Update for 2017.05.1

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

CHANGES

@@ -1,3 +1,34 @@
+2017.05.1, Released July 4th, 2017
+
+	Important / security related fixes.
+
+	Update support/scripts/scancpan to use METACPAN v1 API as v0
+	has been shutdown.
+
+	Update support/scripts/mkusers to handle setups where
+	/etc/shadow is a symlink.
+
+	External toolchain: Don't create musl dynamic loader symlink
+	for static builds.
+
+	Setlocalversion: Correct detection of mercurial revisions for
+	non-tagged versions.
+
+	Defconfigs: at91sam9x5ek_mmc: workaround boot rom issue.
+
+	Updated/fixed packages: apache, automake, bind, botan, c-ares,
+	dhcp, expat, fcgiwrap, gcc, gdb, gesftpserver, glibc, glmark2,
+	gnutls, gst1-plugins-bad, imagemagick, imx-uuc, intltool,
+	iperf, ipsec-tools, irssi, kmod, libcurl, libgcrypt, libmad,
+	libnl, lugaro, mosquitto, mpg123, ncurses, nodejs, ntp,
+	openssh, openvpn, pngquant, python-simplegeneric, qt5base,
+	qt5multimedia, rtl8821au, socat, spice, systemd, tor, trinity,
+	tslib, vlc, x264, xen, xlib_libxshmfenc, xserver_xorg-server
+
+	Issues resolved (http://bugs.buildroot.org):
+
+	#9976: License file for package 'rtl8821au' incorrect
+
 2017.05, Released May 31st, 2017
 
 	Minor fixes.

Config.in.legacy

@@ -143,8 +143,42 @@ comment "----------------------------------------------------"
 endif
 
 ###############################################################################
+
 comment "Legacy options removed in 2017.05"
 
+config BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_WEBRTC
+	bool "gst1-plugins-bad webrtc renamed to webrtcdsp"
+	select BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_WEBRTCDSP
+	select BR2_LEGACY
+	help
+	  The WebRTC plugin in GStreamer 1.x has always been named
+	  webrtcdsp, but was wrongly introduced in Buildroot under the
+	  name webrtc. Therefore, we have renamed the option to match
+	  the actual name of the GStreamer plugin.
+
+config BR2_PACKAGE_SPICE_CLIENT
+	bool "spice client support removed"
+	select BR2_LEGACY
+	help
+	  Spice client support has been removed upstream. The
+	  functionality now lives in the spice-gtk widget and
+	  virt-viewer.
+
+config BR2_PACKAGE_SPICE_GUI
+	bool "spice gui support removed"
+	select BR2_LEGACY
+	help
+	  Spice gui support has been removed upstream. The
+	  functionality now lives in the spice-gtk widget and
+	  virt-viewer.
+
+config BR2_PACKAGE_SPICE_TUNNEL
+	bool "spice network redirection removed"
+	select BR2_LEGACY
+	help
+	  Spice network redirection, aka tunnelling has been removed
+	  upstream.
+
 config BR2_PACKAGE_SUNXI_MALI_R2P4
 	bool "sunxi-mali r2p4 removed"
 	select BR2_LEGACY

Makefile

@@ -86,9 +86,9 @@ else # umask / $(CURDIR) / $(O)
 all:
 
 # Set and export the version string
-export BR2_VERSION := 2017.05
+export BR2_VERSION := 2017.05.1
 # Actual time the release is cut (for reproducible builds)
-BR2_VERSION_EPOCH = 1496267000
+BR2_VERSION_EPOCH = 1499203000
 
 # Save running make version since it's clobbered by the make package
 RUNNING_MAKE_VERSION := $(MAKE_VERSION)

board/atmel/at91sam9x5ek_mmc/genimage.cfg

@@ -24,6 +24,7 @@ image sdcard.img {
 		partition-type = 0xC
 		bootable = "true"
 		image = "boot.vfat"
+		offset = 1M
 	}
 
 	partition rootfs {

linux/Config.in

@@ -26,7 +26,7 @@ choice
 	prompt "Kernel version"
 
 config BR2_LINUX_KERNEL_LATEST_VERSION
-	bool "Latest version (4.11.3)"
+	bool "Latest version (4.11.8)"
 
 config BR2_LINUX_KERNEL_LATEST_CIP_VERSION
 	bool "Latest CIP SLTS version (v4.4.55-cip3)"
@@ -116,7 +116,7 @@ endif
 
 config BR2_LINUX_KERNEL_VERSION
 	string
-	default "4.11.3" if BR2_LINUX_KERNEL_LATEST_VERSION
+	default "4.11.8" if BR2_LINUX_KERNEL_LATEST_VERSION
 	default "v4.4.55-cip3" if BR2_LINUX_KERNEL_LATEST_CIP_VERSION
 	default BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE \
 		if BR2_LINUX_KERNEL_CUSTOM_VERSION

linux/linux.mk

@@ -278,7 +278,7 @@ define LINUX_KCONFIG_FIXUP_CMDS
 		$(call KCONFIG_ENABLE_OPT,CONFIG_FHANDLE,$(@D)/.config)
 		$(call KCONFIG_ENABLE_OPT,CONFIG_AUTOFS4_FS,$(@D)/.config)
 		$(call KCONFIG_ENABLE_OPT,CONFIG_TMPFS_POSIX_ACL,$(@D)/.config)
-		$(call KCONFIG_ENABLE_OPT,CONFIG_TMPFS_POSIX_XATTR,$(@D)/.config))
+		$(call KCONFIG_ENABLE_OPT,CONFIG_TMPFS_XATTR,$(@D)/.config))
 	$(if $(BR2_PACKAGE_SMACK),
 		$(call KCONFIG_ENABLE_OPT,CONFIG_SECURITY,$(@D)/.config)
 		$(call KCONFIG_ENABLE_OPT,CONFIG_SECURITY_SMACK,$(@D)/.config)

package/Makefile.in

@@ -207,7 +207,7 @@ TARGET_STRIP = $(TARGET_CROSS)strip
 STRIPCMD = $(TARGET_CROSS)strip --remove-section=.comment --remove-section=.note
 endif
 ifeq ($(BR2_STRIP_none),y)
-TARGET_STRIP = true
+TARGET_STRIP = /bin/true
 STRIPCMD = $(TARGET_STRIP)
 endif
 INSTALL := $(shell which install || type -p install)

package/apache/apache.hash

@@ -1,2 +1,2 @@
-# From http://www.apache.org/dist/httpd/httpd-2.4.23.tar.bz2.sha1
-sha1 bd6d138c31c109297da2346c6e7b93b9283993d2  httpd-2.4.25.tar.bz2
+# From http://www.apache.org/dist/httpd/httpd-2.4.26.tar.bz2.sha256
+sha256 a07eb52fafc879e0149d31882f7da63173e72df4478db4dc69f7a775b663d387 httpd-2.4.26.tar.bz2

package/apache/apache.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-APACHE_VERSION = 2.4.25
+APACHE_VERSION = 2.4.26
 APACHE_SOURCE = httpd-$(APACHE_VERSION).tar.bz2
 APACHE_SITE = http://archive.apache.org/dist/httpd
 APACHE_LICENSE = Apache-2.0

package/bind/bind.hash

@@ -1,2 +1,2 @@
-# Verified from http://ftp.isc.org/isc/bind9/9.11.1/bind-9.11.1.tar.gz.sha256.asc
-sha256 22050095f5c82a1385cc4174190ac60392670bbc5d63d592ecae52a214bc10b2  bind-9.11.1.tar.gz
+# Verified from http://ftp.isc.org/isc/bind9/9.11.1-P1/bind-9.11.1-P2.tar.gz.sha256.asc
+sha256 bf53c6431575ae1612ddef66d18ef9baf2a22d842fa5b0cadc971919fd81fea5 bind-9.11.1-P2.tar.gz

package/bind/bind.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-BIND_VERSION = 9.11.1
+BIND_VERSION = 9.11.1-P2
 BIND_SITE = ftp://ftp.isc.org/isc/bind9/$(BIND_VERSION)
 # bind does not support parallel builds.
 BIND_MAKE = $(MAKE1)

package/botan/botan.mk

@@ -43,6 +43,12 @@ BOTAN_DEPENDENCIES += zlib
 BOTAN_CONF_OPTS += --with-zlib
 endif
 
+ifeq ($(BR2_POWERPC_CPU_HAS_ALTIVEC),y)
+BOTAN_CONF_OPTS += --enable-altivec
+else
+BOTAN_CONF_OPTS += --disable-altivec
+endif
+
 define BOTAN_CONFIGURE_CMDS
 	(cd $(@D); $(TARGET_MAKE_ENV) ./configure.py $(BOTAN_CONF_OPTS))
 endef

package/c-ares/c-ares.hash

@@ -1,2 +1,2 @@
 # Locally calculated after checking pgp signature
-sha256 8692f9403cdcdf936130e045c84021665118ee9bfea905d1a76f04d4e6f365fb c-ares-1.12.0.tar.gz
+sha256 03f708f1b14a26ab26c38abd51137640cb444d3ec72380b21b20f1a8d2861da7 c-ares-1.13.0.tar.gz

package/c-ares/c-ares.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-C_ARES_VERSION = 1.12.0
+C_ARES_VERSION = 1.13.0
 C_ARES_SITE = http://c-ares.haxx.se/download
 C_ARES_INSTALL_STAGING = YES
 C_ARES_CONF_OPTS = --with-random=/dev/urandom

package/dhcp/Config.in

@@ -12,6 +12,7 @@ if BR2_PACKAGE_DHCP
 
 config BR2_PACKAGE_DHCP_SERVER
 	bool "dhcp server"
+	select BR2_PACKAGE_SYSTEMD_TMPFILES if BR2_PACKAGE_SYSTEMD
 	help
 	  DHCP server from the ISC DHCP distribution.
 

package/expat/0001-configure.ac-Fix-mis-detection-of-getrandom-on-Debia.patch

@@ -0,0 +1,29 @@
+From 602e6c78ca750c082b72f8cdf4a38839b312959f Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Sun, 18 Jun 2017 18:55:10 +0200
+Subject: [PATCH] configure.ac: Fix mis-detection of getrandom on Debian
+ GNU/kFreeBSD (#50)
+
+There is no such thing but we need to link (not just compile) to realize.
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ expat/configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 1357c9a..444c002 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -130,7 +130,7 @@ AC_LINK_IFELSE([AC_LANG_SOURCE([
+ 
+ 
+ AC_MSG_CHECKING([for getrandom (Linux 3.17+, glibc 2.25+)])
+-AC_COMPILE_IFELSE([AC_LANG_SOURCE([
++AC_LINK_IFELSE([AC_LANG_SOURCE([
+   #include <stdlib.h>  /* for NULL */
+   #include <sys/random.h>
+   int main() {
+-- 
+2.11.0
+

package/expat/expat.hash

@@ -1,5 +1,5 @@
-# From https://sourceforge.net/projects/expat/files/expat/2.2.0/
-md5	2f47841c829facb346eb6e3fab5212e2	expat-2.2.0.tar.bz2
-sha1	8453bc52324be4c796fd38742ec48470eef358b3	expat-2.2.0.tar.bz2
+# From https://sourceforge.net/projects/expat/files/expat/2.2.1/
+md5	d9c3baeab58774cefc2f04faf29f2cf8	expat-2.2.1.tar.bz2
+sha1	f45eb724f182776a9cacec9ed70d549e87198987	expat-2.2.1.tar.bz2
 # Calculated based on the hashes above
-sha256	d9e50ff2d19b3538bd2127902a89987474e1a4db8e43a66a4d1a712ab9a504ff	expat-2.2.0.tar.bz2
+sha256	1868cadae4c82a018e361e2b2091de103cd820aaacb0d6cfa49bd2cd83978885	expat-2.2.1.tar.bz2

package/expat/expat.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-EXPAT_VERSION = 2.2.0
+EXPAT_VERSION = 2.2.1
 EXPAT_SITE = http://downloads.sourceforge.net/project/expat/expat/$(EXPAT_VERSION)
 EXPAT_SOURCE = expat-$(EXPAT_VERSION).tar.bz2
 EXPAT_INSTALL_STAGING = YES
@@ -14,6 +14,8 @@ EXPAT_DEPENDENCIES = host-pkgconf
 HOST_EXPAT_DEPENDENCIES = host-pkgconf
 EXPAT_LICENSE = MIT
 EXPAT_LICENSE_FILES = COPYING
+# for 0001-configure.ac-Fix-mis-detection-of-getrandom-on-Debia.patch
+EXPAT_AUTORECONF = YES
 
 $(eval $(autotools-package))
 $(eval $(host-autotools-package))

package/fcgiwrap/fcgiwrap.mk

@@ -10,6 +10,7 @@ FCGIWRAP_DEPENDENCIES = host-pkgconf libfcgi
 FCGIWRAP_LICENSE = MIT
 FCGIWRAP_LICENSE_FILES = COPYING
 FCGIWRAP_AUTORECONF = YES
+FCGIWRAP_CONF_ENV = CFLAGS="$(TARGET_CFLAGS) -Wno-error"
 
 ifeq ($(BR2_PACKAGE_SYSTEMD),y)
 FCGIWRAP_DEPENDENCIES += systemd

package/freescale-imx/imx-uuc/S80imx-uuc

@@ -6,7 +6,7 @@ DAEMON=/usr/bin/$NAME
 case "$1" in
     start)
 	printf "Starting $NAME: "
-	start-stop-daemon -S -q -b -p /var/run/${NAME}.pid -x $DAEMON
+	start-stop-daemon -S -q -b -m -p /var/run/${NAME}.pid -x $DAEMON
 	[ $? = 0 ] && echo "OK" || echo "FAIL"
 	;;
     stop)

package/gcc/6.3.0/942-ubsan-fix-check-empty-string.patch

@@ -0,0 +1,40 @@
+From 8db2cf6353c13f2a84cbe49b689654897906c499 Mon Sep 17 00:00:00 2001
+From: kyukhin <kyukhin@138bc75d-0d04-0410-961f-82ee72b054a4>
+Date: Sat, 3 Sep 2016 10:57:05 +0000
+Subject: [PATCH] gcc/ubsan.c: Fix check for empty string
+
+Building host-gcc-initial with GCC7 on the host fails due to the
+comparison of a pointer to an integer in ubsan_use_new_style_p, which
+is forbidden by ISO C++:
+
+ubsan.c:1474:23: error: ISO C++ forbids comparison between pointer and
+integer [-fpermissive]
+       || xloc.file == '\0' || xloc.file[0] == '\xff'
+
+Backport the fix from upstream GCC to enable the build with GCC 7.
+
+Backported from:
+https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=239971
+
+Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
+[Add commit log from [1]]
+Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
+
+[1] https://patchwork.openembedded.org/patch/138884/
+---
+ gcc/ubsan.c   | 2 +-
+ 2 files changed, 5 insertions(+), 1 deletion(-)
+
+Index: gcc-6.3.0/gcc/ubsan.c
+===================================================================
+--- gcc-6.3.0.orig/gcc/ubsan.c
++++ gcc-6.3.0/gcc/ubsan.c
+@@ -1471,7 +1471,7 @@ ubsan_use_new_style_p (location_t loc)
+ 
+   expanded_location xloc = expand_location (loc);
+   if (xloc.file == NULL || strncmp (xloc.file, "\1", 2) == 0
+-      || xloc.file == '\0' || xloc.file[0] == '\xff'
++      || xloc.file[0] == '\0' || xloc.file[0] == '\xff'
+       || xloc.file[1] == '\xff')
+     return false;
+ 

package/gdb/7.10.1/0011-use-asm-sgidefs.h.patch

@@ -0,0 +1,41 @@
+From 12a0b8d81e1fda6ba98abdce8d6f09f9555ebcf5 Mon Sep 17 00:00:00 2001
+From: Andre McCurdy <amccurdy@gmail.com>
+Date: Sat, 30 Apr 2016 15:29:06 -0700
+Subject: [PATCH] use <asm/sgidefs.h>
+
+Build fix for MIPS with musl libc
+
+The MIPS specific header <sgidefs.h> is provided by glibc and uclibc
+but not by musl. Regardless of the libc, the kernel headers provide
+<asm/sgidefs.h> which provides the same definitions, so use that
+instead.
+
+Upstream-Status: Pending
+
+[Vincent:
+Taken from https://sourceware.org/bugzilla/show_bug.cgi?id=21070
+Patch has been adapted to apply on 7.10.1.]
+
+Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
+---
+ gdb/mips-linux-nat.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gdb/mips-linux-nat.c b/gdb/mips-linux-nat.c
+index 9f6d697..8f57bb2 100644
+--- a/gdb/mips-linux-nat.c
++++ b/gdb/mips-linux-nat.c
+@@ -31,7 +31,7 @@
+ #include "gdb_proc_service.h"
+ #include "gregset.h"
+ 
+-#include <sgidefs.h>
++#include <asm/sgidefs.h>
+ #include <sys/ptrace.h>
+ #include <asm/ptrace.h>
+
+-- 
+2.13.1
+ 

package/gdb/7.11.1/0006-use-asm-sgidefs.h.patch

@@ -0,0 +1,40 @@
+From 12a0b8d81e1fda6ba98abdce8d6f09f9555ebcf5 Mon Sep 17 00:00:00 2001
+From: Andre McCurdy <amccurdy@gmail.com>
+Date: Sat, 30 Apr 2016 15:29:06 -0700
+Subject: [PATCH] use <asm/sgidefs.h>
+
+Build fix for MIPS with musl libc
+
+The MIPS specific header <sgidefs.h> is provided by glibc and uclibc
+but not by musl. Regardless of the libc, the kernel headers provide
+<asm/sgidefs.h> which provides the same definitions, so use that
+instead.
+
+Upstream-Status: Pending
+
+[Vincent:
+Taken from: https://sourceware.org/bugzilla/show_bug.cgi?id=21070]
+
+Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
+---
+ gdb/mips-linux-nat.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gdb/mips-linux-nat.c b/gdb/mips-linux-nat.c
+index f2df1b9907..d24664cb56 100644
+--- a/gdb/mips-linux-nat.c
++++ b/gdb/mips-linux-nat.c
+@@ -31,7 +31,7 @@
+ #include "gdb_proc_service.h"
+ #include "gregset.h"
+ 
+-#include <sgidefs.h>
++#include <asm/sgidefs.h>
+ #include "nat/gdb_ptrace.h"
+ #include <asm/ptrace.h>
+ #include "inf-ptrace.h"
+-- 
+2.13.1
+

package/gdb/7.12.1/0005-use-asm-sgidefs.h.patch

@@ -0,0 +1,40 @@
+From 12a0b8d81e1fda6ba98abdce8d6f09f9555ebcf5 Mon Sep 17 00:00:00 2001
+From: Andre McCurdy <amccurdy@gmail.com>
+Date: Sat, 30 Apr 2016 15:29:06 -0700
+Subject: [PATCH] use <asm/sgidefs.h>
+
+Build fix for MIPS with musl libc
+
+The MIPS specific header <sgidefs.h> is provided by glibc and uclibc
+but not by musl. Regardless of the libc, the kernel headers provide
+<asm/sgidefs.h> which provides the same definitions, so use that
+instead.
+
+Upstream-Status: Pending
+
+[Vincent:
+Taken from: https://sourceware.org/bugzilla/show_bug.cgi?id=21070]
+
+Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
+---
+ gdb/mips-linux-nat.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gdb/mips-linux-nat.c b/gdb/mips-linux-nat.c
+index f2df1b9907..d24664cb56 100644
+--- a/gdb/mips-linux-nat.c
++++ b/gdb/mips-linux-nat.c
+@@ -31,7 +31,7 @@
+ #include "gdb_proc_service.h"
+ #include "gregset.h"
+ 
+-#include <sgidefs.h>
++#include <asm/sgidefs.h>
+ #include "nat/gdb_ptrace.h"
+ #include <asm/ptrace.h>
+ #include "inf-ptrace.h"
+-- 
+2.13.1
+

package/gesftpserver/gesftpserver.hash

@@ -1,2 +1,2 @@
 # Locally calculated
-sha256	5f744c38df9bb82f5ab500858a0fb4767ac3ee2254301da03cbcf8e6c587cbf5	sftpserver-0.2.1.tar.gz
+sha256 8ac1938d0f62a05799b2aeab489d6ce098c3fe53280a9b66c0957b1fdcbcbab9  sftpserver-0.2.2.tar.gz

package/gesftpserver/gesftpserver.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-GESFTPSERVER_VERSION = 0.2.1
+GESFTPSERVER_VERSION = 0.2.2
 GESFTPSERVER_SOURCE = sftpserver-$(GESFTPSERVER_VERSION).tar.gz
 GESFTPSERVER_SITE = http://www.greenend.org.uk/rjk/sftpserver
 GESFTPSERVER_LICENSE = GPL-2.0+

package/glibc/2.23/0006-CVE-2017-1000366-Ignore-LD_LIBRARY_PATH-for-AT_SECUR.patch

@@ -0,0 +1,35 @@
+From f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 19 Jun 2017 17:09:55 +0200
+Subject: [PATCH] CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=1
+ programs [BZ #21624]
+
+LD_LIBRARY_PATH can only be used to reorder system search paths, which
+is not useful functionality.
+
+This makes an exploitable unbounded alloca in _dl_init_paths unreachable
+for AT_SECURE=1 programs.
+
+[Peter: Drop ChangeLog modification]
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ elf/rtld.c | 3 ++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/elf/rtld.c b/elf/rtld.c
+index 2446a87680..2269dbec81 100644
+--- a/elf/rtld.c
++++ b/elf/rtld.c
+@@ -2422,7 +2422,8 @@ process_envvars (enum mode *modep)
+ 
+ 	case 12:
+ 	  /* The library search path.  */
+-	  if (memcmp (envline, "LIBRARY_PATH", 12) == 0)
++	  if (!__libc_enable_secure
++	      && memcmp (envline, "LIBRARY_PATH", 12) == 0)
+ 	    {
+ 	      library_path = &envline[13];
+ 	      break;
+-- 
+2.11.0
+

package/glibc/2.23/0007-ld.so-Reject-overly-long-LD_PRELOAD-path-elements.patch

@@ -0,0 +1,122 @@
+From 6d0ba622891bed9d8394eef1935add53003b12e8 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 19 Jun 2017 22:31:04 +0200
+Subject: [PATCH] ld.so: Reject overly long LD_PRELOAD path elements
+
+[Peter: Drop ChangeLog modification]
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ elf/rtld.c | 82 ++++++++++++++++++++++++++++++++++++++++++++++++++------------
+ 1 file changed, 72 insertions(+), 16 deletions(-)
+
+diff --git a/elf/rtld.c b/elf/rtld.c
+index 2269dbec81..86ae20c83f 100644
+--- a/elf/rtld.c
++++ b/elf/rtld.c
+@@ -99,6 +99,35 @@ uintptr_t __pointer_chk_guard_local
+ strong_alias (__pointer_chk_guard_local, __pointer_chk_guard)
+ #endif
+ 
++/* Length limits for names and paths, to protect the dynamic linker,
++   particularly when __libc_enable_secure is active.  */
++#ifdef NAME_MAX
++# define SECURE_NAME_LIMIT NAME_MAX
++#else
++# define SECURE_NAME_LIMIT 255
++#endif
++#ifdef PATH_MAX
++# define SECURE_PATH_LIMIT PATH_MAX
++#else
++# define SECURE_PATH_LIMIT 1024
++#endif
++
++/* Check that AT_SECURE=0, or that the passed name does not contain
++   directories and is not overly long.  Reject empty names
++   unconditionally.  */
++static bool
++dso_name_valid_for_suid (const char *p)
++{
++  if (__glibc_unlikely (__libc_enable_secure))
++    {
++      /* Ignore pathnames with directories for AT_SECURE=1
++	 programs, and also skip overlong names.  */
++      size_t len = strlen (p);
++      if (len >= SECURE_NAME_LIMIT || memchr (p, '/', len) != NULL)
++	return false;
++    }
++  return *p != '\0';
++}
+ 
+ /* List of auditing DSOs.  */
+ static struct audit_list
+@@ -718,6 +747,42 @@ static const char *preloadlist attribute_relro;
+ /* Nonzero if information about versions has to be printed.  */
+ static int version_info attribute_relro;
+ 
++/* The LD_PRELOAD environment variable gives list of libraries
++   separated by white space or colons that are loaded before the
++   executable's dependencies and prepended to the global scope list.
++   (If the binary is running setuid all elements containing a '/' are
++   ignored since it is insecure.)  Return the number of preloads
++   performed.  */
++unsigned int
++handle_ld_preload (const char *preloadlist, struct link_map *main_map)
++{
++  unsigned int npreloads = 0;
++  const char *p = preloadlist;
++  char fname[SECURE_PATH_LIMIT];
++
++  while (*p != '\0')
++    {
++      /* Split preload list at space/colon.  */
++      size_t len = strcspn (p, " :");
++      if (len > 0 && len < sizeof (fname))
++	{
++	  memcpy (fname, p, len);
++	  fname[len] = '\0';
++	}
++      else
++	fname[0] = '\0';
++
++      /* Skip over the substring and the following delimiter.  */
++      p += len;
++      if (*p != '\0')
++	++p;
++
++      if (dso_name_valid_for_suid (fname))
++	npreloads += do_preload (fname, main_map, "LD_PRELOAD");
++    }
++  return npreloads;
++}
++
+ static void
+ dl_main (const ElfW(Phdr) *phdr,
+ 	 ElfW(Word) phnum,
+@@ -1464,23 +1529,8 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
+ 
+   if (__glibc_unlikely (preloadlist != NULL))
+     {
+-      /* The LD_PRELOAD environment variable gives list of libraries
+-	 separated by white space or colons that are loaded before the
+-	 executable's dependencies and prepended to the global scope
+-	 list.  If the binary is running setuid all elements
+-	 containing a '/' are ignored since it is insecure.  */
+-      char *list = strdupa (preloadlist);
+-      char *p;
+-
+       HP_TIMING_NOW (start);
+-
+-      /* Prevent optimizing strsep.  Speed is not important here.  */
+-      while ((p = (strsep) (&list, " :")) != NULL)
+-	if (p[0] != '\0'
+-	    && (__builtin_expect (! __libc_enable_secure, 1)
+-		|| strchr (p, '/') == NULL))
+-	  npreloads += do_preload (p, main_map, "LD_PRELOAD");
+-
++      npreloads += handle_ld_preload (preloadlist, main_map);
+       HP_TIMING_NOW (stop);
+       HP_TIMING_DIFF (diff, start, stop);
+       HP_TIMING_ACCUM_NT (load_time, diff);
+-- 
+2.11.0
+

package/glibc/2.23/0008-ld.so-Reject-overly-long-LD_AUDIT-path-elements.patch

@@ -0,0 +1,204 @@
+From 81b82fb966ffbd94353f793ad17116c6088dedd9 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 19 Jun 2017 22:32:12 +0200
+Subject: [PATCH] ld.so: Reject overly long LD_AUDIT path elements
+
+Also only process the last LD_AUDIT entry.
+
+[Peter: Drop ChangeLog modification]
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ elf/rtld.c | 110 ++++++++++++++++++++++++++++++++++++++++++++++++++++---------
+ 1 file changed, 105 insertions(+), 15 deletions(-)
+
+diff --git a/elf/rtld.c b/elf/rtld.c
+index 86ae20c83f..65647fb1c8 100644
+--- a/elf/rtld.c
++++ b/elf/rtld.c
+@@ -129,13 +129,91 @@ dso_name_valid_for_suid (const char *p)
+   return *p != '\0';
+ }
+ 
+-/* List of auditing DSOs.  */
++/* LD_AUDIT variable contents.  Must be processed before the
++   audit_list below.  */
++const char *audit_list_string;
++
++/* Cyclic list of auditing DSOs.  audit_list->next is the first
++   element.  */
+ static struct audit_list
+ {
+   const char *name;
+   struct audit_list *next;
+ } *audit_list;
+ 
++/* Iterator for audit_list_string followed by audit_list.  */
++struct audit_list_iter
++{
++  /* Tail of audit_list_string still needing processing, or NULL.  */
++  const char *audit_list_tail;
++
++  /* The list element returned in the previous iteration.  NULL before
++     the first element.  */
++  struct audit_list *previous;
++
++  /* Scratch buffer for returning a name which is part of
++     audit_list_string.  */
++  char fname[SECURE_NAME_LIMIT];
++};
++
++/* Initialize an audit list iterator.  */
++static void
++audit_list_iter_init (struct audit_list_iter *iter)
++{
++  iter->audit_list_tail = audit_list_string;
++  iter->previous = NULL;
++}
++
++/* Iterate through both audit_list_string and audit_list.  */
++static const char *
++audit_list_iter_next (struct audit_list_iter *iter)
++{
++  if (iter->audit_list_tail != NULL)
++    {
++      /* First iterate over audit_list_string.  */
++      while (*iter->audit_list_tail != '\0')
++	{
++	  /* Split audit list at colon.  */
++	  size_t len = strcspn (iter->audit_list_tail, ":");
++	  if (len > 0 && len < sizeof (iter->fname))
++	    {
++	      memcpy (iter->fname, iter->audit_list_tail, len);
++	      iter->fname[len] = '\0';
++	    }
++	  else
++	    /* Do not return this name to the caller.  */
++	    iter->fname[0] = '\0';
++
++	  /* Skip over the substring and the following delimiter.  */
++	  iter->audit_list_tail += len;
++	  if (*iter->audit_list_tail == ':')
++	    ++iter->audit_list_tail;
++
++	  /* If the name is valid, return it.  */
++	  if (dso_name_valid_for_suid (iter->fname))
++	    return iter->fname;
++	  /* Otherwise, wrap around and try the next name.  */
++	}
++      /* Fall through to the procesing of audit_list.  */
++    }
++
++  if (iter->previous == NULL)
++    {
++      if (audit_list == NULL)
++	/* No pre-parsed audit list.  */
++	return NULL;
++      /* Start of audit list.  The first list element is at
++	 audit_list->next (cyclic list).  */
++      iter->previous = audit_list->next;
++      return iter->previous->name;
++    }
++  if (iter->previous == audit_list)
++    /* Cyclic list wrap-around.  */
++    return NULL;
++  iter->previous = iter->previous->next;
++  return iter->previous->name;
++}
++
+ #ifndef HAVE_INLINED_SYSCALLS
+ /* Set nonzero during loading and initialization of executable and
+    libraries, cleared before the executable's entry point runs.  This
+@@ -1305,11 +1383,13 @@ of this helper program; chances are you did not intend to run this program.\n\
+     GL(dl_rtld_map).l_tls_modid = _dl_next_tls_modid ();
+ 
+   /* If we have auditing DSOs to load, do it now.  */
+-  if (__glibc_unlikely (audit_list != NULL))
++  bool need_security_init = true;
++  if (__glibc_unlikely (audit_list != NULL)
++      || __glibc_unlikely (audit_list_string != NULL))
+     {
+-      /* Iterate over all entries in the list.  The order is important.  */
+       struct audit_ifaces *last_audit = NULL;
+-      struct audit_list *al = audit_list->next;
++      struct audit_list_iter al_iter;
++      audit_list_iter_init (&al_iter);
+ 
+       /* Since we start using the auditing DSOs right away we need to
+ 	 initialize the data structures now.  */
+@@ -1320,9 +1400,14 @@ of this helper program; chances are you did not intend to run this program.\n\
+ 	 use different values (especially the pointer guard) and will
+ 	 fail later on.  */
+       security_init ();
++      need_security_init = false;
+ 
+-      do
++      while (true)
+ 	{
++	  const char *name = audit_list_iter_next (&al_iter);
++	  if (name == NULL)
++	    break;
++
+ 	  int tls_idx = GL(dl_tls_max_dtv_idx);
+ 
+ 	  /* Now it is time to determine the layout of the static TLS
+@@ -1331,7 +1416,7 @@ of this helper program; chances are you did not intend to run this program.\n\
+ 	     no DF_STATIC_TLS bit is set.  The reason is that we know
+ 	     glibc will use the static model.  */
+ 	  struct dlmopen_args dlmargs;
+-	  dlmargs.fname = al->name;
++	  dlmargs.fname = name;
+ 	  dlmargs.map = NULL;
+ 
+ 	  const char *objname;
+@@ -1344,7 +1429,7 @@ of this helper program; chances are you did not intend to run this program.\n\
+ 	    not_loaded:
+ 	      _dl_error_printf ("\
+ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
+-				al->name, err_str);
++				name, err_str);
+ 	      if (malloced)
+ 		free ((char *) err_str);
+ 	    }
+@@ -1448,10 +1533,7 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
+ 		  goto not_loaded;
+ 		}
+ 	    }
+-
+-	  al = al->next;
+ 	}
+-      while (al != audit_list->next);
+ 
+       /* If we have any auditing modules, announce that we already
+ 	 have two objects loaded.  */
+@@ -1715,7 +1797,7 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
+   if (tcbp == NULL)
+     tcbp = init_tls ();
+ 
+-  if (__glibc_likely (audit_list == NULL))
++  if (__glibc_likely (need_security_init))
+     /* Initialize security features.  But only if we have not done it
+        earlier.  */
+     security_init ();
+@@ -2346,9 +2428,7 @@ process_dl_audit (char *str)
+   char *p;
+ 
+   while ((p = (strsep) (&str, ":")) != NULL)
+-    if (p[0] != '\0'
+-	&& (__builtin_expect (! __libc_enable_secure, 1)
+-	    || strchr (p, '/') == NULL))
++    if (dso_name_valid_for_suid (p))
+       {
+ 	/* This is using the local malloc, not the system malloc.  The
+ 	   memory can never be freed.  */
+@@ -2412,7 +2492,7 @@ process_envvars (enum mode *modep)
+ 	      break;
+ 	    }
+ 	  if (memcmp (envline, "AUDIT", 5) == 0)
+-	    process_dl_audit (&envline[6]);
++	    audit_list_string = &envline[6];
+ 	  break;
+ 
+ 	case 7:
+-- 
+2.11.0
+

package/glibc/2.24/0002-CVE-2017-1000366-Ignore-LD_LIBRARY_PATH-for-AT_SECUR.patch

@@ -0,0 +1,35 @@
+From f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 19 Jun 2017 17:09:55 +0200
+Subject: [PATCH] CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=1
+ programs [BZ #21624]
+
+LD_LIBRARY_PATH can only be used to reorder system search paths, which
+is not useful functionality.
+
+This makes an exploitable unbounded alloca in _dl_init_paths unreachable
+for AT_SECURE=1 programs.
+
+[Peter: Drop ChangeLog modification]
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ elf/rtld.c | 3 ++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/elf/rtld.c b/elf/rtld.c
+index 2446a87680..2269dbec81 100644
+--- a/elf/rtld.c
++++ b/elf/rtld.c
+@@ -2422,7 +2422,8 @@ process_envvars (enum mode *modep)
+ 
+ 	case 12:
+ 	  /* The library search path.  */
+-	  if (memcmp (envline, "LIBRARY_PATH", 12) == 0)
++	  if (!__libc_enable_secure
++	      && memcmp (envline, "LIBRARY_PATH", 12) == 0)
+ 	    {
+ 	      library_path = &envline[13];
+ 	      break;
+-- 
+2.11.0
+

package/glibc/2.24/0003-ld.so-Reject-overly-long-LD_PRELOAD-path-elements.patch

@@ -0,0 +1,122 @@
+From 6d0ba622891bed9d8394eef1935add53003b12e8 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 19 Jun 2017 22:31:04 +0200
+Subject: [PATCH] ld.so: Reject overly long LD_PRELOAD path elements
+
+[Peter: Drop ChangeLog modification]
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ elf/rtld.c | 82 ++++++++++++++++++++++++++++++++++++++++++++++++++------------
+ 1 file changed, 72 insertions(+), 16 deletions(-)
+
+diff --git a/elf/rtld.c b/elf/rtld.c
+index 2269dbec81..86ae20c83f 100644
+--- a/elf/rtld.c
++++ b/elf/rtld.c
+@@ -99,6 +99,35 @@ uintptr_t __pointer_chk_guard_local
+ strong_alias (__pointer_chk_guard_local, __pointer_chk_guard)
+ #endif
+ 
++/* Length limits for names and paths, to protect the dynamic linker,
++   particularly when __libc_enable_secure is active.  */
++#ifdef NAME_MAX
++# define SECURE_NAME_LIMIT NAME_MAX
++#else
++# define SECURE_NAME_LIMIT 255
++#endif
++#ifdef PATH_MAX
++# define SECURE_PATH_LIMIT PATH_MAX
++#else
++# define SECURE_PATH_LIMIT 1024
++#endif
++
++/* Check that AT_SECURE=0, or that the passed name does not contain
++   directories and is not overly long.  Reject empty names
++   unconditionally.  */
++static bool
++dso_name_valid_for_suid (const char *p)
++{
++  if (__glibc_unlikely (__libc_enable_secure))
++    {
++      /* Ignore pathnames with directories for AT_SECURE=1
++	 programs, and also skip overlong names.  */
++      size_t len = strlen (p);
++      if (len >= SECURE_NAME_LIMIT || memchr (p, '/', len) != NULL)
++	return false;
++    }
++  return *p != '\0';
++}
+ 
+ /* List of auditing DSOs.  */
+ static struct audit_list
+@@ -718,6 +747,42 @@ static const char *preloadlist attribute_relro;
+ /* Nonzero if information about versions has to be printed.  */
+ static int version_info attribute_relro;
+ 
++/* The LD_PRELOAD environment variable gives list of libraries
++   separated by white space or colons that are loaded before the
++   executable's dependencies and prepended to the global scope list.
++   (If the binary is running setuid all elements containing a '/' are
++   ignored since it is insecure.)  Return the number of preloads
++   performed.  */
++unsigned int
++handle_ld_preload (const char *preloadlist, struct link_map *main_map)
++{
++  unsigned int npreloads = 0;
++  const char *p = preloadlist;
++  char fname[SECURE_PATH_LIMIT];
++
++  while (*p != '\0')
++    {
++      /* Split preload list at space/colon.  */
++      size_t len = strcspn (p, " :");
++      if (len > 0 && len < sizeof (fname))
++	{
++	  memcpy (fname, p, len);
++	  fname[len] = '\0';
++	}
++      else
++	fname[0] = '\0';
++
++      /* Skip over the substring and the following delimiter.  */
++      p += len;
++      if (*p != '\0')
++	++p;
++
++      if (dso_name_valid_for_suid (fname))
++	npreloads += do_preload (fname, main_map, "LD_PRELOAD");
++    }
++  return npreloads;
++}
++
+ static void
+ dl_main (const ElfW(Phdr) *phdr,
+ 	 ElfW(Word) phnum,
+@@ -1464,23 +1529,8 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
+ 
+   if (__glibc_unlikely (preloadlist != NULL))
+     {
+-      /* The LD_PRELOAD environment variable gives list of libraries
+-	 separated by white space or colons that are loaded before the
+-	 executable's dependencies and prepended to the global scope
+-	 list.  If the binary is running setuid all elements
+-	 containing a '/' are ignored since it is insecure.  */
+-      char *list = strdupa (preloadlist);
+-      char *p;
+-
+       HP_TIMING_NOW (start);
+-
+-      /* Prevent optimizing strsep.  Speed is not important here.  */
+-      while ((p = (strsep) (&list, " :")) != NULL)
+-	if (p[0] != '\0'
+-	    && (__builtin_expect (! __libc_enable_secure, 1)
+-		|| strchr (p, '/') == NULL))
+-	  npreloads += do_preload (p, main_map, "LD_PRELOAD");
+-
++      npreloads += handle_ld_preload (preloadlist, main_map);
+       HP_TIMING_NOW (stop);
+       HP_TIMING_DIFF (diff, start, stop);
+       HP_TIMING_ACCUM_NT (load_time, diff);
+-- 
+2.11.0
+

package/glibc/2.24/0004-ld.so-Reject-overly-long-LD_AUDIT-path-elements.patch

@@ -0,0 +1,204 @@
+From 81b82fb966ffbd94353f793ad17116c6088dedd9 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 19 Jun 2017 22:32:12 +0200
+Subject: [PATCH] ld.so: Reject overly long LD_AUDIT path elements
+
+Also only process the last LD_AUDIT entry.
+
+[Peter: Drop ChangeLog modification]
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ elf/rtld.c | 110 ++++++++++++++++++++++++++++++++++++++++++++++++++++---------
+ 1 file changed, 105 insertions(+), 15 deletions(-)
+
+diff --git a/elf/rtld.c b/elf/rtld.c
+index 86ae20c83f..65647fb1c8 100644
+--- a/elf/rtld.c
++++ b/elf/rtld.c
+@@ -129,13 +129,91 @@ dso_name_valid_for_suid (const char *p)
+   return *p != '\0';
+ }
+ 
+-/* List of auditing DSOs.  */
++/* LD_AUDIT variable contents.  Must be processed before the
++   audit_list below.  */
++const char *audit_list_string;
++
++/* Cyclic list of auditing DSOs.  audit_list->next is the first
++   element.  */
+ static struct audit_list
+ {
+   const char *name;
+   struct audit_list *next;
+ } *audit_list;
+ 
++/* Iterator for audit_list_string followed by audit_list.  */
++struct audit_list_iter
++{
++  /* Tail of audit_list_string still needing processing, or NULL.  */
++  const char *audit_list_tail;
++
++  /* The list element returned in the previous iteration.  NULL before
++     the first element.  */
++  struct audit_list *previous;
++
++  /* Scratch buffer for returning a name which is part of
++     audit_list_string.  */
++  char fname[SECURE_NAME_LIMIT];
++};
++
++/* Initialize an audit list iterator.  */
++static void
++audit_list_iter_init (struct audit_list_iter *iter)
++{
++  iter->audit_list_tail = audit_list_string;
++  iter->previous = NULL;
++}
++
++/* Iterate through both audit_list_string and audit_list.  */
++static const char *
++audit_list_iter_next (struct audit_list_iter *iter)
++{
++  if (iter->audit_list_tail != NULL)
++    {
++      /* First iterate over audit_list_string.  */
++      while (*iter->audit_list_tail != '\0')
++	{
++	  /* Split audit list at colon.  */
++	  size_t len = strcspn (iter->audit_list_tail, ":");
++	  if (len > 0 && len < sizeof (iter->fname))
++	    {
++	      memcpy (iter->fname, iter->audit_list_tail, len);
++	      iter->fname[len] = '\0';
++	    }
++	  else
++	    /* Do not return this name to the caller.  */
++	    iter->fname[0] = '\0';
++
++	  /* Skip over the substring and the following delimiter.  */
++	  iter->audit_list_tail += len;
++	  if (*iter->audit_list_tail == ':')
++	    ++iter->audit_list_tail;
++
++	  /* If the name is valid, return it.  */
++	  if (dso_name_valid_for_suid (iter->fname))
++	    return iter->fname;
++	  /* Otherwise, wrap around and try the next name.  */
++	}
++      /* Fall through to the procesing of audit_list.  */
++    }
++
++  if (iter->previous == NULL)
++    {
++      if (audit_list == NULL)
++	/* No pre-parsed audit list.  */
++	return NULL;
++      /* Start of audit list.  The first list element is at
++	 audit_list->next (cyclic list).  */
++      iter->previous = audit_list->next;
++      return iter->previous->name;
++    }
++  if (iter->previous == audit_list)
++    /* Cyclic list wrap-around.  */
++    return NULL;
++  iter->previous = iter->previous->next;
++  return iter->previous->name;
++}
++
+ #ifndef HAVE_INLINED_SYSCALLS
+ /* Set nonzero during loading and initialization of executable and
+    libraries, cleared before the executable's entry point runs.  This
+@@ -1305,11 +1383,13 @@ of this helper program; chances are you did not intend to run this program.\n\
+     GL(dl_rtld_map).l_tls_modid = _dl_next_tls_modid ();
+ 
+   /* If we have auditing DSOs to load, do it now.  */
+-  if (__glibc_unlikely (audit_list != NULL))
++  bool need_security_init = true;
++  if (__glibc_unlikely (audit_list != NULL)
++      || __glibc_unlikely (audit_list_string != NULL))
+     {
+-      /* Iterate over all entries in the list.  The order is important.  */
+       struct audit_ifaces *last_audit = NULL;
+-      struct audit_list *al = audit_list->next;
++      struct audit_list_iter al_iter;
++      audit_list_iter_init (&al_iter);
+ 
+       /* Since we start using the auditing DSOs right away we need to
+ 	 initialize the data structures now.  */
+@@ -1320,9 +1400,14 @@ of this helper program; chances are you did not intend to run this program.\n\
+ 	 use different values (especially the pointer guard) and will
+ 	 fail later on.  */
+       security_init ();
++      need_security_init = false;
+ 
+-      do
++      while (true)
+ 	{
++	  const char *name = audit_list_iter_next (&al_iter);
++	  if (name == NULL)
++	    break;
++
+ 	  int tls_idx = GL(dl_tls_max_dtv_idx);
+ 
+ 	  /* Now it is time to determine the layout of the static TLS
+@@ -1331,7 +1416,7 @@ of this helper program; chances are you did not intend to run this program.\n\
+ 	     no DF_STATIC_TLS bit is set.  The reason is that we know
+ 	     glibc will use the static model.  */
+ 	  struct dlmopen_args dlmargs;
+-	  dlmargs.fname = al->name;
++	  dlmargs.fname = name;
+ 	  dlmargs.map = NULL;
+ 
+ 	  const char *objname;
+@@ -1344,7 +1429,7 @@ of this helper program; chances are you did not intend to run this program.\n\
+ 	    not_loaded:
+ 	      _dl_error_printf ("\
+ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
+-				al->name, err_str);
++				name, err_str);
+ 	      if (malloced)
+ 		free ((char *) err_str);
+ 	    }
+@@ -1448,10 +1533,7 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
+ 		  goto not_loaded;
+ 		}
+ 	    }
+-
+-	  al = al->next;
+ 	}
+-      while (al != audit_list->next);
+ 
+       /* If we have any auditing modules, announce that we already
+ 	 have two objects loaded.  */
+@@ -1715,7 +1797,7 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
+   if (tcbp == NULL)
+     tcbp = init_tls ();
+ 
+-  if (__glibc_likely (audit_list == NULL))
++  if (__glibc_likely (need_security_init))
+     /* Initialize security features.  But only if we have not done it
+        earlier.  */
+     security_init ();
+@@ -2346,9 +2428,7 @@ process_dl_audit (char *str)
+   char *p;
+ 
+   while ((p = (strsep) (&str, ":")) != NULL)
+-    if (p[0] != '\0'
+-	&& (__builtin_expect (! __libc_enable_secure, 1)
+-	    || strchr (p, '/') == NULL))
++    if (dso_name_valid_for_suid (p))
+       {
+ 	/* This is using the local malloc, not the system malloc.  The
+ 	   memory can never be freed.  */
+@@ -2412,7 +2492,7 @@ process_envvars (enum mode *modep)
+ 	      break;
+ 	    }
+ 	  if (memcmp (envline, "AUDIT", 5) == 0)
+-	    process_dl_audit (&envline[6]);
++	    audit_list_string = &envline[6];
+ 	  break;
+ 
+ 	case 7:
+-- 
+2.11.0
+

package/glibc/2.25/0002-CVE-2017-1000366-Ignore-LD_LIBRARY_PATH-for-AT_SECUR.patch

@@ -0,0 +1,35 @@
+From f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 19 Jun 2017 17:09:55 +0200
+Subject: [PATCH] CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=1
+ programs [BZ #21624]
+
+LD_LIBRARY_PATH can only be used to reorder system search paths, which
+is not useful functionality.
+
+This makes an exploitable unbounded alloca in _dl_init_paths unreachable
+for AT_SECURE=1 programs.
+
+[Peter: Drop ChangeLog modification]
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ elf/rtld.c | 3 ++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/elf/rtld.c b/elf/rtld.c
+index 2446a87680..2269dbec81 100644
+--- a/elf/rtld.c
++++ b/elf/rtld.c
+@@ -2422,7 +2422,8 @@ process_envvars (enum mode *modep)
+ 
+ 	case 12:
+ 	  /* The library search path.  */
+-	  if (memcmp (envline, "LIBRARY_PATH", 12) == 0)
++	  if (!__libc_enable_secure
++	      && memcmp (envline, "LIBRARY_PATH", 12) == 0)
+ 	    {
+ 	      library_path = &envline[13];
+ 	      break;
+-- 
+2.11.0
+

package/glibc/2.25/0003-ld.so-Reject-overly-long-LD_PRELOAD-path-elements.patch

@@ -0,0 +1,122 @@
+From 6d0ba622891bed9d8394eef1935add53003b12e8 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 19 Jun 2017 22:31:04 +0200
+Subject: [PATCH] ld.so: Reject overly long LD_PRELOAD path elements
+
+[Peter: Drop ChangeLog modification]
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ elf/rtld.c | 82 ++++++++++++++++++++++++++++++++++++++++++++++++++------------
+ 1 file changed, 72 insertions(+), 16 deletions(-)
+
+diff --git a/elf/rtld.c b/elf/rtld.c
+index 2269dbec81..86ae20c83f 100644
+--- a/elf/rtld.c
++++ b/elf/rtld.c
+@@ -99,6 +99,35 @@ uintptr_t __pointer_chk_guard_local
+ strong_alias (__pointer_chk_guard_local, __pointer_chk_guard)
+ #endif
+ 
++/* Length limits for names and paths, to protect the dynamic linker,
++   particularly when __libc_enable_secure is active.  */
++#ifdef NAME_MAX
++# define SECURE_NAME_LIMIT NAME_MAX
++#else
++# define SECURE_NAME_LIMIT 255
++#endif
++#ifdef PATH_MAX
++# define SECURE_PATH_LIMIT PATH_MAX
++#else
++# define SECURE_PATH_LIMIT 1024
++#endif
++
++/* Check that AT_SECURE=0, or that the passed name does not contain
++   directories and is not overly long.  Reject empty names
++   unconditionally.  */
++static bool
++dso_name_valid_for_suid (const char *p)
++{
++  if (__glibc_unlikely (__libc_enable_secure))
++    {
++      /* Ignore pathnames with directories for AT_SECURE=1
++	 programs, and also skip overlong names.  */
++      size_t len = strlen (p);
++      if (len >= SECURE_NAME_LIMIT || memchr (p, '/', len) != NULL)
++	return false;
++    }
++  return *p != '\0';
++}
+ 
+ /* List of auditing DSOs.  */
+ static struct audit_list
+@@ -718,6 +747,42 @@ static const char *preloadlist attribute_relro;
+ /* Nonzero if information about versions has to be printed.  */
+ static int version_info attribute_relro;
+ 
++/* The LD_PRELOAD environment variable gives list of libraries
++   separated by white space or colons that are loaded before the
++   executable's dependencies and prepended to the global scope list.
++   (If the binary is running setuid all elements containing a '/' are
++   ignored since it is insecure.)  Return the number of preloads
++   performed.  */
++unsigned int
++handle_ld_preload (const char *preloadlist, struct link_map *main_map)
++{
++  unsigned int npreloads = 0;
++  const char *p = preloadlist;
++  char fname[SECURE_PATH_LIMIT];
++
++  while (*p != '\0')
++    {
++      /* Split preload list at space/colon.  */
++      size_t len = strcspn (p, " :");
++      if (len > 0 && len < sizeof (fname))
++	{
++	  memcpy (fname, p, len);
++	  fname[len] = '\0';
++	}
++      else
++	fname[0] = '\0';
++
++      /* Skip over the substring and the following delimiter.  */
++      p += len;
++      if (*p != '\0')
++	++p;
++
++      if (dso_name_valid_for_suid (fname))
++	npreloads += do_preload (fname, main_map, "LD_PRELOAD");
++    }
++  return npreloads;
++}
++
+ static void
+ dl_main (const ElfW(Phdr) *phdr,
+ 	 ElfW(Word) phnum,
+@@ -1464,23 +1529,8 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
+ 
+   if (__glibc_unlikely (preloadlist != NULL))
+     {
+-      /* The LD_PRELOAD environment variable gives list of libraries
+-	 separated by white space or colons that are loaded before the
+-	 executable's dependencies and prepended to the global scope
+-	 list.  If the binary is running setuid all elements
+-	 containing a '/' are ignored since it is insecure.  */
+-      char *list = strdupa (preloadlist);
+-      char *p;
+-
+       HP_TIMING_NOW (start);
+-
+-      /* Prevent optimizing strsep.  Speed is not important here.  */
+-      while ((p = (strsep) (&list, " :")) != NULL)
+-	if (p[0] != '\0'
+-	    && (__builtin_expect (! __libc_enable_secure, 1)
+-		|| strchr (p, '/') == NULL))
+-	  npreloads += do_preload (p, main_map, "LD_PRELOAD");
+-
++      npreloads += handle_ld_preload (preloadlist, main_map);
+       HP_TIMING_NOW (stop);
+       HP_TIMING_DIFF (diff, start, stop);
+       HP_TIMING_ACCUM_NT (load_time, diff);
+-- 
+2.11.0
+

package/glibc/2.25/0004-ld.so-Reject-overly-long-LD_AUDIT-path-elements.patch

@@ -0,0 +1,204 @@
+From 81b82fb966ffbd94353f793ad17116c6088dedd9 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 19 Jun 2017 22:32:12 +0200
+Subject: [PATCH] ld.so: Reject overly long LD_AUDIT path elements
+
+Also only process the last LD_AUDIT entry.
+
+[Peter: Drop ChangeLog modification]
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ elf/rtld.c | 110 ++++++++++++++++++++++++++++++++++++++++++++++++++++---------
+ 1 file changed, 105 insertions(+), 15 deletions(-)
+
+diff --git a/elf/rtld.c b/elf/rtld.c
+index 86ae20c83f..65647fb1c8 100644
+--- a/elf/rtld.c
++++ b/elf/rtld.c
+@@ -129,13 +129,91 @@ dso_name_valid_for_suid (const char *p)
+   return *p != '\0';
+ }
+ 
+-/* List of auditing DSOs.  */
++/* LD_AUDIT variable contents.  Must be processed before the
++   audit_list below.  */
++const char *audit_list_string;
++
++/* Cyclic list of auditing DSOs.  audit_list->next is the first
++   element.  */
+ static struct audit_list
+ {
+   const char *name;
+   struct audit_list *next;
+ } *audit_list;
+ 
++/* Iterator for audit_list_string followed by audit_list.  */
++struct audit_list_iter
++{
++  /* Tail of audit_list_string still needing processing, or NULL.  */
++  const char *audit_list_tail;
++
++  /* The list element returned in the previous iteration.  NULL before
++     the first element.  */
++  struct audit_list *previous;
++
++  /* Scratch buffer for returning a name which is part of
++     audit_list_string.  */
++  char fname[SECURE_NAME_LIMIT];
++};
++
++/* Initialize an audit list iterator.  */
++static void
++audit_list_iter_init (struct audit_list_iter *iter)
++{
++  iter->audit_list_tail = audit_list_string;
++  iter->previous = NULL;
++}
++
++/* Iterate through both audit_list_string and audit_list.  */
++static const char *
++audit_list_iter_next (struct audit_list_iter *iter)
++{
++  if (iter->audit_list_tail != NULL)
++    {
++      /* First iterate over audit_list_string.  */
++      while (*iter->audit_list_tail != '\0')
++	{
++	  /* Split audit list at colon.  */
++	  size_t len = strcspn (iter->audit_list_tail, ":");
++	  if (len > 0 && len < sizeof (iter->fname))
++	    {
++	      memcpy (iter->fname, iter->audit_list_tail, len);
++	      iter->fname[len] = '\0';
++	    }
++	  else
++	    /* Do not return this name to the caller.  */
++	    iter->fname[0] = '\0';
++
++	  /* Skip over the substring and the following delimiter.  */
++	  iter->audit_list_tail += len;
++	  if (*iter->audit_list_tail == ':')
++	    ++iter->audit_list_tail;
++
++	  /* If the name is valid, return it.  */
++	  if (dso_name_valid_for_suid (iter->fname))
++	    return iter->fname;
++	  /* Otherwise, wrap around and try the next name.  */
++	}
++      /* Fall through to the procesing of audit_list.  */
++    }
++
++  if (iter->previous == NULL)
++    {
++      if (audit_list == NULL)
++	/* No pre-parsed audit list.  */
++	return NULL;
++      /* Start of audit list.  The first list element is at
++	 audit_list->next (cyclic list).  */
++      iter->previous = audit_list->next;
++      return iter->previous->name;
++    }
++  if (iter->previous == audit_list)
++    /* Cyclic list wrap-around.  */
++    return NULL;
++  iter->previous = iter->previous->next;
++  return iter->previous->name;
++}
++
+ #ifndef HAVE_INLINED_SYSCALLS
+ /* Set nonzero during loading and initialization of executable and
+    libraries, cleared before the executable's entry point runs.  This
+@@ -1305,11 +1383,13 @@ of this helper program; chances are you did not intend to run this program.\n\
+     GL(dl_rtld_map).l_tls_modid = _dl_next_tls_modid ();
+ 
+   /* If we have auditing DSOs to load, do it now.  */
+-  if (__glibc_unlikely (audit_list != NULL))
++  bool need_security_init = true;
++  if (__glibc_unlikely (audit_list != NULL)
++      || __glibc_unlikely (audit_list_string != NULL))
+     {
+-      /* Iterate over all entries in the list.  The order is important.  */
+       struct audit_ifaces *last_audit = NULL;
+-      struct audit_list *al = audit_list->next;
++      struct audit_list_iter al_iter;
++      audit_list_iter_init (&al_iter);
+ 
+       /* Since we start using the auditing DSOs right away we need to
+ 	 initialize the data structures now.  */
+@@ -1320,9 +1400,14 @@ of this helper program; chances are you did not intend to run this program.\n\
+ 	 use different values (especially the pointer guard) and will
+ 	 fail later on.  */
+       security_init ();
++      need_security_init = false;
+ 
+-      do
++      while (true)
+ 	{
++	  const char *name = audit_list_iter_next (&al_iter);
++	  if (name == NULL)
++	    break;
++
+ 	  int tls_idx = GL(dl_tls_max_dtv_idx);
+ 
+ 	  /* Now it is time to determine the layout of the static TLS
+@@ -1331,7 +1416,7 @@ of this helper program; chances are you did not intend to run this program.\n\
+ 	     no DF_STATIC_TLS bit is set.  The reason is that we know
+ 	     glibc will use the static model.  */
+ 	  struct dlmopen_args dlmargs;
+-	  dlmargs.fname = al->name;
++	  dlmargs.fname = name;
+ 	  dlmargs.map = NULL;
+ 
+ 	  const char *objname;
+@@ -1344,7 +1429,7 @@ of this helper program; chances are you did not intend to run this program.\n\
+ 	    not_loaded:
+ 	      _dl_error_printf ("\
+ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
+-				al->name, err_str);
++				name, err_str);
+ 	      if (malloced)
+ 		free ((char *) err_str);
+ 	    }
+@@ -1448,10 +1533,7 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
+ 		  goto not_loaded;
+ 		}
+ 	    }
+-
+-	  al = al->next;
+ 	}
+-      while (al != audit_list->next);
+ 
+       /* If we have any auditing modules, announce that we already
+ 	 have two objects loaded.  */
+@@ -1715,7 +1797,7 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
+   if (tcbp == NULL)
+     tcbp = init_tls ();
+ 
+-  if (__glibc_likely (audit_list == NULL))
++  if (__glibc_likely (need_security_init))
+     /* Initialize security features.  But only if we have not done it
+        earlier.  */
+     security_init ();
+@@ -2346,9 +2428,7 @@ process_dl_audit (char *str)
+   char *p;
+ 
+   while ((p = (strsep) (&str, ":")) != NULL)
+-    if (p[0] != '\0'
+-	&& (__builtin_expect (! __libc_enable_secure, 1)
+-	    || strchr (p, '/') == NULL))
++    if (dso_name_valid_for_suid (p))
+       {
+ 	/* This is using the local malloc, not the system malloc.  The
+ 	   memory can never be freed.  */
+@@ -2412,7 +2492,7 @@ process_envvars (enum mode *modep)
+ 	      break;
+ 	    }
+ 	  if (memcmp (envline, "AUDIT", 5) == 0)
+-	    process_dl_audit (&envline[6]);
++	    audit_list_string = &envline[6];
+ 	  break;
+ 
+ 	case 7:
+-- 
+2.11.0
+

package/glmark2/0002-NativeStateDRM-use-fixed-event-context-version.patch

@@ -0,0 +1,28 @@
+From: Lucas Stach <l.stach@pengutronix.de>
+Date: Wed, 31 May 2017 13:01:00 +0200
+Subject: [PATCH] NativeStateDRM: use fixed event context version
+
+Using the latest version is not a good idea, as the context content may
+change between versions.
+
+Fixes a segfault with new kernel and libdrm.
+
+Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
+Signed-off-by: Fabio Estevam <festevam@gmail.com>
+---
+ src/native-state-drm.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/native-state-drm.cpp b/src/native-state-drm.cpp
+index 454a24d898ff..b9af996667dc 100644
+--- a/src/native-state-drm.cpp
++++ b/src/native-state-drm.cpp
+@@ -106,7 +106,7 @@ NativeStateDRM::flip()
+     FD_ZERO(&fds);
+     FD_SET(fd_, &fds);
+     drmEventContext evCtx;
+-    evCtx.version = DRM_EVENT_CONTEXT_VERSION;
++    evCtx.version = 2;
+     evCtx.page_flip_handler = page_flip_handler;
+ 
+     while (waiting) {

package/gnutls/gnutls.hash

@@ -1,2 +1,2 @@
 # Locally calculated after checking pgp signature
-sha256	63cb39a5eaa029381df2e49a74cfb7be89fc4a592445191818ffe1e66bde57cb	gnutls-3.5.12.tar.xz
+sha256	79f5480ad198dad5bc78e075f4a40c4a315a1b2072666919d2d05a08aec13096	gnutls-3.5.13.tar.xz

package/gnutls/gnutls.mk

@@ -5,9 +5,9 @@
 ################################################################################
 
 GNUTLS_VERSION_MAJOR = 3.5
-GNUTLS_VERSION = $(GNUTLS_VERSION_MAJOR).12
+GNUTLS_VERSION = $(GNUTLS_VERSION_MAJOR).13
 GNUTLS_SOURCE = gnutls-$(GNUTLS_VERSION).tar.xz
-GNUTLS_SITE = ftp://ftp.gnutls.org/gcrypt/gnutls/v$(GNUTLS_VERSION_MAJOR)
+GNUTLS_SITE = https://www.gnupg.org/ftp/gcrypt/gnutls/v$(GNUTLS_VERSION_MAJOR)
 GNUTLS_LICENSE = LGPL-2.1+ (core library), GPL-3.0+ (gnutls-openssl library)
 GNUTLS_LICENSE_FILES = doc/COPYING doc/COPYING.LESSER
 GNUTLS_DEPENDENCIES = host-pkgconf libunistring libtasn1 nettle pcre

package/gstreamer1/gst1-plugins-bad/Config.in

@@ -698,8 +698,8 @@ config BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_WEBP
 	help
 	  Webp image format plugin
 
-config BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_WEBRTC
-	bool "webrtc"
+config BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_WEBRTCDSP
+	bool "webrtcdsp"
 	# All depends from webrtc-audio-processing
 	depends on BR2_PACKAGE_WEBRTC_AUDIO_PROCESSING_ARCH_SUPPORTS
 	depends on BR2_INSTALL_LIBSTDCPP
@@ -710,7 +710,7 @@ config BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_WEBRTC
 	help
 	  WebRTC echo-cancellation, gain control and noise suppression
 
-comment "webrtc needs a toolchain w/ C++, NPTL, gcc >= 4.8"
+comment "webrtcdsp needs a toolchain w/ C++, NPTL, gcc >= 4.8"
 	depends on BR2_PACKAGE_WEBRTC_AUDIO_PROCESSING_ARCH_SUPPORTS
 	depends on !BR2_INSTALL_LIBSTDCPP || !BR2_TOOLCHAIN_HAS_THREADS_NPTL \
 		|| !BR2_TOOLCHAIN_GCC_AT_LEAST_4_8

package/gstreamer1/gst1-plugins-bad/gst1-plugins-bad.mk

@@ -813,11 +813,11 @@ else
 GST1_PLUGINS_BAD_CONF_OPTS += --disable-webp
 endif
 
-ifeq ($(BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_WEBRTC),y)
-GST1_PLUGINS_BAD_CONF_OPTS += --enable-webrtc
+ifeq ($(BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_WEBRTCDSP),y)
+GST1_PLUGINS_BAD_CONF_OPTS += --enable-webrtcdsp
 GST1_PLUGINS_BAD_DEPENDENCIES += webrtc-audio-processing
 else
-GST1_PLUGINS_BAD_CONF_OPTS += --disable-webrtc
+GST1_PLUGINS_BAD_CONF_OPTS += --disable-webrtcdsp
 endif
 
 ifeq ($(BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_X265),y)

package/imagemagick/0001-https-github.com-ImageMagick-ImageMagick-issues-415.patch

@@ -1,52 +0,0 @@
-From b218117cad34d39b9ffb587b45c71c5a49b12bde Mon Sep 17 00:00:00 2001
-From: Cristy <urban-warrior@imagemagick.org>
-Date: Fri, 31 Mar 2017 15:24:33 -0400
-Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/415
-
-Fixes CVE-2017-7606
-
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
----
- coders/pnm.c | 2 +-
- coders/rle.c | 5 +++--
- 2 files changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/coders/pnm.c b/coders/pnm.c
-index 9a1221d79..c525ebb8f 100644
---- a/coders/pnm.c
-+++ b/coders/pnm.c
-@@ -1979,7 +1979,7 @@ static MagickBooleanType WritePNMImage(const ImageInfo *image_info,Image *image,
-                           pixel=ScaleQuantumToChar(GetPixelRed(image,p));
-                         else
-                           pixel=ScaleQuantumToAny(GetPixelRed(image,p),
--                          max_value);
-+                            max_value);
-                       }
-                     q=PopCharPixel((unsigned char) pixel,q);
-                     p+=GetPixelChannels(image);
-diff --git a/coders/rle.c b/coders/rle.c
-index 2318901ec..ec071dc7b 100644
---- a/coders/rle.c
-+++ b/coders/rle.c
-@@ -271,7 +271,8 @@ static Image *ReadRLEImage(const ImageInfo *image_info,ExceptionInfo *exception)
-         p=colormap;
-         for (i=0; i < (ssize_t) number_colormaps; i++)
-           for (x=0; x < (ssize_t) map_length; x++)
--            *p++=(unsigned char) ScaleShortToQuantum(ReadBlobLSBShort(image));
-+            *p++=(unsigned char) ScaleQuantumToChar(ScaleShortToQuantum(
-+              ReadBlobLSBShort(image)));
-       }
-     if ((flags & 0x08) != 0)
-       {
-@@ -476,7 +477,7 @@ static Image *ReadRLEImage(const ImageInfo *image_info,ExceptionInfo *exception)
-               for (x=0; x < (ssize_t) number_planes; x++)
-               {
-                 ValidateColormapValue(image,(size_t) (x*map_length+
--                    (*p & mask)),&index,exception);
-+                  (*p & mask)),&index,exception);
-                 *p=colormap[(ssize_t) index];
-                 p++;
-               }
--- 
-2.11.0
-

package/imagemagick/imagemagick.hash

@@ -1,2 +1,2 @@
 # From http://www.imagemagick.org/download/releases/digest.rdf
-sha256 4a1dde5bdfec0fc549955a051be25b7ff96dfb192060997699e43c7ce0f06ab2  ImageMagick-7.0.5-4.tar.xz
+sha256 0058fcde533986334458a5c99600b1b9633182dd9562cbad4ba618c5ccf2a28f  ImageMagick-7.0.5-10.tar.xz

package/imagemagick/imagemagick.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-IMAGEMAGICK_VERSION = 7.0.5-4
+IMAGEMAGICK_VERSION = 7.0.5-10
 IMAGEMAGICK_SOURCE = ImageMagick-$(IMAGEMAGICK_VERSION).tar.xz
 IMAGEMAGICK_SITE = http://www.imagemagick.org/download/releases
 IMAGEMAGICK_LICENSE = Apache-2.0

package/intltool/0001-perl-5.26-compatibility.patch

@@ -0,0 +1,55 @@
+Fix regex errors thrown by Perl 5.26:
+
+Unescaped left brace in regex is illegal here in regex; marked by <-- HERE in m/^(.*)\${ <-- HERE ?([A-Z_]+)}?(.*)$/ at $BUILDROOT/host/usr/bin/intltool-update line 1065.
+
+Fetched from:
+https://github.com/Alexpux/MSYS2-packages/blob/master/intltool/perl-5.22-compatibility.patch
+
+Reported upstream:
+https://bugs.launchpad.net/intltool/+bug/1696658
+
+Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
+
+--- intltool-0.51.0.orig/intltool-update.in	2015-03-09 02:39:54.000000000 +0100
++++ intltool-0.51.0.orig/intltool-update.in	2015-06-19 01:52:07.171228154 +0200
+@@ -1062,7 +1062,7 @@ 
+ 	}
+     }
+ 
+-    if ($str =~ /^(.*)\${?([A-Z_]+)}?(.*)$/)
++    if ($str =~ /^(.*)\$\{?([A-Z_]+)}?(.*)$/)
+     {
+ 	my $rest = $3;
+ 	my $untouched = $1;
+@@ -1190,10 +1190,10 @@ 
+ 	$name    =~ s/\(+$//g;
+ 	$version =~ s/\(+$//g;
+ 
+-	$varhash{"PACKAGE_NAME"} = $name if (not $name =~ /\${?AC_PACKAGE_NAME}?/);
+-	$varhash{"PACKAGE"} = $name if (not $name =~ /\${?PACKAGE}?/);
+-	$varhash{"PACKAGE_VERSION"} = $version if (not $name =~ /\${?AC_PACKAGE_VERSION}?/);
+-	$varhash{"VERSION"} = $version if (not $name =~ /\${?VERSION}?/);
++	$varhash{"PACKAGE_NAME"} = $name if (not $name =~ /\$\{?AC_PACKAGE_NAME}?/);
++	$varhash{"PACKAGE"} = $name if (not $name =~ /\$\{?PACKAGE}?/);
++	$varhash{"PACKAGE_VERSION"} = $version if (not $name =~ /\$\{?AC_PACKAGE_VERSION}?/);
++	$varhash{"VERSION"} = $version if (not $name =~ /\$\{?VERSION}?/);
+     }
+ 
+     if ($conf_source =~ /^AC_INIT\(([^,\)]+),([^,\)]+)[,]?([^,\)]+)?/m)
+@@ -1219,11 +1219,11 @@ 
+ 	$version =~ s/\(+$//g;
+         $bugurl  =~ s/\(+$//g if (defined $bugurl);
+ 
+-	$varhash{"PACKAGE_NAME"} = $name if (not $name =~ /\${?AC_PACKAGE_NAME}?/);
+-	$varhash{"PACKAGE"} = $name if (not $name =~ /\${?PACKAGE}?/);
+-	$varhash{"PACKAGE_VERSION"} = $version if (not $name =~ /\${?AC_PACKAGE_VERSION}?/);
+-	$varhash{"VERSION"} = $version if (not $name =~ /\${?VERSION}?/);
+-        $varhash{"PACKAGE_BUGREPORT"} = $bugurl if (defined $bugurl and not $bugurl =~ /\${?\w+}?/);
++	$varhash{"PACKAGE_NAME"} = $name if (not $name =~ /\$\{?AC_PACKAGE_NAME}?/);
++	$varhash{"PACKAGE"} = $name if (not $name =~ /\$\{?PACKAGE}?/);
++	$varhash{"PACKAGE_VERSION"} = $version if (not $name =~ /\$\{?AC_PACKAGE_VERSION}?/);
++	$varhash{"VERSION"} = $version if (not $name =~ /\$\{?VERSION}?/);
++        $varhash{"PACKAGE_BUGREPORT"} = $bugurl if (defined $bugurl and not $bugurl =~ /\$\{?\w+}?/);
+     }
+ 
+     # \s makes this not work, why?

package/iperf/iperf.hash

@@ -1,4 +1,4 @@
 # From https://sourceforge.net/projects/iperf2/files/
-sha1	9e215f6af8edd97f947f2b0207ff5487845d83d4	iperf-2.0.9.tar.gz
+sha1	59820895df9106ba189ccfdc5677077535ad50e7	iperf-2.0.9.tar.gz
 # Locally computed:
-sha256  a5350777b191e910334d3a107b5e5219b72ffa393da4186da1e0a4552aeeded6  iperf-2.0.9.tar.gz
+sha256  db02911f35686e808ed247160dfa766e08ae3f59d1e7dcedef0ffb2a6643f0bf  iperf-2.0.9.tar.gz

package/ipsec-tools/0002-CVE-2015-4047.patch

@@ -0,0 +1,26 @@
+ipsec-tools: CVE-2015-4047: null pointer dereference crash in racoon
+
+See: https://bugs.gentoo.org/show_bug.cgi?id=550118
+
+Downloaded from
+https://gitweb.gentoo.org/repo/gentoo.git/tree/net-vpn/ipsec-tools/files/ipsec-tools-CVE-2015-4047.patch
+
+See also
+https://sources.debian.net/src/ipsec-tools/1:0.8.2%2B20140711-8/debian/patches/bug785778-null-pointer-deref.patch/
+
+Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
+
+--- ./src/racoon/gssapi.c    9 Sep 2006 16:22:09 -0000       1.4
++++ ./src/racoon/gssapi.c    19 May 2015 15:16:00 -0000      1.6
+@@ -192,6 +192,11 @@
+	gss_name_t princ, canon_princ;
+	OM_uint32 maj_stat, min_stat;
+ 
++	if (iph1->rmconf == NULL) {
++		plog(LLV_ERROR, LOCATION, NULL, "no remote config\n");
++		return -1;
++	}
++
+	gps = racoon_calloc(1, sizeof (struct gssapi_ph1_state));
+	if (gps == NULL) {
+		plog(LLV_ERROR, LOCATION, NULL, "racoon_calloc failed\n");

package/irssi/0001-Get-back-to-using-pkg-config-to-check-for-OpenSSL.patch

@@ -1,77 +0,0 @@
-From ed0c2c1b9504a99a6dcc3c0f5de3b3a1c0232758 Mon Sep 17 00:00:00 2001
-From: Rodrigo Rebello <rprebello@gmail.com>
-Date: Mon, 20 Mar 2017 13:17:42 -0300
-Subject: [PATCH] Get back to using pkg-config to check for OpenSSL
-
-Commit 6300dfec7 removed the option to disable SSL support from the
-configure script since it became a requirement, but it also removed the
-use of pkg-config for finding the OpenSSL library and its dependencies.
-
-This had the unfortunate consequence of breaking the correct detection
-of library flags in many static linking scenarios. In some cases, for
-example, OpenSSL might have been built with zlib, which requires `-lz`
-to be passed to the linker when doing a static link of the irssi
-executable. Thus, pkg-config becomes an invaluable tool in such
-situations, since no guessing work is needed as the OpenSSL .pc file
-provides all the necessary flags.
-
-So, this patch re-inserts the PKG_CHECK_MODULES macro in the configure
-script when looking for OpenSSL. The test using AC_CHECK_LIB remains,
-but only as a last resort in case the one using pkg-config fails.
-
-Also, because the macro AM_PATH_GLIB_2_0 contains an unconditional call
-to PKG_PROG_PKG_CONFIG, the OpenSSL checks are moved so that they come
-after the Glib ones in order to avoid doubly checking for the pkg-config
-binary (PKG_CHECK_MODULES skips that check if it has been performed
-before, but PKG_PROG_PKG_CONFIG does not).
-
-Upstream status: submitted
-https://github.com/irssi/irssi/pull/677
-
-Signed-off-by: Rodrigo Rebello <rprebello@gmail.com>
----
- configure.ac | 21 +++++++++++++++------
- 1 file changed, 15 insertions(+), 6 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 02b33497..9f191d3f 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -231,11 +231,6 @@ if test "x$want_socks" = "xyes"; then
- fi
- 
- dnl **
--dnl ** OpenSSL checks
--dnl **
--AC_CHECK_LIB([ssl], [SSL_library_init])
--
--dnl **
- dnl ** fe-text checks
- dnl **
- 
-@@ -276,7 +271,21 @@ if test -z "$GLIB_LIBS"; then
-   AC_ERROR([GLIB is required to build irssi.])
- fi
- 
--LIBS="$LIBS $GLIB_LIBS -lssl -lcrypto"
-+LIBS="$LIBS $GLIB_LIBS"
-+
-+dnl **
-+dnl ** OpenSSL checks
-+dnl **
-+PKG_CHECK_MODULES([OPENSSL], [openssl], [
-+	CFLAGS="$CFLAGS $OPENSSL_CFLAGS"
-+	LIBS="$LIBS $OPENSSL_LIBS"
-+], [
-+	AC_CHECK_LIB([ssl], [SSL_library_init], [
-+		LIBS="$LIBS -lssl -lcrypto"
-+	], [
-+		AC_MSG_ERROR([The OpenSSL library was not found])
-+	])
-+])
- 
- dnl **
- dnl ** curses checks
--- 
-2.11.0
-

package/irssi/irssi.hash

@@ -1,2 +1,2 @@
 # Locally calculated after checking pgp signature
-sha256	5c1c3cc2caf103aad073fadeb000e0f8cb3b416833a7f43ceb8bd9fcf275fbe9	irssi-1.0.2.tar.xz
+sha256	838220297dcbe7c8c42d01005059779a82f5b7b7e7043db37ad13f5966aff581	irssi-1.0.3.tar.xz

package/irssi/irssi.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-IRSSI_VERSION = 1.0.2
+IRSSI_VERSION = 1.0.3
 IRSSI_SOURCE = irssi-$(IRSSI_VERSION).tar.xz
 # Do not use the github helper here. The generated tarball is *NOT* the
 # same as the one uploaded by upstream for the release.
@@ -13,9 +13,6 @@ IRSSI_LICENSE = GPL-2.0+
 IRSSI_LICENSE_FILES = COPYING
 IRSSI_DEPENDENCIES = host-pkgconf libglib2 ncurses openssl
 
-# We're patching configure.ac, so we need to autoreconf
-IRSSI_AUTORECONF = YES
-
 IRSSI_CONF_OPTS = \
 	--disable-glibtest \
 	--with-ncurses=$(STAGING_DIR)/usr \

package/kmod/0002-shared-util.c-assert_cc-can-only-be-used-inside-func.patch

@@ -0,0 +1,56 @@
+From 7cd698eb31059012305d8bb7516577c8cd383e32 Mon Sep 17 00:00:00 2001
+From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+Date: Sat, 3 Jun 2017 16:52:37 +0200
+Subject: [PATCH] shared/util.c: assert_cc() can only be used inside functions
+
+shared/macro.h has two versions of assert_cc, one that uses gcc
+_Static_assert(), which requires recent enough gcc versions, and one
+that uses a fake array to trigger a build error. The latter can only
+work inside functions, so assert_cc() should only be used inside
+functions.
+
+Fixes the following build failure when building kmod with old gcc
+versions such as gcc 4.3.x:
+
+shared/util.c:52: error: expected identifier or '(' before 'do'
+shared/util.c:52: error: expected identifier or '(' before 'while'
+
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+---
+ shared/util.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/shared/util.c b/shared/util.c
+index 9de080a..fd2028d 100644
+--- a/shared/util.c
++++ b/shared/util.c
+@@ -49,8 +49,6 @@ static const struct kmod_ext {
+ 	{ }
+ };
+ 
+-assert_cc(EAGAIN == EWOULDBLOCK);
+-
+ /* string handling functions and memory allocations                         */
+ /* ************************************************************************ */
+ 
+@@ -201,6 +199,8 @@ ssize_t read_str_safe(int fd, char *buf, size_t buflen)
+ 	size_t todo = buflen - 1;
+ 	size_t done = 0;
+ 
++	assert_cc(EAGAIN == EWOULDBLOCK);
++
+ 	do {
+ 		ssize_t r = read(fd, buf + done, todo);
+ 
+@@ -226,6 +226,8 @@ ssize_t write_str_safe(int fd, const char *buf, size_t buflen)
+ 	size_t todo = buflen;
+ 	size_t done = 0;
+ 
++	assert_cc(EAGAIN == EWOULDBLOCK);
++
+ 	do {
+ 		ssize_t r = write(fd, buf + done, todo);
+ 
+-- 
+2.7.4
+

package/libcurl/libcurl.mk

@@ -11,7 +11,7 @@ LIBCURL_DEPENDENCIES = host-pkgconf \
 	$(if $(BR2_PACKAGE_ZLIB),zlib) \
 	$(if $(BR2_PACKAGE_LIBIDN),libidn) \
 	$(if $(BR2_PACKAGE_RTMPDUMP),rtmpdump)
-LIBCURL_LICENSE = ISC
+LIBCURL_LICENSE = curl
 LIBCURL_LICENSE_FILES = COPYING
 LIBCURL_INSTALL_STAGING = YES
 

package/libgcrypt/libgcrypt.hash

@@ -1,2 +1,5 @@
-# Locally calculated
-sha256  626aafee84af9d2ce253d2c143dc1c0902dda045780cc241f39970fc60be05bc  libgcrypt-1.7.6.tar.bz2
+# From https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html
+sha1  65a4a495aa858483e66868199eaa8238572ca6cd  libgcrypt-1.7.8.tar.bz2
+# Locally calculated after checking signature
+# https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.7.8.tar.bz2.sig
+sha256  948276ea47e6ba0244f36a17b51dcdd52cfd1e664b0a1ac3bc82134fb6cec199  libgcrypt-1.7.8.tar.bz2

package/libgcrypt/libgcrypt.mk

@@ -4,11 +4,11 @@
 #
 ################################################################################
 
-LIBGCRYPT_VERSION = 1.7.6
+LIBGCRYPT_VERSION = 1.7.8
 LIBGCRYPT_SOURCE = libgcrypt-$(LIBGCRYPT_VERSION).tar.bz2
 LIBGCRYPT_LICENSE = LGPL-2.1+
 LIBGCRYPT_LICENSE_FILES = COPYING.LIB
-LIBGCRYPT_SITE = ftp://ftp.gnupg.org/gcrypt/libgcrypt
+LIBGCRYPT_SITE = https://gnupg.org/ftp/gcrypt/libgcrypt
 LIBGCRYPT_INSTALL_STAGING = YES
 LIBGCRYPT_DEPENDENCIES = libgpg-error
 LIBGCRYPT_CONFIG_SCRIPTS = libgcrypt-config

package/libmad/libmad.hash

@@ -1,2 +1,3 @@
 # Locally computed:
 sha256  bbfac3ed6bfbc2823d3775ebb931087371e142bb0e9bb1bee51a76a6e0078690  libmad-0.15.1b.tar.gz
+sha256  0e21f2c6b19337d0b237dacc04f7b90a56be7f359f4c9a2ee0b202d9af0cfa69  frame_length.diff

package/libmad/libmad.mk

@@ -10,6 +10,8 @@ LIBMAD_INSTALL_STAGING = YES
 LIBMAD_LIBTOOL_PATCH = NO
 LIBMAD_LICENSE = GPL-2.0+
 LIBMAD_LICENSE_FILES = COPYING
+LIBMAD_PATCH = \
+	https://sources.debian.net/data/main/libm/libmad/0.15.1b-8/debian/patches/frame_length.diff
 
 define LIBMAD_PREVENT_AUTOMAKE
 	# Prevent automake from running.

package/linux-headers/Config.in.host

@@ -222,13 +222,13 @@ endchoice
 
 config BR2_DEFAULT_KERNEL_HEADERS
 	string
-	default "3.2.88"	if BR2_KERNEL_HEADERS_3_2
+	default "3.2.89"	if BR2_KERNEL_HEADERS_3_2
 	default "3.4.113"	if BR2_KERNEL_HEADERS_3_4
-	default "3.10.105"	if BR2_KERNEL_HEADERS_3_10
+	default "3.10.106"	if BR2_KERNEL_HEADERS_3_10
 	default "3.12.74"	if BR2_KERNEL_HEADERS_3_12
-	default "4.1.40"	if BR2_KERNEL_HEADERS_4_1
-	default "4.4.70"	if BR2_KERNEL_HEADERS_4_4
-	default "4.9.30"	if BR2_KERNEL_HEADERS_4_9
+	default "4.1.42"	if BR2_KERNEL_HEADERS_4_1
+	default "4.4.75"	if BR2_KERNEL_HEADERS_4_4
+	default "4.9.35"	if BR2_KERNEL_HEADERS_4_9
 	default "4.10.17"	if BR2_KERNEL_HEADERS_4_10
-	default "4.11.3"	if BR2_KERNEL_HEADERS_4_11
+	default "4.11.8"	if BR2_KERNEL_HEADERS_4_11
 	default BR2_DEFAULT_KERNEL_VERSION if BR2_KERNEL_HEADERS_VERSION

package/lugaru/0002-Fix-mismatched-usage-length-build-fail-on-g.patch

@@ -0,0 +1,58 @@
+From 5a0c9f6358169b447840acdb721250ce932cb180 Mon Sep 17 00:00:00 2001
+From: Martin Erik Werner <martinerikwerner@gmail.com>
+Date: Wed, 8 Mar 2017 22:51:16 +0100
+Subject: [PATCH] Fix mismatched usage length, build fail on g++
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The length of const option::Descriptor usage[] is intended to be
+inferred based on the initialisation in Source/main.cpp, however, the
+extern declaration in Source/Game.hpp hard-codes it to 13.
+
+Remove the hard-coded 13 in the extern declaration, in favour of the
+inferred length.
+
+This also fixes the follwoing build failure with g++ (Debian 4.9.2-10)
+4.9.2:
+(...)/Source/main.cpp:602:5: error: uninitialized const member ‘option::Descriptor::index’
+     };
+     ^
+(...)/Source/main.cpp:602:5: warning: missing initializer for member ‘option::Descriptor::index’ [-Wmissing-field-initializers]
+(...)/Source/main.cpp:602:5: error: uninitialized const member ‘option::Descriptor::type’
+(...)/Source/main.cpp:602:5: warning: missing initializer for member ‘option::Descriptor::type’ [-Wmissing-field-initializers]
+(...)/Source/main.cpp:602:5: error: uninitialized const member ‘option::Descriptor::shortopt’
+(...)/Source/main.cpp:602:5: warning: missing initializer for member ‘option::Descriptor::shortopt’ [-Wmissing-field-initializers]
+(...)/Source/main.cpp:602:5: error: uninitialized const member ‘option::Descriptor::longopt’
+(...)/Source/main.cpp:602:5: warning: missing initializer for member ‘option::Descriptor::longopt’ [-Wmissing-field-initializers]
+(...)/Source/main.cpp:602:5: error: uninitialized const member ‘option::Descriptor::check_arg’
+(...)/Source/main.cpp:602:5: warning: missing initializer for member ‘option::Descriptor::check_arg’ [-Wmissing-field-initializers]
+(...)/Source/main.cpp:602:5: warning: missing initializer for member ‘option::Descriptor::help’ [-Wmissing-field-initializers]
+CMakeFiles/lugaru.dir/build.make:54: recipe for target 'CMakeFiles/lugaru.dir/Source/main.cpp.o' failed
+
+Signed-off-by: Martin Erik Werner <martinerikwerner@gmail.com>
+
+[Romain: backport to v1.2]
+Signed-off-by: Romain Naour <romain.naour@gmail.com>
+
+(cherry picked from commit dd685fe9080c2853422d8272792691358ea07dfc)
+---
+ Source/Game.hpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Source/Game.hpp b/Source/Game.hpp
+index 51232cc..9bb6adb 100644
+--- a/Source/Game.hpp
++++ b/Source/Game.hpp
+@@ -234,7 +234,7 @@ enum optionIndex
+ /* Number of options + 1 */
+ const int commandLineOptionsNumber = 10;
+ 
+-extern const option::Descriptor usage[13];
++extern const option::Descriptor usage[];
+ 
+ extern option::Option commandLineOptions[commandLineOptionsNumber];
+ extern option::Option* commandLineOptionsBuffer;
+-- 
+2.9.4
+

package/mesa3d/Config.in

@@ -30,8 +30,15 @@ config BR2_PACKAGE_MESA3D_GALLIUM_DRIVER
 config BR2_PACKAGE_MESA3D_DRI_DRIVER
 	bool
 	select BR2_PACKAGE_MESA3D_DRIVER
-	select BR2_PACKAGE_XLIB_LIBXSHMFENCE if BR2_PACKAGE_XPROTO_DRI3PROTO
-	select BR2_PACKAGE_XPROTO_PRESENTPROTO if BR2_PACKAGE_XPROTO_DRI3PROTO
+	# xlib-libxshmfence needs sync_4, so we cannot select it if
+	# BR2_TOOLCHAIN_HAS_SYNC_4 is false. xproto-presentproto
+	# doesn't need sync_4, but it is only needed in conjunction
+	# with xlib-libxshmfence and dri3proto to provide dri3
+	# support, so we also only select it if sync_4 is available.
+	select BR2_PACKAGE_XLIB_LIBXSHMFENCE if \
+		(BR2_PACKAGE_XPROTO_DRI3PROTO && BR2_TOOLCHAIN_HAS_SYNC_4)
+	select BR2_PACKAGE_XPROTO_PRESENTPROTO if \
+		(BR2_PACKAGE_XPROTO_DRI3PROTO && BR2_TOOLCHAIN_HAS_SYNC_4)
 
 config BR2_PACKAGE_MESA3D_VULKAN_DRIVER
 	bool

package/mesa3d/mesa3d.mk

@@ -90,7 +90,7 @@ ifeq ($(BR2_PACKAGE_MESA3D_DRI_DRIVER),)
 MESA3D_CONF_OPTS += \
 	--without-dri-drivers --disable-dri3
 else
-ifeq ($(BR2_PACKAGE_XPROTO_DRI3PROTO),y)
+ifeq ($(BR2_PACKAGE_XLIB_LIBXSHMFENCE)$(BR2_PACKAGE_XPROTO_DRI3PROTO),yy)
 MESA3D_DEPENDENCIES += xlib_libxshmfence xproto_dri3proto xproto_presentproto
 MESA3D_CONF_OPTS += --enable-dri3
 else

package/mosquitto/mosquitto.hash

@@ -1,2 +1,3 @@
 # Locally computed:
 sha512  75e6105498869ab13265df7a0bea6052c014d59d0c0efb61162d8257d34c0153fce32130e84c28e99fd494f374949aac5e01c19f7439c2eea575b52ef1179c3c  mosquitto-1.4.12.tar.gz
+sha256  06abd1206e548ac2378dd96f5434cb3e40ed77cecb6a9c37fbabab0b0f1360e5  mosquitto-1.4.x_cve-2017-9868.patch

package/mosquitto/mosquitto.mk

@@ -9,6 +9,8 @@ MOSQUITTO_SITE = http://mosquitto.org/files/source
 MOSQUITTO_LICENSE = EPL-1.0 or EDLv1.0
 MOSQUITTO_LICENSE_FILES = LICENSE.txt epl-v10 edl-v10
 MOSQUITTO_INSTALL_STAGING = YES
+MOSQUITTO_PATCH = \
+	https://mosquitto.org/files/cve/2017-9868/mosquitto-1.4.x_cve-2017-9868.patch
 
 MOSQUITTO_MAKE_OPTS = \
 	UNAME=Linux \

package/mpg123/mpg123.hash

@@ -1,2 +1,2 @@
 # Locally calculated after checking pgp signature
-sha256	de2303c8ecb65593e39815c0a2f2f2d91f708c43b85a55fdd1934c82e677cf8e	mpg123-1.23.8.tar.bz2
+sha256	0fe7270a4071367f97a7c1fb45fb2ef3cfef73509c205124e080ea569217b05f	mpg123-1.25.1.tar.bz2

package/mpg123/mpg123.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-MPG123_VERSION = 1.23.8
+MPG123_VERSION = 1.25.1
 MPG123_SOURCE = mpg123-$(MPG123_VERSION).tar.bz2
 MPG123_SITE = http://downloads.sourceforge.net/project/mpg123/mpg123/$(MPG123_VERSION)
 MPG123_CONF_OPTS = --disable-lfs-alias
@@ -74,10 +74,11 @@ endif
 
 MPG123_CONF_OPTS += --with-audio=$(subst $(space),$(comma),$(MPG123_AUDIO))
 
-ifeq ($(BR2_PACKAGE_LIBTOOL),y)
-MPG123_DEPENDENCIES += libtool
-# .la files gets stripped , so directly load .so files rather than .la
-MPG123_CONF_OPTS += --with-modules --with-module-suffix=.so
+# output modules are loaded with dlopen()
+ifeq ($(BR2_STATIC_LIBS),y)
+MPG123_CONF_OPTS += --disable-modules
+else
+MPG123_CONF_OPTS += --enable-modules
 endif
 
 $(eval $(autotools-package))

package/ncurses/ncurses.mk

@@ -47,10 +47,12 @@ endif
 
 NCURSES_TERMINFO_FILES = \
 	a/ansi \
+	d/dumb \
 	l/linux \
 	p/putty \
 	p/putty-vt100 \
 	s/screen \
+	s/screen-256color \
 	v/vt100 \
 	v/vt100-putty \
 	v/vt102 \

package/ntp/ntp.mk

@@ -65,6 +65,12 @@ else
 NTP_CONF_OPTS += --disable-SHM
 endif
 
+ifeq ($(BR2_PACKAGE_NTP_SNTP),y)
+NTP_CONF_OPTS += --with-sntp
+else
+NTP_CONF_OPTS += --without-sntp
+endif
+
 NTP_INSTALL_FILES_$(BR2_PACKAGE_NTP_NTP_KEYGEN) += util/ntp-keygen
 NTP_INSTALL_FILES_$(BR2_PACKAGE_NTP_NTP_WAIT) += scripts/ntp-wait/ntp-wait
 NTP_INSTALL_FILES_$(BR2_PACKAGE_NTP_NTPDATE) += ntpdate/ntpdate

package/openssh/openssh.hash

@@ -1,2 +1,4 @@
 # From http://www.openssh.com/txt/release-7.5 (base64 encoded)
 sha256 9846e3c5fab9f0547400b4d2c017992f914222b3fd1f8eee6c7dc6bc5e59f9f0  openssh-7.5p1.tar.gz
+sha256 310860606c4175cdfd095e724f624df27340c89a916f7a09300bcb7988d5cfbf  afc3e31b637db9dae106d4fad78f7b481c8c24e3.patch
+sha256 395aa1006967713b599555440e09f898781a5559e496223587401768ece10904  f4fcd8c788a4854d4ebae400cf55e3957f906835.patch

package/openssh/openssh.mk

@@ -8,6 +8,12 @@ OPENSSH_VERSION = 7.5p1
 OPENSSH_SITE = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable
 OPENSSH_LICENSE = BSD-3-Clause, BSD-2-Clause, Public Domain
 OPENSSH_LICENSE_FILES = LICENCE
+# Autoreconf needed due to the following patches modifying configure.ac:
+# f4fcd8c788a4854d4ebae400cf55e3957f906835.patch
+# afc3e31b637db9dae106d4fad78f7b481c8c24e3.patch
+OPENSSH_AUTORECONF = YES
+OPENSSH_PATCH = https://github.com/openssh/openssh-portable/commit/f4fcd8c788a4854d4ebae400cf55e3957f906835.patch \
+	https://github.com/openssh/openssh-portable/commit/afc3e31b637db9dae106d4fad78f7b481c8c24e3.patch
 OPENSSH_CONF_ENV = LD="$(TARGET_CC)" LDFLAGS="$(TARGET_CFLAGS)"
 OPENSSH_CONF_OPTS = \
 	--sysconfdir=/etc/ssh \

package/openvpn/openvpn.hash

@@ -1,2 +1,2 @@
-# Locally calculated
-sha256 df5c4f384b7df6b08a2f6fa8a84b9fd382baf59c2cef1836f82e2a7f62f1bff9  openvpn-2.4.2.tar.xz
+# Locally calculated after checking signature
+sha256 15e15fc97f189b52aee7c90ec8355aa77469c773125110b4c2f089abecde36fb  openvpn-2.4.3.tar.xz

package/openvpn/openvpn.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-OPENVPN_VERSION = 2.4.2
+OPENVPN_VERSION = 2.4.3
 OPENVPN_SOURCE = openvpn-$(OPENVPN_VERSION).tar.xz
 OPENVPN_SITE = http://swupdate.openvpn.net/community/releases
 OPENVPN_DEPENDENCIES = host-pkgconf openssl

package/pngquant/pngquant.mk

@@ -36,6 +36,7 @@ endef
 define HOST_PNGQUANT_CONFIGURE_CMDS
 	(cd $(@D) && \
 		$(HOST_CONFIGURE_OPTS) \
+		CC=$(HOSTCC_NOCCACHE) \
 		./configure --prefix=$(HOST_DIR)/usr \
 		--without-lcms2 \
 	)

package/python-simplegeneric/python-simplegeneric.mk

@@ -8,7 +8,12 @@ PYTHON_SIMPLEGENERIC_VERSION = 0.8.1
 PYTHON_SIMPLEGENERIC_SOURCE = simplegeneric-$(PYTHON_SIMPLEGENERIC_VERSION).zip
 PYTHON_SIMPLEGENERIC_SITE = https://pypi.python.org/packages/3d/57/4d9c9e3ae9a255cd4e1106bb57e24056d3d0709fc01b2e3e345898e49d5b
 PYTHON_SIMPLEGENERIC_LICENSE = ZPL-2.1
-PYTHON_SIMPLEGENERIC_SETUP_TYPE = distutils
+
+# Force setup-type to be 'setuptools' in order to force the package to
+# be installed with --single-version-externally-managed. Otherwise we
+# end up with a .egg file, which is a zip archive, and as such forces
+# us to have 'zlib' as a runtime dependency
+PYTHON_SIMPLEGENERIC_SETUP_TYPE = setuptools
 
 define PYTHON_SIMPLEGENERIC_EXTRACT_CMDS
 	unzip $(DL_DIR)/$(PYTHON_SIMPLEGENERIC_SOURCE) -d $(@D)

package/qt5/qt5base/qmake.conf

@@ -21,5 +21,8 @@ CONFIG                 += nostrip
 QMAKE_LIBS             += -lrt -lpthread -ldl
 QMAKE_CFLAGS_ISYSTEM   =
 
+# Architecturespecific configuration
+include(arch.conf)
+
 include(../common/linux_device_post.conf)
 load(qt_config)

package/qt5/qt5base/qt5base.mk

@@ -214,12 +214,22 @@ define QT5BASE_CONFIGURE_CONFIG_FILE
 endef
 endif
 
+QT5BASE_ARCH_CONFIG_FILE = $(@D)/mkspecs/devices/linux-buildroot-g++/arch.conf
+ifeq ($(BR2_TOOLCHAIN_HAS_LIBATOMIC)$(BR2_PACKAGE_QT5_VERSION_LATEST),yy)
+# Qt 5.8 needs atomics, which on various architectures are in -latomic
+define QT5BASE_CONFIGURE_ARCH_CONFIG
+	printf 'LIBS += -latomic\n' >$(QT5BASE_ARCH_CONFIG_FILE)
+endef
+endif
+
 define QT5BASE_CONFIGURE_CMDS
 	$(INSTALL) -m 0644 -D $(QT5BASE_PKGDIR)/qmake.conf \
 		$(@D)/mkspecs/devices/linux-buildroot-g++/qmake.conf
 	$(INSTALL) -m 0644 -D $(QT5BASE_PKGDIR)/qplatformdefs.h \
 		$(@D)/mkspecs/devices/linux-buildroot-g++/qplatformdefs.h
 	$(QT5BASE_CONFIGURE_CONFIG_FILE)
+	touch $(QT5BASE_ARCH_CONFIG_FILE)
+	$(QT5BASE_CONFIGURE_ARCH_CONFIG)
 	(cd $(@D); \
 		$(TARGET_MAKE_ENV) \
 		PKG_CONFIG="$(PKG_CONFIG_HOST_BINARY)" \

package/qt5/qt5multimedia/qt5multimedia.mk

@@ -26,6 +26,14 @@ ifeq ($(BR2_PACKAGE_QT5DECLARATIVE),y)
 QT5MULTIMEDIA_DEPENDENCIES += qt5declarative
 endif
 
+ifeq ($(BR2_PACKAGE_LIBGLIB2)$(BR2_PACKAGE_PULSEAUDIO),yy)
+QT5MULTIMEDIA_DEPENDENCIES += libglib2 pulseaudio
+endif
+
+ifeq ($(BR2_PACKAGE_ALSA_LIB),y)
+QT5MULTIMEDIA_DEPENDENCIES += alsa-lib
+endif
+
 define QT5MULTIMEDIA_CONFIGURE_CMDS
 	(cd $(@D); $(TARGET_MAKE_ENV) $(HOST_DIR)/usr/bin/qmake)
 endef

package/rtl8821au/rtl8821au.mk

@@ -7,7 +7,7 @@
 RTL8821AU_VERSION = b018b446fb0729fa659e7eead475d6c13f192642
 RTL8821AU_SITE = $(call github,abperiasamy,rtl8812AU_8821AU_linux,$(RTL8821AU_VERSION))
 RTL8821AU_LICENSE = GPL-2.0
-RTL8821AU_LICENSE_FILES = COPYING
+RTL8821AU_LICENSE_FILES = LICENSE
 
 RTL8821AU_MODULE_MAKE_OPTS = \
 	CONFIG_RTL8812AU_8821AU=m \

package/socat/socat.mk

@@ -9,11 +9,20 @@ SOCAT_SOURCE = socat-$(SOCAT_VERSION).tar.bz2
 SOCAT_SITE = http://www.dest-unreach.org/socat/download
 SOCAT_LICENSE = GPL-2.0
 SOCAT_LICENSE_FILES = COPYING
-SOCAT_CONF_ENV = \
-	sc_cv_termios_ispeed=no \
+
+SOCAT_CONF_ENV = sc_cv_termios_ispeed=no
+
+ifeq ($(BR2_powerpc)$(BR2_powerpc64)$(BR2_powerpc64le),y)
+SOCAT_CONF_ENV += \
+	sc_cv_sys_crdly_shift=12 \
+	sc_cv_sys_tabdly_shift=10 \
+	sc_cv_sys_csize_shift=8
+else
+SOCAT_CONF_ENV += \
 	sc_cv_sys_crdly_shift=9 \
 	sc_cv_sys_tabdly_shift=11 \
 	sc_cv_sys_csize_shift=4
+endif
 
 # We need to run autoconf to regenerate the configure script, in order
 # to ensure that the test checking linux/ext2_fs.h works

package/spice/0001-Prevent-possible-DoS-attempts-during-protocol-handsh.patch

@@ -0,0 +1,60 @@
+From 1c6517973095a67c8cb57f3550fc1298404ab556 Mon Sep 17 00:00:00 2001
+From: Frediano Ziglio <fziglio@redhat.com>
+Date: Tue, 13 Dec 2016 14:39:48 +0000
+Subject: [PATCH] Prevent possible DoS attempts during protocol handshake
+
+The limit for link message is specified using a 32 bit unsigned integer.
+This could cause possible DoS due to excessive memory allocations and
+some possible crashes.
+For instance a value >= 2^31 causes a spice_assert to be triggered in
+async_read_handler (reds-stream.c) due to an integer overflow at this
+line:
+
+   int n = async->end - async->now;
+
+This could be easily triggered with a program like
+
+  #!/usr/bin/env python
+
+  import socket
+  import time
+  from struct import pack
+
+  server = '127.0.0.1'
+  port = 5900
+
+  s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+  s.connect((server, port))
+  data = pack('<4sIII', 'REDQ', 2, 2, 0xaaaaaaaa)
+  s.send(data)
+
+  time.sleep(1)
+
+without requiring any authentication (the same can be done
+with TLS).
+
+[Peter: fixes CVE-2016-9578]
+Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
+Acked-by: Christophe Fergeau <cfergeau@redhat.com>
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ server/reds.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/server/reds.c b/server/reds.c
+index f40b65c1..86a33d53 100644
+--- a/server/reds.c
++++ b/server/reds.c
+@@ -2202,7 +2202,8 @@ static void reds_handle_read_header_done(void *opaque)
+ 
+     reds->peer_minor_version = header->minor_version;
+ 
+-    if (header->size < sizeof(SpiceLinkMess)) {
++    /* the check for 4096 is to avoid clients to cause arbitrary big memory allocations */
++    if (header->size < sizeof(SpiceLinkMess) || header->size > 4096) {
+         reds_send_link_error(link, SPICE_LINK_ERR_INVALID_DATA);
+         spice_warning("bad size %u", header->size);
+         reds_link_free(link);
+-- 
+2.11.0
+

package/spice/0001-fix-missing-monitor_latency-argument.patch

@@ -1,28 +0,0 @@
-From 0d3767853ca179ce04a9b312d7a30d33d1266a3b Mon Sep 17 00:00:00 2001
-From: Axel Lin <axel.lin@ingics.com>
-Date: Thu, 10 Oct 2013 12:36:40 +0800
-Subject: [PATCH] red_tunnel_worker: Fix build error due to missing monitor_latency argument
-
-Fix missing monitor_latency argument in red_channel_client_create call.
-
-Signed-off-by: Axel Lin <axel.lin@ingics.com>
----
- server/red_tunnel_worker.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/server/red_tunnel_worker.c b/server/red_tunnel_worker.c
-index 97dcafd..6781d73 100644
---- a/server/red_tunnel_worker.c
-+++ b/server/red_tunnel_worker.c
-@@ -3417,7 +3417,7 @@ static void handle_tunnel_channel_link(RedChannel *channel, RedClient *client,
-     }
- 
-     tcc = (TunnelChannelClient*)red_channel_client_create(sizeof(TunnelChannelClient),
--                                                          channel, client, stream,
-+                                                          channel, client, stream, FALSE,
-                                                           0, NULL, 0, NULL);
-     if (!tcc) {
-         return;
--- 
-1.8.1.2
-

package/spice/0002-Prevent-integer-overflows-in-capability-checks.patch

@@ -0,0 +1,43 @@
+From f66dc643635518e53dfbe5262f814a64eec54e4a Mon Sep 17 00:00:00 2001
+From: Frediano Ziglio <fziglio@redhat.com>
+Date: Tue, 13 Dec 2016 14:40:10 +0000
+Subject: [PATCH] Prevent integer overflows in capability checks
+
+The limits for capabilities are specified using 32 bit unsigned integers.
+This could cause possible integer overflows causing buffer overflows.
+For instance the sum of num_common_caps and num_caps can be 0 avoiding
+additional checks.
+As the link message is now capped to 4096 and the capabilities are
+contained in the link message limit the capabilities to 1024
+(capabilities are expressed in number of uint32_t items).
+
+[Peter: fixes CVE-2016-9578]
+Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
+Acked-by: Christophe Fergeau <cfergeau@redhat.com>
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ server/reds.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/server/reds.c b/server/reds.c
+index 86a33d53..91504544 100644
+--- a/server/reds.c
++++ b/server/reds.c
+@@ -2110,6 +2110,14 @@ static void reds_handle_read_link_done(void *opaque)
+     link_mess->num_channel_caps = GUINT32_FROM_LE(link_mess->num_channel_caps);
+     link_mess->num_common_caps = GUINT32_FROM_LE(link_mess->num_common_caps);
+ 
++    /* Prevent DoS. Currently we defined only 13 capabilities,
++     * I expect 1024 to be valid for quite a lot time */
++    if (link_mess->num_channel_caps > 1024 || link_mess->num_common_caps > 1024) {
++        reds_send_link_error(link, SPICE_LINK_ERR_INVALID_DATA);
++        reds_link_free(link);
++        return;
++    }
++
+     num_caps = link_mess->num_common_caps + link_mess->num_channel_caps;
+     caps = (uint32_t *)((uint8_t *)link_mess + link_mess->caps_offset);
+ 
+-- 
+2.11.0
+

package/spice/0003-main-channel-Prevent-overflow-reading-messages-from-.patch

@@ -0,0 +1,33 @@
+From 5f96b596353d73bdf4bb3cd2de61e48a7fd5b4c3 Mon Sep 17 00:00:00 2001
+From: Frediano Ziglio <fziglio@redhat.com>
+Date: Tue, 29 Nov 2016 16:46:56 +0000
+Subject: [PATCH] main-channel: Prevent overflow reading messages from client
+
+Caller is supposed the function return a buffer able to store
+size bytes.
+
+[Peter: fixes CVE-2016-9577]
+Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
+Acked-by: Christophe Fergeau <cfergeau@redhat.com>
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ server/main_channel.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/server/main_channel.c b/server/main_channel.c
+index 0ecc9df8..1fc39155 100644
+--- a/server/main_channel.c
++++ b/server/main_channel.c
+@@ -1026,6 +1026,9 @@ static uint8_t *main_channel_alloc_msg_rcv_buf(RedChannelClient *rcc,
+ 
+     if (type == SPICE_MSGC_MAIN_AGENT_DATA) {
+         return reds_get_agent_data_buffer(mcc, size);
++    } else if (size > sizeof(main_chan->recv_buf)) {
++        /* message too large, caller will log a message and close the connection */
++        return NULL;
+     } else {
+         return main_chan->recv_buf;
+     }
+-- 
+2.11.0
+

package/spice/Config.in

@@ -2,23 +2,15 @@ comment "spice server needs a toolchain w/ wchar, threads"
 	depends on BR2_i386 || BR2_x86_64
 	depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS
 
-comment "spice server depends on python (for pyparsing)"
-	depends on BR2_i386 || BR2_x86_64
-	depends on !BR2_PACKAGE_PYTHON
-
 config BR2_PACKAGE_SPICE
 	bool "spice server"
 	depends on BR2_i386 || BR2_x86_64
-	depends on BR2_PACKAGE_PYTHON
 	depends on BR2_USE_WCHAR # libglib2
 	depends on BR2_TOOLCHAIN_HAS_THREADS # libglib2
-	select BR2_PACKAGE_ALSA_LIB
-	select BR2_PACKAGE_CELT051
 	select BR2_PACKAGE_JPEG
 	select BR2_PACKAGE_LIBGLIB2
 	select BR2_PACKAGE_OPENSSL
 	select BR2_PACKAGE_PIXMAN
-	select BR2_PACKAGE_PYTHON_PYPARSING
 	select BR2_PACKAGE_SPICE_PROTOCOL
 	help
 	  The Spice project aims to provide a complete open source
@@ -30,41 +22,3 @@ config BR2_PACKAGE_SPICE
 	  This package implements the server-part of Spice.
 
 	  http://www.spice-space.org/
-
-if BR2_PACKAGE_SPICE
-
-comment "client depends on X.org"
-	depends on !BR2_PACKAGE_XORG7
-
-config BR2_PACKAGE_SPICE_CLIENT
-	bool "Enable client"
-	depends on BR2_PACKAGE_XORG7
-	depends on BR2_TOOLCHAIN_HAS_THREADS
-	depends on BR2_INSTALL_LIBSTDCPP
-	select BR2_PACKAGE_XLIB_LIBXFIXES
-	select BR2_PACKAGE_XLIB_LIBXRANDR
-
-comment "client needs a toolchain w/ threads, C++"
-	depends on BR2_PACKAGE_XORG7
-	depends on !BR2_TOOLCHAIN_HAS_THREADS || !BR2_INSTALL_LIBSTDCPP
-
-config BR2_PACKAGE_SPICE_GUI
-	bool "Enable GUI"
-	depends on BR2_PACKAGE_SPICE_CLIENT
-	depends on !BR2_STATIC_LIBS
-	select BR2_PACKAGE_CEGUI06
-	help
-	  Say 'y' here to enable the Graphical User Interface (GUI)
-	  start dialog.
-
-comment "gui needs a toolchain w/ dynamic library"
-	depends on BR2_STATIC_LIBS
-
-config BR2_PACKAGE_SPICE_TUNNEL
-	bool "Enable network redirection"
-	select BR2_PACKAGE_SLIRP
-	help
-	  Say 'y' here to enable network redirection, aka tunnelling
-	  through a SLIP/SLIRP session.
-
-endif # BR2_PACKAGE_SPICE

package/spice/spice.hash

@@ -1,2 +1,2 @@
 # Locally calculated
-sha256	cf063e7df42e331a835529d2f613d8a01f8cb2963e8edaadf73a8d65c46fb387	spice-0.12.4.tar.bz2
+sha256	f901a5c5873d61acac84642f9eea5c4d6386fc3e525c2b68792322794e1c407d	spice-0.12.8.tar.bz2

package/spice/spice.mk

@@ -4,20 +4,17 @@
 #
 ################################################################################
 
-SPICE_VERSION = 0.12.4
+SPICE_VERSION = 0.12.8
 SPICE_SOURCE = spice-$(SPICE_VERSION).tar.bz2
 SPICE_SITE = http://www.spice-space.org/download/releases
 SPICE_LICENSE = LGPL-2.1+
 SPICE_LICENSE_FILES = COPYING
 SPICE_INSTALL_STAGING = YES
 SPICE_DEPENDENCIES = \
-	alsa-lib \
-	celt051 \
 	jpeg \
 	libglib2 \
 	openssl \
 	pixman \
-	python-pyparsing \
 	spice-protocol
 
 # We disable everything for now, because the dependency tree can become
@@ -26,34 +23,30 @@ SPICE_CONF_OPTS = \
 	--disable-opengl \
 	--disable-smartcard \
 	--disable-automated-tests \
-	--without-sasl
+	--without-sasl \
+	--disable-manual
 
 SPICE_DEPENDENCIES += host-pkgconf
 
-ifeq ($(BR2_PACKAGE_SPICE_CLIENT),y)
-SPICE_CONF_OPTS += --enable-client
-SPICE_DEPENDENCIES += xlib_libXfixes xlib_libXrandr
+ifeq ($(BR2_PACKAGE_CELT051),y)
+SPICE_CONF_OPTS += --enable-celt051
+SPICE_DEPENDENCIES += celt051
 else
-SPICE_CONF_OPTS += --disable-client
+SPICE_CONF_OPTS += --disable-celt051
 endif
 
-ifeq ($(BR2_PACKAGE_SPICE_GUI),y)
-SPICE_CONF_OPTS += --enable-gui
-SPICE_DEPENDENCIES += cegui06
+ifeq ($(BR2_PACKAGE_LZ4),y)
+SPICE_CONF_OPTS += --enable-lz4
+SPICE_DEPENDENCIES += lz4
 else
-SPICE_CONF_OPTS += --disable-gui
+SPICE_CONF_OPTS += --disable-lz4
 endif
 
-ifeq ($(BR2_PACKAGE_SPICE_TUNNEL),y)
-SPICE_CONF_OPTS += --enable-tunnel
-SPICE_DEPENDENCIES += slirp
-else
-SPICE_CONF_OPTS += --disable-tunnel
+# no enable/disable, detected using pkg-config
+ifeq ($(BR2_PACKAGE_OPUS),y)
+SPICE_DEPENDENCIES += opus
 endif
 
-SPICE_CONF_ENV = PYTHONPATH=$(TARGET_DIR)/usr/lib/python$(PYTHON_VERSION_MAJOR)/site-packages
-SPICE_MAKE_ENV = PYTHONPATH=$(TARGET_DIR)/usr/lib/python$(PYTHON_VERSION_MAJOR)/site-packages
-
 # We need to tweak spice.pc because it /forgets/ (for static linking) that
 # it should link against libz and libjpeg. libz is pkg-config-aware, while
 # libjpeg isn't, hence the two-line tweak

package/systemd/systemd.hash

@@ -1,2 +1,5 @@
 # sha256 locally computed
 sha256 8b3e99da3d4164b66581830a7f2436c0c8fe697b5fbdc3927bdb960646be0083  systemd-233.tar.gz
+sha256 eed8fef0045876e9efa0ba6725ed9ea93654bf24d67bb5aad467a341ad375883  a924f43f30f9c4acaf70618dd2a055f8b0f166be.patch
+sha256 43c75bd161a8ef0de5db607aaceed77220f2ba4903cf44e7e9db544980420a5e  db848813bae4d28c524b3b6a7dad135e426659ce.patch
+sha256 451f7c09332479ebe4ac01612f5f034df4524e16b5bc5d1c8ddcda14e9f3cd69  88795538726a5bbfd9efc13d441cb05e1d7fc139.patch

package/systemd/systemd.mk

@@ -19,6 +19,11 @@ SYSTEMD_DEPENDENCIES = \
 SYSTEMD_PROVIDES = udev
 SYSTEMD_AUTORECONF = YES
 
+SYSTEMD_PATCH = \
+	https://github.com/systemd/systemd/commit/a924f43f30f9c4acaf70618dd2a055f8b0f166be.patch \
+	https://github.com/systemd/systemd/commit/db848813bae4d28c524b3b6a7dad135e426659ce.patch \
+	https://github.com/systemd/systemd/commit/88795538726a5bbfd9efc13d441cb05e1d7fc139.patch
+
 # Make sure that systemd will always be built after busybox so that we have
 # a consistent init setup between two builds
 ifeq ($(BR2_PACKAGE_BUSYBOX),y)
@@ -42,10 +47,16 @@ SYSTEMD_CONF_OPTS += \
 
 SYSTEMD_CFLAGS = $(TARGET_CFLAGS) -fno-lto
 
-# Override path to kmod, used in kmod-static-nodes.service
+# Override paths to a few utilities needed at runtime, to
+# avoid finding those we would install in $(HOST_DIR).
 SYSTEMD_CONF_ENV = \
 	CFLAGS="$(SYSTEMD_CFLAGS)" \
-	ac_cv_path_KMOD=/usr/bin/kmod
+	ac_cv_path_KILL=/usr/bin/kill \
+	ac_cv_path_KMOD=/usr/bin/kmod \
+	ac_cv_path_KEXEC=/usr/sbin/kexec \
+	ac_cv_path_SULOGIN=/usr/sbin/sulogin \
+	ac_cv_path_MOUNT_PATH=/usr/bin/mount \
+	ac_cv_path_UMOUNT_PATH=/usr/bin/umount
 
 define SYSTEMD_RUN_INTLTOOLIZE
 	cd $(@D) && $(HOST_DIR)/usr/bin/intltoolize --force --automake
@@ -179,8 +190,14 @@ endif
 
 ifeq ($(BR2_PACKAGE_SYSTEMD_QUOTACHECK),y)
 SYSTEMD_CONF_OPTS += --enable-quotacheck
+SYSTEMD_CONF_ENV += \
+	ac_cv_path_QUOTAON=/usr/sbin/quotaon \
+	ac_cv_path_QUOTACHECK=/usr/sbin/quotacheck
 else
 SYSTEMD_CONF_OPTS += --disable-quotacheck
+SYSTEMD_CONF_ENV += \
+	ac_cv_path_QUOTAON=/.missing \
+	ac_cv_path_QUOTACHECK=/.missing
 endif
 
 ifeq ($(BR2_PACKAGE_SYSTEMD_TMPFILES),y)

package/tor/tor.hash

@@ -1,2 +1,2 @@
 # Locally computed
-sha256 d611283e1fb284b5f884f8c07e7d3151016851848304f56cfdf3be2a88bd1341  tor-0.2.9.10.tar.gz
+sha256 c1959bebff9a546a54cbedb58c8289a42441991af417d2d16f7b336be8903221  tor-0.2.9.11.tar.gz

package/tor/tor.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-TOR_VERSION = 0.2.9.10
+TOR_VERSION = 0.2.9.11
 TOR_SITE = https://dist.torproject.org
 TOR_LICENSE = BSD-3-Clause
 TOR_LICENSE_FILES = LICENSE

package/trinity/trinity.hash

@@ -3,3 +3,4 @@ sha256 4cb2bd4049ce523fdf47490c4c18b8eb713c720d4b3b13d6ec2ae246aac908ad  trinity
 sha256 5601474b10973b99f6f4ecc67c8ac54000754d7110553cc81c7648bd7e73c810  b0e66a2d084ffc210bc1fc247efb4d177e9f7e3d.patch
 sha256 1974e473113b4e79fb2ff820e2b03f475a538e43343c24ca077a04214b9e0418  f447db18b389050ecc5e66dbf549d5953633e23e.patch
 sha256 9f9846a9c257b7df7e944c8b3ea956a8e8166bba67b3ea6c231382f095753312  87427256640f806710dd97fc807a9a896147c617.patch
+sha256 e6e47e813424f6b92b5a2e8f56bbd3bae63db47b76ece81a934a9390e194cbfc  1d9af9d07ae111c253c92112fb50000adac47a0c.patch

package/trinity/trinity.mk

@@ -12,7 +12,8 @@ TRINITY_LICENSE_FILES = COPYING
 
 TRINITY_PATCH = https://github.com/kernelslacker/trinity/commit/b0e66a2d084ffc210bc1fc247efb4d177e9f7e3d.patch \
 		https://github.com/kernelslacker/trinity/commit/f447db18b389050ecc5e66dbf549d5953633e23e.patch \
-		https://github.com/kernelslacker/trinity/commit/87427256640f806710dd97fc807a9a896147c617.patch
+		https://github.com/kernelslacker/trinity/commit/87427256640f806710dd97fc807a9a896147c617.patch \
+		https://github.com/kernelslacker/trinity/commit/1d9af9d07ae111c253c92112fb50000adac47a0c.patch
 
 ifeq ($(BR2_PACKAGE_BTRFS_PROGS),y)
 TRINITY_DEPENDENCIES += btrfs-progs

package/tslib/tslib.mk

@@ -7,7 +7,7 @@
 TSLIB_VERSION = 1.9
 TSLIB_SITE = https://github.com/kergoth/tslib/releases/download/$(TSLIB_VERSION)
 TSLIB_SOURCE = tslib-$(TSLIB_VERSION).tar.xz
-TSLIB_LICENSE = GPL, LGPL
+TSLIB_LICENSE = GPL-2.0+ (programs), LGPL-2.1+ (libraries)
 TSLIB_LICENSE_FILES = COPYING
 
 TSLIB_INSTALL_STAGING = YES

package/vlc/0013-codec-avcodec-check-avcodec-visible-sizes.patch

@@ -0,0 +1,33 @@
+From 6cc73bcad19da2cd2e95671173f2e0d203a57e9b Mon Sep 17 00:00:00 2001
+From: Francois Cartegnie <fcvlcdev@free.fr>
+Date: Thu, 29 Jun 2017 09:45:20 +0200
+Subject: [PATCH] codec: avcodec: check avcodec visible sizes
+
+refs #18467
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ modules/codec/avcodec/video.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/modules/codec/avcodec/video.c b/modules/codec/avcodec/video.c
+index 1bcad21..ce52544 100644
+--- a/modules/codec/avcodec/video.c
++++ b/modules/codec/avcodec/video.c
+@@ -137,9 +137,11 @@ static inline picture_t *ffmpeg_NewPictBuf( decoder_t *p_dec,
+     }
+ 
+ 
+-    if( width == 0 || height == 0 || width > 8192 || height > 8192 )
++    if( width == 0 || height == 0 || width > 8192 || height > 8192 ||
++        width < p_context->width || height < p_context->height )
+     {
+-        msg_Err( p_dec, "Invalid frame size %dx%d.", width, height );
++        msg_Err( p_dec, "Invalid frame size %dx%d. vsz %dx%d",
++                 width, height, p_context->width, p_context->height );
+         return NULL; /* invalid display size */
+     }
+     p_dec->fmt_out.video.i_width = width;
+-- 
+2.1.4
+

package/vlc/0014-decoder-check-visible-size-when-creating-buffer.patch

@@ -0,0 +1,33 @@
+From a38a85db58c569cc592d9380cc07096757ef3d49 Mon Sep 17 00:00:00 2001
+From: Francois Cartegnie <fcvlcdev@free.fr>
+Date: Thu, 29 Jun 2017 11:09:02 +0200
+Subject: [PATCH] decoder: check visible size when creating buffer
+
+early reject invalid visible size
+mishandled by filters.
+
+refs #18467
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ src/input/decoder.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/input/decoder.c b/src/input/decoder.c
+index 2c0823f..a216165 100644
+--- a/src/input/decoder.c
++++ b/src/input/decoder.c
+@@ -2060,7 +2060,9 @@ static picture_t *vout_new_buffer( decoder_t *p_dec )
+         vout_thread_t *p_vout;
+ 
+         if( !p_dec->fmt_out.video.i_width ||
+-            !p_dec->fmt_out.video.i_height )
++            !p_dec->fmt_out.video.i_height ||
++            p_dec->fmt_out.video.i_width < p_dec->fmt_out.video.i_visible_width ||
++            p_dec->fmt_out.video.i_height < p_dec->fmt_out.video.i_visible_height )
+         {
+             /* Can't create a new vout without display size */
+             return NULL;
+-- 
+2.1.4
+

package/vlc/vlc.hash

@@ -1,6 +1,2 @@
-# From http://get.videolan.org/vlc/2.2.5.1/vlc-2.2.5.1.tar.xz.md5
-md5 7ab63964ffec4c92a54deb018f23318b vlc-2.2.5.1.tar.xz
-# From http://get.videolan.org/vlc/2.2.5.1/vlc-2.2.5.1.tar.xz.sha1
-sha1 042962dba68e1414aa563883b0172ee121cf9555 vlc-2.2.5.1.tar.xz
-# From http://get.videolan.org/vlc/2.2.5.1/vlc-2.2.5.1.tar.xz.sha256
-sha256 b28b8a28f578c0c6cb1ebed293aca2a3cd368906cf777d1ab599e2784ddda1cc vlc-2.2.5.1.tar.xz
+# From http://download.videolan.org/pub/videolan/vlc/2.2.6/vlc-2.2.6.tar.xz.sha256
+sha256 c403d3accd9a400eb2181c958f3e7bc5524fe5738425f4253d42883b425a42a8  vlc-2.2.6.tar.xz

package/vlc/vlc.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-VLC_VERSION = 2.2.5.1
+VLC_VERSION = 2.2.6
 VLC_SITE = http://get.videolan.org/vlc/$(VLC_VERSION)
 VLC_SOURCE = vlc-$(VLC_VERSION).tar.xz
 VLC_LICENSE = GPL-2.0+, LGPL-2.1+

package/x11r7/xlib_libxshmfence/Config.in

@@ -1,5 +1,6 @@
 config BR2_PACKAGE_XLIB_LIBXSHMFENCE
 	bool "libxshmfence"
+	depends on BR2_TOOLCHAIN_HAS_SYNC_4
 	select BR2_PACKAGE_XPROTO_XPROTO
 	help
 	  X.Org shmfence library

package/x11r7/xserver_xorg-server/1.14.7/0001-sdksyms-gcc5.patch

@@ -0,0 +1,50 @@
+From 21b896939c5bb242f3aacc37baf12379e43254b6 Mon Sep 17 00:00:00 2001
+From: Egbert Eich <eich@freedesktop.org>
+Date: Tue, 3 Mar 2015 16:27:05 +0100
+Subject: symbols: Fix sdksyms.sh to cope with gcc5
+
+Gcc5 adds additional lines stating line numbers before and
+after __attribute__() which need to be skipped.
+
+Downloaded from upstream commit
+https://cgit.freedesktop.org/xorg/xserver/commit/hw/xfree86/sdksyms.sh?id=21b896939c5bb242f3aacc37baf12379e43254b6
+
+Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
+Signed-off-by: Egbert Eich <eich@freedesktop.org>
+Tested-by: Daniel Stone <daniels@collabora.com>
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+
+diff --git a/hw/xfree86/sdksyms.sh b/hw/xfree86/sdksyms.sh
+index 2305073..05ac410 100755
+--- a/hw/xfree86/sdksyms.sh
++++ b/hw/xfree86/sdksyms.sh
+@@ -350,13 +350,25 @@ BEGIN {
+     if (sdk) {
+ 	n = 3;
+ 
++        # skip line numbers GCC 5 adds before __attribute__
++        while ($n == "" || $0 ~ /^# [0-9]+ "/) {
++           getline;
++           n = 1;
++        }
++
+ 	# skip attribute, if any
+ 	while ($n ~ /^(__attribute__|__global)/ ||
+ 	    # skip modifiers, if any
+ 	    $n ~ /^\*?(unsigned|const|volatile|struct|_X_EXPORT)$/ ||
+ 	    # skip pointer
+-	    $n ~ /^[a-zA-Z0-9_]*\*$/)
++	    $n ~ /^[a-zA-Z0-9_]*\*$/) {
+ 	    n++;
++            # skip line numbers GCC 5 adds after __attribute__
++            while ($n == "" || $0 ~ /^# [0-9]+ "/) {
++               getline;
++               n = 1;
++            }
++        }
+ 
+ 	# type specifier may not be set, as in
+ 	#   extern _X_EXPORT unsigned name(...)
+-- 
+cgit v0.10.2
+

package/x11r7/xserver_xorg-server/Config.in

@@ -114,7 +114,8 @@ config BR2_PACKAGE_XSERVER_XORG_SERVER_MODULAR
 	select BR2_PACKAGE_LIBDRM if (BR2_PACKAGE_XPROTO_XF86DRIPROTO || \
 		BR2_PACKAGE_XPROTO_DRI2PROTO)
 	select BR2_PACKAGE_LIBPCIACCESS
-	select BR2_PACKAGE_XLIB_LIBXSHMFENCE if BR2_PACKAGE_XPROTO_DRI3PROTO
+	select BR2_PACKAGE_XLIB_LIBXSHMFENCE if \
+		(BR2_PACKAGE_XPROTO_DRI3PROTO && BR2_TOOLCHAIN_HAS_SYNC_4)
 	help
 	  This variant of the X.org server is the full-blown variant,
 	  as used by desktop GNU/Linux distributions. The drivers (for

package/x11r7/xserver_xorg-server/xserver_xorg-server.mk

@@ -220,7 +220,7 @@ XSERVER_XORG_SERVER_CONF_OPTS += --enable-dri2
 else
 XSERVER_XORG_SERVER_CONF_OPTS += --disable-dri2
 endif
-ifeq ($(BR2_PACKAGE_XPROTO_DRI3PROTO),y)
+ifeq ($(BR2_PACKAGE_XLIB_LIBXSHMFENCE)$(BR2_PACKAGE_XPROTO_DRI3PROTO),yy)
 XSERVER_XORG_SERVER_DEPENDENCIES += xlib_libxshmfence xproto_dri3proto
 XSERVER_XORG_SERVER_CONF_OPTS += --enable-dri3
 ifeq ($(BR2_PACKAGE_HAS_LIBGL)$(BR2_PACKAGE_LIBEPOXY),yy)

package/x264/x264.mk

@@ -10,7 +10,7 @@ X264_LICENSE = GPL-2.0+
 X264_DEPENDENCIES = host-pkgconf
 X264_LICENSE_FILES = COPYING
 X264_INSTALL_STAGING = YES
-X264_CONF_OPTS = --disable-avs
+X264_CONF_OPTS = --disable-avs --disable-lavf --disable-swscale
 
 ifeq ($(BR2_i386)$(BR2_x86_64),y)
 # yasm needed for assembly files

package/xen/0008-arm-fix-build-with-gcc-7.patch

@@ -0,0 +1,70 @@
+From 9d3011bd1cd29f8f3841bf1b64d5ead9ed1434e8 Mon Sep 17 00:00:00 2001
+From: Jan Beulich <jbeulich@suse.com>
+Date: Fri, 19 May 2017 10:12:08 +0200
+Subject: [PATCH] arm: fix build with gcc 7
+
+The compiler dislikes duplicate "const", and the ones it complains
+about look like they we in fact meant to be placed differently.
+
+Also fix array_access_okay() (just like on x86), despite the construct
+being unused on ARM: -Wint-in-bool-context, enabled by default in
+gcc 7, doesn't like multiplication in conditional operators. "Hide" it,
+at the risk of the next compiler version becoming smarter and
+recognizing even that. (The hope is that added smartness then would
+also better deal with legitimate cases like the one here.) The change
+could have been done in access_ok(), but I think we better keep it at
+the place the compiler is actually unhappy about.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Reviewed-by: Julien Grall <julien.grall@arm.com>
+Release-acked-by: Julien Grall <julien.grall@arm.com>
+Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
+---
+ xen/arch/arm/platforms/brcm.c      | 2 +-
+ xen/arch/arm/platforms/rcar2.c     | 2 +-
+ xen/include/asm-arm/guest_access.h | 3 ++-
+ 3 files changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/xen/arch/arm/platforms/brcm.c b/xen/arch/arm/platforms/brcm.c
+index 6d8b5b9175..d481b2c60f 100644
+--- a/xen/arch/arm/platforms/brcm.c
++++ b/xen/arch/arm/platforms/brcm.c
+@@ -271,7 +271,7 @@ static __init int brcm_init(void)
+     return brcm_populate_plat_regs();
+ }
+ 
+-static const char const *brcm_dt_compat[] __initconst =
++static const char *const brcm_dt_compat[] __initconst =
+ {
+     "brcm,bcm7445d0",
+     NULL
+diff --git a/xen/arch/arm/platforms/rcar2.c b/xen/arch/arm/platforms/rcar2.c
+index bb25751109..df0ac84709 100644
+--- a/xen/arch/arm/platforms/rcar2.c
++++ b/xen/arch/arm/platforms/rcar2.c
+@@ -46,7 +46,7 @@ static int __init rcar2_smp_init(void)
+     return 0;
+ }
+ 
+-static const char const *rcar2_dt_compat[] __initdata =
++static const char *const rcar2_dt_compat[] __initconst =
+ {
+     "renesas,lager",
+     NULL
+diff --git a/xen/include/asm-arm/guest_access.h b/xen/include/asm-arm/guest_access.h
+index 5876988b23..421bca5f36 100644
+--- a/xen/include/asm-arm/guest_access.h
++++ b/xen/include/asm-arm/guest_access.h
+@@ -8,7 +8,8 @@
+ #define access_ok(addr,size) (1)
+ 
+ #define array_access_ok(addr,count,size) \
+-    (likely(count < (~0UL/size)) && access_ok(addr,count*size))
++    (likely((count) < (~0UL / (size))) && \
++     access_ok(addr, 0 + (count) * (size)))
+ 
+ unsigned long raw_copy_to_guest(void *to, const void *from, unsigned len);
+ unsigned long raw_copy_to_guest_flush_dcache(void *to, const void *from,
+-- 
+2.11.0
+