Update for 2024.11.2

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

CHANGES

@@ -1,3 +1,59 @@
+2024.11.2, released February 21st, 2025
+
+	Important / security related fixes.
+
+	Infrastructure: support/script/genimage.sh: exit on errors
+
+	Defconfigs: ti_am62ax_sk: Include PMIC driver to fix boot
+	issue
+
+	Updated/fixed packages: acpica, apache, assimp, asterisk,
+	bind, busybox, clamav, curlpp, dillo, elfutils, fakeroot,
+	ffmpeg, freetype, git, glibc, gnu-efi, gnutls, go, gpsd,
+	heimdal, imagemagick, intel-microcode, kodi, libbsd, libcurl,
+	libopenssl, libtasn1, libxml2, mdnsd, mpg123, musl, nettle,
+	nginx, nodejs, openjpeg, openssh, openvpn, php, pipewire,
+	postgresql, python-django, python3, redis, rsync, socat,
+	swipl, syslinux, tor, tzdata, uclibc, uemacs, unbound,
+	usbutils, util-linux, webkitgtk, xen, zic, zlog, zstd,
+	zxing-cpp
+
+	Issues resolved:
+	- samba4 build failed in master
+	  https://gitlab.com/buildroot.org/buildroot/-/issues/86
+
+2024.11.1, released January 9th, 2025
+
+	Important / security related fixes.
+
+        Infrastructure:
+
+        - Ensure CONFIG_TRIM_UNUSED_KSYMS is disabled when building
+          external Linux kernel modules
+
+	Updated/fixed packages: apr, bc, bluez5_utils, c-icap,
+	cryptodev-linux, dahdi-linux, dpdk, freeipmi, gdb, gnupg2,
+	gnuplot, gnutls, go, gobject-introspection, grub2, gst-omx,
+	gst1-devtools, gst1-libav, gst1-plugins-bad,
+	gst1-plugins-base, gst1-plugins-good, gst1-plugins-ugly,
+	gst1-python, gst1-rtsp-server, gst1-vaapi, gstreamer1,
+	gstreamer1-editing-services, igt-gpu-tools, iperf3, libcurl,
+	libsha1, libsndfile, libsoup3, libvirt, libxcrypt, libxml2,
+	libzenoh-pico, linux, linux-pam, netatalk, nettle, octave,
+	opensc, perl, php, pixman, polkit, procps-ng,
+	python-autocommand, python-django, python3, quickjs, samba4,
+	skeleton, subversion, ti-k3-r5-loader, tzdata, v4l2loopback,
+	wayland, webkitgtk, weston, wget, wireshark, wpewebkit,
+	xr819-xradio, xxhash, zfs, zic
+
+	Issues resolved:
+	- bluetooth.service cannot connect to D-BUS
+	  https://gitlab.com/buildroot.org/buildroot/-/issues/65
+        - gdb package doesn't have a licence hash in the gdb.hash file
+          https://gitlab.com/buildroot.org/buildroot/-/issues/66
+	- package/libsha1: Build failure with GCC 14 [-Wimplicit-int]
+	  https://gitlab.com/buildroot.org/buildroot/-/issues/69
+
 2024.11, released December 8th, 2024
 
 	Various fixes.

Config.in

@@ -6,6 +6,15 @@ config BR2_HAVE_DOT_CONFIG
 	bool
 	default y
 
+# Hidden symbol kept to false, to temporarily mark a configuration
+# known to be broken (by depending on it). Ideally, we don't want to
+# keep broken parts for too long. The intended use of this symbol is
+# to give some time to a developer to fix the feature. Features marked
+# as broken will be removed if they are not fixed in a reasonable
+# amount of time.
+config BR2_BROKEN
+	bool
+
 config BR2_VERSION
 	string
 	option env="BR2_VERSION_FULL"
@@ -285,7 +294,7 @@ config BR2_KERNEL_MIRROR
 
 config BR2_GNU_MIRROR
 	string "GNU Software mirror"
-	default "http://ftpmirror.gnu.org"
+	default "https://ftpmirror.gnu.org"
 	help
 	  GNU has multiple software mirrors scattered around the
 	  world. The following allows you to select your preferred

DEVELOPERS

@@ -304,7 +304,6 @@ F:	package/git/
 N:	Bartosz Bilas <b.bilas@grinn-global.com>
 F:	board/stmicroelectronics/stm32mp157a-dk1/
 F:	configs/stm32mp157a_dk1_defconfig
-F:	package/cegui/
 F:	package/log4qt/
 F:	package/python-esptool/
 F:	package/python-pyaes/
@@ -590,9 +589,6 @@ F:	package/alsa-plugins/
 N:	Changming Huang <jerry.huang@nxp.com>
 F:	package/qoriq-cadence-dp-firmware/
 
-N:	Chris Dimich <chris.dimich@boundarydevices.com>
-F:	package/freescale-imx/imx-vpu-hantro-daemon/
-
 N:	Chris Packham <judge.packham@gmail.com>
 F:	package/coremark/
 F:	package/coremark-pro/
@@ -1196,6 +1192,10 @@ N:	Frank Vanbever <frank.vanbever@mind.be>
 F:	package/libmodsecurity/
 F:	package/nginx-modsecurity/
 
+N:	Gaël PORTAY <gael.portay+rtone@gmail.com>
+F:	board/raspberrypi/
+F:	configs/raspberrypi*
+
 N:	Gao Xiang <hsiangkao@aol.com>
 F:	package/erofs-utils/
 
@@ -1203,6 +1203,7 @@ N:	Gary Bisson <bisson.gary@gmail.com>
 F:	board/boundarydevices/
 F:	configs/nitrogen*
 F:	package/freescale-imx/
+F:	package/freescale-imx/imx-vpu-hantro-daemon/
 F:	package/gstreamer1/gst1-imx/
 F:	package/libimxvpuapi/
 F:	package/mfgtools/
@@ -1868,6 +1869,7 @@ F:	support/testing/tests/package/test_dmidecode.py
 F:	support/testing/tests/package/test_dos2unix.py
 F:	support/testing/tests/package/test_dosfstools.py
 F:	support/testing/tests/package/test_dosfstools/
+F:	support/testing/tests/package/test_dpdk.py
 F:	support/testing/tests/package/test_ed.py
 F:	support/testing/tests/package/test_ethtool.py
 F:	support/testing/tests/package/test_ethtool/
@@ -1913,6 +1915,7 @@ F:	support/testing/tests/package/test_lame.py
 F:	support/testing/tests/package/test_less.py
 F:	support/testing/tests/package/test_libcamera.py
 F:	support/testing/tests/package/test_libcamera/
+F:	support/testing/tests/package/test_libcurl.py
 F:	support/testing/tests/package/test_libgpgme.py
 F:	support/testing/tests/package/test_libjxl.py
 F:	support/testing/tests/package/test_links.py
@@ -1954,6 +1957,8 @@ F:	support/testing/tests/package/test_ola.py
 F:	support/testing/tests/package/test_ola/
 F:	support/testing/tests/package/test_openblas.py
 F:	support/testing/tests/package/test_parted.py
+F:	support/testing/tests/package/test_patch.py
+F:	support/testing/tests/package/test_patch/
 F:	support/testing/tests/package/test_pciutils.py
 F:	support/testing/tests/package/test_perftest.py
 F:	support/testing/tests/package/test_pigz.py
@@ -2001,10 +2006,13 @@ F:	support/testing/tests/package/test_usbutils/
 F:	support/testing/tests/package/test_vorbis_tools.py
 F:	support/testing/tests/package/test_weston.py
 F:	support/testing/tests/package/test_weston/
+F:	support/testing/tests/package/test_wget.py
 F:	support/testing/tests/package/test_which.py
 F:	support/testing/tests/package/test_wine.py
 F:	support/testing/tests/package/test_xfsprogs.py
 F:	support/testing/tests/package/test_xfsprogs/
+F:	support/testing/tests/package/test_xvisor.py
+F:	support/testing/tests/package/test_xxhash.py
 F:	support/testing/tests/package/test_xz.py
 F:	support/testing/tests/package/test_z3.py
 F:	support/testing/tests/package/test_z3/
@@ -3211,7 +3219,6 @@ F:	support/testing/tests/package/test_python_flask_expects_json.py
 F:	support/testing/tests/package/test_python_git.py
 F:	support/testing/tests/package/test_python_unittest_xml_reporting.py
 F:	support/testing/tests/toolchain/test_external_arm.py
-F:	support/testing/tests/toolchain/test_external_synopsys.py
 F:	toolchain/
 
 N:	Timo Ketola <timo.ketola@exertus.fi>
@@ -3292,6 +3299,8 @@ F:	package/pixz/
 F:	package/zerofree/
 F:	support/testing/tests/package/test_msr_tools*
 F:	support/testing/tests/package/test_pixz.py
+F:	support/testing/tests/package/test_xen.py
+F:	support/testing/tests/package/test_xen/
 F:	support/testing/tests/package/test_zerofree.py
 
 N:	Vinicius Tinti <viniciustinti@gmail.com>

Makefile

@@ -92,9 +92,9 @@ all:
 .PHONY: all
 
 # Set and export the version string
-export BR2_VERSION := 2024.11
+export BR2_VERSION := 2024.11.2
 # Actual time the release is cut (for reproducible builds)
-BR2_VERSION_EPOCH = 1733653000
+BR2_VERSION_EPOCH = 1740148000
 
 # Save running make version since it's clobbered by the make package
 RUNNING_MAKE_VERSION := $(MAKE_VERSION)

board/ti/am62ax-sk/linux.config

@@ -0,0 +1,3 @@
+CONFIG_MFD_TPS6594=y
+CONFIG_MFD_TPS6594_I2C=y
+CONFIG_REGULATOR_TPS6594=y

boot/grub2/grub2.mk

@@ -5,7 +5,7 @@
 ################################################################################
 
 GRUB2_VERSION = 2.12
-GRUB2_SITE = http://ftp.gnu.org/gnu/grub
+GRUB2_SITE = $(BR2_GNU_MIRROR)/grub
 GRUB2_SOURCE = grub-$(GRUB2_VERSION).tar.xz
 GRUB2_LICENSE = GPL-3.0+
 GRUB2_LICENSE_FILES = COPYING

boot/syslinux/0021-load_linux-correct-a-type.patch

@@ -0,0 +1,34 @@
+From 7f1b68d561dfe615d5cd73d2f4561ac032832802 Mon Sep 17 00:00:00 2001
+From: Scot Doyle <lkml14@scotdoyle.com>
+Date: Sat, 7 Feb 2015 13:52:05 -0500
+Subject: [PATCH] load_linux: correct a type
+
+Correct base's type to match its initialization from prot_mode_base and
+passage to syslinux_memmap_find(). Tested with extlinux.
+
+Signed-off-by: Scot Doyle <lkml14@scotdoyle.com>
+Signed-off-by: Gene Cumm <gene.cumm@gmail.com>
+Upstream: https://github.com/geneC/syslinux/commit/83aad4f69065509ba5b1c080edccfed316a4cff0
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+---
+ com32/lib/syslinux/load_linux.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/com32/lib/syslinux/load_linux.c b/com32/lib/syslinux/load_linux.c
+index 06ae2a97..ac737293 100644
+--- a/com32/lib/syslinux/load_linux.c
++++ b/com32/lib/syslinux/load_linux.c
+@@ -155,8 +155,8 @@ int bios_boot_linux(void *kernel_buf, size_t kernel_size,
+ 		    char *cmdline)
+ {
+     struct linux_header hdr, *whdr;
+-    size_t real_mode_size, prot_mode_size, base;
+-    addr_t real_mode_base, prot_mode_base, prot_mode_max;
++    size_t real_mode_size, prot_mode_size;
++    addr_t real_mode_base, prot_mode_base, prot_mode_max, base;
+     addr_t irf_size;
+     size_t cmdline_size, cmdline_offset;
+     struct setup_data *sdp;
+-- 
+2.47.1
+

boot/syslinux/0022-com32-modules-pxechn.c-use-proper-type-in-struct-dat.patch

@@ -0,0 +1,46 @@
+From b9514337ecfc0efaa04a926713188d87a88bb59e Mon Sep 17 00:00:00 2001
+From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+Date: Sat, 18 Jan 2025 16:03:34 +0100
+Subject: [PATCH] com32/modules/pxechn.c: use proper type in struct data_area
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Use a size_t for the size field, so that we meet the expectations of
+the loadfile() function.
+
+Fixes a build issue with GCC >= 14:
+
+com32/modules/pxechn.c:985:38: error: passing argument 3 of ‘loadfile’ from incompatible pointer type [-Wincompatible-pointer-types]
+  985 |     if (loadfile(pxe.fn, &file.data, &file.size)) {
+      |                                      ^~~~~~~~~~
+      |                                      |
+      |                                      addr_t * {aka unsigned int *}
+
+In file included from com32/modules/pxechn.c:33:
+com32/include/syslinux/loadfile.h:11:37: note: expected ‘size_t *’ {aka ‘long unsigned int *’} but argument is of type ‘addr_t *’ {aka ‘unsigned int *’}
+   11 | int loadfile(const char *, void **, size_t *);
+      |                                     ^~~~~~~~
+
+Upstream: N/A, dead
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+---
+ com32/modules/pxechn.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/com32/modules/pxechn.c b/com32/modules/pxechn.c
+index e4e21e88..15f008a3 100644
+--- a/com32/modules/pxechn.c
++++ b/com32/modules/pxechn.c
+@@ -130,7 +130,7 @@ struct pxelinux_opt {
+ struct data_area {
+     void *data;
+     addr_t base;
+-    addr_t size;
++    size_t size;
+ };
+ 
+ /* From chain.c */
+-- 
+2.47.1
+

boot/syslinux/0023-com32-chain-chain.h-use-proper-type-in-struct-data_a.patch

@@ -0,0 +1,42 @@
+From 57dddf8d6d1c48aa78b9cdfb2b474aa89c3ae7c7 Mon Sep 17 00:00:00 2001
+From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+Date: Sat, 18 Jan 2025 16:11:36 +0100
+Subject: [PATCH] com32/chain/chain.h: use proper type in struct data_area
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fixes build issue with GCC >= 14:
+
+com32/chain/chain.c:517:44: error: passing argument 3 of ‘loadfile’ from incompatible pointer type [-Wincompatible-pointer-types]
+  517 |         if (loadfile(opt.file, &fdat.data, &fdat.size)) {
+      |                                            ^~~~~~~~~~
+      |                                            |
+      |                                            addr_t * {aka unsigned int *}
+In file included from com32/chain/chain.c:32:
+com32/include/syslinux/loadfile.h:11:37: note: expected ‘size_t *’ {aka ‘long unsigned int *’} but argument is of type ‘addr_t *’ {aka ‘unsigned int *’}
+   11 | int loadfile(const char *, void **, size_t *);
+      |                                     ^~~~~~~~
+
+Upstream: N/A, dead
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+---
+ com32/chain/chain.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/com32/chain/chain.h b/com32/chain/chain.h
+index fb5914b1..dcf43844 100644
+--- a/com32/chain/chain.h
++++ b/com32/chain/chain.h
+@@ -21,7 +21,7 @@
+ struct data_area {
+     void *data;
+     addr_t base;
+-    addr_t size;
++    size_t size;
+ };
+ 
+ #endif
+-- 
+2.47.1
+

boot/syslinux/0024-efi-main.c-fix-incorrect-type-of-load_error_buf.patch

@@ -0,0 +1,48 @@
+From cbc8a8e25c3548771de5294f5a1eaef6bfe9b5da Mon Sep 17 00:00:00 2001
+From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+Date: Sat, 18 Jan 2025 17:03:16 +0100
+Subject: [PATCH] efi/main.c: fix incorrect type of load_error_buf
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+load_error_buf is used as argument of setjmp()/longjmp(), so it should
+be a "jmp_buf", not a "jmp_buf *". According to the setjmp/longjmp man
+page:
+
+       int setjmp(jmp_buf env);
+       int sigsetjmp(sigjmp_buf env, int savesigs);
+
+Fixes build issue with GCC >= 14:
+
+efi/main.c:1329:21: error: passing argument 1 of ‘setjmp’ from incompatible pointer type [-Wincompatible-pointer-types]
+ 1329 |         if (!setjmp(load_error_buf))
+      |                     ^~~~~~~~~~~~~~
+      |                     |
+      |                     struct <anonymous> (*)[1]
+x86_64-buildroot-linux-gnu/sysroot/usr/include/efi/efisetjmp.h:7:29: note: expected ‘struct <anonymous> *’ but argument is of type ‘struct <anonymous> (*)[1]’
+    7 | extern UINTN setjmp(jmp_buf env) __attribute__((returns_twice));
+      |                     ~~~~~~~~^~~
+
+Upstream: N/A dead
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+---
+ efi/main.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/efi/main.c b/efi/main.c
+index 7dc7bca7..045dae56 100644
+--- a/efi/main.c
++++ b/efi/main.c
+@@ -30,7 +30,7 @@ uint32_t timer_irq;
+ __export uint8_t KbdMap[256];
+ char aux_seg[256];
+ 
+-static jmp_buf *load_error_buf;
++static jmp_buf load_error_buf;
+ 
+ static inline EFI_STATUS
+ efi_close_protocol(EFI_HANDLE handle, EFI_GUID *guid, EFI_HANDLE agent,
+-- 
+2.47.1
+

boot/ti-k3-r5-loader/ti-k3-r5-loader.mk

@@ -46,6 +46,7 @@ TI_K3_R5_LOADER_DEPENDENCIES = \
 	host-pkgconf \
 	$(BR2_MAKE_HOST_DEPENDENCY) \
 	host-arm-gnu-toolchain \
+	host-gnutls \
 	host-openssl \
 	host-python3 \
 	host-python-jsonschema \

configs/ti_am62ax_sk_defconfig

@@ -10,6 +10,7 @@ BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_VERSION=y
 BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="6.10"
 BR2_LINUX_KERNEL_USE_ARCH_DEFAULT_CONFIG=y
+BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="board/ti/am62ax-sk/linux.config"
 BR2_LINUX_KERNEL_DTS_SUPPORT=y
 BR2_LINUX_KERNEL_INTREE_DTS_NAME="ti/k3-am62a7-sk"
 BR2_TARGET_ROOTFS_EXT2=y

linux/Config.in

@@ -30,6 +30,11 @@ choice
 config BR2_LINUX_KERNEL_LATEST_VERSION
 	bool "Latest version (6.11)"
 	select BR2_TOOLCHAIN_HEADERS_AT_LEAST_6_11 if BR2_KERNEL_HEADERS_AS_KERNEL
+	# mips always generates an ITB image
+	select BR2_PACKAGE_HOST_UBOOT_TOOLS if BR2_mips || BR2_mipsel || BR2_mips64 || BR2_mips64el
+	select BR2_PACKAGE_HOST_UBOOT_TOOLS_FIT_SUPPORT if BR2_mips || BR2_mipsel || BR2_mips64 || BR2_mips64el
+	# nios2 always generates a U-Boot image
+	select BR2_PACKAGE_HOST_UBOOT_TOOLS if BR2_nios2
 
 config BR2_LINUX_KERNEL_LATEST_CIP_VERSION
 	bool "Latest CIP SLTS version (5.10.162-cip24)"
@@ -168,6 +173,12 @@ config BR2_LINUX_KERNEL_USE_DEFCONFIG
 
 config BR2_LINUX_KERNEL_USE_ARCH_DEFAULT_CONFIG
 	bool "Use the architecture default configuration"
+	# We know that the default configuration on some architectures
+	# requires host-openssl, so select it for the latest kernel
+	# version. This is mainly needed to fix autobuilder testing.
+	select BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL if \
+	       BR2_LINUX_KERNEL_LATEST_VERSION && \
+	       (BR2_aarch64 || BR2_aarch64_be || BR2_arcle || BR2_arceb || BR2_sparc || BR2_x86_64)
 	help
 	  This option will use the default configuration for the
 	  selected architecture. I.e, it is equivalent to running

linux/linux.hash

@@ -1,11 +1,11 @@
 # From https://www.kernel.org/pub/linux/kernel/v6.x/sha256sums.asc
 sha256  62148e7e17f54c4a5ab5e75ad4882682c54bee818948be61a5963234fc0849fc  linux-6.11.11.tar.xz
-sha256  d1054ab4803413efe2850f50f1a84349c091631ec50a1cf9e891d1b1f9061835  linux-6.6.63.tar.xz
-sha256  aecdaf39d0a844a81ce4c67d9daff8979e938bb690df4f679fbbb494fe423278  linux-6.1.119.tar.xz
+sha256  5aa39a9bd555133ad741058f9908a277e6b36bb928481e747d885b50aaaa93ed  linux-6.6.78.tar.xz
+sha256  874d67d3181570e69ac6b33853f0448f05fc90d4cf3e4baaadc4a9cede7c50f3  linux-6.1.128.tar.xz
 # From https://www.kernel.org/pub/linux/kernel/v5.x/sha256sums.asc
-sha256  8a4b2a47ccc9b208b2b6ed9a216ea1a5eb12852c723bec1a04de9e671a1d7da8  linux-5.15.173.tar.xz
-sha256  cd1850ef3b771886df4e0b4c4eb07033864abab2bb553a20fd9e3cdc23584b47  linux-5.10.230.tar.xz
-sha256  180754f3df0e8d7f206625255b3f5a6e1f441feec83336df42613ca8f6b1887c  linux-5.4.286.tar.xz
+sha256  efe9f7eb5ea4d26cec6290689343e1804eb3b4a88ff5a60497a696fc08157c42  linux-5.15.178.tar.xz
+sha256  9597c4fee2f1ce452acfec516f4325ad342155872052fd5f0d9ce2ddcc26ebe5  linux-5.10.234.tar.xz
+sha256  6cc73cf2a7f50580f7d8c7e99d2f2e8ada8b7d2f4e76f5896f0daf691cc2a456  linux-5.4.290.tar.xz
 # From https://www.kernel.org/pub/linux/kernel/v4.x/sha256sums.asc
 sha256  607bed7de5cda31a443df4c8a78dbe5e8a9ad31afde2a4d28fe99ab4730e8de1  linux-4.19.325.tar.xz
 # Locally computed

linux/linux.mk

@@ -343,6 +343,12 @@ LINUX_KCONFIG_DEFCONFIG = $(call qstrip,$(BR2_LINUX_KERNEL_DEFCONFIG))_defconfig
 else ifeq ($(BR2_LINUX_KERNEL_USE_ARCH_DEFAULT_CONFIG),y)
 ifeq ($(BR2_powerpc64le),y)
 LINUX_KCONFIG_DEFCONFIG = ppc64le_defconfig
+else ifeq ($(BR2_powerpc64),y)
+LINUX_KCONFIG_DEFCONFIG = ppc64_defconfig
+else ifeq ($(BR2_powerpc),y)
+LINUX_KCONFIG_DEFCONFIG = ppc_defconfig
+else ifeq ($(BR2_arc750d)$(BR2_arc770d),y)
+LINUX_KCONFIG_DEFCONFIG = axs101_defconfig
 else
 LINUX_KCONFIG_DEFCONFIG = defconfig
 endif

package/acpica/acpica.hash

@@ -1,3 +1,3 @@
 # locally computed hash
-sha256  57988fb55541e694dfa3323bd19db74b65d37e942bebef559ed51e8cd9348b43  acpica-unix-20240927.tar.gz
+sha256  9dca83cfee390b710485fbdf787048370049c05723b10cc220cfef6e13c31961  acpica-unix-20241212.tar.gz
 sha256  b28f54dc421531bbe269afd8c28bf6fdfd6affbe50c2831464f777ec1766d4a5  source/include/acpi.h

package/acpica/acpica.mk

@@ -4,9 +4,9 @@
 #
 ################################################################################
 
-ACPICA_VERSION = 20240927
+ACPICA_VERSION = 20241212
 ACPICA_SOURCE = acpica-unix-$(ACPICA_VERSION).tar.gz
-ACPICA_SITE = https://github.com/user-attachments/files/17171019
+ACPICA_SITE = https://github.com/user-attachments/files/18117992
 ACPICA_LICENSE = BSD-3-Clause or GPL-2.0
 ACPICA_LICENSE_FILES = source/include/acpi.h
 ACPICA_DEPENDENCIES = host-bison host-flex

package/apache/apache.hash

@@ -1,5 +1,5 @@
-# From https://downloads.apache.org/httpd/httpd-2.4.62.tar.bz2.{sha256,sha512}
-sha256  674188e7bf44ced82da8db522da946849e22080d73d16c93f7f4df89e25729ec  httpd-2.4.62.tar.bz2
-sha512  7db1876805d5c0f60f49bcb51f75cdf567120f2ff6349e68f084e9a86ae38265d9f1c67e7fca0082c9db136f3c408a88501ee11f26b1b68724ba240867171d77  httpd-2.4.62.tar.bz2
+# From https://downloads.apache.org/httpd/httpd-2.4.63.tar.bz2.{sha256,sha512}
+sha256  88fc236ab99b2864b248de7d49a008ec2afd7551e64dce8b95f58f32f94c46ab  httpd-2.4.63.tar.bz2
+sha512  a804ca564dfee5907fe4ce4f36884815bace0621bc7b8c9aa7c99472a954aa19cb13733f90678ff3d58ab3c76cc0e33a27e1035dc1d8cb597a9622154c59ef48  httpd-2.4.63.tar.bz2
 # Locally computed
 sha256  47b8c2b6c3309282a99d4a3001575c790fead690cc14734628c4667d2bbffc43  LICENSE

package/apache/apache.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-APACHE_VERSION = 2.4.62
+APACHE_VERSION = 2.4.63
 APACHE_SOURCE = httpd-$(APACHE_VERSION).tar.bz2
 APACHE_SITE = https://dlcdn.apache.org/httpd
 APACHE_LICENSE = Apache-2.0

package/apr/0004-Merge-r1920082-from-1.8.x.patch

@@ -0,0 +1,71 @@
+From 36ea6d5a2bfc480dd8032cc8651e6793552bc2aa Mon Sep 17 00:00:00 2001
+From: Eric Covener <covener@apache.org>
+Date: Tue, 20 Aug 2024 21:50:42 +0000
+Subject: [PATCH] Merge r1920082 from 1.8.x:
+
+use 0600 perms for named shared mem consistently
+
+
+
+
+git-svn-id: https://svn.apache.org/repos/asf/apr/apr/branches/1.7.x@1920083 13f79535-47bb-0310-9956-ffa450edef68
+Upstream: https://github.com/apache/apr/commit/36ea6d5a2bfc480dd8032cc8651e6793552bc2aa
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ shmem/unix/shm.c | 18 +++++++-----------
+ 1 file changed, 7 insertions(+), 11 deletions(-)
+
+diff --git a/shmem/unix/shm.c b/shmem/unix/shm.c
+index 096884d99..ea9b94277 100644
+--- a/shmem/unix/shm.c
++++ b/shmem/unix/shm.c
+@@ -287,10 +287,9 @@ APR_DECLARE(apr_status_t) apr_shm_create(apr_shm_t **m,
+         status = APR_SUCCESS;
+     
+ #if APR_USE_SHMEM_MMAP_TMP
+-        /* FIXME: Is APR_OS_DEFAULT sufficient? */
+-        status = apr_file_open(&file, filename, 
+-                               APR_READ | APR_WRITE | APR_CREATE | APR_EXCL,
+-                               APR_OS_DEFAULT, pool);
++        status = apr_file_open(&file, filename,
++                               APR_FOPEN_READ | APR_FOPEN_WRITE | APR_FOPEN_CREATE | APR_FOPEN_EXCL,
++                               APR_FPROT_UREAD | APR_FPROT_UWRITE, pool);
+         if (status != APR_SUCCESS) {
+             return status;
+         }
+@@ -319,8 +318,7 @@ APR_DECLARE(apr_status_t) apr_shm_create(apr_shm_t **m,
+         }
+ #endif /* APR_USE_SHMEM_MMAP_TMP */
+ #if APR_USE_SHMEM_MMAP_SHM
+-        /* FIXME: SysV uses 0600... should we? */
+-        tmpfd = shm_open(shm_name, O_RDWR | O_CREAT | O_EXCL, 0644);
++        tmpfd = shm_open(shm_name, O_RDWR | O_CREAT | O_EXCL, 0600);
+         if (tmpfd == -1) {
+             return errno;
+         }
+@@ -361,10 +359,9 @@ APR_DECLARE(apr_status_t) apr_shm_create(apr_shm_t **m,
+ #elif APR_USE_SHMEM_SHMGET
+         new_m->realsize = reqsize;
+ 
+-        /* FIXME: APR_OS_DEFAULT is too permissive, switch to 600 I think. */
+-        status = apr_file_open(&file, filename, 
++        status = apr_file_open(&file, filename,
+                                APR_FOPEN_WRITE | APR_FOPEN_CREATE | APR_FOPEN_EXCL,
+-                               APR_OS_DEFAULT, pool);
++                               APR_FPROT_UREAD | APR_FPROT_UWRITE, pool);
+         if (status != APR_SUCCESS) {
+             return status;
+         }
+@@ -555,8 +552,7 @@ APR_DECLARE(apr_status_t) apr_shm_attach(apr_shm_t **m,
+ #if APR_USE_SHMEM_MMAP_SHM
+         const char *shm_name = make_shm_open_safe_name(filename, pool);
+ 
+-        /* FIXME: SysV uses 0600... should we? */
+-        tmpfd = shm_open(shm_name, O_RDWR, 0644);
++        tmpfd = shm_open(shm_name, O_RDWR, 0600);
+         if (tmpfd == -1) {
+             return errno;
+         }
+-- 
+2.39.5
+

package/apr/apr.mk

@@ -16,6 +16,9 @@ APR_INSTALL_STAGING = YES
 # so we need to autoreconf:
 APR_AUTORECONF = YES
 
+# 0004-Merge-r1920082-from-1.8.x.patch
+APR_IGNORE_CVES += CVE-2023-49582
+
 APR_CONF_OPTS = --disable-sctp
 
 # avoid apr_hints.m4 by setting apr_preload_done=yes and set

package/assimp/0001-Fix-leak-5762.patch

@@ -0,0 +1,139 @@
+From 4024726eca89331503bdab33d0b9186e901bbc45 Mon Sep 17 00:00:00 2001
+From: Kim Kulling <kimkulling@users.noreply.github.com>
+Date: Sat, 7 Sep 2024 21:02:34 +0200
+Subject: [PATCH] Fix leak (#5762)
+
+* Fix leak
+
+* Update utLogger.cpp
+
+Upstream: https://github.com/assimp/assimp/commit/4024726eca89331503bdab33d0b9186e901bbc45
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ code/Common/Assimp.cpp        | 13 ++++++---
+ fuzz/assimp_fuzzer.cc         |  2 +-
+ test/CMakeLists.txt           |  1 +
+ test/unit/Common/utLogger.cpp | 52 +++++++++++++++++++++++++++++++++++
+ 4 files changed, 63 insertions(+), 5 deletions(-)
+ create mode 100644 test/unit/Common/utLogger.cpp
+
+diff --git a/code/Common/Assimp.cpp b/code/Common/Assimp.cpp
+index ef3ee7b5d..91896e405 100644
+--- a/code/Common/Assimp.cpp
++++ b/code/Common/Assimp.cpp
+@@ -359,20 +359,25 @@ void CallbackToLogRedirector(const char *msg, char *dt) {
+     s->write(msg);
+ }
+ 
++static LogStream *DefaultStream = nullptr;
++
+ // ------------------------------------------------------------------------------------------------
+ ASSIMP_API aiLogStream aiGetPredefinedLogStream(aiDefaultLogStream pStream, const char *file) {
+     aiLogStream sout;
+ 
+     ASSIMP_BEGIN_EXCEPTION_REGION();
+-    LogStream *stream = LogStream::createDefaultStream(pStream, file);
+-    if (!stream) {
++    if (DefaultStream == nullptr) {
++        DefaultStream = LogStream::createDefaultStream(pStream, file);
++    }
++    
++    if (!DefaultStream) {
+         sout.callback = nullptr;
+         sout.user = nullptr;
+     } else {
+         sout.callback = &CallbackToLogRedirector;
+-        sout.user = (char *)stream;
++        sout.user = (char *)DefaultStream;
+     }
+-    gPredefinedStreams.push_back(stream);
++    gPredefinedStreams.push_back(DefaultStream);
+     ASSIMP_END_EXCEPTION_REGION(aiLogStream);
+     return sout;
+ }
+diff --git a/fuzz/assimp_fuzzer.cc b/fuzz/assimp_fuzzer.cc
+index 8178674e8..91ffd9d69 100644
+--- a/fuzz/assimp_fuzzer.cc
++++ b/fuzz/assimp_fuzzer.cc
+@@ -47,7 +47,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ using namespace Assimp;
+ 
+ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t dataSize) {
+-    aiLogStream stream = aiGetPredefinedLogStream(aiDefaultLogStream_STDOUT,NULL);
++    aiLogStream stream = aiGetPredefinedLogStream(aiDefaultLogStream_STDOUT, nullptr);
+     aiAttachLogStream(&stream);
+ 
+     Importer importer;
+diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt
+index 7b7fd850a..1a45adac7 100644
+--- a/test/CMakeLists.txt
++++ b/test/CMakeLists.txt
+@@ -100,6 +100,7 @@ SET( COMMON
+   unit/Common/utBase64.cpp
+   unit/Common/utHash.cpp
+   unit/Common/utBaseProcess.cpp
++  unit/Common/utLogger.cpp
+ )
+ 
+ SET(Geometry 
+diff --git a/test/unit/Common/utLogger.cpp b/test/unit/Common/utLogger.cpp
+new file mode 100644
+index 000000000..932240a7f
+--- /dev/null
++++ b/test/unit/Common/utLogger.cpp
+@@ -0,0 +1,52 @@
++/*
++---------------------------------------------------------------------------
++Open Asset Import Library (assimp)
++---------------------------------------------------------------------------
++
++Copyright (c) 2006-2024, assimp team
++
++All rights reserved.
++
++Redistribution and use of this software in source and binary forms,
++with or without modification, are permitted provided that the following
++conditions are met:
++
++* Redistributions of source code must retain the above
++copyright notice, this list of conditions and the
++following disclaimer.
++
++* Redistributions in binary form must reproduce the above
++copyright notice, this list of conditions and the
++following disclaimer in the documentation and/or other
++materials provided with the distribution.
++
++* Neither the name of the assimp team, nor the names of its
++contributors may be used to endorse or promote products
++derived from this software without specific prior
++written permission of the assimp team.
++
++THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
++"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
++LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
++A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
++OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
++LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
++DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
++THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
++OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++---------------------------------------------------------------------------
++*/
++
++#include "UnitTestPCH.h"
++#include <assimp/Importer.hpp>
++
++using namespace Assimp;
++class utLogger : public ::testing::Test {};
++
++TEST_F(utLogger, aiGetPredefinedLogStream_leak_test) {
++    aiLogStream stream1 = aiGetPredefinedLogStream(aiDefaultLogStream_STDOUT, nullptr);
++    aiLogStream stream2 = aiGetPredefinedLogStream(aiDefaultLogStream_STDOUT, nullptr);
++    ASSERT_EQ(stream1.callback, stream2.callback);
++}
+-- 
+2.39.5
+

package/assimp/0002-Fix-use-after-free-in-the-CallbackToLogRedirector-59.patch

@@ -0,0 +1,39 @@
+From f12e52198669239af525e525ebb68407977f8e34 Mon Sep 17 00:00:00 2001
+From: tyler92 <tyler92@inbox.ru>
+Date: Wed, 11 Dec 2024 12:17:14 +0200
+Subject: [PATCH] Fix use after free in the CallbackToLogRedirector (#5918)
+
+The heap-use-after-free vulnerability occurs in the
+CallbackToLogRedirector function. During the process of logging,
+a previously freed memory region is accessed, leading to a
+use-after-free condition. This vulnerability stems from incorrect
+memory management, specifically, freeing a log stream and then
+attempting to access it later on.
+
+This patch sets NULL value for The DefaultStream global pointer.
+
+Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
+Upstream: https://github.com/assimp/assimp/commit/f12e52198669239af525e525ebb68407977f8e34
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ code/Common/Assimp.cpp | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/code/Common/Assimp.cpp b/code/Common/Assimp.cpp
+index 91896e405..22e16bd36 100644
+--- a/code/Common/Assimp.cpp
++++ b/code/Common/Assimp.cpp
+@@ -416,6 +416,10 @@ ASSIMP_API aiReturn aiDetachLogStream(const aiLogStream *stream) {
+     DefaultLogger::get()->detachStream(it->second);
+     delete it->second;
+ 
++    if ((Assimp::LogStream *)stream->user == DefaultStream) {
++        DefaultStream = nullptr;
++    }
++
+     gActiveLogStreams.erase(it);
+ 
+     if (gActiveLogStreams.empty()) {
+-- 
+2.39.5
+

package/assimp/assimp.hash

@@ -1,3 +1,3 @@
 # Locally calculated
-sha256  a07666be71afe1ad4bc008c2336b7c688aca391271188eb9108d0c6db1be53f1  assimp-5.3.1.tar.gz
+sha256  66dfbaee288f2bc43172440a55d0235dfc7bf885dda6435c038e8000e79582cb  assimp-5.4.3.tar.gz
 sha256  147874443d242b4e2bae97036e26ec9d6b37f706174c1bd5ecfcc8c1294cef51  LICENSE

package/assimp/assimp.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-ASSIMP_VERSION = 5.3.1
+ASSIMP_VERSION = 5.4.3
 ASSIMP_SITE = $(call github,assimp,assimp,v$(ASSIMP_VERSION))
 ASSIMP_LICENSE = BSD-3-Clause
 ASSIMP_LICENSE_FILES = LICENSE
@@ -12,6 +12,10 @@ ASSIMP_CPE_ID_VENDOR = assimp
 ASSIMP_DEPENDENCIES = zlib
 ASSIMP_INSTALL_STAGING = YES
 
+# 0001-Fix-leak-5762.patch
+# 0002-Fix-use-after-free-in-the-CallbackToLogRedirector-59.patch
+ASSIMP_IGNORE_CVES += CVE-2024-48423
+
 # relocation truncated to fit: R_68K_GOT16O. We also need to disable
 # optimizations to not run into "Error: value -43420 out of range"
 # assembler issues.

package/asterisk/asterisk.hash

@@ -1,5 +1,5 @@
 # Locally computed
-sha256  a8162085b7d16f10d5cd16fc2e2cb8399dbe42bd1c321b14eec229fc0ed12570  asterisk-20.10.0.tar.gz
+sha256  94647b3f887f7dc91df51a4f88dfc3a07cc279bef86b8d05aa72f0c49d187571  asterisk-20.11.1.tar.gz
 
 # sha1 from: http://downloads.asterisk.org/pub/telephony/sounds/releases
 # sha256 locally computed

package/asterisk/asterisk.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-ASTERISK_VERSION = 20.10.0
+ASTERISK_VERSION = 20.11.1
 # Use the github mirror: it's an official mirror maintained by Digium, and
 # provides tarballs, which the main Asterisk git tree (behind Gerrit) does not.
 ASTERISK_SITE = $(call github,asterisk,asterisk,$(ASTERISK_VERSION))

package/autoconf/0001-dont-add-dirty-to-version.patch

@@ -1,7 +1,7 @@
 autoconf: don't append -dirty to version
 
 Don't append -dirty to autoconf version number if the buildroot git tree
-has uncommited changes.
+has uncommitted changes.
 
 This script is meant for the autoconf developers, but it also activates
 if you build autoconf in a subdirectory of a git tree (E.G. like how it's

package/bc/bc.mk

@@ -5,7 +5,7 @@
 ################################################################################
 
 BC_VERSION = 1.07.1
-BC_SITE = http://ftp.gnu.org/gnu/bc
+BC_SITE = $(BR2_GNU_MIRROR)/bc
 BC_DEPENDENCIES = host-flex
 BC_LICENSE = GPL-2.0+, LGPL-2.1+
 BC_LICENSE_FILES = COPYING COPYING.LIB

package/bind/bind.hash

@@ -1,4 +1,4 @@
-# Verified from https://ftp.isc.org/isc/bind9/9.18.31/bind-9.18.31.tar.xz.asc
-# with key 706B6C28620E76F91D11F7DF510A642A06C52CEC
-sha256  51b258969275c5206ef745a5aac03dbe98f1c8031fefed378d53597e7987b1b3  bind-9.18.31.tar.xz
+# Verified from https://ftp.isc.org/isc/bind9/9.18.33/bind-9.18.33.tar.xz.asc
+# with key D99CCEAF879747014F038D63182E23579462EFAA
+sha256  fb373fac5ebbc41c645160afd5a9fb451918f6c0e69ab1d9474154e2b515de40  bind-9.18.33.tar.xz
 sha256  9734825d67a3ac967b2c2f7c9a83c9e5db1c2474dbe9599157c3a4188749ebd4  COPYRIGHT

package/bind/bind.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-BIND_VERSION = 9.18.31
+BIND_VERSION = 9.18.33
 BIND_SOURCE= bind-$(BIND_VERSION).tar.xz
 BIND_SITE = https://ftp.isc.org/isc/bind9/$(BIND_VERSION)
 # bind does not support parallel builds.

package/bluez5_utils-headers/bluez5_utils-headers.mk

@@ -5,7 +5,7 @@
 ################################################################################
 
 # Keep the version and patches in sync with bluez5_utils
-BLUEZ5_UTILS_HEADERS_VERSION = 5.78
+BLUEZ5_UTILS_HEADERS_VERSION = 5.79
 BLUEZ5_UTILS_HEADERS_SOURCE = bluez-$(BLUEZ5_UTILS_VERSION).tar.xz
 BLUEZ5_UTILS_HEADERS_SITE = $(BR2_KERNEL_MIRROR)/linux/bluetooth
 BLUEZ5_UTILS_HEADERS_DL_SUBDIR = bluez5_utils

package/bluez5_utils/0001-gdbus-define-MAX_INPUT-for-musl.patch

@@ -0,0 +1,33 @@
+From 9d69dba21f1e46b34cdd8ae27fec11d0803907ee Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Gu=C3=B0ni=20M=C3=A1r=20Gilbert?= <gudni.m.g@gmail.com>
+Date: Sat, 2 Nov 2024 16:10:18 +0000
+Subject: [PATCH] gdbus: define MAX_INPUT for musl
+
+This is the same solution as was done in src/shared/util.c
+
+Upstream: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=9d69dba21f1e46b34cdd8ae27fec11d0803907ee
+Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
+---
+ gdbus/object.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/gdbus/object.c b/gdbus/object.c
+index 84f116bf1..7b0476f1a 100644
+--- a/gdbus/object.c
++++ b/gdbus/object.c
+@@ -20,6 +20,12 @@
+ #include <dbus/dbus.h>
+ 
+ #include "gdbus.h"
++
++/* define MAX_INPUT for musl */
++#ifndef MAX_INPUT
++#define MAX_INPUT _POSIX_MAX_INPUT
++#endif
++
+ #include "src/shared/util.h"
+ 
+ #define info(fmt...)
+-- 
+2.45.2
+

package/bluez5_utils/0002-Leave-config-files-writable-for-owner.patch

@@ -0,0 +1,35 @@
+From b1fd409960001a77cda2a09ecc00147ebd9c3667 Mon Sep 17 00:00:00 2001
+From: Fiona Klute <fiona.klute@gmx.de>
+Date: Mon, 9 Dec 2024 16:40:43 +0100
+Subject: [PATCH BlueZ] build: Leave config files writable for owner
+
+This is needed for builds running as non-root users, so the build
+process and any distribution tools can create/move/delete files in the
+config directory without adjusting permissions separately. Limiting
+writes from the running service needs to be done in the systemd unit
+(already the case) or init script.
+
+See also: https://lore.kernel.org/linux-bluetooth/4d1206df-598b-4a68-8655-74981b62ecca@gmx.de/T/
+Reviewed-by: Bastien Nocera <hadess@hadess.net>
+Upstream: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=b1fd409960001a77cda2a09ecc00147ebd9c3667
+Signed-off-by: Fiona Klute (WIWA) <fiona.klute@gmx.de>
+---
+ Makefile.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index 297d0774c..29018a91c 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -32,7 +32,7 @@ confdir = $(sysconfdir)/bluetooth
+ statedir = $(localstatedir)/lib/bluetooth
+ 
+ bluetoothd-fix-permissions:
+-	install -dm555 $(DESTDIR)$(confdir)
++	install -dm755 $(DESTDIR)$(confdir)
+ 	install -dm700 $(DESTDIR)$(statedir)
+ 
+ if DATAFILES
+-- 
+2.45.2
+

package/bluez5_utils/bluez5_utils.hash

@@ -1,5 +1,5 @@
 # From https://www.kernel.org/pub/linux/bluetooth/sha256sums.asc:
-sha256  830fed1915c5d375b8de0f5e6f45fcdea0dcc5ff5ffb3d31db6ed0f00d73c5e3  bluez-5.78.tar.xz
+sha256  4164a5303a9f71c70f48c03ff60be34231b568d93a9ad5e79928d34e6aa0ea8a  bluez-5.79.tar.xz
 # Locally computed
 sha256  b499eddebda05a8859e32b820a64577d91f1de2b52efa2a1575a2cb4000bc259  COPYING
 sha256  ec60b993835e2c6b79e6d9226345f4e614e686eb57dc13b6420c15a33a8996e5  COPYING.LIB

package/bluez5_utils/bluez5_utils.mk

@@ -5,7 +5,7 @@
 ################################################################################
 
 # Keep the version and patches in sync with bluez5_utils-headers
-BLUEZ5_UTILS_VERSION = 5.78
+BLUEZ5_UTILS_VERSION = 5.79
 BLUEZ5_UTILS_SOURCE = bluez-$(BLUEZ5_UTILS_VERSION).tar.xz
 BLUEZ5_UTILS_SITE = $(BR2_KERNEL_MIRROR)/linux/bluetooth
 BLUEZ5_UTILS_INSTALL_STAGING = YES
@@ -13,6 +13,9 @@ BLUEZ5_UTILS_LICENSE = GPL-2.0+, LGPL-2.1+
 BLUEZ5_UTILS_LICENSE_FILES = COPYING COPYING.LIB
 BLUEZ5_UTILS_CPE_ID_VENDOR = bluez
 BLUEZ5_UTILS_CPE_ID_PRODUCT = bluez
+# required because 0002-Leave-config-files-writable-for-owner.patch
+# modifies Makefile.am
+BLUEZ5_UTILS_AUTORECONF = YES
 
 BLUEZ5_UTILS_DEPENDENCIES = \
 	$(if $(BR2_PACKAGE_BLUEZ5_UTILS_HEADERS),bluez5_utils-headers) \
@@ -22,13 +25,12 @@ BLUEZ5_UTILS_DEPENDENCIES = \
 BLUEZ5_UTILS_CONF_OPTS = \
 	--enable-library \
 	--disable-cups \
-	--disable-datafiles \
 	--disable-manpages \
 	--disable-asan \
 	--disable-lsan \
 	--disable-ubsan \
 	--disable-pie \
-	--with-dbusconfdir=/etc
+	--with-dbusconfdir=/usr/share
 
 ifeq ($(BR2_PACKAGE_BLUEZ5_UTILS_OBEX),y)
 BLUEZ5_UTILS_CONF_OPTS += --enable-obex

package/busybox/0009-menuconfig-gcc-failing-saying-ncurses-is-not-found.patch

@@ -1,6 +1,6 @@
-From ctxnop@gmail.com  Sun Jul 21 12:10:52 2024
-From: ctxnop@gmail.com (Nop)
-Date: Sun, 21 Jul 2024 14:10:52 +0200
+From 32949508fe566aee8988cb6d8ee101ecc5e49a65 Mon Sep 17 00:00:00 2001
+From: ctxnop <ctxnop@gmail.com>
+Date: Sun, 26 Jan 2025 20:59:20 +0100
 Subject: [PATCH] menuconfig: GCC failing saying ncurses is not found
 
 Newer GCC increased diagnostics levels resulting in considering the
@@ -17,13 +17,12 @@ Signed-off-by: Fiona Klute (WIWA) <fiona.klute@gmx.de>
  scripts/kconfig/lxdialog/check-lxdialog.sh | 4 ++--
  1 file changed, 2 insertions(+), 2 deletions(-)
 
-diff --git a/scripts/kconfig/lxdialog/check-lxdialog.sh
-b/scripts/kconfig/lxdialog/check-lxdialog.sh
-index 5075ebf2d..c644d1d48 100755
+diff --git a/scripts/kconfig/lxdialog/check-lxdialog.sh b/scripts/kconfig/lxdialog/check-lxdialog.sh
+index 5075ebf2d..08e4da3de 100755
 --- a/scripts/kconfig/lxdialog/check-lxdialog.sh
 +++ b/scripts/kconfig/lxdialog/check-lxdialog.sh
 @@ -45,9 +45,9 @@ trap "rm -f $tmp" 0 1 2 3 15
-
+ 
  # Check if we can link to ncurses
  check() {
 -        $cc -x c - -o $tmp 2>/dev/null <<'EOF'
@@ -34,5 +33,6 @@ index 5075ebf2d..c644d1d48 100755
  EOF
  	if [ $? != 0 ]; then
  	    echo " *** Unable to find the ncurses libraries or the"       1>&2
---
-2.45.2
+-- 
+2.47.1
+

package/busybox/0011-awk-fix-use-after-realloc-CVE-2021-42380-closes-1560.patch

@@ -0,0 +1,154 @@
+From 7c73cdaa80faf0046b07c970321557ff04f7da64 Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Fri, 26 May 2023 19:36:58 +0200
+Subject: [PATCH] awk: fix use-after-realloc (CVE-2021-42380), closes 15601
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+
+CVE: CVE-2021-42380
+Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=5dcc443dba039b305a510c01883e9f34e42656ae]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+[Thomas: taken from https://git.openembedded.org/openembedded-core/tree/meta/recipes-core/busybox/busybox/CVE-2021-42380.patch?id=e0ff4813b1cf4df0d851c857d57fb88d7db51bdd]
+Upstream: https://git.busybox.net/busybox/commit/?id=5dcc443dba039b305a510c01883e9f34e42656ae
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+---
+ editors/awk.c       | 26 ++++++++++++++++-----
+ testsuite/awk.tests | 55 +++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 75 insertions(+), 6 deletions(-)
+
+diff --git a/editors/awk.c b/editors/awk.c
+index 728ee8685..2af823808 100644
+--- a/editors/awk.c
++++ b/editors/awk.c
+@@ -555,7 +555,7 @@ struct globals {
+ 	const char *g_progname;
+ 	int g_lineno;
+ 	int nfields;
+-	int maxfields; /* used in fsrealloc() only */
++	unsigned maxfields;
+ 	var *Fields;
+ 	char *g_pos;
+ 	char g_saved_ch;
+@@ -1931,9 +1931,9 @@ static void fsrealloc(int size)
+ {
+ 	int i, newsize;
+ 
+-	if (size >= maxfields) {
+-		/* Sanity cap, easier than catering for overflows */
+-		if (size > 0xffffff)
++	if ((unsigned)size >= maxfields) {
++		/* Sanity cap, easier than catering for over/underflows */
++		if ((unsigned)size > 0xffffff)
+ 			bb_die_memory_exhausted();
+ 
+ 		i = maxfields;
+@@ -2891,6 +2891,7 @@ static var *evaluate(node *op, var *res)
+ 		uint32_t opinfo;
+ 		int opn;
+ 		node *op1;
++		var *old_Fields_ptr;
+ 
+ 		opinfo = op->info;
+ 		opn = (opinfo & OPNMASK);
+@@ -2899,10 +2900,16 @@ static var *evaluate(node *op, var *res)
+ 		debug_printf_eval("opinfo:%08x opn:%08x\n", opinfo, opn);
+ 
+ 		/* execute inevitable things */
++		old_Fields_ptr = NULL;
+ 		if (opinfo & OF_RES1) {
+ 			if ((opinfo & OF_REQUIRED) && !op1)
+ 				syntax_error(EMSG_TOO_FEW_ARGS);
+ 			L.v = evaluate(op1, TMPVAR0);
++			/* Does L.v point to $n variable? */
++			if ((size_t)(L.v - Fields) < maxfields) {
++				/* yes, remember where Fields[] is */
++				old_Fields_ptr = Fields;
++			}
+ 			if (opinfo & OF_STR1) {
+ 				L.s = getvar_s(L.v);
+ 				debug_printf_eval("L.s:'%s'\n", L.s);
+@@ -2921,8 +2928,15 @@ static var *evaluate(node *op, var *res)
+ 		 */
+ 		if (opinfo & OF_RES2) {
+ 			R.v = evaluate(op->r.n, TMPVAR1);
+-			//TODO: L.v may be invalid now, set L.v to NULL to catch bugs?
+-			//L.v = NULL;
++			/* Seen in $5=$$5=$0:
++			 * Evaluation of R.v ($$5=$0 expression)
++			 * made L.v ($5) invalid. It's detected here.
++			 */
++			if (old_Fields_ptr) {
++				//if (old_Fields_ptr != Fields)
++				//	debug_printf_eval("L.v moved\n");
++				L.v += Fields - old_Fields_ptr;
++			}
+ 			if (opinfo & OF_STR2) {
+ 				R.s = getvar_s(R.v);
+ 				debug_printf_eval("R.s:'%s'\n", R.s);
+diff --git a/testsuite/awk.tests b/testsuite/awk.tests
+index bbf0fbff1..ddc51047b 100755
+--- a/testsuite/awk.tests
++++ b/testsuite/awk.tests
+@@ -485,4 +485,59 @@ testing 'awk assign while test' \
+ 	"" \
+ 	"foo"
+ 
++# User-supplied bug (SEGV) example, was causing use-after-realloc
++testing 'awk assign while assign' \
++	"awk '\$5=\$\$5=\$0'; echo \$?" \
++	"\
++─ process timing ────────────────────────────────────┬─ ─ process timing ────────────────────────────────────┬─ overall results ────┐ results ────┐
++│ run time : │        run time : 0 days, 0 hrs, 0 min, 56 sec      │  cycles done : 0     │ days, 0 hrs, 0 min, 56 sec │ cycles done : 0 │
++│ last new find │   last new find : 0 days, 0 hrs, 0 min, 1 sec       │ corpus count : 208   │ 0 days, 0 hrs, 0 min, 1 sec │ corpus count : 208 │
++│last saved crash : │last saved crash : none seen yet                     │saved crashes : 0     │ seen yet │saved crashes : 0 │
++│ last saved hang │ last saved hang : none seen yet                     │  saved hangs : 0     │ none seen yet │ saved hangs : 0 │
++├─ cycle progress ─────────────────────┬─ ├─ cycle progress ─────────────────────┬─ map coverage┴──────────────────────┤ coverage┴──────────────────────┤
++│ now processing : │  now processing : 184.1 (88.5%)      │    map density : 0.30% / 0.52%      │ (88.5%) │ map density : 0.30% / 0.52% │                                                                                                                                                                          │  now processing : 184.1 (88.5%)      │    map density : 0.30% / 0.52%      │
++│ runs timed out │  runs timed out : 0 (0.00%)          │ count coverage : 2.18 bits/tuple    │ 0 (0.00%) │ count coverage : 2.18 bits/tuple │
++├─ stage progress ─────────────────────┼─ ├─ stage progress ─────────────────────┼─ findings in depth ─────────────────┤ in depth ─────────────────┤
++│ now trying : │  now trying : havoc                  │ favored items : 43 (20.67%)         │ │ favored items : 43 (20.67%) │
++│ stage execs : │ stage execs : 11.2k/131k (8.51%)     │  new edges on : 52 (25.00%)         │ (8.51%) │ new edges on │ stage execs : 11.2k/131k (8.51%)     │  new edges on : 52 (25.00%)         │ 52 (25.00%) │
++│ total execs : │ total execs : 179k                   │ total crashes : 0 (0 saved)         │ │ total crashes : 0 (0 saved) │                                                                                                                                                                      │ total execs : 179k                   │ total crashes : 0 (0 saved)         │
++│ exec speed : │  exec speed : 3143/sec               │  total tmouts : 0 (0 saved)         │ │ total tmouts : 0 (0 saved) │                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          │  exec speed : 3143/sec               │  total tmouts : 0 (0 saved)         │
++├─ fuzzing strategy yields ├─ fuzzing strategy yields ────────────┴─────────────┬─ item geometry ───────┤ item geometry ───────┤
++│ bit flips : │   bit flips : 11/648, 4/638, 5/618                 │    levels : 4         │ 4/638, 5/618 │ levels : │   bit flips : 11/648, 4/638, 5/618                 │    levels : 4         │ │
++│ byte flips : │  byte flips : 0/81, 0/71, 0/52                     │   pending : 199       │ 0/71, 0/52 │ pending : 199 │
++│ arithmetics : 11/4494, │ arithmetics : 11/4494, 0/1153, 0/0                 │  pend fav : 35        │ 0/0 │ pend fav : 35 │
++│  known ints : 1/448, 0/1986, 0/2288                │ own finds : 207       │ known ints : │  known ints : 1/448, 0/1986, 0/2288                │ own finds : 207       │ 0/1986, 0/2288 │ own finds : 207 │
++│ dictionary : 0/0, │  dictionary : 0/0, 0/0, 0/0, 0/0                   │  imported : 0         │ 0/0, 0/0 │ imported : 0 │
++│havoc/splice : 142/146k, 23/7616 │havoc/splice : 142/146k, 23/7616                    │ stability : 100.00%   │ stability : 100.00% │
++│py/custom/rq : unused, unused, │py/custom/rq : unused, unused, unused, unused       ├───────────────────────┘ unused ├───────────────────────┘
++│ trim/eff : 57.02%/26, │    trim/eff : 57.02%/26, 0.00%                     │          [cpu000:100%] │ [cpu000:100%]
++└────────────────────────────────────────────────────┘^C    └────────────────────────────────────────────────────┘^C
++0
++" \
++	"" \
++	"\
++─ process timing ────────────────────────────────────┬─ overall results ────┐
++│        run time : 0 days, 0 hrs, 0 min, 56 sec      │  cycles done : 0     │
++│   last new find : 0 days, 0 hrs, 0 min, 1 sec       │ corpus count : 208   │
++│last saved crash : none seen yet                     │saved crashes : 0     │
++│ last saved hang : none seen yet                     │  saved hangs : 0     │
++├─ cycle progress ─────────────────────┬─ map coverage┴──────────────────────┤
++│  now processing : 184.1 (88.5%)      │    map density : 0.30% / 0.52%      │
++│  runs timed out : 0 (0.00%)          │ count coverage : 2.18 bits/tuple    │
++├─ stage progress ─────────────────────┼─ findings in depth ─────────────────┤
++│  now trying : havoc                  │ favored items : 43 (20.67%)         │
++│ stage execs : 11.2k/131k (8.51%)     │  new edges on : 52 (25.00%)         │
++│ total execs : 179k                   │ total crashes : 0 (0 saved)         │
++│  exec speed : 3143/sec               │  total tmouts : 0 (0 saved)         │
++├─ fuzzing strategy yields ────────────┴─────────────┬─ item geometry ───────┤
++│   bit flips : 11/648, 4/638, 5/618                 │    levels : 4         │
++│  byte flips : 0/81, 0/71, 0/52                     │   pending : 199       │
++│ arithmetics : 11/4494, 0/1153, 0/0                 │  pend fav : 35        │
++│  known ints : 1/448, 0/1986, 0/2288                │ own finds : 207       │
++│  dictionary : 0/0, 0/0, 0/0, 0/0                   │  imported : 0         │
++│havoc/splice : 142/146k, 23/7616                    │ stability : 100.00%   │
++│py/custom/rq : unused, unused, unused, unused       ├───────────────────────┘
++│    trim/eff : 57.02%/26, 0.00%                     │          [cpu000:100%]
++└────────────────────────────────────────────────────┘^C"
++
+ exit $FAILCOUNT
+-- 
+2.47.1
+

package/busybox/0012-awk-fix-use-after-free-CVE-2023-42363.patch

@@ -0,0 +1,70 @@
+From 20a91edce02adc258038a2e9bf5bda0fe27a5050 Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Mon, 20 May 2024 17:55:28 +0200
+Subject: [PATCH] awk: fix use after free (CVE-2023-42363)
+
+function                                             old     new   delta
+evaluate                                            3377    3385      +8
+
+Fixes https://bugs.busybox.net/show_bug.cgi?id=15865
+
+Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+
+CVE: CVE-2023-42363
+Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=fb08d43d44d1fea1f741fafb9aa7e1958a5f69aa]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+[Thomas: taken from https://git.openembedded.org/openembedded-core/tree/meta/recipes-core/busybox/busybox/CVE-2023-42363.patch?id=e0ff4813b1cf4df0d851c857d57fb88d7db51bdd]
+Upstream: https://git.busybox.net/busybox/commit/?id=fb08d43d44d1fea1f741fafb9aa7e1958a5f69aa
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+---
+ editors/awk.c | 21 +++++++++++++--------
+ 1 file changed, 13 insertions(+), 8 deletions(-)
+
+diff --git a/editors/awk.c b/editors/awk.c
+index 2af823808..d45724d59 100644
+--- a/editors/awk.c
++++ b/editors/awk.c
+@@ -2910,19 +2910,14 @@ static var *evaluate(node *op, var *res)
+ 				/* yes, remember where Fields[] is */
+ 				old_Fields_ptr = Fields;
+ 			}
+-			if (opinfo & OF_STR1) {
+-				L.s = getvar_s(L.v);
+-				debug_printf_eval("L.s:'%s'\n", L.s);
+-			}
+ 			if (opinfo & OF_NUM1) {
+ 				L_d = getvar_i(L.v);
+ 				debug_printf_eval("L_d:%f\n", L_d);
+ 			}
+ 		}
+-		/* NB: Must get string/numeric values of L (done above)
+-		 * _before_ evaluate()'ing R.v: if both L and R are $NNNs,
+-		 * and right one is large, then L.v points to Fields[NNN1],
+-		 * second evaluate() reallocates and moves (!) Fields[],
++		/* NB: if both L and R are $NNNs, and right one is large,
++		 * then at this pint L.v points to Fields[NNN1], second
++		 * evaluate() below reallocates and moves (!) Fields[],
+ 		 * R.v points to Fields[NNN2] but L.v now points to freed mem!
+ 		 * (Seen trying to evaluate "$444 $44444")
+ 		 */
+@@ -2942,6 +2937,16 @@ static var *evaluate(node *op, var *res)
+ 				debug_printf_eval("R.s:'%s'\n", R.s);
+ 			}
+ 		}
++		/* Get L.s _after_ R.v is evaluated: it may have realloc'd L.v
++		 * so we must get the string after "old_Fields_ptr" correction
++		 * above. Testcase: x = (v = "abc", gsub("b", "X", v));
++		 */
++		if (opinfo & OF_RES1) {
++			if (opinfo & OF_STR1) {
++				L.s = getvar_s(L.v);
++				debug_printf_eval("L.s:'%s'\n", L.s);
++			}
++		}
+ 
+ 		debug_printf_eval("switch(0x%x)\n", XC(opinfo & OPCLSMASK));
+ 		switch (XC(opinfo & OPCLSMASK)) {
+-- 
+2.47.1
+

package/busybox/0013-awk-fix-precedence-of-relative-to.patch

@@ -0,0 +1,203 @@
+From 47ff44735c0cd05efd899fb3486aca77e65fbe15 Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Tue, 30 May 2023 16:42:18 +0200
+Subject: [PATCH] awk: fix precedence of = relative to ==
+
+Discovered while adding code to disallow assignments to non-lvalues
+
+function                                             old     new   delta
+parse_expr                                           936     991     +55
+.rodata                                           105243  105247      +4
+------------------------------------------------------------------------------
+(add/remove: 0/0 grow/shrink: 2/0 up/down: 59/0)               Total: 59 bytes
+
+CVE: CVE-2023-42364 CVE-2023-42365
+
+Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=0256e00a9d077588bd3a39f5a1ef7e2eaa2911e4]
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+(cherry picked from commit 0256e00a9d077588bd3a39f5a1ef7e2eaa2911e4)
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+[Thomas: taken from https://git.openembedded.org/openembedded-core/tree/meta/recipes-core/busybox/busybox/0001-awk-fix-precedence-of-relative-to.patch?id=e0ff4813b1cf4df0d851c857d57fb88d7db51bdd]
+Upstream: https://git.busybox.net/busybox/commit/?id=0256e00a9d077588bd3a39f5a1ef7e2eaa2911e4
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+---
+ editors/awk.c       | 66 ++++++++++++++++++++++++++++++---------------
+ testsuite/awk.tests |  5 ++++
+ 2 files changed, 50 insertions(+), 21 deletions(-)
+
+diff --git a/editors/awk.c b/editors/awk.c
+index d45724d59..5962c3f6a 100644
+--- a/editors/awk.c
++++ b/editors/awk.c
+@@ -337,7 +337,9 @@ static void debug_parse_print_tc(uint32_t n)
+ #undef P
+ #undef PRIMASK
+ #undef PRIMASK2
+-#define P(x)      (x << 24)
++/* Smaller 'x' means _higher_ operator precedence */
++#define PRECEDENCE(x) (x << 24)
++#define P(x)      PRECEDENCE(x)
+ #define PRIMASK   0x7F000000
+ #define PRIMASK2  0x7E000000
+ 
+@@ -360,7 +362,7 @@ enum {
+ 	OC_MOVE = 0x1f00,       OC_PGETLINE = 0x2000,   OC_REGEXP = 0x2100,
+ 	OC_REPLACE = 0x2200,    OC_RETURN = 0x2300,     OC_SPRINTF = 0x2400,
+ 	OC_TERNARY = 0x2500,    OC_UNARY = 0x2600,      OC_VAR = 0x2700,
+-	OC_DONE = 0x2800,
++	OC_CONST = 0x2800,      OC_DONE = 0x2900,
+ 
+ 	ST_IF = 0x3000,         ST_DO = 0x3100,         ST_FOR = 0x3200,
+ 	ST_WHILE = 0x3300
+@@ -440,9 +442,9 @@ static const uint32_t tokeninfo[] ALIGN4 = {
+ #define TI_PREINC (OC_UNARY|xV|P(9)|'P')
+ #define TI_PREDEC (OC_UNARY|xV|P(9)|'M')
+ 	TI_PREINC,               TI_PREDEC,               OC_FIELD|xV|P(5),
+-	OC_COMPARE|VV|P(39)|5,   OC_MOVE|VV|P(74),        OC_REPLACE|NV|P(74)|'+', OC_REPLACE|NV|P(74)|'-',
+-	OC_REPLACE|NV|P(74)|'*', OC_REPLACE|NV|P(74)|'/', OC_REPLACE|NV|P(74)|'%', OC_REPLACE|NV|P(74)|'&',
+-	OC_BINARY|NV|P(29)|'+',  OC_BINARY|NV|P(29)|'-',  OC_REPLACE|NV|P(74)|'&', OC_BINARY|NV|P(15)|'&',
++	OC_COMPARE|VV|P(39)|5,   OC_MOVE|VV|P(38),        OC_REPLACE|NV|P(38)|'+', OC_REPLACE|NV|P(38)|'-',
++	OC_REPLACE|NV|P(38)|'*', OC_REPLACE|NV|P(38)|'/', OC_REPLACE|NV|P(38)|'%', OC_REPLACE|NV|P(38)|'&',
++	OC_BINARY|NV|P(29)|'+',  OC_BINARY|NV|P(29)|'-',  OC_REPLACE|NV|P(38)|'&', OC_BINARY|NV|P(15)|'&',
+ 	OC_BINARY|NV|P(25)|'/',  OC_BINARY|NV|P(25)|'%',  OC_BINARY|NV|P(15)|'&',  OC_BINARY|NV|P(25)|'*',
+ 	OC_COMPARE|VV|P(39)|4,   OC_COMPARE|VV|P(39)|3,   OC_COMPARE|VV|P(39)|0,   OC_COMPARE|VV|P(39)|1,
+ #define TI_LESS     (OC_COMPARE|VV|P(39)|2)
+@@ -1290,7 +1292,7 @@ static uint32_t next_token(uint32_t expected)
+ 			save_tclass = tc;
+ 			save_info = t_info;
+ 			tc = TC_BINOPX;
+-			t_info = OC_CONCAT | SS | P(35);
++			t_info = OC_CONCAT | SS | PRECEDENCE(35);
+ 		}
+ 
+ 		t_tclass = tc;
+@@ -1350,9 +1352,8 @@ static node *parse_expr(uint32_t term_tc)
+ {
+ 	node sn;
+ 	node *cn = &sn;
+-	node *vn, *glptr;
++	node *glptr;
+ 	uint32_t tc, expected_tc;
+-	var *v;
+ 
+ 	debug_printf_parse("%s() term_tc(%x):", __func__, term_tc);
+ 	debug_parse_print_tc(term_tc);
+@@ -1363,11 +1364,12 @@ static node *parse_expr(uint32_t term_tc)
+ 	expected_tc = TS_OPERAND | TS_UOPPRE | TC_REGEXP | term_tc;
+ 
+ 	while (!((tc = next_token(expected_tc)) & term_tc)) {
++		node *vn;
+ 
+ 		if (glptr && (t_info == TI_LESS)) {
+ 			/* input redirection (<) attached to glptr node */
+ 			debug_printf_parse("%s: input redir\n", __func__);
+-			cn = glptr->l.n = new_node(OC_CONCAT | SS | P(37));
++			cn = glptr->l.n = new_node(OC_CONCAT | SS | PRECEDENCE(37));
+ 			cn->a.n = glptr;
+ 			expected_tc = TS_OPERAND | TS_UOPPRE;
+ 			glptr = NULL;
+@@ -1379,24 +1381,42 @@ static node *parse_expr(uint32_t term_tc)
+ 			 * previous operators with higher priority */
+ 			vn = cn;
+ 			while (((t_info & PRIMASK) > (vn->a.n->info & PRIMASK2))
+-			    || ((t_info == vn->info) && t_info == TI_COLON)
++			    || (t_info == vn->info && t_info == TI_COLON)
+ 			) {
+ 				vn = vn->a.n;
+ 				if (!vn->a.n) syntax_error(EMSG_UNEXP_TOKEN);
+ 			}
+ 			if (t_info == TI_TERNARY)
+ //TODO: why?
+-				t_info += P(6);
++				t_info += PRECEDENCE(6);
+ 			cn = vn->a.n->r.n = new_node(t_info);
+ 			cn->a.n = vn->a.n;
+ 			if (tc & TS_BINOP) {
+ 				cn->l.n = vn;
+-//FIXME: this is the place to detect and reject assignments to non-lvalues.
+-//Currently we allow "assignments" to consts and temporaries, nonsense like this:
+-// awk 'BEGIN { "qwe" = 1 }'
+-// awk 'BEGIN { 7 *= 7 }'
+-// awk 'BEGIN { length("qwe") = 1 }'
+-// awk 'BEGIN { (1+1) += 3 }'
++
++				/* Prevent:
++				 * awk 'BEGIN { "qwe" = 1 }'
++				 * awk 'BEGIN { 7 *= 7 }'
++				 * awk 'BEGIN { length("qwe") = 1 }'
++				 * awk 'BEGIN { (1+1) += 3 }'
++				 */
++				/* Assignment? (including *= and friends) */
++				if (((t_info & OPCLSMASK) == OC_MOVE)
++				 || ((t_info & OPCLSMASK) == OC_REPLACE)
++				) {
++					debug_printf_parse("%s: MOVE/REPLACE vn->info:%08x\n", __func__, vn->info);
++					/* Left side is a (variable or array element)
++					 * or function argument
++					 * or $FIELD ?
++					 */
++					if ((vn->info & OPCLSMASK) != OC_VAR
++					 && (vn->info & OPCLSMASK) != OC_FNARG
++					 && (vn->info & OPCLSMASK) != OC_FIELD
++					) {
++						syntax_error(EMSG_UNEXP_TOKEN); /* no. bad */
++					}
++				}
++
+ 				expected_tc = TS_OPERAND | TS_UOPPRE | TC_REGEXP;
+ 				if (t_info == TI_PGETLINE) {
+ 					/* it's a pipe */
+@@ -1432,6 +1452,8 @@ static node *parse_expr(uint32_t term_tc)
+ 		/* one should be very careful with switch on tclass -
+ 		 * only simple tclasses should be used (TC_xyz, not TS_xyz) */
+ 		switch (tc) {
++			var *v;
++
+ 		case TC_VARIABLE:
+ 		case TC_ARRAY:
+ 			debug_printf_parse("%s: TC_VARIABLE | TC_ARRAY\n", __func__);
+@@ -1452,14 +1474,14 @@ static node *parse_expr(uint32_t term_tc)
+ 		case TC_NUMBER:
+ 		case TC_STRING:
+ 			debug_printf_parse("%s: TC_NUMBER | TC_STRING\n", __func__);
+-			cn->info = OC_VAR;
++			cn->info = OC_CONST;
+ 			v = cn->l.v = xzalloc(sizeof(var));
+-			if (tc & TC_NUMBER)
++			if (tc & TC_NUMBER) {
+ 				setvar_i(v, t_double);
+-			else {
++			 } else {
+ 				setvar_s(v, t_string);
+-				expected_tc &= ~TC_UOPPOST; /* "str"++ is not allowed */
+ 			}
++			expected_tc &= ~TC_UOPPOST; /* NUM++, "str"++ not allowed */
+ 			break;
+ 
+ 		case TC_REGEXP:
+@@ -3107,6 +3129,8 @@ static var *evaluate(node *op, var *res)
+ 
+ 		/* -- recursive node type -- */
+ 
++		case XC( OC_CONST ):
++			debug_printf_eval("CONST ");
+ 		case XC( OC_VAR ):
+ 			debug_printf_eval("VAR\n");
+ 			L.v = op->l.v;
+diff --git a/testsuite/awk.tests b/testsuite/awk.tests
+index ddc51047b..a78fdcd98 100755
+--- a/testsuite/awk.tests
++++ b/testsuite/awk.tests
+@@ -540,4 +540,9 @@ testing 'awk assign while assign' \
+ │    trim/eff : 57.02%/26, 0.00%                     │          [cpu000:100%]
+ └────────────────────────────────────────────────────┘^C"
+ 
++testing "awk = has higher precedence than == (despite what gawk manpage claims)" \
++	"awk 'BEGIN { v=1; print 2==v; print 2==v=2; print v; print v=3==3; print v}'" \
++	'0\n1\n2\n1\n3\n' \
++	'' ''
++
+ exit $FAILCOUNT
+-- 
+2.47.1
+

package/busybox/0014-awk-fix-ternary-operator-and-precedence-of.patch

@@ -0,0 +1,102 @@
+From 173164c6b2f2ad17dd14d3a43e5bff47abde7199 Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Tue, 21 May 2024 14:46:08 +0200
+Subject: [PATCH] awk: fix ternary operator and precedence of =
+
+Adjust the = precedence test to match behavior of gawk, mawk and
+FreeBSD.  awk 'BEGIN {print v=3==3; print v}' should print two '1'.
+
+To fix this, and to unbreak the ternary conditional operator, we restore
+the precedence of = in the token list, but override this with a lower
+priority when the assignment is on the right side of a compare.
+
+This fixes commit 0256e00a9d07 (awk: fix precedence of = relative to ==) [1]
+
+CVE: CVE-2023-42364 CVE-2023-42365
+
+Upstream-Status: Submitted [http://lists.busybox.net/pipermail/busybox/2024-May/090766.html]
+
+[1] https://bugs.busybox.net/show_bug.cgi?id=15871#c6
+
+Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
+(cherry picked from commit 1714301c405ef03b39605c85c23f22a190cddd95)
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+[Thomas: taken from https://git.openembedded.org/openembedded-core/tree/meta/recipes-core/busybox/busybox/0002-awk-fix-ternary-operator-and-precedence-of.patch?id=e0ff4813b1cf4df0d851c857d57fb88d7db51bdd]
+Upstream: https://git.busybox.net/busybox/commit/?id=38335df9e9f45378c3407defd38b5b610578bdda
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+---
+ editors/awk.c       | 18 ++++++++++++++----
+ testsuite/awk.tests |  9 +++++++--
+ 2 files changed, 21 insertions(+), 6 deletions(-)
+
+diff --git a/editors/awk.c b/editors/awk.c
+index 5962c3f6a..9467f4644 100644
+--- a/editors/awk.c
++++ b/editors/awk.c
+@@ -442,9 +442,10 @@ static const uint32_t tokeninfo[] ALIGN4 = {
+ #define TI_PREINC (OC_UNARY|xV|P(9)|'P')
+ #define TI_PREDEC (OC_UNARY|xV|P(9)|'M')
+ 	TI_PREINC,               TI_PREDEC,               OC_FIELD|xV|P(5),
+-	OC_COMPARE|VV|P(39)|5,   OC_MOVE|VV|P(38),        OC_REPLACE|NV|P(38)|'+', OC_REPLACE|NV|P(38)|'-',
+-	OC_REPLACE|NV|P(38)|'*', OC_REPLACE|NV|P(38)|'/', OC_REPLACE|NV|P(38)|'%', OC_REPLACE|NV|P(38)|'&',
+-	OC_BINARY|NV|P(29)|'+',  OC_BINARY|NV|P(29)|'-',  OC_REPLACE|NV|P(38)|'&', OC_BINARY|NV|P(15)|'&',
++#define TI_ASSIGN (OC_MOVE|VV|P(74))
++	OC_COMPARE|VV|P(39)|5,   TI_ASSIGN,               OC_REPLACE|NV|P(74)|'+', OC_REPLACE|NV|P(74)|'-',
++	OC_REPLACE|NV|P(74)|'*', OC_REPLACE|NV|P(74)|'/', OC_REPLACE|NV|P(74)|'%', OC_REPLACE|NV|P(74)|'&',
++	OC_BINARY|NV|P(29)|'+',  OC_BINARY|NV|P(29)|'-',  OC_REPLACE|NV|P(74)|'&', OC_BINARY|NV|P(15)|'&',
+ 	OC_BINARY|NV|P(25)|'/',  OC_BINARY|NV|P(25)|'%',  OC_BINARY|NV|P(15)|'&',  OC_BINARY|NV|P(25)|'*',
+ 	OC_COMPARE|VV|P(39)|4,   OC_COMPARE|VV|P(39)|3,   OC_COMPARE|VV|P(39)|0,   OC_COMPARE|VV|P(39)|1,
+ #define TI_LESS     (OC_COMPARE|VV|P(39)|2)
+@@ -1376,11 +1377,19 @@ static node *parse_expr(uint32_t term_tc)
+ 			continue;
+ 		}
+ 		if (tc & (TS_BINOP | TC_UOPPOST)) {
++			int prio;
+ 			debug_printf_parse("%s: TS_BINOP | TC_UOPPOST tc:%x\n", __func__, tc);
+ 			/* for binary and postfix-unary operators, jump back over
+ 			 * previous operators with higher priority */
+ 			vn = cn;
+-			while (((t_info & PRIMASK) > (vn->a.n->info & PRIMASK2))
++			/* Let assignment get higher priority when used on right
++			 * side in compare. i.e: 2==v=3 */
++			if (t_info == TI_ASSIGN && (vn->a.n->info & OPCLSMASK) == OC_COMPARE) {
++				prio = PRECEDENCE(38);
++			} else {
++				prio = (t_info & PRIMASK);
++			}
++			while ((prio > (vn->a.n->info & PRIMASK2))
+ 			    || (t_info == vn->info && t_info == TI_COLON)
+ 			) {
+ 				vn = vn->a.n;
+@@ -1412,6 +1421,7 @@ static node *parse_expr(uint32_t term_tc)
+ 					if ((vn->info & OPCLSMASK) != OC_VAR
+ 					 && (vn->info & OPCLSMASK) != OC_FNARG
+ 					 && (vn->info & OPCLSMASK) != OC_FIELD
++					 && (vn->info & OPCLSMASK) != OC_COMPARE
+ 					) {
+ 						syntax_error(EMSG_UNEXP_TOKEN); /* no. bad */
+ 					}
+diff --git a/testsuite/awk.tests b/testsuite/awk.tests
+index a78fdcd98..d2706dea9 100755
+--- a/testsuite/awk.tests
++++ b/testsuite/awk.tests
+@@ -540,9 +540,14 @@ testing 'awk assign while assign' \
+ │    trim/eff : 57.02%/26, 0.00%                     │          [cpu000:100%]
+ └────────────────────────────────────────────────────┘^C"
+ 
+-testing "awk = has higher precedence than == (despite what gawk manpage claims)" \
++testing "awk = has higher precedence than == on right side" \
+ 	"awk 'BEGIN { v=1; print 2==v; print 2==v=2; print v; print v=3==3; print v}'" \
+-	'0\n1\n2\n1\n3\n' \
++	'0\n1\n2\n1\n1\n' \
++	'' ''
++
++testing 'awk ternary precedence' \
++	"awk 'BEGIN { a = 0 ? \"yes\": \"no\"; print a }'" \
++	'no\n' \
+ 	'' ''
+ 
+ exit $FAILCOUNT
+-- 
+2.47.1
+

package/busybox/0015-awk.c-fix-CVE-2023-42366-bug-15874.patch

@@ -0,0 +1,43 @@
+From 54e64812090f58cffca08fcf11d2dbc471c964e1 Mon Sep 17 00:00:00 2001
+From: Valery Ushakov <uwe@stderr.spb.ru>
+Date: Wed, 24 Jan 2024 22:24:41 +0300
+Subject: [PATCH] awk.c: fix CVE-2023-42366 (bug #15874)
+
+Make sure we don't read past the end of the string in next_token()
+when backslash is the last character in an (invalid) regexp.
+a fix and issue reported in bugzilla
+
+https://bugs.busybox.net/show_bug.cgi?id=15874
+
+Upstream-Status: Submitted [http://lists.busybox.net/pipermail/busybox/2024-May/090766.html]
+
+CVE: CVE-2023-42366
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+[Thomas: https://git.openembedded.org/openembedded-core/tree/meta/recipes-core/busybox/busybox/0001-awk.c-fix-CVE-2023-42366-bug-15874.patch?id=e0ff4813b1cf4df0d851c857d57fb88d7db51bdd]
+Upstream: http://lists.busybox.net/pipermail/busybox/2024-May/090766.html
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+---
+ editors/awk.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/editors/awk.c b/editors/awk.c
+index 9467f4644..947195333 100644
+--- a/editors/awk.c
++++ b/editors/awk.c
+@@ -1168,9 +1168,11 @@ static uint32_t next_token(uint32_t expected)
+ 					s[-1] = bb_process_escape_sequence((const char **)&pp);
+ 					if (*p == '\\')
+ 						*s++ = '\\';
+-					if (pp == p)
++					if (pp == p) {
++						if (*p == '\0')
++							syntax_error(EMSG_UNEXP_EOS);
+ 						*s++ = *p++;
+-					else
++					} else
+ 						p = pp;
+ 				}
+ 			}
+-- 
+2.47.1
+

package/busybox/0016-hwclock-Check-for-SYS_settimeofday-before-calling-sy.patch

@@ -0,0 +1,54 @@
+From a378cd9c3a022500d7feaefb4e3bb43fdd789131 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Sun, 7 Mar 2021 17:30:24 -0800
+Subject: [PATCH] hwclock: Check for SYS_settimeofday before calling syscall
+
+Some newer architectures e.g. RISCV32 have 64bit time_t from get go and
+thusly do not have gettimeofday_time64/settimeofday_time64 implemented
+therefore check for SYS_settimeofday definition before making the
+syscall. Fixes build for riscv32 and it will bail out at runtime.
+
+Upstream-Status: Submitted [http://lists.busybox.net/pipermail/busybox/2021-March/088583.html]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Upstream: http://lists.busybox.net/pipermail/busybox/2021-March/088583.html
+[Thomas: this issue has been discussed on the musl mailing list, and
+the musl developers' opinion is that Busybox is wrong:
+https://www.openwall.com/lists/musl/2024/03/03/2
+https://www.openwall.com/lists/musl/2024/04/07/2. The correct fix
+isn't clear, and in the mean time, the patch from Khem turns the build
+issue into a runtime error only on the problematic architecture, which
+seems like a reasonable trade-off]
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+---
+ util-linux/hwclock.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/util-linux/hwclock.c b/util-linux/hwclock.c
+index 723b09589..b9faaabbc 100644
+--- a/util-linux/hwclock.c
++++ b/util-linux/hwclock.c
+@@ -131,6 +131,7 @@ static void show_clock(const char **pp_rtcname, int utc)
+ 
+ static void set_kernel_tz(const struct timezone *tz)
+ {
++	int ret = 1;
+ #if LIBC_IS_MUSL
+ 	/* musl libc does not pass tz argument to syscall
+ 	 * because "it's deprecated by POSIX, therefore it's fine
+@@ -139,9 +140,11 @@ static void set_kernel_tz(const struct timezone *tz)
+ #if !defined(SYS_settimeofday) && defined(SYS_settimeofday_time32)
+ # define SYS_settimeofday SYS_settimeofday_time32
+ #endif
+-	int ret = syscall(SYS_settimeofday, NULL, tz);
++#if defined(SYS_settimeofday)
++	ret = syscall(SYS_settimeofday, NULL, tz);
++#endif
+ #else
+-	int ret = settimeofday(NULL, tz);
++	ret = settimeofday(NULL, tz);
+ #endif
+ 	if (ret)
+ 		bb_simple_perror_msg_and_die("settimeofday");
+-- 
+2.48.1
+

package/busybox/busybox.mk

@@ -15,6 +15,16 @@ BUSYBOX_CPE_ID_VENDOR = busybox
 # 0004-nslookup-sanitize-all-printed-strings-with-printable.patch
 BUSYBOX_IGNORE_CVES += CVE-2022-28391
 
+# 0012-awk-fix-use-after-free-CVE-2023-42363.patch
+BUSYBOX_IGNORE_CVES += CVE-2023-42363
+
+# 0013-awk-fix-precedence-of-relative-to.patch
+# 0014-awk-fix-ternary-operator-and-precedence-of.patch
+BUSYBOX_IGNORE_CVES += CVE-2023-42364 CVE-2023-42365
+
+# 0015-awk.c-fix-CVE-2023-42366-bug-15874.patch
+BUSYBOX_IGNORE_CVES += CVE-2023-42366
+
 BUSYBOX_CFLAGS = \
 	$(TARGET_CFLAGS)
 

package/c-icap/0002-Fix-compile-warning-about-missing-stdio.h-include-fi.patch

@@ -0,0 +1,25 @@
+From ae8a1bc4979c797bb1f152fc92cfe6bc05a44594 Mon Sep 17 00:00:00 2001
+From: Christos Tsantilas <christos@chtsanti.net>
+Date: Tue, 20 Nov 2018 17:10:16 +0200
+Subject: [PATCH] Fix compile warning about missing stdio.h include file
+
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+Upstream: https://github.com/c-icap/c-icap-server/commit/ae8a1bc4979c797bb1f152fc92cfe6bc05a44594
+---
+ tests/test_base64.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/tests/test_base64.c b/tests/test_base64.c
+index 8a4a76c..7692197 100644
+--- a/tests/test_base64.c
++++ b/tests/test_base64.c
+@@ -1,5 +1,6 @@
+ #include "common.h"
+ #include "simple_api.h"
++#include <stdio.h>
+ 
+ 
+ int main(int argc, char *argv[])
+-- 
+2.47.1
+

package/c-icap/Config.in

@@ -3,6 +3,9 @@ config BR2_PACKAGE_C_ICAP
 	depends on !BR2_STATIC_LIBS
 	depends on BR2_TOOLCHAIN_HAS_THREADS
 	depends on BR2_USE_MMU # fork()
+	# the libmemcached code uses <crypt.h>
+	select BR2_PACKAGE_LIBXCRYPT if \
+	       BR2_PACKAGE_LIBMEMCACHED && BR2_TOOLCHAIN_USES_GLIBC
 	help
 	  c-icap is an implementation of an ICAP server. It can be
 	  used with HTTP proxies that support the ICAP protocol to

package/c-icap/c-icap.mk

@@ -43,7 +43,7 @@ endif
 
 ifeq ($(BR2_PACKAGE_LIBMEMCACHED),y)
 C_ICAP_CONF_OPTS += --with-memcached
-C_ICAP_DEPENDENCIES += libmemcached
+C_ICAP_DEPENDENCIES += libmemcached $(if $(BR2_PACKAGE_LIBXCRYPT),libxcrypt)
 else
 C_ICAP_CONF_OPTS += --without-memcached
 endif

package/clamav/clamav.hash

@@ -1,5 +1,5 @@
 # Locally calculated
-sha256  f4d67240a8b2e882e18f864529040084617de066cdab9b7684951ace6ea6f3cf  clamav-1.0.7.tar.gz
+sha256  4783f2ab3fc323a887c117c672dc0b4e7ace72d76f8c06e990bd49c3ef58f10a  clamav-1.0.8.tar.gz
 sha256  0c4fd2fa9733fc9122503797648710851e4ee6d9e4969dd33fcbd8c63cd2f584  COPYING.txt
 sha256  d72a145c90918184a05ef65a04c9e6f7466faa59bc1b82c8f6a8ddc7ddcb9bed  COPYING/COPYING.bzip2
 sha256  dfb818a0d41411c6fb1c193c68b73018ceadd1994bda41ad541cbff292894bc6  COPYING/COPYING.file

package/clamav/clamav.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-CLAMAV_VERSION = 1.0.7
+CLAMAV_VERSION = 1.0.8
 CLAMAV_SITE = https://www.clamav.net/downloads/production
 CLAMAV_LICENSE = GPL-2.0
 CLAMAV_LICENSE_FILES = \

package/cryptodev-linux/cryptodev-linux.mk

@@ -21,7 +21,7 @@ define CRYPTODEV_LINUX_INSTALL_STAGING_CMDS
 		$(STAGING_DIR)/usr/include/crypto/cryptodev.h
 endef
 
-define CRYPTODEV_LINUX_CONFIG_FIXUPS
+define CRYPTODEV_LINUX_LINUX_CONFIG_FIXUPS
 	$(call KCONFIG_ENABLE_OPT,CONFIG_CRYPTO)
 	$(call KCONFIG_ENABLE_OPT,CONFIG_CRYPTO_USER_API_AEAD)
 endef

package/curlpp/0001-fix-invalid-conversion.patch

@@ -0,0 +1,27 @@
+From b945d57a5acd12bda320a63eb9e45bbb7586cdde Mon Sep 17 00:00:00 2001
+From: Aaron Smith <aaron@soccergeek.net>
+Date: Mon, 16 Dec 2024 11:48:33 -0800
+Subject: [PATCH] Fix "invalid conversion from 'int' to 'CURLoption'" error
+
+Use cast to 'Curloption' to fix compiler error regarding invalid conversion from 'int' to 'CURLoption'.
+
+Upstream: https://github.com/jpbarrette/curlpp/pull/178
+Signed-off-by: Thomas Bonnefille <thomas.bonnefille@bootlin.com>
+---
+ include/curlpp/Options.hpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/include/curlpp/Options.hpp b/include/curlpp/Options.hpp
+index 40b64ed..292eaa7 100644
+--- a/include/curlpp/Options.hpp
++++ b/include/curlpp/Options.hpp
+@@ -308,7 +308,7 @@ namespace options
+ 	typedef curlpp::OptionTrait<long, CURLOPT_LOW_SPEED_LIMIT> LowSpeedLimit;
+ 	typedef curlpp::OptionTrait<long, CURLOPT_LOW_SPEED_TIME> LowSpeedTime;
+ 	typedef curlpp::OptionTrait<long, CURLOPT_MAXCONNECTS> MaxConnects;
+-	typedef curlpp::OptionTrait<curl_closepolicy, CURLOPT_CLOSEPOLICY> ClosePolicy;
++	typedef curlpp::OptionTrait<curl_closepolicy, (CURLoption)CURLOPT_CLOSEPOLICY> ClosePolicy;
+ 	typedef curlpp::OptionTrait<bool, CURLOPT_FRESH_CONNECT> FreshConnect;
+ 	typedef curlpp::OptionTrait<bool, CURLOPT_FORBID_REUSE> ForbidReuse;
+ 	typedef curlpp::OptionTrait<long, CURLOPT_CONNECTTIMEOUT> ConnectTimeout;
+

package/dahdi-linux/0003-xpp-sysfs-Use-const-struct-device_device-if-needed.patch

@@ -0,0 +1,82 @@
+From ce9de5d1bf9d21c088b01ce9da6f7ff02b0d863d Mon Sep 17 00:00:00 2001
+From: InterLinked1 <24227567+InterLinked1@users.noreply.github.com>
+Date: Mon, 23 Sep 2024 08:04:54 -0400
+Subject: [PATCH] xpp, sysfs: Use const struct device_device if needed.
+
+Kernel commit d69d804845985c29ab5be5a4b3b1f4787893daf8
+changed struct device_driver to be const, so make the
+arguments const on kernels 6.11 and newer.
+
+Resolves: #63
+
+Upstream: https://github.com/asterisk/dahdi-linux/pull/64
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ drivers/dahdi/dahdi-sysfs-chan.c | 4 ++++
+ drivers/dahdi/dahdi-sysfs.c      | 4 ++++
+ drivers/dahdi/xpp/xbus-sysfs.c   | 8 ++++++++
+ 3 files changed, 16 insertions(+)
+
+diff --git a/drivers/dahdi/dahdi-sysfs-chan.c b/drivers/dahdi/dahdi-sysfs-chan.c
+index 09d7317..35b7bd4 100644
+--- a/drivers/dahdi/dahdi-sysfs-chan.c
++++ b/drivers/dahdi/dahdi-sysfs-chan.c
+@@ -220,7 +220,11 @@ static void chan_release(struct device *dev)
+ 	chan_dbg(DEVICES, chan, "SYSFS\n");
+ }
+ 
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 11, 0)
++static int chan_match(struct device *dev, const struct device_driver *driver)
++#else
+ static int chan_match(struct device *dev, struct device_driver *driver)
++#endif /* LINUX_VERSION_CODE */
+ {
+ 	struct dahdi_chan *chan;
+ 
+diff --git a/drivers/dahdi/dahdi-sysfs.c b/drivers/dahdi/dahdi-sysfs.c
+index 7477ebc..246514c 100644
+--- a/drivers/dahdi/dahdi-sysfs.c
++++ b/drivers/dahdi/dahdi-sysfs.c
+@@ -42,7 +42,11 @@ module_param(tools_rootdir, charp, 0444);
+ MODULE_PARM_DESC(tools_rootdir,
+ 		"root directory of all tools paths (default /)");
+ 
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 11, 0)
++static int span_match(struct device *dev, const struct device_driver *driver)
++#else
+ static int span_match(struct device *dev, struct device_driver *driver)
++#endif /* LINUX_VERSION_CODE */
+ {
+ 	return 1;
+ }
+diff --git a/drivers/dahdi/xpp/xbus-sysfs.c b/drivers/dahdi/xpp/xbus-sysfs.c
+index 177048b..f78a15e 100644
+--- a/drivers/dahdi/xpp/xbus-sysfs.c
++++ b/drivers/dahdi/xpp/xbus-sysfs.c
+@@ -397,7 +397,11 @@ static struct attribute *xbus_dev_attrs[] = {
+ ATTRIBUTE_GROUPS(xbus_dev);
+ #endif
+ 
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 11, 0)
++static int astribank_match(struct device *dev, const struct device_driver *driver)
++#else
+ static int astribank_match(struct device *dev, struct device_driver *driver)
++#endif /* LINUX_VERSION_CODE */
+ {
+ 	DBG(DEVICES, "SYSFS MATCH: dev->bus_id = %s, driver->name = %s\n",
+ 	    dev_name(dev), driver->name);
+@@ -771,7 +775,11 @@ static DEVICE_ATTR_READER(refcount_xpd_show, dev, buf)
+ 	return len;
+ }
+ 
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 11, 0)
++static int xpd_match(struct device *dev, const struct device_driver *driver)
++#else
+ static int xpd_match(struct device *dev, struct device_driver *driver)
++#endif /* LINUX_VERSION_CODE */
+ {
+ 	struct xpd_driver *xpd_driver;
+ 	xpd_t *xpd;
+-- 
+2.39.5
+

package/dillo/Config.in

@@ -12,7 +12,7 @@ config BR2_PACKAGE_DILLO
 
 	  Enable openssl package to gain https support.
 
-	  http://www.dillo.org
+	  https://dillo-browser.github.io/
 
 comment "dillo needs a toolchain w/ C++"
 	depends on BR2_PACKAGE_XORG7 && BR2_USE_MMU

package/dillo/dillo.mk

@@ -6,7 +6,7 @@
 
 DILLO_VERSION = 3.0.5
 DILLO_SOURCE = dillo-$(DILLO_VERSION).tar.bz2
-DILLO_SITE = http://www.dillo.org/download
+DILLO_SITE = https://github.com/dillo-browser/dillo/releases/download/v$(DILLO_VERSION)/
 DILLO_LICENSE = GPL-3.0+
 DILLO_LICENSE_FILES = COPYING
 # configure.ac gets patched, so autoreconf is necessary

package/dmraid/0001-fix-compilation-under-musl.patch

@@ -8,7 +8,7 @@ Patch borrowed from Void Linux :
 https://github.com/voidlinux/void-packages/blob/master/srcpkgs/dmraid/patches/25_musl-libc.patch
 
 Upstream package appears dormant, no mailing list and no
-maintainence releases since Nov 2010.
+maintenance releases since Nov 2010.
 
 Upstream-Status: dormant
 Signed-off-by: Brendan Heading <brendanheading@gmail.com>

package/dpdk/dpdk.hash

@@ -1,5 +1,5 @@
 # Locally computed
-sha256  9944f7e5f268e7ac9b4193e2cd54ef6d98f6e1d7dddc967c77ae4f6616d6fbbd  dpdk-24.07.tar.xz
+sha256  bcae7d42c449fc456dfb279feabcbe0599a29bebb2fe2905761e187339d96b8e  dpdk-24.11.1.tar.xz
 sha256  9acc4bc871a4742550158e3696dcb381953172ef808d04ca248184f9f6322712  license/bsd-3-clause.txt
 sha256  e19808bccd90c238fac06da2fc3683e094c64f7ba647e9d86f03a98cf5f2ce05  license/exceptions.txt
 sha256  6c54c4d44faf3cba829b3d0c21c6955953e758767018fd7244f809b01d4f4845  license/mit.txt

package/dpdk/dpdk.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DPDK_VERSION = 24.07
+DPDK_VERSION = 24.11.1
 DPDK_SOURCE = dpdk-$(DPDK_VERSION).tar.xz
 DPDK_SITE = https://fast.dpdk.org/rel
 DPDK_LICENSE = \

package/elfutils/0003-Add-helper-function-for-basename.patch

@@ -0,0 +1,358 @@
+From 2296679efa547104ea52bf60cdda19e07c8d1e26 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Sun, 10 Dec 2023 12:20:33 -0800
+Subject: [PATCH] Add helper function for basename
+
+musl does not provide GNU version of basename and lately have removed
+the definiton from string.h [1] which exposes this problem. It can be
+made to work by providing a local implementation of basename which
+implements the GNU basename behavior, this makes it work across C
+libraries which have POSIX implementation only.
+
+[1] https://git.musl-libc.org/cgit/musl/commit/?id=725e17ed6dff4d0cd22487bb64470881e86a92e7
+
+    * lib/system.h (xbasename): New static inline functions.
+    Poison basename.
+    * libdw/dwarf_getsrc_file.c (dwarf_getsrc_file): Use xbasename.
+    * libdwfl/core-file.c (dwfl_core_file_report): Likewise.
+    * libdwfl/dwfl_module_getsrc_file.c (dwfl_module_getsrc_file):
+    Likewise.
+    * libdwfl/dwfl_segment_report_module.c (dwfl_segment_report_module):
+    Likewise.
+    * libdwfl/find-debuginfo.c (find_debuginfo_in_path): Likewise.
+    * libdwfl/link_map.c (report_r_debug): Likewise.
+    * libdwfl/linux-kernel-modules.c (try_kernel_name): Likewise.
+    * src/addr2line.c (print_dwarf_function): Likewise.
+    (print_src): Likewise.
+    * src/ar.c (do_oper_insert): Likewise.
+    And cast away const in entry.key assignment.
+    * src/nm.c (show_symbols): Use xbasename.
+    * src/stack.c (module_callback): Likewise.
+    * src/strip.c (handle_elf): Likewise.
+    * tests/show-die-info.c: Include system.h.
+    (dwarf_tag_string): Use xbasename.
+    * tests/varlocs.c: Likewise.
+    * debuginfod/debuginfod.cxx: Move include system.h to the end.
+    (register_file_name): Rename basename to filename.
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Signed-off-by: Mark Wielaard <mark@klomp.org>
+Upstream: https://sourceware.org/git/?p=elfutils.git;a=commit;h=a2194f6b305bf0d0b9dd49dccd0a5c21994c8eea
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+---
+ debuginfod/debuginfod.cxx            | 10 ++++++++--
+ lib/system.h                         | 14 ++++++++++++++
+ libdw/dwarf_getsrc_file.c            |  2 +-
+ libdwfl/core-file.c                  |  2 +-
+ libdwfl/dwfl_module_getsrc_file.c    |  2 +-
+ libdwfl/dwfl_segment_report_module.c |  2 +-
+ libdwfl/find-debuginfo.c             |  6 +++---
+ libdwfl/link_map.c                   |  2 +-
+ libdwfl/linux-kernel-modules.c       |  2 +-
+ src/addr2line.c                      |  4 ++--
+ src/ar.c                             |  4 ++--
+ src/nm.c                             |  4 ++--
+ src/stack.c                          |  2 +-
+ src/strip.c                          |  2 +-
+ tests/show-die-info.c                |  3 ++-
+ tests/varlocs.c                      |  2 +-
+ 16 files changed, 42 insertions(+), 21 deletions(-)
+
+diff --git a/debuginfod/debuginfod.cxx b/debuginfod/debuginfod.cxx
+index 99b1f2b9..3b69a621 100644
+--- a/debuginfod/debuginfod.cxx
++++ b/debuginfod/debuginfod.cxx
+@@ -44,10 +44,11 @@ extern "C" {
+ }
+ #endif
+ 
++#ifdef HAVE_EXECINFO_H
+ extern "C" {
+-#include "printversion.h"
+-#include "system.h"
++#include <execinfo.h>
+ }
++#endif
+ 
+ #include "debuginfod.h"
+ #include <dwarf.h>
+@@ -127,6 +128,11 @@ using namespace std;
+ #define tid() pthread_self()
+ #endif
+ 
++extern "C" {
++#include "printversion.h"
++#include "system.h"
++}
++
+ 
+ inline bool
+ string_endswith(const string& haystack, const string& needle)
+diff --git a/lib/system.h b/lib/system.h
+index 1c914efc..0db12d99 100644
+--- a/lib/system.h
++++ b/lib/system.h
+@@ -1,6 +1,7 @@
+ /* Declarations for common convenience functions.
+    Copyright (C) 2006-2011 Red Hat, Inc.
+    Copyright (C) 2022 Mark J. Wielaard <mark@klomp.org>
++   Copyright (C) 2023 Khem Raj.
+    This file is part of elfutils.
+ 
+    This file is free software; you can redistribute it and/or modify
+@@ -211,4 +212,17 @@ extern char *__cxa_demangle (const char *mangled_name, char *output_buffer,
+   extern int never_defined_just_used_for_checking[(expr) ? 1 : -1]	\
+     __attribute__ ((unused))
+ 
++/* We really want a basename implementation that doesn't modify the
++   input argument.  Normally you get that from string.h with _GNU_SOURCE
++   define.  But some libc implementations don't define it and other
++   define it, but provide an implementation that still modifies the
++   argument.  So define our own and poison a bare basename symbol.  */
++static inline const char *
++xbasename(const char *s)
++{
++  const char *p = strrchr(s, '/');
++  return p ? p+1 : s;
++}
++#pragma GCC poison basename
++
+ #endif /* system.h */
+diff --git a/libdw/dwarf_getsrc_file.c b/libdw/dwarf_getsrc_file.c
+index 5289c7da..03da431c 100644
+--- a/libdw/dwarf_getsrc_file.c
++++ b/libdw/dwarf_getsrc_file.c
+@@ -98,7 +98,7 @@ dwarf_getsrc_file (Dwarf *dbg, const char *fname, int lineno, int column,
+ 	      /* Match the name with the name the user provided.  */
+ 	      const char *fname2 = line->files->info[lastfile].name;
+ 	      if (is_basename)
+-		lastmatch = strcmp (basename (fname2), fname) == 0;
++		lastmatch = strcmp (xbasename (fname2), fname) == 0;
+ 	      else
+ 		lastmatch = strcmp (fname2, fname) == 0;
+ 	    }
+diff --git a/libdwfl/core-file.c b/libdwfl/core-file.c
+index 87c940cb..89527d23 100644
+--- a/libdwfl/core-file.c
++++ b/libdwfl/core-file.c
+@@ -595,7 +595,7 @@ dwfl_core_file_report (Dwfl *dwfl, Elf *elf, const char *executable)
+       if (! __libdwfl_dynamic_vaddr_get (module->elf, &file_dynamic_vaddr))
+ 	continue;
+       Dwfl_Module *mod;
+-      mod = __libdwfl_report_elf (dwfl, basename (module->name), module->name,
++      mod = __libdwfl_report_elf (dwfl, xbasename (module->name), module->name,
+ 				  module->fd, module->elf,
+ 				  module->l_ld - file_dynamic_vaddr,
+ 				  true, true);
+diff --git a/libdwfl/dwfl_module_getsrc_file.c b/libdwfl/dwfl_module_getsrc_file.c
+index 513af6b8..fc144225 100644
+--- a/libdwfl/dwfl_module_getsrc_file.c
++++ b/libdwfl/dwfl_module_getsrc_file.c
+@@ -103,7 +103,7 @@ dwfl_module_getsrc_file (Dwfl_Module *mod,
+ 		{
+ 		  /* Match the name with the name the user provided.  */
+ 		  lastfile = file;
+-		  lastmatch = !strcmp (is_basename ? basename (file) : file,
++		  lastmatch = !strcmp (is_basename ? xbasename (file) : file,
+ 				       fname);
+ 		}
+ 	    }
+diff --git a/libdwfl/dwfl_segment_report_module.c b/libdwfl/dwfl_segment_report_module.c
+index 3ef62a7d..d0df7100 100644
+--- a/libdwfl/dwfl_segment_report_module.c
++++ b/libdwfl/dwfl_segment_report_module.c
+@@ -718,7 +718,7 @@ dwfl_segment_report_module (Dwfl *dwfl, int ndx, const char *name,
+ 	      bias += fixup;
+ 	      if (module->name[0] != '\0')
+ 		{
+-		  name = basename (module->name);
++		  name = xbasename (module->name);
+ 		  name_is_final = true;
+ 		}
+ 	      break;
+diff --git a/libdwfl/find-debuginfo.c b/libdwfl/find-debuginfo.c
+index 7f7ab632..b358c774 100644
+--- a/libdwfl/find-debuginfo.c
++++ b/libdwfl/find-debuginfo.c
+@@ -164,7 +164,7 @@ find_debuginfo_in_path (Dwfl_Module *mod, const char *file_name,
+ {
+   bool cancheck = debuglink_crc != (GElf_Word) 0;
+ 
+-  const char *file_basename = file_name == NULL ? NULL : basename (file_name);
++  const char *file_basename = file_name == NULL ? NULL : xbasename (file_name);
+   char *localname = NULL;
+ 
+   /* We invent a debuglink .debug name if NULL, but then want to try the
+@@ -278,7 +278,7 @@ find_debuginfo_in_path (Dwfl_Module *mod, const char *file_name,
+ 	  else
+ 	    {
+ 	      subdir = NULL;
+-	      file = basename (debuglink_file);
++	      file = xbasename (debuglink_file);
+ 	    }
+ 	  try_file_basename = debuglink_null;
+ 	  break;
+@@ -306,7 +306,7 @@ find_debuginfo_in_path (Dwfl_Module *mod, const char *file_name,
+ 	    if (mod->dw != NULL && (p[0] == '\0' || p[0] == '/'))
+ 	      {
+ 		fd = try_open (&main_stat, dir, ".dwz",
+-			       basename (file), &fname);
++			       xbasename (file), &fname);
+ 		if (fd < 0)
+ 		  {
+ 		    if (errno != ENOENT && errno != ENOTDIR)
+diff --git a/libdwfl/link_map.c b/libdwfl/link_map.c
+index 06d85eb6..9d6b68c1 100644
+--- a/libdwfl/link_map.c
++++ b/libdwfl/link_map.c
+@@ -469,7 +469,7 @@ report_r_debug (uint_fast8_t elfclass, uint_fast8_t elfdata,
+ 		      if (r_debug_info_module == NULL)
+ 			{
+ 			  // XXX hook for sysroot
+-			  mod = __libdwfl_report_elf (dwfl, basename (name),
++			  mod = __libdwfl_report_elf (dwfl, xbasename (name),
+ 						      name, fd, elf, base,
+ 						      true, true);
+ 			  if (mod != NULL)
+diff --git a/libdwfl/linux-kernel-modules.c b/libdwfl/linux-kernel-modules.c
+index 58c0c417..e9faba26 100644
+--- a/libdwfl/linux-kernel-modules.c
++++ b/libdwfl/linux-kernel-modules.c
+@@ -116,7 +116,7 @@ try_kernel_name (Dwfl *dwfl, char **fname, bool try_debug)
+ 	/* Try the file's unadorned basename as DEBUGLINK_FILE,
+ 	   to look only for "vmlinux" files.  */
+ 	fd = INTUSE(dwfl_standard_find_debuginfo) (&fakemod, NULL, NULL, 0,
+-						   *fname, basename (*fname),
++						   *fname, xbasename (*fname),
+ 						   0, &fakemod.debug.name);
+ 
+       if (fakemod.debug.name != NULL)
+diff --git a/src/addr2line.c b/src/addr2line.c
+index d902d791..d87e5b45 100644
+--- a/src/addr2line.c
++++ b/src/addr2line.c
+@@ -385,7 +385,7 @@ print_dwarf_function (Dwfl_Module *mod, Dwarf_Addr addr)
+ 		  if (file == NULL)
+ 		    file = "???";
+ 		  else if (only_basenames)
+-		    file = basename (file);
++		    file = xbasename (file);
+ 		  else if (use_comp_dir && file[0] != '/')
+ 		    {
+ 		      const char *const *dirs;
+@@ -568,7 +568,7 @@ print_src (const char *src, int lineno, int linecol, Dwarf_Die *cu)
+   const char *comp_dir_sep = "";
+ 
+   if (only_basenames)
+-    src = basename (src);
++    src = xbasename (src);
+   else if (use_comp_dir && src[0] != '/')
+     {
+       Dwarf_Attribute attr;
+diff --git a/src/ar.c b/src/ar.c
+index 3bcb18fe..e6d6d58f 100644
+--- a/src/ar.c
++++ b/src/ar.c
+@@ -1133,7 +1133,7 @@ do_oper_insert (int oper, const char *arfname, char **argv, int argc,
+       for (int cnt = 0; cnt < argc; ++cnt)
+ 	{
+ 	  ENTRY entry;
+-	  entry.key = full_path ? argv[cnt] : basename (argv[cnt]);
++	  entry.key = full_path ? argv[cnt] : (char*)xbasename (argv[cnt]);
+ 	  entry.data = &argv[cnt];
+ 	  if (hsearch (entry, ENTER) == NULL)
+ 	    error_exit (errno, _("cannot insert into hash table"));
+@@ -1242,7 +1242,7 @@ do_oper_insert (int oper, const char *arfname, char **argv, int argc,
+       /* Open all the new files, get their sizes and add all symbols.  */
+       for (int cnt = 0; cnt < argc; ++cnt)
+ 	{
+-	  const char *bname = basename (argv[cnt]);
++	  const char *bname = xbasename (argv[cnt]);
+ 	  size_t bnamelen = strlen (bname);
+ 	  if (found[cnt] == NULL)
+ 	    {
+diff --git a/src/nm.c b/src/nm.c
+index fbdee8e1..3675f59b 100644
+--- a/src/nm.c
++++ b/src/nm.c
+@@ -1417,7 +1417,7 @@ show_symbols (int fd, Ebl *ebl, GElf_Ehdr *ehdr,
+ 			  int lineno;
+ 			  (void) dwarf_lineno (line, &lineno);
+ 			  const char *file = dwarf_linesrc (line, NULL, NULL);
+-			  file = (file != NULL) ? basename (file) : "???";
++			  file = (file != NULL) ? xbasename (file) : "???";
+ 			  int n;
+ 			  n = obstack_printf (&whereob, "%s:%d%c", file,
+ 					      lineno, '\0');
+@@ -1448,7 +1448,7 @@ show_symbols (int fd, Ebl *ebl, GElf_Ehdr *ehdr,
+ 		{
+ 		  /* We found the line.  */
+ 		  int n = obstack_printf (&whereob, "%s:%" PRIu64 "%c",
+-					  basename ((*found)->file),
++					  xbasename ((*found)->file),
+ 					  (*found)->lineno,
+ 					  '\0');
+ 		  sym_mem[nentries_used].where = obstack_finish (&whereob);
+diff --git a/src/stack.c b/src/stack.c
+index 534aa93c..f4c5ba8c 100644
+--- a/src/stack.c
++++ b/src/stack.c
+@@ -152,7 +152,7 @@ module_callback (Dwfl_Module *mod, void **userdata __attribute__((unused)),
+ 
+   int width = get_addr_width (mod);
+   printf ("0x%0*" PRIx64 "-0x%0*" PRIx64 " %s\n",
+-	  width, start, width, end, basename (name));
++	  width, start, width, end, xbasename (name));
+ 
+   const unsigned char *id;
+   GElf_Addr id_vaddr;
+diff --git a/src/strip.c b/src/strip.c
+index 2a2cc801..88977a5c 100644
+--- a/src/strip.c
++++ b/src/strip.c
+@@ -1800,7 +1800,7 @@ handle_elf (int fd, Elf *elf, const char *prefix, const char *fname,
+ 		      elf_errmsg (-1));
+ 	}
+ 
+-      char *debug_basename = basename (debug_fname_embed ?: debug_fname);
++      const char *debug_basename = xbasename (debug_fname_embed ?: debug_fname);
+       off_t crc_offset = strlen (debug_basename) + 1;
+       /* Align to 4 byte boundary */
+       crc_offset = ((crc_offset - 1) & ~3) + 4;
+diff --git a/tests/show-die-info.c b/tests/show-die-info.c
+index 1a3191cd..bda459a5 100644
+--- a/tests/show-die-info.c
++++ b/tests/show-die-info.c
+@@ -27,6 +27,7 @@
+ #include <unistd.h>
+ 
+ #include "../libdw/known-dwarf.h"
++#include "../lib/system.h"
+ 
+ static const char *
+ dwarf_tag_string (unsigned int tag)
+@@ -318,7 +319,7 @@ main (int argc, char *argv[])
+       int fd = open (argv[cnt], O_RDONLY);
+       Dwarf *dbg;
+ 
+-      printf ("file: %s\n", basename (argv[cnt]));
++      printf ("file: %s\n", xbasename (argv[cnt]));
+ 
+       dbg = dwarf_begin (fd, DWARF_C_READ);
+       if (dbg == NULL)
+diff --git a/tests/varlocs.c b/tests/varlocs.c
+index 8e563fd3..1004f969 100644
+--- a/tests/varlocs.c
++++ b/tests/varlocs.c
+@@ -1120,7 +1120,7 @@ main (int argc, char *argv[])
+ 
+ 	  const char *name = (modname[0] != '\0'
+ 			      ? modname
+-			      :  basename (mainfile));
++			      :  xbasename (mainfile));
+ 	  printf ("module '%s'\n", name);
+ 	  print_die (&cudie, "CU", 0);
+ 
+-- 
+2.48.1
+

package/elfutils/elfutils.mk

@@ -12,7 +12,7 @@ ELFUTILS_LICENSE = GPL-2.0+ or LGPL-3.0+ (library)
 ELFUTILS_LICENSE_FILES = COPYING COPYING-GPLV2 COPYING-LGPLV3
 ELFUTILS_CPE_ID_VALID = YES
 ELFUTILS_DEPENDENCIES = host-pkgconf zlib $(TARGET_NLS_DEPENDENCIES)
-HOST_ELFUTILS_DEPENDENCIES = host-pkgconf host-zlib host-bzip2 host-xz
+HOST_ELFUTILS_DEPENDENCIES = host-pkgconf host-zlib host-bzip2 host-xz host-zstd
 
 # We patch configure.ac
 ELFUTILS_AUTORECONF = YES
@@ -26,7 +26,7 @@ ELFUTILS_CONF_OPTS += \
 HOST_ELFUTILS_CONF_OPTS = \
 	--with-bzlib \
 	--with-lzma \
-	--without-zstd \
+	--with-zstd \
 	--disable-demangler \
 	--disable-progs
 

package/fakeroot/0001-Makefile.am-fix-parallel-build.patch

@@ -0,0 +1,97 @@
+From 29e9322e6a8238205780107e731a51b48845f9c7 Mon Sep 17 00:00:00 2001
+From: Julien Olivain <ju.o@free.fr>
+Date: Mon, 10 Feb 2025 22:59:04 +0100
+Subject: [PATCH] Makefile.am: fix parallel build
+
+When building fakeroot on host with large number of CPUs, compilation
+can randomly fail. Failures were observed on hosts with 24 CPUs.
+
+Build logs show errors such as:
+
+    make -j$(nproc)
+    ...
+    awk -f ./wrapawk < ./wrapfunc.inp
+    awk -f ./wrapawk < ./wrapfunc.inp
+    ...
+    In file included from libfakeroot.c:265:
+    wraptmpf.h:607: error: unterminated #ifdef
+      607 | #ifdef __APPLE__
+          |
+    wraptmpf.h:601: error: unterminated #ifdef
+      601 | #ifdef HAVE_FTS_CHILDREN
+          |
+    wraptmpf.h:2: error: unterminated #ifndef
+        2 | #ifndef WRAPTMPF_H
+          |
+    ...
+
+The issue was observed in the builders of Buildroot Linux [1], which
+is using fakeroot. Examples of build failures are [2], [3], [4].
+
+It is important to note that in all failing cases, there is
+more that one parallel invocation of the "wrapawk" script [5].
+
+This script is meant to generate many output files (wrapped.h,
+wrapdef.h, wrapstruct.h, wraptmpf.h) from a single invocation.
+
+The Makefile.am file is using multiple targets in an attempt to
+reflect that generation of multiple outputs at once. See [6].
+
+This use of multiple targets in this rule is incorrect here. See
+the Make manual [7]. This construct, used in Makefile.am, incorrectly
+assumes all those targets are independant (so they can be executed in
+parallel). They are not. In the current failing case, parallel
+invocations will generates all their respective output files,
+overwriting each other. This could lead to incomplete generated
+files, resulting to the observed compilation failures.
+
+Note that GNU Make 4.3 introduced "Grouped Targets" for that purpose.
+See "Rules with Grouped Targets" section in [7]. But this would add a
+requirement on Make >= 4.3.
+
+For that reason, this commit fixes the issue by using a simpler
+construct, working with all Make versions: the first output file
+"wrapped.h" is kept as a target, and it is devlared as a
+dependency of the three other generated files. This change makes sure
+that only one invocation of "wrapawk" will happen at a time,
+disregarding the number of parallel jobs requiring those generated
+files. This has the effect of completely solving the parallel build
+for all GNU Make versions.
+
+[1] https://buildroot.org/
+[2] https://gitlab.com/buildroot.org/buildroot/-/jobs/9085451831
+[3] https://gitlab.com/buildroot.org/buildroot/-/jobs/9085451244
+[4] https://gitlab.com/buildroot.org/buildroot/-/jobs/9085451198
+[5] https://salsa.debian.org/clint/fakeroot/-/blob/master/wrapawk
+[6] https://salsa.debian.org/clint/fakeroot/-/blob/upstream/1.37/Makefile.am#L54
+[7] https://www.gnu.org/software/make/manual/html_node/Multiple-Targets.html
+
+Upstream: Proposed: https://salsa.debian.org/clint/fakeroot/-/merge_requests/33
+Signed-off-by: Julien Olivain <ju.o@free.fr>
+---
+ Makefile.am | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index 46f01eb..ff71a8d 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -48,12 +48,13 @@ EXTRA_DIST=wrapawk wrapawk_macosx wrapfunc.inp           \
+ CLEAN_FILES=fakerootconfig.h
+ 
+ if MACOSX
+-wrapped.h wrapdef.h wrapstruct.h wraptmpf.h:wrapawk_macosx wrapfunc.inp
++wrapped.h: wrapawk_macosx wrapfunc.inp
+ 	awk -f $(srcdir)/wrapawk_macosx < $(srcdir)/wrapfunc.inp
+ else !MACOSX
+-wrapped.h wrapdef.h wrapstruct.h wraptmpf.h:wrapawk wrapfunc.inp
++wrapped.h: wrapawk wrapfunc.inp
+ 	awk -f $(srcdir)/wrapawk < $(srcdir)/wrapfunc.inp
+ endif !MACOSX
++wrapdef.h wrapstruct.h wraptmpf.h: wrapped.h
+ 
+ libfakeroot.lo:libfakeroot.c wrapdef.h wrapstruct.h wraptmpf.h
+ 
+-- 
+2.48.1
+

package/fakeroot/fakeroot.mk

@@ -15,6 +15,8 @@ HOST_FAKEROOT_DEPENDENCIES = host-acl
 HOST_FAKEROOT_CONF_ENV = \
 	ac_cv_header_sys_capability_h=no \
 	ac_cv_func_capset=no
+# 0001-Makefile.am-fix-parallel-build.patch
+HOST_FAKEROOT_AUTORECONF = YES
 FAKEROOT_LICENSE = GPL-3.0+
 FAKEROOT_LICENSE_FILES = COPYING
 

package/ffmpeg/0008-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch

@@ -0,0 +1,63 @@
+From 4c688845a50f7dce3af9afebe60f0f7a493c4f07 Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@arm.com>
+Date: Fri, 9 Aug 2024 11:32:00 +0100
+Subject: [PATCH] libavcodec/arm/mlpdsp_armv5te: fix label format to work with
+ binutils 2.43
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+binutils 2.43 has stricter validation for labels[1] and results in errors
+when building ffmpeg for armv5:
+
+src/libavcodec/arm/mlpdsp_armv5te.S:232: Error: junk at end of line, first unrecognized character is `0'
+
+Remove the leading zero in the "01" label to resolve this error.
+
+[1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=226749d5a6ff0d5c607d6428d6c81e1e7e7a994b
+
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+Signed-off-by: Martin Storsjö <martin@martin.st>
+(cherry picked from commit 654bd47716c4f36719fb0f3f7fd8386d5ed0b916)
+
+Upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4c688845a50f7dce3af9afebe60f0f7a493c4f07
+
+Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
+---
+ libavcodec/arm/mlpdsp_armv5te.S | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/libavcodec/arm/mlpdsp_armv5te.S b/libavcodec/arm/mlpdsp_armv5te.S
+index 4f9aa485fd..d31568611c 100644
+--- a/libavcodec/arm/mlpdsp_armv5te.S
++++ b/libavcodec/arm/mlpdsp_armv5te.S
+@@ -229,7 +229,7 @@ A .endif
+   .endif
+ 
+         // Begin loop
+-01:
++1:
+   .if TOTAL_TAPS == 0
+         // Things simplify a lot in this case
+         // In fact this could be pipelined further if it's worth it...
+@@ -241,7 +241,7 @@ A .endif
+         str     ST0, [PST, #-4]!
+         str     ST0, [PST, #4 * (MAX_BLOCKSIZE + MAX_FIR_ORDER)]
+         str     ST0, [PSAMP], #4 * MAX_CHANNELS
+-        bne     01b
++        bne     1b
+   .else
+     .if \fir_taps & 1
+       .set LOAD_REG, 1
+@@ -333,7 +333,7 @@ T       orr     AC0, AC0, AC1
+         str     ST3, [PST, #-4]!
+         str     ST2, [PST, #4 * (MAX_BLOCKSIZE + MAX_FIR_ORDER)]
+         str     ST3, [PSAMP], #4 * MAX_CHANNELS
+-        bne     01b
++        bne     1b
+   .endif
+         b       99f
+ 
+-- 
+2.30.2
+

package/ffmpeg/ffmpeg.mk

@@ -383,6 +383,13 @@ else
 FFMPEG_CONF_OPTS += --disable-iconv
 endif
 
+ifeq ($(BR2_PACKAGE_LIBXML2),y)
+FFMPEG_CONF_OPTS += --enable-libxml2
+FFMPEG_DEPENDENCIES += libxml2
+else
+FFMPEG_CONF_OPTS += --disable-libxml2
+endif
+
 # ffmpeg freetype support require fenv.h which is only
 # available/working on glibc.
 # The microblaze variant doesn't provide the needed exceptions
@@ -400,6 +407,20 @@ else
 FFMPEG_CONF_OPTS += --disable-fontconfig
 endif
 
+ifeq ($(BR2_PACKAGE_HARFBUZZ),y)
+FFMPEG_CONF_OPTS += --enable-libharfbuzz
+FFMPEG_DEPENDENCIES += harfbuzz
+else
+FFMPEG_CONF_OPTS += --disable-libharfbuzz
+endif
+
+ifeq ($(BR2_PACKAGE_LIBFRIBIDI),y)
+FFMPEG_CONF_OPTS += --enable-libfribidi
+FFMPEG_DEPENDENCIES += libfribidi
+else
+FFMPEG_CONF_OPTS += --disable-libfribidi
+endif
+
 ifeq ($(BR2_PACKAGE_OPENJPEG),y)
 FFMPEG_CONF_OPTS += --enable-libopenjpeg
 FFMPEG_DEPENDENCIES += openjpeg

package/freeipmi/freeipmi.mk

@@ -5,7 +5,7 @@
 ################################################################################
 
 FREEIPMI_VERSION = 1.6.14
-FREEIPMI_SITE = https://ftp.gnu.org/gnu/freeipmi
+FREEIPMI_SITE = $(BR2_GNU_MIRROR)/freeipmi
 FREEIPMI_LICENSE = GPL-3.0+, BSD-like (sunbmc)
 FREEIPMI_LICENSE_FILES = \
 	COPYING COPYING.bmc-watchdog COPYING.ipmiconsole COPYING.ipmi-dcmi \

package/freetype/freetype.hash

@@ -1,6 +1,6 @@
-# From https://sourceforge.net/projects/freetype/files/freetype2/2.13.2/
-sha1  2d8d5917a1983ebd04921f2993a88858d6f72dec  freetype-2.13.2.tar.xz
-sha256  12991c4e55c506dd7f9b765933e62fd2be2e06d421505d7950a132e4f1bb484d  freetype-2.13.2.tar.xz
+# From https://sourceforge.net/projects/freetype/files/freetype2/2.13.3/
+sha1  2437819d11c1205e81141735dcb0a36c0d541e96  freetype-2.13.3.tar.xz
+sha256  0550350666d427c74daeb85d5ac7bb353acba5f76956395995311a9c6f063289  freetype-2.13.3.tar.xz
 
 # Locally calculated
 sha256  2e3bbb7d7c5c396368dd0853a790ec29ce5b8647163dde42a0493fb0d6556b2b  LICENSE.TXT

package/freetype/freetype.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-FREETYPE_VERSION = 2.13.2
+FREETYPE_VERSION = 2.13.3
 FREETYPE_SOURCE = freetype-$(FREETYPE_VERSION).tar.xz
 FREETYPE_SITE = http://download.savannah.gnu.org/releases/freetype
 FREETYPE_INSTALL_STAGING = YES

package/gdb/gdb.hash

@@ -5,3 +5,9 @@ sha512  0217434073023a8b8316088bf3ee95d53a1b6a7897f6269095429016a8900f9a05e130c3
 
 # Locally calculated (fetched from Github)
 sha512  3518b47d5c11d1fb478ee152bde1719363f9391db73f3b9f5491217c17742bef8ebca6a51a40302dfaa9476c5a32a8b8f70a4bf64289422dea5f750ae53ab88d  gdb-arc-2023.09-release.tar.gz
+
+# Locally calculated (fetched from gcc.gnu.org)
+sha256  231f7edcc7352d7734a96eef0b8030f77982678c516876fcb81e25b32d68564c  COPYING
+sha256  8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903  COPYING3
+sha256  a853c2ffec17057872340eee242ae4d96cbf2b520ae27d903e1b2fef1a5f9d1c  COPYING3.LIB
+sha256  56bdea73b6145ef6ac5259b3da390b981d840c24cb03b8e1cbc678de7ecfa18d  COPYING.LIB

package/git/git.hash

@@ -1,5 +1,5 @@
 # From: https://www.kernel.org/pub/software/scm/git/sha256sums.asc
-sha256  1ce114da88704271b43e027c51e04d9399f8c88e9ef7542dae7aebae7d87bc4e  git-2.47.0.tar.xz
+sha256  b19268be6b6f1556b47a9dd834272e167d3a75740cdcd283cf3812edffe3930f  git-2.47.2.tar.xz
 # Locally calculated
 sha256  5b2198d1645f767585e8a88ac0499b04472164c0d2da22e75ecf97ef443ab32e  COPYING
 sha256  1922f45d2c49e390032c9c0ba6d7cac904087f7cec51af30c2b2ad022ce0e76a  LGPL-2.1

package/git/git.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-GIT_VERSION = 2.47.0
+GIT_VERSION = 2.47.2
 GIT_SOURCE = git-$(GIT_VERSION).tar.xz
 GIT_SITE = $(BR2_KERNEL_MIRROR)/software/scm/git
 GIT_LICENSE = GPL-2.0, LGPL-2.1+

package/glibc/glibc.mk

@@ -24,18 +24,6 @@ GLIBC_CPE_ID_VENDOR = gnu
 # allow proper matching with the CPE database.
 GLIBC_CPE_ID_VERSION = $(word 1, $(subst -,$(space),$(GLIBC_VERSION)))
 
-# Fixed by glibc-2.39-31-g31da30f23cddd36db29d5b6a1c7619361b271fb4
-GLIBC_IGNORE_CVES += CVE-2024-2961
-
-# Fixed by glibc-2.39-35-g1263d583d2e28afb8be53f8d6922f0842036f35d
-GLIBC_IGNORE_CVES += CVE-2024-33599
-
-# Fixed by glibc-2.39-37-gc99f886de54446cd4447db6b44be93dabbdc2f8b
-GLIBC_IGNORE_CVES += CVE-2024-33600
-
-# Fixed by glibc-2.39-38-ga9a8d3eebb145779a18d90e3966009a1daa63cd
-GLIBC_IGNORE_CVES += CVE-2024-33601 CVE-2024-33602
-
 # All these CVEs are considered as not being security issues by
 # upstream glibc:
 #  https://security-tracker.debian.org/tracker/CVE-2010-4756

package/gnu-efi/0002-Make-CHAR16-use-uint16_t.patch

@@ -0,0 +1,164 @@
+From f65e5db5666529abb18fe24f5c45331404a1ce99 Mon Sep 17 00:00:00 2001
+From: Callum Farmer <gmbr3@opensuse.org>
+Date: Wed, 29 May 2024 16:22:50 +0100
+Subject: [PATCH] Make CHAR16 use uint16_t
+
+musl-libc doesn't like fshort-wchar so remove wchar_t usage
+Use uint16_t as char16_t can be up to 32bits
+Fixes ncroxon/gnu-efi#16
+
+Signed-off-by: Callum Farmer <gmbr3@opensuse.org>
+Upstream: https://github.com/ncroxon/gnu-efi/commit/edfda7c396134c7109444b230ce4b0da1e61d524
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+---
+ Make.defaults             | 4 ++--
+ inc/aarch64/efibind.h     | 2 +-
+ inc/arm/efibind.h         | 2 +-
+ inc/ia32/efibind.h        | 2 +-
+ inc/ia64/efibind.h        | 2 +-
+ inc/loongarch64/efibind.h | 2 +-
+ inc/mips64el/efibind.h    | 2 +-
+ inc/riscv64/efibind.h     | 5 ++---
+ inc/x86_64/efibind.h      | 2 +-
+ 9 files changed, 11 insertions(+), 12 deletions(-)
+
+diff --git a/Make.defaults b/Make.defaults
+index c9f9b4f..83204a6 100755
+--- a/Make.defaults
++++ b/Make.defaults
+@@ -187,11 +187,11 @@ endif
+ 
+ ifeq (FreeBSD, $(findstring FreeBSD, $(OS)))
+ CFLAGS  += $(ARCH3264) -g -O2 -Wall -Wextra -Werror \
+-           -funsigned-char -fshort-wchar -fno-strict-aliasing \
++           -funsigned-char -fno-strict-aliasing \
+            -ffreestanding -fno-stack-protector
+ else
+ CFLAGS  += $(ARCH3264) -g -O2 -Wall -Wextra -Wno-pointer-sign -Werror \
+-           -funsigned-char -fshort-wchar -fno-strict-aliasing \
++           -funsigned-char -fno-strict-aliasing \
+ 	   -ffreestanding -fno-stack-protector -fno-stack-check \
+            $(if $(findstring gcc,$(CC)),-fno-merge-all-constants,)
+ endif
+diff --git a/inc/aarch64/efibind.h b/inc/aarch64/efibind.h
+index d6b5d0f..1a1fb79 100644
+--- a/inc/aarch64/efibind.h
++++ b/inc/aarch64/efibind.h
+@@ -40,7 +40,7 @@ typedef int64_t             intptr_t;
+ 
+ #include <stddef.h>
+ 
+-typedef wchar_t CHAR16;
++typedef uint16_t CHAR16;
+ #define WCHAR CHAR16
+ 
+ typedef uint64_t   UINT64;
+diff --git a/inc/arm/efibind.h b/inc/arm/efibind.h
+index 8c578df..bc43931 100644
+--- a/inc/arm/efibind.h
++++ b/inc/arm/efibind.h
+@@ -48,7 +48,7 @@ typedef int32_t             intptr_t;
+ 
+ #include <stddef.h>
+ 
+-typedef wchar_t CHAR16;
++typedef uint16_t CHAR16;
+ #define WCHAR CHAR16
+ 
+ typedef uint64_t   UINT64;
+diff --git a/inc/ia32/efibind.h b/inc/ia32/efibind.h
+index 718e8d1..1b33f2f 100644
+--- a/inc/ia32/efibind.h
++++ b/inc/ia32/efibind.h
+@@ -87,7 +87,7 @@ Revision History
+ 
+ #include <stddef.h>
+ 
+-typedef wchar_t CHAR16;
++typedef uint16_t CHAR16;
+ #define WCHAR CHAR16
+ 
+ 
+diff --git a/inc/ia64/efibind.h b/inc/ia64/efibind.h
+index 1d2745b..1ad41f8 100644
+--- a/inc/ia64/efibind.h
++++ b/inc/ia64/efibind.h
+@@ -74,7 +74,7 @@ Revision History
+ 
+ #include <stddef.h>
+ 
+-typedef wchar_t CHAR16;
++typedef uint16_t CHAR16;
+ #define WCHAR CHAR16
+ 
+ typedef uint64_t   UINT64;
+diff --git a/inc/loongarch64/efibind.h b/inc/loongarch64/efibind.h
+index 8ed83a5..806209d 100644
+--- a/inc/loongarch64/efibind.h
++++ b/inc/loongarch64/efibind.h
+@@ -44,7 +44,7 @@ typedef int64_t             intptr_t;
+ 
+ #include <stddef.h>
+ 
+-typedef wchar_t CHAR16;
++typedef uint16_t CHAR16;
+ #define WCHAR CHAR16
+ 
+ typedef uint64_t   UINT64;
+diff --git a/inc/mips64el/efibind.h b/inc/mips64el/efibind.h
+index cf77ddc..9b396cc 100644
+--- a/inc/mips64el/efibind.h
++++ b/inc/mips64el/efibind.h
+@@ -42,7 +42,7 @@ typedef int64_t             intptr_t;
+ 
+ #include <stddef.h>
+ 
+-typedef wchar_t CHAR16;
++typedef uint16_t CHAR16;
+ #define WCHAR CHAR16
+ 
+ typedef uint64_t   UINT64;
+diff --git a/inc/riscv64/efibind.h b/inc/riscv64/efibind.h
+index d8b4f39..b6d418c 100644
+--- a/inc/riscv64/efibind.h
++++ b/inc/riscv64/efibind.h
+@@ -17,13 +17,12 @@
+  */
+ 
+ #include <stdint.h>
++#include <stddef.h>
+ 
+ //
+ // Basic EFI types of various widths
+ //
+ 
+-#include <stddef.h>
+-
+ typedef uint64_t                UINT64;
+ typedef int64_t                 INT64;
+ typedef uint32_t                UINT32;
+@@ -33,7 +32,7 @@ typedef int16_t                 INT16;
+ typedef uint8_t                 UINT8;
+ typedef int8_t                  INT8;
+ typedef char                    CHAR8;
+-typedef wchar_t                 CHAR16;
++typedef uint16_t                 CHAR16;
+ #define WCHAR                   CHAR16
+ #undef VOID
+ typedef void                    VOID;
+diff --git a/inc/x86_64/efibind.h b/inc/x86_64/efibind.h
+index e454ed2..8f431cb 100644
+--- a/inc/x86_64/efibind.h
++++ b/inc/x86_64/efibind.h
+@@ -98,7 +98,7 @@ Revision History
+ 
+ #include <stddef.h>
+ 
+-typedef wchar_t CHAR16;
++typedef uint16_t CHAR16;
+ #define WCHAR CHAR16
+ 
+ typedef uint64_t   UINT64;
+-- 
+2.47.1
+

package/gnupg2/gnupg2.hash

@@ -1,5 +1,5 @@
 # From https://www.gnupg.org/download/integrity_check.html
-sha1  2d8aa2662c398d60f1f8e0bf46fd163eae703189  gnupg-2.4.6.tar.bz2
-sha256  95acfafda7004924a6f5c901677f15ac1bda2754511d973bb4523e8dd840e17a  gnupg-2.4.6.tar.bz2
+sha1  2d510a1a7294f2f9ef3f2e280c93c3ad9b0cdb68  gnupg-2.4.7.tar.bz2
+sha256  7b24706e4da7e0e3b06ca068231027401f238102c41c909631349dcc3b85eb46  gnupg-2.4.7.tar.bz2
 # Locally calculated
 sha256  bc2d6664f6276fa0a72d57633b3ae68dc7dcb677b71018bf08c8e93e509f1357  COPYING

package/gnupg2/gnupg2.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-GNUPG2_VERSION = 2.4.6
+GNUPG2_VERSION = 2.4.7
 GNUPG2_SOURCE = gnupg-$(GNUPG2_VERSION).tar.bz2
 GNUPG2_SITE = https://gnupg.org/ftp/gcrypt/gnupg
 GNUPG2_LICENSE = GPL-3.0+

package/gnuplot/0002-check-for-defined-FE_UNDERFLOW.patch

@@ -1,32 +0,0 @@
-From 806641b5ef504488f871b5cbd9e5c356d67d0bd1 Mon Sep 17 00:00:00 2001
-From: Edgar Bonet <bonet@grenoble.cnrs.fr>
-Date: Tue, 24 Sep 2024 20:03:18 -0700
-Subject: [PATCH] check for defined(FE_UNDERFLOW)
-
-According to fenv(3), the macro FE_UNDERFLOW is defined by fenv.h only
-if the implementation supports handling of the underflow exception. Do
-not assume the presence of fenv.h implies FE_UNDERFLOW is defined.
-
-Signed-off-by: Edgar Bonet <bonet@grenoble.cnrs.fr>
-Upstream: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/926d2c26d31f4b69feda372c76a28643ef45359d/
-Upstream: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/806641b5ef504488f871b5cbd9e5c356d67d0bd1/
----
- src/complexfun.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/complexfun.c b/src/complexfun.c
-index 7a5d9a13f..7ddb4ed60 100644
---- a/src/complexfun.c
-+++ b/src/complexfun.c
-@@ -86,7 +86,7 @@
- 	int_error(NO_CARET, "%s: error present on entry (errno %d %s)", who, errno, strerror(errno));
- #endif
- 
--#ifdef HAVE_FENV_H
-+#if defined (HAVE_FENV_H) && defined (FE_UNDERFLOW)
- #define handle_underflow( who, var ) \
-     if (errno) { \
- 	if (fetestexcept(FE_UNDERFLOW)) { \
--- 
-2.34.1
-

package/gnuplot/gnuplot.hash

@@ -1,6 +1,6 @@
-# From https://sourceforge.net/projects/gnuplot/files/gnuplot/6.0.1/
-md5  744fde2362fb20db6cfc58de73f96e9c  gnuplot-6.0.1.tar.gz
-sha1  ce1aaeff632c78cba2b3ca8142cf130bfd411478  gnuplot-6.0.1.tar.gz
+# From https://sourceforge.net/projects/gnuplot/files/gnuplot/6.0.2/
+md5  ea0931758fc180e3b1950931b9869921  gnuplot-6.0.2.tar.gz
+sha1  be803916e4ea32720b4a646f2ffc98d6ad3a0dc2  gnuplot-6.0.2.tar.gz
 # Locally computed
-sha256  e85a660c1a2a1808ff24f7e69981ffcbac66a45c9dcf711b65610b26ea71379a  gnuplot-6.0.1.tar.gz
+sha256  f68a3b0bbb7bbbb437649674106d94522c00bf2f285cce0c19c3180b1ee7e738  gnuplot-6.0.2.tar.gz
 sha256  895928ec0735cca1c8cec42656c7e314a065d0242813bb8693c0c1bf61fd4e4d  Copyright

package/gnuplot/gnuplot.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-GNUPLOT_VERSION = 6.0.1
+GNUPLOT_VERSION = 6.0.2
 GNUPLOT_SITE = http://downloads.sourceforge.net/project/gnuplot/gnuplot/$(GNUPLOT_VERSION)
 GNUPLOT_LICENSE = gnuplot license (open source)
 GNUPLOT_LICENSE_FILES = Copyright

package/gnutls/gnutls.hash

@@ -1,6 +1,7 @@
 # Locally calculated after checking pgp signature
-# https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.8.tar.xz.sig
-sha256  ac4f020e583880b51380ed226e59033244bc536cad2623f2e26f5afa2939d8fb  gnutls-3.8.8.tar.xz
+# https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.9.tar.xz.sig
+sha256  69e113d802d1670c4d5ac1b99040b1f2d5c7c05daec5003813c049b5184820ed  gnutls-3.8.9.tar.xz
 # Locally calculated
-sha256  3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986  doc/COPYING
-sha256  dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551  doc/COPYING.LESSER
+sha256  3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986  COPYING
+sha256  20e50fe7aae3e56378ebf0417d9de904f55a0e61e4df315333e632a4d3555d95  COPYING.LESSERv2
+sha256  5e4aca90e8e08e47558dfd21e2a42251a139242b0016a06708739eeb8f0da60c  README.md

package/gnutls/gnutls.mk

@@ -6,11 +6,11 @@
 
 # When bumping, make sure *all* --without-libfoo-prefix options are in GNUTLS_CONF_OPTS
 GNUTLS_VERSION_MAJOR = 3.8
-GNUTLS_VERSION = $(GNUTLS_VERSION_MAJOR).8
+GNUTLS_VERSION = $(GNUTLS_VERSION_MAJOR).9
 GNUTLS_SOURCE = gnutls-$(GNUTLS_VERSION).tar.xz
 GNUTLS_SITE = https://www.gnupg.org/ftp/gcrypt/gnutls/v$(GNUTLS_VERSION_MAJOR)
 GNUTLS_LICENSE = LGPL-2.1+ (core library)
-GNUTLS_LICENSE_FILES = doc/COPYING.LESSER
+GNUTLS_LICENSE_FILES = COPYING.LESSERv2 README.md
 
 GNUTLS_DEPENDENCIES = host-pkgconf libtasn1 libunistring nettle
 GNUTLS_CPE_ID_VENDOR = gnu
@@ -70,7 +70,7 @@ HOST_GNUTLS_CONF_OPTS = \
 
 ifeq ($(BR2_PACKAGE_GNUTLS_OPENSSL),y)
 GNUTLS_LICENSE += , GPL-3.0+ (gnutls-openssl library)
-GNUTLS_LICENSE_FILES += doc/COPYING
+GNUTLS_LICENSE_FILES += COPYING
 GNUTLS_CONF_OPTS += --enable-openssl-compatibility
 else
 GNUTLS_CONF_OPTS += --disable-openssl-compatibility

package/go/go-bin/go-bin.hash

@@ -1,9 +0,0 @@
-# sha256 checksum from https://go.dev/dl/
-sha256  36930162a93df417d90bd22c6e14daff4705baac2b02418edda671cdfa9cd07f  go1.23.2.src.tar.gz
-sha256  cb1ed4410f68d8be1156cee0a74fcfbdcd9bca377c83db3a9e1b07eebc6d71ef  go1.23.2.linux-386.tar.gz
-sha256  542d3c1705f1c6a1c5a80d5dc62e2e45171af291e755d591c5e6531ef63b454e  go1.23.2.linux-amd64.tar.gz
-sha256  f626cdd92fc21a88b31c1251f419c17782933a42903db87a174ce74eeecc66a9  go1.23.2.linux-arm64.tar.gz
-sha256  e3286bdde186077e65e961cbe18874d42a461e5b9c472c26572b8d4a98d15c40  go1.23.2.linux-armv6l.tar.gz
-sha256  c164ce7d894b10fd861d7d7b96f1dbea3f993663d9f0c30bc4f8ae3915db8b0c  go1.23.2.linux-ppc64le.tar.gz
-sha256  de1f94d7dd3548ba3036de1ea97eb8243881c22a88fcc04cc08c704ded769e02  go1.23.2.linux-s390x.tar.gz
-sha256  2d36597f7117c38b006835ae7f537487207d8ec407aa9d9980794b2030cbc067  LICENSE

package/go/go-bin/go-bin.hash

@@ -0,0 +1 @@
+../go.hash

package/go/go-src/go-src.hash

@@ -1,3 +0,0 @@
-# From https://go.dev/dl
-sha256  36930162a93df417d90bd22c6e14daff4705baac2b02418edda671cdfa9cd07f  go1.23.2.src.tar.gz
-sha256  2d36597f7117c38b006835ae7f537487207d8ec407aa9d9980794b2030cbc067  LICENSE

package/go/go-src/go-src.hash

@@ -0,0 +1 @@
+../go.hash

package/go/go.hash

@@ -0,0 +1,9 @@
+# sha256 checksum from https://go.dev/dl/
+sha256  039c5b04e65279daceee8a6f71e70bd05cf5b801782b6f77c6e19e2ed0511222  go1.23.6.src.tar.gz
+sha256  e61f87693169c0bbcc43363128f1e929b9dff0b7f448573f1bdd4e4a0b9687ba  go1.23.6.linux-386.tar.gz
+sha256  9379441ea310de000f33a4dc767bd966e72ab2826270e038e78b2c53c2e7802d  go1.23.6.linux-amd64.tar.gz
+sha256  561c780e8f4a8955d32bf72e46af0b5ee5e0debe1e4633df9a03781878219202  go1.23.6.linux-arm64.tar.gz
+sha256  27a4611010c16b8c4f37ade3aada55bd5781998f02f348b164302fd5eea4eb74  go1.23.6.linux-armv6l.tar.gz
+sha256  0f817201e83d78ddbfa27f5f78d9b72450b92cc21d5e045145efacd0d3244a99  go1.23.6.linux-ppc64le.tar.gz
+sha256  321e7ed0d5416f731479c52fa7610b52b8079a8061967bd48cec6d66f671a60e  go1.23.6.linux-s390x.tar.gz
+sha256  2d36597f7117c38b006835ae7f537487207d8ec407aa9d9980794b2030cbc067  LICENSE

package/go/go.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-GO_VERSION = 1.23.2
+GO_VERSION = 1.23.6
 
 HOST_GO_GOPATH = $(HOST_DIR)/share/go-path
 HOST_GO_HOST_CACHE = $(HOST_DIR)/share/host-go-cache

package/gobject-introspection/Config.in

@@ -2,6 +2,11 @@ config BR2_PACKAGE_GOBJECT_INTROSPECTION_ARCH_SUPPORTS
 	bool
 	default y
 	depends on BR2_PACKAGE_HOST_QEMU_ARCH_SUPPORTS
+	# gobject-introspection programs cause a hang of Qemu on
+	# Microblaze, and supporting GOI on Microblaze is not very
+	# relevant.
+	depends on !BR2_microblazeel
+	depends on !BR2_microblazebe
 
 config BR2_PACKAGE_GOBJECT_INTROSPECTION
 	bool "gobject-introspection"

package/gpsd/Config.in

@@ -238,6 +238,7 @@ config BR2_PACKAGE_GPSD_PYTHON
 	bool "build Python support and modules"
 	depends on BR2_USE_WCHAR # python3
 	select BR2_PACKAGE_PYTHON3
+	select BR2_PACKAGE_PYTHON_SERIAL # runtime
 	help
 	  Python libraries and tools for the gpsd service daemon
 	  including gpsfake test harness.

package/gstreamer1/gst-omx/gst-omx.hash

@@ -1,3 +1,3 @@
-# From https://gstreamer.freedesktop.org/src/gst-omx/gst-omx-1.22.9.tar.xz.sha256sum
-sha256  9362d6117985d09dcf6e27bdaef377dc08efb7df01d00101d04fb644addac61e  gst-omx-1.22.9.tar.xz
+# From https://gstreamer.freedesktop.org/src/gst-omx/gst-omx-1.22.12.tar.xz.sha256sum
+sha256  6b0685b92ac735032d7987d1028afaeab0a98ab726e0c51e5b9bfc8f2da7c8b1  gst-omx-1.22.12.tar.xz
 sha256  dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551  COPYING

package/gstreamer1/gst-omx/gst-omx.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-GST_OMX_VERSION = 1.22.9
+GST_OMX_VERSION = 1.22.12
 GST_OMX_SOURCE = gst-omx-$(GST_OMX_VERSION).tar.xz
 GST_OMX_SITE = https://gstreamer.freedesktop.org/src/gst-omx
 

package/gstreamer1/gst1-devtools/gst1-devtools.hash

@@ -1,3 +1,3 @@
-# From https://gstreamer.freedesktop.org/src/gst-devtools/gst-devtools-1.22.9.tar.xz.sha256sum
-sha256  02e29400b44e9cc603aa6444dee5726b57edabef6455e6d0921ffed6f13840ee  gst-devtools-1.22.9.tar.xz
+# From https://gstreamer.freedesktop.org/src/gst-devtools/gst-devtools-1.22.12.tar.xz.sha256sum
+sha256  015ff62789dab423edafe979b019c7de4c849a2b7e74912b20b74a70e5b68f72  gst-devtools-1.22.12.tar.xz
 sha256  6095e9ffa777dd22839f7801aa845b31c9ed07f3d6bf8a26dc5d2dec8ccc0ef3  validate/COPYING

package/gstreamer1/gst1-devtools/gst1-devtools.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-GST1_DEVTOOLS_VERSION = 1.22.9
+GST1_DEVTOOLS_VERSION = 1.22.12
 GST1_DEVTOOLS_SOURCE = gst-devtools-$(GST1_DEVTOOLS_VERSION).tar.xz
 GST1_DEVTOOLS_SITE = https://gstreamer.freedesktop.org/src/gst-devtools
 GST1_DEVTOOLS_LICENSE = LGPL-2.1+

package/gstreamer1/gst1-libav/gst1-libav.hash

@@ -1,3 +1,3 @@
-# From https://gstreamer.freedesktop.org/src/gst-libav/gst-libav-1.22.9.tar.xz.sha256sum
-sha256  192f7d27d21c1e7c72c339a2647a9b0c247fedc62ea5029115f8c3e22ebb87d8  gst-libav-1.22.9.tar.xz
+# From https://gstreamer.freedesktop.org/src/gst-libav/gst-libav-1.22.12.tar.xz.sha256sum
+sha256  3b60d4cac2fbcd085a93e9389ca23e0443bee1ca75574d31d4f12bb1bbecab48  gst-libav-1.22.12.tar.xz
 sha256  ad2eec519ebd4b5df86ea84dff24ae3bfa2edea846a703b58902dd221ae375db  COPYING

package/gstreamer1/gst1-libav/gst1-libav.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-GST1_LIBAV_VERSION = 1.22.9
+GST1_LIBAV_VERSION = 1.22.12
 GST1_LIBAV_SOURCE = gst-libav-$(GST1_LIBAV_VERSION).tar.xz
 GST1_LIBAV_SITE = https://gstreamer.freedesktop.org/src/gst-libav
 GST1_LIBAV_LICENSE = LGPL-2.1+

package/gstreamer1/gst1-plugins-bad/gst1-plugins-bad.hash

@@ -1,3 +1,3 @@
-# From https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad-1.22.9.tar.xz.sha256sum
-sha256  1bc65d0fd5f53a3636564efd3fcf318c3edcdec39c4109a503c1fc8203840a1d  gst-plugins-bad-1.22.9.tar.xz
+# From https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad-1.22.12.tar.xz.sha256sum
+sha256  388b4c4412f42e36a38b17cc34119bc11879bd4d9fbd4ff6d03b2c7fc6b4d494  gst-plugins-bad-1.22.12.tar.xz
 sha256  dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551  COPYING

package/gstreamer1/gst1-plugins-bad/gst1-plugins-bad.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-GST1_PLUGINS_BAD_VERSION = 1.22.9
+GST1_PLUGINS_BAD_VERSION = 1.22.12
 GST1_PLUGINS_BAD_SOURCE = gst-plugins-bad-$(GST1_PLUGINS_BAD_VERSION).tar.xz
 GST1_PLUGINS_BAD_SITE = https://gstreamer.freedesktop.org/src/gst-plugins-bad
 GST1_PLUGINS_BAD_INSTALL_STAGING = YES

package/gstreamer1/gst1-plugins-base/gst1-plugins-base.hash

@@ -1,3 +1,3 @@
-# From https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-base-1.22.9.tar.xz.sha256sum
-sha256  fac3e0dd2d8e9370388b34bf8c21b89d5f63bc3cfc12cd7fdc8fc6c1cba03334  gst-plugins-base-1.22.9.tar.xz
+# From https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-base-1.22.12.tar.xz.sha256sum
+sha256  73cfadc3a6ffe77ed974cfd6fb391c605e4531f48db21dd6b9f42b8cb69bd8c1  gst-plugins-base-1.22.12.tar.xz
 sha256  ad2eec519ebd4b5df86ea84dff24ae3bfa2edea846a703b58902dd221ae375db  COPYING

package/gstreamer1/gst1-plugins-base/gst1-plugins-base.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-GST1_PLUGINS_BASE_VERSION = 1.22.9
+GST1_PLUGINS_BASE_VERSION = 1.22.12
 GST1_PLUGINS_BASE_SOURCE = gst-plugins-base-$(GST1_PLUGINS_BASE_VERSION).tar.xz
 GST1_PLUGINS_BASE_SITE = https://gstreamer.freedesktop.org/src/gst-plugins-base
 GST1_PLUGINS_BASE_INSTALL_STAGING = YES

package/gstreamer1/gst1-plugins-good/gst1-plugins-good.hash

@@ -1,3 +1,3 @@
-# From https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-good-1.22.9.tar.xz.sha256sum
-sha256  26959fcfebfff637d4ea08ef40316baf31b61bb7729820b0684e800c3a1478b6  gst-plugins-good-1.22.9.tar.xz
+# From https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-good-1.22.12.tar.xz.sha256sum
+sha256  9c1913f981900bd8867182639b20907b28ed78ef7a222cfbf2d8ba9dab992fa7  gst-plugins-good-1.22.12.tar.xz
 sha256  6095e9ffa777dd22839f7801aa845b31c9ed07f3d6bf8a26dc5d2dec8ccc0ef3  COPYING

package/gstreamer1/gst1-plugins-good/gst1-plugins-good.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-GST1_PLUGINS_GOOD_VERSION = 1.22.9
+GST1_PLUGINS_GOOD_VERSION = 1.22.12
 GST1_PLUGINS_GOOD_SOURCE = gst-plugins-good-$(GST1_PLUGINS_GOOD_VERSION).tar.xz
 GST1_PLUGINS_GOOD_SITE = https://gstreamer.freedesktop.org/src/gst-plugins-good
 GST1_PLUGINS_GOOD_LICENSE_FILES = COPYING

package/gstreamer1/gst1-plugins-ugly/gst1-plugins-ugly.hash

@@ -1,3 +1,3 @@
-# From https://gstreamer.freedesktop.org/src/gst-plugins-ugly/gst-plugins-ugly-1.22.9.tar.xz.sha256sum
-sha256  0bf685d66015a01dd3fc1671b64a1c8acb321dd9d4ab9e05a29ab19782aa6236  gst-plugins-ugly-1.22.9.tar.xz
+# From https://gstreamer.freedesktop.org/src/gst-plugins-ugly/gst-plugins-ugly-1.22.12.tar.xz.sha256sum
+sha256  d59a1aaf8dd2cc416dc5b5c0b7aecd02b1811bf1229aa724e6c2a503d3799083  gst-plugins-ugly-1.22.12.tar.xz
 sha256  6095e9ffa777dd22839f7801aa845b31c9ed07f3d6bf8a26dc5d2dec8ccc0ef3  COPYING