Update for 2020.02.10

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

.gitlab-ci.yml

@@ -4,7 +4,7 @@
 # It needs to be regenerated every time a defconfig is added, using
 # "make .gitlab-ci.yml".
 
-image: buildroot/base:20191027.2027
+image: buildroot/base:20200814.2228
 
 .check_base:
     rules:
@@ -28,7 +28,7 @@ check-flake8:
         - find * -type f -print0 | xargs -0 file | grep 'Python script' | cut -d':' -f1 >> files.txt
         - sort -u files.txt | tee files.processed
     script:
-        - python -m flake8 --statistics --count --max-line-length=132 $(cat files.processed)
+        - python3 -m flake8 --statistics --count --max-line-length=132 $(cat files.processed)
     after_script:
         - wc -l files.processed
 

.gitlab-ci.yml.in

@@ -4,7 +4,7 @@
 # It needs to be regenerated every time a defconfig is added, using
 # "make .gitlab-ci.yml".
 
-image: buildroot/base:20191027.2027
+image: buildroot/base:20200814.2228
 
 .check_base:
     rules:
@@ -28,7 +28,7 @@ check-flake8:
         - find * -type f -print0 | xargs -0 file | grep 'Python script' | cut -d':' -f1 >> files.txt
         - sort -u files.txt | tee files.processed
     script:
-        - python -m flake8 --statistics --count --max-line-length=132 $(cat files.processed)
+        - python3 -m flake8 --statistics --count --max-line-length=132 $(cat files.processed)
     after_script:
         - wc -l files.processed
 

CHANGES

@@ -1,3 +1,136 @@
+2020.02.10, released January 31st, 2021
+
+	Important / security related fixes.
+
+	Download: Ensure git submodules are correctly fetched if
+	enabled for a package with <pkg>_GIT_SUBMODULES = YES and the
+	host variant is downloaded first.
+
+	Toolchain: Mark CodeSourcery Aarch64 2014.11 toolchain as not
+	having libatomic.
+
+	pkg-stats: Fix python 3.8+ deprecation warning.
+
+	meson: Ensure ccache is not detected and used, as it may
+	conflict with the ccache handling in Buildroot.
+
+	New packages: libnpupnp
+
+	Updated/fixed packages: bctoolbox, brltty, dbus, dovecot,
+	dovecot-pigeonhole, gcc, gerbera, gmrender-resurrect, gst-omx,
+	gst1-plugins-bad, gst1-plugins-base, gst1-plugins-good,
+	gst1-plugins-ugly, gst1-rtsp-server, gst1-vaapi,
+	gst1-validate, gstreamer1, gstreamer1-editing-services,
+	igd2-for-linux, libclc, libllcp, libtorrent-rasterbar,
+	libupnp, libupnpp, lpc32xxcdl, luarocks, mpd, nfs-utils,
+	nodejs, openjpeg, openldap, opentracing-cpp, openvpn, p11-kit,
+	paho-mqtt-c, php, poppler, postgresql, python3, runc, sudo,
+	syslog-ng, systemd, tini, trace-cmd, tzdata, ushare, vlc,
+	wavpack, wireguard-linux-compat, wolfssl, xapp_xload, xorriso,
+	zic
+
+	Removed packages: libupnp18
+
+	Issues resolved (http://bugs.uclibc.org):
+
+	#13471: package/mpd/mpd.conf make use of path not created
+
+2020.02.9, released December 27th, 2020
+
+	Important / security related fixes.
+
+	Infrastructure:
+	- cmake: fix host ccache handling for CMake 3.19
+	- meson: Forcibly disable binary stripping for
+	  target builds, enable for host builds
+	- golang: Fix HOST / TARGET directories for per-package builds
+
+	Defconfigs: Beaglebone Qt5: Fix ti-sgx related issues
+
+	Updated/fixed packages: apitrace, arm-trusted-firmware,
+	bustle, c-ares, ca-certificates, cdrkit, cryptopp, dhcpcd,
+	docker-containerd, dtv-scan-tables, flare-engine, ghostscript,
+	haproxy, imagemagick, imx-gpu-viv, jasper, jemalloc,
+	jpeg-turbo, libcap, libcurl, libglib2, libgpiod, libkrb5,
+	libopenssl, libplist, libressl, libuv, libuvw, lynx, mariadb,
+	mbedtls, minidlna, monkey, musl, mutt, ncurses, netsnmp,
+	nodejs, opencv3, openldap, openrc, opkg-utils, paho-mqtt-c,
+	php, privoxy, proftpd, python-crc16, python-flask-cors,
+	python-lxml, python-pip, python-pyparsing, python-pyqt5, qemu,
+	qt5base, raptor, rauc, ruby, setserial, shadowsocks-libev,
+	slirp, sqlcipher, ti-sgx-demos, tinycbor, vsftpd,
+	wireless-regdb, wireshark, x11vnc, xen, xinetd,
+	xserver_xorg-server
+
+	Issues resolved (http://bugs.uclibc.org):
+
+	#13276: libcap builds libcap.pc incorrectly
+	#13316: beaglebone_qt5_defconfig: PowerVR fails to start
+	#13341: Mistake in /etc/init.d/S70vsftpd
+
+2020.02.8, released November 16th, 2020
+
+	Important / security related fixes.
+
+	Updated/fixed packages: angularjs, argp-standalone, asterisk,
+	bandwidthd, bitcoin, busybox, cryptsetup, darkhttpd, davfs2,
+	docker-cli, docker-containerd, docker-engine,
+	dovecot-pigeonhole, fastd, fbset, fbtft, freetype, gcc,
+	ghostscript, gnuradio, grpc, gst1-plugins-bad, jsoncpp,
+	keepalived, libass, libexif, libiqrf, libpam-tacplus, libraw,
+	linux-backports, linux-firmware, lzlib, netsnmp, nginx,
+	oniguruma, opencv3, openntpd, patchelf, php, postgresql,
+	python-pyqt5, qt5base, rauc, redis, samba4, slirp, systemd,
+	tcpdump, tmux, tor, webkitgtk, wireguard-linux-compat,
+	wireshark, wpewebkit, xen, xorriso, zeromq, zxing-cpp
+
+	Issues resolved (http://bugs.uclibc.org):
+
+	#11931: Bugs in support/scripts/apply-patches.sh
+
+2020.02.7, released October 12th, 2020
+
+	Important / security related fixes.
+
+	meson: Correct SDK cross-compilation.conf file when
+	per-package builds were used to build SDK.
+
+	systemd: Use /run rather than /var/run for PID files in units.
+
+	Toolchain: use Secure-PLT rather than BSS-PLT for PowerPC 32.
+
+	support/script/pycompile: Rework logic to ensure .pyc files
+	contain absolute target paths, fixing code inspection at
+	runtime when executed with cwd != '/'.
+
+	support/scripts/setlocalversion: Correct Mercurial output to
+	match behaviour with Git.
+
+	support/scripts/apply-patches.sh: Use patch
+	--no-backup-if-mismatch, so we no longer blindly have to
+	remove *.orig files after patching, fixing issues with
+	packages containing such files.
+
+	Updated/fixed packages: bandwidthd, barebox, bash, bison,
+	brotli, cifs-utils, cryptsetup, dhcpcd, dhcpdump, docker-cli,
+	docker-engine, ecryptfs-utils, efl, fail2ban, freetype, gcc,
+	gdb, ghostscript, gnutls, go, gst1-plugins-base,
+	gst1-plugins-ugly, ipmitool, libhtp, libraw, libssh, libxml2,
+	libxml-parser-perl, localedef, lua, memcached, mesa3d, meson,
+	minidlna, nginx, nodejs, nss-pam-ldapd, openvmtools, php,
+	postgresql, python, python-aenum, python-autobahn,
+	python-engineio, python-fire, python-pymodbus, python-scapy,
+	python-semver, python-sentry-sdk, python-socketio,
+	python-texttable, python-tinyrpc, python-txtorcon, python3,
+	qt5base, runc, samba4, strace, supertux, suricata, systemd,
+	vlc, wayland-protocols, wireguard-linux-compat, wireshark,
+	xserver_xorg-server, zeromq, zstd
+
+	Issues resolved (http://bugs.uclibc.org):
+
+	#12911: usb_modeswitch installation race condition
+	#13251: cryptsetup does not work on branch 2020.02 following..
+
 2020.02.6, released September 5th, 2020
 
 	Important / security related fixes.

Config.in.legacy

@@ -146,6 +146,17 @@ endif
 
 comment "Legacy options removed in 2020.02"
 
+config BR2_PACKAGE_LIBUPNP18
+	bool "libupnp18 package removed"
+	select BR2_LEGACY
+	select BR2_PACKAGE_LIBUPNP
+	help
+	  Version 1.8.x of libupnp (i.e. libupnp18) has been removed
+	  because it will never be fixed against CallStranger a.k.a.
+	  CVE-2020-12695. The libupnp package (which has been updated to
+	  version 1.14.x) has been selected instead.
+
+
 config BR2_PACKAGE_PYTHON_PYCRYPTO
 	bool "python-pycrypto package removed"
 	select BR2_LEGACY

DEVELOPERS

@@ -217,8 +217,9 @@ F:	package/pkg-golang.mk
 N:	Anthony Viallard <viallard@syscom-instruments.com>
 F:	package/gnuplot/
 
-N:	Antoine Ténart <antoine.tenart@bootlin.com>
-F:	package/wf111/
+N:	Antoine Tenart <atenart@kernel.org>
+F:	package/libselinux/
+F:	package/refpolicy/
 
 N:	Antony Pavlov <antonynpavlov@gmail.com>
 F:	package/lsscsi/
@@ -427,6 +428,7 @@ F:	package/perl-netaddr-ip/
 F:	package/perl-timedate/
 F:	package/perl-uri/
 F:	package/perl-www-robotrules/
+F:	package/php/
 F:	package/pixman/
 F:	package/pngquant/
 F:	package/pound/
@@ -666,7 +668,7 @@ N:	Dominik Faessler <faessler@was.ch>
 F:	package/logsurfer/
 F:	package/python-id3/
 
-N:	Doug Kehn <rdkehn@yahoo.com>
+N:	Doug Kehn <rdkehn@gmail.com>
 F:	package/nss-pam-ldapd/
 F:	package/sp-oops-extract/
 F:	package/unscd/
@@ -797,6 +799,8 @@ F:	package/libmaxminddb/
 F:	package/openzwave/
 
 N:	Fabrice Fontaine <fontaine.fabrice@gmail.com>
+F:	package/belle-sip/
+F:	package/belr/
 F:	package/boinc/
 F:	package/cairo/
 F:	package/duktape/
@@ -834,6 +838,7 @@ F:	package/libmatroska/
 F:	package/libmpdclient/
 F:	package/libnetfilter_conntrack/
 F:	package/libnetfilter_queue/
+F:	package/libnpupnp/
 F:	package/liboping/
 F:	package/libpfm4/
 F:	package/libraw/
@@ -844,7 +849,6 @@ F:	package/librsync/
 F:	package/libsoup/
 F:	package/libsoxr/
 F:	package/libupnp/
-F:	package/libupnp18/
 F:	package/libv4l/
 F:	package/libxslt/
 F:	package/mbedtls/
@@ -1360,7 +1364,7 @@ F:	board/technologic/ts7680/
 F:	configs/ts7680_defconfig
 F:	package/paho-mqtt-c
 
-N:	Julien Olivain <juju@cotds.org>
+N:	Julien Olivain <ju.o@free.fr>
 F:	board/technexion/imx8mmpico/
 F:	board/technexion/imx8mpico/
 F:	configs/imx8mmpico_defconfig
@@ -1486,9 +1490,6 @@ F:	package/mpv/
 F:	package/rpi-firmware/
 F:	package/rpi-userland/
 
-N:	Mamatha Inamdar <mamatha4@linux.vnet.ibm.com>
-F:	package/nvme/
-
 N:	Manuel Vögele <develop@manuel-voegele.de>
 F:	package/python-pyqt5/
 F:	package/python-requests-toolbelt/
@@ -1815,6 +1816,7 @@ F:	package/tpm-tools/
 F:	package/trousers/
 
 N:	Norbert Lange <nolange79@gmail.com>
+F:	package/systemd/
 F:	package/tcf-agent/
 
 N:	Nylon Chen <nylon7@andestech.com>
@@ -2004,7 +2006,7 @@ F:	package/kf5/
 N:	Pierre Floury <pierre.floury@gmail.com>
 F:	package/trace-cmd/
 
-N:	Pierre-Jean Texier <pjtexier@koncepto.io>
+N:	Pierre-Jean Texier <texier.pj2@gmail.com>
 F:	package/fping/
 F:	package/genimage/
 F:	package/haveged/
@@ -2122,6 +2124,7 @@ F:	package/ogre/
 F:	package/openpowerlink/
 F:	package/physfs/
 F:	package/piglit/
+F:	package/qemu/
 F:	package/solarus/
 F:	package/stress-ng/
 F:	package/supertux/
@@ -2140,6 +2143,7 @@ F:	package/davfs2/
 
 N:	Ryan Barnett <ryan.barnett@rockwellcollins.com>
 F:	package/atftp/
+F:	package/c-periphery/
 F:	package/miraclecast/
 F:	package/python-pyasn/
 F:	package/python-pysnmp/
@@ -2147,11 +2151,6 @@ F:	package/python-pysnmp-mibs/
 F:	package/python-tornado/
 F:	package/websocketpp/
 
-N:	Ryan Coe <bluemrp9@gmail.com>
-F:	package/inadyn/
-F:	package/libite/
-F:	package/mariadb/
-
 N:	Ryan Wilkins <ryan@deadfrog.net>
 F:	package/biosdevname/
 
@@ -2333,9 +2332,6 @@ N:	Thomas Claveirole <thomas.claveirole@green-communications.fr>
 F:	package/fcgiwrap/
 F:	package/openlayers/
 
-N:	Thomas Davis <sunsetbrew@sunsetbrew.com>
-F:	package/civetweb/
-
 N:	Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
 F:	docs/manual/
 F:	package/cereal/
@@ -2422,7 +2418,7 @@ F:	toolchain/
 N:	Timo Ketola <timo.ketola@exertus.fi>
 F:	package/fbgrab/
 
-N:	Titouan Christophe <titouan.christophe@railnova.eu>
+N:	Titouan Christophe <titouanchristophe@gmail.com>
 F:	package/avro-c/
 F:	package/mosquitto/
 F:	package/python-avro/
@@ -2430,9 +2426,6 @@ F:	package/redis/
 F:	package/waf/
 F:	support/testing/tests/package/test_crudini.py
 
-N:	Trent Piepho <tpiepho@impinj.com>
-F:	package/libp11/
-
 N:	Tudor Holton <buildroot@tudorholton.com>
 F:	package/openjdk/
 
@@ -2481,6 +2474,8 @@ N:	Wade Berrier <wberrier@gmail.com>
 F:	package/ngrep/
 
 N:	Waldemar Brodkorb <wbx@openadk.org>
+F:	package/mksh/
+F:	package/ruby/
 F:	package/uclibc/
 F:	package/uclibc-ng-test/
 

Makefile

@@ -92,9 +92,9 @@ all:
 .PHONY: all
 
 # Set and export the version string
-export BR2_VERSION := 2020.02.6
+export BR2_VERSION := 2020.02.10
 # Actual time the release is cut (for reproducible builds)
-BR2_VERSION_EPOCH = 1599333000
+BR2_VERSION_EPOCH = 1612128000
 
 # Save running make version since it's clobbered by the make package
 RUNNING_MAKE_VERSION := $(MAKE_VERSION)

board/beaglebone/readme.txt

@@ -7,7 +7,7 @@ Description
 This configuration will build a complete image for the beaglebone and
 the TI AM335x-EVM, the board type is identified by the on-board
 EEPROM. The configuration is based on the
-ti-processor-sdk-02.00.00.00. Device tree blobs for beaglebone
+ti-processor-sdk-06.01.00.08. Device tree blobs for beaglebone
 variants and the evm-sk are built too.
 
 For Qt5 support support use the beaglebone_qt5_defconfig.
@@ -43,10 +43,20 @@ output/images/
 To copy the image file to the sdcard use dd:
 $ dd if=output/images/sdcard.img of=/dev/XXX
 
+
+Running Qt5 hellowindow opengl demo:
+===================
+# export QT_QPA_EGLFS_KMS_CONFIG=/etc/qt5/eglfs_kms_cfg.json
+# export QT_QPA_PLATFORM=eglfs
+# export QT_QPA_EGLFS_INTEGRATION=none
+# /usr/lib/qt/examples/opengl/hellowindow/hellowindow
+
+
 Tested hardware
 ===============
 am335x-evm (rev. 1.1A)
 beagleboneblack (rev. A5A)
 beaglebone (rev. A6)
 
+2020, Adam Duskett <aduskett@gmail.com>
 2016, Lothar Felten <lothar.felten@gmail.com>

board/beaglebone/rootfs_overlay/etc/qt5/eglfs_kms_cfg.json

@@ -0,0 +1,15 @@
+{
+  "device": "/dev/dri/card0",
+  "hwcursor": false,
+  "pbuffers": true,
+  "outputs": [
+    {
+      "name": "VGA1",
+      "mode": "off"
+    },
+    {
+      "name": "HDMI1",
+      "mode": "1024x768"
+    }
+  ]
+}

board/boundarydevices/common/readme.txt

@@ -28,3 +28,9 @@ Where 'sdX' is the device node of the uSD partition.
 To upgrade u-boot, cancel autoboot and type:
 
 > run upgradeu
+
+See Boundary Devices's buildroot-external-boundary project
+for additional and advanced defconfigs using Qt5, gstreamer,
+NXP proprietary packages with demo applications:
+
+https://github.com/boundarydevices/buildroot-external-boundary

boot/arm-trusted-firmware/arm-trusted-firmware.mk

@@ -96,6 +96,14 @@ ARM_TRUSTED_FIRMWARE_MAKE_OPTS += MV_DDR_PATH=$(MV_DDR_MARVELL_DIR)
 ARM_TRUSTED_FIRMWARE_DEPENDENCIES += mv-ddr-marvell
 endif
 
+ifeq ($(BR2_SSP_REGULAR),y)
+ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=default
+else ifeq ($(BR2_SSP_STRONG),y)
+ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=strong
+else ifeq ($(BR2_SSP_ALL),y)
+ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=all
+endif
+
 ARM_TRUSTED_FIRMWARE_MAKE_TARGETS = all
 
 ifeq ($(BR2_TARGET_ARM_TRUSTED_FIRMWARE_FIP),y)

boot/barebox/barebox.mk

@@ -88,13 +88,6 @@ $(1)_KCONFIG_DEPENDENCIES = \
 	$(BR2_BISON_HOST_DEPENDENCY) \
 	$(BR2_FLEX_HOST_DEPENDENCY)
 
-ifeq ($$(BR2_TARGET_$(1)_BAREBOXENV),y)
-define $(1)_BUILD_BAREBOXENV_CMDS
-	$$(TARGET_CC) $$(TARGET_CFLAGS) $$(TARGET_LDFLAGS) -o $$(@D)/bareboxenv \
-		$$(@D)/scripts/bareboxenv.c
-endef
-endif
-
 ifeq ($$(BR2_TARGET_$(1)_CUSTOM_ENV),y)
 $(1)_ENV_NAME = $$(notdir $$(call qstrip,\
 	$$(BR2_TARGET_$(1)_CUSTOM_ENV_PATH)))
@@ -109,12 +102,23 @@ endef
 endif
 
 ifneq ($$($(1)_CUSTOM_EMBEDDED_ENV_PATH),)
-define $(1)_KCONFIG_FIXUP_CMDS
-	$$(call KCONFIG_ENABLE_OPT,CONFIG_DEFAULT_ENVIRONMENT,$$(@D)/.config)
-	$$(call KCONFIG_SET_OPT,CONFIG_DEFAULT_ENVIRONMENT_PATH,"$$($(1)_CUSTOM_EMBEDDED_ENV_PATH)",$$(@D)/.config)
+define $(1)_KCONFIG_FIXUP_CUSTOM_EMBEDDED_ENV_PATH
+	$$(call KCONFIG_ENABLE_OPT,CONFIG_DEFAULT_ENVIRONMENT)
+	$$(call KCONFIG_SET_OPT,CONFIG_DEFAULT_ENVIRONMENT_PATH,"$$($(1)_CUSTOM_EMBEDDED_ENV_PATH)")
 endef
 endif
 
+define $(1)_KCONFIG_FIXUP_BAREBOXENV
+	$$(if $$(BR2_TARGET_$(1)_BAREBOXENV),\
+		$$(call KCONFIG_ENABLE_OPT,CONFIG_BAREBOXENV_TARGET),\
+		$$(call KCONFIG_DISABLE_OPT,CONFIG_BAREBOXENV_TARGET))
+endef
+
+define $(1)_KCONFIG_FIXUP_CMDS
+	$$($(1)_KCONFIG_FIXUP_CUSTOM_EMBEDDED_ENV_PATH)
+	$$($(1)_KCONFIG_FIXUP_BAREBOXENV)
+endef
+
 define $(1)_BUILD_CMDS
 	$$($(1)_BUILD_BAREBOXENV_CMDS)
 	$$(TARGET_MAKE_ENV) $$(MAKE) $$($(1)_MAKE_FLAGS) -C $$(@D)
@@ -136,7 +140,7 @@ endef
 
 ifeq ($$(BR2_TARGET_$(1)_BAREBOXENV),y)
 define $(1)_INSTALL_TARGET_CMDS
-	cp $$(@D)/bareboxenv $$(TARGET_DIR)/usr/bin
+	cp $$(@D)/scripts/bareboxenv-target $$(TARGET_DIR)/usr/bin/bareboxenv
 endef
 endif
 

boot/lpc32xxcdl/lpc32xxcdl.hash

@@ -0,0 +1,2 @@
+# Locally computed
+sha256  ded3fa936a96d3fb8188ca6214f57b5208bd49e5416bd69f38bfc810b34197bc  lpc32xx_cdl-v2.11.zip

boot/lpc32xxcdl/lpc32xxcdl.mk

@@ -4,9 +4,9 @@
 #
 ################################################################################
 
-LPC32XXCDL_VERSION = lpc32xx_cdl_v2.11
-LPC32XXCDL_SITE = http://git.lpcware.com/lpc3xxx_cdl.git
-LPC32XXCDL_SITE_METHOD = git
+LPC32XXCDL_VERSION = 2.11
+LPC32XXCDL_SOURCE = lpc32xx_cdl-v$(LPC32XXCDL_VERSION).zip
+LPC32XXCDL_SITE = https://community.nxp.com/pwmxy87654/attachments/pwmxy87654/lpcware-archive/61/2
 
 LPC32XXCDL_INSTALL_TARGET = NO
 LPC32XXCDL_INSTALL_IMAGES = YES
@@ -45,13 +45,14 @@ LPC32XXCDL_BOARD_STARTUP_DIR = \
 # Source files are with dos newlines, which our patch infrastructure doesn't
 # handle. Work around it by converting the affected files to unix newlines
 # before patching
-define LPC32XXCDL_DOS2UNIX_FOR_PATCH
+define LPC32XXCDL_EXTRACT_CMDS
+	unzip $(LPC32XXCDL_DL_DIR)/$(LPC32XXCDL_SOURCE) -d $(@D)
+	mv $(@D)/lpc3xxx_cdl/* $(@D)
+	rmdir $(@D)/lpc3xxx_cdl/
 	sed -n 's|^[+-]\{3\} [^/]\+\([^ \t]*\)\(.*\)|$(@D)\1|p' \
 		boot/lpc32xxcdl/*.patch| sort -u | xargs $(SED) 's/\x0D$$//'
 endef
 
-LPC32XXCDL_POST_EXTRACT_HOOKS += LPC32XXCDL_DOS2UNIX_FOR_PATCH
-
 define LPC32XXCDL_BUILD_CMDS
 	$(MAKE1) $(LPC32XXCDL_BUILD_FLAGS) -C $(@D)
 	$(MAKE1) $(LPC32XXCDL_BUILD_FLAGS) -C $(@D)/$(LPC32XXCDL_BOARD_STARTUP_DIR)/Burners/$(LPC32XXCDL_KICKSTART_BURNER)

boot/uboot/uboot.mk

@@ -485,7 +485,7 @@ ifeq ($(call qstrip,$(BR2_TARGET_UBOOT_CUSTOM_REPO_URL)),)
 $(error No custom U-Boot repository URL specified. Check your BR2_TARGET_UBOOT_CUSTOM_REPO_URL setting)
 endif # qstrip BR2_TARGET_UBOOT_CUSTOM_CUSTOM_REPO_URL
 ifeq ($(call qstrip,$(BR2_TARGET_UBOOT_CUSTOM_REPO_VERSION)),)
-$(error No custom U-Boot repository URL specified. Check your BR2_TARGET_UBOOT_CUSTOM_REPO_VERSION setting)
+$(error No custom U-Boot repository version specified. Check your BR2_TARGET_UBOOT_CUSTOM_REPO_VERSION setting)
 endif # qstrip BR2_TARGET_UBOOT_CUSTOM_CUSTOM_REPO_VERSION
 endif # BR2_TARGET_UBOOT_CUSTOM_GIT || BR2_TARGET_UBOOT_CUSTOM_HG
 

configs/beaglebone_qt5_defconfig

@@ -20,11 +20,8 @@ BR2_PACKAGE_FBV=y
 BR2_PACKAGE_QT5=y
 BR2_PACKAGE_QT5BASE_EXAMPLES=y
 BR2_PACKAGE_QT5BASE_EGLFS=y
-BR2_PACKAGE_QT5BASE_DEFAULT_QPA="wayland"
+BR2_PACKAGE_QT5BASE_DEFAULT_QPA="eglfs"
 BR2_PACKAGE_QT5QUICKCONTROLS=y
-BR2_PACKAGE_QT5WAYLAND=y
-BR2_PACKAGE_QT5WAYLAND_COMPOSITOR=y
-BR2_PACKAGE_WESTON=y
 BR2_PACKAGE_TI_SGX_DEMOS=y
 BR2_PACKAGE_TI_SGX_KM=y
 BR2_PACKAGE_TI_SGX_UM=y

docs/manual/adding-packages-cmake.txt

@@ -126,14 +126,19 @@ typical packages will therefore only use a few of them.
   in the build step. These are passed after the +make+ command. By
   default, empty.
 
+* +LIBFOO_INSTALL_OPTS+ contains the make options used to
+  install the package to the host directory. By default, the value
+  is +install+, which is correct for most CMake packages. It is still
+  possible to override it.
+
 * +LIBFOO_INSTALL_STAGING_OPTS+ contains the make options used to
   install the package to the staging directory. By default, the value
-  is +DESTDIR=$(STAGING_DIR) install+, which is correct for most
+  is +DESTDIR=$(STAGING_DIR) install/fast+, which is correct for most
   CMake packages. It is still possible to override it.
 
 * +LIBFOO_INSTALL_TARGET_OPTS+ contains the make options used to
   install the package to the target directory. By default, the value
-  is +DESTDIR=$(TARGET_DIR) install+. The default value is correct
+  is +DESTDIR=$(TARGET_DIR) install/fast+. The default value is correct
   for most CMake packages, but it is still possible to override it if
   needed.
 

docs/manual/contribute.txt

@@ -371,6 +371,37 @@ in the following cases:
 * whenever you feel it will help presenting your work, your choices,
   the review process, etc.
 
+==== Patches for maintenance branches
+
+When fixing bugs on a maintenance branch, bugs should be fixed on the
+master branch first. The commit log for such a patch may then contain a
+post-commit note specifying what branches are affected:
+
+----
+package/foo: fix stuff
+
+Signed-off-by: Your Real Name <your@email.address>
+---
+Backport to: 2020.02.x, 2020.05.x
+(2020.08.x not affected as the version was bumped)
+----
+
+Those changes will then be backported by a maintainer to the affected
+branches.
+
+However, some bugs may apply only to a specific release, for example
+because it is using an older version of a package. In that case, patches
+should be based off the maintenance branch, and the patch subject prefix
+must include the maintenance branch name (for example "[PATCH 2020.02.x]").
+This can be done with the +git format-patch+ flag +--subject-prefix+:
+
+---------------------
+$ git format-patch --subject-prefix "PATCH 2020.02.x" \
+    -M -s -o outgoing origin/2020.02.x
+---------------------
+
+Then send the patches with +git send-email+, as described above.
+
 ==== Patch revision changelog
 
 When improvements are requested, the new revision of each commit

linux/Config.in

@@ -30,7 +30,7 @@ config BR2_LINUX_KERNEL_LATEST_VERSION
 	bool "Latest version (5.4)"
 
 config BR2_LINUX_KERNEL_LATEST_CIP_VERSION
-	bool "Latest CIP SLTS version (4.19.132-cip30)"
+	bool "Latest CIP SLTS version (4.19.152-cip37)"
 	help
 	  CIP launched in the spring of 2016 to address the needs of
 	  organizations in industries such as power generation and
@@ -43,13 +43,13 @@ config BR2_LINUX_KERNEL_LATEST_CIP_VERSION
 	  implementation of software building blocks that meet
 	  these requirements.
 
-	  The CIP community plans to maintain 4.4 for security and
+	  The CIP community plans to maintain 4.19 for security and
 	  bug fixes for more than 10 years.
 
 	  https://www.cip-project.org
 
 config BR2_LINUX_KERNEL_LATEST_CIP_RT_VERSION
-	bool "Latest CIP RT SLTS version (4.19.132-cip30-rt12)"
+	bool "Latest CIP RT SLTS version (4.19.152-cip37-rt16)"
 	help
 	  Same as the CIP version, but this is the PREEMPT_RT realtime
 	  variant.
@@ -128,9 +128,9 @@ endif
 
 config BR2_LINUX_KERNEL_VERSION
 	string
-	default "5.4.61" if BR2_LINUX_KERNEL_LATEST_VERSION
-	default "4.19.132-cip30" if BR2_LINUX_KERNEL_LATEST_CIP_VERSION
-	default "4.19.132-cip30-rt12" if BR2_LINUX_KERNEL_LATEST_CIP_RT_VERSION
+	default "5.4.93" if BR2_LINUX_KERNEL_LATEST_VERSION
+	default "4.19.152-cip37" if BR2_LINUX_KERNEL_LATEST_CIP_VERSION
+	default "4.19.152-cip37-rt16" if BR2_LINUX_KERNEL_LATEST_CIP_RT_VERSION
 	default BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE \
 		if BR2_LINUX_KERNEL_CUSTOM_VERSION
 	default "custom" if BR2_LINUX_KERNEL_CUSTOM_TARBALL

linux/linux.hash

@@ -1,13 +1,13 @@
 # From https://www.kernel.org/pub/linux/kernel/v5.x/sha256sums.asc
-sha256  86f13d050f6389c5a1727fa81510ee8eceac795297bc584f443354609617fea4  linux-5.4.61.tar.xz
+sha256  d37449403664cc3b1bac96d0d9a199dbe619885cd899c0ae3108843f42e3d522  linux-5.4.93.tar.xz
 # From https://www.kernel.org/pub/linux/kernel/v4.x/sha256sums.asc
-sha256  6994dda988e9fb7f5661cf80ff42039016cb0044acd39f830937ba0220296388  linux-4.4.234.tar.xz
-sha256  756f8544d261e8117716c911261690e4fb5491e14c1f4612c83e0986453782e3  linux-4.9.234.tar.xz
-sha256  394f28798670240baacd9e2cce521fbd79f8da5e1fc191695b0e11381445a021  linux-4.14.195.tar.xz
-sha256  6912db1c242d72ce9c8d4ff71982ac935d97690822af5c1c6ec22412b31667a4  linux-4.19.142.tar.xz
+sha256  661e98b9448cbac948c705fd44cd7d30200422ee1cb02950d142aa99a1b3985a  linux-4.4.253.tar.xz
+sha256  9a5b51a8350201bd38e3ff13909323a6571b4572a7b3caed76e462b07619bc18  linux-4.9.253.tar.xz
+sha256  62a36a25431016d98d0f1cff98be432086c51f86fd79042bd10a867b3a924d11  linux-4.14.217.tar.xz
+sha256  f4e352fe0eb986e5b532b99d9b0725a67046cbb3e5f53fcd5b098cbaeb2ac60a  linux-4.19.171.tar.xz
 # Locally computed
-sha256  c20f9014b89ea3e27f55f1d407aa5a4724ed38ac520c197291e9d644f164c43a  linux-cip-4.19.132-cip30.tar.gz
-sha256  81dd791d9ad6c3fddaeaffc6d7d8df0e13831283a5fe494c437ac7820d79ca39  linux-cip-4.19.132-cip30-rt12.tar.gz
+sha256  d2a06f52143deb929b8d513cf9afc9bd065951389a80fa70bc4d63025b5b3fb9  linux-cip-4.19.152-cip37.tar.gz
+sha256  bc1dacd3d0f526de3e8754a444e8e02a54521527af639ddb907cb35cda775a8c  linux-cip-4.19.152-cip37-rt16.tar.gz
 
 # Licenses hashes
 sha256  ee5808b032a67f587d3541099d46de34f5bec8cd5976114ba07f1299ee6001ff  COPYING

package/Config.in

@@ -1612,6 +1612,7 @@ menu "Networking"
 	source "package/azmq/Config.in"
 	source "package/azure-iot-sdk-c/Config.in"
 	source "package/batman-adv/Config.in"
+	source "package/belle-sip/Config.in"
 	source "package/bluez5_utils-headers/Config.in"
 	source "package/c-ares/Config.in"
 	source "package/canfestival/Config.in"
@@ -1675,6 +1676,7 @@ menu "Networking"
 	source "package/libnftnl/Config.in"
 	source "package/libnice/Config.in"
 	source "package/libnl/Config.in"
+	source "package/libnpupnp/Config.in"
 	source "package/liboauth/Config.in"
 	source "package/liboping/Config.in"
 	source "package/libosip2/Config.in"
@@ -1693,7 +1695,6 @@ menu "Networking"
 	source "package/libtorrent/Config.in"
 	source "package/libtorrent-rasterbar/Config.in"
 	source "package/libupnp/Config.in"
-	source "package/libupnp18/Config.in"
 	source "package/libupnpp/Config.in"
 	source "package/liburiparser/Config.in"
 	source "package/libvncserver/Config.in"
@@ -1744,6 +1745,7 @@ menu "Other"
 	source "package/avro-c/Config.in"
 	source "package/bctoolbox/Config.in"
 	source "package/bdwgc/Config.in"
+	source "package/belr/Config.in"
 	source "package/boost/Config.in"
 	source "package/c-capnproto/Config.in"
 	source "package/capnproto/Config.in"

package/angularjs/angularjs.hash

@@ -1,3 +1,3 @@
 # Locally computed:
-sha256	7182e7f39b921469157971d9e0783745758df4b625322d606ec7d9abf2b28af2	angular-1.7.9.zip
-sha256	2420c59374dcdc1ca9721c334a32afee92f0610280cae0d1b3952b1279bc2b24	angular.js
+sha256  c4098f594dc24cc4c8ad469c6d5785a65c0df812afe9f56ea0e4d3490c2fd46d  angular-1.8.0.zip
+sha256  c7df41bc00628bec220b0378dc1f2f5041980758403b6f24b9774ac43a9186d8  angular.js

package/angularjs/angularjs.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-ANGULARJS_VERSION = 1.7.9
+ANGULARJS_VERSION = 1.8.0
 ANGULARJS_SOURCE = angular-$(ANGULARJS_VERSION).zip
 ANGULARJS_SITE = https://code.angularjs.org/$(ANGULARJS_VERSION)
 ANGULARJS_LICENSE = MIT

package/apitrace/0003-CMakeLists.txt-respect-BUILD_TESTING-OFF.patch

@@ -0,0 +1,104 @@
+From 7f0f1e7e34f997eef697856804dd478b54bb365e Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Tue, 22 Dec 2020 10:45:21 +0100
+Subject: [PATCH] CMakeLists.txt: respect BUILD_TESTING=OFF
+
+Allow the user to disable unit tests through BUILD_TESTING=OFF:
+https://cmake.org/cmake/help/latest/command/enable_testing.html
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Upstream status: https://github.com/apitrace/apitrace/pull/698]
+---
+ CMakeLists.txt           | 6 +++++-
+ gui/CMakeLists.txt       | 6 ++++--
+ lib/guids/CMakeLists.txt | 6 ++++--
+ lib/os/CMakeLists.txt    | 6 ++++--
+ lib/trace/CMakeLists.txt | 6 ++++--
+ 5 files changed, 21 insertions(+), 9 deletions(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 4a07f069..ee401887 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -41,6 +41,8 @@ option (ENABLE_FRAME_POINTER "Disable frame pointer omission" ON)
+ 
+ option (ENABLE_ASAN "Enable Address Sanitizer" OFF)
+ 
++option (BUILD_TESTING "Enable unit tests" ON)
++
+ option (ENABLE_TESTS "Enable additional tests" OFF)
+ 
+ if (ANDROID)
+@@ -433,7 +435,9 @@ endmacro ()
+ # which subdirectory they are declared
+ set (CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR})
+ 
+-enable_testing ()
++if (BUILD_TESTING)
++    enable_testing ()
++endif ()
+ if (CMAKE_CROSSCOMPILING)
+     add_custom_target (check)
+ elseif (DEFINED CMAKE_BUILD_TYPE)
+diff --git a/gui/CMakeLists.txt b/gui/CMakeLists.txt
+index 5baf3552..ad6ee501 100644
+--- a/gui/CMakeLists.txt
++++ b/gui/CMakeLists.txt
+@@ -13,8 +13,10 @@ add_library (qubjson STATIC
+     qubjson.cpp
+ )
+ 
+-add_gtest (qubjson_test qubjson_test.cpp)
+-target_link_libraries (qubjson_test qubjson)
++if (BUILD_TESTING)
++    add_gtest (qubjson_test qubjson_test.cpp)
++    target_link_libraries (qubjson_test qubjson)
++endif ()
+ 
+ set(qapitrace_SRCS
+    apisurface.cpp
+diff --git a/lib/guids/CMakeLists.txt b/lib/guids/CMakeLists.txt
+index ce0f86da..ea28a18f 100644
+--- a/lib/guids/CMakeLists.txt
++++ b/lib/guids/CMakeLists.txt
+@@ -5,5 +5,7 @@ add_library (guids STATIC
+     guids.hpp
+ )
+ 
+-add_gtest (guids_test guids_test.cpp)
+-target_link_libraries (guids_test guids)
++if (BUILD_TESTING)
++    add_gtest (guids_test guids_test.cpp)
++    target_link_libraries (guids_test guids)
++endif ()
+diff --git a/lib/os/CMakeLists.txt b/lib/os/CMakeLists.txt
+index 222411e0..b7134b57 100644
+--- a/lib/os/CMakeLists.txt
++++ b/lib/os/CMakeLists.txt
+@@ -36,5 +36,7 @@ if (APPLE)
+     )
+ endif ()
+ 
+-add_gtest (os_thread_test os_thread_test.cpp)
+-target_link_libraries (os_thread_test os)
++if (BUILD_TESTING)
++    add_gtest (os_thread_test os_thread_test.cpp)
++    target_link_libraries (os_thread_test os)
++endif ()
+diff --git a/lib/trace/CMakeLists.txt b/lib/trace/CMakeLists.txt
+index c68bd00f..d95df978 100644
+--- a/lib/trace/CMakeLists.txt
++++ b/lib/trace/CMakeLists.txt
+@@ -34,5 +34,7 @@ target_link_libraries (common
+     brotli_dec brotli_common
+ )
+ 
+-add_gtest (trace_parser_flags_test trace_parser_flags_test.cpp)
+-target_link_libraries (trace_parser_flags_test common)
++if (BUILD_TESTING)
++    add_gtest (trace_parser_flags_test trace_parser_flags_test.cpp)
++    target_link_libraries (trace_parser_flags_test common)
++endif ()
+-- 
+2.29.2
+

package/argp-standalone/argp-standalone.hash

@@ -1,2 +1,5 @@
 # Locally calculated after checking pgp signature
-sha256	dec79694da1319acd2238ce95df57f3680fea2482096e483323fddf3d818d8be  argp-standalone-1.3.tar.gz
+sha256  dec79694da1319acd2238ce95df57f3680fea2482096e483323fddf3d818d8be  argp-standalone-1.3.tar.gz
+
+# License file
+sha256  bbb8919aa520069b0234faf5e83a94052d278419ffe97ca8e843ecc9b212d1ab  argp.h

package/argp-standalone/argp-standalone.mk

@@ -8,6 +8,7 @@ ARGP_STANDALONE_VERSION = 1.3
 ARGP_STANDALONE_SITE = http://www.lysator.liu.se/~nisse/archive
 ARGP_STANDALONE_INSTALL_STAGING = YES
 ARGP_STANDALONE_LICENSE = LGPL-2.0+
+ARGP_STANDALONE_LICENSE_FILES = argp.h
 
 ARGP_STANDALONE_CONF_ENV = \
 	CFLAGS="$(TARGET_CFLAGS) -fPIC -fgnu89-inline"

package/asterisk/asterisk.hash

@@ -1,5 +1,5 @@
 # Locally computed
-sha256  f0ba5e3c4ef46f6657dd3a7167190f9b6cd6bbf4af09ecc291a9d5868b477609  asterisk-16.10.0.tar.gz
+sha256  226eaef400d2d335ce29d7b3c8aca8dfdfc5e854c215e0c47615c095ced12171  asterisk-16.14.1.tar.gz
 
 # sha1 from: http://downloads.asterisk.org/pub/telephony/sounds/releases
 # sha256 locally computed
@@ -12,4 +12,4 @@ sha256  449fb810d16502c3052fedf02f7e77b36206ac5a145f3dacf4177843a2fcb538  asteri
 sha256  82af40ed7f49c08685360811993d9396320842f021df828801d733e8fdc0312f  COPYING
 sha256  ac5571f00e558e3b7c9b3f13f421b874cc12cf4250c4f70094c71544cf486312  main/sha1.c
 sha256  6215e3ed73c3982a5c6701127d681ec0b9f1121ac78a28805bd93f93c3eb84c0  codecs/speex/speex_resampler.h
-sha256  1ca2c7a7a1ae7ccd75212a8c1e85dd9ec92bdbc9170aafd97ea60459387755fd  utils/db1-ast/include/db.h
+sha256  ea69cc96ab8a779c180a362377caeada71926897d1b55b980f04d74ba5aaa388  utils/db1-ast/include/db.h

package/asterisk/asterisk.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-ASTERISK_VERSION = 16.10.0
+ASTERISK_VERSION = 16.14.1
 # Use the github mirror: it's an official mirror maintained by Digium, and
 # provides tarballs, which the main Asterisk git tree (behind Gerrit) does not.
 ASTERISK_SITE = $(call github,asterisk,asterisk,$(ASTERISK_VERSION))

package/bandwidthd/bandwidthd.hash

@@ -1,2 +1,3 @@
 # Locally calculated
-sha256 0270d0def6cc53c8d47d59a9dd093d51fbca1620adeef85c15e35a32010e26ab  bandwidthd-2.0.1-auto-r11.tar.gz
+sha256  0270d0def6cc53c8d47d59a9dd093d51fbca1620adeef85c15e35a32010e26ab  bandwidthd-2.0.1-auto-r11.tar.gz
+sha256  58573c40770e0c0b91f3eef8192952832321a344f66a4fb2d966095cbbfc86c2  README

package/bandwidthd/bandwidthd.mk

@@ -10,6 +10,7 @@ BANDWIDTHD_SITE = $(call github,nroach44,bandwidthd,v$(BANDWIDTHD_VERSION))
 # Specified as "any version of the GPL that is current as of your
 # download" by upstream.
 BANDWIDTHD_LICENSE = GPL
+BANDWIDTHD_LICENSE_FILES = README
 
 BANDWIDTHD_DEPENDENCIES = gd libpng libpcap host-pkgconf
 

package/bandwidthd/bandwidthd.service

@@ -5,7 +5,7 @@ After=network.target
 [Service]
 Type=forking
 ExecStart=/usr/bin/bandwidthd
-PIDFile=/var/run/bandwidthd.pid
+PIDFile=/run/bandwidthd.pid
 
 [Install]
 WantedBy=multi-user.target

package/bash/0017-bash50-017.patch

@@ -0,0 +1,293 @@
+From https://ftp.gnu.org/gnu/bash/bash-5.0-patches/bash55-017
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	5.0
+Patch-ID:	bash50-017
+
+Bug-Reported-by:	Valentin Lab <valentin.lab@kalysto.org>
+Bug-Reference-ID:	<ab981b9c-60a5-46d0-b7e6-a6d88b80df50@kalysto.org>
+Bug-Reference-URL:	https://lists.gnu.org/archive/html/bug-bash/2020-03/msg00062.html
+
+Bug-Description:
+
+There were cases where patch 16 reaped process substitution file descriptors
+(or FIFOs) and processes to early. This is a better fix for the problem that
+bash50-016 attempted to solve.
+
+Patch (apply with `patch -p0'):
+
+*** bash-5.0-patched/subst.c	2019-08-29 11:16:49.000000000 -0400
+--- b/subst.c	2020-04-02 16:24:19.000000000 -0400
+***************
+*** 5337,5341 ****
+  }
+  
+! char *
+  copy_fifo_list (sizep)
+       int *sizep;
+--- b/5337,5341 ----
+  }
+  
+! void *
+  copy_fifo_list (sizep)
+       int *sizep;
+***************
+*** 5343,5347 ****
+    if (sizep)
+      *sizep = 0;
+!   return (char *)NULL;
+  }
+  
+--- b/5343,5347 ----
+    if (sizep)
+      *sizep = 0;
+!   return (void *)NULL;
+  }
+  
+***************
+*** 5409,5414 ****
+  	if (fifo_list[i].file)
+  	  {
+! 	    fifo_list[j].file = fifo_list[i].file;
+! 	    fifo_list[j].proc = fifo_list[i].proc;
+  	    j++;
+  	  }
+--- b/5409,5419 ----
+  	if (fifo_list[i].file)
+  	  {
+! 	    if (i != j)
+! 	      {
+! 		fifo_list[j].file = fifo_list[i].file;
+! 		fifo_list[j].proc = fifo_list[i].proc;
+! 		fifo_list[i].file = (char *)NULL;
+! 		fifo_list[i].proc = 0;
+! 	      }
+  	    j++;
+  	  }
+***************
+*** 5426,5433 ****
+  void
+  close_new_fifos (list, lsize)
+!      char *list;
+       int lsize;
+  {
+    int i;
+  
+    if (list == 0)
+--- b/5431,5439 ----
+  void
+  close_new_fifos (list, lsize)
+!      void *list;
+       int lsize;
+  {
+    int i;
++   char *plist;
+  
+    if (list == 0)
+***************
+*** 5437,5442 ****
+      }
+  
+!   for (i = 0; i < lsize; i++)
+!     if (list[i] == 0 && i < fifo_list_size && fifo_list[i].proc != -1)
+        unlink_fifo (i);
+  
+--- b/5443,5448 ----
+      }
+  
+!   for (plist = (char *)list, i = 0; i < lsize; i++)
+!     if (plist[i] == 0 && i < fifo_list_size && fifo_list[i].proc != -1)
+        unlink_fifo (i);
+  
+***************
+*** 5560,5568 ****
+  }
+  
+! char *
+  copy_fifo_list (sizep)
+       int *sizep;
+  {
+!   char *ret;
+  
+    if (nfds == 0 || totfds == 0)
+--- b/5566,5574 ----
+  }
+  
+! void *
+  copy_fifo_list (sizep)
+       int *sizep;
+  {
+!   void *ret;
+  
+    if (nfds == 0 || totfds == 0)
+***************
+*** 5570,5579 ****
+        if (sizep)
+  	*sizep = 0;
+!       return (char *)NULL;
+      }
+  
+    if (sizep)
+      *sizep = totfds;
+!   ret = (char *)xmalloc (totfds * sizeof (pid_t));
+    return (memcpy (ret, dev_fd_list, totfds * sizeof (pid_t)));
+  }
+--- b/5576,5585 ----
+        if (sizep)
+  	*sizep = 0;
+!       return (void *)NULL;
+      }
+  
+    if (sizep)
+      *sizep = totfds;
+!   ret = xmalloc (totfds * sizeof (pid_t));
+    return (memcpy (ret, dev_fd_list, totfds * sizeof (pid_t)));
+  }
+***************
+*** 5648,5655 ****
+  void
+  close_new_fifos (list, lsize)
+!      char *list;
+       int lsize;
+  {
+    int i;
+  
+    if (list == 0)
+--- b/5654,5662 ----
+  void
+  close_new_fifos (list, lsize)
+!      void *list;
+       int lsize;
+  {
+    int i;
++   pid_t *plist;
+  
+    if (list == 0)
+***************
+*** 5659,5664 ****
+      }
+  
+!   for (i = 0; i < lsize; i++)
+!     if (list[i] == 0 && i < totfds && dev_fd_list[i])
+        unlink_fifo (i);
+  
+--- b/5666,5671 ----
+      }
+  
+!   for (plist = (pid_t *)list, i = 0; i < lsize; i++)
+!     if (plist[i] == 0 && i < totfds && dev_fd_list[i])
+        unlink_fifo (i);
+  
+*** bash-5.0-patched/subst.h	2018-10-21 18:46:09.000000000 -0400
+--- b/subst.h	2020-04-02 16:29:28.000000000 -0400
+***************
+*** 274,280 ****
+  extern void unlink_fifo __P((int));
+  
+! extern char *copy_fifo_list __P((int *));
+! extern void unlink_new_fifos __P((char *, int));
+! extern void close_new_fifos __P((char *, int));
+  
+  extern void clear_fifo_list __P((void));
+--- b/274,279 ----
+  extern void unlink_fifo __P((int));
+  
+! extern void *copy_fifo_list __P((int *));
+! extern void close_new_fifos __P((void *, int));
+  
+  extern void clear_fifo_list __P((void));
+*** bash-5.0-patched/execute_cmd.c	2020-02-06 20:16:48.000000000 -0500
+--- b/execute_cmd.c	2020-04-02 17:00:10.000000000 -0400
+***************
+*** 565,569 ****
+  #if defined (PROCESS_SUBSTITUTION)
+    volatile int ofifo, nfifo, osize, saved_fifo;
+!   volatile char *ofifo_list;
+  #endif
+  
+--- b/565,569 ----
+  #if defined (PROCESS_SUBSTITUTION)
+    volatile int ofifo, nfifo, osize, saved_fifo;
+!   volatile void *ofifo_list;
+  #endif
+  
+***************
+*** 751,760 ****
+  #  endif
+  
+!   if (variable_context != 0)	/* XXX - also if sourcelevel != 0? */
+      {
+        ofifo = num_fifos ();
+        ofifo_list = copy_fifo_list ((int *)&osize);
+        begin_unwind_frame ("internal_fifos");
+!       add_unwind_protect (xfree, ofifo_list);
+        saved_fifo = 1;
+      }
+--- b/751,762 ----
+  #  endif
+  
+!   /* XXX - also if sourcelevel != 0? */
+!   if (variable_context != 0)
+      {
+        ofifo = num_fifos ();
+        ofifo_list = copy_fifo_list ((int *)&osize);
+        begin_unwind_frame ("internal_fifos");
+!       if (ofifo_list)
+! 	add_unwind_protect (xfree, ofifo_list);
+        saved_fifo = 1;
+      }
+***************
+*** 1100,1123 ****
+        nfifo = num_fifos ();
+        if (nfifo > ofifo)
+! 	close_new_fifos ((char *)ofifo_list, osize);
+        free ((void *)ofifo_list);
+        discard_unwind_frame ("internal_fifos");
+      }
+- # if defined (HAVE_DEV_FD)
+-   /* Reap process substitutions at the end of loops */
+-   switch (command->type)
+-     {
+-     case cm_while:
+-     case cm_until:
+-     case cm_for:
+-     case cm_group:
+- #    if defined (ARITH_FOR_COMMAND)
+-     case cm_arith_for:
+- #    endif
+-       reap_procsubs ();
+-     default:
+-       break;
+-     }
+- #  endif /* HAVE_DEV_FD */
+  #endif
+  
+--- b/1102,1109 ----
+        nfifo = num_fifos ();
+        if (nfifo > ofifo)
+! 	close_new_fifos ((void *)ofifo_list, osize);
+        free ((void *)ofifo_list);
+        discard_unwind_frame ("internal_fifos");
+      }
+  #endif
+  
+
+*** bash-5.0/patchlevel.h	2016-06-22 14:51:03.000000000 -0400
+--- b/patchlevel.h	2016-10-01 11:01:28.000000000 -0400
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 16
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- b/26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 17
+  
+  #endif /* _PATCHLEVEL_H_ */

package/bash/0018-bash50-018.patch

@@ -0,0 +1,49 @@
+From https://ftp.gnu.org/gnu/bash/bash-5.0-patches/bash55-018
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	5.0
+Patch-ID:	bash50-018
+
+Bug-Reported-by:	oguzismailuysal@gmail.com
+Bug-Reference-ID:
+Bug-Reference-URL:	https://lists.gnu.org/archive/html/bug-bash/2019-10/msg00098.html
+
+Bug-Description:
+
+In certain cases, bash does not perform quoted null removal on patterns
+that are used as part of word expansions such as ${parameter##pattern}, so
+empty patterns are treated as non-empty.
+
+Patch (apply with `patch -p0'):
+
+*** bash-5.0.17/subst.c	2020-04-02 17:14:58.000000000 -0400
+--- b/subst.c	2020-07-09 15:28:19.000000000 -0400
+***************
+*** 5113,5116 ****
+--- b/5113,5118 ----
+  				      (int *)NULL, (int *)NULL)
+  	     : (WORD_LIST *)0;
++   if (l)
++     word_list_remove_quoted_nulls (l);
+    pat = string_list (l);
+    dispose_words (l);
+
+*** bash-5.0/patchlevel.h	2016-06-22 14:51:03.000000000 -0400
+--- b/patchlevel.h	2016-10-01 11:01:28.000000000 -0400
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 17
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- b/26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 18
+  
+  #endif /* _PATCHLEVEL_H_ */

package/bctoolbox/0001-Fix-Libs.private-flags-for-mbedtls.patch

@@ -1,49 +1,37 @@
-From c0b3dbb43aa3a38c47311556c85eadc6072e2d68 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?J=C3=B6rg=20Krause?= <joerg.krause@embedded.rocks>
-Date: Tue, 14 Feb 2017 22:02:26 +0100
-Subject: [PATCH] Fix Libs.private flags for mbedtls
+From b7f14a800bbdad193f45695bc5b8c5173f3882ba Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Sun, 10 Feb 2019 17:51:05 +0100
+Subject: [PATCH] CMakeLists.txt: fix mbedtls libraries in bctoolbox.pc
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 
-Static linking with bctoolbox fails when using pkg-config as the
-generated bctoolbox.pc file only consists of an '-L' string without any
-search path or libraries flags.
-
-That's because of an typo in `mbedtls_library_path`. However,
-`mbedtls_library_path` contains a string of the mbedtls libraries
-concatenated by an ';' which cannot be parsed by pkg-config.
-
-Therefore, use `MBEDTLS_LIBRARY` instead of `MBEDTLS_LIBRARIES` to get
-the library path.
-
-Furthermore, add the three mbedtls libraries *mbedtls*, *mbedcrypto*, and
-*mbedx509* to `LIBS_PRIVATE` so these libraries are added to the
-`Libs.private` field of bctoolbox.pc.
-
-Upstream status: Pending
+bctoolbox.pc should not contain the full libraries path, path should be
+given by -L and library names by -l
+So sent back the fix already suggested by Jörg Krause in
 https://github.com/BelledonneCommunications/bctoolbox/pull/4
 
 Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Upstream status:
+https://github.com/BelledonneCommunications/bctoolbox/pull/7]
 ---
- CMakeLists.txt | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
+ CMakeLists.txt | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
 
 diff --git a/CMakeLists.txt b/CMakeLists.txt
-index ed7aa00..4127f0e 100644
+index 29f3eb6..b2f26c2 100644
 --- a/CMakeLists.txt
 +++ b/CMakeLists.txt
-@@ -103,8 +103,8 @@ else()
+@@ -101,9 +101,8 @@ else()
  endif()
  
  if(MBEDTLS_FOUND)
 -	get_filename_component(mbedtls_library_path "${MBEDTLS_LIBRARIES}" PATH)
--	set(LIBS_PRIVATE "${LIBS_PRIVATE} -L${mbedlts_library_path}")
+-	string(REPLACE ";" " " MBEDTLS_LIBRARIES_STR "${MBEDTLS_LIBRARIES}")
+-	set(LIBS_PRIVATE "${LIBS_PRIVATE} ${MBEDTLS_LIBRARIES_STR}")
 +	get_filename_component(mbedtls_library_path "${MBEDTLS_LIBRARY}" PATH)
 +	set(LIBS_PRIVATE "${LIBS_PRIVATE} -L${mbedtls_library_path} -lmbedtls -lmbedcrypto -lmbedx509")
  endif()
  if(POLARSSL_FOUND)
  	get_filename_component(polarssl_library_path "${POLARSSL_LIBRARIES}" PATH)
--- 
-2.11.1
-

package/bctoolbox/Config.in

@@ -2,6 +2,8 @@ config BR2_PACKAGE_BCTOOLBOX
 	bool "bctoolbox"
 	depends on BR2_INSTALL_LIBSTDCPP
 	depends on BR2_TOOLCHAIN_HAS_THREADS
+	depends on !BR2_TOOLCHAIN_HAS_GCC_BUG_64735 # exception_ptr
+	select BR2_PACKAGE_LIBICONV if !BR2_ENABLE_LOCALE
 	help
 	  Utilities library used by Belledonne Communications
 	  softwares like belle-sip, mediastreamer2 and linphone.
@@ -12,3 +14,6 @@ config BR2_PACKAGE_BCTOOLBOX
 
 comment "bctoolbox needs a toolchain w/ C++, threads"
 	depends on !BR2_INSTALL_LIBSTDCPP || !BR2_TOOLCHAIN_HAS_THREADS
+
+comment "bctoolbox needs a toolchain not affected by GCC bug 64735"
+	depends on BR2_TOOLCHAIN_HAS_GCC_BUG_64735

package/bctoolbox/bctoolbox.hash

@@ -1,3 +1,3 @@
 # Locally calculated
-sha256  da7df7ff359a9829e9e6ef98dfe9fead0cf735b8a4a5da1b1047f467dee1b2a9  bctoolbox-0.4.0.tar.gz
+sha256  d8501e3793c10abbf913759d7a0e5f6eb3140af6bacf5e2bdcd532049bde69c0  bctoolbox-4.3.1.tar.gz
 sha256  849dd903d98f12a964466ccfbaf3a1de1f94ad0ebd49a59d12f8ce4506f9f647  COPYING

package/bctoolbox/bctoolbox.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-BCTOOLBOX_VERSION = 0.4.0
+BCTOOLBOX_VERSION = 4.3.1
 BCTOOLBOX_SITE = $(call github,BelledonneCommunications,bctoolbox,$(BCTOOLBOX_VERSION))
 BCTOOLBOX_LICENSE = GPL-2.0+
 BCTOOLBOX_LICENSE_FILES = COPYING
@@ -17,9 +17,13 @@ BCTOOLBOX_CONF_OPTS = \
 	-DENABLE_STRICT=OFF \
 	-DENABLE_TESTS_COMPONENT=OFF \
 	-DENABLE_TESTS=OFF \
-	-DGIT_EXECUTABLE=OFF \
 	-DCMAKE_SKIP_RPATH=ON
 
+ifeq ($(BR2_PACKAGE_LIBICONV),y)
+BCTOOLBOX_DEPENDENCIES += libiconv
+BCTOOLBOX_CONF_OPTS += -DCMAKE_CXX_FLAGS="$(TARGET_CXXFLAGS) -liconv"
+endif
+
 ifeq ($(BR2_PACKAGE_MBEDTLS),y)
 BCTOOLBOX_DEPENDENCIES += mbedtls
 BCTOOLBOX_CONF_OPTS += -DENABLE_MBEDTLS=ON

package/belle-sip/Config.in

@@ -0,0 +1,22 @@
+config BR2_PACKAGE_BELLE_SIP
+	bool "belle-sip"
+	depends on BR2_INSTALL_LIBSTDCPP
+	depends on !BR2_STATIC_LIBS # dlfcn.h
+	depends on BR2_TOOLCHAIN_HAS_THREADS
+	depends on !BR2_TOOLCHAIN_HAS_GCC_BUG_64735 # bctoolbox
+	depends on BR2_USE_WCHAR
+	select BR2_PACKAGE_BCTOOLBOX
+	# needs crypto support in bctoolbox
+	select BR2_PACKAGE_MBEDTLS
+	help
+	  Belle-sip is a modern library implementing SIP (RFC 3261)
+	  transport, transaction and dialog layers.
+
+	  http://www.linphone.org/technical-corner/belle-sip
+
+comment "belle-sip needs a toolchain w/ threads, C++, dynamic library, wchar"
+	depends on !BR2_INSTALL_LIBSTDCPP || BR2_STATIC_LIBS || \
+		!BR2_TOOLCHAIN_HAS_THREADS || !BR2_USE_WCHAR
+
+comment "belle-sip needs a toolchain not affected by GCC bug 64735"
+	depends on BR2_TOOLCHAIN_HAS_GCC_BUG_64735

package/belle-sip/belle-sip.hash

@@ -0,0 +1,3 @@
+# Locally calculated
+sha256  3ac7051ea6ac758cccbf1483a5dd6cda4293b5cde1370a3f0d298e3a6f0ee032  belle-sip-4.3.1.tar.gz
+sha256  1b3782ccad7b8614100cda30d3faf42fc39f2e97932908c543005053b654ca68  LICENSE.txt

package/belle-sip/belle-sip.mk

@@ -0,0 +1,35 @@
+################################################################################
+#
+# belle-sip
+#
+################################################################################
+
+BELLE_SIP_VERSION = 4.3.1
+BELLE_SIP_SITE = \
+	https://gitlab.linphone.org/BC/public/belle-sip/-/archive/$(BELLE_SIP_VERSION)
+BELLE_SIP_LICENSE = GPL-3.0+
+BELLE_SIP_LICENSE_FILES = LICENSE.txt
+BELLE_SIP_INSTALL_STAGING = YES
+BELLE_SIP_DEPENDENCIES = \
+	bctoolbox \
+	$(if $(BR2_PACKAGE_ZLIB),zlib)
+BELLE_SIP_CONF_OPTS = \
+	-DENABLE_STRICT=OFF \
+	-DENABLE_TESTS=OFF
+
+ifeq ($(BR2_PACKAGE_AVAHI_LIBDNSSD_COMPATIBILITY),y)
+BELLE_SIP_CONF_OPTS += -DENABLE_MDNS=ON
+BELLE_SIP_DEPENDENCIES += avahi
+else
+BELLE_SIP_CONF_OPTS += -DENABLE_MDNS=OFF
+endif
+
+ifeq ($(BR2_STATIC_LIBS),y)
+BELLE_SIP_CONF_OPTS += -DENABLE_SHARED=OFF -DENABLE_STATIC=ON
+else ifeq ($(BR2_SHARED_STATIC_LIBS),y)
+BELLE_SIP_CONF_OPTS += -DENABLE_SHARED=ON -DENABLE_STATIC=ON
+else ifeq ($(BR2_SHARED_LIBS),y)
+BELLE_SIP_CONF_OPTS += -DENABLE_SHARED=ON -DENABLE_STATIC=OFF
+endif
+
+$(eval $(cmake-package))

package/belr/Config.in

@@ -0,0 +1,19 @@
+config BR2_PACKAGE_BELR
+	bool "belr"
+	depends on BR2_INSTALL_LIBSTDCPP
+	depends on BR2_TOOLCHAIN_HAS_THREADS # bctoolbox
+	depends on !BR2_TOOLCHAIN_HAS_GCC_BUG_64735 # bctoolbox
+	select BR2_PACKAGE_BCTOOLBOX
+	help
+	  Belr is Belledonne Communications' language recognition
+	  library, written in C++11. It parses text inputs formatted
+	  according to a language defined by an ABNF grammar, such as
+	  the protocols standardized at IETF.
+
+	  https://gitlab.linphone.org/BC/public/belr
+
+comment "belr needs a toolchain w/ threads, C++"
+	depends on !BR2_INSTALL_LIBSTDCPP || !BR2_TOOLCHAIN_HAS_THREADS
+
+comment "belr needs a toolchain not affected by GCC bug 64735"
+	depends on BR2_TOOLCHAIN_HAS_GCC_BUG_64735

package/belr/belr.hash

@@ -0,0 +1,3 @@
+# Locally calculated
+sha256  d6575c36c32828edcaf39df2775070b187019b21fe5fe274e7a85caf54284f05  belr-4.3.1.tar.gz
+sha256  1b3782ccad7b8614100cda30d3faf42fc39f2e97932908c543005053b654ca68  LICENSE.txt

package/belr/belr.mk

@@ -0,0 +1,26 @@
+################################################################################
+#
+# belr
+#
+################################################################################
+
+BELR_VERSION = 4.3.1
+BELR_SITE = https://gitlab.linphone.org/BC/public/belr/-/archive/$(BELR_VERSION)
+BELR_LICENSE = GPL-3.0+
+BELR_LICENSE_FILES = LICENSE.txt
+BELR_INSTALL_STAGING = YES
+BELR_DEPENDENCIES = bctoolbox
+BELR_CONF_OPTS = \
+	-DENABLE_STRICT=OFF \
+	-DENABLE_TESTS=OFF \
+	-DENABLE_TOOLS=OFF
+
+ifeq ($(BR2_STATIC_LIBS),y)
+BELR_CONF_OPTS += -DENABLE_SHARED=OFF -DENABLE_STATIC=ON
+else ifeq ($(BR2_SHARED_STATIC_LIBS),y)
+BELR_CONF_OPTS += -DENABLE_SHARED=ON -DENABLE_STATIC=ON
+else ifeq ($(BR2_SHARED_LIBS),y)
+BELR_CONF_OPTS += -DENABLE_SHARED=ON -DENABLE_STATIC=OFF
+endif
+
+$(eval $(cmake-package))

package/bison/bison.mk

@@ -13,5 +13,6 @@ BISON_LICENSE_FILES = COPYING
 BISON_MAKE = $(MAKE1)
 HOST_BISON_DEPENDENCIES = host-m4
 HOST_BISON_CONF_OPTS = --enable-relocatable
+HOST_BISON_CONF_ENV = ac_cv_libtextstyle=no
 
 $(eval $(host-autotools-package))

package/bitcoin/0001-src-randomenv.cpp-fix-build-on-uclibc.patch

@@ -0,0 +1,48 @@
+From 330cb33985d0ce97c20f4a0f0bbda0fbffe098d4 Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Mon, 9 Nov 2020 21:18:40 +0100
+Subject: [PATCH] src/randomenv.cpp: fix build on uclibc
+
+Check for HAVE_STRONG_GETAUXVAL or HAVE_WEAK_GETAUXVAL before using
+getauxval to avoid a build failure on uclibc
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Upstream status: https://github.com/bitcoin/bitcoin/pull/20358]
+---
+ src/randomenv.cpp | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/randomenv.cpp b/src/randomenv.cpp
+index 07122b7f6..5e07c3db4 100644
+--- a/src/randomenv.cpp
++++ b/src/randomenv.cpp
+@@ -53,7 +53,7 @@
+ #include <sys/vmmeter.h>
+ #endif
+ #endif
+-#ifdef __linux__
++#if defined(HAVE_STRONG_GETAUXVAL) || defined(HAVE_WEAK_GETAUXVAL)
+ #include <sys/auxv.h>
+ #endif
+ 
+@@ -326,7 +326,7 @@ void RandAddStaticEnv(CSHA512& hasher)
+     // Bitcoin client version
+     hasher << CLIENT_VERSION;
+ 
+-#ifdef __linux__
++#if defined(HAVE_STRONG_GETAUXVAL) || defined(HAVE_WEAK_GETAUXVAL)
+     // Information available through getauxval()
+ #  ifdef AT_HWCAP
+     hasher << getauxval(AT_HWCAP);
+@@ -346,7 +346,7 @@ void RandAddStaticEnv(CSHA512& hasher)
+     const char* exec_str = (const char*)getauxval(AT_EXECFN);
+     if (exec_str) hasher.Write((const unsigned char*)exec_str, strlen(exec_str) + 1);
+ #  endif
+-#endif // __linux__
++#endif // HAVE_STRONG_GETAUXVAL || HAVE_WEAK_GETAUXVAL
+ 
+ #ifdef HAVE_GETCPUID
+     AddAllCPUID(hasher);
+-- 
+2.28.0
+

package/bitcoin/Config.in

@@ -18,9 +18,6 @@ config BR2_PACKAGE_BITCOIN
 	select BR2_PACKAGE_BOOST_SYSTEM
 	select BR2_PACKAGE_BOOST_FILESYSTEM
 	select BR2_PACKAGE_BOOST_THREAD
-	select BR2_PACKAGE_BOOST_CHRONO
-	select BR2_PACKAGE_BOOST_PROGRAM_OPTIONS
-	select BR2_PACKAGE_OPENSSL
 	select BR2_PACKAGE_LIBEVENT
 	help
 	  Bitcoin Core is an open source project which maintains and

package/bitcoin/bitcoin.hash

@@ -1,5 +1,5 @@
-# From https://bitcoincore.org/bin/bitcoin-core-0.19.0.1/SHA256SUMS.asc
-sha256 7ac9f972249a0a16ed01352ca2a199a5448fe87a4ea74923404a40b4086de284  bitcoin-0.19.0.1.tar.gz
+# From https://bitcoincore.org/bin/bitcoin-core-0.20.1/SHA256SUMS.asc
+sha256  4bbd62fd6acfa5e9864ebf37a24a04bc2dcfe3e3222f056056288d854c53b978  bitcoin-0.20.1.tar.gz
 
 # Hash for license file
-sha256 9a0f75d688e9cf5c69d3efdaa2a83af496700d252b212ec6a72f7784b47fed0c  COPYING
+sha256  96fe807030b21f88305adc32af62f9aa19915f2783509fd6f52aea02cf83f644  COPYING

package/bitcoin/bitcoin.mk

@@ -4,12 +4,13 @@
 #
 ################################################################################
 
-BITCOIN_VERSION = 0.19.0.1
+BITCOIN_VERSION = 0.20.1
 BITCOIN_SITE = https://bitcoincore.org/bin/bitcoin-core-$(BITCOIN_VERSION)
 BITCOIN_AUTORECONF = YES
 BITCOIN_LICENSE = MIT
 BITCOIN_LICENSE_FILES = COPYING
-BITCOIN_DEPENDENCIES = host-pkgconf boost openssl libevent
+BITCOIN_DEPENDENCIES = host-pkgconf boost libevent
+BITCOIN_MAKE_ENV = BITCOIN_GENBUILD_NO_GIT=1
 BITCOIN_CONF_OPTS = \
 	--disable-bench \
 	--disable-wallet \

package/brltty/brltty.mk

@@ -92,6 +92,13 @@ else
 BRLTTY_CONF_OPTS += --without-rgx-package
 endif
 
+ifeq ($(BR2_PACKAGE_POLKIT),y)
+BRLTTY_DEPENDENCIES += polkit
+BRLTTY_CONF_OPTS += --enable-polkit
+else
+BRLTTY_CONF_OPTS += --disable-polkit
+endif
+
 ifeq ($(BR2_PACKAGE_SYSTEMD),y)
 BRLTTY_DEPENDENCIES += systemd
 BRLTTY_CONF_OPTS += --with-service-package

package/brotli/0001-CMake-Allow-using-BUILD_SHARED_LIBS-to-choose-static.patch

@@ -1,6 +1,6 @@
-From 7289e5a378ba13801996a84d89d8fe95c3fc4c11 Mon Sep 17 00:00:00 2001
+From 6cb16322decd643fed9de332d9cda77f7738b7af Mon Sep 17 00:00:00 2001
 From: Adrian Perez de Castro <aperez@igalia.com>
-Date: Mon, 26 Mar 2018 19:08:31 +0100
+Date: Mon, 7 Sep 2020 12:14:22 +0300
 Subject: [PATCH] CMake: Allow using BUILD_SHARED_LIBS to choose static/shared
  libs
 
@@ -18,16 +18,16 @@ This way, the following will both work as expected:
 
 This is helpful for distributions which need (or want) to build only
 static libraries.
----
- CMakeLists.txt        | 42 ++++++++++++++----------------------------
- c/fuzz/test_fuzzer.sh |  6 +++---
- 2 files changed, 17 insertions(+), 31 deletions(-)
 
 Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
-Upstream-Status: Submitted [https://github.com/google/brotli/pull/655]
+[Upstream status: https://github.com/google/brotli/pull/655]
+---
+ CMakeLists.txt        | 46 ++++++++++++++-----------------------------
+ c/fuzz/test_fuzzer.sh |  6 +++---
+ 2 files changed, 18 insertions(+), 34 deletions(-)
 
 diff --git a/CMakeLists.txt b/CMakeLists.txt
-index fc45f80..3f87f13 100644
+index 4ff3401..f889311 100644
 --- a/CMakeLists.txt
 +++ b/CMakeLists.txt
 @@ -6,6 +6,8 @@ cmake_minimum_required(VERSION 2.8.6)
@@ -36,10 +36,10 @@ index fc45f80..3f87f13 100644
  
 +option(BUILD_SHARED_LIBS "Build shared libraries" ON)
 +
- # If Brotli is being bundled in another project, we don't want to
- # install anything.  However, we want to let people override this, so
- # we'll use the BROTLI_BUNDLED_MODE variable to let them do that; just
-@@ -114,10 +116,6 @@ set(BROTLI_LIBRARIES_CORE brotlienc brotlidec brotlicommon)
+ if(NOT CMAKE_BUILD_TYPE AND NOT CMAKE_CONFIGURATION_TYPES)
+   message(STATUS "Setting build type to Release as none was specified.")
+   set(CMAKE_BUILD_TYPE "Release" CACHE STRING "Choose the type of build." FORCE)
+@@ -137,10 +139,6 @@ set(BROTLI_LIBRARIES_CORE brotlienc brotlidec brotlicommon)
  set(BROTLI_LIBRARIES ${BROTLI_LIBRARIES_CORE} ${LIBM_LIBRARY})
  mark_as_advanced(BROTLI_LIBRARIES)
  
@@ -50,14 +50,20 @@ index fc45f80..3f87f13 100644
  if(${CMAKE_SYSTEM_NAME} MATCHES "Linux")
    add_definitions(-DOS_LINUX)
  elseif(${CMAKE_SYSTEM_NAME} MATCHES "FreeBSD")
-@@ -137,24 +135,22 @@ endfunction()
- transform_sources_list("scripts/sources.lst" "${CMAKE_CURRENT_BINARY_DIR}/sources.lst.cmake")
+@@ -161,29 +159,25 @@ transform_sources_list("scripts/sources.lst" "${CMAKE_CURRENT_BINARY_DIR}/source
  include("${CMAKE_CURRENT_BINARY_DIR}/sources.lst.cmake")
  
--add_library(brotlicommon SHARED ${BROTLI_COMMON_C})
--add_library(brotlidec SHARED ${BROTLI_DEC_C})
--add_library(brotlienc SHARED ${BROTLI_ENC_C})
--
+ if(BROTLI_EMSCRIPTEN)
+-  set(BROTLI_SHARED_LIBS "")
+-else()
+-  set(BROTLI_SHARED_LIBS brotlicommon brotlidec brotlienc)
+-  add_library(brotlicommon SHARED ${BROTLI_COMMON_C})
+-  add_library(brotlidec SHARED ${BROTLI_DEC_C})
+-  add_library(brotlienc SHARED ${BROTLI_ENC_C})
++  set(BUILD_SHARED_LIBS OFF)
+ endif()
+ 
+-set(BROTLI_STATIC_LIBS brotlicommon-static brotlidec-static brotlienc-static)
 -add_library(brotlicommon-static STATIC ${BROTLI_COMMON_C})
 -add_library(brotlidec-static STATIC ${BROTLI_DEC_C})
 -add_library(brotlienc-static STATIC ${BROTLI_ENC_C})
@@ -68,27 +74,27 @@ index fc45f80..3f87f13 100644
  # Older CMake versions does not understand INCLUDE_DIRECTORIES property.
  include_directories(${BROTLI_INCLUDE_DIRS})
  
+-foreach(lib IN LISTS BROTLI_SHARED_LIBS)
+-  target_compile_definitions(${lib} PUBLIC "BROTLI_SHARED_COMPILATION" )
+-  string(TOUPPER "${lib}" LIB)
+-  set_target_properties (${lib} PROPERTIES DEFINE_SYMBOL "${LIB}_SHARED_COMPILATION")
+-endforeach()
 +if(BUILD_SHARED_LIBS)
 +  foreach(lib brotlicommon brotlidec brotlienc)
 +    target_compile_definitions(${lib} PUBLIC "BROTLI_SHARED_COMPILATION" )
 +    string(TOUPPER "${lib}" LIB)
-+    set_target_properties (${lib} PROPERTIES DEFINE_SYMBOL "${LIB}_SHARED_COMPILATION" )
++    set_target_properties (${lib} PROPERTIES DEFINE_SYMBOL "${LIB}_SHARED_COMPILATION")
 +  endforeach()
 +endif()
-+
- foreach(lib brotlicommon brotlidec brotlienc)
--  target_compile_definitions(${lib} PUBLIC "BROTLI_SHARED_COMPILATION" )
--  string(TOUPPER "${lib}" LIB)
--  set_target_properties (${lib} PROPERTIES DEFINE_SYMBOL "${LIB}_SHARED_COMPILATION" )
--endforeach()
--
--foreach(lib brotlicommon brotlidec brotlienc brotlicommon-static brotlidec-static brotlienc-static)
+ 
+-foreach(lib IN LISTS BROTLI_SHARED_LIBS BROTLI_STATIC_LIBS)
++foreach(lib brotlicommon brotlidec brotlienc)
    target_link_libraries(${lib} ${LIBM_LIBRARY})
    set_property(TARGET ${lib} APPEND PROPERTY INCLUDE_DIRECTORIES ${BROTLI_INCLUDE_DIRS})
    set_target_properties(${lib} PROPERTIES
-@@ -167,9 +163,6 @@ endforeach()
- target_link_libraries(brotlidec brotlicommon)
+@@ -200,9 +194,6 @@ target_link_libraries(brotlidec brotlicommon)
  target_link_libraries(brotlienc brotlicommon)
+ endif()
  
 -target_link_libraries(brotlidec-static brotlicommon-static)
 -target_link_libraries(brotlienc-static brotlicommon-static)
@@ -96,7 +102,7 @@ index fc45f80..3f87f13 100644
  # For projects stuck on older versions of CMake, this will set the
  # BROTLI_INCLUDE_DIRS and BROTLI_LIBRARIES variables so they still
  # have a relatively easy way to use Brotli:
-@@ -183,7 +176,7 @@ endif()
+@@ -216,7 +207,7 @@ endif()
  
  # Build the brotli executable
  add_executable(brotli ${BROTLI_CLI_C})
@@ -104,8 +110,8 @@ index fc45f80..3f87f13 100644
 +target_link_libraries(brotli ${BROTLI_LIBRARIES})
  
  # Installation
- if(NOT BROTLI_BUNDLED_MODE)
-@@ -199,13 +192,6 @@ if(NOT BROTLI_BUNDLED_MODE)
+ if(NOT BROTLI_EMSCRIPTEN)
+@@ -233,13 +224,6 @@ if(NOT BROTLI_BUNDLED_MODE)
      RUNTIME DESTINATION "${CMAKE_INSTALL_BINDIR}"
    )
  
@@ -119,26 +125,6 @@ index fc45f80..3f87f13 100644
    install(
      DIRECTORY ${BROTLI_INCLUDE_DIRS}/brotli
      DESTINATION "${CMAKE_INSTALL_INCLUDEDIR}"
-diff --git a/c/fuzz/test_fuzzer.sh b/c/fuzz/test_fuzzer.sh
-index 9985194..4b99947 100755
---- a/c/fuzz/test_fuzzer.sh
-+++ b/c/fuzz/test_fuzzer.sh
-@@ -13,12 +13,12 @@ mkdir bin
- cd bin
- 
- cmake $BROTLI -DCMAKE_C_COMPILER="$CC" \
--    -DBUILD_TESTING=OFF -DENABLE_SANITIZER=address
--make -j$(nproc) brotlidec-static
-+    -DBUILD_TESTING=OFF -DBUILD_SHARED_LIBS=OFF -DENABLE_SANITIZER=address
-+make -j$(nproc) brotlidec
- 
- ${CC} -o run_decode_fuzzer -std=c99 -fsanitize=address -I$SRC/include \
-     $SRC/fuzz/decode_fuzzer.c $SRC/fuzz/run_decode_fuzzer.c \
--    ./libbrotlidec-static.a ./libbrotlicommon-static.a
-+    ./libbrotlidec.a ./libbrotlicommon.a
- 
- mkdir decode_corpora
- unzip $BROTLI/java/org/brotli/integration/fuzz_data.zip -d decode_corpora
 -- 
-2.19.1
+2.28.0
 

package/brotli/0002-Revert-Add-runtime-linker-path-to-pkg-config-files.patch

@@ -0,0 +1,51 @@
+From 09b0992b6acb7faa6fd3b23f9bc036ea117230fc Mon Sep 17 00:00:00 2001
+From: Eugene Kliuchnikov <eustas.ru@gmail.com>
+Date: Wed, 2 Sep 2020 11:38:26 +0200
+Subject: [PATCH] Revert "Add runtime linker path to pkg-config files (#740)"
+ (#838)
+
+This reverts commit 31754d4ffce14153b5c2addf7a11019ec23f51c1.
+[Retrieved from:
+https://github.com/google/brotli/commit/09b0992b6acb7faa6fd3b23f9bc036ea117230fc]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ scripts/libbrotlicommon.pc.in | 2 +-
+ scripts/libbrotlidec.pc.in    | 2 +-
+ scripts/libbrotlienc.pc.in    | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/scripts/libbrotlicommon.pc.in b/scripts/libbrotlicommon.pc.in
+index 10ca969e..2a8cf7a3 100644
+--- a/scripts/libbrotlicommon.pc.in
++++ b/scripts/libbrotlicommon.pc.in
+@@ -7,5 +7,5 @@ Name: libbrotlicommon
+ URL: https://github.com/google/brotli
+ Description: Brotli common dictionary library
+ Version: @PACKAGE_VERSION@
+-Libs: -L${libdir} -R${libdir} -lbrotlicommon
++Libs: -L${libdir} -lbrotlicommon
+ Cflags: -I${includedir}
+diff --git a/scripts/libbrotlidec.pc.in b/scripts/libbrotlidec.pc.in
+index e7c3124f..6f8ef2e4 100644
+--- a/scripts/libbrotlidec.pc.in
++++ b/scripts/libbrotlidec.pc.in
+@@ -7,6 +7,6 @@ Name: libbrotlidec
+ URL: https://github.com/google/brotli
+ Description: Brotli decoder library
+ Version: @PACKAGE_VERSION@
+-Libs: -L${libdir} -R${libdir} -lbrotlidec
++Libs: -L${libdir} -lbrotlidec
+ Requires.private: libbrotlicommon >= 1.0.2
+ Cflags: -I${includedir}
+diff --git a/scripts/libbrotlienc.pc.in b/scripts/libbrotlienc.pc.in
+index 4dd0811b..2098afe2 100644
+--- a/scripts/libbrotlienc.pc.in
++++ b/scripts/libbrotlienc.pc.in
+@@ -7,6 +7,6 @@ Name: libbrotlienc
+ URL: https://github.com/google/brotli
+ Description: Brotli encoder library
+ Version: @PACKAGE_VERSION@
+-Libs: -L${libdir} -R${libdir} -lbrotlienc
++Libs: -L${libdir} -lbrotlienc
+ Requires.private: libbrotlicommon >= 1.0.2
+ Cflags: -I${includedir}

package/brotli/brotli.hash

@@ -1,5 +1,5 @@
 # Locally generated:
-sha512  a82362aa36d2f2094bca0b2808d9de0d57291fb3a4c29d7c0ca0a37e73087ec5ac4df299c8c363e61106fccf2fe7f58b5cf76eb97729e2696058ef43b1d3930a  v1.0.7.tar.gz
+sha512  b8e2df955e8796ac1f022eb4ebad29532cb7e3aa6a4b6aee91dbd2c7d637eee84d9a144d3e878895bb5e62800875c2c01c8f737a1261020c54feacf9f676b5f5  v1.0.9.tar.gz
 
 # Hash for license files:
 sha512  bae78184c2f50f86d8c727826d3982c469454c42b9af81f4ef007e39036434fa894cf5be3bf5fc65b7de2301f0a72d067a8186e303327db8a96bd14867e0a3a8  LICENSE

package/brotli/brotli.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-BROTLI_VERSION = 1.0.7
+BROTLI_VERSION = 1.0.9
 BROTLI_SOURCE = v$(BROTLI_VERSION).tar.gz
 BROTLI_SITE = https://github.com/google/brotli/archive
 BROTLI_LICENSE = MIT

package/bustle/bustle.mk

@@ -6,7 +6,7 @@
 
 BUSTLE_VERSION = 0.7.5
 BUSTLE_SITE = https://www.freedesktop.org/software/bustle/$(BUSTLE_VERSION)
-BUSTLE_LICENSE = LGPL-2.1+
+BUSTLE_LICENSE = LGPL-2.1+, GPL-3.0 (binaries)
 BUSTLE_LICENSE_FILES = LICENSE
 BUSTLE_DEPENDENCIES = libglib2 libpcap host-pkgconf
 

package/busybox/busybox.hash

@@ -1,4 +1,5 @@
 # From https://busybox.net/downloads/busybox-1.31.1.tar.bz2.sha256
-sha256 d0f940a72f648943c1f2211e0e3117387c31d765137d92bd8284a3fb9752a998  busybox-1.31.1.tar.bz2
+sha256  d0f940a72f648943c1f2211e0e3117387c31d765137d92bd8284a3fb9752a998  busybox-1.31.1.tar.bz2
 # Locally computed
-sha256 bbfc9843646d483c334664f651c208b9839626891d8f17604db2146962f43548  LICENSE
+sha256  bbfc9843646d483c334664f651c208b9839626891d8f17604db2146962f43548  LICENSE
+sha256  b5a136ed67798e51fe2e0ca0b2a21cb01b904ff0c9f7d563a6292e276607e58f  archival/libarchive/bz/LICENSE

package/busybox/busybox.mk

@@ -7,8 +7,8 @@
 BUSYBOX_VERSION = 1.31.1
 BUSYBOX_SITE = http://www.busybox.net/downloads
 BUSYBOX_SOURCE = busybox-$(BUSYBOX_VERSION).tar.bz2
-BUSYBOX_LICENSE = GPL-2.0
-BUSYBOX_LICENSE_FILES = LICENSE
+BUSYBOX_LICENSE = GPL-2.0, bzip2-1.0.4
+BUSYBOX_LICENSE_FILES = LICENSE archival/libarchive/bz/LICENSE
 
 define BUSYBOX_HELP_CMDS
 	@echo '  busybox-menuconfig     - Run BusyBox menuconfig'

package/c-ares/0001-src-lib-Makefile.am-install-ares_dns.h.patch

@@ -0,0 +1,37 @@
+From e2180d95fb67f57b6ffba01fefb4844a1ca4f792 Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Wed, 18 Nov 2020 08:12:45 +0100
+Subject: [PATCH] src/lib/Makefile.am: install ares_dns.h
+
+This will avoid the following build failure with resiprocate:
+
+In file included from dns/DnsCnameRecord.cxx:7:
+dns/AresCompat.hxx:5:10: fatal error: ares_dns.h: No such file or directory
+ #include "ares_dns.h"
+          ^~~~~~~~~~~~
+
+Fixes:
+ - http://autobuild.buildroot.org/results/cbf158f0c037d44ef293a8804d18c84e3b731059
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Upstream status: https://github.com/c-ares/c-ares/pull/376]
+---
+ src/lib/Makefile.am | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am
+index c918667..92a4152 100644
+--- a/src/lib/Makefile.am
++++ b/src/lib/Makefile.am
+@@ -14,6 +14,8 @@ lib_LTLIBRARIES = libcares.la
+ 
+ man_MANS = $(MANPAGES)
+ 
++include_HEADERS = ares_dns.h
++
+ # adig and ahost are just sample programs and thus not mentioned with the
+ # regular sources and headers
+ EXTRA_DIST = Makefile.inc config-win32.h CMakeLists.txt \
+-- 
+2.29.2
+

package/c-ares/c-ares.hash

@@ -1,5 +1,5 @@
 # Locally calculated after checking pgp signature
-sha256  d08312d0ecc3bd48eee0a4cc0d2137c9f194e0a28de2028928c0f6cae85f86ce  c-ares-1.16.1.tar.gz
+sha256  1cecd5dbe21306c7263f8649aa6e9a37aecb985995a3489f487d98df2b40757d  c-ares-1.17.0.tar.gz
 
 # Hash for license file
 sha256  db4eb63fe09daebdf57d3f79b091bb5ee5070c0d761040e83264e648d307af4c  LICENSE.md

package/c-ares/c-ares.mk

@@ -4,12 +4,14 @@
 #
 ################################################################################
 
-C_ARES_VERSION = 1.16.1
+C_ARES_VERSION = 1.17.0
 C_ARES_SITE = http://c-ares.haxx.se/download
 C_ARES_INSTALL_STAGING = YES
 C_ARES_CONF_OPTS = --with-random=/dev/urandom
 C_ARES_LICENSE = MIT
 C_ARES_LICENSE_FILES = LICENSE.md
+# We're patching src/lib/Makefile.am
+C_ARES_AUTORECONF = YES
 
 $(eval $(autotools-package))
 $(eval $(host-autotools-package))

package/ca-certificates/ca-certificates.hash

@@ -1,6 +1,6 @@
 # hashes from: $(CA_CERTIFICATES_SITE)/ca-certificates_$(CA_CERTIFICATES_VERSION).dsc :
-sha1   47d4584eae85fc905e4994766eb3930a8a84e2e1                         ca-certificates_20190110.tar.xz
-sha256 ee4bf0f4c6398005f5b5ca4e0b87b82837ac5c3b0280a1cb3a63c47555c3a675 ca-certificates_20190110.tar.xz
+sha1  f17235bc9c3aec538065a655681815c242a6d7d5  ca-certificates_20200601.tar.xz
+sha256  43766d5a436519503dfd65ab83488ae33ab4d4ca3d0993797b58c92eb9ed4e63  ca-certificates_20200601.tar.xz
 
 # Locally computed
-sha256 80fd11117df5543d5cf17bfd951b0ead213f7867d0b09f09c6d5a5eca3ff7422 debian/copyright
+sha256  e85e1bcad3a915dc7e6f41412bc5bdeba275cadd817896ea0451f2140a93967c  debian/copyright

package/ca-certificates/ca-certificates.mk

@@ -4,9 +4,9 @@
 #
 ################################################################################
 
-CA_CERTIFICATES_VERSION = 20190110
+CA_CERTIFICATES_VERSION = 20200601
 CA_CERTIFICATES_SOURCE = ca-certificates_$(CA_CERTIFICATES_VERSION).tar.xz
-CA_CERTIFICATES_SITE = http://snapshot.debian.org/archive/debian/20190513T145054Z/pool/main/c/ca-certificates
+CA_CERTIFICATES_SITE = http://snapshot.debian.org/archive/debian/20200602T145955Z/pool/main/c/ca-certificates
 CA_CERTIFICATES_DEPENDENCIES = host-openssl
 # ca-certificates can be built with either python 2 or python 3
 # but it must be at least python 2.7

package/cdrkit/cdrkit.mk

@@ -18,5 +18,14 @@ else
 CDRKIT_CONF_OPTS += -DBITFIELDS_HTOL=0
 endif
 
+ifeq ($(BR2_PACKAGE_FILE),y)
+CDRKIT_DEPENDENCIES += host-pkgconf file
+CDRKIT_CONF_OPTS += \
+	-DUSE_MAGIC=ON \
+	-DEXTRA_LIBS="`$(PKG_CONFIG_HOST_BINARY) --libs libmagic`"
+else
+CDRKIT_CONF_OPTS += -DUSE_MAGIC=OFF
+endif
+
 $(eval $(cmake-package))
 $(eval $(host-cmake-package))

package/cifs-utils/0001-Use-DESTDIR-when-installing-mount.smb3-and-optionall.patch

@@ -0,0 +1,41 @@
+From dbb4452787cb966cc74b2015689961875fd5d668 Mon Sep 17 00:00:00 2001
+From: Ryan Barnett <ryanbarnett3@gmail.com>
+Date: Mon, 27 Apr 2020 22:03:25 -0500
+Subject: [PATCH] Use DESTDIR when installing mount.smb3 and optionally install
+ man page
+
+Properly create mount.smb3 symlink by using DESTDIR. Also use
+CONFIG_MAN to optionally install manpage for mount.smb3.
+
+Signed-off-by: Ryan Barnett <ryanbarnett3@gmail.com>
+---
+Upstream: https://marc.info/?l=linux-cifs&m=158804444725745&w=2
+---
+ Makefile.am | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index fe9cd34..e0587f1 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -119,11 +119,13 @@ endif
+ SUBDIRS = contrib
+ 
+ install-exec-hook:
+-	(cd $(ROOTSBINDIR) && ln -sf mount.cifs mount.smb3)
++	(cd $(DESTDIR)$(ROOTSBINDIR) && ln -sf mount.cifs mount.smb3)
+ 
++if CONFIG_MAN
+ install-data-hook:
+-	(cd $(man8dir) && ln -sf mount.cifs.8 mount.smb3.8)
++	(cd $(DESTDIR)$(man8dir) && ln -sf mount.cifs.8 mount.smb3.8)
++endif
+ 
+ uninstall-hook:
+-	(cd $(ROOTSBINDIR) && rm -f $(ROOTSBINDIR)/mount.smb3)
+-	(cd $(man8dir) && rm -f $(man8dir)/mount.smb3.8)
++	rm -f $(DESTDIR)$(ROOTSBINDIR)/mount.smb3
++	rm -f $(DESTDIR)$(man8dir)/mount.smb3.8
+-- 
+2.17.1
+

package/cifs-utils/cifs-utils.hash

@@ -1,5 +1,5 @@
 # Locally calculated after checking pgp signature
-sha256	18d8f1bf92c13c4d611502dbd6759e3a766ddc8467ec8a2eda3f589e40b9ac9c	cifs-utils-6.9.tar.bz2
+sha256  b859239a3f204f8220d3e54ed43bf8109e1ef202042dd87ba87492f8878728d9  cifs-utils-6.11.tar.bz2
 
 # Hash for license file:
-sha256	8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903	COPYING
+sha256  8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903  COPYING

package/cifs-utils/cifs-utils.mk

@@ -4,12 +4,12 @@
 #
 ################################################################################
 
-CIFS_UTILS_VERSION = 6.9
+CIFS_UTILS_VERSION = 6.11
 CIFS_UTILS_SOURCE = cifs-utils-$(CIFS_UTILS_VERSION).tar.bz2
 CIFS_UTILS_SITE = http://ftp.samba.org/pub/linux-cifs/cifs-utils
 CIFS_UTILS_LICENSE = GPL-3.0+
 CIFS_UTILS_LICENSE_FILES = COPYING
-# Missing install-sh in release tarball
+# Missing install-sh in release tarball and patching Makefile.am
 CIFS_UTILS_AUTORECONF = YES
 CIFS_UTILS_DEPENDENCIES = host-pkgconf
 
@@ -17,6 +17,9 @@ CIFS_UTILS_DEPENDENCIES = host-pkgconf
 # the global BR2_RELRO_FULL option.
 CIFS_UTILS_CONF_OPTS = --disable-pie --disable-man
 
+# uses C11 code in smbinfo.c and mtab.c
+CIFS_UTILS_CONF_ENV += CFLAGS="$(TARGET_CFLAGS) -std=gnu11"
+
 ifeq ($(BR2_PACKAGE_KEYUTILS),y)
 CIFS_UTILS_DEPENDENCIES += keyutils
 endif

package/cryptopp/cryptopp.hash

@@ -1,5 +1,5 @@
-# Hash from: https://www.cryptopp.com/release820.html:
-sha256  03f0e2242e11b9d19b28d0ec5a3fa8ed5cc7b27640e6bed365744f593e858058  cryptopp820.zip
+# Hash from: https://www.cryptopp.com/release830.html:
+sha512  ad5219a66c5924d330d3646d0ff996dd235006f6812074bc4eb9e8c662a4f000ba20449d377f24b133d19ce682f7b2a3b2eb4c08857ce0f5bb39743d1d425147  cryptopp830.zip
 
 # Hash for license file:
-sha256  f29d65ae3f0c8e327284f193524643ffb4d682fcca3e1740a5c6cbab0e720583  License.txt
+sha256  e668af8c73a38a66a1e8951d14ec24e7582fee5254dd6c3dae488a416d105d5f  License.txt

package/cryptopp/cryptopp.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-CRYPTOPP_VERSION = 8.2.0
+CRYPTOPP_VERSION = 8.3.0
 CRYPTOPP_SOURCE = cryptopp$(subst .,,$(CRYPTOPP_VERSION)).zip
 CRYPTOPP_SITE = https://cryptopp.com
 CRYPTOPP_LICENSE = BSL-1.0, BSD-3-Clause (CRYPTOGAMS), Public domain (ChaCha SSE2 and AVX)

package/cryptsetup/0003-Avoid-name-clash-with-newer-json-c-library.patch

@@ -0,0 +1,512 @@
+From 55cf272d275c561459f2c9c3dc943ef7a69c9d4c Mon Sep 17 00:00:00 2001
+From: Ondrej Kozina <okozina@redhat.com>
+Date: Tue, 14 Apr 2020 17:24:54 +0200
+Subject: [PATCH] Avoid name clash with newer json-c library.
+
+This is partial revert of previous commit and also
+fixes wrong decision to name our internal helpers with
+json_object prefix.
+
+(cherry picked from commit e6a356974330e3ae21579a5737976e9a2aad1b51)
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ lib/luks2/luks2_internal.h      |  8 +++-----
+ lib/luks2/luks2_json_format.c   |  6 +++---
+ lib/luks2/luks2_json_metadata.c | 18 ++++++++----------
+ lib/luks2/luks2_keyslot.c       |  8 ++++----
+ lib/luks2/luks2_keyslot_luks2.c | 16 ++++++++--------
+ lib/luks2/luks2_keyslot_reenc.c | 20 ++++++++++----------
+ lib/luks2/luks2_luks1_convert.c | 22 +++++++++++-----------
+ lib/luks2/luks2_reencrypt.c     | 16 ++++++++--------
+ lib/luks2/luks2_segment.c       | 12 ++++++------
+ 9 files changed, 61 insertions(+), 65 deletions(-)
+
+diff --git a/lib/luks2/luks2_internal.h b/lib/luks2/luks2_internal.h
+index 6a8b8f2a..d2222e84 100644
+--- a/lib/luks2/luks2_internal.h
++++ b/lib/luks2/luks2_internal.h
+@@ -59,11 +59,9 @@ json_object *LUKS2_get_segments_jobj(struct luks2_hdr *hdr);
+ void hexprint_base64(struct crypt_device *cd, json_object *jobj,
+ 		     const char *sep, const char *line_sep);
+ 
+-#if !(defined JSON_C_VERSION_NUM && JSON_C_VERSION_NUM >= ((13 << 8) | 99))
+-uint64_t json_object_get_uint64(json_object *jobj);
+-json_object *json_object_new_uint64(uint64_t value);
+-#endif
+-uint32_t json_object_get_uint32(json_object *jobj);
++uint64_t crypt_jobj_get_uint64(json_object *jobj);
++uint32_t crypt_jobj_get_uint32(json_object *jobj);
++json_object *crypt_jobj_new_uint64(uint64_t value);
+ 
+ int json_object_object_add_by_uint(json_object *jobj, unsigned key, json_object *jobj_val);
+ void json_object_object_del_by_uint(json_object *jobj, unsigned key);
+diff --git a/lib/luks2/luks2_json_format.c b/lib/luks2/luks2_json_format.c
+index d4f36247..32ea0ea4 100644
+--- a/lib/luks2/luks2_json_format.c
++++ b/lib/luks2/luks2_json_format.c
+@@ -325,8 +325,8 @@ int LUKS2_generate_hdr(
+ 
+ 	json_object_object_add_by_uint(jobj_segments, 0, jobj_segment);
+ 
+-	json_object_object_add(jobj_config, "json_size", json_object_new_uint64(metadata_size - LUKS2_HDR_BIN_LEN));
+-	json_object_object_add(jobj_config, "keyslots_size", json_object_new_uint64(keyslots_size));
++	json_object_object_add(jobj_config, "json_size", crypt_jobj_new_uint64(metadata_size - LUKS2_HDR_BIN_LEN));
++	json_object_object_add(jobj_config, "keyslots_size", crypt_jobj_new_uint64(keyslots_size));
+ 
+ 	JSON_DBG(cd, hdr->jobj, "Header JSON:");
+ 	return 0;
+@@ -400,6 +400,6 @@ int LUKS2_set_keyslots_size(struct crypt_device *cd,
+ 	if (!json_object_object_get_ex(hdr->jobj, "config", &jobj_config))
+ 		return 1;
+ 
+-	json_object_object_add(jobj_config, "keyslots_size", json_object_new_uint64(keyslots_size));
++	json_object_object_add(jobj_config, "keyslots_size", crypt_jobj_new_uint64(keyslots_size));
+ 	return 0;
+ }
+diff --git a/lib/luks2/luks2_json_metadata.c b/lib/luks2/luks2_json_metadata.c
+index 52421fac..19fb9588 100644
+--- a/lib/luks2/luks2_json_metadata.c
++++ b/lib/luks2/luks2_json_metadata.c
+@@ -219,7 +219,7 @@ int LUKS2_get_default_segment(struct luks2_hdr *hdr)
+  * json_type_int needs to be validated first.
+  * See validate_json_uint32()
+  */
+-uint32_t json_object_get_uint32(json_object *jobj)
++uint32_t crypt_jobj_get_uint32(json_object *jobj)
+ {
+ 	return json_object_get_int64(jobj);
+ }
+@@ -241,15 +241,14 @@ static json_bool json_str_to_uint64(json_object *jobj, uint64_t *value)
+ 	return 1;
+ }
+ 
+-#if !(defined JSON_C_VERSION_NUM && JSON_C_VERSION_NUM >= ((13 << 8) | 99))
+-uint64_t json_object_get_uint64(json_object *jobj)
++uint64_t crypt_jobj_get_uint64(json_object *jobj)
+ {
+ 	uint64_t r;
+ 	json_str_to_uint64(jobj, &r);
+ 	return r;
+ }
+ 
+-json_object *json_object_new_uint64(uint64_t value)
++json_object *crypt_jobj_new_uint64(uint64_t value)
+ {
+ 	/* 18446744073709551615 */
+ 	char num[21];
+@@ -263,7 +262,6 @@ json_object *json_object_new_uint64(uint64_t value)
+ 	jobj = json_object_new_string(num);
+ 	return jobj;
+ }
+-#endif
+ 
+ /*
+  * Validate helpers
+@@ -457,7 +455,7 @@ static int hdr_validate_json_size(struct crypt_device *cd, json_object *hdr_jobj
+ 
+ 	json = json_object_to_json_string_ext(hdr_jobj,
+ 		JSON_C_TO_STRING_PLAIN | JSON_C_TO_STRING_NOSLASHESCAPE);
+-	json_area_size = json_object_get_uint64(jobj1);
++	json_area_size = crypt_jobj_get_uint64(jobj1);
+ 	json_size = (uint64_t)strlen(json);
+ 
+ 	if (hdr_json_size != json_area_size) {
+@@ -545,7 +543,7 @@ static int hdr_validate_crypt_segment(struct crypt_device *cd,
+ 		return 1;
+ 	}
+ 
+-	sector_size = json_object_get_uint32(jobj_sector_size);
++	sector_size = crypt_jobj_get_uint32(jobj_sector_size);
+ 	if (!sector_size || MISALIGNED_512(sector_size)) {
+ 		log_dbg(cd, "Illegal sector size: %" PRIu32, sector_size);
+ 		return 1;
+@@ -1569,7 +1567,7 @@ static void hdr_dump_keyslots(struct crypt_device *cd, json_object *hdr_jobj)
+ 		log_std(cd, "  %s: %s%s\n", slot, tmps, r == -ENOENT ? " (unbound)" : "");
+ 
+ 		if (json_object_object_get_ex(val, "key_size", &jobj2))
+-			log_std(cd, "\tKey:        %u bits\n", json_object_get_uint32(jobj2) * 8);
++			log_std(cd, "\tKey:        %u bits\n", crypt_jobj_get_uint32(jobj2) * 8);
+ 
+ 		log_std(cd, "\tPriority:   %s\n", get_priority_desc(val));
+ 
+@@ -1652,7 +1650,7 @@ static void hdr_dump_segments(struct crypt_device *cd, json_object *hdr_jobj)
+ 			log_std(cd, "\tcipher: %s\n", json_object_get_string(jobj1));
+ 
+ 		if (json_object_object_get_ex(jobj_segment, "sector_size", &jobj1))
+-			log_std(cd, "\tsector: %" PRIu32 " [bytes]\n", json_object_get_uint32(jobj1));
++			log_std(cd, "\tsector: %" PRIu32 " [bytes]\n", crypt_jobj_get_uint32(jobj1));
+ 
+ 		if (json_object_object_get_ex(jobj_segment, "integrity", &jobj1) &&
+ 		    json_object_object_get_ex(jobj1, "type", &jobj2))
+@@ -1749,7 +1747,7 @@ int LUKS2_get_data_size(struct luks2_hdr *hdr, uint64_t *size, bool *dynamic)
+ 			return 0;
+ 		}
+ 
+-		tmp += json_object_get_uint64(jobj_size);
++		tmp += crypt_jobj_get_uint64(jobj_size);
+ 	}
+ 
+ 	/* impossible, real device size must not be zero */
+diff --git a/lib/luks2/luks2_keyslot.c b/lib/luks2/luks2_keyslot.c
+index 7d06df80..d853fc8e 100644
+--- a/lib/luks2/luks2_keyslot.c
++++ b/lib/luks2/luks2_keyslot.c
+@@ -301,11 +301,11 @@ int LUKS2_keyslot_area(struct luks2_hdr *hdr,
+ 
+ 	if (!json_object_object_get_ex(jobj_area, "offset", &jobj))
+ 		return -EINVAL;
+-	*offset = json_object_get_uint64(jobj);
++	*offset = crypt_jobj_get_uint64(jobj);
+ 
+ 	if (!json_object_object_get_ex(jobj_area, "size", &jobj))
+ 		return -EINVAL;
+-	*length = json_object_get_uint64(jobj);
++	*length = crypt_jobj_get_uint64(jobj);
+ 
+ 	return 0;
+ }
+@@ -840,8 +840,8 @@ int placeholder_keyslot_alloc(struct crypt_device *cd,
+ 
+ 	/* Area object */
+ 	jobj_area = json_object_new_object();
+-	json_object_object_add(jobj_area, "offset", json_object_new_uint64(area_offset));
+-	json_object_object_add(jobj_area, "size", json_object_new_uint64(area_length));
++	json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(area_offset));
++	json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_length));
+ 	json_object_object_add(jobj_keyslot, "area", jobj_area);
+ 
+ 	json_object_object_add_by_uint(jobj_keyslots, keyslot, jobj_keyslot);
+diff --git a/lib/luks2/luks2_keyslot_luks2.c b/lib/luks2/luks2_keyslot_luks2.c
+index 7b438a8b..953ba168 100644
+--- a/lib/luks2/luks2_keyslot_luks2.c
++++ b/lib/luks2/luks2_keyslot_luks2.c
+@@ -220,7 +220,7 @@ static int luks2_keyslot_set_key(struct crypt_device *cd,
+ 
+ 	if (!json_object_object_get_ex(jobj_area, "offset", &jobj2))
+ 		return -EINVAL;
+-	area_offset = json_object_get_uint64(jobj2);
++	area_offset = crypt_jobj_get_uint64(jobj2);
+ 
+ 	if (!json_object_object_get_ex(jobj_area, "encryption", &jobj2))
+ 		return -EINVAL;
+@@ -313,7 +313,7 @@ static int luks2_keyslot_get_key(struct crypt_device *cd,
+ 
+ 	if (!json_object_object_get_ex(jobj_area, "offset", &jobj2))
+ 		return -EINVAL;
+-	area_offset = json_object_get_uint64(jobj2);
++	area_offset = crypt_jobj_get_uint64(jobj2);
+ 
+ 	if (!json_object_object_get_ex(jobj_area, "encryption", &jobj2))
+ 		return -EINVAL;
+@@ -494,8 +494,8 @@ static int luks2_keyslot_alloc(struct crypt_device *cd,
+ 	/* Area object */
+ 	jobj_area = json_object_new_object();
+ 	json_object_object_add(jobj_area, "type", json_object_new_string("raw"));
+-	json_object_object_add(jobj_area, "offset", json_object_new_uint64(area_offset));
+-	json_object_object_add(jobj_area, "size", json_object_new_uint64(area_length));
++	json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(area_offset));
++	json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_length));
+ 	json_object_object_add(jobj_keyslot, "area", jobj_area);
+ 
+ 	json_object_object_add_by_uint(jobj_keyslots, keyslot, jobj_keyslot);
+@@ -607,7 +607,7 @@ static int luks2_keyslot_dump(struct crypt_device *cd, int keyslot)
+ 	log_std(cd, "\tCipher:     %s\n", json_object_get_string(jobj1));
+ 
+ 	json_object_object_get_ex(jobj_area, "key_size", &jobj1);
+-	log_std(cd, "\tCipher key: %u bits\n", json_object_get_uint32(jobj1) * 8);
++	log_std(cd, "\tCipher key: %u bits\n", crypt_jobj_get_uint32(jobj1) * 8);
+ 
+ 	json_object_object_get_ex(jobj_kdf, "type", &jobj1);
+ 	log_std(cd, "\tPBKDF:      %s\n", json_object_get_string(jobj1));
+@@ -617,7 +617,7 @@ static int luks2_keyslot_dump(struct crypt_device *cd, int keyslot)
+ 		log_std(cd, "\tHash:       %s\n", json_object_get_string(jobj1));
+ 
+ 		json_object_object_get_ex(jobj_kdf, "iterations", &jobj1);
+-		log_std(cd, "\tIterations: %" PRIu64 "\n", json_object_get_uint64(jobj1));
++		log_std(cd, "\tIterations: %" PRIu64 "\n", crypt_jobj_get_uint64(jobj1));
+ 	} else {
+ 		json_object_object_get_ex(jobj_kdf, "time", &jobj1);
+ 		log_std(cd, "\tTime cost:  %" PRIu64 "\n", json_object_get_int64(jobj1));
+@@ -640,10 +640,10 @@ static int luks2_keyslot_dump(struct crypt_device *cd, int keyslot)
+ 	log_std(cd, "\tAF hash:    %s\n", json_object_get_string(jobj1));
+ 
+ 	json_object_object_get_ex(jobj_area, "offset", &jobj1);
+-	log_std(cd, "\tArea offset:%" PRIu64 " [bytes]\n", json_object_get_uint64(jobj1));
++	log_std(cd, "\tArea offset:%" PRIu64 " [bytes]\n", crypt_jobj_get_uint64(jobj1));
+ 
+ 	json_object_object_get_ex(jobj_area, "size", &jobj1);
+-	log_std(cd, "\tArea length:%" PRIu64 " [bytes]\n", json_object_get_uint64(jobj1));
++	log_std(cd, "\tArea length:%" PRIu64 " [bytes]\n", crypt_jobj_get_uint64(jobj1));
+ 
+ 	return 0;
+ }
+diff --git a/lib/luks2/luks2_keyslot_reenc.c b/lib/luks2/luks2_keyslot_reenc.c
+index 64b8d274..c6b92db3 100644
+--- a/lib/luks2/luks2_keyslot_reenc.c
++++ b/lib/luks2/luks2_keyslot_reenc.c
+@@ -67,13 +67,13 @@ int reenc_keyslot_alloc(struct crypt_device *cd,
+ 
+ 	if (params->data_shift) {
+ 		json_object_object_add(jobj_area, "type", json_object_new_string("datashift"));
+-		json_object_object_add(jobj_area, "shift_size", json_object_new_uint64(params->data_shift << SECTOR_SHIFT));
++		json_object_object_add(jobj_area, "shift_size", crypt_jobj_new_uint64(params->data_shift << SECTOR_SHIFT));
+ 	} else
+ 		/* except data shift protection, initial setting is irrelevant. Type can be changed during reencryption */
+ 		json_object_object_add(jobj_area, "type", json_object_new_string("none"));
+ 
+-	json_object_object_add(jobj_area, "offset", json_object_new_uint64(area_offset));
+-	json_object_object_add(jobj_area, "size", json_object_new_uint64(area_length));
++	json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(area_offset));
++	json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_length));
+ 
+ 	json_object_object_add(jobj_keyslot, "type", json_object_new_string("reencrypt"));
+ 	json_object_object_add(jobj_keyslot, "key_size", json_object_new_int(1)); /* useless but mandatory */
+@@ -113,8 +113,8 @@ static int reenc_keyslot_store_data(struct crypt_device *cd,
+ 	    !json_object_object_get_ex(jobj_area, "size", &jobj_length))
+ 		return -EINVAL;
+ 
+-	area_offset = json_object_get_uint64(jobj_offset);
+-	area_length = json_object_get_uint64(jobj_length);
++	area_offset = crypt_jobj_get_uint64(jobj_offset);
++	area_length = crypt_jobj_get_uint64(jobj_length);
+ 
+ 	if (!area_offset || !area_length || ((uint64_t)buffer_len > area_length))
+ 		return -EINVAL;
+@@ -242,14 +242,14 @@ static int reenc_keyslot_dump(struct crypt_device *cd, int keyslot)
+ 		log_std(cd, "\t%-12s%d [bytes]\n", "Hash data:", json_object_get_int(jobj1));
+ 	} else if (!strcmp(json_object_get_string(jobj_resilience), "datashift")) {
+ 		json_object_object_get_ex(jobj_area, "shift_size", &jobj1);
+-		log_std(cd, "\t%-12s%" PRIu64 "[bytes]\n", "Shift size:", json_object_get_uint64(jobj1));
++		log_std(cd, "\t%-12s%" PRIu64 "[bytes]\n", "Shift size:", crypt_jobj_get_uint64(jobj1));
+ 	}
+ 
+ 	json_object_object_get_ex(jobj_area, "offset", &jobj1);
+-	log_std(cd, "\tArea offset:%" PRIu64 " [bytes]\n", json_object_get_uint64(jobj1));
++	log_std(cd, "\tArea offset:%" PRIu64 " [bytes]\n", crypt_jobj_get_uint64(jobj1));
+ 
+ 	json_object_object_get_ex(jobj_area, "size", &jobj1);
+-	log_std(cd, "\tArea length:%" PRIu64 " [bytes]\n", json_object_get_uint64(jobj1));
++	log_std(cd, "\tArea length:%" PRIu64 " [bytes]\n", crypt_jobj_get_uint64(jobj1));
+ 
+ 	return 0;
+ }
+@@ -304,7 +304,7 @@ static int reenc_keyslot_validate(struct crypt_device *cd, json_object *jobj_key
+ 			return -EINVAL;
+ 		if (!validate_json_uint32(jobj_sector_size))
+ 			return -EINVAL;
+-		sector_size = json_object_get_uint32(jobj_sector_size);
++		sector_size = crypt_jobj_get_uint32(jobj_sector_size);
+ 		if (sector_size < SECTOR_SIZE || NOTPOW2(sector_size)) {
+ 			log_dbg(cd, "Invalid sector_size (%" PRIu32 ") for checksum resilience mode.", sector_size);
+ 			return -EINVAL;
+@@ -313,7 +313,7 @@ static int reenc_keyslot_validate(struct crypt_device *cd, json_object *jobj_key
+ 		if (!(jobj_shift_size = json_contains(cd, jobj_area, "type:datashift", "Keyslot area", "shift_size", json_type_string)))
+ 			return -EINVAL;
+ 
+-		shift_size = json_object_get_uint64(jobj_shift_size);
++		shift_size = crypt_jobj_get_uint64(jobj_shift_size);
+ 		if (!shift_size)
+ 			return -EINVAL;
+ 
+diff --git a/lib/luks2/luks2_luks1_convert.c b/lib/luks2/luks2_luks1_convert.c
+index 7f5f26b7..cbaa8603 100644
+--- a/lib/luks2/luks2_luks1_convert.c
++++ b/lib/luks2/luks2_luks1_convert.c
+@@ -91,8 +91,8 @@ static int json_luks1_keyslot(const struct luks_phdr *hdr_v1, int keyslot, struc
+ 	}
+ 	area_size = offs_b - offs_a;
+ 	json_object_object_add(jobj_area, "key_size", json_object_new_int(hdr_v1->keyBytes));
+-	json_object_object_add(jobj_area, "offset", json_object_new_uint64(offset));
+-	json_object_object_add(jobj_area, "size", json_object_new_uint64(area_size));
++	json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(offset));
++	json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_size));
+ 	json_object_object_add(keyslot_obj, "area", jobj_area);
+ 
+ 	*keyslot_object = keyslot_obj;
+@@ -145,7 +145,7 @@ static int json_luks1_segment(const struct luks_phdr *hdr_v1, struct json_object
+ 	/* offset field */
+ 	number = (uint64_t)hdr_v1->payloadOffset * SECTOR_SIZE;
+ 
+-	field = json_object_new_uint64(number);
++	field = crypt_jobj_new_uint64(number);
+ 	if (!field) {
+ 		json_object_put(segment_obj);
+ 		return -ENOMEM;
+@@ -401,8 +401,8 @@ static int json_luks1_object(struct luks_phdr *hdr_v1, struct json_object **luks
+ 	json_object_object_add(luks1_obj, "config", field);
+ 
+ 	json_size = LUKS2_HDR_16K_LEN - LUKS2_HDR_BIN_LEN;
+-	json_object_object_add(field, "json_size", json_object_new_uint64(json_size));
+-	json_object_object_add(field, "keyslots_size", json_object_new_uint64(keyslots_size));
++	json_object_object_add(field, "json_size", crypt_jobj_new_uint64(json_size));
++	json_object_object_add(field, "keyslots_size", crypt_jobj_new_uint64(keyslots_size));
+ 
+ 	*luks1_object = luks1_obj;
+ 	return 0;
+@@ -418,8 +418,8 @@ static void move_keyslot_offset(json_object *jobj, int offset_add)
+ 		UNUSED(key);
+ 		json_object_object_get_ex(val, "area", &jobj_area);
+ 		json_object_object_get_ex(jobj_area, "offset", &jobj2);
+-		offset = json_object_get_uint64(jobj2) + offset_add;
+-		json_object_object_add(jobj_area, "offset", json_object_new_uint64(offset));
++		offset = crypt_jobj_get_uint64(jobj2) + offset_add;
++		json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(offset));
+ 	}
+ }
+ 
+@@ -749,7 +749,7 @@ int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct
+ 				return -EINVAL;
+ 			if (!json_object_object_get_ex(jobj_area, "offset", &jobj1))
+ 				return -EINVAL;
+-			offset = json_object_get_uint64(jobj1);
++			offset = crypt_jobj_get_uint64(jobj1);
+ 		} else {
+ 			if (LUKS2_find_area_gap(cd, hdr2, key_size, &offset, &area_length))
+ 				return -EINVAL;
+@@ -781,7 +781,7 @@ int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct
+ 
+ 		if (!json_object_object_get_ex(jobj_kdf, "iterations", &jobj1))
+ 			continue;
+-		hdr1->keyblock[i].passwordIterations = json_object_get_uint32(jobj1);
++		hdr1->keyblock[i].passwordIterations = crypt_jobj_get_uint32(jobj1);
+ 
+ 		if (!json_object_object_get_ex(jobj_kdf, "salt", &jobj1))
+ 			continue;
+@@ -822,7 +822,7 @@ int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct
+ 
+ 	if (!json_object_object_get_ex(jobj_digest, "iterations", &jobj1))
+ 		return -EINVAL;
+-	hdr1->mkDigestIterations = json_object_get_uint32(jobj1);
++	hdr1->mkDigestIterations = crypt_jobj_get_uint32(jobj1);
+ 
+ 	if (!json_object_object_get_ex(jobj_digest, "digest", &jobj1))
+ 		return -EINVAL;
+@@ -847,7 +847,7 @@ int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct
+ 
+ 	if (!json_object_object_get_ex(jobj_segment, "offset", &jobj1))
+ 		return -EINVAL;
+-	offset = json_object_get_uint64(jobj1) / SECTOR_SIZE;
++	offset = crypt_jobj_get_uint64(jobj1) / SECTOR_SIZE;
+ 	if (offset > UINT32_MAX)
+ 		return -EINVAL;
+ 	/* FIXME: LUKS1 requires offset == 0 || offset >= luks1_hdr_size */
+diff --git a/lib/luks2/luks2_reencrypt.c b/lib/luks2/luks2_reencrypt.c
+index 6bac4420..c99577cc 100644
+--- a/lib/luks2/luks2_reencrypt.c
++++ b/lib/luks2/luks2_reencrypt.c
+@@ -165,7 +165,7 @@ static uint32_t reencrypt_alignment(struct luks2_hdr *hdr)
+ 	if (!json_object_object_get_ex(jobj_area, "sector_size", &jobj_sector_size))
+ 		return 0;
+ 
+-	return json_object_get_uint32(jobj_sector_size);
++	return crypt_jobj_get_uint32(jobj_sector_size);
+ }
+ 
+ static json_object *_enc_create_segments_shift_after(struct crypt_device *cd,
+@@ -200,13 +200,13 @@ static json_object *_enc_create_segments_shift_after(struct crypt_device *cd,
+ 		json_segment_remove_flag(jobj_seg_new, "in-reencryption");
+ 		tmp = rh->length;
+ 	} else {
+-		json_object_object_add(jobj_seg_new, "offset", json_object_new_uint64(rh->offset + data_offset));
+-		json_object_object_add(jobj_seg_new, "iv_tweak", json_object_new_uint64(rh->offset >> SECTOR_SHIFT));
++		json_object_object_add(jobj_seg_new, "offset", crypt_jobj_new_uint64(rh->offset + data_offset));
++		json_object_object_add(jobj_seg_new, "iv_tweak", crypt_jobj_new_uint64(rh->offset >> SECTOR_SHIFT));
+ 		tmp = json_segment_get_size(jobj_seg_new, 0) + rh->length;
+ 	}
+ 
+ 	/* alter size of new segment, reenc_seg == 0 we're finished */
+-	json_object_object_add(jobj_seg_new, "size", reenc_seg > 0 ? json_object_new_uint64(tmp) : json_object_new_string("dynamic"));
++	json_object_object_add(jobj_seg_new, "size", reenc_seg > 0 ? crypt_jobj_new_uint64(tmp) : json_object_new_string("dynamic"));
+ 	json_object_object_add_by_uint(jobj_segs_post, reenc_seg, jobj_seg_new);
+ 
+ 	return jobj_segs_post;
+@@ -256,7 +256,7 @@ static json_object *reencrypt_make_hot_segments_encrypt_shift(struct crypt_devic
+ 		jobj_seg_shrunk = NULL;
+ 		if (json_object_copy(LUKS2_get_segment_jobj(hdr, sg), &jobj_seg_shrunk))
+ 			goto err;
+-		json_object_object_add(jobj_seg_shrunk, "size", json_object_new_uint64(segment_size - rh->length));
++		json_object_object_add(jobj_seg_shrunk, "size", crypt_jobj_new_uint64(segment_size - rh->length));
+ 		json_object_object_add_by_uint(jobj_segs_hot, sg++, jobj_seg_shrunk);
+ 	}
+ 
+@@ -336,7 +336,7 @@ static json_object *reencrypt_make_post_segments_forward(struct crypt_device *cd
+ 				goto err;
+ 			jobj_old_seg = jobj_old_seg_copy;
+ 			fixed_length = rh->device_size - fixed_length;
+-			json_object_object_add(jobj_old_seg, "size", json_object_new_uint64(fixed_length));
++			json_object_object_add(jobj_old_seg, "size", crypt_jobj_new_uint64(fixed_length));
+ 		} else
+ 			json_object_get(jobj_old_seg);
+ 		json_object_object_add_by_uint(jobj_segs_post, 1, jobj_old_seg);
+@@ -491,7 +491,7 @@ static json_object *reencrypt_make_hot_segments_backward(struct crypt_device *cd
+ 	if (rh->offset) {
+ 		if (json_object_copy(LUKS2_get_segment_jobj(hdr, 0), &jobj_old_seg))
+ 			goto err;
+-		json_object_object_add(jobj_old_seg, "size", json_object_new_uint64(rh->offset));
++		json_object_object_add(jobj_old_seg, "size", crypt_jobj_new_uint64(rh->offset));
+ 
+ 		json_object_object_add_by_uint(jobj_segs_hot, sg++, jobj_old_seg);
+ 	}
+@@ -575,7 +575,7 @@ static uint64_t reencrypt_data_shift(struct luks2_hdr *hdr)
+ 	if (!json_object_object_get_ex(jobj_area, "shift_size", &jobj_data_shift))
+ 		return 0;
+ 
+-	return json_object_get_uint64(jobj_data_shift);
++	return crypt_jobj_get_uint64(jobj_data_shift);
+ }
+ 
+ static crypt_reencrypt_mode_info reencrypt_mode(struct luks2_hdr *hdr)
+diff --git a/lib/luks2/luks2_segment.c b/lib/luks2/luks2_segment.c
+index 6ece2fdd..cd5108e8 100644
+--- a/lib/luks2/luks2_segment.c
++++ b/lib/luks2/luks2_segment.c
+@@ -55,7 +55,7 @@ uint64_t json_segment_get_offset(json_object *jobj_segment, unsigned blockwise)
+ 	    !json_object_object_get_ex(jobj_segment, "offset", &jobj))
+ 		return 0;
+ 
+-	return blockwise ? json_object_get_uint64(jobj) >> SECTOR_SHIFT : json_object_get_uint64(jobj);
++	return blockwise ? crypt_jobj_get_uint64(jobj) >> SECTOR_SHIFT : crypt_jobj_get_uint64(jobj);
+ }
+ 
+ const char *json_segment_type(json_object *jobj_segment)
+@@ -77,7 +77,7 @@ uint64_t json_segment_get_iv_offset(json_object *jobj_segment)
+ 	    !json_object_object_get_ex(jobj_segment, "iv_tweak", &jobj))
+ 		return 0;
+ 
+-	return json_object_get_uint64(jobj);
++	return crypt_jobj_get_uint64(jobj);
+ }
+ 
+ uint64_t json_segment_get_size(json_object *jobj_segment, unsigned blockwise)
+@@ -88,7 +88,7 @@ uint64_t json_segment_get_size(json_object *jobj_segment, unsigned blockwise)
+ 	    !json_object_object_get_ex(jobj_segment, "size", &jobj))
+ 		return 0;
+ 
+-	return blockwise ? json_object_get_uint64(jobj) >> SECTOR_SHIFT : json_object_get_uint64(jobj);
++	return blockwise ? crypt_jobj_get_uint64(jobj) >> SECTOR_SHIFT : crypt_jobj_get_uint64(jobj);
+ }
+ 
+ const char *json_segment_get_cipher(json_object *jobj_segment)
+@@ -229,8 +229,8 @@ static json_object *_segment_create_generic(const char *type, uint64_t offset, c
+ 		return NULL;
+ 
+ 	json_object_object_add(jobj, "type",		json_object_new_string(type));
+-	json_object_object_add(jobj, "offset",		json_object_new_uint64(offset));
+-	json_object_object_add(jobj, "size",		length ? json_object_new_uint64(*length) : json_object_new_string("dynamic"));
++	json_object_object_add(jobj, "offset",		crypt_jobj_new_uint64(offset));
++	json_object_object_add(jobj, "size",		length ? crypt_jobj_new_uint64(*length) : json_object_new_string("dynamic"));
+ 
+ 	return jobj;
+ }
+@@ -252,7 +252,7 @@ json_object *json_segment_create_crypt(uint64_t offset,
+ 	if (!jobj)
+ 		return NULL;
+ 
+-	json_object_object_add(jobj, "iv_tweak",	json_object_new_uint64(iv_offset));
++	json_object_object_add(jobj, "iv_tweak",	crypt_jobj_new_uint64(iv_offset));
+ 	json_object_object_add(jobj, "encryption",	json_object_new_string(cipher));
+ 	json_object_object_add(jobj, "sector_size",	json_object_new_int(sector_size));
+ 	if (reencryption)
+-- 
+2.20.1
+

package/cryptsetup/0004-Check-segment-gaps-regardless-of-heap-space.patch

@@ -0,0 +1,64 @@
+From eaec63806b88aa2775271254734e78324c239622 Mon Sep 17 00:00:00 2001
+From: Tobias Stoeckmann <tobias@stoeckmann.org>
+Date: Mon, 24 Aug 2020 19:21:43 +0200
+Subject: [PATCH 4/6] Check segment gaps regardless of heap space.
+
+Segments are validated in hdr_validate_segments. Gaps in segment keys
+are detected when collecting offsets. But if an invalid segment is very
+large, larger than count, it could happen that cryptsetup is unable to
+allocate enough memory, not giving a clue about what actually is the
+problem.
+
+Therefore check for gaps even if not enough memory is available. This
+gives much more information with debug output enabled.
+
+Obviously cryptsetup still fails if segments are perfectly fine but not
+enough RAM available. But at that stage, the user knows that it's the
+fault of the system, not of an invalid segment.
+
+(cherry picked from commit 52f5cb8cedf22fb3e14c744814ec8af7614146c7)
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ lib/luks2/luks2_json_metadata.c | 19 ++++++++++++-------
+ 1 file changed, 12 insertions(+), 7 deletions(-)
+
+diff --git a/lib/luks2/luks2_json_metadata.c b/lib/luks2/luks2_json_metadata.c
+index 19fb9588..67a5512d 100644
+--- a/lib/luks2/luks2_json_metadata.c
++++ b/lib/luks2/luks2_json_metadata.c
+@@ -679,11 +679,10 @@ static int hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj)
+ 	if (first_backup < 0)
+ 		first_backup = count;
+ 
+-	intervals = malloc(first_backup * sizeof(*intervals));
+-	if (!intervals) {
+-		log_dbg(cd, "Not enough memory.");
+-		return 1;
+-	}
++	if (first_backup <= count && (size_t)first_backup < SIZE_MAX / sizeof(*intervals))
++		intervals = malloc(first_backup * sizeof(*intervals));
++	else
++		intervals = NULL;
+ 
+ 	for (i = 0; i < first_backup; i++) {
+ 		jobj = json_segments_get_segment(jobj_segments, i);
+@@ -692,8 +691,14 @@ static int hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj)
+ 			free(intervals);
+ 			return 1;
+ 		}
+-		intervals[i].offset = json_segment_get_offset(jobj, 0);
+-		intervals[i].length = json_segment_get_size(jobj, 0) ?: UINT64_MAX;
++		if (intervals != NULL) {
++			intervals[i].offset = json_segment_get_offset(jobj, 0);
++			intervals[i].length = json_segment_get_size(jobj, 0) ?: UINT64_MAX;
++		}
++	}
++	if (intervals == NULL) {
++		log_dbg(cd, "Not enough memory.");
++		return 1;
+ 	}
+ 
+ 	r = !validate_segment_intervals(cd, first_backup, intervals);
+-- 
+2.20.1
+

package/cryptsetup/0005-Avoid-needlessly-large-allocations-in-LUKS2-validati.patch

@@ -0,0 +1,47 @@
+From b7d757ad79091da12e509a4989f3e8cfc1f55a03 Mon Sep 17 00:00:00 2001
+From: Ondrej Kozina <okozina@redhat.com>
+Date: Tue, 25 Aug 2020 19:32:48 +0200
+Subject: [PATCH 5/6] Avoid needlessly large allocations in LUKS2 validation
+ code.
+
+In case LUKS2 backup segment creates gap in between last regular
+segment and backup segment report invalid metadata imediately. We stop
+on first error so there's no need to allocate large memory on heap
+(we may ran with mlock(MCL_FUTURE) set).
+
+Example:
+- total segments count is 3
+- regular segments have keys "0" and "1"
+- first backup segment has key "42"
+
+(cherry picked from commit 46ee71edcd13e1dad50815ad65c28779aa6f7503)
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ lib/luks2/luks2_json_metadata.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/lib/luks2/luks2_json_metadata.c b/lib/luks2/luks2_json_metadata.c
+index 67a5512d..cd28400c 100644
+--- a/lib/luks2/luks2_json_metadata.c
++++ b/lib/luks2/luks2_json_metadata.c
+@@ -676,10 +676,16 @@ static int hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj)
+ 		return 1;
+ 	}
+ 
++	/* avoid needlessly large allocation when first backup segment is invalid */
++	if (first_backup >= count) {
++		log_dbg(cd, "Gap between last regular segment and backup segment at key %d.", first_backup);
++		return 1;
++	}
++
+ 	if (first_backup < 0)
+ 		first_backup = count;
+ 
+-	if (first_backup <= count && (size_t)first_backup < SIZE_MAX / sizeof(*intervals))
++	if ((size_t)first_backup < SIZE_MAX / sizeof(*intervals))
+ 		intervals = malloc(first_backup * sizeof(*intervals));
+ 	else
+ 		intervals = NULL;
+-- 
+2.20.1
+

package/cryptsetup/0006-Simplify-validation-code-a-bit.patch

@@ -0,0 +1,64 @@
+From 45de1eb6e3d31ac3ece6b02671ddcc9dfab06e76 Mon Sep 17 00:00:00 2001
+From: Ondrej Kozina <okozina@redhat.com>
+Date: Tue, 25 Aug 2020 19:23:21 +0200
+Subject: [PATCH 6/6] Simplify validation code a bit.
+
+Keep it simple. If there's not enough memory we can't validate
+segments. The LUKS2 specification does not recommend to continue
+processing LUKS2 metadata if it can not be properly validated.
+
+(cherry picked from commit 752c9a52798f11d3b765b673ebaa3058eb25316e)
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ lib/luks2/luks2_json_metadata.c | 19 ++++++++-----------
+ 1 file changed, 8 insertions(+), 11 deletions(-)
+
+diff --git a/lib/luks2/luks2_json_metadata.c b/lib/luks2/luks2_json_metadata.c
+index cd28400c..66ee0b91 100644
+--- a/lib/luks2/luks2_json_metadata.c
++++ b/lib/luks2/luks2_json_metadata.c
+@@ -594,9 +594,9 @@ static bool validate_segment_intervals(struct crypt_device *cd,
+ static int hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj)
+ {
+ 	json_object *jobj_segments, *jobj_digests, *jobj_offset, *jobj_size, *jobj_type, *jobj_flags, *jobj;
+-	struct interval *intervals;
+ 	uint64_t offset, size;
+ 	int i, r, count, first_backup = -1;
++	struct interval *intervals = NULL;
+ 
+ 	if (!json_object_object_get_ex(hdr_jobj, "segments", &jobj_segments)) {
+ 		log_dbg(cd, "Missing segments section.");
+@@ -687,8 +687,11 @@ static int hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj)
+ 
+ 	if ((size_t)first_backup < SIZE_MAX / sizeof(*intervals))
+ 		intervals = malloc(first_backup * sizeof(*intervals));
+-	else
+-		intervals = NULL;
++
++	if (!intervals) {
++		log_dbg(cd, "Not enough memory.");
++		return 1;
++	}
+ 
+ 	for (i = 0; i < first_backup; i++) {
+ 		jobj = json_segments_get_segment(jobj_segments, i);
+@@ -697,14 +700,8 @@ static int hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj)
+ 			free(intervals);
+ 			return 1;
+ 		}
+-		if (intervals != NULL) {
+-			intervals[i].offset = json_segment_get_offset(jobj, 0);
+-			intervals[i].length = json_segment_get_size(jobj, 0) ?: UINT64_MAX;
+-		}
+-	}
+-	if (intervals == NULL) {
+-		log_dbg(cd, "Not enough memory.");
+-		return 1;
++		intervals[i].offset = json_segment_get_offset(jobj, 0);
++		intervals[i].length = json_segment_get_size(jobj, 0) ?: UINT64_MAX;
+ 	}
+ 
+ 	r = !validate_segment_intervals(cd, first_backup, intervals);
+-- 
+2.20.1
+

package/darkhttpd/darkhttpd.hash

@@ -1,2 +1,3 @@
 # Locally generated
-sha256 a50417b622b32b5f421b3132cb94ebeff04f02c5fb87fba2e31147d23de50505 darkhttpd-1.12.tar.bz2
+sha256  a50417b622b32b5f421b3132cb94ebeff04f02c5fb87fba2e31147d23de50505  darkhttpd-1.12.tar.bz2
+sha256  6e1a2e45d8dd3c8835222e3c82e5cccde8e60f02d55555910e18715ec5dc6d04  darkhttpd.c

package/darkhttpd/darkhttpd.mk

@@ -8,6 +8,7 @@ DARKHTTPD_VERSION = 1.12
 DARKHTTPD_SITE = https://unix4lyfe.org/darkhttpd
 DARKHTTPD_SOURCE = darkhttpd-$(DARKHTTPD_VERSION).tar.bz2
 DARKHTTPD_LICENSE = MIT
+DARKHTTPD_LICENSE_FILES = darkhttpd.c
 
 define DARKHTTPD_BUILD_CMDS
 	$(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)

package/davfs2/davfs2.mk

@@ -18,4 +18,8 @@ DAVFS2_CONF_ENV += \
 	ac_cv_path_NEON_CONFIG=$(STAGING_DIR)/usr/bin/neon-config \
 	LIBS=$(TARGET_NLS_LIBS)
 
+define DAVFS2_USERS
+	davfs2 -1 davfs2 -1 * - - - davfs user
+endef
+
 $(eval $(autotools-package))

package/dbus/Config.in

@@ -7,7 +7,7 @@ config BR2_PACKAGE_DBUS
 	help
 	  The D-Bus message bus system.
 
-	  http://www.freedesktop.org/wiki/Software/dbus
+	  https://www.freedesktop.org/wiki/Software/dbus
 
 comment "dbus needs a toolchain w/ threads"
 	depends on BR2_USE_MMU

package/dbus/dbus.hash

@@ -1,6 +1,7 @@
 # Locally calculated after checking pgp signature
-# https://dbus.freedesktop.org/releases/dbus/dbus-1.12.18.tar.gz.asc
+# https://dbus.freedesktop.org/releases/dbus/dbus-1.12.20.tar.gz.asc
 # using key 36EC5A6448A4F5EF79BEFE98E05AE1478F814C4F
-sha256  64cf4d70840230e5e9bc784d153880775ab3db19d656ead8a0cb9c0ab5a95306  dbus-1.12.18.tar.gz
+sha256  f77620140ecb4cdc67f37fb444f8a6bea70b5b6461f12f1cbe2cec60fa7de5fe  dbus-1.12.20.tar.gz
+
 # Locally calculated
 sha256  0e46f54efb12d04ab5c33713bacd0e140c9a35b57ae29e03c853203266e8f3a1  COPYING

package/dbus/dbus.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DBUS_VERSION = 1.12.18
+DBUS_VERSION = 1.12.20
 DBUS_SITE = https://dbus.freedesktop.org/releases/dbus
 DBUS_LICENSE = AFL-2.1 or GPL-2.0+ (library, tools), GPL-2.0+ (tools)
 DBUS_LICENSE_FILES = COPYING

package/dhcpcd/dhcpcd.mk

@@ -11,6 +11,17 @@ DHCPCD_DEPENDENCIES = host-pkgconf
 DHCPCD_LICENSE = BSD-2-Clause
 DHCPCD_LICENSE_FILES = LICENSE
 
+DHCPCD_CONFIG_OPTS = \
+	--libexecdir=/lib/dhcpcd \
+	--os=linux
+
+ifeq ($(BR2_PACKAGE_HAS_UDEV),y)
+DHCPCD_CONFIG_OPTS += --with-udev
+DHCPCD_DEPENDENCIES += udev
+else
+DHCPCD_CONFIG_OPTS += --without-udev
+endif
+
 ifeq ($(BR2_STATIC_LIBS),y)
 DHCPCD_CONFIG_OPTS += --enable-static
 endif
@@ -20,16 +31,11 @@ DHCPCD_CONFIG_OPTS += --disable-fork
 endif
 
 define DHCPCD_CONFIGURE_CMDS
-	(cd $(@D); \
-	$(TARGET_CONFIGURE_OPTS) ./configure \
-		--os=linux \
-		--libexecdir=/lib/dhcpcd \
-		$(DHCPCD_CONFIG_OPTS) )
+	(cd $(@D); $(TARGET_CONFIGURE_OPTS) ./configure $(DHCPCD_CONFIG_OPTS))
 endef
 
 define DHCPCD_BUILD_CMDS
-	$(TARGET_MAKE_ENV) $(MAKE) \
-		-C $(@D) all
+	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) all
 endef
 
 define DHCPCD_INSTALL_TARGET_CMDS

package/dhcpcd/dhcpcd.service

@@ -5,7 +5,7 @@ After=network.target
 [Service]
 Type=forking
 EnvironmentFile=-/etc/default/dhcpcd
-PIDFile=/var/run/dhcpcd.pid
+PIDFile=/run/dhcpcd.pid
 ExecStart=/sbin/dhcpcd $DAEMON_ARGS
 Restart=always
 

package/dhcpdump/dhcpdump.mk

@@ -20,7 +20,7 @@ DHCPDUMP_CFLAGS = $(TARGET_CFLAGS) -DHAVE_STRSEP
 
 define DHCPDUMP_BUILD_CMDS
 	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) CC="$(TARGET_CC) $(DHCPDUMP_CFLAGS) \
-		-D_GNU_SOURCE" LIBS="$(DHCPDUMP_LIBS)"
+		-D_GNU_SOURCE" LIBS="$(DHCPDUMP_LIBS)" dhcpdump
 endef
 
 define DHCPDUMP_INSTALL_TARGET_CMDS

package/docker-cli/docker-cli.hash

@@ -1,3 +1,3 @@
 # Locally calculated
-sha256	a5b1d6c5766f77896273e864a448a7f0ea4055bb52f50f884f14ad6ef0d5fdb4  docker-cli-19.03.11.tar.gz
+sha256	21b88a00e8f7a3194c0ae1de5a31e3e1728ef6aa2804158dcb502a8b5fd6ae2b  docker-cli-19.03.13.tar.gz
 sha256	2d81ea060825006fc8f3fe28aa5dc0ffeb80faf325b612c955229157b8c10dc0  LICENSE

package/docker-cli/docker-cli.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DOCKER_CLI_VERSION = 19.03.11
+DOCKER_CLI_VERSION = 19.03.13
 DOCKER_CLI_SITE = $(call github,docker,cli,v$(DOCKER_CLI_VERSION))
 DOCKER_CLI_WORKSPACE = gopath
 

package/docker-containerd/docker-containerd.hash

@@ -1,3 +1,3 @@
 # Computed locally
-sha256	0811057ab67b78ce911416e793edaeb14b3f1e105d67b8e67b6302e0eab572e4  docker-containerd-1.2.13.tar.gz
-sha256 4bbe3b885e8cd1907ab4cf9a41e862e74e24b5422297a4f2fe524e6a30ada2b4  LICENSE
+sha256	bc6d9452c700af0ebc09c0da8ddba55be4c03ac8928e72ca92d98905800c8018  docker-containerd-1.4.3.tar.gz
+sha256	4bbe3b885e8cd1907ab4cf9a41e862e74e24b5422297a4f2fe524e6a30ada2b4  LICENSE

package/docker-containerd/docker-containerd.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DOCKER_CONTAINERD_VERSION = 1.2.13
+DOCKER_CONTAINERD_VERSION = 1.4.3
 DOCKER_CONTAINERD_SITE = $(call github,containerd,containerd,v$(DOCKER_CONTAINERD_VERSION))
 DOCKER_CONTAINERD_LICENSE = Apache-2.0
 DOCKER_CONTAINERD_LICENSE_FILES = LICENSE

package/docker-engine/docker-engine.hash

@@ -1,3 +1,3 @@
 # Locally calculated
-sha256	5ff62d7b3638a275b2c459e53a4d1a7a8fb03dde8305defcd55e05e059e5618d  docker-engine-19.03.11.tar.gz
+sha256	f43331fef1d24e31f43392fc1fed72b48fc17fd432d341d6eb1f68ca11383406  docker-engine-19.03.13.tar.gz
 sha256	7c87873291f289713ac5df48b1f2010eb6963752bbd6b530416ab99fc37914a8  LICENSE

package/docker-engine/docker-engine.mk

@@ -4,8 +4,8 @@
 #
 ################################################################################
 
-DOCKER_ENGINE_VERSION = 19.03.11
-DOCKER_ENGINE_SITE = $(call github,docker,engine,v$(DOCKER_ENGINE_VERSION))
+DOCKER_ENGINE_VERSION = 19.03.13
+DOCKER_ENGINE_SITE = $(call github,moby,moby,v$(DOCKER_ENGINE_VERSION))
 
 DOCKER_ENGINE_LICENSE = Apache-2.0
 DOCKER_ENGINE_LICENSE_FILES = LICENSE

package/dovecot-pigeonhole/dovecot-pigeonhole.hash

@@ -1,3 +1,3 @@
 # Locally computed after checking signature
-sha256  0b972a441f680545ddfacd2f41fb2a705fb03249d46ed5ce7e01fe68b6cfb5f0  dovecot-2.3-pigeonhole-0.5.11.tar.gz
+sha256  911fe566da5b638eab1b11105314300bc9049cc3832d4bd2aed44c265013bf17  dovecot-2.3-pigeonhole-0.5.13.tar.gz
 sha256  fc9e9522216f2a9a28b31300e3c73c1df56acc27dfae951bf516e7995366b51a  COPYING

package/dovecot-pigeonhole/dovecot-pigeonhole.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DOVECOT_PIGEONHOLE_VERSION = 0.5.11
+DOVECOT_PIGEONHOLE_VERSION = 0.5.13
 DOVECOT_PIGEONHOLE_SOURCE = dovecot-2.3-pigeonhole-$(DOVECOT_PIGEONHOLE_VERSION).tar.gz
 DOVECOT_PIGEONHOLE_SITE = https://pigeonhole.dovecot.org/releases/2.3
 DOVECOT_PIGEONHOLE_LICENSE = LGPL-2.1
@@ -13,4 +13,12 @@ DOVECOT_PIGEONHOLE_DEPENDENCIES = dovecot
 
 DOVECOT_PIGEONHOLE_CONF_OPTS = --with-dovecot=$(STAGING_DIR)/usr/lib
 
+ifeq ($(BR2_PER_PACKAGE_DIRECTORIES),y)
+define DOVECOT_PIGEONHOLE_FIXUP_DOVECOT_CONFIG
+	$(SED) 's,$(PER_PACKAGE_DIR)/dovecot/,$(PER_PACKAGE_DIR)/dovecot-pigeonhole/,g' \
+		$(STAGING_DIR)/usr/lib/dovecot-config
+endef
+DOVECOT_PIGEONHOLE_PRE_CONFIGURE_HOOKS = DOVECOT_PIGEONHOLE_FIXUP_DOVECOT_CONFIG
+endif
+
 $(eval $(autotools-package))

package/dovecot/dovecot.hash

@@ -1,5 +1,5 @@
 # Locally computed after checking signature
-sha256  d3d9ea9010277f57eb5b9f4166a5d2ba539b172bd6d5a2b2529a6db524baafdc  dovecot-2.3.11.3.tar.gz
-sha256  a363b132e494f662d98c820d1481297e6ae72f194c2c91b6c39e1518b86240a8  COPYING
+sha256  a3f875b80ec11a452480690108660030978c94fa8e796ad6d943a874b496f1c4  dovecot-2.3.13.tar.gz
+sha256  319a9830aab406109cd67cb45496587566a8123203d66d037b209ca3e13de02a  COPYING
 sha256  dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551  COPYING.LGPL
 sha256  52b8c95fabb19575281874b661ef7968ea47e8f5d74ba0dd40ce512e52b3fc97  COPYING.MIT

package/dovecot/dovecot.mk

@@ -5,7 +5,7 @@
 ################################################################################
 
 DOVECOT_VERSION_MAJOR = 2.3
-DOVECOT_VERSION = $(DOVECOT_VERSION_MAJOR).11.3
+DOVECOT_VERSION = $(DOVECOT_VERSION_MAJOR).13
 DOVECOT_SITE = https://dovecot.org/releases/$(DOVECOT_VERSION_MAJOR)
 DOVECOT_INSTALL_STAGING = YES
 DOVECOT_LICENSE = LGPL-2.1, MIT, Public Domain, BSD-3-Clause, Unicode-DFS-2015

package/dtv-scan-tables/dtv-scan-tables.mk

@@ -5,7 +5,7 @@
 ################################################################################
 
 DTV_SCAN_TABLES_VERSION = 6d019038cd04e837d9dd58701202c15924c1c654
-DTV_SCAN_TABLES_SITE = http://git.linuxtv.org/cgit.cgi/dtv-scan-tables.git
+DTV_SCAN_TABLES_SITE = https://git.linuxtv.org/dtv-scan-tables.git
 DTV_SCAN_TABLES_SITE_METHOD = git
 
 # This package only contains the transponders data. This is not a 'work'

package/ecryptfs-utils/ecryptfs-utils.mk

@@ -15,6 +15,7 @@ ECRYPTFS_UTILS_CONF_OPTS = --disable-pywrap
 
 #Needed for build system to find pk11func.h and libnss3.so
 ECRYPTFS_UTILS_CONF_ENV = \
+	ac_cv_path_POD2MAN=true \
 	NSS_CFLAGS="-I$(STAGING_DIR)/usr/include/nss -I$(STAGING_DIR)/usr/include/nspr" \
 	NSS_LIBS="-lnss3"
 

package/efl/Config.in

@@ -1,7 +1,7 @@
 config BR2_PACKAGE_EFL
 	bool "efl"
-	 # g++ issue with 4.4.5, tested with g++ 4.7.2
-	depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_7
+	depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 # C++11
+	depends on BR2_HOST_GCC_AT_LEAST_4_9 # host-efl
 	depends on BR2_INSTALL_LIBSTDCPP
 	depends on BR2_TOOLCHAIN_HAS_THREADS # untested without threads
 	depends on BR2_USE_MMU
@@ -301,8 +301,9 @@ comment "SVG loader needs a toolchain w/ gcc >= 4.8"
 
 endif # BR2_PACKAGE_EFL
 
-comment "efl needs a toolchain w/ C++, dynamic library, gcc >= 4.7, threads, wchar"
+comment "efl needs a toolchain w/ C++, dynamic library, gcc >= 4.9, host gcc >= 4.9, threads, wchar"
 	depends on !BR2_INSTALL_LIBSTDCPP \
-		|| !BR2_TOOLCHAIN_GCC_AT_LEAST_4_7 \
-		|| BR2_STATIC_LIBS || !BR2_TOOLCHAIN_HAS_THREADS || !BR2_USE_WCHAR
+		|| !BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 \
+		|| !BR2_HOST_GCC_AT_LEAST_4_9 || BR2_STATIC_LIBS \
+		|| !BR2_TOOLCHAIN_HAS_THREADS || !BR2_USE_WCHAR
 	depends on BR2_USE_MMU

package/fail2ban/fail2ban.mk

@@ -27,6 +27,13 @@ define FAIL2BAN_FIX_DEFAULT_CONFIG
 endef
 FAIL2BAN_POST_INSTALL_TARGET_HOOKS += FAIL2BAN_FIX_DEFAULT_CONFIG
 
+# fail2ban-python points to host python
+define FAIL2BAN_FIX_FAIL2BAN_PYTHON_SYMLINK
+	ln -snf $(if $(BR2_PACKAGE_PYTHON),python,python3) \
+		$(TARGET_DIR)/usr/bin/fail2ban-python
+endef
+FAIL2BAN_POST_INSTALL_TARGET_HOOKS += FAIL2BAN_FIX_FAIL2BAN_PYTHON_SYMLINK
+
 define FAIL2BAN_INSTALL_INIT_SYSV
 	$(INSTALL) -D -m 755 package/fail2ban/S60fail2ban \
 		$(TARGET_DIR)/etc/init.d/S60fail2ban

package/fastd/0002-receive-fix-buffer-leak-when-receiving-invalid-packets.patch

@@ -0,0 +1,45 @@
+From 737925113363b6130879729cdff9ccc46c33eaea Mon Sep 17 00:00:00 2001
+From: Matthias Schiffer <mschiffer@universe-factory.net>
+Date: Mon, 19 Oct 2020 21:08:16 +0200
+Subject: [PATCH] receive: fix buffer leak when receiving invalid packets
+
+For fastd versions before v20, this was just a memory leak (which could
+still be used for DoS, as it's remotely triggerable). With the new
+buffer management of fastd v20, this will trigger an assertion failure
+instead as soon as the buffer pool is empty.
+
+[Retrieved from:
+https://github.com/NeoRaider/fastd/commit/737925113363b6130879729cdff9ccc46c33eaea]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ src/receive.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/src/receive.c b/src/receive.c
+index 043c9f2..6bca9f4 100644
+--- a/src/receive.c
++++ b/src/receive.c
+@@ -169,6 +169,11 @@ static inline void handle_socket_receive_known(
+ 
+ 	case PACKET_HANDSHAKE:
+ 		fastd_handshake_handle(sock, local_addr, remote_addr, peer, buffer);
++		break;
++
++	default:
++		fastd_buffer_free(buffer);
++		pr_debug("received packet with invalid type from %P[%I]", peer, remote_addr);
+ 	}
+ }
+ 
+@@ -195,6 +200,11 @@ static inline void handle_socket_receive_unknown(
+ 
+ 	case PACKET_HANDSHAKE:
+ 		fastd_handshake_handle(sock, local_addr, remote_addr, NULL, buffer);
++		break;
++
++	default:
++		fastd_buffer_free(buffer);
++		pr_debug("received packet with invalid type from unknown address %I", remote_addr);
+ 	}
+ }
+ 

package/fastd/Config.in

@@ -6,7 +6,6 @@ config BR2_PACKAGE_FASTD
 	select BR2_PACKAGE_LIBUECC
 	select BR2_PACKAGE_LIBSODIUM
 	select BR2_PACKAGE_LIBSODIUM_FULL
-	select BR2_PACKAGE_LIBCAP
 	help
 	  Fast and Secure Tunneling Daemon
 

package/fastd/fastd.mk

@@ -10,7 +10,17 @@ FASTD_SOURCE = fastd-$(FASTD_VERSION).tar.xz
 FASTD_LICENSE = BSD-2-Clause
 FASTD_LICENSE_FILES = COPYRIGHT
 FASTD_CONF_OPTS = -DENABLE_LIBSODIUM=ON
-FASTD_DEPENDENCIES = host-bison host-pkgconf libuecc libsodium libcap
+FASTD_DEPENDENCIES = host-bison host-pkgconf libuecc libsodium
+
+# 0002-receive-fix-buffer-leak-when-receiving-invalid-packets.patch
+FASTD_IGNORE_CVES += CVE-2020-27638
+
+ifeq ($(BR2_PACKAGE_LIBCAP),y)
+FASTD_CONF_OPTS += -DWITH_CAPABILITIES=ON
+FASTD_DEPENDENCIES += libcap
+else
+FASTD_CONF_OPTS += -DWITH_CAPABILITIES=OFF
+endif
 
 ifeq ($(BR2_PACKAGE_OPENSSL),y)
 FASTD_CONF_OPTS += -DENABLE_OPENSSL=ON

package/fbset/fbset.hash

@@ -1,2 +1,3 @@
 # Locally calculated
-sha256	40ff4ab0247b75138a0887ed40f81c1a6184f340b77126c16d074b1075b41c20	fbset-2.1.tar.gz
+sha256  40ff4ab0247b75138a0887ed40f81c1a6184f340b77126c16d074b1075b41c20  fbset-2.1.tar.gz
+sha256  c3285709a0840899a789faefae1704e87f96f757e905a38a1931a9d4fde95ddd  fbset.c

package/fbset/fbset.mk

@@ -8,6 +8,7 @@ FBSET_VERSION = 2.1
 FBSET_SITE = http://users.telenet.be/geertu/Linux/fbdev
 FBSET_DEPENDENCIES = host-bison host-flex
 FBSET_LICENSE = GPL-2.0
+FBSET_LICENSE_FILES = fbset.c
 
 define FBSET_BUILD_CMDS
 	$(MAKE1) $(TARGET_CONFIGURE_OPTS) -C $(@D)