Update for 2019.11.3

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/haproxy: security bump to version 2.0.14
2026-01-10 10:10:28 +03:00 · 2020-04-10 08:42:28 +02:00 · 2020-04-09 09:25:25 +02:00 · 2020-04-09 00:01:57 +02:00 · 2020-04-08 16:33:42 +02:00 · 2020-04-08 16:31:57 +02:00
3379 changed files with 27559 additions and 44504 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -4,13 +4,12 @@
 # It needs to be regenerated every time a defconfig is added, using
 # "make .gitlab-ci.yml".

-image: buildroot/base:20200814.2228
+image: buildroot/base:20191027.2027

 .check_base:
-    rules:
-        - if: '$CI_COMMIT_REF_NAME =~ /^.*-.*_defconfig$/ || $CI_COMMIT_REF_NAME =~ /^.*-tests\..*$/'
-          when: never
-        - when: always
+    except:
+        - /^.*-.*_defconfig$/
+        - /^.*-tests\..*$/

 check-DEVELOPERS:
    extends: .check_base
@@ -28,7 +27,7 @@ check-flake8:
        - find * -type f -print0 | xargs -0 file | grep 'Python script' | cut -d':' -f1 >> files.txt
        - sort -u files.txt | tee files.processed
    script:
-        - python3 -m flake8 --statistics --count --max-line-length=132 $(cat files.processed)
+        - python -m flake8 --statistics --count --max-line-length=132 $(cat files.processed)
    after_script:
        - wc -l files.processed

@@ -70,21 +69,17 @@ check-package:
    extends: .defconfig_base
    # Running the defconfigs for every push is too much, so limit to
    # explicit triggers through the API.
-    rules:
-        # For tags, create a pipeline.
-        - if: '$CI_COMMIT_TAG'
-        # For pipeline created by using a trigger token.
-        - if: '$CI_PIPELINE_TRIGGERED'
-        # For the branch or tag name named *-defconfigs, create a pipeline.
-        - if: '$CI_COMMIT_REF_NAME =~ /^.*-defconfigs$/'
+    only:
+        - triggers
+        - tags
+        - /-defconfigs$/
    before_script:
        - DEFCONFIG_NAME=${CI_JOB_NAME}

 one-defconfig:
    extends: .defconfig_base
-    rules:
-        # For the branch or tag name named *-*_defconfigs, create a pipeline.
-        - if: '$CI_COMMIT_REF_NAME =~ /^.*-.*_defconfig$/'
+    only:
+        - /^.*-.*_defconfig$/
    before_script:
        - DEFCONFIG_NAME=$(echo ${CI_COMMIT_REF_NAME} | sed -e 's,^.*-,,g')

@@ -108,20 +103,17 @@ one-defconfig:
    extends: .runtime_test_base
    # Running the runtime tests for every push is too much, so limit to
    # explicit triggers through the API.
-    rules:
-        # For tags, create a pipeline.
-        - if: '$CI_COMMIT_TAG'
-        # For pipeline created by using a trigger token.
-        - if: '$CI_PIPELINE_TRIGGERED'
-        # For the branch or tag name named *-runtime-tests, create a pipeline.
-        - if: '$CI_COMMIT_REF_NAME =~ /^.*-runtime-tests$/'
+    only:
+        - triggers
+        - tags
+        - /-runtime-tests$/
    before_script:
        - TEST_CASE_NAME=${CI_JOB_NAME}

 one-runtime_test:
    extends: .runtime_test_base
-    rules:
-        - if: '$CI_COMMIT_REF_NAME =~ /^.*-tests\..*$/'
+    only:
+        - /^.*-tests\..*$/
    before_script:
        - TEST_CASE_NAME=$(echo ${CI_COMMIT_REF_NAME} | sed -e 's,^.*-,,g')
 aarch64_efi_defconfig: { extends: .defconfig }
@@ -169,7 +161,6 @@ beagleboardx15_defconfig: { extends: .defconfig }
 beaglebone_defconfig: { extends: .defconfig }
 beaglebone_qt5_defconfig: { extends: .defconfig }
 beagleboneai_defconfig: { extends: .defconfig }
-beelink_gs1_defconfig: { extends: .defconfig }
 chromebook_snow_defconfig: { extends: .defconfig }
 ci20_defconfig: { extends: .defconfig }
 csky_gx6605s_defconfig: { extends: .defconfig }
@@ -305,7 +296,6 @@ raspberrypi2_defconfig: { extends: .defconfig }
 raspberrypi3_64_defconfig: { extends: .defconfig }
 raspberrypi3_defconfig: { extends: .defconfig }
 raspberrypi3_qt5we_defconfig: { extends: .defconfig }
-raspberrypi4_64_defconfig: { extends: .defconfig }
 raspberrypi4_defconfig: { extends: .defconfig }
 raspberrypi_defconfig: { extends: .defconfig }
 riotboard_defconfig: { extends: .defconfig }
@@ -383,14 +373,10 @@ tests.init.test_systemd.TestInitSystemSystemdRwFull: { extends: .runtime_test }
 tests.init.test_systemd.TestInitSystemSystemdRwIfupdown: { extends: .runtime_test }
 tests.init.test_systemd.TestInitSystemSystemdRwNetworkd: { extends: .runtime_test }
 tests.package.test_atop.TestAtop: { extends: .runtime_test }
-tests.package.test_crudini.TestCrudiniPy2: { extends: .runtime_test }
-tests.package.test_crudini.TestCrudiniPy3: { extends: .runtime_test }
 tests.package.test_docker_compose.TestDockerCompose: { extends: .runtime_test }
 tests.package.test_dropbear.TestDropbear: { extends: .runtime_test }
 tests.package.test_glxinfo.TestGlxinfo: { extends: .runtime_test }
 tests.package.test_ipython.TestIPythonPy3: { extends: .runtime_test }
-tests.package.test_libftdi1.TestPythonPy2Libftdi1: { extends: .runtime_test }
-tests.package.test_libftdi1.TestPythonPy3Libftdi1: { extends: .runtime_test }
 tests.package.test_lpeg.TestLuaLPeg: { extends: .runtime_test }
 tests.package.test_lpeg.TestLuajitLPeg: { extends: .runtime_test }
 tests.package.test_lsqlite3.TestLuaLsqlite3: { extends: .runtime_test }
@@ -424,10 +410,8 @@ tests.package.test_luasocket.TestLuajitLuaSocket: { extends: .runtime_test }
 tests.package.test_luasyslog.TestLuaLuasyslog: { extends: .runtime_test }
 tests.package.test_luasyslog.TestLuajitLuasyslog: { extends: .runtime_test }
 tests.package.test_luvi.TestLuvi: { extends: .runtime_test }
-tests.package.test_lxc.TestLxc: { extends: .runtime_test }
 tests.package.test_lzlib.TestLuaLzlib: { extends: .runtime_test }
 tests.package.test_openjdk.TestOpenJdk: { extends: .runtime_test }
-tests.package.test_opkg.TestOpkg: { extends: .runtime_test }
 tests.package.test_perl.TestPerl: { extends: .runtime_test }
 tests.package.test_perl_class_load.TestPerlClassLoad: { extends: .runtime_test }
 tests.package.test_perl_dbd_mysql.TestPerlDBDmysql: { extends: .runtime_test }
@@ -451,11 +435,8 @@ tests.package.test_python_autobahn.TestPythonPy2Autobahn: { extends: .runtime_te
 tests.package.test_python_autobahn.TestPythonPy3Autobahn: { extends: .runtime_test }
 tests.package.test_python_automat.TestPythonPy2Automat: { extends: .runtime_test }
 tests.package.test_python_automat.TestPythonPy3Automat: { extends: .runtime_test }
-tests.package.test_python_avro.TestPythonAvro: { extends: .runtime_test }
 tests.package.test_python_bitstring.TestPythonPy2Bitstring: { extends: .runtime_test }
 tests.package.test_python_bitstring.TestPythonPy3Bitstring: { extends: .runtime_test }
-tests.package.test_python_can.TestPythonPy2Can: { extends: .runtime_test }
-tests.package.test_python_can.TestPythonPy3Can: { extends: .runtime_test }
 tests.package.test_python_cbor.TestPythonPy2Cbor: { extends: .runtime_test }
 tests.package.test_python_cbor.TestPythonPy3Cbor: { extends: .runtime_test }
 tests.package.test_python_click.TestPythonPy2Click: { extends: .runtime_test }
@@ -465,10 +446,6 @@ tests.package.test_python_constantly.TestPythonPy3Constantly: { extends: .runtim
 tests.package.test_python_crossbar.TestPythonPy3Crossbar: { extends: .runtime_test }
 tests.package.test_python_cryptography.TestPythonPy2Cryptography: { extends: .runtime_test }
 tests.package.test_python_cryptography.TestPythonPy3Cryptography: { extends: .runtime_test }
-tests.package.test_python_django.TestPythonPy3Django: { extends: .runtime_test }
-tests.package.test_python_gitdb2.TestPythonPy2Gitdb2: { extends: .runtime_test }
-tests.package.test_python_gitdb2.TestPythonPy3Gitdb2: { extends: .runtime_test }
-tests.package.test_python_gobject.TestPythonPy2Gobject: { extends: .runtime_test }
 tests.package.test_python_incremental.TestPythonPy2Incremental: { extends: .runtime_test }
 tests.package.test_python_incremental.TestPythonPy3Incremental: { extends: .runtime_test }
 tests.package.test_python_passlib.TestPythonPy2Passlib: { extends: .runtime_test }
@@ -481,8 +458,6 @@ tests.package.test_python_pyyaml.TestPythonPy2Pyyaml: { extends: .runtime_test }
 tests.package.test_python_pyyaml.TestPythonPy3Pyyaml: { extends: .runtime_test }
 tests.package.test_python_service_identity.TestPythonPy2ServiceIdentity: { extends: .runtime_test }
 tests.package.test_python_service_identity.TestPythonPy3ServiceIdentity: { extends: .runtime_test }
-tests.package.test_python_smmap2.TestPythonPy2Smmap2: { extends: .runtime_test }
-tests.package.test_python_smmap2.TestPythonPy3Smmap2: { extends: .runtime_test }
 tests.package.test_python_subprocess32.TestPythonPy2Subprocess32: { extends: .runtime_test }
 tests.package.test_python_treq.TestPythonPy2Treq: { extends: .runtime_test }
 tests.package.test_python_treq.TestPythonPy3Treq: { extends: .runtime_test }
--- a/.gitlab-ci.yml.in
+++ b/.gitlab-ci.yml.in
@@ -4,13 +4,12 @@
 # It needs to be regenerated every time a defconfig is added, using
 # "make .gitlab-ci.yml".

-image: buildroot/base:20200814.2228
+image: buildroot/base:20191027.2027

 .check_base:
-    rules:
-        - if: '$CI_COMMIT_REF_NAME =~ /^.*-.*_defconfig$/ || $CI_COMMIT_REF_NAME =~ /^.*-tests\..*$/'
-          when: never
-        - when: always
+    except:
+        - /^.*-.*_defconfig$/
+        - /^.*-tests\..*$/

 check-DEVELOPERS:
    extends: .check_base
@@ -28,7 +27,7 @@ check-flake8:
        - find * -type f -print0 | xargs -0 file | grep 'Python script' | cut -d':' -f1 >> files.txt
        - sort -u files.txt | tee files.processed
    script:
-        - python3 -m flake8 --statistics --count --max-line-length=132 $(cat files.processed)
+        - python -m flake8 --statistics --count --max-line-length=132 $(cat files.processed)
    after_script:
        - wc -l files.processed

@@ -70,21 +69,17 @@ check-package:
    extends: .defconfig_base
    # Running the defconfigs for every push is too much, so limit to
    # explicit triggers through the API.
-    rules:
-        # For tags, create a pipeline.
-        - if: '$CI_COMMIT_TAG'
-        # For pipeline created by using a trigger token.
-        - if: '$CI_PIPELINE_TRIGGERED'
-        # For the branch or tag name named *-defconfigs, create a pipeline.
-        - if: '$CI_COMMIT_REF_NAME =~ /^.*-defconfigs$/'
+    only:
+        - triggers
+        - tags
+        - /-defconfigs$/
    before_script:
        - DEFCONFIG_NAME=${CI_JOB_NAME}

 one-defconfig:
    extends: .defconfig_base
-    rules:
-        # For the branch or tag name named *-*_defconfigs, create a pipeline.
-        - if: '$CI_COMMIT_REF_NAME =~ /^.*-.*_defconfig$/'
+    only:
+        - /^.*-.*_defconfig$/
    before_script:
        - DEFCONFIG_NAME=$(echo ${CI_COMMIT_REF_NAME} | sed -e 's,^.*-,,g')

@@ -108,19 +103,16 @@ one-defconfig:
    extends: .runtime_test_base
    # Running the runtime tests for every push is too much, so limit to
    # explicit triggers through the API.
-    rules:
-        # For tags, create a pipeline.
-        - if: '$CI_COMMIT_TAG'
-        # For pipeline created by using a trigger token.
-        - if: '$CI_PIPELINE_TRIGGERED'
-        # For the branch or tag name named *-runtime-tests, create a pipeline.
-        - if: '$CI_COMMIT_REF_NAME =~ /^.*-runtime-tests$/'
+    only:
+        - triggers
+        - tags
+        - /-runtime-tests$/
    before_script:
        - TEST_CASE_NAME=${CI_JOB_NAME}

 one-runtime_test:
    extends: .runtime_test_base
-    rules:
-        - if: '$CI_COMMIT_REF_NAME =~ /^.*-tests\..*$/'
+    only:
+        - /^.*-tests\..*$/
    before_script:
        - TEST_CASE_NAME=$(echo ${CI_COMMIT_REF_NAME} | sed -e 's,^.*-,,g')
--- a/575
+++ b/575
@@ -1,466 +1,77 @@
-2020.02.9, released December 27th, 2020
+2019.11.3, released April 10th, 2020

 	Important / security related fixes.

-	Infrastructure:
-	- cmake: fix host ccache handling for CMake 3.19
-	- meson: Forcibly disable binary stripping for
-	  target builds, enable for host builds
-	- golang: Fix HOST / TARGET directories for per-package builds
-
-	Defconfigs: Beaglebone Qt5: Fix ti-sgx related issues
-
-	Updated/fixed packages: apitrace, arm-trusted-firmware,
-	bustle, c-ares, ca-certificates, cdrkit, cryptopp, dhcpcd,
-	docker-containerd, dtv-scan-tables, flare-engine, ghostscript,
-	haproxy, imagemagick, imx-gpu-viv, jasper, jemalloc,
-	jpeg-turbo, libcap, libcurl, libglib2, libgpiod, libkrb5,
-	libopenssl, libplist, libressl, libuv, libuvw, lynx, mariadb,
-	mbedtls, minidlna, monkey, musl, mutt, ncurses, netsnmp,
-	nodejs, opencv3, openldap, openrc, opkg-utils, paho-mqtt-c,
-	php, privoxy, proftpd, python-crc16, python-flask-cors,
-	python-lxml, python-pip, python-pyparsing, python-pyqt5, qemu,
-	qt5base, raptor, rauc, ruby, setserial, shadowsocks-libev,
-	slirp, sqlcipher, ti-sgx-demos, tinycbor, vsftpd,
-	wireless-regdb, wireshark, x11vnc, xen, xinetd,
-	xserver_xorg-server
-
-	Issues resolved (http://bugs.uclibc.org):
-
-	#13276: libcap builds libcap.pc incorrectly
-	#13316: beaglebone_qt5_defconfig: PowerVR fails to start
-	#13341: Mistake in /etc/init.d/S70vsftpd
-
-2020.02.8, released November 16th, 2020
-
-	Important / security related fixes.
-
-	Updated/fixed packages: angularjs, argp-standalone, asterisk,
-	bandwidthd, bitcoin, busybox, cryptsetup, darkhttpd, davfs2,
-	docker-cli, docker-containerd, docker-engine,
-	dovecot-pigeonhole, fastd, fbset, fbtft, freetype, gcc,
-	ghostscript, gnuradio, grpc, gst1-plugins-bad, jsoncpp,
-	keepalived, libass, libexif, libiqrf, libpam-tacplus, libraw,
-	linux-backports, linux-firmware, lzlib, netsnmp, nginx,
-	oniguruma, opencv3, openntpd, patchelf, php, postgresql,
-	python-pyqt5, qt5base, rauc, redis, samba4, slirp, systemd,
-	tcpdump, tmux, tor, webkitgtk, wireguard-linux-compat,
-	wireshark, wpewebkit, xen, xorriso, zeromq, zxing-cpp
-
-	Issues resolved (http://bugs.uclibc.org):
-
-	#11931: Bugs in support/scripts/apply-patches.sh
-
-2020.02.7, released October 12th, 2020
-
-	Important / security related fixes.
-
-	meson: Correct SDK cross-compilation.conf file when
-	per-package builds were used to build SDK.
-
-	systemd: Use /run rather than /var/run for PID files in units.
-
-	Toolchain: use Secure-PLT rather than BSS-PLT for PowerPC 32.
-
-	support/script/pycompile: Rework logic to ensure .pyc files
-	contain absolute target paths, fixing code inspection at
-	runtime when executed with cwd != '/'.
-
-	support/scripts/setlocalversion: Correct Mercurial output to
-	match behaviour with Git.
-
-	support/scripts/apply-patches.sh: Use patch
-	--no-backup-if-mismatch, so we no longer blindly have to
-	remove *.orig files after patching, fixing issues with
-	packages containing such files.
-
-	Updated/fixed packages: bandwidthd, barebox, bash, bison,
-	brotli, cifs-utils, cryptsetup, dhcpcd, dhcpdump, docker-cli,
-	docker-engine, ecryptfs-utils, efl, fail2ban, freetype, gcc,
-	gdb, ghostscript, gnutls, go, gst1-plugins-base,
-	gst1-plugins-ugly, ipmitool, libhtp, libraw, libssh, libxml2,
-	libxml-parser-perl, localedef, lua, memcached, mesa3d, meson,
-	minidlna, nginx, nodejs, nss-pam-ldapd, openvmtools, php,
-	postgresql, python, python-aenum, python-autobahn,
-	python-engineio, python-fire, python-pymodbus, python-scapy,
-	python-semver, python-sentry-sdk, python-socketio,
-	python-texttable, python-tinyrpc, python-txtorcon, python3,
-	qt5base, runc, samba4, strace, supertux, suricata, systemd,
-	vlc, wayland-protocols, wireguard-linux-compat, wireshark,
-	xserver_xorg-server, zeromq, zstd
-
-	Issues resolved (http://bugs.uclibc.org):
-
-	#12911: usb_modeswitch installation race condition
-	#13251: cryptsetup does not work on branch 2020.02 following..
-
-2020.02.6, released September 5th, 2020
-
-	Important / security related fixes.
-
-	Fix a 2020.02.5 build regression in busybox when systemd (and
-	not less) are enabled because of missing infrastructure.
-
-	Updated/fixed packages: alsa-utils, avahi, busybox, cups,
-	docker-cli, graphite2, imagemagick, libeXosip2, mbedtls,
-	nvidia-driver, paho-mqtt-c, python-django, systemd, uclibc,
-	usb_modeswitch, wolfssl
-
-	Issues resolved (http://bugs.uclibc.org):
-
-	#12911: usb_modeswitch installation race condition
-
-2020.02.5, released August 29th, 2020
-
-	Important / security related fixes.
-
-	Infrastructure: Ensure RPATH entries that may be needed for
-	dlopen() are not dropped by patchelf.
-
-	BR_VERSION_FULL/setlocalversion (used by make print-version
-	and /etc/os-release): Properly handle local git tags
-
-	Updated/fixed packages: apache, at91bootstrap3, bind, boost,
-	busybox, capnproto, chrony, collectd, cpio, cryptsetup, cups,
-	cvs, dbus, docker-engine, domoticz, dovecot,
-	dovecot-pigeonhole, dropbear, efl, elixir, f2fs-tools, ffmpeg,
-	gd, gdk-pixbuf, ghostscript, glibc, grub2, gst1-plugins-bad,
-	hostapd, iputils, jasper, json-c, libcurl, libwebsockets,
-	linux, live555, mesa3d, mosquitto, mpv, nodejs, opencv,
-	opencv3, openjpeg, patchelf, perl, php, postgresql,
-	python-django, python-gunicorn, python-matplotlib, ripgrep,
-	rtl8188eu, rtl8821au, ruby, shadowsocks-libev, squid,
-	tpm2-abrmd, tpm2-tools, trousers, uacme, webkitgtk, wireshark,
-	wolfssl, wpa_supplicant, wpewebkit, xen, xlib_libX11,
-	xserver_xorg-server
-
-	Issues resolved (http://bugs.uclibc.org):
-
-	#12876: nodejs fails to build when host-icu has been built before
-	#13111: python-gunicorn: missing dependency on python-setuptools
-	#13121: wpa_supplicant fails to build without libopenssl enabled
-	#13141: Target-finalize fail with "depmod: ERROR: Bad version passed"
-	#13156: package live555 new license
-
-2020.02.4, released July 26th, 2020
-
-	Important / security related fixes.
-
-	Toolchain:
-	- Make external toolchain version check also work for
-	  toolchains configured with --with-gcc-major-version-only
-
-	- Do not handle SOURCE_DATE_EPOCH in toolchain wrapper if the
-	  compiler supports it, fixing an issue with precompiled
-	  headers
-
-	- Ensure debug libs from external toolchains are not installed
-          into target if debugging is disabled
-
-	Download:
-	- Correct reproducibility issue in handling of git submodules
-	  for older git versions.
-
-	- Fix file locking over NFS
-
-	fs: Ensure cpio archive element order is reproducible
-
-	Br2-external: Fix error reporting for invalid br2-external trees
-
-	Per-package:
-	- Fix an issue with python3 sysconfig data not getting
-	correctly expanded
-
-	- Fix per-package building for packages using the qmake
-          infrastructure
-
-	Updated/fixed packages: a10disp, asterisk, bind, cdrkit,
-	checkpolicy, clamav, dbus, docker-cli, docker-engine,
-	dvb-apps, e2fsprogs, exim, exiv2, freerdp, gnutls, go, grub2,
-	gssdp, gst1-plugins-good, gst1-plugins-ugly, gupnp,
-	intel-microcode, iproute2, irrlicht, iwd, jq, kodi, libcamera,
-	libconfuse, libcurl, libglib2, libhttpserver, libmicrohttpd,
-	libopenssl, libvncserver, libxml2, libxmlrpc, lxc, mbedtls,
-	mesa3d, meson, mtools, mutt, nghttp2, ngircd, nodejs, ntp,
-	open-plc-utils, open2300, openjdk-bin, openssh, oracle-mysql,
-	paho-mqtt-c, pcre, php, poco, prosody, putty, python-twisted,
-	python-urllib3, python-validators, python3, qt5xmlpatterns,
-	redis, rpi-firmware, rtl8821au, samba4, sdl2, sqlite, squid,
-	syslog-ng, systemd, tcpreplay, tinydtls, upmpdcli, upx, vlc,
-	webkitgtk, wireguard-linux-compat, wireshark, wpebackend-fdo,
-	wpewebkit, zstd
-
-	Issues resolved (http://bugs.uclibc.org):
-
-	#12941: Python GObject fails to build when using BR2_PER_PACKAGE_..
-	#12946: Grub: Decompressor is too big.
-	#12986: Mtools: Error converting to codepage 850
-	#13001: openjdk-bin replaces libfreetype.so from host-freetype
-	#13011: Incorrect selection of gcc version
-	#13026: rpi-firmware: must not rename start files
-	#13031: nodejs: RangeError at new ArrayBuffer()
-	#13046: Optimize for fast -Ofast is not compliant
-
-2020.02.3, released June 3rd, 2020
-
-	Important / security related fixes.
-
-	Fix various build issues of host packages on hosts using GCC
-	10.
-
-	Updated/fixed packages: arm-trusted-firmware, audit, bind,
-	binutils, bison, clamav, crda, dovecot, dtc, efl, elf2flt,
-	erlang, fakeroot, ffmpeg, fmc, fmlib, freerdp, gcc, git,
-	glib-networking, gnupg, leveldb, libexif, libssh2,
-	libusb-compat, linux-headers, lrzip, ltrace, mariadb, mesa3d,
-	mp4v2, openldap, openocd, perl, php, prosody,
-	python-pycryptodomex, python-pyqt5, qemu, rpi-firmware, rustc,
-	speexdsp, sysrepo, systemd, tremor, vboot-utils, wireshark,
-	xen
-
-	Removed packages: python-pycrypto
-
-	Issues resolved (http://bugs.uclibc.org):
-
-	#12361: Init system (systemd) kills login on Raspberry Pi Zero
-	#12656: bison fails to relocate with relocate-sdk.sh
-	#12671: leveldb won't detect that snappy is present (static..
-	#12691: host-rust build fails
-	#12831: RPI-firmware package: DTB-overlay dependency
-
-
-2020.02.2, released May 12th, 2020
-
-	Important / security related fixes.
-
-	Musl: Disallow on PPC64 cores without AltiVec support
-	(E.G. e5500).
-
-	fs/cpio: Correctly handle booting with 'console='
-
-	release: Ensure temporary .br2-external.* files are not
-	included in the release tarball
-
-	Defconfigs: Fix various mistyped config options, or config
-	options where the dependencies were no longer met.
-
-	Updated/fixed packages: apache, azure-iot-sdk-c, binutils,
-	boinc, c-ares, cvs, docker-cli, docker-containerd,
-	docker-engine, domoticz, e2fsprogs, efl, evtest, exim, ffmpeg,
-	freerdp, gcc, gflags, glibc, gnuconfig, haproxy, imx-gpu-2d,
-	irrlicht, jpeg kodi-pvr-vuplus, libarchive, libcoap,
-	libfpm-extra, libglib2, libhtp, libid3tag, libinput, libmad,
-	libopenssl, libsepol, libssh, libv4l, libvncserver, libwpe,
-	localedef, mariadb, matchbox, mbedtls, mc, mesa3d-headers,
-	meson, midori, msgpack, netsnmp, nginx, ogre, openjdk,
-	openldap, openvpn, p7zip, paho-mqtt-c, php, polkit, python,
-	python-attrs, python-crossbar, python-dpkt, python-flask,
-	python-future, python-iptables, python-jedi, python-markdown2,
-	python3, qemu, qpdf, qt5, samba4, squashfs, squid, strongswan,
-	suricata, tzdata, util-linux, vlc, wget, webkitgtk,
-	wireguard-linux-compat, wireshark, wpebackend-fdo, wpewebkit,
-	zic
-
-	Issues resolved (http://bugs.uclibc.org):
-
-	#11866: initramfs file system fails to boot using Grub on EFI x86_64
-	#12271: python-iptables runtime dependencies
-	#12726: systemctl preset-all failed for ctrl-alt-del.target
-	#12751: OpenJdk package installation issues on target
-	#12796: Update OpenSSL to Version 1.1.1g to patch CVE-2020-1967
-	#12811: bootstrap stuck and no login prompt
-	#12841: util-linux/sfdisk 2.35.1 fails on sector-size header
-
-2020.02.1, released April 10th, 2020
-
-	Important / security related fixes.
-
-	core: Also fixup /lib references in libtool .la files, similar
-	to how it is done for /usr/*.
-
-	Various fixes for builds with per-package target/host
-	directories.
+	core: Fix compatibility with make 4.3+. Also fixup /lib
+	references in libtool .la files, similar to how it is done for
+	/usr/*.

 	toolchain: Fix kernel headers validation check for external
-	toolchains. Fix make 4.3+ compatibility in external toolchain
-	logic.
+	toolchains.

 	fs/initramfs: fix show-info so it also shows the usual
 	rootfs-related variables.

-	Updated/fixed packages: arm-trusted-firmware, barebox-aux,
-	bluez5_utils, bubblewrap, busybox, civetweb, cog, collectd,
-	ffmpeg, gcc, gnutls, gssdp, gvfs, haproxy, hiredis, hostapd,
-	kmscube, kodi-screensaver-rsxs, libical, libinput, libexif,
-	libopenssl, libsndfile, linux, linux-tools, llvm, localedef,
-	mcrypt, mesa3d, meson, monit, nftables, ntp, opencv3,
-	oprofile, php, pinentry, polkit, pure-ftpd, python-pyyaml,
-	qt5, quagga, radvd, rcw, redis, rocksdb, samba4, screen,
-	sdbusplus, swupdate, sysdig, sysklogd, syslinux, syslog-ng,
-	tor, tslib, uacme, util-linux, vala, vlc,
-	wireguard-linux-compat, wireguard-tools, wireshark,
-	wpa_supplicant, xserver_xorg-server
+	Updated/fixed packages: barebox-aux, bluez5_utils, busybox,
+	civetweb, cog, collectd, ffmpeg, gcc, gnutls, gssdp, gvfs, haproxy,
+	hiredis, hostapd, kmscube, libical, libopenssl, libsndfile,
+	linux-tools, llvm, monit, ntp, php, pure-ftpd, radvd, redis,
+	samba4, screen, sysdig, syslinux, syslog-ng, tor, uacme,
+	util-linux, vala, vlc, wpa_supplicant, xserver_xorg-server

 	Issues resolved (http://bugs.uclibc.org):

-	#12711: host-localedef 2.30-20 fails to compile on fedora 32
 	#12746: "sysdig" package description points to http://sysdig.org, ..

-2020.02, released March 8th, 2020
+2019.11.2, released March 16th, 2020

-	Various fixes.
-
-	br2-external: Fix compatibility with make 4.3+
-
-	Updated/fixed packages: bash, bcm2835, binutils, cups,
-	erlang-p1-acme, fbgrab, gr-osmosdr, gst1-plugins-base,
-	gst1-validate, gstreamer1, guile, jhead, libdrm, libevdev,
-	libinput, libnss, libsndfile, libvncserver, linux-firmware,
-	mesa3d, nodejs, openjdk-bin, openvmtools, optee-test, patch,
-	php, piglit, pppd, python-django, qemu, qt5base, ruby,
-	ser2net, swupdate, thrift, zziplib
-
-	Removed packages: classpath, jamvm
-
-	Issues resolved (http://bugs.uclibc.org):
-
-	#12606: fbgrab location has changed
-
-2020.02-rc3, released March 2nd, 2020
-
-	Fixes all over the tree.
-
-	Infrastructure: Rework file list handling to fix race
-	conditions when building with per-package target and host
-	directories and top-level parallel builds.
-
-	Updated/fixed packages: aufs, binutils, blktrace, brltty,
-	cairo, dnsmasq, docker-compose, elf2flt, exim, exiv2, git,
-	kodi-inputstream-adaptive, libarchive, libcgroup, libgdiplus,
-	libssh2, libvncserver, libvorbis, linknx, linux-firmware, lxc,
-	lz4, mosquitto, openjpeg, openrc, poco, proftpd, pure-ftpd,
-	python3, python-multidict, python-setuptools-scm-git-archive,
-	qpdf, qt5tools, rdesktop, rocksdb, shellinabox, squid,
-	suricata, swig, systemd, taglib, util-linux, wireshark, zsh
-
-	Issues resolved (http://bugs.uclibc.org):
-
-	#12571: ltp-testsuite : Build failure
-	#12576: 2020.02-RC1: error while loading shared libraries: ...
-	#12581: 2020.02-rc1 glibc failing to build on fedora 31
-
-2020.02-rc2, released February 26th, 2020
-
-	Fixes all over the tree.
-
-	Toolchain: Ensure strong SSP can only be enabled if the
-	(external) toolchain supports it.
-
-	Fix a race condition related to creating the output/staging
-	symlink on systems with coreutils < 8.27.
-
-	Drop support for the (end of life) Qt 5.6 variant.
-
-	Updated/fixed packages: at, armadillo, audiofile, bash,
-	busybox, erlang, fail2ban, fluidsynth, ipsec-tools, jpeg-turbo,
-	kvm-unit-tests, libftdi1, libinput, libsvgtiny, libtomcrypt,
-	libupnpp, libxml2, linux-tools, luv, mbedtls, mesa3d, minicom,
-	openvmtools, php, qt5, qt5webengine, qwt, radvd, rcw,
-	sdbusplus, systemd, tpm2-tss, vorbis-tools
-
-	Issues resolved (http://bugs.uclibc.org):
-
-	#12581: 2020.02-rc1 glibc failing to build on fedora 31
-
-2020.02-rc1, released February 18th, 2020
-
-	Fixes all over the tree and new features.
-
-	Add experimental support for building with a per-package
-	target and host directory. This still has some rough edges,
-	but brings a number of advantages:
-
-	- Packages will only be able to access the explicitly listed
-          dependencies and not any other packages that happen to be
-          built before, ensuring correct dependency information in
-          Buildroot.
-
-	- Possibility for top-level parallel builds, speeding up
-          builds on multicore machines.
+	Important / security related fixes.

 	Core: Ensure package-file-lists data is correct after
 	incremental builds as well.

-	Architecture: Add support for ARC-HS38 with 64bit multiplier
-	variant, allow building glibc for big endian ARC, handle 16KB
-	MMU page size for ARC in toolchain wrapper.
+	Fix a race condition related to creating the output/staging
+	symlink on systems with coreutils < 8.27.

-	Toolchain: Add binutils 2.33.1, GCC 7.5.0, Arm 9.2-2019.12
-	toolchains, ARC 2019.09 toolchain. Allow using custom kernel
-	headers newer than what is known by Buildroot.
+	Toolchain: ARC tools bumped to arc-2019.09.

-	pkg-stats: Support for CVE vulnerability reporting by
-	comparing to NVD database.
-
-	Reproducible builds: The go -trimpath option is now used to
-	get rid of absolute build paths, __FILE__ and __BASE_FILE__
-	defines are now handled in the toolchain wrapper.
-
-	Systemd: Build host variant and use systemctl to automatically
-	enable unit files rather than manually managing symlinks.
+	Br2-external: Fix patch handling when external linux-extension
+	packages are used. Fix compatibility with make 4.3+

 	Util-linux: Ensure that hwclock is built without GPLv3
 	code. Notice that builds with hwclock has contained
 	GPLv3-licensed code since util-linux 2.30 (Buildroot 2017.08+)

-	New defconfigs: Beelink GS1, Raspberrypi4 64bit
-
-	New packages: alura, avro-c, bubblewrap, cctz, cereal,
-	cpuburn-arm, elixir, erlang-base64url, erlang-idna,
-	erlang-jose, erlang-p1-acme, erlang-p1-mqtree,
-	erlang-p1-yconf, fluid-soundfont, fluidsynth, gcnano-binaries,
-	gensio, glslsandbox-player, libargon2, libmodsecurity,
-	libpam-nfc, libtelnet, lua-codegen, lua-livr, lua-livr-extra,
-	lua-rotas, lua-silva, mfoc, network-manager-openvpn,
-	nginx-modsecurity, perl-crypt-openssl-aes,
-	perl-math-prime-util, pipewire, ptm2human, python-aenum,
-	python-aiohttp-debugtoolbar, python-aiohttp-mako,
-	python-aiologstash, python-aiosignal, python-aiozipkin,
-	python-async-lru, python-avro, python-bunch, python-crontab,
-	python-dnspython, python-entrypoints, python-esptool,
-	python-frozenlist, python-future, python-gitdb, python-janus,
-	python-lockfile, python-logstash, python-nested-dict,
-	python-pbr, python-pyaes, python-pydantic, python-smmap2,
-	python-sockjs, python-zc-lockfile, raspi-gpio, rocksdb,
-	sdbusplus, spidermonkey, thermald, ti-sgx-libgbm, tinyssh,
-	tio, umtprd, weston-imx, wireguard-linux-compat,
-	wireguard-tools, xdg-dbus-proxy
-
-	Removed packages: bluez_utils, celt051, erlang-p1-iconv, fis,
-	gadgetfs-test, libplayer, gstreamer, gst-ffmpeg,
-	gst-fsl-plugins, gst-omapfb, gst-plugins-bad,
-	gst-plugins-base, gst-plugins-good, gst-plugins-ugly,
-	perl-digest-md5, perl-mime-base64, perl-net-ping,
-	python-scapy3k, wireguard
+	Updated/fixed packages: armadillo, at, bcm2835, binutils,
+	blktrace, bluez-alsa, bootstrap, brltty, busybox, cairo,
+	clamav, cog, cups, czmq, dnsmasq, docker-containerd, dovecot,
+	dovecot-pigeonhole, e2fsprogs, elf2flt, eudev, exim, exiv2,
+	fbgrab, gettext-tiny, glibc, go, grep, gst1-validate, guile,
+	imagemagick, jhead, jpeg-turbo, kvm-unit-tests, lapack,
+	libarchive, libcgroup, libdrm, libevent, libexif, libftdi1,
+	libgdiplus, libjpeg, libsigrok, libsndfile, libssh2,
+	libsvgtiny, libvncserver, libvorbis, libxml2, libxslt, linknx,
+	lxc, lz4, mariadb, mbedtls, meson, mongoose, mosquitto, musl,
+	ncurses, nodejs, ntfs-3g, ogre, opencv3, openjdk, openjpeg,
+	openrc, openswan, openvmtools, optee-test, patch, php, piglet,
+	postgresql, pppd, proftpd, pure-ftpd, python-django,
+	python-pyqt5, python-setuptools-scm-git-archive, python3,
+	qemu, qt5base, qt5tools, qt5virtualkeyboard, qt5webengine,
+	qwt, rdesktop, ruby, runc, samba4, shellinabox,
+	skeleton-init-openrc, smartmontools, spdlog, sqlcipher, squid,
+	suricata, swig, swupdate, sysklogd, taglib, thrift,
+	ti-cgt-pru, uclibc, util-linux, vorbis-tools, webkitgtk,
+	wireshark, wpebackend-fdo, wpewebkit, xen,
+	xserver_xorg-server, zeromq, zsh, zziplib

 	Issues resolved (http://bugs.uclibc.org):

-	#11906: the new version of mesa3d cannot support etnaviv when..
 	#11996: opencv3 SIGILL on Cortex-A5 with VFPv4-D16
-	#12121: PyQt5.QtSerialPort and other modules not being built
-	#12256: package tar is outdated (1.29 is 3 years old
-	#12286: Can't import gobject in python 3.8
-	#12376: python-scapy3k is deprecated
-	#12386: carriage return issue when "make menuconfig"
-	#12441: qt5webengine build error: asm/errno.h: No such file or..
-	#12446: Buildroot fails to finish installing packages
+	#12331: meson issue
 	#12456: qtvirtualkeyboard: No such file or directory
 	#12461: libglib2 build files with deep directory structure
 	#12481: minicom fails when output directory path contains "m4"
-	#12501: libnss-3.49.1: ld error: multiple definition of `gcm_..
-	#12526: host-nodejs 12.14.1: configure fail: AttributeError: ..
-	#12536: Linux-Headers extracting failure
-	#12546: Ninja 1.10 build Error
+	#12606: fbgrab location has changed

 2019.11.1, released January 12th, 2020

@@ -670,47 +281,6 @@
 	#12276: make clean/distclean does not remove BR2_DL_DIR and BR2_HOST_DIR
 	#12281: Custom configuration fails to build (based on raspberrypi3_..

-2019.08.3, released December 7th, 2019
-
-	Important / security related fixes.
-
-	Infrastructure: Make HOST_<pkg>_DL_OPTS inherit from
-	<pkg>_DL_OPTS by default, just like it is done for a number of
-	other package variables
-
-	Add <pkg>_KEEP_PY_FILES to exclude specific python .py files
-	from the removal done by BR2_PACKAGE_PYTHON{,3}_PYC_ONLY for
-	the (rare) case where the .py files are needed at runtime
-	rather than .pyc.
-
-	Fix <pkg>-reconfigure handling for packages using the kconfig
-	infrastructure.
-
-	Toolchain: ensure external toolchain kernel headers version
-	check correctly stop the build on mismatch
-
-	Deconfigs: beaglebone: fix boot issue
-
-	Updated/fixed packages: am33x-cm3, asterisk, bind, chrony,
-	clamav, cmocka, collectd, connman, dhcp, dropwatch, faifa,
-	gettext-tiny, gob2, haproxy, intel-microcode, ipsec-tools,
-	jailhouse, jasper, jpeg-turbo, kodi, kvm-unit-tests, libftdi,
-	libftdi1, libnss, libressl, libstrophe, libsvgtiny, lvm2,
-	lzma, mariadb, minicom, mosquitto, neardal, ninja, nodejs,
-	oniguruma, openvmtools, oracle-mysql, perl-gdgraph,
-	perl-gdtextutil, php, postgresql, prosody, python-cchardet,
-	python-django, qt5wayland, rabbitmq, rauc, redis, rpcbind,
-	socat, spice, spice-protocol, tftpd, tiff, webkitgtk
-
-	New packages: libmspack
-
-	Issues resolved (http://bugs.uclibc.org):
-
-	#12166: Compiling nodejs for SAMA5D3 always crash with illegal inst..
-	#12171: Python-opencv needs config.py and config-3.7.py to run..
-	#12211: host-nodejs 10.15.3 package fail to build
-	#12316: tzdata fails to install with empty "default local time"
-
 2019.08.2, released November 9th, 2019

 	Important / security related fixes.
@@ -1159,69 +729,6 @@
 	#11761: Building custom kernel 5.1-rc3 or later breaks on objtool
 	#11816: Only selected coreutils binaries are installed

-2019.02.9, released January 12th, 2020
-
-	Important / security related fixes.
-
-	pkg-python infrastructure: Ensure correct compiler and linker
-	flags are used for compiled code
-
-	utils/scanpypi: Remind users to update DEVELOPERS
-
-	Updated/fixed packages: busybox, cc-tool, cpio, cups, dante,
-	dillo, docker-cli, docker-containerd, docker-engine, easy-rsa,
-	ecryptfs-utils, efl, git, glibc, gnupg2, gst1-plugins-bad,
-	kf5-kcoreaddons, libarchive, libgit2, libkrb5, librsvg,
-	libssh, libtomcrypt, libuio, lirc-tools, lvm2,
-	matchbox-desktop, nodejs, ntp, opencv3, openpowerlink,
-	python-django, python-ecdsa, python-pyasn-modules,
-	python-pyqt5, python-subprocess32, python3, qpdf, runc, rygel,
-	samba4, sdl2, wavpack, xserver_xorg-server, zip
-
-	Issues resolved (http://bugs.uclibc.org):
-
-	#12121: PyQt5.QtSerialPort and other modules not being built
-
-2019.02.8, released December 7th, 2019
-
-	Important / security related fixes.
-
-	Infrastructure: Make HOST_<pkg>_DL_OPTS inherit from
-	<pkg>_DL_OPTS by default, just like it is done for a number of
-	other package variables
-
-	Add <pkg>_KEEP_PY_FILES to exclude specific python .py files
-	from the removal done by BR2_PACKAGE_PYTHON{,3}_PYC_ONLY for
-	the (rare) case where the .py files are needed at runtime
-	rather than .pyc.
-
-	Fix <pkg>-reconfigure handling for packages using the kconfig
-	infrastructure.
-
-	Toolchain: ensure external toolchain kernel headers version
-	check correctly stop the build on mismatch
-
-	Deconfigs: beaglebone: fix boot issue
-
-	Updated/fixed packages: am33x-cm3, asterisk, bind, chrony,
-	clamav, collectd, connman, faifa, gob2, haproxy,
-	intel-microcode, ipsec-tools, jasper, jpeg-turbo, kodi,
-	kvm-unit-tests, libftdi, libftdi1, libnss, libstrophe,
-	libsvgtiny, lvm2, lzma, mariadb, minicom, neardal, nodejs,
-	opencv3, openvmtools, oracle-mysql, perl-gdgraph,
-	perl-gdtextutil, php, postgresql, prosody, python-django,
-	rabbitmq-c, rauc, redis, rpcbind, socat, spice,
-	spice-protocol, tftpd, tiff, webkitgtk
-
-	New packages: libmspack
-
-	Issues resolved (http://bugs.uclibc.org):
-
-	#12166: Compiling nodejs for SAMA5D3 always crash with illegal inst..
-	#12171: Python-opencv needs config.py and config-3.7.py to run..
-	#12211: host-nodejs 10.15.3 package fail to build
-	#12316: tzdata fails to install with empty "default local time"
-
 2019.02.7, Released November 10th, 2019

 	Important / security related fixes.
--- a/Config.in
+++ b/Config.in
@@ -50,11 +50,6 @@ config BR2_HOST_GCC_AT_LEAST_8
 	default y if BR2_HOST_GCC_VERSION = "8"
 	select BR2_HOST_GCC_AT_LEAST_7

-config BR2_HOST_GCC_AT_LEAST_9
-	bool
-	default y if BR2_HOST_GCC_VERSION = "9"
-	select BR2_HOST_GCC_AT_LEAST_8
-
 # When adding new entries above, be sure to update
 # the HOSTCC_MAX_VERSION variable in the Makefile.

@@ -63,6 +58,16 @@ config BR2_HOST_GCC_AT_LEAST_9
 config BR2_NEEDS_HOST_JAVA
 	bool

+# Hidden boolean selected by packages in need of javac in order to build
+# (example: classpath)
+config BR2_NEEDS_HOST_JAVAC
+	bool
+
+# Hidden boolean selected by packages in need of jar in order to build
+# (example: classpath)
+config BR2_NEEDS_HOST_JAR
+	bool
+
 # Hidden boolean selected by pre-built packages for x86, when they
 # need to run on x86-64 machines (example: pre-built external
 # toolchains, binary tools like SAM-BA, etc.).
@@ -516,14 +521,13 @@ config BR2_OPTIMIZE_S
 	  This is the default.

 config BR2_OPTIMIZE_FAST
-	bool "optimize for fast (may break packages!)"
+	bool "optimize for fast"
 	depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_6
 	help
 	  Optimize for fast. Disregard strict standards
 	  compliance. -Ofast enables all -O3 optimizations. It also
 	  enables optimizations that are not valid for all
-	  standard-compliant programs, so be careful, as it may break
-	  some packages. It turns on -ffast-math and the
+	  standard-compliant programs. It turns on -ffast-math and the
 	  Fortran-specific -fstack-arrays, unless -fmax-stack-var-size
 	  is specified, and -fno-protect-parens.

@@ -686,24 +690,6 @@ config BR2_REPRODUCIBLE
 	  This is labeled as an experimental feature, as not all
 	  packages behave properly to ensure reproducibility.

-config BR2_PER_PACKAGE_DIRECTORIES
-	bool "Use per-package directories (experimental)"
-	help
-	  This option will change the build process of Buildroot
-	  package to use per-package target and host directories.
-
-	  This is useful for two related purposes:
-
-	    - Cleanly isolate the build of each package, so that a
-	      given package only "sees" the dependencies it has
-	      explicitly expressed, and not other packages that may
-	      have by chance been built before.
-
-	    - Enable top-level parallel build.
-
-	  This is labeled as an experimental feature, as not all
-	  packages behave properly with per-package directories.
-
 endmenu

 comment "Security Hardening Options"
@@ -754,7 +740,6 @@ config BR2_SSP_REGULAR

 config BR2_SSP_STRONG
 	bool "-fstack-protector-strong"
-	depends on BR2_TOOLCHAIN_HAS_SSP_STRONG
 	help
 	  Like -fstack-protector but includes additional functions to be
 	  protected - those that have local array definitions, or have
--- a/Config.in.legacy
+++ b/Config.in.legacy
@@ -144,214 +144,6 @@ endif

 ###############################################################################

-comment "Legacy options removed in 2020.02"
-
-config BR2_PACKAGE_PYTHON_PYCRYPTO
-	bool "python-pycrypto package removed"
-	select BR2_LEGACY
-	help
-	  This package has been removed, use python-pycryptodomex
-	  instead.
-
-config BR2_PACKAGE_JAMVM
-	bool "jamvm removed"
-	select BR2_LEGACY
-	help
-	  JamVM has not had a release since 2014 and is unmaintained.
-
-config BR2_PACKAGE_CLASSPATH
-	bool "classpath removed"
-	select BR2_LEGACY
-	help
-	  GNU Classpath package was removed. The last upstream
-	  release was in 2012 and there hasn't been a commit
-	  since 2016.
-
-config BR2_PACKAGE_QT5_VERSION_5_6
-	bool "qt 5.6 support removed"
-	select BR2_LEGACY
-	help
-	  Support for Qt 5.6 is EOL and has been removed. The current
-	  version (5.12 or later) has been selected instead.
-
-config BR2_PACKAGE_CURL
-	bool "BR2_PACKAGE_CURL was renamed"
-	select BR2_PACKAGE_LIBCURL_CURL
-	select BR2_LEGACY
-	help
-	  The BR2_PACKAGE_CURL config symbol was renamed to
-	  BR2_PACKAGE_LIBCURL_CURL.
-
-config BR2_PACKAGE_GSTREAMER
-	bool "gstreamer-0.10 removed"
-	select BR2_LEGACY
-	help
-	  Gstreamer-0.10 package was removed. It has been deprecated
-	  upstream since 2012, and is missing a lot of features and
-	  fixes compared to gstreamer-1.x.
-
-config BR2_PACKAGE_NVIDIA_TEGRA23_BINARIES_GSTREAMER_PLUGINS
-	bool "nvidia-tegra23 binaries gstreamer 0.10.x support removed"
-	select BR2_LEGACY
-	help
-	  Gstreamer 0.10.x is no longer available in Buildroot, so
-	  neither is the support in nvidia-tegra23 binaries.
-
-config BR2_PACKAGE_NVIDIA_TEGRA23_BINARIES_NV_SAMPLE_APPS
-	bool "nvidia-tegra23 binaries sample apps removed"
-	select BR2_LEGACY
-	help
-	  Gstreamer 0.10.x is no longer available in Buildroot, so
-	  neither is the support in nvidia-tegra23 binaries.
-
-config BR2_PACKAGE_FREERDP_GSTREAMER
-	bool "freerdp gstreamer 0.10.x support removed"
-	select BR2_LEGACY
-	help
-	  Gstreamer 0.10.x is no longer available in Buildroot, so
-	  neither is the support in freerdp.
-
-config BR2_PACKAGE_OPENCV3_WITH_GSTREAMER
-	bool "opencv3 gstreamer 0.10.x support removed"
-	select BR2_LEGACY
-	help
-	  Gstreamer 0.10.x is no longer available in Buildroot, so
-	  neither is the support in opencv3.
-
-config BR2_PACKAGE_OPENCV_WITH_GSTREAMER
-	bool "opencv gstreamer 0.10.x support removed"
-	select BR2_LEGACY
-	help
-	  Gstreamer 0.10.x is no longer available in Buildroot, so
-	  neither is the support in opencv.
-
-config BR2_PACKAGE_LIBPLAYER
-	bool "libplayer package was removed"
-	select BR2_LEGACY
-	help
-	  The libplayer package was removed. The latest release is
-	  from 2010 and none of the backends are available in
-	  Buildroot any more.
-
-config BR2_GCC_VERSION_OR1K
-	bool "gcc 5.x fork for or1k has been removed"
-	select BR2_LEGACY
-	help
-	  Support for gcc 5.x for or1k has been removed. The current
-	  default version (9.x or later) has been selected instead.
-
-config BR2_PACKAGE_BLUEZ_UTILS
-	bool "bluez-utils was removed"
-	select BR2_LEGACY
-	select BR2_PACKAGE_BLUEZ5_UTILS if BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_4 \
-		&& BR2_TOOLCHAIN_HAS_SYNC_4
-	help
-	  The bluez-utils (BlueZ 4.x) package was removed as it is
-	  deprecated since a long time. As an alternative, the
-	  bluez5-utils (BlueZ 5.x) has been automatically selected in
-	  your configuration.
-
-config BR2_PACKAGE_GADGETFS_TEST
-	bool "gadgetfs-test was removed"
-	select BR2_LEGACY
-	help
-	  The gadgetfs-test package was removed. Gadgetfs has been
-	  deprecated in favour of functionfs. Consider using
-	  gadget-tool (gt) instead.
-
-config BR2_PACKAGE_FIS
-	bool "fis was removed"
-	select BR2_LEGACY
-	help
-	  The fis package was removed.
-
-config BR2_PACKAGE_REFPOLICY_POLICY_VERSION
-	string "refpolicy policy version"
-	help
-	  The refpolicy policy version option has been moved to the
-	  libsepol package.
-
-config BR2_PACKAGE_REFPOLICY_POLICY_VERSION_WRAP
-	bool
-	default y if BR2_PACKAGE_REFPOLICY_POLICY_VERSION != ""
-	select BR2_LEGACY
-
-config BR2_PACKAGE_CELT051
-	bool "celt051 package was removed"
-	select BR2_LEGACY
-	select BR2_PACKAGE_OPUS
-	help
-	  The celt051 package was removed as it is now obsolete since
-	  the CELT codec has been merged into the IETF Opus codec. As
-	  a result, the opus package has been automatically selected
-	  in your configuration.
-
-config BR2_PACKAGE_WIREGUARD
-	bool "wireguard package renamed"
-	depends on BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_10
-	select BR2_LEGACY
-	select BR2_PACKAGE_WIREGUARD_LINUX_COMPAT if BR2_LINUX_KERNEL
-	select BR2_PACKAGE_WIREGUARD_TOOLS
-	help
-	  The wireguard package has been renamed to wireguard-tools
-	  for the userspace tooling and wireguard-linux-compat for the
-	  kernel side for legacy (<5.6) kernels to match upstream.
-
-config BR2_PACKAGE_PERL_NET_PING
-	bool "perl-net-ping was removed"
-	select BR2_LEGACY
-	help
-	  Net::Ping is a Perl core module (ie. bundled with perl).
-
-config BR2_PACKAGE_PERL_MIME_BASE64
-	bool "perl-mime-base64 was removed"
-	select BR2_LEGACY
-	help
-	  MIME::Base64 is a Perl core module (ie. bundled with perl).
-
-config BR2_PACKAGE_PERL_DIGEST_MD5
-	bool "perl-digest-md5 was removed"
-	select BR2_LEGACY
-	help
-	  Digest::MD5 is a Perl core module (ie. bundled with perl).
-
-config BR2_PACKAGE_ERLANG_P1_ICONV
-	bool "erlang-p1-iconv has been removed"
-	select BR2_LEGACY
-	help
-	  The erlang-p1-iconv package was no longer used by ejabberd,
-	  and was no longer maintained upstream, so it was removed.
-
-config BR2_KERNEL_HEADERS_5_3
-	bool "kernel headers version 5.3.x are no longer supported"
-	select BR2_LEGACY
-	help
-	  Version 5.3.x of the Linux kernel headers are no longer
-	  maintained upstream and are now removed.
-
-config BR2_PACKAGE_PYTHON_SCAPY3K
-	bool "python-scapy3k is replaced by python-scapy"
-	select BR2_LEGACY
-	select BR2_PACKAGE_PYTHON_SCAPY
-	help
-	  python-scapy3k has been deprecated, since python-scapy has
-	  gained Python 3 support. Use BR2_PACKAGE_PYTHON_SCAPY
-	  instead.
-
-config BR2_BINUTILS_VERSION_2_30_X
-	bool "binutils version 2.30 support removed"
-	select BR2_LEGACY
-	help
-	  Support for binutils version 2.30 has been removed. The
-	  current default version (2.31 or later) has been selected
-	  instead.
-
-config BR2_PACKAGE_RPI_USERLAND_START_VCFILED
-	bool "rpi-userland start vcfiled was removed"
-	select BR2_LEGACY
-	help
-	  The vcfiled support was removed upstream.
-
 comment "Legacy options removed in 2019.11"

 config BR2_PACKAGE_OPENVMTOOLS_PROCPS
--- a/224
+++ b/224
@@ -53,7 +53,6 @@ F:	package/openjdk/
 F:	package/openjdk-bin/
 F:	package/php/
 F:	package/policycoreutils/
-F:	package/polkit/
 F:	package/python3/
 F:	package/python-aioredis/
 F:	package/python-asgiref/
@@ -62,14 +61,9 @@ F:	package/python-channels-redis/
 F:	package/python-daphne/
 F:	package/python-django-enumfields/
 F:	package/python-flask-sqlalchemy/
-F:	package/python-gitdb2/
-F:	package/python-lockfile/
 F:	package/python-mutagen/
-F:	package/python-nested-dict/
-F:	package/python-pbr/
 F:	package/python-pip/
 F:	package/python-psycopg2/
-F:	package/python-smmap2/
 F:	package/python-sqlalchemy/
 F:	package/python-sqlparse/
 F:	package/python-visitor/
@@ -79,16 +73,13 @@ F:	package/selinux-python/
 F:	package/semodule-utils/
 F:	package/setools/
 F:	package/sngrep/
-F:	package/spidermonkey/
 F:	package/systemd/
-F:	support/testing/tests/package/test_python_gobject.py

 N:	Adam Heinrich <adam@adamh.cz>
 F:	package/jack1/

 N:	Adrian Perez de Castro <aperez@igalia.com>
 F:	package/brotli/
-F:	package/bubblewrap/
 F:	package/cog/
 F:	package/libepoxy/
 F:	package/libwpe/
@@ -96,7 +87,6 @@ F:	package/webkitgtk/
 F:	package/woff2/
 F:	package/wpebackend-fdo/
 F:	package/wpewebkit/
-F:	package/xdg-dbus-proxy/

 N:	Adrien Gallouët <adrien@gallouet.fr>
 F:	package/bird/
@@ -107,9 +97,6 @@ F:	package/libmbim/
 F:	package/libqmi/
 F:	package/modem-manager/

-N:	Alex Michel <alex.michel@wiedemann-group.com>
-F:	package/network-manager-openvpn/
-
 N:	Alex Suykov <alex.suykov@gmail.com>
 F:	board/chromebook/snow/
 F:	configs/chromebook_snow_defconfig
@@ -126,7 +113,7 @@ F:	package/putty/
 N:	Alexander Kurz <akurz@blala.de>
 F:	package/minimodem/

-N:	Alexander Lukichev <alexander.lukichev@gmail.com>
+N:	Alexander Lukichev <alexander.lukichev@espotel.com>
 F:	package/openpgm/

 N:	Alexander Sverdlin <alexander.sverdlin@gmail.com>
@@ -186,25 +173,18 @@ F:	package/rauc/

 N:	Angelo Compagnucci <angelo.compagnucci@gmail.com>
 F:	package/corkscrew/
-F:	package/cups/
-F:	package/cups-filters/
 F:	package/fail2ban/
-F:	package/grep/
 F:	package/i2c-tools/
-F:	package/jq/
-F:	package/libb64/
 F:	package/mender/
 F:	package/mender-artifact/
 F:	package/mono/
 F:	package/mono-gtksharp3/
 F:	package/monolite/
-F:	package/openjpeg/
 F:	package/python-can/
 F:	package/python-pillow/
 F:	package/python-pydal/
 F:	package/python-spidev/
 F:	package/python-web2py/
-F:	package/sam-ba/
 F:	package/sshguard/
 F:	package/sunwait/
 F:	package/sysdig/
@@ -217,9 +197,8 @@ F:	package/pkg-golang.mk
 N:	Anthony Viallard <viallard@syscom-instruments.com>
 F:	package/gnuplot/

-N:	Antoine Tenart <atenart@kernel.org>
-F:	package/libselinux/
-F:	package/refpolicy/
+N:	Antoine Ténart <antoine.tenart@bootlin.com>
+F:	package/wf111/

 N:	Antony Pavlov <antonynpavlov@gmail.com>
 F:	package/lsscsi/
@@ -245,6 +224,7 @@ F:	package/arp-scan/
 F:	package/dehydrated/
 F:	package/freescale-imx/firmware-imx/
 F:	package/freescale-imx/imx-lib/
+F:	package/gstreamer/gst-fsl-plugins/
 F:	package/libpagekite/
 F:	package/lua-bit32/
 F:	package/owfs/
@@ -252,10 +232,6 @@ F:	package/python-bottle/
 F:	package/sqlcipher/
 F:	package/stress/

-N:	Arthur Courtel <arthur.courtel@smile.fr>
-F:	board/raspberrypi/genimage-raspberrypi4-64.cfg
-F:	configs/raspberrypi4_64_defconfig
-
 N:	Asaf Kahlon <asafka7@gmail.com>
 F:	package/collectd/
 F:	package/libuv/
@@ -280,8 +256,6 @@ F:	package/lua-ev/
 F:	package/orbit/

 N:	Bartosz Bilas <b.bilas@grinn-global.com>
-F:	package/python-esptool/
-F:	package/python-pyaes/
 F:	package/qt5/qt5scxml/
 F:	package/qt5/qt5webview/

@@ -300,7 +274,6 @@ N:	Baruch Siach <baruch@tkos.co.il>
 F:	board/solidrun/clearfog_gt_8k/
 F:	configs/solidrun_clearfog_gt_8k_defconfig
 F:	package/18xx-ti-utils/
-F:	package/cpuburn-arm/
 F:	package/daemon/
 F:	package/dropbear/
 F:	package/ebtables/
@@ -422,6 +395,7 @@ F:	package/perl-io-html/
 F:	package/perl-lwp-mediatypes/
 F:	package/perl-mail-dkim/
 F:	package/perl-mailtools/
+F:	package/perl-mime-base64/
 F:	package/perl-net-dns/
 F:	package/perl-net-http/
 F:	package/perl-netaddr-ip/
@@ -473,6 +447,9 @@ N:	Biagio Montaruli <biagio.hkr@gmail.com>
 F:	board/acmesystems/
 F:	configs/acmesystems_*

+N:	Bimal Jacob <bimal.jacob@rockwellcollins.com>
+F:	package/nginx-upload/
+
 N:	Bogdan Radulescu <bogdan@nimblex.net>
 F:	package/iftop/
 F:	package/ncdu/
@@ -487,6 +464,33 @@ N:	Carlo Caione <carlo.caione@gmail.com>
 F:	package/jailhouse/
 F:	package/sunxi-boards/

+N:	Carlos Santos <unixmania@gmail.com>
+F:	package/busybox/
+F:	package/cups/
+F:	package/cups-filters/
+F:	package/gtest/
+F:	package/initscripts/
+F:	package/intel-microcode/
+F:	package/libpam-radius-auth/
+F:	package/libpam-tacplus/
+F:	package/liburiparser/
+F:	package/modem-manager/
+F:	package/pamtester/
+F:	package/pcm-tools/
+F:	package/perl-file-util/
+F:	package/skeleton-custom/
+F:	package/skeleton-init-common/
+F:	package/skeleton-init-none/
+F:	package/skeleton-init-systemd/
+F:	package/skeleton-init-sysv/
+F:	package/skeleton/
+F:	package/sysvinit/
+F:	package/util-linux/
+F:	package/tpm2-abrmd/
+F:	package/tpm2-tools/
+F:	package/tpm2-totp/
+F:	package/tpm2-tss/
+
 N:	Carsten Schoenert <c.schoenert@gmail.com>
 F:	package/dvbsnoop/
 F:	package/libdvbsi/
@@ -589,10 +593,6 @@ F:	package/libsemanage/
 F:	package/libsepol/
 F:	package/policycoreutils/

-N:	Clément Péron <peron.clem@gmail.com>
-F:	board/beelink/gs1/
-F:	configs/beelink_gs1_defconfig
-
 N:	Corentin Guillevic <corentin.guillevic@smile.fr>
 F:	package/libloki/

@@ -644,6 +644,9 @@ F:	package/openldap/
 N:	David du Colombier <0intro@gmail.com>
 F:	package/x264/

+N:	David Graziano <david.graziano@rockwellcollins.com>
+F:	package/libcsv/
+
 N:	David Lechner <david@lechnology.com>
 F:	board/lego/ev3/
 F:	configs/lego_ev3_defconfig
@@ -651,7 +654,7 @@ F:	linux/linux-ext-ev3dev-linux-drivers.mk
 F:	package/brickd/
 F:	package/ev3dev-linux-drivers/

-N:	Davide Viti <zinosat@gmail.com>
+N:	Davide Viti <zinosat@tiscali.it>
 F:	package/flann/
 F:	package/python-paho-mqtt/
 F:	package/qhull/
@@ -667,7 +670,7 @@ N:	Dominik Faessler <faessler@was.ch>
 F:	package/logsurfer/
 F:	package/python-id3/

-N:	Doug Kehn <rdkehn@gmail.com>
+N:	Doug Kehn <rdkehn@yahoo.com>
 F:	package/nss-pam-ldapd/
 F:	package/sp-oops-extract/
 F:	package/unscd/
@@ -861,7 +864,6 @@ F:	package/pcmanfm/
 F:	package/python-backcall/
 F:	package/python-jedi/
 F:	package/python-parso/
-F:	package/rocksdb/
 F:	package/rygel/
 F:	package/safeclib/
 F:	package/suricata/
@@ -933,11 +935,6 @@ F:	package/ucl/
 F:	package/upx/
 F:	package/zxing-cpp/

-N:	Frank Vanbever <frank.vanbever@essensium.com>
-F: 	package/elixir/
-F:	package/libmodsecurity/
-F:	package/nginx-modsecurity/
-
 N:	Gaël Portay <gael.portay@collabora.com>
 F:	package/qt5/qt5virtualkeyboard/
 F:	package/qt5/qt5webengine/
@@ -968,7 +965,6 @@ F:	configs/qemu_*
 N:	Gilles Talis <gilles.talis@gmail.com>
 F:	board/freescale/imx8mmevk/
 F:	configs/freescale_imx8mmevk_defconfig
-F:	package/cctz/
 F:	package/fdk-aac/
 F:	package/httping/
 F:	package/iozone/
@@ -1007,7 +1003,6 @@ F:	package/f2fs-tools/
 F:	package/pigpio/
 F:	package/python-aioblescan/
 F:	package/python-bluezero/
-F:	package/python-crontab/
 F:	package/python-falcon/
 F:	package/python-ifaddr/
 F:	package/python-hiredis/
@@ -1043,7 +1038,6 @@ N:	Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
 F:	package/gnuradio/
 F:	package/gqrx/
 F:	package/gr-osmosdr/
-F:	package/librtlsdr/
 F:	package/libusbgx/
 F:	package/python-cheetah/
 F:	package/python-markdown/
@@ -1118,37 +1112,25 @@ F:	configs/pine64_defconfig
 F:	configs/pine64_sopine_defconfig

 N:	James Hilliard <james.hilliard1@gmail.com>
-F:	package/gensio/
 F:	package/lua-std-debug/
 F:	package/lua-std-normalize/
-F:	package/pipewire/
 F:	package/python-aioconsole/
 F:	package/python-aiodns/
 F:	package/python-aiohttp/
 F:	package/python-aiohttp-cors/
-F:	package/python-aiohttp-debugtoolbar/
 F:	package/python-aiohttp-jinja2/
-F:	package/python-aiohttp-mako/
 F:	package/python-aiohttp-remotes/
 F:	package/python-aiohttp-security/
 F:	package/python-aiohttp-session/
 F:	package/python-aiohttp-sse/
-F:	package/python-aiologstash/
 F:	package/python-aiomonitor/
 F:	package/python-aiojobs/
 F:	package/python-aiorwlock/
-F:	package/python-aiosignal/
-F:	package/python-aiozipkin/
-F:	package/python-async-lru/
 F:	package/python-async-timeout/
 F:	package/python-brotli/
 F:	package/python-cchardet/
-F:	package/python-frozenlist/
-F:	package/python-janus/
-F:	package/python-logstash/
 F:	package/python-multidict/
 F:	package/python-pycares/
-F:	package/python-sockjs/
 F:	package/python-terminaltables/
 F:	package/python-yarl/

@@ -1185,15 +1167,15 @@ F:	package/python-pexpect/
 F:	package/python-ptyprocess/
 F:	package/zynq-boot-bin/

+N:	Jared Bents <jared.bents@rockwellcollins.com>
+F:	package/davici/
+
 N:	Jarkko Sakkinen <jarkko.sakkinen@intel.com>
 F:	package/quota/

 N:	Jason Pruitt <jrspruitt@gmail.com>
 F:	package/librtlsdr/

-N:	Jens Kleintje <scooby22@web.de>
-F:	package/gcnano-binaries/
-
 N:	Jens Rosenboom <j.rosenboom@x-ion.de>
 F:	package/sl/

@@ -1217,10 +1199,6 @@ F:	package/wmctrl/
 F:	package/x11r7/xdriver_xf86-video-imx/
 F:	package/x11r7/xdriver_xf86-video-imx-viv/

-N:	Joao Pinto <jpinto@synopsys.com>
-F:	board/synopsys/vdk/
-F:	configs/snps_aarch64_vdk_defconfig
-
 N:	Joel Carlson <JoelsonCarl@gmail.com>
 F:	package/c-capnproto/
 F:	package/capnproto/
@@ -1240,18 +1218,13 @@ F:	package/python-libconfig/

 N:	Johan Oudinet <johan.oudinet@gmail.com>
 F:	package/ejabberd/
-F:	package/erlang-base64url/
 F:	package/erlang-eimp/
 F:	package/erlang-goldrush/
-F:	package/erlang-idna/
 F:	package/erlang-jiffy/
-F:	package/erlang-jose/
 F:	package/erlang-lager/
-F:	package/erlang-p1-acme/
 F:	package/erlang-p1-cache-tab/
-F:	package/erlang-p1-mqtree/
+F:	package/erlang-p1-iconv/
 F:	package/erlang-p1-oauth2/
-F:	package/erlang-p1-pkix/
 F:	package/erlang-p1-sip/
 F:	package/erlang-p1-stringprep/
 F:	package/erlang-p1-stun/
@@ -1260,7 +1233,6 @@ F:	package/erlang-p1-utils/
 F:	package/erlang-p1-xml/
 F:	package/erlang-p1-xmpp/
 F:	package/erlang-p1-yaml/
-F:	package/erlang-p1-yconf/
 F:	package/erlang-p1-zlib/
 F:	package/nginx-dav-ext/

@@ -1269,7 +1241,6 @@ F:	package/dhcpcd/

 N:	John Faith <jfaith@impinj.com>
 F:	package/python-inflection/
-F:	package/sdbusplus/

 N:	Jonathan Ben Avraham <yba@tkos.co.il>
 F:	arch/Config.in.xtensa
@@ -1357,19 +1328,13 @@ N:	Julien Corjon <corjon.j@ecagroup.com>
 F:	package/qt5/

 N:	Julien Grossholtz <julien.grossholtz@openest.io>
-F:	board/technologic/ts7680/
-F:	configs/ts7680_defconfig
 F:	package/paho-mqtt-c

-N:	Julien Olivain <ju.o@free.fr>
+N:	Julien Olivain <juju@cotds.org>
 F:	board/technexion/imx8mmpico/
 F:	board/technexion/imx8mpico/
 F:	configs/imx8mmpico_defconfig
 F:	configs/imx8mpico_defconfig
-F:	package/fluid-soundfont/
-F:	package/fluidsynth/
-F:	package/glslsandbox-player/
-F:	package/ptm2human/

 N:	Julien Viard de Galbert <julien@vdg.name>
 F:	package/dieharder/
@@ -1424,23 +1389,14 @@ F:	package/mongrel2/

 N:	Lothar Felten <lothar.felten@gmail.com>
 F:	board/bananapi/bananapi-m2-ultra/
-F:	board/beaglebone/
 F:	configs/bananapi_m2_ultra_defconfig
-F:	configs/beaglebone_defconfig
-F:	configs/beaglebone_qt5_defconfig
 F:	package/ti-sgx-demos/
-F:	package/ti-sgx-libgbm/
 F:	package/ti-sgx-km/
 F:	package/ti-sgx-um/

 N:	Louis Aussedat <aussedat.louis@gmail.com>
 F:	board/friendlyarm/nanopi-neo-plus2/
 F:	configs/friendlyarm_nanopi_neo_plus2_defconfig
-F:	package/mfoc
-F:	package/libpam-nfc
-F:	package/python-dnspython/
-F:	package/python-future/
-F:	package/python-huepy/
 F:	package/python-tqdm/

 N:	Louis-Paul Cordier <lpdev@cordier.org>
@@ -1487,6 +1443,9 @@ F:	package/mpv/
 F:	package/rpi-firmware/
 F:	package/rpi-userland/

+N:	Mamatha Inamdar <mamatha4@linux.vnet.ibm.com>
+F:	package/nvme/
+
 N:	Manuel Vögele <develop@manuel-voegele.de>
 F:	package/python-pyqt5/
 F:	package/python-requests-toolbelt/
@@ -1559,10 +1518,6 @@ F:	package/tslib/
 F:	package/x11r7/xdriver_xf86-input-tslib/
 F:	package/x11vnc/

-N:	Masahiro Yamada <yamada.masahiro@socionext.com>
-F:	board/arm/foundation-v8/
-F:	configs/arm_foundationv8_defconfig
-
 N:	Mathieu Audat <mathieuaudat@gmail.com>
 F:	board/technologic/ts4900/
 F:	configs/ts4900_defconfig
@@ -1586,7 +1541,6 @@ F:	package/cgroupfs-mount/
 F:	package/crda/
 F:	package/cunit/
 F:	package/dacapo/
-F:	package/davici/
 F:	package/dnsmasq/
 F:	package/dosfstools/
 F:	package/eigen/
@@ -1634,7 +1588,6 @@ F:	package/policycoreutils/
 F:	package/proftpd/
 F:	package/protobuf-c/
 F:	package/protobuf/
-F:	package/python-bunch/
 F:	package/python-colorama/
 F:	package/python-flask-cors/
 F:	package/python-iptables/
@@ -1661,8 +1614,6 @@ F:	package/wireless_tools/
 F:	package/xen/
 F:	support/testing/tests/package/br2-external/openjdk/
 F:	support/testing/tests/package/test_openjdk.py
-F:	support/testing/tests/package/test_opkg/
-F:	support/testing/tests/package/test_opkg.py

 N:	Mauro Condarelli <mc5686@mclink.it>
 F:	package/mc/
@@ -1719,6 +1670,9 @@ F:	package/systemd-bootchart/
 F:	package/tinyalsa/
 F:	package/tinyxml/

+N:	Maxime Ripard <maxime.ripard@bootlin.com>
+F:	package/kmsxx/
+
 N:	Michael Durrant <mdurrant@arcturusnetworks.com>
 F:	board/arcturus/
 F:	configs/arcturus_ucp1020_defconfig
@@ -1738,7 +1692,6 @@ F:	package/python-spidev/

 N:	Michael Vetter <jubalh@iodoru.org>
 F:	package/jasper/
-F:	package/libstrophe/

 N:	Michael Walle <michael@walle.cc>
 F:	package/libavl/
@@ -1774,7 +1727,7 @@ N:	Murat Demirten <mdemirten@yh.com.tr>
 F:	package/jpeg-turbo/
 F:	package/libgeotiff/

-N:	Mylène Josserand <mylene.josserand@collabora.com>
+N:	Mylène Josserand <mylene.josserand@bootlin.com>
 F:	package/rtl8723bu/

 N:	Nathaniel Roach <nroach44@gmail.com>
@@ -1788,10 +1741,6 @@ F:	package/libevdev/
 N:	Nicola Di Lieto <nicola.dilieto@gmail.com>
 F:	package/uacme/

-N:	Nicholas Sielicki <sielicki@yandex.com>
-F:	board/intel/galileo/
-F:	configs/galileo_defconfig
-
 N:	Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
 F:	package/libgit2/

@@ -1813,7 +1762,6 @@ F:	package/tpm-tools/
 F:	package/trousers/

 N:	Norbert Lange <nolange79@gmail.com>
-F:	package/systemd/
 F:	package/tcf-agent/

 N:	Nylon Chen <nylon7@andestech.com>
@@ -1848,29 +1796,21 @@ F:	package/openjpeg/
 N:	Olivier Singla <olivier.singla@gmail.com>
 F:	package/shellinabox/

+N:	Paresh Chaudhary <paresh.chaudhary@rockwellcollins.com>
+F:	package/checksec/
+
 N:	Parnell Springmeyer <parnell@digitalmentat.com>
 F:	package/scrypt/

-N:	Pascal de Bruijn <p.debruijn@unilogic.nl>
-F:	package/libargon2/
-F:	package/linux-tools/S10hyperv
-F:	package/linux-tools/hyperv*.service
-F:	package/linux-tools/linux-tool-hv.mk.in
-
 N:	Pascal Huerst <pascal.huerst@gmail.com>
 F:	package/google-breakpad/

 N:	Patrick Gerber <kpa_info@yahoo.fr>
 F:	package/yavta/

-N:	Patrick Havelange <patrick.havelange@essensium.com>
-F:	support/testing/tests/package/test_lxc.py
-F:	support/testing/tests/package/test_lxc/
-
 N:	Paul Cercueil <paul@crapouillou.net>
 F:	package/libiio/
 F:	package/lightning/
-F:	package/umtprd/

 N:	Pedro Aguilar <paguilar@paguilar.org>
 F:	package/libunistring/
@@ -1931,8 +1871,7 @@ F:	package/python-websocket-client/
 F:	package/sedutil/
 F:	package/tpm2-totp/
 F:	package/triggerhappy/
-F:	package/wireguard-linux-compat/
-F:	package/wireguard-tools/
+F:	package/wireguard/
 F:	support/testing/tests/package/test_docker_compose.py

 N:	Peter Seiderer <ps.report@gmx.net>
@@ -1970,10 +1909,8 @@ N:	Petr Vorel <petr.vorel@gmail.com>
 F:	package/ima-evm-utils/
 F:	package/iproute2/
 F:	package/iputils/
-F:	package/libtirpc/
 F:	package/linux-backports/
 F:	package/ltp-testsuite/
-F:	package/nfs-utils/
 F:	support/kconfig/

 N:	Phil Eichinger <phil.eichinger@gmail.com>
@@ -2003,11 +1940,10 @@ F:	package/kf5/
 N:	Pierre Floury <pierre.floury@gmail.com>
 F:	package/trace-cmd/

-N:	Pierre-Jean Texier <texier.pj2@gmail.com>
+N:	Pierre-Jean Texier <pjtexier@koncepto.io>
 F:	package/fping/
 F:	package/genimage/
 F:	package/haveged/
-F:	package/ipset/
 F:	package/libarchive/
 F:	package/libevent/
 F:	package/libubootenv/
@@ -2016,7 +1952,6 @@ F:	package/mongoose/
 F:	package/mxml/
 F:	package/numactl/
 F:	package/python-periphery/
-F:	package/raspi-gpio/
 F:	package/sbc/
 F:	package/stunnel/
 F:	package/tree/
@@ -2056,9 +1991,11 @@ F:	package/libfreeimage/
 N:	Renaud Aubin <root@renaud.io>
 F:	package/libhttpparser/

+N:	Rhys Williams <github@wilberforce.co.nz>
+F:	package/lirc-tools/
+
 N:	Ricardo Martincoski <ricardo.martincoski@datacom.com.br>
 F:	package/atop/
-F:	package/thermald/

 N:	Ricardo Martincoski <ricardo.martincoski@gmail.com>
 F:	support/testing/infra/
@@ -2089,9 +2026,6 @@ F:	package/irssi/
 F:	package/vnstat/

 N:	Romain Naour <romain.naour@gmail.com>
-F:	board/qemu/
-F:	configs/qemu_*
-F:	package/alure/
 F:	package/aubio/
 F:	package/binutils/
 F:	package/bullet/
@@ -2139,14 +2073,19 @@ F:	package/davfs2/

 N:	Ryan Barnett <ryan.barnett@rockwellcollins.com>
 F:	package/atftp/
-F:	package/c-periphery/
 F:	package/miraclecast/
 F:	package/python-pyasn/
+F:	package/python-pycrypto/
 F:	package/python-pysnmp/
 F:	package/python-pysnmp-mibs/
 F:	package/python-tornado/
 F:	package/websocketpp/

+N:	Ryan Coe <bluemrp9@gmail.com>
+F:	package/inadyn/
+F:	package/libite/
+F:	package/mariadb/
+
 N:	Ryan Wilkins <ryan@deadfrog.net>
 F:	package/biosdevname/

@@ -2223,7 +2162,6 @@ F:	package/libgdiplus/
 F:	package/pimd/
 F:	package/snort/
 F:	package/stella/
-F:	package/tio/
 F:	package/traceroute/
 F:	package/tunctl/
 F:	package/ubus/
@@ -2280,10 +2218,12 @@ F:	package/libscrypt/
 N:	Stephan Hoffmann <sho@relinux.de>
 F:	package/cache-calibrator/
 F:	package/gtest/
-F:	package/libhttpserver/
 F:	package/mtdev/
 F:	package/mtdev2tuio/

+N:	Stephan Hoffmann <stephan.hoffmann@ext.grandcentrix.net>
+F:	package/libhttpserver/
+
 N:	Steve Calfee <stevecalfee@gmail.com>
 F:	package/python-pymysql/
 F:	package/python-pyratemp/
@@ -2313,8 +2253,6 @@ N:	Sven Oliver Moll <svolli@svolli.de>
 F:	package/most/

 N:	Theo Debrouwere <t.debrouwere@televic.com>
-F:	board/beagleboardx15/
-F:	configs/beagleboardx15_defconfig
 F:	package/pugixml/

 N:	Thierry Bultel <tbultel@free.fr>
@@ -2328,18 +2266,19 @@ N:	Thomas Claveirole <thomas.claveirole@green-communications.fr>
 F:	package/fcgiwrap/
 F:	package/openlayers/

+N:	Thomas Davis <sunsetbrew@sunsetbrew.com>
+F:	package/civetweb/
+
 N:	Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
 F:	docs/manual/
-F:	package/cereal/
-F:	package/libtelnet/
 F:	package/opkg-utils/
 F:	package/perl-convert-asn1/
 F:	package/perl-crypt-blowfish/
 F:	package/perl-crypt-cbc/
-F:	package/perl-crypt-openssl-aes/
-F:	package/perl-math-prime-util/
+F:	package/perl-digest-md5/
 F:	package/perl-mime-base64-urlsafe/
 F:	package/perl-mojolicious-plugin-authentication/
+F:	package/perl-net-ping/
 F:	package/perl-net-snmp/
 F:	package/perl-net-ssh2/
 F:	package/perl-net-telnet/
@@ -2415,15 +2354,11 @@ N:	Timo Ketola <timo.ketola@exertus.fi>
 F:	package/fbgrab/

 N:	Titouan Christophe <titouan.christophe@railnova.eu>
-F:	package/avro-c/
 F:	package/mosquitto/
-F:	package/python-avro/
 F:	package/redis/
-F:	package/waf/
-F:	support/testing/tests/package/test_crudini.py

-N:	Tudor Holton <buildroot@tudorholton.com>
-F:	package/openjdk/
+N:	Trent Piepho <tpiepho@impinj.com>
+F:	package/libp11/

 N:	Tzu-Jung Lee <roylee17@gmail.com>
 F:	package/dropwatch/
@@ -2432,7 +2367,6 @@ F:	package/tstools/
 N:	Vadim Kochan <vadim4j@gmail.com>
 F:	package/brcm-patchram-plus/
 F:	package/gettext-tiny/
-F:	package/tinyssh/

 N:	Valentin Korenblit <valentinkorenblit@gmail.com>
 F:	package/clang/
@@ -2470,8 +2404,6 @@ N:	Wade Berrier <wberrier@gmail.com>
 F:	package/ngrep/

 N:	Waldemar Brodkorb <wbx@openadk.org>
-F:	package/mksh/
-F:	package/ruby/
 F:	package/uclibc/
 F:	package/uclibc-ng-test/

@@ -2500,6 +2432,7 @@ F:	configs/nanopi_neo_defconfig
 F:	fs/squashfs/
 F:	package/asterisk/
 F:	package/cegui06/
+F:	package/celt051/
 F:	package/dahdi-linux/
 F:	package/dahdi-tools/
 F:	package/dtc/
@@ -2547,6 +2480,7 @@ F:	configs/beaglebone_defconfig
 F:	configs/beaglebone_qt5_defconfig
 F:	package/acl/
 F:	package/attr/
+F:	package/bluez_utils/
 F:	package/boost/
 F:	package/bootstrap/
 F:	package/cannelloni/
@@ -2586,8 +2520,6 @@ F:	package/ti-utils/
 F:	package/x11r7/xapp_xconsole/
 F:	package/x11r7/xapp_xinput-calibrator/
 F:	package/zlog/
-F:	support/testing/tests/package/test_libftdi1.py
-F:	support/testing/tests/package/test_python_can.py
 F:	utils/scanpypi

 N:	Zoltan Gyarmati <zgyarmati@zgyarmati.de>
--- a/116
+++ b/116
@@ -92,9 +92,9 @@ all:
 .PHONY: all

 # Set and export the version string
-export BR2_VERSION := 2020.02.9
+export BR2_VERSION := 2019.11.3
 # Actual time the release is cut (for reproducible builds)
-BR2_VERSION_EPOCH = 1609088000
+BR2_VERSION_EPOCH = 1586500000

 # Save running make version since it's clobbered by the make package
 RUNNING_MAKE_VERSION := $(MAKE_VERSION)
@@ -113,13 +113,7 @@ DATE := $(shell date +%Y%m%d)

 # Compute the full local version string so packages can use it as-is
 # Need to export it, so it can be got from environment in children (eg. mconf)
-
-BR2_LOCALVERSION := $(shell $(TOPDIR)/support/scripts/setlocalversion)
-ifeq ($(BR2_LOCALVERSION),)
-export BR2_VERSION_FULL := $(BR2_VERSION)
-else
-export BR2_VERSION_FULL := $(BR2_LOCALVERSION)
-endif
+export BR2_VERSION_FULL := $(BR2_VERSION)$(shell $(TOPDIR)/support/scripts/setlocalversion)

 # List of targets and target patterns for which .config doesn't need to be read in
 noconfig_targets := menuconfig nconfig gconfig xconfig config oldconfig randconfig \
@@ -213,7 +207,6 @@ BR_GRAPH_OUT := $(or $(BR2_GRAPH_OUT),pdf)
 BUILD_DIR := $(BASE_DIR)/build
 BINARIES_DIR := $(BASE_DIR)/images
 BASE_TARGET_DIR := $(BASE_DIR)/target
-PER_PACKAGE_DIR := $(BASE_DIR)/per-package
 # initial definition so that 'make clean' works for most users, even without
 # .config. HOST_DIR will be overwritten later when .config is included.
 HOST_DIR := $(BASE_DIR)/host
@@ -236,12 +229,21 @@ ifeq ($(filter $(noconfig_targets),$(MAKECMDGOALS)),)
 -include $(BR2_CONFIG)
 endif

-ifeq ($(BR2_PER_PACKAGE_DIRECTORIES),)
-# Disable top-level parallel build if per-package directories is not
-# used. Indeed, per-package directories is necessary to guarantee
-# determinism and reproducibility with top-level parallel build.
+# Parallel execution of this Makefile is disabled because it changes
+# the packages building order, that can be a problem for two reasons:
+# - If a package has an unspecified optional dependency and that
+#   dependency is present when the package is built, it is used,
+#   otherwise it isn't (but compilation happily proceeds) so the end
+#   result will differ if the order is swapped due to parallel
+#   building.
+# - Also changing the building order can be a problem if two packages
+#   manipulate the same file in the target directory.
+#
+# Taking into account the above considerations, if you still want to execute
+# this top-level Makefile in parallel comment the ".NOTPARALLEL" line and
+# use the -j<jobs> option when building, e.g:
+#      make -j$((`getconf _NPROCESSORS_ONLN`+1))
 .NOTPARALLEL:
-endif

 # timezone and locale may affect build output
 ifeq ($(BR2_REPRODUCIBLE),y)
@@ -349,7 +351,7 @@ export HOSTARCH := $(shell LC_ALL=C $(HOSTCC_NOCCACHE) -v 2>&1 | \

 # When adding a new host gcc version in Config.in,
 # update the HOSTCC_MAX_VERSION variable:
-HOSTCC_MAX_VERSION := 9
+HOSTCC_MAX_VERSION := 8

 HOSTCC_VERSION := $(shell V=$$($(HOSTCC_NOCCACHE) --version | \
 	sed -n -r 's/^.* ([0-9]*)\.([0-9]*)\.([0-9]*)[ ]*.*/\1 \2/p'); \
@@ -453,22 +455,21 @@ XZCAT := $(call qstrip,$(BR2_XZCAT))
 LZCAT := $(call qstrip,$(BR2_LZCAT))
 TAR_OPTIONS = $(call qstrip,$(BR2_TAR_OPTIONS)) -xf

-ifeq ($(BR2_PER_PACKAGE_DIRECTORIES),y)
-HOST_DIR = $(if $(PKG),$(PER_PACKAGE_DIR)/$($(PKG)_NAME)/host,$(call qstrip,$(BR2_HOST_DIR)))
-TARGET_DIR = $(if $(ROOTFS),$(ROOTFS_$(ROOTFS)_TARGET_DIR),$(if $(PKG),$(PER_PACKAGE_DIR)/$($(PKG)_NAME)/target,$(BASE_TARGET_DIR)))
-else
+# packages compiled for the host go here
 HOST_DIR := $(call qstrip,$(BR2_HOST_DIR))
+
+# The target directory is common to all packages,
+# but there is one that is specific to each filesystem.
 TARGET_DIR = $(if $(ROOTFS),$(ROOTFS_$(ROOTFS)_TARGET_DIR),$(BASE_TARGET_DIR))
-endif

 ifneq ($(HOST_DIR),$(BASE_DIR)/host)
 HOST_DIR_SYMLINK = $(BASE_DIR)/host
-$(HOST_DIR_SYMLINK): | $(BASE_DIR)
-	ln -snf $(HOST_DIR) $(HOST_DIR_SYMLINK)
+$(HOST_DIR_SYMLINK): $(BASE_DIR)
+	ln -snf $(HOST_DIR) $(BASE_DIR)/host
 endif

 STAGING_DIR_SYMLINK = $(BASE_DIR)/staging
-$(STAGING_DIR_SYMLINK): | $(BASE_DIR)
+$(STAGING_DIR_SYMLINK): $(BASE_DIR)
 	ln -snf $(STAGING_DIR) $(STAGING_DIR_SYMLINK)

 # Quotes are needed for spaces and all in the original PATH content.
@@ -599,8 +600,8 @@ world: target-post-image
 .PHONY: prepare-sdk
 prepare-sdk: world
 	@$(call MESSAGE,"Rendering the SDK relocatable")
-	PER_PACKAGE_DIR=$(PER_PACKAGE_DIR) $(TOPDIR)/support/scripts/fix-rpath host
-	PER_PACKAGE_DIR=$(PER_PACKAGE_DIR) $(TOPDIR)/support/scripts/fix-rpath staging
+	$(TOPDIR)/support/scripts/fix-rpath host
+	$(TOPDIR)/support/scripts/fix-rpath staging
 	$(INSTALL) -m 755 $(TOPDIR)/support/misc/relocate-sdk.sh $(HOST_DIR)/relocate-sdk.sh
 	mkdir -p $(HOST_DIR)/share/buildroot
 	echo $(HOST_DIR) > $(HOST_DIR)/share/buildroot/sdk-location
@@ -704,9 +705,8 @@ define PURGE_LOCALES
 	rm -f $(LOCALE_WHITELIST)
 	for i in $(LOCALE_NOPURGE) locale-archive; do echo $$i >> $(LOCALE_WHITELIST); done

-	for dir in $(addprefix $(TARGET_DIR),/usr/share/locale /usr/share/X11/locale /usr/lib/locale); \
+	for dir in $(wildcard $(addprefix $(TARGET_DIR),/usr/share/locale /usr/share/X11/locale /usr/lib/locale)); \
 	do \
-		if [ ! -d $$dir ]; then continue; fi; \
 		for langdir in $$dir/*; \
 		do \
 			if [ -e "$${langdir}" ]; \
@@ -734,22 +734,15 @@ $(TARGETS_ROOTFS): target-finalize
 # Avoid the rootfs name leaking down the dependency chain
 target-finalize: ROOTFS=

-TARGET_DIR_FILES_LISTS = $(sort $(wildcard $(BUILD_DIR)/*/.files-list.txt))
-HOST_DIR_FILES_LISTS = $(sort $(wildcard $(BUILD_DIR)/*/.files-list-host.txt))
-STAGING_DIR_FILES_LISTS = $(sort $(wildcard $(BUILD_DIR)/*/.files-list-staging.txt))
-
-.PHONY: host-finalize
-host-finalize: $(PACKAGES) $(HOST_DIR) $(HOST_DIR_SYMLINK)
-	@$(call MESSAGE,"Finalizing host directory")
-	$(call per-package-rsync,$(sort $(PACKAGES)),host,$(HOST_DIR))
+host-finalize: $(HOST_DIR_SYMLINK)

 .PHONY: staging-finalize
 staging-finalize: $(STAGING_DIR_SYMLINK)

 .PHONY: target-finalize
-target-finalize: $(PACKAGES) $(TARGET_DIR) host-finalize
+target-finalize: $(PACKAGES) host-finalize
 	@$(call MESSAGE,"Finalizing target directory")
-	$(call per-package-rsync,$(sort $(PACKAGES)),target,$(TARGET_DIR))
+	# Check files that are touched by more than one package
 	$(foreach hook,$(TARGET_FINALIZE_HOOKS),$($(hook))$(sep))
 	rm -rf $(TARGET_DIR)/usr/include $(TARGET_DIR)/usr/share/aclocal \
 		$(TARGET_DIR)/usr/lib/pkgconfig $(TARGET_DIR)/usr/share/pkgconfig \
@@ -762,7 +755,6 @@ ifneq ($(BR2_PACKAGE_GDB),y)
 endif
 ifneq ($(BR2_PACKAGE_BASH),y)
 	rm -rf $(TARGET_DIR)/usr/share/bash-completion
-	rm -rf $(TARGET_DIR)/etc/bash_completion.d
 endif
 ifneq ($(BR2_PACKAGE_ZSH),y)
 	rm -rf $(TARGET_DIR)/usr/share/zsh
@@ -772,9 +764,6 @@ endif
 	rm -rf $(TARGET_DIR)/usr/doc $(TARGET_DIR)/usr/share/doc
 	rm -rf $(TARGET_DIR)/usr/share/gtk-doc
 	rmdir $(TARGET_DIR)/usr/share 2>/dev/null || true
-ifneq ($(BR2_ENABLE_DEBUG):$(BR2_STRIP_strip),y:)
-	rm -rf $(TARGET_DIR)/lib/debug $(TARGET_DIR)/usr/lib/debug
-endif
 	$(STRIP_FIND_CMD) | xargs -0 $(STRIPCMD) 2>/dev/null || true
 	$(STRIP_FIND_SPECIAL_LIBS_CMD) | xargs -0 -r $(STRIPCMD) $(STRIP_STRIP_DEBUG) 2>/dev/null || true

@@ -793,15 +782,15 @@ endif
 	ln -sf ../usr/lib/os-release $(TARGET_DIR)/etc

 	@$(call MESSAGE,"Sanitizing RPATH in target tree")
-	PER_PACKAGE_DIR=$(PER_PACKAGE_DIR) $(TOPDIR)/support/scripts/fix-rpath target
+	$(TOPDIR)/support/scripts/fix-rpath target

 # For a merged /usr, ensure that /lib, /bin and /sbin and their /usr
 # counterparts are appropriately setup as symlinks ones to the others.
 ifeq ($(BR2_ROOTFS_MERGED_USR),y)

-	$(foreach d, $(call qstrip,$(BR2_ROOTFS_OVERLAY)), \
-		@$(call MESSAGE,"Sanity check in overlay $(d)")$(sep) \
-		$(Q)not_merged_dirs="$$(support/scripts/check-merged-usr.sh $(d))"; \
+	@$(foreach d, $(call qstrip,$(BR2_ROOTFS_OVERLAY)), \
+		$(call MESSAGE,"Sanity check in overlay $(d)"); \
+		not_merged_dirs="$$(support/scripts/check-merged-usr.sh $(d))"; \
 		test -n "$$not_merged_dirs" && { \
 			echo "ERROR: The overlay in $(d) is not" \
 				"using a merged /usr for the following directories:" \
@@ -811,23 +800,26 @@ ifeq ($(BR2_ROOTFS_MERGED_USR),y)

 endif # merged /usr

-	$(foreach d, $(call qstrip,$(BR2_ROOTFS_OVERLAY)), \
-		@$(call MESSAGE,"Copying overlay $(d)")$(sep) \
-		$(Q)$(call SYSTEM_RSYNC,$(d),$(TARGET_DIR))$(sep))
+	@$(foreach d, $(call qstrip,$(BR2_ROOTFS_OVERLAY)), \
+		$(call MESSAGE,"Copying overlay $(d)"); \
+		$(call SYSTEM_RSYNC,$(d),$(TARGET_DIR))$(sep))

-	$(Q)$(if $(TARGET_DIR_FILES_LISTS), \
-		cat $(TARGET_DIR_FILES_LISTS)) > $(BUILD_DIR)/packages-file-list.txt
-	$(Q)$(if $(HOST_DIR_FILES_LISTS), \
-		cat $(HOST_DIR_FILES_LISTS)) > $(BUILD_DIR)/packages-file-list-host.txt
-	$(Q)$(if $(STAGING_DIR_FILES_LISTS), \
-		cat $(STAGING_DIR_FILES_LISTS)) > $(BUILD_DIR)/packages-file-list-staging.txt
-
-	$(foreach s, $(call qstrip,$(BR2_ROOTFS_POST_BUILD_SCRIPT)), \
-		@$(call MESSAGE,"Executing post-build script $(s)")$(sep) \
-		$(Q)$(EXTRA_ENV) $(s) $(TARGET_DIR) $(call qstrip,$(BR2_ROOTFS_POST_SCRIPT_ARGS))$(sep))
+	@$(foreach s, $(call qstrip,$(BR2_ROOTFS_POST_BUILD_SCRIPT)), \
+		$(call MESSAGE,"Executing post-build script $(s)"); \
+		$(EXTRA_ENV) $(s) $(TARGET_DIR) $(call qstrip,$(BR2_ROOTFS_POST_SCRIPT_ARGS))$(sep))

 	touch $(TARGET_DIR)/usr

+# AFTER ALL FILE-CHANGING ACTIONS:
+# Update timestamps in internal file list to fix attribution of files
+# to packages on subsequent builds
+	$(call step_pkg_size_file_list,$(TARGET_DIR))
+	$(call step_pkg_size_finalize)
+	$(call step_pkg_size_file_list,$(STAGING_DIR),-staging)
+	$(call step_pkg_size_finalize,-staging)
+	$(call step_pkg_size_file_list,$(HOST_DIR),-host)
+	$(call step_pkg_size_finalize,-host)
+
 .PHONY: target-post-image
 target-post-image: $(TARGETS_ROOTFS) target-finalize staging-finalize
 	@rm -f $(ROOTFS_COMMON_TAR)
@@ -1038,7 +1030,7 @@ savedefconfig: $(BUILD_DIR)/buildroot-config/conf outputmakefile

 # staging and target directories do NOT list these as
 # dependencies anywhere else
-$(BUILD_DIR) $(BASE_TARGET_DIR) $(HOST_DIR) $(BINARIES_DIR) $(LEGAL_INFO_DIR) $(REDIST_SOURCES_DIR_TARGET) $(REDIST_SOURCES_DIR_HOST) $(PER_PACKAGE_DIR):
+$(BUILD_DIR) $(BASE_TARGET_DIR) $(HOST_DIR) $(BINARIES_DIR) $(LEGAL_INFO_DIR) $(REDIST_SOURCES_DIR_TARGET) $(REDIST_SOURCES_DIR_HOST):
 	@mkdir -p $@

 # outputmakefile generates a Makefile in the output directory, if using a
@@ -1070,7 +1062,7 @@ printvars:
 clean:
 	rm -rf $(BASE_TARGET_DIR) $(BINARIES_DIR) $(HOST_DIR) $(HOST_DIR_SYMLINK) \
 		$(BUILD_DIR) $(BASE_DIR)/staging \
-		$(LEGAL_INFO_DIR) $(GRAPHS_DIR) $(PER_PACKAGE_DIR)
+		$(LEGAL_INFO_DIR) $(GRAPHS_DIR)

 .PHONY: distclean
 distclean: clean
@@ -1199,7 +1191,7 @@ release: OUT = buildroot-$(BR2_VERSION)
 release:
 	git archive --format=tar --prefix=$(OUT)/ HEAD > $(OUT).tar
 	$(MAKE) O=$(OUT) manual-html manual-text manual-pdf
-	$(MAKE) O=$(OUT) distclean
+	$(MAKE) O=$(OUT) clean
 	tar rf $(OUT).tar $(OUT)
 	gzip -9 -c < $(OUT).tar > $(OUT).tar.gz
 	bzip2 -9 -c < $(OUT).tar > $(OUT).tar.bz2
--- a/arch/Config.in.arc
+++ b/arch/Config.in.arc
@@ -15,17 +15,11 @@ config BR2_archs38
 	bool "ARC HS38"
 	help
 	  Generic ARC HS capable of running Linux, i.e. with MMU,
-	  caches and 32-bit multiplier. Also it corresponds to the
-	  default configuration in older GNU toolchain versions.
+	  caches and multiplier. Also it corresponds to the default
+	  configuration in older GNU toolchain versions.

-config BR2_archs38_64mpy
-	bool "ARC HS38 with 64-bit mpy"
-	help
-	  Fully featured ARC HS capable of running Linux, i.e. with
-	  MMU, caches and 64-bit multiplier.
-
-	  If you're not sure which version of ARC HS core you build
-	  for use this one.
+	  If you're not sure which version of ARC HS core you  build for
+	  keep this one.

 config BR2_archs38_full
 	bool "ARC HS38 with Quad MAC & FPU"
@@ -49,7 +43,7 @@ endchoice
 # Choice of atomic instructions presence
 config BR2_ARC_ATOMIC_EXT
 	bool "Atomic extension (LLOCK/SCOND instructions)"
-	default y if BR2_arc770d || BR2_archs38 || BR2_archs38_64mpy || BR2_archs38_full || BR2_archs4x_rel31
+	default y if BR2_arc770d || BR2_archs38 || BR2_archs38_full || BR2_archs4x_rel31

 config BR2_ARCH
 	default "arc"	if BR2_arcle
@@ -67,13 +61,12 @@ config BR2_GCC_TARGET_CPU
 	default "arc700" if BR2_arc750d
 	default "arc700" if BR2_arc770d
 	default "archs"	 if BR2_archs38
-	default "hs38"	 if BR2_archs38_64mpy
 	default "hs38_linux"	 if BR2_archs38_full
 	default "hs4x_rel31"	 if BR2_archs4x_rel31

 config BR2_READELF_ARCH_NAME
 	default "ARCompact"	if BR2_arc750d || BR2_arc770d
-	default "ARCv2"		if BR2_archs38 || BR2_archs38_64mpy || BR2_archs38_full || BR2_archs4x_rel31
+	default "ARCv2"		if BR2_archs38 || BR2_archs38_full || BR2_archs4x_rel31

 choice
 	prompt "MMU Page Size"
@@ -93,7 +86,7 @@ choice

 config BR2_ARC_PAGE_SIZE_4K
 	bool "4KB"
-	depends on BR2_arc770d || BR2_archs38 || BR2_archs38_64mpy || BR2_archs38_full || BR2_archs4x_rel31
+	depends on BR2_arc770d || BR2_archs38 || BR2_archs38_full || BR2_archs4x_rel31

 config BR2_ARC_PAGE_SIZE_8K
 	bool "8KB"
@@ -103,7 +96,7 @@ config BR2_ARC_PAGE_SIZE_8K

 config BR2_ARC_PAGE_SIZE_16K
 	bool "16KB"
-	depends on BR2_arc770d || BR2_archs38 || BR2_archs38_64mpy || BR2_archs38_full || BR2_archs4x_rel31
+	depends on BR2_arc770d || BR2_archs38 || BR2_archs38_full || BR2_archs4x_rel31

 endchoice

--- a/arch/Config.in.x86
+++ b/arch/Config.in.x86
@@ -1,8 +1,6 @@
 # i386/x86_64 cpu features
 config BR2_X86_CPU_HAS_MMX
 	bool
-config BR2_X86_CPU_HAS_3DNOW
-	bool
 config BR2_X86_CPU_HAS_SSE
 	bool
 config BR2_X86_CPU_HAS_SSE2
@@ -157,18 +155,15 @@ config BR2_x86_k6_2
 	bool "k6-2"
 	depends on !BR2_x86_64
 	select BR2_X86_CPU_HAS_MMX
-	select BR2_X86_CPU_HAS_3DNOW
 config BR2_x86_athlon
 	bool "athlon"
 	depends on !BR2_x86_64
 	select BR2_X86_CPU_HAS_MMX
-	select BR2_X86_CPU_HAS_3DNOW
 config BR2_x86_athlon_4
 	bool "athlon-4"
 	depends on !BR2_x86_64
 	select BR2_X86_CPU_HAS_MMX
 	select BR2_X86_CPU_HAS_SSE
-	select BR2_X86_CPU_HAS_3DNOW
 config BR2_x86_opteron
 	bool "opteron"
 	select BR2_X86_CPU_HAS_MMX
@@ -214,7 +209,6 @@ config BR2_x86_c3
 	bool "Via/Cyrix C3 (Samuel/Ezra cores)"
 	depends on !BR2_x86_64
 	select BR2_X86_CPU_HAS_MMX
-	select BR2_X86_CPU_HAS_3DNOW
 config BR2_x86_c32
 	bool "Via C3-2 (Nehemiah cores)"
 	depends on !BR2_x86_64
--- a/arch/arch.mk.arc
+++ b/arch/arch.mk.arc
@@ -1,17 +1,4 @@
-ifeq ($(BR2_arc),y)
-
 # -matomic is always required when the ARC core has the atomic extensions
-ifeq ($(BR2_ARC_ATOMIC_EXT),y)
+ifeq ($(BR2_arc)$(BR2_ARC_ATOMIC_EXT),yy)
 ARCH_TOOLCHAIN_WRAPPER_OPTS = -matomic
 endif
-
-# Explicitly set LD's "max-page-size" instead of relying on some defaults
-ifeq ($(BR2_ARC_PAGE_SIZE_4K),y)
-ARCH_TOOLCHAIN_WRAPPER_OPTS += -Wl,-z,max-page-size=4096
-else ifeq ($(BR2_ARC_PAGE_SIZE_8K),y)
-ARCH_TOOLCHAIN_WRAPPER_OPTS += -Wl,-z,max-page-size=8192
-else ifeq ($(BR2_ARC_PAGE_SIZE_16K),y)
-ARCH_TOOLCHAIN_WRAPPER_OPTS += -Wl,-z,max-page-size=16384
-endif
-
-endif
--- a/board/beaglebone/linux-4.1-sgx.fragment
+++ b/board/beaglebone/linux-4.1-sgx.fragment
@@ -10,4 +10,3 @@ CONFIG_DRM_OMAP_WB_M2M=y
 CONFIG_DRM_TILCDC=y
 CONFIG_DRM_I2C_NXP_TDA998X=y
 CONFIG_DRM=y
-CONFIG_DRM_LEGACY=y
--- a/board/beaglebone/post-image.sh
+++ b/board/beaglebone/post-image.sh
@@ -0,0 +1,29 @@
+#!/bin/sh
+# post-image.sh for CircuitCo BeagleBone and TI am335x-evm
+# 2014, Marcin Jabrzyk <marcin.jabrzyk@gmail.com>
+# 2016, Lothar Felten <lothar.felten@gmail.com>
+
+BOARD_DIR="$(dirname $0)"
+
+# copy the uEnv.txt to the output/images directory
+cp board/beaglebone/uEnv.txt $BINARIES_DIR/uEnv.txt
+
+# the 4.1 kernel does not provide a dtb for beaglebone green, so we
+# use a different genimage config if am335x-bonegreen.dtb is not
+# built:
+if [ -e ${BINARIES_DIR}/am335x-bonegreen.dtb ] ; then
+	GENIMAGE_CFG="${BOARD_DIR}/genimage.cfg"
+else
+	GENIMAGE_CFG="${BOARD_DIR}/genimage_linux41.cfg"
+fi
+
+GENIMAGE_TMP="${BUILD_DIR}/genimage.tmp"
+
+rm -rf "${GENIMAGE_TMP}"
+
+genimage \
+    --rootpath "${TARGET_DIR}" \
+    --tmppath "${GENIMAGE_TMP}" \
+    --inputpath "${BINARIES_DIR}" \
+    --outputpath "${BINARIES_DIR}" \
+    --config "${GENIMAGE_CFG}"
--- a/board/beaglebone/readme.txt
+++ b/board/beaglebone/readme.txt
@@ -7,7 +7,7 @@ Description
 This configuration will build a complete image for the beaglebone and
 the TI AM335x-EVM, the board type is identified by the on-board
 EEPROM. The configuration is based on the
-ti-processor-sdk-06.01.00.08. Device tree blobs for beaglebone
+ti-processor-sdk-02.00.00.00. Device tree blobs for beaglebone
 variants and the evm-sk are built too.

 For Qt5 support support use the beaglebone_qt5_defconfig.
@@ -43,20 +43,10 @@ output/images/
 To copy the image file to the sdcard use dd:
 $ dd if=output/images/sdcard.img of=/dev/XXX

-
-Running Qt5 hellowindow opengl demo:
-===================
-# export QT_QPA_EGLFS_KMS_CONFIG=/etc/qt5/eglfs_kms_cfg.json
-# export QT_QPA_PLATFORM=eglfs
-# export QT_QPA_EGLFS_INTEGRATION=none
-# /usr/lib/qt/examples/opengl/hellowindow/hellowindow
-
-
 Tested hardware
 ===============
 am335x-evm (rev. 1.1A)
 beagleboneblack (rev. A5A)
 beaglebone (rev. A6)

-2020, Adam Duskett <aduskett@gmail.com>
 2016, Lothar Felten <lothar.felten@gmail.com>
--- a/board/beaglebone/rootfs_overlay/etc/qt5/eglfs_kms_cfg.json
+++ b/board/beaglebone/rootfs_overlay/etc/qt5/eglfs_kms_cfg.json
@@ -1,15 +0,0 @@
-{
-  "device": "/dev/dri/card0",
-  "hwcursor": false,
-  "pbuffers": true,
-  "outputs": [
-    {
-      "name": "VGA1",
-      "mode": "off"
-    },
-    {
-      "name": "HDMI1",
-      "mode": "1024x768"
-    }
-  ]
-}
--- a/board/beelink/gs1/extlinux.conf
+++ b/board/beelink/gs1/extlinux.conf
@@ -1,4 +0,0 @@
-label linux
-  kernel /Image
-  devicetree /sun50i-h6-beelink-gs1.dtb
-  append console=ttyS0,115200 earlyprintk root=/dev/mmcblk0p2 rootwait
--- a/board/beelink/gs1/genimage.cfg
+++ b/board/beelink/gs1/genimage.cfg
@@ -1,33 +0,0 @@
-image boot.vfat {
-	vfat {
-		files = {
-			"Image",
-			"sun50i-h6-beelink-gs1.dtb",
-			"extlinux"
-		}
-	}
-	size = 64M
-}
-
-image sdcard.img {
-	hdimage {
-	}
-
-	partition u-boot {
-		in-partition-table = "no"
-		image = "u-boot-sunxi-with-spl.bin"
-		offset = 8192
-		size = 1040384 # 1MB - 8192
-	}
-
-	partition boot {
-		partition-type = 0xC
-		bootable = "true"
-		image = "boot.vfat"
-	}
-
-	partition rootfs {
-		partition-type = 0x83
-		image = "rootfs.ext4"
-	}
-}
--- a/board/beelink/gs1/patches/arm-trusted-firmware/0001-plat-allwinner-common-use-r_wdog-instead-of-wdog.patch
+++ b/board/beelink/gs1/patches/arm-trusted-firmware/0001-plat-allwinner-common-use-r_wdog-instead-of-wdog.patch
@@ -1,39 +0,0 @@
-From 523ab5be1a84e9aa15fb62c3a15a6338b01d3961 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Cl=C3=A9ment=20P=C3=A9ron?= <peron.clem@gmail.com>
-Date: Tue, 9 Apr 2019 00:15:06 +0200
-Subject: [PATCH] plat: allwinner: common: use r_wdog instead of wdog
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Some Allwinner H6 has a broken watchdog that doesn't
-make the soc reboot.
-
-Use the R_WATCHDOG instead.
-
-Signed-off-by: Clément Péron <peron.clem@gmail.com>
-Change-Id: Ie95cc30a80ed517b60b30d6bc2e655a1b53f18ba
---
- plat/allwinner/common/sunxi_pm.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/plat/allwinner/common/sunxi_pm.c b/plat/allwinner/common/sunxi_pm.c
-index 1d2dc938..13e13532 100644
--- a/plat/allwinner/common/sunxi_pm.c
-+++ b/plat/allwinner/common/sunxi_pm.c
-@@ -20,9 +20,9 @@
- #include <sunxi_mmap.h>
- #include <sunxi_private.h>
- 
-#define SUNXI_WDOG0_CTRL_REG		(SUNXI_WDOG_BASE + 0x0010)
-#define SUNXI_WDOG0_CFG_REG		(SUNXI_WDOG_BASE + 0x0014)
-#define SUNXI_WDOG0_MODE_REG		(SUNXI_WDOG_BASE + 0x0018)
-+#define SUNXI_WDOG0_CTRL_REG		(SUNXI_R_WDOG_BASE + 0x0010)
-+#define SUNXI_WDOG0_CFG_REG		(SUNXI_R_WDOG_BASE + 0x0014)
-+#define SUNXI_WDOG0_MODE_REG		(SUNXI_R_WDOG_BASE + 0x0018)
- 
- #define mpidr_is_valid(mpidr) ( \
- 	MPIDR_AFFLVL3_VAL(mpidr) == 0 && \
-- 
-2.20.1
-
--- a/board/beelink/gs1/patches/uboot/0001-arm-dts-sync-dts-for-Allwinner-H6.patch
+++ b/board/beelink/gs1/patches/uboot/0001-arm-dts-sync-dts-for-Allwinner-H6.patch
@@ -1,279 +0,0 @@
-From 99cade8743158889b3e8db93c003b3318ebd4bda Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Cl=C3=A9ment=20P=C3=A9ron?= <peron.clem@gmail.com>
-Date: Sun, 11 Aug 2019 22:38:57 +0200
-Subject: [PATCH] arm: dts: sync dts for Allwinner H6
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Sync Kernel DTS for Allwinner H6 boards.
-
-Drop /omit-if-no-ref/ keyword as it's not supported by U-boot.
-
-commit <d45331b00ddb> Linux 5.3-rc4
-
-Signed-off-by: Clément Péron <peron.clem@gmail.com>
---
- arch/arm/dts/sun50i-h6-beelink-gs1.dts | 76 ++++++++++++++++++++++++++
- arch/arm/dts/sun50i-h6-pine-h64.dts    | 12 ++++
- arch/arm/dts/sun50i-h6.dtsi            | 46 +++++++++++++++-
- 3 files changed, 131 insertions(+), 3 deletions(-)
-
-diff --git a/arch/arm/dts/sun50i-h6-beelink-gs1.dts b/arch/arm/dts/sun50i-h6-beelink-gs1.dts
-index 54b0882bed..0dc33c90dd 100644
--- a/arch/arm/dts/sun50i-h6-beelink-gs1.dts
-+++ b/arch/arm/dts/sun50i-h6-beelink-gs1.dts
-@@ -14,6 +14,7 @@
- 	compatible = "azw,beelink-gs1", "allwinner,sun50i-h6";
- 
- 	aliases {
-+		ethernet0 = &emac;
- 		serial0 = &uart0;
- 	};
- 
-@@ -21,6 +22,17 @@
- 		stdout-path = "serial0:115200n8";
- 	};
- 
-+	connector {
-+		compatible = "hdmi-connector";
-+		type = "a";
-+
-+		port {
-+			hdmi_con_in: endpoint {
-+				remote-endpoint = <&hdmi_out_con>;
-+			};
-+		};
-+	};
-+
- 	leds {
- 		compatible = "gpio-leds";
- 
-@@ -41,6 +53,40 @@
- 	};
- };
- 
-+&de {
-+	status = "okay";
-+};
-+
-+&ehci0 {
-+	status = "okay";
-+};
-+
-+&emac {
-+	pinctrl-names = "default";
-+	pinctrl-0 = <&ext_rgmii_pins>;
-+	phy-mode = "rgmii";
-+	phy-handle = <&ext_rgmii_phy>;
-+	phy-supply = <&reg_aldo2>;
-+	status = "okay";
-+};
-+
-+&hdmi {
-+	status = "okay";
-+};
-+
-+&hdmi_out {
-+	hdmi_out_con: endpoint {
-+		remote-endpoint = <&hdmi_con_in>;
-+	};
-+};
-+
-+&mdio {
-+	ext_rgmii_phy: ethernet-phy@1 {
-+		compatible = "ethernet-phy-ieee802.3-c22";
-+		reg = <1>;
-+	};
-+};
-+
- &mmc0 {
- 	vmmc-supply = <&reg_cldo1>;
- 	cd-gpios = <&pio 5 6 GPIO_ACTIVE_LOW>;
-@@ -57,6 +103,15 @@
- 	status = "okay";
- };
- 
-+&ohci0 {
-+	status = "okay";
-+};
-+
-+&pio {
-+	vcc-pd-supply = <&reg_cldo1>;
-+	vcc-pg-supply = <&reg_aldo1>;
-+};
-+
- &r_i2c {
- 	status = "okay";
- 
-@@ -177,8 +232,29 @@
- 	};
- };
- 
-+&r_pio {
-+	/*
-+	 * PL0 and PL1 are used for PMIC I2C
-+	 * don't enable the pl-supply else
-+	 * it will fail at boot
-+	 *
-+	 * vcc-pl-supply = <&reg_aldo1>;
-+	 */
-+	vcc-pm-supply = <&reg_aldo1>;
-+};
-+
- &uart0 {
- 	pinctrl-names = "default";
- 	pinctrl-0 = <&uart0_ph_pins>;
- 	status = "okay";
- };
-+
-+&usb2otg {
-+	dr_mode = "host";
-+	status = "okay";
-+};
-+
-+&usb2phy {
-+	usb0_vbus-supply = <&reg_vcc5v>;
-+	status = "okay";
-+};
-diff --git a/arch/arm/dts/sun50i-h6-pine-h64.dts b/arch/arm/dts/sun50i-h6-pine-h64.dts
-index 4802902e12..1898345183 100644
--- a/arch/arm/dts/sun50i-h6-pine-h64.dts
-+++ b/arch/arm/dts/sun50i-h6-pine-h64.dts
-@@ -127,6 +127,12 @@
- 	status = "okay";
- };
- 
-+&pio {
-+	vcc-pc-supply = <&reg_bldo2>;
-+	vcc-pd-supply = <&reg_cldo1>;
-+	vcc-pg-supply = <&reg_aldo1>;
-+};
-+
- &r_i2c {
- 	status = "okay";
- 
-@@ -243,10 +249,16 @@
- 	pcf8563: rtc@51 {
- 		compatible = "nxp,pcf8563";
- 		reg = <0x51>;
-+		interrupt-parent = <&r_intc>;
-+		interrupts = <0 IRQ_TYPE_LEVEL_LOW>;
- 		#clock-cells = <0>;
- 	};
- };
- 
-+&r_pio {
-+	vcc-pm-supply = <&reg_aldo1>;
-+};
-+
- &uart0 {
- 	pinctrl-names = "default";
- 	pinctrl-0 = <&uart0_ph_pins>;
-diff --git a/arch/arm/dts/sun50i-h6.dtsi b/arch/arm/dts/sun50i-h6.dtsi
-index e0dc4a05c1..a117f479ae 100644
--- a/arch/arm/dts/sun50i-h6.dtsi
-+++ b/arch/arm/dts/sun50i-h6.dtsi
-@@ -101,7 +101,7 @@
- 		#size-cells = <1>;
- 		ranges;
- 
-		display-engine@1000000 {
-+		bus@1000000 {
- 			compatible = "allwinner,sun50i-h6-de3",
- 				     "allwinner,sun50i-a64-de2";
- 			reg = <0x1000000 0x400000>;
-@@ -203,11 +203,32 @@
- 			#reset-cells = <1>;
- 		};
- 
-+		dma: dma-controller@3002000 {
-+			compatible = "allwinner,sun50i-h6-dma";
-+			reg = <0x03002000 0x1000>;
-+			interrupts = <GIC_SPI 43 IRQ_TYPE_LEVEL_HIGH>;
-+			clocks = <&ccu CLK_BUS_DMA>, <&ccu CLK_MBUS_DMA>;
-+			clock-names = "bus", "mbus";
-+			dma-channels = <16>;
-+			dma-requests = <46>;
-+			resets = <&ccu RST_BUS_DMA>;
-+			#dma-cells = <1>;
-+		};
-+
- 		sid: sid@3006000 {
- 			compatible = "allwinner,sun50i-h6-sid";
- 			reg = <0x03006000 0x400>;
- 		};
- 
-+		watchdog: watchdog@30090a0 {
-+			compatible = "allwinner,sun50i-h6-wdt",
-+				     "allwinner,sun6i-a31-wdt";
-+			reg = <0x030090a0 0x20>;
-+			interrupts = <GIC_SPI 50 IRQ_TYPE_LEVEL_HIGH>;
-+			/* Broken on some H6 boards */
-+			status = "disabled";
-+		};
-+
- 		pio: pinctrl@300b000 {
- 			compatible = "allwinner,sun50i-h6-pinctrl";
- 			reg = <0x0300b000 0x400>;
-@@ -243,6 +264,18 @@
- 				bias-pull-up;
- 			};
- 
-+			/*
-+			 * /omit-if-no-ref/ isn't supported by U-boot
-+			 * keep this comment to avoid bad sync with Linux
-+			 */
-+			mmc1_pins: mmc1-pins {
-+				pins = "PG0", "PG1", "PG2", "PG3",
-+				       "PG4", "PG5";
-+				function = "mmc1";
-+				drive-strength = <30>;
-+				bias-pull-up;
-+			};
-+
- 			mmc2_pins: mmc2-pins {
- 				pins = "PC1", "PC4", "PC5", "PC6",
- 				       "PC7", "PC8", "PC9", "PC10",
-@@ -294,6 +327,8 @@
- 			resets = <&ccu RST_BUS_MMC1>;
- 			reset-names = "ahb";
- 			interrupts = <GIC_SPI 36 IRQ_TYPE_LEVEL_HIGH>;
-+			pinctrl-names = "default";
-+			pinctrl-0 = <&mmc1_pins>;
- 			status = "disabled";
- 			#address-cells = <1>;
- 			#size-cells = <0>;
-@@ -445,7 +480,6 @@
- 			resets = <&ccu RST_BUS_OHCI3>,
- 				 <&ccu RST_BUS_EHCI3>;
- 			phys = <&usb2phy 3>;
-			phy-names = "usb";
- 			status = "disabled";
- 		};
- 
-@@ -457,7 +491,6 @@
- 				 <&ccu CLK_USB_OHCI3>;
- 			resets = <&ccu RST_BUS_OHCI3>;
- 			phys = <&usb2phy 3>;
-			phy-names = "usb";
- 			status = "disabled";
- 		};
- 
-@@ -613,6 +646,13 @@
- 			#reset-cells = <1>;
- 		};
- 
-+		r_watchdog: watchdog@7020400 {
-+			compatible = "allwinner,sun50i-h6-wdt",
-+				     "allwinner,sun6i-a31-wdt";
-+			reg = <0x07020400 0x20>;
-+			interrupts = <GIC_SPI 103 IRQ_TYPE_LEVEL_HIGH>;
-+		};
-+
- 		r_intc: interrupt-controller@7021000 {
- 			compatible = "allwinner,sun50i-h6-r-intc",
- 				     "allwinner,sun6i-a31-r-intc";
-- 
-2.20.1
-
--- a/board/beelink/gs1/post-build.sh
+++ b/board/beelink/gs1/post-build.sh
@@ -1,4 +0,0 @@
-#!/bin/sh
-BOARD_DIR="$(dirname $0)"
-
-install -m 0644 -D $BOARD_DIR/extlinux.conf $BINARIES_DIR/extlinux/extlinux.conf
--- a/board/boundarydevices/common/readme.txt
+++ b/board/boundarydevices/common/readme.txt
@@ -28,9 +28,3 @@ Where 'sdX' is the device node of the uSD partition.
 To upgrade u-boot, cancel autoboot and type:

 > run upgradeu
-
-See Boundary Devices's buildroot-external-boundary project
-for additional and advanced defconfigs using Qt5, gstreamer,
-NXP proprietary packages with demo applications:
-
-https://github.com/boundarydevices/buildroot-external-boundary
--- a/board/engicam/icorem6/rootfs_overlay/root/imx6qdl-icore-ofcap10.json
+++ b/board/engicam/icorem6/rootfs_overlay/root/imx6qdl-icore-ofcap10.json
@@ -4,7 +4,7 @@
  "pbuffers": true,
  "outputs": [
    {
-      "name": "LVDS1",
+      "name": "LVDS-1",
      "mode": "1280x800"
    }
  ]
--- a/board/engicam/icorem6/rootfs_overlay/root/imx6qdl-icore-ofcap12.json
+++ b/board/engicam/icorem6/rootfs_overlay/root/imx6qdl-icore-ofcap12.json
@@ -4,7 +4,7 @@
  "pbuffers": true,
  "outputs": [
    {
-      "name": "LVDS1",
+      "name": "LVDS-1",
      "mode": "1280x480"
    }
  ]
--- a/board/engicam/icorem6/rootfs_overlay/root/imx6qdl-icore.json
+++ b/board/engicam/icorem6/rootfs_overlay/root/imx6qdl-icore.json
@@ -4,7 +4,7 @@
  "pbuffers": true,
  "outputs": [
    {
-      "name": "LVDS1",
+      "name": "LVDS-1",
      "mode": "800x480"
    }
  ]
--- a/board/freescale/common/imx/genimage.cfg.template_imx8
+++ b/board/freescale/common/imx/genimage.cfg.template_imx8
@@ -13,7 +13,7 @@ image boot.vfat {
      %FILES%
    }
  }
-  size = 64M
+  size = 32M
 }

 image sdcard.img {
--- a/board/freescale/common/imx/imx8-bootloader-prepare.sh
+++ b/board/freescale/common/imx/imx8-bootloader-prepare.sh
@@ -27,11 +27,8 @@ main ()
 		cat ${BINARIES_DIR}/u-boot.bin ${BINARIES_DIR}/mkimg.commit > ${BINARIES_DIR}/u-boot-hash.bin
 		cp ${BINARIES_DIR}/bl31.bin ${BINARIES_DIR}/u-boot-atf.bin
 		dd if=${BINARIES_DIR}/u-boot-hash.bin of=${BINARIES_DIR}/u-boot-atf.bin bs=1K seek=128
-		if grep -Eq "^BR2_PACKAGE_FREESCALE_IMX_PLATFORM_IMX8=y$" ${BR2_CONFIG}; then
-			${HOST_DIR}/bin/mkimage_imx8 -soc QM -rev B0 -append ${BINARIES_DIR}/ahab-container.img -c -scfw ${BINARIES_DIR}/mx8qm-mek-scfw-tcm.bin -ap ${BINARIES_DIR}/u-boot-atf.bin a53 0x80000000 -out ${BINARIES_DIR}/imx8-boot-sd.bin
-		else
-			${HOST_DIR}/bin/mkimage_imx8 -soc QX -rev B0 -append ${BINARIES_DIR}/ahab-container.img -c -scfw ${BINARIES_DIR}/mx8qx-mek-scfw-tcm.bin -ap ${BINARIES_DIR}/u-boot-atf.bin a35 0x80000000 -out ${BINARIES_DIR}/imx8-boot-sd.bin
-		fi
+
+		${HOST_DIR}/bin/mkimage_imx8 -soc QX -rev B0 -append ${BINARIES_DIR}/ahab-container.img -c -scfw ${BINARIES_DIR}/mx8qx-mek-scfw-tcm.bin -ap ${BINARIES_DIR}/u-boot-atf.bin a35 0x80000000 -out ${BINARIES_DIR}/imx8-boot-sd.bin
 	fi

 	exit $?
--- a/board/freescale/common/imx/post-image.sh
+++ b/board/freescale/common/imx/post-image.sh
@@ -32,9 +32,7 @@ linux_image()

 genimage_type()
 {
-	if grep -Eq "^BR2_PACKAGE_FREESCALE_IMX_PLATFORM_IMX8=y$" ${BR2_CONFIG}; then
-		echo "genimage.cfg.template_imx8"
-	elif grep -Eq "^BR2_PACKAGE_FREESCALE_IMX_PLATFORM_IMX8M=y$" ${BR2_CONFIG}; then
+	if grep -Eq "^BR2_PACKAGE_FREESCALE_IMX_PLATFORM_IMX8M=y$" ${BR2_CONFIG}; then
 		echo "genimage.cfg.template_imx8"
 	elif grep -Eq "^BR2_PACKAGE_FREESCALE_IMX_PLATFORM_IMX8MM=y$" ${BR2_CONFIG}; then
 		echo "genimage.cfg.template_imx8"
--- a/board/freescale/imx6-sabresd/linux_qt5.fragment
+++ b/board/freescale/imx6-sabresd/linux_qt5.fragment
@@ -2,3 +2,4 @@
 # ondemand governor with a mainline kernel.
 # CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND is not set
 CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE=y
+CONFIG_VIDEO_CODA=m
--- a/board/friendlyarm/nanopi-neo-plus2/boot.cmd
+++ b/board/friendlyarm/nanopi-neo-plus2/boot.cmd
@@ -0,0 +1,6 @@
+setenv bootargs console=ttyS0,115200 earlyprintk root=/dev/mmcblk0p2 rootwait
+
+fatload mmc 0 $kernel_addr_r Image
+fatload mmc 0 $fdt_addr_r sun50i-h5-nanopi-neo-plus2.dtb
+
+booti $kernel_addr_r - $fdt_addr_r
--- a/board/friendlyarm/nanopi-neo-plus2/extlinux.conf
+++ b/board/friendlyarm/nanopi-neo-plus2/extlinux.conf
@@ -1,4 +0,0 @@
-label linux
-  kernel /Image
-  devicetree /sun50i-h5-nanopi-neo-plus2.dtb
-  append console=ttyS0,115200 earlyprintk root=/dev/mmcblk0p2 rootwait
--- a/board/friendlyarm/nanopi-neo-plus2/genimage.cfg
+++ b/board/friendlyarm/nanopi-neo-plus2/genimage.cfg
@@ -3,7 +3,7 @@ image boot.vfat {
 		files = {
 			"Image",
 			"sun50i-h5-nanopi-neo-plus2.dtb",
-			"extlinux"
+			"boot.scr"
 		}
 	}
 	size = 64M
--- a/board/friendlyarm/nanopi-neo-plus2/post-build.sh
+++ b/board/friendlyarm/nanopi-neo-plus2/post-build.sh
@@ -1,4 +0,0 @@
-#!/bin/sh
-BOARD_DIR="$(dirname $0)"
-
-install -m 0644 -D $BOARD_DIR/extlinux.conf $BINARIES_DIR/extlinux/extlinux.conf
--- a/board/friendlyarm/nanopi-neo/genimage.cfg
+++ b/board/friendlyarm/nanopi-neo/genimage.cfg
@@ -29,5 +29,6 @@ image sdcard.img {
 	partition rootfs {
 		partition-type = 0x83
 		image = "rootfs.ext4"
+		size = 32M
 	}
 }
--- a/board/friendlyarm/nanopi-neo/post-build.sh
+++ b/board/friendlyarm/nanopi-neo/post-build.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+# post-build.sh for Nanopi NEO, based on the Orange Pi PC
+# 2013, Carlo Caione <carlo.caione@gmail.com>
+# 2016, "Yann E. MORIN" <yann.morin.1998@free.fr>
+
+BOARD_DIR="$( dirname "${0}" )"
+MKIMAGE="${HOST_DIR}/bin/mkimage"
+BOOT_CMD="${BOARD_DIR}/boot.cmd"
+BOOT_CMD_H="${BINARIES_DIR}/boot.scr"
+
+# U-Boot script
+"${MKIMAGE}" -C none -A arm -T script -d "${BOOT_CMD}" "${BOOT_CMD_H}"
--- a/board/friendlyarm/nanopi-neo/post-image.sh
+++ b/board/friendlyarm/nanopi-neo/post-image.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+# post-image.sh for Nanopi NEO, based on the Orange Pi PC
+
+BOARD_DIR="$( dirname "${0}" )"
+GENIMAGE_CFG="${BOARD_DIR}/genimage.cfg"
+GENIMAGE_TMP="${BUILD_DIR}/genimage.tmp"
+
+rm -rf "${GENIMAGE_TMP}"
+
+genimage                               \
+	--rootpath "${TARGET_DIR}"     \
+	--tmppath "${GENIMAGE_TMP}"    \
+	--inputpath "${BINARIES_DIR}"  \
+	--outputpath "${BINARIES_DIR}" \
+	--config "${GENIMAGE_CFG}"
--- a/board/hardkernel/odroidc2/boot.ini
+++ b/board/hardkernel/odroidc2/boot.ini
@@ -0,0 +1,176 @@
+ODROIDC2-UBOOT-CONFIG
+
+########################################################################
+# Changes made to this are overwritten every time there's a new upgrade
+# To make your changes permanent change it on 
+# boot.ini.default
+# After changing it on boot.ini.default run the bootini command to
+# rewrite this file with your personal permanent settings.
+# Documentation: http://odroid.com/dokuwiki/doku.php?id=en:c2_persistent_bootini
+########################################################################
+
+# Possible screen resolutions
+# Uncomment only a single Line! The line with setenv written.
+# At least one mode must be selected.
+
+# Custom modeline!
+# To use custom modeline you need to disable all the below resolutions
+# and setup your own! 
+# For more information check our wiki: 
+# http://odroid.com/dokuwiki/doku.php?id=en:c2_hdmi_autosetting
+# Example below:
+# setenv m "custombuilt" 
+# setenv modeline "1920,1200,154000,74040,60,1920,1968,2000,2080,1200,1202,1208,1235,1,0,1"
+
+# 480 Lines (720x480)
+# setenv m "480i60hz" # Interlaced 60Hz
+# setenv m "480i_rpt" # Interlaced for Rear Projection Televisions 60Hz
+# setenv m "480p60hz" # 480 Progressive 60Hz
+# setenv m "480p_rpt" # 480 Progressive for Rear Projection Televisions 60Hz
+
+# 576 Lines (720x576)
+# setenv m "576i50hz" # Interlaced 50Hz
+# setenv m "576i_rpt" # Interlaced for Rear Projection Televisions 50Hz
+# setenv m "576p50hz" # Progressive 50Hz
+# setenv m "576p_rpt" # Progressive for Rear Projection Televisions 50Hz
+
+# 720 Lines (1280x720)
+# setenv m "720p50hz" # 50Hz
+# setenv m "720p60hz" # 60Hz
+
+# 1080 Lines (1920x1080)
+# setenv m "1080i60hz" # Interlaced 60Hz
+setenv m "1080p60hz" # Progressive 60Hz
+# setenv m "1080i50hz" # Interlaced 50Hz
+# setenv m "1080p50hz" # Progressive 50Hz
+# setenv m "1080p24hz" # Progressive 24Hz
+
+# 4K (3840x2160)
+# setenv m "2160p30hz"    # Progressive 30Hz
+# setenv m "2160p25hz"    # Progressive 25Hz
+# setenv m "2160p24hz"    # Progressive 24Hz
+# setenv m "smpte24hz"    # Progressive 24Hz SMPTE
+# setenv m "2160p50hz"    # Progressive 50Hz
+# setenv m "2160p60hz"    # Progressive 60Hz
+# setenv m "2160p50hz420" # Progressive 50Hz with YCbCr 4:2:0 (Requires TV/Monitor that supports it)
+# setenv m "2160p60hz420" # Progressive 60Hz with YCbCr 4:2:0 (Requires TV/Monitor that supports it)
+
+### VESA modes ###
+# setenv m "640x480p60hz"
+# setenv m "800x480p60hz"
+# setenv m "480x800p60hz"
+# setenv m "800x600p60hz"
+# setenv m "1024x600p60hz"
+# setenv m "1024x768p60hz"  
+# setenv m "1280x800p60hz"
+# setenv m "1280x1024p60hz"
+# setenv m "1360x768p60hz"
+# setenv m "1440x900p60hz"
+# setenv m "1600x900p60hz"
+# setenv m "1680x1050p60hz"
+# setenv m "1600x1200p60hz"
+# setenv m "1920x1200p60hz"
+# setenv m "2560x1080p60hz"
+# setenv m "2560x1440p60hz"
+# setenv m "2560x1600p60hz"
+# setenv m "3440x1440p60hz"
+
+# HDMI BPP Mode
+setenv m_bpp "32"
+# setenv m_bpp "24"
+# setenv m_bpp "16"
+
+# HDMI DVI/VGA modes
+# By default its set to HDMI, if needed change below.
+# Uncomment only a single Line.
+# setenv vout "dvi"
+# setenv vout "vga"
+
+# HDMI HotPlug Detection control
+# Allows you to force HDMI thinking that the cable is connected.
+# true = HDMI will believe that cable is always connected
+# false = will let board/monitor negotiate the connection status
+setenv hpd "true"
+# setenv hpd "false"
+
+# Monitor output
+# Controls if HDMI PHY should output anything to the monitor
+setenv monitor_onoff "false" # true or false
+
+# Server Mode (aka. No Graphics)
+# Setting nographics to 1 will disable all video subsystem
+# This mode is ideal of server type usage. (Saves ~300Mb of RAM)
+setenv nographics "0"
+
+# Meson Timer
+# 1 - Meson Timer
+# 0 - Arch Timer 
+# Using meson_timer improves the video playback however it breaks KVM (virtualization).
+# Using arch timer allows KVM/Virtualization to work however you'll experience poor video
+setenv mesontimer "1"
+
+# UHS (Ultra High Speed) MicroSD mode enable/disable
+setenv disableuhs "false"
+
+# MicroSD Card Detection enable/disable
+# Force the MMC controlled to believe that a card is connected.
+setenv mmc_removable "true"
+
+# USB Multi WebCam tweak
+# Only enable this if you use it.
+setenv usbmulticam "false"
+
+# Default Console Device Setting
+setenv condev "console=ttyS0,115200n8 console=tty0"   # on both
+
+# CPU Frequency / Cores control
+###########################################
+### WARNING!!! WARNING!!! WARNING!!!
+# Before changing anything here please read the wiki entry: 
+# http://odroid.com/dokuwiki/doku.php?id=en:c2_set_cpu_freq
+#
+# MAX CPU's
+# setenv maxcpus "1"
+# setenv maxcpus "2"
+# setenv maxcpus "3"
+setenv maxcpus "4"
+
+# MAX Frequency
+# setenv max_freq "2016"  # 2.016GHz
+# setenv max_freq "1944"  # 1.944GHz
+# setenv max_freq "1944"  # 1.944GHz
+# setenv max_freq "1920"  # 1.920GHz
+# setenv max_freq "1896"  # 1.896GHz
+# setenv max_freq "1752"  # 1.752GHz
+# setenv max_freq "1680"  # 1.680GHz
+# setenv max_freq "1656"  # 1.656GHz
+setenv max_freq "1536"  # 1.536GHz
+
+
+
+###########################################
+
+# Boot Arguments
+if test "${m}" = "custombuilt"; then setenv cmode "modeline=${modeline}"; fi
+
+setenv bootargs "root=/dev/mmcblk0p2 rootwait ro ${condev} no_console_suspend hdmimode=${m} ${cmode} m_bpp=${m_bpp} vout=${vout} fsck.repair=yes net.ifnames=0 elevator=noop disablehpd=${hpd} max_freq=${max_freq} maxcpus=${maxcpus} monitor_onoff=${monitor_onoff} disableuhs=${disableuhs} mmc_removable=${mmc_removable} usbmulticam=${usbmulticam}"
+
+# Booting
+
+setenv loadaddr "0x11000000"
+setenv dtb_loadaddr "0x1000000"
+setenv initrd_loadaddr "0x13000000"
+
+fatload mmc 0:1 ${loadaddr} Image
+fatload mmc 0:1 ${dtb_loadaddr} meson64_odroidc2.dtb
+fdt addr ${dtb_loadaddr}
+
+if test "${mesontimer}" = "0"; then fdt rm /meson_timer; fdt rm /cpus/cpu@0/timer; fdt rm /cpus/cpu@1/timer; fdt rm /cpus/cpu@2/timer; fdt rm /cpus/cpu@3/timer; fi
+if test "${mesontimer}" = "1"; then fdt rm /timer; fi
+
+if test "${nographics}" = "1"; then fdt rm /reserved-memory; fdt rm /aocec; fi
+if test "${nographics}" = "1"; then fdt rm /meson-fb; fdt rm /amhdmitx; fdt rm /picdec; fdt rm /ppmgr; fi
+if test "${nographics}" = "1"; then fdt rm /meson-vout; fdt rm /mesonstream; fdt rm /meson-fb; fi
+if test "${nographics}" = "1"; then fdt rm /deinterlace; fdt rm /codec_mm; fi
+
+booti ${loadaddr} - ${dtb_loadaddr}
--- a/board/hardkernel/odroidc2/genimage.cfg
+++ b/board/hardkernel/odroidc2/genimage.cfg
@@ -0,0 +1,27 @@
+image boot.vfat {
+	vfat {
+		files = {
+			"boot.ini",
+			"Image",
+			"meson64_odroidc2.dtb"
+		}
+	}
+	size = 32M
+}
+
+image sdcard.img {
+	hdimage {
+	}
+
+	partition vfat {
+		partition-type = 0xC
+		image = "boot.vfat"
+		offset = 1048576
+	}
+
+	partition rootfs {
+		partition-type = 0x83
+		image = "rootfs.ext4"
+		size = 512M
+	}
+}
--- a/board/hardkernel/odroidc2/post-image.sh
+++ b/board/hardkernel/odroidc2/post-image.sh
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+BOARD_DIR="$(dirname $0)"
+GENIMAGE_CFG="${BOARD_DIR}/genimage.cfg"
+GENIMAGE_TMP="${BUILD_DIR}/genimage.tmp"
+
+cp ${BOARD_DIR}/boot.ini ${BINARIES_DIR}/
+
+rm -rf "${GENIMAGE_TMP}"
+
+genimage                           \
+	--rootpath "${TARGET_DIR}"     \
+	--tmppath "${GENIMAGE_TMP}"    \
+	--inputpath "${BINARIES_DIR}"  \
+	--outputpath "${BINARIES_DIR}" \
+	--config "${GENIMAGE_CFG}"
+
+dd if=${BINARIES_DIR}/u-boot.bin of=${BINARIES_DIR}/sdcard.img bs=1 count=442 conv=sync,notrunc
+dd if=${BINARIES_DIR}/u-boot.bin of=${BINARIES_DIR}/sdcard.img bs=512 skip=1 seek=1 conv=fsync,notrunc
--- a/board/hardkernel/odroidc2/readme.txt
+++ b/board/hardkernel/odroidc2/readme.txt
@@ -0,0 +1,53 @@
+ODROID-C2
+
+Intro
+=====
+To be able to use ODROID-C2 board with the images generated by
+Buildroot, you have to prepare the SDCard or eMMC.
+
+How to build it
+===============
+
+  $ make odroidc2_defconfig
+
+Then you can edit the build options using
+
+  $ make menuconfig
+
+Compile all and build rootfs image:
+
+  $ make
+
+Note: you will need to have access to the network, since Buildroot will
+download the packages' sources.
+
+Result of the build
+-------------------
+
+After building, you should obtain this tree:
+
+    output/images/
+    +-- Image
+    +-- boot.ini                   [1]
+    +-- boot.vfat
+    +-- meson64_odroidc2.dtb
+    +-- rootfs.ext2
+    +-- rootfs.ext4
+    +-- rootfs.tar
+    +-- sdcard.img
+    `-- u-boot.bin
+
+[1] This is the ODROID-C2 configuration file used in u-boot.
+
+How to write the SD card or eMMC
+================================
+
+Once the build process is finished you will have an image called "sdcard.img"
+in the output/images/ directory.
+
+Copy the bootable "sdcard.img" onto an SD card or eMMC with "dd":
+
+  $ sudo dd if=output/images/sdcard.img of=/dev/sdX
+
+Insert the SDcard into your ODROID-C2, and power it up. Your new system
+should come up now.
--- a/board/pc/genimage-efi.cfg
+++ b/board/pc/genimage-efi.cfg
@@ -1,35 +0,0 @@
-image efi-part.vfat {
-  vfat {
-    file startup.nsh {
-      image = "efi-part/startup.nsh"
-    }
-    file EFI {
-      image = "efi-part/EFI"
-    }
-    file bzImage {
-      image = "bzImage"
-    }
-  }
-  size = 16777216
-}
-
-image disk.img {
-  hdimage {
-    gpt = true
-  }
-
-  partition boot {
-    image = "efi-part.vfat"
-    partition-type-uuid = c12a7328-f81f-11d2-ba4b-00a0c93ec93b
-    offset = 32768
-    size = 16777216
-    bootable = true
-  }
-
-  partition root {
-    partition-type-uuid = 44479540-f297-41b2-9af7-d131d5f0458a
-    partition-uuid = UUID_TMP
-    image = "rootfs.ext2"
-    offset = 16809984
-  }
-}
--- a/board/pc/grub-efi.cfg
+++ b/board/pc/grub-efi.cfg
@@ -1,6 +0,0 @@
-set default="0"
-set timeout="5"
-
-menuentry "Buildroot" {
- linux /bzImage root=PARTUUID=UUID_TMP rootwait console=tty1
-}
--- a/board/pc/post-build.sh
+++ b/board/pc/post-build.sh
@@ -4,12 +4,7 @@ set -e

 BOARD_DIR=$(dirname "$0")

-# Detect boot strategy, EFI or BIOS
-if [ -f "$BINARIES_DIR/efi-part/startup.nsh" ]; then
-    cp -f "$BOARD_DIR/grub-efi.cfg" "$BINARIES_DIR/efi-part/EFI/BOOT/grub.cfg"
-else
-    cp -f "$BOARD_DIR/grub-bios.cfg" "$TARGET_DIR/boot/grub/grub.cfg"
+cp -f "$BOARD_DIR/grub-bios.cfg" "$TARGET_DIR/boot/grub/grub.cfg"

-    # Copy grub 1st stage to binaries, required for genimage
-    cp -f "$HOST_DIR/lib/grub/i386-pc/boot.img" "$BINARIES_DIR"
-fi
+# Copy grub 1st stage to binaries, required for genimage
+cp -f "$HOST_DIR/lib/grub/i386-pc/boot.img" "$BINARIES_DIR"
--- a/board/pc/post-image-efi-gpt.sh
+++ b/board/pc/post-image-efi-gpt.sh
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+set -e
+
+cd ${BINARIES_DIR}
+
+# GPT partition type UUIDs
+esp_type=c12a7328-f81f-11d2-ba4b-00a0c93ec93b
+linux_type=44479540-f297-41b2-9af7-d131d5f0458a
+
+# Partition UUIDs
+efi_part_uuid=$(uuidgen)
+root_part_uuid=$(uuidgen)
+
+# Boot partition offset and size, in 512-byte sectors
+efi_part_start=64
+efi_part_size=32768
+
+# Rootfs partition offset and size, in 512-byte sectors
+root_part_start=$(( efi_part_start + efi_part_size ))
+root_part_size=$(( $(stat -c %s rootfs.ext2) / 512 ))
+
+first_lba=34
+last_lba=$(( root_part_start + root_part_size ))
+
+# Disk image size in 512-byte sectors
+image_size=$(( last_lba + first_lba ))
+
+cat > efi-part/EFI/BOOT/grub.cfg <<EOF
+set default="0"
+set timeout="5"
+
+menuentry "Buildroot" {
+	linux /bzImage root=PARTUUID=$root_part_uuid rootwait console=tty1
+}
+EOF
+
+# Create EFI system partition
+rm -f efi-part.vfat
+dd if=/dev/zero of=efi-part.vfat bs=512 count=0 seek=$efi_part_size
+mkdosfs  efi-part.vfat
+mcopy -bsp -i efi-part.vfat efi-part/startup.nsh ::startup.nsh
+mcopy -bsp -i efi-part.vfat efi-part/EFI ::EFI
+mcopy -bsp -i efi-part.vfat bzImage ::bzImage
+
+rm -f disk.img
+dd if=/dev/zero of=disk.img bs=512 count=0 seek=$image_size
+
+sfdisk disk.img <<EOF
+label: gpt
+label-id: $(uuidgen)
+device: /dev/foobar0
+unit: sectors
+first-lba: $first_lba
+last-lba: $last_lba
+
+/dev/foobar0p1 : start=$efi_part_start,  size=$efi_part_size,  type=$esp_type,   uuid=$efi_part_uuid,  name="efi-part.vfat"
+/dev/foobar0p2 : start=$root_part_start, size=$root_part_size, type=$linux_type, uuid=$root_part_uuid, name="rootfs.ext2"
+EOF
+
+dd if=efi-part.vfat of=disk.img bs=512 count=$efi_part_size seek=$efi_part_start conv=notrunc
+dd if=rootfs.ext2   of=disk.img bs=512 count=$root_part_size seek=$root_part_start conv=notrunc
--- a/board/pc/post-image-efi.sh
+++ b/board/pc/post-image-efi.sh
@@ -1,8 +0,0 @@
-#!/bin/sh
-
-set -e
-
-UUID=$(dumpe2fs "$BINARIES_DIR/rootfs.ext2" 2>/dev/null | sed -n 's/^Filesystem UUID: *\(.*\)/\1/p')
-sed -i "s/UUID_TMP/$UUID/g" "$BINARIES_DIR/efi-part/EFI/BOOT/grub.cfg"
-sed "s/UUID_TMP/$UUID/g" board/pc/genimage-efi.cfg > "$BINARIES_DIR/genimage-efi.cfg"
-support/scripts/genimage.sh -c "$BINARIES_DIR/genimage-efi.cfg"
--- a/board/qemu/x86/post-build.sh
+++ b/board/qemu/x86/post-build.sh
@@ -1,11 +0,0 @@
-#!/bin/sh
-
-set -u
-set -e
-
-# Add a console on tty1
-if [ -e ${TARGET_DIR}/etc/inittab ]; then
-    grep -qE '^tty1::' ${TARGET_DIR}/etc/inittab || \
-	sed -i '/GENERIC_SERIAL/a\
-tty1::respawn:/sbin/getty -L  tty1 0 vt100 # QEMU graphical window' ${TARGET_DIR}/etc/inittab
-fi
--- a/board/qemu/x86/readme.txt
+++ b/board/qemu/x86/readme.txt
@@ -1,6 +1,6 @@
 Run the emulation with:

-  qemu-system-i386 -M pc -kernel output/images/bzImage -drive file=output/images/rootfs.ext2,if=virtio,format=raw -append "rootwait root=/dev/vda console=tty1 console=ttyS0" -serial stdio -net nic,model=virtio -net user
+  qemu-system-i386 -M pc -kernel output/images/bzImage -drive file=output/images/rootfs.ext2,if=virtio,format=raw -append "rootwait root=/dev/vda" -net nic,model=virtio -net user

 Optionally add -smp N to emulate a SMP system with N CPUs.

--- a/board/qemu/x86_64/post-build.sh
+++ b/board/qemu/x86_64/post-build.sh
@@ -1,11 +0,0 @@
-#!/bin/sh
-
-set -u
-set -e
-
-# Add a console on tty1
-if [ -e ${TARGET_DIR}/etc/inittab ]; then
-    grep -qE '^tty1::' ${TARGET_DIR}/etc/inittab || \
-	sed -i '/GENERIC_SERIAL/a\
-tty1::respawn:/sbin/getty -L  tty1 0 vt100 # QEMU graphical window' ${TARGET_DIR}/etc/inittab
-fi
--- a/board/qemu/x86_64/readme.txt
+++ b/board/qemu/x86_64/readme.txt
@@ -1,6 +1,6 @@
 Run the emulation with:

-  qemu-system-x86_64 -M pc -kernel output/images/bzImage -drive file=output/images/rootfs.ext2,if=virtio,format=raw -append "rootwait root=/dev/vda console=tty1 console=ttyS0" -serial stdio -net nic,model=virtio -net user
+  qemu-system-x86_64 -M pc -kernel output/images/bzImage -drive file=output/images/rootfs.ext2,if=virtio,format=raw -append "rootwait root=/dev/vda" -net nic,model=virtio -net user

 Optionally add -smp N to emulate a SMP system with N CPUs.

--- a/board/raspberrypi/genimage-raspberrypi4-64.cfg
+++ b/board/raspberrypi/genimage-raspberrypi4-64.cfg
@@ -1,30 +0,0 @@
-image boot.vfat {
-  vfat {
-    files = {
-      "bcm2711-rpi-4-b.dtb",
-      "rpi-firmware/cmdline.txt",
-      "rpi-firmware/config.txt",
-      "rpi-firmware/fixup.dat",
-      "rpi-firmware/start.elf",
-      "rpi-firmware/overlays",
-      "Image"
-    }
-  }
-  size = 32M
-}
-
-image sdcard.img {
-  hdimage {
-  }
-
-  partition boot {
-    partition-type = 0xC
-    bootable = "true"
-    image = "boot.vfat"
-  }
-
-  partition rootfs {
-    partition-type = 0x83
-    image = "rootfs.ext4"
-  }
-}
--- a/board/raspberrypi/genimage-raspberrypi4.cfg
+++ b/board/raspberrypi/genimage-raspberrypi4.cfg
@@ -4,8 +4,8 @@ image boot.vfat {
      "bcm2711-rpi-4-b.dtb",
      "rpi-firmware/cmdline.txt",
      "rpi-firmware/config.txt",
-      "rpi-firmware/fixup.dat",
-      "rpi-firmware/start.elf",
+      "rpi-firmware/fixup4.dat",
+      "rpi-firmware/start4.elf",
      "rpi-firmware/overlays",
      "zImage"
    }
--- a/board/raspberrypi/post-image.sh
+++ b/board/raspberrypi/post-image.sh
@@ -10,13 +10,13 @@ GENIMAGE_TMP="${BUILD_DIR}/genimage.tmp"
 for arg in "$@"
 do
 	case "${arg}" in
-		--add-miniuart-bt-overlay)
+		--add-pi3-miniuart-bt-overlay)
 		if ! grep -qE '^dtoverlay=' "${BINARIES_DIR}/rpi-firmware/config.txt"; then
-			echo "Adding 'dtoverlay=miniuart-bt' to config.txt (fixes ttyAMA0 serial console)."
+			echo "Adding 'dtoverlay=pi3-miniuart-bt' to config.txt (fixes ttyAMA0 serial console)."
 			cat << __EOF__ >> "${BINARIES_DIR}/rpi-firmware/config.txt"

-# fixes rpi (3B, 3B+, 3A+, 4B and Zero W) ttyAMA0 serial console
-dtoverlay=miniuart-bt
+# fixes rpi3 ttyAMA0 serial console
+dtoverlay=pi3-miniuart-bt
 __EOF__
 		fi
 		;;
@@ -28,6 +28,15 @@ __EOF__

 # enable 64bits support
 arm_64bit=1
+__EOF__
+		fi
+
+		# Enable uart console
+		if ! grep -qE '^enable_uart=1' "${BINARIES_DIR}/rpi-firmware/config.txt"; then
+			cat << __EOF__ >> "${BINARIES_DIR}/rpi-firmware/config.txt"
+
+# enable rpi3 ttyS0 serial console
+enable_uart=1
 __EOF__
 		fi
 		;;
--- a/board/raspberrypi/readme.txt
+++ b/board/raspberrypi/readme.txt
@@ -78,7 +78,7 @@ After building, you should obtain this tree:
 [1] Not all of them will be present, depending on the RaspberryPi
    model you are using.

-[2] Only for the Raspberry Pi 3/4 Models (overlay miniuart-bt is needed
+[2] Only for the Raspberry Pi 3/4 Models (overlay pi3-miniuart-bt is needed
    to enable the RPi3 serial console otherwise occupied by the bluetooth
    chip). Alternative would be to disable the serial console in cmdline.txt
    and /etc/inittab.
--- a/board/raspberrypi4-64
+++ b/board/raspberrypi4-64
@@ -1 +0,0 @@
-raspberrypi
--- a/board/solidrun/mx6cubox/post-build.sh
+++ b/board/solidrun/mx6cubox/post-build.sh
@@ -2,7 +2,7 @@

 BOARD_DIR="$(dirname $0)"

-install -d -m 755 $TARGET_DIR/boot
-
 $HOST_DIR/bin/mkimage -A arm -O linux -T script -C none  \
-	-n "boot script" -d $BOARD_DIR/boot.scr.txt $TARGET_DIR/boot/boot.scr
+-n "boot script" -d $BOARD_DIR/boot.scr.txt $BOARD_DIR/boot.scr
+
+install -m 0644 -D $BOARD_DIR/boot.scr $TARGET_DIR/boot/boot.scr
--- a/board/stmicroelectronics/stm32mp157c-dk2/patches/uboot/0001-stm32mp1-configs-fix-checking-the-presence-of-an-env.patch
+++ b/board/stmicroelectronics/stm32mp157c-dk2/patches/uboot/0001-stm32mp1-configs-fix-checking-the-presence-of-an-env.patch
@@ -0,0 +1,37 @@
+From a7204e5ae1e5f87ad449c7425cf7614205e60734 Mon Sep 17 00:00:00 2001
+From: Bartosz Bilas <bartosz.bilas@hotmail.com>
+Date: Sun, 27 Oct 2019 09:01:12 +0100
+Subject: [PATCH] stm32mp1: configs: fix checking the presence of an
+ environment
+
+Execute env check command within extra env settings section instead of
+bootcmd whereby we are able to mount rootfs partition from sd card properly.
+
+Signed-off-by: Bartosz Bilas <bartosz.bilas@hotmail.com>
+---
+ include/configs/stm32mp1.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/include/configs/stm32mp1.h b/include/configs/stm32mp1.h
+index 988992b336..cadc0358fd 100644
+--- a/include/configs/stm32mp1.h
+++ b/include/configs/stm32mp1.h
+@@ -115,7 +115,6 @@
+ 	"if test ${boot_device} = serial || test ${boot_device} = usb;" \
+ 	"then stm32prog ${boot_device} ${boot_instance}; " \
+ 	"else " \
+-		"run env_check;" \
+ 		"if test ${boot_device} = mmc;" \
+ 		"then env set boot_targets \"mmc${boot_instance}\"; fi;" \
+ 		"if test ${boot_device} = nand;" \
+@@ -160,6 +159,7 @@
+ 	"initrd_high=0xffffffff\0" \
+ 	"altbootcmd=run bootcmd\0" \
+ 	"env_default=1\0" \
+	"run env_check;" \
+ 	"env_check=if test $env_default -eq 1;"\
+ 		" then env set env_default 0;env save;fi\0" \
+ 	STM32MP_BOOTCMD \
+-- 
+2.23.0
+
--- a/board/udoo/neo/post-build.sh
+++ b/board/udoo/neo/post-build.sh
@@ -2,6 +2,7 @@

 BOARD_DIR="$(dirname $0)"

-install -d -m 755 $TARGET_DIR/boot
 $HOST_DIR/bin/mkimage -A arm -O linux -T script -C none  \
-	-n "boot script" -d $BOARD_DIR/boot.scr.txt $TARGET_DIR/boot/boot.scr
+-n "boot script" -d $BOARD_DIR/boot.scr.txt $BOARD_DIR/boot.scr
+
+install -m 0644 -D $BOARD_DIR/boot.scr $TARGET_DIR/boot/boot.scr
--- a/board/wandboard/post-build.sh
+++ b/board/wandboard/post-build.sh
@@ -2,7 +2,7 @@

 BOARD_DIR="$(dirname $0)"

-install -d -m 755 $TARGET_DIR/boot
-
 $HOST_DIR/bin/mkimage -A arm -O linux -T script -C none  \
-	-n "boot script" -d $BOARD_DIR/boot.scr.txt $TARGET_DIR/boot/boot.scr
+-n "boot script" -d $BOARD_DIR/boot.scr.txt $BOARD_DIR/boot.scr
+
+install -m 0644 -D $BOARD_DIR/boot.scr $TARGET_DIR/boot/boot.scr
--- a/boot/arm-trusted-firmware/Config.in
+++ b/boot/arm-trusted-firmware/Config.in
@@ -124,24 +124,6 @@ config BR2_TARGET_ARM_TRUSTED_FIRMWARE_UBOOT_AS_BL33
 	  gets built before ATF, and that the appropriate BL33
 	  variable pointing to u-boot.bin is passed when building ATF.

-if BR2_TARGET_ARM_TRUSTED_FIRMWARE_UBOOT_AS_BL33
-
-config BR2_TARGET_ARM_TRUSTED_FIRMWARE_UBOOT_BL33_IMAGE
-	string "U-Boot BL33 image name"
-	default "u-boot.bin"
-	help
-	  Name of the U-Boot BL33 image to include in ATF, it must
-	  have been installed to BINARIES_DIR by the U-Boot package.
-
-endif
-
-config BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_TARGETS
-	string "Additional ATF make targets"
-	help
-	  Additional targets for the ATF build
-	  E.G. When using the QorIQ custom ATF repository from NXP,
-	  the target 'pbl' can be used to build the pbl binary.
-
 config BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_VARIABLES
 	string "Additional ATF build variables"
 	help
@@ -153,18 +135,4 @@ config BR2_TARGET_ARM_TRUSTED_FIRMWARE_DEBUG
 	help
 	  Enable this option to build ATF with DEBUG=1.

-config BR2_TARGET_ARM_TRUSTED_FIRMWARE_IMAGES
-	string "Binary boot images"
-	default "*.bin"
-	help
-	  Names of generated image files that are installed in the
-	  output images/ directory.
-
-config BR2_TARGET_ARM_TRUSTED_FIRMWARE_NEEDS_DTC
-	bool "Needs dtc"
-	select BR2_PACKAGE_HOST_DTC
-	help
-	  Select this option if your ATF board configuration
-	  requires the Device Tree compiler to be available.
-
 endif
--- a/boot/arm-trusted-firmware/arm-trusted-firmware.mk
+++ b/boot/arm-trusted-firmware/arm-trusted-firmware.mk
@@ -19,11 +19,9 @@ else
 ARM_TRUSTED_FIRMWARE_SITE = $(call github,ARM-software,arm-trusted-firmware,$(ARM_TRUSTED_FIRMWARE_VERSION))
 # The licensing of custom or from-git versions is unknown.
 # This is valid only for the official v1.4.
-ifeq ($(BR2_TARGET_ARM_TRUSTED_FIRMWARE_LATEST_VERSION),y)
 ARM_TRUSTED_FIRMWARE_LICENSE = BSD-3-Clause
 ARM_TRUSTED_FIRMWARE_LICENSE_FILES = license.rst
 endif
-endif

 ifeq ($(BR2_TARGET_ARM_TRUSTED_FIRMWARE)$(BR2_TARGET_ARM_TRUSTED_FIRMWARE_LATEST_VERSION),y)
 BR_NO_CHECK_HASH_FOR += $(ARM_TRUSTED_FIRMWARE_SOURCE)
@@ -31,10 +29,6 @@ endif

 ARM_TRUSTED_FIRMWARE_INSTALL_IMAGES = YES

-ifeq ($(BR2_TARGET_ARM_TRUSTED_FIRMWARE_NEEDS_DTC),y)
-ARM_TRUSTED_FIRMWARE_DEPENDENCIES += host-dtc
-endif
-
 ARM_TRUSTED_FIRMWARE_PLATFORM = $(call qstrip,$(BR2_TARGET_ARM_TRUSTED_FIRMWARE_PLATFORM))

 ifeq ($(BR2_TARGET_ARM_TRUSTED_FIRMWARE_DEBUG),y)
@@ -76,8 +70,7 @@ endif
 endif # BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL32_OPTEE

 ifeq ($(BR2_TARGET_ARM_TRUSTED_FIRMWARE_UBOOT_AS_BL33),y)
-ARM_TRUSTED_FIRMWARE_UBOOT_BIN = $(call qstrip,$(BR2_TARGET_ARM_TRUSTED_FIRMWARE_UBOOT_BL33_IMAGE))
-ARM_TRUSTED_FIRMWARE_MAKE_OPTS += BL33=$(BINARIES_DIR)/$(ARM_TRUSTED_FIRMWARE_UBOOT_BIN)
+ARM_TRUSTED_FIRMWARE_MAKE_OPTS += BL33=$(BINARIES_DIR)/u-boot.bin
 ARM_TRUSTED_FIRMWARE_DEPENDENCIES += uboot
 endif

@@ -96,14 +89,6 @@ ARM_TRUSTED_FIRMWARE_MAKE_OPTS += MV_DDR_PATH=$(MV_DDR_MARVELL_DIR)
 ARM_TRUSTED_FIRMWARE_DEPENDENCIES += mv-ddr-marvell
 endif

-ifeq ($(BR2_SSP_REGULAR),y)
-ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=default
-else ifeq ($(BR2_SSP_STRONG),y)
-ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=strong
-else ifeq ($(BR2_SSP_ALL),y)
-ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=all
-endif
-
 ARM_TRUSTED_FIRMWARE_MAKE_TARGETS = all

 ifeq ($(BR2_TARGET_ARM_TRUSTED_FIRMWARE_FIP),y)
@@ -153,9 +138,6 @@ define ARM_TRUSTED_FIRMWARE_BL31_UBOOT_INSTALL_ELF
 endef
 endif

-ARM_TRUSTED_FIRMWARE_MAKE_TARGETS += \
-	$(call qstrip,$(BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_TARGETS))
-
 define ARM_TRUSTED_FIRMWARE_BUILD_CMDS
 	$(ARM_TRUSTED_FIRMWARE_BUILD_FIPTOOL)
 	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) $(ARM_TRUSTED_FIRMWARE_MAKE_OPTS) \
@@ -164,9 +146,7 @@ define ARM_TRUSTED_FIRMWARE_BUILD_CMDS
 endef

 define ARM_TRUSTED_FIRMWARE_INSTALL_IMAGES_CMDS
-	$(foreach f,$(call qstrip,$(BR2_TARGET_ARM_TRUSTED_FIRMWARE_IMAGES)), \
-		cp -dpf $(ARM_TRUSTED_FIRMWARE_IMG_DIR)/$(f) $(BINARIES_DIR)/
-	)
+	cp -dpf $(ARM_TRUSTED_FIRMWARE_IMG_DIR)/*.bin $(BINARIES_DIR)/
 	$(ARM_TRUSTED_FIRMWARE_BL31_UBOOT_INSTALL)
 	$(ARM_TRUSTED_FIRMWARE_BL31_UBOOT_INSTALL_ELF)
 endef
--- a/boot/at91bootstrap3/Config.in
+++ b/boot/at91bootstrap3/Config.in
@@ -1,6 +1,6 @@
 config BR2_TARGET_AT91BOOTSTRAP3
 	bool "AT91 Bootstrap 3"
-	depends on BR2_arm926t || BR2_cortex_a5 || BR2_cortex_a7
+	depends on BR2_arm926t || BR2_cortex_a5
 	help
 	  AT91Bootstrap is a first level bootloader for the Atmel AT91
 	  devices. It integrates algorithms for:
@@ -27,15 +27,8 @@ config BR2_TARGET_AT91BOOTSTRAP3_CUSTOM_GIT
 	  This option allows Buildroot to get the AT91 Bootstrap 3
 	  source code from a Git repository.

-config BR2_TARGET_AT91BOOTSTRAP3_CUSTOM_TARBALL
-	bool "Custom tarball"
-
 endchoice

-config BR2_TARGET_AT91BOOTSTRAP3_CUSTOM_TARBALL_LOCATION
-	string "URL of custom AT91Bootstrap tarball"
-	depends on BR2_TARGET_AT91BOOTSTRAP3_CUSTOM_TARBALL
-
 if BR2_TARGET_AT91BOOTSTRAP3_CUSTOM_GIT

 config BR2_TARGET_AT91BOOTSTRAP3_CUSTOM_REPO_URL
@@ -54,7 +47,6 @@ config BR2_TARGET_AT91BOOTSTRAP3_VERSION
 	default "v3.9.0" if BR2_TARGET_AT91BOOTSTRAP3_LATEST_VERSION
 	default BR2_TARGET_AT91BOOTSTRAP3_CUSTOM_REPO_VERSION \
 		if BR2_TARGET_AT91BOOTSTRAP3_CUSTOM_GIT
-	default "custom"	if BR2_TARGET_AT91BOOTSTRAP3_CUSTOM_TARBALL

 config BR2_TARGET_AT91BOOTSTRAP3_CUSTOM_PATCH_DIR
 	string "custom patch dir"
--- a/boot/at91bootstrap3/at91bootstrap3.hash
+++ b/boot/at91bootstrap3/at91bootstrap3.hash
@@ -1,3 +1,2 @@
 # Locally calculated
-sha256	e23e6df23b79ca81e412cb73a1f48bd95df8d46c7d52a1d073c2ed9d4f3a1a71  at91bootstrap3-v3.9.0.tar.gz
-sha256  732b2a55b5905031d8ae420136ffb5f8889214865784386bf754cffab8d2bc6e  main.c
+sha256	9960b0d18fe42feee566d4c52efa0d7c8251685bf9acfdf343f30a27951ada1e  at91bootstrap3-v3.9.0.tar.gz
--- a/boot/at91bootstrap3/at91bootstrap3.mk
+++ b/boot/at91bootstrap3/at91bootstrap3.mk
@@ -6,12 +6,7 @@

 AT91BOOTSTRAP3_VERSION = $(call qstrip,$(BR2_TARGET_AT91BOOTSTRAP3_VERSION))

-ifeq ($(BR2_TARGET_AT91BOOTSTRAP3_CUSTOM_TARBALL),y)
-AT91BOOTSTRAP3_TARBALL = $(call qstrip,$(BR2_TARGET_AT91BOOTSTRAP3_CUSTOM_TARBALL_LOCATION))
-AT91BOOTSTRAP3_SITE = $(patsubst %/,%,$(dir $(AT91BOOTSTRAP3_TARBALL)))
-AT91BOOTSTRAP3_SOURCE = $(notdir $(AT91BOOTSTRAP3_TARBALL))
-BR_NO_CHECK_HASH_FOR += $(AT91BOOTSTRAP3_SOURCE)
-else ifeq ($(BR2_TARGET_AT91BOOTSTRAP3_CUSTOM_GIT),y)
+ifeq ($(BR2_TARGET_AT91BOOTSTRAP3_CUSTOM_GIT),y)
 AT91BOOTSTRAP3_SITE = $(call qstrip,$(BR2_TARGET_AT91BOOTSTRAP3_CUSTOM_REPO_URL))
 AT91BOOTSTRAP3_SITE_METHOD = git
 BR_NO_CHECK_HASH_FOR += $(AT91BOOTSTRAP3_SOURCE)
@@ -20,9 +15,7 @@ AT91BOOTSTRAP3_SITE = $(call github,linux4sam,at91bootstrap,$(AT91BOOTSTRAP3_VER
 endif

 AT91BOOTSTRAP3_LICENSE = Atmel License
-ifeq ($(BR2_TARGET_AT91BOOTSTRAP3_LATEST_VERSION),y)
 AT91BOOTSTRAP3_LICENSE_FILES = main.c
-endif

 AT91BOOTSTRAP3_INSTALL_IMAGES = YES
 AT91BOOTSTRAP3_INSTALL_TARGET = NO
@@ -85,12 +78,6 @@ $(error No custom at91bootstrap3 repository version specified. Check your BR2_TA
 endif
 endif

-ifeq ($(BR2_TARGET_AT91BOOTSTRAP3_CUSTOM_TARBALL),y)
-ifeq ($(call qstrip,$(BR2_TARGET_AT91BOOTSTRAP3_CUSTOM_TARBALL_LOCATION)),)
-$(error No custom AT91Bootstrap3 tarball specified. Check your BR2_TARGET_AT91BOOTSTRAP3_CUSTOM_TARBALL_LOCATION setting)
-endif # qstrip BR2_TARGET_AT91BOOTSTRAP3_CUSTOM_TARBALL_LOCATION
-endif # BR2_TARGET_AT91BOOTSTRAP3_CUSTOM_TARBALL
-
 endif # BR_BUILDING

 $(eval $(kconfig-package))
--- a/boot/barebox/Config.in
+++ b/boot/barebox/Config.in
@@ -12,7 +12,7 @@ choice
 	  Select the specific Barebox version you want to use

 config BR2_TARGET_BAREBOX_LATEST_VERSION
-	bool "2020.01.0"
+	bool "2019.09.0"

 config BR2_TARGET_BAREBOX_CUSTOM_VERSION
 	bool "Custom version"
@@ -40,7 +40,7 @@ endif

 config BR2_TARGET_BAREBOX_VERSION
 	string
-	default "2020.01.0"	if BR2_TARGET_BAREBOX_LATEST_VERSION
+	default "2019.09.0"	if BR2_TARGET_BAREBOX_LATEST_VERSION
 	default BR2_TARGET_BAREBOX_CUSTOM_VERSION_VALUE if BR2_TARGET_BAREBOX_CUSTOM_VERSION
 	default "custom"	if BR2_TARGET_BAREBOX_CUSTOM_TARBALL
 	default BR2_TARGET_BAREBOX_CUSTOM_GIT_VERSION if BR2_TARGET_BAREBOX_CUSTOM_GIT
--- a/boot/barebox/barebox.hash
+++ b/boot/barebox/barebox.hash
@@ -1,8 +1,5 @@
-# From https://www.barebox.org/download/barebox-2020.01.0.tar.bz2.md5
-md5  05038e0b61b68ce40e038295b809c548  barebox-2020.01.0.tar.bz2
+# From https://www.barebox.org/download/barebox-2019.09.0.tar.bz2.md5
+md5 08fa404904cc95d8d0d34d4142351d09 barebox-2019.09.0.tar.bz2

 # Locally calculated
-sha256  8968e6b0d72d79eba636917b067b925e3bbb54d38c6c2acfc4e1e49909b42f33  barebox-2020.01.0.tar.bz2
-
-# License files, locally computed
-sha256  ab1122aa9f9073ad1ec824edcd970b16a6a7881a34a18fd56c080debb2dca5d4  COPYING
+sha256 beab6bdba2466bece57d23834daf4f0d530a594efc11ca0ddb69372981e6e159 barebox-2019.09.0.tar.bz2
--- a/boot/barebox/barebox.mk
+++ b/boot/barebox/barebox.mk
@@ -39,9 +39,7 @@ $(1)_DL_SUBDIR = barebox

 $(1)_DEPENDENCIES = host-lzop
 $(1)_LICENSE = GPL-2.0 with exceptions
-ifeq ($(BR2_TARGET_BAREBOX_LATEST_VERSION),y)
 $(1)_LICENSE_FILES = COPYING
-endif

 $(1)_CUSTOM_EMBEDDED_ENV_PATH = $$(call qstrip,$$(BR2_TARGET_$(1)_CUSTOM_EMBEDDED_ENV_PATH))

@@ -88,6 +86,13 @@ $(1)_KCONFIG_DEPENDENCIES = \
 	$(BR2_BISON_HOST_DEPENDENCY) \
 	$(BR2_FLEX_HOST_DEPENDENCY)

+ifeq ($$(BR2_TARGET_$(1)_BAREBOXENV),y)
+define $(1)_BUILD_BAREBOXENV_CMDS
+	$$(TARGET_CC) $$(TARGET_CFLAGS) $$(TARGET_LDFLAGS) -o $$(@D)/bareboxenv \
+		$$(@D)/scripts/bareboxenv.c
+endef
+endif
+
 ifeq ($$(BR2_TARGET_$(1)_CUSTOM_ENV),y)
 $(1)_ENV_NAME = $$(notdir $$(call qstrip,\
 	$$(BR2_TARGET_$(1)_CUSTOM_ENV_PATH)))
@@ -102,23 +107,12 @@ endef
 endif

 ifneq ($$($(1)_CUSTOM_EMBEDDED_ENV_PATH),)
-define $(1)_KCONFIG_FIXUP_CUSTOM_EMBEDDED_ENV_PATH
-	$$(call KCONFIG_ENABLE_OPT,CONFIG_DEFAULT_ENVIRONMENT)
-	$$(call KCONFIG_SET_OPT,CONFIG_DEFAULT_ENVIRONMENT_PATH,"$$($(1)_CUSTOM_EMBEDDED_ENV_PATH)")
+define $(1)_KCONFIG_FIXUP_CMDS
+	$$(call KCONFIG_ENABLE_OPT,CONFIG_DEFAULT_ENVIRONMENT,$$(@D)/.config)
+	$$(call KCONFIG_SET_OPT,CONFIG_DEFAULT_ENVIRONMENT_PATH,"$$($(1)_CUSTOM_EMBEDDED_ENV_PATH)",$$(@D)/.config)
 endef
 endif

-define $(1)_KCONFIG_FIXUP_BAREBOXENV
-	$$(if $$(BR2_TARGET_$(1)_BAREBOXENV),\
-		$$(call KCONFIG_ENABLE_OPT,CONFIG_BAREBOXENV_TARGET),\
-		$$(call KCONFIG_DISABLE_OPT,CONFIG_BAREBOXENV_TARGET))
-endef
-
-define $(1)_KCONFIG_FIXUP_CMDS
-	$$($(1)_KCONFIG_FIXUP_CUSTOM_EMBEDDED_ENV_PATH)
-	$$($(1)_KCONFIG_FIXUP_BAREBOXENV)
-endef
-
 define $(1)_BUILD_CMDS
 	$$($(1)_BUILD_BAREBOXENV_CMDS)
 	$$(TARGET_MAKE_ENV) $$(MAKE) $$($(1)_MAKE_FLAGS) -C $$(@D)
@@ -140,7 +134,7 @@ endef

 ifeq ($$(BR2_TARGET_$(1)_BAREBOXENV),y)
 define $(1)_INSTALL_TARGET_CMDS
-	cp $$(@D)/scripts/bareboxenv-target $$(TARGET_DIR)/usr/bin/bareboxenv
+	cp $$(@D)/bareboxenv $$(TARGET_DIR)/usr/bin
 endef
 endif

--- a/boot/boot-wrapper-aarch64/Config.in
+++ b/boot/boot-wrapper-aarch64/Config.in
@@ -38,9 +38,4 @@ config BR2_TARGET_BOOT_WRAPPER_AARCH64_PSCI
 	  Boot secondary SMP cores using PSCI firmware calls. If
 	  disabled, the spin-table method is used instead.

-config BR2_TARGET_BOOT_WRAPPER_AARCH64_GICV3
-	bool "Enable GICv3 instead of GICv2"
-	help
-	  Boot using GICv3 instead of GICv2.
-
 endif
--- a/boot/boot-wrapper-aarch64/boot-wrapper-aarch64.mk
+++ b/boot/boot-wrapper-aarch64/boot-wrapper-aarch64.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################

-BOOT_WRAPPER_AARCH64_VERSION = fd74c8cbd0e17483d2299208cad9742bee605ca7
+BOOT_WRAPPER_AARCH64_VERSION = 4266507a84f8c06452109d38e0350d4759740694
 BOOT_WRAPPER_AARCH64_SITE = git://git.kernel.org/pub/scm/linux/kernel/git/mark/boot-wrapper-aarch64.git
 BOOT_WRAPPER_AARCH64_LICENSE = BSD-3-Clause
 BOOT_WRAPPER_AARCH64_LICENSE_FILES = LICENSE.txt
@@ -15,11 +15,19 @@ BOOT_WRAPPER_AARCH64_INSTALL_IMAGES = YES
 # Makefile.
 BOOT_WRAPPER_AARCH64_AUTORECONF = YES

-BOOT_WRAPPER_AARCH64_DTB = $(LINUX_DIR)/arch/arm64/boot/dts/$(basename $(call qstrip,$(BR2_TARGET_BOOT_WRAPPER_AARCH64_DTS))).dtb
+BOOT_WRAPPER_AARCH64_DTB = /arch/arm64/boot/dts/$(basename $(call qstrip,$(BR2_TARGET_BOOT_WRAPPER_AARCH64_DTS))).dtb
+
+# Fixup the path to the DTB in configure.ac. In the future, this
+# should hopefully be made more configurable by the
+# boot-wrapper-aarch64 developers.
+define BOOT_WRAPPER_AARCH64_FIX_DTB_NAME
+	$(SED) 's%^KERN_DTB=.*%KERN_DTB=$(BOOT_WRAPPER_AARCH64_DTB)%' $(@D)/configure.ac
+endef
+
+BOOT_WRAPPER_AARCH64_PRE_PATCH_HOOKS += BOOT_WRAPPER_AARCH64_FIX_DTB_NAME

 BOOT_WRAPPER_AARCH64_CONF_OPTS = \
 	--with-kernel-dir=$(LINUX_DIR) \
-	--with-dtb=$(BOOT_WRAPPER_AARCH64_DTB) \
 	--with-cmdline=$(BR2_TARGET_BOOT_WRAPPER_AARCH64_BOOTARGS)

 ifeq ($(BR2_TARGET_BOOT_WRAPPER_AARCH64_PSCI),y)
@@ -28,10 +36,6 @@ else
 BOOT_WRAPPER_AARCH64_CONF_OPTS += --disable-psci
 endif

-ifeq ($(BR2_TARGET_BOOT_WRAPPER_AARCH64_GICV3),y)
-BOOT_WRAPPER_AARCH64_CONF_OPTS += --enable-gicv3
-endif
-
 # We need to convince the configure script that the Linux kernel tree
 # exists, as well as the DTB and the kernel Image. Even though those
 # are available on the build machine, the configure script uses
--- a/boot/grub2/0001-build-Fix-GRUB-i386-pc-build-with-Ubuntu-gcc.patch
+++ b/boot/grub2/0001-build-Fix-GRUB-i386-pc-build-with-Ubuntu-gcc.patch
@@ -1,313 +0,0 @@
-From 6643507ce30f775008e093580f0c9499dfb2c485 Mon Sep 17 00:00:00 2001
-From: Simon Hardy <simon.hardy@itdev.co.uk>
-Date: Tue, 24 Mar 2020 13:29:12 +0000
-Subject: build: Fix GRUB i386-pc build with Ubuntu gcc
-
-With recent versions of gcc on Ubuntu a very large lzma_decompress.img file is
-output. (e.g. 134479600 bytes instead of 2864.) This causes grub-mkimage to
-fail with: "error: Decompressor is too big."
-
-This seems to be caused by a section .note.gnu.property that is placed at an
-offset such that objcopy needs to pad the img file with zeros.
-
-This issue is present on:
-Ubuntu 19.10 with gcc (Ubuntu 8.3.0-26ubuntu1~19.10) 8.3.0
-Ubuntu 19.10 with gcc (Ubuntu 9.2.1-9ubuntu2) 9.2.1 20191008
-
-This issue is not present on:
-Ubuntu 19.10 with gcc (Ubuntu 7.5.0-3ubuntu1~19.10) 7.5.0
-RHEL 8.0 with gcc 8.3.1 20190507 (Red Hat 8.3.1-4)
-
-The issue can be fixed by removing the section using objcopy as shown in
-this patch.
-
-Signed-off-by: Simon Hardy <simon.hardy@itdev.co.uk>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-[Retrieved (and updated to directly patch Makefile.in instead of
-gentpl.py to avoid adding a dependency on python) from:
-http://git.savannah.gnu.org/cgit/grub.git/commit/?id=6643507ce30f775008e093580f0c9499dfb2c485]
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-[yann.morin.1998@free.fr:
-  - keep the part patching gentpl.py
-  - restore it as a git-formatted patch
-  - introduce the hunk about the generated .am file
-]
-Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
---
- gentpl.py             |    2     1     1     0 +-
- grub-core/Makefile.in |   38    19    19     0 +++++++++++++++++++-------------------
- 2 files changed, 20 insertions(+), 20 deletions(-)
-
-diff --git a/gentpl.py b/gentpl.py
-index 387588c05..c86550d4f 100644
--- a/gentpl.py
-+++ b/gentpl.py
-@@ -766,7 +766,7 @@ def image(defn, platform):
- if test x$(TARGET_APPLE_LINKER) = x1; then \
-   $(MACHO2IMG) $< $@; \
- else \
-  $(TARGET_OBJCOPY) $(""" + cname(defn) + """_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; \
-+  $(TARGET_OBJCOPY) $(""" + cname(defn) + """_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; \
- fi
- """)
- 
-diff --git a/grub-core/Makefile.core.am b/grub-core/Makefile.core.am
-index 387588c05..c86550d4f 100644
--- a/grub-core/Makefile.core.am
-+++ 2/grub-core/Makefile.core.am
-@@ -22897,7 +22897,7 @@
- CLEANFILES += boot.img
- 
- boot.img: boot.image$(EXEEXT)
-	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(boot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
-+	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(boot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
- 	
- endif
- 
-@@ -22918,7 +22918,7 @@
- CLEANFILES += boot.img
- 
- boot.img: boot.image$(EXEEXT)
-	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(boot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
-+	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(boot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
- 	
- endif
- 
-@@ -22939,7 +22939,7 @@
- CLEANFILES += boot.img
- 
- boot.img: boot.image$(EXEEXT)
-	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(boot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
-+	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(boot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
- 	
- endif
- 
-@@ -22960,7 +22960,7 @@
- CLEANFILES += boot_hybrid.img
- 
- boot_hybrid.img: boot_hybrid.image$(EXEEXT)
-	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(boot_hybrid_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
-+	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(boot_hybrid_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
- 	
- endif
- 
-@@ -22981,7 +22981,7 @@
- CLEANFILES += cdboot.img
- 
- cdboot.img: cdboot.image$(EXEEXT)
-	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(cdboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
-+	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(cdboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
- 	
- endif
- 
-@@ -23002,7 +23002,7 @@
- CLEANFILES += cdboot.img
- 
- cdboot.img: cdboot.image$(EXEEXT)
-	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(cdboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
-+	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(cdboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
- 	
- endif
- 
-@@ -23023,7 +23023,7 @@
- CLEANFILES += pxeboot.img
- 
- pxeboot.img: pxeboot.image$(EXEEXT)
-	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(pxeboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
-+	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(pxeboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
- 	
- endif
- 
-@@ -23044,7 +23044,7 @@
- CLEANFILES += diskboot.img
- 
- diskboot.img: diskboot.image$(EXEEXT)
-	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(diskboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
-+	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(diskboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
- 	
- endif
- 
-@@ -23065,7 +23065,7 @@
- CLEANFILES += diskboot.img
- 
- diskboot.img: diskboot.image$(EXEEXT)
-	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(diskboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
-+	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(diskboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
- 	
- endif
- 
-@@ -23086,7 +23086,7 @@
- CLEANFILES += lnxboot.img
- 
- lnxboot.img: lnxboot.image$(EXEEXT)
-	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(lnxboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
-+	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(lnxboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
- 	
- endif
- 
-@@ -23107,7 +23107,7 @@
- CLEANFILES += xz_decompress.img
- 
- xz_decompress.img: xz_decompress.image$(EXEEXT)
-	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(xz_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
-+	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(xz_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
- 	
- endif
- 
-@@ -23128,7 +23128,7 @@
- CLEANFILES += xz_decompress.img
- 
- xz_decompress.img: xz_decompress.image$(EXEEXT)
-	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(xz_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
-+	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(xz_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
- 	
- endif
- 
-@@ -23149,7 +23149,7 @@
- CLEANFILES += xz_decompress.img
- 
- xz_decompress.img: xz_decompress.image$(EXEEXT)
-	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(xz_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
-+	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(xz_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
- 	
- endif
- 
-@@ -23170,7 +23170,7 @@
- CLEANFILES += none_decompress.img
- 
- none_decompress.img: none_decompress.image$(EXEEXT)
-	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(none_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
-+	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(none_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
- 	
- endif
- 
-@@ -23191,7 +23191,7 @@
- CLEANFILES += none_decompress.img
- 
- none_decompress.img: none_decompress.image$(EXEEXT)
-	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(none_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
-+	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(none_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
- 	
- endif
- 
-@@ -23212,7 +23212,7 @@
- CLEANFILES += none_decompress.img
- 
- none_decompress.img: none_decompress.image$(EXEEXT)
-	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(none_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
-+	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(none_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
- 	
- endif
- 
-@@ -23233,7 +23233,7 @@
- CLEANFILES += lzma_decompress.img
- 
- lzma_decompress.img: lzma_decompress.image$(EXEEXT)
-	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(lzma_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
-+	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(lzma_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
- 	
- endif
- 
-@@ -23254,7 +23254,7 @@
- CLEANFILES += fwstart.img
- 
- fwstart.img: fwstart.image$(EXEEXT)
-	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(fwstart_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
-+	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(fwstart_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
- 	
- endif
- 
-@@ -23275,7 +23275,7 @@
- CLEANFILES += fwstart_fuloong2f.img
- 
- fwstart_fuloong2f.img: fwstart_fuloong2f.image$(EXEEXT)
-	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(fwstart_fuloong2f_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
-+	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(fwstart_fuloong2f_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
- 	
- endif
- 
-diff --git a/grub-core/Makefile.in b/grub-core/Makefile.in
-index 387588c05..c86550d4f 100644
--- a/grub-core/Makefile.in
-+++ b/grub-core/Makefile.in
-@@ -46531,61 +46531,61 @@
- @COND_riscv64_efi_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(TARGET_STRIP) -S -x $(kernel_exec) -o $@.bin $<;   $(TARGET_OBJCONV) -f$(TARGET_MODULE_FORMAT) -nr:_grub_mod_init:grub_mod_init -nr:_grub_mod_fini:grub_mod_fini -ed2022 -ed2016 -wd1106 -nu -nd $@.bin $@;   rm -f $@.bin;    elif test ! -z '$(TARGET_OBJ2ELF)'; then      $(TARGET_STRIP) $(kernel_exec_STRIPFLAGS) -o $@.bin $< &&      $(TARGET_OBJ2ELF) $@.bin $@ || (rm -f $@; rm -f $@.bin; exit 1);      rm -f $@.bin; else $(TARGET_STRIP) $(kernel_exec_STRIPFLAGS) -o $@ $<; fi
- 
- @COND_i386_pc_TRUE@boot.img: boot.image$(EXEEXT)
-@COND_i386_pc_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(boot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
-+@COND_i386_pc_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(boot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
- 
- @COND_i386_qemu_TRUE@boot.img: boot.image$(EXEEXT)
-@COND_i386_qemu_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(boot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
-+@COND_i386_qemu_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(boot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
- 
- @COND_sparc64_ieee1275_TRUE@boot.img: boot.image$(EXEEXT)
-@COND_sparc64_ieee1275_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(boot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
-+@COND_sparc64_ieee1275_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(boot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
- 
- @COND_i386_pc_TRUE@boot_hybrid.img: boot_hybrid.image$(EXEEXT)
-@COND_i386_pc_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(boot_hybrid_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
-+@COND_i386_pc_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(boot_hybrid_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
- 
- @COND_i386_pc_TRUE@cdboot.img: cdboot.image$(EXEEXT)
-@COND_i386_pc_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(cdboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
-+@COND_i386_pc_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(cdboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
- 
- @COND_sparc64_ieee1275_TRUE@cdboot.img: cdboot.image$(EXEEXT)
-@COND_sparc64_ieee1275_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(cdboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
-+@COND_sparc64_ieee1275_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(cdboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
- 
- @COND_i386_pc_TRUE@pxeboot.img: pxeboot.image$(EXEEXT)
-@COND_i386_pc_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(pxeboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
-+@COND_i386_pc_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(pxeboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
- 
- @COND_i386_pc_TRUE@diskboot.img: diskboot.image$(EXEEXT)
-@COND_i386_pc_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(diskboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
-+@COND_i386_pc_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(diskboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
- 
- @COND_sparc64_ieee1275_TRUE@diskboot.img: diskboot.image$(EXEEXT)
-@COND_sparc64_ieee1275_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(diskboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
-+@COND_sparc64_ieee1275_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(diskboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
- 
- @COND_i386_pc_TRUE@lnxboot.img: lnxboot.image$(EXEEXT)
-@COND_i386_pc_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(lnxboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
-+@COND_i386_pc_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(lnxboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
- 
- @COND_mips_loongson_TRUE@xz_decompress.img: xz_decompress.image$(EXEEXT)
-@COND_mips_loongson_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(xz_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
-+@COND_mips_loongson_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(xz_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
- 
- @COND_mips_arc_TRUE@xz_decompress.img: xz_decompress.image$(EXEEXT)
-@COND_mips_arc_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(xz_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
-+@COND_mips_arc_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(xz_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
- 
- @COND_mips_qemu_mips_TRUE@xz_decompress.img: xz_decompress.image$(EXEEXT)
-@COND_mips_qemu_mips_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(xz_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
-+@COND_mips_qemu_mips_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(xz_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
- 
- @COND_mips_loongson_TRUE@none_decompress.img: none_decompress.image$(EXEEXT)
-@COND_mips_loongson_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(none_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
-+@COND_mips_loongson_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(none_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
- 
- @COND_mips_arc_TRUE@none_decompress.img: none_decompress.image$(EXEEXT)
-@COND_mips_arc_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(none_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
-+@COND_mips_arc_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(none_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
- 
- @COND_mips_qemu_mips_TRUE@none_decompress.img: none_decompress.image$(EXEEXT)
-@COND_mips_qemu_mips_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(none_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
-+@COND_mips_qemu_mips_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(none_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
- 
- @COND_i386_pc_TRUE@lzma_decompress.img: lzma_decompress.image$(EXEEXT)
-@COND_i386_pc_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(lzma_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
-+@COND_i386_pc_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(lzma_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
- 
- @COND_mips_loongson_TRUE@fwstart.img: fwstart.image$(EXEEXT)
-@COND_mips_loongson_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(fwstart_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
-+@COND_mips_loongson_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(fwstart_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
- 
- @COND_mips_loongson_TRUE@fwstart_fuloong2f.img: fwstart_fuloong2f.image$(EXEEXT)
-@COND_mips_loongson_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(fwstart_fuloong2f_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
-+@COND_mips_loongson_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(fwstart_fuloong2f_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
- 
- @COND_MAN_PAGES_TRUE@@COND_emu_TRUE@grub-emu.1: grub-emu 
- @COND_MAN_PAGES_TRUE@@COND_emu_TRUE@	chmod a+x grub-emu
--- a/boot/grub2/0002-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch
+++ b/boot/grub2/0002-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch
@@ -1,73 +0,0 @@
-From a7ab0cc98fa89a3d5098c29cbe44bcd24b0a6454 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Wed, 15 Apr 2020 15:45:02 -0400
-Subject: [PATCH] yylex: Make lexer fatal errors actually be fatal
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-When presented with a command that can't be tokenized to anything
-smaller than YYLMAX characters, the parser calls YY_FATAL_ERROR(errmsg),
-expecting that will stop further processing, as such:
-
-  #define YY_DO_BEFORE_ACTION \
-        yyg->yytext_ptr = yy_bp; \
-        yyleng = (int) (yy_cp - yy_bp); \
-        yyg->yy_hold_char = *yy_cp; \
-        *yy_cp = '\0'; \
-        if ( yyleng >= YYLMAX ) \
-                YY_FATAL_ERROR( "token too large, exceeds YYLMAX" ); \
-        yy_flex_strncpy( yytext, yyg->yytext_ptr, yyleng + 1 , yyscanner); \
-        yyg->yy_c_buf_p = yy_cp;
-
-The code flex generates expects that YY_FATAL_ERROR() will either return
-for it or do some form of longjmp(), or handle the error in some way at
-least, and so the strncpy() call isn't in an "else" clause, and thus if
-YY_FATAL_ERROR() is *not* actually fatal, it does the call with the
-questionable limit, and predictable results ensue.
-
-Unfortunately, our implementation of YY_FATAL_ERROR() is:
-
-   #define YY_FATAL_ERROR(msg)                     \
-     do {                                          \
-       grub_printf (_("fatal error: %s\n"), _(msg));     \
-     } while (0)
-
-The same pattern exists in yyless(), and similar problems exist in users
-of YY_INPUT(), several places in the main parsing loop,
-yy_get_next_buffer(), yy_load_buffer_state(), yyensure_buffer_stack,
-yy_scan_buffer(), etc.
-
-All of these callers expect YY_FATAL_ERROR() to actually be fatal, and
-the things they do if it returns after calling it are wildly unsafe.
-
-Fixes: CVE-2020-10713
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
- grub-core/script/yylex.l | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/grub-core/script/yylex.l b/grub-core/script/yylex.l
-index 7b44c37b7..b7203c823 100644
--- a/grub-core/script/yylex.l
-+++ b/grub-core/script/yylex.l
-@@ -37,11 +37,11 @@
- 
- /* 
-  * As we don't have access to yyscanner, we cannot do much except to
- * print the fatal error.
-+ * print the fatal error and exit.
-  */
- #define YY_FATAL_ERROR(msg)                     \
-   do {                                          \
-    grub_printf (_("fatal error: %s\n"), _(msg));     \
-+    grub_fatal (_("fatal error: %s\n"), _(msg));\
-   } while (0)
- 
- #define COPY(str, hint)                         \
-- 
-2.26.2
-
--- a/boot/grub2/0003-safemath-Add-some-arithmetic-primitives-that-check-f.patch
+++ b/boot/grub2/0003-safemath-Add-some-arithmetic-primitives-that-check-f.patch
@@ -1,128 +0,0 @@
-From 782a4580a5e347793443aa8e9152db1bf4a0fff8 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Mon, 15 Jun 2020 10:58:42 -0400
-Subject: [PATCH] safemath: Add some arithmetic primitives that check for
- overflow
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This adds a new header, include/grub/safemath.h, that includes easy to
-use wrappers for __builtin_{add,sub,mul}_overflow() declared like:
-
-  bool OP(a, b, res)
-
-where OP is grub_add, grub_sub or grub_mul. OP() returns true in the
-case where the operation would overflow and res is not modified.
-Otherwise, false is returned and the operation is executed.
-
-These arithmetic primitives require newer compiler versions. So, bump
-these requirements in the INSTALL file too.
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
- INSTALL                 | 22 ++--------------------
- include/grub/compiler.h |  8 ++++++++
- include/grub/safemath.h | 37 +++++++++++++++++++++++++++++++++++++
- 3 files changed, 47 insertions(+), 20 deletions(-)
- create mode 100644 include/grub/safemath.h
-
-diff --git a/INSTALL b/INSTALL
-index 8acb40902..dcb9b7d7b 100644
--- a/INSTALL
-+++ b/INSTALL
-@@ -11,27 +11,9 @@ GRUB depends on some software packages installed into your system. If
- you don't have any of them, please obtain and install them before
- configuring the GRUB.
- 
-* GCC 4.1.3 or later
-  Note: older versions may work but support is limited
-
-  Experimental support for clang 3.3 or later (results in much bigger binaries)
-+* GCC 5.1.0 or later
-+  Experimental support for clang 3.8.0 or later (results in much bigger binaries)
-   for i386, x86_64, arm (including thumb), arm64, mips(el), powerpc, sparc64
-  Note: clang 3.2 or later works for i386 and x86_64 targets but results in
-        much bigger binaries.
-	earlier versions not tested
-  Note: clang 3.2 or later works for arm
-	earlier versions not tested
-  Note: clang on arm64 is not supported due to
-	https://llvm.org/bugs/show_bug.cgi?id=26030
-  Note: clang 3.3 or later works for mips(el)
-	earlier versions fail to generate .reginfo and hence gprel relocations
-	fail.
-  Note: clang 3.2 or later works for powerpc
-	earlier versions not tested
-  Note: clang 3.5 or later works for sparc64
-        earlier versions return "error: unable to interface with target machine"
-  Note: clang has no support for ia64 and hence you can't compile GRUB
-	for ia64 with clang
- * GNU Make
- * GNU Bison 2.3 or later
- * GNU gettext 0.17 or later
-diff --git a/include/grub/compiler.h b/include/grub/compiler.h
-index c9e1d7a73..8f3be3ae7 100644
--- a/include/grub/compiler.h
-+++ b/include/grub/compiler.h
-@@ -48,4 +48,12 @@
- #  define WARN_UNUSED_RESULT
- #endif
- 
-+#if defined(__clang__) && defined(__clang_major__) && defined(__clang_minor__)
-+#  define CLANG_PREREQ(maj,min) \
-+          ((__clang_major__ > (maj)) || \
-+	   (__clang_major__ == (maj) && __clang_minor__ >= (min)))
-+#else
-+#  define CLANG_PREREQ(maj,min) 0
-+#endif
-+
- #endif /* ! GRUB_COMPILER_HEADER */
-diff --git a/include/grub/safemath.h b/include/grub/safemath.h
-new file mode 100644
-index 000000000..c17b89bba
--- /dev/null
-+++ b/include/grub/safemath.h
-@@ -0,0 +1,37 @@
-+/*
-+ *  GRUB  --  GRand Unified Bootloader
-+ *  Copyright (C) 2020  Free Software Foundation, Inc.
-+ *
-+ *  GRUB is free software: you can redistribute it and/or modify
-+ *  it under the terms of the GNU General Public License as published by
-+ *  the Free Software Foundation, either version 3 of the License, or
-+ *  (at your option) any later version.
-+ *
-+ *  GRUB is distributed in the hope that it will be useful,
-+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-+ *  GNU General Public License for more details.
-+ *
-+ *  You should have received a copy of the GNU General Public License
-+ *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
-+ *
-+ *  Arithmetic operations that protect against overflow.
-+ */
-+
-+#ifndef GRUB_SAFEMATH_H
-+#define GRUB_SAFEMATH_H 1
-+
-+#include <grub/compiler.h>
-+
-+/* These appear in gcc 5.1 and clang 3.8. */
-+#if GNUC_PREREQ(5, 1) || CLANG_PREREQ(3, 8)
-+
-+#define grub_add(a, b, res)	__builtin_add_overflow(a, b, res)
-+#define grub_sub(a, b, res)	__builtin_sub_overflow(a, b, res)
-+#define grub_mul(a, b, res)	__builtin_mul_overflow(a, b, res)
-+
-+#else
-+#error gcc 5.1 or newer or clang 3.8 or newer is required
-+#endif
-+
-+#endif /* GRUB_SAFEMATH_H */
-- 
-2.26.2
-
--- a/boot/grub2/0004-calloc-Make-sure-we-always-have-an-overflow-checking.patch
+++ b/boot/grub2/0004-calloc-Make-sure-we-always-have-an-overflow-checking.patch
@@ -1,246 +0,0 @@
-From 5775eb40862b67468ced816e6d7560dbe22a3670 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Mon, 15 Jun 2020 12:15:29 -0400
-Subject: [PATCH] calloc: Make sure we always have an overflow-checking
- calloc() available
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This tries to make sure that everywhere in this source tree, we always have
-an appropriate version of calloc() (i.e. grub_calloc(), xcalloc(), etc.)
-available, and that they all safely check for overflow and return NULL when
-it would occur.
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
- grub-core/kern/emu/misc.c          | 12 +++++++++
- grub-core/kern/emu/mm.c            | 10 ++++++++
- grub-core/kern/mm.c                | 40 ++++++++++++++++++++++++++++++
- grub-core/lib/libgcrypt_wrap/mem.c | 11 ++++++--
- grub-core/lib/posix_wrap/stdlib.h  |  8 +++++-
- include/grub/emu/misc.h            |  1 +
- include/grub/mm.h                  |  6 +++++
- 7 files changed, 85 insertions(+), 3 deletions(-)
-
-diff --git a/grub-core/kern/emu/misc.c b/grub-core/kern/emu/misc.c
-index 65db79baa..dfd8a8ec4 100644
--- a/grub-core/kern/emu/misc.c
-+++ b/grub-core/kern/emu/misc.c
-@@ -85,6 +85,18 @@ grub_util_error (const char *fmt, ...)
-   exit (1);
- }
- 
-+void *
-+xcalloc (grub_size_t nmemb, grub_size_t size)
-+{
-+  void *p;
-+
-+  p = calloc (nmemb, size);
-+  if (!p)
-+    grub_util_error ("%s", _("out of memory"));
-+
-+  return p;
-+}
-+
- void *
- xmalloc (grub_size_t size)
- {
-diff --git a/grub-core/kern/emu/mm.c b/grub-core/kern/emu/mm.c
-index f262e95e3..145b01d37 100644
--- a/grub-core/kern/emu/mm.c
-+++ b/grub-core/kern/emu/mm.c
-@@ -25,6 +25,16 @@
- #include <string.h>
- #include <grub/i18n.h>
- 
-+void *
-+grub_calloc (grub_size_t nmemb, grub_size_t size)
-+{
-+  void *ret;
-+  ret = calloc (nmemb, size);
-+  if (!ret)
-+    grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
-+  return ret;
-+}
-+
- void *
- grub_malloc (grub_size_t size)
- {
-diff --git a/grub-core/kern/mm.c b/grub-core/kern/mm.c
-index ee88ff611..f2822a836 100644
--- a/grub-core/kern/mm.c
-+++ b/grub-core/kern/mm.c
-@@ -67,8 +67,10 @@
- #include <grub/dl.h>
- #include <grub/i18n.h>
- #include <grub/mm_private.h>
-+#include <grub/safemath.h>
- 
- #ifdef MM_DEBUG
-+# undef grub_calloc
- # undef grub_malloc
- # undef grub_zalloc
- # undef grub_realloc
-@@ -375,6 +377,30 @@ grub_memalign (grub_size_t align, grub_size_t size)
-   return 0;
- }
- 
-+/*
-+ * Allocate NMEMB instances of SIZE bytes and return the pointer, or error on
-+ * integer overflow.
-+ */
-+void *
-+grub_calloc (grub_size_t nmemb, grub_size_t size)
-+{
-+  void *ret;
-+  grub_size_t sz = 0;
-+
-+  if (grub_mul (nmemb, size, &sz))
-+    {
-+      grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
-+      return NULL;
-+    }
-+
-+  ret = grub_memalign (0, sz);
-+  if (!ret)
-+    return NULL;
-+
-+  grub_memset (ret, 0, sz);
-+  return ret;
-+}
-+
- /* Allocate SIZE bytes and return the pointer.  */
- void *
- grub_malloc (grub_size_t size)
-@@ -561,6 +587,20 @@ grub_mm_dump (unsigned lineno)
-   grub_printf ("\n");
- }
- 
-+void *
-+grub_debug_calloc (const char *file, int line, grub_size_t nmemb, grub_size_t size)
-+{
-+  void *ptr;
-+
-+  if (grub_mm_debug)
-+    grub_printf ("%s:%d: calloc (0x%" PRIxGRUB_SIZE ", 0x%" PRIxGRUB_SIZE ") = ",
-+		 file, line, size);
-+  ptr = grub_calloc (nmemb, size);
-+  if (grub_mm_debug)
-+    grub_printf ("%p\n", ptr);
-+  return ptr;
-+}
-+
- void *
- grub_debug_malloc (const char *file, int line, grub_size_t size)
- {
-diff --git a/grub-core/lib/libgcrypt_wrap/mem.c b/grub-core/lib/libgcrypt_wrap/mem.c
-index beeb661a3..74c6eafe5 100644
--- a/grub-core/lib/libgcrypt_wrap/mem.c
-+++ b/grub-core/lib/libgcrypt_wrap/mem.c
-@@ -4,6 +4,7 @@
- #include <grub/crypto.h>
- #include <grub/dl.h>
- #include <grub/env.h>
-+#include <grub/safemath.h>
- 
- GRUB_MOD_LICENSE ("GPLv3+");
- 
-@@ -36,7 +37,10 @@ void *
- gcry_xcalloc (size_t n, size_t m)
- {
-   void *ret;
-  ret = grub_zalloc (n * m);
-+  size_t sz;
-+  if (grub_mul (n, m, &sz))
-+    grub_fatal ("gcry_xcalloc would overflow");
-+  ret = grub_zalloc (sz);
-   if (!ret)
-     grub_fatal ("gcry_xcalloc failed");
-   return ret;
-@@ -56,7 +60,10 @@ void *
- gcry_xcalloc_secure (size_t n, size_t m)
- {
-   void *ret;
-  ret = grub_zalloc (n * m);
-+  size_t sz;
-+  if (grub_mul (n, m, &sz))
-+    grub_fatal ("gcry_xcalloc would overflow");
-+  ret = grub_zalloc (sz);
-   if (!ret)
-     grub_fatal ("gcry_xcalloc failed");
-   return ret;
-diff --git a/grub-core/lib/posix_wrap/stdlib.h b/grub-core/lib/posix_wrap/stdlib.h
-index 3b46f47ff..7a8d385e9 100644
--- a/grub-core/lib/posix_wrap/stdlib.h
-+++ b/grub-core/lib/posix_wrap/stdlib.h
-@@ -21,6 +21,7 @@
- 
- #include <grub/mm.h>
- #include <grub/misc.h>
-+#include <grub/safemath.h>
- 
- static inline void 
- free (void *ptr)
-@@ -37,7 +38,12 @@ malloc (grub_size_t size)
- static inline void *
- calloc (grub_size_t size, grub_size_t nelem)
- {
-  return grub_zalloc (size * nelem);
-+  grub_size_t sz;
-+
-+  if (grub_mul (size, nelem, &sz))
-+    return NULL;
-+
-+  return grub_zalloc (sz);
- }
- 
- static inline void *
-diff --git a/include/grub/emu/misc.h b/include/grub/emu/misc.h
-index ce464cfd0..ff9c48a64 100644
--- a/include/grub/emu/misc.h
-+++ b/include/grub/emu/misc.h
-@@ -47,6 +47,7 @@ grub_util_device_is_mapped (const char *dev);
- #define GRUB_HOST_PRIuLONG_LONG "llu"
- #define GRUB_HOST_PRIxLONG_LONG "llx"
- 
-+void * EXPORT_FUNC(xcalloc) (grub_size_t nmemb, grub_size_t size) WARN_UNUSED_RESULT;
- void * EXPORT_FUNC(xmalloc) (grub_size_t size) WARN_UNUSED_RESULT;
- void * EXPORT_FUNC(xrealloc) (void *ptr, grub_size_t size) WARN_UNUSED_RESULT;
- char * EXPORT_FUNC(xstrdup) (const char *str) WARN_UNUSED_RESULT;
-diff --git a/include/grub/mm.h b/include/grub/mm.h
-index 28e2e53eb..9c38dd3ca 100644
--- a/include/grub/mm.h
-+++ b/include/grub/mm.h
-@@ -29,6 +29,7 @@
- #endif
- 
- void grub_mm_init_region (void *addr, grub_size_t size);
-+void *EXPORT_FUNC(grub_calloc) (grub_size_t nmemb, grub_size_t size);
- void *EXPORT_FUNC(grub_malloc) (grub_size_t size);
- void *EXPORT_FUNC(grub_zalloc) (grub_size_t size);
- void EXPORT_FUNC(grub_free) (void *ptr);
-@@ -48,6 +49,9 @@ extern int EXPORT_VAR(grub_mm_debug);
- void grub_mm_dump_free (void);
- void grub_mm_dump (unsigned lineno);
- 
-+#define grub_calloc(nmemb, size)	\
-+  grub_debug_calloc (GRUB_FILE, __LINE__, nmemb, size)
-+
- #define grub_malloc(size)	\
-   grub_debug_malloc (GRUB_FILE, __LINE__, size)
- 
-@@ -63,6 +67,8 @@ void grub_mm_dump (unsigned lineno);
- #define grub_free(ptr)	\
-   grub_debug_free (GRUB_FILE, __LINE__, ptr)
- 
-+void *EXPORT_FUNC(grub_debug_calloc) (const char *file, int line,
-+				      grub_size_t nmemb, grub_size_t size);
- void *EXPORT_FUNC(grub_debug_malloc) (const char *file, int line,
- 				      grub_size_t size);
- void *EXPORT_FUNC(grub_debug_zalloc) (const char *file, int line,
-- 
-2.26.2
-
--- a/boot/grub2/0005-calloc-Use-calloc-at-most-places.patch
+++ b/boot/grub2/0005-calloc-Use-calloc-at-most-places.patch
--- a/boot/grub2/0006-malloc-Use-overflow-checking-primitives-where-we-do-.patch
+++ b/boot/grub2/0006-malloc-Use-overflow-checking-primitives-where-we-do-.patch
--- a/boot/grub2/0007-iso9660-Don-t-leak-memory-on-realloc-failures.patch
+++ b/boot/grub2/0007-iso9660-Don-t-leak-memory-on-realloc-failures.patch
@@ -1,72 +0,0 @@
-From e0dd17a3ce79c6622dc78c96e1f2ef1b20e2bf7b Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Sat, 4 Jul 2020 12:25:09 -0400
-Subject: [PATCH] iso9660: Don't leak memory on realloc() failures
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
- grub-core/fs/iso9660.c | 24 ++++++++++++++++++++----
- 1 file changed, 20 insertions(+), 4 deletions(-)
-
-diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c
-index 7ba5b300b..5ec4433b8 100644
--- a/grub-core/fs/iso9660.c
-+++ b/grub-core/fs/iso9660.c
-@@ -533,14 +533,20 @@ add_part (struct iterate_dir_ctx *ctx,
- {
-   int size = ctx->symlink ? grub_strlen (ctx->symlink) : 0;
-   grub_size_t sz;
-+  char *new;
- 
-   if (grub_add (size, len2, &sz) ||
-       grub_add (sz, 1, &sz))
-     return;
- 
-  ctx->symlink = grub_realloc (ctx->symlink, sz);
-  if (! ctx->symlink)
-    return;
-+  new = grub_realloc (ctx->symlink, sz);
-+  if (!new)
-+    {
-+      grub_free (ctx->symlink);
-+      ctx->symlink = NULL;
-+      return;
-+    }
-+  ctx->symlink = new;
- 
-   grub_memcpy (ctx->symlink + size, part, len2);
-   ctx->symlink[size + len2] = 0;  
-@@ -634,7 +640,12 @@ susp_iterate_dir (struct grub_iso9660_susp_entry *entry,
- 		   is the length.  Both are part of the `Component
- 		   Record'.  */
- 		if (ctx->symlink && !ctx->was_continue)
-		  add_part (ctx, "/", 1);
-+		  {
-+		    add_part (ctx, "/", 1);
-+		    if (grub_errno)
-+		      return grub_errno;
-+		  }
-+
- 		add_part (ctx, (char *) &entry->data[pos + 2],
- 			  entry->data[pos + 1]);
- 		ctx->was_continue = (entry->data[pos] & 1);
-@@ -653,6 +664,11 @@ susp_iterate_dir (struct grub_iso9660_susp_entry *entry,
- 	      add_part (ctx, "/", 1);
- 	      break;
- 	    }
-+
-+	  /* Check if grub_realloc() failed in add_part(). */
-+	  if (grub_errno)
-+	    return grub_errno;
-+
- 	  /* In pos + 1 the length of the `Component Record' is
- 	     stored.  */
- 	  pos += entry->data[pos + 1] + 2;
-- 
-2.26.2
-
--- a/boot/grub2/0008-font-Do-not-load-more-than-one-NAME-section.patch
+++ b/boot/grub2/0008-font-Do-not-load-more-than-one-NAME-section.patch
@@ -1,41 +0,0 @@
-From 73bc7a964c9496d5b0f00dbd69959dacf5adcebe Mon Sep 17 00:00:00 2001
-From: Daniel Kiper <daniel.kiper@oracle.com>
-Date: Tue, 7 Jul 2020 15:36:26 +0200
-Subject: [PATCH] font: Do not load more than one NAME section
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The GRUB font file can have one NAME section only. Though if somebody
-crafts a broken font file with many NAME sections and loads it then the
-GRUB leaks memory. So, prevent against that by loading first NAME
-section and failing in controlled way on following one.
-
-Reported-by: Chris Coulson <chris.coulson@canonical.com>
-Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
-Reviewed-by: Jan Setje-Eilers <jan.setjeeilers@oracle.com>
-Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
- grub-core/font/font.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/grub-core/font/font.c b/grub-core/font/font.c
-index 5edb477ac..d09bb38d8 100644
--- a/grub-core/font/font.c
-+++ b/grub-core/font/font.c
-@@ -532,6 +532,12 @@ grub_font_load (const char *filename)
-       if (grub_memcmp (section.name, FONT_FORMAT_SECTION_NAMES_FONT_NAME,
- 		       sizeof (FONT_FORMAT_SECTION_NAMES_FONT_NAME) - 1) == 0)
- 	{
-+	  if (font->name != NULL)
-+	    {
-+	      grub_error (GRUB_ERR_BAD_FONT, "invalid font file: too many NAME sections");
-+	      goto fail;
-+	    }
-+
- 	  font->name = read_section_as_string (&section);
- 	  if (!font->name)
- 	    goto fail;
-- 
-2.26.2
-
--- a/boot/grub2/0009-gfxmenu-Fix-double-free-in-load_image.patch
+++ b/boot/grub2/0009-gfxmenu-Fix-double-free-in-load_image.patch
@@ -1,39 +0,0 @@
-From 9ff609f0e7798bc5fb04f791131c98e7693bdd9b Mon Sep 17 00:00:00 2001
-From: Alexey Makhalov <amakhalov@vmware.com>
-Date: Wed, 8 Jul 2020 20:41:56 +0000
-Subject: [PATCH] gfxmenu: Fix double free in load_image()
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-self->bitmap should be zeroed after free. Otherwise, there is a chance
-to double free (USE_AFTER_FREE) it later in rescale_image().
-
-Fixes: CID 292472
-
-Signed-off-by: Alexey Makhalov <amakhalov@vmware.com>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
- grub-core/gfxmenu/gui_image.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/grub-core/gfxmenu/gui_image.c b/grub-core/gfxmenu/gui_image.c
-index 29784ed2d..6b2e976f1 100644
--- a/grub-core/gfxmenu/gui_image.c
-+++ b/grub-core/gfxmenu/gui_image.c
-@@ -195,7 +195,10 @@ load_image (grub_gui_image_t self, const char *path)
-     return grub_errno;
- 
-   if (self->bitmap && (self->bitmap != self->raw_bitmap))
-    grub_video_bitmap_destroy (self->bitmap);
-+    {
-+      grub_video_bitmap_destroy (self->bitmap);
-+      self->bitmap = 0;
-+    }
-   if (self->raw_bitmap)
-     grub_video_bitmap_destroy (self->raw_bitmap);
- 
-- 
-2.26.2
-
--- a/boot/grub2/0010-xnu-Fix-double-free-in-grub_xnu_devprop_add_property.patch
+++ b/boot/grub2/0010-xnu-Fix-double-free-in-grub_xnu_devprop_add_property.patch
@@ -1,58 +0,0 @@
-From dc9777dc17697b196c415c53187a55861d41fd2a Mon Sep 17 00:00:00 2001
-From: Alexey Makhalov <amakhalov@vmware.com>
-Date: Wed, 8 Jul 2020 21:30:43 +0000
-Subject: [PATCH] xnu: Fix double free in grub_xnu_devprop_add_property()
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-grub_xnu_devprop_add_property() should not free utf8 and utf16 as it get
-allocated and freed in the caller.
-
-Minor improvement: do prop fields initialization after memory allocations.
-
-Fixes: CID 292442, CID 292457, CID 292460, CID 292466
-
-Signed-off-by: Alexey Makhalov <amakhalov@vmware.com>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
- grub-core/loader/i386/xnu.c | 17 ++++++++---------
- 1 file changed, 8 insertions(+), 9 deletions(-)
-
-diff --git a/grub-core/loader/i386/xnu.c b/grub-core/loader/i386/xnu.c
-index b7d176b5d..e9e119259 100644
--- a/grub-core/loader/i386/xnu.c
-+++ b/grub-core/loader/i386/xnu.c
-@@ -262,20 +262,19 @@ grub_xnu_devprop_add_property (struct grub_xnu_devprop_device_descriptor *dev,
-   if (!prop)
-     return grub_errno;
- 
-  prop->name = utf8;
-  prop->name16 = utf16;
-  prop->name16len = utf16len;
-
-  prop->length = datalen;
-  prop->data = grub_malloc (prop->length);
-+  prop->data = grub_malloc (datalen);
-   if (!prop->data)
-     {
-      grub_free (prop->name);
-      grub_free (prop->name16);
-       grub_free (prop);
-       return grub_errno;
-     }
-  grub_memcpy (prop->data, data, prop->length);
-+  grub_memcpy (prop->data, data, datalen);
-+
-+  prop->name = utf8;
-+  prop->name16 = utf16;
-+  prop->name16len = utf16len;
-+  prop->length = datalen;
-+
-   grub_list_push (GRUB_AS_LIST_P (&dev->properties),
- 		  GRUB_AS_LIST (prop));
-   return GRUB_ERR_NONE;
-- 
-2.26.2
-
--- a/boot/grub2/0011-lzma-Make-sure-we-don-t-dereference-past-array.patch
+++ b/boot/grub2/0011-lzma-Make-sure-we-don-t-dereference-past-array.patch
@@ -1,55 +0,0 @@
-From 78829f0c230680e386fff9f420bb1631bc20f761 Mon Sep 17 00:00:00 2001
-From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
-Date: Thu, 9 Jul 2020 03:05:23 +0000
-Subject: [PATCH] lzma: Make sure we don't dereference past array
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The two dimensional array p->posSlotEncoder[4][64] is being dereferenced
-using the GetLenToPosState() macro which checks if len is less than 5,
-and if so subtracts 2 from it. If len = 0, that is 0 - 2 = 4294967294.
-Obviously we don't want to dereference that far out so we check if the
-position found is greater or equal kNumLenToPosStates (4) and bail out.
-
-N.B.: Upstream LZMA 18.05 and later has this function completely rewritten
-without any history.
-
-Fixes: CID 51526
-
-Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
- grub-core/lib/LzmaEnc.c | 10 ++++++++--
- 1 file changed, 8 insertions(+), 2 deletions(-)
-
-diff --git a/grub-core/lib/LzmaEnc.c b/grub-core/lib/LzmaEnc.c
-index f2ec04a8c..753e56a95 100644
--- a/grub-core/lib/LzmaEnc.c
-+++ b/grub-core/lib/LzmaEnc.c
-@@ -1877,13 +1877,19 @@ static SRes LzmaEnc_CodeOneBlock(CLzmaEnc *p, Bool useLimits, UInt32 maxPackSize
-       }
-       else
-       {
-        UInt32 posSlot;
-+        UInt32 posSlot, lenToPosState;
-         RangeEnc_EncodeBit(&p->rc, &p->isRep[p->state], 0);
-         p->state = kMatchNextStates[p->state];
-         LenEnc_Encode2(&p->lenEnc, &p->rc, len - LZMA_MATCH_LEN_MIN, posState, !p->fastMode, p->ProbPrices);
-         pos -= LZMA_NUM_REPS;
-         GetPosSlot(pos, posSlot);
-        RcTree_Encode(&p->rc, p->posSlotEncoder[GetLenToPosState(len)], kNumPosSlotBits, posSlot);
-+        lenToPosState = GetLenToPosState(len);
-+        if (lenToPosState >= kNumLenToPosStates)
-+        {
-+          p->result = SZ_ERROR_DATA;
-+          return CheckErrors(p);
-+        }
-+        RcTree_Encode(&p->rc, p->posSlotEncoder[lenToPosState], kNumPosSlotBits, posSlot);
- 
-         if (posSlot >= kStartPosModelIndex)
-         {
-- 
-2.26.2
-
--- a/boot/grub2/0012-term-Fix-overflow-on-user-inputs.patch
+++ b/boot/grub2/0012-term-Fix-overflow-on-user-inputs.patch
@@ -1,69 +0,0 @@
-From 8d3b6f9da468f666e3a7976657f2ab5c52762a21 Mon Sep 17 00:00:00 2001
-From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
-Date: Tue, 7 Jul 2020 15:12:25 -0400
-Subject: [PATCH] term: Fix overflow on user inputs
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This requires a very weird input from the serial interface but can cause
-an overflow in input_buf (keys) overwriting the next variable (npending)
-with the user choice:
-
-(pahole output)
-
-struct grub_terminfo_input_state {
-        int                        input_buf[6];         /*     0    24 */
-        int                        npending;             /*    24     4 */ <- CORRUPT
-        ...snip...
-
-The magic string requires causing this is "ESC,O,],0,1,2,q" and we overflow
-npending with "q" (aka increase npending to 161). The simplest fix is to
-just to disallow overwrites input_buf, which exactly what this patch does.
-
-Fixes: CID 292449
-
-Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
- grub-core/term/terminfo.c | 9 ++++++---
- 1 file changed, 6 insertions(+), 3 deletions(-)
-
-diff --git a/grub-core/term/terminfo.c b/grub-core/term/terminfo.c
-index d317efa36..5fa94c0c3 100644
--- a/grub-core/term/terminfo.c
-+++ b/grub-core/term/terminfo.c
-@@ -398,7 +398,7 @@ grub_terminfo_getwh (struct grub_term_output *term)
- }
- 
- static void
-grub_terminfo_readkey (struct grub_term_input *term, int *keys, int *len,
-+grub_terminfo_readkey (struct grub_term_input *term, int *keys, int *len, int max_len,
- 		       int (*readkey) (struct grub_term_input *term))
- {
-   int c;
-@@ -414,6 +414,9 @@ grub_terminfo_readkey (struct grub_term_input *term, int *keys, int *len,
-     if (c == -1)						\
-       return;							\
- 								\
-+    if (*len >= max_len)                                       \
-+      return;                                                   \
-+                                                                \
-     keys[*len] = c;						\
-     (*len)++;							\
-   }
-@@ -602,8 +605,8 @@ grub_terminfo_getkey (struct grub_term_input *termi)
-       return ret;
-     }
- 
-  grub_terminfo_readkey (termi, data->input_buf,
-			 &data->npending, data->readkey);
-+  grub_terminfo_readkey (termi, data->input_buf, &data->npending,
-+			 GRUB_TERMINFO_READKEY_MAX_LEN, data->readkey);
- 
- #if defined(__powerpc__) && defined(GRUB_MACHINE_IEEE1275)
-   if (data->npending == 1 && data->input_buf[0] == GRUB_TERM_ESC
-- 
-2.26.2
-
--- a/boot/grub2/0013-udf-Fix-memory-leak.patch
+++ b/boot/grub2/0013-udf-Fix-memory-leak.patch
@@ -1,59 +0,0 @@
-From 748b691761d31bfff7e9d0d210caa606294c2b52 Mon Sep 17 00:00:00 2001
-From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
-Date: Tue, 7 Jul 2020 22:02:31 -0400
-Subject: [PATCH] udf: Fix memory leak
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Fixes: CID 73796
-
-Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-Reviewed-by: Jan Setje-Eilers <jan.setjeeilers@oracle.com>
-Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
- grub-core/fs/udf.c | 17 +++++++++++++----
- 1 file changed, 13 insertions(+), 4 deletions(-)
-
-diff --git a/grub-core/fs/udf.c b/grub-core/fs/udf.c
-index 21ac7f446..2ac5c1d00 100644
--- a/grub-core/fs/udf.c
-+++ b/grub-core/fs/udf.c
-@@ -965,8 +965,10 @@ grub_udf_iterate_dir (grub_fshelp_node_t dir,
- 	    return 0;
- 
-           if (grub_udf_read_icb (dir->data, &dirent.icb, child))
-	    return 0;
-
-+	    {
-+	      grub_free (child);
-+	      return 0;
-+	    }
-           if (dirent.characteristics & GRUB_UDF_FID_CHAR_PARENT)
- 	    {
- 	      /* This is the parent directory.  */
-@@ -988,11 +990,18 @@ grub_udf_iterate_dir (grub_fshelp_node_t dir,
- 				       dirent.file_ident_length,
- 				       (char *) raw))
- 		  != dirent.file_ident_length)
-		return 0;
-+		{
-+		  grub_free (child);
-+		  return 0;
-+		}
- 
- 	      filename = read_string (raw, dirent.file_ident_length, 0);
- 	      if (!filename)
-		grub_print_error ();
-+		{
-+		  /* As the hook won't get called. */
-+		  grub_free (child);
-+		  grub_print_error ();
-+		}
- 
- 	      if (filename && hook (filename, type, child, hook_data))
- 		{
-- 
-2.26.2
-
--- a/boot/grub2/0014-multiboot2-Fix-memory-leak-if-grub_create_loader_cmd.patch
+++ b/boot/grub2/0014-multiboot2-Fix-memory-leak-if-grub_create_loader_cmd.patch
@@ -1,38 +0,0 @@
-From 49bf3faa106498e151306fc780c63194a14751e3 Mon Sep 17 00:00:00 2001
-From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
-Date: Fri, 26 Jun 2020 10:51:43 -0400
-Subject: [PATCH] multiboot2: Fix memory leak if
- grub_create_loader_cmdline() fails
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Fixes: CID 292468
-
-Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
- grub-core/loader/multiboot_mbi2.c | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/grub-core/loader/multiboot_mbi2.c b/grub-core/loader/multiboot_mbi2.c
-index 53da78615..0efc66062 100644
--- a/grub-core/loader/multiboot_mbi2.c
-+++ b/grub-core/loader/multiboot_mbi2.c
-@@ -1070,7 +1070,11 @@ grub_multiboot2_add_module (grub_addr_t start, grub_size_t size,
-   err = grub_create_loader_cmdline (argc, argv, newmod->cmdline,
- 				    newmod->cmdline_size, GRUB_VERIFY_MODULE_CMDLINE);
-   if (err)
-    return err;
-+    {
-+      grub_free (newmod->cmdline);
-+      grub_free (newmod);
-+      return err;
-+    }
- 
-   if (modules_last)
-     modules_last->next = newmod;
-- 
-2.26.2
-
--- a/boot/grub2/0015-tftp-Do-not-use-priority-queue.patch
+++ b/boot/grub2/0015-tftp-Do-not-use-priority-queue.patch
@@ -1,283 +0,0 @@
-From b6c4a1b204740fe52b32e7f530831a59f4038e20 Mon Sep 17 00:00:00 2001
-From: Alexey Makhalov <amakhalov@vmware.com>
-Date: Thu, 9 Jul 2020 08:10:40 +0000
-Subject: [PATCH] tftp: Do not use priority queue
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-There is not need to reassemble the order of blocks. Per RFC 1350,
-server must wait for the ACK, before sending next block. Data packets
-can be served immediately without putting them to priority queue.
-
-Logic to handle incoming packet is this:
-  - if packet block id equal to expected block id, then
-    process the packet,
-  - if packet block id is less than expected - this is retransmit
-    of old packet, then ACK it and drop the packet,
-  - if packet block id is more than expected - that shouldn't
-    happen, just drop the packet.
-
-It makes the tftp receive path code simpler, smaller and faster.
-As a benefit, this change fixes CID# 73624 and CID# 96690, caused
-by following while loop:
-
-  while (cmp_block (grub_be_to_cpu16 (tftph->u.data.block), data->block + 1) == 0)
-
-where tftph pointer is not moving from one iteration to another, causing
-to serve same packet again. Luckily, double serving didn't happen due to
-data->block++ during the first iteration.
-
-Fixes: CID 73624, CID 96690
-
-Signed-off-by: Alexey Makhalov <amakhalov@vmware.com>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
- grub-core/net/tftp.c | 168 ++++++++++++++-----------------------------
- 1 file changed, 53 insertions(+), 115 deletions(-)
-
-diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c
-index 7d90bf66e..b4297bc8d 100644
--- a/grub-core/net/tftp.c
-+++ b/grub-core/net/tftp.c
-@@ -25,7 +25,6 @@
- #include <grub/mm.h>
- #include <grub/dl.h>
- #include <grub/file.h>
-#include <grub/priority_queue.h>
- #include <grub/i18n.h>
- 
- GRUB_MOD_LICENSE ("GPLv3+");
-@@ -106,31 +105,8 @@ typedef struct tftp_data
-   int have_oack;
-   struct grub_error_saved save_err;
-   grub_net_udp_socket_t sock;
-  grub_priority_queue_t pq;
- } *tftp_data_t;
- 
-static int
-cmp_block (grub_uint16_t a, grub_uint16_t b)
-{
-  grub_int16_t i = (grub_int16_t) (a - b);
-  if (i > 0)
-    return +1;
-  if (i < 0)
-    return -1;
-  return 0;
-}
-
-static int
-cmp (const void *a__, const void *b__)
-{
-  struct grub_net_buff *a_ = *(struct grub_net_buff **) a__;
-  struct grub_net_buff *b_ = *(struct grub_net_buff **) b__;
-  struct tftphdr *a = (struct tftphdr *) a_->data;
-  struct tftphdr *b = (struct tftphdr *) b_->data;
-  /* We want the first elements to be on top.  */
-  return -cmp_block (grub_be_to_cpu16 (a->u.data.block), grub_be_to_cpu16 (b->u.data.block));
-}
-
- static grub_err_t
- ack (tftp_data_t data, grub_uint64_t block)
- {
-@@ -207,73 +183,60 @@ tftp_receive (grub_net_udp_socket_t sock __attribute__ ((unused)),
- 	  return GRUB_ERR_NONE;
- 	}
- 
-      err = grub_priority_queue_push (data->pq, &nb);
-      if (err)
-	return err;
-
-      {
-	struct grub_net_buff **nb_top_p, *nb_top;
-	while (1)
-	  {
-	    nb_top_p = grub_priority_queue_top (data->pq);
-	    if (!nb_top_p)
-	      return GRUB_ERR_NONE;
-	    nb_top = *nb_top_p;
-	    tftph = (struct tftphdr *) nb_top->data;
-	    if (cmp_block (grub_be_to_cpu16 (tftph->u.data.block), data->block + 1) >= 0)
-	      break;
-	    ack (data, grub_be_to_cpu16 (tftph->u.data.block));
-	    grub_netbuff_free (nb_top);
-	    grub_priority_queue_pop (data->pq);
-	  }
-	while (cmp_block (grub_be_to_cpu16 (tftph->u.data.block), data->block + 1) == 0)
-	  {
-	    unsigned size;
-
-	    grub_priority_queue_pop (data->pq);
-
-	    if (file->device->net->packs.count < 50)
-+      /* Ack old/retransmitted block. */
-+      if (grub_be_to_cpu16 (tftph->u.data.block) < data->block + 1)
-+	ack (data, grub_be_to_cpu16 (tftph->u.data.block));
-+      /* Ignore unexpected block. */
-+      else if (grub_be_to_cpu16 (tftph->u.data.block) > data->block + 1)
-+	grub_dprintf ("tftp", "TFTP unexpected block # %d\n", tftph->u.data.block);
-+      else
-+	{
-+	  unsigned size;
-+
-+	  if (file->device->net->packs.count < 50)
-+	    {
- 	      err = ack (data, data->block + 1);
-	    else
-	      {
-		file->device->net->stall = 1;
-		err = 0;
-	      }
-	    if (err)
-	      return err;
-
-	    err = grub_netbuff_pull (nb_top, sizeof (tftph->opcode) +
-				     sizeof (tftph->u.data.block));
-	    if (err)
-	      return err;
-	    size = nb_top->tail - nb_top->data;
-
-	    data->block++;
-	    if (size < data->block_size)
-	      {
-		if (data->ack_sent < data->block)
-		  ack (data, data->block);
-		file->device->net->eof = 1;
-		file->device->net->stall = 1;
-		grub_net_udp_close (data->sock);
-		data->sock = NULL;
-	      }
-	    /* Prevent garbage in broken cards. Is it still necessary
-	       given that IP implementation has been fixed?
-	     */
-	    if (size > data->block_size)
-	      {
-		err = grub_netbuff_unput (nb_top, size - data->block_size);
-		if (err)
-		  return err;
-	      }
-	    /* If there is data, puts packet in socket list. */
-	    if ((nb_top->tail - nb_top->data) > 0)
-	      grub_net_put_packet (&file->device->net->packs, nb_top);
-	    else
-	      grub_netbuff_free (nb_top);
-	  }
-      }
-+	      if (err)
-+		return err;
-+	    }
-+	  else
-+	    file->device->net->stall = 1;
-+
-+	  err = grub_netbuff_pull (nb, sizeof (tftph->opcode) +
-+				   sizeof (tftph->u.data.block));
-+	  if (err)
-+	    return err;
-+	  size = nb->tail - nb->data;
-+
-+	  data->block++;
-+	  if (size < data->block_size)
-+	    {
-+	      if (data->ack_sent < data->block)
-+		ack (data, data->block);
-+	      file->device->net->eof = 1;
-+	      file->device->net->stall = 1;
-+	      grub_net_udp_close (data->sock);
-+	      data->sock = NULL;
-+	    }
-+	  /*
-+	   * Prevent garbage in broken cards. Is it still necessary
-+	   * given that IP implementation has been fixed?
-+	   */
-+	  if (size > data->block_size)
-+	    {
-+	      err = grub_netbuff_unput (nb, size - data->block_size);
-+	      if (err)
-+		return err;
-+	    }
-+	  /* If there is data, puts packet in socket list. */
-+	  if ((nb->tail - nb->data) > 0)
-+	    {
-+	      grub_net_put_packet (&file->device->net->packs, nb);
-+	      /* Do not free nb. */
-+	      return GRUB_ERR_NONE;
-+	    }
-+	}
-+      grub_netbuff_free (nb);
-       return GRUB_ERR_NONE;
-     case TFTP_ERROR:
-       data->have_oack = 1;
-@@ -287,19 +250,6 @@ tftp_receive (grub_net_udp_socket_t sock __attribute__ ((unused)),
-     }
- }
- 
-static void
-destroy_pq (tftp_data_t data)
-{
-  struct grub_net_buff **nb_p;
-  while ((nb_p = grub_priority_queue_top (data->pq)))
-    {
-      grub_netbuff_free (*nb_p);
-      grub_priority_queue_pop (data->pq);
-    }
-
-  grub_priority_queue_destroy (data->pq);
-}
-
- static grub_err_t
- tftp_open (struct grub_file *file, const char *filename)
- {
-@@ -372,17 +322,9 @@ tftp_open (struct grub_file *file, const char *filename)
-   file->not_easily_seekable = 1;
-   file->data = data;
- 
-  data->pq = grub_priority_queue_new (sizeof (struct grub_net_buff *), cmp);
-  if (!data->pq)
-    {
-      grub_free (data);
-      return grub_errno;
-    }
-
-   err = grub_net_resolve_address (file->device->net->server, &addr);
-   if (err)
-     {
-      destroy_pq (data);
-       grub_free (data);
-       return err;
-     }
-@@ -392,7 +334,6 @@ tftp_open (struct grub_file *file, const char *filename)
- 				  file);
-   if (!data->sock)
-     {
-      destroy_pq (data);
-       grub_free (data);
-       return grub_errno;
-     }
-@@ -406,7 +347,6 @@ tftp_open (struct grub_file *file, const char *filename)
-       if (err)
- 	{
- 	  grub_net_udp_close (data->sock);
-	  destroy_pq (data);
- 	  grub_free (data);
- 	  return err;
- 	}
-@@ -423,7 +363,6 @@ tftp_open (struct grub_file *file, const char *filename)
-   if (grub_errno)
-     {
-       grub_net_udp_close (data->sock);
-      destroy_pq (data);
-       grub_free (data);
-       return grub_errno;
-     }
-@@ -466,7 +405,6 @@ tftp_close (struct grub_file *file)
- 	grub_print_error ();
-       grub_net_udp_close (data->sock);
-     }
-  destroy_pq (data);
-   grub_free (data);
-   return GRUB_ERR_NONE;
- }
-- 
-2.26.2
-
--- a/boot/grub2/0016-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch
+++ b/boot/grub2/0016-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch
@@ -1,153 +0,0 @@
-From 1c7b619c84f229c1602c1958bcd054b6d9937562 Mon Sep 17 00:00:00 2001
-From: Alexey Makhalov <amakhalov@vmware.com>
-Date: Wed, 15 Jul 2020 06:42:37 +0000
-Subject: [PATCH] relocator: Protect grub_relocator_alloc_chunk_addr()
- input args against integer underflow/overflow
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Use arithmetic macros from safemath.h to accomplish it. In this commit,
-I didn't want to be too paranoid to check every possible math equation
-for overflow/underflow. Only obvious places (with non zero chance of
-overflow/underflow) were refactored.
-
-Signed-off-by: Alexey Makhalov <amakhalov@vmware.com>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
- grub-core/loader/i386/linux.c    |  9 +++++++--
- grub-core/loader/i386/pc/linux.c |  9 +++++++--
- grub-core/loader/i386/xen.c      | 12 ++++++++++--
- grub-core/loader/xnu.c           | 11 +++++++----
- 4 files changed, 31 insertions(+), 10 deletions(-)
-
-diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c
-index d0501e229..02a73463a 100644
--- a/grub-core/loader/i386/linux.c
-+++ b/grub-core/loader/i386/linux.c
-@@ -36,6 +36,7 @@
- #include <grub/lib/cmdline.h>
- #include <grub/linux.h>
- #include <grub/machine/kernel.h>
-+#include <grub/safemath.h>
- 
- GRUB_MOD_LICENSE ("GPLv3+");
- 
-@@ -547,9 +548,13 @@ grub_linux_boot (void)
- 
-   {
-     grub_relocator_chunk_t ch;
-+    grub_size_t sz;
-+
-+    if (grub_add (ctx.real_size, efi_mmap_size, &sz))
-+      return GRUB_ERR_OUT_OF_RANGE;
-+
-     err = grub_relocator_alloc_chunk_addr (relocator, &ch,
-					   ctx.real_mode_target,
-					   (ctx.real_size + efi_mmap_size));
-+					   ctx.real_mode_target, sz);
-     if (err)
-      return err;
-     real_mode_mem = get_virtual_current_address (ch);
-diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c
-index 47ea2945e..31f09922b 100644
--- a/grub-core/loader/i386/pc/linux.c
-+++ b/grub-core/loader/i386/pc/linux.c
-@@ -35,6 +35,7 @@
- #include <grub/i386/floppy.h>
- #include <grub/lib/cmdline.h>
- #include <grub/linux.h>
-+#include <grub/safemath.h>
- 
- GRUB_MOD_LICENSE ("GPLv3+");
- 
-@@ -218,8 +219,12 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
-     setup_sects = GRUB_LINUX_DEFAULT_SETUP_SECTS;
- 
-   real_size = setup_sects << GRUB_DISK_SECTOR_BITS;
-  grub_linux16_prot_size = grub_file_size (file)
-    - real_size - GRUB_DISK_SECTOR_SIZE;
-+  if (grub_sub (grub_file_size (file), real_size, &grub_linux16_prot_size) ||
-+      grub_sub (grub_linux16_prot_size, GRUB_DISK_SECTOR_SIZE, &grub_linux16_prot_size))
-+    {
-+      grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
-+      goto fail;
-+    }
- 
-   if (! grub_linux_is_bzimage
-       && GRUB_LINUX_ZIMAGE_ADDR + grub_linux16_prot_size
-diff --git a/grub-core/loader/i386/xen.c b/grub-core/loader/i386/xen.c
-index 8f662c8ac..cd24874ca 100644
--- a/grub-core/loader/i386/xen.c
-+++ b/grub-core/loader/i386/xen.c
-@@ -41,6 +41,7 @@
- #include <grub/linux.h>
- #include <grub/i386/memory.h>
- #include <grub/verify.h>
-+#include <grub/safemath.h>
- 
- GRUB_MOD_LICENSE ("GPLv3+");
- 
-@@ -636,6 +637,7 @@ grub_cmd_xen (grub_command_t cmd __attribute__ ((unused)),
-   grub_relocator_chunk_t ch;
-   grub_addr_t kern_start;
-   grub_addr_t kern_end;
-+  grub_size_t sz;
- 
-   if (argc == 0)
-     return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
-@@ -703,8 +705,14 @@ grub_cmd_xen (grub_command_t cmd __attribute__ ((unused)),
- 
-   xen_state.max_addr = ALIGN_UP (kern_end, PAGE_SIZE);
- 
-  err = grub_relocator_alloc_chunk_addr (xen_state.relocator, &ch, kern_start,
-					 kern_end - kern_start);
-+
-+  if (grub_sub (kern_end, kern_start, &sz))
-+    {
-+      err = GRUB_ERR_OUT_OF_RANGE;
-+      goto fail;
-+    }
-+
-+  err = grub_relocator_alloc_chunk_addr (xen_state.relocator, &ch, kern_start, sz);
-   if (err)
-     goto fail;
-   kern_chunk_src = get_virtual_current_address (ch);
-diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c
-index 77d7060e1..9ae4ceb35 100644
--- a/grub-core/loader/xnu.c
-+++ b/grub-core/loader/xnu.c
-@@ -34,6 +34,7 @@
- #include <grub/env.h>
- #include <grub/i18n.h>
- #include <grub/verify.h>
-+#include <grub/safemath.h>
- 
- GRUB_MOD_LICENSE ("GPLv3+");
- 
-@@ -59,15 +60,17 @@ grub_xnu_heap_malloc (int size, void **src, grub_addr_t *target)
- {
-   grub_err_t err;
-   grub_relocator_chunk_t ch;
-+  grub_addr_t tgt;
-+
-+  if (grub_add (grub_xnu_heap_target_start, grub_xnu_heap_size, &tgt))
-+    return GRUB_ERR_OUT_OF_RANGE;
-   
-  err = grub_relocator_alloc_chunk_addr (grub_xnu_relocator, &ch,
-					 grub_xnu_heap_target_start
-					 + grub_xnu_heap_size, size);
-+  err = grub_relocator_alloc_chunk_addr (grub_xnu_relocator, &ch, tgt, size);
-   if (err)
-     return err;
- 
-   *src = get_virtual_current_address (ch);
-  *target = grub_xnu_heap_target_start + grub_xnu_heap_size;
-+  *target = tgt;
-   grub_xnu_heap_size += size;
-   grub_dprintf ("xnu", "val=%p\n", *src);
-   return GRUB_ERR_NONE;
-- 
-2.26.2
-
--- a/boot/grub2/0017-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch
+++ b/boot/grub2/0017-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch
@@ -1,341 +0,0 @@
-From 0cfbbca3ccd84d36ffb1bcd6644ada7c73b19fc0 Mon Sep 17 00:00:00 2001
-From: Alexey Makhalov <amakhalov@vmware.com>
-Date: Wed, 8 Jul 2020 01:44:38 +0000
-Subject: [PATCH] relocator: Protect grub_relocator_alloc_chunk_align()
- max_addr against integer underflow
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This commit introduces integer underflow mitigation in max_addr calculation
-in grub_relocator_alloc_chunk_align() invocation.
-
-It consists of 2 fixes:
-  1. Introduced grub_relocator_alloc_chunk_align_safe() wrapper function to perform
-     sanity check for min/max and size values, and to make safe invocation of
-     grub_relocator_alloc_chunk_align() with validated max_addr value. Replace all
-     invocations such as grub_relocator_alloc_chunk_align(..., min_addr, max_addr - size, size, ...)
-     by grub_relocator_alloc_chunk_align_safe(..., min_addr, max_addr, size, ...).
-  2. Introduced UP_TO_TOP32(s) macro for the cases where max_addr is 32-bit top
-     address (0xffffffff - size + 1) or similar.
-
-Signed-off-by: Alexey Makhalov <amakhalov@vmware.com>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
- grub-core/lib/i386/relocator.c        | 28 ++++++++++----------------
- grub-core/lib/mips/relocator.c        |  6 ++----
- grub-core/lib/powerpc/relocator.c     |  6 ++----
- grub-core/lib/x86_64/efi/relocator.c  |  7 +++----
- grub-core/loader/i386/linux.c         |  5 ++---
- grub-core/loader/i386/multiboot_mbi.c |  7 +++----
- grub-core/loader/i386/pc/linux.c      |  6 ++----
- grub-core/loader/mips/linux.c         |  9 +++------
- grub-core/loader/multiboot.c          |  2 +-
- grub-core/loader/multiboot_elfxx.c    | 10 ++++-----
- grub-core/loader/multiboot_mbi2.c     | 10 ++++-----
- grub-core/loader/xnu_resume.c         |  2 +-
- include/grub/relocator.h              | 29 +++++++++++++++++++++++++++
- 13 files changed, 69 insertions(+), 58 deletions(-)
-
-diff --git a/grub-core/lib/i386/relocator.c b/grub-core/lib/i386/relocator.c
-index 71dd4f0ab..34cbe834f 100644
--- a/grub-core/lib/i386/relocator.c
-+++ b/grub-core/lib/i386/relocator.c
-@@ -83,11 +83,10 @@ grub_relocator32_boot (struct grub_relocator *rel,
-   /* Specific memory range due to Global Descriptor Table for use by payload
-      that we will store in returned chunk.  The address range and preference
-      are based on "THE LINUX/x86 BOOT PROTOCOL" specification.  */
-  err = grub_relocator_alloc_chunk_align (rel, &ch, 0x1000,
-					  0x9a000 - RELOCATOR_SIZEOF (32),
-					  RELOCATOR_SIZEOF (32), 16,
-					  GRUB_RELOCATOR_PREFERENCE_LOW,
-					  avoid_efi_bootservices);
-+  err = grub_relocator_alloc_chunk_align_safe (rel, &ch, 0x1000, 0x9a000,
-+					       RELOCATOR_SIZEOF (32), 16,
-+					       GRUB_RELOCATOR_PREFERENCE_LOW,
-+					       avoid_efi_bootservices);
-   if (err)
-     return err;
- 
-@@ -125,13 +124,10 @@ grub_relocator16_boot (struct grub_relocator *rel,
-   grub_relocator_chunk_t ch;
- 
-   /* Put it higher than the byte it checks for A20 check.  */
-  err = grub_relocator_alloc_chunk_align (rel, &ch, 0x8010,
-					  0xa0000 - RELOCATOR_SIZEOF (16)
-					  - GRUB_RELOCATOR16_STACK_SIZE,
-					  RELOCATOR_SIZEOF (16)
-					  + GRUB_RELOCATOR16_STACK_SIZE, 16,
-					  GRUB_RELOCATOR_PREFERENCE_NONE,
-					  0);
-+  err = grub_relocator_alloc_chunk_align_safe (rel, &ch, 0x8010, 0xa0000,
-+					       RELOCATOR_SIZEOF (16) +
-+					       GRUB_RELOCATOR16_STACK_SIZE, 16,
-+					       GRUB_RELOCATOR_PREFERENCE_NONE, 0);
-   if (err)
-     return err;
- 
-@@ -183,11 +179,9 @@ grub_relocator64_boot (struct grub_relocator *rel,
-   void *relst;
-   grub_relocator_chunk_t ch;
- 
-  err = grub_relocator_alloc_chunk_align (rel, &ch, min_addr,
-					  max_addr - RELOCATOR_SIZEOF (64),
-					  RELOCATOR_SIZEOF (64), 16,
-					  GRUB_RELOCATOR_PREFERENCE_NONE,
-					  0);
-+  err = grub_relocator_alloc_chunk_align_safe (rel, &ch, min_addr, max_addr,
-+					       RELOCATOR_SIZEOF (64), 16,
-+					       GRUB_RELOCATOR_PREFERENCE_NONE, 0);
-   if (err)
-     return err;
- 
-diff --git a/grub-core/lib/mips/relocator.c b/grub-core/lib/mips/relocator.c
-index 9d5f49cb9..743b213e6 100644
--- a/grub-core/lib/mips/relocator.c
-+++ b/grub-core/lib/mips/relocator.c
-@@ -120,10 +120,8 @@ grub_relocator32_boot (struct grub_relocator *rel,
-   unsigned i;
-   grub_addr_t vtarget;
- 
-  err = grub_relocator_alloc_chunk_align (rel, &ch, 0,
-					  (0xffffffff - stateset_size)
-					  + 1, stateset_size,
-					  sizeof (grub_uint32_t),
-+  err = grub_relocator_alloc_chunk_align (rel, &ch, 0, UP_TO_TOP32 (stateset_size),
-+					  stateset_size, sizeof (grub_uint32_t),
- 					  GRUB_RELOCATOR_PREFERENCE_NONE, 0);
-   if (err)
-     return err;
-diff --git a/grub-core/lib/powerpc/relocator.c b/grub-core/lib/powerpc/relocator.c
-index bdf2b111b..8ffb8b686 100644
--- a/grub-core/lib/powerpc/relocator.c
-+++ b/grub-core/lib/powerpc/relocator.c
-@@ -115,10 +115,8 @@ grub_relocator32_boot (struct grub_relocator *rel,
-   unsigned i;
-   grub_relocator_chunk_t ch;
- 
-  err = grub_relocator_alloc_chunk_align (rel, &ch, 0,
-					  (0xffffffff - stateset_size)
-					  + 1, stateset_size,
-					  sizeof (grub_uint32_t),
-+  err = grub_relocator_alloc_chunk_align (rel, &ch, 0, UP_TO_TOP32 (stateset_size),
-+					  stateset_size, sizeof (grub_uint32_t),
- 					  GRUB_RELOCATOR_PREFERENCE_NONE, 0);
-   if (err)
-     return err;
-diff --git a/grub-core/lib/x86_64/efi/relocator.c b/grub-core/lib/x86_64/efi/relocator.c
-index 3caef7a40..7d200a125 100644
--- a/grub-core/lib/x86_64/efi/relocator.c
-+++ b/grub-core/lib/x86_64/efi/relocator.c
-@@ -50,10 +50,9 @@ grub_relocator64_efi_boot (struct grub_relocator *rel,
-    * 64-bit relocator code may live above 4 GiB quite well.
-    * However, I do not want ask for problems. Just in case.
-    */
-  err = grub_relocator_alloc_chunk_align (rel, &ch, 0,
-					  0x100000000 - RELOCATOR_SIZEOF (64_efi),
-					  RELOCATOR_SIZEOF (64_efi), 16,
-					  GRUB_RELOCATOR_PREFERENCE_NONE, 1);
-+  err = grub_relocator_alloc_chunk_align_safe (rel, &ch, 0, 0x100000000,
-+					       RELOCATOR_SIZEOF (64_efi), 16,
-+					       GRUB_RELOCATOR_PREFERENCE_NONE, 1);
-   if (err)
-     return err;
- 
-diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c
-index 02a73463a..efbb99307 100644
--- a/grub-core/loader/i386/linux.c
-+++ b/grub-core/loader/i386/linux.c
-@@ -181,9 +181,8 @@ allocate_pages (grub_size_t prot_size, grub_size_t *align,
- 	for (; err && *align + 1 > min_align; (*align)--)
- 	  {
- 	    grub_errno = GRUB_ERR_NONE;
-	    err = grub_relocator_alloc_chunk_align (relocator, &ch,
-						    0x1000000,
-						    0xffffffff & ~prot_size,
-+	    err = grub_relocator_alloc_chunk_align (relocator, &ch, 0x1000000,
-+						    UP_TO_TOP32 (prot_size),
- 						    prot_size, 1 << *align,
- 						    GRUB_RELOCATOR_PREFERENCE_LOW,
- 						    1);
-diff --git a/grub-core/loader/i386/multiboot_mbi.c b/grub-core/loader/i386/multiboot_mbi.c
-index ad3cc292f..a67d9d0a8 100644
--- a/grub-core/loader/i386/multiboot_mbi.c
-+++ b/grub-core/loader/i386/multiboot_mbi.c
-@@ -466,10 +466,9 @@ grub_multiboot_make_mbi (grub_uint32_t *target)
- 
-   bufsize = grub_multiboot_get_mbi_size ();
- 
-  err = grub_relocator_alloc_chunk_align (grub_multiboot_relocator, &ch,
-					  0x10000, 0xa0000 - bufsize,
-					  bufsize, 4,
-					  GRUB_RELOCATOR_PREFERENCE_NONE, 0);
-+  err = grub_relocator_alloc_chunk_align_safe (grub_multiboot_relocator, &ch,
-+					       0x10000, 0xa0000, bufsize, 4,
-+					       GRUB_RELOCATOR_PREFERENCE_NONE, 0);
-   if (err)
-     return err;
-   ptrorig = get_virtual_current_address (ch);
-diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c
-index 31f09922b..5fed5ffdf 100644
--- a/grub-core/loader/i386/pc/linux.c
-+++ b/grub-core/loader/i386/pc/linux.c
-@@ -453,10 +453,8 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
- 
-   {
-     grub_relocator_chunk_t ch;
-    err = grub_relocator_alloc_chunk_align (relocator, &ch,
-					    addr_min, addr_max - size,
-					    size, 0x1000,
-					    GRUB_RELOCATOR_PREFERENCE_HIGH, 0);
-+    err = grub_relocator_alloc_chunk_align_safe (relocator, &ch, addr_min, addr_max, size,
-+						 0x1000, GRUB_RELOCATOR_PREFERENCE_HIGH, 0);
-     if (err)
-       return err;
-     initrd_chunk = get_virtual_current_address (ch);
-diff --git a/grub-core/loader/mips/linux.c b/grub-core/loader/mips/linux.c
-index 7b723bf18..e4ed95921 100644
--- a/grub-core/loader/mips/linux.c
-+++ b/grub-core/loader/mips/linux.c
-@@ -442,12 +442,9 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
-   {
-     grub_relocator_chunk_t ch;
- 
-    err = grub_relocator_alloc_chunk_align (relocator, &ch,
-					    (target_addr & 0x1fffffff)
-					    + linux_size + 0x10000,
-					    (0x10000000 - size),
-					    size, 0x10000,
-					    GRUB_RELOCATOR_PREFERENCE_NONE, 0);
-+    err = grub_relocator_alloc_chunk_align_safe (relocator, &ch, (target_addr & 0x1fffffff) +
-+						 linux_size + 0x10000, 0x10000000, size,
-+						 0x10000, GRUB_RELOCATOR_PREFERENCE_NONE, 0);
- 
-     if (err)
-       goto fail;
-diff --git a/grub-core/loader/multiboot.c b/grub-core/loader/multiboot.c
-index 4a98d7082..facb13f3d 100644
--- a/grub-core/loader/multiboot.c
-+++ b/grub-core/loader/multiboot.c
-@@ -403,7 +403,7 @@ grub_cmd_module (grub_command_t cmd __attribute__ ((unused)),
-   {
-     grub_relocator_chunk_t ch;
-     err = grub_relocator_alloc_chunk_align (GRUB_MULTIBOOT (relocator), &ch,
-					    lowest_addr, (0xffffffff - size) + 1,
-+					    lowest_addr, UP_TO_TOP32 (size),
- 					    size, MULTIBOOT_MOD_ALIGN,
- 					    GRUB_RELOCATOR_PREFERENCE_NONE, 1);
-     if (err)
-diff --git a/grub-core/loader/multiboot_elfxx.c b/grub-core/loader/multiboot_elfxx.c
-index cc6853692..f2318e0d1 100644
--- a/grub-core/loader/multiboot_elfxx.c
-+++ b/grub-core/loader/multiboot_elfxx.c
-@@ -109,10 +109,10 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld)
-       if (load_size > mld->max_addr || mld->min_addr > mld->max_addr - load_size)
- 	return grub_error (GRUB_ERR_BAD_OS, "invalid min/max address and/or load size");
- 
-      err = grub_relocator_alloc_chunk_align (GRUB_MULTIBOOT (relocator), &ch,
-					      mld->min_addr, mld->max_addr - load_size,
-					      load_size, mld->align ? mld->align : 1,
-					      mld->preference, mld->avoid_efi_boot_services);
-+      err = grub_relocator_alloc_chunk_align_safe (GRUB_MULTIBOOT (relocator), &ch,
-+						   mld->min_addr, mld->max_addr,
-+						   load_size, mld->align ? mld->align : 1,
-+						   mld->preference, mld->avoid_efi_boot_services);
- 
-       if (err)
-         {
-@@ -256,7 +256,7 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld)
- 	    continue;
- 
- 	  err = grub_relocator_alloc_chunk_align (GRUB_MULTIBOOT (relocator), &ch, 0,
-						  (0xffffffff - sh->sh_size) + 1,
-+						  UP_TO_TOP32 (sh->sh_size),
- 						  sh->sh_size, sh->sh_addralign,
- 						  GRUB_RELOCATOR_PREFERENCE_NONE,
- 						  mld->avoid_efi_boot_services);
-diff --git a/grub-core/loader/multiboot_mbi2.c b/grub-core/loader/multiboot_mbi2.c
-index 0efc66062..03967839c 100644
--- a/grub-core/loader/multiboot_mbi2.c
-+++ b/grub-core/loader/multiboot_mbi2.c
-@@ -295,10 +295,10 @@ grub_multiboot2_load (grub_file_t file, const char *filename)
- 	      return grub_error (GRUB_ERR_BAD_OS, "invalid min/max address and/or load size");
- 	    }
- 
-	  err = grub_relocator_alloc_chunk_align (grub_multiboot2_relocator, &ch,
-						  mld.min_addr, mld.max_addr - code_size,
-						  code_size, mld.align ? mld.align : 1,
-						  mld.preference, keep_bs);
-+	  err = grub_relocator_alloc_chunk_align_safe (grub_multiboot2_relocator, &ch,
-+						       mld.min_addr, mld.max_addr,
-+						       code_size, mld.align ? mld.align : 1,
-+						       mld.preference, keep_bs);
- 	}
-       else
- 	err = grub_relocator_alloc_chunk_addr (grub_multiboot2_relocator,
-@@ -708,7 +708,7 @@ grub_multiboot2_make_mbi (grub_uint32_t *target)
-   COMPILE_TIME_ASSERT (MULTIBOOT_TAG_ALIGN % sizeof (grub_properly_aligned_t) == 0);
- 
-   err = grub_relocator_alloc_chunk_align (grub_multiboot2_relocator, &ch,
-					  0, 0xffffffff - bufsize,
-+					  0, UP_TO_TOP32 (bufsize),
- 					  bufsize, MULTIBOOT_TAG_ALIGN,
- 					  GRUB_RELOCATOR_PREFERENCE_NONE, 1);
-   if (err)
-diff --git a/grub-core/loader/xnu_resume.c b/grub-core/loader/xnu_resume.c
-index 8089804d4..d648ef0cd 100644
--- a/grub-core/loader/xnu_resume.c
-+++ b/grub-core/loader/xnu_resume.c
-@@ -129,7 +129,7 @@ grub_xnu_resume (char *imagename)
-   {
-     grub_relocator_chunk_t ch;
-     err = grub_relocator_alloc_chunk_align (grub_xnu_relocator, &ch, 0,
-					    (0xffffffff - hibhead.image_size) + 1,
-+					    UP_TO_TOP32 (hibhead.image_size),
- 					    hibhead.image_size,
- 					    GRUB_XNU_PAGESIZE,
- 					    GRUB_RELOCATOR_PREFERENCE_NONE, 0);
-diff --git a/include/grub/relocator.h b/include/grub/relocator.h
-index 24d8672d2..1b3bdd92a 100644
--- a/include/grub/relocator.h
-+++ b/include/grub/relocator.h
-@@ -49,6 +49,35 @@ grub_relocator_alloc_chunk_align (struct grub_relocator *rel,
- 				  int preference,
- 				  int avoid_efi_boot_services);
- 
-+/*
-+ * Wrapper for grub_relocator_alloc_chunk_align() with purpose of
-+ * protecting against integer underflow.
-+ *
-+ * Compare to its callee, max_addr has different meaning here.
-+ * It covers entire chunk and not just start address of the chunk.
-+ */
-+static inline grub_err_t
-+grub_relocator_alloc_chunk_align_safe (struct grub_relocator *rel,
-+				       grub_relocator_chunk_t *out,
-+				       grub_phys_addr_t min_addr,
-+				       grub_phys_addr_t max_addr,
-+				       grub_size_t size, grub_size_t align,
-+				       int preference,
-+				       int avoid_efi_boot_services)
-+{
-+  /* Sanity check and ensure following equation (max_addr - size) is safe. */
-+  if (max_addr < size || (max_addr - size) < min_addr)
-+    return GRUB_ERR_OUT_OF_RANGE;
-+
-+  return grub_relocator_alloc_chunk_align (rel, out, min_addr,
-+					   max_addr - size,
-+					   size, align, preference,
-+					   avoid_efi_boot_services);
-+}
-+
-+/* Top 32-bit address minus s bytes and plus 1 byte. */
-+#define UP_TO_TOP32(s)	((~(s) & 0xffffffff) + 1)
-+
- #define GRUB_RELOCATOR_PREFERENCE_NONE 0
- #define GRUB_RELOCATOR_PREFERENCE_LOW 1
- #define GRUB_RELOCATOR_PREFERENCE_HIGH 2
-- 
-2.26.2
-
--- a/boot/grub2/0018-script-Remove-unused-fields-from-grub_script_functio.patch
+++ b/boot/grub2/0018-script-Remove-unused-fields-from-grub_script_functio.patch
@@ -1,37 +0,0 @@
-From 73aa0776457066ee6ebc93486c3cf0e6b755d1b8 Mon Sep 17 00:00:00 2001
-From: Chris Coulson <chris.coulson@canonical.com>
-Date: Fri, 10 Jul 2020 11:21:14 +0100
-Subject: [PATCH] script: Remove unused fields from grub_script_function
- struct
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
- include/grub/script_sh.h | 5 -----
- 1 file changed, 5 deletions(-)
-
-diff --git a/include/grub/script_sh.h b/include/grub/script_sh.h
-index 360c2be1f..b382bcf09 100644
--- a/include/grub/script_sh.h
-+++ b/include/grub/script_sh.h
-@@ -359,13 +359,8 @@ struct grub_script_function
-   /* The script function.  */
-   struct grub_script *func;
- 
-  /* The flags.  */
-  unsigned flags;
-
-   /* The next element.  */
-   struct grub_script_function *next;
-
-  int references;
- };
- typedef struct grub_script_function *grub_script_function_t;
- 
-- 
-2.26.2
-
--- a/boot/grub2/0019-script-Avoid-a-use-after-free-when-redefining-a-func.patch
+++ b/boot/grub2/0019-script-Avoid-a-use-after-free-when-redefining-a-func.patch
@@ -1,113 +0,0 @@
-From 26349fcf80982b4d0120b73b2836e88bcf16853c Mon Sep 17 00:00:00 2001
-From: Chris Coulson <chris.coulson@canonical.com>
-Date: Fri, 10 Jul 2020 14:41:45 +0100
-Subject: [PATCH] script: Avoid a use-after-free when redefining a
- function during execution
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Defining a new function with the same name as a previously defined
-function causes the grub_script and associated resources for the
-previous function to be freed. If the previous function is currently
-executing when a function with the same name is defined, this results
-in use-after-frees when processing subsequent commands in the original
-function.
-
-Instead, reject a new function definition if it has the same name as
-a previously defined function, and that function is currently being
-executed. Although a behavioural change, this should be backwards
-compatible with existing configurations because they can't be
-dependent on the current behaviour without being broken.
-
-Fixes: CVE-2020-15706
-
-Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
- grub-core/script/execute.c  |  2 ++
- grub-core/script/function.c | 16 +++++++++++++---
- grub-core/script/parser.y   |  3 ++-
- include/grub/script_sh.h    |  2 ++
- 4 files changed, 19 insertions(+), 4 deletions(-)
-
-diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c
-index c8d6806fe..7e028e135 100644
--- a/grub-core/script/execute.c
-+++ b/grub-core/script/execute.c
-@@ -838,7 +838,9 @@ grub_script_function_call (grub_script_function_t func, int argc, char **args)
-   old_scope = scope;
-   scope = &new_scope;
- 
-+  func->executing++;
-   ret = grub_script_execute (func->func);
-+  func->executing--;
- 
-   function_return = 0;
-   active_loops = loops;
-diff --git a/grub-core/script/function.c b/grub-core/script/function.c
-index d36655e51..3aad04bf9 100644
--- a/grub-core/script/function.c
-+++ b/grub-core/script/function.c
-@@ -34,6 +34,7 @@ grub_script_function_create (struct grub_script_arg *functionname_arg,
-   func = (grub_script_function_t) grub_malloc (sizeof (*func));
-   if (! func)
-     return 0;
-+  func->executing = 0;
- 
-   func->name = grub_strdup (functionname_arg->str);
-   if (! func->name)
-@@ -60,10 +61,19 @@ grub_script_function_create (struct grub_script_arg *functionname_arg,
-       grub_script_function_t q;
- 
-       q = *p;
-      grub_script_free (q->func);
-      q->func = cmd;
-       grub_free (func);
-      func = q;
-+      if (q->executing > 0)
-+        {
-+          grub_error (GRUB_ERR_BAD_ARGUMENT,
-+		      N_("attempt to redefine a function being executed"));
-+          func = NULL;
-+        }
-+      else
-+        {
-+          grub_script_free (q->func);
-+          q->func = cmd;
-+          func = q;
-+        }
-     }
-   else
-     {
-diff --git a/grub-core/script/parser.y b/grub-core/script/parser.y
-index 4f0ab8319..f80b86b6f 100644
--- a/grub-core/script/parser.y
-+++ b/grub-core/script/parser.y
-@@ -289,7 +289,8 @@ function: "function" "name"
- 	      grub_script_mem_free (state->func_mem);
- 	    else {
- 	      script->children = state->scripts;
-	      grub_script_function_create ($2, script);
-+	      if (!grub_script_function_create ($2, script))
-+		grub_script_free (script);
- 	    }
- 
- 	    state->scripts = $<scripts>3;
-diff --git a/include/grub/script_sh.h b/include/grub/script_sh.h
-index b382bcf09..6c48e0751 100644
--- a/include/grub/script_sh.h
-+++ b/include/grub/script_sh.h
-@@ -361,6 +361,8 @@ struct grub_script_function
- 
-   /* The next element.  */
-   struct grub_script_function *next;
-+
-+  unsigned executing;
- };
- typedef struct grub_script_function *grub_script_function_t;
- 
-- 
-2.26.2
-
--- a/boot/grub2/0020-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch
+++ b/boot/grub2/0020-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch
@@ -1,49 +0,0 @@
-From 06aa91f79f902752cb7e5d22ac0ea8e13bffd056 Mon Sep 17 00:00:00 2001
-From: Alexey Makhalov <amakhalov@vmware.com>
-Date: Fri, 17 Jul 2020 05:17:26 +0000
-Subject: [PATCH] relocator: Fix grub_relocator_alloc_chunk_align() top
- memory allocation
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Current implementation of grub_relocator_alloc_chunk_align()
-does not allow allocation of the top byte.
-
-Assuming input args are:
-  max_addr = 0xfffff000;
-  size = 0x1000;
-
-And this is valid. But following overflow protection will
-unnecessarily move max_addr one byte down (to 0xffffefff):
-  if (max_addr > ~size)
-    max_addr = ~size;
-
-~size + 1 will fix the situation. In addition, check size
-for non zero to do not zero max_addr.
-
-Signed-off-by: Alexey Makhalov <amakhalov@vmware.com>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
- grub-core/lib/relocator.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/grub-core/lib/relocator.c b/grub-core/lib/relocator.c
-index 5847aac36..f2c1944c2 100644
--- a/grub-core/lib/relocator.c
-+++ b/grub-core/lib/relocator.c
-@@ -1386,8 +1386,8 @@ grub_relocator_alloc_chunk_align (struct grub_relocator *rel,
-   };
-   grub_addr_t min_addr2 = 0, max_addr2;
- 
-  if (max_addr > ~size)
-    max_addr = ~size;
-+  if (size && (max_addr > ~size))
-+    max_addr = ~size + 1;
- 
- #ifdef GRUB_MACHINE_PCBIOS
-   if (min_addr < 0x1000)
-- 
-2.26.2
-
--- a/boot/grub2/0021-hfsplus-Fix-two-more-overflows.patch
+++ b/boot/grub2/0021-hfsplus-Fix-two-more-overflows.patch
@@ -1,61 +0,0 @@
-From feec993673d8e13fcf22fe2389ac29222b6daebd Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Sun, 19 Jul 2020 14:43:31 -0400
-Subject: [PATCH] hfsplus: Fix two more overflows
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Both node->size and node->namelen come from the supplied filesystem,
-which may be user-supplied. We can't trust them for the math unless we
-know they don't overflow. Making sure they go through grub_add() or
-grub_calloc() first will give us that.
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
-Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
- grub-core/fs/hfsplus.c | 11 ++++++++---
- 1 file changed, 8 insertions(+), 3 deletions(-)
-
-diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c
-index dae43becc..9c4e4c88c 100644
--- a/grub-core/fs/hfsplus.c
-+++ b/grub-core/fs/hfsplus.c
-@@ -31,6 +31,7 @@
- #include <grub/hfs.h>
- #include <grub/charset.h>
- #include <grub/hfsplus.h>
-+#include <grub/safemath.h>
- 
- GRUB_MOD_LICENSE ("GPLv3+");
- 
-@@ -475,8 +476,12 @@ grub_hfsplus_read_symlink (grub_fshelp_node_t node)
- {
-   char *symlink;
-   grub_ssize_t numread;
-+  grub_size_t sz = node->size;
- 
-  symlink = grub_malloc (node->size + 1);
-+  if (grub_add (sz, 1, &sz))
-+    return NULL;
-+
-+  symlink = grub_malloc (sz);
-   if (!symlink)
-     return 0;
- 
-@@ -715,8 +720,8 @@ list_nodes (void *record, void *hook_arg)
-   if (type == GRUB_FSHELP_UNKNOWN)
-     return 0;
- 
-  filename = grub_malloc (grub_be_to_cpu16 (catkey->namelen)
-			  * GRUB_MAX_UTF8_PER_UTF16 + 1);
-+  filename = grub_calloc (grub_be_to_cpu16 (catkey->namelen),
-+			  GRUB_MAX_UTF8_PER_UTF16 + 1);
-   if (! filename)
-     return 0;
- 
-- 
-2.26.2
-
--- a/boot/grub2/0022-lvm-Fix-two-more-potential-data-dependent-alloc-over.patch
+++ b/boot/grub2/0022-lvm-Fix-two-more-potential-data-dependent-alloc-over.patch
@@ -1,116 +0,0 @@
-From a1845e90fc19fb5e904091bad8a378f458798e4a Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Sun, 19 Jul 2020 15:48:20 -0400
-Subject: [PATCH] lvm: Fix two more potential data-dependent alloc
- overflows
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-It appears to be possible to make a (possibly invalid) lvm PV with
-a metadata size field that overflows our type when adding it to the
-address we've allocated. Even if it doesn't, it may be possible to do so
-with the math using the outcome of that as an operand. Check them both.
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
-Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
- grub-core/disk/lvm.c | 48 ++++++++++++++++++++++++++++++++++++--------
- 1 file changed, 40 insertions(+), 8 deletions(-)
-
-diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c
-index d1df640b3..139fafd47 100644
--- a/grub-core/disk/lvm.c
-+++ b/grub-core/disk/lvm.c
-@@ -25,6 +25,7 @@
- #include <grub/lvm.h>
- #include <grub/partition.h>
- #include <grub/i18n.h>
-+#include <grub/safemath.h>
- 
- #ifdef GRUB_UTIL
- #include <grub/emu/misc.h>
-@@ -102,10 +103,11 @@ grub_lvm_detect (grub_disk_t disk,
- {
-   grub_err_t err;
-   grub_uint64_t mda_offset, mda_size;
-+  grub_size_t ptr;
-   char buf[GRUB_LVM_LABEL_SIZE];
-   char vg_id[GRUB_LVM_ID_STRLEN+1];
-   char pv_id[GRUB_LVM_ID_STRLEN+1];
-  char *metadatabuf, *p, *q, *vgname;
-+  char *metadatabuf, *p, *q, *mda_end, *vgname;
-   struct grub_lvm_label_header *lh = (struct grub_lvm_label_header *) buf;
-   struct grub_lvm_pv_header *pvh;
-   struct grub_lvm_disk_locn *dlocn;
-@@ -205,19 +207,31 @@ grub_lvm_detect (grub_disk_t disk,
- 		   grub_le_to_cpu64 (rlocn->size) -
- 		   grub_le_to_cpu64 (mdah->size));
-     }
-  p = q = metadatabuf + grub_le_to_cpu64 (rlocn->offset);
- 
-  while (*q != ' ' && q < metadatabuf + mda_size)
-    q++;
-
-  if (q == metadatabuf + mda_size)
-+  if (grub_add ((grub_size_t)metadatabuf,
-+		(grub_size_t)grub_le_to_cpu64 (rlocn->offset),
-+		&ptr))
-     {
-+ error_parsing_metadata:
- #ifdef GRUB_UTIL
-       grub_util_info ("error parsing metadata");
- #endif
-       goto fail2;
-     }
- 
-+  p = q = (char *)ptr;
-+
-+  if (grub_add ((grub_size_t)metadatabuf, (grub_size_t)mda_size, &ptr))
-+    goto error_parsing_metadata;
-+
-+  mda_end = (char *)ptr;
-+
-+  while (*q != ' ' && q < mda_end)
-+    q++;
-+
-+  if (q == mda_end)
-+    goto error_parsing_metadata;
-+
-   vgname_len = q - p;
-   vgname = grub_malloc (vgname_len + 1);
-   if (!vgname)
-@@ -367,8 +381,26 @@ grub_lvm_detect (grub_disk_t disk,
- 	      {
- 		const char *iptr;
- 		char *optr;
-		lv->fullname = grub_malloc (sizeof ("lvm/") - 1 + 2 * vgname_len
-					    + 1 + 2 * s + 1);
-+
-+		/*
-+		 * This is kind of hard to read with our safe (but rather
-+		 * baroque) math primatives, but it boils down to:
-+		 *
-+		 *   sz0 = vgname_len * 2 + 1 +
-+		 *         s * 2 + 1 +
-+		 *         sizeof ("lvm/") - 1;
-+		 */
-+		grub_size_t sz0 = vgname_len, sz1 = s;
-+
-+		if (grub_mul (sz0, 2, &sz0) ||
-+		    grub_add (sz0, 1, &sz0) ||
-+		    grub_mul (sz1, 2, &sz1) ||
-+		    grub_add (sz1, 1, &sz1) ||
-+		    grub_add (sz0, sz1, &sz0) ||
-+		    grub_add (sz0, sizeof ("lvm/") - 1, &sz0))
-+		  goto lvs_fail;
-+
-+		lv->fullname = grub_malloc (sz0);
- 		if (!lv->fullname)
- 		  goto lvs_fail;
- 
-- 
-2.26.2
-
--- a/boot/grub2/0023-emu-Make-grub_free-NULL-safe.patch
+++ b/boot/grub2/0023-emu-Make-grub_free-NULL-safe.patch
@@ -1,38 +0,0 @@
-From 320e86747a32e4d46d24ee4b64493741c161da50 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Sun, 19 Jul 2020 16:08:08 -0400
-Subject: [PATCH] emu: Make grub_free(NULL) safe
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The grub_free() implementation in grub-core/kern/mm.c safely handles
-NULL pointers, and code at many places depends on this. We don't know
-that the same is true on all host OSes, so we need to handle the same
-behavior in grub-emu's implementation.
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
-Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
- grub-core/kern/emu/mm.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/grub-core/kern/emu/mm.c b/grub-core/kern/emu/mm.c
-index 145b01d37..4d1046a21 100644
--- a/grub-core/kern/emu/mm.c
-+++ b/grub-core/kern/emu/mm.c
-@@ -60,7 +60,8 @@ grub_zalloc (grub_size_t size)
- void
- grub_free (void *ptr)
- {
-  free (ptr);
-+  if (ptr)
-+    free (ptr);
- }
- 
- void *
-- 
-2.26.2
-
--- a/boot/grub2/0024-efi-Fix-some-malformed-device-path-arithmetic-errors.patch
+++ b/boot/grub2/0024-efi-Fix-some-malformed-device-path-arithmetic-errors.patch
@@ -1,239 +0,0 @@
-From c330aa099a38bc5c4d3066954fe35767cc06adb1 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Sun, 19 Jul 2020 16:53:27 -0400
-Subject: [PATCH] efi: Fix some malformed device path arithmetic errors
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Several places we take the length of a device path and subtract 4 from
-it, without ever checking that it's >= 4. There are also cases where
-this kind of malformation will result in unpredictable iteration,
-including treating the length from one dp node as the type in the next
-node. These are all errors, no matter where the data comes from.
-
-This patch adds a checking macro, GRUB_EFI_DEVICE_PATH_VALID(), which
-can be used in several places, and makes GRUB_EFI_NEXT_DEVICE_PATH()
-return NULL and GRUB_EFI_END_ENTIRE_DEVICE_PATH() evaluate as true when
-the length is too small. Additionally, it makes several places in the
-code check for and return errors in these cases.
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
- grub-core/kern/efi/efi.c           | 64 +++++++++++++++++++++++++-----
- grub-core/loader/efi/chainloader.c | 13 +++++-
- grub-core/loader/i386/xnu.c        |  9 +++--
- include/grub/efi/api.h             | 14 ++++---
- 4 files changed, 79 insertions(+), 21 deletions(-)
-
-diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c
-index dc31caa21..c97969a65 100644
--- a/grub-core/kern/efi/efi.c
-+++ b/grub-core/kern/efi/efi.c
-@@ -332,7 +332,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0)
- 
-   dp = dp0;
- 
-  while (1)
-+  while (dp)
-     {
-       grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp);
-       grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp);
-@@ -342,9 +342,15 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0)
-       if (type == GRUB_EFI_MEDIA_DEVICE_PATH_TYPE
- 	       && subtype == GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE)
- 	{
-	  grub_efi_uint16_t len;
-	  len = ((GRUB_EFI_DEVICE_PATH_LENGTH (dp) - 4)
-		 / sizeof (grub_efi_char16_t));
-+	  grub_efi_uint16_t len = GRUB_EFI_DEVICE_PATH_LENGTH (dp);
-+
-+	  if (len < 4)
-+	    {
-+	      grub_error (GRUB_ERR_OUT_OF_RANGE,
-+			  "malformed EFI Device Path node has length=%d", len);
-+	      return NULL;
-+	    }
-+	  len = (len - 4) / sizeof (grub_efi_char16_t);
- 	  filesize += GRUB_MAX_UTF8_PER_UTF16 * len + 2;
- 	}
- 
-@@ -360,7 +366,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0)
-   if (!name)
-     return NULL;
- 
-  while (1)
-+  while (dp)
-     {
-       grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp);
-       grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp);
-@@ -376,8 +382,15 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0)
- 
- 	  *p++ = '/';
- 
-	  len = ((GRUB_EFI_DEVICE_PATH_LENGTH (dp) - 4)
-		 / sizeof (grub_efi_char16_t));
-+	  len = GRUB_EFI_DEVICE_PATH_LENGTH (dp);
-+	  if (len < 4)
-+	    {
-+	      grub_error (GRUB_ERR_OUT_OF_RANGE,
-+			  "malformed EFI Device Path node has length=%d", len);
-+	      return NULL;
-+	    }
-+
-+	  len = (len - 4) / sizeof (grub_efi_char16_t);
- 	  fp = (grub_efi_file_path_device_path_t *) dp;
- 	  /* According to EFI spec Path Name is NULL terminated */
- 	  while (len > 0 && fp->path_name[len - 1] == 0)
-@@ -452,7 +465,26 @@ grub_efi_duplicate_device_path (const grub_efi_device_path_t *dp)
-        ;
-        p = GRUB_EFI_NEXT_DEVICE_PATH (p))
-     {
-      total_size += GRUB_EFI_DEVICE_PATH_LENGTH (p);
-+      grub_size_t len = GRUB_EFI_DEVICE_PATH_LENGTH (p);
-+
-+      /*
-+       * In the event that we find a node that's completely garbage, for
-+       * example if we get to 0x7f 0x01 0x02 0x00 ... (EndInstance with a size
-+       * of 2), GRUB_EFI_END_ENTIRE_DEVICE_PATH() will be true and
-+       * GRUB_EFI_NEXT_DEVICE_PATH() will return NULL, so we won't continue,
-+       * and neither should our consumers, but there won't be any error raised
-+       * even though the device path is junk.
-+       *
-+       * This keeps us from passing junk down back to our caller.
-+       */
-+      if (len < 4)
-+	{
-+	  grub_error (GRUB_ERR_OUT_OF_RANGE,
-+		      "malformed EFI Device Path node has length=%d", len);
-+	  return NULL;
-+	}
-+
-+      total_size += len;
-       if (GRUB_EFI_END_ENTIRE_DEVICE_PATH (p))
- 	break;
-     }
-@@ -497,7 +529,7 @@ dump_vendor_path (const char *type, grub_efi_vendor_device_path_t *vendor)
- void
- grub_efi_print_device_path (grub_efi_device_path_t *dp)
- {
-  while (1)
-+  while (GRUB_EFI_DEVICE_PATH_VALID (dp))
-     {
-       grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp);
-       grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp);
-@@ -909,7 +941,10 @@ grub_efi_compare_device_paths (const grub_efi_device_path_t *dp1,
-     /* Return non-zero.  */
-     return 1;
- 
-  while (1)
-+  if (dp1 == dp2)
-+    return 0;
-+
-+  while (GRUB_EFI_DEVICE_PATH_VALID (dp1) && GRUB_EFI_DEVICE_PATH_VALID (dp2))
-     {
-       grub_efi_uint8_t type1, type2;
-       grub_efi_uint8_t subtype1, subtype2;
-@@ -945,5 +980,14 @@ grub_efi_compare_device_paths (const grub_efi_device_path_t *dp1,
-       dp2 = (grub_efi_device_path_t *) ((char *) dp2 + len2);
-     }
- 
-+  /*
-+   * There's no "right" answer here, but we probably don't want to call a valid
-+   * dp and an invalid dp equal, so pick one way or the other.
-+   */
-+  if (GRUB_EFI_DEVICE_PATH_VALID (dp1) && !GRUB_EFI_DEVICE_PATH_VALID (dp2))
-+    return 1;
-+  else if (!GRUB_EFI_DEVICE_PATH_VALID (dp1) && GRUB_EFI_DEVICE_PATH_VALID (dp2))
-+    return -1;
-+
-   return 0;
- }
-diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
-index daf8c6b54..a8d7b9155 100644
--- a/grub-core/loader/efi/chainloader.c
-+++ b/grub-core/loader/efi/chainloader.c
-@@ -156,9 +156,18 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename)
- 
-   size = 0;
-   d = dp;
-  while (1)
-+  while (d)
-     {
-      size += GRUB_EFI_DEVICE_PATH_LENGTH (d);
-+      grub_size_t len = GRUB_EFI_DEVICE_PATH_LENGTH (d);
-+
-+      if (len < 4)
-+	{
-+	  grub_error (GRUB_ERR_OUT_OF_RANGE,
-+		      "malformed EFI Device Path node has length=%d", len);
-+	  return NULL;
-+	}
-+
-+      size += len;
-       if ((GRUB_EFI_END_ENTIRE_DEVICE_PATH (d)))
- 	break;
-       d = GRUB_EFI_NEXT_DEVICE_PATH (d);
-diff --git a/grub-core/loader/i386/xnu.c b/grub-core/loader/i386/xnu.c
-index e9e119259..a70093607 100644
--- a/grub-core/loader/i386/xnu.c
-+++ b/grub-core/loader/i386/xnu.c
-@@ -515,14 +515,15 @@ grub_cmd_devprop_load (grub_command_t cmd __attribute__ ((unused)),
- 
-       devhead = buf;
-       buf = devhead + 1;
-      dpstart = buf;
-+      dp = dpstart = buf;
- 
-      do
-+      while (GRUB_EFI_DEVICE_PATH_VALID (dp) && buf < bufend)
- 	{
-	  dp = buf;
- 	  buf = (char *) buf + GRUB_EFI_DEVICE_PATH_LENGTH (dp);
-+	  if (GRUB_EFI_END_ENTIRE_DEVICE_PATH (dp))
-+	    break;
-+	  dp = buf;
- 	}
-      while (!GRUB_EFI_END_ENTIRE_DEVICE_PATH (dp) && buf < bufend);
- 
-       dev = grub_xnu_devprop_add_device (dpstart, (char *) buf
- 					 - (char *) dpstart);
-diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h
-index addcbfa8f..cf1355a8c 100644
--- a/include/grub/efi/api.h
-+++ b/include/grub/efi/api.h
-@@ -625,6 +625,7 @@ typedef struct grub_efi_device_path grub_efi_device_path_protocol_t;
- #define GRUB_EFI_DEVICE_PATH_TYPE(dp)		((dp)->type & 0x7f)
- #define GRUB_EFI_DEVICE_PATH_SUBTYPE(dp)	((dp)->subtype)
- #define GRUB_EFI_DEVICE_PATH_LENGTH(dp)		((dp)->length)
-+#define GRUB_EFI_DEVICE_PATH_VALID(dp)		((dp) != NULL && GRUB_EFI_DEVICE_PATH_LENGTH (dp) >= 4)
- 
- /* The End of Device Path nodes.  */
- #define GRUB_EFI_END_DEVICE_PATH_TYPE			(0xff & 0x7f)
-@@ -633,13 +634,16 @@ typedef struct grub_efi_device_path grub_efi_device_path_protocol_t;
- #define GRUB_EFI_END_THIS_DEVICE_PATH_SUBTYPE		0x01
- 
- #define GRUB_EFI_END_ENTIRE_DEVICE_PATH(dp)	\
-  (GRUB_EFI_DEVICE_PATH_TYPE (dp) == GRUB_EFI_END_DEVICE_PATH_TYPE \
-   && (GRUB_EFI_DEVICE_PATH_SUBTYPE (dp) \
-       == GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE))
-+  (!GRUB_EFI_DEVICE_PATH_VALID (dp) || \
-+   (GRUB_EFI_DEVICE_PATH_TYPE (dp) == GRUB_EFI_END_DEVICE_PATH_TYPE \
-+    && (GRUB_EFI_DEVICE_PATH_SUBTYPE (dp) \
-+	== GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE)))
- 
- #define GRUB_EFI_NEXT_DEVICE_PATH(dp)	\
-  ((grub_efi_device_path_t *) ((char *) (dp) \
-                               + GRUB_EFI_DEVICE_PATH_LENGTH (dp)))
-+  (GRUB_EFI_DEVICE_PATH_VALID (dp) \
-+   ? ((grub_efi_device_path_t *) \
-+      ((char *) (dp) + GRUB_EFI_DEVICE_PATH_LENGTH (dp))) \
-+   : NULL)
- 
- /* Hardware Device Path.  */
- #define GRUB_EFI_HARDWARE_DEVICE_PATH_TYPE		1
-- 
-2.26.2
-
--- a/boot/grub2/0025-efi-chainloader-Propagate-errors-from-copy_file_path.patch
+++ b/boot/grub2/0025-efi-chainloader-Propagate-errors-from-copy_file_path.patch
@@ -1,78 +0,0 @@
-From fb55bc37dd510911df4eaf649da939f5fafdc7ce Mon Sep 17 00:00:00 2001
-From: Daniel Kiper <daniel.kiper@oracle.com>
-Date: Wed, 29 Jul 2020 13:38:31 +0200
-Subject: [PATCH] efi/chainloader: Propagate errors from copy_file_path()
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Without any error propagated to the caller, make_file_path()
-would then try to advance the invalid device path node with
-GRUB_EFI_NEXT_DEVICE_PATH(), which would fail, returning a NULL
-pointer that would subsequently be dereferenced. Hence, propagate
-errors from copy_file_path().
-
-Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
- grub-core/loader/efi/chainloader.c | 19 +++++++++++++------
- 1 file changed, 13 insertions(+), 6 deletions(-)
-
-diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
-index a8d7b9155..7b31c3fb9 100644
--- a/grub-core/loader/efi/chainloader.c
-+++ b/grub-core/loader/efi/chainloader.c
-@@ -106,7 +106,7 @@ grub_chainloader_boot (void)
-   return grub_errno;
- }
- 
-static void
-+static grub_err_t
- copy_file_path (grub_efi_file_path_device_path_t *fp,
- 		const char *str, grub_efi_uint16_t len)
- {
-@@ -118,7 +118,7 @@ copy_file_path (grub_efi_file_path_device_path_t *fp,
- 
-   path_name = grub_calloc (len, GRUB_MAX_UTF16_PER_UTF8 * sizeof (*path_name));
-   if (!path_name)
-    return;
-+    return grub_error (GRUB_ERR_OUT_OF_MEMORY, "failed to allocate path buffer");
- 
-   size = grub_utf8_to_utf16 (path_name, len * GRUB_MAX_UTF16_PER_UTF8,
- 			     (const grub_uint8_t *) str, len, 0);
-@@ -131,6 +131,7 @@ copy_file_path (grub_efi_file_path_device_path_t *fp,
-   fp->path_name[size++] = '\0';
-   fp->header.length = size * sizeof (grub_efi_char16_t) + sizeof (*fp);
-   grub_free (path_name);
-+  return GRUB_ERR_NONE;
- }
- 
- static grub_efi_device_path_t *
-@@ -189,13 +190,19 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename)
-   d = (grub_efi_device_path_t *) ((char *) file_path
- 				  + ((char *) d - (char *) dp));
-   grub_efi_print_device_path (d);
-  copy_file_path ((grub_efi_file_path_device_path_t *) d,
-		  dir_start, dir_end - dir_start);
-+  if (copy_file_path ((grub_efi_file_path_device_path_t *) d,
-+		      dir_start, dir_end - dir_start) != GRUB_ERR_NONE)
-+    {
-+ fail:
-+      grub_free (file_path);
-+      return 0;
-+    }
- 
-   /* Fill the file path for the file.  */
-   d = GRUB_EFI_NEXT_DEVICE_PATH (d);
-  copy_file_path ((grub_efi_file_path_device_path_t *) d,
-		  dir_end + 1, grub_strlen (dir_end + 1));
-+  if (copy_file_path ((grub_efi_file_path_device_path_t *) d,
-+		      dir_end + 1, grub_strlen (dir_end + 1)) != GRUB_ERR_NONE)
-+    goto fail;
- 
-   /* Fill the end of device path nodes.  */
-   d = GRUB_EFI_NEXT_DEVICE_PATH (d);
-- 
-2.26.2
-
--- a/boot/grub2/0026-efi-Fix-use-after-free-in-halt-reboot-path.patch
+++ b/boot/grub2/0026-efi-Fix-use-after-free-in-halt-reboot-path.patch
@@ -1,183 +0,0 @@
-From 8a6d6299efcffd14c1130942195e6c0d9b50cacd Mon Sep 17 00:00:00 2001
-From: Alexey Makhalov <amakhalov@vmware.com>
-Date: Mon, 20 Jul 2020 23:03:05 +0000
-Subject: [PATCH] efi: Fix use-after-free in halt/reboot path
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-commit 92bfc33db984 ("efi: Free malloc regions on exit")
-introduced memory freeing in grub_efi_fini(), which is
-used not only by exit path but by halt/reboot one as well.
-As result of memory freeing, code and data regions used by
-modules, such as halt, reboot, acpi (used by halt) also got
-freed. After return to module code, CPU executes, filled
-by UEFI firmware (tested with edk2), 0xAFAFAFAF pattern as
-a code. Which leads to #UD exception later.
-
-grub> halt
-!!!! X64 Exception Type - 06(#UD - Invalid Opcode)  CPU Apic ID - 00000000 !!!!
-RIP  - 0000000003F4EC28, CS  - 0000000000000038, RFLAGS - 0000000000200246
-RAX  - 0000000000000000, RCX - 00000000061DA188, RDX - 0A74C0854DC35D41
-RBX  - 0000000003E10E08, RSP - 0000000007F0F860, RBP - 0000000000000000
-RSI  - 00000000064DB768, RDI - 000000000832C5C3
-R8   - 0000000000000002, R9  - 0000000000000000, R10 - 00000000061E2E52
-R11  - 0000000000000020, R12 - 0000000003EE5C1F, R13 - 00000000061E0FF4
-R14  - 0000000003E10D80, R15 - 00000000061E2F60
-DS   - 0000000000000030, ES  - 0000000000000030, FS  - 0000000000000030
-GS   - 0000000000000030, SS  - 0000000000000030
-CR0  - 0000000080010033, CR2 - 0000000000000000, CR3 - 0000000007C01000
-CR4  - 0000000000000668, CR8 - 0000000000000000
-DR0  - 0000000000000000, DR1 - 0000000000000000, DR2 - 0000000000000000
-DR3  - 0000000000000000, DR6 - 00000000FFFF0FF0, DR7 - 0000000000000400
-GDTR - 00000000079EEA98 0000000000000047, LDTR - 0000000000000000
-IDTR - 0000000007598018 0000000000000FFF,   TR - 0000000000000000
-FXSAVE_STATE - 0000000007F0F4C0
-
-Proposal here is to continue to free allocated memory for
-exit boot services path but keep it for halt/reboot path
-as it won't be much security concern here.
-Introduced GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY
-loader flag to be used by efi halt/reboot path.
-
-Signed-off-by: Alexey Makhalov <amakhalov@vmware.com>
-Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
- grub-core/kern/arm/efi/init.c   | 3 +++
- grub-core/kern/arm64/efi/init.c | 3 +++
- grub-core/kern/efi/efi.c        | 3 ++-
- grub-core/kern/efi/init.c       | 1 -
- grub-core/kern/i386/efi/init.c  | 9 +++++++--
- grub-core/kern/ia64/efi/init.c  | 9 +++++++--
- grub-core/kern/riscv/efi/init.c | 3 +++
- grub-core/lib/efi/halt.c        | 3 ++-
- include/grub/loader.h           | 1 +
- 9 files changed, 28 insertions(+), 7 deletions(-)
-
-diff --git a/grub-core/kern/arm/efi/init.c b/grub-core/kern/arm/efi/init.c
-index 06df60e2f..40c3b467f 100644
--- a/grub-core/kern/arm/efi/init.c
-+++ b/grub-core/kern/arm/efi/init.c
-@@ -71,4 +71,7 @@ grub_machine_fini (int flags)
-   efi_call_1 (b->close_event, tmr_evt);
- 
-   grub_efi_fini ();
-+
-+  if (!(flags & GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY))
-+    grub_efi_memory_fini ();
- }
-diff --git a/grub-core/kern/arm64/efi/init.c b/grub-core/kern/arm64/efi/init.c
-index 6224999ec..5010caefd 100644
--- a/grub-core/kern/arm64/efi/init.c
-+++ b/grub-core/kern/arm64/efi/init.c
-@@ -57,4 +57,7 @@ grub_machine_fini (int flags)
-     return;
- 
-   grub_efi_fini ();
-+
-+  if (!(flags & GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY))
-+    grub_efi_memory_fini ();
- }
-diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c
-index c97969a65..9cfd88d77 100644
--- a/grub-core/kern/efi/efi.c
-+++ b/grub-core/kern/efi/efi.c
-@@ -157,7 +157,8 @@ grub_efi_get_loaded_image (grub_efi_handle_t image_handle)
- void
- grub_reboot (void)
- {
-  grub_machine_fini (GRUB_LOADER_FLAG_NORETURN);
-+  grub_machine_fini (GRUB_LOADER_FLAG_NORETURN |
-+		     GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY);
-   efi_call_4 (grub_efi_system_table->runtime_services->reset_system,
-               GRUB_EFI_RESET_COLD, GRUB_EFI_SUCCESS, 0, NULL);
-   for (;;) ;
-diff --git a/grub-core/kern/efi/init.c b/grub-core/kern/efi/init.c
-index 3dfdf2d22..2c31847bf 100644
--- a/grub-core/kern/efi/init.c
-+++ b/grub-core/kern/efi/init.c
-@@ -80,5 +80,4 @@ grub_efi_fini (void)
- {
-   grub_efidisk_fini ();
-   grub_console_fini ();
-  grub_efi_memory_fini ();
- }
-diff --git a/grub-core/kern/i386/efi/init.c b/grub-core/kern/i386/efi/init.c
-index da499aba0..deb2eacd8 100644
--- a/grub-core/kern/i386/efi/init.c
-+++ b/grub-core/kern/i386/efi/init.c
-@@ -39,6 +39,11 @@ grub_machine_init (void)
- void
- grub_machine_fini (int flags)
- {
-  if (flags & GRUB_LOADER_FLAG_NORETURN)
-    grub_efi_fini ();
-+  if (!(flags & GRUB_LOADER_FLAG_NORETURN))
-+    return;
-+
-+  grub_efi_fini ();
-+
-+  if (!(flags & GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY))
-+    grub_efi_memory_fini ();
- }
-diff --git a/grub-core/kern/ia64/efi/init.c b/grub-core/kern/ia64/efi/init.c
-index b5ecbd091..f1965571b 100644
--- a/grub-core/kern/ia64/efi/init.c
-+++ b/grub-core/kern/ia64/efi/init.c
-@@ -70,6 +70,11 @@ grub_machine_init (void)
- void
- grub_machine_fini (int flags)
- {
-  if (flags & GRUB_LOADER_FLAG_NORETURN)
-    grub_efi_fini ();
-+  if (!(flags & GRUB_LOADER_FLAG_NORETURN))
-+    return;
-+
-+  grub_efi_fini ();
-+
-+  if (!(flags & GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY))
-+    grub_efi_memory_fini ();
- }
-diff --git a/grub-core/kern/riscv/efi/init.c b/grub-core/kern/riscv/efi/init.c
-index 7eb1969d0..38795fe67 100644
--- a/grub-core/kern/riscv/efi/init.c
-+++ b/grub-core/kern/riscv/efi/init.c
-@@ -73,4 +73,7 @@ grub_machine_fini (int flags)
-     return;
- 
-   grub_efi_fini ();
-+
-+  if (!(flags & GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY))
-+    grub_efi_memory_fini ();
- }
-diff --git a/grub-core/lib/efi/halt.c b/grub-core/lib/efi/halt.c
-index 5859f0498..29d413641 100644
--- a/grub-core/lib/efi/halt.c
-+++ b/grub-core/lib/efi/halt.c
-@@ -28,7 +28,8 @@
- void
- grub_halt (void)
- {
-  grub_machine_fini (GRUB_LOADER_FLAG_NORETURN);
-+  grub_machine_fini (GRUB_LOADER_FLAG_NORETURN |
-+		     GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY);
- #if !defined(__ia64__) && !defined(__arm__) && !defined(__aarch64__) && \
-     !defined(__riscv)
-   grub_acpi_halt ();
-diff --git a/include/grub/loader.h b/include/grub/loader.h
-index 7f82a499f..b20864282 100644
--- a/include/grub/loader.h
-+++ b/include/grub/loader.h
-@@ -33,6 +33,7 @@ enum
- {
-   GRUB_LOADER_FLAG_NORETURN = 1,
-   GRUB_LOADER_FLAG_PXE_NOT_UNLOAD = 2,
-+  GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY = 4,
- };
- 
- void EXPORT_FUNC (grub_loader_set) (grub_err_t (*boot) (void),
-- 
-2.26.2
-
--- a/boot/grub2/0027-loader-linux-Avoid-overflow-on-initrd-size-calculati.patch
+++ b/boot/grub2/0027-loader-linux-Avoid-overflow-on-initrd-size-calculati.patch
@@ -1,32 +0,0 @@
-From a2a7464e9f10a677d6f91e1c4fa527d084c22e7c Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Fri, 24 Jul 2020 13:57:27 -0400
-Subject: [PATCH] loader/linux: Avoid overflow on initrd size calculation
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
- grub-core/loader/linux.c | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-
-diff --git a/grub-core/loader/linux.c b/grub-core/loader/linux.c
-index 471b214d6..4cd8c20c7 100644
--- a/grub-core/loader/linux.c
-+++ b/grub-core/loader/linux.c
-@@ -151,8 +151,7 @@ grub_initrd_init (int argc, char *argv[],
-   initrd_ctx->nfiles = 0;
-   initrd_ctx->components = 0;
- 
-  initrd_ctx->components = grub_zalloc (argc
-					* sizeof (initrd_ctx->components[0]));
-+  initrd_ctx->components = grub_calloc (argc, sizeof (initrd_ctx->components[0]));
-   if (!initrd_ctx->components)
-     return grub_errno;
- 
-- 
-2.26.2
-
--- a/boot/grub2/0028-linux-Fix-integer-overflows-in-initrd-size-handling.patch
+++ b/boot/grub2/0028-linux-Fix-integer-overflows-in-initrd-size-handling.patch
@@ -1,173 +0,0 @@
-From 0367e7d1b9bac3a78608a672bf6e4ace6a28b964 Mon Sep 17 00:00:00 2001
-From: Colin Watson <cjwatson@debian.org>
-Date: Sat, 25 Jul 2020 12:15:37 +0100
-Subject: [PATCH] linux: Fix integer overflows in initrd size handling
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-These could be triggered by a crafted filesystem with very large files.
-
-Fixes: CVE-2020-15707
-
-Signed-off-by: Colin Watson <cjwatson@debian.org>
-Reviewed-by: Jan Setje-Eilers <jan.setjeeilers@oracle.com>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
- grub-core/loader/linux.c | 74 +++++++++++++++++++++++++++++-----------
- 1 file changed, 54 insertions(+), 20 deletions(-)
-
-diff --git a/grub-core/loader/linux.c b/grub-core/loader/linux.c
-index 4cd8c20c7..3fe390f17 100644
--- a/grub-core/loader/linux.c
-+++ b/grub-core/loader/linux.c
-@@ -4,6 +4,7 @@
- #include <grub/misc.h>
- #include <grub/file.h>
- #include <grub/mm.h>
-+#include <grub/safemath.h>
- 
- struct newc_head
- {
-@@ -98,13 +99,13 @@ free_dir (struct dir *root)
-   grub_free (root);
- }
- 
-static grub_size_t
-+static grub_err_t
- insert_dir (const char *name, struct dir **root,
-	    grub_uint8_t *ptr)
-+	    grub_uint8_t *ptr, grub_size_t *size)
- {
-   struct dir *cur, **head = root;
-   const char *cb, *ce = name;
-  grub_size_t size = 0;
-+  *size = 0;
-   while (1)
-     {
-       for (cb = ce; *cb == '/'; cb++);
-@@ -130,14 +131,22 @@ insert_dir (const char *name, struct dir **root,
- 	      ptr = make_header (ptr, name, ce - name,
- 				 040777, 0);
- 	    }
-	  size += ALIGN_UP ((ce - (char *) name)
-			    + sizeof (struct newc_head), 4);
-+	  if (grub_add (*size,
-+		        ALIGN_UP ((ce - (char *) name)
-+				  + sizeof (struct newc_head), 4),
-+			size))
-+	    {
-+	      grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
-+	      grub_free (n->name);
-+	      grub_free (n);
-+	      return grub_errno;
-+	    }
- 	  *head = n;
- 	  cur = n;
- 	}
-       root = &cur->next;
-     }
-  return size;
-+  return GRUB_ERR_NONE;
- }
- 
- grub_err_t
-@@ -172,26 +181,33 @@ grub_initrd_init (int argc, char *argv[],
- 	  eptr = grub_strchr (ptr, ':');
- 	  if (eptr)
- 	    {
-+	      grub_size_t dir_size, name_len;
-+
- 	      initrd_ctx->components[i].newc_name = grub_strndup (ptr, eptr - ptr);
-	      if (!initrd_ctx->components[i].newc_name)
-+	      if (!initrd_ctx->components[i].newc_name ||
-+		  insert_dir (initrd_ctx->components[i].newc_name, &root, 0,
-+			      &dir_size))
- 		{
- 		  grub_initrd_close (initrd_ctx);
- 		  return grub_errno;
- 		}
-	      initrd_ctx->size
-		+= ALIGN_UP (sizeof (struct newc_head)
-			    + grub_strlen (initrd_ctx->components[i].newc_name),
-			     4);
-	      initrd_ctx->size += insert_dir (initrd_ctx->components[i].newc_name,
-					      &root, 0);
-+	      name_len = grub_strlen (initrd_ctx->components[i].newc_name);
-+	      if (grub_add (initrd_ctx->size,
-+			    ALIGN_UP (sizeof (struct newc_head) + name_len, 4),
-+			    &initrd_ctx->size) ||
-+		  grub_add (initrd_ctx->size, dir_size, &initrd_ctx->size))
-+		goto overflow;
- 	      newc = 1;
- 	      fname = eptr + 1;
- 	    }
- 	}
-       else if (newc)
- 	{
-	  initrd_ctx->size += ALIGN_UP (sizeof (struct newc_head)
-					+ sizeof ("TRAILER!!!") - 1, 4);
-+	  if (grub_add (initrd_ctx->size,
-+			ALIGN_UP (sizeof (struct newc_head)
-+				  + sizeof ("TRAILER!!!") - 1, 4),
-+			&initrd_ctx->size))
-+	    goto overflow;
- 	  free_dir (root);
- 	  root = 0;
- 	  newc = 0;
-@@ -207,19 +223,29 @@ grub_initrd_init (int argc, char *argv[],
-       initrd_ctx->nfiles++;
-       initrd_ctx->components[i].size
- 	= grub_file_size (initrd_ctx->components[i].file);
-      initrd_ctx->size += initrd_ctx->components[i].size;
-+      if (grub_add (initrd_ctx->size, initrd_ctx->components[i].size,
-+		    &initrd_ctx->size))
-+	goto overflow;
-     }
- 
-   if (newc)
-     {
-       initrd_ctx->size = ALIGN_UP (initrd_ctx->size, 4);
-      initrd_ctx->size += ALIGN_UP (sizeof (struct newc_head)
-				    + sizeof ("TRAILER!!!") - 1, 4);
-+      if (grub_add (initrd_ctx->size,
-+		    ALIGN_UP (sizeof (struct newc_head)
-+			      + sizeof ("TRAILER!!!") - 1, 4),
-+		    &initrd_ctx->size))
-+	goto overflow;
-       free_dir (root);
-       root = 0;
-     }
-   
-   return GRUB_ERR_NONE;
-+
-+ overflow:
-+  free_dir (root);
-+  grub_initrd_close (initrd_ctx);
-+  return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
- }
- 
- grub_size_t
-@@ -260,8 +286,16 @@ grub_initrd_load (struct grub_linux_initrd_context *initrd_ctx,
- 
-       if (initrd_ctx->components[i].newc_name)
- 	{
-	  ptr += insert_dir (initrd_ctx->components[i].newc_name,
-			     &root, ptr);
-+	  grub_size_t dir_size;
-+
-+	  if (insert_dir (initrd_ctx->components[i].newc_name, &root, ptr,
-+			  &dir_size))
-+	    {
-+	      free_dir (root);
-+	      grub_initrd_close (initrd_ctx);
-+	      return grub_errno;
-+	    }
-+	  ptr += dir_size;
- 	  ptr = make_header (ptr, initrd_ctx->components[i].newc_name,
- 			     grub_strlen (initrd_ctx->components[i].newc_name),
- 			     0100777,
-- 
-2.26.2
-
--- a/boot/grub2/grub2.mk
+++ b/boot/grub2/grub2.mk
@@ -13,25 +13,6 @@ GRUB2_DEPENDENCIES = host-bison host-flex host-grub2
 HOST_GRUB2_DEPENDENCIES = host-bison host-flex
 GRUB2_INSTALL_IMAGES = YES

-# 0001-build-Fix-GRUB-i386-pc-build-with-Ubuntu-gcc.patch
-define GRUB2_AVOID_AUTORECONF
-	$(Q)touch $(@D)/Makefile.util.am
-	$(Q)touch $(@D)/Makefile.in
-endef
-GRUB2_POST_PATCH_HOOKS += GRUB2_AVOID_AUTORECONF
-HOST_GRUB2_POST_PATCH_HOOKS += GRUB2_AVOID_AUTORECONF
-
-# 0002-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch
-GRUB2_IGNORE_CVES += CVE-2020-10713
-# 0005-calloc-Use-calloc-at-most-places.patch
-GRUB2_IGNORE_CVES += CVE-2020-14308
-# 0006-malloc-Use-overflow-checking-primitives-where-we-do-.patch
-GRUB2_IGNORE_CVES += CVE-2020-14309 CVE-2020-14310 CVE-2020-14311
-# 0019-script-Avoid-a-use-after-free-when-redefining-a-func.patch
-GRUB2_IGNORE_CVES += CVE-2020-15706
-# 0028-linux-Fix-integer-overflows-in-initrd-size-handling.patch
-GRUB2_IGNORE_CVES += CVE-2020-15707
-
 ifeq ($(BR2_TARGET_GRUB2_INSTALL_TOOLS),y)
 GRUB2_INSTALL_TARGET = YES
 else
--- a/boot/mv-ddr-marvell/mv-ddr-marvell.hash
+++ b/boot/mv-ddr-marvell/mv-ddr-marvell.hash
@@ -1,3 +1,2 @@
 # Locally calculated
-sha256  39dcc8baccb82cbc746d8f82ce7f673e1b1236e8aee0d09e7ab12c27eeb6ecda  mv-ddr-marvell-618dadd1491eb2f7b2fd74313c04f7accddae475.tar.gz
-sha256  69208236fc322026920b92d1d839ebdc521ca65379bfdb3368a24945e794fc78  ddr3_init.c
+sha256 39dcc8baccb82cbc746d8f82ce7f673e1b1236e8aee0d09e7ab12c27eeb6ecda mv-ddr-marvell-618dadd1491eb2f7b2fd74313c04f7accddae475.tar.gz
--- a/boot/optee-os/optee-os.mk
+++ b/boot/optee-os/optee-os.mk
@@ -6,9 +6,7 @@

 OPTEE_OS_VERSION = $(call qstrip,$(BR2_TARGET_OPTEE_OS_VERSION))
 OPTEE_OS_LICENSE = BSD-2-Clause
-ifeq ($(BR2_TARGET_OPTEE_OS_LATEST),y)
 OPTEE_OS_LICENSE_FILES = LICENSE
-endif

 OPTEE_OS_INSTALL_STAGING = YES
 OPTEE_OS_INSTALL_IMAGES = YES
--- a/boot/syslinux/syslinux.hash
+++ b/boot/syslinux/syslinux.hash
@@ -1,4 +1,2 @@
 # From https://www.kernel.org/pub/linux/utils/boot/syslinux/sha256sums.asc
-sha256  26d3986d2bea109d5dc0e4f8c4822a459276cf021125e8c9f23c3cca5d8c850e  syslinux-6.03.tar.xz
-# Locally computed
-sha256  dcc100d4161cc0b7177545ab6e47216f84857cda3843847c792a25289852dcaa  COPYING
+sha256	26d3986d2bea109d5dc0e4f8c4822a459276cf021125e8c9f23c3cca5d8c850e	syslinux-6.03.tar.xz
--- a/boot/uboot/Config.in
+++ b/boot/uboot/Config.in
@@ -3,8 +3,6 @@ config BR2_TARGET_UBOOT
 	help
 	  Build "Das U-Boot" Boot Monitor

-	  https://www.denx.de/wiki/U-Boot
-
 if BR2_TARGET_UBOOT
 choice
 	prompt "Build system"
@@ -41,7 +39,7 @@ choice
 	  Select the specific U-Boot version you want to use

 config BR2_TARGET_UBOOT_LATEST_VERSION
-	bool "2020.01"
+	bool "2019.10"

 config BR2_TARGET_UBOOT_CUSTOM_VERSION
 	bool "Custom version"
@@ -89,7 +87,7 @@ endif

 config BR2_TARGET_UBOOT_VERSION
 	string
-	default "2020.01"	if BR2_TARGET_UBOOT_LATEST_VERSION
+	default "2019.10"	if BR2_TARGET_UBOOT_LATEST_VERSION
 	default BR2_TARGET_UBOOT_CUSTOM_VERSION_VALUE \
 		if BR2_TARGET_UBOOT_CUSTOM_VERSION
 	default "custom"	if BR2_TARGET_UBOOT_CUSTOM_TARBALL
@@ -227,9 +225,6 @@ config BR2_TARGET_UBOOT_FORMAT_DTB_IMX
 config BR2_TARGET_UBOOT_FORMAT_IMG
 	bool "u-boot.img"

-config BR2_TARGET_UBOOT_FORMAT_ITB
-	bool "u-boot.itb"
-
 config BR2_TARGET_UBOOT_FORMAT_IMX
 	bool "u-boot.imx"

--- a/boot/uboot/uboot.hash
+++ b/boot/uboot/uboot.hash
@@ -1,3 +1,3 @@
 # Locally computed:
-sha256  aa453c603208b1b27bd03525775a7f79b443adec577fdc6e8f06974025a135f1  u-boot-2020.01.tar.bz2
+sha256  8d6d6070739522dd236cba7055b8736bfe92b4fac0ea18ad809829ca79667014  u-boot-2019.10.tar.bz2
 sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  Licenses/gpl-2.0.txt
--- a/Show More
+++ b/Show More