fix: _brightness.sh - find brighness files with '*video*' path (multiple files)

[cmdllinux.git] / buildroot / _buildroot / buildroot-2017.05-rc2-2017.05.2.patch

diff -Naurp buildroot-2017.05-rc2/arch/Config.in.arm buildroot-2017.05.2/arch/Config.in.arm
--- buildroot-2017.05-rc2/arch/Config.in.arm    2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/arch/Config.in.arm      2017-07-27 08:16:52.017486944 +0200
@@ -534,15 +534,9 @@ config BR2_GCC_TARGET_CPU
        default "strongarm"     if BR2_strongarm
        default "xscale"        if BR2_xscale
        default "iwmmxt"        if BR2_iwmmxt
-       default "cortex-a53"            if (BR2_cortex_a53 && !BR2_ARCH_IS_64)
-       default "cortex-a53+fp"         if (BR2_cortex_a53 && BR2_ARCH_IS_64 && BR2_ARM_FPU_FP_ARMV8)
-       default "cortex-a53+fp+simd"    if (BR2_cortex_a53 && BR2_ARCH_IS_64 && BR2_ARM_FPU_NEON_FP_ARMV8)
-       default "cortex-a57"            if (BR2_cortex_a57 && !BR2_ARCH_IS_64)
-       default "cortex-a57+fp"         if (BR2_cortex_a57 && BR2_ARCH_IS_64 && BR2_ARM_FPU_FP_ARMV8)
-       default "cortex-a57+fp+simd"    if (BR2_cortex_a57 && BR2_ARCH_IS_64 && BR2_ARM_FPU_NEON_FP_ARMV8)
-       default "cortex-a72"            if (BR2_cortex_a72 && !BR2_ARCH_IS_64)
-       default "cortex-a72+fp"         if (BR2_cortex_a72 && BR2_ARCH_IS_64 && BR2_ARM_FPU_FP_ARMV8)
-       default "cortex-a72+fp+simd"    if (BR2_cortex_a72 && BR2_ARCH_IS_64 && BR2_ARM_FPU_NEON_FP_ARMV8)
+       default "cortex-a53"    if BR2_cortex_a53
+       default "cortex-a57"    if BR2_cortex_a57
+       default "cortex-a72"    if BR2_cortex_a72
 
 config BR2_GCC_TARGET_ABI
        default "aapcs-linux"   if BR2_arm || BR2_armeb
diff -Naurp buildroot-2017.05-rc2/board/atmel/at91sam9x5ek_mmc/genimage.cfg buildroot-2017.05.2/board/atmel/at91sam9x5ek_mmc/genimage.cfg
--- buildroot-2017.05-rc2/board/atmel/at91sam9x5ek_mmc/genimage.cfg     2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/board/atmel/at91sam9x5ek_mmc/genimage.cfg       2017-07-27 08:16:52.017486944 +0200
@@ -24,6 +24,7 @@ image sdcard.img {
                partition-type = 0xC
                bootable = "true"
                image = "boot.vfat"
+               offset = 1M
        }
 
        partition rootfs {
diff -Naurp buildroot-2017.05-rc2/boot/syslinux/Config.in buildroot-2017.05.2/boot/syslinux/Config.in
--- buildroot-2017.05-rc2/boot/syslinux/Config.in       2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/boot/syslinux/Config.in 2017-07-27 08:16:52.017486944 +0200
@@ -35,6 +35,7 @@ config BR2_TARGET_SYSLINUX_PXELINUX
 
 config BR2_TARGET_SYSLINUX_MBR
        bool "install mbr"
+       depends on !BR2_TOOLCHAIN_HAS_BINUTILS_BUG_19615
        select BR2_TARGET_SYSLINUX_LEGACY_BIOS
        help
          Install the legacy-BIOS 'mbr' image, to boot off a
diff -Naurp buildroot-2017.05-rc2/boot/syslinux/syslinux.mk buildroot-2017.05.2/boot/syslinux/syslinux.mk
--- buildroot-2017.05-rc2/boot/syslinux/syslinux.mk     2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/boot/syslinux/syslinux.mk       2017-07-27 08:16:52.017486944 +0200
@@ -13,7 +13,8 @@ SYSLINUX_LICENSE_FILES = COPYING
 
 SYSLINUX_INSTALL_IMAGES = YES
 
-SYSLINUX_DEPENDENCIES = host-nasm host-upx util-linux
+# host-util-linux needed to provide libuuid when building host tools
+SYSLINUX_DEPENDENCIES = host-nasm host-upx util-linux host-util-linux
 
 ifeq ($(BR2_TARGET_SYSLINUX_LEGACY_BIOS),y)
 SYSLINUX_TARGET += bios
diff -Naurp buildroot-2017.05-rc2/.br-external.mk buildroot-2017.05.2/.br-external.mk
--- buildroot-2017.05-rc2/.br-external.mk       2017-05-17 10:29:56.013401440 +0200
+++ buildroot-2017.05.2/.br-external.mk 1970-01-01 01:00:00.000000000 +0100
@@ -1,10 +0,0 @@
-#
-# Automatically generated file; DO NOT EDIT.
-#
-
-BR2_EXTERNAL ?=
-BR2_EXTERNAL_NAMES = 
-BR2_EXTERNAL_DIRS = 
-BR2_EXTERNAL_MKS = 
-
-# No br2-external tree defined.
diff -Naurp buildroot-2017.05-rc2/CHANGES buildroot-2017.05.2/CHANGES
--- buildroot-2017.05-rc2/CHANGES       2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/CHANGES 2017-07-27 08:16:52.017486944 +0200
@@ -1,3 +1,97 @@
+2017.05.2, Released July 27th, 2017
+
+       Important / security related fixes.
+
+       Webkitgtk bumped to the 2.16.x series, fixing a large number
+       of security issues.
+
+       host-aespipe compile fix for Debian/Gentoo/Ubuntu toolchains
+       which default to PIE mode.
+
+       Updated/fixed packages: aespipe, apache, bind, binutils,
+       busybox, ccache, collectd, dieharder, efibootmgr, efivar,
+       expat, ffmpeg, gcc, heimdal, iproute2, irssi, libglib2,
+       libmemcached, libosip2, libtirpc, libxml-parser-perl,
+       linux-fusion, linux-zigbee, mpg123, orc, pcre, php, protobuf,
+       pulseaudio, python-setproctitle, qt5base, rpi-firmware,
+       samba4, syslinux, systemd, spice, tcpdump, tiff, uboot-tools,
+       webkitgtk, x265, xserver_xorg-server, xvisor
+
+       Issues resolved (http://bugs.buildroot.org):
+
+       #10061: gcc5.4 buildroot toolchain for powerpc libsanitizer...
+
+2017.05.1, Released July 4th, 2017
+
+       Important / security related fixes.
+
+       Update support/scripts/scancpan to use METACPAN v1 API as v0
+       has been shutdown.
+
+       Update support/scripts/mkusers to handle setups where
+       /etc/shadow is a symlink.
+
+       External toolchain: Don't create musl dynamic loader symlink
+       for static builds.
+
+       Setlocalversion: Correct detection of mercurial revisions for
+       non-tagged versions.
+
+       Defconfigs: at91sam9x5ek_mmc: workaround boot rom issue.
+
+       Updated/fixed packages: apache, automake, bind, botan, c-ares,
+       dhcp, expat, fcgiwrap, gcc, gdb, gesftpserver, glibc, glmark2,
+       gnutls, gst1-plugins-bad, imagemagick, imx-uuc, intltool,
+       iperf, ipsec-tools, irssi, kmod, libcurl, libgcrypt, libmad,
+       libnl, lugaro, mosquitto, mpg123, ncurses, nodejs, ntp,
+       openssh, openvpn, pngquant, python-simplegeneric, qt5base,
+       qt5multimedia, rtl8821au, socat, spice, systemd, tor, trinity,
+       tslib, vlc, x264, xen, xlib_libxshmfenc, xserver_xorg-server
+
+       Issues resolved (http://bugs.buildroot.org):
+
+       #9976: License file for package 'rtl8821au' incorrect
+
+2017.05, Released May 31st, 2017
+
+       Minor fixes.
+
+       External toolchain: musl dynamic linker symlink for mips-sf
+       corrected.
+
+       Updated/fixed packages: agentpp, bash, exim, hans, madplay,
+       qpid-proton, rtl8188eu, snmppp, stm32flash, strongswan, sudo,
+       xen
+
+       Issues resolved (http://bugs.buildroot.org):
+
+       #9906: genimage: Disk full
+
+2017.05-rc3, Released May 30th, 2017
+
+       Fixes all over the tree.
+
+       ARC toolchain bumped to 2017.03
+
+       Runtime testing improvements and cleanups.
+
+       Updated/fixed packages: acpica, armadillo, audiofile, c-icap,
+       cppcms, dhcp, docker-engine, dropbear, elfutils, erlang,
+       fbgrab, ffmpeg, flashrom, ftop, gnutls, google-breakpad,
+       keepalived, kodi, libcdio, libepoxy, libev, libminiupnpc,
+       libqmi, libtasn1, libv4l, mariadb, mono, mosh, mosquitto,
+       mxml, ntp, opencv, openpowerlink, oracle-mysql, popt,
+       pulseview, python-enum34, rabbitmq-c, redis, samba4, stella,
+       xen
+
+       Removed packages: firejail, ola
+
+       Issues resolved (http://bugs.buildroot.org):
+
+       #9871: fbgrab 1.3 won't build with BR2_REPRODUCIBLE set
+       #9876: aarch64 support with gcc 4.8 toolchain
+       #9896: host-gcc-initial error downloading because incorrect URL
+
 2017.05-rc2, Released May 17th, 2017
 
        Fixes all over the tree.
diff -Naurp buildroot-2017.05-rc2/Config.in buildroot-2017.05.2/Config.in
--- buildroot-2017.05-rc2/Config.in     2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/Config.in       2017-07-27 08:16:52.017486944 +0200
@@ -57,6 +57,11 @@ config BR2_HOST_GCC_AT_LEAST_6
        default y if BR2_HOST_GCC_VERSION = "6"
        select BR2_HOST_GCC_AT_LEAST_5
 
+config BR2_HOST_GCC_AT_LEAST_7
+       bool
+       default y if BR2_HOST_GCC_VERSION = "7"
+       select BR2_HOST_GCC_AT_LEAST_6
+
 # Hidden boolean selected by packages in need of Java in order to build
 # (example: xbmc)
 config BR2_NEEDS_HOST_JAVA
diff -Naurp buildroot-2017.05-rc2/Config.in.legacy buildroot-2017.05.2/Config.in.legacy
--- buildroot-2017.05-rc2/Config.in.legacy      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/Config.in.legacy        2017-07-27 08:16:52.017486944 +0200
@@ -143,8 +143,42 @@ comment "-------------------------------
 endif
 
 ###############################################################################
+
 comment "Legacy options removed in 2017.05"
 
+config BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_WEBRTC
+       bool "gst1-plugins-bad webrtc renamed to webrtcdsp"
+       select BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_WEBRTCDSP
+       select BR2_LEGACY
+       help
+         The WebRTC plugin in GStreamer 1.x has always been named
+         webrtcdsp, but was wrongly introduced in Buildroot under the
+         name webrtc. Therefore, we have renamed the option to match
+         the actual name of the GStreamer plugin.
+
+config BR2_PACKAGE_SPICE_CLIENT
+       bool "spice client support removed"
+       select BR2_LEGACY
+       help
+         Spice client support has been removed upstream. The
+         functionality now lives in the spice-gtk widget and
+         virt-viewer.
+
+config BR2_PACKAGE_SPICE_GUI
+       bool "spice gui support removed"
+       select BR2_LEGACY
+       help
+         Spice gui support has been removed upstream. The
+         functionality now lives in the spice-gtk widget and
+         virt-viewer.
+
+config BR2_PACKAGE_SPICE_TUNNEL
+       bool "spice network redirection removed"
+       select BR2_LEGACY
+       help
+         Spice network redirection, aka tunnelling has been removed
+         upstream.
+
 config BR2_PACKAGE_SUNXI_MALI_R2P4
        bool "sunxi-mali r2p4 removed"
        select BR2_LEGACY
diff -Naurp buildroot-2017.05-rc2/DEVELOPERS buildroot-2017.05.2/DEVELOPERS
--- buildroot-2017.05-rc2/DEVELOPERS    2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/DEVELOPERS      2017-07-27 08:16:52.017486944 +0200
@@ -30,9 +30,17 @@ N:   Abhilash Tuse <abhilash.tuse@imgtec.c
 F:     package/gstreamer1/gst1-rtsp-server/
 
 N:     Adam Duskett <aduskett@gmail.com>
+F:     package/audit/
+F:     package/checkpolicy/
 F:     package/gstreamer1/gst1-vaapi/
+F:     package/libselinux/
+F:     package/libsemanage/
+F:     package/libsepol/
 F:     package/nginx-naxsi/
+F:     package/policycoreutils/
 F:     package/python-mutagen/
+F:     package/sepolgen/
+F:     package/setools/
 F:     package/sngrep/
 
 N:     Alex Suykov <alex.suykov@gmail.com>
@@ -75,9 +83,6 @@ N:    Andrey Smirnov <andrew.smirnov@gmail.
 F:     package/python-decorator/
 F:     package/python-simplegeneric/
 
-N:     Andrew Ruder <andrew.ruder@elecsyscorp.com>
-F:     package/expect/
-
 N:     Andy Kennedy <andy.kennedy@adtran.com>
 F:     package/libunwind/
 
@@ -160,6 +165,8 @@ F:  boot/syslinux/
 F:     package/dc3dd/
 
 N:     Bernd Kuhls <bernd.kuhls@t-online.de>
+F:     package/alsa-lib/
+F:     package/alsa-utils/
 F:     package/apache/
 F:     package/apr/
 F:     package/apr-util/
@@ -315,9 +322,6 @@ F:  package/libdvbsi/
 F:     package/libsvg/
 F:     package/libsvg-cairo/
 
-N:     Chris Frederick <chrisf@cdf123.net>
-F:     package/firejail/
-
 N:     Chris Packham <judge.packham@gmail.com>
 F:     package/eventlog/
 F:     package/micropython/
@@ -397,9 +401,6 @@ F:  package/lua-cjson/
 F:     package/luaexpat/
 F:     package/xinetd/
 
-N:     Dave Skok <blanco.ether@gmail.com>
-F:     package/ola/
-
 N:     David Bachelart <david.bachelart@bbright.com>
 F:     package/ccrypt/
 F:     package/dos2unix/
@@ -1193,9 +1194,6 @@ F:        package/nvidia-tegra23/nvidia-tegra23
 N:     Nimai Mahajan <nimaim@gmail.com>
 F:     package/libucl/
 
-N:     Niranjan Reddy <niranjan.reddy@rockwellcollins.com>
-F:     package/cgroupfs-mount/
-
 N:     Noé Rubinstein <noe.rubinstein@gmail.com>
 F:     package/tpm-tools/
 F:     package/trousers/
diff -Naurp buildroot-2017.05-rc2/.gitlab-ci.yml buildroot-2017.05.2/.gitlab-ci.yml
--- buildroot-2017.05-rc2/.gitlab-ci.yml        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/.gitlab-ci.yml  2017-07-27 08:16:52.017486944 +0200
@@ -4,18 +4,7 @@
 # It needs to be regenerated every time a defconfig is added, using
 # "make .gitlab-ci.yml".
 
-image: debian:stable
-
-before_script:
-    - dpkg --add-architecture i386
-    # The container has no package lists, so need to update first
-    - apt-get update -qq
-    - apt-get install -y -qq --no-install-recommends
-        build-essential locales bc ca-certificates file rsync gcc-multilib
-        git bzr cvs mercurial subversion libc6:i386 unzip wget cpio
-    # To be able to generate a toolchain with locales, enable one UTF-8 locale
-    - sed -i 's/# \(en_US.UTF-8\)/\1/' /etc/locale.gen
-    - /usr/sbin/locale-gen
+image: buildroot/base
 
 .defconfig_script: &defconfig_script
     - echo 'Configure Buildroot'
diff -Naurp buildroot-2017.05-rc2/.gitlab-ci.yml.in buildroot-2017.05.2/.gitlab-ci.yml.in
--- buildroot-2017.05-rc2/.gitlab-ci.yml.in     2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/.gitlab-ci.yml.in       2017-07-27 08:16:52.017486944 +0200
@@ -4,18 +4,7 @@
 # It needs to be regenerated every time a defconfig is added, using
 # "make .gitlab-ci.yml".
 
-image: debian:stable
-
-before_script:
-    - dpkg --add-architecture i386
-    # The container has no package lists, so need to update first
-    - apt-get update -qq
-    - apt-get install -y -qq --no-install-recommends
-        build-essential locales bc ca-certificates file rsync gcc-multilib
-        git bzr cvs mercurial subversion libc6:i386 unzip wget cpio
-    # To be able to generate a toolchain with locales, enable one UTF-8 locale
-    - sed -i 's/# \(en_US.UTF-8\)/\1/' /etc/locale.gen
-    - /usr/sbin/locale-gen
+image: buildroot/base
 
 .defconfig_script: &defconfig_script
     - echo 'Configure Buildroot'
diff -Naurp buildroot-2017.05-rc2/linux/Config.in buildroot-2017.05.2/linux/Config.in
--- buildroot-2017.05-rc2/linux/Config.in       2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/linux/Config.in 2017-07-27 08:16:52.017486944 +0200
@@ -26,7 +26,7 @@ choice
        prompt "Kernel version"
 
 config BR2_LINUX_KERNEL_LATEST_VERSION
-       bool "Latest version (4.11.1)"
+       bool "Latest version (4.11.9)"
 
 config BR2_LINUX_KERNEL_LATEST_CIP_VERSION
        bool "Latest CIP SLTS version (v4.4.55-cip3)"
@@ -116,7 +116,7 @@ endif
 
 config BR2_LINUX_KERNEL_VERSION
        string
-       default "4.11.1" if BR2_LINUX_KERNEL_LATEST_VERSION
+       default "4.11.9" if BR2_LINUX_KERNEL_LATEST_VERSION
        default "v4.4.55-cip3" if BR2_LINUX_KERNEL_LATEST_CIP_VERSION
        default BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE \
                if BR2_LINUX_KERNEL_CUSTOM_VERSION
diff -Naurp buildroot-2017.05-rc2/linux/linux.mk buildroot-2017.05.2/linux/linux.mk
--- buildroot-2017.05-rc2/linux/linux.mk        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/linux/linux.mk  2017-07-27 08:16:52.017486944 +0200
@@ -278,7 +278,7 @@ define LINUX_KCONFIG_FIXUP_CMDS
                $(call KCONFIG_ENABLE_OPT,CONFIG_FHANDLE,$(@D)/.config)
                $(call KCONFIG_ENABLE_OPT,CONFIG_AUTOFS4_FS,$(@D)/.config)
                $(call KCONFIG_ENABLE_OPT,CONFIG_TMPFS_POSIX_ACL,$(@D)/.config)
-               $(call KCONFIG_ENABLE_OPT,CONFIG_TMPFS_POSIX_XATTR,$(@D)/.config))
+               $(call KCONFIG_ENABLE_OPT,CONFIG_TMPFS_XATTR,$(@D)/.config))
        $(if $(BR2_PACKAGE_SMACK),
                $(call KCONFIG_ENABLE_OPT,CONFIG_SECURITY,$(@D)/.config)
                $(call KCONFIG_ENABLE_OPT,CONFIG_SECURITY_SMACK,$(@D)/.config)
diff -Naurp buildroot-2017.05-rc2/Makefile buildroot-2017.05.2/Makefile
--- buildroot-2017.05-rc2/Makefile      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/Makefile        2017-07-27 08:16:52.017486944 +0200
@@ -86,9 +86,9 @@ else # umask / $(CURDIR) / $(O)
 all:
 
 # Set and export the version string
-export BR2_VERSION := 2017.05-rc2
+export BR2_VERSION := 2017.05.2
 # Actual time the release is cut (for reproducible builds)
-BR2_VERSION_EPOCH = 1495000000
+BR2_VERSION_EPOCH = 1501136000
 
 # Save running make version since it's clobbered by the make package
 RUNNING_MAKE_VERSION := $(MAKE_VERSION)
diff -Naurp buildroot-2017.05-rc2/package/acpica/acpica.mk buildroot-2017.05.2/package/acpica/acpica.mk
--- buildroot-2017.05-rc2/package/acpica/acpica.mk      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/acpica/acpica.mk        2017-07-27 08:16:52.017486944 +0200
@@ -17,10 +17,22 @@ define ACPICA_BUILD_CMDS
                all
 endef
 
+define HOST_ACPICA_BUILD_CMDS
+       $(HOST_CONFIGURE_OPTS) $(MAKE) -C $(@D) \
+               all
+endef
+
 define ACPICA_INSTALL_TARGET_CMDS
        $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D) \
                HARDWARE_NAME=$(BR2_ARCH) DESTDIR="$(TARGET_DIR)" \
                INSTALLFLAGS=-m755 install
 endef
 
+define HOST_ACPICA_INSTALL_CMDS
+       $(HOST_CONFIGURE_OPTS) $(MAKE) -C $(@D) \
+               PREFIX="$(HOST_DIR)/usr" \
+               INSTALLFLAGS=-m755 install
+endef
+
 $(eval $(generic-package))
+$(eval $(host-generic-package))
diff -Naurp buildroot-2017.05-rc2/package/aespipe/aespipe.mk buildroot-2017.05.2/package/aespipe/aespipe.mk
--- buildroot-2017.05-rc2/package/aespipe/aespipe.mk    2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/aespipe/aespipe.mk      2017-07-27 08:16:52.017486944 +0200
@@ -9,5 +9,15 @@ AESPIPE_SOURCE = aespipe-v$(AESPIPE_VERS
 AESPIPE_SITE = http://loop-aes.sourceforge.net/aespipe
 AESPIPE_LICENSE = GPL
 
+# Recent Debian, Gentoo and Ubuntu enable -fPIE by default, breaking the build:
+# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837393
+# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835148
+# Older gcc versions however don't support the -no-pie flag, so we have to
+# check its availability.
+HOST_AESPIPE_NO_PIE_FLAG = $(call host-cc-option,-no-pie)
+HOST_AESPIPE_CONF_ENV = \
+       CFLAGS="$(HOST_CFLAGS) $(HOST_AESPIPE_NO_PIE_FLAG)" \
+       LDFLAGS="$(HOST_LDFLAGS) $(HOST_AESPIPE_NO_PIE_FLAG)"
+
 $(eval $(autotools-package))
 $(eval $(host-autotools-package))
diff -Naurp buildroot-2017.05-rc2/package/agentpp/Config.in buildroot-2017.05.2/package/agentpp/Config.in
--- buildroot-2017.05-rc2/package/agentpp/Config.in     2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/agentpp/Config.in       2017-07-27 08:16:52.017486944 +0200
@@ -5,13 +5,14 @@ config BR2_PACKAGE_AGENTPP
        depends on !BR2_STATIC_LIBS # snmp++
        select BR2_PACKAGE_SNMPPP
        help
-         AGENT++ is a set of C++ classes which provides a complete protocol
-         engine and dispatch table for the development of SNMP agents.
-         AGENT++ is a multilingual API which supports SNMPv1, SNMPv2c, and
-         SNMPv3. It provides various C++ classes implementing prototypes for
-         scalar and table SNMP managed objects that can be customized by
-         derivation. Additional classes support the development of proxy
-         agents as well as sending notifications.
+         AGENT++ is a set of C++ classes which provides a complete
+         protocol engine and dispatch table for the development of
+         SNMP agents. AGENT++ is a multilingual API which supports
+         SNMPv1, SNMPv2c, and SNMPv3. It provides various C++ classes
+         implementing prototypes for scalar and table SNMP managed
+         objects that can be customized by derivation. Additional
+         classes support the development of proxy agents as well as
+         sending notifications.
 
          SNMPv3 support is enabled if SNMP++ enables it.
 
diff -Naurp buildroot-2017.05-rc2/package/aiccu/Config.in buildroot-2017.05.2/package/aiccu/Config.in
--- buildroot-2017.05-rc2/package/aiccu/Config.in       2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/aiccu/Config.in 2017-07-27 08:16:52.017486944 +0200
@@ -1,5 +1,6 @@
 config BR2_PACKAGE_AICCU
        bool "aiccu"
+       depends on !BR2_STATIC_LIBS # gnutls
        depends on BR2_USE_WCHAR
        depends on BR2_TOOLCHAIN_HAS_THREADS
        depends on BR2_USE_MMU # fork()
@@ -18,6 +19,7 @@ config BR2_PACKAGE_AICCU
 
          http://www.sixxs.net/tools/aiccu/
 
-comment "aiccu needs a toolchain w/ wchar, threads"
+comment "aiccu needs a toolchain w/ wchar, threads, dynamic library"
        depends on BR2_USE_MMU
-       depends on !(BR2_USE_WCHAR && BR2_TOOLCHAIN_HAS_THREADS)
+       depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS \
+               || BR2_STATIC_LIBS
diff -Naurp buildroot-2017.05-rc2/package/apache/apache.hash buildroot-2017.05.2/package/apache/apache.hash
--- buildroot-2017.05-rc2/package/apache/apache.hash    2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/apache/apache.hash      2017-07-27 08:16:52.017486944 +0200
@@ -1,2 +1,2 @@
-# From http://www.apache.org/dist/httpd/httpd-2.4.23.tar.bz2.sha1
-sha1 bd6d138c31c109297da2346c6e7b93b9283993d2  httpd-2.4.25.tar.bz2
+# From http://www.apache.org/dist/httpd/httpd-2.4.27.tar.bz2.sha256
+sha256 71fcc128238a690515bd8174d5330a5309161ef314a326ae45c7c15ed139c13a httpd-2.4.27.tar.bz2
diff -Naurp buildroot-2017.05-rc2/package/apache/apache.mk buildroot-2017.05.2/package/apache/apache.mk
--- buildroot-2017.05-rc2/package/apache/apache.mk      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/apache/apache.mk        2017-07-27 08:16:52.017486944 +0200
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-APACHE_VERSION = 2.4.25
+APACHE_VERSION = 2.4.27
 APACHE_SOURCE = httpd-$(APACHE_VERSION).tar.bz2
 APACHE_SITE = http://archive.apache.org/dist/httpd
 APACHE_LICENSE = Apache-2.0
diff -Naurp buildroot-2017.05-rc2/package/armadillo/armadillo.mk buildroot-2017.05.2/package/armadillo/armadillo.mk
--- buildroot-2017.05-rc2/package/armadillo/armadillo.mk        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/armadillo/armadillo.mk  2017-07-27 08:16:52.017486944 +0200
@@ -5,7 +5,9 @@
 ################################################################################
 
 ARMADILLO_VERSION = 6.500.4
-ARMADILLO_SITE = http://downloads.sourceforge.net/project/arma
+# upstream removed tarball from
+# http://downloads.sourceforge.net/project/arma
+ARMADILLO_SITE = https://ftp.fau.de/macports/distfiles/armadillo
 ARMADILLO_DEPENDENCIES = clapack
 ARMADILLO_INSTALL_STAGING = YES
 ARMADILLO_LICENSE = MPL-2.0
diff -Naurp buildroot-2017.05-rc2/package/audiofile/0008-CVE-2015-7747.patch buildroot-2017.05.2/package/audiofile/0008-CVE-2015-7747.patch
--- buildroot-2017.05-rc2/package/audiofile/0008-CVE-2015-7747.patch    1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/audiofile/0008-CVE-2015-7747.patch      2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,161 @@
+Description: fix buffer overflow when changing both sample format and
+ number of channels
+Origin: https://github.com/mpruett/audiofile/pull/25
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1502721
+Bug-Debian: https://bugs.debian.org/801102
+
+Downloaded from
+https://gitweb.gentoo.org/repo/gentoo.git/tree/media-libs/audiofile/files/audiofile-0.3.6-CVE-2015-7747.patch
+
+Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
+
+--- a/libaudiofile/modules/ModuleState.cpp
++++ b/libaudiofile/modules/ModuleState.cpp
+@@ -402,7 +402,7 @@ status ModuleState::arrange(AFfilehandle
+               addModule(new Transform(outfc, in.pcm, out.pcm));
+ 
+       if (in.channelCount != out.channelCount)
+-              addModule(new ApplyChannelMatrix(infc, isReading,
++              addModule(new ApplyChannelMatrix(outfc, isReading,
+                       in.channelCount, out.channelCount,
+                       in.pcm.minClip, in.pcm.maxClip,
+                       track->channelMatrix));
+--- a/test/Makefile.am
++++ b/test/Makefile.am
+@@ -26,6 +26,7 @@ TESTS = \
+       VirtualFile \
+       floatto24 \
+       query2 \
++      sixteen-stereo-to-eight-mono \
+       sixteen-to-eight \
+       testchannelmatrix \
+       testdouble \
+@@ -139,6 +140,7 @@ printmarkers_SOURCES = printmarkers.c
+ printmarkers_LDADD = $(LIBAUDIOFILE) -lm
+ 
+ sixteen_to_eight_SOURCES = sixteen-to-eight.c TestUtilities.cpp TestUtilities.h
++sixteen_stereo_to_eight_mono_SOURCES = sixteen-stereo-to-eight-mono.c TestUtilities.cpp TestUtilities.h
+ 
+ testchannelmatrix_SOURCES = testchannelmatrix.c TestUtilities.cpp TestUtilities.h
+ 
+--- /dev/null
++++ b/test/sixteen-stereo-to-eight-mono.c
+@@ -0,0 +1,118 @@
++/*
++      Audio File Library
++
++      Copyright 2000, Silicon Graphics, Inc.
++
++      This program is free software; you can redistribute it and/or modify
++      it under the terms of the GNU General Public License as published by
++      the Free Software Foundation; either version 2 of the License, or
++      (at your option) any later version.
++
++      This program is distributed in the hope that it will be useful,
++      but WITHOUT ANY WARRANTY; without even the implied warranty of
++      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++      GNU General Public License for more details.
++
++      You should have received a copy of the GNU General Public License along
++      with this program; if not, write to the Free Software Foundation, Inc.,
++      51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
++*/
++
++/*
++      sixteen-stereo-to-eight-mono.c
++
++      This program tests the conversion from 2-channel 16-bit integers to
++      1-channel 8-bit integers.
++*/
++
++#ifdef HAVE_CONFIG_H
++#include <config.h>
++#endif
++
++#include <stdint.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <unistd.h>
++#include <limits.h>
++
++#include <audiofile.h>
++
++#include "TestUtilities.h"
++
++int main (int argc, char **argv)
++{
++      AFfilehandle file;
++      AFfilesetup setup;
++      int16_t frames16[] = {14298, 392, 3923, -683, 958, -1921};
++      int8_t frames8[] = {28, 6, -2};
++      int i, frameCount = 3;
++      int8_t byte;
++      AFframecount result;
++
++      setup = afNewFileSetup();
++
++      afInitFileFormat(setup, AF_FILE_WAVE);
++
++      afInitSampleFormat(setup, AF_DEFAULT_TRACK, AF_SAMPFMT_TWOSCOMP, 16);
++      afInitChannels(setup, AF_DEFAULT_TRACK, 2);
++
++      char *testFileName;
++      if (!createTemporaryFile("sixteen-to-eight", &testFileName))
++      {
++              fprintf(stderr, "Could not create temporary file.\n");
++              exit(EXIT_FAILURE);
++      }
++
++      file = afOpenFile(testFileName, "w", setup);
++      if (file == AF_NULL_FILEHANDLE)
++      {
++              fprintf(stderr, "could not open file for writing\n");
++              exit(EXIT_FAILURE);
++      }
++
++      afFreeFileSetup(setup);
++
++      afWriteFrames(file, AF_DEFAULT_TRACK, frames16, frameCount);
++
++      afCloseFile(file);
++
++      file = afOpenFile(testFileName, "r", AF_NULL_FILESETUP);
++      if (file == AF_NULL_FILEHANDLE)
++      {
++              fprintf(stderr, "could not open file for reading\n");
++              exit(EXIT_FAILURE);
++      }
++
++      afSetVirtualSampleFormat(file, AF_DEFAULT_TRACK, AF_SAMPFMT_TWOSCOMP, 8);
++      afSetVirtualChannels(file, AF_DEFAULT_TRACK, 1);
++
++      for (i=0; i<frameCount; i++)
++      {
++              /* Read one frame. */
++              result = afReadFrames(file, AF_DEFAULT_TRACK, &byte, 1);
++
++              if (result != 1)
++                      break;
++
++              /* Compare the byte read with its precalculated value. */
++              if (memcmp(&byte, &frames8[i], 1) != 0)
++              {
++                      printf("error\n");
++                      printf("expected %d, got %d\n", frames8[i], byte);
++                      exit(EXIT_FAILURE);
++              }
++              else
++              {
++#ifdef DEBUG
++                      printf("got what was expected: %d\n", byte);
++#endif
++              }
++      }
++
++      afCloseFile(file);
++      unlink(testFileName);
++      free(testFileName);
++
++      exit(EXIT_SUCCESS);
++}
diff -Naurp buildroot-2017.05-rc2/package/audiofile/0009-Fix-static-linking-with-libsndfile.patch buildroot-2017.05.2/package/audiofile/0009-Fix-static-linking-with-libsndfile.patch
--- buildroot-2017.05-rc2/package/audiofile/0009-Fix-static-linking-with-libsndfile.patch       1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/audiofile/0009-Fix-static-linking-with-libsndfile.patch 2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,193 @@
+From d89a938f48e97b5770509d53c5478c5c3008d6e8 Mon Sep 17 00:00:00 2001
+From: Bernd Kuhls <bernd.kuhls@t-online.de>
+Date: Sat, 27 May 2017 17:53:33 +0200
+Subject: [PATCH 1/1] Fix static linking with libsndfile
+
+libsndfile and audiofile both contain mixXX functions in their alac
+code which lead to symbol name clashes when apps like mpd try to
+statically link to both audiofile and libsndfile at the same time.
+
+This patch renames these functions to avoid the problem which was
+detected by the buildroot autobuilders:
+http://autobuild.buildroot.net/results/799/7997ccd698f03885f98d00bd150dc3a578e4b161/
+
+Patch sent upstream: https://github.com/mpruett/audiofile/pull/45
+
+Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
+---
+ libaudiofile/alac/ALACEncoder.cpp | 28 ++++++++++++++--------------
+ libaudiofile/alac/matrix_enc.c    |  8 ++++----
+ libaudiofile/alac/matrixlib.h     |  8 ++++----
+ 3 files changed, 22 insertions(+), 22 deletions(-)
+
+diff --git a/libaudiofile/alac/ALACEncoder.cpp b/libaudiofile/alac/ALACEncoder.cpp
+index da922c2..3d088cc 100644
+--- a/libaudiofile/alac/ALACEncoder.cpp
++++ b/libaudiofile/alac/ALACEncoder.cpp
+@@ -332,19 +332,19 @@ int32_t ALACEncoder::EncodeStereo( BitBuffer * bitstream, void * inputBuffer, ui
+         switch ( mBitDepth )
+         {
+             case 16:
+-                mix16( (int16_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples/dilate, mixBits, mixRes );
++                audiofile_alac_mix16( (int16_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples/dilate, mixBits, mixRes );
+                 break;
+             case 20:
+-                mix20( (uint8_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples/dilate, mixBits, mixRes );
++                audiofile_alac_mix20( (uint8_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples/dilate, mixBits, mixRes );
+                 break;
+             case 24:
+                 // includes extraction of shifted-off bytes
+-                mix24( (uint8_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples/dilate,
++                audiofile_alac_mix24( (uint8_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples/dilate,
+                         mixBits, mixRes, mShiftBufferUV, bytesShifted );
+                 break;
+             case 32:
+                 // includes extraction of shifted-off bytes
+-                mix32( (int32_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples/dilate,
++                audiofile_alac_mix32( (int32_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples/dilate,
+                         mixBits, mixRes, mShiftBufferUV, bytesShifted );
+                 break;
+         }
+@@ -379,19 +379,19 @@ int32_t ALACEncoder::EncodeStereo( BitBuffer * bitstream, void * inputBuffer, ui
+       switch ( mBitDepth )
+       {
+               case 16:
+-                      mix16( (int16_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples, mixBits, mixRes );
++                      audiofile_alac_mix16( (int16_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples, mixBits, mixRes );
+                       break;
+               case 20:
+-                      mix20( (uint8_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples, mixBits, mixRes );
++                      audiofile_alac_mix20( (uint8_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples, mixBits, mixRes );
+                       break;
+               case 24:
+                       // also extracts the shifted off bytes into the shift buffers
+-                      mix24( (uint8_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples,
++                      audiofile_alac_mix24( (uint8_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples,
+                                       mixBits, mixRes, mShiftBufferUV, bytesShifted );
+                       break;
+               case 32:
+                       // also extracts the shifted off bytes into the shift buffers
+-                      mix32( (int32_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples,
++                      audiofile_alac_mix32( (int32_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples,
+                                       mixBits, mixRes, mShiftBufferUV, bytesShifted );
+                       break;
+       }
+@@ -605,19 +605,19 @@ int32_t ALACEncoder::EncodeStereoFast( BitBuffer * bitstream, void * inputBuffer
+       switch ( mBitDepth )
+       {
+               case 16:
+-                      mix16( (int16_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples, mixBits, mixRes );
++                      audiofile_alac_mix16( (int16_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples, mixBits, mixRes );
+                       break;
+               case 20:
+-                      mix20( (uint8_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples, mixBits, mixRes );
++                      audiofile_alac_mix20( (uint8_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples, mixBits, mixRes );
+                       break;
+               case 24:
+                       // also extracts the shifted off bytes into the shift buffers
+-                      mix24( (uint8_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples,
++                      audiofile_alac_mix24( (uint8_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples,
+                                       mixBits, mixRes, mShiftBufferUV, bytesShifted );
+                       break;
+               case 32:
+                       // also extracts the shifted off bytes into the shift buffers
+-                      mix32( (int32_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples,
++                      audiofile_alac_mix32( (int32_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples,
+                                       mixBits, mixRes, mShiftBufferUV, bytesShifted );
+                       break;
+       }
+@@ -756,7 +756,7 @@ int32_t ALACEncoder::EncodeStereoEscape( BitBuffer * bitstream, void * inputBuff
+                       break;
+               case 20:
+                       // mix20() with mixres param = 0 means de-interleave so use it to simplify things
+-                      mix20( (uint8_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples, 0, 0 );
++                      audiofile_alac_mix20( (uint8_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples, 0, 0 );
+                       for ( index = 0; index < numSamples; index++ )
+                       {
+                               BitBufferWrite( bitstream, mMixBufferU[index], 20 );
+@@ -765,7 +765,7 @@ int32_t ALACEncoder::EncodeStereoEscape( BitBuffer * bitstream, void * inputBuff
+                       break;
+               case 24:
+                       // mix24() with mixres param = 0 means de-interleave so use it to simplify things
+-                      mix24( (uint8_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples, 0, 0, mShiftBufferUV, 0 );
++                      audiofile_alac_mix24( (uint8_t *) inputBuffer, stride, mMixBufferU, mMixBufferV, numSamples, 0, 0, mShiftBufferUV, 0 );
+                       for ( index = 0; index < numSamples; index++ )
+                       {
+                               BitBufferWrite( bitstream, mMixBufferU[index], 24 );
+diff --git a/libaudiofile/alac/matrix_enc.c b/libaudiofile/alac/matrix_enc.c
+index e194330..8abd556 100644
+--- a/libaudiofile/alac/matrix_enc.c
++++ b/libaudiofile/alac/matrix_enc.c
+@@ -57,7 +57,7 @@
+ 
+ // 16-bit routines
+ 
+-void mix16( int16_t * in, uint32_t stride, int32_t * u, int32_t * v, int32_t numSamples, int32_t mixbits, int32_t mixres )
++void audiofile_alac_mix16( int16_t * in, uint32_t stride, int32_t * u, int32_t * v, int32_t numSamples, int32_t mixbits, int32_t mixres )
+ {
+       int16_t *       ip = in;
+       int32_t                 j;
+@@ -95,7 +95,7 @@ void mix16( int16_t * in, uint32_t stride, int32_t * u, int32_t * v, int32_t num
+ // 20-bit routines
+ // - the 20 bits of data are left-justified in 3 bytes of storage but right-aligned for input/output predictor buffers
+ 
+-void mix20( uint8_t * in, uint32_t stride, int32_t * u, int32_t * v, int32_t numSamples, int32_t mixbits, int32_t mixres )
++void audiofile_alac_mix20( uint8_t * in, uint32_t stride, int32_t * u, int32_t * v, int32_t numSamples, int32_t mixbits, int32_t mixres )
+ {
+       int32_t         l, r;
+       uint8_t *       ip = in;
+@@ -140,7 +140,7 @@ void mix20( uint8_t * in, uint32_t stride, int32_t * u, int32_t * v, int32_t num
+ // 24-bit routines
+ // - the 24 bits of data are right-justified in the input/output predictor buffers
+ 
+-void mix24( uint8_t * in, uint32_t stride, int32_t * u, int32_t * v, int32_t numSamples,
++void audiofile_alac_mix24( uint8_t * in, uint32_t stride, int32_t * u, int32_t * v, int32_t numSamples,
+                       int32_t mixbits, int32_t mixres, uint16_t * shiftUV, int32_t bytesShifted )
+ {     
+       int32_t         l, r;
+@@ -240,7 +240,7 @@ void mix24( uint8_t * in, uint32_t stride, int32_t * u, int32_t * v, int32_t num
+ // - otherwise, the calculations might overflow into the 33rd bit and be lost
+ // - therefore, these routines deal with the specified "unused lower" bytes in the "shift" buffers
+ 
+-void mix32( int32_t * in, uint32_t stride, int32_t * u, int32_t * v, int32_t numSamples,
++void audiofile_alac_mix32( int32_t * in, uint32_t stride, int32_t * u, int32_t * v, int32_t numSamples,
+                       int32_t mixbits, int32_t mixres, uint16_t * shiftUV, int32_t bytesShifted )
+ {
+       int32_t *       ip = in;
+diff --git a/libaudiofile/alac/matrixlib.h b/libaudiofile/alac/matrixlib.h
+index 0a4f371..5728b6d 100644
+--- a/libaudiofile/alac/matrixlib.h
++++ b/libaudiofile/alac/matrixlib.h
+@@ -38,17 +38,17 @@ extern "C" {
+ #endif
+ 
+ // 16-bit routines
+-void  mix16( int16_t * in, uint32_t stride, int32_t * u, int32_t * v, int32_t numSamples, int32_t mixbits, int32_t mixres );
++void  audiofile_alac_mix16( int16_t * in, uint32_t stride, int32_t * u, int32_t * v, int32_t numSamples, int32_t mixbits, int32_t mixres );
+ void  unmix16( int32_t * u, int32_t * v, int16_t * out, uint32_t stride, int32_t numSamples, int32_t mixbits, int32_t mixres );
+ 
+ // 20-bit routines
+-void  mix20( uint8_t * in, uint32_t stride, int32_t * u, int32_t * v, int32_t numSamples, int32_t mixbits, int32_t mixres );
++void  audiofile_alac_mix20( uint8_t * in, uint32_t stride, int32_t * u, int32_t * v, int32_t numSamples, int32_t mixbits, int32_t mixres );
+ void  unmix20( int32_t * u, int32_t * v, uint8_t * out, uint32_t stride, int32_t numSamples, int32_t mixbits, int32_t mixres );
+ 
+ // 24-bit routines
+ // - 24-bit data sometimes compresses better by shifting off the bottom byte so these routines deal with
+ //     the specified "unused lower bytes" in the combined "shift" buffer
+-void  mix24( uint8_t * in, uint32_t stride, int32_t * u, int32_t * v, int32_t numSamples,
++void  audiofile_alac_mix24( uint8_t * in, uint32_t stride, int32_t * u, int32_t * v, int32_t numSamples,
+                               int32_t mixbits, int32_t mixres, uint16_t * shiftUV, int32_t bytesShifted );
+ void  unmix24( int32_t * u, int32_t * v, uint8_t * out, uint32_t stride, int32_t numSamples,
+                                int32_t mixbits, int32_t mixres, uint16_t * shiftUV, int32_t bytesShifted );
+@@ -57,7 +57,7 @@ void unmix24( int32_t * u, int32_t * v, uint8_t * out, uint32_t stride, int32_t
+ // - note that these really expect the internal data width to be < 32-bit but the arrays are 32-bit
+ // - otherwise, the calculations might overflow into the 33rd bit and be lost
+ // - therefore, these routines deal with the specified "unused lower" bytes in the combined "shift" buffer
+-void  mix32( int32_t * in, uint32_t stride, int32_t * u, int32_t * v, int32_t numSamples,
++void  audiofile_alac_mix32( int32_t * in, uint32_t stride, int32_t * u, int32_t * v, int32_t numSamples,
+                               int32_t mixbits, int32_t mixres, uint16_t * shiftUV, int32_t bytesShifted );
+ void  unmix32( int32_t * u, int32_t * v, int32_t * out, uint32_t stride, int32_t numSamples,
+                                int32_t mixbits, int32_t mixres, uint16_t * shiftUV, int32_t bytesShifted );
+-- 
+2.11.0
+
diff -Naurp buildroot-2017.05-rc2/package/bash/bash.mk buildroot-2017.05.2/package/bash/bash.mk
--- buildroot-2017.05-rc2/package/bash/bash.mk  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/bash/bash.mk    2017-07-27 08:16:52.017486944 +0200
@@ -9,7 +9,7 @@ BASH_SITE = $(BR2_GNU_MIRROR)/bash
 # Build after since bash is better than busybox shells
 BASH_DEPENDENCIES = ncurses readline host-bison \
        $(if $(BR2_PACKAGE_BUSYBOX),busybox)
-BASH_CONF_OPTS = --with-installed-readline
+BASH_CONF_OPTS = --with-installed-readline --without-bash-malloc
 BASH_LICENSE = GPL-3.0+
 BASH_LICENSE_FILES = COPYING
 
@@ -24,7 +24,7 @@ BASH_CONF_ENV += \
 
 # The static build needs some trickery
 ifeq ($(BR2_STATIC_LIBS),y)
-BASH_CONF_OPTS += --enable-static-link --without-bash-malloc
+BASH_CONF_OPTS += --enable-static-link
 # bash wants to redefine the getenv() function. To check whether this is
 # possible, AC_TRY_RUN is used which is not possible in
 # cross-compilation.
diff -Naurp buildroot-2017.05-rc2/package/bind/bind.hash buildroot-2017.05.2/package/bind/bind.hash
--- buildroot-2017.05-rc2/package/bind/bind.hash        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/bind/bind.hash  2017-07-27 08:16:52.017486944 +0200
@@ -1,2 +1,3 @@
-# Verified from http://ftp.isc.org/isc/bind9/9.11.1/bind-9.11.1.tar.gz.sha256.asc
-sha256 22050095f5c82a1385cc4174190ac60392670bbc5d63d592ecae52a214bc10b2  bind-9.11.1.tar.gz
+# Verified from http://ftp.isc.org/isc/bind9/9.11.1-P3/bind-9.11.1-P3.tar.gz.sha256.asc
+sha256 52426e75432e46996dc90f24fca027805a341c38fbbb022b60dc9acd2677ccf4 bind-9.11.1-P3.tar.gz
+sha256 d3906dfe153e2c48440d3ca1d5319f5e89b4b820cdfc5d0779c23d7ac2b175e9 COPYRIGHT
diff -Naurp buildroot-2017.05-rc2/package/bind/bind.mk buildroot-2017.05.2/package/bind/bind.mk
--- buildroot-2017.05-rc2/package/bind/bind.mk  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/bind/bind.mk    2017-07-27 08:16:52.017486944 +0200
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-BIND_VERSION = 9.11.1
+BIND_VERSION = 9.11.1-P3
 BIND_SITE = ftp://ftp.isc.org/isc/bind9/$(BIND_VERSION)
 # bind does not support parallel builds.
 BIND_MAKE = $(MAKE1)
diff -Naurp buildroot-2017.05-rc2/package/binutils/2.27/0907-Automatically-enable-CRC-instructions-on-supported-A.patch buildroot-2017.05.2/package/binutils/2.27/0907-Automatically-enable-CRC-instructions-on-supported-A.patch
--- buildroot-2017.05-rc2/package/binutils/2.27/0907-Automatically-enable-CRC-instructions-on-supported-A.patch 1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/binutils/2.27/0907-Automatically-enable-CRC-instructions-on-supported-A.patch   2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,88 @@
+From 29a4659015ca7044c2d425d32a0b828e0fbb5ac1 Mon Sep 17 00:00:00 2001
+From: Richard Earnshaw <Richard.Earnshaw@arm.com>
+Date: Wed, 7 Sep 2016 17:14:54 +0100
+Subject: [PATCH] Automatically enable CRC instructions on supported ARMv8-A
+ CPUs.
+
+2016-09-07  Richard Earnshaw  <rearnsha@arm.com>
+
+       * opcode/arm.h (ARM_ARCH_V8A_CRC): New architecture.
+
+2016-09-07  Richard Earnshaw  <rearnsha@arm.com>
+
+       * config/tc-arm.c ((arm_cpus): Use ARM_ARCH_V8A_CRC for all
+       ARMv8-A CPUs except xgene1.
+
+Upstream: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=patch;h=27e5a270962fb92c07e7d476966ba380fa3bb68e
+Signed-off-by: Peter Seiderer <ps.report@gmx.net>
+---
+ gas/config/tc-arm.c  | 18 +++++++++---------
+ include/opcode/arm.h |  2 ++
+ 2 files changed, 11 insertions(+), 9 deletions(-)
+
+diff --git a/gas/config/tc-arm.c b/gas/config/tc-arm.c
+index 73d05316..7c86184d 100644
+--- a/gas/config/tc-arm.c
++++ b/gas/config/tc-arm.c
+@@ -25332,17 +25332,17 @@ static const struct arm_cpu_option_table arm_cpus[] =
+                                                                 "Cortex-A15"),
+   ARM_CPU_OPT ("cortex-a17",  ARM_ARCH_V7VE,   FPU_ARCH_NEON_VFP_V4,
+                                                                 "Cortex-A17"),
+-  ARM_CPU_OPT ("cortex-a32",    ARM_ARCH_V8A,    FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
++  ARM_CPU_OPT ("cortex-a32",    ARM_ARCH_V8A_CRC, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
+                                                                 "Cortex-A32"),
+-  ARM_CPU_OPT ("cortex-a35",    ARM_ARCH_V8A,    FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
++  ARM_CPU_OPT ("cortex-a35",    ARM_ARCH_V8A_CRC, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
+                                                                 "Cortex-A35"),
+-  ARM_CPU_OPT ("cortex-a53",    ARM_ARCH_V8A,    FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
++  ARM_CPU_OPT ("cortex-a53",    ARM_ARCH_V8A_CRC, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
+                                                                 "Cortex-A53"),
+-  ARM_CPU_OPT ("cortex-a57",    ARM_ARCH_V8A,    FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
++  ARM_CPU_OPT ("cortex-a57",    ARM_ARCH_V8A_CRC, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
+                                                                 "Cortex-A57"),
+-  ARM_CPU_OPT ("cortex-a72",    ARM_ARCH_V8A,    FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
++  ARM_CPU_OPT ("cortex-a72",    ARM_ARCH_V8A_CRC, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
+                                                                 "Cortex-A72"),
+-  ARM_CPU_OPT ("cortex-a73",    ARM_ARCH_V8A,    FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
++  ARM_CPU_OPT ("cortex-a73",    ARM_ARCH_V8A_CRC, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
+                                                                 "Cortex-A73"),
+   ARM_CPU_OPT ("cortex-r4",   ARM_ARCH_V7R,    FPU_NONE,        "Cortex-R4"),
+   ARM_CPU_OPT ("cortex-r4f",  ARM_ARCH_V7R,    FPU_ARCH_VFP_V3D16,
+@@ -25361,10 +25361,10 @@ static const struct arm_cpu_option_table arm_cpus[] =
+   ARM_CPU_OPT ("cortex-m1",   ARM_ARCH_V6SM,   FPU_NONE,        "Cortex-M1"),
+   ARM_CPU_OPT ("cortex-m0",   ARM_ARCH_V6SM,   FPU_NONE,        "Cortex-M0"),
+   ARM_CPU_OPT ("cortex-m0plus",       ARM_ARCH_V6SM,   FPU_NONE,        "Cortex-M0+"),
+-  ARM_CPU_OPT ("exynos-m1",   ARM_ARCH_V8A,    FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
++  ARM_CPU_OPT ("exynos-m1",   ARM_ARCH_V8A_CRC, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
+                                                                 "Samsung " \
+                                                                 "Exynos M1"),
+-  ARM_CPU_OPT ("qdf24xx",     ARM_ARCH_V8A,    FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
++  ARM_CPU_OPT ("qdf24xx",     ARM_ARCH_V8A_CRC, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
+                                                                 "Qualcomm "
+                                                                 "QDF24XX"),
+ 
+@@ -25389,7 +25389,7 @@ static const struct arm_cpu_option_table arm_cpus[] =
+   /* APM X-Gene family.  */
+   ARM_CPU_OPT ("xgene1",        ARM_ARCH_V8A,    FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
+                                                                 "APM X-Gene 1"),
+-  ARM_CPU_OPT ("xgene2",        ARM_ARCH_V8A,    FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
++  ARM_CPU_OPT ("xgene2",        ARM_ARCH_V8A_CRC, FPU_ARCH_CRYPTO_NEON_VFP_ARMV8,
+                                                                 "APM X-Gene 2"),
+ 
+   { NULL, 0, ARM_ARCH_NONE, ARM_ARCH_NONE, NULL }
+diff --git a/include/opcode/arm.h b/include/opcode/arm.h
+index 60715cf8..feace5cd 100644
+--- a/include/opcode/arm.h
++++ b/include/opcode/arm.h
+@@ -263,6 +263,8 @@
+ #define ARM_ARCH_V7M  ARM_FEATURE_CORE (ARM_AEXT_V7M, ARM_EXT2_V6T2_V8M)
+ #define ARM_ARCH_V7EM ARM_FEATURE_CORE (ARM_AEXT_V7EM, ARM_EXT2_V6T2_V8M)
+ #define ARM_ARCH_V8A  ARM_FEATURE_CORE (ARM_AEXT_V8A, ARM_AEXT2_V8A)
++#define ARM_ARCH_V8A_CRC ARM_FEATURE (ARM_AEXT_V8A, ARM_AEXT2_V8A, \
++                                    CRC_EXT_ARMV8)
+ #define ARM_ARCH_V8_1A        ARM_FEATURE (ARM_AEXT_V8A, ARM_AEXT2_V8_1A,     \
+                                    CRC_EXT_ARMV8 | FPU_NEON_EXT_RDMA)
+ #define ARM_ARCH_V8_2A        ARM_FEATURE (ARM_AEXT_V8A, ARM_AEXT2_V8_2A,     \
+-- 
+2.11.0
+
diff -Naurp buildroot-2017.05-rc2/package/binutils/arc-2017.03/0300-PATCH-ld-makefile.patch buildroot-2017.05.2/package/binutils/arc-2017.03/0300-PATCH-ld-makefile.patch
--- buildroot-2017.05-rc2/package/binutils/arc-2017.03/0300-PATCH-ld-makefile.patch     1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/binutils/arc-2017.03/0300-PATCH-ld-makefile.patch       2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,41 @@
+From 32078014f734430e1c68fe40aaf970b9805ecaf5 Mon Sep 17 00:00:00 2001
+From: Romain Naour <romain.naour@gmail.com>
+Date: Fri, 21 Apr 2017 21:19:13 +0300
+Subject: [PATCH] ld-makefile
+
+[Romain: rebase on top of 2.26]
+Signed-off-by: Romain Naour <romain.naour@gmail.com>
+---
+ ld/Makefile.am | 2 +-
+ ld/Makefile.in | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/ld/Makefile.am b/ld/Makefile.am
+index 9dd31ff..553a107 100644
+--- a/ld/Makefile.am
++++ b/ld/Makefile.am
+@@ -57,7 +57,7 @@ endif
+ # We put the scripts in the directory $(scriptdir)/ldscripts.
+ # We can't put the scripts in $(datadir) because the SEARCH_DIR
+ # directives need to be different for native and cross linkers.
+-scriptdir = $(tooldir)/lib
++scriptdir = $(libdir)
+ 
+ EMUL = @EMUL@
+ EMULATION_OFILES = @EMULATION_OFILES@
+diff --git a/ld/Makefile.in b/ld/Makefile.in
+index c464302..feb34ba 100644
+--- a/ld/Makefile.in
++++ b/ld/Makefile.in
+@@ -446,7 +446,7 @@ AM_CFLAGS = $(WARN_CFLAGS) $(ELF_CLFAGS)
+ # We put the scripts in the directory $(scriptdir)/ldscripts.
+ # We can't put the scripts in $(datadir) because the SEARCH_DIR
+ # directives need to be different for native and cross linkers.
+-scriptdir = $(tooldir)/lib
++scriptdir = $(libdir)
+ BASEDIR = $(srcdir)/..
+ BFDDIR = $(BASEDIR)/bfd
+ INCDIR = $(BASEDIR)/include
+-- 
+2.7.4
+
diff -Naurp buildroot-2017.05-rc2/package/binutils/arc-2017.03/0301-PATCH-check-ldrunpath-length.patch buildroot-2017.05.2/package/binutils/arc-2017.03/0301-PATCH-check-ldrunpath-length.patch
--- buildroot-2017.05-rc2/package/binutils/arc-2017.03/0301-PATCH-check-ldrunpath-length.patch  1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/binutils/arc-2017.03/0301-PATCH-check-ldrunpath-length.patch    2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,36 @@
+From 4a5a8b983fb31a67f976e0dd9cf5e8580ef55098 Mon Sep 17 00:00:00 2001
+From: Romain Naour <romain.naour@gmail.com>
+Date: Fri, 21 Apr 2017 21:23:55 +0300
+Subject: [PATCH] check-ldrunpath-length
+
+[Romain: rebase on top of 2.26]
+Signed-off-by: Romain Naour <romain.naour@gmail.com>
+---
+ ld/emultempl/elf32.em | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/ld/emultempl/elf32.em b/ld/emultempl/elf32.em
+index d4837d0..937da8a 100644
+--- a/ld/emultempl/elf32.em
++++ b/ld/emultempl/elf32.em
+@@ -1460,6 +1460,8 @@ fragment <<EOF
+             && command_line.rpath == NULL)
+           {
+             path = (const char *) getenv ("LD_RUN_PATH");
++            if ((path) && (strlen (path) == 0))
++              path = NULL;
+             if (path
+                 && gld${EMULATION_NAME}_search_needed (path, &n, force))
+               break;
+@@ -1737,6 +1739,8 @@ gld${EMULATION_NAME}_before_allocation (void)
+   rpath = command_line.rpath;
+   if (rpath == NULL)
+     rpath = (const char *) getenv ("LD_RUN_PATH");
++  if ((rpath) && (strlen (rpath) == 0))
++    rpath = NULL;
+ 
+   for (abfd = link_info.input_bfds; abfd; abfd = abfd->link.next)
+     if (bfd_get_flavour (abfd) == bfd_target_elf_flavour)
+-- 
+2.7.4
+
diff -Naurp buildroot-2017.05-rc2/package/binutils/arc-2017.03/0500-add-sysroot-fix-from-bug-3049.patch buildroot-2017.05.2/package/binutils/arc-2017.03/0500-add-sysroot-fix-from-bug-3049.patch
--- buildroot-2017.05-rc2/package/binutils/arc-2017.03/0500-add-sysroot-fix-from-bug-3049.patch 1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/binutils/arc-2017.03/0500-add-sysroot-fix-from-bug-3049.patch   2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,48 @@
+From 30628870e583375f8927c04398c7219c6e9f703c Mon Sep 17 00:00:00 2001
+From: Romain Naour <romain.naour@gmail.com>
+Date: Fri, 25 Dec 2015 11:42:48 +0100
+Subject: [PATCH] add sysroot fix from bug #3049
+
+Always try to prepend the sysroot prefix to absolute filenames first.
+
+http://bugs.gentoo.org/275666
+http://sourceware.org/bugzilla/show_bug.cgi?id=10340
+
+Signed-off-by: Sven Rebhan <odinshorse@googlemail.com>
+[Romain: rebase on top of 2.26]
+Signed-off-by: Romain Naour <romain.naour@gmail.com>
+---
+ ld/ldfile.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/ld/ldfile.c diff --git b/ld/ldfile.c
+--- a/ld/ldfile.c      2017-03-02 03:23:54.000000000 -0500
++++ b/ld/ldfile.c      2017-03-20 09:52:27.687415942 -0400
+@@ -336,18 +336,24 @@
+      directory first.  */
+   if (!entry->flags.maybe_archive)
+     {
+-      if (entry->flags.sysrooted && IS_ABSOLUTE_PATH (entry->filename))
++     /* For absolute pathnames, try to always open the file in the
++       sysroot first. If this fails, try to open the file at the
++       given location.  */
++     entry->flags.sysrooted = is_sysrooted_pathname (entry->filename);
++     if (!entry->flags.sysrooted && IS_ABSOLUTE_PATH (entry->filename)
++     && ld_sysroot)
+       {
+         char *name = concat (ld_sysroot, entry->filename,
+                              (const char *) NULL);
+         if (ldfile_try_open_bfd (name, entry))
+           {
+             entry->filename = name;
++            entry->flags.sysrooted = TRUE;
+             return TRUE;
+           }
+         free (name);
+       }
+-      else if (ldfile_try_open_bfd (entry->filename, entry))
++      if (ldfile_try_open_bfd (entry->filename, entry))
+       return TRUE;
+ 
+       if (IS_ABSOLUTE_PATH (entry->filename))
+
diff -Naurp buildroot-2017.05-rc2/package/binutils/arc-2017.03/0600-poison-system-directories.patch buildroot-2017.05.2/package/binutils/arc-2017.03/0600-poison-system-directories.patch
--- buildroot-2017.05-rc2/package/binutils/arc-2017.03/0600-poison-system-directories.patch     1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/binutils/arc-2017.03/0600-poison-system-directories.patch       2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,306 @@
+From be366461dd49e760440fb28eaee5164eb281adcc Mon Sep 17 00:00:00 2001
+From: Romain Naour <romain.naour@gmail.com>
+Date: Fri, 25 Dec 2015 11:45:38 +0100
+Subject: [PATCH] poison-system-directories
+
+Patch adapted to binutils 2.23.2 and extended to use
+BR_COMPILER_PARANOID_UNSAFE_PATH by Thomas Petazzoni.
+
+[Romain: rebase on top of 2.26]
+Signed-off-by: Romain Naour <romain.naour@gmail.com>
+[Gustavo: adapt to binutils 2.25]
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
+
+Upstream-Status: Inappropriate [distribution: codesourcery]
+
+Patch originally created by Mark Hatle, forward-ported to
+binutils 2.21 by Scott Garman.
+
+purpose:  warn for uses of system directories when cross linking
+
+Code Merged from Sourcery G++ binutils 2.19 - 4.4-277
+
+2008-07-02  Joseph Myers  <joseph@codesourcery.com>
+
+    ld/
+    * ld.h (args_type): Add error_poison_system_directories.
+    * ld.texinfo (--error-poison-system-directories): Document.
+    * ldfile.c (ldfile_add_library_path): Check
+    command_line.error_poison_system_directories.
+    * ldmain.c (main): Initialize
+    command_line.error_poison_system_directories.
+    * lexsup.c (enum option_values): Add
+    OPTION_ERROR_POISON_SYSTEM_DIRECTORIES.
+    (ld_options): Add --error-poison-system-directories.
+    (parse_args): Handle new option.
+
+2007-06-13  Joseph Myers  <joseph@codesourcery.com>
+
+    ld/
+    * config.in: Regenerate.
+    * ld.h (args_type): Add poison_system_directories.
+    * ld.texinfo (--no-poison-system-directories): Document.
+    * ldfile.c (ldfile_add_library_path): Check
+    command_line.poison_system_directories.
+    * ldmain.c (main): Initialize
+    command_line.poison_system_directories.
+    * lexsup.c (enum option_values): Add
+    OPTION_NO_POISON_SYSTEM_DIRECTORIES.
+    (ld_options): Add --no-poison-system-directories.
+    (parse_args): Handle new option.
+
+2007-04-20  Joseph Myers  <joseph@codesourcery.com>
+
+    Merge from Sourcery G++ binutils 2.17:
+
+    2007-03-20  Joseph Myers  <joseph@codesourcery.com>
+    Based on patch by Mark Hatle <mark.hatle@windriver.com>.
+    ld/
+    * configure.ac (--enable-poison-system-directories): New option.
+    * configure, config.in: Regenerate.
+    * ldfile.c (ldfile_add_library_path): If
+    ENABLE_POISON_SYSTEM_DIRECTORIES defined, warn for use of /lib,
+    /usr/lib, /usr/local/lib or /usr/X11R6/lib.
+
+Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
+Signed-off-by: Scott Garman <scott.a.garman@intel.com>
+---
+ ld/config.in    |  3 +++
+ ld/configure    | 14 ++++++++++++++
+ ld/configure.ac | 10 ++++++++++
+ ld/ld.h         |  8 ++++++++
+ ld/ld.texinfo   | 12 ++++++++++++
+ ld/ldfile.c     | 17 +++++++++++++++++
+ ld/ldlex.h      |  2 ++
+ ld/ldmain.c     |  2 ++
+ ld/lexsup.c     | 21 +++++++++++++++++++++
+ 9 files changed, 89 insertions(+)
+
+diff --git a/ld/config.in b/ld/config.in
+index 276fb77..35c58eb 100644
+--- a/ld/config.in
++++ b/ld/config.in
+@@ -17,6 +17,9 @@
+    language is requested. */
+ #undef ENABLE_NLS
+ 
++/* Define to warn for use of native system library directories */
++#undef ENABLE_POISON_SYSTEM_DIRECTORIES
++
+ /* Additional extension a shared object might have. */
+ #undef EXTRA_SHLIB_EXTENSION
+ 
+diff --git a/ld/configure b/ld/configure
+index a446283..d1f9504 100755
+--- a/ld/configure
++++ b/ld/configure
+@@ -789,6 +789,7 @@ with_lib_path
+ enable_targets
+ enable_64_bit_bfd
+ with_sysroot
++enable_poison_system_directories
+ enable_gold
+ enable_got
+ enable_compressed_debug_sections
+@@ -1446,6 +1447,8 @@ Optional Features:
+   --disable-largefile     omit support for large files
+   --enable-targets        alternative target configurations
+   --enable-64-bit-bfd     64-bit support (on hosts with narrower word sizes)
++  --enable-poison-system-directories
++                          warn for use of native system library directories
+   --enable-gold[=ARG]     build gold [ARG={default,yes,no}]
+   --enable-got=<type>     GOT handling scheme (target, single, negative,
+                           multigot)
+@@ -15499,7 +15502,18 @@ else
+ fi
+ 
+ 
++# Check whether --enable-poison-system-directories was given.
++if test "${enable_poison_system_directories+set}" = set; then :
++  enableval=$enable_poison_system_directories;
++else
++  enable_poison_system_directories=no
++fi
++
++if test "x${enable_poison_system_directories}" = "xyes"; then
+ 
++$as_echo "#define ENABLE_POISON_SYSTEM_DIRECTORIES 1" >>confdefs.h
++
++fi
+ 
+ # Check whether --enable-got was given.
+ if test "${enable_got+set}" = set; then :
+diff --git a/ld/configure.ac b/ld/configure.ac
+index 188172d..2cd8443 100644
+--- a/ld/configure.ac
++++ b/ld/configure.ac
+@@ -95,6 +95,16 @@ AC_SUBST(use_sysroot)
+ AC_SUBST(TARGET_SYSTEM_ROOT)
+ AC_SUBST(TARGET_SYSTEM_ROOT_DEFINE)
+ 
++AC_ARG_ENABLE([poison-system-directories],
++         AS_HELP_STRING([--enable-poison-system-directories],
++                [warn for use of native system library directories]),,
++         [enable_poison_system_directories=no])
++if test "x${enable_poison_system_directories}" = "xyes"; then
++  AC_DEFINE([ENABLE_POISON_SYSTEM_DIRECTORIES],
++       [1],
++       [Define to warn for use of native system library directories])
++fi
++
+ dnl Use --enable-gold to decide if this linker should be the default.
+ dnl "install_as_default" is set to false if gold is the default linker.
+ dnl "installed_linker" is the installed BFD linker name.
+diff --git a/ld/ld.h b/ld/ld.h
+index d84ec4e..3476b26 100644
+--- a/ld/ld.h
++++ b/ld/ld.h
+@@ -172,6 +172,14 @@ typedef struct {
+   /* If set, display the target memory usage (per memory region).  */
+   bfd_boolean print_memory_usage;
+ 
++  /* If TRUE (the default) warn for uses of system directories when
++     cross linking.  */
++  bfd_boolean poison_system_directories;
++
++  /* If TRUE (default FALSE) give an error for uses of system
++     directories when cross linking instead of a warning.  */
++  bfd_boolean error_poison_system_directories;
++
+   /* Big or little endian as set on command line.  */
+   enum endian_enum endian;
+ 
+diff --git a/ld/ld.texinfo b/ld/ld.texinfo
+index 1dd7492..fb1438e 100644
+--- a/ld/ld.texinfo
++++ b/ld/ld.texinfo
+@@ -2403,6 +2403,18 @@ string identifying the original linked file does not change.
+ 
+ Passing @code{none} for @var{style} disables the setting from any
+ @code{--build-id} options earlier on the command line.
++
++@kindex --no-poison-system-directories
++@item --no-poison-system-directories
++Do not warn for @option{-L} options using system directories such as
++@file{/usr/lib} when cross linking.  This option is intended for use
++in chroot environments when such directories contain the correct
++libraries for the target system rather than the host.
++
++@kindex --error-poison-system-directories
++@item --error-poison-system-directories
++Give an error instead of a warning for @option{-L} options using
++system directories when cross linking.
+ @end table
+ 
+ @c man end
+diff --git a/ld/ldfile.c b/ld/ldfile.c
+index 1439309..086b354 100644
+--- a/ld/ldfile.c
++++ b/ld/ldfile.c
+@@ -114,6 +114,23 @@ ldfile_add_library_path (const char *name, bfd_boolean cmdline)
+     new_dirs->name = concat (ld_sysroot, name + 1, (const char *) NULL);
+   else
+     new_dirs->name = xstrdup (name);
++
++#ifdef ENABLE_POISON_SYSTEM_DIRECTORIES
++  if (command_line.poison_system_directories
++  && ((!strncmp (name, "/lib", 4))
++      || (!strncmp (name, "/usr/lib", 8))
++      || (!strncmp (name, "/usr/local/lib", 14))
++      || (!strncmp (name, "/usr/X11R6/lib", 14))))
++   {
++     if (command_line.error_poison_system_directories)
++       einfo (_("%X%P: error: library search path \"%s\" is unsafe for "
++            "cross-compilation\n"), name);
++     else
++       einfo (_("%P: warning: library search path \"%s\" is unsafe for "
++            "cross-compilation\n"), name);
++   }
++#endif
++
+ }
+ 
+ /* Try to open a BFD for a lang_input_statement.  */
+diff --git a/ld/ldlex.h b/ld/ldlex.h
+index 6f11e7b..0ca3110 100644
+--- a/ld/ldlex.h
++++ b/ld/ldlex.h
+@@ -146,6 +146,8 @@ enum option_values
+   OPTION_PRINT_MEMORY_USAGE,
+   OPTION_REQUIRE_DEFINED_SYMBOL,
+   OPTION_ORPHAN_HANDLING,
++  OPTION_NO_POISON_SYSTEM_DIRECTORIES,
++  OPTION_ERROR_POISON_SYSTEM_DIRECTORIES,
+ };
+ 
+ /* The initial parser states.  */
+diff --git a/ld/ldmain.c b/ld/ldmain.c
+index bb0b9cc..a23c56c 100644
+--- a/ld/ldmain.c
++++ b/ld/ldmain.c
+@@ -270,6 +270,8 @@ main (int argc, char **argv)
+   command_line.warn_mismatch = TRUE;
+   command_line.warn_search_mismatch = TRUE;
+   command_line.check_section_addresses = -1;
++  command_line.poison_system_directories = TRUE;
++  command_line.error_poison_system_directories = FALSE;
+ 
+   /* We initialize DEMANGLING based on the environment variable
+      COLLECT_NO_DEMANGLE.  The gcc collect2 program will demangle the
+diff --git a/ld/lexsup.c b/ld/lexsup.c
+index 4cad209..be7d584 100644
+--- a/ld/lexsup.c
++++ b/ld/lexsup.c
+@@ -535,6 +535,14 @@ static const struct ld_option ld_options[] =
+   { {"orphan-handling", required_argument, NULL, OPTION_ORPHAN_HANDLING},
+     '\0', N_("=MODE"), N_("Control how orphan sections are handled."),
+     TWO_DASHES },
++  { {"no-poison-system-directories", no_argument, NULL,
++    OPTION_NO_POISON_SYSTEM_DIRECTORIES},
++    '\0', NULL, N_("Do not warn for -L options using system directories"),
++    TWO_DASHES },
++  { {"error-poison-system-directories", no_argument, NULL,
++    OPTION_ERROR_POISON_SYSTEM_DIRECTORIES},
++    '\0', NULL, N_("Give an error for -L options using system directories"),
++    TWO_DASHES },
+ };
+ 
+ #define OPTION_COUNT ARRAY_SIZE (ld_options)
+@@ -547,6 +555,7 @@ parse_args (unsigned argc, char **argv)
+   int ingroup = 0;
+   char *default_dirlist = NULL;
+   char *shortopts;
++  char *BR_paranoid_env;
+   struct option *longopts;
+   struct option *really_longopts;
+   int last_optind;
+@@ -1528,6 +1537,14 @@ parse_args (unsigned argc, char **argv)
+           }
+           break;
+ 
++      case OPTION_NO_POISON_SYSTEM_DIRECTORIES:
++        command_line.poison_system_directories = FALSE;
++        break;
++
++      case OPTION_ERROR_POISON_SYSTEM_DIRECTORIES:
++        command_line.error_poison_system_directories = TRUE;
++        break;
++
+       case OPTION_PUSH_STATE:
+         input_flags.pushed = xmemdup (&input_flags,
+                                       sizeof (input_flags),
+@@ -1571,6 +1588,10 @@ parse_args (unsigned argc, char **argv)
+       command_line.soname = NULL;
+     }
+ 
++  BR_paranoid_env = getenv("BR_COMPILER_PARANOID_UNSAFE_PATH");
++  if (BR_paranoid_env && strlen(BR_paranoid_env) > 0)
++    command_line.error_poison_system_directories = TRUE;
++
+   while (ingroup)
+     {
+       lang_leave_group ();
+-- 
+2.4.3
+
diff -Naurp buildroot-2017.05-rc2/package/binutils/arc-2017.03-rc2/0300-PATCH-ld-makefile.patch buildroot-2017.05.2/package/binutils/arc-2017.03-rc2/0300-PATCH-ld-makefile.patch
--- buildroot-2017.05-rc2/package/binutils/arc-2017.03-rc2/0300-PATCH-ld-makefile.patch 2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/binutils/arc-2017.03-rc2/0300-PATCH-ld-makefile.patch   1970-01-01 01:00:00.000000000 +0100
@@ -1,41 +0,0 @@
-From 32078014f734430e1c68fe40aaf970b9805ecaf5 Mon Sep 17 00:00:00 2001
-From: Romain Naour <romain.naour@gmail.com>
-Date: Fri, 21 Apr 2017 21:19:13 +0300
-Subject: [PATCH] ld-makefile
-
-[Romain: rebase on top of 2.26]
-Signed-off-by: Romain Naour <romain.naour@gmail.com>
----
- ld/Makefile.am | 2 +-
- ld/Makefile.in | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/ld/Makefile.am b/ld/Makefile.am
-index 9dd31ff..553a107 100644
---- a/ld/Makefile.am
-+++ b/ld/Makefile.am
-@@ -57,7 +57,7 @@ endif
- # We put the scripts in the directory $(scriptdir)/ldscripts.
- # We can't put the scripts in $(datadir) because the SEARCH_DIR
- # directives need to be different for native and cross linkers.
--scriptdir = $(tooldir)/lib
-+scriptdir = $(libdir)
- 
- EMUL = @EMUL@
- EMULATION_OFILES = @EMULATION_OFILES@
-diff --git a/ld/Makefile.in b/ld/Makefile.in
-index c464302..feb34ba 100644
---- a/ld/Makefile.in
-+++ b/ld/Makefile.in
-@@ -446,7 +446,7 @@ AM_CFLAGS = $(WARN_CFLAGS) $(ELF_CLFAGS)
- # We put the scripts in the directory $(scriptdir)/ldscripts.
- # We can't put the scripts in $(datadir) because the SEARCH_DIR
- # directives need to be different for native and cross linkers.
--scriptdir = $(tooldir)/lib
-+scriptdir = $(libdir)
- BASEDIR = $(srcdir)/..
- BFDDIR = $(BASEDIR)/bfd
- INCDIR = $(BASEDIR)/include
--- 
-2.7.4
-
diff -Naurp buildroot-2017.05-rc2/package/binutils/arc-2017.03-rc2/0301-PATCH-check-ldrunpath-length.patch buildroot-2017.05.2/package/binutils/arc-2017.03-rc2/0301-PATCH-check-ldrunpath-length.patch
--- buildroot-2017.05-rc2/package/binutils/arc-2017.03-rc2/0301-PATCH-check-ldrunpath-length.patch      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/binutils/arc-2017.03-rc2/0301-PATCH-check-ldrunpath-length.patch        1970-01-01 01:00:00.000000000 +0100
@@ -1,36 +0,0 @@
-From 4a5a8b983fb31a67f976e0dd9cf5e8580ef55098 Mon Sep 17 00:00:00 2001
-From: Romain Naour <romain.naour@gmail.com>
-Date: Fri, 21 Apr 2017 21:23:55 +0300
-Subject: [PATCH] check-ldrunpath-length
-
-[Romain: rebase on top of 2.26]
-Signed-off-by: Romain Naour <romain.naour@gmail.com>
----
- ld/emultempl/elf32.em | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/ld/emultempl/elf32.em b/ld/emultempl/elf32.em
-index d4837d0..937da8a 100644
---- a/ld/emultempl/elf32.em
-+++ b/ld/emultempl/elf32.em
-@@ -1460,6 +1460,8 @@ fragment <<EOF
-             && command_line.rpath == NULL)
-           {
-             path = (const char *) getenv ("LD_RUN_PATH");
-+            if ((path) && (strlen (path) == 0))
-+              path = NULL;
-             if (path
-                 && gld${EMULATION_NAME}_search_needed (path, &n, force))
-               break;
-@@ -1737,6 +1739,8 @@ gld${EMULATION_NAME}_before_allocation (void)
-   rpath = command_line.rpath;
-   if (rpath == NULL)
-     rpath = (const char *) getenv ("LD_RUN_PATH");
-+  if ((rpath) && (strlen (rpath) == 0))
-+    rpath = NULL;
- 
-   for (abfd = link_info.input_bfds; abfd; abfd = abfd->link.next)
-     if (bfd_get_flavour (abfd) == bfd_target_elf_flavour)
--- 
-2.7.4
-
diff -Naurp buildroot-2017.05-rc2/package/binutils/arc-2017.03-rc2/0500-add-sysroot-fix-from-bug-3049.patch buildroot-2017.05.2/package/binutils/arc-2017.03-rc2/0500-add-sysroot-fix-from-bug-3049.patch
--- buildroot-2017.05-rc2/package/binutils/arc-2017.03-rc2/0500-add-sysroot-fix-from-bug-3049.patch     2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/binutils/arc-2017.03-rc2/0500-add-sysroot-fix-from-bug-3049.patch       1970-01-01 01:00:00.000000000 +0100
@@ -1,48 +0,0 @@
-From 30628870e583375f8927c04398c7219c6e9f703c Mon Sep 17 00:00:00 2001
-From: Romain Naour <romain.naour@gmail.com>
-Date: Fri, 25 Dec 2015 11:42:48 +0100
-Subject: [PATCH] add sysroot fix from bug #3049
-
-Always try to prepend the sysroot prefix to absolute filenames first.
-
-http://bugs.gentoo.org/275666
-http://sourceware.org/bugzilla/show_bug.cgi?id=10340
-
-Signed-off-by: Sven Rebhan <odinshorse@googlemail.com>
-[Romain: rebase on top of 2.26]
-Signed-off-by: Romain Naour <romain.naour@gmail.com>
----
- ld/ldfile.c | 11 +++++++++--
- 1 file changed, 9 insertions(+), 2 deletions(-)
-
-diff --git a/ld/ldfile.c diff --git b/ld/ldfile.c
---- a/ld/ldfile.c      2017-03-02 03:23:54.000000000 -0500
-+++ b/ld/ldfile.c      2017-03-20 09:52:27.687415942 -0400
-@@ -336,18 +336,24 @@
-      directory first.  */
-   if (!entry->flags.maybe_archive)
-     {
--      if (entry->flags.sysrooted && IS_ABSOLUTE_PATH (entry->filename))
-+     /* For absolute pathnames, try to always open the file in the
-+       sysroot first. If this fails, try to open the file at the
-+       given location.  */
-+     entry->flags.sysrooted = is_sysrooted_pathname (entry->filename);
-+     if (!entry->flags.sysrooted && IS_ABSOLUTE_PATH (entry->filename)
-+     && ld_sysroot)
-       {
-         char *name = concat (ld_sysroot, entry->filename,
-                              (const char *) NULL);
-         if (ldfile_try_open_bfd (name, entry))
-           {
-             entry->filename = name;
-+            entry->flags.sysrooted = TRUE;
-             return TRUE;
-           }
-         free (name);
-       }
--      else if (ldfile_try_open_bfd (entry->filename, entry))
-+      if (ldfile_try_open_bfd (entry->filename, entry))
-       return TRUE;
- 
-       if (IS_ABSOLUTE_PATH (entry->filename))
-
diff -Naurp buildroot-2017.05-rc2/package/binutils/arc-2017.03-rc2/0600-poison-system-directories.patch buildroot-2017.05.2/package/binutils/arc-2017.03-rc2/0600-poison-system-directories.patch
--- buildroot-2017.05-rc2/package/binutils/arc-2017.03-rc2/0600-poison-system-directories.patch 2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/binutils/arc-2017.03-rc2/0600-poison-system-directories.patch   1970-01-01 01:00:00.000000000 +0100
@@ -1,306 +0,0 @@
-From be366461dd49e760440fb28eaee5164eb281adcc Mon Sep 17 00:00:00 2001
-From: Romain Naour <romain.naour@gmail.com>
-Date: Fri, 25 Dec 2015 11:45:38 +0100
-Subject: [PATCH] poison-system-directories
-
-Patch adapted to binutils 2.23.2 and extended to use
-BR_COMPILER_PARANOID_UNSAFE_PATH by Thomas Petazzoni.
-
-[Romain: rebase on top of 2.26]
-Signed-off-by: Romain Naour <romain.naour@gmail.com>
-[Gustavo: adapt to binutils 2.25]
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
-Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
-
-Upstream-Status: Inappropriate [distribution: codesourcery]
-
-Patch originally created by Mark Hatle, forward-ported to
-binutils 2.21 by Scott Garman.
-
-purpose:  warn for uses of system directories when cross linking
-
-Code Merged from Sourcery G++ binutils 2.19 - 4.4-277
-
-2008-07-02  Joseph Myers  <joseph@codesourcery.com>
-
-    ld/
-    * ld.h (args_type): Add error_poison_system_directories.
-    * ld.texinfo (--error-poison-system-directories): Document.
-    * ldfile.c (ldfile_add_library_path): Check
-    command_line.error_poison_system_directories.
-    * ldmain.c (main): Initialize
-    command_line.error_poison_system_directories.
-    * lexsup.c (enum option_values): Add
-    OPTION_ERROR_POISON_SYSTEM_DIRECTORIES.
-    (ld_options): Add --error-poison-system-directories.
-    (parse_args): Handle new option.
-
-2007-06-13  Joseph Myers  <joseph@codesourcery.com>
-
-    ld/
-    * config.in: Regenerate.
-    * ld.h (args_type): Add poison_system_directories.
-    * ld.texinfo (--no-poison-system-directories): Document.
-    * ldfile.c (ldfile_add_library_path): Check
-    command_line.poison_system_directories.
-    * ldmain.c (main): Initialize
-    command_line.poison_system_directories.
-    * lexsup.c (enum option_values): Add
-    OPTION_NO_POISON_SYSTEM_DIRECTORIES.
-    (ld_options): Add --no-poison-system-directories.
-    (parse_args): Handle new option.
-
-2007-04-20  Joseph Myers  <joseph@codesourcery.com>
-
-    Merge from Sourcery G++ binutils 2.17:
-
-    2007-03-20  Joseph Myers  <joseph@codesourcery.com>
-    Based on patch by Mark Hatle <mark.hatle@windriver.com>.
-    ld/
-    * configure.ac (--enable-poison-system-directories): New option.
-    * configure, config.in: Regenerate.
-    * ldfile.c (ldfile_add_library_path): If
-    ENABLE_POISON_SYSTEM_DIRECTORIES defined, warn for use of /lib,
-    /usr/lib, /usr/local/lib or /usr/X11R6/lib.
-
-Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
-Signed-off-by: Scott Garman <scott.a.garman@intel.com>
----
- ld/config.in    |  3 +++
- ld/configure    | 14 ++++++++++++++
- ld/configure.ac | 10 ++++++++++
- ld/ld.h         |  8 ++++++++
- ld/ld.texinfo   | 12 ++++++++++++
- ld/ldfile.c     | 17 +++++++++++++++++
- ld/ldlex.h      |  2 ++
- ld/ldmain.c     |  2 ++
- ld/lexsup.c     | 21 +++++++++++++++++++++
- 9 files changed, 89 insertions(+)
-
-diff --git a/ld/config.in b/ld/config.in
-index 276fb77..35c58eb 100644
---- a/ld/config.in
-+++ b/ld/config.in
-@@ -17,6 +17,9 @@
-    language is requested. */
- #undef ENABLE_NLS
- 
-+/* Define to warn for use of native system library directories */
-+#undef ENABLE_POISON_SYSTEM_DIRECTORIES
-+
- /* Additional extension a shared object might have. */
- #undef EXTRA_SHLIB_EXTENSION
- 
-diff --git a/ld/configure b/ld/configure
-index a446283..d1f9504 100755
---- a/ld/configure
-+++ b/ld/configure
-@@ -789,6 +789,7 @@ with_lib_path
- enable_targets
- enable_64_bit_bfd
- with_sysroot
-+enable_poison_system_directories
- enable_gold
- enable_got
- enable_compressed_debug_sections
-@@ -1446,6 +1447,8 @@ Optional Features:
-   --disable-largefile     omit support for large files
-   --enable-targets        alternative target configurations
-   --enable-64-bit-bfd     64-bit support (on hosts with narrower word sizes)
-+  --enable-poison-system-directories
-+                          warn for use of native system library directories
-   --enable-gold[=ARG]     build gold [ARG={default,yes,no}]
-   --enable-got=<type>     GOT handling scheme (target, single, negative,
-                           multigot)
-@@ -15499,7 +15502,18 @@ else
- fi
- 
- 
-+# Check whether --enable-poison-system-directories was given.
-+if test "${enable_poison_system_directories+set}" = set; then :
-+  enableval=$enable_poison_system_directories;
-+else
-+  enable_poison_system_directories=no
-+fi
-+
-+if test "x${enable_poison_system_directories}" = "xyes"; then
- 
-+$as_echo "#define ENABLE_POISON_SYSTEM_DIRECTORIES 1" >>confdefs.h
-+
-+fi
- 
- # Check whether --enable-got was given.
- if test "${enable_got+set}" = set; then :
-diff --git a/ld/configure.ac b/ld/configure.ac
-index 188172d..2cd8443 100644
---- a/ld/configure.ac
-+++ b/ld/configure.ac
-@@ -95,6 +95,16 @@ AC_SUBST(use_sysroot)
- AC_SUBST(TARGET_SYSTEM_ROOT)
- AC_SUBST(TARGET_SYSTEM_ROOT_DEFINE)
- 
-+AC_ARG_ENABLE([poison-system-directories],
-+         AS_HELP_STRING([--enable-poison-system-directories],
-+                [warn for use of native system library directories]),,
-+         [enable_poison_system_directories=no])
-+if test "x${enable_poison_system_directories}" = "xyes"; then
-+  AC_DEFINE([ENABLE_POISON_SYSTEM_DIRECTORIES],
-+       [1],
-+       [Define to warn for use of native system library directories])
-+fi
-+
- dnl Use --enable-gold to decide if this linker should be the default.
- dnl "install_as_default" is set to false if gold is the default linker.
- dnl "installed_linker" is the installed BFD linker name.
-diff --git a/ld/ld.h b/ld/ld.h
-index d84ec4e..3476b26 100644
---- a/ld/ld.h
-+++ b/ld/ld.h
-@@ -172,6 +172,14 @@ typedef struct {
-   /* If set, display the target memory usage (per memory region).  */
-   bfd_boolean print_memory_usage;
- 
-+  /* If TRUE (the default) warn for uses of system directories when
-+     cross linking.  */
-+  bfd_boolean poison_system_directories;
-+
-+  /* If TRUE (default FALSE) give an error for uses of system
-+     directories when cross linking instead of a warning.  */
-+  bfd_boolean error_poison_system_directories;
-+
-   /* Big or little endian as set on command line.  */
-   enum endian_enum endian;
- 
-diff --git a/ld/ld.texinfo b/ld/ld.texinfo
-index 1dd7492..fb1438e 100644
---- a/ld/ld.texinfo
-+++ b/ld/ld.texinfo
-@@ -2403,6 +2403,18 @@ string identifying the original linked file does not change.
- 
- Passing @code{none} for @var{style} disables the setting from any
- @code{--build-id} options earlier on the command line.
-+
-+@kindex --no-poison-system-directories
-+@item --no-poison-system-directories
-+Do not warn for @option{-L} options using system directories such as
-+@file{/usr/lib} when cross linking.  This option is intended for use
-+in chroot environments when such directories contain the correct
-+libraries for the target system rather than the host.
-+
-+@kindex --error-poison-system-directories
-+@item --error-poison-system-directories
-+Give an error instead of a warning for @option{-L} options using
-+system directories when cross linking.
- @end table
- 
- @c man end
-diff --git a/ld/ldfile.c b/ld/ldfile.c
-index 1439309..086b354 100644
---- a/ld/ldfile.c
-+++ b/ld/ldfile.c
-@@ -114,6 +114,23 @@ ldfile_add_library_path (const char *name, bfd_boolean cmdline)
-     new_dirs->name = concat (ld_sysroot, name + 1, (const char *) NULL);
-   else
-     new_dirs->name = xstrdup (name);
-+
-+#ifdef ENABLE_POISON_SYSTEM_DIRECTORIES
-+  if (command_line.poison_system_directories
-+  && ((!strncmp (name, "/lib", 4))
-+      || (!strncmp (name, "/usr/lib", 8))
-+      || (!strncmp (name, "/usr/local/lib", 14))
-+      || (!strncmp (name, "/usr/X11R6/lib", 14))))
-+   {
-+     if (command_line.error_poison_system_directories)
-+       einfo (_("%X%P: error: library search path \"%s\" is unsafe for "
-+            "cross-compilation\n"), name);
-+     else
-+       einfo (_("%P: warning: library search path \"%s\" is unsafe for "
-+            "cross-compilation\n"), name);
-+   }
-+#endif
-+
- }
- 
- /* Try to open a BFD for a lang_input_statement.  */
-diff --git a/ld/ldlex.h b/ld/ldlex.h
-index 6f11e7b..0ca3110 100644
---- a/ld/ldlex.h
-+++ b/ld/ldlex.h
-@@ -146,6 +146,8 @@ enum option_values
-   OPTION_PRINT_MEMORY_USAGE,
-   OPTION_REQUIRE_DEFINED_SYMBOL,
-   OPTION_ORPHAN_HANDLING,
-+  OPTION_NO_POISON_SYSTEM_DIRECTORIES,
-+  OPTION_ERROR_POISON_SYSTEM_DIRECTORIES,
- };
- 
- /* The initial parser states.  */
-diff --git a/ld/ldmain.c b/ld/ldmain.c
-index bb0b9cc..a23c56c 100644
---- a/ld/ldmain.c
-+++ b/ld/ldmain.c
-@@ -270,6 +270,8 @@ main (int argc, char **argv)
-   command_line.warn_mismatch = TRUE;
-   command_line.warn_search_mismatch = TRUE;
-   command_line.check_section_addresses = -1;
-+  command_line.poison_system_directories = TRUE;
-+  command_line.error_poison_system_directories = FALSE;
- 
-   /* We initialize DEMANGLING based on the environment variable
-      COLLECT_NO_DEMANGLE.  The gcc collect2 program will demangle the
-diff --git a/ld/lexsup.c b/ld/lexsup.c
-index 4cad209..be7d584 100644
---- a/ld/lexsup.c
-+++ b/ld/lexsup.c
-@@ -535,6 +535,14 @@ static const struct ld_option ld_options[] =
-   { {"orphan-handling", required_argument, NULL, OPTION_ORPHAN_HANDLING},
-     '\0', N_("=MODE"), N_("Control how orphan sections are handled."),
-     TWO_DASHES },
-+  { {"no-poison-system-directories", no_argument, NULL,
-+    OPTION_NO_POISON_SYSTEM_DIRECTORIES},
-+    '\0', NULL, N_("Do not warn for -L options using system directories"),
-+    TWO_DASHES },
-+  { {"error-poison-system-directories", no_argument, NULL,
-+    OPTION_ERROR_POISON_SYSTEM_DIRECTORIES},
-+    '\0', NULL, N_("Give an error for -L options using system directories"),
-+    TWO_DASHES },
- };
- 
- #define OPTION_COUNT ARRAY_SIZE (ld_options)
-@@ -547,6 +555,7 @@ parse_args (unsigned argc, char **argv)
-   int ingroup = 0;
-   char *default_dirlist = NULL;
-   char *shortopts;
-+  char *BR_paranoid_env;
-   struct option *longopts;
-   struct option *really_longopts;
-   int last_optind;
-@@ -1528,6 +1537,14 @@ parse_args (unsigned argc, char **argv)
-           }
-           break;
- 
-+      case OPTION_NO_POISON_SYSTEM_DIRECTORIES:
-+        command_line.poison_system_directories = FALSE;
-+        break;
-+
-+      case OPTION_ERROR_POISON_SYSTEM_DIRECTORIES:
-+        command_line.error_poison_system_directories = TRUE;
-+        break;
-+
-       case OPTION_PUSH_STATE:
-         input_flags.pushed = xmemdup (&input_flags,
-                                       sizeof (input_flags),
-@@ -1571,6 +1588,10 @@ parse_args (unsigned argc, char **argv)
-       command_line.soname = NULL;
-     }
- 
-+  BR_paranoid_env = getenv("BR_COMPILER_PARANOID_UNSAFE_PATH");
-+  if (BR_paranoid_env && strlen(BR_paranoid_env) > 0)
-+    command_line.error_poison_system_directories = TRUE;
-+
-   while (ingroup)
-     {
-       lang_leave_group ();
--- 
-2.4.3
-
diff -Naurp buildroot-2017.05-rc2/package/binutils/binutils.hash buildroot-2017.05.2/package/binutils/binutils.hash
--- buildroot-2017.05-rc2/package/binutils/binutils.hash        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/binutils/binutils.hash  2017-07-27 08:16:52.017486944 +0200
@@ -4,4 +4,4 @@ sha512  cf276f84935312361a2ca077e04d0b469
 sha512 ede2e4e59a800260eea8c14eafbaee94e30abadafd5c419a3370f9f62213cf027d6400a1d4970b6958bd4d220e675dcd483a708107016e7abd5c99d7392ba8fd  binutils-2.28.tar.bz2
 
 # Locally calculated (fetched from Github)
-sha512  577fbd59dc8d41022ed511b86f3afc49af48ab798a7b187411a466621dc6247dff7dd84fa110ca278f09a9e523d8bdb892a233c00bf47d11b92be70e7278efe9  binutils-arc-2017.03-rc2.tar.gz
+sha512  07d5639e74eafe8fced259870c1a7dedee67c534573dda53fb78ee1ffeec9e17479fdde41dccd03b1cf0248023acbef7f66013398b2f722e4a8891ac680d1d16  binutils-arc-2017.03.tar.gz
diff -Naurp buildroot-2017.05-rc2/package/binutils/binutils.mk buildroot-2017.05.2/package/binutils/binutils.mk
--- buildroot-2017.05-rc2/package/binutils/binutils.mk  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/binutils/binutils.mk    2017-07-27 08:16:52.017486944 +0200
@@ -9,7 +9,7 @@
 BINUTILS_VERSION = $(call qstrip,$(BR2_BINUTILS_VERSION))
 ifeq ($(BINUTILS_VERSION),)
 ifeq ($(BR2_arc),y)
-BINUTILS_VERSION = arc-2017.03-rc2
+BINUTILS_VERSION = arc-2017.03
 else
 BINUTILS_VERSION = 2.27
 endif
diff -Naurp buildroot-2017.05-rc2/package/binutils/Config.in.host buildroot-2017.05.2/package/binutils/Config.in.host
--- buildroot-2017.05-rc2/package/binutils/Config.in.host       2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/binutils/Config.in.host 2017-07-27 08:16:52.017486944 +0200
@@ -23,7 +23,7 @@ endchoice
 
 config BR2_BINUTILS_VERSION
        string
-       default "arc-2017.03-rc2"       if BR2_arc
+       default "arc-2017.03"   if BR2_arc
        default "2.26.1"        if BR2_BINUTILS_VERSION_2_26_X
        default "2.27"          if BR2_BINUTILS_VERSION_2_27_X
        default "2.28"          if BR2_BINUTILS_VERSION_2_28_X
diff -Naurp buildroot-2017.05-rc2/package/botan/botan.mk buildroot-2017.05.2/package/botan/botan.mk
--- buildroot-2017.05-rc2/package/botan/botan.mk        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/botan/botan.mk  2017-07-27 08:16:52.017486944 +0200
@@ -43,6 +43,12 @@ BOTAN_DEPENDENCIES += zlib
 BOTAN_CONF_OPTS += --with-zlib
 endif
 
+ifeq ($(BR2_POWERPC_CPU_HAS_ALTIVEC),y)
+BOTAN_CONF_OPTS += --enable-altivec
+else
+BOTAN_CONF_OPTS += --disable-altivec
+endif
+
 define BOTAN_CONFIGURE_CMDS
        (cd $(@D); $(TARGET_MAKE_ENV) ./configure.py $(BOTAN_CONF_OPTS))
 endef
diff -Naurp buildroot-2017.05-rc2/package/busybox/busybox.config buildroot-2017.05.2/package/busybox/busybox.config
--- buildroot-2017.05-rc2/package/busybox/busybox.config        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/busybox/busybox.config  2017-07-27 08:16:52.017486944 +0200
@@ -22,7 +22,7 @@ CONFIG_FEATURE_INSTALLER=y
 # CONFIG_PAM is not set
 CONFIG_LONG_OPTS=y
 CONFIG_FEATURE_DEVPTS=y
-CONFIG_FEATURE_CLEAN_UP=y
+# CONFIG_FEATURE_CLEAN_UP is not set
 CONFIG_FEATURE_UTMP=y
 CONFIG_FEATURE_WTMP=y
 # CONFIG_FEATURE_PIDFILE is not set
diff -Naurp buildroot-2017.05-rc2/package/busybox/busybox-minimal.config buildroot-2017.05.2/package/busybox/busybox-minimal.config
--- buildroot-2017.05-rc2/package/busybox/busybox-minimal.config        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/busybox/busybox-minimal.config  2017-07-27 08:16:52.017486944 +0200
@@ -22,7 +22,7 @@ CONFIG_FEATURE_INSTALLER=y
 # CONFIG_PAM is not set
 CONFIG_LONG_OPTS=y
 CONFIG_FEATURE_DEVPTS=y
-CONFIG_FEATURE_CLEAN_UP=y
+# CONFIG_FEATURE_CLEAN_UP is not set
 CONFIG_FEATURE_UTMP=y
 CONFIG_FEATURE_WTMP=y
 # CONFIG_FEATURE_PIDFILE is not set
diff -Naurp buildroot-2017.05-rc2/package/c-ares/c-ares.hash buildroot-2017.05.2/package/c-ares/c-ares.hash
--- buildroot-2017.05-rc2/package/c-ares/c-ares.hash    2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/c-ares/c-ares.hash      2017-07-27 08:16:52.017486944 +0200
@@ -1,2 +1,2 @@
 # Locally calculated after checking pgp signature
-sha256 8692f9403cdcdf936130e045c84021665118ee9bfea905d1a76f04d4e6f365fb c-ares-1.12.0.tar.gz
+sha256 03f708f1b14a26ab26c38abd51137640cb444d3ec72380b21b20f1a8d2861da7 c-ares-1.13.0.tar.gz
diff -Naurp buildroot-2017.05-rc2/package/c-ares/c-ares.mk buildroot-2017.05.2/package/c-ares/c-ares.mk
--- buildroot-2017.05-rc2/package/c-ares/c-ares.mk      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/c-ares/c-ares.mk        2017-07-27 08:16:52.017486944 +0200
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-C_ARES_VERSION = 1.12.0
+C_ARES_VERSION = 1.13.0
 C_ARES_SITE = http://c-ares.haxx.se/download
 C_ARES_INSTALL_STAGING = YES
 C_ARES_CONF_OPTS = --with-random=/dev/urandom
diff -Naurp buildroot-2017.05-rc2/package/ccache/ccache.mk buildroot-2017.05.2/package/ccache/ccache.mk
--- buildroot-2017.05-rc2/package/ccache/ccache.mk      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/ccache/ccache.mk        2017-07-27 08:16:52.017486944 +0200
@@ -28,9 +28,13 @@ HOST_CCACHE_CONF_OPTS += --with-bundled-
 #    BR2_CCACHE_DIR.
 #  - Change hard-coded last-ditch default to match path in .config, to avoid
 #    the need to specify BR_CACHE_DIR when invoking ccache directly.
+#    CCache replaces "%s" with the home directory of the current user,
+#    So rewrite BR_CACHE_DIR to take that into consideration for SDK purpose
+HOST_CCACHE_DEFAULT_CCACHE_DIR = $(patsubst $(HOME)/%,\%s/%,$(BR_CACHE_DIR))
+
 define HOST_CCACHE_PATCH_CONFIGURATION
        sed -i 's,getenv("CCACHE_DIR"),getenv("BR_CACHE_DIR"),' $(@D)/ccache.c
-       sed -i 's,"%s/.ccache","$(BR_CACHE_DIR)",' $(@D)/conf.c
+       sed -i 's,"%s/.ccache","$(HOST_CCACHE_DEFAULT_CCACHE_DIR)",' $(@D)/conf.c
 endef
 
 HOST_CCACHE_POST_PATCH_HOOKS += HOST_CCACHE_PATCH_CONFIGURATION
diff -Naurp buildroot-2017.05-rc2/package/c-icap/c-icap.mk buildroot-2017.05.2/package/c-icap/c-icap.mk
--- buildroot-2017.05-rc2/package/c-icap/c-icap.mk      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/c-icap/c-icap.mk        2017-07-27 08:16:52.017486944 +0200
@@ -29,17 +29,17 @@ C_ICAP_CONF_ENV = ac_cv_10031b_ipc_sem=y
 C_ICAP_AUTORECONF = YES
 
 ifeq ($(BR2_PACKAGE_BERKELEYDB),y)
-C_ICAP_CONF_OPTS += --with-berkeleydb
+C_ICAP_CONF_OPTS += --with-bdb
 C_ICAP_DEPENDENCIES += berkeleydb
 else
-C_ICAP_CONF_OPTS += --without-berkeleydb
+C_ICAP_CONF_OPTS += --without-bdb
 endif
 
 ifeq ($(BR2_PACKAGE_BZIP2),y)
-C_ICAP_CONF_OPTS += --with-bzip2
+C_ICAP_CONF_OPTS += --with-bzlib
 C_ICAP_DEPENDENCIES += bzip2
 else
-C_ICAP_CONF_OPTS += --without-bzip2
+C_ICAP_CONF_OPTS += --without-bzlib
 endif
 
 ifeq ($(BR2_PACKAGE_ZLIB),y)
diff -Naurp buildroot-2017.05-rc2/package/collectd/0001-libcollectdclient-increase-error-buffer.patch buildroot-2017.05.2/package/collectd/0001-libcollectdclient-increase-error-buffer.patch
--- buildroot-2017.05-rc2/package/collectd/0001-libcollectdclient-increase-error-buffer.patch   1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/collectd/0001-libcollectdclient-increase-error-buffer.patch     2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,87 @@
+From e170f3559fcda6d37a012aba187a96b1f42e8f9d Mon Sep 17 00:00:00 2001
+From: Ruben Kerkhof <ruben@rubenkerkhof.com>
+Date: Sun, 2 Jul 2017 21:52:14 +0200
+Subject: [PATCH] libcollectdclient: increase error buffer
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+make[1]: Entering directory '/home/ruben/src/collectd'
+  CC       src/libcollectdclient/libcollectdclient_la-client.lo
+src/libcollectdclient/client.c: In function ‘lcc_getval’:
+src/libcollectdclient/client.c:621:23: warning: ‘%s’ directive output may be truncated writing up to 1023 bytes into a region of size 1010 [-Wformat-truncation=]
+     LCC_SET_ERRSTR(c, "Server error: %s", res.message);
+                       ^                   ~
+src/libcollectdclient/client.c:94:48: note: in definition of macro ‘LCC_SET_ERRSTR’
+     snprintf((c)->errbuf, sizeof((c)->errbuf), __VA_ARGS__);                   \
+                                                ^~~~~~~~~~~
+src/libcollectdclient/client.c:94:5: note: ‘snprintf’ output between 15 and 1038 bytes into a destination of size 1024
+     snprintf((c)->errbuf, sizeof((c)->errbuf), __VA_ARGS__);                   \
+     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+src/libcollectdclient/client.c:621:5: note: in expansion of macro ‘LCC_SET_ERRSTR’
+     LCC_SET_ERRSTR(c, "Server error: %s", res.message);
+     ^~~~~~~~~~~~~~
+src/libcollectdclient/client.c: In function ‘lcc_putval’:
+src/libcollectdclient/client.c:754:23: warning: ‘%s’ directive output may be truncated writing up to 1023 bytes into a region of size 1010 [-Wformat-truncation=]
+     LCC_SET_ERRSTR(c, "Server error: %s", res.message);
+                       ^                   ~
+src/libcollectdclient/client.c:94:48: note: in definition of macro ‘LCC_SET_ERRSTR’
+     snprintf((c)->errbuf, sizeof((c)->errbuf), __VA_ARGS__);                   \
+                                                ^~~~~~~~~~~
+src/libcollectdclient/client.c:94:5: note: ‘snprintf’ output between 15 and 1038 bytes into a destination of size 1024
+     snprintf((c)->errbuf, sizeof((c)->errbuf), __VA_ARGS__);                   \
+     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+src/libcollectdclient/client.c:754:5: note: in expansion of macro ‘LCC_SET_ERRSTR’
+     LCC_SET_ERRSTR(c, "Server error: %s", res.message);
+     ^~~~~~~~~~~~~~
+src/libcollectdclient/client.c: In function ‘lcc_flush’:
+src/libcollectdclient/client.c:802:23: warning: ‘%s’ directive output may be truncated writing up to 1023 bytes into a region of size 1010 [-Wformat-truncation=]
+     LCC_SET_ERRSTR(c, "Server error: %s", res.message);
+                       ^                   ~
+src/libcollectdclient/client.c:94:48: note: in definition of macro ‘LCC_SET_ERRSTR’
+     snprintf((c)->errbuf, sizeof((c)->errbuf), __VA_ARGS__);                   \
+                                                ^~~~~~~~~~~
+src/libcollectdclient/client.c:94:5: note: ‘snprintf’ output between 15 and 1038 bytes into a destination of size 1024
+     snprintf((c)->errbuf, sizeof((c)->errbuf), __VA_ARGS__);                   \
+     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+src/libcollectdclient/client.c:802:5: note: in expansion of macro ‘LCC_SET_ERRSTR’
+     LCC_SET_ERRSTR(c, "Server error: %s", res.message);
+     ^~~~~~~~~~~~~~
+src/libcollectdclient/client.c: In function ‘lcc_listval’:
+src/libcollectdclient/client.c:834:23: warning: ‘%s’ directive output may be truncated writing up to 1023 bytes into a region of size 1010 [-Wformat-truncation=]
+     LCC_SET_ERRSTR(c, "Server error: %s", res.message);
+                       ^                   ~
+src/libcollectdclient/client.c:94:48: note: in definition of macro ‘LCC_SET_ERRSTR’
+     snprintf((c)->errbuf, sizeof((c)->errbuf), __VA_ARGS__);                   \
+                                                ^~~~~~~~~~~
+src/libcollectdclient/client.c:94:5: note: ‘snprintf’ output between 15 and 1038 bytes into a destination of size 1024
+     snprintf((c)->errbuf, sizeof((c)->errbuf), __VA_ARGS__);                   \
+     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+src/libcollectdclient/client.c:834:5: note: in expansion of macro ‘LCC_SET_ERRSTR’
+     LCC_SET_ERRSTR(c, "Server error: %s", res.message);
+     ^~~~~~~~~~~~~~
+
+Fixes #2200
+
+[Upstream commit: https://git.octo.it/?p=collectd.git;a=commitdiff;h=e170f3559fcda6d37a012aba187a96b1f42e8f9d]
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+---
+ src/libcollectdclient/client.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/libcollectdclient/client.c b/src/libcollectdclient/client.c
+index 51a4ab2..3ae2e71 100644
+--- a/src/libcollectdclient/client.c
++++ b/src/libcollectdclient/client.c
+@@ -99,7 +99,7 @@
+  */
+ struct lcc_connection_s {
+   FILE *fh;
+-  char errbuf[1024];
++  char errbuf[2048];
+ };
+ 
+ struct lcc_response_s {
+-- 
+1.7.10.4
+
diff -Naurp buildroot-2017.05-rc2/package/Config.in buildroot-2017.05.2/package/Config.in
--- buildroot-2017.05-rc2/package/Config.in     2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/Config.in       2017-07-27 08:16:52.017486944 +0200
@@ -440,7 +440,6 @@ endmenu
        source "package/odroid-mali/Config.in"
        source "package/odroid-scripts/Config.in"
        source "package/ofono/Config.in"
-       source "package/ola/Config.in"
        source "package/on2-8170-modules/Config.in"
        source "package/open2300/Config.in"
        source "package/openipmi/Config.in"
@@ -1811,7 +1810,6 @@ menu "System tools"
        source "package/efibootmgr/Config.in"
        source "package/efivar/Config.in"
        source "package/emlog/Config.in"
-       source "package/firejail/Config.in"
        source "package/ftop/Config.in"
        source "package/getent/Config.in"
        source "package/htop/Config.in"
diff -Naurp buildroot-2017.05-rc2/package/connman/Config.in buildroot-2017.05.2/package/connman/Config.in
--- buildroot-2017.05-rc2/package/connman/Config.in     2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/connman/Config.in       2017-07-27 08:16:52.017486944 +0200
@@ -33,12 +33,16 @@ config BR2_PACKAGE_CONNMAN_WIFI
 
 config BR2_PACKAGE_CONNMAN_WISPR
        bool "enable WISPr support"
+       depends on !BR2_STATIC_LIBS # gnutls
        select BR2_PACKAGE_GNUTLS
        help
          Enable support for Wireless Internet Service Provider
          roaming (WISPr). A RADIUS server is used to authenticate the
          subscriber's credentials.
 
+comment "connman WISPr needs a toolchain w/ dynamic library"
+       depends on BR2_STATIC_LIBS
+
 config BR2_PACKAGE_CONNMAN_BLUETOOTH
        bool "enable Bluetooth support"
        help
diff -Naurp buildroot-2017.05-rc2/package/cppcms/cppcms.mk buildroot-2017.05.2/package/cppcms/cppcms.mk
--- buildroot-2017.05-rc2/package/cppcms/cppcms.mk      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/cppcms/cppcms.mk        2017-07-27 08:16:52.017486944 +0200
@@ -11,6 +11,10 @@ CPPCMS_LICENSE_FILES = COPYING.TXT
 CPPCMS_SITE = http://downloads.sourceforge.net/project/cppcms/cppcms/$(CPPCMS_VERSION)
 CPPCMS_INSTALL_STAGING = YES
 
+# disable rpath to avoid getting /usr/lib added to the link search
+# path
+CPPCMS_CONF_OPTS = -DCMAKE_SKIP_RPATH=ON
+
 CPPCMS_DEPENDENCIES = zlib pcre libgcrypt
 
 ifeq ($(BR2_PACKAGE_CPPCMS_ICU),y)
diff -Naurp buildroot-2017.05-rc2/package/dhcp/Config.in buildroot-2017.05.2/package/dhcp/Config.in
--- buildroot-2017.05-rc2/package/dhcp/Config.in        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/dhcp/Config.in  2017-07-27 08:16:52.017486944 +0200
@@ -12,6 +12,7 @@ if BR2_PACKAGE_DHCP
 
 config BR2_PACKAGE_DHCP_SERVER
        bool "dhcp server"
+       select BR2_PACKAGE_SYSTEMD_TMPFILES if BR2_PACKAGE_SYSTEMD
        help
          DHCP server from the ISC DHCP distribution.
 
diff -Naurp buildroot-2017.05-rc2/package/dhcp/dhcp.mk buildroot-2017.05.2/package/dhcp/dhcp.mk
--- buildroot-2017.05-rc2/package/dhcp/dhcp.mk  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/dhcp/dhcp.mk    2017-07-27 08:16:52.017486944 +0200
@@ -102,6 +102,7 @@ define DHCP_INSTALL_INIT_SYSTEMD
        ln -sf ../../../../usr/lib/systemd/system/dhcpd.service \
                $(TARGET_DIR)/etc/systemd/system/multi-user.target.wants/dhcpd.service
 
+       mkdir -p $(TARGET_DIR)/usr/lib/tmpfiles.d
        echo "d /var/lib/dhcp 0755 - - - -" > \
                $(TARGET_DIR)/usr/lib/tmpfiles.d/dhcpd.conf
        echo "f /var/lib/dhcp/dhcpd.leases - - - - -" >> \
diff -Naurp buildroot-2017.05-rc2/package/dieharder/0004-Add-static-to-inline-functions.patch buildroot-2017.05.2/package/dieharder/0004-Add-static-to-inline-functions.patch
--- buildroot-2017.05-rc2/package/dieharder/0004-Add-static-to-inline-functions.patch   1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/dieharder/0004-Add-static-to-inline-functions.patch     2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,65 @@
+From 9c71a211dcf20f53f747326f5bc3fee9fabe3f52 Mon Sep 17 00:00:00 2001
+From: Julien Viard de Galbert <julien@vdg.name>
+Date: Tue, 27 Jun 2017 00:16:11 +0200
+Subject: [PATCH] Add static to inline functions
+
+This is needed to avoid a link error where the inline functions appear
+missing at link time.
+From c99 standard inline function should either be declared static or
+have an extern instance in a c file for linking.
+This fix is necessary to build with gcc 7; for some reason it was not
+trigerred before.
+
+Signed-off-by: Julien Viard de Galbert <julien@vdg.name>
+---
+ libdieharder/dab_filltree.c  | 4 ++--
+ libdieharder/dab_filltree2.c | 4 ++--
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/libdieharder/dab_filltree.c b/libdieharder/dab_filltree.c
+index 9cc5ce7..a377c3d 100644
+--- a/libdieharder/dab_filltree.c
++++ b/libdieharder/dab_filltree.c
+@@ -34,7 +34,7 @@ static double targetData[] = {
+ 0.0, 0.0, 0.0, 0.0, 0.13333333, 0.20000000, 0.20634921, 0.17857143, 0.13007085, 0.08183633, 0.04338395, 0.01851828, 0.00617270, 0.00151193, 0.00023520, 0.00001680, 0.00000000, 0.00000000, 0.00000000, 0.00000000
+ };
+ 
+-inline int insert(double x, double *array, unsigned int startVal);
++static inline int insert(double x, double *array, unsigned int startVal);
+ 
+ int dab_filltree(Test **test,int irun) {
+  int size = (ntuple == 0) ? 32 : ntuple;
+@@ -105,7 +105,7 @@ int dab_filltree(Test **test,int irun) {
+ }
+ 
+ 
+-inline int insert(double x, double *array, unsigned int startVal) {
++static inline int insert(double x, double *array, unsigned int startVal) {
+  uint d = (startVal + 1) / 2;
+  uint i = startVal;
+  while (d > 0) {
+diff --git a/libdieharder/dab_filltree2.c b/libdieharder/dab_filltree2.c
+index 1e33af2..59cbd52 100644
+--- a/libdieharder/dab_filltree2.c
++++ b/libdieharder/dab_filltree2.c
+@@ -92,7 +92,7 @@ static double targetData[128] = {  // size=128, generated from 6e9 samples
+ 0.00000000000e+00,0.00000000000e+00,0.00000000000e+00,0.00000000000e+00,
+ };
+ 
+-inline int insertBit(uint x, uchar *array, uint *i, uint *d);
++static inline int insertBit(uint x, uchar *array, uint *i, uint *d);
+ 
+ int dab_filltree2(Test **test, int irun) {
+  int size = (ntuple == 0) ? 128 : ntuple;
+@@ -181,7 +181,7 @@ int dab_filltree2(Test **test, int irun) {
+  * The function returns >= 0 if the path went too deep; the
+  * returned value is the last position of the path.
+  */
+-inline int insertBit(uint x, uchar *array, uint *i, uint *d) {
++static inline int insertBit(uint x, uchar *array, uint *i, uint *d) {
+  if (x != 0) {
+    *i += *d;
+  } else {
+-- 
+2.13.2
+
diff -Naurp buildroot-2017.05-rc2/package/docker-engine/docker-engine.mk buildroot-2017.05.2/package/docker-engine/docker-engine.mk
--- buildroot-2017.05-rc2/package/docker-engine/docker-engine.mk        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/docker-engine/docker-engine.mk  2017-07-27 08:16:52.017486944 +0200
@@ -42,6 +42,11 @@ DOCKER_ENGINE_BUILD_TAGS += seccomp
 DOCKER_ENGINE_DEPENDENCIES += libseccomp
 endif
 
+ifeq ($(BR2_INIT_SYSTEMD),y)
+DOCKER_ENGINE_BUILD_TAGS += journald
+DOCKER_ENGINE_DEPENDENCIES += systemd
+endif
+
 ifeq ($(BR2_PACKAGE_DOCKER_ENGINE_DAEMON),y)
 DOCKER_ENGINE_BUILD_TAGS += daemon
 DOCKER_ENGINE_BUILD_TARGETS += dockerd
diff -Naurp buildroot-2017.05-rc2/package/dropbear/dropbear.hash buildroot-2017.05.2/package/dropbear/dropbear.hash
--- buildroot-2017.05-rc2/package/dropbear/dropbear.hash        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/dropbear/dropbear.hash  2017-07-27 08:16:52.017486944 +0200
@@ -1,2 +1,2 @@
 # From https://matt.ucc.asn.au/dropbear/releases/SHA256SUM.asc
-sha256 2720ea54ed009af812701bcc290a2a601d5c107d12993e5d92c0f5f81f718891 dropbear-2016.74.tar.bz2
+sha256 6cbc1dcb1c9709d226dff669e5604172a18cf5dbf9a201474d5618ae4465098c dropbear-2017.75.tar.bz2
diff -Naurp buildroot-2017.05-rc2/package/dropbear/dropbear.mk buildroot-2017.05.2/package/dropbear/dropbear.mk
--- buildroot-2017.05-rc2/package/dropbear/dropbear.mk  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/dropbear/dropbear.mk    2017-07-27 08:16:52.017486944 +0200
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DROPBEAR_VERSION = 2016.74
+DROPBEAR_VERSION = 2017.75
 DROPBEAR_SITE = http://matt.ucc.asn.au/dropbear/releases
 DROPBEAR_SOURCE = dropbear-$(DROPBEAR_VERSION).tar.bz2
 DROPBEAR_LICENSE = MIT, BSD-2-Clause-like, BSD-2-Clause
diff -Naurp buildroot-2017.05-rc2/package/efibootmgr/0003-Remove-extra-const-keywords-gcc-7-gripes-about.patch buildroot-2017.05.2/package/efibootmgr/0003-Remove-extra-const-keywords-gcc-7-gripes-about.patch
--- buildroot-2017.05-rc2/package/efibootmgr/0003-Remove-extra-const-keywords-gcc-7-gripes-about.patch  1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/efibootmgr/0003-Remove-extra-const-keywords-gcc-7-gripes-about.patch    2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,51 @@
+From a542b169003c2ef95ce6c00d40050eb10568b612 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Mon, 6 Feb 2017 16:34:54 -0500
+Subject: [PATCH] Remove extra const keywords gcc 7 gripes about.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+[Backported from upstream commit a542b169003c2ef95ce6c00d40050eb10568b612]
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+---
+ src/efibootdump.c | 2 +-
+ src/efibootmgr.c  | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/efibootdump.c b/src/efibootdump.c
+index 6ff8360..30a1943 100644
+--- a/src/efibootdump.c
++++ b/src/efibootdump.c
+@@ -39,7 +39,7 @@ print_boot_entry(efi_load_option *loadopt, size_t data_size)
+       uint8_t *optional_data = NULL;
+       size_t optional_data_len = 0;
+       uint16_t pathlen;
+-      const unsigned char const *desc;
++      const unsigned char *desc;
+       char *raw;
+       size_t raw_len;
+ 
+diff --git a/src/efibootmgr.c b/src/efibootmgr.c
+index 493f2cf..90a0998 100644
+--- a/src/efibootmgr.c
++++ b/src/efibootmgr.c
+@@ -221,7 +221,7 @@ warn_duplicate_name(list_t *var_list)
+       list_t *pos;
+       var_entry_t *entry;
+       efi_load_option *load_option;
+-      const unsigned char const *desc;
++      const unsigned char *desc;
+ 
+       list_for_each(pos, var_list) {
+               entry = list_entry(pos, var_entry_t, list);
+@@ -873,7 +873,7 @@ show_vars(const char *prefix)
+ {
+       list_t *pos;
+       var_entry_t *boot;
+-      const unsigned char const *description;
++      const unsigned char *description;
+       efi_load_option *load_option;
+       efidp dp = NULL;
+       unsigned char *optional_data = NULL;
+-- 
+2.9.4
+
diff -Naurp buildroot-2017.05-rc2/package/efivar/0003-Remove-some-extra-const-that-gcc-complains-about.patch buildroot-2017.05.2/package/efivar/0003-Remove-some-extra-const-that-gcc-complains-about.patch
--- buildroot-2017.05-rc2/package/efivar/0003-Remove-some-extra-const-that-gcc-complains-about.patch    1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/efivar/0003-Remove-some-extra-const-that-gcc-complains-about.patch      2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,47 @@
+From 1c7c0f71c9d22efda4156881eb187b8c69d1cca7 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Mon, 6 Feb 2017 14:28:19 -0500
+Subject: [PATCH] Remove some extra "const" that gcc complains about.
+
+One of these days I'll get these right.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Upstream commit 1c7c0f71c9d22e.
+
+ src/include/efivar/efiboot-loadopt.h | 4 ++--
+ src/loadopt.c                        | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/include/efivar/efiboot-loadopt.h b/src/include/efivar/efiboot-loadopt.h
+index 07db5c4c53e3..efc29c69d47e 100644
+--- a/src/include/efivar/efiboot-loadopt.h
++++ b/src/include/efivar/efiboot-loadopt.h
+@@ -32,8 +32,8 @@ extern ssize_t efi_loadopt_create(uint8_t *buf, ssize_t size,
+ 
+ extern efidp efi_loadopt_path(efi_load_option *opt, ssize_t limit)
+       __attribute__((__nonnull__ (1)));
+-extern const unsigned char const * efi_loadopt_desc(efi_load_option *opt,
+-                                                  ssize_t limit)
++extern const unsigned char * efi_loadopt_desc(efi_load_option *opt,
++                                            ssize_t limit)
+       __attribute__((__visibility__ ("default")))
+       __attribute__((__nonnull__ (1)));
+ extern uint32_t efi_loadopt_attrs(efi_load_option *opt)
+diff --git a/src/loadopt.c b/src/loadopt.c
+index a63ca792d2dc..ce889867fd29 100644
+--- a/src/loadopt.c
++++ b/src/loadopt.c
+@@ -357,7 +357,7 @@ teardown(void)
+ 
+ __attribute__((__nonnull__ (1)))
+ __attribute__((__visibility__ ("default")))
+-const unsigned char const *
++const unsigned char *
+ efi_loadopt_desc(efi_load_option *opt, ssize_t limit)
+ {
+       if (last_desc) {
+-- 
+2.13.2
+
diff -Naurp buildroot-2017.05-rc2/package/elfutils/0002-disable-progs.patch buildroot-2017.05.2/package/elfutils/0002-disable-progs.patch
--- buildroot-2017.05-rc2/package/elfutils/0002-disable-progs.patch     2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/elfutils/0002-disable-progs.patch       2017-07-27 08:16:52.017486944 +0200
@@ -1,4 +1,7 @@
-Add a --{enable,disable}-progs configure option
+From dfea82b761b2ea4708fbf9370a5467ae4be525ca Mon Sep 17 00:00:00 2001
+From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+Date: Mon, 29 May 2017 23:03:48 +0300
+Subject: [PATCH] Add a --{enable,disable}-progs configure option
 
 Add a --{enable,disable}-progs configuration option to elfutils. This
 allows to selectively disable the compilation of the elfutils programs
@@ -13,26 +16,15 @@ Based on the former patch by Thomas Peta
 
 Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
+---
+ Makefile.am  | 6 +++++-
+ configure.ac | 6 ++++++
+ 2 files changed, 11 insertions(+), 1 deletion(-)
 
-diff -rup a/configure.ac b/configure.ac
---- a/configure.ac     2016-03-31 09:48:08.000000000 +0100
-+++ b/configure.ac     2016-06-17 14:47:03.561704498 +0100
-@@ -253,6 +253,12 @@ AC_SUBST([LIBEBL_SUBDIR])
- AC_DEFINE_UNQUOTED(LIBEBL_SUBDIR, "$LIBEBL_SUBDIR")
- AH_TEMPLATE([LIBEBL_SUBDIR], [$libdir subdirectory containing libebl modules.])
- 
-+AC_ARG_ENABLE([progs],
-+      AS_HELP_STRING([--enable-progs], [enable progs]),
-+      enable_progs=$enableval,
-+      enable_progs=yes)
-+AM_CONDITIONAL(ENABLE_PROGS, test "$enable_progs" = yes)
-+
- dnl zlib is mandatory.
- save_LIBS="$LIBS"
- LIBS=
-diff -rup a/Makefile.am b/Makefile.am
---- a/Makefile.am      2016-01-12 12:49:19.000000000 +0000
-+++ b/Makefile.am      2016-06-17 14:48:02.585861468 +0100
+diff --git a/Makefile.am b/Makefile.am
+index 2ff444e7bf1d..70443abb4fb6 100644
+--- a/Makefile.am
++++ b/Makefile.am
 @@ -26,9 +26,13 @@ AM_MAKEFLAGS = --no-print-directory
  
  pkginclude_HEADERS = version.h
@@ -48,3 +40,23 @@ diff -rup a/Makefile.am b/Makefile.am
  
  EXTRA_DIST = elfutils.spec GPG-KEY NOTES CONTRIBUTING \
             COPYING COPYING-GPLV2 COPYING-LGPLV3
+diff --git a/configure.ac b/configure.ac
+index c2c1d90b2133..7b4c38381cca 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -259,6 +259,12 @@ AC_SUBST([LIBEBL_SUBDIR])
+ AC_DEFINE_UNQUOTED(LIBEBL_SUBDIR, "$LIBEBL_SUBDIR")
+ AH_TEMPLATE([LIBEBL_SUBDIR], [$libdir subdirectory containing libebl modules.])
+ 
++AC_ARG_ENABLE([progs],
++      AS_HELP_STRING([--enable-progs], [enable progs]),
++      enable_progs=$enableval,
++      enable_progs=yes)
++AM_CONDITIONAL(ENABLE_PROGS, test "$enable_progs" = yes)
++
+ dnl zlib is mandatory.
+ save_LIBS="$LIBS"
+ LIBS=
+-- 
+2.11.0
+
diff -Naurp buildroot-2017.05-rc2/package/elfutils/0003-fts.patch buildroot-2017.05.2/package/elfutils/0003-fts.patch
--- buildroot-2017.05-rc2/package/elfutils/0003-fts.patch       2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/elfutils/0003-fts.patch 2017-07-27 08:16:52.017486944 +0200
@@ -1,4 +1,7 @@
-Add an implementation of the fts_*() functions
+From 098760f7eac1fb86b3f6871d5bb10f9f44468f2d Mon Sep 17 00:00:00 2001
+From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+Date: Mon, 29 May 2017 23:08:05 +0300
+Subject: [PATCH] Add an implementation of the fts_*() functions
 
 The fts_*() functions are optional in uClibc, and not compiled in our
 default configuration. The best option would be to migrate this
@@ -28,11 +31,21 @@ Based on the former patch by Thomas Peta
 
 Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
+---
+ configure.ac                   |    4 +
+ libdwfl/Makefile.am            |    3 +
+ libdwfl/fts.c                  | 1095 ++++++++++++++++++++++++++++++++++++++++
+ libdwfl/fts_.h                 |  131 +++++
+ libdwfl/linux-kernel-modules.c |    4 +
+ 5 files changed, 1237 insertions(+)
+ create mode 100644 libdwfl/fts.c
+ create mode 100644 libdwfl/fts_.h
 
-diff -Nrup a/configure.ac b/configure.ac
---- a/configure.ac     2016-06-17 14:47:03.561704498 +0100
-+++ b/configure.ac     2016-06-17 14:52:35.038200412 +0100
-@@ -259,6 +259,10 @@ AC_ARG_ENABLE([progs],
+diff --git a/configure.ac b/configure.ac
+index 7b4c38381cca..bcebb05fa532 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -265,6 +265,10 @@ AC_ARG_ENABLE([progs],
        enable_progs=yes)
  AM_CONDITIONAL(ENABLE_PROGS, test "$enable_progs" = yes)
  
@@ -43,9 +56,25 @@ diff -Nrup a/configure.ac b/configure.ac
  dnl zlib is mandatory.
  save_LIBS="$LIBS"
  LIBS=
-diff -Nrup a/libdwfl/fts.c b/libdwfl/fts.c
---- a/libdwfl/fts.c    1970-01-01 01:00:00.000000000 +0100
-+++ b/libdwfl/fts.c    2016-06-17 14:57:26.649912084 +0100
+diff --git a/libdwfl/Makefile.am b/libdwfl/Makefile.am
+index 89ca92ed8110..a5a5615c5f94 100644
+--- a/libdwfl/Makefile.am
++++ b/libdwfl/Makefile.am
+@@ -77,6 +77,9 @@ endif
+ if LZMA
+ libdwfl_a_SOURCES += lzma.c
+ endif
++if !HAVE_FTS
++libdwfl_a_SOURCES += fts.c
++endif
+ 
+ libdwfl = $(libdw)
+ libdw = ../libdw/libdw.so
+diff --git a/libdwfl/fts.c b/libdwfl/fts.c
+new file mode 100644
+index 000000000000..f34cc03bd963
+--- /dev/null
++++ b/libdwfl/fts.c
 @@ -0,0 +1,1095 @@
 +/*-
 + * Copyright (c) 1990, 1993, 1994
@@ -1142,9 +1171,11 @@ diff -Nrup a/libdwfl/fts.c b/libdwfl/fts
 +      errno = oerrno;
 +      return (ret);
 +}
-diff -Nrup a/libdwfl/fts_.h b/libdwfl/fts_.h
---- a/libdwfl/fts_.h   1970-01-01 01:00:00.000000000 +0100
-+++ b/libdwfl/fts_.h   2016-06-17 14:58:42.003387566 +0100
+diff --git a/libdwfl/fts_.h b/libdwfl/fts_.h
+new file mode 100644
+index 000000000000..0a070ba8dce5
+--- /dev/null
++++ b/libdwfl/fts_.h
 @@ -0,0 +1,131 @@
 +/*
 + * Copyright (c) 1989, 1993
@@ -1277,31 +1308,25 @@ diff -Nrup a/libdwfl/fts_.h b/libdwfl/ft
 +__END_DECLS
 +
 +#endif /* fts.h */
-diff -Nrup a/libdwfl/linux-kernel-modules.c b/libdwfl/linux-kernel-modules.c
---- a/libdwfl/linux-kernel-modules.c   2016-03-02 16:25:38.000000000 +0000
-+++ b/libdwfl/linux-kernel-modules.c   2016-06-17 14:59:50.267724089 +0100
-@@ -29,7 +29,11 @@
- /* We include this before config.h because it can't handle _FILE_OFFSET_BITS.
-    Everything we need here is fine if its declarations just come first.  */
- 
+diff --git a/libdwfl/linux-kernel-modules.c b/libdwfl/linux-kernel-modules.c
+index 9d0fef2cf260..47f0e3892294 100644
+--- a/libdwfl/linux-kernel-modules.c
++++ b/libdwfl/linux-kernel-modules.c
+@@ -31,10 +31,14 @@
+    Everything we need here is fine if its declarations just come first.
+    Also, include sys/types.h before fts. On some systems fts.h is not self
+    contained. */
 +#ifdef HAVE_FTS_H
- #include <fts.h>
+ #ifdef BAD_FTS
+   #include <sys/types.h>
+   #include <fts.h>
+ #endif
 +#else
 +#include <fts_.h>
 +#endif
  
  #include <config.h>
- 
-diff -Nrup a/libdwfl/Makefile.am b/libdwfl/Makefile.am
---- a/libdwfl/Makefile.am      2016-01-12 12:49:19.000000000 +0000
-+++ b/libdwfl/Makefile.am      2016-06-17 15:01:03.492157569 +0100
-@@ -77,6 +77,9 @@ endif
- if LZMA
- libdwfl_a_SOURCES += lzma.c
- endif
-+if !HAVE_FTS
-+libdwfl_a_SOURCES += fts.c
-+endif
- 
- libdwfl = $(libdw)
- libdw = ../libdw/libdw.so
+ #include <system.h>
+-- 
+2.11.0
+
diff -Naurp buildroot-2017.05-rc2/package/elfutils/0005-really-make-werror-conditional-to-build-werror.patch buildroot-2017.05.2/package/elfutils/0005-really-make-werror-conditional-to-build-werror.patch
--- buildroot-2017.05-rc2/package/elfutils/0005-really-make-werror-conditional-to-build-werror.patch    2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/elfutils/0005-really-make-werror-conditional-to-build-werror.patch      2017-07-27 08:16:52.017486944 +0200
@@ -1,4 +1,7 @@
-Really make -Werror conditional to BUILD_WERROR
+From 1d8f27d73df6369b19ddd6732960df0d4fdec338 Mon Sep 17 00:00:00 2001
+From: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
+Date: Mon, 29 May 2017 23:24:42 +0300
+Subject: [PATCH] Really make -Werror conditional to BUILD_WERROR
 
 Otherwise it will fail with an error message like this one:
 
@@ -12,15 +15,22 @@ cc1: all warnings being treated as error
 
 Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
 Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
+---
+ config/eu.am | 1 -
+ 1 file changed, 1 deletion(-)
 
-diff -rup a/config/eu.am b/config/eu.am
---- a/config/eu.am     2016-03-02 16:25:38.000000000 +0000
-+++ b/config/eu.am     2016-06-17 15:05:08.270974835 +0100
-@@ -65,7 +65,6 @@ AM_CFLAGS = -std=gnu99 -Wall -Wshadow -W
+diff --git a/config/eu.am b/config/eu.am
+index 8fe1e259f9e2..c5a6209a4e04 100644
+--- a/config/eu.am
++++ b/config/eu.am
+@@ -71,7 +71,6 @@ AM_CFLAGS = -std=gnu99 -Wall -Wshadow -Wformat=2 \
            -Wold-style-definition -Wstrict-prototypes \
            $(LOGICAL_OP_WARNING) $(DUPLICATED_COND_WARNING) \
-           $(NULL_DEREFERENCE_WARNING) \
+           $(NULL_DEREFERENCE_WARNING) $(IMPLICIT_FALLTHROUGH_WARNING) \
 -          $(if $($(*F)_no_Werror),,-Werror) \
            $(if $($(*F)_no_Wunused),,-Wunused -Wextra) \
            $(if $($(*F)_no_Wstack_usage),,$(STACK_USAGE_WARNING)) \
            $($(*F)_CFLAGS)
+-- 
+2.11.0
+
diff -Naurp buildroot-2017.05-rc2/package/elfutils/elfutils.hash buildroot-2017.05.2/package/elfutils/elfutils.hash
--- buildroot-2017.05-rc2/package/elfutils/elfutils.hash        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/elfutils/elfutils.hash  2017-07-27 08:16:52.017486944 +0200
@@ -1,2 +1,2 @@
-# Locally calculated
-sha256 3c056914c8a438b210be0d790463b960fc79d234c3f05ce707cbff80e94cba30  elfutils-0.166.tar.bz2
+# From https://sourceware.org/elfutils/ftp/0.169/sha512.sum
+sha512 0a81a20bb2aff533d035d6b76f1403437b2e11bce390db57e34b8c26e4b9b3150346d83dddcbfbbdc58063f046ca3223508dba35c6ce88e375d201e7a777a8b9  elfutils-0.169.tar.bz2
diff -Naurp buildroot-2017.05-rc2/package/elfutils/elfutils.mk buildroot-2017.05.2/package/elfutils/elfutils.mk
--- buildroot-2017.05-rc2/package/elfutils/elfutils.mk  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/elfutils/elfutils.mk    2017-07-27 08:16:52.017486944 +0200
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-ELFUTILS_VERSION = 0.166
+ELFUTILS_VERSION = 0.169
 ELFUTILS_SOURCE = elfutils-$(ELFUTILS_VERSION).tar.bz2
 ELFUTILS_SITE = https://sourceware.org/elfutils/ftp/$(ELFUTILS_VERSION)
 ELFUTILS_INSTALL_STAGING = YES
@@ -20,11 +20,9 @@ HOST_ELFUTILS_AUTORECONF = YES
 # Pass a custom program prefix to avoid a naming conflict between
 # elfutils binaries and binutils binaries.
 ELFUTILS_CONF_OPTS += \
-       --disable-werror \
        --program-prefix="eu-"
 
 HOST_ELFUTILS_CONF_OPTS = \
-       --disable-werror \
        --with-bzlib \
        --with-lzma \
        --disable-progs
diff -Naurp buildroot-2017.05-rc2/package/erlang/Config.in buildroot-2017.05.2/package/erlang/Config.in
--- buildroot-2017.05-rc2/package/erlang/Config.in      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/erlang/Config.in        2017-07-27 08:16:52.017486944 +0200
@@ -16,11 +16,12 @@ config BR2_PACKAGE_ERLANG
        depends on !BR2_STATIC_LIBS
        depends on BR2_PACKAGE_ERLANG_ARCH_SUPPORTS
        help
-         Erlang is a programming language used to build massively scalable
-         soft real-time systems with requirements on high availability.
-         Some of its uses are in telecoms, banking, e-commerce, computer
-         telephony and instant messaging. Erlang's runtime system has
-         built-in support for concurrency, distribution and fault tolerance.
+         Erlang is a programming language used to build massively
+         scalable soft real-time systems with requirements on high
+         availability. Some of its uses are in telecoms, banking,
+         e-commerce, computer telephony and instant messaging.
+         Erlang's runtime system has built-in support for
+         concurrency, distribution and fault tolerance.
 
          http://www.erlang.org
 
@@ -29,18 +30,19 @@ if BR2_PACKAGE_ERLANG
 config BR2_PACKAGE_ERLANG_SMP
        bool "enable SMP support"
        help
-         Erlang provides both a UP and an SMP emulator. The UP emulator
-         is always built, and this option enables compilation of the SMP
-         emulator. The choice of which emulator to use is made at runtime.
-         If you do not need SMP support, turning this option off reduces
-         compile time and the size of the Erlang installation.
+         Erlang provides both a UP and an SMP emulator. The UP
+         emulator is always built, and this option enables
+         compilation of the SMP emulator. The choice of which
+         emulator to use is made at runtime. If you do not need SMP
+         support, turning this option off reduces compile time and
+         the size of the Erlang installation.
 
 config BR2_PACKAGE_ERLANG_MEGACO
        bool "install megaco application"
        help
-         The Megaco application is a framework for building applications
-         on top of the Megaco/H.248 protocol. It is approximately 14MB in
-         size so if you do not need it then it is recommended not to
-         enable it.
+         The Megaco application is a framework for building
+         applications on top of the Megaco/H.248 protocol. It is
+         approximately 14MB in size so if you do not need it then
+         it is recommended not to enable it.
 
 endif # BR2_PACKAGE_ERLANG
diff -Naurp buildroot-2017.05-rc2/package/exim/Config.in buildroot-2017.05.2/package/exim/Config.in
--- buildroot-2017.05-rc2/package/exim/Config.in        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/exim/Config.in  2017-07-27 08:16:52.017486944 +0200
@@ -8,8 +8,9 @@ config BR2_PACKAGE_EXIM
        select BR2_PACKAGE_PCRE
        select BR2_PACKAGE_BERKELEYDB
        help
-         Exim is a message transfer agent (MTA) developed at the University of
-         Cambridge for use on Unix systems connected to the Internet.
+         Exim is a message transfer agent (MTA) developed at the
+         University of Cambridge for use on Unix systems connected to
+         the Internet.
 
          http://www.exim.org/
 
diff -Naurp buildroot-2017.05-rc2/package/expat/expat.hash buildroot-2017.05.2/package/expat/expat.hash
--- buildroot-2017.05-rc2/package/expat/expat.hash      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/expat/expat.hash        2017-07-27 08:16:52.017486944 +0200
@@ -1,5 +1,5 @@
-# From https://sourceforge.net/projects/expat/files/expat/2.2.0/
-md5    2f47841c829facb346eb6e3fab5212e2        expat-2.2.0.tar.bz2
-sha1   8453bc52324be4c796fd38742ec48470eef358b3        expat-2.2.0.tar.bz2
+# From https://sourceforge.net/projects/expat/files/expat/2.2.2/
+md5    1ede9a41223c78528b8c5d23e69a2667        expat-2.2.2.tar.bz2
+sha1   891cee988b38d5d66953f62f94c3150b8810a70a        expat-2.2.2.tar.bz2
 # Calculated based on the hashes above
-sha256 d9e50ff2d19b3538bd2127902a89987474e1a4db8e43a66a4d1a712ab9a504ff        expat-2.2.0.tar.bz2
+sha256 4376911fcf81a23ebd821bbabc26fd933f3ac74833f74924342c29aad2c86046        expat-2.2.2.tar.bz2
diff -Naurp buildroot-2017.05-rc2/package/expat/expat.mk buildroot-2017.05.2/package/expat/expat.mk
--- buildroot-2017.05-rc2/package/expat/expat.mk        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/expat/expat.mk  2017-07-27 08:16:52.017486944 +0200
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-EXPAT_VERSION = 2.2.0
+EXPAT_VERSION = 2.2.2
 EXPAT_SITE = http://downloads.sourceforge.net/project/expat/expat/$(EXPAT_VERSION)
 EXPAT_SOURCE = expat-$(EXPAT_VERSION).tar.bz2
 EXPAT_INSTALL_STAGING = YES
@@ -15,5 +15,14 @@ HOST_EXPAT_DEPENDENCIES = host-pkgconf
 EXPAT_LICENSE = MIT
 EXPAT_LICENSE_FILES = COPYING
 
+# Kernel versions older than 3.17 do not support getrandom()
+ifeq ($(BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_17),)
+EXPAT_CONF_ENV += CPPFLAGS="$(TARGET_CPPFLAGS) -DXML_POOR_ENTROPY"
+endif
+
+# Make build succeed on host kernel older than 3.17. getrandom() will still
+# be used on newer kernels.
+HOST_EXPAT_CONF_ENV += CPPFLAGS="$(HOST_CPPFLAGS) -DXML_POOR_ENTROPY"
+
 $(eval $(autotools-package))
 $(eval $(host-autotools-package))
diff -Naurp buildroot-2017.05-rc2/package/fbgrab/fbgrab.mk buildroot-2017.05.2/package/fbgrab/fbgrab.mk
--- buildroot-2017.05-rc2/package/fbgrab/fbgrab.mk      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/fbgrab/fbgrab.mk        2017-07-27 08:16:52.017486944 +0200
@@ -11,7 +11,7 @@ FBGRAB_LICENSE = GPL-2.0
 FBGRAB_LICENSE_FILES = COPYING
 
 define FBGRAB_BUILD_CMDS
-       $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)
+       $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D) fbgrab
 endef
 
 define FBGRAB_INSTALL_TARGET_CMDS
diff -Naurp buildroot-2017.05-rc2/package/fcgiwrap/fcgiwrap.mk buildroot-2017.05.2/package/fcgiwrap/fcgiwrap.mk
--- buildroot-2017.05-rc2/package/fcgiwrap/fcgiwrap.mk  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/fcgiwrap/fcgiwrap.mk    2017-07-27 08:16:52.017486944 +0200
@@ -10,6 +10,7 @@ FCGIWRAP_DEPENDENCIES = host-pkgconf lib
 FCGIWRAP_LICENSE = MIT
 FCGIWRAP_LICENSE_FILES = COPYING
 FCGIWRAP_AUTORECONF = YES
+FCGIWRAP_CONF_ENV = CFLAGS="$(TARGET_CFLAGS) -Wno-error"
 
 ifeq ($(BR2_PACKAGE_SYSTEMD),y)
 FCGIWRAP_DEPENDENCIES += systemd
diff -Naurp buildroot-2017.05-rc2/package/ffmpeg/Config.in buildroot-2017.05.2/package/ffmpeg/Config.in
--- buildroot-2017.05-rc2/package/ffmpeg/Config.in      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/ffmpeg/Config.in        2017-07-27 08:16:52.017486944 +0200
@@ -3,7 +3,13 @@ config BR2_PACKAGE_FFMPEG_ARCH_SUPPORTS
        # fenv.h lacks FE_INVALID, FE_OVERFLOW & FE_UNDERFLOW on nios2
        # No support for ARMv7-M in the ARM assembly logic
        # Microblaze build affected by gcc PR71124 (infinite loop)
-       default y if !BR2_nios2 && !BR2_ARM_CPU_ARMV7M && !BR2_microblaze
+       # m68k coldfire causes a build failure, because the check for
+       # atomics (atomic_store) succeeds, which causes ffmpeg to
+       # think atomic intrinsics are available, while they are
+       # not. See https://patchwork.ozlabs.org/patch/756664/ and
+       # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68467 for more
+       # details.
+       default y if !BR2_nios2 && !BR2_ARM_CPU_ARMV7M && !BR2_microblaze && !BR2_m68k_cf
 
 menuconfig BR2_PACKAGE_FFMPEG
        bool "ffmpeg"
diff -Naurp buildroot-2017.05-rc2/package/ffmpeg/ffmpeg.mk buildroot-2017.05.2/package/ffmpeg/ffmpeg.mk
--- buildroot-2017.05-rc2/package/ffmpeg/ffmpeg.mk      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/ffmpeg/ffmpeg.mk        2017-07-27 08:16:52.017486944 +0200
@@ -42,6 +42,9 @@ FFMPEG_CONF_OPTS = \
        --disable-mipsdspr2 \
        --disable-msa \
        --enable-hwaccels \
+       --disable-cuda \
+       --disable-cuvid \
+       --disable-nvenc \
        --disable-avisynth \
        --disable-frei0r \
        --disable-libopencore-amrnb \
@@ -157,12 +160,18 @@ endif
 
 ifeq ($(BR2_PACKAGE_FFMPEG_INDEVS),y)
 FFMPEG_CONF_OPTS += --enable-indevs
+ifeq ($(BR2_PACKAGE_ALSA_LIB),y)
+FFMPEG_DEPENDENCIES += alsa-lib
+endif
 else
 FFMPEG_CONF_OPTS += --disable-indevs
 endif
 
 ifeq ($(BR2_PACKAGE_FFMPEG_OUTDEVS),y)
 FFMPEG_CONF_OPTS += --enable-outdevs
+ifeq ($(BR2_PACKAGE_ALSA_LIB),y)
+FFMPEG_DEPENDENCIES += alsa-lib
+endif
 else
 FFMPEG_CONF_OPTS += --disable-outdevs
 endif
diff -Naurp buildroot-2017.05-rc2/package/firejail/Config.in buildroot-2017.05.2/package/firejail/Config.in
--- buildroot-2017.05-rc2/package/firejail/Config.in    2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/firejail/Config.in      1970-01-01 01:00:00.000000000 +0100
@@ -1,21 +0,0 @@
-config BR2_PACKAGE_FIREJAIL
-       bool "firejail"
-       depends on BROKEN # does not cross-compile at all
-       depends on BR2_USE_MMU # fork()
-       depends on BR2_TOOLCHAIN_HAS_THREADS
-       # uClibc: error: ‘EM_ARM’ undeclared
-       depends on !BR2_TOOLCHAIN_USES_UCLIBC
-       help
-         Firejail is a SUID program that reduces the risk of security
-         breaches by restricting the running environment of untrusted
-         applications using Linux namespaces and seccomp-bpf. It
-         allows a process and all its descendants to have their own
-         private view of the globally shared kernel resources, such
-         as the network stack, process table, mount table.
-
-         https://firejail.wordpress.com/
-
-comment "firejail needs a glibc or musl toolchain w/ threads"
-       depends on BR2_USE_MMU
-       depends on BROKEN
-       depends on BR2_TOOLCHAIN_USES_UCLIBC || !BR2_TOOLCHAIN_HAS_THREADS
diff -Naurp buildroot-2017.05-rc2/package/firejail/firejail.hash buildroot-2017.05.2/package/firejail/firejail.hash
--- buildroot-2017.05-rc2/package/firejail/firejail.hash        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/firejail/firejail.hash  1970-01-01 01:00:00.000000000 +0100
@@ -1,3 +0,0 @@
-# From https://sourceforge.net/projects/firejail/files/firejail/
-md5 7e6dca7202b1d70105b39646755cc620 firejail-0.9.44.8.tar.xz
-sha1 019423df0aee84d474f9fcd1f6a871a2fe8aa9a5 firejail-0.9.44.8.tar.xz
diff -Naurp buildroot-2017.05-rc2/package/firejail/firejail.mk buildroot-2017.05.2/package/firejail/firejail.mk
--- buildroot-2017.05-rc2/package/firejail/firejail.mk  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/firejail/firejail.mk    1970-01-01 01:00:00.000000000 +0100
@@ -1,28 +0,0 @@
-################################################################################
-#
-# firejail
-#
-################################################################################
-
-FIREJAIL_VERSION = 0.9.44.8
-FIREJAIL_SITE = http://download.sourceforge.net/firejail
-FIREJAIL_SOURCE = firejail-$(FIREJAIL_VERSION).tar.xz
-FIREJAIL_LICENSE = GPL-2.0+
-FIREJAIL_LICENSE_FILES = COPYING
-
-FIREJAIL_CONF_OPTS = \
-       --enable-bind \
-       --enable-file-transfer \
-       --enable-network \
-       --enable-seccomp \
-       --enable-userns
-
-ifeq ($(BR2_PACKAGE_BUSYBOX),y)
-FIREJAIL_CONF_OPTS += --enable-busybox-workaround
-endif
-
-define FIREJAIL_PERMISSIONS
-       /usr/bin/firejail f 4755 0 0 - - - - -
-endef
-
-$(eval $(autotools-package))
diff -Naurp buildroot-2017.05-rc2/package/flashrom/0002-sys-io.h.patch buildroot-2017.05.2/package/flashrom/0002-sys-io.h.patch
--- buildroot-2017.05-rc2/package/flashrom/0002-sys-io.h.patch  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/flashrom/0002-sys-io.h.patch    1970-01-01 01:00:00.000000000 +0100
@@ -1,27 +0,0 @@
-hwaccess: sys/io.h is not specific to glibc
-
-Under Linux, sys/io.h provides inb and outb, so we really need it.
-However, its inclusion is conditional to the _GLIBC_ define. This is
-usually OK under Linux, since both glibc and uClibc define it (uclibc
-fakes being glibc).
-
-But the musl C library does not impersonate glibc, so we're missing
-including sys/io.h in this case.
-
-Change the include from checking _GLIBC_ to checking whether this is
-Linux, looking for the __linux__ define.
-
-Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
-
-diff -durN flashrom-0.9.8.orig/hwaccess.h flashrom-0.9.8/hwaccess.h
---- flashrom-0.9.8.orig/hwaccess.h     2015-02-10 09:03:10.000000000 +0100
-+++ flashrom-0.9.8/hwaccess.h  2015-10-28 20:01:54.259202484 +0100
-@@ -27,7 +27,7 @@
- #include "platform.h"
- 
- #if IS_X86
--#if defined(__GLIBC__)
-+#if defined(__linux__)
- #include <sys/io.h>
- #endif
- #endif
diff -Naurp buildroot-2017.05-rc2/package/flashrom/flashrom.hash buildroot-2017.05.2/package/flashrom/flashrom.hash
--- buildroot-2017.05-rc2/package/flashrom/flashrom.hash        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/flashrom/flashrom.hash  2017-07-27 08:16:52.017486944 +0200
@@ -1,2 +1,2 @@
 # Locally computed
-sha256 13dc7c895e583111ecca370363a3527d237d178a134a94b20db7df177c05f934 flashrom-0.9.8.tar.bz2
+sha256 cb3156b0f63eb192024b76c0814135930297aac41f80761a5d293de769783c45  flashrom-0.9.9.tar.bz2
diff -Naurp buildroot-2017.05-rc2/package/flashrom/flashrom.mk buildroot-2017.05.2/package/flashrom/flashrom.mk
--- buildroot-2017.05-rc2/package/flashrom/flashrom.mk  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/flashrom/flashrom.mk    2017-07-27 08:16:52.017486944 +0200
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-FLASHROM_VERSION = 0.9.8
+FLASHROM_VERSION = 0.9.9
 FLASHROM_SOURCE = flashrom-$(FLASHROM_VERSION).tar.bz2
 FLASHROM_SITE = http://download.flashrom.org/releases
 FLASHROM_DEPENDENCIES = pciutils libusb libusb-compat libftdi host-pkgconf
diff -Naurp buildroot-2017.05-rc2/package/freescale-imx/imx-uuc/S80imx-uuc buildroot-2017.05.2/package/freescale-imx/imx-uuc/S80imx-uuc
--- buildroot-2017.05-rc2/package/freescale-imx/imx-uuc/S80imx-uuc      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/freescale-imx/imx-uuc/S80imx-uuc        2017-07-27 08:16:52.017486944 +0200
@@ -6,7 +6,7 @@ DAEMON=/usr/bin/$NAME
 case "$1" in
     start)
        printf "Starting $NAME: "
-       start-stop-daemon -S -q -b -p /var/run/${NAME}.pid -x $DAEMON
+       start-stop-daemon -S -q -b -m -p /var/run/${NAME}.pid -x $DAEMON
        [ $? = 0 ] && echo "OK" || echo "FAIL"
        ;;
     stop)
diff -Naurp buildroot-2017.05-rc2/package/ftop/Config.in buildroot-2017.05.2/package/ftop/Config.in
--- buildroot-2017.05-rc2/package/ftop/Config.in        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/ftop/Config.in  2017-07-27 08:16:52.017486944 +0200
@@ -5,4 +5,4 @@ config BR2_PACKAGE_FTOP
          Ftop is to files what top is to processes.
          The progress of all open files and file systems can be monitored.
 
-         https://code.google.com/p/ftop/
+         https://sourceforge.net/projects/ftop/
diff -Naurp buildroot-2017.05-rc2/package/ftop/ftop.hash buildroot-2017.05.2/package/ftop/ftop.hash
--- buildroot-2017.05-rc2/package/ftop/ftop.hash        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/ftop/ftop.hash  2017-07-27 08:16:52.017486944 +0200
@@ -1,2 +1,5 @@
-# From https://code.google.com/p/ftop/downloads/detail?name=ftop-1.0.tar.gz&can=2&q=
-sha1   a0523862dd63ed3bec14846b6e05afcfdebb15c2        ftop-1.0.tar.gz
+# From https://sourceforge.net/projects/ftop/files/ftop/1.0/
+md5 57c68b6e7431f4219d9eddaebcb395da ftop-1.0.tar.bz2
+sha1 d3ef1b74825f50c7c442d299b29d23c2478f199b ftop-1.0.tar.bz2
+# Locally computed
+sha256 3a705f4f291384344cd32c3dd5f5f6a7cd7cea7624c83cb7e923966dbcd47f82  ftop-1.0.tar.bz2
diff -Naurp buildroot-2017.05-rc2/package/ftop/ftop.mk buildroot-2017.05.2/package/ftop/ftop.mk
--- buildroot-2017.05-rc2/package/ftop/ftop.mk  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/ftop/ftop.mk    2017-07-27 08:16:52.017486944 +0200
@@ -5,7 +5,8 @@
 ################################################################################
 
 FTOP_VERSION = 1.0
-FTOP_SITE = http://ftop.googlecode.com/files
+FTOP_SOURCE = ftop-$(FTOP_VERSION).tar.bz2
+FTOP_SITE = https://sourceforge.net/projects/ftop/files/ftop/$(FTOP_VERSION)
 FTOP_DEPENDENCIES = ncurses
 FTOP_LICENSE = GPL-3.0+
 FTOP_LICENSE_FILES = COPYING
diff -Naurp buildroot-2017.05-rc2/package/gcc/4.9.4/942-asan-fix-missing-include-signal-h.patch buildroot-2017.05.2/package/gcc/4.9.4/942-asan-fix-missing-include-signal-h.patch
--- buildroot-2017.05-rc2/package/gcc/4.9.4/942-asan-fix-missing-include-signal-h.patch 1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/gcc/4.9.4/942-asan-fix-missing-include-signal-h.patch   2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,36 @@
+From 205aa8e97bab553e5e6fe45896325e97962de704 Mon Sep 17 00:00:00 2001
+From: Rolf Eike Beer <eb@emlix.com>
+Date: Wed, 8 Feb 2017 11:42:52 +0100
+Subject: [PATCH] asan: fix missing include of signal.h
+
+This breaks when building gcc 4.9.4 / 5.4.0 with
+target_platform=powerpc-unknown-linux-gnu with glibc 2.25:
+
+../../../../gcc-host/libsanitizer/asan/asan_linux.cc: In function 'bool __asan::AsanInterceptsSignal(int)':
+../../../../gcc-host/libsanitizer/asan/asan_linux.cc:222:20: error: 'SIGSEGV' was not declared in this scope
+   return signum == SIGSEGV && common_flags()->handle_segv;
+
+This has been verified to apply to at least 4.9.4 and up to 5.4,
+the code has been reworked for gcc 6.
+
+Resolves (Buildroot) Bug: https://bugs.busybox.net/show_bug.cgi?id=10061
+
+Upstream: https://patchwork.ozlabs.org/patch/725596/
+
+Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
+---
+ libsanitizer/asan/asan_linux.cc | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/libsanitizer/asan/asan_linux.cc b/libsanitizer/asan/asan_linux.cc
+index c504168..59087b9 100644
+--- a/libsanitizer/asan/asan_linux.cc
++++ b/libsanitizer/asan/asan_linux.cc
+@@ -29,6 +29,7 @@
+ #include <dlfcn.h>
+ #include <fcntl.h>
+ #include <pthread.h>
++#include <signal.h>
+ #include <stdio.h>
+ #include <unistd.h>
+ #include <unwind.h>
diff -Naurp buildroot-2017.05-rc2/package/gcc/5.4.0/942-asan-fix-missing-include-signal-h.patch buildroot-2017.05.2/package/gcc/5.4.0/942-asan-fix-missing-include-signal-h.patch
--- buildroot-2017.05-rc2/package/gcc/5.4.0/942-asan-fix-missing-include-signal-h.patch 1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/gcc/5.4.0/942-asan-fix-missing-include-signal-h.patch   2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,36 @@
+From 205aa8e97bab553e5e6fe45896325e97962de704 Mon Sep 17 00:00:00 2001
+From: Rolf Eike Beer <eb@emlix.com>
+Date: Wed, 8 Feb 2017 11:42:52 +0100
+Subject: [PATCH] asan: fix missing include of signal.h
+
+This breaks when building gcc 4.9.4 / 5.4.0 with
+target_platform=powerpc-unknown-linux-gnu with glibc 2.25:
+
+../../../../gcc-host/libsanitizer/asan/asan_linux.cc: In function 'bool __asan::AsanInterceptsSignal(int)':
+../../../../gcc-host/libsanitizer/asan/asan_linux.cc:222:20: error: 'SIGSEGV' was not declared in this scope
+   return signum == SIGSEGV && common_flags()->handle_segv;
+
+This has been verified to apply to at least 4.9.4 and up to 5.4,
+the code has been reworked for gcc 6.
+
+Resolves (Buildroot) Bug: https://bugs.busybox.net/show_bug.cgi?id=10061
+
+Upstream: https://patchwork.ozlabs.org/patch/725596/
+
+Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
+---
+ libsanitizer/asan/asan_linux.cc | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/libsanitizer/asan/asan_linux.cc b/libsanitizer/asan/asan_linux.cc
+index c504168..59087b9 100644
+--- a/libsanitizer/asan/asan_linux.cc
++++ b/libsanitizer/asan/asan_linux.cc
+@@ -29,6 +29,7 @@
+ #include <dlfcn.h>
+ #include <fcntl.h>
+ #include <pthread.h>
++#include <signal.h>
+ #include <stdio.h>
+ #include <unistd.h>
+ #include <unwind.h>
diff -Naurp buildroot-2017.05-rc2/package/gcc/6.3.0/942-ubsan-fix-check-empty-string.patch buildroot-2017.05.2/package/gcc/6.3.0/942-ubsan-fix-check-empty-string.patch
--- buildroot-2017.05-rc2/package/gcc/6.3.0/942-ubsan-fix-check-empty-string.patch      1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/gcc/6.3.0/942-ubsan-fix-check-empty-string.patch        2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,40 @@
+From 8db2cf6353c13f2a84cbe49b689654897906c499 Mon Sep 17 00:00:00 2001
+From: kyukhin <kyukhin@138bc75d-0d04-0410-961f-82ee72b054a4>
+Date: Sat, 3 Sep 2016 10:57:05 +0000
+Subject: [PATCH] gcc/ubsan.c: Fix check for empty string
+
+Building host-gcc-initial with GCC7 on the host fails due to the
+comparison of a pointer to an integer in ubsan_use_new_style_p, which
+is forbidden by ISO C++:
+
+ubsan.c:1474:23: error: ISO C++ forbids comparison between pointer and
+integer [-fpermissive]
+       || xloc.file == '\0' || xloc.file[0] == '\xff'
+
+Backport the fix from upstream GCC to enable the build with GCC 7.
+
+Backported from:
+https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=239971
+
+Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
+[Add commit log from [1]]
+Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
+
+[1] https://patchwork.openembedded.org/patch/138884/
+---
+ gcc/ubsan.c   | 2 +-
+ 2 files changed, 5 insertions(+), 1 deletion(-)
+
+Index: gcc-6.3.0/gcc/ubsan.c
+===================================================================
+--- gcc-6.3.0.orig/gcc/ubsan.c
++++ gcc-6.3.0/gcc/ubsan.c
+@@ -1471,7 +1471,7 @@ ubsan_use_new_style_p (location_t loc)
+ 
+   expanded_location xloc = expand_location (loc);
+   if (xloc.file == NULL || strncmp (xloc.file, "\1", 2) == 0
+-      || xloc.file == '\0' || xloc.file[0] == '\xff'
++      || xloc.file[0] == '\0' || xloc.file[0] == '\xff'
+       || xloc.file[1] == '\xff')
+     return false;
+ 
diff -Naurp buildroot-2017.05-rc2/package/gcc/arc-2017.03/0001-ARC-Fix-tst_movb-pattern.patch buildroot-2017.05.2/package/gcc/arc-2017.03/0001-ARC-Fix-tst_movb-pattern.patch
--- buildroot-2017.05-rc2/package/gcc/arc-2017.03/0001-ARC-Fix-tst_movb-pattern.patch   1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/gcc/arc-2017.03/0001-ARC-Fix-tst_movb-pattern.patch     2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,55 @@
+From 08235ef444fd32d311fc9edb65895133820462e3 Mon Sep 17 00:00:00 2001
+From: claziss <claziss@synopsys.com>
+Date: Wed, 24 May 2017 12:53:43 +0200
+Subject: [PATCH] [ARC] Fix tst_movb pattern.
+
+The tst_movb pattern is missing guarding when spitting.
+
+gcc/
+2017-05-24  Claudiu Zissulescu  <claziss@synopsys.com>
+
+       * config/arc/arc.md (tst_movb): Add guard when splitting.
+
+testsuite/
+2017-05-24  Claudiu Zissulescu  <claziss@synopsys.com>
+
+       * gcc.target/arc/pr9001195952.c: New test.
+---
+ gcc/config/arc/arc.md                       |  2 +-
+ gcc/testsuite/gcc.target/arc/pr9001195952.c | 11 +++++++++++
+ 2 files changed, 12 insertions(+), 1 deletion(-)
+ create mode 100755 gcc/testsuite/gcc.target/arc/pr9001195952.c
+
+diff --git a/gcc/config/arc/arc.md b/gcc/config/arc/arc.md
+index e78abaaafc42..d5510aeb0600 100644
+--- a/gcc/config/arc/arc.md
++++ b/gcc/config/arc/arc.md
+@@ -863,7 +863,7 @@ archs4xd, archs4xd_slow"
+    (clobber (match_scratch:SI 3 "=X,X,X,X,X,X,Rrq,Rrq,c"))]
+   "TARGET_NPS_BITOPS"
+   "movb.f.cl %3,%1,%p2,%p2,%s2"
+-  "reload_completed
++  "TARGET_NPS_BITOPS && reload_completed
+    && (extract_constrain_insn_cached (insn), (which_alternative & ~1) != 6)"
+   [(set (match_dup 0) (match_dup 4))])
+ 
+diff --git a/gcc/testsuite/gcc.target/arc/pr9001195952.c b/gcc/testsuite/gcc.target/arc/pr9001195952.c
+new file mode 100755
+index 000000000000..252438d8d78b
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/arc/pr9001195952.c
+@@ -0,0 +1,11 @@
++/* { dg-do compile } */
++/* { dg-skip-if "" { ! { clmcpu } } } */
++/* { dg-options "-mcpu=archs -Os -w -fpic" } */
++
++/* tst_movb split pattern is wrong for anything else than NPS
++   chip.  */
++__bswap_32___bsx() {
++  int a = __builtin_bswap32(__bswap_32___bsx);
++  if (a & 1048575)
++    zlog_warn();
++}
+-- 
+2.7.4
+
diff -Naurp buildroot-2017.05-rc2/package/gcc/arc-2017.03/301-missing-execinfo_h.patch buildroot-2017.05.2/package/gcc/arc-2017.03/301-missing-execinfo_h.patch
--- buildroot-2017.05-rc2/package/gcc/arc-2017.03/301-missing-execinfo_h.patch  1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/gcc/arc-2017.03/301-missing-execinfo_h.patch    2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,13 @@
+Index: b/boehm-gc/include/gc.h
+===================================================================
+--- a/boehm-gc/include/gc.h
++++ b/boehm-gc/include/gc.h
+@@ -503,7 +503,7 @@
+ #if defined(__linux__) || defined(__GLIBC__)
+ # include <features.h>
+ # if (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 1 || __GLIBC__ > 2) \
+-     && !defined(__ia64__)
++     && !defined(__ia64__) && !defined(__UCLIBC__)
+ #   ifndef GC_HAVE_BUILTIN_BACKTRACE
+ #     define GC_HAVE_BUILTIN_BACKTRACE
+ #   endif
diff -Naurp buildroot-2017.05-rc2/package/gcc/arc-2017.03/860-cilk-wchar.patch buildroot-2017.05.2/package/gcc/arc-2017.03/860-cilk-wchar.patch
--- buildroot-2017.05-rc2/package/gcc/arc-2017.03/860-cilk-wchar.patch  1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/gcc/arc-2017.03/860-cilk-wchar.patch    2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,56 @@
+[PATCH] cilk: fix build without wchar
+
+When building against uClibc with wchar support disabled, WCHAR_MIN and
+WCHAR_MAX are not defined leading to compilation errors.
+
+Fix it by only including the wchar code if available.
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ libcilkrts/include/cilk/reducer_min_max.h |    8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+Index: b/libcilkrts/include/cilk/reducer_min_max.h
+===================================================================
+--- a/libcilkrts/include/cilk/reducer_min_max.h
++++ b/libcilkrts/include/cilk/reducer_min_max.h
+@@ -3154,7 +3154,9 @@
+ CILK_C_REDUCER_MAX_INSTANCE(char,               char,       CHAR_MIN)
+ CILK_C_REDUCER_MAX_INSTANCE(unsigned char,      uchar,      0)
+ CILK_C_REDUCER_MAX_INSTANCE(signed char,        schar,      SCHAR_MIN)
++#ifdef WCHAR_MIN
+ CILK_C_REDUCER_MAX_INSTANCE(wchar_t,            wchar_t,    WCHAR_MIN)
++#endif
+ CILK_C_REDUCER_MAX_INSTANCE(short,              short,      SHRT_MIN)
+ CILK_C_REDUCER_MAX_INSTANCE(unsigned short,     ushort,     0)
+ CILK_C_REDUCER_MAX_INSTANCE(int,                int,        INT_MIN)
+@@ -3306,7 +3308,9 @@
+ CILK_C_REDUCER_MAX_INDEX_INSTANCE(char,               char,       CHAR_MIN)
+ CILK_C_REDUCER_MAX_INDEX_INSTANCE(unsigned char,      uchar,      0)
+ CILK_C_REDUCER_MAX_INDEX_INSTANCE(signed char,        schar,      SCHAR_MIN)
++#ifdef WCHAR_MIN
+ CILK_C_REDUCER_MAX_INDEX_INSTANCE(wchar_t,            wchar_t,    WCHAR_MIN)
++#endif
+ CILK_C_REDUCER_MAX_INDEX_INSTANCE(short,              short,      SHRT_MIN)
+ CILK_C_REDUCER_MAX_INDEX_INSTANCE(unsigned short,     ushort,     0)
+ CILK_C_REDUCER_MAX_INDEX_INSTANCE(int,                int,        INT_MIN)
+@@ -3432,7 +3436,9 @@
+ CILK_C_REDUCER_MIN_INSTANCE(char,               char,       CHAR_MAX)
+ CILK_C_REDUCER_MIN_INSTANCE(unsigned char,      uchar,      CHAR_MAX)
+ CILK_C_REDUCER_MIN_INSTANCE(signed char,        schar,      SCHAR_MAX)
++#ifdef WCHAR_MAX
+ CILK_C_REDUCER_MIN_INSTANCE(wchar_t,            wchar_t,    WCHAR_MAX)
++#endif
+ CILK_C_REDUCER_MIN_INSTANCE(short,              short,      SHRT_MAX)
+ CILK_C_REDUCER_MIN_INSTANCE(unsigned short,     ushort,     USHRT_MAX)
+ CILK_C_REDUCER_MIN_INSTANCE(int,                int,        INT_MAX)
+@@ -3584,7 +3590,9 @@
+ CILK_C_REDUCER_MIN_INDEX_INSTANCE(char,               char,       CHAR_MAX)
+ CILK_C_REDUCER_MIN_INDEX_INSTANCE(unsigned char,      uchar,      CHAR_MAX)
+ CILK_C_REDUCER_MIN_INDEX_INSTANCE(signed char,        schar,      SCHAR_MAX)
++#ifdef WCHAR_MAX
+ CILK_C_REDUCER_MIN_INDEX_INSTANCE(wchar_t,            wchar_t,    WCHAR_MAX)
++#endif
+ CILK_C_REDUCER_MIN_INDEX_INSTANCE(short,              short,      SHRT_MAX)
+ CILK_C_REDUCER_MIN_INDEX_INSTANCE(unsigned short,     ushort,     USHRT_MAX)
+ CILK_C_REDUCER_MIN_INDEX_INSTANCE(int,                int,        INT_MAX)
diff -Naurp buildroot-2017.05-rc2/package/gcc/arc-2017.03/940-uclinux-enable-threads.patch buildroot-2017.05.2/package/gcc/arc-2017.03/940-uclinux-enable-threads.patch
--- buildroot-2017.05-rc2/package/gcc/arc-2017.03/940-uclinux-enable-threads.patch      1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/gcc/arc-2017.03/940-uclinux-enable-threads.patch        2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,19 @@
+Enable POSIX threads for uClinux targets
+Reported upstream:
+https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71721
+
+Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
+
+diff -Nur gcc-6.1.0.orig/gcc/config.gcc gcc-6.1.0/gcc/config.gcc
+--- gcc-6.1.0.orig/gcc/config.gcc      2016-04-11 12:14:59.000000000 +0200
++++ gcc-6.1.0/gcc/config.gcc   2016-07-02 20:04:25.732169982 +0200
+@@ -833,6 +833,9 @@
+ *-*-uclinux*)
+   extra_options="$extra_options gnu-user.opt"
+   use_gcc_stdint=wrap
++  case ${enable_threads} in
++    "" | yes | posix) thread_file='posix' ;;
++  esac
+   tm_defines="$tm_defines DEFAULT_LIBC=LIBC_UCLIBC SINGLE_LIBC"
+   ;;
+ *-*-rdos*)
diff -Naurp buildroot-2017.05-rc2/package/gcc/arc-2017.03-rc2/0001-FIX-PIC-return-false-for-any-PIC-related-unspecs.patch buildroot-2017.05.2/package/gcc/arc-2017.03-rc2/0001-FIX-PIC-return-false-for-any-PIC-related-unspecs.patch
--- buildroot-2017.05-rc2/package/gcc/arc-2017.03-rc2/0001-FIX-PIC-return-false-for-any-PIC-related-unspecs.patch       2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/gcc/arc-2017.03-rc2/0001-FIX-PIC-return-false-for-any-PIC-related-unspecs.patch 1970-01-01 01:00:00.000000000 +0100
@@ -1,58 +0,0 @@
-From 139fed9d29ab935b3bc5159c0bdf7b8b8a39442d Mon Sep 17 00:00:00 2001
-From: Claudiu Zissulescu <claziss@gmail.com>
-Date: Mon, 15 May 2017 05:05:27 -0400
-Subject: [PATCH] [FIX] PIC: return false for any PIC related  unspecs
-
----
- gcc/config/arc/arc.c                        |  9 ++++-----
- gcc/testsuite/gcc.target/arc/pr9001191897.c | 10 ++++++++++
- 2 files changed, 14 insertions(+), 5 deletions(-)
- create mode 100644 gcc/testsuite/gcc.target/arc/pr9001191897.c
-
-diff --git a/gcc/config/arc/arc.c b/gcc/config/arc/arc.c
-index 3d53a667d37f..b00126f4d2c4 100644
---- a/gcc/config/arc/arc.c
-+++ b/gcc/config/arc/arc.c
-@@ -6056,11 +6056,8 @@ arc_legitimate_constant_p (machine_mode mode, rtx x)
-       return true;
- 
-     case NEG:
--      /* Assembler does not understand -(@label@gotoff).  Also, we do
--       not print such pic address constant.  */
--      if (GET_CODE (XEXP (x, 0)) == UNSPEC)
--      return false;
-       return arc_legitimate_constant_p (mode, XEXP (x, 0));
-+
-     case PLUS:
-     case MINUS:
-       {
-@@ -6090,7 +6087,9 @@ arc_legitimate_constant_p (machine_mode mode, rtx x)
-       case UNSPEC_TLS_IE:
-         return true;
-       default:
--        break;
-+        /* Any other unspec ending here are pic related, hence the above
-+           constant pic address checking returned false.  */
-+        return false;
-       }
-       /* Fall through.  */
- 
-diff --git a/gcc/testsuite/gcc.target/arc/pr9001191897.c b/gcc/testsuite/gcc.target/arc/pr9001191897.c
-new file mode 100644
-index 000000000000..2b9e1689803f
---- /dev/null
-+++ b/gcc/testsuite/gcc.target/arc/pr9001191897.c
-@@ -0,0 +1,10 @@
-+/* { dg-do compile } */
-+/* { dg-skip-if "" { ! { clmcpu } } } */
-+/* { dg-options "-mcpu=arch2 -Os -fpic -mno-sdata -mno-indexed-loads -w" } */
-+a;
-+c() {
-+  static char b[25];
-+  for (; a >= 0; a--)
-+    if (b[a])
-+      b[a] = '\0';
-+}
--- 
-2.7.4
-
diff -Naurp buildroot-2017.05-rc2/package/gcc/arc-2017.03-rc2/301-missing-execinfo_h.patch buildroot-2017.05.2/package/gcc/arc-2017.03-rc2/301-missing-execinfo_h.patch
--- buildroot-2017.05-rc2/package/gcc/arc-2017.03-rc2/301-missing-execinfo_h.patch      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/gcc/arc-2017.03-rc2/301-missing-execinfo_h.patch        1970-01-01 01:00:00.000000000 +0100
@@ -1,13 +0,0 @@
-Index: b/boehm-gc/include/gc.h
-===================================================================
---- a/boehm-gc/include/gc.h
-+++ b/boehm-gc/include/gc.h
-@@ -503,7 +503,7 @@
- #if defined(__linux__) || defined(__GLIBC__)
- # include <features.h>
- # if (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 1 || __GLIBC__ > 2) \
--     && !defined(__ia64__)
-+     && !defined(__ia64__) && !defined(__UCLIBC__)
- #   ifndef GC_HAVE_BUILTIN_BACKTRACE
- #     define GC_HAVE_BUILTIN_BACKTRACE
- #   endif
diff -Naurp buildroot-2017.05-rc2/package/gcc/arc-2017.03-rc2/860-cilk-wchar.patch buildroot-2017.05.2/package/gcc/arc-2017.03-rc2/860-cilk-wchar.patch
--- buildroot-2017.05-rc2/package/gcc/arc-2017.03-rc2/860-cilk-wchar.patch      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/gcc/arc-2017.03-rc2/860-cilk-wchar.patch        1970-01-01 01:00:00.000000000 +0100
@@ -1,56 +0,0 @@
-[PATCH] cilk: fix build without wchar
-
-When building against uClibc with wchar support disabled, WCHAR_MIN and
-WCHAR_MAX are not defined leading to compilation errors.
-
-Fix it by only including the wchar code if available.
-
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
----
- libcilkrts/include/cilk/reducer_min_max.h |    8 ++++++++
- 1 file changed, 8 insertions(+)
-
-Index: b/libcilkrts/include/cilk/reducer_min_max.h
-===================================================================
---- a/libcilkrts/include/cilk/reducer_min_max.h
-+++ b/libcilkrts/include/cilk/reducer_min_max.h
-@@ -3154,7 +3154,9 @@
- CILK_C_REDUCER_MAX_INSTANCE(char,               char,       CHAR_MIN)
- CILK_C_REDUCER_MAX_INSTANCE(unsigned char,      uchar,      0)
- CILK_C_REDUCER_MAX_INSTANCE(signed char,        schar,      SCHAR_MIN)
-+#ifdef WCHAR_MIN
- CILK_C_REDUCER_MAX_INSTANCE(wchar_t,            wchar_t,    WCHAR_MIN)
-+#endif
- CILK_C_REDUCER_MAX_INSTANCE(short,              short,      SHRT_MIN)
- CILK_C_REDUCER_MAX_INSTANCE(unsigned short,     ushort,     0)
- CILK_C_REDUCER_MAX_INSTANCE(int,                int,        INT_MIN)
-@@ -3306,7 +3308,9 @@
- CILK_C_REDUCER_MAX_INDEX_INSTANCE(char,               char,       CHAR_MIN)
- CILK_C_REDUCER_MAX_INDEX_INSTANCE(unsigned char,      uchar,      0)
- CILK_C_REDUCER_MAX_INDEX_INSTANCE(signed char,        schar,      SCHAR_MIN)
-+#ifdef WCHAR_MIN
- CILK_C_REDUCER_MAX_INDEX_INSTANCE(wchar_t,            wchar_t,    WCHAR_MIN)
-+#endif
- CILK_C_REDUCER_MAX_INDEX_INSTANCE(short,              short,      SHRT_MIN)
- CILK_C_REDUCER_MAX_INDEX_INSTANCE(unsigned short,     ushort,     0)
- CILK_C_REDUCER_MAX_INDEX_INSTANCE(int,                int,        INT_MIN)
-@@ -3432,7 +3436,9 @@
- CILK_C_REDUCER_MIN_INSTANCE(char,               char,       CHAR_MAX)
- CILK_C_REDUCER_MIN_INSTANCE(unsigned char,      uchar,      CHAR_MAX)
- CILK_C_REDUCER_MIN_INSTANCE(signed char,        schar,      SCHAR_MAX)
-+#ifdef WCHAR_MAX
- CILK_C_REDUCER_MIN_INSTANCE(wchar_t,            wchar_t,    WCHAR_MAX)
-+#endif
- CILK_C_REDUCER_MIN_INSTANCE(short,              short,      SHRT_MAX)
- CILK_C_REDUCER_MIN_INSTANCE(unsigned short,     ushort,     USHRT_MAX)
- CILK_C_REDUCER_MIN_INSTANCE(int,                int,        INT_MAX)
-@@ -3584,7 +3590,9 @@
- CILK_C_REDUCER_MIN_INDEX_INSTANCE(char,               char,       CHAR_MAX)
- CILK_C_REDUCER_MIN_INDEX_INSTANCE(unsigned char,      uchar,      CHAR_MAX)
- CILK_C_REDUCER_MIN_INDEX_INSTANCE(signed char,        schar,      SCHAR_MAX)
-+#ifdef WCHAR_MAX
- CILK_C_REDUCER_MIN_INDEX_INSTANCE(wchar_t,            wchar_t,    WCHAR_MAX)
-+#endif
- CILK_C_REDUCER_MIN_INDEX_INSTANCE(short,              short,      SHRT_MAX)
- CILK_C_REDUCER_MIN_INDEX_INSTANCE(unsigned short,     ushort,     USHRT_MAX)
- CILK_C_REDUCER_MIN_INDEX_INSTANCE(int,                int,        INT_MAX)
diff -Naurp buildroot-2017.05-rc2/package/gcc/arc-2017.03-rc2/940-uclinux-enable-threads.patch buildroot-2017.05.2/package/gcc/arc-2017.03-rc2/940-uclinux-enable-threads.patch
--- buildroot-2017.05-rc2/package/gcc/arc-2017.03-rc2/940-uclinux-enable-threads.patch  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/gcc/arc-2017.03-rc2/940-uclinux-enable-threads.patch    1970-01-01 01:00:00.000000000 +0100
@@ -1,19 +0,0 @@
-Enable POSIX threads for uClinux targets
-Reported upstream:
-https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71721
-
-Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
-
-diff -Nur gcc-6.1.0.orig/gcc/config.gcc gcc-6.1.0/gcc/config.gcc
---- gcc-6.1.0.orig/gcc/config.gcc      2016-04-11 12:14:59.000000000 +0200
-+++ gcc-6.1.0/gcc/config.gcc   2016-07-02 20:04:25.732169982 +0200
-@@ -833,6 +833,9 @@
- *-*-uclinux*)
-   extra_options="$extra_options gnu-user.opt"
-   use_gcc_stdint=wrap
-+  case ${enable_threads} in
-+    "" | yes | posix) thread_file='posix' ;;
-+  esac
-   tm_defines="$tm_defines DEFAULT_LIBC=LIBC_UCLIBC SINGLE_LIBC"
-   ;;
- *-*-rdos*)
diff -Naurp buildroot-2017.05-rc2/package/gcc/Config.in.host buildroot-2017.05.2/package/gcc/Config.in.host
--- buildroot-2017.05-rc2/package/gcc/Config.in.host    2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/gcc/Config.in.host      2017-07-27 08:16:52.017486944 +0200
@@ -106,7 +106,7 @@ config BR2_GCC_VERSION
        default "4.9.4"     if BR2_GCC_VERSION_4_9_X
        default "5.4.0"     if BR2_GCC_VERSION_5_X
        default "6.3.0"     if BR2_GCC_VERSION_6_X
-       default "arc-2017.03-rc2" if BR2_GCC_VERSION_ARC
+       default "arc-2017.03" if BR2_GCC_VERSION_ARC
        default "musl-5.4.0" if BR2_GCC_VERSION_OR1K
 
 config BR2_EXTRA_GCC_CONFIG_OPTIONS
diff -Naurp buildroot-2017.05-rc2/package/gcc/gcc-final/gcc-final.hash buildroot-2017.05.2/package/gcc/gcc-final/gcc-final.hash
--- buildroot-2017.05-rc2/package/gcc/gcc-final/gcc-final.hash  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/gcc/gcc-final/gcc-final.hash    2017-07-27 08:16:52.017486944 +0200
@@ -12,6 +12,6 @@ sha512  2941cc950c8f2409a314df497631f9b0
 sha512  234dd9b1bdc9a9c6e352216a7ef4ccadc6c07f156006a59759c5e0e6a69f0abcdc14630eff11e3826dd6ba5933a8faa43043f3d1d62df6bd5ab1e82862f9bf78  gcc-6.3.0.tar.bz2
 
 # Locally calculated (fetched from Github)
-sha512  8157d784367de2de853f7d288a213ee3222ac77321d18a887cd5a9c55b53f5948cc8608ec82398cb7e0a155ffa79f86f6469a23b505b22cd0eb5b69d610abd41  gcc-arc-2017.03-rc2.tar.gz
+sha512  282f76b8b63372f5b4426092b80d36da96cd0bda2a8588405b9ec22806c69fafb696b0e0df65bc36c3c3aa8ce5befc24246fd5c6ddb21dcde01f45f7b11ff7c4  gcc-arc-2017.03.tar.gz
 # Locally calculated (fetched from Github)
 sha512  841101f7de45f327bf2e92f3efc73ca88a021e4b9b541458ce80a16e55882bd8606a8492d75c57c589ee2c10d42ae2865b67690155d7289a541df1d68096402f  gcc-musl-5.4.0.tar.gz
diff -Naurp buildroot-2017.05-rc2/package/gcc/gcc.hash buildroot-2017.05.2/package/gcc/gcc.hash
--- buildroot-2017.05-rc2/package/gcc/gcc.hash  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/gcc/gcc.hash    2017-07-27 08:16:52.017486944 +0200
@@ -12,6 +12,6 @@ sha512  2941cc950c8f2409a314df497631f9b0
 sha512  234dd9b1bdc9a9c6e352216a7ef4ccadc6c07f156006a59759c5e0e6a69f0abcdc14630eff11e3826dd6ba5933a8faa43043f3d1d62df6bd5ab1e82862f9bf78  gcc-6.3.0.tar.bz2
 
 # Locally calculated (fetched from Github)
-sha512  8157d784367de2de853f7d288a213ee3222ac77321d18a887cd5a9c55b53f5948cc8608ec82398cb7e0a155ffa79f86f6469a23b505b22cd0eb5b69d610abd41  gcc-arc-2017.03-rc2.tar.gz
+sha512  282f76b8b63372f5b4426092b80d36da96cd0bda2a8588405b9ec22806c69fafb696b0e0df65bc36c3c3aa8ce5befc24246fd5c6ddb21dcde01f45f7b11ff7c4  gcc-arc-2017.03.tar.gz
 # Locally calculated (fetched from Github)
 sha512  841101f7de45f327bf2e92f3efc73ca88a021e4b9b541458ce80a16e55882bd8606a8492d75c57c589ee2c10d42ae2865b67690155d7289a541df1d68096402f  gcc-musl-5.4.0.tar.gz
diff -Naurp buildroot-2017.05-rc2/package/gcc/gcc-initial/gcc-initial.hash buildroot-2017.05.2/package/gcc/gcc-initial/gcc-initial.hash
--- buildroot-2017.05-rc2/package/gcc/gcc-initial/gcc-initial.hash      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/gcc/gcc-initial/gcc-initial.hash        2017-07-27 08:16:52.017486944 +0200
@@ -12,6 +12,6 @@ sha512  2941cc950c8f2409a314df497631f9b0
 sha512  234dd9b1bdc9a9c6e352216a7ef4ccadc6c07f156006a59759c5e0e6a69f0abcdc14630eff11e3826dd6ba5933a8faa43043f3d1d62df6bd5ab1e82862f9bf78  gcc-6.3.0.tar.bz2
 
 # Locally calculated (fetched from Github)
-sha512  8157d784367de2de853f7d288a213ee3222ac77321d18a887cd5a9c55b53f5948cc8608ec82398cb7e0a155ffa79f86f6469a23b505b22cd0eb5b69d610abd41  gcc-arc-2017.03-rc2.tar.gz
+sha512  282f76b8b63372f5b4426092b80d36da96cd0bda2a8588405b9ec22806c69fafb696b0e0df65bc36c3c3aa8ce5befc24246fd5c6ddb21dcde01f45f7b11ff7c4  gcc-arc-2017.03.tar.gz
 # Locally calculated (fetched from Github)
 sha512  841101f7de45f327bf2e92f3efc73ca88a021e4b9b541458ce80a16e55882bd8606a8492d75c57c589ee2c10d42ae2865b67690155d7289a541df1d68096402f  gcc-musl-5.4.0.tar.gz
diff -Naurp buildroot-2017.05-rc2/package/gdb/7.10.1/0011-use-asm-sgidefs.h.patch buildroot-2017.05.2/package/gdb/7.10.1/0011-use-asm-sgidefs.h.patch
--- buildroot-2017.05-rc2/package/gdb/7.10.1/0011-use-asm-sgidefs.h.patch       1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/gdb/7.10.1/0011-use-asm-sgidefs.h.patch 2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,41 @@
+From 12a0b8d81e1fda6ba98abdce8d6f09f9555ebcf5 Mon Sep 17 00:00:00 2001
+From: Andre McCurdy <amccurdy@gmail.com>
+Date: Sat, 30 Apr 2016 15:29:06 -0700
+Subject: [PATCH] use <asm/sgidefs.h>
+
+Build fix for MIPS with musl libc
+
+The MIPS specific header <sgidefs.h> is provided by glibc and uclibc
+but not by musl. Regardless of the libc, the kernel headers provide
+<asm/sgidefs.h> which provides the same definitions, so use that
+instead.
+
+Upstream-Status: Pending
+
+[Vincent:
+Taken from https://sourceware.org/bugzilla/show_bug.cgi?id=21070
+Patch has been adapted to apply on 7.10.1.]
+
+Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
+---
+ gdb/mips-linux-nat.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gdb/mips-linux-nat.c b/gdb/mips-linux-nat.c
+index 9f6d697..8f57bb2 100644
+--- a/gdb/mips-linux-nat.c
++++ b/gdb/mips-linux-nat.c
+@@ -31,7 +31,7 @@
+ #include "gdb_proc_service.h"
+ #include "gregset.h"
+ 
+-#include <sgidefs.h>
++#include <asm/sgidefs.h>
+ #include <sys/ptrace.h>
+ #include <asm/ptrace.h>
+
+-- 
+2.13.1
+ 
diff -Naurp buildroot-2017.05-rc2/package/gdb/7.11.1/0006-use-asm-sgidefs.h.patch buildroot-2017.05.2/package/gdb/7.11.1/0006-use-asm-sgidefs.h.patch
--- buildroot-2017.05-rc2/package/gdb/7.11.1/0006-use-asm-sgidefs.h.patch       1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/gdb/7.11.1/0006-use-asm-sgidefs.h.patch 2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,40 @@
+From 12a0b8d81e1fda6ba98abdce8d6f09f9555ebcf5 Mon Sep 17 00:00:00 2001
+From: Andre McCurdy <amccurdy@gmail.com>
+Date: Sat, 30 Apr 2016 15:29:06 -0700
+Subject: [PATCH] use <asm/sgidefs.h>
+
+Build fix for MIPS with musl libc
+
+The MIPS specific header <sgidefs.h> is provided by glibc and uclibc
+but not by musl. Regardless of the libc, the kernel headers provide
+<asm/sgidefs.h> which provides the same definitions, so use that
+instead.
+
+Upstream-Status: Pending
+
+[Vincent:
+Taken from: https://sourceware.org/bugzilla/show_bug.cgi?id=21070]
+
+Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
+---
+ gdb/mips-linux-nat.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gdb/mips-linux-nat.c b/gdb/mips-linux-nat.c
+index f2df1b9907..d24664cb56 100644
+--- a/gdb/mips-linux-nat.c
++++ b/gdb/mips-linux-nat.c
+@@ -31,7 +31,7 @@
+ #include "gdb_proc_service.h"
+ #include "gregset.h"
+ 
+-#include <sgidefs.h>
++#include <asm/sgidefs.h>
+ #include "nat/gdb_ptrace.h"
+ #include <asm/ptrace.h>
+ #include "inf-ptrace.h"
+-- 
+2.13.1
+
diff -Naurp buildroot-2017.05-rc2/package/gdb/7.12.1/0005-use-asm-sgidefs.h.patch buildroot-2017.05.2/package/gdb/7.12.1/0005-use-asm-sgidefs.h.patch
--- buildroot-2017.05-rc2/package/gdb/7.12.1/0005-use-asm-sgidefs.h.patch       1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/gdb/7.12.1/0005-use-asm-sgidefs.h.patch 2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,40 @@
+From 12a0b8d81e1fda6ba98abdce8d6f09f9555ebcf5 Mon Sep 17 00:00:00 2001
+From: Andre McCurdy <amccurdy@gmail.com>
+Date: Sat, 30 Apr 2016 15:29:06 -0700
+Subject: [PATCH] use <asm/sgidefs.h>
+
+Build fix for MIPS with musl libc
+
+The MIPS specific header <sgidefs.h> is provided by glibc and uclibc
+but not by musl. Regardless of the libc, the kernel headers provide
+<asm/sgidefs.h> which provides the same definitions, so use that
+instead.
+
+Upstream-Status: Pending
+
+[Vincent:
+Taken from: https://sourceware.org/bugzilla/show_bug.cgi?id=21070]
+
+Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
+---
+ gdb/mips-linux-nat.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gdb/mips-linux-nat.c b/gdb/mips-linux-nat.c
+index f2df1b9907..d24664cb56 100644
+--- a/gdb/mips-linux-nat.c
++++ b/gdb/mips-linux-nat.c
+@@ -31,7 +31,7 @@
+ #include "gdb_proc_service.h"
+ #include "gregset.h"
+ 
+-#include <sgidefs.h>
++#include <asm/sgidefs.h>
+ #include "nat/gdb_ptrace.h"
+ #include <asm/ptrace.h>
+ #include "inf-ptrace.h"
+-- 
+2.13.1
+
diff -Naurp buildroot-2017.05-rc2/package/gdb/Config.in.host buildroot-2017.05.2/package/gdb/Config.in.host
--- buildroot-2017.05-rc2/package/gdb/Config.in.host    2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/gdb/Config.in.host      2017-07-27 08:16:52.017486944 +0200
@@ -55,7 +55,7 @@ endif
 # If cross-gdb is not enabled, the latest working version is chosen.
 config BR2_GDB_VERSION
        string
-       default "arc-2017.03-rc2-gdb" if BR2_arc
+       default "arc-2017.03-gdb" if BR2_arc
        default "6be65fb56ea6694a9260733a536a023a1e2d4d57" if BR2_microblaze
        default "7.10.1"   if BR2_GDB_VERSION_7_10
        default "7.11.1"   if BR2_GDB_VERSION_7_11 || !BR2_PACKAGE_HOST_GDB
diff -Naurp buildroot-2017.05-rc2/package/gdb/gdb.hash buildroot-2017.05.2/package/gdb/gdb.hash
--- buildroot-2017.05-rc2/package/gdb/gdb.hash  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/gdb/gdb.hash    2017-07-27 08:16:52.017486944 +0200
@@ -5,4 +5,4 @@ sha512  0ac8d0a495103611ef41167a08313a01
 
 # Locally calculated (fetched from Github)
 sha512  0a467091d4b01fbecabb4b8da1cb743025c70e7f4874a0b5c8fa2ec623569a39bde6762b91806de0be6e63711aeb6909715cfbe43860de73d8aec6159a9f10a7       gdb-6be65fb56ea6694a9260733a536a023a1e2d4d57.tar.gz
-sha512  275241c215d0bd32ab0f9f16358c46a66fd0d5db09d9a148b169a6b8135cfe91c6240a6bb75977573d4fc449a98f0702254577cbdc4598c6153ebbdca39253cf       gdb-arc-2017.03-rc2-gdb.tar.gz
+sha512  8ec849a5ea1c16f104c51c4813c35ab229e460eef0025967673b87316f62b5171f05448cda018464914d43d2da50b2902eb7f9f060d0af1368a9db111f959668       gdb-arc-2017.03-gdb.tar.gz
diff -Naurp buildroot-2017.05-rc2/package/gesftpserver/gesftpserver.hash buildroot-2017.05.2/package/gesftpserver/gesftpserver.hash
--- buildroot-2017.05-rc2/package/gesftpserver/gesftpserver.hash        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/gesftpserver/gesftpserver.hash  2017-07-27 08:16:52.017486944 +0200
@@ -1,2 +1,2 @@
 # Locally calculated
-sha256 5f744c38df9bb82f5ab500858a0fb4767ac3ee2254301da03cbcf8e6c587cbf5        sftpserver-0.2.1.tar.gz
+sha256 8ac1938d0f62a05799b2aeab489d6ce098c3fe53280a9b66c0957b1fdcbcbab9  sftpserver-0.2.2.tar.gz
diff -Naurp buildroot-2017.05-rc2/package/gesftpserver/gesftpserver.mk buildroot-2017.05.2/package/gesftpserver/gesftpserver.mk
--- buildroot-2017.05-rc2/package/gesftpserver/gesftpserver.mk  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/gesftpserver/gesftpserver.mk    2017-07-27 08:16:52.017486944 +0200
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-GESFTPSERVER_VERSION = 0.2.1
+GESFTPSERVER_VERSION = 0.2.2
 GESFTPSERVER_SOURCE = sftpserver-$(GESFTPSERVER_VERSION).tar.gz
 GESFTPSERVER_SITE = http://www.greenend.org.uk/rjk/sftpserver
 GESFTPSERVER_LICENSE = GPL-2.0+
diff -Naurp buildroot-2017.05-rc2/package/glibc/2.23/0006-CVE-2017-1000366-Ignore-LD_LIBRARY_PATH-for-AT_SECUR.patch buildroot-2017.05.2/package/glibc/2.23/0006-CVE-2017-1000366-Ignore-LD_LIBRARY_PATH-for-AT_SECUR.patch
--- buildroot-2017.05-rc2/package/glibc/2.23/0006-CVE-2017-1000366-Ignore-LD_LIBRARY_PATH-for-AT_SECUR.patch    1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/glibc/2.23/0006-CVE-2017-1000366-Ignore-LD_LIBRARY_PATH-for-AT_SECUR.patch      2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,35 @@
+From f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 19 Jun 2017 17:09:55 +0200
+Subject: [PATCH] CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=1
+ programs [BZ #21624]
+
+LD_LIBRARY_PATH can only be used to reorder system search paths, which
+is not useful functionality.
+
+This makes an exploitable unbounded alloca in _dl_init_paths unreachable
+for AT_SECURE=1 programs.
+
+[Peter: Drop ChangeLog modification]
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ elf/rtld.c | 3 ++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/elf/rtld.c b/elf/rtld.c
+index 2446a87680..2269dbec81 100644
+--- a/elf/rtld.c
++++ b/elf/rtld.c
+@@ -2422,7 +2422,8 @@ process_envvars (enum mode *modep)
+ 
+       case 12:
+         /* The library search path.  */
+-        if (memcmp (envline, "LIBRARY_PATH", 12) == 0)
++        if (!__libc_enable_secure
++            && memcmp (envline, "LIBRARY_PATH", 12) == 0)
+           {
+             library_path = &envline[13];
+             break;
+-- 
+2.11.0
+
diff -Naurp buildroot-2017.05-rc2/package/glibc/2.23/0007-ld.so-Reject-overly-long-LD_PRELOAD-path-elements.patch buildroot-2017.05.2/package/glibc/2.23/0007-ld.so-Reject-overly-long-LD_PRELOAD-path-elements.patch
--- buildroot-2017.05-rc2/package/glibc/2.23/0007-ld.so-Reject-overly-long-LD_PRELOAD-path-elements.patch       1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/glibc/2.23/0007-ld.so-Reject-overly-long-LD_PRELOAD-path-elements.patch 2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,122 @@
+From 6d0ba622891bed9d8394eef1935add53003b12e8 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 19 Jun 2017 22:31:04 +0200
+Subject: [PATCH] ld.so: Reject overly long LD_PRELOAD path elements
+
+[Peter: Drop ChangeLog modification]
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ elf/rtld.c | 82 ++++++++++++++++++++++++++++++++++++++++++++++++++------------
+ 1 file changed, 72 insertions(+), 16 deletions(-)
+
+diff --git a/elf/rtld.c b/elf/rtld.c
+index 2269dbec81..86ae20c83f 100644
+--- a/elf/rtld.c
++++ b/elf/rtld.c
+@@ -99,6 +99,35 @@ uintptr_t __pointer_chk_guard_local
+ strong_alias (__pointer_chk_guard_local, __pointer_chk_guard)
+ #endif
+ 
++/* Length limits for names and paths, to protect the dynamic linker,
++   particularly when __libc_enable_secure is active.  */
++#ifdef NAME_MAX
++# define SECURE_NAME_LIMIT NAME_MAX
++#else
++# define SECURE_NAME_LIMIT 255
++#endif
++#ifdef PATH_MAX
++# define SECURE_PATH_LIMIT PATH_MAX
++#else
++# define SECURE_PATH_LIMIT 1024
++#endif
++
++/* Check that AT_SECURE=0, or that the passed name does not contain
++   directories and is not overly long.  Reject empty names
++   unconditionally.  */
++static bool
++dso_name_valid_for_suid (const char *p)
++{
++  if (__glibc_unlikely (__libc_enable_secure))
++    {
++      /* Ignore pathnames with directories for AT_SECURE=1
++       programs, and also skip overlong names.  */
++      size_t len = strlen (p);
++      if (len >= SECURE_NAME_LIMIT || memchr (p, '/', len) != NULL)
++      return false;
++    }
++  return *p != '\0';
++}
+ 
+ /* List of auditing DSOs.  */
+ static struct audit_list
+@@ -718,6 +747,42 @@ static const char *preloadlist attribute_relro;
+ /* Nonzero if information about versions has to be printed.  */
+ static int version_info attribute_relro;
+ 
++/* The LD_PRELOAD environment variable gives list of libraries
++   separated by white space or colons that are loaded before the
++   executable's dependencies and prepended to the global scope list.
++   (If the binary is running setuid all elements containing a '/' are
++   ignored since it is insecure.)  Return the number of preloads
++   performed.  */
++unsigned int
++handle_ld_preload (const char *preloadlist, struct link_map *main_map)
++{
++  unsigned int npreloads = 0;
++  const char *p = preloadlist;
++  char fname[SECURE_PATH_LIMIT];
++
++  while (*p != '\0')
++    {
++      /* Split preload list at space/colon.  */
++      size_t len = strcspn (p, " :");
++      if (len > 0 && len < sizeof (fname))
++      {
++        memcpy (fname, p, len);
++        fname[len] = '\0';
++      }
++      else
++      fname[0] = '\0';
++
++      /* Skip over the substring and the following delimiter.  */
++      p += len;
++      if (*p != '\0')
++      ++p;
++
++      if (dso_name_valid_for_suid (fname))
++      npreloads += do_preload (fname, main_map, "LD_PRELOAD");
++    }
++  return npreloads;
++}
++
+ static void
+ dl_main (const ElfW(Phdr) *phdr,
+        ElfW(Word) phnum,
+@@ -1464,23 +1529,8 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
+ 
+   if (__glibc_unlikely (preloadlist != NULL))
+     {
+-      /* The LD_PRELOAD environment variable gives list of libraries
+-       separated by white space or colons that are loaded before the
+-       executable's dependencies and prepended to the global scope
+-       list.  If the binary is running setuid all elements
+-       containing a '/' are ignored since it is insecure.  */
+-      char *list = strdupa (preloadlist);
+-      char *p;
+-
+       HP_TIMING_NOW (start);
+-
+-      /* Prevent optimizing strsep.  Speed is not important here.  */
+-      while ((p = (strsep) (&list, " :")) != NULL)
+-      if (p[0] != '\0'
+-          && (__builtin_expect (! __libc_enable_secure, 1)
+-              || strchr (p, '/') == NULL))
+-        npreloads += do_preload (p, main_map, "LD_PRELOAD");
+-
++      npreloads += handle_ld_preload (preloadlist, main_map);
+       HP_TIMING_NOW (stop);
+       HP_TIMING_DIFF (diff, start, stop);
+       HP_TIMING_ACCUM_NT (load_time, diff);
+-- 
+2.11.0
+
diff -Naurp buildroot-2017.05-rc2/package/glibc/2.23/0008-ld.so-Reject-overly-long-LD_AUDIT-path-elements.patch buildroot-2017.05.2/package/glibc/2.23/0008-ld.so-Reject-overly-long-LD_AUDIT-path-elements.patch
--- buildroot-2017.05-rc2/package/glibc/2.23/0008-ld.so-Reject-overly-long-LD_AUDIT-path-elements.patch 1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/glibc/2.23/0008-ld.so-Reject-overly-long-LD_AUDIT-path-elements.patch   2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,204 @@
+From 81b82fb966ffbd94353f793ad17116c6088dedd9 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 19 Jun 2017 22:32:12 +0200
+Subject: [PATCH] ld.so: Reject overly long LD_AUDIT path elements
+
+Also only process the last LD_AUDIT entry.
+
+[Peter: Drop ChangeLog modification]
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ elf/rtld.c | 110 ++++++++++++++++++++++++++++++++++++++++++++++++++++---------
+ 1 file changed, 105 insertions(+), 15 deletions(-)
+
+diff --git a/elf/rtld.c b/elf/rtld.c
+index 86ae20c83f..65647fb1c8 100644
+--- a/elf/rtld.c
++++ b/elf/rtld.c
+@@ -129,13 +129,91 @@ dso_name_valid_for_suid (const char *p)
+   return *p != '\0';
+ }
+ 
+-/* List of auditing DSOs.  */
++/* LD_AUDIT variable contents.  Must be processed before the
++   audit_list below.  */
++const char *audit_list_string;
++
++/* Cyclic list of auditing DSOs.  audit_list->next is the first
++   element.  */
+ static struct audit_list
+ {
+   const char *name;
+   struct audit_list *next;
+ } *audit_list;
+ 
++/* Iterator for audit_list_string followed by audit_list.  */
++struct audit_list_iter
++{
++  /* Tail of audit_list_string still needing processing, or NULL.  */
++  const char *audit_list_tail;
++
++  /* The list element returned in the previous iteration.  NULL before
++     the first element.  */
++  struct audit_list *previous;
++
++  /* Scratch buffer for returning a name which is part of
++     audit_list_string.  */
++  char fname[SECURE_NAME_LIMIT];
++};
++
++/* Initialize an audit list iterator.  */
++static void
++audit_list_iter_init (struct audit_list_iter *iter)
++{
++  iter->audit_list_tail = audit_list_string;
++  iter->previous = NULL;
++}
++
++/* Iterate through both audit_list_string and audit_list.  */
++static const char *
++audit_list_iter_next (struct audit_list_iter *iter)
++{
++  if (iter->audit_list_tail != NULL)
++    {
++      /* First iterate over audit_list_string.  */
++      while (*iter->audit_list_tail != '\0')
++      {
++        /* Split audit list at colon.  */
++        size_t len = strcspn (iter->audit_list_tail, ":");
++        if (len > 0 && len < sizeof (iter->fname))
++          {
++            memcpy (iter->fname, iter->audit_list_tail, len);
++            iter->fname[len] = '\0';
++          }
++        else
++          /* Do not return this name to the caller.  */
++          iter->fname[0] = '\0';
++
++        /* Skip over the substring and the following delimiter.  */
++        iter->audit_list_tail += len;
++        if (*iter->audit_list_tail == ':')
++          ++iter->audit_list_tail;
++
++        /* If the name is valid, return it.  */
++        if (dso_name_valid_for_suid (iter->fname))
++          return iter->fname;
++        /* Otherwise, wrap around and try the next name.  */
++      }
++      /* Fall through to the procesing of audit_list.  */
++    }
++
++  if (iter->previous == NULL)
++    {
++      if (audit_list == NULL)
++      /* No pre-parsed audit list.  */
++      return NULL;
++      /* Start of audit list.  The first list element is at
++       audit_list->next (cyclic list).  */
++      iter->previous = audit_list->next;
++      return iter->previous->name;
++    }
++  if (iter->previous == audit_list)
++    /* Cyclic list wrap-around.  */
++    return NULL;
++  iter->previous = iter->previous->next;
++  return iter->previous->name;
++}
++
+ #ifndef HAVE_INLINED_SYSCALLS
+ /* Set nonzero during loading and initialization of executable and
+    libraries, cleared before the executable's entry point runs.  This
+@@ -1305,11 +1383,13 @@ of this helper program; chances are you did not intend to run this program.\n\
+     GL(dl_rtld_map).l_tls_modid = _dl_next_tls_modid ();
+ 
+   /* If we have auditing DSOs to load, do it now.  */
+-  if (__glibc_unlikely (audit_list != NULL))
++  bool need_security_init = true;
++  if (__glibc_unlikely (audit_list != NULL)
++      || __glibc_unlikely (audit_list_string != NULL))
+     {
+-      /* Iterate over all entries in the list.  The order is important.  */
+       struct audit_ifaces *last_audit = NULL;
+-      struct audit_list *al = audit_list->next;
++      struct audit_list_iter al_iter;
++      audit_list_iter_init (&al_iter);
+ 
+       /* Since we start using the auditing DSOs right away we need to
+        initialize the data structures now.  */
+@@ -1320,9 +1400,14 @@ of this helper program; chances are you did not intend to run this program.\n\
+        use different values (especially the pointer guard) and will
+        fail later on.  */
+       security_init ();
++      need_security_init = false;
+ 
+-      do
++      while (true)
+       {
++        const char *name = audit_list_iter_next (&al_iter);
++        if (name == NULL)
++          break;
++
+         int tls_idx = GL(dl_tls_max_dtv_idx);
+ 
+         /* Now it is time to determine the layout of the static TLS
+@@ -1331,7 +1416,7 @@ of this helper program; chances are you did not intend to run this program.\n\
+            no DF_STATIC_TLS bit is set.  The reason is that we know
+            glibc will use the static model.  */
+         struct dlmopen_args dlmargs;
+-        dlmargs.fname = al->name;
++        dlmargs.fname = name;
+         dlmargs.map = NULL;
+ 
+         const char *objname;
+@@ -1344,7 +1429,7 @@ of this helper program; chances are you did not intend to run this program.\n\
+           not_loaded:
+             _dl_error_printf ("\
+ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
+-                              al->name, err_str);
++                              name, err_str);
+             if (malloced)
+               free ((char *) err_str);
+           }
+@@ -1448,10 +1533,7 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
+                 goto not_loaded;
+               }
+           }
+-
+-        al = al->next;
+       }
+-      while (al != audit_list->next);
+ 
+       /* If we have any auditing modules, announce that we already
+        have two objects loaded.  */
+@@ -1715,7 +1797,7 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
+   if (tcbp == NULL)
+     tcbp = init_tls ();
+ 
+-  if (__glibc_likely (audit_list == NULL))
++  if (__glibc_likely (need_security_init))
+     /* Initialize security features.  But only if we have not done it
+        earlier.  */
+     security_init ();
+@@ -2346,9 +2428,7 @@ process_dl_audit (char *str)
+   char *p;
+ 
+   while ((p = (strsep) (&str, ":")) != NULL)
+-    if (p[0] != '\0'
+-      && (__builtin_expect (! __libc_enable_secure, 1)
+-          || strchr (p, '/') == NULL))
++    if (dso_name_valid_for_suid (p))
+       {
+       /* This is using the local malloc, not the system malloc.  The
+          memory can never be freed.  */
+@@ -2412,7 +2492,7 @@ process_envvars (enum mode *modep)
+             break;
+           }
+         if (memcmp (envline, "AUDIT", 5) == 0)
+-          process_dl_audit (&envline[6]);
++          audit_list_string = &envline[6];
+         break;
+ 
+       case 7:
+-- 
+2.11.0
+
diff -Naurp buildroot-2017.05-rc2/package/glibc/2.24/0002-CVE-2017-1000366-Ignore-LD_LIBRARY_PATH-for-AT_SECUR.patch buildroot-2017.05.2/package/glibc/2.24/0002-CVE-2017-1000366-Ignore-LD_LIBRARY_PATH-for-AT_SECUR.patch
--- buildroot-2017.05-rc2/package/glibc/2.24/0002-CVE-2017-1000366-Ignore-LD_LIBRARY_PATH-for-AT_SECUR.patch    1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/glibc/2.24/0002-CVE-2017-1000366-Ignore-LD_LIBRARY_PATH-for-AT_SECUR.patch      2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,35 @@
+From f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 19 Jun 2017 17:09:55 +0200
+Subject: [PATCH] CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=1
+ programs [BZ #21624]
+
+LD_LIBRARY_PATH can only be used to reorder system search paths, which
+is not useful functionality.
+
+This makes an exploitable unbounded alloca in _dl_init_paths unreachable
+for AT_SECURE=1 programs.
+
+[Peter: Drop ChangeLog modification]
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ elf/rtld.c | 3 ++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/elf/rtld.c b/elf/rtld.c
+index 2446a87680..2269dbec81 100644
+--- a/elf/rtld.c
++++ b/elf/rtld.c
+@@ -2422,7 +2422,8 @@ process_envvars (enum mode *modep)
+ 
+       case 12:
+         /* The library search path.  */
+-        if (memcmp (envline, "LIBRARY_PATH", 12) == 0)
++        if (!__libc_enable_secure
++            && memcmp (envline, "LIBRARY_PATH", 12) == 0)
+           {
+             library_path = &envline[13];
+             break;
+-- 
+2.11.0
+
diff -Naurp buildroot-2017.05-rc2/package/glibc/2.24/0003-ld.so-Reject-overly-long-LD_PRELOAD-path-elements.patch buildroot-2017.05.2/package/glibc/2.24/0003-ld.so-Reject-overly-long-LD_PRELOAD-path-elements.patch
--- buildroot-2017.05-rc2/package/glibc/2.24/0003-ld.so-Reject-overly-long-LD_PRELOAD-path-elements.patch       1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/glibc/2.24/0003-ld.so-Reject-overly-long-LD_PRELOAD-path-elements.patch 2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,122 @@
+From 6d0ba622891bed9d8394eef1935add53003b12e8 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 19 Jun 2017 22:31:04 +0200
+Subject: [PATCH] ld.so: Reject overly long LD_PRELOAD path elements
+
+[Peter: Drop ChangeLog modification]
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ elf/rtld.c | 82 ++++++++++++++++++++++++++++++++++++++++++++++++++------------
+ 1 file changed, 72 insertions(+), 16 deletions(-)
+
+diff --git a/elf/rtld.c b/elf/rtld.c
+index 2269dbec81..86ae20c83f 100644
+--- a/elf/rtld.c
++++ b/elf/rtld.c
+@@ -99,6 +99,35 @@ uintptr_t __pointer_chk_guard_local
+ strong_alias (__pointer_chk_guard_local, __pointer_chk_guard)
+ #endif
+ 
++/* Length limits for names and paths, to protect the dynamic linker,
++   particularly when __libc_enable_secure is active.  */
++#ifdef NAME_MAX
++# define SECURE_NAME_LIMIT NAME_MAX
++#else
++# define SECURE_NAME_LIMIT 255
++#endif
++#ifdef PATH_MAX
++# define SECURE_PATH_LIMIT PATH_MAX
++#else
++# define SECURE_PATH_LIMIT 1024
++#endif
++
++/* Check that AT_SECURE=0, or that the passed name does not contain
++   directories and is not overly long.  Reject empty names
++   unconditionally.  */
++static bool
++dso_name_valid_for_suid (const char *p)
++{
++  if (__glibc_unlikely (__libc_enable_secure))
++    {
++      /* Ignore pathnames with directories for AT_SECURE=1
++       programs, and also skip overlong names.  */
++      size_t len = strlen (p);
++      if (len >= SECURE_NAME_LIMIT || memchr (p, '/', len) != NULL)
++      return false;
++    }
++  return *p != '\0';
++}
+ 
+ /* List of auditing DSOs.  */
+ static struct audit_list
+@@ -718,6 +747,42 @@ static const char *preloadlist attribute_relro;
+ /* Nonzero if information about versions has to be printed.  */
+ static int version_info attribute_relro;
+ 
++/* The LD_PRELOAD environment variable gives list of libraries
++   separated by white space or colons that are loaded before the
++   executable's dependencies and prepended to the global scope list.
++   (If the binary is running setuid all elements containing a '/' are
++   ignored since it is insecure.)  Return the number of preloads
++   performed.  */
++unsigned int
++handle_ld_preload (const char *preloadlist, struct link_map *main_map)
++{
++  unsigned int npreloads = 0;
++  const char *p = preloadlist;
++  char fname[SECURE_PATH_LIMIT];
++
++  while (*p != '\0')
++    {
++      /* Split preload list at space/colon.  */
++      size_t len = strcspn (p, " :");
++      if (len > 0 && len < sizeof (fname))
++      {
++        memcpy (fname, p, len);
++        fname[len] = '\0';
++      }
++      else
++      fname[0] = '\0';
++
++      /* Skip over the substring and the following delimiter.  */
++      p += len;
++      if (*p != '\0')
++      ++p;
++
++      if (dso_name_valid_for_suid (fname))
++      npreloads += do_preload (fname, main_map, "LD_PRELOAD");
++    }
++  return npreloads;
++}
++
+ static void
+ dl_main (const ElfW(Phdr) *phdr,
+        ElfW(Word) phnum,
+@@ -1464,23 +1529,8 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
+ 
+   if (__glibc_unlikely (preloadlist != NULL))
+     {
+-      /* The LD_PRELOAD environment variable gives list of libraries
+-       separated by white space or colons that are loaded before the
+-       executable's dependencies and prepended to the global scope
+-       list.  If the binary is running setuid all elements
+-       containing a '/' are ignored since it is insecure.  */
+-      char *list = strdupa (preloadlist);
+-      char *p;
+-
+       HP_TIMING_NOW (start);
+-
+-      /* Prevent optimizing strsep.  Speed is not important here.  */
+-      while ((p = (strsep) (&list, " :")) != NULL)
+-      if (p[0] != '\0'
+-          && (__builtin_expect (! __libc_enable_secure, 1)
+-              || strchr (p, '/') == NULL))
+-        npreloads += do_preload (p, main_map, "LD_PRELOAD");
+-
++      npreloads += handle_ld_preload (preloadlist, main_map);
+       HP_TIMING_NOW (stop);
+       HP_TIMING_DIFF (diff, start, stop);
+       HP_TIMING_ACCUM_NT (load_time, diff);
+-- 
+2.11.0
+
diff -Naurp buildroot-2017.05-rc2/package/glibc/2.24/0004-ld.so-Reject-overly-long-LD_AUDIT-path-elements.patch buildroot-2017.05.2/package/glibc/2.24/0004-ld.so-Reject-overly-long-LD_AUDIT-path-elements.patch
--- buildroot-2017.05-rc2/package/glibc/2.24/0004-ld.so-Reject-overly-long-LD_AUDIT-path-elements.patch 1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/glibc/2.24/0004-ld.so-Reject-overly-long-LD_AUDIT-path-elements.patch   2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,204 @@
+From 81b82fb966ffbd94353f793ad17116c6088dedd9 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 19 Jun 2017 22:32:12 +0200
+Subject: [PATCH] ld.so: Reject overly long LD_AUDIT path elements
+
+Also only process the last LD_AUDIT entry.
+
+[Peter: Drop ChangeLog modification]
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ elf/rtld.c | 110 ++++++++++++++++++++++++++++++++++++++++++++++++++++---------
+ 1 file changed, 105 insertions(+), 15 deletions(-)
+
+diff --git a/elf/rtld.c b/elf/rtld.c
+index 86ae20c83f..65647fb1c8 100644
+--- a/elf/rtld.c
++++ b/elf/rtld.c
+@@ -129,13 +129,91 @@ dso_name_valid_for_suid (const char *p)
+   return *p != '\0';
+ }
+ 
+-/* List of auditing DSOs.  */
++/* LD_AUDIT variable contents.  Must be processed before the
++   audit_list below.  */
++const char *audit_list_string;
++
++/* Cyclic list of auditing DSOs.  audit_list->next is the first
++   element.  */
+ static struct audit_list
+ {
+   const char *name;
+   struct audit_list *next;
+ } *audit_list;
+ 
++/* Iterator for audit_list_string followed by audit_list.  */
++struct audit_list_iter
++{
++  /* Tail of audit_list_string still needing processing, or NULL.  */
++  const char *audit_list_tail;
++
++  /* The list element returned in the previous iteration.  NULL before
++     the first element.  */
++  struct audit_list *previous;
++
++  /* Scratch buffer for returning a name which is part of
++     audit_list_string.  */
++  char fname[SECURE_NAME_LIMIT];
++};
++
++/* Initialize an audit list iterator.  */
++static void
++audit_list_iter_init (struct audit_list_iter *iter)
++{
++  iter->audit_list_tail = audit_list_string;
++  iter->previous = NULL;
++}
++
++/* Iterate through both audit_list_string and audit_list.  */
++static const char *
++audit_list_iter_next (struct audit_list_iter *iter)
++{
++  if (iter->audit_list_tail != NULL)
++    {
++      /* First iterate over audit_list_string.  */
++      while (*iter->audit_list_tail != '\0')
++      {
++        /* Split audit list at colon.  */
++        size_t len = strcspn (iter->audit_list_tail, ":");
++        if (len > 0 && len < sizeof (iter->fname))
++          {
++            memcpy (iter->fname, iter->audit_list_tail, len);
++            iter->fname[len] = '\0';
++          }
++        else
++          /* Do not return this name to the caller.  */
++          iter->fname[0] = '\0';
++
++        /* Skip over the substring and the following delimiter.  */
++        iter->audit_list_tail += len;
++        if (*iter->audit_list_tail == ':')
++          ++iter->audit_list_tail;
++
++        /* If the name is valid, return it.  */
++        if (dso_name_valid_for_suid (iter->fname))
++          return iter->fname;
++        /* Otherwise, wrap around and try the next name.  */
++      }
++      /* Fall through to the procesing of audit_list.  */
++    }
++
++  if (iter->previous == NULL)
++    {
++      if (audit_list == NULL)
++      /* No pre-parsed audit list.  */
++      return NULL;
++      /* Start of audit list.  The first list element is at
++       audit_list->next (cyclic list).  */
++      iter->previous = audit_list->next;
++      return iter->previous->name;
++    }
++  if (iter->previous == audit_list)
++    /* Cyclic list wrap-around.  */
++    return NULL;
++  iter->previous = iter->previous->next;
++  return iter->previous->name;
++}
++
+ #ifndef HAVE_INLINED_SYSCALLS
+ /* Set nonzero during loading and initialization of executable and
+    libraries, cleared before the executable's entry point runs.  This
+@@ -1305,11 +1383,13 @@ of this helper program; chances are you did not intend to run this program.\n\
+     GL(dl_rtld_map).l_tls_modid = _dl_next_tls_modid ();
+ 
+   /* If we have auditing DSOs to load, do it now.  */
+-  if (__glibc_unlikely (audit_list != NULL))
++  bool need_security_init = true;
++  if (__glibc_unlikely (audit_list != NULL)
++      || __glibc_unlikely (audit_list_string != NULL))
+     {
+-      /* Iterate over all entries in the list.  The order is important.  */
+       struct audit_ifaces *last_audit = NULL;
+-      struct audit_list *al = audit_list->next;
++      struct audit_list_iter al_iter;
++      audit_list_iter_init (&al_iter);
+ 
+       /* Since we start using the auditing DSOs right away we need to
+        initialize the data structures now.  */
+@@ -1320,9 +1400,14 @@ of this helper program; chances are you did not intend to run this program.\n\
+        use different values (especially the pointer guard) and will
+        fail later on.  */
+       security_init ();
++      need_security_init = false;
+ 
+-      do
++      while (true)
+       {
++        const char *name = audit_list_iter_next (&al_iter);
++        if (name == NULL)
++          break;
++
+         int tls_idx = GL(dl_tls_max_dtv_idx);
+ 
+         /* Now it is time to determine the layout of the static TLS
+@@ -1331,7 +1416,7 @@ of this helper program; chances are you did not intend to run this program.\n\
+            no DF_STATIC_TLS bit is set.  The reason is that we know
+            glibc will use the static model.  */
+         struct dlmopen_args dlmargs;
+-        dlmargs.fname = al->name;
++        dlmargs.fname = name;
+         dlmargs.map = NULL;
+ 
+         const char *objname;
+@@ -1344,7 +1429,7 @@ of this helper program; chances are you did not intend to run this program.\n\
+           not_loaded:
+             _dl_error_printf ("\
+ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
+-                              al->name, err_str);
++                              name, err_str);
+             if (malloced)
+               free ((char *) err_str);
+           }
+@@ -1448,10 +1533,7 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
+                 goto not_loaded;
+               }
+           }
+-
+-        al = al->next;
+       }
+-      while (al != audit_list->next);
+ 
+       /* If we have any auditing modules, announce that we already
+        have two objects loaded.  */
+@@ -1715,7 +1797,7 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
+   if (tcbp == NULL)
+     tcbp = init_tls ();
+ 
+-  if (__glibc_likely (audit_list == NULL))
++  if (__glibc_likely (need_security_init))
+     /* Initialize security features.  But only if we have not done it
+        earlier.  */
+     security_init ();
+@@ -2346,9 +2428,7 @@ process_dl_audit (char *str)
+   char *p;
+ 
+   while ((p = (strsep) (&str, ":")) != NULL)
+-    if (p[0] != '\0'
+-      && (__builtin_expect (! __libc_enable_secure, 1)
+-          || strchr (p, '/') == NULL))
++    if (dso_name_valid_for_suid (p))
+       {
+       /* This is using the local malloc, not the system malloc.  The
+          memory can never be freed.  */
+@@ -2412,7 +2492,7 @@ process_envvars (enum mode *modep)
+             break;
+           }
+         if (memcmp (envline, "AUDIT", 5) == 0)
+-          process_dl_audit (&envline[6]);
++          audit_list_string = &envline[6];
+         break;
+ 
+       case 7:
+-- 
+2.11.0
+
diff -Naurp buildroot-2017.05-rc2/package/glibc/2.25/0002-CVE-2017-1000366-Ignore-LD_LIBRARY_PATH-for-AT_SECUR.patch buildroot-2017.05.2/package/glibc/2.25/0002-CVE-2017-1000366-Ignore-LD_LIBRARY_PATH-for-AT_SECUR.patch
--- buildroot-2017.05-rc2/package/glibc/2.25/0002-CVE-2017-1000366-Ignore-LD_LIBRARY_PATH-for-AT_SECUR.patch    1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/glibc/2.25/0002-CVE-2017-1000366-Ignore-LD_LIBRARY_PATH-for-AT_SECUR.patch      2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,35 @@
+From f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 19 Jun 2017 17:09:55 +0200
+Subject: [PATCH] CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=1
+ programs [BZ #21624]
+
+LD_LIBRARY_PATH can only be used to reorder system search paths, which
+is not useful functionality.
+
+This makes an exploitable unbounded alloca in _dl_init_paths unreachable
+for AT_SECURE=1 programs.
+
+[Peter: Drop ChangeLog modification]
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ elf/rtld.c | 3 ++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/elf/rtld.c b/elf/rtld.c
+index 2446a87680..2269dbec81 100644
+--- a/elf/rtld.c
++++ b/elf/rtld.c
+@@ -2422,7 +2422,8 @@ process_envvars (enum mode *modep)
+ 
+       case 12:
+         /* The library search path.  */
+-        if (memcmp (envline, "LIBRARY_PATH", 12) == 0)
++        if (!__libc_enable_secure
++            && memcmp (envline, "LIBRARY_PATH", 12) == 0)
+           {
+             library_path = &envline[13];
+             break;
+-- 
+2.11.0
+
diff -Naurp buildroot-2017.05-rc2/package/glibc/2.25/0003-ld.so-Reject-overly-long-LD_PRELOAD-path-elements.patch buildroot-2017.05.2/package/glibc/2.25/0003-ld.so-Reject-overly-long-LD_PRELOAD-path-elements.patch
--- buildroot-2017.05-rc2/package/glibc/2.25/0003-ld.so-Reject-overly-long-LD_PRELOAD-path-elements.patch       1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/glibc/2.25/0003-ld.so-Reject-overly-long-LD_PRELOAD-path-elements.patch 2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,122 @@
+From 6d0ba622891bed9d8394eef1935add53003b12e8 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 19 Jun 2017 22:31:04 +0200
+Subject: [PATCH] ld.so: Reject overly long LD_PRELOAD path elements
+
+[Peter: Drop ChangeLog modification]
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ elf/rtld.c | 82 ++++++++++++++++++++++++++++++++++++++++++++++++++------------
+ 1 file changed, 72 insertions(+), 16 deletions(-)
+
+diff --git a/elf/rtld.c b/elf/rtld.c
+index 2269dbec81..86ae20c83f 100644
+--- a/elf/rtld.c
++++ b/elf/rtld.c
+@@ -99,6 +99,35 @@ uintptr_t __pointer_chk_guard_local
+ strong_alias (__pointer_chk_guard_local, __pointer_chk_guard)
+ #endif
+ 
++/* Length limits for names and paths, to protect the dynamic linker,
++   particularly when __libc_enable_secure is active.  */
++#ifdef NAME_MAX
++# define SECURE_NAME_LIMIT NAME_MAX
++#else
++# define SECURE_NAME_LIMIT 255
++#endif
++#ifdef PATH_MAX
++# define SECURE_PATH_LIMIT PATH_MAX
++#else
++# define SECURE_PATH_LIMIT 1024
++#endif
++
++/* Check that AT_SECURE=0, or that the passed name does not contain
++   directories and is not overly long.  Reject empty names
++   unconditionally.  */
++static bool
++dso_name_valid_for_suid (const char *p)
++{
++  if (__glibc_unlikely (__libc_enable_secure))
++    {
++      /* Ignore pathnames with directories for AT_SECURE=1
++       programs, and also skip overlong names.  */
++      size_t len = strlen (p);
++      if (len >= SECURE_NAME_LIMIT || memchr (p, '/', len) != NULL)
++      return false;
++    }
++  return *p != '\0';
++}
+ 
+ /* List of auditing DSOs.  */
+ static struct audit_list
+@@ -718,6 +747,42 @@ static const char *preloadlist attribute_relro;
+ /* Nonzero if information about versions has to be printed.  */
+ static int version_info attribute_relro;
+ 
++/* The LD_PRELOAD environment variable gives list of libraries
++   separated by white space or colons that are loaded before the
++   executable's dependencies and prepended to the global scope list.
++   (If the binary is running setuid all elements containing a '/' are
++   ignored since it is insecure.)  Return the number of preloads
++   performed.  */
++unsigned int
++handle_ld_preload (const char *preloadlist, struct link_map *main_map)
++{
++  unsigned int npreloads = 0;
++  const char *p = preloadlist;
++  char fname[SECURE_PATH_LIMIT];
++
++  while (*p != '\0')
++    {
++      /* Split preload list at space/colon.  */
++      size_t len = strcspn (p, " :");
++      if (len > 0 && len < sizeof (fname))
++      {
++        memcpy (fname, p, len);
++        fname[len] = '\0';
++      }
++      else
++      fname[0] = '\0';
++
++      /* Skip over the substring and the following delimiter.  */
++      p += len;
++      if (*p != '\0')
++      ++p;
++
++      if (dso_name_valid_for_suid (fname))
++      npreloads += do_preload (fname, main_map, "LD_PRELOAD");
++    }
++  return npreloads;
++}
++
+ static void
+ dl_main (const ElfW(Phdr) *phdr,
+        ElfW(Word) phnum,
+@@ -1464,23 +1529,8 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
+ 
+   if (__glibc_unlikely (preloadlist != NULL))
+     {
+-      /* The LD_PRELOAD environment variable gives list of libraries
+-       separated by white space or colons that are loaded before the
+-       executable's dependencies and prepended to the global scope
+-       list.  If the binary is running setuid all elements
+-       containing a '/' are ignored since it is insecure.  */
+-      char *list = strdupa (preloadlist);
+-      char *p;
+-
+       HP_TIMING_NOW (start);
+-
+-      /* Prevent optimizing strsep.  Speed is not important here.  */
+-      while ((p = (strsep) (&list, " :")) != NULL)
+-      if (p[0] != '\0'
+-          && (__builtin_expect (! __libc_enable_secure, 1)
+-              || strchr (p, '/') == NULL))
+-        npreloads += do_preload (p, main_map, "LD_PRELOAD");
+-
++      npreloads += handle_ld_preload (preloadlist, main_map);
+       HP_TIMING_NOW (stop);
+       HP_TIMING_DIFF (diff, start, stop);
+       HP_TIMING_ACCUM_NT (load_time, diff);
+-- 
+2.11.0
+
diff -Naurp buildroot-2017.05-rc2/package/glibc/2.25/0004-ld.so-Reject-overly-long-LD_AUDIT-path-elements.patch buildroot-2017.05.2/package/glibc/2.25/0004-ld.so-Reject-overly-long-LD_AUDIT-path-elements.patch
--- buildroot-2017.05-rc2/package/glibc/2.25/0004-ld.so-Reject-overly-long-LD_AUDIT-path-elements.patch 1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/glibc/2.25/0004-ld.so-Reject-overly-long-LD_AUDIT-path-elements.patch   2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,204 @@
+From 81b82fb966ffbd94353f793ad17116c6088dedd9 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 19 Jun 2017 22:32:12 +0200
+Subject: [PATCH] ld.so: Reject overly long LD_AUDIT path elements
+
+Also only process the last LD_AUDIT entry.
+
+[Peter: Drop ChangeLog modification]
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ elf/rtld.c | 110 ++++++++++++++++++++++++++++++++++++++++++++++++++++---------
+ 1 file changed, 105 insertions(+), 15 deletions(-)
+
+diff --git a/elf/rtld.c b/elf/rtld.c
+index 86ae20c83f..65647fb1c8 100644
+--- a/elf/rtld.c
++++ b/elf/rtld.c
+@@ -129,13 +129,91 @@ dso_name_valid_for_suid (const char *p)
+   return *p != '\0';
+ }
+ 
+-/* List of auditing DSOs.  */
++/* LD_AUDIT variable contents.  Must be processed before the
++   audit_list below.  */
++const char *audit_list_string;
++
++/* Cyclic list of auditing DSOs.  audit_list->next is the first
++   element.  */
+ static struct audit_list
+ {
+   const char *name;
+   struct audit_list *next;
+ } *audit_list;
+ 
++/* Iterator for audit_list_string followed by audit_list.  */
++struct audit_list_iter
++{
++  /* Tail of audit_list_string still needing processing, or NULL.  */
++  const char *audit_list_tail;
++
++  /* The list element returned in the previous iteration.  NULL before
++     the first element.  */
++  struct audit_list *previous;
++
++  /* Scratch buffer for returning a name which is part of
++     audit_list_string.  */
++  char fname[SECURE_NAME_LIMIT];
++};
++
++/* Initialize an audit list iterator.  */
++static void
++audit_list_iter_init (struct audit_list_iter *iter)
++{
++  iter->audit_list_tail = audit_list_string;
++  iter->previous = NULL;
++}
++
++/* Iterate through both audit_list_string and audit_list.  */
++static const char *
++audit_list_iter_next (struct audit_list_iter *iter)
++{
++  if (iter->audit_list_tail != NULL)
++    {
++      /* First iterate over audit_list_string.  */
++      while (*iter->audit_list_tail != '\0')
++      {
++        /* Split audit list at colon.  */
++        size_t len = strcspn (iter->audit_list_tail, ":");
++        if (len > 0 && len < sizeof (iter->fname))
++          {
++            memcpy (iter->fname, iter->audit_list_tail, len);
++            iter->fname[len] = '\0';
++          }
++        else
++          /* Do not return this name to the caller.  */
++          iter->fname[0] = '\0';
++
++        /* Skip over the substring and the following delimiter.  */
++        iter->audit_list_tail += len;
++        if (*iter->audit_list_tail == ':')
++          ++iter->audit_list_tail;
++
++        /* If the name is valid, return it.  */
++        if (dso_name_valid_for_suid (iter->fname))
++          return iter->fname;
++        /* Otherwise, wrap around and try the next name.  */
++      }
++      /* Fall through to the procesing of audit_list.  */
++    }
++
++  if (iter->previous == NULL)
++    {
++      if (audit_list == NULL)
++      /* No pre-parsed audit list.  */
++      return NULL;
++      /* Start of audit list.  The first list element is at
++       audit_list->next (cyclic list).  */
++      iter->previous = audit_list->next;
++      return iter->previous->name;
++    }
++  if (iter->previous == audit_list)
++    /* Cyclic list wrap-around.  */
++    return NULL;
++  iter->previous = iter->previous->next;
++  return iter->previous->name;
++}
++
+ #ifndef HAVE_INLINED_SYSCALLS
+ /* Set nonzero during loading and initialization of executable and
+    libraries, cleared before the executable's entry point runs.  This
+@@ -1305,11 +1383,13 @@ of this helper program; chances are you did not intend to run this program.\n\
+     GL(dl_rtld_map).l_tls_modid = _dl_next_tls_modid ();
+ 
+   /* If we have auditing DSOs to load, do it now.  */
+-  if (__glibc_unlikely (audit_list != NULL))
++  bool need_security_init = true;
++  if (__glibc_unlikely (audit_list != NULL)
++      || __glibc_unlikely (audit_list_string != NULL))
+     {
+-      /* Iterate over all entries in the list.  The order is important.  */
+       struct audit_ifaces *last_audit = NULL;
+-      struct audit_list *al = audit_list->next;
++      struct audit_list_iter al_iter;
++      audit_list_iter_init (&al_iter);
+ 
+       /* Since we start using the auditing DSOs right away we need to
+        initialize the data structures now.  */
+@@ -1320,9 +1400,14 @@ of this helper program; chances are you did not intend to run this program.\n\
+        use different values (especially the pointer guard) and will
+        fail later on.  */
+       security_init ();
++      need_security_init = false;
+ 
+-      do
++      while (true)
+       {
++        const char *name = audit_list_iter_next (&al_iter);
++        if (name == NULL)
++          break;
++
+         int tls_idx = GL(dl_tls_max_dtv_idx);
+ 
+         /* Now it is time to determine the layout of the static TLS
+@@ -1331,7 +1416,7 @@ of this helper program; chances are you did not intend to run this program.\n\
+            no DF_STATIC_TLS bit is set.  The reason is that we know
+            glibc will use the static model.  */
+         struct dlmopen_args dlmargs;
+-        dlmargs.fname = al->name;
++        dlmargs.fname = name;
+         dlmargs.map = NULL;
+ 
+         const char *objname;
+@@ -1344,7 +1429,7 @@ of this helper program; chances are you did not intend to run this program.\n\
+           not_loaded:
+             _dl_error_printf ("\
+ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
+-                              al->name, err_str);
++                              name, err_str);
+             if (malloced)
+               free ((char *) err_str);
+           }
+@@ -1448,10 +1533,7 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
+                 goto not_loaded;
+               }
+           }
+-
+-        al = al->next;
+       }
+-      while (al != audit_list->next);
+ 
+       /* If we have any auditing modules, announce that we already
+        have two objects loaded.  */
+@@ -1715,7 +1797,7 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
+   if (tcbp == NULL)
+     tcbp = init_tls ();
+ 
+-  if (__glibc_likely (audit_list == NULL))
++  if (__glibc_likely (need_security_init))
+     /* Initialize security features.  But only if we have not done it
+        earlier.  */
+     security_init ();
+@@ -2346,9 +2428,7 @@ process_dl_audit (char *str)
+   char *p;
+ 
+   while ((p = (strsep) (&str, ":")) != NULL)
+-    if (p[0] != '\0'
+-      && (__builtin_expect (! __libc_enable_secure, 1)
+-          || strchr (p, '/') == NULL))
++    if (dso_name_valid_for_suid (p))
+       {
+       /* This is using the local malloc, not the system malloc.  The
+          memory can never be freed.  */
+@@ -2412,7 +2492,7 @@ process_envvars (enum mode *modep)
+             break;
+           }
+         if (memcmp (envline, "AUDIT", 5) == 0)
+-          process_dl_audit (&envline[6]);
++          audit_list_string = &envline[6];
+         break;
+ 
+       case 7:
+-- 
+2.11.0
+
diff -Naurp buildroot-2017.05-rc2/package/glmark2/0002-NativeStateDRM-use-fixed-event-context-version.patch buildroot-2017.05.2/package/glmark2/0002-NativeStateDRM-use-fixed-event-context-version.patch
--- buildroot-2017.05-rc2/package/glmark2/0002-NativeStateDRM-use-fixed-event-context-version.patch     1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/glmark2/0002-NativeStateDRM-use-fixed-event-context-version.patch       2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,28 @@
+From: Lucas Stach <l.stach@pengutronix.de>
+Date: Wed, 31 May 2017 13:01:00 +0200
+Subject: [PATCH] NativeStateDRM: use fixed event context version
+
+Using the latest version is not a good idea, as the context content may
+change between versions.
+
+Fixes a segfault with new kernel and libdrm.
+
+Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
+Signed-off-by: Fabio Estevam <festevam@gmail.com>
+---
+ src/native-state-drm.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/native-state-drm.cpp b/src/native-state-drm.cpp
+index 454a24d898ff..b9af996667dc 100644
+--- a/src/native-state-drm.cpp
++++ b/src/native-state-drm.cpp
+@@ -106,7 +106,7 @@ NativeStateDRM::flip()
+     FD_ZERO(&fds);
+     FD_SET(fd_, &fds);
+     drmEventContext evCtx;
+-    evCtx.version = DRM_EVENT_CONTEXT_VERSION;
++    evCtx.version = 2;
+     evCtx.page_flip_handler = page_flip_handler;
+ 
+     while (waiting) {
diff -Naurp buildroot-2017.05-rc2/package/gnutls/Config.in buildroot-2017.05.2/package/gnutls/Config.in
--- buildroot-2017.05-rc2/package/gnutls/Config.in      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/gnutls/Config.in        2017-07-27 08:16:52.017486944 +0200
@@ -1,5 +1,7 @@
 config BR2_PACKAGE_GNUTLS
        bool "gnutls"
+       # https://gitlab.com/gnutls/gnutls/issues/203
+       depends on !BR2_STATIC_LIBS
        depends on BR2_USE_WCHAR
        select BR2_PACKAGE_LIBTASN1
        select BR2_PACKAGE_LIBUNISTRING
@@ -22,5 +24,5 @@ config BR2_PACKAGE_GNUTLS_TOOLS
 
 endif
 
-comment "gnutls needs a toolchain w/ wchar"
-       depends on !BR2_USE_WCHAR
+comment "gnutls needs a toolchain w/ wchar, dynamic library"
+       depends on !BR2_USE_WCHAR || BR2_STATIC_LIBS
diff -Naurp buildroot-2017.05-rc2/package/gnutls/gnutls.hash buildroot-2017.05.2/package/gnutls/gnutls.hash
--- buildroot-2017.05-rc2/package/gnutls/gnutls.hash    2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/gnutls/gnutls.hash      2017-07-27 08:16:52.017486944 +0200
@@ -1,2 +1,2 @@
 # Locally calculated after checking pgp signature
-sha256 af443e86ba538d4d3e37c4732c00101a492fe4b56a55f4112ff0ab39dbe6579d        gnutls-3.5.10.tar.xz
+sha256 79f5480ad198dad5bc78e075f4a40c4a315a1b2072666919d2d05a08aec13096        gnutls-3.5.13.tar.xz
diff -Naurp buildroot-2017.05-rc2/package/gnutls/gnutls.mk buildroot-2017.05.2/package/gnutls/gnutls.mk
--- buildroot-2017.05-rc2/package/gnutls/gnutls.mk      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/gnutls/gnutls.mk        2017-07-27 08:16:52.017486944 +0200
@@ -5,9 +5,9 @@
 ################################################################################
 
 GNUTLS_VERSION_MAJOR = 3.5
-GNUTLS_VERSION = $(GNUTLS_VERSION_MAJOR).10
+GNUTLS_VERSION = $(GNUTLS_VERSION_MAJOR).13
 GNUTLS_SOURCE = gnutls-$(GNUTLS_VERSION).tar.xz
-GNUTLS_SITE = ftp://ftp.gnutls.org/gcrypt/gnutls/v$(GNUTLS_VERSION_MAJOR)
+GNUTLS_SITE = https://www.gnupg.org/ftp/gcrypt/gnutls/v$(GNUTLS_VERSION_MAJOR)
 GNUTLS_LICENSE = LGPL-2.1+ (core library), GPL-3.0+ (gnutls-openssl library)
 GNUTLS_LICENSE_FILES = doc/COPYING doc/COPYING.LESSER
 GNUTLS_DEPENDENCIES = host-pkgconf libunistring libtasn1 nettle pcre
diff -Naurp buildroot-2017.05-rc2/package/google-breakpad/google-breakpad.mk buildroot-2017.05.2/package/google-breakpad/google-breakpad.mk
--- buildroot-2017.05-rc2/package/google-breakpad/google-breakpad.mk    2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/google-breakpad/google-breakpad.mk      2017-07-27 08:16:52.017486944 +0200
@@ -23,14 +23,14 @@ define HOST_GOOGLE_BREAKPAD_LSS
                $(HOST_DIR)/usr/include/linux_syscall_support.h \
                $(@D)/src/third_party/lss/linux_syscall_support.h
 endef
-HOST_GOOGLE_BREAKPAD_POST_EXTRACT_HOOKS += HOST_GOOGLE_BREAKPAD_LSS
+HOST_GOOGLE_BREAKPAD_PRE_CONFIGURE_HOOKS += HOST_GOOGLE_BREAKPAD_LSS
 
 define GOOGLE_BREAKPAD_LSS
        $(INSTALL) -D -m 0644 \
                $(STAGING_DIR)/usr/include/linux_syscall_support.h \
                $(@D)/src/third_party/lss/linux_syscall_support.h
 endef
-GOOGLE_BREAKPAD_POST_EXTRACT_HOOKS += GOOGLE_BREAKPAD_LSS
+GOOGLE_BREAKPAD_PRE_CONFIGURE_HOOKS += GOOGLE_BREAKPAD_LSS
 
 define GOOGLE_BREAKPAD_EXTRACT_SYMBOLS
        $(EXTRA_ENV) package/google-breakpad/gen-syms.sh $(STAGING_DIR) \
diff -Naurp buildroot-2017.05-rc2/package/gstreamer1/gst1-plugins-bad/Config.in buildroot-2017.05.2/package/gstreamer1/gst1-plugins-bad/Config.in
--- buildroot-2017.05-rc2/package/gstreamer1/gst1-plugins-bad/Config.in 2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/gstreamer1/gst1-plugins-bad/Config.in   2017-07-27 08:16:52.017486944 +0200
@@ -698,8 +698,8 @@ config BR2_PACKAGE_GST1_PLUGINS_BAD_PLUG
        help
          Webp image format plugin
 
-config BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_WEBRTC
-       bool "webrtc"
+config BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_WEBRTCDSP
+       bool "webrtcdsp"
        # All depends from webrtc-audio-processing
        depends on BR2_PACKAGE_WEBRTC_AUDIO_PROCESSING_ARCH_SUPPORTS
        depends on BR2_INSTALL_LIBSTDCPP
@@ -710,7 +710,7 @@ config BR2_PACKAGE_GST1_PLUGINS_BAD_PLUG
        help
          WebRTC echo-cancellation, gain control and noise suppression
 
-comment "webrtc needs a toolchain w/ C++, NPTL, gcc >= 4.8"
+comment "webrtcdsp needs a toolchain w/ C++, NPTL, gcc >= 4.8"
        depends on BR2_PACKAGE_WEBRTC_AUDIO_PROCESSING_ARCH_SUPPORTS
        depends on !BR2_INSTALL_LIBSTDCPP || !BR2_TOOLCHAIN_HAS_THREADS_NPTL \
                || !BR2_TOOLCHAIN_GCC_AT_LEAST_4_8
diff -Naurp buildroot-2017.05-rc2/package/gstreamer1/gst1-plugins-bad/gst1-plugins-bad.mk buildroot-2017.05.2/package/gstreamer1/gst1-plugins-bad/gst1-plugins-bad.mk
--- buildroot-2017.05-rc2/package/gstreamer1/gst1-plugins-bad/gst1-plugins-bad.mk       2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/gstreamer1/gst1-plugins-bad/gst1-plugins-bad.mk 2017-07-27 08:16:52.017486944 +0200
@@ -813,11 +813,11 @@ else
 GST1_PLUGINS_BAD_CONF_OPTS += --disable-webp
 endif
 
-ifeq ($(BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_WEBRTC),y)
-GST1_PLUGINS_BAD_CONF_OPTS += --enable-webrtc
+ifeq ($(BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_WEBRTCDSP),y)
+GST1_PLUGINS_BAD_CONF_OPTS += --enable-webrtcdsp
 GST1_PLUGINS_BAD_DEPENDENCIES += webrtc-audio-processing
 else
-GST1_PLUGINS_BAD_CONF_OPTS += --disable-webrtc
+GST1_PLUGINS_BAD_CONF_OPTS += --disable-webrtcdsp
 endif
 
 ifeq ($(BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_X265),y)
diff -Naurp buildroot-2017.05-rc2/package/hans/hans.mk buildroot-2017.05.2/package/hans/hans.mk
--- buildroot-2017.05-rc2/package/hans/hans.mk  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/hans/hans.mk    2017-07-27 08:16:52.017486944 +0200
@@ -10,7 +10,7 @@ HANS_LICENSE = GPL-3.0+
 HANS_LICENSE_FILES = LICENSE
 
 define HANS_BUILD_CMDS
-       $(TARGET_MAKE_ENV) $(MAKE) GCC="$(TARGET_CC)" GPP="$(TARGET_CXX)" -C $(@D)
+       $(TARGET_MAKE_ENV) $(MAKE1) GCC="$(TARGET_CC)" GPP="$(TARGET_CXX)" -C $(@D)
 endef
 
 define HANS_INSTALL_TARGET_CMDS
diff -Naurp buildroot-2017.05-rc2/package/heimdal/heimdal.hash buildroot-2017.05.2/package/heimdal/heimdal.hash
--- buildroot-2017.05-rc2/package/heimdal/heimdal.hash  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/heimdal/heimdal.hash    2017-07-27 08:16:52.017486944 +0200
@@ -1,2 +1,2 @@
-# Locally calculated after checking pgp signature
-sha256 cee58ab3a4ce79f243a3e73f465dac19fe2b93ef1c5ff244d6f1d689fedbde2d        heimdal-7.1.0.tar.gz
+# Locally calculated
+sha256 3de14ecd36ad21c1694a13da347512b047f4010d176fe412820664cb5d1429ad  heimdal-7.4.0.tar.gz
diff -Naurp buildroot-2017.05-rc2/package/heimdal/heimdal.mk buildroot-2017.05.2/package/heimdal/heimdal.mk
--- buildroot-2017.05-rc2/package/heimdal/heimdal.mk    2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/heimdal/heimdal.mk      2017-07-27 08:16:52.017486944 +0200
@@ -4,8 +4,8 @@
 #
 ################################################################################
 
-HEIMDAL_VERSION = 7.1.0
-HEIMDAL_SITE = http://www.h5l.org/dist/src
+HEIMDAL_VERSION = 7.4.0
+HEIMDAL_SITE = https://github.com/heimdal/heimdal/releases/download/heimdal-$(HEIMDAL_VERSION)
 HOST_HEIMDAL_DEPENDENCIES = host-e2fsprogs host-ncurses host-pkgconf
 HEIMDAL_INSTALL_STAGING = YES
 HEIMDAL_MAKE = $(MAKE1)
@@ -15,6 +15,7 @@ HOST_HEIMDAL_CONF_OPTS = \
        --enable-static \
        --without-openldap \
        --without-capng \
+       --with-db-type-preference= \
        --without-sqlite3 \
        --without-libintl \
        --without-openssl \
diff -Naurp buildroot-2017.05-rc2/package/imagemagick/0001-https-github.com-ImageMagick-ImageMagick-issues-415.patch buildroot-2017.05.2/package/imagemagick/0001-https-github.com-ImageMagick-ImageMagick-issues-415.patch
--- buildroot-2017.05-rc2/package/imagemagick/0001-https-github.com-ImageMagick-ImageMagick-issues-415.patch    2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/imagemagick/0001-https-github.com-ImageMagick-ImageMagick-issues-415.patch      1970-01-01 01:00:00.000000000 +0100
@@ -1,52 +0,0 @@
-From b218117cad34d39b9ffb587b45c71c5a49b12bde Mon Sep 17 00:00:00 2001
-From: Cristy <urban-warrior@imagemagick.org>
-Date: Fri, 31 Mar 2017 15:24:33 -0400
-Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/415
-
-Fixes CVE-2017-7606
-
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
----
- coders/pnm.c | 2 +-
- coders/rle.c | 5 +++--
- 2 files changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/coders/pnm.c b/coders/pnm.c
-index 9a1221d79..c525ebb8f 100644
---- a/coders/pnm.c
-+++ b/coders/pnm.c
-@@ -1979,7 +1979,7 @@ static MagickBooleanType WritePNMImage(const ImageInfo *image_info,Image *image,
-                           pixel=ScaleQuantumToChar(GetPixelRed(image,p));
-                         else
-                           pixel=ScaleQuantumToAny(GetPixelRed(image,p),
--                          max_value);
-+                            max_value);
-                       }
-                     q=PopCharPixel((unsigned char) pixel,q);
-                     p+=GetPixelChannels(image);
-diff --git a/coders/rle.c b/coders/rle.c
-index 2318901ec..ec071dc7b 100644
---- a/coders/rle.c
-+++ b/coders/rle.c
-@@ -271,7 +271,8 @@ static Image *ReadRLEImage(const ImageInfo *image_info,ExceptionInfo *exception)
-         p=colormap;
-         for (i=0; i < (ssize_t) number_colormaps; i++)
-           for (x=0; x < (ssize_t) map_length; x++)
--            *p++=(unsigned char) ScaleShortToQuantum(ReadBlobLSBShort(image));
-+            *p++=(unsigned char) ScaleQuantumToChar(ScaleShortToQuantum(
-+              ReadBlobLSBShort(image)));
-       }
-     if ((flags & 0x08) != 0)
-       {
-@@ -476,7 +477,7 @@ static Image *ReadRLEImage(const ImageInfo *image_info,ExceptionInfo *exception)
-               for (x=0; x < (ssize_t) number_planes; x++)
-               {
-                 ValidateColormapValue(image,(size_t) (x*map_length+
--                    (*p & mask)),&index,exception);
-+                  (*p & mask)),&index,exception);
-                 *p=colormap[(ssize_t) index];
-                 p++;
-               }
--- 
-2.11.0
-
diff -Naurp buildroot-2017.05-rc2/package/imagemagick/imagemagick.hash buildroot-2017.05.2/package/imagemagick/imagemagick.hash
--- buildroot-2017.05-rc2/package/imagemagick/imagemagick.hash  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/imagemagick/imagemagick.hash    2017-07-27 08:16:52.017486944 +0200
@@ -1,2 +1,2 @@
 # From http://www.imagemagick.org/download/releases/digest.rdf
-sha256 4a1dde5bdfec0fc549955a051be25b7ff96dfb192060997699e43c7ce0f06ab2  ImageMagick-7.0.5-4.tar.xz
+sha256 0058fcde533986334458a5c99600b1b9633182dd9562cbad4ba618c5ccf2a28f  ImageMagick-7.0.5-10.tar.xz
diff -Naurp buildroot-2017.05-rc2/package/imagemagick/imagemagick.mk buildroot-2017.05.2/package/imagemagick/imagemagick.mk
--- buildroot-2017.05-rc2/package/imagemagick/imagemagick.mk    2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/imagemagick/imagemagick.mk      2017-07-27 08:16:52.017486944 +0200
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-IMAGEMAGICK_VERSION = 7.0.5-4
+IMAGEMAGICK_VERSION = 7.0.5-10
 IMAGEMAGICK_SOURCE = ImageMagick-$(IMAGEMAGICK_VERSION).tar.xz
 IMAGEMAGICK_SITE = http://www.imagemagick.org/download/releases
 IMAGEMAGICK_LICENSE = Apache-2.0
diff -Naurp buildroot-2017.05-rc2/package/intltool/0001-perl-5.26-compatibility.patch buildroot-2017.05.2/package/intltool/0001-perl-5.26-compatibility.patch
--- buildroot-2017.05-rc2/package/intltool/0001-perl-5.26-compatibility.patch   1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/intltool/0001-perl-5.26-compatibility.patch     2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,55 @@
+Fix regex errors thrown by Perl 5.26:
+
+Unescaped left brace in regex is illegal here in regex; marked by <-- HERE in m/^(.*)\${ <-- HERE ?([A-Z_]+)}?(.*)$/ at $BUILDROOT/host/usr/bin/intltool-update line 1065.
+
+Fetched from:
+https://github.com/Alexpux/MSYS2-packages/blob/master/intltool/perl-5.22-compatibility.patch
+
+Reported upstream:
+https://bugs.launchpad.net/intltool/+bug/1696658
+
+Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
+
+--- intltool-0.51.0.orig/intltool-update.in    2015-03-09 02:39:54.000000000 +0100
++++ intltool-0.51.0.orig/intltool-update.in    2015-06-19 01:52:07.171228154 +0200
+@@ -1062,7 +1062,7 @@ 
+       }
+     }
+ 
+-    if ($str =~ /^(.*)\${?([A-Z_]+)}?(.*)$/)
++    if ($str =~ /^(.*)\$\{?([A-Z_]+)}?(.*)$/)
+     {
+       my $rest = $3;
+       my $untouched = $1;
+@@ -1190,10 +1190,10 @@ 
+       $name    =~ s/\(+$//g;
+       $version =~ s/\(+$//g;
+ 
+-      $varhash{"PACKAGE_NAME"} = $name if (not $name =~ /\${?AC_PACKAGE_NAME}?/);
+-      $varhash{"PACKAGE"} = $name if (not $name =~ /\${?PACKAGE}?/);
+-      $varhash{"PACKAGE_VERSION"} = $version if (not $name =~ /\${?AC_PACKAGE_VERSION}?/);
+-      $varhash{"VERSION"} = $version if (not $name =~ /\${?VERSION}?/);
++      $varhash{"PACKAGE_NAME"} = $name if (not $name =~ /\$\{?AC_PACKAGE_NAME}?/);
++      $varhash{"PACKAGE"} = $name if (not $name =~ /\$\{?PACKAGE}?/);
++      $varhash{"PACKAGE_VERSION"} = $version if (not $name =~ /\$\{?AC_PACKAGE_VERSION}?/);
++      $varhash{"VERSION"} = $version if (not $name =~ /\$\{?VERSION}?/);
+     }
+ 
+     if ($conf_source =~ /^AC_INIT\(([^,\)]+),([^,\)]+)[,]?([^,\)]+)?/m)
+@@ -1219,11 +1219,11 @@ 
+       $version =~ s/\(+$//g;
+         $bugurl  =~ s/\(+$//g if (defined $bugurl);
+ 
+-      $varhash{"PACKAGE_NAME"} = $name if (not $name =~ /\${?AC_PACKAGE_NAME}?/);
+-      $varhash{"PACKAGE"} = $name if (not $name =~ /\${?PACKAGE}?/);
+-      $varhash{"PACKAGE_VERSION"} = $version if (not $name =~ /\${?AC_PACKAGE_VERSION}?/);
+-      $varhash{"VERSION"} = $version if (not $name =~ /\${?VERSION}?/);
+-        $varhash{"PACKAGE_BUGREPORT"} = $bugurl if (defined $bugurl and not $bugurl =~ /\${?\w+}?/);
++      $varhash{"PACKAGE_NAME"} = $name if (not $name =~ /\$\{?AC_PACKAGE_NAME}?/);
++      $varhash{"PACKAGE"} = $name if (not $name =~ /\$\{?PACKAGE}?/);
++      $varhash{"PACKAGE_VERSION"} = $version if (not $name =~ /\$\{?AC_PACKAGE_VERSION}?/);
++      $varhash{"VERSION"} = $version if (not $name =~ /\$\{?VERSION}?/);
++        $varhash{"PACKAGE_BUGREPORT"} = $bugurl if (defined $bugurl and not $bugurl =~ /\$\{?\w+}?/);
+     }
+ 
+     # \s makes this not work, why?
diff -Naurp buildroot-2017.05-rc2/package/iperf/iperf.hash buildroot-2017.05.2/package/iperf/iperf.hash
--- buildroot-2017.05-rc2/package/iperf/iperf.hash      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/iperf/iperf.hash        2017-07-27 08:16:52.017486944 +0200
@@ -1,4 +1,4 @@
 # From https://sourceforge.net/projects/iperf2/files/
-sha1   9e215f6af8edd97f947f2b0207ff5487845d83d4        iperf-2.0.9.tar.gz
+sha1   59820895df9106ba189ccfdc5677077535ad50e7        iperf-2.0.9.tar.gz
 # Locally computed:
-sha256  a5350777b191e910334d3a107b5e5219b72ffa393da4186da1e0a4552aeeded6  iperf-2.0.9.tar.gz
+sha256  db02911f35686e808ed247160dfa766e08ae3f59d1e7dcedef0ffb2a6643f0bf  iperf-2.0.9.tar.gz
diff -Naurp buildroot-2017.05-rc2/package/iproute2/iproute2.mk buildroot-2017.05.2/package/iproute2/iproute2.mk
--- buildroot-2017.05-rc2/package/iproute2/iproute2.mk  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/iproute2/iproute2.mk    2017-07-27 08:16:52.017486944 +0200
@@ -9,7 +9,7 @@ IPROUTE2_SOURCE = iproute2-$(IPROUTE2_VE
 IPROUTE2_SITE = $(BR2_KERNEL_MIRROR)/linux/utils/net/iproute2
 IPROUTE2_DEPENDENCIES = host-bison host-flex host-pkgconf \
        $(if $(BR2_PACKAGE_LIBMNL),libmnl)
-IPROUTE2_LICENSE = GPL-2.0
+IPROUTE2_LICENSE = GPL-2.0+
 IPROUTE2_LICENSE_FILES = COPYING
 
 # If both iproute2 and busybox are selected, make certain we win
diff -Naurp buildroot-2017.05-rc2/package/ipsec-tools/0002-CVE-2015-4047.patch buildroot-2017.05.2/package/ipsec-tools/0002-CVE-2015-4047.patch
--- buildroot-2017.05-rc2/package/ipsec-tools/0002-CVE-2015-4047.patch  1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/ipsec-tools/0002-CVE-2015-4047.patch    2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,26 @@
+ipsec-tools: CVE-2015-4047: null pointer dereference crash in racoon
+
+See: https://bugs.gentoo.org/show_bug.cgi?id=550118
+
+Downloaded from
+https://gitweb.gentoo.org/repo/gentoo.git/tree/net-vpn/ipsec-tools/files/ipsec-tools-CVE-2015-4047.patch
+
+See also
+https://sources.debian.net/src/ipsec-tools/1:0.8.2%2B20140711-8/debian/patches/bug785778-null-pointer-deref.patch/
+
+Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
+
+--- ./src/racoon/gssapi.c    9 Sep 2006 16:22:09 -0000       1.4
++++ ./src/racoon/gssapi.c    19 May 2015 15:16:00 -0000      1.6
+@@ -192,6 +192,11 @@
+       gss_name_t princ, canon_princ;
+       OM_uint32 maj_stat, min_stat;
+ 
++      if (iph1->rmconf == NULL) {
++              plog(LLV_ERROR, LOCATION, NULL, "no remote config\n");
++              return -1;
++      }
++
+       gps = racoon_calloc(1, sizeof (struct gssapi_ph1_state));
+       if (gps == NULL) {
+               plog(LLV_ERROR, LOCATION, NULL, "racoon_calloc failed\n");
diff -Naurp buildroot-2017.05-rc2/package/irssi/0001-Get-back-to-using-pkg-config-to-check-for-OpenSSL.patch buildroot-2017.05.2/package/irssi/0001-Get-back-to-using-pkg-config-to-check-for-OpenSSL.patch
--- buildroot-2017.05-rc2/package/irssi/0001-Get-back-to-using-pkg-config-to-check-for-OpenSSL.patch    2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/irssi/0001-Get-back-to-using-pkg-config-to-check-for-OpenSSL.patch      1970-01-01 01:00:00.000000000 +0100
@@ -1,77 +0,0 @@
-From ed0c2c1b9504a99a6dcc3c0f5de3b3a1c0232758 Mon Sep 17 00:00:00 2001
-From: Rodrigo Rebello <rprebello@gmail.com>
-Date: Mon, 20 Mar 2017 13:17:42 -0300
-Subject: [PATCH] Get back to using pkg-config to check for OpenSSL
-
-Commit 6300dfec7 removed the option to disable SSL support from the
-configure script since it became a requirement, but it also removed the
-use of pkg-config for finding the OpenSSL library and its dependencies.
-
-This had the unfortunate consequence of breaking the correct detection
-of library flags in many static linking scenarios. In some cases, for
-example, OpenSSL might have been built with zlib, which requires `-lz`
-to be passed to the linker when doing a static link of the irssi
-executable. Thus, pkg-config becomes an invaluable tool in such
-situations, since no guessing work is needed as the OpenSSL .pc file
-provides all the necessary flags.
-
-So, this patch re-inserts the PKG_CHECK_MODULES macro in the configure
-script when looking for OpenSSL. The test using AC_CHECK_LIB remains,
-but only as a last resort in case the one using pkg-config fails.
-
-Also, because the macro AM_PATH_GLIB_2_0 contains an unconditional call
-to PKG_PROG_PKG_CONFIG, the OpenSSL checks are moved so that they come
-after the Glib ones in order to avoid doubly checking for the pkg-config
-binary (PKG_CHECK_MODULES skips that check if it has been performed
-before, but PKG_PROG_PKG_CONFIG does not).
-
-Upstream status: submitted
-https://github.com/irssi/irssi/pull/677
-
-Signed-off-by: Rodrigo Rebello <rprebello@gmail.com>
----
- configure.ac | 21 +++++++++++++++------
- 1 file changed, 15 insertions(+), 6 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 02b33497..9f191d3f 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -231,11 +231,6 @@ if test "x$want_socks" = "xyes"; then
- fi
- 
- dnl **
--dnl ** OpenSSL checks
--dnl **
--AC_CHECK_LIB([ssl], [SSL_library_init])
--
--dnl **
- dnl ** fe-text checks
- dnl **
- 
-@@ -276,7 +271,21 @@ if test -z "$GLIB_LIBS"; then
-   AC_ERROR([GLIB is required to build irssi.])
- fi
- 
--LIBS="$LIBS $GLIB_LIBS -lssl -lcrypto"
-+LIBS="$LIBS $GLIB_LIBS"
-+
-+dnl **
-+dnl ** OpenSSL checks
-+dnl **
-+PKG_CHECK_MODULES([OPENSSL], [openssl], [
-+      CFLAGS="$CFLAGS $OPENSSL_CFLAGS"
-+      LIBS="$LIBS $OPENSSL_LIBS"
-+], [
-+      AC_CHECK_LIB([ssl], [SSL_library_init], [
-+              LIBS="$LIBS -lssl -lcrypto"
-+      ], [
-+              AC_MSG_ERROR([The OpenSSL library was not found])
-+      ])
-+])
- 
- dnl **
- dnl ** curses checks
--- 
-2.11.0
-
diff -Naurp buildroot-2017.05-rc2/package/irssi/irssi.hash buildroot-2017.05.2/package/irssi/irssi.hash
--- buildroot-2017.05-rc2/package/irssi/irssi.hash      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/irssi/irssi.hash        2017-07-27 08:16:52.017486944 +0200
@@ -1,2 +1,2 @@
 # Locally calculated after checking pgp signature
-sha256 5c1c3cc2caf103aad073fadeb000e0f8cb3b416833a7f43ceb8bd9fcf275fbe9        irssi-1.0.2.tar.xz
+sha256 b85c07dbafe178213eccdc69f5f8f0ac024dea01c67244668f91ec1c06b986ca        irssi-1.0.4.tar.xz
diff -Naurp buildroot-2017.05-rc2/package/irssi/irssi.mk buildroot-2017.05.2/package/irssi/irssi.mk
--- buildroot-2017.05-rc2/package/irssi/irssi.mk        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/irssi/irssi.mk  2017-07-27 08:16:52.017486944 +0200
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-IRSSI_VERSION = 1.0.2
+IRSSI_VERSION = 1.0.4
 IRSSI_SOURCE = irssi-$(IRSSI_VERSION).tar.xz
 # Do not use the github helper here. The generated tarball is *NOT* the
 # same as the one uploaded by upstream for the release.
@@ -13,12 +13,8 @@ IRSSI_LICENSE = GPL-2.0+
 IRSSI_LICENSE_FILES = COPYING
 IRSSI_DEPENDENCIES = host-pkgconf libglib2 ncurses openssl
 
-# We're patching configure.ac, so we need to autoreconf
-IRSSI_AUTORECONF = YES
-
 IRSSI_CONF_OPTS = \
        --disable-glibtest \
-       --with-ncurses=$(STAGING_DIR)/usr \
        --without-perl
 
 ifeq ($(BR2_PACKAGE_IRSSI_PROXY),y)
diff -Naurp buildroot-2017.05-rc2/package/keepalived/Config.in buildroot-2017.05.2/package/keepalived/Config.in
--- buildroot-2017.05-rc2/package/keepalived/Config.in  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/keepalived/Config.in    2017-07-27 08:16:52.017486944 +0200
@@ -2,6 +2,7 @@ config BR2_PACKAGE_KEEPALIVED
        bool "keepalived"
        depends on BR2_USE_MMU
        depends on !BR2_STATIC_LIBS # uses libdl
+       depends on BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_4
        select BR2_PACKAGE_OPENSSL
        select BR2_PACKAGE_POPT
        help
@@ -15,6 +16,6 @@ config BR2_PACKAGE_KEEPALIVED
 
          http://www.keepalived.org/
 
-comment "keepalived needs a toolchain w/ dynamic library"
+comment "keepalived needs a toolchain w/ dynamic library, headers >= 3.4"
        depends on BR2_USE_MMU
-       depends on BR2_STATIC_LIBS
+       depends on BR2_STATIC_LIBS || !BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_4
diff -Naurp buildroot-2017.05-rc2/package/kmod/0002-shared-util.c-assert_cc-can-only-be-used-inside-func.patch buildroot-2017.05.2/package/kmod/0002-shared-util.c-assert_cc-can-only-be-used-inside-func.patch
--- buildroot-2017.05-rc2/package/kmod/0002-shared-util.c-assert_cc-can-only-be-used-inside-func.patch  1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/kmod/0002-shared-util.c-assert_cc-can-only-be-used-inside-func.patch    2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,56 @@
+From 7cd698eb31059012305d8bb7516577c8cd383e32 Mon Sep 17 00:00:00 2001
+From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+Date: Sat, 3 Jun 2017 16:52:37 +0200
+Subject: [PATCH] shared/util.c: assert_cc() can only be used inside functions
+
+shared/macro.h has two versions of assert_cc, one that uses gcc
+_Static_assert(), which requires recent enough gcc versions, and one
+that uses a fake array to trigger a build error. The latter can only
+work inside functions, so assert_cc() should only be used inside
+functions.
+
+Fixes the following build failure when building kmod with old gcc
+versions such as gcc 4.3.x:
+
+shared/util.c:52: error: expected identifier or '(' before 'do'
+shared/util.c:52: error: expected identifier or '(' before 'while'
+
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+---
+ shared/util.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/shared/util.c b/shared/util.c
+index 9de080a..fd2028d 100644
+--- a/shared/util.c
++++ b/shared/util.c
+@@ -49,8 +49,6 @@ static const struct kmod_ext {
+       { }
+ };
+ 
+-assert_cc(EAGAIN == EWOULDBLOCK);
+-
+ /* string handling functions and memory allocations                         */
+ /* ************************************************************************ */
+ 
+@@ -201,6 +199,8 @@ ssize_t read_str_safe(int fd, char *buf, size_t buflen)
+       size_t todo = buflen - 1;
+       size_t done = 0;
+ 
++      assert_cc(EAGAIN == EWOULDBLOCK);
++
+       do {
+               ssize_t r = read(fd, buf + done, todo);
+ 
+@@ -226,6 +226,8 @@ ssize_t write_str_safe(int fd, const char *buf, size_t buflen)
+       size_t todo = buflen;
+       size_t done = 0;
+ 
++      assert_cc(EAGAIN == EWOULDBLOCK);
++
+       do {
+               ssize_t r = write(fd, buf + done, todo);
+ 
+-- 
+2.7.4
+
diff -Naurp buildroot-2017.05-rc2/package/kodi/kodi.hash buildroot-2017.05.2/package/kodi/kodi.hash
--- buildroot-2017.05-rc2/package/kodi/kodi.hash        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/kodi/kodi.hash  2017-07-27 08:16:52.017486944 +0200
@@ -1,5 +1,5 @@
 # Locally computed
-sha256 303f3903cbb57ccc2961f09cf3746505542bcb129a464f0687d7ca8601cebbee  kodi-17.1-Krypton.tar.gz
+sha256 1de8653a3729cefd1baaf09ecde5ace01a1e3a58fbf29d48c1363f2503d331a1  kodi-17.3-Krypton.tar.gz
 # Locally computed - libdvdcss
 sha256 b6eb2d929ff56cb051152c32010afc5e7cf5fe8c5ae32dca412a2b46b6b57e34  2f12236.tar.gz
 # Locally computed - libdvdnav
diff -Naurp buildroot-2017.05-rc2/package/kodi/kodi.mk buildroot-2017.05.2/package/kodi/kodi.mk
--- buildroot-2017.05-rc2/package/kodi/kodi.mk  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/kodi/kodi.mk    2017-07-27 08:16:52.017486944 +0200
@@ -6,7 +6,7 @@
 
 # When updating the version, please also update kodi-jsonschemabuilder
 # and kodi-texturepacker
-KODI_VERSION = 17.1-Krypton
+KODI_VERSION = 17.3-Krypton
 KODI_SITE = $(call github,xbmc,xbmc,$(KODI_VERSION))
 KODI_LICENSE = GPL-2.0
 KODI_LICENSE_FILES = LICENSE.GPL
diff -Naurp buildroot-2017.05-rc2/package/kodi-jsonschemabuilder/kodi-jsonschemabuilder.hash buildroot-2017.05.2/package/kodi-jsonschemabuilder/kodi-jsonschemabuilder.hash
--- buildroot-2017.05-rc2/package/kodi-jsonschemabuilder/kodi-jsonschemabuilder.hash    2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/kodi-jsonschemabuilder/kodi-jsonschemabuilder.hash      2017-07-27 08:16:52.017486944 +0200
@@ -1,5 +1,5 @@
 # Locally computed
-sha256 303f3903cbb57ccc2961f09cf3746505542bcb129a464f0687d7ca8601cebbee  kodi-17.1-Krypton.tar.gz
+sha256 1de8653a3729cefd1baaf09ecde5ace01a1e3a58fbf29d48c1363f2503d331a1  kodi-17.3-Krypton.tar.gz
 # Locally computed - libdvdcss
 sha256 b6eb2d929ff56cb051152c32010afc5e7cf5fe8c5ae32dca412a2b46b6b57e34  2f12236.tar.gz
 # Locally computed - libdvdnav
diff -Naurp buildroot-2017.05-rc2/package/kodi-jsonschemabuilder/kodi-jsonschemabuilder.mk buildroot-2017.05.2/package/kodi-jsonschemabuilder/kodi-jsonschemabuilder.mk
--- buildroot-2017.05-rc2/package/kodi-jsonschemabuilder/kodi-jsonschemabuilder.mk      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/kodi-jsonschemabuilder/kodi-jsonschemabuilder.mk        2017-07-27 08:16:52.017486944 +0200
@@ -6,7 +6,7 @@
 
 # Not possible to directly refer to kodi variables, because of
 # first/second expansion trickery...
-KODI_JSONSCHEMABUILDER_VERSION = 17.1-Krypton
+KODI_JSONSCHEMABUILDER_VERSION = 17.3-Krypton
 KODI_JSONSCHEMABUILDER_SITE = $(call github,xbmc,xbmc,$(KODI_JSONSCHEMABUILDER_VERSION))
 KODI_JSONSCHEMABUILDER_SOURCE = kodi-$(KODI_JSONSCHEMABUILDER_VERSION).tar.gz
 KODI_JSONSCHEMABUILDER_LICENSE = GPL-2.0
diff -Naurp buildroot-2017.05-rc2/package/kodi-texturepacker/kodi-texturepacker.hash buildroot-2017.05.2/package/kodi-texturepacker/kodi-texturepacker.hash
--- buildroot-2017.05-rc2/package/kodi-texturepacker/kodi-texturepacker.hash    2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/kodi-texturepacker/kodi-texturepacker.hash      2017-07-27 08:16:52.017486944 +0200
@@ -1,5 +1,5 @@
 # Locally computed
-sha256 303f3903cbb57ccc2961f09cf3746505542bcb129a464f0687d7ca8601cebbee  kodi-17.1-Krypton.tar.gz
+sha256 1de8653a3729cefd1baaf09ecde5ace01a1e3a58fbf29d48c1363f2503d331a1  kodi-17.3-Krypton.tar.gz
 # Locally computed - libdvdcss
 sha256 b6eb2d929ff56cb051152c32010afc5e7cf5fe8c5ae32dca412a2b46b6b57e34  2f12236.tar.gz
 # Locally computed - libdvdnav
diff -Naurp buildroot-2017.05-rc2/package/kodi-texturepacker/kodi-texturepacker.mk buildroot-2017.05.2/package/kodi-texturepacker/kodi-texturepacker.mk
--- buildroot-2017.05-rc2/package/kodi-texturepacker/kodi-texturepacker.mk      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/kodi-texturepacker/kodi-texturepacker.mk        2017-07-27 08:16:52.017486944 +0200
@@ -6,7 +6,7 @@
 
 # Not possible to directly refer to kodi variables, because of
 # first/second expansion trickery...
-KODI_TEXTUREPACKER_VERSION = 17.1-Krypton
+KODI_TEXTUREPACKER_VERSION = 17.3-Krypton
 KODI_TEXTUREPACKER_SITE = $(call github,xbmc,xbmc,$(KODI_TEXTUREPACKER_VERSION))
 KODI_TEXTUREPACKER_SOURCE = kodi-$(KODI_TEXTUREPACKER_VERSION).tar.gz
 KODI_TEXTUREPACKER_LICENSE = GPL-2.0
diff -Naurp buildroot-2017.05-rc2/package/libcdio/Config.in buildroot-2017.05.2/package/libcdio/Config.in
--- buildroot-2017.05-rc2/package/libcdio/Config.in     2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/libcdio/Config.in       2017-07-27 08:16:52.017486944 +0200
@@ -1,8 +1,6 @@
 config BR2_PACKAGE_LIBCDIO
        bool "libcdio"
        depends on BR2_USE_MMU # fork()
-       # ARC toolchain issue
-       depends on !BR2_arc
        select BR2_PACKAGE_LIBICONV if !BR2_ENABLE_LOCALE
        help
          The GNU Compact Disc Input and Control library.
diff -Naurp buildroot-2017.05-rc2/package/libcurl/libcurl.mk buildroot-2017.05.2/package/libcurl/libcurl.mk
--- buildroot-2017.05-rc2/package/libcurl/libcurl.mk    2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/libcurl/libcurl.mk      2017-07-27 08:16:52.017486944 +0200
@@ -11,7 +11,7 @@ LIBCURL_DEPENDENCIES = host-pkgconf \
        $(if $(BR2_PACKAGE_ZLIB),zlib) \
        $(if $(BR2_PACKAGE_LIBIDN),libidn) \
        $(if $(BR2_PACKAGE_RTMPDUMP),rtmpdump)
-LIBCURL_LICENSE = ISC
+LIBCURL_LICENSE = curl
 LIBCURL_LICENSE_FILES = COPYING
 LIBCURL_INSTALL_STAGING = YES
 
diff -Naurp buildroot-2017.05-rc2/package/libepoxy/0002-Make-EGL-support-optional.patch buildroot-2017.05.2/package/libepoxy/0002-Make-EGL-support-optional.patch
--- buildroot-2017.05-rc2/package/libepoxy/0002-Make-EGL-support-optional.patch 1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/libepoxy/0002-Make-EGL-support-optional.patch   2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,200 @@
+From 0511fc56e7017209ad18d16551ccaad05de9486c Mon Sep 17 00:00:00 2001
+From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+Date: Mon, 8 May 2017 23:12:49 +0200
+Subject: [PATCH] Make EGL support optional
+
+It is perfectly possible to build Mesa3D with just OpenGL support, and
+use with GLX in X.org, without having EGL/OpenGLES support.
+
+However, libepoxy currently unconditionally requires EGL support in its
+configure.ac, which causes a build failure when Mesa3D only provides
+full OpenGL support:
+
+checking for EGL... no
+configure: error: Package requirements (egl) were not met:
+
+Package egl was not found in the pkg-config search path.
+Perhaps you should add the directory containing `egl.pc'
+to the PKG_CONFIG_PATH environment variable
+Package 'egl', required by 'world', not found
+
+This commit fixes that by:
+
+ - Adjusting the configure.ac to add a --{enable,disable}-egl option
+   handled in the exact same way as --{enable,disable}-glx
+
+ - Adjusting the meson build logic in the same way.
+
+ - Adjusting src/dispatch_common.h to define PLATFORM_HAS_EGL correctly,
+   which allows to not include any EGL related header file if EGL
+   support is not enabled.
+
+Submitted-upstream: https://github.com/anholt/libepoxy/pull/123
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+---
+ configure.ac          | 33 ++++++++++++++++++++++++++++-----
+ meson.build           | 21 ++++++++++++++++++---
+ meson_options.txt     |  5 +++++
+ src/dispatch_common.h |  8 ++++----
+ 4 files changed, 55 insertions(+), 12 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 31b0985..2dbecd9 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -88,11 +88,35 @@ AS_CASE([$enable_glx],
+   [AC_MSG_ERROR([Invalid value "$enable_glx" for option "--enable-glx"])]
+ ])
+ 
+-# The remaining platform specific API for GL/GLES are enabled
+-# depending on the platform we're building for
++AC_ARG_ENABLE([egl],
++              [AC_HELP_STRING([--enable-egl=@<:@auto,yes,no@:>@], [Enable EGL support @<:@default=auto@:>@])],
++              [enable_egl=$enableval],
++              [enable_egl=auto])
++
++AS_CASE([$enable_egl],
++  [auto], [
++    AS_CASE([$host_os],
++            [mingw*], [build_egl=no],
++            [darwin*], [build_egl=no],
++            [android*], [build_egl=no],
++            [build_egl=yes])
++  ],
++
++  [yes], [
++    build_egl=yes
++  ],
++
++  [no], [
++    build_egl=no
++  ],
++
++  [AC_MSG_ERROR([Invalid value "$enable_egl" for option "--enable-egl"])]
++])
++
++# The remaining platform specific API are enabled depending on the
++# platform we're building for
+ AS_CASE([$host_os],
+   [mingw*], [
+-    build_egl=no
+     build_wgl=yes
+     has_znow=yes
+     # On windows, the DLL has to have all of its functions
+@@ -108,7 +132,6 @@ AS_CASE([$host_os],
+   ],
+ 
+   [darwin*], [
+-    build_egl=no
+     build_wgl=no
+     build_apple=yes
+     has_znow=no
+@@ -116,7 +139,6 @@ AS_CASE([$host_os],
+   ],
+ 
+   [
+-    build_egl=yes
+     build_wgl=no
+     has_znow=yes
+     # On platforms with dlopen, we load everything dynamically and
+@@ -131,6 +153,7 @@ AM_CONDITIONAL(BUILD_EGL, test x$build_egl = xyes)
+ if test x$build_egl = xyes; then
+     PKG_CHECK_MODULES(EGL, [egl])
+     AC_DEFINE([BUILD_EGL], [1], [build EGL tests])
++    AC_DEFINE(ENABLE_EGL, [1], [Whether EGL support is enabled])
+ fi
+ 
+ AM_CONDITIONAL(BUILD_GLX, test x$build_glx = xyes)
+diff --git a/meson.build b/meson.build
+index 5435f45..226152e 100644
+--- a/meson.build
++++ b/meson.build
+@@ -51,26 +51,41 @@ elif enable_glx == 'no'
+   build_glx = false
+ endif
+ 
++enable_egl = get_option('enable-egl')
++if enable_egl == 'auto'
++  if host_system == 'windows'
++    build_egl = false
++  elif host_system == 'darwin'
++    build_egl = false
++  elif host_system == 'android'
++    build_egl = false
++  else
++    build_egl = true
++  endif
++elif enable_egl == 'yes'
++  build_egl = true
++elif enable_egl == 'no'
++  build_egl = false
++endif
++
+ # The remaining platform specific API for GL/GLES are enabled
+ # depending on the platform we're building for
+ if host_system == 'windows'
+-  build_egl = false
+   build_apple = false
+   build_wgl = true
+   has_znow = true
+ elif host_system == 'darwin'
+-  build_egl = false
+   build_apple = true
+   build_wgl = false
+   has_znow = false
+ else
+-  build_egl = true
+   build_apple = false
+   build_wgl = false
+   has_znow = true
+ endif
+ 
+ conf.set10('ENABLE_GLX', build_glx)
++conf.set10('ENABLE_EGL', build_egl)
+ 
+ # Compiler flags, taken from the Xorg macros
+ if cc.get_id() == 'msvc'
+diff --git a/meson_options.txt b/meson_options.txt
+index 18932f5..244476a 100644
+--- a/meson_options.txt
++++ b/meson_options.txt
+@@ -6,3 +6,8 @@ option('enable-glx',
+        choices: [ 'auto', 'yes', 'no' ],
+        value: 'auto',
+        description: 'Enable GLX support')
++option('enable-egl',
++       type: 'combo',
++       choices: [ 'auto', 'yes', 'no' ],
++       value: 'auto',
++       description: 'Enable EGL support')
+diff --git a/src/dispatch_common.h b/src/dispatch_common.h
+index e3277f7..e16771f 100644
+--- a/src/dispatch_common.h
++++ b/src/dispatch_common.h
+@@ -24,19 +24,19 @@
+ #include "config.h"
+ 
+ #ifdef _WIN32
+-#define PLATFORM_HAS_EGL 0
++#define PLATFORM_HAS_EGL ENABLE_EGL
+ #define PLATFORM_HAS_GLX ENABLE_GLX
+ #define PLATFORM_HAS_WGL 1
+ #elif defined(__APPLE__)
+-#define PLATFORM_HAS_EGL 0
++#define PLATFORM_HAS_EGL ENABLE_EGL
+ #define PLATFORM_HAS_GLX ENABLE_GLX
+ #define PLATFORM_HAS_WGL 0
+ #elif defined(ANDROID)
+-#define PLATFORM_HAS_EGL 1
++#define PLATFORM_HAS_EGL ENABLE_EGL
+ #define PLATFORM_HAS_GLX 0
+ #define PLATFORM_HAS_WGL 0
+ #else
+-#define PLATFORM_HAS_EGL 1
++#define PLATFORM_HAS_EGL ENABLE_EGL
+ #define PLATFORM_HAS_GLX ENABLE_GLX
+ #define PLATFORM_HAS_WGL 0
+ #endif
+-- 
+2.7.4
+
diff -Naurp buildroot-2017.05-rc2/package/libepoxy/libepoxy.mk buildroot-2017.05.2/package/libepoxy/libepoxy.mk
--- buildroot-2017.05-rc2/package/libepoxy/libepoxy.mk  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/libepoxy/libepoxy.mk    2017-07-27 08:16:52.017486944 +0200
@@ -12,6 +12,8 @@ LIBEPOXY_INSTALL_STAGING = YES
 LIBEPOXY_DEPENDENCIES = host-pkgconf xutil_util-macros
 LIBEPOXY_LICENSE = MIT
 LIBEPOXY_LICENSE_FILES = COPYING
+# 0002-Make-EGL-support-optional.patch
+LIBEPOXY_AUTORECONF = YES
 
 ifeq ($(BR2_PACKAGE_HAS_LIBEGL),y)
 LIBEPOXY_CONF_OPTS += --enable-egl
diff -Naurp buildroot-2017.05-rc2/package/libev/libev.mk buildroot-2017.05.2/package/libev/libev.mk
--- buildroot-2017.05-rc2/package/libev/libev.mk        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/libev/libev.mk  2017-07-27 08:16:52.017486944 +0200
@@ -5,7 +5,7 @@
 ################################################################################
 
 LIBEV_VERSION = 4.22
-LIBEV_SITE = http://dist.schmorp.de/libev
+LIBEV_SITE = http://dist.schmorp.de/libev/Attic
 LIBEV_INSTALL_STAGING = YES
 LIBEV_LICENSE = BSD-2-Clause or GPL-2.0+
 LIBEV_LICENSE_FILES = LICENSE
diff -Naurp buildroot-2017.05-rc2/package/libgcrypt/libgcrypt.hash buildroot-2017.05.2/package/libgcrypt/libgcrypt.hash
--- buildroot-2017.05-rc2/package/libgcrypt/libgcrypt.hash      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/libgcrypt/libgcrypt.hash        2017-07-27 08:16:52.017486944 +0200
@@ -1,2 +1,5 @@
-# Locally calculated
-sha256  626aafee84af9d2ce253d2c143dc1c0902dda045780cc241f39970fc60be05bc  libgcrypt-1.7.6.tar.bz2
+# From https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html
+sha1  65a4a495aa858483e66868199eaa8238572ca6cd  libgcrypt-1.7.8.tar.bz2
+# Locally calculated after checking signature
+# https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.7.8.tar.bz2.sig
+sha256  948276ea47e6ba0244f36a17b51dcdd52cfd1e664b0a1ac3bc82134fb6cec199  libgcrypt-1.7.8.tar.bz2
diff -Naurp buildroot-2017.05-rc2/package/libgcrypt/libgcrypt.mk buildroot-2017.05.2/package/libgcrypt/libgcrypt.mk
--- buildroot-2017.05-rc2/package/libgcrypt/libgcrypt.mk        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/libgcrypt/libgcrypt.mk  2017-07-27 08:16:52.017486944 +0200
@@ -4,11 +4,11 @@
 #
 ################################################################################
 
-LIBGCRYPT_VERSION = 1.7.6
+LIBGCRYPT_VERSION = 1.7.8
 LIBGCRYPT_SOURCE = libgcrypt-$(LIBGCRYPT_VERSION).tar.bz2
 LIBGCRYPT_LICENSE = LGPL-2.1+
 LIBGCRYPT_LICENSE_FILES = COPYING.LIB
-LIBGCRYPT_SITE = ftp://ftp.gnupg.org/gcrypt/libgcrypt
+LIBGCRYPT_SITE = https://gnupg.org/ftp/gcrypt/libgcrypt
 LIBGCRYPT_INSTALL_STAGING = YES
 LIBGCRYPT_DEPENDENCIES = libgpg-error
 LIBGCRYPT_CONFIG_SCRIPTS = libgcrypt-config
diff -Naurp buildroot-2017.05-rc2/package/libglib2/libglib2.mk buildroot-2017.05.2/package/libglib2/libglib2.mk
--- buildroot-2017.05-rc2/package/libglib2/libglib2.mk  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/libglib2/libglib2.mk    2017-07-27 08:16:52.017486944 +0200
@@ -113,7 +113,8 @@ HOST_LIBGLIB2_DEPENDENCIES = \
        host-zlib
 
 LIBGLIB2_CONF_OPTS = \
-       --with-pcre=system
+       --with-pcre=system \
+       --disable-compile-warnings
 
 ifneq ($(BR2_ENABLE_LOCALE),y)
 LIBGLIB2_DEPENDENCIES += libiconv
diff -Naurp buildroot-2017.05-rc2/package/libmad/libmad.hash buildroot-2017.05.2/package/libmad/libmad.hash
--- buildroot-2017.05-rc2/package/libmad/libmad.hash    2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/libmad/libmad.hash      2017-07-27 08:16:52.017486944 +0200
@@ -1,2 +1,3 @@
 # Locally computed:
 sha256  bbfac3ed6bfbc2823d3775ebb931087371e142bb0e9bb1bee51a76a6e0078690  libmad-0.15.1b.tar.gz
+sha256  0e21f2c6b19337d0b237dacc04f7b90a56be7f359f4c9a2ee0b202d9af0cfa69  frame_length.diff
diff -Naurp buildroot-2017.05-rc2/package/libmad/libmad.mk buildroot-2017.05.2/package/libmad/libmad.mk
--- buildroot-2017.05-rc2/package/libmad/libmad.mk      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/libmad/libmad.mk        2017-07-27 08:16:52.017486944 +0200
@@ -10,6 +10,8 @@ LIBMAD_INSTALL_STAGING = YES
 LIBMAD_LIBTOOL_PATCH = NO
 LIBMAD_LICENSE = GPL-2.0+
 LIBMAD_LICENSE_FILES = COPYING
+LIBMAD_PATCH = \
+       https://sources.debian.net/data/main/libm/libmad/0.15.1b-8/debian/patches/frame_length.diff
 
 define LIBMAD_PREVENT_AUTOMAKE
        # Prevent automake from running.
diff -Naurp buildroot-2017.05-rc2/package/libmemcached/0005-fix-pointer-comparaison.patch buildroot-2017.05.2/package/libmemcached/0005-fix-pointer-comparaison.patch
--- buildroot-2017.05-rc2/package/libmemcached/0005-fix-pointer-comparaison.patch       1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/libmemcached/0005-fix-pointer-comparaison.patch 2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,30 @@
+Fix pointer comparaison
+
+opt_servers is a pointer, not a boolean, so testing against false to
+know if the pointer is NULL no longer works with the more strict gcc
+7.x checks.
+
+[Taken from http://pkgs.fedoraproject.org/cgit/rpms/libmemcached.git/plain/libmemcached-build.patch.]
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+
+diff -up ./clients/memflush.cc.old ./clients/memflush.cc
+--- ./clients/memflush.cc.old  2017-02-12 10:12:59.615209225 +0100
++++ ./clients/memflush.cc      2017-02-12 10:13:39.998382783 +0100
+@@ -39,7 +39,7 @@ int main(int argc, char *argv[])
+ {
+   options_parse(argc, argv);
+ 
+-  if (opt_servers == false)
++  if (!opt_servers)
+   {
+     char *temp;
+ 
+@@ -48,7 +48,7 @@ int main(int argc, char *argv[])
+       opt_servers= strdup(temp);
+     }
+ 
+-    if (opt_servers == false)
++    if (!opt_servers)
+     {
+       std::cerr << "No Servers provided" << std::endl;
+       exit(EXIT_FAILURE);
diff -Naurp buildroot-2017.05-rc2/package/libmicrohttpd/Config.in buildroot-2017.05.2/package/libmicrohttpd/Config.in
--- buildroot-2017.05-rc2/package/libmicrohttpd/Config.in       2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/libmicrohttpd/Config.in 2017-07-27 08:16:52.017486944 +0200
@@ -12,14 +12,15 @@ if BR2_PACKAGE_LIBMICROHTTPD
 config BR2_PACKAGE_LIBMICROHTTPD_SSL
        bool "https support"
        depends on BR2_PACKAGE_LIBGPG_ERROR_ARCH_SUPPORTS # libgcrypt
+       depends on !BR2_STATIC_LIBS # gnutls
        depends on BR2_USE_WCHAR
        select BR2_PACKAGE_GNUTLS
        select BR2_PACKAGE_LIBGCRYPT
        help
          Enable HTTPS (SSL) support.
 
-comment "libmicrohttpd https support needs a toolchain w/ wchar"
-       depends on !BR2_USE_WCHAR
+comment "libmicrohttpd https support needs a toolchain w/ wchar, dynamic library"
+       depends on !BR2_USE_WCHAR || BR2_STATIC_LIBS
 
 endif
 
diff -Naurp buildroot-2017.05-rc2/package/libmicrohttpd/libmicrohttpd.hash buildroot-2017.05.2/package/libmicrohttpd/libmicrohttpd.hash
--- buildroot-2017.05-rc2/package/libmicrohttpd/libmicrohttpd.hash      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/libmicrohttpd/libmicrohttpd.hash        2017-07-27 08:16:52.017486944 +0200
@@ -1,2 +1,2 @@
 # Locally calculated
-sha256 54797f6e763d417627f89f60e4ae0a431dab0523f92f83def23ea02d0defafea        libmicrohttpd-0.9.52.tar.gz
+sha256 0c1cab8dc9f2588bd3076a28f77a7f8de9560cbf2d80e53f9a8696ada80ed0f8  libmicrohttpd-0.9.55.tar.gz
diff -Naurp buildroot-2017.05-rc2/package/libmicrohttpd/libmicrohttpd.mk buildroot-2017.05.2/package/libmicrohttpd/libmicrohttpd.mk
--- buildroot-2017.05-rc2/package/libmicrohttpd/libmicrohttpd.mk        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/libmicrohttpd/libmicrohttpd.mk  2017-07-27 08:16:52.017486944 +0200
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBMICROHTTPD_VERSION = 0.9.52
+LIBMICROHTTPD_VERSION = 0.9.55
 LIBMICROHTTPD_SITE = $(BR2_GNU_MIRROR)/libmicrohttpd
 LIBMICROHTTPD_LICENSE_FILES = COPYING
 LIBMICROHTTPD_INSTALL_STAGING = YES
diff -Naurp buildroot-2017.05-rc2/package/libminiupnpc/0001-miniupnpc-Fix-CVE-2017-8798.patch buildroot-2017.05.2/package/libminiupnpc/0001-miniupnpc-Fix-CVE-2017-8798.patch
--- buildroot-2017.05-rc2/package/libminiupnpc/0001-miniupnpc-Fix-CVE-2017-8798.patch   1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/libminiupnpc/0001-miniupnpc-Fix-CVE-2017-8798.patch     2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,59 @@
+From f0f1f4b22d6a98536377a1bb07e7c20e4703d229 Mon Sep 17 00:00:00 2001
+From: Thomas Bernard <miniupnp@free.fr>
+Date: Tue, 9 May 2017 12:00:47 +0200
+Subject: [PATCH] miniupnpc: Fix CVE-2017-8798
+
+Thanks to tin/Team OSTStrom
+
+[Peter: drop Changelog.txt modification, convert to -p1 format]
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ miniupnpc/miniwget.c    | 12 +++++++-----
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+
+diff --git a/miniwget.c b/miniwget.c
+index 37cb47b7..1eda57c5 100644
+--- a/miniwget.c
++++ b/miniwget.c
+@@ -284,11 +284,12 @@ getHTTPResponse(int s, int * size, int * status_code)
+                                                       goto end_of_stream;
+                                               }
+                                       }
+-                                      bytestocopy = ((int)chunksize < (n - i))?chunksize:(unsigned int)(n - i);
++                                      /* it is guaranteed that (n >= i) */
++                                      bytestocopy = (chunksize < (unsigned int)(n - i))?chunksize:(unsigned int)(n - i);
+                                       if((content_buf_used + bytestocopy) > content_buf_len)
+                                       {
+                                               char * tmp;
+-                                              if(content_length >= (int)(content_buf_used + bytestocopy)) {
++                                              if((content_length >= 0) && ((unsigned int)content_length >= (content_buf_used + bytestocopy))) {
+                                                       content_buf_len = content_length;
+                                               } else {
+                                                       content_buf_len = content_buf_used + bytestocopy;
+@@ -313,14 +314,15 @@ getHTTPResponse(int s, int * size, int * status_code)
+                       {
+                               /* not chunked */
+                               if(content_length > 0
+-                                 && (int)(content_buf_used + n) > content_length) {
++                                 && (content_buf_used + n) > (unsigned int)content_length) {
+                                       /* skipping additional bytes */
+                                       n = content_length - content_buf_used;
+                               }
+                               if(content_buf_used + n > content_buf_len)
+                               {
+                                       char * tmp;
+-                                      if(content_length >= (int)(content_buf_used + n)) {
++                                      if(content_length >= 0
++                                         && (unsigned int)content_length >= (content_buf_used + n)) {
+                                               content_buf_len = content_length;
+                                       } else {
+                                               content_buf_len = content_buf_used + n;
+@@ -340,7 +342,7 @@ getHTTPResponse(int s, int * size, int * status_code)
+                       }
+               }
+               /* use the Content-Length header value if available */
+-              if(content_length > 0 && (int)content_buf_used >= content_length)
++              if(content_length > 0 && content_buf_used >= (unsigned int)content_length)
+               {
+ #ifdef DEBUG
+                       printf("End of HTTP content\n");
diff -Naurp buildroot-2017.05-rc2/package/libosip2/0001-fix-bug-report-sr-109133-Heap-buffer-overflow-in-uti.patch buildroot-2017.05.2/package/libosip2/0001-fix-bug-report-sr-109133-Heap-buffer-overflow-in-uti.patch
--- buildroot-2017.05-rc2/package/libosip2/0001-fix-bug-report-sr-109133-Heap-buffer-overflow-in-uti.patch      1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/libosip2/0001-fix-bug-report-sr-109133-Heap-buffer-overflow-in-uti.patch        2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,30 @@
+From 7e0793e15e21f68337e130c67b031ca38edf055f Mon Sep 17 00:00:00 2001
+From: Aymeric Moizard <amoizard@gmail.com>
+Date: Mon, 5 Sep 2016 15:01:53 +0200
+Subject: [PATCH]  * fix bug report: sr #109133: Heap buffer overflow in
+ utility function *osip_clrncpy*    https://savannah.gnu.org/support/?109133
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ src/osipparser2/osip_port.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/osipparser2/osip_port.c b/src/osipparser2/osip_port.c
+index 0e64147..d8941b0 100644
+--- a/src/osipparser2/osip_port.c
++++ b/src/osipparser2/osip_port.c
+@@ -1291,8 +1291,10 @@ osip_clrncpy (char *dst, const char *src, size_t len)
+       char *p;
+       size_t spaceless_length;
+ 
+-      if (src == NULL)
++      if (src == NULL || len == 0) {
++              *dst = '\0';
+               return NULL;
++      }
+ 
+       /* find the start of relevant text */
+       pbeg = src;
+-- 
+2.11.0
+
diff -Naurp buildroot-2017.05-rc2/package/libqmi/0001-musl-compat-canonicalize_file_name.patch buildroot-2017.05.2/package/libqmi/0001-musl-compat-canonicalize_file_name.patch
--- buildroot-2017.05-rc2/package/libqmi/0001-musl-compat-canonicalize_file_name.patch  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/libqmi/0001-musl-compat-canonicalize_file_name.patch    2017-07-27 08:16:52.017486944 +0200
@@ -1,22 +1,24 @@
-From 85863c9e051fe59add4e47dbfcb37072234f0110 Mon Sep 17 00:00:00 2001
+From 8f6181b6f8dd82aa1ab1288cc7f2fd05d4a2519f Mon Sep 17 00:00:00 2001
 From: Matt Weber <matthew.weber@rockwellcollins.com>
 Date: Mon, 1 May 2017 19:55:07 -0500
 Subject: [PATCH] musl compat canonicalize_file_name()
 
-Adds an inline equivalent of canonicalize_file_name
+Adds an equivalent of canonicalize_file_name
 using realpath().
 
 Bug report (origin of this patch):
 https://bugs.freedesktop.org/show_bug.cgi?id=99944
 
+Bug report has been updated with suggestion to not use inline.
+
 Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
 ---
  configure.ac                |  2 ++
- src/libqmi-glib/qmi-utils.h | 18 ++++++++++++++++++
- 2 files changed, 20 insertions(+)
+ src/libqmi-glib/qmi-utils.c | 15 +++++++++++++++
+ 2 files changed, 17 insertions(+)
 
 diff --git a/configure.ac b/configure.ac
-index 162d5ae..9cb82fd 100644
+index c56fa3e..d835db4 100644
 --- a/configure.ac
 +++ b/configure.ac
 @@ -80,6 +80,8 @@ AC_SUBST(GLIB_LIBS)
@@ -28,19 +30,16 @@ index 162d5ae..9cb82fd 100644
  dnl qmi-firmware-update is optional, enabled by default
  AC_ARG_ENABLE([firmware-update],
                AS_HELP_STRING([--enable-firmware-update],
-diff --git a/src/libqmi-glib/qmi-utils.h b/src/libqmi-glib/qmi-utils.h
-index 4fd5199..4869da5 100644
---- a/src/libqmi-glib/qmi-utils.h
-+++ b/src/libqmi-glib/qmi-utils.h
-@@ -29,6 +29,24 @@
- #error "Only <libqmi-glib.h> can be included directly."
- #endif
+diff --git a/src/libqmi-glib/qmi-utils.c b/src/libqmi-glib/qmi-utils.c
+index 29e5f22..26aff9e 100644
+--- a/src/libqmi-glib/qmi-utils.c
++++ b/src/libqmi-glib/qmi-utils.c
+@@ -34,6 +34,21 @@
+ #include "qmi-utils.h"
+ #include "qmi-error-types.h"
  
 +#ifndef HAVE_CANONICALIZE_FILE_NAME
 +#include <limits.h>
-+#include <string.h>
-+#include <stdlib.h>
-+#include <stdio.h>
 +static char * canonicalize_file_name(const char *path)
 +{
 +       char buf[PATH_MAX] = { };
@@ -54,9 +53,9 @@ index 4fd5199..4869da5 100644
 +}
 +#endif
 +
- #include <glib.h>
- 
- G_BEGIN_DECLS
+ /**
+  * SECTION:qmi-utils
+  * @title: Common utilities
 -- 
-2.7.4
+1.9.1
 
diff -Naurp buildroot-2017.05-rc2/package/libsoup/Config.in buildroot-2017.05.2/package/libsoup/Config.in
--- buildroot-2017.05-rc2/package/libsoup/Config.in     2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/libsoup/Config.in       2017-07-27 08:16:52.017486944 +0200
@@ -22,11 +22,15 @@ config BR2_PACKAGE_LIBSOUP_GNOME
 
 config BR2_PACKAGE_LIBSOUP_SSL
        bool "https support"
+       depends on !BR2_STATIC_LIBS # gnutls
        select BR2_PACKAGE_GLIB_NETWORKING
        select BR2_PACKAGE_GNUTLS
        help
          Enable HTTPS (SSL) support.
 
+comment "libsoup https support needs a toolchain w/ dynamic library"
+       depends on BR2_STATIC_LIBS
+
 endif
 
 comment "libsoup needs a toolchain w/ wchar, threads"
diff -Naurp buildroot-2017.05-rc2/package/libtasn1/0001-configure-don-t-add-Werror-to-build-flags.patch buildroot-2017.05.2/package/libtasn1/0001-configure-don-t-add-Werror-to-build-flags.patch
--- buildroot-2017.05-rc2/package/libtasn1/0001-configure-don-t-add-Werror-to-build-flags.patch 2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/libtasn1/0001-configure-don-t-add-Werror-to-build-flags.patch   1970-01-01 01:00:00.000000000 +0100
@@ -1,28 +0,0 @@
-From dd091c8af163213e12aa92f61bc4916e0f102633 Mon Sep 17 00:00:00 2001
-From: Nikos Mavrogiannopoulos <nmav@redhat.com>
-Date: Tue, 26 Jul 2016 08:45:33 +0200
-Subject: [PATCH] configure: don't add -Werror to build flags
-
-Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
----
-Patch status: upstream
-
- configure.ac | 2 --
- 1 file changed, 2 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 7a14e04..066f5fe 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -70,8 +70,6 @@ AC_ARG_ENABLE([gcc-warnings],
- )
- 
- if test "$gl_gcc_warnings" = yes; then
--  gl_WARN_ADD([-Werror], [WERROR_CFLAGS])
--
-   nw="$nw -Wsystem-headers"         # Don't let system headers trigger warnings
-   nw="$nw -Wc++-compat"             # We don't care strongly about C++ compilers
-   nw="$nw -Wtraditional"            # Warns on #elif which we use often
--- 
-2.7.3
-
diff -Naurp buildroot-2017.05-rc2/package/libtasn1/libtasn1.hash buildroot-2017.05.2/package/libtasn1/libtasn1.hash
--- buildroot-2017.05-rc2/package/libtasn1/libtasn1.hash        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/libtasn1/libtasn1.hash  2017-07-27 08:16:52.017486944 +0200
@@ -1,2 +1,2 @@
 # Locally calculated after checking pgp signature
-sha256 4f6f7a8fd691ac2b8307c8ca365bad711db607d4ad5966f6938a9d2ecd65c920        libtasn1-4.9.tar.gz
+sha256 6753da2e621257f33f5b051cc114d417e5206a0818fe0b1ecfd6153f70934753        libtasn1-4.12.tar.gz
diff -Naurp buildroot-2017.05-rc2/package/libtasn1/libtasn1.mk buildroot-2017.05.2/package/libtasn1/libtasn1.mk
--- buildroot-2017.05-rc2/package/libtasn1/libtasn1.mk  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/libtasn1/libtasn1.mk    2017-07-27 08:16:52.017486944 +0200
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBTASN1_VERSION = 4.9
+LIBTASN1_VERSION = 4.12
 LIBTASN1_SITE = $(BR2_GNU_MIRROR)/libtasn1
 LIBTASN1_DEPENDENCIES = host-bison
 LIBTASN1_LICENSE = GPL-3.0+ (tests, tools), LGPL-2.1+ (library)
@@ -12,7 +12,5 @@ LIBTASN1_LICENSE_FILES = COPYING COPYING
 LIBTASN1_INSTALL_STAGING = YES
 # 'missing' fallback logic botched so disable it completely
 LIBTASN1_CONF_ENV = MAKEINFO="true"
-# For 0001-configure-don-t-add-Werror-to-build-flags.patch
-LIBTASN1_AUTORECONF = YES
 
 $(eval $(autotools-package))
diff -Naurp buildroot-2017.05-rc2/package/libtirpc/0001-Disable-parts-of-TIRPC-requiring-NIS-support.patch buildroot-2017.05.2/package/libtirpc/0001-Disable-parts-of-TIRPC-requiring-NIS-support.patch
--- buildroot-2017.05-rc2/package/libtirpc/0001-Disable-parts-of-TIRPC-requiring-NIS-support.patch      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/libtirpc/0001-Disable-parts-of-TIRPC-requiring-NIS-support.patch        2017-07-27 08:16:52.017486944 +0200
@@ -13,6 +13,8 @@ Signed-off-by: "Yann E. MORIN" <yann.mor
 Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
 [peda@axentia.se: update for 1.0.1]
 Signed-off-by: Peter Rosin <peda@axentia.se>
+[bernd.kuhls@t-online.de: update for 1.0.2]
+Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
 ---
  src/Makefile.am | 6 +++---
  1 file changed, 3 insertions(+), 3 deletions(-)
@@ -25,8 +27,8 @@ index 6cc567a..9834f9a 100644
          rpcb_st_xdr.c svc.c svc_auth.c svc_dg.c svc_auth_unix.c svc_auth_none.c \
        svc_auth_des.c \
          svc_generic.c svc_raw.c svc_run.c svc_simple.c svc_vc.c getpeereid.c \
--        auth_time.c auth_des.c authdes_prot.c debug.c
-+        auth_des.c authdes_prot.c debug.c
+-        auth_time.c auth_des.c authdes_prot.c debug.c des_crypt.c des_impl.c
++        auth_des.c authdes_prot.c debug.c des_crypt.c des_impl.c
  
  ## XDR
  libtirpc_la_SOURCES += xdr.c xdr_rec.c xdr_array.c xdr_float.c xdr_mem.c xdr_reference.c xdr_stdio.c xdr_sizeof.c
diff -Naurp buildroot-2017.05-rc2/package/libtirpc/0002-uClibc-without-RPC-support-and-musl-does-not-install-rpcent.h.patch buildroot-2017.05.2/package/libtirpc/0002-uClibc-without-RPC-support-and-musl-does-not-install-rpcent.h.patch
--- buildroot-2017.05-rc2/package/libtirpc/0002-uClibc-without-RPC-support-and-musl-does-not-install-rpcent.h.patch     2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/libtirpc/0002-uClibc-without-RPC-support-and-musl-does-not-install-rpcent.h.patch       2017-07-27 08:16:52.017486944 +0200
@@ -8,6 +8,8 @@ Signed-off-by: Thomas Petazzoni <thomas.
 Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
 [joerg.krause@embedded.rocks: musl fix]
 Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
+[bernd.kuhls@t-online.de: update for 1.0.2]
+Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
 ---
  tirpc/rpc/rpcent.h | 5 +++--
  1 file changed, 3 insertions(+), 2 deletions(-)
@@ -21,7 +23,7 @@ index 147f909..4a58180 100644
  #endif
  
 -/* These are defined in /usr/include/rpc/netdb.h */
--#if !defined(__GLIBC__)
+-#if !defined(__GLIBC__) || defined(__UCLIBC__)
 +/* These are defined in /usr/include/rpc/netdb.h, unless we are using
 +   the C library without RPC support. */
 +#if defined(__UCLIBC__) && !defined(__UCLIBC_HAS_RPC__) || !defined(__GLIBC__)
diff -Naurp buildroot-2017.05-rc2/package/libtirpc/0006-Disable-DES-authentification-support.patch buildroot-2017.05.2/package/libtirpc/0006-Disable-DES-authentification-support.patch
--- buildroot-2017.05-rc2/package/libtirpc/0006-Disable-DES-authentification-support.patch      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/libtirpc/0006-Disable-DES-authentification-support.patch        2017-07-27 08:16:52.017486944 +0200
@@ -11,6 +11,8 @@ uClibc and musl does not provide DES aut
 Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
 [peda@axentia.se: update for 1.0.1]
 Signed-off-by: Peter Rosin <peda@axentia.se>
+[bernd.kuhls@t-online.de: update for 1.0.2]
+Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
 ---
  src/Makefile.am |  2 +-
  src/rpc_soc.c   | 32 --------------------------------
@@ -26,7 +28,7 @@ index 960a522..3a88e31 100644
          rpcb_st_xdr.c svc.c svc_auth.c svc_dg.c svc_auth_unix.c svc_auth_none.c \
 -      svc_auth_des.c \
          svc_generic.c svc_raw.c svc_run.c svc_simple.c svc_vc.c getpeereid.c \
--        auth_des.c authdes_prot.c debug.c
+-        auth_des.c authdes_prot.c debug.c des_crypt.c des_impl.c
 +        debug.c
  
  ## XDR
@@ -48,14 +50,6 @@ diff --git a/src/rpc_soc.c b/src/rpc_soc
 index e146ed4..161a1ec 100644
 --- a/src/rpc_soc.c
 +++ b/src/rpc_soc.c
-@@ -61,7 +61,6 @@ #ifdef PORTMAP
- #include <string.h>
- #include <unistd.h>
- #include <fcntl.h>
--#include <rpcsvc/nis.h>
- 
- #include "rpc_com.h"
- 
 @@ -522,86 +521,6 @@ clnt_broadcast(prog, vers, proc, xargs, argsp, xresults, resultsp, eachresult)
  }
  
diff -Naurp buildroot-2017.05-rc2/package/libtirpc/0007-Add-missing-rwlock_unlocks-in-xprt_register.patch buildroot-2017.05.2/package/libtirpc/0007-Add-missing-rwlock_unlocks-in-xprt_register.patch
--- buildroot-2017.05-rc2/package/libtirpc/0007-Add-missing-rwlock_unlocks-in-xprt_register.patch       2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/libtirpc/0007-Add-missing-rwlock_unlocks-in-xprt_register.patch 1970-01-01 01:00:00.000000000 +0100
@@ -1,63 +0,0 @@
-From 4f1503e84b2f7bd229a097335e52fb8203f5bb0b Mon Sep 17 00:00:00 2001
-From: Michael Forney <mforney@mforney.org>
-Date: Wed, 4 Nov 2015 13:58:06 -0500
-Subject: [PATCH] Add missing rwlock_unlocks in xprt_register
-
-It looks like in b2c9430f46c4ac848957fb8adaac176a3f6ac03f when svc_run
-switched to poll, an early return was added, but the rwlock was not
-unlocked.
-
-I observed that rpcbind built against libtirpc-1.0.1 would handle only
-one request before hanging, and tracked it down to a missing
-rwlock_unlock here.
-
-Fixes: b2c9430f46c4 ('Use poll() instead of select() in svc_run()')
-Signed-off-by: Michael Forney <mforney@mforney.org>
-Signed-off-by: Steve Dickson <steved@redhat.com>
-[peda@axentia.se: backport from upstream]
-Signed-off-by: Peter Rosin <peda@axentia.se>
----
- src/svc.c | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/src/svc.c b/src/svc.c
-index 9c41445..b59467b 100644
---- a/src/svc.c
-+++ b/src/svc.c
-@@ -99,7 +99,7 @@ xprt_register (xprt)
-     {
-       __svc_xports = (SVCXPRT **) calloc (_rpc_dtablesize(), sizeof (SVCXPRT *));
-       if (__svc_xports == NULL)
--      return;
-+            goto unlock;
-     }
-   if (sock < _rpc_dtablesize())
-     {
-@@ -120,14 +120,14 @@ xprt_register (xprt)
-             svc_pollfd[i].fd = sock;
-             svc_pollfd[i].events = (POLLIN | POLLPRI |
-                                     POLLRDNORM | POLLRDBAND);
--            return;
-+            goto unlock;
-           }
- 
-       new_svc_pollfd = (struct pollfd *) realloc (svc_pollfd,
-                                                   sizeof (struct pollfd)
-                                                   * (svc_max_pollfd + 1));
-       if (new_svc_pollfd == NULL) /* Out of memory */
--        return;
-+        goto unlock;
-       svc_pollfd = new_svc_pollfd;
-       ++svc_max_pollfd;
- 
-@@ -135,6 +135,7 @@ xprt_register (xprt)
-       svc_pollfd[svc_max_pollfd - 1].events = (POLLIN | POLLPRI |
-                                                POLLRDNORM | POLLRDBAND);
-     }
-+unlock:
-   rwlock_unlock (&svc_fd_lock);
- }
- 
--- 
-2.5.3
-
diff -Naurp buildroot-2017.05-rc2/package/libtirpc/0007-include-stdint.h-for-uintptr_t.patch buildroot-2017.05.2/package/libtirpc/0007-include-stdint.h-for-uintptr_t.patch
--- buildroot-2017.05-rc2/package/libtirpc/0007-include-stdint.h-for-uintptr_t.patch    1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/libtirpc/0007-include-stdint.h-for-uintptr_t.patch      2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,31 @@
+From 18f8a605e176f0362da22fd1203eb7cedb136aaf Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Tue, 20 Jun 2017 22:06:35 +0200
+Subject: [PATCH] include stdint.h for uintptr_t
+
+Fixes
+| ../../libtirpc-1.0.1/src/xdr_sizeof.c:93:13: error: 'uintptr_t' undeclared (first use in this function); did you mean '__intptr_t'?
+|   if (len < (uintptr_t)xdrs->x_base) {
+|              ^~~~~~~~~
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Signed-off-by: Dmitrii Kolesnichenko <dmitrii@synopsys.com>
+---
+ src/xdr_sizeof.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/xdr_sizeof.c b/src/xdr_sizeof.c
+index d23fbd1..79d6707 100644
+--- a/src/xdr_sizeof.c
++++ b/src/xdr_sizeof.c
+@@ -39,6 +39,7 @@
+ #include <rpc/xdr.h>
+ #include <sys/types.h>
+ #include <stdlib.h>
++#include <stdint.h>
+ #include "un-namespace.h"
+ 
+ /* ARGSUSED */
+-- 
+2.9.4
+
diff -Naurp buildroot-2017.05-rc2/package/libtirpc/libtirpc.hash buildroot-2017.05.2/package/libtirpc/libtirpc.hash
--- buildroot-2017.05-rc2/package/libtirpc/libtirpc.hash        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/libtirpc/libtirpc.hash  2017-07-27 08:16:52.017486944 +0200
@@ -1,4 +1,4 @@
 # From sourceforge's info on download page:
-sha1   8da1636f98b5909c0d587e7534bc1e91f5c1a970  libtirpc-1.0.1.tar.bz2
+sha1 2a8dc0e6eecc45be6597c8287b1d8e15cbee46e3  libtirpc-1.0.2.tar.bz2
 # Locally computed
-sha256 5156974f31be7ccbc8ab1de37c4739af6d9d42c87b1d5caf4835dda75fcbb89e  libtirpc-1.0.1.tar.bz2
+sha256 723c5ce92706cbb601a8db09110df1b4b69391643158f20ff587e20e7c5f90f5  libtirpc-1.0.2.tar.bz2
diff -Naurp buildroot-2017.05-rc2/package/libtirpc/libtirpc.mk buildroot-2017.05.2/package/libtirpc/libtirpc.mk
--- buildroot-2017.05-rc2/package/libtirpc/libtirpc.mk  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/libtirpc/libtirpc.mk    2017-07-27 08:16:52.017486944 +0200
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBTIRPC_VERSION = 1.0.1
+LIBTIRPC_VERSION = 1.0.2
 LIBTIRPC_SOURCE = libtirpc-$(LIBTIRPC_VERSION).tar.bz2
 LIBTIRPC_SITE = http://downloads.sourceforge.net/project/libtirpc/libtirpc/$(LIBTIRPC_VERSION)
 LIBTIRPC_LICENSE = BSD-3-Clause
diff -Naurp buildroot-2017.05-rc2/package/libv4l/libv4l.mk buildroot-2017.05.2/package/libv4l/libv4l.mk
--- buildroot-2017.05-rc2/package/libv4l/libv4l.mk      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/libv4l/libv4l.mk        2017-07-27 08:16:52.017486944 +0200
@@ -46,10 +46,7 @@ LIBV4L_DEPENDENCIES += libgl
 endif
 
 ifeq ($(BR2_PACKAGE_HAS_UDEV),y)
-LIBV4L_CONF_OPTS += --with-libudev
 LIBV4L_DEPENDENCIES += udev
-else
-LIBV4L_CONF_OPTS += --without-libudev
 endif
 
 ifeq ($(BR2_PACKAGE_LIBGLU),y)
diff -Naurp buildroot-2017.05-rc2/package/libxml-parser-perl/libxml-parser-perl.mk buildroot-2017.05.2/package/libxml-parser-perl/libxml-parser-perl.mk
--- buildroot-2017.05-rc2/package/libxml-parser-perl/libxml-parser-perl.mk      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/libxml-parser-perl/libxml-parser-perl.mk        2017-07-27 08:16:52.017486944 +0200
@@ -9,6 +9,7 @@ LIBXML_PARSER_PERL_SOURCE = XML-Parser-$
 LIBXML_PARSER_PERL_SITE = $(BR2_CPAN_MIRROR)/authors/id/T/TO/TODDR
 HOST_LIBXML_PARSER_PERL_DEPENDENCIES = host-expat
 LIBXML_PARSER_PERL_LICENSE = Artistic or GPL-1.0+
+LIBXML_PARSER_PERL_LICENSE_FILES = README
 LIBXML_PARSER_PERL_RUN_PERL = `which perl`
 
 define HOST_LIBXML_PARSER_PERL_CONFIGURE_CMDS
diff -Naurp buildroot-2017.05-rc2/package/linux-fusion/0004-Port-one-one_udp.c-to-Linux-4.1.patch buildroot-2017.05.2/package/linux-fusion/0004-Port-one-one_udp.c-to-Linux-4.1.patch
--- buildroot-2017.05-rc2/package/linux-fusion/0004-Port-one-one_udp.c-to-Linux-4.1.patch       2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/linux-fusion/0004-Port-one-one_udp.c-to-Linux-4.1.patch 2017-07-27 08:16:52.017486944 +0200
@@ -24,12 +24,20 @@ one/one_udp.c: In function 'ksocket_send
 one/one_udp.c:192:13: error: too many arguments to function 'sock_sendmsg'
 
 Signed-off-by: Marc Gonzalez <marc_gonzalez@sigmadesigns.com>
+
+Kernel commit 2da62906b1e29 dropped the size parameter in sock_recvmsg
+since 4.7
+
+In function 'ksocket_receive'
+one/one_udp.c:235:13: error: too many arguments to function 'sock_recvmsg'
+
+Signed-off-by: Matthew Shyu <matthew.shyu@amlogic.com>
 ---
- one/one_udp.c | 30 +++++++++++++++---------------
- 1 file changed, 15 insertions(+), 15 deletions(-)
+ one/one_udp.c | 34 +++++++++++++++++++---------------
+ 1 file changed, 19 insertions(+), 15 deletions(-)
 
 diff --git a/one/one_udp.c b/one/one_udp.c
-index 26b9e6a1f729..b1daae164cdf 100644
+index 26b9e6a..9b59529 100644
 --- a/one/one_udp.c
 +++ b/one/one_udp.c
 @@ -161,7 +161,7 @@ ksocket_send_iov( struct socket      *sock,
@@ -78,7 +86,7 @@ index 26b9e6a1f729..b1daae164cdf 100644
       struct iovec iov;
       mm_segment_t oldfs;
       int size = 0;
-@@ -213,14 +215,12 @@ ksocket_receive(struct socket* sock, struct sockaddr_in* addr, void *buf, int le
+@@ -213,18 +215,20 @@ ksocket_receive(struct socket* sock, struct sockaddr_in* addr, void *buf, int le
       iov.iov_base = buf;
       iov.iov_len = len;
  
@@ -97,3 +105,14 @@ index 26b9e6a1f729..b1daae164cdf 100644
  
       oldfs = get_fs();
       set_fs(KERNEL_DS);
++#if LINUX_VERSION_CODE < KERNEL_VERSION(4,7,0) // commit 2da62906b1e29
+      size = sock_recvmsg(sock,&msg,len,msg.msg_flags);
++#else
++     size = sock_recvmsg(sock, &msg,msg.msg_flags);
++#endif
+      set_fs(oldfs);
+ 
+      return size;
+-- 
+2.11.0
+
diff -Naurp buildroot-2017.05-rc2/package/linux-headers/Config.in.host buildroot-2017.05.2/package/linux-headers/Config.in.host
--- buildroot-2017.05-rc2/package/linux-headers/Config.in.host  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/linux-headers/Config.in.host    2017-07-27 08:16:52.017486944 +0200
@@ -222,13 +222,13 @@ endchoice
 
 config BR2_DEFAULT_KERNEL_HEADERS
        string
-       default "3.2.88"        if BR2_KERNEL_HEADERS_3_2
+       default "3.2.89"        if BR2_KERNEL_HEADERS_3_2
        default "3.4.113"       if BR2_KERNEL_HEADERS_3_4
-       default "3.10.105"      if BR2_KERNEL_HEADERS_3_10
+       default "3.10.106"      if BR2_KERNEL_HEADERS_3_10
        default "3.12.74"       if BR2_KERNEL_HEADERS_3_12
-       default "4.1.39"        if BR2_KERNEL_HEADERS_4_1
-       default "4.4.68"        if BR2_KERNEL_HEADERS_4_4
-       default "4.9.28"        if BR2_KERNEL_HEADERS_4_9
-       default "4.10.16"       if BR2_KERNEL_HEADERS_4_10
-       default "4.11.1"        if BR2_KERNEL_HEADERS_4_11
+       default "4.1.42"        if BR2_KERNEL_HEADERS_4_1
+       default "4.4.78"        if BR2_KERNEL_HEADERS_4_4
+       default "4.9.39"        if BR2_KERNEL_HEADERS_4_9
+       default "4.10.17"       if BR2_KERNEL_HEADERS_4_10
+       default "4.11.12"       if BR2_KERNEL_HEADERS_4_11
        default BR2_DEFAULT_KERNEL_VERSION if BR2_KERNEL_HEADERS_VERSION
diff -Naurp buildroot-2017.05-rc2/package/linux-zigbee/linux-zigbee.mk buildroot-2017.05.2/package/linux-zigbee/linux-zigbee.mk
--- buildroot-2017.05-rc2/package/linux-zigbee/linux-zigbee.mk  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/linux-zigbee/linux-zigbee.mk    2017-07-27 08:16:52.017486944 +0200
@@ -15,6 +15,7 @@ LINUX_ZIGBEE_AUTORECONF = YES
 
 LINUX_ZIGBEE_CONF_OPTS = \
        --disable-manpages \
+       --disable-werror \
        --with-leasefile="$(call qstrip,$(BR2_PACKAGE_LINUX_ZIGBEE_LEASEFILE))"
 
 ifeq ($(BR2_PACKAGE_LINUX_ZIGBEE_TESTS),y)
diff -Naurp buildroot-2017.05-rc2/package/lugaru/0002-Fix-mismatched-usage-length-build-fail-on-g.patch buildroot-2017.05.2/package/lugaru/0002-Fix-mismatched-usage-length-build-fail-on-g.patch
--- buildroot-2017.05-rc2/package/lugaru/0002-Fix-mismatched-usage-length-build-fail-on-g.patch 1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/lugaru/0002-Fix-mismatched-usage-length-build-fail-on-g.patch   2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,58 @@
+From 5a0c9f6358169b447840acdb721250ce932cb180 Mon Sep 17 00:00:00 2001
+From: Martin Erik Werner <martinerikwerner@gmail.com>
+Date: Wed, 8 Mar 2017 22:51:16 +0100
+Subject: [PATCH] Fix mismatched usage length, build fail on g++
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The length of const option::Descriptor usage[] is intended to be
+inferred based on the initialisation in Source/main.cpp, however, the
+extern declaration in Source/Game.hpp hard-codes it to 13.
+
+Remove the hard-coded 13 in the extern declaration, in favour of the
+inferred length.
+
+This also fixes the follwoing build failure with g++ (Debian 4.9.2-10)
+4.9.2:
+(...)/Source/main.cpp:602:5: error: uninitialized const member ‘option::Descriptor::index’
+     };
+     ^
+(...)/Source/main.cpp:602:5: warning: missing initializer for member ‘option::Descriptor::index’ [-Wmissing-field-initializers]
+(...)/Source/main.cpp:602:5: error: uninitialized const member ‘option::Descriptor::type’
+(...)/Source/main.cpp:602:5: warning: missing initializer for member ‘option::Descriptor::type’ [-Wmissing-field-initializers]
+(...)/Source/main.cpp:602:5: error: uninitialized const member ‘option::Descriptor::shortopt’
+(...)/Source/main.cpp:602:5: warning: missing initializer for member ‘option::Descriptor::shortopt’ [-Wmissing-field-initializers]
+(...)/Source/main.cpp:602:5: error: uninitialized const member ‘option::Descriptor::longopt’
+(...)/Source/main.cpp:602:5: warning: missing initializer for member ‘option::Descriptor::longopt’ [-Wmissing-field-initializers]
+(...)/Source/main.cpp:602:5: error: uninitialized const member ‘option::Descriptor::check_arg’
+(...)/Source/main.cpp:602:5: warning: missing initializer for member ‘option::Descriptor::check_arg’ [-Wmissing-field-initializers]
+(...)/Source/main.cpp:602:5: warning: missing initializer for member ‘option::Descriptor::help’ [-Wmissing-field-initializers]
+CMakeFiles/lugaru.dir/build.make:54: recipe for target 'CMakeFiles/lugaru.dir/Source/main.cpp.o' failed
+
+Signed-off-by: Martin Erik Werner <martinerikwerner@gmail.com>
+
+[Romain: backport to v1.2]
+Signed-off-by: Romain Naour <romain.naour@gmail.com>
+
+(cherry picked from commit dd685fe9080c2853422d8272792691358ea07dfc)
+---
+ Source/Game.hpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Source/Game.hpp b/Source/Game.hpp
+index 51232cc..9bb6adb 100644
+--- a/Source/Game.hpp
++++ b/Source/Game.hpp
+@@ -234,7 +234,7 @@ enum optionIndex
+ /* Number of options + 1 */
+ const int commandLineOptionsNumber = 10;
+ 
+-extern const option::Descriptor usage[13];
++extern const option::Descriptor usage[];
+ 
+ extern option::Option commandLineOptions[commandLineOptionsNumber];
+ extern option::Option* commandLineOptionsBuffer;
+-- 
+2.9.4
+
diff -Naurp buildroot-2017.05-rc2/package/madplay/0002-buildroot-libtool-v1.5.patch.patch buildroot-2017.05.2/package/madplay/0002-buildroot-libtool-v1.5.patch.patch
--- buildroot-2017.05-rc2/package/madplay/0002-buildroot-libtool-v1.5.patch.patch       1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/madplay/0002-buildroot-libtool-v1.5.patch.patch 2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,109 @@
+From ce661985c098635965573aac8fc983a72f60d396 Mon Sep 17 00:00:00 2001
+From: Romain Naour <romain.naour@gmail.com>
+Date: Tue, 30 May 2017 16:42:34 +0200
+Subject: [PATCH] buildroot-libtool-v1.5.patch
+
+Apply buildroot-libtool-v1.5.patch rebased on libtool 1.5.2 used
+in madplay and fixing all conflicts.
+
+Signed-off-by: Romain Naour <romain.naour@gmail.com>
+---
+ ltmain.sh | 40 ++++++++++++++++++++++++++++++----------
+ 1 file changed, 30 insertions(+), 10 deletions(-)
+
+diff --git a/ltmain.sh b/ltmain.sh
+index 4b9f940..0b71220 100644
+--- a/ltmain.sh
++++ b/ltmain.sh
+@@ -164,6 +164,11 @@ do
+   arg="$1"
+   shift
+ 
++  # Make -static behave as -all-static
++  case $arg in
++  -static) arg="-all-static" ;;
++  esac
++
+   case $arg in
+   -*=*) optarg=`$echo "X$arg" | $Xsed -e 's/[-_a-zA-Z0-9]*=//'` ;;
+   *) optarg= ;;
+@@ -549,8 +554,9 @@ if test -z "$show_help"; then
+       # line option must be used.
+       if test -z "$tagname"; then
+         $echo "$modename: unable to infer tagged configuration"
+-        $echo "$modename: specify a tag with \`--tag'" 1>&2
+-        exit 1
++        $echo "$modename: defaulting to \`CC'"
++        $echo "$modename: if this is not correct, specify a tag with \`--tag'"
++#       exit 1
+ #        else
+ #          $echo "$modename: using $tagname tagged configuration"
+       fi
+@@ -1228,7 +1234,8 @@ EOF
+       prevarg="$arg"
+ 
+       case $arg in
+-      -all-static)
++      # Make -static behave like -all-static
++      -all-static | -static)
+       if test -n "$link_static_flag"; then
+         compile_command="$compile_command $link_static_flag"
+         finalize_command="$finalize_command $link_static_flag"
+@@ -2135,8 +2142,14 @@ EOF
+           absdir="$abs_ladir"
+           libdir="$abs_ladir"
+         else
+-          dir="$libdir"
+-          absdir="$libdir"
++            # Adding 'libdir' from the .la file to our library search paths
++            # breaks crosscompilation horribly.  We cheat here and don't add
++            # it, instead adding the path where we found the .la.  -CL
++          dir="$abs_ladir"
++          absdir="$abs_ladir"
++          libdir="$abs_ladir"
++          #dir="$libdir"
++          #absdir="$libdir"
+         fi
+       else
+         dir="$ladir/$objdir"
+@@ -2261,7 +2274,7 @@ EOF
+          { test "$prefer_static_libs" = no || test -z "$old_library"; }; then
+         if test "$installed" = no; then
+           notinst_deplibs="$notinst_deplibs $lib"
+-          need_relink=yes
++          need_relink=no
+         fi
+         # This is a shared library
+       
+@@ -5146,6 +5159,10 @@ fi\
+           # Replace all uninstalled libtool libraries with the installed ones
+           newdependency_libs=
+           for deplib in $dependency_libs; do
++              # Replacing uninstalled with installed can easily break crosscompilation,
++              # since the installed path is generally the wrong architecture.  -CL
++              newdependency_libs="$newdependency_libs $deplib"
++              continue
+             case $deplib in
+             *.la)
+               name=`$echo "X$deplib" | $Xsed -e 's%^.*/%%'`
+@@ -5464,10 +5481,13 @@ relink_command=\"$relink_command\""
+         # At present, this check doesn't affect windows .dll's that
+         # are installed into $libdir/../bin (currently, that works fine)
+         # but it's something to keep an eye on.
+-        if test "$inst_prefix_dir" = "$destdir"; then
+-          $echo "$modename: error: cannot install \`$file' to a directory not ending in $libdir" 1>&2
+-          exit 1
+-        fi
++        #
++        # This breaks install into our staging area.  -PB
++        # 
++        # if test "$inst_prefix_dir" = "$destdir"; then
++        #   $echo "$modename: error: cannot install \`$file' to a directory not ending in $libdir" 1>&2
++        #   exit 1
++        # fi
+ 
+         if test -n "$inst_prefix_dir"; then
+           # Stick the inst_prefix_dir data into the link command.
+-- 
+2.9.4
+
diff -Naurp buildroot-2017.05-rc2/package/Makefile.in buildroot-2017.05.2/package/Makefile.in
--- buildroot-2017.05-rc2/package/Makefile.in   2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/Makefile.in     2017-07-27 08:16:52.017486944 +0200
@@ -207,7 +207,7 @@ TARGET_STRIP = $(TARGET_CROSS)strip
 STRIPCMD = $(TARGET_CROSS)strip --remove-section=.comment --remove-section=.note
 endif
 ifeq ($(BR2_STRIP_none),y)
-TARGET_STRIP = true
+TARGET_STRIP = /bin/true
 STRIPCMD = $(TARGET_STRIP)
 endif
 INSTALL := $(shell which install || type -p install)
@@ -223,6 +223,27 @@ HOST_CFLAGS   += $(HOST_CPPFLAGS)
 HOST_CXXFLAGS += $(HOST_CFLAGS)
 HOST_LDFLAGS  += -L$(HOST_DIR)/lib -L$(HOST_DIR)/usr/lib -Wl,-rpath,$(HOST_DIR)/usr/lib
 
+# The macros below are taken from linux 4.11 and adapted slightly.
+# Copy more when needed.
+
+# try-run
+# Usage: option = $(call try-run, $(CC)...-o "$$TMP",option-ok,otherwise)
+# Exit code chooses option. "$$TMP" is can be used as temporary file and
+# is automatically cleaned up.
+try-run = $(shell set -e;               \
+       TMP="$$(tempfile)";             \
+       if ($(1)) >/dev/null 2>&1;      \
+       then echo "$(2)";               \
+       else echo "$(3)";               \
+       fi;                             \
+       rm -f "$$TMP")
+
+# host-cc-option
+# Usage: HOST_FOO_CFLAGS += $(call host-cc-option,-no-pie,)
+host-cc-option = $(call try-run,\
+        $(HOSTCC) $(HOST_CFLAGS) $(1) -c -x c /dev/null -o "$$TMP",$(1),$(2))
+
+
 # host-intltool should be executed with the system perl, so we save
 # the path to the system perl, before a host-perl built by Buildroot
 # might get installed into $(HOST_DIR)/usr/bin and therefore appears
diff -Naurp buildroot-2017.05-rc2/package/mariadb/mariadb.hash buildroot-2017.05.2/package/mariadb/mariadb.hash
--- buildroot-2017.05-rc2/package/mariadb/mariadb.hash  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/mariadb/mariadb.hash    2017-07-27 08:16:52.017486944 +0200
@@ -1,2 +1,2 @@
-# From https://downloads.mariadb.org/mariadb/10.1.22/
-sha256 bcb0572e7ad32cea9740a21e9255f733bdf60a5561ffbda317c22dd12b3966ce  mariadb-10.1.22.tar.gz
+# From https://downloads.mariadb.org/mariadb/10.1.23/
+sha256 54d8114e24bfa5e3ebdc7d69e071ad1471912847ea481b227d204f9d644300bf  mariadb-10.1.23.tar.gz
diff -Naurp buildroot-2017.05-rc2/package/mariadb/mariadb.mk buildroot-2017.05.2/package/mariadb/mariadb.mk
--- buildroot-2017.05-rc2/package/mariadb/mariadb.mk    2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/mariadb/mariadb.mk      2017-07-27 08:16:52.017486944 +0200
@@ -4,10 +4,12 @@
 #
 ################################################################################
 
-MARIADB_VERSION = 10.1.22
+MARIADB_VERSION = 10.1.23
 MARIADB_SITE = https://downloads.mariadb.org/interstitial/mariadb-$(MARIADB_VERSION)/source
 MARIADB_LICENSE = GPL-2.0 (server), GPL-2.0 with FLOSS exception (GPL client library), LGPL-2.0 (LGPL client library)
-MARIADB_LICENSE_FILES = README COPYING COPYING.LESSER
+# Tarball no longer contains LGPL license text
+# https://jira.mariadb.org/browse/MDEV-12297
+MARIADB_LICENSE_FILES = README COPYING
 MARIADB_INSTALL_STAGING = YES
 MARIADB_PROVIDES = mysql
 
diff -Naurp buildroot-2017.05-rc2/package/mesa3d/Config.in buildroot-2017.05.2/package/mesa3d/Config.in
--- buildroot-2017.05-rc2/package/mesa3d/Config.in      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/mesa3d/Config.in        2017-07-27 08:16:52.017486944 +0200
@@ -30,8 +30,15 @@ config BR2_PACKAGE_MESA3D_GALLIUM_DRIVER
 config BR2_PACKAGE_MESA3D_DRI_DRIVER
        bool
        select BR2_PACKAGE_MESA3D_DRIVER
-       select BR2_PACKAGE_XLIB_LIBXSHMFENCE if BR2_PACKAGE_XPROTO_DRI3PROTO
-       select BR2_PACKAGE_XPROTO_PRESENTPROTO if BR2_PACKAGE_XPROTO_DRI3PROTO
+       # xlib-libxshmfence needs sync_4, so we cannot select it if
+       # BR2_TOOLCHAIN_HAS_SYNC_4 is false. xproto-presentproto
+       # doesn't need sync_4, but it is only needed in conjunction
+       # with xlib-libxshmfence and dri3proto to provide dri3
+       # support, so we also only select it if sync_4 is available.
+       select BR2_PACKAGE_XLIB_LIBXSHMFENCE if \
+               (BR2_PACKAGE_XPROTO_DRI3PROTO && BR2_TOOLCHAIN_HAS_SYNC_4)
+       select BR2_PACKAGE_XPROTO_PRESENTPROTO if \
+               (BR2_PACKAGE_XPROTO_DRI3PROTO && BR2_TOOLCHAIN_HAS_SYNC_4)
 
 config BR2_PACKAGE_MESA3D_VULKAN_DRIVER
        bool
diff -Naurp buildroot-2017.05-rc2/package/mesa3d/mesa3d.mk buildroot-2017.05.2/package/mesa3d/mesa3d.mk
--- buildroot-2017.05-rc2/package/mesa3d/mesa3d.mk      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/mesa3d/mesa3d.mk        2017-07-27 08:16:52.017486944 +0200
@@ -90,7 +90,7 @@ ifeq ($(BR2_PACKAGE_MESA3D_DRI_DRIVER),)
 MESA3D_CONF_OPTS += \
        --without-dri-drivers --disable-dri3
 else
-ifeq ($(BR2_PACKAGE_XPROTO_DRI3PROTO),y)
+ifeq ($(BR2_PACKAGE_XLIB_LIBXSHMFENCE)$(BR2_PACKAGE_XPROTO_DRI3PROTO),yy)
 MESA3D_DEPENDENCIES += xlib_libxshmfence xproto_dri3proto xproto_presentproto
 MESA3D_CONF_OPTS += --enable-dri3
 else
diff -Naurp buildroot-2017.05-rc2/package/mono/mono.mk buildroot-2017.05.2/package/mono/mono.mk
--- buildroot-2017.05-rc2/package/mono/mono.mk  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/mono/mono.mk    2017-07-27 08:16:52.017486944 +0200
@@ -29,7 +29,6 @@ MONO_CONF_OPTS = --with-mcs-docs=no \
 define MONO_INSTALL_LIBS
        rsync -av --exclude=*.so --exclude=*.mdb \
                $(HOST_DIR)/usr/lib/mono $(TARGET_DIR)/usr/lib/
-       rsync -av $(HOST_DIR)/etc/mono $(TARGET_DIR)/etc
 endef
 
 MONO_POST_INSTALL_TARGET_HOOKS += MONO_INSTALL_LIBS
diff -Naurp buildroot-2017.05-rc2/package/mosh/Config.in buildroot-2017.05.2/package/mosh/Config.in
--- buildroot-2017.05-rc2/package/mosh/Config.in        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/mosh/Config.in  2017-07-27 08:16:52.017486944 +0200
@@ -24,4 +24,11 @@ config BR2_PACKAGE_MOSH
          allows roaming, and provides speculative local echo and line editing
          of user keystrokes.
 
+         Mosh requires that the remote machine has a locale setting matching
+         the one on the client.
+
+         When using mosh with dropbear on a remote machine, the client needs mosh
+         with a version above 1.3.0 and the --no-ssh-pty option needs to be passed
+         when starting the connection.
+
          https://mosh.mit.edu
diff -Naurp buildroot-2017.05-rc2/package/mosquitto/0001-Remove-lanl-when-WITH_ADNS-is-unset.patch buildroot-2017.05.2/package/mosquitto/0001-Remove-lanl-when-WITH_ADNS-is-unset.patch
--- buildroot-2017.05-rc2/package/mosquitto/0001-Remove-lanl-when-WITH_ADNS-is-unset.patch      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/mosquitto/0001-Remove-lanl-when-WITH_ADNS-is-unset.patch        1970-01-01 01:00:00.000000000 +0100
@@ -1,32 +0,0 @@
-From 0de640dd834b6c01c4904e11d51f3a1406c89469 Mon Sep 17 00:00:00 2001
-From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-Date: Mon, 3 Apr 2017 20:34:07 +0200
-Subject: [PATCH] Remove -lanl when WITH_ADNS is unset
-
-Do not add -lanl to BROKER_LIBS for all Linux builds.
-Indeed, -lanl is only needed for getaddrinfo_a which is only used in
-_mosquitto_try_connect_step1 when WITH_ADNS is set
-
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
----
- config.mk | 4 ----
- 1 file changed, 4 deletions(-)
-
-diff --git a/config.mk b/config.mk
-index 6e369c2..44639d2 100644
---- a/config.mk
-+++ b/config.mk
-@@ -159,10 +159,6 @@ ifeq ($(UNAME),QNX)
-       LIB_LIBS:=$(LIB_LIBS) -lsocket
- endif
- 
--ifeq ($(UNAME),Linux)
--      BROKER_LIBS:=$(BROKER_LIBS) -lanl
--endif
--
- ifeq ($(WITH_WRAP),yes)
-       BROKER_LIBS:=$(BROKER_LIBS) -lwrap
-       BROKER_CFLAGS:=$(BROKER_CFLAGS) -DWITH_WRAP
--- 
-2.5.0
-
diff -Naurp buildroot-2017.05-rc2/package/mosquitto/mosquitto.hash buildroot-2017.05.2/package/mosquitto/mosquitto.hash
--- buildroot-2017.05-rc2/package/mosquitto/mosquitto.hash      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/mosquitto/mosquitto.hash        2017-07-27 08:16:52.017486944 +0200
@@ -1,2 +1,3 @@
 # Locally computed:
-sha512  c05ca8679b9a6f540868f4ccf701257fcabc114d5450ac0bbbe80b91bb7cd4fc52668773e945506760c7a5bd8a494e0a56100714112e5d2713d57bfab8951587  mosquitto-1.4.11.tar.gz
+sha512  75e6105498869ab13265df7a0bea6052c014d59d0c0efb61162d8257d34c0153fce32130e84c28e99fd494f374949aac5e01c19f7439c2eea575b52ef1179c3c  mosquitto-1.4.12.tar.gz
+sha256  06abd1206e548ac2378dd96f5434cb3e40ed77cecb6a9c37fbabab0b0f1360e5  mosquitto-1.4.x_cve-2017-9868.patch
diff -Naurp buildroot-2017.05-rc2/package/mosquitto/mosquitto.mk buildroot-2017.05.2/package/mosquitto/mosquitto.mk
--- buildroot-2017.05-rc2/package/mosquitto/mosquitto.mk        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/mosquitto/mosquitto.mk  2017-07-27 08:16:52.017486944 +0200
@@ -4,11 +4,13 @@
 #
 ################################################################################
 
-MOSQUITTO_VERSION = 1.4.11
+MOSQUITTO_VERSION = 1.4.12
 MOSQUITTO_SITE = http://mosquitto.org/files/source
 MOSQUITTO_LICENSE = EPL-1.0 or EDLv1.0
 MOSQUITTO_LICENSE_FILES = LICENSE.txt epl-v10 edl-v10
 MOSQUITTO_INSTALL_STAGING = YES
+MOSQUITTO_PATCH = \
+       https://mosquitto.org/files/cve/2017-9868/mosquitto-1.4.x_cve-2017-9868.patch
 
 MOSQUITTO_MAKE_OPTS = \
        UNAME=Linux \
diff -Naurp buildroot-2017.05-rc2/package/mpg123/mpg123.hash buildroot-2017.05.2/package/mpg123/mpg123.hash
--- buildroot-2017.05-rc2/package/mpg123/mpg123.hash    2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/mpg123/mpg123.hash      2017-07-27 08:16:52.017486944 +0200
@@ -1,2 +1,5 @@
 # Locally calculated after checking pgp signature
-sha256 de2303c8ecb65593e39815c0a2f2f2d91f708c43b85a55fdd1934c82e677cf8e        mpg123-1.23.8.tar.bz2
+sha256 5314b0fb8ad291bfc79ff4c5c321b971916819a65233ec065434358fcf8aee38        mpg123-1.25.2.tar.bz2
+
+# License file
+sha256  f40e0dd86b27b52e429b693a87b3ca63ae0a98a4d142e77207aa6bdf1db7a295  COPYING
diff -Naurp buildroot-2017.05-rc2/package/mpg123/mpg123.mk buildroot-2017.05.2/package/mpg123/mpg123.mk
--- buildroot-2017.05-rc2/package/mpg123/mpg123.mk      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/mpg123/mpg123.mk        2017-07-27 08:16:52.017486944 +0200
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-MPG123_VERSION = 1.23.8
+MPG123_VERSION = 1.25.2
 MPG123_SOURCE = mpg123-$(MPG123_VERSION).tar.bz2
 MPG123_SITE = http://downloads.sourceforge.net/project/mpg123/mpg123/$(MPG123_VERSION)
 MPG123_CONF_OPTS = --disable-lfs-alias
@@ -74,10 +74,11 @@ endif
 
 MPG123_CONF_OPTS += --with-audio=$(subst $(space),$(comma),$(MPG123_AUDIO))
 
-ifeq ($(BR2_PACKAGE_LIBTOOL),y)
-MPG123_DEPENDENCIES += libtool
-# .la files gets stripped , so directly load .so files rather than .la
-MPG123_CONF_OPTS += --with-modules --with-module-suffix=.so
+# output modules are loaded with dlopen()
+ifeq ($(BR2_STATIC_LIBS),y)
+MPG123_CONF_OPTS += --disable-modules
+else
+MPG123_CONF_OPTS += --enable-modules
 endif
 
 $(eval $(autotools-package))
diff -Naurp buildroot-2017.05-rc2/package/mxml/mxml.mk buildroot-2017.05.2/package/mxml/mxml.mk
--- buildroot-2017.05-rc2/package/mxml/mxml.mk  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/mxml/mxml.mk    2017-07-27 08:16:52.017486944 +0200
@@ -5,7 +5,7 @@
 ################################################################################
 
 MXML_VERSION = 2.10
-MXML_SITE = http://www.msweet.org/files/project3
+MXML_SITE = https://github.com/michaelrsweet/mxml/releases/download/release-$(MXML_VERSION)
 MXML_LICENSE = LGPL-2.0+ with exceptions
 MXML_LICENSE_FILES = COPYING
 MXML_INSTALL_STAGING = YES
diff -Naurp buildroot-2017.05-rc2/package/ncurses/ncurses.mk buildroot-2017.05.2/package/ncurses/ncurses.mk
--- buildroot-2017.05-rc2/package/ncurses/ncurses.mk    2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/ncurses/ncurses.mk      2017-07-27 08:16:52.017486944 +0200
@@ -47,10 +47,12 @@ endif
 
 NCURSES_TERMINFO_FILES = \
        a/ansi \
+       d/dumb \
        l/linux \
        p/putty \
        p/putty-vt100 \
        s/screen \
+       s/screen-256color \
        v/vt100 \
        v/vt100-putty \
        v/vt102 \
diff -Naurp buildroot-2017.05-rc2/package/network-manager/Config.in buildroot-2017.05.2/package/network-manager/Config.in
--- buildroot-2017.05-rc2/package/network-manager/Config.in     2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/network-manager/Config.in       2017-07-27 08:16:52.017486944 +0200
@@ -1,6 +1,7 @@
 config BR2_PACKAGE_NETWORK_MANAGER
        bool "networkmanager"
        depends on BR2_PACKAGE_LIBGPG_ERROR_ARCH_SUPPORTS # libgcrypt
+       depends on !BR2_STATIC_LIBS # gnutls
        depends on BR2_USE_MMU # dbus
        depends on BR2_PACKAGE_HAS_UDEV
        # Tested with 3.2, but may even work with earlier versions
@@ -57,8 +58,8 @@ comment "pppd support needs a glibc or u
 
 endif
 
-comment "NetworkManager needs udev /dev management and a glibc toolchain w/ headers >= 3.7"
+comment "NetworkManager needs udev /dev management and a glibc toolchain w/ headers >= 3.7, dynamic library"
        depends on BR2_USE_MMU
        depends on !BR2_PACKAGE_HAS_UDEV || \
                !BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_7 || \
-               !BR2_TOOLCHAIN_USES_GLIBC
+               !BR2_TOOLCHAIN_USES_GLIBC || BR2_STATIC_LIBS
diff -Naurp buildroot-2017.05-rc2/package/ntp/0003-ntpq-fpic.patch buildroot-2017.05.2/package/ntp/0003-ntpq-fpic.patch
--- buildroot-2017.05-rc2/package/ntp/0003-ntpq-fpic.patch      1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/ntp/0003-ntpq-fpic.patch        2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,23 @@
+ntpq/Makefile.am: add NTP_HARD_CFLAGS
+
+Pass NTP_HARD_CFLAGS when building ntpq, like in all other ntp
+modules, to make sure -fPIC is passed.
+
+Originally taken from
+https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=494143c3b4921a5c8b8596d58f2c8b98296bf688.
+
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+
+Index: b/ntpq/Makefile.am
+===================================================================
+--- a/ntpq/Makefile.am
++++ b/ntpq/Makefile.am
+@@ -23,7 +23,7 @@
+ ntpq_LDADD += $(LDADD_NTP)
+ noinst_HEADERS=       ntpq.h
+ noinst_LIBRARIES=     libntpq.a
+-libntpq_a_CFLAGS=     -DNO_MAIN_ALLOWED -DBUILD_AS_LIB
++libntpq_a_CFLAGS=     $(NTP_HARD_CFLAGS) -DNO_MAIN_ALLOWED -DBUILD_AS_LIB
+ CLEANFILES=
+ DISTCLEANFILES=       .version version.c config.log $(man_MANS)
+ ETAGS_ARGS=   Makefile.am
diff -Naurp buildroot-2017.05-rc2/package/ntp/ntp.mk buildroot-2017.05.2/package/ntp/ntp.mk
--- buildroot-2017.05-rc2/package/ntp/ntp.mk    2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/ntp/ntp.mk      2017-07-27 08:16:52.017486944 +0200
@@ -21,6 +21,7 @@ NTP_CONF_OPTS = \
        --with-crypto
 
 # 0002-ntp-syscalls-fallback.patch
+# 0003-ntpq-fpic.patch
 NTP_AUTORECONF = YES
 
 ifeq ($(BR2_TOOLCHAIN_HAS_SSP),y)
@@ -64,6 +65,12 @@ else
 NTP_CONF_OPTS += --disable-SHM
 endif
 
+ifeq ($(BR2_PACKAGE_NTP_SNTP),y)
+NTP_CONF_OPTS += --with-sntp
+else
+NTP_CONF_OPTS += --without-sntp
+endif
+
 NTP_INSTALL_FILES_$(BR2_PACKAGE_NTP_NTP_KEYGEN) += util/ntp-keygen
 NTP_INSTALL_FILES_$(BR2_PACKAGE_NTP_NTP_WAIT) += scripts/ntp-wait/ntp-wait
 NTP_INSTALL_FILES_$(BR2_PACKAGE_NTP_NTPDATE) += ntpdate/ntpdate
diff -Naurp buildroot-2017.05-rc2/package/ola/0001-Remove-fvisibiliy-inlines-hidden.patch buildroot-2017.05.2/package/ola/0001-Remove-fvisibiliy-inlines-hidden.patch
--- buildroot-2017.05-rc2/package/ola/0001-Remove-fvisibiliy-inlines-hidden.patch       2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/ola/0001-Remove-fvisibiliy-inlines-hidden.patch 1970-01-01 01:00:00.000000000 +0100
@@ -1,26 +0,0 @@
-From cd4f5d9d8a10c368584e8e714ebb0f9695267063 Mon Sep 17 00:00:00 2001
-From: Simon Marchi <simon.marchi@polymtl.ca>
-Date: Mon, 10 Aug 2015 15:01:42 -0400
-Subject: [PATCH] Remove -fvisibiliy-inlines-hidden
-
-Signed-off-by: Simon Marchi <simon.marchi@polymtl.ca>
----
- Makefile.am | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Makefile.am b/Makefile.am
-index 714e435..17a23e2 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -32,7 +32,7 @@ AM_DISTCHECK_CONFIGURE_FLAGS = --enable-python-libs
- COMMON_CXXFLAGS_ONLY_WARNINGS = \
-     -I$(top_srcdir)/include \
-     -I$(top_builddir)/include \
--    -Wall -Wformat -W -fvisibility-inlines-hidden \
-+    -Wall -Wformat -W \
-     $(libprotobuf_CFLAGS)
- 
- COMMON_CXXFLAGS = $(COMMON_CXXFLAGS_ONLY_WARNINGS)
--- 
-2.5.0
-
diff -Naurp buildroot-2017.05-rc2/package/ola/0002-Remove-replacing-I-with-isystem.patch buildroot-2017.05.2/package/ola/0002-Remove-replacing-I-with-isystem.patch
--- buildroot-2017.05-rc2/package/ola/0002-Remove-replacing-I-with-isystem.patch        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/ola/0002-Remove-replacing-I-with-isystem.patch  1970-01-01 01:00:00.000000000 +0100
@@ -1,106 +0,0 @@
-From bbb03794def326c2e8ad2de523c5a61a4c8cb464 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?J=C3=B6rg=20Krause?= <joerg.krause@embedded.rocks>
-Date: Thu, 22 Sep 2016 00:58:58 +0200
-Subject: [PATCH] Remove replacing -I with -isystem
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Building OLA with a GCC 6 cross-toolchain fails:
-
-```
-/usr/bin/arm-linux-g++ -DHAVE_CONFIG_H -I.   -D_LARGEFILE_SOURCE
--D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -I./include -I./include
--Wall -Wformat -W -isystem
-/usr/arm-buildroot-linux-gnueabihf/sysroot/usr/include -pthread
--D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64  -Os
--pthread -c -o libs/acn/e131_transmit_test.o
-libs/acn/e131_transmit_test.cpp
-/usr/bin/arm-linux-g++ -DHAVE_CONFIG_H -I.   -D_LARGEFILE_SOURCE
--D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -I./include -I./include
--Wall -Wformat -W -isystem
-/usr/arm-buildroot-linux-gnueabihf/sysroot/usr/include -pthread
--D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64  -Os
--pthread -c -o libs/acn/E131TestFramework.o
-libs/acn/E131TestFramework.cpp
-In file included from
-/opt/ext-toolchain/arm-buildroot-linux-gnueabihf/include/c++/6.1.0/ext/string_conversions.h:41:0,
-                 from
-/opt/ext-toolchain/arm-buildroot-linux-gnueabihf/include/c++/6.1.0/bits/basic_string.h:5402,
-                 from
-/opt/ext-toolchain/arm-buildroot-linux-gnueabihf/include/c++/6.1.0/string:52,
-                 from ./tools/ola_trigger/config.ypp:2:
-/opt/ext-toolchain/arm-buildroot-linux-gnueabihf/include/c++/6.1.0/cstdlib:75:25:
-fatal error: stdlib.h: No such file or directory
- #include_next <stdlib.h>
-                         ^
-compilation terminated.
-```
-
-The C++ library in GCC 6 now provides its own `<stdlib.h>` header that
-wraps the C library header of the same name, so in `<cstdlib>` the
-header include
-
-```
-#include <stdlib.h>
-```
-
-has become
-
-```
-#include_next <stdlib.h>
-```
-
-`#include_next` is sensitive to the order of directories in the
-preprocessor's search path, so if that order is changed with `-isystem`
-then the compiler can't find the right header:
-
-```
-[1] /usr/arm-buildroot-linux-gnueabihf/sysroot/usr/include
-[2] /opt/ext-toolchain/arm-buildroot-linux-gnueabihf/include/c++/6.1.0
-[..]
-End of search list.
-```
-
-`<cstdlib>` is located in [2] whereas `<stdlib.h>` (C library header) is
-in [1]. In this case, the `#include_next <stdlib.h>` statement in
-`<cstdlib>`, located in [2], is evaluated **after** the search path [1],
-so the compiler does not find the right system header.
-
-The problem is that the OLA build system replaces the `-I` in the CFLAGS
-from libprotobuf with `-isystem` to fix some warnings treated as errors
-in the libprotobuf header files.
-
-`-isystem` should be used to suppress warnings in system headers only
-and the libprotobuf header files are not system files.
-
-The correct fix is to compile with less restrictions and remove
-`-Werror` for the build.
-
-As using `-isystem` is reordering GCCs search path and using `-isystem`
-is really not necessary, remove the faulty replacement of `-I`.
-
-Upstream status: https://github.com/OpenLightingProject/ola/pull/1126
-
-Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
----
- config/ola.m4 | 3 ---
- 1 file changed, 3 deletions(-)
-
-diff --git a/config/ola.m4 b/config/ola.m4
-index 2796cfb..d3b8cc8 100644
---- a/config/ola.m4
-+++ b/config/ola.m4
-@@ -24,9 +24,6 @@ AC_DEFUN([PROTOBUF_SUPPORT],
- AC_REQUIRE_CPP()
- PKG_CHECK_MODULES(libprotobuf, [protobuf >= $1])
- 
--# We want to replace -I with -isystem here to disable errors in the .h files
--# See https://groups.google.com/forum/#!topic/open-lighting/39Mj0KXlCIk
--libprotobuf_CFLAGS=`echo $libprotobuf_CFLAGS | sed 's/-I/-isystem /'`
- AC_SUBST([libprotobuf_CFLAGS])
- 
- AC_ARG_WITH([protoc],
--- 
-2.10.0
-
diff -Naurp buildroot-2017.05-rc2/package/ola/Config.in buildroot-2017.05.2/package/ola/Config.in
--- buildroot-2017.05-rc2/package/ola/Config.in 2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/ola/Config.in   1970-01-01 01:00:00.000000000 +0100
@@ -1,138 +0,0 @@
-comment "ola needs a toolchain w/ C++, threads, dynamic library, host and target gcc >= 4.5"
-       depends on !BR2_INSTALL_LIBSTDCPP || !BR2_TOOLCHAIN_HAS_THREADS \
-               || BR2_STATIC_LIBS || !BR2_HOST_GCC_AT_LEAST_4_5 \
-               || !BR2_TOOLCHAIN_GCC_AT_LEAST_4_5
-       depends on BROKEN
-       depends on BR2_PACKAGE_PROTOBUF_ARCH_SUPPORTS
-
-menuconfig BR2_PACKAGE_OLA
-       bool "ola (open lighting architecture)"
-       select BR2_PACKAGE_PROTOBUF
-       select BR2_PACKAGE_UTIL_LINUX_LIBUUID
-       select BR2_PACKAGE_UTIL_LINUX
-       # Build fails with current protobuf
-       # https://github.com/OpenLightingProject/ola/issues/1192
-       depends on BROKEN
-       depends on BR2_INSTALL_LIBSTDCPP # protobuf
-       depends on !BR2_STATIC_LIBS # protobuf
-       depends on BR2_TOOLCHAIN_HAS_THREADS
-       depends on BR2_PACKAGE_PROTOBUF_ARCH_SUPPORTS
-       depends on BR2_HOST_GCC_AT_LEAST_4_5 # protobuf
-       depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_5 # protobuf
-       help
-         Open Lighting Architecture provides applications
-         with a mechanism to send and receive DMX512 & RDM
-         commands using hardware devices and DMX over IP protocols.
-
-         http://www.opendmx.net/index.php/OLA
-
-if BR2_PACKAGE_OLA
-
-comment "bindings and interface"
-
-config BR2_PACKAGE_OLA_WEB
-       bool "http interface"
-       depends on BR2_PACKAGE_LIBGPG_ERROR_ARCH_SUPPORTS # libgcrypt, libmicrohttpd
-       select BR2_PACKAGE_LIBMICROHTTPD
-       help
-         Build OLA with browser interface.
-
-config BR2_PACKAGE_OLA_PYTHON_BINDINGS
-       bool "python bindings"
-       depends on BR2_PACKAGE_PYTHON
-       select BR2_PACKAGE_PYTHON_PROTOBUF
-       help
-         Build OLA with support for the Python language.
-
-config BR2_PACKAGE_OLA_SLP
-       bool "slp tools"
-       help
-         Build OLA with slp tools.
-
-comment "tests and examples"
-
-config BR2_PACKAGE_OLA_EXAMPLES
-       bool "examples"
-       select BR2_PACKAGE_NCURSES
-       help
-         Build OLA examples.
-
-config BR2_PACKAGE_OLA_RDM_TESTS
-       bool "rdm tests"
-       depends on BR2_PACKAGE_OLA_PYTHON_BINDINGS
-       depends on BR2_PACKAGE_PYTHON_NUMPY_ARCH_SUPPORTS
-       select BR2_PACKAGE_PYTHON_NUMPY
-       help
-         Build OLA RDM tests.
-
-comment "plugin selections"
-
-config BR2_PACKAGE_OLA_PLUGIN_E131
-       bool "acn E131"
-       help
-         Build ACN E131 plugin for OLA.
-
-config BR2_PACKAGE_OLA_PLUGIN_ARTNET
-       bool "artnet"
-       help
-         Build Artnet plugin for OLA.
-
-config BR2_PACKAGE_OLA_PLUGIN_OPENDMX
-       bool "DMX4Linux"
-       help
-         Build DMX4Linux plugin for OLA.
-
-config BR2_PACKAGE_OLA_PLUGIN_DUMMY
-       bool "dummy"
-       help
-         Build Dummy plugin for OLA.
-
-config BR2_PACKAGE_OLA_PLUGIN_ESPNET
-       bool "espnet"
-       help
-         Build EspNet plugin for OLA.
-
-config BR2_PACKAGE_OLA_PLUGIN_KINET
-       bool "kinet"
-       help
-         Build KiNet plugin for OLA.
-
-config BR2_PACKAGE_OLA_PLUGIN_MILINT
-       bool "Milford Instruments"
-       help
-         Build Milford Instruments 1-463 plugin for OLA.
-
-config BR2_PACKAGE_OLA_PLUGIN_OSC
-       bool "osc"
-       select BR2_PACKAGE_LIBLO
-       help
-         Build Open Sound Control plugin for OLA.
-
-config BR2_PACKAGE_OLA_PLUGIN_PATHPORT
-       bool "pathport"
-       help
-         Build Pathport plugin for OLA.
-
-config BR2_PACKAGE_OLA_PLUGIN_SANDNET
-       bool "sandnet"
-       help
-         Build SandNet plugin for OLA.
-
-config BR2_PACKAGE_OLA_PLUGIN_SHOWNET
-       bool "shownet"
-       help
-         Build ShowNet plugin for OLA.
-
-config BR2_PACKAGE_OLA_PLUGIN_STAGEPROFI
-       bool "stageprofi"
-       select BR2_PACKAGE_LIBUSB
-       help
-         Build StageProfi plugin for OLA.
-
-config BR2_PACKAGE_OLA_PLUGIN_USBPRO
-       bool "usbpro"
-       select BR2_PACKAGE_LIBUSB
-       help
-         Build UsbPro plugin for OLA.
-
-endif
diff -Naurp buildroot-2017.05-rc2/package/ola/ola.hash buildroot-2017.05.2/package/ola/ola.hash
--- buildroot-2017.05-rc2/package/ola/ola.hash  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/ola/ola.hash    1970-01-01 01:00:00.000000000 +0100
@@ -1,2 +0,0 @@
-# Locally calculated
-sha256  986e61874bc80db3b23cf201af2dafa39e3412cc50cddf1cd449c869110bfd27  ola-0.10.2.tar.gz
diff -Naurp buildroot-2017.05-rc2/package/ola/ola.mk buildroot-2017.05.2/package/ola/ola.mk
--- buildroot-2017.05-rc2/package/ola/ola.mk    2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/ola/ola.mk      1970-01-01 01:00:00.000000000 +0100
@@ -1,180 +0,0 @@
-################################################################################
-#
-# ola
-#
-################################################################################
-
-OLA_VERSION = 0.10.2
-OLA_SITE = https://github.com/OpenLightingProject/ola/releases/download/$(OLA_VERSION)
-OLA_LICENSE = LGPL-2.1+ (libola, libolacommon, Python bindings), GPL-2.0+ (libolaserver, olad, Python examples and tests)
-OLA_LICENSE_FILES = LICENCE GPL LGPL
-OLA_INSTALL_STAGING = YES
-OLA_AUTORECONF = YES
-
-# util-linux provides uuid lib
-OLA_DEPENDENCIES = protobuf util-linux host-bison host-flex host-ola
-
-OLA_CONF_OPTS = \
-       ac_cv_have_pymod_google_protobuf=yes \
-       --disable-gcov \
-       --disable-tcmalloc \
-       --disable-unittests \
-       --disable-root-check \
-       --disable-java-libs \
-       --disable-fatal-warnings \
-       --with-ola-protoc-plugin=$(HOST_DIR)/usr/bin/ola_protoc_plugin
-
-HOST_OLA_DEPENDENCIES = host-util-linux host-protobuf
-
-# When building the host part, disable as much as possible to speed up
-# the configure step and avoid missing host dependencies.
-HOST_OLA_CONF_OPTS = \
-       --disable-all-plugins \
-       --disable-slp \
-       --disable-osc \
-       --disable-uart \
-       --disable-libusb \
-       --disable-libftdi \
-       --disable-http \
-       --disable-examples \
-       --disable-unittests \
-       --disable-doxygen-html \
-       --disable-doxygen-doc \
-       --disable-fatal-warnings
-
-# On the host side, we only need ola_protoc_plugin, so build and install this
-# only.
-HOST_OLA_MAKE_OPTS = protoc/ola_protoc_plugin
-define HOST_OLA_INSTALL_CMDS
-       $(INSTALL) -D -m 0755 $(@D)/protoc/ola_protoc_plugin $(HOST_DIR)/usr/bin/ola_protoc_plugin
-endef
-
-# sets where to find python libs built for target and required by ola
-OLA_CONF_ENV = PYTHONPATH=$(TARGET_DIR)/usr/lib/python$(PYTHON_VERSION_MAJOR)/site-packages
-OLA_MAKE_ENV = PYTHONPATH=$(TARGET_DIR)/usr/lib/python$(PYTHON_VERSION_MAJOR)/site-packages
-
-## OLA Bindings and Interface selections
-
-ifeq ($(BR2_PACKAGE_OLA_WEB),y)
-OLA_CONF_OPTS += --enable-http
-OLA_DEPENDENCIES += libmicrohttpd
-else
-OLA_CONF_OPTS += --disable-http
-endif
-
-ifeq ($(BR2_PACKAGE_OLA_SLP),y)
-OLA_CONF_OPTS += --enable-slp
-else
-OLA_CONF_OPTS += --disable-slp
-endif
-
-ifeq ($(BR2_PACKAGE_OLA_PYTHON_BINDINGS),y)
-OLA_CONF_OPTS += --enable-python-libs
-OLA_DEPENDENCIES += python python-protobuf
-else
-OLA_CONF_OPTS += --disable-python-libs
-endif
-
-## OLA Examples and Tests
-
-ifeq ($(BR2_PACKAGE_OLA_EXAMPLES),y)
-OLA_CONF_OPTS += --enable-examples
-OLA_DEPENDENCIES += ncurses
-else
-OLA_CONF_OPTS += --disable-examples
-endif
-
-ifeq ($(BR2_PACKAGE_OLA_RDM_TESTS),y)
-OLA_CONF_OPTS += --enable-rdm-tests
-OLA_DEPENDENCIES += python-numpy
-# needed as numpy builds some shared libraries and ola checks for
-# numpy using a host python test program which fails with 'wrong ELF
-# class'.
-OLA_CONF_ENV = ac_cv_have_pymod_numpy=yes
-else
-OLA_CONF_OPTS += --disable-rdm-tests
-endif
-
-## OLA Plugin selections
-
-ifeq ($(BR2_PACKAGE_OLA_PLUGIN_E131),y)
-OLA_CONF_OPTS += --enable-e131
-else
-OLA_CONF_OPTS += --disable-e131
-endif
-
-ifeq ($(BR2_PACKAGE_OLA_PLUGIN_ARTNET),y)
-OLA_CONF_OPTS += --enable-artnet
-else
-OLA_CONF_OPTS += --disable-artnet
-endif
-
-ifeq ($(BR2_PACKAGE_OLA_PLUGIN_OPENDMX),y)
-OLA_CONF_OPTS += --enable-opendmx
-else
-OLA_CONF_OPTS += --disable-opendmx
-endif
-
-ifeq ($(BR2_PACKAGE_OLA_PLUGIN_DUMMY),y)
-OLA_CONF_OPTS += --enable-dummy
-else
-OLA_CONF_OPTS += --disable-dummy
-endif
-
-ifeq ($(BR2_PACKAGE_OLA_PLUGIN_ESPNET),y)
-OLA_CONF_OPTS += --enable-espnet
-else
-OLA_CONF_OPTS += --disable-espnet
-endif
-
-ifeq ($(BR2_PACKAGE_OLA_PLUGIN_KINET),y)
-OLA_CONF_OPTS += --enable-kinet
-else
-OLA_CONF_OPTS += --disable-kinet
-endif
-
-ifeq ($(BR2_PACKAGE_OLA_PLUGIN_OSC),y)
-OLA_CONF_OPTS += --enable-osc
-OLA_DEPENDENCIES += liblo
-else
-OLA_CONF_OPTS += --disable-osc
-endif
-
-ifeq ($(BR2_PACKAGE_OLA_PLUGIN_MILINT),y)
-OLA_CONF_OPTS += --enable-milinst
-else
-OLA_CONF_OPTS += --disable-milinst
-endif
-
-ifeq ($(BR2_PACKAGE_OLA_PLUGIN_PATHPORT),y)
-OLA_CONF_OPTS += --enable-pathport
-else
-OLA_CONF_OPTS += --disable-pathport
-endif
-
-ifeq ($(BR2_PACKAGE_OLA_PLUGIN_SANDNET),y)
-OLA_CONF_OPTS += --enable-sandnet
-else
-OLA_CONF_OPTS += --disable-sandnet
-endif
-
-ifeq ($(BR2_PACKAGE_OLA_PLUGIN_SHOWNET),y)
-OLA_CONF_OPTS += --enable-shownet
-else
-OLA_CONF_OPTS += --disable-shownet
-endif
-
-ifeq ($(BR2_PACKAGE_OLA_PLUGIN_STAGEPROFI),y)
-OLA_CONF_OPTS += --enable-stageprofi --enable-libusb
-else
-OLA_CONF_OPTS += --disable-stageprofi
-endif
-
-ifeq ($(BR2_PACKAGE_OLA_PLUGIN_USBPRO),y)
-OLA_CONF_OPTS += --enable-usbpro --enable-libusb
-else
-OLA_CONF_OPTS += --disable-usbpro
-endif
-
-$(eval $(autotools-package))
-$(eval $(host-autotools-package))
diff -Naurp buildroot-2017.05-rc2/package/opencv/opencv.mk buildroot-2017.05.2/package/opencv/opencv.mk
--- buildroot-2017.05-rc2/package/opencv/opencv.mk      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/opencv/opencv.mk        2017-07-27 08:16:52.017486944 +0200
@@ -192,7 +192,8 @@ OPENCV_CONF_OPTS += -DWITH_GTK=OFF
 endif
 
 ifeq ($(BR2_PACKAGE_OPENCV_WITH_JASPER),y)
-OPENCV_CONF_OPTS += -DWITH_JASPER=ON
+OPENCV_CONF_OPTS += -DWITH_JASPER=ON \
+       -DCMAKE_CXX_FLAGS="$(TARGET_CXXFLAGS) -D__STDC_LIMIT_MACROS"
 OPENCV_DEPENDENCIES += jasper
 else
 OPENCV_CONF_OPTS += -DWITH_JASPER=OFF
diff -Naurp buildroot-2017.05-rc2/package/openpowerlink/0004-FIX-use-contrib-getopt-only-on-Windows.patch buildroot-2017.05.2/package/openpowerlink/0004-FIX-use-contrib-getopt-only-on-Windows.patch
--- buildroot-2017.05-rc2/package/openpowerlink/0004-FIX-use-contrib-getopt-only-on-Windows.patch       1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/openpowerlink/0004-FIX-use-contrib-getopt-only-on-Windows.patch 2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,102 @@
+From d05273e65657d82e44fb7bd91a8fba0ba990ff2c Mon Sep 17 00:00:00 2001
+From: Romain Naour <romain.naour@gmail.com>
+Date: Sat, 27 May 2017 23:51:41 +0200
+Subject: [PATCH] [FIX] use contrib getopt() only on Windows
+
+Otherwise, contrib getopt will clash with the one from the libc when
+building statically.
+
+lib64/libc.a(getopt.os):(.data+0x8): multiple definition of `optind'
+CMakeFiles/demo_mn_console.dir/__/__/contrib/getopt/getopt.c.o:(.data+0x8): first defined here
+lib64/libc.a(getopt.os):(.data+0x4): multiple definition of `opterr'
+CMakeFiles/demo_mn_console.dir/__/__/contrib/getopt/getopt.c.o:(.data+0xc): first defined here
+/lib64/libc.a(getopt.os): In function `__GI_getopt':
+getopt.c:(.text+0x76e): multiple definition of `getopt'
+
+Signed-off-by: Romain Naour <romain.naour@gmail.com>
+---
+ apps/demo_cn_console/CMakeLists.txt | 2 +-
+ apps/demo_cn_console/src/main.c     | 6 ++++++
+ apps/demo_mn_console/CMakeLists.txt | 2 +-
+ apps/demo_mn_console/src/main.c     | 6 ++++++
+ 4 files changed, 14 insertions(+), 2 deletions(-)
+
+diff --git a/apps/demo_cn_console/CMakeLists.txt b/apps/demo_cn_console/CMakeLists.txt
+index a3a80bb..5733213 100644
+--- a/apps/demo_cn_console/CMakeLists.txt
++++ b/apps/demo_cn_console/CMakeLists.txt
+@@ -61,7 +61,6 @@ SET(DEMO_SOURCES
+     ${COMMON_SOURCE_DIR}/eventlog/eventlog.c
+     ${COMMON_SOURCE_DIR}/eventlog/eventlogstring.c
+     ${CONTRIB_SOURCE_DIR}/console/printlog.c
+-    ${CONTRIB_SOURCE_DIR}/getopt/getopt.c
+     )
+ 
+ INCLUDE_DIRECTORIES(
+@@ -114,6 +113,7 @@ ENDIF (CFG_KERNEL_STACK_DIRECTLINK)
+ IF(CMAKE_SYSTEM_NAME STREQUAL "Linux")
+     include(linux.cmake)
+ ELSEIF(CMAKE_SYSTEM_NAME STREQUAL "Windows")
++    SET(DEMO_SOURCES ${DEMO_SOURCES} ${CONTRIB_SOURCE_DIR}/getopt/getopt.c)
+     include (windows.cmake)
+ ELSE()
+     MESSAGE(FATAL_ERROR "System ${CMAKE_SYSTEM_NAME} is not supported!")
+diff --git a/apps/demo_cn_console/src/main.c b/apps/demo_cn_console/src/main.c
+index c630586..9406473 100644
+--- a/apps/demo_cn_console/src/main.c
++++ b/apps/demo_cn_console/src/main.c
+@@ -50,7 +50,13 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ 
+ #include <system/system.h>
+ #include <obdcreate/obdcreate.h>
++
++#if (TARGET_SYSTEM == _WIN32_)
+ #include <getopt/getopt.h>
++#else
++#include <unistd.h>
++#endif
++
+ #include <console/console.h>
+ #include <eventlog/eventlog.h>
+ 
+diff --git a/apps/demo_mn_console/CMakeLists.txt b/apps/demo_mn_console/CMakeLists.txt
+index 9c3378c..a81c4b3 100644
+--- a/apps/demo_mn_console/CMakeLists.txt
++++ b/apps/demo_mn_console/CMakeLists.txt
+@@ -67,7 +67,6 @@ SET(DEMO_SOURCES
+     ${COMMON_SOURCE_DIR}/eventlog/eventlog.c
+     ${COMMON_SOURCE_DIR}/eventlog/eventlogstring.c
+     ${CONTRIB_SOURCE_DIR}/console/printlog.c
+-    ${CONTRIB_SOURCE_DIR}/getopt/getopt.c
+     )
+ 
+ INCLUDE_DIRECTORIES(
+@@ -129,6 +128,7 @@ ENDIF()
+ IF(CMAKE_SYSTEM_NAME STREQUAL "Linux")
+     include(linux.cmake)
+ ELSEIF(CMAKE_SYSTEM_NAME STREQUAL "Windows")
++    SET(DEMO_SOURCES ${DEMO_SOURCES} ${CONTRIB_SOURCE_DIR}/getopt/getopt.c)
+     include (windows.cmake)
+ ELSE()
+     MESSAGE(FATAL_ERROR "System ${CMAKE_SYSTEM_NAME} is not supported!")
+diff --git a/apps/demo_mn_console/src/main.c b/apps/demo_mn_console/src/main.c
+index 12d9be0..194e446 100644
+--- a/apps/demo_mn_console/src/main.c
++++ b/apps/demo_mn_console/src/main.c
+@@ -50,7 +50,13 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ 
+ #include <system/system.h>
+ #include <obdcreate/obdcreate.h>
++
++#if (TARGET_SYSTEM == _WIN32_)
+ #include <getopt/getopt.h>
++#else
++#include <unistd.h>
++#endif
++
+ #include <console/console.h>
+ #include <eventlog/eventlog.h>
+ 
+-- 
+2.9.4
+
diff -Naurp buildroot-2017.05-rc2/package/openpowerlink/0005-FIX-use-pcap-config-to-fix-static-linking-with-libpc.patch buildroot-2017.05.2/package/openpowerlink/0005-FIX-use-pcap-config-to-fix-static-linking-with-libpc.patch
--- buildroot-2017.05-rc2/package/openpowerlink/0005-FIX-use-pcap-config-to-fix-static-linking-with-libpc.patch 1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/openpowerlink/0005-FIX-use-pcap-config-to-fix-static-linking-with-libpc.patch   2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,166 @@
+From 406e1759dc6a4c18f6a38c3d7571aacb177487c6 Mon Sep 17 00:00:00 2001
+From: Romain Naour <romain.naour@gmail.com>
+Date: Sun, 28 May 2017 00:25:11 +0200
+Subject: [PATCH] [FIX]: use pcap-config to fix static linking with libpcap
+
+When linking demo_mn_console statically with pcap, the CMake build
+system forget to link with other libraries linked with libpcap
+(-lnl-genl-3 -lnl-3 -ldbus-1 -pthread).
+
+[100%] Linking C executable demo_mn_console
+lib64/libpcap.a(pcap-linux.o): In function nl80211_init': pcap-linux.c:(.text+0x41e): undefined reference tonl_socket_alloc'
+
+To fix this, the build system could use pcap-config:
+pcap-config --libs --static
+-L/path/to/sysroot/usr/lib -lpcap -L/path/to/sysroot/usr/lib/.libs
+-lnl-genl-3 -lnl-3 -L/path/to/sysroot/usr/lib -ldbus-1 -pthread
+
+Fixes:
+http://autobuild.buildroot.net/results/f43/f437d09ac6c689c911e1885b95da33b692f2cb3c
+http://autobuild.buildroot.net/results/385/3859dc0f4de7e3284a96d5841f040f69f71842df
+https://github.com/OpenAutomationTechnologies/openPOWERLINK_V2/issues/187
+
+Signed-off-by: Romain Naour <romain.naour@gmail.com>
+---
+ apps/demo_cn_console/linux.cmake             | 20 ++++++++++++++++++++
+ apps/demo_mn_console/linux.cmake             | 20 ++++++++++++++++++++
+ apps/demo_mn_qt/linux.cmake                  | 22 +++++++++++++++++++++-
+ drivers/linux/drv_daemon_pcap/CMakeLists.txt | 22 +++++++++++++++++++++-
+ 4 files changed, 82 insertions(+), 2 deletions(-)
+
+diff --git a/apps/demo_cn_console/linux.cmake b/apps/demo_cn_console/linux.cmake
+index 1c6f51c..7752917 100644
+--- a/apps/demo_cn_console/linux.cmake
++++ b/apps/demo_cn_console/linux.cmake
+@@ -46,8 +46,28 @@ SET (DEMO_ARCH_SOURCES
+ ################################################################################
+ # Set architecture specific libraries
+ 
++IF (NOT CFG_COMPILE_SHARED_LIBRARY)
++    SET(PCAP_CONFIG_OPTS --static)
++ENDIF()
++
+ IF (CFG_KERNEL_STACK_DIRECTLINK OR CFG_KERNEL_STACK_USERSPACE_DAEMON)
++
++find_program(PCAP_CONFIG  NAMES pcap-config PATHS)
++
++if (PCAP_CONFIG)
++    message (STATUS "Looking for pcap-config... ${PCAP_CONFIG}")
++
++    execute_process (COMMAND ${PCAP_CONFIG} --libs ${PCAP_CONFIG_OPTS}
++        OUTPUT_VARIABLE PCAP_LDFLAGS OUTPUT_STRIP_TRAILING_WHITESPACE)
++    execute_process (COMMAND ${PCAP_CONFIG} --cflags ${PCAP_CONFIG_OPTS}
++        OUTPUT_VARIABLE PCAP_CFLAGS OUTPUT_STRIP_TRAILING_WHITESPACE)
++
++   SET (ARCH_LIBRARIES ${ARCH_LIBRARIES} ${PCAP_LDFLAGS})
++else (PCAP_CONFIG)
++    message (STATUS "pcap-config not found, using defaults...")
+     SET (ARCH_LIBRARIES ${ARCH_LIBRARIES} pcap)
++endif (PCAP_CONFIG)
++
+ ENDIF (CFG_KERNEL_STACK_DIRECTLINK OR CFG_KERNEL_STACK_USERSPACE_DAEMON)
+ SET (ARCH_LIBRARIES ${ARCH_LIBRARIES} pthread rt)
+ 
+diff --git a/apps/demo_mn_console/linux.cmake b/apps/demo_mn_console/linux.cmake
+index d24e4fc..5951dbf 100644
+--- a/apps/demo_mn_console/linux.cmake
++++ b/apps/demo_mn_console/linux.cmake
+@@ -46,8 +46,28 @@ SET (DEMO_ARCH_SOURCES
+ ################################################################################
+ # Set architecture specific libraries
+ 
++IF (NOT CFG_COMPILE_SHARED_LIBRARY)
++    SET(PCAP_CONFIG_OPTS --static)
++ENDIF()
++
+ IF (CFG_KERNEL_STACK_DIRECTLINK OR CFG_KERNEL_STACK_USERSPACE_DAEMON)
++
++find_program(PCAP_CONFIG  NAMES pcap-config PATHS)
++
++if (PCAP_CONFIG)
++    message (STATUS "Looking for pcap-config... ${PCAP_CONFIG}")
++
++    execute_process (COMMAND ${PCAP_CONFIG} --libs ${PCAP_CONFIG_OPTS}
++        OUTPUT_VARIABLE PCAP_LDFLAGS OUTPUT_STRIP_TRAILING_WHITESPACE)
++    execute_process (COMMAND ${PCAP_CONFIG} --cflags ${PCAP_CONFIG_OPTS}
++        OUTPUT_VARIABLE PCAP_CFLAGS OUTPUT_STRIP_TRAILING_WHITESPACE)
++
++   SET (ARCH_LIBRARIES ${ARCH_LIBRARIES} ${PCAP_LDFLAGS})
++else (PCAP_CONFIG)
++    message (STATUS "pcap-config not found, using defaults...")
+     SET (ARCH_LIBRARIES ${ARCH_LIBRARIES} pcap)
++endif (PCAP_CONFIG)
++
+ ENDIF (CFG_KERNEL_STACK_DIRECTLINK OR CFG_KERNEL_STACK_USERSPACE_DAEMON)
+ SET (ARCH_LIBRARIES ${ARCH_LIBRARIES} pthread rt)
+ 
+diff --git a/apps/demo_mn_qt/linux.cmake b/apps/demo_mn_qt/linux.cmake
+index 6ed75ee..c69dbd9 100644
+--- a/apps/demo_mn_qt/linux.cmake
++++ b/apps/demo_mn_qt/linux.cmake
+@@ -37,8 +37,28 @@
+ ################################################################################
+ # Set architecture specific libraries
+ 
++IF (NOT CFG_COMPILE_SHARED_LIBRARY)
++    SET(PCAP_CONFIG_OPTS --static)
++ENDIF()
++
+ IF(CFG_KERNEL_STACK_DIRECTLINK OR CFG_KERNEL_STACK_USERSPACE_DAEMON)
+-    SET(ARCH_LIBRARIES ${ARCH_LIBRARIES} pcap)
++
++find_program(PCAP_CONFIG  NAMES pcap-config PATHS)
++
++if (PCAP_CONFIG)
++    message (STATUS "Looking for pcap-config... ${PCAP_CONFIG}")
++
++    execute_process (COMMAND ${PCAP_CONFIG} --libs ${PCAP_CONFIG_OPTS}
++        OUTPUT_VARIABLE PCAP_LDFLAGS OUTPUT_STRIP_TRAILING_WHITESPACE)
++    execute_process (COMMAND ${PCAP_CONFIG} --cflags ${PCAP_CONFIG_OPTS}
++        OUTPUT_VARIABLE PCAP_CFLAGS OUTPUT_STRIP_TRAILING_WHITESPACE)
++
++   SET (ARCH_LIBRARIES ${ARCH_LIBRARIES} ${PCAP_LDFLAGS})
++else (PCAP_CONFIG)
++    message (STATUS "pcap-config not found, using defaults...")
++    SET (ARCH_LIBRARIES ${ARCH_LIBRARIES} pcap)
++endif (PCAP_CONFIG)
++
+ ENDIF()
+ SET(ARCH_LIBRARIES ${ARCH_LIBRARIES} pthread rt)
+ 
+diff --git a/drivers/linux/drv_daemon_pcap/CMakeLists.txt b/drivers/linux/drv_daemon_pcap/CMakeLists.txt
+index 2b4a2c1..98f693f 100644
+--- a/drivers/linux/drv_daemon_pcap/CMakeLists.txt
++++ b/drivers/linux/drv_daemon_pcap/CMakeLists.txt
+@@ -134,7 +134,27 @@ INCLUDE_DIRECTORIES(
+     ${CONTRIB_SOURCE_DIR}
+     )
+ 
+-SET (ARCH_LIBRARIES pcap pthread rt)
++IF (NOT CFG_COMPILE_SHARED_LIBRARY)
++    SET(PCAP_CONFIG_OPTS --static)
++ENDIF()
++
++find_program(PCAP_CONFIG  NAMES pcap-config PATHS)
++
++if (PCAP_CONFIG)
++    message (STATUS "Looking for pcap-config... ${PCAP_CONFIG}")
++
++    execute_process (COMMAND ${PCAP_CONFIG} --libs ${PCAP_CONFIG_OPTS}
++        OUTPUT_VARIABLE PCAP_LDFLAGS OUTPUT_STRIP_TRAILING_WHITESPACE)
++    execute_process (COMMAND ${PCAP_CONFIG} --cflags ${PCAP_CONFIG_OPTS}
++        OUTPUT_VARIABLE PCAP_CFLAGS OUTPUT_STRIP_TRAILING_WHITESPACE)
++
++   SET (ARCH_LIBRARIES ${ARCH_LIBRARIES} ${PCAP_LDFLAGS})
++else (PCAP_CONFIG)
++    message (STATUS "pcap-config not found, using defaults...")
++    SET (ARCH_LIBRARIES ${ARCH_LIBRARIES} pcap)
++endif (PCAP_CONFIG)
++
++SET (ARCH_LIBRARIES ${ARCH_LIBRARIES} pthread rt)
+ 
+ ADD_EXECUTABLE(${EXE_NAME} ${DRV_SOURCES})
+ SET_PROPERTY(TARGET ${EXE_NAME} PROPERTY COMPILE_DEFINITIONS_DEBUG DEBUG;DEF_DEBUG_LVL=${CFG_DEBUG_LVL})
+-- 
+2.9.4
+
diff -Naurp buildroot-2017.05-rc2/package/openpowerlink/openpowerlink.mk buildroot-2017.05.2/package/openpowerlink/openpowerlink.mk
--- buildroot-2017.05-rc2/package/openpowerlink/openpowerlink.mk        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/openpowerlink/openpowerlink.mk  2017-07-27 08:16:52.017486944 +0200
@@ -40,7 +40,8 @@ OPENPOWERLINK_CONF_OPTS += \
        -DCFG_COMPILE_LIB_CN=$(OPENPOWERLINK_CN_ONOFF) \
        -DCFG_COMPILE_LIB_CNAPP_USERINTF=OFF \
        -DCFG_COMPILE_LIB_CNAPP_KERNELINTF=OFF \
-       -DCFG_COMPILE_LIB_CNDRV_PCAP=OFF
+       -DCFG_COMPILE_LIB_CNDRV_PCAP=OFF \
+       -DPCAP_CONFIG="$(STAGING_DIR)/usr/bin/pcap-config"
 else ifeq ($(BR2_PACKAGE_OPENPOWERLINK_STACK_USERSPACE_DAEMON_LIB),y)
 OPENPOWERLINK_DEPENDENCIES += libpcap
 OPENPOWERLINK_CONF_OPTS += \
@@ -52,7 +53,8 @@ OPENPOWERLINK_CONF_OPTS += \
        -DCFG_COMPILE_LIB_CN=OFF \
        -DCFG_COMPILE_LIB_CNAPP_USERINTF=$(OPENPOWERLINK_CN_ONOFF) \
        -DCFG_COMPILE_LIB_CNAPP_KERNELINTF=OFF \
-       -DCFG_COMPILE_LIB_CNDRV_PCAP=$(OPENPOWERLINK_CN_ONOFF)
+       -DCFG_COMPILE_LIB_CNDRV_PCAP=$(OPENPOWERLINK_CN_ONOFF) \
+       -DPCAP_CONFIG="$(STAGING_DIR)/usr/bin/pcap-config"
 else ifeq ($(BR2_PACKAGE_OPENPOWERLINK_STACK_KERNEL_STACK_LIB),y)
 OPENPOWERLINK_CONF_OPTS += \
        -DCFG_COMPILE_LIB_MN=OFF \
diff -Naurp buildroot-2017.05-rc2/package/openssh/openssh.hash buildroot-2017.05.2/package/openssh/openssh.hash
--- buildroot-2017.05-rc2/package/openssh/openssh.hash  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/openssh/openssh.hash    2017-07-27 08:16:52.017486944 +0200
@@ -1,2 +1,4 @@
 # From http://www.openssh.com/txt/release-7.5 (base64 encoded)
 sha256 9846e3c5fab9f0547400b4d2c017992f914222b3fd1f8eee6c7dc6bc5e59f9f0  openssh-7.5p1.tar.gz
+sha256 310860606c4175cdfd095e724f624df27340c89a916f7a09300bcb7988d5cfbf  afc3e31b637db9dae106d4fad78f7b481c8c24e3.patch
+sha256 395aa1006967713b599555440e09f898781a5559e496223587401768ece10904  f4fcd8c788a4854d4ebae400cf55e3957f906835.patch
diff -Naurp buildroot-2017.05-rc2/package/openssh/openssh.mk buildroot-2017.05.2/package/openssh/openssh.mk
--- buildroot-2017.05-rc2/package/openssh/openssh.mk    2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/openssh/openssh.mk      2017-07-27 08:16:52.017486944 +0200
@@ -8,6 +8,12 @@ OPENSSH_VERSION = 7.5p1
 OPENSSH_SITE = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable
 OPENSSH_LICENSE = BSD-3-Clause, BSD-2-Clause, Public Domain
 OPENSSH_LICENSE_FILES = LICENCE
+# Autoreconf needed due to the following patches modifying configure.ac:
+# f4fcd8c788a4854d4ebae400cf55e3957f906835.patch
+# afc3e31b637db9dae106d4fad78f7b481c8c24e3.patch
+OPENSSH_AUTORECONF = YES
+OPENSSH_PATCH = https://github.com/openssh/openssh-portable/commit/f4fcd8c788a4854d4ebae400cf55e3957f906835.patch \
+       https://github.com/openssh/openssh-portable/commit/afc3e31b637db9dae106d4fad78f7b481c8c24e3.patch
 OPENSSH_CONF_ENV = LD="$(TARGET_CC)" LDFLAGS="$(TARGET_CFLAGS)"
 OPENSSH_CONF_OPTS = \
        --sysconfdir=/etc/ssh \
diff -Naurp buildroot-2017.05-rc2/package/openvpn/openvpn.hash buildroot-2017.05.2/package/openvpn/openvpn.hash
--- buildroot-2017.05-rc2/package/openvpn/openvpn.hash  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/openvpn/openvpn.hash    2017-07-27 08:16:52.017486944 +0200
@@ -1,2 +1,2 @@
-# Locally calculated
-sha256 df5c4f384b7df6b08a2f6fa8a84b9fd382baf59c2cef1836f82e2a7f62f1bff9  openvpn-2.4.2.tar.xz
+# Locally calculated after checking signature
+sha256 15e15fc97f189b52aee7c90ec8355aa77469c773125110b4c2f089abecde36fb  openvpn-2.4.3.tar.xz
diff -Naurp buildroot-2017.05-rc2/package/openvpn/openvpn.mk buildroot-2017.05.2/package/openvpn/openvpn.mk
--- buildroot-2017.05-rc2/package/openvpn/openvpn.mk    2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/openvpn/openvpn.mk      2017-07-27 08:16:52.017486944 +0200
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-OPENVPN_VERSION = 2.4.2
+OPENVPN_VERSION = 2.4.3
 OPENVPN_SOURCE = openvpn-$(OPENVPN_VERSION).tar.xz
 OPENVPN_SITE = http://swupdate.openvpn.net/community/releases
 OPENVPN_DEPENDENCIES = host-pkgconf openssl
diff -Naurp buildroot-2017.05-rc2/package/oracle-mysql/0008-fix-type-conversion.patch buildroot-2017.05.2/package/oracle-mysql/0008-fix-type-conversion.patch
--- buildroot-2017.05-rc2/package/oracle-mysql/0008-fix-type-conversion.patch   1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/oracle-mysql/0008-fix-type-conversion.patch     2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,22 @@
+Fix type conversion
+
+Fixes the following build error with gcc 6.x:
+
+protocol.cc:27:40: error: narrowing conversion of ''\37777777776'' from 'char' to 'uchar {aka unsigned char}' inside { } [-Wnarrowing]
+ static uchar eof_buff[1]= { (char) 254 }; /* Marker for end of fields */
+
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+
+Index: b/server-tools/instance-manager/protocol.cc
+===================================================================
+--- a/server-tools/instance-manager/protocol.cc
++++ b/server-tools/instance-manager/protocol.cc
+@@ -24,7 +24,7 @@
+ #include <m_string.h>
+ 
+ 
+-static uchar eof_buff[1]= { (char) 254 }; /* Marker for end of fields */
++static uchar eof_buff[1]= { (uchar) 254 }; /* Marker for end of fields */
+ static const char ERROR_PACKET_CODE= (char) 255;
+ 
+ 
diff -Naurp buildroot-2017.05-rc2/package/orc/Config.in buildroot-2017.05.2/package/orc/Config.in
--- buildroot-2017.05-rc2/package/orc/Config.in 2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/orc/Config.in   2017-07-27 08:16:52.017486944 +0200
@@ -6,7 +6,7 @@ config BR2_PACKAGE_ORC
          Orc is a library and set of tools for compiling and executing
          very simple programs that operate on arrays of data.
 
-         http://code.entropywave.com/projects/orc/
+         https://gstreamer.freedesktop.org/projects/orc.html
 
 comment "orc needs a toolchain w/ threads"
        depends on !BR2_TOOLCHAIN_HAS_THREADS
diff -Naurp buildroot-2017.05-rc2/package/pcre/0003-CVE-2017-6004.patch buildroot-2017.05.2/package/pcre/0003-CVE-2017-6004.patch
--- buildroot-2017.05-rc2/package/pcre/0003-CVE-2017-6004.patch 2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/pcre/0003-CVE-2017-6004.patch   1970-01-01 01:00:00.000000000 +0100
@@ -1,21 +0,0 @@
-Description: CVE-2017-6004: crafted regular expression may cause denial of service
-Origin: upstream, https://vcs.pcre.org/pcre/code/trunk/pcre_jit_compile.c?r1=1676&r2=1680&view=patch
-Bug: https://bugs.exim.org/show_bug.cgi?id=2035
-Bug-Debian: https://bugs.debian.org/855405
-Forwarded: not-needed
-Author: Salvatore Bonaccorso <carnil@debian.org>
-Last-Update: 2017-02-17
-
-Signed-off-by: Baruch Siach <baruch@tkos.co.il>
-
---- a/pcre_jit_compile.c
-+++ b/pcre_jit_compile.c
-@@ -8111,7 +8111,7 @@ if (opcode == OP_COND || opcode == OP_SC
- 
-     if (*matchingpath == OP_FAIL)
-       stacksize = 0;
--    if (*matchingpath == OP_RREF)
-+    else if (*matchingpath == OP_RREF)
-       {
-       stacksize = GET2(matchingpath, 1);
-       if (common->currententry == NULL)
diff -Naurp buildroot-2017.05-rc2/package/pcre/0004-CVE-2017-7186.patch buildroot-2017.05.2/package/pcre/0004-CVE-2017-7186.patch
--- buildroot-2017.05-rc2/package/pcre/0004-CVE-2017-7186.patch 2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/pcre/0004-CVE-2017-7186.patch   1970-01-01 01:00:00.000000000 +0100
@@ -1,60 +0,0 @@
-Description: Upstream fix for CVE-2017-7186 (Upstream rev 1688)
- Fix Unicode property crash for 32-bit characters greater than 0x10ffff.
-Author: Matthew Vernon <matthew@debian.org>
-X-Dgit-Generated: 2:8.39-3 c4c2c7c4f74d53b263af2471d8e11db88096bd13
-
-Signed-off-by: Baruch Siach <baruch@tkos.co.il>
----
-
---- pcre3-8.39.orig/pcre_internal.h
-+++ pcre3-8.39/pcre_internal.h
-@@ -2772,6 +2772,9 @@ extern const pcre_uint8  PRIV(ucd_stage1
- extern const pcre_uint16 PRIV(ucd_stage2)[];
- extern const pcre_uint32 PRIV(ucp_gentype)[];
- extern const pcre_uint32 PRIV(ucp_gbtable)[];
-+#ifdef COMPILE_PCRE32
-+extern const ucd_record  PRIV(dummy_ucd_record)[];
-+#endif
- #ifdef SUPPORT_JIT
- extern const int         PRIV(ucp_typerange)[];
- #endif
-@@ -2780,9 +2783,15 @@ extern const int         PRIV(ucp_typera
- /* UCD access macros */
- 
- #define UCD_BLOCK_SIZE 128
--#define GET_UCD(ch) (PRIV(ucd_records) + \
-+#define REAL_GET_UCD(ch) (PRIV(ucd_records) + \
-         PRIV(ucd_stage2)[PRIV(ucd_stage1)[(int)(ch) / UCD_BLOCK_SIZE] * \
-         UCD_BLOCK_SIZE + (int)(ch) % UCD_BLOCK_SIZE])
-+        
-+#ifdef COMPILE_PCRE32
-+#define GET_UCD(ch) ((ch > 0x10ffff)? PRIV(dummy_ucd_record) : REAL_GET_UCD(ch))
-+#else
-+#define GET_UCD(ch) REAL_GET_UCD(ch)
-+#endif 
- 
- #define UCD_CHARTYPE(ch)    GET_UCD(ch)->chartype
- #define UCD_SCRIPT(ch)      GET_UCD(ch)->script
---- pcre3-8.39.orig/pcre_ucd.c
-+++ pcre3-8.39/pcre_ucd.c
-@@ -38,6 +38,20 @@ const pcre_uint16 PRIV(ucd_stage2)[] = {
- const pcre_uint32 PRIV(ucd_caseless_sets)[] = {0};
- #else
- 
-+/* If the 32-bit library is run in non-32-bit mode, character values
-+greater than 0x10ffff may be encountered. For these we set up a
-+special record. */
-+
-+#ifdef COMPILE_PCRE32
-+const ucd_record PRIV(dummy_ucd_record)[] = {{
-+  ucp_Common,    /* script */
-+  ucp_Cn,        /* type unassigned */
-+  ucp_gbOther,   /* grapheme break property */
-+  0,             /* case set */
-+  0,             /* other case */
-+  }};
-+#endif
-+
- /* When recompiling tables with a new Unicode version, please check the
- types in this structure definition from pcre_internal.h (the actual
- field names will be different):
diff -Naurp buildroot-2017.05-rc2/package/pcre/pcre.hash buildroot-2017.05.2/package/pcre/pcre.hash
--- buildroot-2017.05-rc2/package/pcre/pcre.hash        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/pcre/pcre.hash  2017-07-27 08:16:52.017486944 +0200
@@ -1,2 +1,2 @@
 # Locally calculated after checking pgp signature
-sha256 00e27a29ead4267e3de8111fcaa59b132d0533cdfdbdddf4b0604279acbcf4f4        pcre-8.40.tar.bz2
+sha256 e62c7eac5ae7c0e7286db61ff82912e1c0b7a0c13706616e94a7dd729321b530  pcre-8.41.tar.bz2
diff -Naurp buildroot-2017.05-rc2/package/pcre/pcre.mk buildroot-2017.05.2/package/pcre/pcre.mk
--- buildroot-2017.05-rc2/package/pcre/pcre.mk  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/pcre/pcre.mk    2017-07-27 08:16:52.017486944 +0200
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-PCRE_VERSION = 8.40
+PCRE_VERSION = 8.41
 PCRE_SITE = https://ftp.pcre.org/pub/pcre
 PCRE_SOURCE = pcre-$(PCRE_VERSION).tar.bz2
 PCRE_LICENSE = BSD-3-Clause
diff -Naurp buildroot-2017.05-rc2/package/php/php.hash buildroot-2017.05.2/package/php/php.hash
--- buildroot-2017.05-rc2/package/php/php.hash  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/php/php.hash    2017-07-27 08:16:52.017486944 +0200
@@ -1,2 +1,5 @@
 # From http://php.net/downloads.php
-sha256 d149a3c396c45611f5dc6bf14be190f464897145a76a8e5851cf18ff7094f6ac  php-7.1.5.tar.xz
+sha256 0d42089729be7b2bb0308cbe189c2782f9cb4b07078c8a235495be5874fff729  php-7.1.7.tar.xz
+
+# License file
+sha256 a44951f93b10c87c3f7cd9f311d95999c57c95ed950eec32b14c1c7ea6baf25e  LICENSE
diff -Naurp buildroot-2017.05-rc2/package/php/php.mk buildroot-2017.05.2/package/php/php.mk
--- buildroot-2017.05-rc2/package/php/php.mk    2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/php/php.mk      2017-07-27 08:16:52.017486944 +0200
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-PHP_VERSION = 7.1.5
+PHP_VERSION = 7.1.7
 PHP_SITE = http://www.php.net/distributions
 PHP_SOURCE = php-$(PHP_VERSION).tar.xz
 PHP_INSTALL_STAGING = YES
diff -Naurp buildroot-2017.05-rc2/package/pngquant/pngquant.mk buildroot-2017.05.2/package/pngquant/pngquant.mk
--- buildroot-2017.05-rc2/package/pngquant/pngquant.mk  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/pngquant/pngquant.mk    2017-07-27 08:16:52.017486944 +0200
@@ -36,6 +36,7 @@ endef
 define HOST_PNGQUANT_CONFIGURE_CMDS
        (cd $(@D) && \
                $(HOST_CONFIGURE_OPTS) \
+               CC=$(HOSTCC_NOCCACHE) \
                ./configure --prefix=$(HOST_DIR)/usr \
                --without-lcms2 \
        )
diff -Naurp buildroot-2017.05-rc2/package/popt/popt.mk buildroot-2017.05.2/package/popt/popt.mk
--- buildroot-2017.05-rc2/package/popt/popt.mk  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/popt/popt.mk    2017-07-27 08:16:52.017486944 +0200
@@ -21,6 +21,7 @@ POPT_CONF_ENV = ac_cv_va_copy=yes
 ifeq ($(BR2_PACKAGE_LIBICONV),y)
 POPT_CONF_ENV += am_cv_lib_iconv=yes
 POPT_CONF_OPTS += --with-libiconv-prefix=$(STAGING_DIR)/usr
+POPT_DEPENDENCIES += libiconv
 endif
 
 $(eval $(autotools-package))
diff -Naurp buildroot-2017.05-rc2/package/protobuf/0001-Fix-freebsd-build.patch buildroot-2017.05.2/package/protobuf/0001-Fix-freebsd-build.patch
--- buildroot-2017.05-rc2/package/protobuf/0001-Fix-freebsd-build.patch 1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/protobuf/0001-Fix-freebsd-build.patch   2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,145 @@
+From 416f90939d4de58fe1a4e2489120010313183291 Mon Sep 17 00:00:00 2001
+From: Feng Xiao <xfxyjwf@gmail.com>
+Date: Tue, 14 Mar 2017 23:12:52 +0000
+Subject: [PATCH] Fix freebsd build.
+
+It turns out system headers included by generated plugin.pb.h file already contains
+major/minor macro definitions when built on FreeBSD and we need to add #undefs to
+the generated header file.
+
+This change also fixes another compile error regarding EXPECT_DEATH on FreeBSD.
+
+Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
+---
+ src/google/protobuf/compiler/cpp/cpp_file.cc      | 46 +++++++++++++++++++++++
+ src/google/protobuf/compiler/cpp/cpp_file.h       |  9 +++++
+ src/google/protobuf/compiler/plugin.pb.h          |  6 +++
+ src/google/protobuf/stubs/stringpiece_unittest.cc |  2 +
+ 4 files changed, 63 insertions(+)
+
+diff --git a/src/google/protobuf/compiler/cpp/cpp_file.cc b/src/google/protobuf/compiler/cpp/cpp_file.cc
+index 0e5e2f1..f2e013c 100644
+--- a/src/google/protobuf/compiler/cpp/cpp_file.cc
++++ b/src/google/protobuf/compiler/cpp/cpp_file.cc
+@@ -54,6 +54,39 @@ namespace google {
+ namespace protobuf {
+ namespace compiler {
+ namespace cpp {
++namespace {
++// The list of names that are defined as macros on some platforms. We need to
++// #undef them for the generated code to compile.
++const char* kMacroNames[] = {"major", "minor"};
++
++bool IsMacroName(const string& name) {
++  // Just do a linear search as the number of elements is very small.
++  for (int i = 0; i < GOOGLE_ARRAYSIZE(kMacroNames); ++i) {
++    if (name == kMacroNames[i]) return true;
++  }
++  return false;
++}
++
++void CollectMacroNames(const Descriptor* message, vector<string>* names) {
++  for (int i = 0; i < message->field_count(); ++i) {
++    const FieldDescriptor* field = message->field(i);
++    if (IsMacroName(field->name())) {
++      names->push_back(field->name());
++    }
++  }
++  for (int i = 0; i < message->nested_type_count(); ++i) {
++    CollectMacroNames(message->nested_type(i), names);
++  }
++}
++
++void CollectMacroNames(const FileDescriptor* file, vector<string>* names) {
++  for (int i = 0; i < file->message_type_count(); ++i) {
++    CollectMacroNames(file->message_type(i), names);
++  }
++}
++
++
++}  // namespace
+ 
+ // ===================================================================
+ 
+@@ -103,10 +136,23 @@ FileGenerator::FileGenerator(const FileDescriptor* file, const Options& options)
+ 
+ FileGenerator::~FileGenerator() {}
+ 
++void FileGenerator::GenerateMacroUndefs(io::Printer* printer) {
++  vector<string> names_to_undef;
++  CollectMacroNames(file_, &names_to_undef);
++  for (int i = 0; i < names_to_undef.size(); ++i) {
++    printer->Print(
++        "#ifdef $name$\n"
++        "#undef $name$\n"
++        "#endif\n",
++        "name", names_to_undef[i]);
++  }
++}
++
+ void FileGenerator::GenerateHeader(io::Printer* printer) {
+   printer->Print(
+     "// @@protoc_insertion_point(includes)\n");
+ 
++  GenerateMacroUndefs(printer);
+ 
+   GenerateForwardDeclarations(printer);
+ 
+diff --git a/src/google/protobuf/compiler/cpp/cpp_file.h b/src/google/protobuf/compiler/cpp/cpp_file.h
+index 25d6eab..e3fbb96 100644
+--- a/src/google/protobuf/compiler/cpp/cpp_file.h
++++ b/src/google/protobuf/compiler/cpp/cpp_file.h
+@@ -133,6 +133,15 @@ class FileGenerator {
+ 
+   void GenerateProto2NamespaceEnumSpecializations(io::Printer* printer);
+ 
++  // Sometimes the names we use in a .proto file happen to be defined as macros
++  // on some platforms (e.g., macro/minor used in plugin.proto are defined as
++  // macros in sys/types.h on FreeBSD and a few other platforms). To make the
++  // generated code compile on these platforms, we either have to undef the
++  // macro for these few platforms, or rename the field name for all platforms.
++  // Since these names are part of protobuf public API, renaming is generally
++  // a breaking change so we prefer the #undef approach.
++  void GenerateMacroUndefs(io::Printer* printer);
++
+   const FileDescriptor* file_;
+   const Options options_;
+ 
+diff --git a/src/google/protobuf/compiler/plugin.pb.h b/src/google/protobuf/compiler/plugin.pb.h
+index 1b91dac..d6afb21 100644
+--- a/src/google/protobuf/compiler/plugin.pb.h
++++ b/src/google/protobuf/compiler/plugin.pb.h
+@@ -30,6 +30,12 @@
+ #include <google/protobuf/unknown_field_set.h>
+ #include <google/protobuf/descriptor.pb.h>
+ // @@protoc_insertion_point(includes)
++#ifdef major
++#undef major
++#endif
++#ifdef minor
++#undef minor
++#endif
+ namespace google {
+ namespace protobuf {
+ class DescriptorProto;
+diff --git a/src/google/protobuf/stubs/stringpiece_unittest.cc b/src/google/protobuf/stubs/stringpiece_unittest.cc
+index a52d81f..a6a8759 100644
+--- a/src/google/protobuf/stubs/stringpiece_unittest.cc
++++ b/src/google/protobuf/stubs/stringpiece_unittest.cc
+@@ -783,11 +783,13 @@ TEST(FindOneCharTest, EdgeCases) {
+   EXPECT_EQ(StringPiece::npos, a.rfind('x'));
+ }
+ 
++#ifdef PROTOBUF_HAS_DEATH_TEST
+ #ifndef NDEBUG
+ TEST(NonNegativeLenTest, NonNegativeLen) {
+   EXPECT_DEATH(StringPiece("xyz", -1), "len >= 0");
+ }
+ #endif  // ndef DEBUG
++#endif  // PROTOBUF_HAS_DEATH_TEST
+ 
+ }  // namespace
+ }  // namespace protobuf
+-- 
+2.7.5
+
diff -Naurp buildroot-2017.05-rc2/package/protobuf/protobuf.hash buildroot-2017.05.2/package/protobuf/protobuf.hash
--- buildroot-2017.05-rc2/package/protobuf/protobuf.hash        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/protobuf/protobuf.hash  2017-07-27 08:16:52.017486944 +0200
@@ -1,3 +1,2 @@
 # Locally calculated
 sha256 51d773e4297238b282eaa4c1dd317099675b12eef2b414732b851c00459225c6 protobuf-cpp-3.2.0.tar.gz
-sha256 da80c39838515913633f4cbd875fdd4ad711be95c83a50ff5096b9f1254033b3 416f90939d4de58fe1a4e2489120010313183291.patch
diff -Naurp buildroot-2017.05-rc2/package/protobuf/protobuf.mk buildroot-2017.05.2/package/protobuf/protobuf.mk
--- buildroot-2017.05-rc2/package/protobuf/protobuf.mk  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/protobuf/protobuf.mk    2017-07-27 08:16:52.017486944 +0200
@@ -23,8 +23,6 @@ endif
 
 PROTOBUF_INSTALL_STAGING = YES
 
-PROTOBUF_PATCH = https://github.com/google/protobuf/commit/416f90939d4de58fe1a4e2489120010313183291.patch
-
 ifeq ($(BR2_PACKAGE_ZLIB),y)
 PROTOBUF_DEPENDENCIES += zlib
 endif
diff -Naurp buildroot-2017.05-rc2/package/pulseaudio/pulseaudio.mk buildroot-2017.05.2/package/pulseaudio/pulseaudio.mk
--- buildroot-2017.05-rc2/package/pulseaudio/pulseaudio.mk      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/pulseaudio/pulseaudio.mk        2017-07-27 08:16:52.017486944 +0200
@@ -32,6 +32,7 @@ PULSEAUDIO_DEPENDENCIES = \
        $(if $(BR2_PACKAGE_AVAHI_DAEMON),avahi) \
        $(if $(BR2_PACKAGE_DBUS),dbus) \
        $(if $(BR2_PACKAGE_BLUEZ_UTILS),bluez_utils) \
+       $(if $(BR2_PACKAGE_BLUEZ5_UTILS),bluez5_utils) \
        $(if $(BR2_PACKAGE_OPENSSL),openssl) \
        $(if $(BR2_PACKAGE_FFTW),fftw) \
        $(if $(BR2_PACKAGE_SYSTEMD),systemd)
@@ -121,8 +122,6 @@ ifneq ($(BR2_ENABLE_LOCALE),y)
 define PULSEAUDIO_FIXUP_DESKTOP_FILES
        cp $(@D)/src/daemon/pulseaudio.desktop.in \
                $(@D)/src/daemon/pulseaudio.desktop
-       cp $(@D)/src/daemon/pulseaudio-kde.desktop.in \
-               $(@D)/src/daemon/pulseaudio-kde.desktop
 endef
 PULSEAUDIO_POST_PATCH_HOOKS += PULSEAUDIO_FIXUP_DESKTOP_FILES
 endif
diff -Naurp buildroot-2017.05-rc2/package/pulseview/0003-CMakeLists.txt-Avoid-fext-numeric-literals-not-suppo.patch buildroot-2017.05.2/package/pulseview/0003-CMakeLists.txt-Avoid-fext-numeric-literals-not-suppo.patch
--- buildroot-2017.05-rc2/package/pulseview/0003-CMakeLists.txt-Avoid-fext-numeric-literals-not-suppo.patch     1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/pulseview/0003-CMakeLists.txt-Avoid-fext-numeric-literals-not-suppo.patch       2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,28 @@
+From 6ad4d7a6f17edecc3523a7ab3d627f9a70dbacc1 Mon Sep 17 00:00:00 2001
+From: Uwe Hermann <uwe@hermann-uwe.de>
+Date: Wed, 17 May 2017 11:00:44 +0200
+Subject: [PATCH] CMakeLists.txt: Avoid -fext-numeric-literals, (not supported
+ by clang).
+
+This (re-)fixes bug #863.
+
+Signed-off-by: Bartosz Golaszewski <brgl@bgdev.pl>
+---
+ CMakeLists.txt | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index e8bc79f..e7e4432 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -395,6 +395,7 @@ add_definitions(${QT_DEFINITIONS} -DQT_NO_KEYWORDS)
+ add_definitions(-D__STDC_LIMIT_MACROS)
+ add_definitions(-Wall -Wextra)
+ add_definitions(-std=c++11)
++add_definitions(-DBOOST_MATH_DISABLE_FLOAT128=1)
+ 
+ if(ENABLE_DECODE)
+       add_definitions(-DENABLE_DECODE)
+-- 
+2.9.3
+
diff -Naurp buildroot-2017.05-rc2/package/python-enum34/python-enum34.mk buildroot-2017.05.2/package/python-enum34/python-enum34.mk
--- buildroot-2017.05-rc2/package/python-enum34/python-enum34.mk        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/python-enum34/python-enum34.mk  2017-07-27 08:16:52.017486944 +0200
@@ -7,7 +7,7 @@
 PYTHON_ENUM34_VERSION = 1.1.6
 PYTHON_ENUM34_SOURCE = enum34-$(PYTHON_ENUM34_VERSION).tar.gz
 PYTHON_ENUM34_SITE = https://pypi.python.org/packages/bf/3e/31d502c25302814a7c2f1d3959d2a3b3f78e509002ba91aea64993936876
-PYTHON_ENUM34_SETUP_TYPE = distutils
+PYTHON_ENUM34_SETUP_TYPE = setuptools
 PYTHON_ENUM34_LICENSE = BSD-3-Clause
 PYTHON_ENUM34_LICENSE_FILES = enum/LICENSE
 
diff -Naurp buildroot-2017.05-rc2/package/python-setproctitle/python-setproctitle.mk buildroot-2017.05.2/package/python-setproctitle/python-setproctitle.mk
--- buildroot-2017.05-rc2/package/python-setproctitle/python-setproctitle.mk    2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/python-setproctitle/python-setproctitle.mk      2017-07-27 08:16:52.017486944 +0200
@@ -9,6 +9,6 @@ PYTHON_SETPROCTITLE_SOURCE = setproctitl
 PYTHON_SETPROCTITLE_SITE = https://pypi.python.org/packages/5a/0d/dc0d2234aacba6cf1a729964383e3452c52096dc695581248b548786f2b3
 PYTHON_SETPROCTITLE_LICENSE = BSD-3-Clause
 PYTHON_SETPROCTITLE_LICENSE_FILES = COPYRIGHT
-PYTHON_SETPROCTITLE_SETUP_TYPE = distutils
+PYTHON_SETPROCTITLE_SETUP_TYPE = setuptools
 
 $(eval $(python-package))
diff -Naurp buildroot-2017.05-rc2/package/python-simplegeneric/python-simplegeneric.mk buildroot-2017.05.2/package/python-simplegeneric/python-simplegeneric.mk
--- buildroot-2017.05-rc2/package/python-simplegeneric/python-simplegeneric.mk  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/python-simplegeneric/python-simplegeneric.mk    2017-07-27 08:16:52.017486944 +0200
@@ -8,7 +8,12 @@ PYTHON_SIMPLEGENERIC_VERSION = 0.8.1
 PYTHON_SIMPLEGENERIC_SOURCE = simplegeneric-$(PYTHON_SIMPLEGENERIC_VERSION).zip
 PYTHON_SIMPLEGENERIC_SITE = https://pypi.python.org/packages/3d/57/4d9c9e3ae9a255cd4e1106bb57e24056d3d0709fc01b2e3e345898e49d5b
 PYTHON_SIMPLEGENERIC_LICENSE = ZPL-2.1
-PYTHON_SIMPLEGENERIC_SETUP_TYPE = distutils
+
+# Force setup-type to be 'setuptools' in order to force the package to
+# be installed with --single-version-externally-managed. Otherwise we
+# end up with a .egg file, which is a zip archive, and as such forces
+# us to have 'zlib' as a runtime dependency
+PYTHON_SIMPLEGENERIC_SETUP_TYPE = setuptools
 
 define PYTHON_SIMPLEGENERIC_EXTRACT_CMDS
        unzip $(DL_DIR)/$(PYTHON_SIMPLEGENERIC_SOURCE) -d $(@D)
diff -Naurp buildroot-2017.05-rc2/package/qpid-proton/Config.in buildroot-2017.05.2/package/qpid-proton/Config.in
--- buildroot-2017.05-rc2/package/qpid-proton/Config.in 2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/qpid-proton/Config.in   2017-07-27 08:16:52.017486944 +0200
@@ -6,10 +6,10 @@ config BR2_PACKAGE_QPID_PROTON
        help
          The AMQP messaging toolkit
 
-         Qpid Proton is a high-performance, lightweight messaging library.
-         It can be used in the widest range of messaging applications,
-         including brokers, client libraries, routers, bridges, proxies, and
-         more.
+         Qpid Proton is a high-performance, lightweight messaging
+         library. It can be used in the widest range of messaging
+         applications, including brokers, client libraries, routers,
+         bridges, proxies, and more.
 
          https://qpid.apache.org/proton/
 
diff -Naurp buildroot-2017.05-rc2/package/qt5/qt5base/5.8.0/0005-Fix-error-attribute-target-crc-is-unknown.patch buildroot-2017.05.2/package/qt5/qt5base/5.8.0/0005-Fix-error-attribute-target-crc-is-unknown.patch
--- buildroot-2017.05-rc2/package/qt5/qt5base/5.8.0/0005-Fix-error-attribute-target-crc-is-unknown.patch        1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/qt5/qt5base/5.8.0/0005-Fix-error-attribute-target-crc-is-unknown.patch  2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,44 @@
+From f0c02fb22bc277e2015a18e562b551ec7b3eed9e Mon Sep 17 00:00:00 2001
+From: Peter Seiderer <ps.report@gmx.net>
+Date: Sun, 16 Jul 2017 00:05:44 +0200
+Subject: [PATCH] Fix error attribute(target("+crc")) is unknown
+
+Task-number: QTBUG-61975
+Change-Id: I0b1b55c0737dad485b5ace8e6eb7cb842589453d
+---
+ src/corelib/tools/qhash.cpp | 2 ++
+ src/corelib/tools/qsimd_p.h | 3 +++
+ 2 files changed, 5 insertions(+)
+
+diff --git a/src/corelib/tools/qhash.cpp b/src/corelib/tools/qhash.cpp
+index 1f9c05c..bbf6efb 100644
+--- a/src/corelib/tools/qhash.cpp
++++ b/src/corelib/tools/qhash.cpp
+@@ -144,7 +144,9 @@ static inline bool hasFastCrc32()
+ }
+ 
+ template <typename Char>
++#if defined(__aarch64__)
+ QT_FUNCTION_TARGET(CRC32)
++#endif
+ static uint crc32(const Char *ptr, size_t len, uint h)
+ {
+     // The crc32[whbd] instructions on Aarch64/Aarch32 calculate a 32-bit CRC32 checksum
+diff --git a/src/corelib/tools/qsimd_p.h b/src/corelib/tools/qsimd_p.h
+index 023a4b0..a85d572 100644
+--- a/src/corelib/tools/qsimd_p.h
++++ b/src/corelib/tools/qsimd_p.h
+@@ -326,7 +326,10 @@
+ #endif
+ // AArch64/ARM64
+ #if defined(Q_PROCESSOR_ARM_V8) && defined(__ARM_FEATURE_CRC32)
++#if defined(__aarch64__)
++// only available on aarch64
+ #define QT_FUNCTION_TARGET_STRING_CRC32      "+crc"
++#endif
+ #  include <arm_acle.h>
+ #endif
+ 
+-- 
+2.7.4
+
diff -Naurp buildroot-2017.05-rc2/package/qt5/qt5base/qmake.conf buildroot-2017.05.2/package/qt5/qt5base/qmake.conf
--- buildroot-2017.05-rc2/package/qt5/qt5base/qmake.conf        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/qt5/qt5base/qmake.conf  2017-07-27 08:16:52.017486944 +0200
@@ -21,5 +21,8 @@ CONFIG                 += nostrip
 QMAKE_LIBS             += -lrt -lpthread -ldl
 QMAKE_CFLAGS_ISYSTEM   =
 
+# Architecturespecific configuration
+include(arch.conf)
+
 include(../common/linux_device_post.conf)
 load(qt_config)
diff -Naurp buildroot-2017.05-rc2/package/qt5/qt5base/qt5base.mk buildroot-2017.05.2/package/qt5/qt5base/qt5base.mk
--- buildroot-2017.05-rc2/package/qt5/qt5base/qt5base.mk        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/qt5/qt5base/qt5base.mk  2017-07-27 08:16:52.017486944 +0200
@@ -214,12 +214,22 @@ define QT5BASE_CONFIGURE_CONFIG_FILE
 endef
 endif
 
+QT5BASE_ARCH_CONFIG_FILE = $(@D)/mkspecs/devices/linux-buildroot-g++/arch.conf
+ifeq ($(BR2_TOOLCHAIN_HAS_LIBATOMIC)$(BR2_PACKAGE_QT5_VERSION_LATEST),yy)
+# Qt 5.8 needs atomics, which on various architectures are in -latomic
+define QT5BASE_CONFIGURE_ARCH_CONFIG
+       printf 'LIBS += -latomic\n' >$(QT5BASE_ARCH_CONFIG_FILE)
+endef
+endif
+
 define QT5BASE_CONFIGURE_CMDS
        $(INSTALL) -m 0644 -D $(QT5BASE_PKGDIR)/qmake.conf \
                $(@D)/mkspecs/devices/linux-buildroot-g++/qmake.conf
        $(INSTALL) -m 0644 -D $(QT5BASE_PKGDIR)/qplatformdefs.h \
                $(@D)/mkspecs/devices/linux-buildroot-g++/qplatformdefs.h
        $(QT5BASE_CONFIGURE_CONFIG_FILE)
+       touch $(QT5BASE_ARCH_CONFIG_FILE)
+       $(QT5BASE_CONFIGURE_ARCH_CONFIG)
        (cd $(@D); \
                $(TARGET_MAKE_ENV) \
                PKG_CONFIG="$(PKG_CONFIG_HOST_BINARY)" \
diff -Naurp buildroot-2017.05-rc2/package/qt5/qt5multimedia/qt5multimedia.mk buildroot-2017.05.2/package/qt5/qt5multimedia/qt5multimedia.mk
--- buildroot-2017.05-rc2/package/qt5/qt5multimedia/qt5multimedia.mk    2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/qt5/qt5multimedia/qt5multimedia.mk      2017-07-27 08:16:52.017486944 +0200
@@ -26,6 +26,14 @@ ifeq ($(BR2_PACKAGE_QT5DECLARATIVE),y)
 QT5MULTIMEDIA_DEPENDENCIES += qt5declarative
 endif
 
+ifeq ($(BR2_PACKAGE_LIBGLIB2)$(BR2_PACKAGE_PULSEAUDIO),yy)
+QT5MULTIMEDIA_DEPENDENCIES += libglib2 pulseaudio
+endif
+
+ifeq ($(BR2_PACKAGE_ALSA_LIB),y)
+QT5MULTIMEDIA_DEPENDENCIES += alsa-lib
+endif
+
 define QT5MULTIMEDIA_CONFIGURE_CMDS
        (cd $(@D); $(TARGET_MAKE_ENV) $(HOST_DIR)/usr/bin/qmake)
 endef
diff -Naurp buildroot-2017.05-rc2/package/rabbitmq-c/rabbitmq-c.mk buildroot-2017.05.2/package/rabbitmq-c/rabbitmq-c.mk
--- buildroot-2017.05-rc2/package/rabbitmq-c/rabbitmq-c.mk      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/rabbitmq-c/rabbitmq-c.mk        2017-07-27 08:16:52.017486944 +0200
@@ -21,14 +21,20 @@ else ifeq ($(BR2_SHARED_LIBS),y)
 RABBITMQ_C_CONF_OPTS += -DBUILD_SHARED_LIBS=ON -DBUILD_STATIC_LIBS=OFF
 endif
 
-ifeq ($(BR2_PACKAGE_OPENSSL),y)
+# CMake OpenSSL detection is buggy, and doesn't properly use
+# pkg-config, so it fails when statically linking. See
+# https://gitlab.kitware.com/cmake/cmake/issues/16885.
+ifeq ($(BR2_PACKAGE_OPENSSL):$(BR2_STATIC_LIBS),y:)
 RABBITMQ_C_CONF_OPTS += -DENABLE_SSL_SUPPORT=ON
 RABBITMQ_C_DEPENDENCIES += openssl
 else
 RABBITMQ_C_CONF_OPTS += -DENABLE_SSL_SUPPORT=OFF
 endif
 
-ifeq ($(BR2_PACKAGE_POPT), y)
+# Popt is sometimes linked against libintl, but CMake doesn't know
+# about that, and there's no way to tell manually CMake to link
+# against an additional library.
+ifeq ($(BR2_PACKAGE_POPT):$(BR2_STATIC_LIBS),y:)
 RABBITMQ_C_CONF_OPTS += -DBUILD_TOOLS=ON
 RABBITMQ_C_DEPENDENCIES += popt
 else
diff -Naurp buildroot-2017.05-rc2/package/redis/redis.mk buildroot-2017.05.2/package/redis/redis.mk
--- buildroot-2017.05-rc2/package/redis/redis.mk        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/redis/redis.mk  2017-07-27 08:16:52.017486944 +0200
@@ -13,16 +13,21 @@ define REDIS_USERS
        redis -1 redis -1 * /var/lib/redis /bin/false - Redis Server
 endef
 
-# Uses __atomic_fetch_add_4
+# Uses __atomic_fetch_add_4. Adding -latomic to LDFLAGS does not work,
+# because LDFLAGS is used before the list of object files. We need to
+# add -latomic to FINAL_LIBS to provide -latomic at the correct place
+# in the linking command.
 ifeq ($(BR2_TOOLCHAIN_HAS_LIBATOMIC),y)
-REDIS_LIBATOMIC = -latomic
+define REDIS_FIX_MAKEFILE
+       $(SED) 's/FINAL_LIBS=-lm/FINAL_LIBS=-lm -latomic/' $(@D)/src/Makefile
+endef
+REDIS_POST_PATCH_HOOKS = REDIS_FIX_MAKEFILE
 endif
 
 # Redis doesn't support DESTDIR (yet, see
 # https://github.com/antirez/redis/pull/609).  We set PREFIX
 # instead.
 REDIS_BUILDOPTS = $(TARGET_CONFIGURE_OPTS) \
-       LDFLAGS="$(TARGET_LDFLAGS) $(REDIS_LIBATOMIC)" \
        PREFIX=$(TARGET_DIR)/usr MALLOC=libc
 
 define REDIS_BUILD_CMDS
diff -Naurp buildroot-2017.05-rc2/package/rpi-firmware/rpi-firmware.mk buildroot-2017.05.2/package/rpi-firmware/rpi-firmware.mk
--- buildroot-2017.05-rc2/package/rpi-firmware/rpi-firmware.mk  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/rpi-firmware/rpi-firmware.mk    2017-07-27 08:16:52.017486944 +0200
@@ -31,6 +31,8 @@ ifeq ($(BR2_PACKAGE_RPI_FIRMWARE_INSTALL
 define RPI_FIRMWARE_INSTALL_TARGET_CMDS
        $(INSTALL) -D -m 0700 $(@D)/$(if BR2_ARM_EABIHF,hardfp/)opt/vc/bin/vcdbg \
                $(TARGET_DIR)/usr/sbin/vcdbg
+       $(INSTALL) -D -m 0644 $(@D)/$(if BR2_ARM_EABIHF,hardfp/)opt/vc/lib/libelftoolchain.so \
+               $(TARGET_DIR)/usr/lib/libelftoolchain.so
 endef
 endif # INSTALL_VCDBG
 
diff -Naurp buildroot-2017.05-rc2/package/rtl8188eu/Config.in buildroot-2017.05.2/package/rtl8188eu/Config.in
--- buildroot-2017.05-rc2/package/rtl8188eu/Config.in   2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/rtl8188eu/Config.in     2017-07-27 08:16:52.017486944 +0200
@@ -4,14 +4,14 @@ config BR2_PACKAGE_RTL8188EU
        help
          A standalone driver for the RTL8188EU USB Wi-Fi adapter.
          This is needed only for Linux kernels before 3.12.
-         Since 3.12, there is a (staging) driver in mainline, with a similar
-         codebase.
+         Since 3.12, there is a (staging) driver in mainline, with a
+         similar codebase.
 
-         Make sure your target kernel has the CONFIG_WIRELESS_EXT config
-         option enabled.
+         Make sure your target kernel has the CONFIG_WIRELESS_EXT
+         config option enabled.
 
-         Note: this package needs a firmware loading mechanism to load the
-         binary blob for the chip to work.
+         Note: this package needs a firmware loading mechanism to load
+         the binary blob for the chip to work.
 
          https://github.com/lwfinger/rtl8188eu
 
diff -Naurp buildroot-2017.05-rc2/package/rtl8821au/rtl8821au.mk buildroot-2017.05.2/package/rtl8821au/rtl8821au.mk
--- buildroot-2017.05-rc2/package/rtl8821au/rtl8821au.mk        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/rtl8821au/rtl8821au.mk  2017-07-27 08:16:52.017486944 +0200
@@ -7,7 +7,7 @@
 RTL8821AU_VERSION = b018b446fb0729fa659e7eead475d6c13f192642
 RTL8821AU_SITE = $(call github,abperiasamy,rtl8812AU_8821AU_linux,$(RTL8821AU_VERSION))
 RTL8821AU_LICENSE = GPL-2.0
-RTL8821AU_LICENSE_FILES = COPYING
+RTL8821AU_LICENSE_FILES = LICENSE
 
 RTL8821AU_MODULE_MAKE_OPTS = \
        CONFIG_RTL8812AU_8821AU=m \
diff -Naurp buildroot-2017.05-rc2/package/samba4/Config.in buildroot-2017.05.2/package/samba4/Config.in
--- buildroot-2017.05-rc2/package/samba4/Config.in      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/samba4/Config.in        2017-07-27 08:16:52.017486944 +0200
@@ -10,7 +10,7 @@ config BR2_PACKAGE_SAMBA4
        depends on BR2_USE_WCHAR # python
        depends on BR2_TOOLCHAIN_HAS_NATIVE_RPC
        depends on BR2_TOOLCHAIN_HAS_THREADS_NPTL # python -> libffi
-       depends on !BR2_STATIC_LIBS # python
+       depends on !BR2_STATIC_LIBS # python, gnutls
        depends on !BR2_nios2 # binary too large, relocations don't fit
        depends on BR2_TOOLCHAIN_HAS_SYNC_4
        select BR2_PACKAGE_E2FSPROGS
diff -Naurp buildroot-2017.05-rc2/package/samba4/samba4.hash buildroot-2017.05.2/package/samba4/samba4.hash
--- buildroot-2017.05-rc2/package/samba4/samba4.hash    2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/samba4/samba4.hash      2017-07-27 08:16:52.017486944 +0200
@@ -1,2 +1,2 @@
 # Locally calculated
-sha256 f63b656d8823a280c50c9dbd6b692816cd7a88adfe9b47997ce697fd75bf81f0  samba-4.5.8.tar.gz
+sha256 f4c17123e3cc852a5ecc7e38884b00deab57632b9519aebc243e2a94b9b5ace4  samba-4.5.12.tar.gz
diff -Naurp buildroot-2017.05-rc2/package/samba4/samba4.mk buildroot-2017.05.2/package/samba4/samba4.mk
--- buildroot-2017.05-rc2/package/samba4/samba4.mk      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/samba4/samba4.mk        2017-07-27 08:16:52.017486944 +0200
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-SAMBA4_VERSION = 4.5.8
+SAMBA4_VERSION = 4.5.12
 SAMBA4_SITE = https://download.samba.org/pub/samba/stable
 SAMBA4_SOURCE = samba-$(SAMBA4_VERSION).tar.gz
 SAMBA4_INSTALL_STAGING = YES
diff -Naurp buildroot-2017.05-rc2/package/snmppp/Config.in buildroot-2017.05.2/package/snmppp/Config.in
--- buildroot-2017.05-rc2/package/snmppp/Config.in      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/snmppp/Config.in        2017-07-27 08:16:52.017486944 +0200
@@ -14,8 +14,9 @@ config BR2_PACKAGE_SNMPPP_LOGGING
        bool "enable logging"
        help
          Enable logging output for SNMP++.
-         According to the SNMP++ documentation, disabling logging "increases
-         performance drastically and minimizes memory consumption".
+         According to the SNMP++ documentation, disabling logging
+         "increases performance drastically and minimizes memory
+         consumption".
 
 config BR2_PACKAGE_SNMPPP_SNMPV3
        bool "enable SNMPv3"
diff -Naurp buildroot-2017.05-rc2/package/socat/socat.mk buildroot-2017.05.2/package/socat/socat.mk
--- buildroot-2017.05-rc2/package/socat/socat.mk        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/socat/socat.mk  2017-07-27 08:16:52.017486944 +0200
@@ -9,11 +9,20 @@ SOCAT_SOURCE = socat-$(SOCAT_VERSION).ta
 SOCAT_SITE = http://www.dest-unreach.org/socat/download
 SOCAT_LICENSE = GPL-2.0
 SOCAT_LICENSE_FILES = COPYING
-SOCAT_CONF_ENV = \
-       sc_cv_termios_ispeed=no \
+
+SOCAT_CONF_ENV = sc_cv_termios_ispeed=no
+
+ifeq ($(BR2_powerpc)$(BR2_powerpc64)$(BR2_powerpc64le),y)
+SOCAT_CONF_ENV += \
+       sc_cv_sys_crdly_shift=12 \
+       sc_cv_sys_tabdly_shift=10 \
+       sc_cv_sys_csize_shift=8
+else
+SOCAT_CONF_ENV += \
        sc_cv_sys_crdly_shift=9 \
        sc_cv_sys_tabdly_shift=11 \
        sc_cv_sys_csize_shift=4
+endif
 
 # We need to run autoconf to regenerate the configure script, in order
 # to ensure that the test checking linux/ext2_fs.h works
diff -Naurp buildroot-2017.05-rc2/package/spice/0001-fix-missing-monitor_latency-argument.patch buildroot-2017.05.2/package/spice/0001-fix-missing-monitor_latency-argument.patch
--- buildroot-2017.05-rc2/package/spice/0001-fix-missing-monitor_latency-argument.patch 2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/spice/0001-fix-missing-monitor_latency-argument.patch   1970-01-01 01:00:00.000000000 +0100
@@ -1,28 +0,0 @@
-From 0d3767853ca179ce04a9b312d7a30d33d1266a3b Mon Sep 17 00:00:00 2001
-From: Axel Lin <axel.lin@ingics.com>
-Date: Thu, 10 Oct 2013 12:36:40 +0800
-Subject: [PATCH] red_tunnel_worker: Fix build error due to missing monitor_latency argument
-
-Fix missing monitor_latency argument in red_channel_client_create call.
-
-Signed-off-by: Axel Lin <axel.lin@ingics.com>
----
- server/red_tunnel_worker.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/server/red_tunnel_worker.c b/server/red_tunnel_worker.c
-index 97dcafd..6781d73 100644
---- a/server/red_tunnel_worker.c
-+++ b/server/red_tunnel_worker.c
-@@ -3417,7 +3417,7 @@ static void handle_tunnel_channel_link(RedChannel *channel, RedClient *client,
-     }
- 
-     tcc = (TunnelChannelClient*)red_channel_client_create(sizeof(TunnelChannelClient),
--                                                          channel, client, stream,
-+                                                          channel, client, stream, FALSE,
-                                                           0, NULL, 0, NULL);
-     if (!tcc) {
-         return;
--- 
-1.8.1.2
-
diff -Naurp buildroot-2017.05-rc2/package/spice/0001-Prevent-possible-DoS-attempts-during-protocol-handsh.patch buildroot-2017.05.2/package/spice/0001-Prevent-possible-DoS-attempts-during-protocol-handsh.patch
--- buildroot-2017.05-rc2/package/spice/0001-Prevent-possible-DoS-attempts-during-protocol-handsh.patch 1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/spice/0001-Prevent-possible-DoS-attempts-during-protocol-handsh.patch   2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,60 @@
+From 1c6517973095a67c8cb57f3550fc1298404ab556 Mon Sep 17 00:00:00 2001
+From: Frediano Ziglio <fziglio@redhat.com>
+Date: Tue, 13 Dec 2016 14:39:48 +0000
+Subject: [PATCH] Prevent possible DoS attempts during protocol handshake
+
+The limit for link message is specified using a 32 bit unsigned integer.
+This could cause possible DoS due to excessive memory allocations and
+some possible crashes.
+For instance a value >= 2^31 causes a spice_assert to be triggered in
+async_read_handler (reds-stream.c) due to an integer overflow at this
+line:
+
+   int n = async->end - async->now;
+
+This could be easily triggered with a program like
+
+  #!/usr/bin/env python
+
+  import socket
+  import time
+  from struct import pack
+
+  server = '127.0.0.1'
+  port = 5900
+
+  s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+  s.connect((server, port))
+  data = pack('<4sIII', 'REDQ', 2, 2, 0xaaaaaaaa)
+  s.send(data)
+
+  time.sleep(1)
+
+without requiring any authentication (the same can be done
+with TLS).
+
+[Peter: fixes CVE-2016-9578]
+Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
+Acked-by: Christophe Fergeau <cfergeau@redhat.com>
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ server/reds.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/server/reds.c b/server/reds.c
+index f40b65c1..86a33d53 100644
+--- a/server/reds.c
++++ b/server/reds.c
+@@ -2202,7 +2202,8 @@ static void reds_handle_read_header_done(void *opaque)
+ 
+     reds->peer_minor_version = header->minor_version;
+ 
+-    if (header->size < sizeof(SpiceLinkMess)) {
++    /* the check for 4096 is to avoid clients to cause arbitrary big memory allocations */
++    if (header->size < sizeof(SpiceLinkMess) || header->size > 4096) {
+         reds_send_link_error(link, SPICE_LINK_ERR_INVALID_DATA);
+         spice_warning("bad size %u", header->size);
+         reds_link_free(link);
+-- 
+2.11.0
+
diff -Naurp buildroot-2017.05-rc2/package/spice/0002-Prevent-integer-overflows-in-capability-checks.patch buildroot-2017.05.2/package/spice/0002-Prevent-integer-overflows-in-capability-checks.patch
--- buildroot-2017.05-rc2/package/spice/0002-Prevent-integer-overflows-in-capability-checks.patch       1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/spice/0002-Prevent-integer-overflows-in-capability-checks.patch 2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,43 @@
+From f66dc643635518e53dfbe5262f814a64eec54e4a Mon Sep 17 00:00:00 2001
+From: Frediano Ziglio <fziglio@redhat.com>
+Date: Tue, 13 Dec 2016 14:40:10 +0000
+Subject: [PATCH] Prevent integer overflows in capability checks
+
+The limits for capabilities are specified using 32 bit unsigned integers.
+This could cause possible integer overflows causing buffer overflows.
+For instance the sum of num_common_caps and num_caps can be 0 avoiding
+additional checks.
+As the link message is now capped to 4096 and the capabilities are
+contained in the link message limit the capabilities to 1024
+(capabilities are expressed in number of uint32_t items).
+
+[Peter: fixes CVE-2016-9578]
+Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
+Acked-by: Christophe Fergeau <cfergeau@redhat.com>
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ server/reds.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/server/reds.c b/server/reds.c
+index 86a33d53..91504544 100644
+--- a/server/reds.c
++++ b/server/reds.c
+@@ -2110,6 +2110,14 @@ static void reds_handle_read_link_done(void *opaque)
+     link_mess->num_channel_caps = GUINT32_FROM_LE(link_mess->num_channel_caps);
+     link_mess->num_common_caps = GUINT32_FROM_LE(link_mess->num_common_caps);
+ 
++    /* Prevent DoS. Currently we defined only 13 capabilities,
++     * I expect 1024 to be valid for quite a lot time */
++    if (link_mess->num_channel_caps > 1024 || link_mess->num_common_caps > 1024) {
++        reds_send_link_error(link, SPICE_LINK_ERR_INVALID_DATA);
++        reds_link_free(link);
++        return;
++    }
++
+     num_caps = link_mess->num_common_caps + link_mess->num_channel_caps;
+     caps = (uint32_t *)((uint8_t *)link_mess + link_mess->caps_offset);
+ 
+-- 
+2.11.0
+
diff -Naurp buildroot-2017.05-rc2/package/spice/0003-main-channel-Prevent-overflow-reading-messages-from-.patch buildroot-2017.05.2/package/spice/0003-main-channel-Prevent-overflow-reading-messages-from-.patch
--- buildroot-2017.05-rc2/package/spice/0003-main-channel-Prevent-overflow-reading-messages-from-.patch 1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/spice/0003-main-channel-Prevent-overflow-reading-messages-from-.patch   2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,33 @@
+From 5f96b596353d73bdf4bb3cd2de61e48a7fd5b4c3 Mon Sep 17 00:00:00 2001
+From: Frediano Ziglio <fziglio@redhat.com>
+Date: Tue, 29 Nov 2016 16:46:56 +0000
+Subject: [PATCH] main-channel: Prevent overflow reading messages from client
+
+Caller is supposed the function return a buffer able to store
+size bytes.
+
+[Peter: fixes CVE-2016-9577]
+Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
+Acked-by: Christophe Fergeau <cfergeau@redhat.com>
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ server/main_channel.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/server/main_channel.c b/server/main_channel.c
+index 0ecc9df8..1fc39155 100644
+--- a/server/main_channel.c
++++ b/server/main_channel.c
+@@ -1026,6 +1026,9 @@ static uint8_t *main_channel_alloc_msg_rcv_buf(RedChannelClient *rcc,
+ 
+     if (type == SPICE_MSGC_MAIN_AGENT_DATA) {
+         return reds_get_agent_data_buffer(mcc, size);
++    } else if (size > sizeof(main_chan->recv_buf)) {
++        /* message too large, caller will log a message and close the connection */
++        return NULL;
+     } else {
+         return main_chan->recv_buf;
+     }
+-- 
+2.11.0
+
diff -Naurp buildroot-2017.05-rc2/package/spice/0004-reds-Disconnect-when-receiving-overly-big-ClientMoni.patch buildroot-2017.05.2/package/spice/0004-reds-Disconnect-when-receiving-overly-big-ClientMoni.patch
--- buildroot-2017.05-rc2/package/spice/0004-reds-Disconnect-when-receiving-overly-big-ClientMoni.patch 1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/spice/0004-reds-Disconnect-when-receiving-overly-big-ClientMoni.patch   2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,75 @@
+From f1e7ec03e26ab6b8ca9b7ec060846a5b706a963d Mon Sep 17 00:00:00 2001
+From: Frediano Ziglio <fziglio@redhat.com>
+Date: Mon, 15 May 2017 15:57:28 +0100
+Subject: [PATCH] reds: Disconnect when receiving overly big
+ ClientMonitorsConfig
+
+Total message size received from the client was unlimited. There is
+a 2kiB size check on individual agent messages, but the MonitorsConfig
+message can be split in multiple chunks, and the size of the
+non-chunked MonitorsConfig message was never checked. This could easily
+lead to memory exhaustion on the host.
+
+Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ server/reds.c | 25 +++++++++++++++++++++++--
+ 1 file changed, 23 insertions(+), 2 deletions(-)
+
+diff --git a/server/reds.c b/server/reds.c
+index f439a366..7be85fdf 100644
+--- a/server/reds.c
++++ b/server/reds.c
+@@ -993,19 +993,34 @@ static void reds_client_monitors_config_cleanup(void)
+ static void reds_on_main_agent_monitors_config(
+         MainChannelClient *mcc, void *message, size_t size)
+ {
++    const unsigned int MAX_MONITORS = 256;
++    const unsigned int MAX_MONITOR_CONFIG_SIZE =
++       sizeof(VDAgentMonitorsConfig) + MAX_MONITORS * sizeof(VDAgentMonConfig);
++
+     VDAgentMessage *msg_header;
+     VDAgentMonitorsConfig *monitors_config;
+     RedsClientMonitorsConfig *cmc = &reds->client_monitors_config;
+ 
++    // limit size of message sent by the client as this can cause a DoS through
++    // memory exhaustion, or potentially some integer overflows
++    if (sizeof(VDAgentMessage) + MAX_MONITOR_CONFIG_SIZE - cmc->buffer_size < size) {
++        goto overflow;
++    }
+     cmc->buffer_size += size;
+     cmc->buffer = realloc(cmc->buffer, cmc->buffer_size);
+     spice_assert(cmc->buffer);
+     cmc->mcc = mcc;
+     memcpy(cmc->buffer + cmc->buffer_pos, message, size);
+     cmc->buffer_pos += size;
++    if (sizeof(VDAgentMessage) > cmc->buffer_size) {
++        spice_debug("not enough data yet. %d", cmc->buffer_size);
++        return;
++    }
+     msg_header = (VDAgentMessage *)cmc->buffer;
+-    if (sizeof(VDAgentMessage) > cmc->buffer_size ||
+-            msg_header->size > cmc->buffer_size - sizeof(VDAgentMessage)) {
++    if (msg_header->size > MAX_MONITOR_CONFIG_SIZE) {
++        goto overflow;
++    }
++    if (msg_header->size > cmc->buffer_size - sizeof(VDAgentMessage)) {
+         spice_debug("not enough data yet. %d", cmc->buffer_size);
+         return;
+     }
+@@ -1013,6 +1028,12 @@ static void reds_on_main_agent_monitors_config(
+     spice_debug("%s: %d", __func__, monitors_config->num_of_monitors);
+     red_dispatcher_client_monitors_config(monitors_config);
+     reds_client_monitors_config_cleanup();
++    return;
++
++overflow:
++    spice_warning("received invalid MonitorsConfig request from client, disconnecting");
++    red_channel_client_disconnect(main_channel_client_get_base(mcc));
++    reds_client_monitors_config_cleanup();
+ }
+ 
+ void reds_on_main_agent_data(MainChannelClient *mcc, void *message, size_t size)
+-- 
+2.11.0
+
diff -Naurp buildroot-2017.05-rc2/package/spice/0005-reds-Avoid-integer-overflows-handling-monitor-config.patch buildroot-2017.05.2/package/spice/0005-reds-Avoid-integer-overflows-handling-monitor-config.patch
--- buildroot-2017.05-rc2/package/spice/0005-reds-Avoid-integer-overflows-handling-monitor-config.patch 1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/spice/0005-reds-Avoid-integer-overflows-handling-monitor-config.patch   2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,31 @@
+From ec6229c79abe05d731953df5f7e9a05ec9f6df79 Mon Sep 17 00:00:00 2001
+From: Frediano Ziglio <fziglio@redhat.com>
+Date: Mon, 15 May 2017 15:57:28 +0100
+Subject: [PATCH] reds: Avoid integer overflows handling monitor
+ configuration
+
+Avoid VDAgentMessage::size integer overflows.
+
+Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ server/reds.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/server/reds.c b/server/reds.c
+index 7be85fdf..e1c8c108 100644
+--- a/server/reds.c
++++ b/server/reds.c
+@@ -1024,6 +1024,9 @@ static void reds_on_main_agent_monitors_config(
+         spice_debug("not enough data yet. %d", cmc->buffer_size);
+         return;
+     }
++    if (msg_header->size < sizeof(VDAgentMonitorsConfig)) {
++        goto overflow;
++    }
+     monitors_config = (VDAgentMonitorsConfig *)(cmc->buffer + sizeof(*msg_header));
+     spice_debug("%s: %d", __func__, monitors_config->num_of_monitors);
+     red_dispatcher_client_monitors_config(monitors_config);
+-- 
+2.11.0
+
diff -Naurp buildroot-2017.05-rc2/package/spice/0006-reds-Avoid-buffer-overflows-handling-monitor-configu.patch buildroot-2017.05.2/package/spice/0006-reds-Avoid-buffer-overflows-handling-monitor-configu.patch
--- buildroot-2017.05-rc2/package/spice/0006-reds-Avoid-buffer-overflows-handling-monitor-configu.patch 1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/spice/0006-reds-Avoid-buffer-overflows-handling-monitor-configu.patch   2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,48 @@
+From a957a90baf2c62d31f3547e56bba7d0e812d2331 Mon Sep 17 00:00:00 2001
+From: Frediano Ziglio <fziglio@redhat.com>
+Date: Mon, 15 May 2017 15:57:28 +0100
+Subject: [PATCH] reds: Avoid buffer overflows handling monitor
+ configuration
+
+It was also possible for a malicious client to set
+VDAgentMonitorsConfig::num_of_monitors to a number larger
+than the actual size of VDAgentMOnitorsConfig::monitors.
+This would lead to buffer overflows, which could allow the guest to
+read part of the host memory. This might cause write overflows in the
+host as well, but controlling the content of such buffers seems
+complicated.
+
+Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ server/reds.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/server/reds.c b/server/reds.c
+index e1c8c108..3a42c375 100644
+--- a/server/reds.c
++++ b/server/reds.c
+@@ -1000,6 +1000,7 @@ static void reds_on_main_agent_monitors_config(
+     VDAgentMessage *msg_header;
+     VDAgentMonitorsConfig *monitors_config;
+     RedsClientMonitorsConfig *cmc = &reds->client_monitors_config;
++    uint32_t max_monitors;
+ 
+     // limit size of message sent by the client as this can cause a DoS through
+     // memory exhaustion, or potentially some integer overflows
+@@ -1028,6 +1029,12 @@ static void reds_on_main_agent_monitors_config(
+         goto overflow;
+     }
+     monitors_config = (VDAgentMonitorsConfig *)(cmc->buffer + sizeof(*msg_header));
++    // limit the monitor number to avoid buffer overflows
++    max_monitors = (msg_header->size - sizeof(VDAgentMonitorsConfig)) /
++                   sizeof(VDAgentMonConfig);
++    if (monitors_config->num_of_monitors > max_monitors) {
++        goto overflow;
++    }
+     spice_debug("%s: %d", __func__, monitors_config->num_of_monitors);
+     red_dispatcher_client_monitors_config(monitors_config);
+     reds_client_monitors_config_cleanup();
+-- 
+2.11.0
+
diff -Naurp buildroot-2017.05-rc2/package/spice/Config.in buildroot-2017.05.2/package/spice/Config.in
--- buildroot-2017.05-rc2/package/spice/Config.in       2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/spice/Config.in 2017-07-27 08:16:52.017486944 +0200
@@ -2,23 +2,15 @@ comment "spice server needs a toolchain
        depends on BR2_i386 || BR2_x86_64
        depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS
 
-comment "spice server depends on python (for pyparsing)"
-       depends on BR2_i386 || BR2_x86_64
-       depends on !BR2_PACKAGE_PYTHON
-
 config BR2_PACKAGE_SPICE
        bool "spice server"
        depends on BR2_i386 || BR2_x86_64
-       depends on BR2_PACKAGE_PYTHON
        depends on BR2_USE_WCHAR # libglib2
        depends on BR2_TOOLCHAIN_HAS_THREADS # libglib2
-       select BR2_PACKAGE_ALSA_LIB
-       select BR2_PACKAGE_CELT051
        select BR2_PACKAGE_JPEG
        select BR2_PACKAGE_LIBGLIB2
        select BR2_PACKAGE_OPENSSL
        select BR2_PACKAGE_PIXMAN
-       select BR2_PACKAGE_PYTHON_PYPARSING
        select BR2_PACKAGE_SPICE_PROTOCOL
        help
          The Spice project aims to provide a complete open source
@@ -30,41 +22,3 @@ config BR2_PACKAGE_SPICE
          This package implements the server-part of Spice.
 
          http://www.spice-space.org/
-
-if BR2_PACKAGE_SPICE
-
-comment "client depends on X.org"
-       depends on !BR2_PACKAGE_XORG7
-
-config BR2_PACKAGE_SPICE_CLIENT
-       bool "Enable client"
-       depends on BR2_PACKAGE_XORG7
-       depends on BR2_TOOLCHAIN_HAS_THREADS
-       depends on BR2_INSTALL_LIBSTDCPP
-       select BR2_PACKAGE_XLIB_LIBXFIXES
-       select BR2_PACKAGE_XLIB_LIBXRANDR
-
-comment "client needs a toolchain w/ threads, C++"
-       depends on BR2_PACKAGE_XORG7
-       depends on !BR2_TOOLCHAIN_HAS_THREADS || !BR2_INSTALL_LIBSTDCPP
-
-config BR2_PACKAGE_SPICE_GUI
-       bool "Enable GUI"
-       depends on BR2_PACKAGE_SPICE_CLIENT
-       depends on !BR2_STATIC_LIBS
-       select BR2_PACKAGE_CEGUI06
-       help
-         Say 'y' here to enable the Graphical User Interface (GUI)
-         start dialog.
-
-comment "gui needs a toolchain w/ dynamic library"
-       depends on BR2_STATIC_LIBS
-
-config BR2_PACKAGE_SPICE_TUNNEL
-       bool "Enable network redirection"
-       select BR2_PACKAGE_SLIRP
-       help
-         Say 'y' here to enable network redirection, aka tunnelling
-         through a SLIP/SLIRP session.
-
-endif # BR2_PACKAGE_SPICE
diff -Naurp buildroot-2017.05-rc2/package/spice/spice.hash buildroot-2017.05.2/package/spice/spice.hash
--- buildroot-2017.05-rc2/package/spice/spice.hash      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/spice/spice.hash        2017-07-27 08:16:52.017486944 +0200
@@ -1,2 +1,2 @@
 # Locally calculated
-sha256 cf063e7df42e331a835529d2f613d8a01f8cb2963e8edaadf73a8d65c46fb387        spice-0.12.4.tar.bz2
+sha256 f901a5c5873d61acac84642f9eea5c4d6386fc3e525c2b68792322794e1c407d        spice-0.12.8.tar.bz2
diff -Naurp buildroot-2017.05-rc2/package/spice/spice.mk buildroot-2017.05.2/package/spice/spice.mk
--- buildroot-2017.05-rc2/package/spice/spice.mk        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/spice/spice.mk  2017-07-27 08:16:52.017486944 +0200
@@ -4,20 +4,17 @@
 #
 ################################################################################
 
-SPICE_VERSION = 0.12.4
+SPICE_VERSION = 0.12.8
 SPICE_SOURCE = spice-$(SPICE_VERSION).tar.bz2
 SPICE_SITE = http://www.spice-space.org/download/releases
 SPICE_LICENSE = LGPL-2.1+
 SPICE_LICENSE_FILES = COPYING
 SPICE_INSTALL_STAGING = YES
 SPICE_DEPENDENCIES = \
-       alsa-lib \
-       celt051 \
        jpeg \
        libglib2 \
        openssl \
        pixman \
-       python-pyparsing \
        spice-protocol
 
 # We disable everything for now, because the dependency tree can become
@@ -26,34 +23,30 @@ SPICE_CONF_OPTS = \
        --disable-opengl \
        --disable-smartcard \
        --disable-automated-tests \
-       --without-sasl
+       --without-sasl \
+       --disable-manual
 
 SPICE_DEPENDENCIES += host-pkgconf
 
-ifeq ($(BR2_PACKAGE_SPICE_CLIENT),y)
-SPICE_CONF_OPTS += --enable-client
-SPICE_DEPENDENCIES += xlib_libXfixes xlib_libXrandr
+ifeq ($(BR2_PACKAGE_CELT051),y)
+SPICE_CONF_OPTS += --enable-celt051
+SPICE_DEPENDENCIES += celt051
 else
-SPICE_CONF_OPTS += --disable-client
+SPICE_CONF_OPTS += --disable-celt051
 endif
 
-ifeq ($(BR2_PACKAGE_SPICE_GUI),y)
-SPICE_CONF_OPTS += --enable-gui
-SPICE_DEPENDENCIES += cegui06
+ifeq ($(BR2_PACKAGE_LZ4),y)
+SPICE_CONF_OPTS += --enable-lz4
+SPICE_DEPENDENCIES += lz4
 else
-SPICE_CONF_OPTS += --disable-gui
+SPICE_CONF_OPTS += --disable-lz4
 endif
 
-ifeq ($(BR2_PACKAGE_SPICE_TUNNEL),y)
-SPICE_CONF_OPTS += --enable-tunnel
-SPICE_DEPENDENCIES += slirp
-else
-SPICE_CONF_OPTS += --disable-tunnel
+# no enable/disable, detected using pkg-config
+ifeq ($(BR2_PACKAGE_OPUS),y)
+SPICE_DEPENDENCIES += opus
 endif
 
-SPICE_CONF_ENV = PYTHONPATH=$(TARGET_DIR)/usr/lib/python$(PYTHON_VERSION_MAJOR)/site-packages
-SPICE_MAKE_ENV = PYTHONPATH=$(TARGET_DIR)/usr/lib/python$(PYTHON_VERSION_MAJOR)/site-packages
-
 # We need to tweak spice.pc because it /forgets/ (for static linking) that
 # it should link against libz and libjpeg. libz is pkg-config-aware, while
 # libjpeg isn't, hence the two-line tweak
diff -Naurp buildroot-2017.05-rc2/package/stella/Config.in buildroot-2017.05.2/package/stella/Config.in
--- buildroot-2017.05-rc2/package/stella/Config.in      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/stella/Config.in        2017-07-27 08:16:52.017486944 +0200
@@ -9,7 +9,7 @@ config BR2_PACKAGE_STELLA
        help
          Stella is a multi-platform Atari 2600 VCS emulator.
 
-         http://stella.sourceforge.net/
+         https://stella-emu.github.io/
 
 comment "stella needs a toolchain w/ dynamic library, C++, gcc >= 4.8"
        depends on BR2_STATIC_LIBS || !BR2_INSTALL_LIBSTDCPP || \
diff -Naurp buildroot-2017.05-rc2/package/stella/stella.mk buildroot-2017.05.2/package/stella/stella.mk
--- buildroot-2017.05-rc2/package/stella/stella.mk      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/stella/stella.mk        2017-07-27 08:16:52.017486944 +0200
@@ -6,7 +6,7 @@
 
 STELLA_VERSION = 4.7.2
 STELLA_SOURCE = stella-$(STELLA_VERSION)-src.tar.xz
-STELLA_SITE = http://downloads.sourceforge.net/stella
+STELLA_SITE = https://github.com/stella-emu/stella/releases/download/release-$(STELLA_VERSION)
 STELLA_LICENSE = GPL-2.0+
 STELLA_LICENSE_FILES = Copyright.txt License.txt
 
diff -Naurp buildroot-2017.05-rc2/package/stm32flash/Config.in buildroot-2017.05.2/package/stm32flash/Config.in
--- buildroot-2017.05-rc2/package/stm32flash/Config.in  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/stm32flash/Config.in    2017-07-27 08:16:52.017486944 +0200
@@ -2,7 +2,7 @@ config BR2_PACKAGE_STM32FLASH
        bool "stm32flash"
        help
          Open source cross platform flash program for the STM32 ARM
-         microcontrollers using the built-in ST serial bootloader over UART
-         or I2C.
+         microcontrollers using the built-in ST serial bootloader
+         over UART or I2C.
 
          http://sourceforge.net/projects/stm32flash/
diff -Naurp buildroot-2017.05-rc2/package/strongswan/strongswan.hash buildroot-2017.05.2/package/strongswan/strongswan.hash
--- buildroot-2017.05-rc2/package/strongswan/strongswan.hash    2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/strongswan/strongswan.hash      2017-07-27 08:16:52.017486944 +0200
@@ -2,3 +2,6 @@
 md5    9d7c77b0da9b69f859624897e5e9ebbf        strongswan-5.4.0.tar.bz2
 # Calculated based on the hash above
 sha256 f8288faaea6a9cd8a7d413c0b76b7922be5da3dfcd01fd05cb30d2c55d3bbe89        strongswan-5.4.0.tar.bz2
+# Locally calculated
+sha256 f5ba7f46cf7ae81dd81bc86f9e4cfa0c5c7c6987149b3bc9c0b8bf08598a1063  strongswan-4.4.0-5.5.2_gmp_mpz_powm_sec.patch
+sha256 03db8c7a4133e877e8992e155c046dd27ec4810d50f239abf55595f0280caf31  strongswan-5.0.0-5.5.2_asn1_choice.patch
diff -Naurp buildroot-2017.05-rc2/package/strongswan/strongswan.mk buildroot-2017.05.2/package/strongswan/strongswan.mk
--- buildroot-2017.05-rc2/package/strongswan/strongswan.mk      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/strongswan/strongswan.mk        2017-07-27 08:16:52.017486944 +0200
@@ -7,6 +7,9 @@
 STRONGSWAN_VERSION = 5.4.0
 STRONGSWAN_SOURCE = strongswan-$(STRONGSWAN_VERSION).tar.bz2
 STRONGSWAN_SITE = http://download.strongswan.org
+STRONGSWAN_PATCH = \
+       $(STRONGSWAN_SITE)/patches/21_gmp_mpz_powm_sec_patch/strongswan-4.4.0-5.5.2_gmp_mpz_powm_sec.patch \
+       $(STRONGSWAN_SITE)/patches/22_asn1_choice_patch/strongswan-5.0.0-5.5.2_asn1_choice.patch
 STRONGSWAN_LICENSE = GPL-2.0+
 STRONGSWAN_LICENSE_FILES = COPYING LICENSE
 STRONGSWAN_DEPENDENCIES = host-pkgconf
diff -Naurp buildroot-2017.05-rc2/package/sudo/0001-fix-CVE-2017-1000367.patch buildroot-2017.05.2/package/sudo/0001-fix-CVE-2017-1000367.patch
--- buildroot-2017.05-rc2/package/sudo/0001-fix-CVE-2017-1000367.patch  1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/sudo/0001-fix-CVE-2017-1000367.patch    2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,264 @@
+Downloaded from upstream: https://www.sudo.ws/repos/sudo/raw-rev/b5460cbbb11b
+
+# HG changeset patch
+# User Todd C. Miller <Todd.Miller@courtesan.com>
+# Date 1496089973 21600
+# Node ID b5460cbbb11bbf9d92ffcc6798a686cf4125efd3
+# Parent  c303e6eecc7841e2f891d70613e80fcf27fa6e86
+Fix for CVE-2017-1000367, parsing of /proc/pid/stat on Linux when
+the process name contains spaces.  Since the user has control over
+the command name this could be used by a user with sudo access to
+overwrite an arbitrary file.
+Thanks to Qualys for investigating and reporting this bug.
+
+Also stop performing a breadth-first traversal of /dev when looking
+for the device.  Only the directories specified in search_devs[]
+are checked.
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+diff -r c303e6eecc78 -r b5460cbbb11b src/ttyname.c
+--- a/src/ttyname.c    Tue May 23 13:26:54 2017 -0600
++++ b/src/ttyname.c    Mon May 29 14:32:53 2017 -0600
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2012-2016 Todd C. Miller <Todd.Miller@courtesan.com>
++ * Copyright (c) 2012-2017 Todd C. Miller <Todd.Miller@courtesan.com>
+  *
+  * Permission to use, copy, modify, and distribute this software for any
+  * purpose with or without fee is hereby granted, provided that the above
+@@ -145,20 +145,22 @@
+ }
+ #elif defined(HAVE_STRUCT_PSINFO_PR_TTYDEV) || defined(HAVE_PSTAT_GETPROC) || defined(__linux__)
+ /*
+- * Devices to search before doing a breadth-first scan.
++ * Device nodes and directories to search before searching all of /dev
+  */
+ static char *search_devs[] = {
+     "/dev/console",
+-    "/dev/wscons",
+-    "/dev/pts/",
+-    "/dev/vt/",
+-    "/dev/term/",
+-    "/dev/zcons/",
++    "/dev/pts/",      /* POSIX pty */
++    "/dev/vt/",               /* Solaris virtual console */
++    "/dev/term/",     /* Solaris serial ports */
++    "/dev/zcons/",    /* Solaris zone console */
++    "/dev/pty/",      /* HP-UX old-style pty */
+     NULL
+ };
+ 
++/*
++ * Device nodes to ignore when searching all of /dev
++ */
+ static char *ignore_devs[] = {
+-    "/dev/fd/",
+     "/dev/stdin",
+     "/dev/stdout",
+     "/dev/stderr",
+@@ -166,16 +168,18 @@
+ };
+ 
+ /*
+- * Do a breadth-first scan of dir looking for the specified device.
++ * Do a scan of a directory looking for the specified device.
++ * Does not descend into subdirectories.
+  * Returns name on success and NULL on failure, setting errno.
+  */
+ static char *
+-sudo_ttyname_scan(const char *dir, dev_t rdev, bool builtin, char *name, size_t namelen)
++sudo_ttyname_scan(const char *dir, dev_t rdev, char *name, size_t namelen)
+ {
+-    size_t sdlen, num_subdirs = 0, max_subdirs = 0;
+-    char pathbuf[PATH_MAX], **subdirs = NULL;
++    size_t sdlen;
++    char pathbuf[PATH_MAX];
+     char *ret = NULL;
+     struct dirent *dp;
++    struct stat sb;
+     unsigned int i;
+     DIR *d = NULL;
+     debug_decl(sudo_ttyname_scan, SUDO_DEBUG_UTIL)
+@@ -187,6 +191,18 @@
+     if ((d = opendir(dir)) == NULL)
+       goto done;
+ 
++    if (fstat(dirfd(d), &sb) == -1) {
++      sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
++          "unable to fstat %s", dir);
++      goto done;
++    }
++    if ((sb.st_mode & S_IWOTH) != 0) {
++      sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
++          "ignoring world-writable directory %s", dir);
++      errno = ENOENT;
++      goto done;
++    }
++
+     sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
+       "scanning for dev %u in %s", (unsigned int)rdev, dir);
+ 
+@@ -224,18 +240,6 @@
+       }
+       if (ignore_devs[i] != NULL)
+           continue;
+-      if (!builtin) {
+-          /* Skip entries in search_devs; we already checked them. */
+-          for (i = 0; search_devs[i] != NULL; i++) {
+-              len = strlen(search_devs[i]);
+-              if (search_devs[i][len - 1] == '/')
+-                  len--;
+-              if (d_len == len && strncmp(pathbuf, search_devs[i], len) == 0)
+-                  break;
+-          }
+-          if (search_devs[i] != NULL)
+-              continue;
+-      }
+ # if defined(HAVE_STRUCT_DIRENT_D_TYPE) && defined(DTTOIF)
+       /*
+        * Avoid excessive stat() calls by checking dp->d_type.
+@@ -248,39 +252,14 @@
+               if (stat(pathbuf, &sb) == -1)
+                   continue;
+               break;
+-          case DT_DIR:
+-              /* Directory, no need to stat() it. */
+-              sb.st_mode = DTTOIF(dp->d_type);
+-              sb.st_rdev = 0;         /* quiet ccc-analyzer false positive */
+-              break;
+           default:
+-              /* Not a character device, link or directory, skip it. */
++              /* Not a character device or link, skip it. */
+               continue;
+       }
+ # else
+       if (stat(pathbuf, &sb) == -1)
+           continue;
+ # endif
+-      if (S_ISDIR(sb.st_mode)) {
+-          if (!builtin) {
+-              /* Add to list of subdirs to search. */
+-              if (num_subdirs + 1 > max_subdirs) {
+-                  char **new_subdirs;
+-
+-                  new_subdirs = reallocarray(subdirs, max_subdirs + 64,
+-                      sizeof(char *));
+-                  if (new_subdirs == NULL)
+-                      goto done;
+-                  subdirs = new_subdirs;
+-                  max_subdirs += 64;
+-              }
+-              subdirs[num_subdirs] = strdup(pathbuf);
+-              if (subdirs[num_subdirs] == NULL)
+-                  goto done;
+-              num_subdirs++;
+-          }
+-          continue;
+-      }
+       if (S_ISCHR(sb.st_mode) && sb.st_rdev == rdev) {
+           sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
+               "resolved dev %u as %s", (unsigned int)rdev, pathbuf);
+@@ -296,16 +275,9 @@
+       }
+     }
+ 
+-    /* Search subdirs if we didn't find it in the root level. */
+-    for (i = 0; ret == NULL && i < num_subdirs; i++)
+-      ret = sudo_ttyname_scan(subdirs[i], rdev, false, name, namelen);
+-
+ done:
+     if (d != NULL)
+       closedir(d);
+-    for (i = 0; i < num_subdirs; i++)
+-      free(subdirs[i]);
+-    free(subdirs);
+     debug_return_str(ret);
+ }
+ 
+@@ -324,7 +296,7 @@
+     debug_decl(sudo_ttyname_dev, SUDO_DEBUG_UTIL)
+ 
+     /*
+-     * First check search_devs for common tty devices.
++     * First check search_devs[] for common tty devices.
+      */
+     for (sd = search_devs; (devname = *sd) != NULL; sd++) {
+       len = strlen(devname);
+@@ -349,7 +321,7 @@
+                   "comparing dev %u to %s: no", (unsigned int)rdev, buf);
+           } else {
+               /* Traverse directory */
+-              ret = sudo_ttyname_scan(devname, rdev, true, name, namelen);
++              ret = sudo_ttyname_scan(devname, rdev, name, namelen);
+               if (ret != NULL || errno == ENOMEM)
+                   goto done;
+           }
+@@ -367,9 +339,9 @@
+     }
+ 
+     /*
+-     * Not found?  Do a breadth-first traversal of /dev/.
++     * Not found?  Check all device nodes in /dev.
+      */
+-    ret = sudo_ttyname_scan(_PATH_DEV, rdev, false, name, namelen);
++    ret = sudo_ttyname_scan(_PATH_DEV, rdev, name, namelen);
+ 
+ done:
+     debug_return_str(ret);
+@@ -493,28 +465,35 @@
+       len = getline(&line, &linesize, fp);
+       fclose(fp);
+       if (len != -1) {
+-          /* Field 7 is the tty dev (0 if no tty) */
+-          char *cp = line;
+-          char *ep = line;
+-          const char *errstr;
+-          int field = 0;
+-          while (*++ep != '\0') {
+-              if (*ep == ' ') {
+-                  *ep = '\0';
+-                  if (++field == 7) {
+-                      dev_t tdev = strtonum(cp, INT_MIN, INT_MAX, &errstr);
+-                      if (errstr) {
+-                          sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
+-                              "%s: tty device %s: %s", path, cp, errstr);
++          /*
++           * Field 7 is the tty dev (0 if no tty).
++           * Since the process name at field 2 "(comm)" may include spaces,
++           * start at the last ')' found.
++           */
++          char *cp = strrchr(line, ')');
++          if (cp != NULL) {
++              char *ep = cp;
++              const char *errstr;
++              int field = 1;
++
++              while (*++ep != '\0') {
++                  if (*ep == ' ') {
++                      *ep = '\0';
++                      if (++field == 7) {
++                          dev_t tdev = strtonum(cp, INT_MIN, INT_MAX, &errstr);
++                          if (errstr) {
++                              sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
++                                  "%s: tty device %s: %s", path, cp, errstr);
++                          }
++                          if (tdev > 0) {
++                              errno = serrno;
++                              ret = sudo_ttyname_dev(tdev, name, namelen);
++                              goto done;
++                          }
++                          break;
+                       }
+-                      if (tdev > 0) {
+-                          errno = serrno;
+-                          ret = sudo_ttyname_dev(tdev, name, namelen);
+-                          goto done;
+-                      }
+-                      break;
++                      cp = ep + 1;
+                   }
+-                  cp = ep + 1;
+               }
+           }
+       }
+
diff -Naurp buildroot-2017.05-rc2/package/systemd/0001-fix-getty-unit.patch buildroot-2017.05.2/package/systemd/0001-fix-getty-unit.patch
--- buildroot-2017.05-rc2/package/systemd/0001-fix-getty-unit.patch     2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/systemd/0001-fix-getty-unit.patch       1970-01-01 01:00:00.000000000 +0100
@@ -1,30 +0,0 @@
-Prefer getty to agetty in console setup systemd units
-
-Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com>
-Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
----
-
-diff -aburN systemd-212.orig/units/getty@.service.m4 systemd-212/units/getty@.service.m4
---- systemd-212.orig/units/getty@.service.m4   2014-01-28 11:08:51.000000000 +0100
-+++ systemd-212/units/getty@.service.m4        2014-03-26 11:06:27.000000000 +0100
-@@ -27,7 +27,7 @@
- 
- [Service]
- # the VT is cleared by TTYVTDisallocate
--ExecStart=-/sbin/agetty --noclear %I $TERM
-+ExecStart=-/sbin/getty -L %I 115200 vt100
- Type=idle
- Restart=always
- RestartSec=0
-diff -aburN systemd-212.orig/units/serial-getty@.service.m4 systemd-212/units/serial-getty@.service.m4
---- systemd-212.orig/units/serial-getty@.service.m4    2014-03-13 18:47:24.000000000 +0100
-+++ systemd-212/units/serial-getty@.service.m4 2014-03-26 11:07:01.000000000 +0100
-@@ -22,7 +22,7 @@
- IgnoreOnIsolate=yes
- 
- [Service]
--ExecStart=-/sbin/agetty --keep-baud 115200,38400,9600 %I $TERM
-+ExecStart=-/sbin/getty -L %I 115200 vt100
- Type=idle
- Restart=always
- RestartSec=0
diff -Naurp buildroot-2017.05-rc2/package/systemd/0001-resolved-bugfix-of-null-pointer-p-question-dereferencing.patch buildroot-2017.05.2/package/systemd/0001-resolved-bugfix-of-null-pointer-p-question-dereferencing.patch
--- buildroot-2017.05-rc2/package/systemd/0001-resolved-bugfix-of-null-pointer-p-question-dereferencing.patch   1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/systemd/0001-resolved-bugfix-of-null-pointer-p-question-dereferencing.patch     2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,28 @@
+From a924f43f30f9c4acaf70618dd2a055f8b0f166be Mon Sep 17 00:00:00 2001
+From: Evgeny Vereshchagin <evvers@ya.ru>
+Date: Wed, 24 May 2017 08:56:48 +0300
+Subject: [PATCH] resolved: bugfix of null pointer p->question dereferencing
+ (#6020)
+
+See https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1621396
+
+[Upstream commit: https://github.com/systemd/systemd/commit/a924f43f30f9c4acaf70618dd2a055f8b0f166be]
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+---
+ src/resolve/resolved-dns-packet.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
+index 652970284e..240ee448f4 100644
+--- a/src/resolve/resolved-dns-packet.c
++++ b/src/resolve/resolved-dns-packet.c
+@@ -2269,6 +2269,9 @@ int dns_packet_is_reply_for(DnsPacket *p, const DnsResourceKey *key) {
+         if (r < 0)
+                 return r;
+ 
++        if (!p->question)
++                return 0;
++
+         if (p->question->n_keys != 1)
+                 return 0;
+ 
diff -Naurp buildroot-2017.05-rc2/package/systemd/0002-build-check-for-ln-relative.patch buildroot-2017.05.2/package/systemd/0002-build-check-for-ln-relative.patch
--- buildroot-2017.05-rc2/package/systemd/0002-build-check-for-ln-relative.patch        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/systemd/0002-build-check-for-ln-relative.patch  1970-01-01 01:00:00.000000000 +0100
@@ -1,96 +0,0 @@
-From c78fa2b40cb8b810d06ef225e30f12a7ed44ffa2 Mon Sep 17 00:00:00 2001
-From: "Yann E. MORIN" <yann.morin.1998@free.fr>
-Date: Sat, 1 Apr 2017 11:26:29 +0200
-Subject: [PATCH] build: check for ln --relative
-
-ln --relative is recent enough that not all distributions support it.
-This is especially the case for enterprise-grade distributions than can
-have a life-span of more than a decade.
-
-Detect if ln supports --relative and use it if so.
-
-If not supported, use a bit of sed magic to construct the ../ sequence,
-that leads back to / when appended to the destination directory.
-
-We introduce this as a macro that expands to a single command. To avoid
-complexity in the macro, we expect paths to be passed whitout the
-leading DESTDIR.
-
----
-Upstream status: submitted, disputed:
-    https://github.com/systemd/systemd/pull/5682
-
----
- Makefile.am  | 25 ++++++++++++++++++++++---
- configure.ac |  5 ++++-
- 2 files changed, 26 insertions(+), 4 deletions(-)
-
-diff --git a/Makefile.am b/Makefile.am
-index 1cc657a..ec503f2 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -300,6 +300,24 @@ install-busnames-target-wants-hook:
-       what="$(BUSNAMES_TARGET_WANTS)" && wants=busnames.target && dir=$(systemunitdir) && $(add-wants)
-       what="$(USER_BUSNAMES_TARGET_WANTS)" && wants=busnames.target && dir=$(userunitdir) && $(add-wants)
- 
-+# Macro to emulate ln --relative when needed
-+# $(1): options for ln, except --relative
-+# $(2): source file, absolute path without leading DESTDIR
-+# $(3): destination file, absolute path without leading DESTDIR
-+if HAVE_LN_RELATIVE
-+define ln-s-relative
-+      $(LN_S) --relative $(1) \
-+              $(DESTDIR)$(strip $(2)) \
-+              $(DESTDIR)$(strip $(3))
-+endef
-+else
-+define ln-s-relative
-+      $(LN_S) $(1) \
-+              `dirname $(strip $(3)) |sed -r -e 's:/+[^/]+:../:g; s:/$$::'`$(strip $(2)) \
-+              $(DESTDIR)$(strip $(3))
-+endef
-+endif
-+
- define add-wants
-       [ -z "$$what" ] || ( \
-         dir=$(DESTDIR)$$dir/$$wants.wants && \
-@@ -313,8 +331,9 @@ install-directories-hook:
-       $(MKDIR_P) $(addprefix $(DESTDIR),$(INSTALL_DIRS))
- 
- install-environment-conf-hook: install-directories-hook
--      $(AM_V_LN)$(LN_S) --relative -f $(DESTDIR)$(sysconfdir)/environment \
--              $(DESTDIR)$(environmentdir)/99-environment.conf
-+      $(AM_V_LN)$(call ln-s-relative,-f,\
-+                      $(sysconfdir)/environment,\
-+                      $(environmentdir)/99-environment.conf)
- 
- install-aliases-hook:
-       set -- $(SYSTEM_UNIT_ALIASES) && \
-@@ -337,7 +356,7 @@ define install-relative-aliases
-       while [ -n "$$1" ]; do \
-               $(MKDIR_P) `dirname $(DESTDIR)$$dir/$$2` && \
-               rm -f $(DESTDIR)$$dir/$$2 && \
--              $(LN_S) --relative $(DESTDIR)$$1 $(DESTDIR)$$dir/$$2 && \
-+              $(call ln-s-relative,,$$1,$$dir/$$2) && \
-               shift 2 || exit $$?; \
-       done
- endef
-diff --git a/configure.ac b/configure.ac
-index cf37ca6..d586fc4 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -108,7 +108,10 @@ AC_PATH_PROG([SULOGIN], [sulogin], [/usr/sbin/sulogin], [$PATH:/usr/sbin:/sbin])
- AC_PATH_PROG([MOUNT_PATH], [mount], [/usr/bin/mount], [$PATH:/usr/sbin:/sbin])
- AC_PATH_PROG([UMOUNT_PATH], [umount], [/usr/bin/umount], [$PATH:/usr/sbin:/sbin])
- 
--AS_IF([! ln --relative --help > /dev/null 2>&1], [AC_MSG_ERROR([*** ln doesn't support --relative ***])])
-+AC_MSG_CHECKING([if ln supports --relative])
-+AS_IF([! ${LN_S} --relative --help > /dev/null 2>&1], [ln_relative=no], [ln_relative=yes])
-+AC_MSG_RESULT([$ln_relative])
-+AM_CONDITIONAL([HAVE_LN_RELATIVE], [test "x$ln_relative" = "xyes"])
- 
- M4_DEFINES=
- 
--- 
-2.9.3
-
diff -Naurp buildroot-2017.05-rc2/package/systemd/0002-resolved-simplify-alloc-size-calculation.patch buildroot-2017.05.2/package/systemd/0002-resolved-simplify-alloc-size-calculation.patch
--- buildroot-2017.05-rc2/package/systemd/0002-resolved-simplify-alloc-size-calculation.patch   1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/systemd/0002-resolved-simplify-alloc-size-calculation.patch     2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,51 @@
+From db848813bae4d28c524b3b6a7dad135e426659ce Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Sun, 18 Jun 2017 16:07:57 -0400
+Subject: [PATCH] resolved: simplify alloc size calculation
+
+The allocation size was calculated in a complicated way, and for values
+close to the page size we would actually allocate less than requested.
+
+Reported by Chris Coulson <chris.coulson@canonical.com>.
+
+CVE-2017-9445
+
+[Upstream commit: https://github.com/systemd/systemd/commit/db848813bae4d28c524b3b6a7dad135e426659ce]
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+---
+ src/resolve/resolved-dns-packet.c | 8 +-------
+ src/resolve/resolved-dns-packet.h | 2 --
+ 2 files changed, 1 insertion(+), 9 deletions(-)
+
+diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
+index 240ee448f4..821b66e266 100644
+--- a/src/resolve/resolved-dns-packet.c
++++ b/src/resolve/resolved-dns-packet.c
+@@ -47,13 +47,7 @@ int dns_packet_new(DnsPacket **ret, DnsProtocol protocol, size_t mtu) {
+ 
+         assert(ret);
+ 
+-        if (mtu <= UDP_PACKET_HEADER_SIZE)
+-                a = DNS_PACKET_SIZE_START;
+-        else
+-                a = mtu - UDP_PACKET_HEADER_SIZE;
+-
+-        if (a < DNS_PACKET_HEADER_SIZE)
+-                a = DNS_PACKET_HEADER_SIZE;
++        a = MAX(mtu, DNS_PACKET_HEADER_SIZE);
+ 
+         /* round up to next page size */
+         a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket));
+diff --git a/src/resolve/resolved-dns-packet.h b/src/resolve/resolved-dns-packet.h
+index 2c92392e4d..3abcaf8cf3 100644
+--- a/src/resolve/resolved-dns-packet.h
++++ b/src/resolve/resolved-dns-packet.h
+@@ -66,8 +66,6 @@ struct DnsPacketHeader {
+ /* With EDNS0 we can use larger packets, default to 4096, which is what is commonly used */
+ #define DNS_PACKET_UNICAST_SIZE_LARGE_MAX 4096
+ 
+-#define DNS_PACKET_SIZE_START 512
+-
+ struct DnsPacket {
+         int n_ref;
+         DnsProtocol protocol;
diff -Naurp buildroot-2017.05-rc2/package/systemd/0003-fix-am-path-libgcrypt-no-found.patch buildroot-2017.05.2/package/systemd/0003-fix-am-path-libgcrypt-no-found.patch
--- buildroot-2017.05-rc2/package/systemd/0003-fix-am-path-libgcrypt-no-found.patch     2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/systemd/0003-fix-am-path-libgcrypt-no-found.patch       1970-01-01 01:00:00.000000000 +0100
@@ -1,145 +0,0 @@
-Fix AM_PATH_LIBGCRYPT not found
-
-This patch installs a copy of libgcrypt.m4 from the libgcrypt source tarball
-to systemd m4 directory.
-
-Libgcrypt uses a custom m4 macro and not pkg-config to check if the
-development files are available. Though libgcrypt support is optional in
-systemd, this macro should be available whenever autoreconf is used, otherwise
-the re-configuration will fail with:
-
-  configure.ac:616: warning: macro 'AM_PATH_LIBGCRYPT' not found in library
-
-As asking the user to install the development package of libgcrypt on the host
-machine or adding libgcrypt as a build dependency to systemd is not
-acceptable, the required file is added to the m4 directory.
-
-Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
-Index: systemd-213/m4/libgcrypt.m4
-===================================================================
---- /dev/null  1970-01-01 00:00:00.000000000 +0000
-+++ systemd-213/m4/libgcrypt.m4        2014-06-11 10:41:11.749305509 +0200
-@@ -0,0 +1,123 @@
-+dnl Autoconf macros for libgcrypt
-+dnl       Copyright (C) 2002, 2004 Free Software Foundation, Inc.
-+dnl
-+dnl This file is free software; as a special exception the author gives
-+dnl unlimited permission to copy and/or distribute it, with or without
-+dnl modifications, as long as this notice is preserved.
-+dnl
-+dnl This file is distributed in the hope that it will be useful, but
-+dnl WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
-+dnl implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-+
-+
-+dnl AM_PATH_LIBGCRYPT([MINIMUM-VERSION,
-+dnl                   [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]])
-+dnl Test for libgcrypt and define LIBGCRYPT_CFLAGS and LIBGCRYPT_LIBS.
-+dnl MINIMUN-VERSION is a string with the version number optionalliy prefixed
-+dnl with the API version to also check the API compatibility. Example:
-+dnl a MINIMUN-VERSION of 1:1.2.5 won't pass the test unless the installed
-+dnl version of libgcrypt is at least 1.2.5 *and* the API number is 1.  Using
-+dnl this features allows to prevent build against newer versions of libgcrypt
-+dnl with a changed API.
-+dnl
-+AC_DEFUN([AM_PATH_LIBGCRYPT],
-+[ AC_ARG_WITH(libgcrypt-prefix,
-+            AC_HELP_STRING([--with-libgcrypt-prefix=PFX],
-+                           [prefix where LIBGCRYPT is installed (optional)]),
-+     libgcrypt_config_prefix="$withval", libgcrypt_config_prefix="")
-+  if test x$libgcrypt_config_prefix != x ; then
-+     if test x${LIBGCRYPT_CONFIG+set} != xset ; then
-+        LIBGCRYPT_CONFIG=$libgcrypt_config_prefix/bin/libgcrypt-config
-+     fi
-+  fi
-+
-+  AC_PATH_TOOL(LIBGCRYPT_CONFIG, libgcrypt-config, no)
-+  tmp=ifelse([$1], ,1:1.2.0,$1)
-+  if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then
-+     req_libgcrypt_api=`echo "$tmp"     | sed 's/\(.*\):\(.*\)/\1/'`
-+     min_libgcrypt_version=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\2/'`
-+  else
-+     req_libgcrypt_api=0
-+     min_libgcrypt_version="$tmp"
-+  fi
-+
-+  AC_MSG_CHECKING(for LIBGCRYPT - version >= $min_libgcrypt_version)
-+  ok=no
-+  if test "$LIBGCRYPT_CONFIG" != "no" ; then
-+    req_major=`echo $min_libgcrypt_version | \
-+               sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\1/'`
-+    req_minor=`echo $min_libgcrypt_version | \
-+               sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'`
-+    req_micro=`echo $min_libgcrypt_version | \
-+               sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'`
-+    libgcrypt_config_version=`$LIBGCRYPT_CONFIG --version`
-+    major=`echo $libgcrypt_config_version | \
-+               sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'`
-+    minor=`echo $libgcrypt_config_version | \
-+               sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\2/'`
-+    micro=`echo $libgcrypt_config_version | \
-+               sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\3/'`
-+    if test "$major" -gt "$req_major"; then
-+        ok=yes
-+    else
-+        if test "$major" -eq "$req_major"; then
-+            if test "$minor" -gt "$req_minor"; then
-+               ok=yes
-+            else
-+               if test "$minor" -eq "$req_minor"; then
-+                   if test "$micro" -ge "$req_micro"; then
-+                     ok=yes
-+                   fi
-+               fi
-+            fi
-+        fi
-+    fi
-+  fi
-+  if test $ok = yes; then
-+    AC_MSG_RESULT([yes ($libgcrypt_config_version)])
-+  else
-+    AC_MSG_RESULT(no)
-+  fi
-+  if test $ok = yes; then
-+     # If we have a recent libgcrypt, we should also check that the
-+     # API is compatible
-+     if test "$req_libgcrypt_api" -gt 0 ; then
-+        tmp=`$LIBGCRYPT_CONFIG --api-version 2>/dev/null || echo 0`
-+        if test "$tmp" -gt 0 ; then
-+           AC_MSG_CHECKING([LIBGCRYPT API version])
-+           if test "$req_libgcrypt_api" -eq "$tmp" ; then
-+             AC_MSG_RESULT([okay])
-+           else
-+             ok=no
-+             AC_MSG_RESULT([does not match. want=$req_libgcrypt_api got=$tmp])
-+           fi
-+        fi
-+     fi
-+  fi
-+  if test $ok = yes; then
-+    LIBGCRYPT_CFLAGS=`$LIBGCRYPT_CONFIG --cflags`
-+    LIBGCRYPT_LIBS=`$LIBGCRYPT_CONFIG --libs`
-+    ifelse([$2], , :, [$2])
-+    if test x"$host" != x ; then
-+      libgcrypt_config_host=`$LIBGCRYPT_CONFIG --host 2>/dev/null || echo none`
-+      if test x"$libgcrypt_config_host" != xnone ; then
-+        if test x"$libgcrypt_config_host" != x"$host" ; then
-+  AC_MSG_WARN([[
-+***
-+*** The config script $LIBGCRYPT_CONFIG was
-+*** built for $libgcrypt_config_host and thus may not match the
-+*** used host $host.
-+*** You may want to use the configure option --with-libgcrypt-prefix
-+*** to specify a matching config script.
-+***]])
-+        fi
-+      fi
-+    fi
-+  else
-+    LIBGCRYPT_CFLAGS=""
-+    LIBGCRYPT_LIBS=""
-+    ifelse([$3], , :, [$3])
-+  fi
-+  AC_SUBST(LIBGCRYPT_CFLAGS)
-+  AC_SUBST(LIBGCRYPT_LIBS)
-+])
diff -Naurp buildroot-2017.05-rc2/package/systemd/0003-resolved-do-not-allocate-packets-with-minimum-size.patch buildroot-2017.05.2/package/systemd/0003-resolved-do-not-allocate-packets-with-minimum-size.patch
--- buildroot-2017.05-rc2/package/systemd/0003-resolved-do-not-allocate-packets-with-minimum-size.patch 1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/systemd/0003-resolved-do-not-allocate-packets-with-minimum-size.patch   2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,48 @@
+From 88795538726a5bbfd9efc13d441cb05e1d7fc139 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Tue, 27 Jun 2017 14:20:00 -0400
+Subject: [PATCH] resolved: do not allocate packets with minimum size
+
+dns_packet_new() is sometimes called with mtu == 0, and in that case we should
+allocate more than the absolute minimum (which is the dns packet header size),
+otherwise we have to resize immediately again after appending the first data to
+the packet.
+
+This partially reverts the previous commit.
+
+[Upstream commit: https://github.com/systemd/systemd/commit/88795538726a5bbfd9efc13d441cb05e1d7fc139]
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+---
+ src/resolve/resolved-dns-packet.c | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
+index 821b66e266..d1f0f760a4 100644
+--- a/src/resolve/resolved-dns-packet.c
++++ b/src/resolve/resolved-dns-packet.c
+@@ -28,6 +28,9 @@
+ 
+ #define EDNS0_OPT_DO (1<<15)
+ 
++#define DNS_PACKET_SIZE_START 512
++assert_cc(DNS_PACKET_SIZE_START > UDP_PACKET_HEADER_SIZE)
++
+ typedef struct DnsPacketRewinder {
+         DnsPacket *packet;
+         size_t saved_rindex;
+@@ -47,7 +50,14 @@ int dns_packet_new(DnsPacket **ret, DnsProtocol protocol, size_t mtu) {
+ 
+         assert(ret);
+ 
+-        a = MAX(mtu, DNS_PACKET_HEADER_SIZE);
++        /* When dns_packet_new() is called with mtu == 0, allocate more than the
++         * absolute minimum (which is the dns packet header size), to avoid
++         * resizing immediately again after appending the first data to the packet.
++         */
++        if (mtu < UDP_PACKET_HEADER_SIZE)
++                a = DNS_PACKET_SIZE_START;
++        else
++                a = MAX(mtu, DNS_PACKET_HEADER_SIZE);
+ 
+         /* round up to next page size */
+         a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket));
diff -Naurp buildroot-2017.05-rc2/package/systemd/0004-fix-getty-unit.patch buildroot-2017.05.2/package/systemd/0004-fix-getty-unit.patch
--- buildroot-2017.05-rc2/package/systemd/0004-fix-getty-unit.patch     1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/systemd/0004-fix-getty-unit.patch       2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,30 @@
+Prefer getty to agetty in console setup systemd units
+
+Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com>
+Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
+---
+
+diff -aburN systemd-212.orig/units/getty@.service.m4 systemd-212/units/getty@.service.m4
+--- systemd-212.orig/units/getty@.service.m4   2014-01-28 11:08:51.000000000 +0100
++++ systemd-212/units/getty@.service.m4        2014-03-26 11:06:27.000000000 +0100
+@@ -27,7 +27,7 @@
+ 
+ [Service]
+ # the VT is cleared by TTYVTDisallocate
+-ExecStart=-/sbin/agetty --noclear %I $TERM
++ExecStart=-/sbin/getty -L %I 115200 vt100
+ Type=idle
+ Restart=always
+ RestartSec=0
+diff -aburN systemd-212.orig/units/serial-getty@.service.m4 systemd-212/units/serial-getty@.service.m4
+--- systemd-212.orig/units/serial-getty@.service.m4    2014-03-13 18:47:24.000000000 +0100
++++ systemd-212/units/serial-getty@.service.m4 2014-03-26 11:07:01.000000000 +0100
+@@ -22,7 +22,7 @@
+ IgnoreOnIsolate=yes
+ 
+ [Service]
+-ExecStart=-/sbin/agetty --keep-baud 115200,38400,9600 %I $TERM
++ExecStart=-/sbin/getty -L %I 115200 vt100
+ Type=idle
+ Restart=always
+ RestartSec=0
diff -Naurp buildroot-2017.05-rc2/package/systemd/0005-build-check-for-ln-relative.patch buildroot-2017.05.2/package/systemd/0005-build-check-for-ln-relative.patch
--- buildroot-2017.05-rc2/package/systemd/0005-build-check-for-ln-relative.patch        1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/systemd/0005-build-check-for-ln-relative.patch  2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,96 @@
+From c78fa2b40cb8b810d06ef225e30f12a7ed44ffa2 Mon Sep 17 00:00:00 2001
+From: "Yann E. MORIN" <yann.morin.1998@free.fr>
+Date: Sat, 1 Apr 2017 11:26:29 +0200
+Subject: [PATCH] build: check for ln --relative
+
+ln --relative is recent enough that not all distributions support it.
+This is especially the case for enterprise-grade distributions than can
+have a life-span of more than a decade.
+
+Detect if ln supports --relative and use it if so.
+
+If not supported, use a bit of sed magic to construct the ../ sequence,
+that leads back to / when appended to the destination directory.
+
+We introduce this as a macro that expands to a single command. To avoid
+complexity in the macro, we expect paths to be passed whitout the
+leading DESTDIR.
+
+---
+Upstream status: submitted, disputed:
+    https://github.com/systemd/systemd/pull/5682
+
+---
+ Makefile.am  | 25 ++++++++++++++++++++++---
+ configure.ac |  5 ++++-
+ 2 files changed, 26 insertions(+), 4 deletions(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index 1cc657a..ec503f2 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -300,6 +300,24 @@ install-busnames-target-wants-hook:
+       what="$(BUSNAMES_TARGET_WANTS)" && wants=busnames.target && dir=$(systemunitdir) && $(add-wants)
+       what="$(USER_BUSNAMES_TARGET_WANTS)" && wants=busnames.target && dir=$(userunitdir) && $(add-wants)
+ 
++# Macro to emulate ln --relative when needed
++# $(1): options for ln, except --relative
++# $(2): source file, absolute path without leading DESTDIR
++# $(3): destination file, absolute path without leading DESTDIR
++if HAVE_LN_RELATIVE
++define ln-s-relative
++      $(LN_S) --relative $(1) \
++              $(DESTDIR)$(strip $(2)) \
++              $(DESTDIR)$(strip $(3))
++endef
++else
++define ln-s-relative
++      $(LN_S) $(1) \
++              `dirname $(strip $(3)) |sed -r -e 's:/+[^/]+:../:g; s:/$$::'`$(strip $(2)) \
++              $(DESTDIR)$(strip $(3))
++endef
++endif
++
+ define add-wants
+       [ -z "$$what" ] || ( \
+         dir=$(DESTDIR)$$dir/$$wants.wants && \
+@@ -313,8 +331,9 @@ install-directories-hook:
+       $(MKDIR_P) $(addprefix $(DESTDIR),$(INSTALL_DIRS))
+ 
+ install-environment-conf-hook: install-directories-hook
+-      $(AM_V_LN)$(LN_S) --relative -f $(DESTDIR)$(sysconfdir)/environment \
+-              $(DESTDIR)$(environmentdir)/99-environment.conf
++      $(AM_V_LN)$(call ln-s-relative,-f,\
++                      $(sysconfdir)/environment,\
++                      $(environmentdir)/99-environment.conf)
+ 
+ install-aliases-hook:
+       set -- $(SYSTEM_UNIT_ALIASES) && \
+@@ -337,7 +356,7 @@ define install-relative-aliases
+       while [ -n "$$1" ]; do \
+               $(MKDIR_P) `dirname $(DESTDIR)$$dir/$$2` && \
+               rm -f $(DESTDIR)$$dir/$$2 && \
+-              $(LN_S) --relative $(DESTDIR)$$1 $(DESTDIR)$$dir/$$2 && \
++              $(call ln-s-relative,,$$1,$$dir/$$2) && \
+               shift 2 || exit $$?; \
+       done
+ endef
+diff --git a/configure.ac b/configure.ac
+index cf37ca6..d586fc4 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -108,7 +108,10 @@ AC_PATH_PROG([SULOGIN], [sulogin], [/usr/sbin/sulogin], [$PATH:/usr/sbin:/sbin])
+ AC_PATH_PROG([MOUNT_PATH], [mount], [/usr/bin/mount], [$PATH:/usr/sbin:/sbin])
+ AC_PATH_PROG([UMOUNT_PATH], [umount], [/usr/bin/umount], [$PATH:/usr/sbin:/sbin])
+ 
+-AS_IF([! ln --relative --help > /dev/null 2>&1], [AC_MSG_ERROR([*** ln doesn't support --relative ***])])
++AC_MSG_CHECKING([if ln supports --relative])
++AS_IF([! ${LN_S} --relative --help > /dev/null 2>&1], [ln_relative=no], [ln_relative=yes])
++AC_MSG_RESULT([$ln_relative])
++AM_CONDITIONAL([HAVE_LN_RELATIVE], [test "x$ln_relative" = "xyes"])
+ 
+ M4_DEFINES=
+ 
+-- 
+2.9.3
+
diff -Naurp buildroot-2017.05-rc2/package/systemd/0006-fix-am-path-libgcrypt-no-found.patch buildroot-2017.05.2/package/systemd/0006-fix-am-path-libgcrypt-no-found.patch
--- buildroot-2017.05-rc2/package/systemd/0006-fix-am-path-libgcrypt-no-found.patch     1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/systemd/0006-fix-am-path-libgcrypt-no-found.patch       2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,145 @@
+Fix AM_PATH_LIBGCRYPT not found
+
+This patch installs a copy of libgcrypt.m4 from the libgcrypt source tarball
+to systemd m4 directory.
+
+Libgcrypt uses a custom m4 macro and not pkg-config to check if the
+development files are available. Though libgcrypt support is optional in
+systemd, this macro should be available whenever autoreconf is used, otherwise
+the re-configuration will fail with:
+
+  configure.ac:616: warning: macro 'AM_PATH_LIBGCRYPT' not found in library
+
+As asking the user to install the development package of libgcrypt on the host
+machine or adding libgcrypt as a build dependency to systemd is not
+acceptable, the required file is added to the m4 directory.
+
+Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
+Index: systemd-213/m4/libgcrypt.m4
+===================================================================
+--- /dev/null  1970-01-01 00:00:00.000000000 +0000
++++ systemd-213/m4/libgcrypt.m4        2014-06-11 10:41:11.749305509 +0200
+@@ -0,0 +1,123 @@
++dnl Autoconf macros for libgcrypt
++dnl       Copyright (C) 2002, 2004 Free Software Foundation, Inc.
++dnl
++dnl This file is free software; as a special exception the author gives
++dnl unlimited permission to copy and/or distribute it, with or without
++dnl modifications, as long as this notice is preserved.
++dnl
++dnl This file is distributed in the hope that it will be useful, but
++dnl WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
++dnl implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
++
++
++dnl AM_PATH_LIBGCRYPT([MINIMUM-VERSION,
++dnl                   [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]])
++dnl Test for libgcrypt and define LIBGCRYPT_CFLAGS and LIBGCRYPT_LIBS.
++dnl MINIMUN-VERSION is a string with the version number optionalliy prefixed
++dnl with the API version to also check the API compatibility. Example:
++dnl a MINIMUN-VERSION of 1:1.2.5 won't pass the test unless the installed
++dnl version of libgcrypt is at least 1.2.5 *and* the API number is 1.  Using
++dnl this features allows to prevent build against newer versions of libgcrypt
++dnl with a changed API.
++dnl
++AC_DEFUN([AM_PATH_LIBGCRYPT],
++[ AC_ARG_WITH(libgcrypt-prefix,
++            AC_HELP_STRING([--with-libgcrypt-prefix=PFX],
++                           [prefix where LIBGCRYPT is installed (optional)]),
++     libgcrypt_config_prefix="$withval", libgcrypt_config_prefix="")
++  if test x$libgcrypt_config_prefix != x ; then
++     if test x${LIBGCRYPT_CONFIG+set} != xset ; then
++        LIBGCRYPT_CONFIG=$libgcrypt_config_prefix/bin/libgcrypt-config
++     fi
++  fi
++
++  AC_PATH_TOOL(LIBGCRYPT_CONFIG, libgcrypt-config, no)
++  tmp=ifelse([$1], ,1:1.2.0,$1)
++  if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then
++     req_libgcrypt_api=`echo "$tmp"     | sed 's/\(.*\):\(.*\)/\1/'`
++     min_libgcrypt_version=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\2/'`
++  else
++     req_libgcrypt_api=0
++     min_libgcrypt_version="$tmp"
++  fi
++
++  AC_MSG_CHECKING(for LIBGCRYPT - version >= $min_libgcrypt_version)
++  ok=no
++  if test "$LIBGCRYPT_CONFIG" != "no" ; then
++    req_major=`echo $min_libgcrypt_version | \
++               sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\1/'`
++    req_minor=`echo $min_libgcrypt_version | \
++               sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'`
++    req_micro=`echo $min_libgcrypt_version | \
++               sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'`
++    libgcrypt_config_version=`$LIBGCRYPT_CONFIG --version`
++    major=`echo $libgcrypt_config_version | \
++               sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'`
++    minor=`echo $libgcrypt_config_version | \
++               sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\2/'`
++    micro=`echo $libgcrypt_config_version | \
++               sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\3/'`
++    if test "$major" -gt "$req_major"; then
++        ok=yes
++    else
++        if test "$major" -eq "$req_major"; then
++            if test "$minor" -gt "$req_minor"; then
++               ok=yes
++            else
++               if test "$minor" -eq "$req_minor"; then
++                   if test "$micro" -ge "$req_micro"; then
++                     ok=yes
++                   fi
++               fi
++            fi
++        fi
++    fi
++  fi
++  if test $ok = yes; then
++    AC_MSG_RESULT([yes ($libgcrypt_config_version)])
++  else
++    AC_MSG_RESULT(no)
++  fi
++  if test $ok = yes; then
++     # If we have a recent libgcrypt, we should also check that the
++     # API is compatible
++     if test "$req_libgcrypt_api" -gt 0 ; then
++        tmp=`$LIBGCRYPT_CONFIG --api-version 2>/dev/null || echo 0`
++        if test "$tmp" -gt 0 ; then
++           AC_MSG_CHECKING([LIBGCRYPT API version])
++           if test "$req_libgcrypt_api" -eq "$tmp" ; then
++             AC_MSG_RESULT([okay])
++           else
++             ok=no
++             AC_MSG_RESULT([does not match. want=$req_libgcrypt_api got=$tmp])
++           fi
++        fi
++     fi
++  fi
++  if test $ok = yes; then
++    LIBGCRYPT_CFLAGS=`$LIBGCRYPT_CONFIG --cflags`
++    LIBGCRYPT_LIBS=`$LIBGCRYPT_CONFIG --libs`
++    ifelse([$2], , :, [$2])
++    if test x"$host" != x ; then
++      libgcrypt_config_host=`$LIBGCRYPT_CONFIG --host 2>/dev/null || echo none`
++      if test x"$libgcrypt_config_host" != xnone ; then
++        if test x"$libgcrypt_config_host" != x"$host" ; then
++  AC_MSG_WARN([[
++***
++*** The config script $LIBGCRYPT_CONFIG was
++*** built for $libgcrypt_config_host and thus may not match the
++*** used host $host.
++*** You may want to use the configure option --with-libgcrypt-prefix
++*** to specify a matching config script.
++***]])
++        fi
++      fi
++    fi
++  else
++    LIBGCRYPT_CFLAGS=""
++    LIBGCRYPT_LIBS=""
++    ifelse([$3], , :, [$3])
++  fi
++  AC_SUBST(LIBGCRYPT_CFLAGS)
++  AC_SUBST(LIBGCRYPT_LIBS)
++])
diff -Naurp buildroot-2017.05-rc2/package/systemd/Config.in buildroot-2017.05.2/package/systemd/Config.in
--- buildroot-2017.05-rc2/package/systemd/Config.in     2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/systemd/Config.in       2017-07-27 08:16:52.017486944 +0200
@@ -26,6 +26,7 @@ menuconfig BR2_PACKAGE_SYSTEMD
        select BR2_PACKAGE_KMOD
        select BR2_PACKAGE_BUSYBOX_SHOW_OTHERS # kmod-tools
        select BR2_PACKAGE_KMOD_TOOLS
+       select BR2_TARGET_TZ_INFO
        help
          systemd is a system and service manager for Linux, compatible with
          SysV and LSB init scripts. systemd provides aggressive parallelization
diff -Naurp buildroot-2017.05-rc2/package/systemd/systemd.mk buildroot-2017.05.2/package/systemd/systemd.mk
--- buildroot-2017.05-rc2/package/systemd/systemd.mk    2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/systemd/systemd.mk      2017-07-27 08:16:52.017486944 +0200
@@ -42,10 +42,16 @@ SYSTEMD_CONF_OPTS += \
 
 SYSTEMD_CFLAGS = $(TARGET_CFLAGS) -fno-lto
 
-# Override path to kmod, used in kmod-static-nodes.service
+# Override paths to a few utilities needed at runtime, to
+# avoid finding those we would install in $(HOST_DIR).
 SYSTEMD_CONF_ENV = \
        CFLAGS="$(SYSTEMD_CFLAGS)" \
-       ac_cv_path_KMOD=/usr/bin/kmod
+       ac_cv_path_KILL=/usr/bin/kill \
+       ac_cv_path_KMOD=/usr/bin/kmod \
+       ac_cv_path_KEXEC=/usr/sbin/kexec \
+       ac_cv_path_SULOGIN=/usr/sbin/sulogin \
+       ac_cv_path_MOUNT_PATH=/usr/bin/mount \
+       ac_cv_path_UMOUNT_PATH=/usr/bin/umount
 
 define SYSTEMD_RUN_INTLTOOLIZE
        cd $(@D) && $(HOST_DIR)/usr/bin/intltoolize --force --automake
@@ -179,8 +185,14 @@ endif
 
 ifeq ($(BR2_PACKAGE_SYSTEMD_QUOTACHECK),y)
 SYSTEMD_CONF_OPTS += --enable-quotacheck
+SYSTEMD_CONF_ENV += \
+       ac_cv_path_QUOTAON=/usr/sbin/quotaon \
+       ac_cv_path_QUOTACHECK=/usr/sbin/quotacheck
 else
 SYSTEMD_CONF_OPTS += --disable-quotacheck
+SYSTEMD_CONF_ENV += \
+       ac_cv_path_QUOTAON=/.missing \
+       ac_cv_path_QUOTACHECK=/.missing
 endif
 
 ifeq ($(BR2_PACKAGE_SYSTEMD_TMPFILES),y)
diff -Naurp buildroot-2017.05-rc2/package/taskd/Config.in buildroot-2017.05.2/package/taskd/Config.in
--- buildroot-2017.05-rc2/package/taskd/Config.in       2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/taskd/Config.in 2017-07-27 08:16:52.017486944 +0200
@@ -1,5 +1,6 @@
 config BR2_PACKAGE_TASKD
        bool "taskd"
+       depends on !BR2_STATIC_LIBS # gnutls
        depends on BR2_USE_WCHAR # gnutls
        depends on BR2_USE_MMU # fork()
        depends on BR2_INSTALL_LIBSTDCPP
@@ -11,6 +12,7 @@ config BR2_PACKAGE_TASKD
 
          http://taskwarrior.org/
 
-comment "taskd needs a toolchain w/ C++, wchar"
+comment "taskd needs a toolchain w/ C++, wchar, dynamic library"
        depends on BR2_USE_MMU
-       depends on !BR2_USE_WCHAR || !BR2_INSTALL_LIBSTDCPP
+       depends on !BR2_USE_WCHAR || !BR2_INSTALL_LIBSTDCPP || \
+               BR2_STATIC_LIBS
diff -Naurp buildroot-2017.05-rc2/package/tcpdump/tcpdump.hash buildroot-2017.05.2/package/tcpdump/tcpdump.hash
--- buildroot-2017.05-rc2/package/tcpdump/tcpdump.hash  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/tcpdump/tcpdump.hash    2017-07-27 08:16:52.017486944 +0200
@@ -1,2 +1,2 @@
-# Locally calculated after checking pgp signature
-sha256 eae98121cbb1c9adbedd9a777bf2eae9fa1c1c676424a54740311c8abcee5a5e  tcpdump-4.9.0.tar.gz
+# Locally calculated after checking pgp signature at http://www.tcpdump.org/release/tcpdump-4.9.1.tar.gz.sig
+sha256 f9448cf4deb2049acf713655c736342662e652ef40dbe0a8f6f8d5b9ce5bd8f3  tcpdump-4.9.1.tar.gz
diff -Naurp buildroot-2017.05-rc2/package/tcpdump/tcpdump.mk buildroot-2017.05.2/package/tcpdump/tcpdump.mk
--- buildroot-2017.05-rc2/package/tcpdump/tcpdump.mk    2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/tcpdump/tcpdump.mk      2017-07-27 08:16:52.017486944 +0200
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-TCPDUMP_VERSION = 4.9.0
+TCPDUMP_VERSION = 4.9.1
 TCPDUMP_SITE = http://www.tcpdump.org/release
 TCPDUMP_LICENSE = BSD-3-Clause
 TCPDUMP_LICENSE_FILES = LICENSE
diff -Naurp buildroot-2017.05-rc2/package/tiff/0001-libtiff-tif_dirwrite.c-in-TIFFWriteDirectoryTagCheck.patch buildroot-2017.05.2/package/tiff/0001-libtiff-tif_dirwrite.c-in-TIFFWriteDirectoryTagCheck.patch
--- buildroot-2017.05-rc2/package/tiff/0001-libtiff-tif_dirwrite.c-in-TIFFWriteDirectoryTagCheck.patch  1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/tiff/0001-libtiff-tif_dirwrite.c-in-TIFFWriteDirectoryTagCheck.patch    2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,70 @@
+From 6173a57d39e04d68b139f8c1aa499a24dbe74ba1 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Fri, 30 Jun 2017 17:29:44 +0000
+Subject: [PATCH] * libtiff/tif_dirwrite.c: in
+ TIFFWriteDirectoryTagCheckedXXXX() functions associated with LONG8/SLONG8
+ data type, replace assertion that the file is BigTIFF, by a non-fatal error.
+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2712 Reported by team
+ OWL337
+
+[Peter: drop ChangeLog modification]
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ libtiff/tif_dirwrite.c | 20 ++++++++++++++++----
+ 1 file changed, 23 insertions(+), 4 deletions(-)
+
+diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c
+index 2967da58..8d6686ba 100644
+--- a/libtiff/tif_dirwrite.c
++++ b/libtiff/tif_dirwrite.c
+@@ -2111,7 +2111,10 @@ TIFFWriteDirectoryTagCheckedLong8(TIFF* tif, uint32* ndir, TIFFDirEntry* dir, ui
+ {
+       uint64 m;
+       assert(sizeof(uint64)==8);
+-      assert(tif->tif_flags&TIFF_BIGTIFF);
++      if( !(tif->tif_flags&TIFF_BIGTIFF) ) {
++              TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","LONG8 not allowed for ClassicTIFF");
++              return(0);
++      }
+       m=value;
+       if (tif->tif_flags&TIFF_SWAB)
+               TIFFSwabLong8(&m);
+@@ -2124,7 +2127,10 @@ TIFFWriteDirectoryTagCheckedLong8Array(TIFF* tif, uint32* ndir, TIFFDirEntry* di
+ {
+       assert(count<0x20000000);
+       assert(sizeof(uint64)==8);
+-      assert(tif->tif_flags&TIFF_BIGTIFF);
++      if( !(tif->tif_flags&TIFF_BIGTIFF) ) {
++              TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","LONG8 not allowed for ClassicTIFF");
++              return(0);
++      }
+       if (tif->tif_flags&TIFF_SWAB)
+               TIFFSwabArrayOfLong8(value,count);
+       return(TIFFWriteDirectoryTagData(tif,ndir,dir,tag,TIFF_LONG8,count,count*8,value));
+@@ -2136,7 +2142,10 @@ TIFFWriteDirectoryTagCheckedSlong8(TIFF* tif, uint32* ndir, TIFFDirEntry* dir, u
+ {
+       int64 m;
+       assert(sizeof(int64)==8);
+-      assert(tif->tif_flags&TIFF_BIGTIFF);
++      if( !(tif->tif_flags&TIFF_BIGTIFF) ) {
++              TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","SLONG8 not allowed for ClassicTIFF");
++              return(0);
++      }
+       m=value;
+       if (tif->tif_flags&TIFF_SWAB)
+               TIFFSwabLong8((uint64*)(&m));
+@@ -2149,7 +2158,10 @@ TIFFWriteDirectoryTagCheckedSlong8Array(TIFF* tif, uint32* ndir, TIFFDirEntry* d
+ {
+       assert(count<0x20000000);
+       assert(sizeof(int64)==8);
+-      assert(tif->tif_flags&TIFF_BIGTIFF);
++      if( !(tif->tif_flags&TIFF_BIGTIFF) ) {
++              TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","SLONG8 not allowed for ClassicTIFF");
++              return(0);
++      }
+       if (tif->tif_flags&TIFF_SWAB)
+               TIFFSwabArrayOfLong8((uint64*)value,count);
+       return(TIFFWriteDirectoryTagData(tif,ndir,dir,tag,TIFF_SLONG8,count,count*8,value));
+-- 
+2.11.0
+
diff -Naurp buildroot-2017.05-rc2/package/tiff/0001-libtiff-tif_read.c-libtiff-tiffiop.h-fix-uint32-over.patch buildroot-2017.05.2/package/tiff/0001-libtiff-tif_read.c-libtiff-tiffiop.h-fix-uint32-over.patch
--- buildroot-2017.05-rc2/package/tiff/0001-libtiff-tif_read.c-libtiff-tiffiop.h-fix-uint32-over.patch  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/tiff/0001-libtiff-tif_read.c-libtiff-tiffiop.h-fix-uint32-over.patch    1970-01-01 01:00:00.000000000 +0100
@@ -1,46 +0,0 @@
-From 438274f938e046d33cb0e1230b41da32ffe223e1 Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Fri, 2 Dec 2016 21:56:56 +0000
-Subject: [PATCH] * libtiff/tif_read.c, libtiff/tiffiop.h: fix uint32 overflow
- in TIFFReadEncodedStrip() that caused an integer division by zero. Reported
- by Agostino Sarubbo. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2596
-
-Fixes CVE-2016-10266
-
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
----
- libtiff/tif_read.c | 2 +-
- libtiff/tiffiop.h  | 4 ++++
- 2 files changed, 12 insertions(+), 1 deletion(-)
-
-diff --git a/libtiff/tif_read.c b/libtiff/tif_read.c
-index c26c55f4..52bbf507 100644
---- a/libtiff/tif_read.c
-+++ b/libtiff/tif_read.c
-@@ -346,7 +346,7 @@ TIFFReadEncodedStrip(TIFF* tif, uint32 strip, void* buf, tmsize_t size)
-       rowsperstrip=td->td_rowsperstrip;
-       if (rowsperstrip>td->td_imagelength)
-               rowsperstrip=td->td_imagelength;
--      stripsperplane=((td->td_imagelength+rowsperstrip-1)/rowsperstrip);
-+      stripsperplane= TIFFhowmany_32_maxuint_compat(td->td_imagelength, rowsperstrip);
-       stripinplane=(strip%stripsperplane);
-       plane=(uint16)(strip/stripsperplane);
-       rows=td->td_imagelength-stripinplane*rowsperstrip;
-diff --git a/libtiff/tiffiop.h b/libtiff/tiffiop.h
-index ffbb647b..cb59460a 100644
---- a/libtiff/tiffiop.h
-+++ b/libtiff/tiffiop.h
-@@ -250,6 +250,10 @@ struct tiff {
- #define TIFFhowmany_32(x, y) (((uint32)x < (0xffffffff - (uint32)(y-1))) ? \
-                          ((((uint32)(x))+(((uint32)(y))-1))/((uint32)(y))) : \
-                          0U)
-+/* Variant of TIFFhowmany_32() that doesn't return 0 if x close to MAXUINT. */
-+/* Caution: TIFFhowmany_32_maxuint_compat(x,y)*y might overflow */
-+#define TIFFhowmany_32_maxuint_compat(x, y) \
-+                         (((uint32)(x) / (uint32)(y)) + ((((uint32)(x) % (uint32)(y)) != 0) ? 1 : 0))
- #define TIFFhowmany8_32(x) (((x)&0x07)?((uint32)(x)>>3)+1:(uint32)(x)>>3)
- #define TIFFroundup_32(x, y) (TIFFhowmany_32(x,y)*(y))
- #define TIFFhowmany_64(x, y) ((((uint64)(x))+(((uint64)(y))-1))/((uint64)(y)))
--- 
-2.11.0
-
diff -Naurp buildroot-2017.05-rc2/package/tiff/0002-libtiff-tif_ojpeg.c-make-OJPEGDecode-early-exit-in-c.patch buildroot-2017.05.2/package/tiff/0002-libtiff-tif_ojpeg.c-make-OJPEGDecode-early-exit-in-c.patch
--- buildroot-2017.05-rc2/package/tiff/0002-libtiff-tif_ojpeg.c-make-OJPEGDecode-early-exit-in-c.patch  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/tiff/0002-libtiff-tif_ojpeg.c-make-OJPEGDecode-early-exit-in-c.patch    1970-01-01 01:00:00.000000000 +0100
@@ -1,53 +0,0 @@
-From 43bc256d8ae44b92d2734a3c5bc73957a4d7c1ec Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Sat, 3 Dec 2016 11:15:18 +0000
-Subject: [PATCH] * libtiff/tif_ojpeg.c: make OJPEGDecode() early exit in case
- of failure in OJPEGPreDecode(). This will avoid a divide by zero, and
- potential other issues. Reported by Agostino Sarubbo. Fixes
- http://bugzilla.maptools.org/show_bug.cgi?id=2611
-
-Fixes CVE-2016-10267
-
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
----
- libtiff/tif_ojpeg.c | 8 ++++++++
- 1 files changed, 15 insertions(+)
-
-diff --git a/libtiff/tif_ojpeg.c b/libtiff/tif_ojpeg.c
-index 1ccc3f9b..f19e8fd0 100644
---- a/libtiff/tif_ojpeg.c
-+++ b/libtiff/tif_ojpeg.c
-@@ -244,6 +244,7 @@ typedef enum {
- 
- typedef struct {
-       TIFF* tif;
-+        int decoder_ok;
-       #ifndef LIBJPEG_ENCAP_EXTERNAL
-       JMP_BUF exit_jmpbuf;
-       #endif
-@@ -722,6 +723,7 @@ OJPEGPreDecode(TIFF* tif, uint16 s)
-               }
-               sp->write_curstrile++;
-       }
-+      sp->decoder_ok = 1;
-       return(1);
- }
- 
-@@ -784,8 +786,14 @@ OJPEGPreDecodeSkipScanlines(TIFF* tif)
- static int
- OJPEGDecode(TIFF* tif, uint8* buf, tmsize_t cc, uint16 s)
- {
-+        static const char module[]="OJPEGDecode";
-       OJPEGState* sp=(OJPEGState*)tif->tif_data;
-       (void)s;
-+        if( !sp->decoder_ok )
-+        {
-+            TIFFErrorExt(tif->tif_clientdata,module,"Cannot decode: decoder not correctly initialized");
-+            return 0;
-+        }
-       if (sp->libjpeg_jpeg_query_style==0)
-       {
-               if (OJPEGDecodeRaw(tif,buf,cc)==0)
--- 
-2.11.0
-
diff -Naurp buildroot-2017.05-rc2/package/tiff/0003-libtiff-tif_pixarlog.c-libtiff-tif_luv.c-fix-heap-ba.patch buildroot-2017.05.2/package/tiff/0003-libtiff-tif_pixarlog.c-libtiff-tif_luv.c-fix-heap-ba.patch
--- buildroot-2017.05-rc2/package/tiff/0003-libtiff-tif_pixarlog.c-libtiff-tif_luv.c-fix-heap-ba.patch  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/tiff/0003-libtiff-tif_pixarlog.c-libtiff-tif_luv.c-fix-heap-ba.patch    1970-01-01 01:00:00.000000000 +0100
@@ -1,110 +0,0 @@
-From 1044b43637fa7f70fb19b93593777b78bd20da86 Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Fri, 2 Dec 2016 23:05:51 +0000
-Subject: [PATCH] * libtiff/tif_pixarlog.c, libtiff/tif_luv.c: fix heap-based
- buffer overflow on generation of PixarLog / LUV compressed files, with
- ColorMap, TransferFunction attached and nasty plays with bitspersample. The
- fix for LUV has not been tested, but suffers from the same kind of issue of
- PixarLog. Reported by Agostino Sarubbo. Fixes
- http://bugzilla.maptools.org/show_bug.cgi?id=2604
-
-Fixes CVE-2016-10269
-
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
----
- libtiff/tif_luv.c      | 18 ++++++++++++++----
- libtiff/tif_pixarlog.c | 17 +++++++++++++++--
- 2 files changed, 39 insertions(+), 6 deletions(-)
-
-diff --git a/libtiff/tif_luv.c b/libtiff/tif_luv.c
-index f68a9b13..e6783db5 100644
---- a/libtiff/tif_luv.c
-+++ b/libtiff/tif_luv.c
-@@ -158,6 +158,7 @@
- typedef struct logLuvState LogLuvState;
- 
- struct logLuvState {
-+        int                     encoder_state;  /* 1 if encoder correctly initialized */
-       int                     user_datafmt;   /* user data format */
-       int                     encode_meth;    /* encoding method */
-       int                     pixel_size;     /* bytes per pixel */
-@@ -1552,6 +1553,7 @@ LogLuvSetupEncode(TIFF* tif)
-                   td->td_photometric, "must be either LogLUV or LogL");
-               break;
-       }
-+      sp->encoder_state = 1;
-       return (1);
- notsupported:
-       TIFFErrorExt(tif->tif_clientdata, module,
-@@ -1563,19 +1565,27 @@ notsupported:
- static void
- LogLuvClose(TIFF* tif)
- {
-+        LogLuvState* sp = (LogLuvState*) tif->tif_data;
-       TIFFDirectory *td = &tif->tif_dir;
- 
-+      assert(sp != 0);
-       /*
-        * For consistency, we always want to write out the same
-        * bitspersample and sampleformat for our TIFF file,
-        * regardless of the data format being used by the application.
-        * Since this routine is called after tags have been set but
-        * before they have been recorded in the file, we reset them here.
-+         * Note: this is really a nasty approach. See PixarLogClose
-        */
--      td->td_samplesperpixel =
--          (td->td_photometric == PHOTOMETRIC_LOGL) ? 1 : 3;
--      td->td_bitspersample = 16;
--      td->td_sampleformat = SAMPLEFORMAT_INT;
-+        if( sp->encoder_state )
-+        {
-+            /* See PixarLogClose. Might avoid issues with tags whose size depends
-+             * on those below, but not completely sure this is enough. */
-+            td->td_samplesperpixel =
-+                (td->td_photometric == PHOTOMETRIC_LOGL) ? 1 : 3;
-+            td->td_bitspersample = 16;
-+            td->td_sampleformat = SAMPLEFORMAT_INT;
-+        }
- }
- 
- static void
-diff --git a/libtiff/tif_pixarlog.c b/libtiff/tif_pixarlog.c
-index d1246c3d..aa99bc92 100644
---- a/libtiff/tif_pixarlog.c
-+++ b/libtiff/tif_pixarlog.c
-@@ -1233,8 +1233,10 @@ PixarLogPostEncode(TIFF* tif)
- static void
- PixarLogClose(TIFF* tif)
- {
-+        PixarLogState* sp = (PixarLogState*) tif->tif_data;
-       TIFFDirectory *td = &tif->tif_dir;
- 
-+      assert(sp != 0);
-       /* In a really sneaky (and really incorrect, and untruthful, and
-        * troublesome, and error-prone) maneuver that completely goes against
-        * the spirit of TIFF, and breaks TIFF, on close, we covertly
-@@ -1243,8 +1245,19 @@ PixarLogClose(TIFF* tif)
-        * readers that don't know about PixarLog, or how to set
-        * the PIXARLOGDATFMT pseudo-tag.
-        */
--      td->td_bitspersample = 8;
--      td->td_sampleformat = SAMPLEFORMAT_UINT;
-+
-+        if (sp->state&PLSTATE_INIT) {
-+            /* We test the state to avoid an issue such as in
-+             * http://bugzilla.maptools.org/show_bug.cgi?id=2604
-+             * What appends in that case is that the bitspersample is 1 and
-+             * a TransferFunction is set. The size of the TransferFunction
-+             * depends on 1<<bitspersample. So if we increase it, an access
-+             * out of the buffer will happen at directory flushing.
-+             * Another option would be to clear those targs. 
-+             */
-+            td->td_bitspersample = 8;
-+            td->td_sampleformat = SAMPLEFORMAT_UINT;
-+        }
- }
- 
- static void
--- 
-2.11.0
-
diff -Naurp buildroot-2017.05-rc2/package/tiff/0004-libtiff-tif_dirread.c-modify-ChopUpSingleUncompresse.patch buildroot-2017.05.2/package/tiff/0004-libtiff-tif_dirread.c-modify-ChopUpSingleUncompresse.patch
--- buildroot-2017.05-rc2/package/tiff/0004-libtiff-tif_dirread.c-modify-ChopUpSingleUncompresse.patch  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/tiff/0004-libtiff-tif_dirread.c-modify-ChopUpSingleUncompresse.patch    1970-01-01 01:00:00.000000000 +0100
@@ -1,107 +0,0 @@
-From 9a72a69e035ee70ff5c41541c8c61cd97990d018 Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Sat, 3 Dec 2016 11:02:15 +0000
-Subject: [PATCH] * libtiff/tif_dirread.c: modify
- ChopUpSingleUncompressedStrip() to instanciate compute ntrips as
- TIFFhowmany_32(td->td_imagelength, rowsperstrip), instead of a logic based on
- the total size of data. Which is faulty is the total size of data is not
- sufficient to fill the whole image, and thus results in reading outside of
- the StripByCounts/StripOffsets arrays when using TIFFReadScanline(). Reported
- by Agostino Sarubbo. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2608.
-
-* libtiff/tif_strip.c: revert the change in TIFFNumberOfStrips() done
-for http://bugzilla.maptools.org/show_bug.cgi?id=2587 / CVE-2016-9273 since
-the above change is a better fix that makes it unnecessary.
-
-Fixes CVE-2016-10270
-
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
----
- libtiff/tif_dirread.c | 22 ++++++++++------------
- libtiff/tif_strip.c   |  9 ---------
- 2 files changed, 25 insertions(+), 21 deletions(-)
-
-diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
-index 3eec79c9..570d0c32 100644
---- a/libtiff/tif_dirread.c
-+++ b/libtiff/tif_dirread.c
-@@ -5502,8 +5502,7 @@ ChopUpSingleUncompressedStrip(TIFF* tif)
-       uint64 rowblockbytes;
-       uint64 stripbytes;
-       uint32 strip;
--      uint64 nstrips64;
--      uint32 nstrips32;
-+      uint32 nstrips;
-       uint32 rowsperstrip;
-       uint64* newcounts;
-       uint64* newoffsets;
-@@ -5534,18 +5533,17 @@ ChopUpSingleUncompressedStrip(TIFF* tif)
-           return;
- 
-       /*
--       * never increase the number of strips in an image
-+       * never increase the number of rows per strip
-        */
-       if (rowsperstrip >= td->td_rowsperstrip)
-               return;
--      nstrips64 = TIFFhowmany_64(bytecount, stripbytes);
--      if ((nstrips64==0)||(nstrips64>0xFFFFFFFF)) /* something is wonky, do nothing. */
--          return;
--      nstrips32 = (uint32)nstrips64;
-+        nstrips = TIFFhowmany_32(td->td_imagelength, rowsperstrip);
-+        if( nstrips == 0 )
-+            return;
- 
--      newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips32, sizeof (uint64),
-+      newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
-                               "for chopped \"StripByteCounts\" array");
--      newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips32, sizeof (uint64),
-+      newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
-                               "for chopped \"StripOffsets\" array");
-       if (newcounts == NULL || newoffsets == NULL) {
-               /*
-@@ -5562,18 +5560,18 @@ ChopUpSingleUncompressedStrip(TIFF* tif)
-        * Fill the strip information arrays with new bytecounts and offsets
-        * that reflect the broken-up format.
-        */
--      for (strip = 0; strip < nstrips32; strip++) {
-+      for (strip = 0; strip < nstrips; strip++) {
-               if (stripbytes > bytecount)
-                       stripbytes = bytecount;
-               newcounts[strip] = stripbytes;
--              newoffsets[strip] = offset;
-+              newoffsets[strip] = stripbytes ? offset : 0;
-               offset += stripbytes;
-               bytecount -= stripbytes;
-       }
-       /*
-        * Replace old single strip info with multi-strip info.
-        */
--      td->td_stripsperimage = td->td_nstrips = nstrips32;
-+      td->td_stripsperimage = td->td_nstrips = nstrips;
-       TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, rowsperstrip);
- 
-       _TIFFfree(td->td_stripbytecount);
-diff --git a/libtiff/tif_strip.c b/libtiff/tif_strip.c
-index 4c46ecf5..1676e47d 100644
---- a/libtiff/tif_strip.c
-+++ b/libtiff/tif_strip.c
-@@ -63,15 +63,6 @@ TIFFNumberOfStrips(TIFF* tif)
-       TIFFDirectory *td = &tif->tif_dir;
-       uint32 nstrips;
- 
--    /* If the value was already computed and store in td_nstrips, then return it,
--       since ChopUpSingleUncompressedStrip might have altered and resized the
--       since the td_stripbytecount and td_stripoffset arrays to the new value
--       after the initial affectation of td_nstrips = TIFFNumberOfStrips() in
--       tif_dirread.c ~line 3612.
--       See http://bugzilla.maptools.org/show_bug.cgi?id=2587 */
--    if( td->td_nstrips )
--        return td->td_nstrips;
--
-       nstrips = (td->td_rowsperstrip == (uint32) -1 ? 1 :
-            TIFFhowmany_32(td->td_imagelength, td->td_rowsperstrip));
-       if (td->td_planarconfig == PLANARCONFIG_SEPARATE)
--- 
-2.11.0
-
diff -Naurp buildroot-2017.05-rc2/package/tiff/0005-tools-tiffcp.c-error-out-cleanly-in-cpContig2Separat.patch buildroot-2017.05.2/package/tiff/0005-tools-tiffcp.c-error-out-cleanly-in-cpContig2Separat.patch
--- buildroot-2017.05-rc2/package/tiff/0005-tools-tiffcp.c-error-out-cleanly-in-cpContig2Separat.patch  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/tiff/0005-tools-tiffcp.c-error-out-cleanly-in-cpContig2Separat.patch    1970-01-01 01:00:00.000000000 +0100
@@ -1,74 +0,0 @@
-From 5c080298d59efa53264d7248bbe3a04660db6ef7 Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Wed, 11 Jan 2017 19:25:44 +0000
-Subject: [PATCH] * tools/tiffcp.c: error out cleanly in cpContig2SeparateByRow
- and cpSeparate2ContigByRow if BitsPerSample != 8 to avoid heap based
- overflow. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2656 and
- http://bugzilla.maptools.org/show_bug.cgi?id=2657
-
-Fixes CVE-2017-5225
-
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
----
- tools/tiffcp.c | 24 ++++++++++++++++++++++--
- 1 file changed, 29 insertions(+), 2 deletions(-)
-
-diff --git a/tools/tiffcp.c b/tools/tiffcp.c
-index bdf754c3..8bbcd52f 100644
---- a/tools/tiffcp.c
-+++ b/tools/tiffcp.c
-@@ -591,7 +591,7 @@ static     copyFunc pickCopyFunc(TIFF*, TIFF*, uint16, uint16);
- static int
- tiffcp(TIFF* in, TIFF* out)
- {
--      uint16 bitspersample, samplesperpixel = 1;
-+      uint16 bitspersample = 1, samplesperpixel = 1;
-       uint16 input_compression, input_photometric = PHOTOMETRIC_MINISBLACK;
-       copyFunc cf;
-       uint32 width, length;
-@@ -1067,6 +1067,16 @@ DECLAREcpFunc(cpContig2SeparateByRow)
-       register uint32 n;
-       uint32 row;
-       tsample_t s;
-+        uint16 bps = 0;
-+
-+        (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);
-+        if( bps != 8 )
-+        {
-+            TIFFError(TIFFFileName(in),
-+                      "Error, can only handle BitsPerSample=8 in %s",
-+                      "cpContig2SeparateByRow");
-+            return 0;
-+        }
- 
-       inbuf = _TIFFmalloc(scanlinesizein);
-       outbuf = _TIFFmalloc(scanlinesizeout);
-@@ -1120,6 +1130,16 @@ DECLAREcpFunc(cpSeparate2ContigByRow)
-       register uint32 n;
-       uint32 row;
-       tsample_t s;
-+        uint16 bps = 0;
-+
-+        (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);
-+        if( bps != 8 )
-+        {
-+            TIFFError(TIFFFileName(in),
-+                      "Error, can only handle BitsPerSample=8 in %s",
-+                      "cpSeparate2ContigByRow");
-+            return 0;
-+        }
- 
-       inbuf = _TIFFmalloc(scanlinesizein);
-       outbuf = _TIFFmalloc(scanlinesizeout);
-@@ -1784,7 +1804,7 @@ pickCopyFunc(TIFF* in, TIFF* out, uint16 bitspersample, uint16 samplesperpixel)
-       uint32 w, l, tw, tl;
-       int bychunk;
- 
--      (void) TIFFGetField(in, TIFFTAG_PLANARCONFIG, &shortv);
-+      (void) TIFFGetFieldDefaulted(in, TIFFTAG_PLANARCONFIG, &shortv);
-       if (shortv != config && bitspersample != 8 && samplesperpixel > 1) {
-               fprintf(stderr,
-                   "%s: Cannot handle different planar configuration w/ bits/sample != 8\n",
--- 
-2.11.0
-
diff -Naurp buildroot-2017.05-rc2/package/tiff/0006-libtiff-tif_getimage.c-add-explicit-uint32-cast-in-p.patch buildroot-2017.05.2/package/tiff/0006-libtiff-tif_getimage.c-add-explicit-uint32-cast-in-p.patch
--- buildroot-2017.05-rc2/package/tiff/0006-libtiff-tif_getimage.c-add-explicit-uint32-cast-in-p.patch  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/tiff/0006-libtiff-tif_getimage.c-add-explicit-uint32-cast-in-p.patch    1970-01-01 01:00:00.000000000 +0100
@@ -1,31 +0,0 @@
-From 48780b4fcc425cddc4ef8ffdf536f96a0d1b313b Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Wed, 11 Jan 2017 16:38:26 +0000
-Subject: [PATCH] libtiff/tif_getimage.c: add explicit uint32 cast in putagreytile to
- avoid UndefinedBehaviorSanitizer warning.
- Patch by Nicolás Peña.
- Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2658
-
-Fixes CVE-2017-7592
-
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
----
- libtiff/tif_getimage.c | 2 +-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
-diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c
-index fed31f1f..2fa1775c 100644
---- a/libtiff/tif_getimage.c
-+++ b/libtiff/tif_getimage.c
-@@ -1302,7 +1302,7 @@ DECLAREContigPutFunc(putagreytile)
-     while (h-- > 0) {
-       for (x = w; x-- > 0;)
-         {
--            *cp++ = BWmap[*pp][0] & (*(pp+1) << 24 | ~A1);
-+            *cp++ = BWmap[*pp][0] & ((uint32)*(pp+1) << 24 | ~A1);
-             pp += samplesperpixel;
-         }
-       cp += toskew;
--- 
-2.11.0
-
diff -Naurp buildroot-2017.05-rc2/package/tiff/0007-libtiff-tiffiop.h-tif_unix.c-tif_win32.c-tif_vms.c-a.patch buildroot-2017.05.2/package/tiff/0007-libtiff-tiffiop.h-tif_unix.c-tif_win32.c-tif_vms.c-a.patch
--- buildroot-2017.05-rc2/package/tiff/0007-libtiff-tiffiop.h-tif_unix.c-tif_win32.c-tif_vms.c-a.patch  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/tiff/0007-libtiff-tiffiop.h-tif_unix.c-tif_win32.c-tif_vms.c-a.patch    1970-01-01 01:00:00.000000000 +0100
@@ -1,88 +0,0 @@
-From d60332057b9575ada4f264489582b13e30137be1 Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Wed, 11 Jan 2017 19:02:49 +0000
-Subject: [PATCH] * libtiff/tiffiop.h, tif_unix.c, tif_win32.c, tif_vms.c: add
- _TIFFcalloc()
-
-* libtiff/tif_read.c: TIFFReadBufferSetup(): use _TIFFcalloc() to zero
-initialize tif_rawdata.
-Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2651
-
-Fixes CVE-2017-7593
-
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
----
- libtiff/tif_read.c  | 4 +++-
- libtiff/tif_unix.c  | 8 ++++++++
- libtiff/tif_win32.c | 8 ++++++++
- libtiff/tiffio.h    | 1 +
- 4 files changed, 36 insertions(+), 1 deletion(-)
-
-diff --git a/libtiff/tif_read.c b/libtiff/tif_read.c
-index 277fdd69..4535ccb3 100644
---- a/libtiff/tif_read.c
-+++ b/libtiff/tif_read.c
-@@ -985,7 +985,9 @@ TIFFReadBufferSetup(TIFF* tif, void* bp, tmsize_t size)
-                                "Invalid buffer size");
-                   return (0);
-               }
--              tif->tif_rawdata = (uint8*) _TIFFmalloc(tif->tif_rawdatasize);
-+              /* Initialize to zero to avoid uninitialized buffers in case of */
-+                /* short reads (http://bugzilla.maptools.org/show_bug.cgi?id=2651) */
-+              tif->tif_rawdata = (uint8*) _TIFFcalloc(1, tif->tif_rawdatasize);
-               tif->tif_flags |= TIFF_MYBUFFER;
-       }
-       if (tif->tif_rawdata == NULL) {
-diff --git a/libtiff/tif_unix.c b/libtiff/tif_unix.c
-index 7c7bc961..89dd32e8 100644
---- a/libtiff/tif_unix.c
-+++ b/libtiff/tif_unix.c
-@@ -316,6 +316,14 @@ _TIFFmalloc(tmsize_t s)
-       return (malloc((size_t) s));
- }
- 
-+void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz)
-+{
-+    if( nmemb == 0 || siz == 0 )
-+        return ((void *) NULL);
-+
-+    return calloc((size_t) nmemb, (size_t)siz);
-+}
-+
- void
- _TIFFfree(void* p)
- {
-diff --git a/libtiff/tif_win32.c b/libtiff/tif_win32.c
-index d730b3ab..3e9001b7 100644
---- a/libtiff/tif_win32.c
-+++ b/libtiff/tif_win32.c
-@@ -360,6 +360,14 @@ _TIFFmalloc(tmsize_t s)
-       return (malloc((size_t) s));
- }
- 
-+void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz)
-+{
-+    if( nmemb == 0 || siz == 0 )
-+        return ((void *) NULL);
-+
-+    return calloc((size_t) nmemb, (size_t)siz);
-+}
-+
- void
- _TIFFfree(void* p)
- {
-diff --git a/libtiff/tiffio.h b/libtiff/tiffio.h
-index 732da17f..fbd9171f 100644
---- a/libtiff/tiffio.h
-+++ b/libtiff/tiffio.h
-@@ -293,6 +293,7 @@ extern TIFFCodec* TIFFGetConfiguredCODECs(void);
-  */
- 
- extern void* _TIFFmalloc(tmsize_t s);
-+extern void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz);
- extern void* _TIFFrealloc(void* p, tmsize_t s);
- extern void _TIFFmemset(void* p, int v, tmsize_t c);
- extern void _TIFFmemcpy(void* d, const void* s, tmsize_t c);
--- 
-2.11.0
-
diff -Naurp buildroot-2017.05-rc2/package/tiff/0008-libtiff-tif_ojpeg.c-fix-leak-in-OJPEGReadHeaderInfoS.patch buildroot-2017.05.2/package/tiff/0008-libtiff-tif_ojpeg.c-fix-leak-in-OJPEGReadHeaderInfoS.patch
--- buildroot-2017.05-rc2/package/tiff/0008-libtiff-tif_ojpeg.c-fix-leak-in-OJPEGReadHeaderInfoS.patch  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/tiff/0008-libtiff-tif_ojpeg.c-fix-leak-in-OJPEGReadHeaderInfoS.patch    1970-01-01 01:00:00.000000000 +0100
@@ -1,43 +0,0 @@
-From 2ea32f7372b65c24b2816f11c04bf59b5090d05b Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Thu, 12 Jan 2017 19:23:20 +0000
-Subject: [PATCH] * libtiff/tif_ojpeg.c: fix leak in
- OJPEGReadHeaderInfoSecTablesQTable, OJPEGReadHeaderInfoSecTablesDcTable and
- OJPEGReadHeaderInfoSecTablesAcTable
-
-Fixes CVE-2017-7594
-
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
----
- libtiff/tif_ojpeg.c | 6 ++++++
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
-diff --git a/libtiff/tif_ojpeg.c b/libtiff/tif_ojpeg.c
-index b92f0ebd..5f6c684c 100644
---- a/libtiff/tif_ojpeg.c
-+++ b/libtiff/tif_ojpeg.c
-@@ -1790,7 +1790,10 @@ OJPEGReadHeaderInfoSecTablesQTable(TIFF* tif)
-                       TIFFSeekFile(tif,sp->qtable_offset[m],SEEK_SET); 
-                       p=(uint32)TIFFReadFile(tif,&ob[sizeof(uint32)+5],64);
-                       if (p!=64)
-+                        {
-+                                _TIFFfree(ob);
-                               return(0);
-+                        }
-                       sp->qtable[m]=ob;
-                       sp->sof_tq[m]=m;
-               }
-@@ -1854,7 +1857,10 @@ OJPEGReadHeaderInfoSecTablesDcTable(TIFF* tif)
-                               rb[sizeof(uint32)+5+n]=o[n];
-                       p=(uint32)TIFFReadFile(tif,&(rb[sizeof(uint32)+21]),q);
-                       if (p!=q)
-+                        {
-+                                _TIFFfree(rb);
-                               return(0);
-+                        }
-                       sp->dctable[m]=rb;
-                       sp->sos_tda[m]=(m<<4);
-               }
--- 
-2.11.0
-
diff -Naurp buildroot-2017.05-rc2/package/tiff/0009-libtiff-tif_ojpeg.c-fix-leak-in-OJPEGReadHeaderInfoS.patch buildroot-2017.05.2/package/tiff/0009-libtiff-tif_ojpeg.c-fix-leak-in-OJPEGReadHeaderInfoS.patch
--- buildroot-2017.05-rc2/package/tiff/0009-libtiff-tif_ojpeg.c-fix-leak-in-OJPEGReadHeaderInfoS.patch  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/tiff/0009-libtiff-tif_ojpeg.c-fix-leak-in-OJPEGReadHeaderInfoS.patch    1970-01-01 01:00:00.000000000 +0100
@@ -1,36 +0,0 @@
-From 8283e4d1b7e53340684d12932880cbcbaf23a8c1 Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Thu, 12 Jan 2017 17:43:25 +0000
-Subject: [PATCH] libtiff/tif_ojpeg.c: fix leak in
- OJPEGReadHeaderInfoSecTablesAcTable when read fails.
- Patch by Nicolás Peña.
- Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2659
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Fixes CVE-2017-7594
-
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
----
- libtiff/tif_ojpeg.c | 3 +++
- 1 file changed, 10 insertions(+)
-
-diff --git a/libtiff/tif_ojpeg.c b/libtiff/tif_ojpeg.c
-index f19e8fd0..b92f0ebd 100644
---- a/libtiff/tif_ojpeg.c
-+++ b/libtiff/tif_ojpeg.c
-@@ -1918,7 +1918,10 @@ OJPEGReadHeaderInfoSecTablesAcTable(TIFF* tif)
-                               rb[sizeof(uint32)+5+n]=o[n];
-                       p=(uint32)TIFFReadFile(tif,&(rb[sizeof(uint32)+21]),q);
-                       if (p!=q)
-+                        {
-+                                _TIFFfree(rb);
-                               return(0);
-+                        }
-                       sp->actable[m]=rb;
-                       sp->sos_tda[m]=(sp->sos_tda[m]|m);
-               }
--- 
-2.11.0
-
diff -Naurp buildroot-2017.05-rc2/package/tiff/0010-libtiff-tif_jpeg.c-avoid-integer-division-by-zero-in.patch buildroot-2017.05.2/package/tiff/0010-libtiff-tif_jpeg.c-avoid-integer-division-by-zero-in.patch
--- buildroot-2017.05-rc2/package/tiff/0010-libtiff-tif_jpeg.c-avoid-integer-division-by-zero-in.patch  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/tiff/0010-libtiff-tif_jpeg.c-avoid-integer-division-by-zero-in.patch    1970-01-01 01:00:00.000000000 +0100
@@ -1,35 +0,0 @@
-From 47f2fb61a3a64667bce1a8398a8fcb1b348ff122 Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Wed, 11 Jan 2017 12:15:01 +0000
-Subject: [PATCH] * libtiff/tif_jpeg.c: avoid integer division by zero in
- JPEGSetupEncode() when horizontal or vertical sampling is set to 0. Fixes
- http://bugzilla.maptools.org/show_bug.cgi?id=2653
-
-Fixes CVE-2017-7595
-
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
----
- libtiff/tif_jpeg.c | 7 +++++++
- 1 file changed, 13 insertions(+)
-
-diff --git a/libtiff/tif_jpeg.c b/libtiff/tif_jpeg.c
-index 38595f98..6c17c388 100644
---- a/libtiff/tif_jpeg.c
-+++ b/libtiff/tif_jpeg.c
-@@ -1626,6 +1626,13 @@ JPEGSetupEncode(TIFF* tif)
-       case PHOTOMETRIC_YCBCR:
-               sp->h_sampling = td->td_ycbcrsubsampling[0];
-               sp->v_sampling = td->td_ycbcrsubsampling[1];
-+                if( sp->h_sampling == 0 || sp->v_sampling == 0 )
-+                {
-+                    TIFFErrorExt(tif->tif_clientdata, module,
-+                            "Invalig horizontal/vertical sampling value");
-+                    return (0);
-+                }
-+
-               /*
-                * A ReferenceBlackWhite field *must* be present since the
-                * default value is inappropriate for YCbCr.  Fill in the
--- 
-2.11.0
-
diff -Naurp buildroot-2017.05-rc2/package/tiff/0011-libtiff-tif_dirread.c-avoid-division-by-floating-poi.patch buildroot-2017.05.2/package/tiff/0011-libtiff-tif_dirread.c-avoid-division-by-floating-poi.patch
--- buildroot-2017.05-rc2/package/tiff/0011-libtiff-tif_dirread.c-avoid-division-by-floating-poi.patch  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/tiff/0011-libtiff-tif_dirread.c-avoid-division-by-floating-poi.patch    1970-01-01 01:00:00.000000000 +0100
@@ -1,47 +0,0 @@
-From 3cfd62d77c2a7e147a05bd678524c345fa9c2bb8 Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Wed, 11 Jan 2017 13:28:01 +0000
-Subject: [PATCH] * libtiff/tif_dirread.c: avoid division by floating point 0
- in TIFFReadDirEntryCheckedRational() and TIFFReadDirEntryCheckedSrational(),
- and return 0 in that case (instead of infinity as before presumably)
- Apparently some sanitizers do not like those divisions by zero. Fixes
- http://bugzilla.maptools.org/show_bug.cgi?id=2644
-
-Fixes CVE-2017-7598
-
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
----
- libtiff/tif_dirread.c | 10 ++++++++--
- 1 file changed, 16 insertions(+), 2 deletions(-)
-
-diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
-index 570d0c32..8a1e42aa 100644
---- a/libtiff/tif_dirread.c
-+++ b/libtiff/tif_dirread.c
-@@ -2872,7 +2872,10 @@ static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedRational(TIFF* tif, TIFFD
-               m.l = direntry->tdir_offset.toff_long8;
-       if (tif->tif_flags&TIFF_SWAB)
-               TIFFSwabArrayOfLong(m.i,2);
--      if (m.i[0]==0)
-+        /* Not completely sure what we should do when m.i[1]==0, but some */
-+        /* sanitizers do not like division by 0.0: */
-+        /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */
-+      if (m.i[0]==0 || m.i[1]==0)
-               *value=0.0;
-       else
-               *value=(double)m.i[0]/(double)m.i[1];
-@@ -2900,7 +2903,10 @@ static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedSrational(TIFF* tif, TIFF
-               m.l=direntry->tdir_offset.toff_long8;
-       if (tif->tif_flags&TIFF_SWAB)
-               TIFFSwabArrayOfLong(m.i,2);
--      if ((int32)m.i[0]==0)
-+        /* Not completely sure what we should do when m.i[1]==0, but some */
-+        /* sanitizers do not like division by 0.0: */
-+        /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */
-+      if ((int32)m.i[0]==0 || m.i[1]==0)
-               *value=0.0;
-       else
-               *value=(double)((int32)m.i[0])/(double)m.i[1];
--- 
-2.11.0
-
diff -Naurp buildroot-2017.05-rc2/package/tiff/0012-libtiff-tif_jpeg.c-validate-BitsPerSample-in-JPEGSet.patch buildroot-2017.05.2/package/tiff/0012-libtiff-tif_jpeg.c-validate-BitsPerSample-in-JPEGSet.patch
--- buildroot-2017.05-rc2/package/tiff/0012-libtiff-tif_jpeg.c-validate-BitsPerSample-in-JPEGSet.patch  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/tiff/0012-libtiff-tif_jpeg.c-validate-BitsPerSample-in-JPEGSet.patch    1970-01-01 01:00:00.000000000 +0100
@@ -1,35 +0,0 @@
-From 0a76a8c765c7b8327c59646284fa78c3c27e5490 Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Wed, 11 Jan 2017 16:13:50 +0000
-Subject: [PATCH] * libtiff/tif_jpeg.c: validate BitsPerSample in
- JPEGSetupEncode() to avoid undefined behaviour caused by invalid shift
- exponent. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2648
-
-Fixes CVE-2017-7601
-
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
----
- libtiff/tif_jpeg.c | 7 +++++++
- 1 file changed, 13 insertions(+)
-
-diff --git a/libtiff/tif_jpeg.c b/libtiff/tif_jpeg.c
-index 6c17c388..192989a9 100644
---- a/libtiff/tif_jpeg.c
-+++ b/libtiff/tif_jpeg.c
-@@ -1632,6 +1632,13 @@ JPEGSetupEncode(TIFF* tif)
-                             "Invalig horizontal/vertical sampling value");
-                     return (0);
-                 }
-+                if( td->td_bitspersample > 16 )
-+                {
-+                    TIFFErrorExt(tif->tif_clientdata, module,
-+                                 "BitsPerSample %d not allowed for JPEG",
-+                                 td->td_bitspersample);
-+                    return (0);
-+                }
- 
-               /*
-                * A ReferenceBlackWhite field *must* be present since the
--- 
-2.11.0
-
diff -Naurp buildroot-2017.05-rc2/package/tiff/0013-libtiff-tif_read.c-avoid-potential-undefined-behavio.patch buildroot-2017.05.2/package/tiff/0013-libtiff-tif_read.c-avoid-potential-undefined-behavio.patch
--- buildroot-2017.05-rc2/package/tiff/0013-libtiff-tif_read.c-avoid-potential-undefined-behavio.patch  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/tiff/0013-libtiff-tif_read.c-avoid-potential-undefined-behavio.patch    1970-01-01 01:00:00.000000000 +0100
@@ -1,56 +0,0 @@
-From 66e7bd59520996740e4df5495a830b42fae48bc4 Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Wed, 11 Jan 2017 16:33:34 +0000
-Subject: [PATCH] * libtiff/tif_read.c: avoid potential undefined behaviour on
- signed integer addition in TIFFReadRawStrip1() in isMapped() case. Fixes
- http://bugzilla.maptools.org/show_bug.cgi?id=2650
-
-Fixes CVE-2017-7602
-
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
----
- libtiff/tif_read.c | 27 ++++++++++++++++++---------
- 1 file changed, 24 insertions(+), 9 deletions(-)
-
-diff --git a/libtiff/tif_read.c b/libtiff/tif_read.c
-index 52bbf507..b7aacbda 100644
---- a/libtiff/tif_read.c
-+++ b/libtiff/tif_read.c
-@@ -420,16 +420,25 @@ TIFFReadRawStrip1(TIFF* tif, uint32 strip, void* buf, tmsize_t size,
-                       return ((tmsize_t)(-1));
-               }
-       } else {
--              tmsize_t ma,mb;
-+              tmsize_t ma;
-               tmsize_t n;
--              ma=(tmsize_t)td->td_stripoffset[strip];
--              mb=ma+size;
--              if ((td->td_stripoffset[strip] > (uint64)TIFF_TMSIZE_T_MAX)||(ma>tif->tif_size))
--                      n=0;
--              else if ((mb<ma)||(mb<size)||(mb>tif->tif_size))
--                      n=tif->tif_size-ma;
--              else
--                      n=size;
-+              if ((td->td_stripoffset[strip] > (uint64)TIFF_TMSIZE_T_MAX)||
-+                    ((ma=(tmsize_t)td->td_stripoffset[strip])>tif->tif_size))
-+                {
-+                    n=0;
-+                }
-+                else if( ma > TIFF_TMSIZE_T_MAX - size )
-+                {
-+                    n=0;
-+                }
-+                else
-+                {
-+                    tmsize_t mb=ma+size;
-+                    if (mb>tif->tif_size)
-+                            n=tif->tif_size-ma;
-+                    else
-+                            n=size;
-+                }
-               if (n!=size) {
- #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
-                       TIFFErrorExt(tif->tif_clientdata, module,
--- 
-2.11.0
-
diff -Naurp buildroot-2017.05-rc2/package/tiff/tiff.hash buildroot-2017.05.2/package/tiff/tiff.hash
--- buildroot-2017.05-rc2/package/tiff/tiff.hash        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/tiff/tiff.hash  2017-07-27 08:16:52.017486944 +0200
@@ -1,2 +1,2 @@
 # Locally computed
-sha256 9f43a2cfb9589e5cecaa66e16bf87f814c945f22df7ba600d63aac4632c4f019  tiff-4.0.7.tar.gz
+sha256 59d7a5a8ccd92059913f246877db95a2918e6c04fb9d43fd74e5c3390dac2910  tiff-4.0.8.tar.gz
diff -Naurp buildroot-2017.05-rc2/package/tiff/tiff.mk buildroot-2017.05.2/package/tiff/tiff.mk
--- buildroot-2017.05-rc2/package/tiff/tiff.mk  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/tiff/tiff.mk    2017-07-27 08:16:52.017486944 +0200
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-TIFF_VERSION = 4.0.7
+TIFF_VERSION = 4.0.8
 TIFF_SITE = http://download.osgeo.org/libtiff
 TIFF_LICENSE = tiff license
 TIFF_LICENSE_FILES = COPYRIGHT
diff -Naurp buildroot-2017.05-rc2/package/tor/tor.hash buildroot-2017.05.2/package/tor/tor.hash
--- buildroot-2017.05-rc2/package/tor/tor.hash  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/tor/tor.hash    2017-07-27 08:16:52.017486944 +0200
@@ -1,2 +1,2 @@
 # Locally computed
-sha256 d611283e1fb284b5f884f8c07e7d3151016851848304f56cfdf3be2a88bd1341  tor-0.2.9.10.tar.gz
+sha256 c1959bebff9a546a54cbedb58c8289a42441991af417d2d16f7b336be8903221  tor-0.2.9.11.tar.gz
diff -Naurp buildroot-2017.05-rc2/package/tor/tor.mk buildroot-2017.05.2/package/tor/tor.mk
--- buildroot-2017.05-rc2/package/tor/tor.mk    2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/tor/tor.mk      2017-07-27 08:16:52.017486944 +0200
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-TOR_VERSION = 0.2.9.10
+TOR_VERSION = 0.2.9.11
 TOR_SITE = https://dist.torproject.org
 TOR_LICENSE = BSD-3-Clause
 TOR_LICENSE_FILES = LICENSE
diff -Naurp buildroot-2017.05-rc2/package/trinity/trinity.hash buildroot-2017.05.2/package/trinity/trinity.hash
--- buildroot-2017.05-rc2/package/trinity/trinity.hash  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/trinity/trinity.hash    2017-07-27 08:16:52.017486944 +0200
@@ -3,3 +3,4 @@ sha256 4cb2bd4049ce523fdf47490c4c18b8eb7
 sha256 5601474b10973b99f6f4ecc67c8ac54000754d7110553cc81c7648bd7e73c810  b0e66a2d084ffc210bc1fc247efb4d177e9f7e3d.patch
 sha256 1974e473113b4e79fb2ff820e2b03f475a538e43343c24ca077a04214b9e0418  f447db18b389050ecc5e66dbf549d5953633e23e.patch
 sha256 9f9846a9c257b7df7e944c8b3ea956a8e8166bba67b3ea6c231382f095753312  87427256640f806710dd97fc807a9a896147c617.patch
+sha256 e6e47e813424f6b92b5a2e8f56bbd3bae63db47b76ece81a934a9390e194cbfc  1d9af9d07ae111c253c92112fb50000adac47a0c.patch
diff -Naurp buildroot-2017.05-rc2/package/trinity/trinity.mk buildroot-2017.05.2/package/trinity/trinity.mk
--- buildroot-2017.05-rc2/package/trinity/trinity.mk    2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/trinity/trinity.mk      2017-07-27 08:16:52.017486944 +0200
@@ -12,7 +12,8 @@ TRINITY_LICENSE_FILES = COPYING
 
 TRINITY_PATCH = https://github.com/kernelslacker/trinity/commit/b0e66a2d084ffc210bc1fc247efb4d177e9f7e3d.patch \
                https://github.com/kernelslacker/trinity/commit/f447db18b389050ecc5e66dbf549d5953633e23e.patch \
-               https://github.com/kernelslacker/trinity/commit/87427256640f806710dd97fc807a9a896147c617.patch
+               https://github.com/kernelslacker/trinity/commit/87427256640f806710dd97fc807a9a896147c617.patch \
+               https://github.com/kernelslacker/trinity/commit/1d9af9d07ae111c253c92112fb50000adac47a0c.patch
 
 ifeq ($(BR2_PACKAGE_BTRFS_PROGS),y)
 TRINITY_DEPENDENCIES += btrfs-progs
diff -Naurp buildroot-2017.05-rc2/package/tslib/tslib.mk buildroot-2017.05.2/package/tslib/tslib.mk
--- buildroot-2017.05-rc2/package/tslib/tslib.mk        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/tslib/tslib.mk  2017-07-27 08:16:52.017486944 +0200
@@ -7,7 +7,7 @@
 TSLIB_VERSION = 1.9
 TSLIB_SITE = https://github.com/kergoth/tslib/releases/download/$(TSLIB_VERSION)
 TSLIB_SOURCE = tslib-$(TSLIB_VERSION).tar.xz
-TSLIB_LICENSE = GPL, LGPL
+TSLIB_LICENSE = GPL-2.0+ (programs), LGPL-2.1+ (libraries)
 TSLIB_LICENSE_FILES = COPYING
 
 TSLIB_INSTALL_STAGING = YES
diff -Naurp buildroot-2017.05-rc2/package/uboot-tools/uboot-tools.mk buildroot-2017.05.2/package/uboot-tools/uboot-tools.mk
--- buildroot-2017.05-rc2/package/uboot-tools/uboot-tools.mk    2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/uboot-tools/uboot-tools.mk      2017-07-27 08:16:52.017486944 +0200
@@ -23,7 +23,7 @@ UBOOT_TOOLS_MAKE_OPTS = CROSS_COMPILE="$
 
 # This option was added through an additional patch
 # and allows the disabling of a host python swig
-# detect which as of 2017.5 assumes the host systems swig.
+# detect which as of 2017.3 assumes the host systems swig.
 UBOOT_TOOLS_MAKE_OPTS += CONFIG_TOOLS_PYTHON_WRAPPER_DISABLE=y
 
 ifeq ($(BR2_PACKAGE_UBOOT_TOOLS_FIT_SUPPORT),y)
@@ -92,6 +92,10 @@ HOST_UBOOT_TOOLS_MAKE_OPTS = HOSTCC="$(H
        HOSTCFLAGS="$(HOST_CFLAGS)" \
        HOSTLDFLAGS="$(HOST_LDFLAGS)"
 
+# Workaround to disable building the host python libfdt module. See comment
+# above when setting the target uboot-tools make options.
+HOST_UBOOT_TOOLS_MAKE_OPTS += CONFIG_TOOLS_PYTHON_WRAPPER_DISABLE=y
+
 ifeq ($(BR2_PACKAGE_HOST_UBOOT_TOOLS_FIT_SUPPORT),y)
 HOST_UBOOT_TOOLS_MAKE_OPTS += CONFIG_FIT=y
 HOST_UBOOT_TOOLS_DEPENDENCIES += host-dtc
diff -Naurp buildroot-2017.05-rc2/package/vlc/0013-codec-avcodec-check-avcodec-visible-sizes.patch buildroot-2017.05.2/package/vlc/0013-codec-avcodec-check-avcodec-visible-sizes.patch
--- buildroot-2017.05-rc2/package/vlc/0013-codec-avcodec-check-avcodec-visible-sizes.patch      1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/vlc/0013-codec-avcodec-check-avcodec-visible-sizes.patch        2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,33 @@
+From 6cc73bcad19da2cd2e95671173f2e0d203a57e9b Mon Sep 17 00:00:00 2001
+From: Francois Cartegnie <fcvlcdev@free.fr>
+Date: Thu, 29 Jun 2017 09:45:20 +0200
+Subject: [PATCH] codec: avcodec: check avcodec visible sizes
+
+refs #18467
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ modules/codec/avcodec/video.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/modules/codec/avcodec/video.c b/modules/codec/avcodec/video.c
+index 1bcad21..ce52544 100644
+--- a/modules/codec/avcodec/video.c
++++ b/modules/codec/avcodec/video.c
+@@ -137,9 +137,11 @@ static inline picture_t *ffmpeg_NewPictBuf( decoder_t *p_dec,
+     }
+ 
+ 
+-    if( width == 0 || height == 0 || width > 8192 || height > 8192 )
++    if( width == 0 || height == 0 || width > 8192 || height > 8192 ||
++        width < p_context->width || height < p_context->height )
+     {
+-        msg_Err( p_dec, "Invalid frame size %dx%d.", width, height );
++        msg_Err( p_dec, "Invalid frame size %dx%d. vsz %dx%d",
++                 width, height, p_context->width, p_context->height );
+         return NULL; /* invalid display size */
+     }
+     p_dec->fmt_out.video.i_width = width;
+-- 
+2.1.4
+
diff -Naurp buildroot-2017.05-rc2/package/vlc/0014-decoder-check-visible-size-when-creating-buffer.patch buildroot-2017.05.2/package/vlc/0014-decoder-check-visible-size-when-creating-buffer.patch
--- buildroot-2017.05-rc2/package/vlc/0014-decoder-check-visible-size-when-creating-buffer.patch        1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/vlc/0014-decoder-check-visible-size-when-creating-buffer.patch  2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,33 @@
+From a38a85db58c569cc592d9380cc07096757ef3d49 Mon Sep 17 00:00:00 2001
+From: Francois Cartegnie <fcvlcdev@free.fr>
+Date: Thu, 29 Jun 2017 11:09:02 +0200
+Subject: [PATCH] decoder: check visible size when creating buffer
+
+early reject invalid visible size
+mishandled by filters.
+
+refs #18467
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ src/input/decoder.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/input/decoder.c b/src/input/decoder.c
+index 2c0823f..a216165 100644
+--- a/src/input/decoder.c
++++ b/src/input/decoder.c
+@@ -2060,7 +2060,9 @@ static picture_t *vout_new_buffer( decoder_t *p_dec )
+         vout_thread_t *p_vout;
+ 
+         if( !p_dec->fmt_out.video.i_width ||
+-            !p_dec->fmt_out.video.i_height )
++            !p_dec->fmt_out.video.i_height ||
++            p_dec->fmt_out.video.i_width < p_dec->fmt_out.video.i_visible_width ||
++            p_dec->fmt_out.video.i_height < p_dec->fmt_out.video.i_visible_height )
+         {
+             /* Can't create a new vout without display size */
+             return NULL;
+-- 
+2.1.4
+
diff -Naurp buildroot-2017.05-rc2/package/vlc/vlc.hash buildroot-2017.05.2/package/vlc/vlc.hash
--- buildroot-2017.05-rc2/package/vlc/vlc.hash  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/vlc/vlc.hash    2017-07-27 08:16:52.017486944 +0200
@@ -1,6 +1,2 @@
-# From http://get.videolan.org/vlc/2.2.5.1/vlc-2.2.5.1.tar.xz.md5
-md5 7ab63964ffec4c92a54deb018f23318b vlc-2.2.5.1.tar.xz
-# From http://get.videolan.org/vlc/2.2.5.1/vlc-2.2.5.1.tar.xz.sha1
-sha1 042962dba68e1414aa563883b0172ee121cf9555 vlc-2.2.5.1.tar.xz
-# From http://get.videolan.org/vlc/2.2.5.1/vlc-2.2.5.1.tar.xz.sha256
-sha256 b28b8a28f578c0c6cb1ebed293aca2a3cd368906cf777d1ab599e2784ddda1cc vlc-2.2.5.1.tar.xz
+# From http://download.videolan.org/pub/videolan/vlc/2.2.6/vlc-2.2.6.tar.xz.sha256
+sha256 c403d3accd9a400eb2181c958f3e7bc5524fe5738425f4253d42883b425a42a8  vlc-2.2.6.tar.xz
diff -Naurp buildroot-2017.05-rc2/package/vlc/vlc.mk buildroot-2017.05.2/package/vlc/vlc.mk
--- buildroot-2017.05-rc2/package/vlc/vlc.mk    2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/vlc/vlc.mk      2017-07-27 08:16:52.017486944 +0200
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-VLC_VERSION = 2.2.5.1
+VLC_VERSION = 2.2.6
 VLC_SITE = http://get.videolan.org/vlc/$(VLC_VERSION)
 VLC_SOURCE = vlc-$(VLC_VERSION).tar.xz
 VLC_LICENSE = GPL-2.0+, LGPL-2.1+
diff -Naurp buildroot-2017.05-rc2/package/vpnc/Config.in buildroot-2017.05.2/package/vpnc/Config.in
--- buildroot-2017.05-rc2/package/vpnc/Config.in        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/vpnc/Config.in  2017-07-27 08:16:52.017486944 +0200
@@ -1,6 +1,7 @@
 config BR2_PACKAGE_VPNC
        bool "vpnc"
        depends on BR2_PACKAGE_LIBGPG_ERROR_ARCH_SUPPORTS # libgcrypt
+       depends on !BR2_STATIC_LIBS # gnutls
        depends on BR2_USE_MMU # fork()
        depends on BR2_USE_WCHAR # gnutls
        select BR2_PACKAGE_LIBGCRYPT
@@ -15,6 +16,6 @@ config BR2_PACKAGE_VPNC
 
          http://www.unix-ag.uni-kl.de/~massar/vpnc
 
-comment "vpnc needs a toolchain w/ wchar"
+comment "vpnc needs a toolchain w/ wchar, dynamic library"
        depends on BR2_USE_MMU
-       depends on !BR2_USE_WCHAR
+       depends on !BR2_USE_WCHAR || BR2_STATIC_LIBS
diff -Naurp buildroot-2017.05-rc2/package/webkitgtk/0001-fix-gcc6-builds.patch buildroot-2017.05.2/package/webkitgtk/0001-fix-gcc6-builds.patch
--- buildroot-2017.05-rc2/package/webkitgtk/0001-fix-gcc6-builds.patch  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/webkitgtk/0001-fix-gcc6-builds.patch    1970-01-01 01:00:00.000000000 +0100
@@ -1,53 +0,0 @@
-[CMake] Build failure with GCC 6 (fatal error: stdlib.h: No such file or directory)
-
-https://bugs.webkit.org/show_bug.cgi?id=161697
-
-Reviewed by Michael Catanzaro.
-
-Get the list of system includes from GCC and add it to the CMake
-list of implicit includes. This way, CMake will filter any of this
-directories from the list of includes when calling the compiler.
-
-This avoids an issue with GCC 6 that causes build failures when
-including the default include path as a system include (-isystem).
-
-Upstream, from: https://trac.webkit.org/changeset/205672
-
-Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
-
-Index: trunk/Source/cmake/OptionsCommon.cmake
-===================================================================
---- trunk/Source/cmake/OptionsCommon.cmake     (revision 204084)
-+++ trunk/Source/cmake/OptionsCommon.cmake     (revision 205672)
-@@ -36,4 +36,31 @@
-     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fcolor-diagnostics")
-     set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fcolor-diagnostics")
-+endif ()
-+
-+# Ensure that the default include system directories are added to the list of CMake implicit includes.
-+# This workarounds an issue that happens when using GCC 6 and using system includes (-isystem).
-+# For more details check: https://bugs.webkit.org/show_bug.cgi?id=161697
-+macro(DETERMINE_GCC_SYSTEM_INCLUDE_DIRS _lang _compiler _flags _result)
-+    file(WRITE "${CMAKE_BINARY_DIR}/CMakeFiles/dummy" "\n")
-+    separate_arguments(_buildFlags UNIX_COMMAND "${_flags}")
-+    execute_process(COMMAND ${_compiler} ${_buildFlags} -v -E -x ${_lang} -dD dummy
-+                    WORKING_DIRECTORY ${CMAKE_BINARY_DIR}/CMakeFiles OUTPUT_QUIET
-+                    ERROR_VARIABLE _gccOutput)
-+    file(REMOVE "${CMAKE_BINARY_DIR}/CMakeFiles/dummy")
-+    if ("${_gccOutput}" MATCHES "> search starts here[^\n]+\n *(.+) *\n *End of (search) list")
-+        set(${_result} ${CMAKE_MATCH_1})
-+        string(REPLACE "\n" " " ${_result} "${${_result}}")
-+        separate_arguments(${_result})
-+    endif ()
-+endmacro()
-+
-+if (CMAKE_COMPILER_IS_GNUCC)
-+   DETERMINE_GCC_SYSTEM_INCLUDE_DIRS("c" "${CMAKE_C_COMPILER}" "${CMAKE_C_FLAGS}" SYSTEM_INCLUDE_DIRS)
-+   set(CMAKE_C_IMPLICIT_INCLUDE_DIRECTORIES ${CMAKE_C_IMPLICIT_INCLUDE_DIRECTORIES} ${SYSTEM_INCLUDE_DIRS})
-+endif ()
-+
-+if (CMAKE_COMPILER_IS_GNUCXX)
-+   DETERMINE_GCC_SYSTEM_INCLUDE_DIRS("c++" "${CMAKE_CXX_COMPILER}" "${CMAKE_CXX_FLAGS}" SYSTEM_INCLUDE_DIRS)
-+   set(CMAKE_CXX_IMPLICIT_INCLUDE_DIRECTORIES ${CMAKE_CXX_IMPLICIT_INCLUDE_DIRECTORIES} ${SYSTEM_INCLUDE_DIRS})
- endif ()
- 
diff -Naurp buildroot-2017.05-rc2/package/webkitgtk/Config.in buildroot-2017.05.2/package/webkitgtk/Config.in
--- buildroot-2017.05-rc2/package/webkitgtk/Config.in   2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/webkitgtk/Config.in     2017-07-27 08:16:52.017486944 +0200
@@ -9,6 +9,7 @@ config BR2_PACKAGE_WEBKITGTK_ARCH_SUPPOR
        # Disabled on SuperH because of segfault
        depends on BR2_USE_MMU # libglib2
        depends on BR2_TOOLCHAIN_HAS_SYNC_4
+       depends on BR2_PACKAGE_LIBGPG_ERROR_ARCH_SUPPORTS # libgcrypt
 
 comment "webkitgtk needs libgtk3 and a glibc toolchain w/ C++, gcc >= 4.9"
        depends on BR2_PACKAGE_WEBKITGTK_ARCH_SUPPORTS
@@ -30,6 +31,7 @@ config BR2_PACKAGE_WEBKITGTK
        select BR2_PACKAGE_HARFBUZZ
        select BR2_PACKAGE_ICU
        select BR2_PACKAGE_JPEG
+       select BR2_PACKAGE_LIBGCRYPT
        select BR2_PACKAGE_LIBSECRET
        select BR2_PACKAGE_LIBSOUP
        select BR2_PACKAGE_LIBXML2
@@ -49,11 +51,15 @@ if BR2_PACKAGE_WEBKITGTK
 
 config BR2_PACKAGE_WEBKITGTK_HTTPS
        bool "HTTPS support"
+       depends on !BR2_STATIC_LIBS # gnutls -> libsoup
        select BR2_PACKAGE_CA_CERTIFICATES # runtime
        select BR2_PACKAGE_LIBSOUP_SSL
        help
          Enable HTTPS protocol support.
 
+comment "webkitgtk https support needs a toolchain w/ dynamic library"
+       depends on BR2_STATIC_LIBS
+
 config BR2_PACKAGE_WEBKITGTK_MULTIMEDIA
        bool "multimedia support"
        select BR2_PACKAGE_GSTREAMER1
diff -Naurp buildroot-2017.05-rc2/package/webkitgtk/webkitgtk.hash buildroot-2017.05.2/package/webkitgtk/webkitgtk.hash
--- buildroot-2017.05-rc2/package/webkitgtk/webkitgtk.hash      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/webkitgtk/webkitgtk.hash        2017-07-27 08:16:52.017486944 +0200
@@ -1,4 +1,4 @@
-# From http://www.webkitgtk.org/releases/webkitgtk-2.12.5.tar.xz.sha1
-sha1   2d73fd5b47c68c73aea8b3d7b88acc8e62bdb99c        webkitgtk-2.12.5.tar.xz
-# Calculated based on the hash above
-sha256 6b147854b864a5f115fadb97b2b6200b2f696db015216a34e7298d11c88b1c40        webkitgtk-2.12.5.tar.xz
+# From https://webkitgtk.org/releases/webkitgtk-2.16.6.tar.xz.sums
+md5  0e2d142a586e4ff79cf0324f4fdbf20c webkitgtk-2.16.6.tar.xz
+sha1 f7fca3fbac3dc99e39f353a6df250635e684c922 webkitgtk-2.16.6.tar.xz
+sha256 fc23650df953123c59b9c0edf3855e7bd55bd107820997fc72375811e1ea4b21 webkitgtk-2.16.6.tar.xz
diff -Naurp buildroot-2017.05-rc2/package/webkitgtk/webkitgtk.mk buildroot-2017.05.2/package/webkitgtk/webkitgtk.mk
--- buildroot-2017.05-rc2/package/webkitgtk/webkitgtk.mk        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/webkitgtk/webkitgtk.mk  2017-07-27 08:16:52.017486944 +0200
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-WEBKITGTK_VERSION = 2.12.5
+WEBKITGTK_VERSION = 2.16.6
 WEBKITGTK_SITE = http://www.webkitgtk.org/releases
 WEBKITGTK_SOURCE = webkitgtk-$(WEBKITGTK_VERSION).tar.xz
 WEBKITGTK_INSTALL_STAGING = YES
@@ -13,7 +13,7 @@ WEBKITGTK_LICENSE_FILES = \
        Source/WebCore/LICENSE-APPLE \
        Source/WebCore/LICENSE-LGPL-2.1
 WEBKITGTK_DEPENDENCIES = host-ruby host-flex host-bison host-gperf \
-       enchant harfbuzz icu jpeg libgtk3 libsecret libsoup \
+       enchant harfbuzz icu jpeg libgcrypt libgtk3 libsecret libsoup \
        libxml2 libxslt sqlite webp
 WEBKITGTK_CONF_OPTS = \
        -DENABLE_API_TESTS=OFF \
diff -Naurp buildroot-2017.05-rc2/package/x11r7/xlib_libxshmfence/Config.in buildroot-2017.05.2/package/x11r7/xlib_libxshmfence/Config.in
--- buildroot-2017.05-rc2/package/x11r7/xlib_libxshmfence/Config.in     2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/x11r7/xlib_libxshmfence/Config.in       2017-07-27 08:16:52.017486944 +0200
@@ -1,5 +1,6 @@
 config BR2_PACKAGE_XLIB_LIBXSHMFENCE
        bool "libxshmfence"
+       depends on BR2_TOOLCHAIN_HAS_SYNC_4
        select BR2_PACKAGE_XPROTO_XPROTO
        help
          X.Org shmfence library
diff -Naurp buildroot-2017.05-rc2/package/x11r7/xserver_xorg-server/1.14.7/0001-sdksyms-gcc5.patch buildroot-2017.05.2/package/x11r7/xserver_xorg-server/1.14.7/0001-sdksyms-gcc5.patch
--- buildroot-2017.05-rc2/package/x11r7/xserver_xorg-server/1.14.7/0001-sdksyms-gcc5.patch      1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/x11r7/xserver_xorg-server/1.14.7/0001-sdksyms-gcc5.patch        2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,50 @@
+From 21b896939c5bb242f3aacc37baf12379e43254b6 Mon Sep 17 00:00:00 2001
+From: Egbert Eich <eich@freedesktop.org>
+Date: Tue, 3 Mar 2015 16:27:05 +0100
+Subject: symbols: Fix sdksyms.sh to cope with gcc5
+
+Gcc5 adds additional lines stating line numbers before and
+after __attribute__() which need to be skipped.
+
+Downloaded from upstream commit
+https://cgit.freedesktop.org/xorg/xserver/commit/hw/xfree86/sdksyms.sh?id=21b896939c5bb242f3aacc37baf12379e43254b6
+
+Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
+Signed-off-by: Egbert Eich <eich@freedesktop.org>
+Tested-by: Daniel Stone <daniels@collabora.com>
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+
+diff --git a/hw/xfree86/sdksyms.sh b/hw/xfree86/sdksyms.sh
+index 2305073..05ac410 100755
+--- a/hw/xfree86/sdksyms.sh
++++ b/hw/xfree86/sdksyms.sh
+@@ -350,13 +350,25 @@ BEGIN {
+     if (sdk) {
+       n = 3;
+ 
++        # skip line numbers GCC 5 adds before __attribute__
++        while ($n == "" || $0 ~ /^# [0-9]+ "/) {
++           getline;
++           n = 1;
++        }
++
+       # skip attribute, if any
+       while ($n ~ /^(__attribute__|__global)/ ||
+           # skip modifiers, if any
+           $n ~ /^\*?(unsigned|const|volatile|struct|_X_EXPORT)$/ ||
+           # skip pointer
+-          $n ~ /^[a-zA-Z0-9_]*\*$/)
++          $n ~ /^[a-zA-Z0-9_]*\*$/) {
+           n++;
++            # skip line numbers GCC 5 adds after __attribute__
++            while ($n == "" || $0 ~ /^# [0-9]+ "/) {
++               getline;
++               n = 1;
++            }
++        }
+ 
+       # type specifier may not be set, as in
+       #   extern _X_EXPORT unsigned name(...)
+-- 
+cgit v0.10.2
+
diff -Naurp buildroot-2017.05-rc2/package/x11r7/xserver_xorg-server/1.14.7/0002-Xi-Zero-target-buffer-in-SProcXSendExtensionEvent.patch buildroot-2017.05.2/package/x11r7/xserver_xorg-server/1.14.7/0002-Xi-Zero-target-buffer-in-SProcXSendExtensionEvent.patch
--- buildroot-2017.05-rc2/package/x11r7/xserver_xorg-server/1.14.7/0002-Xi-Zero-target-buffer-in-SProcXSendExtensionEvent.patch 1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/x11r7/xserver_xorg-server/1.14.7/0002-Xi-Zero-target-buffer-in-SProcXSendExtensionEvent.patch   2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,39 @@
+From 05442de962d3dc624f79fc1a00eca3ffc5489ced Mon Sep 17 00:00:00 2001
+From: Michal Srb <msrb@suse.com>
+Date: Wed, 24 May 2017 15:54:39 +0300
+Subject: [PATCH] Xi: Zero target buffer in SProcXSendExtensionEvent.
+
+Make sure that the xEvent eventT is initialized with zeros, the same way as
+in SProcSendEvent.
+
+Some event swapping functions do not overwrite all 32 bytes of xEvent
+structure, for example XSecurityAuthorizationRevoked. Two cooperating
+clients, one swapped and the other not, can send
+XSecurityAuthorizationRevoked event to each other to retrieve old stack data
+from X server. This can be potentialy misused to go around ASLR or
+stack-protector.
+
+Signed-off-by: Michal Srb <msrb@suse.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ Xi/sendexev.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Xi/sendexev.c b/Xi/sendexev.c
+index 11d82029f..1cf118ab6 100644
+--- a/Xi/sendexev.c
++++ b/Xi/sendexev.c
+@@ -78,7 +78,7 @@ SProcXSendExtensionEvent(ClientPtr client)
+ {
+     CARD32 *p;
+     int i;
+-    xEvent eventT;
++    xEvent eventT = { .u.u.type = 0 };
+     xEvent *eventP;
+     EventSwapPtr proc;
+ 
+-- 
+2.11.0
+
diff -Naurp buildroot-2017.05-rc2/package/x11r7/xserver_xorg-server/1.14.7/0003-dix-Disallow-GenericEvent-in-SendEvent-request.patch buildroot-2017.05.2/package/x11r7/xserver_xorg-server/1.14.7/0003-dix-Disallow-GenericEvent-in-SendEvent-request.patch
--- buildroot-2017.05-rc2/package/x11r7/xserver_xorg-server/1.14.7/0003-dix-Disallow-GenericEvent-in-SendEvent-request.patch    1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/x11r7/xserver_xorg-server/1.14.7/0003-dix-Disallow-GenericEvent-in-SendEvent-request.patch      2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,71 @@
+From 215f894965df5fb0bb45b107d84524e700d2073c Mon Sep 17 00:00:00 2001
+From: Michal Srb <msrb@suse.com>
+Date: Wed, 24 May 2017 15:54:40 +0300
+Subject: [PATCH] dix: Disallow GenericEvent in SendEvent request.
+
+The SendEvent request holds xEvent which is exactly 32 bytes long, no more,
+no less. Both ProcSendEvent and SProcSendEvent verify that the received data
+exactly match the request size. However nothing stops the client from passing
+in event with xEvent::type = GenericEvent and any value of
+xGenericEvent::length.
+
+In the case of ProcSendEvent, the event will be eventually passed to
+WriteEventsToClient which will see that it is Generic event and copy the
+arbitrary length from the receive buffer (and possibly past it) and send it to
+the other client. This allows clients to copy unitialized heap memory out of X
+server or to crash it.
+
+In case of SProcSendEvent, it will attempt to swap the incoming event by
+calling a swapping function from the EventSwapVector array. The swapped event
+is written to target buffer, which in this case is local xEvent variable. The
+xEvent variable is 32 bytes long, but the swapping functions for GenericEvents
+expect that the target buffer has size matching the size of the source
+GenericEvent. This allows clients to cause stack buffer overflows.
+
+Signed-off-by: Michal Srb <msrb@suse.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ dix/events.c  | 6 ++++++
+ dix/swapreq.c | 7 +++++++
+ 2 files changed, 13 insertions(+)
+
+diff --git a/dix/events.c b/dix/events.c
+index 3e3a01ef9..d3a33ea3f 100644
+--- a/dix/events.c
++++ b/dix/events.c
+@@ -5366,6 +5366,12 @@ ProcSendEvent(ClientPtr client)
+         client->errorValue = stuff->event.u.u.type;
+         return BadValue;
+     }
++    /* Generic events can have variable size, but SendEvent request holds
++       exactly 32B of event data. */
++    if (stuff->event.u.u.type == GenericEvent) {
++        client->errorValue = stuff->event.u.u.type;
++        return BadValue;
++    }
+     if (stuff->event.u.u.type == ClientMessage &&
+         stuff->event.u.u.detail != 8 &&
+         stuff->event.u.u.detail != 16 && stuff->event.u.u.detail != 32) {
+diff --git a/dix/swapreq.c b/dix/swapreq.c
+index 719e9b81c..67850593b 100644
+--- a/dix/swapreq.c
++++ b/dix/swapreq.c
+@@ -292,6 +292,13 @@ SProcSendEvent(ClientPtr client)
+     swapl(&stuff->destination);
+     swapl(&stuff->eventMask);
+ 
++    /* Generic events can have variable size, but SendEvent request holds
++       exactly 32B of event data. */
++    if (stuff->event.u.u.type == GenericEvent) {
++        client->errorValue = stuff->event.u.u.type;
++        return BadValue;
++    }
++
+     /* Swap event */
+     proc = EventSwapVector[stuff->event.u.u.type & 0177];
+     if (!proc || proc == NotImplemented)        /* no swapping proc; invalid event type? */
+-- 
+2.11.0
+
diff -Naurp buildroot-2017.05-rc2/package/x11r7/xserver_xorg-server/1.14.7/0004-Xi-Verify-all-events-in-ProcXSendExtensionEvent.patch buildroot-2017.05.2/package/x11r7/xserver_xorg-server/1.14.7/0004-Xi-Verify-all-events-in-ProcXSendExtensionEvent.patch
--- buildroot-2017.05-rc2/package/x11r7/xserver_xorg-server/1.14.7/0004-Xi-Verify-all-events-in-ProcXSendExtensionEvent.patch   1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/x11r7/xserver_xorg-server/1.14.7/0004-Xi-Verify-all-events-in-ProcXSendExtensionEvent.patch     2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,50 @@
+From 8caed4df36b1f802b4992edcfd282cbeeec35d9d Mon Sep 17 00:00:00 2001
+From: Michal Srb <msrb@suse.com>
+Date: Wed, 24 May 2017 15:54:41 +0300
+Subject: [PATCH] Xi: Verify all events in ProcXSendExtensionEvent.
+
+The requirement is that events have type in range
+EXTENSION_EVENT_BASE..lastEvent, but it was tested
+only for first event of all.
+
+Signed-off-by: Michal Srb <msrb@suse.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ Xi/sendexev.c | 12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+diff --git a/Xi/sendexev.c b/Xi/sendexev.c
+index 1cf118ab6..5e63bfcca 100644
+--- a/Xi/sendexev.c
++++ b/Xi/sendexev.c
+@@ -117,7 +117,7 @@ SProcXSendExtensionEvent(ClientPtr client)
+ int
+ ProcXSendExtensionEvent(ClientPtr client)
+ {
+-    int ret;
++    int ret, i;
+     DeviceIntPtr dev;
+     xEvent *first;
+     XEventClass *list;
+@@ -141,10 +141,12 @@ ProcXSendExtensionEvent(ClientPtr client)
+     /* The client's event type must be one defined by an extension. */
+ 
+     first = ((xEvent *) &stuff[1]);
+-    if (!((EXTENSION_EVENT_BASE <= first->u.u.type) &&
+-          (first->u.u.type < lastEvent))) {
+-        client->errorValue = first->u.u.type;
+-        return BadValue;
++    for (i = 0; i < stuff->num_events; i++) {
++        if (!((EXTENSION_EVENT_BASE <= first[i].u.u.type) &&
++            (first[i].u.u.type < lastEvent))) {
++            client->errorValue = first[i].u.u.type;
++            return BadValue;
++        }
+     }
+ 
+     list = (XEventClass *) (first + stuff->num_events);
+-- 
+2.11.0
+
diff -Naurp buildroot-2017.05-rc2/package/x11r7/xserver_xorg-server/1.14.7/0005-Xi-Do-not-try-to-swap-GenericEvent.patch buildroot-2017.05.2/package/x11r7/xserver_xorg-server/1.14.7/0005-Xi-Do-not-try-to-swap-GenericEvent.patch
--- buildroot-2017.05-rc2/package/x11r7/xserver_xorg-server/1.14.7/0005-Xi-Do-not-try-to-swap-GenericEvent.patch        1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/x11r7/xserver_xorg-server/1.14.7/0005-Xi-Do-not-try-to-swap-GenericEvent.patch  2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,45 @@
+From ba336b24052122b136486961c82deac76bbde455 Mon Sep 17 00:00:00 2001
+From: Michal Srb <msrb@suse.com>
+Date: Wed, 24 May 2017 15:54:42 +0300
+Subject: [PATCH] Xi: Do not try to swap GenericEvent.
+
+The SProcXSendExtensionEvent must not attempt to swap GenericEvent because
+it is assuming that the event has fixed size and gives the swapping function
+xEvent-sized buffer.
+
+A GenericEvent would be later rejected by ProcXSendExtensionEvent anyway.
+
+Signed-off-by: Michal Srb <msrb@suse.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ Xi/sendexev.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/Xi/sendexev.c b/Xi/sendexev.c
+index 5e63bfcca..5c2e0fc56 100644
+--- a/Xi/sendexev.c
++++ b/Xi/sendexev.c
+@@ -95,9 +95,17 @@ SProcXSendExtensionEvent(ClientPtr client)
+ 
+     eventP = (xEvent *) &stuff[1];
+     for (i = 0; i < stuff->num_events; i++, eventP++) {
++        if (eventP->u.u.type == GenericEvent) {
++            client->errorValue = eventP->u.u.type;
++            return BadValue;
++        }
++
+         proc = EventSwapVector[eventP->u.u.type & 0177];
+-        if (proc == NotImplemented)     /* no swapping proc; invalid event type? */
++        /* no swapping proc; invalid event type? */
++        if (proc == NotImplemented) {
++            client->errorValue = eventP->u.u.type;
+             return BadValue;
++        }
+         (*proc) (eventP, &eventT);
+         *eventP = eventT;
+     }
+-- 
+2.11.0
+
diff -Naurp buildroot-2017.05-rc2/package/x11r7/xserver_xorg-server/1.17.4/0002-Xi-Zero-target-buffer-in-SProcXSendExtensionEvent.patch buildroot-2017.05.2/package/x11r7/xserver_xorg-server/1.17.4/0002-Xi-Zero-target-buffer-in-SProcXSendExtensionEvent.patch
--- buildroot-2017.05-rc2/package/x11r7/xserver_xorg-server/1.17.4/0002-Xi-Zero-target-buffer-in-SProcXSendExtensionEvent.patch 1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/x11r7/xserver_xorg-server/1.17.4/0002-Xi-Zero-target-buffer-in-SProcXSendExtensionEvent.patch   2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,39 @@
+From 05442de962d3dc624f79fc1a00eca3ffc5489ced Mon Sep 17 00:00:00 2001
+From: Michal Srb <msrb@suse.com>
+Date: Wed, 24 May 2017 15:54:39 +0300
+Subject: [PATCH] Xi: Zero target buffer in SProcXSendExtensionEvent.
+
+Make sure that the xEvent eventT is initialized with zeros, the same way as
+in SProcSendEvent.
+
+Some event swapping functions do not overwrite all 32 bytes of xEvent
+structure, for example XSecurityAuthorizationRevoked. Two cooperating
+clients, one swapped and the other not, can send
+XSecurityAuthorizationRevoked event to each other to retrieve old stack data
+from X server. This can be potentialy misused to go around ASLR or
+stack-protector.
+
+Signed-off-by: Michal Srb <msrb@suse.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ Xi/sendexev.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Xi/sendexev.c b/Xi/sendexev.c
+index 11d82029f..1cf118ab6 100644
+--- a/Xi/sendexev.c
++++ b/Xi/sendexev.c
+@@ -78,7 +78,7 @@ SProcXSendExtensionEvent(ClientPtr client)
+ {
+     CARD32 *p;
+     int i;
+-    xEvent eventT;
++    xEvent eventT = { .u.u.type = 0 };
+     xEvent *eventP;
+     EventSwapPtr proc;
+ 
+-- 
+2.11.0
+
diff -Naurp buildroot-2017.05-rc2/package/x11r7/xserver_xorg-server/1.17.4/0003-dix-Disallow-GenericEvent-in-SendEvent-request.patch buildroot-2017.05.2/package/x11r7/xserver_xorg-server/1.17.4/0003-dix-Disallow-GenericEvent-in-SendEvent-request.patch
--- buildroot-2017.05-rc2/package/x11r7/xserver_xorg-server/1.17.4/0003-dix-Disallow-GenericEvent-in-SendEvent-request.patch    1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/x11r7/xserver_xorg-server/1.17.4/0003-dix-Disallow-GenericEvent-in-SendEvent-request.patch      2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,71 @@
+From 215f894965df5fb0bb45b107d84524e700d2073c Mon Sep 17 00:00:00 2001
+From: Michal Srb <msrb@suse.com>
+Date: Wed, 24 May 2017 15:54:40 +0300
+Subject: [PATCH] dix: Disallow GenericEvent in SendEvent request.
+
+The SendEvent request holds xEvent which is exactly 32 bytes long, no more,
+no less. Both ProcSendEvent and SProcSendEvent verify that the received data
+exactly match the request size. However nothing stops the client from passing
+in event with xEvent::type = GenericEvent and any value of
+xGenericEvent::length.
+
+In the case of ProcSendEvent, the event will be eventually passed to
+WriteEventsToClient which will see that it is Generic event and copy the
+arbitrary length from the receive buffer (and possibly past it) and send it to
+the other client. This allows clients to copy unitialized heap memory out of X
+server or to crash it.
+
+In case of SProcSendEvent, it will attempt to swap the incoming event by
+calling a swapping function from the EventSwapVector array. The swapped event
+is written to target buffer, which in this case is local xEvent variable. The
+xEvent variable is 32 bytes long, but the swapping functions for GenericEvents
+expect that the target buffer has size matching the size of the source
+GenericEvent. This allows clients to cause stack buffer overflows.
+
+Signed-off-by: Michal Srb <msrb@suse.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ dix/events.c  | 6 ++++++
+ dix/swapreq.c | 7 +++++++
+ 2 files changed, 13 insertions(+)
+
+diff --git a/dix/events.c b/dix/events.c
+index 3e3a01ef9..d3a33ea3f 100644
+--- a/dix/events.c
++++ b/dix/events.c
+@@ -5366,6 +5366,12 @@ ProcSendEvent(ClientPtr client)
+         client->errorValue = stuff->event.u.u.type;
+         return BadValue;
+     }
++    /* Generic events can have variable size, but SendEvent request holds
++       exactly 32B of event data. */
++    if (stuff->event.u.u.type == GenericEvent) {
++        client->errorValue = stuff->event.u.u.type;
++        return BadValue;
++    }
+     if (stuff->event.u.u.type == ClientMessage &&
+         stuff->event.u.u.detail != 8 &&
+         stuff->event.u.u.detail != 16 && stuff->event.u.u.detail != 32) {
+diff --git a/dix/swapreq.c b/dix/swapreq.c
+index 719e9b81c..67850593b 100644
+--- a/dix/swapreq.c
++++ b/dix/swapreq.c
+@@ -292,6 +292,13 @@ SProcSendEvent(ClientPtr client)
+     swapl(&stuff->destination);
+     swapl(&stuff->eventMask);
+ 
++    /* Generic events can have variable size, but SendEvent request holds
++       exactly 32B of event data. */
++    if (stuff->event.u.u.type == GenericEvent) {
++        client->errorValue = stuff->event.u.u.type;
++        return BadValue;
++    }
++
+     /* Swap event */
+     proc = EventSwapVector[stuff->event.u.u.type & 0177];
+     if (!proc || proc == NotImplemented)        /* no swapping proc; invalid event type? */
+-- 
+2.11.0
+
diff -Naurp buildroot-2017.05-rc2/package/x11r7/xserver_xorg-server/1.17.4/0004-Xi-Verify-all-events-in-ProcXSendExtensionEvent.patch buildroot-2017.05.2/package/x11r7/xserver_xorg-server/1.17.4/0004-Xi-Verify-all-events-in-ProcXSendExtensionEvent.patch
--- buildroot-2017.05-rc2/package/x11r7/xserver_xorg-server/1.17.4/0004-Xi-Verify-all-events-in-ProcXSendExtensionEvent.patch   1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/x11r7/xserver_xorg-server/1.17.4/0004-Xi-Verify-all-events-in-ProcXSendExtensionEvent.patch     2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,50 @@
+From 8caed4df36b1f802b4992edcfd282cbeeec35d9d Mon Sep 17 00:00:00 2001
+From: Michal Srb <msrb@suse.com>
+Date: Wed, 24 May 2017 15:54:41 +0300
+Subject: [PATCH] Xi: Verify all events in ProcXSendExtensionEvent.
+
+The requirement is that events have type in range
+EXTENSION_EVENT_BASE..lastEvent, but it was tested
+only for first event of all.
+
+Signed-off-by: Michal Srb <msrb@suse.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ Xi/sendexev.c | 12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+diff --git a/Xi/sendexev.c b/Xi/sendexev.c
+index 1cf118ab6..5e63bfcca 100644
+--- a/Xi/sendexev.c
++++ b/Xi/sendexev.c
+@@ -117,7 +117,7 @@ SProcXSendExtensionEvent(ClientPtr client)
+ int
+ ProcXSendExtensionEvent(ClientPtr client)
+ {
+-    int ret;
++    int ret, i;
+     DeviceIntPtr dev;
+     xEvent *first;
+     XEventClass *list;
+@@ -141,10 +141,12 @@ ProcXSendExtensionEvent(ClientPtr client)
+     /* The client's event type must be one defined by an extension. */
+ 
+     first = ((xEvent *) &stuff[1]);
+-    if (!((EXTENSION_EVENT_BASE <= first->u.u.type) &&
+-          (first->u.u.type < lastEvent))) {
+-        client->errorValue = first->u.u.type;
+-        return BadValue;
++    for (i = 0; i < stuff->num_events; i++) {
++        if (!((EXTENSION_EVENT_BASE <= first[i].u.u.type) &&
++            (first[i].u.u.type < lastEvent))) {
++            client->errorValue = first[i].u.u.type;
++            return BadValue;
++        }
+     }
+ 
+     list = (XEventClass *) (first + stuff->num_events);
+-- 
+2.11.0
+
diff -Naurp buildroot-2017.05-rc2/package/x11r7/xserver_xorg-server/1.17.4/0005-Xi-Do-not-try-to-swap-GenericEvent.patch buildroot-2017.05.2/package/x11r7/xserver_xorg-server/1.17.4/0005-Xi-Do-not-try-to-swap-GenericEvent.patch
--- buildroot-2017.05-rc2/package/x11r7/xserver_xorg-server/1.17.4/0005-Xi-Do-not-try-to-swap-GenericEvent.patch        1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/x11r7/xserver_xorg-server/1.17.4/0005-Xi-Do-not-try-to-swap-GenericEvent.patch  2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,45 @@
+From ba336b24052122b136486961c82deac76bbde455 Mon Sep 17 00:00:00 2001
+From: Michal Srb <msrb@suse.com>
+Date: Wed, 24 May 2017 15:54:42 +0300
+Subject: [PATCH] Xi: Do not try to swap GenericEvent.
+
+The SProcXSendExtensionEvent must not attempt to swap GenericEvent because
+it is assuming that the event has fixed size and gives the swapping function
+xEvent-sized buffer.
+
+A GenericEvent would be later rejected by ProcXSendExtensionEvent anyway.
+
+Signed-off-by: Michal Srb <msrb@suse.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ Xi/sendexev.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/Xi/sendexev.c b/Xi/sendexev.c
+index 5e63bfcca..5c2e0fc56 100644
+--- a/Xi/sendexev.c
++++ b/Xi/sendexev.c
+@@ -95,9 +95,17 @@ SProcXSendExtensionEvent(ClientPtr client)
+ 
+     eventP = (xEvent *) &stuff[1];
+     for (i = 0; i < stuff->num_events; i++, eventP++) {
++        if (eventP->u.u.type == GenericEvent) {
++            client->errorValue = eventP->u.u.type;
++            return BadValue;
++        }
++
+         proc = EventSwapVector[eventP->u.u.type & 0177];
+-        if (proc == NotImplemented)     /* no swapping proc; invalid event type? */
++        /* no swapping proc; invalid event type? */
++        if (proc == NotImplemented) {
++            client->errorValue = eventP->u.u.type;
+             return BadValue;
++        }
+         (*proc) (eventP, &eventT);
+         *eventP = eventT;
+     }
+-- 
+2.11.0
+
diff -Naurp buildroot-2017.05-rc2/package/x11r7/xserver_xorg-server/1.19.3/0004-Xi-Zero-target-buffer-in-SProcXSendExtensionEvent.patch buildroot-2017.05.2/package/x11r7/xserver_xorg-server/1.19.3/0004-Xi-Zero-target-buffer-in-SProcXSendExtensionEvent.patch
--- buildroot-2017.05-rc2/package/x11r7/xserver_xorg-server/1.19.3/0004-Xi-Zero-target-buffer-in-SProcXSendExtensionEvent.patch 1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/x11r7/xserver_xorg-server/1.19.3/0004-Xi-Zero-target-buffer-in-SProcXSendExtensionEvent.patch   2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,39 @@
+From 05442de962d3dc624f79fc1a00eca3ffc5489ced Mon Sep 17 00:00:00 2001
+From: Michal Srb <msrb@suse.com>
+Date: Wed, 24 May 2017 15:54:39 +0300
+Subject: [PATCH] Xi: Zero target buffer in SProcXSendExtensionEvent.
+
+Make sure that the xEvent eventT is initialized with zeros, the same way as
+in SProcSendEvent.
+
+Some event swapping functions do not overwrite all 32 bytes of xEvent
+structure, for example XSecurityAuthorizationRevoked. Two cooperating
+clients, one swapped and the other not, can send
+XSecurityAuthorizationRevoked event to each other to retrieve old stack data
+from X server. This can be potentialy misused to go around ASLR or
+stack-protector.
+
+Signed-off-by: Michal Srb <msrb@suse.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ Xi/sendexev.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Xi/sendexev.c b/Xi/sendexev.c
+index 11d82029f..1cf118ab6 100644
+--- a/Xi/sendexev.c
++++ b/Xi/sendexev.c
+@@ -78,7 +78,7 @@ SProcXSendExtensionEvent(ClientPtr client)
+ {
+     CARD32 *p;
+     int i;
+-    xEvent eventT;
++    xEvent eventT = { .u.u.type = 0 };
+     xEvent *eventP;
+     EventSwapPtr proc;
+ 
+-- 
+2.11.0
+
diff -Naurp buildroot-2017.05-rc2/package/x11r7/xserver_xorg-server/1.19.3/0005-dix-Disallow-GenericEvent-in-SendEvent-request.patch buildroot-2017.05.2/package/x11r7/xserver_xorg-server/1.19.3/0005-dix-Disallow-GenericEvent-in-SendEvent-request.patch
--- buildroot-2017.05-rc2/package/x11r7/xserver_xorg-server/1.19.3/0005-dix-Disallow-GenericEvent-in-SendEvent-request.patch    1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/x11r7/xserver_xorg-server/1.19.3/0005-dix-Disallow-GenericEvent-in-SendEvent-request.patch      2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,71 @@
+From 215f894965df5fb0bb45b107d84524e700d2073c Mon Sep 17 00:00:00 2001
+From: Michal Srb <msrb@suse.com>
+Date: Wed, 24 May 2017 15:54:40 +0300
+Subject: [PATCH] dix: Disallow GenericEvent in SendEvent request.
+
+The SendEvent request holds xEvent which is exactly 32 bytes long, no more,
+no less. Both ProcSendEvent and SProcSendEvent verify that the received data
+exactly match the request size. However nothing stops the client from passing
+in event with xEvent::type = GenericEvent and any value of
+xGenericEvent::length.
+
+In the case of ProcSendEvent, the event will be eventually passed to
+WriteEventsToClient which will see that it is Generic event and copy the
+arbitrary length from the receive buffer (and possibly past it) and send it to
+the other client. This allows clients to copy unitialized heap memory out of X
+server or to crash it.
+
+In case of SProcSendEvent, it will attempt to swap the incoming event by
+calling a swapping function from the EventSwapVector array. The swapped event
+is written to target buffer, which in this case is local xEvent variable. The
+xEvent variable is 32 bytes long, but the swapping functions for GenericEvents
+expect that the target buffer has size matching the size of the source
+GenericEvent. This allows clients to cause stack buffer overflows.
+
+Signed-off-by: Michal Srb <msrb@suse.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ dix/events.c  | 6 ++++++
+ dix/swapreq.c | 7 +++++++
+ 2 files changed, 13 insertions(+)
+
+diff --git a/dix/events.c b/dix/events.c
+index 3e3a01ef9..d3a33ea3f 100644
+--- a/dix/events.c
++++ b/dix/events.c
+@@ -5366,6 +5366,12 @@ ProcSendEvent(ClientPtr client)
+         client->errorValue = stuff->event.u.u.type;
+         return BadValue;
+     }
++    /* Generic events can have variable size, but SendEvent request holds
++       exactly 32B of event data. */
++    if (stuff->event.u.u.type == GenericEvent) {
++        client->errorValue = stuff->event.u.u.type;
++        return BadValue;
++    }
+     if (stuff->event.u.u.type == ClientMessage &&
+         stuff->event.u.u.detail != 8 &&
+         stuff->event.u.u.detail != 16 && stuff->event.u.u.detail != 32) {
+diff --git a/dix/swapreq.c b/dix/swapreq.c
+index 719e9b81c..67850593b 100644
+--- a/dix/swapreq.c
++++ b/dix/swapreq.c
+@@ -292,6 +292,13 @@ SProcSendEvent(ClientPtr client)
+     swapl(&stuff->destination);
+     swapl(&stuff->eventMask);
+ 
++    /* Generic events can have variable size, but SendEvent request holds
++       exactly 32B of event data. */
++    if (stuff->event.u.u.type == GenericEvent) {
++        client->errorValue = stuff->event.u.u.type;
++        return BadValue;
++    }
++
+     /* Swap event */
+     proc = EventSwapVector[stuff->event.u.u.type & 0177];
+     if (!proc || proc == NotImplemented)        /* no swapping proc; invalid event type? */
+-- 
+2.11.0
+
diff -Naurp buildroot-2017.05-rc2/package/x11r7/xserver_xorg-server/1.19.3/0006-Xi-Verify-all-events-in-ProcXSendExtensionEvent.patch buildroot-2017.05.2/package/x11r7/xserver_xorg-server/1.19.3/0006-Xi-Verify-all-events-in-ProcXSendExtensionEvent.patch
--- buildroot-2017.05-rc2/package/x11r7/xserver_xorg-server/1.19.3/0006-Xi-Verify-all-events-in-ProcXSendExtensionEvent.patch   1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/x11r7/xserver_xorg-server/1.19.3/0006-Xi-Verify-all-events-in-ProcXSendExtensionEvent.patch     2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,50 @@
+From 8caed4df36b1f802b4992edcfd282cbeeec35d9d Mon Sep 17 00:00:00 2001
+From: Michal Srb <msrb@suse.com>
+Date: Wed, 24 May 2017 15:54:41 +0300
+Subject: [PATCH] Xi: Verify all events in ProcXSendExtensionEvent.
+
+The requirement is that events have type in range
+EXTENSION_EVENT_BASE..lastEvent, but it was tested
+only for first event of all.
+
+Signed-off-by: Michal Srb <msrb@suse.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ Xi/sendexev.c | 12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+diff --git a/Xi/sendexev.c b/Xi/sendexev.c
+index 1cf118ab6..5e63bfcca 100644
+--- a/Xi/sendexev.c
++++ b/Xi/sendexev.c
+@@ -117,7 +117,7 @@ SProcXSendExtensionEvent(ClientPtr client)
+ int
+ ProcXSendExtensionEvent(ClientPtr client)
+ {
+-    int ret;
++    int ret, i;
+     DeviceIntPtr dev;
+     xEvent *first;
+     XEventClass *list;
+@@ -141,10 +141,12 @@ ProcXSendExtensionEvent(ClientPtr client)
+     /* The client's event type must be one defined by an extension. */
+ 
+     first = ((xEvent *) &stuff[1]);
+-    if (!((EXTENSION_EVENT_BASE <= first->u.u.type) &&
+-          (first->u.u.type < lastEvent))) {
+-        client->errorValue = first->u.u.type;
+-        return BadValue;
++    for (i = 0; i < stuff->num_events; i++) {
++        if (!((EXTENSION_EVENT_BASE <= first[i].u.u.type) &&
++            (first[i].u.u.type < lastEvent))) {
++            client->errorValue = first[i].u.u.type;
++            return BadValue;
++        }
+     }
+ 
+     list = (XEventClass *) (first + stuff->num_events);
+-- 
+2.11.0
+
diff -Naurp buildroot-2017.05-rc2/package/x11r7/xserver_xorg-server/1.19.3/0007-Xi-Do-not-try-to-swap-GenericEvent.patch buildroot-2017.05.2/package/x11r7/xserver_xorg-server/1.19.3/0007-Xi-Do-not-try-to-swap-GenericEvent.patch
--- buildroot-2017.05-rc2/package/x11r7/xserver_xorg-server/1.19.3/0007-Xi-Do-not-try-to-swap-GenericEvent.patch        1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/x11r7/xserver_xorg-server/1.19.3/0007-Xi-Do-not-try-to-swap-GenericEvent.patch  2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,45 @@
+From ba336b24052122b136486961c82deac76bbde455 Mon Sep 17 00:00:00 2001
+From: Michal Srb <msrb@suse.com>
+Date: Wed, 24 May 2017 15:54:42 +0300
+Subject: [PATCH] Xi: Do not try to swap GenericEvent.
+
+The SProcXSendExtensionEvent must not attempt to swap GenericEvent because
+it is assuming that the event has fixed size and gives the swapping function
+xEvent-sized buffer.
+
+A GenericEvent would be later rejected by ProcXSendExtensionEvent anyway.
+
+Signed-off-by: Michal Srb <msrb@suse.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ Xi/sendexev.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/Xi/sendexev.c b/Xi/sendexev.c
+index 5e63bfcca..5c2e0fc56 100644
+--- a/Xi/sendexev.c
++++ b/Xi/sendexev.c
+@@ -95,9 +95,17 @@ SProcXSendExtensionEvent(ClientPtr client)
+ 
+     eventP = (xEvent *) &stuff[1];
+     for (i = 0; i < stuff->num_events; i++, eventP++) {
++        if (eventP->u.u.type == GenericEvent) {
++            client->errorValue = eventP->u.u.type;
++            return BadValue;
++        }
++
+         proc = EventSwapVector[eventP->u.u.type & 0177];
+-        if (proc == NotImplemented)     /* no swapping proc; invalid event type? */
++        /* no swapping proc; invalid event type? */
++        if (proc == NotImplemented) {
++            client->errorValue = eventP->u.u.type;
+             return BadValue;
++        }
+         (*proc) (eventP, &eventT);
+         *eventP = eventT;
+     }
+-- 
+2.11.0
+
diff -Naurp buildroot-2017.05-rc2/package/x11r7/xserver_xorg-server/Config.in buildroot-2017.05.2/package/x11r7/xserver_xorg-server/Config.in
--- buildroot-2017.05-rc2/package/x11r7/xserver_xorg-server/Config.in   2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/x11r7/xserver_xorg-server/Config.in     2017-07-27 08:16:52.017486944 +0200
@@ -114,7 +114,8 @@ config BR2_PACKAGE_XSERVER_XORG_SERVER_M
        select BR2_PACKAGE_LIBDRM if (BR2_PACKAGE_XPROTO_XF86DRIPROTO || \
                BR2_PACKAGE_XPROTO_DRI2PROTO)
        select BR2_PACKAGE_LIBPCIACCESS
-       select BR2_PACKAGE_XLIB_LIBXSHMFENCE if BR2_PACKAGE_XPROTO_DRI3PROTO
+       select BR2_PACKAGE_XLIB_LIBXSHMFENCE if \
+               (BR2_PACKAGE_XPROTO_DRI3PROTO && BR2_TOOLCHAIN_HAS_SYNC_4)
        help
          This variant of the X.org server is the full-blown variant,
          as used by desktop GNU/Linux distributions. The drivers (for
diff -Naurp buildroot-2017.05-rc2/package/x11r7/xserver_xorg-server/xserver_xorg-server.mk buildroot-2017.05.2/package/x11r7/xserver_xorg-server/xserver_xorg-server.mk
--- buildroot-2017.05-rc2/package/x11r7/xserver_xorg-server/xserver_xorg-server.mk      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/x11r7/xserver_xorg-server/xserver_xorg-server.mk        2017-07-27 08:16:52.017486944 +0200
@@ -220,7 +220,7 @@ XSERVER_XORG_SERVER_CONF_OPTS += --enabl
 else
 XSERVER_XORG_SERVER_CONF_OPTS += --disable-dri2
 endif
-ifeq ($(BR2_PACKAGE_XPROTO_DRI3PROTO),y)
+ifeq ($(BR2_PACKAGE_XLIB_LIBXSHMFENCE)$(BR2_PACKAGE_XPROTO_DRI3PROTO),yy)
 XSERVER_XORG_SERVER_DEPENDENCIES += xlib_libxshmfence xproto_dri3proto
 XSERVER_XORG_SERVER_CONF_OPTS += --enable-dri3
 ifeq ($(BR2_PACKAGE_HAS_LIBGL)$(BR2_PACKAGE_LIBEPOXY),yy)
diff -Naurp buildroot-2017.05-rc2/package/x264/x264.mk buildroot-2017.05.2/package/x264/x264.mk
--- buildroot-2017.05-rc2/package/x264/x264.mk  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/x264/x264.mk    2017-07-27 08:16:52.017486944 +0200
@@ -10,7 +10,7 @@ X264_LICENSE = GPL-2.0+
 X264_DEPENDENCIES = host-pkgconf
 X264_LICENSE_FILES = COPYING
 X264_INSTALL_STAGING = YES
-X264_CONF_OPTS = --disable-avs
+X264_CONF_OPTS = --disable-avs --disable-lavf --disable-swscale
 
 ifeq ($(BR2_i386)$(BR2_x86_64),y)
 # yasm needed for assembly files
diff -Naurp buildroot-2017.05-rc2/package/x265/x265.mk buildroot-2017.05.2/package/x265/x265.mk
--- buildroot-2017.05-rc2/package/x265/x265.mk  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/x265/x265.mk    2017-07-27 08:16:52.017486944 +0200
@@ -16,6 +16,12 @@ ifeq ($(BR2_i386)$(BR2_x86_64),y)
 X265_DEPENDENCIES += host-yasm
 endif
 
+# disable altivec, it has build issues
+# https://bitbucket.org/multicoreware/x265/issues/320/
+ifeq ($(BR2_powerpc64)$(BR2_powerpc64le),y)
+X265_CONF_OPTS += -DENABLE_ALTIVEC=OFF
+endif
+
 ifeq ($(BR2_SHARED_LIBS)$(BR2_SHARED_STATIC_LIBS),y)
 X265_CONF_OPTS += -DENABLE_SHARED=ON -DENABLE_PIC=ON
 else
diff -Naurp buildroot-2017.05-rc2/package/xen/0007-tools-include-sys-sysmacros.h-on-Linux.patch buildroot-2017.05.2/package/xen/0007-tools-include-sys-sysmacros.h-on-Linux.patch
--- buildroot-2017.05-rc2/package/xen/0007-tools-include-sys-sysmacros.h-on-Linux.patch 1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/xen/0007-tools-include-sys-sysmacros.h-on-Linux.patch   2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,52 @@
+From 796dea37fb229c34740f98bf80f3263d7a4e3c6d Mon Sep 17 00:00:00 2001
+From: Olaf Hering <olaf@aepfle.de>
+Date: Wed, 15 Mar 2017 07:01:34 +0000
+Subject: [PATCH] tools: include sys/sysmacros.h on Linux
+
+Due to a bug in the glibc headers the macros makedev(), major() and
+minor() where available by including sys/types.h. This bug was
+addressed in glibc-2.25 by introducing a warning when these macros are
+used. Since Xen is build with -Werror this new warning cause a compile
+error.
+
+Use sys/sysmacros.h to define these three macros.
+
+blktap2 is already Linux specific. The kernel header which was used to
+get makedev() does not provided it anymore, and it was wrong to use a
+kernel header anyway.
+
+Signed-off-by: Olaf Hering <olaf@aepfle.de>
+Acked-by: Wei Liu <wei.liu2@citrix.com>
+Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
+---
+ tools/blktap2/control/tap-ctl-allocate.c | 1 +
+ tools/libxl/libxl_osdeps.h               | 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/tools/blktap2/control/tap-ctl-allocate.c b/tools/blktap2/control/tap-ctl-allocate.c
+index 8a6471e987..187cadcde7 100644
+--- a/tools/blktap2/control/tap-ctl-allocate.c
++++ b/tools/blktap2/control/tap-ctl-allocate.c
+@@ -33,6 +33,7 @@
+ #include <string.h>
+ #include <getopt.h>
+ #include <libgen.h>
++#include <sys/sysmacros.h>
+ #include <sys/stat.h>
+ #include <sys/types.h>
+ #include <sys/ioctl.h>
+diff --git a/tools/libxl/libxl_osdeps.h b/tools/libxl/libxl_osdeps.h
+index a40d62066b..de1d24ecae 100644
+--- a/tools/libxl/libxl_osdeps.h
++++ b/tools/libxl/libxl_osdeps.h
+@@ -39,6 +39,7 @@
+ #define SYSFS_PCI_DEV          "/sys/bus/pci/devices"
+ #define SYSFS_PCIBACK_DRIVER   "/sys/bus/pci/drivers/pciback"
+ #define NETBACK_NIC_NAME       "vif%u.%d"
++#include <sys/sysmacros.h>
+ #include <pty.h>
+ #include <uuid/uuid.h>
+ #elif defined(__sun__)
+-- 
+2.11.0
+
diff -Naurp buildroot-2017.05-rc2/package/xen/0008-arm-fix-build-with-gcc-7.patch buildroot-2017.05.2/package/xen/0008-arm-fix-build-with-gcc-7.patch
--- buildroot-2017.05-rc2/package/xen/0008-arm-fix-build-with-gcc-7.patch       1970-01-01 01:00:00.000000000 +0100
+++ buildroot-2017.05.2/package/xen/0008-arm-fix-build-with-gcc-7.patch 2017-07-27 08:16:52.017486944 +0200
@@ -0,0 +1,70 @@
+From 9d3011bd1cd29f8f3841bf1b64d5ead9ed1434e8 Mon Sep 17 00:00:00 2001
+From: Jan Beulich <jbeulich@suse.com>
+Date: Fri, 19 May 2017 10:12:08 +0200
+Subject: [PATCH] arm: fix build with gcc 7
+
+The compiler dislikes duplicate "const", and the ones it complains
+about look like they we in fact meant to be placed differently.
+
+Also fix array_access_okay() (just like on x86), despite the construct
+being unused on ARM: -Wint-in-bool-context, enabled by default in
+gcc 7, doesn't like multiplication in conditional operators. "Hide" it,
+at the risk of the next compiler version becoming smarter and
+recognizing even that. (The hope is that added smartness then would
+also better deal with legitimate cases like the one here.) The change
+could have been done in access_ok(), but I think we better keep it at
+the place the compiler is actually unhappy about.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Reviewed-by: Julien Grall <julien.grall@arm.com>
+Release-acked-by: Julien Grall <julien.grall@arm.com>
+Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
+---
+ xen/arch/arm/platforms/brcm.c      | 2 +-
+ xen/arch/arm/platforms/rcar2.c     | 2 +-
+ xen/include/asm-arm/guest_access.h | 3 ++-
+ 3 files changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/xen/arch/arm/platforms/brcm.c b/xen/arch/arm/platforms/brcm.c
+index 6d8b5b9175..d481b2c60f 100644
+--- a/xen/arch/arm/platforms/brcm.c
++++ b/xen/arch/arm/platforms/brcm.c
+@@ -271,7 +271,7 @@ static __init int brcm_init(void)
+     return brcm_populate_plat_regs();
+ }
+ 
+-static const char const *brcm_dt_compat[] __initconst =
++static const char *const brcm_dt_compat[] __initconst =
+ {
+     "brcm,bcm7445d0",
+     NULL
+diff --git a/xen/arch/arm/platforms/rcar2.c b/xen/arch/arm/platforms/rcar2.c
+index bb25751109..df0ac84709 100644
+--- a/xen/arch/arm/platforms/rcar2.c
++++ b/xen/arch/arm/platforms/rcar2.c
+@@ -46,7 +46,7 @@ static int __init rcar2_smp_init(void)
+     return 0;
+ }
+ 
+-static const char const *rcar2_dt_compat[] __initdata =
++static const char *const rcar2_dt_compat[] __initconst =
+ {
+     "renesas,lager",
+     NULL
+diff --git a/xen/include/asm-arm/guest_access.h b/xen/include/asm-arm/guest_access.h
+index 5876988b23..421bca5f36 100644
+--- a/xen/include/asm-arm/guest_access.h
++++ b/xen/include/asm-arm/guest_access.h
+@@ -8,7 +8,8 @@
+ #define access_ok(addr,size) (1)
+ 
+ #define array_access_ok(addr,count,size) \
+-    (likely(count < (~0UL/size)) && access_ok(addr,count*size))
++    (likely((count) < (~0UL / (size))) && \
++     access_ok(addr, 0 + (count) * (size)))
+ 
+ unsigned long raw_copy_to_guest(void *to, const void *from, unsigned len);
+ unsigned long raw_copy_to_guest_flush_dcache(void *to, const void *from,
+-- 
+2.11.0
+
diff -Naurp buildroot-2017.05-rc2/package/xen/xen.mk buildroot-2017.05.2/package/xen/xen.mk
--- buildroot-2017.05-rc2/package/xen/xen.mk    2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/xen/xen.mk      2017-07-27 08:16:52.017486944 +0200
@@ -8,7 +8,7 @@ XEN_VERSION = 4.8.1
 XEN_SITE = http://bits.xensource.com/oss-xen/release/$(XEN_VERSION)
 XEN_LICENSE = GPL-2.0
 XEN_LICENSE_FILES = COPYING
-XEN_DEPENDENCIES = host-python
+XEN_DEPENDENCIES = host-acpica host-python
 
 # Calculate XEN_ARCH
 ifeq ($(ARCH),aarch64)
diff -Naurp buildroot-2017.05-rc2/package/xvisor/Config.in buildroot-2017.05.2/package/xvisor/Config.in
--- buildroot-2017.05-rc2/package/xvisor/Config.in      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/xvisor/Config.in        2017-07-27 08:16:52.017486944 +0200
@@ -35,7 +35,7 @@ config BR2_PACKAGE_XVISOR_DEFCONFIG
        default "generic-v5" if BR2_ARM_CPU_ARMV5
        default "generic-v6" if BR2_ARM_CPU_ARMV6
        default "generic-v7" if BR2_ARM_CPU_ARMV7A
-       default "generic-v8" if BR2_AARCH64
+       default "generic-v8" if BR2_aarch64
        default "x86_64_generic" if BR2_x86_64
        depends on BR2_PACKAGE_XVISOR_USE_DEFCONFIG
        help
diff -Naurp buildroot-2017.05-rc2/package/xvisor/xvisor.mk buildroot-2017.05.2/package/xvisor/xvisor.mk
--- buildroot-2017.05-rc2/package/xvisor/xvisor.mk      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/package/xvisor/xvisor.mk        2017-07-27 08:16:52.017486944 +0200
@@ -26,8 +26,20 @@ XVISOR_KCONFIG_FILE = $(call qstrip,$(BR
 endif
 XVISOR_KCONFIG_EDITORS = menuconfig
 
+ifeq ($(BR2_x86_64),y)
+XVISOR_ARCH = x86
+else ifeq ($(BR2_arm)$(BR2_aarch64),y)
+XVISOR_ARCH = arm
+endif
+
+ifeq ($(BR2_PACKAGE_XVISOR)$(BR_BUILDING),yy)
+ifeq ($(XVISOR_ARCH),)
+$(error "Architecture not supported by XVisor")
+endif
+endif
+
 XVISOR_MAKE_ENV = \
-       ARCH=$(if $(BR2_x86_64),x86,$(BR2_ARCH)) \
+       ARCH=$(XVISOR_ARCH) \
        CROSS_COMPILE=$(TARGET_CROSS)
 
 XVISOR_MAKE_OPTS = $(if $(VERBOSE),VERBOSE=1)
diff -Naurp buildroot-2017.05-rc2/support/misc/Vagrantfile buildroot-2017.05.2/support/misc/Vagrantfile
--- buildroot-2017.05-rc2/support/misc/Vagrantfile      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/support/misc/Vagrantfile        2017-07-27 08:16:52.017486944 +0200
@@ -5,7 +5,7 @@
 ################################################################################
 
 # Buildroot version to use
-RELEASE='2017.02'
+RELEASE='2017.05'
 
 ### Change here for more memory/cores ###
 VM_MEMORY=2048
diff -Naurp buildroot-2017.05-rc2/support/scripts/mkusers buildroot-2017.05.2/support/scripts/mkusers
--- buildroot-2017.05-rc2/support/scripts/mkusers       2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/support/scripts/mkusers 2017-07-27 08:16:52.017486944 +0200
@@ -219,12 +219,12 @@ add_one_group() {
     fi
 
     # Remove any previous instance of this group, and re-add the new one
-    sed -i -e '/^'"${group}"':.*/d;' "${GROUP}"
+    sed -i --follow-symlinks -e '/^'"${group}"':.*/d;' "${GROUP}"
     printf "%s:x:%d:\n" "${group}" "${gid}" >>"${GROUP}"
 
     # Ditto for /etc/gshadow if it exists
     if [ -f "${GSHADOW}" ]; then
-        sed -i -e '/^'"${group}"':.*/d;' "${GSHADOW}"
+        sed -i --follow-symlinks -e '/^'"${group}"':.*/d;' "${GSHADOW}"
         printf "%s:*::\n" "${group}" >>"${GSHADOW}"
     fi
 }
@@ -263,7 +263,8 @@ add_user_to_group() {
 
     for _f in "${GROUP}" "${GSHADOW}"; do
         [ -f "${_f}" ] || continue
-        sed -r -i -e 's/^('"${group}"':.*:)(([^:]+,)?)'"${username}"'(,[^:]+*)?$/\1\2\4/;'  \
+        sed -r -i --follow-symlinks \
+                  -e 's/^('"${group}"':.*:)(([^:]+,)?)'"${username}"'(,[^:]+*)?$/\1\2\4/;'  \
                   -e 's/^('"${group}"':.*)$/\1,'"${username}"'/;'                           \
                   -e 's/,+/,/'                                                              \
                   -e 's/:,/:/'                                                              \
@@ -303,7 +304,7 @@ add_one_user() {
 
     # Remove any previous instance of this user
     for _f in "${PASSWD}" "${SHADOW}"; do
-        sed -r -i -e '/^'"${username}"':.*/d;' "${_f}"
+        sed -r -i --follow-symlinks -e '/^'"${username}"':.*/d;' "${_f}"
     done
 
     _gid="$( get_gid "${group}" )"
diff -Naurp buildroot-2017.05-rc2/support/scripts/scancpan buildroot-2017.05.2/support/scripts/scancpan
--- buildroot-2017.05-rc2/support/scripts/scancpan      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/support/scripts/scancpan        2017-07-27 08:16:52.017486944 +0200
@@ -521,7 +521,7 @@ my %deps_runtime;       # name -> list o
 my %deps_optional;      # name -> list of optional target dependencies
 my %license_files;      # name -> list of license files
 my %checksum;           # author -> list of checksum
-my $mcpan = MetaCPAN::API::Tiny->new();
+my $mcpan = MetaCPAN::API::Tiny->new(base_url => 'http://fastapi.metacpan.org/v1');
 my $ua = HTTP::Tiny->new();
 
 sub get_checksum {
@@ -538,7 +538,7 @@ sub get_checksum {
 
 sub get_manifest {
     my ($author, $distname, $version) = @_;
-    my $url = qq{http://api.metacpan.org/source/${author}/${distname}-${version}/MANIFEST};
+    my $url = qq{http://fastapi.metacpan.org/source/${author}/${distname}-${version}/MANIFEST};
     my $response = $ua->get($url);
     return $response->{content};
 }
diff -Naurp buildroot-2017.05-rc2/support/scripts/setlocalversion buildroot-2017.05.2/support/scripts/setlocalversion
--- buildroot-2017.05-rc2/support/scripts/setlocalversion       2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/support/scripts/setlocalversion 2017-07-27 08:16:52.017486944 +0200
@@ -54,7 +54,7 @@ fi
 
 # Check for mercurial and a mercurial repo.
 if hgid=`hg id 2>/dev/null`; then
-       tag=`printf '%s' "$hgid" | cut -d' ' -f2`
+       tag=`printf '%s' "$hgid" | cut -d' ' -f2 --only-delimited`
 
        # Do we have an untagged version?
        if [ -z "$tag" -o "$tag" = tip ]; then
diff -Naurp buildroot-2017.05-rc2/support/testing/infra/builder.py buildroot-2017.05.2/support/testing/infra/builder.py
--- buildroot-2017.05-rc2/support/testing/infra/builder.py      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/support/testing/infra/builder.py        2017-07-27 08:16:52.017486944 +0200
@@ -8,16 +8,12 @@ class Builder(object):
     def __init__(self, config, builddir, logtofile):
         self.config = config
         self.builddir = builddir
-        self.logtofile = logtofile
+        self.logfile = infra.open_log_file(builddir, "build", logtofile)
 
     def build(self):
         if not os.path.isdir(self.builddir):
             os.makedirs(self.builddir)
 
-        log = "{}-build.log".format(self.builddir)
-        if not self.logtofile:
-            log = None
-
         config_file = os.path.join(self.builddir, ".config")
         with open(config_file, "w+") as cf:
             cf.write(self.config)
@@ -25,14 +21,12 @@ class Builder(object):
         cmd = ["make",
                "O={}".format(self.builddir),
                "olddefconfig"]
-        with infra.smart_open(log) as log_fh:
-            ret = subprocess.call(cmd, stdout=log_fh, stderr=log_fh)
+        ret = subprocess.call(cmd, stdout=self.logfile, stderr=self.logfile)
         if ret != 0:
             raise SystemError("Cannot olddefconfig")
 
         cmd = ["make", "-C", self.builddir]
-        with infra.smart_open(log) as log_fh:
-            ret = subprocess.call(cmd, stdout=log_fh, stderr=log_fh)
+        ret = subprocess.call(cmd, stdout=self.logfile, stderr=self.logfile)
         if ret != 0:
             raise SystemError("Build failed")
 
diff -Naurp buildroot-2017.05-rc2/support/testing/infra/emulator.py buildroot-2017.05.2/support/testing/infra/emulator.py
--- buildroot-2017.05-rc2/support/testing/infra/emulator.py     2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/support/testing/infra/emulator.py       2017-07-27 08:16:52.017486944 +0200
@@ -14,9 +14,7 @@ class Emulator(object):
         self.__tn = None
         self.downloaddir = downloaddir
         self.log = ""
-        self.log_file = "{}-run.log".format(builddir)
-        if logtofile is None:
-            self.log_file = None
+        self.logfile = infra.open_log_file(builddir, "run", logtofile)
 
     # Start Qemu to boot the system
     #
@@ -72,9 +70,8 @@ class Emulator(object):
         if kernel_cmdline:
             qemu_cmd += ["-append", " ".join(kernel_cmdline)]
 
-        with infra.smart_open(self.log_file) as lfh:
-            lfh.write("> starting qemu with '%s'\n" % " ".join(qemu_cmd))
-            self.qemu = subprocess.Popen(qemu_cmd, stdout=lfh, stderr=lfh)
+        self.logfile.write("> starting qemu with '%s'\n" % " ".join(qemu_cmd))
+        self.qemu = subprocess.Popen(qemu_cmd, stdout=self.logfile, stderr=self.logfile)
 
         # Wait for the telnet port to appear and connect to it.
         while True:
@@ -88,8 +85,7 @@ class Emulator(object):
     def __read_until(self, waitstr, timeout=5):
         data = self.__tn.read_until(waitstr, timeout)
         self.log += data
-        with infra.smart_open(self.log_file) as lfh:
-            lfh.write(data)
+        self.logfile.write(data)
         return data
 
     def __write(self, wstr):
@@ -100,8 +96,7 @@ class Emulator(object):
     def login(self, password=None):
         self.__read_until("buildroot login:", 10)
         if "buildroot login:" not in self.log:
-            with infra.smart_open(self.log_file) as lfh:
-                lfh.write("==> System does not boot")
+            self.logfile.write("==> System does not boot")
             raise SystemError("System does not boot")
 
         self.__write("root\n")
diff -Naurp buildroot-2017.05-rc2/support/testing/infra/__init__.py buildroot-2017.05.2/support/testing/infra/__init__.py
--- buildroot-2017.05-rc2/support/testing/infra/__init__.py     2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/support/testing/infra/__init__.py       2017-07-27 08:16:52.017486944 +0200
@@ -8,24 +8,17 @@ from urllib2 import urlopen, HTTPError,
 
 ARTIFACTS_URL = "http://autobuild.buildroot.net/artefacts/"
 
-@contextlib.contextmanager
-def smart_open(filename=None):
+def open_log_file(builddir, stage, logtofile=True):
     """
-    Return a file-like object that can be written to using the 'with'
-    keyword, as in the example:
-    with infra.smart_open("test.log") as outfile:
-       outfile.write("Hello, world!\n")
+    Open a file for logging and return its handler.
+    If logtofile is True, returns sys.stdout. Otherwise opens a file
+    with a suitable name in the build directory.
     """
-    if filename and filename != '-':
-        fhandle = open(filename, 'a+')
+    if logtofile:
+        fhandle = open("{}-{}.log".format(builddir, stage), 'a+')
     else:
         fhandle = sys.stdout
-
-    try:
-        yield fhandle
-    finally:
-        if fhandle is not sys.stdout:
-            fhandle.close()
+    return fhandle
 
 def filepath(relpath):
     return os.path.join(os.getcwd(), "support/testing", relpath)
@@ -77,6 +70,16 @@ def get_file_arch(builddir, prefix, fpat
     return get_elf_arch_tag(builddir, prefix, fpath, "Tag_CPU_arch")
 
 def get_elf_prog_interpreter(builddir, prefix, fpath):
+    """
+    Runs the cross readelf on 'fpath' to extract the program interpreter
+    name and returns it.
+    Example:
+    >>> get_elf_prog_interpreter('br-tests/TestExternalToolchainLinaroArm',
+                                 'arm-linux-gnueabihf',
+                                 'bin/busybox')
+    /lib/ld-linux-armhf.so.3
+    >>>
+    """
     cmd = ["host/usr/bin/{}-readelf".format(prefix),
            "-l", os.path.join("target", fpath)]
     out = subprocess.check_output(cmd, cwd=builddir, env={"LANG": "C"})
diff -Naurp buildroot-2017.05-rc2/support/testing/run-tests buildroot-2017.05.2/support/testing/run-tests
--- buildroot-2017.05-rc2/support/testing/run-tests     2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/support/testing/run-tests       2017-07-27 08:16:52.017486944 +0200
@@ -10,17 +10,17 @@ def main():
     parser = argparse.ArgumentParser(description='Run Buildroot tests')
     parser.add_argument('testname', nargs='*',
                         help='list of test cases to execute')
-    parser.add_argument('--list', '-l', action='store_true',
+    parser.add_argument('-l', '--list', action='store_true',
                         help='list of available test cases')
-    parser.add_argument('--all', '-a', action='store_true',
+    parser.add_argument('-a', '--all', action='store_true',
                         help='execute all test cases')
-    parser.add_argument('--stdout', '-s', action='store_true',
+    parser.add_argument('-s', '--stdout', action='store_true',
                         help='log everything to stdout')
-    parser.add_argument('--output', '-o',
+    parser.add_argument('-o', '--output',
                         help='output directory')
-    parser.add_argument('--download', '-d',
+    parser.add_argument('-d', '--download',
                         help='download directory')
-    parser.add_argument('--keep', '-k',
+    parser.add_argument('-k', '--keep',
                         help='keep build directories',
                         action='store_true')
 
diff -Naurp buildroot-2017.05-rc2/support/testing/tests/fs/test_ext.py buildroot-2017.05.2/support/testing/tests/fs/test_ext.py
--- buildroot-2017.05-rc2/support/testing/tests/fs/test_ext.py  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/support/testing/tests/fs/test_ext.py    2017-07-27 08:16:52.017486944 +0200
@@ -21,10 +21,10 @@ def dumpe2fs_run(builddir, image):
     return ret.strip().splitlines()
 
 def dumpe2fs_getprop(out, prop):
-    for lines in out:
-        lines = lines.split(": ")
-        if lines[0] == prop:
-            return lines[1].strip()
+    for line in out:
+        fields = line.split(": ")
+        if fields[0] == prop:
+            return fields[1].strip()
 
 def boot_img_and_check_fs_type(emulator, builddir, fs_type):
     img = os.path.join(builddir, "images", "rootfs.{}".format(fs_type))
@@ -86,6 +86,7 @@ BR2_TARGET_ROOTFS_EXT2_3=y
         out = dumpe2fs_run(self.builddir, "rootfs.ext3")
         self.assertEqual(dumpe2fs_getprop(out, REVISION_PROP), "1 (dynamic)")
         self.assertIn("has_journal", dumpe2fs_getprop(out, FEATURES_PROP))
+        self.assertNotIn("extent", dumpe2fs_getprop(out, FEATURES_PROP))
 
         exit_code = boot_img_and_check_fs_type(self.emulator,
                                                self.builddir, "ext3")
diff -Naurp buildroot-2017.05-rc2/support/testing/tests/toolchain/test_external.py buildroot-2017.05.2/support/testing/tests/toolchain/test_external.py
--- buildroot-2017.05-rc2/support/testing/tests/toolchain/test_external.py      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/support/testing/tests/toolchain/test_external.py        2017-07-27 08:16:52.017486944 +0200
@@ -7,7 +7,7 @@ BR2_TARGET_ROOTFS_CPIO=y
 # BR2_TARGET_ROOTFS_TAR is not set
 """
 
-def check_broken_links(path):
+def has_broken_links(path):
     for root, dirs, files in os.walk(path):
         for f in files:
             fpath = os.path.join(root, f)
@@ -20,9 +20,9 @@ class TestExternalToolchain(infra.basete
         # Check for broken symlinks
         for d in ["lib", "usr/lib"]:
             path = os.path.join(self.builddir, "staging", d)
-            self.assertFalse(check_broken_links(path))
+            self.assertFalse(has_broken_links(path))
             path = os.path.join(self.builddir, "target", d)
-            self.assertFalse(check_broken_links(path))
+            self.assertFalse(has_broken_links(path))
 
         interp = infra.get_elf_prog_interpreter(self.builddir,
                                                 self.toolchain_prefix,
diff -Naurp buildroot-2017.05-rc2/toolchain/Config.in buildroot-2017.05.2/toolchain/Config.in
--- buildroot-2017.05-rc2/toolchain/Config.in   2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/toolchain/Config.in     2017-07-27 08:16:52.017486944 +0200
@@ -28,7 +28,7 @@ config BR2_TOOLCHAIN_USES_MUSL
        select BR2_TOOLCHAIN_HAS_THREADS
        select BR2_TOOLCHAIN_HAS_THREADS_DEBUG
        select BR2_TOOLCHAIN_HAS_THREADS_NPTL
-       select BR2_TOOLCHAIN_SUPPORTS_PIE
+       select BR2_TOOLCHAIN_SUPPORTS_PIE if !BR2_STATIC_LIBS
 
 choice
        prompt "Toolchain type"
diff -Naurp buildroot-2017.05-rc2/toolchain/toolchain/toolchain.mk buildroot-2017.05.2/toolchain/toolchain/toolchain.mk
--- buildroot-2017.05-rc2/toolchain/toolchain/toolchain.mk      2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/toolchain/toolchain/toolchain.mk        2017-07-27 08:16:52.017486944 +0200
@@ -21,8 +21,10 @@ TOOLCHAIN_ADD_TOOLCHAIN_DEPENDENCY = NO
 # IFF_DORMANT and IFF_ECHO, add another macro to suppress them in the
 # kernel header, and avoid macro/enum conflict.
 #
+# Kernel version 3.12 introduced the libc-compat.h header.
+#
 # [1] http://www.openwall.com/lists/musl/2015/10/08/2
-ifeq ($(BR2_TOOLCHAIN_USES_MUSL),y)
+ifeq ($(BR2_TOOLCHAIN_USES_MUSL)$(BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_12),yy)
 define TOOLCHAIN_MUSL_KERNEL_HEADERS_COMPATIBILITY_HACK
        $(SED) 's/^#if defined(__GLIBC__)$$/#if 1/' \
                $(STAGING_DIR)/usr/include/linux/libc-compat.h
diff -Naurp buildroot-2017.05-rc2/toolchain/toolchain-common.in buildroot-2017.05.2/toolchain/toolchain-common.in
--- buildroot-2017.05-rc2/toolchain/toolchain-common.in 2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/toolchain/toolchain-common.in   2017-07-27 08:16:52.017486944 +0200
@@ -7,6 +7,11 @@ source "package/gdb/Config.in.host"
 
 comment "Toolchain Generic Options"
 
+# https://sourceware.org/bugzilla/show_bug.cgi?id=19615
+# Affect toolchains built with binutils 2.26 (fixed in binutils 2.26.1).
+config BR2_TOOLCHAIN_HAS_BINUTILS_BUG_19615
+       bool
+
 # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64735
 # exception_ptr, nested_exception, and future from libstdc++ are not
 # available for architectures not supporting always lock-free atomic
diff -Naurp buildroot-2017.05-rc2/toolchain/toolchain-external/pkg-toolchain-external.mk buildroot-2017.05.2/toolchain/toolchain-external/pkg-toolchain-external.mk
--- buildroot-2017.05-rc2/toolchain/toolchain-external/pkg-toolchain-external.mk        2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/toolchain/toolchain-external/pkg-toolchain-external.mk  2017-07-27 08:16:52.017486944 +0200
@@ -476,11 +476,13 @@ endef
 # With the musl C library, the libc.so library directly plays the role
 # of the dynamic library loader. We just need to create a symbolic
 # link to libc.so with the appropriate name.
-ifeq ($(BR2_TOOLCHAIN_EXTERNAL_MUSL),y)
+ifeq ($(BR2_TOOLCHAIN_EXTERNAL_MUSL):$(BR2_STATIC_LIBS),y:)
 ifeq ($(BR2_i386),y)
 MUSL_ARCH = i386
 else ifeq ($(BR2_ARM_EABIHF),y)
 MUSL_ARCH = armhf
+else ifeq ($(BR2_mips):$(BR2_SOFT_FLOAT),y:y)
+MUSL_ARCH = mips-sf
 else ifeq ($(BR2_mipsel):$(BR2_SOFT_FLOAT),y:y)
 MUSL_ARCH = mipsel-sf
 else ifeq ($(BR2_sh),y)
diff -Naurp buildroot-2017.05-rc2/toolchain/toolchain-external/toolchain-external-codesourcery-amd64/Config.in buildroot-2017.05.2/toolchain/toolchain-external/toolchain-external-codesourcery-amd64/Config.in
--- buildroot-2017.05-rc2/toolchain/toolchain-external/toolchain-external-codesourcery-amd64/Config.in  2017-05-17 10:27:16.013401440 +0200
+++ buildroot-2017.05.2/toolchain/toolchain-external/toolchain-external-codesourcery-amd64/Config.in    2017-07-27 08:16:52.017486944 +0200
@@ -11,6 +11,7 @@ config BR2_TOOLCHAIN_EXTERNAL_CODESOURCE
        select BR2_HOSTARCH_NEEDS_IA32_LIBS
        select BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_7
        select BR2_TOOLCHAIN_GCC_AT_LEAST_6
+       select BR2_TOOLCHAIN_HAS_BINUTILS_BUG_19615 # based-on binutils-2.26
        help
          Sourcery CodeBench toolchain for the amd64 (x86_64)
          architectures, from Mentor Graphics. It uses gcc 6.2,