Update for 2020.08.3

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

CHANGES

@@ -1,3 +1,126 @@
+2020.08.3, released December 27th, 2020
+
+	Important / security related fixes.
+
+	Infrastructure:
+	- cmake: fix host ccache handling for CMake 3.19
+	- meson: Forcibly disable binary stripping for
+	  target builds, enable for host builds
+	- golang: Fix HOST / TARGET directories for per-package builds
+
+	Defconfigs: Beaglebone Qt5: Fix ti-sgx related issues
+
+	Updated/fixed packages: apitrace, arm-trusted-firmware,
+	bustle, c-ares, ca-certificates, cage, cdrkit, cryptopp,
+	dhcpcd, docker-containerd, dtv-scan-tables, flare-engine,
+	ghostscript, gvfs, haproxy, imagemagick, imx-gpu-viv, jasper,
+	jemalloc, jpeg-turbo, libcamera, libcap, libcurl, libglib2,
+	libgpiod, libkrb5, libopenssl, libplist, libressl, libuv,
+	libuvw, lynx, mariadb, mbedtls, minidlna, mongodb, monkey,
+	musl, mutt, ncurses, netsnmp, netsurf, nodejs, opencv3,
+	openldap, openrc, opkg-utils, paho-mqtt-c, php, privoxy,
+	proftpd, python-crc16, python-flask-cors, python-lxml,
+	python-pip, python-pyparsing, python-pyqt5, qemu, qt5base,
+	raptor, rauc, ruby, setserial, shadowsocks-libev, slirp,
+	sqlcipher, thermald, ti-sgx-demos, tinycbor, unbound, vsftpd,
+	wireless-regdb, wireshark, wlroots, x11vnc, xen, xinetd,
+	xserver_xorg-server
+
+	Issues resolved (http://bugs.uclibc.org):
+
+	#13276: libcap builds libcap.pc incorrectly
+	#13316: beaglebone_qt5_defconfig: PowerVR fails to start
+	#13336: thermald-1.9.1 compilation failure with musl 1.2.1
+	#13341: Mistake in /etc/init.d/S70vsftpd
+	#13416: dhcpcd start warning message: no such user dhcpcd
+
+2020.08.2, released November 16th, 2020
+
+	Important / security related fixes.
+
+	Toolchain-wrapper: Pass -fno-tree-loop-distribute-patterns to
+	fix kernel build on microblaze with gcc 10.x when
+	optimizations are enabled.
+
+	Updated/fixed packages: apparmor, argp-standalone, asterisk,
+	bandwidthd, binutils, bitcoin, busybox, collectd, cryptsetup,
+	cups-filters, darkhttpd, davfs2, dvb-apps, docker-cli,
+	docker-containerd, docker-engine, dovecot-pigeonhole, elf2flt,
+	fastd, fbset, fbtft, freetype, gcc, ghostscript, grpc,
+	gst1-plugins-bad, jsoncpp, kernel-module-imx-gpu-viv,
+	keepalived, kmscube, libass, libexif, libiqrf,
+	libnetfilter_conntrack, libpam-tacplus, libraw,
+	linux-backports, linux-firmware, lzlib, mp4v2, netsnmp, nginx,
+	numactl, oniguruma, opencv3, openntpd, patchelf, php,
+	pistache, postgresql, python-pyqt5, qemu, qt5base, rauc,
+	redis, samba4, slirp, systemd, tcpdump, tinyproxy, tmux, tor,
+	waf, webkitgtk, wine, wireguard-linux-compat, wireshark,
+	wpewebkit, xen, xorriso, xvisor, zeromq, zxing-cpp
+
+	Issues resolved (http://bugs.uclibc.org):
+
+	#11931: Bugs in support/scripts/apply-patches.sh
+
+2020.08.1, released October 12th, 2020
+
+	Important / security related fixes.
+
+	Fixes for various compilation issues with GCC 10.x.
+
+	meson: Correct SDK cross-compilation.conf file when
+	per-package builds were used to build SDK.
+
+	systemd: Use /run rather than /var/run for PID files in units.
+
+	Toolchain: use Secure-PLT rather than BSS-PLT for PowerPC 32.
+
+	Fakeroot scripts (BR2_ROOTFS_POST_FAKEROOT_SCRIPT) are now run
+	after all finalization hooks (including pre-rootfs) to ensure
+	they can override any late configuration done by packages.
+
+	support/script/pycompile: Rework logic to ensure .pyc files
+	contain absolute target paths, fixing code inspection at
+	runtime when executed with cwd != '/'.
+
+	support/scripts/setlocalversion: Correct Mercurial output to
+	match behaviour with Git.
+
+	support/scripts/apply-patches.sh: Use patch
+	--no-backup-if-mismatch, so we no longer blindly have to
+	remove *.orig files after patching, fixing issues with
+	packages containing such files.
+
+	fs/jffs2: Now correcly handle xattrs
+
+	Updated/fixed packages: acpica, afboot-stm32, alsa-utils,
+	apparmor, bandwidthd, barebox, bash, bison, brotli,
+	cifs-utils, cups, dhcpcd, dhcpdump, docker-cli, docker-engine,
+	ecryptfs-utils, efl, fail2ban, fbterm, ffmpeg, fontconfig,
+	freetype, gcc, gdb, ghostscript, gnupg2, gnutls, go, gqview,
+	gst1-plugins-base, gst1-plugins-ugly, ipmitool, jbig2dec,
+	kexec, lcdproc, libcamera, libhtp, libnetconf2, libraw,
+	libssh, libxml2, libxml-parser-perl, libzip, linux-headers,
+	live555, localedef, ltp-testsuite, lua, matchbox, memcached,
+	memtester, mesa3d, meson, minidlna, mongodb, mongrel2, motion,
+	mraa, mtd, musepack, neardal, netatalk, netperf, netsniff-ng,
+	nginx, nodejs, nss-pam-ldapd, open-plc-utils, openswan,
+	opentyrian, openvmtools, php, postgresql, python,
+	python-aenum, python-cycler, python-engineio, python-fire,
+	python-pymodbus, python-scapy, python-semver,
+	python-sentry-sdk, python-socketio, python-texttable,
+	python-tinyrpc, python-txtorcon, python3, qt5base, quagga,
+	read-edid, redis, rsh-redone, runc, samba4, socketcand,
+	strace, supertux, suricata, systemd, ti-utils, trinity,
+	uclibc, usb_modeswitch, vlc, vsftpd, wampcc,
+	wayland-protocols, wireguard-linux-compat, wireshark, wlroots,
+	wolfssl, w_scan, xerces, xfsprogs, xdriver-xf86-video-ati,
+	xserver_xorg-server, ympd, zeromq, zlib-ng, zstd
+
+	Issues resolved (http://bugs.uclibc.org):
+
+	#12911: usb_modeswitch installation race condition
+	#13236: Can't compile linux 5.4.8 (with gcc 10 on host)
+
 2020.08, released September 1st, 2020
 
 	Various fixes.

DEVELOPERS

@@ -236,8 +236,9 @@ F:	package/pkg-golang.mk
 N:	Anthony Viallard <viallard@syscom-instruments.com>
 F:	package/gnuplot/
 
-N:	Antoine Ténart <antoine.tenart@bootlin.com>
-F:	package/wf111/
+N:	Antoine Tenart <atenart@kernel.org>
+F:	package/libselinux/
+F:	package/refpolicy/
 
 N:	Antony Pavlov <antonynpavlov@gmail.com>
 F:	package/lsscsi/
@@ -698,7 +699,7 @@ N:	Dominik Faessler <faessler@was.ch>
 F:	package/logsurfer/
 F:	package/python-id3/
 
-N:	Doug Kehn <rdkehn@yahoo.com>
+N:	Doug Kehn <rdkehn@gmail.com>
 F:	package/nss-pam-ldapd/
 F:	package/sp-oops-extract/
 F:	package/unscd/
@@ -1431,7 +1432,7 @@ F:	board/technologic/ts7680/
 F:	configs/ts7680_defconfig
 F:	package/paho-mqtt-c
 
-N:	Julien Olivain <juju@cotds.org>
+N:	Julien Olivain <ju.o@free.fr>
 F:	board/qmtech/zynq/
 F:	board/technexion/imx8mmpico/
 F:	board/technexion/imx8mpico/
@@ -1575,9 +1576,6 @@ F:	package/mpv/
 F:	package/rpi-firmware/
 F:	package/rpi-userland/
 
-N:	Mamatha Inamdar <mamatha4@linux.vnet.ibm.com>
-F:	package/nvme/
-
 N:	Manuel Vögele <develop@manuel-voegele.de>
 F:	package/python-pyqt5/
 F:	package/python-requests-toolbelt/
@@ -1913,6 +1911,7 @@ F:	package/tpm-tools/
 F:	package/trousers/
 
 N:	Norbert Lange <nolange79@gmail.com>
+F:	package/systemd/
 F:	package/tcf-agent/
 
 N:	Nylon Chen <nylon7@andestech.com>
@@ -1947,9 +1946,6 @@ F:	package/openjpeg/
 N:	Olivier Singla <olivier.singla@gmail.com>
 F:	package/shellinabox/
 
-N:	Owen Walpole <owen@walpole.dev>
-F:	package/parprouted/
-
 N:	Parnell Springmeyer <parnell@digitalmentat.com>
 F:	package/scrypt/
 
@@ -2109,7 +2105,7 @@ F:	package/kf5/
 N:	Pierre Floury <pierre.floury@gmail.com>
 F:	package/trace-cmd/
 
-N:	Pierre-Jean Texier <pjtexier@koncepto.io>
+N:	Pierre-Jean Texier <texier.pj2@gmail.com>
 F:	package/fping/
 F:	package/genimage/
 F:	package/haveged/
@@ -2154,16 +2150,16 @@ N:	Rahul Jain <rahul.jain@imgtec.com>
 F:	package/uhttpd/
 F:	package/ustream-ssl/
 
-N:	Refik Tuzakli <tuzakli.refik@gmail.com>
-F:	package/freescale-imx/
-F:	package/paho-mqtt-cpp/
-
 N:	Ramon Fried <rfried.dev@gmail.com>
 F:	package/bitwise/
 
 N:	Raphaël Mélotte <raphael.melotte@essensium.com>
 F:	package/jbig2dec/
 
+N:	Refik Tuzakli <tuzakli.refik@gmail.com>
+F:	package/freescale-imx/
+F:	package/paho-mqtt-cpp/
+
 N:	Rémi Rérolle <remi.rerolle@gmail.com>
 F:	package/libfreeimage/
 
@@ -2254,6 +2250,7 @@ F:	package/davfs2/
 
 N:	Ryan Barnett <ryan.barnett@rockwellcollins.com>
 F:	package/atftp/
+F:	package/c-periphery/
 F:	package/miraclecast/
 F:	package/python-pysnmp/
 F:	package/python-pysnmp-mibs/
@@ -2261,11 +2258,6 @@ F:	package/python-tornado/
 F:	package/resiprocate/
 F:	package/websocketpp/
 
-N:	Ryan Coe <bluemrp9@gmail.com>
-F:	package/inadyn/
-F:	package/libite/
-F:	package/mariadb/
-
 N:	Ryan Wilkins <ryan@deadfrog.net>
 F:	package/biosdevname/
 
@@ -2462,9 +2454,6 @@ N:	Thomas Claveirole <thomas.claveirole@green-communications.fr>
 F:	package/fcgiwrap/
 F:	package/openlayers/
 
-N:	Thomas Davis <sunsetbrew@sunsetbrew.com>
-F:	package/civetweb/
-
 N:	Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
 F:	docs/manual/
 F:	package/cereal/
@@ -2572,9 +2561,6 @@ F:	package/waf/
 F:	support/testing/tests/package/test_crudini.py
 F:	support/testing/tests/package/test_redis.py
 
-N:	Trent Piepho <tpiepho@impinj.com>
-F:	package/libp11/
-
 N:	Tudor Holton <buildroot@tudorholton.com>
 F:	package/openjdk/
 
@@ -2625,6 +2611,8 @@ N:	Wade Berrier <wberrier@gmail.com>
 F:	package/ngrep/
 
 N:	Waldemar Brodkorb <wbx@openadk.org>
+F:	package/mksh/
+F:	package/ruby/
 F:	package/uclibc/
 F:	package/uclibc-ng-test/
 

Makefile

@@ -92,9 +92,9 @@ all:
 .PHONY: all
 
 # Set and export the version string
-export BR2_VERSION := 2020.08
+export BR2_VERSION := 2020.08.3
 # Actual time the release is cut (for reproducible builds)
-BR2_VERSION_EPOCH = 1598992000
+BR2_VERSION_EPOCH = 1609083000
 
 # Save running make version since it's clobbered by the make package
 RUNNING_MAKE_VERSION := $(MAKE_VERSION)

board/beaglebone/readme.txt

@@ -7,7 +7,7 @@ Description
 This configuration will build a complete image for the beaglebone and
 the TI AM335x-EVM, the board type is identified by the on-board
 EEPROM. The configuration is based on the
-ti-processor-sdk-02.00.00.00. Device tree blobs for beaglebone
+ti-processor-sdk-06.01.00.08. Device tree blobs for beaglebone
 variants and the evm-sk are built too.
 
 For Qt5 support support use the beaglebone_qt5_defconfig.
@@ -43,10 +43,20 @@ output/images/
 To copy the image file to the sdcard use dd:
 $ dd if=output/images/sdcard.img of=/dev/XXX
 
+
+Running Qt5 hellowindow opengl demo:
+===================
+# export QT_QPA_EGLFS_KMS_CONFIG=/etc/qt5/eglfs_kms_cfg.json
+# export QT_QPA_PLATFORM=eglfs
+# export QT_QPA_EGLFS_INTEGRATION=none
+# /usr/lib/qt/examples/opengl/hellowindow/hellowindow
+
+
 Tested hardware
 ===============
 am335x-evm (rev. 1.1A)
 beagleboneblack (rev. A5A)
 beaglebone (rev. A6)
 
+2020, Adam Duskett <aduskett@gmail.com>
 2016, Lothar Felten <lothar.felten@gmail.com>

board/beaglebone/rootfs_overlay/etc/qt5/eglfs_kms_cfg.json

@@ -0,0 +1,15 @@
+{
+  "device": "/dev/dri/card0",
+  "hwcursor": false,
+  "pbuffers": true,
+  "outputs": [
+    {
+      "name": "VGA1",
+      "mode": "off"
+    },
+    {
+      "name": "HDMI1",
+      "mode": "1024x768"
+    }
+  ]
+}

board/boundarydevices/common/readme.txt

@@ -40,3 +40,9 @@ Where 'sdX' is the device node of the uSD partition.
 To upgrade u-boot, cancel autoboot and type:
 
 > run upgradeu
+
+See Boundary Devices's buildroot-external-boundary project
+for additional and advanced defconfigs using Qt5, gstreamer,
+NXP proprietary packages with demo applications:
+
+https://github.com/boundarydevices/buildroot-external-boundary

boot/afboot-stm32/0001-Pass-fno-builtin-to-fix-build-with-gcc-10.patch

@@ -0,0 +1,46 @@
+From 5448f328ff63a6ca4a64519c2f1dfc63a33df4b7 Mon Sep 17 00:00:00 2001
+From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+Date: Thu, 10 Sep 2020 11:37:33 +0200
+Subject: [PATCH] Pass -fno-builtin to fix build with gcc 10
+
+gcc 10, if it recognizes some hand-written code that looks like
+memcpy, will generate a call to memcpy().
+
+For example:
+
+        while (dst < &_end_data) {
+                *dst++ = *src++;
+        }
+
+gets recognized as such. However, in the context of bare-metal code,
+having a call to memcpy() in the C library doesn't work. So we fix
+that by disabling builtins.
+
+Fixes:
+
+/home/thomas/projets/buildroot/output/host/opt/ext-toolchain/bin/../arm-buildroot-uclinux-uclibcgnueabi/bin/ld.real: stm32f429i-disco.o: in function `reset':
+stm32f429i-disco.c:(.text.reset+0x1a): undefined reference to `memcpy'
+/home/thomas/projets/buildroot/output/host/opt/ext-toolchain/bin/../arm-buildroot-uclinux-uclibcgnueabi/bin/ld.real: stm32f429i-disco.c:(.text.reset+0x34): undefined reference to `memset'
+make[1]: *** [Makefile:26: stm32f429i-disco] Error 1
+
+Upstream: https://github.com/mcoquelin-stm32/afboot-stm32/pull/9
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+---
+ Makefile | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/Makefile b/Makefile
+index f699176..1e8557d 100644
+--- a/Makefile
++++ b/Makefile
+@@ -13,6 +13,7 @@ DTB_ADDR?=0x08004000
+ CFLAGS := -mthumb -mcpu=cortex-m4
+ CFLAGS += -ffunction-sections -fdata-sections
+ CFLAGS += -Os -std=gnu99 -Wall
++CFLAGS += -fno-builtin
+ LINKERFLAGS := -nostartfiles --gc-sections
+ 
+ obj-y += gpio.o mpu.o qspi.o start_kernel.o
+-- 
+2.26.2
+

boot/arm-trusted-firmware/arm-trusted-firmware.mk

@@ -100,6 +100,14 @@ ARM_TRUSTED_FIRMWARE_MAKE_OPTS += MV_DDR_PATH=$(MV_DDR_MARVELL_DIR)
 ARM_TRUSTED_FIRMWARE_DEPENDENCIES += mv-ddr-marvell
 endif
 
+ifeq ($(BR2_SSP_REGULAR),y)
+ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=default
+else ifeq ($(BR2_SSP_STRONG),y)
+ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=strong
+else ifeq ($(BR2_SSP_ALL),y)
+ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=all
+endif
+
 ARM_TRUSTED_FIRMWARE_MAKE_TARGETS = all
 
 ifeq ($(BR2_TARGET_ARM_TRUSTED_FIRMWARE_FIP),y)

boot/barebox/barebox.mk

@@ -88,13 +88,6 @@ $(1)_KCONFIG_DEPENDENCIES = \
 	$(BR2_BISON_HOST_DEPENDENCY) \
 	$(BR2_FLEX_HOST_DEPENDENCY)
 
-ifeq ($$(BR2_TARGET_$(1)_BAREBOXENV),y)
-define $(1)_BUILD_BAREBOXENV_CMDS
-	$$(TARGET_CC) $$(TARGET_CFLAGS) $$(TARGET_LDFLAGS) -o $$(@D)/bareboxenv \
-		$$(@D)/scripts/bareboxenv.c
-endef
-endif
-
 ifeq ($$(BR2_TARGET_$(1)_CUSTOM_ENV),y)
 $(1)_ENV_NAME = $$(notdir $$(call qstrip,\
 	$$(BR2_TARGET_$(1)_CUSTOM_ENV_PATH)))
@@ -109,12 +102,23 @@ endef
 endif
 
 ifneq ($$($(1)_CUSTOM_EMBEDDED_ENV_PATH),)
-define $(1)_KCONFIG_FIXUP_CMDS
+define $(1)_KCONFIG_FIXUP_CUSTOM_EMBEDDED_ENV_PATH
 	$$(call KCONFIG_ENABLE_OPT,CONFIG_DEFAULT_ENVIRONMENT)
 	$$(call KCONFIG_SET_OPT,CONFIG_DEFAULT_ENVIRONMENT_PATH,"$$($(1)_CUSTOM_EMBEDDED_ENV_PATH)")
 endef
 endif
 
+define $(1)_KCONFIG_FIXUP_BAREBOXENV
+	$$(if $$(BR2_TARGET_$(1)_BAREBOXENV),\
+		$$(call KCONFIG_ENABLE_OPT,CONFIG_BAREBOXENV_TARGET),\
+		$$(call KCONFIG_DISABLE_OPT,CONFIG_BAREBOXENV_TARGET))
+endef
+
+define $(1)_KCONFIG_FIXUP_CMDS
+	$$($(1)_KCONFIG_FIXUP_CUSTOM_EMBEDDED_ENV_PATH)
+	$$($(1)_KCONFIG_FIXUP_BAREBOXENV)
+endef
+
 define $(1)_BUILD_CMDS
 	$$($(1)_BUILD_BAREBOXENV_CMDS)
 	$$(TARGET_MAKE_ENV) $$(MAKE) $$($(1)_MAKE_FLAGS) -C $$(@D)
@@ -136,7 +140,7 @@ endef
 
 ifeq ($$(BR2_TARGET_$(1)_BAREBOXENV),y)
 define $(1)_INSTALL_TARGET_CMDS
-	cp $$(@D)/bareboxenv $$(TARGET_DIR)/usr/bin
+	cp $$(@D)/scripts/bareboxenv-target $$(TARGET_DIR)/usr/bin/bareboxenv
 endef
 endif
 

boot/uboot/uboot.mk

@@ -510,7 +510,7 @@ ifeq ($(call qstrip,$(BR2_TARGET_UBOOT_CUSTOM_REPO_URL)),)
 $(error No custom U-Boot repository URL specified. Check your BR2_TARGET_UBOOT_CUSTOM_REPO_URL setting)
 endif # qstrip BR2_TARGET_UBOOT_CUSTOM_CUSTOM_REPO_URL
 ifeq ($(call qstrip,$(BR2_TARGET_UBOOT_CUSTOM_REPO_VERSION)),)
-$(error No custom U-Boot repository URL specified. Check your BR2_TARGET_UBOOT_CUSTOM_REPO_VERSION setting)
+$(error No custom U-Boot repository version specified. Check your BR2_TARGET_UBOOT_CUSTOM_REPO_VERSION setting)
 endif # qstrip BR2_TARGET_UBOOT_CUSTOM_CUSTOM_REPO_VERSION
 endif # BR2_TARGET_UBOOT_CUSTOM_GIT || BR2_TARGET_UBOOT_CUSTOM_HG
 

configs/beaglebone_qt5_defconfig

@@ -20,11 +20,8 @@ BR2_PACKAGE_FBV=y
 BR2_PACKAGE_QT5=y
 BR2_PACKAGE_QT5BASE_EXAMPLES=y
 BR2_PACKAGE_QT5BASE_EGLFS=y
-BR2_PACKAGE_QT5BASE_DEFAULT_QPA="wayland"
+BR2_PACKAGE_QT5BASE_DEFAULT_QPA="eglfs"
 BR2_PACKAGE_QT5QUICKCONTROLS=y
-BR2_PACKAGE_QT5WAYLAND=y
-BR2_PACKAGE_QT5WAYLAND_COMPOSITOR=y
-BR2_PACKAGE_WESTON=y
 BR2_PACKAGE_TI_SGX_DEMOS=y
 BR2_PACKAGE_TI_SGX_KM=y
 BR2_PACKAGE_TI_SGX_UM=y

docs/manual/adding-board-support.txt

@@ -10,9 +10,9 @@ that is known to work. You are welcome to add support for other boards
 to Buildroot too.
 
 To do so, you need to create a normal Buildroot configuration that
-builds a basic system for the hardware: toolchain, kernel, bootloader,
-filesystem and a simple BusyBox-only userspace. No specific package
-should be selected: the configuration should be as minimal as
+builds a basic system for the hardware: (internal) toolchain, kernel,
+bootloader, filesystem and a simple BusyBox-only userspace. No specific
+package should be selected: the configuration should be as minimal as
 possible, and should only build a working basic BusyBox system for the
 target platform. You can of course use more complicated configurations
 for your internal projects, but the Buildroot project will only
@@ -22,7 +22,17 @@ selections are highly application-specific.
 Once you have a known working configuration, run +make
 savedefconfig+. This will generate a minimal +defconfig+ file at the
 root of the Buildroot source tree. Move this file into the +configs/+
-directory, and rename it +<boardname>_defconfig+.
+directory, and rename it +<boardname>_defconfig+. If the configuration
+is a bit more complicated, it is nice to manually reformat it and
+separate it into sections, with a comment before each section. Typical
+sections are _Architecture_, _Toolchain options_ (typically just linux
+headers version), _Firmware_, _Bootloader_, _Kernel_, and _Filesystem_.
+
+Always use fixed versions or commit hashes for the different
+components, not the "latest" version. For example, set
++BR2_LINUX_KERNEL_CUSTOM_VERSION=y+ and
++BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE+ to the kernel version you tested
+with.
 
 It is recommended to use as much as possible upstream versions of the
 Linux kernel and bootloaders, and to use as much as possible default

docs/manual/contribute.txt

@@ -371,6 +371,37 @@ in the following cases:
 * whenever you feel it will help presenting your work, your choices,
   the review process, etc.
 
+==== Patches for maintenance branches
+
+When fixing bugs on a maintenance branch, bugs should be fixed on the
+master branch first. The commit log for such a patch may then contain a
+post-commit note specifying what branches are affected:
+
+----
+package/foo: fix stuff
+
+Signed-off-by: Your Real Name <your@email.address>
+---
+Backport to: 2020.02.x, 2020.05.x
+(2020.08.x not affected as the version was bumped)
+----
+
+Those changes will then be backported by a maintainer to the affected
+branches.
+
+However, some bugs may apply only to a specific release, for example
+because it is using an older version of a package. In that case, patches
+should be based off the maintenance branch, and the patch subject prefix
+must include the maintenance branch name (for example "[PATCH 2020.02.x]").
+This can be done with the +git format-patch+ flag +--subject-prefix+:
+
+---------------------
+$ git format-patch --subject-prefix "PATCH 2020.02.x" \
+    -M -s -o outgoing origin/2020.02.x
+---------------------
+
+Then send the patches with +git send-email+, as described above.
+
 ==== Patch revision changelog
 
 When improvements are requested, the new revision of each commit

fs/common.mk

@@ -163,11 +163,11 @@ $$(BINARIES_DIR)/$$(ROOTFS_$(2)_FINAL_IMAGE_NAME): $$(ROOTFS_$(2)_DEPENDENCIES)
 	echo "chown -h -R 0:0 $$(TARGET_DIR)" >> $$(FAKEROOT_SCRIPT)
 	PATH=$$(BR_PATH) $$(TOPDIR)/support/scripts/mkusers $$(ROOTFS_FULL_USERS_TABLE) $$(TARGET_DIR) >> $$(FAKEROOT_SCRIPT)
 	echo "$$(HOST_DIR)/bin/makedevs -d $$(ROOTFS_FULL_DEVICES_TABLE) $$(TARGET_DIR)" >> $$(FAKEROOT_SCRIPT)
+	$$(foreach hook,$$(ROOTFS_PRE_CMD_HOOKS),\
+		$$(call PRINTF,$$($$(hook))) >> $$(FAKEROOT_SCRIPT)$$(sep))
 	$$(foreach s,$$(call qstrip,$$(BR2_ROOTFS_POST_FAKEROOT_SCRIPT)),\
 		echo "echo '$$(TERM_BOLD)>>>   Executing fakeroot script $$(s)$$(TERM_RESET)'" >> $$(FAKEROOT_SCRIPT); \
 		echo $$(EXTRA_ENV) $$(s) $$(TARGET_DIR) $$(BR2_ROOTFS_POST_SCRIPT_ARGS) >> $$(FAKEROOT_SCRIPT)$$(sep))
-	$$(foreach hook,$$(ROOTFS_PRE_CMD_HOOKS),\
-		$$(call PRINTF,$$($$(hook))) >> $$(FAKEROOT_SCRIPT)$$(sep))
 
 	$$(foreach hook,$$(ROOTFS_$(2)_PRE_GEN_HOOKS),\
 		$$(call PRINTF,$$($$(hook))) >> $$(FAKEROOT_SCRIPT)$$(sep))

fs/jffs2/jffs2.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-JFFS2_OPTS = -e $(BR2_TARGET_ROOTFS_JFFS2_EBSIZE)
+JFFS2_OPTS = -e $(BR2_TARGET_ROOTFS_JFFS2_EBSIZE) --with-xattr
 SUMTOOL_OPTS = -e $(BR2_TARGET_ROOTFS_JFFS2_EBSIZE)
 
 ifeq ($(BR2_TARGET_ROOTFS_JFFS2_PAD),y)

linux/Config.in

@@ -30,7 +30,7 @@ config BR2_LINUX_KERNEL_LATEST_VERSION
 	bool "Latest version (5.7)"
 
 config BR2_LINUX_KERNEL_LATEST_CIP_VERSION
-	bool "Latest CIP SLTS version (4.19.132-cip30)"
+	bool "Latest CIP SLTS version (4.19.152-cip37)"
 	help
 	  CIP launched in the spring of 2016 to address the needs of
 	  organizations in industries such as power generation and
@@ -43,13 +43,13 @@ config BR2_LINUX_KERNEL_LATEST_CIP_VERSION
 	  implementation of software building blocks that meet
 	  these requirements.
 
-	  The CIP community plans to maintain 4.4 for security and
+	  The CIP community plans to maintain 4.19 for security and
 	  bug fixes for more than 10 years.
 
 	  https://www.cip-project.org
 
 config BR2_LINUX_KERNEL_LATEST_CIP_RT_VERSION
-	bool "Latest CIP RT SLTS version (4.19.132-cip30-rt12)"
+	bool "Latest CIP RT SLTS version (4.19.152-cip37-rt16)"
 	help
 	  Same as the CIP version, but this is the PREEMPT_RT realtime
 	  variant.
@@ -125,8 +125,8 @@ endif
 config BR2_LINUX_KERNEL_VERSION
 	string
 	default "5.7.19" if BR2_LINUX_KERNEL_LATEST_VERSION
-	default "4.19.132-cip30" if BR2_LINUX_KERNEL_LATEST_CIP_VERSION
-	default "4.19.132-cip30-rt12" if BR2_LINUX_KERNEL_LATEST_CIP_RT_VERSION
+	default "4.19.152-cip37" if BR2_LINUX_KERNEL_LATEST_CIP_VERSION
+	default "4.19.152-cip37-rt16" if BR2_LINUX_KERNEL_LATEST_CIP_RT_VERSION
 	default BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE \
 		if BR2_LINUX_KERNEL_CUSTOM_VERSION
 	default "custom" if BR2_LINUX_KERNEL_CUSTOM_TARBALL

linux/linux.hash

@@ -1,14 +1,14 @@
 # From https://www.kernel.org/pub/linux/kernel/v5.x/sha256sums.asc
 sha256  419c6248b9ae4dfead4599787aecbfd202e88bc4124523adfa6dd2d642b99fe7  linux-5.7.19.tar.xz
-sha256  86f13d050f6389c5a1727fa81510ee8eceac795297bc584f443354609617fea4  linux-5.4.61.tar.xz
+sha256  beec970bbb93de8ab839f27930f7ab00c7bd65af0ffa07a50e765affdc2561c6  linux-5.4.83.tar.xz
 # From https://www.kernel.org/pub/linux/kernel/v4.x/sha256sums.asc
-sha256  6994dda988e9fb7f5661cf80ff42039016cb0044acd39f830937ba0220296388  linux-4.4.234.tar.xz
-sha256  756f8544d261e8117716c911261690e4fb5491e14c1f4612c83e0986453782e3  linux-4.9.234.tar.xz
-sha256  394f28798670240baacd9e2cce521fbd79f8da5e1fc191695b0e11381445a021  linux-4.14.195.tar.xz
-sha256  6912db1c242d72ce9c8d4ff71982ac935d97690822af5c1c6ec22412b31667a4  linux-4.19.142.tar.xz
+sha256  e52a49ceb639d871478a143c314648c35e22222c317ecdf49866830fea5c3dfc  linux-4.4.248.tar.xz
+sha256  4687268061c9933c298b30d28e4bf1a30dfbab7c0da4bee194968e4f81ffeccf  linux-4.9.248.tar.xz
+sha256  0e1bc32c4842c3bbee3a15454408f528acd4d3c5e83312b93008d5ee2e9a0c79  linux-4.14.212.tar.xz
+sha256  3eeec4e5eb8a129be3536357ecb028fae7d82fac933dcfac0b6089ee398fc5fc  linux-4.19.163.tar.xz
 # Locally computed
-sha256  c20f9014b89ea3e27f55f1d407aa5a4724ed38ac520c197291e9d644f164c43a  linux-cip-4.19.132-cip30.tar.gz
-sha256  81dd791d9ad6c3fddaeaffc6d7d8df0e13831283a5fe494c437ac7820d79ca39  linux-cip-4.19.132-cip30-rt12.tar.gz
+sha256  d2a06f52143deb929b8d513cf9afc9bd065951389a80fa70bc4d63025b5b3fb9  linux-cip-4.19.152-cip37.tar.gz
+sha256  bc1dacd3d0f526de3e8754a444e8e02a54521527af639ddb907cb35cda775a8c  linux-cip-4.19.152-cip37-rt16.tar.gz
 
 # Licenses hashes
 sha256  fb5a425bd3b3cd6071a3a9aff9909a859e7c1158d54d32e07658398cd67eb6a0  COPYING

package/acpica/acpica.hash

@@ -1,3 +1,3 @@
 # locally computed hash
-sha256  ad8a7b1571ec94d8c1837cf0c89ff33ea820780362fbb3e26adbde96beed5205  acpica-unix2-20200528.tar.gz
+sha256  8a49904744a8159b7f325ed941b56968ba37a0371c634036628064f97538de4b  acpica-unix2-20200717.tar.gz
 sha256  cb17c679d3291eba1a70a1336062fb07eec2e839b0821b443b24f41de18c5218  source/include/acpi.h

package/acpica/acpica.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-ACPICA_VERSION = 20200528
+ACPICA_VERSION = 20200717
 ACPICA_SOURCE = acpica-unix2-$(ACPICA_VERSION).tar.gz
 ACPICA_SITE = https://acpica.org/sites/acpica/files
 ACPICA_LICENSE = BSD-3-Clause or GPL-2.0

package/alsa-utils/alsa-utils.mk

@@ -86,10 +86,10 @@ define ALSA_UTILS_INSTALL_INIT_SYSTEMD
 		$(TARGET_DIR)/usr/lib/systemd/system/alsa-restore.service
 	$(INSTALL) -D -m 0644 $(@D)/alsactl/alsa-state.service \
 		$(TARGET_DIR)/usr/lib/systemd/system/alsa-state.service
-	mkdir $(TARGET_DIR)/usr/lib/systemd/system/alsa-restore.service.d
+	$(INSTALL) -d -m 0755 $(TARGET_DIR)/usr/lib/systemd/system/alsa-restore.service.d
 	printf '[Install]\nWantedBy=multi-user.target\n' \
 		>$(TARGET_DIR)/usr/lib/systemd/system/alsa-restore.service.d/buildroot-enable.conf
-	mkdir $(TARGET_DIR)/usr/lib/systemd/system/alsa-state.service.d
+	$(INSTALL) -d -m 0755 $(TARGET_DIR)/usr/lib/systemd/system/alsa-state.service.d
 	printf '[Install]\nWantedBy=multi-user.target\n' \
 		>$(TARGET_DIR)/usr/lib/systemd/system/alsa-state.service.d/buildroot-enable.conf;
 endef

package/apitrace/0003-CMakeLists.txt-respect-BUILD_TESTING-OFF.patch

@@ -0,0 +1,104 @@
+From 7f0f1e7e34f997eef697856804dd478b54bb365e Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Tue, 22 Dec 2020 10:45:21 +0100
+Subject: [PATCH] CMakeLists.txt: respect BUILD_TESTING=OFF
+
+Allow the user to disable unit tests through BUILD_TESTING=OFF:
+https://cmake.org/cmake/help/latest/command/enable_testing.html
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Upstream status: https://github.com/apitrace/apitrace/pull/698]
+---
+ CMakeLists.txt           | 6 +++++-
+ gui/CMakeLists.txt       | 6 ++++--
+ lib/guids/CMakeLists.txt | 6 ++++--
+ lib/os/CMakeLists.txt    | 6 ++++--
+ lib/trace/CMakeLists.txt | 6 ++++--
+ 5 files changed, 21 insertions(+), 9 deletions(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 4a07f069..ee401887 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -41,6 +41,8 @@ option (ENABLE_FRAME_POINTER "Disable frame pointer omission" ON)
+ 
+ option (ENABLE_ASAN "Enable Address Sanitizer" OFF)
+ 
++option (BUILD_TESTING "Enable unit tests" ON)
++
+ option (ENABLE_TESTS "Enable additional tests" OFF)
+ 
+ if (ANDROID)
+@@ -433,7 +435,9 @@ endmacro ()
+ # which subdirectory they are declared
+ set (CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR})
+ 
+-enable_testing ()
++if (BUILD_TESTING)
++    enable_testing ()
++endif ()
+ if (CMAKE_CROSSCOMPILING)
+     add_custom_target (check)
+ elseif (DEFINED CMAKE_BUILD_TYPE)
+diff --git a/gui/CMakeLists.txt b/gui/CMakeLists.txt
+index 5baf3552..ad6ee501 100644
+--- a/gui/CMakeLists.txt
++++ b/gui/CMakeLists.txt
+@@ -13,8 +13,10 @@ add_library (qubjson STATIC
+     qubjson.cpp
+ )
+ 
+-add_gtest (qubjson_test qubjson_test.cpp)
+-target_link_libraries (qubjson_test qubjson)
++if (BUILD_TESTING)
++    add_gtest (qubjson_test qubjson_test.cpp)
++    target_link_libraries (qubjson_test qubjson)
++endif ()
+ 
+ set(qapitrace_SRCS
+    apisurface.cpp
+diff --git a/lib/guids/CMakeLists.txt b/lib/guids/CMakeLists.txt
+index ce0f86da..ea28a18f 100644
+--- a/lib/guids/CMakeLists.txt
++++ b/lib/guids/CMakeLists.txt
+@@ -5,5 +5,7 @@ add_library (guids STATIC
+     guids.hpp
+ )
+ 
+-add_gtest (guids_test guids_test.cpp)
+-target_link_libraries (guids_test guids)
++if (BUILD_TESTING)
++    add_gtest (guids_test guids_test.cpp)
++    target_link_libraries (guids_test guids)
++endif ()
+diff --git a/lib/os/CMakeLists.txt b/lib/os/CMakeLists.txt
+index 222411e0..b7134b57 100644
+--- a/lib/os/CMakeLists.txt
++++ b/lib/os/CMakeLists.txt
+@@ -36,5 +36,7 @@ if (APPLE)
+     )
+ endif ()
+ 
+-add_gtest (os_thread_test os_thread_test.cpp)
+-target_link_libraries (os_thread_test os)
++if (BUILD_TESTING)
++    add_gtest (os_thread_test os_thread_test.cpp)
++    target_link_libraries (os_thread_test os)
++endif ()
+diff --git a/lib/trace/CMakeLists.txt b/lib/trace/CMakeLists.txt
+index c68bd00f..d95df978 100644
+--- a/lib/trace/CMakeLists.txt
++++ b/lib/trace/CMakeLists.txt
+@@ -34,5 +34,7 @@ target_link_libraries (common
+     brotli_dec brotli_common
+ )
+ 
+-add_gtest (trace_parser_flags_test trace_parser_flags_test.cpp)
+-target_link_libraries (trace_parser_flags_test common)
++if (BUILD_TESTING)
++    add_gtest (trace_parser_flags_test trace_parser_flags_test.cpp)
++    target_link_libraries (trace_parser_flags_test common)
++endif ()
+-- 
+2.29.2
+

package/apparmor/apparmor.mk

@@ -53,6 +53,15 @@ ifeq ($(BR2_PACKAGE_APACHE),y)
 APPARMOR_DEPENDENCIES += apache
 APPARMOR_TOOLS += changehat/mod_apparmor
 APPARMOR_MAKE_OPTS += APXS=$(STAGING_DIR)/usr/bin/apxs
+
+ifeq ($(BR2_PER_PACKAGE_DIRECTORIES),y)
+define APPARMOR_FIXUP_APXS
+	$(SED) "s@$(PER_PACKAGE_DIR)/[^/]\+/@$(PER_PACKAGE_DIR)/apparmor/@g" \
+		$(STAGING_DIR)/usr/bin/apxs \
+		$(STAGING_DIR)/usr/build/config_vars.mk
+endef
+APPARMOR_POST_CONFIGURE_HOOKS += APPARMOR_FIXUP_APXS
+endif
 endif
 
 define APPARMOR_BUILD_CMDS
@@ -79,7 +88,7 @@ endef
 define APPARMOR_INSTALL_INIT_SYSTEMD
 	$(INSTALL) -D -m 0755 $(@D)/parser/apparmor.systemd \
 		$(TARGET_DIR)/lib/apparmor/apparmor.systemd
-	$(INSTALL) -D -m 0755 $(@D)/parser/apparmor.service \
+	$(INSTALL) -D -m 0644 $(@D)/parser/apparmor.service \
 		$(TARGET_DIR)/usr/lib/systemd/system/apparmor.service
 endef
 

package/argp-standalone/argp-standalone.hash

@@ -1,2 +1,5 @@
 # Locally calculated after checking pgp signature
-sha256	dec79694da1319acd2238ce95df57f3680fea2482096e483323fddf3d818d8be  argp-standalone-1.3.tar.gz
+sha256  dec79694da1319acd2238ce95df57f3680fea2482096e483323fddf3d818d8be  argp-standalone-1.3.tar.gz
+
+# License file
+sha256  bbb8919aa520069b0234faf5e83a94052d278419ffe97ca8e843ecc9b212d1ab  argp.h

package/argp-standalone/argp-standalone.mk

@@ -8,6 +8,7 @@ ARGP_STANDALONE_VERSION = 1.3
 ARGP_STANDALONE_SITE = http://www.lysator.liu.se/~nisse/archive
 ARGP_STANDALONE_INSTALL_STAGING = YES
 ARGP_STANDALONE_LICENSE = LGPL-2.0+
+ARGP_STANDALONE_LICENSE_FILES = argp.h
 
 ARGP_STANDALONE_CONF_ENV = \
 	CFLAGS="$(TARGET_CFLAGS) -fPIC -fgnu89-inline"

package/asterisk/asterisk.hash

@@ -1,5 +1,5 @@
 # Locally computed
-sha256  f0ba5e3c4ef46f6657dd3a7167190f9b6cd6bbf4af09ecc291a9d5868b477609  asterisk-16.10.0.tar.gz
+sha256  226eaef400d2d335ce29d7b3c8aca8dfdfc5e854c215e0c47615c095ced12171  asterisk-16.14.1.tar.gz
 
 # sha1 from: http://downloads.asterisk.org/pub/telephony/sounds/releases
 # sha256 locally computed
@@ -12,4 +12,4 @@ sha256  449fb810d16502c3052fedf02f7e77b36206ac5a145f3dacf4177843a2fcb538  asteri
 sha256  82af40ed7f49c08685360811993d9396320842f021df828801d733e8fdc0312f  COPYING
 sha256  ac5571f00e558e3b7c9b3f13f421b874cc12cf4250c4f70094c71544cf486312  main/sha1.c
 sha256  6215e3ed73c3982a5c6701127d681ec0b9f1121ac78a28805bd93f93c3eb84c0  codecs/speex/speex_resampler.h
-sha256  1ca2c7a7a1ae7ccd75212a8c1e85dd9ec92bdbc9170aafd97ea60459387755fd  utils/db1-ast/include/db.h
+sha256  ea69cc96ab8a779c180a362377caeada71926897d1b55b980f04d74ba5aaa388  utils/db1-ast/include/db.h

package/asterisk/asterisk.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-ASTERISK_VERSION = 16.10.0
+ASTERISK_VERSION = 16.14.1
 # Use the github mirror: it's an official mirror maintained by Digium, and
 # provides tarballs, which the main Asterisk git tree (behind Gerrit) does not.
 ASTERISK_SITE = $(call github,asterisk,asterisk,$(ASTERISK_VERSION))

package/bandwidthd/bandwidthd.hash

@@ -1,2 +1,3 @@
 # Locally calculated
-sha256 0270d0def6cc53c8d47d59a9dd093d51fbca1620adeef85c15e35a32010e26ab  bandwidthd-2.0.1-auto-r11.tar.gz
+sha256  0270d0def6cc53c8d47d59a9dd093d51fbca1620adeef85c15e35a32010e26ab  bandwidthd-2.0.1-auto-r11.tar.gz
+sha256  58573c40770e0c0b91f3eef8192952832321a344f66a4fb2d966095cbbfc86c2  README

package/bandwidthd/bandwidthd.mk

@@ -10,6 +10,7 @@ BANDWIDTHD_SITE = $(call github,nroach44,bandwidthd,v$(BANDWIDTHD_VERSION))
 # Specified as "any version of the GPL that is current as of your
 # download" by upstream.
 BANDWIDTHD_LICENSE = GPL
+BANDWIDTHD_LICENSE_FILES = README
 
 BANDWIDTHD_DEPENDENCIES = gd libpng libpcap host-pkgconf
 

package/bandwidthd/bandwidthd.service

@@ -5,7 +5,7 @@ After=network.target
 [Service]
 Type=forking
 ExecStart=/usr/bin/bandwidthd
-PIDFile=/var/run/bandwidthd.pid
+PIDFile=/run/bandwidthd.pid
 
 [Install]
 WantedBy=multi-user.target

package/bash/0017-bash50-017.patch

@@ -0,0 +1,293 @@
+From https://ftp.gnu.org/gnu/bash/bash-5.0-patches/bash55-017
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	5.0
+Patch-ID:	bash50-017
+
+Bug-Reported-by:	Valentin Lab <valentin.lab@kalysto.org>
+Bug-Reference-ID:	<ab981b9c-60a5-46d0-b7e6-a6d88b80df50@kalysto.org>
+Bug-Reference-URL:	https://lists.gnu.org/archive/html/bug-bash/2020-03/msg00062.html
+
+Bug-Description:
+
+There were cases where patch 16 reaped process substitution file descriptors
+(or FIFOs) and processes to early. This is a better fix for the problem that
+bash50-016 attempted to solve.
+
+Patch (apply with `patch -p0'):
+
+*** bash-5.0-patched/subst.c	2019-08-29 11:16:49.000000000 -0400
+--- b/subst.c	2020-04-02 16:24:19.000000000 -0400
+***************
+*** 5337,5341 ****
+  }
+  
+! char *
+  copy_fifo_list (sizep)
+       int *sizep;
+--- b/5337,5341 ----
+  }
+  
+! void *
+  copy_fifo_list (sizep)
+       int *sizep;
+***************
+*** 5343,5347 ****
+    if (sizep)
+      *sizep = 0;
+!   return (char *)NULL;
+  }
+  
+--- b/5343,5347 ----
+    if (sizep)
+      *sizep = 0;
+!   return (void *)NULL;
+  }
+  
+***************
+*** 5409,5414 ****
+  	if (fifo_list[i].file)
+  	  {
+! 	    fifo_list[j].file = fifo_list[i].file;
+! 	    fifo_list[j].proc = fifo_list[i].proc;
+  	    j++;
+  	  }
+--- b/5409,5419 ----
+  	if (fifo_list[i].file)
+  	  {
+! 	    if (i != j)
+! 	      {
+! 		fifo_list[j].file = fifo_list[i].file;
+! 		fifo_list[j].proc = fifo_list[i].proc;
+! 		fifo_list[i].file = (char *)NULL;
+! 		fifo_list[i].proc = 0;
+! 	      }
+  	    j++;
+  	  }
+***************
+*** 5426,5433 ****
+  void
+  close_new_fifos (list, lsize)
+!      char *list;
+       int lsize;
+  {
+    int i;
+  
+    if (list == 0)
+--- b/5431,5439 ----
+  void
+  close_new_fifos (list, lsize)
+!      void *list;
+       int lsize;
+  {
+    int i;
++   char *plist;
+  
+    if (list == 0)
+***************
+*** 5437,5442 ****
+      }
+  
+!   for (i = 0; i < lsize; i++)
+!     if (list[i] == 0 && i < fifo_list_size && fifo_list[i].proc != -1)
+        unlink_fifo (i);
+  
+--- b/5443,5448 ----
+      }
+  
+!   for (plist = (char *)list, i = 0; i < lsize; i++)
+!     if (plist[i] == 0 && i < fifo_list_size && fifo_list[i].proc != -1)
+        unlink_fifo (i);
+  
+***************
+*** 5560,5568 ****
+  }
+  
+! char *
+  copy_fifo_list (sizep)
+       int *sizep;
+  {
+!   char *ret;
+  
+    if (nfds == 0 || totfds == 0)
+--- b/5566,5574 ----
+  }
+  
+! void *
+  copy_fifo_list (sizep)
+       int *sizep;
+  {
+!   void *ret;
+  
+    if (nfds == 0 || totfds == 0)
+***************
+*** 5570,5579 ****
+        if (sizep)
+  	*sizep = 0;
+!       return (char *)NULL;
+      }
+  
+    if (sizep)
+      *sizep = totfds;
+!   ret = (char *)xmalloc (totfds * sizeof (pid_t));
+    return (memcpy (ret, dev_fd_list, totfds * sizeof (pid_t)));
+  }
+--- b/5576,5585 ----
+        if (sizep)
+  	*sizep = 0;
+!       return (void *)NULL;
+      }
+  
+    if (sizep)
+      *sizep = totfds;
+!   ret = xmalloc (totfds * sizeof (pid_t));
+    return (memcpy (ret, dev_fd_list, totfds * sizeof (pid_t)));
+  }
+***************
+*** 5648,5655 ****
+  void
+  close_new_fifos (list, lsize)
+!      char *list;
+       int lsize;
+  {
+    int i;
+  
+    if (list == 0)
+--- b/5654,5662 ----
+  void
+  close_new_fifos (list, lsize)
+!      void *list;
+       int lsize;
+  {
+    int i;
++   pid_t *plist;
+  
+    if (list == 0)
+***************
+*** 5659,5664 ****
+      }
+  
+!   for (i = 0; i < lsize; i++)
+!     if (list[i] == 0 && i < totfds && dev_fd_list[i])
+        unlink_fifo (i);
+  
+--- b/5666,5671 ----
+      }
+  
+!   for (plist = (pid_t *)list, i = 0; i < lsize; i++)
+!     if (plist[i] == 0 && i < totfds && dev_fd_list[i])
+        unlink_fifo (i);
+  
+*** bash-5.0-patched/subst.h	2018-10-21 18:46:09.000000000 -0400
+--- b/subst.h	2020-04-02 16:29:28.000000000 -0400
+***************
+*** 274,280 ****
+  extern void unlink_fifo __P((int));
+  
+! extern char *copy_fifo_list __P((int *));
+! extern void unlink_new_fifos __P((char *, int));
+! extern void close_new_fifos __P((char *, int));
+  
+  extern void clear_fifo_list __P((void));
+--- b/274,279 ----
+  extern void unlink_fifo __P((int));
+  
+! extern void *copy_fifo_list __P((int *));
+! extern void close_new_fifos __P((void *, int));
+  
+  extern void clear_fifo_list __P((void));
+*** bash-5.0-patched/execute_cmd.c	2020-02-06 20:16:48.000000000 -0500
+--- b/execute_cmd.c	2020-04-02 17:00:10.000000000 -0400
+***************
+*** 565,569 ****
+  #if defined (PROCESS_SUBSTITUTION)
+    volatile int ofifo, nfifo, osize, saved_fifo;
+!   volatile char *ofifo_list;
+  #endif
+  
+--- b/565,569 ----
+  #if defined (PROCESS_SUBSTITUTION)
+    volatile int ofifo, nfifo, osize, saved_fifo;
+!   volatile void *ofifo_list;
+  #endif
+  
+***************
+*** 751,760 ****
+  #  endif
+  
+!   if (variable_context != 0)	/* XXX - also if sourcelevel != 0? */
+      {
+        ofifo = num_fifos ();
+        ofifo_list = copy_fifo_list ((int *)&osize);
+        begin_unwind_frame ("internal_fifos");
+!       add_unwind_protect (xfree, ofifo_list);
+        saved_fifo = 1;
+      }
+--- b/751,762 ----
+  #  endif
+  
+!   /* XXX - also if sourcelevel != 0? */
+!   if (variable_context != 0)
+      {
+        ofifo = num_fifos ();
+        ofifo_list = copy_fifo_list ((int *)&osize);
+        begin_unwind_frame ("internal_fifos");
+!       if (ofifo_list)
+! 	add_unwind_protect (xfree, ofifo_list);
+        saved_fifo = 1;
+      }
+***************
+*** 1100,1123 ****
+        nfifo = num_fifos ();
+        if (nfifo > ofifo)
+! 	close_new_fifos ((char *)ofifo_list, osize);
+        free ((void *)ofifo_list);
+        discard_unwind_frame ("internal_fifos");
+      }
+- # if defined (HAVE_DEV_FD)
+-   /* Reap process substitutions at the end of loops */
+-   switch (command->type)
+-     {
+-     case cm_while:
+-     case cm_until:
+-     case cm_for:
+-     case cm_group:
+- #    if defined (ARITH_FOR_COMMAND)
+-     case cm_arith_for:
+- #    endif
+-       reap_procsubs ();
+-     default:
+-       break;
+-     }
+- #  endif /* HAVE_DEV_FD */
+  #endif
+  
+--- b/1102,1109 ----
+        nfifo = num_fifos ();
+        if (nfifo > ofifo)
+! 	close_new_fifos ((void *)ofifo_list, osize);
+        free ((void *)ofifo_list);
+        discard_unwind_frame ("internal_fifos");
+      }
+  #endif
+  
+
+*** bash-5.0/patchlevel.h	2016-06-22 14:51:03.000000000 -0400
+--- b/patchlevel.h	2016-10-01 11:01:28.000000000 -0400
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 16
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- b/26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 17
+  
+  #endif /* _PATCHLEVEL_H_ */

package/bash/0018-bash50-018.patch

@@ -0,0 +1,49 @@
+From https://ftp.gnu.org/gnu/bash/bash-5.0-patches/bash55-018
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	5.0
+Patch-ID:	bash50-018
+
+Bug-Reported-by:	oguzismailuysal@gmail.com
+Bug-Reference-ID:
+Bug-Reference-URL:	https://lists.gnu.org/archive/html/bug-bash/2019-10/msg00098.html
+
+Bug-Description:
+
+In certain cases, bash does not perform quoted null removal on patterns
+that are used as part of word expansions such as ${parameter##pattern}, so
+empty patterns are treated as non-empty.
+
+Patch (apply with `patch -p0'):
+
+*** bash-5.0.17/subst.c	2020-04-02 17:14:58.000000000 -0400
+--- b/subst.c	2020-07-09 15:28:19.000000000 -0400
+***************
+*** 5113,5116 ****
+--- b/5113,5118 ----
+  				      (int *)NULL, (int *)NULL)
+  	     : (WORD_LIST *)0;
++   if (l)
++     word_list_remove_quoted_nulls (l);
+    pat = string_list (l);
+    dispose_words (l);
+
+*** bash-5.0/patchlevel.h	2016-06-22 14:51:03.000000000 -0400
+--- b/patchlevel.h	2016-10-01 11:01:28.000000000 -0400
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 17
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- b/26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 18
+  
+  #endif /* _PATCHLEVEL_H_ */

package/binutils/binutils.mk

@@ -93,6 +93,7 @@ HOST_BINUTILS_CONF_OPTS = \
 	--enable-static \
 	--with-sysroot=$(STAGING_DIR) \
 	--enable-poison-system-directories \
+	--without-debuginfod \
 	$(BINUTILS_DISABLE_GDB_CONF_OPTS) \
 	$(BINUTILS_EXTRA_CONFIG_OPTIONS)
 

package/bison/bison.mk

@@ -13,5 +13,6 @@ BISON_LICENSE_FILES = COPYING
 BISON_MAKE = $(MAKE1)
 HOST_BISON_DEPENDENCIES = host-m4
 HOST_BISON_CONF_OPTS = --enable-relocatable
+HOST_BISON_CONF_ENV = ac_cv_libtextstyle=no
 
 $(eval $(host-autotools-package))

package/bitcoin/0001-src-randomenv.cpp-fix-build-on-uclibc.patch

@@ -0,0 +1,48 @@
+From 330cb33985d0ce97c20f4a0f0bbda0fbffe098d4 Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Mon, 9 Nov 2020 21:18:40 +0100
+Subject: [PATCH] src/randomenv.cpp: fix build on uclibc
+
+Check for HAVE_STRONG_GETAUXVAL or HAVE_WEAK_GETAUXVAL before using
+getauxval to avoid a build failure on uclibc
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Upstream status: https://github.com/bitcoin/bitcoin/pull/20358]
+---
+ src/randomenv.cpp | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/randomenv.cpp b/src/randomenv.cpp
+index 07122b7f6..5e07c3db4 100644
+--- a/src/randomenv.cpp
++++ b/src/randomenv.cpp
+@@ -53,7 +53,7 @@
+ #include <sys/vmmeter.h>
+ #endif
+ #endif
+-#ifdef __linux__
++#if defined(HAVE_STRONG_GETAUXVAL) || defined(HAVE_WEAK_GETAUXVAL)
+ #include <sys/auxv.h>
+ #endif
+ 
+@@ -326,7 +326,7 @@ void RandAddStaticEnv(CSHA512& hasher)
+     // Bitcoin client version
+     hasher << CLIENT_VERSION;
+ 
+-#ifdef __linux__
++#if defined(HAVE_STRONG_GETAUXVAL) || defined(HAVE_WEAK_GETAUXVAL)
+     // Information available through getauxval()
+ #  ifdef AT_HWCAP
+     hasher << getauxval(AT_HWCAP);
+@@ -346,7 +346,7 @@ void RandAddStaticEnv(CSHA512& hasher)
+     const char* exec_str = (const char*)getauxval(AT_EXECFN);
+     if (exec_str) hasher.Write((const unsigned char*)exec_str, strlen(exec_str) + 1);
+ #  endif
+-#endif // __linux__
++#endif // HAVE_STRONG_GETAUXVAL || HAVE_WEAK_GETAUXVAL
+ 
+ #ifdef HAVE_GETCPUID
+     AddAllCPUID(hasher);
+-- 
+2.28.0
+

package/bitcoin/Config.in

@@ -18,9 +18,6 @@ config BR2_PACKAGE_BITCOIN
 	select BR2_PACKAGE_BOOST_SYSTEM
 	select BR2_PACKAGE_BOOST_FILESYSTEM
 	select BR2_PACKAGE_BOOST_THREAD
-	select BR2_PACKAGE_BOOST_CHRONO
-	select BR2_PACKAGE_BOOST_PROGRAM_OPTIONS
-	select BR2_PACKAGE_OPENSSL
 	select BR2_PACKAGE_LIBEVENT
 	help
 	  Bitcoin Core is an open source project which maintains and

package/bitcoin/bitcoin.hash

@@ -1,5 +1,5 @@
-# From https://bitcoincore.org/bin/bitcoin-core-0.19.0.1/SHA256SUMS.asc
-sha256 7ac9f972249a0a16ed01352ca2a199a5448fe87a4ea74923404a40b4086de284  bitcoin-0.19.0.1.tar.gz
+# From https://bitcoincore.org/bin/bitcoin-core-0.20.1/SHA256SUMS.asc
+sha256  4bbd62fd6acfa5e9864ebf37a24a04bc2dcfe3e3222f056056288d854c53b978  bitcoin-0.20.1.tar.gz
 
 # Hash for license file
-sha256 9a0f75d688e9cf5c69d3efdaa2a83af496700d252b212ec6a72f7784b47fed0c  COPYING
+sha256  96fe807030b21f88305adc32af62f9aa19915f2783509fd6f52aea02cf83f644  COPYING

package/bitcoin/bitcoin.mk

@@ -4,12 +4,13 @@
 #
 ################################################################################
 
-BITCOIN_VERSION = 0.19.0.1
+BITCOIN_VERSION = 0.20.1
 BITCOIN_SITE = https://bitcoincore.org/bin/bitcoin-core-$(BITCOIN_VERSION)
 BITCOIN_AUTORECONF = YES
 BITCOIN_LICENSE = MIT
 BITCOIN_LICENSE_FILES = COPYING
-BITCOIN_DEPENDENCIES = host-pkgconf boost openssl libevent
+BITCOIN_DEPENDENCIES = host-pkgconf boost libevent
+BITCOIN_MAKE_ENV = BITCOIN_GENBUILD_NO_GIT=1
 BITCOIN_CONF_OPTS = \
 	--disable-bench \
 	--disable-wallet \

package/brotli/0001-CMake-Allow-using-BUILD_SHARED_LIBS-to-choose-static.patch

@@ -1,6 +1,6 @@
-From 7289e5a378ba13801996a84d89d8fe95c3fc4c11 Mon Sep 17 00:00:00 2001
+From 6cb16322decd643fed9de332d9cda77f7738b7af Mon Sep 17 00:00:00 2001
 From: Adrian Perez de Castro <aperez@igalia.com>
-Date: Mon, 26 Mar 2018 19:08:31 +0100
+Date: Mon, 7 Sep 2020 12:14:22 +0300
 Subject: [PATCH] CMake: Allow using BUILD_SHARED_LIBS to choose static/shared
  libs
 
@@ -18,16 +18,16 @@ This way, the following will both work as expected:
 
 This is helpful for distributions which need (or want) to build only
 static libraries.
----
- CMakeLists.txt        | 42 ++++++++++++++----------------------------
- c/fuzz/test_fuzzer.sh |  6 +++---
- 2 files changed, 17 insertions(+), 31 deletions(-)
 
 Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
-Upstream-Status: Submitted [https://github.com/google/brotli/pull/655]
+[Upstream status: https://github.com/google/brotli/pull/655]
+---
+ CMakeLists.txt        | 46 ++++++++++++++-----------------------------
+ c/fuzz/test_fuzzer.sh |  6 +++---
+ 2 files changed, 18 insertions(+), 34 deletions(-)
 
 diff --git a/CMakeLists.txt b/CMakeLists.txt
-index fc45f80..3f87f13 100644
+index 4ff3401..f889311 100644
 --- a/CMakeLists.txt
 +++ b/CMakeLists.txt
 @@ -6,6 +6,8 @@ cmake_minimum_required(VERSION 2.8.6)
@@ -36,10 +36,10 @@ index fc45f80..3f87f13 100644
  
 +option(BUILD_SHARED_LIBS "Build shared libraries" ON)
 +
- # If Brotli is being bundled in another project, we don't want to
- # install anything.  However, we want to let people override this, so
- # we'll use the BROTLI_BUNDLED_MODE variable to let them do that; just
-@@ -114,10 +116,6 @@ set(BROTLI_LIBRARIES_CORE brotlienc brotlidec brotlicommon)
+ if(NOT CMAKE_BUILD_TYPE AND NOT CMAKE_CONFIGURATION_TYPES)
+   message(STATUS "Setting build type to Release as none was specified.")
+   set(CMAKE_BUILD_TYPE "Release" CACHE STRING "Choose the type of build." FORCE)
+@@ -137,10 +139,6 @@ set(BROTLI_LIBRARIES_CORE brotlienc brotlidec brotlicommon)
  set(BROTLI_LIBRARIES ${BROTLI_LIBRARIES_CORE} ${LIBM_LIBRARY})
  mark_as_advanced(BROTLI_LIBRARIES)
  
@@ -50,14 +50,20 @@ index fc45f80..3f87f13 100644
  if(${CMAKE_SYSTEM_NAME} MATCHES "Linux")
    add_definitions(-DOS_LINUX)
  elseif(${CMAKE_SYSTEM_NAME} MATCHES "FreeBSD")
-@@ -137,24 +135,22 @@ endfunction()
- transform_sources_list("scripts/sources.lst" "${CMAKE_CURRENT_BINARY_DIR}/sources.lst.cmake")
+@@ -161,29 +159,25 @@ transform_sources_list("scripts/sources.lst" "${CMAKE_CURRENT_BINARY_DIR}/source
  include("${CMAKE_CURRENT_BINARY_DIR}/sources.lst.cmake")
  
--add_library(brotlicommon SHARED ${BROTLI_COMMON_C})
--add_library(brotlidec SHARED ${BROTLI_DEC_C})
--add_library(brotlienc SHARED ${BROTLI_ENC_C})
--
+ if(BROTLI_EMSCRIPTEN)
+-  set(BROTLI_SHARED_LIBS "")
+-else()
+-  set(BROTLI_SHARED_LIBS brotlicommon brotlidec brotlienc)
+-  add_library(brotlicommon SHARED ${BROTLI_COMMON_C})
+-  add_library(brotlidec SHARED ${BROTLI_DEC_C})
+-  add_library(brotlienc SHARED ${BROTLI_ENC_C})
++  set(BUILD_SHARED_LIBS OFF)
+ endif()
+ 
+-set(BROTLI_STATIC_LIBS brotlicommon-static brotlidec-static brotlienc-static)
 -add_library(brotlicommon-static STATIC ${BROTLI_COMMON_C})
 -add_library(brotlidec-static STATIC ${BROTLI_DEC_C})
 -add_library(brotlienc-static STATIC ${BROTLI_ENC_C})
@@ -68,27 +74,27 @@ index fc45f80..3f87f13 100644
  # Older CMake versions does not understand INCLUDE_DIRECTORIES property.
  include_directories(${BROTLI_INCLUDE_DIRS})
  
+-foreach(lib IN LISTS BROTLI_SHARED_LIBS)
+-  target_compile_definitions(${lib} PUBLIC "BROTLI_SHARED_COMPILATION" )
+-  string(TOUPPER "${lib}" LIB)
+-  set_target_properties (${lib} PROPERTIES DEFINE_SYMBOL "${LIB}_SHARED_COMPILATION")
+-endforeach()
 +if(BUILD_SHARED_LIBS)
 +  foreach(lib brotlicommon brotlidec brotlienc)
 +    target_compile_definitions(${lib} PUBLIC "BROTLI_SHARED_COMPILATION" )
 +    string(TOUPPER "${lib}" LIB)
-+    set_target_properties (${lib} PROPERTIES DEFINE_SYMBOL "${LIB}_SHARED_COMPILATION" )
++    set_target_properties (${lib} PROPERTIES DEFINE_SYMBOL "${LIB}_SHARED_COMPILATION")
 +  endforeach()
 +endif()
-+
- foreach(lib brotlicommon brotlidec brotlienc)
--  target_compile_definitions(${lib} PUBLIC "BROTLI_SHARED_COMPILATION" )
--  string(TOUPPER "${lib}" LIB)
--  set_target_properties (${lib} PROPERTIES DEFINE_SYMBOL "${LIB}_SHARED_COMPILATION" )
--endforeach()
--
--foreach(lib brotlicommon brotlidec brotlienc brotlicommon-static brotlidec-static brotlienc-static)
+ 
+-foreach(lib IN LISTS BROTLI_SHARED_LIBS BROTLI_STATIC_LIBS)
++foreach(lib brotlicommon brotlidec brotlienc)
    target_link_libraries(${lib} ${LIBM_LIBRARY})
    set_property(TARGET ${lib} APPEND PROPERTY INCLUDE_DIRECTORIES ${BROTLI_INCLUDE_DIRS})
    set_target_properties(${lib} PROPERTIES
-@@ -167,9 +163,6 @@ endforeach()
- target_link_libraries(brotlidec brotlicommon)
+@@ -200,9 +194,6 @@ target_link_libraries(brotlidec brotlicommon)
  target_link_libraries(brotlienc brotlicommon)
+ endif()
  
 -target_link_libraries(brotlidec-static brotlicommon-static)
 -target_link_libraries(brotlienc-static brotlicommon-static)
@@ -96,7 +102,7 @@ index fc45f80..3f87f13 100644
  # For projects stuck on older versions of CMake, this will set the
  # BROTLI_INCLUDE_DIRS and BROTLI_LIBRARIES variables so they still
  # have a relatively easy way to use Brotli:
-@@ -183,7 +176,7 @@ endif()
+@@ -216,7 +207,7 @@ endif()
  
  # Build the brotli executable
  add_executable(brotli ${BROTLI_CLI_C})
@@ -104,8 +110,8 @@ index fc45f80..3f87f13 100644
 +target_link_libraries(brotli ${BROTLI_LIBRARIES})
  
  # Installation
- if(NOT BROTLI_BUNDLED_MODE)
-@@ -199,13 +192,6 @@ if(NOT BROTLI_BUNDLED_MODE)
+ if(NOT BROTLI_EMSCRIPTEN)
+@@ -233,13 +224,6 @@ if(NOT BROTLI_BUNDLED_MODE)
      RUNTIME DESTINATION "${CMAKE_INSTALL_BINDIR}"
    )
  
@@ -119,26 +125,6 @@ index fc45f80..3f87f13 100644
    install(
      DIRECTORY ${BROTLI_INCLUDE_DIRS}/brotli
      DESTINATION "${CMAKE_INSTALL_INCLUDEDIR}"
-diff --git a/c/fuzz/test_fuzzer.sh b/c/fuzz/test_fuzzer.sh
-index 9985194..4b99947 100755
---- a/c/fuzz/test_fuzzer.sh
-+++ b/c/fuzz/test_fuzzer.sh
-@@ -13,12 +13,12 @@ mkdir bin
- cd bin
- 
- cmake $BROTLI -DCMAKE_C_COMPILER="$CC" \
--    -DBUILD_TESTING=OFF -DENABLE_SANITIZER=address
--make -j$(nproc) brotlidec-static
-+    -DBUILD_TESTING=OFF -DBUILD_SHARED_LIBS=OFF -DENABLE_SANITIZER=address
-+make -j$(nproc) brotlidec
- 
- ${CC} -o run_decode_fuzzer -std=c99 -fsanitize=address -I$SRC/include \
-     $SRC/fuzz/decode_fuzzer.c $SRC/fuzz/run_decode_fuzzer.c \
--    ./libbrotlidec-static.a ./libbrotlicommon-static.a
-+    ./libbrotlidec.a ./libbrotlicommon.a
- 
- mkdir decode_corpora
- unzip $BROTLI/java/org/brotli/integration/fuzz_data.zip -d decode_corpora
 -- 
-2.19.1
+2.28.0
 

package/brotli/0002-Revert-Add-runtime-linker-path-to-pkg-config-files.patch

@@ -0,0 +1,51 @@
+From 09b0992b6acb7faa6fd3b23f9bc036ea117230fc Mon Sep 17 00:00:00 2001
+From: Eugene Kliuchnikov <eustas.ru@gmail.com>
+Date: Wed, 2 Sep 2020 11:38:26 +0200
+Subject: [PATCH] Revert "Add runtime linker path to pkg-config files (#740)"
+ (#838)
+
+This reverts commit 31754d4ffce14153b5c2addf7a11019ec23f51c1.
+[Retrieved from:
+https://github.com/google/brotli/commit/09b0992b6acb7faa6fd3b23f9bc036ea117230fc]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ scripts/libbrotlicommon.pc.in | 2 +-
+ scripts/libbrotlidec.pc.in    | 2 +-
+ scripts/libbrotlienc.pc.in    | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/scripts/libbrotlicommon.pc.in b/scripts/libbrotlicommon.pc.in
+index 10ca969e..2a8cf7a3 100644
+--- a/scripts/libbrotlicommon.pc.in
++++ b/scripts/libbrotlicommon.pc.in
+@@ -7,5 +7,5 @@ Name: libbrotlicommon
+ URL: https://github.com/google/brotli
+ Description: Brotli common dictionary library
+ Version: @PACKAGE_VERSION@
+-Libs: -L${libdir} -R${libdir} -lbrotlicommon
++Libs: -L${libdir} -lbrotlicommon
+ Cflags: -I${includedir}
+diff --git a/scripts/libbrotlidec.pc.in b/scripts/libbrotlidec.pc.in
+index e7c3124f..6f8ef2e4 100644
+--- a/scripts/libbrotlidec.pc.in
++++ b/scripts/libbrotlidec.pc.in
+@@ -7,6 +7,6 @@ Name: libbrotlidec
+ URL: https://github.com/google/brotli
+ Description: Brotli decoder library
+ Version: @PACKAGE_VERSION@
+-Libs: -L${libdir} -R${libdir} -lbrotlidec
++Libs: -L${libdir} -lbrotlidec
+ Requires.private: libbrotlicommon >= 1.0.2
+ Cflags: -I${includedir}
+diff --git a/scripts/libbrotlienc.pc.in b/scripts/libbrotlienc.pc.in
+index 4dd0811b..2098afe2 100644
+--- a/scripts/libbrotlienc.pc.in
++++ b/scripts/libbrotlienc.pc.in
+@@ -7,6 +7,6 @@ Name: libbrotlienc
+ URL: https://github.com/google/brotli
+ Description: Brotli encoder library
+ Version: @PACKAGE_VERSION@
+-Libs: -L${libdir} -R${libdir} -lbrotlienc
++Libs: -L${libdir} -lbrotlienc
+ Requires.private: libbrotlicommon >= 1.0.2
+ Cflags: -I${includedir}

package/brotli/brotli.hash

@@ -1,5 +1,5 @@
 # Locally generated:
-sha512  a82362aa36d2f2094bca0b2808d9de0d57291fb3a4c29d7c0ca0a37e73087ec5ac4df299c8c363e61106fccf2fe7f58b5cf76eb97729e2696058ef43b1d3930a  v1.0.7.tar.gz
+sha512  b8e2df955e8796ac1f022eb4ebad29532cb7e3aa6a4b6aee91dbd2c7d637eee84d9a144d3e878895bb5e62800875c2c01c8f737a1261020c54feacf9f676b5f5  v1.0.9.tar.gz
 
 # Hash for license files:
 sha512  bae78184c2f50f86d8c727826d3982c469454c42b9af81f4ef007e39036434fa894cf5be3bf5fc65b7de2301f0a72d067a8186e303327db8a96bd14867e0a3a8  LICENSE

package/brotli/brotli.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-BROTLI_VERSION = 1.0.7
+BROTLI_VERSION = 1.0.9
 BROTLI_SOURCE = v$(BROTLI_VERSION).tar.gz
 BROTLI_SITE = https://github.com/google/brotli/archive
 BROTLI_LICENSE = MIT

package/bustle/bustle.mk

@@ -6,7 +6,7 @@
 
 BUSTLE_VERSION = 0.7.5
 BUSTLE_SITE = https://www.freedesktop.org/software/bustle/$(BUSTLE_VERSION)
-BUSTLE_LICENSE = LGPL-2.1+
+BUSTLE_LICENSE = LGPL-2.1+, GPL-3.0 (binaries)
 BUSTLE_LICENSE_FILES = LICENSE
 BUSTLE_DEPENDENCIES = libglib2 libpcap host-pkgconf
 

package/busybox/0008-hwclock-Fix-settimeofday-for-glibc-v2.31.patch

@@ -0,0 +1,63 @@
+From b226d7730b2c4ca73fc569b404cd6adff1c5b05f Mon Sep 17 00:00:00 2001
+From: Eddie James <eajames@linux.ibm.com>
+Date: Mon, 10 Aug 2020 09:59:02 -0500
+Subject: [PATCH] hwclock: Fix settimeofday for glibc v2.31+
+
+The glibc implementation changed for settimeofday, resulting in "invalid
+argument" error when attempting to set both timezone and time with a single
+call. Fix this by calling settimeofday twice
+
+Signed-off-by: Eddie James <eajames@linux.ibm.com>
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+
+(cherry picked from commit 1a5d6fcbb5e606ab4acdf22afa26361a25f1d43b)
+(Klaus: use bb_perror_msg_and_die() instead of
+bb_simple_perror_msg_and_die() for 1_31_1 backport)
+Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
+---
+ util-linux/hwclock.c | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/util-linux/hwclock.c b/util-linux/hwclock.c
+index 29f51021e..d2c68efbe 100644
+--- a/util-linux/hwclock.c
++++ b/util-linux/hwclock.c
+@@ -122,16 +122,20 @@ static void to_sys_clock(const char **pp_rtcname, int utc)
+ 	struct timeval tv;
+ 	struct timezone tz;
+ 
+-	tz.tz_minuteswest = timezone/60;
++	tz.tz_minuteswest = timezone / 60;
+ 	/* ^^^ used to also subtract 60*daylight, but it's wrong:
+ 	 * daylight!=0 means "this timezone has some DST
+ 	 * during the year", not "DST is in effect now".
+ 	 */
+ 	tz.tz_dsttime = 0;
+ 
++	/* glibc v2.31+ returns an error if both args are non-NULL */
++	if (settimeofday(NULL, &tz))
++		bb_perror_msg_and_die("settimeofday");
++
+ 	tv.tv_sec = read_rtc(pp_rtcname, NULL, utc);
+ 	tv.tv_usec = 0;
+-	if (settimeofday(&tv, &tz))
++	if (settimeofday(&tv, NULL))
+ 		bb_perror_msg_and_die("settimeofday");
+ }
+ 
+@@ -283,7 +287,11 @@ static void set_system_clock_timezone(int utc)
+ 	gettimeofday(&tv, NULL);
+ 	if (!utc)
+ 		tv.tv_sec += tz.tz_minuteswest * 60;
+-	if (settimeofday(&tv, &tz))
++
++	/* glibc v2.31+ returns an error if both args are non-NULL */
++	if (settimeofday(NULL, &tz))
++		bb_perror_msg_and_die("settimeofday");
++	if (settimeofday(&tv, NULL))
+ 		bb_perror_msg_and_die("settimeofday");
+ }
+ 
+-- 
+2.17.1
+

package/busybox/busybox.hash

@@ -1,4 +1,5 @@
 # From https://busybox.net/downloads/busybox-1.31.1.tar.bz2.sha256
-sha256 d0f940a72f648943c1f2211e0e3117387c31d765137d92bd8284a3fb9752a998  busybox-1.31.1.tar.bz2
+sha256  d0f940a72f648943c1f2211e0e3117387c31d765137d92bd8284a3fb9752a998  busybox-1.31.1.tar.bz2
 # Locally computed
-sha256 bbfc9843646d483c334664f651c208b9839626891d8f17604db2146962f43548  LICENSE
+sha256  bbfc9843646d483c334664f651c208b9839626891d8f17604db2146962f43548  LICENSE
+sha256  b5a136ed67798e51fe2e0ca0b2a21cb01b904ff0c9f7d563a6292e276607e58f  archival/libarchive/bz/LICENSE

package/busybox/busybox.mk

@@ -7,8 +7,8 @@
 BUSYBOX_VERSION = 1.31.1
 BUSYBOX_SITE = http://www.busybox.net/downloads
 BUSYBOX_SOURCE = busybox-$(BUSYBOX_VERSION).tar.bz2
-BUSYBOX_LICENSE = GPL-2.0
-BUSYBOX_LICENSE_FILES = LICENSE
+BUSYBOX_LICENSE = GPL-2.0, bzip2-1.0.4
+BUSYBOX_LICENSE_FILES = LICENSE archival/libarchive/bz/LICENSE
 
 define BUSYBOX_HELP_CMDS
 	@echo '  busybox-menuconfig     - Run BusyBox menuconfig'

package/c-ares/0001-src-lib-Makefile.am-install-ares_dns.h.patch

@@ -0,0 +1,37 @@
+From e2180d95fb67f57b6ffba01fefb4844a1ca4f792 Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Wed, 18 Nov 2020 08:12:45 +0100
+Subject: [PATCH] src/lib/Makefile.am: install ares_dns.h
+
+This will avoid the following build failure with resiprocate:
+
+In file included from dns/DnsCnameRecord.cxx:7:
+dns/AresCompat.hxx:5:10: fatal error: ares_dns.h: No such file or directory
+ #include "ares_dns.h"
+          ^~~~~~~~~~~~
+
+Fixes:
+ - http://autobuild.buildroot.org/results/cbf158f0c037d44ef293a8804d18c84e3b731059
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Upstream status: https://github.com/c-ares/c-ares/pull/376]
+---
+ src/lib/Makefile.am | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am
+index c918667..92a4152 100644
+--- a/src/lib/Makefile.am
++++ b/src/lib/Makefile.am
+@@ -14,6 +14,8 @@ lib_LTLIBRARIES = libcares.la
+ 
+ man_MANS = $(MANPAGES)
+ 
++include_HEADERS = ares_dns.h
++
+ # adig and ahost are just sample programs and thus not mentioned with the
+ # regular sources and headers
+ EXTRA_DIST = Makefile.inc config-win32.h CMakeLists.txt \
+-- 
+2.29.2
+

package/c-ares/c-ares.hash

@@ -1,5 +1,5 @@
 # Locally calculated after checking pgp signature
-sha256  d08312d0ecc3bd48eee0a4cc0d2137c9f194e0a28de2028928c0f6cae85f86ce  c-ares-1.16.1.tar.gz
+sha256  1cecd5dbe21306c7263f8649aa6e9a37aecb985995a3489f487d98df2b40757d  c-ares-1.17.0.tar.gz
 
 # Hash for license file
 sha256  db4eb63fe09daebdf57d3f79b091bb5ee5070c0d761040e83264e648d307af4c  LICENSE.md

package/c-ares/c-ares.mk

@@ -4,12 +4,14 @@
 #
 ################################################################################
 
-C_ARES_VERSION = 1.16.1
+C_ARES_VERSION = 1.17.0
 C_ARES_SITE = http://c-ares.haxx.se/download
 C_ARES_INSTALL_STAGING = YES
 C_ARES_CONF_OPTS = --with-random=/dev/urandom
 C_ARES_LICENSE = MIT
 C_ARES_LICENSE_FILES = LICENSE.md
+# We're patching src/lib/Makefile.am
+C_ARES_AUTORECONF = YES
 
 $(eval $(autotools-package))
 $(eval $(host-autotools-package))

package/ca-certificates/ca-certificates.hash

@@ -1,6 +1,6 @@
 # hashes from: $(CA_CERTIFICATES_SITE)/ca-certificates_$(CA_CERTIFICATES_VERSION).dsc :
-sha1   47d4584eae85fc905e4994766eb3930a8a84e2e1                         ca-certificates_20190110.tar.xz
-sha256 ee4bf0f4c6398005f5b5ca4e0b87b82837ac5c3b0280a1cb3a63c47555c3a675 ca-certificates_20190110.tar.xz
+sha1  f17235bc9c3aec538065a655681815c242a6d7d5  ca-certificates_20200601.tar.xz
+sha256  43766d5a436519503dfd65ab83488ae33ab4d4ca3d0993797b58c92eb9ed4e63  ca-certificates_20200601.tar.xz
 
 # Locally computed
-sha256 80fd11117df5543d5cf17bfd951b0ead213f7867d0b09f09c6d5a5eca3ff7422 debian/copyright
+sha256  e85e1bcad3a915dc7e6f41412bc5bdeba275cadd817896ea0451f2140a93967c  debian/copyright

package/ca-certificates/ca-certificates.mk

@@ -4,9 +4,9 @@
 #
 ################################################################################
 
-CA_CERTIFICATES_VERSION = 20190110
+CA_CERTIFICATES_VERSION = 20200601
 CA_CERTIFICATES_SOURCE = ca-certificates_$(CA_CERTIFICATES_VERSION).tar.xz
-CA_CERTIFICATES_SITE = http://snapshot.debian.org/archive/debian/20190513T145054Z/pool/main/c/ca-certificates
+CA_CERTIFICATES_SITE = http://snapshot.debian.org/archive/debian/20200602T145955Z/pool/main/c/ca-certificates
 CA_CERTIFICATES_DEPENDENCIES = host-openssl
 # ca-certificates can be built with either python 2 or python 3
 # but it must be at least python 2.7

package/cage/Config.in

@@ -3,16 +3,14 @@ comment "cage needs udev, mesa3d w/ EGL and GLES support"
 		!BR2_PACKAGE_MESA3D_OPENGL_ES || \
 		!BR2_PACKAGE_HAS_UDEV
 
-comment "cage needs a toolchain w/ threads, locale, dynamic library"
+comment "cage needs a toolchain w/ threads, dynamic library"
 	depends on !BR2_TOOLCHAIN_HAS_THREADS || \
-		!BR2_ENABLE_LOCALE || \
 		BR2_STATIC_LIBS
 
 config BR2_PACKAGE_CAGE
 	bool "cage"
 	depends on !BR2_STATIC_LIBS # wlroots
 	depends on BR2_TOOLCHAIN_HAS_THREADS # wlroots
-	depends on BR2_ENABLE_LOCALE # wlroots
 	depends on BR2_PACKAGE_HAS_UDEV # wlroots
 	depends on BR2_PACKAGE_MESA3D_OPENGL_EGL # wlroots
 	depends on BR2_PACKAGE_MESA3D_OPENGL_ES # wlroots

package/cdrkit/cdrkit.mk

@@ -18,5 +18,14 @@ else
 CDRKIT_CONF_OPTS += -DBITFIELDS_HTOL=0
 endif
 
+ifeq ($(BR2_PACKAGE_FILE),y)
+CDRKIT_DEPENDENCIES += host-pkgconf file
+CDRKIT_CONF_OPTS += \
+	-DUSE_MAGIC=ON \
+	-DEXTRA_LIBS="`$(PKG_CONFIG_HOST_BINARY) --libs libmagic`"
+else
+CDRKIT_CONF_OPTS += -DUSE_MAGIC=OFF
+endif
+
 $(eval $(cmake-package))
 $(eval $(host-cmake-package))

package/cifs-utils/cifs-utils.hash

@@ -1,5 +1,5 @@
 # Locally calculated after checking pgp signature
-sha256  92fc29c8e9039637f3344267500f1fa381e2cccd7d10142f0c1676fa575904a7  cifs-utils-6.10.tar.bz2
+sha256  b859239a3f204f8220d3e54ed43bf8109e1ef202042dd87ba87492f8878728d9  cifs-utils-6.11.tar.bz2
 
 # Hash for license file:
 sha256  8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903  COPYING

package/cifs-utils/cifs-utils.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-CIFS_UTILS_VERSION = 6.10
+CIFS_UTILS_VERSION = 6.11
 CIFS_UTILS_SOURCE = cifs-utils-$(CIFS_UTILS_VERSION).tar.bz2
 CIFS_UTILS_SITE = http://ftp.samba.org/pub/linux-cifs/cifs-utils
 CIFS_UTILS_LICENSE = GPL-3.0+

package/collectd/Config.in

@@ -571,6 +571,7 @@ comment "Select at least one for collectd to be useful"
 
 config BR2_PACKAGE_COLLECTD_AMQP
 	bool "amqp"
+	select BR2_PACKAGE_OPENSSL # needs rabbitmq-c with ssl support
 	select BR2_PACKAGE_RABBITMQ_C
 	help
 	  Send/receive values via the Advanced Message Queuing Protocol

package/cryptopp/cryptopp.hash

@@ -1,5 +1,5 @@
-# Hash from: https://www.cryptopp.com/release820.html:
-sha256  03f0e2242e11b9d19b28d0ec5a3fa8ed5cc7b27640e6bed365744f593e858058  cryptopp820.zip
+# Hash from: https://www.cryptopp.com/release830.html:
+sha512  ad5219a66c5924d330d3646d0ff996dd235006f6812074bc4eb9e8c662a4f000ba20449d377f24b133d19ce682f7b2a3b2eb4c08857ce0f5bb39743d1d425147  cryptopp830.zip
 
 # Hash for license file:
-sha256  f29d65ae3f0c8e327284f193524643ffb4d682fcca3e1740a5c6cbab0e720583  License.txt
+sha256  e668af8c73a38a66a1e8951d14ec24e7582fee5254dd6c3dae488a416d105d5f  License.txt

package/cryptopp/cryptopp.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-CRYPTOPP_VERSION = 8.2.0
+CRYPTOPP_VERSION = 8.3.0
 CRYPTOPP_SOURCE = cryptopp$(subst .,,$(CRYPTOPP_VERSION)).zip
 CRYPTOPP_SITE = https://cryptopp.com
 CRYPTOPP_LICENSE = BSL-1.0, BSD-3-Clause (CRYPTOGAMS), Public domain (ChaCha SSE2 and AVX)

package/cryptsetup/cryptsetup.hash

@@ -1,4 +1,4 @@
 # From https://www.kernel.org/pub/linux/utils/cryptsetup/v2.3/sha256sums.asc
-sha256  3bca4ffe39e2f94cef50f6ea65acb873a6dbce5db34fc6bcefe38b6d095e82df  cryptsetup-2.3.3.tar.xz
+sha256  9d16eebb96b53b514778e813019b8dd15fea9fec5aafde9fae5febf59df83773  cryptsetup-2.3.4.tar.xz
 sha256  45670cce8b6a0ddd66c8016cd8ccef6cd71f35717cbacc7f1e895b3855207b33  COPYING
 sha256  8c33cc37871654ec7ed87e6fbb896c8cf33ef5ef05b1611a5aed857596ffafa5  COPYING.LGPL

package/cryptsetup/cryptsetup.mk

@@ -5,7 +5,7 @@
 ################################################################################
 
 CRYPTSETUP_VERSION_MAJOR = 2.3
-CRYPTSETUP_VERSION = $(CRYPTSETUP_VERSION_MAJOR).3
+CRYPTSETUP_VERSION = $(CRYPTSETUP_VERSION_MAJOR).4
 CRYPTSETUP_SOURCE = cryptsetup-$(CRYPTSETUP_VERSION).tar.xz
 CRYPTSETUP_SITE = $(BR2_KERNEL_MIRROR)/linux/utils/cryptsetup/v$(CRYPTSETUP_VERSION_MAJOR)
 CRYPTSETUP_DEPENDENCIES = lvm2 popt util-linux host-pkgconf json-c libargon2 \

package/cups-filters/S82cups-browsed

@@ -6,7 +6,7 @@ PIDFILE="/var/run/$DAEMON.pid"
 start() {
 	printf 'Starting %s: ' "$DAEMON"
 	# shellcheck disable=SC2086 # we need the word splitting
-	start-stop-daemon -b -m -S -q -p "$PIDFILE" -x "/sbin/$DAEMON" \
+	start-stop-daemon -b -m -S -q -p "$PIDFILE" -x "/usr/sbin/$DAEMON" \
 		-- -c /etc/cups/cups-browsed.conf
 	status=$?
 	if [ "$status" -eq 0 ]; then

package/cups/70-usb-printers.rules

@@ -0,0 +1,3 @@
+# Allow USB printers in the lp group
+# Match rules converted from usblp.c driver's usblp_ids
+ACTION=="add", SUBSYSTEM=="usb", ATTR{bInterfaceClass}=="07", ATTR{bInterfaceSubClass}=="01", GROUP="lp"

package/cups/cups.mk

@@ -22,6 +22,9 @@ CUPS_CONF_OPTS = \
 	--disable-gssapi \
 	--disable-pam \
 	--libdir=/usr/lib \
+	--with-cups-user=lp \
+	--with-cups-group=lp \
+	--with-system-groups="lpadmin sys root" \
 	--without-rcdir
 CUPS_CONFIG_SCRIPTS = cups-config
 CUPS_DEPENDENCIES = \
@@ -72,9 +75,25 @@ else
 CUPS_CONF_OPTS += --disable-avahi
 endif
 
+ifeq ($(BR2_PACKAGE_HAS_UDEV),y)
+define CUPS_INSTALL_UDEV_RULES
+	$(INSTALL) -D -m 0644 package/cups/70-usb-printers.rules \
+		$(TARGET_DIR)/lib/udev/rules.d/70-usb-printers.rules
+endef
+
+CUPS_POST_INSTALL_TARGET_HOOKS += CUPS_INSTALL_UDEV_RULES
+endif
+
 define CUPS_INSTALL_INIT_SYSV
 	$(INSTALL) -D -m 0755 package/cups/S81cupsd \
 		$(TARGET_DIR)/etc/init.d/S81cupsd
 endef
 
+# lp user is needed to run cups spooler
+# lpadmin group membership grants administrative privileges
+define CUPS_USERS
+	lp -1 lp -1 * /var/spool/lpd /bin/false - lp
+	- - lpadmin -1 * - - - Printers admin group.
+endef
+
 $(eval $(autotools-package))

package/darkhttpd/darkhttpd.hash

@@ -1,2 +1,3 @@
 # Locally generated
-sha256 a50417b622b32b5f421b3132cb94ebeff04f02c5fb87fba2e31147d23de50505 darkhttpd-1.12.tar.bz2
+sha256  a50417b622b32b5f421b3132cb94ebeff04f02c5fb87fba2e31147d23de50505  darkhttpd-1.12.tar.bz2
+sha256  6e1a2e45d8dd3c8835222e3c82e5cccde8e60f02d55555910e18715ec5dc6d04  darkhttpd.c

package/darkhttpd/darkhttpd.mk

@@ -8,6 +8,7 @@ DARKHTTPD_VERSION = 1.12
 DARKHTTPD_SITE = https://unix4lyfe.org/darkhttpd
 DARKHTTPD_SOURCE = darkhttpd-$(DARKHTTPD_VERSION).tar.bz2
 DARKHTTPD_LICENSE = MIT
+DARKHTTPD_LICENSE_FILES = darkhttpd.c
 
 define DARKHTTPD_BUILD_CMDS
 	$(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)

package/davfs2/davfs2.mk

@@ -18,4 +18,8 @@ DAVFS2_CONF_ENV += \
 	ac_cv_path_NEON_CONFIG=$(STAGING_DIR)/usr/bin/neon-config \
 	LIBS=$(TARGET_NLS_LIBS)
 
+define DAVFS2_USERS
+	davfs2 -1 davfs2 -1 * - - - davfs user
+endef
+
 $(eval $(autotools-package))

package/dhcpcd/dhcpcd.mk

@@ -11,6 +11,18 @@ DHCPCD_DEPENDENCIES = host-pkgconf
 DHCPCD_LICENSE = BSD-2-Clause
 DHCPCD_LICENSE_FILES = LICENSE
 
+DHCPCD_CONFIG_OPTS = \
+	--libexecdir=/lib/dhcpcd \
+	--os=linux \
+	--privsepuser=dhcpcd
+
+ifeq ($(BR2_PACKAGE_HAS_UDEV),y)
+DHCPCD_CONFIG_OPTS += --with-udev
+DHCPCD_DEPENDENCIES += udev
+else
+DHCPCD_CONFIG_OPTS += --without-udev
+endif
+
 ifeq ($(BR2_STATIC_LIBS),y)
 DHCPCD_CONFIG_OPTS += --enable-static
 endif
@@ -20,16 +32,11 @@ DHCPCD_CONFIG_OPTS += --disable-fork --disable-privsep
 endif
 
 define DHCPCD_CONFIGURE_CMDS
-	(cd $(@D); \
-	$(TARGET_CONFIGURE_OPTS) ./configure \
-		--os=linux \
-		--libexecdir=/lib/dhcpcd \
-		$(DHCPCD_CONFIG_OPTS) )
+	(cd $(@D); $(TARGET_CONFIGURE_OPTS) ./configure $(DHCPCD_CONFIG_OPTS))
 endef
 
 define DHCPCD_BUILD_CMDS
-	$(TARGET_MAKE_ENV) $(MAKE) \
-		-C $(@D) all
+	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) all
 endef
 
 define DHCPCD_INSTALL_TARGET_CMDS
@@ -51,6 +58,10 @@ define DHCPCD_INSTALL_INIT_SYSTEMD
 endef
 endif
 
+define DHCPCD_USERS
+	dhcpcd -1 dhcpcd -1 * - - - dhcpcd user
+endef
+
 # NOTE: Even though this package has a configure script, it is not generated
 # using the autotools, so we have to use the generic package infrastructure.
 

package/dhcpcd/dhcpcd.service

@@ -5,7 +5,7 @@ After=network.target
 [Service]
 Type=forking
 EnvironmentFile=-/etc/default/dhcpcd
-PIDFile=/var/run/dhcpcd.pid
+PIDFile=/run/dhcpcd.pid
 ExecStart=/sbin/dhcpcd $DAEMON_ARGS
 Restart=always
 

package/dhcpdump/dhcpdump.mk

@@ -20,7 +20,7 @@ DHCPDUMP_CFLAGS = $(TARGET_CFLAGS) -DHAVE_STRSEP
 
 define DHCPDUMP_BUILD_CMDS
 	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) CC="$(TARGET_CC) $(DHCPDUMP_CFLAGS) \
-		-D_GNU_SOURCE" LIBS="$(DHCPDUMP_LIBS)"
+		-D_GNU_SOURCE" LIBS="$(DHCPDUMP_LIBS)" dhcpdump
 endef
 
 define DHCPDUMP_INSTALL_TARGET_CMDS

package/docker-cli/docker-cli.hash

@@ -1,3 +1,3 @@
 # Locally calculated
-sha256	a5b1d6c5766f77896273e864a448a7f0ea4055bb52f50f884f14ad6ef0d5fdb4  docker-cli-19.03.11.tar.gz
+sha256	21b88a00e8f7a3194c0ae1de5a31e3e1728ef6aa2804158dcb502a8b5fd6ae2b  docker-cli-19.03.13.tar.gz
 sha256	2d81ea060825006fc8f3fe28aa5dc0ffeb80faf325b612c955229157b8c10dc0  LICENSE

package/docker-cli/docker-cli.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DOCKER_CLI_VERSION = 19.03.11
+DOCKER_CLI_VERSION = 19.03.13
 DOCKER_CLI_SITE = $(call github,docker,cli,v$(DOCKER_CLI_VERSION))
 DOCKER_CLI_WORKSPACE = gopath
 

package/docker-containerd/docker-containerd.hash

@@ -1,3 +1,3 @@
 # Computed locally
-sha256	0811057ab67b78ce911416e793edaeb14b3f1e105d67b8e67b6302e0eab572e4  docker-containerd-1.2.13.tar.gz
-sha256 4bbe3b885e8cd1907ab4cf9a41e862e74e24b5422297a4f2fe524e6a30ada2b4  LICENSE
+sha256	bc6d9452c700af0ebc09c0da8ddba55be4c03ac8928e72ca92d98905800c8018  docker-containerd-1.4.3.tar.gz
+sha256	4bbe3b885e8cd1907ab4cf9a41e862e74e24b5422297a4f2fe524e6a30ada2b4  LICENSE

package/docker-containerd/docker-containerd.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DOCKER_CONTAINERD_VERSION = 1.2.13
+DOCKER_CONTAINERD_VERSION = 1.4.3
 DOCKER_CONTAINERD_SITE = $(call github,containerd,containerd,v$(DOCKER_CONTAINERD_VERSION))
 DOCKER_CONTAINERD_LICENSE = Apache-2.0
 DOCKER_CONTAINERD_LICENSE_FILES = LICENSE

package/docker-engine/docker-engine.hash

@@ -1,3 +1,3 @@
 # Locally calculated
-sha256	5ff62d7b3638a275b2c459e53a4d1a7a8fb03dde8305defcd55e05e059e5618d  docker-engine-19.03.11.tar.gz
+sha256	f43331fef1d24e31f43392fc1fed72b48fc17fd432d341d6eb1f68ca11383406  docker-engine-19.03.13.tar.gz
 sha256	7c87873291f289713ac5df48b1f2010eb6963752bbd6b530416ab99fc37914a8  LICENSE

package/docker-engine/docker-engine.mk

@@ -4,8 +4,8 @@
 #
 ################################################################################
 
-DOCKER_ENGINE_VERSION = 19.03.11
-DOCKER_ENGINE_SITE = $(call github,docker,engine,v$(DOCKER_ENGINE_VERSION))
+DOCKER_ENGINE_VERSION = 19.03.13
+DOCKER_ENGINE_SITE = $(call github,moby,moby,v$(DOCKER_ENGINE_VERSION))
 
 DOCKER_ENGINE_LICENSE = Apache-2.0
 DOCKER_ENGINE_LICENSE_FILES = LICENSE

package/dovecot-pigeonhole/dovecot-pigeonhole.mk

@@ -13,4 +13,12 @@ DOVECOT_PIGEONHOLE_DEPENDENCIES = dovecot
 
 DOVECOT_PIGEONHOLE_CONF_OPTS = --with-dovecot=$(STAGING_DIR)/usr/lib
 
+ifeq ($(BR2_PER_PACKAGE_DIRECTORIES),y)
+define DOVECOT_PIGEONHOLE_FIXUP_DOVECOT_CONFIG
+	$(SED) 's,$(PER_PACKAGE_DIR)/dovecot/,$(PER_PACKAGE_DIR)/dovecot-pigeonhole/,g' \
+		$(STAGING_DIR)/usr/lib/dovecot-config
+endef
+DOVECOT_PIGEONHOLE_PRE_CONFIGURE_HOOKS = DOVECOT_PIGEONHOLE_FIXUP_DOVECOT_CONFIG
+endif
+
 $(eval $(autotools-package))

package/dtv-scan-tables/dtv-scan-tables.mk

@@ -5,7 +5,7 @@
 ################################################################################
 
 DTV_SCAN_TABLES_VERSION = 6d019038cd04e837d9dd58701202c15924c1c654
-DTV_SCAN_TABLES_SITE = http://git.linuxtv.org/cgit.cgi/dtv-scan-tables.git
+DTV_SCAN_TABLES_SITE = https://git.linuxtv.org/dtv-scan-tables.git
 DTV_SCAN_TABLES_SITE_METHOD = git
 
 # This package only contains the transponders data. This is not a 'work'

package/dvb-apps/0006-fix-glibc-2.31.patch

@@ -0,0 +1,21 @@
+dvbdate: fix compilation error with glibc 2.31
+
+as stime func doesn't exists anymore in newer versions of glibc >= 2.31 due
+to obseletion, a replacment with clock_settime is inorder to fix the issue.
+
+Signed-off-by: Dagg Stompler <daggs@gmx.com>
+
+--- a/util/dvbdate/dvbdate.c
++++ b/util/dvbdate/dvbdate.c
+@@ -309,7 +309,10 @@
+  */
+ int set_time(time_t * new_time)
+ {
+-	if (stime(new_time)) {
++	struct timespec s = {0};
++	s.tv_sec = new_time;
++
++	if (clock_settime(CLOCK_REALTIME, &s)) {
+ 		perror("Unable to set time");
+ 		return -1;
+ 	}

package/ecryptfs-utils/ecryptfs-utils.mk

@@ -15,6 +15,7 @@ ECRYPTFS_UTILS_CONF_OPTS = --disable-pywrap
 
 #Needed for build system to find pk11func.h and libnss3.so
 ECRYPTFS_UTILS_CONF_ENV = \
+	ac_cv_path_POD2MAN=true \
 	NSS_CFLAGS="-I$(STAGING_DIR)/usr/include/nss -I$(STAGING_DIR)/usr/include/nspr" \
 	NSS_LIBS="-lnss3"
 

package/efl/Config.in

@@ -1,7 +1,7 @@
 config BR2_PACKAGE_EFL
 	bool "efl"
-	 # g++ issue with 4.4.5, tested with g++ 4.7.2
-	depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_7
+	depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 # C++11
+	depends on BR2_HOST_GCC_AT_LEAST_4_9 # host-efl
 	depends on BR2_INSTALL_LIBSTDCPP
 	depends on BR2_TOOLCHAIN_HAS_THREADS # untested without threads
 	depends on BR2_USE_MMU
@@ -280,8 +280,9 @@ comment "SVG loader needs a toolchain w/ gcc >= 4.8"
 
 endif # BR2_PACKAGE_EFL
 
-comment "efl needs a toolchain w/ C++, dynamic library, gcc >= 4.7, threads, wchar"
+comment "efl needs a toolchain w/ C++, dynamic library, gcc >= 4.9, host gcc >= 4.9, threads, wchar"
 	depends on !BR2_INSTALL_LIBSTDCPP \
-		|| !BR2_TOOLCHAIN_GCC_AT_LEAST_4_7 \
-		|| BR2_STATIC_LIBS || !BR2_TOOLCHAIN_HAS_THREADS || !BR2_USE_WCHAR
+		|| !BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 \
+		|| !BR2_HOST_GCC_AT_LEAST_4_9 || BR2_STATIC_LIBS \
+		|| !BR2_TOOLCHAIN_HAS_THREADS || !BR2_USE_WCHAR
 	depends on BR2_USE_MMU

package/elf2flt/0003-elf2flt-handle-binutils-2.34.patch

@@ -0,0 +1,377 @@
+From 26165906f85d82f0a4456f34b5c60fcaaef48535 Mon Sep 17 00:00:00 2001
+From: Romain Naour <romain.naour@smile.fr>
+Date: Wed, 5 Feb 2020 10:31:32 +0100
+Subject: [PATCH] elf2flt: handle binutils >= 2.34
+
+The latest Binutils release (2.34) is not compatible with elf2flt due
+to a change in bfd_section_* macros [1]. The issue has been reported
+to the Binutils mailing list but Alan Modra recommend to bundle
+libbfd library sources into each projects using it [2]. That's
+because the API is not stable over the time without any backward
+compatibility guaranties.
+
+On the other hand, the elf2flt tools needs to support modified
+version of binutils for specific arch/target [3].
+
+Add two tests in the configure script to detect this API change
+in order to support binutils < 2.34 and binutils >= 2.34.
+
+Upstream status: [4]
+
+[1] https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=fd3619828e94a24a92cddec42cbc0ab33352eeb4
+[2] https://sourceware.org/ml/binutils/2020-02/msg00044.html
+[3] https://github.com/uclinux-dev/elf2flt/issues/14
+[4] https://github.com/uclinux-dev/elf2flt/pull/15
+
+Signed-off-by: Romain Naour <romain.naour@smile.fr>
+---
+ configure.ac | 16 +++++++++++
+ elf2flt.c    | 81 +++++++++++++++++++++++++++++-----------------------
+ 2 files changed, 61 insertions(+), 36 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index e82eb1d..cf7dea8 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -229,6 +229,22 @@ AC_CHECK_FUNCS([ \
+ 	strsignal \
+ ])
+ 
++dnl Various bfd section macros and functions like bfd_section_size() have been
++dnl modified starting with binutils >= 2.34.
++dnl Check if the prototypes take a bfd argument.
++if test "$binutils_build_dir" != "NONE"; then
++    CFLAGS="-I$binutils_include_dir -I$bfd_include_dir $CFLAGS"
++fi
++
++AC_TRY_COMPILE([#include <bfd.h>],
++ [const asection *sec; bfd_section_size(sec);],
++ bfd_section_api_takes_bfd=no,
++ bfd_section_api_takes_bfd=yes)
++if test "$bfd_section_api_takes_bfd" = "yes" ; then
++  AC_DEFINE(HAVE_BFD_SECTION_API_TAKES_BFD, 1,
++   [define to 1 for binutils < 2.34])
++fi
++
+ if test "$GCC" = yes ; then
+ 	CFLAGS="-Wall $CFLAGS"
+ 	if test "$werror" = 1 ; then
+diff --git a/elf2flt.c b/elf2flt.c
+index b93aecd..3bcf4fe 100644
+--- a/elf2flt.c
++++ b/elf2flt.c
+@@ -149,6 +149,17 @@ const char *elf2flt_progname;
+ #define O_BINARY 0
+ #endif
+ 
++/*
++ * The bfd parameter isn't actually used by any of the bfd_section funcs and
++ * have been removed since binutils 2.34.
++ */
++#ifdef HAVE_BFD_SECTION_API_TAKES_BFD
++#define elf2flt_bfd_section_size(s) bfd_section_size(NULL, s)
++#define elf2flt_bfd_section_vma(s)  bfd_section_vma(NULL, s)
++#else
++#define elf2flt_bfd_section_size(s) bfd_section_size(s)
++#define elf2flt_bfd_section_vma(s)  bfd_section_vma(s)
++#endif
+ 
+ /* Extra output when running.  */
+ static int verbose = 0;
+@@ -323,10 +334,8 @@ compare_relocs (const void *pa, const void *pb)
+ 	else if (!rb->sym_ptr_ptr || !*rb->sym_ptr_ptr)
+ 		return 1;
+ 
+-	a_vma = bfd_section_vma(compare_relocs_bfd,
+-				(*(ra->sym_ptr_ptr))->section);
+-	b_vma = bfd_section_vma(compare_relocs_bfd,
+-				(*(rb->sym_ptr_ptr))->section);
++	a_vma = elf2flt_bfd_section_vma((*(ra->sym_ptr_ptr))->section);
++	b_vma = elf2flt_bfd_section_vma((*(rb->sym_ptr_ptr))->section);
+ 	va = (*(ra->sym_ptr_ptr))->value + a_vma + ra->addend;
+ 	vb = (*(rb->sym_ptr_ptr))->value + b_vma + rb->addend;
+ 	return va - vb;
+@@ -403,7 +412,7 @@ output_relocs (
+   }
+ 
+   for (a = abs_bfd->sections; (a != (asection *) NULL); a = a->next) {
+-  	section_vma = bfd_section_vma(abs_bfd, a);
++	section_vma = elf2flt_bfd_section_vma(a);
+ 
+ 	if (verbose)
+ 		printf("SECTION: %s [%p]: flags=0x%x vma=0x%"PRIx32"\n",
+@@ -442,7 +451,7 @@ output_relocs (
+ 	  continue;
+ 	if (verbose)
+ 	  printf(" RELOCS: %s [%p]: flags=0x%x vma=0x%"BFD_VMA_FMT"x\n",
+-			r->name, r, r->flags, bfd_section_vma(abs_bfd, r));
++			r->name, r, r->flags, elf2flt_bfd_section_vma(r));
+   	if ((r->flags & SEC_RELOC) == 0)
+   	  continue;
+ 	relsize = bfd_get_reloc_upper_bound(rel_bfd, r);
+@@ -694,7 +703,7 @@ output_relocs (
+ 				case R_BFIN_RIMM16:
+ 				case R_BFIN_LUIMM16:
+ 				case R_BFIN_HUIMM16:
+-				    sym_vma = bfd_section_vma(abs_bfd, sym_section);
++				    sym_vma = elf2flt_bfd_section_vma(sym_section);
+ 				    sym_addr += sym_vma + q->addend;
+ 
+ 				    if (weak_und_symbol(sym_section->name, (*(q->sym_ptr_ptr))))
+@@ -727,7 +736,7 @@ output_relocs (
+ 				    break;
+ 
+ 				case R_BFIN_BYTE4_DATA:
+-				    sym_vma = bfd_section_vma(abs_bfd, sym_section);
++				    sym_vma = elf2flt_bfd_section_vma(sym_section);
+ 				    sym_addr += sym_vma + q->addend;
+ 
+ 				    if (weak_und_symbol (sym_section->name, (*(q->sym_ptr_ptr))))
+@@ -885,7 +894,7 @@ output_relocs (
+ #if defined(TARGET_m68k)
+ 				case R_68K_32:
+ 					relocation_needed = 1;
+-					sym_vma = bfd_section_vma(abs_bfd, sym_section);
++					sym_vma = elf2flt_bfd_section_vma(sym_section);
+ 					sym_addr += sym_vma + q->addend;
+ 					break;
+ 				case R_68K_PC16:
+@@ -910,7 +919,7 @@ output_relocs (
+ 							q->address, sym_addr,
+ 							(*p)->howto->rightshift,
+ 							*(uint32_t *)r_mem);
+-					sym_vma = bfd_section_vma(abs_bfd, sym_section);
++					sym_vma = elf2flt_bfd_section_vma(sym_section);
+ 					sym_addr += sym_vma + q->addend;
+ 					break;
+ 				case R_ARM_GOT32:
+@@ -938,7 +947,7 @@ output_relocs (
+ #ifdef TARGET_v850
+ 				case R_V850_ABS32:
+ 					relocation_needed = 1;
+-					sym_vma = bfd_section_vma(abs_bfd, sym_section);
++					sym_vma = elf2flt_bfd_section_vma(sym_section);
+ 					sym_addr += sym_vma + q->addend;
+ 					break;
+ 				case R_V850_ZDA_16_16_OFFSET:
+@@ -960,7 +969,7 @@ output_relocs (
+ 					sym_addr = (*(q->sym_ptr_ptr))->value;
+ 					q->address -= 1;
+ 					r_mem -= 1; /* tracks q->address */
+-					sym_vma = bfd_section_vma(abs_bfd, sym_section);
++					sym_vma = elf2flt_bfd_section_vma(sym_section);
+ 					sym_addr += sym_vma + q->addend;
+ 					sym_addr |= (*(unsigned char *)r_mem<<24);
+ 					break;
+@@ -973,7 +982,7 @@ output_relocs (
+ 					/* Absolute symbol done not relocation */
+ 					relocation_needed = !bfd_is_abs_section(sym_section);
+ 					sym_addr = (*(q->sym_ptr_ptr))->value;
+-					sym_vma = bfd_section_vma(abs_bfd, sym_section);
++					sym_vma = elf2flt_bfd_section_vma(sym_section);
+ 					sym_addr += sym_vma + q->addend;
+ 					break;
+ 				case R_H8_DIR32:
+@@ -986,7 +995,7 @@ output_relocs (
+ 					}
+ 					relocation_needed = 1;
+ 					sym_addr = (*(q->sym_ptr_ptr))->value;
+-					sym_vma = bfd_section_vma(abs_bfd, sym_section);
++					sym_vma = elf2flt_bfd_section_vma(sym_section);
+ 					sym_addr += sym_vma + q->addend;
+ 					break;
+ 				case R_H8_PCREL16:
+@@ -1012,7 +1021,7 @@ output_relocs (
+ #ifdef TARGET_microblaze
+ 				case R_MICROBLAZE_64:
+ 					/* work out the relocation */
+-					sym_vma = bfd_section_vma(abs_bfd, sym_section);
++					sym_vma = elf2flt_bfd_section_vma(sym_section);
+ 					sym_addr += sym_vma + q->addend;
+ 					/* Write relocated pointer back */
+ 					r_mem[2] = (sym_addr >> 24) & 0xff;
+@@ -1026,7 +1035,7 @@ output_relocs (
+ 					pflags = 0x80000000;
+ 					break;
+ 				case R_MICROBLAZE_32:
+-					sym_vma = bfd_section_vma(abs_bfd, sym_section);
++					sym_vma = elf2flt_bfd_section_vma(sym_section);
+ 					sym_addr += sym_vma + q->addend;
+ 					relocation_needed = 1;
+ 					break;
+@@ -1058,7 +1067,7 @@ output_relocs (
+ 				case R_NIOS2_BFD_RELOC_32:
+ 					relocation_needed = 1;
+ 					pflags = (FLAT_NIOS2_R_32 << 28);
+-					sym_vma = bfd_section_vma(abs_bfd, sym_section);
++					sym_vma = elf2flt_bfd_section_vma(sym_section);
+ 					sym_addr += sym_vma + q->addend;
+ 					/* modify target, in target order */
+ 					*(unsigned long *)r_mem = htoniosl(sym_addr);
+@@ -1068,7 +1077,7 @@ output_relocs (
+ 					unsigned long exist_val;
+ 					relocation_needed = 1;
+ 					pflags = (FLAT_NIOS2_R_CALL26 << 28);
+-					sym_vma = bfd_section_vma(abs_bfd, sym_section);
++					sym_vma = elf2flt_bfd_section_vma(sym_section);
+ 					sym_addr += sym_vma + q->addend;
+ 					
+ 					/* modify target, in target order */
+@@ -1099,7 +1108,7 @@ output_relocs (
+ 								? FLAT_NIOS2_R_HIADJ_LO : FLAT_NIOS2_R_HI_LO;
+ 							pflags <<= 28;
+ 						
+-							sym_vma = bfd_section_vma(abs_bfd, sym_section);
++							sym_vma = elf2flt_bfd_section_vma(sym_section);
+ 							sym_addr += sym_vma + q->addend;
+ 
+ 							/* modify high 16 bits, in target order */
+@@ -1132,7 +1141,7 @@ output_relocs (
+ 						goto NIOS2_RELOC_ERR;
+ 					}
+ 					/* _gp holds a absolute value, otherwise the ld cannot generate correct code */
+-					sym_vma = bfd_section_vma(abs_bfd, sym_section);
++					sym_vma = elf2flt_bfd_section_vma(sym_section);
+ 					//printf("sym=%x, %d, _gp=%x, %d\n", sym_addr+sym_vma, sym_addr+sym_vma, gp, gp);
+ 					sym_addr += sym_vma + q->addend;
+ 					sym_addr -= gp;
+@@ -1213,7 +1222,7 @@ NIOS2_RELOC_ERR:
+ 				case R_SPARC_32:
+ 				case R_SPARC_UA32:
+ 					relocation_needed = 1;
+-					sym_vma = bfd_section_vma(abs_bfd, sym_section);
++					sym_vma = elf2flt_bfd_section_vma(sym_section);
+ 					sym_addr += sym_vma + q->addend;
+ 					break;
+ 				case R_SPARC_PC22:
+@@ -1232,7 +1241,7 @@ NIOS2_RELOC_ERR:
+ 				case R_SPARC_HI22:
+ 					relocation_needed = 1;
+ 					pflags = 0x80000000;
+-					sym_vma = bfd_section_vma(abs_bfd, sym_section);
++					sym_vma = elf2flt_bfd_section_vma(sym_section);
+ 					sym_addr += sym_vma + q->addend;
+ 					sym_addr |= (
+ 						htonl(*(uint32_t *)r_mem)
+@@ -1242,7 +1251,7 @@ NIOS2_RELOC_ERR:
+ 				case R_SPARC_LO10:
+ 					relocation_needed = 1;
+ 					pflags = 0x40000000;
+-					sym_vma = bfd_section_vma(abs_bfd, sym_section);
++					sym_vma = elf2flt_bfd_section_vma(sym_section);
+ 					sym_addr += sym_vma + q->addend;
+ 					sym_addr &= 0x000003ff;
+ 					sym_addr |= (
+@@ -1256,7 +1265,7 @@ NIOS2_RELOC_ERR:
+ #ifdef TARGET_sh
+ 				case R_SH_DIR32:
+ 					relocation_needed = 1;
+-					sym_vma = bfd_section_vma(abs_bfd, sym_section);
++					sym_vma = elf2flt_bfd_section_vma(sym_section);
+ 					sym_addr += sym_vma + q->addend;
+ 					break;
+ 				case R_SH_REL32:
+@@ -1288,7 +1297,7 @@ NIOS2_RELOC_ERR:
+ 				case R_E1_CONST31:
+ 						relocation_needed = 1;
+ 						DBG_E1("Handling Reloc <CONST31>\n");
+-						sec_vma = bfd_section_vma(abs_bfd, sym_section);
++						sec_vma = elf2flt_bfd_section_vma(sym_section);
+ 						DBG_E1("sec_vma : [0x%x], sym_addr : [0x%x], q->address : [0x%x]\n",
+ 										sec_vma, sym_addr, q->address);
+ 						sym_addr = sec_vma + sym_addr;
+@@ -1303,7 +1312,7 @@ NIOS2_RELOC_ERR:
+ 						relocation_needed = 0;
+ 						DBG_E1("Handling Reloc <CONST31_PCREL>\n");
+ 						DBG_E1("DONT RELOCATE AT LOADING\n");
+-						sec_vma = bfd_section_vma(abs_bfd, sym_section);
++						sec_vma = elf2flt_bfd_section_vma(sym_section);
+ 						DBG_E1("sec_vma : [0x%x], sym_addr : [0x%x], q->address : [0x%x]\n",
+ 										sec_vma, sym_addr, q->address);
+ 						sym_addr =  sec_vma + sym_addr;
+@@ -1330,7 +1339,7 @@ NIOS2_RELOC_ERR:
+ 						relocation_needed = 0;
+ 						DBG_E1("Handling Reloc <DIS29W_PCREL>\n");
+ 						DBG_E1("DONT RELOCATE AT LOADING\n");
+-						sec_vma = bfd_section_vma(abs_bfd, sym_section);
++						sec_vma = elf2flt_bfd_section_vma(sym_section);
+ 						DBG_E1("sec_vma : [0x%x], sym_addr : [0x%x], q->address : [0x%x]\n",
+ 										sec_vma, sym_addr, q->address);
+ 						sym_addr =  sec_vma + sym_addr;
+@@ -1363,7 +1372,7 @@ NIOS2_RELOC_ERR:
+ 						DBG_E1("Handling Reloc <DIS29B>\n");
+ DIS29_RELOCATION:
+ 						relocation_needed = 1;
+-						sec_vma = bfd_section_vma(abs_bfd, sym_section);
++						sec_vma = elf2flt_bfd_section_vma(sym_section);
+ 						DBG_E1("sec_vma : [0x%x], sym_addr : [0x%08x]\n",
+ 										sec_vma, sym_addr);
+ 						sym_addr =  sec_vma + sym_addr;
+@@ -1380,7 +1389,7 @@ DIS29_RELOCATION:
+ 						relocation_needed = 0;
+ 						DBG_E1("Handling Reloc <IMM32_PCREL>\n");
+ 						DBG_E1("DONT RELOCATE AT LOADING\n");
+-						sec_vma = bfd_section_vma(abs_bfd, sym_section);
++						sec_vma = elf2flt_bfd_section_vma(sym_section);
+ 						DBG_E1("sec_vma : [0x%x], sym_addr : [0x%x]\n",
+ 										sec_vma, sym_addr);
+ 						sym_addr =  sec_vma + sym_addr;
+@@ -1406,7 +1415,7 @@ DIS29_RELOCATION:
+ 				case R_E1_IMM32:
+ 						relocation_needed = 1;
+ 						DBG_E1("Handling Reloc <IMM32>\n");
+-						sec_vma = bfd_section_vma(abs_bfd, sym_section);
++						sec_vma = elf2flt_bfd_section_vma(sym_section);
+ 						DBG_E1("sec_vma : [0x%x], sym_addr : [0x%x]\n",
+ 										sec_vma, sym_addr);
+ 						sym_addr =  sec_vma + sym_addr;
+@@ -1422,7 +1431,7 @@ DIS29_RELOCATION:
+ 				case R_E1_WORD:
+ 						relocation_needed = 1;
+ 						DBG_E1("Handling Reloc <WORD>\n");
+-						sec_vma = bfd_section_vma(abs_bfd, sym_section);
++						sec_vma = elf2flt_bfd_section_vma(sym_section);
+ 						DBG_E1("sec_vma : [0x%x], sym_addr : [0x%x]\n",
+ 										sec_vma, sym_addr);
+ 						sym_addr =  sec_vma + sym_addr;
+@@ -1449,7 +1458,7 @@ DIS29_RELOCATION:
+ 			}
+ 
+ 			sprintf(&addstr[0], "+0x%lx", sym_addr - (*(q->sym_ptr_ptr))->value -
+-					 bfd_section_vma(abs_bfd, sym_section));
++					 elf2flt_bfd_section_vma(sym_section));
+ 
+ 
+ 			/*
+@@ -1887,8 +1896,8 @@ int main(int argc, char *argv[])
+     } else
+       continue;
+ 
+-    sec_size = bfd_section_size(abs_bfd, s);
+-    sec_vma  = bfd_section_vma(abs_bfd, s);
++    sec_size = elf2flt_bfd_section_size(s);
++    sec_vma  = elf2flt_bfd_section_vma(s);
+ 
+     if (sec_vma < *vma) {
+       if (*len > 0)
+@@ -1913,7 +1922,7 @@ int main(int argc, char *argv[])
+     if (s->flags & SEC_CODE) 
+       if (!bfd_get_section_contents(abs_bfd, s,
+ 				   text + (s->vma - text_vma), 0,
+-				   bfd_section_size(abs_bfd, s)))
++				   elf2flt_bfd_section_size(s)))
+       {
+ 	fatal("read error section %s", s->name);
+       }
+@@ -1939,7 +1948,7 @@ int main(int argc, char *argv[])
+     if (s->flags & SEC_DATA) 
+       if (!bfd_get_section_contents(abs_bfd, s,
+ 				   data + (s->vma - data_vma), 0,
+-				   bfd_section_size(abs_bfd, s)))
++				   elf2flt_bfd_section_size(s)))
+       {
+ 	fatal("read error section %s", s->name);
+       }
+-- 
+2.25.4
+

package/elf2flt/elf2flt.mk

@@ -11,6 +11,9 @@ ELF2FLT_LICENSE_FILES = LICENSE.TXT
 
 HOST_ELF2FLT_DEPENDENCIES = host-binutils host-zlib
 
+# 0003-elf2flt-handle-binutils-2.34.patch
+HOST_ELF2FLT_AUTORECONF = YES
+
 # It is not exactly a host variant, but more a cross variant, which is
 # why we pass a special --target option.
 HOST_ELF2FLT_CONF_OPTS = \

package/fail2ban/fail2ban.mk

@@ -27,6 +27,13 @@ define FAIL2BAN_FIX_DEFAULT_CONFIG
 endef
 FAIL2BAN_POST_INSTALL_TARGET_HOOKS += FAIL2BAN_FIX_DEFAULT_CONFIG
 
+# fail2ban-python points to host python
+define FAIL2BAN_FIX_FAIL2BAN_PYTHON_SYMLINK
+	ln -snf $(if $(BR2_PACKAGE_PYTHON),python,python3) \
+		$(TARGET_DIR)/usr/bin/fail2ban-python
+endef
+FAIL2BAN_POST_INSTALL_TARGET_HOOKS += FAIL2BAN_FIX_FAIL2BAN_PYTHON_SYMLINK
+
 define FAIL2BAN_INSTALL_INIT_SYSV
 	$(INSTALL) -D -m 755 package/fail2ban/S60fail2ban \
 		$(TARGET_DIR)/etc/init.d/S60fail2ban

package/fastd/0002-receive-fix-buffer-leak-when-receiving-invalid-packets.patch

@@ -0,0 +1,45 @@
+From 737925113363b6130879729cdff9ccc46c33eaea Mon Sep 17 00:00:00 2001
+From: Matthias Schiffer <mschiffer@universe-factory.net>
+Date: Mon, 19 Oct 2020 21:08:16 +0200
+Subject: [PATCH] receive: fix buffer leak when receiving invalid packets
+
+For fastd versions before v20, this was just a memory leak (which could
+still be used for DoS, as it's remotely triggerable). With the new
+buffer management of fastd v20, this will trigger an assertion failure
+instead as soon as the buffer pool is empty.
+
+[Retrieved from:
+https://github.com/NeoRaider/fastd/commit/737925113363b6130879729cdff9ccc46c33eaea]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ src/receive.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/src/receive.c b/src/receive.c
+index 043c9f2..6bca9f4 100644
+--- a/src/receive.c
++++ b/src/receive.c
+@@ -169,6 +169,11 @@ static inline void handle_socket_receive_known(
+ 
+ 	case PACKET_HANDSHAKE:
+ 		fastd_handshake_handle(sock, local_addr, remote_addr, peer, buffer);
++		break;
++
++	default:
++		fastd_buffer_free(buffer);
++		pr_debug("received packet with invalid type from %P[%I]", peer, remote_addr);
+ 	}
+ }
+ 
+@@ -195,6 +200,11 @@ static inline void handle_socket_receive_unknown(
+ 
+ 	case PACKET_HANDSHAKE:
+ 		fastd_handshake_handle(sock, local_addr, remote_addr, NULL, buffer);
++		break;
++
++	default:
++		fastd_buffer_free(buffer);
++		pr_debug("received packet with invalid type from unknown address %I", remote_addr);
+ 	}
+ }
+ 

package/fastd/Config.in

@@ -6,7 +6,6 @@ config BR2_PACKAGE_FASTD
 	select BR2_PACKAGE_LIBUECC
 	select BR2_PACKAGE_LIBSODIUM
 	select BR2_PACKAGE_LIBSODIUM_FULL
-	select BR2_PACKAGE_LIBCAP
 	help
 	  Fast and Secure Tunneling Daemon
 

package/fastd/fastd.mk

@@ -10,7 +10,17 @@ FASTD_SOURCE = fastd-$(FASTD_VERSION).tar.xz
 FASTD_LICENSE = BSD-2-Clause
 FASTD_LICENSE_FILES = COPYRIGHT
 FASTD_CONF_OPTS = -DENABLE_LIBSODIUM=ON
-FASTD_DEPENDENCIES = host-bison host-pkgconf libuecc libsodium libcap
+FASTD_DEPENDENCIES = host-bison host-pkgconf libuecc libsodium
+
+# 0002-receive-fix-buffer-leak-when-receiving-invalid-packets.patch
+FASTD_IGNORE_CVES += CVE-2020-27638
+
+ifeq ($(BR2_PACKAGE_LIBCAP),y)
+FASTD_CONF_OPTS += -DWITH_CAPABILITIES=ON
+FASTD_DEPENDENCIES += libcap
+else
+FASTD_CONF_OPTS += -DWITH_CAPABILITIES=OFF
+endif
 
 ifeq ($(BR2_PACKAGE_OPENSSL),y)
 FASTD_CONF_OPTS += -DENABLE_OPENSSL=ON

package/fbset/fbset.hash

@@ -1,2 +1,3 @@
 # Locally calculated
-sha256	40ff4ab0247b75138a0887ed40f81c1a6184f340b77126c16d074b1075b41c20	fbset-2.1.tar.gz
+sha256  40ff4ab0247b75138a0887ed40f81c1a6184f340b77126c16d074b1075b41c20  fbset-2.1.tar.gz
+sha256  c3285709a0840899a789faefae1704e87f96f757e905a38a1931a9d4fde95ddd  fbset.c

package/fbset/fbset.mk

@@ -8,6 +8,7 @@ FBSET_VERSION = 2.1
 FBSET_SITE = http://users.telenet.be/geertu/Linux/fbdev
 FBSET_DEPENDENCIES = host-bison host-flex
 FBSET_LICENSE = GPL-2.0
+FBSET_LICENSE_FILES = fbset.c
 
 define FBSET_BUILD_CMDS
 	$(MAKE1) $(TARGET_CONFIGURE_OPTS) -C $(@D)

package/fbterm/fbterm.mk

@@ -10,12 +10,6 @@ FBTERM_LICENSE = GPL-2.0+
 FBTERM_LICENSE_FILES = COPYING
 FBTERM_DEPENDENCIES = fontconfig liberation
 
-ifeq ($(BR2_STATIC_LIBS)$(BR2_TOOLCHAIN_HAS_THREADS),yy)
-# fontconfig uses pthreads if available, but fbterm forgets to link
-# with it breaking static builds
-FBTERM_CONF_ENV += LIBS='-lpthread'
-endif
-
 ifeq ($(BR2_PACKAGE_GPM),y)
 FBTERM_DEPENDENCIES += gpm
 FBTERM_CONF_OPTS += --enable-gpm

package/fbtft/fbtft.hash

@@ -1,2 +1,3 @@
 # locally computed
 sha256  0e81de89fdd7ab810716fc0549e767527f342e829309dee5c2cca1e9d1728770  fbtft-274035404701245e7491c0c6471c5b72ade4d491.tar.gz
+sha256  a9ca80d65a5ef10fe614a6c1e8c8d4d3b96637e8855a96c7cf0fa438526097a7  fbtft-core.c

package/fbtft/fbtft.mk

@@ -7,5 +7,6 @@
 FBTFT_VERSION = 274035404701245e7491c0c6471c5b72ade4d491
 FBTFT_SITE = $(call github,notro,fbtft,$(FBTFT_VERSION))
 FBTFT_LICENSE = GPL-2.0
+FBTFT_LICENSE_FILES = fbtft-core.c
 
 $(eval $(generic-package))

package/ffmpeg/0002-configure-use-require_pkg_config-to-check-for-wavpac.patch

@@ -0,0 +1,31 @@
+From a507a9cd6525d5b3a1eea32e25a139b4023800a2 Mon Sep 17 00:00:00 2001
+From: Bernd Kuhls <bernd.kuhls@t-online.de>
+Date: Sun, 20 Sep 2020 13:48:00 +0200
+Subject: [PATCH] configure: use require_pkg_config to check for wavpack
+
+Fixes static builds with toolchains needing "-lm" for math functions.
+
+Patch sent upstream:
+http://ffmpeg.org/pipermail/ffmpeg-devel/2020-September/270127.html
+
+Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
+---
+ configure | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure b/configure
+index 5d68695192..4e6c6edd30 100755
+--- a/configure
++++ b/configure
+@@ -6438,7 +6438,7 @@ enabled libvpx            && {
+     fi
+ }
+ 
+-enabled libwavpack        && require libwavpack wavpack/wavpack.h WavpackOpenFileOutput  -lwavpack
++enabled libwavpack        && require_pkg_config libwavpack wavpack "wavpack/wavpack.h" WavpackOpenFileOutput
+ enabled libwebp           && {
+     enabled libwebp_encoder      && require_pkg_config libwebp "libwebp >= 0.2.0" webp/encode.h WebPGetEncoderVersion
+     enabled libwebp_anim_encoder && check_pkg_config libwebp_anim_encoder "libwebpmux >= 0.4.0" webp/mux.h WebPAnimEncoderOptionsInit; }
+-- 
+2.27.0
+

package/flare-engine/Config.in

@@ -2,6 +2,7 @@ config BR2_PACKAGE_FLARE_ENGINE
 	bool "flare-engine"
 	depends on BR2_INSTALL_LIBSTDCPP
 	depends on !BR2_STATIC_LIBS # SDL2
+	select BR2_PACKAGE_LIBPNG # SDL2_IMAGE needs libpng support
 	select BR2_PACKAGE_SDL2
 	select BR2_PACKAGE_SDL2_IMAGE
 	select BR2_PACKAGE_SDL2_MIXER

package/fontconfig/0002-add-pthread-as-a-dependency-of-a-static-lib.patch

@@ -0,0 +1,44 @@
+From 40ec04a8bf36dd8d0aa3da98b167792ce2dcd114 Mon Sep 17 00:00:00 2001
+From: Silvan Scherrer <silvan.scherrer@aroa.ch>
+Date: Sun, 20 Sep 2020 12:52:08 +0200
+Subject: [PATCH] add pthread as a dependency of a static lib
+
+Downloaded from https://trac.netlabs.org/ports/changeset/2220
+
+Patch sent upstream:
+https://gitlab.freedesktop.org/fontconfig/fontconfig/-/merge_requests/121
+
+Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
+---
+ configure.ac     | 2 ++
+ fontconfig.pc.in | 4 ++--
+ 2 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index f3189a7..594d6fd 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -690,6 +690,8 @@ fi
+ have_pthread=false
+ if test "$os_win32" = no; then
+ 	AX_PTHREAD([have_pthread=true])
++	AC_SUBST(PTHREAD_CFLAGS)
++	AC_SUBST(PTHREAD_LIBS)
+ fi
+ if $have_pthread; then
+ 	LIBS="$PTHREAD_LIBS $LIBS"
+diff --git a/fontconfig.pc.in b/fontconfig.pc.in
+index 61b35fb..f823bac 100644
+--- a/fontconfig.pc.in
++++ b/fontconfig.pc.in
+@@ -14,5 +14,5 @@ Version: @VERSION@
+ Requires: @PKGCONFIG_REQUIRES@
+ Requires.private: @PKGCONFIG_REQUIRES_PRIVATELY@
+ Libs: -L${libdir} -lfontconfig
+-Libs.private: @ICONV_LIBS@ @PKG_EXPAT_LIBS@
+-Cflags: -I${includedir} @ICONV_CFLAGS@ @PKG_EXPAT_CFLAGS@
++Libs.private: @ICONV_LIBS@ @PKG_EXPAT_LIBS@ @PTHREAD_LIBS@
++Cflags: -I${includedir} @ICONV_CFLAGS@ @PKG_EXPAT_CFLAGS@ @PTHREAD_CFLAGS@
+-- 
+2.27.0
+

package/fontconfig/fontconfig.mk

@@ -7,6 +7,8 @@
 FONTCONFIG_VERSION = 2.13.1
 FONTCONFIG_SITE = http://fontconfig.org/release
 FONTCONFIG_SOURCE = fontconfig-$(FONTCONFIG_VERSION).tar.bz2
+# 0002-add-pthread-as-a-dependency-of-a-static-lib.patch
+FONTCONFIG_AUTORECONF = YES
 FONTCONFIG_INSTALL_STAGING = YES
 FONTCONFIG_DEPENDENCIES = freetype expat host-pkgconf host-gperf util-linux
 HOST_FONTCONFIG_DEPENDENCIES = \

package/freescale-imx/imx-gpu-viv/imx-gpu-viv.mk

@@ -118,6 +118,7 @@ define IMX_GPU_VIV_INSTALL_TARGET_CMDS
 	$(IMX_GPU_VIV_INSTALL_EXAMPLES)
 	$(IMX_GPU_VIV_INSTALL_GMEM_INFO)
 	cp -a $(@D)/gpu-core/usr/lib $(TARGET_DIR)/usr
+	$(INSTALL) -D -m 0644 $(@D)/gpu-core/etc/Vivante.icd $(TARGET_DIR)/etc/OpenCL/vendors/Vivante.icd
 	for lib in EGL GAL GLESv2 VDK; do \
 		for f in $(TARGET_DIR)/usr/lib/lib$${lib}-*.so; do \
 			case $$f in \

package/freescale-imx/kernel-module-imx-gpu-viv/kernel-module-imx-gpu-viv.mk

@@ -16,7 +16,7 @@ KERNEL_MODULE_IMX_GPU_VIV_MODULE_MAKE_OPTS = \
 
 KERNEL_MODULE_IMX_GPU_VIV_MODULE_SUBDIRS = kernel-module-imx-gpu-viv-src
 
-define KERNEL_MODULE_IMX_GPU_VIV_MODULE_LINUX_CONFIG_FIXUPS
+define KERNEL_MODULE_IMX_GPU_VIV_LINUX_CONFIG_FIXUPS
 	$(call KCONFIG_DISABLE_OPT,CONFIG_MXC_GPU_VIV)
 endef
 

package/freetype/freetype.hash

@@ -1,9 +1,8 @@
-# From https://sourceforge.net/projects/freetype/files/freetype2/2.10.2/
-md5  7c0d5a39f232d7eb9f9d7da76bf08074  freetype-2.10.2.tar.xz
-sha1  b074d5c34dc0e3cc150be6e7aa6b07c9ec4ed875  freetype-2.10.2.tar.xz
+# From https://sourceforge.net/projects/freetype/files/freetype2/2.10.4/
+sha1  0181862673f7216ad2b5074f95fc131209e30b27  freetype-2.10.4.tar.xz
 
 # Locally calculated
-sha256  1543d61025d2e6312e0a1c563652555f17378a204a61e99928c9fcef030a2d8b  freetype-2.10.2.tar.xz
+sha256  86a854d8905b19698bbc8f23b860bc104246ce4854dcea8e3b0fb21284f75784  freetype-2.10.4.tar.xz
 sha256  fd056de4196903a676208ef58cfddafc7d583d1f28fa2e44c309cf84a59e62fb  docs/LICENSE.TXT
 sha256  08c135755dd589039470f1fdbb400daaabaaa50d0b366d19cebff4d22986baa1  docs/FTL.TXT
 sha256  c4120c6752c910c299e3bd9cb3a46ff262c268303ca2069b61f92f10a5656c18  docs/GPLv2.TXT

package/freetype/freetype.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-FREETYPE_VERSION = 2.10.2
+FREETYPE_VERSION = 2.10.4
 FREETYPE_SOURCE = freetype-$(FREETYPE_VERSION).tar.xz
 FREETYPE_SITE = http://download.savannah.gnu.org/releases/freetype
 FREETYPE_INSTALL_STAGING = YES
@@ -14,8 +14,17 @@ FREETYPE_LICENSE_FILES = docs/LICENSE.TXT docs/FTL.TXT docs/GPLv2.TXT
 FREETYPE_DEPENDENCIES = host-pkgconf
 FREETYPE_CONFIG_SCRIPTS = freetype-config
 
+# harfbuzz already depends on freetype so disable harfbuzz in freetype to avoid
+# a circular dependency
+FREETYPE_CONF_OPTS = --without-harfbuzz
+
 HOST_FREETYPE_DEPENDENCIES = host-pkgconf
-HOST_FREETYPE_CONF_OPTS = --without-zlib --without-bzip2 --without-png
+HOST_FREETYPE_CONF_OPTS = \
+	--without-brotli \
+	--without-bzip2 \
+	--without-harfbuzz \
+	--without-png \
+	--without-zlib
 
 # since 2.9.1 needed for freetype-config install
 FREETYPE_CONF_OPTS += --enable-freetype-config
@@ -28,6 +37,13 @@ else
 FREETYPE_CONF_OPTS += --without-zlib
 endif
 
+ifeq ($(BR2_PACKAGE_BROTLI),y)
+FREETYPE_DEPENDENCIES += brotli
+FREETYPE_CONF_OPTS += --with-brotli
+else
+FREETYPE_CONF_OPTS += --without-brotli
+endif
+
 ifeq ($(BR2_PACKAGE_BZIP2),y)
 FREETYPE_DEPENDENCIES += bzip2
 FREETYPE_CONF_OPTS += --with-bzip2
@@ -37,9 +53,7 @@ endif
 
 ifeq ($(BR2_PACKAGE_LIBPNG),y)
 FREETYPE_DEPENDENCIES += libpng
-FREETYPE_CONF_OPTS += LIBPNG_CFLAGS="`$(STAGING_DIR)/usr/bin/libpng-config --cflags`" \
-	LIBPNG_LDFLAGS="`$(STAGING_DIR)/usr/bin/libpng-config --ldflags`"
-FREETYPE_LIBPNG_LIBS = "`$(STAGING_DIR)/usr/bin/libpng-config --libs`"
+FREETYPE_CONF_OPTS += --with-png
 else
 FREETYPE_CONF_OPTS += --without-png
 endif
@@ -52,14 +66,5 @@ define FREETYPE_FIX_CONFIG_FILE
 endef
 FREETYPE_POST_INSTALL_STAGING_HOOKS += FREETYPE_FIX_CONFIG_FILE
 
-# libpng isn't included in freetype-config & freetype2.pc :-/
-define FREETYPE_FIX_CONFIG_FILE_LIBS
-	$(SED) "s,^Libs.private:,& $(FREETYPE_LIBPNG_LIBS)," \
-		$(STAGING_DIR)/usr/lib/pkgconfig/freetype2.pc
-	$(SED) "s,-lfreetype,& $(FREETYPE_LIBPNG_LIBS)," \
-		$(STAGING_DIR)/usr/bin/freetype-config
-endef
-FREETYPE_POST_INSTALL_STAGING_HOOKS += FREETYPE_FIX_CONFIG_FILE_LIBS
-
 $(eval $(autotools-package))
 $(eval $(host-autotools-package))