Update for 2021.05.1

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/ruby: fix RUBY_VERSION_EXT
2021-08-10 09:32:54 +02:00 · 2021-08-09 22:14:42 +02:00 · 2021-08-08 22:50:28 +02:00 · 2021-08-08 22:49:08 +02:00 · 2021-08-08 22:49:05 +02:00 · 2021-08-08 21:46:59 +02:00
323 changed files with 4197 additions and 1250 deletions
--- a/52
+++ b/52
@@ -1,3 +1,55 @@
+2021.05.1, released August 10, 2021
+
+	Important / security related fixes.
+
+	Toolchain: Disable PIC/PIE for Microblaze (like for NIOS II)
+	as it is not currently working.
+
+	binutils: fix linker assert failure on OpenRisc, or1k build
+	issue with gcc < 5
+
+	gdb: Enable on NIOS II
+
+	utils/scanpypi: Various improvements
+
+	Defconfigs: stm32f469_disco: Fix kernel boot issue, Microchip
+	sam9x60ek mmc_dev: Add missing toolchain/system options
+
+	Updated/fixed packages: arm-trusted-firmware, apache, audit,
+	avahi, bind, binutils, bird, bluez5_utils, boinc, busybox,
+	chrony, clamav, connman, cryptsetup, dnsmasq, docker-cli,
+	docker-engine, dovecot, dovecot-pigeonhole, e2fsprogs, exiv2,
+	fail2ban, fb-test-app, feh, fetchmail, ffmpeg, flac, fluxbox,
+	gawk, gcc, gcr, gdb, gdk-pixbuf, gesftpserver, glibc, go,
+	gptfdisk, gqrx, granite, grub2, guile, hdparm, heirloom-mailx,
+	htop, ibrcommon, ibrdtn, ibrdtn-tools, ibrdtnd,
+	intel-microcode, iodine, irqbalance, keepalived, kexec-tools,
+	libass, libconfig, libcurl, libfreeimage, libfuse3, libgcrypt,
+	libgudev, libhtp, libinput, libjson, libgtk3, libkrb5,
+	libloki, libmodsecurity, libndp, libnetfilter-log,
+	libnfnetlink, libnice, libodb, libodb-boost, libodb-mysql,
+	libodb-pgsql, libpcap, libqmi, libqrtr-glib, libressl,
+	librsvg, libtasn1, libtirpc, libuci, libxmlrpc,
+	linux-firmware, linuxptp, lrzsz, lvm2, mariadb, mesa3d,
+	mbedtls, monit, mono, mosquitto, mpd, mpg123, mpv, nbd,
+	netsnmp, nettle, nmap, nodejs, ntp, openntpd, openpgm,
+	openswan, pango, pcre2, perl-crypt-openssl-rsa, php, pixman,
+	postgresql, proxychains-ng, putty, python,
+	python-dataproperty, python-django, python-pysftp,
+	python-urllib3, python3, qpdf, redis, ripgrep, rsync, ruby,
+	samba4, sane-backends, slirp, spice, squid, suricata, tcpdump,
+	tftpd, thrift, tor, tpm2-tools, trinity, uboot, uboot-tools,
+	uclibc, vlc, wireless-regdb, wireshark, wolfssl,
+	xapp_fonttosfnt, xlib_libX11, xlib_libxshmfence,
+	xserver_xorg-server
+
+	Issues resolved (http://bugs.uclibc.org):
+
+	#13586: grub failure with BR2_OPTIMIZE_3
+	#13661: host-python2 build fails on aarch64
+	#13836: package build failure when target install set to no..
+	#13846: BR2_PACKAGE_LVM2_STANDARD_INSTALL should be default to..
+
 2021.05, released June 6th, 2021

 	Various fixes.
--- a/Config.in
+++ b/Config.in
@@ -713,11 +713,18 @@ endmenu

 comment "Security Hardening Options"

+config BR2_PIC_PIE_ARCH_SUPPORTS
+	bool
+	default y
+	# Microblaze glibc toolchains don't work with PIC/PIE enabled
+	depends on !BR2_microblaze
+	# Nios2 toolchains produce non working binaries with -fPIC
+	depends on !BR2_nios2
+
 config BR2_PIC_PIE
 	bool "Build code with PIC/PIE"
 	default y
-	# Nios2 toolchains produce non working binaries with -fPIC
-	depends on !BR2_nios2
+	depends on BR2_PIC_PIE_ARCH_SUPPORTS
 	depends on BR2_SHARED_LIBS
 	depends on BR2_TOOLCHAIN_SUPPORTS_PIE
 	help
@@ -725,7 +732,7 @@ config BR2_PIC_PIE
 	  Position-Independent Executables (PIE).

 comment "PIC/PIE needs a toolchain w/ PIE"
-	depends on !BR2_nios2
+	depends on BR2_PIC_PIE_ARCH_SUPPORTS
 	depends on BR2_SHARED_LIBS
 	depends on !BR2_TOOLCHAIN_SUPPORTS_PIE

@@ -816,7 +823,7 @@ config BR2_RELRO_PARTIAL

 config BR2_RELRO_FULL
 	bool "Full"
-	depends on !BR2_nios2 # BR2_PIC_PIE
+	depends on BR2_PIC_PIE_ARCH_SUPPORTS
 	depends on BR2_TOOLCHAIN_SUPPORTS_PIE
 	select BR2_PIC_PIE
 	help
@@ -825,7 +832,7 @@ config BR2_RELRO_FULL
 	  program loading, i.e every time an executable is started.

 comment "RELRO Full needs a toolchain w/ PIE"
-	depends on !BR2_nios2
+	depends on BR2_PIC_PIE_ARCH_SUPPORTS
 	depends on !BR2_TOOLCHAIN_SUPPORTS_PIE

 endchoice
--- a/23
+++ b/23
@@ -123,10 +123,7 @@ F:	package/python-docopt/
 N:	Anders Darander <anders@chargestorm.se>
 F:	package/ktap/

-N:	André Hentschel <nerv@dawncrow.de>
-F:	board/freescale/imx8qxpmek/
-F:	configs/freescale_imx8qxpmek_defconfig
-F:	package/freescale-imx/imx-sc-firmware/
+N:	André Zwing <nerv@dawncrow.de>
 F:	package/libkrb5/
 F:	package/openal/
 F:	package/p7zip/
@@ -181,6 +178,9 @@ F:	package/sshguard/
 F:	package/sunwait/
 F:	package/sysdig/

+N:	Andy Shevchenko <andy.shevchenko@gmail.com>
+F:	package/fb-test-app/
+
 N:	Anisse Astier <anisse@astier.eu>
 F:	package/go/
 F:	package/nghttp2/
@@ -522,7 +522,7 @@ F:	package/rtl8821au/
 F:	package/runc/
 F:	package/tini/

-N:	Christophe Priouzeau <christophe.priouzeau@st.com>
+N:	Christophe Priouzeau <christophe.priouzeau@foss.st.com>
 F:	board/stmicroelectronics/stm32f429-disco/
 F:	board/stmicroelectronics/stm32f469-disco/
 F:	configs/stm32f429_disco_defconfig
@@ -1033,12 +1033,14 @@ F:	package/xapian/

 N:	Giulio Benetti <giulio.benetti@benettiengineering.com>
 F:	package/at/
+F:	package/libfuse3/
 F:	package/libnspr/
 F:	package/libnss/
 F:	package/minicom/
 F:	package/nfs-utils/
 F:	package/sunxi-mali-mainline/
 F:	package/sunxi-mali-mainline-driver/
+F:	package/udisks/

 N:	Gregory Dymarek <gregd72002@gmail.com>
 F:	package/ding-libs/
@@ -1249,11 +1251,6 @@ F:	package/sysrepo/
 N:	Jan Pedersen <jp@jp-embedded.com>
 F:	package/zip/

-N:	Jan Viktorin <viktorin@rehivetech.com>
-F:	package/python-pexpect/
-F:	package/python-ptyprocess/
-F:	package/zynq-boot-bin/
-
 N:	Jarkko Sakkinen <jarkko.sakkinen@intel.com>
 F:	package/quota/

@@ -2154,6 +2151,7 @@ F:	package/libtirpc/
 F:	package/linux-backports/
 F:	package/ltp-testsuite/
 F:	package/nfs-utils/
+F:	package/rpcbind/
 F:	support/kconfig/

 N:	Phil Eichinger <phil.eichinger@gmail.com>
@@ -2231,7 +2229,7 @@ F:	package/nanomsg/
 N:	Ramon Fried <rfried.dev@gmail.com>
 F:	package/bitwise/

-N:	Raphaël Mélotte <raphael.melotte@essensium.com>
+N:	Raphaël Mélotte <raphael.melotte@mind.be>
 F:	package/jbig2dec/
 F:	package/python-boto3/
 F:	package/python-botocore/
@@ -2754,9 +2752,6 @@ F:	package/casync/
 F:	package/gloox/
 F:	package/tpm2-pkcs11/

-N:	Yann CARDAILLAC <ycardaillac@sepro-group.com>
-F:	package/open62541/
-
 N:	Yann E. MORIN <yann.morin.1998@free.fr>
 F:	board/friendlyarm/nanopi-neo/
 F:	configs/friendlyarm_nanopi_neo_defconfig
--- a/5
+++ b/5
@@ -92,9 +92,9 @@ all:
 .PHONY: all

 # Set and export the version string
-export BR2_VERSION := 2021.05
+export BR2_VERSION := 2021.05.1
 # Actual time the release is cut (for reproducible builds)
-BR2_VERSION_EPOCH = 1623014000
+BR2_VERSION_EPOCH = 1628580000

 # Save running make version since it's clobbered by the make package
 RUNNING_MAKE_VERSION := $(MAKE_VERSION)
@@ -1151,6 +1151,7 @@ help:
 	@echo '  <pkg>-dirclean         - Remove <pkg> build directory'
 	@echo '  <pkg>-reconfigure      - Restart the build from the configure step'
 	@echo '  <pkg>-rebuild          - Restart the build from the build step'
+	@echo '  <pkg>-reinstall        - Restart the build from the install step'
 	$(foreach p,$(HELP_PACKAGES), \
 		@echo $(sep) \
 		@echo '$($(p)_NAME):' $(sep) \
--- a/board/stmicroelectronics/stm32f469-disco/extlinux.conf
+++ b/board/stmicroelectronics/stm32f469-disco/extlinux.conf
@@ -0,0 +1,4 @@
+label stm32f469-disco-buildroot
+  kernel /zImage
+  devicetree /stm32f469-disco.dtb
+  append console=ttySTM0,115200 root=/dev/mmcblk0p2 rw rootfstype=ext2 rootwait earlyprintk consoleblank=0 ignore_loglevel
--- a/board/stmicroelectronics/stm32f469-disco/flash.sh
+++ b/board/stmicroelectronics/stm32f469-disco/flash.sh
@@ -13,8 +13,6 @@ ${OUTPUT_DIR}/host/bin/openocd -f board/stm32f469discovery.cfg \
  -c "reset init" \
  -c "flash probe 0" \
  -c "flash info 0" \
-  -c "flash write_image erase ${OUTPUT_DIR}/images/stm32f469i-disco.bin 0x08000000" \
-  -c "flash write_image erase ${OUTPUT_DIR}/images/stm32f469-disco.dtb 0x08004000" \
-  -c "flash write_image erase ${OUTPUT_DIR}/images/xipImage 0x08008000" \
+  -c "flash write_image erase ${OUTPUT_DIR}/images/u-boot.bin 0x08000000" \
  -c "reset run" \
  -c "shutdown"
--- a/board/stmicroelectronics/stm32f469-disco/genimage.cfg
+++ b/board/stmicroelectronics/stm32f469-disco/genimage.cfg
@@ -0,0 +1,27 @@
+image boot.vfat {
+	vfat {
+		files = {
+			"zImage",
+			"stm32f469-disco.dtb",
+			"extlinux"
+		}
+	}
+	size = 16M
+}
+
+image sdcard.img {
+	hdimage {
+	}
+
+	partition u-boot {
+		partition-type = 0xC
+                image = "boot.vfat"
+	}
+
+	partition rootfs {
+		partition-type = 0x83
+		image = "rootfs.ext2"
+		size = 32M
+	}
+}
+
--- a/board/stmicroelectronics/stm32f469-disco/linux.fragment
+++ b/board/stmicroelectronics/stm32f469-disco/linux.fragment
@@ -0,0 +1 @@
+# CONFIG_XIP_KERNEL is not set
--- a/board/stmicroelectronics/stm32f469-disco/patches/linux/0001-ARM-stm32f249-disco-don-t-force-init-in-chosen-boota.patch
+++ b/board/stmicroelectronics/stm32f469-disco/patches/linux/0001-ARM-stm32f249-disco-don-t-force-init-in-chosen-boota.patch
@@ -1,33 +0,0 @@
-From c8f8f33c2f0460a34c9545b01a7972a7ed2df0e9 Mon Sep 17 00:00:00 2001
-From: Christophe Priouzeau <christophe.priouzeau@st.com>
-Date: Mon, 29 May 2017 13:38:16 +0200
-Subject: [PATCH] ARM: stm32f249-disco: don't force init= in /chosen/bootargs
-
-There is no reason to override the kernel's default init= value, as
-this breaks userspace that assumes the kernel default of /init is
-used. Since stm32 is often used with a minimal bootloader
-(afboot-stm32) that doesn't provide any mechanism to override the DTB,
-we need to adjust the kernel command line in the Device Tree source.
-
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
-Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
---
- arch/arm/boot/dts/stm32f469-disco.dts | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/arch/arm/boot/dts/stm32f469-disco.dts b/arch/arm/boot/dts/stm32f469-disco.dts
-index 0dd56ef..93ee1b2 100644
--- a/arch/arm/boot/dts/stm32f469-disco.dts
-+++ b/arch/arm/boot/dts/stm32f469-disco.dts
-@@ -53,7 +53,7 @@
- 	compatible = "st,stm32f469i-disco", "st,stm32f469";
- 
- 	chosen {
-		bootargs = "root=/dev/ram rdinit=/linuxrc";
-+		bootargs = "root=/dev/ram";
- 		stdout-path = "serial0:115200n8";
- 	};
- 
-- 
-2.7.4
-
--- a/board/stmicroelectronics/stm32f469-disco/post-build.sh
+++ b/board/stmicroelectronics/stm32f469-disco/post-build.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+BOARD_DIR="$(dirname $0)"
+
+install -m 0644 -D $BOARD_DIR/extlinux.conf $BINARIES_DIR/extlinux/extlinux.conf
--- a/board/stmicroelectronics/stm32f469-disco/readme.txt
+++ b/board/stmicroelectronics/stm32f469-disco/readme.txt
@@ -15,5 +15,17 @@ Flashing

  ./board/stmicroelectronics/stm32f469-disco/flash.sh output/

-It will flash the minimal bootloader, the Device Tree Blob, and the
-kernel image which includes the root filesystem as initramfs.
+It will flash the U-boot bootloader.
+
+Creating SD card
+----------------
+
+Buildroot prepares an"sdcard.img" image in the output/images/ directory,
+ready to be dumped on a SD card. Launch the following command as root:
+
+  dd if=output/images/sdcard.img of=/dev/<your-sd-device>
+
+*** WARNING! This will destroy all the card content. Use with care! ***
+
+For details about the medium image layout and its content, see the
+definition in board/stmicroelectronics/stm32f469-disco/genimage.cfg.
--- a/boot/arm-trusted-firmware/Config.in
+++ b/boot/arm-trusted-firmware/Config.in
@@ -175,4 +175,25 @@ config BR2_TARGET_ARM_TRUSTED_FIRMWARE_NEEDS_ARM32_TOOLCHAIN
 	  Select this option if your ATF board configuration requires
 	  an ARM32 bare metal toolchain to be available.

+config BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP
+	bool "Build with SSP"
+	default y
+	depends on BR2_TOOLCHAIN_HAS_SSP
+	depends on !BR2_SSP_NONE
+	help
+	  Say 'y' here if you want to build ATF with SSP.
+
+	  Your board must have SSP support in ATF: it must have an
+	  implementation for plat_get_stack_protector_canary().
+
+	  If you say 'y', the SSP level will be the level selected
+	  by the global SSP setting.
+
+config BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP_LEVEL
+	string
+	default "none"    if !BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP
+	default "default" if BR2_SSP_REGULAR
+	default "strong"  if BR2_SSP_STRONG
+	default "all"     if BR2_SSP_ALL
+
 endif
--- a/boot/arm-trusted-firmware/arm-trusted-firmware.mk
+++ b/boot/arm-trusted-firmware/arm-trusted-firmware.mk
@@ -51,7 +51,8 @@ endif
 ARM_TRUSTED_FIRMWARE_MAKE_OPTS += \
 	CROSS_COMPILE="$(TARGET_CROSS)" \
 	$(call qstrip,$(BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_VARIABLES)) \
-	PLAT=$(ARM_TRUSTED_FIRMWARE_PLATFORM)
+	PLAT=$(ARM_TRUSTED_FIRMWARE_PLATFORM) \
+	ENABLE_STACK_PROTECTOR=$(call qstrip,$(BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP_LEVEL))

 ifeq ($(BR2_ARM_CPU_ARMV7A),y)
 ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ARM_ARCH_MAJOR=7
@@ -100,14 +101,6 @@ ARM_TRUSTED_FIRMWARE_MAKE_OPTS += MV_DDR_PATH=$(MV_DDR_MARVELL_DIR)
 ARM_TRUSTED_FIRMWARE_DEPENDENCIES += mv-ddr-marvell
 endif

-ifeq ($(BR2_SSP_REGULAR),y)
-ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=default
-else ifeq ($(BR2_SSP_STRONG),y)
-ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=strong
-else ifeq ($(BR2_SSP_ALL),y)
-ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=all
-endif
-
 ARM_TRUSTED_FIRMWARE_MAKE_TARGETS = all

 ifeq ($(BR2_TARGET_ARM_TRUSTED_FIRMWARE_FIP),y)
--- a/boot/grub2/grub2.mk
+++ b/boot/grub2/grub2.mk
@@ -118,9 +118,11 @@ HOST_GRUB2_CONF_ENV = \
 GRUB2_CONF_ENV = \
 	CPP="$(TARGET_CC) -E" \
 	TARGET_CC="$(TARGET_CC)" \
-	TARGET_CFLAGS="$(TARGET_CFLAGS)" \
-	TARGET_CPPFLAGS="$(TARGET_CPPFLAGS) -fno-stack-protector" \
-	TARGET_LDFLAGS="$(TARGET_LDFLAGS)" \
+	CFLAGS="$(TARGET_CFLAGS) -Os" \
+	TARGET_CFLAGS="$(TARGET_CFLAGS) -Os" \
+	CPPFLAGS="$(TARGET_CPPFLAGS) -Os -fno-stack-protector" \
+	TARGET_CPPFLAGS="$(TARGET_CPPFLAGS) -Os -fno-stack-protector" \
+	TARGET_LDFLAGS="$(TARGET_LDFLAGS) -Os" \
 	TARGET_NM="$(TARGET_NM)" \
 	TARGET_OBJCOPY="$(TARGET_OBJCOPY)" \
 	TARGET_STRIP="$(TARGET_CROSS)strip"
--- a/boot/uboot/uboot.mk
+++ b/boot/uboot/uboot.mk
@@ -17,7 +17,7 @@ UBOOT_CPE_ID_PRODUCT = u-boot
 UBOOT_INSTALL_IMAGES = YES

 # u-boot 2020.01+ needs make 4.0+
-UBOOT_DEPENDENCIES = $(BR2_MAKE_HOST_DEPENDENCY)
+UBOOT_DEPENDENCIES = host-pkgconf $(BR2_MAKE_HOST_DEPENDENCY)
 UBOOT_MAKE = $(BR2_MAKE)

 ifeq ($(UBOOT_VERSION),custom)
@@ -307,6 +307,11 @@ define UBOOT_BUILD_CMDS
 		cp -f $(UBOOT_CUSTOM_DTS_PATH) $(@D)/arch/$(UBOOT_ARCH)/dts/
 	)
 	$(TARGET_CONFIGURE_OPTS) \
+		PKG_CONFIG="$(PKG_CONFIG_HOST_BINARY)" \
+		PKG_CONFIG_SYSROOT_DIR="/" \
+		PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1 \
+		PKG_CONFIG_ALLOW_SYSTEM_LIBS=1 \
+		PKG_CONFIG_LIBDIR="$(HOST_DIR)/lib/pkgconfig:$(HOST_DIR)/share/pkgconfig" \
 		$(UBOOT_MAKE) -C $(@D) $(UBOOT_MAKE_OPTS) \
 		$(UBOOT_MAKE_TARGET)
 	$(if $(BR2_TARGET_UBOOT_FORMAT_SD),
--- a/configs/microchip_sam9x60ek_mmc_dev_defconfig
+++ b/configs/microchip_sam9x60ek_mmc_dev_defconfig
@@ -1,6 +1,10 @@
 BR2_arm=y
 BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_4=y
+BR2_TOOLCHAIN_BUILDROOT_WCHAR=y
+BR2_PTHREAD_DEBUG=y
+BR2_TOOLCHAIN_BUILDROOT_CXX=y
 BR2_TARGET_GENERIC_HOSTNAME="sam9x60ek"
+BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_EUDEV=y
 BR2_ROOTFS_POST_IMAGE_SCRIPT="support/scripts/genimage.sh"
 BR2_ROOTFS_POST_SCRIPT_ARGS="-c board/microchip/sam9x60ek_mmc/genimage.cfg"
 BR2_LINUX_KERNEL=y
--- a/configs/stm32f469_disco_defconfig
+++ b/configs/stm32f469_disco_defconfig
@@ -1,19 +1,25 @@
 BR2_arm=y
 BR2_cortex_m4=y
-BR2_GLOBAL_PATCH_DIR="board/stmicroelectronics/stm32f469-disco/patches"
-BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_11=y
-BR2_ROOTFS_POST_BUILD_SCRIPT="board/stmicroelectronics/common/stm32f4xx/stm32-post-build.sh"
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_12=y
+BR2_ROOTFS_POST_BUILD_SCRIPT="board/stmicroelectronics/common/stm32f4xx/stm32-post-build.sh board/stmicroelectronics/stm32f469-disco/post-build.sh"
+BR2_ROOTFS_POST_IMAGE_SCRIPT="support/scripts/genimage.sh"
+BR2_ROOTFS_POST_SCRIPT_ARGS="-c board/stmicroelectronics/stm32f469-disco/genimage.cfg"
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_VERSION=y
-BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.11"
+BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="5.12.11"
 BR2_LINUX_KERNEL_DEFCONFIG="stm32"
-BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="$(LINUX_DIR)/arch/arm/configs/dram_0x00000000.config"
+BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="$(LINUX_DIR)/arch/arm/configs/dram_0x00000000.config board/stmicroelectronics/stm32f469-disco/linux.fragment"
 BR2_LINUX_KERNEL_IMAGE_TARGET_CUSTOM=y
-BR2_LINUX_KERNEL_IMAGE_TARGET_NAME="xipImage"
+BR2_LINUX_KERNEL_IMAGE_TARGET_NAME="zImage"
 BR2_LINUX_KERNEL_DTS_SUPPORT=y
 BR2_LINUX_KERNEL_INTREE_DTS_NAME="stm32f469-disco"
 BR2_PACKAGE_BUSYBOX_CONFIG="package/busybox/busybox-minimal.config"
-BR2_TARGET_ROOTFS_INITRAMFS=y
+BR2_TARGET_ROOTFS_EXT2=y
+BR2_TARGET_ROOTFS_EXT2_SIZE="32M"
 # BR2_TARGET_ROOTFS_TAR is not set
-BR2_TARGET_AFBOOT_STM32=y
+BR2_TARGET_UBOOT=y
+BR2_TARGET_UBOOT_BOARD_DEFCONFIG="stm32f469-discovery"
+BR2_PACKAGE_HOST_DOSFSTOOLS=y
+BR2_PACKAGE_HOST_GENIMAGE=y
+BR2_PACKAGE_HOST_MTOOLS=y
 BR2_PACKAGE_HOST_OPENOCD=y
--- a/docs/manual/resources.txt
+++ b/docs/manual/resources.txt
@@ -21,11 +21,9 @@ http://lists.buildroot.org/mailman/listinfo/buildroot[mailing list info
 page].
 +
 Mails that are sent to the mailing list are also available in the
-http://lists.buildroot.org/pipermail/buildroot[mailing list archives] and
-via http://gmane.org[Gmane], at
-http://dir.gmane.org/gmane.comp.lib.uclibc.buildroot[+gmane.comp.lib.uclibc.buildroot+].
-Please search the mailing list archives before asking questions, since
-there is a good chance someone else has asked the same question before.
+mailing list archives, available through
+http://lists.buildroot.org/pipermail/buildroot[Mailman] or at
+https://lore.kernel.org/buildroot/[lore.kernel.org].

 IRC::
 +
@@ -34,7 +32,7 @@ hosted on https://www.oftc.net/WebChat/[OFTC]. It is a useful place to
 ask quick questions or discuss on certain topics.
 +
 When asking for help on IRC, share relevant logs or pieces of code
-using a code sharing website, such as http://code.bulix.org.
+using a code sharing website, such as https://paste.ack.tf/.
 +
 Note that for certain questions, posting to the mailing list may be
 better as it will reach more people, both developers and users.
--- a/linux/Config.in
+++ b/linux/Config.in
@@ -125,7 +125,7 @@ endif

 config BR2_LINUX_KERNEL_VERSION
 	string
-	default "5.12.4" if BR2_LINUX_KERNEL_LATEST_VERSION
+	default "5.12.19" if BR2_LINUX_KERNEL_LATEST_VERSION
 	default "4.19.182-cip45" if BR2_LINUX_KERNEL_LATEST_CIP_VERSION
 	default "4.19.165-cip41-rt18" if BR2_LINUX_KERNEL_LATEST_CIP_RT_VERSION
 	default BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE \
--- a/linux/linux.hash
+++ b/linux/linux.hash
@@ -1,13 +1,13 @@
 # From https://www.kernel.org/pub/linux/kernel/v5.x/sha256sums.asc
-sha256  5a60feee8492732a6aa8c46b9412563959945b4d7b0d27223f15ede2f84b6873  linux-5.12.4.tar.xz
-sha256  366ba5bb00be28b604aac630c4f64301063892f27353b299177c396af0ad877f  linux-5.11.21.tar.xz
-sha256  a8d5e3309dafc484eb70f94747a6efffa29a79bae651ae126333e913c00be077  linux-5.10.37.tar.xz
-sha256  71e7decf1e8149a8aed88d30df4f2a62a6c6b168111de6b261685ac7c0ecb2a0  linux-5.4.119.tar.xz
+sha256  e9381cd3525a02f5b895f74147e2440be443ecd45484c6c64075046bc6f94c73  linux-5.12.19.tar.xz
+sha256  11027c6114eb916edbcc37897226fb6263b2931911d2d5093550473ce1a57600  linux-5.11.22.tar.xz
+sha256  00bbaeaac17f82d9a6d93cbc42cafd39d3b2fa3a6087333503d2344fa5e3142d  linux-5.10.57.tar.xz
+sha256  0471d0ccb7953cdae7d235192588ac5d72344851969962676d1703e69084a37f  linux-5.4.139.tar.xz
 # From https://www.kernel.org/pub/linux/kernel/v4.x/sha256sums.asc
-sha256  6817ad26e1621bfad48d08b638f66c5933e89c7c8c00d43195b2e0ae260233eb  linux-4.4.268.tar.xz
-sha256  5b66f6ce0137fb8d81004bcf2f1e3cbe01c38aab74268656c4ba015c1ccd762a  linux-4.9.268.tar.xz
-sha256  1dc19361f6970bc94cc62be066702483db9cbd3d63f3089a8c90dabfced74369  linux-4.14.232.tar.xz
-sha256  6f9c2aee8553129d2bdbab646bbf7e88c2a5c38c0b1450f2e728831681bfc85d  linux-4.19.190.tar.xz
+sha256  4bdf66494be66a1da857f09b40b95026a0388e373fb01a206c60f67834746cb4  linux-4.4.279.tar.xz
+sha256  21edb57dea0fe04a51fcfb6d4e8c0c052787a20015bc74a0a0e63329601f2e07  linux-4.9.279.tar.xz
+sha256  7f235d454d703112e86574150652807f42abead92f3837da32ea86b4f148b371  linux-4.14.243.tar.xz
+sha256  f2827d0506622fcae0dae0bc72b2f016469210f50c2d3dd1bdd1211a813dca27  linux-4.19.202.tar.xz
 # Locally computed
 sha256  9f1de83c5c2bb582a33bd4ee892d45671901cd06af9dc159f0f499f1b5265b20  linux-cip-4.19.182-cip45.tar.gz
 sha256  0eeba6d6ecc45cf8f16458842b64d22e7064b9de9c31c11d1c395b08a47e3855  linux-cip-4.19.165-cip41-rt18.tar.gz
--- a/package/apache/apache.mk
+++ b/package/apache/apache.mk
@@ -11,6 +11,7 @@ APACHE_LICENSE = Apache-2.0
 APACHE_LICENSE_FILES = LICENSE
 APACHE_CPE_ID_VENDOR = apache
 APACHE_CPE_ID_PRODUCT = http_server
+APACHE_SELINUX_MODULES = apache
 # Needed for mod_php
 APACHE_INSTALL_STAGING = YES
 # We have a patch touching configure.in and Makefile.in,
--- a/package/audit/S02auditd
+++ b/package/audit/S02auditd
@@ -18,9 +18,9 @@ start(){

 	# Create dir to store log files in if one doesn't exist. Create
 	# the directory with SELinux permissions if possible
-	command -v matchpathcon >/dev/null 2>&1
+	command -v selabel_lookup >/dev/null 2>&1
 	if [ $? = 0 ]; then
-		mkdir -p /var/log/audit -Z `matchpathcon -n /var/log/audit`
+		mkdir -p /var/log/audit -Z `selabel_lookup -b file -k /var/log/audit`
 	else
 		mkdir -p /var/log/audit
 	fi
--- a/package/avahi/0001-Fix-NULL-pointer-crashes-from-175.patch
+++ b/package/avahi/0001-Fix-NULL-pointer-crashes-from-175.patch
@@ -0,0 +1,152 @@
+From 9d31939e55280a733d930b15ac9e4dda4497680c Mon Sep 17 00:00:00 2001
+From: Tommi Rantala <tommi.t.rantala@nokia.com>
+Date: Mon, 8 Feb 2021 11:04:43 +0200
+Subject: [PATCH] Fix NULL pointer crashes from #175
+
+avahi-daemon is crashing when running "ping .local".
+The crash is due to failing assertion from NULL pointer.
+Add missing NULL pointer checks to fix it.
+
+Introduced in #175 - merge commit 8f75a045709a780c8cf92a6a21e9d35b593bdecd
+
+[Retrieved from:
+https://github.com/lathiat/avahi/commit/9d31939e55280a733d930b15ac9e4dda4497680c]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ avahi-core/browse-dns-server.c   | 5 ++++-
+ avahi-core/browse-domain.c       | 5 ++++-
+ avahi-core/browse-service-type.c | 3 +++
+ avahi-core/browse-service.c      | 3 +++
+ avahi-core/browse.c              | 3 +++
+ avahi-core/resolve-address.c     | 5 ++++-
+ avahi-core/resolve-host-name.c   | 5 ++++-
+ avahi-core/resolve-service.c     | 5 ++++-
+ 8 files changed, 29 insertions(+), 5 deletions(-)
+
+diff --git a/avahi-core/browse-dns-server.c b/avahi-core/browse-dns-server.c
+index 049752e9..c2d914fa 100644
+--- a/avahi-core/browse-dns-server.c
+++ b/avahi-core/browse-dns-server.c
+@@ -343,7 +343,10 @@ AvahiSDNSServerBrowser *avahi_s_dns_server_browser_new(
+         AvahiSDNSServerBrowser* b;
+ 
+         b = avahi_s_dns_server_browser_prepare(server, interface, protocol, domain, type, aprotocol, flags, callback, userdata);
+        if (!b)
+            return NULL;
+
+         avahi_s_dns_server_browser_start(b);
+ 
+         return b;
+-}
+\ No newline at end of file
+}
+diff --git a/avahi-core/browse-domain.c b/avahi-core/browse-domain.c
+index f145d56a..06fa70c0 100644
+--- a/avahi-core/browse-domain.c
+++ b/avahi-core/browse-domain.c
+@@ -253,7 +253,10 @@ AvahiSDomainBrowser *avahi_s_domain_browser_new(
+         AvahiSDomainBrowser *b;
+ 
+         b = avahi_s_domain_browser_prepare(server, interface, protocol, domain, type, flags, callback, userdata);
+        if (!b)
+            return NULL;
+
+         avahi_s_domain_browser_start(b);
+ 
+         return b;
+-}
+\ No newline at end of file
+}
+diff --git a/avahi-core/browse-service-type.c b/avahi-core/browse-service-type.c
+index fdd22dcd..b1fc7af8 100644
+--- a/avahi-core/browse-service-type.c
+++ b/avahi-core/browse-service-type.c
+@@ -171,6 +171,9 @@ AvahiSServiceTypeBrowser *avahi_s_service_type_browser_new(
+         AvahiSServiceTypeBrowser *b;
+ 
+         b = avahi_s_service_type_browser_prepare(server, interface, protocol, domain, flags, callback, userdata);
+        if (!b)
+            return NULL;
+
+         avahi_s_service_type_browser_start(b);
+ 
+         return b;
+diff --git a/avahi-core/browse-service.c b/avahi-core/browse-service.c
+index 5531360c..63e0275a 100644
+--- a/avahi-core/browse-service.c
+++ b/avahi-core/browse-service.c
+@@ -184,6 +184,9 @@ AvahiSServiceBrowser *avahi_s_service_browser_new(
+         AvahiSServiceBrowser *b;
+ 
+         b = avahi_s_service_browser_prepare(server, interface, protocol, service_type, domain, flags, callback, userdata);
+        if (!b)
+            return NULL;
+
+         avahi_s_service_browser_start(b);
+ 
+         return b;
+diff --git a/avahi-core/browse.c b/avahi-core/browse.c
+index 2941e579..e8a915e9 100644
+--- a/avahi-core/browse.c
+++ b/avahi-core/browse.c
+@@ -634,6 +634,9 @@ AvahiSRecordBrowser *avahi_s_record_browser_new(
+         AvahiSRecordBrowser *b;
+ 
+         b = avahi_s_record_browser_prepare(server, interface, protocol, key, flags, callback, userdata);
+        if (!b)
+            return NULL;
+
+         avahi_s_record_browser_start_query(b);
+ 
+         return b;
+diff --git a/avahi-core/resolve-address.c b/avahi-core/resolve-address.c
+index ac0b29b1..e61dd242 100644
+--- a/avahi-core/resolve-address.c
+++ b/avahi-core/resolve-address.c
+@@ -286,7 +286,10 @@ AvahiSAddressResolver *avahi_s_address_resolver_new(
+         AvahiSAddressResolver *b;
+ 
+         b = avahi_s_address_resolver_prepare(server, interface, protocol, address, flags, callback, userdata);
+        if (!b)
+            return NULL;
+
+         avahi_s_address_resolver_start(b);
+ 
+         return b;
+-}
+\ No newline at end of file
+}
+diff --git a/avahi-core/resolve-host-name.c b/avahi-core/resolve-host-name.c
+index 808b0e72..4e8e5973 100644
+--- a/avahi-core/resolve-host-name.c
+++ b/avahi-core/resolve-host-name.c
+@@ -318,7 +318,10 @@ AvahiSHostNameResolver *avahi_s_host_name_resolver_new(
+         AvahiSHostNameResolver *b;
+ 
+         b = avahi_s_host_name_resolver_prepare(server, interface, protocol, host_name, aprotocol, flags, callback, userdata);
+        if (!b)
+            return NULL;
+
+         avahi_s_host_name_resolver_start(b);
+ 
+         return b;
+-}
+\ No newline at end of file
+}
+diff --git a/avahi-core/resolve-service.c b/avahi-core/resolve-service.c
+index 66bf3cae..43771763 100644
+--- a/avahi-core/resolve-service.c
+++ b/avahi-core/resolve-service.c
+@@ -519,7 +519,10 @@ AvahiSServiceResolver *avahi_s_service_resolver_new(
+         AvahiSServiceResolver *b;
+ 
+         b = avahi_s_service_resolver_prepare(server, interface, protocol, name, type, domain, aprotocol, flags, callback, userdata);
+        if (!b)
+            return NULL;
+
+         avahi_s_service_resolver_start(b);
+ 
+         return b;
+-}
+\ No newline at end of file
+}
--- a/package/avahi/avahi.mk
+++ b/package/avahi/avahi.mk
@@ -9,12 +9,16 @@ AVAHI_SITE = https://github.com/lathiat/avahi/releases/download/v$(AVAHI_VERSION
 AVAHI_LICENSE = LGPL-2.1+
 AVAHI_LICENSE_FILES = LICENSE
 AVAHI_CPE_ID_VENDOR = avahi
+AVAHI_SELINUX_MODULES = avahi
 AVAHI_INSTALL_STAGING = YES

 # CVE-2021-26720 is an issue in avahi-daemon-check-dns.sh, which is
 # part of the Debian packaging and not part of upstream avahi
 AVAHI_IGNORE_CVES += CVE-2021-26720

+# 0001-Fix-NULL-pointer-crashes-from-175.patch
+AVAHI_IGNORE_CVES += CVE-2021-36217
+
 AVAHI_CONF_ENV = \
 	avahi_cv_sys_cxx_works=yes \
 	DATADIRNAME=share
--- a/package/bind/bind.mk
+++ b/package/bind/bind.mk
@@ -13,6 +13,7 @@ BIND_CONFIG_SCRIPTS = bind9-config isc-config.sh
 BIND_LICENSE = MPL-2.0
 BIND_LICENSE_FILES = COPYRIGHT
 BIND_CPE_ID_VENDOR = isc
+BIND_SELINUX_MODULES = bind
 # Only applies to RHEL6.x with DNSSEC validation on
 BIND_IGNORE_CVES = CVE-2017-3139
 # Library CVE and not used by bind but used by ISC DHCP
--- a/package/binutils/2.32/0014-bfd-elf32-or1k-fix-building-with-gcc-version-5.patch
+++ b/package/binutils/2.32/0014-bfd-elf32-or1k-fix-building-with-gcc-version-5.patch
@@ -0,0 +1,50 @@
+From c3003947e4bad18faea4337fd2073feeb30ee078 Mon Sep 17 00:00:00 2001
+From: Giulio Benetti <giulio.benetti@benettiengineering.com>
+Date: Wed, 9 Jun 2021 17:28:27 +0200
+Subject: [PATCH] bfd/elf32-or1k: fix building with gcc version < 5
+
+Gcc version >= 5 has standard C mode not set to -std=gnu11, so if we use
+an old compiler(i.e. gcc 4.9) build fails on:
+```
+elf32-or1k.c:2251:3: error: 'for' loop initial declarations are only allowed in
+C99 or C11 mode
+    for (size_t i = 0; i < insn_count; i++)
+    ^
+```
+
+So let's declare `size_t i` at the top of the function instead of inside
+for loop.
+
+Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
+---
+ bfd/elf32-or1k.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/bfd/elf32-or1k.c b/bfd/elf32-or1k.c
+index 4ae7f324d33..32063ab0289 100644
+--- a/bfd/elf32-or1k.c
+++ b/bfd/elf32-or1k.c
+@@ -2244,9 +2244,10 @@ or1k_write_plt_entry (bfd *output_bfd, bfd_byte *contents, unsigned insnj,
+ {
+   unsigned nodelay = elf_elfheader (output_bfd)->e_flags & EF_OR1K_NODELAY;
+   unsigned output_insns[PLT_MAX_INSN_COUNT];
+  size_t i;
+ 
+   /* Copy instructions into the output buffer.  */
+-  for (size_t i = 0; i < insn_count; i++)
+  for (i = 0; i < insn_count; i++)
+     output_insns[i] = insns[i];
+ 
+   /* Honor the no-delay-slot setting.  */
+@@ -2277,7 +2278,7 @@ or1k_write_plt_entry (bfd *output_bfd, bfd_byte *contents, unsigned insnj,
+     }
+ 
+   /* Write out the output buffer.  */
+-  for (size_t i = 0; i < (insn_count+1); i++)
+  for (i = 0; i < (insn_count+1); i++)
+     bfd_put_32 (output_bfd, output_insns[i], contents + (i*4));
+ }
+ 
+-- 
+2.25.1
+
--- a/package/binutils/2.32/0015-or1k-fix-pc-relative-relocation-against-dynamic-on-P.patch
+++ b/package/binutils/2.32/0015-or1k-fix-pc-relative-relocation-against-dynamic-on-P.patch
@@ -0,0 +1,59 @@
+From 9af93e143a7fbdb75aa1ed37277f9250eb111628 Mon Sep 17 00:00:00 2001
+From: Giulio Benetti <giulio.benetti@benettiengineering.com>
+Date: Sat, 10 Jul 2021 17:57:34 +0200
+Subject: [PATCH] or1k: fix pc-relative relocation against dynamic on PC
+ relative 26 bit relocation
+
+When building openal we were seeing the assert failure:
+
+/home/buildroot/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/or1k-buildroot-linux-uclibc/9.3.0/../../../../or1k-buildroot-linux-uclibc/bin/ld: CMakeFiles/OpenAL.dir/al/source.cpp.o:
+pc-relative relocation against dynamic symbol alSourcePausev
+/home/buildroot/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/or1k-buildroot-linux-uclibc/9.3.0/../../../../or1k-buildroot-linux-uclibc/bin/ld: CMakeFiles/OpenAL.dir/al/source.cpp.o:
+pc-relative relocation against dynamic symbol alSourceStopv
+/home/buildroot/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/or1k-buildroot-linux-uclibc/9.3.0/../../../../or1k-buildroot-linux-uclibc/bin/ld: CMakeFiles/OpenAL.dir/al/source.cpp.o:
+pc-relative relocation against dynamic symbol alSourceRewindv
+/home/buildroot/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/or1k-buildroot-linux-uclibc/9.3.0/../../../../or1k-buildroot-linux-uclibc/bin/ld: CMakeFiles/OpenAL.dir/al/source.cpp.o:
+pc-relative relocation against dynamic symbol alSourcePlayv
+collect2: error: ld returned 1 exit status
+
+This happens because in R_OR1K_INSN_REL_26 case we can't reference local
+symbol as previously done but we need to make sure that calls to actual
+symbol always call the version of current object.
+
+bfd/Changelog:
+
+	* elf32-or1k.c (or1k_elf_relocate_section): use a separate entry
+	  in switch case R_OR1K_INSN_REL_26 where we need to check for
+	  !SYMBOL_CALLS_LOCAL() instead of !SYMBOL_REFERENCES_LOCAL().
+
+Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
+---
+ bfd/elf32-or1k.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/bfd/elf32-or1k.c b/bfd/elf32-or1k.c
+index 4ae7f324d33..4f9092539f5 100644
+--- a/bfd/elf32-or1k.c
+++ b/bfd/elf32-or1k.c
+@@ -1543,6 +1543,18 @@ or1k_elf_relocate_section (bfd *output_bfd,
+ 	  break;
+ 
+ 	case R_OR1K_INSN_REL_26:
+	  /* For a non-shared link, these will reference plt or call the
+	     version of actual object.  */
+	  if (bfd_link_pic (info) && !SYMBOL_CALLS_LOCAL (info, h))
+	    {
+	      _bfd_error_handler
+		(_("%pB: pc-relative relocation against dynamic symbol %s"),
+		 input_bfd, name);
+	      ret_val = FALSE;
+	      bfd_set_error (bfd_error_bad_value);
+	    }
+	  break;
+
+ 	case R_OR1K_PCREL_PG21:
+ 	case R_OR1K_LO13:
+ 	case R_OR1K_SLO13:
+-- 
+2.25.1
+
--- a/package/binutils/2.34/0007-bfd-elf32-or1k-fix-building-with-gcc-version-5.patch
+++ b/package/binutils/2.34/0007-bfd-elf32-or1k-fix-building-with-gcc-version-5.patch
@@ -0,0 +1,50 @@
+From c3003947e4bad18faea4337fd2073feeb30ee078 Mon Sep 17 00:00:00 2001
+From: Giulio Benetti <giulio.benetti@benettiengineering.com>
+Date: Wed, 9 Jun 2021 17:28:27 +0200
+Subject: [PATCH] bfd/elf32-or1k: fix building with gcc version < 5
+
+Gcc version >= 5 has standard C mode not set to -std=gnu11, so if we use
+an old compiler(i.e. gcc 4.9) build fails on:
+```
+elf32-or1k.c:2251:3: error: 'for' loop initial declarations are only allowed in
+C99 or C11 mode
+    for (size_t i = 0; i < insn_count; i++)
+    ^
+```
+
+So let's declare `size_t i` at the top of the function instead of inside
+for loop.
+
+Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
+---
+ bfd/elf32-or1k.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/bfd/elf32-or1k.c b/bfd/elf32-or1k.c
+index 4ae7f324d33..32063ab0289 100644
+--- a/bfd/elf32-or1k.c
+++ b/bfd/elf32-or1k.c
+@@ -2244,9 +2244,10 @@ or1k_write_plt_entry (bfd *output_bfd, bfd_byte *contents, unsigned insnj,
+ {
+   unsigned nodelay = elf_elfheader (output_bfd)->e_flags & EF_OR1K_NODELAY;
+   unsigned output_insns[PLT_MAX_INSN_COUNT];
+  size_t i;
+ 
+   /* Copy instructions into the output buffer.  */
+-  for (size_t i = 0; i < insn_count; i++)
+  for (i = 0; i < insn_count; i++)
+     output_insns[i] = insns[i];
+ 
+   /* Honor the no-delay-slot setting.  */
+@@ -2277,7 +2278,7 @@ or1k_write_plt_entry (bfd *output_bfd, bfd_byte *contents, unsigned insnj,
+     }
+ 
+   /* Write out the output buffer.  */
+-  for (size_t i = 0; i < (insn_count+1); i++)
+  for (i = 0; i < (insn_count+1); i++)
+     bfd_put_32 (output_bfd, output_insns[i], contents + (i*4));
+ }
+ 
+-- 
+2.25.1
+
--- a/package/binutils/2.34/0008-or1k-fix-pc-relative-relocation-against-dynamic-on-P.patch
+++ b/package/binutils/2.34/0008-or1k-fix-pc-relative-relocation-against-dynamic-on-P.patch
@@ -0,0 +1,59 @@
+From 9af93e143a7fbdb75aa1ed37277f9250eb111628 Mon Sep 17 00:00:00 2001
+From: Giulio Benetti <giulio.benetti@benettiengineering.com>
+Date: Sat, 10 Jul 2021 17:57:34 +0200
+Subject: [PATCH] or1k: fix pc-relative relocation against dynamic on PC
+ relative 26 bit relocation
+
+When building openal we were seeing the assert failure:
+
+/home/buildroot/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/or1k-buildroot-linux-uclibc/9.3.0/../../../../or1k-buildroot-linux-uclibc/bin/ld: CMakeFiles/OpenAL.dir/al/source.cpp.o:
+pc-relative relocation against dynamic symbol alSourcePausev
+/home/buildroot/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/or1k-buildroot-linux-uclibc/9.3.0/../../../../or1k-buildroot-linux-uclibc/bin/ld: CMakeFiles/OpenAL.dir/al/source.cpp.o:
+pc-relative relocation against dynamic symbol alSourceStopv
+/home/buildroot/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/or1k-buildroot-linux-uclibc/9.3.0/../../../../or1k-buildroot-linux-uclibc/bin/ld: CMakeFiles/OpenAL.dir/al/source.cpp.o:
+pc-relative relocation against dynamic symbol alSourceRewindv
+/home/buildroot/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/or1k-buildroot-linux-uclibc/9.3.0/../../../../or1k-buildroot-linux-uclibc/bin/ld: CMakeFiles/OpenAL.dir/al/source.cpp.o:
+pc-relative relocation against dynamic symbol alSourcePlayv
+collect2: error: ld returned 1 exit status
+
+This happens because in R_OR1K_INSN_REL_26 case we can't reference local
+symbol as previously done but we need to make sure that calls to actual
+symbol always call the version of current object.
+
+bfd/Changelog:
+
+	* elf32-or1k.c (or1k_elf_relocate_section): use a separate entry
+	  in switch case R_OR1K_INSN_REL_26 where we need to check for
+	  !SYMBOL_CALLS_LOCAL() instead of !SYMBOL_REFERENCES_LOCAL().
+
+Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
+---
+ bfd/elf32-or1k.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/bfd/elf32-or1k.c b/bfd/elf32-or1k.c
+index 4ae7f324d33..4f9092539f5 100644
+--- a/bfd/elf32-or1k.c
+++ b/bfd/elf32-or1k.c
+@@ -1543,6 +1543,18 @@ or1k_elf_relocate_section (bfd *output_bfd,
+ 	  break;
+ 
+ 	case R_OR1K_INSN_REL_26:
+	  /* For a non-shared link, these will reference plt or call the
+	     version of actual object.  */
+	  if (bfd_link_pic (info) && !SYMBOL_CALLS_LOCAL (info, h))
+	    {
+	      _bfd_error_handler
+		(_("%pB: pc-relative relocation against dynamic symbol %s"),
+		 input_bfd, name);
+	      ret_val = FALSE;
+	      bfd_set_error (bfd_error_bad_value);
+	    }
+	  break;
+
+ 	case R_OR1K_PCREL_PG21:
+ 	case R_OR1K_LO13:
+ 	case R_OR1K_SLO13:
+-- 
+2.25.1
+
--- a/package/binutils/2.35.2/0007-bfd-elf32-or1k-fix-building-with-gcc-version-5.patch
+++ b/package/binutils/2.35.2/0007-bfd-elf32-or1k-fix-building-with-gcc-version-5.patch
@@ -0,0 +1,50 @@
+From c3003947e4bad18faea4337fd2073feeb30ee078 Mon Sep 17 00:00:00 2001
+From: Giulio Benetti <giulio.benetti@benettiengineering.com>
+Date: Wed, 9 Jun 2021 17:28:27 +0200
+Subject: [PATCH] bfd/elf32-or1k: fix building with gcc version < 5
+
+Gcc version >= 5 has standard C mode not set to -std=gnu11, so if we use
+an old compiler(i.e. gcc 4.9) build fails on:
+```
+elf32-or1k.c:2251:3: error: 'for' loop initial declarations are only allowed in
+C99 or C11 mode
+    for (size_t i = 0; i < insn_count; i++)
+    ^
+```
+
+So let's declare `size_t i` at the top of the function instead of inside
+for loop.
+
+Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
+---
+ bfd/elf32-or1k.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/bfd/elf32-or1k.c b/bfd/elf32-or1k.c
+index 4ae7f324d33..32063ab0289 100644
+--- a/bfd/elf32-or1k.c
+++ b/bfd/elf32-or1k.c
+@@ -2244,9 +2244,10 @@ or1k_write_plt_entry (bfd *output_bfd, bfd_byte *contents, unsigned insnj,
+ {
+   unsigned nodelay = elf_elfheader (output_bfd)->e_flags & EF_OR1K_NODELAY;
+   unsigned output_insns[PLT_MAX_INSN_COUNT];
+  size_t i;
+ 
+   /* Copy instructions into the output buffer.  */
+-  for (size_t i = 0; i < insn_count; i++)
+  for (i = 0; i < insn_count; i++)
+     output_insns[i] = insns[i];
+ 
+   /* Honor the no-delay-slot setting.  */
+@@ -2277,7 +2278,7 @@ or1k_write_plt_entry (bfd *output_bfd, bfd_byte *contents, unsigned insnj,
+     }
+ 
+   /* Write out the output buffer.  */
+-  for (size_t i = 0; i < (insn_count+1); i++)
+  for (i = 0; i < (insn_count+1); i++)
+     bfd_put_32 (output_bfd, output_insns[i], contents + (i*4));
+ }
+ 
+-- 
+2.25.1
+
--- a/package/binutils/2.35.2/0008-or1k-fix-pc-relative-relocation-against-dynamic-on-P.patch
+++ b/package/binutils/2.35.2/0008-or1k-fix-pc-relative-relocation-against-dynamic-on-P.patch
@@ -0,0 +1,59 @@
+From 9af93e143a7fbdb75aa1ed37277f9250eb111628 Mon Sep 17 00:00:00 2001
+From: Giulio Benetti <giulio.benetti@benettiengineering.com>
+Date: Sat, 10 Jul 2021 17:57:34 +0200
+Subject: [PATCH] or1k: fix pc-relative relocation against dynamic on PC
+ relative 26 bit relocation
+
+When building openal we were seeing the assert failure:
+
+/home/buildroot/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/or1k-buildroot-linux-uclibc/9.3.0/../../../../or1k-buildroot-linux-uclibc/bin/ld: CMakeFiles/OpenAL.dir/al/source.cpp.o:
+pc-relative relocation against dynamic symbol alSourcePausev
+/home/buildroot/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/or1k-buildroot-linux-uclibc/9.3.0/../../../../or1k-buildroot-linux-uclibc/bin/ld: CMakeFiles/OpenAL.dir/al/source.cpp.o:
+pc-relative relocation against dynamic symbol alSourceStopv
+/home/buildroot/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/or1k-buildroot-linux-uclibc/9.3.0/../../../../or1k-buildroot-linux-uclibc/bin/ld: CMakeFiles/OpenAL.dir/al/source.cpp.o:
+pc-relative relocation against dynamic symbol alSourceRewindv
+/home/buildroot/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/or1k-buildroot-linux-uclibc/9.3.0/../../../../or1k-buildroot-linux-uclibc/bin/ld: CMakeFiles/OpenAL.dir/al/source.cpp.o:
+pc-relative relocation against dynamic symbol alSourcePlayv
+collect2: error: ld returned 1 exit status
+
+This happens because in R_OR1K_INSN_REL_26 case we can't reference local
+symbol as previously done but we need to make sure that calls to actual
+symbol always call the version of current object.
+
+bfd/Changelog:
+
+	* elf32-or1k.c (or1k_elf_relocate_section): use a separate entry
+	  in switch case R_OR1K_INSN_REL_26 where we need to check for
+	  !SYMBOL_CALLS_LOCAL() instead of !SYMBOL_REFERENCES_LOCAL().
+
+Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
+---
+ bfd/elf32-or1k.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/bfd/elf32-or1k.c b/bfd/elf32-or1k.c
+index 4ae7f324d33..4f9092539f5 100644
+--- a/bfd/elf32-or1k.c
+++ b/bfd/elf32-or1k.c
+@@ -1543,6 +1543,18 @@ or1k_elf_relocate_section (bfd *output_bfd,
+ 	  break;
+ 
+ 	case R_OR1K_INSN_REL_26:
+	  /* For a non-shared link, these will reference plt or call the
+	     version of actual object.  */
+	  if (bfd_link_pic (info) && !SYMBOL_CALLS_LOCAL (info, h))
+	    {
+	      _bfd_error_handler
+		(_("%pB: pc-relative relocation against dynamic symbol %s"),
+		 input_bfd, name);
+	      ret_val = FALSE;
+	      bfd_set_error (bfd_error_bad_value);
+	    }
+	  break;
+
+ 	case R_OR1K_PCREL_PG21:
+ 	case R_OR1K_LO13:
+ 	case R_OR1K_SLO13:
+-- 
+2.25.1
+
--- a/package/binutils/2.36.1/0007-bfd-elf32-or1k-fix-building-with-gcc-version-5.patch
+++ b/package/binutils/2.36.1/0007-bfd-elf32-or1k-fix-building-with-gcc-version-5.patch
@@ -0,0 +1,50 @@
+From c3003947e4bad18faea4337fd2073feeb30ee078 Mon Sep 17 00:00:00 2001
+From: Giulio Benetti <giulio.benetti@benettiengineering.com>
+Date: Wed, 9 Jun 2021 17:28:27 +0200
+Subject: [PATCH] bfd/elf32-or1k: fix building with gcc version < 5
+
+Gcc version >= 5 has standard C mode not set to -std=gnu11, so if we use
+an old compiler(i.e. gcc 4.9) build fails on:
+```
+elf32-or1k.c:2251:3: error: 'for' loop initial declarations are only allowed in
+C99 or C11 mode
+    for (size_t i = 0; i < insn_count; i++)
+    ^
+```
+
+So let's declare `size_t i` at the top of the function instead of inside
+for loop.
+
+Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
+---
+ bfd/elf32-or1k.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/bfd/elf32-or1k.c b/bfd/elf32-or1k.c
+index 4ae7f324d33..32063ab0289 100644
+--- a/bfd/elf32-or1k.c
+++ b/bfd/elf32-or1k.c
+@@ -2244,9 +2244,10 @@ or1k_write_plt_entry (bfd *output_bfd, bfd_byte *contents, unsigned insnj,
+ {
+   unsigned nodelay = elf_elfheader (output_bfd)->e_flags & EF_OR1K_NODELAY;
+   unsigned output_insns[PLT_MAX_INSN_COUNT];
+  size_t i;
+ 
+   /* Copy instructions into the output buffer.  */
+-  for (size_t i = 0; i < insn_count; i++)
+  for (i = 0; i < insn_count; i++)
+     output_insns[i] = insns[i];
+ 
+   /* Honor the no-delay-slot setting.  */
+@@ -2277,7 +2278,7 @@ or1k_write_plt_entry (bfd *output_bfd, bfd_byte *contents, unsigned insnj,
+     }
+ 
+   /* Write out the output buffer.  */
+-  for (size_t i = 0; i < (insn_count+1); i++)
+  for (i = 0; i < (insn_count+1); i++)
+     bfd_put_32 (output_bfd, output_insns[i], contents + (i*4));
+ }
+ 
+-- 
+2.25.1
+
--- a/package/binutils/2.36.1/0008-or1k-fix-pc-relative-relocation-against-dynamic-on-P.patch
+++ b/package/binutils/2.36.1/0008-or1k-fix-pc-relative-relocation-against-dynamic-on-P.patch
@@ -0,0 +1,59 @@
+From 9af93e143a7fbdb75aa1ed37277f9250eb111628 Mon Sep 17 00:00:00 2001
+From: Giulio Benetti <giulio.benetti@benettiengineering.com>
+Date: Sat, 10 Jul 2021 17:57:34 +0200
+Subject: [PATCH] or1k: fix pc-relative relocation against dynamic on PC
+ relative 26 bit relocation
+
+When building openal we were seeing the assert failure:
+
+/home/buildroot/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/or1k-buildroot-linux-uclibc/9.3.0/../../../../or1k-buildroot-linux-uclibc/bin/ld: CMakeFiles/OpenAL.dir/al/source.cpp.o:
+pc-relative relocation against dynamic symbol alSourcePausev
+/home/buildroot/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/or1k-buildroot-linux-uclibc/9.3.0/../../../../or1k-buildroot-linux-uclibc/bin/ld: CMakeFiles/OpenAL.dir/al/source.cpp.o:
+pc-relative relocation against dynamic symbol alSourceStopv
+/home/buildroot/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/or1k-buildroot-linux-uclibc/9.3.0/../../../../or1k-buildroot-linux-uclibc/bin/ld: CMakeFiles/OpenAL.dir/al/source.cpp.o:
+pc-relative relocation against dynamic symbol alSourceRewindv
+/home/buildroot/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/or1k-buildroot-linux-uclibc/9.3.0/../../../../or1k-buildroot-linux-uclibc/bin/ld: CMakeFiles/OpenAL.dir/al/source.cpp.o:
+pc-relative relocation against dynamic symbol alSourcePlayv
+collect2: error: ld returned 1 exit status
+
+This happens because in R_OR1K_INSN_REL_26 case we can't reference local
+symbol as previously done but we need to make sure that calls to actual
+symbol always call the version of current object.
+
+bfd/Changelog:
+
+	* elf32-or1k.c (or1k_elf_relocate_section): use a separate entry
+	  in switch case R_OR1K_INSN_REL_26 where we need to check for
+	  !SYMBOL_CALLS_LOCAL() instead of !SYMBOL_REFERENCES_LOCAL().
+
+Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
+---
+ bfd/elf32-or1k.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/bfd/elf32-or1k.c b/bfd/elf32-or1k.c
+index 4ae7f324d33..4f9092539f5 100644
+--- a/bfd/elf32-or1k.c
+++ b/bfd/elf32-or1k.c
+@@ -1543,6 +1543,18 @@ or1k_elf_relocate_section (bfd *output_bfd,
+ 	  break;
+ 
+ 	case R_OR1K_INSN_REL_26:
+	  /* For a non-shared link, these will reference plt or call the
+	     version of actual object.  */
+	  if (bfd_link_pic (info) && !SYMBOL_CALLS_LOCAL (info, h))
+	    {
+	      _bfd_error_handler
+		(_("%pB: pc-relative relocation against dynamic symbol %s"),
+		 input_bfd, name);
+	      ret_val = FALSE;
+	      bfd_set_error (bfd_error_bad_value);
+	    }
+	  break;
+
+ 	case R_OR1K_PCREL_PG21:
+ 	case R_OR1K_LO13:
+ 	case R_OR1K_SLO13:
+-- 
+2.25.1
+
--- a/package/bird/bird.mk
+++ b/package/bird/bird.mk
@@ -9,6 +9,7 @@ BIRD_SITE = ftp://bird.network.cz/pub/bird
 BIRD_LICENSE = GPL-2.0+
 BIRD_LICENSE_FILES = README
 BIRD_CPE_ID_VENDOR = nic
+BIRD_SELINUX_MODULES = bird
 BIRD_DEPENDENCIES = host-flex host-bison

 ifeq ($(BR2_PACKAGE_BIRD_CLIENT),y)
--- a/package/bluez5_utils/Config.in
+++ b/package/bluez5_utils/Config.in
@@ -1,5 +1,5 @@
 config BR2_PACKAGE_BLUEZ5_UTILS
-	bool "bluez-utils 5.x"
+	bool "bluez-utils"
 	depends on BR2_USE_WCHAR # libglib2
 	depends on BR2_TOOLCHAIN_HAS_THREADS # dbus, libglib2
 	depends on BR2_USE_MMU # dbus
@@ -9,17 +9,12 @@ config BR2_PACKAGE_BLUEZ5_UTILS
 	select BR2_PACKAGE_DBUS
 	select BR2_PACKAGE_LIBGLIB2
 	help
-	  bluez utils version 5.x
+	  BlueZ utils

-	  With this release BlueZ only supports the new Bluetooth
-	  Management kernel interface (introduced in Linux 3.4).
+	  Provides Stack, Library and Tooling for Bluetooth Classic
+	  and Bluetooth LE.

-	  For Low Energy support at least kernel version 3.5 is
-	  needed.
-
-	  The API is not backward compatible with BlueZ 4.
-
-	  Bluez utils will use systemd and/or udev if enabled.
+	  BlueZ utils will use systemd and/or udev if enabled.

 	  http://www.bluez.org
 	  http://www.kernel.org/pub/linux/bluetooth
@@ -31,7 +26,7 @@ config BR2_PACKAGE_BLUEZ5_UTILS_OBEX
 	depends on BR2_INSTALL_LIBSTDCPP
 	select BR2_PACKAGE_LIBICAL
 	help
-	  Enable the OBEX support in Bluez 5.x.
+	  Enable OBEX support.

 comment "OBEX support needs a toolchain w/ C++"
 	depends on !BR2_INSTALL_LIBSTDCPP
@@ -40,75 +35,77 @@ config BR2_PACKAGE_BLUEZ5_UTILS_CLIENT
 	bool "build CLI client"
 	select BR2_PACKAGE_READLINE
 	help
-	  Enable the Bluez 5.x command line client.
+	  Build the command line client "bluetoothctl".

 config BR2_PACKAGE_BLUEZ5_UTILS_DEPRECATED
-	bool "install deprecated tool"
+	bool "install deprecated tools"
 	depends on BR2_PACKAGE_BLUEZ5_UTILS_CLIENT
 	help
-	  Build BlueZ 5.x deprecated tools. These currently include:
+	  Build deprecated tools. These currently include:
 	  hciattach, hciconfig, hcitool, hcidump, rfcomm, sdptool,
 	  ciptool, gatttool.

 config BR2_PACKAGE_BLUEZ5_UTILS_EXPERIMENTAL
-	bool "build experimental obexd plugin"
+	bool "build experimental tools"
 	help
-	  Build BlueZ 5.x experimental Nokia OBEX PC Suite plugin
+	  Build experimental tools. This is currently only the
+	  "Nokia OBEX PC Suite tool". So, only if OBEX support is
+	  enabled this option has an effect.

 config BR2_PACKAGE_BLUEZ5_UTILS_PLUGINS_HEALTH
 	bool "build health plugin"
 	help
-	  Build BlueZ 5.x health plugin
+	  Build plugin for health profiles.

 config BR2_PACKAGE_BLUEZ5_UTILS_PLUGINS_MESH
-	bool "build mesh profile"
+	bool "build mesh plugin"
 	depends on BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_12 # ell
 	select BR2_PACKAGE_ELL
 	select BR2_PACKAGE_JSON_C
 	select BR2_PACKAGE_READLINE
 	help
-	  Build BlueZ 5.x mesh plugin
+	  Build plugin for Mesh support.

 comment "mesh profile needs a toolchain w/ headers >= 4.12"
 	depends on !BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_12

 config BR2_PACKAGE_BLUEZ5_UTILS_PLUGINS_MIDI
-	bool "build midi profile"
+	bool "build midi plugin"
 	select BR2_PACKAGE_ALSA_LIB
 	select BR2_PACKAGE_ALSA_LIB_SEQ
 	help
-	  Build BlueZ 5.x midi plugin
+	  Build MIDI support via ALSA sequencer.

 config BR2_PACKAGE_BLUEZ5_UTILS_PLUGINS_NFC
 	bool "build nfc plugin"
 	help
-	  Build BlueZ 5.x nfc plugin
+	  Build plugin for NFC pairing.

 config BR2_PACKAGE_BLUEZ5_UTILS_PLUGINS_SAP
 	bool "build sap plugin"
 	help
-	  Build BlueZ 5.x sap plugin
+	  Build plugin for SAP profile.

 config BR2_PACKAGE_BLUEZ5_UTILS_PLUGINS_SIXAXIS
 	bool "build sixaxis plugin"
 	depends on BR2_PACKAGE_HAS_UDEV
 	help
-	  Build BlueZ 5.x sixaxis plugin (support Sony Dualshock
+	  Build sixaxis plugin (support Sony Dualshock
 	  controller)

 comment "sixaxis plugin needs udev /dev management"
 	depends on !BR2_PACKAGE_HAS_UDEV

 config BR2_PACKAGE_BLUEZ5_UTILS_TEST
-	bool "build tests"
+	bool "install test scripts"
 	help
-	  Build BlueZ 5.x tests
+	  Install the python test scripts from the "test" directory.

 config BR2_PACKAGE_BLUEZ5_UTILS_TOOLS_HID2HCI
 	bool "build hid2hci tool"
 	depends on BR2_PACKAGE_HAS_UDEV
 	help
-	  Build BlueZ 5.x hid2hci tool
+	  Build hid2hci tool

 comment "hid2hci tool needs udev /dev management"
 	depends on !BR2_PACKAGE_HAS_UDEV
--- a/package/boinc/boinc.mk
+++ b/package/boinc/boinc.mk
@@ -11,6 +11,7 @@ BOINC_SITE = \
 BOINC_LICENSE = LGPL-3.0+
 BOINC_LICENSE_FILES = COPYING COPYING.LESSER
 BOINC_CPE_ID_VENDOR = rom_walton
+BOINC_SELINUX_MODULES = boinc
 BOINC_DEPENDENCIES = host-pkgconf libcurl openssl
 BOINC_AUTORECONF = YES
 BOINC_CONF_ENV = ac_cv_path__libcurl_config=$(STAGING_DIR)/usr/bin/curl-config
--- a/package/busybox/0003-update_passwd-fix-context-variable.patch
+++ b/package/busybox/0003-update_passwd-fix-context-variable.patch
@@ -1,41 +0,0 @@
-From b4828612abe378491693c9036db19e4f64768307 Mon Sep 17 00:00:00 2001
-From: Bernd Kuhls <bernd.kuhls@t-online.de>
-Date: Sun, 10 Jan 2021 13:15:04 +0100
-Subject: [PATCH] update_passwd: fix context variable
-
-Commit
-https://git.busybox.net/busybox/commit/libbb/update_passwd.c?id=2496616b0a8d1c80cd1416b73a4847b59b9f969a
-
-changed the variable used from context to seuser but forgot this
-change resulting in build errors detected by buildroot autobuilders:
-
-http://autobuild.buildroot.net/results/b89/b89b7d0f0601bb706e76cea31cf4e43326e5540c//build-end.log
-
-libbb/update_passwd.c:51:11: error: 'context' undeclared (first use in
- this function); did you mean 'ucontext'?
-   freecon(context);
-
-Patch sent upstream:
-http://lists.busybox.net/pipermail/busybox/2021-January/088467.html
-
-Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
- libbb/update_passwd.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/libbb/update_passwd.c b/libbb/update_passwd.c
-index 7b67f30cd..a228075cc 100644
--- a/libbb/update_passwd.c
-+++ b/libbb/update_passwd.c
-@@ -48,7 +48,7 @@ static void check_selinux_update_passwd(const char *username)
- 			bb_simple_error_msg_and_die("SELinux: access denied");
- 	}
- 	if (ENABLE_FEATURE_CLEAN_UP)
-		freecon(context);
-+		freecon(seuser);
- }
- #else
- # define check_selinux_update_passwd(username) ((void)0)
-- 
-2.29.2
-
--- a/package/busybox/0004-decompress_gunzip-Fix-DoS-if-gzip-is-corrupt.patch
+++ b/package/busybox/0004-decompress_gunzip-Fix-DoS-if-gzip-is-corrupt.patch
@@ -1,58 +0,0 @@
-From f25d254dfd4243698c31a4f3153d4ac72aa9e9bd Mon Sep 17 00:00:00 2001
-From: Samuel Sapalski <samuel.sapalski@nokia.com>
-Date: Wed, 3 Mar 2021 16:31:22 +0100
-Subject: [PATCH] decompress_gunzip: Fix DoS if gzip is corrupt
-
-On certain corrupt gzip files, huft_build will set the error bit on
-the result pointer. If afterwards abort_unzip is called huft_free
-might run into a segmentation fault or an invalid pointer to
-free(p).
-
-In order to mitigate this, we check in huft_free if the error bit
-is set and clear it before the linked list is freed.
-
-Signed-off-by: Samuel Sapalski <samuel.sapalski@nokia.com>
-Signed-off-by: Peter Kaestle <peter.kaestle@nokia.com>
-Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
- archival/libarchive/decompress_gunzip.c | 12 ++++++++++--
- 1 file changed, 10 insertions(+), 2 deletions(-)
-
-diff --git a/archival/libarchive/decompress_gunzip.c b/archival/libarchive/decompress_gunzip.c
-index eb3b64930..e93cd5005 100644
--- a/archival/libarchive/decompress_gunzip.c
-+++ b/archival/libarchive/decompress_gunzip.c
-@@ -220,10 +220,20 @@ static const uint8_t border[] ALIGN1 = {
-  * each table.
-  * t: table to free
-  */
-+#define BAD_HUFT(p) ((uintptr_t)(p) & 1)
-+#define ERR_RET     ((huft_t*)(uintptr_t)1)
- static void huft_free(huft_t *p)
- {
- 	huft_t *q;
- 
-+	/*
-+	 * If 'p' has the error bit set we have to clear it, otherwise we might run
-+	 * into a segmentation fault or an invalid pointer to free(p)
-+	 */
-+	if (BAD_HUFT(p)) {
-+		p = (huft_t*)((uintptr_t)(p) ^ (uintptr_t)(ERR_RET));
-+	}
-+
- 	/* Go through linked list, freeing from the malloced (t[-1]) address. */
- 	while (p) {
- 		q = (--p)->v.t;
-@@ -289,8 +299,6 @@ static unsigned fill_bitbuffer(STATE_PARAM unsigned bitbuffer, unsigned *current
-  * or a valid pointer to a Huffman table, ORed with 0x1 if incompete table
-  * is given: "fixed inflate" decoder feeds us such data.
-  */
-#define BAD_HUFT(p) ((uintptr_t)(p) & 1)
-#define ERR_RET     ((huft_t*)(uintptr_t)1)
- static huft_t* huft_build(const unsigned *b, const unsigned n,
- 			const unsigned s, const struct cp_ext *cp_ext,
- 			unsigned *m)
-- 
-2.20.1
-
--- a/package/busybox/busybox.hash
+++ b/package/busybox/busybox.hash
@@ -1,5 +1,5 @@
-# From https://busybox.net/downloads/busybox-1.33.0.tar.bz2.sha256
-sha256  d568681c91a85edc6710770cebc1e80e042ad74d305b5c2e6d57a5f3de3b8fbd  busybox-1.33.0.tar.bz2
+# From https://busybox.net/downloads/busybox-1.33.1.tar.bz2.sha256
+sha256  12cec6bd2b16d8a9446dd16130f2b92982f1819f6e1c5f5887b6db03f5660d28  busybox-1.33.1.tar.bz2
 # Locally computed
 sha256  bbfc9843646d483c334664f651c208b9839626891d8f17604db2146962f43548  LICENSE
 sha256  b5a136ed67798e51fe2e0ca0b2a21cb01b904ff0c9f7d563a6292e276607e58f  archival/libarchive/bz/LICENSE
--- a/package/busybox/busybox.mk
+++ b/package/busybox/busybox.mk
@@ -4,16 +4,13 @@
 #
 ################################################################################

-BUSYBOX_VERSION = 1.33.0
+BUSYBOX_VERSION = 1.33.1
 BUSYBOX_SITE = https://www.busybox.net/downloads
 BUSYBOX_SOURCE = busybox-$(BUSYBOX_VERSION).tar.bz2
 BUSYBOX_LICENSE = GPL-2.0, bzip2-1.0.4
 BUSYBOX_LICENSE_FILES = LICENSE archival/libarchive/bz/LICENSE
 BUSYBOX_CPE_ID_VENDOR = busybox

-# 0004-decompress_gunzip-Fix-DoS-if-gzip-is-corrupt.patch
-BUSYBOX_IGNORE_CVES += CVE-2021-28831
-
 define BUSYBOX_HELP_CMDS
 	@echo '  busybox-menuconfig     - Run BusyBox menuconfig'
 endef
--- a/package/chrony/chrony.mk
+++ b/package/chrony/chrony.mk
@@ -9,6 +9,7 @@ CHRONY_SITE = http://download.tuxfamily.org/chrony
 CHRONY_LICENSE = GPL-2.0
 CHRONY_LICENSE_FILES = COPYING
 CHRONY_CPE_ID_VENDOR = tuxfamily
+CHRONY_SELINUX_MODULES = chronyd
 CHRONY_DEPENDENCIES = host-pkgconf

 CHRONY_CONF_OPTS = \
--- a/package/chrony/chrony.service
+++ b/package/chrony/chrony.service
@@ -4,6 +4,10 @@ After=syslog.target network.target
 Conflicts=systemd-timesyncd.service

 [Service]
+# Turn off DNSSEC validation for hostname look-ups, since those need the
+# correct time to work, but we likely won't acquire that without NTP. Let's
+# break this chicken-and-egg cycle here.
+Environment=SYSTEMD_NSS_RESOLVE_VALIDATE=0
 ExecStart=/usr/sbin/chronyd -n
 Restart=always

--- a/package/clamav/clamav.mk
+++ b/package/clamav/clamav.mk
@@ -11,6 +11,7 @@ CLAMAV_LICENSE_FILES = COPYING COPYING.bzip2 COPYING.file COPYING.getopt \
 	COPYING.LGPL COPYING.llvm COPYING.lzma COPYING.pcre COPYING.regex \
 	COPYING.unrar COPYING.zlib
 CLAMAV_CPE_ID_VENDOR = clamav
+CLAMAV_SELINUX_MODULES = clamav
 CLAMAV_DEPENDENCIES = \
 	host-pkgconf \
 	libcurl \
--- a/package/connman/connman.hash
+++ b/package/connman/connman.hash
@@ -1,4 +1,4 @@
 # From https://www.kernel.org/pub/linux/network/connman/sha256sums.asc
-sha256  9f62a7169b7491c670a1ff2e335b0d966308fb2f62e285c781105eb90f181af3  connman-1.39.tar.xz
+sha256  1a57ae7ce234aa3a1744aac3be5c2121d98dce999440ef8ab9cc4edfd5edcb12  connman-1.40.tar.xz
 # Locally computed
 sha256  b499eddebda05a8859e32b820a64577d91f1de2b52efa2a1575a2cb4000bc259  COPYING
--- a/package/connman/connman.mk
+++ b/package/connman/connman.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################

-CONNMAN_VERSION = 1.39
+CONNMAN_VERSION = 1.40
 CONNMAN_SOURCE = connman-$(CONNMAN_VERSION).tar.xz
 CONNMAN_SITE = $(BR2_KERNEL_MIRROR)/linux/network/connman
 CONNMAN_DEPENDENCIES = libglib2 dbus iptables
--- a/package/cryptsetup/cryptsetup.mk
+++ b/package/cryptsetup/cryptsetup.mk
@@ -33,6 +33,12 @@ else
 CRYPTSETUP_CONF_OPTS += --with-crypto_backend=kernel
 endif

+ifeq ($(BR2_PACKAGE_SYSTEMD_TMPFILES),y)
+CRYPTSETUP_CONF_OPTS += --with-tmpfilesdir=/usr/lib/tmpfiles.d
+else
+CRYPTSETUP_CONF_OPTS += --without-tmpfilesdir
+endif
+
 HOST_CRYPTSETUP_DEPENDENCIES = \
 	host-pkgconf \
 	host-lvm2 \
--- a/package/cwiid/Config.in
+++ b/package/cwiid/Config.in
@@ -11,7 +11,7 @@ config BR2_PACKAGE_CWIID
 	  A collection of Linux tools written in C for interfacing to
 	  the Nintendo Wiimote.

-	  http://abstrakraft.org/cwiid/
+	  https://github.com/abstrakraft/cwiid

 if BR2_PACKAGE_CWIID
 config BR2_PACKAGE_CWIID_WMGUI
--- a/package/dnsmasq/dnsmasq.mk
+++ b/package/dnsmasq/dnsmasq.mk
@@ -15,6 +15,7 @@ DNSMASQ_DEPENDENCIES = host-pkgconf $(TARGET_NLS_DEPENDENCIES)
 DNSMASQ_LICENSE = GPL-2.0 or GPL-3.0
 DNSMASQ_LICENSE_FILES = COPYING COPYING-v3
 DNSMASQ_CPE_ID_VENDOR = thekelleys
+DNSMASQ_SELINUX_MODULES = dnsmasq

 DNSMASQ_I18N = $(if $(BR2_SYSTEM_ENABLE_NLS),-i18n)

--- a/package/docker-cli/docker-cli.hash
+++ b/package/docker-cli/docker-cli.hash
@@ -1,3 +1,3 @@
 # Locally calculated
-sha256  eda53b96ab83a59502df2e5e00ab7ee867243259407ef454be55e695303c1113  docker-cli-20.10.6.tar.gz
+sha256  0a7848b1b5031483de075433506d0448ddf834368d9c73770e453e0b89b49747  docker-cli-20.10.7.tar.gz
 sha256  2d81ea060825006fc8f3fe28aa5dc0ffeb80faf325b612c955229157b8c10dc0  LICENSE
--- a/package/docker-cli/docker-cli.mk
+++ b/package/docker-cli/docker-cli.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################

-DOCKER_CLI_VERSION = 20.10.6
+DOCKER_CLI_VERSION = 20.10.7
 DOCKER_CLI_SITE = $(call github,docker,cli,v$(DOCKER_CLI_VERSION))

 DOCKER_CLI_LICENSE = Apache-2.0
--- a/package/docker-engine/0001-fix-port-forwarding-with-ipv6.disable-1.patch
+++ b/package/docker-engine/0001-fix-port-forwarding-with-ipv6.disable-1.patch
@@ -1,74 +0,0 @@
-From 7b9c2905883df5171fda10a364a81b8c6176c8e2 Mon Sep 17 00:00:00 2001
-From: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
-Date: Mon, 26 Apr 2021 15:28:40 +0900
-Subject: [PATCH] fix port forwarding with ipv6.disable=1
-
-Make `docker run -p 80:80` functional again on environments with kernel boot parameter `ipv6.disable=1`.
-
-Fix moby/moby issue 42288
-
-Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
-[Upstream: https://github.com/moby/libnetwork/pull/2635,
-           https://github.com/moby/moby/pull/42322]
-[Rework path/drop test for docker-engine]
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
- vendor/github.com/docker/libnetwork/drivers/bridge/port_mapping.go | 31 +++++++++++++++++++++++++++++++
- 1 file changed, 35 insertions(+), 0 deletion(-)
-
-diff --git a/vendor/github.com/docker/libnetwork/drivers/bridge/port_mapping.go b/vendor/github.com/docker/libnetwork/drivers/bridge/port_mapping.go
-index 946130ec..17bf36f9 100644
--- a/vendor/github.com/docker/libnetwork/drivers/bridge/port_mapping.go
-+++ b/vendor/github.com/docker/libnetwork/drivers/bridge/port_mapping.go
-@@ -5,6 +5,7 @@ import (
- 	"errors"
- 	"fmt"
- 	"net"
-+	"sync"
- 
- 	"github.com/docker/libnetwork/types"
- 	"github.com/ishidawataru/sctp"
-@@ -50,6 +51,13 @@ func (n *bridgeNetwork) allocatePortsInternal(bindings []types.PortBinding, cont
- 			bs = append(bs, bIPv4)
- 		}
- 
-+		// skip adding implicit v6 addr, when the kernel was booted with `ipv6.disable=1`
-+		// https://github.com/moby/moby/issues/42288
-+		isV6Binding := c.HostIP != nil && c.HostIP.To4() == nil
-+		if !isV6Binding && !IsV6Listenable() {
-+			continue
-+		}
-+
- 		// Allocate IPv6 Port mappings
- 		// If the container has no IPv6 address, allow proxying host IPv6 traffic to it
- 		// by setting up the binding with the IPv4 interface if the userland proxy is enabled
-@@ -211,3 +219,26 @@ func (n *bridgeNetwork) releasePort(bnd types.PortBinding) error {
- 
- 	return portmapper.Unmap(host)
- }
-+
-+var (
-+	v6ListenableCached bool
-+	v6ListenableOnce   sync.Once
-+)
-+
-+// IsV6Listenable returns true when `[::1]:0` is listenable.
-+// IsV6Listenable returns false mostly when the kernel was booted with `ipv6.disable=1` option.
-+func IsV6Listenable() bool {
-+	v6ListenableOnce.Do(func() {
-+		ln, err := net.Listen("tcp6", "[::1]:0")
-+		if err != nil {
-+			// When the kernel was booted with `ipv6.disable=1`,
-+			// we get err "listen tcp6 [::1]:0: socket: address family not supported by protocol"
-+			// https://github.com/moby/moby/issues/42288
-+			logrus.Debugf("port_mapping: v6Listenable=false (%v)", err)
-+		} else {
-+			v6ListenableCached = true
-+			ln.Close()
-+		}
-+	})
-+	return v6ListenableCached
-+}
-- 
-2.20.1
-
--- a/package/docker-engine/docker-engine.hash
+++ b/package/docker-engine/docker-engine.hash
@@ -1,3 +1,3 @@
 # Locally calculated
-sha256  fd7f5571b1f64f26b5ca520a3e1fefb33c190f3732b931051c23a76bdba5000e  docker-engine-20.10.6.tar.gz
+sha256  b80142035de46904605fb7b8f18075cd94154f8c3d67ff346ea554d1e9d579b9  docker-engine-20.10.7.tar.gz
 sha256  7c87873291f289713ac5df48b1f2010eb6963752bbd6b530416ab99fc37914a8  LICENSE
--- a/package/docker-engine/docker-engine.mk
+++ b/package/docker-engine/docker-engine.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################

-DOCKER_ENGINE_VERSION = 20.10.6
+DOCKER_ENGINE_VERSION = 20.10.7
 DOCKER_ENGINE_SITE = $(call github,moby,moby,v$(DOCKER_ENGINE_VERSION))

 DOCKER_ENGINE_LICENSE = Apache-2.0
--- a/package/dovecot-pigeonhole/dovecot-pigeonhole.hash
+++ b/package/dovecot-pigeonhole/dovecot-pigeonhole.hash
@@ -1,3 +1,3 @@
 # Locally computed after checking signature
-sha256  68ca0f78a3caa6b090a469f45c395c44cf16da8fcb3345755b1ca436c9ffb2d2  dovecot-2.3-pigeonhole-0.5.14.tar.gz
+sha256  e1498f50cef74c351a57474cc423b008627ab1ab60724b859283ead6d00550d0  dovecot-2.3-pigeonhole-0.5.15.tar.gz
 sha256  fc9e9522216f2a9a28b31300e3c73c1df56acc27dfae951bf516e7995366b51a  COPYING
--- a/package/dovecot-pigeonhole/dovecot-pigeonhole.mk
+++ b/package/dovecot-pigeonhole/dovecot-pigeonhole.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################

-DOVECOT_PIGEONHOLE_VERSION = 0.5.14
+DOVECOT_PIGEONHOLE_VERSION = 0.5.15
 DOVECOT_PIGEONHOLE_SOURCE = dovecot-2.3-pigeonhole-$(DOVECOT_PIGEONHOLE_VERSION).tar.gz
 DOVECOT_PIGEONHOLE_SITE = https://pigeonhole.dovecot.org/releases/2.3
 DOVECOT_PIGEONHOLE_LICENSE = LGPL-2.1
--- a/package/dovecot/dovecot.hash
+++ b/package/dovecot/dovecot.hash
@@ -1,5 +1,5 @@
 # Locally computed after checking signature
-sha256  c8b3d7f3af1e558a3ff0f970309d4013a4d3ce136f8c02a53a3b05f345b9a34a  dovecot-2.3.14.tar.gz
+sha256  21bbdd5d45957a99133de8b7e71813ecb73d9476c89dfc63479e9102b3553590  dovecot-2.3.15.tar.gz
 sha256  319a9830aab406109cd67cb45496587566a8123203d66d037b209ca3e13de02a  COPYING
 sha256  dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551  COPYING.LGPL
 sha256  52b8c95fabb19575281874b661ef7968ea47e8f5d74ba0dd40ce512e52b3fc97  COPYING.MIT
--- a/package/dovecot/dovecot.mk
+++ b/package/dovecot/dovecot.mk
@@ -5,7 +5,7 @@
 ################################################################################

 DOVECOT_VERSION_MAJOR = 2.3
-DOVECOT_VERSION = $(DOVECOT_VERSION_MAJOR).14
+DOVECOT_VERSION = $(DOVECOT_VERSION_MAJOR).15
 DOVECOT_SITE = https://dovecot.org/releases/$(DOVECOT_VERSION_MAJOR)
 DOVECOT_INSTALL_STAGING = YES
 DOVECOT_LICENSE = LGPL-2.1, MIT, Public Domain, BSD-3-Clause, Unicode-DFS-2015
@@ -18,6 +18,10 @@ DOVECOT_DEPENDENCIES = \
 # add host-gettext for AM_ICONV macro
 DOVECOT_DEPENDENCIES += host-gettext

+# CVE-2016-4983 is an issue in a postinstall script in the dovecot rpm, which
+# is part of the Red Hat packaging and not part of upstream dovecot
+DOVECOT_IGNORE_CVES += CVE-2016-4983
+
 DOVECOT_CONF_ENV = \
 	RPCGEN=__disable_RPCGEN_rquota \
 	i_cv_epoll_works=yes \
--- a/package/e2fsprogs/e2fsprogs.mk
+++ b/package/e2fsprogs/e2fsprogs.mk
@@ -27,6 +27,7 @@ HOST_E2FSPROGS_CONF_OPTS = \
 	--disable-defrag \
 	--disable-e2initrd-helper \
 	--disable-fuse2fs \
+	--disable-fsck \
 	--disable-libblkid \
 	--disable-libuuid \
 	--disable-testio-debug \
--- a/package/exiv2/0001-add-BUILD_WITH_STACK_PROTECTOR-option.patch
+++ b/package/exiv2/0001-add-BUILD_WITH_STACK_PROTECTOR-option.patch
@@ -0,0 +1,54 @@
+From 4bb57da5fb0bb0d7e747b9e325e9ec0876ffc1f9 Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Sat, 31 Jul 2021 16:36:50 +0200
+Subject: [PATCH] add BUILD_WITH_STACK_PROTECTOR option
+
+Add BUILD_WITH_STACK_PROTECTOR to avoid the following build failure with
+toolchains that don't support stack-protector:
+
+/home/buildroot/autobuild/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/mipsel-buildroot-linux-uclibc/9.3.0/../../../../mipsel-buildroot-linux-uclibc/bin/ld: utils.cpp:(.text._ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE12_M_constructIPcEEvT_S7_St20forward_iterator_tag[_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE12_M_constructIPcEEvT_S7_St20forward_iterator_tag]+0xd0): undefined reference to `__stack_chk_fail'
+
+Indeed, support for -fstack-protector-strong can't be detected through
+check_cxx_compiler_flag as some toolchains need to link with -lssp to
+enable SSP support
+
+Fixes:
+ - http://autobuild.buildroot.org/results/ae4635899124c602c70d2b342a76f95c34aa4a3d
+
+Upstream: https://github.com/Exiv2/exiv2/commit/f31c0eba098889899d29b7b0da830aee2b62a7b8
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ CMakeLists.txt            | 1 +
+ cmake/compilerFlags.cmake | 4 ++--
+ 2 files changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 6f0da06a..0746ee14 100644
+--- a/CMakeLists.txt
+++ b/CMakeLists.txt
+@@ -47,6 +47,7 @@ mark_as_advanced(
+     EXIV2_TEAM_USE_SANITIZERS
+ )
+ 
+option( BUILD_WITH_STACK_PROTECTOR    "Build with stack protector"                            ON )
+ option( BUILD_WITH_CCACHE             "Use ccache to speed up compilations"                   OFF )
+ option( BUILD_WITH_COVERAGE           "Add compiler flags to generate coverage stats"         OFF )
+ 
+diff --git a/cmake/compilerFlags.cmake b/cmake/compilerFlags.cmake
+index 35faf501..0a646e50 100644
+--- a/cmake/compilerFlags.cmake
+++ b/cmake/compilerFlags.cmake
+@@ -33,8 +33,8 @@ if ( MINGW OR UNIX OR MSYS ) # MINGW, Linux, APPLE, CYGWIN
+             endif()
+             if(HAS_FCF_PROTECTION)
+                 add_compile_options(-fcf-protection)
+-            endif()
+-            if(HAS_FSTACK_PROTECTOR_STRONG)
+              endif()
+	    if(BUILD_WITH_STACK_PROTECTOR AND HAS_FSTACK_PROTECTOR_STRONG)
+                 add_compile_options(-fstack-protector-strong)
+             endif()
+         endif()
+-- 
+2.31.1
+
--- a/package/exiv2/0001-cmake-compilerFlags.cmake-properly-detect-availabili.patch
+++ b/package/exiv2/0001-cmake-compilerFlags.cmake-properly-detect-availabili.patch
@@ -1,58 +0,0 @@
-From 2f6d2e5795382f0d6e22f5aea52e8104110d24ad Mon Sep 17 00:00:00 2001
-From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
-Date: Sun, 19 Jul 2020 16:29:15 +0200
-Subject: [PATCH] cmake/compilerFlags.cmake: properly detect availability of
- flags
-
-Instead of relying on fragile and complex logic to decide if a
-compiler flag is available or not, use the check_c_compiler_flag()
-macro provided by the CMake standard library.
-
-This for example avoids using -fcf-protection on architectures that
-don't support this option.
-
-[Upstream: https://github.com/Exiv2/exiv2/pull/1252. The submitted
-patch is slightly different than this one, due to other changes
-between 0.27.3 and master.]
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
- cmake/compilerFlags.cmake | 18 +++++++++++-------
- 1 file changed, 11 insertions(+), 7 deletions(-)
-
-diff --git a/cmake/compilerFlags.cmake b/cmake/compilerFlags.cmake
-index 0418aa61..be430977 100644
--- a/cmake/compilerFlags.cmake
-+++ b/cmake/compilerFlags.cmake
-@@ -1,4 +1,5 @@
- # These flags applies to exiv2lib, the applications, and to the xmp code
-+include(CheckCCompilerFlag)
- 
- if ( MINGW OR UNIX OR MSYS ) # MINGW, Linux, APPLE, CYGWIN
-     if (${CMAKE_CXX_COMPILER_ID} STREQUAL GNU)
-@@ -25,13 +26,16 @@ if ( MINGW OR UNIX OR MSYS ) # MINGW, Linux, APPLE, CYGWIN
- 
-         # This fails under Fedora, MinGW GCC 8.3.0 and CYGWIN/MSYS 9.3.0
-         if (NOT (MINGW OR CMAKE_HOST_SOLARIS OR CYGWIN OR MSYS) )
-            if (COMPILER_IS_GCC AND CMAKE_CXX_COMPILER_VERSION VERSION_GREATER_EQUAL 8.0)
-                add_compile_options(-fstack-clash-protection -fcf-protection)
-            endif()
-
-            if( (COMPILER_IS_GCC   AND CMAKE_CXX_COMPILER_VERSION VERSION_GREATER_EQUAL 5.0) # Not in GCC 4.8
-            OR  (COMPILER_IS_CLANG AND CMAKE_CXX_COMPILER_VERSION VERSION_GREATER_EQUAL 3.7) # Not in Clang 3.4.2
-            )
-+            check_c_compiler_flag(-fstack-clash-protection HAS_FSTACK_CLASH_PROTECTION)
-+            check_c_compiler_flag(-fcf-protection HAS_FCF_PROTECTION)
-+            check_c_compiler_flag(-fstack-protector-strong HAS_FSTACK_PROTECTOR_STRONG)
-+            if(HAS_FSTACK_CLASH_PROTECTION)
-+                add_compile_options(-fstack-clash-protection)
-+            endif()
-+            if(GCC_HAS_FCF_PROTECTION)
-+                add_compile_options(-fcf-protection)
-+            endif()
-+            if(GCC_HAS_FSTACK_PROTECTOR_STRONG)
-                 add_compile_options(-fstack-protector-strong)
-             endif()
-         endif()
--- 
-2.26.2
-
--- a/package/exiv2/exiv2.hash
+++ b/package/exiv2/exiv2.hash
@@ -1,3 +1,3 @@
 # Locally calculated
-sha256 6398bc743c32b85b2cb2a604273b8c90aa4eb0fd7c1700bf66cbb2712b4f00c1 exiv2-0.27.3.tar.gz
-sha256 a7ba75cb966aca374711e2af49e5f3aea6a4443a803440f5d93e73a5a1222f66 COPYING
+sha256  84366dba7c162af9a7603bcd6c16f40fe0e9af294ba2fd2f66ffffb9fbec904e  exiv2-0.27.4-Source.tar.gz
+sha256  a7ba75cb966aca374711e2af49e5f3aea6a4443a803440f5d93e73a5a1222f66  COPYING
--- a/package/exiv2/exiv2.mk
+++ b/package/exiv2/exiv2.mk
@@ -4,14 +4,17 @@
 #
 ################################################################################

-EXIV2_VERSION = 0.27.3
-EXIV2_SITE = $(call github,Exiv2,exiv2,v$(EXIV2_VERSION))
+EXIV2_VERSION = 0.27.4
+EXIV2_SOURCE = exiv2-$(EXIV2_VERSION)-Source.tar.gz
+EXIV2_SITE = https://exiv2.org/builds
 EXIV2_INSTALL_STAGING = YES
 EXIV2_LICENSE = GPL-2.0+
 EXIV2_LICENSE_FILES = COPYING
 EXIV2_CPE_ID_VENDOR = exiv2

-EXIV2_CONF_OPTS += -DEXIV2_BUILD_SAMPLES=OFF
+EXIV2_CONF_OPTS += \
+	-DBUILD_WITH_STACK_PROTECTOR=OFF \
+	-DEXIV2_BUILD_SAMPLES=OFF

 ifeq ($(BR2_PACKAGE_EXIV2_LENSDATA),y)
 EXIV2_CONF_OPTS += -DEXIV2_ENABLE_LENSDATA=ON
--- a/package/fail2ban/0001-fixed-possible-RCE-vulnerability-unset-escape-variable.patch
+++ b/package/fail2ban/0001-fixed-possible-RCE-vulnerability-unset-escape-variable.patch
@@ -0,0 +1,158 @@
+From 410a6ce5c80dd981c22752da034f2529b5eee844 Mon Sep 17 00:00:00 2001
+From: sebres <serg.brester@sebres.de>
+Date: Mon, 21 Jun 2021 17:12:53 +0200
+Subject: [PATCH] fixed possible RCE vulnerability, unset escape variable
+ (default tilde) stops consider "~" char after new-line as composing escape
+ sequence
+
+[Retrieved from:
+https://github.com/fail2ban/fail2ban/commit/410a6ce5c80dd981c22752da034f2529b5eee844]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ config/action.d/complain.conf         | 2 +-
+ config/action.d/dshield.conf          | 2 +-
+ config/action.d/mail-buffered.conf    | 8 ++++----
+ config/action.d/mail-whois-lines.conf | 2 +-
+ config/action.d/mail-whois.conf       | 6 +++---
+ config/action.d/mail.conf             | 6 +++---
+ 6 files changed, 13 insertions(+), 13 deletions(-)
+
+diff --git a/config/action.d/complain.conf b/config/action.d/complain.conf
+index 3a5f882c9f..4d73b05859 100644
+--- a/config/action.d/complain.conf
+++ b/config/action.d/complain.conf
+@@ -102,7 +102,7 @@ logpath = /dev/null
+ # Notes.:  Your system mail command. Is passed 2 args: subject and recipient
+ # Values:  CMD
+ #
+-mailcmd = mail -s
+mailcmd = mail -E 'set escape' -s
+ 
+ # Option:  mailargs
+ # Notes.:  Additional arguments to mail command. e.g. for standard Unix mail:
+diff --git a/config/action.d/dshield.conf b/config/action.d/dshield.conf
+index c128bef348..3d5a7a53a9 100644
+--- a/config/action.d/dshield.conf
+++ b/config/action.d/dshield.conf
+@@ -179,7 +179,7 @@ tcpflags =
+ # Notes.:  Your system mail command. Is passed 2 args: subject and recipient
+ # Values:  CMD
+ #
+-mailcmd = mail -s
+mailcmd = mail -E 'set escape' -s
+ 
+ # Option:  mailargs
+ # Notes.:  Additional arguments to mail command. e.g. for standard Unix mail:
+diff --git a/config/action.d/mail-buffered.conf b/config/action.d/mail-buffered.conf
+index 325f185b2f..79b841049c 100644
+--- a/config/action.d/mail-buffered.conf
+++ b/config/action.d/mail-buffered.conf
+@@ -17,7 +17,7 @@ actionstart = printf %%b "Hi,\n
+               The jail <name> has been started successfully.\n
+               Output will be buffered until <lines> lines are available.\n
+               Regards,\n
+-              Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
+              Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
+ 
+ # Option:  actionstop
+ # Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+@@ -28,13 +28,13 @@ actionstop = if [ -f <tmpfile> ]; then
+                  These hosts have been banned by Fail2Ban.\n
+                  `cat <tmpfile>`
+                  Regards,\n
+-                 Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary from <fq-hostname>" <dest>
+                 Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: Summary from <fq-hostname>" <dest>
+                  rm <tmpfile>
+              fi
+              printf %%b "Hi,\n
+              The jail <name> has been stopped.\n
+              Regards,\n
+-             Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
+             Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
+ 
+ # Option:  actioncheck
+ # Notes.:  command executed once before each actionban command
+@@ -55,7 +55,7 @@ actionban = printf %%b "`date`: <ip> (<failures> failures)\n" >> <tmpfile>
+                 These hosts have been banned by Fail2Ban.\n
+                 `cat <tmpfile>`
+                 \nRegards,\n
+-                Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary" <dest>
+                Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: Summary" <dest>
+                 rm <tmpfile>
+             fi
+ 
+diff --git a/config/action.d/mail-whois-lines.conf b/config/action.d/mail-whois-lines.conf
+index 3a3e56b2c7..d2818cb9b9 100644
+--- a/config/action.d/mail-whois-lines.conf
+++ b/config/action.d/mail-whois-lines.conf
+@@ -72,7 +72,7 @@ actionunban =
+ # Notes.:  Your system mail command. Is passed 2 args: subject and recipient
+ # Values:  CMD
+ #
+-mailcmd = mail -s
+mailcmd = mail -E 'set escape' -s
+ 
+ # Default name of the chain
+ #
+diff --git a/config/action.d/mail-whois.conf b/config/action.d/mail-whois.conf
+index 7fea34c40d..ab33b616dc 100644
+--- a/config/action.d/mail-whois.conf
+++ b/config/action.d/mail-whois.conf
+@@ -20,7 +20,7 @@ norestored = 1
+ actionstart = printf %%b "Hi,\n
+               The jail <name> has been started successfully.\n
+               Regards,\n
+-              Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
+              Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
+ 
+ # Option:  actionstop
+ # Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+@@ -29,7 +29,7 @@ actionstart = printf %%b "Hi,\n
+ actionstop = printf %%b "Hi,\n
+              The jail <name> has been stopped.\n
+              Regards,\n
+-             Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
+             Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
+ 
+ # Option:  actioncheck
+ # Notes.:  command executed once before each actionban command
+@@ -49,7 +49,7 @@ actionban = printf %%b "Hi,\n
+             Here is more information about <ip> :\n
+             `%(_whois_command)s`\n
+             Regards,\n
+-            Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>
+            Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>
+ 
+ # Option:  actionunban
+ # Notes.:  command executed when unbanning an IP. Take care that the
+diff --git a/config/action.d/mail.conf b/config/action.d/mail.conf
+index 5d8c0e154c..f4838ddcb6 100644
+--- a/config/action.d/mail.conf
+++ b/config/action.d/mail.conf
+@@ -16,7 +16,7 @@ norestored = 1
+ actionstart = printf %%b "Hi,\n
+               The jail <name> has been started successfully.\n
+               Regards,\n
+-              Fail2Ban"|mail -s "[Fail2Ban] <name>: started  on <fq-hostname>" <dest>
+              Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started  on <fq-hostname>" <dest>
+ 
+ # Option:  actionstop
+ # Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+@@ -25,7 +25,7 @@ actionstart = printf %%b "Hi,\n
+ actionstop = printf %%b "Hi,\n
+              The jail <name> has been stopped.\n
+              Regards,\n
+-             Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
+             Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
+ 
+ # Option:  actioncheck
+ # Notes.:  command executed once before each actionban command
+@@ -43,7 +43,7 @@ actionban = printf %%b "Hi,\n
+             The IP <ip> has just been banned by Fail2Ban after
+             <failures> attempts against <name>.\n
+             Regards,\n
+-            Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>
+            Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>
+ 
+ # Option:  actionunban
+ # Notes.:  command executed when unbanning an IP. Take care that the
--- a/package/fail2ban/fail2ban.mk
+++ b/package/fail2ban/fail2ban.mk
@@ -11,6 +11,9 @@ FAIL2BAN_LICENSE_FILES = COPYING
 FAIL2BAN_CPE_ID_VENDOR = fail2ban
 FAIL2BAN_SETUP_TYPE = distutils

+# 0001-fixed-possible-RCE-vulnerability-unset-escape-variable.patch
+FAIL2BAN_IGNORE_CVES += CVE-2021-32749
+
 ifeq ($(BR2_PACKAGE_PYTHON3),y)
 define FAIL2BAN_PYTHON_2TO3
 	$(HOST_DIR)/bin/2to3 --write --nobackups --no-diffs $(@D)/bin/* $(@D)/fail2ban
--- a/package/feh/feh.mk
+++ b/package/feh/feh.mk
@@ -10,6 +10,7 @@ FEH_SITE = http://feh.finalrewind.org
 FEH_DEPENDENCIES = imlib2 libpng xlib_libXt
 FEH_LICENSE = MIT
 FEH_LICENSE_FILES = COPYING
+FEH_CPE_ID_VENDOR = feh_project

 ifeq ($(BR2_PACKAGE_LIBCURL),y)
 FEH_DEPENDENCIES += libcurl
--- a/package/fetchmail/fetchmail.hash
+++ b/package/fetchmail/fetchmail.hash
@@ -1,6 +1,6 @@
-# From https://sourceforge.net/p/fetchmail/mailman/message/37267719/
-sha256  cd8d11a3d103e50caa2ec64bcda6307eb3d0783a4d4dfd88e668b81aaf9d6b5f  fetchmail-6.4.19.tar.xz
+# From https://sourceforge.net/p/fetchmail/mailman/message/37327392/
+sha256  c82141ae2e8f0039ceb0c5c2eda43c5e93ad0bf7f9c6bb628092b3be74386176  fetchmail-6.4.20.tar.xz
 # From https://sourceforge.net/projects/fetchmail/files/branch_6.4/
-sha1  bb6959f0cf1f6d689c2ba3834c5bba72e4f9ec07  fetchmail-6.4.19.tar.xz
+sha1  ac6a6c4afa105e097d025340cf78b32e0c3b0c8e  fetchmail-6.4.20.tar.xz
 # Locally computed:
 sha256  6346b5aa04e258fa4326272ea92372d796b4382aa963535ae98a3bb5f8cd5aeb  COPYING
--- a/package/fetchmail/fetchmail.mk
+++ b/package/fetchmail/fetchmail.mk
@@ -5,7 +5,7 @@
 ################################################################################

 FETCHMAIL_VERSION_MAJOR = 6.4
-FETCHMAIL_VERSION = $(FETCHMAIL_VERSION_MAJOR).19
+FETCHMAIL_VERSION = $(FETCHMAIL_VERSION_MAJOR).20
 FETCHMAIL_SOURCE = fetchmail-$(FETCHMAIL_VERSION).tar.xz
 FETCHMAIL_SITE = http://downloads.sourceforge.net/project/fetchmail/branch_$(FETCHMAIL_VERSION_MAJOR)
 FETCHMAIL_LICENSE = GPL-2.0; some exceptions are mentioned in COPYING
--- a/package/ffmpeg/0003-libavutil-Fix-mips-build.patch
+++ b/package/ffmpeg/0003-libavutil-Fix-mips-build.patch
@@ -8,7 +8,7 @@ Check for sys/auxv.h because not all toolchains contain this header.
 Fixes https://trac.ffmpeg.org/ticket/9138

 Patch sent upstream:
-http://ffmpeg.org/pipermail/ffmpeg-devel/2021-June/281037.html
+http://ffmpeg.org/pipermail/ffmpeg-devel/2021-June/281272.html

 Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
 ---
@@ -17,7 +17,7 @@ Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
 2 files changed, 5 insertions(+), 3 deletions(-)

 diff --git a/configure b/configure
-index 82367fd30d..b0154cb8b2 100755
+index 6bfd98b384..773a7d516c 100755
 --- a/configure
 +++ b/configure
@@ -2161,6 +2161,7 @@ HEADERS_LIST="
@@ -28,7 +28,7 @@ index 82367fd30d..b0154cb8b2 100755
     sys_param_h
     sys_resource_h
     sys_select_h
-@@ -6210,6 +6211,7 @@ check_func_headers VideoToolbox/VTCompressionSession.h VTCompressionSessionPrepa
+@@ -6218,6 +6219,7 @@ check_func_headers VideoToolbox/VTCompressionSession.h VTCompressionSessionPrepa
 check_headers windows.h
 check_headers X11/extensions/XvMClib.h
 check_headers asm/types.h
@@ -37,7 +37,7 @@ index 82367fd30d..b0154cb8b2 100755
 # it seems there are versions of clang in some distros that try to use the
 # gcc headers, which explodes for stdatomic
 diff --git a/libavutil/mips/cpu.c b/libavutil/mips/cpu.c
-index 59619d54de..4738104cdd 100644
+index 59619d54de..19196de50b 100644
 --- a/libavutil/mips/cpu.c
 +++ b/libavutil/mips/cpu.c
@@ -19,7 +19,7 @@
@@ -45,7 +45,7 @@ index 59619d54de..4738104cdd 100644
 #include "libavutil/cpu_internal.h"
 #include "config.h"
 -#if defined __linux__ || defined __ANDROID__
-+#if (defined __linux__ || defined __ANDROID__) && defined(HAVE_SYS_AUXV_H)
+#if (defined __linux__ || defined __ANDROID__) && HAVE_SYS_AUXV_H
 #include <stdint.h>
 #include <stdio.h>
 #include <string.h>
@@ -54,7 +54,7 @@ index 59619d54de..4738104cdd 100644
 #endif
 
 -#if defined __linux__ || defined __ANDROID__
-+#if (defined __linux__ || defined __ANDROID__) && defined(HAVE_SYS_AUXV_H)
+#if (defined __linux__ || defined __ANDROID__) && HAVE_SYS_AUXV_H
 
 #define HWCAP_LOONGSON_CPUCFG (1 << 14)
 
@@ -63,7 +63,7 @@ index 59619d54de..4738104cdd 100644
 int ff_get_cpu_flags_mips(void)
 {
 -#if defined __linux__ || defined __ANDROID__
-+#if (defined __linux__ || defined __ANDROID__) && defined(HAVE_SYS_AUXV_H)
+#if (defined __linux__ || defined __ANDROID__) && HAVE_SYS_AUXV_H
     if (cpucfg_available())
         return cpu_flags_cpucfg();
     else
--- a/package/flac/flac.mk
+++ b/package/flac/flac.mk
@@ -17,7 +17,7 @@ FLAC_CPE_ID_VENDOR = flac_project
 FLAC_AUTORECONF = YES

 FLAC_CONF_OPTS = \
-	--disable-cpplibs \
+	$(if $(BR2_INSTALL_LIBSTDCPP),--enable-cpplibs,--disable-cpplibs) \
 	--disable-xmms-plugin \
 	--disable-altivec

--- a/package/fluxbox/0001-fixes-bug-1138.patch
+++ b/package/fluxbox/0001-fixes-bug-1138.patch
@@ -0,0 +1,25 @@
+From 22866c4d30f5b289c429c5ca88d800200db4fc4f Mon Sep 17 00:00:00 2001
+From: John Sennesael <john@aminking.com>
+Date: Mon, 2 Nov 2015 15:14:32 -0600
+Subject: [PATCH] fixes bug #1138
+
+[Retrieved from:
+https://github.com/fluxbox/fluxbox/commit/22866c4d30f5b289c429c5ca88d800200db4fc4f]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ util/fluxbox-remote.cc | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/util/fluxbox-remote.cc b/util/fluxbox-remote.cc
+index 59852e6a..504015b5 100644
+--- a/util/fluxbox-remote.cc
+++ b/util/fluxbox-remote.cc
+@@ -73,7 +73,7 @@ int main(int argc, char **argv) {
+     if (strcmp(cmd, "result") == 0) {
+         XTextProperty text_prop;
+         if (XGetTextProperty(disp, root, &text_prop, atom_result) != 0
+-            && text_prop.value > 0
+            && text_prop.value != 0
+             && text_prop.nitems > 0) {
+ 
+             printf("%s", text_prop.value);
--- a/package/gawk/gawk.mk
+++ b/package/gawk/gawk.mk
@@ -39,5 +39,11 @@ endef

 GAWK_POST_INSTALL_TARGET_HOOKS += GAWK_CREATE_SYMLINK

+define HOST_GAWK_CREATE_SYMLINK
+	ln -sf gawk $(HOST_DIR)/usr/bin/awk
+endef
+
+HOST_GAWK_POST_INSTALL_HOOKS += HOST_GAWK_CREATE_SYMLINK
+
 $(eval $(autotools-package))
 $(eval $(host-autotools-package))
--- a/package/gcc/9.3.0/0001-xtensa-fix-PR-target-91880.patch
+++ b/package/gcc/9.3.0/0001-xtensa-fix-PR-target-91880.patch
@@ -1,50 +0,0 @@
-From 0a59aa440a4c125b81504c777b066ae4eb1f09f0 Mon Sep 17 00:00:00 2001
-From: Max Filippov <jcmvbkbc@gmail.com>
-Date: Tue, 24 Sep 2019 04:15:17 -0700
-Subject: [PATCH] xtensa: fix PR target/91880
-
-Xtensa hwloop_optimize segfaults when zero overhead loop is about to be
-inserted as the first instruction of the function.
-Insert zero overhead loop instruction into new basic block before the
-loop when basic block that precedes the loop is empty.
-
-2019-09-26  Max Filippov  <jcmvbkbc@gmail.com>
-gcc/
-	* config/xtensa/xtensa.c (hwloop_optimize): Insert zero overhead
-	loop instruction into new basic block before the loop when basic
-	block that precedes the loop is empty.
-
-Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
-Signed-off-by: Romain Naour <romain.naour@gmail.com>
---
-Backported from: r276166
-
- gcc/config/xtensa/xtensa.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/gcc/config/xtensa/xtensa.c b/gcc/config/xtensa/xtensa.c
-index ee5612441e2..2527468d57d 100644
--- a/gcc/config/xtensa/xtensa.c
-+++ b/gcc/config/xtensa/xtensa.c
-@@ -4235,7 +4235,9 @@ hwloop_optimize (hwloop_info loop)
- 
-   seq = get_insns ();
- 
-  if (!single_succ_p (entry_bb) || vec_safe_length (loop->incoming) > 1)
-+  entry_after = BB_END (entry_bb);
-+  if (!single_succ_p (entry_bb) || vec_safe_length (loop->incoming) > 1
-+      || !entry_after)
-     {
-       basic_block new_bb;
-       edge e;
-@@ -4256,7 +4258,6 @@ hwloop_optimize (hwloop_info loop)
-     }
-   else
-     {
-      entry_after = BB_END (entry_bb);
-       while (DEBUG_INSN_P (entry_after)
-              || (NOTE_P (entry_after)
- 		 && NOTE_KIND (entry_after) != NOTE_INSN_BASIC_BLOCK))
-- 
-2.24.1
-
--- a/package/gcc/9.3.0/0004-gcc-Makefile.in-move-SELFTEST_DEPS-before-including-.patch
+++ b/package/gcc/9.3.0/0004-gcc-Makefile.in-move-SELFTEST_DEPS-before-including-.patch
@@ -1,81 +0,0 @@
-From 811c8d628045c3d248144fc560a4bf80209ca16e Mon Sep 17 00:00:00 2001
-From: Romain Naour <romain.naour@gmail.com>
-Date: Thu, 21 May 2020 15:58:02 +0200
-Subject: [PATCH] gcc/Makefile.in: move SELFTEST_DEPS before including language
- makefile fragments
-
-As reported by several Buildroot users [1][2][3], the gcc build
-may fail while running selftests makefile target.
-
-The problem only occurs when ccache is used with gcc 9 and 10,
-probably due to a race condition.
-
-While debuging with "make -p" we can notice that s-selftest-c target
-contain only "cc1" as dependency instead of cc1 and SELFTEST_DEPS [4].
-
-  s-selftest-c: cc1
-
-While the build is failing, the s-selftest-c dependencies recipe is
-still running and reported as a bug by make.
-
-  "Dependencies recipe running (THIS IS A BUG)."
-
-A change [5] in gcc 9 seems to introduce the problem since we can't
-reproduce this problem with gcc 8.
-
-As suggested by Yann E. MORIN [6], move SELFTEST_DEPS before
-including language makefile fragments.
-
-With the fix applied, the s-seltest-c dependency contains
-SELFTEST_DEPS value.
-
-  s-selftest-c: cc1 xgcc specs stmp-int-hdrs ../../gcc/testsuite/selftests
-
-[1] http://lists.busybox.net/pipermail/buildroot/2020-May/282171.html
-[2] http://lists.busybox.net/pipermail/buildroot/2020-May/282766.html
-[3] https://github.com/cirosantilli/linux-kernel-module-cheat/issues/108
-[4] https://gcc.gnu.org/git/?p=gcc.git;a=blob;f=gcc/c/Make-lang.in;h=bfae6fd2549c4f728816cd355fa9739dcc08fcde;hb=033eb5671769a4c681a44aad08a454e667e08502#l120
-[5] https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=033eb5671769a4c681a44aad08a454e667e08502
-[6] http://lists.busybox.net/pipermail/buildroot/2020-May/283213.html
-
-Upstream status: https://gcc.gnu.org/pipermail/gcc-patches/2020-May/546248.html
-
-Signed-off-by: Romain Naour <romain.naour@gmail.com>
-Cc: Ben Dakin-Norris <ben.dakin-norris@navtechradar.com>
-Cc: Maxim Kochetkov <fido_max@inbox.ru>
-Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
-Cc: Yann E. MORIN <yann.morin.1998@free.fr>
-Cc: Cc: David Malcolm <dmalcolm@gcc.gnu.org>
---
-This patch should be backported to gcc 10 and gcc 9.
---
- gcc/Makefile.in | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/gcc/Makefile.in b/gcc/Makefile.in
-index abae872cd63..e2ef3c46afc 100644
--- a/gcc/Makefile.in
-+++ b/gcc/Makefile.in
-@@ -1686,6 +1686,10 @@ $(FULL_DRIVER_NAME): ./xgcc
- 	rm -f $@
- 	$(LN_S) $< $@
- 
-+# SELFTEST_DEPS need to be set before including language makefile fragments.
-+# Otherwise $(SELFTEST_DEPS) is empty when used from various <LANG>/Make-lang.in.
-+SELFTEST_DEPS = $(GCC_PASSES) stmp-int-hdrs $(srcdir)/testsuite/selftests
-+
- #
- # Language makefile fragments.
- 
-@@ -1950,8 +1954,6 @@ DEVNULL=$(if $(findstring mingw,$(build)),nul,/dev/null)
- SELFTEST_FLAGS = -nostdinc $(DEVNULL) -S -o $(DEVNULL) \
- 	-fself-test=$(srcdir)/testsuite/selftests
- 
-SELFTEST_DEPS = $(GCC_PASSES) stmp-int-hdrs $(srcdir)/testsuite/selftests
-
- # Run the selftests during the build once we have a driver and the frontend,
- # so that self-test failures are caught as early as possible.
- # Use "s-selftest-FE" to ensure that we only run the selftests if the
-- 
-2.25.4
-
--- a/package/gcc/9.4.0/0001-or1k-Fix-issue-with-set_got-clobbering-LR-r9.patch
+++ b/package/gcc/9.4.0/0001-or1k-Fix-issue-with-set_got-clobbering-LR-r9.patch
@@ -1,4 +1,4 @@
-From 1383012ae409ed91903b2b76ee15137bc1f89900 Mon Sep 17 00:00:00 2001
+From 014db5e5febec94e35c13ce89ee6b389328873a1 Mon Sep 17 00:00:00 2001
 From: shorne <shorne@138bc75d-0d04-0410-961f-82ee72b054a4>
 Date: Sat, 31 Aug 2019 06:00:56 +0000
 Subject: [PATCH] or1k: Fix issue with set_got clobbering LR (r9)
@@ -101,5 +101,5 @@ index 2dad51cd46b..88f3f02630f 100644
    (clobber (reg:SI LR_REGNUM))]
   ""
 -- 
-2.24.1
+2.31.1

--- a/package/gcc/9.4.0/0002-gcc-define-_REENTRANT-for-OpenRISC-when-pthread-is-p.patch
+++ b/package/gcc/9.4.0/0002-gcc-define-_REENTRANT-for-OpenRISC-when-pthread-is-p.patch
@@ -1,4 +1,4 @@
-From 2aefc4ee703ce3ff70ad25915005cacfbaae0c49 Mon Sep 17 00:00:00 2001
+From f80e9941739fb3973b61fc6a5abddef5ad2faf73 Mon Sep 17 00:00:00 2001
 From: Bernd Kuhls <bernd.kuhls@t-online.de>
 Date: Fri, 27 Mar 2020 21:23:53 +0100
 Subject: [PATCH] gcc: define _REENTRANT for OpenRISC when -pthread is passed
@@ -14,7 +14,7 @@ Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
 1 file changed, 2 insertions(+)

 diff --git a/gcc/config/or1k/linux.h b/gcc/config/or1k/linux.h
-index 4b2f7b6e1fd..b00d23ddfa0 100644
+index cbdc781418f..36303af892c 100644
 --- a/gcc/config/or1k/linux.h
 +++ b/gcc/config/or1k/linux.h
@@ -32,6 +32,8 @@
@@ -27,5 +27,5 @@ index 4b2f7b6e1fd..b00d23ddfa0 100644
 #define LINK_SPEC "%{h*}			\
    %{static:-Bstatic}				\
 -- 
-2.21.0
+2.31.1

--- a/package/gcc/9.4.0/0003-Revert-re-PR-target-92095-internal-error-with-O1-mcp.patch
+++ b/package/gcc/9.4.0/0003-Revert-re-PR-target-92095-internal-error-with-O1-mcp.patch
@@ -1,4 +1,4 @@
-From 0d7fe4806d9dce76367c193d5199df6a2b98009f Mon Sep 17 00:00:00 2001
+From 1107ecc3e8af31adc7bbd4e08c0614836bd1cebd Mon Sep 17 00:00:00 2001
 From: Romain Naour <romain.naour@gmail.com>
 Date: Wed, 20 Jan 2021 23:22:16 +0100
 Subject: [PATCH] Revert "re PR target/92095 (internal error with -O1
@@ -30,7 +30,7 @@ Cc: Eric Botcazou <ebotcazou@gcc.gnu.org>
 delete mode 100644 gcc/testsuite/gcc.c-torture/compile/20191108-1.c

 diff --git a/gcc/config/sparc/sparc-protos.h b/gcc/config/sparc/sparc-protos.h
-index ef1adb69ede..9bdae7b9faa 100644
+index f1c120c4860..f4b6f00a7b1 100644
 --- a/gcc/config/sparc/sparc-protos.h
 +++ b/gcc/config/sparc/sparc-protos.h
@@ -69,7 +69,6 @@ extern void sparc_split_reg_mem (rtx, rtx, machine_mode);
@@ -42,10 +42,10 @@ index ef1adb69ede..9bdae7b9faa 100644
 extern const char *output_cbranch (rtx, rtx, int, int, int, rtx_insn *);
 extern const char *output_return (rtx_insn *);
 diff --git a/gcc/config/sparc/sparc.c b/gcc/config/sparc/sparc.c
-index a993aab7639..2974d174e93 100644
+index 0553dc501e6..516dcf96d7b 100644
 --- a/gcc/config/sparc/sparc.c
 +++ b/gcc/config/sparc/sparc.c
-@@ -4205,6 +4205,13 @@ eligible_for_sibcall_delay (rtx_insn *trial)
+@@ -4170,6 +4170,13 @@ eligible_for_sibcall_delay (rtx_insn *trial)
 static bool
 sparc_cannot_force_const_mem (machine_mode mode, rtx x)
 {
@@ -59,7 +59,7 @@ index a993aab7639..2974d174e93 100644
   switch (GET_CODE (x))
     {
     case CONST_INT:
-@@ -4240,11 +4247,9 @@ sparc_cannot_force_const_mem (machine_mode mode, rtx x)
+@@ -4205,11 +4212,9 @@ sparc_cannot_force_const_mem (machine_mode mode, rtx x)
 }
 
 /* Global Offset Table support.  */
@@ -73,7 +73,7 @@ index a993aab7639..2974d174e93 100644
 
 /* Return the SYMBOL_REF for the Global Offset Table.  */
 
-@@ -4257,6 +4262,27 @@ sparc_got (void)
+@@ -4222,6 +4227,27 @@ sparc_got (void)
   return got_symbol_rtx;
 }
 
@@ -101,7 +101,7 @@ index a993aab7639..2974d174e93 100644
 /* Wrapper around the load_pcrel_sym{si,di} patterns.  */
 
 static rtx
-@@ -4276,78 +4302,30 @@ gen_load_pcrel_sym (rtx op0, rtx op1, rtx op2)
+@@ -4241,78 +4267,30 @@ gen_load_pcrel_sym (rtx op0, rtx op1, rtx op2)
   return insn;
 }
 
@@ -186,7 +186,7 @@ index a993aab7639..2974d174e93 100644
 }
 
 /* Ensure that we are not using patterns that are not OK with PIC.  */
-@@ -5512,7 +5490,7 @@ save_local_or_in_reg_p (unsigned int regno, int leaf_function)
+@@ -5477,7 +5455,7 @@ save_local_or_in_reg_p (unsigned int regno, int leaf_function)
     return true;
 
   /* GOT register (%l7) if needed.  */
@@ -195,7 +195,7 @@ index a993aab7639..2974d174e93 100644
     return true;
 
   /* If the function accesses prior frames, the frame pointer and the return
-@@ -12555,9 +12533,10 @@ static void
+@@ -12520,9 +12498,10 @@ static void
 sparc_file_end (void)
 {
   /* If we need to emit the special GOT helper function, do so now.  */
@@ -207,7 +207,7 @@ index a993aab7639..2974d174e93 100644
 #ifdef DWARF2_UNWIND_INFO
       bool do_cfi;
 #endif
-@@ -12594,22 +12573,17 @@ sparc_file_end (void)
+@@ -12559,22 +12538,17 @@ sparc_file_end (void)
 #ifdef DWARF2_UNWIND_INFO
       do_cfi = dwarf2out_do_cfi_asm ();
       if (do_cfi)
@@ -236,7 +236,7 @@ index a993aab7639..2974d174e93 100644
 #endif
     }
 
-@@ -13115,10 +13089,7 @@ sparc_init_pic_reg (void)
+@@ -13080,10 +13054,7 @@ sparc_init_pic_reg (void)
   edge entry_edge;
   rtx_insn *seq;
 
@@ -249,10 +249,10 @@ index a993aab7639..2974d174e93 100644
 
   start_sequence ();
 diff --git a/gcc/config/sparc/sparc.md b/gcc/config/sparc/sparc.md
-index 0a6e27ffa83..7af62d599b9 100644
+index d9ef79c13cc..6dbd054f1c7 100644
 --- a/gcc/config/sparc/sparc.md
 +++ b/gcc/config/sparc/sparc.md
-@@ -1604,7 +1604,10 @@
+@@ -1601,7 +1601,10 @@
    (clobber (reg:P O7_REG))]
   "REGNO (operands[0]) == INTVAL (operands[3])"
 {
@@ -321,5 +321,5 @@ index f00283f6e7b..67d4ac38095 100644
 #include <stdbool.h>
 #include <stdint.h>
 -- 
-2.25.4
+2.31.1

--- a/package/gcc/9.4.0/0004-or1k-Add-mcmodel-option-to-handle-large-GOTs.patch
+++ b/package/gcc/9.4.0/0004-or1k-Add-mcmodel-option-to-handle-large-GOTs.patch
@@ -1,4 +1,4 @@
-From 1af3ab7fc3e4f2ae835c976486e8af0762674af3 Mon Sep 17 00:00:00 2001
+From 90b202b59fa2bdb68314a23471b32d3e16602bc8 Mon Sep 17 00:00:00 2001
 From: Stafford Horne <shorne@gmail.com>
 Date: Sun, 2 May 2021 06:11:44 +0900
 Subject: [PATCH] or1k: Add mcmodel option to handle large GOTs
@@ -104,7 +104,7 @@ index fc10fcfabde..df67d72b139 100644
   reloc_type type = RTYPE_DIRECT;
 
 diff --git a/gcc/config/or1k/or1k.h b/gcc/config/or1k/or1k.h
-index 6dda230f217..858f30743b7 100644
+index feee702d89c..dbaf0d0fe4c 100644
 --- a/gcc/config/or1k/or1k.h
 +++ b/gcc/config/or1k/or1k.h
@@ -21,6 +21,8 @@
@@ -166,10 +166,10 @@ index 7bdbd842dd4..116524c3441 100644
 Target RejectNegative Mask(CMOV)
 Allows generation of binaries which use the l.cmov instruction.  If your target
 diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
-index 0ab6c9c6449..0904b2b5a41 100644
+index 7b5f6e03d9f..683c64417af 100644
 --- a/gcc/doc/invoke.texi
 +++ b/gcc/doc/invoke.texi
-@@ -1030,7 +1030,9 @@ Objective-C and Objective-C++ Dialects}.
+@@ -1032,7 +1032,9 @@ Objective-C and Objective-C++ Dialects}.
 @emph{OpenRISC Options}
 @gccoptlist{-mboard=@var{name}  -mnewlib  -mhard-mul  -mhard-div @gol
 -msoft-mul  -msoft-div @gol
@@ -180,7 +180,7 @@ index 0ab6c9c6449..0904b2b5a41 100644
 
 @emph{PDP-11 Options}
 @gccoptlist{-mfpu  -msoft-float  -mac0  -mno-ac0  -m40  -m45  -m10 @gol
-@@ -27408,6 +27410,15 @@ MWAITX, SHA, CLZERO, AES, PCL_MUL, CX16, MOVBE, MMX, SSE, SSE2, SSE3, SSE4A,
+@@ -27462,6 +27464,15 @@ MWAITX, SHA, CLZERO, AES, PCL_MUL, CX16, MOVBE, MMX, SSE, SSE2, SSE3, SSE4A,
 SSSE3, SSE4.1, SSE4.2, ABM, XSAVEC, XSAVES, CLFLUSHOPT, POPCNT, and 64-bit
 instruction set extensions.)
 
@@ -197,5 +197,5 @@ index 0ab6c9c6449..0904b2b5a41 100644
 @item btver1
 CPUs based on AMD Family 14h cores with x86-64 instruction set support.  (This
 -- 
-2.25.1
+2.31.1

--- a/package/gcc/9.4.0/0005-or1k-Use-cmodel-large-when-building-crtstuff.patch
+++ b/package/gcc/9.4.0/0005-or1k-Use-cmodel-large-when-building-crtstuff.patch
@@ -1,4 +1,4 @@
-From b540f7b916ba7cf2059b84c5cc8d08c67ebe9a0b Mon Sep 17 00:00:00 2001
+From d64a757040fe36b0d9dc65d24107c656f66bc8e5 Mon Sep 17 00:00:00 2001
 From: Stafford Horne <shorne@gmail.com>
 Date: Sun, 2 May 2021 06:11:45 +0900
 Subject: [PATCH] or1k: Use cmodel=large when building crtstuff
@@ -29,10 +29,10 @@ Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
 create mode 100644 libgcc/config/or1k/t-crtstuff

 diff --git a/libgcc/config.host b/libgcc/config.host
-index 0f15fda3612..0c21d384e6f 100644
+index bdbf77a3e62..bfb45a90630 100644
 --- a/libgcc/config.host
 +++ b/libgcc/config.host
-@@ -1051,12 +1051,12 @@ nios2-*-*)
+@@ -1061,12 +1061,12 @@ nios2-*-*)
 	extra_parts="$extra_parts crti.o crtn.o"
 	;;
 or1k-*-linux*)
@@ -56,5 +56,5 @@ index 00000000000..dcae7f3498e
 +# Compile crtbeginS.o and crtendS.o with -mcmodel=large
 +CRTSTUFF_T_CFLAGS_S += -mcmodel=large
 -- 
-2.25.1
+2.31.1

--- a/package/gcc/Config.in.host
+++ b/package/gcc/Config.in.host
@@ -73,7 +73,7 @@ config BR2_GCC_SUPPORTS_DLANG
 config BR2_GCC_VERSION
 	string
 	default "8.4.0"     if BR2_GCC_VERSION_8_X
-	default "9.3.0"     if BR2_GCC_VERSION_9_X
+	default "9.4.0"     if BR2_GCC_VERSION_9_X
 	default "10.3.0"    if BR2_GCC_VERSION_10_X
 	default "arc-2020.09-release" if BR2_GCC_VERSION_ARC
 	default "48152afb96c59733d5bc79e3399bb7b3d4b44266" if BR2_GCC_VERSION_CSKY
--- a/package/gcc/gcc.hash
+++ b/package/gcc/gcc.hash
@@ -1,7 +1,7 @@
 # From ftp://gcc.gnu.org/pub/gcc/releases/gcc-8.4.0/sha512.sum
 sha512  6de904f552a02de33b11ef52312bb664396efd7e1ce3bbe37bfad5ef617f133095b3767b4804bc7fe78df335cb53bc83f1ac055baed40979ce4c2c3e46b70280  gcc-8.4.0.tar.xz
-#  From ftp://gcc.gnu.org/pub/gcc/releases/gcc-9.3.0/sha512.sum
-sha512  4b9e3639eef6e623747a22c37a904b4750c93b6da77cf3958d5047e9b5ebddb7eebe091cc16ca0a227c0ecbd2bf3b984b221130f269a97ee4cc18f9cf6c444de  gcc-9.3.0.tar.xz
+#  From ftp://gcc.gnu.org/pub/gcc/releases/gcc-9.4.0/sha512.sum
+sha512  dfd3500bf21784b8351a522d53463cf362ede66b0bc302edf350bb44e94418497a8b4b797b6af8ca9b2eeb746b3b115d9c3698381b989546e9151b4496415624  gcc-9.4.0.tar.xz
 # From ftp://gcc.gnu.org/pub/gcc/releases/gcc-10.3.0/sha512.sum
 sha512  2b2dd7453d48a398c29eaebd1422b70341001b8c90a62aee51e83344e7fdd8a8e45f82a4a9165bd7edc76dada912c932f4b6632c5636760fec4c5d7e402b3f86  gcc-10.3.0.tar.xz

--- a/package/gcr/gcr.mk
+++ b/package/gcr/gcr.mk
@@ -25,9 +25,9 @@ GCR_LICENSE_FILES = COPYING

 ifeq ($(BR2_PACKAGE_GOBJECT_INTROSPECTION),y)
 GCR_DEPENDENCIES += gobject-introspection host-libxslt
-GCR_CONF_OPTS += --with-introspection
+GCR_CONF_OPTS += --enable-introspection
 else
-GCR_CONF_OPTS += --without-introspection
+GCR_CONF_OPTS += --disable-introspection
 endif

 # Only the X11 backend is supported for the simple GUI
--- a/package/gdb/4ecb98fbc2f94dbe01b69384afbc515107de73df/0001-Fix-Python3.9-related-runtime-problems.patch
+++ b/package/gdb/4ecb98fbc2f94dbe01b69384afbc515107de73df/0001-Fix-Python3.9-related-runtime-problems.patch
@@ -0,0 +1,193 @@
+From 8342feee01e4e8d38affcf35e47ad900567f42e0 Mon Sep 17 00:00:00 2001
+From: Kevin Buettner <kevinb@redhat.com>
+Date: Wed, 27 May 2020 20:05:40 -0700
+Subject: [PATCH] Fix Python3.9 related runtime problems
+
+Python3.9b1 is now available on Rawhide.  GDB w/ Python 3.9 support
+can be built using the configure switch -with-python=/usr/bin/python3.9.
+
+Attempting to run gdb/Python3.9 segfaults on startup:
+
+    #0  0x00007ffff7b0582c in PyEval_ReleaseLock () from /lib64/libpython3.9.so.1.0
+    #1  0x000000000069ccbf in do_start_initialization ()
+	at worktree-test1/gdb/python/python.c:1789
+    #2  _initialize_python ()
+	at worktree-test1/gdb/python/python.c:1877
+    #3  0x00000000007afb0a in initialize_all_files () at init.c:237
+    ...
+
+Consulting the the documentation...
+
+https://docs.python.org/3/c-api/init.html
+
+...we find that PyEval_ReleaseLock() has been deprecated since version
+3.2.  It recommends using PyEval_SaveThread or PyEval_ReleaseThread()
+instead.  In do_start_initialization, in gdb/python/python.c, we
+can replace the calls to PyThreadState_Swap() and PyEval_ReleaseLock()
+with a single call to PyEval_SaveThread.   (Thanks to Keith Seitz
+for working this out.)
+
+With that in place, GDB gets a little bit further.  It still dies
+on startup, but the backtrace is different:
+
+    #0  0x00007ffff7b04306 in PyOS_InterruptOccurred ()
+       from /lib64/libpython3.9.so.1.0
+    #1  0x0000000000576e86 in check_quit_flag ()
+	at worktree-test1/gdb/extension.c:776
+    #2  0x0000000000576f8a in set_active_ext_lang (now_active=now_active@entry=0x983c00 <extension_language_python>)
+	at worktree-test1/gdb/extension.c:705
+    #3  0x000000000069d399 in gdbpy_enter::gdbpy_enter (this=0x7fffffffd2d0,
+	gdbarch=0x0, language=0x0)
+	at worktree-test1/gdb/python/python.c:211
+    #4  0x0000000000686e00 in python_new_inferior (inf=0xddeb10)
+	at worktree-test1/gdb/python/py-inferior.c:251
+    #5  0x00000000005d9fb9 in std::function<void (inferior*)>::operator()(inferior*) const (__args#0=<optimized out>, this=0xccad20)
+	at /usr/include/c++/10/bits/std_function.h:617
+    #6  gdb::observers::observable<inferior*>::notify (args#0=0xddeb10,
+	this=<optimized out>)
+	at worktree-test1/gdb/../gdbsupport/observable.h:106
+    #7  add_inferior_silent (pid=0)
+	at worktree-test1/gdb/inferior.c:113
+    #8  0x00000000005dbcb8 in initialize_inferiors ()
+	at worktree-test1/gdb/inferior.c:947
+    ...
+
+We checked with some Python Developers and were told that we should
+acquire the GIL prior to calling any Python C API function.  We
+definitely don't have the GIL for calls of PyOS_InterruptOccurred().
+
+I moved class_gdbpy_gil earlier in the file and use it in
+gdbpy_check_quit_flag() to acquire (and automatically release) the
+GIL.
+
+With those changes in place, I was able to run to a GDB prompt.  But,
+when trying to quit, it segfaulted again due to due to some other
+problems with gdbpy_check_quit_flag():
+
+    Thread 1 "gdb" received signal SIGSEGV, Segmentation fault.
+    0x00007ffff7bbab0c in new_threadstate () from /lib64/libpython3.9.so.1.0
+    (top-gdb) bt 8
+    #0  0x00007ffff7bbab0c in new_threadstate () from /lib64/libpython3.9.so.1.0
+    #1  0x00007ffff7afa5ea in PyGILState_Ensure.cold ()
+       from /lib64/libpython3.9.so.1.0
+    #2  0x000000000069b58c in gdbpy_gil::gdbpy_gil (this=<synthetic pointer>)
+	at worktree-test1/gdb/python/python.c:278
+    #3  gdbpy_check_quit_flag (extlang=<optimized out>)
+	at worktree-test1/gdb/python/python.c:278
+    #4  0x0000000000576e96 in check_quit_flag ()
+	at worktree-test1/gdb/extension.c:776
+    #5  0x000000000057700c in restore_active_ext_lang (previous=0xe9c050)
+	at worktree-test1/gdb/extension.c:729
+    #6  0x000000000088913a in do_my_cleanups (
+	pmy_chain=0xc31870 <final_cleanup_chain>,
+	old_chain=0xae5720 <sentinel_cleanup>)
+	at worktree-test1/gdbsupport/cleanups.cc:131
+    #7  do_final_cleanups ()
+	at worktree-test1/gdbsupport/cleanups.cc:143
+
+In this case, we're trying to call a Python C API function after
+Py_Finalize() has been called from finalize_python().  I made
+finalize_python set gdb_python_initialized to false and then cause
+check_quit_flag() to return early when it's false.
+
+With these changes in place, GDB seems to be working again with
+Python3.9b1.  I think it likely that there are other problems lurking.
+I wouldn't be surprised to find that there are other calls into Python
+where we don't first make sure that we have the GIL.  Further changes
+may well be needed.
+
+I see no regressions testing on Rawhide using a GDB built with the
+default Python version (3.8.3) versus one built using Python 3.9b1.
+
+I've also tested on Fedora 28, 29, 30, 31, and 32 (all x86_64) using
+the default (though updated) system installed versions of Python on
+those OSes.  This means that I've tested against Python versions
+2.7.15, 2.7.17, 2.7.18, 3.7.7, 3.8.2, and 3.8.3.  In each case GDB
+still builds without problem and shows no regressions after applying
+this patch.
+
+gdb/ChangeLog:
+
+2020-MM-DD  Kevin Buettner  <kevinb@redhat.com>
+	    Keith Seitz  <keiths@redhat.com>
+
+	* python/python.c (do_start_initialization): For Python 3.9 and
+	later, call PyEval_SaveThread instead of PyEval_ReleaseLock.
+	(class gdbpy_gil): Move to earlier in file.
+	(finalize_python): Set gdb_python_initialized.
+	(gdbpy_check_quit_flag): Acquire GIL via gdbpy_gil.  Return early
+	when not initialized.
+
+[import into Buildroot, removing ChangeLog change to avoid conflict]
+Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
+---
+ gdb/python/python.c | 32 ++++++++++++++++++++++++++++++--
+ 1 file changed, 30 insertions(+), 2 deletions(-)
+
+diff --git a/gdb/python/python.c b/gdb/python/python.c
+index b00b70be85b..0eee3f0397c 100644
+--- a/gdb/python/python.c
+++ b/gdb/python/python.c
+@@ -268,6 +268,30 @@ ensure_python_env (struct gdbarch *gdbarch,
+   return make_cleanup (restore_python_env, env);
+ }
+ 
+/* A helper class to save and restore the GIL, but without touching
+   the other globals that are handled by gdbpy_enter.  */
+
+class gdbpy_gil
+{
+public:
+
+  gdbpy_gil ()
+    : m_state (PyGILState_Ensure ())
+  {
+  }
+
+  ~gdbpy_gil ()
+  {
+    PyGILState_Release (m_state);
+  }
+
+  DISABLE_COPY_AND_ASSIGN (gdbpy_gil);
+
+private:
+
+  PyGILState_STATE m_state;
+};
+
+ /* Set the quit flag.  */
+ 
+ static void
+@@ -281,6 +305,10 @@ gdbpy_set_quit_flag (const struct extension_language_defn *extlang)
+ static int
+ gdbpy_check_quit_flag (const struct extension_language_defn *extlang)
+ {
+  if (!gdb_python_initialized)
+    return 0;
+
+  gdbpy_gil gil;
+   return PyOS_InterruptOccurred ();
+ }
+ 
+@@ -1620,6 +1648,7 @@ finalize_python (void *ignore)
+ 
+   Py_Finalize ();
+ 
+  gdb_python_initialized = false;
+   restore_active_ext_lang (previous_active);
+ }
+ #endif
+@@ -1854,8 +1883,7 @@ message == an error message without a stack will be printed."),
+     goto fail;
+ 
+   /* Release the GIL while gdb runs.  */
+-  PyThreadState_Swap (NULL);
+-  PyEval_ReleaseLock ();
+  PyEval_SaveThread ();
+ 
+   make_final_cleanup (finalize_python, NULL);
+ 
+-- 
+2.31.1
+
--- a/package/gdb/8.3.1/0007-Fix-Python3.9-related-runtime-problems.patch
+++ b/package/gdb/8.3.1/0007-Fix-Python3.9-related-runtime-problems.patch
@@ -0,0 +1,193 @@
+From 51ef4f6ec819259d4a57fa4155ee78700918f8ff Mon Sep 17 00:00:00 2001
+From: Kevin Buettner <kevinb@redhat.com>
+Date: Wed, 27 May 2020 20:05:40 -0700
+Subject: [PATCH] Fix Python3.9 related runtime problems
+
+Python3.9b1 is now available on Rawhide.  GDB w/ Python 3.9 support
+can be built using the configure switch -with-python=/usr/bin/python3.9.
+
+Attempting to run gdb/Python3.9 segfaults on startup:
+
+    #0  0x00007ffff7b0582c in PyEval_ReleaseLock () from /lib64/libpython3.9.so.1.0
+    #1  0x000000000069ccbf in do_start_initialization ()
+	at worktree-test1/gdb/python/python.c:1789
+    #2  _initialize_python ()
+	at worktree-test1/gdb/python/python.c:1877
+    #3  0x00000000007afb0a in initialize_all_files () at init.c:237
+    ...
+
+Consulting the the documentation...
+
+https://docs.python.org/3/c-api/init.html
+
+...we find that PyEval_ReleaseLock() has been deprecated since version
+3.2.  It recommends using PyEval_SaveThread or PyEval_ReleaseThread()
+instead.  In do_start_initialization, in gdb/python/python.c, we
+can replace the calls to PyThreadState_Swap() and PyEval_ReleaseLock()
+with a single call to PyEval_SaveThread.   (Thanks to Keith Seitz
+for working this out.)
+
+With that in place, GDB gets a little bit further.  It still dies
+on startup, but the backtrace is different:
+
+    #0  0x00007ffff7b04306 in PyOS_InterruptOccurred ()
+       from /lib64/libpython3.9.so.1.0
+    #1  0x0000000000576e86 in check_quit_flag ()
+	at worktree-test1/gdb/extension.c:776
+    #2  0x0000000000576f8a in set_active_ext_lang (now_active=now_active@entry=0x983c00 <extension_language_python>)
+	at worktree-test1/gdb/extension.c:705
+    #3  0x000000000069d399 in gdbpy_enter::gdbpy_enter (this=0x7fffffffd2d0,
+	gdbarch=0x0, language=0x0)
+	at worktree-test1/gdb/python/python.c:211
+    #4  0x0000000000686e00 in python_new_inferior (inf=0xddeb10)
+	at worktree-test1/gdb/python/py-inferior.c:251
+    #5  0x00000000005d9fb9 in std::function<void (inferior*)>::operator()(inferior*) const (__args#0=<optimized out>, this=0xccad20)
+	at /usr/include/c++/10/bits/std_function.h:617
+    #6  gdb::observers::observable<inferior*>::notify (args#0=0xddeb10,
+	this=<optimized out>)
+	at worktree-test1/gdb/../gdbsupport/observable.h:106
+    #7  add_inferior_silent (pid=0)
+	at worktree-test1/gdb/inferior.c:113
+    #8  0x00000000005dbcb8 in initialize_inferiors ()
+	at worktree-test1/gdb/inferior.c:947
+    ...
+
+We checked with some Python Developers and were told that we should
+acquire the GIL prior to calling any Python C API function.  We
+definitely don't have the GIL for calls of PyOS_InterruptOccurred().
+
+I moved class_gdbpy_gil earlier in the file and use it in
+gdbpy_check_quit_flag() to acquire (and automatically release) the
+GIL.
+
+With those changes in place, I was able to run to a GDB prompt.  But,
+when trying to quit, it segfaulted again due to due to some other
+problems with gdbpy_check_quit_flag():
+
+    Thread 1 "gdb" received signal SIGSEGV, Segmentation fault.
+    0x00007ffff7bbab0c in new_threadstate () from /lib64/libpython3.9.so.1.0
+    (top-gdb) bt 8
+    #0  0x00007ffff7bbab0c in new_threadstate () from /lib64/libpython3.9.so.1.0
+    #1  0x00007ffff7afa5ea in PyGILState_Ensure.cold ()
+       from /lib64/libpython3.9.so.1.0
+    #2  0x000000000069b58c in gdbpy_gil::gdbpy_gil (this=<synthetic pointer>)
+	at worktree-test1/gdb/python/python.c:278
+    #3  gdbpy_check_quit_flag (extlang=<optimized out>)
+	at worktree-test1/gdb/python/python.c:278
+    #4  0x0000000000576e96 in check_quit_flag ()
+	at worktree-test1/gdb/extension.c:776
+    #5  0x000000000057700c in restore_active_ext_lang (previous=0xe9c050)
+	at worktree-test1/gdb/extension.c:729
+    #6  0x000000000088913a in do_my_cleanups (
+	pmy_chain=0xc31870 <final_cleanup_chain>,
+	old_chain=0xae5720 <sentinel_cleanup>)
+	at worktree-test1/gdbsupport/cleanups.cc:131
+    #7  do_final_cleanups ()
+	at worktree-test1/gdbsupport/cleanups.cc:143
+
+In this case, we're trying to call a Python C API function after
+Py_Finalize() has been called from finalize_python().  I made
+finalize_python set gdb_python_initialized to false and then cause
+check_quit_flag() to return early when it's false.
+
+With these changes in place, GDB seems to be working again with
+Python3.9b1.  I think it likely that there are other problems lurking.
+I wouldn't be surprised to find that there are other calls into Python
+where we don't first make sure that we have the GIL.  Further changes
+may well be needed.
+
+I see no regressions testing on Rawhide using a GDB built with the
+default Python version (3.8.3) versus one built using Python 3.9b1.
+
+I've also tested on Fedora 28, 29, 30, 31, and 32 (all x86_64) using
+the default (though updated) system installed versions of Python on
+those OSes.  This means that I've tested against Python versions
+2.7.15, 2.7.17, 2.7.18, 3.7.7, 3.8.2, and 3.8.3.  In each case GDB
+still builds without problem and shows no regressions after applying
+this patch.
+
+gdb/ChangeLog:
+
+2020-MM-DD  Kevin Buettner  <kevinb@redhat.com>
+	    Keith Seitz  <keiths@redhat.com>
+
+	* python/python.c (do_start_initialization): For Python 3.9 and
+	later, call PyEval_SaveThread instead of PyEval_ReleaseLock.
+	(class gdbpy_gil): Move to earlier in file.
+	(finalize_python): Set gdb_python_initialized.
+	(gdbpy_check_quit_flag): Acquire GIL via gdbpy_gil.  Return early
+	when not initialized.
+
+[import into Buildroot, removing ChangeLog change to avoid conflict]
+Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
+---
+ gdb/python/python.c | 32 ++++++++++++++++++++++++++++++--
+ 1 file changed, 30 insertions(+), 2 deletions(-)
+
+diff --git a/gdb/python/python.c b/gdb/python/python.c
+index c23db2c1261..0b77354630e 100644
+--- a/gdb/python/python.c
+++ b/gdb/python/python.c
+@@ -235,6 +235,30 @@ gdbpy_enter::~gdbpy_enter ()
+   restore_active_ext_lang (m_previous_active);
+ }
+ 
+/* A helper class to save and restore the GIL, but without touching
+   the other globals that are handled by gdbpy_enter.  */
+
+class gdbpy_gil
+{
+public:
+
+  gdbpy_gil ()
+    : m_state (PyGILState_Ensure ())
+  {
+  }
+
+  ~gdbpy_gil ()
+  {
+    PyGILState_Release (m_state);
+  }
+
+  DISABLE_COPY_AND_ASSIGN (gdbpy_gil);
+
+private:
+
+  PyGILState_STATE m_state;
+};
+
+ /* Set the quit flag.  */
+ 
+ static void
+@@ -248,6 +272,10 @@ gdbpy_set_quit_flag (const struct extension_language_defn *extlang)
+ static int
+ gdbpy_check_quit_flag (const struct extension_language_defn *extlang)
+ {
+  if (!gdb_python_initialized)
+    return 0;
+
+  gdbpy_gil gil;
+   return PyOS_InterruptOccurred ();
+ }
+ 
+@@ -1573,6 +1601,7 @@ finalize_python (void *ignore)
+ 
+   Py_Finalize ();
+ 
+  gdb_python_initialized = false;
+   restore_active_ext_lang (previous_active);
+ }
+ 
+@@ -1736,8 +1765,7 @@ do_start_initialization ()
+     return false;
+ 
+   /* Release the GIL while gdb runs.  */
+-  PyThreadState_Swap (NULL);
+-  PyEval_ReleaseLock ();
+  PyEval_SaveThread ();
+ 
+   make_final_cleanup (finalize_python, NULL);
+ 
+-- 
+2.31.1
+
--- a/package/gdb/9.2/0007-Fix-Python3.9-related-runtime-problems.patch
+++ b/package/gdb/9.2/0007-Fix-Python3.9-related-runtime-problems.patch
@@ -0,0 +1,227 @@
+From c47bae859a5af0d95224d90000df0e529f7c5aa0 Mon Sep 17 00:00:00 2001
+From: Kevin Buettner <kevinb@redhat.com>
+Date: Wed, 27 May 2020 20:05:40 -0700
+Subject: [PATCH] Fix Python3.9 related runtime problems
+
+Python3.9b1 is now available on Rawhide.  GDB w/ Python 3.9 support
+can be built using the configure switch -with-python=/usr/bin/python3.9.
+
+Attempting to run gdb/Python3.9 segfaults on startup:
+
+    #0  0x00007ffff7b0582c in PyEval_ReleaseLock () from /lib64/libpython3.9.so.1.0
+    #1  0x000000000069ccbf in do_start_initialization ()
+	at worktree-test1/gdb/python/python.c:1789
+    #2  _initialize_python ()
+	at worktree-test1/gdb/python/python.c:1877
+    #3  0x00000000007afb0a in initialize_all_files () at init.c:237
+    ...
+
+Consulting the the documentation...
+
+https://docs.python.org/3/c-api/init.html
+
+...we find that PyEval_ReleaseLock() has been deprecated since version
+3.2.  It recommends using PyEval_SaveThread or PyEval_ReleaseThread()
+instead.  In do_start_initialization, in gdb/python/python.c, we
+can replace the calls to PyThreadState_Swap() and PyEval_ReleaseLock()
+with a single call to PyEval_SaveThread.   (Thanks to Keith Seitz
+for working this out.)
+
+With that in place, GDB gets a little bit further.  It still dies
+on startup, but the backtrace is different:
+
+    #0  0x00007ffff7b04306 in PyOS_InterruptOccurred ()
+       from /lib64/libpython3.9.so.1.0
+    #1  0x0000000000576e86 in check_quit_flag ()
+	at worktree-test1/gdb/extension.c:776
+    #2  0x0000000000576f8a in set_active_ext_lang (now_active=now_active@entry=0x983c00 <extension_language_python>)
+	at worktree-test1/gdb/extension.c:705
+    #3  0x000000000069d399 in gdbpy_enter::gdbpy_enter (this=0x7fffffffd2d0,
+	gdbarch=0x0, language=0x0)
+	at worktree-test1/gdb/python/python.c:211
+    #4  0x0000000000686e00 in python_new_inferior (inf=0xddeb10)
+	at worktree-test1/gdb/python/py-inferior.c:251
+    #5  0x00000000005d9fb9 in std::function<void (inferior*)>::operator()(inferior*) const (__args#0=<optimized out>, this=0xccad20)
+	at /usr/include/c++/10/bits/std_function.h:617
+    #6  gdb::observers::observable<inferior*>::notify (args#0=0xddeb10,
+	this=<optimized out>)
+	at worktree-test1/gdb/../gdbsupport/observable.h:106
+    #7  add_inferior_silent (pid=0)
+	at worktree-test1/gdb/inferior.c:113
+    #8  0x00000000005dbcb8 in initialize_inferiors ()
+	at worktree-test1/gdb/inferior.c:947
+    ...
+
+We checked with some Python Developers and were told that we should
+acquire the GIL prior to calling any Python C API function.  We
+definitely don't have the GIL for calls of PyOS_InterruptOccurred().
+
+I moved class_gdbpy_gil earlier in the file and use it in
+gdbpy_check_quit_flag() to acquire (and automatically release) the
+GIL.
+
+With those changes in place, I was able to run to a GDB prompt.  But,
+when trying to quit, it segfaulted again due to due to some other
+problems with gdbpy_check_quit_flag():
+
+    Thread 1 "gdb" received signal SIGSEGV, Segmentation fault.
+    0x00007ffff7bbab0c in new_threadstate () from /lib64/libpython3.9.so.1.0
+    (top-gdb) bt 8
+    #0  0x00007ffff7bbab0c in new_threadstate () from /lib64/libpython3.9.so.1.0
+    #1  0x00007ffff7afa5ea in PyGILState_Ensure.cold ()
+       from /lib64/libpython3.9.so.1.0
+    #2  0x000000000069b58c in gdbpy_gil::gdbpy_gil (this=<synthetic pointer>)
+	at worktree-test1/gdb/python/python.c:278
+    #3  gdbpy_check_quit_flag (extlang=<optimized out>)
+	at worktree-test1/gdb/python/python.c:278
+    #4  0x0000000000576e96 in check_quit_flag ()
+	at worktree-test1/gdb/extension.c:776
+    #5  0x000000000057700c in restore_active_ext_lang (previous=0xe9c050)
+	at worktree-test1/gdb/extension.c:729
+    #6  0x000000000088913a in do_my_cleanups (
+	pmy_chain=0xc31870 <final_cleanup_chain>,
+	old_chain=0xae5720 <sentinel_cleanup>)
+	at worktree-test1/gdbsupport/cleanups.cc:131
+    #7  do_final_cleanups ()
+	at worktree-test1/gdbsupport/cleanups.cc:143
+
+In this case, we're trying to call a Python C API function after
+Py_Finalize() has been called from finalize_python().  I made
+finalize_python set gdb_python_initialized to false and then cause
+check_quit_flag() to return early when it's false.
+
+With these changes in place, GDB seems to be working again with
+Python3.9b1.  I think it likely that there are other problems lurking.
+I wouldn't be surprised to find that there are other calls into Python
+where we don't first make sure that we have the GIL.  Further changes
+may well be needed.
+
+I see no regressions testing on Rawhide using a GDB built with the
+default Python version (3.8.3) versus one built using Python 3.9b1.
+
+I've also tested on Fedora 28, 29, 30, 31, and 32 (all x86_64) using
+the default (though updated) system installed versions of Python on
+those OSes.  This means that I've tested against Python versions
+2.7.15, 2.7.17, 2.7.18, 3.7.7, 3.8.2, and 3.8.3.  In each case GDB
+still builds without problem and shows no regressions after applying
+this patch.
+
+gdb/ChangeLog:
+
+2020-MM-DD  Kevin Buettner  <kevinb@redhat.com>
+	    Keith Seitz  <keiths@redhat.com>
+
+	* python/python.c (do_start_initialization): For Python 3.9 and
+	later, call PyEval_SaveThread instead of PyEval_ReleaseLock.
+	(class gdbpy_gil): Move to earlier in file.
+	(finalize_python): Set gdb_python_initialized.
+	(gdbpy_check_quit_flag): Acquire GIL via gdbpy_gil.  Return early
+	when not initialized.
+
+
+[import into Buildroot, removing ChangeLog change to avoid conflict]
+Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
+
+---
+ gdb/ChangeLog       | 10 ++++++++
+ gdb/python/python.c | 56 ++++++++++++++++++++++++---------------------
+ 2 files changed, 40 insertions(+), 26 deletions(-)
+
+diff --git a/gdb/python/python.c b/gdb/python/python.c
+index 67f362b852d..4bdd2201abc 100644
+--- a/gdb/python/python.c
+++ b/gdb/python/python.c
+@@ -238,6 +238,30 @@ gdbpy_enter::~gdbpy_enter ()
+   PyGILState_Release (m_state);
+ }
+ 
+/* A helper class to save and restore the GIL, but without touching
+   the other globals that are handled by gdbpy_enter.  */
+
+class gdbpy_gil
+{
+public:
+
+  gdbpy_gil ()
+    : m_state (PyGILState_Ensure ())
+  {
+  }
+
+  ~gdbpy_gil ()
+  {
+    PyGILState_Release (m_state);
+  }
+
+  DISABLE_COPY_AND_ASSIGN (gdbpy_gil);
+
+private:
+
+  PyGILState_STATE m_state;
+};
+
+ /* Set the quit flag.  */
+ 
+ static void
+@@ -251,6 +275,10 @@ gdbpy_set_quit_flag (const struct extension_language_defn *extlang)
+ static int
+ gdbpy_check_quit_flag (const struct extension_language_defn *extlang)
+ {
+  if (!gdb_python_initialized)
+    return 0;
+
+  gdbpy_gil gil;
+   return PyOS_InterruptOccurred ();
+ }
+ 
+@@ -943,30 +971,6 @@ gdbpy_source_script (const struct extension_language_defn *extlang,
+ 
+ /* Posting and handling events.  */
+ 
+-/* A helper class to save and restore the GIL, but without touching
+-   the other globals that are handled by gdbpy_enter.  */
+-
+-class gdbpy_gil
+-{
+-public:
+-
+-  gdbpy_gil ()
+-    : m_state (PyGILState_Ensure ())
+-  {
+-  }
+-
+-  ~gdbpy_gil ()
+-  {
+-    PyGILState_Release (m_state);
+-  }
+-
+-  DISABLE_COPY_AND_ASSIGN (gdbpy_gil);
+-
+-private:
+-
+-  PyGILState_STATE m_state;
+-};
+-
+ /* A single event.  */
+ struct gdbpy_event
+ {
+@@ -1616,6 +1620,7 @@ finalize_python (void *ignore)
+ 
+   Py_Finalize ();
+ 
+  gdb_python_initialized = false;
+   restore_active_ext_lang (previous_active);
+ }
+ 
+@@ -1785,8 +1790,7 @@ do_start_initialization ()
+     return false;
+ 
+   /* Release the GIL while gdb runs.  */
+-  PyThreadState_Swap (NULL);
+-  PyEval_ReleaseLock ();
+  PyEval_SaveThread ();
+ 
+   make_final_cleanup (finalize_python, NULL);
+ 
+-- 
+2.26.3
+
--- a/package/gdb/Config.in
+++ b/package/gdb/Config.in
@@ -3,7 +3,6 @@ config BR2_PACKAGE_GDB_ARCH_SUPPORTS
 	default y
 	depends on !((BR2_arm || BR2_armeb) && BR2_BINFMT_FLAT)
 	depends on !BR2_microblaze
-	depends on !BR2_nios2
 	depends on !BR2_or1k
 	depends on !BR2_nds32

--- a/package/gdb/Config.in.host
+++ b/package/gdb/Config.in.host
@@ -3,7 +3,6 @@ config BR2_PACKAGE_HOST_GDB_ARCH_SUPPORTS
 	default y
 	depends on !((BR2_arm || BR2_armeb) && BR2_BINFMT_FLAT)
 	depends on !BR2_microblaze
-	depends on !BR2_nios2
 	depends on !BR2_or1k
 	depends on !BR2_riscv
 	depends on !BR2_nds32
@@ -82,7 +81,7 @@ endchoice

 endif

-# If cross-gdb is not enabled, the latest working version is chosen.
+# If cross-gdb is not enabled, the latest stable version is chosen.
 config BR2_GDB_VERSION
 	string
 	default "arc-2020.09-release-gdb" if BR2_arc
--- a/package/gdk-pixbuf/0001-meson.build-link-with-lintl-if-needed.patch
+++ b/package/gdk-pixbuf/0001-meson.build-link-with-lintl-if-needed.patch
@@ -1,45 +0,0 @@
-From 65c8bc8ec4ae8dd140b0205a61d0d216fa45d819 Mon Sep 17 00:00:00 2001
-From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-Date: Thu, 28 Jan 2021 07:50:44 +0100
-Subject: [PATCH] meson.build: link with lintl if needed
-
-Link with -lintl to avoid the following build failure:
-
-/home/giuliobenetti/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/mips64el-buildroot-linux-uclibc/5.5.0/../../../../mips64el-buildroot-linux-uclibc/bin/ld: gdk-pixbuf/libgdk_pixbuf-2.0.so.0.4200.2.p/gdk-pixbuf-util.c.o: in function `_gdk_pixbuf_init_gettext':
-gdk-pixbuf-util.c:(.text+0xbc0): undefined reference to `libintl_bindtextdomain'
-/home/giuliobenetti/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/mips64el-buildroot-linux-uclibc/5.5.0/../../../../mips64el-buildroot-linux-uclibc/bin/ld: gdk-pixbuf-util.c:(.text+0xbc8): undefined reference to `libintl_bindtextdomain'
-
-Fixes:
- - http://autobuild.buildroot.org/results/894359558100ea9637feba16deaf99923805d0f2
-
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-[Upstream status:
-https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/101]
---
- meson.build | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/meson.build b/meson.build
-index 1cef125a3..973948108 100644
--- a/meson.build
-+++ b/meson.build
-@@ -93,6 +93,7 @@ if cc.has_function('lrint', dependencies: mathlib_dep)
-   gdk_pixbuf_conf.set('HAVE_LRINT', 1)
- endif
- 
-+intl_dep = cc.find_library('intl', required: false)
- if cc.has_function('bind_textdomain_codeset', prefix: '#include <libintl.h>')
-   gdk_pixbuf_conf.set('HAVE_BIND_TEXTDOMAIN_CODESET', 1)
- endif
-@@ -212,7 +213,7 @@ if medialib_dep.found()
- endif
- 
- gdk_pixbuf_deps = [ mathlib_dep, glib_dep, gobject_dep, gmodule_dep, gio_dep,
-                    shared_mime_dep, medialib_dep ]
-+                    shared_mime_dep, medialib_dep, intl_dep ]
- 
- # Check if we can build shared modules
- if gmodule_dep.type_name() == 'pkgconfig'
-- 
-2.29.2
-
--- a/package/gdk-pixbuf/0002-gdk-pixbuf-gdk-pixbuf-io.c-fix-build-without-gmodule.patch
+++ b/package/gdk-pixbuf/0002-gdk-pixbuf-gdk-pixbuf-io.c-fix-build-without-gmodule.patch
@@ -1,41 +0,0 @@
-From 46c7fe11bd0ed8595c3f920d42a9914fa864d893 Mon Sep 17 00:00:00 2001
-From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-Date: Sun, 7 Feb 2021 18:51:14 +0100
-Subject: [PATCH] gdk-pixbuf/gdk-pixbuf-io.c: fix build without gmodule
-
-Fix the following build failure:
-
-../gdk-pixbuf/gdk-pixbuf-io.c: In function 'gdk_pixbuf_io_init':
-../gdk-pixbuf/gdk-pixbuf-io.c:681:16: error: implicit declaration of function 'gdk_pixbuf_get_module_file'; did you mean '_gdk_pixbuf_get_module'? [-Werror=implicit-function-declaration]
-  681 |  module_file = gdk_pixbuf_get_module_file ();
-      |                ^~~~~~~~~~~~~~~~~~~~~~~~~~
-      |                _gdk_pixbuf_get_module
-
-Fixes:
- - http://autobuild.buildroot.org/results/6cd54c497f5d19342ec94ece713547b887e4c02d
-
-Upstream status: Accepted
-https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/103
-
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
- gdk-pixbuf/gdk-pixbuf-io.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/gdk-pixbuf/gdk-pixbuf-io.c b/gdk-pixbuf/gdk-pixbuf-io.c
-index 40eb920c8..2dc2ea6da 100644
--- a/gdk-pixbuf/gdk-pixbuf-io.c
-+++ b/gdk-pixbuf/gdk-pixbuf-io.c
-@@ -678,7 +678,9 @@ gdk_pixbuf_io_init (void)
- 	gboolean ret;
- 
- 	gdk_pixbuf_io_init_builtin ();
-+#ifdef USE_GMODULE
- 	module_file = gdk_pixbuf_get_module_file ();
-+#endif
- 	ret = gdk_pixbuf_io_init_modules (module_file, NULL);
- 	g_free (module_file);
- 	return ret;
-- 
-2.29.2
-
--- a/package/gdk-pixbuf/Config.in
+++ b/package/gdk-pixbuf/Config.in
@@ -9,7 +9,7 @@ config BR2_PACKAGE_GDK_PIXBUF
 	  Gdk-Pixbuf is an image loader and scaler. It uses GObject
 	  and the GLib, to integrate well with GNOME applications.

-	  http://www.gtk.org/
+	  https://www.gtk.org/

 comment "gdk-pixbuf needs a toolchain w/ wchar, threads"
 	depends on BR2_USE_MMU
--- a/package/gdk-pixbuf/gdk-pixbuf.hash
+++ b/package/gdk-pixbuf/gdk-pixbuf.hash
@@ -1,4 +1,3 @@
-# From http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/2.42/gdk-pixbuf-2.42.2.sha256sum
-sha256  83c66a1cfd591d7680c144d2922c5955d38b4db336d7cd3ee109f7bcf9afef15  gdk-pixbuf-2.42.2.tar.xz
-# Locally calculated
+# From https://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/2.42/gdk-pixbuf-2.42.4.sha256sum
+sha256  fe9c5dd88f486194ea2bc09b8814c1ed895bb6c530f37cbbf259757c4e482e4d  gdk-pixbuf-2.42.4.tar.xz
 sha256  dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551  COPYING
--- a/package/gdk-pixbuf/gdk-pixbuf.mk
+++ b/package/gdk-pixbuf/gdk-pixbuf.mk
@@ -5,7 +5,7 @@
 ################################################################################

 GDK_PIXBUF_VERSION_MAJOR = 2.42
-GDK_PIXBUF_VERSION = $(GDK_PIXBUF_VERSION_MAJOR).2
+GDK_PIXBUF_VERSION = $(GDK_PIXBUF_VERSION_MAJOR).4
 GDK_PIXBUF_SOURCE = gdk-pixbuf-$(GDK_PIXBUF_VERSION).tar.xz
 GDK_PIXBUF_SITE = http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/$(GDK_PIXBUF_VERSION_MAJOR)
 GDK_PIXBUF_LICENSE = LGPL-2.1+
--- a/package/gesftpserver/gesftpserver.mk
+++ b/package/gesftpserver/gesftpserver.mk
@@ -23,6 +23,10 @@ GESFTPSERVER_DEPENDENCIES += \
 	$(if $(BR2_ENABLE_LOCALE),,libiconv) \
 	$(if $(BR2_PACKAGE_OPENSSH),openssh)

+# Python on the host is only used for tests, which we don't use in
+# Buildroot
+GESFTPSERVER_CONF_ENV += rjk_cv_python24=false
+
 # openssh/dropbear looks here
 define GESFTPSERVER_ADD_SYMLINK
 	ln -sf gesftpserver $(TARGET_DIR)/usr/libexec/sftp-server
--- a/package/glibc/2.32-50-g737efa27fca5c97f566a2005687fda7d6659cd2e/glibc.hash
+++ b/package/glibc/2.32-50-g737efa27fca5c97f566a2005687fda7d6659cd2e/glibc.hash
@@ -1,5 +1,5 @@
 # Locally calculated (fetched from Github)
-sha256  f4710e9a435a7b83e1d23dd75434f0d36b898eba9b4249c946c32b467d852fd4  glibc-2.32-37-g760e1d287825fa91d4d5a0cc921340c740d803e2.tar.gz
+sha256  b634d38ace90752eeecb93246d71c0673bab0db8dfbd69333479ae7b10d63410  glibc-2.32-50-g737efa27fca5c97f566a2005687fda7d6659cd2e.tar.gz

 # Hashes for license files
 sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
--- a/package/glibc/glibc.mk
+++ b/package/glibc/glibc.mk
@@ -16,7 +16,7 @@ ifeq ($(BR2_RISCV_32),y)
 # Until 2.33 is released, just use master
 GLIBC_VERSION = 2.32.9000-69-gbd394d131c10c9ec22c6424197b79410042eed99
 else
-GLIBC_VERSION = 2.32-37-g760e1d287825fa91d4d5a0cc921340c740d803e2
+GLIBC_VERSION = 2.32-50-g737efa27fca5c97f566a2005687fda7d6659cd2e
 endif
 # Upstream doesn't officially provide an https download link.
 # There is one (https://sourceware.org/git/glibc.git) but it's not reliable,
--- a/package/go/go.hash
+++ b/package/go/go.hash
@@ -1,3 +1,3 @@
 # From https://golang.org/dl/
-sha256  7bfa7e5908c7cc9e75da5ddf3066d7cbcf3fd9fa51945851325eebc17f50ba80  go1.16.5.src.tar.gz
+sha256  a3a5d4bc401b51db065e4f93b523347a4d343ae0c0b08a65c3423b05a138037d  go1.16.6.src.tar.gz
 sha256  2d36597f7117c38b006835ae7f537487207d8ec407aa9d9980794b2030cbc067  LICENSE
--- a/package/go/go.mk
+++ b/package/go/go.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################

-GO_VERSION = 1.16.5
+GO_VERSION = 1.16.6
 GO_SITE = https://storage.googleapis.com/golang
 GO_SOURCE = go$(GO_VERSION).src.tar.gz

--- a/package/gptfdisk/gptfdisk.hash
+++ b/package/gptfdisk/gptfdisk.hash
@@ -1,5 +1,5 @@
-# From http://sourceforge.net/projects/gptfdisk/files/gptfdisk/1.0.7/
-sha1  406ab2596e1911c916dce677ce7e903076d94c6d  gptfdisk-1.0.7.tar.gz
+# From http://sourceforge.net/projects/gptfdisk/files/gptfdisk/1.0.8/
+sha1  c8824e779056158fa32887e415f5399a8646c3c5  gptfdisk-1.0.8.tar.gz
 # Locally computed
-sha256  754004b7f85b279287c7ac3c0469b1d7e0eae043a97a2e587b0560ca5f3828c0  gptfdisk-1.0.7.tar.gz
+sha256  95d19856f004dabc4b8c342b2612e8d0a9eebdd52004297188369f152e9dc6df  gptfdisk-1.0.8.tar.gz
 sha256  231f7edcc7352d7734a96eef0b8030f77982678c516876fcb81e25b32d68564c  COPYING
--- a/package/gptfdisk/gptfdisk.mk
+++ b/package/gptfdisk/gptfdisk.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################

-GPTFDISK_VERSION = 1.0.7
+GPTFDISK_VERSION = 1.0.8
 GPTFDISK_SITE = http://downloads.sourceforge.net/sourceforge/gptfdisk
 GPTFDISK_LICENSE = GPL-2.0+
 GPTFDISK_LICENSE_FILES = COPYING
--- a/package/gqrx/Config.in
+++ b/package/gqrx/Config.in
@@ -3,7 +3,7 @@ comment "gqrx needs a toolchain w/ C++, threads, wchar, dynamic library"
 	depends on BR2_TOOLCHAIN_HAS_SYNC_4 || BR2_TOOLCHAIN_HAS_ATOMIC
 	depends on BR2_TOOLCHAIN_SUPPORTS_ALWAYS_LOCKFREE_ATOMIC_INTS
 	depends on !BR2_INSTALL_LIBSTDCPP || !BR2_TOOLCHAIN_HAS_THREADS || \
-		!BR2_USE_WCHAR || !BR2_STATIC_LIBS
+		!BR2_USE_WCHAR || BR2_STATIC_LIBS

 comment "gqrx needs qt5"
 	depends on !BR2_PACKAGE_QT5
--- a/package/granite/granite.mk
+++ b/package/granite/granite.mk
@@ -6,10 +6,17 @@

 GRANITE_VERSION = 5.4.0
 GRANITE_SITE = $(call github,elementary,granite,$(GRANITE_VERSION))
-GRANITE_DEPENDENCIES = host-pkgconf host-vala libgee libglib2 libgtk3
+GRANITE_DEPENDENCIES = \
+	host-pkgconf \
+	host-vala \
+	libgee \
+	libglib2 \
+	libgtk3 \
+	$(TARGET_NLS_DEPENDENCIES)
 GRANITE_INSTALL_STAGING = YES
 GRANITE_LICENSE = LGPL-3.0+
 GRANITE_LICENSE_FILES = COPYING
+GRANITE_LDFLAGS = $(TARGET_LDFLAGS) $(TARGET_NLS_LIBS)

 ifeq ($(BR2_PACKAGE_GOBJECT_INTROSPECTION),y)
 GRANITE_CONF_OPTS += -Dintrospection=true
--- a/Show More
+++ b/Show More