Update for 2020.05.1

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

CHANGES

@@ -1,3 +1,66 @@
+2020.05.1, released July 25th, 2020
+
+	Important / security related fixes.
+
+	Toolchain:
+	- Make external toolchain version check also work for
+	  toolchains configured with --with-gcc-major-version-only
+
+	- Do not handle SOURCE_DATE_EPOCH in toolchain wrapper if the
+	  compiler supports it, fixing an issue with precompiled
+	  headers
+
+	- Ensure debug libs from external toolchains are not installed
+          into target if debugging is disabled
+
+	Download:
+	- Correct reproducibility issue in handling of git submodules
+	  for older git versions.
+
+	- Fix file locking over NFS
+
+	fs: Ensure cpio archive element order is reproducible
+
+	Br2-external: Fix error reporting for invalid br2-external trees
+
+	Per-package:
+	- Fix an issue with python3 sysconfig data not getting
+	correctly expanded
+
+	- Fix per-package building for packages using the qmake
+          infrastructure
+
+	Updated/fixed packages: a10disp, asterisk, bind, brltty,
+	cdrkit, clamav, cryptodev-linux, dbus, docker-cli,
+	docker-engine, dvb-apps, e2fsprogs, exim, exiv2, freerdp, gdb,
+	gdk-pixbuf, gerbera, gnutls, go, granite, grub2, gssdp,
+	gst1-plugins-good, gst1-plugins-ugly, gupnp, intel-microcode,
+	iproute2, irrlicht, iwd, jq, kodi, libcamera, libcec,
+	libconfuse, libcurl, libevdev, libhttpserver, libmicrohttpd,
+	libnss, libressl, libvncserver, libxml2, libxmlrpc, lxc,
+	mbedtls, mediastreamer, mesa3d, meson, minizip, mongodb,
+	mtools, mutt, nano, network-manager, nghttp2, ngircd, nodejs,
+	ntp, open-plc-utils, open2300, openjdk-bin, openssh,
+	oracle-mysql, paho-mqtt-c, pango, php, poco, prosody, putty,
+	python-greenlet, python-urllib3, python-validators, python3,
+	readline, redis, rpi-firmware, rtl8821au, samba4, sdl2,
+	sqlite, squid, strace, sunxi-mali-mainline-driver, syslog-ng,
+	systemd, tcpreplay, tinydtls, upmpdcli, upx, vlc, webkitgtk,
+	wireguard-linux-compat, wireshark, wpebackend-fdo, wpewebkit,
+	x11vnc, znc, zstd
+
+	Issues resolved (http://bugs.uclibc.org):
+
+	#12941: Python GObject fails to build when using BR2_PER_PACKAGE_..
+	#12946: Grub: Decompressor is too big.
+	#12986: Mtools: Error converting to codepage 850
+	#13001: openjdk-bin replaces libfreetype.so from host-freetype
+	#13011: Incorrect selection of gcc version
+	#13021: Minor code error when building granite-0.4.1
+	#13026: rpi-firmware: must not rename start files
+	#13031: nodejs: RangeError at new ArrayBuffer()
+	#13046: Optimize for fast -Ofast is not compliant
+
 2020.05, released June 1st, 2020
 
 	Various fixes.

Config.in

@@ -516,13 +516,14 @@ config BR2_OPTIMIZE_S
 	  This is the default.
 
 config BR2_OPTIMIZE_FAST
-	bool "optimize for fast"
+	bool "optimize for fast (may break packages!)"
 	depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_6
 	help
 	  Optimize for fast. Disregard strict standards
 	  compliance. -Ofast enables all -O3 optimizations. It also
 	  enables optimizations that are not valid for all
-	  standard-compliant programs. It turns on -ffast-math and the
+	  standard-compliant programs, so be careful, as it may break
+	  some packages. It turns on -ffast-math and the
 	  Fortran-specific -fstack-arrays, unless -fmax-stack-var-size
 	  is specified, and -fno-protect-parens.
 

DEVELOPERS

@@ -1843,7 +1843,7 @@ N:	Murat Demirten <mdemirten@yh.com.tr>
 F:	package/jpeg-turbo/
 F:	package/libgeotiff/
 
-N:	Mylène Josserand <mylene.josserand@bootlin.com>
+N:	Mylène Josserand <mylene.josserand@collabora.com>
 F:	package/rtl8723bu/
 
 N:	Nathaniel Roach <nroach44@gmail.com>

Makefile

@@ -92,9 +92,9 @@ all:
 .PHONY: all
 
 # Set and export the version string
-export BR2_VERSION := 2020.05
+export BR2_VERSION := 2020.05.1
 # Actual time the release is cut (for reproducible builds)
-BR2_VERSION_EPOCH = 1591045000
+BR2_VERSION_EPOCH = 1595662000
 
 # Save running make version since it's clobbered by the make package
 RUNNING_MAKE_VERSION := $(MAKE_VERSION)
@@ -457,12 +457,12 @@ endif
 
 ifneq ($(HOST_DIR),$(BASE_DIR)/host)
 HOST_DIR_SYMLINK = $(BASE_DIR)/host
-$(HOST_DIR_SYMLINK): $(BASE_DIR)
+$(HOST_DIR_SYMLINK): | $(BASE_DIR)
 	ln -snf $(HOST_DIR) $(HOST_DIR_SYMLINK)
 endif
 
 STAGING_DIR_SYMLINK = $(BASE_DIR)/staging
-$(STAGING_DIR_SYMLINK): $(BASE_DIR)
+$(STAGING_DIR_SYMLINK): | $(BASE_DIR)
 	ln -snf $(STAGING_DIR) $(STAGING_DIR_SYMLINK)
 
 # Quotes are needed for spaces and all in the original PATH content.
@@ -757,6 +757,7 @@ ifneq ($(BR2_PACKAGE_GDB),y)
 endif
 ifneq ($(BR2_PACKAGE_BASH),y)
 	rm -rf $(TARGET_DIR)/usr/share/bash-completion
+	rm -rf $(TARGET_DIR)/etc/bash_completion.d
 endif
 ifneq ($(BR2_PACKAGE_ZSH),y)
 	rm -rf $(TARGET_DIR)/usr/share/zsh
@@ -766,6 +767,9 @@ endif
 	rm -rf $(TARGET_DIR)/usr/doc $(TARGET_DIR)/usr/share/doc
 	rm -rf $(TARGET_DIR)/usr/share/gtk-doc
 	rmdir $(TARGET_DIR)/usr/share 2>/dev/null || true
+ifneq ($(BR2_ENABLE_DEBUG):$(BR2_STRIP_strip),y:)
+	rm -rf $(TARGET_DIR)/lib/debug $(TARGET_DIR)/usr/lib/debug
+endif
 	$(STRIP_FIND_CMD) | xargs -0 $(STRIPCMD) 2>/dev/null || true
 	$(STRIP_FIND_SPECIAL_LIBS_CMD) | xargs -0 -r $(STRIPCMD) $(STRIP_STRIP_DEBUG) 2>/dev/null || true
 

arch/Config.in.x86

@@ -1,6 +1,8 @@
 # i386/x86_64 cpu features
 config BR2_X86_CPU_HAS_MMX
 	bool
+config BR2_X86_CPU_HAS_3DNOW
+	bool
 config BR2_X86_CPU_HAS_SSE
 	bool
 config BR2_X86_CPU_HAS_SSE2
@@ -155,15 +157,18 @@ config BR2_x86_k6_2
 	bool "k6-2"
 	depends on !BR2_x86_64
 	select BR2_X86_CPU_HAS_MMX
+	select BR2_X86_CPU_HAS_3DNOW
 config BR2_x86_athlon
 	bool "athlon"
 	depends on !BR2_x86_64
 	select BR2_X86_CPU_HAS_MMX
+	select BR2_X86_CPU_HAS_3DNOW
 config BR2_x86_athlon_4
 	bool "athlon-4"
 	depends on !BR2_x86_64
 	select BR2_X86_CPU_HAS_MMX
 	select BR2_X86_CPU_HAS_SSE
+	select BR2_X86_CPU_HAS_3DNOW
 config BR2_x86_opteron
 	bool "opteron"
 	select BR2_X86_CPU_HAS_MMX
@@ -209,6 +214,7 @@ config BR2_x86_c3
 	bool "Via/Cyrix C3 (Samuel/Ezra cores)"
 	depends on !BR2_x86_64
 	select BR2_X86_CPU_HAS_MMX
+	select BR2_X86_CPU_HAS_3DNOW
 config BR2_x86_c32
 	bool "Via C3-2 (Nehemiah cores)"
 	depends on !BR2_x86_64

board/raspberrypi/genimage-raspberrypi4-64.cfg

@@ -4,8 +4,8 @@ image boot.vfat {
       "bcm2711-rpi-4-b.dtb",
       "rpi-firmware/cmdline.txt",
       "rpi-firmware/config.txt",
-      "rpi-firmware/fixup4.dat",
-      "rpi-firmware/start4.elf",
+      "rpi-firmware/fixup.dat",
+      "rpi-firmware/start.elf",
       "rpi-firmware/overlays",
       "Image"
     }

board/raspberrypi/genimage-raspberrypi4.cfg

@@ -4,8 +4,8 @@ image boot.vfat {
       "bcm2711-rpi-4-b.dtb",
       "rpi-firmware/cmdline.txt",
       "rpi-firmware/config.txt",
-      "rpi-firmware/fixup4.dat",
-      "rpi-firmware/start4.elf",
+      "rpi-firmware/fixup.dat",
+      "rpi-firmware/start.elf",
       "rpi-firmware/overlays",
       "zImage"
     }

boot/grub2/0001-build-Fix-GRUB-i386-pc-build-with-Ubuntu-gcc.patch

@@ -0,0 +1,313 @@
+From 6643507ce30f775008e093580f0c9499dfb2c485 Mon Sep 17 00:00:00 2001
+From: Simon Hardy <simon.hardy@itdev.co.uk>
+Date: Tue, 24 Mar 2020 13:29:12 +0000
+Subject: build: Fix GRUB i386-pc build with Ubuntu gcc
+
+With recent versions of gcc on Ubuntu a very large lzma_decompress.img file is
+output. (e.g. 134479600 bytes instead of 2864.) This causes grub-mkimage to
+fail with: "error: Decompressor is too big."
+
+This seems to be caused by a section .note.gnu.property that is placed at an
+offset such that objcopy needs to pad the img file with zeros.
+
+This issue is present on:
+Ubuntu 19.10 with gcc (Ubuntu 8.3.0-26ubuntu1~19.10) 8.3.0
+Ubuntu 19.10 with gcc (Ubuntu 9.2.1-9ubuntu2) 9.2.1 20191008
+
+This issue is not present on:
+Ubuntu 19.10 with gcc (Ubuntu 7.5.0-3ubuntu1~19.10) 7.5.0
+RHEL 8.0 with gcc 8.3.1 20190507 (Red Hat 8.3.1-4)
+
+The issue can be fixed by removing the section using objcopy as shown in
+this patch.
+
+Signed-off-by: Simon Hardy <simon.hardy@itdev.co.uk>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+[Retrieved (and updated to directly patch Makefile.in instead of
+gentpl.py to avoid adding a dependency on python) from:
+http://git.savannah.gnu.org/cgit/grub.git/commit/?id=6643507ce30f775008e093580f0c9499dfb2c485]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[yann.morin.1998@free.fr:
+  - keep the part patching gentpl.py
+  - restore it as a git-formatted patch
+  - introduce the hunk about the generated .am file
+]
+Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
+---
+ gentpl.py             |    2     1     1     0 +-
+ grub-core/Makefile.in |   38    19    19     0 +++++++++++++++++++-------------------
+ 2 files changed, 20 insertions(+), 20 deletions(-)
+
+diff --git a/gentpl.py b/gentpl.py
+index 387588c05..c86550d4f 100644
+--- a/gentpl.py
++++ b/gentpl.py
+@@ -766,7 +766,7 @@ def image(defn, platform):
+ if test x$(TARGET_APPLE_LINKER) = x1; then \
+   $(MACHO2IMG) $< $@; \
+ else \
+-  $(TARGET_OBJCOPY) $(""" + cname(defn) + """_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; \
++  $(TARGET_OBJCOPY) $(""" + cname(defn) + """_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; \
+ fi
+ """)
+ 
+diff --git a/grub-core/Makefile.core.am b/grub-core/Makefile.core.am
+index 387588c05..c86550d4f 100644
+--- a/grub-core/Makefile.core.am
++++ 2/grub-core/Makefile.core.am
+@@ -22897,7 +22897,7 @@
+ CLEANFILES += boot.img
+ 
+ boot.img: boot.image$(EXEEXT)
+-	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(boot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
++	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(boot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
+ 	
+ endif
+ 
+@@ -22918,7 +22918,7 @@
+ CLEANFILES += boot.img
+ 
+ boot.img: boot.image$(EXEEXT)
+-	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(boot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
++	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(boot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
+ 	
+ endif
+ 
+@@ -22939,7 +22939,7 @@
+ CLEANFILES += boot.img
+ 
+ boot.img: boot.image$(EXEEXT)
+-	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(boot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
++	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(boot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
+ 	
+ endif
+ 
+@@ -22960,7 +22960,7 @@
+ CLEANFILES += boot_hybrid.img
+ 
+ boot_hybrid.img: boot_hybrid.image$(EXEEXT)
+-	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(boot_hybrid_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
++	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(boot_hybrid_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
+ 	
+ endif
+ 
+@@ -22981,7 +22981,7 @@
+ CLEANFILES += cdboot.img
+ 
+ cdboot.img: cdboot.image$(EXEEXT)
+-	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(cdboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
++	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(cdboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
+ 	
+ endif
+ 
+@@ -23002,7 +23002,7 @@
+ CLEANFILES += cdboot.img
+ 
+ cdboot.img: cdboot.image$(EXEEXT)
+-	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(cdboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
++	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(cdboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
+ 	
+ endif
+ 
+@@ -23023,7 +23023,7 @@
+ CLEANFILES += pxeboot.img
+ 
+ pxeboot.img: pxeboot.image$(EXEEXT)
+-	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(pxeboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
++	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(pxeboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
+ 	
+ endif
+ 
+@@ -23044,7 +23044,7 @@
+ CLEANFILES += diskboot.img
+ 
+ diskboot.img: diskboot.image$(EXEEXT)
+-	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(diskboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
++	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(diskboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
+ 	
+ endif
+ 
+@@ -23065,7 +23065,7 @@
+ CLEANFILES += diskboot.img
+ 
+ diskboot.img: diskboot.image$(EXEEXT)
+-	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(diskboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
++	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(diskboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
+ 	
+ endif
+ 
+@@ -23086,7 +23086,7 @@
+ CLEANFILES += lnxboot.img
+ 
+ lnxboot.img: lnxboot.image$(EXEEXT)
+-	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(lnxboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
++	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(lnxboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
+ 	
+ endif
+ 
+@@ -23107,7 +23107,7 @@
+ CLEANFILES += xz_decompress.img
+ 
+ xz_decompress.img: xz_decompress.image$(EXEEXT)
+-	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(xz_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
++	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(xz_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
+ 	
+ endif
+ 
+@@ -23128,7 +23128,7 @@
+ CLEANFILES += xz_decompress.img
+ 
+ xz_decompress.img: xz_decompress.image$(EXEEXT)
+-	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(xz_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
++	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(xz_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
+ 	
+ endif
+ 
+@@ -23149,7 +23149,7 @@
+ CLEANFILES += xz_decompress.img
+ 
+ xz_decompress.img: xz_decompress.image$(EXEEXT)
+-	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(xz_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
++	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(xz_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
+ 	
+ endif
+ 
+@@ -23170,7 +23170,7 @@
+ CLEANFILES += none_decompress.img
+ 
+ none_decompress.img: none_decompress.image$(EXEEXT)
+-	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(none_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
++	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(none_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
+ 	
+ endif
+ 
+@@ -23191,7 +23191,7 @@
+ CLEANFILES += none_decompress.img
+ 
+ none_decompress.img: none_decompress.image$(EXEEXT)
+-	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(none_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
++	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(none_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
+ 	
+ endif
+ 
+@@ -23212,7 +23212,7 @@
+ CLEANFILES += none_decompress.img
+ 
+ none_decompress.img: none_decompress.image$(EXEEXT)
+-	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(none_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
++	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(none_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
+ 	
+ endif
+ 
+@@ -23233,7 +23233,7 @@
+ CLEANFILES += lzma_decompress.img
+ 
+ lzma_decompress.img: lzma_decompress.image$(EXEEXT)
+-	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(lzma_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
++	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(lzma_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
+ 	
+ endif
+ 
+@@ -23254,7 +23254,7 @@
+ CLEANFILES += fwstart.img
+ 
+ fwstart.img: fwstart.image$(EXEEXT)
+-	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(fwstart_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
++	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(fwstart_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
+ 	
+ endif
+ 
+@@ -23275,7 +23275,7 @@
+ CLEANFILES += fwstart_fuloong2f.img
+ 
+ fwstart_fuloong2f.img: fwstart_fuloong2f.image$(EXEEXT)
+-	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(fwstart_fuloong2f_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
++	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(fwstart_fuloong2f_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
+ 	
+ endif
+ 
+diff --git a/grub-core/Makefile.in b/grub-core/Makefile.in
+index 387588c05..c86550d4f 100644
+--- a/grub-core/Makefile.in
++++ b/grub-core/Makefile.in
+@@ -46531,61 +46531,61 @@
+ @COND_riscv64_efi_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(TARGET_STRIP) -S -x $(kernel_exec) -o $@.bin $<;   $(TARGET_OBJCONV) -f$(TARGET_MODULE_FORMAT) -nr:_grub_mod_init:grub_mod_init -nr:_grub_mod_fini:grub_mod_fini -ed2022 -ed2016 -wd1106 -nu -nd $@.bin $@;   rm -f $@.bin;    elif test ! -z '$(TARGET_OBJ2ELF)'; then      $(TARGET_STRIP) $(kernel_exec_STRIPFLAGS) -o $@.bin $< &&      $(TARGET_OBJ2ELF) $@.bin $@ || (rm -f $@; rm -f $@.bin; exit 1);      rm -f $@.bin; else $(TARGET_STRIP) $(kernel_exec_STRIPFLAGS) -o $@ $<; fi
+ 
+ @COND_i386_pc_TRUE@boot.img: boot.image$(EXEEXT)
+-@COND_i386_pc_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(boot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
++@COND_i386_pc_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(boot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
+ 
+ @COND_i386_qemu_TRUE@boot.img: boot.image$(EXEEXT)
+-@COND_i386_qemu_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(boot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
++@COND_i386_qemu_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(boot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
+ 
+ @COND_sparc64_ieee1275_TRUE@boot.img: boot.image$(EXEEXT)
+-@COND_sparc64_ieee1275_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(boot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
++@COND_sparc64_ieee1275_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(boot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
+ 
+ @COND_i386_pc_TRUE@boot_hybrid.img: boot_hybrid.image$(EXEEXT)
+-@COND_i386_pc_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(boot_hybrid_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
++@COND_i386_pc_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(boot_hybrid_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
+ 
+ @COND_i386_pc_TRUE@cdboot.img: cdboot.image$(EXEEXT)
+-@COND_i386_pc_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(cdboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
++@COND_i386_pc_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(cdboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
+ 
+ @COND_sparc64_ieee1275_TRUE@cdboot.img: cdboot.image$(EXEEXT)
+-@COND_sparc64_ieee1275_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(cdboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
++@COND_sparc64_ieee1275_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(cdboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
+ 
+ @COND_i386_pc_TRUE@pxeboot.img: pxeboot.image$(EXEEXT)
+-@COND_i386_pc_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(pxeboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
++@COND_i386_pc_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(pxeboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
+ 
+ @COND_i386_pc_TRUE@diskboot.img: diskboot.image$(EXEEXT)
+-@COND_i386_pc_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(diskboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
++@COND_i386_pc_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(diskboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
+ 
+ @COND_sparc64_ieee1275_TRUE@diskboot.img: diskboot.image$(EXEEXT)
+-@COND_sparc64_ieee1275_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(diskboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
++@COND_sparc64_ieee1275_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(diskboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
+ 
+ @COND_i386_pc_TRUE@lnxboot.img: lnxboot.image$(EXEEXT)
+-@COND_i386_pc_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(lnxboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
++@COND_i386_pc_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(lnxboot_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
+ 
+ @COND_mips_loongson_TRUE@xz_decompress.img: xz_decompress.image$(EXEEXT)
+-@COND_mips_loongson_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(xz_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
++@COND_mips_loongson_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(xz_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
+ 
+ @COND_mips_arc_TRUE@xz_decompress.img: xz_decompress.image$(EXEEXT)
+-@COND_mips_arc_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(xz_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
++@COND_mips_arc_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(xz_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
+ 
+ @COND_mips_qemu_mips_TRUE@xz_decompress.img: xz_decompress.image$(EXEEXT)
+-@COND_mips_qemu_mips_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(xz_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
++@COND_mips_qemu_mips_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(xz_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
+ 
+ @COND_mips_loongson_TRUE@none_decompress.img: none_decompress.image$(EXEEXT)
+-@COND_mips_loongson_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(none_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
++@COND_mips_loongson_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(none_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
+ 
+ @COND_mips_arc_TRUE@none_decompress.img: none_decompress.image$(EXEEXT)
+-@COND_mips_arc_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(none_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
++@COND_mips_arc_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(none_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
+ 
+ @COND_mips_qemu_mips_TRUE@none_decompress.img: none_decompress.image$(EXEEXT)
+-@COND_mips_qemu_mips_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(none_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
++@COND_mips_qemu_mips_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(none_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
+ 
+ @COND_i386_pc_TRUE@lzma_decompress.img: lzma_decompress.image$(EXEEXT)
+-@COND_i386_pc_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(lzma_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
++@COND_i386_pc_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(lzma_decompress_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
+ 
+ @COND_mips_loongson_TRUE@fwstart.img: fwstart.image$(EXEEXT)
+-@COND_mips_loongson_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(fwstart_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
++@COND_mips_loongson_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(fwstart_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
+ 
+ @COND_mips_loongson_TRUE@fwstart_fuloong2f.img: fwstart_fuloong2f.image$(EXEEXT)
+-@COND_mips_loongson_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(fwstart_fuloong2f_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; fi
++@COND_mips_loongson_TRUE@	if test x$(TARGET_APPLE_LINKER) = x1; then   $(MACHO2IMG) $< $@; else   $(TARGET_OBJCOPY) $(fwstart_fuloong2f_image_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; fi
+ 
+ @COND_MAN_PAGES_TRUE@@COND_emu_TRUE@grub-emu.1: grub-emu 
+ @COND_MAN_PAGES_TRUE@@COND_emu_TRUE@	chmod a+x grub-emu

boot/grub2/grub2.mk

@@ -13,6 +13,14 @@ GRUB2_DEPENDENCIES = host-bison host-flex host-grub2
 HOST_GRUB2_DEPENDENCIES = host-bison host-flex
 GRUB2_INSTALL_IMAGES = YES
 
+# 0001-build-Fix-GRUB-i386-pc-build-with-Ubuntu-gcc.patch
+define GRUB2_AVOID_AUTORECONF
+	$(Q)touch $(@D)/Makefile.util.am
+	$(Q)touch $(@D)/Makefile.in
+endef
+GRUB2_POST_PATCH_HOOKS += GRUB2_AVOID_AUTORECONF
+HOST_GRUB2_POST_PATCH_HOOKS += GRUB2_AVOID_AUTORECONF
+
 ifeq ($(BR2_TARGET_GRUB2_INSTALL_TOOLS),y)
 GRUB2_INSTALL_TARGET = YES
 else

docs/manual/adding-packages-generic.txt

@@ -452,7 +452,7 @@ not and can not work as people would expect it should:
   of the manifest file for this package.
 
 * +LIBFOO_ACTUAL_SOURCE_TARBALL+ only applies to packages whose
-  +LIBFOO_SITE+ / +LIBTOO_SOURCE+ pair points to an archive that does
+  +LIBFOO_SITE+ / +LIBFOO_SOURCE+ pair points to an archive that does
   not actually contain source code, but binary code. This a very
   uncommon case, only known to apply to external toolchains which come
   already compiled, although theoretically it might apply to other

fs/cpio/cpio.mk

@@ -37,7 +37,11 @@ ROOTFS_CPIO_OPTS += --reproducible
 endif
 
 define ROOTFS_CPIO_CMD
-	cd $(TARGET_DIR) && find . | cpio $(ROOTFS_CPIO_OPTS) --quiet -o -H newc > $@
+	cd $(TARGET_DIR) && \
+	find . \
+	| LC_ALL=C sort \
+	| cpio $(ROOTFS_CPIO_OPTS) --quiet -o -H newc \
+	> $@
 endef
 
 ifeq ($(BR2_TARGET_ROOTFS_CPIO_UIMAGE),y)

linux/Config.in

@@ -128,7 +128,7 @@ endif
 
 config BR2_LINUX_KERNEL_VERSION
 	string
-	default "5.6.15" if BR2_LINUX_KERNEL_LATEST_VERSION
+	default "5.6.16" if BR2_LINUX_KERNEL_LATEST_VERSION
 	default "4.19.118-cip25" if BR2_LINUX_KERNEL_LATEST_CIP_VERSION
 	default "4.19.115-cip24-rt9" if BR2_LINUX_KERNEL_LATEST_CIP_RT_VERSION
 	default BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE \

linux/linux.hash

@@ -1,12 +1,12 @@
 # From https://www.kernel.org/pub/linux/kernel/v5.x/sha256sums.asc
-sha256  65ab799393d490463c610270634874dfcb66440a312837d04b51bbb69323034e  linux-5.6.15.tar.xz
+sha256  25504b4de7baf912071d1ed40b13af0689305442b9dea9218fd096d8bd997cf7  linux-5.6.16.tar.xz
 sha256  1448334371fb52f511255726832464d33877a210a7350260fb18eb225ae211eb  linux-5.5.19.tar.xz
-sha256  2667b90a42d42557aca9e3d37bba1b4e71809b9523958e6870ada311c4790744  linux-5.4.43.tar.xz
+sha256  103f039f34a9009c42ea643b4f473bda6bb9607d5ad7f63b56b3e2351615fe2e  linux-5.4.45.tar.xz
 # From https://www.kernel.org/pub/linux/kernel/v4.x/sha256sums.asc
-sha256  49474956a6149c16cbcba862d1f4db54835a32d336063c75094f669f1c34c65e  linux-4.4.225.tar.xz
-sha256  e547748c548b0f55f665bc78cfec322e7b96f41527b5e4b5d79430fdaa57c3e8  linux-4.9.225.tar.xz
-sha256  671d1f1d5ad0ae74fb21ee70a5544400e7d6270098d3f8b134484ded2c3e5b90  linux-4.14.182.tar.xz
-sha256  9843f40efb37491770688810d153d0779daed8eb097773a0de5abf2cb0d1bd7e  linux-4.19.125.tar.xz
+sha256  418299385195f09b27e371a35f305f3aff148e7557a341b53460091303aa9bb7  linux-4.4.226.tar.xz
+sha256  460a8c168fe5c60ce5b30015a4e4bf348d93a89f8b949de1f90779567ef345ca  linux-4.9.226.tar.xz
+sha256  4265afef56819b04656107a5abecde205c5bc5fb04b2e81447955e7e45db8085  linux-4.14.183.tar.xz
+sha256  82af886bc588b5c8d7474beb2bac13810ee3ed07da356a2553c81ae8e52e586f  linux-4.19.127.tar.xz
 # Locally computed
 sha256  ea53913813cb5a9069608532b327de7a7ed0fdc8fed8c6f10cd55d1ac6a58ffb  linux-cip-4.19.118-cip25.tar.gz
 sha256  7f0a0db0e1cfb14053523f4432f1ad1468b5bd42305b44905c4b103466c8d655  linux-cip-4.19.115-cip24-rt9.tar.gz

package/a10disp/a10disp.hash

@@ -1,2 +1,3 @@
 # Locally calculated
-sha256 5077405030e8f97a1edd4b86d469466abbc4d32b4a4609e58459347fcd1ba35b a10disp-0.6.1.tar.gz
+sha256  5077405030e8f97a1edd4b86d469466abbc4d32b4a4609e58459347fcd1ba35b  a10disp-0.6.1.tar.gz
+sha256  ddf849966f57fee8f9675f5a3c7791353d1cba71695cd58016212fc236bbdbee  a10disp.c

package/a10disp/a10disp.mk

@@ -7,6 +7,7 @@
 A10DISP_VERSION = 0.6.1
 A10DISP_SITE = $(call github,hglm,a10disp,v$(A10DISP_VERSION))
 A10DISP_LICENSE = MIT
+A10DISP_LICENSE_FILES = a10disp.c
 
 A10DISP_DEPENDENCIES = linux
 

package/asterisk/asterisk.hash

@@ -1,5 +1,5 @@
 # Locally computed
-sha256  474cbc6f9dddee94616f8af8e097bc4d340dc9698c4165dc45be6e0be80ff725  asterisk-16.6.2.tar.gz
+sha256  f0ba5e3c4ef46f6657dd3a7167190f9b6cd6bbf4af09ecc291a9d5868b477609  asterisk-16.10.0.tar.gz
 
 # sha1 from: http://downloads.asterisk.org/pub/telephony/sounds/releases
 # sha256 locally computed

package/asterisk/asterisk.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-ASTERISK_VERSION = 16.6.2
+ASTERISK_VERSION = 16.10.0
 # Use the github mirror: it's an official mirror maintained by Digium, and
 # provides tarballs, which the main Asterisk git tree (behind Gerrit) does not.
 ASTERISK_SITE = $(call github,asterisk,asterisk,$(ASTERISK_VERSION))

package/bind/bind.hash

@@ -1,4 +1,4 @@
-# Verified from https://ftp.isc.org/isc/bind9/9.11.19/bind-9.11.19.tar.gz.asc
+# Verified from https://ftp.isc.org/isc/bind9/9.11.20/bind-9.11.20.tar.gz.asc
 # with key AE3FAC796711EC59FC007AA474BB6B9A4CBB3D38
-sha256  0dee554a4caa368948b32da9a0c97b516c19103bc13ff5b3762c5d8552f52329  bind-9.11.19.tar.gz
+sha256  306831a738a275693bbe1d6839a09b34a2c8b5c26f8a42ea57ef000a6a99c2b6  bind-9.11.20.tar.gz
 sha256  da2aec2b7f6f0feb16bcb080e2c587375fd3195145f047e4d92d112f5b9db501  COPYRIGHT

package/bind/bind.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-BIND_VERSION = 9.11.19
+BIND_VERSION = 9.11.20
 BIND_SITE = https://ftp.isc.org/isc/bind9/$(BIND_VERSION)
 # bind does not support parallel builds.
 BIND_MAKE = $(MAKE1)

package/brltty/0002-fix-input_event-time-related-compile-fail.patch

@@ -0,0 +1,52 @@
+From 43390f9906a8c663872e0eab56c1173032d1bd6c Mon Sep 17 00:00:00 2001
+From: Heiko Thiery <heiko.thiery@gmail.com>
+Date: Sun, 7 Jun 2020 12:58:38 +0200
+Subject: [PATCH] fix input_event time related compile fail
+
+./system_linux.c: In function 'writeInputEvent':
+./system_linux.c:962:23: error: 'struct input_event' has no member named 'time'; did you mean 'type'?
+   gettimeofday(&event.time, NULL);
+                       ^~~~
+                       type
+
+Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
+---
+ Programs/system_linux.c | 13 ++++++++++++-
+ 1 file changed, 12 insertions(+), 1 deletion(-)
+
+diff --git a/Programs/system_linux.c b/Programs/system_linux.c
+index a97ee7ff6..77052d32f 100644
+--- a/Programs/system_linux.c
++++ b/Programs/system_linux.c
+@@ -40,6 +40,14 @@
+ #ifdef HAVE_LINUX_INPUT_H
+ #include <linux/input.h>
+ 
++#ifndef input_event_sec
++#define input_event_sec time.tv_sec
++#endif
++
++#ifndef input_event_usec
++#define input_event_usec time.tv_usec
++#endif
++
+ #include "kbd_keycodes.h"
+ 
+ LINUX_KEY_MAP(xt00) = {
+@@ -957,9 +965,12 @@ int
+ writeInputEvent (UinputObject *uinput, uint16_t type, uint16_t code, int32_t value) {
+ #ifdef HAVE_LINUX_UINPUT_H
+   struct input_event event;
++  struct timeval tv;
+ 
+   memset(&event, 0, sizeof(event));
+-  gettimeofday(&event.time, NULL);
++  gettimeofday(&tv, NULL);
++  event.input_event_sec = tv.tv_sec;
++  event.input_event_usec = tv.tv_usec;
+   event.type = type;
+   event.code = code;
+   event.value = value;
+-- 
+2.20.1
+

package/cdrkit/0003-Add-extern-to-char-outfile-declaration-to-fix-build-.patch

@@ -0,0 +1,30 @@
+From eabcc8a6e39dc3c28faee3e04aa56cc65a38d65a Mon Sep 17 00:00:00 2001
+From: Urja Rannikko <urjaman@gmail.com>
+Date: Sun, 19 Jul 2020 20:28:27 +0300
+Subject: [PATCH] Add extern to char* outfile declaration to fix build with gcc
+ 10
+
+Without this linking fails with a rather long spew of
+"multiple definition of `outfile'".
+
+Signed-off-by: Urja Rannikko <urjaman@gmail.com>
+---
+ genisoimage/genisoimage.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/genisoimage/genisoimage.h b/genisoimage/genisoimage.h
+index bbedfb0..82c859b 100644
+--- a/genisoimage/genisoimage.h
++++ b/genisoimage/genisoimage.h
+@@ -376,7 +376,7 @@ extern int	use_fileversion;
+ extern int	split_SL_component;
+ extern int	split_SL_field;
+ extern char	*trans_tbl;
+-char		*outfile;
++extern char	*outfile;
+ 
+ #define	JMAX		64	/* maximum Joliet file name length (spec) */
+ #define	JLONGMAX	103	/* out of spec Joliet file name length */
+-- 
+2.27.0
+

package/clamav/clamav.hash

@@ -1,5 +1,5 @@
 # Locally calculated
-sha256  ed3050c4569989ee7ab54c7b87246b41ed808259632849be0706467442dc0693  clamav-0.102.3.tar.gz
+sha256  eebd426a68020ecad0d2084b8c763e6898ccfd5febcae833d719640bb3ff391b  clamav-0.102.4.tar.gz
 sha256  0c4fd2fa9733fc9122503797648710851e4ee6d9e4969dd33fcbd8c63cd2f584  COPYING
 sha256  d72a145c90918184a05ef65a04c9e6f7466faa59bc1b82c8f6a8ddc7ddcb9bed  COPYING.bzip2
 sha256  dfb818a0d41411c6fb1c193c68b73018ceadd1994bda41ad541cbff292894bc6  COPYING.file

package/clamav/clamav.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-CLAMAV_VERSION = 0.102.3
+CLAMAV_VERSION = 0.102.4
 CLAMAV_SITE = https://www.clamav.net/downloads/production
 CLAMAV_LICENSE = GPL-2.0
 CLAMAV_LICENSE_FILES = COPYING COPYING.bzip2 COPYING.file COPYING.getopt \

package/cryptodev-linux/cryptodev-linux.hash

@@ -1,3 +1,3 @@
 # Locally calculated
-sha256 50cf34ecedc897edb11d1a24076f0d4cfcb704dcd294273bc03e2f6c3632fe2c cryptodev-linux-a1e738aef6249ee3bddf997e91e59b1210553209.tar.gz
+sha256 d67a4a306a0d449298af2448f8f324bf79ec9d41411eef0c92ed764b6d505eee cryptodev-linux-f2927e313b6a74408d17d152abb21aa59d113b46.tar.gz
 sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING

package/cryptodev-linux/cryptodev-linux.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-CRYPTODEV_LINUX_VERSION = a1e738aef6249ee3bddf997e91e59b1210553209
+CRYPTODEV_LINUX_VERSION = f2927e313b6a74408d17d152abb21aa59d113b46
 CRYPTODEV_LINUX_SITE = $(call github,cryptodev-linux,cryptodev-linux,$(CRYPTODEV_LINUX_VERSION))
 CRYPTODEV_LINUX_INSTALL_STAGING = YES
 CRYPTODEV_LINUX_LICENSE = GPL-2.0+

package/dbus/dbus.hash

@@ -1,6 +1,6 @@
 # Locally calculated after checking pgp signature
-# https://dbus.freedesktop.org/releases/dbus/dbus-1.12.16.tar.gz.asc
+# https://dbus.freedesktop.org/releases/dbus/dbus-1.12.18.tar.gz.asc
 # using key 36EC5A6448A4F5EF79BEFE98E05AE1478F814C4F
-sha256	54a22d2fa42f2eb2a871f32811c6005b531b9613b1b93a0d269b05e7549fec80  dbus-1.12.16.tar.gz
+sha256  64cf4d70840230e5e9bc784d153880775ab3db19d656ead8a0cb9c0ab5a95306  dbus-1.12.18.tar.gz
 # Locally calculated
-sha256	0e46f54efb12d04ab5c33713bacd0e140c9a35b57ae29e03c853203266e8f3a1  COPYING
+sha256  0e46f54efb12d04ab5c33713bacd0e140c9a35b57ae29e03c853203266e8f3a1  COPYING

package/dbus/dbus.mk

@@ -4,14 +4,14 @@
 #
 ################################################################################
 
-DBUS_VERSION = 1.12.16
+DBUS_VERSION = 1.12.18
 DBUS_SITE = https://dbus.freedesktop.org/releases/dbus
 DBUS_LICENSE = AFL-2.1 or GPL-2.0+ (library, tools), GPL-2.0+ (tools)
 DBUS_LICENSE_FILES = COPYING
 DBUS_INSTALL_STAGING = YES
 
 define DBUS_PERMISSIONS
-	/usr/libexec/dbus-daemon-launch-helper f 4755 0 0 - - - - -
+	/usr/libexec/dbus-daemon-launch-helper f 4750 0 dbus - - - - -
 endef
 
 define DBUS_USERS

package/docker-cli/docker-cli.hash

@@ -1,3 +1,3 @@
 # Locally calculated
-sha256	36dd85273c95f4755e08b37ea9660a1bf5c315570b679a0ce268750ca1ed3801  docker-cli-19.03.8.tar.gz
+sha256	a5b1d6c5766f77896273e864a448a7f0ea4055bb52f50f884f14ad6ef0d5fdb4  docker-cli-19.03.11.tar.gz
 sha256	2d81ea060825006fc8f3fe28aa5dc0ffeb80faf325b612c955229157b8c10dc0  LICENSE

package/docker-cli/docker-cli.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DOCKER_CLI_VERSION = 19.03.8
+DOCKER_CLI_VERSION = 19.03.11
 DOCKER_CLI_SITE = $(call github,docker,cli,v$(DOCKER_CLI_VERSION))
 DOCKER_CLI_WORKSPACE = gopath
 

package/docker-engine/docker-engine.hash

@@ -1,3 +1,3 @@
 # Locally calculated
-sha256	13ec45ad45091111bd566aca9d81989b3f05e0625dab68d33c3ad81ff924172f  docker-engine-19.03.8.tar.gz
+sha256	5ff62d7b3638a275b2c459e53a4d1a7a8fb03dde8305defcd55e05e059e5618d  docker-engine-19.03.11.tar.gz
 sha256	7c87873291f289713ac5df48b1f2010eb6963752bbd6b530416ab99fc37914a8  LICENSE

package/docker-engine/docker-engine.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DOCKER_ENGINE_VERSION = 19.03.8
+DOCKER_ENGINE_VERSION = 19.03.11
 DOCKER_ENGINE_SITE = $(call github,docker,engine,v$(DOCKER_ENGINE_VERSION))
 
 DOCKER_ENGINE_LICENSE = Apache-2.0

package/dvb-apps/dvb-apps.hash

@@ -0,0 +1,6 @@
+# Locally computed:
+sha256  926208b7e711b4bab1a909ff9bf4e6ae54acdd30a46f5d5bd700ecb088fe1f57  dvb-apps-3d43b280298c39a67d1d889e01e173f52c12da35.tar.gz
+
+# Hash for license files:
+sha256  ab15fd526bd8dd18a9e77ebc139656bf4d33e97fc7238cd11bf60e2b9b8666c6  COPYING
+sha256  4fd46f32582c29007657e2daad8d0a6d954cf4e9d2e47bae8f8d8c32765fc987  COPYING.LGPL

package/e2fsprogs/e2fsprogs.mk

@@ -29,7 +29,9 @@ HOST_E2FSPROGS_CONF_OPTS = \
 	--disable-testio-debug \
 	--enable-symlink-install \
 	--enable-elf-shlibs \
-	--with-crond-dir=no
+	--with-crond-dir=no \
+	--with-udev-rules-dir=no \
+	--with-systemd-unit-dir=no
 
 # Set the binary directories to "/bin" and "/sbin", as busybox does,
 # so that we do not end up with two versions of e2fs tools.

package/exim/exim.mk

@@ -123,8 +123,8 @@ endif
 define EXIM_BUILD_CMDS
 	$(TARGET_MAKE_ENV) build=br $(MAKE) -C $(@D) makefile
 	$(HOST_MAKE_ENV) $(MAKE) -C $(@D)/build-br macro_predef \
-		CC=$(HOSTCC) \
-		LNCC=$(HOSTCC) \
+		CC="$(HOSTCC)" \
+		LNCC="$(HOSTCC)" \
 		CFLAGS="-std=c99 $(HOST_CFLAGS)" \
 		LFLAGS="-fPIC $(HOST_LDFLAGS)"
 	$(TARGET_MAKE_ENV) build=br $(MAKE) -C $(@D) $(EXIM_STATIC_FLAGS) \

package/exiv2/exiv2.mk

@@ -21,7 +21,7 @@ EXIV2_IGNORE_CVES += CVE-2019-17402
 # 0002-fix_1011_jp2_readmetadata_loop.patch
 EXIV2_IGNORE_CVES += CVE-2019-20421
 
-EXIV2_CONF_OPTS += -DEXIV2_ENABLE_BUILD_SAMPLES=OFF
+EXIV2_CONF_OPTS += -DEXIV2_BUILD_SAMPLES=OFF
 
 # The following CMake variable disables a TRY_RUN call in the -pthread
 # test which is not allowed when cross-compiling.
@@ -41,10 +41,10 @@ EXIV2_CONF_OPTS += -DEXIV2_ENABLE_PNG=OFF
 endif
 
 ifeq ($(BR2_PACKAGE_EXIV2_XMP),y)
-EXIV2_CONF_OPTS += -DEXIV2_ENABLE_XMP=ON -DEXIV2_ENABLE_LIBXMP=ON
+EXIV2_CONF_OPTS += -DEXIV2_ENABLE_XMP=ON
 EXIV2_DEPENDENCIES += expat
 else
-EXIV2_CONF_OPTS += -DEXIV2_ENABLE_XMP=OFF -DEXIV2_ENABLE_LIBXMP=OFF
+EXIV2_CONF_OPTS += -DEXIV2_ENABLE_XMP=OFF
 endif
 
 EXIV2_DEPENDENCIES += $(TARGET_NLS_DEPENDENCIES)

package/freerdp/freerdp.hash

@@ -1,5 +1,5 @@
-# From https://pub.freerdp.com/releases/freerdp-2.1.1.tar.gz.sha256
-sha256  6c6bf72fba1058ca6524c040d0825e4cdaa88682884a6c1c360e1cd5b8e21723  freerdp-2.1.1.tar.gz
+# From https://pub.freerdp.com/releases/freerdp-2.2.0.tar.gz.sha256
+sha256  19b30759e324ce7a9767af880116a4c571761e9ad9c5d6c98c5b302ff8c24c6c  freerdp-2.2.0.tar.gz
 
 # Locally calculated
 sha256  cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30  LICENSE

package/freerdp/freerdp.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-FREERDP_VERSION = 2.1.1
+FREERDP_VERSION = 2.2.0
 FREERDP_SITE = https://pub.freerdp.com/releases
 FREERDP_DEPENDENCIES = libglib2 openssl zlib
 FREERDP_LICENSE = Apache-2.0

package/gdb/8.1.1/0008-Fix-incorrect-use-of-is-operator-for-comparison-in-p.patch

@@ -0,0 +1,42 @@
+From e00c211d51bec301cf04719b77076a8783ef44b5 Mon Sep 17 00:00:00 2001
+From: Raul Tambre <raul@tambre.ee>
+Date: Sat, 4 May 2019 15:48:17 -0400
+Subject: [PATCH] Fix incorrect use of 'is' operator for comparison in
+ python/lib/gdb/command/prompt.py
+
+The 'is' operator is not meant to be used for comparisons. It currently working
+is an implementation detail of CPython.  CPython 3.8 has added a SyntaxWarning
+for this.
+
+(cherry picked from commit b6484282f85bf7f11451b2441599c241d302ad9d)
+[Romain: backport to gdb 8.x]
+Signed-off-by: Romain Naour <romain.naour@gmail.com>
+---
+ gdb/python/lib/gdb/command/prompt.py | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/gdb/python/lib/gdb/command/prompt.py b/gdb/python/lib/gdb/command/prompt.py
+index 3d662a7d3f..04b9e49c22 100644
+--- a/gdb/python/lib/gdb/command/prompt.py
++++ b/gdb/python/lib/gdb/command/prompt.py
+@@ -45,7 +45,7 @@ The currently defined substitutions are:
+         self.hook_set = False
+ 
+     def get_show_string (self, pvalue):
+-        if self.value is not '':
++        if self.value:
+            return "The extended prompt is: " + self.value
+         else:
+            return "The extended prompt is not set."
+@@ -57,7 +57,7 @@ The currently defined substitutions are:
+         return ""
+ 
+     def before_prompt_hook(self, current):
+-        if self.value is not '':
++        if self.value:
+             return gdb.prompt.substitute_prompt(self.value)
+         else:
+             return None
+-- 
+2.25.4
+

package/gdb/8.2.1/0006-Fix-incorrect-use-of-is-operator-for-comparison-in-p.patch

@@ -0,0 +1,42 @@
+From e00c211d51bec301cf04719b77076a8783ef44b5 Mon Sep 17 00:00:00 2001
+From: Raul Tambre <raul@tambre.ee>
+Date: Sat, 4 May 2019 15:48:17 -0400
+Subject: [PATCH] Fix incorrect use of 'is' operator for comparison in
+ python/lib/gdb/command/prompt.py
+
+The 'is' operator is not meant to be used for comparisons. It currently working
+is an implementation detail of CPython.  CPython 3.8 has added a SyntaxWarning
+for this.
+
+(cherry picked from commit b6484282f85bf7f11451b2441599c241d302ad9d)
+[Romain: backport to gdb 8.x]
+Signed-off-by: Romain Naour <romain.naour@gmail.com>
+---
+ gdb/python/lib/gdb/command/prompt.py | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/gdb/python/lib/gdb/command/prompt.py b/gdb/python/lib/gdb/command/prompt.py
+index 3d662a7d3f..04b9e49c22 100644
+--- a/gdb/python/lib/gdb/command/prompt.py
++++ b/gdb/python/lib/gdb/command/prompt.py
+@@ -45,7 +45,7 @@ The currently defined substitutions are:
+         self.hook_set = False
+ 
+     def get_show_string (self, pvalue):
+-        if self.value is not '':
++        if self.value:
+            return "The extended prompt is: " + self.value
+         else:
+            return "The extended prompt is not set."
+@@ -57,7 +57,7 @@ The currently defined substitutions are:
+         return ""
+ 
+     def before_prompt_hook(self, current):
+-        if self.value is not '':
++        if self.value:
+             return gdb.prompt.substitute_prompt(self.value)
+         else:
+             return None
+-- 
+2.25.4
+

package/gdb/8.3.1/0006-Fix-incorrect-use-of-is-operator-for-comparison-in-p.patch

@@ -0,0 +1,42 @@
+From e00c211d51bec301cf04719b77076a8783ef44b5 Mon Sep 17 00:00:00 2001
+From: Raul Tambre <raul@tambre.ee>
+Date: Sat, 4 May 2019 15:48:17 -0400
+Subject: [PATCH] Fix incorrect use of 'is' operator for comparison in
+ python/lib/gdb/command/prompt.py
+
+The 'is' operator is not meant to be used for comparisons. It currently working
+is an implementation detail of CPython.  CPython 3.8 has added a SyntaxWarning
+for this.
+
+(cherry picked from commit b6484282f85bf7f11451b2441599c241d302ad9d)
+[Romain: backport to gdb 8.x]
+Signed-off-by: Romain Naour <romain.naour@gmail.com>
+---
+ gdb/python/lib/gdb/command/prompt.py | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/gdb/python/lib/gdb/command/prompt.py b/gdb/python/lib/gdb/command/prompt.py
+index 3d662a7d3f..04b9e49c22 100644
+--- a/gdb/python/lib/gdb/command/prompt.py
++++ b/gdb/python/lib/gdb/command/prompt.py
+@@ -45,7 +45,7 @@ The currently defined substitutions are:
+         self.hook_set = False
+ 
+     def get_show_string (self, pvalue):
+-        if self.value is not '':
++        if self.value:
+            return "The extended prompt is: " + self.value
+         else:
+            return "The extended prompt is not set."
+@@ -57,7 +57,7 @@ The currently defined substitutions are:
+         return ""
+ 
+     def before_prompt_hook(self, current):
+-        if self.value is not '':
++        if self.value:
+             return gdb.prompt.substitute_prompt(self.value)
+         else:
+             return None
+-- 
+2.25.4
+

package/gdk-pixbuf/gdk-pixbuf.mk

@@ -23,11 +23,16 @@ GDK_PIXBUF_CONF_ENV = \
 HOST_GDK_PIXBUF_CONF_ENV = \
 	gio_can_sniff=no
 
-GDK_PIXBUF_CONF_OPTS = \
-	--disable-glibtest \
-	--disable-introspection
+GDK_PIXBUF_CONF_OPTS = --disable-glibtest
 HOST_GDK_PIXBUF_CONF_OPTS = --disable-introspection
 
+ifeq ($(BR2_PACKAGE_GOBJECT_INTROSPECTION),y)
+GDK_PIXBUF_CONF_OPTS += --enable-introspection
+GDK_PIXBUF_DEPENDENCIES += gobject-introspection
+else
+GDK_PIXBUF_CONF_OPTS += --disable-introspection
+endif
+
 ifneq ($(BR2_PACKAGE_LIBPNG),y)
 GDK_PIXBUF_CONF_OPTS += --without-libpng
 else

package/gerbera/0003-cmake-FindMatroska-fix-static-linking.patch

@@ -0,0 +1,37 @@
+From aab2eacbaad10759294f4fd74bbb5ecef3cf3a8d Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Tue, 24 Dec 2019 22:57:18 +0100
+Subject: [PATCH] cmake/FindMatroska: fix static linking
+
+Fix static linking with libmatrasoka by adding PC_EBM_LIBRARIES to
+EBML_LIBRARIES and PC_MAT_LIBRARIES to MATROSKA_LIBRARIES
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Retrieved from:
+https://github.com/gerbera/gerbera/commit/aab2eacbaad10759294f4fd74bbb5ecef3cf3a8d]
+---
+ cmake/FindMatroska.cmake | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/cmake/FindMatroska.cmake b/cmake/FindMatroska.cmake
+index 4b09a5ec..12ca593d 100644
+--- a/cmake/FindMatroska.cmake
++++ b/cmake/FindMatroska.cmake
+@@ -23,7 +23,7 @@ FIND_LIBRARY(EBML_LIBRARY ebml
+ FIND_PACKAGE_HANDLE_STANDARD_ARGS(EBML
+     REQUIRED_VARS EBML_LIBRARY EBML_INCLUDE_DIR)
+ if (EBML_FOUND)
+-    set (EBML_LIBRARIES ${EBML_LIBRARY})
++    set (EBML_LIBRARIES ${EBML_LIBRARY} ${PC_EBM_LIBRARIES})
+     set (EBML_INCLUDE_DIRS ${EBML_INCLUDE_DIR} )
+ endif ()
+ MARK_AS_ADVANCED(
+@@ -41,7 +41,7 @@ find_library(MATROSKA_LIBRARY matroska
+ FIND_PACKAGE_HANDLE_STANDARD_ARGS(MATROSKA
+     REQUIRED_VARS MATROSKA_LIBRARY MATROSKA_INCLUDE_DIR)
+ if (MATROSKA_FOUND)
+-    set (MATROSKA_LIBRARIES ${MATROSKA_LIBRARY})
++    set (MATROSKA_LIBRARIES ${MATROSKA_LIBRARY} ${PC_MAT_LIBRARIES})
+     set (MATROSKA_INCLUDE_DIRS ${MATROSKA_INCLUDE_DIR} )
+ endif ()
+ MARK_AS_ADVANCED(

package/gnutls/0001-Fix-gnulib-stdio.h-include-on-uclibc.patch

@@ -0,0 +1,49 @@
+From 60fa934ffba3c230040328fdbbbf51f417f12871 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Stefan=20S=C3=B8rensen?= <stefan.sorensen@spectralink.com>
+Date: Mon, 22 Jun 2020 14:11:05 +0200
+Subject: [PATCH] Fix gnulib stdio.h include on uclibc
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The __need_FILE define used by gnulib interferes with the uClibc stdio.h
+header, so move the inclusion the stdio.h to after __need_FILE has been
+undefined again.
+
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ gl/fopen.c     | 2 +-
+ src/gl/fopen.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/gl/fopen.c b/gl/fopen.c
+index 8d6625a..248692c 100644
+--- a/gl/fopen.c
++++ b/gl/fopen.c
+@@ -23,8 +23,8 @@
+ #include <config.h>
+ 
+ /* Get the original definition of fopen.  It might be defined as a macro.  */
+-#include <stdio.h>
+ #undef __need_FILE
++#include <stdio.h>
+ 
+ static FILE *
+ orig_fopen (const char *filename, const char *mode)
+diff --git a/src/gl/fopen.c b/src/gl/fopen.c
+index 47d7f19..1f22f4f 100644
+--- a/src/gl/fopen.c
++++ b/src/gl/fopen.c
+@@ -23,8 +23,8 @@
+ #include <config.h>
+ 
+ /* Get the original definition of fopen.  It might be defined as a macro.  */
+-#include <stdio.h>
+ #undef __need_FILE
++#include <stdio.h>
+ 
+ static FILE *
+ orig_fopen (const char *filename, const char *mode)
+-- 
+2.25.4
+

package/gnutls/gnutls.hash

@@ -1,6 +1,6 @@
 # Locally calculated after checking pgp signature
-# https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.13.tar.xz.sig
-sha256	32041df447d9f4644570cf573c9f60358e865637d69b7e59d1159b7240b52f38	gnutls-3.6.13.tar.xz
+# https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.14.tar.xz.sig
+sha256  5630751adec7025b8ef955af4d141d00d252a985769f51b4059e5affa3d39d63  gnutls-3.6.14.tar.xz
 # Locally calculated
-sha256	e79e9c8a0c85d735ff98185918ec94ed7d175efc377012787aebcf3b80f0d90b	doc/COPYING
-sha256	6095e9ffa777dd22839f7801aa845b31c9ed07f3d6bf8a26dc5d2dec8ccc0ef3	doc/COPYING.LESSER
+sha256  e79e9c8a0c85d735ff98185918ec94ed7d175efc377012787aebcf3b80f0d90b  doc/COPYING
+sha256  6095e9ffa777dd22839f7801aa845b31c9ed07f3d6bf8a26dc5d2dec8ccc0ef3  doc/COPYING.LESSER

package/gnutls/gnutls.mk

@@ -5,7 +5,7 @@
 ################################################################################
 
 GNUTLS_VERSION_MAJOR = 3.6
-GNUTLS_VERSION = $(GNUTLS_VERSION_MAJOR).13
+GNUTLS_VERSION = $(GNUTLS_VERSION_MAJOR).14
 GNUTLS_SOURCE = gnutls-$(GNUTLS_VERSION).tar.xz
 GNUTLS_SITE = https://www.gnupg.org/ftp/gcrypt/gnutls/v$(GNUTLS_VERSION_MAJOR)
 GNUTLS_LICENSE = LGPL-2.1+ (core library)

package/go/go.hash

@@ -1,3 +1,3 @@
 # From https://golang.org/dl/
-sha256	b13bf04633d4d8cf53226ebeaace8d4d2fd07ae6fa676d0844a688339debec34  go1.13.8.src.tar.gz
+sha256	197333e97290e9ea8796f738d61019dcba1c377c2f3961fd6a114918ecc7ab06  go1.13.14.src.tar.gz
 sha256	2d36597f7117c38b006835ae7f537487207d8ec407aa9d9980794b2030cbc067  LICENSE

package/go/go.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-GO_VERSION = 1.13.8
+GO_VERSION = 1.13.14
 GO_SITE = https://storage.googleapis.com/golang
 GO_SOURCE = go$(GO_VERSION).src.tar.gz
 

package/granite/0001-meson-add-introspection-option.patch

@@ -0,0 +1,73 @@
+From 4d5ddcdb9c03d4e829fe7080e497a00f0b379eff Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Sun, 14 Jun 2020 17:33:31 +0200
+Subject: [PATCH] meson: add introspection option
+
+This will allow the user to build granite without gobject-introspection
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Upstream status: https://github.com/elementary/granite/pull/410]
+---
+ lib/meson.build   | 38 ++++++++++++++++++++------------------
+ meson_options.txt |  1 +
+ 2 files changed, 21 insertions(+), 18 deletions(-)
+
+diff --git a/lib/meson.build b/lib/meson.build
+index a9fc4ed4..770feeb5 100644
+--- a/lib/meson.build
++++ b/lib/meson.build
+@@ -98,24 +98,26 @@ install_data(
+     install_dir: include_dir
+ )
+ 
+-# typelib generation isn't automated yet
+-g_ir_compiler = find_program('g-ir-compiler')
+-custom_target(
+-    granite_typelib,
+-    command: [
+-        g_ir_compiler,
+-        '--shared-library',
+-        '@PLAINNAME@',
+-        '--output',
+-        '@OUTPUT@',
+-        join_paths(meson.current_build_dir(), granite_gir),
+-    ],
+-    input: libgranite,
+-    output: granite_typelib,
+-    depends: libgranite,
+-    install: true,
+-    install_dir: join_paths(get_option('libdir'), 'girepository-1.0'),
+-)
++if get_option('introspection')
++    # typelib generation isn't automated yet
++    g_ir_compiler = find_program('g-ir-compiler')
++    custom_target(
++        granite_typelib,
++        command: [
++            g_ir_compiler,
++            '--shared-library',
++            '@PLAINNAME@',
++            '--output',
++            '@OUTPUT@',
++            join_paths(meson.current_build_dir(), granite_gir),
++        ],
++        input: libgranite,
++        output: granite_typelib,
++        depends: libgranite,
++        install: true,
++        install_dir: join_paths(get_option('libdir'), 'girepository-1.0'),
++    )
++endif
+ 
+ libgranite_dep = declare_dependency(
+     link_with: libgranite,
+diff --git a/meson_options.txt b/meson_options.txt
+index 9d9f62e9..bd1a1d6f 100644
+--- a/meson_options.txt
++++ b/meson_options.txt
+@@ -1 +1,2 @@
+ option('documentation', type: 'boolean', value: false, description: 'generate documentation with gtk-doc and valadoc')
++option('introspection', type: 'boolean', value: true, description: 'Whether to build introspection files')
+-- 
+2.26.2
+

package/granite/Config.in

@@ -10,7 +10,7 @@ config BR2_PACKAGE_GRANITE
 	  An extension to GTK+ that provides several useful widgets and
 	  classes to ease application development.
 
-	  https://launchpad.net/granite
+	  https://github.com/elementary/granite
 
 comment "granite needs libgtk3 and a toolchain w/ wchar, threads"
 	depends on BR2_USE_MMU

package/granite/granite.hash

@@ -1,6 +1,3 @@
-# From https://launchpad.net/granite/0.4/0.4.1/+download/granite-0.4.1.tar.xz/+md5
-md5 b1002c0488bb9ade0ef89730c4f84393 granite-0.4.1.tar.xz
-# Calculated based on the hash above
-sha256  8bb411523e6cd5685c928dbfe08893892189cedf9fad5f537aa76182032cf09c  granite-0.4.1.tar.xz
 # Locally computed
+sha256  8194031cac3b87d84a3fab9c30270485ce73f8b8ec23f26c9152b6859c8a18fd  granite-5.4.0.tar.gz
 sha256  da7eabb7bafdf7d3ae5e9f223aa5bdc1eece45ac569dc21b3b037520b4464768  COPYING

package/granite/granite.mk

@@ -4,13 +4,18 @@
 #
 ################################################################################
 
-GRANITE_VERSION_MAJOR = 0.4
-GRANITE_VERSION = $(GRANITE_VERSION_MAJOR).1
-GRANITE_SITE = https://launchpad.net/granite/$(GRANITE_VERSION_MAJOR)/$(GRANITE_VERSION)/+download
-GRANITE_SOURCE = granite-$(GRANITE_VERSION).tar.xz
+GRANITE_VERSION = 5.4.0
+GRANITE_SITE = $(call github,elementary,granite,$(GRANITE_VERSION))
 GRANITE_DEPENDENCIES = host-pkgconf host-vala libgee libglib2 libgtk3
 GRANITE_INSTALL_STAGING = YES
 GRANITE_LICENSE = LGPL-3.0+
 GRANITE_LICENSE_FILES = COPYING
 
-$(eval $(cmake-package))
+ifeq ($(BR2_PACKAGE_GOBJECT_INTROSPECTION),y)
+GRANITE_CONF_OPTS += -Dintrospection=true
+GRANITE_DEPENDENCIES += gobject-introspection
+else
+GRANITE_CONF_OPTS += -Dintrospection=false
+endif
+
+$(eval $(meson-package))

package/gssdp/gssdp.hash

@@ -1,5 +1,5 @@
-# Hash from: http://ftp.gnome.org/pub/gnome/sources/gssdp/1.2/gssdp-1.2.2.sha256sum:
-sha256  cabb9e3b456b8354a55e23eb0207545d974643cda6d623523470ebbc4188b0a4  gssdp-1.2.2.tar.xz
+# Hash from: http://ftp.gnome.org/pub/gnome/sources/gssdp/1.2/gssdp-1.2.3.sha256sum:
+sha256  a263dcb6730e3b3dc4bbbff80cf3fab4cd364021981d419db6dd5a8e148aa7e8  gssdp-1.2.3.tar.xz
 
 # Hash for license file:
 sha256  d245807f90032872d1438d741ed21e2490e1175dc8aa3afa5ddb6c8e529b58e5  COPYING

package/gssdp/gssdp.mk

@@ -5,7 +5,7 @@
 ################################################################################
 
 GSSDP_VERSION_MAJOR = 1.2
-GSSDP_VERSION = $(GSSDP_VERSION_MAJOR).2
+GSSDP_VERSION = $(GSSDP_VERSION_MAJOR).3
 GSSDP_SOURCE = gssdp-$(GSSDP_VERSION).tar.xz
 GSSDP_SITE = http://ftp.gnome.org/pub/gnome/sources/gssdp/$(GSSDP_VERSION_MAJOR)
 GSSDP_LICENSE = LGPL-2.0+

package/gstreamer1/gst1-plugins-good/Config.in

@@ -295,6 +295,7 @@ config BR2_PACKAGE_GST1_PLUGINS_GOOD_PLUGIN_SHOUT2
 config BR2_PACKAGE_GST1_PLUGINS_GOOD_PLUGIN_V4L2
 	bool "v4l2"
 	depends on BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_0 # multi planar api
+	select BR2_PACKAGE_LIBGUDEV if BR2_PACKAGE_HAS_UDEV
 	help
 	  elements for Video 4 Linux
 

package/gstreamer1/gst1-plugins-good/gst1-plugins-good.mk

@@ -354,6 +354,13 @@ endif
 
 ifeq ($(BR2_PACKAGE_GST1_PLUGINS_GOOD_PLUGIN_V4L2),y)
 GST1_PLUGINS_GOOD_CONF_OPTS += -Dv4l2=enabled
+# Enable use of gudev if available, for device probing and monitoring.
+ifeq ($(BR2_PACKAGE_LIBGUDEV),y)
+GST1_PLUGINS_GOOD_DEPENDENCIES += libgudev
+GST1_PLUGINS_GOOD_CONF_OPTS += -Dv4l2-gudev=enabled
+else
+GST1_PLUGINS_GOOD_CONF_OPTS += -Dv4l2-gudev=disabled
+endif
 else
 GST1_PLUGINS_GOOD_CONF_OPTS += -Dv4l2=disabled
 endif

package/gstreamer1/gst1-plugins-ugly/gst1-plugins-ugly.mk

@@ -64,10 +64,6 @@ GST1_PLUGINS_UGLY_CONF_OPTS += -Drealmedia=disabled
 endif
 
 ifeq ($(BR2_PACKAGE_GST1_PLUGINS_UGLY_PLUGIN_DVDREAD),y)
-# configure does not use pkg-config to detect libdvdread
-ifeq ($(BR2_PACKAGE_LIBDVDCSS)$(BR2_STATIC_LIBS),yy)
-GST1_PLUGINS_UGLY_LDFLAGS += "-ldvdcss"
-endif
 GST1_PLUGINS_UGLY_CONF_OPTS += -Ddvdread=enabled
 GST1_PLUGINS_UGLY_DEPENDENCIES += libdvdread
 GST1_PLUGINS_UGLY_HAS_GPL_LICENSE = y

package/gupnp/0001-Revert-build-Always-build-gupnp-binding-tool-manpage.patch

@@ -0,0 +1,60 @@
+From 9225b076d107538209fbd5b8bbc21a68d1b2c016 Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Wed, 15 Jul 2020 22:42:44 +0200
+Subject: [PATCH] Revert "build: Always build gupnp-binding-tool manpage"
+
+This reverts commit 23f54c2a1e8718e836224d68dafded091604a677 until
+upstream decides what to do between adding a new option or renaming
+gtk_doc into documentation:
+https://gitlab.gnome.org/GNOME/gupnp/-/issues/17
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ doc/meson.build | 2 --
+ meson.build     | 5 ++++-
+ 2 files changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/doc/meson.build b/doc/meson.build
+index b71b657..478650b 100644
+--- a/doc/meson.build
++++ b/doc/meson.build
+@@ -4,7 +4,6 @@ version_xml = configure_file(input: 'version.xml.in',
+                output: 'version.xml', configuration:
+                entities)
+ 
+-if get_option('gtk_doc')
+ gnome.gtkdoc('gupnp',
+              main_xml : 'gupnp-docs.xml',
+              src_dir : [join_paths(meson.source_root(), 'libgupnp'),
+@@ -27,7 +26,6 @@ gnome.gtkdoc('gupnp',
+                  'gupnp-types-private.h'
+              ],
+              install : true)
+-endif
+ 
+ xsltproc = find_program('xsltproc', required: false)
+ if xsltproc.found()
+diff --git a/meson.build b/meson.build
+index 28c40b2..dea0a49 100644
+--- a/meson.build
++++ b/meson.build
+@@ -31,12 +31,15 @@ dependencies = [
+ subdir('libgupnp')
+ subdir('tests')
+ subdir('tools')
+-subdir('doc')
+ 
+ if get_option('vapi') and get_option('introspection')
+     subdir('vala')
+ endif
+ 
++if get_option('gtk_doc')
++    subdir('doc')
++endif
++
+ if get_option('examples')
+     subdir('examples')
+ endif
+-- 
+2.27.0
+

package/gupnp/gupnp.hash

@@ -1,5 +1,5 @@
-# Hash from: http://ftp.gnome.org/pub/gnome/sources/gupnp/1.2/gupnp-1.2.2.sha256sum:
-sha256  9a80bd953e5c8772ad26b72f8da01cbe7241a113edd6084903f413ce751c9989  gupnp-1.2.2.tar.xz
+# Hash from: http://ftp.gnome.org/pub/gnome/sources/gupnp/1.2/gupnp-1.2.3.sha256sum:
+sha256  d447e54d88e4a8fab84ad1766070e9208e21166fc7e2ce95df6e33e49e8d29b1  gupnp-1.2.3.tar.xz
 
 # Hash for license file:
 sha256  d245807f90032872d1438d741ed21e2490e1175dc8aa3afa5ddb6c8e529b58e5  COPYING

package/gupnp/gupnp.mk

@@ -5,7 +5,7 @@
 ################################################################################
 
 GUPNP_VERSION_MAJOR = 1.2
-GUPNP_VERSION = $(GUPNP_VERSION_MAJOR).2
+GUPNP_VERSION = $(GUPNP_VERSION_MAJOR).3
 GUPNP_SOURCE = gupnp-$(GUPNP_VERSION).tar.xz
 GUPNP_SITE = http://ftp.gnome.org/pub/gnome/sources/gupnp/$(GUPNP_VERSION_MAJOR)
 GUPNP_LICENSE = LGPL-2.0+

package/intel-microcode/intel-microcode.hash

@@ -1,3 +1,3 @@
 # Locally computed
-sha256 0000f7cf96f2b07a1ba9d1fc0bcfcb49d0edb91f7d487a57a88c147e57c5873b  intel-microcode-20191112.tar.gz
-sha256 1f8bf63fc2b1b486c507b98ff7d283c7eb58c7945746b94188a310d6787cbee5  license
+sha256  eb4f939421ac6cdea3c586c9d984ec518320f00c07eb2b3d6754309c83c93371  intel-microcode-20200616.tar.gz
+sha256  d9e989e1a7747f3ce93cb749aceca67a430d36c9bebc6e3205e0b3af3ca6304b  license

package/intel-microcode/intel-microcode.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-INTEL_MICROCODE_VERSION = 20191112
+INTEL_MICROCODE_VERSION = 20200616
 INTEL_MICROCODE_SITE = $(call github,intel,Intel-Linux-Processor-Microcode-Data-Files,microcode-$(INTEL_MICROCODE_VERSION))
 INTEL_MICROCODE_LICENSE = PROPRIETARY
 INTEL_MICROCODE_LICENSE_FILES = license

package/iproute2/iproute2.mk

@@ -16,6 +16,14 @@ ifeq ($(BR2_PACKAGE_ELFUTILS),y)
 IPROUTE2_DEPENDENCIES += elfutils
 endif
 
+ifeq ($(BR2_PACKAGE_LIBCAP),y)
+IPROUTE2_DEPENDENCIES += libcap
+endif
+
+ifeq ($(BR2_PACKAGE_LIBSELINUX),y)
+IPROUTE2_DEPENDENCIES += libselinux
+endif
+
 ifeq ($(BR2_PACKAGE_IPTABLES)x$(BR2_STATIC_LIBS),yx)
 IPROUTE2_DEPENDENCIES += iptables
 else

package/irrlicht/0003-makefile-override-LDFLAGS-and-remove-obsolete-X11R6-.patch

@@ -0,0 +1,36 @@
+From 0ecb59c4dc575bb902c1955d8762f91ff79290a4 Mon Sep 17 00:00:00 2001
+From: Bartosz Bilas <b.bilas@grinn-global.com>
+Date: Tue, 23 Jun 2020 19:36:27 +0200
+Subject: [PATCH] makefile: override LDFLAGS and remove obsolete X11R6
+ lib/include directories
+
+Add "override" keyword to LDFLAGS variable in order to link libraries
+using buildroot cross-compiler correctly and remove those non-supported
+paths to lib/includes that are not used and not available in buildroot
+and in addition point to the host system libraries in a result
+cause the following warning:
+
+/home/bartekk/buildroot/output/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-gnueabihf/9.2.0/../../../../arm-buildroot-linux-gnueabihf/bin/ld: warning: library search path "/usr/X11R6/lib" is unsafe for cross-compilation
+
+Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
+---
+ source/Irrlicht/Makefile | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/source/Irrlicht/Makefile b/source/Irrlicht/Makefile
+index 1a8277e..b323237 100644
+--- a/source/Irrlicht/Makefile
++++ b/source/Irrlicht/Makefile
+@@ -88,8 +88,7 @@ STATIC_LIB = libIrrlicht.a
+ LIB_PATH = ../../lib/$(SYSTEM)
+ INSTALL_DIR = /usr/local/lib
+ sharedlib install: SHARED_LIB = libIrrlicht.so
+-sharedlib: LDFLAGS += -L/usr/X11R6/lib$(LIBSELECT) -lGL -lXxf86vm
+-staticlib sharedlib: CXXINCS += -I/usr/X11R6/include
++sharedlib: override LDFLAGS += -lGL -lXxf86vm
+ 
+ #OSX specific options
+ staticlib_osx sharedlib_osx install_osx: SYSTEM = MacOSX
+-- 
+2.27.0
+

package/iwd/Config.in

@@ -1,14 +1,18 @@
 config BR2_PACKAGE_IWD
 	bool "iwd"
+	depends on BR2_USE_MMU # dbus
+	depends on BR2_TOOLCHAIN_HAS_THREADS # dbus
 	depends on BR2_TOOLCHAIN_HAS_SYNC_4 # ell
 	depends on !BR2_STATIC_LIBS # ell
 	depends on BR2_USE_WCHAR # ell
+	select BR2_PACKAGE_DBUS # runtime
 	select BR2_PACKAGE_ELL
 	help
 	  iNet Wireless daemon (iwd)
 
 	  https://iwd.wiki.kernel.org/
 
-comment "iwd needs a toolchain w/ dynamic library, wchar"
+comment "iwd needs a toolchain w/ threads, dynamic library, wchar"
+	depends on BR2_USE_MMU # dbus
 	depends on BR2_TOOLCHAIN_HAS_SYNC_4 # ell
 	depends on BR2_STATIC_LIBS || !BR2_USE_WCHAR

package/jq/Config.in

@@ -1,8 +1,12 @@
 config BR2_PACKAGE_JQ
 	bool "jq"
+	depends on BR2_TOOLCHAIN_HAS_THREADS
 	help
 	  jq is like sed for JSON data - you can use it to slice and
 	  filter and map and transform structured data with the same
 	  ease that sed, awk, grep and friends let you play with text.
 
 	  http://stedolan.github.io/jq/
+
+comment "jq needs a toolchain w/ threads"
+	depends on !BR2_TOOLCHAIN_HAS_THREADS

package/jq/jq.hash

@@ -1,3 +1,3 @@
 # Locally calculated
-sha256  3002cf80d871728562989b4a47d90a7301fe049a4e1d69836b99108f198dac06  jq-a97638713ad30653d424f136018098c4b0e5c71b.tar.gz
-sha256  111136aebcbfa68b6b0084e582b30e981da76adcff84eab6f9be32a1f38c5bf1  COPYING
+sha256  20249104d4df2247253df6df4a980b8be1f5232f03fef7cd41bacb7e6eab04fd  jq-a17dd3248a666d01be75f6b16be37e80e20b0954.tar.gz
+sha256  c8437d414ca5b394718784c3bf5bdff7f01fee417625fabf1fb722ca263037da  COPYING

package/jq/jq.mk

@@ -4,9 +4,9 @@
 #
 ################################################################################
 
-JQ_VERSION = a97638713ad30653d424f136018098c4b0e5c71b
+JQ_VERSION = a17dd3248a666d01be75f6b16be37e80e20b0954
 JQ_SITE = $(call github,stedolan,jq,$(JQ_VERSION))
-JQ_LICENSE = MIT (code), CC-BY-3.0 (documentation)
+JQ_LICENSE = MIT (code), ICU (decNumber), CC-BY-3.0 (documentation)
 JQ_LICENSE_FILES = COPYING
 JQ_INSTALL_STAGING = YES
 

package/kodi/0003-webserver-Compatibility-with-libmicrohttpd-0.9.71.patch

@@ -0,0 +1,469 @@
+From 206f55e78f3a5ad39fad17526d01558677f9477a Mon Sep 17 00:00:00 2001
+From: Craig Andrews <candrews@integralblue.com>
+Date: Sat, 4 Jul 2020 11:01:37 +0200
+Subject: [PATCH] [webserver] Compatibility with libmicrohttpd 0.9.71
+
+From the libmicrohttpd 0.9.71 release notes:
+
+The release introduces an 'enum MHD_Result' instead of
+for certain API misuse bugs by providing better types (not everything is
+an 'int').  While this does NOT change the binary API, this change
+_will_ cause compiler warnings for all legacy code -- until 'int' is
+replaced with 'enum MHD_Result'.
+
+Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
+[downloaded from upstream PR 18134]
+---
+ xbmc/network/WebServer.cpp                    | 42 +++++++++----------
+ xbmc/network/WebServer.h                      | 30 ++++++-------
+ .../httprequesthandler/HTTPFileHandler.cpp    |  2 +-
+ .../httprequesthandler/HTTPFileHandler.h      |  2 +-
+ .../HTTPImageTransformationHandler.cpp        |  2 +-
+ .../HTTPImageTransformationHandler.h          |  2 +-
+ .../httprequesthandler/HTTPJsonRpcHandler.cpp |  2 +-
+ .../httprequesthandler/HTTPJsonRpcHandler.h   |  2 +-
+ .../httprequesthandler/HTTPPythonHandler.cpp  |  2 +-
+ .../httprequesthandler/HTTPPythonHandler.h    |  2 +-
+ .../HTTPRequestHandlerUtils.cpp               |  4 +-
+ .../HTTPRequestHandlerUtils.h                 |  4 +-
+ .../HTTPWebinterfaceAddonsHandler.cpp         |  2 +-
+ .../HTTPWebinterfaceAddonsHandler.h           |  2 +-
+ .../httprequesthandler/IHTTPRequestHandler.h  | 10 ++++-
+ 15 files changed, 59 insertions(+), 51 deletions(-)
+
+diff --git a/xbmc/network/WebServer.cpp b/xbmc/network/WebServer.cpp
+index 783404227785..be507131092b 100644
+--- a/xbmc/network/WebServer.cpp
++++ b/xbmc/network/WebServer.cpp
+@@ -86,7 +86,7 @@ static MHD_Response* create_response(size_t size, const void* data, int free, in
+   return MHD_create_response_from_buffer(size, const_cast<void*>(data), mode);
+ }
+ 
+-int CWebServer::AskForAuthentication(const HTTPRequest& request) const
++MHD_RESULT CWebServer::AskForAuthentication(const HTTPRequest& request) const
+ {
+   struct MHD_Response *response = create_response(0, nullptr, MHD_NO, MHD_NO);
+   if (!response)
+@@ -95,7 +95,7 @@ int CWebServer::AskForAuthentication(const HTTPRequest& request) const
+     return MHD_NO;
+   }
+ 
+-  int ret = AddHeader(response, MHD_HTTP_HEADER_CONNECTION, "close");
++  MHD_RESULT ret = AddHeader(response, MHD_HTTP_HEADER_CONNECTION, "close");
+   if (!ret)
+   {
+     CLog::Log(LOGERROR, "CWebServer[%hu]: unable to prepare HTTP Unauthorized response", m_port);
+@@ -105,7 +105,7 @@ int CWebServer::AskForAuthentication(const HTTPRequest& request) const
+ 
+   LogResponse(request, MHD_HTTP_UNAUTHORIZED);
+ 
+-  ret = MHD_queue_basic_auth_fail_response(request.connection, "XBMC", response);
++  ret = (MHD_RESULT) MHD_queue_basic_auth_fail_response(request.connection, "XBMC", response);
+   MHD_destroy_response(response);
+ 
+   return ret;
+@@ -135,7 +135,7 @@ bool CWebServer::IsAuthenticated(const HTTPRequest& request) const
+   return authenticated;
+ }
+ 
+-int CWebServer::AnswerToConnection(void *cls, struct MHD_Connection *connection,
++MHD_RESULT CWebServer::AnswerToConnection(void *cls, struct MHD_Connection *connection,
+                       const char *url, const char *method,
+                       const char *version, const char *upload_data,
+                       size_t *upload_data_size, void **con_cls)
+@@ -163,7 +163,7 @@ int CWebServer::AnswerToConnection(void *cls, struct MHD_Connection *connection,
+   return webServer->HandlePartialRequest(connection, connectionHandler, request, upload_data, upload_data_size, con_cls);
+ }
+ 
+-int CWebServer::HandlePartialRequest(struct MHD_Connection *connection, ConnectionHandler* connectionHandler, const HTTPRequest& request, const char *upload_data, size_t *upload_data_size, void **con_cls)
++MHD_RESULT CWebServer::HandlePartialRequest(struct MHD_Connection *connection, ConnectionHandler* connectionHandler, const HTTPRequest& request, const char *upload_data, size_t *upload_data_size, void **con_cls)
+ {
+   std::unique_ptr<ConnectionHandler> conHandler(connectionHandler);
+ 
+@@ -276,7 +276,7 @@ int CWebServer::HandlePartialRequest(struct MHD_Connection *connection, Connecti
+   return SendErrorResponse(request, MHD_HTTP_NOT_FOUND, request.method);
+ }
+ 
+-int CWebServer::HandlePostField(void *cls, enum MHD_ValueKind kind, const char *key,
++MHD_RESULT CWebServer::HandlePostField(void *cls, enum MHD_ValueKind kind, const char *key,
+                                 const char *filename, const char *content_type,
+                                 const char *transfer_encoding, const char *data, uint64_t off,
+                                 size_t size)
+@@ -294,13 +294,13 @@ int CWebServer::HandlePostField(void *cls, enum MHD_ValueKind kind, const char *
+   return MHD_YES;
+ }
+ 
+-int CWebServer::HandleRequest(const std::shared_ptr<IHTTPRequestHandler>& handler)
++MHD_RESULT CWebServer::HandleRequest(const std::shared_ptr<IHTTPRequestHandler>& handler)
+ {
+   if (handler == nullptr)
+     return MHD_NO;
+ 
+   HTTPRequest request = handler->GetRequest();
+-  int ret = handler->HandleRequest();
++  MHD_RESULT ret = handler->HandleRequest();
+   if (ret == MHD_NO)
+   {
+     CLog::Log(LOGERROR, "CWebServer[%hu]: failed to handle HTTP request for %s", m_port, request.pathUrl.c_str());
+@@ -348,7 +348,7 @@ int CWebServer::HandleRequest(const std::shared_ptr<IHTTPRequestHandler>& handle
+   return FinalizeRequest(handler, responseDetails.status, response);
+ }
+ 
+-int CWebServer::FinalizeRequest(const std::shared_ptr<IHTTPRequestHandler>& handler, int responseStatus, struct MHD_Response *response)
++MHD_RESULT CWebServer::FinalizeRequest(const std::shared_ptr<IHTTPRequestHandler>& handler, int responseStatus, struct MHD_Response *response)
+ {
+   if (handler == nullptr || response == nullptr)
+     return MHD_NO;
+@@ -562,7 +562,7 @@ void CWebServer::FinalizePostDataProcessing(ConnectionHandler *connectionHandler
+   MHD_destroy_post_processor(connectionHandler->postprocessor);
+ }
+ 
+-int CWebServer::CreateMemoryDownloadResponse(const std::shared_ptr<IHTTPRequestHandler>& handler, struct MHD_Response *&response) const
++MHD_RESULT CWebServer::CreateMemoryDownloadResponse(const std::shared_ptr<IHTTPRequestHandler>& handler, struct MHD_Response *&response) const
+ {
+   if (handler == nullptr)
+     return MHD_NO;
+@@ -620,7 +620,7 @@ int CWebServer::CreateMemoryDownloadResponse(const std::shared_ptr<IHTTPRequestH
+   return CreateRangedMemoryDownloadResponse(handler, response);
+ }
+ 
+-int CWebServer::CreateRangedMemoryDownloadResponse(const std::shared_ptr<IHTTPRequestHandler>& handler, struct MHD_Response *&response) const
++MHD_RESULT CWebServer::CreateRangedMemoryDownloadResponse(const std::shared_ptr<IHTTPRequestHandler>& handler, struct MHD_Response *&response) const
+ {
+   if (handler == nullptr)
+     return MHD_NO;
+@@ -700,7 +700,7 @@ int CWebServer::CreateRangedMemoryDownloadResponse(const std::shared_ptr<IHTTPRe
+   return CreateMemoryDownloadResponse(request.connection, result.c_str(), result.size(), false, true, response);
+ }
+ 
+-int CWebServer::CreateRedirect(struct MHD_Connection *connection, const std::string &strURL, struct MHD_Response *&response) const
++MHD_RESULT CWebServer::CreateRedirect(struct MHD_Connection *connection, const std::string &strURL, struct MHD_Response *&response) const
+ {
+   response = create_response(0, nullptr, MHD_NO, MHD_NO);
+   if (response == nullptr)
+@@ -713,7 +713,7 @@ int CWebServer::CreateRedirect(struct MHD_Connection *connection, const std::str
+   return MHD_YES;
+ }
+ 
+-int CWebServer::CreateFileDownloadResponse(const std::shared_ptr<IHTTPRequestHandler>& handler, struct MHD_Response *&response) const
++MHD_RESULT CWebServer::CreateFileDownloadResponse(const std::shared_ptr<IHTTPRequestHandler>& handler, struct MHD_Response *&response) const
+ {
+   if (handler == nullptr)
+     return MHD_NO;
+@@ -850,7 +850,7 @@ int CWebServer::CreateFileDownloadResponse(const std::shared_ptr<IHTTPRequestHan
+   return MHD_YES;
+ }
+ 
+-int CWebServer::CreateErrorResponse(struct MHD_Connection *connection, int responseType, HTTPMethod method, struct MHD_Response *&response) const
++MHD_RESULT CWebServer::CreateErrorResponse(struct MHD_Connection *connection, int responseType, HTTPMethod method, struct MHD_Response *&response) const
+ {
+   size_t payloadSize = 0;
+   const void *payload = nullptr;
+@@ -881,7 +881,7 @@ int CWebServer::CreateErrorResponse(struct MHD_Connection *connection, int respo
+   return MHD_YES;
+ }
+ 
+-int CWebServer::CreateMemoryDownloadResponse(struct MHD_Connection *connection, const void *data, size_t size, bool free, bool copy, struct MHD_Response *&response) const
++MHD_RESULT CWebServer::CreateMemoryDownloadResponse(struct MHD_Connection *connection, const void *data, size_t size, bool free, bool copy, struct MHD_Response *&response) const
+ {
+   response = create_response(size, const_cast<void*>(data), free ? MHD_YES : MHD_NO, copy ? MHD_YES : MHD_NO);
+   if (response == nullptr)
+@@ -893,20 +893,20 @@ int CWebServer::CreateMemoryDownloadResponse(struct MHD_Connection *connection,
+   return MHD_YES;
+ }
+ 
+-int CWebServer::SendResponse(const HTTPRequest& request, int responseStatus, MHD_Response *response) const
++MHD_RESULT CWebServer::SendResponse(const HTTPRequest& request, int responseStatus, MHD_Response *response) const
+ {
+   LogResponse(request, responseStatus);
+ 
+-  int ret = MHD_queue_response(request.connection, responseStatus, response);
++  MHD_RESULT ret = MHD_queue_response(request.connection, responseStatus, response);
+   MHD_destroy_response(response);
+ 
+   return ret;
+ }
+ 
+-int CWebServer::SendErrorResponse(const HTTPRequest& request, int errorType, HTTPMethod method) const
++MHD_RESULT CWebServer::SendErrorResponse(const HTTPRequest& request, int errorType, HTTPMethod method) const
+ {
+   struct MHD_Response *response = nullptr;
+-  int ret = CreateErrorResponse(request.connection, errorType, method, response);
++  MHD_RESULT ret = CreateErrorResponse(request.connection, errorType, method, response);
+   if (ret == MHD_NO)
+     return MHD_NO;
+ 
+@@ -1296,10 +1296,10 @@ std::string CWebServer::CreateMimeTypeFromExtension(const char *ext)
+   return CMime::GetMimeType(ext);
+ }
+ 
+-int CWebServer::AddHeader(struct MHD_Response *response, const std::string &name, const std::string &value) const
++MHD_RESULT CWebServer::AddHeader(struct MHD_Response *response, const std::string &name, const std::string &value) const
+ {
+   if (response == nullptr || name.empty())
+-    return 0;
++    return MHD_NO;
+ 
+   CLog::Log(LOGDEBUG, LOGWEBSERVER, "CWebServer[%hu] [OUT] %s: %s", m_port, name.c_str(), value.c_str());
+ 
+diff --git a/xbmc/network/WebServer.h b/xbmc/network/WebServer.h
+index c7a909304a21..1274a2e0ed40 100644
+--- a/xbmc/network/WebServer.h
++++ b/xbmc/network/WebServer.h
+@@ -56,17 +56,17 @@ class CWebServer
+ 
+   virtual void LogRequest(const char* uri) const;
+ 
+-  virtual int HandlePartialRequest(struct MHD_Connection *connection, ConnectionHandler* connectionHandler, const HTTPRequest& request,
++  virtual MHD_RESULT HandlePartialRequest(struct MHD_Connection *connection, ConnectionHandler* connectionHandler, const HTTPRequest& request,
+                                    const char *upload_data, size_t *upload_data_size, void **con_cls);
+-  virtual int HandleRequest(const std::shared_ptr<IHTTPRequestHandler>& handler);
+-  virtual int FinalizeRequest(const std::shared_ptr<IHTTPRequestHandler>& handler, int responseStatus, struct MHD_Response *response);
++  virtual MHD_RESULT HandleRequest(const std::shared_ptr<IHTTPRequestHandler>& handler);
++  virtual MHD_RESULT FinalizeRequest(const std::shared_ptr<IHTTPRequestHandler>& handler, int responseStatus, struct MHD_Response *response);
+ 
+ private:
+   struct MHD_Daemon* StartMHD(unsigned int flags, int port);
+ 
+   std::shared_ptr<IHTTPRequestHandler> FindRequestHandler(const HTTPRequest& request) const;
+ 
+-  int AskForAuthentication(const HTTPRequest& request) const;
++  MHD_RESULT AskForAuthentication(const HTTPRequest& request) const;
+   bool IsAuthenticated(const HTTPRequest& request) const;
+ 
+   bool IsRequestCacheable(const HTTPRequest& request) const;
+@@ -76,18 +76,18 @@ class CWebServer
+   bool ProcessPostData(const HTTPRequest& request, ConnectionHandler *connectionHandler, const char *upload_data, size_t *upload_data_size, void **con_cls) const;
+   void FinalizePostDataProcessing(ConnectionHandler *connectionHandler) const;
+ 
+-  int CreateMemoryDownloadResponse(const std::shared_ptr<IHTTPRequestHandler>& handler, struct MHD_Response *&response) const;
+-  int CreateRangedMemoryDownloadResponse(const std::shared_ptr<IHTTPRequestHandler>& handler, struct MHD_Response *&response) const;
++  MHD_RESULT CreateMemoryDownloadResponse(const std::shared_ptr<IHTTPRequestHandler>& handler, struct MHD_Response *&response) const;
++  MHD_RESULT CreateRangedMemoryDownloadResponse(const std::shared_ptr<IHTTPRequestHandler>& handler, struct MHD_Response *&response) const;
+ 
+-  int CreateRedirect(struct MHD_Connection *connection, const std::string &strURL, struct MHD_Response *&response) const;
+-  int CreateFileDownloadResponse(const std::shared_ptr<IHTTPRequestHandler>& handler, struct MHD_Response *&response) const;
+-  int CreateErrorResponse(struct MHD_Connection *connection, int responseType, HTTPMethod method, struct MHD_Response *&response) const;
+-  int CreateMemoryDownloadResponse(struct MHD_Connection *connection, const void *data, size_t size, bool free, bool copy, struct MHD_Response *&response) const;
++  MHD_RESULT CreateRedirect(struct MHD_Connection *connection, const std::string &strURL, struct MHD_Response *&response) const;
++  MHD_RESULT CreateFileDownloadResponse(const std::shared_ptr<IHTTPRequestHandler>& handler, struct MHD_Response *&response) const;
++  MHD_RESULT CreateErrorResponse(struct MHD_Connection *connection, int responseType, HTTPMethod method, struct MHD_Response *&response) const;
++  MHD_RESULT CreateMemoryDownloadResponse(struct MHD_Connection *connection, const void *data, size_t size, bool free, bool copy, struct MHD_Response *&response) const;
+ 
+-  int SendResponse(const HTTPRequest& request, int responseStatus, MHD_Response *response) const;
+-  int SendErrorResponse(const HTTPRequest& request, int errorType, HTTPMethod method) const;
++  MHD_RESULT SendResponse(const HTTPRequest& request, int responseStatus, MHD_Response *response) const;
++  MHD_RESULT SendErrorResponse(const HTTPRequest& request, int errorType, HTTPMethod method) const;
+ 
+-  int AddHeader(struct MHD_Response *response, const std::string &name, const std::string &value) const;
++  MHD_RESULT AddHeader(struct MHD_Response *response, const std::string &name, const std::string &value) const;
+ 
+   void LogRequest(const HTTPRequest& request) const;
+   void LogResponse(const HTTPRequest& request, int responseStatus) const;
+@@ -100,11 +100,11 @@ class CWebServer
+   static ssize_t ContentReaderCallback (void *cls, uint64_t pos, char *buf, size_t max);
+   static void ContentReaderFreeCallback(void *cls);
+ 
+-  static int AnswerToConnection (void *cls, struct MHD_Connection *connection,
++  static MHD_RESULT AnswerToConnection (void *cls, struct MHD_Connection *connection,
+                         const char *url, const char *method,
+                         const char *version, const char *upload_data,
+                         size_t *upload_data_size, void **con_cls);
+-  static int HandlePostField(void *cls, enum MHD_ValueKind kind, const char *key,
++  static MHD_RESULT HandlePostField(void *cls, enum MHD_ValueKind kind, const char *key,
+                              const char *filename, const char *content_type,
+                              const char *transfer_encoding, const char *data, uint64_t off,
+                              size_t size);
+diff --git a/xbmc/network/httprequesthandler/HTTPFileHandler.cpp b/xbmc/network/httprequesthandler/HTTPFileHandler.cpp
+index 2101d49f0911..26e53901dbfa 100644
+--- a/xbmc/network/httprequesthandler/HTTPFileHandler.cpp
++++ b/xbmc/network/httprequesthandler/HTTPFileHandler.cpp
+@@ -23,7 +23,7 @@ CHTTPFileHandler::CHTTPFileHandler(const HTTPRequest &request)
+     m_lastModified()
+ { }
+ 
+-int CHTTPFileHandler::HandleRequest()
++MHD_RESULT CHTTPFileHandler::HandleRequest()
+ {
+   return !m_url.empty() ? MHD_YES : MHD_NO;
+ }
+diff --git a/xbmc/network/httprequesthandler/HTTPFileHandler.h b/xbmc/network/httprequesthandler/HTTPFileHandler.h
+index 3c74b5275092..6121315c6f5f 100644
+--- a/xbmc/network/httprequesthandler/HTTPFileHandler.h
++++ b/xbmc/network/httprequesthandler/HTTPFileHandler.h
+@@ -19,7 +19,7 @@ class CHTTPFileHandler : public IHTTPRequestHandler
+ public:
+   ~CHTTPFileHandler() override = default;
+ 
+-  int HandleRequest() override;
++  MHD_RESULT HandleRequest() override;
+ 
+   bool CanHandleRanges() const override { return m_canHandleRanges; }
+   bool CanBeCached() const override { return m_canBeCached; }
+diff --git a/xbmc/network/httprequesthandler/HTTPImageTransformationHandler.cpp b/xbmc/network/httprequesthandler/HTTPImageTransformationHandler.cpp
+index de42e7fd3017..6902be012532 100644
+--- a/xbmc/network/httprequesthandler/HTTPImageTransformationHandler.cpp
++++ b/xbmc/network/httprequesthandler/HTTPImageTransformationHandler.cpp
+@@ -104,7 +104,7 @@ bool CHTTPImageTransformationHandler::CanHandleRequest(const HTTPRequest &reques
+           options.find(TRANSFORMATION_OPTION_HEIGHT) != options.end());
+ }
+ 
+-int CHTTPImageTransformationHandler::HandleRequest()
++MHD_RESULT CHTTPImageTransformationHandler::HandleRequest()
+ {
+   if (m_response.type == HTTPError)
+     return MHD_YES;
+diff --git a/xbmc/network/httprequesthandler/HTTPImageTransformationHandler.h b/xbmc/network/httprequesthandler/HTTPImageTransformationHandler.h
+index c55015ec4eb0..0d17afc3250a 100644
+--- a/xbmc/network/httprequesthandler/HTTPImageTransformationHandler.h
++++ b/xbmc/network/httprequesthandler/HTTPImageTransformationHandler.h
+@@ -23,7 +23,7 @@ class CHTTPImageTransformationHandler : public IHTTPRequestHandler
+   IHTTPRequestHandler* Create(const HTTPRequest &request) const override { return new CHTTPImageTransformationHandler(request); }
+   bool CanHandleRequest(const HTTPRequest &request)const  override;
+ 
+-  int HandleRequest() override;
++  MHD_RESULT HandleRequest() override;
+ 
+   bool CanHandleRanges() const override { return true; }
+   bool CanBeCached() const override { return true; }
+diff --git a/xbmc/network/httprequesthandler/HTTPJsonRpcHandler.cpp b/xbmc/network/httprequesthandler/HTTPJsonRpcHandler.cpp
+index e8e2fa36924b..a4c3c198eba3 100644
+--- a/xbmc/network/httprequesthandler/HTTPJsonRpcHandler.cpp
++++ b/xbmc/network/httprequesthandler/HTTPJsonRpcHandler.cpp
+@@ -25,7 +25,7 @@ bool CHTTPJsonRpcHandler::CanHandleRequest(const HTTPRequest &request) const
+   return (request.pathUrl.compare("/jsonrpc") == 0);
+ }
+ 
+-int CHTTPJsonRpcHandler::HandleRequest()
++MHD_RESULT CHTTPJsonRpcHandler::HandleRequest()
+ {
+   CHTTPClient client(m_request.method);
+   bool isRequest = false;
+diff --git a/xbmc/network/httprequesthandler/HTTPJsonRpcHandler.h b/xbmc/network/httprequesthandler/HTTPJsonRpcHandler.h
+index 67c14b666ef6..2659fd549c25 100644
+--- a/xbmc/network/httprequesthandler/HTTPJsonRpcHandler.h
++++ b/xbmc/network/httprequesthandler/HTTPJsonRpcHandler.h
+@@ -24,7 +24,7 @@ class CHTTPJsonRpcHandler : public IHTTPRequestHandler
+   IHTTPRequestHandler* Create(const HTTPRequest &request) const override { return new CHTTPJsonRpcHandler(request); }
+   bool CanHandleRequest(const HTTPRequest &request) const override;
+ 
+-  int HandleRequest() override;
++  MHD_RESULT HandleRequest() override;
+ 
+   HttpResponseRanges GetResponseData() const override;
+ 
+diff --git a/xbmc/network/httprequesthandler/HTTPPythonHandler.cpp b/xbmc/network/httprequesthandler/HTTPPythonHandler.cpp
+index 5f9aeef10f2e..a07ef0d3ac31 100644
+--- a/xbmc/network/httprequesthandler/HTTPPythonHandler.cpp
++++ b/xbmc/network/httprequesthandler/HTTPPythonHandler.cpp
+@@ -112,7 +112,7 @@ bool CHTTPPythonHandler::CanHandleRequest(const HTTPRequest &request) const
+   return true;
+ }
+ 
+-int CHTTPPythonHandler::HandleRequest()
++MHD_RESULT CHTTPPythonHandler::HandleRequest()
+ {
+   if (m_response.type == HTTPError || m_response.type == HTTPRedirect)
+     return MHD_YES;
+diff --git a/xbmc/network/httprequesthandler/HTTPPythonHandler.h b/xbmc/network/httprequesthandler/HTTPPythonHandler.h
+index 03c150693ff4..166430e68d51 100644
+--- a/xbmc/network/httprequesthandler/HTTPPythonHandler.h
++++ b/xbmc/network/httprequesthandler/HTTPPythonHandler.h
+@@ -25,7 +25,7 @@ class CHTTPPythonHandler : public IHTTPRequestHandler
+   bool CanBeCached() const override { return false; }
+   bool GetLastModifiedDate(CDateTime &lastModified) const override;
+ 
+-  int HandleRequest() override;
++  MHD_RESULT HandleRequest() override;
+ 
+   HttpResponseRanges GetResponseData() const override { return m_responseRanges; }
+ 
+diff --git a/xbmc/network/httprequesthandler/HTTPRequestHandlerUtils.cpp b/xbmc/network/httprequesthandler/HTTPRequestHandlerUtils.cpp
+index 80d1d6733475..f2ea1f2e51ed 100644
+--- a/xbmc/network/httprequesthandler/HTTPRequestHandlerUtils.cpp
++++ b/xbmc/network/httprequesthandler/HTTPRequestHandlerUtils.cpp
+@@ -61,7 +61,7 @@ bool HTTPRequestHandlerUtils::GetRequestedRanges(struct MHD_Connection *connecti
+   return ranges.Parse(GetRequestHeaderValue(connection, MHD_HEADER_KIND, MHD_HTTP_HEADER_RANGE), totalLength);
+ }
+ 
+-int HTTPRequestHandlerUtils::FillArgumentMap(void *cls, enum MHD_ValueKind kind, const char *key, const char *value)
++MHD_RESULT HTTPRequestHandlerUtils::FillArgumentMap(void *cls, enum MHD_ValueKind kind, const char *key, const char *value)
+ {
+   if (cls == nullptr || key == nullptr)
+     return MHD_NO;
+@@ -72,7 +72,7 @@ int HTTPRequestHandlerUtils::FillArgumentMap(void *cls, enum MHD_ValueKind kind,
+   return MHD_YES;
+ }
+ 
+-int HTTPRequestHandlerUtils::FillArgumentMultiMap(void *cls, enum MHD_ValueKind kind, const char *key, const char *value)
++MHD_RESULT HTTPRequestHandlerUtils::FillArgumentMultiMap(void *cls, enum MHD_ValueKind kind, const char *key, const char *value)
+ {
+   if (cls == nullptr || key == nullptr)
+     return MHD_NO;
+diff --git a/xbmc/network/httprequesthandler/HTTPRequestHandlerUtils.h b/xbmc/network/httprequesthandler/HTTPRequestHandlerUtils.h
+index 9a07801914e4..0ec5ed1bf706 100644
+--- a/xbmc/network/httprequesthandler/HTTPRequestHandlerUtils.h
++++ b/xbmc/network/httprequesthandler/HTTPRequestHandlerUtils.h
+@@ -25,6 +25,6 @@ class HTTPRequestHandlerUtils
+ private:
+   HTTPRequestHandlerUtils() = delete;
+ 
+-  static int FillArgumentMap(void *cls, enum MHD_ValueKind kind, const char *key, const char *value);
+-  static int FillArgumentMultiMap(void *cls, enum MHD_ValueKind kind, const char *key, const char *value);
++  static MHD_RESULT FillArgumentMap(void *cls, enum MHD_ValueKind kind, const char *key, const char *value);
++  static MHD_RESULT FillArgumentMultiMap(void *cls, enum MHD_ValueKind kind, const char *key, const char *value);
+ };
+diff --git a/xbmc/network/httprequesthandler/HTTPWebinterfaceAddonsHandler.cpp b/xbmc/network/httprequesthandler/HTTPWebinterfaceAddonsHandler.cpp
+index 01a6b503bdf6..0716a5df96ca 100644
+--- a/xbmc/network/httprequesthandler/HTTPWebinterfaceAddonsHandler.cpp
++++ b/xbmc/network/httprequesthandler/HTTPWebinterfaceAddonsHandler.cpp
+@@ -18,7 +18,7 @@ bool CHTTPWebinterfaceAddonsHandler::CanHandleRequest(const HTTPRequest &request
+   return (request.pathUrl.compare("/addons") == 0 || request.pathUrl.compare("/addons/") == 0);
+ }
+ 
+-int CHTTPWebinterfaceAddonsHandler::HandleRequest()
++MHD_RESULT CHTTPWebinterfaceAddonsHandler::HandleRequest()
+ {
+   m_responseData = ADDON_HEADER;
+   ADDON::VECADDONS addons;
+diff --git a/xbmc/network/httprequesthandler/HTTPWebinterfaceAddonsHandler.h b/xbmc/network/httprequesthandler/HTTPWebinterfaceAddonsHandler.h
+index e9b1c6d29a41..23cea36d1436 100644
+--- a/xbmc/network/httprequesthandler/HTTPWebinterfaceAddonsHandler.h
++++ b/xbmc/network/httprequesthandler/HTTPWebinterfaceAddonsHandler.h
+@@ -21,7 +21,7 @@ class CHTTPWebinterfaceAddonsHandler : public IHTTPRequestHandler
+   IHTTPRequestHandler* Create(const HTTPRequest &request) const override { return new CHTTPWebinterfaceAddonsHandler(request); }
+   bool CanHandleRequest(const HTTPRequest &request) const override;
+ 
+-  int HandleRequest() override;
++  MHD_RESULT HandleRequest() override;
+ 
+   HttpResponseRanges GetResponseData() const override;
+ 
+diff --git a/xbmc/network/httprequesthandler/IHTTPRequestHandler.h b/xbmc/network/httprequesthandler/IHTTPRequestHandler.h
+index 4b1e40a587a7..b3e19f34d3dd 100644
+--- a/xbmc/network/httprequesthandler/IHTTPRequestHandler.h
++++ b/xbmc/network/httprequesthandler/IHTTPRequestHandler.h
+@@ -22,6 +22,14 @@
+ 
+ #include "utils/HttpRangeUtils.h"
+ 
++#include <microhttpd.h>
++
++#if MHD_VERSION >= 0x00097002
++#define MHD_RESULT enum MHD_Result
++#else
++#define MHD_RESULT int
++#endif
++
+ class CDateTime;
+ class CWebServer;
+ 
+@@ -114,7 +122,7 @@ class IHTTPRequestHandler
+    *
+    * \return MHD_NO if a severe error has occurred otherwise MHD_YES.
+    */
+-  virtual int HandleRequest() = 0;
++  virtual MHD_RESULT HandleRequest() = 0;
+ 
+   /*!
+    * \brief Whether the HTTP response could also be provided in ranges.

package/libcamera/libcamera.mk

@@ -9,7 +9,7 @@ LIBCAMERA_VERSION = 448393f77ec9e37cb807e8e8d35c1a4877d253d4
 LIBCAMERA_SITE_METHOD = git
 LIBCAMERA_DEPENDENCIES = udev
 LIBCAMERA_CONF_OPTS = -Dtest=false -Ddocumentation=false
-LIBCAMERA_INSTALL_STAGING = yes
+LIBCAMERA_INSTALL_STAGING = YES
 LIBCAMERA_LICENSE = LGPL-2.1+ (library), GPL-2.0+ (utils)
 LIBCAMERA_LICENSE_FILES = \
 	licenses/gnu-gpl-2.0.txt \

package/libcec/libcec.hash

@@ -1,3 +1,3 @@
 # Locally computed
-sha256  7c6ef02f39918ac88a3dac8ea35021f6c4b4b695df9204b3ac9faca673c706cc  libcec-5.0.0.tar.gz
+sha256  e4d749430ebcf3a35ec3a3f6675afcc5755afc1e5801c12121e54d80eb187743  libcec-4.0.5.tar.gz
 sha256  0137261d24ce001fc5237aacddd267533e0f150ac23cf21acffea599f7358f7a  COPYING

package/libcec/libcec.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBCEC_VERSION = 5.0.0
+LIBCEC_VERSION = 4.0.5
 LIBCEC_SITE = $(call github,Pulse-Eight,libcec,libcec-$(LIBCEC_VERSION))
 LIBCEC_LICENSE = GPL-2.0+
 LIBCEC_LICENSE_FILES = COPYING

package/libconfuse/libconfuse.hash

@@ -1,5 +1,5 @@
-# From https://github.com/martinh/libconfuse/releases/download/v3.2.2/confuse-3.2.2.tar.xz.md5
-md5  978996e421e5005e6a9f6f84948fac44  confuse-3.2.2.tar.xz
+# From https://github.com/martinh/libconfuse/releases/download/v3.3/confuse-3.3.tar.xz.md5
+md5  a183cef2cecdd3783436ff8de500d274  confuse-3.3.tar.xz
 # Locally computed
-sha256  a9240b653d02e8cfc52db48e8c4224426e528e1faa09b65e8ca08a197fad210b  confuse-3.2.2.tar.xz
+sha256  1dd50a0320e135a55025b23fcdbb3f0a81913b6d0b0a9df8cc2fdf3b3dc67010  confuse-3.3.tar.xz
 sha256  dc3ff4b62f851dd2e94a151061ffeb7d28ddfc880a442068dc5283dbaa927306  LICENSE

package/libconfuse/libconfuse.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBCONFUSE_VERSION = 3.2.2
+LIBCONFUSE_VERSION = 3.3
 LIBCONFUSE_SOURCE = confuse-$(LIBCONFUSE_VERSION).tar.xz
 LIBCONFUSE_SITE = https://github.com/martinh/libconfuse/releases/download/v$(LIBCONFUSE_VERSION)
 LIBCONFUSE_INSTALL_STAGING = YES

package/libcurl/0001-bearssl-fix-build-with-disabled-proxy-support.patch

@@ -0,0 +1,50 @@
+From 3a46be47cad5a3498b5f6d6007b7d1fe5b8dff78 Mon Sep 17 00:00:00 2001
+Message-Id: <3a46be47cad5a3498b5f6d6007b7d1fe5b8dff78.1594274321.git.baruch@tkos.co.il>
+From: Baruch Siach <baruch@tkos.co.il>
+Date: Thu, 9 Jul 2020 08:14:49 +0300
+Subject: [PATCH] bearssl: fix build with disabled proxy support
+
+Avoid reference to fields that do not exist when CURL_DISABLE_PROXY is
+defined.
+
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Upstream status: https://github.com/curl/curl/pull/5666
+
+ lib/vtls/bearssl.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/lib/vtls/bearssl.c b/lib/vtls/bearssl.c
+index 628e16a124a9..44e7406e8e39 100644
+--- a/lib/vtls/bearssl.c
++++ b/lib/vtls/bearssl.c
+@@ -300,8 +300,12 @@ static CURLcode bearssl_connect_step1(struct connectdata *conn, int sockindex)
+   struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+   struct ssl_backend_data *backend = connssl->backend;
+   const char * const ssl_cafile = SSL_CONN_CONFIG(CAfile);
++#ifndef CURL_DISABLE_PROXY
+   const char *hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
+     conn->host.name;
++#else
++  const char *hostname = conn->host.name;
++#endif
+   const bool verifypeer = SSL_CONN_CONFIG(verifypeer);
+   const bool verifyhost = SSL_CONN_CONFIG(verifyhost);
+   CURLcode ret;
+@@ -386,8 +390,11 @@ static CURLcode bearssl_connect_step1(struct connectdata *conn, int sockindex)
+      */
+ 
+ #ifdef USE_NGHTTP2
+-    if(data->set.httpversion >= CURL_HTTP_VERSION_2 &&
+-       (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)) {
++    if(data->set.httpversion >= CURL_HTTP_VERSION_2
++#ifndef CURL_DISABLE_PROXY
++      && (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)
++#endif
++      ) {
+       backend->protocols[cur++] = NGHTTP2_PROTO_VERSION_ID;
+       infof(data, "ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID);
+     }
+-- 
+2.27.0
+

package/libcurl/0002-nss-fix-build-with-disabled-proxy-support.patch

@@ -0,0 +1,159 @@
+From d040da28f57d0b3fcd6f63809a8c85a600f87a62 Mon Sep 17 00:00:00 2001
+Message-Id: <d040da28f57d0b3fcd6f63809a8c85a600f87a62.1594274337.git.baruch@tkos.co.il>
+From: Baruch Siach <baruch@tkos.co.il>
+Date: Thu, 9 Jul 2020 08:14:49 +0300
+Subject: [PATCH] nss: fix build with disabled proxy support
+
+Avoid reference to fields that do not exist when CURL_DISABLE_PROXY is
+defined.
+
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Upstream status: https://github.com/curl/curl/pull/5667
+
+ lib/vtls/nss.c | 44 +++++++++++++++++++++++++++++++++++---------
+ 1 file changed, 35 insertions(+), 9 deletions(-)
+
+diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
+index fca292613815..0f0d1ee6c80f 100644
+--- a/lib/vtls/nss.c
++++ b/lib/vtls/nss.c
+@@ -1027,9 +1027,11 @@ static SECStatus BadCertHandler(void *arg, PRFileDesc *sock)
+   CERTCertificate *cert;
+ 
+   /* remember the cert verification result */
++#ifndef CURL_DISABLE_PROXY
+   if(SSL_IS_PROXY())
+     data->set.proxy_ssl.certverifyresult = err;
+   else
++#endif
+     data->set.ssl.certverifyresult = err;
+ 
+   if(err == SSL_ERROR_BAD_CERT_DOMAIN && !SSL_CONN_CONFIG(verifyhost))
+@@ -1553,24 +1555,32 @@ static void nss_close(struct ssl_connect_data *connssl)
+ static void Curl_nss_close(struct connectdata *conn, int sockindex)
+ {
+   struct ssl_connect_data *connssl = &conn->ssl[sockindex];
++#ifndef CURL_DISABLE_PROXY
+   struct ssl_connect_data *connssl_proxy = &conn->proxy_ssl[sockindex];
++#endif
+   struct ssl_backend_data *backend = connssl->backend;
+ 
+-  if(backend->handle || connssl_proxy->backend->handle) {
++  if(backend->handle
++#ifndef CURL_DISABLE_PROXY
++    || connssl_proxy->backend->handle
++#endif
++    ) {
+     /* NSS closes the socket we previously handed to it, so we must mark it
+        as closed to avoid double close */
+     fake_sclose(conn->sock[sockindex]);
+     conn->sock[sockindex] = CURL_SOCKET_BAD;
+   }
+ 
++#ifndef CURL_DISABLE_PROXY
+   if(backend->handle)
+     /* nss_close(connssl) will transitively close also
+        connssl_proxy->backend->handle if both are used. Clear it to avoid
+        a double close leading to crash. */
+     connssl_proxy->backend->handle = NULL;
+ 
+-  nss_close(connssl);
+   nss_close(connssl_proxy);
++#endif
++  nss_close(connssl);
+ }
+ 
+ /* return true if NSS can provide error code (and possibly msg) for the
+@@ -1828,6 +1838,12 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
+   CURLcode result;
+   bool second_layer = FALSE;
+   SSLVersionRange sslver_supported;
++#ifndef CURL_DISABLE_PROXY
++  const char *hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
++    conn->host.name;
++#else
++  const char *hostname = conn->host.name;
++#endif
+ 
+   SSLVersionRange sslver = {
+     SSL_LIBRARY_VERSION_TLS_1_0,  /* min */
+@@ -1932,9 +1948,11 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
+     goto error;
+ 
+   /* not checked yet */
++#ifndef CURL_DISABLE_PROXY
+   if(SSL_IS_PROXY())
+     data->set.proxy_ssl.certverifyresult = 0;
+   else
++#endif
+     data->set.ssl.certverifyresult = 0;
+ 
+   if(SSL_BadCertHook(model, BadCertHandler, conn) != SECSuccess)
+@@ -1991,12 +2009,14 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
+     goto error;
+   }
+ 
++#ifndef CURL_DISABLE_PROXY
+   if(conn->proxy_ssl[sockindex].use) {
+     DEBUGASSERT(ssl_connection_complete == conn->proxy_ssl[sockindex].state);
+     DEBUGASSERT(conn->proxy_ssl[sockindex].backend->handle != NULL);
+     nspr_io = conn->proxy_ssl[sockindex].backend->handle;
+     second_layer = TRUE;
+   }
++#endif
+   else {
+     /* wrap OS file descriptor by NSPR's file descriptor abstraction */
+     nspr_io = PR_ImportTCPSocket(sockfd);
+@@ -2077,8 +2097,11 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
+     unsigned char protocols[128];
+ 
+ #ifdef USE_NGHTTP2
+-    if(data->set.httpversion >= CURL_HTTP_VERSION_2 &&
+-       (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)) {
++    if(data->set.httpversion >= CURL_HTTP_VERSION_2
++#ifndef CURL_DISABLE_PROXY
++      && (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)
++#endif
++      ) {
+       protocols[cur++] = NGHTTP2_PROTO_VERSION_ID_LEN;
+       memcpy(&protocols[cur], NGHTTP2_PROTO_VERSION_ID,
+           NGHTTP2_PROTO_VERSION_ID_LEN);
+@@ -2101,14 +2124,11 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
+     goto error;
+ 
+   /* propagate hostname to the TLS layer */
+-  if(SSL_SetURL(backend->handle, SSL_IS_PROXY() ? conn->http_proxy.host.name :
+-                conn->host.name) != SECSuccess)
++  if(SSL_SetURL(backend->handle, hostname) != SECSuccess)
+     goto error;
+ 
+   /* prevent NSS from re-using the session for a different hostname */
+-  if(SSL_SetSockPeerID(backend->handle, SSL_IS_PROXY() ?
+-                       conn->http_proxy.host.name : conn->host.name)
+-     != SECSuccess)
++  if(SSL_SetSockPeerID(backend->handle, hostname) != SECSuccess)
+     goto error;
+ 
+   return CURLE_OK;
+@@ -2127,11 +2147,17 @@ static CURLcode nss_do_connect(struct connectdata *conn, int sockindex)
+   struct Curl_easy *data = conn->data;
+   CURLcode result = CURLE_SSL_CONNECT_ERROR;
+   PRUint32 timeout;
++#ifndef CURL_DISABLE_PROXY
+   long * const certverifyresult = SSL_IS_PROXY() ?
+     &data->set.proxy_ssl.certverifyresult : &data->set.ssl.certverifyresult;
+   const char * const pinnedpubkey = SSL_IS_PROXY() ?
+               data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
+               data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG];
++#else
++  long * const certverifyresult = &data->set.ssl.certverifyresult;
++  const char * const pinnedpubkey =
++              data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG];
++#endif
+ 
+ 
+   /* check timeout situation */
+-- 
+2.27.0
+

package/libcurl/libcurl.hash

@@ -1,3 +1,5 @@
-# Locally calculated
-sha256 03c7d5e6697f7b7e40ada1b2256e565a555657398e6c1fcfa4cb251ccd819d4f  curl-7.69.1.tar.xz
-sha256 db3c4a3b3695a0f317a0c5176acd2f656d18abc45b3ee78e50935a78eb1e132e  COPYING
+# Locally calculated after checking pgp signature
+# https://curl.haxx.se/download/curl-7.71.1.tar.xz.asc
+# signed with key 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2
+sha256  40f83eda27cdbeb25cd4da48cefb639af1b9395d6026d2da1825bf059239658c  curl-7.71.1.tar.xz
+sha256  db3c4a3b3695a0f317a0c5176acd2f656d18abc45b3ee78e50935a78eb1e132e  COPYING

package/libcurl/libcurl.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBCURL_VERSION = 7.69.1
+LIBCURL_VERSION = 7.71.1
 LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz
 LIBCURL_SITE = https://curl.haxx.se/download
 LIBCURL_DEPENDENCIES = host-pkgconf \

package/libevdev/0001-meson.build-use-local-include-path-for-tools.patch

@@ -1,54 +0,0 @@
-From 83eb5bbac775d46b74e7f99fbd243d53f0118b37 Mon Sep 17 00:00:00 2001
-From: Peter Seiderer <ps.report@gmx.net>
-Date: Mon, 2 Mar 2020 15:43:14 +0100
-Subject: [PATCH] meson.build: use local include path for tools
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Fixes the following compile failure with old toolchains and meson
-build (autotools build not affected):
-
-  ../tools/mouse-dpi-tool.c: In function ‘handle_event’:
-  ../tools/mouse-dpi-tool.c:115:13: error: ‘const struct input_event’ has no member named ‘input_event_sec’
-     m->us = ev->input_event_sec * 1000000 + ev->input_event_usec;
-               ^
-  ../tools/mouse-dpi-tool.c:115:45: error: ‘const struct input_event’ has no member named ‘input_event_usec’
-     m->us = ev->input_event_sec * 1000000 + ev->input_event_usec;
-                                               ^
-
-Signed-off-by: Peter Seiderer <ps.report@gmx.net>
----
- meson.build | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/meson.build b/meson.build
-index 4831f8e..5500a83 100644
---- a/meson.build
-+++ b/meson.build
-@@ -102,18 +102,22 @@ install_man(manpage)
- # tools
- executable('libevdev-events',
- 	   sources: ['tools/libevdev-events.c'],
-+	   include_directories: [includes_include],
- 	   dependencies: dep_libevdev,
- 	   install: false)
- executable('touchpad-edge-detector',
- 	   sources: ['tools/touchpad-edge-detector.c'],
-+	   include_directories: [includes_include],
- 	   dependencies: [dep_libevdev, dep_lm],
-            install: true)
- executable('mouse-dpi-tool',
- 	   sources: ['tools/mouse-dpi-tool.c'],
-+	   include_directories: [includes_include],
- 	   dependencies: dep_libevdev,
-            install: true)
- executable('libevdev-tweak-device',
- 	   sources: ['tools/libevdev-tweak-device.c'],
-+	   include_directories: [includes_include],
- 	   dependencies: dep_libevdev,
- 	   install: true)
- 
--- 
-2.25.1
-

package/libevdev/0003-meson.build-enable-static-library-build.patch

@@ -1,30 +0,0 @@
-From 0d39ee4958869e9dd7657d6d0528bc4e2461e912 Mon Sep 17 00:00:00 2001
-From: Peter Seiderer <ps.report@gmx.net>
-Date: Tue, 10 Mar 2020 09:35:52 +0100
-Subject: [PATCH] meson.build: enable static library build
-
-Use meson library() instead of shared_library() to enable
-static build.
-
-Signed-off-by: Peter Seiderer <ps.report@gmx.net>
-Upstream: https://gitlab.freedesktop.org/libevdev/libevdev/-/commit/a9d324f82bd5e822ea57224000fea43cb64aa214
----
- meson.build | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/meson.build b/meson.build
-index a623a90..94224cb 100644
---- a/meson.build
-+++ b/meson.build
-@@ -70,7 +70,7 @@ src_libevdev = [
- 
- mapfile = join_paths(dir_src, 'libevdev.sym')
- version_flag = '-Wl,--version-script,@0@'.format(mapfile)
--lib_libevdev = shared_library('evdev',
-+lib_libevdev = library('evdev',
- 	src_libevdev,
- 	include_directories: [includes_include],
- 	dependencies: [],
--- 
-2.25.1
-

package/libevdev/libevdev.hash

@@ -1,8 +1,8 @@
-# From https://lists.freedesktop.org/archives/input-tools/2020-March/001530.html
-md5  13c3f0911f9326d4b9fa103365f84421  libevdev-1.9.0.tar.xz
-sha1  ab5040ee88dd4cb49a75da72e8fded91b282c108  libevdev-1.9.0.tar.xz
-sha256  e7e18a64264f2dea19b6c50a481f8c062529d42919ccda0bc861495bce28eb9e  libevdev-1.9.0.tar.xz
-sha512  6e7589b5776437ac23fbf65b3194fb1dd3a68a294696145060cdd97bcdeb9b04f355f2be028dc1a5efe98ef2cafca15e4f61115edf5d62591e3a8944dc95942a  libevdev-1.9.0.tar.xz
+# From https://lists.freedesktop.org/archives/input-tools/2020-July/001541.html
+md5  58286a834ae14536caf9cab8633419cf  libevdev-1.9.1.tar.xz
+sha1  b61c6a09446d717edc4971f7bc3ce9ffa2f05306  libevdev-1.9.1.tar.xz
+sha256  f5603c48c5afd76b14df7a5124e0a94a102f8da0d45826192325069d1bbc7acb  libevdev-1.9.1.tar.xz
+sha512  7d845ce2279d2e2ef12437f6218550265ea0c85e5b6c0d116aff09787b73626b338fe3084baff060085d393688b5ae3d33772689e0581684eff257af01c4c645  libevdev-1.9.1.tar.xz
 
 # Hash for license files:
 sha256  f063d1279b31e73007e1c54493391818b4cb5f9162d590120397e0347b932137  COPYING

package/libevdev/libevdev.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBEVDEV_VERSION = 1.9.0
+LIBEVDEV_VERSION = 1.9.1
 LIBEVDEV_SITE = http://www.freedesktop.org/software/libevdev
 LIBEVDEV_SOURCE = libevdev-$(LIBEVDEV_VERSION).tar.xz
 LIBEVDEV_LICENSE = X11

package/libhttpserver/0002-Compatibility-with-libmicrohttpd-0.9.71-199.patch

@@ -0,0 +1,254 @@
+From 056df008ecb8ab354191b7515199267eb6b84124 Mon Sep 17 00:00:00 2001
+From: bkuhls <bkuhls@users.noreply.github.com>
+Date: Mon, 6 Jul 2020 04:23:21 +0200
+Subject: [PATCH] Compatibility with libmicrohttpd 0.9.71 (#199)
+
+From the libmicrohttpd 0.9.71 release notes:
+
+The release introduces an 'enum MHD_Result' instead of
+for certain API misuse bugs by providing better types (not everything is
+an 'int').  While this does NOT change the binary API, this change
+_will_ cause compiler warnings for all legacy code -- until 'int' is
+replaced with 'enum MHD_Result'.
+
+(cherry picked from commit 51b343c6b05dd13cbde0db04984fbf392e9f6df6)
+[Peter: backported to 0.17.5]
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ src/http_request.cpp            |  6 +++---
+ src/httpserver/http_request.hpp |  6 +++---
+ src/httpserver/http_utils.hpp   |  4 ++++
+ src/httpserver/webserver.hpp    | 16 ++++++++--------
+ src/webserver.cpp               | 24 ++++++++++++++----------
+ 5 files changed, 32 insertions(+), 24 deletions(-)
+
+diff --git a/src/http_request.cpp b/src/http_request.cpp
+index 973ab33..37035b2 100644
+--- a/src/http_request.cpp
++++ b/src/http_request.cpp
+@@ -86,7 +86,7 @@ const std::string http_request::get_connection_value(const std::string& key, enu
+     return header_c;
+ }
+ 
+-int http_request::build_request_header(
++MHD_Result http_request::build_request_header(
+         void *cls,
+         enum MHD_ValueKind kind,
+         const char *key,
+@@ -187,7 +187,7 @@ const std::string http_request::get_querystring() const
+     return querystring;
+ }
+ 
+-int http_request::build_request_args(
++MHD_Result http_request::build_request_args(
+         void *cls,
+         enum MHD_ValueKind kind,
+         const char *key,
+@@ -202,7 +202,7 @@ int http_request::build_request_args(
+     return MHD_YES;
+ }
+ 
+-int http_request::build_request_querystring(
++MHD_Result http_request::build_request_querystring(
+         void *cls,
+         enum MHD_ValueKind kind,
+         const char *key,
+diff --git a/src/httpserver/http_request.hpp b/src/httpserver/http_request.hpp
+index 21f2176..6bd371c 100644
+--- a/src/httpserver/http_request.hpp
++++ b/src/httpserver/http_request.hpp
+@@ -304,15 +304,15 @@ class http_request
+ 
+         unescaper_ptr unescaper;
+ 
+-        static int build_request_header(void *cls, enum MHD_ValueKind kind,
++        static MHD_Result build_request_header(void *cls, enum MHD_ValueKind kind,
+                 const char *key, const char *value
+         );
+ 
+-        static int build_request_args(void *cls, enum MHD_ValueKind kind,
++        static MHD_Result build_request_args(void *cls, enum MHD_ValueKind kind,
+                 const char *key, const char *value
+         );
+ 
+-        static int build_request_querystring(void *cls, enum MHD_ValueKind kind,
++        static MHD_Result build_request_querystring(void *cls, enum MHD_ValueKind kind,
+                 const char *key, const char *value
+         );
+ 
+diff --git a/src/httpserver/http_utils.hpp b/src/httpserver/http_utils.hpp
+index bd3df17..cf18360 100644
+--- a/src/httpserver/http_utils.hpp
++++ b/src/httpserver/http_utils.hpp
+@@ -39,6 +39,10 @@
+ 
+ #define DEFAULT_MASK_VALUE 0xFFFF
+ 
++#if MHD_VERSION < 0x00097002
++typedef int MHD_Result;
++#endif
++
+ namespace httpserver {
+ 
+ typedef void(*unescaper_ptr)(std::string&);
+diff --git a/src/httpserver/webserver.hpp b/src/httpserver/webserver.hpp
+index 2660c70..3c915a1 100644
+--- a/src/httpserver/webserver.hpp
++++ b/src/httpserver/webserver.hpp
+@@ -201,14 +201,14 @@ class webserver
+                 enum MHD_RequestTerminationCode toe
+         );
+ 
+-        static int answer_to_connection
++        static MHD_Result answer_to_connection
+         (
+             void* cls, MHD_Connection* connection,
+             const char* url, const char* method,
+             const char* version, const char* upload_data,
+             size_t* upload_data_size, void** con_cls
+         );
+-        static int post_iterator
++        static MHD_Result post_iterator
+         (
+             void *cls,
+             enum MHD_ValueKind kind,
+@@ -225,30 +225,30 @@ class webserver
+             void **con_cls, int upgrade_socket
+         );
+ 
+-        int bodyless_requests_answer(MHD_Connection* connection,
++        MHD_Result bodyless_requests_answer(MHD_Connection* connection,
+             const char* method, const char* version,
+             struct details::modded_request* mr
+         );
+ 
+-        int bodyfull_requests_answer_first_step(MHD_Connection* connection,
++        MHD_Result bodyfull_requests_answer_first_step(MHD_Connection* connection,
+                 struct details::modded_request* mr
+         );
+ 
+-        int bodyfull_requests_answer_second_step(MHD_Connection* connection,
++        MHD_Result bodyfull_requests_answer_second_step(MHD_Connection* connection,
+             const char* method, const char* version, const char* upload_data,
+             size_t* upload_data_size, struct details::modded_request* mr
+         );
+ 
+-        int finalize_answer(MHD_Connection* connection,
++        MHD_Result finalize_answer(MHD_Connection* connection,
+                 struct details::modded_request* mr, const char* method
+         );
+ 
+-        int complete_request(MHD_Connection* connection,
++        MHD_Result complete_request(MHD_Connection* connection,
+                 struct details::modded_request* mr,
+                 const char* version, const char* method
+         );
+ 
+-        friend int policy_callback (void *cls,
++        friend MHD_Result policy_callback (void *cls,
+                 const struct sockaddr* addr, socklen_t addrlen
+         );
+         friend void error_log(void* cls, const char* fmt, va_list ap);
+diff --git a/src/webserver.cpp b/src/webserver.cpp
+index e71c364..ab6b530 100644
+--- a/src/webserver.cpp
++++ b/src/webserver.cpp
+@@ -61,6 +61,10 @@
+ #define SOCK_CLOEXEC 02000000
+ #endif
+ 
++#if MHD_VERSION < 0x00097002
++typedef int MHD_Result;
++#endif
++
+ using namespace std;
+ 
+ namespace httpserver
+@@ -68,7 +72,7 @@ namespace httpserver
+ 
+ using namespace http;
+ 
+-int policy_callback (void *, const struct sockaddr*, socklen_t);
++MHD_Result policy_callback (void *, const struct sockaddr*, socklen_t);
+ void error_log(void*, const char*, va_list);
+ void* uri_log(void*, const char*);
+ void access_log(webserver*, string);
+@@ -408,7 +412,7 @@ void webserver::disallow_ip(const string& ip)
+     this->allowances.erase(ip);
+ }
+ 
+-int policy_callback (void *cls, const struct sockaddr* addr, socklen_t addrlen)
++MHD_Result policy_callback (void *cls, const struct sockaddr* addr, socklen_t addrlen)
+ {
+     if(!(static_cast<webserver*>(cls))->ban_system_enabled) return MHD_YES;
+ 
+@@ -455,7 +459,7 @@ size_t unescaper_func(void * cls, struct MHD_Connection *c, char *s)
+     return std::string(s).size();
+ }
+ 
+-int webserver::post_iterator (void *cls, enum MHD_ValueKind kind,
++MHD_Result webserver::post_iterator (void *cls, enum MHD_ValueKind kind,
+     const char *key,
+     const char *filename,
+     const char *content_type,
+@@ -509,7 +513,7 @@ const std::shared_ptr<http_response> webserver::internal_error_page(details::mod
+     }
+ }
+ 
+-int webserver::bodyless_requests_answer(
++MHD_Result webserver::bodyless_requests_answer(
+     MHD_Connection* connection, const char* method,
+     const char* version, struct details::modded_request* mr
+     )
+@@ -519,7 +523,7 @@ int webserver::bodyless_requests_answer(
+     return complete_request(connection, mr, version, method);
+ }
+ 
+-int webserver::bodyfull_requests_answer_first_step(
++MHD_Result webserver::bodyfull_requests_answer_first_step(
+         MHD_Connection* connection,
+         struct details::modded_request* mr
+ )
+@@ -565,7 +569,7 @@ int webserver::bodyfull_requests_answer_first_step(
+     return MHD_YES;
+ }
+ 
+-int webserver::bodyfull_requests_answer_second_step(
++MHD_Result webserver::bodyfull_requests_answer_second_step(
+     MHD_Connection* connection, const char* method,
+     const char* version, const char* upload_data,
+     size_t* upload_data_size, struct details::modded_request* mr
+@@ -583,7 +587,7 @@ int webserver::bodyfull_requests_answer_second_step(
+     return MHD_YES;
+ }
+ 
+-int webserver::finalize_answer(
++MHD_Result webserver::finalize_answer(
+         MHD_Connection* connection,
+         struct details::modded_request* mr,
+         const char* method
+@@ -717,10 +721,10 @@ int webserver::finalize_answer(
+     mr->dhrs->decorate_response(raw_response);
+     to_ret = mr->dhrs->enqueue_response(connection, raw_response);
+     MHD_destroy_response(raw_response);
+-    return to_ret;
++    return (MHD_Result) to_ret;
+ }
+ 
+-int webserver::complete_request(
++MHD_Result webserver::complete_request(
+         MHD_Connection* connection,
+         struct details::modded_request* mr,
+         const char* version,
+@@ -736,7 +740,7 @@ int webserver::complete_request(
+     return finalize_answer(connection, mr, method);
+ }
+ 
+-int webserver::answer_to_connection(void* cls, MHD_Connection* connection,
++MHD_Result webserver::answer_to_connection(void* cls, MHD_Connection* connection,
+     const char* url, const char* method,
+     const char* version, const char* upload_data,
+     size_t* upload_data_size, void** con_cls
+-- 
+2.20.1
+

package/libhttpserver/libhttpserver.mk

@@ -9,7 +9,9 @@ LIBHTTPSERVER_SITE = $(call github,etr,libhttpserver,$(LIBHTTPSERVER_VERSION))
 LIBHTTPSERVER_LICENSE = LGPL-2.1+
 LIBHTTPSERVER_LICENSE_FILES = COPYING.LESSER
 LIBHTTPSERVER_INSTALL_STAGING = YES
-LIBHTTPSERVER_CONF_OPTS = --enable-same-directory-build
+LIBHTTPSERVER_CONF_OPTS = \
+	--disable-examples \
+	--enable-same-directory-build
 LIBHTTPSERVER_AUTORECONF = YES
 LIBHTTPSERVER_DEPENDENCIES = libmicrohttpd
 

package/libmicrohttpd/0001-fix-6135.patch

@@ -1,46 +0,0 @@
-From 6702e6202368720d7a381669c03eedc318f225ca Mon Sep 17 00:00:00 2001
-From: Christian Grothoff <christian@grothoff.org>
-Date: Thu, 26 Mar 2020 19:08:30 +0100
-Subject: [PATCH] fix #6135
-
-Downloaded from upstream commit to fix non-threaded build:
-https://git.gnunet.org/libmicrohttpd.git/commit/?id=6702e6202368720d7a381669c03eedc318f225ca
-
-Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
----
- src/microhttpd/internal.h | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/src/microhttpd/internal.h b/src/microhttpd/internal.h
-index 211eed9f..ad16535e 100644
---- a/src/microhttpd/internal.h
-+++ b/src/microhttpd/internal.h
-@@ -1462,12 +1462,6 @@ struct MHD_Daemon
-    */
-   size_t thread_stack_size;
- 
--  /**
--   * Our #MHD_OPTION_SERVER_INSANITY level, bits indicating
--   * which sanity checks are off.
--   */
--  enum MHD_DisableSanityCheck insanity_level;
--
-   /**
-    * Number of worker daemons
-    */
-@@ -1490,6 +1484,12 @@ struct MHD_Daemon
-   MHD_mutex_ cleanup_connection_mutex;
- #endif
- 
-+  /**
-+   * Our #MHD_OPTION_SERVER_INSANITY level, bits indicating
-+   * which sanity checks are off.
-+   */
-+  enum MHD_DisableSanityCheck insanity_level;
-+
-   /**
-    * Listen socket.
-    */
--- 
-2.25.0
-

package/libmicrohttpd/libmicrohttpd.hash

@@ -1,3 +1,3 @@
 # Locally calculated
-sha256 90d0a3d396f96f9bc41eb0f7e8187796049285fabef82604acd4879590977307  libmicrohttpd-0.9.70.tar.gz
-sha256 7399547209438c93f9b90297954698773d4846cea44cde5ca982c84c45952a3b  COPYING
+sha256  e8f445e85faf727b89e9f9590daea4473ae00ead38b237cf1eda55172b89b182  libmicrohttpd-0.9.71.tar.gz
+sha256  7399547209438c93f9b90297954698773d4846cea44cde5ca982c84c45952a3b  COPYING

package/libmicrohttpd/libmicrohttpd.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBMICROHTTPD_VERSION = 0.9.70
+LIBMICROHTTPD_VERSION = 0.9.71
 LIBMICROHTTPD_SITE = $(BR2_GNU_MIRROR)/libmicrohttpd
 LIBMICROHTTPD_LICENSE_FILES = COPYING
 LIBMICROHTTPD_INSTALL_STAGING = YES

package/libnss/0001-fix-old-abi-ppc.patch

@@ -0,0 +1,40 @@
+From a7a862bab5e4aae4615ddae3cbe230345f92ed0d Mon Sep 17 00:00:00 2001
+From: Lauri Kasanen <cand@gmx.com>
+Date: Mon, 1 Jun 2020 12:11:45 +0300
+Subject: [PATCH v3] Bug 1642174 /usr/bin/ld: OBJS/Linux_SINGLE_SHLIB/sha512-p8.o:
+ ABI version 2 is not compatible with ABI version 1 output
+
+Don't try to build the SHA-2 accelerated asm on old-ABI ppc.
+
+Currently make only, I don't have enough gyp-fu to do that side.
+However, the reporters of 1642174 and 1635625 both used make, not gyp.
+
+Signed-off-by: Lauri Kasanen <cand@gmx.com>
+[Fetch-from: https://bugzilla.mozilla.org/show_bug.cgi?id=1642174
+ Manually modified paths to apply to nss subdirectory in release tarball.]
+Signed-off-by: Joseph Kogut <joseph.kogut@gmail.com>
+---
+ lib/freebl/Makefile | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/nss/lib/freebl/Makefile b/nss/lib/freebl/Makefile
+index 5f7384429..e0461c7d3 100644
+--- a/nss/lib/freebl/Makefile
++++ b/nss/lib/freebl/Makefile
+@@ -267,9 +267,12 @@ ifeq ($(CPU_ARCH),arm)
+ endif
+ ifeq ($(CPU_ARCH),ppc)
+     EXTRA_SRCS += gcm-ppc.c
+-    ASFILES += sha512-p8.s
+ ifdef USE_64
+     DEFINES += -DNSS_NO_INIT_SUPPORT
++    PPC_ABI := $(shell $(CC) -dM -E - < /dev/null | awk '$$2 == "_CALL_ELF" {print $$3}')
++    ifeq ($(PPC_ABI),2)
++        ASFILES += sha512-p8.s
++    endif
+ endif # USE_64
+ endif # ppc
+ endif # Linux
+--
+2.19.1
+

package/libopenssl/Config.in

@@ -29,7 +29,7 @@ config BR2_PACKAGE_LIBOPENSSL_TARGET_ARCH
 	# no-asm is needed with generic architectures such as
 	# linux-generic{32,64}, see
 	# https://github.com/openssl/openssl/issues/9839
-	default "linux-generic64 no-asm"	if BR2_ARCH_IS_64
+	default "linux-generic64 no-asm"	if BR2_ARCH_IS_64 && !BR2_MIPS_NABI32
 	default "linux-generic32 no-asm"
 
 config BR2_PACKAGE_LIBOPENSSL_BIN

package/libressl/libressl.hash

@@ -1,4 +1,4 @@
 # From https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/SHA256
-sha256 df7b172bf79b957dd27ef36dcaa1fb162562c0e8999e194aa8c1a3df2f15398e  libressl-3.0.2.tar.gz
+sha256  c76b0316acf612ecb62f5cb014a20d972a663bd9e40abf952a86f3b998b69fa0  libressl-3.1.3.tar.gz
 # Locally computed
-sha256 5c63613f008f16a9c0025c096bbd736cecf720494d121b5c5203e0ec6e5955b1  COPYING
+sha256  5c63613f008f16a9c0025c096bbd736cecf720494d121b5c5203e0ec6e5955b1  COPYING

package/libressl/libressl.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBRESSL_VERSION = 3.0.2
+LIBRESSL_VERSION = 3.1.3
 LIBRESSL_SITE = https://ftp.openbsd.org/pub/OpenBSD/LibreSSL
 LIBRESSL_LICENSE = ISC (new additions), OpenSSL or SSLeay (original OpenSSL code)
 LIBRESSL_LICENSE_FILES = COPYING

package/libvncserver/0001-CMakeLists.txt-fix-build-without-C.patch

@@ -1,33 +0,0 @@
-From 868f0a9fa60bb45ee6cf762f323c5b3964b2ee69 Mon Sep 17 00:00:00 2001
-From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-Date: Sun, 23 Jun 2019 10:18:59 +0200
-Subject: [PATCH] CMakeLists.txt: fix build without C++
-
-Specify that libvncserver is a C project file otherwise build will fail
-if no C++ compiler is found by cmake
-
-Fixes:
- - http://autobuild.buildroot.org/results/16aaa4e86a2dbf1acf95f10d5131b0f7b8a3d61a
-
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-[Upstream status: https://github.com/LibVNC/libvncserver/pull/317]
----
- CMakeLists.txt | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 0d3b4dc..ad609ae 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -1,7 +1,7 @@
- cmake_minimum_required(VERSION 3.4)
- cmake_policy(SET CMP0037 NEW)
- 
--project(LibVNCServer)
-+project(LibVNCServer C)
- include(CheckFunctionExists)
- include(CheckSymbolExists)
- include(CheckIncludeFile)
--- 
-2.20.1
-

package/libvncserver/0002-libvnc-client-server-.pc.cmakein-remove-zlib.patch

@@ -1,45 +0,0 @@
-From 5abd95b65fe5ec24749164338a9718ecce19e240 Mon Sep 17 00:00:00 2001
-From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-Date: Fri, 28 Feb 2020 10:29:58 +0100
-Subject: [PATCH] libvnc{client,server}.pc.cmakein: remove zlib
-
-Remove zlib from Requires.private as libvnc can be built without zlib
-thanks to WITH_LIB, zlib will be added to Libs.private thanks to
-PRIVATE_LIBS
-
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-[Upstream status: https://github.com/LibVNC/libvncserver/pull/377]
----
- libvncclient.pc.cmakein | 2 +-
- libvncserver.pc.cmakein | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/libvncclient.pc.cmakein b/libvncclient.pc.cmakein
-index 336e73f..ceeda39 100644
---- a/libvncclient.pc.cmakein
-+++ b/libvncclient.pc.cmakein
-@@ -7,7 +7,7 @@ Name: LibVNCClient
- Description: A library for easy implementation of a VNC client.
- Version: @LibVNCServer_VERSION@
- Requires:
--Requires.private: zlib
-+Requires.private:
- Libs: -L${libdir} -lvncclient
- Libs.private: @PRIVATE_LIBS@
- Cflags: -I${includedir}
-diff --git a/libvncserver.pc.cmakein b/libvncserver.pc.cmakein
-index dfcec9d..33ec668 100644
---- a/libvncserver.pc.cmakein
-+++ b/libvncserver.pc.cmakein
-@@ -7,7 +7,7 @@ Name: LibVNCServer
- Description: A library for easy implementation of a VNC server.
- Version: @LibVNCServer_VERSION@
- Requires:
--Requires.private: zlib
-+Requires.private:
- Libs: -L${libdir} -lvncserver
- Libs.private: @PRIVATE_LIBS@
- Cflags: -I${includedir}
--- 
-2.25.0
-

package/libvncserver/0003-Limit-lenght-to-INT_MAX-bytes-in-rfbProcessFileTransferReadBuffer.patch

@@ -1,47 +0,0 @@
-From 09e8fc02f59f16e2583b34fe1a270c238bd9ffec Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
-Date: Mon, 7 Jan 2019 10:40:01 +0100
-Subject: [PATCH] Limit lenght to INT_MAX bytes in
- rfbProcessFileTransferReadBuffer()
-
-This ammends 15bb719c03cc70f14c36a843dcb16ed69b405707 fix for a heap
-out-of-bound write access in rfbProcessFileTransferReadBuffer() when
-reading a transfered file content in a server. The former fix did not
-work on platforms with a 32-bit int type (expected by rfbReadExact()).
-
-CVE-2018-15127
-<https://github.com/LibVNC/libvncserver/issues/243>
-<https://github.com/LibVNC/libvncserver/issues/273>
-[Retrieved from:
-https://github.com/LibVNC/libvncserver/commit/09e8fc02f59f16e2583b34fe1a270c238bd9ffec]
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
----
- libvncserver/rfbserver.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c
-index 7af84906..f2edbeea 100644
---- a/libvncserver/rfbserver.c
-+++ b/libvncserver/rfbserver.c
-@@ -88,6 +88,8 @@
- #include <errno.h>
- /* strftime() */
- #include <time.h>
-+/* INT_MAX */
-+#include <limits.h>
- 
- #ifdef LIBVNCSERVER_WITH_WEBSOCKETS
- #include "rfbssl.h"
-@@ -1472,8 +1474,11 @@ char *rfbProcessFileTransferReadBuffer(rfbClientPtr cl, uint32_t length)
-        0XFFFFFFFF, i.e. SIZE_MAX for 32-bit systems. On 64-bit systems, a length of 0XFFFFFFFF
-        will safely be allocated since this check will never trigger and malloc() can digest length+1
-        without problems as length is a uint32_t.
-+       We also later pass length to rfbReadExact() that expects a signed int type and
-+       that might wrap on platforms with a 32-bit int type if length is bigger
-+       than 0X7FFFFFFF.
-     */
--    if(length == SIZE_MAX) {
-+    if(length == SIZE_MAX || length > INT_MAX) {
- 	rfbErr("rfbProcessFileTransferReadBuffer: too big file transfer length requested: %u", (unsigned int)length);
- 	rfbCloseClient(cl);
- 	return NULL;

package/libvncserver/0004-rfbserver-don-t-leak-stack-memory-to-the-remote.patch

@@ -1,26 +0,0 @@
-From d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a Mon Sep 17 00:00:00 2001
-From: Christian Beier <dontmind@freeshell.org>
-Date: Mon, 19 Aug 2019 22:32:25 +0200
-Subject: [PATCH] rfbserver: don't leak stack memory to the remote
-
-Thanks go to Pavel Cheremushkin of Kaspersky for reporting.
-[Retrieved from:
-https://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a]
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
----
- libvncserver/rfbserver.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c
-index 3bacc891..310e5487 100644
---- a/libvncserver/rfbserver.c
-+++ b/libvncserver/rfbserver.c
-@@ -3724,6 +3724,8 @@ rfbSendServerCutText(rfbScreenInfoPtr rfbScreen,char *str, int len)
-     rfbServerCutTextMsg sct;
-     rfbClientIteratorPtr iterator;
- 
-+    memset((char *)&sct, 0, sizeof(sct));
-+
-     iterator = rfbGetClientIterator(rfbScreen);
-     while ((cl = rfbClientIteratorNext(iterator)) != NULL) {
-         sct.type = rfbServerCutText;

package/libvncserver/0005-CMakeLists.txt-don-t-build-tight.c-without-png-or-zl.patch

@@ -1,54 +0,0 @@
-From 8f58a9d9f35e6b893b54b399be357bc789f6e630 Mon Sep 17 00:00:00 2001
-From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-Date: Sun, 8 Mar 2020 10:36:57 +0100
-Subject: [PATCH] CMakeLists.txt: don't build tight.c without png or zlib
-
-If the user enables JPEG and disable PNG and ZLIB, build will fail on:
-
-[ 42%] Building C object CMakeFiles/vncserver.dir/libvncserver/ws_decode.c.o
-/nvmedata/autobuild/instance-3/output-1/build/libvncserver-0.9.12/libvncserver/tight.c: In function 'rfbSendRectEncodingTight':
-/nvmedata/autobuild/instance-3/output-1/build/libvncserver-0.9.12/libvncserver/tight.c:276:7: error: 'struct _rfbClientRec' has no member named 'tightEncoding'
-     cl->tightEncoding = rfbEncodingTight;
-       ^~
-/nvmedata/autobuild/instance-3/output-1/build/libvncserver-0.9.12/libvncserver/tight.c: In function 'rfbSendRectEncodingTightPng':
-/nvmedata/autobuild/instance-3/output-1/build/libvncserver-0.9.12/libvncserver/tight.c:287:7: error: 'struct _rfbClientRec' has no member named 'tightEncoding'
-     cl->tightEncoding = rfbEncodingTightPng;
-       ^~
-/nvmedata/autobuild/instance-3/output-1/build/libvncserver-0.9.12/libvncserver/tight.c: In function 'SendRectEncodingTight':
-/nvmedata/autobuild/instance-3/output-1/build/libvncserver-0.9.12/libvncserver/tight.c:307:23: error: 'struct _rfbClientRec' has no member named 'tightCompressLevel'
-     compressLevel = cl->tightCompressLevel;
-                       ^~
-/nvmedata/autobuild/instance-3/output-1/build/libvncserver-0.9.12/libvncserver/tight.c:308:22: error: 'struct _rfbClientRec' has no member named 'turboQualityLevel'
-     qualityLevel = cl->turboQualityLevel;
-                      ^~
-/nvmedata/autobuild/instance-3/output-1/build/libvncserver-0.9.12/libvncserver/tight.c:309:22: error: 'struct _rfbClientRec' has no member named 'turboSubsampLevel'
-     subsampLevel = cl->turboSubsampLevel;
-                      ^~
-
-Fixes:
- - http://autobuild.buildroot.org/results/bcc701055dd5876005fa6f78f38500399394cd75
-
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-[Upstream status: https://github.com/LibVNC/libvncserver/pull/380]
----
- CMakeLists.txt | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 2a2cb15..b8bc9e2 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -425,7 +425,9 @@ endif()
- if(JPEG_FOUND)
-   add_definitions(-DLIBVNCSERVER_HAVE_LIBJPEG)
-   include_directories(${JPEG_INCLUDE_DIR})
--  set(TIGHT_C ${LIBVNCSERVER_DIR}/tight.c ${COMMON_DIR}/turbojpeg.c)
-+  if(PNG_FOUND OR ZLIB_FOUND)
-+    set(TIGHT_C ${LIBVNCSERVER_DIR}/tight.c ${COMMON_DIR}/turbojpeg.c)
-+  endif(PNG_FOUND OR ZLIB_FOUND)
- endif(JPEG_FOUND)
- 
- if(PNG_FOUND)
--- 
-2.25.0
-

package/libvncserver/0006-libvncclient-cursor-limit-width-height-input-values.patch

@@ -1,40 +0,0 @@
-From 54220248886b5001fbbb9fa73c4e1a2cb9413fed Mon Sep 17 00:00:00 2001
-From: Christian Beier <dontmind@freeshell.org>
-Date: Sun, 17 Nov 2019 17:18:35 +0100
-Subject: [PATCH] libvncclient/cursor: limit width/height input values
-
-Avoids a possible heap overflow reported by Pavel Cheremushkin
-<Pavel.Cheremushkin@kaspersky.com>.
-
-re #275
-
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-[Retrieved from:
-https://github.com/LibVNC/libvncserver/commit/54220248886b5001fbbb9fa73c4e1a2cb9413fed]
----
- libvncclient/cursor.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/libvncclient/cursor.c b/libvncclient/cursor.c
-index 67f45726..40ffb3b0 100644
---- a/libvncclient/cursor.c
-+++ b/libvncclient/cursor.c
-@@ -28,6 +28,8 @@
- #define OPER_SAVE     0
- #define OPER_RESTORE  1
- 
-+#define MAX_CURSOR_SIZE 1024
-+
- #define RGB24_TO_PIXEL(bpp,r,g,b)                                       \
-    ((((uint##bpp##_t)(r) & 0xFF) * client->format.redMax + 127) / 255             \
-     << client->format.redShift |                                              \
-@@ -54,6 +56,9 @@ rfbBool HandleCursorShape(rfbClient* client,int xhot, int yhot, int width, int h
-   if (width * height == 0)
-     return TRUE;
- 
-+  if (width >= MAX_CURSOR_SIZE || height >= MAX_CURSOR_SIZE)
-+    return FALSE;
-+
-   /* Allocate memory for pixel data and temporary mask data. */
-   if(client->rcSource)
-     free(client->rcSource);

package/libvncserver/libvncserver.hash

@@ -1,3 +1,3 @@
 # Locally computed:
-sha256  33cbbb4e15bb390f723c311b323cef4a43bcf781984f92d92adda3243a116136  LibVNCServer-0.9.12.tar.gz
+sha256  0ae5bb9175dc0a602fe85c1cf591ac47ee5247b87f2bf164c16b05f87cbfa81a  LibVNCServer-0.9.13.tar.gz
 sha256  4d23c8c814e5baf007d854f01d8502e77dc56a41144934e003fb32c4e052d20f  COPYING

package/libvncserver/libvncserver.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBVNCSERVER_VERSION = 0.9.12
+LIBVNCSERVER_VERSION = 0.9.13
 LIBVNCSERVER_SOURCE = LibVNCServer-$(LIBVNCSERVER_VERSION).tar.gz
 LIBVNCSERVER_SITE = https://github.com/LibVNC/libvncserver/archive
 LIBVNCSERVER_LICENSE = GPL-2.0+
@@ -13,18 +13,10 @@ LIBVNCSERVER_INSTALL_STAGING = YES
 LIBVNCSERVER_DEPENDENCIES = host-pkgconf lzo
 LIBVNCSERVER_CONF_OPTS = -DWITH_LZO=ON
 
-# 0003-Limit-lenght-to-INT_MAX-bytes-in-rfbProcessFileTransferReadBuffer.patch
-LIBVNCSERVER_IGNORE_CVES += CVE-2018-20750
-
-# 0004-rfbserver-don-t-leak-stack-memory-to-the-remote.patch
-LIBVNCSERVER_IGNORE_CVES += CVE-2019-15681
-
-# 0006-libvncclient-cursor-limit-width-height-input-values.patch
-LIBVNCSERVER_IGNORE_CVES += CVE-2019-20788
-
 # only used for examples
 LIBVNCSERVER_CONF_OPTS += \
 	-DWITH_FFMPEG=OFF \
+	-DWITH_GTK=OFF \
 	-DWITH_SDL=OFF
 
 ifneq ($(BR2_TOOLCHAIN_HAS_THREADS),y)

package/libxml2/libxml2.mk

@@ -49,6 +49,11 @@ else
 LIBXML2_CONF_OPTS += --without-iconv
 endif
 
+define LIBXML2_CLEANUP_XML2CONF
+	rm -f $(TARGET_DIR)/usr/lib/xml2Conf.sh
+endef
+LIBXML2_POST_INSTALL_TARGET_HOOKS += LIBXML2_CLEANUP_XML2CONF
+
 $(eval $(autotools-package))
 $(eval $(host-autotools-package))
 

package/libxmlrpc/libxmlrpc.mk

@@ -39,6 +39,13 @@ ifeq ($(BR2_STATIC_LIBS),y)
 LIBXMLRPC_STATIC_OPTS = SHARED_LIB_TYPE=NONE MUST_BUILD_SHLIB=N
 endif
 
+ifeq ($(BR2_PACKAGE_OPENSSL),y)
+LIBXMLRPC_DEPENDENCIES += host-pkgconf openssl
+LIBXMLRPC_CONF_OPTS += --enable-abyss-openssl
+else
+LIBXMLRPC_CONF_OPTS += --disable-abyss-openssl
+endif
+
 LIBXMLRPC_MAKE_OPTS += $(LIBXMLRPC_STATIC_OPTS)
 LIBXMLRPC_INSTALL_STAGING_OPTS = $(LIBXMLRPC_STATIC_OPTS) \
 	DESTDIR=$(STAGING_DIR) install