Update for 2020.05-rc2

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

CHANGES

@@ -1,3 +1,62 @@
+2020.05-rc2, released May 22nd 2020
+
+	Fixes all over the tree.
+
+	U-Boot: Support building with Python 3.x instead of Python
+	2.x. Since U-Boot 2020.01, various U-Boot build scripts use
+	Python 3.x instead of Python 2.x, so add an option to pull in
+	host-python3 rather than host-python. Also fix a number of
+	defconfigs to use this new option.
+
+	Updated/fixed packages: apparmor, binutils, bison, brltty,
+	c-icap, cegui, checkpolicy, clamav, crda, cvs, docker-cli,
+	docker-engine, domoticz, elf2flt, exfatprogs, fakeroot,
+	ffmpeg, freerdp, gcc, glibc, gnuconfig, irrlicht, kmod,
+	libexif, libpam-tacplus, libssh2, libv4l, libvncserver,
+	localedef, lrzip, mariadb, matchbox, mbuffer, mesa3d,
+	mesa3d-headers, meson, netsniff-ng, openldap, openocd,
+	optee-os, p7zip, paho-mqtt-c, php, piglit, pigz,
+	python-argon2-cffi, python-attrs, python-future,
+	python-markdown, python-pycryptodomex, python-pyqt5, qt5base,
+	rpi-firmware, rustc, squashfs, squid, stella, suricata,
+	systemd, uacme, uclibc, util-linux, vboot-utils
+
+	New packages: python3-pyelftools
+
+	Removed packages: ezxml, mtdev2tuio, python-pycrypto
+
+	Issues resolved (http://bugs.uclibc.org):
+
+	#10551: PowerPC SPE and Musl
+	#12256: package tar is outdated (1.29 is 3 years old)
+	#12271: python-iptables runtime dependencies
+	#12321: host-generic-package: PKG_DL_OPTS not used for host package
+	#12391: CMake-based host package fails to include output/host/include
+	#12431: ethernet no detected on nanopi neo 2
+	#12521: RISCV RV32IA selected, RV64GC output
+	#12586: avahi failure
+	#12596: host-e2fsprogs: tune2fs incompatibility on older glibc..
+	#12611: ntp hash is not matching with upstream 4.2.8p13
+	#12626: PHP missing header files within 2020.02
+	#12631: glibc support Power-PC SPE
+	#12656: bison fails to relocate with relocate-sdk.sh
+	#12661: cups problems in buildroot
+	#12686: recipe for target 'install_dev' failed (libcrypto.so:..
+	#12691: host-rust build fails
+	#12761: Buildroot fails when building GCNano binaries for the STM..
+	#12786: Systemd spawns two getty processes when the getty port..
+	#12806: There are multiple issues in buildroot that faults cups..
+	#12826: nodejs-12.16.1: error: 'uv_sleep' was not declared in..
+	#12831: RPI-firmware package: DTB-overlay dependency
+	#12836: libunwind: package does not show up in menuconfig for..
+	#12841: util-linux/sfdisk 2.35.1 fails on sector-size header
+	#12866: should we be disabling bash executable path caching?
+	#12886: GMP built in wrong order (?)
+	#12891: QEMU, libvirt-bin, qemu-kvm Package Support required
+	#12901: GStreamer doesn't build on 2020-05 rc1 with GObject..
+	#12906: qt PrefixPath is wrong on 2020.05-rc1
+	#12921: nodejs-12.16.1: error: overriding 'virtual icu_65::..
+
 2020.05-rc1, released May 7th 2020
 
 	Addition of support for gobject-introspection: both the
@@ -77,6 +136,48 @@
 	#12796: Update OpenSSL to Version 1.1.1g to patch  CVE-2020-1967
 	#12811: bootstrap stuck and no login prompt
 
+2020.02.2, released May 12th, 2020
+
+	Important / security related fixes.
+
+	Musl: Disallow on PPC64 cores without AltiVec support
+	(E.G. e5500).
+
+	fs/cpio: Correctly handle booting with 'console='
+
+	release: Ensure temporary .br2-external.* files are not
+	included in the release tarball
+
+	Defconfigs: Fix various mistyped config options, or config
+	options where the dependencies were no longer met.
+
+	Updated/fixed packages: apache, azure-iot-sdk-c, binutils,
+	boinc, c-ares, cvs, docker-cli, docker-containerd,
+	docker-engine, domoticz, e2fsprogs, efl, evtest, exim, ffmpeg,
+	freerdp, gcc, gflags, glibc, gnuconfig, haproxy, imx-gpu-2d,
+	irrlicht, jpeg kodi-pvr-vuplus, libarchive, libcoap,
+	libfpm-extra, libglib2, libhtp, libid3tag, libinput, libmad,
+	libopenssl, libsepol, libssh, libv4l, libvncserver, libwpe,
+	localedef, mariadb, matchbox, mbedtls, mc, mesa3d-headers,
+	meson, midori, msgpack, netsnmp, nginx, ogre, openjdk,
+	openldap, openvpn, p7zip, paho-mqtt-c, php, polkit, python,
+	python-attrs, python-crossbar, python-dpkt, python-flask,
+	python-future, python-iptables, python-jedi, python-markdown2,
+	python3, qemu, qpdf, qt5, samba4, squashfs, squid, strongswan,
+	suricata, tzdata, util-linux, vlc, wget, webkitgtk,
+	wireguard-linux-compat, wireshark, wpebackend-fdo, wpewebkit,
+	zic
+
+	Issues resolved (http://bugs.uclibc.org):
+
+	#11866: initramfs file system fails to boot using Grub on EFI x86_64
+	#12271: python-iptables runtime dependencies
+	#12726: systemctl preset-all failed for ctrl-alt-del.target
+	#12751: OpenJdk package installation issues on target
+	#12796: Update OpenSSL to Version 1.1.1g to patch CVE-2020-1967
+	#12811: bootstrap stuck and no login prompt
+	#12841: util-linux/sfdisk 2.35.1 fails on sector-size header
+
 2020.02.1, released April 10th, 2020
 
 	Important / security related fixes.

Config.in.legacy

@@ -146,6 +146,27 @@ endif
 
 comment "Legacy options removed in 2020.05"
 
+config BR2_PACKAGE_PYTHON_PYCRYPTO
+	bool "python-pycrypto package removed"
+	select BR2_LEGACY
+	help
+	  This package has been removed, use python-pycryptodomex
+	  instead.
+
+config BR2_PACKAGE_MTDEV2TUIO
+	bool "mtdev2tuio package removed"
+	select BR2_LEGACY
+	help
+	  The mtdev2tuio package was removed as it breaks the builds
+	  every now and then and is not maintained upstream.
+
+config BR2_PACKAGE_EZXML
+	bool "ezxml package removed"
+	select BR2_LEGACY
+	help
+	  The ezXML package was removed as it is affected by several
+	  CVEs and is not maintained anymore (no release since 2006).
+
 config BR2_PACKAGE_COLLECTD_LVM
 	bool "lvm support in collectd was removed"
 	select BR2_LEGACY

DEVELOPERS

@@ -2250,7 +2250,6 @@ F:	package/davfs2/
 N:	Ryan Barnett <ryan.barnett@rockwellcollins.com>
 F:	package/atftp/
 F:	package/miraclecast/
-F:	package/python-pycrypto/
 F:	package/python-pysnmp/
 F:	package/python-pysnmp-mibs/
 F:	package/python-tornado/
@@ -2396,11 +2395,8 @@ F:	package/libscrypt/
 N:	Stephan Hoffmann <sho@relinux.de>
 F:	package/cache-calibrator/
 F:	package/gtest/
-F:	package/mtdev/
-F:	package/mtdev2tuio/
-
-N:	Stephan Hoffmann <stephan.hoffmann@ext.grandcentrix.net>
 F:	package/libhttpserver/
+F:	package/mtdev/
 
 N:	Steve Calfee <stevecalfee@gmail.com>
 F:	package/python-pymysql/

Makefile

@@ -92,9 +92,9 @@ all:
 .PHONY: all
 
 # Set and export the version string
-export BR2_VERSION := 2020.05-rc1
+export BR2_VERSION := 2020.05-rc2
 # Actual time the release is cut (for reproducible builds)
-BR2_VERSION_EPOCH = 1588882900
+BR2_VERSION_EPOCH = 1590140000
 
 # Save running make version since it's clobbered by the make package
 RUNNING_MAKE_VERSION := $(MAKE_VERSION)
@@ -1190,7 +1190,7 @@ release: OUT = buildroot-$(BR2_VERSION)
 release:
 	git archive --format=tar --prefix=$(OUT)/ HEAD > $(OUT).tar
 	$(MAKE) O=$(OUT) manual-html manual-text manual-pdf
-	$(MAKE) O=$(OUT) clean
+	$(MAKE) O=$(OUT) distclean
 	tar rf $(OUT).tar $(OUT)
 	gzip -9 -c < $(OUT).tar > $(OUT).tar.gz
 	bzip2 -9 -c < $(OUT).tar > $(OUT).tar.bz2

boot/optee-os/0001-scripts-pem_to_pub_c.py-sign.py-use-pycryptodomex.patch

@@ -0,0 +1,64 @@
+From 06e71feaeb08349abe56b50c3dfb08a8341cf55f Mon Sep 17 00:00:00 2001
+From: Romain Naour <romain.naour@gmail.com>
+Date: Sun, 26 Apr 2020 21:55:55 +0200
+Subject: [PATCH] scripts/pem_to_pub_c.py/sign.py: use pycryptodomex
+
+These scripts still use pycrypto.
+
+From [1]:
+"PyCryptodome is a fork of PyCrypto, which is not maintained any more
+(the last release dates back to 2013 [2]). It exposes almost the same
+API, but there are a few incompatibilities [3]."
+
+Don't use upstream commit since it also switches from the algorithm
+TEE_ALG_RSASSA_PKCS1_V1_5_SHA256 to TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256
+when replacing pycrypto to pycryptodomex [4].
+
+[1] https://github.com/OP-TEE/optee_os/commit/90ad2450436fdd9fc0d28a3f92f3fbcfd89a38f0
+[2] https://pypi.org/project/pycrypto/#history
+[3] https://pycryptodome.readthedocs.io/en/latest/src/vs_pycrypto.html
+[4] https://github.com/OP-TEE/optee_os/commit/ababd72d2fd76cb2ded8e202b49db28d6545f6eb
+
+Signed-off-by: Romain Naour <romain.naour@gmail.com>
+---
+ scripts/pem_to_pub_c.py | 4 ++--
+ scripts/sign.py         | 8 ++++----
+ 2 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/scripts/pem_to_pub_c.py b/scripts/pem_to_pub_c.py
+index 3a896a39..d3f0e500 100755
+--- a/scripts/pem_to_pub_c.py
++++ b/scripts/pem_to_pub_c.py
+@@ -21,8 +21,8 @@ def get_args():
+ 
+ def main():
+     import array
+-    from Crypto.PublicKey import RSA
+-    from Crypto.Util.number import long_to_bytes
++    from Cryptodome.PublicKey import RSA
++    from Cryptodome.Util.number import long_to_bytes
+ 
+     args = get_args()
+ 
+diff --git a/scripts/sign.py b/scripts/sign.py
+index 2939c591..80ce2e9f 100755
+--- a/scripts/sign.py
++++ b/scripts/sign.py
+@@ -121,10 +121,10 @@ def get_args(logger):
+ 
+ 
+ def main():
+-    from Crypto.Signature import PKCS1_v1_5
+-    from Crypto.Hash import SHA256
+-    from Crypto.PublicKey import RSA
+-    from Crypto.Util.number import ceil_div
++    from Cryptodome.Signature import PKCS1_v1_5
++    from Cryptodome.Hash import SHA256
++    from Cryptodome.PublicKey import RSA
++    from Cryptodome.Util.number import ceil_div
+     import base64
+     import logging
+     import os
+-- 
+2.25.3
+

boot/optee-os/optee-os.mk

@@ -21,7 +21,7 @@ else
 OPTEE_OS_SITE = $(call github,OP-TEE,optee_os,$(OPTEE_OS_VERSION))
 endif
 
-OPTEE_OS_DEPENDENCIES = host-openssl host-python-pycrypto host-python-pyelftools
+OPTEE_OS_DEPENDENCIES = host-openssl host-python-pycryptodomex host-python-pyelftools
 
 # On 64bit targets, OP-TEE OS can be built in 32bit mode, or
 # can be built in 64bit mode and support 32bit and 64bit

boot/uboot/Config.in

@@ -147,14 +147,45 @@ config BR2_TARGET_UBOOT_NEEDS_DTC
 	  Select this option if your U-Boot board configuration
 	  requires the Device Tree compiler to be available.
 
+config BR2_TARGET_UBOOT_NEEDS_PYTHON
+	bool
+
+choice
+	bool "U-Boot needs host Python"
+
+config BR2_TARGET_UBOOT_NEEDS_PYTHON_NONE
+	bool "no"
+	depends on !BR2_TARGET_UBOOT_NEEDS_PYTHON
+	help
+	  Select this option if U-Boot does not need any
+	  host python to build.
+
+config BR2_TARGET_UBOOT_NEEDS_PYTHON2
+	bool "python 2.x"
+	help
+	  Select this option if U-Boot needs a host Python 2.x
+	  interpreter. This is the case for some U-Boot
+	  configurations, prior to U-Boot 2020.01.
+
+config BR2_TARGET_UBOOT_NEEDS_PYTHON3
+	bool "python 3.x"
+	help
+	  Select this option if U-Boot needs a host Python 3.x
+	  interpreter. This is the case for some U-Boot
+	  configurations, after U-Boot 2020.01.
+
+endchoice
+
 config BR2_TARGET_UBOOT_NEEDS_PYLIBFDT
 	bool "U-Boot needs pylibfdt"
+	select BR2_TARGET_UBOOT_NEEDS_PYTHON
 	help
 	  Select this option if your U-Boot board configuration
 	  requires the Python libfdt library to be available.
 
 config BR2_TARGET_UBOOT_NEEDS_PYELFTOOLS
 	bool "U-Boot needs pyelftools"
+	select BR2_TARGET_UBOOT_NEEDS_PYTHON
 	help
 	  Select this option if your U-Boot board configuration
 	  requires the Python pyelftools library to be available.

boot/uboot/uboot.mk

@@ -159,12 +159,22 @@ ifeq ($(BR2_TARGET_UBOOT_NEEDS_DTC),y)
 UBOOT_DEPENDENCIES += host-dtc
 endif
 
+ifeq ($(BR2_TARGET_UBOOT_NEEDS_PYTHON2),y)
+UBOOT_DEPENDENCIES += host-python
+else ifeq ($(BR2_TARGET_UBOOT_NEEDS_PYTHON3),y)
+UBOOT_DEPENDENCIES += host-python3
+endif
+
 ifeq ($(BR2_TARGET_UBOOT_NEEDS_PYLIBFDT),y)
-UBOOT_DEPENDENCIES += host-python host-swig
+UBOOT_DEPENDENCIES += host-swig
 endif
 
 ifeq ($(BR2_TARGET_UBOOT_NEEDS_PYELFTOOLS),y)
+ifeq ($(BR2_TARGET_UBOOT_NEEDS_PYTHON2),y)
 UBOOT_DEPENDENCIES += host-python-pyelftools
+else ifeq ($(BR2_TARGET_UBOOT_NEEDS_PYTHON3),y)
+UBOOT_DEPENDENCIES += host-python3-pyelftools
+endif
 endif
 
 ifeq ($(BR2_TARGET_UBOOT_NEEDS_OPENSSL),y)

configs/beelink_gs1_defconfig

@@ -34,6 +34,7 @@ BR2_TARGET_UBOOT_CUSTOM_VERSION=y
 BR2_TARGET_UBOOT_CUSTOM_VERSION_VALUE="2020.01"
 BR2_TARGET_UBOOT_BOARD_DEFCONFIG="beelink_gs1"
 BR2_TARGET_UBOOT_NEEDS_DTC=y
+BR2_TARGET_UBOOT_NEEDS_PYTHON3=y
 BR2_TARGET_UBOOT_NEEDS_PYLIBFDT=y
 BR2_TARGET_UBOOT_NEEDS_ATF_BL31=y
 BR2_TARGET_UBOOT_SPL=y

configs/nanopi_neo4_defconfig

@@ -22,8 +22,7 @@ BR2_TARGET_UBOOT_CUSTOM_VERSION=y
 BR2_TARGET_UBOOT_CUSTOM_VERSION_VALUE="2020.01"
 BR2_TARGET_UBOOT_BOARD_DEFCONFIG="nanopi-neo4-rk3399"
 BR2_TARGET_UBOOT_NEEDS_DTC=y
-BR2_TARGET_UBOOT_NEEDS_PYLIBFDT=y
-BR2_TARGET_UBOOT_NEEDS_PYELFTOOLS=y
+BR2_TARGET_UBOOT_NEEDS_PYTHON3=y
 BR2_TARGET_UBOOT_NEEDS_ATF_BL31=y
 BR2_TARGET_UBOOT_NEEDS_ATF_BL31_ELF=y
 BR2_TARGET_UBOOT_FORMAT_CUSTOM=y

configs/olimex_a20_olinuxino_lime2_defconfig

@@ -46,6 +46,7 @@ BR2_TARGET_UBOOT_CUSTOM_VERSION=y
 BR2_TARGET_UBOOT_CUSTOM_VERSION_VALUE="2020.04"
 BR2_TARGET_UBOOT_BOARD_DEFCONFIG="A20-OLinuXino-Lime2"
 BR2_TARGET_UBOOT_NEEDS_DTC=y
+BR2_TARGET_UBOOT_NEEDS_PYTHON3=y
 BR2_TARGET_UBOOT_NEEDS_PYLIBFDT=y
 BR2_TARGET_UBOOT_FORMAT_BIN=y
 BR2_TARGET_UBOOT_SPL=y

configs/olimex_a20_olinuxino_lime_defconfig

@@ -46,6 +46,7 @@ BR2_TARGET_UBOOT_CUSTOM_VERSION=y
 BR2_TARGET_UBOOT_CUSTOM_VERSION_VALUE="2020.04"
 BR2_TARGET_UBOOT_BOARD_DEFCONFIG="A20-OLinuXino-Lime"
 BR2_TARGET_UBOOT_NEEDS_DTC=y
+BR2_TARGET_UBOOT_NEEDS_PYTHON3=y
 BR2_TARGET_UBOOT_NEEDS_PYLIBFDT=y
 BR2_TARGET_UBOOT_FORMAT_BIN=y
 BR2_TARGET_UBOOT_SPL=y

configs/raspberrypi3_64_defconfig

@@ -17,7 +17,6 @@ BR2_LINUX_KERNEL_DEFCONFIG="bcmrpi3"
 # Build the DTB from the kernel sources
 BR2_LINUX_KERNEL_DTS_SUPPORT=y
 BR2_LINUX_KERNEL_INTREE_DTS_NAME="broadcom/bcm2710-rpi-3-b broadcom/bcm2710-rpi-3-b-plus broadcom/bcm2837-rpi-3-b"
-BR2_LINUX_KERNEL_DTB_OVERLAY_SUPPORT=y
 
 BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y
 

configs/raspberrypi4_64_defconfig

@@ -17,7 +17,6 @@ BR2_LINUX_KERNEL_DEFCONFIG="bcm2711"
 # Build the DTB from the kernel sources
 BR2_LINUX_KERNEL_DTS_SUPPORT=y
 BR2_LINUX_KERNEL_INTREE_DTS_NAME="broadcom/bcm2711-rpi-4-b"
-BR2_LINUX_KERNEL_DTB_OVERLAY_SUPPORT=y
 
 BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y
 

configs/roc_pc_rk3399_defconfig

@@ -22,8 +22,7 @@ BR2_TARGET_UBOOT_CUSTOM_VERSION=y
 BR2_TARGET_UBOOT_CUSTOM_VERSION_VALUE="2020.01"
 BR2_TARGET_UBOOT_BOARD_DEFCONFIG="roc-pc-rk3399"
 BR2_TARGET_UBOOT_NEEDS_DTC=y
-BR2_TARGET_UBOOT_NEEDS_PYLIBFDT=y
-BR2_TARGET_UBOOT_NEEDS_PYELFTOOLS=y
+BR2_TARGET_UBOOT_NEEDS_PYTHON3=y
 BR2_TARGET_UBOOT_NEEDS_ATF_BL31=y
 BR2_TARGET_UBOOT_NEEDS_ATF_BL31_ELF=y
 BR2_TARGET_UBOOT_FORMAT_CUSTOM=y

docs/website/download.html

@@ -8,37 +8,37 @@
     <div class="panel-heading">Download</div>
     <div class="panel-body">
 
-      <h3 style="text-align: center;">Latest stable / long term support release: <b>2020.02.1</b></h3>
+      <h3 style="text-align: center;">Latest stable / long term support release: <b>2020.02.2</b></h3>
 
       <div class="row mt centered">
 	<div class="col-sm-6">
 	  <div class="flip-container center-block" ontouchstart="this.classList.toggle('hover');">
 	    <div class="flipper">
 	      <div class="front">
-		<a href="/downloads/buildroot-2020.02.1.tar.gz"><img src="images/zip.png" width="180" alt=""></a>
+		<a href="/downloads/buildroot-2020.02.2.tar.gz"><img src="images/zip.png" width="180" alt=""></a>
 	      </div>
 	      <div class="back">
-		<a href="/downloads/buildroot-2020.02.1.tar.gz"><img src="images/zip.png" width="180" alt=""></a>
+		<a href="/downloads/buildroot-2020.02.2.tar.gz"><img src="images/zip.png" width="180" alt=""></a>
 	      </div>
 	    </div>
 	  </div>
-	  <h3><a href="/downloads/buildroot-2020.02.1.tar.gz">buildroot-2020.02.1.tar.gz</a></h3>
-	  <p><a href="/downloads/buildroot-2020.02.1.tar.gz.sign">PGP signature</a></p>
+	  <h3><a href="/downloads/buildroot-2020.02.2.tar.gz">buildroot-2020.02.2.tar.gz</a></h3>
+	  <p><a href="/downloads/buildroot-2020.02.2.tar.gz.sign">PGP signature</a></p>
 	</div>
 	<div class="col-sm-6">
 	  <div class="flip-container center-block" ontouchstart="this.classList.toggle('hover');">
 	    <div class="flipper">
 	      <div class="front">
-		<a href="/downloads/buildroot-2020.02.1.tar.bz2"><img src="images/package.png" width="180" alt=""></a>
+		<a href="/downloads/buildroot-2020.02.2.tar.bz2"><img src="images/package.png" width="180" alt=""></a>
 	      </div>
 	      <div class="back">
-		<a href="/downloads/buildroot-2020.02.1.tar.bz2"><img src="images/package.png" width="180" alt=""></a>
+		<a href="/downloads/buildroot-2020.02.2.tar.bz2"><img src="images/package.png" width="180" alt=""></a>
 	      </div>
 	    </div>
 	  </div>
 
-	  <h3><a href="/downloads/buildroot-2020.02.1.tar.bz2">buildroot-2020.02.1.tar.bz2</a></h3>
-	  <p><a href="/downloads/buildroot-2020.02.1.tar.bz2.sign">PGP signature</a></p>
+	  <h3><a href="/downloads/buildroot-2020.02.2.tar.bz2">buildroot-2020.02.2.tar.bz2</a></h3>
+	  <p><a href="/downloads/buildroot-2020.02.2.tar.bz2.sign">PGP signature</a></p>
 	</div>
       </div>
 <!--
@@ -76,37 +76,37 @@
 	</div>
       </div>
 -->
-      <h3 style="text-align: center;">Latest release candidate: <b>2020.05-rc1</b></h3>
+      <h3 style="text-align: center;">Latest release candidate: <b>2020.05-rc2</b></h3>
       <div class="row mt centered">
 	<div class="col-sm-6">
 	  <div class="flip-container center-block" ontouchstart="this.classList.toggle('hover');">
 	    <div class="flipper">
 	      <div class="front">
-		<a href="/downloads/buildroot-2020.05-rc1.tar.gz"><img src="images/zip.png" width="180" alt=""></a>
+		<a href="/downloads/buildroot-2020.05-rc2.tar.gz"><img src="images/zip.png" width="180" alt=""></a>
 	      </div>
 	      <div class="back">
-		<a href="/downloads/buildroot-2020.05-rc1.tar.gz"><img src="images/zip.png" width="180" alt=""></a>
+		<a href="/downloads/buildroot-2020.05-rc2.tar.gz"><img src="images/zip.png" width="180" alt=""></a>
 	      </div>
 	    </div>
 	  </div>
 
-	  <h3><a href="/downloads/buildroot-2020.05-rc1.tar.gz">buildroot-2020.05-rc1.tar.gz</a></h3>
-	  <p><a href="/downloads/buildroot-2020.05-rc1.tar.gz.sign">PGP signature</a></p>
+	  <h3><a href="/downloads/buildroot-2020.05-rc2.tar.gz">buildroot-2020.05-rc2.tar.gz</a></h3>
+	  <p><a href="/downloads/buildroot-2020.05-rc2.tar.gz.sign">PGP signature</a></p>
 	</div>
 	<div class="col-sm-6">
 	  <div class="flip-container center-block" ontouchstart="this.classList.toggle('hover');">
 	    <div class="flipper">
 	      <div class="front">
-		<a href="/downloads/buildroot-2020.05-rc1.tar.bz2"><img src="images/package.png" width="180" alt=""></a>
+		<a href="/downloads/buildroot-2020.05-rc2.tar.bz2"><img src="images/package.png" width="180" alt=""></a>
 	      </div>
 	      <div class="back">
-		<a href="/downloads/buildroot-2020.05-rc1.tar.bz2"><img src="images/package.png" width="180" alt=""></a>
+		<a href="/downloads/buildroot-2020.05-rc2.tar.bz2"><img src="images/package.png" width="180" alt=""></a>
 	      </div>
 	    </div>
 	  </div>
 
-	  <h3><a href="/downloads/buildroot-2020.05-rc1.tar.bz2">buildroot-2020.05-rc1.tar.bz2</a></h3>
-	  <p><a href="/downloads/buildroot-2020.05-rc1.tar.bz2.sign">PGP signature</a></p>
+	  <h3><a href="/downloads/buildroot-2020.05-rc2.tar.bz2">buildroot-2020.05-rc2.tar.bz2</a></h3>
+	  <p><a href="/downloads/buildroot-2020.05-rc2.tar.bz2.sign">PGP signature</a></p>
 	</div>
       </div>
 

docs/website/news.html

@@ -9,6 +9,46 @@
 <h2>News</h2>
 <ul class="timeline">
 
+  <li>
+    <div class="timeline-badge"><i class="glyphicon glyphicon-thumbs-up"></i></div>
+    <div class="timeline-panel">
+      <div class="timeline-heading">
+	<h4 class="timeline-title">2020.05-rc2 released</h4>
+	<p><small class="text-muted"><i class="glyphicon glyphicon-time"></i>22 May 2020</small></p>
+      </div>
+      <div class="timeline-body">
+        <p>Another week, another release candidate with more cleanups and build fixes. See the
+	  <a href="http://git.buildroot.net/buildroot/plain/CHANGES?id=2020.05-rc2">CHANGES</a>
+	  file for details.</p>
+
+	<p>Head to the <a href="/downloads/">downloads page</a> to pick up the
+	  <a href="/downloads/buildroot-2020.05-rc2.tar.bz2">2020.05-rc2
+	  release candidate</a>, and report any problems found to the
+	  <a href="support.html">mailing list</a> or
+	  <a href="https://bugs.buildroot.org">bug tracker</a>.</p>
+      </div>
+    </div>
+  </li>
+
+  <li class="timeline-inverted">
+    <div class="timeline-badge"><i class="glyphicon glyphicon-thumbs-up"></i></div>
+    <div class="timeline-panel">
+      <div class="timeline-heading">
+	<h4 class="timeline-title">2020.02.2 released</h4>
+	<p><small class="text-muted"><i class="glyphicon glyphicon-time"></i>12 May 2020</small></p>
+      </div>
+      <div class="timeline-body">
+	<p>The 2020.02.2 bugfix release is out, fixing a number of important /
+	  security related issues discovered since the 2020.02.1 release. See the
+	  <a href="http://git.buildroot.net/buildroot/plain/CHANGES?id=2020.02.2">CHANGES</a>
+	  file for more details, read the
+	  <a href="http://lists.busybox.net/pipermail/buildroot/2020-May/282748.html">announcement</a>
+	  and go to the <a href="/downloads/">downloads page</a> to pick up the
+	  <a href="/downloads/buildroot-2020.02.2.tar.bz2">2020.02.2 release</a>.</p>
+      </div>
+    </div>
+  </li>
+
   <li>
     <div class="timeline-badge"><i class="glyphicon glyphicon-thumbs-up"></i></div>
     <div class="timeline-panel">

linux/Config.in

@@ -30,7 +30,7 @@ config BR2_LINUX_KERNEL_LATEST_VERSION
 	bool "Latest version (5.6)"
 
 config BR2_LINUX_KERNEL_LATEST_CIP_VERSION
-	bool "Latest CIP SLTS version (4.19.98-cip19)"
+	bool "Latest CIP SLTS version (4.19.118-cip25)"
 	help
 	  CIP launched in the spring of 2016 to address the needs of
 	  organizations in industries such as power generation and
@@ -49,7 +49,7 @@ config BR2_LINUX_KERNEL_LATEST_CIP_VERSION
 	  https://www.cip-project.org
 
 config BR2_LINUX_KERNEL_LATEST_CIP_RT_VERSION
-	bool "Latest CIP RT SLTS version (4.19.98-cip19-rt7)"
+	bool "Latest CIP RT SLTS version (4.19.115-cip24-rt9)"
 	help
 	  Same as the CIP version, but this is the PREEMPT_RT realtime
 	  variant.
@@ -128,9 +128,9 @@ endif
 
 config BR2_LINUX_KERNEL_VERSION
 	string
-	default "5.6.7" if BR2_LINUX_KERNEL_LATEST_VERSION
-	default "4.19.98-cip19" if BR2_LINUX_KERNEL_LATEST_CIP_VERSION
-	default "4.19.98-cip19-rt7" if BR2_LINUX_KERNEL_LATEST_CIP_RT_VERSION
+	default "5.6.12" if BR2_LINUX_KERNEL_LATEST_VERSION
+	default "4.19.118-cip25" if BR2_LINUX_KERNEL_LATEST_CIP_VERSION
+	default "4.19.115-cip24-rt9" if BR2_LINUX_KERNEL_LATEST_CIP_RT_VERSION
 	default BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE \
 		if BR2_LINUX_KERNEL_CUSTOM_VERSION
 	default "custom" if BR2_LINUX_KERNEL_CUSTOM_TARBALL

linux/linux.hash

@@ -1,15 +1,15 @@
 # From https://www.kernel.org/pub/linux/kernel/v5.x/sha256sums.asc
-sha256  23a0420f29eacb66d71f86f64fbd35a1b6ff617d520e3e05f3e1f537d46692ca  linux-5.6.7.tar.xz
+sha256  daea336aace63a9116475b3f698e259073c00bea57a2a545300dba1c45562221  linux-5.6.12.tar.xz
 sha256  1448334371fb52f511255726832464d33877a210a7350260fb18eb225ae211eb  linux-5.5.19.tar.xz
-sha256  e16bd5f7284a80a41328bf712e1136b0adf5b71cc0bd263efa7cac75539806d4  linux-5.4.35.tar.xz
+sha256  83563f027687ecaafb41d0d2d52056f40ec9822f8a9e43592e215349730020ab  linux-5.4.40.tar.xz
 # From https://www.kernel.org/pub/linux/kernel/v4.x/sha256sums.asc
-sha256  4e98b51c2e3a8fd069dc941b9cb68594f84ea767c2927e93255e1151c5c2fdd6  linux-4.4.219.tar.xz
-sha256  6b17238cced3e1c2753d6d5b4f662bd347d4651f07c35506b849eb10aea7bc44  linux-4.9.219.tar.xz
-sha256  bcae0956baaeb55dab5bad0401873fbc5baaa7fbe957ea6d27a5ab241cec5ca2  linux-4.14.176.tar.xz
-sha256  89749365f9dafa6c62cc5e920a7e532ed4aad9ab766fb436423b153ffbc08c96  linux-4.19.118.tar.xz
+sha256  cd963e66d7fb07f142fa5274ec90f46c8388a327e2ba28c5fec245d734b0d425  linux-4.4.223.tar.xz
+sha256  cf5300e6f5d8c66c2bed8f00d53f9c58103731809862427012e4010f5d782ae5  linux-4.9.223.tar.xz
+sha256  444ef973d9b6a6ea174e4a9086f0aea980d8575d13302e431ad688f22e27ed0e  linux-4.14.180.tar.xz
+sha256  5050268ec5cf003d96366d1611ecfa4ab6974125d6fa26cea1ccb81dd4df00a5  linux-4.19.122.tar.xz
 # Locally computed
-sha256  18f9ddba0b777d1942d6c81877ba97c4bcd08488e2c409e57dcce866b9de5fc2  linux-cip-4.19.98-cip19.tar.gz
-sha256  7d5aeb67da41dc66ef28621ef994ef4403e8b1f5c3df38b1843da20972444280  linux-cip-4.19.98-cip19-rt7.tar.gz
+sha256  ea53913813cb5a9069608532b327de7a7ed0fdc8fed8c6f10cd55d1ac6a58ffb  linux-cip-4.19.118-cip25.tar.gz
+sha256  7f0a0db0e1cfb14053523f4432f1ad1468b5bd42305b44905c4b103466c8d655  linux-cip-4.19.115-cip24-rt9.tar.gz
 
 # Licenses hashes
 sha256  ee5808b032a67f587d3541099d46de34f5bec8cd5976114ba07f1299ee6001ff  COPYING

package/Config.in

@@ -1074,7 +1074,6 @@ menu "External python modules"
 	source "package/python-pycares/Config.in"
 	source "package/python-pycli/Config.in"
 	source "package/python-pycparser/Config.in"
-	source "package/python-pycrypto/Config.in"
 	source "package/python-pycryptodomex/Config.in"
 	source "package/python-pydal/Config.in"
 	source "package/python-pydantic/Config.in"
@@ -1562,7 +1561,6 @@ menu "JSON/XML"
 	source "package/benejson/Config.in"
 	source "package/cjson/Config.in"
 	source "package/expat/Config.in"
-	source "package/ezxml/Config.in"
 	source "package/jansson/Config.in"
 	source "package/jose/Config.in"
 	source "package/jsmn/Config.in"
@@ -1878,7 +1876,6 @@ endif
 	source "package/mpfr/Config.in"
 	source "package/mpir/Config.in"
 	source "package/msgpack/Config.in"
-	source "package/mtdev2tuio/Config.in"
 	source "package/musl-compat-headers/Config.in"
 	source "package/musl-fts/Config.in"
 	source "package/openblas/Config.in"

package/apparmor/0002-replace-deprecated-egrep-with-grep-e.patch

@@ -0,0 +1,28 @@
+From 5f46dedd6e8109d845af118b36039a5d7dd05af9 Mon Sep 17 00:00:00 2001
+From: Christian Boltz <apparmor@cboltz.de>
+Date: Mon, 18 Mar 2019 19:17:16 +0100
+Subject: [PATCH] replace deprecated egrep with grep -e
+
+(cherry picked from commit 5f46dedd6e8109d845af118b36039a5d7dd05af9)
+Signed-off-by: Christian Boltz <apparmor@cboltz.de>
+Signed-off-by: Adam Duskett <Aduskett@gmail.com>
+---
+ parser/rc.apparmor.functions | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/parser/rc.apparmor.functions b/parser/rc.apparmor.functions
+index 22e8367..f3108f8 100644
+--- a/parser/rc.apparmor.functions
++++ b/parser/rc.apparmor.functions
+@@ -129,7 +129,7 @@ skip_profile() {
+ 	     "${profile%.pacnew}" != "${profile}" ] ; then
+ 		return 2
+ 	fi
+-	if echo "${profile}" | egrep -q '^.+\.new-[0-9\.]+_[0-9]+$'; then
++	if echo "${profile}" | grep -E -q '^.+\.new-[0-9\.]+_[0-9]+$'; then
+ 		return 2
+ 	fi
+ 
+-- 
+2.26.2
+

package/apparmor/0003-fix-regex-in-rc.apparmor.functions-to-work-with-busy.patch

@@ -0,0 +1,37 @@
+From 12764faa0a01bcc4e0ffc92ce308985dbad0d954 Mon Sep 17 00:00:00 2001
+From: Adam Duskett <Aduskett@gmail.com>
+Date: Thu, 7 May 2020 18:25:29 -0700
+Subject: [PATCH] fix regex in rc.apparmor.functions to work with busybox
+
+The following regex string in rc.apparmor.functions
+"^/.*[ \t]+flags[ \t]*=[ \t]*\([ \t]*complain[ \t]*\)[ \t]+{" is broken due to
+the unescaped {. GNU grep ignores the error. However, the Busybox grep does
+not and throws the error "unescaped character {"
+
+Escape the "{" character to fix this issue.
+
+Note: Upstream has rewritten large sections of the rc.apparmor.functions file
+and the function this patch fixes will no longer be necessary after the next
+version is released.
+
+Signed-off-by: Adam Duskett <Aduskett@gmail.com>
+---
+ parser/rc.apparmor.functions | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/parser/rc.apparmor.functions b/parser/rc.apparmor.functions
+index f3108f8..db0697c 100644
+--- a/parser/rc.apparmor.functions
++++ b/parser/rc.apparmor.functions
+@@ -140,7 +140,7 @@ force_complain() {
+ 	local profile=$1
+ 
+ 	# if profile not in complain mode
+-	if ! egrep -q "^/.*[ \t]+flags[ \t]*=[ \t]*\([ \t]*complain[ \t]*\)[ \t]+{" $profile ; then
++	if ! grep -E -q "^/.*[ \t]+flags[ \t]*=[ \t]*\([ \t]*complain[ \t]*\)[ \t]+\{" $profile ; then
+ 		local link="${PROFILE_DIR}/force-complain/`basename ${profile}`"
+ 		if [ -e "$link" ] ; then
+ 			aa_log_warning_msg "found $link, forcing complain mode"
+-- 
+2.26.2
+

package/apparmor/Config.in

@@ -32,9 +32,11 @@ comment "utils need python3"
 config BR2_PACKAGE_APPARMOR_UTILS
 	bool "utils"
 	depends on BR2_PACKAGE_PYTHON3
+	select BR2_PACKAGE_BUSYBOX_SHOW_OTHERS # net-tools
+	select BR2_PACKAGE_NET_TOOLS # runtime (aa-unconfined)
 	select BR2_PACKAGE_PYTHON3_READLINE
 	help
-	  A set of utilities (written in pyhon):
+	  A set of utilities (written in python):
 	    aa-audit          aa-disable      aa-logprof
 	    aa-autodep        aa-easyprof     aa-mergeprof
 	    aa-cleanprof      aa-enforce      aa-status

package/apparmor/apparmor.mk

@@ -15,7 +15,7 @@ APPARMOR_LICENSE_FILES = LICENSE parser/COPYING.GPL
 APPARMOR_DEPENDENCIES = libapparmor
 
 APPARMOR_TOOLS = parser
-APPARMOR_MAKE_OPTS = USE_SYSTEM=1 DISTRO=unknown
+APPARMOR_MAKE_OPTS = USE_SYSTEM=1 DISTRO=unknown POD2MAN=true POD2HTML=true
 
 ifeq ($(BR2_PACKAGE_GETTEXT_PROVIDES_LIBINTL),y)
 APPARMOR_DEPENDENCIES += gettext

package/binutils/binutils.mk

@@ -112,6 +112,7 @@ endef
 ifneq ($(BR2_PACKAGE_BINUTILS_TARGET),y)
 define BINUTILS_INSTALL_TARGET_CMDS
 	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D)/bfd DESTDIR=$(TARGET_DIR) install
+	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D)/opcodes DESTDIR=$(TARGET_DIR) install
 	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D)/libiberty DESTDIR=$(STAGING_DIR) install
 endef
 endif

package/bison/0001-src-make-path-to-m4-relocatable.patch

@@ -0,0 +1,70 @@
+From 50c8a3af1661c3950b9743d673fd46872860aa08 Mon Sep 17 00:00:00 2001
+From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+Date: Mon, 18 May 2020 07:53:20 +0200
+Subject: [PATCH] src: make path to m4 relocatable
+
+Commit a4ede8f85b0c9a254fcb01e5888cee1983095669 ("package: make bison
+a relocatable package") made Bison relocatable, but in fact it still
+contains one absolute reference: the M4 variable, which points to the
+M4 program. Let's fix that by using relocate().
+
+We don't use relocate2() to store the temporary buffer and re-use it,
+because m4path() is only called once.
+
+Upstream: submitted to the bison-patches@gnu.org mailing list
+https://lists.gnu.org/archive/html/bison-patches/2020-05/msg00078.html
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+---
+ src/files.c  | 7 +++++++
+ src/files.h  | 3 +++
+ src/output.c | 2 +-
+ 3 files changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/src/files.c b/src/files.c
+index 71c10e34..b8b43230 100644
+--- a/src/files.c
++++ b/src/files.c
+@@ -421,6 +421,13 @@ pkgdatadir (void)
+     }
+ }
+ 
++char const *
++m4path (void)
++{
++  char const *m4 = getenv("M4");
++  return m4 ? m4 : relocate(M4);
++}
++
+ void
+ output_file_names_free (void)
+ {
+diff --git a/src/files.h b/src/files.h
+index 00814ad0..64b6f8b5 100644
+--- a/src/files.h
++++ b/src/files.h
+@@ -64,6 +64,9 @@ extern char *all_but_ext;
+ /* Where our data files are installed.  */
+ char const *pkgdatadir (void);
+ 
++/* Where the m4 program is installed.  */
++char const *m4path (void);
++
+ void compute_output_file_names (void);
+ void output_file_names_free (void);
+ 
+diff --git a/src/output.c b/src/output.c
+index 1871fd75..ebe75095 100644
+--- a/src/output.c
++++ b/src/output.c
+@@ -682,7 +682,7 @@ static void
+ output_skeleton (void)
+ {
+   /* Compute the names of the package data dir and skeleton files.  */
+-  char const *m4 = (m4 = getenv ("M4")) ? m4 : M4;
++  char const *m4 = m4path ();
+   char const *datadir = pkgdatadir ();
+   char *skeldir = xpath_join (datadir, "skeletons");
+   char *m4sugar = xpath_join (datadir, "m4sugar/m4sugar.m4");
+-- 
+2.26.2
+

package/bison/bison.mk

@@ -12,5 +12,6 @@ BISON_LICENSE_FILES = COPYING
 # parallel build issue in examples/c/reccalc/
 BISON_MAKE = $(MAKE1)
 HOST_BISON_DEPENDENCIES = host-m4
+HOST_BISON_CONF_OPTS = --enable-relocatable
 
 $(eval $(host-autotools-package))

package/brltty/brltty.mk

@@ -12,7 +12,11 @@ BRLTTY_INSTALL_TARGET_OPTS = INSTALL_ROOT=$(TARGET_DIR) install
 BRLTTY_LICENSE = LGPL-2.1+
 BRLTTY_LICENSE_FILES = LICENSE-LGPL README
 
-BRLTTY_DEPENDENCIES = $(TARGET_NLS_DEPENDENCIES) host-autoconf host-pkgconf \
+BRLTTY_DEPENDENCIES = \
+	$(TARGET_NLS_DEPENDENCIES) \
+	host-autoconf \
+	host-gawk \
+	host-pkgconf \
 	$(if $(BR2_PACKAGE_AT_SPI2_CORE),at-spi2-core)
 
 BRLTTY_CONF_ENV = \

package/c-ares/c-ares.hash

@@ -1,5 +1,5 @@
 # Locally calculated after checking pgp signature
-sha256  de058ad7c128156e2db6dc98b8a359924d6f210a1b99dd36ba15c8f839a83a89  c-ares-1.16.0.tar.gz
+sha256  d08312d0ecc3bd48eee0a4cc0d2137c9f194e0a28de2028928c0f6cae85f86ce  c-ares-1.16.1.tar.gz
 
 # Hash for license file
 sha256  db4eb63fe09daebdf57d3f79b091bb5ee5070c0d761040e83264e648d307af4c  LICENSE.md

package/c-ares/c-ares.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-C_ARES_VERSION = 1.16.0
+C_ARES_VERSION = 1.16.1
 C_ARES_SITE = http://c-ares.haxx.se/download
 C_ARES_INSTALL_STAGING = YES
 C_ARES_CONF_OPTS = --with-random=/dev/urandom

package/c-icap/0001-Required-fixes-to-compile-and-run-under-cygwin.patch

@@ -0,0 +1,391 @@
+From 1631a6c1f50e152b8a45d8279c96086e5636795b Mon Sep 17 00:00:00 2001
+From: Christos Tsantilas <christos@chtsanti.net>
+Date: Fri, 25 Jan 2019 06:42:22 -0800
+Subject: [PATCH] Required fixes to compile and run under cygwin
+
+[Retrieved (and backported) from:
+https://github.com/c-icap/c-icap-server/commit/1631a6c1f50e152b8a45d8279c96086e5636795b,
+which has the side effect of fixing the build with the musl C library]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ Makefile.am                 |  2 +-
+ configure.ac                | 10 +++++++---
+ header.c                    | 34 ----------------------------------
+ include/header.h            |  8 --------
+ modules/Makefile.am         | 34 ++++++++++++++++++++--------------
+ modules/bdb_tables.c        | 17 +++++++++++++++--
+ modules/shared_cache.c      | 12 ++++++++++++
+ modules/sys_logger.c        | 13 +++++++++++++
+ services/echo/Makefile.am   | 10 ++++++++--
+ services/ex-206/Makefile.am | 10 ++++++++--
+ utils/c-icap-mkbdb.c        |  8 ++++----
+ 11 files changed, 88 insertions(+), 70 deletions(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index 4c34033..ab80f4f 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -53,7 +53,7 @@ c_icap_SOURCES = aserver.c request.c cfg_param.c \
+ libicapapi_la_CFLAGS= $(INVISIBILITY_CFLAG) -I$(srcdir)/include/ -Iinclude/ @ZLIB_ADD_FLAG@ @OPENSSL_ADD_FLAG@ @BZLIB_ADD_FLAG@ @BROTLI_ADD_FLAG@ @PCRE_ADD_FLAG@ -DCI_BUILD_LIB
+ 
+ libicapapi_la_LIBADD = @ZLIB_ADD_LDADD@ @BZLIB_ADD_LDADD@ @BROTLI_ADD_LDADD@ @PCRE_ADD_LDADD@ @DL_ADD_FLAG@ @THREADS_LDADD@ @OPENSSL_ADD_LDADD@
+-libicapapi_la_LDFLAGS= -shared -version-info @CICAPLIB_VERSION@ @THREADS_LDFLAGS@
++libicapapi_la_LDFLAGS= -shared -version-info @CICAPLIB_VERSION@ @LIBS_LDFLAGS@ @THREADS_LDFLAGS@
+ 
+ export EXT_PROGRAMS_MKLIB = @ZLIB_LNDIR_LDADD@ @BZLIB_LNDIR_LDADD@ @BROTLI_LNDIR_LDADD@ @PCRE_LNDIR_LDADD@ @OPENSSL_LNDIR_LDADD@
+ 
+diff --git a/configure.ac b/configure.ac
+index 405571b..8059cb7 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -45,12 +45,14 @@ case "$host_os" in
+ 	CFLAGS="-D_REENTRANT $CFLAGS"
+ 	THREADS_LDADD="-lpthread"
+ 	THREADS_LDFLAGS=""
++	LIBS_LDFLAGS=""
+      ;;
+      solaris2.*)
+      	  CFLAGS="-D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS $CFLAGS"
+           LIBS="-lsocket -lnsl -lrt $LIBS"
+ 	  THREADS_LDADD="-lpthread"
+ 	  THREADS_LDFLAGS=""
++	  LIBS_LDFLAGS=""
+       ;;
+       freebsd5*)
+ ## If I understand how all those threading models works correctly
+@@ -69,6 +71,7 @@ case "$host_os" in
+       	CFLAGS="-pthread -D_THREAD_SAFE  $CFLAGS"
+ 	THREADS_LDADD="-XCClinker -lc_r"
+ 	THREADS_LDFLAGS=""
++	LIBS_LDFLAGS=""
+ ## FreeBSD has pthreads rwlocks from version 3 (I think)
+ #	AC_DEFINE(HAVE_PTHREADS_RWLOCK,1,[Define HAVE_PTHREADS_RWLOCK if pthreads library supports rwlocks])
+ ##   1:1 threads
+@@ -82,24 +85,28 @@ case "$host_os" in
+         CFLAGS="-D_THREAD_SAFE  $CFLAGS"
+         THREADS_LDADD="-XCClinker -lthr"
+         THREADS_LDFLAGS=""
++	LIBS_LDFLAGS=""
+       ;;
+ 
+       cygwin*)
+ 	CFLAGS="-D_REENTRANT $CFLAGS"
+ 	THREADS_LDADD="-lpthread"
+ 	THREADS_LDFLAGS="";
++	LIBS_LDFLAGS="-no-undefined"
+ 	iscygwin="yes"
+       ;;
+       *)
+       	CFLAGS="-D_REENTRANT $CFLAGS"
+ 	THREADS_LDADD="-lpthread"
+ 	THREADS_LDFLAGS=""
++	LIBS_LDFLAGS=""
+       ;;
+ esac
+ 
+ TEST_LIBS="$TEST_LIBS $THREADS_LDADD"
+ AC_SUBST(THREADS_LDADD)
+ AC_SUBST(THREADS_LDFLAGS)
++AC_SUBST(LIBS_LDFLAGS)
+ 
+ AC_DEFINE_UNQUOTED(C_ICAP_CONFIGURE_OPTIONS, "$ac_configure_args",
+                    [configure command line used to configure c-icap])
+@@ -984,9 +991,6 @@ LIBS="$LIBS $EXTRALIBS"
+ 
+ #Configure common flags
+ MODULES_LIBADD=""
+-if test a"$iscygwin" != a; then
+-     MODULES_LIBADD="-L../../ -licapapi"
+-fi
+ MODULES_CFLAGS="$INVISIBILITY_CFLAG -DCI_BUILD_MODULE"
+ AC_SUBST(MODULES_LIBADD)
+ AC_SUBST(MODULES_CFLAGS)
+diff --git a/header.c b/header.c
+index 807a2e0..266b958 100644
+--- a/header.c
++++ b/header.c
+@@ -110,21 +110,6 @@ const struct ci_error_code ci_error_codes[] = {
+     {505, "Unsupported version"}       /*ICAP version not supported by server. */
+ };
+ 
+-/*
+-#ifdef __CYGWIN__
+-int ci_error_code(int ec){
+-     return (ec >= EC_100 && ec < EC_MAX ? ci_error_codes[ec].code:1000);
+-}
+-
+-const char *unknownerrorcode = "UNKNOWN ERROR CODE";
+-
+-const char *ci_error_code_string(int ec){
+-     return (ec >= EC_100 && ec < EC_MAX?ci_error_codes[ec].str:unknownerrorcode);
+-}
+-#endif
+-*/
+-
+-
+ const char *ci_encaps_entities[] = {
+     "req-hdr",
+     "res-hdr",
+@@ -134,25 +119,6 @@ const char *ci_encaps_entities[] = {
+     "opt-body"
+ };
+ 
+-#ifdef __CYGWIN__
+-
+-const char *unknownentity = "UNKNOWN";
+-const char *unknownmethod = "UNKNOWN";
+-
+-const char *ci_method_string(int method)
+-{
+-    return (method <= ICAP_RESPMOD
+-            && method >= ICAP_OPTIONS ? CI_Methods[method] : unknownmethod);
+-}
+-
+-
+-const char *ci_encaps_entity_string(int e)
+-{
+-    return (e <= ICAP_OPT_BODY
+-            && e >= ICAP_REQ_HDR ? CI_EncapsEntities[e] : unknownentity);
+-}
+-#endif
+-
+ ci_headers_list_t *ci_headers_create()
+ {
+     ci_headers_list_t *h;
+diff --git a/include/header.h b/include/header.h
+index 4cab365..ed2de88 100644
+--- a/include/header.h
++++ b/include/header.h
+@@ -52,16 +52,8 @@ enum ci_encapsulated_entities {ICAP_REQ_HDR, ICAP_RES_HDR,
+                               };
+ CI_DECLARE_DATA extern const char *ci_encaps_entities[];
+ 
+-#ifdef __CYGWIN__
+-
+-const char *ci_encaps_entity_string(int e);
+-
+-#else
+-
+ #define ci_encaps_entity_string(e) (e <= ICAP_OPT_BODY && e >= ICAP_REQ_HDR?ci_encaps_entities[e]:"UNKNOWN")
+ 
+-#endif
+-
+ /**
+  \typedef ci_headers_list_t
+  \ingroup HEADERS
+diff --git a/modules/Makefile.am b/modules/Makefile.am
+index e6e9270..2d43a60 100644
+--- a/modules/Makefile.am
++++ b/modules/Makefile.am
+@@ -21,38 +21,44 @@ endif
+ 
+ AM_CPPFLAGS=-I$(top_srcdir)/ -I$(top_srcdir)/include/ -I$(top_builddir)/include/
+ 
+-sys_logger_la_LIBADD = @MODULES_LIBADD@
++if ISCYGWIN
++MODS_LIB_ADD=$(top_builddir)/libicapapi.la
++else
++MODS_LIB_ADD=
++endif
++
++sys_logger_la_LIBADD = $(MODS_LIB_ADD)
+ sys_logger_la_CFLAGS=  @MODULES_CFLAGS@ @OPENSSL_ADD_FLAG@
+-sys_logger_la_LDFLAGS= -module -avoid-version
++sys_logger_la_LDFLAGS= -module -avoid-version @LIBS_LDFLAGS@
+ sys_logger_la_SOURCES = sys_logger.c
+ 
+-dnsbl_tables_la_LIBADD = @MODULES_LIBADD@
++dnsbl_tables_la_LIBADD = $(MODS_LIB_ADD)
+ dnsbl_tables_la_CFLAGS=  @MODULES_CFLAGS@ @OPENSSL_ADD_FLAG@
+-dnsbl_tables_la_LDFLAGS= -module -avoid-version
++dnsbl_tables_la_LDFLAGS= -module -avoid-version @LIBS_LDFLAGS@
+ dnsbl_tables_la_SOURCES = dnsbl_tables.c
+ 
+-perl_handler_la_LIBADD = @MODULES_LIBADD@ @perllib@  -L@perlcore@ -lperl
++perl_handler_la_LIBADD = $(MODS_LIB_ADD) @perllib@  -L@perlcore@ -lperl
+ perl_handler_la_CFLAGS=  @MODULES_CFLAGS@ @perlccflags@ -I@perlcore@
+-perl_handler_la_LDFLAGS= -module -avoid-version @perlldflags@
++perl_handler_la_LDFLAGS= -module -avoid-version @LIBS_LDFLAGS@ @perlldflags@
+ perl_handler_la_SOURCES = perl_handler.c
+ 
+ 
+-bdb_tables_la_LIBADD = @MODULES_LIBADD@ @BDB_ADD_LDADD@
++bdb_tables_la_LIBADD = $(MODS_LIB_ADD) @BDB_ADD_LDADD@
+ bdb_tables_la_CFLAGS=  @MODULES_CFLAGS@ @BDB_ADD_FLAG@
+-bdb_tables_la_LDFLAGS= -module -avoid-version
++bdb_tables_la_LDFLAGS= -module -avoid-version @LIBS_LDFLAGS@
+ bdb_tables_la_SOURCES = bdb_tables.c
+ 
+-ldap_module_la_LIBADD = @MODULES_LIBADD@ @LDAP_ADD_LDADD@ $(top_builddir)/libicapapi.la
++ldap_module_la_LIBADD = $(MODS_LIB_ADD) @LDAP_ADD_LDADD@
+ ldap_module_la_CFLAGS=  @MODULES_CFLAGS@ @LDAP_ADD_FLAG@
+-ldap_module_la_LDFLAGS= -module -avoid-version
++ldap_module_la_LDFLAGS= -module -avoid-version @LIBS_LDFLAGS@
+ ldap_module_la_SOURCES = ldap_module.c
+ 
+-memcached_cache_la_LIBADD=  @MODULES_LIBADD@ @MEMCACHED_ADD_LDADD@
++memcached_cache_la_LIBADD=  $(MODS_LIB_ADD) @MEMCACHED_ADD_LDADD@
+ memcached_cache_la_CFLAGS=  @MODULES_CFLAGS@ @MEMCACHED_ADD_FLAG@
+-memcached_cache_la_LDFLAGS= -module -avoid-version
++memcached_cache_la_LDFLAGS= -module -avoid-version @LIBS_LDFLAGS@
+ memcached_cache_la_SOURCES= memcached.c
+ 
+-shared_cache_la_LIBADD= @MODULES_LIBADD@
++shared_cache_la_LIBADD= $(MODS_LIB_ADD)
+ shared_cache_la_CFLAGS= @OPENSSL_ADD_FLAG@
+-shared_cache_la_LDFLAGS= -module -avoid-version
++shared_cache_la_LDFLAGS= -module -avoid-version @LIBS_LDFLAGS@
+ shared_cache_la_SOURCES= shared_cache.c
+diff --git a/modules/bdb_tables.c b/modules/bdb_tables.c
+index b8459be..1e908a9 100644
+--- a/modules/bdb_tables.c
++++ b/modules/bdb_tables.c
+@@ -176,8 +176,8 @@ void *bdb_table_open(struct ci_lookup_table *table)
+ 
+     /*We can not fork a Berkeley DB table, so we have to
+       open bdb tables for every child, on childs start-up procedure*/
+-    register_command_extend("openBDBtable", CHILD_START_CMD, table,
+-                            command_real_open_table);
++    ci_command_register_action("openBDBtable", CHILD_START_CMD, table,
++			       command_real_open_table);
+ 
+     return table->data;
+ }
+@@ -257,3 +257,16 @@ void  bdb_table_release_result(struct ci_lookup_table *table,void **val)
+ {
+     ci_buffer_free(val);
+ }
++
++ #ifdef __CYGWIN__
++#include <w32api/windows.h>
++void ci_command_register_action(const char *name, int type, void *data,
++				void (*command_action) (const char *name, int type, void *data))
++ {
++   typedef void (*RA)(const char *, int, void *, void(*)(const char *, int, void *));
++   RA fn;
++   fn = (RA)GetProcAddress(GetModuleHandle(NULL), "ci_command_register_action");
++   if (fn)
++     (*fn)(name, type, data, command_action);
++ }
++#endif
+diff --git a/modules/shared_cache.c b/modules/shared_cache.c
+index 103b760..a79d51a 100644
+--- a/modules/shared_cache.c
++++ b/modules/shared_cache.c
+@@ -345,3 +345,15 @@ void ci_shared_cache_destroy(struct ci_cache *cache)
+         ci_shared_mem_detach(&data->id);
+ }
+ 
++#ifdef __CYGWIN__
++#include <w32api/windows.h>
++void ci_command_register_action(const char *name, int type, void *data,
++				void (*command_action) (const char *name, int type, void *data))
++ {
++   typedef void (*RA)(const char *, int, void *, void(*)(const char *, int, void *));
++   RA fn;
++   fn = (RA)GetProcAddress(GetModuleHandle(NULL), "ci_command_register_action");
++   if (fn)
++     (*fn)(name, type, data, command_action);
++ }
++#endif
+diff --git a/modules/sys_logger.c b/modules/sys_logger.c
+index 1c47753..1764b0d 100644
+--- a/modules/sys_logger.c
++++ b/modules/sys_logger.c
+@@ -60,7 +60,20 @@ int cfg_syslog_access(const char *directive, const char **argv, void *setdata);
+    functions declared in log.c. This file is not included in c-icap library
+    but defined in primary c-icap binary.
+ */
++#ifdef __CYGWIN__
++#include <w32api/windows.h>
++char *logformat_fmt(const char *name)
++{
++  typedef char* (*LF_FMT)(const char *);
++  LF_FMT fn;
++  fn = (LF_FMT)GetProcAddress(GetModuleHandle(NULL), "logformat_fmt");
++  if (fn)
++    return (*fn)(name);
++  return NULL;
++}
++#else
+ extern char *logformat_fmt(const char *name);
++#endif
+ 
+ /*Configuration Table .....*/
+ static struct ci_conf_entry conf_variables[] = {
+diff --git a/services/echo/Makefile.am b/services/echo/Makefile.am
+index 402c8f9..7d701b1 100644
+--- a/services/echo/Makefile.am
++++ b/services/echo/Makefile.am
+@@ -3,9 +3,15 @@ pkglib_LTLIBRARIES=srv_echo.la
+ 
+ AM_CPPFLAGS=-I$(top_srcdir)/ -I$(top_srcdir)/include/ -I$(top_builddir)/include/
+ 
+-srv_echo_la_LIBADD = @MODULES_LIBADD@
++if ISCYGWIN
++MODS_LIB_ADD=$(top_builddir)/libicapapi.la
++else
++MODS_LIB_ADD=
++endif
++
++srv_echo_la_LIBADD = $(MODS_LIB_ADD)
+ srv_echo_la_CFLAGS=  @MODULES_CFLAGS@ @OPENSSL_ADD_FLAG@
+-srv_echo_la_LDFLAGS= -module -avoid-version
++srv_echo_la_LDFLAGS= -module -avoid-version @LIBS_LDFLAGS@
+ srv_echo_la_SOURCES = srv_echo.c
+ 
+ 
+diff --git a/services/ex-206/Makefile.am b/services/ex-206/Makefile.am
+index 44bbf21..ff73399 100644
+--- a/services/ex-206/Makefile.am
++++ b/services/ex-206/Makefile.am
+@@ -3,8 +3,14 @@ pkglib_LTLIBRARIES=srv_ex206.la
+ 
+ AM_CPPFLAGS=-I$(top_srcdir)/ -I$(top_srcdir)/include/ -I$(top_builddir)/include/
+ 
+-srv_ex206_la_LIBADD = @MODULES_LIBADD@
++if ISCYGWIN
++MODS_LIB_ADD=$(top_builddir)/libicapapi.la
++else
++MODS_LIB_ADD=
++endif
++
++srv_ex206_la_LIBADD = $(MODS_LIB_ADD)
+ srv_ex206_la_CFLAGS=  @MODULES_CFLAGS@ @OPENSSL_ADD_FLAG@
+-srv_ex206_la_LDFLAGS= -module -avoid-version
++srv_ex206_la_LDFLAGS= -module -avoid-version @LIBS_LDFLAGS@
+ srv_ex206_la_SOURCES = srv_ex206.c
+ 
+diff --git a/utils/c-icap-mkbdb.c b/utils/c-icap-mkbdb.c
+index c29a46f..326ee1c 100644
+--- a/utils/c-icap-mkbdb.c
++++ b/utils/c-icap-mkbdb.c
+@@ -23,7 +23,7 @@ char *dbfile = NULL;
+ int DUMP_MODE = 0;
+ int VERSION_MODE = 0;
+ int USE_DBTREE = 0;
+-long int PAGE_SIZE;
++long int DB_PAGE_SIZE;
+ 
+ ci_mem_allocator_t *allocator = NULL;
+ int cfg_set_type(const char *directive, const char **argv, void *setdata);
+@@ -52,7 +52,7 @@ static struct ci_options_entry options[] = {
+         "The type of values"
+     },
+     {
+-        "-p", "page_size", &PAGE_SIZE, ci_cfg_size_long,
++        "-p", "page_size", &DB_PAGE_SIZE, ci_cfg_size_long,
+         "The page size to use for the database"
+     },
+     {
+@@ -107,8 +107,8 @@ int open_db(char *path)
+         return 0;
+     }
+ 
+-    if (PAGE_SIZE > 512 && PAGE_SIZE <= 64*1024)
+-        db->set_pagesize(db, (uint32_t)PAGE_SIZE);
++    if (DB_PAGE_SIZE > 512 && DB_PAGE_SIZE <= 64*1024)
++        db->set_pagesize(db, (uint32_t)DB_PAGE_SIZE);
+ 
+     if ((ret = db->open(db, NULL, path, NULL,
+                         (USE_DBTREE ? DB_BTREE : DB_HASH),

package/cegui/cegui.mk

@@ -83,13 +83,6 @@ else
 CEGUI_CONF_OPTS += -DCEGUI_BUILD_XMLPARSER_TINYXML=OFF
 endif
 
-ifeq ($(BR2_PACKAGE_TINYXML2),y)
-CEGUI_DEPENDENCIES += tinyxml2
-CEGUI_CONF_OPTS += -DCEGUI_BUILD_XMLPARSER_TINYXML2=ON
-else
-CEGUI_CONF_OPTS += -DCEGUI_BUILD_XMLPARSER_TINYXML2=OFF
-endif
-
 ifeq ($(BR2_PACKAGE_LIBFREEIMAGE),y)
 CEGUI_DEPENDENCIES += libfreeimage
 CEGUI_CONF_OPTS += -DCEGUI_BUILD_IMAGECODEC_FREEIMAGE=ON

package/checkpolicy/0001-checkpolicy-remove-unused-te_assertions.patch

@@ -0,0 +1,45 @@
+From 4d330d0d3155211f119b3082f728ae42dcc01e96 Mon Sep 17 00:00:00 2001
+From: Ondrej Mosnacek <omosnace@redhat.com>
+Date: Thu, 23 Jan 2020 13:57:15 +0100
+Subject: [PATCH] checkpolicy: remove unused te_assertions
+
+This variable is declared in a header file, but never defined or used.
+The te_assert structure definition is only used in this declaration, so
+remove both.
+
+Upstream: https://github.com/SELinuxProject/selinux/commit/4d330d0d3155211f119b3082f728ae42dcc01e96#diff-daf264ea505347df0d59a3a97a07742e
+
+Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
+Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
+---
+ checkpolicy.h | 14 --------------
+ 1 file changed, 14 deletions(-)
+
+diff --git a/checkpolicy.h b/checkpolicy.h
+index 3868f1fa..f127687e 100644
+--- a/checkpolicy.h
++++ b/checkpolicy.h
+@@ -1,20 +1,6 @@
+ #ifndef _CHECKPOLICY_H_
+ #define _CHECKPOLICY_H_
+ 
+-#include <sepol/policydb/ebitmap.h>
+-
+-typedef struct te_assert {
+-	ebitmap_t stypes;
+-	ebitmap_t ttypes;
+-	ebitmap_t tclasses;
+-	int self;
+-	sepol_access_vector_t *avp;
+-	unsigned long line;
+-	struct te_assert *next;
+-} te_assert_t;
+-
+-te_assert_t *te_assertions;
+-
+ extern unsigned int policyvers;
+ 
+ #endif
+-- 
+2.17.1
+

package/clamav/clamav.hash

@@ -1,14 +1,14 @@
 # Locally calculated
-sha256 89fcdcc0eba329ca84d270df09d2bb89ae55f5024b0c3bddb817512fb2c907d3  clamav-0.102.2.tar.gz
-sha256 0c4fd2fa9733fc9122503797648710851e4ee6d9e4969dd33fcbd8c63cd2f584  COPYING
-sha256 d72a145c90918184a05ef65a04c9e6f7466faa59bc1b82c8f6a8ddc7ddcb9bed  COPYING.bzip2
-sha256 dfb818a0d41411c6fb1c193c68b73018ceadd1994bda41ad541cbff292894bc6  COPYING.file
-sha256 6dce638b76399e7521ad8e182d3e33e4496c85b3b69b6ff434b53017101e82ad  COPYING.getopt
-sha256 a9bdde5616ecdd1e980b44f360600ee8783b1f99b8cc83a2beb163a0a390e861  COPYING.LGPL
-sha256 e3a9b913515a42f8ff3ef1551c3a2cdba383c39ed959729e0e2911219496ad74  COPYING.llvm
-sha256 d96d71b66aa32c4a2d1619b9ca3347dafa9460bcf0fb5ac2408916067ad31dfc  COPYING.lzma
-sha256 accdcf2455c07b99abea59016b3663eaef926a92092d103bfaa25fed27cf6b24  COPYING.pcre
-sha256 e2c1395a3d9fea6d5d25847c9d783db6e2cc8b085b4025861f459139c5dfd90b  COPYING.regex
-sha256 1faccc6b5c7b958fb807a3f573d5be9bf7889fe898f7e0617c544b05a81bfd00  COPYING.unrar
-sha256 a20d6317c5384e8d4c05f9c31097878675d9429ec46090656166039cc10bc957  COPYING.YARA
-sha256 c2f77553f8d870c5635b0dace0519253233f172b33ce1fdf6578610706294eee  COPYING.zlib
+sha256  ed3050c4569989ee7ab54c7b87246b41ed808259632849be0706467442dc0693  clamav-0.102.3.tar.gz
+sha256  0c4fd2fa9733fc9122503797648710851e4ee6d9e4969dd33fcbd8c63cd2f584  COPYING
+sha256  d72a145c90918184a05ef65a04c9e6f7466faa59bc1b82c8f6a8ddc7ddcb9bed  COPYING.bzip2
+sha256  dfb818a0d41411c6fb1c193c68b73018ceadd1994bda41ad541cbff292894bc6  COPYING.file
+sha256  6dce638b76399e7521ad8e182d3e33e4496c85b3b69b6ff434b53017101e82ad  COPYING.getopt
+sha256  a9bdde5616ecdd1e980b44f360600ee8783b1f99b8cc83a2beb163a0a390e861  COPYING.LGPL
+sha256  e3a9b913515a42f8ff3ef1551c3a2cdba383c39ed959729e0e2911219496ad74  COPYING.llvm
+sha256  d96d71b66aa32c4a2d1619b9ca3347dafa9460bcf0fb5ac2408916067ad31dfc  COPYING.lzma
+sha256  accdcf2455c07b99abea59016b3663eaef926a92092d103bfaa25fed27cf6b24  COPYING.pcre
+sha256  e2c1395a3d9fea6d5d25847c9d783db6e2cc8b085b4025861f459139c5dfd90b  COPYING.regex
+sha256  1faccc6b5c7b958fb807a3f573d5be9bf7889fe898f7e0617c544b05a81bfd00  COPYING.unrar
+sha256  a20d6317c5384e8d4c05f9c31097878675d9429ec46090656166039cc10bc957  COPYING.YARA
+sha256  c2f77553f8d870c5635b0dace0519253233f172b33ce1fdf6578610706294eee  COPYING.zlib

package/clamav/clamav.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-CLAMAV_VERSION = 0.102.2
+CLAMAV_VERSION = 0.102.3
 CLAMAV_SITE = https://www.clamav.net/downloads/production
 CLAMAV_LICENSE = GPL-2.0
 CLAMAV_LICENSE_FILES = COPYING COPYING.bzip2 COPYING.file COPYING.getopt \

package/crda/0001-crda-support-python-3-in-utils-key2pub.py.patch

@@ -1,11 +1,11 @@
-From 4c346aa9e816bddfedc8ac99809fd1ed91bfc8ee Mon Sep 17 00:00:00 2001
+From 8228c484a1533ff904b276c342adcb6310abe272 Mon Sep 17 00:00:00 2001
 From: Taahir Ahmed <ahmed.taahir@gmail.com>
 Date: Wed, 30 Mar 2016 11:23:54 -0300
 Subject: [PATCH] crda: support python 3 in utils/key2pub.py
 
 utils/key2pub.py can now be run under either python 2.7 or python 3.x.
 This required some minor syntactical changes as well as switching from
-M2Crypto to pycrypto, since M2Crypto doesn't support python 3.x.
+M2Crypto to pycryptodomex, since M2Crypto doesn't support python 3.x.
 
 In addition, some errors in the generated source file keys-ssl.h are
 fixed:
@@ -17,12 +17,22 @@ fixed:
 
 [Gustavo: don't call /utils/key2pub.py since that doesn't compute]
 
+Use pycryptodomex insdead of pycrypto
+
+From [1]:
+"PyCryptodome is a fork of PyCrypto, which is not maintained any more
+(the last release dates back to 2013 [2]). It exposes almost the same
+API, but there are a few incompatibilities [3]."
+
+[1] https://github.com/OP-TEE/optee_os/commit/90ad2450436fdd9fc0d28a3f92f3fbcfd89a38f0
+[2] https://pypi.org/project/pycrypto/#history
+[3] https://pycryptodome.readthedocs.io/en/latest/src/vs_pycrypto.html
+
 Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
 [Rebased against crda-4.14]
 Signed-off-by: Peter Seiderer <ps.report@gmx.net>
----
-Status: submitted upstream by author but not (yet) accepted
-URL: http://www.spinics.net/lists/linux-wireless/msg138936.html
+[Romain: Use pycryptodomex]
+Signed-off-by: Romain Naour <romain.naour@gmail.com>
 ---
  Makefile         |   2 +-
  utils/key2pub.py | 146 ++++++++++++++++++++++++-----------------------
@@ -42,7 +52,7 @@ index a3ead30..8da38d0 100644
  $(LIBREG): regdb.h reglib.h reglib.c
  	$(NQ) '  CC  ' $@
 diff --git a/utils/key2pub.py b/utils/key2pub.py
-index 9bb04cd..9f92ebd 100755
+index 9bb04cd..8a0ba2a 100755
 --- a/utils/key2pub.py
 +++ b/utils/key2pub.py
 @@ -1,126 +1,128 @@
@@ -57,11 +67,11 @@ index 9bb04cd..9f92ebd 100755
 -       sys.stderr.write('Please install the "M2Crypto" Python module.\n')
 -       sys.stderr.write('On Debian GNU/Linux the package is called "python-m2crypto".\n')
 -       sys.exit(1)
-+    from Crypto.PublicKey import RSA
++    from Cryptodome.PublicKey import RSA
 +except ImportError as e:
-+    sys.stderr.write('ERROR: Failed to import the "Crypto.PublicKey" module: %s\n' % e.message)
-+    sys.stderr.write('Please install the "Crypto.PublicKey" Python module.\n')
-+    sys.stderr.write('On Debian GNU/Linux the package is called "python-crypto".\n')
++    sys.stderr.write('ERROR: Failed to import the "Cryptodome.PublicKey" module: %s\n' % e.message)
++    sys.stderr.write('Please install the "Cryptodome.PublicKey" Python module.\n')
++    sys.stderr.write('On Debian GNU/Linux the package is called "python-cryptodomex".\n')
 +    sys.exit(1)
 +
 +def bitwise_collect(value, radix_bits):
@@ -269,5 +279,5 @@ index 9bb04cd..9f92ebd 100755
  
  modes[mode][1](output, idx - 1)
 -- 
-2.18.0
+2.25.3
 

package/crda/crda.mk

@@ -6,7 +6,7 @@
 
 CRDA_VERSION = 4.14
 CRDA_SITE = https://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/crda.git/snapshot
-CRDA_DEPENDENCIES = host-pkgconf host-python-pycrypto libnl libgcrypt
+CRDA_DEPENDENCIES = host-pkgconf host-python-pycryptodomex libnl libgcrypt
 CRDA_LICENSE = ISC
 CRDA_LICENSE_FILES = LICENSE
 

package/cvs/cvs.hash

@@ -1,3 +1,8 @@
 # From http://snapshot.debian.org/archive/debian/20141023T043132Z/pool/main/c/cvs/cvs_1.12.13-12%2Bsqueeze1.dsc
-sha256	b5961c2476b996e5758fa5e22b60af085adca41164cac0d8f68a1d3b49d4e4f1	cvs_1.12.13.orig.tar.gz
-sha256	d52a9232d9cf36302a150d782fc7e5b6f92f8115505ae8a7dc6acfc83e809d2f	cvs_1.12.13-12+squeeze1.diff.gz
+sha256  b5961c2476b996e5758fa5e22b60af085adca41164cac0d8f68a1d3b49d4e4f1  cvs_1.12.13.orig.tar.gz
+sha256  d52a9232d9cf36302a150d782fc7e5b6f92f8115505ae8a7dc6acfc83e809d2f  cvs_1.12.13-12+squeeze1.diff.gz
+
+# Hash for license files, locally computed
+sha256  569c5b876327d899cf444b2277fe910128a38ca71d90755fe4125dd44f8ece02  COPYING
+sha256  da0e282103fb508894e78db519aab255e36971ce0bc87de585e3b05014b83b1e  COPYING.LIB
+sha256  ee9a2fbdb626c0ac57fd8e569f357eb2e6d6c80cc6f41efa8bd126d5ea589d72  lib/glob-libc.h

package/cvs/cvs.mk

@@ -8,6 +8,8 @@ CVS_VERSION = 1.12.13
 CVS_SOURCE = cvs_$(CVS_VERSION).orig.tar.gz
 CVS_PATCH = cvs_$(CVS_VERSION)-12+squeeze1.diff.gz
 CVS_SITE = http://snapshot.debian.org/archive/debian/20141023T043132Z/pool/main/c/cvs
+CVS_LICENSE = GPL-1.0+, LGPL-2.0+, LGPL-2.1+ (glob)
+CVS_LICENSE_FILES = COPYING COPYING.LIB lib/glob-libc.h
 CVS_DEPENDENCIES = ncurses
 
 CVS_CONF_ENV = cvs_cv_func_printf_ptr=yes

package/docker-cli/docker-cli.hash

@@ -1,3 +1,3 @@
 # Locally calculated
-sha256	00d06baf4793794c0fd9ecad5b7e95aed6eb942f24c8b6e2d7c7f7564b9743ad  docker-cli-19.03.5.tar.gz
+sha256	36dd85273c95f4755e08b37ea9660a1bf5c315570b679a0ce268750ca1ed3801  docker-cli-19.03.8.tar.gz
 sha256	2d81ea060825006fc8f3fe28aa5dc0ffeb80faf325b612c955229157b8c10dc0  LICENSE

package/docker-cli/docker-cli.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DOCKER_CLI_VERSION = 19.03.5
+DOCKER_CLI_VERSION = 19.03.8
 DOCKER_CLI_SITE = $(call github,docker,cli,v$(DOCKER_CLI_VERSION))
 DOCKER_CLI_WORKSPACE = gopath
 

package/docker-engine/docker-engine.hash

@@ -1,3 +1,3 @@
 # Locally calculated
-sha256	6621da5b75cecd1f6f57389a4611d3dd00eeedd8765db63ae5538122fdac27da  docker-engine-19.03.7.tar.gz
+sha256	13ec45ad45091111bd566aca9d81989b3f05e0625dab68d33c3ad81ff924172f  docker-engine-19.03.8.tar.gz
 sha256	7c87873291f289713ac5df48b1f2010eb6963752bbd6b530416ab99fc37914a8  LICENSE

package/docker-engine/docker-engine.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DOCKER_ENGINE_VERSION = 19.03.7
+DOCKER_ENGINE_VERSION = 19.03.8
 DOCKER_ENGINE_SITE = $(call github,docker,engine,v$(DOCKER_ENGINE_VERSION))
 
 DOCKER_ENGINE_LICENSE = Apache-2.0

package/domoticz/domoticz.mk

@@ -38,6 +38,9 @@ DOMOTICZ_CONF_OPTS += \
 
 ifeq ($(BR2_PACKAGE_LIBUSB),y)
 DOMOTICZ_DEPENDENCIES += libusb
+DOMOTICZ_CONF_OPTS += -DWITH_LIBUSB=ON
+else
+DOMOTICZ_CONF_OPTS += -DWITH_LIBUSB=OFF
 endif
 
 ifeq ($(BR2_PACKAGE_OPENZWAVE),y)

package/elf2flt/0002-elf2flt.c-add-new-relocation-types-for-xtensa.patch

@@ -0,0 +1,188 @@
+From d7eb73163bcea31168c438fc132a0967ac172e3d Mon Sep 17 00:00:00 2001
+From: Max Filippov <jcmvbkbc@gmail.com>
+Date: Thu, 7 May 2020 21:11:43 -0700
+Subject: [PATCH] elf2flt.c: add new relocation types for xtensa
+
+Xtensa have added new relocation types R_XTENSA_[NP]DIFF{8,16,32} with
+the same properties as the existing types R_XTENSA_DIFF{8,16,32}.
+Add them to the list of ignored relocation types.
+
+This fixes the following error when invoking elf2flt on xtensa binaries
+built with the recent binutils:
+
+  ERROR: reloc type R_XTENSA_PDIFF32 unsupported in this context
+
+Reported-by: Romain Naour <romain.naour@gmail.com>
+Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
+Backported from: d7eb73163bcea31168c438fc132a0967ac172e3d
+---
+ Makefile.in  |  3 ++-
+ configure    | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++
+ configure.ac | 14 ++++++++++++
+ elf2flt.c    |  8 +++++++
+ 4 files changed, 88 insertions(+), 1 deletion(-)
+
+diff --git a/Makefile.in b/Makefile.in
+index 52b3347d7f43..0529c7f0a25a 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -30,7 +30,8 @@ DEFS = @DEFS@ \
+ 	-DNO_GOT_CHECK=@got_check@ \
+ 	-DUSE_EMIT_RELOCS=@emit_relocs@ \
+ 	-DEMIT_CTOR_DTOR=@emit_ctor_dtor@ \
+-	-DALWAYS_RELOC_TEXT=@always_reloc_text@
++	-DALWAYS_RELOC_TEXT=@always_reloc_text@ \
++	-DHAVE_BFD_XTENSA_PDIFF_RELOCS=@HAVE_BFD_XTENSA_PDIFF_RELOCS@
+ EXEEXT = @EXEEXT@
+ OBJEXT = @OBJEXT@
+ 
+diff --git a/configure b/configure
+index bb8e33f9cb28..bca38c34247e 100755
+--- a/configure
++++ b/configure
+@@ -621,6 +621,7 @@ ac_includes_default="\
+ 
+ ac_subst_vars='LTLIBOBJS
+ LIBOBJS
++HAVE_BFD_XTENSA_PDIFF_RELOCS
+ SYMBOL_PREFIX
+ always_reloc_text
+ emit_ctor_dtor
+@@ -1729,6 +1730,52 @@ fi
+ 
+ } # ac_fn_c_try_link
+ 
++# ac_fn_c_check_decl LINENO SYMBOL VAR INCLUDES
++# ---------------------------------------------
++# Tests whether SYMBOL is declared in INCLUDES, setting cache variable VAR
++# accordingly.
++ac_fn_c_check_decl ()
++{
++  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
++  as_decl_name=`echo $2|sed 's/ *(.*//'`
++  as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'`
++  { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $as_decl_name is declared" >&5
++$as_echo_n "checking whether $as_decl_name is declared... " >&6; }
++if eval \${$3+:} false; then :
++  $as_echo_n "(cached) " >&6
++else
++  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
++/* end confdefs.h.  */
++$4
++int
++main ()
++{
++#ifndef $as_decl_name
++#ifdef __cplusplus
++  (void) $as_decl_use;
++#else
++  (void) $as_decl_name;
++#endif
++#endif
++
++  ;
++  return 0;
++}
++_ACEOF
++if ac_fn_c_try_compile "$LINENO"; then :
++  eval "$3=yes"
++else
++  eval "$3=no"
++fi
++rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
++fi
++eval ac_res=\$$3
++	       { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
++$as_echo "$ac_res" >&6; }
++  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
++
++} # ac_fn_c_check_decl
++
+ # ac_fn_c_check_func LINENO FUNC VAR
+ # ----------------------------------
+ # Tests whether FUNC exists, setting the cache variable VAR accordingly
+@@ -4272,6 +4319,22 @@ $as_echo "#define const /**/" >>confdefs.h
+ fi
+ 
+ 
++HAVE_BFD_XTENSA_PDIFF_RELOCS=0
++case $target in
++	xtensa*)
++		OLD_CPPFLAGS=$CPPFLAGS
++		CPPFLAGS="-I$bfd_include_dir -I$binutils_include_dir $CPPFLAGS"
++		ac_fn_c_check_decl "$LINENO" "R_XTENSA_PDIFF8" "ac_cv_have_decl_R_XTENSA_PDIFF8" "#include \"bfd.h\"
++			       #include \"elf/xtensa.h\"
++"
++if test "x$ac_cv_have_decl_R_XTENSA_PDIFF8" = xyes; then :
++  HAVE_BFD_XTENSA_PDIFF_RELOCS=1
++fi
++
++		CPPFLAGS=$OLD_CPPFLAGS
++		;;
++esac
++
+ for ac_func in vprintf
+ do :
+   ac_fn_c_check_func "$LINENO" "vprintf" "ac_cv_func_vprintf"
+@@ -4333,6 +4396,7 @@ fi
+ 
+ 
+ 
++
+ ac_config_files="$ac_config_files ld-elf2flt.sh:ld-elf2flt.in Makefile elf2flt.ld"
+ 
+ cat >confcache <<\_ACEOF
+diff --git a/configure.ac b/configure.ac
+index d6b4119eb18a..19969b1045f6 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -202,6 +202,19 @@ AC_CHECK_HEADERS(fcntl.h unistd.h bfd.h)
+ dnl Checks for typedefs, structures, and compiler characteristics.
+ AC_C_CONST
+ 
++HAVE_BFD_XTENSA_PDIFF_RELOCS=0
++case $target in
++	xtensa*)
++		AS_VAR_COPY([OLD_CPPFLAGS], [CPPFLAGS])
++		AS_VAR_SET([CPPFLAGS], ["-I$bfd_include_dir -I$binutils_include_dir $CPPFLAGS"])
++		AC_CHECK_DECL([R_XTENSA_PDIFF8],
++			      [HAVE_BFD_XTENSA_PDIFF_RELOCS=1],,
++			      [#include "bfd.h"
++			       #include "elf/xtensa.h"])
++		AS_VAR_COPY([CPPFLAGS], [OLD_CPPFLAGS])
++		;;
++esac
++
+ dnl Checks for library functions.
+ AC_FUNC_VPRINTF
+ 
+@@ -235,6 +248,7 @@ AC_SUBST(emit_relocs)
+ AC_SUBST(emit_ctor_dtor)
+ AC_SUBST(always_reloc_text)
+ AC_SUBST(SYMBOL_PREFIX)
++AC_SUBST(HAVE_BFD_XTENSA_PDIFF_RELOCS)
+ 
+ AC_OUTPUT(ld-elf2flt.sh:ld-elf2flt.in Makefile elf2flt.ld)
+ 
+diff --git a/elf2flt.c b/elf2flt.c
+index b7c4a490df02..961534973f56 100644
+--- a/elf2flt.c
++++ b/elf2flt.c
+@@ -776,6 +776,14 @@ output_relocs (
+ 				case R_XTENSA_DIFF8:
+ 				case R_XTENSA_DIFF16:
+ 				case R_XTENSA_DIFF32:
++#if HAVE_BFD_XTENSA_PDIFF_RELOCS
++				case R_XTENSA_PDIFF8:
++				case R_XTENSA_PDIFF16:
++				case R_XTENSA_PDIFF32:
++				case R_XTENSA_NDIFF8:
++				case R_XTENSA_NDIFF16:
++				case R_XTENSA_NDIFF32:
++#endif
+ 				case R_XTENSA_32_PCREL:
+ 					continue;
+ 				case R_XTENSA_32:
+-- 
+2.20.1
+

package/exfatprogs/0001-exfatprogs-add-missing-include-sys-types.h.patch

@@ -1,49 +0,0 @@
-From c00522e0a890265d18dcdc92738e524d48297ed5 Mon Sep 17 00:00:00 2001
-From: James Hilliard <james.hilliard1@gmail.com>
-Date: Fri, 17 Apr 2020 13:10:49 -0600
-Subject: [PATCH] exfatprogs: add missing #include <sys/types.h>
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Fixes:
-../include/libexfat.h:72:1: error: unknown type name ‘ssize_t’
- ssize_t exfat_read(int fd, void *buf, size_t size, off_t offset);
- ^
-../include/libexfat.h:72:52: error: unknown type name ‘off_t’
- ssize_t exfat_read(int fd, void *buf, size_t size, off_t offset);
-                                                    ^
-../include/libexfat.h:73:1: error: unknown type name ‘ssize_t’
- ssize_t exfat_write(int fd, void *buf, size_t size, off_t offset);
- ^
-../include/libexfat.h:73:53: error: unknown type name ‘off_t’
- ssize_t exfat_write(int fd, void *buf, size_t size, off_t offset);
-                                                     ^
-../include/libexfat.h:75:1: error: unknown type name ‘ssize_t’
- ssize_t exfat_utf16_enc(const char *in_str, __u16 *out_str, size_t out_size);
- ^
-../include/libexfat.h:76:1: error: unknown type name ‘ssize_t’
- ssize_t exfat_utf16_dec(const __u16 *in_str, size_t in_len,
- ^
-
-Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
-[Upstream status: https://github.com/exfatprogs/exfatprogs/pull/50]
----
- include/libexfat.h | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/include/libexfat.h b/include/libexfat.h
-index ed1fb4c..36c8bdd 100644
---- a/include/libexfat.h
-+++ b/include/libexfat.h
-@@ -6,6 +6,7 @@
- #ifndef _LIBEXFAT_H
- 
- #include <stdbool.h>
-+#include <sys/types.h>
- #include <wchar.h>
- 
- #define KB			(1024)
--- 
-2.20.1
-

package/exfatprogs/exfatprogs.hash

@@ -1,3 +1,3 @@
 # Locally calculated
-sha256  e7f14f32dd67601ff42717f432093a400de878774796f6f1684fb9dbf0d499e1  exfatprogs-1.0.2.tar.gz
+sha256  e73863d2f27901834e0dae678ecbb3d899e206d6036cca27d9b24b9479487f65  exfatprogs-1.0.3.tar.gz
 sha256  576540abf5e95029ad4ad90e32071385a5e95b2c30708c706116f3eb87b9a3de  COPYING

package/exfatprogs/exfatprogs.mk

@@ -4,11 +4,10 @@
 #
 ################################################################################
 
-EXFATPROGS_VERSION = 1.0.2
-EXFATPROGS_SITE = $(call github,exfatprogs,exfatprogs,$(EXFATPROGS_VERSION))
+EXFATPROGS_VERSION = 1.0.3
+EXFATPROGS_SITE = https://github.com/exfatprogs/exfatprogs/releases/download/$(EXFATPROGS_VERSION)
 EXFATPROGS_LICENSE = GPL-2.0+
 EXFATPROGS_LICENSE_FILES = COPYING
-EXFATPROGS_AUTORECONF = YES
 EXFATPROGS_DEPENDENCIES = host-pkgconf
 HOST_EXFATPROGS_DEPENDENCIES = host-pkgconf
 

package/ezxml/0001-allow-compiler-override.patch

@@ -1,17 +0,0 @@
-diff -urpN ezxml/GNUmakefile ezxml.patched/GNUmakefile
---- ezxml/GNUmakefile	2006-03-25 18:44:04.000000000 +0100
-+++ ezxml.patched/GNUmakefile	2008-02-24 13:57:37.000000000 +0100
-@@ -21,10 +21,10 @@
- # TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
- # SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- 
--CC = gcc
--AR = ar
-+CC ?= gcc
-+AR ?= ar
- RM = rm -f
--CFLAGS = -Wall -O2
-+CFLAGS ?= -Wall -O2
- DEBUG_CFLAGS = -O0 -g
- OBJS = ezxml.o
- LIB = libezxml.a

package/ezxml/Config.in

@@ -1,7 +0,0 @@
-config BR2_PACKAGE_EZXML
-	bool "ezxml"
-	help
-	  ezXML is a XML parser C library that is simple and easy to
-	  use.
-
-	  http://ezxml.sf.net

package/ezxml/ezxml.hash

@@ -1,3 +0,0 @@
-# Locally computed:
-sha256  a68d52257dcb0ff2ad3d71c8c64311edb8030254bb8b581e229aeaba6231cdf9  ezxml-0.8.6.tar.gz
-sha256  e82e49402f6b21176c65eead46dbd39d8f7a3c28b052589d8b307dfc8f78a03f  license.txt

package/ezxml/ezxml.mk

@@ -1,35 +0,0 @@
-################################################################################
-#
-# ezxml
-#
-################################################################################
-
-EZXML_VERSION = 0.8.6
-EZXML_SITE = http://downloads.sourceforge.net/project/ezxml/ezXML/ezXML%20$(EZXML_VERSION)
-EZXML_INSTALL_STAGING = YES
-EZXML_LICENSE = MIT
-EZXML_LICENSE_FILES = license.txt
-
-EZXML_CFLAGS = $(TARGET_CFLAGS)
-
-# mmap code uses madvise which isn't available on nommu uClibc
-ifeq ($(BR2_USE_MMU),)
-EZXML_CFLAGS += -D EZXML_NOMMAP
-endif
-
-define EZXML_BUILD_CMDS
-	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) -f GNUmakefile \
-		CC="$(TARGET_CC)" CFLAGS="$(EZXML_CFLAGS)" AR=$(TARGET_AR)
-endef
-
-define EZXML_INSTALL_STAGING_CMDS
-	$(INSTALL) -D -m 0644 $(@D)/ezxml.h $(STAGING_DIR)/usr/include/ezxml.h
-	$(INSTALL) -D -m 0644 $(@D)/libezxml.a $(STAGING_DIR)/usr/lib/libezxml.a
-endef
-
-define EZXML_INSTALL_TARGET_CMDS
-	$(INSTALL) -D -m 0644 $(@D)/ezxml.h $(TARGET_DIR)/usr/include/ezxml.h
-	$(INSTALL) -D -m 0644 $(@D)/libezxml.a $(TARGET_DIR)/usr/lib/libezxml.a
-endef
-
-$(eval $(generic-package))

package/fakeroot/0004-Fix-forwarding-fchownat-fchmod-flags.patch

@@ -0,0 +1,28 @@
+Forward supported flags to fstatat, this fixes issues like
+using an empty path
+
+Upstream BR: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959876
+
+Signed-off-by: Norbert Lange <nolange79@gmail.com>
+
+diff -burN fakeroot-1.20.2.org/libfakeroot.c fakeroot-1.20.2/libfakeroot.c
+--- fakeroot-1.20.2.org/libfakeroot.c	2014-10-05 17:16:00.000000000 +0200
++++ fakeroot-1.20.2/libfakeroot.c	2020-05-10 22:24:18.896625085 +0200
+@@ -880,7 +880,7 @@
+   /* If AT_SYMLINK_NOFOLLOW is set in the fchownat call it should
+      be when we stat it. */
+   INT_STRUCT_STAT st;
+-  r=INT_NEXT_FSTATAT(dir_fd, path, &st, (flags & AT_SYMLINK_NOFOLLOW));
++  r=INT_NEXT_FSTATAT(dir_fd, path, &st, (flags & (AT_SYMLINK_NOFOLLOW | AT_EMPTY_PATH | AT_NO_AUTOMOUNT)));
+
+   if(r)
+     return(r);
+@@ -1017,7 +1017,7 @@
+
+   /* If AT_SYMLINK_NOFOLLOW is set in the fchownat call it should
+      be when we stat it. */
+-  r=INT_NEXT_FSTATAT(dir_fd, path, &st, flags & AT_SYMLINK_NOFOLLOW);
++  r=INT_NEXT_FSTATAT(dir_fd, path, &st, flags & (AT_SYMLINK_NOFOLLOW | AT_EMPTY_PATH | AT_NO_AUTOMOUNT));
+
+   if(r)
+     return(r);

package/ffmpeg/0001-avcodec-cbs_jpeg-Check-length-for-SOS.patch

@@ -0,0 +1,33 @@
+From 1812352d767ccf5431aa440123e2e260a4db2726 Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Sat, 7 Mar 2020 15:42:58 +0100
+Subject: [PATCH] avcodec/cbs_jpeg: Check length for SOS
+
+Fixes: out of array access
+Fixes: 19734/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5673507031875584
+Fixes: 19353/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5703944462663680
+
+Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Retrieved from:
+https://github.com/FFmpeg/FFmpeg/commit/1812352d767ccf5431aa440123e2e260a4db2726]
+---
+ libavcodec/cbs_jpeg.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/libavcodec/cbs_jpeg.c b/libavcodec/cbs_jpeg.c
+index 6bbce5f89b7..89512a26bbf 100644
+--- a/libavcodec/cbs_jpeg.c
++++ b/libavcodec/cbs_jpeg.c
+@@ -197,6 +197,9 @@ static int cbs_jpeg_split_fragment(CodedBitstreamContext *ctx,
+         if (marker == JPEG_MARKER_SOS) {
+             length = AV_RB16(frag->data + start);
+ 
++            if (length > end - start)
++                return AVERROR_INVALIDDATA;
++
+             data_ref = NULL;
+             data     = av_malloc(end - start +
+                                  AV_INPUT_BUFFER_PADDING_SIZE);

package/ffmpeg/ffmpeg.mk

@@ -16,6 +16,9 @@ FFMPEG_LICENSE += and GPL-2.0+
 FFMPEG_LICENSE_FILES += COPYING.GPLv2
 endif
 
+# 0001-avcodec-cbs_jpeg-Check-length-for-SOS.patch
+FFMPEG_IGNORE_CVES += CVE-2020-12284
+
 FFMPEG_CONF_OPTS = \
 	--prefix=/usr \
 	--enable-avfilter \

package/freerdp/0001-src-libuwac-uwac-os.c-fix-build-with-uclibc.patch

@@ -1,44 +0,0 @@
-From 39292268308a3fd6233c2863df22232725d22b3a Mon Sep 17 00:00:00 2001
-From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-Date: Fri, 10 Apr 2020 08:49:22 +0200
-Subject: [PATCH] src/libuwac/uwac-os.c: fix build with uclibc
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-O_TMPFILE is used since version 2.0.0 and
-https://github.com/FreeRDP/FreeRDP/commit/52ef8079eae74dfe89e6779c873101843b8cc42b
-
-However, this will result in the following build failure on uclibc or
-uclibc-ng:
-
-/home/fabrice/buildroot/output/build/freerdp-2.0.0/uwac/libuwac/uwac-os.c:228:18: error: ‘O_TMPFILE’ undeclared (first use in this function); did you mean ‘EMFILE’?
-  fd = open(path, O_TMPFILE | O_RDWR | O_EXCL, 0600);
-                  ^~~~~~~~~
-                  EMFILE
-
-To fix this build failure, define O_TMPFILE if needed
-
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-[Retrieved from:
-https://github.com/FreeRDP/FreeRDP/commit/39292268308a3fd6233c2863df22232725d22b3a]
----
- uwac/libuwac/uwac-os.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/uwac/libuwac/uwac-os.c b/uwac/libuwac/uwac-os.c
-index 799cdce9a5..4f8c8f5161 100644
---- a/uwac/libuwac/uwac-os.c
-+++ b/uwac/libuwac/uwac-os.c
-@@ -33,6 +33,11 @@
- #define USE_SHM
- #endif
- 
-+/* uClibc and uClibc-ng don't provide O_TMPFILE */
-+#ifndef O_TMPFILE
-+#define O_TMPFILE (020000000 | O_DIRECTORY)
-+#endif
-+
- #include <sys/types.h>
- #include <sys/socket.h>
- #ifdef USE_SHM

package/freerdp/freerdp.hash

@@ -1,5 +1,5 @@
-# From https://pub.freerdp.com/releases/freerdp-2.0.0.tar.gz.sha256
-sha256  4ee064e87486cb6fea85d5b6b606add9f02df25ce73f9818b49de75cebd7fedf  freerdp-2.0.0.tar.gz
+# From https://pub.freerdp.com/releases/freerdp-2.1.1.tar.gz.sha256
+sha256  6c6bf72fba1058ca6524c040d0825e4cdaa88682884a6c1c360e1cd5b8e21723  freerdp-2.1.1.tar.gz
 
 # Locally calculated
 sha256  cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30  LICENSE

package/freerdp/freerdp.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-FREERDP_VERSION = 2.0.0
+FREERDP_VERSION = 2.1.1
 FREERDP_SITE = https://pub.freerdp.com/releases
 FREERDP_DEPENDENCIES = libglib2 openssl zlib
 FREERDP_LICENSE = Apache-2.0

package/gcc/gcc.mk

@@ -32,14 +32,6 @@ endef
 # Apply patches
 #
 
-ifeq ($(ARCH),powerpc)
-ifneq ($(BR2_SOFT_FLOAT),)
-define HOST_GCC_APPLY_POWERPC_PATCH
-	$(APPLY_PATCHES) $(@D) package/gcc/$(GCC_VERSION) 1000-powerpc-link-with-math-lib.patch.conditional
-endef
-endif
-endif
-
 # gcc is a special package, not named gcc, but gcc-initial and
 # gcc-final, but patches are nonetheless stored in package/gcc in the
 # tree, and potentially in BR2_GLOBAL_PATCH_DIR directories as well.

package/glibc/2.30-67-g4748829f86a458b76642f3e98b1d80f7b868e427/glibc.hash

@@ -1,5 +1,5 @@
 # Locally calculated (fetched from Github)
-sha256  fe1ca8099bc2cda997d8a585f1a512e59df56c52c9c7363a4058da2725c8f4a9  glibc-2.30-20-g50f20fe506abb8853641006a7b90a81af21d7b91.tar.gz
+sha256  4462f56696332efbc5b0c2f86d7aa75a2a02c3d44bc4345fa42b5bab1225de5c  glibc-2.30-67-g4748829f86a458b76642f3e98b1d80f7b868e427.tar.gz
 
 # Hashes for license files
 sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING

package/glibc/glibc.mk

@@ -17,7 +17,7 @@ else
 # Generate version string using:
 #   git describe --match 'glibc-*' --abbrev=40 origin/release/MAJOR.MINOR/master | cut -d '-' -f 2-
 # When updating the version, please also update localedef
-GLIBC_VERSION = 2.30-20-g50f20fe506abb8853641006a7b90a81af21d7b91
+GLIBC_VERSION = 2.30-67-g4748829f86a458b76642f3e98b1d80f7b868e427
 # Upstream doesn't officially provide an https download link.
 # There is one (https://sourceware.org/git/glibc.git) but it's not reliable,
 # sometimes the connection times out. So use an unofficial github mirror.

package/irrlicht/irrlicht.mk

@@ -38,6 +38,13 @@ ifeq ($(BR2_STATIC_LIBS),)
 IRRLICHT_CONF_OPTS += sharedlib
 endif
 
+# Irrlicht fail to detect properly the NEON support on aarch64 or ARM with NEON FPU support.
+# While linking an application with libIrrlicht.so, we get an undefined reference to
+# png_init_filter_functions_neon.
+# Some files are missing in the libpng bundled in Irrlicht, in particular arm/arm_init.c,
+# so disable NEON support completely.
+IRRLICHT_CONF_OPTS += CPPFLAGS="$(TARGET_CPPFLAGS) -DPNG_ARM_NEON_OPT=0"
+
 define IRRLICHT_BUILD_CMDS
 	$(TARGET_MAKE_ENV)
 		$(MAKE) -C $(@D)/$(IRRLICHT_SUBDIR) $(IRRLICHT_CONF_OPTS)

package/kmod/kmod.mk

@@ -42,6 +42,13 @@ KMOD_DEPENDENCIES += xz
 KMOD_CONF_OPTS += --with-xz
 endif
 
+ifeq ($(BR2_PACKAGE_OPENSSL),y)
+KMOD_DEPENDENCIES += openssl
+KMOD_CONF_OPTS += --with-openssl
+else
+KMOD_CONF_OPTS += --without-openssl
+endif
+
 ifeq ($(BR2_PACKAGE_PYTHON)$(BR2_PACKAGE_PYTHON3),y)
 KMOD_DEPENDENCIES += $(if $(BR2_PACKAGE_PYTHON),python,python3)
 KMOD_CONF_OPTS += --enable-python

package/libexif/0001-fixes-some-not-all-buffer-overreads-during-decoding-.patch

@@ -1,65 +0,0 @@
-From 41bd04234b104312f54d25822f68738ba8d7133d Mon Sep 17 00:00:00 2001
-From: Marcus Meissner <marcus@jet.franken.de>
-Date: Tue, 25 Jul 2017 23:44:44 +0200
-Subject: [PATCH] fixes some (not all) buffer overreads during decoding pentax
- makernote entries.
-
-This should fix:
-https://sourceforge.net/p/libexif/bugs/125/ CVE-2016-6328
-
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
----
- libexif/pentax/mnote-pentax-entry.c | 16 +++++++++++++---
- 1 file changed, 13 insertions(+), 3 deletions(-)
-
-diff --git a/libexif/pentax/mnote-pentax-entry.c b/libexif/pentax/mnote-pentax-entry.c
-index d03d159..ea0429a 100644
---- a/libexif/pentax/mnote-pentax-entry.c
-+++ b/libexif/pentax/mnote-pentax-entry.c
-@@ -425,24 +425,34 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry,
- 		case EXIF_FORMAT_SHORT:
- 		  {
- 			const unsigned char *data = entry->data;
--		  	size_t k, len = strlen(val);
-+		  	size_t k, len = strlen(val), sizeleft;
-+
-+			sizeleft = entry->size;
- 		  	for(k=0; k<entry->components; k++) {
-+				if (sizeleft < 2)
-+					break;
- 				vs = exif_get_short (data, entry->order);
- 				snprintf (val+len, maxlen-len, "%i ", vs);
- 				len = strlen(val);
- 				data += 2;
-+				sizeleft -= 2;
- 			}
- 		  }
- 		  break;
- 		case EXIF_FORMAT_LONG:
- 		  {
- 			const unsigned char *data = entry->data;
--		  	size_t k, len = strlen(val);
-+		  	size_t k, len = strlen(val), sizeleft;
-+
-+			sizeleft = entry->size;
- 		  	for(k=0; k<entry->components; k++) {
-+				if (sizeleft < 4)
-+					break;
- 				vl = exif_get_long (data, entry->order);
- 				snprintf (val+len, maxlen-len, "%li", (long int) vl);
- 				len = strlen(val);
- 				data += 4;
-+				sizeleft -= 4;
- 			}
- 		  }
- 		  break;
-@@ -455,5 +465,5 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry,
- 		break;
- 	}
- 
--	return (val);
-+	return val;
- }
--- 
-2.20.1
-

package/libexif/0002-On-saving-makernotes-make-sure-the-makernote-contain.patch

@@ -1,41 +0,0 @@
-From c39acd1692023b26290778a02a9232c873f9d71a Mon Sep 17 00:00:00 2001
-From: Marcus Meissner <marcus@jet.franken.de>
-Date: Tue, 25 Jul 2017 23:38:56 +0200
-Subject: [PATCH] On saving makernotes, make sure the makernote container tags
- has a type with 1 byte components.
-
-Fixes (at least):
-	https://sourceforge.net/p/libexif/bugs/130
-	https://sourceforge.net/p/libexif/bugs/129
-
-CVE-2017-7544: libexif through 0.6.21 is vulnerable to out-of-bounds heap
-read vulnerability in exif_data_save_data_entry function in
-libexif/exif-data.c caused by improper length computation of the allocated
-data of an ExifMnote entry which can cause denial-of-service or possibly
-information disclosure.
-
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
----
- libexif/exif-data.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/libexif/exif-data.c b/libexif/exif-data.c
-index 67df4db..91f4c33 100644
---- a/libexif/exif-data.c
-+++ b/libexif/exif-data.c
-@@ -255,6 +255,12 @@ exif_data_save_data_entry (ExifData *data, ExifEntry *e,
- 			exif_mnote_data_set_offset (data->priv->md, *ds - 6);
- 			exif_mnote_data_save (data->priv->md, &e->data, &e->size);
- 			e->components = e->size;
-+			if (exif_format_get_size (e->format) != 1) {
-+				/* e->format is taken from input code,
-+				 * but we need to make sure it is a 1 byte
-+				 * entity due to the multiplication below. */
-+				e->format = EXIF_FORMAT_UNDEFINED;
-+			}
- 		}
- 	}
- 
--- 
-2.20.1
-

package/libexif/0003-Reduce-maximum-recursion-depth-in-exif_data_load_dat.patch

@@ -1,30 +0,0 @@
-From 5d28011c40ec86cf52cffad541093d37c263898a Mon Sep 17 00:00:00 2001
-From: Dan Fandrich <dan@coneharvesters.com>
-Date: Fri, 20 Apr 2018 18:05:19 +0200
-Subject: [PATCH] Reduce maximum recursion depth in exif_data_load_data_content
-
-This only needs to be a small, single digit integer for normal files,
-and reducing the maximum closer to this reduces the time and space
-needed to detect pathological cases.
-
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
----
- libexif/exif-data.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/libexif/exif-data.c b/libexif/exif-data.c
-index 91f4c33..04cdda2 100644
---- a/libexif/exif-data.c
-+++ b/libexif/exif-data.c
-@@ -378,7 +378,7 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd,
- 	if ((((int)ifd) < 0) || ( ((int)ifd) >= EXIF_IFD_COUNT))
- 	  return;
- 
--	if (recursion_depth > 30) {
-+	if (recursion_depth > 12) {
- 		exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData",
- 			  "Deep recursion detected!");
- 		return;
--- 
-2.20.1
-

package/libexif/0004-Improve-deep-recursion-detection-in-exif_data_load_d.patch

@@ -1,120 +0,0 @@
-From 6aa11df549114ebda520dde4cdaea2f9357b2c89 Mon Sep 17 00:00:00 2001
-From: Dan Fandrich <dan@coneharvesters.com>
-Date: Fri, 12 Oct 2018 16:01:45 +0200
-Subject: [PATCH] Improve deep recursion detection in
- exif_data_load_data_content.
-
-The existing detection was still vulnerable to pathological cases
-causing DoS by wasting CPU. The new algorithm takes the number of tags
-into account to make it harder to abuse by cases using shallow recursion
-but with a very large number of tags.  This improves on commit 5d28011c
-which wasn't sufficient to counter this kind of case.
-
-The limitation in the previous fix was discovered by Laurent Delosieres,
-Secunia Research at Flexera (Secunia Advisory SA84652) and is assigned
-the identifier CVE-2018-20030.
-
-[Peter: drop NEWS change]
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
----
- libexif/exif-data.c | 45 +++++++++++++++++++++++++++++++++++++--------
- 1 file changed, 37 insertions(+), 8 deletions(-)
-
-diff --git a/libexif/exif-data.c b/libexif/exif-data.c
-index e35403d..a6f9c94 100644
---- a/libexif/exif-data.c
-+++ b/libexif/exif-data.c
-@@ -35,6 +35,7 @@
- #include <libexif/olympus/exif-mnote-data-olympus.h>
- #include <libexif/pentax/exif-mnote-data-pentax.h>
- 
-+#include <math.h>
- #include <stdlib.h>
- #include <stdio.h>
- #include <string.h>
-@@ -350,6 +351,20 @@ if (data->ifd[(i)]->count) {				\
- 	break;						\
- }
- 
-+/*! Calculate the recursion cost added by one level of IFD loading.
-+ *
-+ * The work performed is related to the cost in the exponential relation
-+ *   work=1.1**cost
-+ */
-+static unsigned int
-+level_cost(unsigned int n)
-+{
-+    static const double log_1_1 = 0.09531017980432493;
-+
-+	/* Adding 0.1 protects against the case where n==1 */
-+	return ceil(log(n + 0.1)/log_1_1);
-+}
-+
- /*! Load data for an IFD.
-  *
-  * \param[in,out] data #ExifData
-@@ -357,13 +372,13 @@ if (data->ifd[(i)]->count) {				\
-  * \param[in] d pointer to buffer containing raw IFD data
-  * \param[in] ds size of raw data in buffer at \c d
-  * \param[in] offset offset into buffer at \c d at which IFD starts
-- * \param[in] recursion_depth number of times this function has been
-- * recursively called without returning
-+ * \param[in] recursion_cost factor indicating how expensive this recursive
-+ * call could be
-  */
- static void
- exif_data_load_data_content (ExifData *data, ExifIfd ifd,
- 			     const unsigned char *d,
--			     unsigned int ds, unsigned int offset, unsigned int recursion_depth)
-+			     unsigned int ds, unsigned int offset, unsigned int recursion_cost)
- {
- 	ExifLong o, thumbnail_offset = 0, thumbnail_length = 0;
- 	ExifShort n;
-@@ -378,9 +393,20 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd,
- 	if ((((int)ifd) < 0) || ( ((int)ifd) >= EXIF_IFD_COUNT))
- 	  return;
- 
--	if (recursion_depth > 12) {
-+	if (recursion_cost > 170) {
-+		/*
-+		 * recursion_cost is a logarithmic-scale indicator of how expensive this
-+		 * recursive call might end up being. It is an indicator of the depth of
-+		 * recursion as well as the potential for worst-case future recursive
-+		 * calls. Since it's difficult to tell ahead of time how often recursion
-+		 * will occur, this assumes the worst by assuming every tag could end up
-+		 * causing recursion.
-+		 * The value of 170 was chosen to limit typical EXIF structures to a
-+		 * recursive depth of about 6, but pathological ones (those with very
-+		 * many tags) to only 2.
-+		 */
- 		exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData",
--			  "Deep recursion detected!");
-+			  "Deep/expensive recursion detected!");
- 		return;
- 	}
- 
-@@ -422,15 +448,18 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd,
- 			switch (tag) {
- 			case EXIF_TAG_EXIF_IFD_POINTER:
- 				CHECK_REC (EXIF_IFD_EXIF);
--				exif_data_load_data_content (data, EXIF_IFD_EXIF, d, ds, o, recursion_depth + 1);
-+				exif_data_load_data_content (data, EXIF_IFD_EXIF, d, ds, o,
-+					recursion_cost + level_cost(n));
- 				break;
- 			case EXIF_TAG_GPS_INFO_IFD_POINTER:
- 				CHECK_REC (EXIF_IFD_GPS);
--				exif_data_load_data_content (data, EXIF_IFD_GPS, d, ds, o, recursion_depth + 1);
-+				exif_data_load_data_content (data, EXIF_IFD_GPS, d, ds, o,
-+					recursion_cost + level_cost(n));
- 				break;
- 			case EXIF_TAG_INTEROPERABILITY_IFD_POINTER:
- 				CHECK_REC (EXIF_IFD_INTEROPERABILITY);
--				exif_data_load_data_content (data, EXIF_IFD_INTEROPERABILITY, d, ds, o, recursion_depth + 1);
-+				exif_data_load_data_content (data, EXIF_IFD_INTEROPERABILITY, d, ds, o,
-+					recursion_cost + level_cost(n));
- 				break;
- 			case EXIF_TAG_JPEG_INTERCHANGE_FORMAT:
- 				thumbnail_offset = o;
--- 
-2.20.1
-

package/libexif/0005-fix-CVE-2019-9278.patch

@@ -1,90 +0,0 @@
-From 75aa73267fdb1e0ebfbc00369e7312bac43d0566 Mon Sep 17 00:00:00 2001
-From: Marcus Meissner <meissner@suse.de>
-Date: Sat, 18 Jan 2020 09:29:42 +0100
-Subject: [PATCH] fix CVE-2019-9278
-
-avoid the use of unsafe integer overflow checking constructs (unsigned integer operations cannot overflow, so "u1 + u2 > u1" can be optimized away)
-
-check for the actual sizes, which should also handle the overflows
-document other places google patched, but do not seem relevant due to other restrictions
-
-fixes https://github.com/libexif/libexif/issues/26
-
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
----
- libexif/exif-data.c | 28 ++++++++++++++++++----------
- 1 file changed, 18 insertions(+), 10 deletions(-)
-
-diff --git a/libexif/exif-data.c b/libexif/exif-data.c
-index a6f9c94..6332cd1 100644
---- a/libexif/exif-data.c
-+++ b/libexif/exif-data.c
-@@ -192,9 +192,15 @@ exif_data_load_data_entry (ExifData *data, ExifEntry *entry,
- 		doff = offset + 8;
- 
- 	/* Sanity checks */
--	if ((doff + s < doff) || (doff + s < s) || (doff + s > size)) {
-+	if (doff >= size) {
- 		exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
--				  "Tag data past end of buffer (%u > %u)", doff+s, size);	
-+				  "Tag starts past end of buffer (%u > %u)", doff, size);
-+		return 0;
-+	}
-+
-+	if (s > size - doff) {
-+		exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
-+				  "Tag data goes past end of buffer (%u > %u)", doff+s, size);
- 		return 0;
- 	}
- 
-@@ -315,13 +321,14 @@ exif_data_load_data_thumbnail (ExifData *data, const unsigned char *d,
- 			       unsigned int ds, ExifLong o, ExifLong s)
- {
- 	/* Sanity checks */
--	if ((o + s < o) || (o + s < s) || (o + s > ds) || (o > ds)) {
--		exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
--			  "Bogus thumbnail offset (%u) or size (%u).",
--			  o, s);
-+	if (o >= ds) {
-+		exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", "Bogus thumbnail offset (%u).", o);
-+		return;
-+	}
-+	if (s > ds - o) {
-+		exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", "Bogus thumbnail size (%u), max would be %u.", s, ds-o);
- 		return;
- 	}
--
- 	if (data->data) 
- 		exif_mem_free (data->priv->mem, data->data);
- 	if (!(data->data = exif_data_alloc (data, s))) {
-@@ -947,7 +954,7 @@ exif_data_load_data (ExifData *data, const unsigned char *d_orig,
- 	exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", 
- 		  "IFD 0 at %i.", (int) offset);
- 
--	/* Sanity check the offset, being careful about overflow */
-+	/* ds is restricted to 16 bit above, so offset is restricted too, and offset+8 should not overflow. */
- 	if (offset > ds || offset + 6 + 2 > ds)
- 		return;
- 
-@@ -956,6 +963,7 @@ exif_data_load_data (ExifData *data, const unsigned char *d_orig,
- 
- 	/* IFD 1 offset */
- 	n = exif_get_short (d + 6 + offset, data->priv->order);
-+	/* offset < 2<<16, n is 16 bit at most, so this op will not overflow */
- 	if (offset + 6 + 2 + 12 * n + 4 > ds)
- 		return;
- 
-@@ -964,8 +972,8 @@ exif_data_load_data (ExifData *data, const unsigned char *d_orig,
- 		exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
- 			  "IFD 1 at %i.", (int) offset);
- 
--		/* Sanity check. */
--		if (offset > ds || offset + 6 > ds) {
-+		/* Sanity check. ds is ensured to be above 6 above, offset is 16bit */
-+		if (offset > ds - 6) {
- 			exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA,
- 				  "ExifData", "Bogus offset of IFD1.");
- 		} else {
--- 
-2.20.1
-

package/libexif/Config.in

@@ -6,4 +6,4 @@ config BR2_PACKAGE_LIBEXIF
 	  image. The EXIF library allows you to parse an EXIF file
 	  and read the data from those tags.
 
-	  http://libexif.sf.net
+	  https://libexif.github.io

package/libexif/libexif.hash

@@ -1,3 +1,3 @@
 # Locally computed:
-sha256  16cdaeb62eb3e6dfab2435f7d7bccd2f37438d21c5218ec4e58efa9157d4d41a  libexif-0.6.21.tar.bz2
+sha256  5048f1c8fc509cc636c2f97f4b40c293338b6041a5652082d5ee2cf54b530c56  libexif-0.6.22.tar.xz
 sha256  36b6d3fa47916943fd5fec313c584784946047ec1337a78b440e5992cb595f89  COPYING

package/libexif/libexif.mk

@@ -4,21 +4,13 @@
 #
 ################################################################################
 
-LIBEXIF_VERSION = 0.6.21
-LIBEXIF_SOURCE = libexif-$(LIBEXIF_VERSION).tar.bz2
-LIBEXIF_SITE = http://downloads.sourceforge.net/project/libexif/libexif/$(LIBEXIF_VERSION)
+LIBEXIF_VERSION = 0.6.22
+LIBEXIF_SOURCE = libexif-$(LIBEXIF_VERSION).tar.xz
+LIBEXIF_SITE = \
+	https://github.com/libexif/libexif/releases/download/libexif-$(subst .,_,$(LIBEXIF_VERSION))-release
 LIBEXIF_INSTALL_STAGING = YES
 LIBEXIF_DEPENDENCIES = host-pkgconf
 LIBEXIF_LICENSE = LGPL-2.1+
 LIBEXIF_LICENSE_FILES = COPYING
 
-# 0001-fixes-some-not-all-buffer-overreads-during-decoding-.patch
-LIBEXIF_IGNORE_CVES += CVE-2016-6328
-# 0002-On-saving-makernotes-make-sure-the-makernote-contain.patch
-LIBEXIF_IGNORE_CVES += CVE-2017-7544
-# 0004-Improve-deep-recursion-detection-in-exif_data_load_d.patch
-LIBEXIF_IGNORE_CVES += CVE-2018-20030
-# 0005-fix-CVE-2019-9278.patch
-LIBEXIF_IGNORE_CVES += CVE-2019-9278
-
 $(eval $(autotools-package))

package/libpam-tacplus/0004-fix-build-failure-when-time_t-is-64-bits.patch

@@ -0,0 +1,80 @@
+From 74a6cc484a83270273b373da17c05c1e394d3dd9 Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Sun, 17 May 2020 21:55:11 +0200
+Subject: [PATCH] fix build failure when time_t is 64 bits
+
+Build can fail if time_t is 64 bits and not 32 bits because of the
+following warning (which results in a build failure due to -Werror):
+
+tacc.c: In function 'main':
+tacc.c:346:25: error: format '%lu' expects argument of type 'long unsigned int', but argument 3 has type 'time_t' {aka 'long long int'} [-Werror=format=]
+         sprintf(buf, "%lu", time(0));
+                       ~~^   ~~~~~~~
+                       %llu
+
+Instead of casting time_t to unsigned long as already done in
+pam_tacplus.c, use strftime which seems the right approach to
+convert time_t into a string. While at it, also update pam_tacplus.c.
+
+Fixes:
+ - http://autobuild.buildroot.org/results/874433d8cb30d21332f23024081a8b6d7b3254ae
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Retrieved from:
+https://github.com/kravietz/pam_tacplus/commit/74a6cc484a83270273b373da17c05c1e394d3dd9]
+---
+ pam_tacplus.c |  6 +++++-
+ tacc.c        | 12 ++++++++++--
+ 2 files changed, 15 insertions(+), 3 deletions(-)
+
+diff --git a/pam_tacplus.c b/pam_tacplus.c
+index 7d8bb5f..a0cb83d 100644
+--- a/pam_tacplus.c
++++ b/pam_tacplus.c
+@@ -86,10 +86,14 @@ int _pam_send_account(int tac_fd, int type, const char *user, char *tty,
+ 	char buf[64];
+ 	struct tac_attrib *attr;
+ 	int retval;
++	time_t t;
++	struct tm tm;
+ 
+ 	attr = (struct tac_attrib *) xcalloc(1, sizeof(struct tac_attrib));
+ 
+-	sprintf(buf, "%lu", (unsigned long) time(NULL));
++	t = time(NULL);
++	gmtime_r(&t, &tm);
++	strftime(buf, sizeof(buf), "%s", &tm);
+ 
+ 	if (type == TAC_PLUS_ACCT_FLAG_START) {
+ 		tac_add_attrib(&attr, "start_time", buf);
+diff --git a/tacc.c b/tacc.c
+index ef9d081..affc649 100644
+--- a/tacc.c
++++ b/tacc.c
+@@ -342,8 +342,12 @@ int main(int argc, char **argv) {
+     if (do_account) {
+         /* start accounting */
+         struct tac_attrib *attr = NULL;
++        time_t t;
++        struct tm tm;
+ 
+-        sprintf(buf, "%lu", time(0));
++        t = time(0);
++        gmtime_r(&t, &tm);
++        strftime(buf, sizeof(buf), "%s", &tm);
+         tac_add_attrib(&attr, "start_time", buf);
+ 
+         // this is not crypto but merely an identifier
+@@ -452,7 +456,11 @@ int main(int argc, char **argv) {
+     if (do_account) {
+         /* stop accounting */
+         struct tac_attrib *attr = NULL;
+-        sprintf(buf, "%lu", time(0));
++        time_t t;
++        struct tm tm;
++        t = time(0);
++        gmtime_r(&t, &tm);
++        strftime(buf, sizeof(buf), "%s", &tm);
+         tac_add_attrib(&attr, "stop_time", buf);
+         sprintf(buf, "%hu", task_id);
+         tac_add_attrib(&attr, "task_id", buf);

package/libssh2/libssh2.mk

@@ -14,7 +14,7 @@ LIBSSH2_CONF_OPTS = --disable-examples-build
 # 0003-packet-c-improve-message-parsing.patch
 LIBSSH2_IGNORE_CVES += CVE-2019-17498
 
-# building from a git clone
+# patch touching configure.ac and acinclude.m4
 LIBSSH2_AUTORECONF = YES
 
 ifeq ($(BR2_PACKAGE_LIBSSH2_MBEDTLS),y)

package/libv4l/0002-keytable-use-input_event-properly.patch

@@ -0,0 +1,36 @@
+From a84fc5d02ffd7119b3e38b72339f5760991d14da Mon Sep 17 00:00:00 2001
+From: Rosen Penev <rosenp@gmail.com>
+Date: Mon, 30 Mar 2020 14:24:34 -0700
+Subject: [PATCH] keytable: use input_event properly
+
+It does not use time_t under musl when time_t is 64-bit. The struct has
+compatibility defines. Instead of using time_t directly, use those
+defines.
+
+Fixes compilation under musl 1.2.0 under 32-bit OSes.
+
+Signed-off-by: Rosen Penev <rosenp@gmail.com>
+Signed-off-by: Sean Young <sean@mess.org>
+
+[Upstream: https://git.linuxtv.org/v4l-utils.git/patch/?id=38f4ce74275ae4625463f7eec78764715a0b6246]
+Signed-off-by: Peter Seiderer <ps.report@gmx.net>
+---
+ utils/keytable/keytable.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/utils/keytable/keytable.c b/utils/keytable/keytable.c
+index 6cb0217..318c064 100644
+--- a/utils/keytable/keytable.c
++++ b/utils/keytable/keytable.c
+@@ -1533,7 +1533,7 @@ static void test_event(struct rc_device *rc_dev, int fd)
+ 
+ 		for (i = 0; i < rd / sizeof(struct input_event); i++) {
+ 			printf(_("%ld.%06ld: event type %s(0x%02x)"),
+-				ev[i].time.tv_sec, ev[i].time.tv_usec,
++				ev[i].input_event_sec, ev[i].input_event_usec,
+ 				get_event_name(events_type, ev[i].type), ev[i].type);
+ 
+ 			switch (ev[i].type) {
+-- 
+2.26.2
+

package/libv4l/0003-keytable-add-compatibility-for-input_event_sec.patch

@@ -0,0 +1,35 @@
+From 986345e5673b1e68db513a4f72e6e79c74512a3b Mon Sep 17 00:00:00 2001
+From: Rosen Penev <rosenp@gmail.com>
+Date: Tue, 7 Apr 2020 18:13:44 -0700
+Subject: [PATCH] keytable: add compatibility for input_event_sec
+
+Linux 4.16 added support for this macro. When it is not available,
+define it back to the previous value.
+
+Signed-off-by: Rosen Penev <rosenp@gmail.com>
+Signed-off-by: Sean Young <sean@mess.org>
+
+[Upstream: https://git.linuxtv.org/v4l-utils.git/patch/?id=8b7e6ce9367fe09ca9398b5f3cc75bba2598b162]
+Signed-off-by: Peter Seiderer <ps.report@gmx.net>
+---
+ utils/keytable/keytable.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/utils/keytable/keytable.c b/utils/keytable/keytable.c
+index 318c064..705867c 100644
+--- a/utils/keytable/keytable.c
++++ b/utils/keytable/keytable.c
+@@ -62,6 +62,10 @@ struct input_keymap_entry_v2 {
+ 	u_int8_t  scancode[32];
+ };
+ 
++#ifndef input_event_sec
++#define input_event_sec time.tv_sec
++#define input_event_usec time.tv_usec
++#endif
+ 
+ #define IR_PROTOCOLS_USER_DIR IR_KEYTABLE_USER_DIR "/protocols"
+ #define IR_PROTOCOLS_SYSTEM_DIR IR_KEYTABLE_SYSTEM_DIR "/protocols"
+-- 
+2.26.2
+

package/libvncserver/0006-libvncclient-cursor-limit-width-height-input-values.patch

@@ -0,0 +1,40 @@
+From 54220248886b5001fbbb9fa73c4e1a2cb9413fed Mon Sep 17 00:00:00 2001
+From: Christian Beier <dontmind@freeshell.org>
+Date: Sun, 17 Nov 2019 17:18:35 +0100
+Subject: [PATCH] libvncclient/cursor: limit width/height input values
+
+Avoids a possible heap overflow reported by Pavel Cheremushkin
+<Pavel.Cheremushkin@kaspersky.com>.
+
+re #275
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Retrieved from:
+https://github.com/LibVNC/libvncserver/commit/54220248886b5001fbbb9fa73c4e1a2cb9413fed]
+---
+ libvncclient/cursor.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/libvncclient/cursor.c b/libvncclient/cursor.c
+index 67f45726..40ffb3b0 100644
+--- a/libvncclient/cursor.c
++++ b/libvncclient/cursor.c
+@@ -28,6 +28,8 @@
+ #define OPER_SAVE     0
+ #define OPER_RESTORE  1
+ 
++#define MAX_CURSOR_SIZE 1024
++
+ #define RGB24_TO_PIXEL(bpp,r,g,b)                                       \
+    ((((uint##bpp##_t)(r) & 0xFF) * client->format.redMax + 127) / 255             \
+     << client->format.redShift |                                              \
+@@ -54,6 +56,9 @@ rfbBool HandleCursorShape(rfbClient* client,int xhot, int yhot, int width, int h
+   if (width * height == 0)
+     return TRUE;
+ 
++  if (width >= MAX_CURSOR_SIZE || height >= MAX_CURSOR_SIZE)
++    return FALSE;
++
+   /* Allocate memory for pixel data and temporary mask data. */
+   if(client->rcSource)
+     free(client->rcSource);

package/libvncserver/libvncserver.mk

@@ -19,6 +19,9 @@ LIBVNCSERVER_IGNORE_CVES += CVE-2018-20750
 # 0004-rfbserver-don-t-leak-stack-memory-to-the-remote.patch
 LIBVNCSERVER_IGNORE_CVES += CVE-2019-15681
 
+# 0006-libvncclient-cursor-limit-width-height-input-values.patch
+LIBVNCSERVER_IGNORE_CVES += CVE-2019-20788
+
 # only used for examples
 LIBVNCSERVER_CONF_OPTS += \
 	-DWITH_FFMPEG=OFF \

package/linux-headers/Config.in.host

@@ -334,13 +334,13 @@ endchoice
 
 config BR2_DEFAULT_KERNEL_HEADERS
 	string
-	default "4.4.219"	if BR2_KERNEL_HEADERS_4_4
-	default "4.9.219"	if BR2_KERNEL_HEADERS_4_9
-	default "4.14.176"	if BR2_KERNEL_HEADERS_4_14
-	default "4.19.118"	if BR2_KERNEL_HEADERS_4_19
-	default "5.4.35"	if BR2_KERNEL_HEADERS_5_4
+	default "4.4.223"	if BR2_KERNEL_HEADERS_4_4
+	default "4.9.223"	if BR2_KERNEL_HEADERS_4_9
+	default "4.14.180"	if BR2_KERNEL_HEADERS_4_14
+	default "4.19.122"	if BR2_KERNEL_HEADERS_4_19
+	default "5.4.40"	if BR2_KERNEL_HEADERS_5_4
 	default "5.5.19"	if BR2_KERNEL_HEADERS_5_5
-	default "5.6.7"		if BR2_KERNEL_HEADERS_5_6
+	default "5.6.12"	if BR2_KERNEL_HEADERS_5_6
 	default BR2_DEFAULT_KERNEL_VERSION if BR2_KERNEL_HEADERS_VERSION
 	default "custom"	if BR2_KERNEL_HEADERS_CUSTOM_TARBALL
 	default BR2_KERNEL_HEADERS_CUSTOM_REPO_VERSION \

package/localedef/2.30-67-g4748829f86a458b76642f3e98b1d80f7b868e427/localedef.hash

@@ -1,5 +1,5 @@
 # Locally calculated (fetched from Github)
-sha256  fe1ca8099bc2cda997d8a585f1a512e59df56c52c9c7363a4058da2725c8f4a9  glibc-2.30-20-g50f20fe506abb8853641006a7b90a81af21d7b91.tar.gz
+sha256  4462f56696332efbc5b0c2f86d7aa75a2a02c3d44bc4345fa42b5bab1225de5c  glibc-2.30-67-g4748829f86a458b76642f3e98b1d80f7b868e427.tar.gz
 
 # Hashes for license files
 sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING

package/localedef/localedef.mk

@@ -7,7 +7,7 @@
 # Use the same VERSION and SITE as target glibc
 # As in glibc.mk, generate version string using:
 #   git describe --match 'glibc-*' --abbrev=40 origin/release/MAJOR.MINOR/master | cut -d '-' -f 2-
-LOCALEDEF_VERSION = 2.30-20-g50f20fe506abb8853641006a7b90a81af21d7b91
+LOCALEDEF_VERSION = 2.30-67-g4748829f86a458b76642f3e98b1d80f7b868e427
 LOCALEDEF_SOURCE = glibc-$(LOCALEDEF_VERSION).tar.gz
 LOCALEDEF_SITE = $(call github,bminor,glibc,$(LOCALEDEF_VERSION))
 HOST_LOCALEDEF_DL_SUBDIR = glibc

package/lrzip/0001-missing-stdarg.patch

@@ -1,26 +0,0 @@
-From 5ae1754025315d85fac11cb4eb2474789ee6475e Mon Sep 17 00:00:00 2001
-From: Sam Lancia <sam@gpsm.co.uk>
-Date: Sat, 7 Sep 2019 20:54:29 +0100
-Subject: [PATCH] Lrzip.h: add missing header for va_list on some platforms
-
-Signed-off-by: Sam Lancia <sam@gpsm.co.uk>
----
- Lrzip.h | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/Lrzip.h b/Lrzip.h
-index 29bc2a9..8934c59 100644
---- a/Lrzip.h
-+++ b/Lrzip.h
-@@ -20,6 +20,7 @@
- #ifndef LIBLRZIP_H
- #define LIBLRZIP_H
- 
-+#include <stdarg.h>
- #include <stdbool.h>
- #include <stdio.h>
- #ifdef _WIN32
--- 
-2.17.1
-
-

package/lrzip/lrzip.hash

@@ -1,3 +1,3 @@
 # Locally computed:
-sha256 10315c20d5a47590e7220c210735ba169677824d5672509266682eccec84d952  lrzip-0.631.tar.gz
-sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
+sha256  7f886b248c996ef9d327e0a8ede4eb7e067186185cad7b37084607098d35c75a  lrzip-8781292dd5833c04eeead51d4a5bd02dc6432dc7.tar.gz
+sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING

package/lrzip/lrzip.mk

@@ -4,11 +4,18 @@
 #
 ################################################################################
 
-LRZIP_VERSION = 0.631
-LRZIP_SITE = $(call github,ckolivas,lrzip,v$(LRZIP_VERSION))
+LRZIP_VERSION = 8781292dd5833c04eeead51d4a5bd02dc6432dc7
+LRZIP_SITE = $(call github,ckolivas,lrzip,$(LRZIP_VERSION))
 LRZIP_AUTORECONF = YES
 LRZIP_LICENSE = GPL-2.0+
 LRZIP_LICENSE_FILES = COPYING
 LRZIP_DEPENDENCIES = zlib lzo bzip2
 
+ifeq ($(BR2_i386)$(BR2_x86_64),y)
+LRZIP_DEPENDENCIES += host-nasm
+LRZIP_CONF_OPTS += --enable-asm
+else
+LRZIP_CONF_OPTS += --disable-asm
+endif
+
 $(eval $(autotools-package))

package/mariadb/0002-add-sysroot-path-to-mariadb_config.patch

@@ -1,29 +0,0 @@
-From 7e1b6aafeb9fe6558da7506b304c0efb5ea82281 Mon Sep 17 00:00:00 2001
-From: Ryan Coe <bluemrp9@gmail.com>
-Date: Fri, 13 Dec 2019 17:13:26 -0800
-Subject: [PATCH] add sysroot path to mariadb_config
-
-Upstream: https://github.com/mariadb-corporation/mariadb-connector-c/commit/b787c0d69cc00af98cd4ee5bc205e1c7ddaf427a
-Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
----
- libmariadb/mariadb_config/mariadb_config.c.in | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/libmariadb/mariadb_config/mariadb_config.c.in b/libmariadb/mariadb_config/mariadb_config.c.in
-index 703c9466a1d9214a85f3638d2e3b4ecfef0c7bd6..f5513333e670373f060a3c2574d1d42facfd0337 100644
---- a/libmariadb/mariadb_config/mariadb_config.c.in
-+++ b/libmariadb/mariadb_config/mariadb_config.c.in
-@@ -5,8 +5,8 @@
- 
- static char *mariadb_progname;
- 
--#define INCLUDE "-I@CMAKE_INSTALL_PREFIX@/@INSTALL_INCLUDEDIR@ -I@CMAKE_INSTALL_PREFIX@/@INSTALL_INCLUDEDIR@/mysql"
--#define LIBS    "-L@CMAKE_INSTALL_PREFIX@/@INSTALL_LIBDIR@/ -lmariadb"
-+#define INCLUDE "-I@CMAKE_SYSROOT@@CMAKE_INSTALL_PREFIX@/@INSTALL_INCLUDEDIR@ -I@CMAKE_SYSROOT@@CMAKE_INSTALL_PREFIX@/@INSTALL_INCLUDEDIR@/mysql"
-+#define LIBS    "-L@CMAKE_SYSROOT@@CMAKE_INSTALL_PREFIX@/@INSTALL_LIBDIR@/ -lmariadb"
- #define LIBS_SYS "@extra_dynamic_LDFLAGS@"
- #define CFLAGS  INCLUDE
- #define VERSION "@MARIADB_CLIENT_VERSION@"
--- 
-2.24.1
-

package/mariadb/mariadb.hash

@@ -1,9 +1,9 @@
-# From https://downloads.mariadb.org/mariadb/10.3.22
-md5 f712a5e6fde038d0c9c6d2a2cd88b84e  mariadb-10.3.22.tar.gz
-sha1 f92f517fc2ea893ffb3d599ade219bf0a0045265  mariadb-10.3.22.tar.gz
-sha256 3200055dbdc27746981b3bb4bc182e2cb79dcf28ea88014b641a5b81280ccec7  mariadb-10.3.22.tar.gz
-sha512 57a6551b8939f54742963202d50a537e69e8ab9b2dca42ce3d2a09c0f7af368fded71f36af26f6cbd956d54fe43853981ba8fe28b7a3ba97c7d52ea4a0d233f6  mariadb-10.3.22.tar.gz
+# From https://downloads.mariadb.org/mariadb/10.3.23
+md5  473950893d29805d9384ec0ed5d7c276  mariadb-10.3.23.tar.gz
+sha1  c95b6d4cff5e6d63eed05da20561802b9c83e717  mariadb-10.3.23.tar.gz
+sha256  fc405022457d8eec5991b870cc1c9a07b83b551d6165c414c4d8f31523aa86ae  mariadb-10.3.23.tar.gz
+sha512  535cd2ce80a95b6c0a1aa559cc3275dfcd559c3a4f958fab3382923190a16e6bc5b4ad79acaa518244512ff618568c239c0edef8a701d958362ede19a29c2986  mariadb-10.3.23.tar.gz
 
 # Hash for license files
-sha256 a4665c1189fe31e0bbc27e9b55439df7dad6e99805407fe58d78da7aabe678f8  README.md
-sha256 240a15a1d0f34d3abca462cdb7e5fb89470967563f16b0e71169e51c1e74cf2b  COPYING
+sha256  a4665c1189fe31e0bbc27e9b55439df7dad6e99805407fe58d78da7aabe678f8  README.md
+sha256  240a15a1d0f34d3abca462cdb7e5fb89470967563f16b0e71169e51c1e74cf2b  COPYING

package/mariadb/mariadb.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-MARIADB_VERSION = 10.3.22
+MARIADB_VERSION = 10.3.23
 MARIADB_SITE = https://downloads.mariadb.org/interstitial/mariadb-$(MARIADB_VERSION)/source
 MARIADB_LICENSE = GPL-2.0 (server), GPL-2.0 with FLOSS exception (GPL client library), LGPL-2.0 (LGPL client library)
 # Tarball no longer contains LGPL license text

package/matchbox/matchbox.hash

@@ -1,2 +1,6 @@
 # From http://downloads.yoctoproject.org/releases/matchbox/matchbox-window-manager/1.2/matchbox-window-manager-1.2.tar.bz2.md5
-md5	3e158dcf57823b55c926d95b245500fb	matchbox-window-manager-1.2.tar.bz2
+md5  3e158dcf57823b55c926d95b245500fb  matchbox-window-manager-1.2.tar.bz2
+
+# Locally computed
+sha256  81a23a4af797cf350759fd5ac738797015a66dd5dba2f3d9f3c6908506c1ceff  matchbox-window-manager-1.2.tar.bz2
+sha256  231f7edcc7352d7734a96eef0b8030f77982678c516876fcb81e25b32d68564c  COPYING

package/matchbox/matchbox.mk

@@ -10,7 +10,7 @@ MATCHBOX_SITE = http://downloads.yoctoproject.org/releases/matchbox/matchbox-win
 MATCHBOX_LICENSE = GPL-2.0+
 MATCHBOX_LICENSE_FILES = COPYING
 
-MATCHBOX_DEPENDENCIES = matchbox-lib
+MATCHBOX_DEPENDENCIES = expat matchbox-lib
 MATCHBOX_CONF_OPTS = \
 	--enable-expat \
 	--disable-gconf \

package/mbuffer/0001-globals.c-properly-get-struct-timespec-definition.patch

@@ -1,38 +0,0 @@
-From 1fc7ac1e29eb6a0311d2d4c209f55adb92740d50 Mon Sep 17 00:00:00 2001
-From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
-Date: Mon, 13 Apr 2020 09:56:16 +0200
-Subject: [PATCH] globals.c: properly get 'struct timespec' definition
-
-'struct timespec' is defined in <time.h>, and according to man
-nanosleep(2), only available if _POSIX_C_SOURCE >= 199309L.
-
-Fixes:
-
-globals.c:90:2: error: storage size of 'Starttime' isn't known
-  Starttime;
-
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
----
- globals.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/globals.c b/globals.c
-index 5c10312..1c0ce80 100644
---- a/globals.c
-+++ b/globals.c
-@@ -17,10 +17,11 @@
-  *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
-  */
- 
-+#define _POSIX_C_SOURCE 199309L
- #include "dest.h"
- #include "globals.h"
- #include <fcntl.h>
--#include <sys/time.h>
-+#include <time.h>
- 
- dest_t *Dest = 0;
- 
--- 
-2.25.2
-

package/mbuffer/0002-configure.in-set-AC_USE_SYSTEM_EXTENSIONS.patch

@@ -1,38 +0,0 @@
-From 03db384ff0413d003de271355f59aba8c3f815a1 Mon Sep 17 00:00:00 2001
-From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-Date: Tue, 21 Apr 2020 14:30:20 +0200
-Subject: [PATCH] configure.in: set AC_USE_SYSTEM_EXTENSIONS
-
-Set AC_USE_SYSTEM_EXTENSIONS so _POSIX_SOURCE will be defined and the
-following build failure will be avoided when building in c89 or c99
-mode:
-
-log.c: In function 'infomsg':
-log.c:123:12: error: 'PIPE_BUF' undeclared (first use in this function)
-   if (s <= PIPE_BUF) {
-            ^~~~~~~~
-
-Fixes:
- - http://autobuild.buildroot.org/results/5f4e9079b3377a869ec7002a8138b80eb6194bbb
-
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-[Upstream status: sent to thomas@maier-komor.de]
----
- configure.in | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/configure.in b/configure.in
-index 02921c2..aba4af0 100644
---- a/configure.in
-+++ b/configure.in
-@@ -3,6 +3,7 @@ AC_CONFIG_HEADER(config.h)
- 
- AC_CANONICAL_SYSTEM
- AC_EXEEXT
-+AC_USE_SYSTEM_EXTENSIONS
- 
- PACKAGE=mbuffer
- VERSION=20140310
--- 
-2.25.1
-

package/mbuffer/mbuffer.hash

@@ -1,8 +1,8 @@
 # From http://www.maier-komor.de/mbuffer.html
-md5  e4acaa1e6a9a879e7394f04e02e1ae83  mbuffer-20191016.tgz
+md5  df39047654456f260665d66711cabcc5  mbuffer-20200505.tgz
 
 # Locally computed after checking signature upstream
-sha256  8dc210454765c18901074bc16e126c655135a486e73d69855caf74a157ddbe17  mbuffer-20191016.tgz
+sha256  cc046183149e51814c23b9f83fd748cc1625a88ee128651ea500aa7bd5f01f0b  mbuffer-20200505.tgz
 
 # Hash for license file
 sha256  8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903  LICENSE

package/mbuffer/mbuffer.mk

@@ -4,15 +4,12 @@
 #
 ################################################################################
 
-MBUFFER_VERSION = 20191016
+MBUFFER_VERSION = 20200505
 MBUFFER_SOURCE = mbuffer-$(MBUFFER_VERSION).tgz
 MBUFFER_SITE = http://www.maier-komor.de/software/mbuffer
 MBUFFER_LICENSE = GPL-3.0+
 MBUFFER_LICENSE_FILES = LICENSE
 MBUFFER_CONF_OPTS = --disable-debug
-MBUFFER_CONF_ENV = CFLAGS="$(TARGET_CFLAGS) -std=c99"
-# We're patching configure.in
-MBUFFER_AUTORECONF = YES
 
 # we don't need tests & co. so we specify a target
 # so that the others don't get built, e.g idev.so

package/mesa3d-headers/mesa3d-headers.mk

@@ -12,7 +12,7 @@ endif
 
 # Not possible to directly refer to mesa3d variables, because of
 # first/second expansion trickery...
-MESA3D_HEADERS_VERSION = 20.0.6
+MESA3D_HEADERS_VERSION = 20.0.7
 MESA3D_HEADERS_SOURCE = mesa-$(MESA3D_HEADERS_VERSION).tar.xz
 MESA3D_HEADERS_SITE = https://mesa.freedesktop.org/archive
 MESA3D_HEADERS_DL_SUBDIR = mesa3d

package/mesa3d/mesa3d.hash

@@ -1,6 +1,6 @@
-# From https://lists.freedesktop.org/archives/mesa-announce/2020-April/000579.html
-sha256  30b5d8e9201a01a0e88e18bb79850e67b1d28443b34c4c5cacad4bd10f668b96  mesa-20.0.6.tar.xz
-sha512  a93dc3ed57ed7469b7c60cdbdcf4f29c5da4ec3986171c7b534e009e136ca21fec16207ffab38a6747437a9b1060e2e6c4b74c4e5cdc168b9aba0fc1940b5e90  mesa-20.0.6.tar.xz
+# From https://lists.freedesktop.org/archives/mesa-announce/2020-May/000583.html
+sha256  fe6e258fe772c3cd2ac01741bf7408058c3ac02d66acff9a6e669bd72e3ea178  mesa-20.0.7.tar.xz
+sha512  00baae50f14bf2b08b5654dffb11cf67499dc1825e1700b137fb5719e767e0e78e789979df2c194f677ea9c5e531f34965d47b9e37c239944c38d0570c7a9685  mesa-20.0.7.tar.xz
 
 # License
 sha256  1ddae7da415352a5b5360ff3a9d7ecf23ba81408f62eeecce0011f32e3ef9da6  docs/license.html

package/mesa3d/mesa3d.mk

@@ -5,7 +5,7 @@
 ################################################################################
 
 # When updating the version, please also update mesa3d-headers
-MESA3D_VERSION = 20.0.6
+MESA3D_VERSION = 20.0.7
 MESA3D_SOURCE = mesa-$(MESA3D_VERSION).tar.xz
 MESA3D_SITE = https://mesa.freedesktop.org/archive
 MESA3D_LICENSE = MIT, SGI, Khronos
@@ -167,7 +167,22 @@ endef
 MESA3D_POST_INSTALL_STAGING_HOOKS += MESA3D_REMOVE_OPENGL_HEADERS
 endif
 
-MESA3D_PLATFORMS = surfaceless
+ifeq ($(BR2_PACKAGE_MESA3D_NEEDS_X11),y)
+MESA3D_DEPENDENCIES += \
+	xlib_libX11 \
+	xlib_libXext \
+	xlib_libXdamage \
+	xlib_libXfixes \
+	xlib_libXrandr \
+	xlib_libXxf86vm \
+	xorgproto \
+	libxcb
+MESA3D_PLATFORMS += x11
+endif
+ifeq ($(BR2_PACKAGE_WAYLAND),y)
+MESA3D_DEPENDENCIES += wayland wayland-protocols
+MESA3D_PLATFORMS += wayland
+endif
 ifeq ($(BR2_PACKAGE_MESA3D_DRI_DRIVER),y)
 MESA3D_PLATFORMS += drm
 else ifeq ($(BR2_PACKAGE_MESA3D_GALLIUM_DRIVER_V3D),y)
@@ -189,22 +204,7 @@ MESA3D_PLATFORMS += drm
 else ifeq ($(BR2_PACKAGE_MESA3D_GALLIUM_DRIVER_RADEONSI),y)
 MESA3D_PLATFORMS += drm
 endif
-ifeq ($(BR2_PACKAGE_WAYLAND),y)
-MESA3D_DEPENDENCIES += wayland wayland-protocols
-MESA3D_PLATFORMS += wayland
-endif
-ifeq ($(BR2_PACKAGE_MESA3D_NEEDS_X11),y)
-MESA3D_DEPENDENCIES += \
-	xlib_libX11 \
-	xlib_libXext \
-	xlib_libXdamage \
-	xlib_libXfixes \
-	xlib_libXrandr \
-	xlib_libXxf86vm \
-	xorgproto \
-	libxcb
-MESA3D_PLATFORMS += x11
-endif
+MESA3D_PLATFORMS += surfaceless
 
 MESA3D_CONF_OPTS += \
 	-Dplatforms=$(subst $(space),$(comma),$(MESA3D_PLATFORMS))

package/meson/0003-Allow-overriding-g-ir-scanner-and-g-ir-compiler-bina.patch

@@ -0,0 +1,74 @@
+From 49b1c8df7e4ff3a441d831f926d87920952025bf Mon Sep 17 00:00:00 2001
+From: James Hilliard <james.hilliard1@gmail.com>
+Date: Sat, 2 May 2020 20:43:36 -0600
+Subject: [PATCH] Allow overriding g-ir-scanner and g-ir-compiler binaries.
+
+This is useful when one needs to force meson to use wrappers for cross
+compilation.
+
+Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
+[james.hilliard1@gmail.com: backport and largely adapt upstream commit
+1e073c4c1bd7de06bc74d84e3807c9b210e57a22, as the version in master has
+undergone haevy refactorisation]
+---
+ mesonbuild/modules/gnome.py | 34 +++++++++++++++++++++-------------
+ 1 file changed, 21 insertions(+), 13 deletions(-)
+
+diff --git a/mesonbuild/modules/gnome.py b/mesonbuild/modules/gnome.py
+index a00005588..b6d7cc141 100644
+--- a/mesonbuild/modules/gnome.py
++++ b/mesonbuild/modules/gnome.py
+@@ -32,7 +32,7 @@ from ..mesonlib import (
+     MachineChoice, MesonException, OrderedSet, Popen_safe, extract_as_list,
+     join_args, unholder,
+ )
+-from ..dependencies import Dependency, PkgConfigDependency, InternalDependency
++from ..dependencies import Dependency, PkgConfigDependency, InternalDependency, ExternalProgram
+ from ..interpreterbase import noKwargs, permittedKwargs, FeatureNew, FeatureNewKwargs
+ 
+ # gresource compilation is broken due to the way
+@@ -735,21 +735,29 @@ class GnomeModule(ExtensionModule):
+         # these utilities via pkg-config, so it would be best to use the
+         # results from pkg-config when possible.
+         gi_util_dirs_check = [state.environment.get_build_dir(), state.environment.get_source_dir()]
+-        giscanner = self.interpreter.find_program_impl('g-ir-scanner')
+-        if giscanner.found():
+-            giscanner_path = giscanner.get_command()[0]
+-            if not any(x in giscanner_path for x in gi_util_dirs_check):
+-                giscanner = self.gir_dep.get_pkgconfig_variable('g_ir_scanner', {})
++        giscanner_bin = state.environment.lookup_binary_entry(MachineChoice.HOST, 'g-ir-scanner')
++        if giscanner_bin is not None:
++            giscanner = ExternalProgram.from_entry('g-ir-scanner', giscanner_bin)
+         else:
+-            giscanner = self.gir_dep.get_pkgconfig_variable('g_ir_scanner', {})
++            giscanner = self.interpreter.find_program_impl('g-ir-scanner')
++            if giscanner.found():
++                giscanner_path = giscanner.get_command()[0]
++                if not any(x in giscanner_path for x in gi_util_dirs_check):
++                    giscanner = self.gir_dep.get_pkgconfig_variable('g_ir_scanner', {})
++            else:
++                giscanner = self.gir_dep.get_pkgconfig_variable('g_ir_scanner', {})
+ 
+-        gicompiler = self.interpreter.find_program_impl('g-ir-compiler')
+-        if gicompiler.found():
+-            gicompiler_path = gicompiler.get_command()[0]
+-            if not any(x in gicompiler_path for x in gi_util_dirs_check):
+-                gicompiler = self.gir_dep.get_pkgconfig_variable('g_ir_compiler', {})
++        gicompiler_bin = state.environment.lookup_binary_entry(MachineChoice.HOST, 'g-ir-compiler')
++        if gicompiler_bin is not None:
++            gicompiler = ExternalProgram.from_entry('g-ir-compiler', gicompiler_bin)
+         else:
+-            gicompiler = self.gir_dep.get_pkgconfig_variable('g_ir_compiler', {})
++            gicompiler = self.interpreter.find_program_impl('g-ir-compiler')
++            if gicompiler.found():
++                gicompiler_path = gicompiler.get_command()[0]
++                if not any(x in gicompiler_path for x in gi_util_dirs_check):
++                    gicompiler = self.gir_dep.get_pkgconfig_variable('g_ir_compiler', {})
++            else:
++                gicompiler = self.gir_dep.get_pkgconfig_variable('g_ir_compiler', {})
+ 
+         ns = kwargs.pop('namespace')
+         nsversion = kwargs.pop('nsversion')
+-- 
+2.25.1
+

package/meson/cross-compilation.conf.in

@@ -9,6 +9,8 @@ cpp = '@TARGET_CROSS@g++'
 ar = '@TARGET_CROSS@ar'
 strip = '@TARGET_CROSS@strip'
 pkgconfig = '@HOST_DIR@/bin/pkgconf'
+g-ir-compiler = '@STAGING_DIR@/usr/bin/g-ir-compiler'
+g-ir-scanner = '@STAGING_DIR@/usr/bin/g-ir-scanner'
 
 [properties]
 needs_exe_wrapper = true