HEADERS_3_12
-	default "4.1.46"	if BR2_KERNEL_HEADERS_4_1
-	default "4.4.102"	if BR2_KERNEL_HEADERS_4_4
-	default "4.9.65"	if BR2_KERNEL_HEADERS_4_9
+	default "4.1.48"	if BR2_KERNEL_HEADERS_4_1
+	default "4.4.108"	if BR2_KERNEL_HEADERS_4_4
+	default "4.9.73"	if BR2_KERNEL_HEADERS_4_9
 	default "4.10.17"	if BR2_KERNEL_HEADERS_4_10
 	default "4.11.12"	if BR2_KERNEL_HEADERS_4_11
 	default "4.12.14"	if BR2_KERNEL_HEADERS_4_12
--- a/package/linux-tools/linux-tool-iio.mk.in
+++ b/package/linux-tools/linux-tool-iio.mk.in
@@ -19,9 +19,11 @@ define IIO_BUILD_CMDS
 		$(IIO_MAKE_OPTS)
 endef

+# DESTDIR used since kernel version 4.14
 define IIO_INSTALL_TARGET_CMDS
 	$(TARGET_MAKE_ENV) $(MAKE) -C $(LINUX_DIR)/tools/iio \
 		$(IIO_MAKE_OPTS) \
 		INSTALL_ROOT=$(TARGET_DIR) \
+		DESTDIR=$(TARGET_DIR) \
 		install
 endef
--- a/package/lldpd/0003-configure-remove-check-on-CXX-compiler.patch
+++ b/package/lldpd/0003-configure-remove-check-on-CXX-compiler.patch
@@ -0,0 +1,35 @@
+From d28b3bfa1b224f7770004dddf4dfaf10ad7ad6c9 Mon Sep 17 00:00:00 2001
+From: Damien Riegel <damien.riegel@savoirfairelinux.com>
+Date: Mon, 18 Dec 2017 14:37:08 -0500
+Subject: [PATCH] configure: remove check on CXX compiler
+
+lldpd fails to build if the toolchain doesn't have a C++ compiler
+because configure fails with the following error:
+
+  checking how to run the C++ preprocessor... /lib/cpp
+  configure: error: in `/home/dkc/src/buildroot/build-zii/build/lldpd-0.9.4':
+  configure: error: C++ preprocessor "/lib/cpp" fails sanity check
+
+Since "8d92800b: build: cleaner way to not alter CFLAGS/CPPFLAGS/LDFLAGS",
+it seems that the dependency on C++ is not required anymore, so there
+is no reason to keep this restriction. Dropping AC_PROG_CXX allows to
+build with a toolchain that doesn't have C++ just fine.
+---
+ configure.ac | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 0edceb1..5afe8f2 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -48,7 +48,6 @@ AC_PROG_CC_C99
+ if test x"$ac_cv_prog_cc_c99" = x"no"; then
+   AC_MSG_FAILURE([*** C99 support is mandatory])
+ fi
+-AC_PROG_CXX
+ AM_PROG_CC_C_O
+ AC_PROG_LIBTOOL
+ AC_PROG_LN_S
+-- 
+2.15.1
+
--- a/package/lldpd/lldpd.mk
+++ b/package/lldpd/lldpd.mk
@@ -9,7 +9,7 @@ LLDPD_SITE = http://media.luffy.cx/files/lldpd
 LLDPD_DEPENDENCIES = host-pkgconf libevent
 LLDPD_LICENSE = ISC
 LLDPD_LICENSE_FILES = README.md
-# 0002-configure-do-not-check-for-libbsd.patch
+# 0002-configure-do-not-check-for-libbsd.patch / 0003-configure-remove-check-on-CXX-compiler.patch
 LLDPD_AUTORECONF = YES

 ifeq ($(BR2_PACKAGE_CHECK),y)
--- a/package/ltp-testsuite/0004-syscalls-mknodat-Fix-missing-config.patch
+++ b/package/ltp-testsuite/0004-syscalls-mknodat-Fix-missing-config.patch
@@ -0,0 +1,28 @@
+From 0ee59c66f4e4930d543395fb8617e26cf8b22025 Mon Sep 17 00:00:00 2001
+From: Petr Vorel <pvorel@suse.cz>
+Date: Thu, 7 Dec 2017 17:37:01 +0100
+Subject: [PATCH] syscalls/mknodat: Fix missing config
+
+Found by buildroot project, where this broke build on uClibc-ng, thanks!
+http://autobuild.buildroot.net/results/6c0506423c76b61018da26c2549570e3d9eb5763/build-end.log
+
+Signed-off-by: Petr Vorel <pvorel@suse.cz>
+---
+ testcases/kernel/syscalls/mknodat/mknodat.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/testcases/kernel/syscalls/mknodat/mknodat.h b/testcases/kernel/syscalls/mknodat/mknodat.h
+index 577d5ac9c..b4e828c5d 100644
+--- a/testcases/kernel/syscalls/mknodat/mknodat.h
+++ b/testcases/kernel/syscalls/mknodat/mknodat.h
+@@ -22,6 +22,7 @@
+ #define MKNODAT_H
+ 
+ #include <sys/types.h>
+#include "config.h"
+ #include "lapi/syscalls.h"
+ 
+ #if !defined(HAVE_MKNODAT)
+-- 
+2.15.0
+
--- a/package/mariadb/mariadb.hash
+++ b/package/mariadb/mariadb.hash
@@ -1,5 +1,5 @@
-# From https://downloads.mariadb.org/mariadb/10.1.28/
-sha256 292dc8fff420c4bdaf3a2c3381ec3c99292965db2b09de0d7fec414c00032bbd  mariadb-10.1.28.tar.gz
+# From https://downloads.mariadb.org/mariadb/10.1.29/
+sha256 73bbd5602f52ab5aa4d83f465134871b6c87bda25371d098f6da5a3d98517ed4  mariadb-10.1.29.tar.gz

 # Hash for license files
 sha256 69ce89a0cadbe35a858398c258be93c388715e84fc0ca04e5a1fd1aa9770dd3a  README
--- a/package/mariadb/mariadb.mk
+++ b/package/mariadb/mariadb.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################

-MARIADB_VERSION = 10.1.28
+MARIADB_VERSION = 10.1.29
 MARIADB_SITE = https://downloads.mariadb.org/interstitial/mariadb-$(MARIADB_VERSION)/source
 MARIADB_LICENSE = GPL-2.0 (server), GPL-2.0 with FLOSS exception (GPL client library), LGPL-2.0 (LGPL client library)
 # Tarball no longer contains LGPL license text
--- a/package/mfgtools/Config.in.host
+++ b/package/mfgtools/Config.in.host
@@ -11,4 +11,4 @@ config BR2_PACKAGE_HOST_MFGTOOLS
 	  production. The communication is done over USB using the
 	  Freescale UTP protocol.

-	  https://github.com/NXPmicro/mfgtools
+	  https://github.com/codeauroraforum/mfgtools
--- a/package/mfgtools/mfgtools.hash
+++ b/package/mfgtools/mfgtools.hash
@@ -1,2 +1,4 @@
 # locally computed
-sha256  6ce93a33c269282df305cf7e517d2d14fde78203537d8ea75b064966afe48464  mfgtools-b219fc219a35c365010897ed093c40750f8cdac6.tar.gz
+sha256  055d71227d18883d6e8bc9e854c076015f9a7749820a94272e19071bf0b25c89  mfgtools-v0.02.tar.gz
+sha256  2655559a6bb1179eae514f5c7166f4ede4f2453efa9cf4dc3c045cab5d57dede  LICENSE
+sha256  0963b6e5086bf454265b0f57821a02b681d1211e40ad74c310231cb4d94815c9  README.txt
--- a/package/mfgtools/mfgtools.mk
+++ b/package/mfgtools/mfgtools.mk
@@ -4,11 +4,11 @@
 #
 ################################################################################

-MFGTOOLS_VERSION = b219fc219a35c365010897ed093c40750f8cdac6
-MFGTOOLS_SITE = $(call github,NXPmicro,mfgtools,$(MFGTOOLS_VERSION))
+MFGTOOLS_VERSION = v0.02
+MFGTOOLS_SITE = $(call github,codeauroraforum,mfgtools,$(MFGTOOLS_VERSION))
 MFGTOOLS_SUBDIR = MfgToolLib
 MFGTOOLS_LICENSE = BSD-3-Clause or CPOL
-MFGTOOLS_LICENSE_FILES = LICENSE CPOL.htm
+MFGTOOLS_LICENSE_FILES = LICENSE README.txt
 HOST_MFGTOOLS_DEPENDENCIES = host-libusb

 HOST_MFGTOOLS_CFLAGS = \
--- a/package/nodejs/nodejs.hash
+++ b/package/nodejs/nodejs.hash
@@ -1,2 +1,2 @@
-# From http://nodejs.org/dist/v8.9.1/SHASUMS256.txt
-sha256 ef160c21f60f8aca64145985e01b4044435e381dc16e8f0640ed0223e84f17e0  node-v8.9.1.tar.xz
+# From http://nodejs.org/dist/v8.9.3/SHASUMS256.txt
+sha256 748ddb3baa6b85e6a56e38aacd066586e7581952f84a92bc8152248a9be6b2da  node-v8.9.3.tar.xz
--- a/package/nodejs/nodejs.mk
+++ b/package/nodejs/nodejs.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################

-NODEJS_VERSION = 8.9.1
+NODEJS_VERSION = 8.9.3
 NODEJS_SOURCE = node-v$(NODEJS_VERSION).tar.xz
 NODEJS_SITE = http://nodejs.org/dist/v$(NODEJS_VERSION)
 NODEJS_DEPENDENCIES = host-python host-nodejs c-ares \
--- a/package/nut/nut.mk
+++ b/package/nut/nut.mk
@@ -14,6 +14,9 @@ NUT_DEPENDENCIES = host-pkgconf
 # Our patch changes m4 macros, so we need to autoreconf
 NUT_AUTORECONF = YES

+# Race condition in tools generation
+NUT_MAKE = $(MAKE1)
+
 # Put the PID files in a read-write place (/var/run is a tmpfs)
 # since the default location (/var/state/ups) maybe readonly.
 NUT_CONF_OPTS = \
--- a/package/pulseaudio/pulseaudio.mk
+++ b/package/pulseaudio/pulseaudio.mk
@@ -17,8 +17,6 @@ PULSEAUDIO_CONF_OPTS = \

 PULSEAUDIO_DEPENDENCIES = \
 	host-pkgconf libtool libsndfile speex host-intltool \
-	$(if $(BR2_PACKAGE_LIBSAMPLERATE),libsamplerate) \
-	$(if $(BR2_PACKAGE_ALSA_LIB),alsa-lib) \
 	$(if $(BR2_PACKAGE_LIBGLIB2),libglib2) \
 	$(if $(BR2_PACKAGE_AVAHI_DAEMON),avahi) \
 	$(if $(BR2_PACKAGE_DBUS),dbus) \
@@ -26,6 +24,13 @@ PULSEAUDIO_DEPENDENCIES = \
 	$(if $(BR2_PACKAGE_FFTW),fftw) \
 	$(if $(BR2_PACKAGE_SYSTEMD),systemd)

+ifeq ($(BR2_PACKAGE_LIBSAMPLERATE),y)
+PULSEAUDIO_CONF_OPTS += --enable-samplerate
+PULSEAUDIO_DEPENDENCIES += libsamplerate
+else
+PULSEAUDIO_CONF_OPTS += --disable-samplerate
+endif
+
 ifeq ($(BR2_PACKAGE_GDBM),y)
 PULSEAUDIO_CONF_OPTS += --with-database=gdbm
 PULSEAUDIO_DEPENDENCIES += gdbm
@@ -119,7 +124,10 @@ PULSEAUDIO_CONF_OPTS += --enable-neon-opt=no
 endif

 # pulseaudio alsa backend needs pcm/mixer apis
-ifneq ($(BR2_PACKAGE_ALSA_LIB_PCM)$(BR2_PACKAGE_ALSA_LIB_MIXER),yy)
+ifeq ($(BR2_PACKAGE_ALSA_LIB_PCM)$(BR2_PACKAGE_ALSA_LIB_MIXER),yy)
+PULSEAUDIO_DEPENDENCIES += alsa-lib
+PULSEAUDIO_CONF_OPTS += --enable-alsa
+else
 PULSEAUDIO_CONF_OPTS += --disable-alsa
 endif

@@ -140,11 +148,17 @@ else
 PULSEAUDIO_CONF_OPTS += --disable-x11
 endif

+# ConsoleKit module init failure breaks user daemon startup
+define PULSEAUDIO_REMOVE_CONSOLE_KIT
+	rm -f $(TARGET_DIR)/usr/lib/pulse-$(PULSEAUDIO_VERSION)/modules/module-console-kit.so
+endef
+
 define PULSEAUDIO_REMOVE_VALA
 	rm -rf $(TARGET_DIR)/usr/share/vala
 endef

-PULSEAUDIO_POST_INSTALL_TARGET_HOOKS += PULSEAUDIO_REMOVE_VALA
+PULSEAUDIO_POST_INSTALL_TARGET_HOOKS += PULSEAUDIO_REMOVE_VALA \
+	PULSEAUDIO_REMOVE_CONSOLE_KIT

 ifeq ($(BR2_PACKAGE_PULSEAUDIO_DAEMON),y)
 define PULSEAUDIO_USERS
--- a/package/python-cffi/Config.in
+++ b/package/python-cffi/Config.in
@@ -1,6 +1,7 @@
 config BR2_PACKAGE_PYTHON_CFFI
 	bool "python-cffi"
 	select BR2_PACKAGE_LIBFFI
+	select BR2_PACKAGE_PYTHON_PYCPARSER # runtime
 	help
 	  This is the Foreign Function Interface for Python calling C
 	  code. The aim of this project is to provide a convenient
--- a/package/python-crossbar/Config.in
+++ b/package/python-crossbar/Config.in
@@ -5,7 +5,6 @@ config BR2_PACKAGE_PYTHON_CROSSBAR
 	select BR2_PACKAGE_PYTHON_AUTOBAHN
 	select BR2_PACKAGE_PYTHON_CBOR
 	select BR2_PACKAGE_PYTHON_CLICK
-	select BR2_PACKAGE_PYTHON_PYCPARSER
 	select BR2_PACKAGE_PYTHON_CRYPTOGRAPHY
 	select BR2_PACKAGE_PYTHON_JINJA2
 	select BR2_PACKAGE_PYTHON_LMDB
--- a/package/qemu/qemu.hash
+++ b/package/qemu/qemu.hash
@@ -1,4 +1,4 @@
 # Locally computed, tarball verified with GPG signature
-sha256 1dd51a908fc68c7d935b0b31fb184c5669bc23b5a1b081816e824714f2a11caa  qemu-2.10.1.tar.xz
+sha256 fcfdaa1ecdaac8aead616fe811bfb8fe4a8f2cd59796aa446c5175b5af0e829f  qemu-2.10.2.tar.xz
 sha256 6f04ae8364d0079a192b14635f4b1da294ce18724c034c39a6a41d1b09df6100  COPYING
 sha256 48ffe9fc7f1d5462dbd19340bc4dd1d8a9e37c61ed535813e614cbe4a5f0d4df  COPYING.LIB
--- a/package/qemu/qemu.mk
+++ b/package/qemu/qemu.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################

-QEMU_VERSION = 2.10.1
+QEMU_VERSION = 2.10.2
 QEMU_SOURCE = qemu-$(QEMU_VERSION).tar.xz
 QEMU_SITE = http://download.qemu.org
 QEMU_LICENSE = GPL-2.0, LGPL-2.1, MIT, BSD-3-Clause, BSD-2-Clause, Others/BSD-1c
--- a/package/rsync/0001-Check-fname-in-recv_files-sooner.patch
+++ b/package/rsync/0001-Check-fname-in-recv_files-sooner.patch
@@ -0,0 +1,45 @@
+From 3e06d40029cfdce9d0f73d87cfd4edaf54be9c51 Mon Sep 17 00:00:00 2001
+From: Jeriko One <jeriko.one@gmx.us>
+Date: Thu, 2 Nov 2017 23:44:19 -0700
+Subject: [PATCH] Check fname in recv_files sooner.
+
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Patch status: upstream commit 3e06d40029c
+
+ receiver.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/receiver.c b/receiver.c
+index baae3a919cdd..9fdafa152cb3 100644
+--- a/receiver.c
+++ b/receiver.c
+@@ -574,6 +574,12 @@ int recv_files(int f_in, int f_out, char *local_name)
+ 			file = dir_flist->files[cur_flist->parent_ndx];
+ 		fname = local_name ? local_name : f_name(file, fbuf);
+ 
+		if (daemon_filter_list.head
+		    && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) {
+			rprintf(FERROR, "attempt to hack rsync failed.\n");
+			exit_cleanup(RERR_PROTOCOL);
+		}
+
+ 		if (DEBUG_GTE(RECV, 1))
+ 			rprintf(FINFO, "recv_files(%s)\n", fname);
+ 
+@@ -645,12 +651,6 @@ int recv_files(int f_in, int f_out, char *local_name)
+ 
+ 		cleanup_got_literal = 0;
+ 
+-		if (daemon_filter_list.head
+-		    && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) {
+-			rprintf(FERROR, "attempt to hack rsync failed.\n");
+-			exit_cleanup(RERR_PROTOCOL);
+-		}
+-
+ 		if (read_batch) {
+ 			int wanted = redoing
+ 				   ? we_want_redo(ndx)
+-- 
+2.15.0
+
--- a/package/rsync/0002-Sanitize-xname-in-read_ndx_and_attrs.patch
+++ b/package/rsync/0002-Sanitize-xname-in-read_ndx_and_attrs.patch
@@ -0,0 +1,39 @@
+From 70aeb5fddd1b2f8e143276f8d5a085db16c593b9 Mon Sep 17 00:00:00 2001
+From: Jeriko One <jeriko.one@gmx.us>
+Date: Thu, 16 Nov 2017 17:05:42 -0800
+Subject: [PATCH] Sanitize xname in read_ndx_and_attrs.
+
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Patch status: upstream commit 70aeb5fddd
+
+ rsync.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/rsync.c b/rsync.c
+index b82e59881018..a0945ba4e7f5 100644
+--- a/rsync.c
+++ b/rsync.c
+@@ -49,6 +49,7 @@ extern int flist_eof;
+ extern int file_old_total;
+ extern int keep_dirlinks;
+ extern int make_backups;
+extern int sanitize_paths;
+ extern struct file_list *cur_flist, *first_flist, *dir_flist;
+ extern struct chmod_mode_struct *daemon_chmod_modes;
+ #ifdef ICONV_OPTION
+@@ -396,6 +397,11 @@ int read_ndx_and_attrs(int f_in, int f_out, int *iflag_ptr, uchar *type_ptr,
+ 	if (iflags & ITEM_XNAME_FOLLOWS) {
+ 		if ((len = read_vstring(f_in, buf, MAXPATHLEN)) < 0)
+ 			exit_cleanup(RERR_PROTOCOL);
+
+		if (sanitize_paths) {
+			sanitize_path(buf, buf, "", 0, SP_DEFAULT);
+			len = strlen(buf);
+		}
+ 	} else {
+ 		*buf = '\0';
+ 		len = -1;
+-- 
+2.15.0
+
--- a/package/rsync/0003-Check-daemon-filter-against-fnamecmp-in-recv_files.patch
+++ b/package/rsync/0003-Check-daemon-filter-against-fnamecmp-in-recv_files.patch
@@ -0,0 +1,28 @@
+From 5509597decdbd7b91994210f700329d8a35e70a1 Mon Sep 17 00:00:00 2001
+From: Jeriko One <jeriko.one@gmx.us>
+Date: Thu, 16 Nov 2017 17:26:03 -0800
+Subject: [PATCH] Check daemon filter against fnamecmp in recv_files().
+
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Patch status: upstream commit 5509597dec
+
+ receiver.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/receiver.c b/receiver.c
+index 9fdafa152cb3..9c46242e013c 100644
+--- a/receiver.c
+++ b/receiver.c
+@@ -722,7 +722,7 @@ int recv_files(int f_in, int f_out, char *local_name)
+ 				break;
+ 			}
+ 			if (!fnamecmp || (daemon_filter_list.head
+-			  && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0)) {
+			  && check_filter(&daemon_filter_list, FLOG, fnamecmp, 0) < 0)) {
+ 				fnamecmp = fname;
+ 				fnamecmp_type = FNAMECMP_FNAME;
+ 			}
+-- 
+2.15.0
+
--- a/package/rsync/0004-Enforce-trailing-0-when-receiving-xattr-name-values.patch
+++ b/package/rsync/0004-Enforce-trailing-0-when-receiving-xattr-name-values.patch
@@ -0,0 +1,33 @@
+From 47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1 Mon Sep 17 00:00:00 2001
+From: Wayne Davison <wayned@samba.org>
+Date: Sun, 5 Nov 2017 11:33:15 -0800
+Subject: [PATCH] Enforce trailing \0 when receiving xattr name values. Fixes
+ bug 13112.
+
+Fixes CVE-2017-16548
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+Patch status: upstream commit 47a63d90e7
+
+ xattrs.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/xattrs.c b/xattrs.c
+index 68305d75..4867e6f5 100644
+--- a/xattrs.c
+++ b/xattrs.c
+@@ -824,6 +824,10 @@ void receive_xattr(int f, struct file_struct *file)
+ 			out_of_memory("receive_xattr");
+ 		name = ptr + dget_len + extra_len;
+ 		read_buf(f, name, name_len);
+		if (name_len < 1 || name[name_len-1] != '\0') {
+			rprintf(FERROR, "Invalid xattr name received (missing trailing \\0).\n");
+			exit_cleanup(RERR_FILEIO);
+		}
+ 		if (dget_len == datum_len)
+ 			read_buf(f, ptr, dget_len);
+ 		else {
+-- 
+2.11.0
+
--- a/package/tor/tor.hash
+++ b/package/tor/tor.hash
@@ -1,3 +1,3 @@
 # Locally computed
-sha256 7df6298860a59f410ff8829cf7905a50c8b3a9094d51a8553603b401e4b5b1a1  tor-0.3.1.8.tar.gz
+sha256 6e1b04f7890e782fd56014a0de5075e4ab29b52a35d8bca1f6b80c93f58f3d26  tor-0.3.1.9.tar.gz
 sha256 f9a4f724d8037711dde7d3f1d17094fb7d211545b3a3bbb1b03e769e13ca5608  LICENSE
--- a/package/tor/tor.mk
+++ b/package/tor/tor.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################

-TOR_VERSION = 0.3.1.8
+TOR_VERSION = 0.3.1.9
 TOR_SITE = https://dist.torproject.org
 TOR_LICENSE = BSD-3-Clause
 TOR_LICENSE_FILES = LICENSE
--- a/package/uboot-tools/uboot-tools.mk
+++ b/package/uboot-tools/uboot-tools.mk
@@ -22,7 +22,7 @@ UBOOT_TOOLS_MAKE_OPTS = CROSS_COMPILE="$(TARGET_CROSS)" \
 	STRIP=$(TARGET_STRIP)

 ifeq ($(BR2_PACKAGE_UBOOT_TOOLS_FIT_SUPPORT),y)
-UBOOT_TOOLS_MAKE_OPTS += CONFIG_FIT=y
+UBOOT_TOOLS_MAKE_OPTS += CONFIG_FIT=y CONFIG_MKIMAGE_DTC_PATH=dtc
 UBOOT_TOOLS_DEPENDENCIES += dtc
 endif

@@ -85,7 +85,7 @@ HOST_UBOOT_TOOLS_MAKE_OPTS = HOSTCC="$(HOSTCC)" \
 	HOSTLDFLAGS="$(HOST_LDFLAGS)"

 ifeq ($(BR2_PACKAGE_HOST_UBOOT_TOOLS_FIT_SUPPORT),y)
-HOST_UBOOT_TOOLS_MAKE_OPTS += CONFIG_FIT=y
+HOST_UBOOT_TOOLS_MAKE_OPTS += CONFIG_FIT=y CONFIG_MKIMAGE_DTC_PATH=dtc
 HOST_UBOOT_TOOLS_DEPENDENCIES += host-dtc
 endif

--- a/package/vlc/0013-codec-avcodec-check-avcodec-visible-sizes.patch
+++ b/package/vlc/0013-codec-avcodec-check-avcodec-visible-sizes.patch
@@ -1,33 +0,0 @@
-From 6cc73bcad19da2cd2e95671173f2e0d203a57e9b Mon Sep 17 00:00:00 2001
-From: Francois Cartegnie <fcvlcdev@free.fr>
-Date: Thu, 29 Jun 2017 09:45:20 +0200
-Subject: [PATCH] codec: avcodec: check avcodec visible sizes
-
-refs #18467
-
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
- modules/codec/avcodec/video.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/modules/codec/avcodec/video.c b/modules/codec/avcodec/video.c
-index 1bcad21..ce52544 100644
--- a/modules/codec/avcodec/video.c
-+++ b/modules/codec/avcodec/video.c
-@@ -137,9 +137,11 @@ static inline picture_t *ffmpeg_NewPictBuf( decoder_t *p_dec,
-     }
- 
- 
-    if( width == 0 || height == 0 || width > 8192 || height > 8192 )
-+    if( width == 0 || height == 0 || width > 8192 || height > 8192 ||
-+        width < p_context->width || height < p_context->height )
-     {
-        msg_Err( p_dec, "Invalid frame size %dx%d.", width, height );
-+        msg_Err( p_dec, "Invalid frame size %dx%d. vsz %dx%d",
-+                 width, height, p_context->width, p_context->height );
-         return NULL; /* invalid display size */
-     }
-     p_dec->fmt_out.video.i_width = width;
-- 
-2.1.4
-
--- a/package/vlc/0014-decoder-check-visible-size-when-creating-buffer.patch
+++ b/package/vlc/0014-decoder-check-visible-size-when-creating-buffer.patch
@@ -1,33 +0,0 @@
-From a38a85db58c569cc592d9380cc07096757ef3d49 Mon Sep 17 00:00:00 2001
-From: Francois Cartegnie <fcvlcdev@free.fr>
-Date: Thu, 29 Jun 2017 11:09:02 +0200
-Subject: [PATCH] decoder: check visible size when creating buffer
-
-early reject invalid visible size
-mishandled by filters.
-
-refs #18467
-
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
- src/input/decoder.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/src/input/decoder.c b/src/input/decoder.c
-index 2c0823f..a216165 100644
--- a/src/input/decoder.c
-+++ b/src/input/decoder.c
-@@ -2060,7 +2060,9 @@ static picture_t *vout_new_buffer( decoder_t *p_dec )
-         vout_thread_t *p_vout;
- 
-         if( !p_dec->fmt_out.video.i_width ||
-            !p_dec->fmt_out.video.i_height )
-+            !p_dec->fmt_out.video.i_height ||
-+            p_dec->fmt_out.video.i_width < p_dec->fmt_out.video.i_visible_width ||
-+            p_dec->fmt_out.video.i_height < p_dec->fmt_out.video.i_visible_height )
-         {
-             /* Can't create a new vout without display size */
-             return NULL;
-- 
-2.1.4
-
--- a/package/vlc/vlc.hash
+++ b/package/vlc/vlc.hash
@@ -1,2 +1,8 @@
-# From http://download.videolan.org/pub/videolan/vlc/2.2.6/vlc-2.2.6.tar.xz.sha256
-sha256 c403d3accd9a400eb2181c958f3e7bc5524fe5738425f4253d42883b425a42a8  vlc-2.2.6.tar.xz
+# From http://download.videolan.org/pub/videolan/vlc/2.2.8/vlc-2.2.8.tar.xz.sha256
+sha256 9bf046848fb56d93518881b39099b8288ee005d5ba0ddf705b6f6643b8d562ec vlc-2.2.8.tar.xz
+# From http://download.videolan.org/pub/videolan/vlc/2.2.8/vlc-2.2.8.tar.xz.sha1
+sha1 b960ec5bdb9a51da285430fc68962927ccc87187 vlc-2.2.8.tar.xz
+# From http://download.videolan.org/pub/videolan/vlc/2.2.8/vlc-2.2.8.tar.xz.md5
+md5 b721fddf65aaf64eeee5629aa9bf7c9e vlc-2.2.8.tar.xz
+sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
+sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551  COPYING.LIB
--- a/package/vlc/vlc.mk
+++ b/package/vlc/vlc.mk
@@ -4,8 +4,8 @@
 #
 ################################################################################

-VLC_VERSION = 2.2.6
-VLC_SITE = http://get.videolan.org/vlc/$(VLC_VERSION)
+VLC_VERSION = 2.2.8
+VLC_SITE = https://get.videolan.org/vlc/$(VLC_VERSION)
 VLC_SOURCE = vlc-$(VLC_VERSION).tar.xz
 VLC_LICENSE = GPL-2.0+, LGPL-2.1+
 VLC_LICENSE_FILES = COPYING COPYING.LIB
--- a/package/webkitgtk/0001-CMake-Values-of-CMAKE_BUILD_TYPE-from-toolchain-file.patch
+++ b/package/webkitgtk/0001-CMake-Values-of-CMAKE_BUILD_TYPE-from-toolchain-file.patch
@@ -1,52 +0,0 @@
-From 3b13b1ec9985e72132ec6a3ba13cf60b34848817 Mon Sep 17 00:00:00 2001
-From: "aperez@igalia.com"
- <aperez@igalia.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
-Date: Mon, 27 Nov 2017 15:34:49 +0000
-Subject: [PATCH] [CMake] Values of CMAKE_BUILD_TYPE from toolchain file are
- ignored https://bugs.webkit.org/show_bug.cgi?id=179971
-
-Reviewed by Carlos Alberto Lopez Perez.
-
-* CMakeLists.txt: Call project() first, as it loads the toolchain
-file, so that's done before checking CMAKE_BUILD_TYPE.
-
-
-git-svn-id: http://svn.webkit.org/repository/webkit/trunk@225168 268f45cc-cd09-0410-ab3c-d52691b4dbfc
-
-Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
-Backported from: 75986e1807b
-
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index d80c37b950a..0a9bd17b981 100644
--- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -1,8 +1,17 @@
- # -----------------------------------------------------------------------------
- # Determine CMake version and build type.
- # -----------------------------------------------------------------------------
-+#
-+# NOTE: cmake_minimum_required() and project() *MUST* be the two fist commands
-+# used, see https://cmake.org/cmake/help/v3.3/command/project.html -- the
-+# latter in particular handles loading a bunch of shared CMake definitions
-+# and loading the cross-compilation settings from CMAKE_TOOLCHAIN_FILE.
-+#
-+
- cmake_minimum_required(VERSION 3.3)
- 
-+project(WebKit)
-+
- if (NOT CMAKE_BUILD_TYPE)
-     message(WARNING "No CMAKE_BUILD_TYPE value specified, defaulting to RelWithDebInfo.")
-     set(CMAKE_BUILD_TYPE "RelWithDebInfo" CACHE STRING "Choose the type of build." FORCE)
-@@ -10,8 +19,6 @@ else ()
-     message(STATUS "The CMake build type is: ${CMAKE_BUILD_TYPE}")
- endif ()
- 
-project(WebKit)
-
- set(CMAKE_MODULE_PATH "${CMAKE_SOURCE_DIR}/Source/cmake")
- 
- set(ENABLE_WEBCORE ON)
-- 
-2.15.1
-
--- a/package/webkitgtk/webkitgtk.hash
+++ b/package/webkitgtk/webkitgtk.hash
@@ -1,4 +1,8 @@
-# From https://webkitgtk.org/releases/webkitgtk-2.18.3.tar.xz.sums
-md5 264a22d7467deae606e42b6eb5dd65af webkitgtk-2.18.3.tar.xz
-sha1 164cad34281ef597a3d4ad214e8037c3ddef4d17 webkitgtk-2.18.3.tar.xz
-sha256 e15420e1616a6f70f321541d467af5ca285bff66b1e0fa68a01df3ccf1b18f9e webkitgtk-2.18.3.tar.xz
+# From https://webkitgtk.org/releases/webkitgtk-2.18.4.tar.xz.sums
+md5 c4686971eac2760bab685e21ac8849be webkitgtk-2.18.4.tar.xz
+sha1 709616b445158dc3163a64bb59e95aadbe58949c webkitgtk-2.18.4.tar.xz
+sha256 87b6bb9a6065b949ecbe6191313c43e57ad28efdf1f2b5e763405093520632b8 webkitgtk-2.18.4.tar.xz
+
+# Hashes for license files:
+sha256 0b5d3a7cc325942567373b0ecd757d07c132e0ebd7c97bfc63f7e1a76094edb4 Source/WebCore/LICENSE-APPLE
+sha256 f2b3bd09663381deb99721109d22b47af1213bb43007a8b56a06c6375c8050ce Source/WebCore/LICENSE-LGPL-2.1
--- a/package/webkitgtk/webkitgtk.mk
+++ b/package/webkitgtk/webkitgtk.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################

-WEBKITGTK_VERSION = 2.18.3
+WEBKITGTK_VERSION = 2.18.4
 WEBKITGTK_SITE = http://www.webkitgtk.org/releases
 WEBKITGTK_SOURCE = webkitgtk-$(WEBKITGTK_VERSION).tar.xz
 WEBKITGTK_INSTALL_STAGING = YES
--- a/package/weston/weston.mk
+++ b/package/weston/weston.mk
@@ -57,6 +57,7 @@ WESTON_DEPENDENCIES += libegl
 else
 WESTON_CONF_OPTS += \
 	--disable-egl \
+	--disable-simple-dmabuf-drm-client \
 	--disable-simple-egl-clients
 endif

--- a/package/wireguard/wireguard.hash
+++ b/package/wireguard/wireguard.hash
@@ -1,4 +1,4 @@
-# From https://lists.zx2c4.com/pipermail/wireguard/2017-November/001935.html
-sha256 d9347786a9406ac276d86321ca64aadb1f0639cb0582c6e0519c634cf6e81157  WireGuard-0.0.20171111.tar.xz
+# From https://lists.zx2c4.com/pipermail/wireguard/2017-December/002200.html
+sha256 57d799d35e92c905e548d00adeb7ed1ead4d6560f084c99e5aae0a87b4eb09e4  WireGuard-0.0.20171211.tar.xz
 # Locally calculated
 sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
--- a/package/wireguard/wireguard.mk
+++ b/package/wireguard/wireguard.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################

-WIREGUARD_VERSION = 0.0.20171111
+WIREGUARD_VERSION = 0.0.20171211
 WIREGUARD_SITE = https://git.zx2c4.com/WireGuard/snapshot
 WIREGUARD_SOURCE = WireGuard-$(WIREGUARD_VERSION).tar.xz
 WIREGUARD_LICENSE = GPL-2.0
--- a/package/wireshark/wireshark.hash
+++ b/package/wireshark/wireshark.hash
@@ -1,2 +1,2 @@
-# From: https://www.wireshark.org/download/src/all-versions/SIGNATURES-2.2.10.txt
-sha256 8574a5e1fdec7affae640924bd46c1aed1bd866e02632fa5625e1450e4a50707  wireshark-2.2.10.tar.bz2
+# From: https://www.wireshark.org/download/src/all-versions/SIGNATURES-2.2.11.txt
+sha256 a9f11621e85d7e1d72259157edd94825e72af3fd72e184b8474459f92ad5fc40  wireshark-2.2.11.tar.bz2
--- a/package/wireshark/wireshark.mk
+++ b/package/wireshark/wireshark.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################

-WIRESHARK_VERSION = 2.2.10
+WIRESHARK_VERSION = 2.2.11
 WIRESHARK_SOURCE = wireshark-$(WIRESHARK_VERSION).tar.bz2
 WIRESHARK_SITE = https://www.wireshark.org/download/src/all-versions
 WIRESHARK_LICENSE = wireshark license
--- a/package/xenomai/xenomai.hash
+++ b/package/xenomai/xenomai.hash
@@ -1,2 +1,2 @@
 # Locally computed;
-sha256 84836a43b6a996dcdcb42b0b1653a3271cc201df2a2d42c1b4b3bafb2cca7c63  xenomai-3.0.5.tar.bz2
+sha256 2c0dd3f0e36e4a10f97e0028989bb873e80f4d1ce212ac55fd3b28857c464f94  xenomai-3.0.6.tar.bz2
--- a/package/xenomai/xenomai.mk
+++ b/package/xenomai/xenomai.mk
@@ -6,7 +6,7 @@

 XENOMAI_VERSION = $(call qstrip,$(BR2_PACKAGE_XENOMAI_VERSION))
 ifeq ($(XENOMAI_VERSION),)
-XENOMAI_VERSION = 3.0.5
+XENOMAI_VERSION = 3.0.6
 else
 BR_NO_CHECK_HASH_FOR += $(XENOMAI_SOURCE)
 endif
--- a/package/xfsprogs/Config.in
+++ b/package/xfsprogs/Config.in
@@ -13,4 +13,4 @@ config BR2_PACKAGE_XFSPROGS
 	help
 	  The XFS file system utilities and libraries

-	  http://oss.sgi.com/projects/xfs/
+	  http://xfs.org