Update for 2018.08-rc2

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

.gitlab-ci.yml

@@ -262,6 +262,7 @@ zynqmp_zcu106_defconfig: *defconfig
 tests.boot.test_atf.TestATFAllwinner: *runtime_test
 tests.boot.test_atf.TestATFMarvell: *runtime_test
 tests.boot.test_atf.TestATFVexpress: *runtime_test
+tests.core.test_file_capabilities.TestFileCapabilities: *runtime_test
 tests.core.test_post_scripts.TestPostScripts: *runtime_test
 tests.core.test_rootfs_overlay.TestRootfsOverlay: *runtime_test
 tests.core.test_timezone.TestGlibcAllTimezone: *runtime_test

CHANGES

@@ -1,4 +1,35 @@
-2018.08-rc1, To be released
+2018.08-rc2, Released August 20th, 2018
+
+	Fixes all over the tree.
+
+	pkg-kconfig: Support dependencies needed to run the
+	configurator, E.G. recent Linux kernel versions needing flex
+	and bison.
+
+	Defconfigs: ARM Juno: Bump ATF to fix a build
+	issue. Raspberrypi2: Bump rootfs size. Snps_archs38_vdk:
+	Correct /etc/inittab. Technologic ts7680: Correct genimage
+	configuration. Orange PI PC / Zero, Sheevaplug: Bump U-boot to
+	2018.07 to fix build issue. Ensure host-openssl is pulled in
+	for kernel builds where needed.
+
+	Updated/fixed packages: aircrack-ng, bind, boost,
+	boot-wrapper-aarch64, bzip2, busybox, chrony, cryptsetup,
+	dahdi-tools, dbus, domoticz, eigen, ipsec-tools, libarchive,
+	libfuse, libgit2, libopenssl, libselinux, lighttpd, lvm2, m4,
+	makedevs, mariadb, mesa3d-headers, mono, ncmpc, ncurses,
+	nodejs, php, python-django, python-pyqt5, qt5base,
+	qt5serialbus, ruby, samba4, uboot-tools, uclibc, vlc,
+	waylandpp, wireless_tools, wireshark, wpa_supplicant, mtd,
+	xdriver_xf86-video-ati, xserver_xorg-server
+
+	Issues resolved (http://bugs.uclibc.org):
+
+	#10781: cryptsetup luksOpen container_file container causes..
+	#10996: bogus musl ARM toolchain
+	#11191: xattr and check-package issue
+
+2018.08-rc1, Released August 5th, 2018
 
 	Toolchain:
 

Makefile

@@ -87,9 +87,9 @@ all:
 .PHONY: all
 
 # Set and export the version string
-export BR2_VERSION := 2018.08-rc1
+export BR2_VERSION := 2018.08-rc2
 # Actual time the release is cut (for reproducible builds)
-BR2_VERSION_EPOCH = 1533476000
+BR2_VERSION_EPOCH = 1534755000
 
 # Save running make version since it's clobbered by the make package
 RUNNING_MAKE_VERSION := $(MAKE_VERSION)

board/sheevaplug/readme.txt

@@ -0,0 +1,36 @@
+Sheevaplug
+==========
+
+Once the build process is finished you will have the following files
+in the output/images/ directory:
+
+- u-boot.kwb
+- uImage.kirkwood-sheevaplug
+- rootfs.jffs2
+
+Copy these to a TFTP server, connect ethernet and mini-USB cable and
+power up the board. Stop the board in U-Boot and update U-Boot by
+executing:
+
+setenv serverip <ipaddress-of-tftp-server>
+setenv bootfile <path/to/u-boot.kwb>
+bootp
+nand erase 0x0 0x80000
+nand write $fileaddr 0x0 0x80000
+reset
+
+Once the new U-Boot boots up, stop it again and update Linux kernel
+and rootfs by:
+
+setenv serverip <ipaddress-of-tftp-server>
+setenv bootfile <path/to/uImage.kirkwood-sheevaplug>
+bootp
+nand erase.part kernel
+nand write $fileaddr kernel 0x400000
+
+setenv bootfile <path/to/rootfs.jffs2>
+bootp
+nand erase.part rootfs
+nand write $fileaddr rootfs $filesize
+
+reset

board/technologic/ts7680/genimage.cfg

@@ -3,7 +3,7 @@ image sdcard.img {
 	}
 
 	partition unused {
-		size =  512B
+		size =  512
 	}
 
 	partition rootfs {

boot/boot-wrapper-aarch64/boot-wrapper-aarch64.mk

@@ -6,7 +6,7 @@
 
 BOOT_WRAPPER_AARCH64_VERSION = 4266507a84f8c06452109d38e0350d4759740694
 BOOT_WRAPPER_AARCH64_SITE = git://git.kernel.org/pub/scm/linux/kernel/git/mark/boot-wrapper-aarch64.git
-BOOT_WRAPPER_AARCH64_LICENSE = BSD3c
+BOOT_WRAPPER_AARCH64_LICENSE = BSD-3-Clause
 BOOT_WRAPPER_AARCH64_LICENSE_FILES = LICENSE.txt
 BOOT_WRAPPER_AARCH64_DEPENDENCIES = linux
 BOOT_WRAPPER_AARCH64_INSTALL_IMAGES = YES

configs/arm_juno_defconfig

@@ -12,7 +12,7 @@ BR2_LINUX_KERNEL_INTREE_DTS_NAME="arm/juno arm/juno-r1 arm/juno-r2"
 BR2_TARGET_ARM_TRUSTED_FIRMWARE=y
 BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_GIT=y
 BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_REPO_URL="https://github.com/ARM-software/arm-trusted-firmware.git"
-BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_REPO_VERSION="v1.2"
+BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_REPO_VERSION="v1.3"
 BR2_TARGET_ARM_TRUSTED_FIRMWARE_PLATFORM="juno"
 BR2_TARGET_ARM_TRUSTED_FIRMWARE_FIP=y
 BR2_TARGET_ARM_TRUSTED_FIRMWARE_UBOOT_AS_BL33=y

configs/imx6ulpico_defconfig

@@ -19,6 +19,7 @@ BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.17"
 BR2_LINUX_KERNEL_DEFCONFIG="imx_v6_v7"
 BR2_LINUX_KERNEL_DTS_SUPPORT=y
 BR2_LINUX_KERNEL_INTREE_DTS_NAME="imx6ul-pico-hobbit"
+BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y
 
 # wifi firmware for brcm4339
 BR2_PACKAGE_LINUX_FIRMWARE=y

configs/imx7dpico_defconfig

@@ -19,6 +19,7 @@ BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.17"
 BR2_LINUX_KERNEL_DEFCONFIG="imx_v6_v7"
 BR2_LINUX_KERNEL_DTS_SUPPORT=y
 BR2_LINUX_KERNEL_INTREE_DTS_NAME="imx7d-pico-pi"
+BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y
 
 # bootloader
 BR2_TARGET_UBOOT=y

configs/mx51evk_defconfig

@@ -32,3 +32,4 @@ BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.17.2"
 BR2_LINUX_KERNEL_DEFCONFIG="imx_v6_v7"
 BR2_LINUX_KERNEL_DTS_SUPPORT=y
 BR2_LINUX_KERNEL_INTREE_DTS_NAME="imx51-babbage"
+BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y

configs/orangepi_lite_defconfig

@@ -11,6 +11,7 @@ BR2_LINUX_KERNEL_DEFCONFIG="sunxi"
 BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="board/orangepi/orangepi-lite/linux-extras.config"
 BR2_LINUX_KERNEL_DTS_SUPPORT=y
 BR2_LINUX_KERNEL_INTREE_DTS_NAME="sun8i-h3-orangepi-lite"
+BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y
 BR2_PACKAGE_RTL8189FS=y
 BR2_PACKAGE_WIRELESS_TOOLS=y
 BR2_PACKAGE_WPA_SUPPLICANT=y

configs/orangepi_pc_defconfig

@@ -9,7 +9,7 @@ BR2_ROOTFS_POST_IMAGE_SCRIPT="support/scripts/genimage.sh"
 BR2_ROOTFS_POST_SCRIPT_ARGS="-c board/orangepi/orangepi-pc/genimage.cfg"
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_VERSION=y
-BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.17"
+BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.17.15"
 BR2_LINUX_KERNEL_DEFCONFIG="sunxi"
 BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="board/orangepi/orangepi-pc/linux.fragment"
 BR2_LINUX_KERNEL_DTS_SUPPORT=y
@@ -20,7 +20,7 @@ BR2_TARGET_ROOTFS_EXT2_4=y
 BR2_TARGET_UBOOT=y
 BR2_TARGET_UBOOT_BUILD_SYSTEM_KCONFIG=y
 BR2_TARGET_UBOOT_CUSTOM_VERSION=y
-BR2_TARGET_UBOOT_CUSTOM_VERSION_VALUE="2018.05"
+BR2_TARGET_UBOOT_CUSTOM_VERSION_VALUE="2018.07"
 BR2_TARGET_UBOOT_BOARD_DEFCONFIG="orangepi_pc"
 BR2_TARGET_UBOOT_NEEDS_DTC=y
 BR2_TARGET_UBOOT_NEEDS_PYLIBFDT=y

configs/orangepi_zero_defconfig

@@ -3,13 +3,13 @@ BR2_cortex_a7=y
 BR2_ARM_FPU_VFPV4=y
 BR2_GLOBAL_PATCH_DIR="board/orangepi/orangepi-zero/patches"
 BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_MDEV=y
-BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_15=y
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_17=y
 BR2_TARGET_GENERIC_HOSTNAME="OrangePi_Zero"
 BR2_TARGET_GENERIC_ISSUE="Welcome to Buildroot for the Orange Pi Zero"
 BR2_SYSTEM_DHCP="eth0"
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_VERSION=y
-BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.15"
+BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.17.15"
 BR2_LINUX_KERNEL_DEFCONFIG="sunxi"
 BR2_LINUX_KERNEL_DTS_SUPPORT=y
 BR2_LINUX_KERNEL_INTREE_DTS_NAME="sun8i-h2-plus-orangepi-zero"
@@ -21,7 +21,7 @@ BR2_TARGET_ROOTFS_EXT2_4=y
 BR2_TARGET_UBOOT=y
 BR2_TARGET_UBOOT_BUILD_SYSTEM_KCONFIG=y
 BR2_TARGET_UBOOT_CUSTOM_VERSION=y
-BR2_TARGET_UBOOT_CUSTOM_VERSION_VALUE="2018.01"
+BR2_TARGET_UBOOT_CUSTOM_VERSION_VALUE="2018.07"
 BR2_TARGET_UBOOT_BOARD_DEFCONFIG="orangepi_zero"
 BR2_TARGET_UBOOT_NEEDS_DTC=y
 BR2_TARGET_UBOOT_NEEDS_PYLIBFDT=y

configs/raspberrypi2_defconfig

@@ -30,6 +30,7 @@ BR2_PACKAGE_HOST_MTOOLS=y
 # Filesystem / image
 BR2_TARGET_ROOTFS_EXT2=y
 BR2_TARGET_ROOTFS_EXT2_4=y
+BR2_TARGET_ROOTFS_EXT2_SIZE="120M"
 # BR2_TARGET_ROOTFS_TAR is not set
 BR2_ROOTFS_POST_BUILD_SCRIPT="board/raspberrypi2/post-build.sh"
 BR2_ROOTFS_POST_IMAGE_SCRIPT="board/raspberrypi2/post-image.sh"

configs/sheevaplug_defconfig

@@ -19,14 +19,14 @@ BR2_TARGET_UBOOT=y
 BR2_TARGET_UBOOT_BUILD_SYSTEM_KCONFIG=y
 BR2_TARGET_UBOOT_BOARD_DEFCONFIG="sheevaplug"
 BR2_TARGET_UBOOT_CUSTOM_VERSION=y
-BR2_TARGET_UBOOT_CUSTOM_VERSION_VALUE="2016.05"
+BR2_TARGET_UBOOT_CUSTOM_VERSION_VALUE="2018.07"
 BR2_TARGET_UBOOT_FORMAT_KWB=y
 # BR2_TARGET_UBOOT_NETWORK is not set
 
 # Kernel
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_VERSION=y
-BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.14.13"
+BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.14.63"
 BR2_LINUX_KERNEL_DEFCONFIG="mvebu_v5"
 BR2_LINUX_KERNEL_APPENDED_UIMAGE=y
 BR2_LINUX_KERNEL_UIMAGE_LOADADDR="0x8000"

configs/snps_archs38_vdk_defconfig

@@ -5,7 +5,7 @@ BR2_archs38=y
 # System
 BR2_TARGET_GENERIC_HOSTNAME="archs38_vdk"
 BR2_TARGET_GENERIC_ISSUE="Welcome to the HS38 VDK Software Development Platform"
-BR2_ROOTFS_OVERLAY="board/synopsys/axs10x/fs-overlay"
+BR2_ROOTFS_POST_BUILD_SCRIPT="board/synopsys/axs10x/post-build.sh"
 BR2_TARGET_ROOTFS_EXT2=y
 
 # Linux headers same as kernel, a 4.16 series

docs/manual/adding-packages-kconfig.txt

@@ -81,3 +81,7 @@ be set to suit the needs of the package under consideration:
   be well suited for all packages that use the standard kconfig
   infrastructure as inherited from the Linux kernel; some packages use
   a derivative of kconfig that use a different location.
+
+* +FOO_KCONFIG_DEPENDENCIES+: the list of packages (most probably, host
+  packages) that need to be built before this package's kconfig is
+  interpreted. Seldom used. By default, empty.

docs/website/download.html

@@ -76,37 +76,37 @@
 	</div>
       </div>
 
-      <h3 style="text-align: center;">Latest release candidate: <b>2018.08-rc1</b></h3>
+      <h3 style="text-align: center;">Latest release candidate: <b>2018.08-rc2</b></h3>
       <div class="row mt centered">
 	<div class="col-sm-6">
 	  <div class="flip-container center-block" ontouchstart="this.classList.toggle('hover');">
 	    <div class="flipper">
 	      <div class="front">
-		<a href="/downloads/buildroot-2018.08-rc1.tar.gz"><img src="images/zip.png" width="180" alt=""></a>
+		<a href="/downloads/buildroot-2018.08-rc2.tar.gz"><img src="images/zip.png" width="180" alt=""></a>
 	      </div>
 	      <div class="back">
-		<a href="/downloads/buildroot-2018.08-rc1.tar.gz"><img src="images/zip.png" width="180" alt=""></a>
+		<a href="/downloads/buildroot-2018.08-rc2.tar.gz"><img src="images/zip.png" width="180" alt=""></a>
 	      </div>
 	    </div>
 	  </div>
 
-	  <h3><a href="/downloads/buildroot-2018.08-rc1.tar.gz">buildroot-2018.08-rc1.tar.gz</a></h3>
-	  <p><a href="/downloads/buildroot-2018.08-rc1.tar.gz.sign">PGP signature</a></p>
+	  <h3><a href="/downloads/buildroot-2018.08-rc2.tar.gz">buildroot-2018.08-rc2.tar.gz</a></h3>
+	  <p><a href="/downloads/buildroot-2018.08-rc2.tar.gz.sign">PGP signature</a></p>
 	</div>
 	<div class="col-sm-6">
 	  <div class="flip-container center-block" ontouchstart="this.classList.toggle('hover');">
 	    <div class="flipper">
 	      <div class="front">
-		<a href="/downloads/buildroot-2018.08-rc1.tar.bz2"><img src="images/package.png" width="180" alt=""></a>
+		<a href="/downloads/buildroot-2018.08-rc2.tar.bz2"><img src="images/package.png" width="180" alt=""></a>
 	      </div>
 	      <div class="back">
-		<a href="/downloads/buildroot-2018.08-rc1.tar.bz2"><img src="images/package.png" width="180" alt=""></a>
+		<a href="/downloads/buildroot-2018.08-rc2.tar.bz2"><img src="images/package.png" width="180" alt=""></a>
 	      </div>
 	    </div>
 	  </div>
 
-	  <h3><a href="/downloads/buildroot-2018.08-rc1.tar.bz2">buildroot-2018.08-rc1.tar.bz2</a></h3>
-	  <p><a href="/downloads/buildroot-2018.08-rc1.tar.bz2.sign">PGP signature</a></p>
+	  <h3><a href="/downloads/buildroot-2018.08-rc2.tar.bz2">buildroot-2018.08-rc2.tar.bz2</a></h3>
+	  <p><a href="/downloads/buildroot-2018.08-rc2.tar.bz2.sign">PGP signature</a></p>
 	</div>
       </div>
 

docs/website/news.html

@@ -9,6 +9,28 @@
 <h2>News</h2>
 <ul class="timeline">
 
+  <li>
+    <div class="timeline-badge"><i class="glyphicon glyphicon-thumbs-up"></i></div>
+    <div class="timeline-panel">
+      <div class="timeline-heading">
+	<h4 class="timeline-title">2018.08-rc2 released</h4>
+	<p><small class="text-muted"><i class="glyphicon glyphicon-time"></i>20 August 2018</small></p>
+      </div>
+      <div class="timeline-body">
+        <p>Another week, another release candidate with more cleanups
+          and build fixes. See the
+	  <a href="http://git.buildroot.net/buildroot/plain/CHANGES?id=2018.08-rc2">CHANGES</a>
+	  file for details.</p>
+
+	<p>Head to the <a href="/downloads/">downloads page</a> to pick up the
+	  <a href="/downloads/buildroot-2018.08-rc2.tar.bz2">2018.08-rc2
+	  release candidate</a>, and report any problems found to the
+	  <a href="support.html">mailing list</a> or
+	  <a href="https://bugs.buildroot.org">bug tracker</a>.</p>
+      </div>
+    </div>
+  </li>
+
   <li class="timeline-inverted">
     <div class="timeline-badge"><i class="glyphicon glyphicon-thumbs-up"></i></div>
     <div class="timeline-panel">
@@ -20,7 +42,8 @@
 	<p>We have a new release candidate! Lots of changes all over the
 	  tree, see the
 	  <a href="http://git.buildroot.net/buildroot/plain/CHANGES?id=2018.08-rc1">CHANGES</a>
-	  file for details.
+	  file for details and/or read
+	  the <a href="http://lists.busybox.net/pipermail/buildroot/2018-August/227070.html">announcement</a>.
 	</p>
 
 	<p>Head to the <a href="/downloads/">downloads page</a> to pick up the

linux/Config.in

@@ -33,7 +33,7 @@ config BR2_LINUX_KERNEL_LATEST_VERSION
 	bool "Latest version (4.17)"
 
 config BR2_LINUX_KERNEL_LATEST_CIP_VERSION
-	bool "Latest CIP SLTS version (v4.4.130-cip23)"
+	bool "Latest CIP SLTS version (v4.4.138-cip25)"
 	help
 	  CIP launched in the spring of 2016 to address the needs of
 	  organizations in industries such as power generation and
@@ -120,8 +120,8 @@ endif
 
 config BR2_LINUX_KERNEL_VERSION
 	string
-	default "4.17.11" if BR2_LINUX_KERNEL_LATEST_VERSION
-	default "v4.4.130-cip23" if BR2_LINUX_KERNEL_LATEST_CIP_VERSION
+	default "4.17.17" if BR2_LINUX_KERNEL_LATEST_VERSION
+	default "v4.4.138-cip25" if BR2_LINUX_KERNEL_LATEST_CIP_VERSION
 	default BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE \
 		if BR2_LINUX_KERNEL_CUSTOM_VERSION
 	default "custom" if BR2_LINUX_KERNEL_CUSTOM_TARBALL

linux/linux.mk

@@ -62,7 +62,13 @@ LINUX_PATCHES = $(call qstrip,$(BR2_LINUX_KERNEL_PATCH))
 LINUX_PATCH = $(filter ftp://% http://% https://%,$(LINUX_PATCHES))
 
 LINUX_INSTALL_IMAGES = YES
-LINUX_DEPENDENCIES += host-bison host-flex host-kmod
+LINUX_DEPENDENCIES = host-kmod
+
+# Starting with 4.16, the generated kconfig paser code is no longer
+# shipped with the kernel sources, so we need flex and bison.
+# Starting with 4.17, the generated dtc parser code is no longer
+# shipped with the kernel sources, so we need flex and bison.
+LINUX_DEPENDENCIES += host-bison host-flex
 
 # host tools needed for kernel compression
 ifeq ($(BR2_LINUX_KERNEL_LZ4),y)
@@ -389,9 +395,9 @@ endif
 # Compilation. We make sure the kernel gets rebuilt when the
 # configuration has changed.
 define LINUX_BUILD_CMDS
-	@for dts in $(call qstrip,$(BR2_LINUX_KERNEL_CUSTOM_DTS_PATH)); do \
-		cp -f $${dts} $(LINUX_ARCH_PATH)/boot/dts/ ; \
-	done
+	$(foreach dts,$(call qstrip,$(BR2_LINUX_KERNEL_CUSTOM_DTS_PATH)), \
+		cp -f $(dts) $(LINUX_ARCH_PATH)/boot/dts/
+	)
 	$(LINUX_MAKE_ENV) $(MAKE) $(LINUX_MAKE_FLAGS) -C $(@D) $(LINUX_TARGET_NAME)
 	@if grep -q "CONFIG_MODULES=y" $(@D)/.config; then \
 		$(LINUX_MAKE_ENV) $(MAKE) $(LINUX_MAKE_FLAGS) -C $(@D) modules ; \

package/Makefile.in

@@ -219,8 +219,6 @@ TARGET_STRIP = /bin/true
 STRIPCMD = $(TARGET_STRIP)
 endif
 INSTALL := $(shell which install || type -p install)
-FLEX := $(shell which flex || type -p flex)
-BISON := $(shell which bison || type -p bison)
 UNZIP := $(shell which unzip || type -p unzip) -q
 
 APPLY_PATCHES = PATH=$(HOST_DIR)/bin:$$PATH support/scripts/apply-patches.sh $(if $(QUIET),-s)

package/aircrack-ng/Config.in

@@ -4,6 +4,9 @@ config BR2_PACKAGE_AIRCRACK_NG
 	depends on BR2_TOOLCHAIN_HAS_THREADS
 	depends on BR2_INSTALL_LIBSTDCPP
 	depends on !BR2_STATIC_LIBS # dlfcn.h
+	# https://github.com/aircrack-ng/aircrack-ng/issues/1941
+	depends on BR2_POWERPC_CPU_HAS_ALTIVEC || \
+		!(BR2_powerpc || BR2_powerpc64 || BR2_powerpc64le)
 	select BR2_PACKAGE_OPENSSL if !BR2_PACKAGE_LIBGCRYPT
 	help
 	  A set of tools for auditing wireless networks

package/bind/bind.hash

@@ -1,4 +1,4 @@
-# Verified from https://ftp.isc.org/isc/bind9/9.11.4/bind-9.11.4.tar.gz.asc
+# Verified from https://ftp.isc.org/isc/bind9/9.11.4-P1/bind-9.11.4-P1.tar.gz.asc
 # with key BE0E9748B718253A28BB89FFF1B11BF05CF02E57
-sha256 595070b031f869f8939656b5a5d11b121211967f15f6afeafa895df745279617 bind-9.11.4.tar.gz
+sha256 b0e0dc3c8bf26989b1cad53f90d44a48e39404afc68f65c45bae79b446f0fe23 bind-9.11.4-P1.tar.gz
 sha256 336f3c40e37a1a13690efb4c63e20908faa4c40498cc02f3579fb67d3a1933a5 COPYRIGHT

package/bind/bind.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-BIND_VERSION = 9.11.4
+BIND_VERSION = 9.11.4-P1
 BIND_SITE = http://ftp.isc.org/isc/bind9/$(BIND_VERSION)
 # bind does not support parallel builds.
 BIND_MAKE = $(MAKE1)

package/boost/Config.in

@@ -83,6 +83,7 @@ config BR2_PACKAGE_BOOST_CONTEXT
 	bool "boost-context"
 	depends on BR2_PACKAGE_BOOST_CONTEXT_ARCH_SUPPORTS
 	depends on !BR2_TOOLCHAIN_HAS_GCC_BUG_64735
+	select BR2_PACKAGE_BOOST_THREAD if !BR2_TOOLCHAIN_GCC_AT_LEAST_4_8
 	help
 	  C++11 context switching library.
 
@@ -190,6 +191,7 @@ config BR2_PACKAGE_BOOST_LOCALE
 	# details.
 	depends on !(BR2_STATIC_LIBS && BR2_PACKAGE_ICU)
 	select BR2_PACKAGE_BOOST_SYSTEM
+	select BR2_PACKAGE_BOOST_THREAD if BR2_PACKAGE_ICU
 	select BR2_PACKAGE_LIBICONV if !BR2_ENABLE_LOCALE
 	help
 	  Provide localization and Unicode handling tools for C++.
@@ -201,11 +203,7 @@ comment "boost-locale needs a toolchain w/ dynamic library"
 config BR2_PACKAGE_BOOST_LOG
 	bool "boost-log"
 	depends on BR2_TOOLCHAIN_HAS_THREADS_NPTL
-	# for some reason, uClibc on PowerPC fails to build the boost
-	# log module
-	depends on !(BR2_powerpc && BR2_TOOLCHAIN_USES_UCLIBC)
 	select BR2_PACKAGE_BOOST_ATOMIC
-	select BR2_PACKAGE_BOOST_CHRONO
 	select BR2_PACKAGE_BOOST_DATE_TIME
 	select BR2_PACKAGE_BOOST_FILESYSTEM
 	select BR2_PACKAGE_BOOST_REGEX
@@ -216,7 +214,6 @@ config BR2_PACKAGE_BOOST_LOG
 
 comment "boost-log needs a toolchain w/ NPTL"
 	depends on !BR2_TOOLCHAIN_HAS_THREADS_NPTL
-	depends on !(BR2_powerpc && BR2_TOOLCHAIN_USES_UCLIBC)
 
 config BR2_PACKAGE_BOOST_MATH
 	bool "boost-math"
@@ -313,6 +310,8 @@ config BR2_PACKAGE_BOOST_TEST
 
 config BR2_PACKAGE_BOOST_THREAD
 	bool "boost-thread"
+	select BR2_PACKAGE_BOOST_ATOMIC if !BR2_TOOLCHAIN_SUPPORTS_ALWAYS_LOCKFREE_ATOMIC_INTS
+	select BR2_PACKAGE_BOOST_CHRONO
 	select BR2_PACKAGE_BOOST_SYSTEM
 	help
 	  Portable C++ multi-threading. C++11, C++14.
@@ -326,7 +325,6 @@ config BR2_PACKAGE_BOOST_TIMER
 
 config BR2_PACKAGE_BOOST_TYPE_ERASURE
 	bool "boost-type_erasure"
-	select BR2_PACKAGE_BOOST_CHRONO
 	select BR2_PACKAGE_BOOST_SYSTEM
 	select BR2_PACKAGE_BOOST_THREAD
 	help
@@ -337,7 +335,6 @@ config BR2_PACKAGE_BOOST_WAVE
 	# limitation of assembler for coldfire
 	# error: Tried to convert PC relative branch to absolute jump
 	depends on !BR2_m68k_cf
-	select BR2_PACKAGE_BOOST_CHRONO
 	select BR2_PACKAGE_BOOST_DATE_TIME
 	select BR2_PACKAGE_BOOST_FILESYSTEM
 	select BR2_PACKAGE_BOOST_SYSTEM

package/busybox/busybox.hash

@@ -1,3 +1,3 @@
-# From https://busybox.net/downloads/busybox-1.29.1.tar.bz2.sha256
-sha256 fc250730ea16d28839bfecda3c431683fa6bd4273ffca6b632cbeb3556c914c3  busybox-1.29.1.tar.bz2
+# From https://busybox.net/downloads/busybox-1.29.2.tar.bz2.sha256
+sha256 67d2fa6e147a45875fe972de62d907ef866fe784c495c363bf34756c444a5d61  busybox-1.29.2.tar.bz2
 sha256 bbfc9843646d483c334664f651c208b9839626891d8f17604db2146962f43548  LICENSE

package/busybox/busybox.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-BUSYBOX_VERSION = 1.29.1
+BUSYBOX_VERSION = 1.29.2
 BUSYBOX_SITE = http://www.busybox.net/downloads
 BUSYBOX_SOURCE = busybox-$(BUSYBOX_VERSION).tar.bz2
 BUSYBOX_LICENSE = GPL-2.0

package/bzip2/Config.in

@@ -5,5 +5,3 @@ config BR2_PACKAGE_BZIP2
 	  It typically compresses files to within 10% to 15% of the best
 	  available techniques, while being around twice as fast at
 	  compression and six times faster at decompression.
-
-	  http://www.bzip.org

package/bzip2/bzip2.mk

@@ -5,7 +5,7 @@
 ################################################################################
 
 BZIP2_VERSION = 1.0.6
-BZIP2_SITE = http://www.bzip.org/$(BZIP2_VERSION)
+BZIP2_SITE = http://sources.buildroot.net
 BZIP2_INSTALL_STAGING = YES
 BZIP2_LICENSE = bzip2 license
 BZIP2_LICENSE_FILES = LICENSE

package/chrony/0002-util-fall-back-to-reading-dev-urandom-when-getrandom.patch

@@ -0,0 +1,42 @@
+From 7c5bd948bb7e21fa0ee22f29e97748b2d0360319 Mon Sep 17 00:00:00 2001
+From: Miroslav Lichvar <mlichvar@redhat.com>
+Date: Thu, 17 May 2018 14:16:58 +0200
+Subject: [PATCH] util: fall back to reading /dev/urandom when getrandom()
+ blocks
+
+With recent changes in the Linux kernel, the getrandom() system call may
+block for a long time after boot on machines that don't have enough
+entropy. It blocks the chronyd's initialization before it can detach
+from the terminal and may cause a chronyd service to fail to start due
+to a timeout.
+
+At least for now, enable the GRND_NONBLOCK flag to make the system call
+non-blocking and let the code fall back to reading /dev/urandom (which
+never blocks) if the system call failed with EAGAIN or any other error.
+
+This makes the start of chronyd non-deterministic with respect to files
+that it needs to open and possibly also makes it slightly easier to
+guess the transmit/receive timestamp in client requests until the
+urandom source is fully initialized.
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ util.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/util.c b/util.c
+index 4b3e455..76417d5 100644
+--- a/util.c
++++ b/util.c
+@@ -1224,7 +1224,7 @@ get_random_bytes_getrandom(char *buf, unsigned int len)
+       if (disabled)
+         break;
+ 
+-      if (getrandom(rand_buf, sizeof (rand_buf), 0) != sizeof (rand_buf)) {
++      if (getrandom(rand_buf, sizeof (rand_buf), GRND_NONBLOCK) != sizeof (rand_buf)) {
+         disabled = 1;
+         break;
+       }
+-- 
+2.11.0
+

package/cryptsetup/0001-Remove-json_object-typedef.patch

@@ -0,0 +1,46 @@
+From 567e7f8664c621f8aeaa95d9f4ab4b590574f572 Mon Sep 17 00:00:00 2001
+From: Baruch Siach <baruch@tkos.co.il>
+Date: Wed, 15 Aug 2018 14:13:46 +0300
+Subject: [PATCH] Remove json_object typedef
+
+The json-c header already defines the same typedef. While C11 allows
+typedef redefinition to the same type, older versions of gcc disallow
+that.
+
+In file included from lib/luks2/luks2_internal.h:32,
+                 from lib/luks2/luks2_disk_metadata.c:24:
+lib/luks2/luks2.h:86: error: redefinition of typedef 'json_object'
+
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+ lib/luks2/luks2.h | 1 -
+ lib/setup.c       | 1 +
+ 2 files changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/luks2/luks2.h b/lib/luks2/luks2.h
+index ee57b41ba974..25e36190da45 100644
+--- a/lib/luks2/luks2.h
++++ b/lib/luks2/luks2.h
+@@ -83,7 +83,6 @@ struct luks2_hdr_disk {
+ /*
+  * LUKS2 header in-memory.
+  */
+-typedef struct json_object json_object;
+ struct luks2_hdr {
+ 	size_t		hdr_size;
+ 	uint64_t	seqid;
+diff --git a/lib/setup.c b/lib/setup.c
+index fddbe7ef7897..856f6e80f465 100644
+--- a/lib/setup.c
++++ b/lib/setup.c
+@@ -28,6 +28,7 @@
+ #include <sys/utsname.h>
+ #include <fcntl.h>
+ #include <errno.h>
++#include <json-c/json.h>
+ 
+ #include "libcryptsetup.h"
+ #include "luks.h"
+-- 
+2.18.0
+

package/cryptsetup/cryptsetup.mk

@@ -36,7 +36,8 @@ HOST_CRYPTSETUP_DEPENDENCIES = \
 	host-json-c \
 	host-openssl
 
-HOST_CRYPTSETUP_CONF_OPTS = --with-crypto-backend=openssl
+HOST_CRYPTSETUP_CONF_OPTS = --with-crypto_backend=openssl \
+	--disable-kernel_crypto
 
 $(eval $(autotools-package))
 $(eval $(host-autotools-package))

package/dahdi-tools/Config.in

@@ -15,9 +15,5 @@ config BR2_PACKAGE_DAHDI_TOOLS
 
 	  http://www.asterisk.org/downloads/dahdi
 
-# Two comments, otherwise it may not fit in menuconfig for narrow terminals
-comment "dahdi-tools needs a toolchain w/ threads"
+comment "dahdi-tools needs a toolchain w/ threads and a Linux kernel to be built"
 	depends on !BR2_TOOLCHAIN_HAS_THREADS || !BR2_LINUX_KERNEL
-
-comment "dahdi-tools needs a Linux kernel to be built"
-	depends on !BR2_LINUX_KERNEL

package/dbus/dbus.hash

@@ -1,5 +1,6 @@
 # Locally calculated after checking pgp signature
-# https://dbus.freedesktop.org/releases/dbus/dbus-1.12.8.tar.gz.asc
-sha256	e2dc99e7338303393b6663a98320aba6a63421bcdaaf571c8022f815e5896eb3  dbus-1.12.8.tar.gz
+# https://dbus.freedesktop.org/releases/dbus/dbus-1.12.10.tar.gz.asc
+# using key 36EC5A6448A4F5EF79BEFE98E05AE1478F814C4F
+sha256	4b693d24976258c3f2fa9cc33ad9288c5fbfa7a16481dbd9a8a429f7aa8cdcf7  dbus-1.12.10.tar.gz
 # Locally calculated
 sha256	0e46f54efb12d04ab5c33713bacd0e140c9a35b57ae29e03c853203266e8f3a1  COPYING

package/dbus/dbus.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DBUS_VERSION = 1.12.8
+DBUS_VERSION = 1.12.10
 DBUS_SITE = https://dbus.freedesktop.org/releases/dbus
 DBUS_LICENSE = AFL-2.1 or GPL-2.0+ (library, tools), GPL-2.0+ (tools)
 DBUS_LICENSE_FILES = COPYING

package/domoticz/0001-Bumped-version.patch

@@ -0,0 +1,20 @@
+From 98723b7da9467a49222b8a7ffaae276c5bc075c1 Mon Sep 17 00:00:00 2001
+From: gizmocuz <gizmocuz@users.noreply.github.com>
+Date: Thu, 28 Jun 2018 08:00:58 +0200
+Subject: [PATCH] Bumped version
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Retrieved from https://github.com/domoticz/domoticz/commit/98723b7da9467a49222b8a7ffaae276c5bc075c1]
+---
+ appversion.default | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/appversion.default b/appversion.default
+index beaa069bb..7d3530590 100644
+--- a/appversion.default
++++ b/appversion.default
+@@ -1,3 +1,3 @@
+-#define APPVERSION 5876
++#define APPVERSION 9700
+ #define APPHASH "b97777b"
+ #define APPDATE 1478691222

package/eigen/eigen.mk

@@ -23,7 +23,8 @@ endif
 # Generate the .pc file at build time
 define EIGEN_BUILD_CMDS
 	sed -r -e 's,^Version: .*,Version: $(EIGEN_VERSION),' \
-		-e 's,^Cflags: .*,Cflags: -I$(EIGEN_DEST_DIR),' \
+		-e 's,^Cflags: .*,Cflags: -I$$\{prefix\}/include/eigen3,' \
+		-e 's,^prefix.*,prefix=/usr,' \
 		$(@D)/eigen3.pc.in >$(@D)/eigen3.pc
 endef
 

package/ipsec-tools/0005-CVE-2016-10396.patch

@@ -0,0 +1,208 @@
+Fix CVE-2016-10396
+
+Description: Fix remotely exploitable DoS. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10396
+Source: vendor; https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=51682
+Bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867986
+
+Downloaded from
+https://github.com/openwrt/packages/blob/master/net/ipsec-tools/patches/010-CVE-2016-10396.patch
+
+Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
+
+Index: ipsec-tools-0.8.2/src/racoon/isakmp_frag.c
+===================================================================
+--- ipsec-tools-0.8.2.orig/src/racoon/isakmp_frag.c
++++ ipsec-tools-0.8.2/src/racoon/isakmp_frag.c
+@@ -1,4 +1,4 @@
+-/*	$NetBSD: isakmp_frag.c,v 1.5 2009/04/22 11:24:20 tteras Exp $	*/
++/*	$NetBSD: isakmp_frag.c,v 1.5.36.1 2017/04/21 16:50:42 bouyer Exp $	*/
+ 
+ /* Id: isakmp_frag.c,v 1.4 2004/11/13 17:31:36 manubsd Exp */
+ 
+@@ -173,6 +173,43 @@ vendorid_frag_cap(gen)
+ 	return ntohl(hp[MD5_DIGEST_LENGTH / sizeof(*hp)]);
+ }
+ 
++static int 
++isakmp_frag_insert(struct ph1handle *iph1, struct isakmp_frag_item *item)
++{
++	struct isakmp_frag_item *pitem = NULL;
++	struct isakmp_frag_item *citem = iph1->frag_chain;
++
++	/* no frag yet, just insert at beginning of list */
++	if (iph1->frag_chain == NULL) {
++		iph1->frag_chain = item;
++		return 0;
++	}
++
++	do {
++		/* duplicate fragment number, abort (CVE-2016-10396) */
++		if (citem->frag_num == item->frag_num)
++			return -1;
++
++		/* need to insert before current item */
++		if (citem->frag_num > item->frag_num) {
++			if (pitem != NULL)
++				pitem->frag_next = item;
++			else
++				/* insert at the beginning of the list  */
++				iph1->frag_chain = item;
++			item->frag_next = citem;
++			return 0;
++		}
++
++		pitem = citem;
++		citem = citem->frag_next;
++	} while (citem != NULL);
++
++	/* we reached the end of the list, insert */
++	pitem->frag_next = item;
++	return 0;
++}
++
+ int 
+ isakmp_frag_extract(iph1, msg)
+ 	struct ph1handle *iph1;
+@@ -224,39 +261,43 @@ isakmp_frag_extract(iph1, msg)
+ 	item->frag_next = NULL;
+ 	item->frag_packet = buf;
+ 
+-	/* Look for the last frag while inserting the new item in the chain */
+-	if (item->frag_last)
+-		last_frag = item->frag_num;
++	/* Check for the last frag before inserting the new item in the chain */
++	if (item->frag_last) {
++		/* if we have the last fragment, indices must match */
++		if (iph1->frag_last_index != 0 &&
++		    item->frag_last != iph1->frag_last_index) {
++			plog(LLV_ERROR, LOCATION, NULL,
++			     "Repeated last fragment index mismatch\n");
++			racoon_free(item);
++			vfree(buf);
++			return -1;
++		}
+ 
+-	if (iph1->frag_chain == NULL) {
+-		iph1->frag_chain = item;
+-	} else {
+-		struct isakmp_frag_item *current;
++		last_frag = iph1->frag_last_index = item->frag_num;
++	}
+ 
+-		current = iph1->frag_chain;
+-		while (current->frag_next) {
+-			if (current->frag_last)
+-				last_frag = item->frag_num;
+-			current = current->frag_next;
+-		}
+-		current->frag_next = item;
++	/* insert fragment into chain */
++	if (isakmp_frag_insert(iph1, item) == -1) {
++		plog(LLV_ERROR, LOCATION, NULL,
++		    "Repeated fragment index mismatch\n");
++		racoon_free(item);
++		vfree(buf);
++		return -1;
+ 	}
+ 
+-	/* If we saw the last frag, check if the chain is complete */
++	/* If we saw the last frag, check if the chain is complete
++	 * we have a sorted list now, so just walk through */
+ 	if (last_frag != 0) {
++		item = iph1->frag_chain;
+ 		for (i = 1; i <= last_frag; i++) {
+-			item = iph1->frag_chain;
+-			do {
+-				if (item->frag_num == i)
+-					break;
+-				item = item->frag_next;
+-			} while (item != NULL);
+-
++			if (item->frag_num != i)
++				break;
++			item = item->frag_next;
+ 			if (item == NULL) /* Not found */
+ 				break;
+ 		}
+ 
+-		if (item != NULL) /* It is complete */
++		if (i > last_frag) /* It is complete */
+ 			return 1;
+ 	}
+ 		
+@@ -291,15 +332,9 @@ isakmp_frag_reassembly(iph1)
+ 	}
+ 	data = buf->v;
+ 
++	item = iph1->frag_chain;
+ 	for (i = 1; i <= frag_count; i++) {
+-		item = iph1->frag_chain;
+-		do {
+-			if (item->frag_num == i)
+-				break;
+-			item = item->frag_next;
+-		} while (item != NULL);
+-
+-		if (item == NULL) {
++		if (item->frag_num != i) {
+ 			plog(LLV_ERROR, LOCATION, NULL, 
+ 			    "Missing fragment #%d\n", i);
+ 			vfree(buf);
+@@ -308,6 +343,7 @@ isakmp_frag_reassembly(iph1)
+ 		}
+ 		memcpy(data, item->frag_packet->v, item->frag_packet->l);
+ 		data += item->frag_packet->l;
++		item = item->frag_next;
+ 	}
+ 
+ out:
+Index: ipsec-tools-0.8.2/src/racoon/isakmp_inf.c
+===================================================================
+--- ipsec-tools-0.8.2.orig/src/racoon/isakmp_inf.c
++++ ipsec-tools-0.8.2/src/racoon/isakmp_inf.c
+@@ -720,6 +720,7 @@ isakmp_info_send_nx(isakmp, remote, loca
+ #endif
+ #ifdef ENABLE_FRAG
+ 	iph1->frag = 0;
++	iph1->frag_last_index = 0;
+ 	iph1->frag_chain = NULL;
+ #endif
+ 
+Index: ipsec-tools-0.8.2/src/racoon/isakmp.c
+===================================================================
+--- ipsec-tools-0.8.2.orig/src/racoon/isakmp.c
++++ ipsec-tools-0.8.2/src/racoon/isakmp.c
+@@ -1071,6 +1071,7 @@ isakmp_ph1begin_i(rmconf, remote, local)
+ 		iph1->frag = 1;
+ 	else
+ 		iph1->frag = 0;
++	iph1->frag_last_index = 0;
+ 	iph1->frag_chain = NULL;
+ #endif
+ 	iph1->approval = NULL;
+@@ -1175,6 +1176,7 @@ isakmp_ph1begin_r(msg, remote, local, et
+ #endif
+ #ifdef ENABLE_FRAG
+ 	iph1->frag = 0;
++	iph1->frag_last_index = 0;
+ 	iph1->frag_chain = NULL;
+ #endif
+ 	iph1->approval = NULL;
+Index: ipsec-tools-0.8.2/src/racoon/handler.h
+===================================================================
+--- ipsec-tools-0.8.2.orig/src/racoon/handler.h
++++ ipsec-tools-0.8.2/src/racoon/handler.h
+@@ -1,4 +1,4 @@
+-/*	$NetBSD: handler.h,v 1.25 2010/11/17 10:40:41 tteras Exp $	*/
++/*	$NetBSD: handler.h,v 1.26 2017/01/24 19:23:56 christos Exp $	*/
+ 
+ /* Id: handler.h,v 1.19 2006/02/25 08:25:12 manubsd Exp */
+ 
+@@ -141,6 +141,7 @@ struct ph1handle {
+ #endif
+ #ifdef ENABLE_FRAG
+ 	int frag;			/* IKE phase 1 fragmentation */
++	int frag_last_index;
+ 	struct isakmp_frag_item *frag_chain;	/* Received fragments */
+ #endif
+ 

package/libarchive/0002-iso9660-validate-directory-record-length.patch

@@ -0,0 +1,78 @@
+From f9569c086ff29259c73790db9cbf39fe8fb9d862 Mon Sep 17 00:00:00 2001
+From: John Starks <jostarks@microsoft.com>
+Date: Wed, 25 Jul 2018 12:16:34 -0700
+Subject: [PATCH] iso9660: validate directory record length
+
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Upstream status: commit f9569c086ff
+
+ .../archive_read_support_format_iso9660.c       | 17 +++++++++++------
+ 1 file changed, 11 insertions(+), 6 deletions(-)
+
+diff --git a/libarchive/archive_read_support_format_iso9660.c b/libarchive/archive_read_support_format_iso9660.c
+index f01d37bf682e..089bb7236cd1 100644
+--- a/libarchive/archive_read_support_format_iso9660.c
++++ b/libarchive/archive_read_support_format_iso9660.c
+@@ -409,7 +409,8 @@ static int	next_entry_seek(struct archive_read *, struct iso9660 *,
+ 		    struct file_info **);
+ static struct file_info *
+ 		parse_file_info(struct archive_read *a,
+-		    struct file_info *parent, const unsigned char *isodirrec);
++		    struct file_info *parent, const unsigned char *isodirrec,
++		    size_t reclen);
+ static int	parse_rockridge(struct archive_read *a,
+ 		    struct file_info *file, const unsigned char *start,
+ 		    const unsigned char *end);
+@@ -1022,7 +1023,7 @@ read_children(struct archive_read *a, struct file_info *parent)
+ 			if (*(p + DR_name_len_offset) == 1
+ 			    && *(p + DR_name_offset) == '\001')
+ 				continue;
+-			child = parse_file_info(a, parent, p);
++			child = parse_file_info(a, parent, p, b - p);
+ 			if (child == NULL) {
+ 				__archive_read_consume(a, skip_size);
+ 				return (ARCHIVE_FATAL);
+@@ -1112,7 +1113,7 @@ choose_volume(struct archive_read *a, struct iso9660 *iso9660)
+ 	 */
+ 	seenJoliet = iso9660->seenJoliet;/* Save flag. */
+ 	iso9660->seenJoliet = 0;
+-	file = parse_file_info(a, NULL, block);
++	file = parse_file_info(a, NULL, block, vd->size);
+ 	if (file == NULL)
+ 		return (ARCHIVE_FATAL);
+ 	iso9660->seenJoliet = seenJoliet;
+@@ -1144,7 +1145,7 @@ choose_volume(struct archive_read *a, struct iso9660 *iso9660)
+ 			return (ARCHIVE_FATAL);
+ 		}
+ 		iso9660->seenJoliet = 0;
+-		file = parse_file_info(a, NULL, block);
++		file = parse_file_info(a, NULL, block, vd->size);
+ 		if (file == NULL)
+ 			return (ARCHIVE_FATAL);
+ 		iso9660->seenJoliet = seenJoliet;
+@@ -1749,7 +1750,7 @@ archive_read_format_iso9660_cleanup(struct archive_read *a)
+  */
+ static struct file_info *
+ parse_file_info(struct archive_read *a, struct file_info *parent,
+-    const unsigned char *isodirrec)
++    const unsigned char *isodirrec, size_t reclen)
+ {
+ 	struct iso9660 *iso9660;
+ 	struct file_info *file, *filep;
+@@ -1763,7 +1764,11 @@ parse_file_info(struct archive_read *a, struct file_info *parent,
+ 
+ 	iso9660 = (struct iso9660 *)(a->format->data);
+ 
+-	dr_len = (size_t)isodirrec[DR_length_offset];
++	if (reclen == 0 || reclen < (dr_len = (size_t)isodirrec[DR_length_offset])) {
++		archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
++			"Invalid directory record length");
++		return (NULL);
++	}
+ 	name_len = (size_t)isodirrec[DR_name_len_offset];
+ 	location = archive_le32dec(isodirrec + DR_extent_offset);
+ 	fsize = toi(isodirrec + DR_size_offset, DR_size_size);
+-- 
+2.18.0
+

package/libarchive/0003-Avoid-a-read-off-by-one-error-for-UTF16-names-in-RAR.patch

@@ -0,0 +1,34 @@
+From 5562545b5562f6d12a4ef991fae158bf4ccf92b6 Mon Sep 17 00:00:00 2001
+From: Joerg Sonnenberger <joerg@bec.de>
+Date: Sat, 9 Sep 2017 17:47:32 +0200
+Subject: [PATCH] Avoid a read off-by-one error for UTF16 names in RAR
+ archives.
+
+Reported-By: OSS-Fuzz issue 573
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Upstream status: commit 5562545b5562
+
+ libarchive/archive_read_support_format_rar.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
+index cbb14c32dc3b..751de6979ba5 100644
+--- a/libarchive/archive_read_support_format_rar.c
++++ b/libarchive/archive_read_support_format_rar.c
+@@ -1496,7 +1496,11 @@ read_header(struct archive_read *a, struct archive_entry *entry,
+         return (ARCHIVE_FATAL);
+       }
+       filename[filename_size++] = '\0';
+-      filename[filename_size++] = '\0';
++      /*
++       * Do not increment filename_size here as the computations below
++       * add the space for the terminating NUL explicitly.
++       */
++      filename[filename_size] = '\0';
+ 
+       /* Decoded unicode form is UTF-16BE, so we have to update a string
+        * conversion object for it. */
+-- 
+2.18.0
+

package/libarchive/0004-Reject-LHA-archive-entries-with-negative-size.patch

@@ -0,0 +1,32 @@
+From 2c8c83b9731ff822fad6cc8c670ea5519c366a14 Mon Sep 17 00:00:00 2001
+From: Joerg Sonnenberger <joerg@bec.de>
+Date: Thu, 19 Jul 2018 21:14:53 +0200
+Subject: [PATCH] Reject LHA archive entries with negative size.
+
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Upstream status: commit 2c8c83b9731
+
+ libarchive/archive_read_support_format_lha.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/libarchive/archive_read_support_format_lha.c b/libarchive/archive_read_support_format_lha.c
+index b8ef4ae10ece..95c99bb1f31e 100644
+--- a/libarchive/archive_read_support_format_lha.c
++++ b/libarchive/archive_read_support_format_lha.c
+@@ -701,6 +701,12 @@ archive_read_format_lha_read_header(struct archive_read *a,
+ 	 * Prepare variables used to read a file content.
+ 	 */
+ 	lha->entry_bytes_remaining = lha->compsize;
++	if (lha->entry_bytes_remaining < 0) {
++		archive_set_error(&a->archive,
++		    ARCHIVE_ERRNO_FILE_FORMAT,
++		    "Invalid LHa entry size");
++		return (ARCHIVE_FATAL);
++	}
+ 	lha->entry_offset = 0;
+ 	lha->entry_crc_calculated = 0;
+ 
+-- 
+2.18.0
+

package/libfuse/libfuse.hash

@@ -1,5 +1,5 @@
 # Locally calculated after checking pgp signature
-sha256	832432d1ad4f833c20e13b57cf40ce5277a9d33e483205fc63c78111b3358874	fuse-2.9.7.tar.gz
+sha256	5e84f81d8dd527ea74f39b6bc001c874c02bad6871d7a9b0c14efb57430eafe3	fuse-2.9.8.tar.gz
 
 # Hash for license files:
 sha256	8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643	COPYING

package/libfuse/libfuse.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBFUSE_VERSION = 2.9.7
+LIBFUSE_VERSION = 2.9.8
 LIBFUSE_SOURCE = fuse-$(LIBFUSE_VERSION).tar.gz
 LIBFUSE_SITE = https://github.com/libfuse/libfuse/releases/download/fuse-$(LIBFUSE_VERSION)
 LIBFUSE_LICENSE = GPL-2.0, LGPL-2.1

package/libgit2/0001-Fix-build-with-LibreSSL-2.7.patch

@@ -1,45 +0,0 @@
-From 7490d449b518115a1ae86b01397e95c38e39cff1 Mon Sep 17 00:00:00 2001
-From: Bernard Spil <brnrd@FreeBSD.org>
-Date: Mon, 2 Apr 2018 20:00:07 +0200
-Subject: [PATCH] Fix build with LibreSSL 2.7
-
-LibreSSL 2.7 adds OpenSSL 1.1 API
-
-Signed-off-by: Bernard Spil <brnrd@FreeBSD.org>
-Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
----
- src/streams/openssl.c | 3 ++-
- src/streams/openssl.h | 3 ++-
- 2 files changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/src/streams/openssl.c b/src/streams/openssl.c
-index 9cbb2746f..adcb7f14e 100644
---- a/src/streams/openssl.c
-+++ b/src/streams/openssl.c
-@@ -104,7 +104,8 @@ int git_openssl_stream_global_init(void)
- 	ssl_opts |= SSL_OP_NO_COMPRESSION;
- #endif
- 
--#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
-+    (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L)
- 	SSL_load_error_strings();
- 	OpenSSL_add_ssl_algorithms();
- #else
-diff --git a/src/streams/openssl.h b/src/streams/openssl.h
-index 2bbad7c68..44329ec90 100644
---- a/src/streams/openssl.h
-+++ b/src/streams/openssl.h
-@@ -31,7 +31,8 @@ extern int git_openssl__set_cert_location(const char *file, const char *path);
- 
- 
- 
--# if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-+# if OPENSSL_VERSION_NUMBER < 0x10100000L || \
-+     (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L)
- 
- GIT_INLINE(BIO_METHOD*) BIO_meth_new(int type, const char *name)
- {
--- 
-2.17.0
-

package/libgit2/libgit2.hash

@@ -1,3 +1,3 @@
 # Locally calculated
-sha256	837b11927bc5f64e7f9ab0376f57cfe3ca5aa52ffd2007ac41184b21124fb086  libgit2-v0.27.1.tar.gz
+sha256	0b7ca31cb959ff1b22afa0da8621782afe61f99242bf716c403802ffbdb21d51  libgit2-v0.27.4.tar.gz
 sha256	d9a8038088df84fde493fa33a0f1e537252eeb9642122aa4b862690197152813  COPYING

package/libgit2/libgit2.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBGIT2_VERSION = v0.27.1
+LIBGIT2_VERSION = v0.27.4
 LIBGIT2_SITE = $(call github,libgit2,libgit2,$(LIBGIT2_VERSION))
 LIBGIT2_LICENSE = GPL-2.0 with linking exception
 LIBGIT2_LICENSE_FILES = COPYING

package/libopenssl/libopenssl.hash

@@ -1,5 +1,7 @@
-# From https://www.openssl.org/source/openssl-1.0.2o.tar.gz.sha256
-sha256	ec3f5c9714ba0fd45cb4e087301eb1336c317e0d20b575a125050470e8089e4d	openssl-1.0.2o.tar.gz
+# From https://www.openssl.org/source/openssl-1.0.2p.tar.gz.sha256
+sha256	50a98e07b1a89eb8f6a99477f262df71c6fa7bef77df4dc83025a2845c827d00	openssl-1.0.2p.tar.gz
+# From https://www.openssl.org/source/openssl-1.0.2p.tar.gz.sha1
+sha1	f34b5322e92415755c7d58bf5d0d5cf37666382c				openssl-1.0.2p.tar.gz
 # Locally computed
 sha256	eddd8a5123748052c598214487ac178e4bfa4e31ba2ec520c70d59c8c5bfa2e9	openssl-1.0.2a-parallel-install-dirs.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d
 sha256	147c3eeaad614c044749ea527cb433eae5e2d5cad34a78c6ba61cd967bfbe01f	openssl-1.0.2a-parallel-obj-headers.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d

package/libopenssl/libopenssl.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBOPENSSL_VERSION = 1.0.2o
+LIBOPENSSL_VERSION = 1.0.2p
 LIBOPENSSL_SITE = http://www.openssl.org/source
 LIBOPENSSL_SOURCE = openssl-$(LIBOPENSSL_VERSION).tar.gz
 LIBOPENSSL_LICENSE = OpenSSL or SSLeay

package/libselinux/0004-Fix-build-break-around-__atomic_-with-GCC-4.7.patch

@@ -0,0 +1,70 @@
+From abe76789f8e7ce61b357f693eaed5b28feab5ce2 Mon Sep 17 00:00:00 2001
+From: Hollis Blanchard <hollis_blanchard@mentor.com>
+Date: Mon, 13 Aug 2018 12:11:33 -0700
+Subject: [PATCH] Fix build break around __atomic_*() with GCC<4.7
+
+The __atomic_* GCC primitives were introduced in GCC 4.7, but Red Hat
+Enterprise Linux 6.x (for example) provides GCC 4.4. Tweak the current code to
+use the (most conservative) __sync_synchronize() primitive provided by those
+older GCC versions.
+
+(Really, no __atomic or __sync operations are needed here at all, since POSIX
+4.12 "Memory Synchronization" says pthread_mutex_lock() and
+pthread_mutex_unlock() "synchronize memory with respect to other threads"...)
+
+Signed-off-by: Hollis Blanchard <hollis_blanchard@mentor.com>
+---
+ src/label_file.h | 18 ++++++++++++++++++
+ 1 file changed, 18 insertions(+)
+
+diff --git a/src/label_file.h b/src/label_file.h
+index 2fa85474..47859baf 100644
+--- a/src/label_file.h
++++ b/src/label_file.h
+@@ -351,8 +351,14 @@ static inline int compile_regex(struct saved_data *data, struct spec *spec,
+ 	 * init_routine does not take a parameter, it's not possible
+ 	 * to use, so we generate the same effect with atomics and a
+ 	 * mutex */
++#ifdef __ATOMIC_RELAXED
+ 	regex_compiled =
+ 		__atomic_load_n(&spec->regex_compiled, __ATOMIC_ACQUIRE);
++#else
++	/* GCC <4.7 */
++	__sync_synchronize();
++	regex_compiled = spec->regex_compiled;
++#endif
+ 	if (regex_compiled) {
+ 		return 0; /* already done */
+ 	}
+@@ -360,8 +366,14 @@ static inline int compile_regex(struct saved_data *data, struct spec *spec,
+ 	__pthread_mutex_lock(&spec->regex_lock);
+ 	/* Check if another thread compiled the regex while we waited
+ 	 * on the mutex */
++#ifdef __ATOMIC_RELAXED
+ 	regex_compiled =
+ 		__atomic_load_n(&spec->regex_compiled, __ATOMIC_ACQUIRE);
++#else
++	/* GCC <4.7 */
++	__sync_synchronize();
++	regex_compiled = spec->regex_compiled;
++#endif
+ 	if (regex_compiled) {
+ 		__pthread_mutex_unlock(&spec->regex_lock);
+ 		return 0;
+@@ -404,7 +416,13 @@ static inline int compile_regex(struct saved_data *data, struct spec *spec,
+ 	}
+ 
+ 	/* Done. */
++#ifdef __ATOMIC_RELAXED
+ 	__atomic_store_n(&spec->regex_compiled, true, __ATOMIC_RELEASE);
++#else
++	/* GCC <4.7 */
++	spec->regex_compiled = true;
++	__sync_synchronize();
++#endif
+ 	__pthread_mutex_unlock(&spec->regex_lock);
+ 	return 0;
+ }
+-- 
+2.13.0
+

package/lighttpd/lighttpd.mk

@@ -96,6 +96,9 @@ define LIGHTTPD_INSTALL_INIT_SYSTEMD
 
 	ln -fs ../../../../usr/lib/systemd/system/lighttpd.service \
 		$(TARGET_DIR)/etc/systemd/system/multi-user.target.wants/lighttpd.service
+
+	$(INSTALL) -D -m 644 package/lighttpd/lighttpd_tmpfiles.conf \
+		$(TARGET_DIR)/usr/lib/tmpfiles.d/lighttpd.conf
 endef
 
 $(eval $(autotools-package))

package/lighttpd/lighttpd_tmpfiles.conf

@@ -0,0 +1,2 @@
+f /var/log/lighttpd-access.log 0640 www-data www-data -
+f /var/log/lighttpd-error.log 0640 www-data www-data -

package/linux-headers/Config.in.host

@@ -258,14 +258,14 @@ config BR2_DEFAULT_KERNEL_HEADERS
 	string
 	default "3.2.102"	if BR2_KERNEL_HEADERS_3_2
 	default "4.1.52"	if BR2_KERNEL_HEADERS_4_1
-	default "4.4.145"	if BR2_KERNEL_HEADERS_4_4
-	default "4.9.116"	if BR2_KERNEL_HEADERS_4_9
+	default "4.4.150"	if BR2_KERNEL_HEADERS_4_4
+	default "4.9.122"	if BR2_KERNEL_HEADERS_4_9
 	default "4.10.17"	if BR2_KERNEL_HEADERS_4_10
 	default "4.11.12"	if BR2_KERNEL_HEADERS_4_11
 	default "4.12.14"	if BR2_KERNEL_HEADERS_4_12
 	default "4.13.16"	if BR2_KERNEL_HEADERS_4_13
-	default "4.14.59"	if BR2_KERNEL_HEADERS_4_14
+	default "4.14.65"	if BR2_KERNEL_HEADERS_4_14
 	default "4.15.18"	if BR2_KERNEL_HEADERS_4_15
 	default "4.16.18"	if BR2_KERNEL_HEADERS_4_16
-	default "4.17.11"	if BR2_KERNEL_HEADERS_4_17
+	default "4.17.17"	if BR2_KERNEL_HEADERS_4_17
 	default BR2_DEFAULT_KERNEL_VERSION if BR2_KERNEL_HEADERS_VERSION

package/lvm2/0001-configure-Introduce-enable-symvers-option.patch

@@ -0,0 +1,277 @@
+From f563334a76e31442f7b8693d2d350e6981c51c46 Mon Sep 17 00:00:00 2001
+From: Marcin Niestroj <m.niestroj@grinn-global.com>
+Date: Fri, 20 Jul 2018 14:26:44 +0200
+Subject: [PATCH] configure: Introduce --enable-symvers option
+
+Only few libc (e.g. glibc) libraries support full symbol version
+resolution in runtime. There are lot of standard libraries that do not
+support that, such as dietlibc, musl and uclibc. Hence there is no
+reason to generate symbol versions when compiling against them.
+
+Additionally libdevmapper.so was broken when compiled against
+uclibc. Runtime linker loader caused calling dm_task_get_info_base()
+function recursively, leading to segmentation fault.
+
+Introduce --enable-symvers[=STYLE] option, which allows to choose
+between gnu and disabled symbol versioning. By default gnu symbol
+versioning is used to provide backward compatibility.
+__GNUC__ check is replaced now with GNU_SYMVER, which is generated by
+configure script. Additionally ld version script is included only in
+case of gnu option, which slightly reduces output size.
+
+Providing --disable-symvers to configure script when building against
+uclibc library fixes segmentation fault error described above, due to
+lack of several versions of the same symbol in libdevmapper.so
+library.
+
+Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
+---
+ configure                 | 32 ++++++++++++++++++++++++++++++--
+ configure.in              | 28 +++++++++++++++++++++++++---
+ include/configure.h.in    |  3 +++
+ lib/misc/lib.h            | 10 +++++-----
+ libdm/datastruct/bitset.c |  5 +----
+ libdm/ioctl/libdm-iface.c |  2 +-
+ libdm/libdm-deptree.c     |  2 +-
+ libdm/libdm-stats.c       |  2 +-
+ 8 files changed, 67 insertions(+), 17 deletions(-)
+
+diff --git a/configure b/configure
+index e1ae0e884..c5d11c1b6 100755
+--- a/configure
++++ b/configure
+@@ -985,6 +985,7 @@ enable_fsadm
+ enable_blkdeactivate
+ enable_dmeventd
+ enable_selinux
++enable_symvers
+ enable_nls
+ with_localedir
+ with_confdir
+@@ -1729,6 +1730,9 @@ Optional Features:
+   --disable-blkdeactivate disable blkdeactivate
+   --enable-dmeventd       enable the device-mapper event daemon
+   --disable-selinux       disable selinux support
++  --enable-symvers[=STYLE]
++                          enables symbol versioning of the shared library
++                          [default=gnu]
+   --enable-nls            enable Native Language Support
+ 
+ Optional Packages:
+@@ -3169,7 +3173,6 @@ if test -z "$CFLAGS"; then :
+ fi
+ case "$host_os" in
+ 	linux*)
+-		CLDFLAGS="$CLDFLAGS -Wl,--version-script,.export.sym"
+ 		ELDFLAGS="-Wl,--export-dynamic"
+ 		# FIXME Generate list and use --dynamic-list=.dlopen.sym
+ 		CLDWHOLEARCHIVE="-Wl,-whole-archive"
+@@ -3190,7 +3193,6 @@ case "$host_os" in
+ 		;;
+ 	darwin*)
+ 		CFLAGS="$CFLAGS -no-cpp-precomp -fno-common"
+-		CLDFLAGS="$CLDFLAGS"
+ 		ELDFLAGS=
+ 		CLDWHOLEARCHIVE="-all_load"
+ 		CLDNOWHOLEARCHIVE=
+@@ -14609,6 +14611,32 @@ done
+ 	LIBS=$lvm_saved_libs
+ fi
+ 
++################################################################################
++{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable symbol versioning" >&5
++$as_echo_n "checking whether to enable symbol versioning... " >&6; }
++# Check whether --enable-symvers was given.
++if test "${enable_symvers+set}" = set; then :
++  enableval=$enable_symvers;
++  case "$enableval" in
++    gnu|no) ;;
++    *) as_fn_error $? "Unknown argument to enable/disable symvers" "$LINENO" 5 ;;
++  esac
++else
++  enable_symvers=gnu
++fi
++
++{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_symvers" >&5
++$as_echo "$enable_symvers" >&6; }
++
++if test x$GCC = xyes && test x$enable_symvers = xgnu ; then
++
++$as_echo "#define GNU_SYMVER 1" >>confdefs.h
++
++  case "$host_os" in
++    linux*) CLDFLAGS="$CLDFLAGS -Wl,--version-script,.export.sym" ;;
++  esac
++fi
++
+ ################################################################################
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable internationalisation" >&5
+ $as_echo_n "checking whether to enable internationalisation... " >&6; }
+diff --git a/configure.in b/configure.in
+index 2e5e015c8..09c390850 100644
+--- a/configure.in
++++ b/configure.in
+@@ -30,12 +30,10 @@ AC_CANONICAL_TARGET([])
+ AS_IF([test -z "$CFLAGS"], [COPTIMISE_FLAG="-O2"])
+ case "$host_os" in
+ 	linux*)
+-		CLDFLAGS="$CLDFLAGS -Wl,--version-script,.export.sym"
+ 		ELDFLAGS="-Wl,--export-dynamic"
+ 		# FIXME Generate list and use --dynamic-list=.dlopen.sym
+ 		CLDWHOLEARCHIVE="-Wl,-whole-archive"
+ 		CLDNOWHOLEARCHIVE="-Wl,-no-whole-archive"
+-		LDDEPS="$LDDEPS .export.sym"
+ 		LIB_SUFFIX=so
+ 		DEVMAPPER=yes
+ 		BUILD_LVMETAD=no
+@@ -51,7 +49,6 @@ case "$host_os" in
+ 		;;
+ 	darwin*)
+ 		CFLAGS="$CFLAGS -no-cpp-precomp -fno-common"
+-		CLDFLAGS="$CLDFLAGS"
+ 		ELDFLAGS=
+ 		CLDWHOLEARCHIVE="-all_load"
+ 		CLDNOWHOLEARCHIVE=
+@@ -1742,6 +1739,31 @@ package as well (which may be called readline-devel or something similar).])
+ 	LIBS=$lvm_saved_libs
+ fi
+ 
++################################################################################
++dnl -- Symbol versioning
++AC_MSG_CHECKING(whether to enable symbol versioning)
++AC_ARG_ENABLE(symvers,
++              AC_HELP_STRING([--enable-symvers[[[=STYLE]]]],
++                             [enables symbol versioning of the shared library [default=gnu]]),
++                             [
++  case "$enableval" in
++    gnu|no) ;;
++    *) AC_MSG_ERROR(Unknown argument to enable/disable symvers) ;;
++  esac],
++                             enable_symvers=gnu)
++AC_MSG_RESULT($enable_symvers)
++
++if test x$GCC = xyes && test x$enable_symvers = xgnu ; then
++  AC_DEFINE(GNU_SYMVER, 1,
++            [Define to use GNU versioning in the shared library.])
++  case "$host_os" in
++    linux*)
++      CLDFLAGS="$CLDFLAGS -Wl,--version-script,.export.sym"
++      LDDEPS="$LDDEPS .export.sym"
++      ;;
++  esac
++fi
++
+ ################################################################################
+ dnl -- Internationalisation stuff
+ AC_MSG_CHECKING(whether to enable internationalisation)
+diff --git a/include/configure.h.in b/include/configure.h.in
+index 51726506c..3fc181b1e 100644
+--- a/include/configure.h.in
++++ b/include/configure.h.in
+@@ -151,6 +151,9 @@
+ /* Path to fsadm binary. */
+ #undef FSADM_PATH
+ 
++/* Define to use GNU versioning in the shared library. */
++#undef GNU_SYMVER
++
+ /* Define to 1 if you have the `alarm' function. */
+ #undef HAVE_ALARM
+ 
+diff --git a/lib/misc/lib.h b/lib/misc/lib.h
+index 8ed06f81d..9b3ce8a03 100644
+--- a/lib/misc/lib.h
++++ b/lib/misc/lib.h
+@@ -42,16 +42,16 @@
+  * macro DM_EXPORT_SYMBOL to export the function and bind it to the
+  * specified version string.
+  *
+- * Since versioning is only available when compiling with GCC the entire
+- * compatibility version should be enclosed in '#if defined(__GNUC__)',
+- * for example:
++ * Since versioning is only available when compiling with GCC
++ * and GLIBC the entire compatibility version should be enclosed
++ * in '#if defined(GNU_SYMVER)', for example:
+  *
+  *   int dm_foo(int bar)
+  *   {
+  *     return bar;
+  *   }
+  *
+- *   #if defined(__GNUC__)
++ *   #if defined(GNU_SYMVER)
+  *   // Backward compatible dm_foo() version 1.02.104
+  *   int dm_foo_v1_02_104(void);
+  *   int dm_foo_v1_02_104(void)
+@@ -68,7 +68,7 @@
+  * versions of library symbols prior to the introduction of symbol
+  * versioning: it must never be used for new symbols.
+  */
+-#if defined(__GNUC__)
++#if defined(GNU_SYMVER)
+ #define DM_EXPORT_SYMBOL(func, ver) \
+ 	__asm__(".symver " #func "_v" #ver ", " #func "@DM_" #ver )
+ #define DM_EXPORT_SYMBOL_BASE(func) \
+diff --git a/libdm/datastruct/bitset.c b/libdm/datastruct/bitset.c
+index b0826e1eb..2ec3f8f84 100644
+--- a/libdm/datastruct/bitset.c
++++ b/libdm/datastruct/bitset.c
+@@ -242,7 +242,7 @@ bad:
+ 	return NULL;
+ }
+ 
+-#if defined(__GNUC__)
++#if defined(GNU_SYMVER)
+ /*
+  * Maintain backward compatibility with older versions that did not
+  * accept a 'min_num_bits' argument to dm_bitset_parse_list().
+@@ -253,7 +253,4 @@ dm_bitset_t dm_bitset_parse_list_v1_02_129(const char *str, struct dm_pool *mem)
+ 	return dm_bitset_parse_list(str, mem, 0);
+ }
+ DM_EXPORT_SYMBOL(dm_bitset_parse_list, 1_02_129);
+-
+-#else /* if defined(__GNUC__) */
+-
+ #endif
+diff --git a/libdm/ioctl/libdm-iface.c b/libdm/ioctl/libdm-iface.c
+index c47e08467..b98afb15d 100644
+--- a/libdm/ioctl/libdm-iface.c
++++ b/libdm/ioctl/libdm-iface.c
+@@ -2137,7 +2137,7 @@ void dm_lib_exit(void)
+ 	_version_checked = 0;
+ }
+ 
+-#if defined(__GNUC__)
++#if defined(GNU_SYMVER)
+ /*
+  * Maintain binary backward compatibility.
+  * Version script mechanism works with 'gcc' compatible compilers only.
+diff --git a/libdm/libdm-deptree.c b/libdm/libdm-deptree.c
+index cf4fd62e7..474871da5 100644
+--- a/libdm/libdm-deptree.c
++++ b/libdm/libdm-deptree.c
+@@ -4110,7 +4110,7 @@ void dm_tree_node_set_callback(struct dm_tree_node *dnode,
+ 	dnode->callback_data = data;
+ }
+ 
+-#if defined(__GNUC__)
++#if defined(GNU_SYMVER)
+ /*
+  * Backward compatible implementations.
+  *
+diff --git a/libdm/libdm-stats.c b/libdm/libdm-stats.c
+index bc498675f..d424928c7 100644
+--- a/libdm/libdm-stats.c
++++ b/libdm/libdm-stats.c
+@@ -5064,7 +5064,7 @@ int dm_stats_start_filemapd(int fd, uint64_t group_id, const char *path,
+  * current dm_stats_create_region() version.
+  */
+ 
+-#if defined(__GNUC__)
++#if defined(GNU_SYMVER)
+ int dm_stats_create_region_v1_02_106(struct dm_stats *dms, uint64_t *region_id,
+ 				     uint64_t start, uint64_t len, int64_t step,
+ 				     int precise, const char *program_id,
+-- 
+2.18.0
+

package/lvm2/lvm2.mk

@@ -19,7 +19,8 @@ LVM2_CONF_OPTS += \
 	--enable-pkgconfig \
 	--enable-cmdlib \
 	--enable-dmeventd \
-	--disable-nls
+	--disable-nls \
+	--disable-symvers
 
 LVM2_DEPENDENCIES += host-pkgconf
 

package/m4/0001-fflush-adjust-to-glibc-2.28-libio.h-removal.patch

@@ -0,0 +1,166 @@
+From 4af4a4a71827c0bc5e0ec67af23edef4f15cee8e Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert@cs.ucla.edu>
+Date: Mon, 5 Mar 2018 10:56:29 -0800
+Subject: [PATCH] fflush: adjust to glibc 2.28 libio.h removal
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Problem reported by Daniel P. Berrangé in:
+https://lists.gnu.org/r/bug-gnulib/2018-03/msg00000.html
+* lib/fbufmode.c (fbufmode):
+* lib/fflush.c (clear_ungetc_buffer_preserving_position)
+(disable_seek_optimization, rpl_fflush):
+* lib/fpending.c (__fpending):
+* lib/fpurge.c (fpurge):
+* lib/freadable.c (freadable):
+* lib/freadahead.c (freadahead):
+* lib/freading.c (freading):
+* lib/freadptr.c (freadptr):
+* lib/freadseek.c (freadptrinc):
+* lib/fseeko.c (fseeko):
+* lib/fseterr.c (fseterr):
+* lib/fwritable.c (fwritable):
+* lib/fwriting.c (fwriting):
+Check _IO_EOF_SEEN instead of _IO_ftrylockfile.
+* lib/stdio-impl.h (_IO_IN_BACKUP) [_IO_EOF_SEEN]:
+Define if not already defined.
+
+[yann.morin.1998@free.fr: partially backport from upstream gnulib]
+Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
+
+---
+ lib/fflush.c     |  6 +++---
+ lib/fpending.c   |  2 +-
+ lib/fpurge.c     |  2 +-
+ lib/freadahead.c |  2 +-
+ lib/freading.c   |  2 +-
+ lib/fseeko.c     |  4 ++--
+ lib/stdio-impl.h |  6 ++++++
+ 7 files changed, 15 insertions(+), 9 deletions(-)
+
+diff --git a/lib/fflush.c b/build-aux/gnulib/lib/fflush.c
+index 983ade0ff..a6edfa105 100644
+--- a/lib/fflush.c
++++ b/lib/fflush.c
+@@ -33,7 +33,7 @@
+ #undef fflush
+ 
+ 
+-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
++#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+ 
+ /* Clear the stream's ungetc buffer, preserving the value of ftello (fp).  */
+ static void
+@@ -72,7 +72,7 @@ clear_ungetc_buffer (FILE *fp)
+ 
+ #endif
+ 
+-#if ! (defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */)
++#if ! (defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */)
+ 
+ # if (defined __sferror || defined __DragonFly__ || defined __ANDROID__) && defined __SNPT
+ /* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Minix 3, Android */
+@@ -148,7 +148,7 @@ rpl_fflush (FILE *stream)
+   if (stream == NULL || ! freading (stream))
+     return fflush (stream);
+ 
+-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
++#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+ 
+   clear_ungetc_buffer_preserving_position (stream);
+ 
+diff --git a/lib/fpending.c b/build-aux/gnulib/lib/fpending.c
+index c84e3a5b4..789f50e4e 100644
+--- a/lib/fpending.c
++++ b/lib/fpending.c
+@@ -32,7 +32,7 @@ __fpending (FILE *fp)
+   /* Most systems provide FILE as a struct and the necessary bitmask in
+      <stdio.h>, because they need it for implementing getc() and putc() as
+      fast macros.  */
+-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
++#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+   return fp->_IO_write_ptr - fp->_IO_write_base;
+ #elif defined __sferror || defined __DragonFly__ || defined __ANDROID__
+   /* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Minix 3, Android */
+diff --git a/lib/fpurge.c b/build-aux/gnulib/lib/fpurge.c
+index b1d417c7a..3aedcc373 100644
+--- a/lib/fpurge.c
++++ b/lib/fpurge.c
+@@ -62,7 +62,7 @@ fpurge (FILE *fp)
+   /* Most systems provide FILE as a struct and the necessary bitmask in
+      <stdio.h>, because they need it for implementing getc() and putc() as
+      fast macros.  */
+-# if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
++# if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+   fp->_IO_read_end = fp->_IO_read_ptr;
+   fp->_IO_write_ptr = fp->_IO_write_base;
+   /* Avoid memory leak when there is an active ungetc buffer.  */
+diff --git a/lib/freadahead.c b/build-aux/gnulib/lib/freadahead.c
+index c2ecb5b28..23ec76ee5 100644
+--- a/lib/freadahead.c
++++ b/lib/freadahead.c
+@@ -30,7 +30,7 @@ extern size_t __sreadahead (FILE *);
+ size_t
+ freadahead (FILE *fp)
+ {
+-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
++#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+   if (fp->_IO_write_ptr > fp->_IO_write_base)
+     return 0;
+   return (fp->_IO_read_end - fp->_IO_read_ptr)
+diff --git a/lib/freading.c b/build-aux/gnulib/lib/freading.c
+index 73c28acdd..c24d0c88a 100644
+--- a/lib/freading.c
++++ b/lib/freading.c
+@@ -31,7 +31,7 @@ freading (FILE *fp)
+   /* Most systems provide FILE as a struct and the necessary bitmask in
+      <stdio.h>, because they need it for implementing getc() and putc() as
+      fast macros.  */
+-# if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
++# if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+   return ((fp->_flags & _IO_NO_WRITES) != 0
+           || ((fp->_flags & (_IO_NO_READS | _IO_CURRENTLY_PUTTING)) == 0
+               && fp->_IO_read_base != NULL));
+diff --git a/lib/fseeko.c b/build-aux/gnulib/lib/fseeko.c
+index 0101ab55f..193f4e8ce 100644
+--- a/lib/fseeko.c
++++ b/lib/fseeko.c
+@@ -47,7 +47,7 @@ fseeko (FILE *fp, off_t offset, int whence)
+ #endif
+ 
+   /* These tests are based on fpurge.c.  */
+-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
++#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+   if (fp->_IO_read_end == fp->_IO_read_ptr
+       && fp->_IO_write_ptr == fp->_IO_write_base
+       && fp->_IO_save_base == NULL)
+@@ -123,7 +123,7 @@ fseeko (FILE *fp, off_t offset, int whence)
+           return -1;
+         }
+ 
+-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
++#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+       fp->_flags &= ~_IO_EOF_SEEN;
+       fp->_offset = pos;
+ #elif defined __sferror || defined __DragonFly__ || defined __ANDROID__
+diff --git a/lib/stdio-impl.h b/build-aux/gnulib/lib/stdio-impl.h
+index 78d896e9f..05c5752a2 100644
+--- a/lib/stdio-impl.h
++++ b/lib/stdio-impl.h
+@@ -18,6 +18,12 @@
+    the same implementation of stdio extension API, except that some fields
+    have different naming conventions, or their access requires some casts.  */
+ 
++/* Glibc 2.28 made _IO_IN_BACKUP private.  For now, work around this
++   problem by defining it ourselves.  FIXME: Do not rely on glibc
++   internals.  */
++#if !defined _IO_IN_BACKUP && defined _IO_EOF_SEEN
++# define _IO_IN_BACKUP 0x100
++#endif
+ 
+ /* BSD stdio derived implementations.  */
+ 
+-- 
+2.14.1
+

package/m4/0002-fflush-be-more-paranoid-about-libio.h-change.patch

@@ -0,0 +1,151 @@
+From 74d9d6a293d7462dea8f83e7fc5ac792e956a0ad Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert@cs.ucla.edu>
+Date: Thu, 8 Mar 2018 16:42:45 -0800
+Subject: [PATCH 2/2] fflush: be more paranoid about libio.h change
+
+Suggested by Eli Zaretskii in:
+https://lists.gnu.org/r/emacs-devel/2018-03/msg00270.html
+* lib/fbufmode.c (fbufmode):
+* lib/fflush.c (clear_ungetc_buffer_preserving_position)
+(disable_seek_optimization, rpl_fflush):
+* lib/fpending.c (__fpending):
+* lib/fpurge.c (fpurge):
+* lib/freadable.c (freadable):
+* lib/freadahead.c (freadahead):
+* lib/freading.c (freading):
+* lib/freadptr.c (freadptr):
+* lib/freadseek.c (freadptrinc):
+* lib/fseeko.c (fseeko):
+* lib/fseterr.c (fseterr):
+* lib/fwritable.c (fwritable):
+* lib/fwriting.c (fwriting):
+Look at _IO_ftrylockfile as well as at _IO_EOF_SEEN.
+---
+ lib/fflush.c     |  9 ++++++---
+ lib/fpending.c   |  3 ++-
+ lib/fpurge.c     |  3 ++-
+ lib/freadahead.c |  3 ++-
+ lib/freading.c   |  3 ++-
+ lib/fseeko.c     |  6 ++++--
+ 6 files changed, 18 insertions(+), 9 deletions(-)
+
+[yann.morin.1998@free.fr: partially backport from upstream gnulib]
+Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
+
+diff --git a/lib/fflush.c b/build-aux/gnulib/lib/fflush.c
+index a6edfa105..a140b7ad9 100644
+--- a/lib/fflush.c
++++ b/lib/fflush.c
+@@ -33,7 +33,8 @@
+ #undef fflush
+ 
+ 
+-#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
++#if defined _IO_EOF_SEEN || defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1
++/* GNU libc, BeOS, Haiku, Linux libc5 */
+ 
+ /* Clear the stream's ungetc buffer, preserving the value of ftello (fp).  */
+ static void
+@@ -72,7 +73,8 @@ clear_ungetc_buffer (FILE *fp)
+ 
+ #endif
+ 
+-#if ! (defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */)
++#if ! (defined _IO_EOF_SEEN || defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1)
++/* GNU libc, BeOS, Haiku, Linux libc5 */
+ 
+ # if (defined __sferror || defined __DragonFly__ || defined __ANDROID__) && defined __SNPT
+ /* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Minix 3, Android */
+@@ -148,7 +150,8 @@ rpl_fflush (FILE *stream)
+   if (stream == NULL || ! freading (stream))
+     return fflush (stream);
+ 
+-#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
++#if defined _IO_EOF_SEEN || defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1
++  /* GNU libc, BeOS, Haiku, Linux libc5 */
+ 
+   clear_ungetc_buffer_preserving_position (stream);
+ 
+diff --git a/lib/fpending.c b/build-aux/gnulib/lib/fpending.c
+index 789f50e4e..7bc235ded 100644
+--- a/lib/fpending.c
++++ b/lib/fpending.c
+@@ -32,7 +32,8 @@ __fpending (FILE *fp)
+   /* Most systems provide FILE as a struct and the necessary bitmask in
+      <stdio.h>, because they need it for implementing getc() and putc() as
+      fast macros.  */
+-#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
++#if defined _IO_EOF_SEEN || defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1
++  /* GNU libc, BeOS, Haiku, Linux libc5 */
+   return fp->_IO_write_ptr - fp->_IO_write_base;
+ #elif defined __sferror || defined __DragonFly__ || defined __ANDROID__
+   /* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Minix 3, Android */
+diff --git a/lib/fpurge.c b/build-aux/gnulib/lib/fpurge.c
+index 3aedcc373..554790b56 100644
+--- a/lib/fpurge.c
++++ b/lib/fpurge.c
+@@ -62,7 +62,8 @@ fpurge (FILE *fp)
+   /* Most systems provide FILE as a struct and the necessary bitmask in
+      <stdio.h>, because they need it for implementing getc() and putc() as
+      fast macros.  */
+-# if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
++# if defined _IO_EOF_SEEN || defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1
++  /* GNU libc, BeOS, Haiku, Linux libc5 */
+   fp->_IO_read_end = fp->_IO_read_ptr;
+   fp->_IO_write_ptr = fp->_IO_write_base;
+   /* Avoid memory leak when there is an active ungetc buffer.  */
+diff --git a/lib/freadahead.c b/build-aux/gnulib/lib/freadahead.c
+index 23ec76ee5..ed3dd0ebd 100644
+--- a/lib/freadahead.c
++++ b/lib/freadahead.c
+@@ -30,7 +30,8 @@ extern size_t __sreadahead (FILE *);
+ size_t
+ freadahead (FILE *fp)
+ {
+-#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
++#if defined _IO_EOF_SEEN || defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1
++  /* GNU libc, BeOS, Haiku, Linux libc5 */
+   if (fp->_IO_write_ptr > fp->_IO_write_base)
+     return 0;
+   return (fp->_IO_read_end - fp->_IO_read_ptr)
+diff --git a/lib/freading.c b/build-aux/gnulib/lib/freading.c
+index c24d0c88a..790f92ca3 100644
+--- a/lib/freading.c
++++ b/lib/freading.c
+@@ -31,7 +31,8 @@ freading (FILE *fp)
+   /* Most systems provide FILE as a struct and the necessary bitmask in
+      <stdio.h>, because they need it for implementing getc() and putc() as
+      fast macros.  */
+-# if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
++# if defined _IO_EOF_SEEN || defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1
++  /* GNU libc, BeOS, Haiku, Linux libc5 */
+   return ((fp->_flags & _IO_NO_WRITES) != 0
+           || ((fp->_flags & (_IO_NO_READS | _IO_CURRENTLY_PUTTING)) == 0
+               && fp->_IO_read_base != NULL));
+diff --git a/lib/fseeko.c b/build-aux/gnulib/lib/fseeko.c
+index 193f4e8ce..e5c5172e7 100644
+--- a/lib/fseeko.c
++++ b/lib/fseeko.c
+@@ -47,7 +47,8 @@ fseeko (FILE *fp, off_t offset, int whence)
+ #endif
+ 
+   /* These tests are based on fpurge.c.  */
+-#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
++#if defined _IO_EOF_SEEN || defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1
++  /* GNU libc, BeOS, Haiku, Linux libc5 */
+   if (fp->_IO_read_end == fp->_IO_read_ptr
+       && fp->_IO_write_ptr == fp->_IO_write_base
+       && fp->_IO_save_base == NULL)
+@@ -123,7 +124,8 @@ fseeko (FILE *fp, off_t offset, int whence)
+           return -1;
+         }
+ 
+-#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
++#if defined _IO_EOF_SEEN || defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1
++      /* GNU libc, BeOS, Haiku, Linux libc5 */
+       fp->_flags &= ~_IO_EOF_SEEN;
+       fp->_offset = pos;
+ #elif defined __sferror || defined __DragonFly__ || defined __ANDROID__
+-- 
+2.14.1
+

package/makedevs/makedevs.c

@@ -510,7 +510,7 @@ int main(int argc, char **argv)
 
 		linenum++;
 
-		if (1 == sscanf(line, "|xattr %254s", xattr)) {
+		if (1 == sscanf(line, " |xattr %254s", xattr)) {
 #ifdef EXTENDED_ATTRIBUTES
 			if (!full_name)
 				bb_error_msg_and_die("line %d should be after a file\n", linenum);

package/mariadb/mariadb.hash

@@ -1,5 +1,8 @@
-# From https://downloads.mariadb.org/mariadb/10.1.33/
-sha256 94312c519f2c0c25e1964c64e22aff0036fb22dfb2685638f43a6b2211395d2d  mariadb-10.1.33.tar.gz
+# From https://downloads.mariadb.org/mariadb/10.1.35/
+md5 935f401314ff08a4177beb70fed6055c  mariadb-10.1.35.tar.gz
+sha1 d322f0da17f4de475832dd534657eba5a936f77b  mariadb-10.1.35.tar.gz
+sha256 9e91d985ed4f662126e3e5791fe91ec8a2f44ec811113c2b6fbc72fa14553c4d  mariadb-10.1.35.tar.gz
+sha512 88e6049f3bbc3aa047e108f91a2c4f335758e80f25bfa2974b5f8c2e13f5758824d7835dece021b515c531e5641b9998e4de92256ad4b47b7f694da99bd471aa  mariadb-10.1.35.tar.gz
 
 # Hash for license files
 sha256 69ce89a0cadbe35a858398c258be93c388715e84fc0ca04e5a1fd1aa9770dd3a  README

package/mariadb/mariadb.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-MARIADB_VERSION = 10.1.33
+MARIADB_VERSION = 10.1.35
 MARIADB_SITE = https://downloads.mariadb.org/interstitial/mariadb-$(MARIADB_VERSION)/source
 MARIADB_LICENSE = GPL-2.0 (server), GPL-2.0 with FLOSS exception (GPL client library), LGPL-2.0 (LGPL client library)
 # Tarball no longer contains LGPL license text

package/mesa3d-headers/mesa3d-headers.mk

@@ -35,9 +35,9 @@ ifeq ($(BR2_PACKAGE_XORG7),y)
 # contains -i.
 define MESA3D_HEADERS_BUILD_DRI_PC
 	sed -e 's:@\(exec_\)\?prefix@:/usr:' \
-	    -e 's:@libdir@:${exec_prefix}/lib:' \
-	    -e 's:@includedir@:${prefix}/include:' \
-	    -e 's:@DRI_DRIVER_INSTALL_DIR@:${libdir}/dri:' \
+	    -e 's:@libdir@:$${exec_prefix}/lib:' \
+	    -e 's:@includedir@:$${prefix}/include:' \
+	    -e 's:@DRI_DRIVER_INSTALL_DIR@:$${libdir}/dri:' \
 	    -e 's:@VERSION@:$(MESA3D_HEADERS_VERSION):' \
 	    -e 's:@DRI_PC_REQ_PRIV@::' \
 	    $(@D)/src/mesa/drivers/dri/dri.pc.in \

package/mono/Config.in

@@ -5,8 +5,8 @@ config BR2_PACKAGE_HOST_MONO_ARCH_SUPPORTS
 
 config BR2_PACKAGE_MONO_ARCH_SUPPORTS
 	bool
-	default y if (BR2_arm || BR2_armeb || BR2_i386 || BR2_mips || \
-		      BR2_mipsel || BR2_powerpc || BR2_x86_64)
+	default y if (BR2_arm || BR2_armeb || BR2_i386 || \
+		      BR2_powerpc || BR2_x86_64)
 	depends on BR2_PACKAGE_HOST_MONO_ARCH_SUPPORTS
 
 config BR2_PACKAGE_MONO

package/mtd/0001-revert-return-correct-error-number-in-ubi_get_vol_info1.patch

@@ -0,0 +1,92 @@
+From 0f833ac73ad631248826386e2918d8571ecf0347 Mon Sep 17 00:00:00 2001
+From: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
+Date: Sat, 9 Jun 2018 16:45:22 +0200
+Subject: [PATCH] Revert "Return correct error number in ubi_get_vol_info1"
+
+This reverts commit dede98ffb706676309488d7cc660f569548d5930.
+
+The original commit tried to fix a descrepancy between the implementation
+and the documentation by making the implementation comply.
+
+When making the change, it was overlooked, that ubinfo and ubirename were
+written against the implementation instead of the behaviour specified by
+the documentation. So were further internal functions like
+ubi_get_vol_info1_nm which further breaks ubirmvol.
+
+A report with an outline of a resulting problem can be read on
+the mailing list:
+
+http://lists.infradead.org/pipermail/linux-mtd/2018-June/081562.html
+
+From the report:
+
+steps to reproduce: have mtd-utils 2.0.1 or 2.0.2
+
+0. make a bunch of ubi volumes in sequential order
+
+ubimkvol /dev/ubi0 -s 64KiB -N test1
+ubimkvol /dev/ubi0 -s 64KiB -N test2
+ubimkvol /dev/ubi0 -s 64KiB -N test3
+ubimkvol /dev/ubi0 -s 64KiB -N test4
+..
+
+1. delete the test1 volume, making a hole in the volume table
+
+ubirmvol /dev/ubi0 -N test1
+
+2. try an affected tool (i.e. "ubirmvol /dev/ubi0 -N test4" )
+
+ |root at mr24:/# ubirmvol /dev/ubi0 -N test4
+ |ubirmvol: error!: cannot find UBI volume "test4"
+ |         error 19 (No such device)
+
+or "ubinfo -a"
+
+ | root at mr24:/# ubinfo -a
+ | UBI version:                    1
+ | Count of UBI devices:           1
+ | UBI control device major/minor: 10:59
+ | Present UBI devices:            ubi0
+ |
+ | ubi0
+ | Volumes count:                           11
+ | Logical eraseblock size:                 15872 bytes, 15.5 KiB
+ | Total amount of logical eraseblocks:     1952 (30982144 bytes, 29.5 MiB)
+ | Amount of available logical eraseblocks: 75 (1190400 bytes, 1.1 MiB)
+ | Maximum count of volumes                 92
+ | Count of bad physical eraseblocks:       0
+ | Count of reserved physical eraseblocks:  40
+ | Current maximum erase counter value:     984
+ | Minimum input/output unit size:          512 bytes
+ | Character device major/minor:            251:0
+ | ubinfo: error!: libubi failed to probe volume 5 on ubi0
+ |        error 19 (No such device)
+ | Present volumes:                         0, 1, 2, 3, 4root at mr24:/#
+
+Reported-by: Christian Lamparter <chunkeey@gmail.com>
+Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
+Signed-off-by: David Owens <david.owens@rockwellcollins.com>
+---
+ lib/libubi.c | 5 +----
+ 1 file changed, 1 insertion(+), 4 deletions(-)
+
+diff --git a/lib/libubi.c b/lib/libubi.c
+index b50e68a..978b433 100644
+--- a/lib/libubi.c
++++ b/lib/libubi.c
+@@ -1240,11 +1240,8 @@ int ubi_get_vol_info1(libubi_t desc, int dev_num, int vol_id,
+ 	info->dev_num = dev_num;
+ 	info->vol_id = vol_id;
+ 
+-	if (vol_get_major(lib, dev_num, vol_id, &info->major, &info->minor)) {
+-		if (errno == ENOENT)
+-			errno = ENODEV;
++	if (vol_get_major(lib, dev_num, vol_id, &info->major, &info->minor))
+ 		return -1;
+-	}
+ 
+ 	ret = vol_read_data(lib->vol_type, dev_num, vol_id, buf, 50);
+ 	if (ret < 0)
+-- 
+2.14.4
+

package/ncmpc/0001-Fix-unique_ptr-error-with-some-old-toolchains.patch

@@ -0,0 +1,54 @@
+From 63c0c47106007f7b2a791e3e4b062a5424d3dfe8 Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Sun, 12 Aug 2018 09:02:50 +0200
+Subject: [PATCH] Fix unique_ptr error with some old toolchains
+
+With some "old" toolchains (glibc, uclibc in version 4.9.4, 5.3, 5.4,
+5.5 ...), the following error is raised by the compiler:
+
+../src/screen.cxx:60:29:   required from here
+/usr/lfs/v0/rc-buildroot-test/scripts/instance-1/output/host/opt/ext-toolchain/mips-linux-gnu/include/c++/5.3.0/ext/new_allocator.h:120:4:
+error: no matching function for call to 'std::pair<const screen_functions* const, std::unique_ptr<Page> >::pair(const screen_functions*, Page*)'
+
+[...]
+
+/usr/lfs/v0/rc-buildroot-test/scripts/instance-1/output/host/opt/ext-toolchain/mips-linux-gnu/include/c++/5.3.0/bits/stl_pair.h:112:26:
+note: candidate: constexpr std::pair<_T1, _T2>::pair(const _T1&, const _T2&) [with _T1 = const screen_functions* const; _T2 = std::unique_ptr<Page>]
+       _GLIBCXX_CONSTEXPR pair(const _T1& __a, const _T2& __b)
+                          ^
+/usr/lfs/v0/rc-buildroot-test/scripts/instance-1/output/host/opt/ext-toolchain/mips-linux-gnu/include/c++/5.3.0/bits/stl_pair.h:112:26:
+note:   no known conversion for argument 2 from 'Page*' to 'const
+std::unique_ptr<Page>&'
+
+This is due to the fact that init function of screen_functions
+structure returns Page* but PageMap wants a std::unique_ptr<Page>
+
+To fix this, cast raw pointer into a unique_ptr with an explicit cast
+
+Fixes:
+ - http://autobuild.buildroot.net/results/d8a7339d8bdd5cdc6bd1716585d4bcf15a2e8015
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ src/screen.cxx | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/screen.cxx b/src/screen.cxx
+index dd42b25..56afd11 100644
+--- a/src/screen.cxx
++++ b/src/screen.cxx
+@@ -56,8 +56,9 @@ ScreenManager::MakePage(const struct screen_functions &sf)
+ 		return i;
+ 
+ 	auto j = pages.emplace(&sf,
+-			       sf.init(*this, main_window.w,
+-				       main_window.size));
++			       std::unique_ptr<Page>(sf.init(*this,
++							     main_window.w,
++							     main_window.size)));
+ 	assert(j.second);
+ 	return j.first;
+ }
+-- 
+2.14.1
+

package/ncurses/ncurses.mk

@@ -154,6 +154,7 @@ HOST_NCURSES_CONF_OPTS = \
 	--without-cxx-binding \
 	--without-ada \
 	--with-default-terminfo-dir=/usr/share/terminfo \
+	--disable-db-install \
 	--without-normal
 
 $(eval $(autotools-package))

package/nodejs/nodejs.hash

@@ -1,5 +1,5 @@
-# From http://nodejs.org/dist/v8.11.3/SHASUMS256.txt
-sha256 577c751fdca91c46c60ffd8352e5b465881373bfdde212c17c3a3c1bd2616ee0  node-v8.11.3.tar.xz
+# From http://nodejs.org/dist/v8.11.4/SHASUMS256.txt
+sha256 fbce7de6d96b0bcb0db0bf77f0e6ea999b6755e6930568aedaab06847552a609  node-v8.11.4.tar.xz
 
 # Hash for license file
 sha256 b87be6c1479ed977481115869c2dd8b6d59e5ea55aa09939d6c898242121b2f5  LICENSE

package/nodejs/nodejs.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-NODEJS_VERSION = 8.11.3
+NODEJS_VERSION = 8.11.4
 NODEJS_SOURCE = node-v$(NODEJS_VERSION).tar.xz
 NODEJS_SITE = http://nodejs.org/dist/v$(NODEJS_VERSION)
 NODEJS_DEPENDENCIES = host-python host-nodejs c-ares \

package/php/php.hash

@@ -1,5 +1,5 @@
 # From http://php.net/downloads.php
-sha256 af70a33b3f7a51510467199b39af151333fbbe4cc21923bad9c7cf64268cddb2  php-7.2.5.tar.xz
+sha256 3585c1222e00494efee4f5a65a8e03a1e6eca3dfb834814236ee7f02c5248ae0  php-7.2.9.tar.xz
 
 # License file
 sha256 00e567a8d50359d93ee1f9afdd9511277660c1e70a0cbf3229f84403aa9aebb1  LICENSE

package/php/php.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-PHP_VERSION = 7.2.5
+PHP_VERSION = 7.2.9
 PHP_SITE = http://www.php.net/distributions
 PHP_SOURCE = php-$(PHP_VERSION).tar.xz
 PHP_INSTALL_STAGING = YES

package/pkg-golang.mk

@@ -77,9 +77,9 @@ $(2)_INSTALL_BINS ?= $(1)
 # of GOPATH. It usually resolves around domain/vendor/software. By default, we
 # derive domain/vendor/software from the upstream URL of the project, but we
 # allow $(2)_SRC_SUBDIR to be overridden if needed.
-$(2)_SRC_DOMAIN = $$(call domain,$($(2)_SITE))
-$(2)_SRC_VENDOR = $$(word 1,$$(subst /, ,$$(call notdomain,$($(2)_SITE))))
-$(2)_SRC_SOFTWARE = $$(word 2,$$(subst /, ,$$(call notdomain,$($(2)_SITE))))
+$(2)_SRC_DOMAIN = $$(call domain,$$($(2)_SITE))
+$(2)_SRC_VENDOR = $$(word 1,$$(subst /, ,$$(call notdomain,$$($(2)_SITE))))
+$(2)_SRC_SOFTWARE = $$(word 2,$$(subst /, ,$$(call notdomain,$$($(2)_SITE))))
 
 $(2)_SRC_SUBDIR ?= $$($(2)_SRC_DOMAIN)/$$($(2)_SRC_VENDOR)/$$($(2)_SRC_SOFTWARE)
 $(2)_SRC_PATH = $$(@D)/$$($(2)_WORKSPACE)/src/$$($(2)_SRC_SUBDIR)

package/pkg-kconfig.mk

@@ -41,6 +41,10 @@ endef
 
 define inner-kconfig-package
 
+# Register the kconfig dependencies as regular dependencies, so that
+# they are also accounted for in the generated graphs.
+$(2)_DEPENDENCIES += $$($(2)_KCONFIG_DEPENDENCIES)
+
 # Call the generic package infrastructure to generate the necessary
 # make targets.
 # Note: this must be done _before_ attempting to use $$($(2)_DIR) in a
@@ -121,6 +125,11 @@ $$($(2)_DIR)/$$($(2)_KCONFIG_DOTCONFIG): $$($(2)_KCONFIG_FILE) $$($(2)_KCONFIG_F
 # it explicitly. It doesn't hurt to always have it though.
 $$($(2)_DIR)/$$($(2)_KCONFIG_DOTCONFIG): | $(1)-patch
 
+# Some packages may need additional tools to be present by the time their
+# kconfig structure is parsed (e.g. the linux kernel may need to call to
+# the compiler to test its features).
+$$($(2)_DIR)/$$($(2)_KCONFIG_DOTCONFIG): | $$($(2)_KCONFIG_DEPENDENCIES)
+
 # In order to get a usable, consistent configuration, some fixup may be needed.
 # The exact rules are specified by the package .mk file.
 define $(2)_FIXUP_DOT_CONFIG

package/python-django/python-django.hash

@@ -1,3 +1,3 @@
-# md5 from https://pypi.python.org/pypi/django/json, sha256 locally computed
-md5	693dfeabad62c561cb205900d32c2a98  Django-1.10.7.tar.gz
-sha256	593d779dbc2350a245c4f76d26bdcad58a39895e87304fe6d725bbdf84b5b0b8  Django-1.10.7.tar.gz
+# From https://www.djangoproject.com/m/pgp/Django-1.11.15.checksum.txt
+sha256	b18235d82426f09733d2de9910cee975cf52ff05e5f836681eb957d105a05a40  Django-1.11.15.tar.gz
+sha256	b846415d1b514e9c1dff14a22deb906d794bc546ca6129f950a18cd091e2a669  LICENSE

package/python-django/python-django.mk

@@ -4,10 +4,10 @@
 #
 ################################################################################
 
-PYTHON_DJANGO_VERSION = 1.10.7
+PYTHON_DJANGO_VERSION = 1.11.15
 PYTHON_DJANGO_SOURCE = Django-$(PYTHON_DJANGO_VERSION).tar.gz
 # The official Django site has an unpractical URL
-PYTHON_DJANGO_SITE = https://pypi.python.org/packages/15/b4/d4bb7313e02386bd23a60e1eb5670321313fb67289c6f36ec43bce747aff
+PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/43/b5/b44286e56a5211d37b4058dcd5e62835afa5ce5aa6a38b56bd04c0d01cbc
 PYTHON_DJANGO_LICENSE = BSD-3-Clause
 PYTHON_DJANGO_LICENSE_FILES = LICENSE
 PYTHON_DJANGO_SETUP_TYPE = setuptools

package/python-pyqt5/0004-drop-qttest-qtestmouse-waitforevents.patch

@@ -0,0 +1,32 @@
+Drop waitForEvents() method from qtestmouse
+
+This method was dropped in Qt 5.11:
+
+  https://github.com/qt/qtbase/commit/75e583b3fcbdbbb999633eb5f2267720dd695cfa
+
+However, Python PyQt5 still generates a wrapper for it, causing a
+build failure. The upstream PyQt5 maintainers have not kept
+waitForEvents() support for older Qt versions, and instead entirely
+dropped it unconditionally. This can be verified by diffing PyQt 5.10
+and PyQt 5.11. We take the same approach, and drop waitForEvents()
+unconditionally, even when PyQt5 is built against the older Qt 5.6.
+
+Fedora is using a similar solution:
+https://src.fedoraproject.org/rpms/python-qt5/c/47fb7fdc5d16582772f9c3fc8a6a674a41a7f605?branch=master.
+
+This patch can be dropped when PyQt5 is bumped to its 5.11 version.
+
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+
+Index: b/sip/QtTest/qtestmouse.sip
+===================================================================
+--- a/sip/QtTest/qtestmouse.sip
++++ b/sip/QtTest/qtestmouse.sip
+@@ -41,7 +41,6 @@
+     void mousePress(QWidget *widget, Qt::MouseButton button, Qt::KeyboardModifiers modifier = 0, QPoint pos = QPoint(), int delay = -1);
+     void mouseRelease(QWidget *widget, Qt::MouseButton button, Qt::KeyboardModifiers modifier = 0, QPoint pos = QPoint(), int delay = -1);
+     void mouseEvent(QTest::MouseAction action, QWidget *widget, Qt::MouseButton button, Qt::KeyboardModifiers modifier, QPoint pos, int delay = -1);
+-    void waitForEvents() /ReleaseGIL/;
+     void mouseEvent(QTest::MouseAction action, QWindow *window, Qt::MouseButton button, Qt::KeyboardModifiers modifier, QPoint pos, int delay = -1);
+     void mousePress(QWindow *window, Qt::MouseButton button, Qt::KeyboardModifiers modifier = Qt::KeyboardModifiers(), QPoint pos = QPoint(), int delay = -1);
+     void mouseRelease(QWindow *window, Qt::MouseButton button, Qt::KeyboardModifiers modifier = Qt::KeyboardModifiers(), QPoint pos = QPoint(), int delay = -1);

package/qt5/qt5base/5.11.1/0002-double-conversion-enable-for-aarch64_be.patch

@@ -0,0 +1,26 @@
+From e81ba4e0de16ff741417ae7ed7dfe7b5a83d66e2 Mon Sep 17 00:00:00 2001
+From: Peter Seiderer <ps.report@gmx.net>
+Date: Mon, 13 Aug 2018 20:15:05 +0200
+Subject: [PATCH] double-conversion: enable for aarch64_be
+
+Signed-off-by: Peter Seiderer <ps.report@gmx.net>
+---
+ .../double-conversion/include/double-conversion/utils.h         | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/3rdparty/double-conversion/include/double-conversion/utils.h b/src/3rdparty/double-conversion/include/double-conversion/utils.h
+index 20bfd36c84..77baa2861a 100644
+--- a/src/3rdparty/double-conversion/include/double-conversion/utils.h
++++ b/src/3rdparty/double-conversion/include/double-conversion/utils.h
+@@ -65,7 +65,7 @@
+     defined(__sparc__) || defined(__sparc) || defined(__s390__) || \
+     defined(__SH4__) || defined(__alpha__) || \
+     defined(_MIPS_ARCH_MIPS32R2) || \
+-    defined(__AARCH64EL__)
++    defined(__AARCH64EL__) || defined(__AARCH64EB__)
+ #define DOUBLE_CONVERSION_CORRECT_DOUBLE_OPERATIONS 1
+ #elif defined(_M_IX86) || defined(__i386__) || defined(__i386)
+ #if defined(_WIN32)
+-- 
+2.18.0
+

package/qt5/qt5base/5.11.1/0003-double-conversion-enable-for-or1k.patch

@@ -0,0 +1,27 @@
+From f9920819e6600a68829fb4600f11b70ebc2a33e7 Mon Sep 17 00:00:00 2001
+From: Peter Seiderer <ps.report@gmx.net>
+Date: Sat, 18 Aug 2018 23:44:20 +0200
+Subject: [PATCH] double-conversion: enable for or1k
+
+Signed-off-by: Peter Seiderer <ps.report@gmx.net>
+---
+ .../double-conversion/include/double-conversion/utils.h        | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/3rdparty/double-conversion/include/double-conversion/utils.h b/src/3rdparty/double-conversion/include/double-conversion/utils.h
+index 77baa2861a..b0a7d5d4f4 100644
+--- a/src/3rdparty/double-conversion/include/double-conversion/utils.h
++++ b/src/3rdparty/double-conversion/include/double-conversion/utils.h
+@@ -65,7 +65,8 @@
+     defined(__sparc__) || defined(__sparc) || defined(__s390__) || \
+     defined(__SH4__) || defined(__alpha__) || \
+     defined(_MIPS_ARCH_MIPS32R2) || \
+-    defined(__AARCH64EL__) || defined(__AARCH64EB__)
++    defined(__AARCH64EL__) || defined(__AARCH64EB__) || \
++    defined(__or1k__)
+ #define DOUBLE_CONVERSION_CORRECT_DOUBLE_OPERATIONS 1
+ #elif defined(_M_IX86) || defined(__i386__) || defined(__i386)
+ #if defined(_WIN32)
+-- 
+2.18.0
+

package/qt5/qt5serialbus/qt5serialbus.mk

@@ -36,7 +36,7 @@ define QT5SERIALBUS_INSTALL_TARGET_LIBS
 endef
 endif
 
-ifeq ($(BR2_PACKAGE_QT5BASE_EXAMPLES),y)
+ifeq ($(BR2_PACKAGE_QT5BASE_EXAMPLES)$(BR2_PACKAGE_QT5BASE_WIDGETS),yy)
 define QT5SERIALBUS_INSTALL_TARGET_EXAMPLES
 	cp -dpfr $(STAGING_DIR)/usr/lib/qt/examples/serialbus $(TARGET_DIR)/usr/lib/qt/examples/
 endef

package/ruby/ruby.hash

@@ -1,5 +1,5 @@
-# From https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-4-2-released/
-sha256 748a8980d30141bd1a4124e11745bb105b436fb1890826e0d2b9ea31af27f735  ruby-2.4.2.tar.xz
+# From https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/
+sha256 1d0034071d675193ca769f64c91827e5f54cb3a7962316a41d5217c7bc6949f0  ruby-2.4.4.tar.xz
 # License files, Locally calculated
 sha256 5cda9584acd5e1096276a375085b7e659fa67a072fd69ec2c3931e54f7f563bb  LEGAL
 sha256 f5eb1b2956d5f7a67b2e5722a3749bc2fe86f9c580f2e3f5a08519cf073b5864  COPYING

package/ruby/ruby.mk

@@ -5,7 +5,7 @@
 ################################################################################
 
 RUBY_VERSION_MAJOR = 2.4
-RUBY_VERSION = $(RUBY_VERSION_MAJOR).2
+RUBY_VERSION = $(RUBY_VERSION_MAJOR).4
 RUBY_VERSION_EXT = 2.4.0
 RUBY_SITE = http://cache.ruby-lang.org/pub/ruby/$(RUBY_VERSION_MAJOR)
 RUBY_SOURCE = ruby-$(RUBY_VERSION).tar.xz

package/samba4/0002-Fix-compilation-of-Samba-4.7.4-with-disabled-ADS.patch

@@ -1,5 +1,7 @@
-From: Timur I. Bakeyev <timur@freebsd.org>
-Subject: Fix compilation of Samba 4.7.4 with disabled ADS
+From da2f2cf8e7a1dfcb661b707e4649cec1e8a0e79c Mon Sep 17 00:00:00 2001
+From: Bernd Kuhls <bernd.kuhls@t-online.de>
+Date: Thu, 9 Aug 2018 10:03:06 +0200
+Subject: [PATCH] Fix compilation of Samba 4.7.4 with disabled ADS
 
 Downloaded from upstream mailinglist
 https://lists.samba.org/archive/samba-technical/2017-December/124629.html
@@ -8,9 +10,14 @@ Patch originates from FreeBSD:
 https://svnweb.freebsd.org/ports/head/net/samba47/files/patch-source3__libads__kerberos_keytab.c?revision=457119&view=markup
 
 Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
+---
+ source3/libads/kerberos_keytab.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
 
---- a/source3/libads/kerberos_keytab.c.orig	2017-12-23 14:23:53.247467000 +0100
-+++ b/source3/libads/kerberos_keytab.c	2017-12-23 18:57:07.135340000 +0100
+diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
+index 37ac7ba985e..71250962090 100644
+--- a/source3/libads/kerberos_keytab.c
++++ b/source3/libads/kerberos_keytab.c
 @@ -32,8 +32,6 @@
  
  #ifdef HAVE_KRB5
@@ -20,7 +27,7 @@ Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
  /* This MAX_NAME_LEN is a constant defined in krb5.h */
  #ifndef MAX_KEYTAB_NAME_LEN
  #define MAX_KEYTAB_NAME_LEN 1100
-@@ -85,6 +83,8 @@
+@@ -85,6 +83,8 @@ out:
  	return ret;
  }
  
@@ -29,3 +36,6 @@ Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
  /**********************************************************************
   Adds a single service principal, i.e. 'host' to the system keytab
  ***********************************************************************/
+-- 
+2.14.4
+

package/samba4/0003-Fix-uClibc-build-on-64bit-platforms-by-including-std.patch

@@ -1,7 +1,7 @@
-From 4a63f267efab2ef86adbeddda45909127135d7c8 Mon Sep 17 00:00:00 2001
+From 3d91847322eba55e97adc76c5c95570382af7059 Mon Sep 17 00:00:00 2001
 From: Bernd Kuhls <bernd.kuhls@t-online.de>
 Date: Sun, 28 Jan 2018 11:57:11 +0100
-Subject: [PATCH 1/1] Fix uClibc build on 64bit platforms by including stdint.h
+Subject: [PATCH] Fix uClibc build on 64bit platforms by including stdint.h
 
 Fixes an error detected by buildroot autobuilders:
 http://autobuild.buildroot.net/results/573/573e2268e205e10d1352fa81122d8f225fdb4575/build-end.log
@@ -20,15 +20,19 @@ define uintptr_t, this patch includes stdint.h when needed.
 Patch sent upstream:
 https://lists.samba.org/archive/samba-technical/2018-January/125306.html
 
+[updated for samba-4.8.4, v2 sent upstream
+ https://lists.samba.org/archive/samba-technical/2018-August/129732.html]
+
 Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
 ---
  lib/ldb/tests/ldb_mod_op_test.c   | 1 +
  lib/ldb/tests/ldb_msg.c           | 1 +
+ libcli/auth/tests/ntlm_check.c    | 1 +
  libcli/smb/test_smb1cli_session.c | 1 +
- 3 files changed, 3 insertions(+)
+ 4 files changed, 4 insertions(+)
 
 diff --git a/lib/ldb/tests/ldb_mod_op_test.c b/lib/ldb/tests/ldb_mod_op_test.c
-index cf2288c7bce..4690594186e 100644
+index c8b9c1aa9ff..4893dc3b38b 100644
 --- a/lib/ldb/tests/ldb_mod_op_test.c
 +++ b/lib/ldb/tests/ldb_mod_op_test.c
 @@ -13,6 +13,7 @@
@@ -51,6 +55,18 @@ index f8de418e0dc..31786a9a318 100644
  #include <setjmp.h>
  #include <cmocka.h>
  
+diff --git a/libcli/auth/tests/ntlm_check.c b/libcli/auth/tests/ntlm_check.c
+index e87a0a276d4..65c7b086008 100644
+--- a/libcli/auth/tests/ntlm_check.c
++++ b/libcli/auth/tests/ntlm_check.c
+@@ -40,6 +40,7 @@
+  */
+ #include <stdarg.h>
+ #include <stddef.h>
++#include <stdint.h>
+ #include <setjmp.h>
+ #include <cmocka.h>
+ 
 diff --git a/libcli/smb/test_smb1cli_session.c b/libcli/smb/test_smb1cli_session.c
 index d1e21d5431e..6a526c96b61 100644
 --- a/libcli/smb/test_smb1cli_session.c
@@ -63,5 +79,5 @@ index d1e21d5431e..6a526c96b61 100644
  #include <cmocka.h>
  
 -- 
-2.11.0
+2.18.0
 

package/samba4/0004-Disable-build-of-manpages-and-documentation.patch

@@ -0,0 +1,116 @@
+From 3cd608170b99492bdd5fe3b7b8e7db61af199845 Mon Sep 17 00:00:00 2001
+From: Bernd Kuhls <bernd.kuhls@t-online.de>
+Date: Thu, 9 Aug 2018 09:59:06 +0200
+Subject: [PATCH] Disable build of manpages and documentation
+
+This patch fixes a bug described in an upstream bug report
+https://bugzilla.samba.org/show_bug.cgi?id=9515
+which was closed as WONTFIX by disabling the build of manpages and
+documentation.
+
+If installed on the host, samba4 uses the docbook-xsl package to build
+parts of the documentation. This package is broken, on Debian for
+example the bug reported to samba4 was fixed in the docbook-xsl package:
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765567
+
+Since we do not provide a host version of docbook-xsl we need to disable
+the build of manpages and documentation.
+
+Patch was downloaded from
+https://github.com/LibreELEC/LibreELEC.tv/blob/master/packages/network/samba/patches/samba-950-no-man.patch
+
+Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
+---
+ buildtools/wafsamba/wafsamba.py | 10 +++++-----
+ docs-xml/wscript_build          | 34 +++++++++++++++++-----------------
+ source4/scripting/wscript_build |  4 ++--
+ 3 files changed, 24 insertions(+), 24 deletions(-)
+
+diff --git a/buildtools/wafsamba/wafsamba.py b/buildtools/wafsamba/wafsamba.py
+index 4bb19d070e2..a255d841111 100644
+--- a/buildtools/wafsamba/wafsamba.py
++++ b/buildtools/wafsamba/wafsamba.py
+@@ -335,9 +335,9 @@ def SAMBA_LIBRARY(bld, libname, source,
+         else:
+             bld.PKG_CONFIG_FILES(pc_files, vnum=vnum)
+ 
+-    if (manpages is not None and 'XSLTPROC_MANPAGES' in bld.env and
+-        bld.env['XSLTPROC_MANPAGES']):
+-        bld.MANPAGES(manpages, install)
++#    if (manpages is not None and 'XSLTPROC_MANPAGES' in bld.env and
++#        bld.env['XSLTPROC_MANPAGES']):
++#        bld.MANPAGES(manpages, install)
+ 
+ 
+ Build.BuildContext.SAMBA_LIBRARY = SAMBA_LIBRARY
+@@ -442,8 +442,8 @@ def SAMBA_BINARY(bld, binname, source,
+         samba_ldflags  = pie_ldflags
+         )
+ 
+-    if manpages is not None and 'XSLTPROC_MANPAGES' in bld.env and bld.env['XSLTPROC_MANPAGES']:
+-        bld.MANPAGES(manpages, install)
++#    if manpages is not None and 'XSLTPROC_MANPAGES' in bld.env and bld.env['XSLTPROC_MANPAGES']:
++#        bld.MANPAGES(manpages, install)
+ 
+ Build.BuildContext.SAMBA_BINARY = SAMBA_BINARY
+ 
+diff --git a/docs-xml/wscript_build b/docs-xml/wscript_build
+index 954c62a29bc..1169158fd57 100644
+--- a/docs-xml/wscript_build
++++ b/docs-xml/wscript_build
+@@ -147,20 +147,20 @@ bld.SAMBA_GENERATOR(parameter_all,
+                     rule=smbdotconf_generate_parameter_list,
+                     dep_vars=bld.dynconfig_varnames())
+ 
+-def SMBDOTCONF_MANPAGE(bld, target):
+-    ''' assemble and build smb.conf.5 manual page'''
+-    bld.SAMBAMANPAGES(target, parameter_all)
+-
+-if ('XSLTPROC_MANPAGES' in bld.env and bld.env['XSLTPROC_MANPAGES']):
+-
+-    SMBDOTCONF_MANPAGE(bld, 'manpages/smb.conf.5')
+-    bld.SAMBAMANPAGES(manpages)
+-
+-    if bld.CONFIG_SET('WITH_PAM_MODULES') and bld.CONFIG_SET('HAVE_PAM_START'):
+-        bld.SAMBAMANPAGES(pam_winbind_manpages)
+-
+-    if bld.CONFIG_SET('HAVE_KRB5_LOCATE_PLUGIN_H'):
+-        bld.SAMBAMANPAGES(krb5_locator_manpages)
+-
+-    if bld.SAMBA3_IS_ENABLED_MODULE('vfs_zfsacl'):
+-        bld.SAMBAMANPAGES('manpages/vfs_zfsacl.8')
++#def SMBDOTCONF_MANPAGE(bld, target):
++#    ''' assemble and build smb.conf.5 manual page'''
++#    bld.SAMBAMANPAGES(target, parameter_all)
++#
++#if ('XSLTPROC_MANPAGES' in bld.env and bld.env['XSLTPROC_MANPAGES']):
++#
++#    SMBDOTCONF_MANPAGE(bld, 'manpages/smb.conf.5')
++#    bld.SAMBAMANPAGES(manpages)
++#
++#    if bld.CONFIG_SET('WITH_PAM_MODULES') and bld.CONFIG_SET('HAVE_PAM_START'):
++#        bld.SAMBAMANPAGES(pam_winbind_manpages)
++#
++#    if bld.CONFIG_SET('HAVE_KRB5_LOCATE_PLUGIN_H'):
++#        bld.SAMBAMANPAGES(krb5_locator_manpages)
++#
++#    if bld.SAMBA3_IS_ENABLED_MODULE('vfs_zfsacl'):
++#        bld.SAMBAMANPAGES('manpages/vfs_zfsacl.8')
+diff --git a/source4/scripting/wscript_build b/source4/scripting/wscript_build
+index 2f53cce12b7..9841ae0a116 100644
+--- a/source4/scripting/wscript_build
++++ b/source4/scripting/wscript_build
+@@ -12,8 +12,8 @@ if sbin_files:
+     bld.INSTALL_FILES('${SBINDIR}',
+                       sbin_files,
+                       chmod=MODE_755, python_fixup=True, flat=True)
+-    if 'XSLTPROC_MANPAGES' in bld.env and bld.env['XSLTPROC_MANPAGES']:
+-        bld.MANPAGES(man_files, True)
++#    if 'XSLTPROC_MANPAGES' in bld.env and bld.env['XSLTPROC_MANPAGES']:
++#        bld.MANPAGES(man_files, True)
+ 
+ if bld.CONFIG_SET('AD_DC_BUILD_IS_ENABLED'):
+     bld.INSTALL_FILES('${BINDIR}',
+-- 
+2.14.4
+

package/samba4/samba4.hash

@@ -1,4 +1,4 @@
 # Locally calculated after checking pgp signature
-# https://download.samba.org/pub/samba/stable/samba-4.8.3.tar.asc
-sha256 e0569a8a605d5dfb49f1fdd11db796f4d36fe0351c4a7f21387ef253010b82ed  samba-4.8.3.tar.gz
+# https://download.samba.org/pub/samba/stable/samba-4.8.4.tar.asc
+sha256 f5044d149e01894a08b1d114b8b69aed78171a7bb19608bd1fd771453b9a5406  samba-4.8.4.tar.gz
 sha256 8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903  COPYING

package/samba4/samba4.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-SAMBA4_VERSION = 4.8.3
+SAMBA4_VERSION = 4.8.4
 SAMBA4_SITE = https://download.samba.org/pub/samba/stable
 SAMBA4_SOURCE = samba-$(SAMBA4_VERSION).tar.gz
 SAMBA4_INSTALL_STAGING = YES

package/uboot-tools/uboot-tools.mk

@@ -19,6 +19,7 @@ endef
 UBOOT_TOOLS_MAKE_OPTS = CROSS_COMPILE="$(TARGET_CROSS)" \
 	CFLAGS="$(TARGET_CFLAGS)" \
 	LDFLAGS="$(TARGET_LDFLAGS)" \
+	HOSTCFLAGS="$(HOST_CFLAGS)" \
 	STRIP=$(TARGET_STRIP)
 
 ifeq ($(BR2_PACKAGE_UBOOT_TOOLS_FIT_SUPPORT),y)

package/uclibc/0003-ldso-arc-fix-LD_DEBUG-segv-when-printing-R_ARC_NONE.patch

@@ -0,0 +1,45 @@
+From 269a2a2a0f863e1b43dc02f2f4f0f3c50299456e Mon Sep 17 00:00:00 2001
+From: Vineet Gupta <Vineet.Gupta1@synopsys.com>
+Date: Tue, 26 Jun 2018 18:26:24 -0700
+Subject: [PATCH] ldso/arc: fix LD_DEBUG segv when printing R_ARC_NONE
+
+Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
+Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
+---
+ ldso/ldso/arc/elfinterp.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/ldso/ldso/arc/elfinterp.c b/ldso/ldso/arc/elfinterp.c
+index 5a02bc234..a30c19bcb 100644
+--- a/ldso/ldso/arc/elfinterp.c
++++ b/ldso/ldso/arc/elfinterp.c
+@@ -64,7 +64,7 @@ _dl_linux_resolver(struct elf_resolve *tpnt, unsigned int plt_pc)
+ 	if (_dl_debug_bindings) {
+ 		_dl_dprintf(_dl_debug_file, "\nresolve function: %s", symname);
+ 		if (_dl_debug_detail)
+-			_dl_dprintf(_dl_debug_file, "\n\tpatched %x ==> %pc @ %pl\n",
++			_dl_dprintf(_dl_debug_file, "\n\tpatched %x ==> %pc @ %p\n",
+ 					*got_addr, new_addr, got_addr);
+ 	}
+ 
+@@ -178,7 +178,7 @@ _dl_do_reloc(struct elf_resolve *tpnt, struct r_scope_elem *scope,
+ 
+ log_entry:
+ #if defined __SUPPORT_LD_DEBUG__
+-	if (_dl_debug_detail)
++	if (_dl_debug_detail && (reloc_type != R_ARC_NONE))
+ 		_dl_dprintf(_dl_debug_file,"\tpatched: %x ==> %x @ %x",
+ 				old_val, *reloc_addr, reloc_addr);
+ #endif
+@@ -214,7 +214,7 @@ _dl_do_lazy_reloc(struct elf_resolve *tpnt, struct r_scope_elem *scope,
+ 	}
+ 
+ #if defined __SUPPORT_LD_DEBUG__
+-	if (_dl_debug_reloc && _dl_debug_detail)
++	if (_dl_debug_reloc && _dl_debug_detail && (reloc_type != R_ARC_NONE))
+ 		_dl_dprintf(_dl_debug_file, "\tpatched: %x ==> %x @ %x\n",
+ 				old_val, *reloc_addr, reloc_addr);
+ #endif
+-- 
+2.16.2
+

package/vlc/Config.in

@@ -1,8 +1,3 @@
-if BR2_PACKAGE_VLC
-comment "vlc is known not to work in all configurations"
-comment "If you can fix it, please inform buildroot@buildroot.org"
-endif
-
 config BR2_PACKAGE_VLC
 	bool "vlc"
 	depends on BR2_USE_MMU # fork()

package/vlc/vlc.mk

@@ -381,9 +381,9 @@ else
 VLC_CONF_OPTS += --disable-sdl-image
 endif
 
-ifeq ($(BR2_PACKAGE_SPEEX),y)
+ifeq ($(BR2_PACKAGE_SPEEX)$(BR2_PACKAGE_SPEEXDSP),yy)
 VLC_CONF_OPTS += --enable-speex
-VLC_DEPENDENCIES += speex
+VLC_DEPENDENCIES += speex speexdsp
 else
 VLC_CONF_OPTS += --disable-speex
 endif

package/waylandpp/0001-scanner-Fix-compiler-error-missing-stdexcept-to-use-.patch

@@ -0,0 +1,28 @@
+From 85b61589b0c73f6c6974862af678ed2f82806ac5 Mon Sep 17 00:00:00 2001
+From: Bernd Kuhls <bernd.kuhls@t-online.de>
+Date: Thu, 9 Aug 2018 21:44:46 +0200
+Subject: [PATCH] [scanner] Fix compiler error: missing <stdexcept> to use
+ std::runtime_error
+
+Patch sent upstream as PR 50.
+
+Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
+---
+ scanner/scanner.cpp | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/scanner/scanner.cpp b/scanner/scanner.cpp
+index 9c97b7c..7019e0a 100644
+--- a/scanner/scanner.cpp
++++ b/scanner/scanner.cpp
+@@ -22,6 +22,7 @@
+ #include <sstream>
+ #include <cctype>
+ #include <cmath>
++#include <stdexcept>
+ 
+ #include "pugixml.hpp"
+ 
+-- 
+2.18.0
+

package/wireless_tools/Config.in

@@ -3,7 +3,7 @@ config BR2_PACKAGE_WIRELESS_TOOLS
 	help
 	  A collection of tools to configure wireless lan cards.
 
-	  http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/Tools.html
+	  https://hewlettpackard.github.io/wireless-tools/
 
 if BR2_PACKAGE_WIRELESS_TOOLS
 

package/wireless_tools/wireless_tools.mk

@@ -6,7 +6,7 @@
 
 WIRELESS_TOOLS_VERSION_MAJOR = 30
 WIRELESS_TOOLS_VERSION = $(WIRELESS_TOOLS_VERSION_MAJOR).pre9
-WIRELESS_TOOLS_SITE = http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux
+WIRELESS_TOOLS_SITE = https://hewlettpackard.github.io/wireless-tools
 WIRELESS_TOOLS_SOURCE = wireless_tools.$(WIRELESS_TOOLS_VERSION).tar.gz
 WIRELESS_TOOLS_LICENSE = GPL-2.0
 WIRELESS_TOOLS_LICENSE_FILES = COPYING

package/wireshark/wireshark.hash

@@ -1,4 +1,4 @@
-# From: https://www.wireshark.org/download/src/all-versions/SIGNATURES-2.2.15.txt
-sha256 d73583e9282d47c42b69fc3a1ac9cafb6047d1305f5027d4cf18e95922d11844  wireshark-2.2.15.tar.bz2
+# From: https://www.wireshark.org/download/src/all-versions/SIGNATURES-2.2.16.txt
+sha256 7dcc4e9f29ad8dd75849aa3b6f70b6ec82ab6899cb168096572775a6d97ced8a  wireshark-2.2.16.tar.bz2
 # Locally calculated
 sha256 7cdbed2b697efaa45576a033f1ac0e73cd045644a91c79bbf41d4a7d81dac7bf  COPYING

package/wireshark/wireshark.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-WIRESHARK_VERSION = 2.2.15
+WIRESHARK_VERSION = 2.2.16
 WIRESHARK_SOURCE = wireshark-$(WIRESHARK_VERSION).tar.bz2
 WIRESHARK_SITE = https://www.wireshark.org/download/src/all-versions
 WIRESHARK_LICENSE = wireshark license

package/wpa_supplicant/wpa_supplicant.hash

@@ -7,3 +7,5 @@ sha256  793a54748161b5af430dd9de4a1988d19cb8e85ab29bc2340f886b0297cee20b  rebase
 sha256  596d4d3b63ea859ed7ea9791b3a21cb11b6173b04c0a14a2afa47edf1666afa6  rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
 sha256  c5a17af84aec2d88c56ce0da2d6945be398fe7cab5c0c340deb30973900c2736  rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
 sha256  c8840d857b9432f3b488113c85c1ff5d4a4b8d81078b7033388dae1e990843b1  rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
+sha256  960c3cf2a514479b0b4cf09665186a1a9f5d28e8b05dec23db75c6cc13eb1f7c  rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch
+sha256  3f6ca36d86668d6607389e01cf4766f38aa3b8ab2c144ad132541087b41c061d  README

package/wpa_supplicant/wpa_supplicant.mk

@@ -13,7 +13,8 @@ WPA_SUPPLICANT_PATCH = \
 	http://w1.fi/security/2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch \
 	http://w1.fi/security/2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch \
 	http://w1.fi/security/2017-1/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch \
-	http://w1.fi/security/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
+	http://w1.fi/security/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch \
+	http://w1.fi/security/2018-1/rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch
 WPA_SUPPLICANT_LICENSE = BSD-3-Clause
 WPA_SUPPLICANT_LICENSE_FILES = README
 WPA_SUPPLICANT_CONFIG = $(WPA_SUPPLICANT_DIR)/wpa_supplicant/.config

package/x11r7/xdriver_xf86-video-ati/xdriver_xf86-video-ati.mk

@@ -15,7 +15,7 @@ XDRIVER_XF86_VIDEO_ATI_DEPENDENCIES = \
 	xorgproto \
 	xserver_xorg-server
 
-ifeq ($(BR2_PACKAGE_LIBEPOXY),y)
+ifeq ($(BR2_PACKAGE_HAS_LIBEGL)$(BR2_PACKAGE_HAS_LIBGL)$(BR2_PACKAGE_LIBEPOXY),yyy)
 XDRIVER_XF86_VIDEO_ATI_CONF_OPTS = --enable-glamor
 else
 XDRIVER_XF86_VIDEO_ATI_CONF_OPTS = --disable-glamor