Update for 2018.11.2

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

CHANGES

@@ -1,3 +1,63 @@
+2018.11.2, Released January 30th, 2019
+
+	Important / security related fixes.
+
+	Defconfigs: Fixes for imx6slevk, imx7dsabresd, imx8mqevk, Lego
+	EV3, QEMU AArch64-virt
+
+	Download: Fix scp download handling
+
+	check-package: fix Python 3 support
+
+	get-developers: Fix behaviour when called from elsewhere than
+	the toplevel directory.
+
+	kconfig: Fix for make linux-menuconfig / uboot-menuconfig from
+	a clean tree when ccache is enabled.
+
+	cmake: Also set CMAKE_SYSTEM_VERSION in toolchainfile.cmake
+
+	Updated/fixed packages: acpica, apache, apr, avrdude, cargo,
+	cc-tool, dash, dhcpdump, dmalloc, docker-containerd, efivar,
+	fwts, glibc, gnuchess, gnupg2, go, leveldb, libarchive,
+	libassuan, libftdi1, libgpg-error, libhttpparser, libkcapi,
+	libmad, libsndfile, libsquish, liburiparser, libwebsock,
+	libxml2, lighttpd, llvm, lm-sensors, lua-msgpack-native, lxc,
+	mariadb, mbedtls, meson, mosquitto, netatalk, nodejs, odhcp6c,
+	openresolv, openssh, pango, patchelf, php, python-django,
+	python-numpy, python-pyyaml, rauc, rp-pppoe, s6-networking,
+	samba4, sdl_sound, shairport-sync, sqlite, subversion,
+	sunxi-cedarx, swupdate, systemd, tcpreplay, tekui, tmp2-abrmd,
+	tpm2-tools, tpm2-tss, udisks, unixodbc, usb_modeswitch,
+	webkitgtk, wireshark, wolfssl, xapp_rgb, xenomai, xerces
+
+	Issues resolved (http://bugs.uclibc.org):
+
+	#11576: Unable to start apache with event MPM on raspberry pi 3
+
+2018.11.1, Released December 20th, 2018
+
+	Important / security related fixes.
+
+	defconfigs: Fixes for bananapi m2 ultra, ci20
+
+	Download wrapper: Fix for urlencode handling
+
+	Updated/fixed packages: asterisk, docker-compose,
+	docker-engine, dt-utils, gnutls, go, grub, libbsd, libcurl,
+	libpgpme, libiscsi, liblo, libmpd, libopenssl, liboping,
+	libpam-tacplus, libpjsip, linux-firmware, liquid-dsp,
+	lua-cqueue, luvi, lxc, lynx, nginx, nodejs, openzwave, php,
+	pps-tools, proftpd, prosody, sdl2_net, squashfs, swupdate,
+	uclibc, vtu, webkitgtk, wine, xen
+
+	New packages: docker-cli
+
+	Issues resolved (http://bugs.uclibc.org):
+
+	#11426: pps-tools bash dependency
+	#11536: dt-utils building fails with glibc 2.28
+
 2018.11, Released December 1st, 2018
 
 	Minor fixes.

Config.in.legacy

@@ -241,6 +241,15 @@ config BR2_PACKAGE_LIBNFTNL_XML
 ###############################################################################
 comment "Legacy options removed in 2018.08"
 
+config BR2_PACKAGE_DOCKER_ENGINE_STATIC_CLIENT
+	bool "docker-engine static client option renamed"
+	select BR2_LEGACY
+	select BR2_PACKAGE_DOCKER_CLI_STATIC
+	help
+	  BR2_PACKAGE_DOCKER_ENGINE_STATIC_CLIENT has been renamed to
+	  BR2_PACKAGE_DOCKER_CLI_STATIC, following the package split of
+	  docker-engine and docker-cli.
+
 config BR2_PACKAGE_XSERVER_XORG_SERVER_V_1_19
 	bool "Modular X.org server was updated to version 1.20.0"
 	select BR2_LEGACY

DEVELOPERS

@@ -1859,13 +1859,6 @@ N:	Scott Fan <fancp2007@gmail.com>
 F:	package/libssh/
 F:	package/x11r7/xdriver_xf86-video-fbturbo/
 
-N:	Sebastien Bourdelin <sebastien.bourdelin@savoirfairelinux.com>
-F:	package/atf/
-F:	package/cppunit/
-F:	package/kyua/
-F:	package/lutok/
-F:	package/yaml-cpp/
-
 N:	Sébastien Szymanski <sebastien.szymanski@armadeus.com>
 F:	package/mmc-utils/
 F:	package/python-flask-jsonrpc/

Makefile

@@ -2,7 +2,7 @@
 #
 # Copyright (C) 1999-2005 by Erik Andersen <andersen@codepoet.org>
 # Copyright (C) 2006-2014 by the Buildroot developers <buildroot@uclibc.org>
-# Copyright (C) 2014-2018 by the Buildroot developers <buildroot@buildroot.org>
+# Copyright (C) 2014-2019 by the Buildroot developers <buildroot@buildroot.org>
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -92,9 +92,9 @@ all:
 .PHONY: all
 
 # Set and export the version string
-export BR2_VERSION := 2018.11
+export BR2_VERSION := 2018.11.2
 # Actual time the release is cut (for reproducible builds)
-BR2_VERSION_EPOCH = 1543701000
+BR2_VERSION_EPOCH = 1545257000
 
 # Save running make version since it's clobbered by the make package
 RUNNING_MAKE_VERSION := $(MAKE_VERSION)

arch/Config.in.arm

@@ -376,25 +376,19 @@ config BR2_exynos_m1
 	select BR2_ARM_CPU_ARMV8A
 	select BR2_ARCH_HAS_MMU_OPTIONAL
 	select BR2_ARCH_NEEDS_GCC_AT_LEAST_5
+if BR2_ARCH_IS_64
 config BR2_falkor
 	bool "falkor"
-	select BR2_ARM_CPU_HAS_ARM if !BR2_ARCH_IS_64
-	select BR2_ARM_CPU_HAS_NEON if !BR2_ARCH_IS_64
-	select BR2_ARM_CPU_HAS_THUMB2 if !BR2_ARCH_IS_64
 	select BR2_ARM_CPU_HAS_FP_ARMV8
 	select BR2_ARM_CPU_ARMV8A
 	select BR2_ARCH_HAS_MMU_OPTIONAL
 	select BR2_ARCH_NEEDS_GCC_AT_LEAST_7
 config BR2_qdf24xx
 	bool "qdf24xx"
-	select BR2_ARM_CPU_HAS_ARM if !BR2_ARCH_IS_64
-	select BR2_ARM_CPU_HAS_NEON if !BR2_ARCH_IS_64
-	select BR2_ARM_CPU_HAS_THUMB2 if !BR2_ARCH_IS_64
 	select BR2_ARM_CPU_HAS_FP_ARMV8
 	select BR2_ARM_CPU_ARMV8A
 	select BR2_ARCH_HAS_MMU_OPTIONAL
 	select BR2_ARCH_NEEDS_GCC_AT_LEAST_6
-if BR2_ARCH_IS_64
 config BR2_thunderx
 	bool "thunderx"
 	select BR2_ARM_CPU_HAS_FP_ARMV8

board/ci20/patches/uboot/0001-mips-Remove-default-endiannes.patch

@@ -0,0 +1,66 @@
+From b3a1e97498e7987073775d49a703932c20f2df1d Mon Sep 17 00:00:00 2001
+From: Ezequiel Garcia <ezequiel@collabora.com>
+Date: Mon, 12 Nov 2018 14:04:46 -0300
+Subject: [PATCH] mips: Remove default endiannes
+
+Currently, trying to build ci20_mmc fails on little-endian
+toolchains. The problem seems to be that some targets don't
+have CONFIG_SYS_LITTLE_ENDIAN properly set, and therefore
+the default -EB switch is selected.
+
+Let's get rid of the default switch entirely, and fix this problem.
+While this may be a hack, it is a quick solution until
+U-Boot gets CI20 proper support.
+
+make ARCH=mips CROSS_COMPILE=mips-linux-gnu- ci20_mmc
+Configuring for ci20_mmc - Board: ci20, Options: SPL_MMC_SUPPORT,ENV_IS_IN_MMC
+make
+make[1]: Entering directory '/home/zeta/repos/u-boot-ci20'
+Generating include/autoconf.mk
+Generating include/autoconf.mk.dep
+mips-linux-gnu-gcc: error: may not use both -EB and -EL
+mips-linux-gnu-gcc: error: may not use both -EB and -EL
+Generating include/spl-autoconf.mk
+mips-linux-gnu-gcc: error: may not use both -EB and -EL
+Generating include/tpl-autoconf.mk
+mips-linux-gnu-gcc: error: may not use both -EB and -EL
+mips-linux-gnu-gcc -DDO_DEPS_ONLY \
+	-g  -Os   -ffunction-sections -fdata-sections -D__KERNEL__ -I/home/zeta/repos/u-boot-ci20/include -fno-builtin -ffreestanding -nostdinc -isystem /home/zeta/repos/buildroot/mips/output/host/opt/ext-toolchain/bin/../lib/gcc/mips-linux-gnu/5.3.0/include -pipe  -DCONFIG_MIPS -D__MIPS__ -G 0 -EB -msoft-float -fpic -mabicalls -march=mips32 -mabi=32 -DCONFIG_32BIT -mno-branch-likely -Wall -Wstrict-prototypes       \
+	-o lib/asm-offsets.s lib/asm-offsets.c -c -S
+if [ -f arch/mips/cpu/xburst/jz4780/asm-offsets.c ];then \
+	mips-linux-gnu-gcc -DDO_DEPS_ONLY \
+	-g  -Os   -ffunction-sections -fdata-sections -D__KERNEL__ -I/home/zeta/repos/u-boot-ci20/include -fno-builtin -ffreestanding -nostdinc -isystem /home/zeta/repos/buildroot/mips/output/host/opt/ext-toolchain/bin/../lib/gcc/mips-linux-gnu/5.3.0/include -pipe  -DCONFIG_MIPS -D__MIPS__ -G 0 -EB -msoft-float -fpic -mabicalls -march=mips32 -mabi=32 -DCONFIG_32BIT -mno-branch-likely -Wall -Wstrict-prototypes       \
+		-o arch/mips/cpu/xburst/jz4780/asm-offsets.s arch/mips/cpu/xburst/jz4780/asm-offsets.c -c -S; \
+else \
+	touch arch/mips/cpu/xburst/jz4780/asm-offsets.s; \
+fi
+mips-linux-gnu-gcc: error: may not use both -EB and -EL
+make[1]: *** [Makefile:747: lib/asm-offsets.s] Error 1
+make[1]: *** Waiting for unfinished jobs....
+make[1]: Leaving directory '/home/zeta/repos/u-boot-ci20'
+make: *** [.boards.depend:463: ci20_mmc] Error 2
+
+Signed-off-by: Ezequiel Garcia <ezequiel@collabora.com>
+---
+https://github.com/MIPS/CI20_u-boot/pull/19
+
+ arch/mips/config.mk | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/arch/mips/config.mk b/arch/mips/config.mk
+index c89279025507..43560abbc0e1 100644
+--- a/arch/mips/config.mk
++++ b/arch/mips/config.mk
+@@ -20,9 +20,6 @@ ifdef CONFIG_SYS_BIG_ENDIAN
+ ENDIANNESS := -EB
+ endif
+ 
+-# Default to EB if no endianess is configured
+-ENDIANNESS ?= -EB
+-
+ PLATFORM_CPPFLAGS += -DCONFIG_MIPS -D__MIPS__
+ 
+ #
+-- 
+2.19.1
+

board/freescale/common/imx/genimage.cfg.template_imx8

@@ -3,7 +3,7 @@
 # We mimic the .sdcard Freescale's image format:
 # * the SD card must have 33 kB free space at the beginning,
 # * U-Boot is integrated into imx8-boot-sd.bin and is dumped as is,
-# * a FAT partition at offset 32MB is containing Image and DTB files
+# * a FAT partition at offset 8MB is containing Image and DTB files
 # * a single root filesystem partition is required (ext2, ext3 or ext4)
 #
 

board/freescale/imx7dsdb/patches/uboot/0001-imx-Create-distinct-pre-processed-mkimage-config-fil.patch

@@ -0,0 +1,89 @@
+From 27a2cd6a1980adf3002412678c8fdec6528dc47d Mon Sep 17 00:00:00 2001
+From: Trent Piepho <tpiepho@impinj.com>
+Date: Fri, 6 Apr 2018 17:11:27 -0700
+Subject: [PATCH] imx: Create distinct pre-processed mkimage config files
+
+Each imx image is created by a separate sub-make and during this process
+the mkimage config file is run though cpp.
+
+The cpp output is to the same file no matter what imx image is being
+created.
+
+This means if two imx images are generated in parallel they will attempt
+to independently produce the same pre-processed mkimage config file at
+the same time.
+
+Avoid the problem by making the pre-processed config file name unique
+based on the imx image it will be used in.  This way each image will
+create a unique config file and they won't clobber each other when run
+in parallel.
+
+This should fixed the build bug referenced in b5b0e4e3 ("imximage:
+Remove failure when no IVT offset is found").
+
+Cc: Breno Lima <breno.lima@nxp.com>
+Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+Cc: Fabio Estevam <fabio.estevam@nxp.com>
+Signed-off-by: Trent Piepho <tpiepho@impinj.com>
+Tested-by: Fabio Estevam <fabio.estevam@nxp.com>
+[fabio: Adapted to imx_v2017.03_4.9.11_1.0.0_ga]
+Signed-off-by: Fabio Estevam <festevam@gmail.com>
+---
+ arch/arm/imx-common/Makefile | 15 ++++++++-------
+ 1 file changed, 8 insertions(+), 7 deletions(-)
+
+diff --git a/arch/arm/imx-common/Makefile b/arch/arm/imx-common/Makefile
+index d862258..f1bae8d 100644
+--- a/arch/arm/imx-common/Makefile
++++ b/arch/arm/imx-common/Makefile
+@@ -69,9 +69,11 @@ endif
+ quiet_cmd_cpp_cfg = CFGS    $@
+       cmd_cpp_cfg = $(CPP) $(cpp_flags) -x c -o $@ $<
+ 
+-IMX_CONFIG = $(CONFIG_IMX_CONFIG:"%"=%).cfgtmp
++# mkimage source config file
++IMX_CONFIG = $(CONFIG_IMX_CONFIG:"%"=%)
+ 
+-$(IMX_CONFIG): %.cfgtmp: % FORCE
++# How to create a cpp processed config file, they all use the same source
++%.cfgout: $(IMX_CONFIG) FORCE
+ 	$(Q)mkdir -p $(dir $@)
+ 	$(call if_changed_dep,cpp_cfg)
+ 
+@@ -79,7 +81,7 @@ MKIMAGEFLAGS_u-boot.imx = -n $(filter-out $(PLUGIN).bin $< $(PHONY),$^) -T imxim
+ 	-e $(CONFIG_SYS_TEXT_BASE)
+ u-boot.imx: MKIMAGEOUTPUT = u-boot.imx.log
+ 
+-u-boot.imx: u-boot.bin $(IMX_CONFIG) $(PLUGIN).bin FORCE
++u-boot.imx: u-boot.bin u-boot.cfgout $(PLUGIN).bin FORCE
+ 	$(call if_changed,mkimage)
+ 
+ ifeq ($(CONFIG_OF_SEPARATE),y)
+@@ -87,16 +89,15 @@ MKIMAGEFLAGS_u-boot-dtb.imx = -n $(filter-out $(PLUGIN).bin $< $(PHONY),$^) -T i
+ 	-e $(CONFIG_SYS_TEXT_BASE)
+ u-boot-dtb.imx: MKIMAGEOUTPUT = u-boot-dtb.imx.log
+ 
+-u-boot-dtb.imx: u-boot-dtb.bin $(IMX_CONFIG) $(PLUGIN).bin FORCE
++u-boot-dtb.imx: u-boot-dtb.bin u-boot-dtb.cfgout $(PLUGIN).bin FORCE
+ 	$(call if_changed,mkimage)
+ endif
+ 
+ MKIMAGEFLAGS_SPL = -n $(filter-out $(PLUGIN).bin $< $(PHONY),$^) -T imximage \
+ 	-e $(CONFIG_SPL_TEXT_BASE)
+-
+ SPL: MKIMAGEOUTPUT = SPL.log
+ 
+-SPL: spl/u-boot-spl.bin $(IMX_CONFIG) $(PLUGIN).bin FORCE
++SPL: spl/u-boot-spl.bin spl/u-boot-spl.cfgout $(PLUGIN).bin FORCE
+ 	$(call if_changed,mkimage)
+ 
+ MKIMAGEFLAGS_u-boot.uim = -A arm -O U-Boot -a $(CONFIG_SYS_TEXT_BASE) \
+@@ -124,4 +125,4 @@ cmd_u-boot-nand-spl_imx = (printf '\000\000\000\000\106\103\102\040\001' && \
+ spl/u-boot-nand-spl.imx: SPL FORCE
+ 	$(call if_changed,u-boot-nand-spl_imx)
+ 
+-targets += $(addprefix ../../../,$(IMX_CONFIG) SPL u-boot.uim spl/u-boot-nand-spl.imx)
++targets += $(addprefix ../../../,SPL spl/u-boot-spl.cfgout u-boot-dtb.cfgout u-boot.cfgout u-boot.uim spl/u-boot-nand-spl.imx)
+-- 
+2.7.4
+

board/freescale/imx8mqevk/readme.txt

@@ -21,7 +21,7 @@ You will find in output/images/ the following files:
   - boot.vfat
   - fsl-imx8mq-evk.dtb
   - Image
-  - imx-boot-imx8mqevk-sd.bin
+  - imx8-boot-sd.bin
   - lpddr4_pmu_train_fw.bin
   - rootfs.ext2
   - rootfs.ext4
@@ -69,7 +69,7 @@ Enable HDMI output
 
 To enable HDMI output at boot you must provide the video kernel boot
 argument.  To set the video boot argument from U-Boot run after
-stoping in U-Boot prompt:
+stopping in U-Boot prompt:
 
 setenv mmcargs 'setenv bootargs console=${console} root=${mmcroot} video=HDMI-A-1:1920x1080-32@60'
 saveenv

board/lego/ev3/genimage.cfg

@@ -16,7 +16,7 @@ image flash.bin {
 	flashtype = "nor-16M-256"
 	partition uboot {
 		image = "u-boot.bin"
-		size = 320K
+		size = 256K
 	}
 	partition uimage {
 		image = "uImage.da850-lego-ev3"

board/pc/post-build.sh

@@ -0,0 +1,15 @@
+#!/bin/sh
+
+set -e
+
+BOARD_DIR=$(dirname "$0")
+
+# Detect boot strategy, EFI or BIOS
+if [ -f "$BINARIES_DIR/efi-part/startup.nsh" ]; then
+    cp -f "$BOARD_DIR/grub-efi.cfg" "$BINARIES_DIR/efi-part/EFI/BOOT/grub.cfg"
+else
+    cp -f "$BOARD_DIR/grub-bios.cfg" "$TARGET_DIR/boot/grub/grub.cfg"
+
+    # Copy grub 1st stage to binaries, required for genimage
+    cp -f "$HOST_DIR/lib/grub/i387-pc/boot.img" "$BINARIES_DIR"
+fi

board/pc/post-image.sh

@@ -1,14 +0,0 @@
-#!/bin/sh
-
-BOARD_DIR="$(dirname $0)"
-
-# Detect boot strategy, EFI or BIOS
-if [ -f ${BINARIES_DIR}/efi-part/startup.nsh ]; then
-  cp -f ${BOARD_DIR}/grub-efi.cfg ${BINARIES_DIR}/efi-part/EFI/BOOT/grub.cfg
-else
-  cp -f ${BOARD_DIR}/grub-bios.cfg ${TARGET_DIR}/boot/grub/grub.cfg
-  # Copy grub 1st stage to binaries, required for genimage
-  cp -f ${HOST_DIR}/lib/grub/i386-pc/boot.img ${BINARIES_DIR}
-fi
-
-exit $?

board/qemu/aarch64-virt/readme.txt

@@ -1,6 +1,6 @@
 Run the emulation with:
 
-  qemu-system-aarch64 -M virt -cpu cortex-a57 -nographic -smp 1 -kernel output/images/Image -append "root=/dev/vda console=ttyAMA0" -netdev user,id=eth0 -device virtio-net-device,netdev=eth0 -drive file=output/images/rootfs.ext4,if=none,format=raw,id=hd0 -device virtio-blk-device,drive=hd0
+  qemu-system-aarch64 -M virt -cpu cortex-a53 -nographic -smp 1 -kernel output/images/Image -append "root=/dev/vda console=ttyAMA0" -netdev user,id=eth0 -device virtio-net-device,netdev=eth0 -drive file=output/images/rootfs.ext4,if=none,format=raw,id=hd0 -device virtio-blk-device,drive=hd0
 
 The login prompt will appear in the terminal that started Qemu.
 

boot/barebox/barebox.mk

@@ -28,7 +28,7 @@ $(1)_SITE_METHOD = git
 else
 # Handle stable official Barebox versions
 $(1)_SOURCE = barebox-$$($(1)_VERSION).tar.bz2
-$(1)_SITE = http://www.barebox.org/download
+$(1)_SITE = https://www.barebox.org/download
 endif
 
 $(1)_DEPENDENCIES = host-lzop

boot/grub2/0001-x86-64-Treat-R_X86_64_PLT32-as-R_X86_64_PC32.patch

@@ -0,0 +1,74 @@
+From 842c390469e2c2e10b5aa36700324cd3bde25875 Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Sat, 17 Feb 2018 06:47:28 -0800
+Subject: [PATCH] x86-64: Treat R_X86_64_PLT32 as R_X86_64_PC32
+
+Starting from binutils commit bd7ab16b4537788ad53521c45469a1bdae84ad4a:
+
+https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=bd7ab16b4537788ad53521c45469a1bdae84ad4a
+
+x86-64 assembler generates R_X86_64_PLT32, instead of R_X86_64_PC32, for
+32-bit PC-relative branches.  Grub2 should treat R_X86_64_PLT32 as
+R_X86_64_PC32.
+
+Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Romain Naour <romain.naour@smile.fr>
+---
+ grub-core/efiemu/i386/loadcore64.c | 1 +
+ grub-core/kern/x86_64/dl.c         | 1 +
+ util/grub-mkimagexx.c              | 1 +
+ util/grub-module-verifier.c        | 1 +
+ 4 files changed, 4 insertions(+)
+
+diff --git a/grub-core/efiemu/i386/loadcore64.c b/grub-core/efiemu/i386/loadcore64.c
+index e49d0b6..18facf4 100644
+--- a/grub-core/efiemu/i386/loadcore64.c
++++ b/grub-core/efiemu/i386/loadcore64.c
+@@ -98,6 +98,7 @@ grub_arch_efiemu_relocate_symbols64 (grub_efiemu_segment_t segs,
+ 		    break;
+ 
+ 		  case R_X86_64_PC32:
++		  case R_X86_64_PLT32:
+ 		    err = grub_efiemu_write_value (addr,
+ 						   *addr32 + rel->r_addend
+ 						   + sym.off
+diff --git a/grub-core/kern/x86_64/dl.c b/grub-core/kern/x86_64/dl.c
+index 4406906..3a73e6e 100644
+--- a/grub-core/kern/x86_64/dl.c
++++ b/grub-core/kern/x86_64/dl.c
+@@ -70,6 +70,7 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr,
+ 	  break;
+ 
+ 	case R_X86_64_PC32:
++	case R_X86_64_PLT32:
+ 	  {
+ 	    grub_int64_t value;
+ 	    value = ((grub_int32_t) *addr32) + rel->r_addend + sym->st_value -
+diff --git a/util/grub-mkimagexx.c b/util/grub-mkimagexx.c
+index a2bb054..39d7efb 100644
+--- a/util/grub-mkimagexx.c
++++ b/util/grub-mkimagexx.c
+@@ -841,6 +841,7 @@ SUFFIX (relocate_addresses) (Elf_Ehdr *e, Elf_Shdr *sections,
+ 		  break;
+ 
+ 		case R_X86_64_PC32:
++		case R_X86_64_PLT32:
+ 		  {
+ 		    grub_uint32_t *t32 = (grub_uint32_t *) target;
+ 		    *t32 = grub_host_to_target64 (grub_target_to_host32 (*t32)
+diff --git a/util/grub-module-verifier.c b/util/grub-module-verifier.c
+index 9179285..a79271f 100644
+--- a/util/grub-module-verifier.c
++++ b/util/grub-module-verifier.c
+@@ -19,6 +19,7 @@ struct grub_module_verifier_arch archs[] = {
+       -1
+     }, (int[]){
+       R_X86_64_PC32,
++      R_X86_64_PLT32,
+       -1
+     }
+   },
+-- 
+2.7.4
+

boot/uboot/uboot.mk

@@ -227,8 +227,9 @@ UBOOT_KCONFIG_EDITORS = menuconfig xconfig gconfig nconfig
 # (which is typically wchar) but link with
 # $(HOST_DIR)/lib/libncurses.so (which is not).  We don't actually
 # need any host-package for kconfig, so remove the HOSTCC/HOSTLDFLAGS
-# override again.
-UBOOT_KCONFIG_OPTS = $(UBOOT_MAKE_OPTS) HOSTCC="$(HOSTCC)" HOSTLDFLAGS=""
+# override again. In addition, host-ccache is not ready at kconfig
+# time, so use HOSTCC_NOCCACHE.
+UBOOT_KCONFIG_OPTS = $(UBOOT_MAKE_OPTS) HOSTCC="$(HOSTCC_NOCCACHE)" HOSTLDFLAGS=""
 define UBOOT_HELP_CMDS
 	@echo '  uboot-menuconfig       - Run U-Boot menuconfig'
 	@echo '  uboot-savedefconfig    - Run U-Boot savedefconfig'

configs/bananapi_m2_ultra_defconfig

@@ -1,5 +1,6 @@
 BR2_arm=y
 BR2_cortex_a7=y
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_18=y
 BR2_TARGET_GENERIC_ISSUE="Welcome to Bananapi M2 Ultra"
 BR2_ROOTFS_POST_IMAGE_SCRIPT="support/scripts/genimage.sh"
 BR2_ROOTFS_POST_SCRIPT_ARGS="-c board/bananapi/bananapi-m2-ultra/genimage.cfg"

configs/ci20_defconfig

@@ -27,6 +27,7 @@ BR2_TARGET_UBOOT_BOARDNAME="ci20_mmc"
 BR2_TARGET_UBOOT_CUSTOM_GIT=y
 BR2_TARGET_UBOOT_CUSTOM_REPO_URL="https://github.com/MIPS/CI20_u-boot"
 BR2_TARGET_UBOOT_CUSTOM_REPO_VERSION="dd3c1b95dac7d10b2ca5806f65e5c1050d7dd0fa"
+BR2_TARGET_UBOOT_PATCH="board/ci20/patches/uboot"
 BR2_TARGET_UBOOT_FORMAT_IMG=y
 BR2_TARGET_UBOOT_SPL=y
 BR2_TARGET_UBOOT_SPL_NAME="spl/u-boot-spl.bin"

configs/freescale_imx7dsabresd_defconfig

@@ -2,6 +2,9 @@
 BR2_arm=y
 BR2_cortex_a7=y
 
+# patches
+BR2_GLOBAL_PATCH_DIR="board/freescale/imx7dsdb/patches"
+
 # Linux headers same as kernel, a 4.9 series
 BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_9=y
 

configs/imx6slevk_defconfig

@@ -11,7 +11,7 @@ BR2_TARGET_ROOTFS_EXT2_4=y
 BR2_TARGET_UBOOT=y
 BR2_TARGET_UBOOT_BOARDNAME="mx6slevk"
 BR2_TARGET_UBOOT_CUSTOM_VERSION=y
-BR2_TARGET_UBOOT_CUSTOM_VERSION_VALUE="2017.11"
+BR2_TARGET_UBOOT_CUSTOM_VERSION_VALUE="2018.11"
 BR2_TARGET_UBOOT_FORMAT_IMX=y
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_VERSION=y

configs/pc_x86_64_bios_defconfig

@@ -19,7 +19,8 @@ BR2_TARGET_ROOTFS_EXT2=y
 BR2_TARGET_ROOTFS_EXT2_4=y
 BR2_TARGET_ROOTFS_EXT2_SIZE="120M"
 # BR2_TARGET_ROOTFS_TAR is not set
-BR2_ROOTFS_POST_IMAGE_SCRIPT="board/pc/post-image.sh support/scripts/genimage.sh"
+BR2_ROOTFS_POST_BUILD_SCRIPT="board/pc/post-build.sh"
+BR2_ROOTFS_POST_IMAGE_SCRIPT="support/scripts/genimage.sh"
 BR2_ROOTFS_POST_SCRIPT_ARGS="-c board/pc/genimage-bios.cfg"
 
 # Linux headers same as kernel, a 4.18 series

configs/pc_x86_64_efi_defconfig

@@ -22,7 +22,8 @@ BR2_TARGET_ROOTFS_EXT2=y
 BR2_TARGET_ROOTFS_EXT2_4=y
 BR2_TARGET_ROOTFS_EXT2_SIZE="120M"
 # BR2_TARGET_ROOTFS_TAR is not set
-BR2_ROOTFS_POST_IMAGE_SCRIPT="board/pc/post-image.sh support/scripts/genimage.sh"
+BR2_ROOTFS_POST_BUILD_SCRIPT="board/pc/post-build.sh"
+BR2_ROOTFS_POST_IMAGE_SCRIPT="support/scripts/genimage.sh"
 BR2_ROOTFS_POST_SCRIPT_ARGS="-c board/pc/genimage-efi.cfg"
 
 # Linux headers same as kernel, a 4.18 series

configs/qemu_aarch64_virt_defconfig

@@ -1,5 +1,6 @@
 # Architecture
 BR2_aarch64=y
+BR2_cortex_a53=y
 
 # System
 BR2_SYSTEM_DHCP="eth0"

docs/manual/adding-packages-waf.txt

@@ -63,7 +63,7 @@ also be defined.
 * +LIBFOO_NEEDS_EXTERNAL_WAF+ can be set to +YES+ or +NO+ to tell
   Buildroot to use the bundled +waf+ executable. If set to +NO+, the
   default, then Buildroot will use the waf executable provided in the
-  package source tree; if set to +YES+, then Buidlroot will download,
+  package source tree; if set to +YES+, then Buildroot will download,
   install waf as a host tool and use it to build the package.
 
 * +LIBFOO_WAF_OPTS+, to specify additional options to pass to the

docs/manual/developers.txt

@@ -6,7 +6,7 @@
 
 The main Buildroot directory contains a file named +DEVELOPERS+ that
 lists the developers involved with various areas of Buildroot. Thanks
-to this file, the +get-developer+ tool allows to:
+to this file, the +get-developers+ tool allows to:
 
 - Calculate the list of developers to whom patches should be sent, by
   parsing the patches and matching the modified files with the
@@ -26,21 +26,21 @@ to include in his patch the appropriate modification to the
 The +DEVELOPERS+ file format is documented in detail inside the file
 itself.
 
-The +get-developer+ tool, located in +utils/+ allows to use
+The +get-developers+ tool, located in +utils/+ allows to use
 the +DEVELOPERS+ file for various tasks:
 
 - When passing one or several patches as command line argument,
-  +get-developer+ will return the appropriate +git send-email+
+  +get-developers+ will return the appropriate +git send-email+
   command. If the +-e+ option is passed, only the email addresses are
   printed in a format suitable for +git send-email --cc-cmd+.
 
-- When using the +-a <arch>+ command line option, +get-developer+ will
+- When using the +-a <arch>+ command line option, +get-developers+ will
   return the list of developers in charge of the given architecture.
 
-- When using the +-p <package>+ command line option, +get-developer+
+- When using the +-p <package>+ command line option, +get-developers+
   will return the list of developers in charge of the given package.
 
-- When using the +-c+ command line option, +get-developer+ will look
+- When using the +-c+ command line option, +get-developers+ will look
   at all files under version control in the Buildroot repository, and
   list the ones that are not handled by any developer. The purpose of
   this option is to help completing the +DEVELOPERS+ file.

docs/manual/manual.txt

@@ -12,7 +12,7 @@ It is licensed under the GNU General Public License, version 2. Refer to the
 http://git.buildroot.org/buildroot/tree/COPYING?id={sys:git rev-parse HEAD}[COPYING]
 file in the Buildroot sources for the full text of this license.
 
-Copyright (C) 2004-2018 The Buildroot developers
+Copyright (C) 2004-2019 The Buildroot developers
 
 image::logo.png[]
 

docs/website/copyright.txt

@@ -1,6 +1,6 @@
 
 The code and graphics on this website (and it's mirror sites, if any) are
-Copyright (c) 1999-2005 by Erik Andersen, 2006-2018 The Buildroot
+Copyright (c) 1999-2005 by Erik Andersen, 2006-2019 The Buildroot
 developers. All rights reserved.
 
 Documents on this Web site including their graphical elements, design, and

linux/linux.hash

@@ -1,9 +1,9 @@
 # From https://www.kernel.org/pub/linux/kernel/v4.x/sha256sums.asc
 sha256 68ac319e0fb7edd6b6051541d9cf112cd4f77a29e16a69ae1e133ff51117f653  linux-4.18.20.tar.xz
 sha256 41026d713ba4f7a5e9d514b876ce4ed28a1d993c0c58b42b2a2597d6a0e83021  linux-4.16.18.tar.xz
-sha256 701728de924e0ec4a6b7cf59252011f8268a1b70aaf02b8487c1b2190feb3f20  linux-4.14.83.tar.xz
-sha256 f888aef58c2c4d82c81511ad6a4528ee9a8241bb96c05c65e71224988782f943  linux-4.9.140.tar.xz
-sha256 9bb4a1757e67dbd0923dbdf7e7e0baa9baa53ac942471d8fbb8d35dd5b313c10  linux-4.4.164.tar.xz
+sha256 110daeae1a416b7e0ec8dce5e86d67552deeb4567f696c3869389be239f0ecb5  linux-4.14.96.tar.xz
+sha256 9066929ec2550794ae107350a5f3c5b648438aa915cfc62bac5b7a54b9d7731a  linux-4.9.153.tar.xz
+sha256 fb4d16b3c1e508dfa0344e406caeb25286d1c258421d8891b5580323e4e639fb  linux-4.4.172.tar.xz
 sha256 6ad9389e55e0ea57768eae173747058a4487fa3630e10a7999cfec9f945e559c  linux-4.1.52.tar.xz
 # From https://www.kernel.org/pub/linux/kernel/v3.x/sha256sums.asc
 sha256 ad96d797571496c969aa71bf5d08e9d2a8c84458090d29a120f1b2981185a99e  linux-3.2.102.tar.xz

linux/linux.mk

@@ -269,13 +269,16 @@ endif
 LINUX_KCONFIG_FRAGMENT_FILES = $(call qstrip,$(BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES))
 LINUX_KCONFIG_EDITORS = menuconfig xconfig gconfig nconfig
 
-# LINUX_MAKE_FLAGS overrides HOSTCC to allow the kernel build to find our
-# host-openssl and host-libelf. However, this triggers a bug in the kconfig
-# build script that causes it to build with /usr/include/ncurses.h (which is
-# typically wchar) but link with $(HOST_DIR)/lib/libncurses.so (which is not).
-# We don't actually need any host-package for kconfig, so remove the HOSTCC
-# override again.
-LINUX_KCONFIG_OPTS = $(LINUX_MAKE_FLAGS) HOSTCC="$(HOSTCC)"
+# LINUX_MAKE_FLAGS overrides HOSTCC to allow the kernel build to find
+# our host-openssl and host-libelf. However, this triggers a bug in
+# the kconfig build script that causes it to build with
+# /usr/include/ncurses.h (which is typically wchar) but link with
+# $(HOST_DIR)/lib/libncurses.so (which is not).  We don't actually
+# need any host-package for kconfig, so remove the HOSTCC override
+# again. In addition, even though linux depends on the toolchain and
+# therefore host-ccache would be ready, we use HOSTCC_NOCCACHE for
+# consistency with other kconfig packages.
+LINUX_KCONFIG_OPTS = $(LINUX_MAKE_FLAGS) HOSTCC="$(HOSTCC_NOCCACHE)"
 
 # If no package has yet set it, set it from the Kconfig option
 LINUX_NEEDS_MODULES ?= $(BR2_LINUX_NEEDS_MODULES)
@@ -311,6 +314,7 @@ define LINUX_KCONFIG_FIXUP_CMDS
 	# replaced later by the real cpio archive, and the kernel will be
 	# rebuilt using the linux-rebuild-with-initramfs target.
 	$(if $(BR2_TARGET_ROOTFS_INITRAMFS),
+		mkdir -p $(BINARIES_DIR)
 		touch $(BINARIES_DIR)/rootfs.cpio
 		$(call KCONFIG_SET_OPT,CONFIG_INITRAMFS_SOURCE,"$${BR_BINARIES_DIR}/rootfs.cpio",$(@D)/.config)
 		$(call KCONFIG_SET_OPT,CONFIG_INITRAMFS_ROOT_UID,0,$(@D)/.config)

package/Config.in

@@ -2106,6 +2106,7 @@ menu "System tools"
 	source "package/dcron/Config.in"
 	source "package/ddrescue/Config.in"
 	source "package/debianutils/Config.in"
+	source "package/docker-cli/Config.in"
 	source "package/docker-compose/Config.in"
 	source "package/docker-containerd/Config.in"
 	source "package/docker-engine/Config.in"

package/acpica/acpica.mk

@@ -10,6 +10,7 @@ ACPICA_SITE = https://acpica.org/sites/acpica/files
 ACPICA_LICENSE = BSD-3-Clause or GPL-2.0
 ACPICA_LICENSE_FILES = source/include/acpi.h
 ACPICA_DEPENDENCIES = host-bison host-flex
+HOST_ACPICA_DEPENDENCIES = host-bison host-flex
 
 define ACPICA_BUILD_CMDS
 	$(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D) \

package/apache/apache.hash

@@ -1,4 +1,4 @@
-# From http://archive.apache.org/dist/httpd/httpd-2.4.35.tar.bz2.sha256
-sha256 3498dc5c6772fac2eb7307dc7963122ffe243b5e806e0be4fb51974ff759d726 httpd-2.4.37.tar.bz2
+# From http://archive.apache.org/dist/httpd/httpd-2.4.38.tar.bz2.sha256
+sha256 7dc65857a994c98370dc4334b260101a7a04be60e6e74a5c57a6dee1bc8f394a httpd-2.4.38.tar.bz2
 # Locally computed
 sha256 c49c0819a726b70142621715dae3159c47b0349c2bc9db079070f28dadac0229 LICENSE

package/apache/apache.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-APACHE_VERSION = 2.4.37
+APACHE_VERSION = 2.4.38
 APACHE_SOURCE = httpd-$(APACHE_VERSION).tar.bz2
 APACHE_SITE = http://archive.apache.org/dist/httpd
 APACHE_LICENSE = Apache-2.0

package/apr/apr.mk

@@ -26,7 +26,12 @@ APR_CONF_ENV = \
 	ac_cv_sizeof_pid_t=4 \
 	ac_cv_struct_rlimit=yes \
 	ac_cv_o_nonblock_inherited=no \
-	apr_cv_mutex_recursive=yes
+	apr_cv_mutex_recursive=yes \
+	apr_cv_epoll=yes \
+	apr_cv_epoll_create1=yes \
+	apr_cv_dup3=yes \
+	apr_cv_sock_cloexec=yes \
+	apr_cv_accept4=yes
 APR_CONFIG_SCRIPTS = apr-1-config
 
 # Doesn't even try to guess when cross compiling

package/asterisk/asterisk.mk

@@ -242,7 +242,8 @@ else
 ASTERISK_CONF_OPTS += --without-speex  --without-speexdsp
 endif
 
-ifeq ($(BR2_PACKAGE_LIBSRTP),y)
+# asterisk needs an openssl-enabled libsrtp
+ifeq ($(BR2_PACKAGE_LIBSRTP)$(BR2_PACKAGE_OPENSSL)x$(BR2_STATIC_LIBS),yyx)
 ASTERISK_DEPENDENCIES += libsrtp
 ASTERISK_CONF_OPTS += --with-srtp
 else

package/avrdude/avrdude.mk

@@ -15,8 +15,6 @@ AVRDUDE_AUTORECONF = YES
 AVRDUDE_CONF_OPTS = --enable-linuxgpio
 AVRDUDE_DEPENDENCIES = elfutils libusb libusb-compat ncurses \
 	host-flex host-bison
-AVRDUDE_LICENSE = GPL-2.0+
-AVRDUDE_LICENSE_FILES = avrdude/COPYING
 
 ifeq ($(BR2_PACKAGE_LIBFTDI1),y)
 AVRDUDE_DEPENDENCIES += libftdi1

package/cargo/cargo.mk

@@ -70,7 +70,7 @@ HOST_CARGO_SNAP_OPTS = \
 	$(if $(VERBOSE),--verbose)
 
 HOST_CARGO_ENV = \
-	RUSTFLAGS="-Clink-arg=-Wl,-rpath,$(HOST_DIR)/lib" \
+	RUSTFLAGS="$(addprefix -Clink-arg=,$(HOST_LDFLAGS))" \
 	CARGO_HOME=$(HOST_CARGO_HOME)
 
 define HOST_CARGO_BUILD_CMDS

package/cc-tool/Config.in

@@ -9,7 +9,6 @@ config BR2_PACKAGE_CC_TOOL
 	select BR2_PACKAGE_BOOST_SYSTEM
 	select BR2_PACKAGE_BOOST_REGEX
 	select BR2_PACKAGE_BOOST_FILESYSTEM
-	select BR2_PACKAGE_BOOST_SIGNALS
 	help
 	  cc-tool provides support for Texas Instruments CC Debugger
 	  for Linux OS in order to program 8051-based System-On-Chip

package/dash/dash.mk

@@ -28,7 +28,7 @@ DASH_CONF_OPTS += --without-libedit
 endif
 
 define DASH_INSTALL_TARGET_CMDS
-	$(INSTALL) -m 0755 $(@D)/src/dash $(TARGET_DIR)/bin/dash
+	$(INSTALL) -m 0755 -D $(@D)/src/dash $(TARGET_DIR)/bin/dash
 endef
 
 # Add /bin/dash to /etc/shells otherwise some login tools like dropbear

package/dhcpdump/0002-fix-strsep-feature-test.patch

@@ -1,27 +0,0 @@
-Use the official _BSD_SOURCE feature test macro instead of the meaningless
-HAVE_STRSEP macro in order to detect the availability of strsep().
-
-This allows toolchains supporting strsep() to use it instead of the custom
-implementation from dhcpdump, which also avoids the following error with some
-toolchains:
-
-	In file included from dhcpdump.c:30:0:
-	dhcpdump.c: At top level:
-	strsep.c:65:23: error: register name not specified for ‘delim’
-	  register const char *delim;
-	                       ^
-
-Signed-off-by: Benoît Thébaudeau <benoit.thebaudeau@advansee.com>
-
-diff -Nrdup dhcpdump-1.8.orig/dhcpdump.c dhcpdump-1.8/dhcpdump.c
---- dhcpdump-1.8.orig/dhcpdump.c	2008-06-24 05:26:52.000000000 +0200
-+++ dhcpdump-1.8/dhcpdump.c	2011-05-31 19:22:15.987388498 +0200
-@@ -26,7 +26,7 @@
- #include <regex.h>
- #include "dhcp_options.h"
- 
--#ifndef HAVE_STRSEP
-+#ifndef _BSD_SOURCE
- #include "strsep.c"
- #endif
- 

package/dhcpdump/dhcpdump.mk

@@ -15,8 +15,11 @@ ifeq ($(BR2_STATIC_LIBS),y)
 DHCPDUMP_LIBS += `$(STAGING_DIR)/usr/bin/pcap-config --static --additional-libs`
 endif
 
+# glibc, uclibc and musl have strsep()
+DHCPDUMP_CFLAGS = $(TARGET_CFLAGS) -DHAVE_STRSEP
+
 define DHCPDUMP_BUILD_CMDS
-	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) CC="$(TARGET_CC) $(TARGET_CFLAGS) \
+	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) CC="$(TARGET_CC) $(DHCPDUMP_CFLAGS) \
 		-D_GNU_SOURCE" LIBS="$(DHCPDUMP_LIBS)"
 endef
 

package/dmalloc/0005-fix-strdup.patch

@@ -0,0 +1,24 @@
+From 59d73a473f1c1a31bcba90d314f956d0bcc3de95 Mon Sep 17 00:00:00 2001
+From: Siana Gearz <siana.sg@live.de>
+Date: Sat, 8 Sep 2012 22:55:17 +0200
+Subject: [PATCH] Fix strdup
+
+[Retrieved from:
+https://github.com/siana/dmalloc/commit/59d73a473f1c1a31bcba90d314f956d0bcc3de95]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ dmalloc.h.3 | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/dmalloc.h.3 b/dmalloc.h.3
+index d3d1c13..3fc573a 100644
+--- a/dmalloc.h.3
++++ b/dmalloc.h.3
+@@ -459,6 +459,7 @@ DMALLOC_PNT	valloc(DMALLOC_SIZE size);
+  *
+  * string -> String we are duplicating.
+  */
++#undef strdup
+ extern
+ char	*strdup(const char *string);
+ #endif /* ifndef DMALLOC_STRDUP_MACRO */

package/dmalloc/0006-fix-strndup.patch

@@ -0,0 +1,24 @@
+From 005d92c2cebbde5c8623daa29725f7a62b18df7c Mon Sep 17 00:00:00 2001
+From: Siana Gearz <siana.sg@live.de>
+Date: Sat, 8 Sep 2012 22:44:35 +0200
+Subject: [PATCH] Fix strndup
+
+[Retrieved from:
+https://github.com/siana/dmalloc/commit/005d92c2cebbde5c8623daa29725f7a62b18df7c]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ dmalloc.h.3 | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/dmalloc.h.3 b/dmalloc.h.3
+index 8bda997..fb538a8 100644
+--- a/dmalloc.h.3
++++ b/dmalloc.h.3
+@@ -429,6 +429,7 @@ char	*strdup(const char *string);
+  *
+  * len -> Length of the string to duplicate.
+  */
++#undef strndup
+ extern
+ char	*strndup(const char *string, const DMALLOC_SIZE len);
+ 

package/docker-cli/Config.in

@@ -0,0 +1,25 @@
+config BR2_PACKAGE_DOCKER_CLI
+	bool "docker-cli"
+	depends on BR2_PACKAGE_HOST_GO_ARCH_SUPPORTS
+	depends on BR2_PACKAGE_HOST_GO_CGO_LINKING_SUPPORTS
+	depends on BR2_TOOLCHAIN_HAS_THREADS
+	help
+	  Docker is a platform to build, ship,
+	  and run applications as lightweight containers.
+
+	  https://github.com/docker/cli
+
+if BR2_PACKAGE_DOCKER_CLI
+
+config BR2_PACKAGE_DOCKER_CLI_STATIC
+	bool "build static client"
+	depends on !BR2_STATIC_LIBS
+	help
+	  Build a static docker client.
+
+endif
+
+comment "docker-cli needs a toolchain w/ threads"
+	depends on BR2_PACKAGE_HOST_GO_ARCH_SUPPORTS
+	depends on BR2_PACKAGE_HOST_GO_CGO_LINKING_SUPPORTS
+	depends on !BR2_TOOLCHAIN_HAS_THREADS

package/docker-cli/docker-cli.hash

@@ -0,0 +1,3 @@
+# Locally calculated
+sha256	3e578406dead2fc72c4b52f77db39dc779fa8b460352116c06f1ae29219bd8c2  docker-cli-v18.09.0.tar.gz
+sha256	2d81ea060825006fc8f3fe28aa5dc0ffeb80faf325b612c955229157b8c10dc0  LICENSE

package/docker-cli/docker-cli.mk

@@ -0,0 +1,31 @@
+################################################################################
+#
+# docker-cli
+#
+################################################################################
+
+DOCKER_CLI_VERSION = v18.09.0
+DOCKER_CLI_SITE = $(call github,docker,cli,$(DOCKER_CLI_VERSION))
+DOCKER_CLI_WORKSPACE = gopath
+
+DOCKER_CLI_LICENSE = Apache-2.0
+DOCKER_CLI_LICENSE_FILES = LICENSE
+
+DOCKER_CLI_DEPENDENCIES = host-pkgconf
+
+DOCKER_CLI_TAGS = autogen
+DOCKER_CLI_BUILD_TARGETS = cmd/docker
+
+DOCKER_CLI_LDFLAGS = \
+	-X github.com/docker/cli/cli.GitCommit=$(DOCKER_CLI_VERSION) \
+	-X github.com/docker/cli/cli.Version=$(DOCKER_CLI_VERSION)
+
+ifeq ($(BR2_PACKAGE_DOCKER_CLI_STATIC),y)
+DOCKER_CLI_LDFLAGS += -extldflags '-static'
+DOCKER_CLI_TAGS += osusergo netgo
+DOCKER_CLI_GO_ENV = CGO_ENABLED=no
+endif
+
+DOCKER_CLI_INSTALL_BINS = $(notdir $(DOCKER_CLI_BUILD_TARGETS))
+
+$(eval $(golang-package))

package/docker-compose/0001-setup.py-allow-all-recent-2.x-requests-releases.patch

@@ -0,0 +1,34 @@
+From a79152d1d621ea9d477ecc6862a03cae80b2425b Mon Sep 17 00:00:00 2001
+From: Peter Korsgaard <peter@korsgaard.com>
+Date: Sat, 15 Dec 2018 14:04:57 +0100
+Subject: [PATCH] setup.py: allow all recent 2.x requests releases
+
+Instead of having to update this for each new requests release.
+
+It it not quite clear why the restriction was added in the first place in
+commit b0480b4d04e (Bump SDK version to latest), but change it to simply
+disallow the upcoming 3.0 release to match what is done for the other
+modules.
+
+Submitted upstream: https://github.com/docker/compose/pull/6415
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ setup.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/setup.py b/setup.py
+index 96530726..3c8c7d0e 100644
+--- a/setup.py
++++ b/setup.py
+@@ -33,7 +33,7 @@ install_requires = [
+     'cached-property >= 1.2.0, < 2',
+     'docopt >= 0.6.1, < 0.7',
+     'PyYAML >= 3.10, < 4',
+-    'requests >= 2.6.1, != 2.11.0, != 2.12.2, != 2.18.0, < 2.19',
++    'requests >= 2.6.1, != 2.11.0, != 2.12.2, != 2.18.0, < 3.0',
+     'texttable >= 0.9.0, < 0.10',
+     'websocket-client >= 0.32.0, < 1.0',
+     'docker >= 3.1.4, < 4.0',
+-- 
+2.11.0
+

package/docker-containerd/docker-containerd.mk

@@ -19,7 +19,7 @@ DOCKER_CONTAINERD_BUILD_TARGETS = cmd/ctr cmd/containerd cmd/containerd-shim
 DOCKER_CONTAINERD_INSTALL_BINS = containerd containerd-shim
 
 ifeq ($(BR2_PACKAGE_LIBSECCOMP),y)
-DOCKER_CONTAINERD_DEPENDENCIES += libseccomp
+DOCKER_CONTAINERD_DEPENDENCIES += libseccomp host-pkgconf
 DOCKER_CONTAINERD_TAGS += seccomp
 endif
 

package/docker-engine/Config.in

@@ -26,12 +26,6 @@ config BR2_PACKAGE_DOCKER_ENGINE_DAEMON
 config BR2_PACKAGE_DOCKER_ENGINE_EXPERIMENTAL
 	bool "build experimental features"
 
-config BR2_PACKAGE_DOCKER_ENGINE_STATIC_CLIENT
-	bool "build static client"
-	depends on !BR2_STATIC_LIBS
-	help
-	  Build a static docker client.
-
 if BR2_PACKAGE_DOCKER_ENGINE_DAEMON
 
 config BR2_PACKAGE_DOCKER_ENGINE_DRIVER_BTRFS

package/docker-engine/docker-engine.hash

@@ -1,2 +1,3 @@
 # Locally calculated
-sha256	4716df117d867b82ddab2e82395cd40aa3d0925a689eedcec8919729e4c9f121	docker-engine-v17.05.0-ce.tar.gz
+sha256	b5278b3f2b460ea61f47833abd2a844f348b4518e73f309294ad178c205a48e1  docker-engine-v18.09.0.tar.gz
+sha256	2d81ea060825006fc8f3fe28aa5dc0ffeb80faf325b612c955229157b8c10dc0  LICENSE

package/docker-engine/docker-engine.mk

@@ -4,25 +4,21 @@
 #
 ################################################################################
 
-DOCKER_ENGINE_VERSION = v17.05.0-ce
-DOCKER_ENGINE_COMMIT = 89658bed64c2a8fe05a978e5b87dbec409d57a0f
-DOCKER_ENGINE_SITE = $(call github,docker,docker,$(DOCKER_ENGINE_VERSION))
+DOCKER_ENGINE_VERSION = v18.09.0
+DOCKER_ENGINE_SITE = $(call github,docker,engine,$(DOCKER_ENGINE_VERSION))
 
 DOCKER_ENGINE_LICENSE = Apache-2.0
 DOCKER_ENGINE_LICENSE_FILES = LICENSE
 
-DOCKER_ENGINE_DEPENDENCIES = host-go host-pkgconf
+DOCKER_ENGINE_DEPENDENCIES = host-pkgconf
+DOCKER_ENGINE_SRC_SUBDIR = github.com/docker/docker
 
 DOCKER_ENGINE_LDFLAGS = \
 	-X main.GitCommit=$(DOCKER_ENGINE_VERSION) \
 	-X main.Version=$(DOCKER_ENGINE_VERSION)
 
-ifeq ($(BR2_PACKAGE_DOCKER_ENGINE_STATIC_CLIENT),y)
-DOCKER_ENGINE_LDFLAGS += -extldflags '-static'
-endif
-
 DOCKER_ENGINE_TAGS = cgo exclude_graphdriver_zfs autogen
-DOCKER_ENGINE_BUILD_TARGETS = cmd/docker
+DOCKER_ENGINE_BUILD_TARGETS = cmd/dockerd
 
 ifeq ($(BR2_PACKAGE_LIBSECCOMP),y)
 DOCKER_ENGINE_TAGS += seccomp
@@ -30,15 +26,9 @@ DOCKER_ENGINE_DEPENDENCIES += libseccomp
 endif
 
 ifeq ($(BR2_INIT_SYSTEMD),y)
-DOCKER_ENGINE_TAGS += journald
 DOCKER_ENGINE_DEPENDENCIES += systemd
+DOCKER_ENGINE_TAGS += systemd journald
 endif
-
-ifeq ($(BR2_PACKAGE_DOCKER_ENGINE_DAEMON),y)
-DOCKER_ENGINE_TAGS += daemon
-DOCKER_ENGINE_BUILD_TARGETS += cmd/dockerd
-endif
-
 ifeq ($(BR2_PACKAGE_DOCKER_ENGINE_EXPERIMENTAL),y)
 DOCKER_ENGINE_TAGS += experimental
 endif
@@ -65,7 +55,6 @@ DOCKER_ENGINE_INSTALL_BINS = $(notdir $(DOCKER_ENGINE_BUILD_TARGETS))
 
 define DOCKER_ENGINE_RUN_AUTOGEN
 	cd $(@D) && \
-		GITCOMMIT="$$(echo $(DOCKER_ENGINE_COMMIT) | head -c7)" \
 		BUILDTIME="$$(date)" \
 		VERSION="$(patsubst v%,%,$(DOCKER_ENGINE_VERSION))" \
 		PKG_CONFIG="$(PKG_CONFIG_HOST_BINARY)" $(TARGET_MAKE_ENV) \
@@ -74,8 +63,6 @@ endef
 
 DOCKER_ENGINE_POST_CONFIGURE_HOOKS += DOCKER_ENGINE_RUN_AUTOGEN
 
-ifeq ($(BR2_PACKAGE_DOCKER_ENGINE_DAEMON),y)
-
 define DOCKER_ENGINE_INSTALL_INIT_SYSTEMD
 	$(INSTALL) -D -m 0644 $(@D)/contrib/init/systemd/docker.service \
 		$(TARGET_DIR)/usr/lib/systemd/system/docker.service
@@ -90,6 +77,4 @@ define DOCKER_ENGINE_USERS
 	- - docker -1 * - - - Docker Application Container Framework
 endef
 
-endif
-
 $(eval $(golang-package))

package/dt-utils/0001-src-fix-compilation-for-glibc-version-2.27.9000-36.f.patch

@@ -0,0 +1,75 @@
+From 1c80e31872aec9f2ef7eca6a52aa89c0ea759d8f Mon Sep 17 00:00:00 2001
+From: Enrico Joerns <ejo@pengutronix.de>
+Date: Wed, 5 Sep 2018 12:28:28 +0200
+Subject: [PATCH] src: fix compilation for glibc version 2.27.9000-36.fc29 and
+ newer
+
+As recent glibc versions (>= 2.27.9000-36.fc29) also define 'struct
+statx' which is also defined in linux/stat.h, compilation fails with
+error:
+
+| In file included from ../dt-utils-2018.05.0/src/crypto/digest.c:24:
+| [..]/usr/include/linux/stat.h:56:8: error: redefinition of 'struct statx_timestamp'
+|  struct statx_timestamp {
+|         ^~~~~~~~~~~~~~~
+| In file included from [..]/usr/include/sys/stat.h:446,
+|                  from ../dt-utils-2018.05.0/src/dt/common.h:15,
+|                  from ../dt-utils-2018.05.0/src/crypto/digest.c:19:
+| [..]/usr/include/bits/statx.h:25:8: note: originally defined here
+|  struct statx_timestamp
+|         ^~~~~~~~~~~~~~~
+| In file included from ../dt-utils-2018.05.0/src/crypto/digest.c:24:
+| [..]/usr/include/linux/stat.h:99:8: error: redefinition of 'struct statx'
+|  struct statx {
+|         ^~~~~
+| In file included from [..]/usr/include/sys/stat.h:446,
+|                  from ../dt-utils-2018.05.0/src/dt/common.h:15,
+|                  from ../dt-utils-2018.05.0/src/crypto/digest.c:19:
+| [..]/usr/include/bits/statx.h:36:8: note: originally defined here
+|  struct statx
+|         ^~~~~
+
+The linux/stat.h originates from the code that was copied from barebox
+but is not explicitly required to be linux/stat.h instead of sys/stat.h
+and we do not actually use struct statx.
+
+Thus it is safe to simply replace occurrences of linux/stat.h by
+sys/stat.h to fix compilation.
+
+Signed-off-by: Enrico Joerns <ejo@pengutronix.de>
+[Thomas: backport from upstream.]
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+---
+ src/barebox-state/backend_storage.c | 2 +-
+ src/crypto/digest.c                 | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/barebox-state/backend_storage.c b/src/barebox-state/backend_storage.c
+index 53fe829..1052656 100644
+--- a/src/barebox-state/backend_storage.c
++++ b/src/barebox-state/backend_storage.c
+@@ -19,7 +19,7 @@
+ #include <linux/kernel.h>
+ #include <linux/list.h>
+ #include <linux/mtd/mtd-abi.h>
+-#include <linux/stat.h>
++#include <sys/stat.h>
+ #include <linux/fs.h>
+ #include <malloc.h>
+ #include <printk.h>
+diff --git a/src/crypto/digest.c b/src/crypto/digest.c
+index 7a8c3c0..8353412 100644
+--- a/src/crypto/digest.c
++++ b/src/crypto/digest.c
+@@ -21,7 +21,7 @@
+ #include <malloc.h>
+ #include <fs.h>
+ #include <fcntl.h>
+-#include <linux/stat.h>
++#include <sys/stat.h>
+ #include <errno.h>
+ #include <module.h>
+ #include <linux/err.h>
+-- 
+2.19.2
+

package/efivar/efivar.hash

@@ -1,3 +1,3 @@
 # locally computed hash
-sha256 9691399a424b8e3776b7ed2df1893c4162285a93697d781f387d0f0d258a7f4b  efivar-34.tar.gz
+sha256 747bc4d97b4bd74979e5356c44a172534a8a07184f130349fd201742e683d292  efivar-35.tar.gz
 sha256 91df770634adc2755e78cae33a0d01e702ce2f69046408ae93d0d934ff29691b  COPYING

package/efivar/efivar.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-EFIVAR_VERSION = 34
+EFIVAR_VERSION = 35
 EFIVAR_SITE = $(call github,rhboot,efivar,$(EFIVAR_VERSION))
 EFIVAR_LICENSE = LGPL-2.1
 EFIVAR_LICENSE_FILES = COPYING

package/freescale-imx/firmware-imx/firmware-imx.mk

@@ -35,7 +35,7 @@ endef
 
 define FIRMWARE_IMX_INSTALL_IMAGES_CMDS
 	# Create padded versions of lpddr4_pmu_* and generate lpddr4_pmu_train_fw.bin.
-	# lpddr4_pmu_train_fw.bin isneeded when generating imx-boot-imx8mqevk-sd.bin
+	# lpddr4_pmu_train_fw.bin is needed when generating imx8-boot-sd.bin
 	# which is done in post-image script.
 	$(call FIRMWARE_IMX_PREPARE_LPDDR4_FW,1d)
 	$(call FIRMWARE_IMX_PREPARE_LPDDR4_FW,2d)

package/fwts/fwts.mk

@@ -11,6 +11,7 @@ FWTS_LICENSE = GPL-2.0, LGPL-2.1, Custom
 FWTS_LICENSE_FILES = debian/copyright
 FWTS_AUTORECONF = YES
 FWTS_DEPENDENCIES = host-bison host-flex host-pkgconf json-c libglib2 libbsd \
+	$(if $(BR2_PACKAGE_BASH_COMPLETION),bash-completion) \
 	$(if $(BR2_PACKAGE_DTC),dtc)
 
 ifdef BR2_PACKAGE_FWTS_EFI_RUNTIME_MODULE

package/glibc/glibc-2.28-50-gb8dd0f42780a3133c02f064a2c0c5c4e7ab61aaa/0001-sysdeps-ieee754-soft-fp-ignore-maybe-uninitialized-w.patch

@@ -1,88 +0,0 @@
-From 4a06ceea33ecc220bbfe264d8f1e74de2f04e90d Mon Sep 17 00:00:00 2001
-From: Martin Jansa <Martin.Jansa@gmail.com>
-Date: Tue, 2 Oct 2018 15:38:43 +0000
-Subject: [PATCH] sysdeps/ieee754/soft-fp: ignore maybe-uninitialized with -O
- [BZ #19444]
-
-* with -O, -O1, -Os it fails with:
-
-In file included from ../soft-fp/soft-fp.h:318,
-                 from ../sysdeps/ieee754/soft-fp/s_fdiv.c:28:
-../sysdeps/ieee754/soft-fp/s_fdiv.c: In function '__fdiv':
-../soft-fp/op-2.h:98:25: error: 'R_f1' may be used uninitialized in this function [-Werror=maybe-uninitialized]
-        X##_f0 = (X##_f1 << (_FP_W_TYPE_SIZE - (N)) | X##_f0 >> (N) \
-                         ^~
-../sysdeps/ieee754/soft-fp/s_fdiv.c:38:14: note: 'R_f1' was declared here
-   FP_DECL_D (R);
-              ^
-../soft-fp/op-2.h:37:36: note: in definition of macro '_FP_FRAC_DECL_2'
-   _FP_W_TYPE X##_f0 _FP_ZERO_INIT, X##_f1 _FP_ZERO_INIT
-                                    ^
-../soft-fp/double.h:95:24: note: in expansion of macro '_FP_DECL'
- # define FP_DECL_D(X)  _FP_DECL (2, X)
-                        ^~~~~~~~
-../sysdeps/ieee754/soft-fp/s_fdiv.c:38:3: note: in expansion of macro 'FP_DECL_D'
-   FP_DECL_D (R);
-   ^~~~~~~~~
-../soft-fp/op-2.h:101:17: error: 'R_f0' may be used uninitialized in this function [-Werror=maybe-uninitialized]
-       : (X##_f0 << (_FP_W_TYPE_SIZE - (N))) != 0)); \
-                 ^~
-../sysdeps/ieee754/soft-fp/s_fdiv.c:38:14: note: 'R_f0' was declared here
-   FP_DECL_D (R);
-              ^
-../soft-fp/op-2.h:37:14: note: in definition of macro '_FP_FRAC_DECL_2'
-   _FP_W_TYPE X##_f0 _FP_ZERO_INIT, X##_f1 _FP_ZERO_INIT
-              ^
-../soft-fp/double.h:95:24: note: in expansion of macro '_FP_DECL'
- # define FP_DECL_D(X)  _FP_DECL (2, X)
-                        ^~~~~~~~
-../sysdeps/ieee754/soft-fp/s_fdiv.c:38:3: note: in expansion of macro 'FP_DECL_D'
-   FP_DECL_D (R);
-   ^~~~~~~~~
-
-Build tested with Yocto for ARM, AARCH64, X86, X86_64, PPC, MIPS, MIPS64
-with -O, -O1, -Os.
-For AARCH64 it needs one more fix in locale for -Os.
-
-	[BZ #19444]
-	* sysdeps/ieee754/soft-fp/s_fdiv.c: Include <libc-diag.h> and use
-	DIAG_PUSH_NEEDS_COMMENT, DIAG_IGNORE_NEEDS_COMMENT and
-	DIAG_POP_NEEDS_COMMENT to disable -Wmaybe-uninitialized.
-
-
-Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
----
- sysdeps/ieee754/soft-fp/s_fdiv.c | 12 ++++++++++++
- 1 files changed, 12 insertions(+)
-
-diff --git a/sysdeps/ieee754/soft-fp/s_fdiv.c b/sysdeps/ieee754/soft-fp/s_fdiv.c
-index 341339f5ed..7a15cbeee6 100644
---- a/sysdeps/ieee754/soft-fp/s_fdiv.c
-+++ b/sysdeps/ieee754/soft-fp/s_fdiv.c
-@@ -25,6 +25,16 @@
- #undef fdivl
- 
- #include <math-narrow.h>
-+#include <libc-diag.h>
-+
-+/* R_f[01] are not set in cases where they are not used in packing,
-+   but the compiler does not see that they are set in all cases where
-+   they are used, resulting in warnings that they may be used
-+   uninitialized.  The location of the warning differs in different
-+   versions of GCC, it may be where R is defined using a macro or it
-+   may be where the macro is defined.  This happens only with -O1.  */
-+DIAG_PUSH_NEEDS_COMMENT;
-+DIAG_IGNORE_NEEDS_COMMENT (8, "-Wmaybe-uninitialized");
- #include <soft-fp.h>
- #include <single.h>
- #include <double.h>
-@@ -53,4 +63,6 @@ __fdiv (double x, double y)
-   CHECK_NARROW_DIV (ret, x, y);
-   return ret;
- }
-+DIAG_POP_NEEDS_COMMENT;
-+
- libm_alias_float_double (div)
--- 
-2.17.0
-

package/glibc/glibc-2.28-69-g1e5c5303a522764d7e9d2302a60e4a32cdb902f1/glibc.hash

@@ -1,5 +1,5 @@
 # Locally calculated (fetched from Github)
-sha256  b070f746f932cfce107bb9be2d59ded5b44b25ddafb480c9110c52b88cc2dec1  glibc-glibc-2.28-50-gb8dd0f42780a3133c02f064a2c0c5c4e7ab61aaa.tar.gz
+sha256  ebf04c7b00153d6df8beceec0666d4b13e1ac613b40d5774d1b8c6f61c1686e6  glibc-glibc-2.28-69-g1e5c5303a522764d7e9d2302a60e4a32cdb902f1.tar.gz
 
 # Hashes for license files
 sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING

package/glibc/glibc.mk

@@ -10,7 +10,7 @@ GLIBC_SITE = $(call github,foss-for-synopsys-dwc-arc-processors,glibc,$(GLIBC_VE
 else
 # Generate version string using:
 #   git describe --match 'glibc-*' --abbrev=40 origin/release/MAJOR.MINOR/master
-GLIBC_VERSION = glibc-2.28-50-gb8dd0f42780a3133c02f064a2c0c5c4e7ab61aaa
+GLIBC_VERSION = glibc-2.28-69-g1e5c5303a522764d7e9d2302a60e4a32cdb902f1
 # Upstream doesn't officially provide an https download link.
 # There is one (https://sourceware.org/git/glibc.git) but it's not reliable,
 # sometimes the connection times out. So use an unofficial github mirror.

package/gnuchess/gnuchess.hash

@@ -1,2 +1,3 @@
 # sha256 locally computed
 sha256 3c425c0264f253fc5cc2ba969abe667d77703c728770bd4b23c456cbe5e082ef  gnuchess-6.2.4.tar.gz
+sha256 8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903  COPYING

package/gnuchess/gnuchess.mk

@@ -6,7 +6,7 @@
 
 GNUCHESS_VERSION = 6.2.4
 GNUCHESS_SITE = $(BR2_GNU_MIRROR)/chess
-GNUCHESS_LICENSE = GPL-2.0+
+GNUCHESS_LICENSE = GPL-3.0+
 GNUCHESS_LICENSE_FILES = COPYING
 
 GNUCHESS_DEPENDENCIES = host-flex flex

package/gnupg2/gnupg2.hash

@@ -1,7 +1,7 @@
-# From https://lists.gnupg.org/pipermail/gnupg-announce/2018q3/000428.html
-sha1 3e87504e2ca317718aa9b6299947ebf7e906b54e  gnupg-2.2.10.tar.bz2
+# From https://lists.gnupg.org/pipermail/gnupg-announce/2018q4/000433.html
+sha1 2aeccc35ea8034306ff7a1072b84abbaa79619c3  gnupg-2.2.12.tar.bz2
 # Calculated based on the hash above and signature
-# https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.10.tar.bz2.sig
+# https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.12.tar.bz2.sig
 # using key D8692123C4065DEA5E0F3AB5249B39D24F25E3B6
-sha256 799dd37a86a1448732e339bd20440f4f5ee6e69755f6fd7a73ee8af30840c915  gnupg-2.2.10.tar.bz2
+sha256 db030f8b4c98640e91300d36d516f1f4f8fe09514a94ea9fc7411ee1a34082cb  gnupg-2.2.12.tar.bz2
 sha256 bc2d6664f6276fa0a72d57633b3ae68dc7dcb677b71018bf08c8e93e509f1357  COPYING

package/gnupg2/gnupg2.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-GNUPG2_VERSION = 2.2.10
+GNUPG2_VERSION = 2.2.12
 GNUPG2_SOURCE = gnupg-$(GNUPG2_VERSION).tar.bz2
 GNUPG2_SITE = https://gnupg.org/ftp/gcrypt/gnupg
 GNUPG2_LICENSE = GPL-3.0+

package/gnutls/gnutls.mk

@@ -95,4 +95,11 @@ else
 GNUTLS_CONF_OPTS += --without-zlib
 endif
 
+# Provide a default CA cert location
+ifeq ($(BR2_PACKAGE_P11_KIT),y)
+GNUTLS_CONF_OPTS += --with-default-trust-store-pkcs11=pkcs11:model=p11-kit-trust
+else ifeq ($(BR2_PACKAGE_CA_CERTIFICATES),y)
+GNUTLS_CONF_OPTS += --with-default-trust-store-file=/etc/ssl/certs/ca-certificates.crt
+endif
+
 $(eval $(autotools-package))

package/go/go.hash

@@ -1,3 +1,3 @@
 # From https://golang.org/dl/
-sha256	042fba357210816160341f1002440550e952eb12678f7c9e7e9d389437942550  go1.11.2.src.tar.gz
+sha256	bc1ef02bb1668835db1390a2e478dcbccb5dd16911691af9d75184bbe5aa943e  go1.11.5.src.tar.gz
 sha256	2d36597f7117c38b006835ae7f537487207d8ec407aa9d9980794b2030cbc067  LICENSE

package/go/go.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-GO_VERSION = 1.11.2
+GO_VERSION = 1.11.5
 GO_SITE = https://storage.googleapis.com/golang
 GO_SOURCE = go$(GO_VERSION).src.tar.gz
 

package/leveldb/0003-fix-parallel-build.patch

@@ -1,36 +0,0 @@
-From 293e1b08317567b2e479d24530986676ae4d2221 Mon Sep 17 00:00:00 2001
-From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-Date: Mon, 8 Oct 2018 23:08:19 +0200
-Subject: [PATCH] fix parallel build
-
-Build of leveldb sometimes fails on:
-Fatal error: can't create out-shared/db/db_bench.o: No such file or directory
-
-Fix this, by creating $(SHARED_OUTDIR) before building
-(SHARED_OUTDIR)/db/db_bench.o
-
-Fixes:
- - http://autobuild.buildroot.net/results/945bb8096c1f98f307161a6def5a9f7f25b2454a
-
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-[Upstream status: not upstreamable as upstream switched to cmake]
----
- Makefile | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Makefile b/Makefile
-index f7cc7d7..edb56a5 100644
---- a/Makefile
-+++ b/Makefile
-@@ -386,7 +386,7 @@ $(STATIC_OUTDIR)/write_batch_test:db/write_batch_test.cc $(STATIC_LIBOBJECTS) $(
- $(STATIC_OUTDIR)/memenv_test:$(STATIC_OUTDIR)/helpers/memenv/memenv_test.o $(STATIC_OUTDIR)/libmemenv.a $(STATIC_OUTDIR)/libleveldb.a $(TESTHARNESS)
- 	$(XCRUN) $(CXX) $(LDFLAGS) $(STATIC_OUTDIR)/helpers/memenv/memenv_test.o $(STATIC_OUTDIR)/libmemenv.a $(STATIC_OUTDIR)/libleveldb.a $(TESTHARNESS) -o $@ $(LIBS)
- 
--$(SHARED_OUTDIR)/db_bench:$(SHARED_OUTDIR)/db/db_bench.o $(SHARED_LIBS) $(TESTUTIL)
-+$(SHARED_OUTDIR)/db_bench:$(SHARED_OUTDIR) $(SHARED_OUTDIR)/db/db_bench.o $(SHARED_LIBS) $(TESTUTIL)
- 	$(XCRUN) $(CXX) $(LDFLAGS) $(CXXFLAGS) $(PLATFORM_SHARED_CFLAGS) $(SHARED_OUTDIR)/db/db_bench.o $(TESTUTIL) $(SHARED_OUTDIR)/$(SHARED_LIB3) -o $@ $(LIBS)
- 
- .PHONY: run-shared
--- 
-2.17.1
-

package/leveldb/leveldb.mk

@@ -17,18 +17,18 @@ LEVELDB_MAKE_ARGS += SHARED_LIBS= SHARED_PROGRAMS=
 endif
 
 define LEVELDB_BUILD_CMDS
-	$(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) \
+	$(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE1) \
 		$(LEVELDB_MAKE_ARGS) -C $(@D)
 endef
 
 define LEVELDB_INSTALL_STAGING_CMDS
-	$(TARGET_MAKE_ENV) $(MAKE) \
+	$(TARGET_MAKE_ENV) $(MAKE1) \
 		INSTALL_ROOT=$(STAGING_DIR) INSTALL_PREFIX=/usr \
 		$(LEVELDB_MAKE_ARGS) -C $(@D) install
 endef
 
 define LEVELDB_INSTALL_TARGET_CMDS
-	$(TARGET_MAKE_ENV) $(MAKE) \
+	$(TARGET_MAKE_ENV) $(MAKE1) \
 		INSTALL_ROOT=$(TARGET_DIR) INSTALL_PREFIX=/usr \
 		$(LEVELDB_MAKE_ARGS) -C $(@D) install
 endef

package/libarchive/0001-Avoid-a-double-free-when-a-window-size-of-0-is-speci.patch

@@ -0,0 +1,40 @@
+From 021efa522ad729ff0f5806c4ce53e4a6cc1daa31 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Tue, 20 Nov 2018 17:56:29 +1100
+Subject: [PATCH] Avoid a double-free when a window size of 0 is specified
+
+new_size can be 0 with a malicious or corrupted RAR archive.
+
+realloc(area, 0) is equivalent to free(area), so the region would
+be free()d here and the free()d again in the cleanup function.
+
+Found with a setup running AFL, afl-rb, and qsym.
+---
+ libarchive/archive_read_support_format_rar.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+[for import into Buildroot]
+Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
+Upstream-status: backport
+
+CVE-2018-1000877
+
+diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
+index 23452222..6f419c27 100644
+--- a/libarchive/archive_read_support_format_rar.c
++++ b/libarchive/archive_read_support_format_rar.c
+@@ -2300,6 +2300,11 @@ parse_codes(struct archive_read *a)
+       new_size = DICTIONARY_MAX_SIZE;
+     else
+       new_size = rar_fls((unsigned int)rar->unp_size) << 1;
++    if (new_size == 0) {
++      archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
++                        "Zero window size is invalid.");
++      return (ARCHIVE_FATAL);
++    }
+     new_window = realloc(rar->lzss.window, new_size);
+     if (new_window == NULL) {
+       archive_set_error(&a->archive, ENOMEM,
+-- 
+2.19.2
+

package/libarchive/0002-rar-file-split-across-multi-part-archives-must-match.patch

@@ -0,0 +1,81 @@
+From bfcfe6f04ed20db2504db8a254d1f40a1d84eb28 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Tue, 4 Dec 2018 00:55:22 +1100
+Subject: [PATCH] rar: file split across multi-part archives must match
+
+Fuzzing uncovered some UAF and memory overrun bugs where a file in a
+single file archive reported that it was split across multiple
+volumes. This was caused by ppmd7 operations calling
+rar_br_fillup. This would invoke rar_read_ahead, which would in some
+situations invoke archive_read_format_rar_read_header.  That would
+check the new file name against the old file name, and if they didn't
+match up it would free the ppmd7 buffer and allocate a new
+one. However, because the ppmd7 decoder wasn't actually done with the
+buffer, it would continue to used the freed buffer. Both reads and
+writes to the freed region can be observed.
+
+This is quite tricky to solve: once the buffer has been freed it is
+too late, as the ppmd7 decoder functions almost universally assume
+success - there's no way for ppmd_read to signal error, nor are there
+good ways for functions like Range_Normalise to propagate them. So we
+can't detect after the fact that we're in an invalid state - e.g. by
+checking rar->cursor, we have to prevent ourselves from ever ending up
+there. So, when we are in the dangerous part or rar_read_ahead that
+assumes a valid split, we set a flag force read_header to either go
+down the path for split files or bail. This means that the ppmd7
+decoder keeps a valid buffer and just runs out of data.
+
+Found with a combination of AFL, afl-rb and qsym.
+---
+ libarchive/archive_read_support_format_rar.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+[for import into Buildroot]
+Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
+Upstream-status: backport
+
+CVE-2018-1000878
+
+diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
+index 6f419c27..a8cc5c94 100644
+--- a/libarchive/archive_read_support_format_rar.c
++++ b/libarchive/archive_read_support_format_rar.c
+@@ -258,6 +258,7 @@ struct rar
+   struct data_block_offsets *dbo;
+   unsigned int cursor;
+   unsigned int nodes;
++  char filename_must_match;
+ 
+   /* LZSS members */
+   struct huffman_code maincode;
+@@ -1560,6 +1561,12 @@ read_header(struct archive_read *a, struct archive_entry *entry,
+     }
+     return ret;
+   }
++  else if (rar->filename_must_match)
++  {
++    archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
++      "Mismatch of file parts split across multi-volume archive");
++    return (ARCHIVE_FATAL);
++  }
+ 
+   rar->filename_save = (char*)realloc(rar->filename_save,
+                                       filename_size + 1);
+@@ -2933,12 +2940,14 @@ rar_read_ahead(struct archive_read *a, size_t min, ssize_t *avail)
+     else if (*avail == 0 && rar->main_flags & MHD_VOLUME &&
+       rar->file_flags & FHD_SPLIT_AFTER)
+     {
++      rar->filename_must_match = 1;
+       ret = archive_read_format_rar_read_header(a, a->entry);
+       if (ret == (ARCHIVE_EOF))
+       {
+         rar->has_endarc_header = 1;
+         ret = archive_read_format_rar_read_header(a, a->entry);
+       }
++      rar->filename_must_match = 0;
+       if (ret != (ARCHIVE_OK))
+         return NULL;
+       return rar_read_ahead(a, min, avail);
+-- 
+2.19.2
+

package/libarchive/0003-Skip-0-length-ACL-fields.patch

@@ -0,0 +1,52 @@
+From 15bf44fd2c1ad0e3fd87048b3fcc90c4dcff1175 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Tue, 4 Dec 2018 14:29:42 +1100
+Subject: [PATCH] Skip 0-length ACL fields
+
+Currently, it is possible to create an archive that crashes bsdtar
+with a malformed ACL:
+
+Program received signal SIGSEGV, Segmentation fault.
+archive_acl_from_text_l (acl=<optimised out>, text=0x7e2e92 "", want_type=<optimised out>, sc=<optimised out>) at libarchive/archive_acl.c:1726
+1726				switch (*s) {
+(gdb) p n
+$1 = 1
+(gdb) p field[n]
+$2 = {start = 0x0, end = 0x0}
+
+Stop this by checking that the length is not zero before beginning
+the switch statement.
+
+I am pretty sure this is the bug mentioned in the qsym paper [1],
+and I was able to replicate it with a qsym + AFL + afl-rb setup.
+
+[1] https://www.usenix.org/conference/usenixsecurity18/presentation/yun
+---
+ libarchive/archive_acl.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+[for import into Buildroot]
+Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
+Upstream-status: backport
+
+CVE-2018-1000879
+
+diff --git a/libarchive/archive_acl.c b/libarchive/archive_acl.c
+index 512beee1..7beeee86 100644
+--- a/libarchive/archive_acl.c
++++ b/libarchive/archive_acl.c
+@@ -1723,6 +1723,11 @@ archive_acl_from_text_l(struct archive_acl *acl, const char *text,
+ 			st = field[n].start + 1;
+ 			len = field[n].end - field[n].start;
+ 
++			if (len == 0) {
++				ret = ARCHIVE_WARN;
++				continue;
++			}
++
+ 			switch (*s) {
+ 			case 'u':
+ 				if (len == 1 || (len == 4
+-- 
+2.19.2
+

package/libarchive/0004-warc-consume-data-once-read.patch

@@ -0,0 +1,46 @@
+From 9c84b7426660c09c18cc349f6d70b5f8168b5680 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Tue, 4 Dec 2018 16:33:42 +1100
+Subject: [PATCH] warc: consume data once read
+
+The warc decoder only used read ahead, it wouldn't actually consume
+data that had previously been printed. This means that if you specify
+an invalid content length, it will just reprint the same data over
+and over and over again until it hits the desired length.
+
+This means that a WARC resource with e.g.
+Content-Length: 666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666665
+but only a few hundred bytes of data, causes a quasi-infinite loop.
+
+Consume data in subsequent calls to _warc_read.
+
+Found with an AFL + afl-rb + qsym setup.
+---
+ libarchive/archive_read_support_format_warc.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+[for import into Buildroot]
+Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
+Upstream-status: backport
+
+CVE-2018-1000880
+
+diff --git a/libarchive/archive_read_support_format_warc.c b/libarchive/archive_read_support_format_warc.c
+index e8753853..e8fc8428 100644
+--- a/libarchive/archive_read_support_format_warc.c
++++ b/libarchive/archive_read_support_format_warc.c
+@@ -386,6 +386,11 @@ _warc_read(struct archive_read *a, const void **buf, size_t *bsz, int64_t *off)
+ 		return (ARCHIVE_EOF);
+ 	}
+ 
++	if (w->unconsumed) {
++		__archive_read_consume(a, w->unconsumed);
++		w->unconsumed = 0U;
++	}
++
+ 	rab = __archive_read_ahead(a, 1U, &nrd);
+ 	if (nrd < 0) {
+ 		*bsz = 0U;
+-- 
+2.19.2
+

package/libassuan/libassuan.hash

@@ -1,7 +1,8 @@
 # From https://www.gnupg.org/download/integrity_check.html
-sha1 c8432695bf1daa914a92f51e911881ed93d50604  libassuan-2.5.1.tar.bz2
+sha1 fb66bc1e8971d48ac9dbacd1cdaf6487a3e77375  libassuan-2.5.2.tar.bz2
 # Locally calculated after checking signature
-# https://www.gnupg.org/ftp/gcrypt/libassuan/libassuan-2.5.1.tar.bz2.sig
-sha256 47f96c37b4f2aac289f0bc1bacfa8bd8b4b209a488d3d15e2229cb6cc9b26449  libassuan-2.5.1.tar.bz2
+# https://www.gnupg.org/ftp/gcrypt/libassuan/libassuan-2.5.2.tar.bz2.sig
+# using key D8692123C4065DEA5E0F3AB5249B39D24F25E3B6
+sha256 986b1bf277e375f7a960450fbb8ffbd45294d06598916ad4ebf79aee0cb788e7  libassuan-2.5.2.tar.bz2
 sha256 a9bdde5616ecdd1e980b44f360600ee8783b1f99b8cc83a2beb163a0a390e861  COPYING.LIB
 sha256 fc82ca8b6fdb18d4e3e85cfd8ab58d1bcd3f1b29abe782895abd91d64763f8e7  COPYING

package/libassuan/libassuan.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBASSUAN_VERSION = 2.5.1
+LIBASSUAN_VERSION = 2.5.2
 LIBASSUAN_SITE = ftp://ftp.gnupg.org/gcrypt/libassuan
 LIBASSUAN_SOURCE = libassuan-$(LIBASSUAN_VERSION).tar.bz2
 LIBASSUAN_LICENSE = LGPL-2.1+ (library), GPL-3.0 (tests, doc)

package/libbsd/Config.in

@@ -5,12 +5,12 @@ config BR2_PACKAGE_LIBBSD_ARCH_SUPPORTS
 	depends on !BR2_microblaze
 	depends on !BR2_arc
 	depends on !BR2_xtensa
+	# uClibc on noMMU doesn't provide __register_atfork()
+	depends on !(BR2_TOOLCHAIN_USES_UCLIBC && !BR2_USE_MMU)
 
 config BR2_PACKAGE_LIBBSD
 	bool "libbsd"
 	depends on BR2_PACKAGE_LIBBSD_ARCH_SUPPORTS
-	# uClibc on noMMU doesn't provide __register_atfork()
-	depends on !(BR2_TOOLCHAIN_USES_UCLIBC && !BR2_USE_MMU)
 	depends on BR2_TOOLCHAIN_HAS_THREADS
 	depends on BR2_USE_WCHAR
 	help
@@ -24,5 +24,4 @@ config BR2_PACKAGE_LIBBSD
 
 comment "libbsd needs a toolchain w/ threads, wchar"
 	depends on BR2_PACKAGE_LIBBSD_ARCH_SUPPORTS
-	depends on BR2_TOOLCHAIN_USES_UCLIBC && !BR2_USE_MMU
 	depends on !BR2_TOOLCHAIN_HAS_THREADS || !BR2_USE_WCHAR

package/libcurl/libcurl.mk

@@ -45,7 +45,8 @@ LIBCURL_CONF_ENV += LD_LIBRARY_PATH=$(if $(LD_LIBRARY_PATH),$(LD_LIBRARY_PATH):)
 LIBCURL_CONF_OPTS += --with-ssl=$(STAGING_DIR)/usr \
 	--with-ca-path=/etc/ssl/certs
 else ifeq ($(BR2_PACKAGE_GNUTLS),y)
-LIBCURL_CONF_OPTS += --with-gnutls=$(STAGING_DIR)/usr
+LIBCURL_CONF_OPTS += --with-gnutls=$(STAGING_DIR)/usr \
+	--with-ca-fallback
 LIBCURL_DEPENDENCIES += gnutls
 else ifeq ($(BR2_PACKAGE_LIBNSS),y)
 LIBCURL_CONF_OPTS += --with-nss=$(STAGING_DIR)/usr

package/libftdi1/0004-cmake-find-swig.patch

@@ -0,0 +1,29 @@
+From fcda9c6a208d3a7fe651ef661b2eb6e462a89c17 Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cote2004-github@yahoo.com>
+Date: Tue, 31 Jul 2018 17:44:57 -0300
+Subject: [PATCH] CMake: use find_package (SWIG) for cmake >= 3.0.0
+
+There's a workaround for a bug (fixed in cmake 3.0.0) that does not
+work in CMake 3.12.  Only use the workaround with cmake < 3.0.0.
+
+Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
+[Mark: patch retrieved and updated from
+http://developer.intra2net.com/git/?p=libftdi;a=commit;h=fcda9c6a208d3a7fe651ef661b2eb6e462a89c17]
+Signed-off-by: Mark Corbin <mark.corbin@embecosm.com>
+[Update patch to make it work with cmake < 3.7:
+http://developer.intra2net.com/mailarchive/html/libftdi/2019/msg00009.html]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+diff --git a/python/CMakeLists.txt b/python/CMakeLists.txt
+index 31ef1c6..eefc344 100644
+--- a/python/CMakeLists.txt
++++ b/python/CMakeLists.txt
+@@ -3,7 +3,7 @@ option ( LINK_PYTHON_LIBRARY "Link against python libraries" ON )
+ 
+ if ( PYTHON_BINDINGS )
+   # workaround for cmake bug #0013449
+-  if ( NOT DEFINED CMAKE_FIND_ROOT_PATH )
++  if ( NOT DEFINED CMAKE_FIND_ROOT_PATH OR NOT CMAKE_VERSION VERSION_LESS 3.0.0 )
+     find_package ( SWIG )
+   else ()
+     find_program ( SWIG_EXECUTABLE NAMES swig2.0 swig )

package/libgpg-error/Config.in

@@ -48,5 +48,5 @@ config BR2_PACKAGE_LIBGPG_ERROR_SYSCFG
 		if BR2_sparc
 	default "sparc64-unknown-linux-gnu" \
 		if BR2_sparc64
-	default "x86_64-pc-linux-gnu" \
+	default "x86_64-unknown-linux-gnu" \
 		if BR2_x86_64

package/libgpg-error/libgpg-error.hash

@@ -1,7 +1,7 @@
 # Locally calculated after checking pgp signature
-# https://gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.32.tar.bz2.sig
+# https://gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.33.tar.bz2.sig
 # using key D8692123C4065DEA5E0F3AB5249B39D24F25E3B6
-sha256 c345c5e73cc2332f8d50db84a2280abfb1d8f6d4f1858b9daa30404db44540ca  libgpg-error-1.32.tar.bz2
+sha256 5d38826656e746c936e7742d9cde072b50baa3c4c49daa168a56813612bf03ff  libgpg-error-1.33.tar.bz2
 # Locally calculated
 sha256 231f7edcc7352d7734a96eef0b8030f77982678c516876fcb81e25b32d68564c  COPYING
 sha256 a9bdde5616ecdd1e980b44f360600ee8783b1f99b8cc83a2beb163a0a390e861  COPYING.LIB

package/libgpg-error/libgpg-error.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBGPG_ERROR_VERSION = 1.32
+LIBGPG_ERROR_VERSION = 1.33
 LIBGPG_ERROR_SITE = https://www.gnupg.org/ftp/gcrypt/libgpg-error
 LIBGPG_ERROR_SOURCE = libgpg-error-$(LIBGPG_ERROR_VERSION).tar.bz2
 LIBGPG_ERROR_LICENSE = GPL-2.0+, LGPL-2.1+
@@ -12,14 +12,7 @@ LIBGPG_ERROR_LICENSE_FILES = COPYING COPYING.LIB
 LIBGPG_ERROR_INSTALL_STAGING = YES
 LIBGPG_ERROR_CONFIG_SCRIPTS = gpg-error-config
 LIBGPG_ERROR_DEPENDENCIES = $(TARGET_NLS_DEPENDENCIES)
-
-define LIBGPG_ERROR_FIX_CROSS_COMPILATION
-	cd $(@D)/src/syscfg && \
-	ln -s lock-obj-pub.$(call qstrip, $(BR2_PACKAGE_LIBGPG_ERROR_SYSCFG)).h \
-		lock-obj-pub.$(GNU_TARGET_NAME).h
-endef
-LIBGPG_ERROR_PRE_CONFIGURE_HOOKS += LIBGPG_ERROR_FIX_CROSS_COMPILATION
-
-LIBGPG_ERROR_CONF_OPTS = --disable-tests
+LIBGPG_ERROR_CONF_OPTS = --disable-tests \
+		--host=$(BR2_PACKAGE_LIBGPG_ERROR_SYSCFG)
 
 $(eval $(autotools-package))

package/libgpgme/libgpgme.mk

@@ -12,6 +12,7 @@ LIBGPGME_LICENSE_FILES = COPYING.LESSER
 LIBGPGME_INSTALL_STAGING = YES
 LIBGPGME_DEPENDENCIES = libassuan libgpg-error
 LIBGPGME_LANGUAGE_BINDINGS = cl
+LIBGPGME_CONFIG_SCRIPTS = gpgme-config
 
 LIBGPGME_CONF_OPTS = \
 	--with-gpg-error-prefix=$(STAGING_DIR)/usr \

package/libhttpparser/libhttpparser.hash

@@ -1,3 +1,3 @@
 # Locally computed:
-sha256 51615f68b8d67eadfd2482decc63b3e55d749ce0055502bbb5b0032726d22d96  libhttpparser-v2.8.1.tar.gz
+sha256 ef26268c54c8084d17654ba2ed5140bffeffd2a040a895ffb22a6cca3f6c613f  libhttpparser-v2.9.0.tar.gz
 sha256 79e6ba8b687cb54786207342b9b6fcee0ac10218453ed9009b84d949b2233cc0  LICENSE-MIT

package/libhttpparser/libhttpparser.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBHTTPPARSER_VERSION = v2.8.1
+LIBHTTPPARSER_VERSION = v2.9.0
 LIBHTTPPARSER_SITE = $(call github,nodejs,http-parser,$(LIBHTTPPARSER_VERSION))
 LIBHTTPPARSER_INSTALL_STAGING = YES
 LIBHTTPPARSER_LICENSE = MIT

package/libiscsi/libiscsi.mk

@@ -11,6 +11,8 @@ LIBISCSI_LICENSE_FILES = COPYING LICENCE-GPL-2.txt LICENCE-LGPL-2.1.txt
 LIBISCSI_INSTALL_STAGING = YES
 LIBISCSI_AUTORECONF = YES
 
+LIBISCSI_CONF_OPTS = --disable-werror --disable-manpages
+
 # We need to create the m4 directory to make autoreconf work properly.
 define LIBISCSI_CREATE_M4_DIR
 	mkdir -p $(@D)/m4

package/libkcapi/0001-apps-kcapi-hasher.c-fix-build-with-gcc-8.2.x.patch

@@ -0,0 +1,54 @@
+From dcb02c1639c2ff05938c01eaa41286a2e2f8d698 Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Sun, 20 Jan 2019 20:04:13 +0100
+Subject: [PATCH] apps/kcapi-hasher.c: fix build with gcc 8.2.x
+
+Fixes:
+ - http://autobuild.buildroot.org/results/8355bc42238e885f7f11ed3d9d37fc55ebdead2b
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Upstream status: https://github.com/smuellerDD/libkcapi/pull/76]
+---
+ apps/kcapi-hasher.c | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c
+index d6be685..7172b12 100644
+--- a/apps/kcapi-hasher.c
++++ b/apps/kcapi-hasher.c
+@@ -357,16 +357,20 @@ out:
+ }
+ 
+ /*
+- * GCC v8.1.0 introduced -Wstringop-truncation but it is not smart enough to
+- * find that cursor string will be NULL-terminated after all paste() calls and
+- * warns with:
++ * GCC v8.1.0 introduced -Wstringop-truncation and GCC v8.2.0 introduced
++ * -Wstringop-overflow but it is not smart enough to find that cursor string
++ * will be NULL-terminated after all paste() calls and warns with:
+  * error: 'strncpy' destination unchanged after copying no bytes [-Werror=stringop-truncation]
+  * error: 'strncpy' output truncated before terminating nul copying 5 bytes from a string of the same length [-Werror=stringop-truncation]
++ * error: 'strncpy' specified bound depends on the length of the source argument [-Werror=stringop-overflow=]
+  */
+ #pragma GCC diagnostic push
+ #if GCC_VERSION >= 80100
+ #pragma GCC diagnostic ignored "-Wstringop-truncation"
+ #endif
++#if GCC_VERSION >= 80200
++#pragma GCC diagnostic ignored "-Wstringop-overflow"
++#endif
+ static char *paste(char *dst, const char *src, size_t size)
+ {
+ 	strncpy(dst, src, size);
+@@ -417,7 +421,7 @@ static char *get_hmac_file(const char *filename, const char *checkdir)
+ 	strncpy(cursor, "\0", 1);
+ 	return checkfile;
+ }
+-#pragma GCC diagnostic pop /* -Wstringop-truncation */
++#pragma GCC diagnostic pop /* -Wstringop-truncation -Wstringop-overflow */
+ 
+ static int hash_files(const struct hash_params *params,
+ 		      char *filenames[], uint32_t files,
+-- 
+2.14.1
+

package/liblo/0002-src-server.c-fix-stringop-truncation-error.patch

@@ -0,0 +1,30 @@
+From c1b2fbd8d96d9b668a0b5e3c49c75c13cfe7d4ba Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Sat, 15 Dec 2018 21:55:08 +0100
+Subject: [PATCH] src/server.c: fix stringop-truncation error
+
+Fixes:
+ - http://autobuild.buildroot.org/results/62896bd6a1a30facaffd07a7a763831996dc8ea0
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Upstream status: https://github.com/radarsat1/liblo/pull/70]
+---
+ src/server.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/server.c b/src/server.c
+index 6d1a9de..72aecc9 100644
+--- a/src/server.c
++++ b/src/server.c
+@@ -377,7 +377,7 @@ void lo_server_resolve_hostname(lo_server s)
+         gethostname(hostname, sizeof(hostname));
+         he = gethostbyname(hostname);
+         if (he) {
+-            strncpy(hostname, he->h_name, sizeof(hostname));
++            strncpy(hostname, he->h_name, sizeof(hostname) - 1);
+         }
+     }
+ 
+-- 
+2.14.1
+

package/libmad/0006-configure-ac-automake-foreign.patch

@@ -0,0 +1,16 @@
+configure.ac: don't require GNU-specific files when running automake
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+
+diff -ur libmad-0.15.1b-orig/configure.ac libmad-0.15.1b/configure.ac
+--- libmad-0.15.1b-orig/configure.ac	2019-01-17 21:24:52.259194527 +0100
++++ libmad-0.15.1b/configure.ac	2019-01-17 21:25:32.779481058 +0100
+@@ -26,7 +26,7 @@
+ 
+ AC_CONFIG_SRCDIR([decoder.h])
+ 
+-AM_INIT_AUTOMAKE
++AM_INIT_AUTOMAKE([foreign])
+ 
+ AM_CONFIG_HEADER([config.h])
+ 

package/libmad/libmad.mk

@@ -13,17 +13,15 @@ LIBMAD_LICENSE_FILES = COPYING
 LIBMAD_PATCH = \
 	https://sources.debian.net/data/main/libm/libmad/0.15.1b-8/debian/patches/frame_length.diff
 
-define LIBMAD_PREVENT_AUTOMAKE
-	# Prevent automake from running.
-	(cd $(@D); touch -c config* aclocal.m4 Makefile*);
-endef
+# Force autoreconf to be able to use a more recent libtool script, that
+# is able to properly behave in the face of a missing C++ compiler.
+LIBMAD_AUTORECONF = YES
 
 define LIBMAD_INSTALL_STAGING_PC
 	$(INSTALL) -D package/libmad/mad.pc \
 		$(STAGING_DIR)/usr/lib/pkgconfig/mad.pc
 endef
 
-LIBMAD_POST_PATCH_HOOKS += LIBMAD_PREVENT_AUTOMAKE
 LIBMAD_POST_INSTALL_STAGING_HOOKS += LIBMAD_INSTALL_STAGING_PC
 
 LIBMAD_CONF_OPTS = \

package/libmpd/0001-Fix-build-on-archlinux-missing-include.patch

@@ -0,0 +1,24 @@
+From 4f946c01000fd97100e4a534b47f9c7ace0403df Mon Sep 17 00:00:00 2001
+From: QC <qball@gmpclient.org>
+Date: Thu, 9 Oct 2014 19:51:50 +0200
+Subject: [PATCH] Fix build on archlinux (missing include)
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Retrieved from:
+https://github.com/DaveDavenport/libmpd/commit/4f946c01000fd97100e4a534b47f9c7ace0403df]
+---
+ src/libmpd-internal.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/libmpd-internal.h b/src/libmpd-internal.h
+index c84c3a4..30cdc85 100644
+--- a/src/libmpd-internal.h
++++ b/src/libmpd-internal.h
+@@ -21,6 +21,7 @@
+ #define __MPD_INTERNAL_LIB_
+ 
+ #include "libmpdclient.h"
++#include <config.h>
+ struct _MpdData_real;
+ 
+ typedef struct _MpdData_real {

package/libopenssl/libopenssl.mk

@@ -5,7 +5,7 @@
 ################################################################################
 
 LIBOPENSSL_VERSION = 1.0.2q
-LIBOPENSSL_SITE = http://www.openssl.org/source
+LIBOPENSSL_SITE = https://www.openssl.org/source
 LIBOPENSSL_SOURCE = openssl-$(LIBOPENSSL_VERSION).tar.gz
 LIBOPENSSL_LICENSE = OpenSSL or SSLeay
 LIBOPENSSL_LICENSE_FILES = LICENSE

package/liboping/0001-ping_host_add-Decrease-buffer-size-to-make-GCC-s-truncation-check-happy.patch

@@ -0,0 +1,31 @@
+From 18ca43507b351f339ff23062541ee8d58e813a53 Mon Sep 17 00:00:00 2001
+From: Florian Forster <ff@octo.it>
+Date: Sun, 29 Jul 2018 14:34:19 +0200
+Subject: [PATCH] ping_host_add: Decrease buffer size to make GCC's truncation
+ check happy.
+
+Fixes: #38
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Retrieved from:
+https://github.com/octo/liboping/commit/18ca43507b351f339ff23062541ee8d58e813a53]
+---
+ src/liboping.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/src/liboping.c b/src/liboping.c
+index 5253e8c..2470988 100644
+--- a/src/liboping.c
++++ b/src/liboping.c
+@@ -1636,10 +1636,8 @@ int ping_host_add (pingobj_t *obj, const char *host)
+ 		}
+ 		else
+ 		{
+-			char errmsg[PING_ERRMSG_LEN];
+-
+-			snprintf (errmsg, PING_ERRMSG_LEN, "Unknown `ai_family': %i", ai_ptr->ai_family);
+-			errmsg[PING_ERRMSG_LEN - 1] = '\0';
++			char errmsg[64];
++			snprintf (errmsg, sizeof(errmsg), "Unknown `ai_family': %d", ai_ptr->ai_family);
+ 
+ 			dprintf ("%s", errmsg);
+ 			ping_set_error (obj, "getaddrinfo", errmsg);

package/libpam-tacplus/0002-Fix-compilation-of-tacc.c-with-GCC-8.patch

@@ -0,0 +1,39 @@
+From 4c9635b03d0acf140f65004be9d4822297ee5a35 Mon Sep 17 00:00:00 2001
+From: Carlos Santos <casantos@datacom.com.br>
+Date: Mon, 10 Dec 2018 17:27:16 -0200
+Subject: [PATCH] Fix compilation of tacc.c with GCC 8
+
+GCC 8 demands that the size of the string copied by strncpy be smaller
+than the size of the destination to keep space for the trailibg '\0':
+
+tacc.c:378:3: error: 'strncpy' specified bound 4 equals destination size [-Werror=stringop-truncation]
+   strncpy(utmpx.ut_id, tty + C_STRLEN("tty"), sizeof(utmpx.ut_id));
+
+Ensure that no more than sizeof(utmpx.ut_id) - 1 characters are copied
+and that a trailing '\0' is stored.
+
+Fixes:
+  http://autobuild.buildroot.net/results/da6d150e470046c03c5f7463de045604e15e4a30/
+
+Signed-off-by: Carlos Santos <casantos@datacom.com.br>
+---
+ tacc.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/tacc.c b/tacc.c
+index f61e2d7..3c1a40c 100644
+--- a/tacc.c
++++ b/tacc.c
+@@ -375,7 +375,8 @@ int main(int argc, char **argv) {
+ 		utmpx.ut_type = USER_PROCESS;
+ 		utmpx.ut_pid = getpid();
+ 		xstrcpy(utmpx.ut_line, tty, sizeof(utmpx.ut_line));
+-		strncpy(utmpx.ut_id, tty + C_STRLEN("tty"), sizeof(utmpx.ut_id));
++		strncpy(utmpx.ut_id, tty + C_STRLEN("tty"), sizeof(utmpx.ut_id) - 1);
++		utmpx.ut_id[sizeof(utmpx.ut_id) - 1] = '\0';
+ 		xstrcpy(utmpx.ut_host, "dialup", sizeof(utmpx.ut_host));
+ 		utmpx.ut_tv.tv_sec = tv.tv_sec;
+ 		utmpx.ut_tv.tv_usec = tv.tv_usec;
+-- 
+2.14.5
+

package/libpjsip/libpjsip.mk

@@ -26,9 +26,6 @@ LIBPJSIP_CONF_ENV = \
 
 LIBPJSIP_CONF_OPTS = \
 	--disable-sound \
-	--disable-gsm-codec \
-	--disable-speex-codec \
-	--disable-speex-aec \
 	--disable-resample \
 	--disable-video \
 	--disable-opencore-amr \
@@ -56,6 +53,16 @@ LIBPJSIP_CONF_OPTS = \
 # so we want to use it.
 LIBPJSIP_CONF_OPTS += --enable-epoll
 
+ifeq ($(BR2_PACKAGE_LIBGSM),y)
+LIBPJSIP_CONF_OPTS += \
+	--enable-gsm-codec \
+	--with-external-gsm
+LIBPJSIP_DEPENDENCIES += libgsm
+else
+LIBPJSIP_CONF_OPTS += \
+	--disable-gsm-codec
+endif
+
 ifeq ($(BR2_PACKAGE_LIBOPENSSL),y)
 LIBPJSIP_DEPENDENCIES += libopenssl
 LIBPJSIP_CONF_OPTS += --with-ssl=$(STAGING_DIR)/usr
@@ -63,8 +70,23 @@ else
 LIBPJSIP_CONF_OPTS += --disable-ssl
 endif
 
+ifeq ($(BR2_PACKAGE_SPEEX)$(BR2_PACKAGE_SPEEXDSP),yy)
+LIBPJSIP_CONF_OPTS += \
+	--enable-speex-aec \
+	--enable-speex-codec \
+	--with-external-speex
+LIBPJSIP_DEPENDENCIES += speex speexdsp
+else
+LIBPJSIP_CONF_OPTS += \
+	--disable-speex-aec \
+	--disable-speex-codec
+endif
+
 ifeq ($(BR2_PACKAGE_UTIL_LINUX_LIBUUID),y)
 LIBPJSIP_DEPENDENCIES += util-linux
 endif
 
+# disable build of test binaries
+LIBPJSIP_MAKE_OPTS = lib
+
 $(eval $(autotools-package))

package/libsndfile/0001-double64_init-Check-psf-sf.channels-against-upper-bo.patch

@@ -0,0 +1,39 @@
+From 85c877d5072866aadbe8ed0c3e0590fbb5e16788 Mon Sep 17 00:00:00 2001
+From: Fabian Greffrath <fabian@greffrath.com>
+Date: Thu, 28 Sep 2017 12:15:04 +0200
+Subject: [PATCH] double64_init: Check psf->sf.channels against upper bound
+
+This prevents division by zero later in the code.
+
+While the trivial case to catch this (i.e. sf.channels < 1) has already
+been covered, a crafted file may report a number of channels that is
+so high (i.e. > INT_MAX/sizeof(double)) that it "somehow" gets
+miscalculated to zero (if this makes sense) in the determination of the
+blockwidth. Since we only support a limited number of channels anyway,
+make sure to check here as well.
+
+CVE-2017-14634
+
+Closes: https://github.com/erikd/libsndfile/issues/318
+Signed-off-by: Erik de Castro Lopo <erikd@mega-nerd.com>
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ src/double64.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/double64.c b/src/double64.c
+index b318ea86..78dfef7f 100644
+--- a/src/double64.c
++++ b/src/double64.c
+@@ -91,7 +91,7 @@ int
+ double64_init	(SF_PRIVATE *psf)
+ {	static int double64_caps ;
+ 
+-	if (psf->sf.channels < 1)
++	if (psf->sf.channels < 1 || psf->sf.channels > SF_MAX_CHANNELS)
+ 	{	psf_log_printf (psf, "double64_init : internal error : channels = %d\n", psf->sf.channels) ;
+ 		return SFE_INTERNAL ;
+ 		} ;
+-- 
+2.11.0
+

package/libsndfile/0002-Check-MAX_CHANNELS-in-sndfile-deinterleave.patch

@@ -0,0 +1,36 @@
+From aaea680337267bfb6d2544da878890ee7f1c5077 Mon Sep 17 00:00:00 2001
+From: "Brett T. Warden" <brett.t.warden@intel.com>
+Date: Tue, 28 Aug 2018 12:01:17 -0700
+Subject: [PATCH] Check MAX_CHANNELS in sndfile-deinterleave
+
+Allocated buffer has space for only 16 channels. Verify that input file
+meets this limit.
+
+Fixes #397
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ programs/sndfile-deinterleave.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/programs/sndfile-deinterleave.c b/programs/sndfile-deinterleave.c
+index 53660310..225b4d54 100644
+--- a/programs/sndfile-deinterleave.c
++++ b/programs/sndfile-deinterleave.c
+@@ -89,6 +89,13 @@ main (int argc, char **argv)
+ 		exit (1) ;
+ 		} ;
+ 
++	if (sfinfo.channels > MAX_CHANNELS)
++	{	printf ("\nError : Input file '%s' has too many (%d) channels. Limit is %d.\n",
++			argv [1], sfinfo.channels, MAX_CHANNELS) ;
++		exit (1) ;
++		} ;
++
++
+ 	state.channels = sfinfo.channels ;
+ 	sfinfo.channels = 1 ;
+ 
+-- 
+2.11.0
+

package/libsndfile/0003-a-ulaw-fix-multiple-buffer-overflows-432.patch

@@ -0,0 +1,96 @@
+From 8ddc442d539ca775d80cdbc7af17a718634a743f Mon Sep 17 00:00:00 2001
+From: Hugo Lefeuvre <hle@owl.eu.com>
+Date: Mon, 24 Dec 2018 06:43:48 +0100
+Subject: [PATCH] a/ulaw: fix multiple buffer overflows (#432)
+
+i2ulaw_array() and i2alaw_array() fail to handle ptr [count] = INT_MIN
+properly, leading to buffer underflow. INT_MIN is a special value
+since - INT_MIN cannot be represented as int.
+
+In this case round - INT_MIN to INT_MAX and proceed as usual.
+
+f2ulaw_array() and f2alaw_array() fail to handle ptr [count] = NaN
+properly, leading to null pointer dereference.
+
+In this case, arbitrarily set the buffer value to 0.
+
+This commit fixes #429 (CVE-2018-19661 and CVE-2018-19662) and
+fixes #344 (CVE-2017-17456 and CVE-2017-17457).
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ src/alaw.c | 9 +++++++--
+ src/ulaw.c | 9 +++++++--
+ 2 files changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/src/alaw.c b/src/alaw.c
+index 063fd1a2..4220224c 100644
+--- a/src/alaw.c
++++ b/src/alaw.c
+@@ -19,6 +19,7 @@
+ #include	"sfconfig.h"
+ 
+ #include	<math.h>
++#include	<limits.h>
+ 
+ #include	"sndfile.h"
+ #include	"common.h"
+@@ -326,7 +327,9 @@ s2alaw_array (const short *ptr, int count, unsigned char *buffer)
+ static inline void
+ i2alaw_array (const int *ptr, int count, unsigned char *buffer)
+ {	while (--count >= 0)
+-	{	if (ptr [count] >= 0)
++	{	if (ptr [count] == INT_MIN)
++			buffer [count] = alaw_encode [INT_MAX >> (16 + 4)] ;
++		else if (ptr [count] >= 0)
+ 			buffer [count] = alaw_encode [ptr [count] >> (16 + 4)] ;
+ 		else
+ 			buffer [count] = 0x7F & alaw_encode [- ptr [count] >> (16 + 4)] ;
+@@ -346,7 +349,9 @@ f2alaw_array (const float *ptr, int count, unsigned char *buffer, float normfact
+ static inline void
+ d2alaw_array (const double *ptr, int count, unsigned char *buffer, double normfact)
+ {	while (--count >= 0)
+-	{	if (ptr [count] >= 0)
++	{	if (!isfinite (ptr [count]))
++			buffer [count] = 0 ;
++		else if (ptr [count] >= 0)
+ 			buffer [count] = alaw_encode [lrint (normfact * ptr [count])] ;
+ 		else
+ 			buffer [count] = 0x7F & alaw_encode [- lrint (normfact * ptr [count])] ;
+diff --git a/src/ulaw.c b/src/ulaw.c
+index e50b4cb5..b6070ade 100644
+--- a/src/ulaw.c
++++ b/src/ulaw.c
+@@ -19,6 +19,7 @@
+ #include	"sfconfig.h"
+ 
+ #include	<math.h>
++#include	<limits.h>
+ 
+ #include	"sndfile.h"
+ #include	"common.h"
+@@ -827,7 +828,9 @@ s2ulaw_array (const short *ptr, int count, unsigned char *buffer)
+ static inline void
+ i2ulaw_array (const int *ptr, int count, unsigned char *buffer)
+ {	while (--count >= 0)
+-	{	if (ptr [count] >= 0)
++	{	if (ptr [count] == INT_MIN)
++			buffer [count] = ulaw_encode [INT_MAX >> (16 + 2)] ;
++		else if (ptr [count] >= 0)
+ 			buffer [count] = ulaw_encode [ptr [count] >> (16 + 2)] ;
+ 		else
+ 			buffer [count] = 0x7F & ulaw_encode [-ptr [count] >> (16 + 2)] ;
+@@ -847,7 +850,9 @@ f2ulaw_array (const float *ptr, int count, unsigned char *buffer, float normfact
+ static inline void
+ d2ulaw_array (const double *ptr, int count, unsigned char *buffer, double normfact)
+ {	while (--count >= 0)
+-	{	if (ptr [count] >= 0)
++	{	if (!isfinite (ptr [count]))
++			buffer [count] = 0 ;
++		else if (ptr [count] >= 0)
+ 			buffer [count] = ulaw_encode [lrint (normfact * ptr [count])] ;
+ 		else
+ 			buffer [count] = 0x7F & ulaw_encode [- lrint (normfact * ptr [count])] ;
+-- 
+2.11.0
+

package/libsquish/0001-Makefile-add-f-option-for-ln-to-remove-existing-dest.patch

@@ -0,0 +1,32 @@
+From 1e541293ac19c49f886220b64de6006c5c700144 Mon Sep 17 00:00:00 2001
+From: Romain Naour <romain.naour@gmail.com>
+Date: Sat, 12 Jan 2019 12:50:54 +0100
+Subject: [PATCH] Makefile: add -f option for ln to remove existing destination
+ files
+
+While reinstalling the library, all symlinks are present.
+Ask ln to remove them with -f.
+
+Signed-off-by: Romain Naour <romain.naour@gmail.com>
+---
+ Makefile | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index fd7d6c8..2683819 100644
+--- a/Makefile
++++ b/Makefile
+@@ -25,8 +25,8 @@ install: $(LIB) $(LIBA) libsquish.pc
+ 	$(INSTALL_FILE) $(LIBA) $(INSTALL_DIR)/$(LIB_PATH)
+ ifneq ($(USE_SHARED),0)
+ 	$(INSTALL_FILE) $(LIB) $(INSTALL_DIR)/$(LIB_PATH)
+-	ln -s $(LIB) $(INSTALL_DIR)/$(LIB_PATH)/$(SOLIB)
+-	ln -s $(LIB) $(INSTALL_DIR)/$(LIB_PATH)/libsquish.so
++	ln -sf $(LIB) $(INSTALL_DIR)/$(LIB_PATH)/$(SOLIB)
++	ln -sf $(LIB) $(INSTALL_DIR)/$(LIB_PATH)/libsquish.so
+ 	$(INSTALL_DIRECTORY) $(INSTALL_DIR)/$(LIB_PATH)/pkgconfig
+ 	$(INSTALL_FILE) libsquish.pc $(INSTALL_DIR)/$(LIB_PATH)/pkgconfig
+ endif
+-- 
+2.14.5
+

package/libsquish/Config.in

@@ -1,7 +1,6 @@
 config BR2_PACKAGE_LIBSQUISH
 	bool "libsquish"
 	depends on BR2_INSTALL_LIBSTDCPP
-	depends on !BR2_STATIC_LIBS
 	help
 	  The libSquish library compresses images with the DXT standard
 	  (also known as S3TC). This standard is mainly used by OpenGL
@@ -9,5 +8,5 @@ config BR2_PACKAGE_LIBSQUISH
 
 	  http://sourceforge.net/projects/libsquish
 
-comment "libsquish needs a toolchain w/ C++, dynamic library"
-	depends on !BR2_INSTALL_LIBSTDCPP || BR2_STATIC_LIBS
+comment "libsquish needs a toolchain w/ C++"
+	depends on !BR2_INSTALL_LIBSTDCPP

package/libsquish/libsquish.hash

@@ -1,3 +1,5 @@
 # From http://sourceforge.net/projects/libsquish/files
 sha1 51844b9a8bc815a27e2cc0ffbede5fee3ef75110 libsquish-1.15.tgz
 md5 c02645800131e55b519ff8dbe7284f93 libsquish-1.15.tgz
+# Locally calculated
+sha256 a6b8c383bf3ab28460d6507484d605dd722e03971606f0cd3032a3af682b63a5  LICENSE.txt

package/libsquish/libsquish.mk

@@ -12,26 +12,29 @@ LIBSQUISH_STRIP_COMPONENTS = 0
 LIBSQUISH_LICENSE = MIT
 LIBSQUISH_LICENSE_FILES = LICENSE.txt
 
+ifeq ($(BR2_STATIC_LIBS),y)
+LIBSQUISH_MAKE_ENV = USE_SHARED=0
+else
+LIBSQUISH_MAKE_ENV = USE_SHARED=1
+endif
+
 define LIBSQUISH_BUILD_CMDS
-	$(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)
+	$(TARGET_CONFIGURE_OPTS) $(LIBSQUISH_MAKE_ENV) $(MAKE) -C $(@D)
 endef
 
 define LIBSQUISH_INSTALL_STAGING_CMDS
 	mkdir -p $(STAGING_DIR)/usr/include
 	mkdir -p $(STAGING_DIR)/usr/lib
-	$(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D) \
+	$(TARGET_CONFIGURE_OPTS) $(LIBSQUISH_MAKE_ENV) $(MAKE) -C $(@D) \
 		install PREFIX=/usr INSTALL_DIR=$(STAGING_DIR)/usr
 	$(INSTALL) -D -m 644 $(@D)/libsquish.pc $(STAGING_DIR)/usr/lib/pkgconfig/libsquish.pc
-	ln -sf libsquish.so.0.0 $(STAGING_DIR)/usr/lib/libsquish.so
-	ln -sf libsquish.so.0.0 $(STAGING_DIR)/usr/lib/libsquish.so.0
 endef
 
 define LIBSQUISH_INSTALL_TARGET_CMDS
 	mkdir -p $(TARGET_DIR)/usr/include
 	mkdir -p $(TARGET_DIR)/usr/lib
-	$(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D) \
+	$(TARGET_CONFIGURE_OPTS) $(LIBSQUISH_MAKE_ENV) $(MAKE) -C $(@D) \
 		install PREFIX=/usr INSTALL_DIR=$(TARGET_DIR)/usr
-	ln -sf libsquish.so.0.0 $(TARGET_DIR)/usr/lib/libsquish.so.0
 endef
 
 $(eval $(generic-package))