Update for 2023.11.2

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

.checkpackageignore

@@ -278,10 +278,6 @@ package/curlftpfs/0004-fix-musl-build-off-t.patch Upstream
 package/cutelyst/0001-server-CMakeLists.txt-don-t-override-CMAKE_EXE_LINKE.patch Upstream
 package/cwiid/0001-wmdemo-fix-linking-by-adding-the-missing-lbluetooth-.patch Upstream
 package/cwiid/0002-configure-make-wmgui-build-optional.patch Upstream
-package/dahdi-linux/0001-drivers-dahdi-Kbuild-fix-HOTPLUG_FIRMWARE-definition.patch Upstream
-package/dahdi-linux/0002-fix-build-with-32-bits-kernel.patch Upstream
-package/dahdi-linux/0003-Fixed-compilation-issues-on-linux-kernel-5-18-0.patch Upstream
-package/dahdi-linux/0004-next-fix-kernel-6-1-build.patch Upstream
 package/dahdi-tools/0001-no-build-docs.patch Upstream
 package/dahdi-tools/0002-no-perl-manpages.patch Upstream
 package/dante/0001-fix-sparc-compile.patch Upstream
@@ -394,10 +390,6 @@ package/exim/0002-Don-t-make-backup-copies-of-installed-files.patch Upstream
 package/exim/0003-Skip-version-check-and-symlink-installation.patch Upstream
 package/exim/0004-exim_lock-fix-lstat-related-build-errors.patch Upstream
 package/exim/0005-sieve-fix-build-errors.patch Upstream
-package/exim/0006-Fix-regex-n-use-after-free.-Bug-2915.patch Upstream
-package/exim/0007-Fix-non-WITH_CONTENT_SCAN-build.patch Upstream
-package/exim/0008-Fix-non-WITH_CONTENT_SCAN-build-2.patch Upstream
-package/exim/0009-Fix-non-WITH_CONTENT_SCAN-build-3.patch Upstream
 package/exim/S86exim Indent Variables
 package/expect/0001-enable-cross-compilation.patch Upstream
 package/expect/0002-allow-tcl-build-directory.patch Upstream
@@ -436,9 +428,6 @@ package/flite/0001-fix-alsa-static.patch Upstream
 package/fltk/0001-disable-tests.patch Upstream
 package/fluxbox/0001-fixes-bug-1138.patch Upstream
 package/freeradius-client/0001-fix-for-nettle.patch Upstream
-package/freerdp/0001-Fix-variable-declaration-in-loop.patch Upstream
-package/freerdp/0002-Fixed-variable-declaration-in-loop.patch Upstream
-package/freerdp/0003-winpr-include-winpr-file.h-fix-build-on-uclibc.patch Upstream
 package/freescale-imx/imx-kobs/0001-Fix-musl-build.patch Upstream
 package/freescale-imx/imx-kobs/0002-Fix-build-for-recent-toolchains.patch Upstream
 package/freescale-imx/imx-uuc/S80imx-uuc Indent Shellcheck Variables
@@ -515,7 +504,6 @@ package/gob2/0001-dont-include-from-prefix.patch Upstream
 package/gobject-introspection/0001-disable-tests.patch Upstream
 package/gobject-introspection/0002-Add-rpath-links-to-ccompiler.patch Upstream
 package/gobject-introspection/0003-giscanner-ignore-error-return-codes-from-ldd-wrapper.patch Upstream
-package/google-breakpad/gen-syms.sh Shellcheck
 package/gpm/0001-Added-musl-support-to-libgpm-and-the-daemon.patch Upstream
 package/gpm/0002-Install-unversioned-solibrary.patch Upstream
 package/gpm/0003-src-Makefile.in-Really-install-unversioned-solibrary.patch Upstream
@@ -764,8 +752,6 @@ package/libuhttpd/0001-add-compatibility-for-wolfssl-5-0.patch Upstream
 package/libuio/0001-configure.ac-set-automake-strictness-to-foreign.patch Upstream
 package/liburcu/0001-Only-blacklist-ARM-gcc-4.8.0-and-4.8.1.patch Upstream
 package/libusbgx/0001-Add-include-of-sys-sysmacro.h.patch Upstream
-package/libuwsc/0001-CMakeLists.txt-add-BUILD_EXAMPLE.patch Upstream
-package/libuwsc/0002-fix-bad-indentation.patch Upstream
 package/libvpx/0001-vpx_mem-vpx_mem.h-Fix-compilation-with-uClibc.patch Upstream
 package/libwebsock/0001-Switch-to-use-pkg-config-to-detect-libevent-and-open.patch Upstream
 package/libwebsock/0002-fix-ssl.patch Upstream
@@ -943,9 +929,6 @@ package/nginx/0008-src-os-unix-ngx_linux_config.h-only-include-dlfcn.h-.patch Up
 package/nginx/0009-auto-os-linux-fix-build-with-libxcrypt.patch Upstream
 package/nginx/0010-Allow-forcing-of-endianness-for-cross-compilation.patch Upstream
 package/nginx/S50nginx Indent Variables
-package/ngrep/0001-Fix-typo-in-configure-in-when-testing-for-use_pcre.patch Upstream
-package/ngrep/0002-Check-for-libnet_init-in-configure-in.patch Upstream
-package/ngrep/0003-fix-disable-tcpkill.patch Upstream
 package/nilfs-utils/0001-nilfs_cleanerd-link-dynamically.patch Upstream
 package/nmap/0001-libdnet-wrapper-configure.patch Upstream
 package/nodejs/nodejs-src/0001-add-qemu-wrapper-support.patch Upstream
@@ -1457,7 +1440,6 @@ package/wilc-driver/0005-Fix-cast-warnings.patch Upstream
 package/wipe/0001-musl.patch Upstream
 package/wireless_tools/0001-remove-bzero.patch Upstream
 package/wireshark/0001-cmake-lemon-wipe-CMAKE_-EXE_LINKER_FLAGS-SYSROOT-if-.patch Upstream
-package/wlroots/0001-Add-feature-macros-to-more-C-files-.patch Upstream
 package/woff2/0001-CMake-Handle-multiple-libraries-being-returned-for-B.patch Upstream
 package/wpa_supplicant/0001-build-re-enable-options-for-libwpa_client.so-and-.patch Upstream
 package/wpa_supplicant/ifupdown.sh Shellcheck

.editorconfig

@@ -13,11 +13,19 @@ insert_final_newline = true
 indent_style = tab
 indent_size = tab
 
-[{Config*.in*,linux/Config.ext.in}]
+[Config*.in*]
 indent_style = tab
 indent_size = tab
 
-[{Makefile*,*.mk}]
+[linux/Config.ext.in]
+indent_style = tab
+indent_size = tab
+
+[Makefile*]
+indent_style = tab
+indent_size = tab
+
+[*.mk]
 indent_style = tab
 indent_size = tab
 

CHANGES

@@ -1,3 +1,75 @@
+2023.11.2, released March 1st, 2024
+
+	Important / security related fixes.
+
+	Added CPE identifiers for a large number of packages.
+
+	Updated/fixed packages: bayer2rgb-neon, brltty, c-ares, cog,
+	containerd, cpio, crda, criu, darkhttpd, davinci-bootcount,
+	dbus, depot-tools, dhcpcd, domoticz, environment-setup, expat,
+	faad2, falcosecurity-libs, flex, flutter-engine,
+	flutter-gallery, flutter-pi, flutter-sdk-bin,
+	freeradius-server, freerdp, frr, gesftpserver, glibc, gnutls,
+	go, gst1-devtools, gst1-libav, gst1-python, gst1-vaapi,
+	gst-omx, gstreamer1, haproxy, hiredis, joe, json-c, leptonica,
+	libcurl, libp11, libuwsc, libvips, libzenoh-pico,
+	linux-firmware, linux-headers, localedef, lua-http, lvm2,
+	lynx, mbedtls, micropython, minizip, mpfr, netatalk, ngrep,
+	onevpl, opencv4, opencv4-contrib, openssh, opus, petitboot,
+	php, python-aiohttp, python-bitarray, python-bitstring,
+	python-esptool, python-gunicorn, python-hpack,
+	python-html5lib, python-lmdb, python-mako, python-numpy,
+	python-oauthlib, python-sqlparse, python-wheel, qt5base,
+	qt6base, redis, runc, sdl2, sqlite, syslog-ng, sysstat,
+	util-linux, vulkan-loader, webkitgtk, weston, wireless-regdb,
+	wlroots, wpewebkit, xlib_libXpm, xterm, xwayland, yasm
+
+	New packages: python-bitarray
+
+	Issues resolved (http://bugs.uclibc.org):
+
+	#10096: SH4 toolchain does not build Linux kernel magicpa..
+	#15952: Grub fails to load large rootfs files
+
+2023.11.1, released January 15th, 2024
+
+	Important / security related fixes.
+
+	Infrastructure:
+
+	- Download: Revert a permission fixup step in the tarball
+	  creation logic, which lead to a hash mismatch issue in two
+	  cargo-vendored packages, ripgrep and sentry-cli.
+
+	- Build: Pass GIT_DIR=. in the environment (through
+	  HOST_MAKE_ENV/TARGET_MAKE_ENV) to the build steps to
+	  workaround packages trying to detect if they are building in
+	  a git checkout and getting confused when building in a sub
+	  directory of a Buildroot git checkout.
+
+	Defconfigs: Rock5b: Add download hashes for U-Boot and Linux
+
+	Updated/fixed packages: apcupsd, arm-trusted-firmware, botan,
+	cjson, criu, cryptodev-linux, cups, dahdi-linux, dahdi-tools,
+	dbus, docker, dropbear, duktape, edk2, erlang, exim, faad2,
+	freeswitch, gcc, gdal, gdb, giflib, glibc, gnuplot, gnutls,
+	go, google-breakpad, gst-omx, gstd, gst1-devtools, gst1-libav,
+	gst1-plugins-bad, gst1-plugins-base, gst1-plugins-good,
+	gst1-plugins-ugly, gst1-python, gst1-rtsp-server, gst1-vaapi,
+	gstreamer1, gstreamer1-editing-services, ipcalc, jq,
+	json-for-modern-cpp, ksmbd-tools, libaio, libarchive,
+	libcamera, libcamera-apps, libcap-ng, libcgroup, libcurl,
+	libde265, libebml, libgtk3, libheif, libiec61850, libndns,
+	libostree, libraw, libsigsegv, libssh, libssh2, libuev,
+	libwebsockets, libzenoh-pico, liquid-dsp, lvm2, madplay,
+	mesa3d, micropython, minizip, mp4v2, nushell,
+	onevpl-intel-gpu, opensc, openssh, optee-client, orc, php,
+	pipewire, postgis, postgresql, proftpd, putty, python-brotli,
+	python-pysensors, python-sip, python-werkzeug, shim, squid,
+	strongswan, sway, tinyssh, tor, transmission, tree, udev,
+	uftp, valijson, wireshark, wlroots, wolfssl,
+	xserver_xorg-server, xwayland,
+
 2023.11, released December 4th, 2023
 
 	Various fixes.

Config.in

@@ -589,7 +589,7 @@ config BR2_GOOGLE_BREAKPAD_ENABLE
 	depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_8 # C++11
 	depends on BR2_USE_WCHAR
 	depends on BR2_TOOLCHAIN_HAS_THREADS
-	depends on (BR2_TOOLCHAIN_USES_GLIBC || BR2_TOOLCHAIN_USES_UCLIBC)
+	depends on BR2_TOOLCHAIN_USES_GLIBC
 	depends on BR2_PACKAGE_GOOGLE_BREAKPAD_ARCH_SUPPORTS
 	depends on BR2_PACKAGE_HOST_GOOGLE_BREAKPAD_ARCH_SUPPORTS
 	select BR2_PACKAGE_GOOGLE_BREAKPAD
@@ -711,20 +711,18 @@ config BR2_FORCE_HOST_BUILD
 
 config BR2_DOWNLOAD_FORCE_CHECK_HASHES
 	bool "Force all downloads to have a valid hash"
-	depends on BR2_GLOBAL_PATCH_DIR != ""
 	help
-	  For packages where a custom version or location can be set,
-	  Buildroot does not carry a hash for those custom versions or
-	  locations, so the integrity of such downloads is not verified.
-
 	  Say 'y' here to enforce downloads to have at least one valid
 	  hash (and of course, that all hashes be valid).
 
-	  Those hashes are looked in files in BR2_GLOBAL_PATCH_DIR,
-	  see above.
+	  By default, Buildroot checks hashes of all packages
+	  downloaded, except those for which a custom version is
+	  used.
 
-comment "Forcing all downloads to have a valid hash needs a global patch and hash directory"
-	depends on BR2_GLOBAL_PATCH_DIR = ""
+	  With this option turned on, Buildroot will check hashes of
+	  all packages, including those that use a custom version. In
+	  order to provide hashes for such packages, place additional
+	  hash files in BR2_GLOBAL_PATCH_DIR directories.
 
 config BR2_REPRODUCIBLE
 	bool "Make the build reproducible (experimental)"

Config.in.legacy

@@ -146,6 +146,16 @@ endif
 
 comment "Legacy options removed in 2023.11"
 
+config BR2_PACKAGE_LIBCAMERA_PIPELINE_RASPBERRYPI
+	bool "libcamera pipeline 'raspberrypi' was renamed to 'rpi/vc4'"
+	depends on BR2_arm || BR2_aarch64
+	depends on BR2_USE_WCHAR
+	select BR2_LEGACY
+	select BR2_PACKAGE_LIBCAMERA_PIPELINE_RPI_VC4
+	help
+	  Since version 0.1.0 the libcamera pipeline option
+	  'raspberrypi' was renamed to 'rpi/vc4'.
+
 config BR2_PACKAGE_PYTHON_PYXB
 	bool "python-pyxb removed"
 	select BR2_LEGACY

DEVELOPERS

@@ -26,20 +26,12 @@
 #   infrastructure, and will be CC'ed on all patches that add or
 #   modify packages that use this infrastructure.
 
-N:	Adam Duskett <aduskett@gmail.com>
-F:	package/firewalld/
-F:	package/vulkan-loader/
-F:	package/vulkan-tools/
-
 N:	Adam Duskett <adam.duskett@amarulasolutions.com>
 F:	package/depot-tools/
 F:	package/flutter-engine/
 F:	package/flutter-gallery/
 F:	package/flutter-pi/
 F:	package/flutter-sdk-bin/
-F:	package/python-kmod/
-F:	package/python-versioneer/
-F:	support/testing/tests/package/test_firewalld.py
 F:	support/testing/tests/package/test_flutter.py
 
 N:	Adam Heinrich <adam@adamh.cz>
@@ -74,8 +66,8 @@ F:	package/libmbim/
 F:	package/libqmi/
 F:	package/modem-manager/
 
-N:      Alessandro Partesotti <a.partesotti@gmail.com>
-F:      package/oatpp/
+N:	Alessandro Partesotti <a.partesotti@gmail.com>
+F:	package/oatpp/
 
 N:	Alex Michel <alex.michel@wiedemann-group.com>
 F:	package/libzenoh-pico/

Makefile

@@ -90,9 +90,9 @@ all:
 .PHONY: all
 
 # Set and export the version string
-export BR2_VERSION := 2023.11
+export BR2_VERSION := 2023.11.2
 # Actual time the release is cut (for reproducible builds)
-BR2_VERSION_EPOCH = 1701677000
+BR2_VERSION_EPOCH = 1709299000
 
 # Save running make version since it's clobbered by the make package
 RUNNING_MAKE_VERSION := $(MAKE_VERSION)

board/radxa/rock5b/patches/linux/linux.hash

@@ -0,0 +1,2 @@
+# Locally calculated
+sha256  a5eca7b8f929a1918125e2e4fbd7ab4ea5b3910b5ae4547e81c794b47373ffb5  linux-52f51a2b5ba178f331af62260d2da86d7472c14b-br1.tar.gz

board/radxa/rock5b/patches/uboot/uboot.hash

@@ -0,0 +1,2 @@
+# Locally calculated
+sha256  12e921b466ae731cdbc355e6832b7f22bc90b01aeceef9886f98aaba7b394300  u-boot-2023.07.tar.bz2

board/zynq/readme.txt

@@ -1,7 +1,8 @@
 This is the Buildroot support for Zynq boards.  Zynq boards are available from
 Xilinx and some third party vendors, but the build procedure is very similar.
 
-Currently, three boards are natively supported by Buildroot:
+Currently, four boards are natively supported by Buildroot:
+ - Xilinx ZC702 board (zynq_zc702_defconfig)
  - Xilinx ZC706 board (zynq_zc706_defconfig)
  - Avnet ZedBoard (zynq_zed_defconfig)
  - Avnet MicroZed (zynq_microzed_defconfig)
@@ -9,6 +10,7 @@ Currently, three boards are natively supported by Buildroot:
 Steps to create a working system for a Zynq board:
 
 1) Configuration (do one of the following)
+    make zynq_zc702_defconfig     (ZC702)
     make zynq_zc706_defconfig     (ZC706)
     make zynq_zed_defconfig       (Zedboard)
     make zynq_microzed_defconfig  (MicroZed)
@@ -31,12 +33,11 @@ kernel_image=myimage
 modeboot=myboot
 myboot=...
 
-Note:
-The DTB for MicroZed is the same as the one for the Zedboard (zynq-zed.dtb),
-and this is the recommended solution, see
-https://forums.xilinx.com/t5/Embedded-Linux/Microzed-default-device-tree-dts/td-p/432856.
-
 References:
+ - ZC702 information including schematics, reference designs, and manuals are
+   available from
+   https://www.xilinx.com/products/boards-and-kits/ek-z7-zc702-g.html
+
  - ZC706 information including schematics, reference designs, and manuals are
    available from
    http://www.xilinx.com/products/boards-and-kits/ek-z7-zc706-g.html.
@@ -52,7 +53,7 @@ the upstream kernel and U-Boot, you simply need to change the
 following Buildroot options:
 
  - Kernel Device Tree file name (BR2_LINUX_KERNEL_INTREE_DTS_NAME)
- - U-Boot board defconfig (BR2_TARGET_UBOOT_BOARD_DEFCONFIG)
+ - U-Boot (BR2_TARGET_UBOOT_CUSTOM_MAKEOPTS="DEVICE_TREE=<dts file name>")
 
 Custom ps7_init_gpl.c/h support:
 

boot/arm-trusted-firmware/arm-trusted-firmware.mk

@@ -63,7 +63,8 @@ ARM_TRUSTED_FIRMWARE_MAKE_OPTS += \
 	BUILD_STRING=$(ARM_TRUSTED_FIRMWARE_VERSION) \
 	$(call qstrip,$(BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_VARIABLES)) \
 	PLAT=$(ARM_TRUSTED_FIRMWARE_PLATFORM) \
-	TARGET_BOARD=$(ARM_TRUSTED_FIRMWARE_TARGET_BOARD)
+	TARGET_BOARD=$(ARM_TRUSTED_FIRMWARE_TARGET_BOARD) \
+	HOSTCC="$(HOSTCC) $(HOST_CFLAGS) $(HOST_LDFLAGS)"
 
 ifeq ($(BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP),y)
 ARM_TRUSTED_FIRMWARE_MAKE_OPTS += \
@@ -147,18 +148,6 @@ ARM_TRUSTED_FIRMWARE_MAKE_TARGETS = all
 ifeq ($(BR2_TARGET_ARM_TRUSTED_FIRMWARE_FIP),y)
 ARM_TRUSTED_FIRMWARE_MAKE_TARGETS += fip
 ARM_TRUSTED_FIRMWARE_DEPENDENCIES += host-openssl
-# fiptool only exists in newer (>= 1.3) versions of ATF, so we build
-# it conditionally. We need to explicitly build it as it requires
-# OpenSSL, and therefore needs to be passed proper variables to find
-# the host OpenSSL.
-define ARM_TRUSTED_FIRMWARE_BUILD_FIPTOOL
-	if test -d $(@D)/tools/fiptool; then \
-		$(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)/tools/fiptool \
-			$(ARM_TRUSTED_FIRMWARE_MAKE_OPTS) \
-			CPPFLAGS="$(HOST_CPPFLAGS)" \
-			LDLIBS="$(HOST_LDFLAGS) -lcrypto" ; \
-	fi
-endef
 endif
 
 ifeq ($(BR2_TARGET_ARM_TRUSTED_FIRMWARE_RCW),y)
@@ -206,7 +195,6 @@ define ARM_TRUSTED_FIRMWARE_BUILD_CMDS
 	$(if $(ARM_TRUSTED_FIRMWARE_CUSTOM_DTS_PATH),
 		cp -f $(ARM_TRUSTED_FIRMWARE_CUSTOM_DTS_PATH) $(@D)/fdts/
 	)
-	$(ARM_TRUSTED_FIRMWARE_BUILD_FIPTOOL)
 	$(ARM_TRUSTED_FIRMWARE_MAKE_ENV) $(MAKE) -C $(@D) \
 		$(ARM_TRUSTED_FIRMWARE_MAKE_OPTS) \
 		$(ARM_TRUSTED_FIRMWARE_MAKE_TARGETS)

boot/edk2/edk2.mk

@@ -144,7 +144,13 @@ EDK2_BASETOOLS_OPTS = \
 
 EDK2_PACKAGES_PATH = $(subst $(space),:,$(strip $(EDK2_PACKAGES_PATHS)))
 
+# EDK2 "build" script internally uses and calls "make", which controls
+# its own flags. It is mainly tested while not being a sub-make. In
+# order to stay in that configuration, we avoid leaking top-level
+# Buildroot make flags into EDK2 build by clearing the MAKEFLAGS
+# environment variable.
 EDK2_BUILD_ENV += \
+	MAKEFLAGS= \
 	WORKSPACE=$(@D) \
 	PACKAGES_PATH=$(EDK2_PACKAGES_PATH) \
 	PYTHON_COMMAND=$(HOST_DIR)/bin/python3 \

boot/shim/shim.hash

@@ -1,3 +1,3 @@
 # locally computed hash
-sha256  8344473dd10569588b8238a4656b8fab226714eea9f5363f8c410aa8a5090297  shim-15.4.tar.bz2
+sha256  eab91644a3efe91a666399f5d8eb3eed0e04d04f79d4b6c0b278ef7747a239a5  shim-15.6.tar.bz2
 sha256  15edf527919ddcb2f514ab9d16ad07ef219e4bb490e0b79560be510f0c159cc2  COPYRIGHT

boot/shim/shim.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-SHIM_VERSION = 15.4
+SHIM_VERSION = 15.6
 SHIM_SITE = https://github.com/rhboot/shim/releases/download/$(SHIM_VERSION)
 SHIM_SOURCE = shim-$(SHIM_VERSION).tar.bz2
 SHIM_LICENSE = BSD-2-Clause

boot/syslinux/0018-single-load-segment.patch

@@ -0,0 +1,313 @@
+From: Lukas Schwaighofer <lukas@schwaighofer.name>
+Date: Sat, 18 Aug 2018 16:56:35 +0200
+Subject: Force the linker to put all sections into a single PT_LOAD segment
+
+This is required when using binutils >= 2.31 which writes two PT_LOAD segments
+by default. This is not supported by the wrapper.c script used to convert the
+shared object into an elf binary.
+
+Forwarded: https://www.syslinux.org/archives/2018-August/026167.html
+[yann.morin.1998@free.fr:
+  - grab from the Debian package
+  - https://salsa.debian.org/images-team/syslinux/-/blob/fa1349f1f8e5f5d6307e589f02c0a679031d1c7f/debian/patches/0017-single-load-segment.patch
+]
+Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
+Upstream: reported https://www.syslinux.org/archives/2018-August/026167.html
+Upstream: acknowledged https://wiki.syslinux.org/wiki/index.php?title=Building
+---
+ efi/i386/syslinux.ld   | 37 +++++++++++++++++++++----------------
+ efi/x86_64/syslinux.ld | 37 +++++++++++++++++++++----------------
+ 2 files changed, 42 insertions(+), 32 deletions(-)
+
+diff --git a/efi/i386/syslinux.ld b/efi/i386/syslinux.ld
+index bab3fc7..19c1647 100644
+--- a/efi/i386/syslinux.ld
++++ b/efi/i386/syslinux.ld
+@@ -19,6 +19,11 @@ OUTPUT_FORMAT("elf32-i386", "elf32-i386", "elf32-i386")
+ OUTPUT_ARCH(i386)
+ ENTRY(_start)
+
++PHDRS
++{
++	all PT_LOAD ;
++}
++
+ SECTIONS
+ {
+ 	. = 0;
+@@ -31,7 +36,7 @@ SECTIONS
+ 		*(.text)
+ 		*(.text.*)
+ 		__text_end = .;
+-	}
++	} :all
+
+ 	. = ALIGN(16);
+
+@@ -40,7 +45,7 @@ SECTIONS
+ 		*(.rodata)
+ 		*(.rodata.*)
+ 		__rodata_end = .;
+-	}
++	} :all
+
+ 	. = ALIGN(4);
+
+@@ -49,14 +54,14 @@ SECTIONS
+ 		KEEP (*(SORT(.ctors.*)))
+ 		KEEP (*(.ctors))
+ 		__ctors_end = .;
+-	}
++	} :all
+
+ 	.dtors : {
+ 		__dtors_start = .;
+ 		KEEP (*(SORT(.dtors.*)))
+ 		KEEP (*(.dtors))
+ 		__dtors_end = .;
+-	}
++	} :all
+
+ 	. = ALIGN(4096);
+ 	.rel : {
+@@ -64,7 +69,7 @@ SECTIONS
+ 		*(.rel.data)
+ 		*(.rel.data.*)
+ 		*(.rel.ctors)
+-	}
++	} :all
+
+ 	. = ALIGN(4);
+
+@@ -72,14 +77,14 @@ SECTIONS
+ 		__gnu_hash_start = .;
+ 		*(.gnu.hash)
+ 		__gnu_hash_end = .;
+-	}
++	} :all
+
+
+ 	.dynsym : {
+ 		__dynsym_start = .;
+ 		*(.dynsym)
+ 		__dynsym_end = .;
+-	}
++	} :all
+
+ 	. = ALIGN(4);
+
+@@ -87,7 +92,7 @@ SECTIONS
+ 		__dynstr_start = .;
+ 		*(.dynstr)
+ 		__dynstr_end = .;
+-	}
++	} :all
+
+ 	. = ALIGN(4);
+
+@@ -104,7 +109,7 @@ SECTIONS
+ 		KEEP (*(.got.plt))
+ 		KEEP (*(.got))
+ 		__got_end = .;
+-	}
++	} :all
+
+ 	. = ALIGN(4);
+
+@@ -112,7 +117,7 @@ SECTIONS
+ 		__dynamic_start = .;
+ 		*(.dynamic)
+ 		__dynamic_end = .;
+-	}
++	} :all
+
+ 	. = ALIGN(16);
+
+@@ -122,19 +127,19 @@ SECTIONS
+ 		*(.data.*)
+ 		*(.lowmem)
+ 		__data_end = .;
+-	}
++	} :all
+
+ 	.reloc : {
+ 		*(.reloc)
+-	}
++	} :all
+
+ 	.symtab : {
+ 		*(.symtab)
+-	}
++	} :all
+
+ 	.strtab : {
+ 		*(.strtab)
+-	}
++	} :all
+
+ 	.bss (NOLOAD) : {
+ 		/* the EFI loader doesn't seem to like a .bss section,
+@@ -148,7 +153,7 @@ SECTIONS
+ 		__bss_end = .;
+ 		*(.sbss)
+ 		*(.scommon)
+-	}
++	} :all
+ 	__bss_len = ABSOLUTE(__bss_end) - ABSOLUTE(__bss_start);
+ 	__bss_dwords = (__bss_len + 3) >> 2;
+
+@@ -161,7 +166,7 @@ SECTIONS
+ 		*(.hugebss)
+ 		*(.hugebss.*)
+ 		__hugebss_end = .;
+-	}
++	} :all
+
+ 	_end = .;
+
+diff --git a/efi/x86_64/syslinux.ld b/efi/x86_64/syslinux.ld
+index 450641c..a2c124f 100644
+--- a/efi/x86_64/syslinux.ld
++++ b/efi/x86_64/syslinux.ld
+@@ -19,6 +19,11 @@ OUTPUT_FORMAT("elf64-x86-64", "elf64-x86-64", "elf64-x86-64")
+ OUTPUT_ARCH(i386:x86-64)
+ ENTRY(_start)
+
++PHDRS
++{
++	all PT_LOAD ;
++}
++
+ SECTIONS
+ {
+ 	. = 0;
+@@ -31,7 +36,7 @@ SECTIONS
+ 		*(.text)
+ 		*(.text.*)
+ 		__text_end = .;
+-	}
++	} :all
+
+ 	. = ALIGN(16);
+
+@@ -40,7 +45,7 @@ SECTIONS
+ 		*(.rodata)
+ 		*(.rodata.*)
+ 		__rodata_end = .;
+-	}
++	} :all
+
+ 	. = ALIGN(4);
+
+@@ -49,14 +54,14 @@ SECTIONS
+ 		KEEP (*(SORT(.ctors.*)))
+ 		KEEP (*(.ctors))
+ 		__ctors_end = .;
+-	}
++	} :all
+
+ 	.dtors : {
+ 		__dtors_start = .;
+ 		KEEP (*(SORT(.dtors.*)))
+ 		KEEP (*(.dtors))
+ 		__dtors_end = .;
+-	}
++	} :all
+
+ 	. = ALIGN(4096);
+ 	.rel : {
+@@ -64,7 +69,7 @@ SECTIONS
+ 		*(.rel.data)
+ 		*(.rel.data.*)
+ 		*(.rel.ctors)
+-	}
++	} :all
+
+ 	. = ALIGN(4);
+
+@@ -72,14 +77,14 @@ SECTIONS
+ 		__gnu_hash_start = .;
+ 		*(.gnu.hash)
+ 		__gnu_hash_end = .;
+-	}
++	} :all
+
+
+ 	.dynsym : {
+ 		__dynsym_start = .;
+ 		*(.dynsym)
+ 		__dynsym_end = .;
+-	}
++	} :all
+
+ 	. = ALIGN(4);
+
+@@ -87,7 +92,7 @@ SECTIONS
+ 		__dynstr_start = .;
+ 		*(.dynstr)
+ 		__dynstr_end = .;
+-	}
++	} :all
+
+ 	. = ALIGN(4);
+
+@@ -104,7 +109,7 @@ SECTIONS
+ 		KEEP (*(.got.plt))
+ 		KEEP (*(.got))
+ 		__got_end = .;
+-	}
++	} :all
+
+ 	. = ALIGN(4);
+
+@@ -112,7 +117,7 @@ SECTIONS
+ 		__dynamic_start = .;
+ 		*(.dynamic)
+ 		__dynamic_end = .;
+-	}
++	} :all
+
+ 	. = ALIGN(16);
+
+@@ -122,19 +127,19 @@ SECTIONS
+ 		*(.data.*)
+ 		*(.lowmem)
+ 		__data_end = .;
+-	}
++	} :all
+
+ 	.reloc : {
+ 		*(.reloc)
+-	}
++	} :all
+
+ 	.symtab : {
+ 		*(.symtab)
+-	}
++	} :all
+
+ 	.strtab : {
+ 		*(.strtab)
+-	}
++	} :all
+
+ 	.bss (NOLOAD) : {
+ 		/* the EFI loader doesn't seem to like a .bss section,
+@@ -148,7 +153,7 @@ SECTIONS
+ 		__bss_end = .;
+ 		*(.sbss)
+ 		*(.scommon)
+-	}
++	} :all
+ 	__bss_len = ABSOLUTE(__bss_end) - ABSOLUTE(__bss_start);
+ 	__bss_dwords = (__bss_len + 3) >> 2;
+
+@@ -161,7 +166,7 @@ SECTIONS
+ 		*(.hugebss)
+ 		*(.hugebss.*)
+ 		__hugebss_end = .;
+-	}
++	} :all
+
+ 	_end = .;
+

configs/freescale_imx8mpevk_defconfig

@@ -29,6 +29,7 @@ BR2_TARGET_UBOOT_CUSTOM_TARBALL_LOCATION="$(call github,nxp-imx,uboot-imx,lf-6.1
 BR2_TARGET_UBOOT_BOARD_DEFCONFIG="imx8mp_evk"
 BR2_TARGET_UBOOT_CONFIG_FRAGMENT_FILES="board/freescale/imx8mpevk/uboot-fragment.config"
 BR2_TARGET_UBOOT_NEEDS_DTC=y
+BR2_TARGET_UBOOT_NEEDS_OPENSSL=y
 BR2_TARGET_UBOOT_NEEDS_UTIL_LINUX=y
 BR2_TARGET_UBOOT_NEEDS_GNUTLS=y
 BR2_TARGET_UBOOT_FORMAT_CUSTOM=y

configs/rock5b_defconfig

@@ -6,6 +6,7 @@ BR2_ROOTFS_POST_SCRIPT_ARGS=""
 BR2_TARGET_GENERIC_HOSTNAME="rock5b"
 BR2_TARGET_GENERIC_ISSUE="Welcome to the rock5b board"
 BR2_GLOBAL_PATCH_DIR="board/radxa/rock5b/patches"
+BR2_DOWNLOAD_FORCE_CHECK_HASHES=y
 BR2_SYSTEM_DHCP="eth0"
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_GIT=y

configs/ti_am64x_sk_defconfig

@@ -1,7 +1,10 @@
 BR2_aarch64=y
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_4=y
 BR2_ROOTFS_POST_IMAGE_SCRIPT="support/scripts/genimage.sh"
 BR2_ROOTFS_POST_SCRIPT_ARGS="-c board/ti/am64x-sk/genimage.cfg"
 BR2_LINUX_KERNEL=y
+BR2_LINUX_KERNEL_CUSTOM_VERSION=y
+BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="6.4.16"
 BR2_LINUX_KERNEL_USE_ARCH_DEFAULT_CONFIG=y
 BR2_LINUX_KERNEL_DTS_SUPPORT=y
 BR2_LINUX_KERNEL_INTREE_DTS_NAME="ti/k3-am642-sk"
@@ -21,7 +24,6 @@ BR2_TARGET_OPTEE_OS=y
 BR2_TARGET_OPTEE_OS_PLATFORM="k3"
 BR2_TARGET_TI_K3_IMAGE_GEN=y
 BR2_TARGET_TI_K3_IMAGE_GEN_SOC_AM64X=y
-BR2_TARGET_TI_K3_IMAGE_GEN_SECTYPE_GP=y
 BR2_TARGET_TI_K3_R5_LOADER=y
 BR2_TARGET_TI_K3_R5_LOADER_BOARD_DEFCONFIG="am64x_evm_r5"
 BR2_TARGET_UBOOT=y

docs/manual/contribute.adoc

@@ -259,7 +259,7 @@ separated from it by a plus `+` sign. E.g.:
 +
 `Your-Name Your-Surname <your-name.your-surname+companyname@mail.com>`
 
-* for an individual who sponsored who sponsored the submitted work, use
+* for an individual who sponsored the submitted work, use
   their name and surname:
 +
 `Your-Name Your-Surname <your-name.your-surname+their-name.their-surname@mail.com>`

docs/manual/makedev-syntax.adoc

@@ -22,14 +22,19 @@ There are a few non-trivial blocks:
 
 - +name+ is the path to the file you want to create/modify
 - +type+ is the type of the file, being one of:
-  * f: a regular file
-  * d: a directory
-  * r: a directory recursively
-  * c: a character device file
-  * b: a block device file
-  * p: a named pipe
+  * `f`: a regular file, which must already exist
+  * `F`: a regular file, which is ignored and not created if missing
+  * `d`: a directory, which is created, as well as its parents, if missing
+  * `r`: a directory recursively, which must already exist
+  * `c`: a character device file, which parent directory must exist
+  * `b`: a block device file, which parent directory must exist
+  * `p`: a named pipe, which parent directory must exist
 - +mode+ are the usual permissions settings (only numerical values
-  are allowed)
+  are allowed);
+  for type `d`, the mode of existing parents is not changed, but the mode
+  of created parents is set;
+  for types `f`, `F`, and `r`, +mode+ can also be set to +-1+ to not
+  change the mode (and only change uid and gid)
 - +uid+ and +gid+ are the UID and GID to set on this file; can be
   either numerical values or actual names
 - +major+ and +minor+ are here for device files, set to +-+ for other
@@ -38,22 +43,22 @@ There are a few non-trivial blocks:
   of files, and can be reduced to a loop, beginning at +start+,
   incrementing its counter by +inc+ until it reaches +count+
 
-Let's say you want to change the permissions of a given file; using
-this syntax, you will need to write:
+Let's say you want to change the ownership and permissions of a given
+file; using this syntax, you will need to write:
 
 ----
 /usr/bin/foo f 755 0 0 - - - - -
 /usr/bin/bar f 755 root root - - - - -
 /data/buz f 644 buz-user buz-group - - - - -
+/data/baz f -1 baz-user baz-group - - - - -
 ----
 
-Alternatively, if you want to change owner/permission of a directory
-recursively, you can write (to set UID to foo, GID to bar and access
-rights to rwxr-x--- for the directory /usr/share/myapp and all files
-and directories below it):
+Alternatively, if you want to change owner of a directory recursively,
+you can write (to set UID to `foo` and GID to `bar` for the directory
+`/usr/share/myapp` and all files and directories below it):
 
 ----
-/usr/share/myapp r 750 foo bar - - - - -
+/usr/share/myapp r -1 foo bar - - - - -
 ----
 
 On the other hand, if you want to create the device file +/dev/hda+

docs/manual/prerequisite.adoc

@@ -69,7 +69,7 @@ development packages typically have a _-dev_ or _-devel_ suffix.
 In the official tree, most of the package sources are retrieved using
 +wget+ from _ftp_, _http_ or _https_ locations. A few packages are only
 available through a version control system. Moreover, Buildroot is
-capable of downloading sources via other tools, like +rsync+ or +scp+
+capable of downloading sources via other tools, like +git+ or +scp+
 (refer to xref:download-infra[] for more details). If you enable
 packages using any of these methods, you will need to install the
 corresponding tool on the host system:
@@ -78,7 +78,6 @@ corresponding tool on the host system:
 ** +cvs+
 ** +git+
 ** +mercurial+
-** +rsync+
 ** +scp+
 ** +sftp+
 ** +subversion+

linux/Config.in

@@ -128,7 +128,7 @@ endif
 
 config BR2_LINUX_KERNEL_VERSION
 	string
-	default "6.6.3" if BR2_LINUX_KERNEL_LATEST_VERSION
+	default "6.6.15" if BR2_LINUX_KERNEL_LATEST_VERSION
 	default "5.10.162-cip24" if BR2_LINUX_KERNEL_LATEST_CIP_VERSION
 	default "5.10.162-cip24-rt10" if BR2_LINUX_KERNEL_LATEST_CIP_RT_VERSION
 	default BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE \

linux/linux.hash

@@ -1,14 +1,14 @@
 # From https://www.kernel.org/pub/linux/kernel/v6.x/sha256sums.asc
-sha256  28edfc3d4f90cd738f2a20f5a2d68510268176d6111f6278d8f495edfd9495a7  linux-6.6.3.tar.xz
+sha256  ab290c7f8687f2f8af96e14abd0700ba8b282426151873690f51621d8d5f5faa  linux-6.6.15.tar.xz
 sha256  78fbd43822f4c56bc16e89e8874767f592532e1a0ffcd1af4dd279559b5fcbb5  linux-6.5.13.tar.xz
-sha256  629daa38f3ea67f29610bfbd53f9f38f46834d3654451e9474100490c66dc7e7  linux-6.1.64.tar.xz
+sha256  0580cc0e81ff9aee245f79531d8c1c5c7d711eee227cd4cf52d1ff335727b1fd  linux-6.1.76.tar.xz
 # From https://www.kernel.org/pub/linux/kernel/v5.x/sha256sums.asc
-sha256  be2bee8b346f3ccb35879f16c80a323edda571e36190403805c14a9ea24e4a47  linux-5.15.140.tar.xz
-sha256  3212e0299d699dd6089505b1428bcb00643fbf19af69806e37fad22bfe12fa8b  linux-5.10.202.tar.xz
-sha256  7d3eaa0744456ab4b062e6da8764f776b6939b89a1dfccbe11fbeef9c6e864dc  linux-5.4.262.tar.xz
+sha256  c48575c97fd9f4767cbe50a13b1b2b40ee42830aba3182fabd35a03259a6e5d8  linux-5.15.148.tar.xz
+sha256  44e22fad647c638726a8eae23703c4263bead612d17c89ca7ad7ab32b5ce88d5  linux-5.10.209.tar.xz
+sha256  afc8aca6cb56fea489f6508bc24357df1cf8a8f3d7dcfbcccd94b7f968492620  linux-5.4.268.tar.xz
 # From https://www.kernel.org/pub/linux/kernel/v4.x/sha256sums.asc
-sha256  a8419582886120407f57d39280ef8a9b22aab9725c83c4fe25ecca4712d59346  linux-4.19.300.tar.xz
-sha256  39dcdceecad2ca7347e2b2e7e30a189558c0a1700f793822389bb1fd9a40530f  linux-4.14.331.tar.xz
+sha256  b91be40fa61ff7d42958e2154a4b7602dc071982128b9b58b6d911dec111be19  linux-4.19.306.tar.xz
+sha256  0820fdb7971c6974338081c11fbf2dc869870501e7bdcac4d0ed58ba1f57b61c  linux-4.14.336.tar.xz
 # Locally computed
 sha256  fb0edc3c18e47d2b6974cb0880a0afb5c3fa08f50ee87dfdf24349405ea5f8ae  linux-cip-5.10.162-cip24.tar.gz
 sha256  b5539243f187e3d478d76d44ae13aab83952c94b885ad889df6fa9997e16a441  linux-cip-5.10.162-cip24-rt10.tar.gz

package/Config.in

@@ -313,6 +313,8 @@ menu "Graphic libraries and applications (graphic/text)"
 comment "Graphic applications"
 	source "package/cage/Config.in"
 	source "package/cog/Config.in"
+	source "package/flutter-gallery/Config.in"
+	source "package/flutter-pi/Config.in"
 	source "package/fswebcam/Config.in"
 	source "package/ghostscript/Config.in"
 	source "package/glmark2/Config.in"
@@ -345,8 +347,6 @@ comment "Graphic libraries"
 	source "package/fbset/Config.in"
 	source "package/fbterm/Config.in"
 	source "package/fbv/Config.in"
-	source "package/flutter-gallery/Config.in"
-	source "package/flutter-pi/Config.in"
 	source "package/freerdp/Config.in"
 	source "package/graphicsmagick/Config.in"
 	source "package/imagemagick/Config.in"
@@ -997,6 +997,7 @@ menu "External python modules"
 	source "package/python-bcrypt/Config.in"
 	source "package/python-beautifulsoup4/Config.in"
 	source "package/python-bidict/Config.in"
+	source "package/python-bitarray/Config.in"
 	source "package/python-bitstring/Config.in"
 	source "package/python-bleak/Config.in"
 	source "package/python-blinker/Config.in"

package/Makefile.in

@@ -263,7 +263,9 @@ export PERL=$(shell which perl)
 # finds this perl module by exporting the proper value for PERL5LIB.
 export PERL5LIB=$(HOST_DIR)/lib/perl
 
-TARGET_MAKE_ENV = PATH=$(BR_PATH)
+TARGET_MAKE_ENV = \
+	GIT_DIR=. \
+	PATH=$(BR_PATH)
 
 TARGET_CONFIGURE_OPTS = \
 	$(TARGET_MAKE_ENV) \
@@ -307,6 +309,7 @@ TARGET_CONFIGURE_OPTS = \
 
 
 HOST_MAKE_ENV = \
+	GIT_DIR=. \
 	PATH=$(BR_PATH) \
 	PKG_CONFIG="$(PKG_CONFIG_HOST_BINARY)" \
 	PKG_CONFIG_SYSROOT_DIR="/" \

package/apcupsd/apcupsd.mk

@@ -71,8 +71,8 @@ APCUPSD_CONF_OPTS += --disable-usb
 endif
 
 define APCUPSD_BUILD_CMDS
-	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D)/src
-	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D)/platforms
+	$(TARGET_MAKE_ENV) $(MAKE) LD="$(TARGET_CXX)" -C $(@D)/src
+	$(TARGET_MAKE_ENV) $(MAKE) LD="$(TARGET_CXX)" -C $(@D)/platforms
 endef
 
 define APCUPSD_INSTALL_TARGET_CMDS

package/bayer2rgb-neon/bayer2rgb-neon.mk

@@ -19,6 +19,14 @@ ifeq ($(BR2_arm),y)
 BAYER2RGB_NEON_CFLAGS += -mfpu=neon
 endif
 
+# __builtin_prefetch() third argument must be a constant, but
+# bayer2rgb-neon uses a variable, derived from a constant, so some
+# optimization is needed to allow the compiler to turn it into a
+# constant, otherwise the build fails
+ifeq ($(BR2_OPTIMIZE_0),y)
+BAYER2RGB_NEON_CFLAGS += -O1
+endif
+
 BAYER2RGB_NEON_CONF_ENV = CFLAGS="$(BAYER2RGB_NEON_CFLAGS)"
 
 $(eval $(autotools-package))

package/botan/botan.mk

@@ -67,6 +67,11 @@ BOTAN_DEPENDENCIES += sqlite
 BOTAN_CONF_OPTS += --with-sqlite
 endif
 
+ifeq ($(BR2_PACKAGE_TROUSERS),y)
+BOTAN_DEPENDENCIES += trousers
+BOTAN_CONF_OPTS += --with-tpm
+endif
+
 ifeq ($(BR2_PACKAGE_XZ),y)
 BOTAN_DEPENDENCIES += xz
 BOTAN_CONF_OPTS += --with-lzma

package/brltty/brltty.mk

@@ -23,8 +23,10 @@ BRLTTY_CONF_ENV = \
 	PKG_CONFIG_FOR_BUILD=$(HOST_DIR)/bin/pkgconf
 
 BRLTTY_CONF_OPTS = \
+	--disable-emacs-bindings \
 	--disable-java-bindings \
 	--disable-lisp-bindings \
+	--disable-lua-bindings \
 	--disable-ocaml-bindings \
 	--disable-python-bindings \
 	--disable-tcl-bindings \

package/c-ares/c-ares.mk

@@ -10,7 +10,7 @@ C_ARES_INSTALL_STAGING = YES
 C_ARES_CONF_OPTS = --with-random=/dev/urandom
 C_ARES_LICENSE = MIT
 C_ARES_LICENSE_FILES = LICENSE.md
-C_ARES_CPE_ID_VENDOR = c-ares_project
+C_ARES_CPE_ID_VENDOR = c-ares
 
 $(eval $(autotools-package))
 $(eval $(host-autotools-package))

package/cjson/cjson.hash

@@ -1,3 +1,3 @@
 # Locally computed:
-sha256  451131a92c55efc5457276807fc0c4c2c2707c9ee96ef90c47d68852d5384c6c  cjson-1.7.16.tar.gz
+sha256  c91d1eeb7175c50d49f6ba2a25e69b46bd05cffb798382c19bfb202e467ec51c  cjson-1.7.17.tar.gz
 sha256  a36dda207c36db5818729c54e7ad4e8b0c6fba847491ba64f372c1a2037b6d5c  LICENSE

package/cjson/cjson.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-CJSON_VERSION = 1.7.16
+CJSON_VERSION = 1.7.17
 CJSON_SITE = $(call github,DaveGamble,cjson,v$(CJSON_VERSION))
 CJSON_INSTALL_STAGING = YES
 CJSON_LICENSE = MIT

package/cog/cog.hash

@@ -1,7 +1,7 @@
-# From https://wpewebkit.org/releases/cog-0.18.1.tar.xz.sums
-md5  204ae9353ed828e4ac39b1dd4c5c35dd  cog-0.18.1.tar.xz
-sha1  f0f0ebcd279170f427be0ad57fd356faff1a2732  cog-0.18.1.tar.xz
-sha256  72e3a84052b459e2d53d0e8b947f20e27bf5d8049766c4c1594eb9c6b6cf7ab3  cog-0.18.1.tar.xz
+# From https://wpewebkit.org/releases/cog-0.18.2.tar.xz.sums
+md5  7fbfc2e19304132be0d73f5e5512151c  cog-0.18.2.tar.xz
+sha1  045294f7fa878db86e4b8a617ee4ac056a71cb75  cog-0.18.2.tar.xz
+sha256  3c4237cff6323b8c3eaf52c6f3f6415b898a22c0127c6c396c1eaa6eef46c279  cog-0.18.2.tar.xz
 
 # Hashes for license files:
 sha256  e6c42d93c68b292bcccf6d2ec3e13da85df90b718ba27c2c2a01053a9d009252  COPYING

package/cog/cog.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-COG_VERSION = 0.18.1
+COG_VERSION = 0.18.2
 COG_SITE = https://wpewebkit.org/releases
 COG_SOURCE = cog-$(COG_VERSION).tar.xz
 COG_INSTALL_STAGING = YES

package/containerd/containerd.mk

@@ -9,7 +9,6 @@ CONTAINERD_SITE = $(call github,containerd,containerd,v$(CONTAINERD_VERSION))
 CONTAINERD_LICENSE = Apache-2.0
 CONTAINERD_LICENSE_FILES = LICENSE
 CONTAINERD_CPE_ID_VENDOR = linuxfoundation
-CONTAINERD_CPE_ID_PRODUCT = containerd
 
 CONTAINERD_GOMOD = github.com/containerd/containerd
 

package/cpio/cpio.hash

@@ -1,6 +1,6 @@
 # From https://lists.gnu.org/archive/html/info-gnu/2023-05/msg00001.html
 sha1  cbac50a61079b6f3bdcf9ffe42171d9257cfe877  cpio-2.14.tar.bz2
 # Locally calculated after checking pgp signature
-sha256  fcdc15d60f7267a6fc7efcd6b9db7b6c8966c4f2fbbb964c24d41336fd3f2c12  cpio-2.13.tar.bz2
+sha256  fcdc15d60f7267a6fc7efcd6b9db7b6c8966c4f2fbbb964c24d41336fd3f2c12  cpio-2.14.tar.bz2
 # Locally calculated
 sha256  fc82ca8b6fdb18d4e3e85cfd8ab58d1bcd3f1b29abe782895abd91d64763f8e7  COPYING

package/crda/crda.mk

@@ -9,7 +9,6 @@ CRDA_SITE = https://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/crda.git/snap
 CRDA_DEPENDENCIES = host-pkgconf host-python-pycryptodomex libnl libgcrypt
 CRDA_LICENSE = ISC
 CRDA_LICENSE_FILES = LICENSE
-CRDA_CPE_ID_VENDOR = kernel
 
 define CRDA_BUILD_CMDS
 	$(TARGET_CONFIGURE_OPTS) \

package/criu/Config.in

@@ -4,10 +4,8 @@ config BR2_PACKAGE_CRIU_ARCH_SUPPORTS
 	default y if BR2_ARM_CPU_ARMV6
 	default y if BR2_ARM_CPU_ARMV7A
 	default y if BR2_ARM_CPU_ARMV7M
-	default y if BR2_ARM_CPU_ARMV8A
+	default y if BR2_ARM_CPU_ARMV8A && !BR2_aarch64_be
 	default y if BR2_aarch64
-	default y if BR2_i386
-	default y if BR2_mips
 	default y if BR2_x86_64
 	default y if BR2_powerpc64le # Only support powerpc64 with LE
 	# CRIU has "some" support for s390 but it is not included due to
@@ -45,9 +43,9 @@ config BR2_PACKAGE_CRIU
 
 	  https://criu.org/Main_Page
 
-comment "criu needs a glibc or musl toolchain w/ threads, gcc >= 8, headers >= 4.18, dynamic library, wchar"
+comment "criu needs a glibc or musl toolchain w/ threads, gcc >= 8, headers >= 4.18, C++, dynamic library, wchar"
 	depends on BR2_PACKAGE_CRIU_ARCH_SUPPORTS
 	depends on !BR2_TOOLCHAIN_GCC_AT_LEAST_8 || !BR2_TOOLCHAIN_HAS_THREADS \
 		|| !BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_18 \
-		|| BR2_TOOLCHAIN_USES_UCLIBC \
+		|| BR2_TOOLCHAIN_USES_UCLIBC || !BR2_INSTALL_LIBSTDCPP \
 		|| BR2_STATIC_LIBS || !BR2_USE_WCHAR

package/cryptodev-linux/0001-zero-copy-Fix-build-for-Linux-6-4.patch

@@ -0,0 +1,37 @@
+From 592017c3a910a3905b1925aee88c4674e9a596b7 Mon Sep 17 00:00:00 2001
+From: Gaurav Jain <gaurav.jain@nxp.com>
+Date: Tue, 30 May 2023 17:09:42 +0530
+Subject: [PATCH] zero copy: Fix build for Linux 6.4
+
+get_user_pages_remote api prototype is changed in kernel.
+struct vm_area_struct **vmas argument is removed.
+Migrate to the new API.
+
+Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com>
+
+Upstream: https://github.com/cryptodev-linux/cryptodev-linux/commit/592017c3a910a3905b1925aee88c4674e9a596b7
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ zc.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/zc.c b/zc.c
+index fdf7da17..6637945a 100644
+--- a/zc.c
++++ b/zc.c
+@@ -80,10 +80,14 @@ int __get_userbuf(uint8_t __user *addr, uint32_t len, int write,
+ 	ret = get_user_pages_remote(task, mm,
+ 			(unsigned long)addr, pgcount, write ? FOLL_WRITE : 0,
+ 			pg, NULL, NULL);
+-#else
++#elif (LINUX_VERSION_CODE < KERNEL_VERSION(6, 4, 0))
+ 	ret = get_user_pages_remote(mm,
+ 			(unsigned long)addr, pgcount, write ? FOLL_WRITE : 0,
+ 			pg, NULL, NULL);
++#else
++	ret = get_user_pages_remote(mm,
++			(unsigned long)addr, pgcount, write ? FOLL_WRITE : 0,
++			pg, NULL);
+ #endif
+ #if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0))
+ 	up_read(&mm->mmap_sem);

package/cryptodev-linux/0002-cryptodev_verbosity-Fix-build-for-Linux-6-4.patch

@@ -0,0 +1,44 @@
+From 99ae2a39ddc3f89c66d9f09783b591c0f2dbf2e9 Mon Sep 17 00:00:00 2001
+From: Gaurav Jain <gaurav.jain@nxp.com>
+Date: Wed, 28 Jun 2023 12:44:32 +0530
+Subject: [PATCH] cryptodev_verbosity: Fix build for Linux 6.4
+
+register_sysctl_table api is removed in kernel.
+migrate to the new api register_sysctl.
+
+child is also removed in linux 6.4 ctl_table struct.
+
+Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com>
+
+Upstream: https://github.com/cryptodev-linux/cryptodev-linux/commit/99ae2a39ddc3f89c66d9f09783b591c0f2dbf2e9
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ ioctl.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/ioctl.c b/ioctl.c
+index 8f241b86..4262bbd5 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -1246,7 +1246,9 @@ static struct ctl_table verbosity_ctl_root[] = {
+ 	{
+ 		.procname       = "ioctl",
+ 		.mode           = 0555,
++#if (LINUX_VERSION_CODE < KERNEL_VERSION(6, 4, 0))
+ 		.child          = verbosity_ctl_dir,
++#endif
+ 	},
+ 	{},
+ };
+@@ -1267,7 +1269,11 @@ static int __init init_cryptodev(void)
+ 		return rc;
+ 	}
+ 
++#if (LINUX_VERSION_CODE < KERNEL_VERSION(6, 4, 0))
+ 	verbosity_sysctl_header = register_sysctl_table(verbosity_ctl_root);
++#else
++	verbosity_sysctl_header = register_sysctl(verbosity_ctl_root->procname, verbosity_ctl_dir);
++#endif
+ 
+ 	pr_info(PFX "driver %s loaded.\n", VERSION);
+ 

package/cups/cups.mk

@@ -40,10 +40,8 @@ CUPS_DEPENDENCIES = \
 
 ifeq ($(BR2_PACKAGE_SYSTEMD),y)
 CUPS_CONF_OPTS += --with-systemd=/usr/lib/systemd/system \
-	--enable-systemd
+	--with-ondemand=systemd
 CUPS_DEPENDENCIES += systemd
-else
-CUPS_CONF_OPTS += --disable-systemd
 endif
 
 ifeq ($(BR2_PACKAGE_DBUS),y)
@@ -54,8 +52,11 @@ CUPS_CONF_OPTS += --disable-dbus
 endif
 
 ifeq ($(BR2_PACKAGE_GNUTLS),y)
-CUPS_CONF_OPTS += --with-tls=yes
+CUPS_CONF_OPTS += --with-tls=gnutls
 CUPS_DEPENDENCIES += gnutls
+else ifeq ($(BR2_PACKAGE_OPENSSL),y)
+CUPS_CONF_OPTS += --with-tls=openssl
+CUPS_DEPENDENCIES += openssl
 else
 CUPS_CONF_OPTS += --with-tls=no
 endif
@@ -67,11 +68,11 @@ else
 CUPS_CONF_OPTS += --disable-libusb
 endif
 
-ifeq ($(BR2_PACKAGE_AVAHI),y)
+ifeq ($(BR2_PACKAGE_AVAHI_LIBAVAHI_CLIENT),y)
 CUPS_DEPENDENCIES += avahi
-CUPS_CONF_OPTS += --enable-avahi
+CUPS_CONF_OPTS += --with-dnssd=avahi
 else
-CUPS_CONF_OPTS += --disable-avahi
+CUPS_CONF_OPTS += --with-dnssd=no
 endif
 
 ifeq ($(BR2_PACKAGE_HAS_UDEV),y)

package/dahdi-linux/0001-drivers-dahdi-Kbuild-fix-HOTPLUG_FIRMWARE-definition.patch

@@ -1,64 +0,0 @@
-From dc0a646a460e6da10ddbe7bf02794051d76f8751 Mon Sep 17 00:00:00 2001
-From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-Date: Thu, 4 Nov 2021 17:30:06 +0100
-Subject: [PATCH] drivers/dahdi/Kbuild: fix HOTPLUG_FIRMWARE definition
-
-HOTPLUG_FIRMWARE is used before being defined resulting in the following
-build failure since version 2.7.0 and
-https://git.asterisk.org/gitweb/?p=dahdi/linux.git;a=commit;h=e2f492595c9191ba6d556ccac1bde4c1bb892938:
-
-  MODPOST /home/fabrice/buildroot/output/build/dahdi-linux-5c840cf43838e0690873e73409491c392333b3b8/drivers/dahdi/Module.symvers
-ERROR: modpost: "_binary_dahdi_fw_oct6114_032_bin_start" [/home/fabrice/buildroot/output/build/dahdi-linux-5c840cf43838e0690873e73409491c392333b3b8/drivers/dahdi/wcaxx.ko] undefined!
-ERROR: modpost: "_binary_dahdi_fw_oct6114_032_bin_size" [/home/fabrice/buildroot/output/build/dahdi-linux-5c840cf43838e0690873e73409491c392333b3b8/drivers/dahdi/wcaxx.ko] undefined!
-ERROR: modpost: "_binary_dahdi_fw_oct6114_128_bin_start" [/home/fabrice/buildroot/output/build/dahdi-linux-5c840cf43838e0690873e73409491c392333b3b8/drivers/dahdi/wcte43x.ko] undefined!
-ERROR: modpost: "_binary_dahdi_fw_oct6114_064_bin_start" [/home/fabrice/buildroot/output/build/dahdi-linux-5c840cf43838e0690873e73409491c392333b3b8/drivers/dahdi/wcte43x.ko] undefined!
-ERROR: modpost: "_binary_dahdi_fw_oct6114_128_bin_size" [/home/fabrice/buildroot/output/build/dahdi-linux-5c840cf43838e0690873e73409491c392333b3b8/drivers/dahdi/wcte43x.ko] undefined!
-ERROR: modpost: "_binary_dahdi_fw_oct6114_064_bin_size" [/home/fabrice/buildroot/output/build/dahdi-linux-5c840cf43838e0690873e73409491c392333b3b8/drivers/dahdi/wcte43x.ko] undefined!
-ERROR: modpost: "_binary_dahdi_fw_oct6114_032_bin_start" [/home/fabrice/buildroot/output/build/dahdi-linux-5c840cf43838e0690873e73409491c392333b3b8/drivers/dahdi/wcte13xp.ko] undefined!
-ERROR: modpost: "_binary_dahdi_fw_oct6114_032_bin_size" [/home/fabrice/buildroot/output/build/dahdi-linux-5c840cf43838e0690873e73409491c392333b3b8/drivers/dahdi/wcte13xp.ko] undefined!
-
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-[Upstream status: sent to "Shaun Ruffell <sruffell@sruffell.net>"]
----
- drivers/dahdi/Kbuild | 18 +++++++++---------
- 1 file changed, 9 insertions(+), 9 deletions(-)
-
-diff --git a/drivers/dahdi/Kbuild b/drivers/dahdi/Kbuild
-index 855e5bf..b1a8481 100644
---- a/drivers/dahdi/Kbuild
-+++ b/drivers/dahdi/Kbuild
-@@ -13,6 +13,15 @@ obj-$(DAHDI_BUILD_ALL)$(CONFIG_DAHDI_WCTC4XXP)		+= wctc4xxp/
- obj-$(DAHDI_BUILD_ALL)$(CONFIG_DAHDI_WCTDM24XXP)	+= wctdm24xxp/
- obj-$(DAHDI_BUILD_ALL)$(CONFIG_DAHDI_WCTE13XP)		+= wcte13xp.o
- 
-+ifndef HOTPLUG_FIRMWARE
-+ifneq (,$(filter y m,$(CONFIG_FW_LOADER)))
-+HOTPLUG_FIRMWARE := yes
-+else
-+HOTPLUG_FIRMWARE := no
-+endif
-+export HOTPLUG_FIRMWARE
-+endif
-+
- wcte13xp-objs := wcte13xp-base.o wcxb_spi.o wcxb.o wcxb_flash.o
- CFLAGS_wcte13xp-base.o += -I$(src)/oct612x -I$(src)/oct612x/include -I$(src)/oct612x/octdeviceapi -I$(src)/oct612x/octdeviceapi/oct6100api
- ifeq ($(HOTPLUG_FIRMWARE),yes)
-@@ -61,15 +70,6 @@ endif
- 
- CFLAGS_MODULE += -I$(DAHDI_INCLUDE) -I$(src) -Wno-format-truncation
- 
--ifndef HOTPLUG_FIRMWARE
--ifneq (,$(filter y m,$(CONFIG_FW_LOADER)))
--HOTPLUG_FIRMWARE := yes
--else
--HOTPLUG_FIRMWARE := no
--endif
--export HOTPLUG_FIRMWARE
--endif
--
- # fix typo present in CentOS and RHEL 2.6.9 kernels
- BAD_KERNELS_VERS := 22 34 34.0.1 34.0.2
- BAD_KERNELS := $(foreach ver,$(BAD_KERNELS_VERS),2.6.9-$(ver).EL 2.6.9-$(ver).ELsmp)
--- 
-2.33.0
-

package/dahdi-linux/0001-fix-build-with-32-bits-kernel.patch

@@ -12,6 +12,7 @@ ERROR: modpost: "__moddi3" [/home/fabrice/buildroot/output/build/dahdi-linux-5c8
 ERROR: modpost: "__divdi3" [/home/fabrice/buildroot/output/build/dahdi-linux-5c840cf43838e0690873e73409491c392333b3b8/drivers/dahdi/xpp/xpp.ko] undefined!
 
 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Upstream: https://github.com/asterisk/dahdi-linux/pull/32
 ---
  drivers/dahdi/xpp/xbus-core.c    |  9 ++++++---
  drivers/dahdi/xpp/xbus-pcm.c     |  4 ++--

package/dahdi-linux/0003-Fixed-compilation-issues-on-linux-kernel-5-18-0.patch

@@ -1,58 +0,0 @@
-From dbb43101c2a9205b67223b006bf75c29ebadced9 Mon Sep 17 00:00:00 2001
-From: Pushkar Singh <psingh@sangoma.com>
-Date: Tue, 2 Aug 2022 19:40:00 +0530
-Subject: [PATCH] Fixed compilation issues on linux kernel >= 5.18.0
-
-With kernel 5.18 and higher
-PCI: Remove the deprecated "pci-dma-compat.h" API
-
-The commit will make sure to impplement pci dma related api's
-[Retrieved from:
-https://github.com/asterisk/dahdi-linux/commit/dbb43101c2a9205b67223b006bf75c29ebadced9]
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
----
- include/dahdi/kernel.h | 31 +++++++++++++++++++++++++++++++
- 1 file changed, 31 insertions(+)
-
-diff --git a/include/dahdi/kernel.h b/include/dahdi/kernel.h
-index ed81e9e3..35e93bc4 100644
---- a/include/dahdi/kernel.h
-+++ b/include/dahdi/kernel.h
-@@ -58,6 +58,37 @@
- 
- #include <linux/poll.h>
- 
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 18, 0)
-+#include <linux/pci.h>
-+#include <linux/dma-mapping.h>
-+
-+static inline void *pci_alloc_consistent(struct pci_dev *hwdev, size_t size, dma_addr_t *dma_handle)
-+{
-+    return dma_alloc_coherent(hwdev == NULL ? NULL : &hwdev->dev, size, dma_handle, GFP_ATOMIC);
-+}
-+
-+static inline void pci_free_consistent(struct pci_dev *hwdev, size_t size, void *vaddr, dma_addr_t dma_handle)
-+{
-+    dma_free_coherent(hwdev == NULL ? NULL : &hwdev->dev, size, vaddr, dma_handle);
-+}
-+
-+static inline dma_addr_t pci_map_single(struct pci_dev *hwdev, void *ptr, size_t size, int direction)
-+{
-+    return dma_map_single(&hwdev->dev, ptr, size, (enum dma_data_direction)direction);
-+}
-+
-+static inline void pci_unmap_single(struct pci_dev *hwdev, dma_addr_t dma_addr, size_t size, int direction)
-+{
-+    dma_unmap_single(&hwdev->dev, dma_addr, size, (enum dma_data_direction)direction);
-+}
-+
-+static inline int pci_set_dma_mask(struct pci_dev *dev, u64 mask)
-+{
-+    return dma_set_mask(&dev->dev, mask);
-+}
-+
-+#endif
-+
- #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 29)
- #define HAVE_NET_DEVICE_OPS
- #endif

package/dahdi-linux/0004-next-fix-kernel-6-1-build.patch

@@ -1,32 +0,0 @@
-From a759a578277bde98eba7ef4bf86bdf819a900de9 Mon Sep 17 00:00:00 2001
-From: John Thomson <git@johnthomson.fastmail.com.au>
-Date: Sun, 23 Oct 2022 13:42:52 +1000
-Subject: [PATCH] fix kernel 6.1 build
-
-kernel 6.1 includes b48b89f9c189 ("net: drop the weight argument from netif_napi_add") [0]
-
-[0]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b48b89f9c189d24eb5e2b4a0ac067da5a24ee86d
-
-Signed-off-by: John Thomson <git@johnthomson.fastmail.com.au>
-[Retrieved from:
-https://github.com/asterisk/dahdi-linux/pull/14/commits/a759a578277bde98eba7ef4bf86bdf819a900de9]
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
----
- include/dahdi/kernel.h | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/include/dahdi/kernel.h b/include/dahdi/kernel.h
-index 35e93bc4..fd64a15e 100644
---- a/include/dahdi/kernel.h
-+++ b/include/dahdi/kernel.h
-@@ -58,6 +58,10 @@
- 
- #include <linux/poll.h>
- 
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0)
-+#define netif_napi_add netif_napi_add_weight
-+#endif
-+
- #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 18, 0)
- #include <linux/pci.h>
- #include <linux/dma-mapping.h>

package/dahdi-linux/0005-Fix-build-on-Linux-6.3.patch

@@ -1,116 +0,0 @@
-From c4969d756eac041758856b99a1084158c06beb7e Mon Sep 17 00:00:00 2001
-From: Brahmajit Das <brahmajit.xyz@gmail.com>
-Date: Thu, 22 Jun 2023 15:52:18 +0000
-Subject: [PATCH] drivers/dahdi: fix build with clang-16
-
-clang-16 enables -Werror=incompatible-pointer-types (along with buch of
-other warnings) by default, thus resulting in errors such as:
-
-/var/tmp/portage/net-misc/dahdi-3.2.0/work/dahdi-linux-3.2.0/drivers/dahdi/dahdi-sysfs.c:272:20: error: incompatible function
-      pointer types initializing 'int (*)(const struct device *, struct kobj_uevent_env *)' with an expression of type
-      'int (struct device *, struct kobj_uevent_env *)' [-Wincompatible-function-pointer-types]
-        .uevent         = span_uevent,
-                          ^~~~~~~~~~~
-/var/tmp/portage/net-misc/dahdi-3.2.0/work/dahdi-linux-3.2.0/drivers/dahdi/dahdi-sysfs.c:709:20: error: incompatible function
-      pointer types initializing 'int (*)(const struct device *, struct kobj_uevent_env *)' with an expression of type
-      'int (struct device *, struct kobj_uevent_env *)' [-Wincompatible-function-pointer-types]
-        .uevent         = device_uevent,
-                          ^~~~~~~~~~~~~
-2 errors generated.
-
-This is due the change in bus_type strcut made in upstream commit
-https://github.com/torvalds/linux/commit/2a81ada32f0e584fc0c943e0d3a8c9f4fae411d6.
-Where they make uevent take a const *, as the strcut should not be
-modifying the device that is passed into it.
-
-This patch modifes some of the fucntions parameter types, making dahdi
-possible to be built with clang-16.
-
-Bug: https://bugs.gentoo.org/906179
-Signed-off-by: Brahmajit Das <brahmajit.xyz@gmail.com>
-
-Upstream: https://github.com/asterisk/dahdi-linux/pull/21
-
-[Bernd: updated patch for compatibility with kernel < 6.3]
-Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
----
- drivers/dahdi/dahdi-sysfs.c    | 12 ++++++++++--
- drivers/dahdi/wctc4xxp/base.c  |  2 +-
- drivers/dahdi/xpp/xbus-sysfs.c |  4 ++++
- 3 files changed, 15 insertions(+), 3 deletions(-)
-
-diff --git a/drivers/dahdi/dahdi-sysfs.c b/drivers/dahdi/dahdi-sysfs.c
-index ca29ddba..38236929 100644
---- a/drivers/dahdi/dahdi-sysfs.c
-+++ b/drivers/dahdi/dahdi-sysfs.c
-@@ -47,7 +47,7 @@ static int span_match(struct device *dev, struct device_driver *driver)
- 	return 1;
- }
- 
--static inline struct dahdi_span *dev_to_span(struct device *dev)
-+static inline struct dahdi_span *dev_to_span(const struct device *dev)
- {
- 	return dev_get_drvdata(dev);
- }
-@@ -68,7 +68,11 @@ static inline struct dahdi_span *dev_to_span(struct device *dev)
- 			return err;				\
- 	} while (0)
- 
-+#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 3, 0)
- static int span_uevent(struct device *dev, struct kobj_uevent_env *kenv)
-+#else
-+static int span_uevent(const struct device *dev, struct kobj_uevent_env *kenv)
-+#endif
- {
- 	struct dahdi_span *span;
- 
-@@ -415,7 +419,7 @@ static struct {
- 	unsigned int clean_chardev:1;
- } should_cleanup;
- 
--static inline struct dahdi_device *to_ddev(struct device *dev)
-+static inline struct dahdi_device *to_ddev(const struct device *dev)
- {
- 	return container_of(dev, struct dahdi_device, dev);
- }
-@@ -438,7 +442,11 @@ static inline struct dahdi_device *to_ddev(struct device *dev)
- 			return err;				\
- 	} while (0)
- 
-+#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 3, 0)
- static int device_uevent(struct device *dev, struct kobj_uevent_env *kenv)
-+#else
-+static int device_uevent(const struct device *dev, struct kobj_uevent_env *kenv)
-+#endif
- {
- 	struct dahdi_device *ddev;
- 
-diff --git a/drivers/dahdi/wctc4xxp/base.c b/drivers/dahdi/wctc4xxp/base.c
-index ec6fc436..db70ea7e 100644
---- a/drivers/dahdi/wctc4xxp/base.c
-+++ b/drivers/dahdi/wctc4xxp/base.c
-@@ -643,7 +643,7 @@ wctc4xxp_net_register(struct wcdte *wc)
- 		return -ENOMEM;
- 	priv = netdev_priv(netdev);
- 	priv->wc = wc;
--	memcpy(netdev->dev_addr, our_mac, sizeof(our_mac));
-+	memcpy((void *)netdev->dev_addr, our_mac, sizeof(our_mac));
- 
- #	ifdef HAVE_NET_DEVICE_OPS
- 	netdev->netdev_ops = &wctc4xxp_netdev_ops;
-diff --git a/drivers/dahdi/xpp/xbus-sysfs.c b/drivers/dahdi/xpp/xbus-sysfs.c
-index d8c11dc3..11b3ed3e 100644
---- a/drivers/dahdi/xpp/xbus-sysfs.c
-+++ b/drivers/dahdi/xpp/xbus-sysfs.c
-@@ -418,7 +418,11 @@ static int astribank_match(struct device *dev, struct device_driver *driver)
- 			return err;				\
- 	} while (0)
- 
-+#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 3, 0)
- static int astribank_uevent(struct device *dev, struct kobj_uevent_env *kenv)
-+#else
-+static int astribank_uevent(const struct device *dev, struct kobj_uevent_env *kenv)
-+#endif
- {
- 	xbus_t *xbus;
- 	extern char *initdir;

package/dahdi-linux/0006-Fix-build-on-Linux-6.4.patch

@@ -1,69 +0,0 @@
-From b393e59d7eb2951e2fb279fca1c4756ea165aeee Mon Sep 17 00:00:00 2001
-From: Bernd Kuhls <bernd@kuhls.net>
-Date: Sun, 9 Jul 2023 17:14:31 +0200
-Subject: [PATCH] Fix build on Linux 6.4
-
-Needed after upstream changes in kernel 6.4:
-https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/diff/include/linux/device/class.h?id=1aaba11da9aa
-https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=48380368dec14859723b9e3fbd43e042638d9a76
-
-Upstream: https://github.com/asterisk/dahdi-linux/pull/22
-
-Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
----
- drivers/dahdi/dahdi-sysfs-chan.c  | 4 ++++
- drivers/dahdi/voicebus/voicebus.c | 4 ++++
- drivers/dahdi/wctdm24xxp/base.c   | 4 ++++
- 3 files changed, 12 insertions(+)
-
-diff --git a/drivers/dahdi/dahdi-sysfs-chan.c b/drivers/dahdi/dahdi-sysfs-chan.c
-index a91e6ed..b18b5f9 100644
---- a/drivers/dahdi/dahdi-sysfs-chan.c
-+++ b/drivers/dahdi/dahdi-sysfs-chan.c
-@@ -482,7 +482,11 @@ int __init dahdi_sysfs_chan_init(const struct file_operations *fops)
- 	}
- 	should_cleanup.channel_driver = 1;
- 
-+#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 4, 0)
- 	dahdi_class = class_create(THIS_MODULE, "dahdi");
-+#else
-+	dahdi_class = class_create("dahdi");
-+#endif
- 	if (IS_ERR(dahdi_class)) {
- 		res = PTR_ERR(dahdi_class);
- 		dahdi_err("%s: class_create(dahi_chan) failed. Error: %d\n",
-diff --git a/drivers/dahdi/voicebus/voicebus.c b/drivers/dahdi/voicebus/voicebus.c
-index 8a1f7a6..d141aaf 100644
---- a/drivers/dahdi/voicebus/voicebus.c
-+++ b/drivers/dahdi/voicebus/voicebus.c
-@@ -1135,7 +1135,11 @@ static void vb_stop_txrx_processors(struct voicebus *vb)
-  */
- void voicebus_stop(struct voicebus *vb)
- {
-+#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 4, 0)
- 	static DEFINE_SEMAPHORE(stop);
-+#else
-+	static DEFINE_SEMAPHORE(stop, 1);
-+#endif
- 
- 	down(&stop);
- 
-diff --git a/drivers/dahdi/wctdm24xxp/base.c b/drivers/dahdi/wctdm24xxp/base.c
-index a28e249..4392b45 100644
---- a/drivers/dahdi/wctdm24xxp/base.c
-+++ b/drivers/dahdi/wctdm24xxp/base.c
-@@ -224,7 +224,11 @@ mod_hooksig(struct wctdm *wc, struct wctdm_module *mod, enum dahdi_rxsig rxsig)
- }
- 
- struct wctdm *ifaces[WC_MAX_IFACES];
-+#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 4, 0)
- DEFINE_SEMAPHORE(ifacelock);
-+#else
-+DEFINE_SEMAPHORE(ifacelock, 1);
-+#endif
- 
- static void wctdm_release(struct wctdm *wc);
- 
--- 
-2.39.2
-

package/dahdi-linux/dahdi-linux.hash

@@ -1,5 +1,5 @@
-# From http://downloads.asterisk.org/pub/telephony/dahdi-linux/releases/dahdi-linux-3.2.0.sha256
-sha256  e2ef9b3f6769f60f432cfa09c39c9a0d7ab5bddff59229f385056915c65f9f13  dahdi-linux-3.2.0.tar.gz
+# From http://downloads.asterisk.org/pub/telephony/dahdi-linux/releases/dahdi-linux-3.3.0.sha256
+sha256  f9528a82b5e88c1d92d737efd65bd571bef2cd1b1b44d43b857a76e38e01a7c0  dahdi-linux-3.3.0.tar.gz
 
 # Firmware files have no upstream hash, so sha56 locally computed
 sha256  3ff26cf80555fd7470b43a87c51d03c1db2a75abcd4561d79f69b6c48298e4a1  dahdi-fwload-vpmadt032-1.25.0.tar.gz

package/dahdi-linux/dahdi-linux.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DAHDI_LINUX_VERSION = 3.2.0
+DAHDI_LINUX_VERSION = 3.3.0
 DAHDI_LINUX_SITE = \
 	http://downloads.asterisk.org/pub/telephony/dahdi-linux/releases
 

package/dahdi-tools/dahdi-tools.hash

@@ -1,5 +1,5 @@
-# From http://downloads.asterisk.org/pub/telephony/dahdi-tools/releases/dahdi-tools-3.2.0.sha256
-sha256  2bc269887fcd42d2486572611934d713e603734cc658b3b517fc9f3bdea7262f  dahdi-tools-3.2.0.tar.gz
+# From http://downloads.asterisk.org/pub/telephony/dahdi-tools/releases/dahdi-tools-3.3.0.sha256
+sha256  5706b37df5840ecdc524d4c86df2ad34a31f83db552a8519b4ccf61bac75d2e4  dahdi-tools-3.3.0.tar.gz
 
 # License files, locally computed
 sha256  fa5fc1d1eec39532ea517518eeefd7b6e3c14341a55e5880a0e2a49eee47a5b7  LICENSE

package/dahdi-tools/dahdi-tools.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DAHDI_TOOLS_VERSION = 3.2.0
+DAHDI_TOOLS_VERSION = 3.3.0
 DAHDI_TOOLS_SITE = http://downloads.asterisk.org/pub/telephony/dahdi-tools/releases
 
 DAHDI_TOOLS_LICENSE = GPLv2, LGPLv2.1

package/darkhttpd/darkhttpd.hash

@@ -1,3 +1,3 @@
 # Locally generated
-sha256  e063de9efa5635260c8def00a4d41ec6145226a492d53fa1dac436967670d195  darkhttpd-1.14.tar.gz
-sha256  f002944c9a8516e3346002d39c3e13681306833358c0f3c7781dff1fdb639710  darkhttpd.c
+sha256  ea48cedafbf43186f4a8d1afc99b33b671adee99519658446022e6f63bd9eda9  darkhttpd-1.15.tar.gz
+sha256  1ecf63e8f84fd60ac7215e04195b9a61dcb47176ea65df26547582027f6c1dee  COPYING

package/darkhttpd/darkhttpd.mk

@@ -4,10 +4,10 @@
 #
 ################################################################################
 
-DARKHTTPD_VERSION = 1.14
+DARKHTTPD_VERSION = 1.15
 DARKHTTPD_SITE = $(call github,emikulic,darkhttpd,v$(DARKHTTPD_VERSION))
-DARKHTTPD_LICENSE = MIT
-DARKHTTPD_LICENSE_FILES = darkhttpd.c
+DARKHTTPD_LICENSE = ISC
+DARKHTTPD_LICENSE_FILES = COPYING
 DARKHTTPD_CPE_ID_VENDOR = darkhttpd_project
 
 define DARKHTTPD_BUILD_CMDS

package/davinci-bootcount/Config.in

@@ -8,4 +8,4 @@ config BR2_PACKAGE_DAVINCI_BOOTCOUNT
 	  SCRATCH2 register. This tool allows to read and write this
 	  register from userspace.
 
-	  https://github.com/VoltServer/uboot-davinci-bootcount
+	  https://github.com/VoltServer/uboot-bootcount

package/davinci-bootcount/davinci-bootcount.mk

@@ -5,7 +5,7 @@
 ################################################################################
 
 DAVINCI_BOOTCOUNT_VERSION = 2.0.0
-DAVINCI_BOOTCOUNT_SITE = $(call github,VoltServer,uboot-davinci-bootcount,v$(DAVINCI_BOOTCOUNT_VERSION))
+DAVINCI_BOOTCOUNT_SITE = $(call github,VoltServer,uboot-bootcount,v$(DAVINCI_BOOTCOUNT_VERSION))
 DAVINCI_BOOTCOUNT_LICENSE = GPL-3.0
 DAVINCI_BOOTCOUNT_LICENSE_FILES = COPYING
 

package/dbus/dbus.hash

@@ -1,7 +1,7 @@
 # Locally calculated after checking pgp signature
-# https://dbus.freedesktop.org/releases/dbus/dbus-1.14.8.tar.xz.asc
+# https://dbus.freedesktop.org/releases/dbus/dbus-1.14.10.tar.xz.asc
 # using key 36EC5A6448A4F5EF79BEFE98E05AE1478F814C4F
-sha256  a6bd5bac5cf19f0c3c594bdae2565a095696980a683a0ef37cb6212e093bde35  dbus-1.14.8.tar.xz
+sha256  ba1f21d2bd9d339da2d4aa8780c09df32fea87998b73da24f49ab9df1e36a50f  dbus-1.14.10.tar.xz
 
 # Locally calculated
 sha256  e61807cd1c32ff4e7bd5b4b61dd21997c6dc5642cf19316124fe38d50e1f9fa3  COPYING

package/dbus/dbus.mk

@@ -6,13 +6,12 @@
 
 # When updating dbus, check if there are changes in session.conf and
 # system.conf, and update the versions in the dbus-broker package accordingly.
-DBUS_VERSION = 1.14.8
+DBUS_VERSION = 1.14.10
 DBUS_SOURCE = dbus-$(DBUS_VERSION).tar.xz
 DBUS_SITE = https://dbus.freedesktop.org/releases/dbus
 DBUS_LICENSE = AFL-2.1 or GPL-2.0+ (library, tools), GPL-2.0+ (tools)
 DBUS_LICENSE_FILES = COPYING
-DBUS_CPE_ID_VENDOR = d-bus_project
-DBUS_CPE_ID_PRODUCT = d-bus
+DBUS_CPE_ID_VENDOR = freedesktop
 DBUS_INSTALL_STAGING = YES
 
 define DBUS_PERMISSIONS

package/depot-tools/depot-tools.hash

@@ -1,3 +1,3 @@
 # Locally calculated
-sha256  8e0bccdd6b1231f58d5453dc14a5e1d195295ac8d466dec34961e951e946b50b  depot-tools-4e87f5bfe244e903f712408ea68dc3c3a6fe2d00-br1.tar.gz
+sha256  5da23d7558975093c6a732f5743c7f224d16dd3f878a6a1b577b1b127a4098cc  depot-tools-8d14454ba4a35fd9d2483842b08815a2357ec86f-br1.tar.gz
 sha256  984523ee987f4e8b72d61df37d8f1189a7077cd4b77e41a397e35593b297a29d  LICENSE

package/depot-tools/depot-tools.mk

@@ -4,12 +4,11 @@
 #
 ################################################################################
 
-DEPOT_TOOLS_VERSION = 4e87f5bfe244e903f712408ea68dc3c3a6fe2d00
+DEPOT_TOOLS_VERSION = 8d14454ba4a35fd9d2483842b08815a2357ec86f
 DEPOT_TOOLS_SITE = https://chromium.googlesource.com/chromium/tools/depot_tools
 DEPOT_TOOLS_SITE_METHOD = git
 DEPOT_TOOLS_LICENSE = BSD-3-Clause
 DEPOT_TOOLS_LICENSE_FILES = LICENSE
-DEPOT_TOOLS_CPE_ID_VENDOR = google
 
 HOST_DEPOT_TOOLS_DEPENDENCIES = \
 	host-python3 \

package/dhcpcd/dhcpcd.hash

@@ -1,4 +1,4 @@
 # sha256 from https://github.com/NetworkConfiguration/dhcpcd/releases/tag/v10.0.4
-sha256  ced5bbde8da3726eac77b9e77e4f31a89c9849d811ef8a2c749664fc5f55a718  dhcpcd-10.0.4.tar.xz
+sha256  eb1f3cfef3069781ff8c896d7cea922639964afe22db28c069dc3f37f57eb428  dhcpcd-10.0.5.tar.xz
 # Locally calculated
 sha256  a7d6da3a202cdd38eaab0bcea4d25f60d002980f3785b3e896d9bf387f093ac8  LICENSE

package/dhcpcd/dhcpcd.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DHCPCD_VERSION = 10.0.4
+DHCPCD_VERSION = 10.0.5
 DHCPCD_SOURCE = dhcpcd-$(DHCPCD_VERSION).tar.xz
 DHCPCD_SITE = https://github.com/NetworkConfiguration/dhcpcd/releases/download/v$(DHCPCD_VERSION)
 DHCPCD_DEPENDENCIES = host-pkgconf

package/docker/docker.mk

@@ -7,7 +7,7 @@
 DOCKER_VERSION = 1.5
 DOCKER_SITE = http://icculus.org/openbox/2/docker
 DOCKER_DEPENDENCIES = host-pkgconf libglib2 xlib_libX11
-DOCKER_SELINUX_MODULES = docker
+
 DOCKER_LICENSE = GPL-2.0+
 # The 'or later' is specified at the end of the README, so include that one too.
 DOCKER_LICENSE_FILES = COPYING README

package/domoticz/Config.in

@@ -16,7 +16,6 @@ config BR2_PACKAGE_DOMOTICZ
 	select BR2_PACKAGE_BOOST_SYSTEM
 	select BR2_PACKAGE_BOOST_THREAD
 	select BR2_PACKAGE_CEREAL
-	select BR2_PACKAGE_FMT
 	select BR2_PACKAGE_JSONCPP
 	select BR2_PACKAGE_LIBCURL
 	select BR2_PACKAGE_MINIZIP_ZLIB

package/domoticz/domoticz.mk

@@ -12,7 +12,6 @@ DOMOTICZ_CPE_ID_VENDOR = domoticz
 DOMOTICZ_DEPENDENCIES = \
 	boost \
 	cereal \
-	fmt \
 	host-pkgconf \
 	jsoncpp \
 	libcurl \
@@ -36,7 +35,6 @@ DOMOTICZ_CONF_OPTS += \
 # jsoncpp, fmt, minizip, sqlite and mqtt
 DOMOTICZ_CONF_OPTS += \
 	-DUSE_BUILTIN_JSONCPP=OFF \
-	-DUSE_BUILTIN_LIBFMT=OFF \
 	-DUSE_BUILTIN_MINIZIP=OFF \
 	-DUSE_BUILTIN_SQLITE=OFF \
 	-DUSE_BUILTIN_MQTT=OFF

package/dropbear/0001-Implement-Strict-KEX-mode.patch

@@ -0,0 +1,232 @@
+From 6e43be5c7b99dbee49dc72b6f989f29fdd7e9356 Mon Sep 17 00:00:00 2001
+From: Matt Johnston <matt@ucc.asn.au>
+Date: Mon, 20 Nov 2023 14:02:47 +0800
+Subject: [PATCH] Implement Strict KEX mode
+
+As specified by OpenSSH with kex-strict-c-v00@openssh.com and
+kex-strict-s-v00@openssh.com.
+
+Upstream: https://github.com/mkj/dropbear/commit/6e43be5c7b99dbee49dc72b6f989f29fdd7e9356
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ src/cli-session.c    | 11 +++++++++++
+ src/common-algo.c    |  6 ++++++
+ src/common-kex.c     | 26 +++++++++++++++++++++++++-
+ src/kex.h            |  3 +++
+ src/process-packet.c | 34 +++++++++++++++++++---------------
+ src/ssh.h            |  4 ++++
+ src/svr-session.c    |  3 +++
+ 7 files changed, 71 insertions(+), 16 deletions(-)
+
+diff --git a/cli-session.c b/cli-session.c
+index 5981b2470..d261c8f82 100644
+--- a/cli-session.c
++++ b/cli-session.c
+@@ -46,6 +46,7 @@ static void cli_finished(void) ATTRIB_NORETURN;
+ static void recv_msg_service_accept(void);
+ static void cli_session_cleanup(void);
+ static void recv_msg_global_request_cli(void);
++static void cli_algos_initialise(void);
+ 
+ struct clientsession cli_ses; /* GLOBAL */
+ 
+@@ -117,6 +118,7 @@ void cli_session(int sock_in, int sock_out, struct dropbear_progress_connection
+ 	}
+ 
+ 	chaninitialise(cli_chantypes);
++	cli_algos_initialise();
+ 
+ 	/* Set up cli_ses vars */
+ 	cli_session_init(proxy_cmd_pid);
+@@ -487,3 +489,12 @@ void cli_dropbear_log(int priority, const char* format, va_list param) {
+ 	fflush(stderr);
+ }
+ 
++static void cli_algos_initialise(void) {
++	algo_type *algo;
++	for (algo = sshkex; algo->name; algo++) {
++		if (strcmp(algo->name, SSH_STRICT_KEX_S) == 0) {
++			algo->usable = 0;
++		}
++	}
++}
++
+diff --git a/common-algo.c b/common-algo.c
+index 378f0ca8e..f9d46ebb6 100644
+--- a/common-algo.c
++++ b/common-algo.c
+@@ -307,6 +307,12 @@ algo_type sshkex[] = {
+ 	/* Set unusable by svr_algos_initialise() */
+ 	{SSH_EXT_INFO_C, 0, NULL, 1, NULL},
+ #endif
++#endif
++#if DROPBEAR_CLIENT
++	{SSH_STRICT_KEX_C, 0, NULL, 1, NULL},
++#endif
++#if DROPBEAR_SERVER
++	{SSH_STRICT_KEX_S, 0, NULL, 1, NULL},
+ #endif
+ 	{NULL, 0, NULL, 0, NULL}
+ };
+diff --git a/common-kex.c b/common-kex.c
+index ac8844246..8e33b12a6 100644
+--- a/common-kex.c
++++ b/common-kex.c
+@@ -183,6 +183,10 @@ void send_msg_newkeys() {
+ 	gen_new_keys();
+ 	switch_keys();
+ 
++	if (ses.kexstate.strict_kex) {
++		ses.transseq = 0;
++	}
++
+ 	TRACE(("leave send_msg_newkeys"))
+ }
+ 
+@@ -193,7 +197,11 @@ void recv_msg_newkeys() {
+ 
+ 	ses.kexstate.recvnewkeys = 1;
+ 	switch_keys();
+-	
++
++	if (ses.kexstate.strict_kex) {
++		ses.recvseq = 0;
++	}
++
+ 	TRACE(("leave recv_msg_newkeys"))
+ }
+ 
+@@ -550,6 +558,10 @@ void recv_msg_kexinit() {
+ 
+ 	ses.kexstate.recvkexinit = 1;
+ 
++	if (ses.kexstate.strict_kex && !ses.kexstate.donefirstkex && ses.recvseq != 1) {
++		dropbear_exit("First packet wasn't kexinit");
++	}
++
+ 	TRACE(("leave recv_msg_kexinit"))
+ }
+ 
+@@ -859,6 +871,18 @@ static void read_kex_algos() {
+ 	}
+ #endif
+ 
++	if (!ses.kexstate.donefirstkex) {
++		const char* strict_name;
++		if (IS_DROPBEAR_CLIENT) {
++			strict_name = SSH_STRICT_KEX_S;
++		} else {
++			strict_name = SSH_STRICT_KEX_C;
++		}
++		if (buf_has_algo(ses.payload, strict_name) == DROPBEAR_SUCCESS) {
++			ses.kexstate.strict_kex = 1;
++		}
++	}
++
+ 	algo = buf_match_algo(ses.payload, sshkex, kexguess2, &goodguess);
+ 	allgood &= goodguess;
+ 	if (algo == NULL || algo->data == NULL) {
+diff --git a/kex.h b/kex.h
+index 77cf21a37..7fcc3c252 100644
+--- a/kex.h
++++ b/kex.h
+@@ -83,6 +83,9 @@ struct KEXState {
+ 
+ 	unsigned our_first_follows_matches : 1;
+ 
++	/* Boolean indicating that strict kex mode is in use */
++	unsigned int strict_kex;
++
+ 	time_t lastkextime; /* time of the last kex */
+ 	unsigned int datatrans; /* data transmitted since last kex */
+ 	unsigned int datarecv; /* data received since last kex */
+diff --git a/process-packet.c b/process-packet.c
+index 945416023..133a152d0 100644
+--- a/process-packet.c
++++ b/process-packet.c
+@@ -44,6 +44,7 @@ void process_packet() {
+ 
+ 	unsigned char type;
+ 	unsigned int i;
++	unsigned int first_strict_kex = ses.kexstate.strict_kex && !ses.kexstate.donefirstkex;
+ 	time_t now;
+ 
+ 	TRACE2(("enter process_packet"))
+@@ -54,22 +55,24 @@ void process_packet() {
+ 	now = monotonic_now();
+ 	ses.last_packet_time_keepalive_recv = now;
+ 
+-	/* These packets we can receive at any time */
+-	switch(type) {
+ 
+-		case SSH_MSG_IGNORE:
+-			goto out;
+-		case SSH_MSG_DEBUG:
+-			goto out;
++	if (type == SSH_MSG_DISCONNECT) {
++		/* Allowed at any time */
++		dropbear_close("Disconnect received");
++	}
+ 
+-		case SSH_MSG_UNIMPLEMENTED:
+-			/* debugging XXX */
+-			TRACE(("SSH_MSG_UNIMPLEMENTED"))
+-			goto out;
+-			
+-		case SSH_MSG_DISCONNECT:
+-			/* TODO cleanup? */
+-			dropbear_close("Disconnect received");
++	/* These packets may be received at any time,
++	   except during first kex with strict kex */
++	if (!first_strict_kex) {
++		switch(type) {
++			case SSH_MSG_IGNORE:
++				goto out;
++			case SSH_MSG_DEBUG:
++				goto out;
++			case SSH_MSG_UNIMPLEMENTED:
++				TRACE(("SSH_MSG_UNIMPLEMENTED"))
++				goto out;
++		}
+ 	}
+ 
+ 	/* Ignore these packet types so that keepalives don't interfere with
+@@ -98,7 +101,8 @@ void process_packet() {
+ 			if (type >= 1 && type <= 49
+ 				&& type != SSH_MSG_SERVICE_REQUEST
+ 				&& type != SSH_MSG_SERVICE_ACCEPT
+-				&& type != SSH_MSG_KEXINIT)
++				&& type != SSH_MSG_KEXINIT
++				&& !first_strict_kex)
+ 			{
+ 				TRACE(("unknown allowed packet during kexinit"))
+ 				recv_unimplemented();
+diff --git a/ssh.h b/ssh.h
+index 1b4fec65f..ef3efdca0 100644
+--- a/ssh.h
++++ b/ssh.h
+@@ -100,6 +100,10 @@
+ #define SSH_EXT_INFO_C "ext-info-c"
+ #define SSH_SERVER_SIG_ALGS "server-sig-algs"
+ 
++/* OpenSSH strict KEX feature */
++#define SSH_STRICT_KEX_S "kex-strict-s-v00@openssh.com"
++#define SSH_STRICT_KEX_C "kex-strict-c-v00@openssh.com"
++
+ /* service types */
+ #define SSH_SERVICE_USERAUTH "ssh-userauth"
+ #define SSH_SERVICE_USERAUTH_LEN 12
+diff --git a/svr-session.c b/svr-session.c
+index 769f0731d..a538e2c5c 100644
+--- a/svr-session.c
++++ b/svr-session.c
+@@ -370,6 +370,9 @@ static void svr_algos_initialise(void) {
+ 			algo->usable = 0;
+ 		}
+ #endif
++		if (strcmp(algo->name, SSH_STRICT_KEX_C) == 0) {
++			algo->usable = 0;
++		}
+ 	}
+ }
+ 

package/dropbear/dropbear.mk

@@ -14,6 +14,9 @@ DROPBEAR_PROGRAMS = dropbear $(DROPBEAR_TARGET_BINS)
 DROPBEAR_CPE_ID_VENDOR = dropbear_ssh_project
 DROPBEAR_CPE_ID_PRODUCT = dropbear_ssh
 
+# 0001-Implement-Strict-KEX-mode.patch
+DROPBEAR_IGNORE_CVES += CVE-2023-48795
+
 # Disable hardening flags added by dropbear configure.ac, and let
 # Buildroot add them when the relevant options are enabled. This
 # prevents dropbear from using SSP support when not available.

package/duktape/duktape.mk

@@ -11,6 +11,7 @@ DUKTAPE_SITE = \
 DUKTAPE_LICENSE = MIT
 DUKTAPE_LICENSE_FILES = LICENSE.txt
 DUKTAPE_INSTALL_STAGING = YES
+DUKTAPE_CPE_ID_VENDOR = duktape_project
 
 define DUKTAPE_BUILD_CMDS
 	$(MAKE) $(TARGET_CONFIGURE_OPTS) -C $(@D) -f Makefile.sharedlibrary

package/environment-setup/environment-setup.mk

@@ -8,7 +8,7 @@ ENVIRONMENT_SETUP_FILE = $(HOST_DIR)/environment-setup
 
 define HOST_ENVIRONMENT_SETUP_INSTALL_CMDS
 	cp package/environment-setup/environment-setup $(ENVIRONMENT_SETUP_FILE)
-	for var in $(TARGET_CONFIGURE_OPTS); do \
+	for var in $(filter-out GIT_DIR=%,$(TARGET_CONFIGURE_OPTS)); do \
 		printf "export \"$$var\"\n" >> $(ENVIRONMENT_SETUP_FILE); \
 	done
 	printf "export \"ARCH=$(NORMALIZED_ARCH)\"\n" >> $(ENVIRONMENT_SETUP_FILE)

package/erlang/0001-lib-crypto-c_src-openssl_config.h-fix-build-without-.patch

@@ -0,0 +1,46 @@
+From 8c7d62662cf51902d759be0e8d3bfd96a3524b3c Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Fri, 8 Dec 2023 09:00:17 +0100
+Subject: [PATCH] lib/crypto/c_src/openssl_config.h: fix build without DES
+
+Fix the following build failure without DES raised since version 24.2
+and
+https://github.com/erlang/otp/commit/abf7f84c2f77bb07dbdbb8a29b9d41f1f24c5f14:
+
+cipher.c:51:42: error: 'EVP_des_ede3_cbc' undeclared here (not in a function); did you mean 'SN_des_ede3_cbc'?
+   51 |     {{"des_ede3_cbc"}, "des-ede3-cbc", {&EVP_des_ede3_cbc}, 0, 0},
+      |                                          ^~~~~~~~~~~~~~~~
+      |                                          SN_des_ede3_cbc
+
+Fixes:
+ - http://autobuild.buildroot.org/results/1aace0ee738f8ec4aa2c9a739fc7535c3b6bf884
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Upstream: https://github.com/erlang/otp/pull/7937
+---
+ lib/crypto/c_src/openssl_config.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/crypto/c_src/openssl_config.h b/lib/crypto/c_src/openssl_config.h
+index cb63f28369..f3904986c9 100644
+--- a/lib/crypto/c_src/openssl_config.h
++++ b/lib/crypto/c_src/openssl_config.h
+@@ -218,7 +218,6 @@
+ 
+ #ifndef OPENSSL_NO_DES
+ # define HAVE_DES
+-#endif
+ 
+ #if OPENSSL_VERSION_NUMBER >= PACKED_OPENSSL_VERSION(0,9,7,'e')
+ # define HAVE_DES_ede3_cfb
+@@ -227,6 +226,7 @@
+ #if OPENSSL_VERSION_NUMBER >= PACKED_OPENSSL_VERSION(0,9,7,'e')
+ # define HAVE_DES_ede3_cbc
+ #endif
++#endif
+ 
+ #ifndef OPENSSL_NO_DH
+ # define HAVE_DH
+-- 
+2.42.0
+

package/exim/0006-Fix-regex-n-use-after-free.-Bug-2915.patch

@@ -1,173 +0,0 @@
-From 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2 Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Wed, 31 Aug 2022 15:37:40 +0100
-Subject: [PATCH] Fix $regex<n> use-after-free.  Bug 2915
-
-[Upstream: https://sources.debian.org/data/main/e/exim4/4.96-9/debian/patches/75_08-Fix-regex-n-use-after-free.-Bug-2915.patch]
-[Peter: drop Changelog hunk]
-Signed-off-by: Peter Korsgaard <peter@korsgard.com>
----
- src/exim.c                  |  4 +---
- src/expand.c                |  2 +-
- src/functions.h             |  1 +
- src/globals.c               |  2 +-
- src/regex.c                 | 29 ++++++++++++++++++-----------
- src/smtp_in.c               |  2 ++
- test/confs/4002                 | 10 ++++++++++
- test/mail/4002.userx            |  7 +++++++
- test/scripts/4000-scanning/4002 |  7 +++++++
- 9 files changed, 53 insertions(+), 17 deletions(-)
-
---- a/src/exim.c
-+++ b/src/exim.c
-@@ -1999,12 +1999,10 @@
- 
- regex_whitelisted_macro =
-   regex_must_compile(US"^[A-Za-z0-9_/.-]*$", FALSE, TRUE);
- #endif
- 
--for (i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
--
- /* If the program is called as "mailq" treat it as equivalent to "exim -bp";
- this seems to be a generally accepted convention, since one finds symbolic
- links called "mailq" in standard OS configurations. */
- 
- if ((namelen == 5 && Ustrcmp(argv[0], "mailq") == 0) ||
-@@ -6082,11 +6080,11 @@
-   callout_address = NULL;
-   sending_ip_address = NULL;
-   deliver_localpart_data = deliver_domain_data =
-   recipient_data = sender_data = NULL;
-   acl_var_m = NULL;
--  for(int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
-+  regex_vars_clear();
- 
-   store_reset(reset_point);
-   }
- 
- exim_exit(EXIT_SUCCESS);   /* Never returns */
---- a/src/expand.c
-+++ b/src/expand.c
-@@ -1871,11 +1871,11 @@
-   {
-   tree_node * node = tree_search(router_var, name + 2);
-   return node ? node->data.ptr : strict_acl_vars ? NULL : US"";
-   }
- 
--/* Handle $auth<n> variables. */
-+/* Handle $auth<n>, $regex<n> variables. */
- 
- if (Ustrncmp(name, "auth", 4) == 0)
-   {
-   uschar *endptr;
-   int n = Ustrtoul(name + 4, &endptr, 10);
---- a/src/functions.h
-+++ b/src/functions.h
-@@ -436,10 +436,11 @@
- extern int     regex(const uschar **);
- #endif
- extern BOOL    regex_match(const pcre2_code *, const uschar *, int, uschar **);
- extern BOOL    regex_match_and_setup(const pcre2_code *, const uschar *, int, int);
- extern const pcre2_code *regex_must_compile(const uschar *, BOOL, BOOL);
-+extern void    regex_vars_clear(void);
- extern void    retry_add_item(address_item *, uschar *, int);
- extern BOOL    retry_check_address(const uschar *, host_item *, uschar *, BOOL,
-                  uschar **, uschar **);
- extern retry_config *retry_find_config(const uschar *, const uschar *, int, int);
- extern BOOL    retry_ultimate_address_timeout(uschar *, const uschar *,
---- a/src/globals.c
-+++ b/src/globals.c
-@@ -1313,11 +1313,11 @@
- #ifndef DISABLE_PIPE_CONNECT
- const pcre2_code *regex_EARLY_PIPE   = NULL;
- #endif
- const pcre2_code *regex_ismsgid      = NULL;
- const pcre2_code *regex_smtp_code    = NULL;
--const uschar *regex_vars[REGEX_VARS];
-+const uschar *regex_vars[REGEX_VARS] = { 0 };;
- #ifdef WHITELIST_D_MACROS
- const pcre2_code *regex_whitelisted_macro = NULL;
- #endif
- #ifdef WITH_CONTENT_SCAN
- uschar *regex_match_string     = NULL;
---- a/src/regex.c
-+++ b/src/regex.c
-@@ -94,22 +94,32 @@
-   }
- pcre2_match_data_free(md);
- return FAIL;
- }
- 
-+
-+/* reset expansion variables */
-+void
-+regex_vars_clear(void)
-+{
-+regex_match_string = NULL;
-+for (int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
-+}
-+
-+
-+
- int
--regex(const uschar **listptr)
-+regex(const uschar ** listptr)
- {
- unsigned long mbox_size;
--FILE *mbox_file;
--pcre_list *re_list_head;
--uschar *linebuffer;
-+FILE * mbox_file;
-+pcre_list * re_list_head;
-+uschar * linebuffer;
- long f_pos = 0;
- int ret = FAIL;
- 
--/* reset expansion variable */
--regex_match_string = NULL;
-+regex_vars_clear();
- 
- if (!mime_stream)				/* We are in the DATA ACL */
-   {
-   if (!(mbox_file = spool_mbox(&mbox_size, NULL, NULL)))
-     {						/* error while spooling */
-@@ -167,18 +177,17 @@
- 
- 
- int
- mime_regex(const uschar **listptr)
- {
--pcre_list *re_list_head = NULL;
--FILE *f;
--uschar *mime_subject = NULL;
-+pcre_list * re_list_head = NULL;
-+FILE * f;
-+uschar * mime_subject = NULL;
- int mime_subject_len = 0;
- int ret;
- 
--/* reset expansion variable */
--regex_match_string = NULL;
-+regex_vars_clear();
- 
- /* precompile our regexes */
- if (!(re_list_head = compile(*listptr)))
-   return FAIL;			/* no regexes -> nothing to do */
- 
---- a/src/smtp_in.c
-+++ b/src/smtp_in.c
-@@ -2155,12 +2155,14 @@
- prdr_requested = FALSE;
- #endif
- #ifdef SUPPORT_I18N
- message_smtputf8 = FALSE;
- #endif
-+regex_vars_clear();
- body_linecount = body_zerocount = 0;
- 
-+lookup_value = NULL;				/* Can be set by ACL */
- sender_rate = sender_rate_limit = sender_rate_period = NULL;
- ratelimiters_mail = NULL;           /* Updated by ratelimit ACL condition */
-                    /* Note that ratelimiters_conn persists across resets. */
- 
- /* Reset message ACL variables */

package/exim/0006-OpenSSL-fix-non-DANE-build.patch

@@ -0,0 +1,28 @@
+From 37b849dca4dfd855212a763662825e967a4d77b1 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Tue, 7 Nov 2023 15:02:18 +0000
+Subject: [PATCH] OpenSSL: fix non-DANE build
+
+Upstream: https://git.exim.org/exim.git/commitdiff/37b849dca4dfd855212a763662825e967a4d77b1
+
+Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
+---
+ src/tls-openssl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
+index ef11de593..851ac77c5 100644
+--- a/src/tls-openssl.c
++++ b/src/tls-openssl.c
+@@ -2605,7 +2605,7 @@ if (!(bs = OCSP_response_get1_basic(rsp)))
+     asking for certificate-status under DANE, so this callback won't run for
+     that combination. It still will for non-DANE. */
+ 
+-#ifdef EXIM_HAVE_OPENSSL_OCSP_RESP_GET0_SIGNER
++#if defined(EXIM_HAVE_OPENSSL_OCSP_RESP_GET0_SIGNER) && defined(SUPPORT_DANE)
+     X509 * signer;
+ 
+     if (  tls_out.dane_verified
+-- 
+2.30.2
+

package/exim/0007-Fix-non-WITH_CONTENT_SCAN-build.patch

@@ -1,61 +0,0 @@
-From d8ecc7bf97934a1e2244788c610c958cacd740bd Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Wed, 31 Aug 2022 17:03:37 +0100
-Subject: [PATCH] Fix non-WITH_CONTENT_SCAN build.
-
-Broken-by: 4e9ed49f8f
-
-[Upstream: https://sources.debian.org/data/main/e/exim4/4.96-9/debian/patches/75_09-Fix-non-WITH_CONTENT_SCAN-build.patch]
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
----
- src/exim.c  | 11 +++++++++++
- src/regex.c | 10 ----------
- 2 files changed, 11 insertions(+), 10 deletions(-)
-
---- a/src/exim.c
-+++ b/src/exim.c
-@@ -1677,10 +1677,21 @@
-   if ((s = expand_string(big_buffer))) printf("%s\n", CS s);
-   else printf("Failed: %s\n", expand_string_message);
- }
- 
- 
-+/* reset regex expansion variables */
-+void
-+regex_vars_clear(void)
-+{
-+regex_match_string = NULL;
-+for (int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
-+}
-+
-+
-+
-+
- 
- /*************************************************
- *          Entry point and high-level code       *
- *************************************************/
- 
---- a/src/regex.c
-+++ b/src/regex.c
-@@ -95,20 +95,10 @@
- pcre2_match_data_free(md);
- return FAIL;
- }
- 
- 
--/* reset expansion variables */
--void
--regex_vars_clear(void)
--{
--regex_match_string = NULL;
--for (int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
--}
--
--
--
- int
- regex(const uschar ** listptr)
- {
- unsigned long mbox_size;
- FILE * mbox_file;

package/exim/0008-Fix-non-WITH_CONTENT_SCAN-build-2.patch

@@ -1,139 +0,0 @@
-From 158dff9936e36a2d31d037d3988b9353458d6471 Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Wed, 31 Aug 2022 17:17:59 +0100
-Subject: [PATCH] Fix non-WITH_CONTENT_SCAN build (2)
-
-Broken-by: d8ecc7bf97
-
-[Upstream: https://sources.debian.org/data/main/e/exim4/4.96-9/debian/patches/75_10-Fix-non-WITH_CONTENT_SCAN-build-2.patch]
-[Peter: drop Changelog hunk]
-Signed-off-by: Peter Korsgaard <peter@korsgard.com>
----
- src/exim.c      | 13 +------------
- src/functions.h |  2 +-
- src/globals.h   |  2 +-
- src/regex.c     | 10 ++++++++++
- src/smtp_in.c   |  2 ++
- 5 files changed, 15 insertions(+), 14 deletions(-)
-
---- a/src/exim.c
-+++ b/src/exim.c
-@@ -1677,21 +1677,10 @@
-   if ((s = expand_string(big_buffer))) printf("%s\n", CS s);
-   else printf("Failed: %s\n", expand_string_message);
- }
- 
- 
--/* reset regex expansion variables */
--void
--regex_vars_clear(void)
--{
--regex_match_string = NULL;
--for (int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
--}
--
--
--
--
- 
- /*************************************************
- *          Entry point and high-level code       *
- *************************************************/
- 
-@@ -6085,17 +6074,17 @@
-   deliver_domain_orig = NULL;
-   deliver_host = deliver_host_address = NULL;
-   dnslist_domain = dnslist_matched = NULL;
- #ifdef WITH_CONTENT_SCAN
-   malware_name = NULL;
-+  regex_vars_clear();
- #endif
-   callout_address = NULL;
-   sending_ip_address = NULL;
-   deliver_localpart_data = deliver_domain_data =
-   recipient_data = sender_data = NULL;
-   acl_var_m = NULL;
--  regex_vars_clear();
- 
-   store_reset(reset_point);
-   }
- 
- exim_exit(EXIT_SUCCESS);   /* Never returns */
---- a/src/functions.h
-+++ b/src/functions.h
-@@ -432,15 +432,15 @@
- extern BOOL    receive_msg(BOOL);
- extern int_eximarith_t receive_statvfs(BOOL, int *);
- extern void    receive_swallow_smtp(void);
- #ifdef WITH_CONTENT_SCAN
- extern int     regex(const uschar **);
-+extern void    regex_vars_clear(void);
- #endif
- extern BOOL    regex_match(const pcre2_code *, const uschar *, int, uschar **);
- extern BOOL    regex_match_and_setup(const pcre2_code *, const uschar *, int, int);
- extern const pcre2_code *regex_must_compile(const uschar *, BOOL, BOOL);
--extern void    regex_vars_clear(void);
- extern void    retry_add_item(address_item *, uschar *, int);
- extern BOOL    retry_check_address(const uschar *, host_item *, uschar *, BOOL,
-                  uschar **, uschar **);
- extern retry_config *retry_find_config(const uschar *, const uschar *, int, int);
- extern BOOL    retry_ultimate_address_timeout(uschar *, const uschar *,
---- a/src/globals.h
-+++ b/src/globals.h
-@@ -895,16 +895,16 @@
- #ifndef DISABLE_PIPE_CONNECT
- extern const pcre2_code  *regex_EARLY_PIPE;  /* For recognizing PIPE_CONNCT */
- #endif
- extern const pcre2_code  *regex_ismsgid;     /* Compiled r.e. for message ID */
- extern const pcre2_code  *regex_smtp_code;   /* For recognizing SMTP codes */
--extern const uschar *regex_vars[];           /* $regexN variables */
- #ifdef WHITELIST_D_MACROS
- extern const pcre2_code  *regex_whitelisted_macro; /* For -D macro values */
- #endif
- #ifdef WITH_CONTENT_SCAN
- extern uschar *regex_match_string;     /* regex that matched a line (regex ACL condition) */
-+extern const uschar *regex_vars[];
- #endif
- extern int     remote_delivery_count;  /* Number of remote addresses */
- extern int     remote_max_parallel;    /* Maximum parallel delivery */
- extern uschar *remote_sort_domains;    /* Remote domain sorting order */
- extern retry_config *retries;          /* Chain of retry config information */
---- a/src/regex.c
-+++ b/src/regex.c
-@@ -95,10 +95,20 @@
- pcre2_match_data_free(md);
- return FAIL;
- }
- 
- 
-+/* reset expansion variables */
-+void
-+regex_vars_clear(void)
-+{
-+regex_match_string = NULL;
-+for (int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
-+}
-+
-+
-+
- int
- regex(const uschar ** listptr)
- {
- unsigned long mbox_size;
- FILE * mbox_file;
---- a/src/smtp_in.c
-+++ b/src/smtp_in.c
-@@ -2155,11 +2155,13 @@
- prdr_requested = FALSE;
- #endif
- #ifdef SUPPORT_I18N
- message_smtputf8 = FALSE;
- #endif
-+#ifdef WITH_CONTENT_SCAN
- regex_vars_clear();
-+#endif
- body_linecount = body_zerocount = 0;
- 
- lookup_value = NULL;				/* Can be set by ACL */
- sender_rate = sender_rate_limit = sender_rate_period = NULL;
- ratelimiters_mail = NULL;           /* Updated by ratelimit ACL condition */

package/exim/0009-Fix-non-WITH_CONTENT_SCAN-build-3.patch

@@ -1,49 +0,0 @@
-From 32da6327e434e986a18b75a84f2d8c687ba14619 Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Thu, 1 Sep 2022 15:54:35 +0100
-Subject: [PATCH] Fix non-WITH_CONTENT_SCAN build (3)
-
-Broken-by: d8ecc7bf97
-
-[Upstream: https://sources.debian.org/data/main/e/exim4/4.96-9/debian/patches/75_11-Fix-non-WITH_CONTENT_SCAN-build-3.patch]
-[Peter: drop Changelog hunk]
-Signed-off-by: Peter Korsgaard <peter@korsgard.com>
----
- src/expand.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/expand.c b/src/expand.c
-index 89de56255..831ca2b75 100644
---- a/src/expand.c
-+++ b/src/expand.c
-@@ -1869,6 +1869,7 @@ if (Ustrncmp(name, "auth", 4) == 0)
-   if (!*endptr && n != 0 && n <= AUTH_VARS)
-     return auth_vars[n-1] ? auth_vars[n-1] : US"";
-   }
-+#ifdef WITH_CONTENT_SCAN
- else if (Ustrncmp(name, "regex", 5) == 0)
-   {
-   uschar *endptr;
-@@ -1876,6 +1877,7 @@ else if (Ustrncmp(name, "regex", 5) == 0)
-   if (!*endptr && n != 0 && n <= REGEX_VARS)
-     return regex_vars[n-1] ? regex_vars[n-1] : US"";
-   }
-+#endif
- 
- /* For all other variables, search the table */
- 
-@@ -8715,9 +8717,11 @@ assert_variable_notin() treats as const, so deconst is safe. */
- for (int i = 0; i < AUTH_VARS; i++) if (auth_vars[i])
-   assert_variable_notin(US"auth<n>", US auth_vars[i], &e);
- 
-+#ifdef WITH_CONTENT_SCAN
- /* check regex<n> variables. assert_variable_notin() treats as const. */
- for (int i = 0; i < REGEX_VARS; i++) if (regex_vars[i])
-   assert_variable_notin(US"regex<n>", US regex_vars[i], &e);
-+#endif
- 
- /* check known-name variables */
- for (var_entry * v = var_table; v < var_table + var_table_size; v++)
--- 
-2.35.1
-

package/exim/exim.hash

@@ -1,6 +1,6 @@
 # From https://ftp.exim.org/pub/exim/exim4/00-sha256sums.txt
-sha256  038e327e8d1e93d005bac9bb06fd22aec44d5028930d6dbe8817ad44bbfc1de6  exim-4.96.2.tar.xz
+sha256  bd782057509a793593508528590626d185ea160ce32cb34beda262e99cefdfa9  exim-4.97.1.tar.xz
 # From https://ftp.exim.org/pub/exim/exim4/00-sha512sums.txt
-sha512  dc9f6a114e64ac826489edff88d50a24195b64714428e691c10a7bfb119b3ebb6455bf80cbb34dfd0a4e2e44cbde72effb009357a8e0a6065e512fe32092e3ed  exim-4.96.2.tar.xz
+sha512  eab7ca28b37f1635c48f5e963ab69fcbad539b2c35a84286ecaad7d7ff5210bbefce86452302e08099afdc0710f9cb7ca6d9b152b0ba88a19292f7c5541e0cfc  exim-4.97.1.tar.xz
 # Locally calculated
 sha256  49240db527b7e55b312a46fc59794fde5dd006422e422257f4f057bfd27b3c8f  LICENCE

package/exim/exim.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-EXIM_VERSION = 4.96.2
+EXIM_VERSION = 4.97.1
 EXIM_SOURCE = exim-$(EXIM_VERSION).tar.xz
 EXIM_SITE = https://ftp.exim.org/pub/exim/exim4
 EXIM_LICENSE = GPL-2.0+
@@ -103,6 +103,7 @@ define EXIM_CONFIGURE_TOOLCHAIN
 	$(call exim-config-add,RANLIB,$(TARGET_RANLIB))
 	$(call exim-config-add,HOSTCC,$(HOSTCC))
 	$(call exim-config-add,HOSTCFLAGS,$(HOSTCFLAGS))
+	$(call exim-config-add,EXTRALIBS,$(EXIM_EXTRALIBS))
 	$(EXIM_FIX_IP_OPTIONS_FOR_MUSL)
 endef
 
@@ -126,6 +127,13 @@ ifeq ($(BR2_STATIC_LIBS),y)
 EXIM_STATIC_FLAGS = LFLAGS="-pthread --static"
 endif
 
+ifeq ($(BR2_PACKAGE_LIBEXECINFO),y)
+EXIM_DEPENDENCIES += libexecinfo
+EXIM_EXTRALIBS += -lexecinfo
+else ifeq ($(BR2_TOOLCHAIN_USES_GLIBC),)
+EXIM_CFLAGS = -DNO_EXECINFO
+endif
+
 # We need the host version of macro_predef during the build, before
 # building it we need to prepare the makefile.
 define EXIM_BUILD_CMDS
@@ -136,16 +144,15 @@ define EXIM_BUILD_CMDS
 		CFLAGS="-std=c99 $(HOST_CFLAGS)" \
 		LFLAGS="-fPIC $(HOST_LDFLAGS)"
 	$(TARGET_MAKE_ENV) build=br $(MAKE) -C $(@D) $(EXIM_STATIC_FLAGS) \
-		CFLAGS="-std=c99 $(TARGET_CFLAGS)"
+		CFLAGS="-std=c99 $(TARGET_CFLAGS) $(EXIM_CFLAGS)" exim
 endef
 
 # Need to replicate the LFLAGS in install, as exim still wants to build
 # something when installing...
 define EXIM_INSTALL_TARGET_CMDS
-	DESTDIR=$(TARGET_DIR) INSTALL_ARG="-no_chown -no_symlink" build=br \
-	  $(MAKE) -C $(@D) $(EXIM_STATIC_FLAGS) \
-		CFLAGS="-std=c99 $(TARGET_CFLAGS)" \
-		install
+	cd $(@D)/build-br; \
+		DESTDIR=$(TARGET_DIR) build=br \
+		../scripts/exim_install -no_chown -no_symlink exim
 	chmod u+s $(TARGET_DIR)/usr/sbin/exim
 endef
 

package/expat/expat.hash

@@ -1,7 +1,7 @@
-# From https://sourceforge.net/projects/expat/files/expat/2.5.0/
-md5  ac6677b6d1b95d209ab697ce8b688704  expat-2.5.0.tar.xz
-sha1  5178e13c1e34f4643d5118d5758babfe0e836fe2  expat-2.5.0.tar.xz
+# From https://sourceforge.net/projects/expat/files/expat/2.6.0/
+md5  bd169cb11f4b9bdfddadf9e88a5c4d4b  expat-2.6.0.tar.xz
+sha1  d87e8ab2a3c1deb858c6b22e5ade9d5673086004  expat-2.6.0.tar.xz
 
 # Locally calculated
-sha256  ef2420f0232c087801abf705e89ae65f6257df6b7931d37846a193ef2e8cdcbe  expat-2.5.0.tar.xz
+sha256  cb5f5a8ea211e1cabd59be0a933a52e3c02cc326e86a4d387d8d218e7ee47a3e  expat-2.6.0.tar.xz
 sha256  122f2c27000472a201d337b9b31f7eb2b52d091b02857061a8880371612d9534  COPYING

package/expat/expat.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-EXPAT_VERSION = 2.5.0
+EXPAT_VERSION = 2.6.0
 EXPAT_SITE = http://downloads.sourceforge.net/project/expat/expat/$(EXPAT_VERSION)
 EXPAT_SOURCE = expat-$(EXPAT_VERSION).tar.xz
 EXPAT_INSTALL_STAGING = YES

package/faad2/faad2.hash

@@ -1,3 +1,3 @@
 # Locally computed
-sha256  4c16c71295ca0cbf7c3dfe98eb11d8fa8d0ac3042e41604cfd6cc11a408cf264  faad2-2.10.1.tar.gz
+sha256  72dbc0494de9ee38d240f670eccf2b10ef715fd0508c305532ca3def3225bb06  faad2-2.11.1.tar.gz
 sha256  d3baf3a54943cf12a994c85867a18dec84f810901b2f2878ddfd77efcc3c150f  COPYING

package/faad2/faad2.mk

@@ -4,16 +4,19 @@
 #
 ################################################################################
 
-FAAD2_VERSION = 2.10.1
+FAAD2_VERSION = 2.11.1
 FAAD2_SITE = $(call github,knik0,faad2,$(FAAD2_VERSION))
 FAAD2_LICENSE = GPL-2.0
 FAAD2_LICENSE_FILES = COPYING
 FAAD2_CPE_ID_VENDOR = audiocoding
 FAAD2_CPE_ID_PRODUCT = freeware_advanced_audio_decoder_2
-# frontend/faad calls frexp()
-FAAD2_CONF_ENV = LIBS=-lm
 FAAD2_INSTALL_STAGING = YES
-# From git
-FAAD2_AUTORECONF = YES
 
-$(eval $(autotools-package))
+# faad2 contains assembly routines using ARM instructions not present in thumb1 mode:
+# Error: selected processor does not support `smull r2,r3,r1,r0' in Thumb mode
+# so force ARM mode
+ifeq ($(BR2_ARM_INSTRUCTIONS_THUMB),y)
+FAAD2_CONF_OPTS += -DCMAKE_C_FLAGS="$(TARGET_CFLAGS) -marm"
+endif
+
+$(eval $(cmake-package))

package/falcosecurity-libs/falcosecurity-libs.mk

@@ -8,7 +8,6 @@ FALCOSECURITY_LIBS_VERSION = e5c53d648f3c4694385bbe488e7d47eaa36c229a
 FALCOSECURITY_LIBS_SITE = $(call github,falcosecurity,libs,$(FALCOSECURITY_LIBS_VERSION))
 FALCOSECURITY_LIBS_LICENSE = Apache-2.0 (userspace), MIT or GPL-2.0 (driver)
 FALCOSECURITY_LIBS_LICENSE_FILES = COPYING driver/MIT.txt driver/GPL2.txt
-FALCOSECURITY_LIBS_CPE_ID_VENDOR = falco
 
 FALCOSECURITY_LIBS_DEPENDENCIES = \
 	c-ares \

package/flex/flex.mk

@@ -9,7 +9,7 @@ FLEX_SITE = https://github.com/westes/flex/files/981163
 FLEX_INSTALL_STAGING = YES
 FLEX_LICENSE = FLEX
 FLEX_LICENSE_FILES = COPYING
-FLEX_CPE_ID_VENDOR = flex_project
+FLEX_CPE_ID_VENDOR = westes
 # bug does not cause stack overflows in the generated code and has been
 # noted upstream as a bug in the code generator
 FLEX_IGNORE_CVES = CVE-2019-6293

package/flutter-engine/Config.in

@@ -11,7 +11,6 @@ config BR2_PACKAGE_FLUTTER_ENGINE
 	depends on BR2_PACKAGE_FLUTTER_ENGINE_ARCH_SUPPORTS
 	depends on BR2_TOOLCHAIN_USES_GLIBC
 	depends on BR2_TOOLCHAIN_GCC_AT_LEAST_5
-	depends on BR2_TOOLCHAIN_HAS_THREADS_NPTL # pthreads
 	depends on BR2_INSTALL_LIBSTDCPP
 	depends on !BR2_TOOLCHAIN_HAS_GCC_BUG_64735 # std::shared_future
 	depends on !BR2_STATIC_LIBS
@@ -43,12 +42,11 @@ comment "flutter-engine needs an OpenGL or OpenGLES backend"
 	depends on BR2_PACKAGE_FLUTTER_ENGINE_ARCH_SUPPORTS
 	depends on !BR2_PACKAGE_HAS_LIBGL && !BR2_PACKAGE_HAS_LIBGLES
 
-comment "flutter-engine needs a glibc toolchain w/ wchar, C++, gcc >= 5, dynamic library, host gcc >= 5, NPTL"
+comment "flutter-engine needs a glibc toolchain w/ wchar, C++, gcc >= 5, dynamic library, host gcc >= 5"
 	depends on BR2_PACKAGE_FLUTTER_ENGINE_ARCH_SUPPORTS
-	depends on !BR2_TOOLCHAIN_USES_GLIBC || !BR2_TOOLCHAIN_HAS_THREADS_NPTL \
-		|| !BR2_INSTALL_LIBSTDCPP || !BR2_TOOLCHAIN_GCC_AT_LEAST_5 \
-		|| BR2_STATIC_LIBS || !BR2_USE_WCHAR \
-		|| !BR2_HOST_GCC_AT_LEAST_5
+	depends on !BR2_TOOLCHAIN_USES_GLIBC || !BR2_INSTALL_LIBSTDCPP \
+		|| !BR2_TOOLCHAIN_GCC_AT_LEAST_5 || BR2_STATIC_LIBS \
+		|| !BR2_USE_WCHAR || !BR2_HOST_GCC_AT_LEAST_5
 
 comment "flutter-engine needs a toolchain not affected by GCC bug 64735"
 	depends on BR2_PACKAGE_FLUTTER_ENGINE_ARCH_SUPPORTS

package/flutter-gallery/flutter-gallery.mk

@@ -14,15 +14,26 @@ FLUTTER_GALLERY_DEPENDENCIES = \
 
 FLUTTER_GALLERY_INSTALL_DIR = $(TARGET_DIR)/usr/share/flutter/gallery/$(FLUTTER_ENGINE_RUNTIME_MODE)
 
-define FLUTTER_GALLERY_BUILD_CMDS
+define FLUTTER_GALLERY_CONFIGURE_CMDS
 	cd $(@D) && \
 		FLUTTER_RUNTIME_MODES=$(FLUTTER_ENGINE_RUNTIME_MODE) \
 		$(HOST_FLUTTER_SDK_BIN_FLUTTER) clean && \
-		$(HOST_FLUTTER_SDK_BIN_FLUTTER) packages get && \
-		$(HOST_FLUTTER_SDK_BIN_FLUTTER) build bundle && \
-		$(HOST_FLUTTER_SDK_BIN_DART_BIN) package:gallery/main.dart && \
+		$(HOST_FLUTTER_SDK_BIN_FLUTTER) pub get && \
+		$(HOST_FLUTTER_SDK_BIN_FLUTTER) build bundle
+endef
+
+define FLUTTER_GALLERY_BUILD_CMDS
+	cd $(@D) && \
+		FLUTTER_RUNTIME_MODES=$(FLUTTER_ENGINE_RUNTIME_MODE) \
+		$(HOST_FLUTTER_SDK_BIN_DART_BIN) \
+			-Dflutter.dart_plugin_registrant=file://$(@D)/.dart_tool/flutter_build/dart_plugin_registrant.dart \
+			--source file://$(@D)/.dart_tool/flutter_build/dart_plugin_registrant.dart \
+			--source package:flutter/src/dart_plugin_registrant.dart \
+			--native-assets $(@D)/.dart_tool/flutter_build/*/native_assets.yaml \
+			package:gallery/main.dart && \
 		$(HOST_FLUTTER_SDK_BIN_ENV) $(FLUTTER_ENGINE_GEN_SNAPSHOT) \
 			--deterministic \
+			--obfuscate \
 			--snapshot_kind=app-aot-elf \
 			--elf=libapp.so \
 			.dart_tool/flutter_build/*/app.dill
@@ -35,10 +46,12 @@ define FLUTTER_GALLERY_INSTALL_TARGET_CMDS
 	$(INSTALL) -D -m 0755 $(@D)/libapp.so \
 		$(FLUTTER_GALLERY_INSTALL_DIR)/lib/libapp.so
 
-	ln -sf ../../../$(FLUTTER_ENGINE_RUNTIME_MODE)/data/icudtl.dat \
+	ln -sf /usr/share/flutter/$(FLUTTER_ENGINE_RUNTIME_MODE)/data/icudtl.dat \
 	$(FLUTTER_GALLERY_INSTALL_DIR)/data/
 
-	ln -sf ../../../../../lib/libflutter_engine.so $(FLUTTER_GALLERY_INSTALL_DIR)/lib/
+	ln -sf /usr/lib/libflutter_engine.so $(FLUTTER_GALLERY_INSTALL_DIR)/lib/
+	$(RM) $(FLUTTER_GALLERY_INSTALL_DIR)/data/flutter_assets/kernel_blob.bin
+	touch $(FLUTTER_GALLERY_INSTALL_DIR)/data/flutter_assets/kernel_blob.bin
 endef
 
 $(eval $(generic-package))

package/flutter-pi/Config.in

@@ -25,7 +25,6 @@ comment "plugins"
 
 config BR2_PACKAGE_FLUTTER_PI_GSTREAMER_AUDIO_PLAYER_PLUGIN
 	bool "gstreamer audio player"
-	depends on BR2_PACKAGE_HAS_LIBGLES
 	select BR2_PACKAGE_GSTREAMER1
 	select BR2_PACKAGE_GST1_PLUGINS_BASE
 	select BR2_PACKAGE_GST1_PLUGINS_BASE_PLUGIN_ALSA
@@ -33,9 +32,8 @@ config BR2_PACKAGE_FLUTTER_PI_GSTREAMER_AUDIO_PLAYER_PLUGIN
 	select BR2_PACKAGE_GST1_PLUGINS_BASE_PLUGIN_AUDIORESAMPLE
 	select BR2_PACKAGE_GST1_PLUGINS_BASE_PLUGIN_VOLUME
 	help
-	  Include the gstreamer based video plugins in the finished
-	  binary. Allows for more stable, hardware accelerated
-	  video playback in flutter using gstreamer.
+	  Include the gstreamer based audio plugins in the finished
+	  binary.
 
 config BR2_PACKAGE_FLUTTER_PI_GSTREAMER_VIDEO_PLAYER_PLUGIN
 	bool "gstreamer video player"

package/flutter-sdk-bin/flutter-sdk-bin.mk

@@ -41,11 +41,8 @@ define HOST_FLUTTER_SDK_BIN_CONFIGURE_CMDS
 	$(HOST_FLUTTER_SDK_BIN_ENV) $(@D)/bin/dart --disable-analytics
 endef
 
-# Remove the cache, as we will run precache after setting up flutter and dart
-# with the new config options.
 define HOST_FLUTTER_SDK_BIN_BUILD_CMDS
 	mkdir -p $(HOST_FLUTTER_SDK_BIN_SDK)
-	rm -rf $(HOST_FLUTTER_SDK_BIN_SDK)/.pub-cache
 	cd $(@D) && \
 		$(HOST_FLUTTER_SDK_BIN_ENV) $(@D)/bin/flutter precache;
 endef
@@ -96,4 +93,4 @@ HOST_FLUTTER_SDK_BIN_DART_BIN = \
 $(eval $(host-generic-package))
 
 # For target packages to locate said pub-cache
-FLUTTER_SDK_BIN_PUB_CACHE = $(HOST_FLUTTER_SDK_BIN_SDK)/.pub-cache
+FLUTTER_SDK_BIN_PUB_CACHE = $(DL_DIR)/br-flutter-pub-cache

package/freeradius-server/0009-src-modules-rlm_python-fix-build-with-Ofast.patch

@@ -0,0 +1,49 @@
+From 963edf3f87d34e274885d9cc448651d8a1601a6f Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Thu, 11 Jan 2024 17:38:41 +0100
+Subject: [PATCH] src/modules/rlm_python: fix build with -Ofast
+
+Stripping logic wrongly translates -Ofast into ast resulting in the
+following build failure:
+
+configure: /home/fabrice/buildroot/output/host/powerpc64-buildroot-linux-gnu/sysroot/usr/bin/python3-config's cflags were "-I/home/fabrice/buildroot/output/host/powerpc64-buildroot-linux-gnu/sysroot/usr/include/python3.11 -I/home/fabrice/buildroot/output/host/powerpc64-buildroot-linux-gnu/sysroot/usr/include/python3.11  -Wsign-compare -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64  -Ofast -g0 -D_FORTIFY_SOURCE=2 -DNDEBUG -g -fwrapv -O3 -Wall"
+configure: Sanitized cflags were " -isystem/home/fabrice/buildroot/output/host/powerpc64-buildroot-linux-gnu/sysroot/usr/include/python3.11 -isystem/home/fabrice/buildroot/output/host/powerpc64-buildroot-linux-gnu/sysroot/usr/include/python3.11   -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64  ast  -D_FORTIFY_SOURCE=2 -fwrapv  "
+
+[...]
+
+powerpc64-buildroot-linux-gnu-gcc.br_real: error: ast: linker input file not found: No such file or directory
+
+Fixes:
+ - http://autobuild.buildroot.org/results/904c43241b99a8d848c1891cb5af132a291311b4
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Upstream: https://github.com/FreeRADIUS/freeradius-server/pull/5263
+---
+ src/modules/rlm_python/configure.ac | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/modules/rlm_python3/configure.ac b/src/modules/rlm_python3/configure.ac
+index e2f74574fb..ee30b324d9 100644
+--- a/src/modules/rlm_python3/configure.ac
++++ b/src/modules/rlm_python3/configure.ac
+@@ -59,7 +59,7 @@ else
+ 
+ 	dnl # Convert -I to -isystem to get rid of warnings about issues in Python headers
+ 	dnl # Strip -systemroot
+-	dnl # Strip optimisation flags (-O[0-9]?). We decide our optimisation level, not python.
++	dnl # Strip optimisation flags (-O[0-9|fast]?). We decide our optimisation level, not python.
+ 	dnl # -D_FORTIFY_SOURCE needs -O.
+ 	dnl # Strip debug symbol flags (-g[0-9]?). We decide on debugging symbols, not python
+ 	dnl # Strip -W*, we decide what warnings are important
+@@ -73,7 +73,7 @@ else
+ 	mod_cflags=`echo " $python_cflags" | sed -e '\
+ 		s/ -I/ -isystem/g;\
+ 		s/ -isysroot[[ =]]\{0,1\}[[^-]]*/ /g;\
+-		s/ -O[[^[[:blank:]]]]*/ /g;\
++		s/ -O[[^[[:blank:]]*]]*/ /g;\
+ 		s/ -Wp,-D_FORTIFY_SOURCE=[[[:digit:]]]/ /g;\
+ 		s/ -g[[^ ]]*/ /g;\
+ 		s/ -W[[^ ]]*/ /g;\
+-- 
+2.43.0
+

package/freeradius-server/freeradius-server.mk

@@ -21,6 +21,12 @@ define FREERADIUS_SERVER_RUN_KRB5_AUTORECONF
 endef
 FREERADIUS_SERVER_PRE_CONFIGURE_HOOKS += FREERADIUS_SERVER_RUN_KRB5_AUTORECONF
 
+# We're patching src/modules/rlm_python3/configure.ac
+define FREERADIUS_SERVER_RUN_PYTHON3_AUTORECONF
+	cd $(@D)/src/modules/rlm_python3; $(AUTORECONF) -I$(@D)/m4
+endef
+FREERADIUS_SERVER_PRE_CONFIGURE_HOOKS += FREERADIUS_SERVER_RUN_PYTHON3_AUTORECONF
+
 # some compiler checks are not supported while cross compiling.
 # instead of removing those checks, we cache the answers
 FREERADIUS_SERVER_CONF_OPTS += \

package/freerdp/0001-Fix-variable-declaration-in-loop.patch

@@ -3,8 +3,7 @@ From: Armin Novak <armin.novak@thincast.com>
 Date: Wed, 16 Sep 2020 09:30:37 +0200
 Subject: [PATCH] Fix variable declaration in loop
 
-[Retrieved from:
-https://github.com/FreeRDP/FreeRDP/commit/ddde652460350b962d32036981ff8ed77ed2f1ed]
+Upstream: https://github.com/FreeRDP/FreeRDP/commit/ddde652460350b962d32036981ff8ed77ed2f1ed
 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 ---
  client/X11/xf_graphics.c | 3 ++-

package/freerdp/0002-Fixed-variable-declaration-in-loop.patch

@@ -3,8 +3,7 @@ From: akallabeth <akallabeth@posteo.net>
 Date: Tue, 22 Sep 2020 07:43:56 +0200
 Subject: [PATCH] Fixed variable declaration in loop
 
-[Retrieved from:
-https://github.com/FreeRDP/FreeRDP/commit/4f8a48d96e472e43a5f856c449f61669792ce9fa]
+Upstream: https://github.com/FreeRDP/FreeRDP/commit/4f8a48d96e472e43a5f856c449f61669792ce9fa
 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 ---
  client/X11/xf_graphics.c | 4 ++--

package/freerdp/0003-winpr-include-winpr-file.h-fix-build-on-uclibc.patch

@@ -16,7 +16,7 @@ Fixes:
  - http://autobuild.buildroot.org/results/31e770a330158035e24b7b952bec0030138482b7
 
 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-[Upstream status: https://github.com/FreeRDP/FreeRDP/pull/7205]
+Upstream: https://github.com/FreeRDP/FreeRDP/commit/0976cce458f2281cef6e8c417daf4bbd22bcc087
 ---
  winpr/include/winpr/file.h | 2 ++
  1 file changed, 2 insertions(+)

package/freerdp/freerdp.hash

@@ -1,5 +1,5 @@
-# From https://pub.freerdp.com/releases/freerdp-2.11.0.tar.gz.sha256
-sha256  8d08e638df21e67c3761462b4efb9e596576f58bd6886f902e6021cdd17d396e  freerdp-2.11.0.tar.gz
+# From https://pub.freerdp.com/releases/freerdp-2.11.5.tar.gz.sha256
+sha256  70785ad9934d75aed1734f8918a05aff95788e58e53081e84651106b24303dc2  freerdp-2.11.5.tar.gz
 
 # Locally calculated
 sha256  cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30  LICENSE

package/freerdp/freerdp.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-FREERDP_VERSION = 2.11.0
+FREERDP_VERSION = 2.11.5
 FREERDP_SITE = https://pub.freerdp.com/releases
 FREERDP_DEPENDENCIES = libglib2 openssl zlib
 FREERDP_LICENSE = Apache-2.0

package/freeswitch/freeswitch.hash

@@ -1,5 +1,5 @@
-# From https://files.freeswitch.org/freeswitch-releases/freeswitch-1.10.10.-release.tar.xz.sha256
-sha256  d2c702c7f4bd6eca539c3981cf859ad5c1846d9283829e24cd75686f2322b9df  freeswitch-1.10.10.-release.tar.xz
+# From https://files.freeswitch.org/freeswitch-releases/freeswitch-1.10.11.-release.tar.xz.sha256
+sha256  7f9603a691220d9f47da42f3b19290b629b69dceb2eee56448f0a7cefcf9d1a1  freeswitch-1.10.11.-release.tar.xz
 # Locally computed
 sha256  75c933202f40939cdc3827fce20a1efdaa38291e2b5a65d234eb16e2cffda66a  COPYING
 sha256  c3e3388768dae8bf4edcc4108f95be815b8a05c0b0aef6e4c3d8df81affdfa34  docs/OPENH264_BINARY_LICENSE.txt

package/freeswitch/freeswitch.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-FREESWITCH_VERSION = 1.10.10
+FREESWITCH_VERSION = 1.10.11
 FREESWITCH_SOURCE = freeswitch-$(FREESWITCH_VERSION).-release.tar.xz
 FREESWITCH_SITE = https://files.freeswitch.org/freeswitch-releases
 # External modules need headers/libs from staging

package/frr/Config.in

@@ -7,7 +7,6 @@ config BR2_PACKAGE_FRR
 	select BR2_PACKAGE_BASH
 	select BR2_PACKAGE_BUSYBOX_SHOW_OTHERS # bash
 	select BR2_PACKAGE_LIBYANG
-	select BR2_PACKAGE_LIBNL
 	select BR2_PACKAGE_READLINE
 	select BR2_PACKAGE_JSON_C
 	help

package/frr/frr.hash

@@ -1,3 +1,3 @@
 # Locally calculated
-sha256  8a6b0e0fa1e89493ba84cf176674e55c7a814821fd02a7188095b76c37c3935f  frr-8.4.2.tar.gz
+sha256  7ae9d8bafc65bb5d0f21061ac61dbc6cf93b2b05a5dae9e5eec72ed42388551e  frr-8.5.4.tar.gz
 sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING

package/frr/frr.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-FRR_VERSION = 8.4.2
+FRR_VERSION = 8.5.4
 FRR_SITE = $(call github,FRRouting,frr,frr-$(FRR_VERSION))
 FRR_LICENSE = GPL-2.0
 FRR_LICENSE_FILES = COPYING
@@ -12,7 +12,7 @@ FRR_CPE_ID_VENDOR = linuxfoundation
 FRR_CPE_ID_PRODUCT = free_range_routing
 FRR_AUTORECONF = YES
 
-FRR_DEPENDENCIES = host-frr readline json-c libyang libnl \
+FRR_DEPENDENCIES = host-frr readline json-c libyang \
 	$(if $(BR2_PACKAGE_C_ARES),c-ares)
 
 HOST_FRR_DEPENDENCIES = host-flex host-bison host-elfutils host-python3

package/gcc/gcc.mk

@@ -98,23 +98,24 @@ HOST_GCC_COMMON_CONF_ENV = \
 HOST_GCC_COMMON_MAKE_OPTS = \
 	gcc_cv_prog_makeinfo_modern=no
 
-GCC_COMMON_TARGET_CFLAGS = $(TARGET_CFLAGS)
-GCC_COMMON_TARGET_CXXFLAGS = $(TARGET_CXXFLAGS)
+# Target binaries and libraries which are being built as a part of GCC
+# don't use Buildroot toolchain wrapper because, instead its very own "xgcc"
+# binary is used. And so we need to explicitly propagate ALL the flags
+# directly to "xgcc" and that is done via configure-time environment
+# variables, see below setup of HOST_GCC_COMMON_CONF_ENV.
+GCC_COMMON_TARGET_CFLAGS = $(TARGET_CFLAGS) $(ARCH_TOOLCHAIN_WRAPPER_OPTS)
+GCC_COMMON_TARGET_CXXFLAGS = $(TARGET_CXXFLAGS) $(ARCH_TOOLCHAIN_WRAPPER_OPTS)
+GCC_COMMON_TARGET_LDFLAGS = $(TARGET_LDFLAGS) $(ARCH_TOOLCHAIN_WRAPPER_OPTS)
 
 # used to fix ../../../../libsanitizer/libbacktrace/../../libbacktrace/elf.c:772:21: error: 'st.st_mode' may be used uninitialized in this function [-Werror=maybe-uninitialized]
 ifeq ($(BR2_ENABLE_DEBUG),y)
 GCC_COMMON_TARGET_CFLAGS += -Wno-error
 endif
 
-# Make sure libgcc & libstdc++ always get built with -matomic on ARC700
-ifeq ($(GCC_TARGET_CPU):$(BR2_ARC_ATOMIC_EXT),arc700:y)
-GCC_COMMON_TARGET_CFLAGS += -matomic
-GCC_COMMON_TARGET_CXXFLAGS += -matomic
-endif
-
 # Propagate options used for target software building to GCC target libs
 HOST_GCC_COMMON_CONF_ENV += CFLAGS_FOR_TARGET="$(GCC_COMMON_TARGET_CFLAGS)"
 HOST_GCC_COMMON_CONF_ENV += CXXFLAGS_FOR_TARGET="$(GCC_COMMON_TARGET_CXXFLAGS)"
+HOST_GCC_COMMON_CONF_ENV += LDFLAGS_FOR_TARGET="$(GCC_COMMON_TARGET_LDFLAGS)"
 HOST_GCC_COMMON_CONF_ENV += AR_FOR_TARGET=gcc-ar NM_FOR_TARGET=gcc-nm RANLIB_FOR_TARGET=gcc-ranlib
 
 # libitm needs sparc V9+

package/gdal/Config.in

@@ -1,18 +1,20 @@
 config BR2_PACKAGE_GDAL
 	bool "gdal"
 	depends on BR2_TOOLCHAIN_HAS_SYNC_4 # json-c
-	depends on BR2_INSTALL_LIBSTDCPP # proj
+	depends on BR2_INSTALL_LIBSTDCPP # proj, qhull
 	# configure can't find proj, when linking statically
 	depends on !BR2_STATIC_LIBS
 	depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_7 # C++11, proj
 	depends on !BR2_TOOLCHAIN_HAS_BINUTILS_BUG_27597
 	depends on BR2_TOOLCHAIN_HAS_THREADS # proj
 	depends on BR2_USE_WCHAR # proj
+	select BR2_PACKAGE_GIFLIB
 	select BR2_PACKAGE_JPEG
 	select BR2_PACKAGE_JSON_C
 	select BR2_PACKAGE_LIBGEOTIFF
 	select BR2_PACKAGE_LIBPNG
 	select BR2_PACKAGE_PROJ
+	select BR2_PACKAGE_QHULL
 	select BR2_PACKAGE_ZLIB
 	help
 	  GDAL is a translator library for raster and vector geospatial