Update for 2017.02.8

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

CHANGES

@@ -1,3 +1,211 @@
+2017.02.8, Released November 27th, 2017
+
+	Important / security related fixes.
+
+	Qt: 5.6 version updated to 5.6.3.
+
+	Reproducible: Do not override SOURCE_DATE_EPOCH if already set
+	in the environment.
+
+	Updated/fixed packages: apr, apr-util, arqp-standalone,
+	collectd, dvb-apps, ffmpeg, google-breakpad, gstreamer,
+	imagemagick, libfastjson, libglib2, libpjsip, libplist,
+	localedef, luajit, mesa3d, openssh, openssl, postgresql,
+	python3, python-pyqt5, qt5base, qt5canvas3d, qt5connectivity,
+	qt5declarative, qt5engineio, qt5graphicaleffects,
+	qt5imageformats, qt5location, qt5multimedia, qt5quickcontrols,
+	qt5quickcontrols2, qt5script, qt5sensors, qt5serialbus,
+	qt5serialport, qt5svg, qt5tools, qt5webchannel, qt5webkit,
+	qt5websockets, qt5x11extras, qt5xmlpatterns, quagga, ruby,
+	samba4, snmppp, ti-gfx, vboot-utils, webkitgtk, wireshark,
+	xapp_xdriinfo.
+
+	Issues resolved (http://bugs.buildroot.org):
+
+	10326: mesa3d package fails to build when BR2_SHARED_STATIC_LIBS=y
+	10361: python3 python-config script generates invalid includes
+	10501: host-localedef fails to compile on Ubuntu 17.10
+
+2017.02.7, Released October 28th, 2017
+
+	Important / security related fixes.
+
+	Webkitgtk bumped to the 2.18.x series, fixing a large number
+	of security issues.
+
+	Defconfigs: wandboard: Correct rootfs offset
+
+	Toolchain: Linaro toolchains updated to 2017.08 release,
+	fixing a number of issues. Musl: fix for CVE-2017-15650.
+
+	Updated/fixed packages: busybox, bzip2, dnsmasq, git, go,
+	hostapd, irssi, iucode-tool, lame, libcurl, libffi, libnspr,
+	libnss, nodejs, openssh, openvpn, qemu, qt, redis, sdl2,
+	webkitgtk, wget, wpa_supplicant, xen, xlib_libXfont,
+	xlib_libXfont2, xserver_xorg-server
+
+2017.02.6, Released September 24th, 2017
+
+	Important / security related fixes.
+
+	Cmake: Ensure correct pkg-config is used when building host
+	packages
+
+	fs/iso9660: Ensure files from earlier builds are not included.
+
+	Updated/fixed packages: apache, bcusdk, bind, binutils,
+	bluez5_utils, botan, cmake, connman, dbus, dialog, e2fsprogs,
+	faad2, fakeroot, ffmpeg, file, flashrom, gcc, gd, gdb,
+	gdk-pixbuf, git, gnupg, gpsd, grub2, gst1-plugins-bad,
+	imagemagick, iostat, iucode-tool, jack2, libarchive, libcurl,
+	libgcrypt, libidn, libphidget, librsync, librsvg, libsoup,
+	libxml2, linux-tools, lua, mariadb, mbedtls, mediastreamer,
+	minidlna, netplug, nss-pam-ldapd, nvidia-driver, openjpeg,
+	postgresql, proxychains-ng, python-libconfig,
+	python-service-identity, qt, rpcbind, ruby, samba4, squashfs,
+	squid, strongswan, subversion, supervisor, sysvinit, tcpdump,
+	tor, transmission, unrar, valgrind, vim, webkitgtk, whois,
+	xen, zmqpp
+
+	Issues resolved (http://bugs.buildroot.org):
+
+	#10141: Squashfs extended attribute failures
+	#10261: Grub2 fails to build for x86_64
+	#10276: BR2_PACKAGE_LINUX_TOOLS_GPIO fails for MIPS with...
+
+2017.02.5, Released July 27th, 2017
+
+	Important / security related fixes.
+
+	Webkitgtk bumped to the 2.16.x series, fixing a large number
+	of security issues.
+
+	host-aespipe compile fix for Debian/Gentoo/Ubuntu toolchains
+	which default to PIE mode.
+
+	Updated/fixed packages: aespipe, apache, bind, binutils,
+	ccache, collectd, efibootmgr, efivar, expat, ffmpeg, gcc,
+	heimdal, iproute2, irssi, libglib2, libmemcached, libosip2,
+	libtirpc, libxml-parser-perl, linux-fusion, linux-zigbee,
+	mpg123, nodejs, orc, pcre, php, pulseaudio,
+	python-setproctitle, qt5base, rpi-firmware, samba4, syslinux,
+	systemd, spice, tiff, webkitgtk, x265, xen,
+	xserver_xorg-server, xvisor
+
+	Issues resolved (http://bugs.buildroot.org):
+
+	#10061: gcc5.4 buildroot toolchain for powerpc libsanitizer...
+
+2017.02.4, Released July 4th, 2017
+
+	Important / security related fixes.
+
+	Update support/scripts/scancpan to use METACPAN v1 API as v0
+	has been shutdown.
+
+	Update support/scripts/mkusers to handle setups where
+	/etc/shadow is a symlink.
+
+	External toolchain: Don't create musl dynamic loader symlink
+	for static builds.
+
+	Setlocalversion: Correct detection of mercurial revisions for
+	non-tagged versions.
+
+	Updated/fixed packages: apache, automake, bind, botan, c-ares,
+	dhcp, expat, fcgiwrap, gcc, gdb, gesftpserver, glibc, gnutls,
+	gst1-plugins-bad, imagemagick, imx-uuc, intltool, iperf,
+	ipsec-tools, irssi, libgcrypt, libmad, libnl, mosquitto,
+	mpg123, ncurses, nodejs, ntp, openssh, openvpn, qt5base,
+	qt5multimedia, rtl8821au, socat, spice, systemd, tor, tslib,
+	vlc, x264, xserver_xorg-server
+
+	Issues resolved (http://bugs.buildroot.org):
+
+	#9976: License file for package 'rtl8821au' incorrect
+
+2017.02.3, Released June 2nd, 2017
+
+	Important / security related fixes.
+
+	Download: <pkg>-source-check fixed for packages from git.
+
+	External toolchain: musl dynamic linker symlink for mips-sf
+	corrected.
+
+	Updated/fixed packages: armadillo, audiofile, bash,
+	bluez_utils, cppcms, dbus, dhcp, dropbear, efibootmgr, efl,
+	elfutils, faketime, fbgrab, flashrom, ftop, gdb, git,
+	google-breakpad, gpsd, hans, kvm-unit-tests, kyua, libev,
+	libmicrohttpd, libminiupnpc, libtasn1, libubox, ltp-testsuite,
+	lua, madplay, mariadb, mono, mosquitto, mxml, ntp,
+	nvidia-driver, openblas, openvpn, oracle-mysql, picocom, popt,
+	postgresql, pulseview, qt5base, qwt, rabbitmq-c, redis,
+	rpcbind, rtmpdump, samba4, strongswan, sudo, vlc
+
+	Issues resolved (http://bugs.buildroot.org):
+
+	#9796: source-check broken for Git downloads
+	#9871: fbgrab 1.3 won't build with BR2_REPRODUCIBLE set
+
+2017.02.2, Released May 1st, 2017
+
+	Important / security related fixes.
+
+	Use HTTPS for the Codesourcery external toolchains as the HTTP
+	URLs no longer work.
+
+	Updated/fixed packages: bind, busybox, dovecot, freetype,
+	ghostscript, glibc, granite, hiredis, icu, imagemagick,
+	gst-plugins-base, gst1-plugins-base, libcroco, libcurl, libnl,
+	libnspr, libnss, libsamplerate, libsndfile, libunwind,
+	minicom, mplayer, mpv, nodejs, python-django, python-pyyaml,
+	python-web2py, samba4, syslinux, systemd, tiff, trinity,
+	uboot, wireshark, xen
+
+	Issues resolved (http://bugs.buildroot.org):
+
+	#9791: Python searches for packages in the user site directory
+
+2017.02.1, Released April 4th, 2017
+
+	Important / security related fixes.
+
+	Fix a variable clashing issue in the mkusers script with
+	internal bash variables.
+
+	Improve external toolchain version detection.
+
+	Correct permissions for /dev/pts/ptmx when systemd is used
+	with recent glibc versions.
+
+	Fix python module name clash for graph-depends.
+
+	Fakeroot now links against libacl to fix issues on
+	distributions using acls.
+
+	Ensure that the git download infrastructure creates GNU format
+	tar files.
+
+	br2-external: Improve error reporting.
+
+	Updated/fixed packages: acl, apr, audiofile, busybox, cairo,
+	dbus-cpp, dbus-glib, dbus-triggerd, domoticz, elfutils,
+	fakeroot, filemq, fmc, gdb, git, gnutls, gst-ffmpeg,
+	gst1-plygins-bad, harfbuzz, htop, imagemagick, jasper, libcec,
+	libiio, libplatform, librsvg, libselinux, libsidplay2, libsoc,
+	libwebsockets, libxkbcommon, linux-firmware, logrotate,
+	lpt-testsuite, lttng-libust, mariadb, mbedtls, memcached,
+	mesa3d, mpd, mplayer, nbd, ncftp, ntp, openssh, opentyrian,
+	pcre, perl-gd, python, qt5base, rpi-userland, rpm, samba4,
+	skalibs, slang, sngrep, squashfs, syslog-ng, taglib,
+	tcpreplay, tor, upmpdcli, wget, wireshark,
+	xdriver_xf86-video-vmware, xlib_libXv, zmqpp
+
+	Issues resolved (http://bugs.buildroot.org):
+
+	#9456: mkusers script bash errors
+
 2017.02, Released February 28th, 2017
 
 	Minor fixes, mainly fixing autobuilder issues.

Config.in

@@ -57,6 +57,11 @@ config BR2_HOST_GCC_AT_LEAST_6
 	default y if BR2_HOST_GCC_VERSION = "6"
 	select BR2_HOST_GCC_AT_LEAST_5
 
+config BR2_HOST_GCC_AT_LEAST_7
+	bool
+	default y if BR2_HOST_GCC_VERSION = "7"
+	select BR2_HOST_GCC_AT_LEAST_6
+
 # Hidden boolean selected by packages in need of Java in order to build
 # (example: xbmc)
 config BR2_NEEDS_HOST_JAVA
@@ -462,7 +467,7 @@ choice
 config BR2_OPTIMIZE_0
 	bool "optimization level 0"
 	help
-	  Do not optimize. This is the default.
+	  Do not optimize.
 
 config BR2_OPTIMIZE_1
 	bool "optimization level 1"
@@ -529,6 +534,7 @@ config BR2_OPTIMIZE_S
 	  -falign-loops -falign-labels -freorder-blocks
 	  -freorder-blocks-and-partition -fprefetch-loop-arrays
 	  -ftree-vect-loop-version
+	  This is the default.
 
 endchoice
 

Config.in.legacy

@@ -143,8 +143,42 @@ comment "----------------------------------------------------"
 endif
 
 ###############################################################################
+
 comment "Legacy options removed in 2017.02"
 
+config BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_WEBRTC
+	bool "gst1-plugins-bad webrtc renamed to webrtcdsp"
+	select BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_WEBRTCDSP
+	select BR2_LEGACY
+	help
+	  The WebRTC plugin in GStreamer 1.x has always been named
+	  webrtcdsp, but was wrongly introduced in Buildroot under the
+	  name webrtc. Therefore, we have renamed the option to match
+	  the actual name of the GStreamer plugin.
+
+config BR2_PACKAGE_SPICE_CLIENT
+	bool "spice client support removed"
+	select BR2_LEGACY
+	help
+	  Spice client support has been removed upstream. The
+	  functionality now lives in the spice-gtk widget and
+	  virt-viewer.
+
+config BR2_PACKAGE_SPICE_GUI
+	bool "spice gui support removed"
+	select BR2_LEGACY
+	help
+	  Spice gui support has been removed upstream. The
+	  functionality now lives in the spice-gtk widget and
+	  virt-viewer.
+
+config BR2_PACKAGE_SPICE_TUNNEL
+	bool "spice network redirection removed"
+	select BR2_LEGACY
+	help
+	  Spice network redirection, aka tunnelling has been removed
+	  upstream.
+
 config BR2_PACKAGE_PERL_DB_FILE
 	bool "perl-db-file removed"
 	select BR2_LEGACY

Makefile

@@ -86,9 +86,9 @@ else # umask / $(CURDIR) / $(O)
 all:
 
 # Set and export the version string
-export BR2_VERSION := 2017.02
+export BR2_VERSION := 2017.02.8
 # Actual time the release is cut (for reproducible builds)
-BR2_VERSION_EPOCH = 1488315000
+BR2_VERSION_EPOCH = 1511823000
 
 # Save running make version since it's clobbered by the make package
 RUNNING_MAKE_VERSION := $(MAKE_VERSION)
@@ -253,7 +253,7 @@ export LANG = C
 export LC_ALL = C
 export GZIP = -n
 BR2_VERSION_GIT_EPOCH = $(shell GIT_DIR=$(TOPDIR)/.git $(GIT) log -1 --format=%at)
-export SOURCE_DATE_EPOCH = $(if $(wildcard $(TOPDIR)/.git),$(BR2_VERSION_GIT_EPOCH),$(BR2_VERSION_EPOCH))
+export SOURCE_DATE_EPOCH ?= $(if $(wildcard $(TOPDIR)/.git),$(BR2_VERSION_GIT_EPOCH),$(BR2_VERSION_EPOCH))
 DEPENDENCIES_HOST_PREREQ += host-fakedate
 endif
 
@@ -481,6 +481,8 @@ include Makefile.legacy
 include package/Makefile.in
 include support/dependencies/dependencies.mk
 
+PACKAGES += $(DEPENDENCIES_HOST_PREREQ)
+
 include toolchain/*.mk
 include toolchain/*/*.mk
 

arch/Config.in.arm

@@ -534,15 +534,9 @@ config BR2_GCC_TARGET_CPU
 	default "strongarm"	if BR2_strongarm
 	default "xscale"	if BR2_xscale
 	default "iwmmxt"	if BR2_iwmmxt
-	default "cortex-a53"		if (BR2_cortex_a53 && !BR2_ARCH_IS_64)
-	default "cortex-a53+fp"		if (BR2_cortex_a53 && BR2_ARCH_IS_64 && BR2_ARM_FPU_FP_ARMV8)
-	default "cortex-a53+fp+simd" 	if (BR2_cortex_a53 && BR2_ARCH_IS_64 && BR2_ARM_FPU_NEON_FP_ARMV8)
-	default "cortex-a57"		if (BR2_cortex_a57 && !BR2_ARCH_IS_64)
-	default "cortex-a57+fp"		if (BR2_cortex_a57 && BR2_ARCH_IS_64 && BR2_ARM_FPU_FP_ARMV8)
-	default "cortex-a57+fp+simd" 	if (BR2_cortex_a57 && BR2_ARCH_IS_64 && BR2_ARM_FPU_NEON_FP_ARMV8)
-	default "cortex-a72"		if (BR2_cortex_a72 && !BR2_ARCH_IS_64)
-	default "cortex-a72+fp"		if (BR2_cortex_a72 && BR2_ARCH_IS_64 && BR2_ARM_FPU_FP_ARMV8)
-	default "cortex-a72+fp+simd" 	if (BR2_cortex_a72 && BR2_ARCH_IS_64 && BR2_ARM_FPU_NEON_FP_ARMV8)
+	default "cortex-a53"	if BR2_cortex_a53
+	default "cortex-a57"	if BR2_cortex_a57
+	default "cortex-a72"	if BR2_cortex_a72
 
 config BR2_GCC_TARGET_ABI
 	default "aapcs-linux"	if BR2_arm || BR2_armeb

board/wandboard/genimage.cfg

@@ -26,6 +26,7 @@ image sdcard.img {
   partition rootfs {
     partition-type = 0x83
     image = "rootfs.ext4"
+    offset = 1M
     size = 512M
   }
 }

boot/grub2/grub2.mk

@@ -53,7 +53,7 @@ GRUB2_CONF_ENV = \
 	$(HOST_CONFIGURE_OPTS) \
 	CPP="$(HOSTCC) -E" \
 	TARGET_CC="$(TARGET_CC)" \
-	TARGET_CFLAGS="$(TARGET_CFLAGS)" \
+	TARGET_CFLAGS="$(TARGET_CFLAGS) -fno-stack-protector" \
 	TARGET_CPPFLAGS="$(TARGET_CPPFLAGS)" \
 	TARGET_LDFLAGS="$(TARGET_LDFLAGS)" \
 	NM="$(TARGET_NM)" \

boot/syslinux/0001-bios-Fix-alignment-change-with-gcc-5.patch

@@ -1,16 +1,19 @@
-commit e5f2b577ded109291c9632dacb6eaa621d8a59fe
-Author: Sylvain Gault <sylvain.gault@gmail.com>
-Date:   Tue Sep 29 02:38:25 2015 +0200
+From da5cbd1a3b248f2d32281a1766a3d1414c0e8e03 Mon Sep 17 00:00:00 2001
+From: Sylvain Gault <sylvain.gault@gmail.com>
+Date: Tue, 29 Sep 2015 02:38:25 +0200
+Subject: [PATCH] bios: Fix alignment change with gcc 5
 
-    bios: Fix alignment change with gcc 5
-    
-    The section aligment specified in the ld scripts have to be greater or
-    equal to those in the .o files generated by gcc.
-    
-    Signed-off-by: Sylvain Gault <sylvain.gault@gmail.com>
-    Tested-by: poma <pomidorabelisima@gmail.com>
-    Signed-off-by: Paulo Alcantara <pcacjr@zytor.com>
-    Signed-off-by: Frank Hunleth <fhunleth@troodon-software.com>
+The section aligment specified in the ld scripts have to be greater or
+equal to those in the .o files generated by gcc.
+
+Signed-off-by: Sylvain Gault <sylvain.gault@gmail.com>
+Tested-by: poma <pomidorabelisima@gmail.com>
+Signed-off-by: Paulo Alcantara <pcacjr@zytor.com>
+Signed-off-by: Frank Hunleth <fhunleth@troodon-software.com>
+---
+ core/i386/syslinux.ld   | 6 +++---
+ core/x86_64/syslinux.ld | 6 +++---
+ 2 files changed, 6 insertions(+), 6 deletions(-)
 
 diff --git a/core/i386/syslinux.ld b/core/i386/syslinux.ld
 index 7b4e012..7390451 100644
@@ -74,3 +77,6 @@ index 1057112..bf815c4 100644
  	__bss_vma = .;
  	__bss_lma = .;		/* Dummy */
  	.bss (NOLOAD) : AT (__bss_lma) {
+-- 
+2.7.4
+

boot/syslinux/0002-Disable-PIE-to-avoid-FTBFS-on-amd64.patch

@@ -0,0 +1,30 @@
+From 250bf2c921713434627dc7bc8b0918fa0841f9b7 Mon Sep 17 00:00:00 2001
+From: Graham Inggs <ginggs@ubuntu.com>
+Date: Wed, 5 Apr 2017 22:03:12 +0200
+Subject: [PATCH] Disable PIE to avoid FTBFS on amd64
+
+gcc 6.x has PIE support enabled by default, which causes a build issue
+with syslinux. This patch disables PIE support in the relevant
+syslinux Makefile.
+
+Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
+---
+ gpxe/src/Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gpxe/src/Makefile b/gpxe/src/Makefile
+index cc91d78..077af64 100644
+--- a/gpxe/src/Makefile
++++ b/gpxe/src/Makefile
+@@ -4,7 +4,7 @@
+ #
+ 
+ CLEANUP		:=
+-CFLAGS		:=
++CFLAGS		:= -fno-PIE
+ ASFLAGS		:=
+ LDFLAGS		:=
+ MAKEDEPS	:= Makefile
+-- 
+2.7.4
+

boot/syslinux/0002-disable-pie.patch

@@ -1,22 +0,0 @@
-Description: Disable PIE to avoid FTBFS on amd64
-Bug-Ubuntu: https://bugs.launchpad.net/bugs/1579023
-Author: Graham Inggs <ginggs@ubuntu.com>
-Last-Update: 2016-05-06
-
-gcc 6.x has PIE support enabled by default, which causes a build issue
-with syslinux. This patch disables PIE support in the relevant
-syslinux Makefile.
-
-Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
-
---- a/gpxe/src/Makefile
-+++ b/gpxe/src/Makefile
-@@ -4,7 +4,7 @@
- #
-
- CLEANUP		:=
--CFLAGS		:=
-+CFLAGS		:= -fno-PIE
- ASFLAGS		:=
- LDFLAGS		:=
- MAKEDEPS	:= Makefile

boot/syslinux/0003-Fix-ldlinux.elf-Not-enough-room-for-program-headers-.patch

@@ -0,0 +1,35 @@
+From 61de7762389d460da7ffdd644f50c60175cce23b Mon Sep 17 00:00:00 2001
+From: Steve McIntyre <93sam@debian.org>
+Date: Wed, 5 Apr 2017 22:09:37 +0200
+Subject: [PATCH] Fix 'ldlinux.elf: Not enough room for program headers, try
+ linking with -N'
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix for https://bugs.debian.org/846679: syslinux: FTBFS: ld:
+ldlinux.elf: Not enough room for program headers, try linking with -N
+
+https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=846679;filename=syslinux_6.03%2Bdfsg-14.1.debdiff;msg=10
+
+Signed-off-by: Benoît Allard <benoit.allard@greenbone.net>
+---
+ core/Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/core/Makefile b/core/Makefile
+index ad0acb5..58a3545 100644
+--- a/core/Makefile
++++ b/core/Makefile
+@@ -165,7 +165,7 @@ LDSCRIPT = $(SRC)/$(ARCH)/syslinux.ld
+ 
+ %.elf: %.o $(LIBDEP) $(LDSCRIPT) $(AUXLIBS)
+ 	$(LD) $(LDFLAGS) -Bsymbolic $(LD_PIE) -E --hash-style=gnu -T $(LDSCRIPT) -M -o $@ $< \
+-		--start-group $(LIBS) $(subst $(*F).elf,lib$(*F).a,$@) --end-group \
++		--start-group $(LIBS) $(subst $(*F).elf,lib$(*F).a,$@) --end-group --no-dynamic-linker \
+ 		> $(@:.elf=.map)
+ 	$(OBJDUMP) -h $@ > $(@:.elf=.sec)
+ 	$(PERL) $(SRC)/lstadjust.pl $(@:.elf=.lsr) $(@:.elf=.sec) $(@:.elf=.lst)
+-- 
+2.7.4
+

boot/syslinux/0004-memdisk-Force-ld-output-format-to-32-bits.patch

@@ -0,0 +1,32 @@
+From c0287594239d5af2082cac20817f8e8b11a4b1b2 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Beno=C3=AEt=20Allard?= <benoit.allard@greenbone.net>
+Date: Wed, 5 Apr 2017 14:18:09 +0200
+Subject: [PATCH] memdisk: Force ld output format to 32-bits
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+On toolchains where the default output is x86_64, we need to be
+consistent with the other .o files
+
+Signed-off-by: Benoît Allard <benoit.allard@greenbone.net>
+---
+ memdisk/Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/memdisk/Makefile b/memdisk/Makefile
+index e6557d8..06613ff 100644
+--- a/memdisk/Makefile
++++ b/memdisk/Makefile
+@@ -78,7 +78,7 @@ memdisk16.o: memdisk16.asm
+ 	$(NASM) -f bin $(NASMOPT) $(NFLAGS) $(NINCLUDE) -o $@ -l $*.lst $<
+ 
+ memdisk_%.o: memdisk_%.bin
+-	$(LD) -r -b binary -o $@ $<
++	$(LD) --oformat elf32-i386 -r -b binary -o $@ $<
+ 
+ memdisk16.elf: $(OBJS16)
+ 	$(LD) -Ttext 0 -o $@ $^
+-- 
+2.7.4
+

boot/syslinux/0005-utils-Use-the-host-toolchain-to-build.patch

@@ -0,0 +1,60 @@
+From e000251144056c99e390a2a4449d06cbd2a19c0a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Beno=C3=AEt=20Allard?= <benoit.allard@greenbone.net>
+Date: Wed, 5 Apr 2017 14:25:02 +0200
+Subject: [PATCH] utils: Use the host toolchain to build.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The utilities are meant to run on the host machine, hence must be built using
+the host toolchain.
+
+Signed-off-by: Benoît Allard <benoit.allard@greenbone.net>
+---
+ utils/Makefile | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/utils/Makefile b/utils/Makefile
+index dfe6259..ac91aaa 100644
+--- a/utils/Makefile
++++ b/utils/Makefile
+@@ -17,8 +17,8 @@
+ VPATH = $(SRC)
+ include $(MAKEDIR)/syslinux.mk
+ 
+-CFLAGS   = $(GCCWARN) -Os -fomit-frame-pointer -D_FILE_OFFSET_BITS=64 -I$(SRC)
+-LDFLAGS  = -O2
++CFLAGS   = $(CFLAGS_FOR_BUILD) $(GCCWARN) -Os -fomit-frame-pointer -D_FILE_OFFSET_BITS=64 -I$(SRC)
++LDFLAGS  = $(LDFLAGS_FOR_BUILD) -O2
+ 
+ C_TARGETS	 = isohybrid gethostip memdiskfind
+ SCRIPT_TARGETS	 = mkdiskimage
+@@ -35,7 +35,7 @@ ISOHDPFX = $(addprefix $(OBJ)/,../mbr/isohdpfx.bin ../mbr/isohdpfx_f.bin \
+ all: $(TARGETS)
+ 
+ %.o: %.c
+-	$(CC) $(UMAKEDEPS) $(CFLAGS) -c -o $@ $<
++	$(CC_FOR_BUILD) $(UMAKEDEPS) $(CFLAGS) -c -o $@ $<
+ 
+ mkdiskimage: mkdiskimage.in ../mbr/mbr.bin bin2hex.pl
+ 	$(PERL) $(SRC)/bin2hex.pl < $(OBJ)/../mbr/mbr.bin | cat $(SRC)/mkdiskimage.in - > $@
+@@ -51,13 +51,13 @@ isohdpfx.c: $(ISOHDPFX) isohdpfxarray.pl
+ 	$(PERL) $(SRC)/isohdpfxarray.pl $(ISOHDPFX) > $@
+ 
+ isohybrid: isohybrid.o isohdpfx.o
+-	$(CC) $(LDFLAGS) -o $@ $^ -luuid
++	$(CC_FOR_BUILD) $(LDFLAGS) -o $@ $^ -luuid
+ 
+ gethostip: gethostip.o
+-	$(CC) $(LDFLAGS) -o $@ $^
++	$(CC_FOR_BUILD) $(LDFLAGS) -o $@ $^
+ 
+ memdiskfind: memdiskfind.o
+-	$(CC) $(LDFLAGS) -o $@ $^
++	$(CC_FOR_BUILD) $(LDFLAGS) -o $@ $^
+ 
+ tidy dist:
+ 	rm -f *.o .*.d isohdpfx.c
+-- 
+2.1.4
+

boot/syslinux/0006-lzo-Use-the-host-toolchain-for-prepcore.patch

@@ -0,0 +1,44 @@
+From 83e1f00990c25554723609bb549e18b987034317 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Beno=C3=AEt=20Allard?= <benoit.allard@greenbone.net>
+Date: Thu, 6 Apr 2017 09:43:46 +0200
+Subject: [PATCH] lzo: Use the host toolchain for prepcore
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Benoît Allard <benoit.allard@greenbone.net>
+---
+ lzo/Makefile | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/lzo/Makefile b/lzo/Makefile
+index 29f1fa6..c016e5a 100644
+--- a/lzo/Makefile
++++ b/lzo/Makefile
+@@ -11,10 +11,13 @@
+ ## -----------------------------------------------------------------------
+ 
+ VPATH = $(SRC)
+-include $(MAKEDIR)/build.mk
++include $(MAKEDIR)/syslinux.mk
+ 
+ INCLUDES += -I$(SRC)/include
+ 
++%.o: %.c
++	$(CC_FOR_BUILD) $(UMAKEDEPS) $(CFLAGS_FOR_BUILD) $(INCLUDES) -c -o $@ $<
++
+ LIBOBJS = $(patsubst %.c,%.o,$(subst $(SRC)/,,$(wildcard $(SRC)/src/*.c)))
+ LIB     = lzo.a
+ BINS    = prepcore
+@@ -30,7 +33,7 @@ $(LIB) : $(LIBOBJS)
+ 	$(RANLIB) $@
+ 
+ prepcore : prepcore.o $(LIB)
+-	$(CC) $(LDFLAGS) -o $@ $^ $(LIBS)
++	$(CC_FOR_BUILD) $(LDFLAGS_FOR_BUILD) -o $@ $^ $(LIBS)
+ 
+ tidy dist clean spotless:
+ 	rm -f $(BINS)
+-- 
+2.1.4
+

boot/syslinux/Config.in

@@ -1,12 +1,13 @@
 config BR2_TARGET_SYSLINUX
 	bool "syslinux"
 	depends on BR2_i386 || BR2_x86_64
-	select BR2_HOSTARCH_NEEDS_IA32_COMPILER
 	# Make sure at least one of the flavors is installed
 	select BR2_TARGET_SYSLINUX_ISOLINUX \
 		if !BR2_TARGET_SYSLINUX_PXELINUX && \
 		   !BR2_TARGET_SYSLINUX_MBR && \
 		   !BR2_TARGET_SYSLINUX_EFI
+	select BR2_PACKAGE_UTIL_LINUX
+	select BR2_PACKAGE_UTIL_LINUX_LIBUUID
 	help
 	  The syslinux bootloader for x86 systems.
 	  This includes: syslinux, pxelinux, extlinux.
@@ -34,6 +35,7 @@ config BR2_TARGET_SYSLINUX_PXELINUX
 
 config BR2_TARGET_SYSLINUX_MBR
 	bool "install mbr"
+	depends on !BR2_TOOLCHAIN_HAS_BINUTILS_BUG_19615
 	select BR2_TARGET_SYSLINUX_LEGACY_BIOS
 	help
 	  Install the legacy-BIOS 'mbr' image, to boot off a

boot/syslinux/syslinux.mk

@@ -13,7 +13,8 @@ SYSLINUX_LICENSE_FILES = COPYING
 
 SYSLINUX_INSTALL_IMAGES = YES
 
-SYSLINUX_DEPENDENCIES = host-nasm host-util-linux host-upx
+# host-util-linux needed to provide libuuid when building host tools
+SYSLINUX_DEPENDENCIES = host-nasm host-upx util-linux host-util-linux
 
 ifeq ($(BR2_TARGET_SYSLINUX_LEGACY_BIOS),y)
 SYSLINUX_TARGET += bios
@@ -51,21 +52,36 @@ SYSLINUX_POST_PATCH_HOOKS += SYSLINUX_CLEANUP
 # and the internal zlib should take precedence so -I shouldn't
 # be used.
 define SYSLINUX_BUILD_CMDS
-	$(TARGET_MAKE_ENV) $(MAKE1) CC="$(HOSTCC) -idirafter $(HOST_DIR)/usr/include $(HOST_LDFLAGS)" \
-		AR="$(HOSTAR)" $(SYSLINUX_EFI_ARGS) -C $(@D) $(SYSLINUX_TARGET)
+	$(TARGET_MAKE_ENV) $(MAKE1) \
+		CC="$(TARGET_CC)" \
+		LD="$(TARGET_LD)" \
+		NASM="$(HOST_DIR)/usr/bin/nasm" \
+		CC_FOR_BUILD="$(HOSTCC)" \
+		CFLAGS_FOR_BUILD="$(HOST_CFLAGS)" \
+		LDFLAGS_FOR_BUILD="$(HOST_LDFLAGS)" \
+            $(SYSLINUX_EFI_ARGS) -C $(@D) $(SYSLINUX_TARGET)
 endef
 
 # While the actual bootloader is compiled for the target, several
 # utilities for installing the bootloader are meant for the host.
 # Repeat the target, otherwise syslinux will try to build everything
-# Repeat CC and AR, since syslinux really wants to check them at
-# install time
+# Repeat LD (and CC) as it happens that some binaries are linked at
+# install-time.
 define SYSLINUX_INSTALL_TARGET_CMDS
-	$(TARGET_MAKE_ENV) $(MAKE1) CC="$(HOSTCC) -idirafter $(HOST_DIR)/usr/include $(HOST_LDFLAGS)" \
-		AR="$(HOSTAR)" $(SYSLINUX_EFI_ARGS) INSTALLROOT=$(HOST_DIR) \
+	$(TARGET_MAKE_ENV) $(MAKE1) $(SYSLINUX_EFI_ARGS) INSTALLROOT=$(HOST_DIR) \
+		CC="$(TARGET_CC)" \
+		LD="$(TARGET_LD)" \
 		-C $(@D) $(SYSLINUX_TARGET) install
 endef
 
+# That 'syslinux' binary is an installer actually built for the target.
+# However, buildroot makes no usage of it, so better delete it than have it
+# installed at the wrong place
+define SYSLINUX_POST_INSTALL_CLEANUP
+	rm -rf $(HOST_DIR)/usr/bin/syslinux
+endef
+SYSLINUX_POST_INSTALL_TARGET_HOOKS += SYSLINUX_POST_INSTALL_CLEANUP
+
 SYSLINUX_IMAGES-$(BR2_TARGET_SYSLINUX_ISOLINUX) += bios/core/isolinux.bin
 SYSLINUX_IMAGES-$(BR2_TARGET_SYSLINUX_PXELINUX) += bios/core/pxelinux.bin
 SYSLINUX_IMAGES-$(BR2_TARGET_SYSLINUX_MBR) += bios/mbr/mbr.bin

boot/uboot/uboot.mk

@@ -293,7 +293,7 @@ endif # UBOOT_BOARD_NAME
 else ifeq ($(BR2_TARGET_UBOOT_BUILD_SYSTEM_KCONFIG),y)
 ifeq ($(BR2_TARGET_UBOOT_USE_DEFCONFIG),y)
 ifeq ($(call qstrip,$(BR2_TARGET_UBOOT_BOARD_DEFCONFIG)),)
-$(error No board defconfig name specified, check your BR2_TARGET_UBOOT_DEFCONFIG setting)
+$(error No board defconfig name specified, check your BR2_TARGET_UBOOT_BOARD_DEFCONFIG setting)
 endif # qstrip BR2_TARGET_UBOOT_BOARD_DEFCONFIG
 endif # BR2_TARGET_UBOOT_USE_DEFCONFIG
 ifeq ($(BR2_TARGET_UBOOT_USE_CUSTOM_CONFIG),y)

docs/manual/adding-packages-generic.txt

@@ -315,7 +315,10 @@ information is (assuming the package name is +libfoo+) :
   ** +local+ for a local source code directory. One should use this
      when +LIBFOO_SITE+ specifies a local directory path containing
      the package source code. Buildroot copies the contents of the
-     source directory into the package's build directory.
+     source directory into the package's build directory. Note that
+     for +local+ packages, no patches are applied. If you need to
+     still patch the source code, use +LIBFOO_POST_RSYNC_HOOKS+, see
+     xref:hooks-rsync[].
 
 * +LIBFOO_GIT_SUBMODULES+ can be set to +YES+ to create an archive
   with the git submodules in the repository.  This is only available

docs/manual/adding-packages-hooks.txt

@@ -59,6 +59,7 @@ endef
 LIBFOO_POST_PATCH_HOOKS += LIBFOO_POST_PATCH_FIXUP
 ----------------------
 
+[[hooks-rsync]]
 ==== Using the +POST_RSYNC+ hook
 The +POST_RSYNC+ hook is run only for packages that use a local source,
 either through the +local+ site method or the +OVERRIDE_SRCDIR+

docs/manual/customize-outside-br.txt

@@ -199,7 +199,7 @@ and to the kernel configuration file as follows (e.g. by running
 ----
 BR2_GLOBAL_PATCH_DIR=$(BR2_EXTERNAL_BAR_42_PATH)/patches/
 BR2_ROOTFS_OVERLAY=$(BR2_EXTERNAL_BAR_42_PATH)/board/<boardname>/overlay/
-BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE=$(BR2_EXTERNAL_BAR_42_FOO)/board/<boardname>/kernel.config
+BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE=$(BR2_EXTERNAL_BAR_42_PATH)/board/<boardname>/kernel.config
 ----
 
 ===== Example layout
@@ -263,7 +263,7 @@ illustration, of course):
   |     |BR2_GLOBAL_PATCH_DIR="$(BR2_EXTERNAL_BAR_42_PATH)/patches/"
   |     |BR2_ROOTFS_OVERLAY="$(BR2_EXTERNAL_BAR_42_PATH)/board/my-board/overlay/"
   |     |BR2_ROOTFS_POST_IMAGE_SCRIPT="$(BR2_EXTERNAL_BAR_42_PATH)/board/my-board/post-image.sh"
-  |     |BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="$(BR2_EXTERNAL_BAR_42_FOO)/board/my-board/kernel.config"
+  |     |BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="$(BR2_EXTERNAL_BAR_42_PATH)/board/my-board/kernel.config"
   |     `----
   |
   |- patches/linux/0001-some-change.patch

docs/manual/using-buildroot-development.txt

@@ -50,11 +50,11 @@ BUSYBOX_OVERRIDE_SRCDIR = /home/bob/busybox/
 When Buildroot finds that for a given package, an
 +<pkg>_OVERRIDE_SRCDIR+ has been defined, it will no longer attempt to
 download, extract and patch the package. Instead, it will directly use
-the source code available in in the specified directory and +make
-clean+ will not touch this directory. This allows to point Buildroot
-to your own directories, that can be managed by Git, Subversion, or
-any other version control system. To achieve this, Buildroot will use
-_rsync_ to copy the source code of the component from the specified
+the source code available in the specified directory and +make clean+
+will not touch this directory. This allows to point Buildroot to your
+own directories, that can be managed by Git, Subversion, or any other
+version control system. To achieve this, Buildroot will use _rsync_ to
+copy the source code of the component from the specified
 +<pkg>_OVERRIDE_SRCDIR+ to +output/build/<package>-custom/+.
 
 This mechanism is best used in conjunction with the +make

fs/iso9660/Config.in

@@ -3,7 +3,7 @@ config BR2_TARGET_ROOTFS_ISO9660
 	depends on (BR2_i386 || BR2_x86_64)
 	depends on BR2_LINUX_KERNEL
 	depends on BR2_TARGET_GRUB || \
-		BR2_TARGET_GRUB2 || \
+		BR2_TARGET_GRUB2_I386_PC || \
 		BR2_TARGET_SYSLINUX_ISOLINUX
 	select BR2_LINUX_KERNEL_INSTALL_TARGET \
 	       if (!BR2_TARGET_ROOTFS_ISO9660_INITRD && !BR2_TARGET_ROOTFS_INITRAMFS)
@@ -33,7 +33,7 @@ config BR2_TARGET_ROOTFS_ISO9660_GRUB
 
 config BR2_TARGET_ROOTFS_ISO9660_GRUB2
 	bool "grub2"
-	depends on BR2_TARGET_GRUB2
+	depends on BR2_TARGET_GRUB2_I386_PC
 	help
 	  Use Grub 2 as the bootloader for the ISO9660 image. Make
 	  sure to enable the 'iso9660' module in
@@ -82,7 +82,7 @@ config BR2_TARGET_ROOTFS_ISO9660_HYBRID
 
 endif
 
-comment "iso image needs a Linux kernel and one of grub, grub2 or isolinux to be built"
+comment "iso image needs a Linux kernel and one of grub, grub2 i386-pc or isolinux to be built"
 	depends on BR2_i386 || BR2_x86_64
 	depends on !BR2_LINUX_KERNEL || \
-		!(BR2_TARGET_GRUB || BR2_TARGET_GRUB2 || BR2_TARGET_SYSLINUX_ISOLINUX)
+		!(BR2_TARGET_GRUB || BR2_TARGET_GRUB2_I386_PC || BR2_TARGET_SYSLINUX_ISOLINUX)

fs/iso9660/iso9660.mk

@@ -40,6 +40,7 @@ define ROOTFS_ISO9660_CREATE_TEMPDIR
 	$(RM) -rf $(ROOTFS_ISO9660_TARGET_DIR)
 	mkdir -p $(ROOTFS_ISO9660_TARGET_DIR)
 endef
+ROOTFS_ISO9660_PRE_GEN_HOOKS += ROOTFS_ISO9660_CREATE_TEMPDIR
 else
 ROOTFS_ISO9660_TARGET_DIR = $(TARGET_DIR)
 endif

linux/linux.mk

@@ -274,7 +274,7 @@ define LINUX_KCONFIG_FIXUP_CMDS
 		$(call KCONFIG_ENABLE_OPT,CONFIG_FHANDLE,$(@D)/.config)
 		$(call KCONFIG_ENABLE_OPT,CONFIG_AUTOFS4_FS,$(@D)/.config)
 		$(call KCONFIG_ENABLE_OPT,CONFIG_TMPFS_POSIX_ACL,$(@D)/.config)
-		$(call KCONFIG_ENABLE_OPT,CONFIG_TMPFS_POSIX_XATTR,$(@D)/.config))
+		$(call KCONFIG_ENABLE_OPT,CONFIG_TMPFS_XATTR,$(@D)/.config))
 	$(if $(BR2_PACKAGE_SMACK),
 		$(call KCONFIG_ENABLE_OPT,CONFIG_SECURITY,$(@D)/.config)
 		$(call KCONFIG_ENABLE_OPT,CONFIG_SECURITY_SMACK,$(@D)/.config)

package/Makefile.in

@@ -207,7 +207,7 @@ TARGET_STRIP = $(TARGET_CROSS)strip
 STRIPCMD = $(TARGET_CROSS)strip --remove-section=.comment --remove-section=.note
 endif
 ifeq ($(BR2_STRIP_none),y)
-TARGET_STRIP = true
+TARGET_STRIP = /bin/true
 STRIPCMD = $(TARGET_STRIP)
 endif
 INSTALL := $(shell which install || type -p install)
@@ -223,6 +223,27 @@ HOST_CFLAGS   += $(HOST_CPPFLAGS)
 HOST_CXXFLAGS += $(HOST_CFLAGS)
 HOST_LDFLAGS  += -L$(HOST_DIR)/lib -L$(HOST_DIR)/usr/lib -Wl,-rpath,$(HOST_DIR)/usr/lib
 
+# The macros below are taken from linux 4.11 and adapted slightly.
+# Copy more when needed.
+
+# try-run
+# Usage: option = $(call try-run, $(CC)...-o "$$TMP",option-ok,otherwise)
+# Exit code chooses option. "$$TMP" is can be used as temporary file and
+# is automatically cleaned up.
+try-run = $(shell set -e;               \
+	TMP="$$(tempfile)";             \
+	if ($(1)) >/dev/null 2>&1;      \
+	then echo "$(2)";               \
+	else echo "$(3)";               \
+	fi;                             \
+	rm -f "$$TMP")
+
+# host-cc-option
+# Usage: HOST_FOO_CFLAGS += $(call host-cc-option,-no-pie,)
+host-cc-option = $(call try-run,\
+        $(HOSTCC) $(HOST_CFLAGS) $(1) -c -x c /dev/null -o "$$TMP",$(1),$(2))
+
+
 # host-intltool should be executed with the system perl, so we save
 # the path to the system perl, before a host-perl built by Buildroot
 # might get installed into $(HOST_DIR)/usr/bin and therefore appears

package/acl/acl.mk

@@ -15,7 +15,13 @@ ACL_LICENSE_FILES = doc/COPYING doc/COPYING.LGPL
 
 # While the configuration system uses autoconf, the Makefiles are
 # hand-written and do not use automake. Therefore, we have to hack
-# around their deficiencies by passing installation paths.
+# around their deficiencies by:
+# - explicitly passing CFLAGS (LDFLAGS are passed on from configure,
+#   CFLAGS are not).
+# - explicitly passing the installation prefix, not using DESTDIR.
+
+ACL_MAKE_ENV = CFLAGS="$(TARGET_CFLAGS)"
+
 ACL_INSTALL_STAGING_OPTS = \
 	prefix=$(STAGING_DIR)/usr \
 	exec_prefix=$(STAGING_DIR)/usr \
@@ -37,4 +43,15 @@ endef
 
 ACL_POST_INSTALL_STAGING_HOOKS += ACL_FIX_LIBTOOL_LA_LIBDIR
 
+HOST_ACL_DEPENDENCIES = host-attr
+HOST_ACL_CONF_OPTS = --enable-gettext=no
+HOST_ACL_MAKE_ENV = CFLAGS="$(HOST_CFLAGS)"
+HOST_ACL_INSTALL_OPTS = \
+	prefix=$(HOST_DIR)/usr \
+	exec_prefix=$(HOST_DIR)/usr \
+	PKG_DEVLIB_DIR=$(HOST_DIR)/usr/lib \
+	install-dev install-lib
+# For the host, libacl.la is correct, no fixup needed.
+
 $(eval $(autotools-package))
+$(eval $(host-autotools-package))

package/aespipe/aespipe.mk

@@ -9,5 +9,15 @@ AESPIPE_SOURCE = aespipe-v$(AESPIPE_VERSION).tar.bz2
 AESPIPE_SITE = http://loop-aes.sourceforge.net/aespipe
 AESPIPE_LICENSE = GPL
 
+# Recent Debian, Gentoo and Ubuntu enable -fPIE by default, breaking the build:
+# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837393
+# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835148
+# Older gcc versions however don't support the -no-pie flag, so we have to
+# check its availability.
+HOST_AESPIPE_NO_PIE_FLAG = $(call host-cc-option,-no-pie)
+HOST_AESPIPE_CONF_ENV = \
+	CFLAGS="$(HOST_CFLAGS) $(HOST_AESPIPE_NO_PIE_FLAG)" \
+	LDFLAGS="$(HOST_LDFLAGS) $(HOST_AESPIPE_NO_PIE_FLAG)"
+
 $(eval $(autotools-package))
 $(eval $(host-autotools-package))

package/apache/0003-CVS-2017-9798.patch

@@ -0,0 +1,30 @@
+core: Disallow Methods' registration at run time (.htaccess), they may
+be used only if registered at init time (httpd.conf).
+
+Calling ap_method_register() in children processes is not the right scope
+since it won't be shared for all requests.
+
+git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1807655 13f79535-47bb-0310-9956-ffa450edef68
+
+Fixes CVE-2017-9798: https://nvd.nist.gov/vuln/detail/CVE-2017-9798
+
+Downloaded from upstream repo:
+https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch
+
+Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
+
+--- a/server/core.c	2017/08/16 16:50:29	1805223
++++ b/server/core.c	2017/09/08 13:13:11	1807754
+@@ -2266,6 +2266,12 @@
+             /* method has not been registered yet, but resource restriction
+              * is always checked before method handling, so register it.
+              */
++            if (cmd->pool == cmd->temp_pool) {
++                /* In .htaccess, we can't globally register new methods. */
++                return apr_psprintf(cmd->pool, "Could not register method '%s' "
++                                   "for %s from .htaccess configuration",
++                                    method, cmd->cmd->name);
++            }
+             methnum = ap_method_register(cmd->pool,
+                                          apr_pstrdup(cmd->pool, method));
+         }

package/apache/apache.hash

@@ -1,2 +1,2 @@
-# From http://www.apache.org/dist/httpd/httpd-2.4.23.tar.bz2.sha1
-sha1 bd6d138c31c109297da2346c6e7b93b9283993d2  httpd-2.4.25.tar.bz2
+# From http://www.apache.org/dist/httpd/httpd-2.4.27.tar.bz2.sha256
+sha256 71fcc128238a690515bd8174d5330a5309161ef314a326ae45c7c15ed139c13a httpd-2.4.27.tar.bz2

package/apache/apache.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-APACHE_VERSION = 2.4.25
+APACHE_VERSION = 2.4.27
 APACHE_SOURCE = httpd-$(APACHE_VERSION).tar.bz2
 APACHE_SITE = http://archive.apache.org/dist/httpd
 APACHE_LICENSE = Apache-2.0

package/apr-util/apr-util.hash

@@ -1,2 +1,4 @@
-# From http://archive.apache.org/dist/apr/apr-util-1.5.4.tar.gz.sha1
-sha1	72cc3ac693b52fb831063d5c0de18723bc8e0095	apr-util-1.5.4.tar.gz
+# From http://www.apache.org/dist/apr/apr-util-1.6.1.tar.bz2.sha256
+sha256	d3e12f7b6ad12687572a3a39475545a072608f4ba03a6ce8a3778f607dd0035b	apr-util-1.6.1.tar.bz2
+# Locally calculated
+sha256	ef5609d18601645ad6fe22c6c122094be40e976725c1d0490778abacc836e7a2	LICENSE

package/apr-util/apr-util.mk

@@ -4,7 +4,8 @@
 #
 ################################################################################
 
-APR_UTIL_VERSION = 1.5.4
+APR_UTIL_VERSION = 1.6.1
+APR_UTIL_SOURCE = apr-util-$(APR_UTIL_VERSION).tar.bz2
 APR_UTIL_SITE = http://archive.apache.org/dist/apr
 APR_UTIL_LICENSE = Apache-2.0
 APR_UTIL_LICENSE_FILES = LICENSE

package/apr/0001-cross-compile.patch

@@ -42,10 +42,10 @@ diff -uNr apr-1.5.1.org/Makefile.in apr-1.5.1/Makefile.in
  
  # get substituted into some targets
  APR_MAJOR_VERSION=@APR_MAJOR_VERSION@
-@@ -134,8 +136,13 @@
+@@ -134,8 +134,13 @@
+ 	$(APR_MKDIR) tools
+ 	$(LT_COMPILE)
  
- OBJECTS_gen_test_char = tools/gen_test_char.lo $(LOCAL_LIBS)
- tools/gen_test_char.lo: make_tools_dir
 +ifdef CC_FOR_BUILD
 +tools/gen_test_char@EXEEXT@: tools/gen_test_char.c $(LOCAL_LIBS)
 +	$(CC_FOR_BUILD) $(CFLAGS_FOR_BUILD) -DCROSS_COMPILE -o $@ $<

package/apr/apr.hash

@@ -1,2 +1,4 @@
-# From http://archive.apache.org/dist/apr/apr-1.5.1.tar.gz.sha1
-sha1	9caa83e3f50f3abc9fab7c4a3f2739a12b14c3a3	apr-1.5.1.tar.gz
+# From http://www.apache.org/dist/apr/apr-1.6.3.tar.bz2.sha256
+sha256 131f06d16d7aabd097fa992a33eec2b6af3962f93e6d570a9bd4d85e95993172  apr-1.6.3.tar.bz2
+# Locally calculated
+sha256 f854aeef66ecd55a126226e82b3f26793fc3b1c584647f6a0edc5639974c38ad  LICENSE

package/apr/apr.mk

@@ -4,7 +4,8 @@
 #
 ################################################################################
 
-APR_VERSION = 1.5.1
+APR_VERSION = 1.6.3
+APR_SOURCE = apr-$(APR_VERSION).tar.bz2
 APR_SITE = http://archive.apache.org/dist/apr
 APR_LICENSE = Apache-2.0
 APR_LICENSE_FILES = LICENSE
@@ -22,6 +23,7 @@ APR_CONF_ENV = \
 	apr_cv_mutex_robust_shared=no \
 	apr_cv_tcp_nodelay_with_cork=yes \
 	ac_cv_sizeof_struct_iovec=8 \
+	ac_cv_sizeof_pid_t=4 \
 	ac_cv_struct_rlimit=yes \
 	ac_cv_o_nonblock_inherited=no \
 	apr_cv_mutex_recursive=yes

package/argp-standalone/0003-fix_build_with_c99_compilers.patch

@@ -66,15 +66,3 @@ index e797b11..828f435 100644
  
  /* Internal routines.  */
  extern void _argp_fmtstream_update (argp_fmtstream_t __fs);
-@@ -216,7 +220,11 @@
- #endif
- 
- #ifndef ARGP_FS_EI
-+#if defined(__GNUC__) && !defined(__GNUC_STDC_INLINE__)
- #define ARGP_FS_EI extern inline
-+#else
-+#define ARGP_FS_EI inline
-+#endif
- #endif
- 
- ARGP_FS_EI size_t

package/argp-standalone/argp-standalone.mk

@@ -10,7 +10,7 @@ ARGP_STANDALONE_INSTALL_STAGING = YES
 ARGP_STANDALONE_LICENSE = LGPLv2+
 
 ARGP_STANDALONE_CONF_ENV = \
-	CFLAGS="$(TARGET_CFLAGS) -fPIC"
+	CFLAGS="$(TARGET_CFLAGS) -fPIC -fgnu89-inline"
 
 define ARGP_STANDALONE_INSTALL_STAGING_CMDS
 	$(INSTALL) -D $(@D)/libargp.a $(STAGING_DIR)/usr/lib/libargp.a

package/armadillo/armadillo.mk

@@ -5,7 +5,9 @@
 ################################################################################
 
 ARMADILLO_VERSION = 6.500.4
-ARMADILLO_SITE = http://downloads.sourceforge.net/project/arma
+# upstream removed tarball from
+# http://downloads.sourceforge.net/project/arma
+ARMADILLO_SITE = https://ftp.fau.de/macports/distfiles/armadillo
 ARMADILLO_DEPENDENCIES = clapack
 ARMADILLO_INSTALL_STAGING = YES
 ARMADILLO_LICENSE = MPLv2.0

package/audiofile/0003-Always-check-the-number-of-coefficients.patch

@@ -0,0 +1,36 @@
+From c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0 Mon Sep 17 00:00:00 2001
+From: Antonio Larrosa <larrosa@kde.org>
+Date: Mon, 6 Mar 2017 12:51:22 +0100
+Subject: [PATCH] Always check the number of coefficients
+
+When building the library with NDEBUG, asserts are eliminated
+so it's better to always check that the number of coefficients
+is inside the array range.
+
+This fixes the 00191-audiofile-indexoob issue in #41
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ libaudiofile/WAVE.cpp | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/libaudiofile/WAVE.cpp b/libaudiofile/WAVE.cpp
+index 0e81cf7..61f9541 100644
+--- a/libaudiofile/WAVE.cpp
++++ b/libaudiofile/WAVE.cpp
+@@ -281,6 +281,12 @@ status WAVEFile::parseFormat(const Tag &id, uint32_t size)
+ 
+ 			/* numCoefficients should be at least 7. */
+ 			assert(numCoefficients >= 7 && numCoefficients <= 255);
++			if (numCoefficients < 7 || numCoefficients > 255)
++			{
++				_af_error(AF_BAD_HEADER,
++						"Bad number of coefficients");
++				return AF_FAIL;
++			}
+ 
+ 			m_msadpcmNumCoefficients = numCoefficients;
+ 
+-- 
+2.11.0
+

package/audiofile/0004-clamp-index-values-to-fix-index-overflow-in-IMA.cpp.patch

@@ -0,0 +1,39 @@
+From 25eb00ce913452c2e614548d7df93070bf0d066f Mon Sep 17 00:00:00 2001
+From: Antonio Larrosa <larrosa@kde.org>
+Date: Mon, 6 Mar 2017 18:02:31 +0100
+Subject: [PATCH] clamp index values to fix index overflow in IMA.cpp
+
+This fixes #33
+(also reported at https://bugzilla.opensuse.org/show_bug.cgi?id=1026981
+and https://blogs.gentoo.org/ago/2017/02/20/audiofile-global-buffer-overflow-in-decodesample-ima-cpp/)
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ libaudiofile/modules/IMA.cpp | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libaudiofile/modules/IMA.cpp b/libaudiofile/modules/IMA.cpp
+index 7476d44..df4aad6 100644
+--- a/libaudiofile/modules/IMA.cpp
++++ b/libaudiofile/modules/IMA.cpp
+@@ -169,7 +169,7 @@ int IMA::decodeBlockWAVE(const uint8_t *encoded, int16_t *decoded)
+ 		if (encoded[1] & 0x80)
+ 			m_adpcmState[c].previousValue -= 0x10000;
+ 
+-		m_adpcmState[c].index = encoded[2];
++		m_adpcmState[c].index = clamp(encoded[2], 0, 88);
+ 
+ 		*decoded++ = m_adpcmState[c].previousValue;
+ 
+@@ -210,7 +210,7 @@ int IMA::decodeBlockQT(const uint8_t *encoded, int16_t *decoded)
+ 			predictor -= 0x10000;
+ 
+ 		state.previousValue = clamp(predictor, MIN_INT16, MAX_INT16);
+-		state.index = encoded[1] & 0x7f;
++		state.index = clamp(encoded[1] & 0x7f, 0, 88);
+ 		encoded += 2;
+ 
+ 		for (int n=0; n<m_framesPerPacket; n+=2)
+-- 
+2.11.0
+

package/audiofile/0005-Check-for-multiplication-overflow-in-sfconvert.patch

@@ -0,0 +1,72 @@
+From 7d65f89defb092b63bcbc5d98349fb222ca73b3c Mon Sep 17 00:00:00 2001
+From: Antonio Larrosa <larrosa@kde.org>
+Date: Mon, 6 Mar 2017 13:54:52 +0100
+Subject: [PATCH] Check for multiplication overflow in sfconvert
+
+Checks that a multiplication doesn't overflow when
+calculating the buffer size, and if it overflows,
+reduce the buffer size instead of failing.
+
+This fixes the 00192-audiofile-signintoverflow-sfconvert case
+in #41
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ sfcommands/sfconvert.c | 34 ++++++++++++++++++++++++++++++++--
+ 1 file changed, 32 insertions(+), 2 deletions(-)
+
+diff --git a/sfcommands/sfconvert.c b/sfcommands/sfconvert.c
+index 80a1bc4..970a3e4 100644
+--- a/sfcommands/sfconvert.c
++++ b/sfcommands/sfconvert.c
+@@ -45,6 +45,33 @@ void printusage (void);
+ void usageerror (void);
+ bool copyaudiodata (AFfilehandle infile, AFfilehandle outfile, int trackid);
+ 
++int firstBitSet(int x)
++{
++        int position=0;
++        while (x!=0)
++        {
++                x>>=1;
++                ++position;
++        }
++        return position;
++}
++
++#ifndef __has_builtin
++#define __has_builtin(x) 0
++#endif
++
++int multiplyCheckOverflow(int a, int b, int *result)
++{
++#if (defined __GNUC__ && __GNUC__ >= 5) || ( __clang__ && __has_builtin(__builtin_mul_overflow))
++	return __builtin_mul_overflow(a, b, result);
++#else
++	if (firstBitSet(a)+firstBitSet(b)>31) // int is signed, so we can't use 32 bits
++		return true;
++	*result = a * b;
++	return false;
++#endif
++}
++
+ int main (int argc, char **argv)
+ {
+ 	if (argc == 2)
+@@ -323,8 +350,11 @@ bool copyaudiodata (AFfilehandle infile, AFfilehandle outfile, int trackid)
+ {
+ 	int frameSize = afGetVirtualFrameSize(infile, trackid, 1);
+ 
+-	const int kBufferFrameCount = 65536;
+-	void *buffer = malloc(kBufferFrameCount * frameSize);
++	int kBufferFrameCount = 65536;
++	int bufferSize;
++	while (multiplyCheckOverflow(kBufferFrameCount, frameSize, &bufferSize))
++		kBufferFrameCount /= 2;
++	void *buffer = malloc(bufferSize);
+ 
+ 	AFframecount totalFrames = afGetFrameCount(infile, AF_DEFAULT_TRACK);
+ 	AFframecount totalFramesWritten = 0;
+-- 
+2.11.0
+

package/audiofile/0006-Actually-fail-when-error-occurs-in-parseFormat.patch

@@ -0,0 +1,42 @@
+From a2e9eab8ea87c4ffc494d839ebb4ea145eb9f2e6 Mon Sep 17 00:00:00 2001
+From: Antonio Larrosa <larrosa@kde.org>
+Date: Mon, 6 Mar 2017 18:59:26 +0100
+Subject: [PATCH] Actually fail when error occurs in parseFormat
+
+When there's an unsupported number of bits per sample or an invalid
+number of samples per block, don't only print an error message using
+the error handler, but actually stop parsing the file.
+
+This fixes #35 (also reported at
+https://bugzilla.opensuse.org/show_bug.cgi?id=1026983 and
+https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-imadecodeblockwave-ima-cpp/
+)
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ libaudiofile/WAVE.cpp | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libaudiofile/WAVE.cpp b/libaudiofile/WAVE.cpp
+index 0e81cf7..d762249 100644
+--- a/libaudiofile/WAVE.cpp
++++ b/libaudiofile/WAVE.cpp
+@@ -326,6 +326,7 @@ status WAVEFile::parseFormat(const Tag &id, uint32_t size)
+ 			{
+ 				_af_error(AF_BAD_NOT_IMPLEMENTED,
+ 					"IMA ADPCM compression supports only 4 bits per sample");
++				return AF_FAIL;
+ 			}
+ 
+ 			int bytesPerBlock = (samplesPerBlock + 14) / 8 * 4 * channelCount;
+@@ -333,6 +334,7 @@ status WAVEFile::parseFormat(const Tag &id, uint32_t size)
+ 			{
+ 				_af_error(AF_BAD_CODEC_CONFIG,
+ 					"Invalid samples per block for IMA ADPCM compression");
++				return AF_FAIL;
+ 			}
+ 
+ 			track->f.sampleWidth = 16;
+-- 
+2.11.0
+

package/audiofile/0007-Check-for-multiplication-overflow-in-MSADPCM-decodeS.patch

@@ -0,0 +1,122 @@
+From beacc44eb8cdf6d58717ec1a5103c5141f1b37f9 Mon Sep 17 00:00:00 2001
+From: Antonio Larrosa <larrosa@kde.org>
+Date: Mon, 6 Mar 2017 13:43:53 +0100
+Subject: [PATCH] Check for multiplication overflow in MSADPCM decodeSample
+
+Check for multiplication overflow (using __builtin_mul_overflow
+if available) in MSADPCM.cpp decodeSample and return an empty
+decoded block if an error occurs.
+
+This fixes the 00193-audiofile-signintoverflow-MSADPCM case of #41
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ libaudiofile/modules/BlockCodec.cpp |  5 ++--
+ libaudiofile/modules/MSADPCM.cpp    | 47 +++++++++++++++++++++++++++++++++----
+ 2 files changed, 46 insertions(+), 6 deletions(-)
+
+diff --git a/libaudiofile/modules/BlockCodec.cpp b/libaudiofile/modules/BlockCodec.cpp
+index 45925e8..4731be1 100644
+--- a/libaudiofile/modules/BlockCodec.cpp
++++ b/libaudiofile/modules/BlockCodec.cpp
+@@ -52,8 +52,9 @@ void BlockCodec::runPull()
+ 	// Decompress into m_outChunk.
+ 	for (int i=0; i<blocksRead; i++)
+ 	{
+-		decodeBlock(static_cast<const uint8_t *>(m_inChunk->buffer) + i * m_bytesPerPacket,
+-			static_cast<int16_t *>(m_outChunk->buffer) + i * m_framesPerPacket * m_track->f.channelCount);
++		if (decodeBlock(static_cast<const uint8_t *>(m_inChunk->buffer) + i * m_bytesPerPacket,
++			static_cast<int16_t *>(m_outChunk->buffer) + i * m_framesPerPacket * m_track->f.channelCount)==0)
++			break;
+ 
+ 		framesRead += m_framesPerPacket;
+ 	}
+diff --git a/libaudiofile/modules/MSADPCM.cpp b/libaudiofile/modules/MSADPCM.cpp
+index 8ea3c85..ef9c38c 100644
+--- a/libaudiofile/modules/MSADPCM.cpp
++++ b/libaudiofile/modules/MSADPCM.cpp
+@@ -101,24 +101,60 @@ static const int16_t adaptationTable[] =
+ 	768, 614, 512, 409, 307, 230, 230, 230
+ };
+ 
++int firstBitSet(int x)
++{
++        int position=0;
++        while (x!=0)
++        {
++                x>>=1;
++                ++position;
++        }
++        return position;
++}
++
++#ifndef __has_builtin
++#define __has_builtin(x) 0
++#endif
++
++int multiplyCheckOverflow(int a, int b, int *result)
++{
++#if (defined __GNUC__ && __GNUC__ >= 5) || ( __clang__ && __has_builtin(__builtin_mul_overflow))
++	return __builtin_mul_overflow(a, b, result);
++#else
++	if (firstBitSet(a)+firstBitSet(b)>31) // int is signed, so we can't use 32 bits
++		return true;
++	*result = a * b;
++	return false;
++#endif
++}
++
++
+ // Compute a linear PCM value from the given differential coded value.
+ static int16_t decodeSample(ms_adpcm_state &state,
+-	uint8_t code, const int16_t *coefficient)
++	uint8_t code, const int16_t *coefficient, bool *ok=NULL)
+ {
+ 	int linearSample = (state.sample1 * coefficient[0] +
+ 		state.sample2 * coefficient[1]) >> 8;
++	int delta;
+ 
+ 	linearSample += ((code & 0x08) ? (code - 0x10) : code) * state.delta;
+ 
+ 	linearSample = clamp(linearSample, MIN_INT16, MAX_INT16);
+ 
+-	int delta = (state.delta * adaptationTable[code]) >> 8;
++	if (multiplyCheckOverflow(state.delta, adaptationTable[code], &delta))
++	{
++                if (ok) *ok=false;
++		_af_error(AF_BAD_COMPRESSION, "Error decoding sample");
++		return 0;
++	}
++	delta >>= 8;
+ 	if (delta < 16)
+ 		delta = 16;
+ 
+ 	state.delta = delta;
+ 	state.sample2 = state.sample1;
+ 	state.sample1 = linearSample;
++	if (ok) *ok=true;
+ 
+ 	return static_cast<int16_t>(linearSample);
+ }
+@@ -212,13 +248,16 @@ int MSADPCM::decodeBlock(const uint8_t *encoded, int16_t *decoded)
+ 	{
+ 		uint8_t code;
+ 		int16_t newSample;
++		bool ok;
+ 
+ 		code = *encoded >> 4;
+-		newSample = decodeSample(*state[0], code, coefficient[0]);
++		newSample = decodeSample(*state[0], code, coefficient[0], &ok);
++		if (!ok) return 0;
+ 		*decoded++ = newSample;
+ 
+ 		code = *encoded & 0x0f;
+-		newSample = decodeSample(*state[1], code, coefficient[1]);
++		newSample = decodeSample(*state[1], code, coefficient[1], &ok);
++		if (!ok) return 0;
+ 		*decoded++ = newSample;
+ 
+ 		encoded++;
+-- 
+2.11.0
+

package/audiofile/0008-CVE-2015-7747.patch

@@ -0,0 +1,161 @@
+Description: fix buffer overflow when changing both sample format and
+ number of channels
+Origin: https://github.com/mpruett/audiofile/pull/25
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1502721
+Bug-Debian: https://bugs.debian.org/801102
+
+Downloaded from
+https://gitweb.gentoo.org/repo/gentoo.git/tree/media-libs/audiofile/files/audiofile-0.3.6-CVE-2015-7747.patch
+
+Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
+
+--- a/libaudiofile/modules/ModuleState.cpp
++++ b/libaudiofile/modules/ModuleState.cpp
+@@ -402,7 +402,7 @@ status ModuleState::arrange(AFfilehandle
+ 		addModule(new Transform(outfc, in.pcm, out.pcm));
+ 
+ 	if (in.channelCount != out.channelCount)
+-		addModule(new ApplyChannelMatrix(infc, isReading,
++		addModule(new ApplyChannelMatrix(outfc, isReading,
+ 			in.channelCount, out.channelCount,
+ 			in.pcm.minClip, in.pcm.maxClip,
+ 			track->channelMatrix));
+--- a/test/Makefile.am
++++ b/test/Makefile.am
+@@ -26,6 +26,7 @@ TESTS = \
+ 	VirtualFile \
+ 	floatto24 \
+ 	query2 \
++	sixteen-stereo-to-eight-mono \
+ 	sixteen-to-eight \
+ 	testchannelmatrix \
+ 	testdouble \
+@@ -139,6 +140,7 @@ printmarkers_SOURCES = printmarkers.c
+ printmarkers_LDADD = $(LIBAUDIOFILE) -lm
+ 
+ sixteen_to_eight_SOURCES = sixteen-to-eight.c TestUtilities.cpp TestUtilities.h
++sixteen_stereo_to_eight_mono_SOURCES = sixteen-stereo-to-eight-mono.c TestUtilities.cpp TestUtilities.h
+ 
+ testchannelmatrix_SOURCES = testchannelmatrix.c TestUtilities.cpp TestUtilities.h
+ 
+--- /dev/null
++++ b/test/sixteen-stereo-to-eight-mono.c
+@@ -0,0 +1,118 @@
++/*
++	Audio File Library
++
++	Copyright 2000, Silicon Graphics, Inc.
++
++	This program is free software; you can redistribute it and/or modify
++	it under the terms of the GNU General Public License as published by
++	the Free Software Foundation; either version 2 of the License, or
++	(at your option) any later version.
++
++	This program is distributed in the hope that it will be useful,
++	but WITHOUT ANY WARRANTY; without even the implied warranty of
++	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++	GNU General Public License for more details.
++
++	You should have received a copy of the GNU General Public License along
++	with this program; if not, write to the Free Software Foundation, Inc.,
++	51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
++*/
++
++/*
++	sixteen-stereo-to-eight-mono.c
++
++	This program tests the conversion from 2-channel 16-bit integers to
++	1-channel 8-bit	integers.
++*/
++
++#ifdef HAVE_CONFIG_H
++#include <config.h>
++#endif
++
++#include <stdint.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <unistd.h>
++#include <limits.h>
++
++#include <audiofile.h>
++
++#include "TestUtilities.h"
++
++int main (int argc, char **argv)
++{
++	AFfilehandle file;
++	AFfilesetup setup;
++	int16_t frames16[] = {14298, 392, 3923, -683, 958, -1921};
++	int8_t frames8[] = {28, 6, -2};
++	int i, frameCount = 3;
++	int8_t byte;
++	AFframecount result;
++
++	setup = afNewFileSetup();
++
++	afInitFileFormat(setup, AF_FILE_WAVE);
++
++	afInitSampleFormat(setup, AF_DEFAULT_TRACK, AF_SAMPFMT_TWOSCOMP, 16);
++	afInitChannels(setup, AF_DEFAULT_TRACK, 2);
++
++	char *testFileName;
++	if (!createTemporaryFile("sixteen-to-eight", &testFileName))
++	{
++		fprintf(stderr, "Could not create temporary file.\n");
++		exit(EXIT_FAILURE);
++	}
++
++	file = afOpenFile(testFileName, "w", setup);
++	if (file == AF_NULL_FILEHANDLE)
++	{
++		fprintf(stderr, "could not open file for writing\n");
++		exit(EXIT_FAILURE);
++	}
++
++	afFreeFileSetup(setup);
++
++	afWriteFrames(file, AF_DEFAULT_TRACK, frames16, frameCount);
++
++	afCloseFile(file);
++
++	file = afOpenFile(testFileName, "r", AF_NULL_FILESETUP);
++	if (file == AF_NULL_FILEHANDLE)
++	{
++		fprintf(stderr, "could not open file for reading\n");
++		exit(EXIT_FAILURE);
++	}
++
++	afSetVirtualSampleFormat(file, AF_DEFAULT_TRACK, AF_SAMPFMT_TWOSCOMP, 8);
++	afSetVirtualChannels(file, AF_DEFAULT_TRACK, 1);
++
++	for (i=0; i<frameCount; i++)
++	{
++		/* Read one frame. */
++		result = afReadFrames(file, AF_DEFAULT_TRACK, &byte, 1);
++
++		if (result != 1)
++			break;
++
++		/* Compare the byte read with its precalculated value. */
++		if (memcmp(&byte, &frames8[i], 1) != 0)
++		{
++			printf("error\n");
++			printf("expected %d, got %d\n", frames8[i], byte);
++			exit(EXIT_FAILURE);
++		}
++		else
++		{
++#ifdef DEBUG
++			printf("got what was expected: %d\n", byte);
++#endif
++		}
++	}
++
++	afCloseFile(file);
++	unlink(testFileName);
++	free(testFileName);
++
++	exit(EXIT_SUCCESS);
++}

package/audiofile/0009-Fix-static-linking-with-libsndfile.patch

@@ -0,0 +1,193 @@
+From d89a938f48e97b5770509d53c5478c5c3008d6e8 Mon Sep 17 00:00:00 2001
+From: Bernd Kuhls <bernd.kuhls@t-online.de>
+Date: Sat, 27 May 2017 17:53:33 +0200
+Subject: [PATCH 1/1] Fix static linking with libsndfile
+
+libsndfile and audiofile both contain mixXX functions in their alac
+code which lead to symbol name clashes when apps like mpd try to
+statically link to both audiofile and libsndfile at the same time.
+
+This patch renames these functions to avoid the problem which was
+detected by the buildroot autobuilders:
+http://autobuild.buildroot.net/results/799/7997ccd698f03885f98d00bd150dc3a578e4b161/
+
+Patch sent upstream: https://github.com/mpruett/audiofile/pull/45
+
+Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
+---
+ libaudiofile/alac/ALACEncoder.cpp | 28 ++++++++++++++--------------
+ libaudiofile/alac/matrix_enc.c    |  8 ++++----
+ libaudiofile/alac/matrixlib.h     |  8 ++++----
+ 3 files changed, 22 insertions(+), 22 deletions(-)
+
+diff --git a/libaudiofile/alac/ALACEncoder.cpp b/libaudiofile/alac/ALACEncoder.cpp
+index da922c2..3d088cc 100644
+--- a/libaudiofile/alac/ALACEncoder.cpp
++++ b/libaudiofile/alac/ALACEncoder.cpp
+@@ -332,19 +332,19 @@ int32_t ALACEncoder::EncodeStereo( BitBuffer * bitstream, void * inputBuffer, ui
+         switch ( mBitDepth )
+         {
+             case 16:
+-                mix16( (int16_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples/dilate, mixBits, mixRes );
++                audiofile_alac_mix16( (int16_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples/dilate, mixBits, mixRes );
+                 break;
+             case 20:
+-                mix20( (uint8_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples/dilate, mixBits, mixRes );
++                audiofile_alac_mix20( (uint8_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples/dilate, mixBits, mixRes );
+                 break;
+             case 24:
+                 // includes extraction of shifted-off bytes
+-                mix24( (uint8_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples/dilate,
++                audiofile_alac_mix24( (uint8_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples/dilate,
+                         mixBits, mixRes, mShiftBufferUV, bytesShifted );
+                 break;
+             case 32:
+                 // includes extraction of shifted-off bytes
+-                mix32( (int32_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples/dilate,
++                audiofile_alac_mix32( (int32_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples/dilate,
+                         mixBits, mixRes, mShiftBufferUV, bytesShifted );
+                 break;
+         }
+@@ -379,19 +379,19 @@ int32_t ALACEncoder::EncodeStereo( BitBuffer * bitstream, void * inputBuffer, ui
+ 	switch ( mBitDepth )
+ 	{
+ 		case 16:
+-			mix16( (int16_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples, mixBits, mixRes );
++			audiofile_alac_mix16( (int16_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples, mixBits, mixRes );
+ 			break;
+ 		case 20:
+-			mix20( (uint8_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples, mixBits, mixRes );
++			audiofile_alac_mix20( (uint8_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples, mixBits, mixRes );
+ 			break;
+ 		case 24:
+ 			// also extracts the shifted off bytes into the shift buffers
+-			mix24( (uint8_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples,
++			audiofile_alac_mix24( (uint8_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples,
+ 					mixBits, mixRes, mShiftBufferUV, bytesShifted );
+ 			break;
+ 		case 32:
+ 			// also extracts the shifted off bytes into the shift buffers
+-			mix32( (int32_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples,
++			audiofile_alac_mix32( (int32_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples,
+ 					mixBits, mixRes, mShiftBufferUV, bytesShifted );
+ 			break;
+ 	}
+@@ -605,19 +605,19 @@ int32_t ALACEncoder::EncodeStereoFast( BitBuffer * bitstream, void * inputBuffer
+ 	switch ( mBitDepth )
+ 	{
+ 		case 16:
+-			mix16( (int16_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples, mixBits, mixRes );
++			audiofile_alac_mix16( (int16_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples, mixBits, mixRes );
+ 			break;
+ 		case 20:
+-			mix20( (uint8_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples, mixBits, mixRes );
++			audiofile_alac_mix20( (uint8_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples, mixBits, mixRes );
+ 			break;
+ 		case 24:
+ 			// also extracts the shifted off bytes into the shift buffers
+-			mix24( (uint8_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples,
++			audiofile_alac_mix24( (uint8_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples,
+ 					mixBits, mixRes, mShiftBufferUV, bytesShifted );
+ 			break;
+ 		case 32:
+ 			// also extracts the shifted off bytes into the shift buffers
+-			mix32( (int32_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples,
++			audiofile_alac_mix32( (int32_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples,
+ 					mixBits, mixRes, mShiftBufferUV, bytesShifted );
+ 			break;
+ 	}
+@@ -756,7 +756,7 @@ int32_t ALACEncoder::EncodeStereoEscape( BitBuffer * bitstream, void * inputBuff
+ 			break;
+ 		case 20:
+ 			// mix20() with mixres param = 0 means de-interleave so use it to simplify things
+-			mix20( (uint8_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples, 0, 0 );
++			audiofile_alac_mix20( (uint8_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples, 0, 0 );
+ 			for ( index = 0; index < numSamples; index++ )
+ 			{
+ 				BitBufferWrite( bitstream, mMixBufferU[index], 20 );
+@@ -765,7 +765,7 @@ int32_t ALACEncoder::EncodeStereoEscape( BitBuffer * bitstream, void * inputBuff
+ 			break;
+ 		case 24:
+ 			// mix24() with mixres param = 0 means de-interleave so use it to simplify things
+-			mix24( (uint8_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples, 0, 0, mShiftBufferUV, 0 );
++			audiofile_alac_mix24( (uint8_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples, 0, 0, mShiftBufferUV, 0 );
+ 			for ( index = 0; index < numSamples; index++ )
+ 			{
+ 				BitBufferWrite( bitstream, mMixBufferU[index], 24 );
+diff --git a/libaudiofile/alac/matrix_enc.c b/libaudiofile/alac/matrix_enc.c
+index e194330..8abd556 100644
+--- a/libaudiofile/alac/matrix_enc.c
++++ b/libaudiofile/alac/matrix_enc.c
+@@ -57,7 +57,7 @@
+ 
+ // 16-bit routines
+ 
+-void mix16( int16_t * in, uint32_t stride, int32_t * u, int32_t * v, int32_t numSamples, int32_t mixbits, int32_t mixres )
++void audiofile_alac_mix16( int16_t * in, uint32_t stride, int32_t * u, int32_t * v, int32_t numSamples, int32_t mixbits, int32_t mixres )
+ {
+ 	int16_t	*	ip = in;
+ 	int32_t			j;
+@@ -95,7 +95,7 @@ void mix16( int16_t * in, uint32_t stride, int32_t * u, int32_t * v, int32_t num
+ // 20-bit routines
+ // - the 20 bits of data are left-justified in 3 bytes of storage but right-aligned for input/output predictor buffers
+ 
+-void mix20( uint8_t * in, uint32_t stride, int32_t * u, int32_t * v, int32_t numSamples, int32_t mixbits, int32_t mixres )
++void audiofile_alac_mix20( uint8_t * in, uint32_t stride, int32_t * u, int32_t * v, int32_t numSamples, int32_t mixbits, int32_t mixres )
+ {
+ 	int32_t		l, r;
+ 	uint8_t *	ip = in;
+@@ -140,7 +140,7 @@ void mix20( uint8_t * in, uint32_t stride, int32_t * u, int32_t * v, int32_t num
+ // 24-bit routines
+ // - the 24 bits of data are right-justified in the input/output predictor buffers
+ 
+-void mix24( uint8_t * in, uint32_t stride, int32_t * u, int32_t * v, int32_t numSamples,
++void audiofile_alac_mix24( uint8_t * in, uint32_t stride, int32_t * u, int32_t * v, int32_t numSamples,
+ 			int32_t mixbits, int32_t mixres, uint16_t * shiftUV, int32_t bytesShifted )
+ {	
+ 	int32_t		l, r;
+@@ -240,7 +240,7 @@ void mix24( uint8_t * in, uint32_t stride, int32_t * u, int32_t * v, int32_t num
+ // - otherwise, the calculations might overflow into the 33rd bit and be lost
+ // - therefore, these routines deal with the specified "unused lower" bytes in the "shift" buffers
+ 
+-void mix32( int32_t * in, uint32_t stride, int32_t * u, int32_t * v, int32_t numSamples,
++void audiofile_alac_mix32( int32_t * in, uint32_t stride, int32_t * u, int32_t * v, int32_t numSamples,
+ 			int32_t mixbits, int32_t mixres, uint16_t * shiftUV, int32_t bytesShifted )
+ {
+ 	int32_t	*	ip = in;
+diff --git a/libaudiofile/alac/matrixlib.h b/libaudiofile/alac/matrixlib.h
+index 0a4f371..5728b6d 100644
+--- a/libaudiofile/alac/matrixlib.h
++++ b/libaudiofile/alac/matrixlib.h
+@@ -38,17 +38,17 @@ extern "C" {
+ #endif
+ 
+ // 16-bit routines
+-void	mix16( int16_t * in, uint32_t stride, int32_t * u, int32_t * v, int32_t numSamples, int32_t mixbits, int32_t mixres );
++void	audiofile_alac_mix16( int16_t * in, uint32_t stride, int32_t * u, int32_t * v, int32_t numSamples, int32_t mixbits, int32_t mixres );
+ void	unmix16( int32_t * u, int32_t * v, int16_t * out, uint32_t stride, int32_t numSamples, int32_t mixbits, int32_t mixres );
+ 
+ // 20-bit routines
+-void	mix20( uint8_t * in, uint32_t stride, int32_t * u, int32_t * v, int32_t numSamples, int32_t mixbits, int32_t mixres );
++void	audiofile_alac_mix20( uint8_t * in, uint32_t stride, int32_t * u, int32_t * v, int32_t numSamples, int32_t mixbits, int32_t mixres );
+ void	unmix20( int32_t * u, int32_t * v, uint8_t * out, uint32_t stride, int32_t numSamples, int32_t mixbits, int32_t mixres );
+ 
+ // 24-bit routines
+ // - 24-bit data sometimes compresses better by shifting off the bottom byte so these routines deal with
+ //	 the specified "unused lower bytes" in the combined "shift" buffer
+-void	mix24( uint8_t * in, uint32_t stride, int32_t * u, int32_t * v, int32_t numSamples,
++void	audiofile_alac_mix24( uint8_t * in, uint32_t stride, int32_t * u, int32_t * v, int32_t numSamples,
+ 				int32_t mixbits, int32_t mixres, uint16_t * shiftUV, int32_t bytesShifted );
+ void	unmix24( int32_t * u, int32_t * v, uint8_t * out, uint32_t stride, int32_t numSamples,
+ 				 int32_t mixbits, int32_t mixres, uint16_t * shiftUV, int32_t bytesShifted );
+@@ -57,7 +57,7 @@ void	unmix24( int32_t * u, int32_t * v, uint8_t * out, uint32_t stride, int32_t
+ // - note that these really expect the internal data width to be < 32-bit but the arrays are 32-bit
+ // - otherwise, the calculations might overflow into the 33rd bit and be lost
+ // - therefore, these routines deal with the specified "unused lower" bytes in the combined "shift" buffer
+-void	mix32( int32_t * in, uint32_t stride, int32_t * u, int32_t * v, int32_t numSamples,
++void	audiofile_alac_mix32( int32_t * in, uint32_t stride, int32_t * u, int32_t * v, int32_t numSamples,
+ 				int32_t mixbits, int32_t mixres, uint16_t * shiftUV, int32_t bytesShifted );
+ void	unmix32( int32_t * u, int32_t * v, int32_t * out, uint32_t stride, int32_t numSamples,
+ 				 int32_t mixbits, int32_t mixres, uint16_t * shiftUV, int32_t bytesShifted );
+-- 
+2.11.0
+

package/automake/0002-port-to-perl-5.22-and-later.patch

@@ -0,0 +1,34 @@
+From 13f00eb4493c217269b76614759e452d8302955e Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert@cs.ucla.edu>
+Date: Thu, 31 Mar 2016 16:35:29 -0700
+Subject: [PATCH] automake: port to Perl 5.22 and later
+
+Without this change, Perl 5.22 complains "Unescaped left brace in
+regex is deprecated" and this is planned to become a hard error in
+Perl 5.26.  See:
+http://search.cpan.org/dist/perl-5.22.0/pod/perldelta.pod#A_literal_%22{%22_should_now_be_escaped_in_a_pattern
+* bin/automake.in (substitute_ac_subst_variables): Escape left brace.
+
+[Backported from:
+ http://git.savannah.gnu.org/cgit/automake.git/commit/?id=13f00eb4493c217269b76614759e452d8302955e]
+Signed-off-by: Adam Duskett <aduskett@gmail.com>
+---
+ bin/automake.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/bin/automake.in b/bin/automake.in
+index a3a0aa3..2c8f31e 100644
+--- a/bin/automake.in
++++ b/bin/automake.in
+@@ -3878,7 +3878,7 @@ sub substitute_ac_subst_variables_worker
+ sub substitute_ac_subst_variables
+ {
+   my ($text) = @_;
+-  $text =~ s/\${([^ \t=:+{}]+)}/substitute_ac_subst_variables_worker ($1)/ge;
++  $text =~ s/\$[{]([^ \t=:+{}]+)}/substitute_ac_subst_variables_worker ($1)/ge;
+   return $text;
+ }
+ 
+-- 
+2.7.4
+

package/bash/bash.mk

@@ -9,7 +9,7 @@ BASH_SITE = $(BR2_GNU_MIRROR)/bash
 # Build after since bash is better than busybox shells
 BASH_DEPENDENCIES = ncurses readline host-bison \
 	$(if $(BR2_PACKAGE_BUSYBOX),busybox)
-BASH_CONF_OPTS = --with-installed-readline
+BASH_CONF_OPTS = --with-installed-readline --without-bash-malloc
 BASH_LICENSE = GPLv3+
 BASH_LICENSE_FILES = COPYING
 
@@ -24,7 +24,7 @@ BASH_CONF_ENV += \
 
 # The static build needs some trickery
 ifeq ($(BR2_STATIC_LIBS),y)
-BASH_CONF_OPTS += --enable-static-link --without-bash-malloc
+BASH_CONF_OPTS += --enable-static-link
 # bash wants to redefine the getenv() function. To check whether this is
 # possible, AC_TRY_RUN is used which is not possible in
 # cross-compilation.

package/bcusdk/0002-eibd-fix-endless-recursion-when-using-USB-backends.patch

@@ -0,0 +1,35 @@
+From 6bd1b4958e949d83468e053c34bf6c89d14d687a Mon Sep 17 00:00:00 2001
+From: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
+Date: Fri, 25 Aug 2017 23:01:14 +0200
+Subject: [PATCH] eibd: drop local clock_gettime in USB backends
+
+clock_gettime is defined locally, and calls pth_int_time, which
+in turn calls clock_gettime.
+The USB backend shouldn't overrule clock_gettime in the first place.
+This patch fixes this endless recursion by removing the local defition.
+
+Signed-off-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
+---
+ eibd/usb/linux_usbfs.c | 6 ------
+ 1 file changed, 6 deletions(-)
+
+diff --git a/eibd/usb/linux_usbfs.c b/eibd/usb/linux_usbfs.c
+index c3ec410..957b908 100644
+--- a/eibd/usb/linux_usbfs.c
++++ b/eibd/usb/linux_usbfs.c
+@@ -52,12 +52,6 @@ int pthread_mutex_trylock(pthread_mutex_t *mutex)
+ 	return 0;
+ }
+ 
+-int clock_gettime(clockid_t clk_id, struct timespec *tp)
+-{
+-	pth_int_time (tp);
+-	return 0;
+-}
+-
+ /* sysfs vs usbfs:
+  * opening a usbfs node causes the device to be resumed, so we attempt to
+  * avoid this during enumeration.
+-- 
+1.8.5.rc3
+

package/bind/bind.hash

@@ -1,2 +1,3 @@
-# Verified from http://ftp.isc.org/isc/bind9/9.11.0-P3/bind-9.11.0-P3.tar.gz.sha256.asc
-sha256 0feee0374bcbdee73a9d4277f3c5007622279572d520d7c27a4b64015d8ca9e9  bind-9.11.0-P3.tar.gz
+# Verified from http://ftp.isc.org/isc/bind9/9.11.2/bind-9.11.2.tar.gz.sha256.asc
+sha256 7f46ad8620f7c3b0ac375d7a5211b15677708fda84ce25d7aeb7222fe2e3c77a bind-9.11.2.tar.gz
+sha256 d3906dfe153e2c48440d3ca1d5319f5e89b4b820cdfc5d0779c23d7ac2b175e9 COPYRIGHT

package/bind/bind.mk

@@ -4,8 +4,8 @@
 #
 ################################################################################
 
-BIND_VERSION = 9.11.0-P3
-BIND_SITE = ftp://ftp.isc.org/isc/bind9/$(BIND_VERSION)
+BIND_VERSION = 9.11.2
+BIND_SITE = http://ftp.isc.org/isc/bind9/$(BIND_VERSION)
 # bind does not support parallel builds.
 BIND_MAKE = $(MAKE1)
 BIND_INSTALL_STAGING = YES
@@ -24,12 +24,12 @@ BIND_CONF_ENV = \
 	BUILD_CC="$(TARGET_CC)" \
 	BUILD_CFLAGS="$(TARGET_CFLAGS)"
 BIND_CONF_OPTS = \
+	--without-lmdb \
 	--with-libjson=no \
 	--with-randomdev=/dev/urandom \
 	--enable-epoll \
 	--with-libtool \
 	--with-gssapi=no \
-	--enable-rrl \
 	--enable-filter-aaaa
 
 ifeq ($(BR2_PACKAGE_ZLIB),y)

package/binutils/2.25.1/131-xtensa-fix-memory-corruption-by-broken-sysregs.patch

@@ -0,0 +1,42 @@
+From 3c8788dbb70b40e737d4b8e30cab81406e5c5091 Mon Sep 17 00:00:00 2001
+From: Max Filippov <jcmvbkbc@gmail.com>
+Date: Wed, 2 Aug 2017 00:36:05 -0700
+Subject: [PATCH] xtensa: fix memory corruption by broken sysregs
+
+In some xtensa configurations there may be system/user registers in
+xtensa-modules with negative index. ISA initialization for such config
+may clobber heap and result in program termination.
+Don't update lookup table entries for register with negative indices.
+They are not directly accessible via RSR/WSR/XSR or RUR/WUR, so this
+change should not affect processing of valid assembly/binary code.
+
+bfd/
+2017-08-02  Max Filippov  <jcmvbkbc@gmail.com>
+
+	* xtensa-isa.c (xtensa_isa_init): Don't update lookup table
+	entries for sysregs with negative indices.
+
+Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
+---
+Backported from: d84ed528d4817b0ff854006b65a9f6ec75f0407a
+
+ bfd/xtensa-isa.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/bfd/xtensa-isa.c b/bfd/xtensa-isa.c
+index 8da75bea8109..8c6ee88fdeae 100644
+--- a/bfd/xtensa-isa.c
++++ b/bfd/xtensa-isa.c
+@@ -292,7 +292,8 @@ xtensa_isa_init (xtensa_isa_status *errno_p, char **error_msg_p)
+       xtensa_sysreg_internal *sreg = &isa->sysregs[n];
+       is_user = sreg->is_user;
+ 
+-      isa->sysreg_table[is_user][sreg->number] = n;
++      if (sreg->number >= 0)
++	isa->sysreg_table[is_user][sreg->number] = n;
+     }
+ 
+   /* Set up the interface lookup table.  */
+-- 
+2.1.4
+

package/binutils/2.26.1/0131-xtensa-fix-memory-corruption-by-broken-sysregs.patch

@@ -0,0 +1,42 @@
+From 3c8788dbb70b40e737d4b8e30cab81406e5c5091 Mon Sep 17 00:00:00 2001
+From: Max Filippov <jcmvbkbc@gmail.com>
+Date: Wed, 2 Aug 2017 00:36:05 -0700
+Subject: [PATCH] xtensa: fix memory corruption by broken sysregs
+
+In some xtensa configurations there may be system/user registers in
+xtensa-modules with negative index. ISA initialization for such config
+may clobber heap and result in program termination.
+Don't update lookup table entries for register with negative indices.
+They are not directly accessible via RSR/WSR/XSR or RUR/WUR, so this
+change should not affect processing of valid assembly/binary code.
+
+bfd/
+2017-08-02  Max Filippov  <jcmvbkbc@gmail.com>
+
+	* xtensa-isa.c (xtensa_isa_init): Don't update lookup table
+	entries for sysregs with negative indices.
+
+Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
+---
+Backported from: d84ed528d4817b0ff854006b65a9f6ec75f0407a
+
+ bfd/xtensa-isa.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/bfd/xtensa-isa.c b/bfd/xtensa-isa.c
+index 8da75bea8109..8c6ee88fdeae 100644
+--- a/bfd/xtensa-isa.c
++++ b/bfd/xtensa-isa.c
+@@ -292,7 +292,8 @@ xtensa_isa_init (xtensa_isa_status *errno_p, char **error_msg_p)
+       xtensa_sysreg_internal *sreg = &isa->sysregs[n];
+       is_user = sreg->is_user;
+ 
+-      isa->sysreg_table[is_user][sreg->number] = n;
++      if (sreg->number >= 0)
++	isa->sysreg_table[is_user][sreg->number] = n;
+     }
+ 
+   /* Set up the interface lookup table.  */
+-- 
+2.1.4
+

package/binutils/2.27/0131-xtensa-fix-memory-corruption-by-broken-sysregs.patch

@@ -0,0 +1,42 @@
+From 3c8788dbb70b40e737d4b8e30cab81406e5c5091 Mon Sep 17 00:00:00 2001
+From: Max Filippov <jcmvbkbc@gmail.com>
+Date: Wed, 2 Aug 2017 00:36:05 -0700
+Subject: [PATCH] xtensa: fix memory corruption by broken sysregs
+
+In some xtensa configurations there may be system/user registers in
+xtensa-modules with negative index. ISA initialization for such config
+may clobber heap and result in program termination.
+Don't update lookup table entries for register with negative indices.
+They are not directly accessible via RSR/WSR/XSR or RUR/WUR, so this
+change should not affect processing of valid assembly/binary code.
+
+bfd/
+2017-08-02  Max Filippov  <jcmvbkbc@gmail.com>
+
+	* xtensa-isa.c (xtensa_isa_init): Don't update lookup table
+	entries for sysregs with negative indices.
+
+Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
+---
+Backported from: d84ed528d4817b0ff854006b65a9f6ec75f0407a
+
+ bfd/xtensa-isa.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/bfd/xtensa-isa.c b/bfd/xtensa-isa.c
+index 8da75bea8109..8c6ee88fdeae 100644
+--- a/bfd/xtensa-isa.c
++++ b/bfd/xtensa-isa.c
+@@ -292,7 +292,8 @@ xtensa_isa_init (xtensa_isa_status *errno_p, char **error_msg_p)
+       xtensa_sysreg_internal *sreg = &isa->sysregs[n];
+       is_user = sreg->is_user;
+ 
+-      isa->sysreg_table[is_user][sreg->number] = n;
++      if (sreg->number >= 0)
++	isa->sysreg_table[is_user][sreg->number] = n;
+     }
+ 
+   /* Set up the interface lookup table.  */
+-- 
+2.1.4
+

package/binutils/2.27/0907-Automatically-enable-CRC-instructions-on-supported-A.patch

@@ -0,0 +1,88 @@
+From 29a4659015ca7044c2d425d32a0b828e0fbb5ac1 Mon Sep 17 00:00:00 2001
+From: Richard Earnshaw <Richard.Earnshaw@arm.com>
+Date: Wed, 7 Sep 2016 17:14:54 +0100
+Subject: [PATCH] Automatically enable CRC instructions on supported ARMv8-A
+ CPUs.
+
+2016-09-07  Richard Earnshaw  <rearnsha@arm.com>
+
+	* opcode/arm.h (ARM_ARCH_V8A_CRC): New architecture.
+
+2016-09-07  Richard Earnshaw  <rearnsha@arm.com>
+
+	* config/tc-arm.c ((arm_cpus): Use ARM_ARCH_V8A_CRC for all
+	ARMv8-A CPUs except xgene1.
+
+Upstream: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=patch;h=27e5a270962fb92c07e7d476966ba380fa3bb68e
+Signed-off-by: Peter Seiderer <ps.report@gmx.net>
+---
+ gas/config/tc-arm.c  | 18 +++++++++---------
+ include/opcode/arm.h |  2 ++
+ 2 files changed, 11 insertions(+), 9 deletions(-)
+
+diff --git a/gas/config/tc-arm.c b/gas/config/tc-arm.c
+index 73d05316..7c86184d 100644
+--- a/gas/config/tc-arm.c
++++ b/gas/config/tc-arm.c
+@@ -25332,17 +25332,17 @@ static const struct arm_cpu_option_table arm_cpus[] =
+ 								  "Cortex-A15"),
+   ARM_CPU_OPT ("cortex-a17",	ARM_ARCH_V7VE,   FPU_ARCH_NEON_VFP_V4,
+ 								  "Cortex-A17"),
+-  ARM_CPU_OPT ("cortex-a32",    ARM_ARCH_V8A,    FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
++  ARM_CPU_OPT ("cortex-a32",    ARM_ARCH_V8A_CRC, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
+ 								  "Cortex-A32"),
+-  ARM_CPU_OPT ("cortex-a35",    ARM_ARCH_V8A,    FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
++  ARM_CPU_OPT ("cortex-a35",    ARM_ARCH_V8A_CRC, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
+ 								  "Cortex-A35"),
+-  ARM_CPU_OPT ("cortex-a53",    ARM_ARCH_V8A,    FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
++  ARM_CPU_OPT ("cortex-a53",    ARM_ARCH_V8A_CRC, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
+ 								  "Cortex-A53"),
+-  ARM_CPU_OPT ("cortex-a57",    ARM_ARCH_V8A,    FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
++  ARM_CPU_OPT ("cortex-a57",    ARM_ARCH_V8A_CRC, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
+ 								  "Cortex-A57"),
+-  ARM_CPU_OPT ("cortex-a72",    ARM_ARCH_V8A,    FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
++  ARM_CPU_OPT ("cortex-a72",    ARM_ARCH_V8A_CRC, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
+ 								  "Cortex-A72"),
+-  ARM_CPU_OPT ("cortex-a73",    ARM_ARCH_V8A,    FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
++  ARM_CPU_OPT ("cortex-a73",    ARM_ARCH_V8A_CRC, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
+ 								  "Cortex-A73"),
+   ARM_CPU_OPT ("cortex-r4",	ARM_ARCH_V7R,	 FPU_NONE,	  "Cortex-R4"),
+   ARM_CPU_OPT ("cortex-r4f",	ARM_ARCH_V7R,	 FPU_ARCH_VFP_V3D16,
+@@ -25361,10 +25361,10 @@ static const struct arm_cpu_option_table arm_cpus[] =
+   ARM_CPU_OPT ("cortex-m1",	ARM_ARCH_V6SM,	 FPU_NONE,	  "Cortex-M1"),
+   ARM_CPU_OPT ("cortex-m0",	ARM_ARCH_V6SM,	 FPU_NONE,	  "Cortex-M0"),
+   ARM_CPU_OPT ("cortex-m0plus",	ARM_ARCH_V6SM,	 FPU_NONE,	  "Cortex-M0+"),
+-  ARM_CPU_OPT ("exynos-m1",	ARM_ARCH_V8A,	 FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
++  ARM_CPU_OPT ("exynos-m1",	ARM_ARCH_V8A_CRC, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
+ 								  "Samsung " \
+ 								  "Exynos M1"),
+-  ARM_CPU_OPT ("qdf24xx",	ARM_ARCH_V8A,	 FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
++  ARM_CPU_OPT ("qdf24xx",	ARM_ARCH_V8A_CRC, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
+ 								  "Qualcomm "
+ 								  "QDF24XX"),
+ 
+@@ -25389,7 +25389,7 @@ static const struct arm_cpu_option_table arm_cpus[] =
+   /* APM X-Gene family.  */
+   ARM_CPU_OPT ("xgene1",        ARM_ARCH_V8A,    FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
+ 	                                                          "APM X-Gene 1"),
+-  ARM_CPU_OPT ("xgene2",        ARM_ARCH_V8A,    FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
++  ARM_CPU_OPT ("xgene2",        ARM_ARCH_V8A_CRC, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
+ 	                                                          "APM X-Gene 2"),
+ 
+   { NULL, 0, ARM_ARCH_NONE, ARM_ARCH_NONE, NULL }
+diff --git a/include/opcode/arm.h b/include/opcode/arm.h
+index 60715cf8..feace5cd 100644
+--- a/include/opcode/arm.h
++++ b/include/opcode/arm.h
+@@ -263,6 +263,8 @@
+ #define ARM_ARCH_V7M	ARM_FEATURE_CORE (ARM_AEXT_V7M, ARM_EXT2_V6T2_V8M)
+ #define ARM_ARCH_V7EM	ARM_FEATURE_CORE (ARM_AEXT_V7EM, ARM_EXT2_V6T2_V8M)
+ #define ARM_ARCH_V8A	ARM_FEATURE_CORE (ARM_AEXT_V8A, ARM_AEXT2_V8A)
++#define ARM_ARCH_V8A_CRC ARM_FEATURE (ARM_AEXT_V8A, ARM_AEXT2_V8A, \
++				      CRC_EXT_ARMV8)
+ #define ARM_ARCH_V8_1A	ARM_FEATURE (ARM_AEXT_V8A, ARM_AEXT2_V8_1A,	\
+ 				     CRC_EXT_ARMV8 | FPU_NEON_EXT_RDMA)
+ #define ARM_ARCH_V8_2A	ARM_FEATURE (ARM_AEXT_V8A, ARM_AEXT2_V8_2A,	\
+-- 
+2.11.0
+

package/bluez5_utils/0002-sdp-Fix-Out-of-bounds-heap-read-in-service_search_at.patch

@@ -0,0 +1,29 @@
+From 9e009647b14e810e06626dde7f1bb9ea3c375d09 Mon Sep 17 00:00:00 2001
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Date: Wed, 13 Sep 2017 10:01:40 +0300
+Subject: [PATCH] sdp: Fix Out-of-bounds heap read in service_search_attr_req
+ function
+
+Check if there is enough data to continue otherwise return an error.
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ src/sdpd-request.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/sdpd-request.c b/src/sdpd-request.c
+index 1eefdce1a..318d04467 100644
+--- a/src/sdpd-request.c
++++ b/src/sdpd-request.c
+@@ -917,7 +917,7 @@ static int service_search_attr_req(sdp_req_t *req, sdp_buf_t *buf)
+ 	} else {
+ 		/* continuation State exists -> get from cache */
+ 		sdp_buf_t *pCache = sdp_get_cached_rsp(cstate);
+-		if (pCache) {
++		if (pCache && cstate->cStateValue.maxBytesSent < pCache->data_size) {
+ 			uint16_t sent = MIN(max, pCache->data_size - cstate->cStateValue.maxBytesSent);
+ 			pResponse = pCache->data;
+ 			memcpy(buf->data, pResponse + cstate->cStateValue.maxBytesSent, sent);
+-- 
+2.11.0
+

package/bluez_utils/0004-test-add-missing-header.patch

@@ -0,0 +1,34 @@
+From d3c098c2fde55ddf0c7d56eae56925103d35da73 Mon Sep 17 00:00:00 2001
+From: Romain Naour <romain.naour@gmail.com>
+Date: Sat, 13 May 2017 18:56:51 +0200
+Subject: [PATCH] test: add missing header
+
+test/attest.c: In function 'at_command':
+test/attest.c:43:2: error: unknown type name 'fd_set'
+  fd_set rfds;
+  ^
+
+Fixes:
+http://autobuild.buildroot.net/results/06c/06c930d9c5299b79500d018ac3fb2861ce834c7c/
+
+Signed-off-by: Romain Naour <romain.naour@gmail.com>
+---
+ test/attest.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/test/attest.c b/test/attest.c
+index 12ba682..2626cf1 100644
+--- a/test/attest.c
++++ b/test/attest.c
+@@ -35,6 +35,8 @@
+ #include <sys/ioctl.h>
+ #include <sys/socket.h>
+ 
++#include <sys/select.h>
++
+ #include <bluetooth/bluetooth.h>
+ #include <bluetooth/rfcomm.h>
+ 
+-- 
+2.9.3
+

package/bluez_utils/0005-test-avoid-conflict-with-encrypt-function.patch

@@ -0,0 +1,107 @@
+From d8056252d0c99bfb2482f0a420dcf9a36019ddf8 Mon Sep 17 00:00:00 2001
+From: Romain Naour <romain.naour@gmail.com>
+Date: Sat, 13 May 2017 18:58:51 +0200
+Subject: [PATCH] test: avoid conflict with encrypt function
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+With a musl based toolchain:
+
+test/l2test.c:110:12: error: ‘encrypt’ redeclared as different kind of symbol
+ static int encrypt = 0;
+            ^
+In file included from test/l2test.c:34:0:
+[...]/sysroot/usr/include/unistd.h:145:6: note: previous declaration of ‘encrypt’ was here
+ void encrypt(char *, int);
+      ^
+
+Signed-off-by: Romain Naour <romain.naour@gmail.com>
+---
+ test/l2test.c | 8 ++++----
+ test/rctest.c | 8 ++++----
+ 2 files changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/test/l2test.c b/test/l2test.c
+index f66486d..9ef6faf 100644
+--- a/test/l2test.c
++++ b/test/l2test.c
+@@ -107,7 +107,7 @@ static char *filename = NULL;
+ static int rfcmode = 0;
+ static int master = 0;
+ static int auth = 0;
+-static int encrypt = 0;
++static int _encrypt = 0;
+ static int secure = 0;
+ static int socktype = SOCK_SEQPACKET;
+ static int linger = 0;
+@@ -340,7 +340,7 @@ static int do_connect(char *svr)
+ 		opt |= L2CAP_LM_MASTER;
+ 	if (auth)
+ 		opt |= L2CAP_LM_AUTH;
+-	if (encrypt)
++	if (_encrypt)
+ 		opt |= L2CAP_LM_ENCRYPT;
+ 	if (secure)
+ 		opt |= L2CAP_LM_SECURE;
+@@ -475,7 +475,7 @@ static void do_listen(void (*handler)(int sk))
+ 		opt |= L2CAP_LM_MASTER;
+ 	if (auth)
+ 		opt |= L2CAP_LM_AUTH;
+-	if (encrypt)
++	if (_encrypt)
+ 		opt |= L2CAP_LM_ENCRYPT;
+ 	if (secure)
+ 		opt |= L2CAP_LM_SECURE;
+@@ -1407,7 +1407,7 @@ int main(int argc, char *argv[])
+ 			break;
+ 
+ 		case 'E':
+-			encrypt = 1;
++			_encrypt = 1;
+ 			break;
+ 
+ 		case 'S':
+diff --git a/test/rctest.c b/test/rctest.c
+index 4d7c90a..7ad5a0b 100644
+--- a/test/rctest.c
++++ b/test/rctest.c
+@@ -79,7 +79,7 @@ static char *filename = NULL;
+ 
+ static int master = 0;
+ static int auth = 0;
+-static int encrypt = 0;
++static int _encrypt = 0;
+ static int secure = 0;
+ static int socktype = SOCK_STREAM;
+ static int linger = 0;
+@@ -200,7 +200,7 @@ static int do_connect(const char *svr)
+ 		opt |= RFCOMM_LM_MASTER;
+ 	if (auth)
+ 		opt |= RFCOMM_LM_AUTH;
+-	if (encrypt)
++	if (_encrypt)
+ 		opt |= RFCOMM_LM_ENCRYPT;
+ 	if (secure)
+ 		opt |= RFCOMM_LM_SECURE;
+@@ -291,7 +291,7 @@ static void do_listen(void (*handler)(int sk))
+ 		opt |= RFCOMM_LM_MASTER;
+ 	if (auth)
+ 		opt |= RFCOMM_LM_AUTH;
+-	if (encrypt)
++	if (_encrypt)
+ 		opt |= RFCOMM_LM_ENCRYPT;
+ 	if (secure)
+ 		opt |= RFCOMM_LM_SECURE;
+@@ -701,7 +701,7 @@ int main(int argc, char *argv[])
+ 			break;
+ 
+ 		case 'E':
+-			encrypt = 1;
++			_encrypt = 1;
+ 			break;
+ 
+ 		case 'S':
+-- 
+2.9.3
+

package/bluez_utils/Config.in

@@ -4,6 +4,7 @@ config BR2_PACKAGE_BLUEZ_UTILS
 	depends on BR2_USE_WCHAR # libglib2
 	depends on BR2_TOOLCHAIN_HAS_THREADS # dbus, alsa-lib, libglib2
 	depends on BR2_USE_MMU # dbus, libglib2
+	select BR2_PACKAGE_CHECK
 	select BR2_PACKAGE_DBUS
 	select BR2_PACKAGE_LIBGLIB2
 	help

package/bluez_utils/bluez_utils.mk

@@ -8,7 +8,7 @@ BLUEZ_UTILS_VERSION = 4.101
 BLUEZ_UTILS_SOURCE = bluez-$(BLUEZ_UTILS_VERSION).tar.xz
 BLUEZ_UTILS_SITE = $(BR2_KERNEL_MIRROR)/linux/bluetooth
 BLUEZ_UTILS_INSTALL_STAGING = YES
-BLUEZ_UTILS_DEPENDENCIES = dbus libglib2
+BLUEZ_UTILS_DEPENDENCIES = host-pkgconf check dbus libglib2
 BLUEZ_UTILS_CONF_OPTS = --enable-test --enable-tools
 BLUEZ_UTILS_AUTORECONF = YES
 BLUEZ_UTILS_LICENSE = GPLv2+, LGPLv2.1+

package/botan/botan.hash

@@ -1,2 +1,2 @@
 # Locally calculated after checking pgp signature
-sha256	23ec973d4b4a4fe04f490d409e08ac5638afe3aa09acd7f520daaff38ba19b90  Botan-1.10.13.tgz
+sha256 6c5472401d06527e87adcb53dd270f3c9b1fb688703b04dd7a7cfb86289efe52  Botan-1.10.16.tgz

package/botan/botan.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-BOTAN_VERSION = 1.10.13
+BOTAN_VERSION = 1.10.16
 BOTAN_SOURCE = Botan-$(BOTAN_VERSION).tgz
 BOTAN_SITE = http://botan.randombit.net/releases
 BOTAN_LICENSE = BSD-2c
@@ -43,6 +43,12 @@ BOTAN_DEPENDENCIES += zlib
 BOTAN_CONF_OPTS += --with-zlib
 endif
 
+ifeq ($(BR2_POWERPC_CPU_HAS_ALTIVEC),y)
+BOTAN_CONF_OPTS += --enable-altivec
+else
+BOTAN_CONF_OPTS += --disable-altivec
+endif
+
 define BOTAN_CONFIGURE_CMDS
 	(cd $(@D); $(TARGET_MAKE_ENV) ./configure.py $(BOTAN_CONF_OPTS))
 endef

package/busybox/0003-wget-fix-for-brain-damaged-HTTP-servers.-Closes-9471.patch

@@ -0,0 +1,87 @@
+From dac762a702d01c8c2d42135795cc9bf23ff324a2 Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Wed, 11 Jan 2017 20:16:45 +0100
+Subject: [PATCH] wget: fix for brain-damaged HTTP servers. Closes 9471
+
+write(3, "GET / HTTP/1.1\r\nUser-Agent: Wget\r\nConnection: close\r\n\r\n", 74) = 74
+shutdown(3, SHUT_WR)    = 0
+alarm(900)              = 900
+read(3, "", 1024)       = 0
+write(2, "wget: error getting response\n", 29) = 29
+exit(1)
+
+The peer simply does not return anything. It closes its connection.
+
+Probably it detects wget closing its writing end: shutdown(3, SHUT_WR).
+
+The point it, closing write side of the socket is _valid_ for HTTP.
+wget sent the full request, it won't be sending anything more:
+it will only receive the response, and that's it.
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ networking/wget.c | 26 ++++++++++++++++++--------
+ 1 file changed, 18 insertions(+), 8 deletions(-)
+
+diff --git a/networking/wget.c b/networking/wget.c
+index b082a0f59..afb09f587 100644
+--- a/networking/wget.c
++++ b/networking/wget.c
+@@ -141,6 +141,8 @@
+ #endif
+ 
+ 
++#define SSL_SUPPORTED (ENABLE_FEATURE_WGET_OPENSSL || ENABLE_FEATURE_WGET_SSL_HELPER)
++
+ struct host_info {
+ 	char *allocated;
+ 	const char *path;
+@@ -151,7 +153,7 @@ struct host_info {
+ };
+ static const char P_FTP[] ALIGN1 = "ftp";
+ static const char P_HTTP[] ALIGN1 = "http";
+-#if ENABLE_FEATURE_WGET_OPENSSL || ENABLE_FEATURE_WGET_SSL_HELPER
++#if SSL_SUPPORTED
+ static const char P_HTTPS[] ALIGN1 = "https";
+ #endif
+ 
+@@ -452,7 +454,7 @@ static void parse_url(const char *src_url, struct host_info *h)
+ 		if (strcmp(url, P_FTP) == 0) {
+ 			h->port = bb_lookup_port(P_FTP, "tcp", 21);
+ 		} else
+-#if ENABLE_FEATURE_WGET_OPENSSL || ENABLE_FEATURE_WGET_SSL_HELPER
++#if SSL_SUPPORTED
+ 		if (strcmp(url, P_HTTPS) == 0) {
+ 			h->port = bb_lookup_port(P_HTTPS, "tcp", 443);
+ 			h->protocol = P_HTTPS;
+@@ -1093,12 +1095,20 @@ static void download_one_url(const char *url)
+ 		}
+ 
+ 		fflush(sfp);
+-		/* If we use SSL helper, keeping our end of the socket open for writing
+-		 * makes our end (i.e. the same fd!) readable (EAGAIN instead of EOF)
+-		 * even after child closes its copy of the fd.
+-		 * This helps:
+-		 */
+-		shutdown(fileno(sfp), SHUT_WR);
++
++/* Tried doing this unconditionally.
++ * Cloudflare and nginx/1.11.5 are shocked to see SHUT_WR on non-HTTPS.
++ */
++#if SSL_SUPPORTED
++		if (target.protocol == P_HTTPS) {
++			/* If we use SSL helper, keeping our end of the socket open for writing
++			 * makes our end (i.e. the same fd!) readable (EAGAIN instead of EOF)
++			 * even after child closes its copy of the fd.
++			 * This helps:
++			 */
++			shutdown(fileno(sfp), SHUT_WR);
++		}
++#endif
+ 
+ 		/*
+ 		 * Retrieve HTTP response line and check for "200" status code.
+-- 
+2.11.0
+

package/busybox/0004-unzip-properly-use-CDF-to-find-compressed-files.-Clo.patch

@@ -0,0 +1,494 @@
+From fa654812e79d2422b41cfff6443e2abcb7737517 Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Thu, 5 Jan 2017 11:43:53 +0100
+Subject: [PATCH] unzip: properly use CDF to find compressed files. Closes 9536
+
+function                                             old     new   delta
+unzip_main                                          2437    2350     -87
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ archival/unzip.c      | 285 +++++++++++++++++++++++++++++---------------------
+ testsuite/unzip.tests |   6 +-
+ 2 files changed, 168 insertions(+), 123 deletions(-)
+
+diff --git a/archival/unzip.c b/archival/unzip.c
+index c540485ac..edef22f75 100644
+--- a/archival/unzip.c
++++ b/archival/unzip.c
+@@ -16,7 +16,6 @@
+  * TODO
+  * Zip64 + other methods
+  */
+-
+ //config:config UNZIP
+ //config:	bool "unzip"
+ //config:	default y
+@@ -24,8 +23,17 @@
+ //config:	  unzip will list or extract files from a ZIP archive,
+ //config:	  commonly found on DOS/WIN systems. The default behavior
+ //config:	  (with no options) is to extract the archive into the
+-//config:	  current directory. Use the `-d' option to extract to a
+-//config:	  directory of your choice.
++//config:	  current directory.
++//config:
++//config:config FEATURE_UNZIP_CDF
++//config:	bool "Read and use Central Directory data"
++//config:	default y
++//config:	depends on UNZIP
++//config:	help
++//config:	  If you know that you only need to deal with simple
++//config:	  ZIP files without deleted/updated files, SFX archves etc,
++//config:	  you can reduce code size by unselecting this option.
++//config:	  To support less trivial ZIPs, say Y.
+ 
+ //applet:IF_UNZIP(APPLET(unzip, BB_DIR_USR_BIN, BB_SUID_DROP))
+ //kbuild:lib-$(CONFIG_UNZIP) += unzip.o
+@@ -80,30 +88,20 @@ typedef union {
+ 		uint32_t ucmpsize PACKED;       /* 18-21 */
+ 		uint16_t filename_len;          /* 22-23 */
+ 		uint16_t extra_len;             /* 24-25 */
++		/* filename follows (not NUL terminated) */
++		/* extra field follows */
++		/* data follows */
+ 	} formatted PACKED;
+ } zip_header_t; /* PACKED - gcc 4.2.1 doesn't like it (spews warning) */
+ 
+-/* Check the offset of the last element, not the length.  This leniency
+- * allows for poor packing, whereby the overall struct may be too long,
+- * even though the elements are all in the right place.
+- */
+-struct BUG_zip_header_must_be_26_bytes {
+-	char BUG_zip_header_must_be_26_bytes[
+-		offsetof(zip_header_t, formatted.extra_len) + 2
+-			== ZIP_HEADER_LEN ? 1 : -1];
+-};
+-
+-#define FIX_ENDIANNESS_ZIP(zip_header) do { \
+-	(zip_header).formatted.version      = SWAP_LE16((zip_header).formatted.version     ); \
+-	(zip_header).formatted.method       = SWAP_LE16((zip_header).formatted.method      ); \
+-	(zip_header).formatted.modtime      = SWAP_LE16((zip_header).formatted.modtime     ); \
+-	(zip_header).formatted.moddate      = SWAP_LE16((zip_header).formatted.moddate     ); \
++#define FIX_ENDIANNESS_ZIP(zip_header) \
++do { if (BB_BIG_ENDIAN) { \
+ 	(zip_header).formatted.crc32        = SWAP_LE32((zip_header).formatted.crc32       ); \
+ 	(zip_header).formatted.cmpsize      = SWAP_LE32((zip_header).formatted.cmpsize     ); \
+ 	(zip_header).formatted.ucmpsize     = SWAP_LE32((zip_header).formatted.ucmpsize    ); \
+ 	(zip_header).formatted.filename_len = SWAP_LE16((zip_header).formatted.filename_len); \
+ 	(zip_header).formatted.extra_len    = SWAP_LE16((zip_header).formatted.extra_len   ); \
+-} while (0)
++}} while (0)
+ 
+ #define CDF_HEADER_LEN 42
+ 
+@@ -115,8 +113,8 @@ typedef union {
+ 		uint16_t version_needed;        /* 2-3 */
+ 		uint16_t cdf_flags;             /* 4-5 */
+ 		uint16_t method;                /* 6-7 */
+-		uint16_t mtime;                 /* 8-9 */
+-		uint16_t mdate;                 /* 10-11 */
++		uint16_t modtime;               /* 8-9 */
++		uint16_t moddate;               /* 10-11 */
+ 		uint32_t crc32;                 /* 12-15 */
+ 		uint32_t cmpsize;               /* 16-19 */
+ 		uint32_t ucmpsize;              /* 20-23 */
+@@ -127,27 +125,27 @@ typedef union {
+ 		uint16_t internal_file_attributes; /* 32-33 */
+ 		uint32_t external_file_attributes PACKED; /* 34-37 */
+ 		uint32_t relative_offset_of_local_header PACKED; /* 38-41 */
++		/* filename follows (not NUL terminated) */
++		/* extra field follows */
++		/* comment follows */
+ 	} formatted PACKED;
+ } cdf_header_t;
+ 
+-struct BUG_cdf_header_must_be_42_bytes {
+-	char BUG_cdf_header_must_be_42_bytes[
+-		offsetof(cdf_header_t, formatted.relative_offset_of_local_header) + 4
+-			== CDF_HEADER_LEN ? 1 : -1];
+-};
+-
+-#define FIX_ENDIANNESS_CDF(cdf_header) do { \
++#define FIX_ENDIANNESS_CDF(cdf_header) \
++do { if (BB_BIG_ENDIAN) { \
++	(cdf_header).formatted.version_made_by = SWAP_LE16((cdf_header).formatted.version_made_by); \
++	(cdf_header).formatted.version_needed = SWAP_LE16((cdf_header).formatted.version_needed); \
++	(cdf_header).formatted.method       = SWAP_LE16((cdf_header).formatted.method      ); \
++	(cdf_header).formatted.modtime      = SWAP_LE16((cdf_header).formatted.modtime     ); \
++	(cdf_header).formatted.moddate      = SWAP_LE16((cdf_header).formatted.moddate     ); \
+ 	(cdf_header).formatted.crc32        = SWAP_LE32((cdf_header).formatted.crc32       ); \
+ 	(cdf_header).formatted.cmpsize      = SWAP_LE32((cdf_header).formatted.cmpsize     ); \
+ 	(cdf_header).formatted.ucmpsize     = SWAP_LE32((cdf_header).formatted.ucmpsize    ); \
+ 	(cdf_header).formatted.file_name_length = SWAP_LE16((cdf_header).formatted.file_name_length); \
+ 	(cdf_header).formatted.extra_field_length = SWAP_LE16((cdf_header).formatted.extra_field_length); \
+ 	(cdf_header).formatted.file_comment_length = SWAP_LE16((cdf_header).formatted.file_comment_length); \
+-	IF_DESKTOP( \
+-	(cdf_header).formatted.version_made_by = SWAP_LE16((cdf_header).formatted.version_made_by); \
+ 	(cdf_header).formatted.external_file_attributes = SWAP_LE32((cdf_header).formatted.external_file_attributes); \
+-	) \
+-} while (0)
++}} while (0)
+ 
+ #define CDE_HEADER_LEN 16
+ 
+@@ -166,20 +164,38 @@ typedef union {
+ 	} formatted PACKED;
+ } cde_header_t;
+ 
+-struct BUG_cde_header_must_be_16_bytes {
++#define FIX_ENDIANNESS_CDE(cde_header) \
++do { if (BB_BIG_ENDIAN) { \
++	(cde_header).formatted.cdf_offset = SWAP_LE32((cde_header).formatted.cdf_offset); \
++}} while (0)
++
++struct BUG {
++	/* Check the offset of the last element, not the length.  This leniency
++	 * allows for poor packing, whereby the overall struct may be too long,
++	 * even though the elements are all in the right place.
++	 */
++	char BUG_zip_header_must_be_26_bytes[
++		offsetof(zip_header_t, formatted.extra_len) + 2
++			== ZIP_HEADER_LEN ? 1 : -1];
++	char BUG_cdf_header_must_be_42_bytes[
++		offsetof(cdf_header_t, formatted.relative_offset_of_local_header) + 4
++			== CDF_HEADER_LEN ? 1 : -1];
+ 	char BUG_cde_header_must_be_16_bytes[
+ 		sizeof(cde_header_t) == CDE_HEADER_LEN ? 1 : -1];
+ };
+ 
+-#define FIX_ENDIANNESS_CDE(cde_header) do { \
+-	(cde_header).formatted.cdf_offset = SWAP_LE32((cde_header).formatted.cdf_offset); \
+-} while (0)
+ 
+ enum { zip_fd = 3 };
+ 
+ 
+-#if ENABLE_DESKTOP
++/* This value means that we failed to find CDF */
++#define BAD_CDF_OFFSET ((uint32_t)0xffffffff)
++
++#if !ENABLE_FEATURE_UNZIP_CDF
+ 
++# define find_cdf_offset() BAD_CDF_OFFSET
++
++#else
+ /* Seen in the wild:
+  * Self-extracting PRO2K3XP_32.exe contains 19078464 byte zip archive,
+  * where CDE was nearly 48 kbytes before EOF.
+@@ -188,25 +204,26 @@ enum { zip_fd = 3 };
+  * To make extraction work, bumped PEEK_FROM_END from 16k to 64k.
+  */
+ #define PEEK_FROM_END (64*1024)
+-
+-/* This value means that we failed to find CDF */
+-#define BAD_CDF_OFFSET ((uint32_t)0xffffffff)
+-
+ /* NB: does not preserve file position! */
+ static uint32_t find_cdf_offset(void)
+ {
+ 	cde_header_t cde_header;
++	unsigned char *buf;
+ 	unsigned char *p;
+ 	off_t end;
+-	unsigned char *buf = xzalloc(PEEK_FROM_END);
+ 	uint32_t found;
+ 
+-	end = xlseek(zip_fd, 0, SEEK_END);
++	end = lseek(zip_fd, 0, SEEK_END);
++	if (end == (off_t) -1)
++		return BAD_CDF_OFFSET;
++
+ 	end -= PEEK_FROM_END;
+ 	if (end < 0)
+ 		end = 0;
++
+ 	dbg("Looking for cdf_offset starting from 0x%"OFF_FMT"x", end);
+  	xlseek(zip_fd, end, SEEK_SET);
++	buf = xzalloc(PEEK_FROM_END);
+ 	full_read(zip_fd, buf, PEEK_FROM_END);
+ 
+ 	found = BAD_CDF_OFFSET;
+@@ -252,30 +269,36 @@ static uint32_t find_cdf_offset(void)
+ static uint32_t read_next_cdf(uint32_t cdf_offset, cdf_header_t *cdf_ptr)
+ {
+ 	off_t org;
++	uint32_t magic;
+ 
+-	org = xlseek(zip_fd, 0, SEEK_CUR);
++	if (cdf_offset == BAD_CDF_OFFSET)
++		return cdf_offset;
+ 
+-	if (!cdf_offset)
+-		cdf_offset = find_cdf_offset();
+-
+-	if (cdf_offset != BAD_CDF_OFFSET) {
+-		dbg("Reading CDF at 0x%x", (unsigned)cdf_offset);
+-		xlseek(zip_fd, cdf_offset + 4, SEEK_SET);
+-		xread(zip_fd, cdf_ptr->raw, CDF_HEADER_LEN);
+-		FIX_ENDIANNESS_CDF(*cdf_ptr);
+-		dbg("  file_name_length:%u extra_field_length:%u file_comment_length:%u",
+-			(unsigned)cdf_ptr->formatted.file_name_length,
+-			(unsigned)cdf_ptr->formatted.extra_field_length,
+-			(unsigned)cdf_ptr->formatted.file_comment_length
+-		);
+-		cdf_offset += 4 + CDF_HEADER_LEN
+-			+ cdf_ptr->formatted.file_name_length
+-			+ cdf_ptr->formatted.extra_field_length
+-			+ cdf_ptr->formatted.file_comment_length;
++	org = xlseek(zip_fd, 0, SEEK_CUR);
++	dbg("Reading CDF at 0x%x", (unsigned)cdf_offset);
++	xlseek(zip_fd, cdf_offset, SEEK_SET);
++	xread(zip_fd, &magic, 4);
++	/* Central Directory End? */
++	if (magic == ZIP_CDE_MAGIC) {
++		dbg("got ZIP_CDE_MAGIC");
++		return 0; /* EOF */
+ 	}
++	xread(zip_fd, cdf_ptr->raw, CDF_HEADER_LEN);
++	/* Caller doesn't need this: */
++	/* dbg("Returning file position to 0x%"OFF_FMT"x", org); */
++	/* xlseek(zip_fd, org, SEEK_SET); */
++
++	FIX_ENDIANNESS_CDF(*cdf_ptr);
++	dbg("  file_name_length:%u extra_field_length:%u file_comment_length:%u",
++		(unsigned)cdf_ptr->formatted.file_name_length,
++		(unsigned)cdf_ptr->formatted.extra_field_length,
++		(unsigned)cdf_ptr->formatted.file_comment_length
++	);
++	cdf_offset += 4 + CDF_HEADER_LEN
++		+ cdf_ptr->formatted.file_name_length
++		+ cdf_ptr->formatted.extra_field_length
++		+ cdf_ptr->formatted.file_comment_length;
+ 
+-	dbg("Returning file position to 0x%"OFF_FMT"x", org);
+-	xlseek(zip_fd, org, SEEK_SET);
+ 	return cdf_offset;
+ };
+ #endif
+@@ -324,6 +347,7 @@ static void unzip_extract(zip_header_t *zip_header, int dst_fd)
+ 			bb_error_msg("bad length");
+ 		}
+ 	}
++	/* TODO? method 12: bzip2, method 14: LZMA */
+ }
+ 
+ static void my_fgets80(char *buf80)
+@@ -339,15 +363,12 @@ int unzip_main(int argc, char **argv)
+ {
+ 	enum { O_PROMPT, O_NEVER, O_ALWAYS };
+ 
+-	zip_header_t zip_header;
+ 	smallint quiet = 0;
+-	IF_NOT_DESKTOP(const) smallint verbose = 0;
++	IF_NOT_FEATURE_UNZIP_CDF(const) smallint verbose = 0;
+ 	smallint listing = 0;
+ 	smallint overwrite = O_PROMPT;
+ 	smallint x_opt_seen;
+-#if ENABLE_DESKTOP
+ 	uint32_t cdf_offset;
+-#endif
+ 	unsigned long total_usize;
+ 	unsigned long total_size;
+ 	unsigned total_entries;
+@@ -430,7 +451,7 @@ int unzip_main(int argc, char **argv)
+ 			break;
+ 
+ 		case 'v': /* Verbose list */
+-			IF_DESKTOP(verbose++;)
++			IF_FEATURE_UNZIP_CDF(verbose++;)
+ 			listing = 1;
+ 			break;
+ 
+@@ -545,78 +566,102 @@ int unzip_main(int argc, char **argv)
+ 	total_usize = 0;
+ 	total_size = 0;
+ 	total_entries = 0;
+-#if ENABLE_DESKTOP
+-	cdf_offset = 0;
+-#endif
++	cdf_offset = find_cdf_offset();	/* try to seek to the end, find CDE and CDF start */
+ 	while (1) {
+-		uint32_t magic;
++		zip_header_t zip_header;
+ 		mode_t dir_mode = 0777;
+-#if ENABLE_DESKTOP
++#if ENABLE_FEATURE_UNZIP_CDF
+ 		mode_t file_mode = 0666;
+ #endif
+ 
+-		/* Check magic number */
+-		xread(zip_fd, &magic, 4);
+-		/* Central directory? It's at the end, so exit */
+-		if (magic == ZIP_CDF_MAGIC) {
+-			dbg("got ZIP_CDF_MAGIC");
+-			break;
+-		}
+-#if ENABLE_DESKTOP
+-		/* Data descriptor? It was a streaming file, go on */
+-		if (magic == ZIP_DD_MAGIC) {
+-			dbg("got ZIP_DD_MAGIC");
+-			/* skip over duplicate crc32, cmpsize and ucmpsize */
+-			unzip_skip(3 * 4);
+-			continue;
+-		}
+-#endif
+-		if (magic != ZIP_FILEHEADER_MAGIC)
+-			bb_error_msg_and_die("invalid zip magic %08X", (int)magic);
+-		dbg("got ZIP_FILEHEADER_MAGIC");
+-
+-		/* Read the file header */
+-		xread(zip_fd, zip_header.raw, ZIP_HEADER_LEN);
+-		FIX_ENDIANNESS_ZIP(zip_header);
+-		if ((zip_header.formatted.method != 0) && (zip_header.formatted.method != 8)) {
+-			bb_error_msg_and_die("unsupported method %d", zip_header.formatted.method);
+-		}
+-#if !ENABLE_DESKTOP
+-		if (zip_header.formatted.zip_flags & SWAP_LE16(0x0009)) {
+-			bb_error_msg_and_die("zip flags 1 and 8 are not supported");
+-		}
+-#else
+-		if (zip_header.formatted.zip_flags & SWAP_LE16(0x0001)) {
+-			/* 0x0001 - encrypted */
+-			bb_error_msg_and_die("zip flag 1 (encryption) is not supported");
+-		}
++		if (!ENABLE_FEATURE_UNZIP_CDF || cdf_offset == BAD_CDF_OFFSET) {
++			/* Normally happens when input is unseekable.
++			 *
++			 * Valid ZIP file has Central Directory at the end
++			 * with central directory file headers (CDFs).
++			 * After it, there is a Central Directory End structure.
++			 * CDFs identify what files are in the ZIP and where
++			 * they are located. This allows ZIP readers to load
++			 * the list of files without reading the entire ZIP archive.
++			 * ZIP files may be appended to, only files specified in
++			 * the CD are valid. Scanning for local file headers is
++			 * not a correct algorithm.
++			 *
++			 * We try to do the above, and resort to "linear" reading
++			 * of ZIP file only if seek failed or CDE wasn't found.
++			 */
++			uint32_t magic;
+ 
+-		if (cdf_offset != BAD_CDF_OFFSET) {
++			/* Check magic number */
++			xread(zip_fd, &magic, 4);
++			/* Central directory? It's at the end, so exit */
++			if (magic == ZIP_CDF_MAGIC) {
++				dbg("got ZIP_CDF_MAGIC");
++				break;
++			}
++			/* Data descriptor? It was a streaming file, go on */
++			if (magic == ZIP_DD_MAGIC) {
++				dbg("got ZIP_DD_MAGIC");
++				/* skip over duplicate crc32, cmpsize and ucmpsize */
++				unzip_skip(3 * 4);
++				continue;
++			}
++			if (magic != ZIP_FILEHEADER_MAGIC)
++				bb_error_msg_and_die("invalid zip magic %08X", (int)magic);
++			dbg("got ZIP_FILEHEADER_MAGIC");
++
++			xread(zip_fd, zip_header.raw, ZIP_HEADER_LEN);
++			FIX_ENDIANNESS_ZIP(zip_header);
++			if ((zip_header.formatted.method != 0)
++			 && (zip_header.formatted.method != 8)
++			) {
++				/* TODO? method 12: bzip2, method 14: LZMA */
++				bb_error_msg_and_die("unsupported method %d", zip_header.formatted.method);
++			}
++			if (zip_header.formatted.zip_flags & SWAP_LE16(0x0009)) {
++				bb_error_msg_and_die("zip flags 1 and 8 are not supported");
++			}
++		}
++#if ENABLE_FEATURE_UNZIP_CDF
++		else {
++			/* cdf_offset is valid (and we know the file is seekable) */
+ 			cdf_header_t cdf_header;
+ 			cdf_offset = read_next_cdf(cdf_offset, &cdf_header);
+-			/*
+-			 * Note: cdf_offset can become BAD_CDF_OFFSET after the above call.
+-			 */
++			if (cdf_offset == 0) /* EOF? */
++				break;
++# if 0
++			xlseek(zip_fd,
++				SWAP_LE32(cdf_header.formatted.relative_offset_of_local_header) + 4,
++				SEEK_SET);
++			xread(zip_fd, zip_header.raw, ZIP_HEADER_LEN);
++			FIX_ENDIANNESS_ZIP(zip_header);
+ 			if (zip_header.formatted.zip_flags & SWAP_LE16(0x0008)) {
+ 				/* 0x0008 - streaming. [u]cmpsize can be reliably gotten
+-				 * only from Central Directory. See unzip_doc.txt
++				 * only from Central Directory.
+ 				 */
+ 				zip_header.formatted.crc32    = cdf_header.formatted.crc32;
+ 				zip_header.formatted.cmpsize  = cdf_header.formatted.cmpsize;
+ 				zip_header.formatted.ucmpsize = cdf_header.formatted.ucmpsize;
+ 			}
++# else
++			/* CDF has the same data as local header, no need to read the latter */
++			memcpy(&zip_header.formatted.version,
++				&cdf_header.formatted.version_needed, ZIP_HEADER_LEN);
++			xlseek(zip_fd,
++				SWAP_LE32(cdf_header.formatted.relative_offset_of_local_header) + 4 + ZIP_HEADER_LEN,
++				SEEK_SET);
++# endif
+ 			if ((cdf_header.formatted.version_made_by >> 8) == 3) {
+ 				/* This archive is created on Unix */
+ 				dir_mode = file_mode = (cdf_header.formatted.external_file_attributes >> 16);
+ 			}
+ 		}
+-		if (cdf_offset == BAD_CDF_OFFSET
+-		 && (zip_header.formatted.zip_flags & SWAP_LE16(0x0008))
+-		) {
+-			/* If it's a streaming zip, we _require_ CDF */
+-			bb_error_msg_and_die("can't find file table");
+-		}
+ #endif
++
++		if (zip_header.formatted.zip_flags & SWAP_LE16(0x0001)) {
++			/* 0x0001 - encrypted */
++			bb_error_msg_and_die("zip flag 1 (encryption) is not supported");
++		}
+ 		dbg("File cmpsize:0x%x extra_len:0x%x ucmpsize:0x%x",
+ 			(unsigned)zip_header.formatted.cmpsize,
+ 			(unsigned)zip_header.formatted.extra_len,
+@@ -751,7 +796,7 @@ int unzip_main(int argc, char **argv)
+ 			overwrite = O_ALWAYS;
+ 		case 'y': /* Open file and fall into unzip */
+ 			unzip_create_leading_dirs(dst_fn);
+-#if ENABLE_DESKTOP
++#if ENABLE_FEATURE_UNZIP_CDF
+ 			dst_fd = xopen3(dst_fn, O_WRONLY | O_CREAT | O_TRUNC, file_mode);
+ #else
+ 			dst_fd = xopen(dst_fn, O_WRONLY | O_CREAT | O_TRUNC);
+diff --git a/testsuite/unzip.tests b/testsuite/unzip.tests
+index d8738a3bd..d9c45242c 100755
+--- a/testsuite/unzip.tests
++++ b/testsuite/unzip.tests
+@@ -31,11 +31,10 @@ rmdir foo
+ rm foo.zip
+ 
+ # File containing some damaged encrypted stream
++optional FEATURE_UNZIP_CDF
+ testing "unzip (bad archive)" "uudecode; unzip bad.zip 2>&1; echo \$?" \
+ "Archive:  bad.zip
+-  inflating: ]3j½r«IK-%Ix
+-unzip: corrupted data
+-unzip: inflate error
++unzip: short read
+ 1
+ " \
+ "" "\
+@@ -49,6 +48,7 @@ BDYAAAAMAAEADQAAADIADQAAAEEAAAASw73Ct1DKokohPXQiNzA+FAI1HCcW
+ NzITNFBLBQUKAC4JAA04Cw0EOhZQSwUGAQAABAIAAgCZAAAAeQAAAAIALhM=
+ ====
+ "
++SKIP=
+ 
+ rm *
+ 
+-- 
+2.11.0
+

package/busybox/0005-typo-fix-in-config-help-text.patch

@@ -0,0 +1,27 @@
+From f8692dc6a0035788a83821fa18b987d8748f97a7 Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Thu, 5 Jan 2017 11:47:28 +0100
+Subject: [PATCH] typo fix in config help text
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ archival/unzip.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/archival/unzip.c b/archival/unzip.c
+index edef22f75..f1726439d 100644
+--- a/archival/unzip.c
++++ b/archival/unzip.c
+@@ -31,7 +31,7 @@
+ //config:	depends on UNZIP
+ //config:	help
+ //config:	  If you know that you only need to deal with simple
+-//config:	  ZIP files without deleted/updated files, SFX archves etc,
++//config:	  ZIP files without deleted/updated files, SFX archives etc,
+ //config:	  you can reduce code size by unselecting this option.
+ //config:	  To support less trivial ZIPs, say Y.
+ 
+-- 
+2.11.0
+

package/busybox/0006-unzip-remove-now-pointless-lseek-which-returns-curre.patch

@@ -0,0 +1,50 @@
+From 50504d3a3badb8ab80bd33797abcbb3b7427c267 Mon Sep 17 00:00:00 2001
+From: Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn@axis.com>
+Date: Thu, 5 Jan 2017 19:07:54 +0100
+Subject: [PATCH] unzip: remove now-pointless lseek which returns current
+ position
+
+archival/unzip.c: In function 'read_next_cdf':
+archival/unzip.c:271:8: warning: variable 'org' set but
+                                 not used [-Wunused-but-set-variable]
+  off_t org;
+        ^~~
+
+Signed-off-by: Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn@axis.com>
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ archival/unzip.c | 5 -----
+ 1 file changed, 5 deletions(-)
+
+diff --git a/archival/unzip.c b/archival/unzip.c
+index f1726439d..98a71c09d 100644
+--- a/archival/unzip.c
++++ b/archival/unzip.c
+@@ -268,13 +268,11 @@ static uint32_t find_cdf_offset(void)
+ 
+ static uint32_t read_next_cdf(uint32_t cdf_offset, cdf_header_t *cdf_ptr)
+ {
+-	off_t org;
+ 	uint32_t magic;
+ 
+ 	if (cdf_offset == BAD_CDF_OFFSET)
+ 		return cdf_offset;
+ 
+-	org = xlseek(zip_fd, 0, SEEK_CUR);
+ 	dbg("Reading CDF at 0x%x", (unsigned)cdf_offset);
+ 	xlseek(zip_fd, cdf_offset, SEEK_SET);
+ 	xread(zip_fd, &magic, 4);
+@@ -284,9 +282,6 @@ static uint32_t read_next_cdf(uint32_t cdf_offset, cdf_header_t *cdf_ptr)
+ 		return 0; /* EOF */
+ 	}
+ 	xread(zip_fd, cdf_ptr->raw, CDF_HEADER_LEN);
+-	/* Caller doesn't need this: */
+-	/* dbg("Returning file position to 0x%"OFF_FMT"x", org); */
+-	/* xlseek(zip_fd, org, SEEK_SET); */
+ 
+ 	FIX_ENDIANNESS_CDF(*cdf_ptr);
+ 	dbg("  file_name_length:%u extra_field_length:%u file_comment_length:%u",
+-- 
+2.11.0
+

package/busybox/0007-unzip-do-not-use-CDF.extra_len-read-local-file-heade.patch

@@ -0,0 +1,509 @@
+From ee72302ac5e3b0b2217f616ab316d3c89e5a1f4c Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Sun, 8 Jan 2017 14:14:19 +0100
+Subject: [PATCH] unzip: do not use CDF.extra_len, read local file header.
+ Closes 9536
+
+While at it, shorten many field and variable names.
+
+function                                             old     new   delta
+unzip_main                                          2334    2376     +42
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ archival/unzip.c      | 236 ++++++++++++++++++++++++++------------------------
+ testsuite/unzip.tests |   4 +-
+ 2 files changed, 125 insertions(+), 115 deletions(-)
+
+diff --git a/archival/unzip.c b/archival/unzip.c
+index 98a71c09d..921493591 100644
+--- a/archival/unzip.c
++++ b/archival/unzip.c
+@@ -62,8 +62,8 @@
+ enum {
+ #if BB_BIG_ENDIAN
+ 	ZIP_FILEHEADER_MAGIC = 0x504b0304,
+-	ZIP_CDF_MAGIC        = 0x504b0102, /* central directory's file header */
+-	ZIP_CDE_MAGIC        = 0x504b0506, /* "end of central directory" record */
++	ZIP_CDF_MAGIC        = 0x504b0102, /* CDF item */
++	ZIP_CDE_MAGIC        = 0x504b0506, /* End of CDF */
+ 	ZIP_DD_MAGIC         = 0x504b0708,
+ #else
+ 	ZIP_FILEHEADER_MAGIC = 0x04034b50,
+@@ -91,16 +91,16 @@ typedef union {
+ 		/* filename follows (not NUL terminated) */
+ 		/* extra field follows */
+ 		/* data follows */
+-	} formatted PACKED;
++	} fmt PACKED;
+ } zip_header_t; /* PACKED - gcc 4.2.1 doesn't like it (spews warning) */
+ 
+-#define FIX_ENDIANNESS_ZIP(zip_header) \
++#define FIX_ENDIANNESS_ZIP(zip) \
+ do { if (BB_BIG_ENDIAN) { \
+-	(zip_header).formatted.crc32        = SWAP_LE32((zip_header).formatted.crc32       ); \
+-	(zip_header).formatted.cmpsize      = SWAP_LE32((zip_header).formatted.cmpsize     ); \
+-	(zip_header).formatted.ucmpsize     = SWAP_LE32((zip_header).formatted.ucmpsize    ); \
+-	(zip_header).formatted.filename_len = SWAP_LE16((zip_header).formatted.filename_len); \
+-	(zip_header).formatted.extra_len    = SWAP_LE16((zip_header).formatted.extra_len   ); \
++	(zip).fmt.crc32         = SWAP_LE32((zip).fmt.crc32       ); \
++	(zip).fmt.cmpsize       = SWAP_LE32((zip).fmt.cmpsize     ); \
++	(zip).fmt.ucmpsize      = SWAP_LE32((zip).fmt.ucmpsize    ); \
++	(zip).fmt.filename_len  = SWAP_LE16((zip).fmt.filename_len); \
++	(zip).fmt.extra_len     = SWAP_LE16((zip).fmt.extra_len   ); \
+ }} while (0)
+ 
+ #define CDF_HEADER_LEN 42
+@@ -118,39 +118,39 @@ typedef union {
+ 		uint32_t crc32;                 /* 12-15 */
+ 		uint32_t cmpsize;               /* 16-19 */
+ 		uint32_t ucmpsize;              /* 20-23 */
+-		uint16_t file_name_length;      /* 24-25 */
+-		uint16_t extra_field_length;    /* 26-27 */
++		uint16_t filename_len;          /* 24-25 */
++		uint16_t extra_len;             /* 26-27 */
+ 		uint16_t file_comment_length;   /* 28-29 */
+ 		uint16_t disk_number_start;     /* 30-31 */
+-		uint16_t internal_file_attributes; /* 32-33 */
+-		uint32_t external_file_attributes PACKED; /* 34-37 */
++		uint16_t internal_attributes;   /* 32-33 */
++		uint32_t external_attributes PACKED; /* 34-37 */
+ 		uint32_t relative_offset_of_local_header PACKED; /* 38-41 */
+ 		/* filename follows (not NUL terminated) */
+ 		/* extra field follows */
+-		/* comment follows */
+-	} formatted PACKED;
++		/* file comment follows */
++	} fmt PACKED;
+ } cdf_header_t;
+ 
+-#define FIX_ENDIANNESS_CDF(cdf_header) \
++#define FIX_ENDIANNESS_CDF(cdf) \
+ do { if (BB_BIG_ENDIAN) { \
+-	(cdf_header).formatted.version_made_by = SWAP_LE16((cdf_header).formatted.version_made_by); \
+-	(cdf_header).formatted.version_needed = SWAP_LE16((cdf_header).formatted.version_needed); \
+-	(cdf_header).formatted.method       = SWAP_LE16((cdf_header).formatted.method      ); \
+-	(cdf_header).formatted.modtime      = SWAP_LE16((cdf_header).formatted.modtime     ); \
+-	(cdf_header).formatted.moddate      = SWAP_LE16((cdf_header).formatted.moddate     ); \
+-	(cdf_header).formatted.crc32        = SWAP_LE32((cdf_header).formatted.crc32       ); \
+-	(cdf_header).formatted.cmpsize      = SWAP_LE32((cdf_header).formatted.cmpsize     ); \
+-	(cdf_header).formatted.ucmpsize     = SWAP_LE32((cdf_header).formatted.ucmpsize    ); \
+-	(cdf_header).formatted.file_name_length = SWAP_LE16((cdf_header).formatted.file_name_length); \
+-	(cdf_header).formatted.extra_field_length = SWAP_LE16((cdf_header).formatted.extra_field_length); \
+-	(cdf_header).formatted.file_comment_length = SWAP_LE16((cdf_header).formatted.file_comment_length); \
+-	(cdf_header).formatted.external_file_attributes = SWAP_LE32((cdf_header).formatted.external_file_attributes); \
++	(cdf).fmt.version_made_by = SWAP_LE16((cdf).fmt.version_made_by); \
++	(cdf).fmt.version_needed = SWAP_LE16((cdf).fmt.version_needed); \
++	(cdf).fmt.method        = SWAP_LE16((cdf).fmt.method      ); \
++	(cdf).fmt.modtime       = SWAP_LE16((cdf).fmt.modtime     ); \
++	(cdf).fmt.moddate       = SWAP_LE16((cdf).fmt.moddate     ); \
++	(cdf).fmt.crc32         = SWAP_LE32((cdf).fmt.crc32       ); \
++	(cdf).fmt.cmpsize       = SWAP_LE32((cdf).fmt.cmpsize     ); \
++	(cdf).fmt.ucmpsize      = SWAP_LE32((cdf).fmt.ucmpsize    ); \
++	(cdf).fmt.filename_len  = SWAP_LE16((cdf).fmt.filename_len); \
++	(cdf).fmt.extra_len     = SWAP_LE16((cdf).fmt.extra_len   ); \
++	(cdf).fmt.file_comment_length = SWAP_LE16((cdf).fmt.file_comment_length); \
++	(cdf).fmt.external_attributes = SWAP_LE32((cdf).fmt.external_attributes); \
+ }} while (0)
+ 
+-#define CDE_HEADER_LEN 16
++#define CDE_LEN 16
+ 
+ typedef union {
+-	uint8_t raw[CDE_HEADER_LEN];
++	uint8_t raw[CDE_LEN];
+ 	struct {
+ 		/* uint32_t signature; 50 4b 05 06 */
+ 		uint16_t this_disk_no;
+@@ -159,14 +159,14 @@ typedef union {
+ 		uint16_t cdf_entries_total;
+ 		uint32_t cdf_size;
+ 		uint32_t cdf_offset;
+-		/* uint16_t file_comment_length; */
+-		/* .ZIP file comment (variable size) */
+-	} formatted PACKED;
+-} cde_header_t;
++		/* uint16_t archive_comment_length; */
++		/* archive comment follows */
++	} fmt PACKED;
++} cde_t;
+ 
+-#define FIX_ENDIANNESS_CDE(cde_header) \
++#define FIX_ENDIANNESS_CDE(cde) \
+ do { if (BB_BIG_ENDIAN) { \
+-	(cde_header).formatted.cdf_offset = SWAP_LE32((cde_header).formatted.cdf_offset); \
++	(cde).fmt.cdf_offset = SWAP_LE32((cde).fmt.cdf_offset); \
+ }} while (0)
+ 
+ struct BUG {
+@@ -175,13 +175,13 @@ struct BUG {
+ 	 * even though the elements are all in the right place.
+ 	 */
+ 	char BUG_zip_header_must_be_26_bytes[
+-		offsetof(zip_header_t, formatted.extra_len) + 2
++		offsetof(zip_header_t, fmt.extra_len) + 2
+ 			== ZIP_HEADER_LEN ? 1 : -1];
+ 	char BUG_cdf_header_must_be_42_bytes[
+-		offsetof(cdf_header_t, formatted.relative_offset_of_local_header) + 4
++		offsetof(cdf_header_t, fmt.relative_offset_of_local_header) + 4
+ 			== CDF_HEADER_LEN ? 1 : -1];
+-	char BUG_cde_header_must_be_16_bytes[
+-		sizeof(cde_header_t) == CDE_HEADER_LEN ? 1 : -1];
++	char BUG_cde_must_be_16_bytes[
++		sizeof(cde_t) == CDE_LEN ? 1 : -1];
+ };
+ 
+ 
+@@ -207,7 +207,7 @@ enum { zip_fd = 3 };
+ /* NB: does not preserve file position! */
+ static uint32_t find_cdf_offset(void)
+ {
+-	cde_header_t cde_header;
++	cde_t cde;
+ 	unsigned char *buf;
+ 	unsigned char *p;
+ 	off_t end;
+@@ -228,7 +228,7 @@ static uint32_t find_cdf_offset(void)
+ 
+ 	found = BAD_CDF_OFFSET;
+ 	p = buf;
+-	while (p <= buf + PEEK_FROM_END - CDE_HEADER_LEN - 4) {
++	while (p <= buf + PEEK_FROM_END - CDE_LEN - 4) {
+ 		if (*p != 'P') {
+ 			p++;
+ 			continue;
+@@ -240,19 +240,19 @@ static uint32_t find_cdf_offset(void)
+ 		if (*++p != 6)
+ 			continue;
+ 		/* we found CDE! */
+-		memcpy(cde_header.raw, p + 1, CDE_HEADER_LEN);
+-		FIX_ENDIANNESS_CDE(cde_header);
++		memcpy(cde.raw, p + 1, CDE_LEN);
++		FIX_ENDIANNESS_CDE(cde);
+ 		/*
+ 		 * I've seen .ZIP files with seemingly valid CDEs
+ 		 * where cdf_offset points past EOF - ??
+ 		 * This check ignores such CDEs:
+ 		 */
+-		if (cde_header.formatted.cdf_offset < end + (p - buf)) {
+-			found = cde_header.formatted.cdf_offset;
++		if (cde.fmt.cdf_offset < end + (p - buf)) {
++			found = cde.fmt.cdf_offset;
+ 			dbg("Possible cdf_offset:0x%x at 0x%"OFF_FMT"x",
+ 				(unsigned)found, end + (p-3 - buf));
+ 			dbg("  cdf_offset+cdf_size:0x%x",
+-				(unsigned)(found + SWAP_LE32(cde_header.formatted.cdf_size)));
++				(unsigned)(found + SWAP_LE32(cde.fmt.cdf_size)));
+ 			/*
+ 			 * We do not "break" here because only the last CDE is valid.
+ 			 * I've seen a .zip archive which contained a .zip file,
+@@ -266,7 +266,7 @@ static uint32_t find_cdf_offset(void)
+ 	return found;
+ };
+ 
+-static uint32_t read_next_cdf(uint32_t cdf_offset, cdf_header_t *cdf_ptr)
++static uint32_t read_next_cdf(uint32_t cdf_offset, cdf_header_t *cdf)
+ {
+ 	uint32_t magic;
+ 
+@@ -276,23 +276,25 @@ static uint32_t read_next_cdf(uint32_t cdf_offset, cdf_header_t *cdf_ptr)
+ 	dbg("Reading CDF at 0x%x", (unsigned)cdf_offset);
+ 	xlseek(zip_fd, cdf_offset, SEEK_SET);
+ 	xread(zip_fd, &magic, 4);
+-	/* Central Directory End? */
++	/* Central Directory End? Assume CDF has ended.
++	 * (more correct method is to use cde.cdf_entries_total counter)
++	 */
+ 	if (magic == ZIP_CDE_MAGIC) {
+ 		dbg("got ZIP_CDE_MAGIC");
+ 		return 0; /* EOF */
+ 	}
+-	xread(zip_fd, cdf_ptr->raw, CDF_HEADER_LEN);
++	xread(zip_fd, cdf->raw, CDF_HEADER_LEN);
+ 
+-	FIX_ENDIANNESS_CDF(*cdf_ptr);
+-	dbg("  file_name_length:%u extra_field_length:%u file_comment_length:%u",
+-		(unsigned)cdf_ptr->formatted.file_name_length,
+-		(unsigned)cdf_ptr->formatted.extra_field_length,
+-		(unsigned)cdf_ptr->formatted.file_comment_length
++	FIX_ENDIANNESS_CDF(*cdf);
++	dbg("  filename_len:%u extra_len:%u file_comment_length:%u",
++		(unsigned)cdf->fmt.filename_len,
++		(unsigned)cdf->fmt.extra_len,
++		(unsigned)cdf->fmt.file_comment_length
+ 	);
+ 	cdf_offset += 4 + CDF_HEADER_LEN
+-		+ cdf_ptr->formatted.file_name_length
+-		+ cdf_ptr->formatted.extra_field_length
+-		+ cdf_ptr->formatted.file_comment_length;
++		+ cdf->fmt.filename_len
++		+ cdf->fmt.extra_len
++		+ cdf->fmt.file_comment_length;
+ 
+ 	return cdf_offset;
+ };
+@@ -315,28 +317,28 @@ static void unzip_create_leading_dirs(const char *fn)
+ 	free(name);
+ }
+ 
+-static void unzip_extract(zip_header_t *zip_header, int dst_fd)
++static void unzip_extract(zip_header_t *zip, int dst_fd)
+ {
+-	if (zip_header->formatted.method == 0) {
++	if (zip->fmt.method == 0) {
+ 		/* Method 0 - stored (not compressed) */
+-		off_t size = zip_header->formatted.ucmpsize;
++		off_t size = zip->fmt.ucmpsize;
+ 		if (size)
+ 			bb_copyfd_exact_size(zip_fd, dst_fd, size);
+ 	} else {
+ 		/* Method 8 - inflate */
+ 		transformer_state_t xstate;
+ 		init_transformer_state(&xstate);
+-		xstate.bytes_in = zip_header->formatted.cmpsize;
++		xstate.bytes_in = zip->fmt.cmpsize;
+ 		xstate.src_fd = zip_fd;
+ 		xstate.dst_fd = dst_fd;
+ 		if (inflate_unzip(&xstate) < 0)
+ 			bb_error_msg_and_die("inflate error");
+ 		/* Validate decompression - crc */
+-		if (zip_header->formatted.crc32 != (xstate.crc32 ^ 0xffffffffL)) {
++		if (zip->fmt.crc32 != (xstate.crc32 ^ 0xffffffffL)) {
+ 			bb_error_msg_and_die("crc error");
+ 		}
+ 		/* Validate decompression - size */
+-		if (zip_header->formatted.ucmpsize != xstate.bytes_out) {
++		if (zip->fmt.ucmpsize != xstate.bytes_out) {
+ 			/* Don't die. Who knows, maybe len calculation
+ 			 * was botched somewhere. After all, crc matched! */
+ 			bb_error_msg("bad length");
+@@ -563,7 +565,7 @@ int unzip_main(int argc, char **argv)
+ 	total_entries = 0;
+ 	cdf_offset = find_cdf_offset();	/* try to seek to the end, find CDE and CDF start */
+ 	while (1) {
+-		zip_header_t zip_header;
++		zip_header_t zip;
+ 		mode_t dir_mode = 0777;
+ #if ENABLE_FEATURE_UNZIP_CDF
+ 		mode_t file_mode = 0666;
+@@ -589,7 +591,7 @@ int unzip_main(int argc, char **argv)
+ 
+ 			/* Check magic number */
+ 			xread(zip_fd, &magic, 4);
+-			/* Central directory? It's at the end, so exit */
++			/* CDF item? Assume there are no more files, exit */
+ 			if (magic == ZIP_CDF_MAGIC) {
+ 				dbg("got ZIP_CDF_MAGIC");
+ 				break;
+@@ -605,71 +607,74 @@ int unzip_main(int argc, char **argv)
+ 				bb_error_msg_and_die("invalid zip magic %08X", (int)magic);
+ 			dbg("got ZIP_FILEHEADER_MAGIC");
+ 
+-			xread(zip_fd, zip_header.raw, ZIP_HEADER_LEN);
+-			FIX_ENDIANNESS_ZIP(zip_header);
+-			if ((zip_header.formatted.method != 0)
+-			 && (zip_header.formatted.method != 8)
++			xread(zip_fd, zip.raw, ZIP_HEADER_LEN);
++			FIX_ENDIANNESS_ZIP(zip);
++			if ((zip.fmt.method != 0)
++			 && (zip.fmt.method != 8)
+ 			) {
+ 				/* TODO? method 12: bzip2, method 14: LZMA */
+-				bb_error_msg_and_die("unsupported method %d", zip_header.formatted.method);
++				bb_error_msg_and_die("unsupported method %d", zip.fmt.method);
+ 			}
+-			if (zip_header.formatted.zip_flags & SWAP_LE16(0x0009)) {
++			if (zip.fmt.zip_flags & SWAP_LE16(0x0009)) {
+ 				bb_error_msg_and_die("zip flags 1 and 8 are not supported");
+ 			}
+ 		}
+ #if ENABLE_FEATURE_UNZIP_CDF
+ 		else {
+ 			/* cdf_offset is valid (and we know the file is seekable) */
+-			cdf_header_t cdf_header;
+-			cdf_offset = read_next_cdf(cdf_offset, &cdf_header);
++			cdf_header_t cdf;
++			cdf_offset = read_next_cdf(cdf_offset, &cdf);
+ 			if (cdf_offset == 0) /* EOF? */
+ 				break;
+-# if 0
++# if 1
+ 			xlseek(zip_fd,
+-				SWAP_LE32(cdf_header.formatted.relative_offset_of_local_header) + 4,
++				SWAP_LE32(cdf.fmt.relative_offset_of_local_header) + 4,
+ 				SEEK_SET);
+-			xread(zip_fd, zip_header.raw, ZIP_HEADER_LEN);
+-			FIX_ENDIANNESS_ZIP(zip_header);
+-			if (zip_header.formatted.zip_flags & SWAP_LE16(0x0008)) {
++			xread(zip_fd, zip.raw, ZIP_HEADER_LEN);
++			FIX_ENDIANNESS_ZIP(zip);
++			if (zip.fmt.zip_flags & SWAP_LE16(0x0008)) {
+ 				/* 0x0008 - streaming. [u]cmpsize can be reliably gotten
+ 				 * only from Central Directory.
+ 				 */
+-				zip_header.formatted.crc32    = cdf_header.formatted.crc32;
+-				zip_header.formatted.cmpsize  = cdf_header.formatted.cmpsize;
+-				zip_header.formatted.ucmpsize = cdf_header.formatted.ucmpsize;
++				zip.fmt.crc32    = cdf.fmt.crc32;
++				zip.fmt.cmpsize  = cdf.fmt.cmpsize;
++				zip.fmt.ucmpsize = cdf.fmt.ucmpsize;
+ 			}
+ # else
+-			/* CDF has the same data as local header, no need to read the latter */
+-			memcpy(&zip_header.formatted.version,
+-				&cdf_header.formatted.version_needed, ZIP_HEADER_LEN);
++			/* CDF has the same data as local header, no need to read the latter...
++			 * ...not really. An archive was seen with cdf.extra_len == 6 but
++			 * zip.extra_len == 0.
++			 */
++			memcpy(&zip.fmt.version,
++				&cdf.fmt.version_needed, ZIP_HEADER_LEN);
+ 			xlseek(zip_fd,
+-				SWAP_LE32(cdf_header.formatted.relative_offset_of_local_header) + 4 + ZIP_HEADER_LEN,
++				SWAP_LE32(cdf.fmt.relative_offset_of_local_header) + 4 + ZIP_HEADER_LEN,
+ 				SEEK_SET);
+ # endif
+-			if ((cdf_header.formatted.version_made_by >> 8) == 3) {
++			if ((cdf.fmt.version_made_by >> 8) == 3) {
+ 				/* This archive is created on Unix */
+-				dir_mode = file_mode = (cdf_header.formatted.external_file_attributes >> 16);
++				dir_mode = file_mode = (cdf.fmt.external_attributes >> 16);
+ 			}
+ 		}
+ #endif
+ 
+-		if (zip_header.formatted.zip_flags & SWAP_LE16(0x0001)) {
++		if (zip.fmt.zip_flags & SWAP_LE16(0x0001)) {
+ 			/* 0x0001 - encrypted */
+ 			bb_error_msg_and_die("zip flag 1 (encryption) is not supported");
+ 		}
+ 		dbg("File cmpsize:0x%x extra_len:0x%x ucmpsize:0x%x",
+-			(unsigned)zip_header.formatted.cmpsize,
+-			(unsigned)zip_header.formatted.extra_len,
+-			(unsigned)zip_header.formatted.ucmpsize
++			(unsigned)zip.fmt.cmpsize,
++			(unsigned)zip.fmt.extra_len,
++			(unsigned)zip.fmt.ucmpsize
+ 		);
+ 
+ 		/* Read filename */
+ 		free(dst_fn);
+-		dst_fn = xzalloc(zip_header.formatted.filename_len + 1);
+-		xread(zip_fd, dst_fn, zip_header.formatted.filename_len);
++		dst_fn = xzalloc(zip.fmt.filename_len + 1);
++		xread(zip_fd, dst_fn, zip.fmt.filename_len);
+ 
+ 		/* Skip extra header bytes */
+-		unzip_skip(zip_header.formatted.extra_len);
++		unzip_skip(zip.fmt.extra_len);
+ 
+ 		/* Guard against "/abspath", "/../" and similar attacks */
+ 		overlapping_strcpy(dst_fn, strip_unsafe_prefix(dst_fn));
+@@ -684,32 +689,32 @@ int unzip_main(int argc, char **argv)
+ 				/* List entry */
+ 				char dtbuf[sizeof("mm-dd-yyyy hh:mm")];
+ 				sprintf(dtbuf, "%02u-%02u-%04u %02u:%02u",
+-					(zip_header.formatted.moddate >> 5) & 0xf,  // mm: 0x01e0
+-					(zip_header.formatted.moddate)      & 0x1f, // dd: 0x001f
+-					(zip_header.formatted.moddate >> 9) + 1980, // yy: 0xfe00
+-					(zip_header.formatted.modtime >> 11),       // hh: 0xf800
+-					(zip_header.formatted.modtime >> 5) & 0x3f  // mm: 0x07e0
+-					// seconds/2 are not shown, encoded in ----------- 0x001f
++					(zip.fmt.moddate >> 5) & 0xf,  // mm: 0x01e0
++					(zip.fmt.moddate)      & 0x1f, // dd: 0x001f
++					(zip.fmt.moddate >> 9) + 1980, // yy: 0xfe00
++					(zip.fmt.modtime >> 11),       // hh: 0xf800
++					(zip.fmt.modtime >> 5) & 0x3f  // mm: 0x07e0
++					// seconds/2 not shown, encoded in -- 0x001f
+ 				);
+ 				if (!verbose) {
+ 					//      "  Length      Date    Time    Name\n"
+ 					//      "---------  ---------- -----   ----"
+ 					printf(       "%9u  " "%s   "         "%s\n",
+-						(unsigned)zip_header.formatted.ucmpsize,
++						(unsigned)zip.fmt.ucmpsize,
+ 						dtbuf,
+ 						dst_fn);
+ 				} else {
+-					unsigned long percents = zip_header.formatted.ucmpsize - zip_header.formatted.cmpsize;
++					unsigned long percents = zip.fmt.ucmpsize - zip.fmt.cmpsize;
+ 					if ((int32_t)percents < 0)
+ 						percents = 0; /* happens if ucmpsize < cmpsize */
+ 					percents = percents * 100;
+-					if (zip_header.formatted.ucmpsize)
+-						percents /= zip_header.formatted.ucmpsize;
++					if (zip.fmt.ucmpsize)
++						percents /= zip.fmt.ucmpsize;
+ 					//      " Length   Method    Size  Cmpr    Date    Time   CRC-32   Name\n"
+ 					//      "--------  ------  ------- ---- ---------- ----- --------  ----"
+ 					printf(      "%8u  %s"        "%9u%4u%% " "%s "         "%08x  "  "%s\n",
+-						(unsigned)zip_header.formatted.ucmpsize,
+-						zip_header.formatted.method == 0 ? "Stored" : "Defl:N", /* Defl is method 8 */
++						(unsigned)zip.fmt.ucmpsize,
++						zip.fmt.method == 0 ? "Stored" : "Defl:N", /* Defl is method 8 */
+ /* TODO: show other methods?
+  *  1 - Shrunk
+  *  2 - Reduced with compression factor 1
+@@ -722,15 +727,16 @@ int unzip_main(int argc, char **argv)
+  * 10 - PKWARE Data Compression Library Imploding
+  * 11 - Reserved by PKWARE
+  * 12 - BZIP2
++ * 14 - LZMA
+  */
+-						(unsigned)zip_header.formatted.cmpsize,
++						(unsigned)zip.fmt.cmpsize,
+ 						(unsigned)percents,
+ 						dtbuf,
+-						zip_header.formatted.crc32,
++						zip.fmt.crc32,
+ 						dst_fn);
+-					total_size += zip_header.formatted.cmpsize;
++					total_size += zip.fmt.cmpsize;
+ 				}
+-				total_usize += zip_header.formatted.ucmpsize;
++				total_usize += zip.fmt.ucmpsize;
+ 				i = 'n';
+ 			} else if (dst_fd == STDOUT_FILENO) {
+ 				/* Extracting to STDOUT */
+@@ -798,9 +804,11 @@ int unzip_main(int argc, char **argv)
+ #endif
+ 		case -1: /* Unzip */
+ 			if (!quiet) {
+-				printf("  inflating: %s\n", dst_fn);
++				printf(/* zip.fmt.method == 0
++					? " extracting: %s\n"
++					: */ "  inflating: %s\n", dst_fn);
+ 			}
+-			unzip_extract(&zip_header, dst_fd);
++			unzip_extract(&zip, dst_fd);
+ 			if (dst_fd != STDOUT_FILENO) {
+ 				/* closing STDOUT is potentially bad for future business */
+ 				close(dst_fd);
+@@ -811,7 +819,7 @@ int unzip_main(int argc, char **argv)
+ 			overwrite = O_NEVER;
+ 		case 'n':
+ 			/* Skip entry data */
+-			unzip_skip(zip_header.formatted.cmpsize);
++			unzip_skip(zip.fmt.cmpsize);
+ 			break;
+ 
+ 		case 'r':
+diff --git a/testsuite/unzip.tests b/testsuite/unzip.tests
+index d9c45242c..2e4becdb8 100755
+--- a/testsuite/unzip.tests
++++ b/testsuite/unzip.tests
+@@ -34,7 +34,9 @@ rm foo.zip
+ optional FEATURE_UNZIP_CDF
+ testing "unzip (bad archive)" "uudecode; unzip bad.zip 2>&1; echo \$?" \
+ "Archive:  bad.zip
+-unzip: short read
++  inflating: ]3j½r«IK-%Ix
++unzip: corrupted data
++unzip: inflate error
+ 1
+ " \
+ "" "\
+-- 
+2.11.0
+

package/busybox/0008-httpd-fix-handling-of-range-requests.patch

@@ -0,0 +1,27 @@
+From 4316dff48aacb29307e1b52cb761fef603759b9d Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Mon, 18 Sep 2017 13:09:11 +0200
+Subject: [PATCH] httpd: fix handling of range requests
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ networking/httpd.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/networking/httpd.c b/networking/httpd.c
+index d301d598d..84d819723 100644
+--- a/networking/httpd.c
++++ b/networking/httpd.c
+@@ -2337,7 +2337,7 @@ static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr)
+ 			if (STRNCASECMP(iobuf, "Range:") == 0) {
+ 				/* We know only bytes=NNN-[MMM] */
+ 				char *s = skip_whitespace(iobuf + sizeof("Range:")-1);
+-				if (is_prefixed_with(s, "bytes=") == 0) {
++				if (is_prefixed_with(s, "bytes=")) {
+ 					s += sizeof("bytes=")-1;
+ 					range_start = BB_STRTOOFF(s, &s, 10);
+ 					if (s[0] != '-' || range_start < 0) {
+-- 
+2.11.0
+

package/busybox/busybox-minimal.config

@@ -22,7 +22,7 @@ CONFIG_FEATURE_INSTALLER=y
 # CONFIG_PAM is not set
 CONFIG_LONG_OPTS=y
 CONFIG_FEATURE_DEVPTS=y
-CONFIG_FEATURE_CLEAN_UP=y
+# CONFIG_FEATURE_CLEAN_UP is not set
 CONFIG_FEATURE_UTMP=y
 CONFIG_FEATURE_WTMP=y
 # CONFIG_FEATURE_PIDFILE is not set

package/busybox/busybox.config

@@ -22,7 +22,7 @@ CONFIG_FEATURE_INSTALLER=y
 # CONFIG_PAM is not set
 CONFIG_LONG_OPTS=y
 CONFIG_FEATURE_DEVPTS=y
-CONFIG_FEATURE_CLEAN_UP=y
+# CONFIG_FEATURE_CLEAN_UP is not set
 CONFIG_FEATURE_UTMP=y
 CONFIG_FEATURE_WTMP=y
 # CONFIG_FEATURE_PIDFILE is not set

package/busybox/mdev.conf

@@ -23,17 +23,17 @@ ttyS[0-9]*	root:root 660
 ttyUSB[0-9]*	root:root 660
 
 # alsa sound devices
-pcm.*		root:audio 660 =snd/
-control.*	root:audio 660 =snd/
-midi.*		root:audio 660 =snd/
-seq		root:audio 660 =snd/
-timer		root:audio 660 =snd/
+snd/pcm.*	root:audio 660
+snd/control.*	root:audio 660
+snd/midi.*	root:audio 660
+snd/seq		root:audio 660
+snd/timer	root:audio 660
 
 # input stuff
-event[0-9]+	root:root 640 =input/
-mice		root:root 640 =input/
-mouse[0-9]	root:root 640 =input/
-ts[0-9]		root:root 600 =input/
+input/event[0-9]+	root:root 640
+input/mice		root:root 640
+input/mouse[0-9]	root:root 640
+input/ts[0-9]		root:root 600
 
 # load modules
 $MODALIAS=.*	root:root 660 @modprobe "$MODALIAS"

package/bzip2/bzip2.mk

@@ -12,13 +12,13 @@ BZIP2_LICENSE_FILES = LICENSE
 
 ifeq ($(BR2_STATIC_LIBS),)
 define BZIP2_BUILD_SHARED_CMDS
-	$(TARGET_MAKE_ENV)
+	$(TARGET_MAKE_ENV) \
 		$(MAKE) -C $(@D) -f Makefile-libbz2_so $(TARGET_CONFIGURE_OPTS)
 endef
 endif
 
 define BZIP2_BUILD_CMDS
-	$(TARGET_MAKE_ENV)
+	$(TARGET_MAKE_ENV) \
 		$(MAKE) -C $(@D) libbz2.a bzip2 bzip2recover $(TARGET_CONFIGURE_OPTS)
 	$(BZIP2_BUILD_SHARED_CMDS)
 endef

package/c-ares/c-ares.hash

@@ -1,2 +1,2 @@
 # Locally calculated after checking pgp signature
-sha256 8692f9403cdcdf936130e045c84021665118ee9bfea905d1a76f04d4e6f365fb c-ares-1.12.0.tar.gz
+sha256 03f708f1b14a26ab26c38abd51137640cb444d3ec72380b21b20f1a8d2861da7 c-ares-1.13.0.tar.gz

package/c-ares/c-ares.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-C_ARES_VERSION = 1.12.0
+C_ARES_VERSION = 1.13.0
 C_ARES_SITE = http://c-ares.haxx.se/download
 C_ARES_INSTALL_STAGING = YES
 C_ARES_CONF_OPTS = --with-random=/dev/urandom

package/cairo/cairo.mk

@@ -6,8 +6,8 @@
 
 CAIRO_VERSION = 1.14.8
 CAIRO_SOURCE = cairo-$(CAIRO_VERSION).tar.xz
-CAIRO_LICENSE = LGPLv2.1+
-CAIRO_LICENSE_FILES = COPYING
+CAIRO_LICENSE = LGPLv2.1 or MPLv1.1 (library)
+CAIRO_LICENSE_FILES = COPYING COPYING-LGPL-2.1 COPYING-MPL-1.1
 CAIRO_SITE = http://cairographics.org/releases
 CAIRO_INSTALL_STAGING = YES
 CAIRO_AUTORECONF = YES

package/ccache/ccache.mk

@@ -28,9 +28,13 @@ HOST_CCACHE_CONF_OPTS += --with-bundled-zlib
 #    BR2_CCACHE_DIR.
 #  - Change hard-coded last-ditch default to match path in .config, to avoid
 #    the need to specify BR_CACHE_DIR when invoking ccache directly.
+#    CCache replaces "%s" with the home directory of the current user,
+#    So rewrite BR_CACHE_DIR to take that into consideration for SDK purpose
+HOST_CCACHE_DEFAULT_CCACHE_DIR = $(patsubst $(HOME)/%,\%s/%,$(BR_CACHE_DIR))
+
 define HOST_CCACHE_PATCH_CONFIGURATION
 	sed -i 's,getenv("CCACHE_DIR"),getenv("BR_CACHE_DIR"),' $(@D)/ccache.c
-	sed -i 's,"%s/.ccache","$(BR_CACHE_DIR)",' $(@D)/conf.c
+	sed -i 's,"%s/.ccache","$(HOST_CCACHE_DEFAULT_CCACHE_DIR)",' $(@D)/conf.c
 endef
 
 HOST_CCACHE_POST_PATCH_HOOKS += HOST_CCACHE_PATCH_CONFIGURATION

package/cmake/cmake.mk

@@ -46,6 +46,7 @@ define HOST_CMAKE_CONFIGURE_CMDS
 			-DCMAKE_C_FLAGS="$(HOST_CMAKE_CFLAGS)" \
 			-DCMAKE_CXX_FLAGS="$(HOST_CMAKE_CXXFLAGS)" \
 			-DCMAKE_EXE_LINKER_FLAGS="$(HOST_LDFLAGS)" \
+			-DCMAKE_USE_OPENSSL:BOOL=OFF \
 			-DBUILD_CursesDialog=OFF \
 	)
 endef

package/collectd/0001-libcollectdclient-increase-error-buffer.patch

@@ -0,0 +1,87 @@
+From e170f3559fcda6d37a012aba187a96b1f42e8f9d Mon Sep 17 00:00:00 2001
+From: Ruben Kerkhof <ruben@rubenkerkhof.com>
+Date: Sun, 2 Jul 2017 21:52:14 +0200
+Subject: [PATCH] libcollectdclient: increase error buffer
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+make[1]: Entering directory '/home/ruben/src/collectd'
+  CC       src/libcollectdclient/libcollectdclient_la-client.lo
+src/libcollectdclient/client.c: In function ‘lcc_getval’:
+src/libcollectdclient/client.c:621:23: warning: ‘%s’ directive output may be truncated writing up to 1023 bytes into a region of size 1010 [-Wformat-truncation=]
+     LCC_SET_ERRSTR(c, "Server error: %s", res.message);
+                       ^                   ~
+src/libcollectdclient/client.c:94:48: note: in definition of macro ‘LCC_SET_ERRSTR’
+     snprintf((c)->errbuf, sizeof((c)->errbuf), __VA_ARGS__);                   \
+                                                ^~~~~~~~~~~
+src/libcollectdclient/client.c:94:5: note: ‘snprintf’ output between 15 and 1038 bytes into a destination of size 1024
+     snprintf((c)->errbuf, sizeof((c)->errbuf), __VA_ARGS__);                   \
+     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+src/libcollectdclient/client.c:621:5: note: in expansion of macro ‘LCC_SET_ERRSTR’
+     LCC_SET_ERRSTR(c, "Server error: %s", res.message);
+     ^~~~~~~~~~~~~~
+src/libcollectdclient/client.c: In function ‘lcc_putval’:
+src/libcollectdclient/client.c:754:23: warning: ‘%s’ directive output may be truncated writing up to 1023 bytes into a region of size 1010 [-Wformat-truncation=]
+     LCC_SET_ERRSTR(c, "Server error: %s", res.message);
+                       ^                   ~
+src/libcollectdclient/client.c:94:48: note: in definition of macro ‘LCC_SET_ERRSTR’
+     snprintf((c)->errbuf, sizeof((c)->errbuf), __VA_ARGS__);                   \
+                                                ^~~~~~~~~~~
+src/libcollectdclient/client.c:94:5: note: ‘snprintf’ output between 15 and 1038 bytes into a destination of size 1024
+     snprintf((c)->errbuf, sizeof((c)->errbuf), __VA_ARGS__);                   \
+     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+src/libcollectdclient/client.c:754:5: note: in expansion of macro ‘LCC_SET_ERRSTR’
+     LCC_SET_ERRSTR(c, "Server error: %s", res.message);
+     ^~~~~~~~~~~~~~
+src/libcollectdclient/client.c: In function ‘lcc_flush’:
+src/libcollectdclient/client.c:802:23: warning: ‘%s’ directive output may be truncated writing up to 1023 bytes into a region of size 1010 [-Wformat-truncation=]
+     LCC_SET_ERRSTR(c, "Server error: %s", res.message);
+                       ^                   ~
+src/libcollectdclient/client.c:94:48: note: in definition of macro ‘LCC_SET_ERRSTR’
+     snprintf((c)->errbuf, sizeof((c)->errbuf), __VA_ARGS__);                   \
+                                                ^~~~~~~~~~~
+src/libcollectdclient/client.c:94:5: note: ‘snprintf’ output between 15 and 1038 bytes into a destination of size 1024
+     snprintf((c)->errbuf, sizeof((c)->errbuf), __VA_ARGS__);                   \
+     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+src/libcollectdclient/client.c:802:5: note: in expansion of macro ‘LCC_SET_ERRSTR’
+     LCC_SET_ERRSTR(c, "Server error: %s", res.message);
+     ^~~~~~~~~~~~~~
+src/libcollectdclient/client.c: In function ‘lcc_listval’:
+src/libcollectdclient/client.c:834:23: warning: ‘%s’ directive output may be truncated writing up to 1023 bytes into a region of size 1010 [-Wformat-truncation=]
+     LCC_SET_ERRSTR(c, "Server error: %s", res.message);
+                       ^                   ~
+src/libcollectdclient/client.c:94:48: note: in definition of macro ‘LCC_SET_ERRSTR’
+     snprintf((c)->errbuf, sizeof((c)->errbuf), __VA_ARGS__);                   \
+                                                ^~~~~~~~~~~
+src/libcollectdclient/client.c:94:5: note: ‘snprintf’ output between 15 and 1038 bytes into a destination of size 1024
+     snprintf((c)->errbuf, sizeof((c)->errbuf), __VA_ARGS__);                   \
+     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+src/libcollectdclient/client.c:834:5: note: in expansion of macro ‘LCC_SET_ERRSTR’
+     LCC_SET_ERRSTR(c, "Server error: %s", res.message);
+     ^~~~~~~~~~~~~~
+
+Fixes #2200
+
+[Upstream commit: https://git.octo.it/?p=collectd.git;a=commitdiff;h=e170f3559fcda6d37a012aba187a96b1f42e8f9d]
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+---
+ src/libcollectdclient/client.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/libcollectdclient/client.c b/src/libcollectdclient/client.c
+index 51a4ab2..3ae2e71 100644
+--- a/src/libcollectdclient/client.c
++++ b/src/libcollectdclient/client.c
+@@ -99,7 +99,7 @@
+  */
+ struct lcc_connection_s {
+   FILE *fh;
+-  char errbuf[1024];
++  char errbuf[2048];
+ };
+ 
+ struct lcc_response_s {
+-- 
+1.7.10.4
+

package/collectd/collectd.mk

@@ -24,9 +24,23 @@ COLLECTD_PLUGINS_DISABLE = \
 
 COLLECTD_CONF_ENV += LIBS="-lm"
 
+#
+# NOTE: There's also a third availible setting "intswap", which might
+# be needed on some old ARM hardware (see [2]), but is not being
+# accounted for as per discussion [1]
+#
+# [1] http://lists.busybox.net/pipermail/buildroot/2017-November/206100.html
+# [2] http://lists.busybox.net/pipermail/buildroot/2017-November/206251.html
+#
+ifeq ($(BR2_ENDIAN),"BIG")
+COLLECTD_FP_LAYOUT=endianflip
+else
+COLLECTD_FP_LAYOUT=nothing
+endif
+
 COLLECTD_CONF_OPTS += \
 	--with-nan-emulation \
-	--with-fp-layout=nothing \
+	--with-fp-layout=$(COLLECTD_FP_LAYOUT) \
 	--with-perl-bindings=no \
 	$(foreach p, $(COLLECTD_PLUGINS_DISABLE), --disable-$(p)) \
 	$(if $(BR2_PACKAGE_COLLECTD_AGGREGATION),--enable-aggregation,--disable-aggregation) \

package/connman/connman.hash

@@ -1,2 +1,2 @@
 # From https://www.kernel.org/pub/linux/network/connman/sha256sums.asc
-sha256	bc8946036fa70124d663136f9f6b6238d897ca482782df907b07a428b09df5a0	connman-1.33.tar.xz
+sha256	66d7deb98371545c6e417239a9b3b3e3201c1529d08eedf40afbc859842cf2aa	connman-1.35.tar.xz

package/connman/connman.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-CONNMAN_VERSION = 1.33
+CONNMAN_VERSION = 1.35
 CONNMAN_SOURCE = connman-$(CONNMAN_VERSION).tar.xz
 CONNMAN_SITE = $(BR2_KERNEL_MIRROR)/linux/network/connman
 CONNMAN_DEPENDENCIES = libglib2 dbus iptables

package/cppcms/cppcms.mk

@@ -11,6 +11,10 @@ CPPCMS_LICENSE_FILES = COPYING.TXT
 CPPCMS_SITE = http://downloads.sourceforge.net/project/cppcms/cppcms/$(CPPCMS_VERSION)
 CPPCMS_INSTALL_STAGING = YES
 
+# disable rpath to avoid getting /usr/lib added to the link search
+# path
+CPPCMS_CONF_OPTS = -DCMAKE_SKIP_RPATH=ON
+
 CPPCMS_DEPENDENCIES = zlib pcre libgcrypt
 
 ifeq ($(BR2_PACKAGE_CPPCMS_ICU),y)

package/dbus-cpp/0002-cross-compile-tools.patch

@@ -0,0 +1,34 @@
+tools: just do proper cross-compile
+
+Those tools are not used during the build; besides, they are installed.
+
+So they don't need to not be cross-compiled.
+
+Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
+
+---
+Upstream status: not submitted, upstream is dead.
+
+diff -durN dbus-cpp-0.9.0.orig/tools/Makefile.am dbus-cpp-0.9.0/tools/Makefile.am
+--- dbus-cpp-0.9.0.orig/tools/Makefile.am	2017-03-21 21:48:57.013409423 +0100
++++ dbus-cpp-0.9.0/tools/Makefile.am	2017-03-21 21:49:35.329979798 +0100
+@@ -1,7 +1,3 @@
+-# hacky, but ...
+-
+-CXX = $(CXX_FOR_BUILD)
+-
+ AM_CPPFLAGS = \
+ 	$(dbus_CFLAGS) \
+ 	$(xml_CFLAGS) \
+@@ -9,11 +3,7 @@
+ 	-I$(top_builddir)/include \
+ 	-Wall
+ 
+-if CROSS_COMPILING
+-libdbus_cxx_la = $(BUILD_LIBDBUS_CXX_DIR)/src/libdbus-c++-1.la
+-else
+ libdbus_cxx_la = $(top_builddir)/src/libdbus-c++-1.la
+-endif
+ 
+ bin_PROGRAMS = dbusxx-xml2cpp dbusxx-introspect
+ 

package/dbus-cpp/0002-cxxflags-ldflags-for-build.patch

@@ -1,32 +0,0 @@
-Use CXXFLAGS_FOR_BUILD and LDFLAGS_FOR_BUILD for the tools since expat
-may not be living in the default include & library path.
-
-Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
-
-diff -Nura libdbus-c++-0.9.0.orig/configure.ac libdbus-c++-0.9.0/configure.ac
---- libdbus-c++-0.9.0.orig/configure.ac	2014-01-05 15:28:03.653886567 -0300
-+++ libdbus-c++-0.9.0/configure.ac	2014-01-05 15:44:32.571172225 -0300
-@@ -65,7 +65,11 @@
- AC_PROG_CXX
- 
- CXX_FOR_BUILD=${CXX_FOR_BUILD-${CXX}}
-+CXXFLAGS_FOR_BUILD=${CXXFLAGS_FOR_BUILD-${CXXFLAGS}}
-+LDFLAGS_FOR_BUILD=${LDFLAGS_FOR_BUILD-${LDFLAGS}}
- AC_SUBST(CXX_FOR_BUILD)
-+AC_SUBST(CXXFLAGS_FOR_BUILD)
-+AC_SUBST(LDFLAGS_FOR_BUILD)
- 
- AM_PROG_LIBTOOL
- 
-diff -Nura libdbus-c++-0.9.0.orig/tools/Makefile.am libdbus-c++-0.9.0/tools/Makefile.am
---- libdbus-c++-0.9.0.orig/tools/Makefile.am	2014-01-05 15:28:03.652886535 -0300
-+++ libdbus-c++-0.9.0/tools/Makefile.am	2014-01-05 15:44:42.071482390 -0300
-@@ -1,6 +1,8 @@
- # hacky, but ...
- 
- CXX = $(CXX_FOR_BUILD)
-+CXXFLAGS = $(CXXFLAGS_FOR_BUILD)
-+LDFLAGS = $(LDFLAGS_FOR_BUILD)
- 
- AM_CPPFLAGS = \
- 	$(dbus_CFLAGS) \

package/dbus-glib/dbus-glib.mk

@@ -7,7 +7,7 @@
 DBUS_GLIB_VERSION = 0.108
 DBUS_GLIB_SITE = http://dbus.freedesktop.org/releases/dbus-glib
 DBUS_GLIB_INSTALL_STAGING = YES
-DBUS_GLIB_LICENSE = AFLv2.1, GPLv2+
+DBUS_GLIB_LICENSE = AFLv2.1 or GPLv2+
 DBUS_GLIB_LICENSE_FILES = COPYING
 
 DBUS_GLIB_CONF_ENV = \

package/dbus-triggerd/dbus-triggerd.mk

@@ -7,6 +7,7 @@
 DBUS_TRIGGERD_VERSION = ba3dbec805cb707c94c54de21666bf18b79bcc09
 DBUS_TRIGGERD_SITE = git://rg42.org/dbustriggerd.git
 DBUS_TRIGGERD_LICENSE = GPLv2+
+DBUS_TRIGGERD_LICENSE_FILES = dbus-triggerd.c
 DBUS_TRIGGERD_DEPENDENCIES = host-pkgconf dbus
 
 define DBUS_TRIGGERD_BUILD_CMDS

package/dbus/0001-config-loader-expat-Tell-Expat-not-to-defend-against.patch

@@ -0,0 +1,78 @@
+From 1252dc1d1f465b8ab6b36ff7252e395e66a040cf Mon Sep 17 00:00:00 2001
+From: Simon McVittie <smcv@debian.org>
+Date: Fri, 21 Jul 2017 10:46:39 +0100
+Subject: [PATCH 1/2] config-loader-expat: Tell Expat not to defend against
+ hash collisions
+
+By default, Expat uses cryptographic-quality random numbers as a salt for
+its hash algorithm, and since 2.2.1 it gets them from the getrandom
+syscall on Linux. That syscall refuses to return any entropy until the
+kernel's CSPRNG (random pool) has been initialized. Unfortunately, this
+can take as long as 40 seconds on embedded devices with few entropy
+sources, which is too long: if the system dbus-daemon blocks for that
+length of time, important D-Bus clients like systemd and systemd-logind
+time out and fail to connect to it.
+
+We're parsing small configuration files here, and we trust them
+completely, so we don't need to defend against hash collisions: nobody
+is going to be crafting them to cause pathological performance.
+
+Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101858
+Signed-off-by: Simon McVittie <smcv@debian.org>
+Tested-by: Christopher Hewitt <hewitt@ieee.org>
+Reviewed-by: Philip Withnall <withnall@endlessm.com>
+
+Upstream commit 1252dc1d1f465b8ab6b36ff7252e395e66a040cf
+Signed-off-by: Marcus Hoffmann <m.hoffmann@cartelsol.com>
+---
+ bus/config-loader-expat.c | 14 ++++++++++++++
+ configure.ac              |  8 ++++++++
+ 2 files changed, 22 insertions(+)
+
+diff --git a/bus/config-loader-expat.c b/bus/config-loader-expat.c
+index b571fda3..27cbe2d0 100644
+--- a/bus/config-loader-expat.c
++++ b/bus/config-loader-expat.c
+@@ -203,6 +203,20 @@ bus_config_load (const DBusString      *file,
+       goto failed;
+     }
+ 
++  /* We do not need protection against hash collisions (CVE-2012-0876)
++   * because we are only parsing trusted XML; and if we let Expat block
++   * waiting for the CSPRNG to be initialized, as it does by default to
++   * defeat CVE-2012-0876, it can cause timeouts during early boot on
++   * entropy-starved embedded devices.
++   *
++   * TODO: When Expat gets a more explicit API for this than
++   * XML_SetHashSalt, check for that too, and use it preferentially.
++   * https://github.com/libexpat/libexpat/issues/91 */
++#if defined(HAVE_XML_SETHASHSALT)
++  /* Any nonzero number will do. https://xkcd.com/221/ */
++  XML_SetHashSalt (expat, 4);
++#endif
++
+   if (!_dbus_string_get_dirname (file, &dirname))
+     {
+       dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
+diff --git a/configure.ac b/configure.ac
+index 52da11fb..c4022ed7 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -938,6 +938,14 @@ XML_CFLAGS=
+ AC_SUBST([XML_CFLAGS])
+ AC_SUBST([XML_LIBS])
+ 
++save_cflags="$CFLAGS"
++save_libs="$LIBS"
++CFLAGS="$CFLAGS $XML_CFLAGS"
++LIBS="$LIBS $XML_LIBS"
++AC_CHECK_FUNCS([XML_SetHashSalt])
++CFLAGS="$save_cflags"
++LIBS="$save_libs"
++
+ # Thread lib detection
+ AC_ARG_VAR([THREAD_LIBS])
+ save_libs="$LIBS"
+-- 
+2.11.0
+

package/dbus/dbus.mk

@@ -7,6 +7,8 @@
 DBUS_VERSION = 1.10.16
 DBUS_SITE = http://dbus.freedesktop.org/releases/dbus
 DBUS_LICENSE = AFLv2.1 or GPLv2+ (library, tools), GPLv2+ (tools)
+# 0001-config-loader-expat-Tell-Expat-not-to-defend-against.patch
+DBUS_AUTORECONF = YES
 DBUS_LICENSE_FILES = COPYING
 DBUS_INSTALL_STAGING = YES
 
@@ -82,7 +84,7 @@ define DBUS_REMOVE_VAR_LIB_DBUS
 	rm -rf $(TARGET_DIR)/var/lib/dbus
 endef
 
-DBUS_POST_BUILD_HOOKS += DBUS_REMOVE_VAR_LIB_DBUS
+DBUS_PRE_INSTALL_TARGET_HOOKS += DBUS_REMOVE_VAR_LIB_DBUS
 
 define DBUS_REMOVE_DEVFILES
 	rm -rf $(TARGET_DIR)/usr/lib/dbus-1.0

package/dhcp/Config.in

@@ -12,6 +12,7 @@ if BR2_PACKAGE_DHCP
 
 config BR2_PACKAGE_DHCP_SERVER
 	bool "dhcp server"
+	select BR2_PACKAGE_SYSTEMD_TMPFILES if BR2_PACKAGE_SYSTEMD
 	help
 	  DHCP server from the ISC DHCP distribution.
 

package/dhcp/dhcp.mk

@@ -102,6 +102,7 @@ define DHCP_INSTALL_INIT_SYSTEMD
 	ln -sf ../../../../usr/lib/systemd/system/dhcpd.service \
 		$(TARGET_DIR)/etc/systemd/system/multi-user.target.wants/dhcpd.service
 
+	mkdir -p $(TARGET_DIR)/usr/lib/tmpfiles.d
 	echo "d /var/lib/dhcp 0755 - - - -" > \
 		$(TARGET_DIR)/usr/lib/tmpfiles.d/dhcpd.conf
 	echo "f /var/lib/dhcp/dhcpd.leases - - - - -" >> \

package/dialog/dialog.mk

@@ -6,7 +6,7 @@
 
 DIALOG_VERSION = 1.2-20150125
 DIALOG_SOURCE = dialog-$(DIALOG_VERSION).tgz
-DIALOG_SITE = ftp://invisible-island.net/dialog
+DIALOG_SITE = ftp://ftp.invisible-island.net/dialog
 DIALOG_CONF_OPTS = --with-ncurses --with-curses-dir=$(STAGING_DIR)/usr \
 	--disable-rpath-hack
 DIALOG_DEPENDENCIES = host-pkgconf ncurses

package/dnsmasq/dnsmasq.hash

@@ -1,2 +1,6 @@
 # Locally calculated after checking pgp signature
-sha256	4b92698dee19ca0cb2a8f2e48f1d2dffd01a21eb15d1fbed4cf085630c8c9f96	dnsmasq-2.76.tar.xz
+# http://www.thekelleys.org.uk/dnsmasq/dnsmasq-2.78.tar.xz.asc
+sha256	89949f438c74b0c7543f06689c319484bd126cc4b1f8c745c742ab397681252b	dnsmasq-2.78.tar.xz
+# Locally calculated
+sha256	dcc100d4161cc0b7177545ab6e47216f84857cda3843847c792a25289852dcaa	COPYING
+sha256	8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903	COPYING-v3

package/dnsmasq/dnsmasq.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DNSMASQ_VERSION = 2.76
+DNSMASQ_VERSION = 2.78
 DNSMASQ_SOURCE = dnsmasq-$(DNSMASQ_VERSION).tar.xz
 DNSMASQ_SITE = http://thekelleys.org.uk/dnsmasq
 DNSMASQ_MAKE_ENV = $(TARGET_MAKE_ENV) CC="$(TARGET_CC)"
@@ -58,7 +58,7 @@ DNSMASQ_MAKE_OPTS += LIBS+="-ldl"
 endif
 
 define DNSMASQ_ENABLE_LUA
-	$(SED) 's/lua5.1/lua/g' $(DNSMASQ_DIR)/Makefile
+	$(SED) 's/lua5.2/lua/g' $(DNSMASQ_DIR)/Makefile
 	$(SED) 's^.*#define HAVE_LUASCRIPT.*^#define HAVE_LUASCRIPT^' \
 		$(DNSMASQ_DIR)/src/config.h
 endef

package/domoticz/domoticz.mk

@@ -18,6 +18,21 @@ DOMOTICZ_DEPENDENCIES = \
 	sqlite \
 	zlib
 
+# Fixes:
+# http://autobuild.buildroot.org/results/454c0ea393615bae2d1b44be9920f25b5c49fc33
+# There is an issue with powerpc64le and boost::uuids::random_generator on the
+# following line of code (from include/boost/uuid/seed_rng.hpp):
+# sha.process_bytes( (unsigned char const*)&std::rand, sizeof( void(*)() ) )
+# This line "inspects the first couple bytes (here eight) of the std::rand
+# function to seed some rng. Due to the implementation of process_bytes and
+# inlining happening, it seems that one of the loops therein uses &rand-1 as
+# some boundary, compiling with -O0 makes that reloc come out as 'rand + 0' and
+# the link will succeed."
+# See: https://bugzilla.suse.com/show_bug.cgi?id=955832#c7
+ifeq ($(BR2_powerpc64le),y)
+DOMOTICZ_CXXFLAGS += -O0
+endif
+
 # Due to the dependency on mosquitto, domoticz depends on
 # !BR2_STATIC_LIBS so set USE_STATIC_BOOST to OFF
 DOMOTICZ_CONF_OPTS += -DUSE_STATIC_BOOST=OFF
@@ -27,7 +42,8 @@ DOMOTICZ_CONF_OPTS += -DUSE_STATIC_BOOST=OFF
 DOMOTICZ_CONF_OPTS += \
 	-DUSE_BUILTIN_LUA=OFF \
 	-DUSE_BUILTIN_SQLITE=OFF \
-	-DUSE_BUILTIN_MQTT=OFF
+	-DUSE_BUILTIN_MQTT=OFF \
+	-DCMAKE_CXX_FLAGS="$(TARGET_CXXFLAGS) $(DOMOTICZ_CXXFLAGS)"
 
 ifeq ($(BR2_PACKAGE_LIBUSB),y)
 DOMOTICZ_DEPENDENCIES += libusb

package/dovecot/dovecot.hash

@@ -1,2 +1,2 @@
 # Locally computed after checking signature
-sha256 897f92a87cda4b27b243f8149ce0ba7b7e71a2be8fb7994eb0a025e54cde18e9  dovecot-2.2.27.tar.gz
+sha256 ccfa9ffb7eb91e9e87c21c108324b911250c9ffa838bffb64b1caafadcb0f388  dovecot-2.2.29.1.tar.gz

package/dovecot/dovecot.mk

@@ -5,7 +5,7 @@
 ################################################################################
 
 DOVECOT_VERSION_MAJOR = 2.2
-DOVECOT_VERSION = $(DOVECOT_VERSION_MAJOR).27
+DOVECOT_VERSION = $(DOVECOT_VERSION_MAJOR).29.1
 DOVECOT_SITE = http://www.dovecot.org/releases/$(DOVECOT_VERSION_MAJOR)
 DOVECOT_INSTALL_STAGING = YES
 DOVECOT_LICENSE = LGPLv2.1

package/dropbear/dropbear.hash

@@ -1,2 +1,2 @@
 # From https://matt.ucc.asn.au/dropbear/releases/SHA256SUM.asc
-sha256 2720ea54ed009af812701bcc290a2a601d5c107d12993e5d92c0f5f81f718891 dropbear-2016.74.tar.bz2
+sha256 6cbc1dcb1c9709d226dff669e5604172a18cf5dbf9a201474d5618ae4465098c dropbear-2017.75.tar.bz2

package/dropbear/dropbear.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DROPBEAR_VERSION = 2016.74
+DROPBEAR_VERSION = 2017.75
 DROPBEAR_SITE = http://matt.ucc.asn.au/dropbear/releases
 DROPBEAR_SOURCE = dropbear-$(DROPBEAR_VERSION).tar.bz2
 DROPBEAR_LICENSE = MIT, BSD-2c-like, BSD-2c

package/dvb-apps/dvb-apps.mk

@@ -15,6 +15,8 @@ DVB_APPS_DEPENDENCIES = libiconv
 DVB_APPS_LDLIBS += -liconv
 endif
 
+DVB_APPS_MAKE_OPTS = PERL5LIB=$(@D)/util/scan
+
 ifeq ($(BR2_STATIC_LIBS),y)
 DVB_APPS_MAKE_OPTS += enable_shared=no
 else ifeq ($(BR2_SHARED_LIBS),y)
@@ -25,7 +27,7 @@ DVB_APPS_INSTALL_STAGING = YES
 
 define DVB_APPS_BUILD_CMDS
 	$(TARGET_CONFIGURE_OPTS) LDLIBS="$(DVB_APPS_LDLIBS)" \
-		$(MAKE) -C $(@D) CROSS_ROOT=$(STAGING_DIR) \
+		$(MAKE1) -C $(@D) CROSS_ROOT=$(STAGING_DIR) \
 		$(DVB_APPS_MAKE_OPTS)
 endef
 

package/e2fsprogs/0002-include-sys-sysmacros.h-as-needed.patch

@@ -0,0 +1,129 @@
+From 3fb715b55426875902dfef3056b2cf7335953178 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Fri, 19 May 2017 13:25:59 -0400
+Subject: [PATCH] include sys/sysmacros.h as needed
+
+The minor/major/makedev macros are not entirely standard.  glibc has had
+the definitions in sys/sysmacros.h since the start, and wants to move away
+from always defining them implicitly via sys/types.h (as this pollutes the
+namespace in violation of POSIX).  Other C libraries have already dropped
+them.  Since the configure script already checks for this header, use that
+to pull in the header in files that use these macros.
+
+Signed-off-by: Mike Frysinger <vapier@gentoo.org>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+
+Upstream commit 3fb715b55426875902dfef3056b2cf7335953178
+Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
+---
+ debugfs/debugfs.c      | 3 +++
+ lib/blkid/devname.c    | 3 +++
+ lib/blkid/devno.c      | 3 +++
+ lib/ext2fs/finddev.c   | 3 +++
+ lib/ext2fs/ismounted.c | 3 +++
+ misc/create_inode.c    | 4 ++++
+ misc/mk_hugefiles.c    | 3 +++
+ 7 files changed, 22 insertions(+)
+
+diff --git a/debugfs/debugfs.c b/debugfs/debugfs.c
+index 059ddc39..453f5b52 100644
+--- a/debugfs/debugfs.c
++++ b/debugfs/debugfs.c
+@@ -26,6 +26,9 @@ extern char *optarg;
+ #include <errno.h>
+ #endif
+ #include <fcntl.h>
++#ifdef HAVE_SYS_SYSMACROS_H
++#include <sys/sysmacros.h>
++#endif
+ 
+ #include "debugfs.h"
+ #include "uuid/uuid.h"
+diff --git a/lib/blkid/devname.c b/lib/blkid/devname.c
+index 3e2efa9d..671e781f 100644
+--- a/lib/blkid/devname.c
++++ b/lib/blkid/devname.c
+@@ -36,6 +36,9 @@
+ #if HAVE_SYS_MKDEV_H
+ #include <sys/mkdev.h>
+ #endif
++#ifdef HAVE_SYS_SYSMACROS_H
++#include <sys/sysmacros.h>
++#endif
+ #include <time.h>
+ 
+ #include "blkidP.h"
+diff --git a/lib/blkid/devno.c b/lib/blkid/devno.c
+index aa6eb907..480030f2 100644
+--- a/lib/blkid/devno.c
++++ b/lib/blkid/devno.c
+@@ -31,6 +31,9 @@
+ #if HAVE_SYS_MKDEV_H
+ #include <sys/mkdev.h>
+ #endif
++#ifdef HAVE_SYS_SYSMACROS_H
++#include <sys/sysmacros.h>
++#endif
+ 
+ #include "blkidP.h"
+ 
+diff --git a/lib/ext2fs/finddev.c b/lib/ext2fs/finddev.c
+index 311608de..62fa0dbe 100644
+--- a/lib/ext2fs/finddev.c
++++ b/lib/ext2fs/finddev.c
+@@ -31,6 +31,9 @@
+ #if HAVE_SYS_MKDEV_H
+ #include <sys/mkdev.h>
+ #endif
++#ifdef HAVE_SYS_SYSMACROS_H
++#include <sys/sysmacros.h>
++#endif
+ 
+ #include "ext2_fs.h"
+ #include "ext2fs.h"
+diff --git a/lib/ext2fs/ismounted.c b/lib/ext2fs/ismounted.c
+index bcac0f15..7d524715 100644
+--- a/lib/ext2fs/ismounted.c
++++ b/lib/ext2fs/ismounted.c
+@@ -49,6 +49,9 @@
+ #if HAVE_SYS_TYPES_H
+ #include <sys/types.h>
+ #endif
++#ifdef HAVE_SYS_SYSMACROS_H
++#include <sys/sysmacros.h>
++#endif
+ 
+ #include "ext2_fs.h"
+ #include "ext2fs.h"
+diff --git a/misc/create_inode.c b/misc/create_inode.c
+index ae22ff6f..8ce3fafa 100644
+--- a/misc/create_inode.c
++++ b/misc/create_inode.c
+@@ -22,6 +22,10 @@
+ #include <attr/xattr.h>
+ #endif
+ #include <sys/ioctl.h>
++#ifdef HAVE_SYS_SYSMACROS_H
++#include <sys/sysmacros.h>
++#endif
++
+ #include <ext2fs/ext2fs.h>
+ #include <ext2fs/ext2_types.h>
+ #include <ext2fs/fiemap.h>
+diff --git a/misc/mk_hugefiles.c b/misc/mk_hugefiles.c
+index 049c6f41..5882394d 100644
+--- a/misc/mk_hugefiles.c
++++ b/misc/mk_hugefiles.c
+@@ -35,6 +35,9 @@ extern int optind;
+ #include <sys/ioctl.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
++#ifdef HAVE_SYS_SYSMACROS_H
++#include <sys/sysmacros.h>
++#endif
+ #include <libgen.h>
+ #include <limits.h>
+ #include <blkid/blkid.h>
+-- 
+2.13.3
+

package/efibootmgr/0003-Remove-extra-const-keywords-gcc-7-gripes-about.patch

@@ -0,0 +1,51 @@
+From a542b169003c2ef95ce6c00d40050eb10568b612 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Mon, 6 Feb 2017 16:34:54 -0500
+Subject: [PATCH] Remove extra const keywords gcc 7 gripes about.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+[Backported from upstream commit a542b169003c2ef95ce6c00d40050eb10568b612]
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+---
+ src/efibootdump.c | 2 +-
+ src/efibootmgr.c  | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/efibootdump.c b/src/efibootdump.c
+index 6ff8360..30a1943 100644
+--- a/src/efibootdump.c
++++ b/src/efibootdump.c
+@@ -39,7 +39,7 @@ print_boot_entry(efi_load_option *loadopt, size_t data_size)
+ 	uint8_t *optional_data = NULL;
+ 	size_t optional_data_len = 0;
+ 	uint16_t pathlen;
+-	const unsigned char const *desc;
++	const unsigned char *desc;
+ 	char *raw;
+ 	size_t raw_len;
+ 
+diff --git a/src/efibootmgr.c b/src/efibootmgr.c
+index 493f2cf..90a0998 100644
+--- a/src/efibootmgr.c
++++ b/src/efibootmgr.c
+@@ -221,7 +221,7 @@ warn_duplicate_name(list_t *var_list)
+ 	list_t *pos;
+ 	var_entry_t *entry;
+ 	efi_load_option *load_option;
+-	const unsigned char const *desc;
++	const unsigned char *desc;
+ 
+ 	list_for_each(pos, var_list) {
+ 		entry = list_entry(pos, var_entry_t, list);
+@@ -873,7 +873,7 @@ show_vars(const char *prefix)
+ {
+ 	list_t *pos;
+ 	var_entry_t *boot;
+-	const unsigned char const *description;
++	const unsigned char *description;
+ 	efi_load_option *load_option;
+ 	efidp dp = NULL;
+ 	unsigned char *optional_data = NULL;
+-- 
+2.9.4
+