Update for 2019.11.3

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

CHANGES

@@ -1,3 +1,116 @@
+2019.11.3, released April 10th, 2020
+
+	Important / security related fixes.
+
+	core: Fix compatibility with make 4.3+. Also fixup /lib
+	references in libtool .la files, similar to how it is done for
+	/usr/*.
+
+	toolchain: Fix kernel headers validation check for external
+	toolchains.
+
+	fs/initramfs: fix show-info so it also shows the usual
+	rootfs-related variables.
+
+	Updated/fixed packages: barebox-aux, bluez5_utils, busybox,
+	civetweb, cog, collectd, ffmpeg, gcc, gnutls, gssdp, gvfs, haproxy,
+	hiredis, hostapd, kmscube, libical, libopenssl, libsndfile,
+	linux-tools, llvm, monit, ntp, php, pure-ftpd, radvd, redis,
+	samba4, screen, sysdig, syslinux, syslog-ng, tor, uacme,
+	util-linux, vala, vlc, wpa_supplicant, xserver_xorg-server
+
+	Issues resolved (http://bugs.uclibc.org):
+
+	#12746: "sysdig" package description points to http://sysdig.org, ..
+
+2019.11.2, released March 16th, 2020
+
+	Important / security related fixes.
+
+	Core: Ensure package-file-lists data is correct after
+	incremental builds as well.
+
+	Fix a race condition related to creating the output/staging
+	symlink on systems with coreutils < 8.27.
+
+	Toolchain: ARC tools bumped to arc-2019.09.
+
+	Br2-external: Fix patch handling when external linux-extension
+	packages are used. Fix compatibility with make 4.3+
+
+	Util-linux: Ensure that hwclock is built without GPLv3
+	code. Notice that builds with hwclock has contained
+	GPLv3-licensed code since util-linux 2.30 (Buildroot 2017.08+)
+
+	Updated/fixed packages: armadillo, at, bcm2835, binutils,
+	blktrace, bluez-alsa, bootstrap, brltty, busybox, cairo,
+	clamav, cog, cups, czmq, dnsmasq, docker-containerd, dovecot,
+	dovecot-pigeonhole, e2fsprogs, elf2flt, eudev, exim, exiv2,
+	fbgrab, gettext-tiny, glibc, go, grep, gst1-validate, guile,
+	imagemagick, jhead, jpeg-turbo, kvm-unit-tests, lapack,
+	libarchive, libcgroup, libdrm, libevent, libexif, libftdi1,
+	libgdiplus, libjpeg, libsigrok, libsndfile, libssh2,
+	libsvgtiny, libvncserver, libvorbis, libxml2, libxslt, linknx,
+	lxc, lz4, mariadb, mbedtls, meson, mongoose, mosquitto, musl,
+	ncurses, nodejs, ntfs-3g, ogre, opencv3, openjdk, openjpeg,
+	openrc, openswan, openvmtools, optee-test, patch, php, piglet,
+	postgresql, pppd, proftpd, pure-ftpd, python-django,
+	python-pyqt5, python-setuptools-scm-git-archive, python3,
+	qemu, qt5base, qt5tools, qt5virtualkeyboard, qt5webengine,
+	qwt, rdesktop, ruby, runc, samba4, shellinabox,
+	skeleton-init-openrc, smartmontools, spdlog, sqlcipher, squid,
+	suricata, swig, swupdate, sysklogd, taglib, thrift,
+	ti-cgt-pru, uclibc, util-linux, vorbis-tools, webkitgtk,
+	wireshark, wpebackend-fdo, wpewebkit, xen,
+	xserver_xorg-server, zeromq, zsh, zziplib
+
+	Issues resolved (http://bugs.uclibc.org):
+
+	#11996: opencv3 SIGILL on Cortex-A5 with VFPv4-D16
+	#12331: meson issue
+	#12456: qtvirtualkeyboard: No such file or directory
+	#12461: libglib2 build files with deep directory structure
+	#12481: minicom fails when output directory path contains "m4"
+	#12606: fbgrab location has changed
+
+2019.11.1, released January 12th, 2020
+
+	Important / security related fixes.
+
+	Infrastructure: kconfig: Fix reconfigure logic, python: Ensure
+	correct compiler and linker flags are used for compiled code
+
+	utils/scanpypi: Remind users to update DEVELOPERS
+
+	Defconfigs: imx6-sabresd: Fix the Qt5 display names,
+	imx8: Drop extra copy of U-Boot DTB
+
+	Updated/fixed packages: acsccid, bitcoin, boost, busybox,
+	cc-tool, cmocka, cpio, cups, dante, dialog, dillo, docker-cli,
+	docker-containerd, docker-engine, easy-rsa, ebtables,
+	ecryptfs-utils, efl, ffmpeg, gdb, git, glibc, gnupg2, go,
+	gpsd, grpc, gst1-plugins-bad, iputils, jasper,
+	kf5-kcoreaddons, leveldb, libarchive, libfribi, libgit2,
+	libkrb5, libp11, librsvg, libssh, libtomcrypt, libuio, libv4l,
+	lirc-tools, log4cplus, lrzip, lvm2, mali-t76x,
+	matchbox-desktop, mender-grubenv, mmc-utils, mosquitto,
+	nodejs, ntp, openipmi, opencv3, openpowerlink, openrc, pango,
+	perl-sys-cpu, pimd, postgresql, pulseaudio, python-brotli,
+	python-coherence, python-crc16, python-django, python-dpkt,
+	python-gobject, python-pyasn-modules, python-pypcap,
+	python-pyqt5, python-subprocess32, python3, qpdf,
+	qt-webkit-kiosk, qt5virtualkeyboard, qt5webengine, quota,
+	rabbitmq-c, rauc, rpcbind, rtl8821au, runc, rygel, samba4,
+	sdl2, setserial, snort, spidev_test,
+	sunxi-mali-mainline-driver, syslog-ng, sysrepo, tcllib, tftpd,
+	usbmount, w_scan, wavpack, wsapi, wsapi-fcgi, wsapi-xavante,
+	x265, xserver_xorg-server, ytree, zip
+
+	Issues resolved (http://bugs.uclibc.org):
+
+	#12121: PyQt5.QtSerialPort and other modules not being built
+	#12286: Can't import gobject in python 3.8
+
 2019.11, released December 1st, 2019
 
 	Various fixes.

DEVELOPERS

@@ -610,9 +610,6 @@ F:	package/log4cpp/
 N:	Daniel Nicoletti <dantti12@gmail.com>
 F:	package/cutelyst/
 
-N:	Daniel Nyström <daniel.nystrom@timeterminal.se>
-F:	package/e2tools/
-
 N:	Daniel Price <daniel.price@gmail.com>
 F:	package/nodejs/
 F:	package/redis/
@@ -972,7 +969,9 @@ F:	package/fdk-aac/
 F:	package/httping/
 F:	package/iozone/
 F:	package/leptonica/
+F:	package/libeXosip2/
 F:	package/libolm/
+F:	package/libosip2/
 F:	package/ocrad/
 F:	package/restclient-cpp/
 F:	package/tesseract-ocr/
@@ -984,6 +983,7 @@ F:	package/at/
 F:	package/libnspr/
 F:	package/libnss/
 F:	package/minicom/
+F:	package/nfs-utils/
 F:	package/sunxi-mali-mainline/
 F:	package/sunxi-mali-mainline-driver/
 
@@ -1155,6 +1155,9 @@ F:	configs/orangepi_lite_defconfig
 N:	Jan Kundrát <jan.kundrat@cesnet.cz>
 F:	configs/solidrun_clearfog_defconfig
 F:	board/solidrun/clearfog/
+F:	package/libnetconf2/
+F:	package/libyang/
+F:	package/sysrepo/
 
 N:	Jan Pedersen <jp@jp-embedded.com>
 F:	package/zip/
@@ -1675,6 +1678,10 @@ F:	board/arcturus/
 F:	configs/arcturus_ucp1020_defconfig
 F:	configs/arcturus_ucls1012a_defconfig
 
+N:	Michael Fischer <mf@go-sys.de>
+F:	package/gnuplot/
+F:	package/sdl2/
+
 N:	Michael Rommel <rommel@layer-7.net>
 F:	package/knock/
 F:	package/python-crc16/
@@ -1943,6 +1950,7 @@ F:	package/libubootenv/
 F:	package/libxml2/
 F:	package/mongoose/
 F:	package/mxml/
+F:	package/numactl/
 F:	package/python-periphery/
 F:	package/sbc/
 F:	package/stunnel/
@@ -2006,10 +2014,6 @@ N:	Richard Braun <rbraun@sceen.net>
 F:	package/curlftpfs/
 F:	package/tzdata/
 
-N:	Rico Bachmann <bachmann@tofwerk.com>
-F:	package/apr-util/
-F:	package/subversion/
-
 N:	RJ Ascani <rj.ascani@gmail.com>
 F:	package/azmq/
 
@@ -2061,9 +2065,8 @@ F:	package/upower/
 F:	package/waffle/
 F:	package/xenomai/
 F:	package/zziplib/
-F:	toolchain/toolchain-external/toolchain-external-arm-aarch64/
-F:	toolchain/toolchain-external/toolchain-external-arm-aarch64-be/
-F:	toolchain/toolchain-external/toolchain-external-arm-arm/
+F:	support/testing/tests/package/test_glxinfo.py
+F:	toolchain/
 
 N:	Roman Gorbenkov <roman.gorbenkov@ens2m.org>
 F:	package/davfs2/
@@ -2086,10 +2089,6 @@ F:	package/mariadb/
 N:	Ryan Wilkins <ryan@deadfrog.net>
 F:	package/biosdevname/
 
-N:	Sam Bobroff <sam.bobroff@au1.ibm.com>
-F:	arch/Config.in.powerpc
-F:	package/librtas/
-
 N:	Sam Lancia <sam@gpsm.co.uk>
 F:	package/lrzip/
 
@@ -2250,13 +2249,6 @@ N:	Sven Haardiek <sven.haardiek@iotec-gmbh.de>
 F:	package/lcdproc/
 F:	package/python-influxdb/
 
-N:	Sven Neumann <neumann@teufel.de>
-F:	package/glib-networking/
-F:	package/gstreamer1/gst1-libav/
-F:	package/libmms/
-F:	package/orc/
-F:	package/wampcc/
-
 N:	Sven Oliver Moll <svolli@svolli.de>
 F:	package/most/
 
@@ -2501,6 +2493,7 @@ F:	package/imlib2/
 F:	package/jquery-datetimepicker/
 F:	package/jquery-sidebar/
 F:	package/kmod/
+F:	package/libftdi1/
 F:	package/libical/
 F:	package/libmbim/
 F:	package/libndp/
@@ -2520,6 +2513,7 @@ F:	package/poco/
 F:	package/python*
 F:	package/ser2net/
 F:	package/socketcand/
+F:	package/swig/
 F:	package/qt5/qt5serialbus/
 F:	package/sdparm/
 F:	package/ti-utils/

Makefile

@@ -2,7 +2,7 @@
 #
 # Copyright (C) 1999-2005 by Erik Andersen <andersen@codepoet.org>
 # Copyright (C) 2006-2014 by the Buildroot developers <buildroot@uclibc.org>
-# Copyright (C) 2014-2019 by the Buildroot developers <buildroot@buildroot.org>
+# Copyright (C) 2014-2020 by the Buildroot developers <buildroot@buildroot.org>
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -92,9 +92,9 @@ all:
 .PHONY: all
 
 # Set and export the version string
-export BR2_VERSION := 2019.11
+export BR2_VERSION := 2019.11.3
 # Actual time the release is cut (for reproducible builds)
-BR2_VERSION_EPOCH = 1575236000
+BR2_VERSION_EPOCH = 1586500000
 
 # Save running make version since it's clobbered by the make package
 RUNNING_MAKE_VERSION := $(MAKE_VERSION)
@@ -188,6 +188,9 @@ ifneq ($(BR2_EXTERNAL_ERROR),)
 $(error $(BR2_EXTERNAL_ERROR))
 endif
 
+# Workaround bug in make-4.3: https://savannah.gnu.org/bugs/?57676
+$(BASE_DIR)/.br2-external.mk:;
+
 # To make sure that the environment variable overrides the .config option,
 # set this before including .config.
 ifneq ($(BR2_DL_DIR),)
@@ -465,6 +468,10 @@ $(HOST_DIR_SYMLINK): $(BASE_DIR)
 	ln -snf $(HOST_DIR) $(BASE_DIR)/host
 endif
 
+STAGING_DIR_SYMLINK = $(BASE_DIR)/staging
+$(STAGING_DIR_SYMLINK): $(BASE_DIR)
+	ln -snf $(STAGING_DIR) $(STAGING_DIR_SYMLINK)
+
 # Quotes are needed for spaces and all in the original PATH content.
 BR_PATH = "$(HOST_DIR)/bin:$(HOST_DIR)/sbin:$(PATH)"
 
@@ -730,8 +737,7 @@ target-finalize: ROOTFS=
 host-finalize: $(HOST_DIR_SYMLINK)
 
 .PHONY: staging-finalize
-staging-finalize:
-	@ln -snf $(STAGING_DIR) $(BASE_DIR)/staging
+staging-finalize: $(STAGING_DIR_SYMLINK)
 
 .PHONY: target-finalize
 target-finalize: $(PACKAGES) host-finalize
@@ -804,6 +810,16 @@ endif # merged /usr
 
 	touch $(TARGET_DIR)/usr
 
+# AFTER ALL FILE-CHANGING ACTIONS:
+# Update timestamps in internal file list to fix attribution of files
+# to packages on subsequent builds
+	$(call step_pkg_size_file_list,$(TARGET_DIR))
+	$(call step_pkg_size_finalize)
+	$(call step_pkg_size_file_list,$(STAGING_DIR),-staging)
+	$(call step_pkg_size_finalize,-staging)
+	$(call step_pkg_size_file_list,$(HOST_DIR),-host)
+	$(call step_pkg_size_finalize,-host)
+
 .PHONY: target-post-image
 target-post-image: $(TARGETS_ROOTFS) target-finalize staging-finalize
 	@rm -f $(ROOTFS_COMMON_TAR)

board/ci20/genimage.cfg

@@ -24,6 +24,5 @@ image sdcard.img {
         partition-type = 0x83
         image = "rootfs.ext4"
         offset = 2M
-        size = 60M
     }
 }

board/freescale/common/imx/imx8-bootloader-prepare.sh

@@ -10,14 +10,14 @@ main ()
 
 	if grep -Eq "^BR2_PACKAGE_FREESCALE_IMX_PLATFORM_IMX8M=y$" ${BR2_CONFIG}; then
 		cat ${BINARIES_DIR}/u-boot-spl.bin ${BINARIES_DIR}/lpddr4_pmu_train_fw.bin > ${BINARIES_DIR}/u-boot-spl-ddr.bin
-		BL31=${BINARIES_DIR}/bl31.bin BL33=${BINARIES_DIR}/u-boot.bin ATF_LOAD_ADDR=0x00910000 ${HOST_DIR}/bin/mkimage_fit_atf.sh ${UBOOT_DTB} > ${BINARIES_DIR}/u-boot.its
+		BL31=${BINARIES_DIR}/bl31.bin BL33=${BINARIES_DIR}/u-boot-nodtb.bin ATF_LOAD_ADDR=0x00910000 ${HOST_DIR}/bin/mkimage_fit_atf.sh ${UBOOT_DTB} > ${BINARIES_DIR}/u-boot.its
 		${HOST_DIR}/bin/mkimage -E -p 0x3000 -f ${BINARIES_DIR}/u-boot.its ${BINARIES_DIR}/u-boot.itb
 		rm -f ${BINARIES_DIR}/u-boot.its
 
 		${HOST_DIR}/bin/mkimage_imx8 -fit -signed_hdmi ${BINARIES_DIR}/signed_hdmi_imx8m.bin -loader ${BINARIES_DIR}/u-boot-spl-ddr.bin 0x7E1000 -second_loader ${BINARIES_DIR}/u-boot.itb 0x40200000 0x60000 -out ${BINARIES_DIR}/imx8-boot-sd.bin
 	elif grep -Eq "^BR2_PACKAGE_FREESCALE_IMX_PLATFORM_IMX8MM=y$" ${BR2_CONFIG}; then
 		cat ${BINARIES_DIR}/u-boot-spl.bin ${BINARIES_DIR}/lpddr4_pmu_train_fw.bin > ${BINARIES_DIR}/u-boot-spl-ddr.bin
-		BL31=${BINARIES_DIR}/bl31.bin BL33=${BINARIES_DIR}/u-boot.bin ATF_LOAD_ADDR=0x00920000 ${HOST_DIR}/bin/mkimage_fit_atf.sh ${UBOOT_DTB} > ${BINARIES_DIR}/u-boot.its
+		BL31=${BINARIES_DIR}/bl31.bin BL33=${BINARIES_DIR}/u-boot-nodtb.bin ATF_LOAD_ADDR=0x00920000 ${HOST_DIR}/bin/mkimage_fit_atf.sh ${UBOOT_DTB} > ${BINARIES_DIR}/u-boot.its
 		${HOST_DIR}/bin/mkimage -E -p 0x3000 -f ${BINARIES_DIR}/u-boot.its ${BINARIES_DIR}/u-boot.itb
 		rm -f ${BINARIES_DIR}/u-boot.its
 

board/freescale/imx6-sabresd/rootfs_overlay/root/sabresd.json

@@ -4,11 +4,11 @@
   "pbuffers": true,
   "outputs": [
     {
-      "name": "HDMI-1",
+      "name": "HDMI1",
       "mode": "off"
     },
     {
-      "name": "LVDS-1",
+      "name": "LVDS1",
       "mode": "1024x768"
     }
   ]

board/lemaker/bananapro/patches/linux/0001-arch-arm-boot-dts-sun7i-a20-bananapro.dts-disable-00.patch

@@ -0,0 +1,44 @@
+From 896e82ab14e7e4e361ffa7c81def787907c1bf4c Mon Sep 17 00:00:00 2001
+From: Bartosz Bilas <b.bilas@grinn-global.com>
+Date: Sun, 19 May 2019 21:04:35 +0200
+Subject: [PATCH] arch/arm/boot/dts/sun7i-a20-bananapro.dts: disable 00B
+ IRQ for brcm wifi module
+
+	BugLink: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908438
+
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
+---
+ arch/arm/boot/dts/sun7i-a20-bananapro.dts | 16 +++++++++++++---
+ 1 file changed, 13 insertions(+), 3 deletions(-)
+
+diff --git a/arch/arm/boot/dts/sun7i-a20-bananapro.dts b/arch/arm/boot/dts/sun7i-a20-bananapro.dts
+index 0176e9de0..93b3340f5 100644
+--- a/arch/arm/boot/dts/sun7i-a20-bananapro.dts
++++ b/arch/arm/boot/dts/sun7i-a20-bananapro.dts
+@@ -160,9 +160,19 @@
+ 	brcmf: wifi@1 {
+ 		reg = <1>;
+ 		compatible = "brcm,bcm4329-fmac";
+-		interrupt-parent = <&pio>;
+-		interrupts = <7 15 IRQ_TYPE_LEVEL_LOW>;
+-		interrupt-names = "host-wake";
++		/*
++		 * OOB interrupt support is broken ATM, often the first irq
++		 * does not get seen resulting in the drv probe failing with:
++		 *
++		 * brcmfmac: brcmf_sdio_bus_rxctl: resumed on timeout
++		 * brcmfmac: brcmf_bus_started: failed: -110
++		 * brcmfmac: brcmf_attach: dongle is not responding: err=-110
++		 * brcmfmac: brcmf_sdio_firmware_callback: brcmf_attach failed
++		 *
++		 * interrupt-parent = <&pio>;
++		 * interrupts = <7 15 IRQ_TYPE_LEVEL_LOW>;
++		 * interrupt-names = "host-wake";
++		 */
+ 	};
+ };
+ 
+-- 
+2.21.0
+

boot/barebox/barebox.mk

@@ -25,12 +25,18 @@ $(1)_SOURCE = $$(notdir $$($(1)_TARBALL))
 else ifeq ($$(BR2_TARGET_BAREBOX_CUSTOM_GIT),y)
 $(1)_SITE = $$(call qstrip,$$(BR2_TARGET_BAREBOX_CUSTOM_GIT_REPO_URL))
 $(1)_SITE_METHOD = git
+# Override the default value of _SOURCE to 'barebox-*' so that it is not
+# downloaded a second time for barebox-aux; also alows avoiding the hash
+# check:
+$(1)_SOURCE = barebox-$$($(1)_VERSION).tar.gz
 else
 # Handle stable official Barebox versions
 $(1)_SOURCE = barebox-$$($(1)_VERSION).tar.bz2
 $(1)_SITE = https://www.barebox.org/download
 endif
 
+$(1)_DL_SUBDIR = barebox
+
 $(1)_DEPENDENCIES = host-lzop
 $(1)_LICENSE = GPL-2.0 with exceptions
 $(1)_LICENSE_FILES = COPYING

boot/syslinux/0015-efi-main.c-include-efisetjmp.h.patch

@@ -0,0 +1,60 @@
+From 7d68fa68cd9f2987bd85339f3391913a8b0e58c7 Mon Sep 17 00:00:00 2001
+From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+Date: Tue, 24 Mar 2020 10:21:27 +0100
+Subject: [PATCH] efi/main.c: include <efisetjmp.h>
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Building syslinux against gnu-efi 3.0.10 currently fails with:
+
+syslinux/efi/main.c:33:8: error: unknown type name ‘jmp_buf’
+   33 | static jmp_buf load_error_buf;
+      |        ^~~~~~~
+syslinux/efi/main.c: In function ‘local_boot’:
+syslinux/efi/main.c:189:5: warning: implicit declaration of function ‘longjmp’ [-Wimplicit-function-declaration]
+  189 |     longjmp(&load_error_buf, 1);
+      |     ^~~~~~~
+syslinux/efi/main.c: In function ‘build_gdt’:
+syslinux/efi/main.c:907:75: warning: taking address of packed member of ‘struct dt_desc’ may result in an unaligned pointer value [-Waddress-of-packed-member]
+  907 |  status = emalloc(gdt.limit, __SIZEOF_POINTER__ , (EFI_PHYSICAL_ADDRESS *)&gdt.base);
+      |                                                                           ^~~~~~~~~
+syslinux/efi/main.c: In function ‘efi_main’:
+syslinux/efi/main.c:1390:7: warning: implicit declaration of function ‘setjmp’ [-Wimplicit-function-declaration]
+ 1390 |  if (!setjmp(&load_error_buf))
+      |       ^~~~~~
+make[3]: *** [syslinux/mk/efi.mk:63: main.o] Error 1
+
+This is due to gnu-efi commit 486ba3c3bdd147b7d98159b9e650be60bce0f027
+("Do not include efisetjmp.h on efi.h"), in which they state:
+
+    Do not include efisetjmp.h on efi.h
+
+    People than really want to use efisetjmp implementation can include
+    the header on their own.
+
+    Signed-off-by: leo <leo.sartre@geebol.fr>
+
+So we act as specified, and include <efisetjmp.h> from efi/main.c.
+
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+Upstream: https://www.syslinux.org/archives/2020-March/026621.html
+---
+ efi/main.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/efi/main.c b/efi/main.c
+index 6a748412..e924cfb1 100644
+--- a/efi/main.c
++++ b/efi/main.c
+@@ -12,6 +12,7 @@
+ #include <sys/ansi.h>
+ 
+ #include "efi.h"
++#include <efisetjmp.h>
+ #include "fio.h"
+ #include "version.h"
+ #include "efi_pxe.h"
+-- 
+2.25.1
+

boot/uboot/uboot.mk

@@ -8,7 +8,9 @@ UBOOT_VERSION = $(call qstrip,$(BR2_TARGET_UBOOT_VERSION))
 UBOOT_BOARD_NAME = $(call qstrip,$(BR2_TARGET_UBOOT_BOARDNAME))
 
 UBOOT_LICENSE = GPL-2.0+
+ifeq ($(BR2_TARGET_UBOOT_LATEST_VERSION),y)
 UBOOT_LICENSE_FILES = Licenses/gpl-2.0.txt
+endif
 
 UBOOT_INSTALL_IMAGES = YES
 

configs/bananapro_defconfig

@@ -1,6 +1,7 @@
 # Architecture
 BR2_arm=y
 BR2_cortex_a7=y
+BR2_GLOBAL_PATCH_DIR="board/lemaker/bananapro/patches"
 BR2_ARM_EABIHF=y
 BR2_ARM_FPU_NEON_VFPV4=y
 

configs/licheepi_zero_defconfig

@@ -39,6 +39,7 @@ BR2_TARGET_UBOOT_CUSTOM_VERSION=y
 BR2_TARGET_UBOOT_CUSTOM_VERSION_VALUE="2019.10"
 BR2_TARGET_UBOOT_BOARD_DEFCONFIG="LicheePi_Zero"
 BR2_TARGET_UBOOT_NEEDS_DTC=y
+BR2_TARGET_UBOOT_NEEDS_PYLIBFDT=y
 BR2_TARGET_UBOOT_FORMAT_CUSTOM=y
 BR2_TARGET_UBOOT_FORMAT_CUSTOM_NAME="u-boot-sunxi-with-spl.bin"
 BR2_TARGET_UBOOT_BOOT_SCRIPT=y

configs/qemu_arm_vexpress_tz_defconfig

@@ -38,6 +38,13 @@ BR2_PACKAGE_OPTEE_BENCHMARK=y
 BR2_PACKAGE_OPTEE_EXAMPLES=y
 BR2_PACKAGE_OPTEE_TEST=y
 
+# OP-TEE components needs host-python3 interpreter and its modules
+BR2_PACKAGE_HOST_PYTHON3=y
+# Select python3 on the target to make sure Buildroot builds host-python using
+# python3 and builds all host-python modules for python3.
+BR2_TOOLCHAIN_BUILDROOT_WCHAR=y
+BR2_PACKAGE_PYTHON3=y
+
 # U-boot for booting the dear Linux kernel
 BR2_TARGET_UBOOT=y
 BR2_TARGET_UBOOT_BUILD_SYSTEM_KCONFIG=y

docs/manual/adding-packages-generic.txt

@@ -142,7 +142,7 @@ All these steps rely on the +$(@D)+ variable, which
 contains the directory where the source code of the package has been
 extracted.
 
-On lines 31..43, we define a user that is used by this package (e.g.
+On lines 31..33, we define a user that is used by this package (e.g.
 to run a daemon as non-root) (+LIBFOO_USERS+).
 
 On line 35..37, we define a device-node file used by this package
@@ -358,9 +358,11 @@ not and can not work as people would expect it should:
 * +LIBFOO_DEPENDENCIES+ lists the dependencies (in terms of package
   name) that are required for the current target package to
   compile. These dependencies are guaranteed to be compiled and
-  installed before the configuration of the current package starts. In
-  a similar way, +HOST_LIBFOO_DEPENDENCIES+ lists the dependencies for
-  the current host package.
+  installed before the configuration of the current package starts.
+  However, modifications to configuration of these dependencies will
+  not force a rebuild of the current package. In a similar way,
+  +HOST_LIBFOO_DEPENDENCIES+ lists the dependencies for the current
+  host package.
 
 * +LIBFOO_EXTRACT_DEPENDENCIES+ lists the dependencies (in terms of
   package name) that are required for the current target package to be
@@ -372,9 +374,9 @@ not and can not work as people would expect it should:
 * +LIBFOO_PATCH_DEPENDENCIES+ lists the dependencies (in terms of
   package name) that are required for the current package to be
   patched. These dependencies are guaranteed to be extracted and
-  patched before the current package is patched. In a similar way,
-  +HOST_LIBFOO_PATCH_DEPENDENCIES+ lists the dependencies for the
-  current host package.
+  patched (but not necessarily built) before the current package is
+  patched. In a similar way, +HOST_LIBFOO_PATCH_DEPENDENCIES+ lists
+  the dependencies for the current host package.
   This is seldom used; usually, +LIBFOO_DEPENDENCIES+ is what you
   really want to use.
 

docs/manual/common-usage.txt

@@ -88,7 +88,7 @@ to +make+ or set in the environment:
   Buildroot stores the cached files when using ccache.
   +
 * +BR2_DL_DIR+ to override the directory in which
-  Buildroot stores/retrieves downloaded files
+  Buildroot stores/retrieves downloaded files.
   +
   Note that the Buildroot download directory can also be set from the
   configuration interface, so through the Buildroot +.config+ file. See

docs/manual/contribute.txt

@@ -487,3 +487,171 @@ preserve Unix-style line terminators when downloading raw pastes.
 Following pastebin services are known to work correctly:
 - https://gist.github.com/
 - http://code.bulix.org/
+
+=== Using the run-tests framework
+
+Buildroot includes a run-time testing framework called run-tests built
+upon Python scripting and QEMU runtime execution. There are two types of
+test cases within the framework, one for build time tests and another for
+run-time tests that have a QEMU dependency. The goals of the framework are
+the following:
+
+* build a well defined configuration
+* optionally, verify some properties of the build output
+* if it is a run-time test:
+** boot it under QEMU
+** run some test condition to verify that a given feature is working
+
+The run-tests tool has a series of options documented in the tool's help '-h'
+description. Some common options include setting the download folder, the
+output folder, keeping build output, and for multiple test cases, you can set
+the JLEVEL for each.
+
+Here is an example walk through of running a test case.
+
+* For a first step, let us see what all the test case options are. The test
+cases can be listed by executing +support/testing/run-tests -l+. These tests
+can all be run individually during test development from the console. Both
+one at a time and selectively as a group of a subset of tests.
+
+---------------------
+$ support/testing/run-tests -l
+List of tests
+test_run (tests.utils.test_check_package.TestCheckPackage)
+Test the various ways the script can be called in a simple top to ... ok
+test_run (tests.toolchain.test_external.TestExternalToolchainBuildrootMusl) ... ok
+test_run (tests.toolchain.test_external.TestExternalToolchainBuildrootuClibc) ... ok
+test_run (tests.toolchain.test_external.TestExternalToolchainCCache) ... ok
+test_run (tests.toolchain.test_external.TestExternalToolchainCtngMusl) ... ok
+test_run (tests.toolchain.test_external.TestExternalToolchainLinaroArm) ... ok
+test_run (tests.toolchain.test_external.TestExternalToolchainSourceryArmv4) ... ok
+test_run (tests.toolchain.test_external.TestExternalToolchainSourceryArmv5) ... ok
+test_run (tests.toolchain.test_external.TestExternalToolchainSourceryArmv7) ... ok
+[snip]
+test_run (tests.init.test_systemd.TestInitSystemSystemdRoFull) ... ok
+test_run (tests.init.test_systemd.TestInitSystemSystemdRoIfupdown) ... ok
+test_run (tests.init.test_systemd.TestInitSystemSystemdRoNetworkd) ... ok
+test_run (tests.init.test_systemd.TestInitSystemSystemdRwFull) ... ok
+test_run (tests.init.test_systemd.TestInitSystemSystemdRwIfupdown) ... ok
+test_run (tests.init.test_systemd.TestInitSystemSystemdRwNetworkd) ... ok
+test_run (tests.init.test_busybox.TestInitSystemBusyboxRo) ... ok
+test_run (tests.init.test_busybox.TestInitSystemBusyboxRoNet) ... ok
+test_run (tests.init.test_busybox.TestInitSystemBusyboxRw) ... ok
+test_run (tests.init.test_busybox.TestInitSystemBusyboxRwNet) ... ok
+
+Ran 157 tests in 0.021s
+
+OK
+---------------------
+
+Those runtime tests are regularly executed by Buildroot Gitlab CI
+infrastructure, see .gitlab.yml and https://gitlab.com/buildroot.org/buildroot/-/jobs.
+
+==== Creating a test case
+
+The best way to get familiar with how to create a test case is to look at a
+few of the basic file system +support/testing/tests/fs/+ and init
++support/testing/tests/init/+ test scripts. Those tests give good examples
+of a basic build and build with run type of tests. There are other more
+advanced cases that use things like nested +br2-external+ folders to provide
+skeletons and additional packages.
+
+The test cases by default use a br-arm-full-* uClibc-ng toolchain and the
+prebuild kernel for a armv5/7 cpu. It is recommended to use the default
+defconfig test configuration except when Glibc/musl or a newer kernel are
+necessary. By using the default it saves build time and the test would
+automatically inherit a kernel/std library upgrade when the default is
+updated.
+
+The basic test case definition involves
+
+* Creation of a new test file
+* Defining a unique test class
+* Determining if the default defconfig plus test options can be used
+* Implementing a +def test_run(self):+ function to optionally startup the
+emulator and provide test case conditions.
+
+Beyond creating the test script, there are a couple of additional steps that
+should be taken once you have your initial test case script. The first is
+to add yourself to the +DEVELOPERS+ file to be the maintainer of that test
+case. The second is to update the Gitlab CI yml by executing
++make .gitlab-ci.yml+.
+
+==== Debugging a test case
+
+Within the Buildroot repository, the testing framework is organized at the
+top level in +support/testing/+ by folders of +conf+, +infra+ and +tests+.
+All the test cases live under the +test+ folder and are organized in various
+folders representing the catagory of test.
+
+Lets walk through an example.
+
+* Using the Busybox Init system test case with a read/write rootfs
++tests.init.test_busybox.TestInitSystemBusyboxRw+
+* A minimal set of command line arguments when debugging a test case would
+include '-d' which points to your dl folder, '-o' to an output folder, and
+'-k' to keep any output on both pass/fail. With those options, the test will
+retain logging and build artifacts providing status of the build and
+execution of the test case.
+
+---------------------
+$ support/testing/run-tests -d dl -o output_folder -k tests.init.test_busybox.TestInitSystemBusyboxRw
+15:03:26 TestInitSystemBusyboxRw                  Starting
+15:03:28 TestInitSystemBusyboxRw                  Building
+15:08:18 TestInitSystemBusyboxRw                  Building done
+15:08:27 TestInitSystemBusyboxRw                  Cleaning up
+.
+Ran 1 test in 301.140s
+
+OK
+---------------------
+
+* For the case of a successful build, the +output_folder+ would contain a
+<test name> folder with the Buildroot build, build log and run-time log. If
+the build failed, the console output would show the stage at which it failed
+(setup / build / run). Depending on the failure stage, the build/run logs
+and/or Buildroot build artifacts can be inspected and instrumented. If the
+QEMU instance needs to be launched for additional testing, the first few
+lines of the run-time log capture it and it would allow some incremental
+testing without re-running +support/testing/run-tests+.
+
+* You can also make modifications to the current sources inside the
++output_folder+ (e.g. for debug purposes) and rerun the standard
+Buildroot make targets (in order to regenerate the complete image with
+the new modifications) and then rerun the test. Modifying the sources
+directly can speed up debugging compared to adding patch files, wiping the
+output directoy, and starting the test again.
+
+---------------------
+$ ls output_folder/
+TestInitSystemBusyboxRw/
+TestInitSystemBusyboxRw-build.log
+TestInitSystemBusyboxRw-run.log
+---------------------
+
+* The source file used to implement this example test is found under
++support/testing/tests/init/test_busybox.py+. This file outlines the
+minimal defconfig that creates the build, QEMU configuration to launch
+the built images and the test case assertions.
+
+To test an existing or new test case within Gitlab CI, there is a method of
+invoking a specific test by creating a Buildroot fork in Gitlab under your
+account. This can be handy when adding/changing a run-time test or fixing a
+bug on a use case tested by a run-time test case.
+
+
+In the examples below, the <name> component of the branch name is a unique
+string you choose to identify this specific job being created.
+
+* to trigger all run-test test case jobs:
+
+---------------------
+ $ git push gitlab HEAD:<name>-runtime-tests
+---------------------
+
+* to trigger one test case job, a specific branch naming string is used that
+includes the full test case name.
+
+---------------------
+ $ git push gitlab HEAD:<name>-<test case name>
+---------------------

docs/manual/customize-patches.txt

@@ -53,7 +53,7 @@ directory.
 The exception to +BR2_GLOBAL_PATCH_DIR+ being the preferred method for
 specifying custom patches is +BR2_LINUX_KERNEL_PATCH+.
 +BR2_LINUX_KERNEL_PATCH+ should be used to specify kernel patches that
-are available at an URL. *Note:* +BR2_LINUX_KERNEL_PATCH+ specifies kernel
+are available at a URL. *Note:* +BR2_LINUX_KERNEL_PATCH+ specifies kernel
 patches that are applied after patches available in +BR2_GLOBAL_PATCH_DIR+,
 as it is done from a post-patch hook of the Linux package.
 

docs/manual/customize-rootfs.txt

@@ -145,7 +145,7 @@ It is recommended to use the existing mechanisms to set file permissions
 The difference between post-build scripts (above) and fakeroot scripts,
   is that post-build scripts are not called in the fakeroot context.
 +
-.Note;
+.Note:
 Using `fakeroot` is not an absolute substitute for actually being root.
   `fakeroot` only ever fakes the file access rights and types (regular,
   block-or-char device...) and uid/gid; these are emulated in-memory.

docs/manual/legal-notice.txt

@@ -67,9 +67,8 @@ for packages released under BSD-like licenses, that you are not required to
 redistribute in source form.
 
 Moreover, due to technical limitations, Buildroot does not produce some
-material that you will or may need, such as the toolchain source code and the
-Buildroot source code itself (including patches to packages for which source
-distribution is required).
+material that you will or may need, such as the toolchain source code for
+some of the external toolchains and the Buildroot source code itself.
 When you run +make legal-info+, Buildroot produces warnings in the +README+
 file to inform you of relevant material that could not be saved.
 

docs/manual/manual.txt

@@ -12,7 +12,7 @@ It is licensed under the GNU General Public License, version 2. Refer to the
 http://git.buildroot.org/buildroot/tree/COPYING?id={sys:git rev-parse HEAD}[COPYING]
 file in the Buildroot sources for the full text of this license.
 
-Copyright (C) 2004-2019 The Buildroot developers
+Copyright (C) 2004-2020 The Buildroot developers
 
 image::logo.png[]
 

docs/manual/rebuilding-packages.txt

@@ -65,6 +65,16 @@ can help you understand how to work with Buildroot:
    there is no need for a full rebuild: a simple +make+ invocation
    will take the changes into account.
 
+ * When a package listed in +FOO_DEPENDENCIES+ is rebuilt or removed,
+   the package +foo+ is not automatically rebuilt. For example, if a
+   package +bar+ is listed in +FOO_DEPENDENCIES+ with +FOO_DEPENDENCIES
+   = bar+ and the configuration of the +bar+ package is changed, the
+   configuration change would not result in a rebuild of package +foo+
+   automatically. In this scenario, you may need to either rebuild any
+   packages in your build which reference +bar+ in their +DEPENDENCIES+,
+   or perform a full rebuild to ensure any +bar+ dependent packages are
+   up to date.
+
 Generally speaking, when you're facing a build error and you're unsure
 of the potential consequences of the configuration changes you've
 made, do a full rebuild. If you get the same build error, then you are

docs/manual/writing-rules.txt

@@ -141,8 +141,8 @@ endif
 The documentation uses the
 http://www.methods.co.nz/asciidoc/[asciidoc] format.
 
-For further details about the http://www.methods.co.nz/asciidoc/[asciidoc]
-syntax, refer to http://www.methods.co.nz/asciidoc/userguide.html[].
+For further details about the asciidoc syntax, refer to
+http://www.methods.co.nz/asciidoc/userguide.html[].
 
 === Support scripts
 

docs/website/copyright.txt

@@ -1,6 +1,6 @@
 
 The code and graphics on this website (and it's mirror sites, if any) are
-Copyright (c) 1999-2005 by Erik Andersen, 2006-2019 The Buildroot
+Copyright (c) 1999-2005 by Erik Andersen, 2006-2020 The Buildroot
 developers. All rights reserved.
 
 Documents on this Web site including their graphical elements, design, and

fs/initramfs/initramfs.mk

@@ -29,3 +29,8 @@ rootfs-initramfs-show-depends:
 ifeq ($(BR2_TARGET_ROOTFS_INITRAMFS),y)
 TARGETS_ROOTFS += rootfs-initramfs
 endif
+
+# Not using the rootfs infra, so fake the variables
+ROOTFS_INITRAMFS_NAME = rootfs-initramfs
+ROOTFS_INITRAMFS_TYPE = rootfs
+ROOTFS_INITRAMFS_DEPENDENCIES = rootfs-cpio linux

linux/Config.in

@@ -122,7 +122,7 @@ endif
 
 config BR2_LINUX_KERNEL_VERSION
 	string
-	default "5.3.14" if BR2_LINUX_KERNEL_LATEST_VERSION
+	default "5.3.18" if BR2_LINUX_KERNEL_LATEST_VERSION
 	default "v4.19.75-cip11" if BR2_LINUX_KERNEL_LATEST_CIP_VERSION
 	default BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE \
 		if BR2_LINUX_KERNEL_CUSTOM_VERSION

linux/linux.hash

@@ -1,7 +1,6 @@
 # From https://www.kernel.org/pub/linux/kernel/v5.x/sha256sums.asc
-sha256 955712688c7256675383ec5be4ee044dbb59116a9a1f24e8689d12a6f95f7932  linux-5.3.14.tar.xz
-# From https://www.kernel.org/pub/linux/kernel/v4.x/sha256sums.asc
-sha256 fa1f8fe9c12e18e5cda18cf759b77ae9e778e1e9006d837426c955b75bd4eaa6  linux-4.4.205.tar.xz
-sha256 98b9e8644706acc0cf51022372bb263b59a1d2bbe3ccd7ce6bd9bc7378c78b05  linux-4.9.205.tar.xz
-sha256 90fa769a052ecf34a0cab72cf013e19275dbb8cd01bbe52f1d465e2ed7537733  linux-4.14.157.tar.xz
-sha256 a57221e8318e6fcaedb90b099d56352f9d6608fd367283bc7db84330856eda1d  linux-4.19.87.tar.xz
+sha256  20f14917c4f33122cfa12963a7d3180fe6f4685cacfe984553b2b5b4ad20638c  linux-5.3.18.tar.xz
+sha256  ea68cb8e9fa255bb1d0402c5aa8f26984f9b1c8607ff3bed5d3284109167f063  linux-4.4.218.tar.xz
+sha256  df3a6e615ec4c57b04775e9c018c67045223ac662e696d28fd37baa5114349cd  linux-4.9.218.tar.xz
+sha256  cb440ac5d20071dcb482e5062958514064b0c5a8375c92653062ea201ae0222c  linux-4.14.175.tar.xz
+sha256  1e40a0dc6afc95a259f97b80d5f5ef8f89e2ee49e993ba6844e2bc55de361f0e  linux-4.19.114.tar.xz

linux/linux.mk

@@ -59,8 +59,12 @@ BR_NO_CHECK_HASH_FOR += $(notdir $(LINUX_PATCHES))
 # be directories in the patch list (unlike for other packages).
 LINUX_PATCH = $(filter ftp://% http://% https://%,$(LINUX_PATCHES))
 
+# while the kernel is built for the target, the build may need various
+# host libraries depending on config (and version), so use
+# HOST_MAKE_ENV here. In particular, this ensures that our
+# host-pkgconf will look for host libraries and not target ones.
 LINUX_MAKE_ENV = \
-	$(TARGET_MAKE_ENV) \
+	$(HOST_MAKE_ENV) \
 	BR_BINARIES_DIR=$(BINARIES_DIR)
 
 LINUX_INSTALL_IMAGES = YES
@@ -101,12 +105,6 @@ endif
 
 ifeq ($(BR2_LINUX_KERNEL_NEEDS_HOST_LIBELF),y)
 LINUX_DEPENDENCIES += host-elfutils host-pkgconf
-LINUX_MAKE_ENV += \
-	PKG_CONFIG="$(PKG_CONFIG_HOST_BINARY)" \
-	PKG_CONFIG_SYSROOT_DIR="/" \
-	PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1 \
-	PKG_CONFIG_ALLOW_SYSTEM_LIBS=1 \
-	PKG_CONFIG_LIBDIR="$(HOST_DIR)/lib/pkgconfig:$(HOST_DIR)/share/pkgconfig"
 endif
 
 # If host-uboot-tools is selected by the user, assume it is needed to
@@ -514,18 +512,23 @@ endef
 #
 # Note: our package infrastructure uses the full-path of the last-scanned
 # Makefile to determine what package we're currently defining, using the
-# last directory component in the path. As such, including other Makefiles,
-# like below, before we call one of the *-package macros usually doesn't
-# work.
-# However, since the files we include here are in the same directory as
-# the current Makefile, we are OK. But this is a hard requirement: files
-# included here *must* either be in this same directory OR within a
-# another directory with the name "linux" (in the BR2_EXTERNAL case).
-include $(sort $(wildcard linux/linux-ext-*.mk))
-
-# Import linux-kernel-extensions from br2-externals
+# last directory component in the path. Additionally, the full path of
+# the package directory is also stored in _PKGDIR (e.g. to find patches)
+#
+# As such, including other Makefiles, like below, before we call one of
+# the *-package macros usually doesn't work.
+#
+# However, by including the in-tree extensions after the ones from the
+# br2-external trees, we're back to the situation where the last Makefile
+# scanned *is* included from the correct directory.
+#
+# NOTE: this is very fragile, and extra care must be taken to ensure that
+# we always end up with an in-tree included file. That's mostly OK, because
+# we do have in-tree linux-extensions.
+#
 include $(sort $(wildcard $(foreach ext,$(BR2_EXTERNAL_DIRS), \
 	$(ext)/linux/linux-ext-*.mk)))
+include $(sort $(wildcard linux/linux-ext-*.mk))
 
 LINUX_PATCH_DEPENDENCIES += $(foreach ext,$(LINUX_EXTENSIONS),\
 	$(if $(BR2_LINUX_KERNEL_EXT_$(call UPPERCASE,$(ext))),$(ext)))

package/acsccid/Config.in

@@ -3,6 +3,7 @@ config BR2_PACKAGE_ACSCCID
 	depends on BR2_TOOLCHAIN_HAS_THREADS # pcsc-lite, libusb
 	depends on BR2_USE_MMU # pcsc-lite
 	depends on !BR2_STATIC_LIBS # pcsc-lite
+	select BR2_PACKAGE_LIBICONV if !BR2_ENABLE_LOCALE
 	select BR2_PACKAGE_PCSC_LITE
 	# Even though there is a --disable-libusb option, it has in
 	# fact no effect, and acsccid really requires libusb.

package/acsccid/acsccid.mk

@@ -13,4 +13,8 @@ ACSCCID_INSTALL_STAGING = YES
 ACSCCID_DEPENDENCIES = pcsc-lite host-flex host-pkgconf libusb
 ACSCCID_CONF_OPTS = --enable-usbdropdir=/usr/lib/pcsc/drivers
 
+ifeq ($(BR2_PACKAGE_LIBICONV),y)
+ACSCCID_DEPENDENCIES += libiconv
+endif
+
 $(eval $(autotools-package))

package/armadillo/armadillo.mk

@@ -9,7 +9,7 @@ ARMADILLO_SOURCE = armadillo-$(ARMADILLO_VERSION).tar.xz
 ARMADILLO_SITE = https://downloads.sourceforge.net/project/arma
 ARMADILLO_DEPENDENCIES = clapack
 ARMADILLO_INSTALL_STAGING = YES
-ARMADILLO_LICENSE = MPL-2.0
+ARMADILLO_LICENSE = Apache-2.0
 ARMADILLO_LICENSE_FILES = LICENSE.txt
 
 $(eval $(cmake-package))

package/at/0004-Makefile-fix-parallel-build-failure.patch

@@ -0,0 +1,41 @@
+From 3ace0b57e2aacb784c01a3c7694c6c92461937ff Mon Sep 17 00:00:00 2001
+From: Giulio Benetti <giulio.benetti@benettiengineering.com>
+Date: Thu, 20 Feb 2020 22:00:11 +0100
+Subject: [PATCH] Makefile: fix parallel build failure
+
+At the moment parallel build fails due to 2 causes:
+1) parsetime.l tries to include incomplete y.tab.h, since y.tab.h is the
+result of yacc -d parsetime.y
+2) when compiling y.tab.c, y.tab.c itself is not complete, since it is
+the result of yacc -d parsetime.y
+
+So fix it by:
+1) making parsetime.l to wait for y.tab.h to be created by yacc
+2) waiting for y.tab.c and y.tab.h to be created before compile them
+
+Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
+---
+ Makefile.in | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/Makefile.in b/Makefile.in
+index 4c11913..57c3a0c 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -83,6 +83,8 @@ y.tab.c y.tab.h: parsetime.y
+ lex.yy.c: parsetime.l
+ 	$(LEX) -i parsetime.l
+ 
++parsetime.l: y.tab.h
++
+ atd.service: atd.service.in
+ 	cat $< | sed -e 's![@]sbindir[@]!$(sbindir)!g' | sed -e 's![@]atjobdir[@]!$(atjobdir)!g' > $@
+ 
+@@ -173,3 +175,4 @@ perm.o: perm.c config.h privs.h at.h
+ posixtm.o: posixtm.c posixtm.h
+ daemon.o: daemon.c config.h daemon.h privs.h
+ getloadavg.o: getloadavg.c config.h getloadavg.h
++y.tab.o: y.tab.c y.tab.h
+-- 
+2.20.1
+

package/at/at.mk

@@ -7,9 +7,6 @@
 AT_VERSION = 7c74fa1aece6bc6db351763dc012193d5d634b7e
 AT_SITE = https://salsa.debian.org/debian/at.git
 AT_SITE_METHOD = git
-# Tried to add missing deps for parsetime.l but still parallel build fails
-# in some case, so at the moment let's keep MAKE1
-AT_MAKE = $(MAKE1)
 AT_AUTORECONF = YES
 AT_DEPENDENCIES = $(if $(BR2_PACKAGE_FLEX),flex) host-bison host-flex
 AT_LICENSE = GPL-2.0+, GPL-3.0+, ISC

package/bcm2835/bcm2835.hash

@@ -1,3 +1,3 @@
 # Locally computed:
-sha256 333e7ceee895e910c29098074773ee86bcab4a82c2af0cf083c4533767e52d27 bcm2835-1.60.tar.gz
-sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
+sha256  7beacda787d6073d0982bfe576c318bb2730700f7d0f7950c6e763dfcb06e0e5  bcm2835-1.62.tar.gz
+sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING

package/bcm2835/bcm2835.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-BCM2835_VERSION = 1.60
+BCM2835_VERSION = 1.62
 BCM2835_SITE = http://www.airspayce.com/mikem/bcm2835
 BCM2835_LICENSE = GPL-2.0
 BCM2835_LICENSE_FILES = COPYING

package/binutils/2.31.1/0018-bfd-xtensa-fix-PR-ld-25630.patch

@@ -0,0 +1,37 @@
+From 85dcca5997cf3822d6456a5c9c59c46b56adfbb8 Mon Sep 17 00:00:00 2001
+From: Max Filippov <jcmvbkbc@gmail.com>
+Date: Wed, 4 Mar 2020 14:54:27 -0800
+Subject: [PATCH] bfd: xtensa: fix PR ld/25630
+
+bfd/
+2020-03-05  Max Filippov  <jcmvbkbc@gmail.com>
+
+	* elf32-xtensa.c (shrink_dynamic_reloc_sections): Shrink dynamic
+	relocation sections for any removed reference to a dynamic symbol.
+
+Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
+---
+ bfd/elf32-xtensa.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/bfd/elf32-xtensa.c b/bfd/elf32-xtensa.c
+index 12ff9f772aaf..65e14d87940c 100644
+--- a/bfd/elf32-xtensa.c
++++ b/bfd/elf32-xtensa.c
+@@ -10148,10 +10148,9 @@ shrink_dynamic_reloc_sections (struct bfd_link_info *info,
+ 
+   if ((r_type == R_XTENSA_32 || r_type == R_XTENSA_PLT)
+       && (input_section->flags & SEC_ALLOC) != 0
+-      && (dynamic_symbol || bfd_link_pic (info))
+-      && (!h || h->root.type != bfd_link_hash_undefweak
+-	  || (dynamic_symbol
+-	      && (bfd_link_dll (info) || info->export_dynamic))))
++      && (dynamic_symbol
++	  || (bfd_link_pic (info)
++	      && (!h || h->root.type != bfd_link_hash_undefweak))))
+     {
+       asection *srel;
+       bfd_boolean is_plt = FALSE;
+-- 
+2.20.1
+

package/binutils/2.32/0007-bfd-xtensa-fix-PR-ld-25630.patch

@@ -0,0 +1,37 @@
+From 85dcca5997cf3822d6456a5c9c59c46b56adfbb8 Mon Sep 17 00:00:00 2001
+From: Max Filippov <jcmvbkbc@gmail.com>
+Date: Wed, 4 Mar 2020 14:54:27 -0800
+Subject: [PATCH] bfd: xtensa: fix PR ld/25630
+
+bfd/
+2020-03-05  Max Filippov  <jcmvbkbc@gmail.com>
+
+	* elf32-xtensa.c (shrink_dynamic_reloc_sections): Shrink dynamic
+	relocation sections for any removed reference to a dynamic symbol.
+
+Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
+---
+ bfd/elf32-xtensa.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/bfd/elf32-xtensa.c b/bfd/elf32-xtensa.c
+index 12ff9f772aaf..65e14d87940c 100644
+--- a/bfd/elf32-xtensa.c
++++ b/bfd/elf32-xtensa.c
+@@ -10148,10 +10148,9 @@ shrink_dynamic_reloc_sections (struct bfd_link_info *info,
+ 
+   if ((r_type == R_XTENSA_32 || r_type == R_XTENSA_PLT)
+       && (input_section->flags & SEC_ALLOC) != 0
+-      && (dynamic_symbol || bfd_link_pic (info))
+-      && (!h || h->root.type != bfd_link_hash_undefweak
+-	  || (dynamic_symbol
+-	      && (bfd_link_dll (info) || info->export_dynamic))))
++      && (dynamic_symbol
++	  || (bfd_link_pic (info)
++	      && (!h || h->root.type != bfd_link_hash_undefweak))))
+     {
+       asection *srel;
+       bfd_boolean is_plt = FALSE;
+-- 
+2.20.1
+

package/binutils/Config.in.host

@@ -37,7 +37,7 @@ endchoice
 
 config BR2_BINUTILS_VERSION
 	string
-	default "arc-2019.09-rc1"	if BR2_BINUTILS_VERSION_ARC
+	default "arc-2019.09-release"	if BR2_BINUTILS_VERSION_ARC
 	default "c66d8bbcebfddf713b2b436e1b135e6b125a55a5" if BR2_BINUTILS_VERSION_CSKY
 	default "2.30"		if BR2_BINUTILS_VERSION_2_30_X
 	default "2.31.1"	if BR2_BINUTILS_VERSION_2_31_X

package/binutils/binutils.hash

@@ -4,7 +4,7 @@ sha512  0fca326feb1d5f5fe505a827b20237fe3ec9c13eaf7ec7e35847fd71184f605ba1cefe13
 sha512  d326408f12a03d9a61a9de56584c2af12f81c2e50d2d7e835d51565df8314df01575724afa1e43bd0db45cfc9916b41519b67dfce03232aa4978704492a6994a  binutils-2.32.tar.xz
 
 # Locally calculated (fetched from Github)
-sha512  3840770da5ede0248f6a6605e3f1743210acd9f4da7de48720ef566cc2aae52ea9e84c285a0a6d39eb15bd7ad197d543b6e407ec9e1a00739989e574d4e04384  binutils-gdb-arc-2019.09-rc1.tar.gz
+sha512  33ac5ad662db551870193f5c76c35a18de465adfa1c7f4bf5c1bb4145805a47507bf11ec21eb446b52f91f70cfe392252dd2b02724dc9dad3505258e3f6f4d45  binutils-gdb-arc-2019.09-release.tar.gz
 
 # Locally calculated (fetched from https://github.com/c-sky/binutils-gdb)
 sha512  979552d4b3a4f31e9f3b9a7027321bd4eb3ac6c2d8deac1720e94e54f81d736db09c53c5d87c301010e307b64127e14400a036c7a35e5d63a954a4edd9cc8e2c  binutils-c66d8bbcebfddf713b2b436e1b135e6b125a55a5.tar.gz

package/binutils/binutils.mk

@@ -9,13 +9,13 @@
 BINUTILS_VERSION = $(call qstrip,$(BR2_BINUTILS_VERSION))
 ifeq ($(BINUTILS_VERSION),)
 ifeq ($(BR2_arc),y)
-BINUTILS_VERSION = arc-2019.09-rc1
+BINUTILS_VERSION = arc-2019.09-release
 else
 BINUTILS_VERSION = 2.31.1
 endif
 endif # BINUTILS_VERSION
 
-ifeq ($(BINUTILS_VERSION),arc-2019.09-rc1)
+ifeq ($(BINUTILS_VERSION),arc-2019.09-release)
 BINUTILS_SITE = $(call github,foss-for-synopsys-dwc-arc-processors,binutils-gdb,$(BINUTILS_VERSION))
 BINUTILS_SOURCE = binutils-gdb-$(BINUTILS_VERSION).tar.gz
 BINUTILS_FROM_GIT = y

package/bitcoin/Config.in

@@ -1,6 +1,6 @@
 config BR2_PACKAGE_BITCOIN_ARCH_SUPPORTS
 	bool
-	depends on BR2_TOOLCHAIN_HAS_ATOMIC
+	default y if BR2_TOOLCHAIN_HAS_ATOMIC
 	# bitcoin uses 8-byte __atomic intrinsics, which are not
 	# available on ARM noMMU platforms that we
 	# support. BR2_TOOLCHAIN_HAS_ATOMIC does not provide a
@@ -10,8 +10,9 @@ config BR2_PACKAGE_BITCOIN_ARCH_SUPPORTS
 config BR2_PACKAGE_BITCOIN
 	bool "bitcoin"
 	depends on BR2_INSTALL_LIBSTDCPP
-	depends on BR2_TOOLCHAIN_HAS_GCC_BUG_64735 # std::future
+	depends on !BR2_TOOLCHAIN_HAS_GCC_BUG_64735 # std::future
 	depends on BR2_PACKAGE_BITCOIN_ARCH_SUPPORTS
+	depends on BR2_USE_WCHAR
 	select BR2_PACKAGE_BOOST
 	select BR2_PACKAGE_BOOST_SYSTEM
 	select BR2_PACKAGE_BOOST_FILESYSTEM
@@ -36,9 +37,9 @@ config BR2_PACKAGE_BITCOIN
 
 	  https://bitcoincore.org
 
-comment "bitcoin needs a toolchain w/ C++"
+comment "bitcoin needs a toolchain w/ C++, wchar"
 	depends on BR2_PACKAGE_BITCOIN_ARCH_SUPPORTS
-	depends on !BR2_INSTALL_LIBSTDCPP
+	depends on !BR2_INSTALL_LIBSTDCPP || !BR2_USE_WCHAR
 
 comment "bitcoin needs a toolchain not affected by GCC bug 64735"
 	depends on BR2_PACKAGE_BITCOIN_ARCH_SUPPORTS

package/bitcoin/bitcoin.mk

@@ -9,11 +9,27 @@ BITCOIN_SITE = $(call github,bitcoin,bitcoin,v$(BITCOIN_VERSION))
 BITCOIN_AUTORECONF = YES
 BITCOIN_LICENSE = MIT
 BITCOIN_LICENSE_FILES = COPYING
-BITCOIN_DEPENDENCIES = boost openssl libevent
+BITCOIN_DEPENDENCIES = host-pkgconf boost openssl libevent
 BITCOIN_CONF_OPTS = \
+	--disable-bench \
 	--disable-wallet \
 	--disable-tests \
 	--with-boost-libdir=$(STAGING_DIR)/usr/lib/ \
-	--disable-hardening
+	--disable-hardening \
+	--without-gui
+
+ifeq ($(BR2_PACKAGE_LIBMINIUPNPC),y)
+BITCOIN_DEPENDENCIES += libminiupnpc
+BITCOIN_CONF_OPTS += --with-miniupnpc
+else
+BITCOIN_CONF_OPTS += --without-miniupnpc
+endif
+
+ifeq ($(BR2_PACKAGE_ZEROMQ),y)
+BITCOIN_DEPENDENCIES += zeromq
+BITCOIN_CONF_OPTS += --with-zmq
+else
+BITCOIN_CONF_OPTS += --without-zmq
+endif
 
 $(eval $(autotools-package))

package/blktrace/0001-btt-make-device-devno-use-PATH_MAX-to-avoid-overflow.patch

@@ -0,0 +1,146 @@
+From d61ff409cb4dda31386373d706ea0cfb1aaac5b7 Mon Sep 17 00:00:00 2001
+From: Jens Axboe <axboe@kernel.dk>
+Date: Wed, 2 May 2018 10:24:17 -0600
+Subject: btt: make device/devno use PATH_MAX to avoid overflow
+
+Herbo Zhang reports:
+
+I found a bug in blktrace/btt/devmap.c. The code is just as follows:
+
+https://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/tree/btt/devmap.c?id=8349ad2f2d19422a6241f94ea84d696b21de4757
+
+       struct devmap {
+
+struct list_head head;
+char device[32], devno[32];    // #1
+};
+
+LIST_HEAD(all_devmaps);
+
+static int dev_map_add(char *line)
+{
+struct devmap *dmp;
+
+if (strstr(line, "Device") != NULL)
+return 1;
+
+dmp = malloc(sizeof(struct devmap));
+if (sscanf(line, "%s %s", dmp->device, dmp->devno) != 2) {  //#2
+free(dmp);
+return 1;
+}
+
+list_add_tail(&dmp->head, &all_devmaps);
+return 0;
+}
+
+int dev_map_read(char *fname)
+{
+char line[256];   // #3
+FILE *fp = my_fopen(fname, "r");
+
+if (!fp) {
+perror(fname);
+return 1;
+}
+
+while (fscanf(fp, "%255[a-zA-Z0-9 :.,/_-]\n", line) == 1) {
+if (dev_map_add(line))
+break;
+}
+
+fclose(fp);
+return 0;
+}
+
+ The line length is 256, but the dmp->device, dmp->devno  max length
+is only 32. We can put strings longer than 32 into dmp->device and
+dmp->devno , and then they will be overflowed.
+
+ we can trigger this bug just as follows:
+
+ $ python -c "print 'A'*256" > ./test
+    $ btt -M ./test
+
+    *** Error in btt': free(): invalid next size (fast): 0x000055ad7349b250 ***
+    ======= Backtrace: =========
+    /lib/x86_64-linux-gnu/libc.so.6(+0x777e5)[0x7f7f158ce7e5]
+    /lib/x86_64-linux-gnu/libc.so.6(+0x7fe0a)[0x7f7f158d6e0a]
+    /lib/x86_64-linux-gnu/libc.so.6(cfree+0x4c)[0x7f7f158da98c]
+    btt(+0x32e0)[0x55ad7306f2e0]
+    btt(+0x2c5f)[0x55ad7306ec5f]
+    btt(+0x251f)[0x55ad7306e51f]
+    /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0)[0x7f7f15877830]
+    btt(+0x26b9)[0x55ad7306e6b9]
+    ======= Memory map: ========
+    55ad7306c000-55ad7307f000 r-xp 00000000 08:14 3698139
+      /usr/bin/btt
+    55ad7327e000-55ad7327f000 r--p 00012000 08:14 3698139
+      /usr/bin/btt
+    55ad7327f000-55ad73280000 rw-p 00013000 08:14 3698139
+      /usr/bin/btt
+    55ad73280000-55ad73285000 rw-p 00000000 00:00 0
+    55ad7349a000-55ad734bb000 rw-p 00000000 00:00 0
+      [heap]
+    7f7f10000000-7f7f10021000 rw-p 00000000 00:00 0
+    7f7f10021000-7f7f14000000 ---p 00000000 00:00 0
+    7f7f15640000-7f7f15656000 r-xp 00000000 08:14 14942237
+      /lib/x86_64-linux-gnu/libgcc_s.so.1
+    7f7f15656000-7f7f15855000 ---p 00016000 08:14 14942237
+      /lib/x86_64-linux-gnu/libgcc_s.so.1
+    7f7f15855000-7f7f15856000 r--p 00015000 08:14 14942237
+      /lib/x86_64-linux-gnu/libgcc_s.so.1
+    7f7f15856000-7f7f15857000 rw-p 00016000 08:14 14942237
+      /lib/x86_64-linux-gnu/libgcc_s.so.1
+    7f7f15857000-7f7f15a16000 r-xp 00000000 08:14 14948477
+      /lib/x86_64-linux-gnu/libc-2.23.so
+    7f7f15a16000-7f7f15c16000 ---p 001bf000 08:14 14948477
+      /lib/x86_64-linux-gnu/libc-2.23.so
+    7f7f15c16000-7f7f15c1a000 r--p 001bf000 08:14 14948477
+      /lib/x86_64-linux-gnu/libc-2.23.so
+    7f7f15c1a000-7f7f15c1c000 rw-p 001c3000 08:14 14948477
+      /lib/x86_64-linux-gnu/libc-2.23.so
+    7f7f15c1c000-7f7f15c20000 rw-p 00000000 00:00 0
+    7f7f15c20000-7f7f15c46000 r-xp 00000000 08:14 14948478
+      /lib/x86_64-linux-gnu/ld-2.23.so
+    7f7f15e16000-7f7f15e19000 rw-p 00000000 00:00 0
+    7f7f15e42000-7f7f15e45000 rw-p 00000000 00:00 0
+    7f7f15e45000-7f7f15e46000 r--p 00025000 08:14 14948478
+      /lib/x86_64-linux-gnu/ld-2.23.so
+    7f7f15e46000-7f7f15e47000 rw-p 00026000 08:14 14948478
+      /lib/x86_64-linux-gnu/ld-2.23.so
+    7f7f15e47000-7f7f15e48000 rw-p 00000000 00:00 0
+    7ffdebe5c000-7ffdebe7d000 rw-p 00000000 00:00 0
+      [stack]
+    7ffdebebc000-7ffdebebe000 r--p 00000000 00:00 0
+      [vvar]
+    7ffdebebe000-7ffdebec0000 r-xp 00000000 00:00 0
+      [vdso]
+    ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0
+      [vsyscall]
+    [1]    6272 abort      btt -M test
+
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+[Retrieved from:
+https://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/commit/?id=d61ff409cb4dda31386373d706ea0cfb1aaac5b7]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ btt/devmap.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/btt/devmap.c b/btt/devmap.c
+index 0553a9e..5fc1cb2 100644
+--- a/btt/devmap.c
++++ b/btt/devmap.c
+@@ -23,7 +23,7 @@
+ 
+ struct devmap {
+ 	struct list_head head;
+-	char device[32], devno[32];
++	char device[PATH_MAX], devno[PATH_MAX];
+ };
+ 
+ LIST_HEAD(all_devmaps);
+-- 
+cgit 1.2-0.3.lf.el7
+

package/blktrace/blktrace.mk

@@ -10,6 +10,9 @@ BLKTRACE_DEPENDENCIES = libaio
 BLKTRACE_LICENSE = GPL-2.0+
 BLKTRACE_LICENSE_FILES = COPYING
 
+# 0001-btt-make-device-devno-use-PATH_MAX-to-avoid-overflow.patch
+BLKTRACE_IGNORE_CVES += CVE-2018-10689
+
 define BLKTRACE_BUILD_CMDS
 	$(TARGET_MAKE_ENV) $(MAKE1) -C $(@D) $(TARGET_CONFIGURE_OPTS)
 endef

package/bluez-alsa/bluez-alsa.mk

@@ -23,7 +23,7 @@ BLUEZ_ALSA_CONF_OPTS = \
 	--enable-aplay \
 	--disable-debug-time \
 	--with-alsaplugindir=/usr/lib/alsa-lib \
-	--with-alsaconfdir=/usr/share/alsa
+	--with-alsaconfdir=/etc/alsa/conf.d
 
 ifeq ($(BR2_PACKAGE_FDK_AAC),y)
 BLUEZ_ALSA_DEPENDENCIES += fdk-aac

package/bluez5_utils-headers/bluez5_utils-headers.mk

@@ -5,7 +5,7 @@
 ################################################################################
 
 # Keep the version and patches in sync with bluez5_utils
-BLUEZ5_UTILS_HEADERS_VERSION = 5.52
+BLUEZ5_UTILS_HEADERS_VERSION = 5.54
 BLUEZ5_UTILS_HEADERS_SOURCE = bluez-$(BLUEZ5_UTILS_VERSION).tar.xz
 BLUEZ5_UTILS_HEADERS_SITE = $(BR2_KERNEL_MIRROR)/linux/bluetooth
 BLUEZ5_UTILS_HEADERS_DL_SUBDIR = bluez5_utils

package/bluez5_utils/bluez5_utils.hash

@@ -1,4 +1,4 @@
 # From https://www.kernel.org/pub/linux/bluetooth/sha256sums.asc:
-sha256  f7144ce2039202cfac18ccb52426efea11c98e4f6e1bb8041bcb994b8378560a  bluez-5.52.tar.xz
+sha256  68cdab9e63e8832b130d5979dc8c96fdb087b31278f342874d992af3e56656dc  bluez-5.54.tar.xz
 sha256  b499eddebda05a8859e32b820a64577d91f1de2b52efa2a1575a2cb4000bc259  COPYING
 sha256  ec60b993835e2c6b79e6d9226345f4e614e686eb57dc13b6420c15a33a8996e5  COPYING.LIB

package/bluez5_utils/bluez5_utils.mk

@@ -5,7 +5,7 @@
 ################################################################################
 
 # Keep the version and patches in sync with bluez5_utils-headers
-BLUEZ5_UTILS_VERSION = 5.52
+BLUEZ5_UTILS_VERSION = 5.54
 BLUEZ5_UTILS_SOURCE = bluez-$(BLUEZ5_UTILS_VERSION).tar.xz
 BLUEZ5_UTILS_SITE = $(BR2_KERNEL_MIRROR)/linux/bluetooth
 BLUEZ5_UTILS_INSTALL_STAGING = YES

package/boost/Config.in

@@ -101,7 +101,7 @@ comment "boost-contract needs a toolchain w/ NPTL"
 config BR2_PACKAGE_BOOST_COROUTINE
 	bool "boost-coroutine"
 	depends on BR2_PACKAGE_BOOST_CONTEXT_ARCH_SUPPORTS
-	depends on !BR2_TOOLCHAIN_HAS_GCC_BUG_64735 # boost-context
+	depends on !BR2_TOOLCHAIN_HAS_GCC_BUG_64735 # boost-context, boost-thread
 	select BR2_PACKAGE_BOOST_CHRONO
 	select BR2_PACKAGE_BOOST_CONTEXT
 	select BR2_PACKAGE_BOOST_SYSTEM
@@ -189,6 +189,7 @@ config BR2_PACKAGE_BOOST_LOCALE
 	# https://svn.boost.org/trac/boost/ticket/9685 for more
 	# details.
 	depends on !(BR2_STATIC_LIBS && BR2_PACKAGE_ICU)
+	depends on !(BR2_TOOLCHAIN_HAS_GCC_BUG_64735 && BR2_PACKAGE_ICU) # boost-thread
 	select BR2_PACKAGE_BOOST_SYSTEM
 	select BR2_PACKAGE_BOOST_THREAD if BR2_PACKAGE_ICU
 	select BR2_PACKAGE_LIBICONV if !BR2_ENABLE_LOCALE
@@ -199,9 +200,14 @@ comment "boost-locale needs a toolchain w/ dynamic library"
 	depends on BR2_PACKAGE_ICU
 	depends on BR2_STATIC_LIBS
 
+comment "boost-locale needs a toolchain not affected by GCC bug 64735"
+	depends on BR2_PACKAGE_ICU
+	depends on BR2_TOOLCHAIN_HAS_GCC_BUG_64735
+
 config BR2_PACKAGE_BOOST_LOG
 	bool "boost-log"
 	depends on BR2_TOOLCHAIN_HAS_THREADS_NPTL
+	depends on !BR2_TOOLCHAIN_HAS_GCC_BUG_64735 # boost-thread
 	select BR2_PACKAGE_BOOST_ATOMIC
 	select BR2_PACKAGE_BOOST_DATE_TIME
 	select BR2_PACKAGE_BOOST_FILESYSTEM
@@ -214,6 +220,9 @@ config BR2_PACKAGE_BOOST_LOG
 comment "boost-log needs a toolchain w/ NPTL"
 	depends on !BR2_TOOLCHAIN_HAS_THREADS_NPTL
 
+comment "boost-log needs a toolchain not affected by GCC bug 64735"
+	depends on BR2_TOOLCHAIN_HAS_GCC_BUG_64735
+
 config BR2_PACKAGE_BOOST_MATH
 	bool "boost-math"
 	help
@@ -304,12 +313,16 @@ config BR2_PACKAGE_BOOST_TEST
 
 config BR2_PACKAGE_BOOST_THREAD
 	bool "boost-thread"
+	depends on !BR2_TOOLCHAIN_HAS_GCC_BUG_64735 # std::current_exception
 	select BR2_PACKAGE_BOOST_ATOMIC if !BR2_TOOLCHAIN_SUPPORTS_ALWAYS_LOCKFREE_ATOMIC_INTS
 	select BR2_PACKAGE_BOOST_CHRONO
 	select BR2_PACKAGE_BOOST_SYSTEM
 	help
 	  Portable C++ multi-threading. C++11, C++14.
 
+comment "boost-thread needs a toolchain not affected by GCC bug 64735"
+	depends on BR2_TOOLCHAIN_HAS_GCC_BUG_64735
+
 config BR2_PACKAGE_BOOST_TIMER
 	bool "boost-timer"
 	select BR2_PACKAGE_BOOST_CHRONO
@@ -319,16 +332,21 @@ config BR2_PACKAGE_BOOST_TIMER
 
 config BR2_PACKAGE_BOOST_TYPE_ERASURE
 	bool "boost-type_erasure"
+	depends on !BR2_TOOLCHAIN_HAS_GCC_BUG_64735 # boost-thread
 	select BR2_PACKAGE_BOOST_SYSTEM
 	select BR2_PACKAGE_BOOST_THREAD
 	help
 	  Runtime polymorphism based on concepts.
 
+comment "boost-type_erasure needs a toolchain not affected by GCC bug 64735"
+	depends on BR2_TOOLCHAIN_HAS_GCC_BUG_64735
+
 config BR2_PACKAGE_BOOST_WAVE
 	bool "boost-wave"
 	# limitation of assembler for coldfire
 	# error: Tried to convert PC relative branch to absolute jump
 	depends on !BR2_m68k_cf
+	depends on !BR2_TOOLCHAIN_HAS_GCC_BUG_64735 # boost-thread
 	select BR2_PACKAGE_BOOST_DATE_TIME
 	select BR2_PACKAGE_BOOST_FILESYSTEM
 	select BR2_PACKAGE_BOOST_SYSTEM
@@ -339,4 +357,7 @@ config BR2_PACKAGE_BOOST_WAVE
 	  preprocessor functionality packed behind an easy to use
 	  iterator interface.
 
+comment "boost-wave needs a toolchain not affected by GCC bug 64735"
+	depends on BR2_TOOLCHAIN_HAS_GCC_BUG_64735
+
 endif

package/bootstrap/bootstrap.hash

@@ -1,3 +1,3 @@
 # Locally computed:
-sha256	75c0325fd82e29cf524e28d8be7716c216cc507ba85b087ab36868209236aa01  bootstrap-4.1.0-dist.zip
-sha256	0ce7fbe215cdf921ed87d00a374404681d5d24898589a7fe60e068d09289b4ba  css/bootstrap.css
+sha256  888ffd30b7e192381e2f6a948ca04669fdcc2ccc2ba016de00d38c8e30793323  bootstrap-4.3.1-dist.zip
+sha256  35fbb6dc3891aacaf1ffa07abec2344fdbc454aab533a2a03bcf93577eb7837b  css/bootstrap.css

package/bootstrap/bootstrap.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-BOOTSTRAP_VERSION = 4.1.0
+BOOTSTRAP_VERSION = 4.3.1
 BOOTSTRAP_SITE = https://github.com/twbs/bootstrap/releases/download/v$(BOOTSTRAP_VERSION)
 BOOTSTRAP_SOURCE = bootstrap-$(BOOTSTRAP_VERSION)-dist.zip
 BOOTSTRAP_LICENSE = MIT
@@ -12,6 +12,7 @@ BOOTSTRAP_LICENSE_FILES = css/bootstrap.css
 
 define BOOTSTRAP_EXTRACT_CMDS
 	$(UNZIP) $(BOOTSTRAP_DL_DIR)/$(BOOTSTRAP_SOURCE) -d $(@D)
+	mv $(@D)/bootstrap-$(BOOTSTRAP_VERSION)-dist/* $(@D)
 endef
 
 define BOOTSTRAP_INSTALL_TARGET_CMDS

package/brltty/0003-mk4build-also-pass-PKG_CONFIG_FOR_BUILD-to-the-nativ.patch

@@ -0,0 +1,38 @@
+From 568e0d6070021a9b805ba1fe1543e4b43a073413 Mon Sep 17 00:00:00 2001
+From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+Date: Thu, 20 Feb 2020 00:23:35 +0100
+Subject: [PATCH] mk4build: also pass PKG_CONFIG_FOR_BUILD to the native
+ configure
+
+In commit 0414ad2b4e8978a14343d920a5a1f11da892eaf3, mk4build was
+modified to pass a number of *_FOR_BUILD variables down to the
+configure script called for building the native tools.
+
+However, this configure script also uses the pkg-config tool, and the
+pkg-config to use for the native build and the cross build may be
+different, so let's also pass PKG_CONFIG_FOR_BUILD down to the
+sub-configure, as PKG_CONFIG, following the same logic as the other
+variables.
+
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+Upstream: https://github.com/brltty/brltty/pull/248
+[Upstream patch is different, due to other upstream changes.]
+---
+ mk4build | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/mk4build b/mk4build
+index 3c64963b7..ad88ee69c 100755
+--- a/mk4build
++++ b/mk4build
+@@ -73,6 +73,7 @@ then
+    CXXFLAGS=${CXXFLAGS_FOR_BUILD} \
+    LDFLAGS=${LDFLAGS_FOR_BUILD} \
+    LDLIBS=${LDLIBS_FOR_BUILD} \
++   PKG_CONFIG=${PKG_CONFIG_FOR_BUILD} \
+    "${sourceRoot}/configure" \
+       --disable-api \
+       --disable-gpm \
+-- 
+2.24.1
+

package/brltty/brltty.mk

@@ -15,6 +15,9 @@ BRLTTY_LICENSE_FILES = LICENSE-LGPL README
 BRLTTY_DEPENDENCIES = $(TARGET_NLS_DEPENDENCIES) host-autoconf host-pkgconf \
 	$(if $(BR2_PACKAGE_AT_SPI2_CORE),at-spi2-core)
 
+BRLTTY_CONF_ENV = \
+	PKG_CONFIG_FOR_BUILD=$(HOST_DIR)/bin/pkgconf
+
 BRLTTY_CONF_OPTS = \
 	--disable-java-bindings \
 	--disable-lisp-bindings \

package/busybox/busybox.mk

@@ -277,7 +277,9 @@ endif
 
 ifeq ($(BR2_INIT_BUSYBOX),y)
 define BUSYBOX_INSTALL_INITTAB
-	$(INSTALL) -D -m 0644 package/busybox/inittab $(TARGET_DIR)/etc/inittab
+	if test ! -e $(TARGET_DIR)/etc/inittab; then \
+		$(INSTALL) -D -m 0644 package/busybox/inittab $(TARGET_DIR)/etc/inittab; \
+	fi
 endef
 endif
 
@@ -316,11 +318,11 @@ endef
 # Add /bin/{a,hu}sh to /etc/shells otherwise some login tools like dropbear
 # can reject the user connection. See man shells.
 define BUSYBOX_INSTALL_ADD_TO_SHELLS
-	if grep -q CONFIG_ASH=y $(@D)/.config; then \
+	if grep -q CONFIG_ASH=y $(BUSYBOX_DIR)/.config; then \
 		grep -qsE '^/bin/ash$$' $(TARGET_DIR)/etc/shells \
 		|| echo "/bin/ash" >> $(TARGET_DIR)/etc/shells; \
 	fi
-	if grep -q CONFIG_HUSH=y $(@D)/.config; then \
+	if grep -q CONFIG_HUSH=y $(BUSYBOX_DIR)/.config; then \
 		grep -qsE '^/bin/hush$$' $(TARGET_DIR)/etc/shells \
 		|| echo "/bin/hush" >> $(TARGET_DIR)/etc/shells; \
 	fi
@@ -347,6 +349,7 @@ define BUSYBOX_INSTALL_TARGET_CMDS
 	# Use the 'noclobber' install rule, to prevent BusyBox from overwriting
 	# any full-blown versions of apps installed by other packages.
 	$(BUSYBOX_MAKE_ENV) $(MAKE) $(BUSYBOX_MAKE_OPTS) -C $(@D) install-noclobber
+	$(BUSYBOX_INSTALL_INDIVIDUAL_BINARIES)
 	$(BUSYBOX_INSTALL_INITTAB)
 	$(BUSYBOX_INSTALL_UDHCPC_SCRIPT)
 	$(BUSYBOX_INSTALL_MDEV_CONF)
@@ -358,7 +361,6 @@ define BUSYBOX_INSTALL_INIT_SYSV
 	$(BUSYBOX_INSTALL_WATCHDOG_SCRIPT)
 	$(BUSYBOX_INSTALL_SYSCTL_SCRIPT)
 	$(BUSYBOX_INSTALL_TELNET_SCRIPT)
-	$(BUSYBOX_INSTALL_INDIVIDUAL_BINARIES)
 endef
 
 # Checks to give errors that the user can understand

package/cairo/0002-ft-Use-FT_Done_MM_Var-instead-of-free-when-available-in-cairo_ft_apply_variation.patch

@@ -0,0 +1,33 @@
+From 90e85c2493fdfa3551f202ff10282463f1e36645 Mon Sep 17 00:00:00 2001
+From: Carlos Garcia Campos <cgarcia@igalia.com>
+Date: Mon, 19 Nov 2018 12:33:07 +0100
+Subject: [PATCH] ft: Use FT_Done_MM_Var instead of free when available in
+ cairo_ft_apply_variations
+
+Fixes a crash when using freetype >= 2.9
+[Retrieved from:
+https://gitlab.freedesktop.org/cairo/cairo/-/commit/90e85c2493fdfa3551f202ff10282463f1e36645]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ src/cairo-ft-font.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c
+index 325dd61b4..981973f78 100644
+--- a/src/cairo-ft-font.c
++++ b/src/cairo-ft-font.c
+@@ -2393,7 +2393,11 @@ skip:
+ done:
+         free (coords);
+         free (current_coords);
++#if HAVE_FT_DONE_MM_VAR
++        FT_Done_MM_Var (face->glyph->library, ft_mm_var);
++#else
+         free (ft_mm_var);
++#endif
+     }
+ }
+ 
+-- 
+2.24.1
+

package/cairo/cairo.mk

@@ -11,6 +11,9 @@ CAIRO_LICENSE_FILES = COPYING COPYING-LGPL-2.1 COPYING-MPL-1.1
 CAIRO_SITE = http://cairographics.org/releases
 CAIRO_INSTALL_STAGING = YES
 
+# 0002-ft-Use-FT_Done_MM_Var-instead-of-free-when-available-in-cairo_ft_apply_variation.patch
+CAIRO_IGNORE_CVES += CVE-2018-19876
+
 # relocation truncated to fit: R_68K_GOT16O
 ifeq ($(BR2_m68k_cf),y)
 CAIRO_CONF_ENV += CFLAGS="$(TARGET_CFLAGS) -mxgot"

package/cc-tool/cc-tool.hash

@@ -1,3 +1,6 @@
 # From http://sourceforge.net/projects/cctool/files/
 sha1 f313e55f019ea5338438633f5b5e689b699343e1  cc-tool-0.26-src.tgz
 md5 26960676f3e6264e612c299fbf8ec5ea  cc-tool-0.26-src.tgz
+
+# Hash for license file
+sha256 231f7edcc7352d7734a96eef0b8030f77982678c516876fcb81e25b32d68564c  COPYING

package/civetweb/civetweb.mk

@@ -38,6 +38,12 @@ else
 CIVETWEB_COPT += -DNO_SSL
 endif
 
+ifeq ($(BR2_PACKAGE_ZLIB),y)
+CIVETWEB_CONF_OPTS += WITH_ZLIB=1
+CIVETWEB_LIBS += -lz
+CIVETWEB_DEPENDENCIES += zlib
+endif
+
 ifeq ($(BR2_PACKAGE_CIVETWEB_SERVER),y)
 CIVETWEB_BUILD_TARGETS += build
 CIVETWEB_INSTALL_TARGETS += install

package/clamav/clamav.hash

@@ -1,5 +1,5 @@
 # Locally calculated
-sha256 0dbda8d0d990d068732966f13049d112a26dce62145d234383467c1d877dedd6  clamav-0.102.1.tar.gz
+sha256 89fcdcc0eba329ca84d270df09d2bb89ae55f5024b0c3bddb817512fb2c907d3  clamav-0.102.2.tar.gz
 sha256 0c4fd2fa9733fc9122503797648710851e4ee6d9e4969dd33fcbd8c63cd2f584  COPYING
 sha256 d72a145c90918184a05ef65a04c9e6f7466faa59bc1b82c8f6a8ddc7ddcb9bed  COPYING.bzip2
 sha256 dfb818a0d41411c6fb1c193c68b73018ceadd1994bda41ad541cbff292894bc6  COPYING.file

package/clamav/clamav.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-CLAMAV_VERSION = 0.102.1
+CLAMAV_VERSION = 0.102.2
 CLAMAV_SITE = https://www.clamav.net/downloads/production
 CLAMAV_LICENSE = GPL-2.0
 CLAMAV_LICENSE_FILES = COPYING COPYING.bzip2 COPYING.file COPYING.getopt \

package/cmocka/0001-Don-t-redefine-uintptr_t.patch

@@ -0,0 +1,77 @@
+From 28ce16b29911e5adc60140b572dee177adc7a178 Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Mon, 18 Nov 2019 18:56:46 +0100
+Subject: [PATCH] Don't redefine uintptr_t
+
+Add a call to check_type_size in ConfigureChecks.cmake and use it in
+include/cmocka.h to avoid the following redefinition error on riscv64:
+
+In file included from /data/buildroot/buildroot-test/instance-0/output/build/cmocka-1.1.5/src/cmocka.c:62:
+/data/buildroot/buildroot-test/instance-0/output/build/cmocka-1.1.5/include/cmocka.h:132:28: error: conflicting types for 'uintptr_t'
+       typedef unsigned int uintptr_t;
+                            ^~~~~~~~~
+In file included from /data/buildroot/buildroot-test/instance-0/output/host/riscv64-buildroot-linux-musl/sysroot/usr/include/stdint.h:20,
+                 from /data/buildroot/buildroot-test/instance-0/output/host/riscv64-buildroot-linux-musl/sysroot/usr/include/inttypes.h:9,
+                 from /data/buildroot/buildroot-test/instance-0/output/build/cmocka-1.1.5/src/cmocka.c:27:
+/data/buildroot/buildroot-test/instance-0/output/host/riscv64-buildroot-linux-musl/sysroot/usr/include/bits/alltypes.h:104:24: note: previous declaration of 'uintptr_t' was here
+ typedef unsigned _Addr uintptr_t;
+                        ^~~~~~~~~
+
+Fixes:
+ - http://autobuild.buildroot.org/results/30922c18150ea62aefe123d1b7cd1444efab963f
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+[Retrieved from:
+https://gitlab.com/cmocka/cmocka/commit/28ce16b29911e5adc60140b572dee177adc7a178]
+---
+ ConfigureChecks.cmake | 3 +++
+ config.h.cmake        | 4 ++++
+ include/cmocka.h      | 2 +-
+ 3 files changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/ConfigureChecks.cmake b/ConfigureChecks.cmake
+index fe8da35..028774f 100644
+--- a/ConfigureChecks.cmake
++++ b/ConfigureChecks.cmake
+@@ -70,6 +70,9 @@ if (HAVE_TIME_H)
+     check_struct_has_member("struct timespec" tv_sec "time.h" HAVE_STRUCT_TIMESPEC)
+ endif (HAVE_TIME_H)
+ 
++# TYPES
++check_type_size(uintptr_t UINTPTR_T)
++
+ # FUNCTIONS
+ check_function_exists(calloc HAVE_CALLOC)
+ check_function_exists(exit HAVE_EXIT)
+diff --git a/config.h.cmake b/config.h.cmake
+index f8d79da..55fc69f 100644
+--- a/config.h.cmake
++++ b/config.h.cmake
+@@ -75,6 +75,10 @@
+ 
+ #cmakedefine HAVE_STRUCT_TIMESPEC 1
+ 
++/***************************** TYPES *****************************/
++
++#cmakedefine HAVE_UINTPTR_T 1
++
+ /*************************** FUNCTIONS ***************************/
+ 
+ /* Define to 1 if you have the `calloc' function. */
+diff --git a/include/cmocka.h b/include/cmocka.h
+index 3e923dd..0aa557e 100644
+--- a/include/cmocka.h
++++ b/include/cmocka.h
+@@ -120,7 +120,7 @@ typedef uintmax_t LargestIntegralType;
+     ((LargestIntegralType)(value))
+ 
+ /* Smallest integral type capable of holding a pointer. */
+-#if !defined(_UINTPTR_T) && !defined(_UINTPTR_T_DEFINED)
++#if !defined(_UINTPTR_T) && !defined(_UINTPTR_T_DEFINED) && !defined(HAVE_UINTPTR_T)
+ # if defined(_WIN32)
+     /* WIN32 is an ILP32 platform */
+     typedef unsigned int uintptr_t;
+-- 
+2.22.0
+

package/cog/0001-fdo-ensure-xkb_data.state-is-not-null-before-calling.patch

@@ -0,0 +1,30 @@
+From 9f1f1e64b65e6680d5cdedf5a3b753ef85fc01f4 Mon Sep 17 00:00:00 2001
+From: James Hilliard <james.hilliard1@gmail.com>
+Date: Tue, 18 Feb 2020 01:20:50 -0700
+Subject: [PATCH] fdo: ensure xkb_data.state is not null before calling
+ xkb_state_update_mask (#180)
+
+[james.hilliard1@gmail.com: backport from upstream commit
+9f1f1e64b65e6680d5cdedf5a3b753ef85fc01f4]
+Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
+---
+ platform/cog-platform-fdo.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/platform/cog-platform-fdo.c b/platform/cog-platform-fdo.c
+index 36177fc..e6f1cb5 100644
+--- a/platform/cog-platform-fdo.c
++++ b/platform/cog-platform-fdo.c
+@@ -894,6 +894,9 @@ keyboard_on_modifiers (void *data,
+                        uint32_t mods_locked,
+                        uint32_t group)
+ {
++    if (xkb_data.state == NULL)
++        return;
++
+     xkb_state_update_mask (xkb_data.state,
+                            mods_depressed,
+                            mods_latched,
+-- 
+2.20.1
+

package/cog/0002-fdo-ensure-xkb_data.state-is-not-null-before-calling.patch

@@ -0,0 +1,30 @@
+From 575ef199984ae4e8510ed36f8b1ae1babdff8ea9 Mon Sep 17 00:00:00 2001
+From: James Hilliard <james.hilliard1@gmail.com>
+Date: Thu, 26 Mar 2020 07:48:19 -0600
+Subject: [PATCH] fdo: ensure xkb_data.state is not null before calling
+ xkb_state_key_get_one_sym (#192)
+
+[james.hilliard1@gmail.com: backport from upstream commit
+575ef199984ae4e8510ed36f8b1ae1babdff8ea9]
+Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
+---
+ platform/cog-platform-fdo.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/platform/cog-platform-fdo.c b/platform/cog-platform-fdo.c
+index 043f91d..93ff255 100644
+--- a/platform/cog-platform-fdo.c
++++ b/platform/cog-platform-fdo.c
+@@ -919,6 +919,9 @@ capture_app_key_bindings (uint32_t keysym,
+ static void
+ handle_key_event (uint32_t key, uint32_t state, uint32_t time)
+ {
++    if (xkb_data.state == NULL)
++        return;
++
+     uint32_t keysym = xkb_state_key_get_one_sym (xkb_data.state, key);
+     uint32_t unicode = xkb_state_key_get_utf32 (xkb_data.state, key);
+ 
+-- 
+2.20.1
+

package/cog/0003-fdo-ensure-xkb_data.keymap-is-not-null-before-callin.patch

@@ -0,0 +1,30 @@
+From 817f6c9dafd5ad23722eae0a8f43ba9211f37c95 Mon Sep 17 00:00:00 2001
+From: James Hilliard <james.hilliard1@gmail.com>
+Date: Thu, 26 Mar 2020 07:49:05 -0600
+Subject: [PATCH] fdo: ensure xkb_data.keymap is not null before calling
+ xkb_keymap_key_repeats (#193)
+
+[james.hilliard1@gmail.com: backport from upstream commit
+817f6c9dafd5ad23722eae0a8f43ba9211f37c95]
+Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
+---
+ platform/cog-platform-fdo.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/platform/cog-platform-fdo.c b/platform/cog-platform-fdo.c
+index 93ff255..ecc05e9 100644
+--- a/platform/cog-platform-fdo.c
++++ b/platform/cog-platform-fdo.c
+@@ -990,7 +990,8 @@ keyboard_on_key (void *data,
+         memset (&wl_data.keyboard.repeat_data,
+                 0x00,
+                 sizeof (wl_data.keyboard.repeat_data));
+-    } else if (state == WL_KEYBOARD_KEY_STATE_PRESSED
++    } else if (xkb_data.keymap != NULL
++               && state == WL_KEYBOARD_KEY_STATE_PRESSED
+                && xkb_keymap_key_repeats (xkb_data.keymap, key)) {
+         if (wl_data.keyboard.repeat_data.event_source)
+             g_source_remove (wl_data.keyboard.repeat_data.event_source);
+-- 
+2.20.1
+

package/collectd/collectd.mk

@@ -223,8 +223,14 @@ endif
 define COLLECTD_INSTALL_TARGET_CMDS
 	$(TARGET_MAKE_ENV) $(MAKE) DESTDIR=$(TARGET_DIR) -C $(@D) install
 	rm -f $(TARGET_DIR)/usr/bin/collectd-nagios
+endef
+
+ifeq ($(BR2_PACKAGE_COLLECTD_POSTGRESQL),)
+define COLLECTD_REMOVE_UNNEEDED_POSTGRESQL_DEFAULT_CONF
 	rm -f $(TARGET_DIR)/usr/share/collectd/postgresql_default.conf
 endef
+COLLECTD_POST_INSTALL_TARGET_HOOKS += COLLECTD_REMOVE_UNNEEDED_POSTGRESQL_DEFAULT_CONF
+endif
 
 define COLLECTD_INSTALL_INIT_SYSTEMD
 	$(INSTALL) -D -m 644 package/collectd/collectd.service \

package/cpio/0001-fix-CVE-2016-2037.patch

@@ -1,51 +0,0 @@
-From: Pavel Raiskup
-Subject: [Bug-cpio] [PATCH] fix 1-byte out-of-bounds write
-Date: Tue, 26 Jan 2016 23:17:54 +0100
-
-Other calls to cpio_safer_name_suffix seem to be safe.
-
-* src/copyin.c (process_copy_in):  Make sure that file_hdr.c_name
-has at least two bytes allocated.
-* src/util.c (cpio_safer_name_suffix): Document that use of this
-function requires to be careful.
-
-Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
----
-Patch status: fetched/submitted
-URL: https://lists.gnu.org/archive/html/bug-cpio/2016-01/msg00005.html
-
- src/copyin.c | 2 ++
- src/util.c   | 5 ++++-
- 2 files changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/src/copyin.c b/src/copyin.c
-index cde911e..032d35f 100644
---- a/src/copyin.c
-+++ b/src/copyin.c
-@@ -1385,6 +1385,8 @@ process_copy_in ()
-          break;
-        }
-
-+      if (file_hdr.c_namesize <= 1)
-+        file_hdr.c_name = xrealloc(file_hdr.c_name, 2);
-       cpio_safer_name_suffix (file_hdr.c_name, false, !no_abs_paths_flag,
-                              false);
-
-diff --git a/src/util.c b/src/util.c
-index 6ff6032..2763ac1 100644
---- a/src/util.c
-+++ b/src/util.c
-@@ -1411,7 +1411,10 @@ set_file_times (int fd,
- }
- 
- /* Do we have to ignore absolute paths, and if so, does the filename
--   have an absolute path?  */
-+   have an absolute path?
-+   Before calling this function make sure that the allocated NAME buffer has
-+   capacity at least 2 bytes to allow us to store the "." string inside.  */
-+
- void
- cpio_safer_name_suffix (char *name, bool link_target, bool absolute_names,
-                        bool strip_leading_dots)
---
-2.5.0

package/cpio/cpio.hash

@@ -1,2 +1,7 @@
+# From https://lists.gnu.org/archive/html/info-gnu/2019-11/msg00002.html
+md5 f3438e672e3fa273a7dc26339dd1eed6  cpio-2.13.tar.bz2
+sha1 4dcefc0e1bc36b11506a354768d82b15e3fe6bb8  cpio-2.13.tar.bz2
 # Locally calculated after checking pgp signature
-sha256	08a35e92deb3c85d269a0059a27d4140a9667a6369459299d08c17f713a92e73	cpio-2.12.tar.gz
+sha256 eab5bdc5ae1df285c59f2a4f140a98fc33678a0bf61bdba67d9436ae26b46f6d  cpio-2.13.tar.bz2
+# Locally calculated
+sha256 fc82ca8b6fdb18d4e3e85cfd8ab58d1bcd3f1b29abe782895abd91d64763f8e7  COPYING

package/cpio/cpio.mk

@@ -4,7 +4,8 @@
 #
 ################################################################################
 
-CPIO_VERSION = 2.12
+CPIO_VERSION = 2.13
+CPIO_SOURCE = cpio-$(CPIO_VERSION).tar.bz2
 CPIO_SITE = $(BR2_GNU_MIRROR)/cpio
 CPIO_CONF_OPTS = --bindir=/bin
 CPIO_LICENSE = GPL-3.0+

package/cups/cups.hash

@@ -1,4 +1,4 @@
 # Locally calculated:
-sha256 acaf0229cf008ea8f06353ffd1bbd62d71dbe88990dd3330650ef87edb95a1a5  cups-2.3.0-source.tar.gz
+sha256 1bca9d89507e3f68cbc84482fe46ae8d5333af5bc2b9061347b2007182ac77ce  cups-2.3.1-source.tar.gz
 sha256 cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30  LICENSE
 sha256 a5d616e6322a9cb1a971e18765025edfca4f3cd9c0eafc32d6d2eb4b8c8787b5  NOTICE

package/cups/cups.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-CUPS_VERSION = 2.3.0
+CUPS_VERSION = 2.3.1
 CUPS_SOURCE = cups-$(CUPS_VERSION)-source.tar.gz
 CUPS_SITE = https://github.com/apple/cups/releases/download/v$(CUPS_VERSION)
 CUPS_LICENSE = Apache-2.0 with GPL-2.0/LGPL-2.0 exception
@@ -18,6 +18,7 @@ endef
 CUPS_PRE_CONFIGURE_HOOKS += CUPS_RUN_AUTOCONF
 
 CUPS_CONF_OPTS = \
+	--with-docdir=/usr/share/cups/doc-root \
 	--disable-gssapi \
 	--disable-pam \
 	--libdir=/usr/lib

package/czmq/czmq.hash

@@ -3,4 +3,4 @@ md5 7e09997db6ac3b25e8ed104053040722 czmq-4.2.0.tar.gz
 sha1 42165b3eede517708814e5a1b6972d8bde417f7a czmq-4.2.0.tar.gz
 # Locally calculated
 sha256 cfab29c2b3cc8a845749758a51e1dd5f5160c1ef57e2a41ea96e4c2dcc8feceb czmq-4.2.0.tar.gz
-sha256 1f256ecad192880510e84ad60474eab7589218784b9a50bc7ceee34c2b91f1d5 LICENCE
+sha256 1f256ecad192880510e84ad60474eab7589218784b9a50bc7ceee34c2b91f1d5 LICENSE

package/dante/dante.mk

@@ -12,7 +12,7 @@ DANTE_LICENSE_FILES = LICENSE
 # 0002-compiler.m4-do-not-remove-g-flag.patch touches a m4 file
 DANTE_AUTORECONF = YES
 
-DANTE_CONF_OPTS += --disable-client --disable-preload --without-pam
+DANTE_CONF_OPTS += --disable-client --disable-preload
 
 ifeq ($(BR2_PACKAGE_LINUX_PAM),y)
 DANTE_DEPENDENCIES += linux-pam

package/dialog/dialog.hash

@@ -1,4 +1,4 @@
 # Locally calculated after checking pgp signature
-sha256 886e12f2cf3df36cde65f32f6ae52bc598eb2599a611b1d8ce5dfdea599e47e2  dialog-1.3-20190808.tgz
+sha256 10f7c02ee5dea311e61b0d3e29eb6e18bcedd6fb6672411484c1a37729cbd7a6  dialog-1.3-20191210.tgz
 # Locally computed
 sha256 6095e9ffa777dd22839f7801aa845b31c9ed07f3d6bf8a26dc5d2dec8ccc0ef3  COPYING

package/dialog/dialog.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DIALOG_VERSION = 1.3-20190808
+DIALOG_VERSION = 1.3-20191210
 DIALOG_SOURCE = dialog-$(DIALOG_VERSION).tgz
 DIALOG_SITE = https://invisible-mirror.net/archives/dialog
 DIALOG_CONF_OPTS = --with-ncurses --with-curses-dir=$(STAGING_DIR)/usr \

package/dillo/0003-Fix-openssl-detection.patch

@@ -0,0 +1,29 @@
+From 96dde9dedf806256cdc6cbf5cacbd5c8d74e6288 Mon Sep 17 00:00:00 2001
+From: Jonathan Kimmitt <jrrk2@cam.ac.uk>
+Date: Thu, 9 Jan 2020 22:01:42 +0100
+Subject: [PATCH] Fix openssl detection
+
+SSL_library_init is now a define, use OPENSSL_init_ssl instead.
+
+Signed-off-by: Jonathan Kimmitt <jrrk2@cam.ac.uk>
+Signed-off-by: Peter Seiderer <ps.report@gmx.net>
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 66b5e9f..206fd53 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -276,7 +276,7 @@ if test "x$enable_ssl" = "xyes"; then
+ 
+   if test "x$ssl_ok" = "xyes"; then
+     old_libs="$LIBS"
+-    AC_CHECK_LIB(ssl, SSL_library_init, ssl_ok=yes, ssl_ok=no, -lcrypto)
++    AC_CHECK_LIB(ssl, OPENSSL_init_ssl, ssl_ok=yes, ssl_ok=no, -lcrypto)
+     LIBS="$old_libs"
+   fi
+ 
+-- 
+2.24.1
+

package/dillo/0004-Support-OpenSSL-1.1.0.patch

@@ -0,0 +1,33 @@
+From ff44d8b2d5211a502afdb3e612dae0e8133b5124 Mon Sep 17 00:00:00 2001
+From: Johannes Hofmann <Johannes.Hofmann@gmx.de>
+Date: Thu, 9 Jan 2020 22:07:15 +0100
+Subject: [PATCH] Support OpenSSL 1.1.0
+
+taken-from: pkgsrc (Ryo ONODERA)
+submitted-by: Jun Ebihara <jun@soum.co.jp>
+
+Upstream: https://hg.dillo.org/dillo/rev/b171b8610400
+Signed-off-by: Peter Seiderer <ps.report@gmx.net>
+---
+ dpi/https.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/dpi/https.c b/dpi/https.c
+index 766b3af..025cfc4 100644
+--- a/dpi/https.c
++++ b/dpi/https.c
+@@ -476,7 +476,11 @@ static int handle_certificate_problem(SSL * ssl_connection)
+       case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+          /*Either self signed and untrusted*/
+          /*Extract CN from certificate name information*/
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+          if ((cn = strstr(remote_cert->name, "/CN=")) == NULL) {
++#else
++         if ((cn = strstr(X509_get_subject_name(remote_cert), "/CN=")) == NULL) {
++#endif
+             strcpy(buf, "(no CN given)");
+          } else {
+             char *cn_end;
+-- 
+2.24.1
+

package/dnsmasq/0004-Fix-memory-leak-in-helper-c.patch

@@ -0,0 +1,49 @@
+From 69bc94779c2f035a9fffdb5327a54c3aeca73ed5 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Wed, 14 Aug 2019 20:44:50 +0100
+Subject: [PATCH] Fix memory leak in helper.c
+
+Thanks to Xu Mingjie <xumingjie1995@outlook.com> for spotting this.
+[Retrieved from:
+http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=69bc94779c2f035a9fffdb5327a54c3aeca73ed5]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ src/helper.c |   12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/src/helper.c b/src/helper.c
+index 33ba120..c392eec 100644
+--- a/src/helper.c
++++ b/src/helper.c
+@@ -80,7 +80,8 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
+   pid_t pid;
+   int i, pipefd[2];
+   struct sigaction sigact;
+-
++  unsigned char *alloc_buff = NULL;
++  
+   /* create the pipe through which the main program sends us commands,
+      then fork our process. */
+   if (pipe(pipefd) == -1 || !fix_fd(pipefd[1]) || (pid = fork()) == -1)
+@@ -186,11 +187,16 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
+       struct script_data data;
+       char *p, *action_str, *hostname = NULL, *domain = NULL;
+       unsigned char *buf = (unsigned char *)daemon->namebuff;
+-      unsigned char *end, *extradata, *alloc_buff = NULL;
++      unsigned char *end, *extradata;
+       int is6, err = 0;
+       int pipeout[2];
+ 
+-      free(alloc_buff);
++      /* Free rarely-allocated memory from previous iteration. */
++      if (alloc_buff)
++	{
++	  free(alloc_buff);
++	  alloc_buff = NULL;
++	}
+       
+       /* we read zero bytes when pipe closed: this is our signal to exit */ 
+       if (!read_write(pipefd[0], (unsigned char *)&data, sizeof(data), 1))
+-- 
+1.7.10.4
+

package/dnsmasq/dnsmasq.mk

@@ -15,6 +15,9 @@ DNSMASQ_DEPENDENCIES = host-pkgconf $(TARGET_NLS_DEPENDENCIES)
 DNSMASQ_LICENSE = GPL-2.0 or GPL-3.0
 DNSMASQ_LICENSE_FILES = COPYING COPYING-v3
 
+# 0004-Fix-memory-leak-in-helper-c.patch
+DNSMASQ_IGNORE_CVES += CVE-2019-14834
+
 DNSMASQ_I18N = $(if $(BR2_SYSTEM_ENABLE_NLS),-i18n)
 
 ifneq ($(BR2_PACKAGE_DNSMASQ_DHCP),y)

package/docker-cli/docker-cli.hash

@@ -1,3 +1,3 @@
 # Locally calculated
-sha256  cef3f9e8615cde906619f7ab021655a8b974d1b497ce0e5787b1afccbeabb08d  docker-cli-18.09.9.tar.gz
+sha256	00d06baf4793794c0fd9ecad5b7e95aed6eb942f24c8b6e2d7c7f7564b9743ad  docker-cli-19.03.5.tar.gz
 sha256	2d81ea060825006fc8f3fe28aa5dc0ffeb80faf325b612c955229157b8c10dc0  LICENSE

package/docker-cli/docker-cli.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DOCKER_CLI_VERSION = 18.09.9
+DOCKER_CLI_VERSION = 19.03.5
 DOCKER_CLI_SITE = $(call github,docker,cli,v$(DOCKER_CLI_VERSION))
 DOCKER_CLI_WORKSPACE = gopath
 

package/docker-containerd/docker-containerd.hash

@@ -1,3 +1,3 @@
 # Computed locally
-sha256	f2d578b743fb9faa5b3477b7cf4b33d00501087043a53b27754f14bbe741f891  docker-containerd-1.2.6.tar.gz
-sha256  4bbe3b885e8cd1907ab4cf9a41e862e74e24b5422297a4f2fe524e6a30ada2b4	LICENSE
+sha256 318886ea1efdec36f088fd6a0a0fe2b2f0ebdfd0066bdb4bd284bad12abc0a41  docker-containerd-1.2.12.tar.gz
+sha256 4bbe3b885e8cd1907ab4cf9a41e862e74e24b5422297a4f2fe524e6a30ada2b4  LICENSE

package/docker-containerd/docker-containerd.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DOCKER_CONTAINERD_VERSION = 1.2.6
+DOCKER_CONTAINERD_VERSION = 1.2.12
 DOCKER_CONTAINERD_SITE = $(call github,containerd,containerd,v$(DOCKER_CONTAINERD_VERSION))
 DOCKER_CONTAINERD_LICENSE = Apache-2.0
 DOCKER_CONTAINERD_LICENSE_FILES = LICENSE

package/docker-engine/0001-Fix-faulty-runc-version-commit-scrape.patch

@@ -1,45 +0,0 @@
-From 324e7be4b252c13002bca6a9d82e7b2e43664634 Mon Sep 17 00:00:00 2001
-From: Christian Stewart <christian@paral.in>
-Date: Mon, 26 Nov 2018 22:59:32 -0800
-Subject: [PATCH] Fix faulty runc version commit scrape
-
-This commit replaces faulty logic to determine the runc version commit hash.
-
-The original logic takes the second line of the output of "runc --version" and
-does not work if there are a different number of lines printed from the command
-than expected. The buildroot version of runc outputs two lines instead of the
-expected three, causing the error:
-
-unknown output format: runc version commit: ...
-
-This patch replaces this logic with a simple scan of the "runc --version"
-output, searching for the "runc version commit" prefixed line.
-
-Signed-off-by: Christian Stewart <christian@paral.in>
----
- daemon/info_unix.go | 9 +++++----
- 1 file changed, 5 insertions(+), 4 deletions(-)
-
-diff --git a/daemon/info_unix.go b/daemon/info_unix.go
-index 60b2f99870..688a510796 100644
---- a/daemon/info_unix.go
-+++ b/daemon/info_unix.go
-@@ -32,10 +32,11 @@ func (daemon *Daemon) fillPlatformInfo(v *types.Info, sysInfo *sysinfo.SysInfo)
- 	defaultRuntimeBinary := daemon.configStore.GetRuntime(v.DefaultRuntime).Path
- 	if rv, err := exec.Command(defaultRuntimeBinary, "--version").Output(); err == nil {
- 		parts := strings.Split(strings.TrimSpace(string(rv)), "\n")
--		if len(parts) == 3 {
--			parts = strings.Split(parts[1], ": ")
--			if len(parts) == 2 {
--				v.RuncCommit.ID = strings.TrimSpace(parts[1])
-+		for _, pt := range parts {
-+			ptKv := strings.Split(pt, ":")
-+			if strings.HasSuffix(strings.TrimSpace(ptKv[0]), "commit") {
-+				v.RuncCommit.ID = strings.TrimSpace(ptKv[1])
-+				break
- 			}
- 		}
- 
--- 
-2.18.1
-

package/docker-engine/docker-engine.hash

@@ -1,3 +1,3 @@
 # Locally calculated
-sha256	fa3a9e998627418d648495d06d168c4d26ed07859c9370d5fddbfd29c26d8592  docker-engine-18.09.9.tar.gz
-sha256	2d81ea060825006fc8f3fe28aa5dc0ffeb80faf325b612c955229157b8c10dc0  LICENSE
+sha256	bc5d1ac503e44593be8003ed0ad9c75bf0da535db19837a9338429c438bd4637  docker-engine-19.03.5.tar.gz
+sha256	7c87873291f289713ac5df48b1f2010eb6963752bbd6b530416ab99fc37914a8  LICENSE

package/docker-engine/docker-engine.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DOCKER_ENGINE_VERSION = 18.09.9
+DOCKER_ENGINE_VERSION = 19.03.5
 DOCKER_ENGINE_SITE = $(call github,docker,engine,v$(DOCKER_ENGINE_VERSION))
 
 DOCKER_ENGINE_LICENSE = Apache-2.0

package/dovecot-pigeonhole/dovecot-pigeonhole.hash

@@ -1,3 +1,3 @@
 # Locally computed after checking signature
-sha256 d59d0c5c5225a126e5b98bf95d75e8dd368bdeeb3da2e9766dbe4fddaa9411b0  dovecot-2.3-pigeonhole-0.5.7.2.tar.gz
+sha256 36da68aae5157b83e21383f711b8977e5b6f5477f369f71e7e22e76a738bbd05  dovecot-2.3-pigeonhole-0.5.9.tar.gz
 sha256 fc9e9522216f2a9a28b31300e3c73c1df56acc27dfae951bf516e7995366b51a  COPYING

package/dovecot-pigeonhole/dovecot-pigeonhole.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DOVECOT_PIGEONHOLE_VERSION = 0.5.7.2
+DOVECOT_PIGEONHOLE_VERSION = 0.5.9
 DOVECOT_PIGEONHOLE_SOURCE = dovecot-2.3-pigeonhole-$(DOVECOT_PIGEONHOLE_VERSION).tar.gz
 DOVECOT_PIGEONHOLE_SITE = https://pigeonhole.dovecot.org/releases/2.3
 DOVECOT_PIGEONHOLE_LICENSE = LGPL-2.1

package/dovecot/0002-lib-ssl-iostream-Do-not-build-static-test-iostream-s.patch

@@ -0,0 +1,30 @@
+From 40851dc3471809cabe8cc3f9b71980f8d82344ae Mon Sep 17 00:00:00 2001
+From: Bernd Kuhls <bernd.kuhls@t-online.de>
+Date: Sat, 4 Jan 2020 14:39:39 +0100
+Subject: [PATCH] lib-ssl-iostream: Do not build static test-iostream-ssl
+
+Fixes broken static build:
+https://dovecot.org/pipermail/dovecot/2019-October/117326.html
+
+Patch sent upstream: https://github.com/dovecot/core/pull/111
+
+Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
+---
+ src/lib-ssl-iostream/Makefile.am | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/src/lib-ssl-iostream/Makefile.am b/src/lib-ssl-iostream/Makefile.am
+index 94ead5cec..5aaea5d51 100644
+--- a/src/lib-ssl-iostream/Makefile.am
++++ b/src/lib-ssl-iostream/Makefile.am
+@@ -46,7 +46,6 @@ test_libs = \
+ 	../lib/liblib.la
+ 
+ test_iostream_ssl_SOURCES = test-iostream-ssl.c
+-test_iostream_ssl_LDFLAGS = -static
+ test_iostream_ssl_LDADD = $(test_libs) $(SSL_LIBS) $(DLLIB)
+ test_iostream_ssl_DEPENDENCIES = $(test_libs)
+ 
+-- 
+2.20.1
+

package/dovecot/dovecot.hash

@@ -1,5 +1,5 @@
 # Locally computed after checking signature
-sha256 666ce084760a47e601d49a9be3c7993c48789d332631e8dfb45f443b367b1260  dovecot-2.3.7.2.tar.gz
+sha256 f89fb69423fc5bdc05955c8fc0607eab9e33511f9a643b721763db6156c49651  dovecot-2.3.9.3.tar.gz
 sha256 a363b132e494f662d98c820d1481297e6ae72f194c2c91b6c39e1518b86240a8  COPYING
 sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551  COPYING.LGPL
 sha256 52b8c95fabb19575281874b661ef7968ea47e8f5d74ba0dd40ce512e52b3fc97  COPYING.MIT

package/dovecot/dovecot.mk

@@ -5,7 +5,7 @@
 ################################################################################
 
 DOVECOT_VERSION_MAJOR = 2.3
-DOVECOT_VERSION = $(DOVECOT_VERSION_MAJOR).7.2
+DOVECOT_VERSION = $(DOVECOT_VERSION_MAJOR).9.3
 DOVECOT_SITE = https://dovecot.org/releases/$(DOVECOT_VERSION_MAJOR)
 DOVECOT_INSTALL_STAGING = YES
 DOVECOT_LICENSE = LGPL-2.1, MIT, Public Domain, BSD-3-Clause, Unicode-DFS-2015
@@ -14,6 +14,10 @@ DOVECOT_DEPENDENCIES = \
 	host-pkgconf \
 	$(if $(BR2_PACKAGE_LIBICONV),libiconv) \
 	openssl
+# 0002-lib-ssl-iostream-Do-not-build-static-test-iostream-s.patch
+DOVECOT_AUTORECONF = YES
+# add host-gettext for AM_ICONV macro
+DOVECOT_DEPENDENCIES += host-gettext
 
 DOVECOT_CONF_ENV = \
 	RPCGEN=__disable_RPCGEN_rquota \

package/e2fsprogs/e2fsprogs.hash

@@ -1,6 +1,6 @@
-# https://mirrors.edge.kernel.org/pub/linux/kernel/people/tytso/e2fsprogs/v1.45.4/sha256sums.asc
-sha256 65faf6b590ca1da97440d6446bd11de9e0914b42553740ba5d9d2a796fa0dc02  e2fsprogs-1.45.4.tar.xz
+# https://mirrors.edge.kernel.org/pub/linux/kernel/people/tytso/e2fsprogs/v1.45.5/sha256sums.asc
+sha256  f9faccc0d90f73556e797dc7cc5979b582bd50d3f8609c0f2ad48c736d44aede  e2fsprogs-1.45.5.tar.xz
 # Locally calculated
-sha256 5da5ef153e559c1d990d4c3eedbedd4442db892d37eae1f35fff069de8ec9020  NOTICE
-sha256 032989b508f1a72ebee5b3417e55d06d473f9ee203e45ab11864a7e49cdec63d  lib/ss/mit-sipb-copyright.h
-sha256 47182fe6631a32f271a15bbe210751b3825b7199f588879aac7d4804fc8b4b8f  lib/et/internal.h
+sha256  5da5ef153e559c1d990d4c3eedbedd4442db892d37eae1f35fff069de8ec9020  NOTICE
+sha256  032989b508f1a72ebee5b3417e55d06d473f9ee203e45ab11864a7e49cdec63d  lib/ss/mit-sipb-copyright.h
+sha256  47182fe6631a32f271a15bbe210751b3825b7199f588879aac7d4804fc8b4b8f  lib/et/internal.h

package/e2fsprogs/e2fsprogs.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-E2FSPROGS_VERSION = 1.45.4
+E2FSPROGS_VERSION = 1.45.5
 E2FSPROGS_SOURCE = e2fsprogs-$(E2FSPROGS_VERSION).tar.xz
 E2FSPROGS_SITE = $(BR2_KERNEL_MIRROR)/linux/kernel/people/tytso/e2fsprogs/v$(E2FSPROGS_VERSION)
 E2FSPROGS_LICENSE = GPL-2.0, MIT-like with advertising clause (libss and libet)

package/easy-rsa/Config.in

@@ -1,7 +1,8 @@
 config BR2_PACKAGE_EASY_RSA
 	bool "easy-rsa"
 	select BR2_PACKAGE_OPENSSL # runtime
-	select BR2_PACKAGE_OPENSSL_BIN
+	select BR2_PACKAGE_LIBOPENSSL_BIN if BR2_PACKAGE_LIBOPENSSL
+	select BR2_PACKAGE_LIBRESSL_BIN if BR2_PACKAGE_LIBRESSL
 	help
 	  Simple shell based CA utility
 

package/ebtables/ebtables.mk

@@ -19,19 +19,15 @@ endef
 
 ifeq ($(BR2_STATIC_LIBS),y)
 define EBTABLES_INSTALL_TARGET_CMDS
-	$(INSTALL) -m 0755 -D $(@D)/$(EBTABLES_SUBDIR)/static \
-		$(TARGET_DIR)/sbin/ebtables
+	$(INSTALL) -m 0755 -D $(@D)/static $(TARGET_DIR)/sbin/ebtables
 endef
 else
 define EBTABLES_INSTALL_TARGET_CMDS
-	for so in $(@D)/$(EBTABLES_SUBDIR)/*.so \
-		$(@D)/$(EBTABLES_SUBDIR)/extensions/*.so; \
-		do \
+	for so in $(@D)/*.so $(@D)/extensions/*.so; do \
 		$(INSTALL) -m 0755 -D $${so} \
 			$(TARGET_DIR)/lib/ebtables/`basename $${so}` || exit 1; \
 	done
-	$(INSTALL) -m 0755 -D $(@D)/$(EBTABLES_SUBDIR)/ebtables \
-		$(TARGET_DIR)/sbin/ebtables
+	$(INSTALL) -m 0755 -D $(@D)/ebtables $(TARGET_DIR)/sbin/ebtables
 	$(INSTALL) -m 0644 -D $(@D)/ethertypes $(TARGET_DIR)/etc/ethertypes
 endef
 endif

package/ecryptfs-utils/0003-fix-parallel-build-issue.patch

@@ -0,0 +1,61 @@
+fix parallel build issue
+
+Build randomly fails since December 2017 on buildroot
+(http://autobuild.buildroot.org/?reason=ecryptfs-utils-111):
+
+make[5]: Entering directory '/home/buildroot/autobuild/instance-2/output-1/build/ecryptfs-utils-111/src/utils'
+  /bin/mkdir -p '/home/buildroot/autobuild/instance-2/output-1/target/sbin'
+  /bin/bash ../../libtool   --mode=install /usr/bin/install -c mount.ecryptfs umount.ecryptfs mount.ecryptfs_private '/home/buildroot/autobuild/instance-2/output-1/target/sbin'
+libtool: install: /usr/bin/install -c mount.ecryptfs /home/buildroot/autobuild/instance-2/output-1/target/sbin/mount.ecryptfs
+/usr/bin/install: cannot create regular file '/home/buildroot/autobuild/instance-2/output-1/target/sbin/mount.ecryptfs': File exists
+Makefile:832: recipe for target 'install-rootsbinPROGRAMS' failed
+make[5]: *** [install-rootsbinPROGRAMS] Error 1
+
+As spotted by Thomas Petazzoni, build failure happens because of the
+following line in src/utils/Makefile.am:
+
+install-exec-hook:      install-rootsbinPROGRAMS
+        -rm -f "$(DESTDIR)/$(rootsbindir)/umount.ecryptfs_private"
+        $(LN_S) "mount.ecryptfs_private" "$(DESTDIR)/$(rootsbindir)/umount.ecryptfs_private"
+
+The install-exec-hook target should not have a dependency on
+install-rootsbinPROGRAMS.
+
+From https://www.gnu.org/software/automake/manual/html_node/Extending.html#Extending:
+
+"""
+In contrast, some rules also have a way to run another rule, called a
+hook; hooks are always executed after the main rule’s work is done. The
+hook is named after the principal target, with ‘-hook’ appended. The
+targets allowing hooks are install-data, install-exec, uninstall, dist,
+and distcheck.
+
+For instance, here is how to create a hard link to an installed program:
+
+install-exec-hook:
+        ln $(DESTDIR)$(bindir)/program$(EXEEXT) \
+           $(DESTDIR)$(bindir)/proglink$(EXEEXT)
+
+"""
+
+So, they explicitly say that these hooks are run after the main rule
+work is done, which means the dependency on install-rootsbinPROGRAMS is
+not needed. And the example they use to illustrate is *exactly* the
+situation of ecryptfs-utils: creating a link to a program that was
+installed.
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Upstream status: https://bugs.launchpad.net/ecryptfs/+bug/1857622]
+
+diff -Nuar ecryptfs-utils-111-orig/src/utils/Makefile.in ecryptfs-utils-111/src/utils/Makefile.in
+--- ecryptfs-utils-111-orig/src/utils/Makefile.in	2019-12-26 15:14:16.656146065 +0100
++++ ecryptfs-utils-111/src/utils/Makefile.in	2019-12-26 17:36:07.108496164 +0100
+@@ -1522,7 +1522,7 @@
+ .PRECIOUS: Makefile
+ 
+ 
+-install-exec-hook:	install-rootsbinPROGRAMS
++install-exec-hook:
+ 	-rm -f "$(DESTDIR)/$(rootsbindir)/umount.ecryptfs_private"
+ 	$(LN_S) "mount.ecryptfs_private" "$(DESTDIR)/$(rootsbindir)/umount.ecryptfs_private"
+ 

package/ecryptfs-utils/Config.in

@@ -28,7 +28,7 @@ config BR2_PACKAGE_ECRYPTFS_UTILS
 
 	  http://ecryptfs.org
 
-comment "ecryptfs-utils needs a toolchain w/ threads, wchar, dynami library"
+comment "ecryptfs-utils needs a toolchain w/ threads, wchar, dynamic library"
 	depends on BR2_PACKAGE_LIBNSPR_ARCH_SUPPORT
 	depends on BR2_USE_MMU
 	depends on !BR2_TOOLCHAIN_HAS_THREADS || !BR2_USE_WCHAR || \

package/efl/Config.in

@@ -166,7 +166,6 @@ config BR2_PACKAGE_EFL_X_XLIB
 	select BR2_PACKAGE_XLIB_LIBXCURSOR
 	select BR2_PACKAGE_XLIB_LIBXDAMAGE
 	select BR2_PACKAGE_XLIB_LIBXINERAMA
-	select BR2_PACKAGE_XLIB_LIBXP
 	select BR2_PACKAGE_XLIB_LIBXRANDR
 	select BR2_PACKAGE_XLIB_LIBXRENDER
 	select BR2_PACKAGE_XLIB_LIBXSCRNSAVER

package/elf2flt/0002-elf2flt-fix-relocations-for-read-only-data.patch

@@ -1,58 +0,0 @@
-From 6006e8d789f7a1129414fb3a8c930b094af0cafa Mon Sep 17 00:00:00 2001
-From: Greg Ungerer <gerg@kernel.org>
-Date: Wed, 6 Nov 2019 21:19:24 +0100
-Subject: [PATCH] elf2flt: fix relocations for read-only data
-
-Readonly data sections are mapped into the "text" section in the
-elf2flt.ld linker script. The relocation generation code is not handling
-that case properly though, and is actually mapping any data section type
-into the "data" section of the target binary.
-
-This problem case has been detected with elf2flt core dumping when used
-with binutils-2.33.1 (on ARM architecture targets). See thread at:
-
-   https://sourceware.org/ml/binutils/2019-10/msg00132.html
-
-Tested by Christophe Priouzeau [1]
-
-* binutils 2.33.1
-* buildroot 2019.11-rc1
-* patch on top of elf2flt (patch available on this thread)
-* configuration: stm32f469-disco with initramfs configuration on buildroot
-
-Result:
-Build: OK, all the binaries are generated
-Runtime test on stm32f469-disco: OK
-
-[1] https://github.com/uclinux-dev/elf2flt/issues/12
-
-Signed-off-by: Greg Ungerer <gerg@kernel.org>
-Signed-off-by: Romain Naour <romain.naour@smile.fr>
-Cc: Christophe Priouzeau <christophe.priouzeau@st.com>
----
- elf2flt.c | 8 +++++---
- 1 file changed, 5 insertions(+), 3 deletions(-)
-
-diff --git a/elf2flt.c b/elf2flt.c
-index 67f720a..8973cef 100644
---- a/elf2flt.c
-+++ b/elf2flt.c
-@@ -418,10 +418,12 @@ output_relocs (
- //		continue;
- 
- 	/*
--	 *	Only relocate things in the data sections if we are PIC/GOT.
--	 *	otherwise do text as well
-+	 * Only relocate things in the writable data sections if we are PIC/GOT.
-+	 * Otherwise do text (and read only data) as well.
- 	 */
--	if ((!pic_with_got || ALWAYS_RELOC_TEXT) && (a->flags & SEC_CODE))
-+	if ((!pic_with_got || ALWAYS_RELOC_TEXT) &&
-+	    ((a->flags & SEC_CODE) ||
-+	    ((a->flags & (SEC_DATA | SEC_READONLY)) == (SEC_DATA | SEC_READONLY))))
- 		sectionp = text + (a->vma - text_vma);
- 	else if (a->flags & SEC_DATA)
- 		sectionp = data + (a->vma - data_vma);
--- 
-2.21.0
-

package/eudev/0001-src-libudev-libudev-monitor.c-do-not-check-if-dev-is.patch

@@ -0,0 +1,33 @@
+From 799591c57368bbe47667f5b696050247a766b117 Mon Sep 17 00:00:00 2001
+From: "Anthony G. Basile" <blueness@gentoo.org>
+Date: Mon, 6 Jan 2020 11:14:47 -0500
+Subject: [PATCH] src/libudev/libudev-monitor.c: do not check if /dev is tmpfs
+
+This check fails for buildroot systems where /dev is not mounted
+as a tmpfs filesystem.  Dropping this check should be safe even
+on regular systems.
+
+This solves issue #172.
+
+Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
+Signed-off-by: Joel Stanley <joel@jms.id.au>
+---
+ src/libudev/libudev-monitor.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/libudev/libudev-monitor.c b/src/libudev/libudev-monitor.c
+index 614149c6243c..060ba733f33b 100644
+--- a/src/libudev/libudev-monitor.c
++++ b/src/libudev/libudev-monitor.c
+@@ -186,7 +186,7 @@ struct udev_monitor *udev_monitor_new_from_netlink_fd(struct udev *udev, const c
+                  * We do not set a netlink multicast group here, so the socket
+                  * will not receive any messages.
+                  */
+-                if (access(UDEV_ROOT_RUN "/udev/control", F_OK) < 0 || !udev_has_devtmpfs(udev)) {
++                if (access(UDEV_ROOT_RUN "/udev/control", F_OK) < 0) {
+                         log_debug("the udev service seems not to be active, disable the monitor");
+                         group = UDEV_MONITOR_NONE;
+                 } else
+-- 
+2.25.0
+

package/exim/exim.service

@@ -3,7 +3,7 @@ Description=Exim MTA
 After=syslog.target network.target
 
 [Service]
-ExecStart=/usr/bin/exim -bdf
+ExecStart=/usr/sbin/exim -bdf
 Restart=always
 
 [Install]