Update for 2017.08.1

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

CHANGES

@@ -1,3 +1,37 @@
+2017.08.1, Released October 23rd, 2017
+
+	Important / security related fixes.
+
+	Webkitgtk bumped to the 2.18.x series, fixing a large number
+	of security issues.
+
+	Defconfigs: galileo: fix ext4 related kernel config, bump
+	kernel for gcc 6.x compatibility, enable wchar support for
+	grub2. wandboard: correct rootfs offset
+
+	support: Ensure gzip compression level 6 is used for git
+	tarballs. check-bin-arch: Correctly handle (ignore) symbolic
+	links. check-rpath: Also handle PIE binaries
+
+	External toolchain: Correctly handle glibc Buildroot
+	toolchains built with merged /usr
+
+	musl: fix ARMv4 build with binutils 2.27.51+, fix for
+	CVE-2017-15650
+
+	Updated/fixed packages: apache, augeas, bind, bluez5_utils,
+	busybox, bzip2, cmake, dnsmasq, ejabberd, gcc, git, go, ffmpeg, file,
+	flashrom, gd, gdk-pixbug, gnupg2, hostapd, ifupdown-scripts,
+	imagemagick, iucode-tool, kernel-module-imx-gpu-viv, lame,
+	libarchive, libcurl, libffi, libidn, libmbim, libnspr, libnss,
+	libressl, librsync, libsoup, libxml2, libzip, mbedtls, musl,
+	netplug, nginx, openvpn, pkgconf, poppler, proxychains-ng,
+	qemu, qt, rpi-userland, syslog, ruby, samba4, softether,
+	sqlite, strongswan, subversion, supertuxkart, supervisor, tcpdump,
+	tor, unrar, urq, vboot-utils, webkitgtk, wpa_supplicant, xen,
+	xmlstarlet, xlib_libXfont, xlib_libXfont2,
+	xserver_xorg-server, zsh
+
 2017.08, Released September 1st, 2017
 
 	Minor fixes.

Config.in

@@ -458,7 +458,7 @@ choice
 config BR2_OPTIMIZE_0
 	bool "optimization level 0"
 	help
-	  Do not optimize. This is the default.
+	  Do not optimize.
 
 config BR2_OPTIMIZE_1
 	bool "optimization level 1"
@@ -525,6 +525,7 @@ config BR2_OPTIMIZE_S
 	  -falign-loops -falign-labels -freorder-blocks
 	  -freorder-blocks-and-partition -fprefetch-loop-arrays
 	  -ftree-vect-loop-version
+	  This is the default.
 
 endchoice
 

Makefile

@@ -87,9 +87,9 @@ all:
 .PHONY: all
 
 # Set and export the version string
-export BR2_VERSION := 2017.08
+export BR2_VERSION := 2017.08.1
 # Actual time the release is cut (for reproducible builds)
-BR2_VERSION_EPOCH = 1504300000
+BR2_VERSION_EPOCH = 1508790000
 
 # Save running make version since it's clobbered by the make package
 RUNNING_MAKE_VERSION := $(MAKE_VERSION)
@@ -486,6 +486,8 @@ include package/Makefile.in
 -include $(wildcard arch/arch.mk.*)
 include support/dependencies/dependencies.mk
 
+PACKAGES += $(DEPENDENCIES_HOST_PREREQ)
+
 include toolchain/*.mk
 include toolchain/*/*.mk
 
@@ -542,7 +544,7 @@ endif
 
 .PHONY: dirs
 dirs: $(BUILD_DIR) $(STAGING_DIR) $(TARGET_DIR) \
-	$(HOST_DIR) $(HOST_DIR)/usr $(BINARIES_DIR)
+	$(HOST_DIR) $(HOST_DIR)/usr $(HOST_DIR)/lib $(BINARIES_DIR)
 
 $(BUILD_DIR)/buildroot-config/auto.conf: $(BR2_CONFIG)
 	$(MAKE1) $(EXTRAMAKEARGS) HOSTCC="$(HOSTCC_NOCCACHE)" HOSTCXX="$(HOSTCXX_NOCCACHE)" silentoldconfig
@@ -565,6 +567,13 @@ sdk: world
 $(HOST_DIR)/usr: $(HOST_DIR)
 	@ln -snf . $@
 
+$(HOST_DIR)/lib: $(HOST_DIR)
+	@mkdir -p $@
+	@case $(HOSTARCH) in \
+		(*64) ln -snf lib $(@D)/lib64;; \
+		(*)   ln -snf lib $(@D)/lib32;; \
+	esac
+
 # Populating the staging with the base directories is handled by the skeleton package
 $(STAGING_DIR):
 	@mkdir -p $(STAGING_DIR)

board/intel/galileo/linux-3.14.config

@@ -28,7 +28,7 @@ CONFIG_EMBEDDED=y
 CONFIG_JUMP_LABEL=y
 CONFIG_MODULES=y
 CONFIG_MODULE_UNLOAD=y
-# CONFIG_LBDAF is not set
+CONFIG_LBDAF=y
 CONFIG_PARTITION_ADVANCED=y
 CONFIG_BSD_DISKLABEL=y
 # CONFIG_ZONE_DMA is not set

board/wandboard/genimage.cfg

@@ -26,6 +26,7 @@ image sdcard.img {
   partition rootfs {
     partition-type = 0x83
     image = "rootfs.ext4"
+    offset = 1M
     size = 512M
   }
 }

configs/galileo_defconfig

@@ -1,4 +1,6 @@
 BR2_x86_x1000=y
+# Needed for TARGET_GRUB2
+BR2_TOOLCHAIN_BUILDROOT_WCHAR=y
 # Linux headers same as kernel, a 3.14 series
 BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_3_14=y
 BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_MDEV=y
@@ -10,7 +12,7 @@ BR2_ROOTFS_POST_IMAGE_SCRIPT="board/intel/galileo/post-image.sh"
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_GIT=y
 BR2_LINUX_KERNEL_CUSTOM_REPO_URL="https://github.com/mdr78/Linux-x1000.git"
-BR2_LINUX_KERNEL_CUSTOM_REPO_VERSION="0feded4f96ddca9816c6c1b8a4780cb4065747b9"
+BR2_LINUX_KERNEL_CUSTOM_REPO_VERSION="8b3c9d8ce1656a26b1097d9091d53bfb39fef640"
 BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
 BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/intel/galileo/linux-3.14.config"
 BR2_LINUX_KERNEL_INSTALL_TARGET=y

configs/minnowboard_max-graphical_defconfig

@@ -6,6 +6,8 @@ BR2_x86_atom=y
 BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_12=y
 BR2_TOOLCHAIN_BUILDROOT_LOCALE=y
 BR2_TOOLCHAIN_BUILDROOT_CXX=y
+# needed for TARGET_GRUB2
+BR2_TOOLCHAIN_BUILDROOT_WCHAR=y
 
 # System configuration
 BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_EUDEV=y

docs/manual/customize-outside-br.txt

@@ -199,7 +199,7 @@ and to the kernel configuration file as follows (e.g. by running
 ----
 BR2_GLOBAL_PATCH_DIR=$(BR2_EXTERNAL_BAR_42_PATH)/patches/
 BR2_ROOTFS_OVERLAY=$(BR2_EXTERNAL_BAR_42_PATH)/board/<boardname>/overlay/
-BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE=$(BR2_EXTERNAL_BAR_42_FOO)/board/<boardname>/kernel.config
+BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE=$(BR2_EXTERNAL_BAR_42_PATH)/board/<boardname>/kernel.config
 ----
 
 ===== Example layout
@@ -263,7 +263,7 @@ illustration, of course):
   |     |BR2_GLOBAL_PATCH_DIR="$(BR2_EXTERNAL_BAR_42_PATH)/patches/"
   |     |BR2_ROOTFS_OVERLAY="$(BR2_EXTERNAL_BAR_42_PATH)/board/my-board/overlay/"
   |     |BR2_ROOTFS_POST_IMAGE_SCRIPT="$(BR2_EXTERNAL_BAR_42_PATH)/board/my-board/post-image.sh"
-  |     |BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="$(BR2_EXTERNAL_BAR_42_FOO)/board/my-board/kernel.config"
+  |     |BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="$(BR2_EXTERNAL_BAR_42_PATH)/board/my-board/kernel.config"
   |     `----
   |
   |- patches/linux/0001-some-change.patch

docs/manual/patch-policy.txt

@@ -19,9 +19,14 @@ global patch directory.
 ==== Downloaded
 
 If it is necessary to apply a patch that is available for download, then add it
-to the +<packagename>_PATCH+ variable. It is downloaded from the same site
-as the package itself. It can be a single patch, or a tarball containing a
-patch series.
+to the +<packagename>_PATCH+ variable. If an entry contains +://+,
+then Buildroot will assume it is a full URL and download the patch
+from this location. Otherwise, Buildroot will assume that the patch should be
+downloaded from +<packagename>_SITE+. It can be a single patch,
+or a tarball containing a patch series.
+
+Like for all downloads, a hash should be added to the +<packagename>.hash+
+file.
 
 This method is typically used for packages from Debian.
 

docs/manual/using-buildroot-development.txt

@@ -50,11 +50,11 @@ BUSYBOX_OVERRIDE_SRCDIR = /home/bob/busybox/
 When Buildroot finds that for a given package, an
 +<pkg>_OVERRIDE_SRCDIR+ has been defined, it will no longer attempt to
 download, extract and patch the package. Instead, it will directly use
-the source code available in in the specified directory and +make
-clean+ will not touch this directory. This allows to point Buildroot
-to your own directories, that can be managed by Git, Subversion, or
-any other version control system. To achieve this, Buildroot will use
-_rsync_ to copy the source code of the component from the specified
+the source code available in the specified directory and +make clean+
+will not touch this directory. This allows to point Buildroot to your
+own directories, that can be managed by Git, Subversion, or any other
+version control system. To achieve this, Buildroot will use _rsync_ to
+copy the source code of the component from the specified
 +<pkg>_OVERRIDE_SRCDIR+ to +output/build/<package>-custom/+.
 
 This mechanism is best used in conjunction with the +make

linux/Config.in

@@ -29,7 +29,7 @@ config BR2_LINUX_KERNEL_LATEST_VERSION
 	bool "Latest version (4.12.10)"
 
 config BR2_LINUX_KERNEL_LATEST_CIP_VERSION
-	bool "Latest CIP SLTS version (v4.4.75-cip6)"
+	bool "Latest CIP SLTS version (v4.4.83-cip8)"
 	help
 	  CIP launched in the spring of 2016 to address the needs of
 	  organizations in industries such as power generation and
@@ -117,7 +117,7 @@ endif
 config BR2_LINUX_KERNEL_VERSION
 	string
 	default "4.12.10" if BR2_LINUX_KERNEL_LATEST_VERSION
-	default "v4.4.75-cip6" if BR2_LINUX_KERNEL_LATEST_CIP_VERSION
+	default "v4.4.83-cip8" if BR2_LINUX_KERNEL_LATEST_CIP_VERSION
 	default BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE \
 		if BR2_LINUX_KERNEL_CUSTOM_VERSION
 	default "custom" if BR2_LINUX_KERNEL_CUSTOM_TARBALL

package/apache/0003-CVS-2017-9798.patch

@@ -0,0 +1,30 @@
+core: Disallow Methods' registration at run time (.htaccess), they may
+be used only if registered at init time (httpd.conf).
+
+Calling ap_method_register() in children processes is not the right scope
+since it won't be shared for all requests.
+
+git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1807655 13f79535-47bb-0310-9956-ffa450edef68
+
+Fixes CVE-2017-9798: https://nvd.nist.gov/vuln/detail/CVE-2017-9798
+
+Downloaded from upstream repo:
+https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch
+
+Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
+
+--- a/server/core.c	2017/08/16 16:50:29	1805223
++++ b/server/core.c	2017/09/08 13:13:11	1807754
+@@ -2266,6 +2266,12 @@
+             /* method has not been registered yet, but resource restriction
+              * is always checked before method handling, so register it.
+              */
++            if (cmd->pool == cmd->temp_pool) {
++                /* In .htaccess, we can't globally register new methods. */
++                return apr_psprintf(cmd->pool, "Could not register method '%s' "
++                                   "for %s from .htaccess configuration",
++                                    method, cmd->cmd->name);
++            }
+             methnum = ap_method_register(cmd->pool,
+                                          apr_pstrdup(cmd->pool, method));
+         }

package/augeas/augeas.hash

@@ -1,2 +1,2 @@
 # Locally calculated
-sha256  515ce904138d99ff51d45ba7ed0d809bdee6c42d3bc538c8c820e010392d4cc5  augeas-1.8.0.tar.gz
+sha256  65cf75b5a573fee2a5c6c6e3c95cad05f0101e70d3f9db10d53f6cc5b11bc9f9  augeas-1.8.1.tar.gz

package/augeas/augeas.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-AUGEAS_VERSION = 1.8.0
+AUGEAS_VERSION = 1.8.1
 AUGEAS_SITE = http://download.augeas.net
 AUGEAS_INSTALL_STAGING = YES
 AUGEAS_LICENSE = LGPL-2.1+

package/bind/bind.hash

@@ -1,3 +1,3 @@
-# Verified from http://ftp.isc.org/isc/bind9/9.11.1-P3/bind-9.11.1-P3.tar.gz.sha256.asc
-sha256 52426e75432e46996dc90f24fca027805a341c38fbbb022b60dc9acd2677ccf4 bind-9.11.1-P3.tar.gz
+# Verified from http://ftp.isc.org/isc/bind9/9.11.2/bind-9.11.2.tar.gz.sha256.asc
+sha256 7f46ad8620f7c3b0ac375d7a5211b15677708fda84ce25d7aeb7222fe2e3c77a bind-9.11.2.tar.gz
 sha256 d3906dfe153e2c48440d3ca1d5319f5e89b4b820cdfc5d0779c23d7ac2b175e9 COPYRIGHT

package/bind/bind.mk

@@ -4,8 +4,8 @@
 #
 ################################################################################
 
-BIND_VERSION = 9.11.1-P3
-BIND_SITE = ftp://ftp.isc.org/isc/bind9/$(BIND_VERSION)
+BIND_VERSION = 9.11.2
+BIND_SITE = http://ftp.isc.org/isc/bind9/$(BIND_VERSION)
 # bind does not support parallel builds.
 BIND_MAKE = $(MAKE1)
 BIND_INSTALL_STAGING = YES

package/bluez5_utils/bluez5_utils.hash

@@ -1,2 +1,2 @@
 # From https://www.kernel.org/pub/linux/bluetooth/sha256sums.asc:
-sha256 ddab3d3837c1afb8ae228a94ba17709a4650bd4db24211b6771ab735c8908e28  bluez-5.46.tar.xz
+sha256 cf75bf7cd5d564f21cc4a2bd01d5c39ce425397335fd47d9bbe43af0a58342c8  bluez-5.47.tar.xz

package/bluez5_utils/bluez5_utils.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-BLUEZ5_UTILS_VERSION = 5.46
+BLUEZ5_UTILS_VERSION = 5.47
 BLUEZ5_UTILS_SOURCE = bluez-$(BLUEZ5_UTILS_VERSION).tar.xz
 BLUEZ5_UTILS_SITE = $(BR2_KERNEL_MIRROR)/linux/bluetooth
 BLUEZ5_UTILS_INSTALL_STAGING = YES

package/busybox/0005-httpd-fix-handling-of-range-requests.patch

@@ -0,0 +1,27 @@
+From 2b400d9b2b7309d6e479102fc3ce646e893058a5 Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Mon, 18 Sep 2017 13:09:11 +0200
+Subject: [PATCH] httpd: fix handling of range requests
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ networking/httpd.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/networking/httpd.c b/networking/httpd.c
+index e072f23c7..5e32fc936 100644
+--- a/networking/httpd.c
++++ b/networking/httpd.c
+@@ -2337,7 +2337,7 @@ static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr)
+ 			if (STRNCASECMP(iobuf, "Range:") == 0) {
+ 				/* We know only bytes=NNN-[MMM] */
+ 				char *s = skip_whitespace(iobuf + sizeof("Range:")-1);
+-				if (is_prefixed_with(s, "bytes=") == 0) {
++				if (is_prefixed_with(s, "bytes=")) {
+ 					s += sizeof("bytes=")-1;
+ 					range_start = BB_STRTOOFF(s, &s, 10);
+ 					if (s[0] != '-' || range_start < 0) {
+-- 
+2.11.0
+

package/busybox/busybox.hash

@@ -1,3 +1,3 @@
-# From https://busybox.net/downloads/busybox-1.27.1.tar.bz2.sign
-md5	df7e45d07634c54ca16b9191635db9c6	busybox-1.27.1.tar.bz2
-sha1	a154f70a10fe39062b6fb00eaff5baf39db535ec	busybox-1.27.1.tar.bz2
+# From https://busybox.net/downloads/busybox-1.27.2.tar.bz2.sign
+md5	476186f4bab81781dab2369bfd42734e	busybox-1.27.2.tar.bz2
+sha1	11669e223cc38de646ce26080e91ca29b8d42ad9	busybox-1.27.2.tar.bz2

package/busybox/busybox.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-BUSYBOX_VERSION = 1.27.1
+BUSYBOX_VERSION = 1.27.2
 BUSYBOX_SITE = http://www.busybox.net/downloads
 BUSYBOX_SOURCE = busybox-$(BUSYBOX_VERSION).tar.bz2
 BUSYBOX_LICENSE = GPL-2.0

package/bzip2/bzip2.mk

@@ -12,13 +12,13 @@ BZIP2_LICENSE_FILES = LICENSE
 
 ifeq ($(BR2_STATIC_LIBS),)
 define BZIP2_BUILD_SHARED_CMDS
-	$(TARGET_MAKE_ENV)
+	$(TARGET_MAKE_ENV) \
 		$(MAKE) -C $(@D) -f Makefile-libbz2_so $(TARGET_CONFIGURE_OPTS)
 endef
 endif
 
 define BZIP2_BUILD_CMDS
-	$(TARGET_MAKE_ENV)
+	$(TARGET_MAKE_ENV) \
 		$(MAKE) -C $(@D) libbz2.a bzip2 bzip2recover $(TARGET_CONFIGURE_OPTS)
 	$(BZIP2_BUILD_SHARED_CMDS)
 endef

package/cmake/cmake.mk

@@ -46,6 +46,7 @@ define HOST_CMAKE_CONFIGURE_CMDS
 			-DCMAKE_C_FLAGS="$(HOST_CMAKE_CFLAGS)" \
 			-DCMAKE_CXX_FLAGS="$(HOST_CMAKE_CXXFLAGS)" \
 			-DCMAKE_EXE_LINKER_FLAGS="$(HOST_LDFLAGS)" \
+			-DCMAKE_USE_OPENSSL:BOOL=OFF \
 			-DBUILD_CursesDialog=OFF \
 	)
 endef

package/dnsmasq/dnsmasq.hash

@@ -1,2 +1,6 @@
 # Locally calculated after checking pgp signature
-sha256	4b92698dee19ca0cb2a8f2e48f1d2dffd01a21eb15d1fbed4cf085630c8c9f96	dnsmasq-2.76.tar.xz
+# http://www.thekelleys.org.uk/dnsmasq/dnsmasq-2.78.tar.xz.asc
+sha256	89949f438c74b0c7543f06689c319484bd126cc4b1f8c745c742ab397681252b	dnsmasq-2.78.tar.xz
+# Locally calculated
+sha256	dcc100d4161cc0b7177545ab6e47216f84857cda3843847c792a25289852dcaa	COPYING
+sha256	8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903	COPYING-v3

package/dnsmasq/dnsmasq.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DNSMASQ_VERSION = 2.76
+DNSMASQ_VERSION = 2.78
 DNSMASQ_SOURCE = dnsmasq-$(DNSMASQ_VERSION).tar.xz
 DNSMASQ_SITE = http://thekelleys.org.uk/dnsmasq
 DNSMASQ_MAKE_ENV = $(TARGET_MAKE_ENV) CC="$(TARGET_CC)"
@@ -58,7 +58,7 @@ DNSMASQ_MAKE_OPTS += LIBS+="-ldl"
 endif
 
 define DNSMASQ_ENABLE_LUA
-	$(SED) 's/lua5.1/lua/g' $(DNSMASQ_DIR)/Makefile
+	$(SED) 's/lua5.2/lua/g' $(DNSMASQ_DIR)/Makefile
 	$(SED) 's^.*#define HAVE_LUASCRIPT.*^#define HAVE_LUASCRIPT^' \
 		$(DNSMASQ_DIR)/src/config.h
 endef

package/ejabberd/ejabberd.mk

@@ -36,9 +36,9 @@ define EJABBERD_INSTALL_TARGET_CMDS
 	$(TARGET_MAKE_ENV) $(MAKE) DESTDIR=$(TARGET_DIR) install -C $(@D)
 endef
 
-# Delete HOST_DIR prefix from ERL path in ejabberctl script.
+# Replace HOST_DIR prefix to /usr in ERL path of ejabberctl script.
 define EJABBERD_FIX_EJABBERDCTL
-	$(SED) 's,ERL=$(HOST_DIR),ERL=,' '$(TARGET_DIR)/usr/sbin/ejabberdctl'
+	$(SED) 's,ERL=$(HOST_DIR),ERL=/usr,' '$(TARGET_DIR)/usr/sbin/ejabberdctl'
 endef
 
 EJABBERD_POST_INSTALL_TARGET_HOOKS += EJABBERD_FIX_EJABBERDCTL

package/ffmpeg/ffmpeg.hash

@@ -1,2 +1,2 @@
 # Locally calculated
-sha256 d2a9002cdc6b533b59728827186c044ad02ba64841f1b7cd6c21779875453a1e  ffmpeg-3.3.3.tar.xz
+sha256 98b97e1b908dfeb6aeb6d407e5a5eacdfc253a40c2d195f5867ed2d1d46ea957  ffmpeg-3.3.4.tar.xz

package/ffmpeg/ffmpeg.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-FFMPEG_VERSION = 3.3.3
+FFMPEG_VERSION = 3.3.4
 FFMPEG_SOURCE = ffmpeg-$(FFMPEG_VERSION).tar.xz
 FFMPEG_SITE = http://ffmpeg.org/releases
 FFMPEG_INSTALL_STAGING = YES

package/file/file.hash

@@ -1,2 +1,2 @@
 # Locally calculated
-sha256 09c588dac9cff4baa054f51a36141793bcf64926edc909594111ceae60fce4ee  file-5.31.tar.gz
+sha256 8639dc4d1b21e232285cd483604afc4a6ee810710e00e579dbe9591681722b50  file-5.32.tar.gz

package/file/file.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-FILE_VERSION = 5.31
+FILE_VERSION = 5.32
 FILE_SITE = ftp://ftp.astron.com/pub/file
 FILE_DEPENDENCIES = host-file zlib
 HOST_FILE_DEPENDENCIES = host-zlib

package/flashrom/flashrom.mk

@@ -12,7 +12,8 @@ FLASHROM_LICENSE = GPL-2.0+
 FLASHROM_LICENSE_FILES = COPYING
 
 define FLASHROM_BUILD_CMDS
-	$(TARGET_MAKE_ENV) $(MAKE) $(TARGET_CONFIGURE_OPTS) -C $(@D)
+	$(TARGET_MAKE_ENV) $(MAKE) $(TARGET_CONFIGURE_OPTS) \
+		CFLAGS="$(TARGET_CFLAGS) -DHAVE_STRNLEN" -C $(@D)
 endef
 
 define FLASHROM_INSTALL_TARGET_CMDS

package/freescale-imx/kernel-module-imx-gpu-viv/kernel-module-imx-gpu-viv.hash

@@ -1,2 +1,2 @@
 # locally computed
-sha256	0d45472a967d747bc1948b0332f77c8cd9f6ec1620b0922e82ca5ddd053b40ea  kernel-module-imx-gpu-viv-a05d9b23b9902f6ce87d23772de2fdb2ecfb37a7.tar.gz
+sha256	f18b826fd25328adf6b4405f48fdf0eaaddc77bb79c0dee76cd8c28aa8ffc078  kernel-module-imx-gpu-viv-a05d9b23b9902f6ce87d23772de2fdb2ecfb37a7.tar.gz

package/gcc/4.9.4/875-xtensa-fix-PR-target-82181.patch

@@ -0,0 +1,31 @@
+From 8dd3af97bb6ccb3dfd6cbe20c5a28ce80fcd0de7 Mon Sep 17 00:00:00 2001
+From: jcmvbkbc <jcmvbkbc@138bc75d-0d04-0410-961f-82ee72b054a4>
+Date: Mon, 11 Sep 2017 21:53:38 +0000
+Subject: [PATCH] xtensa: fix PR target/82181
+
+2017-09-11  Max Filippov  <jcmvbkbc@gmail.com>
+gcc/
+	Backport from mainline
+	* config/xtensa/xtensa.c (xtensa_mem_offset): Check that both
+	words of DImode object are reachable by xtensa_uimm8x4 access.
+
+Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
+---
+ gcc/config/xtensa/xtensa.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/gcc/config/xtensa/xtensa.c b/gcc/config/xtensa/xtensa.c
+index 3c0096113775..3eb4db85b971 100644
+--- a/gcc/config/xtensa/xtensa.c
++++ b/gcc/config/xtensa/xtensa.c
+@@ -612,6 +612,7 @@ xtensa_mem_offset (unsigned v, enum machine_mode mode)
+     case HImode:
+       return xtensa_uimm8x2 (v);
+ 
++    case DImode:
+     case DFmode:
+       return (xtensa_uimm8x4 (v) && xtensa_uimm8x4 (v + 4));
+ 
+-- 
+2.1.4
+

package/gcc/5.4.0/877-xtensa-fix-PR-target-82181.patch

@@ -0,0 +1,31 @@
+From 136e0f6b0c0acbe547894c6f8c855e3246c558b4 Mon Sep 17 00:00:00 2001
+From: jcmvbkbc <jcmvbkbc@138bc75d-0d04-0410-961f-82ee72b054a4>
+Date: Mon, 11 Sep 2017 21:53:38 +0000
+Subject: [PATCH] xtensa: fix PR target/82181
+
+2017-09-11  Max Filippov  <jcmvbkbc@gmail.com>
+gcc/
+	Backport from mainline
+	* config/xtensa/xtensa.c (xtensa_mem_offset): Check that both
+	words of DImode object are reachable by xtensa_uimm8x4 access.
+
+Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
+---
+ gcc/config/xtensa/xtensa.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/gcc/config/xtensa/xtensa.c b/gcc/config/xtensa/xtensa.c
+index 8e62d631bce0..a30aa1bcfc33 100644
+--- a/gcc/config/xtensa/xtensa.c
++++ b/gcc/config/xtensa/xtensa.c
+@@ -637,6 +637,7 @@ xtensa_mem_offset (unsigned v, machine_mode mode)
+     case HImode:
+       return xtensa_uimm8x2 (v);
+ 
++    case DImode:
+     case DFmode:
+       return (xtensa_uimm8x4 (v) && xtensa_uimm8x4 (v + 4));
+ 
+-- 
+2.1.4
+

package/gcc/6.4.0/870-xtensa-fix-PR-target-82181.patch

@@ -0,0 +1,31 @@
+From 3bc2ee6886f1619bc6a2257a0775142526b1a57a Mon Sep 17 00:00:00 2001
+From: jcmvbkbc <jcmvbkbc@138bc75d-0d04-0410-961f-82ee72b054a4>
+Date: Mon, 11 Sep 2017 21:53:38 +0000
+Subject: [PATCH] xtensa: fix PR target/82181
+
+2017-09-11  Max Filippov  <jcmvbkbc@gmail.com>
+gcc/
+	Backport from mainline
+	* config/xtensa/xtensa.c (xtensa_mem_offset): Check that both
+	words of DImode object are reachable by xtensa_uimm8x4 access.
+
+Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
+---
+ gcc/config/xtensa/xtensa.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/gcc/config/xtensa/xtensa.c b/gcc/config/xtensa/xtensa.c
+index 2bdf5ccef979..92fdeb08046d 100644
+--- a/gcc/config/xtensa/xtensa.c
++++ b/gcc/config/xtensa/xtensa.c
+@@ -601,6 +601,7 @@ xtensa_mem_offset (unsigned v, machine_mode mode)
+     case HImode:
+       return xtensa_uimm8x2 (v);
+ 
++    case DImode:
+     case DFmode:
+       return (xtensa_uimm8x4 (v) && xtensa_uimm8x4 (v + 4));
+ 
+-- 
+2.1.4
+

package/gcc/7.2.0/0870-xtensa-fix-PR-target-82181.patch

@@ -0,0 +1,31 @@
+From 3ed0c49a8d52e88648c7bb9f21a204b23595a6a9 Mon Sep 17 00:00:00 2001
+From: jcmvbkbc <jcmvbkbc@138bc75d-0d04-0410-961f-82ee72b054a4>
+Date: Mon, 11 Sep 2017 21:53:38 +0000
+Subject: [PATCH] xtensa: fix PR target/82181
+
+2017-09-11  Max Filippov  <jcmvbkbc@gmail.com>
+gcc/
+	Backport from mainline
+	* config/xtensa/xtensa.c (xtensa_mem_offset): Check that both
+	words of DImode object are reachable by xtensa_uimm8x4 access.
+
+Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
+---
+ gcc/config/xtensa/xtensa.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/gcc/config/xtensa/xtensa.c b/gcc/config/xtensa/xtensa.c
+index 25e4a2894c3b..8c404187107b 100644
+--- a/gcc/config/xtensa/xtensa.c
++++ b/gcc/config/xtensa/xtensa.c
+@@ -605,6 +605,7 @@ xtensa_mem_offset (unsigned v, machine_mode mode)
+     case HImode:
+       return xtensa_uimm8x2 (v);
+ 
++    case DImode:
+     case DFmode:
+       return (xtensa_uimm8x4 (v) && xtensa_uimm8x4 (v + 4));
+ 
+-- 
+2.1.4
+

package/gd/0001-gdlib-config.patch

@@ -1,32 +0,0 @@
-Fix gdlib-config
-
-Since the @LIBICONV@ macro doesn't get replaced at compile time, we
-end up installing an invalid gdlib-config: the gdlib-config --libs
-says that one should link against @LIBICONV@ which obviously doesn't
-work.
-
-Use the OpenWRT patch from
-https://dev.openwrt.org/browser/packages/libs/gd/patches/101-gdlib-config.patch
-
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
-
---- a/config/gdlib-config.in
-+++ b/config/gdlib-config.in
-@@ -71,7 +71,7 @@ while test $# -gt 0; do
- 	echo @LDFLAGS@
- 	;;
-     --libs)
--	echo -lgd @LIBS@ @LIBICONV@
-+	echo -lgd @LIBS@
- 	;;
-     --cflags|--includes)
- 	echo -I@includedir@
-@@ -84,7 +84,7 @@ while test $# -gt 0; do
- 	echo "includedir: $includedir"
- 	echo "cflags:     -I@includedir@"
- 	echo "ldflags:    @LDFLAGS@"
--	echo "libs:       @LIBS@ @LIBICONV@"
-+	echo "libs:       @LIBS@"
- 	echo "libdir:     $libdir"
- 	echo "features:   @FEATURES@"
- 	;;

package/gd/0002-gd_bmp-fix-build-with-uClibc.patch

@@ -1,50 +0,0 @@
-From ea2a03e983acf34a1320b460dcad43b7e0b0b14f Mon Sep 17 00:00:00 2001
-Message-Id: <ea2a03e983acf34a1320b460dcad43b7e0b0b14f.1397134306.git.baruch@tkos.co.il>
-From: Baruch Siach <baruch@tkos.co.il>
-Date: Thu, 10 Apr 2014 15:49:13 +0300
-Subject: [PATCH] gd_bmp: fix build with uClibc
-
-Some architectures (like ARM) don't have the long double variants of math
-functions under uClibc. Add a local ceill definition in this case.
-
-Patch status: reported upstream, 
-https://bitbucket.org/libgd/gd-libgd/issue/123/build-failure-agains-uclibc-arm
-
-Signed-off-by: Baruch Siach <baruch@tkos.co.il>
----
- src/gd_bmp.c | 12 ++++++++++++
- 1 file changed, 12 insertions(+)
-
-diff --git a/src/gd_bmp.c b/src/gd_bmp.c
-index 0fc021909f1b..11b3ec1baa01 100644
---- a/src/gd_bmp.c
-+++ b/src/gd_bmp.c
-@@ -25,6 +25,11 @@
- #include "gdhelpers.h"
- #include "bmp.h"
- 
-+#include <features.h>
-+#if defined (__UCLIBC__) && !defined(__UCLIBC_HAS_LONG_DOUBLE_MATH__)
-+#define NO_LONG_DOUBLE
-+#endif
-+
- static int compress_row(unsigned char *uncompressed_row, int length);
- static int build_rle_packet(unsigned char *row, int packet_type, int length, unsigned char *data);
- 
-@@ -42,6 +47,13 @@ static int bmp_read_rle(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info);
- 
- #define BMP_DEBUG(s)
- 
-+#ifdef NO_LONG_DOUBLE
-+long double ceill(long double x)
-+{
-+	return (long double) ceil((double) x);
-+}
-+#endif
-+
- static int gdBMPPutWord(gdIOCtx *out, int w)
- {
- 	/* Byte order is little-endian */
--- 
-1.9.1
-

package/gd/gd.hash

@@ -1,2 +1,3 @@
 # Locally calculated
-sha256	137f13a7eb93ce72e32ccd7cebdab6874f8cf7ddf31d3a455a68e016ecd9e4e6	libgd-2.2.4.tar.xz
+sha256	8c302ccbf467faec732f0741a859eef4ecae22fea2d2ab87467be940842bde51	libgd-2.2.5.tar.xz
+sha256  d02dae2141d49b8a6b09b2b73e68a8f17d7bbeaaf02b3b841ee11fea2d9e328d	COPYING

package/gd/gd.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-GD_VERSION = 2.2.4
+GD_VERSION = 2.2.5
 GD_SOURCE = libgd-$(GD_VERSION).tar.xz
 GD_SITE = https://github.com/libgd/libgd/releases/download/gd-$(GD_VERSION)
 GD_INSTALL_STAGING = YES

package/gdk-pixbuf/gdk-pixbuf.hash

@@ -1,2 +1,4 @@
-# From http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/2.36/gdk-pixbuf-2.36.6.sha256sum
-sha256 455eb90c09ed1b71f95f3ebfe1c904c206727e0eeb34fc94e5aaf944663a820c  gdk-pixbuf-2.36.6.tar.xz
+# From http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/2.36/gdk-pixbuf-2.36.10.sha256sum
+sha256 f8f6fa896b89475c73b6e9e8d2a2b062fc359c4b4ccb8e96470d6ab5da949ace  gdk-pixbuf-2.36.10.tar.xz
+# Locally calculated
+sha256 d245807f90032872d1438d741ed21e2490e1175dc8aa3afa5ddb6c8e529b58e5  COPYING

package/gdk-pixbuf/gdk-pixbuf.mk

@@ -5,7 +5,7 @@
 ################################################################################
 
 GDK_PIXBUF_VERSION_MAJOR = 2.36
-GDK_PIXBUF_VERSION = $(GDK_PIXBUF_VERSION_MAJOR).6
+GDK_PIXBUF_VERSION = $(GDK_PIXBUF_VERSION_MAJOR).10
 GDK_PIXBUF_SOURCE = gdk-pixbuf-$(GDK_PIXBUF_VERSION).tar.xz
 GDK_PIXBUF_SITE = http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/$(GDK_PIXBUF_VERSION_MAJOR)
 GDK_PIXBUF_LICENSE = LGPL-2.0+
@@ -20,6 +20,9 @@ GDK_PIXBUF_CONF_ENV = \
 	ac_cv_path_GLIB_GENMARSHAL=$(LIBGLIB2_HOST_BINARY) \
 	gio_can_sniff=no
 
+HOST_GDK_PIXBUF_CONF_ENV = \
+	gio_can_sniff=no
+
 GDK_PIXBUF_CONF_OPTS = --disable-glibtest
 
 ifneq ($(BR2_PACKAGE_LIBPNG),y)

package/git/git.hash

@@ -1,4 +1,4 @@
 # From: https://www.kernel.org/pub/software/scm/git/sha256sums.asc
-sha256 21c9e29caac86d244ac7af78bc3422746dabb903cb3952a1ceefd801020ad1a1  git-2.13.5.tar.xz
+sha256 bce97e403bea34f50378e90ade10c12666b2382cc247551b63dc5604e03b2523  git-2.13.6.tar.xz
 sha256 5b2198d1645f767585e8a88ac0499b04472164c0d2da22e75ecf97ef443ab32e  COPYING
 sha256 1922f45d2c49e390032c9c0ba6d7cac904087f7cec51af30c2b2ad022ce0e76a  LGPL-2.1

package/git/git.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-GIT_VERSION = 2.13.5
+GIT_VERSION = 2.13.6
 GIT_SOURCE = git-$(GIT_VERSION).tar.xz
 GIT_SITE = $(BR2_KERNEL_MIRROR)/software/scm/git
 GIT_LICENSE = GPL-2.0, LGPL-2.1+

package/gnupg2/gnupg2.mk

@@ -42,10 +42,10 @@ else
 GNUPG2_CONF_OPTS += --disable-gnutls
 endif
 
-ifeq ($(BR2_PACKAGE_LIBUSB_COMPAT),y)
+ifeq ($(BR2_PACKAGE_LIBUSB),y)
 GNUPG2_CONF_ENV += CPPFLAGS="$(TARGET_CPPFLAGS) -I$(STAGING_DIR)/usr/include/libusb-1.0"
 GNUPG2_CONF_OPTS += --enable-ccid-driver
-GNUPG2_DEPENDENCIES += libusb-compat
+GNUPG2_DEPENDENCIES += libusb
 else
 GNUPG2_CONF_OPTS += --disable-ccid-driver
 endif

package/go/go.mk

@@ -52,7 +52,7 @@ HOST_GO_TARGET_ENV = \
 # set, build in cgo support for any go programs that may need it.  Note that
 # any target package needing cgo support must include
 # 'depends on BR2_TOOLCHAIN_HAS_THREADS' in its config file.
-ifeq (BR2_TOOLCHAIN_HAS_THREADS,y)
+ifeq ($(BR2_TOOLCHAIN_HAS_THREADS),y)
 HOST_GO_CGO_ENABLED = 1
 else
 HOST_GO_CGO_ENABLED = 0
@@ -74,8 +74,8 @@ HOST_GO_MAKE_ENV = \
 	GOARCH=$(GO_GOARCH) \
 	$(if $(GO_GOARM),GOARM=$(GO_GOARM)) \
 	GOOS=linux \
-	CGO_ENABLED=$(HOST_GO_CGO_ENABLED) \
-	CC=$(HOSTCC_NOCCACHE)
+	CC=$(HOSTCC_NOCCACHE) \
+	CXX=$(HOSTCXX_NOCCACHE)
 
 HOST_GO_TARGET_CC = \
 	CC_FOR_TARGET="$(TARGET_CC)" \
@@ -83,16 +83,18 @@ HOST_GO_TARGET_CC = \
 
 HOST_GO_HOST_CC = \
 	CC_FOR_TARGET=$(HOSTCC_NOCCACHE) \
-	CXX_FOR_TARGET=$(HOSTCC_NOCCACHE)
+	CXX_FOR_TARGET=$(HOSTCXX_NOCCACHE)
 
 HOST_GO_TMP = $(@D)/host-go-tmp
 
 define HOST_GO_BUILD_CMDS
-	cd $(@D)/src && $(HOST_GO_MAKE_ENV) $(HOST_GO_HOST_CC) ./make.bash
+	cd $(@D)/src && \
+		$(HOST_GO_MAKE_ENV) $(HOST_GO_HOST_CC) CGO_ENABLED=0 ./make.bash
 	mkdir -p $(HOST_GO_TMP)
 	mv $(@D)/pkg/tool $(HOST_GO_TMP)/
 	mv $(@D)/bin/ $(HOST_GO_TMP)/
-	cd $(@D)/src && $(HOST_GO_MAKE_ENV) $(HOST_GO_TARGET_CC) ./make.bash
+	cd $(@D)/src && \
+		$(HOST_GO_MAKE_ENV) $(HOST_GO_TARGET_CC) CGO_ENABLED=$(HOST_GO_CGO_ENABLED) ./make.bash
 endef
 
 define HOST_GO_INSTALL_CMDS

package/hostapd/Config.in

@@ -10,7 +10,7 @@ config BR2_PACKAGE_HOSTAPD
 	  IEEE 802.1X/WPA/WPA2/EAP authenticators, RADIUS client,
 	  EAP server and RADIUS authentication server.
 
-	  http://hostap.epitest.fi/
+	  http://w1.fi/hostapd/
 
 if BR2_PACKAGE_HOSTAPD
 

package/hostapd/hostapd.hash

@@ -1,2 +1,4 @@
 # Locally calculated
 sha256  01526b90c1d23bec4b0f052039cc4456c2fd19347b4d830d1d58a0a6aea7117d  hostapd-2.6.tar.gz
+sha256  529113cc81256c6178f3c1cf25dd8d3f33e6d770e4a180bd31c6ab7e4917f40b  rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
+sha256  147c8abe07606905d16404fb2d2c8849796ca7c85ed8673c09bb50038bcdeb9e  rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch

package/hostapd/hostapd.mk

@@ -5,7 +5,10 @@
 ################################################################################
 
 HOSTAPD_VERSION = 2.6
-HOSTAPD_SITE = http://hostap.epitest.fi/releases
+HOSTAPD_SITE = http://w1.fi/releases
+HOSTAPD_PATCH = \
+	http://w1.fi/security/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch \
+	http://w1.fi/security/2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
 HOSTAPD_SUBDIR = hostapd
 HOSTAPD_CONFIG = $(HOSTAPD_DIR)/$(HOSTAPD_SUBDIR)/.config
 HOSTAPD_DEPENDENCIES = host-pkgconf libnl

package/ifupdown-scripts/ifupdown-scripts.mk

@@ -31,7 +31,7 @@ endif
 
 define IFUPDOWN_SCRIPTS_INSTALL_TARGET_CMDS
 	mkdir -p $(TARGET_DIR)/etc/network
-	cp -a $(IFUPDOWN_SCRIPTS_PKGDIR)/network/* $(TARGET_DIR)/etc/network
+	$(call SYSTEM_RSYNC,$(IFUPDOWN_SCRIPTS_PKGDIR)/network,$(TARGET_DIR)/etc/network)
 	$(IFUPDOWN_SCRIPTS_LOCALHOST)
 	$(IFUPDOWN_SCRIPTS_DHCP)
 endef

package/imagemagick/imagemagick.hash

@@ -1,2 +1,2 @@
 # Locally computed
-sha256 3a6b21352ed0eb984bdbd0943471df8605b978b527125921e97e5b404f2bee3a  7.0.6-0.tar.gz
+sha256 5a45e29509dbb23793a9c8db5c47ef1114c1ee82c9ca60053eaf06b3fc243e2c  7.0.7-1.tar.gz

package/imagemagick/imagemagick.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-IMAGEMAGICK_VERSION = 7.0.6-0
+IMAGEMAGICK_VERSION = 7.0.7-1
 IMAGEMAGICK_SOURCE = $(IMAGEMAGICK_VERSION).tar.gz
 IMAGEMAGICK_SITE = https://github.com/ImageMagick/ImageMagick/archive
 IMAGEMAGICK_LICENSE = Apache-2.0

package/iucode-tool/iucode-tool.hash

@@ -1,2 +1,3 @@
 # Locally computed
-sha256	33271652032f20f866a212bc98ea01a8db65c4ac839fa820aa23da974fd6ff62	iucode-tool_1.5.tar.xz
+sha256 9810daf925b8a9ca244adc4e1916bcab65601c9ebe87e91c2281f78055982971  iucode-tool_2.2.tar.xz
+sha256 ab15fd526bd8dd18a9e77ebc139656bf4d33e97fc7238cd11bf60e2b9b8666c6  COPYING

package/iucode-tool/iucode-tool.mk

@@ -4,11 +4,10 @@
 #
 ################################################################################
 
-IUCODE_TOOL_VERSION = 1.5
+IUCODE_TOOL_VERSION = 2.2
 IUCODE_TOOL_SOURCE = iucode-tool_$(IUCODE_TOOL_VERSION).tar.xz
 IUCODE_TOOL_SITE = https://gitlab.com/iucode-tool/releases/raw/master
 ifeq ($(BR2_PACKAGE_ARGP_STANDALONE),y)
-IUCODE_TOOL_CONF_ENV = LIBS="-largp"
 IUCODE_TOOL_DEPENDENCIES = argp-standalone
 endif
 IUCODE_TOOL_LICENSE = GPL-2.0+

package/lame/0001-configure.patch

@@ -1,69 +0,0 @@
-Various patches to fix autoreconf errors.
-
-All patches besides
-- AM_ICONV in configure.in
-are already applied upstream:
-http://lame.cvs.sourceforge.net/viewvc/lame/lame/configure.in?r1=1.145&r2=1.146
-http://lame.cvs.sourceforge.net/viewvc/lame/lame/doc/html/Makefile.am?r1=1.8&r2=1.9
-http://lame.cvs.sourceforge.net/viewvc/lame/lame/doc/man/Makefile.am?r1=1.1&r2=1.2
-
-libmp3lame/i386/Makefile.am patch ported from Debian
-http://anonscm.debian.org/cgit/pkg-multimedia/lame.git/tree/debian/patches/ansi2knr2devnull.patch
-
-Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
-
-diff -uNr lame-3.99.5.org/configure.in lame-3.99.5/configure.in
---- lame-3.99.5.org/configure.in	2012-02-28 19:50:27.000000000 +0100
-+++ lame-3.99.5/configure.in	2015-04-11 11:36:15.464835008 +0200
-@@ -77,9 +77,6 @@
- 	AC_MSG_RESULT(${GCC_version})
- fi
- 
--dnl more automake stuff
--AM_C_PROTOTYPES
--
- AC_CHECK_HEADER(dmalloc.h)
- if test "${ac_cv_header_dmalloc_h}" = "yes"; then
- 	AM_WITH_DMALLOC
-@@ -376,8 +373,6 @@
- AC_CHECK_LIB(curses, initscr, HAVE_TERMCAP="curses")
- AC_CHECK_LIB(ncurses, initscr, HAVE_TERMCAP="ncurses")
- 
--AM_ICONV
-- 
- dnl math lib
- AC_CHECK_LIB(m, cos, USE_LIBM="-lm")
- dnl free fast math library
-diff -uNr lame-3.99.5.org/doc/html/Makefile.am lame-3.99.5/doc/html/Makefile.am
---- lame-3.99.5.org/doc/html/Makefile.am	2010-09-30 22:58:40.000000000 +0200
-+++ lame-3.99.5/doc/html/Makefile.am	2015-04-11 11:37:02.880239754 +0200
-@@ -1,6 +1,6 @@
- ## $Id: Makefile.am,v 1.7 2010/09/30 20:58:40 jaz001 Exp $
- 
--AUTOMAKE_OPTIONS = foreign ansi2knr
-+AUTOMAKE_OPTIONS = foreign
- 
- docdir = $(datadir)/doc
- pkgdocdir = $(docdir)/$(PACKAGE)
-diff -uNr lame-3.99.5.org/doc/man/Makefile.am lame-3.99.5/doc/man/Makefile.am
---- lame-3.99.5.org/doc/man/Makefile.am	2000-10-22 13:39:44.000000000 +0200
-+++ lame-3.99.5/doc/man/Makefile.am	2015-04-11 11:37:08.704167318 +0200
-@@ -1,6 +1,6 @@
- ## $Id: Makefile.am,v 1.1 2000/10/22 11:39:44 aleidinger Exp $
- 
--AUTOMAKE_OPTIONS = foreign ansi2knr
-+AUTOMAKE_OPTIONS = foreign
- 
- man_MANS = lame.1
- EXTRA_DIST = ${man_MANS}
-diff -uNr lame-3.99.5.org/libmp3lame/i386/Makefile.am lame-3.99.5/libmp3lame/i386/Makefile.am
---- lame-3.99.5.org/libmp3lame/i386/Makefile.am	2011-04-04 11:42:34.000000000 +0200
-+++ lame-3.99.5/libmp3lame/i386/Makefile.am	2015-04-11 11:37:35.191833351 +0200
-@@ -1,6 +1,6 @@
- ## $Id: Makefile.am,v 1.26 2011/04/04 09:42:34 aleidinger Exp $
- 
--AUTOMAKE_OPTIONS = foreign $(top_srcdir)/ansi2knr
-+AUTOMAKE_OPTIONS = foreign
- 
- DEFS = @DEFS@ @CONFIG_DEFS@
- 

package/lame/0002-gtk1-ac-directives.patch

@@ -1,210 +0,0 @@
-Include GTK-1 autoconf directives in build system.
-Applied-Upstream: http://lame.cvs.sf.net/viewvc/lame/lame/acinclude.m4?r1=1.5&r2=1.6
-
-Downloaded from
-http://lame.cvs.sf.net/viewvc/lame/lame/acinclude.m4?r1=1.5&r2=1.6&view=patch
-
-to fix autoreconf.
-
-Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
-
---- a/acinclude.m4	2006/12/21 09:03:03	1.5
-+++ b/acinclude.m4	2012/06/18 20:51:05	1.6
-@@ -85,4 +85,197 @@
- [AC_MSG_WARN(can't check for IEEE854 compliant 80 bit floats)]
- )])]) # alex_IEEE854_FLOAT80
- 
-+# Configure paths for GTK+
-+# Owen Taylor     97-11-3
- 
-+dnl AM_PATH_GTK([MINIMUM-VERSION, [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND [, MODULES]]]])
-+dnl Test for GTK, and define GTK_CFLAGS and GTK_LIBS
-+dnl
-+AC_DEFUN([AM_PATH_GTK],
-+[dnl
-+dnl Get the cflags and libraries from the gtk-config script
-+dnl
-+AC_ARG_WITH(gtk-prefix,[  --with-gtk-prefix=PFX   Prefix where GTK is installed (optional)],
-+            gtk_config_prefix="$withval", gtk_config_prefix="")
-+AC_ARG_WITH(gtk-exec-prefix,[  --with-gtk-exec-prefix=PFX Exec prefix where GTK is installed (optional)],
-+            gtk_config_exec_prefix="$withval", gtk_config_exec_prefix="")
-+AC_ARG_ENABLE(gtktest, [  --disable-gtktest       Do not try to compile and run a test GTK program],
-+        , enable_gtktest=yes)
-+
-+  for module in . $4
-+  do
-+      case "$module" in
-+         gthread)
-+             gtk_config_args="$gtk_config_args gthread"
-+         ;;
-+      esac
-+  done
-+
-+  if test x$gtk_config_exec_prefix != x ; then
-+     gtk_config_args="$gtk_config_args --exec-prefix=$gtk_config_exec_prefix"
-+     if test x${GTK_CONFIG+set} != xset ; then
-+        GTK_CONFIG=$gtk_config_exec_prefix/bin/gtk-config
-+     fi
-+  fi
-+  if test x$gtk_config_prefix != x ; then
-+     gtk_config_args="$gtk_config_args --prefix=$gtk_config_prefix"
-+     if test x${GTK_CONFIG+set} != xset ; then
-+        GTK_CONFIG=$gtk_config_prefix/bin/gtk-config
-+     fi
-+  fi
-+
-+  AC_PATH_PROG(GTK_CONFIG, gtk-config, no)
-+  min_gtk_version=ifelse([$1], ,0.99.7,$1)
-+  AC_MSG_CHECKING(for GTK - version >= $min_gtk_version)
-+  no_gtk=""
-+  if test "$GTK_CONFIG" = "no" ; then
-+    no_gtk=yes
-+  else
-+    GTK_CFLAGS=`$GTK_CONFIG $gtk_config_args --cflags`
-+    GTK_LIBS=`$GTK_CONFIG $gtk_config_args --libs`
-+    gtk_config_major_version=`$GTK_CONFIG $gtk_config_args --version | \
-+           sed 's/\([[0-9]]*\).\([[0-9]]*\).\([[0-9]]*\)/\1/'`
-+    gtk_config_minor_version=`$GTK_CONFIG $gtk_config_args --version | \
-+           sed 's/\([[0-9]]*\).\([[0-9]]*\).\([[0-9]]*\)/\2/'`
-+    gtk_config_micro_version=`$GTK_CONFIG $gtk_config_args --version | \
-+           sed 's/\([[0-9]]*\).\([[0-9]]*\).\([[0-9]]*\)/\3/'`
-+    if test "x$enable_gtktest" = "xyes" ; then
-+      ac_save_CFLAGS="$CFLAGS"
-+      ac_save_LIBS="$LIBS"
-+      CFLAGS="$CFLAGS $GTK_CFLAGS"
-+      LIBS="$GTK_LIBS $LIBS"
-+dnl
-+dnl Now check if the installed GTK is sufficiently new. (Also sanity
-+dnl checks the results of gtk-config to some extent
-+dnl
-+      rm -f conf.gtktest
-+      AC_TRY_RUN([
-+#include <gtk/gtk.h>
-+#include <stdio.h>
-+#include <stdlib.h>
-+
-+int
-+main ()
-+{
-+  int major, minor, micro;
-+  char *tmp_version;
-+
-+  system ("touch conf.gtktest");
-+
-+  /* HP/UX 9 (%@#!) writes to sscanf strings */
-+  tmp_version = g_strdup("$min_gtk_version");
-+  if (sscanf(tmp_version, "%d.%d.%d", &major, &minor, &micro) != 3) {
-+     printf("%s, bad version string\n", "$min_gtk_version");
-+     exit(1);
-+   }
-+
-+  if ((gtk_major_version != $gtk_config_major_version) ||
-+      (gtk_minor_version != $gtk_config_minor_version) ||
-+      (gtk_micro_version != $gtk_config_micro_version))
-+    {
-+      printf("\n*** 'gtk-config --version' returned %d.%d.%d, but GTK+ (%d.%d.%d)\n",
-+             $gtk_config_major_version, $gtk_config_minor_version, $gtk_config_micro_version,
-+             gtk_major_version, gtk_minor_version, gtk_micro_version);
-+      printf ("*** was found! If gtk-config was correct, then it is best\n");
-+      printf ("*** to remove the old version of GTK+. You may also be able to fix the error\n");
-+      printf("*** by modifying your LD_LIBRARY_PATH enviroment variable, or by editing\n");
-+      printf("*** /etc/ld.so.conf. Make sure you have run ldconfig if that is\n");
-+      printf("*** required on your system.\n");
-+      printf("*** If gtk-config was wrong, set the environment variable GTK_CONFIG\n");
-+      printf("*** to point to the correct copy of gtk-config, and remove the file config.cache\n");
-+      printf("*** before re-running configure\n");
-+    }
-+#if defined (GTK_MAJOR_VERSION) && defined (GTK_MINOR_VERSION) && defined (GTK_MICRO_VERSION)
-+  else if ((gtk_major_version != GTK_MAJOR_VERSION) ||
-+     (gtk_minor_version != GTK_MINOR_VERSION) ||
-+           (gtk_micro_version != GTK_MICRO_VERSION))
-+    {
-+      printf("*** GTK+ header files (version %d.%d.%d) do not match\n",
-+       GTK_MAJOR_VERSION, GTK_MINOR_VERSION, GTK_MICRO_VERSION);
-+      printf("*** library (version %d.%d.%d)\n",
-+       gtk_major_version, gtk_minor_version, gtk_micro_version);
-+    }
-+#endif /* defined (GTK_MAJOR_VERSION) ... */
-+  else
-+    {
-+      if ((gtk_major_version > major) ||
-+        ((gtk_major_version == major) && (gtk_minor_version > minor)) ||
-+        ((gtk_major_version == major) && (gtk_minor_version == minor) && (gtk_micro_version >= micro)))
-+      {
-+        return 0;
-+       }
-+     else
-+      {
-+        printf("\n*** An old version of GTK+ (%d.%d.%d) was found.\n",
-+               gtk_major_version, gtk_minor_version, gtk_micro_version);
-+        printf("*** You need a version of GTK+ newer than %d.%d.%d. The latest version of\n",
-+         major, minor, micro);
-+        printf("*** GTK+ is always available from ftp://ftp.gtk.org.\n");
-+        printf("***\n");
-+        printf("*** If you have already installed a sufficiently new version, this error\n");
-+        printf("*** probably means that the wrong copy of the gtk-config shell script is\n");
-+        printf("*** being found. The easiest way to fix this is to remove the old version\n");
-+        printf("*** of GTK+, but you can also set the GTK_CONFIG environment to point to the\n");
-+        printf("*** correct copy of gtk-config. (In this case, you will have to\n");
-+        printf("*** modify your LD_LIBRARY_PATH enviroment variable, or edit /etc/ld.so.conf\n");
-+        printf("*** so that the correct libraries are found at run-time))\n");
-+      }
-+    }
-+  return 1;
-+}
-+],, no_gtk=yes,[echo $ac_n "cross compiling; assumed OK... $ac_c"])
-+       CFLAGS="$ac_save_CFLAGS"
-+       LIBS="$ac_save_LIBS"
-+     fi
-+  fi
-+  if test "x$no_gtk" = x ; then
-+     AC_MSG_RESULT(yes)
-+     ifelse([$2], , :, [$2])
-+  else
-+     AC_MSG_RESULT(no)
-+     if test "$GTK_CONFIG" = "no" ; then
-+       echo "*** The gtk-config script installed by GTK could not be found"
-+       echo "*** If GTK was installed in PREFIX, make sure PREFIX/bin is in"
-+       echo "*** your path, or set the GTK_CONFIG environment variable to the"
-+       echo "*** full path to gtk-config."
-+     else
-+       if test -f conf.gtktest ; then
-+        :
-+       else
-+          echo "*** Could not run GTK test program, checking why..."
-+          CFLAGS="$CFLAGS $GTK_CFLAGS"
-+          LIBS="$LIBS $GTK_LIBS"
-+          AC_TRY_LINK([
-+#include <gtk/gtk.h>
-+#include <stdio.h>
-+],      [ return ((gtk_major_version) || (gtk_minor_version) || (gtk_micro_version)); ],
-+        [ echo "*** The test program compiled, but did not run. This usually means"
-+          echo "*** that the run-time linker is not finding GTK or finding the wrong"
-+          echo "*** version of GTK. If it is not finding GTK, you'll need to set your"
-+          echo "*** LD_LIBRARY_PATH environment variable, or edit /etc/ld.so.conf to point"
-+          echo "*** to the installed location  Also, make sure you have run ldconfig if that"
-+          echo "*** is required on your system"
-+    echo "***"
-+          echo "*** If you have an old version installed, it is best to remove it, although"
-+          echo "*** you may also be able to get things to work by modifying LD_LIBRARY_PATH"
-+          echo "***"
-+          echo "*** If you have a RedHat 5.0 system, you should remove the GTK package that"
-+          echo "*** came with the system with the command"
-+          echo "***"
-+          echo "***    rpm --erase --nodeps gtk gtk-devel" ],
-+        [ echo "*** The test program failed to compile or link. See the file config.log for the"
-+          echo "*** exact error that occured. This usually means GTK was incorrectly installed"
-+          echo "*** or that you have moved GTK since it was installed. In the latter case, you"
-+          echo "*** may want to edit the gtk-config script: $GTK_CONFIG" ])
-+          CFLAGS="$ac_save_CFLAGS"
-+          LIBS="$ac_save_LIBS"
-+       fi
-+     fi
-+     GTK_CFLAGS=""
-+     GTK_LIBS=""
-+     ifelse([$3], , :, [$3])
-+  fi
-+  AC_SUBST(GTK_CFLAGS)
-+  AC_SUBST(GTK_LIBS)
-+  rm -f conf.gtktest
-+])

package/lame/0003-msse.patch

@@ -1,24 +0,0 @@
-Fix compile on 32bit Intel
-
-Downloaded from
-http://anonscm.debian.org/cgit/pkg-multimedia/lame.git/tree/debian/patches/msse.patch
-
-Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
-
-Description: Build xmm_quantize_sub.c with -msse
-Author: Sebastian Ramacher <sramacher@debian.org>
-Bug: http://sourceforge.net/p/lame/bugs/443/
-Bug-Debian: https://bugs.debian.org/760047
-Forwarded: http://sourceforge.net/p/lame/bugs/443/
-Last-Update: 2014-08-31
-
---- lame-3.99.5+repack1.orig/libmp3lame/vector/Makefile.am
-+++ lame-3.99.5+repack1/libmp3lame/vector/Makefile.am
-@@ -20,6 +20,7 @@ xmm_sources = xmm_quantize_sub.c
- 
- if WITH_XMM
- liblamevectorroutines_la_SOURCES = $(xmm_sources)
-+liblamevectorroutines_la_CFLAGS = -msse
- endif
- 
- noinst_HEADERS = lame_intrin.h

package/lame/lame.hash

@@ -1,2 +1,3 @@
 # Locally computed:
-sha256  24346b4158e4af3bd9f2e194bb23eb473c75fb7377011523353196b19b9a23ff  lame-3.99.5.tar.gz
+sha256  ddfe36cab873794038ae2c1210557ad34857a4b6bdc515785d1da9e175b1da1e  lame-3.100.tar.gz
+sha256  bfe4a52dc4645385f356a8e83cc54216a293e3b6f1cb4f79f5fc0277abf937fd  COPYING

package/lame/lame.mk

@@ -4,11 +4,9 @@
 #
 ################################################################################
 
-LAME_VERSION_MAJOR = 3.99
-LAME_VERSION = $(LAME_VERSION_MAJOR).5
-LAME_SITE = http://downloads.sourceforge.net/project/lame/lame/$(LAME_VERSION_MAJOR)
+LAME_VERSION = 3.100
+LAME_SITE = http://downloads.sourceforge.net/project/lame/lame/$(LAME_VERSION)
 LAME_DEPENDENCIES = host-pkgconf
-LAME_AUTORECONF = YES
 LAME_INSTALL_STAGING = YES
 LAME_CONF_ENV = GTK_CONFIG=/bin/false
 LAME_CONF_OPTS = --enable-dynamic-frontends

package/libarchive/0001-Do-something-sensible-for-empty-strings-to-make-fuzz.patch

@@ -0,0 +1,42 @@
+From fa7438a0ff4033e4741c807394a9af6207940d71 Mon Sep 17 00:00:00 2001
+From: Joerg Sonnenberger <joerg@bec.de>
+Date: Tue, 5 Sep 2017 18:12:19 +0200
+Subject: [PATCH] Do something sensible for empty strings to make fuzzers
+ happy.
+
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Upstream status: commit fa7438a0ff
+
+ libarchive/archive_read_support_format_xar.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/libarchive/archive_read_support_format_xar.c b/libarchive/archive_read_support_format_xar.c
+index 7a22beb9d8e4..93eeacc5e6eb 100644
+--- a/libarchive/archive_read_support_format_xar.c
++++ b/libarchive/archive_read_support_format_xar.c
+@@ -1040,6 +1040,9 @@ atol10(const char *p, size_t char_cnt)
+ 	uint64_t l;
+ 	int digit;
+ 
++	if (char_cnt == 0)
++		return (0);
++
+ 	l = 0;
+ 	digit = *p - '0';
+ 	while (digit >= 0 && digit < 10  && char_cnt-- > 0) {
+@@ -1054,7 +1057,10 @@ atol8(const char *p, size_t char_cnt)
+ {
+ 	int64_t l;
+ 	int digit;
+-        
++
++	if (char_cnt == 0)
++		return (0);
++
+ 	l = 0;
+ 	while (char_cnt-- > 0) {
+ 		if (*p >= '0' && *p <= '7')
+-- 
+2.14.1
+

package/libarchive/libarchive.hash

@@ -1,2 +1,2 @@
 # Locally computed:
-sha256  72ee1a4e3fd534525f13a0ba1aa7b05b203d186e0c6072a8a4738649d0b3cfd2  libarchive-3.2.1.tar.gz
+sha256  ed2dbd6954792b2c054ccf8ec4b330a54b85904a80cef477a1c74643ddafa0ce  libarchive-3.3.2.tar.gz

package/libarchive/libarchive.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBARCHIVE_VERSION = 3.2.1
+LIBARCHIVE_VERSION = 3.3.2
 LIBARCHIVE_SITE = http://www.libarchive.org/downloads
 LIBARCHIVE_INSTALL_STAGING = YES
 LIBARCHIVE_LICENSE = BSD-2-Clause, BSD-3-Clause

package/libcurl/0001-curl-system.h-support-more-architectures.patch

@@ -1,47 +0,0 @@
-From 7d84bd820ef412d251b643a4faced105668f4ebd Mon Sep 17 00:00:00 2001
-From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
-Date: Fri, 11 Aug 2017 18:52:37 +0200
-Subject: [PATCH] curl/system.h: support more architectures
-
-The long list of architectures in include/curl/system.h is annoying to
-maintain, and needs to be extended for each and every architecture to
-support.
-
-Instead, let's rely on the __SIZEOF_LONG__ define of the gcc compiler
-(we are in the GNUC condition anyway), which tells us if long is 4
-bytes or 8 bytes.
-
-This fixes the build of libcurl 7.55.0 on architectures such as
-OpenRISC or ARC.
-
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
----
- include/curl/system.h | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/include/curl/system.h b/include/curl/system.h
-index 79abf8f..0e13075 100644
---- a/include/curl/system.h
-+++ b/include/curl/system.h
-@@ -403,7 +403,7 @@
- #  if !defined(__LP64__) && (defined(__ILP32__) || \
-       defined(__i386__) || defined(__ppc__) || defined(__arm__) || \
-       defined(__sparc__) || defined(__mips__) || defined(__sh__) || \
--      defined(__XTENSA__))
-+      defined(__XTENSA__) || (defined(__SIZEOF_LONG__) && __SIZEOF_LONG__ == 4))
- #    define CURL_SIZEOF_LONG           4
- #    define CURL_TYPEOF_CURL_OFF_T     long long
- #    define CURL_FORMAT_CURL_OFF_T     "lld"
-@@ -412,7 +412,8 @@
- #    define CURL_SUFFIX_CURL_OFF_T     LL
- #    define CURL_SUFFIX_CURL_OFF_TU    ULL
- #  elif defined(__LP64__) || \
--        defined(__x86_64__) || defined(__ppc64__) || defined(__sparc64__)
-+        defined(__x86_64__) || defined(__ppc64__) || defined(__sparc64__) || \
-+        (defined(__SIZEOF_LONG__) && __SIZEOF_LONG__ == 8)
- #    define CURL_SIZEOF_LONG           8
- #    define CURL_TYPEOF_CURL_OFF_T     long
- #    define CURL_FORMAT_CURL_OFF_T     "ld"
--- 
-2.9.4
-

package/libcurl/libcurl.hash

@@ -1,3 +1,4 @@
 # Locally calculated after checking pgp signature
-# https://curl.haxx.se/download/curl-7.55.0.tar.xz.asc
-sha256 cdd58522f8607fd4e871df79d73acb3155075e2134641e5adab12a0962df059d  curl-7.55.0.tar.xz
+# https://curl.haxx.se/download/curl-7.56.0.tar.xz.asc
+sha256 32437bcca0e9434384329fdc733547879d25ba70335b3cf9e3d9cbc3e71fd172  curl-7.56.0.tar.xz
+sha256 cbcf511f5702f7baf5424193a792bc9c18fab22bcbec2e6a587598389dc632c2  COPYING

package/libcurl/libcurl.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBCURL_VERSION = 7.55.0
+LIBCURL_VERSION = 7.56.0
 LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz
 LIBCURL_SITE = https://curl.haxx.se/download
 LIBCURL_DEPENDENCIES = host-pkgconf \
@@ -22,6 +22,12 @@ LIBCURL_INSTALL_STAGING = YES
 LIBCURL_CONF_OPTS = --disable-manual --disable-ntlm-wb \
 	--enable-hidden-symbols --with-random=/dev/urandom --disable-curldebug
 
+ifeq ($(BR2_TOOLCHAIN_HAS_THREADS),y)
+LIBCURL_CONF_OPTS += --enable-threaded-resolver
+else
+LIBCURL_CONF_OPTS += --disable-threaded-resolver
+endif
+
 ifeq ($(BR2_PACKAGE_LIBCURL_VERBOSE),y)
 LIBCURL_CONF_OPTS += --enable-verbose
 else

package/libffi/0005-mips-use-__linux__-and-not-linux.patch

@@ -0,0 +1,37 @@
+From 1f43e5edfd91bee80e518432b80db01f1bf226e3 Mon Sep 17 00:00:00 2001
+From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+Date: Sun, 22 Oct 2017 15:02:11 +0200
+Subject: [PATCH] mips: use __linux__ and not linux
+
+The "linux" symbol is not POSIX compliant [1], and therefore not
+defined when building with -std=c99. Due to this, the linux
+conditional block doesn't get used on Linux when building Python 3.x
+(which is built with -std=c99). To fix this, we use the POSIX
+compliant __linux__ symbol, which is defined when -std=c99 is used.
+
+This fixes the build of Python 3.x on MIPS/musl configuration, as it
+makes sures that <asm/sgidefs.h> gets included and not <sgidefs.h>.
+
+[1] https://sourceforge.net/p/predef/wiki/OperatingSystems/
+
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+---
+ src/mips/ffitarget.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/mips/ffitarget.h b/src/mips/ffitarget.h
+index 717d659..6faa358 100644
+--- a/src/mips/ffitarget.h
++++ b/src/mips/ffitarget.h
+@@ -32,7 +32,7 @@
+ #error "Please do not include ffitarget.h directly into your source.  Use ffi.h instead."
+ #endif
+ 
+-#ifdef linux
++#ifdef __linux__
+ # include <asm/sgidefs.h>
+ #elif defined(__rtems__)
+ /*
+-- 
+2.13.6
+

package/libidn/0001-lib-punycode.c-decode_digit-Fix-integer-overflow.patch

@@ -0,0 +1,36 @@
+From e9e81b8063b095b02cf104bb992fa9bf9515b9d8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
+Date: Fri, 1 Sep 2017 10:04:48 +0200
+Subject: [PATCH] lib/punycode.c (decode_digit): Fix integer overflow
+
+This fix is a backport from libidn2 and addresses
+CVE-2017-14062.
+
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Upstream status: commit e9e81b8063b095
+
+ lib/punycode.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/lib/punycode.c b/lib/punycode.c
+index 86819a7deb85..49250a13e2cc 100644
+--- a/lib/punycode.c
++++ b/lib/punycode.c
+@@ -88,10 +88,10 @@ enum
+ /* point (for use in representing integers) in the range 0 to */
+ /* base-1, or base if cp does not represent a value.          */
+ 
+-static punycode_uint
+-decode_digit (punycode_uint cp)
++static unsigned
++decode_digit (int cp)
+ {
+-  return cp - 48 < 10 ? cp - 22 : cp - 65 < 26 ? cp - 65 :
++  return (unsigned) cp - 48 < 10 ? cp - 22 : cp - 65 < 26 ? cp - 65 :
+     cp - 97 < 26 ? cp - 97 : base;
+ }
+ 
+-- 
+2.14.1
+

package/libidn/libidn.mk

@@ -7,11 +7,13 @@
 LIBIDN_VERSION = 1.33
 LIBIDN_SITE = $(BR2_GNU_MIRROR)/libidn
 LIBIDN_INSTALL_STAGING = YES
-LIBIDN_CONF_ENV = EMACS="no"
+LIBIDN_CONF_ENV = EMACS="no" MAKEINFO=true
 LIBIDN_CONF_OPTS = --disable-java --enable-csharp=no
 LIBIDN_DEPENDENCIES = host-pkgconf $(TARGET_NLS_DEPENDENCIES) $(if $(BR2_PACKAGE_LIBICONV),libiconv)
 LIBIDN_LICENSE = GPL-2.0+, GPL-3.0+, LGPL-3.0+
 LIBIDN_LICENSE_FILES = COPYINGv2 COPYINGv3 COPYING.LESSERv3
+# lib/punycode.c patch triggers reconf in doc/
+LIBIDN_AUTORECONF = YES
 
 define LIBIDN_REMOVE_BINARY
 	rm -f $(TARGET_DIR)/usr/bin/idn

package/libmbim/Config.in

@@ -2,6 +2,7 @@ config BR2_PACKAGE_LIBMBIM
 	bool "libmbim"
 	depends on BR2_USE_WCHAR # libglib2
 	depends on BR2_TOOLCHAIN_HAS_THREADS # libglib2
+	depends on BR2_USE_MMU # libglib2
 	depends on BR2_PACKAGE_HAS_UDEV
 	select BR2_PACKAGE_LIBGUDEV
 	select BR2_PACKAGE_LIBGLIB2
@@ -13,5 +14,6 @@ config BR2_PACKAGE_LIBMBIM
 	  http://www.freedesktop.org/wiki/Software/libmbim/
 
 comment "libmbim needs udev /dev management and a toolchain w/ wchar, threads"
+	depends on BR2_USE_MMU
 	depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS || \
 		!BR2_PACKAGE_HAS_UDEV

package/libnspr/libnspr.hash

@@ -1,2 +1,4 @@
-# From https://ftp.mozilla.org/pub/nspr/releases/v4.15/src/SHA256SUMS
-sha256	27dde06bc3d0c88903a20d6ad807361a912cfb624ca0ab4efb10fc50b19e2d80	nspr-4.15.tar.gz
+# From https://ftp.mozilla.org/pub/nspr/releases/v4.17/src/SHA256SUMS
+sha256	590a0aea29412ae22d7728038c21ef2ab42646e48172a47d2e4bb782846d1095  nspr-4.17.tar.gz
+# Locally calculated
+sha256	fab3dd6bdab226f1c08630b1dd917e11fcb4ec5e1e020e2c16f83a0a13863e85  nspr/LICENSE

package/libnspr/libnspr.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBNSPR_VERSION = 4.15
+LIBNSPR_VERSION = 4.17
 LIBNSPR_SOURCE = nspr-$(LIBNSPR_VERSION).tar.gz
 LIBNSPR_SITE = https://ftp.mozilla.org/pub/mozilla.org/nspr/releases/v$(LIBNSPR_VERSION)/src
 LIBNSPR_SUBDIR = nspr

package/libnss/libnss.hash

@@ -1,2 +1,4 @@
-# From https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_31_RTM/src/SHA256SUMS
-sha256	e90561256a3271486162c1fbe8d614d118c333d36a4455be2af8688bd420a65d	nss-3.31.tar.gz
+# From https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_33_RTM/src/SHA256SUMS
+sha256	98f0dabd36408e83dd3a11727336cc3cdfee4cbdd9aede2b2831eb2389c284e4  nss-3.33.tar.gz
+# Locally calculated
+sha256	a20c1a32d1f8102432360b42e932869f7c11c7cdbacf9cac554c422132af47f4  nss/COPYING

package/libnss/libnss.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBNSS_VERSION = 3.31
+LIBNSS_VERSION = 3.33
 LIBNSS_SOURCE = nss-$(LIBNSS_VERSION).tar.gz
 LIBNSS_SITE = https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_$(subst .,_,$(LIBNSS_VERSION))_RTM/src
 LIBNSS_DISTDIR = dist

package/libressl/0002-Fix-build-with-musl-and-older-Linux-kernel.patch

@@ -0,0 +1,38 @@
+From: Baruch Siach <baruch@tkos.co.il>
+Date: Fri, 29 Sep 2017 10:06:52 +0300
+Subject: [PATCH] Fix build with musl and older Linux kernel
+
+The musl libc carries its own copy of Linux system calls. When building
+with Linux headers older than v3.17, musl provides SYS_getrandom
+definition, but not GRND_NONBLOCK. This causes build failure for
+libressl and openntpd:
+
+getentropy_linux.c: In function 'getentropy_getrandom':
+getentropy_linux.c:205:42: error: 'GRND_NONBLOCK' undeclared (first use in this function)
+   ret = syscall(SYS_getrandom, buf, len, GRND_NONBLOCK);
+                                          ^~~~~~~~~~~~~
+
+Define GRND_NONBLOCK locally when its definition is missing to fix the
+build. There should be no run-time effect. Older kernels return ENOSYS
+for unsupported syscall().
+
+[ from upstream pull request with file location changed ]
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Upstream status: https://github.com/libressl-portable/openbsd/pull/82
+
+diff -Nuar libressl-2.5.5-orig/crypto/compat/getentropy_linux.c libressl-2.5.5/crypto/compat/getentropy_linux.c
+--- libressl-2.5.5-orig/crypto/compat/getentropy_linux.c	2017-07-09 13:59:48.000000000 +0300
++++ libressl-2.5.5/crypto/compat/getentropy_linux.c	2017-09-29 10:03:32.447958829 +0300
+@@ -194,6 +194,11 @@
+ }
+ 
+ #ifdef SYS_getrandom
++
++#ifndef GRND_NONBLOCK
++#define GRND_NONBLOCK   0x0001
++#endif
++
+ static int
+ getentropy_getrandom(void *buf, size_t len)
+ {

package/librsync/0001-CMakeLists.txt-Don-t-require-a-C-compiler.patch

@@ -0,0 +1,33 @@
+From c1af3e1b926fa04dbddc2d30586ff26026083134 Mon Sep 17 00:00:00 2001
+From: Bernd Kuhls <bernd.kuhls@t-online.de>
+Date: Tue, 26 Sep 2017 19:06:43 +0200
+Subject: [PATCH] CMakeLists.txt: Don't require a C++ compiler
+
+By default, CMake assumes that the project is using both C and C++.  By
+explicitly passing 'C' as argument of the project() macro, we tell CMake
+that only C is used, which prevents CMake from erroring out if a C++
+compiler doesn't exist.
+
+Patch sent upstream: https://github.com/librsync/librsync/pull/116
+
+Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
+---
+ CMakeLists.txt | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 85536e3..7fe1eda 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -16,7 +16,7 @@
+ # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ 
+ 
+-project(librsync)
++project(librsync C)
+ cmake_minimum_required(VERSION 2.6)
+ 
+ INCLUDE(CMakeDependentOption)
+-- 
+2.11.0
+

package/librsync/0001-fix-build-with-clang.patch

@@ -1,37 +0,0 @@
-From 1175b1cd102ee15512185c7983868e5746959da0 Mon Sep 17 00:00:00 2001
-From: Adam Schubert <feartohell@seznam.cz>
-Date: Mon, 11 May 2015 04:25:45 +0200
-Subject: [PATCH] Fix build under clang
-
-Downloaded from upstream commit:
-https://github.com/librsync/librsync/commit/1175b1cd102ee15512185c7983868e5746959da0.patch
-
-Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
-
----
- delta.c | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/delta.c b/delta.c
-index 19498f9..72afdf6 100644
---- a/delta.c
-+++ b/delta.c
-@@ -126,12 +126,12 @@ static rs_result rs_delta_s_scan(rs_job_t *job);
- static rs_result rs_delta_s_flush(rs_job_t *job);
- static rs_result rs_delta_s_end(rs_job_t *job);
- void rs_getinput(rs_job_t *job);
--inline int rs_findmatch(rs_job_t *job, rs_long_t *match_pos, size_t *match_len);
--inline rs_result rs_appendmatch(rs_job_t *job, rs_long_t match_pos, size_t match_len);
--inline rs_result rs_appendmiss(rs_job_t *job, size_t miss_len);
--inline rs_result rs_appendflush(rs_job_t *job);
--inline rs_result rs_processmatch(rs_job_t *job);
--inline rs_result rs_processmiss(rs_job_t *job);
-+static inline int rs_findmatch(rs_job_t *job, rs_long_t *match_pos, size_t *match_len);
-+static inline rs_result rs_appendmatch(rs_job_t *job, rs_long_t match_pos, size_t match_len);
-+static inline rs_result rs_appendmiss(rs_job_t *job, size_t miss_len);
-+static inline rs_result rs_appendflush(rs_job_t *job);
-+static inline rs_result rs_processmatch(rs_job_t *job);
-+static inline rs_result rs_processmiss(rs_job_t *job);
- 
- /**
-  * \brief Get a block of data if possible, and see if it matches.

package/librsync/Config.in

@@ -1,5 +1,6 @@
 config BR2_PACKAGE_LIBRSYNC
 	bool "librsync"
+	depends on !BR2_STATIC_LIBS
 	select BR2_PACKAGE_ZLIB
 	select BR2_PACKAGE_BZIP2
 	select BR2_PACKAGE_POPT
@@ -8,4 +9,7 @@ config BR2_PACKAGE_LIBRSYNC
 	  remote file synchronization that was popularized by the
 	  rsync utility and is used in rproxy.
 
-	  http://sourceforge.net/projects/librsync/
+	  https://github.com/librsync/librsync
+
+comment "librsync needs a toolchain w/ dynamic library support"
+	depends on BR2_STATIC_LIBS

package/librsync/librsync.hash

@@ -1,2 +1,2 @@
 # Locally computed:
-sha256  6633e4605662763a03bb6388529cbdfd3b11a9ec55b8845351c1bd9a92bc41d6  librsync-0.9.7.tar.gz
+sha256 b5c4dd114289832039397789e42d4ff0d1108ada89ce74f1999398593fae2169  librsync-v2.0.0.tar.gz

package/librsync/librsync.mk

@@ -4,11 +4,11 @@
 #
 ################################################################################
 
-LIBRSYNC_VERSION = 0.9.7
-LIBRSYNC_SITE = http://downloads.sourceforge.net/project/librsync/librsync/$(LIBRSYNC_VERSION)
+LIBRSYNC_VERSION = v2.0.0
+LIBRSYNC_SITE = $(call github,librsync,librsync,$(LIBRSYNC_VERSION))
 LIBRSYNC_LICENSE = LGPL-2.1+
 LIBRSYNC_LICENSE_FILES = COPYING
 LIBRSYNC_INSTALL_STAGING = YES
 LIBRSYNC_DEPENDENCIES = zlib bzip2 popt
 
-$(eval $(autotools-package))
+$(eval $(cmake-package))

package/libsoup/libsoup.hash

@@ -1,2 +1,4 @@
-# From http://ftp.gnome.org/pub/gnome/sources/libsoup/2.56/libsoup-2.56.0.sha256sum
-sha256	d8216b71de8247bc6f274ec054c08547b2e04369c1f8add713e9350c8ef81fe5	libsoup-2.56.0.tar.xz
+# From http://ftp.gnome.org/pub/gnome/sources/libsoup/2.56/libsoup-2.56.1.sha256sum
+sha256	c32a46d77b4da433b51d8fd09a57a44b198e03bdc93e5219afcc687c7948eac3  libsoup-2.56.1.tar.xz
+# Locally calculated
+sha256  b7993225104d90ddd8024fd838faf300bea5e83d91203eab98e29512acebd69c  COPYING

package/libsoup/libsoup.mk

@@ -5,7 +5,7 @@
 ################################################################################
 
 LIBSOUP_VERSION_MAJOR = 2.56
-LIBSOUP_VERSION = $(LIBSOUP_VERSION_MAJOR).0
+LIBSOUP_VERSION = $(LIBSOUP_VERSION_MAJOR).1
 LIBSOUP_SOURCE = libsoup-$(LIBSOUP_VERSION).tar.xz
 LIBSOUP_SITE = http://ftp.gnome.org/pub/gnome/sources/libsoup/$(LIBSOUP_VERSION_MAJOR)
 LIBSOUP_LICENSE = LGPL-2.0+

package/libxml2/0001-Fix-XPointer-paths-beginning-with-range-to.patch

@@ -1,178 +0,0 @@
-From 9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Tue, 28 Jun 2016 14:22:23 +0200
-Subject: [PATCH] Fix XPointer paths beginning with range-to
-
-The old code would invoke the broken xmlXPtrRangeToFunction. range-to
-isn't really a function but a special kind of location step. Remove
-this function and always handle range-to in the XPath code.
-
-The old xmlXPtrRangeToFunction could also be abused to trigger a
-use-after-free error with the potential for remote code execution.
-
-Found with afl-fuzz.
-
-Fixes CVE-2016-5131.
-
-Signed-off-by: Baruch Siach <baruch@tkos.co.il>
----
-Patch status: upstream commit 9ab01a277d7
-
- result/XPath/xptr/vidbase | 13 ++++++++
- test/XPath/xptr/vidbase   |  1 +
- xpath.c                   |  7 ++++-
- xpointer.c                | 76 ++++-------------------------------------------
- 4 files changed, 26 insertions(+), 71 deletions(-)
-
-diff --git a/result/XPath/xptr/vidbase b/result/XPath/xptr/vidbase
-index 8b9e92d66d97..f19193e70edb 100644
---- a/result/XPath/xptr/vidbase
-+++ b/result/XPath/xptr/vidbase
-@@ -17,3 +17,16 @@ Object is a Location Set:
-   To node
-     ELEMENT p
- 
-+
-+========================
-+Expression: xpointer(range-to(id('chapter2')))
-+Object is a Location Set:
-+1 :   Object is a range :
-+  From node
-+     /
-+  To node
-+    ELEMENT chapter
-+      ATTRIBUTE id
-+        TEXT
-+          content=chapter2
-+
-diff --git a/test/XPath/xptr/vidbase b/test/XPath/xptr/vidbase
-index b1463830570a..884b1065d7fd 100644
---- a/test/XPath/xptr/vidbase
-+++ b/test/XPath/xptr/vidbase
-@@ -1,2 +1,3 @@
- xpointer(id('chapter1')/p)
- xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[2]))
-+xpointer(range-to(id('chapter2')))
-diff --git a/xpath.c b/xpath.c
-index d992841ef0c2..5a01b1b399a2 100644
---- a/xpath.c
-+++ b/xpath.c
-@@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserContextPtr ctxt) {
- 		    lc = 1;
- 		    break;
- 		} else if ((NXT(len) == '(')) {
--		    /* Note Type or Function */
-+		    /* Node Type or Function */
- 		    if (xmlXPathIsNodeType(name)) {
- #ifdef DEBUG_STEP
- 		        xmlGenericError(xmlGenericErrorContext,
- 				"PathExpr: Type search\n");
- #endif
- 			lc = 1;
-+#ifdef LIBXML_XPTR_ENABLED
-+                    } else if (ctxt->xptr &&
-+                               xmlStrEqual(name, BAD_CAST "range-to")) {
-+                        lc = 1;
-+#endif
- 		    } else {
- #ifdef DEBUG_STEP
- 		        xmlGenericError(xmlGenericErrorContext,
-diff --git a/xpointer.c b/xpointer.c
-index 676c5105837a..d74174a318f1 100644
---- a/xpointer.c
-+++ b/xpointer.c
-@@ -1332,8 +1332,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNodePtr here, xmlNodePtr origin) {
-     ret->here = here;
-     ret->origin = origin;
- 
--    xmlXPathRegisterFunc(ret, (xmlChar *)"range-to",
--	                 xmlXPtrRangeToFunction);
-     xmlXPathRegisterFunc(ret, (xmlChar *)"range",
- 	                 xmlXPtrRangeFunction);
-     xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside",
-@@ -2243,76 +2241,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParserContextPtr ctxt, int nargs) {
-  * @nargs:  the number of args
-  *
-  * Implement the range-to() XPointer function
-+ *
-+ * Obsolete. range-to is not a real function but a special type of location
-+ * step which is handled in xpath.c.
-  */
- void
--xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) {
--    xmlXPathObjectPtr range;
--    const xmlChar *cur;
--    xmlXPathObjectPtr res, obj;
--    xmlXPathObjectPtr tmp;
--    xmlLocationSetPtr newset = NULL;
--    xmlNodeSetPtr oldset;
--    int i;
--
--    if (ctxt == NULL) return;
--    CHECK_ARITY(1);
--    /*
--     * Save the expression pointer since we will have to evaluate
--     * it multiple times. Initialize the new set.
--     */
--    CHECK_TYPE(XPATH_NODESET);
--    obj = valuePop(ctxt);
--    oldset = obj->nodesetval;
--    ctxt->context->node = NULL;
--
--    cur = ctxt->cur;
--    newset = xmlXPtrLocationSetCreate(NULL);
--
--    for (i = 0; i < oldset->nodeNr; i++) {
--	ctxt->cur = cur;
--
--	/*
--	 * Run the evaluation with a node list made of a single item
--	 * in the nodeset.
--	 */
--	ctxt->context->node = oldset->nodeTab[i];
--	tmp = xmlXPathNewNodeSet(ctxt->context->node);
--	valuePush(ctxt, tmp);
--
--	xmlXPathEvalExpr(ctxt);
--	CHECK_ERROR;
--
--	/*
--	 * The result of the evaluation need to be tested to
--	 * decided whether the filter succeeded or not
--	 */
--	res = valuePop(ctxt);
--	range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res);
--	if (range != NULL) {
--	    xmlXPtrLocationSetAdd(newset, range);
--	}
--
--	/*
--	 * Cleanup
--	 */
--	if (res != NULL)
--	    xmlXPathFreeObject(res);
--	if (ctxt->value == tmp) {
--	    res = valuePop(ctxt);
--	    xmlXPathFreeObject(res);
--	}
--
--	ctxt->context->node = NULL;
--    }
--
--    /*
--     * The result is used as the new evaluation set.
--     */
--    xmlXPathFreeObject(obj);
--    ctxt->context->node = NULL;
--    ctxt->context->contextSize = -1;
--    ctxt->context->proximityPosition = -1;
--    valuePush(ctxt, xmlXPtrWrapLocationSet(newset));
-+xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt,
-+                       int nargs ATTRIBUTE_UNUSED) {
-+    XP_ERROR(XPATH_EXPR_ERROR);
- }
- 
- /**
--- 
-2.10.2
-

package/libxml2/0002-Disallow-namespace-nodes-in-XPointer-ranges.patch

@@ -1,253 +0,0 @@
-From c1d1f7121194036608bf555f08d3062a36fd344b Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Tue, 28 Jun 2016 18:34:52 +0200
-Subject: [PATCH] Disallow namespace nodes in XPointer ranges
-
-Namespace nodes must be copied to avoid use-after-free errors.
-But they don't necessarily have a physical representation in a
-document, so simply disallow them in XPointer ranges.
-
-Found with afl-fuzz.
-
-Fixes CVE-2016-4658.
-
-Signed-off-by: Baruch Siach <baruch@tkos.co.il>
----
-Patch status: upstream commit c1d1f712119403
-
- xpointer.c | 149 +++++++++++++++++++++++--------------------------------------
- 1 file changed, 56 insertions(+), 93 deletions(-)
-
-diff --git a/xpointer.c b/xpointer.c
-index a7b03fbdae16..694d120e2e0b 100644
---- a/xpointer.c
-+++ b/xpointer.c
-@@ -320,6 +320,45 @@ xmlXPtrRangesEqual(xmlXPathObjectPtr range1, xmlXPathObjectPtr range2) {
- }
- 
- /**
-+ * xmlXPtrNewRangeInternal:
-+ * @start:  the starting node
-+ * @startindex:  the start index
-+ * @end:  the ending point
-+ * @endindex:  the ending index
-+ *
-+ * Internal function to create a new xmlXPathObjectPtr of type range
-+ *
-+ * Returns the newly created object.
-+ */
-+static xmlXPathObjectPtr
-+xmlXPtrNewRangeInternal(xmlNodePtr start, int startindex,
-+                        xmlNodePtr end, int endindex) {
-+    xmlXPathObjectPtr ret;
-+
-+    /*
-+     * Namespace nodes must be copied (see xmlXPathNodeSetDupNs).
-+     * Disallow them for now.
-+     */
-+    if ((start != NULL) && (start->type == XML_NAMESPACE_DECL))
-+	return(NULL);
-+    if ((end != NULL) && (end->type == XML_NAMESPACE_DECL))
-+	return(NULL);
-+
-+    ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-+    if (ret == NULL) {
-+        xmlXPtrErrMemory("allocating range");
-+	return(NULL);
-+    }
-+    memset(ret, 0, sizeof(xmlXPathObject));
-+    ret->type = XPATH_RANGE;
-+    ret->user = start;
-+    ret->index = startindex;
-+    ret->user2 = end;
-+    ret->index2 = endindex;
-+    return(ret);
-+}
-+
-+/**
-  * xmlXPtrNewRange:
-  * @start:  the starting node
-  * @startindex:  the start index
-@@ -344,17 +383,7 @@ xmlXPtrNewRange(xmlNodePtr start, int startindex,
-     if (endindex < 0)
- 	return(NULL);
- 
--    ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
--    if (ret == NULL) {
--        xmlXPtrErrMemory("allocating range");
--	return(NULL);
--    }
--    memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
--    ret->type = XPATH_RANGE;
--    ret->user = start;
--    ret->index = startindex;
--    ret->user2 = end;
--    ret->index2 = endindex;
-+    ret = xmlXPtrNewRangeInternal(start, startindex, end, endindex);
-     xmlXPtrRangeCheckOrder(ret);
-     return(ret);
- }
-@@ -381,17 +410,8 @@ xmlXPtrNewRangePoints(xmlXPathObjectPtr start, xmlXPathObjectPtr end) {
-     if (end->type != XPATH_POINT)
- 	return(NULL);
- 
--    ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
--    if (ret == NULL) {
--        xmlXPtrErrMemory("allocating range");
--	return(NULL);
--    }
--    memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
--    ret->type = XPATH_RANGE;
--    ret->user = start->user;
--    ret->index = start->index;
--    ret->user2 = end->user;
--    ret->index2 = end->index;
-+    ret = xmlXPtrNewRangeInternal(start->user, start->index, end->user,
-+                                  end->index);
-     xmlXPtrRangeCheckOrder(ret);
-     return(ret);
- }
-@@ -416,17 +436,7 @@ xmlXPtrNewRangePointNode(xmlXPathObjectPtr start, xmlNodePtr end) {
-     if (start->type != XPATH_POINT)
- 	return(NULL);
- 
--    ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
--    if (ret == NULL) {
--        xmlXPtrErrMemory("allocating range");
--	return(NULL);
--    }
--    memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
--    ret->type = XPATH_RANGE;
--    ret->user = start->user;
--    ret->index = start->index;
--    ret->user2 = end;
--    ret->index2 = -1;
-+    ret = xmlXPtrNewRangeInternal(start->user, start->index, end, -1);
-     xmlXPtrRangeCheckOrder(ret);
-     return(ret);
- }
-@@ -453,17 +463,7 @@ xmlXPtrNewRangeNodePoint(xmlNodePtr start, xmlXPathObjectPtr end) {
-     if (end->type != XPATH_POINT)
- 	return(NULL);
- 
--    ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
--    if (ret == NULL) {
--        xmlXPtrErrMemory("allocating range");
--	return(NULL);
--    }
--    memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
--    ret->type = XPATH_RANGE;
--    ret->user = start;
--    ret->index = -1;
--    ret->user2 = end->user;
--    ret->index2 = end->index;
-+    ret = xmlXPtrNewRangeInternal(start, -1, end->user, end->index);
-     xmlXPtrRangeCheckOrder(ret);
-     return(ret);
- }
-@@ -486,17 +486,7 @@ xmlXPtrNewRangeNodes(xmlNodePtr start, xmlNodePtr end) {
-     if (end == NULL)
- 	return(NULL);
- 
--    ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
--    if (ret == NULL) {
--        xmlXPtrErrMemory("allocating range");
--	return(NULL);
--    }
--    memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
--    ret->type = XPATH_RANGE;
--    ret->user = start;
--    ret->index = -1;
--    ret->user2 = end;
--    ret->index2 = -1;
-+    ret = xmlXPtrNewRangeInternal(start, -1, end, -1);
-     xmlXPtrRangeCheckOrder(ret);
-     return(ret);
- }
-@@ -516,17 +506,7 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
-     if (start == NULL)
- 	return(NULL);
- 
--    ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
--    if (ret == NULL) {
--        xmlXPtrErrMemory("allocating range");
--	return(NULL);
--    }
--    memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
--    ret->type = XPATH_RANGE;
--    ret->user = start;
--    ret->index = -1;
--    ret->user2 = NULL;
--    ret->index2 = -1;
-+    ret = xmlXPtrNewRangeInternal(start, -1, NULL, -1);
-     return(ret);
- }
- 
-@@ -541,6 +521,8 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
-  */
- xmlXPathObjectPtr
- xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
-+    xmlNodePtr endNode;
-+    int endIndex;
-     xmlXPathObjectPtr ret;
- 
-     if (start == NULL)
-@@ -549,7 +531,12 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
- 	return(NULL);
-     switch (end->type) {
- 	case XPATH_POINT:
-+	    endNode = end->user;
-+	    endIndex = end->index;
-+	    break;
- 	case XPATH_RANGE:
-+	    endNode = end->user2;
-+	    endIndex = end->index2;
- 	    break;
- 	case XPATH_NODESET:
- 	    /*
-@@ -557,39 +544,15 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
- 	     */
- 	    if (end->nodesetval->nodeNr <= 0)
- 		return(NULL);
-+	    endNode = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
-+	    endIndex = -1;
- 	    break;
- 	default:
- 	    /* TODO */
- 	    return(NULL);
-     }
- 
--    ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
--    if (ret == NULL) {
--        xmlXPtrErrMemory("allocating range");
--	return(NULL);
--    }
--    memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
--    ret->type = XPATH_RANGE;
--    ret->user = start;
--    ret->index = -1;
--    switch (end->type) {
--	case XPATH_POINT:
--	    ret->user2 = end->user;
--	    ret->index2 = end->index;
--	    break;
--	case XPATH_RANGE:
--	    ret->user2 = end->user2;
--	    ret->index2 = end->index2;
--	    break;
--	case XPATH_NODESET: {
--	    ret->user2 = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
--	    ret->index2 = -1;
--	    break;
--	}
--	default:
--	    STRANGE
--	    return(NULL);
--    }
-+    ret = xmlXPtrNewRangeInternal(start, -1, endNode, endIndex);
-     xmlXPtrRangeCheckOrder(ret);
-     return(ret);
- }
--- 
-2.10.2
-

package/libxml2/libxml2.hash

@@ -1,2 +1,2 @@
 # Locally calculated after checking pgp signature
-sha256	ffb911191e509b966deb55de705387f14156e1a56b21824357cdf0053233633c	libxml2-2.9.4.tar.gz
+sha256	4031c1ecee9ce7ba4f313e91ef6284164885cdb69937a123f6a83bb6a72dcd38	libxml2-2.9.5.tar.gz

package/libxml2/libxml2.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBXML2_VERSION = 2.9.4
+LIBXML2_VERSION = 2.9.5
 LIBXML2_SITE = ftp://xmlsoft.org/libxml2
 LIBXML2_INSTALL_STAGING = YES
 LIBXML2_LICENSE = MIT

package/libzip/libzip.hash

@@ -1,2 +1,3 @@
 # Locally calculated
-sha256	ffc0764395fba3d45dc5a6e32282788854618b9e9838337f8218b596007f1376	libzip-1.2.0.tar.xz
+sha256	aa936efe34911be7acac2ab07fb5c8efa53ed9bb4d44ad1fe8bff19630e0d373  libzip-1.3.0.tar.xz
+sha256  d159ae325ca0b8236c44dfd980ca99810dbcfc057b077c50dbbda1131cbd263a  LICENSE

package/libzip/libzip.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBZIP_VERSION = 1.2.0
+LIBZIP_VERSION = 1.3.0
 LIBZIP_SITE = http://www.nih.at/libzip
 LIBZIP_SOURCE = libzip-$(LIBZIP_VERSION).tar.xz
 LIBZIP_LICENSE = BSD-3-Clause
@@ -12,4 +12,11 @@ LIBZIP_LICENSE_FILES = LICENSE
 LIBZIP_INSTALL_STAGING = YES
 LIBZIP_DEPENDENCIES = zlib
 
+ifeq ($(BR2_PACKAGE_BZIP2),y)
+LIBZIP_CONF_OPTS += --with-bzip2
+LIBZIP_DEPENDENCIES += bzip2
+else
+LIBZIP_CONF_OPTS += --without-bzip2
+endif
+
 $(eval $(autotools-package))

package/linux-headers/Config.in.host

@@ -231,14 +231,14 @@ endchoice
 
 config BR2_DEFAULT_KERNEL_HEADERS
 	string
-	default "3.2.92"	if BR2_KERNEL_HEADERS_3_2
+	default "3.2.94"	if BR2_KERNEL_HEADERS_3_2
 	default "3.4.113"	if BR2_KERNEL_HEADERS_3_4
 	default "3.10.107"	if BR2_KERNEL_HEADERS_3_10
 	default "3.12.74"	if BR2_KERNEL_HEADERS_3_12
-	default "4.1.43"	if BR2_KERNEL_HEADERS_4_1
-	default "4.4.85"	if BR2_KERNEL_HEADERS_4_4
-	default "4.9.46"	if BR2_KERNEL_HEADERS_4_9
+	default "4.1.45"	if BR2_KERNEL_HEADERS_4_1
+	default "4.4.94"	if BR2_KERNEL_HEADERS_4_4
+	default "4.9.58"	if BR2_KERNEL_HEADERS_4_9
 	default "4.10.17"	if BR2_KERNEL_HEADERS_4_10
 	default "4.11.12"	if BR2_KERNEL_HEADERS_4_11
-	default "4.12.10"	if BR2_KERNEL_HEADERS_4_12
+	default "4.12.14"	if BR2_KERNEL_HEADERS_4_12
 	default BR2_DEFAULT_KERNEL_VERSION if BR2_KERNEL_HEADERS_VERSION

package/mbedtls/mbedtls.hash

@@ -1,2 +1,5 @@
-# From https://tls.mbed.org/tech-updates/releases/mbedtls-2.4.2-2.1.7-and-1.3.19-released
-sha256	17dd98af7478aadacc480c7e4159e447353b5b2037c1b6d48ed4fd157fb1b018	mbedtls-2.4.2-apache.tgz
+# From https://tls.mbed.org/tech-updates/releases/mbedtls-2.6.0-2.1.9-and-1.3.21-released
+sha1	e914288da50977f541773f9d36e26f14926594a5	mbedtls-2.6.0-apache.tgz
+sha256	99bc9d4212d3d885eeb96273bcde8ecc649a481404b8d7ea7bb26397c9909687	mbedtls-2.6.0-apache.tgz
+# Locally calculated
+sha256	cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30	apache-2.0.txt

package/mbedtls/mbedtls.mk

@@ -5,7 +5,7 @@
 ################################################################################
 
 MBEDTLS_SITE = https://tls.mbed.org/code/releases
-MBEDTLS_VERSION = 2.4.2
+MBEDTLS_VERSION = 2.6.0
 MBEDTLS_SOURCE = mbedtls-$(MBEDTLS_VERSION)-apache.tgz
 MBEDTLS_CONF_OPTS = \
 	-DENABLE_PROGRAMS=$(if $(BR2_PACKAGE_MBEDTLS_PROGRAMS),ON,OFF) \

package/midori/Config.in

@@ -1,7 +1,7 @@
-comment "midori needs libgtk3 and a glibc toolchain w/ C++, gcc >= 4.9, host gcc >= 4.8"
+comment "midori needs libgtk3 and a glibc toolchain w/ C++, gcc >= 5, host gcc >= 4.8"
 	depends on BR2_PACKAGE_WEBKITGTK_ARCH_SUPPORTS
 	depends on !BR2_INSTALL_LIBSTDCPP || !BR2_PACKAGE_LIBGTK3 || \
-		!BR2_HOST_GCC_AT_LEAST_4_8 || !BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 || \
+		!BR2_HOST_GCC_AT_LEAST_4_8 || !BR2_TOOLCHAIN_GCC_AT_LEAST_5 || \
 		!BR2_TOOLCHAIN_USES_GLIBC
 
 config BR2_PACKAGE_MIDORI
@@ -10,7 +10,7 @@ config BR2_PACKAGE_MIDORI
 	depends on BR2_PACKAGE_LIBGTK3
 	depends on BR2_INSTALL_LIBSTDCPP # webkitgtk
 	depends on BR2_HOST_GCC_AT_LEAST_4_8 # webkitgtk -> icu
-	depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 # webkitgtk
+	depends on BR2_TOOLCHAIN_GCC_AT_LEAST_5 # webkitgtk
 	depends on BR2_TOOLCHAIN_USES_GLIBC # webkitgtk
 	depends on BR2_PACKAGE_WEBKITGTK_ARCH_SUPPORTS
 	# GCR can only be used with the X11 backend

package/musl/0002-arm-atomics-asm-with-new-binutils.patch

@@ -0,0 +1,43 @@
+From b261a24256792177a5f0531dbb25cc6267220ca5 Mon Sep 17 00:00:00 2001
+From: Rich Felker <dalias@aerifal.cx>
+Date: Wed, 15 Feb 2017 17:05:50 -0500
+Subject: fix build regression in arm atomics asm with new binutils
+
+binutils commit bada43421274615d0d5f629a61a60b7daa71bc15 tightened
+immediate fixup handling in gas in such a way that the final .arch of
+an object file must be compatible with the fixups used when the
+instruction was assembled; this in turn broke assembling of atomics.s,
+at least in thumb mode.
+
+it's not clear whether this should be considered a bug in gas, but
+.object_arch is preferable anyway for our purpose here of controlling
+the ISA level tag on the object file being produced, and it's the
+intended directive for use in object files with runtime code
+selection. research by Szabolcs Nagy confirmed that .object_arch is
+supported in all relevant versions of binutils and clang's integrated
+assembler.
+
+patch by Reiner Herrmann.
+
+Signed-off-by: Timothy Lee <timothy.ty.lee@gmail.com>
+[Backport from upstream https://git.musl-libc.org/cgit/musl/commit/?id=b261a24256792177a5f0531dbb25cc6267220ca5.]
+---
+ src/thread/arm/atomics.s | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/thread/arm/atomics.s b/src/thread/arm/atomics.s
+index 202faa4..101ad39 100644
+--- a/src/thread/arm/atomics.s
++++ b/src/thread/arm/atomics.s
+@@ -84,7 +84,7 @@ __a_gettp_cp15:
+ 	bx lr
+ 
+ /* Tag this file with minimum ISA level so as not to affect linking. */
+-.arch armv4t
++.object_arch armv4t
+ .eabi_attribute 6,2
+ 
+ .data
+-- 
+cgit v0.11.2
+

package/musl/0003-in-dns-parsing-callback-enforce-MAXADDRS-to-preclude.patch

@@ -0,0 +1,35 @@
+From 45ca5d3fcb6f874bf5ba55d0e9651cef68515395 Mon Sep 17 00:00:00 2001
+From: Rich Felker <dalias@aerifal.cx>
+Date: Wed, 18 Oct 2017 14:50:03 -0400
+Subject: [PATCH] in dns parsing callback, enforce MAXADDRS to preclude
+ overflow
+
+MAXADDRS was chosen not to need enforcement, but the logic used to
+compute it assumes the answers received match the RR types of the
+queries. specifically, it assumes that only one replu contains A
+record answers. if the replies to both the A and the AAAA query have
+their answer sections filled with A records, MAXADDRS can be exceeded
+and clobber the stack of the calling function.
+
+this bug was found and reported by Felix Wilhelm.
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ src/network/lookup_name.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/network/lookup_name.c b/src/network/lookup_name.c
+index 066be4d5..209c20f0 100644
+--- a/src/network/lookup_name.c
++++ b/src/network/lookup_name.c
+@@ -111,6 +111,7 @@ static int dns_parse_callback(void *c, int rr, const void *data, int len, const
+ {
+ 	char tmp[256];
+ 	struct dpc_ctx *ctx = c;
++	if (ctx->cnt >= MAXADDRS) return -1;
+ 	switch (rr) {
+ 	case RR_A:
+ 		if (len != 4) return -1;
+-- 
+2.11.0
+

package/netplug/S29netplug

@@ -11,6 +11,9 @@
 
 # Copyright 2003 Key Research, Inc.
 
+# Create needed directories
+mkdir -p /var/lock/subsys
+
 # Source function library.
 if [ -f /etc/init.d/functions ]; then
 	. /etc/init.d/functions

package/nginx/S50nginx

@@ -3,23 +3,29 @@
 # Start/stop nginx
 #
 
+NGINX=/usr/sbin/nginx
 PIDFILE=/var/run/nginx.pid
 
 case "$1" in
   start)
 	echo "Starting nginx..."
 	mkdir -p /var/log/nginx /var/tmp/nginx
-	start-stop-daemon -S -x /usr/sbin/nginx -p $PIDFILE
+	start-stop-daemon -S -x "$NGINX" -p "$PIDFILE"
 	;;
   stop)
-	printf "Stopping nginx..."
-	start-stop-daemon -K -o -p $PIDFILE
+	echo "Stopping nginx..."
+	start-stop-daemon -K -x "$NGINX" -p "$PIDFILE" -o
 	;;
-  restart|reload)
+  reload|force-reload)
+	echo "Reloading nginx configuration..."
+	"$NGINX" -s reload
+	;;
+  restart)
 	"$0" stop
+	sleep 1 # Prevent race condition: ensure nginx stops before start.
 	"$0" start
 	;;
   *)
-	echo "Usage: $0 {start|stop|restart}"
+	echo "Usage: $0 {start|stop|restart|reload|force-reload}"
 	exit 1
 esac

package/openvpn/openvpn.hash

@@ -1,2 +1,2 @@
 # Locally calculated after checking signature
-sha256 15e15fc97f189b52aee7c90ec8355aa77469c773125110b4c2f089abecde36fb  openvpn-2.4.3.tar.xz
+sha256 96cd1b8fe1e8cb2920f07c3fd3985faea756e16fdeebd11d3e146d5bd2b04a80  openvpn-2.4.4.tar.xz

package/openvpn/openvpn.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-OPENVPN_VERSION = 2.4.3
+OPENVPN_VERSION = 2.4.4
 OPENVPN_SOURCE = openvpn-$(OPENVPN_VERSION).tar.xz
 OPENVPN_SITE = http://swupdate.openvpn.net/community/releases
 OPENVPN_DEPENDENCIES = host-pkgconf openssl

package/pkgconf/Config.in

@@ -6,4 +6,4 @@ config BR2_PACKAGE_PKGCONF
 	  but was written from scratch in the summer of 2011 to replace
 	  pkg-config, which now needs itself to build itself
 
-	  https://github.com/nenolod/pkgconf
+	  https://github.com/pkgconf/pkgconf

package/poppler/poppler.mk

@@ -66,7 +66,7 @@ else
 POPPLER_CONF_OPTS += --disable-zlib
 endif
 
-ifeq ($(BR2_PACKAGE_POPPLER_LIBCURL),y)
+ifeq ($(BR2_PACKAGE_LIBCURL),y)
 POPPLER_CONF_OPTS += --enable-libcurl
 POPPLER_DEPENDENCIES += libcurl
 else

package/proxychains-ng/proxychains-ng.hash

@@ -1,2 +1,5 @@
+# From https://sourceforge.net/projects/proxychains-ng/files/
+md5 34d840eb184e96bff418201c28a935c5  proxychains-ng-4.11.tar.bz2
+sha1 00bc3dc18f2b638c79112c99f082a7a2878beaad  proxychains-ng-4.11.tar.bz2
 # Locally computed:
-sha256  859a717e18ed88c9291078a6ed8748dfe95c61220993203890fef8a04d28dda5  proxychains-4.6.tar.bz2
+sha256  dcc4149808cd1fb5d9663cc09791f478805816b1f017381f424414c47f6376b6  proxychains-ng-4.11.tar.bz2