Update for 2020.02

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

CHANGES

@@ -1,3 +1,46 @@
+2020.02, released March 8th, 2020
+
+	Various fixes.
+
+	br2-external: Fix compatibility with make 4.3+
+
+	Updated/fixed packages: bash, bcm2835, binutils, cups,
+	erlang-p1-acme, fbgrab, gr-osmosdr, gst1-plugins-base,
+	gst1-validate, gstreamer1, guile, jhead, libdrm, libevdev,
+	libinput, libnss, libsndfile, libvncserver, linux-firmware,
+	mesa3d, nodejs, openjdk-bin, openvmtools, optee-test, patch,
+	php, piglit, pppd, python-django, qemu, qt5base, ruby,
+	ser2net, swupdate, thrift, zziplib
+
+	Removed packages: classpath, jamvm
+
+	Issues resolved (http://bugs.uclibc.org):
+
+	#12606: fbgrab location has changed
+
+2020.02-rc3, released March 2nd, 2020
+
+	Fixes all over the tree.
+
+	Infrastructure: Rework file list handling to fix race
+	conditions when building with per-package target and host
+	directories and top-level parallel builds.
+
+	Updated/fixed packages: aufs, binutils, blktrace, brltty,
+	cairo, dnsmasq, docker-compose, elf2flt, exim, exiv2, git,
+	kodi-inputstream-adaptive, libarchive, libcgroup, libgdiplus,
+	libssh2, libvncserver, libvorbis, linknx, linux-firmware, lxc,
+	lz4, mosquitto, openjpeg, openrc, poco, proftpd, pure-ftpd,
+	python3, python-multidict, python-setuptools-scm-git-archive,
+	qpdf, qt5tools, rdesktop, rocksdb, shellinabox, squid,
+	suricata, swig, systemd, taglib, util-linux, wireshark, zsh
+
+	Issues resolved (http://bugs.uclibc.org):
+
+	#12571: ltp-testsuite : Build failure
+	#12576: 2020.02-RC1: error while loading shared libraries: ...
+	#12581: 2020.02-rc1 glibc failing to build on fedora 31
+
 2020.02-rc2, released February 26th, 2020
 
 	Fixes all over the tree.

Config.in

@@ -63,16 +63,6 @@ config BR2_HOST_GCC_AT_LEAST_9
 config BR2_NEEDS_HOST_JAVA
 	bool
 
-# Hidden boolean selected by packages in need of javac in order to build
-# (example: classpath)
-config BR2_NEEDS_HOST_JAVAC
-	bool
-
-# Hidden boolean selected by packages in need of jar in order to build
-# (example: classpath)
-config BR2_NEEDS_HOST_JAR
-	bool
-
 # Hidden boolean selected by pre-built packages for x86, when they
 # need to run on x86-64 machines (example: pre-built external
 # toolchains, binary tools like SAM-BA, etc.).

Config.in.legacy

@@ -146,6 +146,20 @@ endif
 
 comment "Legacy options removed in 2020.02"
 
+config BR2_PACKAGE_JAMVM
+	bool "jamvm removed"
+	select BR2_LEGACY
+	help
+	  JamVM has not had a release since 2014 and is unmaintained.
+
+config BR2_PACKAGE_CLASSPATH
+	bool "classpath removed"
+	select BR2_LEGACY
+	help
+	  GNU Classpath package was removed. The last upstream
+	  release was in 2012 and there hasn't been a commit
+	  since 2016.
+
 config BR2_PACKAGE_QT5_VERSION_5_6
 	bool "qt 5.6 support removed"
 	select BR2_LEGACY

DEVELOPERS

@@ -1756,6 +1756,10 @@ F:	board/arcturus/
 F:	configs/arcturus_ucp1020_defconfig
 F:	configs/arcturus_ucls1012a_defconfig
 
+N:	Michael Fischer <mf@go-sys.de>
+F:	package/gnuplot/
+F:	package/sdl2/
+
 N:	Michael Rommel <rommel@layer-7.net>
 F:	package/knock/
 F:	package/python-crc16/

Makefile

@@ -92,9 +92,9 @@ all:
 .PHONY: all
 
 # Set and export the version string
-export BR2_VERSION := 2020.02-rc2
+export BR2_VERSION := 2020.02
 # Actual time the release is cut (for reproducible builds)
-BR2_VERSION_EPOCH = 1582733000
+BR2_VERSION_EPOCH = 1583701800
 
 # Save running make version since it's clobbered by the make package
 RUNNING_MAKE_VERSION := $(MAKE_VERSION)
@@ -188,6 +188,9 @@ ifneq ($(BR2_EXTERNAL_ERROR),)
 $(error $(BR2_EXTERNAL_ERROR))
 endif
 
+# Workaround bug in make-4.3: https://savannah.gnu.org/bugs/?57676
+$(BASE_DIR)/.br2-external.mk:;
+
 # To make sure that the environment variable overrides the .config option,
 # set this before including .config.
 ifneq ($(BR2_DL_DIR),)
@@ -736,7 +739,6 @@ staging-finalize: $(STAGING_DIR_SYMLINK)
 target-finalize: $(PACKAGES) $(TARGET_DIR) host-finalize
 	@$(call MESSAGE,"Finalizing target directory")
 	$(call per-package-rsync,$(sort $(PACKAGES)),target,$(TARGET_DIR))
-	# Check files that are touched by more than one package
 	$(foreach hook,$(TARGET_FINALIZE_HOOKS),$($(hook))$(sep))
 	rm -rf $(TARGET_DIR)/usr/include $(TARGET_DIR)/usr/share/aclocal \
 		$(TARGET_DIR)/usr/lib/pkgconfig $(TARGET_DIR)/usr/share/pkgconfig \
@@ -804,15 +806,12 @@ endif # merged /usr
 
 	touch $(TARGET_DIR)/usr
 
-# AFTER ALL FILE-CHANGING ACTIONS:
-# Update timestamps in internal file list to fix attribution of files
-# to packages on subsequent builds
-	@$(call step_pkg_size_file_list,$(TARGET_DIR))
-	@$(call step_pkg_size_finalize)
-	@$(call step_pkg_size_file_list,$(STAGING_DIR),-staging)
-	@$(call step_pkg_size_finalize,-staging)
-	@$(call step_pkg_size_file_list,$(HOST_DIR),-host)
-	@$(call step_pkg_size_finalize,-host)
+	cat $(sort $(wildcard $(BUILD_DIR)/*/.files-list.txt)) > \
+		$(BUILD_DIR)/packages-file-list.txt
+	cat $(sort $(wildcard $(BUILD_DIR)/*/.files-list-host.txt)) > \
+		$(BUILD_DIR)/packages-file-list-host.txt
+	cat $(sort $(wildcard $(BUILD_DIR)/*/.files-list-staging.txt)) > \
+		$(BUILD_DIR)/packages-file-list-staging.txt
 
 .PHONY: target-post-image
 target-post-image: $(TARGETS_ROOTFS) target-finalize staging-finalize

board/freescale/common/imx/imx8-bootloader-prepare.sh

@@ -28,9 +28,9 @@ main ()
 		cp ${BINARIES_DIR}/bl31.bin ${BINARIES_DIR}/u-boot-atf.bin
 		dd if=${BINARIES_DIR}/u-boot-hash.bin of=${BINARIES_DIR}/u-boot-atf.bin bs=1K seek=128
 		if grep -Eq "^BR2_PACKAGE_FREESCALE_IMX_PLATFORM_IMX8=y$" ${BR2_CONFIG}; then
-			${HOST_DIR}/bin/mkimage_imx8 -soc QM -rev B0 -append ${BINARIES_DIR}/mx8qm-ahab-container.img -c -scfw ${BINARIES_DIR}/mx8qm-mek-scfw-tcm.bin -ap ${BINARIES_DIR}/u-boot-atf.bin a53 0x80000000 -out ${BINARIES_DIR}/imx8-boot-sd.bin
+			${HOST_DIR}/bin/mkimage_imx8 -soc QM -rev B0 -append ${BINARIES_DIR}/ahab-container.img -c -scfw ${BINARIES_DIR}/mx8qm-mek-scfw-tcm.bin -ap ${BINARIES_DIR}/u-boot-atf.bin a53 0x80000000 -out ${BINARIES_DIR}/imx8-boot-sd.bin
 		else
-			${HOST_DIR}/bin/mkimage_imx8 -soc QX -rev B0 -append ${BINARIES_DIR}/mx8qx-ahab-container.img -c -scfw ${BINARIES_DIR}/mx8qx-mek-scfw-tcm.bin -ap ${BINARIES_DIR}/u-boot-atf.bin a35 0x80000000 -out ${BINARIES_DIR}/imx8-boot-sd.bin
+			${HOST_DIR}/bin/mkimage_imx8 -soc QX -rev B0 -append ${BINARIES_DIR}/ahab-container.img -c -scfw ${BINARIES_DIR}/mx8qx-mek-scfw-tcm.bin -ap ${BINARIES_DIR}/u-boot-atf.bin a35 0x80000000 -out ${BINARIES_DIR}/imx8-boot-sd.bin
 		fi
 	fi
 

configs/at91sam9x5ek_dev_defconfig

@@ -56,7 +56,7 @@ BR2_PACKAGE_LIBDRM=y
 BR2_PACKAGE_LIBDRM_INSTALL_TESTS=y
 BR2_PACKAGE_DTC=y
 BR2_PACKAGE_DTC_PROGRAMS=y
-BR2_PACKAGE_BLUEZ_UTILS=y
+BR2_PACKAGE_BLUEZ5_UTILS=y
 BR2_PACKAGE_BRIDGE_UTILS=y
 BR2_PACKAGE_CAN_UTILS=y
 BR2_PACKAGE_ETHTOOL=y

configs/at91sam9x5ek_mmc_dev_defconfig

@@ -59,7 +59,7 @@ BR2_PACKAGE_LIBDRM=y
 BR2_PACKAGE_LIBDRM_INSTALL_TESTS=y
 BR2_PACKAGE_DTC=y
 BR2_PACKAGE_DTC_PROGRAMS=y
-BR2_PACKAGE_BLUEZ_UTILS=y
+BR2_PACKAGE_BLUEZ5_UTILS=y
 BR2_PACKAGE_BRIDGE_UTILS=y
 BR2_PACKAGE_CAN_UTILS=y
 BR2_PACKAGE_ETHTOOL=y

configs/atmel_sama5d27_som1_ek_mmc_dev_defconfig

@@ -49,7 +49,7 @@ BR2_PACKAGE_LIBDRM=y
 BR2_PACKAGE_LIBDRM_INSTALL_TESTS=y
 BR2_PACKAGE_DTC=y
 BR2_PACKAGE_DTC_PROGRAMS=y
-BR2_PACKAGE_BLUEZ_UTILS=y
+BR2_PACKAGE_BLUEZ5_UTILS=y
 BR2_PACKAGE_BRIDGE_UTILS=y
 BR2_PACKAGE_CAN_UTILS=y
 BR2_PACKAGE_ETHTOOL=y

configs/atmel_sama5d2_xplained_mmc_dev_defconfig

@@ -62,7 +62,7 @@ BR2_PACKAGE_LIBDRM=y
 BR2_PACKAGE_LIBDRM_INSTALL_TESTS=y
 BR2_PACKAGE_DTC=y
 BR2_PACKAGE_DTC_PROGRAMS=y
-BR2_PACKAGE_BLUEZ_UTILS=y
+BR2_PACKAGE_BLUEZ5_UTILS=y
 BR2_PACKAGE_BRIDGE_UTILS=y
 BR2_PACKAGE_CAN_UTILS=y
 BR2_PACKAGE_ETHTOOL=y

configs/atmel_sama5d3_xplained_dev_defconfig

@@ -58,7 +58,7 @@ BR2_PACKAGE_LIBDRM=y
 BR2_PACKAGE_LIBDRM_INSTALL_TESTS=y
 BR2_PACKAGE_DTC=y
 BR2_PACKAGE_DTC_PROGRAMS=y
-BR2_PACKAGE_BLUEZ_UTILS=y
+BR2_PACKAGE_BLUEZ5_UTILS=y
 BR2_PACKAGE_BRIDGE_UTILS=y
 BR2_PACKAGE_CAN_UTILS=y
 BR2_PACKAGE_ETHTOOL=y

configs/atmel_sama5d3_xplained_mmc_dev_defconfig

@@ -61,7 +61,7 @@ BR2_PACKAGE_LIBDRM=y
 BR2_PACKAGE_LIBDRM_INSTALL_TESTS=y
 BR2_PACKAGE_DTC=y
 BR2_PACKAGE_DTC_PROGRAMS=y
-BR2_PACKAGE_BLUEZ_UTILS=y
+BR2_PACKAGE_BLUEZ5_UTILS=y
 BR2_PACKAGE_BRIDGE_UTILS=y
 BR2_PACKAGE_CAN_UTILS=y
 BR2_PACKAGE_ETHTOOL=y

configs/atmel_sama5d4_xplained_dev_defconfig

@@ -59,7 +59,7 @@ BR2_PACKAGE_LIBDRM=y
 BR2_PACKAGE_LIBDRM_INSTALL_TESTS=y
 BR2_PACKAGE_DTC=y
 BR2_PACKAGE_DTC_PROGRAMS=y
-BR2_PACKAGE_BLUEZ_UTILS=y
+BR2_PACKAGE_BLUEZ5_UTILS=y
 BR2_PACKAGE_BRIDGE_UTILS=y
 BR2_PACKAGE_CAN_UTILS=y
 BR2_PACKAGE_ETHTOOL=y

configs/atmel_sama5d4_xplained_mmc_dev_defconfig

@@ -62,7 +62,7 @@ BR2_PACKAGE_LIBDRM=y
 BR2_PACKAGE_LIBDRM_INSTALL_TESTS=y
 BR2_PACKAGE_DTC=y
 BR2_PACKAGE_DTC_PROGRAMS=y
-BR2_PACKAGE_BLUEZ_UTILS=y
+BR2_PACKAGE_BLUEZ5_UTILS=y
 BR2_PACKAGE_BRIDGE_UTILS=y
 BR2_PACKAGE_CAN_UTILS=y
 BR2_PACKAGE_ETHTOOL=y

configs/beaglebone_qt5_defconfig

@@ -15,6 +15,7 @@ BR2_LINUX_KERNEL_DEFCONFIG="omap2plus"
 BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="board/beaglebone/linux-sgx.fragment"
 BR2_LINUX_KERNEL_DTS_SUPPORT=y
 BR2_LINUX_KERNEL_INTREE_DTS_NAME="am335x-evm am335x-bone am335x-boneblack am335x-bonegreen am335x-evmsk am335x-boneblue"
+BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y
 BR2_PACKAGE_FBV=y
 BR2_PACKAGE_QT5=y
 BR2_PACKAGE_QT5BASE_EXAMPLES=y

configs/nitrogen6sx_defconfig

@@ -18,7 +18,7 @@ BR2_TARGET_ROOTFS_EXT2=y
 BR2_TARGET_ROOTFS_EXT2_4=y
 
 # Linux headers same as kernel, a 4.14 series
-BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4.14=y
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_14=y
 
 # bootloader
 BR2_TARGET_UBOOT=y

configs/nitrogen6x_defconfig

@@ -18,7 +18,7 @@ BR2_TARGET_ROOTFS_EXT2=y
 BR2_TARGET_ROOTFS_EXT2_4=y
 
 # Linux headers same as kernel, a 4.14 series
-BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4.14=y
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_14=y
 
 # bootloader
 BR2_TARGET_UBOOT=y

configs/nitrogen7_defconfig

@@ -17,7 +17,7 @@ BR2_TARGET_ROOTFS_EXT2=y
 BR2_TARGET_ROOTFS_EXT2_4=y
 
 # Linux headers same as kernel, a 4.14 series
-BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4.14=y
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_14=y
 
 # bootloader
 BR2_TARGET_UBOOT=y

configs/nitrogen8m_defconfig

@@ -18,7 +18,7 @@ BR2_TARGET_ROOTFS_EXT2=y
 BR2_TARGET_ROOTFS_EXT2_4=y
 
 # Linux headers same as kernel, a 4.14 series
-BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4.14=y
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_14=y
 
 # DDR training binaries
 BR2_PACKAGE_FREESCALE_IMX=y

configs/qemu_arm_vexpress_tz_defconfig

@@ -38,6 +38,13 @@ BR2_PACKAGE_OPTEE_BENCHMARK=y
 BR2_PACKAGE_OPTEE_EXAMPLES=y
 BR2_PACKAGE_OPTEE_TEST=y
 
+# OP-TEE components needs host-python3 interpreter and its modules
+BR2_PACKAGE_HOST_PYTHON3=y
+# Select python3 on the target to make sure Buildroot builds host-python using
+# python3 and builds all host-python modules for python3.
+BR2_TOOLCHAIN_BUILDROOT_WCHAR=y
+BR2_PACKAGE_PYTHON3=y
+
 # U-boot for booting the dear Linux kernel
 BR2_TARGET_UBOOT=y
 BR2_TARGET_UBOOT_BUILD_SYSTEM_KCONFIG=y

docs/website/download.html

@@ -8,40 +8,40 @@
     <div class="panel-heading">Download</div>
     <div class="panel-body">
 
-      <h3 style="text-align: center;">Latest long term support release: <b>2019.02.9</b></h3>
+      <h3 style="text-align: center;">Latest stable / long term support release: <b>2020.02</b></h3>
 
       <div class="row mt centered">
 	<div class="col-sm-6">
 	  <div class="flip-container center-block" ontouchstart="this.classList.toggle('hover');">
 	    <div class="flipper">
 	      <div class="front">
-		<a href="/downloads/buildroot-2019.02.9.tar.gz"><img src="images/zip.png" width="180" alt=""></a>
+		<a href="/downloads/buildroot-2020.02.tar.gz"><img src="images/zip.png" width="180" alt=""></a>
 	      </div>
 	      <div class="back">
-		<a href="/downloads/buildroot-2019.02.9.tar.gz"><img src="images/zip.png" width="180" alt=""></a>
+		<a href="/downloads/buildroot-2020.02.tar.gz"><img src="images/zip.png" width="180" alt=""></a>
 	      </div>
 	    </div>
 	  </div>
-	  <h3><a href="/downloads/buildroot-2019.02.9.tar.gz">buildroot-2019.02.9.tar.gz</a></h3>
-	  <p><a href="/downloads/buildroot-2019.02.9.tar.gz.sign">PGP signature</a></p>
+	  <h3><a href="/downloads/buildroot-2020.02.tar.gz">buildroot-2020.02.tar.gz</a></h3>
+	  <p><a href="/downloads/buildroot-2020.02.tar.gz.sign">PGP signature</a></p>
 	</div>
 	<div class="col-sm-6">
 	  <div class="flip-container center-block" ontouchstart="this.classList.toggle('hover');">
 	    <div class="flipper">
 	      <div class="front">
-		<a href="/downloads/buildroot-2019.02.9.tar.bz2"><img src="images/package.png" width="180" alt=""></a>
+		<a href="/downloads/buildroot-2020.02.tar.bz2"><img src="images/package.png" width="180" alt=""></a>
 	      </div>
 	      <div class="back">
-		<a href="/downloads/buildroot-2019.02.9.tar.bz2"><img src="images/package.png" width="180" alt=""></a>
+		<a href="/downloads/buildroot-2020.02.tar.bz2"><img src="images/package.png" width="180" alt=""></a>
 	      </div>
 	    </div>
 	  </div>
 
-	  <h3><a href="/downloads/buildroot-2019.02.9.tar.bz2">buildroot-2019.02.9.tar.bz2</a></h3>
-	  <p><a href="/downloads/buildroot-2019.02.9.tar.bz2.sign">PGP signature</a></p>
+	  <h3><a href="/downloads/buildroot-2020.02.tar.bz2">buildroot-2020.02.tar.bz2</a></h3>
+	  <p><a href="/downloads/buildroot-2020.02.tar.bz2.sign">PGP signature</a></p>
 	</div>
       </div>
-
+<!--
       <h3 style="text-align: center;">Latest stable release: <b>2019.11.1</b></h3>
 
       <div class="row mt centered">
@@ -76,40 +76,40 @@
 	</div>
       </div>
 
-      <h3 style="text-align: center;">Latest release candidate: <b>2020.02-rc2</b></h3>
+      <h3 style="text-align: center;">Latest release candidate: <b>2020.02-rc3</b></h3>
       <div class="row mt centered">
 	<div class="col-sm-6">
 	  <div class="flip-container center-block" ontouchstart="this.classList.toggle('hover');">
 	    <div class="flipper">
 	      <div class="front">
-		<a href="/downloads/buildroot-2020.02-rc2.tar.gz"><img src="images/zip.png" width="180" alt=""></a>
+		<a href="/downloads/buildroot-2020.02-rc3.tar.gz"><img src="images/zip.png" width="180" alt=""></a>
 	      </div>
 	      <div class="back">
-		<a href="/downloads/buildroot-2020.02-rc2.tar.gz"><img src="images/zip.png" width="180" alt=""></a>
+		<a href="/downloads/buildroot-2020.02-rc3.tar.gz"><img src="images/zip.png" width="180" alt=""></a>
 	      </div>
 	    </div>
 	  </div>
 
-	  <h3><a href="/downloads/buildroot-2020.02-rc2.tar.gz">buildroot-2020.02-rc2.tar.gz</a></h3>
-	  <p><a href="/downloads/buildroot-2020.02-rc2.tar.gz.sign">PGP signature</a></p>
+	  <h3><a href="/downloads/buildroot-2020.02-rc3.tar.gz">buildroot-2020.02-rc3.tar.gz</a></h3>
+	  <p><a href="/downloads/buildroot-2020.02-rc3.tar.gz.sign">PGP signature</a></p>
 	</div>
 	<div class="col-sm-6">
 	  <div class="flip-container center-block" ontouchstart="this.classList.toggle('hover');">
 	    <div class="flipper">
 	      <div class="front">
-		<a href="/downloads/buildroot-2020.02-rc2.tar.bz2"><img src="images/package.png" width="180" alt=""></a>
+		<a href="/downloads/buildroot-2020.02-rc3.tar.bz2"><img src="images/package.png" width="180" alt=""></a>
 	      </div>
 	      <div class="back">
-		<a href="/downloads/buildroot-2020.02-rc2.tar.bz2"><img src="images/package.png" width="180" alt=""></a>
+		<a href="/downloads/buildroot-2020.02-rc3.tar.bz2"><img src="images/package.png" width="180" alt=""></a>
 	      </div>
 	    </div>
 	  </div>
 
-	  <h3><a href="/downloads/buildroot-2020.02-rc2.tar.bz2">buildroot-2020.02-rc2.tar.bz2</a></h3>
-	  <p><a href="/downloads/buildroot-2020.02-rc2.tar.bz2.sign">PGP signature</a></p>
+	  <h3><a href="/downloads/buildroot-2020.02-rc3.tar.bz2">buildroot-2020.02-rc3.tar.bz2</a></h3>
+	  <p><a href="/downloads/buildroot-2020.02-rc3.tar.bz2.sign">PGP signature</a></p>
 	</div>
       </div>
-
+-->
       This and earlier releases (and their PGP signatures) can always be downloaded from
       <a href="/downloads/">http://buildroot.net/downloads/</a>.
     </div>

docs/website/news.html

@@ -9,6 +9,48 @@
 <h2>News</h2>
 <ul class="timeline">
 
+  <li>
+    <div class="timeline-badge"><i class="glyphicon glyphicon-thumbs-up"></i></div>
+    <div class="timeline-panel">
+      <div class="timeline-heading">
+	<h4 class="timeline-title">2020.02 released</h4>
+	<p><small class="text-muted"><i class="glyphicon glyphicon-time"></i>8 March 2020</small></p>
+      </div>
+      <div class="timeline-body">
+	<p>The stable 2020.02 release is out - Thanks to everyone
+	  contributing and testing the release candidates. See the
+	  <a href="http://git.buildroot.net/buildroot/plain/CHANGES?id=2020.02">CHANGES</a>
+	  file for more details
+	  and go to the <a href="/downloads/">downloads page</a> to pick up the
+	  <a href="/downloads/buildroot-2020.02.tar.bz2">2020.02 release</a>.</p>
+
+	  <p>Notice that this is a long term support release which will be
+	  supported with security and other important fixes until March 2021.</p>
+      </div>
+    </div>
+  </li>
+
+  <li class="timeline-inverted">
+    <div class="timeline-badge"><i class="glyphicon glyphicon-thumbs-up"></i></div>
+    <div class="timeline-panel">
+      <div class="timeline-heading">
+	<h4 class="timeline-title">2020.02-rc3 released</h4>
+	<p><small class="text-muted"><i class="glyphicon glyphicon-time"></i>2 March 2020</small></p>
+      </div>
+      <div class="timeline-body">
+        <p>Another week, another release candidate with more cleanups and build fixes. See the
+	  <a href="http://git.buildroot.net/buildroot/plain/CHANGES?id=2020.02-rc3">CHANGES</a>
+	  file for details.</p>
+
+	<p>Head to the <a href="/downloads/">downloads page</a> to pick up the
+	  <a href="/downloads/buildroot-2020.02-rc3.tar.bz2">2020.02-rc3
+	  release candidate</a>, and report any problems found to the
+	  <a href="support.html">mailing list</a> or
+	  <a href="https://bugs.buildroot.org">bug tracker</a>.</p>
+      </div>
+    </div>
+  </li>
+
   <li>
     <div class="timeline-badge"><i class="glyphicon glyphicon-thumbs-up"></i></div>
     <div class="timeline-panel">

linux/Config.ext.in

@@ -102,7 +102,8 @@ choice
 	help
 	  Select the major series of this version. This must match the
 	  major version of your kernel (e.g. for kernels 3.x, select
-	  aufs3.x; for kernels 4.x, select aufs4.x).
+	  aufs3.x; for kernels 4.x, select aufs4.x; for kernels 5.x,
+	  select aufs5.x ).
 
 	  Note: neither aufs1.x nor aufs2.x (both for kernels older than
 	  3.x) are supported.
@@ -113,12 +114,16 @@ config BR2_LINUX_KERNEL_EXT_AUFS_SERIES_3
 config BR2_LINUX_KERNEL_EXT_AUFS_SERIES_4
 	bool "aufs4.x"
 
+config BR2_LINUX_KERNEL_EXT_AUFS_SERIES_5
+	bool "aufs5.x"
+
 endchoice
 
 config BR2_LINUX_KERNEL_EXT_AUFS_SERIES
 	int
 	default 3 if BR2_LINUX_KERNEL_EXT_AUFS_SERIES_3
 	default 4 if BR2_LINUX_KERNEL_EXT_AUFS_SERIES_4
+	default 5 if BR2_LINUX_KERNEL_EXT_AUFS_SERIES_5
 
 config BR2_LINUX_KERNEL_EXT_AUFS_VERSION
 	string "aufs-standalone version"
@@ -135,6 +140,8 @@ config BR2_LINUX_KERNEL_EXT_AUFS_VERSION
 	  https://sourceforge.net/p/aufs/aufs3-standalone/ref/master/branches/
 	  For aufs4.x:
 	  https://github.com/sfjro/aufs4-standalone/branches/all
+	  For aufs5.x:
+	  https://github.com/sfjro/aufs5-standalone/branches/all
 
 endif # aufs
 

linux/Config.in

@@ -128,7 +128,7 @@ endif
 
 config BR2_LINUX_KERNEL_VERSION
 	string
-	default "5.4.22" if BR2_LINUX_KERNEL_LATEST_VERSION
+	default "5.4.23" if BR2_LINUX_KERNEL_LATEST_VERSION
 	default "4.19.98-cip19" if BR2_LINUX_KERNEL_LATEST_CIP_VERSION
 	default "4.19.98-cip19-rt7" if BR2_LINUX_KERNEL_LATEST_CIP_RT_VERSION
 	default BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE \

linux/linux.hash

@@ -1,10 +1,10 @@
 # From https://www.kernel.org/pub/linux/kernel/v5.x/sha256sums.asc
-sha256  661bcb8d7e390dcc28e53795485e648f2bdc9b697b731459cc2bcc9ceb4a7d1a  linux-5.4.22.tar.xz
+sha256  3f28aacdf5deddfdf80bb949884699b96053a3548dc3434552d30dc0bc781eca  linux-5.4.23.tar.xz
 # From https://www.kernel.org/pub/linux/kernel/v4.x/sha256sums.asc
-sha256  b6aa65ee2c0767864175e3a9cf7b0b3751263b04a7c8a6e760e9b982282fa76c  linux-4.4.214.tar.xz
-sha256  b47f093dac7034c7c4722e80042c05e4ef53c14a4f28aa992117a127d2b1e483  linux-4.9.214.tar.xz
-sha256  4fe02489e4b4a187eccf0ef87df6100534c9d485e76d876b1fa247c7635332a0  linux-4.14.171.tar.xz
-sha256  63c8bd76a9b282e18112f8ff9e3fd41e3d1df9f9b7248ea1a370b05a827e9cda  linux-4.19.106.tar.xz
+sha256  28bcd3d4201da9feefdf3bcd65c516dd674acbbf45681ce3c7d784c53b33fe03  linux-4.4.215.tar.xz
+sha256  236f2f47853700f22b9925cb17917d97ff7120fcc8110ec827c5a030a8129f48  linux-4.9.215.tar.xz
+sha256  2318a1ab937580a079351ed20557c336a3d95b664f667b14e3ba49e3271b217a  linux-4.14.172.tar.xz
+sha256  654bac198d38e03e7bff9e2642b01f498dc0fa5d06198edd14bc30fe7fbf0240  linux-4.19.107.tar.xz
 # Locally computed
 sha256  18f9ddba0b777d1942d6c81877ba97c4bcd08488e2c409e57dcce866b9de5fc2  linux-cip-4.19.98-cip19.tar.gz
 sha256  7d5aeb67da41dc66ef28621ef994ef4403e8b1f5c3df38b1843da20972444280  linux-cip-4.19.98-cip19-rt7.tar.gz

package/Config.in

@@ -605,7 +605,6 @@ endif
 	source "package/gauche/Config.in"
 	source "package/guile/Config.in"
 	source "package/haserl/Config.in"
-	source "package/jamvm/Config.in"
 	source "package/jimtcl/Config.in"
 	source "package/lua/Config.in"
 	source "package/luainterpreter/Config.in"
@@ -1753,7 +1752,6 @@ menu "Other"
 	source "package/cereal/Config.in"
 	source "package/clang/Config.in"
 	source "package/clapack/Config.in"
-	source "package/classpath/Config.in"
 	source "package/cmocka/Config.in"
 	source "package/cppcms/Config.in"
 	source "package/cracklib/Config.in"

package/aufs/aufs.mk

@@ -13,6 +13,8 @@ AUFS_SITE = http://git.code.sf.net/p/aufs/aufs3-standalone
 AUFS_SITE_METHOD = git
 else ifeq ($(BR2_PACKAGE_AUFS_SERIES),4)
 AUFS_SITE = $(call github,sfjro,aufs4-standalone,$(AUFS_VERSION))
+else ifeq ($(BR2_PACKAGE_AUFS_SERIES),5)
+AUFS_SITE = $(call github,sfjro,aufs5-standalone,$(AUFS_VERSION))
 endif
 
 ifeq ($(BR_BUILDING):$(BR2_PACKAGE_AUFS):$(AUFS_VERSION),y:y:)

package/bash/0018-locale.c-fix-build-without-wchar.patch

@@ -0,0 +1,84 @@
+From 73ca494c60d46103f806325e6ccbe9e400238008 Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Sun, 23 Feb 2020 11:41:09 +0100
+Subject: [PATCH] locale.c: fix build without wchar
+
+bash unconditionally builds locale.c which depends on mblen since
+version 5.0 and
+https://github.com/bminor/bash/commit/d233b485e83c3a784b803fb894280773f16f2deb
+
+This results in the following build failure if wchar is not available:
+
+/home/buildroot/autobuild/run/instance-0/output-1/host/bin/microblazeel-buildroot-linux-uclibc-gcc -L./builtins -L/home/buildroot/autobuild/run/instance-0/output-1/host/microblazeel-buildroot-linux-uclibc/sysroot/lib -L/home/buildroot/autobuild/run/instance-0/output-1/host/microblazeel-buildroot-linux-uclibc/sysroot/lib -L./lib/glob -L./lib/tilde  -L./lib/sh  -rdynamic -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64  -O2   -Wno-parentheses -Wno-format-security   -o bash shell.o eval.o y.tab.o general.o make_cmd.o print_cmd.o  dispose_cmd.o execute_cmd.o variables.o copy_cmd.o error.o expr.o flags.o jobs.o subst.o hashcmd.o hashlib.o mailcheck.o trap.o input.o unwind_prot.o pathexp.o sig.o test.o version.o alias.o array.o arrayfunc.o assoc.o braces.o bracecomp.o bashhist.o bashline.o  list.o stringlib.o locale.o findcmd.o redir.o pcomplete.o pcomplib.o syntax.o xmalloc.o signames.o -lbuiltins -lglob -lsh -lreadline -lhistory -lcurses -ltilde     -ldl
+/home/buildroot/autobuild/run/instance-0/output-1/host/lib/gcc/microblazeel-buildroot-linux-uclibc/8.3.0/../../../../microblazeel-buildroot-linux-uclibc/bin/ld: locale.o: in function `set_default_locale':
+(.text+0x260): undefined reference to `mblen'
+
+To fix this issue, don't use mblen if HANDLE_MULTIBYTE is not defined,
+an other possibility would be to use MBLEN wrapper defined in shmbutil.h
+
+Fixes:
+ - http://autobuild.buildroot.org/results/298fb9c785e137bff432dd304eb56986e54ce3ed
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Upstream status: https://savannah.gnu.org/support/index.php?110200]
+---
+ locale.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/locale.c b/locale.c
+index d62547f6..a64c5b4b 100644
+--- a/locale.c
++++ b/locale.c
+@@ -86,7 +86,9 @@ set_default_locale ()
+ 
+   locale_mb_cur_max = MB_CUR_MAX;
+   locale_utf8locale = locale_isutf8 (default_locale);
++#if defined (HANDLE_MULTIBYTE)
+   locale_shiftstates = mblen ((char *)NULL, 0);
++#endif
+ }
+ 
+ /* Set default values for LC_CTYPE, LC_COLLATE, LC_MESSAGES, LC_NUMERIC and
+@@ -107,7 +109,9 @@ set_default_locale_vars ()
+       locale_setblanks ();
+       locale_mb_cur_max = MB_CUR_MAX;
+       locale_utf8locale = locale_isutf8 (lc_all);
++#    if defined (HANDLE_MULTIBYTE)
+       locale_shiftstates = mblen ((char *)NULL, 0);
++#    endif
+       u32reset ();
+     }
+ #  endif
+@@ -211,7 +215,9 @@ set_locale_var (var, value)
+       /* if LC_ALL == "", reset_locale_vars has already called this */
+       if (*lc_all && x)
+ 	locale_utf8locale = locale_isutf8 (lc_all);
++#  if defined (HANDLE_MULTIBYTE)
+       locale_shiftstates = mblen ((char *)NULL, 0);
++#  endif
+       u32reset ();
+       return r;
+ #else
+@@ -231,7 +237,9 @@ set_locale_var (var, value)
+ 	  /* if setlocale() returns NULL, the locale is not changed */
+ 	  if (x)
+ 	    locale_utf8locale = locale_isutf8 (x);
++#    if defined (HANDLE_MULTIBYTE)
+ 	  locale_shiftstates = mblen ((char *)NULL, 0);
++#    endif
+ 	  u32reset ();
+ 	}
+ #  endif
+@@ -368,7 +376,9 @@ reset_locale_vars ()
+   locale_mb_cur_max = MB_CUR_MAX;
+   if (x)
+     locale_utf8locale = locale_isutf8 (x);
++#  if defined (HANDLE_MULTIBYTE)
+   locale_shiftstates = mblen ((char *)NULL, 0);
++#  endif
+   u32reset ();
+ #endif
+   return 1;
+-- 
+2.25.0
+

package/bcm2835/bcm2835.hash

@@ -1,3 +1,3 @@
 # Locally computed:
-sha256 333e7ceee895e910c29098074773ee86bcab4a82c2af0cf083c4533767e52d27 bcm2835-1.60.tar.gz
-sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
+sha256  7beacda787d6073d0982bfe576c318bb2730700f7d0f7950c6e763dfcb06e0e5  bcm2835-1.62.tar.gz
+sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING

package/bcm2835/bcm2835.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-BCM2835_VERSION = 1.60
+BCM2835_VERSION = 1.62
 BCM2835_SITE = http://www.airspayce.com/mikem/bcm2835
 BCM2835_LICENSE = GPL-2.0
 BCM2835_LICENSE_FILES = COPYING

package/binutils/2.31.1/0018-bfd-xtensa-fix-PR-ld-25630.patch

@@ -0,0 +1,37 @@
+From 85dcca5997cf3822d6456a5c9c59c46b56adfbb8 Mon Sep 17 00:00:00 2001
+From: Max Filippov <jcmvbkbc@gmail.com>
+Date: Wed, 4 Mar 2020 14:54:27 -0800
+Subject: [PATCH] bfd: xtensa: fix PR ld/25630
+
+bfd/
+2020-03-05  Max Filippov  <jcmvbkbc@gmail.com>
+
+	* elf32-xtensa.c (shrink_dynamic_reloc_sections): Shrink dynamic
+	relocation sections for any removed reference to a dynamic symbol.
+
+Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
+---
+ bfd/elf32-xtensa.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/bfd/elf32-xtensa.c b/bfd/elf32-xtensa.c
+index 12ff9f772aaf..65e14d87940c 100644
+--- a/bfd/elf32-xtensa.c
++++ b/bfd/elf32-xtensa.c
+@@ -10148,10 +10148,9 @@ shrink_dynamic_reloc_sections (struct bfd_link_info *info,
+ 
+   if ((r_type == R_XTENSA_32 || r_type == R_XTENSA_PLT)
+       && (input_section->flags & SEC_ALLOC) != 0
+-      && (dynamic_symbol || bfd_link_pic (info))
+-      && (!h || h->root.type != bfd_link_hash_undefweak
+-	  || (dynamic_symbol
+-	      && (bfd_link_dll (info) || info->export_dynamic))))
++      && (dynamic_symbol
++	  || (bfd_link_pic (info)
++	      && (!h || h->root.type != bfd_link_hash_undefweak))))
+     {
+       asection *srel;
+       bfd_boolean is_plt = FALSE;
+-- 
+2.20.1
+

package/binutils/2.32/0007-bfd-xtensa-fix-PR-ld-25630.patch

@@ -0,0 +1,37 @@
+From 85dcca5997cf3822d6456a5c9c59c46b56adfbb8 Mon Sep 17 00:00:00 2001
+From: Max Filippov <jcmvbkbc@gmail.com>
+Date: Wed, 4 Mar 2020 14:54:27 -0800
+Subject: [PATCH] bfd: xtensa: fix PR ld/25630
+
+bfd/
+2020-03-05  Max Filippov  <jcmvbkbc@gmail.com>
+
+	* elf32-xtensa.c (shrink_dynamic_reloc_sections): Shrink dynamic
+	relocation sections for any removed reference to a dynamic symbol.
+
+Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
+---
+ bfd/elf32-xtensa.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/bfd/elf32-xtensa.c b/bfd/elf32-xtensa.c
+index 12ff9f772aaf..65e14d87940c 100644
+--- a/bfd/elf32-xtensa.c
++++ b/bfd/elf32-xtensa.c
+@@ -10148,10 +10148,9 @@ shrink_dynamic_reloc_sections (struct bfd_link_info *info,
+ 
+   if ((r_type == R_XTENSA_32 || r_type == R_XTENSA_PLT)
+       && (input_section->flags & SEC_ALLOC) != 0
+-      && (dynamic_symbol || bfd_link_pic (info))
+-      && (!h || h->root.type != bfd_link_hash_undefweak
+-	  || (dynamic_symbol
+-	      && (bfd_link_dll (info) || info->export_dynamic))))
++      && (dynamic_symbol
++	  || (bfd_link_pic (info)
++	      && (!h || h->root.type != bfd_link_hash_undefweak))))
+     {
+       asection *srel;
+       bfd_boolean is_plt = FALSE;
+-- 
+2.20.1
+

package/binutils/2.33.1/0004-bfd-xtensa-fix-PR-ld-25630.patch

@@ -0,0 +1,37 @@
+From 85dcca5997cf3822d6456a5c9c59c46b56adfbb8 Mon Sep 17 00:00:00 2001
+From: Max Filippov <jcmvbkbc@gmail.com>
+Date: Wed, 4 Mar 2020 14:54:27 -0800
+Subject: [PATCH] bfd: xtensa: fix PR ld/25630
+
+bfd/
+2020-03-05  Max Filippov  <jcmvbkbc@gmail.com>
+
+	* elf32-xtensa.c (shrink_dynamic_reloc_sections): Shrink dynamic
+	relocation sections for any removed reference to a dynamic symbol.
+
+Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
+---
+ bfd/elf32-xtensa.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/bfd/elf32-xtensa.c b/bfd/elf32-xtensa.c
+index 12ff9f772aaf..65e14d87940c 100644
+--- a/bfd/elf32-xtensa.c
++++ b/bfd/elf32-xtensa.c
+@@ -10148,10 +10148,9 @@ shrink_dynamic_reloc_sections (struct bfd_link_info *info,
+ 
+   if ((r_type == R_XTENSA_32 || r_type == R_XTENSA_PLT)
+       && (input_section->flags & SEC_ALLOC) != 0
+-      && (dynamic_symbol || bfd_link_pic (info))
+-      && (!h || h->root.type != bfd_link_hash_undefweak
+-	  || (dynamic_symbol
+-	      && (bfd_link_dll (info) || info->export_dynamic))))
++      && (dynamic_symbol
++	  || (bfd_link_pic (info)
++	      && (!h || h->root.type != bfd_link_hash_undefweak))))
+     {
+       asection *srel;
+       bfd_boolean is_plt = FALSE;
+-- 
+2.20.1
+

package/binutils/Config.in.host

@@ -24,6 +24,9 @@ config BR2_BINUTILS_VERSION_2_32_X
 config BR2_BINUTILS_VERSION_2_33_X
 	bool "binutils 2.33.1"
 	depends on !BR2_csky
+	# https://github.com/uclinux-dev/elf2flt/pull/16
+	# https://github.com/uclinux-dev/elf2flt/issues/12
+	depends on !BR2_BINFMT_FLAT
 
 config BR2_BINUTILS_VERSION_ARC
 	bool "binutils arc (2.31)"

package/blktrace/0001-btt-make-device-devno-use-PATH_MAX-to-avoid-overflow.patch

@@ -0,0 +1,146 @@
+From d61ff409cb4dda31386373d706ea0cfb1aaac5b7 Mon Sep 17 00:00:00 2001
+From: Jens Axboe <axboe@kernel.dk>
+Date: Wed, 2 May 2018 10:24:17 -0600
+Subject: btt: make device/devno use PATH_MAX to avoid overflow
+
+Herbo Zhang reports:
+
+I found a bug in blktrace/btt/devmap.c. The code is just as follows:
+
+https://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/tree/btt/devmap.c?id=8349ad2f2d19422a6241f94ea84d696b21de4757
+
+       struct devmap {
+
+struct list_head head;
+char device[32], devno[32];    // #1
+};
+
+LIST_HEAD(all_devmaps);
+
+static int dev_map_add(char *line)
+{
+struct devmap *dmp;
+
+if (strstr(line, "Device") != NULL)
+return 1;
+
+dmp = malloc(sizeof(struct devmap));
+if (sscanf(line, "%s %s", dmp->device, dmp->devno) != 2) {  //#2
+free(dmp);
+return 1;
+}
+
+list_add_tail(&dmp->head, &all_devmaps);
+return 0;
+}
+
+int dev_map_read(char *fname)
+{
+char line[256];   // #3
+FILE *fp = my_fopen(fname, "r");
+
+if (!fp) {
+perror(fname);
+return 1;
+}
+
+while (fscanf(fp, "%255[a-zA-Z0-9 :.,/_-]\n", line) == 1) {
+if (dev_map_add(line))
+break;
+}
+
+fclose(fp);
+return 0;
+}
+
+ The line length is 256, but the dmp->device, dmp->devno  max length
+is only 32. We can put strings longer than 32 into dmp->device and
+dmp->devno , and then they will be overflowed.
+
+ we can trigger this bug just as follows:
+
+ $ python -c "print 'A'*256" > ./test
+    $ btt -M ./test
+
+    *** Error in btt': free(): invalid next size (fast): 0x000055ad7349b250 ***
+    ======= Backtrace: =========
+    /lib/x86_64-linux-gnu/libc.so.6(+0x777e5)[0x7f7f158ce7e5]
+    /lib/x86_64-linux-gnu/libc.so.6(+0x7fe0a)[0x7f7f158d6e0a]
+    /lib/x86_64-linux-gnu/libc.so.6(cfree+0x4c)[0x7f7f158da98c]
+    btt(+0x32e0)[0x55ad7306f2e0]
+    btt(+0x2c5f)[0x55ad7306ec5f]
+    btt(+0x251f)[0x55ad7306e51f]
+    /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0)[0x7f7f15877830]
+    btt(+0x26b9)[0x55ad7306e6b9]
+    ======= Memory map: ========
+    55ad7306c000-55ad7307f000 r-xp 00000000 08:14 3698139
+      /usr/bin/btt
+    55ad7327e000-55ad7327f000 r--p 00012000 08:14 3698139
+      /usr/bin/btt
+    55ad7327f000-55ad73280000 rw-p 00013000 08:14 3698139
+      /usr/bin/btt
+    55ad73280000-55ad73285000 rw-p 00000000 00:00 0
+    55ad7349a000-55ad734bb000 rw-p 00000000 00:00 0
+      [heap]
+    7f7f10000000-7f7f10021000 rw-p 00000000 00:00 0
+    7f7f10021000-7f7f14000000 ---p 00000000 00:00 0
+    7f7f15640000-7f7f15656000 r-xp 00000000 08:14 14942237
+      /lib/x86_64-linux-gnu/libgcc_s.so.1
+    7f7f15656000-7f7f15855000 ---p 00016000 08:14 14942237
+      /lib/x86_64-linux-gnu/libgcc_s.so.1
+    7f7f15855000-7f7f15856000 r--p 00015000 08:14 14942237
+      /lib/x86_64-linux-gnu/libgcc_s.so.1
+    7f7f15856000-7f7f15857000 rw-p 00016000 08:14 14942237
+      /lib/x86_64-linux-gnu/libgcc_s.so.1
+    7f7f15857000-7f7f15a16000 r-xp 00000000 08:14 14948477
+      /lib/x86_64-linux-gnu/libc-2.23.so
+    7f7f15a16000-7f7f15c16000 ---p 001bf000 08:14 14948477
+      /lib/x86_64-linux-gnu/libc-2.23.so
+    7f7f15c16000-7f7f15c1a000 r--p 001bf000 08:14 14948477
+      /lib/x86_64-linux-gnu/libc-2.23.so
+    7f7f15c1a000-7f7f15c1c000 rw-p 001c3000 08:14 14948477
+      /lib/x86_64-linux-gnu/libc-2.23.so
+    7f7f15c1c000-7f7f15c20000 rw-p 00000000 00:00 0
+    7f7f15c20000-7f7f15c46000 r-xp 00000000 08:14 14948478
+      /lib/x86_64-linux-gnu/ld-2.23.so
+    7f7f15e16000-7f7f15e19000 rw-p 00000000 00:00 0
+    7f7f15e42000-7f7f15e45000 rw-p 00000000 00:00 0
+    7f7f15e45000-7f7f15e46000 r--p 00025000 08:14 14948478
+      /lib/x86_64-linux-gnu/ld-2.23.so
+    7f7f15e46000-7f7f15e47000 rw-p 00026000 08:14 14948478
+      /lib/x86_64-linux-gnu/ld-2.23.so
+    7f7f15e47000-7f7f15e48000 rw-p 00000000 00:00 0
+    7ffdebe5c000-7ffdebe7d000 rw-p 00000000 00:00 0
+      [stack]
+    7ffdebebc000-7ffdebebe000 r--p 00000000 00:00 0
+      [vvar]
+    7ffdebebe000-7ffdebec0000 r-xp 00000000 00:00 0
+      [vdso]
+    ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0
+      [vsyscall]
+    [1]    6272 abort      btt -M test
+
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+[Retrieved from:
+https://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/commit/?id=d61ff409cb4dda31386373d706ea0cfb1aaac5b7]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ btt/devmap.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/btt/devmap.c b/btt/devmap.c
+index 0553a9e..5fc1cb2 100644
+--- a/btt/devmap.c
++++ b/btt/devmap.c
+@@ -23,7 +23,7 @@
+ 
+ struct devmap {
+ 	struct list_head head;
+-	char device[32], devno[32];
++	char device[PATH_MAX], devno[PATH_MAX];
+ };
+ 
+ LIST_HEAD(all_devmaps);
+-- 
+cgit 1.2-0.3.lf.el7
+

package/blktrace/blktrace.mk

@@ -10,6 +10,9 @@ BLKTRACE_DEPENDENCIES = libaio
 BLKTRACE_LICENSE = GPL-2.0+
 BLKTRACE_LICENSE_FILES = COPYING
 
+# 0001-btt-make-device-devno-use-PATH_MAX-to-avoid-overflow.patch
+BLKTRACE_IGNORE_CVES += CVE-2018-10689
+
 define BLKTRACE_BUILD_CMDS
 	$(TARGET_MAKE_ENV) $(MAKE1) -C $(@D) $(TARGET_CONFIGURE_OPTS)
 endef

package/boost/boost.mk

@@ -11,6 +11,10 @@ BOOST_INSTALL_STAGING = YES
 BOOST_LICENSE = BSL-1.0
 BOOST_LICENSE_FILES = LICENSE_1_0.txt
 
+# CVE-2009-3654 is misclassified (by our CVE tracker) as affecting to boost,
+# while in fact it affects Drupal (a module called boost in there).
+BOOST_IGNORE_CVES += CVE-2009-3654
+
 # keep host variant as minimal as possible
 HOST_BOOST_FLAGS = --without-icu --with-toolset=gcc \
 	--without-libraries=$(subst $(space),$(comma),atomic chrono context \

package/brltty/0003-mk4build-also-pass-PKG_CONFIG_FOR_BUILD-to-the-nativ.patch

@@ -0,0 +1,38 @@
+From 568e0d6070021a9b805ba1fe1543e4b43a073413 Mon Sep 17 00:00:00 2001
+From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+Date: Thu, 20 Feb 2020 00:23:35 +0100
+Subject: [PATCH] mk4build: also pass PKG_CONFIG_FOR_BUILD to the native
+ configure
+
+In commit 0414ad2b4e8978a14343d920a5a1f11da892eaf3, mk4build was
+modified to pass a number of *_FOR_BUILD variables down to the
+configure script called for building the native tools.
+
+However, this configure script also uses the pkg-config tool, and the
+pkg-config to use for the native build and the cross build may be
+different, so let's also pass PKG_CONFIG_FOR_BUILD down to the
+sub-configure, as PKG_CONFIG, following the same logic as the other
+variables.
+
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+Upstream: https://github.com/brltty/brltty/pull/248
+[Upstream patch is different, due to other upstream changes.]
+---
+ mk4build | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/mk4build b/mk4build
+index 3c64963b7..ad88ee69c 100755
+--- a/mk4build
++++ b/mk4build
+@@ -73,6 +73,7 @@ then
+    CXXFLAGS=${CXXFLAGS_FOR_BUILD} \
+    LDFLAGS=${LDFLAGS_FOR_BUILD} \
+    LDLIBS=${LDLIBS_FOR_BUILD} \
++   PKG_CONFIG=${PKG_CONFIG_FOR_BUILD} \
+    "${sourceRoot}/configure" \
+       --disable-api \
+       --disable-gpm \
+-- 
+2.24.1
+

package/brltty/brltty.mk

@@ -15,6 +15,9 @@ BRLTTY_LICENSE_FILES = LICENSE-LGPL README
 BRLTTY_DEPENDENCIES = $(TARGET_NLS_DEPENDENCIES) host-autoconf host-pkgconf \
 	$(if $(BR2_PACKAGE_AT_SPI2_CORE),at-spi2-core)
 
+BRLTTY_CONF_ENV = \
+	PKG_CONFIG_FOR_BUILD=$(HOST_DIR)/bin/pkgconf
+
 BRLTTY_CONF_OPTS = \
 	--disable-java-bindings \
 	--disable-lisp-bindings \

package/cairo/0002-ft-Use-FT_Done_MM_Var-instead-of-free-when-available-in-cairo_ft_apply_variation.patch

@@ -0,0 +1,33 @@
+From 90e85c2493fdfa3551f202ff10282463f1e36645 Mon Sep 17 00:00:00 2001
+From: Carlos Garcia Campos <cgarcia@igalia.com>
+Date: Mon, 19 Nov 2018 12:33:07 +0100
+Subject: [PATCH] ft: Use FT_Done_MM_Var instead of free when available in
+ cairo_ft_apply_variations
+
+Fixes a crash when using freetype >= 2.9
+[Retrieved from:
+https://gitlab.freedesktop.org/cairo/cairo/-/commit/90e85c2493fdfa3551f202ff10282463f1e36645]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ src/cairo-ft-font.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c
+index 325dd61b4..981973f78 100644
+--- a/src/cairo-ft-font.c
++++ b/src/cairo-ft-font.c
+@@ -2393,7 +2393,11 @@ skip:
+ done:
+         free (coords);
+         free (current_coords);
++#if HAVE_FT_DONE_MM_VAR
++        FT_Done_MM_Var (face->glyph->library, ft_mm_var);
++#else
+         free (ft_mm_var);
++#endif
+     }
+ }
+ 
+-- 
+2.24.1
+

package/cairo/cairo.mk

@@ -11,6 +11,9 @@ CAIRO_LICENSE_FILES = COPYING COPYING-LGPL-2.1 COPYING-MPL-1.1
 CAIRO_SITE = http://cairographics.org/releases
 CAIRO_INSTALL_STAGING = YES
 
+# 0002-ft-Use-FT_Done_MM_Var-instead-of-free-when-available-in-cairo_ft_apply_variation.patch
+CAIRO_IGNORE_CVES += CVE-2018-19876
+
 # relocation truncated to fit: R_68K_GOT16O
 ifeq ($(BR2_m68k_cf),y)
 CAIRO_CONF_ENV += CFLAGS="$(TARGET_CFLAGS) -mxgot"

package/classpath/Config.in

@@ -1,19 +0,0 @@
-config BR2_PACKAGE_CLASSPATH_ARCH_SUPPORTS
-	bool
-	default y if BR2_arm || BR2_armeb || BR2_i386 || BR2_m68k \
-		|| BR2_mips || BR2_mipsel || BR2_mips64 || BR2_mips64el \
-		|| BR2_powerpc || BR2_powerpc64 || BR2_powerpc64le \
-		|| BR2_sparc || BR2_sparc64 || BR2_sh || BR2_x86_64
-
-config BR2_PACKAGE_CLASSPATH
-	bool "classpath"
-	depends on BR2_PACKAGE_CLASSPATH_ARCH_SUPPORTS
-	select BR2_NEEDS_HOST_JAR
-	select BR2_NEEDS_HOST_JAVAC
-	help
-	  GNU Classpath, Essential Libraries for Java, is a GNU
-	  project to create free core class libraries for use with
-	  virtual machines and compilers for the java programming
-	  language.
-
-	  http://classpath.org

package/classpath/classpath.hash

@@ -1,4 +0,0 @@
-# From https://www.gnu.org/software/classpath/announce/20120307.html
-sha256  f929297f8ae9b613a1a167e231566861893260651d913ad9b6c11933895fecc8  classpath-0.99.tar.gz
-# locally computed
-sha256  357bd31f17c7869a73cd159e46b3dafa2bbf434f022085a820c1f68d941a0b4c  COPYING

package/classpath/classpath.mk

@@ -1,55 +0,0 @@
-################################################################################
-#
-# classpath
-#
-################################################################################
-
-CLASSPATH_VERSION = 0.99
-CLASSPATH_SITE = $(BR2_GNU_MIRROR)/classpath
-CLASSPATH_CONF_OPTS = \
-	--disable-examples \
-	--disable-rpath \
-	--disable-Werror \
-	--disable-gconf-peer \
-	--disable-gjdoc \
-	--disable-gstreamer-peer \
-	--enable-tools
-
-# classpath assumes qt runs on top of X11, but we
-# don't support qt4 on X11
-CLASSPATH_CONF_OPTS += --disable-qt-peer
-CLASSPATH_DEPENDENCIES = host-pkgconf
-CLASSPATH_LICENSE = GPL-2.0+ with exception
-CLASSPATH_LICENSE_FILES = COPYING
-
-# Needs ALSA pcm and sequencer (midi) support
-# pcm is always on for alsa-lib
-ifeq ($(BR2_PACKAGE_ALSA_LIB_SEQ),y)
-CLASSPATH_CONF_OPTS += --enable-alsa
-CLASSPATH_DEPENDENCIES += alsa-lib
-else
-CLASSPATH_CONF_OPTS += --disable-alsa
-endif
-
-ifeq ($(BR2_PACKAGE_GMP),y)
-CLASSPATH_CONF_OPTS += --enable-gmp --with-gmp="$(STAGING_DIR)/usr"
-CLASSPATH_DEPENDENCIES += gmp
-else
-CLASSPATH_CONF_OPTS += --disable-gmp
-endif
-
-ifeq ($(BR2_PACKAGE_LIBGTK2)$(BR2_PACKAGE_XORG7),yy)
-CLASSPATH_CONF_OPTS += --enable-gtk-peer
-CLASSPATH_DEPENDENCIES += libgtk2
-else
-CLASSPATH_CONF_OPTS += --disable-gtk-peer
-endif
-
-ifeq ($(BR2_PACKAGE_LIBXML2)$(BR2_PACKAGE_LIBXSLT)$(BR2_TOOLCHAIN_HAS_THREADS),yyy)
-CLASSPATH_CONF_OPTS += --enable-xmlj
-CLASSPATH_DEPENDENCIES += libxml2 libxslt
-else
-CLASSPATH_CONF_OPTS += --disable-xmlj
-endif
-
-$(eval $(autotools-package))

package/cups-filters/Config.in

@@ -4,7 +4,7 @@ config BR2_PACKAGE_CUPS_FILTERS
 	depends on BR2_USE_MMU
 	depends on BR2_INSTALL_LIBSTDCPP # qpdf
 	depends on !BR2_STATIC_LIBS
-	depends on BR2_USE_WCHAR # libglib2
+	depends on BR2_USE_WCHAR # libglib2, qpdf
 	depends on BR2_TOOLCHAIN_HAS_THREADS # libglib2
 	depends on BR2_PACKAGE_CUPS
 	depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_8 # C++11

package/cups/cups.mk

@@ -18,6 +18,7 @@ endef
 CUPS_PRE_CONFIGURE_HOOKS += CUPS_RUN_AUTOCONF
 
 CUPS_CONF_OPTS = \
+	--with-docdir=/usr/share/cups/doc-root \
 	--disable-gssapi \
 	--disable-pam \
 	--libdir=/usr/lib

package/dnsmasq/0004-Fix-memory-leak-in-helper-c.patch

@@ -0,0 +1,49 @@
+From 69bc94779c2f035a9fffdb5327a54c3aeca73ed5 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Wed, 14 Aug 2019 20:44:50 +0100
+Subject: [PATCH] Fix memory leak in helper.c
+
+Thanks to Xu Mingjie <xumingjie1995@outlook.com> for spotting this.
+[Retrieved from:
+http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=69bc94779c2f035a9fffdb5327a54c3aeca73ed5]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ src/helper.c |   12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/src/helper.c b/src/helper.c
+index 33ba120..c392eec 100644
+--- a/src/helper.c
++++ b/src/helper.c
+@@ -80,7 +80,8 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
+   pid_t pid;
+   int i, pipefd[2];
+   struct sigaction sigact;
+-
++  unsigned char *alloc_buff = NULL;
++  
+   /* create the pipe through which the main program sends us commands,
+      then fork our process. */
+   if (pipe(pipefd) == -1 || !fix_fd(pipefd[1]) || (pid = fork()) == -1)
+@@ -186,11 +187,16 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
+       struct script_data data;
+       char *p, *action_str, *hostname = NULL, *domain = NULL;
+       unsigned char *buf = (unsigned char *)daemon->namebuff;
+-      unsigned char *end, *extradata, *alloc_buff = NULL;
++      unsigned char *end, *extradata;
+       int is6, err = 0;
+       int pipeout[2];
+ 
+-      free(alloc_buff);
++      /* Free rarely-allocated memory from previous iteration. */
++      if (alloc_buff)
++	{
++	  free(alloc_buff);
++	  alloc_buff = NULL;
++	}
+       
+       /* we read zero bytes when pipe closed: this is our signal to exit */ 
+       if (!read_write(pipefd[0], (unsigned char *)&data, sizeof(data), 1))
+-- 
+1.7.10.4
+

package/dnsmasq/dnsmasq.mk

@@ -15,6 +15,9 @@ DNSMASQ_DEPENDENCIES = host-pkgconf $(TARGET_NLS_DEPENDENCIES)
 DNSMASQ_LICENSE = GPL-2.0 or GPL-3.0
 DNSMASQ_LICENSE_FILES = COPYING COPYING-v3
 
+# 0004-Fix-memory-leak-in-helper-c.patch
+DNSMASQ_IGNORE_CVES += CVE-2019-14834
+
 DNSMASQ_I18N = $(if $(BR2_SYSTEM_ENABLE_NLS),-i18n)
 
 ifneq ($(BR2_PACKAGE_DNSMASQ_DHCP),y)

package/docker-compose/0003-support-PyYAML-up-to-5.1-version.patch

@@ -6,6 +6,7 @@ Subject: [PATCH] support PyYAML up to 5.1 version
 Signed-off-by: Sergey Fursov <geyser85@gmail.com>
 [Upstream: https://github.com/docker/compose/pull/6623]
 (cherry picked from commit d2ca096f46a56cd4db494c593ed84e5c255dc15d)
+[Peter: allow all 5.x]
 Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 ---
  requirements.txt | 2 +-
@@ -34,7 +35,7 @@ index c9e4729d..17ab678e 100644
      'cached-property >= 1.2.0, < 2',
      'docopt >= 0.6.1, < 1',
 -    'PyYAML >= 3.10, < 5',
-+    'PyYAML >= 3.10, < 5.2',
++    'PyYAML >= 3.10, < 6',
      'requests >= 2.20.0, < 3',
      'texttable >= 0.9.0, < 2',
      'websocket-client >= 0.32.0, < 1',

package/elf2flt/0002-elf2flt-fix-relocations-for-read-only-data.patch

@@ -1,58 +0,0 @@
-From 6006e8d789f7a1129414fb3a8c930b094af0cafa Mon Sep 17 00:00:00 2001
-From: Greg Ungerer <gerg@kernel.org>
-Date: Wed, 6 Nov 2019 21:19:24 +0100
-Subject: [PATCH] elf2flt: fix relocations for read-only data
-
-Readonly data sections are mapped into the "text" section in the
-elf2flt.ld linker script. The relocation generation code is not handling
-that case properly though, and is actually mapping any data section type
-into the "data" section of the target binary.
-
-This problem case has been detected with elf2flt core dumping when used
-with binutils-2.33.1 (on ARM architecture targets). See thread at:
-
-   https://sourceware.org/ml/binutils/2019-10/msg00132.html
-
-Tested by Christophe Priouzeau [1]
-
-* binutils 2.33.1
-* buildroot 2019.11-rc1
-* patch on top of elf2flt (patch available on this thread)
-* configuration: stm32f469-disco with initramfs configuration on buildroot
-
-Result:
-Build: OK, all the binaries are generated
-Runtime test on stm32f469-disco: OK
-
-[1] https://github.com/uclinux-dev/elf2flt/issues/12
-
-Signed-off-by: Greg Ungerer <gerg@kernel.org>
-Signed-off-by: Romain Naour <romain.naour@smile.fr>
-Cc: Christophe Priouzeau <christophe.priouzeau@st.com>
----
- elf2flt.c | 8 +++++---
- 1 file changed, 5 insertions(+), 3 deletions(-)
-
-diff --git a/elf2flt.c b/elf2flt.c
-index 67f720a..8973cef 100644
---- a/elf2flt.c
-+++ b/elf2flt.c
-@@ -418,10 +418,12 @@ output_relocs (
- //		continue;
- 
- 	/*
--	 *	Only relocate things in the data sections if we are PIC/GOT.
--	 *	otherwise do text as well
-+	 * Only relocate things in the writable data sections if we are PIC/GOT.
-+	 * Otherwise do text (and read only data) as well.
- 	 */
--	if ((!pic_with_got || ALWAYS_RELOC_TEXT) && (a->flags & SEC_CODE))
-+	if ((!pic_with_got || ALWAYS_RELOC_TEXT) &&
-+	    ((a->flags & SEC_CODE) ||
-+	    ((a->flags & (SEC_DATA | SEC_READONLY)) == (SEC_DATA | SEC_READONLY))))
- 		sectionp = text + (a->vma - text_vma);
- 	else if (a->flags & SEC_DATA)
- 		sectionp = data + (a->vma - data_vma);
--- 
-2.21.0
-

package/emlog/emlog.mk

@@ -9,6 +9,10 @@ EMLOG_SITE = $(call github,nicupavel,emlog,emlog-$(EMLOG_VERSION))
 EMLOG_LICENSE = GPL-2.0
 EMLOG_LICENSE_FILES = COPYING
 
+# CVE-2019-16868 and CVE-2019-17073 are misclassified (by our CVE tracker) as
+# affecting emlog, while in fact it affects http://www.emlog.net.
+EMLOG_IGNORE_CVES += CVE-2019-16868 CVE-2019-17073
+
 define EMLOG_BUILD_CMDS
 	$(MAKE) -C $(@D) $(TARGET_CONFIGURE_OPTS) nbcat
 endef

package/erlang-p1-acme/Config.in

@@ -1,5 +1,6 @@
 config BR2_PACKAGE_ERLANG_P1_ACME
 	bool "erlang-p1-acme"
+	depends on BR2_INSTALL_LIBSTDCPP # erlang-jiffy
 	select BR2_PACKAGE_ERLANG_IDNA
 	select BR2_PACKAGE_ERLANG_JIFFY
 	select BR2_PACKAGE_ERLANG_JOSE
@@ -8,3 +9,6 @@ config BR2_PACKAGE_ERLANG_P1_ACME
 	  ACME client library for Erlang.
 
 	  https://github.com/processone/p1_acme
+
+comment "erlang-p1-acme needs a toolchain w/ C++"
+	depends on !BR2_INSTALL_LIBSTDCPP

package/exim/exim.service

@@ -3,7 +3,7 @@ Description=Exim MTA
 After=syslog.target network.target
 
 [Service]
-ExecStart=/usr/bin/exim -bdf
+ExecStart=/usr/sbin/exim -bdf
 Restart=always
 
 [Install]

package/exiv2/0001-crwimage-Check-offset-and-size-against-total-size.patch

@@ -0,0 +1,32 @@
+From b7890776c62398ca1005e8edc32786859d60fcf7 Mon Sep 17 00:00:00 2001
+From: Jens Georg <mail@jensge.org>
+Date: Sun, 6 Oct 2019 15:05:20 +0200
+Subject: [PATCH] crwimage: Check offset and size against total size
+
+Corrupted or specially crafted CRW images might exceed the overall
+buffersize.
+
+Fixes #1019
+
+(cherry picked from commit 683451567284005cd24e1ccb0a76ca401000968b)
+[Retrieved (and slightly updated to keep only the fix) from:
+https://github.com/Exiv2/exiv2/commit/50e9dd964a439da357798344ed1dd86edcadf0ec]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ src/crwimage_int.cpp | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/crwimage_int.cpp b/src/crwimage_int.cpp
+index 29311fdb7..c0d955350 100644
+--- a/src/crwimage_int.cpp
++++ b/src/crwimage_int.cpp
+@@ -268,6 +268,9 @@ namespace Exiv2 {
+ #ifdef EXIV2_DEBUG_MESSAGES
+         std::cout << "Reading directory 0x" << std::hex << tag() << "\n";
+ #endif
++        if (this->offset() + this->size() > size)
++            throw Error(kerOffsetOutOfRange);
++
+         readDirectory(pData + offset(), this->size(), byteOrder);
+ #ifdef EXIV2_DEBUG_MESSAGES
+         std::cout << "<---- 0x" << std::hex << tag() << "\n";

package/exiv2/0002-fix_1011_jp2_readmetadata_loop.patch

@@ -0,0 +1,86 @@
+From 1b917c3f7dd86336a9f6fda4456422c419dfe88c Mon Sep 17 00:00:00 2001
+From: clanmills <robin@clanmills.com>
+Date: Tue, 1 Oct 2019 17:39:44 +0100
+Subject: [PATCH] Fix #1011 fix_1011_jp2_readmetadata_loop
+
+[Retrieved (and slighlty updated to keep only the fix) from:
+https://github.com/Exiv2/exiv2/commit/a82098f4f90cd86297131b5663c3dec6a34470e8]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ src/jp2image.cpp                             |  25 +++++++++++++++----
+ test/data/Jp2Image_readMetadata_loop.poc     | Bin 0 -> 738 bytes
+ tests/bugfixes/github/test_CVE_2017_17725.py |   4 +--
+ tests/bugfixes/github/test_issue_1011.py     |  13 ++++++++++
+ 4 files changed, 35 insertions(+), 7 deletions(-)
+ create mode 100755 test/data/Jp2Image_readMetadata_loop.poc
+ create mode 100644 tests/bugfixes/github/test_issue_1011.py
+
+diff --git a/src/jp2image.cpp b/src/jp2image.cpp
+index d5cd1340a..0de088d62 100644
+--- a/src/jp2image.cpp
++++ b/src/jp2image.cpp
+@@ -18,10 +18,6 @@
+  * Foundation, Inc., 51 Franklin Street, 5th Floor, Boston, MA 02110-1301 USA.
+  */
+ 
+-/*
+-  File:      jp2image.cpp
+-*/
+-
+ // *****************************************************************************
+ 
+ // included header files
+@@ -197,6 +193,16 @@ namespace Exiv2
+         return result;
+     }
+ 
++static void boxes_check(size_t b,size_t m)
++{
++    if ( b > m ) {
++#ifdef EXIV2_DEBUG_MESSAGES
++        std::cout << "Exiv2::Jp2Image::readMetadata box maximum exceeded" << std::endl;
++#endif
++        throw Error(kerCorruptedMetadata);
++    }
++}
++
+     void Jp2Image::readMetadata()
+     {
+ #ifdef EXIV2_DEBUG_MESSAGES
+@@ -219,9 +225,12 @@ namespace Exiv2
+         Jp2BoxHeader      subBox    = {0,0};
+         Jp2ImageHeaderBox ihdr      = {0,0,0,0,0,0,0,0};
+         Jp2UuidBox        uuid      = {{0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
++        size_t            boxes     = 0 ;
++        size_t            boxem     = 1000 ; // boxes max
+ 
+         while (io_->read((byte*)&box, sizeof(box)) == sizeof(box))
+         {
++            boxes_check(boxes++,boxem );
+             position   = io_->tell();
+             box.length = getLong((byte*)&box.length, bigEndian);
+             box.type   = getLong((byte*)&box.type, bigEndian);
+@@ -251,8 +260,12 @@ namespace Exiv2
+ 
+                     while (io_->read((byte*)&subBox, sizeof(subBox)) == sizeof(subBox) && subBox.length )
+                     {
++                        boxes_check(boxes++, boxem) ;
+                         subBox.length = getLong((byte*)&subBox.length, bigEndian);
+                         subBox.type   = getLong((byte*)&subBox.type, bigEndian);
++                        if (subBox.length > io_->size() ) {
++                            throw Error(kerCorruptedMetadata);
++                        }
+ #ifdef EXIV2_DEBUG_MESSAGES
+                         std::cout << "Exiv2::Jp2Image::readMetadata: "
+                         << "subBox = " << toAscii(subBox.type) << " length = " << subBox.length << std::endl;
+@@ -308,7 +321,9 @@ namespace Exiv2
+                         }
+ 
+                         io_->seek(restore,BasicIo::beg);
+-                        io_->seek(subBox.length, Exiv2::BasicIo::cur);
++                        if ( io_->seek(subBox.length, Exiv2::BasicIo::cur) != 0 ) {
++                            throw Error(kerCorruptedMetadata);
++                        }
+                         restore = io_->tell();
+                     }
+                     break;

package/exiv2/exiv2.mk

@@ -10,6 +10,17 @@ EXIV2_INSTALL_STAGING = YES
 EXIV2_LICENSE = GPL-2.0+, BSD-3-Clause
 EXIV2_LICENSE_FILES = COPYING COPYING-CMAKE-SCRIPTS
 
+# CVE-2019-13504 is misclassified (by our CVE tracker) as affecting version
+# 0.27.2, while in fact both commits that fixed this issue are already in this
+# version.
+EXIV2_IGNORE_CVES += CVE-2019-13504
+
+# 0001-crwimage-Check-offset-and-size-against-total-size.patch
+EXIV2_IGNORE_CVES += CVE-2019-17402
+
+# 0002-fix_1011_jp2_readmetadata_loop.patch
+EXIV2_IGNORE_CVES += CVE-2019-20421
+
 EXIV2_CONF_OPTS += -DEXIV2_ENABLE_BUILD_SAMPLES=OFF
 
 # The following CMake variable disables a TRY_RUN call in the -pthread

package/fbgrab/Config.in

@@ -5,4 +5,4 @@ config BR2_PACKAGE_FBGRAB
 	  FBGrab is a framebuffer screenshot program, capturing the
 	  linux frambuffer and converting it to a png-picture.
 
-	  http://fbgrab.monells.se/
+	  https://github.com/GunnarMonell/fbgrab

package/fbgrab/fbgrab.hash

@@ -1,3 +1,3 @@
 # Locally calculated
-sha256  5fab478cbf8731fbacefaa76236a8f8b38ccff920c53b3a8253bc35509fba8ed  fbgrab-1.3.tar.gz
+sha256  3314a932f830e32feaf36914e1b43326529fe35b7eb7410ff55f16c930ddfbcb  fbgrab-1.3.1.tar.gz
 sha256  fa5fc1d1eec39532ea517518eeefd7b6e3c14341a55e5880a0e2a49eee47a5b7  COPYING

package/fbgrab/fbgrab.mk

@@ -4,8 +4,8 @@
 #
 ################################################################################
 
-FBGRAB_VERSION = 1.3
-FBGRAB_SITE = http://fbgrab.monells.se
+FBGRAB_VERSION = 1.3.1
+FBGRAB_SITE = $(call github,GunnarMonell,fbgrab,$(FBGRAB_VERSION))
 FBGRAB_DEPENDENCIES = libpng
 FBGRAB_LICENSE = GPL-2.0
 FBGRAB_LICENSE_FILES = COPYING

package/git/git.mk

@@ -67,7 +67,7 @@ endif
 
 GIT_CFLAGS = $(TARGET_CFLAGS)
 
-ifeq ($(BR2_TOOLCHAIN_HAS_GCC_BUG_85180),y)
+ifneq ($(BR2_TOOLCHAIN_HAS_GCC_BUG_85180)$(BR2_TOOLCHAIN_HAS_GCC_BUG_93847),)
 GIT_CFLAGS += -O0
 endif
 

package/gr-osmosdr/gr-osmosdr.mk

@@ -14,7 +14,9 @@ GR_OSMOSDR_SUPPORTS_IN_SOURCE_BUILD = NO
 
 GR_OSMOSDR_DEPENDENCIES = gnuradio host-python-cheetah
 
-GR_OSMOSDR_CONF_OPTS = -DENABLE_DEFAULT=OFF
+GR_OSMOSDR_CONF_OPTS = \
+	-DENABLE_DEFAULT=OFF \
+	-DENABLE_DOXYGEN=OFF
 
 # For third-party blocks, the gr-osmosdr libraries are mandatory at
 # compile time.

package/gstreamer1/gst1-plugins-base/0001-meson-static-linkig-of-tools-needs-gmodule_dep.patch

@@ -0,0 +1,38 @@
+From 443244e54d1e2813560d364b44b35d49b3987b67 Mon Sep 17 00:00:00 2001
+From: Peter Seiderer <ps.report@gmx.net>
+Date: Tue, 3 Mar 2020 17:07:24 +0100
+Subject: [PATCH] meson: static linkig of tools needs gmodule_dep
+
+Add gmodule_dep (analog to gstreamer/tools/meson.build).
+
+Fixes:
+
+.../bin/ld: .../usr/lib/libgstreamer-1.0.a(gstplugin.c.o): in function `gst_plugin_register_func':
+gstplugin.c:(.text+0x3bc): undefined reference to `g_module_make_resident'
+.../bin/ld: .../usr/lib/libgstreamer-1.0.a(gstplugin.c.o): in function `_priv_gst_plugin_load_file_for_registry':
+gstplugin.c:(.text+0x1228): undefined reference to `g_module_supported'
+.../bin/ld: gstplugin.c:(.text+0x126c): undefined reference to `g_module_open'
+.../bin/ld: gstplugin.c:(.text+0x1368): undefined reference to `g_module_symbol'
+.../bin/ld: gstplugin.c:(.text+0x1494): undefined reference to `g_module_supported'
+.../bin/ld: gstplugin.c:(.text+0x17f4): undefined reference to `g_module_close'
+.../bin/ld: gstplugin.c:(.text+0x1a2c): undefined reference to `g_module_error'
+
+[Upstream suggested: https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/merge_requests/587 ]
+Signed-off-by: Peter Seiderer <ps.report@gmx.net>
+---
+ tools/meson.build | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tools/meson.build b/tools/meson.build
+index 57595fb47..bcbe11ca1 100644
+--- a/tools/meson.build
++++ b/tools/meson.build
+@@ -1,4 +1,4 @@
+-tool_deps = glib_deps + [pbutils_dep, audio_dep, video_dep, tag_dep, gst_dep, gst_base_dep]
++tool_deps = glib_deps + [pbutils_dep, audio_dep, video_dep, tag_dep, gst_dep, gst_base_dep, gmodule_dep]
+ 
+ executable('gst-device-monitor-@0@'.format(api_version),
+   'gst-device-monitor.c',
+-- 
+2.25.1
+

package/gstreamer1/gst1-validate/gst1-validate.mk

@@ -22,6 +22,8 @@ else
 GST1_VALIDATE_DEPENDENCIES += host-python python
 endif
 
-GST1_VALIDATE_CONF_OPTS += --disable-sphinx-doc
+GST1_VALIDATE_CONF_OPTS = \
+	--disable-introspection \
+	--disable-sphinx-doc
 
 $(eval $(autotools-package))

package/gstreamer1/gstreamer1/Config.in

@@ -51,10 +51,11 @@ config BR2_PACKAGE_GSTREAMER1_PLUGIN_REGISTRY
 	  increase the launch-time for a GStreamer application.
 
 config BR2_PACKAGE_GSTREAMER1_INSTALL_TOOLS
-	bool "install gst-launch & gst-inspect"
+	bool "install tools"
 	default y
 	help
-	  Install the gst-launch and gst-inspect tools. This will take
-	  up additional space on the target.
+	  Install the gst-inspect, gst-launch, gst-stats and
+	  gst-typefind tools. This will take up additional space on
+	  the target.
 
 endif

package/guile/0004-Makefile.am-fix-build-without-makeinfo.patch

@@ -0,0 +1,51 @@
+From 9304ad88a5f4b083d348563c5de00da53b34cf46 Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Fri, 6 Mar 2020 23:20:39 +0100
+Subject: [PATCH] Makefile.am: fix build without makeinfo
+
+Don't build doc subdir if makeinfo is not available otherwise build
+fails on:
+
+make[4]: Entering directory '/nvmedata/autobuild/instance-7/output-1/build/host-guile-2.0.14/doc/ref'
+  MAKEINFO guile.info
+/nvmedata/autobuild/instance-7/output-1/build/host-guile-2.0.14/build-aux/missing: line 81: makeinfo: command not found
+WARNING: 'makeinfo' is missing on your system.
+         You should only need it if you modified a '.texi' file, or
+         any other file indirectly affecting the aspect of the manual.
+         You might want to install the Texinfo package:
+         <http://www.gnu.org/software/texinfo/>
+         The spurious makeinfo call might also be the consequence of
+         using a buggy 'make' (AIX, DU, IRIX), in which case you might
+         want to install GNU make:
+         <http://www.gnu.org/software/make/>
+
+Fixes:
+ - http://autobuild.buildroot.org/results/9605aac6f760bfff190d0ab95fa50f65486ffe90
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Upstream status: sent to bug-guile@gnu.org]
+---
+ Makefile.am | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index ebbf6d476..2270afb9f 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -38,8 +38,12 @@ SUBDIRS =					\
+ 	test-suite				\
+ 	benchmark-suite				\
+ 	gc-benchmarks				\
+-	am					\
++	am
++
++if HAVE_MAKEINFO
++SUBDIRS +=					\
+ 	doc
++endif
+ 
+ DIST_SUBDIRS = $(SUBDIRS) prebuilt
+ 
+-- 
+2.25.0
+

package/guile/guile.mk

@@ -8,7 +8,8 @@ GUILE_VERSION = 2.0.14
 GUILE_SOURCE = guile-$(GUILE_VERSION).tar.xz
 GUILE_SITE = $(BR2_GNU_MIRROR)/guile
 GUILE_INSTALL_STAGING = YES
-# For 0002-calculate-csqrt_manually.patch
+# For 0002-calculate-csqrt_manually.patch and
+# 0004-Makefile.am-fix-build-without-makeinfo.patch
 GUILE_AUTORECONF = YES
 GUILE_LICENSE = LGPL-3.0+
 GUILE_LICENSE_FILES = LICENSE COPYING COPYING.LESSER

package/jamvm/0001-Use-fenv.h-when-available-instead-of-fpu_control.h.patch

@@ -1,108 +0,0 @@
-From ecd4eceae98cfb1c83133bdeaa9095546ca8b7c6 Mon Sep 17 00:00:00 2001
-From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
-Date: Thu, 26 May 2016 15:05:48 +0200
-Subject: [PATCH] Use <fenv.h> when available instead of <fpu_control.h>
-
-musl libc (http://musl-libc.org lack the non-standard <fpu_control.h>
-header, which is used in src/os/linux/{i386,x86_64}/init.c files to
-setup the floating point precision. This patch makes it use the
-standard C <fenv.h> header instead when available.
-
-Original patch at Felix Janda at
-https://sourceforge.net/p/jamvm/patches/6/, adapted to still use
-<fpu_control.h> if <fenv.h> is not provided.
-
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
----
- configure.ac               |  2 +-
- src/os/linux/i386/init.c   | 15 +++++++++++++++
- src/os/linux/x86_64/init.c | 15 +++++++++++++--
- 3 files changed, 29 insertions(+), 3 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 19f77e6..ce59a3e 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -279,7 +279,7 @@ fi
- 
- dnl Checks for header files.
- AC_HEADER_STDC
--AC_CHECK_HEADERS(sys/time.h unistd.h endian.h sys/param.h locale.h alloca.h)
-+AC_CHECK_HEADERS(sys/time.h unistd.h endian.h sys/param.h locale.h alloca.h fenv.h)
- 
- if test "$enable_zip" != no; then
-     AC_CHECK_HEADER(zlib.h,,AC_MSG_ERROR(zlib.h is missing))
-diff --git a/src/os/linux/i386/init.c b/src/os/linux/i386/init.c
-index d9c6648..8fefe7d 100644
---- a/src/os/linux/i386/init.c
-+++ b/src/os/linux/i386/init.c
-@@ -19,18 +19,33 @@
-  * Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-  */
- 
-+#include "config.h"
-+
-+#if defined(HAVE_FENV_H)
-+#include <fenv.h>
-+#else
- #include <fpu_control.h>
-+#endif
- 
- /* Change floating point precision to double (64-bit) from
-  * the extended (80-bit) Linux default. */
- 
- void setDoublePrecision() {
-+#if defined(HAVE_FENV_H)
-+    fenv_t fenv;
-+
-+    fegetenv(&fenv);
-+    fenv.__control_word &= ~0x300; /* _FPU_EXTENDED */
-+    fenv.__control_word |= 0x200; /* _FPU_DOUBLE */
-+    fesetenv(&fenv);
-+#else
-     fpu_control_t cw;
- 
-     _FPU_GETCW(cw);
-     cw &= ~_FPU_EXTENDED;
-     cw |= _FPU_DOUBLE;
-     _FPU_SETCW(cw);
-+#endif
- }
- 
- void initialisePlatform() {
-diff --git a/src/os/linux/x86_64/init.c b/src/os/linux/x86_64/init.c
-index 9d55229..b42b14e 100644
---- a/src/os/linux/x86_64/init.c
-+++ b/src/os/linux/x86_64/init.c
-@@ -19,7 +19,11 @@
-  * Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-  */
- 
--#ifdef __linux__
-+#include "config.h"
-+
-+#if defined(HAVE_FENV_H)
-+#include <fenv.h>
-+#else
- #include <fpu_control.h>
- #endif
- 
-@@ -30,7 +34,14 @@
- */
- 
- void setDoublePrecision() {
--#ifdef __linux__
-+#if defined(HAVE_FENV_H)
-+    fenv_t fenv;
-+
-+    fegetenv(&fenv);
-+    fenv.__control_word &= ~0x300; /*_FPU_EXTENDED */
-+    fenv.__control_word |= 0x200; /*_FPU_DOUBLE */
-+    fesetenv(&fenv);
-+#else
-     fpu_control_t cw;
- 
-     _FPU_GETCW(cw);
--- 
-2.7.4
-

package/jamvm/Config.in

@@ -1,26 +0,0 @@
-config BR2_PACKAGE_JAMVM_ARCH_SUPPORTS
-	bool
-	default y if BR2_arm || BR2_armeb
-	default y if BR2_i386 || BR2_x86_64
-	default y if (BR2_mips || BR2_mipsel) \
-		&& (BR2_MIPS_FP32_MODE_32 || BR2_MIPS_SOFT_FLOAT)
-	default y if BR2_powerpc
-
-config BR2_PACKAGE_JAMVM
-	bool "jamvm"
-	depends on BR2_PACKAGE_JAMVM_ARCH_SUPPORTS
-	depends on BR2_PACKAGE_CLASSPATH_ARCH_SUPPORTS
-	depends on BR2_TOOLCHAIN_HAS_THREADS
-	depends on !BR2_STATIC_LIBS
-	select BR2_PACKAGE_ZLIB
-	select BR2_PACKAGE_CLASSPATH
-	help
-	  JamVM is a new Java Virtual Machine which conforms to the
-	  JVM specification version 2 (blue book).
-
-	  http://jamvm.sf.net
-
-comment "jamvm needs a toolchain w/ threads, dynamic library"
-	depends on BR2_PACKAGE_JAMVM_ARCH_SUPPORTS
-	depends on BR2_PACKAGE_CLASSPATH_ARCH_SUPPORTS
-	depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS

package/jamvm/jamvm.hash

@@ -1,3 +0,0 @@
-# Locally computed:
-sha256  76428e96df0ae9dd964c7a7c74c1e9a837e2f312c39e9a357fa8178f7eff80da  jamvm-2.0.0.tar.gz
-sha256  dcc100d4161cc0b7177545ab6e47216f84857cda3843847c792a25289852dcaa  COPYING

package/jamvm/jamvm.mk

@@ -1,27 +0,0 @@
-################################################################################
-#
-# jamvm
-#
-################################################################################
-
-JAMVM_VERSION = 2.0.0
-JAMVM_SITE = http://downloads.sourceforge.net/project/jamvm/jamvm/JamVM%20$(JAMVM_VERSION)
-JAMVM_LICENSE = GPL-2.0+
-JAMVM_LICENSE_FILES = COPYING
-JAMVM_DEPENDENCIES = zlib classpath
-# For 0001-Use-fenv.h-when-available-instead-of-fpu_control.h.patch
-JAMVM_AUTORECONF = YES
-# int inlining seems to crash jamvm, don't build shared version of internal lib
-JAMVM_CONF_OPTS = \
-	--with-classpath-install-dir=/usr \
-	--disable-int-inlining \
-	--disable-shared \
-	--without-pic
-
-# jamvm has ARM assembly code that cannot be compiled in Thumb2 mode,
-# so we must force traditional ARM mode.
-ifeq ($(BR2_arm),y)
-JAMVM_CONF_ENV = CFLAGS="$(TARGET_CFLAGS) -marm"
-endif
-
-$(eval $(autotools-package))

package/jhead/jhead.hash

@@ -1,3 +1,3 @@
 # Locally calculated from download (no sig, hash)
-sha256	82194e0128d9141038f82fadcb5845391ca3021d61bc00815078601619f6c0c2	jhead-3.03.tar.gz
-sha256	46c870a208305489eea862ec8b05b030ba1f06d99195f660dc0ba541cc38d82b	readme.txt
+sha256  ef89bbcf4f6c25ed88088cf242a47a6aedfff4f08cc7dc205bf3e2c0f10a03c9  jhead-3.04.tar.gz
+sha256  46c870a208305489eea862ec8b05b030ba1f06d99195f660dc0ba541cc38d82b  readme.txt

package/jhead/jhead.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-JHEAD_VERSION = 3.03
+JHEAD_VERSION = 3.04
 JHEAD_SITE = http://www.sentex.net/~mwandel/jhead
 JHEAD_LICENSE = Public Domain
 JHEAD_LICENSE_FILES = readme.txt

package/kodi-inputstream-adaptive/kodi-inputstream-adaptive.hash

@@ -1,3 +1,3 @@
 # Locally computed
 sha256 e47263240ac9276546ead439ba14ee26c3f3b45f2882351a9081e5502e296329  kodi-inputstream-adaptive-2.4.2-Leia.tar.gz
-sha256 9070a4ff46077f9358b079445c5cf2109f1711e05f4b9cb283d89ecac7aad161  src/main.cpp
+sha256 89931c1fb1f3716694175763cf3221cfcd63d6935031cf6b4512d17ffe5d9860  LICENSE.GPL

package/kodi-inputstream-adaptive/kodi-inputstream-adaptive.mk

@@ -7,7 +7,7 @@
 KODI_INPUTSTREAM_ADAPTIVE_VERSION = 2.4.2-Leia
 KODI_INPUTSTREAM_ADAPTIVE_SITE = $(call github,peak3d,inputstream.adaptive,$(KODI_INPUTSTREAM_ADAPTIVE_VERSION))
 KODI_INPUTSTREAM_ADAPTIVE_LICENSE = GPL-2.0+
-KODI_INPUTSTREAM_ADAPTIVE_LICENSE_FILES = src/main.cpp
+KODI_INPUTSTREAM_ADAPTIVE_LICENSE_FILES = LICENSE.GPL
 KODI_INPUTSTREAM_ADAPTIVE_DEPENDENCIES = kodi
 
 $(eval $(cmake-package))

package/libarchive/libarchive.hash

@@ -1,4 +1,4 @@
 # From https://www.libarchive.de/downloads/sha256sums
-sha256  fcf87f3ad8db2e4f74f32526dee62dd1fb9894782b0a503a89c9d7a70a235191  libarchive-3.4.1.tar.gz
+sha256  b60d58d12632ecf1e8fad7316dc82c6b9738a35625746b47ecdcaf4aed176176  libarchive-3.4.2.tar.gz
 # Locally computed:
 sha256  e1e3d4ba9d0b0ccba333b5f5539f7c6c9a3ef3d57a96cd165d2c45eaa1cd026d  COPYING

package/libarchive/libarchive.mk

@@ -4,11 +4,12 @@
 #
 ################################################################################
 
-LIBARCHIVE_VERSION = 3.4.1
+LIBARCHIVE_VERSION = 3.4.2
 LIBARCHIVE_SITE = https://www.libarchive.de/downloads
 LIBARCHIVE_INSTALL_STAGING = YES
 LIBARCHIVE_LICENSE = BSD-2-Clause, BSD-3-Clause, CC0-1.0, OpenSSL, Apache-2.0
 LIBARCHIVE_LICENSE_FILES = COPYING
+LIBARCHIVE_CONF_OPTS = --without-mbedtls
 
 ifeq ($(BR2_PACKAGE_LIBARCHIVE_BSDTAR),y)
 ifeq ($(BR2_STATIC_LIBS),y)
@@ -86,6 +87,7 @@ endif
 
 ifeq ($(BR2_PACKAGE_NETTLE),y)
 LIBARCHIVE_DEPENDENCIES += nettle
+LIBARCHIVE_CONF_OPTS += --with-nettle
 else
 LIBARCHIVE_CONF_OPTS += --without-nettle
 endif
@@ -123,6 +125,7 @@ HOST_LIBARCHIVE_CONF_OPTS = \
 	--without-libiconv-prefix \
 	--without-xml2 \
 	--without-lzo2 \
+	--without-mbedtls \
 	--without-nettle \
 	--without-openssl \
 	--without-lzma

package/libcgroup/0001-cgrulesengd-remove-umask-0.patch

@@ -0,0 +1,33 @@
+From 0d88b73d189ea3440ccaab00418d6469f76fa590 Mon Sep 17 00:00:00 2001
+From: Michal Hocko <mhocko@suse.com>
+Date: Wed, 18 Jul 2018 11:24:29 +0200
+Subject: [PATCH] cgrulesengd: remove umask(0)
+
+One of our partners has noticed that cgred daemon is creating a log file
+(/var/log/cgred) with too wide permissions (0666) and that is seen as
+a security bug because an untrusted user can write to otherwise
+restricted area. CVE-2018-14348 has been assigned to this issue.
+
+Signed-off-by: Michal Hocko <mhocko@suse.com>
+Acked-by: Balbir Singh <bsingharora@gmail.com>
+[Retrieved from:
+https://github.com/libcgroup/libcgroup/commit/0d88b73d189ea3440ccaab00418d6469f76fa590]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ src/daemon/cgrulesengd.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/src/daemon/cgrulesengd.c b/src/daemon/cgrulesengd.c
+index ea51f11..0d288f3 100644
+--- a/src/daemon/cgrulesengd.c
++++ b/src/daemon/cgrulesengd.c
+@@ -889,9 +889,6 @@ int cgre_start_daemon(const char *logp, const int logf,
+ 		} else if (pid > 0) {
+ 			exit(EXIT_SUCCESS);
+ 		}
+-
+-		/* Change the file mode mask. */
+-		umask(0);
+ 	} else {
+ 		flog(LOG_DEBUG, "Not using daemon mode\n");
+ 		pid = getpid();

package/libcgroup/libcgroup.mk

@@ -12,6 +12,9 @@ LIBCGROUP_LICENSE_FILES = COPYING
 LIBCGROUP_DEPENDENCIES = host-bison host-flex
 LIBCGROUP_INSTALL_STAGING = YES
 
+# 0001-cgrulesengd-remove-umask-0.patch
+LIBCGROUP_IGNORE_CVES += CVE-2018-14348
+
 # Undefining _FILE_OFFSET_BITS here because of a "bug" with glibc fts.h
 # large file support. See https://bugzilla.redhat.com/show_bug.cgi?id=574992
 # for more information.

package/libdrm/0007-tests-amdgpu-needs-atomic_ops.patch

@@ -0,0 +1,27 @@
+From f0adb08424e624aeee340291343281256b7a98e8 Mon Sep 17 00:00:00 2001
+From: Peter Seiderer <ps.report@gmx.net>
+Date: Sat, 7 Mar 2020 12:23:09 +0100
+Subject: [PATCH] tests/amdgpu: needs atomic_ops
+
+[Upstream: https://gitlab.freedesktop.org/mesa/drm/-/merge_requests/50]
+Signed-off-by: Peter Seiderer <ps.report@gmx.net>
+---
+ tests/amdgpu/meson.build | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tests/amdgpu/meson.build b/tests/amdgpu/meson.build
+index 1726cb43..4dfa5c83 100644
+--- a/tests/amdgpu/meson.build
++++ b/tests/amdgpu/meson.build
+@@ -26,7 +26,7 @@ if dep_cunit.found()
+       'vce_tests.c', 'uvd_enc_tests.c', 'vcn_tests.c', 'deadlock_tests.c',
+       'vm_tests.c', 'ras_tests.c', 'syncobj_tests.c',
+     ),
+-    dependencies : [dep_cunit, dep_threads],
++    dependencies : [dep_cunit, dep_threads, dep_atomic_ops],
+     include_directories : [inc_root, inc_drm, include_directories('../../amdgpu')],
+     link_with : [libdrm, libdrm_amdgpu],
+     install : with_install_tests,
+-- 
+2.25.1
+

package/libevdev/libevdev.mk

@@ -14,7 +14,7 @@ LIBEVDEV_LICENSE_FILES = COPYING
 LIBEVDEV_AUTORECONF = YES
 
 # Uses PKG_CHECK_MODULES() in configure.ac
-LIBEVDEV_DEPENDENCIES = host-pkgconf
+LIBEVDEV_DEPENDENCIES = host-pkgconf host-python
 
 LIBEVDEV_INSTALL_STAGING = YES
 

package/libgdiplus/0003-gifcodec.c-Include-copy-of-GifQuantizeBuffer-functio.patch

@@ -0,0 +1,414 @@
+From afde9145030ff4989f0d7933389c20244eaf8039 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Alexander=20K=C3=B6plinger?= <alex.koeplinger@outlook.com>
+Date: Thu, 1 Aug 2019 17:08:36 +0200
+Subject: [PATCH] gifcodec.c: Include copy of GifQuantizeBuffer function from
+ giflib (#575)
+
+It was removed upstream so we need to include a copy of it.
+The upstream code is licensed as MIT.
+
+Fixes https://github.com/mono/libgdiplus/issues/546
+
+Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
+---
+ src/gifcodec.c | 377 +++++++++++++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 369 insertions(+), 8 deletions(-)
+
+diff --git a/src/gifcodec.c b/src/gifcodec.c
+index 6f8dedb..29a9899 100644
+--- a/src/gifcodec.c
++++ b/src/gifcodec.c
+@@ -40,6 +40,374 @@ GUID gdip_gif_image_format_guid = {0xb96b3cb0U, 0x0728U, 0x11d3U, {0x9d, 0x7b, 0
+ #include "gifcodec.h"
+ 
+ 
++/* START GifQuantizeBuffer copy from giflib
++
++The giflib 5.2.0 release notes mention:
++
++> The undocumented and deprecated GifQuantizeBuffer() entry point
++> has been moved to the util library to reduce libgif size and attack
++> surface. Applications needing this function are couraged to link the
++> util library or make their own copy.
++
++Since the util library doesn't get installed in most distros we can't
++link against it and need to make our own copy called LibgdiplusGifQuantizeBuffer.
++This is taken from giflib 52b62de83d5facbbbde042b85bf3f61182e3bebd.
++
++> The GIFLIB distribution is Copyright (c) 1997  Eric S. Raymond
++>
++> Permission is hereby granted, free of charge, to any person obtaining a copy
++> of this software and associated documentation files (the "Software"), to deal
++> in the Software without restriction, including without limitation the rights
++> to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
++> copies of the Software, and to permit persons to whom the Software is
++> furnished to do so, subject to the following conditions:
++>
++> The above copyright notice and this permission notice shall be included in
++> all copies or substantial portions of the Software.
++>
++> THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
++> IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
++> FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
++> AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
++> LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
++> OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
++> THE SOFTWARE.
++
++*/
++
++/*****************************************************************************
++
++ quantize.c - quantize a high resolution image into lower one
++
++ Based on: "Color Image Quantization for frame buffer Display", by
++ Paul Heckbert SIGGRAPH 1982 page 297-307.
++
++ This doesn't really belong in the core library, was undocumented,
++ and was removed in 4.2.  Then it turned out some client apps were
++ actually using it, so it was restored in 5.0.
++
++SPDX-License-Identifier: MIT
++
++******************************************************************************/
++
++#include <stdlib.h>
++#include <stdio.h>
++#include "gif_lib.h"
++//#include "gif_lib_private.h"
++
++//#define ABS(x)    ((x) > 0 ? (x) : (-(x)))
++
++#define COLOR_ARRAY_SIZE 32768
++#define BITS_PER_PRIM_COLOR 5
++#define MAX_PRIM_COLOR      0x1f
++
++static int SortRGBAxis;
++
++typedef struct QuantizedColorType {
++    GifByteType RGB[3];
++    GifByteType NewColorIndex;
++    long Count;
++    struct QuantizedColorType *Pnext;
++} QuantizedColorType;
++
++typedef struct NewColorMapType {
++    GifByteType RGBMin[3], RGBWidth[3];
++    unsigned int NumEntries; /* # of QuantizedColorType in linked list below */
++    unsigned long Count; /* Total number of pixels in all the entries */
++    QuantizedColorType *QuantizedColors;
++} NewColorMapType;
++
++static int SubdivColorMap(NewColorMapType * NewColorSubdiv,
++                          unsigned int ColorMapSize,
++                          unsigned int *NewColorMapSize);
++static int SortCmpRtn(const void *Entry1, const void *Entry2);
++
++/******************************************************************************
++ Quantize high resolution image into lower one. Input image consists of a
++ 2D array for each of the RGB colors with size Width by Height. There is no
++ Color map for the input. Output is a quantized image with 2D array of
++ indexes into the output color map.
++   Note input image can be 24 bits at the most (8 for red/green/blue) and
++ the output has 256 colors at the most (256 entries in the color map.).
++ ColorMapSize specifies size of color map up to 256 and will be updated to
++ real size before returning.
++   Also non of the parameter are allocated by this routine.
++   This function returns GIF_OK if successful, GIF_ERROR otherwise.
++******************************************************************************/
++int
++LibgdiplusGifQuantizeBuffer(unsigned int Width,
++               unsigned int Height,
++               int *ColorMapSize,
++               GifByteType * RedInput,
++               GifByteType * GreenInput,
++               GifByteType * BlueInput,
++               GifByteType * OutputBuffer,
++               GifColorType * OutputColorMap) {
++
++    unsigned int Index, NumOfEntries;
++    int i, j, MaxRGBError[3];
++    unsigned int NewColorMapSize;
++    long Red, Green, Blue;
++    NewColorMapType NewColorSubdiv[256];
++    QuantizedColorType *ColorArrayEntries, *QuantizedColor;
++
++    ColorArrayEntries = (QuantizedColorType *)malloc(
++                           sizeof(QuantizedColorType) * COLOR_ARRAY_SIZE);
++    if (ColorArrayEntries == NULL) {
++        return GIF_ERROR;
++    }
++
++    for (i = 0; i < COLOR_ARRAY_SIZE; i++) {
++        ColorArrayEntries[i].RGB[0] = i >> (2 * BITS_PER_PRIM_COLOR);
++        ColorArrayEntries[i].RGB[1] = (i >> BITS_PER_PRIM_COLOR) &
++           MAX_PRIM_COLOR;
++        ColorArrayEntries[i].RGB[2] = i & MAX_PRIM_COLOR;
++        ColorArrayEntries[i].Count = 0;
++    }
++
++    /* Sample the colors and their distribution: */
++    for (i = 0; i < (int)(Width * Height); i++) {
++        Index = ((RedInput[i] >> (8 - BITS_PER_PRIM_COLOR)) <<
++                  (2 * BITS_PER_PRIM_COLOR)) +
++                ((GreenInput[i] >> (8 - BITS_PER_PRIM_COLOR)) <<
++                  BITS_PER_PRIM_COLOR) +
++                (BlueInput[i] >> (8 - BITS_PER_PRIM_COLOR));
++        ColorArrayEntries[Index].Count++;
++    }
++
++    /* Put all the colors in the first entry of the color map, and call the
++     * recursive subdivision process.  */
++    for (i = 0; i < 256; i++) {
++        NewColorSubdiv[i].QuantizedColors = NULL;
++        NewColorSubdiv[i].Count = NewColorSubdiv[i].NumEntries = 0;
++        for (j = 0; j < 3; j++) {
++            NewColorSubdiv[i].RGBMin[j] = 0;
++            NewColorSubdiv[i].RGBWidth[j] = 255;
++        }
++    }
++
++    /* Find the non empty entries in the color table and chain them: */
++    for (i = 0; i < COLOR_ARRAY_SIZE; i++)
++        if (ColorArrayEntries[i].Count > 0)
++            break;
++    QuantizedColor = NewColorSubdiv[0].QuantizedColors = &ColorArrayEntries[i];
++    NumOfEntries = 1;
++    while (++i < COLOR_ARRAY_SIZE)
++        if (ColorArrayEntries[i].Count > 0) {
++            QuantizedColor->Pnext = &ColorArrayEntries[i];
++            QuantizedColor = &ColorArrayEntries[i];
++            NumOfEntries++;
++        }
++    QuantizedColor->Pnext = NULL;
++
++    NewColorSubdiv[0].NumEntries = NumOfEntries; /* Different sampled colors */
++    NewColorSubdiv[0].Count = ((long)Width) * Height; /* Pixels */
++    NewColorMapSize = 1;
++    if (SubdivColorMap(NewColorSubdiv, *ColorMapSize, &NewColorMapSize) !=
++       GIF_OK) {
++        free((char *)ColorArrayEntries);
++        return GIF_ERROR;
++    }
++    if (NewColorMapSize < *ColorMapSize) {
++        /* And clear rest of color map: */
++        for (i = NewColorMapSize; i < *ColorMapSize; i++)
++            OutputColorMap[i].Red = OutputColorMap[i].Green =
++                OutputColorMap[i].Blue = 0;
++    }
++
++    /* Average the colors in each entry to be the color to be used in the
++     * output color map, and plug it into the output color map itself. */
++    for (i = 0; i < NewColorMapSize; i++) {
++        if ((j = NewColorSubdiv[i].NumEntries) > 0) {
++            QuantizedColor = NewColorSubdiv[i].QuantizedColors;
++            Red = Green = Blue = 0;
++            while (QuantizedColor) {
++                QuantizedColor->NewColorIndex = i;
++                Red += QuantizedColor->RGB[0];
++                Green += QuantizedColor->RGB[1];
++                Blue += QuantizedColor->RGB[2];
++                QuantizedColor = QuantizedColor->Pnext;
++            }
++            OutputColorMap[i].Red = (Red << (8 - BITS_PER_PRIM_COLOR)) / j;
++            OutputColorMap[i].Green = (Green << (8 - BITS_PER_PRIM_COLOR)) / j;
++            OutputColorMap[i].Blue = (Blue << (8 - BITS_PER_PRIM_COLOR)) / j;
++        }
++    }
++
++    /* Finally scan the input buffer again and put the mapped index in the
++     * output buffer.  */
++    MaxRGBError[0] = MaxRGBError[1] = MaxRGBError[2] = 0;
++    for (i = 0; i < (int)(Width * Height); i++) {
++        Index = ((RedInput[i] >> (8 - BITS_PER_PRIM_COLOR)) <<
++                 (2 * BITS_PER_PRIM_COLOR)) +
++                ((GreenInput[i] >> (8 - BITS_PER_PRIM_COLOR)) <<
++                 BITS_PER_PRIM_COLOR) +
++                (BlueInput[i] >> (8 - BITS_PER_PRIM_COLOR));
++        Index = ColorArrayEntries[Index].NewColorIndex;
++        OutputBuffer[i] = Index;
++        if (MaxRGBError[0] < ABS(OutputColorMap[Index].Red - RedInput[i]))
++            MaxRGBError[0] = ABS(OutputColorMap[Index].Red - RedInput[i]);
++        if (MaxRGBError[1] < ABS(OutputColorMap[Index].Green - GreenInput[i]))
++            MaxRGBError[1] = ABS(OutputColorMap[Index].Green - GreenInput[i]);
++        if (MaxRGBError[2] < ABS(OutputColorMap[Index].Blue - BlueInput[i]))
++            MaxRGBError[2] = ABS(OutputColorMap[Index].Blue - BlueInput[i]);
++    }
++
++#ifdef DEBUG
++    fprintf(stderr,
++            "Quantization L(0) errors: Red = %d, Green = %d, Blue = %d.\n",
++            MaxRGBError[0], MaxRGBError[1], MaxRGBError[2]);
++#endif /* DEBUG */
++
++    free((char *)ColorArrayEntries);
++
++    *ColorMapSize = NewColorMapSize;
++
++    return GIF_OK;
++}
++
++/******************************************************************************
++ Routine to subdivide the RGB space recursively using median cut in each
++ axes alternatingly until ColorMapSize different cubes exists.
++ The biggest cube in one dimension is subdivide unless it has only one entry.
++ Returns GIF_ERROR if failed, otherwise GIF_OK.
++*******************************************************************************/
++static int
++SubdivColorMap(NewColorMapType * NewColorSubdiv,
++               unsigned int ColorMapSize,
++               unsigned int *NewColorMapSize) {
++
++    unsigned int i, j, Index = 0;
++    QuantizedColorType *QuantizedColor, **SortArray;
++
++    while (ColorMapSize > *NewColorMapSize) {
++        /* Find candidate for subdivision: */
++	long Sum, Count;
++        int MaxSize = -1;
++	unsigned int NumEntries, MinColor, MaxColor;
++        for (i = 0; i < *NewColorMapSize; i++) {
++            for (j = 0; j < 3; j++) {
++                if ((((int)NewColorSubdiv[i].RGBWidth[j]) > MaxSize) &&
++                      (NewColorSubdiv[i].NumEntries > 1)) {
++                    MaxSize = NewColorSubdiv[i].RGBWidth[j];
++                    Index = i;
++                    SortRGBAxis = j;
++                }
++            }
++        }
++
++        if (MaxSize == -1)
++            return GIF_OK;
++
++        /* Split the entry Index into two along the axis SortRGBAxis: */
++
++        /* Sort all elements in that entry along the given axis and split at
++         * the median.  */
++        SortArray = (QuantizedColorType **)malloc(
++                      sizeof(QuantizedColorType *) * 
++                      NewColorSubdiv[Index].NumEntries);
++        if (SortArray == NULL)
++            return GIF_ERROR;
++        for (j = 0, QuantizedColor = NewColorSubdiv[Index].QuantizedColors;
++             j < NewColorSubdiv[Index].NumEntries && QuantizedColor != NULL;
++             j++, QuantizedColor = QuantizedColor->Pnext)
++            SortArray[j] = QuantizedColor;
++
++	/*
++	 * Because qsort isn't stable, this can produce differing 
++	 * results for the order of tuples depending on platform
++	 * details of how qsort() is implemented.
++	 *
++	 * We mitigate this problem by sorting on all three axes rather
++	 * than only the one specied by SortRGBAxis; that way the instability
++	 * can only become an issue if there are multiple color indices
++	 * referring to identical RGB tuples.  Older versions of this 
++	 * sorted on only the one axis.
++	 */
++        qsort(SortArray, NewColorSubdiv[Index].NumEntries,
++              sizeof(QuantizedColorType *), SortCmpRtn);
++
++        /* Relink the sorted list into one: */
++        for (j = 0; j < NewColorSubdiv[Index].NumEntries - 1; j++)
++            SortArray[j]->Pnext = SortArray[j + 1];
++        SortArray[NewColorSubdiv[Index].NumEntries - 1]->Pnext = NULL;
++        NewColorSubdiv[Index].QuantizedColors = QuantizedColor = SortArray[0];
++        free((char *)SortArray);
++
++        /* Now simply add the Counts until we have half of the Count: */
++        Sum = NewColorSubdiv[Index].Count / 2 - QuantizedColor->Count;
++        NumEntries = 1;
++        Count = QuantizedColor->Count;
++        while (QuantizedColor->Pnext != NULL &&
++	       (Sum -= QuantizedColor->Pnext->Count) >= 0 &&
++               QuantizedColor->Pnext->Pnext != NULL) {
++            QuantizedColor = QuantizedColor->Pnext;
++            NumEntries++;
++            Count += QuantizedColor->Count;
++        }
++        /* Save the values of the last color of the first half, and first
++         * of the second half so we can update the Bounding Boxes later.
++         * Also as the colors are quantized and the BBoxes are full 0..255,
++         * they need to be rescaled.
++         */
++        MaxColor = QuantizedColor->RGB[SortRGBAxis]; /* Max. of first half */
++	/* coverity[var_deref_op] */
++        MinColor = QuantizedColor->Pnext->RGB[SortRGBAxis]; /* of second */
++        MaxColor <<= (8 - BITS_PER_PRIM_COLOR);
++        MinColor <<= (8 - BITS_PER_PRIM_COLOR);
++
++        /* Partition right here: */
++        NewColorSubdiv[*NewColorMapSize].QuantizedColors =
++           QuantizedColor->Pnext;
++        QuantizedColor->Pnext = NULL;
++        NewColorSubdiv[*NewColorMapSize].Count = Count;
++        NewColorSubdiv[Index].Count -= Count;
++        NewColorSubdiv[*NewColorMapSize].NumEntries =
++           NewColorSubdiv[Index].NumEntries - NumEntries;
++        NewColorSubdiv[Index].NumEntries = NumEntries;
++        for (j = 0; j < 3; j++) {
++            NewColorSubdiv[*NewColorMapSize].RGBMin[j] =
++               NewColorSubdiv[Index].RGBMin[j];
++            NewColorSubdiv[*NewColorMapSize].RGBWidth[j] =
++               NewColorSubdiv[Index].RGBWidth[j];
++        }
++        NewColorSubdiv[*NewColorMapSize].RGBWidth[SortRGBAxis] =
++           NewColorSubdiv[*NewColorMapSize].RGBMin[SortRGBAxis] +
++           NewColorSubdiv[*NewColorMapSize].RGBWidth[SortRGBAxis] - MinColor;
++        NewColorSubdiv[*NewColorMapSize].RGBMin[SortRGBAxis] = MinColor;
++
++        NewColorSubdiv[Index].RGBWidth[SortRGBAxis] =
++           MaxColor - NewColorSubdiv[Index].RGBMin[SortRGBAxis];
++
++        (*NewColorMapSize)++;
++    }
++
++    return GIF_OK;
++}
++
++/****************************************************************************
++ Routine called by qsort to compare two entries.
++*****************************************************************************/
++
++static int
++SortCmpRtn(const void *Entry1,
++           const void *Entry2) {
++	   QuantizedColorType *entry1 = (*((QuantizedColorType **) Entry1));
++	   QuantizedColorType *entry2 = (*((QuantizedColorType **) Entry2));
++
++	   /* sort on all axes of the color space! */
++	   int hash1 = entry1->RGB[SortRGBAxis] * 256 * 256
++	   			+ entry1->RGB[(SortRGBAxis+1) % 3] * 256
++				+ entry1->RGB[(SortRGBAxis+2) % 3];
++	   int hash2 = entry2->RGB[SortRGBAxis] * 256 * 256
++	   			+ entry2->RGB[(SortRGBAxis+1) % 3] * 256
++				+ entry2->RGB[(SortRGBAxis+2) % 3];
++
++    return hash1 - hash2;
++}
++
++/* END GifQuantizeBuffer copy from giflib */
++
+ /* Data structure used for callback */
+ typedef struct
+ {
+@@ -851,14 +1219,7 @@ gdip_save_gif_image (void *stream, GpImage *image, BOOL from_file)
+ 						v += 4;
+ 					}
+ 				}
+-				if (
+-#if GIFLIB_MAJOR >= 5
+-				GifQuantizeBuffer(
+-#else
+-				QuantizeBuffer(
+-#endif
+-						bitmap_data->width, bitmap_data->height, &cmap_size, 
+-						red,  green, blue, pixbuf, cmap->Colors) == GIF_ERROR) {
++				if (LibgdiplusGifQuantizeBuffer(bitmap_data->width, bitmap_data->height, &cmap_size, red,  green, blue, pixbuf, cmap->Colors) == GIF_ERROR) {
+ 					goto error;
+ 				}
+ 			}
+-- 
+2.20.1
+

package/libinput/libinput.hash

@@ -1,8 +1,8 @@
-# From https://lists.freedesktop.org/archives/wayland-devel/2020-February/041227.html
-md5 eb6bd2907ad33d53954d70dfb881a643 libinput-1.15.2.tar.xz
-sha1 2a0c4ce80ee43a9a1b274bfe40ca638037716584 libinput-1.15.2.tar.xz
-sha256 971c3fbfb624f95c911adeb2803c372e4e3647d1b98f278f660051f834597747 libinput-1.15.2.tar.xz
-sha512 f6b50dbdf6ee6b65f88e020c4292c94c3178125d58629f27c2e52f92b658ccd67e0c5604fbf0b303621ff0386637ce1e291daaa991761d4145e8bcda4dd128a2 libinput-1.15.2.tar.xz
+# From https://lists.freedesktop.org/archives/wayland-devel/2020-March/041288.html
+md5  6fbea8d51d9194d7ba33f96d7c4cee56  libinput-1.15.3.tar.xz
+sha1  101fd149b851c197323129efcdfe5c1c6c940b43  libinput-1.15.3.tar.xz
+sha256  5b12427dd50489c2b41b04ae2ca54e31a112a33cb861f00ccd15a2ad7a88694d  libinput-1.15.3.tar.xz
+sha512  6636fd618e2b9cfa5ee44701207dc98f2639adc53eb3ef135509d936fb19b2cedf5184eab58e887798d9cf8ee65f35bc9062f7e3630080bcbe45a90a8b631ef2  libinput-1.15.3.tar.xz
 
 # License files
-sha256 70d5b1dfe5a9c50a1f2ea91b1c2b1c85d876c5c92339585edbb85cf69e945e14 COPYING
+sha256  70d5b1dfe5a9c50a1f2ea91b1c2b1c85d876c5c92339585edbb85cf69e945e14  COPYING

package/libinput/libinput.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBINPUT_VERSION = 1.15.2
+LIBINPUT_VERSION = 1.15.3
 LIBINPUT_SOURCE = libinput-$(LIBINPUT_VERSION).tar.xz
 LIBINPUT_SITE = http://www.freedesktop.org/software/libinput
 LIBINPUT_DEPENDENCIES = host-pkgconf libevdev mtdev udev

package/libnss/0001-Bug-1614183-Check-if-PPC-__has_include-sys-auxv.h.patch

@@ -0,0 +1,51 @@
+From d9c7cbb3660d8a2da9ce42e4d1b58642a256a91a Mon Sep 17 00:00:00 2001
+From: Giulio Benetti <giulio.benetti@benettiengineering.com>
+Date: Sun, 9 Feb 2020 10:15:16 +0100
+Subject: [PATCH] Bug 1614183 - Check if PPC __has_include(<sys/auxv.h>)
+
+Some build environment doesn't provide <sys/auxv.h> and this causes
+build failure, so let's check if that header exists by using
+__has_include() helper.
+
+Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
+---
+ nss/lib/freebl/blinit.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/nss/lib/freebl/blinit.c b/nss/lib/freebl/blinit.c
+index 7e8adfc64..d4921aaee 100644
+--- a/nss/lib/freebl/blinit.c
++++ b/nss/lib/freebl/blinit.c
+@@ -431,8 +431,14 @@ ppc_crypto_support()
+ 
+ #if defined(__powerpc__)
+ 
++#ifndef __has_include
++#define __has_include(x) 0
++#endif
++
+ #if defined(__linux__) || (defined(__FreeBSD__) && __FreeBSD__ >= 12)
++#if __has_include(<sys/auxv.h>)
+ #include <sys/auxv.h>
++#endif
+ #elif (defined(__FreeBSD__) && __FreeBSD__ < 12)
+ #include <sys/sysctl.h>
+ #endif
+@@ -449,10 +455,14 @@ CheckPPCSupport()
+ 
+     unsigned long hwcaps = 0;
+ #if defined(__linux__)
++#if __has_include(<sys/auxv.h>)
+     hwcaps = getauxval(AT_HWCAP2);
++#endif
+ #elif defined(__FreeBSD__)
+ #if __FreeBSD__ >= 12
++#if __has_include(<sys/auxv.h>)
+     elf_aux_info(AT_HWCAP2, &hwcaps, sizeof(hwcaps));
++#endif
+ #else
+     size_t len = sizeof(hwcaps);
+     sysctlbyname("hw.cpu_features2", &hwcaps, &len, NULL, 0);
+-- 
+2.20.1
+

package/libsndfile/0004-src-wav.c-Fix-heap-read-overflow.patch

@@ -0,0 +1,35 @@
+From 42132c543358cee9f7c3e9e9b15bb6c1063a608e Mon Sep 17 00:00:00 2001
+From: Erik de Castro Lopo <erikd@mega-nerd.com>
+Date: Tue, 1 Jan 2019 20:11:46 +1100
+Subject: [PATCH] src/wav.c: Fix heap read overflow
+
+This is CVE-2018-19758.
+
+Closes: https://github.com/erikd/libsndfile/issues/435
+[Retrieved (and backported) from:
+https://github.com/erikd/libsndfile/commit/42132c543358cee9f7c3e9e9b15bb6c1063a608e]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ src/wav.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/wav.c b/src/wav.c
+index 9d71aadb..5c825f2a 100644
+--- a/src/wav.c
++++ b/src/wav.c
+@@ -1,5 +1,5 @@
+ /*
+-** Copyright (C) 1999-2016 Erik de Castro Lopo <erikd@mega-nerd.com>
++** Copyright (C) 1999-2019 Erik de Castro Lopo <erikd@mega-nerd.com>
+ ** Copyright (C) 2004-2005 David Viens <davidv@plogue.com>
+ **
+ ** This program is free software; you can redistribute it and/or modify
+@@ -1146,6 +1146,8 @@ wav_write_header (SF_PRIVATE *psf, int calc_length)
+ 		psf_binheader_writef (psf, "44", BHW4 (0), BHW4 (0)) ; /* SMTPE format */
+ 		psf_binheader_writef (psf, "44", BHW4 (psf->instrument->loop_count), BHW4 (0)) ;
+ 
++		/* Loop count is signed 16 bit number so we limit it range to something sensible. */
++		psf->instrument->loop_count &= 0x7fff ;
+ 		for (tmp = 0 ; tmp < psf->instrument->loop_count ; tmp++)
+ 		{	int type ;
+ 

package/libsndfile/0005-wav_write_header-don-t-read-past-the-array-end.patch

@@ -0,0 +1,33 @@
+From 6d7ce94c020cc720a6b28719d1a7879181790008 Mon Sep 17 00:00:00 2001
+From: Emilio Pozuelo Monfort <pochu27@gmail.com>
+Date: Tue, 5 Mar 2019 11:27:17 +0100
+Subject: [PATCH] wav_write_header: don't read past the array end
+
+If loop_count is bigger than the array, truncate it to the array
+length (and not to 32k).
+
+CVE-2019-3832
+[Retrieved from:
+https://github.com/erikd/libsndfile/commit/6d7ce94c020cc720a6b28719d1a7879181790008]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ src/wav.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/wav.c b/src/wav.c
+index 5c825f2a..104bd0a7 100644
+--- a/src/wav.c
++++ b/src/wav.c
+@@ -1146,8 +1146,10 @@ wav_write_header (SF_PRIVATE *psf, int calc_length)
+ 		psf_binheader_writef (psf, "44", BHW4 (0), BHW4 (0)) ; /* SMTPE format */
+ 		psf_binheader_writef (psf, "44", BHW4 (psf->instrument->loop_count), BHW4 (0)) ;
+ 
+-		/* Loop count is signed 16 bit number so we limit it range to something sensible. */
+-		psf->instrument->loop_count &= 0x7fff ;
++		/* Make sure we don't read past the loops array end. */
++		if (psf->instrument->loop_count > ARRAY_LEN (psf->instrument->loops))
++			psf->instrument->loop_count = ARRAY_LEN (psf->instrument->loops) ;
++
+ 		for (tmp = 0 ; tmp < psf->instrument->loop_count ; tmp++)
+ 		{	int type ;
+ 

package/libsndfile/libsndfile.mk

@@ -20,6 +20,10 @@ LIBSNDFILE_IGNORE_CVES += \
 	CVE-2018-19661 CVE-2018-19662
 # disputed, https://github.com/erikd/libsndfile/issues/398
 LIBSNDFILE_IGNORE_CVES += CVE-2018-13419
+# 0004-src-wav.c-Fix-heap-read-overflow.patch
+LIBSNDFILE_IGNORE_CVES += CVE-2018-19758
+# 0005-wav_write_header-don-t-read-past-the-array-end.patch
+LIBSNDFILE_IGNORE_CVES += CVE-2019-3832
 
 LIBSNDFILE_CONF_OPTS = \
 	--disable-sqlite \

package/libssh2/0003-packet-c-improve-message-parsing.patch

@@ -0,0 +1,127 @@
+From dedcbd106f8e52d5586b0205bc7677e4c9868f9c Mon Sep 17 00:00:00 2001
+From: Will Cosgrove <will@panic.com>
+Date: Fri, 30 Aug 2019 09:57:38 -0700
+Subject: [PATCH] packet.c: improve message parsing (#402)
+
+* packet.c: improve parsing of packets
+
+file: packet.c
+
+notes:
+Use _libssh2_get_string API in SSH_MSG_DEBUG/SSH_MSG_DISCONNECT. Additional uint32 bounds check in SSH_MSG_GLOBAL_REQUEST.
+[Retrieved from:
+https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ src/packet.c | 68 ++++++++++++++++++++++------------------------------
+ 1 file changed, 29 insertions(+), 39 deletions(-)
+
+diff --git a/src/packet.c b/src/packet.c
+index 38ab6294..2e01bfc5 100644
+--- a/src/packet.c
++++ b/src/packet.c
+@@ -419,8 +419,8 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
+                     size_t datalen, int macstate)
+ {
+     int rc = 0;
+-    char *message = NULL;
+-    char *language = NULL;
++    unsigned char *message = NULL;
++    unsigned char *language = NULL;
+     size_t message_len = 0;
+     size_t language_len = 0;
+     LIBSSH2_CHANNEL *channelp = NULL;
+@@ -472,33 +472,23 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
+ 
+         case SSH_MSG_DISCONNECT:
+             if(datalen >= 5) {
+-                size_t reason = _libssh2_ntohu32(data + 1);
++                uint32_t reason = 0;
++                struct string_buf buf;
++                buf.data = (unsigned char *)data;
++                buf.dataptr = buf.data;
++                buf.len = datalen;
++                buf.dataptr++; /* advance past type */
+ 
+-                if(datalen >= 9) {
+-                    message_len = _libssh2_ntohu32(data + 5);
++                _libssh2_get_u32(&buf, &reason);
++                _libssh2_get_string(&buf, &message, &message_len);
++                _libssh2_get_string(&buf, &language, &language_len);
+ 
+-                    if(message_len < datalen-13) {
+-                        /* 9 = packet_type(1) + reason(4) + message_len(4) */
+-                        message = (char *) data + 9;
+-
+-                        language_len =
+-                            _libssh2_ntohu32(data + 9 + message_len);
+-                        language = (char *) data + 9 + message_len + 4;
+-
+-                        if(language_len > (datalen-13-message_len)) {
+-                            /* bad input, clear info */
+-                            language = message = NULL;
+-                            language_len = message_len = 0;
+-                        }
+-                    }
+-                    else
+-                        /* bad size, clear it */
+-                        message_len = 0;
+-                }
+                 if(session->ssh_msg_disconnect) {
+-                    LIBSSH2_DISCONNECT(session, reason, message,
+-                                       message_len, language, language_len);
++                    LIBSSH2_DISCONNECT(session, reason, (const char *)message,
++                                       message_len, (const char *)language,
++                                       language_len);
+                 }
++
+                 _libssh2_debug(session, LIBSSH2_TRACE_TRANS,
+                                "Disconnect(%d): %s(%s)", reason,
+                                message, language);
+@@ -539,24 +529,24 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
+                 int always_display = data[1];
+ 
+                 if(datalen >= 6) {
+-                    message_len = _libssh2_ntohu32(data + 2);
+-
+-                    if(message_len <= (datalen - 10)) {
+-                        /* 6 = packet_type(1) + display(1) + message_len(4) */
+-                        message = (char *) data + 6;
+-                        language_len = _libssh2_ntohu32(data + 6 +
+-                                                        message_len);
+-
+-                        if(language_len <= (datalen - 10 - message_len))
+-                            language = (char *) data + 10 + message_len;
+-                    }
++                    struct string_buf buf;
++                    buf.data = (unsigned char *)data;
++                    buf.dataptr = buf.data;
++                    buf.len = datalen;
++                    buf.dataptr += 2; /* advance past type & always display */
++
++                    _libssh2_get_string(&buf, &message, &message_len);
++                    _libssh2_get_string(&buf, &language, &language_len);
+                 }
+ 
+                 if(session->ssh_msg_debug) {
+-                    LIBSSH2_DEBUG(session, always_display, message,
+-                                  message_len, language, language_len);
++                    LIBSSH2_DEBUG(session, always_display,
++                                  (const char *)message,
++                                  message_len, (const char *)language,
++                                  language_len);
+                 }
+             }
++
+             /*
+              * _libssh2_debug will actually truncate this for us so
+              * that it's not an inordinate about of data
+@@ -579,7 +569,7 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
+                 uint32_t len = 0;
+                 unsigned char want_reply = 0;
+                 len = _libssh2_ntohu32(data + 1);
+-                if(datalen >= (6 + len)) {
++                if((len <= (UINT_MAX - 6)) && (datalen >= (6 + len))) {
+                     want_reply = data[5 + len];
+                     _libssh2_debug(session,
+                                    LIBSSH2_TRACE_CONN,

package/libssh2/libssh2.mk

@@ -11,6 +11,9 @@ LIBSSH2_LICENSE_FILES = COPYING
 LIBSSH2_INSTALL_STAGING = YES
 LIBSSH2_CONF_OPTS = --disable-examples-build
 
+# 0003-packet-c-improve-message-parsing.patch
+LIBSSH2_IGNORE_CVES += CVE-2019-17498
+
 # building from a git clone
 LIBSSH2_AUTORECONF = YES
 

package/libvncserver/0002-libvnc-client-server-.pc.cmakein-remove-zlib.patch

@@ -0,0 +1,45 @@
+From 5abd95b65fe5ec24749164338a9718ecce19e240 Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Fri, 28 Feb 2020 10:29:58 +0100
+Subject: [PATCH] libvnc{client,server}.pc.cmakein: remove zlib
+
+Remove zlib from Requires.private as libvnc can be built without zlib
+thanks to WITH_LIB, zlib will be added to Libs.private thanks to
+PRIVATE_LIBS
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Upstream status: https://github.com/LibVNC/libvncserver/pull/377]
+---
+ libvncclient.pc.cmakein | 2 +-
+ libvncserver.pc.cmakein | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libvncclient.pc.cmakein b/libvncclient.pc.cmakein
+index 336e73f..ceeda39 100644
+--- a/libvncclient.pc.cmakein
++++ b/libvncclient.pc.cmakein
+@@ -7,7 +7,7 @@ Name: LibVNCClient
+ Description: A library for easy implementation of a VNC client.
+ Version: @LibVNCServer_VERSION@
+ Requires:
+-Requires.private: zlib
++Requires.private:
+ Libs: -L${libdir} -lvncclient
+ Libs.private: @PRIVATE_LIBS@
+ Cflags: -I${includedir}
+diff --git a/libvncserver.pc.cmakein b/libvncserver.pc.cmakein
+index dfcec9d..33ec668 100644
+--- a/libvncserver.pc.cmakein
++++ b/libvncserver.pc.cmakein
+@@ -7,7 +7,7 @@ Name: LibVNCServer
+ Description: A library for easy implementation of a VNC server.
+ Version: @LibVNCServer_VERSION@
+ Requires:
+-Requires.private: zlib
++Requires.private:
+ Libs: -L${libdir} -lvncserver
+ Libs.private: @PRIVATE_LIBS@
+ Cflags: -I${includedir}
+-- 
+2.25.0
+

package/libvncserver/0003-Limit-lenght-to-INT_MAX-bytes-in-rfbProcessFileTransferReadBuffer.patch

@@ -0,0 +1,47 @@
+From 09e8fc02f59f16e2583b34fe1a270c238bd9ffec Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
+Date: Mon, 7 Jan 2019 10:40:01 +0100
+Subject: [PATCH] Limit lenght to INT_MAX bytes in
+ rfbProcessFileTransferReadBuffer()
+
+This ammends 15bb719c03cc70f14c36a843dcb16ed69b405707 fix for a heap
+out-of-bound write access in rfbProcessFileTransferReadBuffer() when
+reading a transfered file content in a server. The former fix did not
+work on platforms with a 32-bit int type (expected by rfbReadExact()).
+
+CVE-2018-15127
+<https://github.com/LibVNC/libvncserver/issues/243>
+<https://github.com/LibVNC/libvncserver/issues/273>
+[Retrieved from:
+https://github.com/LibVNC/libvncserver/commit/09e8fc02f59f16e2583b34fe1a270c238bd9ffec]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ libvncserver/rfbserver.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c
+index 7af84906..f2edbeea 100644
+--- a/libvncserver/rfbserver.c
++++ b/libvncserver/rfbserver.c
+@@ -88,6 +88,8 @@
+ #include <errno.h>
+ /* strftime() */
+ #include <time.h>
++/* INT_MAX */
++#include <limits.h>
+ 
+ #ifdef LIBVNCSERVER_WITH_WEBSOCKETS
+ #include "rfbssl.h"
+@@ -1472,8 +1474,11 @@ char *rfbProcessFileTransferReadBuffer(rfbClientPtr cl, uint32_t length)
+        0XFFFFFFFF, i.e. SIZE_MAX for 32-bit systems. On 64-bit systems, a length of 0XFFFFFFFF
+        will safely be allocated since this check will never trigger and malloc() can digest length+1
+        without problems as length is a uint32_t.
++       We also later pass length to rfbReadExact() that expects a signed int type and
++       that might wrap on platforms with a 32-bit int type if length is bigger
++       than 0X7FFFFFFF.
+     */
+-    if(length == SIZE_MAX) {
++    if(length == SIZE_MAX || length > INT_MAX) {
+ 	rfbErr("rfbProcessFileTransferReadBuffer: too big file transfer length requested: %u", (unsigned int)length);
+ 	rfbCloseClient(cl);
+ 	return NULL;

package/libvncserver/0004-rfbserver-don-t-leak-stack-memory-to-the-remote.patch

@@ -0,0 +1,26 @@
+From d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a Mon Sep 17 00:00:00 2001
+From: Christian Beier <dontmind@freeshell.org>
+Date: Mon, 19 Aug 2019 22:32:25 +0200
+Subject: [PATCH] rfbserver: don't leak stack memory to the remote
+
+Thanks go to Pavel Cheremushkin of Kaspersky for reporting.
+[Retrieved from:
+https://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ libvncserver/rfbserver.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c
+index 3bacc891..310e5487 100644
+--- a/libvncserver/rfbserver.c
++++ b/libvncserver/rfbserver.c
+@@ -3724,6 +3724,8 @@ rfbSendServerCutText(rfbScreenInfoPtr rfbScreen,char *str, int len)
+     rfbServerCutTextMsg sct;
+     rfbClientIteratorPtr iterator;
+ 
++    memset((char *)&sct, 0, sizeof(sct));
++
+     iterator = rfbGetClientIterator(rfbScreen);
+     while ((cl = rfbClientIteratorNext(iterator)) != NULL) {
+         sct.type = rfbServerCutText;

package/libvncserver/0005-CMakeLists.txt-don-t-build-tight.c-without-png-or-zl.patch

@@ -0,0 +1,54 @@
+From 8f58a9d9f35e6b893b54b399be357bc789f6e630 Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Sun, 8 Mar 2020 10:36:57 +0100
+Subject: [PATCH] CMakeLists.txt: don't build tight.c without png or zlib
+
+If the user enables JPEG and disable PNG and ZLIB, build will fail on:
+
+[ 42%] Building C object CMakeFiles/vncserver.dir/libvncserver/ws_decode.c.o
+/nvmedata/autobuild/instance-3/output-1/build/libvncserver-0.9.12/libvncserver/tight.c: In function 'rfbSendRectEncodingTight':
+/nvmedata/autobuild/instance-3/output-1/build/libvncserver-0.9.12/libvncserver/tight.c:276:7: error: 'struct _rfbClientRec' has no member named 'tightEncoding'
+     cl->tightEncoding = rfbEncodingTight;
+       ^~
+/nvmedata/autobuild/instance-3/output-1/build/libvncserver-0.9.12/libvncserver/tight.c: In function 'rfbSendRectEncodingTightPng':
+/nvmedata/autobuild/instance-3/output-1/build/libvncserver-0.9.12/libvncserver/tight.c:287:7: error: 'struct _rfbClientRec' has no member named 'tightEncoding'
+     cl->tightEncoding = rfbEncodingTightPng;
+       ^~
+/nvmedata/autobuild/instance-3/output-1/build/libvncserver-0.9.12/libvncserver/tight.c: In function 'SendRectEncodingTight':
+/nvmedata/autobuild/instance-3/output-1/build/libvncserver-0.9.12/libvncserver/tight.c:307:23: error: 'struct _rfbClientRec' has no member named 'tightCompressLevel'
+     compressLevel = cl->tightCompressLevel;
+                       ^~
+/nvmedata/autobuild/instance-3/output-1/build/libvncserver-0.9.12/libvncserver/tight.c:308:22: error: 'struct _rfbClientRec' has no member named 'turboQualityLevel'
+     qualityLevel = cl->turboQualityLevel;
+                      ^~
+/nvmedata/autobuild/instance-3/output-1/build/libvncserver-0.9.12/libvncserver/tight.c:309:22: error: 'struct _rfbClientRec' has no member named 'turboSubsampLevel'
+     subsampLevel = cl->turboSubsampLevel;
+                      ^~
+
+Fixes:
+ - http://autobuild.buildroot.org/results/bcc701055dd5876005fa6f78f38500399394cd75
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Upstream status: https://github.com/LibVNC/libvncserver/pull/380]
+---
+ CMakeLists.txt | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 2a2cb15..b8bc9e2 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -425,7 +425,9 @@ endif()
+ if(JPEG_FOUND)
+   add_definitions(-DLIBVNCSERVER_HAVE_LIBJPEG)
+   include_directories(${JPEG_INCLUDE_DIR})
+-  set(TIGHT_C ${LIBVNCSERVER_DIR}/tight.c ${COMMON_DIR}/turbojpeg.c)
++  if(PNG_FOUND OR ZLIB_FOUND)
++    set(TIGHT_C ${LIBVNCSERVER_DIR}/tight.c ${COMMON_DIR}/turbojpeg.c)
++  endif(PNG_FOUND OR ZLIB_FOUND)
+ endif(JPEG_FOUND)
+ 
+ if(PNG_FOUND)
+-- 
+2.25.0
+

package/libvncserver/libvncserver.mk

@@ -13,6 +13,12 @@ LIBVNCSERVER_INSTALL_STAGING = YES
 LIBVNCSERVER_DEPENDENCIES = host-pkgconf lzo
 LIBVNCSERVER_CONF_OPTS = -DWITH_LZO=ON
 
+# 0003-Limit-lenght-to-INT_MAX-bytes-in-rfbProcessFileTransferReadBuffer.patch
+LIBVNCSERVER_IGNORE_CVES += CVE-2018-20750
+
+# 0004-rfbserver-don-t-leak-stack-memory-to-the-remote.patch
+LIBVNCSERVER_IGNORE_CVES += CVE-2019-15681
+
 # only used for examples
 LIBVNCSERVER_CONF_OPTS += \
 	-DWITH_FFMPEG=OFF \

package/libvorbis/0001-CVE-2017-14160-fix-bounds-check-on-very-low-sample-rates.patch

@@ -4,11 +4,14 @@ Subject: CVE-2017-14160: fix bounds check on very low sample rates.
 X-Git-Url: https://git.xiph.org/?p=vorbis.git;a=commitdiff_plain;h=018ca26dece618457dd13585cad52941193c4a25
 
 CVE-2017-14160: fix bounds check on very low sample rates.
+CVE-2018-10393: Out-of-bounds Read
 
 Downloaded from upstream commit
 https://git.xiph.org/?p=vorbis.git;a=commitdiff;h=018ca26dece618457dd13585cad52941193c4a25
 
 Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
+[yann.morin.1998@free.fr: also fixes CVE-2018-10393]
+Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
 ---
 
 diff --git a/lib/psy.c b/lib/psy.c

package/libvorbis/0002-Sanity-check-number-of-channels-in-setup.patch

@@ -0,0 +1,28 @@
+From 112d3bd0aaacad51305e1464d4b381dabad0e88b Mon Sep 17 00:00:00 2001
+From: Thomas Daede <daede003@umn.edu>
+Date: Thu, 17 May 2018 16:19:19 -0700
+Subject: [PATCH] Sanity check number of channels in setup.
+
+Fixes #2335.
+[Retrieved from:
+https://gitlab.xiph.org/xiph/vorbis/commit/112d3bd0aaacad51305e1464d4b381dabad0e88b]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ lib/vorbisenc.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/lib/vorbisenc.c b/lib/vorbisenc.c
+index 4fc7b62..64a51b5 100644
+--- a/lib/vorbisenc.c
++++ b/lib/vorbisenc.c
+@@ -684,6 +684,7 @@ int vorbis_encode_setup_init(vorbis_info *vi){
+   highlevel_encode_setup *hi=&ci->hi;
+ 
+   if(ci==NULL)return(OV_EINVAL);
++  if(vi->channels<1||vi->channels>255)return(OV_EINVAL);
+   if(!hi->impulse_block_p)i0=1;
+ 
+   /* too low/high an ATH floater is nonsensical, but doesn't break anything */
+-- 
+2.24.1
+

package/libvorbis/libvorbis.mk

@@ -13,4 +13,10 @@ LIBVORBIS_DEPENDENCIES = host-pkgconf libogg
 LIBVORBIS_LICENSE = BSD-3-Clause
 LIBVORBIS_LICENSE_FILES = COPYING
 
+# 0001-CVE-2017-14160-fix-bounds-check-on-very-low-sample-rates.patch
+LIBVORBIS_IGNORE_CVES += CVE-2018-10393
+
+# 0002-Sanity-check-number-of-channels-in-setup.patch
+LIBVORBIS_IGNORE_CVES += CVE-2018-10392
+
 $(eval $(autotools-package))

package/linknx/linknx.mk

@@ -17,7 +17,9 @@ LINKNX_CONF_OPTS = \
 	--with-pth=$(STAGING_DIR)/usr \
 	--disable-smtp
 
-LINKNX_DEPENDENCIES = libpthsem \
+LINKNX_DEPENDENCIES = \
+	host-pkgconf \
+	libpthsem \
 	$(if $(BR2_PACKAGE_ARGP_STANDALONE),argp-standalone) \
 	$(if $(BR2_PACKAGE_LIBICONV),libiconv)
 
@@ -30,7 +32,7 @@ endif
 
 ifeq ($(BR2_PACKAGE_LOG4CPP),y)
 LINKNX_CONF_OPTS += --with-log4cpp
-LINKNX_DEPENDENCIES += host-pkgconf log4cpp
+LINKNX_DEPENDENCIES += log4cpp
 else
 LINKNX_CONF_OPTS += --without-log4cpp
 endif

package/linux-headers/Config.in.host

@@ -318,11 +318,11 @@ endchoice
 
 config BR2_DEFAULT_KERNEL_HEADERS
 	string
-	default "4.4.214"	if BR2_KERNEL_HEADERS_4_4
-	default "4.9.214"	if BR2_KERNEL_HEADERS_4_9
-	default "4.14.171"	if BR2_KERNEL_HEADERS_4_14
-	default "4.19.106"	if BR2_KERNEL_HEADERS_4_19
-	default "5.4.22"	if BR2_KERNEL_HEADERS_5_4
+	default "4.4.215"	if BR2_KERNEL_HEADERS_4_4
+	default "4.9.215"	if BR2_KERNEL_HEADERS_4_9
+	default "4.14.172"	if BR2_KERNEL_HEADERS_4_14
+	default "4.19.107"	if BR2_KERNEL_HEADERS_4_19
+	default "5.4.23"	if BR2_KERNEL_HEADERS_5_4
 	default BR2_DEFAULT_KERNEL_VERSION if BR2_KERNEL_HEADERS_VERSION
 	default "custom"	if BR2_KERNEL_HEADERS_CUSTOM_TARBALL
 	default BR2_KERNEL_HEADERS_CUSTOM_REPO_VERSION \

package/lxc/0003-src-lxc-raw_syscalls.c-fix-sparc-assembly.patch

@@ -0,0 +1,41 @@
+From 5f7dd076fe203ebe6992698b63a1856a98bc0bba Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Fri, 28 Feb 2020 17:35:42 +0100
+Subject: [PATCH] src/lxc/raw_syscalls.c: fix sparc assembly
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Build of lxc 3.2.1 fails with ultrasparc on:
+
+raw_syscalls.c: In function ‘lxc_raw_clone’:
+raw_syscalls.c:66:3: error: invalid 'asm': invalid operand output code
+   asm volatile(
+   ^~~
+
+Issue has been added with commit
+b52e8e68a61866da2af86e85905ec850f8a8b7fc which added %g1 instead of %%g1
+
+Fixes:
+ - http://autobuild.buildroot.org/results/17c2319850f02f24da6fbef9656c07f86fdc5a3a
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Retrieved from:
+https://github.com/lxc/lxc/commit/5f7dd076fe203ebe6992698b63a1856a98bc0bba]
+---
+ src/lxc/raw_syscalls.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/lxc/raw_syscalls.c b/src/lxc/raw_syscalls.c
+index 7ffb2584b8..bfa48c0348 100644
+--- a/src/lxc/raw_syscalls.c
++++ b/src/lxc/raw_syscalls.c
+@@ -76,7 +76,7 @@ __returns_twice pid_t lxc_raw_clone(unsigned long flags, int *pidfd)
+ 		     * processor status register (psr) is used instead of a
+ 		     * full register.
+ 		     */
+-		    "addx %%g0, 0, %g1"
++		    "addx %%g0, 0, %%g1"
+ 		    : "=r"(g1), "=r"(o0), "=r"(o1), "=r"(o2) /* outputs */
+ 		    : "r"(g1), "r"(o0), "r"(o1), "r"(o2)     /* inputs */
+ 		    : "%cc");				     /* clobbers */