Update for 2017.02.11

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
wireshark: bump version to 2.2.14 (security)
2018-04-11 21:08:40 +02:00 · 2018-04-11 17:42:38 +02:00 · 2018-04-11 17:41:59 +02:00 · 2018-04-11 17:41:19 +02:00 · 2018-04-11 17:41:09 +02:00 · 2018-04-11 17:40:52 +02:00
206 changed files with 2838 additions and 1883 deletions
--- a/65
+++ b/65
@@ -1,3 +1,68 @@
+2017.02.11, Released April 11th, 2018
+
+	Important / security related fixes.
+
+	dependencies: Blacklist tar 1.30+ and build our own host-tar
+	if needed as tar 1.30+ changed the --numeric-owner output for
+	long path names. Build host-tar before other host-dependencies
+	as they need it to extract their source tarballs.
+
+	Updated/fixed packages: apache, busybox, clamav, dhcp,
+	dnsmasq, dovecot, exim, imagemagick, irssi, jq, libcurl,
+	libpjsip, librsvg, libtasn1, libvorbis, libxml2, lz4, mariadb,
+	mbedtls, mosquitto, ntp, openblas, opencv3, openssl, patch,
+	postgresql, python-webpy, qt53d, qt5tools, quagga, rsync,
+	samba4, sngrep, tremor, wavpack, wireshark, xerces, xterm
+
+	Issues resolved (http://bugs.uclibc.org):
+
+	#10856: openblas on qemu_x86_64_defconfig fails with "sgemm_..
+
+2017.02.10, Released January 31st, 2018
+
+	Important / security related fixes.
+
+	nconfig: Fix for ncurses/ncursesw linking issue causing crashes.
+
+	System: Only show getty options when busybox init or sysvinit
+	are used.
+
+	Infrastructure: Fix build issue for autotools based packages
+	checking for C++ support on toolchains without C++ support and
+	on a distro lacking /lib/cpp (E.G. Arch Linux).
+
+	Updated/fixed packages: avahi, berkeleydb, bind, busybox,
+	ccache, clamav, coreutils, dovecot, eeprog, eudev, fis,
+	intel-microcode, iputils, irssi, kmsxx, liberation, libiio,
+	lz4, mariadb, matchbox-lib, mcookie, openocd, php, pound,
+	rpcbind, squid, tar, ti-cgt-pru, transmission, util-linux,
+	webkitgtk, wireshark, xen
+
+	Issues resolved (http://bugs.buildroot.org):
+
+	#9996: lz4 package does not install lz4 binaries in target
+	#10176: Rsyslog's S01logging is deleted by Busybox.mk from...
+	#10216: package/x11r7/mcookie/mcookie.c:207: bad size ?
+	#10301: systemd/getty unused options
+	#10331: kmsxx, host installation fails with BR2_SHARED_...
+	#10536: Finding non-relative paths in the ccache
+	#10641: avahi-autoipd not starting when using systemd-tmpfiles
+
+2017.02.9, Released January 1st, 2018
+
+	Important / security related fixes.
+
+	Fix divide by zero issue in size-stats script.
+
+	Fix makefile include ordering issue with certain make versions
+	in the external toolchain handling.
+
+	Updated/fixed packages: dhcp, exim, flann, gdb, heimdal,
+	libcue, libcurl, libevent, libpqxx, libsoxr, linphone, lldpd,
+	mariadb, mfgtools, mtools, nodejs, nut, openssl, rsync,
+	samba4, tor, vlc, webkitgtk, wireshark, xfsprogs,
+	xlib_libXcursor, xlib_libXfont, xlib_libXfont2
+
 2017.02.8, Released November 27th, 2017

 	Important / security related fixes.
--- a/1
+++ b/1
@@ -1624,6 +1624,7 @@ F:	package/libinput/
 F:	package/libiscsi/
 F:	package/libseccomp/
 F:	package/linux-tools/
+F:	package/matchbox*
 F:	package/mesa3d-headers/
 F:	package/mke2img/
 F:	package/nut/
--- a/12
+++ b/12
@@ -2,7 +2,7 @@
 #
 # Copyright (C) 1999-2005 by Erik Andersen <andersen@codepoet.org>
 # Copyright (C) 2006-2014 by the Buildroot developers <buildroot@uclibc.org>
-# Copyright (C) 2014-2017 by the Buildroot developers <buildroot@buildroot.org>
+# Copyright (C) 2014-2018 by the Buildroot developers <buildroot@buildroot.org>
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -86,9 +86,9 @@ else # umask / $(CURDIR) / $(O)
 all:

 # Set and export the version string
-export BR2_VERSION := 2017.02.8
+export BR2_VERSION := 2017.02.11
 # Actual time the release is cut (for reproducible builds)
-BR2_VERSION_EPOCH = 1511823000
+BR2_VERSION_EPOCH = 1523473000

 # Save running make version since it's clobbered by the make package
 RUNNING_MAKE_VERSION := $(MAKE_VERSION)
@@ -483,8 +483,8 @@ include support/dependencies/dependencies.mk

 PACKAGES += $(DEPENDENCIES_HOST_PREREQ)

-include toolchain/*.mk
-include toolchain/*/*.mk
+include $(sort $(wildcard toolchain/*.mk))
+include $(sort $(wildcard toolchain/*/*.mk))

 # Include the package override file if one has been provided in the
 # configuration.
@@ -1071,7 +1071,7 @@ print-version:
 	@echo $(BR2_VERSION_FULL)

 include docs/manual/manual.mk
-include $(foreach dir,$(BR2_EXTERNAL_DIRS),$(dir)/docs/*/*.mk)
+-include $(foreach dir,$(BR2_EXTERNAL_DIRS),$(sort $(wildcard $(dir)/docs/*/*.mk)))

 .PHONY: $(noconfig_targets)

--- a/docs/manual/manual.txt
+++ b/docs/manual/manual.txt
@@ -12,7 +12,7 @@ It is licensed under the GNU General Public License, version 2. Refer to the
 http://git.buildroot.org/buildroot/tree/COPYING[COPYING] file in the Buildroot
 sources for the full text of this license.

-Copyright (C) 2004-2017 The Buildroot developers
+Copyright (C) 2004-2018 The Buildroot developers

 image::logo.png[]

--- a/docs/website/copyright.txt
+++ b/docs/website/copyright.txt
@@ -1,6 +1,6 @@

 The code and graphics on this website (and it's mirror sites, if any) are
-Copyright (c) 1999-2005 by Erik Andersen, 2006-2014 The Buildroot
+Copyright (c) 1999-2005 by Erik Andersen, 2006-2018 The Buildroot
 developers. All rights reserved.

 Documents on this Web site including their graphical elements, design, and
--- a/linux/Config.in
+++ b/linux/Config.in
@@ -267,7 +267,7 @@ endchoice
 choice
 	prompt "Kernel compression format"
 	help
-	  This selection will just ensure that the correct host tools are build.
+	  This selection will just ensure that the correct host tools are built.
 	  The actual compression for the kernel should be selected in the
 	  kernel configuration menu.

--- a/package/Makefile.in
+++ b/package/Makefile.in
@@ -388,7 +388,7 @@ DISABLE_NLS :=--disable-nls
 endif

 ifneq ($(BR2_INSTALL_LIBSTDCPP),y)
-TARGET_CONFIGURE_OPTS += CXX=false
+TARGET_CONFIGURE_OPTS += CXX=false CXXCPP=cpp
 endif

 ifeq ($(BR2_STATIC_LIBS),y)
--- a/package/apache/0003-CVS-2017-9798.patch
+++ b/package/apache/0003-CVS-2017-9798.patch
@@ -1,30 +0,0 @@
-core: Disallow Methods' registration at run time (.htaccess), they may
-be used only if registered at init time (httpd.conf).
-
-Calling ap_method_register() in children processes is not the right scope
-since it won't be shared for all requests.
-
-git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1807655 13f79535-47bb-0310-9956-ffa450edef68
-
-Fixes CVE-2017-9798: https://nvd.nist.gov/vuln/detail/CVE-2017-9798
-
-Downloaded from upstream repo:
-https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch
-
-Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
-
--- a/server/core.c	2017/08/16 16:50:29	1805223
-+++ b/server/core.c	2017/09/08 13:13:11	1807754
-@@ -2266,6 +2266,12 @@
-             /* method has not been registered yet, but resource restriction
-              * is always checked before method handling, so register it.
-              */
-+            if (cmd->pool == cmd->temp_pool) {
-+                /* In .htaccess, we can't globally register new methods. */
-+                return apr_psprintf(cmd->pool, "Could not register method '%s' "
-+                                   "for %s from .htaccess configuration",
-+                                    method, cmd->cmd->name);
-+            }
-             methnum = ap_method_register(cmd->pool,
-                                          apr_pstrdup(cmd->pool, method));
-         }
--- a/package/apache/apache.hash
+++ b/package/apache/apache.hash
@@ -1,2 +1,3 @@
-# From http://www.apache.org/dist/httpd/httpd-2.4.27.tar.bz2.sha256
-sha256 71fcc128238a690515bd8174d5330a5309161ef314a326ae45c7c15ed139c13a httpd-2.4.27.tar.bz2
+# From http://archive.apache.org/dist/httpd/httpd-2.4.33.tar.bz2.sha256
+sha256 de02511859b00d17845b9abdd1f975d5ccb5d0b280c567da5bf2ad4b70846f05 httpd-2.4.33.tar.bz2
+sha256 c49c0819a726b70142621715dae3159c47b0349c2bc9db079070f28dadac0229 LICENSE
--- a/package/apache/apache.mk
+++ b/package/apache/apache.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################

-APACHE_VERSION = 2.4.27
+APACHE_VERSION = 2.4.33
 APACHE_SOURCE = httpd-$(APACHE_VERSION).tar.bz2
 APACHE_SITE = http://archive.apache.org/dist/httpd
 APACHE_LICENSE = Apache-2.0
--- a/package/avahi/avahi_tmpfiles.conf
+++ b/package/avahi/avahi_tmpfiles.conf
@@ -1 +1 @@
-d /tmp/avahi-autopid 0755 avahi avahi
+d /tmp/avahi-autoipd 0755 avahi avahi
--- a/package/berkeleydb/0001-cwd-db_config.patch
+++ b/package/berkeleydb/0001-cwd-db_config.patch
@@ -0,0 +1,21 @@
+Do not access DB_CONFIG when db_home is not set
+
+Fixes CVE-2017-10140:
+https://bugzilla.redhat.com/show_bug.cgi?id=1464032#c9
+
+Downloaded from
+http://pkgs.fedoraproject.org/cgit/rpms/libdb.git/commit/?id=8047fa8580659fcae740c25e91b490539b8453eb
+
+Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
+
+--- db-5.3.28/src/env/env_open.c.old	2017-06-26 10:32:11.011419981 +0200
+++ db-5.3.28/src/env/env_open.c	2017-06-26 10:32:46.893721233 +0200
+@@ -473,7 +473,7 @@
+ 	env->db_mode = mode == 0 ? DB_MODE_660 : mode;
+ 
+ 	/* Read the DB_CONFIG file. */
+-	if ((ret = __env_read_db_config(env)) != 0)
+	if (env->db_home != NULL && (ret = __env_read_db_config(env)) != 0)
+ 		return (ret);
+ 
+ 	/*
--- a/package/berkeleydb/berkeleydb.hash
+++ b/package/berkeleydb/berkeleydb.hash
@@ -1,2 +1,3 @@
 # Locally calculated
 sha256	76a25560d9e52a198d37a31440fd07632b5f1f8f9f2b6d5438f4bc3e7c9013ef  db-5.3.28.NC.tar.gz
+sha256	b78815181a53241f9347c6b47d1031fd669946f863e1edc807a291354cec024b  LICENSE
--- a/package/bind/bind.hash
+++ b/package/bind/bind.hash
@@ -1,3 +1,3 @@
-# Verified from http://ftp.isc.org/isc/bind9/9.11.2/bind-9.11.2.tar.gz.sha256.asc
-sha256 7f46ad8620f7c3b0ac375d7a5211b15677708fda84ce25d7aeb7222fe2e3c77a bind-9.11.2.tar.gz
+# Verified from http://ftp.isc.org/isc/bind9/9.11.2-P1/bind-9.11.2-P1.tar.gz.sha256.asc
+sha256 cec31548832fca3f85d95178d4019b7d702039e8595d4c93914feba337df1212 bind-9.11.2-P1.tar.gz
 sha256 d3906dfe153e2c48440d3ca1d5319f5e89b4b820cdfc5d0779c23d7ac2b175e9 COPYRIGHT
--- a/package/bind/bind.mk
+++ b/package/bind/bind.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################

-BIND_VERSION = 9.11.2
+BIND_VERSION = 9.11.2-P1
 BIND_SITE = http://ftp.isc.org/isc/bind9/$(BIND_VERSION)
 # bind does not support parallel builds.
 BIND_MAKE = $(MAKE1)
--- a/package/busybox/0003-wget-fix-for-brain-damaged-HTTP-servers.-Closes-9471.patch
+++ b/package/busybox/0003-wget-fix-for-brain-damaged-HTTP-servers.-Closes-9471.patch
@@ -1,87 +0,0 @@
-From dac762a702d01c8c2d42135795cc9bf23ff324a2 Mon Sep 17 00:00:00 2001
-From: Denys Vlasenko <vda.linux@googlemail.com>
-Date: Wed, 11 Jan 2017 20:16:45 +0100
-Subject: [PATCH] wget: fix for brain-damaged HTTP servers. Closes 9471
-
-write(3, "GET / HTTP/1.1\r\nUser-Agent: Wget\r\nConnection: close\r\n\r\n", 74) = 74
-shutdown(3, SHUT_WR)    = 0
-alarm(900)              = 900
-read(3, "", 1024)       = 0
-write(2, "wget: error getting response\n", 29) = 29
-exit(1)
-
-The peer simply does not return anything. It closes its connection.
-
-Probably it detects wget closing its writing end: shutdown(3, SHUT_WR).
-
-The point it, closing write side of the socket is _valid_ for HTTP.
-wget sent the full request, it won't be sending anything more:
-it will only receive the response, and that's it.
-
-Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
- networking/wget.c | 26 ++++++++++++++++++--------
- 1 file changed, 18 insertions(+), 8 deletions(-)
-
-diff --git a/networking/wget.c b/networking/wget.c
-index b082a0f59..afb09f587 100644
--- a/networking/wget.c
-+++ b/networking/wget.c
-@@ -141,6 +141,8 @@
- #endif
- 
- 
-+#define SSL_SUPPORTED (ENABLE_FEATURE_WGET_OPENSSL || ENABLE_FEATURE_WGET_SSL_HELPER)
-+
- struct host_info {
- 	char *allocated;
- 	const char *path;
-@@ -151,7 +153,7 @@ struct host_info {
- };
- static const char P_FTP[] ALIGN1 = "ftp";
- static const char P_HTTP[] ALIGN1 = "http";
-#if ENABLE_FEATURE_WGET_OPENSSL || ENABLE_FEATURE_WGET_SSL_HELPER
-+#if SSL_SUPPORTED
- static const char P_HTTPS[] ALIGN1 = "https";
- #endif
- 
-@@ -452,7 +454,7 @@ static void parse_url(const char *src_url, struct host_info *h)
- 		if (strcmp(url, P_FTP) == 0) {
- 			h->port = bb_lookup_port(P_FTP, "tcp", 21);
- 		} else
-#if ENABLE_FEATURE_WGET_OPENSSL || ENABLE_FEATURE_WGET_SSL_HELPER
-+#if SSL_SUPPORTED
- 		if (strcmp(url, P_HTTPS) == 0) {
- 			h->port = bb_lookup_port(P_HTTPS, "tcp", 443);
- 			h->protocol = P_HTTPS;
-@@ -1093,12 +1095,20 @@ static void download_one_url(const char *url)
- 		}
- 
- 		fflush(sfp);
-		/* If we use SSL helper, keeping our end of the socket open for writing
-		 * makes our end (i.e. the same fd!) readable (EAGAIN instead of EOF)
-		 * even after child closes its copy of the fd.
-		 * This helps:
-		 */
-		shutdown(fileno(sfp), SHUT_WR);
-+
-+/* Tried doing this unconditionally.
-+ * Cloudflare and nginx/1.11.5 are shocked to see SHUT_WR on non-HTTPS.
-+ */
-+#if SSL_SUPPORTED
-+		if (target.protocol == P_HTTPS) {
-+			/* If we use SSL helper, keeping our end of the socket open for writing
-+			 * makes our end (i.e. the same fd!) readable (EAGAIN instead of EOF)
-+			 * even after child closes its copy of the fd.
-+			 * This helps:
-+			 */
-+			shutdown(fileno(sfp), SHUT_WR);
-+		}
-+#endif
- 
- 		/*
- 		 * Retrieve HTTP response line and check for "200" status code.
-- 
-2.11.0
-
--- a/package/busybox/0004-unzip-properly-use-CDF-to-find-compressed-files.-Clo.patch
+++ b/package/busybox/0004-unzip-properly-use-CDF-to-find-compressed-files.-Clo.patch
@@ -1,494 +0,0 @@
-From fa654812e79d2422b41cfff6443e2abcb7737517 Mon Sep 17 00:00:00 2001
-From: Denys Vlasenko <vda.linux@googlemail.com>
-Date: Thu, 5 Jan 2017 11:43:53 +0100
-Subject: [PATCH] unzip: properly use CDF to find compressed files. Closes 9536
-
-function                                             old     new   delta
-unzip_main                                          2437    2350     -87
-
-Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
- archival/unzip.c      | 285 +++++++++++++++++++++++++++++---------------------
- testsuite/unzip.tests |   6 +-
- 2 files changed, 168 insertions(+), 123 deletions(-)
-
-diff --git a/archival/unzip.c b/archival/unzip.c
-index c540485ac..edef22f75 100644
--- a/archival/unzip.c
-+++ b/archival/unzip.c
-@@ -16,7 +16,6 @@
-  * TODO
-  * Zip64 + other methods
-  */
-
- //config:config UNZIP
- //config:	bool "unzip"
- //config:	default y
-@@ -24,8 +23,17 @@
- //config:	  unzip will list or extract files from a ZIP archive,
- //config:	  commonly found on DOS/WIN systems. The default behavior
- //config:	  (with no options) is to extract the archive into the
-//config:	  current directory. Use the `-d' option to extract to a
-//config:	  directory of your choice.
-+//config:	  current directory.
-+//config:
-+//config:config FEATURE_UNZIP_CDF
-+//config:	bool "Read and use Central Directory data"
-+//config:	default y
-+//config:	depends on UNZIP
-+//config:	help
-+//config:	  If you know that you only need to deal with simple
-+//config:	  ZIP files without deleted/updated files, SFX archves etc,
-+//config:	  you can reduce code size by unselecting this option.
-+//config:	  To support less trivial ZIPs, say Y.
- 
- //applet:IF_UNZIP(APPLET(unzip, BB_DIR_USR_BIN, BB_SUID_DROP))
- //kbuild:lib-$(CONFIG_UNZIP) += unzip.o
-@@ -80,30 +88,20 @@ typedef union {
- 		uint32_t ucmpsize PACKED;       /* 18-21 */
- 		uint16_t filename_len;          /* 22-23 */
- 		uint16_t extra_len;             /* 24-25 */
-+		/* filename follows (not NUL terminated) */
-+		/* extra field follows */
-+		/* data follows */
- 	} formatted PACKED;
- } zip_header_t; /* PACKED - gcc 4.2.1 doesn't like it (spews warning) */
- 
-/* Check the offset of the last element, not the length.  This leniency
- * allows for poor packing, whereby the overall struct may be too long,
- * even though the elements are all in the right place.
- */
-struct BUG_zip_header_must_be_26_bytes {
-	char BUG_zip_header_must_be_26_bytes[
-		offsetof(zip_header_t, formatted.extra_len) + 2
-			== ZIP_HEADER_LEN ? 1 : -1];
-};
-
-#define FIX_ENDIANNESS_ZIP(zip_header) do { \
-	(zip_header).formatted.version      = SWAP_LE16((zip_header).formatted.version     ); \
-	(zip_header).formatted.method       = SWAP_LE16((zip_header).formatted.method      ); \
-	(zip_header).formatted.modtime      = SWAP_LE16((zip_header).formatted.modtime     ); \
-	(zip_header).formatted.moddate      = SWAP_LE16((zip_header).formatted.moddate     ); \
-+#define FIX_ENDIANNESS_ZIP(zip_header) \
-+do { if (BB_BIG_ENDIAN) { \
- 	(zip_header).formatted.crc32        = SWAP_LE32((zip_header).formatted.crc32       ); \
- 	(zip_header).formatted.cmpsize      = SWAP_LE32((zip_header).formatted.cmpsize     ); \
- 	(zip_header).formatted.ucmpsize     = SWAP_LE32((zip_header).formatted.ucmpsize    ); \
- 	(zip_header).formatted.filename_len = SWAP_LE16((zip_header).formatted.filename_len); \
- 	(zip_header).formatted.extra_len    = SWAP_LE16((zip_header).formatted.extra_len   ); \
-} while (0)
-+}} while (0)
- 
- #define CDF_HEADER_LEN 42
- 
-@@ -115,8 +113,8 @@ typedef union {
- 		uint16_t version_needed;        /* 2-3 */
- 		uint16_t cdf_flags;             /* 4-5 */
- 		uint16_t method;                /* 6-7 */
-		uint16_t mtime;                 /* 8-9 */
-		uint16_t mdate;                 /* 10-11 */
-+		uint16_t modtime;               /* 8-9 */
-+		uint16_t moddate;               /* 10-11 */
- 		uint32_t crc32;                 /* 12-15 */
- 		uint32_t cmpsize;               /* 16-19 */
- 		uint32_t ucmpsize;              /* 20-23 */
-@@ -127,27 +125,27 @@ typedef union {
- 		uint16_t internal_file_attributes; /* 32-33 */
- 		uint32_t external_file_attributes PACKED; /* 34-37 */
- 		uint32_t relative_offset_of_local_header PACKED; /* 38-41 */
-+		/* filename follows (not NUL terminated) */
-+		/* extra field follows */
-+		/* comment follows */
- 	} formatted PACKED;
- } cdf_header_t;
- 
-struct BUG_cdf_header_must_be_42_bytes {
-	char BUG_cdf_header_must_be_42_bytes[
-		offsetof(cdf_header_t, formatted.relative_offset_of_local_header) + 4
-			== CDF_HEADER_LEN ? 1 : -1];
-};
-
-#define FIX_ENDIANNESS_CDF(cdf_header) do { \
-+#define FIX_ENDIANNESS_CDF(cdf_header) \
-+do { if (BB_BIG_ENDIAN) { \
-+	(cdf_header).formatted.version_made_by = SWAP_LE16((cdf_header).formatted.version_made_by); \
-+	(cdf_header).formatted.version_needed = SWAP_LE16((cdf_header).formatted.version_needed); \
-+	(cdf_header).formatted.method       = SWAP_LE16((cdf_header).formatted.method      ); \
-+	(cdf_header).formatted.modtime      = SWAP_LE16((cdf_header).formatted.modtime     ); \
-+	(cdf_header).formatted.moddate      = SWAP_LE16((cdf_header).formatted.moddate     ); \
- 	(cdf_header).formatted.crc32        = SWAP_LE32((cdf_header).formatted.crc32       ); \
- 	(cdf_header).formatted.cmpsize      = SWAP_LE32((cdf_header).formatted.cmpsize     ); \
- 	(cdf_header).formatted.ucmpsize     = SWAP_LE32((cdf_header).formatted.ucmpsize    ); \
- 	(cdf_header).formatted.file_name_length = SWAP_LE16((cdf_header).formatted.file_name_length); \
- 	(cdf_header).formatted.extra_field_length = SWAP_LE16((cdf_header).formatted.extra_field_length); \
- 	(cdf_header).formatted.file_comment_length = SWAP_LE16((cdf_header).formatted.file_comment_length); \
-	IF_DESKTOP( \
-	(cdf_header).formatted.version_made_by = SWAP_LE16((cdf_header).formatted.version_made_by); \
- 	(cdf_header).formatted.external_file_attributes = SWAP_LE32((cdf_header).formatted.external_file_attributes); \
-	) \
-} while (0)
-+}} while (0)
- 
- #define CDE_HEADER_LEN 16
- 
-@@ -166,20 +164,38 @@ typedef union {
- 	} formatted PACKED;
- } cde_header_t;
- 
-struct BUG_cde_header_must_be_16_bytes {
-+#define FIX_ENDIANNESS_CDE(cde_header) \
-+do { if (BB_BIG_ENDIAN) { \
-+	(cde_header).formatted.cdf_offset = SWAP_LE32((cde_header).formatted.cdf_offset); \
-+}} while (0)
-+
-+struct BUG {
-+	/* Check the offset of the last element, not the length.  This leniency
-+	 * allows for poor packing, whereby the overall struct may be too long,
-+	 * even though the elements are all in the right place.
-+	 */
-+	char BUG_zip_header_must_be_26_bytes[
-+		offsetof(zip_header_t, formatted.extra_len) + 2
-+			== ZIP_HEADER_LEN ? 1 : -1];
-+	char BUG_cdf_header_must_be_42_bytes[
-+		offsetof(cdf_header_t, formatted.relative_offset_of_local_header) + 4
-+			== CDF_HEADER_LEN ? 1 : -1];
- 	char BUG_cde_header_must_be_16_bytes[
- 		sizeof(cde_header_t) == CDE_HEADER_LEN ? 1 : -1];
- };
- 
-#define FIX_ENDIANNESS_CDE(cde_header) do { \
-	(cde_header).formatted.cdf_offset = SWAP_LE32((cde_header).formatted.cdf_offset); \
-} while (0)
- 
- enum { zip_fd = 3 };
- 
- 
-#if ENABLE_DESKTOP
-+/* This value means that we failed to find CDF */
-+#define BAD_CDF_OFFSET ((uint32_t)0xffffffff)
-+
-+#if !ENABLE_FEATURE_UNZIP_CDF
- 
-+# define find_cdf_offset() BAD_CDF_OFFSET
-+
-+#else
- /* Seen in the wild:
-  * Self-extracting PRO2K3XP_32.exe contains 19078464 byte zip archive,
-  * where CDE was nearly 48 kbytes before EOF.
-@@ -188,25 +204,26 @@ enum { zip_fd = 3 };
-  * To make extraction work, bumped PEEK_FROM_END from 16k to 64k.
-  */
- #define PEEK_FROM_END (64*1024)
-
-/* This value means that we failed to find CDF */
-#define BAD_CDF_OFFSET ((uint32_t)0xffffffff)
-
- /* NB: does not preserve file position! */
- static uint32_t find_cdf_offset(void)
- {
- 	cde_header_t cde_header;
-+	unsigned char *buf;
- 	unsigned char *p;
- 	off_t end;
-	unsigned char *buf = xzalloc(PEEK_FROM_END);
- 	uint32_t found;
- 
-	end = xlseek(zip_fd, 0, SEEK_END);
-+	end = lseek(zip_fd, 0, SEEK_END);
-+	if (end == (off_t) -1)
-+		return BAD_CDF_OFFSET;
-+
- 	end -= PEEK_FROM_END;
- 	if (end < 0)
- 		end = 0;
-+
- 	dbg("Looking for cdf_offset starting from 0x%"OFF_FMT"x", end);
-  	xlseek(zip_fd, end, SEEK_SET);
-+	buf = xzalloc(PEEK_FROM_END);
- 	full_read(zip_fd, buf, PEEK_FROM_END);
- 
- 	found = BAD_CDF_OFFSET;
-@@ -252,30 +269,36 @@ static uint32_t find_cdf_offset(void)
- static uint32_t read_next_cdf(uint32_t cdf_offset, cdf_header_t *cdf_ptr)
- {
- 	off_t org;
-+	uint32_t magic;
- 
-	org = xlseek(zip_fd, 0, SEEK_CUR);
-+	if (cdf_offset == BAD_CDF_OFFSET)
-+		return cdf_offset;
- 
-	if (!cdf_offset)
-		cdf_offset = find_cdf_offset();
-
-	if (cdf_offset != BAD_CDF_OFFSET) {
-		dbg("Reading CDF at 0x%x", (unsigned)cdf_offset);
-		xlseek(zip_fd, cdf_offset + 4, SEEK_SET);
-		xread(zip_fd, cdf_ptr->raw, CDF_HEADER_LEN);
-		FIX_ENDIANNESS_CDF(*cdf_ptr);
-		dbg("  file_name_length:%u extra_field_length:%u file_comment_length:%u",
-			(unsigned)cdf_ptr->formatted.file_name_length,
-			(unsigned)cdf_ptr->formatted.extra_field_length,
-			(unsigned)cdf_ptr->formatted.file_comment_length
-		);
-		cdf_offset += 4 + CDF_HEADER_LEN
-			+ cdf_ptr->formatted.file_name_length
-			+ cdf_ptr->formatted.extra_field_length
-			+ cdf_ptr->formatted.file_comment_length;
-+	org = xlseek(zip_fd, 0, SEEK_CUR);
-+	dbg("Reading CDF at 0x%x", (unsigned)cdf_offset);
-+	xlseek(zip_fd, cdf_offset, SEEK_SET);
-+	xread(zip_fd, &magic, 4);
-+	/* Central Directory End? */
-+	if (magic == ZIP_CDE_MAGIC) {
-+		dbg("got ZIP_CDE_MAGIC");
-+		return 0; /* EOF */
- 	}
-+	xread(zip_fd, cdf_ptr->raw, CDF_HEADER_LEN);
-+	/* Caller doesn't need this: */
-+	/* dbg("Returning file position to 0x%"OFF_FMT"x", org); */
-+	/* xlseek(zip_fd, org, SEEK_SET); */
-+
-+	FIX_ENDIANNESS_CDF(*cdf_ptr);
-+	dbg("  file_name_length:%u extra_field_length:%u file_comment_length:%u",
-+		(unsigned)cdf_ptr->formatted.file_name_length,
-+		(unsigned)cdf_ptr->formatted.extra_field_length,
-+		(unsigned)cdf_ptr->formatted.file_comment_length
-+	);
-+	cdf_offset += 4 + CDF_HEADER_LEN
-+		+ cdf_ptr->formatted.file_name_length
-+		+ cdf_ptr->formatted.extra_field_length
-+		+ cdf_ptr->formatted.file_comment_length;
- 
-	dbg("Returning file position to 0x%"OFF_FMT"x", org);
-	xlseek(zip_fd, org, SEEK_SET);
- 	return cdf_offset;
- };
- #endif
-@@ -324,6 +347,7 @@ static void unzip_extract(zip_header_t *zip_header, int dst_fd)
- 			bb_error_msg("bad length");
- 		}
- 	}
-+	/* TODO? method 12: bzip2, method 14: LZMA */
- }
- 
- static void my_fgets80(char *buf80)
-@@ -339,15 +363,12 @@ int unzip_main(int argc, char **argv)
- {
- 	enum { O_PROMPT, O_NEVER, O_ALWAYS };
- 
-	zip_header_t zip_header;
- 	smallint quiet = 0;
-	IF_NOT_DESKTOP(const) smallint verbose = 0;
-+	IF_NOT_FEATURE_UNZIP_CDF(const) smallint verbose = 0;
- 	smallint listing = 0;
- 	smallint overwrite = O_PROMPT;
- 	smallint x_opt_seen;
-#if ENABLE_DESKTOP
- 	uint32_t cdf_offset;
-#endif
- 	unsigned long total_usize;
- 	unsigned long total_size;
- 	unsigned total_entries;
-@@ -430,7 +451,7 @@ int unzip_main(int argc, char **argv)
- 			break;
- 
- 		case 'v': /* Verbose list */
-			IF_DESKTOP(verbose++;)
-+			IF_FEATURE_UNZIP_CDF(verbose++;)
- 			listing = 1;
- 			break;
- 
-@@ -545,78 +566,102 @@ int unzip_main(int argc, char **argv)
- 	total_usize = 0;
- 	total_size = 0;
- 	total_entries = 0;
-#if ENABLE_DESKTOP
-	cdf_offset = 0;
-#endif
-+	cdf_offset = find_cdf_offset();	/* try to seek to the end, find CDE and CDF start */
- 	while (1) {
-		uint32_t magic;
-+		zip_header_t zip_header;
- 		mode_t dir_mode = 0777;
-#if ENABLE_DESKTOP
-+#if ENABLE_FEATURE_UNZIP_CDF
- 		mode_t file_mode = 0666;
- #endif
- 
-		/* Check magic number */
-		xread(zip_fd, &magic, 4);
-		/* Central directory? It's at the end, so exit */
-		if (magic == ZIP_CDF_MAGIC) {
-			dbg("got ZIP_CDF_MAGIC");
-			break;
-		}
-#if ENABLE_DESKTOP
-		/* Data descriptor? It was a streaming file, go on */
-		if (magic == ZIP_DD_MAGIC) {
-			dbg("got ZIP_DD_MAGIC");
-			/* skip over duplicate crc32, cmpsize and ucmpsize */
-			unzip_skip(3 * 4);
-			continue;
-		}
-#endif
-		if (magic != ZIP_FILEHEADER_MAGIC)
-			bb_error_msg_and_die("invalid zip magic %08X", (int)magic);
-		dbg("got ZIP_FILEHEADER_MAGIC");
-
-		/* Read the file header */
-		xread(zip_fd, zip_header.raw, ZIP_HEADER_LEN);
-		FIX_ENDIANNESS_ZIP(zip_header);
-		if ((zip_header.formatted.method != 0) && (zip_header.formatted.method != 8)) {
-			bb_error_msg_and_die("unsupported method %d", zip_header.formatted.method);
-		}
-#if !ENABLE_DESKTOP
-		if (zip_header.formatted.zip_flags & SWAP_LE16(0x0009)) {
-			bb_error_msg_and_die("zip flags 1 and 8 are not supported");
-		}
-#else
-		if (zip_header.formatted.zip_flags & SWAP_LE16(0x0001)) {
-			/* 0x0001 - encrypted */
-			bb_error_msg_and_die("zip flag 1 (encryption) is not supported");
-		}
-+		if (!ENABLE_FEATURE_UNZIP_CDF || cdf_offset == BAD_CDF_OFFSET) {
-+			/* Normally happens when input is unseekable.
-+			 *
-+			 * Valid ZIP file has Central Directory at the end
-+			 * with central directory file headers (CDFs).
-+			 * After it, there is a Central Directory End structure.
-+			 * CDFs identify what files are in the ZIP and where
-+			 * they are located. This allows ZIP readers to load
-+			 * the list of files without reading the entire ZIP archive.
-+			 * ZIP files may be appended to, only files specified in
-+			 * the CD are valid. Scanning for local file headers is
-+			 * not a correct algorithm.
-+			 *
-+			 * We try to do the above, and resort to "linear" reading
-+			 * of ZIP file only if seek failed or CDE wasn't found.
-+			 */
-+			uint32_t magic;
- 
-		if (cdf_offset != BAD_CDF_OFFSET) {
-+			/* Check magic number */
-+			xread(zip_fd, &magic, 4);
-+			/* Central directory? It's at the end, so exit */
-+			if (magic == ZIP_CDF_MAGIC) {
-+				dbg("got ZIP_CDF_MAGIC");
-+				break;
-+			}
-+			/* Data descriptor? It was a streaming file, go on */
-+			if (magic == ZIP_DD_MAGIC) {
-+				dbg("got ZIP_DD_MAGIC");
-+				/* skip over duplicate crc32, cmpsize and ucmpsize */
-+				unzip_skip(3 * 4);
-+				continue;
-+			}
-+			if (magic != ZIP_FILEHEADER_MAGIC)
-+				bb_error_msg_and_die("invalid zip magic %08X", (int)magic);
-+			dbg("got ZIP_FILEHEADER_MAGIC");
-+
-+			xread(zip_fd, zip_header.raw, ZIP_HEADER_LEN);
-+			FIX_ENDIANNESS_ZIP(zip_header);
-+			if ((zip_header.formatted.method != 0)
-+			 && (zip_header.formatted.method != 8)
-+			) {
-+				/* TODO? method 12: bzip2, method 14: LZMA */
-+				bb_error_msg_and_die("unsupported method %d", zip_header.formatted.method);
-+			}
-+			if (zip_header.formatted.zip_flags & SWAP_LE16(0x0009)) {
-+				bb_error_msg_and_die("zip flags 1 and 8 are not supported");
-+			}
-+		}
-+#if ENABLE_FEATURE_UNZIP_CDF
-+		else {
-+			/* cdf_offset is valid (and we know the file is seekable) */
- 			cdf_header_t cdf_header;
- 			cdf_offset = read_next_cdf(cdf_offset, &cdf_header);
-			/*
-			 * Note: cdf_offset can become BAD_CDF_OFFSET after the above call.
-			 */
-+			if (cdf_offset == 0) /* EOF? */
-+				break;
-+# if 0
-+			xlseek(zip_fd,
-+				SWAP_LE32(cdf_header.formatted.relative_offset_of_local_header) + 4,
-+				SEEK_SET);
-+			xread(zip_fd, zip_header.raw, ZIP_HEADER_LEN);
-+			FIX_ENDIANNESS_ZIP(zip_header);
- 			if (zip_header.formatted.zip_flags & SWAP_LE16(0x0008)) {
- 				/* 0x0008 - streaming. [u]cmpsize can be reliably gotten
-				 * only from Central Directory. See unzip_doc.txt
-+				 * only from Central Directory.
- 				 */
- 				zip_header.formatted.crc32    = cdf_header.formatted.crc32;
- 				zip_header.formatted.cmpsize  = cdf_header.formatted.cmpsize;
- 				zip_header.formatted.ucmpsize = cdf_header.formatted.ucmpsize;
- 			}
-+# else
-+			/* CDF has the same data as local header, no need to read the latter */
-+			memcpy(&zip_header.formatted.version,
-+				&cdf_header.formatted.version_needed, ZIP_HEADER_LEN);
-+			xlseek(zip_fd,
-+				SWAP_LE32(cdf_header.formatted.relative_offset_of_local_header) + 4 + ZIP_HEADER_LEN,
-+				SEEK_SET);
-+# endif
- 			if ((cdf_header.formatted.version_made_by >> 8) == 3) {
- 				/* This archive is created on Unix */
- 				dir_mode = file_mode = (cdf_header.formatted.external_file_attributes >> 16);
- 			}
- 		}
-		if (cdf_offset == BAD_CDF_OFFSET
-		 && (zip_header.formatted.zip_flags & SWAP_LE16(0x0008))
-		) {
-			/* If it's a streaming zip, we _require_ CDF */
-			bb_error_msg_and_die("can't find file table");
-		}
- #endif
-+
-+		if (zip_header.formatted.zip_flags & SWAP_LE16(0x0001)) {
-+			/* 0x0001 - encrypted */
-+			bb_error_msg_and_die("zip flag 1 (encryption) is not supported");
-+		}
- 		dbg("File cmpsize:0x%x extra_len:0x%x ucmpsize:0x%x",
- 			(unsigned)zip_header.formatted.cmpsize,
- 			(unsigned)zip_header.formatted.extra_len,
-@@ -751,7 +796,7 @@ int unzip_main(int argc, char **argv)
- 			overwrite = O_ALWAYS;
- 		case 'y': /* Open file and fall into unzip */
- 			unzip_create_leading_dirs(dst_fn);
-#if ENABLE_DESKTOP
-+#if ENABLE_FEATURE_UNZIP_CDF
- 			dst_fd = xopen3(dst_fn, O_WRONLY | O_CREAT | O_TRUNC, file_mode);
- #else
- 			dst_fd = xopen(dst_fn, O_WRONLY | O_CREAT | O_TRUNC);
-diff --git a/testsuite/unzip.tests b/testsuite/unzip.tests
-index d8738a3bd..d9c45242c 100755
--- a/testsuite/unzip.tests
-+++ b/testsuite/unzip.tests
-@@ -31,11 +31,10 @@ rmdir foo
- rm foo.zip
- 
- # File containing some damaged encrypted stream
-+optional FEATURE_UNZIP_CDF
- testing "unzip (bad archive)" "uudecode; unzip bad.zip 2>&1; echo \$?" \
- "Archive:  bad.zip
-  inflating: ]3j½r«IK-%Ix
-unzip: corrupted data
-unzip: inflate error
-+unzip: short read
- 1
- " \
- "" "\
-@@ -49,6 +48,7 @@ BDYAAAAMAAEADQAAADIADQAAAEEAAAASw73Ct1DKokohPXQiNzA+FAI1HCcW
- NzITNFBLBQUKAC4JAA04Cw0EOhZQSwUGAQAABAIAAgCZAAAAeQAAAAIALhM=
- ====
- "
-+SKIP=
- 
- rm *
- 
-- 
-2.11.0
-
--- a/package/busybox/0005-httpd-fix-handling-of-range-requests.patch
+++ b/package/busybox/0005-httpd-fix-handling-of-range-requests.patch
@@ -1,4 +1,4 @@
-From 4316dff48aacb29307e1b52cb761fef603759b9d Mon Sep 17 00:00:00 2001
+From 2b400d9b2b7309d6e479102fc3ce646e893058a5 Mon Sep 17 00:00:00 2001
 From: Denys Vlasenko <vda.linux@googlemail.com>
 Date: Mon, 18 Sep 2017 13:09:11 +0200
 Subject: [PATCH] httpd: fix handling of range requests
@@ -10,7 +10,7 @@ Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 1 file changed, 1 insertion(+), 1 deletion(-)

 diff --git a/networking/httpd.c b/networking/httpd.c
-index d301d598d..84d819723 100644
+index e072f23c7..5e32fc936 100644
 --- a/networking/httpd.c
 +++ b/networking/httpd.c
@@ -2337,7 +2337,7 @@ static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr)
--- a/package/busybox/0005-typo-fix-in-config-help-text.patch
+++ b/package/busybox/0005-typo-fix-in-config-help-text.patch
@@ -1,27 +0,0 @@
-From f8692dc6a0035788a83821fa18b987d8748f97a7 Mon Sep 17 00:00:00 2001
-From: Denys Vlasenko <vda.linux@googlemail.com>
-Date: Thu, 5 Jan 2017 11:47:28 +0100
-Subject: [PATCH] typo fix in config help text
-
-Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
- archival/unzip.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/archival/unzip.c b/archival/unzip.c
-index edef22f75..f1726439d 100644
--- a/archival/unzip.c
-+++ b/archival/unzip.c
-@@ -31,7 +31,7 @@
- //config:	depends on UNZIP
- //config:	help
- //config:	  If you know that you only need to deal with simple
-//config:	  ZIP files without deleted/updated files, SFX archves etc,
-+//config:	  ZIP files without deleted/updated files, SFX archives etc,
- //config:	  you can reduce code size by unselecting this option.
- //config:	  To support less trivial ZIPs, say Y.
- 
-- 
-2.11.0
-
--- a/package/busybox/0006-bunzip2-fix-runCnt-overflow-from-bug-10431.patch
+++ b/package/busybox/0006-bunzip2-fix-runCnt-overflow-from-bug-10431.patch
@@ -0,0 +1,101 @@
+From 0402cb32df015d9372578e3db27db47b33d5c7b0 Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Sun, 22 Oct 2017 18:23:23 +0200
+Subject: [PATCH] bunzip2: fix runCnt overflow from bug 10431
+
+This particular corrupted file can be dealth with by using "unsigned".
+If there will be cases where it genuinely overflows, there is a disabled
+code to deal with that too.
+
+function                                             old     new   delta
+get_next_block                                      1678    1667     -11
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Patch status: upstream commit 0402cb32df0
+
+ archival/libarchive/decompress_bunzip2.c | 30 +++++++++++++++++++-----------
+ 1 file changed, 19 insertions(+), 11 deletions(-)
+
+diff --git a/archival/libarchive/decompress_bunzip2.c b/archival/libarchive/decompress_bunzip2.c
+index 7cd18f5ed4cf..bec89edd3a4d 100644
+--- a/archival/libarchive/decompress_bunzip2.c
+++ b/archival/libarchive/decompress_bunzip2.c
+@@ -156,15 +156,15 @@ static unsigned get_bits(bunzip_data *bd, int bits_wanted)
+ static int get_next_block(bunzip_data *bd)
+ {
+ 	struct group_data *hufGroup;
+-	int dbufCount, dbufSize, groupCount, *base, *limit, selector,
+-		i, j, runPos, symCount, symTotal, nSelectors, byteCount[256];
+-	int runCnt = runCnt; /* for compiler */
+	int groupCount, *base, *limit, selector,
+		i, j, symCount, symTotal, nSelectors, byteCount[256];
+ 	uint8_t uc, symToByte[256], mtfSymbol[256], *selectors;
+ 	uint32_t *dbuf;
+ 	unsigned origPtr, t;
+	unsigned dbufCount, runPos;
+	unsigned runCnt = runCnt; /* for compiler */
+ 
+ 	dbuf = bd->dbuf;
+-	dbufSize = bd->dbufSize;
+ 	selectors = bd->selectors;
+ 
+ /* In bbox, we are ok with aborting through setjmp which is set up in start_bunzip */
+@@ -187,7 +187,7 @@ static int get_next_block(bunzip_data *bd)
+ 	   it didn't actually work. */
+ 	if (get_bits(bd, 1)) return RETVAL_OBSOLETE_INPUT;
+ 	origPtr = get_bits(bd, 24);
+-	if ((int)origPtr > dbufSize) return RETVAL_DATA_ERROR;
+	if (origPtr > bd->dbufSize) return RETVAL_DATA_ERROR;
+ 
+ 	/* mapping table: if some byte values are never used (encoding things
+ 	   like ascii text), the compression code removes the gaps to have fewer
+@@ -435,7 +435,14 @@ static int get_next_block(bunzip_data *bd)
+ 			   symbols, but a run of length 0 doesn't mean anything in this
+ 			   context).  Thus space is saved. */
+ 			runCnt += (runPos << nextSym); /* +runPos if RUNA; +2*runPos if RUNB */
+-			if (runPos < dbufSize) runPos <<= 1;
+//The 32-bit overflow of runCnt wasn't yet seen, but probably can happen.
+//This would be the fix (catches too large count way before it can overflow):
+//			if (runCnt > bd->dbufSize) {
+//				dbg("runCnt:%u > dbufSize:%u RETVAL_DATA_ERROR",
+//						runCnt, bd->dbufSize);
+//				return RETVAL_DATA_ERROR;
+//			}
+			if (runPos < bd->dbufSize) runPos <<= 1;
+ 			goto end_of_huffman_loop;
+ 		}
+ 
+@@ -445,14 +452,15 @@ static int get_next_block(bunzip_data *bd)
+ 		   literal used is the one at the head of the mtfSymbol array.) */
+ 		if (runPos != 0) {
+ 			uint8_t tmp_byte;
+-			if (dbufCount + runCnt > dbufSize) {
+-				dbg("dbufCount:%d+runCnt:%d %d > dbufSize:%d RETVAL_DATA_ERROR",
+-						dbufCount, runCnt, dbufCount + runCnt, dbufSize);
+			if (dbufCount + runCnt > bd->dbufSize) {
+				dbg("dbufCount:%u+runCnt:%u %u > dbufSize:%u RETVAL_DATA_ERROR",
+						dbufCount, runCnt, dbufCount + runCnt, bd->dbufSize);
+ 				return RETVAL_DATA_ERROR;
+ 			}
+ 			tmp_byte = symToByte[mtfSymbol[0]];
+ 			byteCount[tmp_byte] += runCnt;
+-			while (--runCnt >= 0) dbuf[dbufCount++] = (uint32_t)tmp_byte;
+			while ((int)--runCnt >= 0)
+				dbuf[dbufCount++] = (uint32_t)tmp_byte;
+ 			runPos = 0;
+ 		}
+ 
+@@ -466,7 +474,7 @@ static int get_next_block(bunzip_data *bd)
+ 		   first symbol in the mtf array, position 0, would have been handled
+ 		   as part of a run above.  Therefore 1 unused mtf position minus
+ 		   2 non-literal nextSym values equals -1.) */
+-		if (dbufCount >= dbufSize) return RETVAL_DATA_ERROR;
+		if (dbufCount >= bd->dbufSize) return RETVAL_DATA_ERROR;
+ 		i = nextSym - 1;
+ 		uc = mtfSymbol[i];
+ 
+-- 
+2.15.1
+
--- a/package/busybox/0006-unzip-remove-now-pointless-lseek-which-returns-curre.patch
+++ b/package/busybox/0006-unzip-remove-now-pointless-lseek-which-returns-curre.patch
@@ -1,50 +0,0 @@
-From 50504d3a3badb8ab80bd33797abcbb3b7427c267 Mon Sep 17 00:00:00 2001
-From: Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn@axis.com>
-Date: Thu, 5 Jan 2017 19:07:54 +0100
-Subject: [PATCH] unzip: remove now-pointless lseek which returns current
- position
-
-archival/unzip.c: In function 'read_next_cdf':
-archival/unzip.c:271:8: warning: variable 'org' set but
-                                 not used [-Wunused-but-set-variable]
-  off_t org;
-        ^~~
-
-Signed-off-by: Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn@axis.com>
-Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
- archival/unzip.c | 5 -----
- 1 file changed, 5 deletions(-)
-
-diff --git a/archival/unzip.c b/archival/unzip.c
-index f1726439d..98a71c09d 100644
--- a/archival/unzip.c
-+++ b/archival/unzip.c
-@@ -268,13 +268,11 @@ static uint32_t find_cdf_offset(void)
- 
- static uint32_t read_next_cdf(uint32_t cdf_offset, cdf_header_t *cdf_ptr)
- {
-	off_t org;
- 	uint32_t magic;
- 
- 	if (cdf_offset == BAD_CDF_OFFSET)
- 		return cdf_offset;
- 
-	org = xlseek(zip_fd, 0, SEEK_CUR);
- 	dbg("Reading CDF at 0x%x", (unsigned)cdf_offset);
- 	xlseek(zip_fd, cdf_offset, SEEK_SET);
- 	xread(zip_fd, &magic, 4);
-@@ -284,9 +282,6 @@ static uint32_t read_next_cdf(uint32_t cdf_offset, cdf_header_t *cdf_ptr)
- 		return 0; /* EOF */
- 	}
- 	xread(zip_fd, cdf_ptr->raw, CDF_HEADER_LEN);
-	/* Caller doesn't need this: */
-	/* dbg("Returning file position to 0x%"OFF_FMT"x", org); */
-	/* xlseek(zip_fd, org, SEEK_SET); */
- 
- 	FIX_ENDIANNESS_CDF(*cdf_ptr);
- 	dbg("  file_name_length:%u extra_field_length:%u file_comment_length:%u",
-- 
-2.11.0
-
--- a/package/busybox/0007-unlzma-fix-SEGV-closes-10436.patch
+++ b/package/busybox/0007-unlzma-fix-SEGV-closes-10436.patch
@@ -0,0 +1,34 @@
+From 9ac42c500586fa5f10a1f6d22c3f797df11b1f6b Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Fri, 27 Oct 2017 15:37:03 +0200
+Subject: [PATCH] unlzma: fix SEGV, closes 10436
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Patch status: upstream commit 9ac42c500586f
+
+ archival/libarchive/decompress_unlzma.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/archival/libarchive/decompress_unlzma.c b/archival/libarchive/decompress_unlzma.c
+index a9040877efa0..be4342414435 100644
+--- a/archival/libarchive/decompress_unlzma.c
+++ b/archival/libarchive/decompress_unlzma.c
+@@ -450,8 +450,12 @@ unpack_lzma_stream(transformer_state_t *xstate)
+  IF_NOT_FEATURE_LZMA_FAST(string:)
+ 			do {
+ 				uint32_t pos = buffer_pos - rep0;
+-				if ((int32_t)pos < 0)
+				if ((int32_t)pos < 0) {
+ 					pos += header.dict_size;
+					/* bug 10436 has an example file where this triggers: */
+					if ((int32_t)pos < 0)
+						goto bad;
+				}
+ 				previous_byte = buffer[pos];
+  IF_NOT_FEATURE_LZMA_FAST(one_byte2:)
+ 				buffer[buffer_pos++] = previous_byte;
+-- 
+2.15.1
+
--- a/package/busybox/0007-unzip-do-not-use-CDF.extra_len-read-local-file-heade.patch
+++ b/package/busybox/0007-unzip-do-not-use-CDF.extra_len-read-local-file-heade.patch
@@ -1,509 +0,0 @@
-From ee72302ac5e3b0b2217f616ab316d3c89e5a1f4c Mon Sep 17 00:00:00 2001
-From: Denys Vlasenko <vda.linux@googlemail.com>
-Date: Sun, 8 Jan 2017 14:14:19 +0100
-Subject: [PATCH] unzip: do not use CDF.extra_len, read local file header.
- Closes 9536
-
-While at it, shorten many field and variable names.
-
-function                                             old     new   delta
-unzip_main                                          2334    2376     +42
-
-Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
- archival/unzip.c      | 236 ++++++++++++++++++++++++++------------------------
- testsuite/unzip.tests |   4 +-
- 2 files changed, 125 insertions(+), 115 deletions(-)
-
-diff --git a/archival/unzip.c b/archival/unzip.c
-index 98a71c09d..921493591 100644
--- a/archival/unzip.c
-+++ b/archival/unzip.c
-@@ -62,8 +62,8 @@
- enum {
- #if BB_BIG_ENDIAN
- 	ZIP_FILEHEADER_MAGIC = 0x504b0304,
-	ZIP_CDF_MAGIC        = 0x504b0102, /* central directory's file header */
-	ZIP_CDE_MAGIC        = 0x504b0506, /* "end of central directory" record */
-+	ZIP_CDF_MAGIC        = 0x504b0102, /* CDF item */
-+	ZIP_CDE_MAGIC        = 0x504b0506, /* End of CDF */
- 	ZIP_DD_MAGIC         = 0x504b0708,
- #else
- 	ZIP_FILEHEADER_MAGIC = 0x04034b50,
-@@ -91,16 +91,16 @@ typedef union {
- 		/* filename follows (not NUL terminated) */
- 		/* extra field follows */
- 		/* data follows */
-	} formatted PACKED;
-+	} fmt PACKED;
- } zip_header_t; /* PACKED - gcc 4.2.1 doesn't like it (spews warning) */
- 
-#define FIX_ENDIANNESS_ZIP(zip_header) \
-+#define FIX_ENDIANNESS_ZIP(zip) \
- do { if (BB_BIG_ENDIAN) { \
-	(zip_header).formatted.crc32        = SWAP_LE32((zip_header).formatted.crc32       ); \
-	(zip_header).formatted.cmpsize      = SWAP_LE32((zip_header).formatted.cmpsize     ); \
-	(zip_header).formatted.ucmpsize     = SWAP_LE32((zip_header).formatted.ucmpsize    ); \
-	(zip_header).formatted.filename_len = SWAP_LE16((zip_header).formatted.filename_len); \
-	(zip_header).formatted.extra_len    = SWAP_LE16((zip_header).formatted.extra_len   ); \
-+	(zip).fmt.crc32         = SWAP_LE32((zip).fmt.crc32       ); \
-+	(zip).fmt.cmpsize       = SWAP_LE32((zip).fmt.cmpsize     ); \
-+	(zip).fmt.ucmpsize      = SWAP_LE32((zip).fmt.ucmpsize    ); \
-+	(zip).fmt.filename_len  = SWAP_LE16((zip).fmt.filename_len); \
-+	(zip).fmt.extra_len     = SWAP_LE16((zip).fmt.extra_len   ); \
- }} while (0)
- 
- #define CDF_HEADER_LEN 42
-@@ -118,39 +118,39 @@ typedef union {
- 		uint32_t crc32;                 /* 12-15 */
- 		uint32_t cmpsize;               /* 16-19 */
- 		uint32_t ucmpsize;              /* 20-23 */
-		uint16_t file_name_length;      /* 24-25 */
-		uint16_t extra_field_length;    /* 26-27 */
-+		uint16_t filename_len;          /* 24-25 */
-+		uint16_t extra_len;             /* 26-27 */
- 		uint16_t file_comment_length;   /* 28-29 */
- 		uint16_t disk_number_start;     /* 30-31 */
-		uint16_t internal_file_attributes; /* 32-33 */
-		uint32_t external_file_attributes PACKED; /* 34-37 */
-+		uint16_t internal_attributes;   /* 32-33 */
-+		uint32_t external_attributes PACKED; /* 34-37 */
- 		uint32_t relative_offset_of_local_header PACKED; /* 38-41 */
- 		/* filename follows (not NUL terminated) */
- 		/* extra field follows */
-		/* comment follows */
-	} formatted PACKED;
-+		/* file comment follows */
-+	} fmt PACKED;
- } cdf_header_t;
- 
-#define FIX_ENDIANNESS_CDF(cdf_header) \
-+#define FIX_ENDIANNESS_CDF(cdf) \
- do { if (BB_BIG_ENDIAN) { \
-	(cdf_header).formatted.version_made_by = SWAP_LE16((cdf_header).formatted.version_made_by); \
-	(cdf_header).formatted.version_needed = SWAP_LE16((cdf_header).formatted.version_needed); \
-	(cdf_header).formatted.method       = SWAP_LE16((cdf_header).formatted.method      ); \
-	(cdf_header).formatted.modtime      = SWAP_LE16((cdf_header).formatted.modtime     ); \
-	(cdf_header).formatted.moddate      = SWAP_LE16((cdf_header).formatted.moddate     ); \
-	(cdf_header).formatted.crc32        = SWAP_LE32((cdf_header).formatted.crc32       ); \
-	(cdf_header).formatted.cmpsize      = SWAP_LE32((cdf_header).formatted.cmpsize     ); \
-	(cdf_header).formatted.ucmpsize     = SWAP_LE32((cdf_header).formatted.ucmpsize    ); \
-	(cdf_header).formatted.file_name_length = SWAP_LE16((cdf_header).formatted.file_name_length); \
-	(cdf_header).formatted.extra_field_length = SWAP_LE16((cdf_header).formatted.extra_field_length); \
-	(cdf_header).formatted.file_comment_length = SWAP_LE16((cdf_header).formatted.file_comment_length); \
-	(cdf_header).formatted.external_file_attributes = SWAP_LE32((cdf_header).formatted.external_file_attributes); \
-+	(cdf).fmt.version_made_by = SWAP_LE16((cdf).fmt.version_made_by); \
-+	(cdf).fmt.version_needed = SWAP_LE16((cdf).fmt.version_needed); \
-+	(cdf).fmt.method        = SWAP_LE16((cdf).fmt.method      ); \
-+	(cdf).fmt.modtime       = SWAP_LE16((cdf).fmt.modtime     ); \
-+	(cdf).fmt.moddate       = SWAP_LE16((cdf).fmt.moddate     ); \
-+	(cdf).fmt.crc32         = SWAP_LE32((cdf).fmt.crc32       ); \
-+	(cdf).fmt.cmpsize       = SWAP_LE32((cdf).fmt.cmpsize     ); \
-+	(cdf).fmt.ucmpsize      = SWAP_LE32((cdf).fmt.ucmpsize    ); \
-+	(cdf).fmt.filename_len  = SWAP_LE16((cdf).fmt.filename_len); \
-+	(cdf).fmt.extra_len     = SWAP_LE16((cdf).fmt.extra_len   ); \
-+	(cdf).fmt.file_comment_length = SWAP_LE16((cdf).fmt.file_comment_length); \
-+	(cdf).fmt.external_attributes = SWAP_LE32((cdf).fmt.external_attributes); \
- }} while (0)
- 
-#define CDE_HEADER_LEN 16
-+#define CDE_LEN 16
- 
- typedef union {
-	uint8_t raw[CDE_HEADER_LEN];
-+	uint8_t raw[CDE_LEN];
- 	struct {
- 		/* uint32_t signature; 50 4b 05 06 */
- 		uint16_t this_disk_no;
-@@ -159,14 +159,14 @@ typedef union {
- 		uint16_t cdf_entries_total;
- 		uint32_t cdf_size;
- 		uint32_t cdf_offset;
-		/* uint16_t file_comment_length; */
-		/* .ZIP file comment (variable size) */
-	} formatted PACKED;
-} cde_header_t;
-+		/* uint16_t archive_comment_length; */
-+		/* archive comment follows */
-+	} fmt PACKED;
-+} cde_t;
- 
-#define FIX_ENDIANNESS_CDE(cde_header) \
-+#define FIX_ENDIANNESS_CDE(cde) \
- do { if (BB_BIG_ENDIAN) { \
-	(cde_header).formatted.cdf_offset = SWAP_LE32((cde_header).formatted.cdf_offset); \
-+	(cde).fmt.cdf_offset = SWAP_LE32((cde).fmt.cdf_offset); \
- }} while (0)
- 
- struct BUG {
-@@ -175,13 +175,13 @@ struct BUG {
- 	 * even though the elements are all in the right place.
- 	 */
- 	char BUG_zip_header_must_be_26_bytes[
-		offsetof(zip_header_t, formatted.extra_len) + 2
-+		offsetof(zip_header_t, fmt.extra_len) + 2
- 			== ZIP_HEADER_LEN ? 1 : -1];
- 	char BUG_cdf_header_must_be_42_bytes[
-		offsetof(cdf_header_t, formatted.relative_offset_of_local_header) + 4
-+		offsetof(cdf_header_t, fmt.relative_offset_of_local_header) + 4
- 			== CDF_HEADER_LEN ? 1 : -1];
-	char BUG_cde_header_must_be_16_bytes[
-		sizeof(cde_header_t) == CDE_HEADER_LEN ? 1 : -1];
-+	char BUG_cde_must_be_16_bytes[
-+		sizeof(cde_t) == CDE_LEN ? 1 : -1];
- };
- 
- 
-@@ -207,7 +207,7 @@ enum { zip_fd = 3 };
- /* NB: does not preserve file position! */
- static uint32_t find_cdf_offset(void)
- {
-	cde_header_t cde_header;
-+	cde_t cde;
- 	unsigned char *buf;
- 	unsigned char *p;
- 	off_t end;
-@@ -228,7 +228,7 @@ static uint32_t find_cdf_offset(void)
- 
- 	found = BAD_CDF_OFFSET;
- 	p = buf;
-	while (p <= buf + PEEK_FROM_END - CDE_HEADER_LEN - 4) {
-+	while (p <= buf + PEEK_FROM_END - CDE_LEN - 4) {
- 		if (*p != 'P') {
- 			p++;
- 			continue;
-@@ -240,19 +240,19 @@ static uint32_t find_cdf_offset(void)
- 		if (*++p != 6)
- 			continue;
- 		/* we found CDE! */
-		memcpy(cde_header.raw, p + 1, CDE_HEADER_LEN);
-		FIX_ENDIANNESS_CDE(cde_header);
-+		memcpy(cde.raw, p + 1, CDE_LEN);
-+		FIX_ENDIANNESS_CDE(cde);
- 		/*
- 		 * I've seen .ZIP files with seemingly valid CDEs
- 		 * where cdf_offset points past EOF - ??
- 		 * This check ignores such CDEs:
- 		 */
-		if (cde_header.formatted.cdf_offset < end + (p - buf)) {
-			found = cde_header.formatted.cdf_offset;
-+		if (cde.fmt.cdf_offset < end + (p - buf)) {
-+			found = cde.fmt.cdf_offset;
- 			dbg("Possible cdf_offset:0x%x at 0x%"OFF_FMT"x",
- 				(unsigned)found, end + (p-3 - buf));
- 			dbg("  cdf_offset+cdf_size:0x%x",
-				(unsigned)(found + SWAP_LE32(cde_header.formatted.cdf_size)));
-+				(unsigned)(found + SWAP_LE32(cde.fmt.cdf_size)));
- 			/*
- 			 * We do not "break" here because only the last CDE is valid.
- 			 * I've seen a .zip archive which contained a .zip file,
-@@ -266,7 +266,7 @@ static uint32_t find_cdf_offset(void)
- 	return found;
- };
- 
-static uint32_t read_next_cdf(uint32_t cdf_offset, cdf_header_t *cdf_ptr)
-+static uint32_t read_next_cdf(uint32_t cdf_offset, cdf_header_t *cdf)
- {
- 	uint32_t magic;
- 
-@@ -276,23 +276,25 @@ static uint32_t read_next_cdf(uint32_t cdf_offset, cdf_header_t *cdf_ptr)
- 	dbg("Reading CDF at 0x%x", (unsigned)cdf_offset);
- 	xlseek(zip_fd, cdf_offset, SEEK_SET);
- 	xread(zip_fd, &magic, 4);
-	/* Central Directory End? */
-+	/* Central Directory End? Assume CDF has ended.
-+	 * (more correct method is to use cde.cdf_entries_total counter)
-+	 */
- 	if (magic == ZIP_CDE_MAGIC) {
- 		dbg("got ZIP_CDE_MAGIC");
- 		return 0; /* EOF */
- 	}
-	xread(zip_fd, cdf_ptr->raw, CDF_HEADER_LEN);
-+	xread(zip_fd, cdf->raw, CDF_HEADER_LEN);
- 
-	FIX_ENDIANNESS_CDF(*cdf_ptr);
-	dbg("  file_name_length:%u extra_field_length:%u file_comment_length:%u",
-		(unsigned)cdf_ptr->formatted.file_name_length,
-		(unsigned)cdf_ptr->formatted.extra_field_length,
-		(unsigned)cdf_ptr->formatted.file_comment_length
-+	FIX_ENDIANNESS_CDF(*cdf);
-+	dbg("  filename_len:%u extra_len:%u file_comment_length:%u",
-+		(unsigned)cdf->fmt.filename_len,
-+		(unsigned)cdf->fmt.extra_len,
-+		(unsigned)cdf->fmt.file_comment_length
- 	);
- 	cdf_offset += 4 + CDF_HEADER_LEN
-		+ cdf_ptr->formatted.file_name_length
-		+ cdf_ptr->formatted.extra_field_length
-		+ cdf_ptr->formatted.file_comment_length;
-+		+ cdf->fmt.filename_len
-+		+ cdf->fmt.extra_len
-+		+ cdf->fmt.file_comment_length;
- 
- 	return cdf_offset;
- };
-@@ -315,28 +317,28 @@ static void unzip_create_leading_dirs(const char *fn)
- 	free(name);
- }
- 
-static void unzip_extract(zip_header_t *zip_header, int dst_fd)
-+static void unzip_extract(zip_header_t *zip, int dst_fd)
- {
-	if (zip_header->formatted.method == 0) {
-+	if (zip->fmt.method == 0) {
- 		/* Method 0 - stored (not compressed) */
-		off_t size = zip_header->formatted.ucmpsize;
-+		off_t size = zip->fmt.ucmpsize;
- 		if (size)
- 			bb_copyfd_exact_size(zip_fd, dst_fd, size);
- 	} else {
- 		/* Method 8 - inflate */
- 		transformer_state_t xstate;
- 		init_transformer_state(&xstate);
-		xstate.bytes_in = zip_header->formatted.cmpsize;
-+		xstate.bytes_in = zip->fmt.cmpsize;
- 		xstate.src_fd = zip_fd;
- 		xstate.dst_fd = dst_fd;
- 		if (inflate_unzip(&xstate) < 0)
- 			bb_error_msg_and_die("inflate error");
- 		/* Validate decompression - crc */
-		if (zip_header->formatted.crc32 != (xstate.crc32 ^ 0xffffffffL)) {
-+		if (zip->fmt.crc32 != (xstate.crc32 ^ 0xffffffffL)) {
- 			bb_error_msg_and_die("crc error");
- 		}
- 		/* Validate decompression - size */
-		if (zip_header->formatted.ucmpsize != xstate.bytes_out) {
-+		if (zip->fmt.ucmpsize != xstate.bytes_out) {
- 			/* Don't die. Who knows, maybe len calculation
- 			 * was botched somewhere. After all, crc matched! */
- 			bb_error_msg("bad length");
-@@ -563,7 +565,7 @@ int unzip_main(int argc, char **argv)
- 	total_entries = 0;
- 	cdf_offset = find_cdf_offset();	/* try to seek to the end, find CDE and CDF start */
- 	while (1) {
-		zip_header_t zip_header;
-+		zip_header_t zip;
- 		mode_t dir_mode = 0777;
- #if ENABLE_FEATURE_UNZIP_CDF
- 		mode_t file_mode = 0666;
-@@ -589,7 +591,7 @@ int unzip_main(int argc, char **argv)
- 
- 			/* Check magic number */
- 			xread(zip_fd, &magic, 4);
-			/* Central directory? It's at the end, so exit */
-+			/* CDF item? Assume there are no more files, exit */
- 			if (magic == ZIP_CDF_MAGIC) {
- 				dbg("got ZIP_CDF_MAGIC");
- 				break;
-@@ -605,71 +607,74 @@ int unzip_main(int argc, char **argv)
- 				bb_error_msg_and_die("invalid zip magic %08X", (int)magic);
- 			dbg("got ZIP_FILEHEADER_MAGIC");
- 
-			xread(zip_fd, zip_header.raw, ZIP_HEADER_LEN);
-			FIX_ENDIANNESS_ZIP(zip_header);
-			if ((zip_header.formatted.method != 0)
-			 && (zip_header.formatted.method != 8)
-+			xread(zip_fd, zip.raw, ZIP_HEADER_LEN);
-+			FIX_ENDIANNESS_ZIP(zip);
-+			if ((zip.fmt.method != 0)
-+			 && (zip.fmt.method != 8)
- 			) {
- 				/* TODO? method 12: bzip2, method 14: LZMA */
-				bb_error_msg_and_die("unsupported method %d", zip_header.formatted.method);
-+				bb_error_msg_and_die("unsupported method %d", zip.fmt.method);
- 			}
-			if (zip_header.formatted.zip_flags & SWAP_LE16(0x0009)) {
-+			if (zip.fmt.zip_flags & SWAP_LE16(0x0009)) {
- 				bb_error_msg_and_die("zip flags 1 and 8 are not supported");
- 			}
- 		}
- #if ENABLE_FEATURE_UNZIP_CDF
- 		else {
- 			/* cdf_offset is valid (and we know the file is seekable) */
-			cdf_header_t cdf_header;
-			cdf_offset = read_next_cdf(cdf_offset, &cdf_header);
-+			cdf_header_t cdf;
-+			cdf_offset = read_next_cdf(cdf_offset, &cdf);
- 			if (cdf_offset == 0) /* EOF? */
- 				break;
-# if 0
-+# if 1
- 			xlseek(zip_fd,
-				SWAP_LE32(cdf_header.formatted.relative_offset_of_local_header) + 4,
-+				SWAP_LE32(cdf.fmt.relative_offset_of_local_header) + 4,
- 				SEEK_SET);
-			xread(zip_fd, zip_header.raw, ZIP_HEADER_LEN);
-			FIX_ENDIANNESS_ZIP(zip_header);
-			if (zip_header.formatted.zip_flags & SWAP_LE16(0x0008)) {
-+			xread(zip_fd, zip.raw, ZIP_HEADER_LEN);
-+			FIX_ENDIANNESS_ZIP(zip);
-+			if (zip.fmt.zip_flags & SWAP_LE16(0x0008)) {
- 				/* 0x0008 - streaming. [u]cmpsize can be reliably gotten
- 				 * only from Central Directory.
- 				 */
-				zip_header.formatted.crc32    = cdf_header.formatted.crc32;
-				zip_header.formatted.cmpsize  = cdf_header.formatted.cmpsize;
-				zip_header.formatted.ucmpsize = cdf_header.formatted.ucmpsize;
-+				zip.fmt.crc32    = cdf.fmt.crc32;
-+				zip.fmt.cmpsize  = cdf.fmt.cmpsize;
-+				zip.fmt.ucmpsize = cdf.fmt.ucmpsize;
- 			}
- # else
-			/* CDF has the same data as local header, no need to read the latter */
-			memcpy(&zip_header.formatted.version,
-				&cdf_header.formatted.version_needed, ZIP_HEADER_LEN);
-+			/* CDF has the same data as local header, no need to read the latter...
-+			 * ...not really. An archive was seen with cdf.extra_len == 6 but
-+			 * zip.extra_len == 0.
-+			 */
-+			memcpy(&zip.fmt.version,
-+				&cdf.fmt.version_needed, ZIP_HEADER_LEN);
- 			xlseek(zip_fd,
-				SWAP_LE32(cdf_header.formatted.relative_offset_of_local_header) + 4 + ZIP_HEADER_LEN,
-+				SWAP_LE32(cdf.fmt.relative_offset_of_local_header) + 4 + ZIP_HEADER_LEN,
- 				SEEK_SET);
- # endif
-			if ((cdf_header.formatted.version_made_by >> 8) == 3) {
-+			if ((cdf.fmt.version_made_by >> 8) == 3) {
- 				/* This archive is created on Unix */
-				dir_mode = file_mode = (cdf_header.formatted.external_file_attributes >> 16);
-+				dir_mode = file_mode = (cdf.fmt.external_attributes >> 16);
- 			}
- 		}
- #endif
- 
-		if (zip_header.formatted.zip_flags & SWAP_LE16(0x0001)) {
-+		if (zip.fmt.zip_flags & SWAP_LE16(0x0001)) {
- 			/* 0x0001 - encrypted */
- 			bb_error_msg_and_die("zip flag 1 (encryption) is not supported");
- 		}
- 		dbg("File cmpsize:0x%x extra_len:0x%x ucmpsize:0x%x",
-			(unsigned)zip_header.formatted.cmpsize,
-			(unsigned)zip_header.formatted.extra_len,
-			(unsigned)zip_header.formatted.ucmpsize
-+			(unsigned)zip.fmt.cmpsize,
-+			(unsigned)zip.fmt.extra_len,
-+			(unsigned)zip.fmt.ucmpsize
- 		);
- 
- 		/* Read filename */
- 		free(dst_fn);
-		dst_fn = xzalloc(zip_header.formatted.filename_len + 1);
-		xread(zip_fd, dst_fn, zip_header.formatted.filename_len);
-+		dst_fn = xzalloc(zip.fmt.filename_len + 1);
-+		xread(zip_fd, dst_fn, zip.fmt.filename_len);
- 
- 		/* Skip extra header bytes */
-		unzip_skip(zip_header.formatted.extra_len);
-+		unzip_skip(zip.fmt.extra_len);
- 
- 		/* Guard against "/abspath", "/../" and similar attacks */
- 		overlapping_strcpy(dst_fn, strip_unsafe_prefix(dst_fn));
-@@ -684,32 +689,32 @@ int unzip_main(int argc, char **argv)
- 				/* List entry */
- 				char dtbuf[sizeof("mm-dd-yyyy hh:mm")];
- 				sprintf(dtbuf, "%02u-%02u-%04u %02u:%02u",
-					(zip_header.formatted.moddate >> 5) & 0xf,  // mm: 0x01e0
-					(zip_header.formatted.moddate)      & 0x1f, // dd: 0x001f
-					(zip_header.formatted.moddate >> 9) + 1980, // yy: 0xfe00
-					(zip_header.formatted.modtime >> 11),       // hh: 0xf800
-					(zip_header.formatted.modtime >> 5) & 0x3f  // mm: 0x07e0
-					// seconds/2 are not shown, encoded in ----------- 0x001f
-+					(zip.fmt.moddate >> 5) & 0xf,  // mm: 0x01e0
-+					(zip.fmt.moddate)      & 0x1f, // dd: 0x001f
-+					(zip.fmt.moddate >> 9) + 1980, // yy: 0xfe00
-+					(zip.fmt.modtime >> 11),       // hh: 0xf800
-+					(zip.fmt.modtime >> 5) & 0x3f  // mm: 0x07e0
-+					// seconds/2 not shown, encoded in -- 0x001f
- 				);
- 				if (!verbose) {
- 					//      "  Length      Date    Time    Name\n"
- 					//      "---------  ---------- -----   ----"
- 					printf(       "%9u  " "%s   "         "%s\n",
-						(unsigned)zip_header.formatted.ucmpsize,
-+						(unsigned)zip.fmt.ucmpsize,
- 						dtbuf,
- 						dst_fn);
- 				} else {
-					unsigned long percents = zip_header.formatted.ucmpsize - zip_header.formatted.cmpsize;
-+					unsigned long percents = zip.fmt.ucmpsize - zip.fmt.cmpsize;
- 					if ((int32_t)percents < 0)
- 						percents = 0; /* happens if ucmpsize < cmpsize */
- 					percents = percents * 100;
-					if (zip_header.formatted.ucmpsize)
-						percents /= zip_header.formatted.ucmpsize;
-+					if (zip.fmt.ucmpsize)
-+						percents /= zip.fmt.ucmpsize;
- 					//      " Length   Method    Size  Cmpr    Date    Time   CRC-32   Name\n"
- 					//      "--------  ------  ------- ---- ---------- ----- --------  ----"
- 					printf(      "%8u  %s"        "%9u%4u%% " "%s "         "%08x  "  "%s\n",
-						(unsigned)zip_header.formatted.ucmpsize,
-						zip_header.formatted.method == 0 ? "Stored" : "Defl:N", /* Defl is method 8 */
-+						(unsigned)zip.fmt.ucmpsize,
-+						zip.fmt.method == 0 ? "Stored" : "Defl:N", /* Defl is method 8 */
- /* TODO: show other methods?
-  *  1 - Shrunk
-  *  2 - Reduced with compression factor 1
-@@ -722,15 +727,16 @@ int unzip_main(int argc, char **argv)
-  * 10 - PKWARE Data Compression Library Imploding
-  * 11 - Reserved by PKWARE
-  * 12 - BZIP2
-+ * 14 - LZMA
-  */
-						(unsigned)zip_header.formatted.cmpsize,
-+						(unsigned)zip.fmt.cmpsize,
- 						(unsigned)percents,
- 						dtbuf,
-						zip_header.formatted.crc32,
-+						zip.fmt.crc32,
- 						dst_fn);
-					total_size += zip_header.formatted.cmpsize;
-+					total_size += zip.fmt.cmpsize;
- 				}
-				total_usize += zip_header.formatted.ucmpsize;
-+				total_usize += zip.fmt.ucmpsize;
- 				i = 'n';
- 			} else if (dst_fd == STDOUT_FILENO) {
- 				/* Extracting to STDOUT */
-@@ -798,9 +804,11 @@ int unzip_main(int argc, char **argv)
- #endif
- 		case -1: /* Unzip */
- 			if (!quiet) {
-				printf("  inflating: %s\n", dst_fn);
-+				printf(/* zip.fmt.method == 0
-+					? " extracting: %s\n"
-+					: */ "  inflating: %s\n", dst_fn);
- 			}
-			unzip_extract(&zip_header, dst_fd);
-+			unzip_extract(&zip, dst_fd);
- 			if (dst_fd != STDOUT_FILENO) {
- 				/* closing STDOUT is potentially bad for future business */
- 				close(dst_fd);
-@@ -811,7 +819,7 @@ int unzip_main(int argc, char **argv)
- 			overwrite = O_NEVER;
- 		case 'n':
- 			/* Skip entry data */
-			unzip_skip(zip_header.formatted.cmpsize);
-+			unzip_skip(zip.fmt.cmpsize);
- 			break;
- 
- 		case 'r':
-diff --git a/testsuite/unzip.tests b/testsuite/unzip.tests
-index d9c45242c..2e4becdb8 100755
--- a/testsuite/unzip.tests
-+++ b/testsuite/unzip.tests
-@@ -34,7 +34,9 @@ rm foo.zip
- optional FEATURE_UNZIP_CDF
- testing "unzip (bad archive)" "uudecode; unzip bad.zip 2>&1; echo \$?" \
- "Archive:  bad.zip
-unzip: short read
-+  inflating: ]3j½r«IK-%Ix
-+unzip: corrupted data
-+unzip: inflate error
- 1
- " \
- "" "\
-- 
-2.11.0
-
--- a/package/busybox/busybox-minimal.config
+++ b/package/busybox/busybox-minimal.config
@@ -1,7 +1,7 @@
 #
 # Automatically generated make config: don't edit
-# Busybox version: 1.26.0
-# Thu Dec 29 21:13:55 2016
+# Busybox version: 1.27.1
+# Sun Jul 30 15:42:11 2017
 #
 CONFIG_HAVE_DOT_CONFIG=y

@@ -12,7 +12,6 @@ CONFIG_HAVE_DOT_CONFIG=y
 # CONFIG_EXTRA_COMPAT is not set
 CONFIG_INCLUDE_SUSv2=y
 # CONFIG_USE_PORTABLE_CODE is not set
-CONFIG_PLATFORM_LINUX=y
 # CONFIG_SHOW_USAGE is not set
 # CONFIG_FEATURE_VERBOSE_USAGE is not set
 # CONFIG_FEATURE_COMPRESS_USAGE is not set
@@ -35,13 +34,14 @@ CONFIG_FEATURE_SUID=y
 CONFIG_BUSYBOX_EXEC_PATH="/proc/self/exe"
 CONFIG_FEATURE_SYSLOG=y
 # CONFIG_FEATURE_HAVE_RPC is not set
+CONFIG_PLATFORM_LINUX=y

 #
 # Build Options
 #
 CONFIG_STATIC=y
 # CONFIG_PIE is not set
-CONFIG_NOMMU=y
+# CONFIG_NOMMU is not set
 # CONFIG_BUILD_LIBBUSYBOX is not set
 # CONFIG_FEATURE_INDIVIDUAL is not set
 # CONFIG_FEATURE_SHARED_BUSYBOX is not set
@@ -89,7 +89,6 @@ CONFIG_MD5_SMALL=1
 CONFIG_SHA3_SMALL=1
 # CONFIG_FEATURE_FAST_TOP is not set
 # CONFIG_FEATURE_ETC_NETWORKS is not set
-CONFIG_FEATURE_USE_TERMIOS=y
 CONFIG_FEATURE_EDITING=y
 CONFIG_FEATURE_EDITING_MAX_LEN=1024
 CONFIG_FEATURE_EDITING_VI=y
@@ -150,6 +149,7 @@ CONFIG_LZCAT=y
 CONFIG_XZCAT=y
 # CONFIG_XZ is not set
 # CONFIG_BZIP2 is not set
+CONFIG_FEATURE_BZIP2_DECOMPRESS=y
 # CONFIG_CPIO is not set
 # CONFIG_FEATURE_CPIO_O is not set
 # CONFIG_FEATURE_CPIO_P is not set
@@ -159,6 +159,7 @@ CONFIG_XZCAT=y
 # CONFIG_FEATURE_GZIP_LONG_OPTIONS is not set
 CONFIG_GZIP_FAST=0
 # CONFIG_FEATURE_GZIP_LEVELS is not set
+CONFIG_FEATURE_GZIP_DECOMPRESS=y
 # CONFIG_LZOP is not set
 CONFIG_UNLZOP=y
 CONFIG_LZOPCAT=y
@@ -166,26 +167,29 @@ CONFIG_LZOPCAT=y
 # CONFIG_RPM2CPIO is not set
 # CONFIG_RPM is not set
 # CONFIG_TAR is not set
+# CONFIG_FEATURE_TAR_LONG_OPTIONS is not set
 # CONFIG_FEATURE_TAR_CREATE is not set
 # CONFIG_FEATURE_TAR_AUTODETECT is not set
 # CONFIG_FEATURE_TAR_FROM is not set
 # CONFIG_FEATURE_TAR_OLDGNU_COMPATIBILITY is not set
 # CONFIG_FEATURE_TAR_OLDSUN_COMPATIBILITY is not set
 # CONFIG_FEATURE_TAR_GNU_EXTENSIONS is not set
-# CONFIG_FEATURE_TAR_LONG_OPTIONS is not set
 # CONFIG_FEATURE_TAR_TO_COMMAND is not set
 # CONFIG_FEATURE_TAR_UNAME_GNAME is not set
 # CONFIG_FEATURE_TAR_NOPRESERVE_TIME is not set
 # CONFIG_FEATURE_TAR_SELINUX is not set
 # CONFIG_UNZIP is not set
+# CONFIG_FEATURE_UNZIP_CDF is not set
+# CONFIG_FEATURE_UNZIP_BZIP2 is not set
+# CONFIG_FEATURE_UNZIP_LZMA is not set
+# CONFIG_FEATURE_UNZIP_XZ is not set

 #
 # Coreutils
 #
 CONFIG_BASENAME=y
-# CONFIG_CAL is not set
 CONFIG_CAT=y
-CONFIG_CATV=y
+CONFIG_FEATURE_CATV=y
 CONFIG_CHGRP=y
 CONFIG_CHMOD=y
 CONFIG_CHOWN=y
@@ -222,6 +226,7 @@ CONFIG_ENV=y
 # CONFIG_FEATURE_UNEXPAND_LONG_OPTIONS is not set
 CONFIG_EXPR=y
 CONFIG_EXPR_MATH_SUPPORT_64=y
+CONFIG_FACTOR=y
 CONFIG_FALSE=y
 CONFIG_FOLD=y
 # CONFIG_FSYNC is not set
@@ -232,12 +237,14 @@ CONFIG_ID=y
 # CONFIG_GROUPS is not set
 CONFIG_INSTALL=y
 CONFIG_FEATURE_INSTALL_LONG_OPTIONS=y
+CONFIG_LINK=y
 CONFIG_LN=y
 CONFIG_LOGNAME=y
 CONFIG_LS=y
 CONFIG_FEATURE_LS_FILETYPES=y
 CONFIG_FEATURE_LS_FOLLOWLINKS=y
 CONFIG_FEATURE_LS_RECURSIVE=y
+CONFIG_FEATURE_LS_WIDTH=y
 CONFIG_FEATURE_LS_SORTFILES=y
 CONFIG_FEATURE_LS_TIMESTAMPS=y
 CONFIG_FEATURE_LS_USERNAME=y
@@ -257,11 +264,15 @@ CONFIG_MKDIR=y
 CONFIG_FEATURE_MKDIR_LONG_OPTIONS=y
 CONFIG_MKFIFO=y
 CONFIG_MKNOD=y
+# CONFIG_MKTEMP is not set
 CONFIG_MV=y
 CONFIG_FEATURE_MV_LONG_OPTIONS=y
 CONFIG_NICE=y
+CONFIG_NL=y
 CONFIG_NOHUP=y
+CONFIG_NPROC=y
 CONFIG_OD=y
+CONFIG_PASTE=y
 CONFIG_PRINTENV=y
 CONFIG_PRINTF=y
 CONFIG_PWD=y
@@ -272,6 +283,7 @@ CONFIG_RM=y
 CONFIG_RMDIR=y
 # CONFIG_FEATURE_RMDIR_LONG_OPTIONS is not set
 CONFIG_SEQ=y
+CONFIG_SHRED=y
 # CONFIG_SHUF is not set
 CONFIG_SLEEP=y
 CONFIG_FEATURE_FANCY_SLEEP=y
@@ -296,6 +308,7 @@ CONFIG_TEST=y
 CONFIG_TEST1=y
 CONFIG_TEST2=y
 CONFIG_FEATURE_TEST_64=y
+# CONFIG_TIMEOUT is not set
 CONFIG_TOUCH=y
 # CONFIG_FEATURE_TOUCH_NODEREF is not set
 CONFIG_FEATURE_TOUCH_SUSV3=y
@@ -317,6 +330,7 @@ CONFIG_WC=y
 # CONFIG_FEATURE_WC_LARGE is not set
 CONFIG_WHOAMI=y
 CONFIG_WHO=y
+CONFIG_W=y
 # CONFIG_USERS is not set
 CONFIG_YES=y

@@ -330,11 +344,6 @@ CONFIG_FEATURE_VERBOSE=y
 #
 CONFIG_FEATURE_PRESERVE_HARDLINKS=y

-#
-# Common options for ls, more and telnet
-#
-CONFIG_FEATURE_AUTOWIDTH=y
-
 #
 # Common options for df, du, ls
 #
@@ -369,14 +378,13 @@ CONFIG_DEFAULT_SETFONT_DIR=""
 #
 # Debian Utilities
 #
-# CONFIG_MKTEMP is not set
 # CONFIG_PIPE_PROGRESS is not set
 CONFIG_RUN_PARTS=y
 CONFIG_FEATURE_RUN_PARTS_LONG_OPTIONS=y
 CONFIG_FEATURE_RUN_PARTS_FANCY=y
 CONFIG_START_STOP_DAEMON=y
-CONFIG_FEATURE_START_STOP_DAEMON_FANCY=y
 CONFIG_FEATURE_START_STOP_DAEMON_LONG_OPTIONS=y
+CONFIG_FEATURE_START_STOP_DAEMON_FANCY=y
 CONFIG_WHICH=y

 #
@@ -467,12 +475,10 @@ CONFIG_FEATURE_KILL_REMOVED=y
 CONFIG_FEATURE_KILL_DELAY=0
 CONFIG_FEATURE_INIT_SCTTY=y
 CONFIG_FEATURE_INIT_SYSLOG=y
-CONFIG_FEATURE_EXTRA_QUIET=y
+CONFIG_FEATURE_INIT_QUIET=y
 # CONFIG_FEATURE_INIT_COREDUMPS is not set
 CONFIG_INIT_TERMINAL_TYPE="linux"
 CONFIG_FEATURE_INIT_MODIFY_CMDLINE=y
-CONFIG_MESG=y
-CONFIG_FEATURE_MESG_ENABLE_ONLY_GROUP=y

 #
 # Login/Password Management Utilities
@@ -511,6 +517,7 @@ CONFIG_FEATURE_PASSWD_WEAK_CHECK=y
 # CONFIG_SU is not set
 # CONFIG_FEATURE_SU_SYSLOG is not set
 # CONFIG_FEATURE_SU_CHECKS_SHELLS is not set
+# CONFIG_FEATURE_SU_BLANK_PW_NEEDS_SECURE_TTY is not set
 # CONFIG_SULOGIN is not set
 # CONFIG_VLOCK is not set

@@ -525,6 +532,7 @@ CONFIG_FEATURE_PASSWD_WEAK_CHECK=y
 #
 # Linux Module Utilities
 #
+# CONFIG_MODPROBE_SMALL is not set
 # CONFIG_DEPMOD is not set
 # CONFIG_INSMOD is not set
 # CONFIG_LSMOD is not set
@@ -532,22 +540,21 @@ CONFIG_FEATURE_PASSWD_WEAK_CHECK=y
 # CONFIG_MODINFO is not set
 # CONFIG_MODPROBE is not set
 # CONFIG_FEATURE_MODPROBE_BLACKLIST is not set
-# CONFIG_MODPROBE_SMALL is not set
-# CONFIG_FEATURE_MODPROBE_SMALL_OPTIONS_ON_CMDLINE is not set
-# CONFIG_FEATURE_MODPROBE_SMALL_CHECK_ALREADY_LOADED is not set
 # CONFIG_RMMOD is not set

 #
 # Options common to multiple modutils
 #
+# CONFIG_FEATURE_CMDLINE_MODULE_OPTIONS is not set
+# CONFIG_FEATURE_MODPROBE_SMALL_CHECK_ALREADY_LOADED is not set
 # CONFIG_FEATURE_2_4_MODULES is not set
-# CONFIG_FEATURE_INSMOD_TRY_MMAP is not set
 # CONFIG_FEATURE_INSMOD_VERSION_CHECKING is not set
 # CONFIG_FEATURE_INSMOD_KSYMOOPS_SYMBOLS is not set
 # CONFIG_FEATURE_INSMOD_LOADINKMEM is not set
 # CONFIG_FEATURE_INSMOD_LOAD_MAP is not set
 # CONFIG_FEATURE_INSMOD_LOAD_MAP_FULL is not set
 # CONFIG_FEATURE_CHECK_TAINTED_MODULE is not set
+# CONFIG_FEATURE_INSMOD_TRY_MMAP is not set
 # CONFIG_FEATURE_MODUTILS_ALIAS is not set
 # CONFIG_FEATURE_MODUTILS_SYMBOLS is not set
 CONFIG_DEFAULT_MODULES_DIR=""
@@ -562,8 +569,13 @@ CONFIG_DEFAULT_DEPMOD_FILE=""
 # CONFIG_BLKID is not set
 # CONFIG_FEATURE_BLKID_TYPE is not set
 # CONFIG_BLOCKDEV is not set
+# CONFIG_CAL is not set
+# CONFIG_CHRT is not set
 CONFIG_DMESG=y
 CONFIG_FEATURE_DMESG_PRETTY=y
+# CONFIG_EJECT is not set
+# CONFIG_FEATURE_EJECT_SCSI is not set
+CONFIG_FALLOCATE=y
 # CONFIG_FATATTR is not set
 # CONFIG_FBSET is not set
 # CONFIG_FEATURE_FBSET_FANCY is not set
@@ -583,17 +595,22 @@ CONFIG_FEATURE_DMESG_PRETTY=y
 # CONFIG_FDFLUSH is not set
 CONFIG_FREERAMDISK=y
 # CONFIG_FSCK_MINIX is not set
+CONFIG_FSFREEZE=y
 # CONFIG_FSTRIM is not set
 CONFIG_GETOPT=y
 CONFIG_FEATURE_GETOPT_LONG=y
 # CONFIG_HEXDUMP is not set
 # CONFIG_FEATURE_HEXDUMP_REVERSE is not set
 # CONFIG_HD is not set
+CONFIG_XXD=y
 # CONFIG_HWCLOCK is not set
 # CONFIG_FEATURE_HWCLOCK_LONG_OPTIONS is not set
 # CONFIG_FEATURE_HWCLOCK_ADJTIME_FHS is not set
+# CONFIG_IONICE is not set
 # CONFIG_IPCRM is not set
 # CONFIG_IPCS is not set
+# CONFIG_LAST is not set
+# CONFIG_FEATURE_LAST_FANCY is not set
 # CONFIG_LOSETUP is not set
 # CONFIG_LSPCI is not set
 # CONFIG_LSUSB is not set
@@ -603,6 +620,8 @@ CONFIG_FEATURE_GETOPT_LONG=y
 # CONFIG_FEATURE_MDEV_RENAME_REGEXP is not set
 # CONFIG_FEATURE_MDEV_EXEC is not set
 # CONFIG_FEATURE_MDEV_LOAD_FIRMWARE is not set
+CONFIG_MESG=y
+CONFIG_FEATURE_MESG_ENABLE_ONLY_GROUP=y
 CONFIG_MKE2FS=y
 # CONFIG_MKFS_EXT2 is not set
 # CONFIG_MKFS_MINIX is not set
@@ -623,12 +642,14 @@ CONFIG_FEATURE_MOUNT_CIFS=y
 CONFIG_FEATURE_MOUNT_FLAGS=y
 CONFIG_FEATURE_MOUNT_FSTAB=y
 CONFIG_FEATURE_MOUNT_OTHERTAB=y
+# CONFIG_MOUNTPOINT is not set
 # CONFIG_NSENTER is not set
 # CONFIG_FEATURE_NSENTER_LONG_OPTS is not set
 # CONFIG_PIVOT_ROOT is not set
 # CONFIG_RDATE is not set
 # CONFIG_RDEV is not set
 # CONFIG_READPROFILE is not set
+# CONFIG_RENICE is not set
 # CONFIG_REV is not set
 # CONFIG_RTCWAKE is not set
 # CONFIG_SCRIPT is not set
@@ -636,15 +657,20 @@ CONFIG_FEATURE_MOUNT_OTHERTAB=y
 # CONFIG_SETARCH is not set
 CONFIG_LINUX32=y
 CONFIG_LINUX64=y
+CONFIG_SETPRIV=y
+# CONFIG_SETSID is not set
 CONFIG_SWAPON=y
 # CONFIG_FEATURE_SWAPON_DISCARD is not set
 # CONFIG_FEATURE_SWAPON_PRI is not set
 CONFIG_SWAPOFF=y
 # CONFIG_SWITCH_ROOT is not set
+# CONFIG_TASKSET is not set
+# CONFIG_FEATURE_TASKSET_FANCY is not set
 # CONFIG_UEVENT is not set
 CONFIG_UMOUNT=y
 CONFIG_FEATURE_UMOUNT_ALL=y
 # CONFIG_UNSHARE is not set
+# CONFIG_WALL is not set

 #
 # Common options for mount/umount
@@ -694,7 +720,6 @@ CONFIG_FEATURE_BEEP_LENGTH_MS=0
 # CONFIG_FEATURE_CHAT_SEND_ESCAPES is not set
 # CONFIG_FEATURE_CHAT_VAR_ABORT_LEN is not set
 # CONFIG_FEATURE_CHAT_CLR_ABORT is not set
-# CONFIG_CHRT is not set
 # CONFIG_CONSPY is not set
 # CONFIG_CROND is not set
 # CONFIG_FEATURE_CROND_D is not set
@@ -709,8 +734,6 @@ CONFIG_FEATURE_CROND_DIR=""
 # CONFIG_DEVFSD_VERBOSE is not set
 # CONFIG_FEATURE_DEVFS is not set
 # CONFIG_DEVMEM is not set
-# CONFIG_EJECT is not set
-# CONFIG_FEATURE_EJECT_SCSI is not set
 # CONFIG_FBSPLASH is not set
 # CONFIG_FLASHCP is not set
 # CONFIG_FLASH_ERASEALL is not set
@@ -728,9 +751,6 @@ CONFIG_FEATURE_CROND_DIR=""
 # CONFIG_I2CDUMP is not set
 # CONFIG_I2CDETECT is not set
 # CONFIG_INOTIFYD is not set
-# CONFIG_IONICE is not set
-# CONFIG_LAST is not set
-# CONFIG_FEATURE_LAST_FANCY is not set
 # CONFIG_LESS is not set
 CONFIG_FEATURE_LESS_MAXLINES=0
 # CONFIG_FEATURE_LESS_BRACKETS is not set
@@ -742,27 +762,24 @@ CONFIG_FEATURE_LESS_MAXLINES=0
 # CONFIG_FEATURE_LESS_ASK_TERMINAL is not set
 # CONFIG_FEATURE_LESS_DASHCMD is not set
 # CONFIG_FEATURE_LESS_LINENUMS is not set
+CONFIG_LSSCSI=y
 # CONFIG_MAKEDEVS is not set
 # CONFIG_FEATURE_MAKEDEVS_LEAF is not set
 # CONFIG_FEATURE_MAKEDEVS_TABLE is not set
 # CONFIG_MAN is not set
 # CONFIG_MICROCOM is not set
-# CONFIG_MOUNTPOINT is not set
 # CONFIG_MT is not set
 # CONFIG_NANDWRITE is not set
 # CONFIG_NANDDUMP is not set
+CONFIG_PARTPROBE=y
 # CONFIG_RAIDAUTORUN is not set
 # CONFIG_READAHEAD is not set
 # CONFIG_RFKILL is not set
 # CONFIG_RUNLEVEL is not set
 # CONFIG_RX is not set
 CONFIG_SETSERIAL=y
-# CONFIG_SETSID is not set
 # CONFIG_STRINGS is not set
-# CONFIG_TASKSET is not set
-# CONFIG_FEATURE_TASKSET_FANCY is not set
 # CONFIG_TIME is not set
-# CONFIG_TIMEOUT is not set
 # CONFIG_TTYSIZE is not set
 # CONFIG_UBIRENAME is not set
 # CONFIG_UBIATTACH is not set
@@ -772,7 +789,6 @@ CONFIG_SETSERIAL=y
 # CONFIG_UBIRSVOL is not set
 # CONFIG_UBIUPDATEVOL is not set
 # CONFIG_VOLNAME is not set
-# CONFIG_WALL is not set
 # CONFIG_WATCHDOG is not set

 #
@@ -822,8 +838,6 @@ CONFIG_IFUP=y
 CONFIG_IFDOWN=y
 CONFIG_IFUPDOWN_IFSTATE_PATH="/var/run/ifstate"
 CONFIG_FEATURE_IFUPDOWN_IP=y
-CONFIG_FEATURE_IFUPDOWN_IP_BUILTIN=y
-# CONFIG_FEATURE_IFUPDOWN_IFCONFIG_BUILTIN is not set
 CONFIG_FEATURE_IFUPDOWN_IPV4=y
 # CONFIG_FEATURE_IFUPDOWN_IPV6 is not set
 # CONFIG_FEATURE_IFUPDOWN_MAPPING is not set
@@ -836,6 +850,12 @@ CONFIG_FEATURE_IFUPDOWN_EXTERNAL_DHCP=y
 # CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_CHARGEN is not set
 # CONFIG_FEATURE_INETD_RPC is not set
 CONFIG_IP=y
+CONFIG_IPADDR=y
+CONFIG_IPLINK=y
+CONFIG_IPROUTE=y
+# CONFIG_IPTUNNEL is not set
+# CONFIG_IPRULE is not set
+# CONFIG_IPNEIGH is not set
 CONFIG_FEATURE_IP_ADDRESS=y
 CONFIG_FEATURE_IP_LINK=y
 CONFIG_FEATURE_IP_ROUTE=y
@@ -843,17 +863,10 @@ CONFIG_FEATURE_IP_ROUTE_DIR="/etc/iproute2"
 # CONFIG_FEATURE_IP_TUNNEL is not set
 # CONFIG_FEATURE_IP_RULE is not set
 # CONFIG_FEATURE_IP_NEIGH is not set
-CONFIG_FEATURE_IP_SHORT_FORMS=y
 # CONFIG_FEATURE_IP_RARE_PROTOCOLS is not set
-CONFIG_IPADDR=y
-CONFIG_IPLINK=y
-CONFIG_IPROUTE=y
-# CONFIG_IPTUNNEL is not set
-# CONFIG_IPRULE is not set
-# CONFIG_IPNEIGH is not set
 # CONFIG_IPCALC is not set
-# CONFIG_FEATURE_IPCALC_FANCY is not set
 # CONFIG_FEATURE_IPCALC_LONG_OPTIONS is not set
+# CONFIG_FEATURE_IPCALC_FANCY is not set
 # CONFIG_FAKEIDENTD is not set
 # CONFIG_NAMEIF is not set
 # CONFIG_FEATURE_NAMEIF_EXTENDED is not set
@@ -875,11 +888,13 @@ CONFIG_PING=y
 # CONFIG_PSCAN is not set
 CONFIG_ROUTE=y
 # CONFIG_SLATTACH is not set
+# CONFIG_SSL_CLIENT is not set
 # CONFIG_TCPSVD is not set
 # CONFIG_UDPSVD is not set
 CONFIG_TELNET=y
 CONFIG_FEATURE_TELNET_TTYPE=y
 CONFIG_FEATURE_TELNET_AUTOLOGIN=y
+CONFIG_FEATURE_TELNET_WIDTH=y
 # CONFIG_TELNETD is not set
 # CONFIG_FEATURE_TELNETD_STANDALONE is not set
 # CONFIG_FEATURE_TELNETD_INETD_WAIT is not set
@@ -890,6 +905,7 @@ CONFIG_FEATURE_TELNET_AUTOLOGIN=y
 # CONFIG_FEATURE_TFTP_BLOCKSIZE is not set
 # CONFIG_FEATURE_TFTP_PROGRESS_BAR is not set
 # CONFIG_TFTP_DEBUG is not set
+# CONFIG_TLS is not set
 # CONFIG_TRACEROUTE is not set
 # CONFIG_TRACEROUTE6 is not set
 # CONFIG_FEATURE_TRACEROUTE_VERBOSE is not set
@@ -898,29 +914,32 @@ CONFIG_FEATURE_TELNET_AUTOLOGIN=y
 # CONFIG_FEATURE_TUNCTL_UG is not set
 # CONFIG_VCONFIG is not set
 CONFIG_WGET=y
+# CONFIG_FEATURE_WGET_LONG_OPTIONS is not set
 # CONFIG_FEATURE_WGET_STATUSBAR is not set
 # CONFIG_FEATURE_WGET_AUTHENTICATION is not set
-# CONFIG_FEATURE_WGET_LONG_OPTIONS is not set
 # CONFIG_FEATURE_WGET_TIMEOUT is not set
+# CONFIG_FEATURE_WGET_HTTPS is not set
 # CONFIG_FEATURE_WGET_OPENSSL is not set
-# CONFIG_FEATURE_WGET_SSL_HELPER is not set
 # CONFIG_WHOIS is not set
 # CONFIG_ZCIP is not set
 # CONFIG_UDHCPC6 is not set
+# CONFIG_FEATURE_UDHCPC6_RFC3646 is not set
+# CONFIG_FEATURE_UDHCPC6_RFC4704 is not set
+# CONFIG_FEATURE_UDHCPC6_RFC4833 is not set
 # CONFIG_UDHCPD is not set
-# CONFIG_DHCPRELAY is not set
-# CONFIG_DUMPLEASES is not set
 # CONFIG_FEATURE_UDHCPD_WRITE_LEASES_EARLY is not set
 # CONFIG_FEATURE_UDHCPD_BASE_IP_ON_MAC is not set
 CONFIG_DHCPD_LEASES_FILE=""
+# CONFIG_DUMPLEASES is not set
+# CONFIG_DHCPRELAY is not set
 CONFIG_UDHCPC=y
 # CONFIG_FEATURE_UDHCPC_ARPING is not set
 CONFIG_FEATURE_UDHCPC_SANITIZEOPT=y
+CONFIG_UDHCPC_DEFAULT_SCRIPT="/usr/share/udhcpc/default.script"
 # CONFIG_FEATURE_UDHCP_PORT is not set
 CONFIG_UDHCP_DEBUG=9
 # CONFIG_FEATURE_UDHCP_RFC3397 is not set
 # CONFIG_FEATURE_UDHCP_8021Q is not set
-CONFIG_UDHCPC_DEFAULT_SCRIPT="/usr/share/udhcpc/default.script"
 CONFIG_UDHCPC_SLACK_FOR_BUGGY_SERVERS=80
 CONFIG_IFUPDOWN_UDHCPC_CMD_OPTIONS="-R -n"

@@ -961,18 +980,19 @@ CONFIG_KILLALL5=y
 # CONFIG_FEATURE_PIDOF_OMIT is not set
 # CONFIG_PMAP is not set
 # CONFIG_POWERTOP is not set
+# CONFIG_FEATURE_POWERTOP_INTERACTIVE is not set
 CONFIG_PS=y
 CONFIG_FEATURE_PS_WIDE=y
 CONFIG_FEATURE_PS_LONG=y
 # CONFIG_FEATURE_PS_TIME is not set
-# CONFIG_FEATURE_PS_ADDITIONAL_COLUMNS is not set
 # CONFIG_FEATURE_PS_UNUSUAL_SYSTEMS is not set
+# CONFIG_FEATURE_PS_ADDITIONAL_COLUMNS is not set
 # CONFIG_PSTREE is not set
 # CONFIG_PWDX is not set
-# CONFIG_RENICE is not set
 # CONFIG_SMEMCAP is not set
 # CONFIG_BB_SYSCTL is not set
 # CONFIG_TOP is not set
+# CONFIG_FEATURE_TOP_INTERACTIVE is not set
 # CONFIG_FEATURE_TOP_CPU_USAGE_PERCENTAGE is not set
 # CONFIG_FEATURE_TOP_CPU_GLOBAL_PERCENTS is not set
 # CONFIG_FEATURE_TOP_SMP_CPU is not set
@@ -1018,27 +1038,32 @@ CONFIG_SVC=y
 #
 # Shells
 #
+# CONFIG_SH_IS_ASH is not set
+CONFIG_SH_IS_HUSH=y
+# CONFIG_SH_IS_NONE is not set
+# CONFIG_BASH_IS_ASH is not set
+# CONFIG_BASH_IS_HUSH is not set
+CONFIG_BASH_IS_NONE=y
 # CONFIG_ASH is not set
 # CONFIG_ASH_OPTIMIZE_FOR_SIZE is not set
 # CONFIG_ASH_INTERNAL_GLOB is not set
-# CONFIG_ASH_RANDOM_SUPPORT is not set
-# CONFIG_ASH_EXPAND_PRMT is not set
 # CONFIG_ASH_BASH_COMPAT is not set
-# CONFIG_ASH_IDLE_TIMEOUT is not set
 # CONFIG_ASH_JOB_CONTROL is not set
 # CONFIG_ASH_ALIAS is not set
-# CONFIG_ASH_GETOPTS is not set
-# CONFIG_ASH_BUILTIN_ECHO is not set
-# CONFIG_ASH_BUILTIN_PRINTF is not set
-# CONFIG_ASH_BUILTIN_TEST is not set
-# CONFIG_ASH_HELP is not set
-# CONFIG_ASH_CMDCMD is not set
+# CONFIG_ASH_RANDOM_SUPPORT is not set
+# CONFIG_ASH_EXPAND_PRMT is not set
+# CONFIG_ASH_IDLE_TIMEOUT is not set
 # CONFIG_ASH_MAIL is not set
+# CONFIG_ASH_ECHO is not set
+# CONFIG_ASH_PRINTF is not set
+# CONFIG_ASH_TEST is not set
+# CONFIG_ASH_HELP is not set
+# CONFIG_ASH_GETOPTS is not set
+# CONFIG_ASH_CMDCMD is not set
 # CONFIG_CTTYHACK is not set
 CONFIG_HUSH=y
 CONFIG_HUSH_BASH_COMPAT=y
 CONFIG_HUSH_BRACE_EXPANSION=y
-CONFIG_HUSH_HELP=y
 CONFIG_HUSH_INTERACTIVE=y
 CONFIG_HUSH_SAVEHISTORY=y
 CONFIG_HUSH_JOB=y
@@ -1049,17 +1074,30 @@ CONFIG_HUSH_CASE=y
 CONFIG_HUSH_FUNCTIONS=y
 CONFIG_HUSH_LOCAL=y
 CONFIG_HUSH_RANDOM_SUPPORT=y
-CONFIG_HUSH_EXPORT_N=y
 CONFIG_HUSH_MODE_X=y
+CONFIG_HUSH_ECHO=y
+CONFIG_HUSH_PRINTF=y
+CONFIG_HUSH_TEST=y
+CONFIG_HUSH_HELP=y
+CONFIG_HUSH_EXPORT=y
+CONFIG_HUSH_EXPORT_N=y
+CONFIG_HUSH_KILL=y
+CONFIG_HUSH_WAIT=y
+CONFIG_HUSH_TRAP=y
+CONFIG_HUSH_TYPE=y
+CONFIG_HUSH_READ=y
+CONFIG_HUSH_SET=y
+CONFIG_HUSH_UNSET=y
+CONFIG_HUSH_ULIMIT=y
+CONFIG_HUSH_UMASK=y
+# CONFIG_HUSH_MEMLEAK is not set
 # CONFIG_MSH is not set
-# CONFIG_FEATURE_SH_IS_ASH is not set
-CONFIG_FEATURE_SH_IS_HUSH=y
-# CONFIG_FEATURE_SH_IS_NONE is not set
-# CONFIG_FEATURE_BASH_IS_ASH is not set
-# CONFIG_FEATURE_BASH_IS_HUSH is not set
-CONFIG_FEATURE_BASH_IS_NONE=y
-CONFIG_SH_MATH_SUPPORT=y
-# CONFIG_SH_MATH_SUPPORT_64 is not set
+
+#
+# Options common to all shells
+#
+CONFIG_FEATURE_SH_MATH=y
+CONFIG_FEATURE_SH_MATH_64=y
 CONFIG_FEATURE_SH_EXTRA_QUIET=y
 # CONFIG_FEATURE_SH_STANDALONE is not set
 # CONFIG_FEATURE_SH_NOFORK is not set
--- a/package/busybox/busybox.config
+++ b/package/busybox/busybox.config
@@ -1,7 +1,7 @@
 #
 # Automatically generated make config: don't edit
-# Busybox version: 1.26.0
-# Thu Dec 29 21:01:56 2016
+# Busybox version: 1.27.1
+# Sun Jul 30 15:27:03 2017
 #
 CONFIG_HAVE_DOT_CONFIG=y

@@ -12,7 +12,6 @@ CONFIG_DESKTOP=y
 # CONFIG_EXTRA_COMPAT is not set
 CONFIG_INCLUDE_SUSv2=y
 # CONFIG_USE_PORTABLE_CODE is not set
-CONFIG_PLATFORM_LINUX=y
 CONFIG_SHOW_USAGE=y
 CONFIG_FEATURE_VERBOSE_USAGE=y
 # CONFIG_FEATURE_COMPRESS_USAGE is not set
@@ -35,6 +34,7 @@ CONFIG_FEATURE_SUID=y
 CONFIG_BUSYBOX_EXEC_PATH="/proc/self/exe"
 CONFIG_FEATURE_SYSLOG=y
 # CONFIG_FEATURE_HAVE_RPC is not set
+CONFIG_PLATFORM_LINUX=y

 #
 # Build Options
@@ -89,7 +89,6 @@ CONFIG_MD5_SMALL=1
 CONFIG_SHA3_SMALL=1
 # CONFIG_FEATURE_FAST_TOP is not set
 # CONFIG_FEATURE_ETC_NETWORKS is not set
-CONFIG_FEATURE_USE_TERMIOS=y
 CONFIG_FEATURE_EDITING=y
 CONFIG_FEATURE_EDITING_MAX_LEN=1024
 CONFIG_FEATURE_EDITING_VI=y
@@ -150,6 +149,7 @@ CONFIG_UNXZ=y
 CONFIG_XZCAT=y
 CONFIG_XZ=y
 # CONFIG_BZIP2 is not set
+CONFIG_FEATURE_BZIP2_DECOMPRESS=y
 CONFIG_CPIO=y
 # CONFIG_FEATURE_CPIO_O is not set
 # CONFIG_FEATURE_CPIO_P is not set
@@ -159,6 +159,7 @@ CONFIG_GZIP=y
 # CONFIG_FEATURE_GZIP_LONG_OPTIONS is not set
 CONFIG_GZIP_FAST=0
 # CONFIG_FEATURE_GZIP_LEVELS is not set
+CONFIG_FEATURE_GZIP_DECOMPRESS=y
 # CONFIG_LZOP is not set
 CONFIG_UNLZOP=y
 CONFIG_LZOPCAT=y
@@ -166,26 +167,29 @@ CONFIG_LZOPCAT=y
 # CONFIG_RPM2CPIO is not set
 # CONFIG_RPM is not set
 CONFIG_TAR=y
+CONFIG_FEATURE_TAR_LONG_OPTIONS=y
 CONFIG_FEATURE_TAR_CREATE=y
 # CONFIG_FEATURE_TAR_AUTODETECT is not set
 CONFIG_FEATURE_TAR_FROM=y
 # CONFIG_FEATURE_TAR_OLDGNU_COMPATIBILITY is not set
 # CONFIG_FEATURE_TAR_OLDSUN_COMPATIBILITY is not set
 CONFIG_FEATURE_TAR_GNU_EXTENSIONS=y
-CONFIG_FEATURE_TAR_LONG_OPTIONS=y
 CONFIG_FEATURE_TAR_TO_COMMAND=y
 # CONFIG_FEATURE_TAR_UNAME_GNAME is not set
 # CONFIG_FEATURE_TAR_NOPRESERVE_TIME is not set
 # CONFIG_FEATURE_TAR_SELINUX is not set
 CONFIG_UNZIP=y
+CONFIG_FEATURE_UNZIP_CDF=y
+CONFIG_FEATURE_UNZIP_BZIP2=y
+CONFIG_FEATURE_UNZIP_LZMA=y
+CONFIG_FEATURE_UNZIP_XZ=y

 #
 # Coreutils
 #
 CONFIG_BASENAME=y
-# CONFIG_CAL is not set
 CONFIG_CAT=y
-CONFIG_CATV=y
+CONFIG_FEATURE_CATV=y
 CONFIG_CHGRP=y
 CONFIG_CHMOD=y
 CONFIG_CHOWN=y
@@ -222,6 +226,7 @@ CONFIG_ENV=y
 # CONFIG_FEATURE_UNEXPAND_LONG_OPTIONS is not set
 CONFIG_EXPR=y
 CONFIG_EXPR_MATH_SUPPORT_64=y
+CONFIG_FACTOR=y
 CONFIG_FALSE=y
 CONFIG_FOLD=y
 # CONFIG_FSYNC is not set
@@ -232,12 +237,14 @@ CONFIG_ID=y
 # CONFIG_GROUPS is not set
 CONFIG_INSTALL=y
 CONFIG_FEATURE_INSTALL_LONG_OPTIONS=y
+CONFIG_LINK=y
 CONFIG_LN=y
 CONFIG_LOGNAME=y
 CONFIG_LS=y
 CONFIG_FEATURE_LS_FILETYPES=y
 CONFIG_FEATURE_LS_FOLLOWLINKS=y
 CONFIG_FEATURE_LS_RECURSIVE=y
+CONFIG_FEATURE_LS_WIDTH=y
 CONFIG_FEATURE_LS_SORTFILES=y
 CONFIG_FEATURE_LS_TIMESTAMPS=y
 CONFIG_FEATURE_LS_USERNAME=y
@@ -257,11 +264,15 @@ CONFIG_MKDIR=y
 CONFIG_FEATURE_MKDIR_LONG_OPTIONS=y
 CONFIG_MKFIFO=y
 CONFIG_MKNOD=y
+CONFIG_MKTEMP=y
 CONFIG_MV=y
 CONFIG_FEATURE_MV_LONG_OPTIONS=y
 CONFIG_NICE=y
+CONFIG_NL=y
 CONFIG_NOHUP=y
+CONFIG_NPROC=y
 CONFIG_OD=y
+CONFIG_PASTE=y
 CONFIG_PRINTENV=y
 CONFIG_PRINTF=y
 CONFIG_PWD=y
@@ -272,6 +283,7 @@ CONFIG_RM=y
 CONFIG_RMDIR=y
 # CONFIG_FEATURE_RMDIR_LONG_OPTIONS is not set
 CONFIG_SEQ=y
+CONFIG_SHRED=y
 # CONFIG_SHUF is not set
 CONFIG_SLEEP=y
 CONFIG_FEATURE_FANCY_SLEEP=y
@@ -296,6 +308,7 @@ CONFIG_TEST=y
 CONFIG_TEST1=y
 CONFIG_TEST2=y
 CONFIG_FEATURE_TEST_64=y
+# CONFIG_TIMEOUT is not set
 CONFIG_TOUCH=y
 # CONFIG_FEATURE_TOUCH_NODEREF is not set
 CONFIG_FEATURE_TOUCH_SUSV3=y
@@ -317,6 +330,7 @@ CONFIG_WC=y
 # CONFIG_FEATURE_WC_LARGE is not set
 CONFIG_WHOAMI=y
 CONFIG_WHO=y
+CONFIG_W=y
 # CONFIG_USERS is not set
 CONFIG_YES=y

@@ -330,11 +344,6 @@ CONFIG_FEATURE_VERBOSE=y
 #
 CONFIG_FEATURE_PRESERVE_HARDLINKS=y

-#
-# Common options for ls, more and telnet
-#
-CONFIG_FEATURE_AUTOWIDTH=y
-
 #
 # Common options for df, du, ls
 #
@@ -373,14 +382,13 @@ CONFIG_SETLOGCONS=y
 #
 # Debian Utilities
 #
-CONFIG_MKTEMP=y
 CONFIG_PIPE_PROGRESS=y
 CONFIG_RUN_PARTS=y
 CONFIG_FEATURE_RUN_PARTS_LONG_OPTIONS=y
 # CONFIG_FEATURE_RUN_PARTS_FANCY is not set
 CONFIG_START_STOP_DAEMON=y
-CONFIG_FEATURE_START_STOP_DAEMON_FANCY=y
 CONFIG_FEATURE_START_STOP_DAEMON_LONG_OPTIONS=y
+CONFIG_FEATURE_START_STOP_DAEMON_FANCY=y
 CONFIG_WHICH=y

 #
@@ -471,12 +479,10 @@ CONFIG_FEATURE_KILL_REMOVED=y
 CONFIG_FEATURE_KILL_DELAY=0
 CONFIG_FEATURE_INIT_SCTTY=y
 CONFIG_FEATURE_INIT_SYSLOG=y
-CONFIG_FEATURE_EXTRA_QUIET=y
+CONFIG_FEATURE_INIT_QUIET=y
 # CONFIG_FEATURE_INIT_COREDUMPS is not set
 CONFIG_INIT_TERMINAL_TYPE="linux"
 CONFIG_FEATURE_INIT_MODIFY_CMDLINE=y
-CONFIG_MESG=y
-CONFIG_FEATURE_MESG_ENABLE_ONLY_GROUP=y

 #
 # Login/Password Management Utilities
@@ -515,6 +521,7 @@ CONFIG_FEATURE_PASSWD_WEAK_CHECK=y
 CONFIG_SU=y
 CONFIG_FEATURE_SU_SYSLOG=y
 CONFIG_FEATURE_SU_CHECKS_SHELLS=y
+# CONFIG_FEATURE_SU_BLANK_PW_NEEDS_SECURE_TTY is not set
 CONFIG_SULOGIN=y
 CONFIG_VLOCK=y

@@ -529,6 +536,7 @@ CONFIG_LSATTR=y
 #
 # Linux Module Utilities
 #
+# CONFIG_MODPROBE_SMALL is not set
 # CONFIG_DEPMOD is not set
 CONFIG_INSMOD=y
 CONFIG_LSMOD=y
@@ -536,22 +544,21 @@ CONFIG_FEATURE_LSMOD_PRETTY_2_6_OUTPUT=y
 # CONFIG_MODINFO is not set
 CONFIG_MODPROBE=y
 # CONFIG_FEATURE_MODPROBE_BLACKLIST is not set
-# CONFIG_MODPROBE_SMALL is not set
-# CONFIG_FEATURE_MODPROBE_SMALL_OPTIONS_ON_CMDLINE is not set
-# CONFIG_FEATURE_MODPROBE_SMALL_CHECK_ALREADY_LOADED is not set
 CONFIG_RMMOD=y

 #
 # Options common to multiple modutils
 #
+CONFIG_FEATURE_CMDLINE_MODULE_OPTIONS=y
+# CONFIG_FEATURE_MODPROBE_SMALL_CHECK_ALREADY_LOADED is not set
 # CONFIG_FEATURE_2_4_MODULES is not set
-# CONFIG_FEATURE_INSMOD_TRY_MMAP is not set
 # CONFIG_FEATURE_INSMOD_VERSION_CHECKING is not set
 # CONFIG_FEATURE_INSMOD_KSYMOOPS_SYMBOLS is not set
 # CONFIG_FEATURE_INSMOD_LOADINKMEM is not set
 # CONFIG_FEATURE_INSMOD_LOAD_MAP is not set
 # CONFIG_FEATURE_INSMOD_LOAD_MAP_FULL is not set
 CONFIG_FEATURE_CHECK_TAINTED_MODULE=y
+# CONFIG_FEATURE_INSMOD_TRY_MMAP is not set
 CONFIG_FEATURE_MODUTILS_ALIAS=y
 CONFIG_FEATURE_MODUTILS_SYMBOLS=y
 CONFIG_DEFAULT_MODULES_DIR="/lib/modules"
@@ -566,8 +573,13 @@ CONFIG_DEFAULT_DEPMOD_FILE="modules.dep"
 CONFIG_BLKID=y
 # CONFIG_FEATURE_BLKID_TYPE is not set
 # CONFIG_BLOCKDEV is not set
+# CONFIG_CAL is not set
+CONFIG_CHRT=y
 CONFIG_DMESG=y
 CONFIG_FEATURE_DMESG_PRETTY=y
+CONFIG_EJECT=y
+# CONFIG_FEATURE_EJECT_SCSI is not set
+CONFIG_FALLOCATE=y
 # CONFIG_FATATTR is not set
 CONFIG_FBSET=y
 CONFIG_FEATURE_FBSET_FANCY=y
@@ -587,17 +599,22 @@ CONFIG_FLOCK=y
 CONFIG_FDFLUSH=y
 CONFIG_FREERAMDISK=y
 # CONFIG_FSCK_MINIX is not set
+CONFIG_FSFREEZE=y
 CONFIG_FSTRIM=y
 CONFIG_GETOPT=y
 CONFIG_FEATURE_GETOPT_LONG=y
 CONFIG_HEXDUMP=y
 # CONFIG_FEATURE_HEXDUMP_REVERSE is not set
 # CONFIG_HD is not set
+CONFIG_XXD=y
 CONFIG_HWCLOCK=y
 CONFIG_FEATURE_HWCLOCK_LONG_OPTIONS=y
 CONFIG_FEATURE_HWCLOCK_ADJTIME_FHS=y
+# CONFIG_IONICE is not set
 CONFIG_IPCRM=y
 CONFIG_IPCS=y
+CONFIG_LAST=y
+# CONFIG_FEATURE_LAST_FANCY is not set
 CONFIG_LOSETUP=y
 CONFIG_LSPCI=y
 CONFIG_LSUSB=y
@@ -607,6 +624,8 @@ CONFIG_FEATURE_MDEV_RENAME=y
 # CONFIG_FEATURE_MDEV_RENAME_REGEXP is not set
 CONFIG_FEATURE_MDEV_EXEC=y
 # CONFIG_FEATURE_MDEV_LOAD_FIRMWARE is not set
+CONFIG_MESG=y
+CONFIG_FEATURE_MESG_ENABLE_ONLY_GROUP=y
 CONFIG_MKE2FS=y
 # CONFIG_MKFS_EXT2 is not set
 # CONFIG_MKFS_MINIX is not set
@@ -627,12 +646,14 @@ CONFIG_FEATURE_MOUNT_CIFS=y
 CONFIG_FEATURE_MOUNT_FLAGS=y
 CONFIG_FEATURE_MOUNT_FSTAB=y
 CONFIG_FEATURE_MOUNT_OTHERTAB=y
+CONFIG_MOUNTPOINT=y
 # CONFIG_NSENTER is not set
 # CONFIG_FEATURE_NSENTER_LONG_OPTS is not set
 CONFIG_PIVOT_ROOT=y
 CONFIG_RDATE=y
 # CONFIG_RDEV is not set
 CONFIG_READPROFILE=y
+CONFIG_RENICE=y
 # CONFIG_REV is not set
 # CONFIG_RTCWAKE is not set
 # CONFIG_SCRIPT is not set
@@ -640,15 +661,20 @@ CONFIG_READPROFILE=y
 CONFIG_SETARCH=y
 CONFIG_LINUX32=y
 CONFIG_LINUX64=y
+CONFIG_SETPRIV=y
+CONFIG_SETSID=y
 CONFIG_SWAPON=y
 # CONFIG_FEATURE_SWAPON_DISCARD is not set
 # CONFIG_FEATURE_SWAPON_PRI is not set
 CONFIG_SWAPOFF=y
 CONFIG_SWITCH_ROOT=y
+# CONFIG_TASKSET is not set
+# CONFIG_FEATURE_TASKSET_FANCY is not set
 CONFIG_UEVENT=y
 CONFIG_UMOUNT=y
 CONFIG_FEATURE_UMOUNT_ALL=y
 # CONFIG_UNSHARE is not set
+# CONFIG_WALL is not set

 #
 # Common options for mount/umount
@@ -702,7 +728,6 @@ CONFIG_FEATURE_BEEP_LENGTH_MS=0
 # CONFIG_FEATURE_CHAT_SEND_ESCAPES is not set
 # CONFIG_FEATURE_CHAT_VAR_ABORT_LEN is not set
 # CONFIG_FEATURE_CHAT_CLR_ABORT is not set
-CONFIG_CHRT=y
 # CONFIG_CONSPY is not set
 CONFIG_CROND=y
 # CONFIG_FEATURE_CROND_D is not set
@@ -717,8 +742,6 @@ CONFIG_DC=y
 # CONFIG_DEVFSD_VERBOSE is not set
 # CONFIG_FEATURE_DEVFS is not set
 CONFIG_DEVMEM=y
-CONFIG_EJECT=y
-# CONFIG_FEATURE_EJECT_SCSI is not set
 # CONFIG_FBSPLASH is not set
 # CONFIG_FLASHCP is not set
 # CONFIG_FLASH_ERASEALL is not set
@@ -736,9 +759,6 @@ CONFIG_I2CSET=y
 CONFIG_I2CDUMP=y
 CONFIG_I2CDETECT=y
 # CONFIG_INOTIFYD is not set
-# CONFIG_IONICE is not set
-CONFIG_LAST=y
-# CONFIG_FEATURE_LAST_FANCY is not set
 CONFIG_LESS=y
 CONFIG_FEATURE_LESS_MAXLINES=9999999
 CONFIG_FEATURE_LESS_BRACKETS=y
@@ -750,27 +770,24 @@ CONFIG_FEATURE_LESS_REGEXP=y
 # CONFIG_FEATURE_LESS_ASK_TERMINAL is not set
 # CONFIG_FEATURE_LESS_DASHCMD is not set
 # CONFIG_FEATURE_LESS_LINENUMS is not set
+CONFIG_LSSCSI=y
 CONFIG_MAKEDEVS=y
 # CONFIG_FEATURE_MAKEDEVS_LEAF is not set
 CONFIG_FEATURE_MAKEDEVS_TABLE=y
 # CONFIG_MAN is not set
 CONFIG_MICROCOM=y
-CONFIG_MOUNTPOINT=y
 CONFIG_MT=y
 # CONFIG_NANDWRITE is not set
 # CONFIG_NANDDUMP is not set
+CONFIG_PARTPROBE=y
 # CONFIG_RAIDAUTORUN is not set
 # CONFIG_READAHEAD is not set
 # CONFIG_RFKILL is not set
 CONFIG_RUNLEVEL=y
 # CONFIG_RX is not set
 CONFIG_SETSERIAL=y
-CONFIG_SETSID=y
 CONFIG_STRINGS=y
-# CONFIG_TASKSET is not set
-# CONFIG_FEATURE_TASKSET_FANCY is not set
 CONFIG_TIME=y
-# CONFIG_TIMEOUT is not set
 # CONFIG_TTYSIZE is not set
 CONFIG_UBIRENAME=y
 # CONFIG_UBIATTACH is not set
@@ -780,7 +797,6 @@ CONFIG_UBIRENAME=y
 # CONFIG_UBIRSVOL is not set
 # CONFIG_UBIUPDATEVOL is not set
 # CONFIG_VOLNAME is not set
-# CONFIG_WALL is not set
 CONFIG_WATCHDOG=y

 #
@@ -830,8 +846,6 @@ CONFIG_IFUP=y
 CONFIG_IFDOWN=y
 CONFIG_IFUPDOWN_IFSTATE_PATH="/var/run/ifstate"
 CONFIG_FEATURE_IFUPDOWN_IP=y
-# CONFIG_FEATURE_IFUPDOWN_IP_BUILTIN is not set
-# CONFIG_FEATURE_IFUPDOWN_IFCONFIG_BUILTIN is not set
 CONFIG_FEATURE_IFUPDOWN_IPV4=y
 CONFIG_FEATURE_IFUPDOWN_IPV6=y
 CONFIG_FEATURE_IFUPDOWN_MAPPING=y
@@ -844,6 +858,12 @@ CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_DAYTIME=y
 CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_CHARGEN=y
 # CONFIG_FEATURE_INETD_RPC is not set
 CONFIG_IP=y
+CONFIG_IPADDR=y
+CONFIG_IPLINK=y
+CONFIG_IPROUTE=y
+CONFIG_IPTUNNEL=y
+CONFIG_IPRULE=y
+CONFIG_IPNEIGH=y
 CONFIG_FEATURE_IP_ADDRESS=y
 CONFIG_FEATURE_IP_LINK=y
 CONFIG_FEATURE_IP_ROUTE=y
@@ -851,17 +871,10 @@ CONFIG_FEATURE_IP_ROUTE_DIR="/etc/iproute2"
 CONFIG_FEATURE_IP_TUNNEL=y
 CONFIG_FEATURE_IP_RULE=y
 CONFIG_FEATURE_IP_NEIGH=y
-CONFIG_FEATURE_IP_SHORT_FORMS=y
 # CONFIG_FEATURE_IP_RARE_PROTOCOLS is not set
-CONFIG_IPADDR=y
-CONFIG_IPLINK=y
-CONFIG_IPROUTE=y
-CONFIG_IPTUNNEL=y
-CONFIG_IPRULE=y
-CONFIG_IPNEIGH=y
 # CONFIG_IPCALC is not set
-# CONFIG_FEATURE_IPCALC_FANCY is not set
 # CONFIG_FEATURE_IPCALC_LONG_OPTIONS is not set
+# CONFIG_FEATURE_IPCALC_FANCY is not set
 # CONFIG_FAKEIDENTD is not set
 CONFIG_NAMEIF=y
 # CONFIG_FEATURE_NAMEIF_EXTENDED is not set
@@ -883,11 +896,13 @@ CONFIG_FEATURE_FANCY_PING=y
 # CONFIG_PSCAN is not set
 CONFIG_ROUTE=y
 # CONFIG_SLATTACH is not set
+# CONFIG_SSL_CLIENT is not set
 # CONFIG_TCPSVD is not set
 # CONFIG_UDPSVD is not set
 CONFIG_TELNET=y
 CONFIG_FEATURE_TELNET_TTYPE=y
 CONFIG_FEATURE_TELNET_AUTOLOGIN=y
+CONFIG_FEATURE_TELNET_WIDTH=y
 # CONFIG_TELNETD is not set
 # CONFIG_FEATURE_TELNETD_STANDALONE is not set
 # CONFIG_FEATURE_TELNETD_INETD_WAIT is not set
@@ -902,6 +917,7 @@ CONFIG_FEATURE_TFTP_PUT=y
 CONFIG_FEATURE_TFTP_BLOCKSIZE=y
 # CONFIG_FEATURE_TFTP_PROGRESS_BAR is not set
 # CONFIG_TFTP_DEBUG is not set
+# CONFIG_TLS is not set
 CONFIG_TRACEROUTE=y
 # CONFIG_TRACEROUTE6 is not set
 # CONFIG_FEATURE_TRACEROUTE_VERBOSE is not set
@@ -910,29 +926,32 @@ CONFIG_TRACEROUTE=y
 # CONFIG_FEATURE_TUNCTL_UG is not set
 CONFIG_VCONFIG=y
 CONFIG_WGET=y
+CONFIG_FEATURE_WGET_LONG_OPTIONS=y
 CONFIG_FEATURE_WGET_STATUSBAR=y
 CONFIG_FEATURE_WGET_AUTHENTICATION=y
-CONFIG_FEATURE_WGET_LONG_OPTIONS=y
 CONFIG_FEATURE_WGET_TIMEOUT=y
+# CONFIG_FEATURE_WGET_HTTPS is not set
 # CONFIG_FEATURE_WGET_OPENSSL is not set
-# CONFIG_FEATURE_WGET_SSL_HELPER is not set
 # CONFIG_WHOIS is not set
 # CONFIG_ZCIP is not set
 # CONFIG_UDHCPC6 is not set
+# CONFIG_FEATURE_UDHCPC6_RFC3646 is not set
+# CONFIG_FEATURE_UDHCPC6_RFC4704 is not set
+# CONFIG_FEATURE_UDHCPC6_RFC4833 is not set
 # CONFIG_UDHCPD is not set
-# CONFIG_DHCPRELAY is not set
-# CONFIG_DUMPLEASES is not set
 # CONFIG_FEATURE_UDHCPD_WRITE_LEASES_EARLY is not set
 # CONFIG_FEATURE_UDHCPD_BASE_IP_ON_MAC is not set
 CONFIG_DHCPD_LEASES_FILE=""
+# CONFIG_DUMPLEASES is not set
+# CONFIG_DHCPRELAY is not set
 CONFIG_UDHCPC=y
 CONFIG_FEATURE_UDHCPC_ARPING=y
 CONFIG_FEATURE_UDHCPC_SANITIZEOPT=y
+CONFIG_UDHCPC_DEFAULT_SCRIPT="/usr/share/udhcpc/default.script"
 # CONFIG_FEATURE_UDHCP_PORT is not set
 CONFIG_UDHCP_DEBUG=0
 # CONFIG_FEATURE_UDHCP_RFC3397 is not set
 CONFIG_FEATURE_UDHCP_8021Q=y
-CONFIG_UDHCPC_DEFAULT_SCRIPT="/usr/share/udhcpc/default.script"
 CONFIG_UDHCPC_SLACK_FOR_BUGGY_SERVERS=80
 CONFIG_IFUPDOWN_UDHCPC_CMD_OPTIONS="-R -n"

@@ -973,18 +992,19 @@ CONFIG_FEATURE_PIDOF_SINGLE=y
 CONFIG_FEATURE_PIDOF_OMIT=y
 # CONFIG_PMAP is not set
 # CONFIG_POWERTOP is not set
+# CONFIG_FEATURE_POWERTOP_INTERACTIVE is not set
 CONFIG_PS=y
 # CONFIG_FEATURE_PS_WIDE is not set
 # CONFIG_FEATURE_PS_LONG is not set
 # CONFIG_FEATURE_PS_TIME is not set
-# CONFIG_FEATURE_PS_ADDITIONAL_COLUMNS is not set
 # CONFIG_FEATURE_PS_UNUSUAL_SYSTEMS is not set
+# CONFIG_FEATURE_PS_ADDITIONAL_COLUMNS is not set
 # CONFIG_PSTREE is not set
 # CONFIG_PWDX is not set
-CONFIG_RENICE=y
 # CONFIG_SMEMCAP is not set
 CONFIG_BB_SYSCTL=y
 CONFIG_TOP=y
+CONFIG_FEATURE_TOP_INTERACTIVE=y
 CONFIG_FEATURE_TOP_CPU_USAGE_PERCENTAGE=y
 CONFIG_FEATURE_TOP_CPU_GLOBAL_PERCENTS=y
 # CONFIG_FEATURE_TOP_SMP_CPU is not set
@@ -1030,27 +1050,32 @@ CONFIG_SVC=y
 #
 # Shells
 #
+CONFIG_SH_IS_ASH=y
+# CONFIG_SH_IS_HUSH is not set
+# CONFIG_SH_IS_NONE is not set
+# CONFIG_BASH_IS_ASH is not set
+# CONFIG_BASH_IS_HUSH is not set
+CONFIG_BASH_IS_NONE=y
 CONFIG_ASH=y
 CONFIG_ASH_OPTIMIZE_FOR_SIZE=y
 CONFIG_ASH_INTERNAL_GLOB=y
-CONFIG_ASH_RANDOM_SUPPORT=y
-CONFIG_ASH_EXPAND_PRMT=y
 CONFIG_ASH_BASH_COMPAT=y
-CONFIG_ASH_IDLE_TIMEOUT=y
 CONFIG_ASH_JOB_CONTROL=y
 CONFIG_ASH_ALIAS=y
-CONFIG_ASH_GETOPTS=y
-CONFIG_ASH_BUILTIN_ECHO=y
-CONFIG_ASH_BUILTIN_PRINTF=y
-CONFIG_ASH_BUILTIN_TEST=y
-CONFIG_ASH_HELP=y
-CONFIG_ASH_CMDCMD=y
+CONFIG_ASH_RANDOM_SUPPORT=y
+CONFIG_ASH_EXPAND_PRMT=y
+CONFIG_ASH_IDLE_TIMEOUT=y
 # CONFIG_ASH_MAIL is not set
+CONFIG_ASH_ECHO=y
+CONFIG_ASH_PRINTF=y
+CONFIG_ASH_TEST=y
+CONFIG_ASH_HELP=y
+CONFIG_ASH_GETOPTS=y
+CONFIG_ASH_CMDCMD=y
 # CONFIG_CTTYHACK is not set
 # CONFIG_HUSH is not set
 # CONFIG_HUSH_BASH_COMPAT is not set
 # CONFIG_HUSH_BRACE_EXPANSION is not set
-# CONFIG_HUSH_HELP is not set
 # CONFIG_HUSH_INTERACTIVE is not set
 # CONFIG_HUSH_SAVEHISTORY is not set
 # CONFIG_HUSH_JOB is not set
@@ -1061,17 +1086,30 @@ CONFIG_ASH_CMDCMD=y
 # CONFIG_HUSH_FUNCTIONS is not set
 # CONFIG_HUSH_LOCAL is not set
 # CONFIG_HUSH_RANDOM_SUPPORT is not set
-# CONFIG_HUSH_EXPORT_N is not set
 # CONFIG_HUSH_MODE_X is not set
+# CONFIG_HUSH_ECHO is not set
+# CONFIG_HUSH_PRINTF is not set
+# CONFIG_HUSH_TEST is not set
+# CONFIG_HUSH_HELP is not set
+# CONFIG_HUSH_EXPORT is not set
+# CONFIG_HUSH_EXPORT_N is not set
+# CONFIG_HUSH_KILL is not set
+# CONFIG_HUSH_WAIT is not set
+# CONFIG_HUSH_TRAP is not set
+# CONFIG_HUSH_TYPE is not set
+# CONFIG_HUSH_READ is not set
+# CONFIG_HUSH_SET is not set
+# CONFIG_HUSH_UNSET is not set
+# CONFIG_HUSH_ULIMIT is not set
+# CONFIG_HUSH_UMASK is not set
+# CONFIG_HUSH_MEMLEAK is not set
 # CONFIG_MSH is not set
-CONFIG_FEATURE_SH_IS_ASH=y
-# CONFIG_FEATURE_SH_IS_HUSH is not set
-# CONFIG_FEATURE_SH_IS_NONE is not set
-# CONFIG_FEATURE_BASH_IS_ASH is not set
-# CONFIG_FEATURE_BASH_IS_HUSH is not set
-CONFIG_FEATURE_BASH_IS_NONE=y
-CONFIG_SH_MATH_SUPPORT=y
-# CONFIG_SH_MATH_SUPPORT_64 is not set
+
+#
+# Options common to all shells
+#
+CONFIG_FEATURE_SH_MATH=y
+CONFIG_FEATURE_SH_MATH_64=y
 CONFIG_FEATURE_SH_EXTRA_QUIET=y
 # CONFIG_FEATURE_SH_STANDALONE is not set
 # CONFIG_FEATURE_SH_NOFORK is not set
--- a/package/busybox/busybox.hash
+++ b/package/busybox/busybox.hash
@@ -1,3 +1,3 @@
-# From https://busybox.net/downloads/busybox-1.26.2.tar.bz2.sign
-md5	bb59d25ee2643db20f212eec539429f1	busybox-1.26.2.tar.bz2
-sha1	0b3e3cd49d6d9e30f66e364bf842663348b23dc9	busybox-1.26.2.tar.bz2
+# From https://busybox.net/downloads/busybox-1.27.2.tar.bz2.sign
+md5	476186f4bab81781dab2369bfd42734e	busybox-1.27.2.tar.bz2
+sha1	11669e223cc38de646ce26080e91ca29b8d42ad9	busybox-1.27.2.tar.bz2
--- a/package/busybox/busybox.mk
+++ b/package/busybox/busybox.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################

-BUSYBOX_VERSION = 1.26.2
+BUSYBOX_VERSION = 1.27.2
 BUSYBOX_SITE = http://www.busybox.net/downloads
 BUSYBOX_SOURCE = busybox-$(BUSYBOX_VERSION).tar.bz2
 BUSYBOX_LICENSE = GPLv2
@@ -175,7 +175,7 @@ define BUSYBOX_INSTALL_LOGGING_SCRIPT
 	if grep -q CONFIG_SYSLOGD=y $(@D)/.config; then \
 		$(INSTALL) -m 0755 -D package/busybox/S01logging \
 			$(TARGET_DIR)/etc/init.d/S01logging; \
-	else rm -f $(TARGET_DIR)/etc/init.d/S01logging; fi
+	fi
 endef

 ifeq ($(BR2_INIT_BUSYBOX),y)
--- a/package/ccache/ccache.hash
+++ b/package/ccache/ccache.hash
@@ -1,2 +1,3 @@
-# Verified key https://samba.org/ftp/ccache/ccache-3.3.3.tar.xz.asc - sha256 computed locally
-sha256  3b02a745da1cfa9eb438af7147e0fd3545e2f6163de9e5b07da86f58859f04ec  ccache-3.3.3.tar.xz
+# Verified key https://samba.org/ftp/ccache/ccache-3.3.4.tar.xz.asc - sha256 computed locally
+sha256  24f15bf389e38c41548c9c259532187774ec0cb9686c3497bbb75504c8dc404f  ccache-3.3.4.tar.xz
+sha256  190576a6e938760ec8113523e6fd380141117303e90766cc4802e770422b30c6  ccache-3.3.5.tar.xz
--- a/package/ccache/ccache.mk
+++ b/package/ccache/ccache.mk
@@ -4,8 +4,8 @@
 #
 ################################################################################

-CCACHE_VERSION = 3.3.3
-CCACHE_SITE = https://samba.org/ftp/ccache
+CCACHE_VERSION = 3.3.5
+CCACHE_SITE = https://www.samba.org/ftp/ccache
 CCACHE_SOURCE = ccache-$(CCACHE_VERSION).tar.xz
 CCACHE_LICENSE = GPLv3+, others
 CCACHE_LICENSE_FILES = LICENSE.txt GPL-3.0.txt
--- a/package/clamav/0002-backtrace-uClibc.patch
+++ b/package/clamav/0002-backtrace-uClibc.patch
--- a/package/clamav/Config.in
+++ b/package/clamav/Config.in
@@ -1,6 +1,7 @@
 config BR2_PACKAGE_CLAMAV
 	bool "clamav"
 	select BR2_PACKAGE_GETTEXT if BR2_NEEDS_GETTEXT_IF_LOCALE
+	select BR2_PACKAGE_LIBTOOL
 	select BR2_PACKAGE_OPENSSL
 	select BR2_PACKAGE_ZLIB
 	depends on BR2_TOOLCHAIN_HAS_THREADS
--- a/package/clamav/clamav.hash
+++ b/package/clamav/clamav.hash
@@ -1,2 +1,14 @@
 # Locally calculated
-sha256	167bd6a13e05ece326b968fdb539b05c2ffcfef6018a274a10aeda85c2c0027a	clamav-0.99.2.tar.gz
+sha256 d72ac3273bde8d2e5e28ec9978373ee3ab4529fd868bc3fc4d2d2671228f2461  clamav-0.99.4.tar.gz
+sha256 0c4fd2fa9733fc9122503797648710851e4ee6d9e4969dd33fcbd8c63cd2f584  COPYING
+sha256 d72a145c90918184a05ef65a04c9e6f7466faa59bc1b82c8f6a8ddc7ddcb9bed  COPYING.bzip2
+sha256 dfb818a0d41411c6fb1c193c68b73018ceadd1994bda41ad541cbff292894bc6  COPYING.file
+sha256 6dce638b76399e7521ad8e182d3e33e4496c85b3b69b6ff434b53017101e82ad  COPYING.getopt
+sha256 a9bdde5616ecdd1e980b44f360600ee8783b1f99b8cc83a2beb163a0a390e861  COPYING.LGPL
+sha256 e3a9b913515a42f8ff3ef1551c3a2cdba383c39ed959729e0e2911219496ad74  COPYING.llvm
+sha256 d96d71b66aa32c4a2d1619b9ca3347dafa9460bcf0fb5ac2408916067ad31dfc  COPYING.lzma
+sha256 accdcf2455c07b99abea59016b3663eaef926a92092d103bfaa25fed27cf6b24  COPYING.pcre
+sha256 e2c1395a3d9fea6d5d25847c9d783db6e2cc8b085b4025861f459139c5dfd90b  COPYING.regex
+sha256 1faccc6b5c7b958fb807a3f573d5be9bf7889fe898f7e0617c544b05a81bfd00  COPYING.unrar
+sha256 a20d6317c5384e8d4c05f9c31097878675d9429ec46090656166039cc10bc957  COPYING.YARA
+sha256 c2f77553f8d870c5635b0dace0519253233f172b33ce1fdf6578610706294eee  COPYING.zlib
--- a/package/clamav/clamav.mk
+++ b/package/clamav/clamav.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################

-CLAMAV_VERSION = 0.99.2
+CLAMAV_VERSION = 0.99.4
 CLAMAV_SITE = https://www.clamav.net/downloads/production
 CLAMAV_LICENSE = GPLv2
 CLAMAV_LICENSE_FILES = COPYING COPYING.bzip2 COPYING.file COPYING.getopt \
@@ -12,6 +12,7 @@ CLAMAV_LICENSE_FILES = COPYING COPYING.bzip2 COPYING.file COPYING.getopt \
 	COPYING.unrar COPYING.zlib
 CLAMAV_DEPENDENCIES = \
 	host-pkgconf \
+	libtool \
 	openssl \
 	zlib \
 	$(if $(BR2_NEEDS_GETTEXT_IF_LOCALE),gettext)
@@ -24,6 +25,8 @@ CLAMAV_CONF_ENV = \
 # UCLIBC_HAS_FTS is disabled, therefore disable fanotify (missing fts.h)
 CLAMAV_CONF_OPTS = \
 	--with-dbdir=/var/lib/clamav \
+	--with-ltdl-include=$(STAGING_DIR)/usr/include \
+	--with-ltdl-lib=$(STAGING_DIR)/usr/lib \
 	--with-openssl=$(STAGING_DIR)/usr \
 	--with-zlib=$(STAGING_DIR)/usr \
 	--disable-zlib-vcheck \
@@ -45,6 +48,13 @@ else
 CLAMAV_CONF_OPTS += --disable-bzip2
 endif

+ifeq ($(BR2_PACKAGE_JSON_C),y)
+CLAMAV_CONF_OPTS += --with-libjson=$(STAGING_DIR)/usr
+CLAMAV_DEPENDENCIES += json-c
+else
+CLAMAV_CONF_OPTS += --without-libjson
+endif
+
 ifeq ($(BR2_PACKAGE_LIBXML2),y)
 CLAMAV_CONF_OPTS += --with-xml=$(STAGING_DIR)/usr
 CLAMAV_DEPENDENCIES += libxml2
--- a/package/coreutils/coreutils.mk
+++ b/package/coreutils/coreutils.mk
@@ -56,8 +56,8 @@ COREUTILS_CONF_ENV = ac_cv_c_restrict=no \
 	INSTALL_PROGRAM=$(INSTALL)

 COREUTILS_BIN_PROGS = cat chgrp chmod chown cp date dd df dir echo false \
-	ln ls mkdir mknod mv pwd rm rmdir vdir sleep stty sync touch true \
-	uname join
+	kill link ln ls mkdir mknod mktemp mv nice printenv pwd rm rmdir \
+	vdir sleep stty sync touch true uname join

 # If both coreutils and busybox are selected, make certain coreutils
 # wins the fight over who gets to have their utils actually installed.
--- a/package/dhcp/0001-bind-cross-compile.patch
+++ b/package/dhcp/0001-bind-cross-compile.patch
--- a/package/dhcp/0002-v4_3-Plugs-a-socket-descriptor-leak-in-OMAPI.patch
+++ b/package/dhcp/0002-v4_3-Plugs-a-socket-descriptor-leak-in-OMAPI.patch
@@ -0,0 +1,51 @@
+From 5097bc0559f592683faac1f67bf350e1bddf6ed4 Mon Sep 17 00:00:00 2001
+From: Thomas Markwalder <tmark@isc.org>
+Date: Thu, 7 Dec 2017 11:39:30 -0500
+Subject: [PATCH] [v4_3] Plugs a socket descriptor leak in OMAPI
+
+        Merges in rt46767.
+
+[baruch: drop RELNOTES hunk]
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Patch status: upstream commit 5097bc0559f
+
+ omapip/buffer.c  | 9 +++++++++
+ omapip/message.c | 2 +-
+
+diff --git a/omapip/buffer.c b/omapip/buffer.c
+index f7fdc3250e82..809034d1317b 100644
+--- a/omapip/buffer.c
+++ b/omapip/buffer.c
+@@ -566,6 +566,15 @@ isc_result_t omapi_connection_writer (omapi_object_t *h)
+ 			omapi_buffer_dereference (&buffer, MDL);
+ 		}
+ 	}
+
+	/* If we had data left to write when we're told to disconnect,
+	* we need recall disconnect, now that we're done writing.
+	* See rt46767. */
+	if (c->out_bytes == 0 && c->state == omapi_connection_disconnecting) {
+		omapi_disconnect (h, 1);
+		return ISC_R_SHUTTINGDOWN;
+	}
+
+ 	return ISC_R_SUCCESS;
+ }
+ 
+diff --git a/omapip/message.c b/omapip/message.c
+index 59ccdc2c05cf..21bcfc3822e7 100644
+--- a/omapip/message.c
+++ b/omapip/message.c
+@@ -339,7 +339,7 @@ isc_result_t omapi_message_unregister (omapi_object_t *mo)
+ }
+ 
+ #ifdef DEBUG_PROTOCOL
+-static const char *omapi_message_op_name(int op) {
+const char *omapi_message_op_name(int op) {
+ 	switch (op) {
+ 	case OMAPI_OP_OPEN:    return "OMAPI_OP_OPEN";
+ 	case OMAPI_OP_REFRESH: return "OMAPI_OP_REFRESH";
+-- 
+2.15.1
+
--- a/package/dhcp/0003-Correct-buffer-overrun-in-pretty_print_option.patch
+++ b/package/dhcp/0003-Correct-buffer-overrun-in-pretty_print_option.patch
@@ -0,0 +1,59 @@
+From b8c29336bd5401a5f962bc6ddfa4ebb6f0274f3c Mon Sep 17 00:00:00 2001
+From: Thomas Markwalder <tmark@isc.org>
+Date: Sat, 10 Feb 2018 12:15:27 -0500
+Subject: [PATCH 1/2] Correct buffer overrun in pretty_print_option
+
+    Merges in rt47139.
+
+[baruch: drop RELNOTES and test; address CVE-2018-5732]
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Upstream status: backported from commit c5931725b48
+---
+ common/options.c | 15 ++++++++++++---
+ 1 file changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/common/options.c b/common/options.c
+index 5547287fb6e5..2ed6b16c6412 100644
+--- a/common/options.c
+++ b/common/options.c
+@@ -1758,7 +1758,8 @@ format_min_length(format, oc)
+ 
+ 
+ /* Format the specified option so that a human can easily read it. */
+-
+/* Maximum pretty printed size */
+#define MAX_OUTPUT_SIZE 32*1024
+ const char *pretty_print_option (option, data, len, emit_commas, emit_quotes)
+ 	struct option *option;
+ 	const unsigned char *data;
+@@ -1766,8 +1767,9 @@ const char *pretty_print_option (option, data, len, emit_commas, emit_quotes)
+ 	int emit_commas;
+ 	int emit_quotes;
+ {
+-	static char optbuf [32768]; /* XXX */
+-	static char *endbuf = &optbuf[sizeof(optbuf)];
+	/* We add 128 byte pad so we don't have to add checks everywhere. */
+	static char optbuf [MAX_OUTPUT_SIZE + 128]; /* XXX */
+	static char *endbuf = optbuf + MAX_OUTPUT_SIZE;
+ 	int hunksize = 0;
+ 	int opthunk = 0;
+ 	int hunkinc = 0;
+@@ -2193,7 +2195,14 @@ const char *pretty_print_option (option, data, len, emit_commas, emit_quotes)
+ 				log_error ("Unexpected format code %c",
+ 					   fmtbuf [j]);
+ 			}
+
+ 			op += strlen (op);
+			if (op >= endbuf) {
+				log_error ("Option data exceeds"
+					   " maximum size %d", MAX_OUTPUT_SIZE);
+					   return ("<error>");
+			}
+
+ 			if (dp == data + len)
+ 				break;
+ 			if (j + 1 < numelem && comma != ':')
+-- 
+2.16.1
+
--- a/package/dhcp/0004-Corrected-refcnt-loss-in-option-parsing.patch
+++ b/package/dhcp/0004-Corrected-refcnt-loss-in-option-parsing.patch
@@ -0,0 +1,40 @@
+From 93b5b67dd31b9efcbfaabc2df1e1d9d164a5e04a Mon Sep 17 00:00:00 2001
+From: Thomas Markwalder <tmark@isc.org>
+Date: Fri, 9 Feb 2018 14:46:08 -0500
+Subject: [PATCH 2/2] Corrected refcnt loss in option parsing
+
+    Merges in 47140.
+
+[baruch: drop RELNOTES and tests; address CVE-2018-5733]
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Upstream status: backported from commit 197b26f25309
+---
+ common/options.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/common/options.c b/common/options.c
+index 2ed6b16c6412..25b29a6be7bb 100644
+--- a/common/options.c
+++ b/common/options.c
+@@ -3,7 +3,7 @@
+    DHCP options parsing and reassembly. */
+ 
+ /*
+- * Copyright (c) 2004-2017 by Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (c) 2004-2018 by Internet Systems Consortium, Inc. ("ISC")
+  * Copyright (c) 1995-2003 by Internet Software Consortium
+  *
+  * Permission to use, copy, modify, and distribute this software for any
+@@ -177,6 +177,8 @@ int parse_option_buffer (options, buffer, length, universe)
+ 
+ 		/* If the length is outrageous, the options are bad. */
+ 		if (offset + len > length) {
+			/* Avoid reference count overflow */
+			option_dereference(&option, MDL);
+ 			reason = "option length exceeds option buffer length";
+ 		      bogus:
+ 			log_error("parse_option_buffer: malformed option "
+-- 
+2.16.1
+
--- a/package/dhcp/dhcp.hash
+++ b/package/dhcp/dhcp.hash
@@ -1,2 +1,4 @@
-# Verified from https://ftp.isc.org/isc/dhcp/4.3.5/dhcp-4.3.5.tar.gz.sha256.asc
-sha256 eb95936bf15d2393c55dd505bc527d1d4408289cec5a9fa8abb99f7577e7f954  dhcp-4.3.5.tar.gz
+# Verified from https://ftp.isc.org/isc/dhcp/4.3.6/dhcp-4.3.6.tar.gz.sha256.asc
+sha256 a41eaf6364f1377fe065d35671d9cf82bbbc8f21207819b2b9f33f652aec6f1b  dhcp-4.3.6.tar.gz
+# Locally calculated
+sha256 dd7ae2201c0c11c3c1e2510d731c67b2f4bc8ba735707d7348ddd65f7b598562  LICENSE
--- a/package/dhcp/dhcp.mk
+++ b/package/dhcp/dhcp.mk
@@ -4,14 +4,16 @@
 #
 ################################################################################

-DHCP_VERSION = 4.3.5
+DHCP_VERSION = 4.3.6
 DHCP_SITE = http://ftp.isc.org/isc/dhcp/$(DHCP_VERSION)
 DHCP_INSTALL_STAGING = YES
 DHCP_LICENSE = ISC
 DHCP_LICENSE_FILES = LICENSE
 DHCP_CONF_ENV = \
 	CPPFLAGS='-D_PATH_DHCPD_CONF=\"/etc/dhcp/dhcpd.conf\" \
-		-D_PATH_DHCLIENT_CONF=\"/etc/dhcp/dhclient.conf\"'
+		-D_PATH_DHCLIENT_CONF=\"/etc/dhcp/dhclient.conf\"' \
+	CFLAGS='$(TARGET_CFLAGS) -DISC_CHECK_NONE=1'
+
 DHCP_CONF_OPTS = \
 	--with-randomdev=/dev/random \
 	--with-srv-lease-file=/var/lib/dhcp/dhcpd.leases \
--- a/package/dnsmasq/0001-DNSSEC-fix-for-wildcard-NSEC-records.-CVE-2017-15107.patch
+++ b/package/dnsmasq/0001-DNSSEC-fix-for-wildcard-NSEC-records.-CVE-2017-15107.patch
@@ -0,0 +1,212 @@
+From 4fe6744a220eddd3f1749b40cac3dfc510787de6 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Fri, 19 Jan 2018 12:26:08 +0000
+Subject: [PATCH] DNSSEC fix for wildcard NSEC records. CVE-2017-15107 applies.
+
+It's OK for NSEC records to be expanded from wildcards,
+but in that case, the proof of non-existence is only valid
+starting at the wildcard name, *.<domain> NOT the name expanded
+from the wildcard. Without this check it's possible for an
+attacker to craft an NSEC which wrongly proves non-existence
+in a domain which includes a wildcard for NSEC.
+
+[baruch: drop the CHANGELOG hunk]
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Upstream status: upstream commit 4fe6744a220e
+
+ CHANGELOG    |  12 +++++-
+ src/dnssec.c | 117 ++++++++++++++++++++++++++++++++++++++++++++++++++++-------
+ 2 files changed, 114 insertions(+), 15 deletions(-)
+
+diff --git a/src/dnssec.c b/src/dnssec.c
+index eb6c11cbe00f..a54a0b4f14cf 100644
+--- a/src/dnssec.c
+++ b/src/dnssec.c
+@@ -103,15 +103,17 @@ static void from_wire(char *name)
+ static int count_labels(char *name)
+ {
+   int i;
+-
+  char *p;
+  
+   if (*name == 0)
+     return 0;
+ 
+-  for (i = 0; *name; name++)
+-    if (*name == '.')
+  for (p = name, i = 0; *p; p++)
+    if (*p == '.')
+       i++;
+ 
+-  return i+1;
+  /* Don't count empty first label. */
+  return *name == '.' ? i : i+1;
+ }
+ 
+ /* Implement RFC1982 wrapped compare for 32-bit numbers */
+@@ -1094,8 +1096,8 @@ static int hostname_cmp(const char *a, const char *b)
+     }
+ }
+ 
+-static int prove_non_existence_nsec(struct dns_header *header, size_t plen, unsigned char **nsecs, int nsec_count,
+-				    char *workspace1, char *workspace2, char *name, int type, int *nons)
+static int prove_non_existence_nsec(struct dns_header *header, size_t plen, unsigned char **nsecs, unsigned char **labels, int nsec_count,
+				    char *workspace1_in, char *workspace2, char *name, int type, int *nons)
+ {
+   int i, rc, rdlen;
+   unsigned char *p, *psave;
+@@ -1108,6 +1110,9 @@ static int prove_non_existence_nsec(struct dns_header *header, size_t plen, unsi
+   /* Find NSEC record that proves name doesn't exist */
+   for (i = 0; i < nsec_count; i++)
+     {
+      char *workspace1 = workspace1_in;
+      int sig_labels, name_labels;
+
+       p = nsecs[i];
+       if (!extract_name(header, plen, &p, workspace1, 1, 10))
+ 	return 0;
+@@ -1116,7 +1121,27 @@ static int prove_non_existence_nsec(struct dns_header *header, size_t plen, unsi
+       psave = p;
+       if (!extract_name(header, plen, &p, workspace2, 1, 10))
+ 	return 0;
+-      
+
+      /* If NSEC comes from wildcard expansion, use original wildcard
+	 as name for computation. */
+      sig_labels = *labels[i];
+      name_labels = count_labels(workspace1);
+
+      if (sig_labels < name_labels)
+	{
+	  int k;
+	  for (k = name_labels - sig_labels; k != 0; k--)
+	    {
+	      while (*workspace1 != '.' && *workspace1 != 0)
+		workspace1++;
+	      if (k != 1 && *workspace1 == '.')
+		workspace1++;
+	    }
+	  
+	  workspace1--;
+	  *workspace1 = '*';
+	}
+	  
+       rc = hostname_cmp(workspace1, name);
+       
+       if (rc == 0)
+@@ -1514,24 +1539,26 @@ static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, uns
+ 
+ static int prove_non_existence(struct dns_header *header, size_t plen, char *keyname, char *name, int qtype, int qclass, char *wildname, int *nons)
+ {
+-  static unsigned char **nsecset = NULL;
+-  static int nsecset_sz = 0;
+  static unsigned char **nsecset = NULL, **rrsig_labels = NULL;
+  static int nsecset_sz = 0, rrsig_labels_sz = 0;
+   
+   int type_found = 0;
+-  unsigned char *p = skip_questions(header, plen);
+  unsigned char *auth_start, *p = skip_questions(header, plen);
+   int type, class, rdlen, i, nsecs_found;
+   
+   /* Move to NS section */
+   if (!p || !(p = skip_section(p, ntohs(header->ancount), header, plen)))
+     return 0;
+
+  auth_start = p;
+   
+   for (nsecs_found = 0, i = ntohs(header->nscount); i != 0; i--)
+     {
+       unsigned char *pstart = p;
+       
+-      if (!(p = skip_name(p, header, plen, 10)))
+      if (!extract_name(header, plen, &p, daemon->workspacename, 1, 10))
+ 	return 0;
+-      
+	  
+       GETSHORT(type, p); 
+       GETSHORT(class, p);
+       p += 4; /* TTL */
+@@ -1548,7 +1575,69 @@ static int prove_non_existence(struct dns_header *header, size_t plen, char *key
+ 	  if (!expand_workspace(&nsecset, &nsecset_sz, nsecs_found))
+ 	    return 0; 
+ 	  
+-	  nsecset[nsecs_found++] = pstart;
+	  if (type == T_NSEC)
+	    {
+	      /* If we're looking for NSECs, find the corresponding SIGs, to 
+		 extract the labels value, which we need in case the NSECs
+		 are the result of wildcard expansion.
+		 Note that the NSEC may not have been validated yet
+		 so if there are multiple SIGs, make sure the label value
+		 is the same in all, to avoid be duped by a rogue one.
+		 If there are no SIGs, that's an error */
+	      unsigned char *p1 = auth_start;
+	      int res, j, rdlen1, type1, class1;
+	      
+	      if (!expand_workspace(&rrsig_labels, &rrsig_labels_sz, nsecs_found))
+		return 0;
+	      
+	      rrsig_labels[nsecs_found] = NULL;
+	      
+	      for (j = ntohs(header->nscount); j != 0; j--)
+		{
+		  if (!(res = extract_name(header, plen, &p1, daemon->workspacename, 0, 10)))
+		    return 0;
+
+		   GETSHORT(type1, p1); 
+		   GETSHORT(class1, p1);
+		   p1 += 4; /* TTL */
+		   GETSHORT(rdlen1, p1);
+
+		   if (!CHECK_LEN(header, p1, plen, rdlen1))
+		     return 0;
+		   
+		   if (res == 1 && class1 == qclass && type1 == T_RRSIG)
+		     {
+		       int type_covered;
+		       unsigned char *psav = p1;
+		       
+		       if (rdlen < 18)
+			 return 0; /* bad packet */
+
+		       GETSHORT(type_covered, p1);
+
+		       if (type_covered == T_NSEC)
+			 {
+			   p1++; /* algo */
+			   
+			   /* labels field must be the same in every SIG we find. */
+			   if (!rrsig_labels[nsecs_found])
+			     rrsig_labels[nsecs_found] = p1;
+			   else if (*rrsig_labels[nsecs_found] != *p1) /* algo */
+			     return 0;
+			   }
+		       p1 = psav;
+		     }
+		   
+		   if (!ADD_RDLEN(header, p1, plen, rdlen1))
+		     return 0;
+		}
+
+	      /* Must have found at least one sig. */
+	      if (!rrsig_labels[nsecs_found])
+		return 0;
+	    }
+
+	  nsecset[nsecs_found++] = pstart;   
+ 	}
+       
+       if (!ADD_RDLEN(header, p, plen, rdlen))
+@@ -1556,7 +1645,7 @@ static int prove_non_existence(struct dns_header *header, size_t plen, char *key
+     }
+   
+   if (type_found == T_NSEC)
+-    return prove_non_existence_nsec(header, plen, nsecset, nsecs_found, daemon->workspacename, keyname, name, qtype, nons);
+    return prove_non_existence_nsec(header, plen, nsecset, rrsig_labels, nsecs_found, daemon->workspacename, keyname, name, qtype, nons);
+   else if (type_found == T_NSEC3)
+     return prove_non_existence_nsec3(header, plen, nsecset, nsecs_found, daemon->workspacename, keyname, name, qtype, wildname, nons);
+   else
+-- 
+2.15.1
+
--- a/package/dnsmasq/0002-Fix-DNSSEC-validation-errors-introduced-in-4fe6744a2.patch
+++ b/package/dnsmasq/0002-Fix-DNSSEC-validation-errors-introduced-in-4fe6744a2.patch
@@ -0,0 +1,29 @@
+From cd7df612b14ec1bf831a966ccaf076be0dae7404 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Sat, 20 Jan 2018 00:10:55 +0000
+Subject: [PATCH] Fix DNSSEC validation errors introduced in
+ 4fe6744a220eddd3f1749b40cac3dfc510787de6
+
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Upstream status: upstream commit cd7df612b14ec
+
+ src/dnssec.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/dnssec.c b/src/dnssec.c
+index a54a0b4f14cf..c47e33569f96 100644
+--- a/src/dnssec.c
+++ b/src/dnssec.c
+@@ -1610,7 +1610,7 @@ static int prove_non_existence(struct dns_header *header, size_t plen, char *key
+ 		       int type_covered;
+ 		       unsigned char *psav = p1;
+ 		       
+-		       if (rdlen < 18)
+		       if (rdlen1 < 18)
+ 			 return 0; /* bad packet */
+ 
+ 		       GETSHORT(type_covered, p1);
+-- 
+2.15.1
+
--- a/package/dnsmasq/Config.in
+++ b/package/dnsmasq/Config.in
@@ -4,7 +4,7 @@ config BR2_PACKAGE_DNSMASQ
 	  A lightweight DNS and DHCP server. It is intended to provide
 	  coupled DNS and DHCP service to a LAN.

-	  http://www.thekelleys.org.uk/dnsmasq/
+	  http://www.thekelleys.org.uk/dnsmasq/doc.html

 if BR2_PACKAGE_DNSMASQ

--- a/package/dnsmasq/dnsmasq.mk
+++ b/package/dnsmasq/dnsmasq.mk
@@ -40,32 +40,31 @@ endif

 ifeq ($(BR2_PACKAGE_DNSMASQ_CONNTRACK),y)
 DNSMASQ_DEPENDENCIES += libnetfilter_conntrack
-endif
-
-ifeq ($(BR2_PACKAGE_DNSMASQ_CONNTRACK),y)
-define DNSMASQ_ENABLE_CONNTRACK
-	$(SED) 's^.*#define HAVE_CONNTRACK.*^#define HAVE_CONNTRACK^' \
-		$(DNSMASQ_DIR)/src/config.h
-endef
+DNSMASQ_COPTS += -DHAVE_CONNTRACK
 endif

 ifeq ($(BR2_PACKAGE_DNSMASQ_LUA),y)
 DNSMASQ_DEPENDENCIES += lua
+DNSMASQ_COPTS += -DHAVE_LUASCRIPT

 # liblua uses dlopen when dynamically linked
 ifneq ($(BR2_STATIC_LIBS),y)
 DNSMASQ_MAKE_OPTS += LIBS+="-ldl"
 endif

-define DNSMASQ_ENABLE_LUA
+define DNSMASQ_TWEAK_LIBLUA
 	$(SED) 's/lua5.2/lua/g' $(DNSMASQ_DIR)/Makefile
-	$(SED) 's^.*#define HAVE_LUASCRIPT.*^#define HAVE_LUASCRIPT^' \
-		$(DNSMASQ_DIR)/src/config.h
 endef
 endif

 ifeq ($(BR2_PACKAGE_DBUS),y)
 DNSMASQ_DEPENDENCIES += dbus
+DNSMASQ_COPTS += -DHAVE_DBUS
+
+define DNSMASQ_INSTALL_DBUS
+	$(INSTALL) -m 0644 -D $(@D)/dbus/dnsmasq.conf \
+		$(TARGET_DIR)/etc/dbus-1/system.d/dnsmasq.conf
+endef
 endif

 define DNSMASQ_FIX_PKGCONFIG
@@ -73,33 +72,12 @@ define DNSMASQ_FIX_PKGCONFIG
 		$(DNSMASQ_DIR)/Makefile
 endef

-ifeq ($(BR2_PACKAGE_DBUS),y)
-define DNSMASQ_ENABLE_DBUS
-	$(SED) 's^.*#define HAVE_DBUS.*^#define HAVE_DBUS^' \
-		$(DNSMASQ_DIR)/src/config.h
-endef
-else
-define DNSMASQ_ENABLE_DBUS
-	$(SED) 's^.*#define HAVE_DBUS.*^/* #define HAVE_DBUS */^' \
-		$(DNSMASQ_DIR)/src/config.h
-endef
-endif
-
 define DNSMASQ_BUILD_CMDS
 	$(DNSMASQ_FIX_PKGCONFIG)
-	$(DNSMASQ_ENABLE_DBUS)
-	$(DNSMASQ_ENABLE_LUA)
-	$(DNSMASQ_ENABLE_CONNTRACK)
+	$(DNSMASQ_TWEAK_LIBLUA)
 	$(DNSMASQ_MAKE_ENV) $(MAKE) -C $(@D) $(DNSMASQ_MAKE_OPTS) all$(DNSMASQ_I18N)
 endef

-ifeq ($(BR2_PACKAGE_DBUS),y)
-define DNSMASQ_INSTALL_DBUS
-	$(INSTALL) -m 0644 -D $(@D)/dbus/dnsmasq.conf \
-		$(TARGET_DIR)/etc/dbus-1/system.d/dnsmasq.conf
-endef
-endif
-
 define DNSMASQ_INSTALL_TARGET_CMDS
 	$(DNSMASQ_MAKE_ENV) $(MAKE) -C $(@D) $(DNSMASQ_MAKE_OPTS) install$(DNSMASQ_I18N)
 	mkdir -p $(TARGET_DIR)/var/lib/misc/
--- a/package/dovecot/0001-byteorder.h-fix-uclibc-build.patch
+++ b/package/dovecot/0001-byteorder.h-fix-uclibc-build.patch
@@ -0,0 +1,32 @@
+From 902917880ca29f1007750a70cf46e7246b2d0a2a Mon Sep 17 00:00:00 2001
+From: Josef 'Jeff' Sipek <jeff.sipek@dovecot.fi>
+Date: Tue, 14 Nov 2017 06:01:21 +0100
+Subject: [PATCH] byteorder.h: fix uclibc build
+
+Patch suggested on upstream mailinglist:
+https://www.dovecot.org/pipermail/dovecot/2017-November/110019.html
+
+Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
+---
+ src/lib/byteorder.h | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/lib/byteorder.h b/src/lib/byteorder.h
+index 2f5dc7c17..4ffe8da21 100644
+--- a/src/lib/byteorder.h
+++ b/src/lib/byteorder.h
+@@ -23,6 +23,11 @@
+ #ifndef BYTEORDER_H
+ #define BYTEORDER_H
+ 
+#undef bswap_8
+#undef bswap_16
+#undef bswap_32
+#undef bswap_64
+
+ /*
+  * These prototypes exist to catch bugs in the code generating macros below.
+  */
+-- 
+2.11.0
+
--- a/package/dovecot/dovecot.hash
+++ b/package/dovecot/dovecot.hash
@@ -1,2 +1,5 @@
 # Locally computed after checking signature
-sha256 ccfa9ffb7eb91e9e87c21c108324b911250c9ffa838bffb64b1caafadcb0f388  dovecot-2.2.29.1.tar.gz
+sha256 5e92a4325409e66b343f6aaa67174b8921ce83d0df792c6eeb0b7b7e2c808353  dovecot-2.2.34.tar.gz
+sha256 a363b132e494f662d98c820d1481297e6ae72f194c2c91b6c39e1518b86240a8  COPYING
+sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551  COPYING.LGPL
+sha256 52b8c95fabb19575281874b661ef7968ea47e8f5d74ba0dd40ce512e52b3fc97  COPYING.MIT
--- a/package/dovecot/dovecot.mk
+++ b/package/dovecot/dovecot.mk
@@ -5,7 +5,7 @@
 ################################################################################

 DOVECOT_VERSION_MAJOR = 2.2
-DOVECOT_VERSION = $(DOVECOT_VERSION_MAJOR).29.1
+DOVECOT_VERSION = $(DOVECOT_VERSION_MAJOR).34
 DOVECOT_SITE = http://www.dovecot.org/releases/$(DOVECOT_VERSION_MAJOR)
 DOVECOT_INSTALL_STAGING = YES
 DOVECOT_LICENSE = LGPLv2.1
--- a/package/eeprog/Config.in
+++ b/package/eeprog/Config.in
@@ -3,4 +3,4 @@ config BR2_PACKAGE_EEPROG
 	help
 	  Simple tool to read/write i2c eeprom chips.

-	  http://codesink.org/eeprog.html
+	  http://www.codesink.org/eeprog.html
--- a/package/eudev/S10udev
+++ b/package/eudev/S10udev
@@ -27,9 +27,9 @@ test -r $UDEV_CONFIG || exit 6

 case "$1" in
    start)
-        printf "Populating ${udev_root:-/dev} using udev: "
+        printf "Populating %s using udev: " "${udev_root:-/dev}"
        printf '\000\000\000\000' > /proc/sys/kernel/hotplug
-        $UDEV_BIN -d || (echo "FAIL" && exit 1)
+        $UDEV_BIN -d || { echo "FAIL"; exit 1; }
        udevadm trigger --type=subsystems --action=add
        udevadm trigger --type=devices --action=add
        udevadm settle --timeout=30 || echo "udevadm settle failed"
--- a/package/exim/0003-Skip-version-check-and-symlink-installation.patch
+++ b/package/exim/0003-Skip-version-check-and-symlink-installation.patch
@@ -9,6 +9,8 @@ Inspired by:
 http://patch-tracker.debian.org/patch/series/view/exim4/4.76-2/35_install.dpatch

 Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
+(rebased against exim 4.89)
+Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
 ---
 scripts/exim_install |    7 +++++--
 1 files changed, 5 insertions(+), 2 deletions(-)
@@ -17,7 +19,7 @@ diff --git a/scripts/exim_install b/scripts/exim_install
 index e68e7d5..487a4e1 100755
 --- a/scripts/exim_install
 +++ b/scripts/exim_install
-@@ -59,6 +59,8 @@ while [ $# -gt 0 ] ; do
+@@ -58,6 +58,8 @@
   shift
 done
 
@@ -26,15 +28,14 @@ index e68e7d5..487a4e1 100755
 # Get the values of BIN_DIRECTORY, CONFIGURE_FILE, INFO_DIRECTORY, NO_SYMLINK,
 # SYSTEM_ALIASES_FILE, and EXE from the global Makefile (in the build
 # directory). EXE is empty except in the Cygwin environment. In each case, keep
-@@ -218,8 +220,9 @@ while [ $# -gt 0 ]; do
+@@ -217,9 +219,7 @@
   # The exim binary is handled specially
 
   if [ $name = exim${EXE} ]; then
-    version=exim-`./exim -bV -C /dev/null | \
+-    exim="./exim -bV -C /dev/null"
+-    version=exim-`$exim 2>/dev/null | \
 -      awk '/Exim version/ { OFS=""; print $3,"-",substr($4,2,length($4)-1) }'`${EXE}
 +    version=exim
-+#    version=exim-`./exim -bV -C /dev/null | \
-+#      awk '/Exim version/ { OFS=""; print $3,"-",substr($4,2,length($4)-1) }'`${EXE}
 
     if [ "${version}" = "exim-${EXE}" ]; then
       echo $com ""
--- a/package/exim/0004-glibc.patch
+++ b/package/exim/0004-glibc.patch
@@ -0,0 +1,27 @@
+uClibc does not contain gnu/libc-version.h
+
+Patch sent upstream: https://bugs.exim.org/show_bug.cgi?id=2070
+
+Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
+
+diff -uNr exim-4.88.org/src/exim.c exim-4.88/src/exim.c
+--- exim-4.88.org/src/exim.c	2016-12-18 15:02:28.000000000 +0100
+++ exim-4.88/src/exim.c	2016-12-26 12:12:57.000000000 +0100
+@@ -12,7 +12,7 @@
+ 
+ #include "exim.h"
+ 
+-#ifdef __GLIBC__
+#if defined(__GLIBC__) && !defined(__UCLIBC__)
+ # include <gnu/libc-version.h>
+ #endif
+ 
+@@ -1044,7 +1044,7 @@
+   fprintf(f, "Compiler: <unknown>\n");
+ #endif
+ 
+-#ifdef __GLIBC__
+#if defined(__GLIBC__) && !defined(__UCLIBC__)
+   fprintf(f, "Library version: Glibc: Compile: %d.%d\n",
+ 	       	__GLIBC__, __GLIBC_MINOR__);
+   if (__GLIBC_PREREQ(2, 1))
--- a/package/exim/0005-Fix-base64d-buffer-size-CVE-2018-6789.patch
+++ b/package/exim/0005-Fix-base64d-buffer-size-CVE-2018-6789.patch
@@ -0,0 +1,37 @@
+From 062990cc1b2f9e5d82a413b53c8f0569075de700 Mon Sep 17 00:00:00 2001
+From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de>
+Date: Mon, 5 Feb 2018 22:23:32 +0100
+Subject: [PATCH] Fix base64d() buffer size (CVE-2018-6789)
+
+Credits for discovering this bug: Meh Chang <meh@devco.re>
+
+[Peter: Drop ChangeLog change, fix path]
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ src/base64.c      | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/base64.c b/src/base64.c
+index f6f187f0..e58ca6c7 100644
+--- a/src/base64.c
+++ b/src/base64.c
+@@ -152,10 +152,14 @@ static uschar dec64table[] = {
+ int
+ b64decode(const uschar *code, uschar **ptr)
+ {
+
+ int x, y;
+-uschar *result = store_get(3*(Ustrlen(code)/4) + 1);
+uschar *result;
+ 
+-*ptr = result;
+{
+  int l = Ustrlen(code);
+  *ptr = result = store_get(1 + l/4 * 3 + l%4);
+}
+ 
+ /* Each cycle of the loop handles a quantum of 4 input bytes. For the last
+ quantum this may decode to 1, 2, or 3 output bytes. */
+-- 
+2.11.0
+
--- a/package/exim/exim.hash
+++ b/package/exim/exim.hash
@@ -1,2 +1,2 @@
-# Locally calculated
-sha256	d4b7994c89240d2f9a9fcd7a2dffa4b72f14379001a24266f4dbb0fbe5131514	exim-4.87.1.tar.bz2
+# Locally calculated after checking pgp signature
+sha256 1a21322a10e2da9c0bd6a2a483b6e7ef8fa7f16efcab4c450fd73e7188f5fa94  exim-4.89.1.tar.xz
--- a/package/exim/exim.mk
+++ b/package/exim/exim.mk
@@ -4,9 +4,9 @@
 #
 ################################################################################

-EXIM_VERSION = 4.87.1
-EXIM_SOURCE = exim-$(EXIM_VERSION).tar.bz2
-EXIM_SITE = ftp://ftp.exim.org/pub/exim/exim4/old
+EXIM_VERSION = 4.89.1
+EXIM_SOURCE = exim-$(EXIM_VERSION).tar.xz
+EXIM_SITE = ftp://ftp.exim.org/pub/exim/exim4
 EXIM_LICENSE = GPLv2+
 EXIM_LICENSE_FILES = LICENCE
 EXIM_DEPENDENCIES = pcre berkeleydb host-pkgconf
--- a/package/fis/fis.mk
+++ b/package/fis/fis.mk
@@ -12,7 +12,7 @@ FIS_LICENSE_FILES = fis.c

 define FIS_BUILD_CMDS
 	$(TARGET_CC) $(TARGET_CFLAGS) -std=c99 -o $(@D)/fis \
-		$(@D)/fis.c $(@D)/crc.c $(TARGE_LDFLAGS)
+		$(@D)/fis.c $(@D)/crc.c $(TARGET_LDFLAGS)
 endef

 define FIS_INSTALL_TARGET_CMDS
--- a/package/flann/flann.mk
+++ b/package/flann/flann.mk
@@ -15,6 +15,7 @@ FLANN_CONF_OPTS = \
 	-DBUILD_MATLAB_BINDINGS=OFF \
 	-DBUILD_EXAMPLES=$(if $(BR2_PACKAGE_FLANN_EXAMPLES),ON,OFF) \
 	-DUSE_OPENMP=$(if $(BR2_GCC_ENABLE_OPENMP),ON,OFF) \
-	-DPYTHON_EXECUTABLE=OFF
+	-DPYTHON_EXECUTABLE=OFF \
+	-DCMAKE_DISABLE_FIND_PACKAGE_HDF5=TRUE

 $(eval $(cmake-package))
--- a/package/gdb/gdb.mk
+++ b/package/gdb/gdb.mk
@@ -61,9 +61,11 @@ endif

 # When gdb sources are fetched from the binutils-gdb repository, they
 # also contain the binutils sources, but binutils shouldn't be built,
-# so we disable it.
+# so we disable it (additionally the option --disable-install-libbfd
+# prevents the un-wanted installation of libobcodes.so and libbfd.so).
 GDB_DISABLE_BINUTILS_CONF_OPTS = \
 	--disable-binutils \
+	--disable-install-libbfd \
 	--disable-ld \
 	--disable-gas

--- a/package/gstreamer/gstreamer.mk
+++ b/package/gstreamer/gstreamer.mk
@@ -1 +1 @@
-include package/gstreamer/*/*.mk
+include $(sort $(wildcard package/gstreamer/*/*.mk))
--- a/package/gstreamer1/gstreamer1.mk
+++ b/package/gstreamer1/gstreamer1.mk
@@ -1 +1 @@
-include package/gstreamer1/*/*.mk
+include $(sort $(wildcard package/gstreamer1/*/*.mk))
--- a/package/heimdal/heimdal.hash
+++ b/package/heimdal/heimdal.hash
@@ -1,2 +1,2 @@
 # Locally calculated
-sha256 3de14ecd36ad21c1694a13da347512b047f4010d176fe412820664cb5d1429ad  heimdal-7.4.0.tar.gz
+sha256 c5a2a0030fcc728022fa2332bad85569084d1c3b9a59587b7ebe141b0532acad  heimdal-7.5.0.tar.gz
--- a/package/heimdal/heimdal.mk
+++ b/package/heimdal/heimdal.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################

-HEIMDAL_VERSION = 7.4.0
+HEIMDAL_VERSION = 7.5.0
 HEIMDAL_SITE = https://github.com/heimdal/heimdal/releases/download/heimdal-$(HEIMDAL_VERSION)
 HOST_HEIMDAL_DEPENDENCIES = host-e2fsprogs host-ncurses host-pkgconf
 HEIMDAL_INSTALL_STAGING = YES
--- a/package/imagemagick/imagemagick.hash
+++ b/package/imagemagick/imagemagick.hash
@@ -1,2 +1,3 @@
 # Locally computed
-sha256 924d1161ed2399bcb72f98419072b3130a466e07d9a6fce43d27458ffa907ffa  7.0.7-10.tar.gz
+sha256 723a28f9cbc5c6130f496065fc01c839083e97bf3e4930f940a03c0155046170  7.0.7-27.tar.gz
+sha256 2318cc05bbd2c25c1b2d13af1aadccc45b9cf6f94757421ae59a3c8ea9064f1c  LICENSE
--- a/package/imagemagick/imagemagick.mk
+++ b/package/imagemagick/imagemagick.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################

-IMAGEMAGICK_VERSION = 7.0.7-10
+IMAGEMAGICK_VERSION = 7.0.7-27
 IMAGEMAGICK_SOURCE = $(IMAGEMAGICK_VERSION).tar.gz
 IMAGEMAGICK_SITE = https://github.com/ImageMagick/ImageMagick/archive
 IMAGEMAGICK_LICENSE = Apache-2.0
--- a/package/intel-microcode/intel-microcode.hash
+++ b/package/intel-microcode/intel-microcode.hash
@@ -1,2 +1,3 @@
 # Locally computed
-sha256	096e39489eef67666be652e81fa372a06b74f39ea3d565dc0287242c668717e7	microcode-20151106.tgz
+sha256 063f1aa3a546cb49323a5e0b516894e4b040007107b8c8ff017aca8a86204130  microcode-20180108.tgz
+sha256 6d4deb65ca688d930e188bf93f78430f134097b161e6df4a2ef00728e14965e3  license.txt
--- a/package/intel-microcode/intel-microcode.mk
+++ b/package/intel-microcode/intel-microcode.mk
@@ -4,9 +4,9 @@
 #
 ################################################################################

-INTEL_MICROCODE_VERSION = 20151106
+INTEL_MICROCODE_VERSION = 20180108
 INTEL_MICROCODE_SOURCE = microcode-$(INTEL_MICROCODE_VERSION).tgz
-INTEL_MICROCODE_SITE = http://downloadmirror.intel.com/25512/eng
+INTEL_MICROCODE_SITE = http://downloadmirror.intel.com/27431/eng
 INTEL_MICROCODE_STRIP_COMPONENTS = 0
 INTEL_MICROCODE_LICENSE = PROPRIETARY
 INTEL_MICROCODE_LICENSE_FILES = license.txt
--- a/package/iputils/iputils.mk
+++ b/package/iputils/iputils.mk
@@ -76,4 +76,9 @@ define IPUTILS_INSTALL_TARGET_CMDS
 	$(INSTALL) -D -m 755 $(@D)/traceroute6 $(TARGET_DIR)/bin/traceroute6
 endef

+define IPUTILS_PERMISSIONS
+	/bin/ping        f 4755 0 0 - - - - -
+	/bin/traceroute6 f 4755 0 0 - - - - -
+endef
+
 $(eval $(generic-package))
--- a/package/irssi/irssi.hash
+++ b/package/irssi/irssi.hash
@@ -1,4 +1,4 @@
 # Locally calculated after checking pgp signature
-sha256	c2556427e12eb06cabfed40839ac6f57eb8b1aa6365fab6dfcd331b7a04bb914  irssi-1.0.5.tar.xz
+sha256	1b386ca026aa1875c380fd00ef1d24b71fb87cdae39ef5349ecca16c4567feac  irssi-1.0.7.tar.xz
 # Locally calculated
 sha256	a1a27cb2ecee8d5378fbb3562f577104a445d6d66fee89286e16758305e63e2b  COPYING
--- a/package/irssi/irssi.mk
+++ b/package/irssi/irssi.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################

-IRSSI_VERSION = 1.0.5
+IRSSI_VERSION = 1.0.7
 IRSSI_SOURCE = irssi-$(IRSSI_VERSION).tar.xz
 # Do not use the github helper here. The generated tarball is *NOT* the
 # same as the one uploaded by upstream for the release.
--- a/package/jq/jq.mk
+++ b/package/jq/jq.mk
@@ -10,8 +10,10 @@ JQ_LICENSE = MIT (code), CC-BY-3.0 (documentation)
 JQ_LICENSE_FILES = COPYING

 # uses c99 specific features
-JQ_CONF_ENV += CFLAGS="$(TARGET_CFLAGS) -std=c99"
-HOST_JQ_CONF_ENV += CFLAGS="$(HOST_CFLAGS) -std=c99"
+# _GNU_SOURCE added to fix gcc6+ host compilation
+# (https://github.com/stedolan/jq/issues/1598)
+JQ_CONF_ENV += CFLAGS="$(TARGET_CFLAGS) -std=c99 -D_GNU_SOURCE"
+HOST_JQ_CONF_ENV += CFLAGS="$(HOST_CFLAGS) -std=c99 -D_GNU_SOURCE"

 # jq explicitly enables maintainer mode, which we don't need/want
 JQ_CONF_OPTS += --disable-maintainer-mode
--- a/package/kmsxx/kmsxx.mk
+++ b/package/kmsxx/kmsxx.mk
@@ -44,12 +44,15 @@ define KMSXX_INSTALL_TARGET_CMDS
 	$(KMSXX_INSTALL_TARGET_TESTS)
 endef

+# kmsxx only builds shared or static libraries, so when
+# BR2_SHARED_STATIC_LIBS=y, we don't have any static library to
+# install
 define KMSXX_INSTALL_STAGING_CMDS
 	$(foreach l,$(KMSXX_LIBS),\
 		$(if $(BR2_SHARED_LIBS)$(BR2_SHARED_STATIC_LIBS),
 			$(INSTALL) -D -m 0755 $(@D)/lib/lib$(l).so \
 				$(STAGING_DIR)/usr/lib/lib$(l).so)
-		$(if $(BR2_STATIC_LIBS)$(BR2_SHARED_STATIC_LIBS),
+		$(if $(BR2_STATIC_LIBS),
 			$(INSTALL) -D -m 0755 $(@D)/lib/lib$(l).a \
 				$(STAGING_DIR)/usr/lib/lib$(l).a)
 		mkdir -p $(STAGING_DIR)/usr/include/$(l)
--- a/package/libcue/libcue.mk
+++ b/package/libcue/libcue.mk
@@ -12,6 +12,8 @@ LIBCUE_DEPENDENCIES = host-bison host-flex flex
 LIBCUE_INSTALL_STAGING = YES
 LIBCUE_AUTORECONF = YES

+LIBCUE_MAKE = $(MAKE1)
+
 # Needed for autoreconf
 define LIBCUE_MAKE_CONFIG_DIR
 	mkdir $(@D)/config
--- a/package/libcurl/libcurl.hash
+++ b/package/libcurl/libcurl.hash
@@ -1,4 +1,4 @@
 # Locally calculated after checking pgp signature
-# https://curl.haxx.se/download/curl-7.56.1.tar.xz.asc
-sha256 8eed282cf3a0158d567a0feaa3c4619e8e847970597b5a2c81879e8f0d1a39d1  curl-7.56.1.tar.xz
-sha256 cbcf511f5702f7baf5424193a792bc9c18fab22bcbec2e6a587598389dc632c2  COPYING
+# https://curl.haxx.se/download/curl-7.59.0.tar.xz.asc
+sha256 e44eaabdf916407585bf5c7939ff1161e6242b6b015d3f2f5b758b2a330461fc  curl-7.59.0.tar.xz
+sha256 5f3849ec38ddb927e79f514bf948890c41b8d1407286a49609b8fb1585931095  COPYING
--- a/package/libcurl/libcurl.mk
+++ b/package/libcurl/libcurl.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################

-LIBCURL_VERSION = 7.56.1
+LIBCURL_VERSION = 7.59.0
 LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz
 LIBCURL_SITE = https://curl.haxx.se/download
 LIBCURL_DEPENDENCIES = host-pkgconf \
--- a/package/liberation/liberation.mk
+++ b/package/liberation/liberation.mk
@@ -5,7 +5,7 @@
 ################################################################################

 LIBERATION_VERSION = 2.00.1
-LIBERATION_SITE = http://www.fedorahosted.org/releases/l/i/liberation-fonts
+LIBERATION_SITE = https://releases.pagure.org/liberation-fonts
 LIBERATION_SOURCE = liberation-fonts-ttf-$(LIBERATION_VERSION).tar.gz
 LIBERATION_TARGET_DIR = $(TARGET_DIR)/usr/share/fonts/liberation
 LIBERATION_LICENSE = OFLv1.1
--- a/package/libevent/libevent.mk
+++ b/package/libevent/libevent.mk
@@ -12,6 +12,7 @@ LIBEVENT_LICENSE_FILES = LICENSE
 # For 0001-Disable-building-test-programs.patch
 LIBEVENT_AUTORECONF = YES
 LIBEVENT_CONF_OPTS = --disable-samples
+HOST_LIBEVENT_CONF_OPTS = --disable-samples --disable-openssl

 define LIBEVENT_REMOVE_PYSCRIPT
 	rm $(TARGET_DIR)/usr/bin/event_rpcgen.py
--- a/package/libiio/libiio.mk
+++ b/package/libiio/libiio.mk
@@ -54,8 +54,8 @@ else
 LIBIIO_CONF_OPTS += -DWITH_IIOD_USBD=OFF
 endif

-# Avahi support in libiio requires avahi-client, which needs avahi-daemon
-ifeq ($(BR2_PACKAGE_AVAHI)$(BR2_PACKAGE_AVAHI_DAEMON),yy)
+# Avahi support in libiio requires avahi-client, which needs avahi-daemon and dbus
+ifeq ($(BR2_PACKAGE_AVAHI_DAEMON)$(BR2_PACKAGE_DBUS),yy)
 LIBIIO_DEPENDENCIES += avahi
 endif

--- a/package/libpjsip/libpjsip.hash
+++ b/package/libpjsip/libpjsip.hash
@@ -1,6 +1,6 @@
-# From http://www.pjsip.org/release/2.7.1/MD5SUM.TXT
-md5	99a64110fa5c2debff40e0e8d4676380  pjproject-2.7.1.tar.bz2
+# From http://www.pjsip.org/release/2.7.2/MD5SUM.TXT
+md5	fa3f0bc098c4bff48ddd92db1c016a7a  pjproject-2.7.2.tar.bz2

 # Locally computed
-sha256	59fabc62a02b2b80857297cfb10e2c68c473f4a0acc6e848cfefe8421f2c3126	pjproject-2.7.1.tar.bz2
+sha256	9c2c828abab7626edf18e04b041ef274bfaa86f99adf2c25ff56f1509e813772	pjproject-2.7.2.tar.bz2
 sha256	8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643	COPYING
--- a/package/libpjsip/libpjsip.mk
+++ b/package/libpjsip/libpjsip.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################

-LIBPJSIP_VERSION = 2.7.1
+LIBPJSIP_VERSION = 2.7.2
 LIBPJSIP_SOURCE = pjproject-$(LIBPJSIP_VERSION).tar.bz2
 LIBPJSIP_SITE = http://www.pjsip.org/release/$(LIBPJSIP_VERSION)
 LIBPJSIP_DEPENDENCIES = libsrtp
--- a/package/libpqxx/0001-Fix-broken-sed-call-in-configure.ac.in.patch
+++ b/package/libpqxx/0001-Fix-broken-sed-call-in-configure.ac.in.patch
@@ -0,0 +1,31 @@
+From d5120738a9b6b90d19e742f3c591727d16d76c9c Mon Sep 17 00:00:00 2001
+From: Romain Naour <romain.naour@gmail.com>
+Date: Tue, 26 Dec 2017 14:09:46 +0100
+Subject: [PATCH] Fix broken sed call in configure.ac.in
+
+Upstream fix from commit [1][2]
+
+[1] 80a9d5386641ac67d4ea1b602c786b45b40b252f
+[2] 85e9336740475be25ed19924cca0961f7d844c4b
+
+Signed-off-by: Romain Naour <romain.naour@gmail.com>
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 32cf5cb5..77cf7edd 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -480,7 +480,7 @@ occurring in the file.
+ ])], -L${with_postgres_lib})
+ 
+ # Remove redundant occurrances of -lpq
+-LIBS="`echo "$LIBS" | sed -e 's/-lpq[[:space:]]*[[:space:]]-lpq\>/-lpq/g'`"
+LIBS=[`echo "$LIBS" | sed -e 's/-lpq * -lpq\>/-lpq/g'`]
+ 
+ AC_LANG_POP(C)
+ 
+-- 
+2.14.3
+
--- a/package/libpqxx/libpqxx.mk
+++ b/package/libpqxx/libpqxx.mk
@@ -11,6 +11,9 @@ LIBPQXX_DEPENDENCIES = postgresql
 LIBPQXX_LICENSE = BSD-3c
 LIBPQXX_LICENSE_FILES = COPYING

+# 0001-Fix-broken-sed-call-in-configure.ac.in.patch
+LIBPQXX_AUTORECONF = YES
+
 LIBPQXX_CONF_ENV += ac_cv_path_PG_CONFIG=$(STAGING_DIR)/usr/bin/pg_config

 $(eval $(autotools-package))
--- a/package/librsvg/librsvg.hash
+++ b/package/librsvg/librsvg.hash
@@ -1,2 +1,2 @@
-# From http://ftp.gnome.org/pub/gnome/sources/librsvg/2.40/librsvg-2.40.18.sha256sum
-sha256	bfc8c488c89c1e7212c478beb95c41b44701636125a3e6dab41187f1485b564c	librsvg-2.40.18.tar.xz
+# From http://ftp.gnome.org/pub/gnome/sources/librsvg/2.40/librsvg-2.40.20.sha256sum
+sha256	cff4dd3c3b78bfe99d8fcfad3b8ba1eee3289a0823c0e118d78106be6b84c92b	librsvg-2.40.20.tar.xz
--- a/package/librsvg/librsvg.mk
+++ b/package/librsvg/librsvg.mk
@@ -5,7 +5,7 @@
 ################################################################################

 LIBRSVG_VERSION_MAJOR = 2.40
-LIBRSVG_VERSION = $(LIBRSVG_VERSION_MAJOR).18
+LIBRSVG_VERSION = $(LIBRSVG_VERSION_MAJOR).20
 LIBRSVG_SITE = http://ftp.gnome.org/pub/gnome/sources/librsvg/$(LIBRSVG_VERSION_MAJOR)
 LIBRSVG_SOURCE = librsvg-$(LIBRSVG_VERSION).tar.xz
 LIBRSVG_INSTALL_STAGING = YES
--- a/package/libsoxr/Config.in
+++ b/package/libsoxr/Config.in
@@ -2,7 +2,7 @@ config BR2_PACKAGE_LIBSOXR
 	bool "libsoxr"
 	help
 	  The SoX Resampler library `libsoxr' performs one-dimensional
-	  sample-rate conversion—it may be used, for example, to
+	  sample-rate conversion. It may be used, for example, to
 	  resample PCM-encoded audio.

 	  It aims to give fast and high quality results for any constant
--- a/package/libtasn1/libtasn1.hash
+++ b/package/libtasn1/libtasn1.hash
@@ -1,2 +1,6 @@
 # Locally calculated after checking pgp signature
-sha256	6753da2e621257f33f5b051cc114d417e5206a0818fe0b1ecfd6153f70934753	libtasn1-4.12.tar.gz
+# https://ftp.gnu.org/gnu/libtasn1/libtasn1-4.13.tar.gz.sig
+sha256	7e528e8c317ddd156230c4e31d082cd13e7ddeb7a54824be82632209550c8cca	libtasn1-4.13.tar.gz
+# Locally calculated
+sha256	8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903	COPYING
+sha256	dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551	COPYING.LIB
--- a/package/libtasn1/libtasn1.mk
+++ b/package/libtasn1/libtasn1.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################

-LIBTASN1_VERSION = 4.12
+LIBTASN1_VERSION = 4.13
 LIBTASN1_SITE = $(BR2_GNU_MIRROR)/libtasn1
 LIBTASN1_DEPENDENCIES = host-bison
 LIBTASN1_LICENSE = GPLv3+ (tests, tools), LGPLv2.1+ (library)
--- a/package/libvorbis/libvorbis.hash
+++ b/package/libvorbis/libvorbis.hash
@@ -1,2 +1,4 @@
 # From http://www.xiph.org/downloads/
-sha256 54f94a9527ff0a88477be0a71c0bab09a4c3febe0ed878b24824906cd4b0e1d1 libvorbis-1.3.5.tar.xz
+sha256 af00bb5a784e7c9e69f56823de4637c350643deedaf333d0fa86ecdba6fcb415 libvorbis-1.3.6.tar.xz
+# License files, locally calculated
+sha256 29e9914e6173b7061b7d48c25e6159fc1438326738bc047cc7248abc01b271f6  COPYING
--- a/package/libvorbis/libvorbis.mk
+++ b/package/libvorbis/libvorbis.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################

-LIBVORBIS_VERSION = 1.3.5
+LIBVORBIS_VERSION = 1.3.6
 LIBVORBIS_SOURCE = libvorbis-$(LIBVORBIS_VERSION).tar.xz
 LIBVORBIS_SITE = http://downloads.xiph.org/releases/vorbis
 LIBVORBIS_INSTALL_STAGING = YES
--- a/package/libxml2/0001-CVE-2017-8872.patch
+++ b/package/libxml2/0001-CVE-2017-8872.patch
@@ -0,0 +1,33 @@
+From 8b329effb610f4138e4e680f6a6867570f6d6179 Mon Sep 17 00:00:00 2001
+From: Baruch Siach <baruch@tkos.co.il>
+Date: Fri, 9 Feb 2018 10:58:11 +0200
+Subject: [PATCH] CVE-2017-8872
+
+Taken from attachment to upstream bug report comment #9.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=775200#c9
+https://bugzilla.gnome.org/attachment.cgi?id=366193&action=diff
+
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+ parser.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/parser.c b/parser.c
+index 1c5e036ea265..025111067ae8 100644
+--- a/parser.c
+++ b/parser.c
+@@ -12467,6 +12467,10 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) {
+ 	ctxt->input->cur = BAD_CAST"";
+ 	ctxt->input->base = ctxt->input->cur;
+         ctxt->input->end = ctxt->input->cur;
+    if (ctxt->input->buf)
+        xmlBufEmpty (ctxt->input->buf->buffer);
+    else
+        ctxt->input->length = 0;
+     }
+ }
+ 
+-- 
+2.15.1
+
--- a/package/libxml2/libxml2.hash
+++ b/package/libxml2/libxml2.hash
@@ -1,2 +1,4 @@
 # Locally calculated after checking pgp signature
-sha256	4031c1ecee9ce7ba4f313e91ef6284164885cdb69937a123f6a83bb6a72dcd38	libxml2-2.9.5.tar.gz
+sha256	f63c5e7d30362ed28b38bfa1ac6313f9a80230720b7fb6c80575eeab3ff5900c	libxml2-2.9.7.tar.gz
+# License files, locally calculated
+sha256	c5c63674f8a83c4d2e385d96d1c670a03cb871ba2927755467017317878574bd	COPYING
--- a/package/libxml2/libxml2.mk
+++ b/package/libxml2/libxml2.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################

-LIBXML2_VERSION = 2.9.5
+LIBXML2_VERSION = 2.9.7
 LIBXML2_SITE = ftp://xmlsoft.org/libxml2
 LIBXML2_INSTALL_STAGING = YES
 LIBXML2_LICENSE = MIT
--- a/package/linphone/linphone.mk
+++ b/package/linphone/linphone.mk
@@ -50,4 +50,11 @@ else
 LINPHONE_CONF_OPTS += --disable-libv4l1 --disable-libv4l2
 endif

+ifeq ($(BR2_PACKAGE_LIBUPNP),y)
+LINPHONE_DEPENDENCIES += libupnp
+LINPHONE_CONF_OPTS += --enable-upnp
+else
+LINPHONE_CONF_OPTS += --disable-upnp
+endif
+
 $(eval $(autotools-package))
--- a/package/linux-headers/Config.in.host
+++ b/package/linux-headers/Config.in.host
@@ -214,15 +214,15 @@ endchoice

 config BR2_DEFAULT_KERNEL_HEADERS
 	string
-	default "3.2.96"	if BR2_KERNEL_HEADERS_3_2
+	default "3.2.101"	if BR2_KERNEL_HEADERS_3_2
 	default "3.4.113"	if BR2_KERNEL_HEADERS_3_4
 	default "3.10.108"	if BR2_KERNEL_HEADERS_3_10
 	default "3.12.74"	if BR2_KERNEL_HEADERS_3_12
 	default "3.18.72"	if BR2_KERNEL_HEADERS_3_18
 	default "3.19.8"	if BR2_KERNEL_HEADERS_3_19
 	default "4.0.9"		if BR2_KERNEL_HEADERS_4_0
-	default "4.1.46"	if BR2_KERNEL_HEADERS_4_1
-	default "4.4.102"	if BR2_KERNEL_HEADERS_4_4
+	default "4.1.51"	if BR2_KERNEL_HEADERS_4_1
+	default "4.4.127"	if BR2_KERNEL_HEADERS_4_4
 	default "4.8.17"	if BR2_KERNEL_HEADERS_4_8
-	default "4.9.65"	if BR2_KERNEL_HEADERS_4_9
+	default "4.9.93"	if BR2_KERNEL_HEADERS_4_9
 	default BR2_DEFAULT_KERNEL_VERSION if BR2_KERNEL_HEADERS_VERSION
--- a/package/lldpd/0003-configure-remove-check-on-CXX-compiler.patch
+++ b/package/lldpd/0003-configure-remove-check-on-CXX-compiler.patch
@@ -0,0 +1,35 @@
+From d28b3bfa1b224f7770004dddf4dfaf10ad7ad6c9 Mon Sep 17 00:00:00 2001
+From: Damien Riegel <damien.riegel@savoirfairelinux.com>
+Date: Mon, 18 Dec 2017 14:37:08 -0500
+Subject: [PATCH] configure: remove check on CXX compiler
+
+lldpd fails to build if the toolchain doesn't have a C++ compiler
+because configure fails with the following error:
+
+  checking how to run the C++ preprocessor... /lib/cpp
+  configure: error: in `/home/dkc/src/buildroot/build-zii/build/lldpd-0.9.4':
+  configure: error: C++ preprocessor "/lib/cpp" fails sanity check
+
+Since "8d92800b: build: cleaner way to not alter CFLAGS/CPPFLAGS/LDFLAGS",
+it seems that the dependency on C++ is not required anymore, so there
+is no reason to keep this restriction. Dropping AC_PROG_CXX allows to
+build with a toolchain that doesn't have C++ just fine.
+---
+ configure.ac | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 0edceb1..5afe8f2 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -48,7 +48,6 @@ AC_PROG_CC_C99
+ if test x"$ac_cv_prog_cc_c99" = x"no"; then
+   AC_MSG_FAILURE([*** C99 support is mandatory])
+ fi
+-AC_PROG_CXX
+ AM_PROG_CC_C_O
+ AC_PROG_LIBTOOL
+ AC_PROG_LN_S
+-- 
+2.15.1
+
--- a/package/lldpd/lldpd.mk
+++ b/package/lldpd/lldpd.mk
@@ -9,7 +9,7 @@ LLDPD_SITE = http://media.luffy.cx/files/lldpd
 LLDPD_DEPENDENCIES = host-pkgconf libevent
 LLDPD_LICENSE = ISC
 LLDPD_LICENSE_FILES = README.md
-# 0002-configure-do-not-check-for-libbsd.patch
+# 0002-configure-do-not-check-for-libbsd.patch / 0003-configure-remove-check-on-CXX-compiler.patch
 LLDPD_AUTORECONF = YES

 ifeq ($(BR2_PACKAGE_CHECK),y)
--- a/package/lz4/lz4.hash
+++ b/package/lz4/lz4.hash
@@ -1,2 +1,2 @@
 # sha256 locally computed
-sha256 9d4d00614d6b9dec3114b33d1224b6262b99ace24434c53487a0c8fd0b18cfed  lz4-r131.tar.gz
+sha256 0190cacd63022ccb86f44fa5041dc6c3804407ad61550ca21c382827319e7e7e  lz4-v1.7.5.tar.gz
--- a/package/lz4/lz4.mk
+++ b/package/lz4/lz4.mk
@@ -4,8 +4,8 @@
 #
 ################################################################################

-LZ4_VERSION = r131
-LZ4_SITE = $(call github,Cyan4973,lz4,$(LZ4_VERSION))
+LZ4_VERSION = v1.7.5
+LZ4_SITE = $(call github,lz4,lz4,$(LZ4_VERSION))
 LZ4_INSTALL_STAGING = YES
 LZ4_LICENSE = BSD-2c (library), GPLv2+ (programs)
 LZ4_LICENSE_FILES = lib/LICENSE programs/COPYING
@@ -18,26 +18,26 @@ LZ4_POST_PATCH_HOOKS += LZ4_DISABLE_SHARED
 endif

 define HOST_LZ4_BUILD_CMDS
-	$(HOST_MAKE_ENV) $(MAKE) $(HOST_CONFIGURE_OPTS) -C $(@D)
+	$(HOST_MAKE_ENV) $(HOST_CONFIGURE_OPTS) $(MAKE) -C $(@D) all
 endef

 define HOST_LZ4_INSTALL_CMDS
-	$(HOST_MAKE_ENV) $(MAKE) $(HOST_CONFIGURE_OPTS) PREFIX=$(HOST_DIR)/usr \
+	$(HOST_MAKE_ENV) $(HOST_CONFIGURE_OPTS) $(MAKE) PREFIX=$(HOST_DIR)/usr \
 		install -C $(@D)
 endef

 define LZ4_BUILD_CMDS
-	$(TARGET_MAKE_ENV) $(MAKE) $(TARGET_CONFIGURE_OPTS) -C $(@D)/lib
+	$(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D) all
 endef

 define LZ4_INSTALL_STAGING_CMDS
-	$(TARGET_MAKE_ENV) $(MAKE) $(TARGET_CONFIGURE_OPTS) DESTDIR=$(STAGING_DIR) \
+	$(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) DESTDIR=$(STAGING_DIR) \
 		PREFIX=/usr install -C $(@D)
 endef

 define LZ4_INSTALL_TARGET_CMDS
-	$(TARGET_MAKE_ENV) $(MAKE) $(TARGET_CONFIGURE_OPTS) DESTDIR=$(TARGET_DIR) \
-		PREFIX=/usr install -C $(@D)/lib
+	$(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) DESTDIR=$(TARGET_DIR) \
+		PREFIX=/usr install -C $(@D)
 endef

 $(eval $(generic-package))
--- a/package/mariadb/mariadb.hash
+++ b/package/mariadb/mariadb.hash
@@ -1,5 +1,5 @@
-# From https://downloads.mariadb.org/mariadb/10.1.26/
-sha256 ba88b1cb9967dea2909938a34ba89373b162b0d83e5c98a0f1c94540156bf73d  mariadb-10.1.26.tar.gz
+# From https://downloads.mariadb.org/mariadb/10.1.31/
+sha256 ab7641c2fe4e5289da6141766a9c3350e013def56fafd6f1377080bc8048b2e6  mariadb-10.1.31.tar.gz

 # Hash for license files
 sha256 69ce89a0cadbe35a858398c258be93c388715e84fc0ca04e5a1fd1aa9770dd3a  README
--- a/package/mariadb/mariadb.mk
+++ b/package/mariadb/mariadb.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################

-MARIADB_VERSION = 10.1.26
+MARIADB_VERSION = 10.1.31
 MARIADB_SITE = https://downloads.mariadb.org/interstitial/mariadb-$(MARIADB_VERSION)/source
 MARIADB_LICENSE = GPLv2 (server), GPLv2 with FLOSS exception (GPL client library), LGPLv2 (LGPL client library)
 # Tarball no longer contains LGPL license text
--- a/package/matchbox-fakekey/matchbox-fakekey.mk
+++ b/package/matchbox-fakekey/matchbox-fakekey.mk
@@ -14,8 +14,8 @@ MATCHBOX_FAKEKEY_DEPENDENCIES = matchbox-lib xlib_libXtst
 MATCHBOX_FAKEKEY_CONF_OPTS = --enable-expat

 define MATCHBOX_FAKEKEY_POST_CONFIGURE_FIXES
-	$(SED) 's:-I[^$$].*/usr/include/freetype2:-I/usr/include/freetype2:' $(STAGING_DIR)/usr/lib/pkgconfig/libmb.pc
-	$(SED) 's:^SUBDIRS = fakekey src tests.*:SUBDIRS = fakekey src:g' $(MATCHBOX_FAKEKEY_DIR)/Makefile
+	$(SED) 's:^SUBDIRS = fakekey src tests.*:SUBDIRS = fakekey src:g' \
+		$(@D)/Makefile
 endef

 MATCHBOX_FAKEKEY_POST_CONFIGURE_HOOKS += MATCHBOX_FAKEKEY_POST_CONFIGURE_FIXES
--- a/package/matchbox-lib/Config.in
+++ b/package/matchbox-lib/Config.in
@@ -1,4 +1,5 @@
 config BR2_PACKAGE_MATCHBOX_LIB
 	bool "matchbox-lib"
+	select BR2_PACKAGE_XLIB_LIBXEXT
 	help
 	  Matchbox common functionality library.
--- a/Show More
+++ b/Show More