libgpg-error: Fix compilation with GAWK 5.0

Patch from Upstream.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 9afde0d39a)
[rmilecki: autoreconf + po fix]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>

admin/monit/Makefile

@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=monit
-PKG_VERSION:=5.18
+PKG_VERSION:=5.24.0
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=http://mmonit.com/monit/dist
-PKG_MD5SUM:=a1bfac0fbb83439435f8616200d2364d
+PKG_HASH:=754d1f0e165e5a26d4639a6a83f44ccf839e381f2622e0946d5302fa1f2d2414
+PKG_SOURCE_URL:=https://mmonit.com/monit/dist
 
 PKG_LICENSE:=AGPL-3.0
 PKG_LICENSE_FILES:=COPYING
@@ -26,9 +26,9 @@ include $(INCLUDE_DIR)/package.mk
 define Package/monit/Default
   SECTION:=admin
   CATEGORY:=Administration
-  DEPENDS:= +libpthread
+  DEPENDS:= +libpthread +zlib
   TITLE:=System services monitoring utility
-  URL:=http://mmonit.com/monit/
+  URL:=https://mmonit.com/monit/
   MAINTAINER:=Etienne CHAMPETIER <champetier.etienne@gmail.com>
 endef
 

admin/monit/patches/001-fix-default-piddir.patch

@@ -1,6 +1,6 @@
 --- a/configure
 +++ b/configure
-@@ -13849,14 +13849,7 @@ fi
+@@ -13852,14 +13852,7 @@ fi
  # Find the right directory to put the root-mode PID file in
  { $as_echo "$as_me:${as_lineno-$LINENO}: checking pid file location" >&5
  $as_echo_n "checking pid file location... " >&6; }

admin/openwisp-config/Makefile

@@ -0,0 +1,119 @@
+# openwisp.org
+#
+# This is free software, licensed under the GNU General Public License v3.
+# See /LICENSE for more information.
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=openwisp-config
+PKG_VERSION:=0.4.5
+PKG_RELEASE:=1
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
+PKG_SOURCE_URL:=https://github.com/openwisp/openwisp-config.git
+PKG_SOURCE_VERSION:=0.4.5
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_SOURCE_VERSION)
+PKG_MIRROR_HASH:=017a8ed35ebfda2805426e7da02559d5cc2845ee9ded60fdae8e848d377424fb
+PKG_LICENSE:=GPL-3.0
+PKGARCH:=all
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/openwisp-config/default
+	TITLE:=Remote configuration management agent ($(2) variant)
+	CATEGORY:=Administration
+	SECTION:=admin
+	SUBMENU:=openwisp
+	DEPENDS:=+curl +lua +libuci-lua +luafilesystem $(3)
+	VARIANT:=$(1)
+	MAINTAINER:=Federico Capoano <f.capoano@cineca.it>
+	URL:=http://openwisp.org
+endef
+
+Package/openwisp-config-openssl=$(call Package/openwisp-config/default,openssl,OpenSSL,+ca-certificates +libopenssl)
+Package/openwisp-config-mbedtls=$(call Package/openwisp-config/default,mbedtls,mbedTLS,+ca-certificates +libmbedtls)
+Package/openwisp-config-cyassl=$(call Package/openwisp-config/default,cyassl,CyaSSL,+ca-certificates +libcyassl)
+# deprecated on recent versions of OpenWRT (>= Designated Driver) and LEDE (>= 17.01)
+Package/openwisp-config-polarssl=$(call Package/openwisp-config/default,polarssl,PolarSSL,+ca-certificates +libpolarssl)
+Package/openwisp-config-nossl=$(call Package/openwisp-config/default,nossl,No SSL)
+
+define Build/Compile
+endef
+
+define Package/openwisp-config-$(BUILD_VARIANT)/conffiles
+/etc/config/openwisp
+endef
+
+ifeq ($(BUILD_VARIANT),openssl)
+CONFIG_OPENWISP_UCI:=ssl
+endif
+ifeq ($(BUILD_VARIANT),mbedtls)
+CONFIG_OPENWISP_UCI:=ssl
+endif
+ifeq ($(BUILD_VARIANT),cyassl)
+CONFIG_OPENWISP_UCI:=ssl
+endif
+ifeq ($(BUILD_VARIANT),polarssl)
+CONFIG_OPENWISP_UCI:=ssl
+endif
+ifeq ($(BUILD_VARIANT),nossl)
+CONFIG_OPENWISP_UCI:=nossl
+endif
+
+
+define Package/openwisp-config-$(BUILD_VARIANT)/install
+	$(INSTALL_DIR) \
+		$(1)/usr/sbin \
+		$(1)/etc/init.d \
+		$(1)/etc/config \
+		$(1)/etc/openwisp \
+		$(1)/usr/lib/lua/openwisp
+
+	$(INSTALL_BIN) \
+		$(PKG_BUILD_DIR)/openwisp-config/files/openwisp.agent \
+		$(1)/usr/sbin/openwisp_config
+
+	$(INSTALL_BIN) \
+		$(PKG_BUILD_DIR)/openwisp-config/files/openwisp.init \
+		$(1)/etc/init.d/openwisp_config
+
+	$(INSTALL_CONF) $(PKG_BUILD_DIR)/openwisp-config/files/openwisp-$(CONFIG_OPENWISP_UCI).config \
+		$(1)/etc/config/openwisp
+
+	$(INSTALL_BIN) \
+		$(PKG_BUILD_DIR)/openwisp-config/files/sbin/openwisp-reload-config \
+		$(1)/usr/sbin/openwisp-reload-config
+
+	$(INSTALL_BIN) \
+		$(PKG_BUILD_DIR)/openwisp-config/files/lib/openwisp/utils.lua \
+		$(1)/usr/lib/lua/openwisp/utils.lua
+
+	$(INSTALL_BIN) \
+		$(PKG_BUILD_DIR)/openwisp-config/files/sbin/openwisp-store-unmanaged.lua \
+		$(1)/usr/sbin/openwisp-store-unmanaged
+
+	$(INSTALL_BIN) \
+		$(PKG_BUILD_DIR)/openwisp-config/files/sbin/openwisp-restore-unmanaged.lua \
+		$(1)/usr/sbin/openwisp-restore-unmanaged
+
+	$(INSTALL_BIN) \
+		$(PKG_BUILD_DIR)/openwisp-config/files/sbin/openwisp-remove-default-wifi.lua \
+		$(1)/usr/sbin/openwisp-remove-default-wifi
+
+	$(INSTALL_BIN) \
+		$(PKG_BUILD_DIR)/openwisp-config/files/sbin/openwisp-uci-autoname.lua \
+		$(1)/usr/sbin/openwisp-uci-autoname
+
+	$(INSTALL_BIN) \
+		$(PKG_BUILD_DIR)/openwisp-config/files/sbin/openwisp-update-config.lua \
+		$(1)/usr/sbin/openwisp-update-config
+
+	$(CP) $(PKG_BUILD_DIR)/VERSION $(1)/etc/openwisp/
+endef
+
+$(eval $(call BuildPackage,openwisp-config-openssl))
+$(eval $(call BuildPackage,openwisp-config-mbedtls))
+$(eval $(call BuildPackage,openwisp-config-cyassl))
+$(eval $(call BuildPackage,openwisp-config-polarssl))
+$(eval $(call BuildPackage,openwisp-config-nossl))

admin/zabbix/Makefile

@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=zabbix
-PKG_VERSION:=3.0.3
+PKG_VERSION:=3.2.6
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_HASH:=98f025b39515b196552b8a23e2fe20a8180b5e99e613ce7378725a46ed8b62d6
 PKG_SOURCE_URL:=@SF/zabbix
-PKG_MD5SUM:=7c45d37000e67d75042695344c9937e0
 
 PKG_LICENSE:=GPL-2.0
 PKG_LICENSE_FILES:=COPYING

admin/zabbix/files/mac80211

@@ -15,13 +15,15 @@ UserParameter=mac80211.ACKFailureCount[*],zabbix_helper_mac80211 $1 dot11ACKFail
 UserParameter=mac80211.FCSErrorCount[*],zabbix_helper_mac80211 $1 dot11FCSErrorCount
 UserParameter=mac80211.RTSFailureCount[*],zabbix_helper_mac80211 $1 dot11RTSFailureCount
 UserParameter=mac80211.RTSSuccessCount[*],zabbix_helper_mac80211 $1 dot11RTSSuccessCount
-UserParameter=mac80211.FailedCount[*],zabbix_helper_mac80211 $1 failed_count
-UserParameter=mac80211.FrameDuplicateCount[*],zabbix_helper_mac80211 $1 frame_duplicate_count
-UserParameter=mac80211.MulticastReceivedFrameCount[*],zabbix_helper_mac80211 $1 multicast_received_frame_count
-UserParameter=mac80211.MulticastTransmittedFrameCount[*],zabbix_helper_mac80211 $1 multicast_transmitted_frame_count
-UserParameter=mac80211.MultipleRetryCount[*],zabbix_helper_mac80211 $1 multiple_retry_count
-UserParameter=mac80211.ReceivedFragmentCount[*],zabbix_helper_mac80211 $1 received_fragment_count
-UserParameter=mac80211.RetryCount[*],zabbix_helper_mac80211 $1 retry_count
-UserParameter=mac80211.TransmittedFragmentCount[*],zabbix_helper_mac80211 $1 transmitted_fragment_count
-UserParameter=mac80211.TransmittedFrameCount[*],zabbix_helper_mac80211 $1 transmitted_frame_count
+
+# hidden behind MAC80211_DEBUG_COUNTERS
+UserParameter=mac80211.FailedCount[*],zabbix_helper_mac80211 $1 dot11FailedCount
+UserParameter=mac80211.FrameDuplicateCount[*],zabbix_helper_mac80211 $1 dot11FrameDuplicateCount
+UserParameter=mac80211.MulticastReceivedFrameCount[*],zabbix_helper_mac80211 $1 dot11MulticastReceivedFrameCount
+UserParameter=mac80211.MulticastTransmittedFrameCount[*],zabbix_helper_mac80211 $1 dot11MulticastTransmittedFrameCount
+UserParameter=mac80211.MultipleRetryCount[*],zabbix_helper_mac80211 $1 dot11MultipleRetryCount
+UserParameter=mac80211.ReceivedFragmentCount[*],zabbix_helper_mac80211 $1 dot11ReceivedFragmentCount
+UserParameter=mac80211.RetryCount[*],zabbix_helper_mac80211 $1 dot11RetryCount
+UserParameter=mac80211.TransmittedFragmentCount[*],zabbix_helper_mac80211 $1 dot11TransmittedFragmentCount
+UserParameter=mac80211.TransmittedFrameCount[*],zabbix_helper_mac80211 $1 dot11TransmittedFrameCount
 

kernel/exfat-nofuse/Makefile

@@ -29,7 +29,7 @@ define KernelPackage/fs-exfat
 	TITLE:=ExFAT Kernel driver
 	FILES:=$(PKG_BUILD_DIR)/exfat.ko
 	AUTOLOAD:=$(call AutoLoad,30,exfat,1)
-	DEPENDS:=+kmod-nls-base @BUILD_PATENTED
+	DEPENDS:=+kmod-nls-base
 endef
 
 define KernelPackage/fs-exfat/description

lang/jamvm/Makefile

@@ -9,34 +9,36 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=jamvm
 PKG_VERSION:=2.0.0
-PKG_RELEASE:=1
-PKG_LICENSE:=GPL-2.0+
-PKG_MAINTAINER:=Dana H. Myers <k6jq@comcast.net>
+PKG_RELEASE:=3
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=@SF/$(PKG_NAME)
-PKG_MD5SUM:=a6e3321ef4b3cfb4afc20bd75452e11e
+PKG_HASH:=76428e96df0ae9dd964c7a7c74c1e9a837e2f312c39e9a357fa8178f7eff80da
 
-PKG_USE_MIPS16:=0
+PKG_MAINTAINER:=Dana H. Myers <k6jq@comcast.net>
+PKG_LICENSE:=GPL-2.0-or-later
+PKG_LICENSE_FILES:=COPYING
 
 PKG_FIXUP:=autoreconf
 PKG_INSTALL:=1
+PKG_USE_MIPS16:=0
 
 include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/host-build.mk
 
 define Package/jamvm
   SUBMENU:=Java
   SECTION:=lang
   CATEGORY:=Languages
   TITLE:=A compact Java Virtual Machine
-  URL:=http://sourceforge.net/projects/jamvm
-  DEPENDS:=+zlib +libpthread +librt +classpath @!avr32
+  URL:=http://jamvm.sourceforge.net/
+  DEPENDS:=+zlib +libpthread +librt +CONFIG_powerpc64:libffi @!arc @!aarch64
 endef
 
 define Package/jamvm/description
- JamVM is a new Java Virtual Machine which conforms to the JVM
- specification version (blue book). In comparison to most other VM's (free
- and commercial) it is extremely small.However, unlike other small VMs
+ JamVM is a Java Virtual Machine which conforms to the JVM
+ specification version 2 (a.k.a, 1.2).  In comparison to most other VM's (free
+ and commercial) it is extremely small.  However, unlike other small VMs
  (e.g. KVM) it is designed to support the full specification, and includes
  support for object finalisation, Soft/Weak/Phantom References, the Java
  Native Interface (JNI) and the Reflection API.
@@ -65,3 +67,4 @@ define Build/InstallDev
 endef
 
 $(eval $(call BuildPackage,jamvm))
+$(eval $(call HostBuild))

lang/jamvm/patches/001-Use-fenv.h-instead-of-fpu_control.h.patch

@@ -0,0 +1,86 @@
+From 7152ded5219453c9ff1cd062cecbeaf4d77e4cab Mon Sep 17 00:00:00 2001
+From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+Date: Thu, 26 May 2016 15:05:48 +0200
+Subject: [PATCH] Use <fenv.h> instead of <fpu_control.h>
+
+musl libc (http://musl-libc.org lack the non-standard <fpu_control.h>
+header, which is used in src/os/linux/{i386,x86_64}/init.c files to
+setup the floating point precision. This patch makes it use the
+standard C <fenv.h> header instead.
+
+Original patch at Felix Janda at
+https://sourceforge.net/p/jamvm/patches/6/.
+
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+---
+ src/os/linux/i386/init.c   | 12 ++++++------
+ src/os/linux/x86_64/init.c | 16 ++++++----------
+ 2 files changed, 12 insertions(+), 16 deletions(-)
+
+diff --git a/src/os/linux/i386/init.c b/src/os/linux/i386/init.c
+index d9c6648..94a733e 100644
+--- a/src/os/linux/i386/init.c
++++ b/src/os/linux/i386/init.c
+@@ -19,18 +19,18 @@
+  * Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+  */
+ 
+-#include <fpu_control.h>
++#include <fenv.h>
+ 
+ /* Change floating point precision to double (64-bit) from
+  * the extended (80-bit) Linux default. */
+ 
+ void setDoublePrecision() {
+-    fpu_control_t cw;
++    fenv_t fenv;
+ 
+-    _FPU_GETCW(cw);
+-    cw &= ~_FPU_EXTENDED;
+-    cw |= _FPU_DOUBLE;
+-    _FPU_SETCW(cw);
++    fegetenv(&fenv);
++    fenv.__control_word &= ~0x300; /* _FPU_EXTENDED */
++    fenv.__control_word |= 0x200; /* _FPU_DOUBLE */
++    fesetenv(&fenv);
+ }
+ 
+ void initialisePlatform() {
+diff --git a/src/os/linux/x86_64/init.c b/src/os/linux/x86_64/init.c
+index 9d55229..a76a923 100644
+--- a/src/os/linux/x86_64/init.c
++++ b/src/os/linux/x86_64/init.c
+@@ -19,9 +19,7 @@
+  * Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+  */
+ 
+-#ifdef __linux__
+-#include <fpu_control.h>
+-#endif
++#include <fenv.h>
+ 
+ /* Change the x87 FPU precision to double (64-bit) from the extended
+    (80-bit) Linux default.  Note, unlike on i386, my testcases pass
+@@ -30,14 +28,12 @@
+ */
+ 
+ void setDoublePrecision() {
+-#ifdef __linux__
+-    fpu_control_t cw;
++    fenv_t fenv;
+ 
+-    _FPU_GETCW(cw);
+-    cw &= ~_FPU_EXTENDED;
+-    cw |= _FPU_DOUBLE;
+-    _FPU_SETCW(cw);
+-#endif
++    fegetenv(&fenv);
++    fenv.__control_word &= ~0x300; /*_FPU_EXTENDED */
++    fenv.__control_word |= 0x200; /*_FPU_DOUBLE */
++    fesetenv(&fenv);
+ }
+ 
+ void initialisePlatform() {
+-- 
+2.7.4
+

lang/jamvm/patches/010-musl.patch

@@ -0,0 +1,12 @@
+--- a/src/os/linux/os.c
++++ b/src/os/linux/os.c
+@@ -26,6 +26,9 @@
+ #include <sys/sysinfo.h>
+ 
+ #define __USE_GNU
++#ifndef _GNU_SOURCE
++#define _GNU_SOURCE
++#endif
+ #include <dlfcn.h>
+ #include <pthread.h>
+ 

lang/lua-bencode/Makefile

@@ -11,11 +11,10 @@ PKG_NAME:=lua-bencode
 PKG_VERSION:=2.1.0
 PKG_RELEASE:=1
 
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_URL:=https://bitbucket.org/wilhelmy/lua-bencode
-PKG_SOURCE_PROTO:=hg
-PKG_SOURCE_VERSION:=500243383cb6acbddd3cf12aee6e4667aab53324
+PKG_SOURCE_URL:=https://bitbucket.org/wilhelmy/lua-bencode/downloads/
+PKG_HASH:=4624f33ff026bc62990a323ee4953e42d68430c38a1a4726c9cfd77c085b1422
 PKG_LICENSE:=MIT
 
 include $(INCLUDE_DIR)/package.mk

lang/luasocket/Makefile

@@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=luasocket
 PKG_SOURCE_VERSION:=6d5e40c324c84d9c1453ae88e0ad5bdd0a631448
 PKG_VERSION:=3.0-rc1-20130909
-PKG_RELEASE:=3
+PKG_RELEASE:=5
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=https://github.com/diegonehab/luasocket.git
@@ -41,7 +41,7 @@ endef
 define Build/Compile
 	$(MAKE) -C $(PKG_BUILD_DIR)/ \
 		LIBDIR="$(TARGET_LDFLAGS)" \
-		CC="$(TARGET_CC) $(TARGET_CFLAGS) $(TARGET_CPPFLAGS) -std=gnu99" \
+		CC="$(TARGET_CC) $(TARGET_CFLAGS) $(TARGET_CPPFLAGS) $(FPIC)" \
 		LD="$(TARGET_CROSS)ld -shared" \
 		all
 endef

lang/luasocket/patches/0301-Fix-mpc85xx-build.patch

@@ -0,0 +1,25 @@
+--- a/src/makefile
++++ b/src/makefile
+@@ -345,18 +345,18 @@ none:
+ all: $(SOCKET_SO) $(MIME_SO)
+ 
+ $(SOCKET_SO): $(SOCKET_OBJS)
+-	$(LD) $(SOCKET_OBJS) $(LDFLAGS)$@
++	$(CC) $(SOCKET_OBJS) $(LDFLAGS)$@
+ 
+ $(MIME_SO): $(MIME_OBJS)
+-	$(LD) $(MIME_OBJS) $(LDFLAGS)$@
++	$(CC) $(MIME_OBJS) $(LDFLAGS)$@
+ 
+ all-unix: all $(UNIX_SO) $(SERIAL_SO)
+ 
+ $(UNIX_SO): $(UNIX_OBJS)
+-	$(LD) $(UNIX_OBJS) $(LDFLAGS)$@
++	$(CC) $(UNIX_OBJS) $(LDFLAGS)$@
+ 
+ $(SERIAL_SO): $(SERIAL_OBJS)
+-	$(LD) $(SERIAL_OBJS) $(LDFLAGS)$@
++	$(CC) $(SERIAL_OBJS) $(LDFLAGS)$@
+ 
+ install: 
+ 	$(INSTALL_DIR) $(INSTALL_TOP_LDIR)

lang/luasocket/patches/040-remove-fpic-and-warnings.patch

@@ -0,0 +1,14 @@
+--- a/src/makefile
++++ b/src/makefile
+@@ -163,9 +163,8 @@ DEF_linux=-DLUASOCKET_$(DEBUG) -DLUA_$(COMPAT)_MODULE \
+ 	-DLUASOCKET_API='__attribute__((visibility("default")))' \
+ 	-DUNIX_API='__attribute__((visibility("default")))' \
+ 	-DMIME_API='__attribute__((visibility("default")))'
+-CFLAGS_linux= -I$(LUAINC) $(DEF) -pedantic -Wall -Wshadow -Wextra \
+-	-Wimplicit -O2 -ggdb3 -fpic -fvisibility=hidden
+-LDFLAGS_linux=-O -shared -fpic -o 
++CFLAGS_linux= -I$(LUAINC) $(DEF) -fvisibility=hidden
++LDFLAGS_linux=-shared -o
+ LD_linux=gcc
+ SOCKET_linux=usocket.o
+ 

lang/perl-www-curl/patches/101-skip-preprocessor-symbol.path

@@ -0,0 +1,34 @@
+From 0be0223422e6e5f4091c6e4e058d213623eed105 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
+Date: Mon, 12 Sep 2016 14:40:44 +0200
+Subject: [PATCH] Skip preprocessor symbol only CURL_STRICTER
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+CURL_STRICTER leaked into curl-constants.c when building against
+curl-7.50.2. This is a preprocessor only macro without a value.
+
+CPAN RT#117793
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ Makefile.PL | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile.PL b/Makefile.PL
+index f9170bb..ad2bd3d 100644
+--- a/Makefile.PL
++++ b/Makefile.PL
+@@ -127,7 +127,7 @@ if (!defined($curl_h)) {
+     close H;
+ 
+     for my $e (sort @syms) {
+-       if($e =~ /(OBSOLETE|^CURL_EXTERN|_LAST\z|_LASTENTRY\z)/) {
++       if($e =~ /(OBSOLETE|^CURL_EXTERN|^CURL_STRICTER\z|_LAST\z|_LASTENTRY\z)/) {
+           next;
+        }
+        my ($group) = $e =~ m/^([^_]+_)/;
+-- 
+2.7.4
+

lang/php7/Makefile

@@ -6,7 +6,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=php
-PKG_VERSION:=7.1.0
+PKG_VERSION:=7.1.1
 PKG_RELEASE:=1
 
 PKG_MAINTAINER:=Michael Heimpold <mhei@heimpold.de>
@@ -16,8 +16,8 @@ PKG_LICENSE_FILES:=LICENSE
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=http://www.php.net/distributions/
-PKG_MD5SUM:=cf36039303c47f493100afea522a8f53
-PKG_HASH:=a810b3f29c21407c24caa88f50649320d20ba6892ae1923132598b8a0ca145b6
+PKG_MD5SUM:=65eef256f6e7104a05361939f5e23ada
+PKG_HASH:=b3565b0c1441064eba204821608df1ec7367abff881286898d900c2c2a5ffe70
 
 PKG_FIXUP:=libtool autoreconf
 PKG_BUILD_PARALLEL:=1
@@ -444,7 +444,7 @@ CONFIGURE_VARS+= \
 	ac_cv_c_bigendian_php=$(if $(CONFIG_BIG_ENDIAN),yes,no) \
 	php_cv_cc_rpath="no" \
 	iconv_impl_name="gnu_libiconv" \
-	ac_cv_php_xml2_config_path="$(STAGING_DIR_HOSTPKG)/bin/xml2-config" \
+	ac_cv_php_xml2_config_path="$(STAGING_DIR)/host/bin/xml2-config" \
 
 define Package/php7/conffiles
 /etc/php.ini

lang/php7/patches/0041-Add-patch-to-remove-build-timestamps-from-generated-.patch

@@ -57,11 +57,11 @@ index 0b6deb1..bb9014a 100644
  								SG(request_info).no_headers = 1;
  							}
  #if ZEND_DEBUG
--							php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2016 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
-+							php_printf("PHP %s (%s) (DEBUG)\nCopyright (c) 1997-2016 The PHP Group\n%s", PHP_VERSION, sapi_module.name, get_zend_version());
+-							php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2017 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
++							php_printf("PHP %s (%s) (DEBUG)\nCopyright (c) 1997-2017 The PHP Group\n%s", PHP_VERSION, sapi_module.name, get_zend_version());
  #else
--							php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2016 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
-+							php_printf("PHP %s (%s)\nCopyright (c) 1997-2016 The PHP Group\n%s", PHP_VERSION, sapi_module.name, get_zend_version());
+-							php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2017 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
++							php_printf("PHP %s (%s)\nCopyright (c) 1997-2017 The PHP Group\n%s", PHP_VERSION, sapi_module.name, get_zend_version());
  #endif
  							php_request_shutdown((void *) 0);
  							fcgi_shutdown();
@@ -73,9 +73,9 @@ index dc92045..bb28364 100644
  				goto out;
  
  			case 'v': /* show php version & quit */
--				php_printf("PHP %s (%s) (built: %s %s) ( %s)\nCopyright (c) 1997-2016 The PHP Group\n%s",
+-				php_printf("PHP %s (%s) (built: %s %s) ( %s)\nCopyright (c) 1997-2017 The PHP Group\n%s",
 -					PHP_VERSION, cli_sapi_module.name, __DATE__, __TIME__,
-+				php_printf("PHP %s (%s) ( %s)\nCopyright (c) 1997-2016 The PHP Group\n%s",
++				php_printf("PHP %s (%s) ( %s)\nCopyright (c) 1997-2017 The PHP Group\n%s",
 +					PHP_VERSION, cli_sapi_module.name,
  #if ZTS
  					"ZTS "
@@ -88,11 +88,11 @@ index 6768113..545c52e 100644
  				SG(request_info).no_headers = 1;
  
  #if ZEND_DEBUG
--				php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2016 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__,        __TIME__, get_zend_version());
-+				php_printf("PHP %s (%s) (DEBUG)\nCopyright (c) 1997-2016 The PHP Group\n%s", PHP_VERSION, sapi_module.name, get_zend_version());
+-				php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2017 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__,        __TIME__, get_zend_version());
++				php_printf("PHP %s (%s) (DEBUG)\nCopyright (c) 1997-2017 The PHP Group\n%s", PHP_VERSION, sapi_module.name, get_zend_version());
  #else
--				php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2016 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__,      get_zend_version());
-+				php_printf("PHP %s (%s)\nCopyright (c) 1997-2016 The PHP Group\n%s", PHP_VERSION, sapi_module.name, get_zend_version());
+-				php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2017 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__,      get_zend_version());
++				php_printf("PHP %s (%s)\nCopyright (c) 1997-2017 The PHP Group\n%s", PHP_VERSION, sapi_module.name, get_zend_version());
  #endif
  				php_request_shutdown((void *) 0);
  				fcgi_shutdown();
@@ -104,8 +104,8 @@ index b47c7c8..ab94bba 100644
  				phpdbg_do_help_cmd(exec);
  			} else if (show_version) {
  				phpdbg_out(
--					"phpdbg %s (built: %s %s)\nPHP %s, Copyright (c) 1997-2016 The PHP Group\n%s",
-+					"phpdbg %s\nPHP %s, Copyright (c) 1997-2016 The PHP Group\n%s",
+-					"phpdbg %s (built: %s %s)\nPHP %s, Copyright (c) 1997-2017 The PHP Group\n%s",
++					"phpdbg %s\nPHP %s, Copyright (c) 1997-2017 The PHP Group\n%s",
  					PHPDBG_VERSION,
 -					__DATE__,
 -					__TIME__,

lang/python/Makefile

@@ -12,12 +12,12 @@ include ./files/python-version.mk
 
 PKG_NAME:=python
 PKG_VERSION:=$(PYTHON_VERSION).$(PYTHON_VERSION_MICRO)
-PKG_RELEASE:=3
+PKG_RELEASE:=5
 
 PKG_SOURCE:=Python-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=https://www.python.org/ftp/python/$(PKG_VERSION)
-PKG_MD5SUM:=53b43534153bb2a0363f08bae8b9d990
-PKG_HASH:=35d543986882f78261f97787fd3e06274bfa6df29fac9b4a94f73930ff98f731
+PKG_MD5SUM:=1f6db41ad91d9eb0a6f0c769b8613c5b
+PKG_HASH:=71ffb26e09e78650e424929b2b457b9c912ac216576e6bd9e7d204ed03296a66
 
 PKG_LICENSE:=PSF
 PKG_LICENSE_FILES:=LICENSE Modules/_ctypes/libffi_msvc/LICENSE Modules/_ctypes/darwin/LICENSE Modules/_ctypes/libffi/LICENSE Modules/_ctypes/libffi_osx/LICENSE Tools/pybench/LICENSE
@@ -242,6 +242,10 @@ HOST_CONFIGURE_ARGS+= \
 	--with-system-ffi=no \
 	CONFIG_SITE=
 
+define Host/Compile
+	$(call Host/Compile/Default,python Parser/pgen sharedmods)
+endef
+
 define Host/Install
 	$(MAKE) -C $(HOST_BUILD_DIR) install
 	$(INSTALL_DIR) $(HOST_PYTHON_DIR)/bin/

lang/python/files/python-version.mk

@@ -6,5 +6,5 @@
 #
 
 PYTHON_VERSION:=2.7
-PYTHON_VERSION_MICRO:=13
+PYTHON_VERSION_MICRO:=14
 

lang/python/patches/001-enable-zlib.patch

@@ -7,11 +7,9 @@ Subject: [PATCH] enable zlib
  Modules/Setup.dist | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
-diff --git a/Modules/Setup.dist b/Modules/Setup.dist
-index 01fb85f..01ac492 100644
 --- a/Modules/Setup.dist
 +++ b/Modules/Setup.dist
-@@ -358,7 +358,7 @@ _symtable symtablemodule.c
+@@ -464,7 +464,7 @@ GLHACK=-Dclear=__GLclear
  # Andrew Kuchling's zlib module.
  # This require zlib 1.1.3 (or later).
  # See http://www.gzip.org/zlib/
@@ -20,6 +18,3 @@ index 01fb85f..01ac492 100644
  
  # Interface to the Expat XML parser
  #
--- 
-1.8.4.5
-

lang/python/patches/002-do-not-add-include-dirs-when-cross-compiling.patch

@@ -1,8 +1,6 @@
-diff --git a/setup.py b/setup.py
-index cbdeaf3..5154412 100644
 --- a/setup.py
 +++ b/setup.py
-@@ -480,7 +480,8 @@ class PyBuildExt(build_ext):
+@@ -497,7 +497,8 @@ class PyBuildExt(build_ext):
                          add_dir_to_list(dir_list, directory)
  
          if os.path.normpath(sys.prefix) != '/usr' \

lang/python/patches/003-do-not-compile-tests-at-build.patch

@@ -1,8 +1,6 @@
-diff --git a/Makefile.pre.in b/Makefile.pre.in
-index 7f4ec2f..e270bf2 100644
 --- a/Makefile.pre.in
 +++ b/Makefile.pre.in
-@@ -1038,6 +1038,7 @@ libinstall:	build_all $(srcdir)/Lib/$(PLATDIR) $(srcdir)/Modules/xxmodule.c
+@@ -1110,6 +1110,7 @@ libinstall:	build_all $(srcdir)/Lib/$(PL
  		done; \
  	done
  	$(INSTALL_DATA) $(srcdir)/LICENSE $(DESTDIR)$(LIBDEST)/LICENSE.txt
@@ -10,7 +8,7 @@ index 7f4ec2f..e270bf2 100644
  	if test -d $(DESTDIR)$(LIBDEST)/distutils/tests; then \
  		$(INSTALL_DATA) $(srcdir)/Modules/xxmodule.c \
  			$(DESTDIR)$(LIBDEST)/distutils/tests ; \
-@@ -1064,6 +1065,7 @@ libinstall:	build_all $(srcdir)/Lib/$(PLATDIR) $(srcdir)/Modules/xxmodule.c
+@@ -1136,6 +1137,7 @@ libinstall:	build_all $(srcdir)/Lib/$(PL
  		$(PYTHON_FOR_BUILD) -m lib2to3.pgen2.driver $(DESTDIR)$(LIBDEST)/lib2to3/Grammar.txt
  	-PYTHONPATH=$(DESTDIR)$(LIBDEST) $(RUNSHARED) \
  		$(PYTHON_FOR_BUILD) -m lib2to3.pgen2.driver $(DESTDIR)$(LIBDEST)/lib2to3/PatternGrammar.txt

lang/python/patches/004-do-not-write-bytes-codes.patch

@@ -1,8 +1,6 @@
-diff --git a/Python/pythonrun.c b/Python/pythonrun.c
-index 748a63b..cb6e291 100644
 --- a/Python/pythonrun.c
 +++ b/Python/pythonrun.c
-@@ -79,7 +79,7 @@ int Py_InteractiveFlag; /* Needed by Py_FdIsInteractive() below */
+@@ -79,7 +79,7 @@ int Py_InteractiveFlag; /* Needed by Py_
  int Py_InspectFlag; /* Needed to determine whether to exit at SystemExit */
  int Py_NoSiteFlag; /* Suppress 'import site' */
  int Py_BytesWarningFlag; /* Warn on str(bytes) and str(buffer) */
@@ -11,7 +9,7 @@ index 748a63b..cb6e291 100644
  int Py_UseClassExceptionsFlag = 1; /* Needed by bltinmodule.c: deprecated */
  int Py_FrozenFlag; /* Needed by getpath.c */
  int Py_UnicodeFlag = 0; /* Needed by compile.c */
-@@ -174,7 +174,7 @@ Py_InitializeEx(int install_sigs)
+@@ -185,7 +185,7 @@ Py_InitializeEx(int install_sigs)
      if ((p = Py_GETENV("PYTHONOPTIMIZE")) && *p != '\0')
          Py_OptimizeFlag = add_flag(Py_OptimizeFlag, p);
      if ((p = Py_GETENV("PYTHONDONTWRITEBYTECODE")) && *p != '\0')

lang/python/patches/005-fix-bluetooth-support.patch

@@ -0,0 +1,61 @@
+diff --git a/configure b/configure
+index 4c0435e..0068a9d 100755
+--- a/configure
++++ b/configure
+@@ -7045,7 +7045,7 @@ sys/param.h sys/poll.h sys/random.h sys/select.h sys/socket.h sys/statvfs.h sys/
+ sys/termio.h sys/time.h \
+ sys/times.h sys/types.h sys/un.h sys/utsname.h sys/wait.h pty.h libutil.h \
+ sys/resource.h netpacket/packet.h sysexits.h bluetooth.h \
+-bluetooth/bluetooth.h linux/tipc.h spawn.h util.h alloca.h
++linux/tipc.h spawn.h util.h alloca.h
+ do :
+   as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+@@ -7267,6 +7267,24 @@ fi
+ fi
+ 
+ 
++# bluetooth/bluetooth.h has been known to not compile with -std=c99.
++# http://permalink.gmane.org/gmane.linux.bluez.kernel/22294
++SAVE_CFLAGS=$CFLAGS
++CFLAGS="-std=c99 $CFLAGS"
++for ac_header in bluetooth/bluetooth.h
++do :
++  ac_fn_c_check_header_mongrel "$LINENO" "bluetooth/bluetooth.h" "ac_cv_header_bluetooth_bluetooth_h" "$ac_includes_default"
++if test "x$ac_cv_header_bluetooth_bluetooth_h" = xyes; then :
++  cat >>confdefs.h <<_ACEOF
++#define HAVE_BLUETOOTH_BLUETOOTH_H 1
++_ACEOF
++
++fi
++
++done
++
++CFLAGS=$SAVE_CFLAGS
++
+ # On Linux, netlink.h requires asm/types.h
+ for ac_header in linux/netlink.h
+ do :
+diff --git a/configure.ac b/configure.ac
+index 780f275..dceca1c 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1702,10 +1702,17 @@ sys/param.h sys/poll.h sys/random.h sys/select.h sys/socket.h sys/statvfs.h sys/
+ sys/termio.h sys/time.h \
+ sys/times.h sys/types.h sys/un.h sys/utsname.h sys/wait.h pty.h libutil.h \
+ sys/resource.h netpacket/packet.h sysexits.h bluetooth.h \
+-bluetooth/bluetooth.h linux/tipc.h spawn.h util.h alloca.h)
++linux/tipc.h spawn.h util.h alloca.h)
+ AC_HEADER_DIRENT
+ AC_HEADER_MAJOR
+ 
++# bluetooth/bluetooth.h has been known to not compile with -std=c99.
++# http://permalink.gmane.org/gmane.linux.bluez.kernel/22294
++SAVE_CFLAGS=$CFLAGS
++CFLAGS="-std=c99 $CFLAGS"
++AC_CHECK_HEADERS(bluetooth/bluetooth.h)
++CFLAGS=$SAVE_CFLAGS
++
+ # On Linux, netlink.h requires asm/types.h
+ AC_CHECK_HEADERS(linux/netlink.h,,,[
+ #ifdef HAVE_ASM_TYPES_H

lang/python/patches/006-remove-debian-multiarch-support.patch

@@ -1,14 +0,0 @@
-diff --git a/setup.py b/setup.py
-index 1d1ae72..511aed5 100644
---- a/setup.py
-+++ b/setup.py
-@@ -444,7 +444,8 @@ class PyBuildExt(build_ext):
-             add_dir_to_list(self.compiler.include_dirs, '/usr/local/include')
-         if cross_compiling:
-             self.add_gcc_paths()
--        self.add_multiarch_paths()
-+        else:
-+            self.add_multiarch_paths()
- 
-         # Add paths specified in the environment variables LDFLAGS and
-         # CPPFLAGS for header and library files.

lang/python/patches/006-remove-multi-arch-and-local-paths.patch

@@ -0,0 +1,16 @@
+--- a/setup.py
++++ b/setup.py
+@@ -454,13 +454,8 @@ class PyBuildExt(build_ext):
+             os.unlink(tmpfile)
+ 
+     def detect_modules(self):
+-        # Ensure that /usr/local is always used
+-        if not cross_compiling:
+-            add_dir_to_list(self.compiler.library_dirs, '/usr/local/lib')
+-            add_dir_to_list(self.compiler.include_dirs, '/usr/local/include')
+         if cross_compiling:
+             self.add_gcc_paths()
+-        self.add_multiarch_paths()
+ 
+         # Add paths specified in the environment variables LDFLAGS and
+         # CPPFLAGS for header and library files.

lang/python/patches/008-distutils-use-python-sysroot.patch

@@ -16,11 +16,9 @@ taken from the sysconfigdata module.
 
 Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 
-Index: b/Lib/distutils/sysconfig.py
-===================================================================
 --- a/Lib/distutils/sysconfig.py
 +++ b/Lib/distutils/sysconfig.py
-@@ -19,8 +19,13 @@
+@@ -19,8 +19,13 @@ import sys
  from distutils.errors import DistutilsPlatformError
  
  # These are needed in a couple of spots, so just compute them once.
@@ -36,11 +34,9 @@ Index: b/Lib/distutils/sysconfig.py
  
  # Path to the base directory of the project. On Windows the binary may
  # live in project/PCBuild9.  If we're dealing with an x64 Windows build,
-Index: b/Lib/distutils/command/build_ext.py
-===================================================================
 --- a/Lib/distutils/command/build_ext.py
 +++ b/Lib/distutils/command/build_ext.py
-@@ -237,7 +237,10 @@
+@@ -240,7 +240,10 @@ class build_ext (Command):
          if (sysconfig.get_config_var('Py_ENABLE_SHARED')):
              if not sysconfig.python_build:
                  # building third party extensions

lang/python/patches/009-do-not-use-dblib_dir-when-cross-compiling.patch

@@ -1,8 +1,6 @@
-diff --git a/setup.py b/setup.py
-index 7868b7b..10ec68f 100644
 --- a/setup.py
 +++ b/setup.py
-@@ -1067,6 +1067,7 @@ class PyBuildExt(build_ext):
+@@ -1083,6 +1083,7 @@ class PyBuildExt(build_ext):
                          if db_setup_debug: print "db lib: ", dblib, "not found"
  
          except db_found:
@@ -10,7 +8,7 @@ index 7868b7b..10ec68f 100644
              if db_setup_debug:
                  print "bsddb using BerkeleyDB lib:", db_ver, dblib
                  print "bsddb lib dir:", dblib_dir, " inc dir:", db_incdir
-@@ -1081,7 +1082,7 @@ class PyBuildExt(build_ext):
+@@ -1097,7 +1098,7 @@ class PyBuildExt(build_ext):
              exts.append(Extension('_bsddb', ['_bsddb.c'],
                                    depends = ['bsddb.h'],
                                    library_dirs=dblib_dir,
@@ -19,7 +17,7 @@ index 7868b7b..10ec68f 100644
                                    include_dirs=db_incs,
                                    libraries=dblibs))
          else:
-@@ -1292,10 +1293,11 @@ class PyBuildExt(build_ext):
+@@ -1308,10 +1309,11 @@ class PyBuildExt(build_ext):
                              break
                  elif cand == "bdb":
                      if db_incs is not None:

lang/python/patches/010-do-not-add-rt-lib-dirs-when-cross-compiling.patch

@@ -1,8 +1,6 @@
-diff --git a/setup.py b/setup.py
-index 7868b7b..544fa7e 100644
 --- a/setup.py
 +++ b/setup.py
-@@ -452,8 +452,9 @@ class PyBuildExt(build_ext):
+@@ -463,8 +463,9 @@ class PyBuildExt(build_ext):
          # directly since an inconsistently reproducible issue comes up where
          # the environment variable is not set even though the value were passed
          # into configure and stored in the Makefile (issue found on OS X 10.3).

lang/python/patches/011-remove-setupterm-definition.patch

@@ -0,0 +1,10 @@
+--- a/Modules/_cursesmodule.c
++++ b/Modules/_cursesmodule.c
+@@ -117,7 +117,6 @@ char *PyCursesVersion = "2.2";
+     #defines many common symbols (such as "lines") which breaks the
+     curses module in other ways.  So the code will just specify
+     explicit prototypes here. */
+-extern int setupterm(char *,int,int *);
+ #ifdef __sgi
+ #include <term.h>
+ #endif

lang/python3/Makefile

@@ -14,7 +14,7 @@ PYTHON_VERSION:=$(PYTHON3_VERSION)
 PYTHON_VERSION_MICRO:=$(PYTHON3_VERSION_MICRO)
 
 PKG_NAME:=python3
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 PKG_VERSION:=$(PYTHON_VERSION).$(PYTHON_VERSION_MICRO)
 
 PKG_SOURCE:=Python-$(PKG_VERSION).tar.xz

lang/python3/patches/011-fix-ncursesw-definition-colisions.patch

@@ -0,0 +1,24 @@
+diff --git a/Modules/_cursesmodule.c b/Modules/_cursesmodule.c
+index 3bf2ca7..c156964 100644
+--- a/Modules/_cursesmodule.c
++++ b/Modules/_cursesmodule.c
+@@ -116,7 +116,6 @@ char *PyCursesVersion = "2.2";
+     #defines many common symbols (such as "lines") which breaks the
+     curses module in other ways.  So the code will just specify
+     explicit prototypes here. */
+-extern int setupterm(char *,int,int *);
+ #ifdef __sgi
+ #include <term.h>
+ #endif
+diff --git a/setup.py b/setup.py
+index af9a414..ee19ecd 100644
+--- a/setup.py
++++ b/setup.py
+@@ -1349,7 +1349,6 @@ class PyBuildExt(build_ext):
+         panel_library = 'panel'
+         if curses_library == 'ncursesw':
+             curses_defines.append(('HAVE_NCURSESW', '1'))
+-            curses_includes.append('/usr/include/ncursesw')
+             # Bug 1464056: If _curses.so links with ncursesw,
+             # _curses_panel.so must link with panelw.
+             panel_library = 'panelw'

lang/ruby/Makefile

@@ -1,23 +1,25 @@
 #
 # Copyright (C) 2006-2016 OpenWrt.org
+# Copyright (C) 2017-2018 Luiz Angelo Daros de Luca <luizluca@gmail.com>
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
 #
 # To Do:
-#  - dirs not removed when uninstalling!
+#  - dirs not removed when uninstalling! opkg bug?
 #
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ruby
-PKG_VERSION:=2.4.0
+PKG_VERSION:=2.4.4
 PKG_RELEASE:=1
 
-PKG_LIBVER:=2.4
+# First two numbes
+PKG_ABI_VERSION:=$(subst $(space),.,$(wordlist 1, 2, $(subst .,$(space),$(PKG_VERSION))))
 
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
-PKG_SOURCE_URL:=http://cache.ruby-lang.org/pub/ruby/$(PKG_LIBVER)/
-PKG_MD5SUM:=440bbbdc49d08d3650f340dccb35986d9399177ad69a204def56e5d3954600cf
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
+PKG_SOURCE_URL:=https://cache.ruby-lang.org/pub/ruby/$(PKG_ABI_VERSION)/
+PKG_HASH:=1d0034071d675193ca769f64c91827e5f54cb3a7962316a41d5217c7bc6949f0
 PKG_MAINTAINER:=Luiz Angelo Daros de Luca <luizluca@gmail.com>
 PKG_LICENSE:=BSD-2-Clause
 PKG_LICENSE_FILES:=COPYING
@@ -73,7 +75,7 @@ TARGET_LDFLAGS += -L$(PKG_BUILD_DIR)
 # Ruby uses DLDFLAGS and not LDFLAGS for libraries. LDFLAGS is only for execs.
 # However, DLDFLAGS from configure is not passed to Makefile when target is linux.
 # XLDFLAGS is used by both libraries and execs. This is somehow brute force but
-# it will fix when some LD_FLAGS is needef for libraries. As side effect, it will
+# it will fix when some LD_FLAGS is needed for libraries. As side effect, it will
 # duplicate ld args for binaries.
 CONFIGURE_VARS += XLDFLAGS="$(TARGET_LDFLAGS)"
 
@@ -155,15 +157,15 @@ endef
 
 define Package/ruby/install
 	$(INSTALL_DIR) $(1)/usr/bin
-	$(INSTALL_DIR) $(1)/usr/lib/ruby/$(PKG_LIBVER)
-	$(INSTALL_DIR) $(1)/usr/lib/ruby/vendor_ruby/$(PKG_LIBVER)
-	$(INSTALL_DIR) $(1)/usr/lib/ruby/site_ruby/$(PKG_LIBVER)
-	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/ruby $(1)/usr/lib/ruby/ruby$(PKG_LIBVER)-bin
+	$(INSTALL_DIR) $(1)/usr/lib/ruby/$(PKG_ABI_VERSION)
+	$(INSTALL_DIR) $(1)/usr/lib/ruby/vendor_ruby/$(PKG_ABI_VERSION)
+	$(INSTALL_DIR) $(1)/usr/lib/ruby/site_ruby/$(PKG_ABI_VERSION)
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/ruby $(1)/usr/lib/ruby/ruby$(PKG_ABI_VERSION)-bin
 	$(INSTALL_BIN) ./files/ruby $(1)/usr/bin/ruby
-	$(CP) $(PKG_INSTALL_DIR)/usr/lib/ruby/vendor_ruby/$(PKG_LIBVER)/* $(1)/usr/lib/ruby/vendor_ruby/$(PKG_LIBVER)/
-	$(CP) $(PKG_INSTALL_DIR)/usr/lib/ruby/site_ruby/$(PKG_LIBVER)/* $(1)/usr/lib/ruby/site_ruby/$(PKG_LIBVER)/
-	$(SED) "s%@RUBY_LIBPATH@%/usr/lib/ruby/$(PKG_LIBVER)%" $(1)/usr/bin/ruby
-	$(SED) "s%@RUBY_BINPATH@%/usr/lib/ruby/ruby$(PKG_LIBVER)-bin%" $(1)/usr/bin/ruby
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/ruby/vendor_ruby/$(PKG_ABI_VERSION)/* $(1)/usr/lib/ruby/vendor_ruby/$(PKG_ABI_VERSION)/
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/ruby/site_ruby/$(PKG_ABI_VERSION)/* $(1)/usr/lib/ruby/site_ruby/$(PKG_ABI_VERSION)/
+	$(SED) "s%@RUBY_LIBPATH@%/usr/lib/ruby/$(PKG_ABI_VERSION)%" $(1)/usr/bin/ruby
+	$(SED) "s%@RUBY_BINPATH@%/usr/lib/ruby/ruby$(PKG_ABI_VERSION)-bin%" $(1)/usr/bin/ruby
 endef
 
 define Package/libruby
@@ -173,7 +175,7 @@ $(call Package/ruby/Default)
   CATEGORY:=Libraries
   TITLE+= (shared library)
   DEPENDS+= +libpthread +librt +libgmp
-  ABI_VERSION:=$(PKG_LIBVER)
+  ABI_VERSION:=$(PKG_ABI_VERSION)
 endef
 define Package/libruby/install
 	$(INSTALL_DIR) $(1)/usr/lib
@@ -200,25 +202,25 @@ define Package/ruby-stdlib/install
 endef
 
 define Package/ruby-bigdecimal/files
-/usr/lib/ruby/$(PKG_LIBVER)/*/bigdecimal.so
-/usr/lib/ruby/$(PKG_LIBVER)/bigdecimal/
-/usr/lib/ruby/gems/$(PKG_LIBVER)/specifications/default/bigdecimal-*.gemspec
+/usr/lib/ruby/$(PKG_ABI_VERSION)/*/bigdecimal.so
+/usr/lib/ruby/$(PKG_ABI_VERSION)/bigdecimal/
+/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/specifications/default/bigdecimal-*.gemspec
 endef
 
 define Package/ruby-cgi/files
-/usr/lib/ruby/$(PKG_LIBVER)/cgi
-/usr/lib/ruby/$(PKG_LIBVER)/cgi.rb
-/usr/lib/ruby/$(PKG_LIBVER)/*/cgi/escape.so
+/usr/lib/ruby/$(PKG_ABI_VERSION)/cgi
+/usr/lib/ruby/$(PKG_ABI_VERSION)/cgi.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/*/cgi/escape.so
 endef
 
 define Package/ruby-csv/files
-/usr/lib/ruby/$(PKG_LIBVER)/csv.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/csv.rb
 endef
 
 define Package/ruby-datetime/files
-/usr/lib/ruby/$(PKG_LIBVER)/time.rb
-/usr/lib/ruby/$(PKG_LIBVER)/date.rb
-/usr/lib/ruby/$(PKG_LIBVER)/*/date_core.so
+/usr/lib/ruby/$(PKG_ABI_VERSION)/time.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/date.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/*/date_core.so
 endef
 
 define Package/ruby-dbm/description
@@ -227,28 +229,28 @@ define Package/ruby-dbm/description
 
 endef
 define Package/ruby-dbm/files
-/usr/lib/ruby/$(PKG_LIBVER)/*/dbm.so
+/usr/lib/ruby/$(PKG_ABI_VERSION)/*/dbm.so
 endef
 
 define Package/ruby-debuglib/files
-/usr/lib/ruby/$(PKG_LIBVER)/profile.rb
-/usr/lib/ruby/$(PKG_LIBVER)/profiler.rb
-/usr/lib/ruby/$(PKG_LIBVER)/debug.rb
-/usr/lib/ruby/$(PKG_LIBVER)/tracer.rb
-/usr/lib/ruby/$(PKG_LIBVER)/benchmark.rb
-/usr/lib/ruby/$(PKG_LIBVER)/*/objspace.so
+/usr/lib/ruby/$(PKG_ABI_VERSION)/profile.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/profiler.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/debug.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/tracer.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/benchmark.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/*/objspace.so
 endef
 
 define Package/ruby-did-you-mean/files
-/usr/lib/ruby/gems/$(PKG_LIBVER)/specifications/did_you_mean-*.gemspec
-/usr/lib/ruby/gems/$(PKG_LIBVER)/gems/did_you_mean-*/
+/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/specifications/did_you_mean-*.gemspec
+/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/gems/did_you_mean-*/
 endef
 define Package/ruby-did-you-mean/files-excluded
-/usr/lib/ruby/gems/$(PKG_LIBVER)/gems/did_you_mean-*/benchmark
-/usr/lib/ruby/gems/$(PKG_LIBVER)/gems/did_you_mean-*/doc
-/usr/lib/ruby/gems/$(PKG_LIBVER)/gems/did_you_mean-*/evaluation
-/usr/lib/ruby/gems/$(PKG_LIBVER)/gems/did_you_mean-*/test
-/usr/lib/ruby/gems/$(PKG_LIBVER)/gems/did_you_mean-*/*.md
+/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/gems/did_you_mean-*/benchmark
+/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/gems/did_you_mean-*/doc
+/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/gems/did_you_mean-*/evaluation
+/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/gems/did_you_mean-*/test
+/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/gems/did_you_mean-*/*.md
 endef
 
 define Package/ruby-digest/description
@@ -270,26 +272,26 @@ define Package/ruby-digest/config
 
 endef
 define Package/ruby-digest/files
-/usr/lib/ruby/$(PKG_LIBVER)/digest
-/usr/lib/ruby/$(PKG_LIBVER)/digest.rb
-/usr/lib/ruby/$(PKG_LIBVER)/*/digest.so
-/usr/lib/ruby/$(PKG_LIBVER)/*/digest/*
+/usr/lib/ruby/$(PKG_ABI_VERSION)/digest
+/usr/lib/ruby/$(PKG_ABI_VERSION)/digest.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/*/digest.so
+/usr/lib/ruby/$(PKG_ABI_VERSION)/*/digest/*
 endef
 
 define Package/ruby-drb/files
-/usr/lib/ruby/$(PKG_LIBVER)/drb.rb
-/usr/lib/ruby/$(PKG_LIBVER)/drb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/drb.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/drb
 endef
 
 define Package/ruby-enc/files
-/usr/lib/ruby/$(PKG_LIBVER)/*/enc/encdb.so
-/usr/lib/ruby/$(PKG_LIBVER)/*/enc/iso_8859_1.so
-/usr/lib/ruby/$(PKG_LIBVER)/*/enc/utf_*.so
-/usr/lib/ruby/$(PKG_LIBVER)/*/enc/euc_jp.so
+/usr/lib/ruby/$(PKG_ABI_VERSION)/*/enc/encdb.so
+/usr/lib/ruby/$(PKG_ABI_VERSION)/*/enc/iso_8859_1.so
+/usr/lib/ruby/$(PKG_ABI_VERSION)/*/enc/utf_*.so
+/usr/lib/ruby/$(PKG_ABI_VERSION)/*/enc/euc_jp.so
 endef
 
 define Package/ruby-enc-extra/files
-/usr/lib/ruby/$(PKG_LIBVER)/*/enc
+/usr/lib/ruby/$(PKG_ABI_VERSION)/*/enc
 endef
 define Package/ruby-enc-extra/files-excluded
 $(call Package/ruby-enc/files)
@@ -297,59 +299,59 @@ endef
 
 define Package/ruby-erb/files
 /usr/bin/erb
-/usr/lib/ruby/$(PKG_LIBVER)/erb.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/erb.rb
 endef
 
 define Package/ruby-fiddle/files
-/usr/lib/ruby/$(PKG_LIBVER)/fiddle.rb
-/usr/lib/ruby/$(PKG_LIBVER)/fiddle/
-/usr/lib/ruby/$(PKG_LIBVER)/*/fiddle.so
+/usr/lib/ruby/$(PKG_ABI_VERSION)/fiddle.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/fiddle/
+/usr/lib/ruby/$(PKG_ABI_VERSION)/*/fiddle.so
 endef
 
 define Package/ruby-filelib/files
-/usr/lib/ruby/$(PKG_LIBVER)/tmpdir.rb
-/usr/lib/ruby/$(PKG_LIBVER)/tempfile.rb
-/usr/lib/ruby/$(PKG_LIBVER)/pathname.rb
-/usr/lib/ruby/$(PKG_LIBVER)/*/pathname.so
-/usr/lib/ruby/$(PKG_LIBVER)/find.rb
-/usr/lib/ruby/$(PKG_LIBVER)/fileutils.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/tmpdir.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/tempfile.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/pathname.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/*/pathname.so
+/usr/lib/ruby/$(PKG_ABI_VERSION)/find.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/fileutils.rb
 endef
 
 define Package/ruby-gdbm/files
-/usr/lib/ruby/$(PKG_LIBVER)/*/gdbm.so
+/usr/lib/ruby/$(PKG_ABI_VERSION)/*/gdbm.so
 endef
 
 define Package/ruby-gems/files
-/usr/lib/ruby/$(PKG_LIBVER)/ubygems.rb
-/usr/lib/ruby/$(PKG_LIBVER)/rubygems.rb
-/usr/lib/ruby/$(PKG_LIBVER)/rubygems
+/usr/lib/ruby/$(PKG_ABI_VERSION)/ubygems.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/rubygems.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/rubygems
 endef
 define Package/ruby-gems/files-excluded
-/usr/lib/ruby/$(PKG_LIBVER)/rubygems/test_case.rb
-/usr/lib/ruby/$(PKG_LIBVER)/rubygems/package/tar_test_case.rb
-/usr/lib/ruby/$(PKG_LIBVER)/rubygems/installer_test_case.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/rubygems/test_case.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/rubygems/package/tar_test_case.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/rubygems/installer_test_case.rb
 endef
 define Package/ruby-gems/install
 	$(INSTALL_DIR) $(1)/usr/bin
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/gem $(1)/usr/bin/
-	$(INSTALL_DIR) $(1)/usr/lib/ruby/gems/$(PKG_LIBVER)/specifications/default
-	$(INSTALL_DIR) $(1)/usr/lib/ruby/gems/$(PKG_LIBVER)/gems
-	$(INSTALL_DIR) $(1)/usr/lib/ruby/gems/$(PKG_LIBVER)/doc
-	$(INSTALL_DIR) $(1)/usr/lib/ruby/gems/$(PKG_LIBVER)/cache
-	$(INSTALL_DIR) $(1)/usr/lib/ruby/gems/$(PKG_LIBVER)/extensions
-	$(INSTALL_DIR) $(1)/usr/lib/ruby/gems/$(PKG_LIBVER)/build_info
+	$(INSTALL_DIR) $(1)/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/specifications/default
+	$(INSTALL_DIR) $(1)/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/gems
+	$(INSTALL_DIR) $(1)/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/doc
+	$(INSTALL_DIR) $(1)/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/cache
+	$(INSTALL_DIR) $(1)/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/extensions
+	$(INSTALL_DIR) $(1)/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/build_info
 	$(call RubyBuildPackage/install,gems,$(1))
 endef
 
 define Package/ruby-io-console/files
-/usr/lib/ruby/$(PKG_LIBVER)/*/io/console.so
-/usr/lib/ruby/$(PKG_LIBVER)/io/console/
-/usr/lib/ruby/gems/$(PKG_LIBVER)/specifications/default/io-console-*.gemspec
+/usr/lib/ruby/$(PKG_ABI_VERSION)/*/io/console.so
+/usr/lib/ruby/$(PKG_ABI_VERSION)/io/console/
+/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/specifications/default/io-console-*.gemspec
 endef
 
 define Package/ruby-irb/files
-/usr/lib/ruby/$(PKG_LIBVER)/irb
-/usr/lib/ruby/$(PKG_LIBVER)/irb.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/irb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/irb.rb
 endef
 define Package/ruby-irb/install
 	$(INSTALL_DIR) $(1)/usr/bin
@@ -358,156 +360,156 @@ define Package/ruby-irb/install
 endef
 
 define Package/ruby-json/files
-/usr/lib/ruby/$(PKG_LIBVER)/json.rb
-/usr/lib/ruby/$(PKG_LIBVER)/json
-/usr/lib/ruby/$(PKG_LIBVER)/*/json
-/usr/lib/ruby/gems/$(PKG_LIBVER)/specifications/default/json-*.gemspec
+/usr/lib/ruby/$(PKG_ABI_VERSION)/json.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/json
+/usr/lib/ruby/$(PKG_ABI_VERSION)/*/json
+/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/specifications/default/json-*.gemspec
 endef
 define Package/ruby-json/files-excluded
 $(call Package/ruby-psych/files)
 endef
 
 define Package/ruby-logger/files
-/usr/lib/ruby/$(PKG_LIBVER)/logger.rb
-/usr/lib/ruby/$(PKG_LIBVER)/syslog/logger.rb
-/usr/lib/ruby/$(PKG_LIBVER)/*/syslog.so
+/usr/lib/ruby/$(PKG_ABI_VERSION)/logger.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/syslog/logger.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/*/syslog.so
 endef
 
 define Package/ruby-math/files
-/usr/lib/ruby/$(PKG_LIBVER)/prime.rb
-/usr/lib/ruby/$(PKG_LIBVER)/mathn.rb
-/usr/lib/ruby/$(PKG_LIBVER)/cmath.rb
-/usr/lib/ruby/$(PKG_LIBVER)/*/mathn
-/usr/lib/ruby/$(PKG_LIBVER)/matrix.rb
-/usr/lib/ruby/$(PKG_LIBVER)/matrix
+/usr/lib/ruby/$(PKG_ABI_VERSION)/prime.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/mathn.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/cmath.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/*/mathn
+/usr/lib/ruby/$(PKG_ABI_VERSION)/matrix.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/matrix
 endef
 
 define Package/ruby-minitest/files
-/usr/lib/ruby/gems/$(PKG_LIBVER)/specifications/minitest-*.gemspec
-/usr/lib/ruby/gems/$(PKG_LIBVER)/gems/minitest-*
+/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/specifications/minitest-*.gemspec
+/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/gems/minitest-*
 endef
 define Package/ruby-minitest/files-excluded
-/usr/lib/ruby/gems/$(PKG_LIBVER)/gems/minitest-*/test
-/usr/lib/ruby/gems/$(PKG_LIBVER)/gems/minitest-*/*.rdoc
-/usr/lib/ruby/gems/$(PKG_LIBVER)/gems/minitest-*/*.txt
+/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/gems/minitest-*/test
+/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/gems/minitest-*/*.rdoc
+/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/gems/minitest-*/*.txt
 endef
 
 define Package/ruby-misc/files
-/usr/lib/ruby/$(PKG_LIBVER)/English.rb
-/usr/lib/ruby/$(PKG_LIBVER)/abbrev.rb
-/usr/lib/ruby/$(PKG_LIBVER)/base64.rb
-/usr/lib/ruby/$(PKG_LIBVER)/delegate.rb
-/usr/lib/ruby/$(PKG_LIBVER)/e2mmap.rb
-/usr/lib/ruby/$(PKG_LIBVER)/expect.rb
-/usr/lib/ruby/$(PKG_LIBVER)/getoptlong.rb
-/usr/lib/ruby/$(PKG_LIBVER)/open3.rb
-/usr/lib/ruby/$(PKG_LIBVER)/ostruct.rb
-/usr/lib/ruby/$(PKG_LIBVER)/scanf.rb
-/usr/lib/ruby/$(PKG_LIBVER)/securerandom.rb
-/usr/lib/ruby/$(PKG_LIBVER)/set.rb
-/usr/lib/ruby/$(PKG_LIBVER)/shellwords.rb
-/usr/lib/ruby/$(PKG_LIBVER)/tsort.rb
-/usr/lib/ruby/$(PKG_LIBVER)/weakref.rb
-/usr/lib/ruby/$(PKG_LIBVER)/*/continuation.so
-/usr/lib/ruby/$(PKG_LIBVER)/*/coverage.so
-/usr/lib/ruby/$(PKG_LIBVER)/*/etc.so
-/usr/lib/ruby/$(PKG_LIBVER)/*/fcntl.so
-/usr/lib/ruby/$(PKG_LIBVER)/*/fiber.so
-/usr/lib/ruby/$(PKG_LIBVER)/*/pty.so
-/usr/lib/ruby/$(PKG_LIBVER)/*/stringio.so
-/usr/lib/ruby/$(PKG_LIBVER)/*/strscan.so
+/usr/lib/ruby/$(PKG_ABI_VERSION)/English.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/abbrev.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/base64.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/delegate.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/e2mmap.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/expect.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/getoptlong.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/open3.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/ostruct.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/scanf.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/securerandom.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/set.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/shellwords.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/tsort.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/weakref.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/*/continuation.so
+/usr/lib/ruby/$(PKG_ABI_VERSION)/*/coverage.so
+/usr/lib/ruby/$(PKG_ABI_VERSION)/*/etc.so
+/usr/lib/ruby/$(PKG_ABI_VERSION)/*/fcntl.so
+/usr/lib/ruby/$(PKG_ABI_VERSION)/*/fiber.so
+/usr/lib/ruby/$(PKG_ABI_VERSION)/*/pty.so
+/usr/lib/ruby/$(PKG_ABI_VERSION)/*/stringio.so
+/usr/lib/ruby/$(PKG_ABI_VERSION)/*/strscan.so
 endef
 
 define Package/ruby-mkmf/files
-/usr/lib/ruby/$(PKG_LIBVER)/mkmf.rb
-/usr/lib/ruby/$(PKG_LIBVER)/un.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/mkmf.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/un.rb
 endef
 
 define Package/ruby-multithread/files
-/usr/lib/ruby/$(PKG_LIBVER)/monitor.rb
-/usr/lib/ruby/$(PKG_LIBVER)/timeout.rb
-/usr/lib/ruby/$(PKG_LIBVER)/thwait.rb
-/usr/lib/ruby/$(PKG_LIBVER)/mutex_m.rb
-/usr/lib/ruby/$(PKG_LIBVER)/sync.rb
-/usr/lib/ruby/$(PKG_LIBVER)/*/io/wait.so
-/usr/lib/ruby/$(PKG_LIBVER)/*/io/nonblock.so
+/usr/lib/ruby/$(PKG_ABI_VERSION)/monitor.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/timeout.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/thwait.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/mutex_m.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/sync.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/*/io/wait.so
+/usr/lib/ruby/$(PKG_ABI_VERSION)/*/io/nonblock.so
 endef
 
 define Package/ruby-net/files
-/usr/lib/ruby/$(PKG_LIBVER)/open-uri.rb
-/usr/lib/ruby/$(PKG_LIBVER)/net/*
+/usr/lib/ruby/$(PKG_ABI_VERSION)/open-uri.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/net/*
 endef
 
 define Package/ruby-net-telnet/files
-/usr/lib/ruby/gems/$(PKG_LIBVER)/specifications/net-telnet-*.gemspec
-/usr/lib/ruby/gems/$(PKG_LIBVER)/gems/net-telnet-*/
+/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/specifications/net-telnet-*.gemspec
+/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/gems/net-telnet-*/
 endef
 define Package/ruby-net-telnet/files-excluded
-/usr/lib/ruby/gems/$(PKG_LIBVER)/gems/net-telnet-*/*.md
-/usr/lib/ruby/gems/$(PKG_LIBVER)/gems/net-telnet-*/*.txt
+/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/gems/net-telnet-*/*.md
+/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/gems/net-telnet-*/*.txt
 endef
 
 define Package/ruby-nkf/files
-/usr/lib/ruby/$(PKG_LIBVER)/kconv.rb
-/usr/lib/ruby/$(PKG_LIBVER)/*/nkf.so
+/usr/lib/ruby/$(PKG_ABI_VERSION)/kconv.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/*/nkf.so
 endef
 
 define Package/ruby-openssl/files
-/usr/lib/ruby/$(PKG_LIBVER)/openssl
-/usr/lib/ruby/$(PKG_LIBVER)/openssl.rb
-/usr/lib/ruby/$(PKG_LIBVER)/*/openssl.so
-/usr/lib/ruby/gems/$(PKG_LIBVER)/specifications/default/openssl-*.gemspec
+/usr/lib/ruby/$(PKG_ABI_VERSION)/openssl
+/usr/lib/ruby/$(PKG_ABI_VERSION)/openssl.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/*/openssl.so
+/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/specifications/default/openssl-*.gemspec
 endef
 
 define Package/ruby-optparse/files
-/usr/lib/ruby/$(PKG_LIBVER)/optparse.rb
-/usr/lib/ruby/$(PKG_LIBVER)/optionparser.rb
-/usr/lib/ruby/$(PKG_LIBVER)/optparse
+/usr/lib/ruby/$(PKG_ABI_VERSION)/optparse.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/optionparser.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/optparse
 endef
 
 define Package/ruby-patterns/files
-/usr/lib/ruby/$(PKG_LIBVER)/observer.rb
-/usr/lib/ruby/$(PKG_LIBVER)/singleton.rb
-/usr/lib/ruby/$(PKG_LIBVER)/forwardable.rb
-/usr/lib/ruby/$(PKG_LIBVER)/forwardable
+/usr/lib/ruby/$(PKG_ABI_VERSION)/observer.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/singleton.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/forwardable.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/forwardable
 endef
 
 define Package/ruby-powerassert/files
-/usr/lib/ruby/gems/$(PKG_LIBVER)/specifications/power_assert-*.gemspec
-/usr/lib/ruby/gems/$(PKG_LIBVER)/gems/power_assert-*
+/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/specifications/power_assert-*.gemspec
+/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/gems/power_assert-*
 endef
 define Package/ruby-powerassert/files-excluded
-/usr/lib/ruby/gems/$(PKG_LIBVER)/gems/power_assert-*/test
+/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/gems/power_assert-*/test
 endef
 
 define Package/ruby-prettyprint/files
-/usr/lib/ruby/$(PKG_LIBVER)/pp.rb
-/usr/lib/ruby/$(PKG_LIBVER)/prettyprint.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/pp.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/prettyprint.rb
 endef
 
 define Package/ruby-pstore/files
-/usr/lib/ruby/$(PKG_LIBVER)/pstore.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/pstore.rb
 endef
 
 define Package/ruby-psych/files
-/usr/lib/ruby/$(PKG_LIBVER)/psych
-/usr/lib/ruby/$(PKG_LIBVER)/psych.rb
-/usr/lib/ruby/$(PKG_LIBVER)/*/psych.so
-/usr/lib/ruby/gems/$(PKG_LIBVER)/specifications/default/psych-*.gemspec
+/usr/lib/ruby/$(PKG_ABI_VERSION)/psych
+/usr/lib/ruby/$(PKG_ABI_VERSION)/psych.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/*/psych.so
+/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/specifications/default/psych-*.gemspec
 endef
 
 define Package/ruby-racc/files
-/usr/lib/ruby/$(PKG_LIBVER)/racc
-/usr/lib/ruby/$(PKG_LIBVER)/*/racc/*.so
+/usr/lib/ruby/$(PKG_ABI_VERSION)/racc
+/usr/lib/ruby/$(PKG_ABI_VERSION)/*/racc/*.so
 endef
 
 define Package/ruby-rake/files
-/usr/lib/ruby/gems/$(PKG_LIBVER)/specifications/rake-*.gemspec
-/usr/lib/ruby/gems/$(PKG_LIBVER)/gems/rake-*/
+/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/specifications/rake-*.gemspec
+/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/gems/rake-*/
 endef
 define Package/ruby-rake/files-excluded
-/usr/lib/ruby/gems/$(PKG_LIBVER)/gems/rake-*/doc
-/usr/lib/ruby/gems/$(PKG_LIBVER)/gems/rake-*/*.rdoc
+/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/gems/rake-*/doc
+/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/gems/rake-*/*.rdoc
 endef
 define Package/ruby-rake/install
 	$(INSTALL_DIR) $(1)/usr/bin
@@ -516,21 +518,21 @@ define Package/ruby-rake/install
 endef
 
 define Package/ruby-rbconfig/files
-/usr/lib/ruby/$(PKG_LIBVER)/*/rbconfig.rb
-/usr/lib/ruby/$(PKG_LIBVER)/rbconfig/*
-/usr/lib/ruby/$(PKG_LIBVER)/*/rbconfig/*.so
+/usr/lib/ruby/$(PKG_ABI_VERSION)/*/rbconfig.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/rbconfig/*
+/usr/lib/ruby/$(PKG_ABI_VERSION)/*/rbconfig/*.so
 endef
 
 define Package/ruby-rdoc/files
-	/usr/lib/ruby/$(PKG_LIBVER)/rdoc.rb
-	/usr/lib/ruby/$(PKG_LIBVER)/rdoc
-	/usr/lib/ruby/gems/$(PKG_LIBVER)/gems/rdoc-*
-	/usr/lib/ruby/gems/$(PKG_LIBVER)/specifications/default/rdoc-*.gemspec
+	/usr/lib/ruby/$(PKG_ABI_VERSION)/rdoc.rb
+	/usr/lib/ruby/$(PKG_ABI_VERSION)/rdoc
+	/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/gems/rdoc-*
+	/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/specifications/default/rdoc-*.gemspec
 endef
 define Package/ruby-rdoc/files-excluded
-	/usr/lib/ruby/$(PKG_LIBVER)/rdoc/test_case.rb
-	/usr/lib/ruby/$(PKG_LIBVER)/rdoc/markup/formatter_test_case.rb
-	/usr/lib/ruby/$(PKG_LIBVER)/rdoc/markup/text_formatter_test_case.rb
+	/usr/lib/ruby/$(PKG_ABI_VERSION)/rdoc/test_case.rb
+	/usr/lib/ruby/$(PKG_ABI_VERSION)/rdoc/markup/formatter_test_case.rb
+	/usr/lib/ruby/$(PKG_ABI_VERSION)/rdoc/markup/text_formatter_test_case.rb
 endef
 define Package/ruby-rdoc/install
 	$(INSTALL_DIR) $(1)/usr/bin
@@ -540,87 +542,87 @@ define Package/ruby-rdoc/install
 endef
 
 define Package/ruby-readline/files
-/usr/lib/ruby/$(PKG_LIBVER)/*/readline.so
+/usr/lib/ruby/$(PKG_ABI_VERSION)/*/readline.so
 endef
 
 define Package/ruby-rexml/files
-/usr/lib/ruby/$(PKG_LIBVER)/rexml
+/usr/lib/ruby/$(PKG_ABI_VERSION)/rexml
 endef
 
 define Package/ruby-rinda/files
-/usr/lib/ruby/$(PKG_LIBVER)/rinda
+/usr/lib/ruby/$(PKG_ABI_VERSION)/rinda
 endef
 
 define Package/ruby-ripper/files
-/usr/lib/ruby/$(PKG_LIBVER)/ripper.rb
-/usr/lib/ruby/$(PKG_LIBVER)/ripper
-/usr/lib/ruby/$(PKG_LIBVER)/*/ripper.so
+/usr/lib/ruby/$(PKG_ABI_VERSION)/ripper.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/ripper
+/usr/lib/ruby/$(PKG_ABI_VERSION)/*/ripper.so
 endef
 
 define Package/ruby-rss/files
-/usr/lib/ruby/$(PKG_LIBVER)/rss
-/usr/lib/ruby/$(PKG_LIBVER)/rss.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/rss
+/usr/lib/ruby/$(PKG_ABI_VERSION)/rss.rb
 endef
 
 define Package/ruby-sdbm/files
-/usr/lib/ruby/$(PKG_LIBVER)/*/sdbm.so
+/usr/lib/ruby/$(PKG_ABI_VERSION)/*/sdbm.so
 endef
 
 define Package/ruby-shell/files
-/usr/lib/ruby/$(PKG_LIBVER)/shell.rb
-/usr/lib/ruby/$(PKG_LIBVER)/shell
+/usr/lib/ruby/$(PKG_ABI_VERSION)/shell.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/shell
 endef
 
 define Package/ruby-socket/files
-/usr/lib/ruby/$(PKG_LIBVER)/ipaddr.rb
-/usr/lib/ruby/$(PKG_LIBVER)/resolv-replace.rb
-/usr/lib/ruby/$(PKG_LIBVER)/resolv.rb
-/usr/lib/ruby/$(PKG_LIBVER)/socket.rb
-/usr/lib/ruby/$(PKG_LIBVER)/*/socket.so
+/usr/lib/ruby/$(PKG_ABI_VERSION)/ipaddr.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/resolv-replace.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/resolv.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/socket.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/*/socket.so
 endef
 
 define Package/ruby-testunit/files
-/usr/lib/ruby/gems/$(PKG_LIBVER)/specifications/test-unit-*.gemspec
-/usr/lib/ruby/gems/$(PKG_LIBVER)/gems/test-unit-*
+/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/specifications/test-unit-*.gemspec
+/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/gems/test-unit-*
 endef
 define Package/ruby-testunit/files-excluded
-/usr/lib/ruby/gems/$(PKG_LIBVER)/gems/test-unit-*/doc
-/usr/lib/ruby/gems/$(PKG_LIBVER)/gems/test-unit-*/test
-/usr/lib/ruby/gems/$(PKG_LIBVER)/gems/test-unit-*/sample
-/usr/lib/ruby/gems/$(PKG_LIBVER)/gems/test-unit-*/*.md
+/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/gems/test-unit-*/doc
+/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/gems/test-unit-*/test
+/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/gems/test-unit-*/sample
+/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/gems/test-unit-*/*.md
 endef
 
 define Package/ruby-unicodenormalize/files
-/usr/lib/ruby/$(PKG_LIBVER)/unicode_normalize.rb
-/usr/lib/ruby/$(PKG_LIBVER)/unicode_normalize
+/usr/lib/ruby/$(PKG_ABI_VERSION)/unicode_normalize.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/unicode_normalize
 endef
 
 define Package/ruby-uri/files
-/usr/lib/ruby/$(PKG_LIBVER)/uri.rb
-/usr/lib/ruby/$(PKG_LIBVER)/uri
+/usr/lib/ruby/$(PKG_ABI_VERSION)/uri.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/uri
 endef
 
 define Package/ruby-webrick/files
-/usr/lib/ruby/$(PKG_LIBVER)/webrick
-/usr/lib/ruby/$(PKG_LIBVER)/webrick.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/webrick
+/usr/lib/ruby/$(PKG_ABI_VERSION)/webrick.rb
 endef
 
 define Package/ruby-xmlrpc/files
-/usr/lib/ruby/gems/$(PKG_LIBVER)/gems/xmlrpc-*
-/usr/lib/ruby/gems/$(PKG_LIBVER)/specifications/xmlrpc-*.gemspec
+/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/gems/xmlrpc-*
+/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/specifications/xmlrpc-*.gemspec
 endef
 define Package/ruby-xmlrpc/files-excluded
-/usr/lib/ruby/gems/$(PKG_LIBVER)/gems/xmlrpc-0.2.1/*.md
-/usr/lib/ruby/gems/$(PKG_LIBVER)/gems/xmlrpc-0.2.1/*.txt
+/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/gems/xmlrpc-0.2.1/*.md
+/usr/lib/ruby/gems/$(PKG_ABI_VERSION)/gems/xmlrpc-0.2.1/*.txt
 endef
 
 define Package/ruby-yaml/files
-/usr/lib/ruby/$(PKG_LIBVER)/yaml
-/usr/lib/ruby/$(PKG_LIBVER)/yaml.rb
+/usr/lib/ruby/$(PKG_ABI_VERSION)/yaml
+/usr/lib/ruby/$(PKG_ABI_VERSION)/yaml.rb
 endef
 
 define Package/ruby-zlib/files
-/usr/lib/ruby/$(PKG_LIBVER)/*/zlib.so
+/usr/lib/ruby/$(PKG_ABI_VERSION)/*/zlib.so
 endef
 
 RUBY_FILES = $(strip $(call Package/ruby-$(1)/files))

libs/alsa-lib/Makefile

@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2006-2016 OpenWrt.org
+# Copyright (C) 2006-2018 OpenWrt.org
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=alsa-lib
 PKG_VERSION:=1.1.0
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=ftp://ftp.alsa-project.org/pub/lib/ \

libs/alsa-lib/patches/006-properly-define-S_IRUSR.patch

@@ -0,0 +1,32 @@
+From 3f1dba9a821b53b42001605f9a126a958804884f Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Mon, 9 Nov 2015 13:37:26 +0100
+Subject: [PATCH] topology: Add missing include sys/stat.h
+
+Necessary for proper definitions of S_IRUSR & co.  Otherwise it
+results in compile errors with old glibc:
+  parser.c: In function 'snd_tplg_build_file':
+  parser.c:262: error: 'S_IRUSR' undeclared (first use in this function)
+  parser.c:262: error: (Each undeclared identifier is reported only once
+  parser.c:262: error: for each function it appears in.)
+
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+---
+ src/topology/parser.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/topology/parser.c b/src/topology/parser.c
+index 80a0ae0..18bb9c7 100644
+--- a/src/topology/parser.c
++++ b/src/topology/parser.c
+@@ -16,6 +16,7 @@
+            Liam Girdwood <liam.r.girdwood@linux.intel.com>
+ */
+ 
++#include <sys/stat.h>
+ #include "list.h"
+ #include "tplg_local.h"
+ 
+-- 
+1.7.11.7
+

libs/dmx_usb_module/Makefile

@@ -14,7 +14,7 @@ PKG_RELEASE:=0.1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_URL:=git://github.com/lowlander/dmx_usb_module.git
+PKG_SOURCE_URL:=https://github.com/lowlander/dmx_usb_module.git
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_VERSION:=ee99ca7edbd9e093480ad63341ac007394047bde
 PKG_MAINTAINER:=Martijn Zilverschoon <martijn@friedzombie.com>

libs/gnutls/Makefile

@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=gnutls
-PKG_VERSION:=3.5.8
+PKG_VERSION:=3.5.16
 PKG_RELEASE:=1
 PKG_USE_MIPS16:=0
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_SOURCE_URL:=ftp://ftp.gnutls.org/gcrypt/gnutls/v3.5
-PKG_MD5SUM:=113e892e51acdb11b81804cd355adfee
+PKG_SOURCE_URL:=https://www.gnupg.org/ftp/gcrypt/gnutls/v3.5
+PKG_HASH:=0924dec90c37c05f49fec966eba3672dab4d336d879e5c06e06e13325cbfec25
 #PKG_FIXUP:=autoreconf gettext-version
 PKG_MAINTAINER:=Nikos Mavrogiannopoulos <nmav@gnutls.org>
 PKG_LICENSE:=LGPLv2.1+
@@ -113,6 +113,7 @@ CONFIGURE_ARGS+= \
 	--with-included-unistring \
 	--disable-guile \
 	--disable-nls \
+	--without-idn \
 	--without-zlib \
 	--enable-local-libopts \
 	--disable-doc \

libs/icu/Makefile

@@ -8,12 +8,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=icu4c
-PKG_VERSION:=58.2
+MAJOR_VERSION:=58
+MINOR_VERSION:=3
+PKG_VERSION:=$(MAJOR_VERSION).$(MINOR_VERSION)
 PKG_RELEASE:=1
 
-PKG_SOURCE:=$(PKG_NAME)-58_2-src.tgz
-PKG_SOURCE_URL:=http://download.icu-project.org/files/$(PKG_NAME)/$(PKG_VERSION)
-PKG_MD5SUM:=fac212b32b7ec7ab007a12dff1f3aea1
+PKG_SOURCE:=$(PKG_NAME)-$(MAJOR_VERSION)_$(MINOR_VERSION)-src.tgz
+PKG_SOURCE_URL:=https://github.com/unicode-org/icu/releases/download/release-$(MAJOR_VERSION)-$(MINOR_VERSION)
+PKG_MD5SUM:=bac4105dfa7c83468182c166caac15ec
 
 PKG_LICENSE:=ICU-1.8.1+
 PKG_LICENSE_FILES:=LICENSE

libs/icu/patches/CVE-2017-15422.patch

@@ -0,0 +1,106 @@
+Index: source/i18n/gregoimp.cpp
+===================================================================
+--- source/i18n/gregoimp.cpp	(revision 40653)
++++ source/i18n/gregoimp.cpp	(revision 40654)
+@@ -24,4 +24,9 @@
+ 
+ int32_t ClockMath::floorDivide(int32_t numerator, int32_t denominator) {
++    return (numerator >= 0) ?
++        numerator / denominator : ((numerator + 1) / denominator) - 1;
++}
++
++int64_t ClockMath::floorDivide(int64_t numerator, int64_t denominator) {
+     return (numerator >= 0) ?
+         numerator / denominator : ((numerator + 1) / denominator) - 1;
+Index: source/i18n/gregoimp.h
+===================================================================
+--- source/i18n/gregoimp.h	(revision 40653)
++++ source/i18n/gregoimp.h	(revision 40654)
+@@ -40,4 +40,15 @@
+      */
+     static int32_t floorDivide(int32_t numerator, int32_t denominator);
++
++    /**
++     * Divide two integers, returning the floor of the quotient.
++     * Unlike the built-in division, this is mathematically
++     * well-behaved.  E.g., <code>-1/4</code> => 0 but
++     * <code>floorDivide(-1,4)</code> => -1.
++     * @param numerator the numerator
++     * @param denominator a divisor which must be != 0
++     * @return the floor of the quotient
++     */
++    static int64_t floorDivide(int64_t numerator, int64_t denominator);
+ 
+     /**
+Index: source/i18n/persncal.cpp
+===================================================================
+--- source/i18n/persncal.cpp	(revision 40653)
++++ source/i18n/persncal.cpp	(revision 40654)
+@@ -214,5 +214,5 @@
+ 
+     int32_t daysSinceEpoch = julianDay - PERSIAN_EPOCH;
+-    year = 1 + ClockMath::floorDivide(33 * daysSinceEpoch + 3, 12053);
++    year = 1 + (int32_t)ClockMath::floorDivide(33 * (int64_t)daysSinceEpoch + 3, (int64_t)12053);
+ 
+     int32_t farvardin1 = 365 * (year - 1) + ClockMath::floorDivide(8 * year + 21, 33);
+Index: source/test/intltest/calregts.cpp
+===================================================================
+--- source/test/intltest/calregts.cpp	(revision 40653)
++++ source/test/intltest/calregts.cpp	(revision 40654)
+@@ -13,4 +13,5 @@
+ #include "calregts.h"
+ 
++#include "unicode/calendar.h"
+ #include "unicode/gregocal.h"
+ #include "unicode/simpletz.h"
+@@ -91,4 +92,5 @@
+         CASE(49,Test9019);
+         CASE(50,TestT9452);
++        CASE(51,TestPersianCalOverflow);
+     default: name = ""; break;
+     }
+@@ -2946,4 +2948,34 @@
+     }
+ }
++
++/**
++ * @bug ticket 13454
++ */
++void CalendarRegressionTest::TestPersianCalOverflow(void) {
++    const char* localeID = "bs_Cyrl@calendar=persian";
++    UErrorCode status = U_ZERO_ERROR;
++    Calendar* cal = Calendar::createInstance(Locale(localeID), status);
++    if(U_FAILURE(status)) {
++        dataerrln("FAIL: Calendar::createInstance for localeID %s: %s", localeID, u_errorName(status));
++    } else {
++        int32_t maxMonth = cal->getMaximum(UCAL_MONTH);
++        int32_t maxDayOfMonth = cal->getMaximum(UCAL_DATE);
++        int32_t jd, month, dayOfMonth;
++        for (jd = 67023580; jd <= 67023584; jd++) { // year 178171, int32_t overflow if jd >= 67023582
++            status = U_ZERO_ERROR;
++            cal->clear();
++            cal->set(UCAL_JULIAN_DAY, jd);
++            month = cal->get(UCAL_MONTH, status);
++            dayOfMonth = cal->get(UCAL_DATE, status);
++            if ( U_FAILURE(status) ) {
++                errln("FAIL: Calendar->get MONTH/DATE for localeID %s, julianDay %d, status %s\n", localeID, jd, u_errorName(status)); 
++            } else if (month > maxMonth || dayOfMonth > maxDayOfMonth) {
++                errln("FAIL: localeID %s, julianDay %d; maxMonth %d, got month %d; maxDayOfMonth %d, got dayOfMonth %d\n",
++                        localeID, jd, maxMonth, month, maxDayOfMonth, dayOfMonth); 
++            }
++        }
++        delete cal;
++    }
++}
+ 
+ #endif /* #if !UCONFIG_NO_FORMATTING */
+Index: source/test/intltest/calregts.h
+===================================================================
+--- source/test/intltest/calregts.h	(revision 40653)
++++ source/test/intltest/calregts.h	(revision 40654)
+@@ -78,4 +78,5 @@
+     void Test9019(void);
+     void TestT9452(void);
++    void TestPersianCalOverflow(void);
+ 
+     void printdate(GregorianCalendar *cal, const char *string);

libs/icu/patches/CVE-2017-7867_CVE-2017-7868.patch

@@ -0,0 +1,176 @@
+Index: source/test/intltest/utxttest.h
+===================================================================
+--- source/test/intltest/utxttest.h	(revision 39670)
++++ source/test/intltest/utxttest.h	(revision 39671)
+@@ -38,6 +38,7 @@
+     void Ticket10562();
+     void Ticket10983();
+     void Ticket12130();
++    void Ticket12888();
+ 
+ private:
+     struct m {                              // Map between native indices & code points.
+Index: source/test/intltest/utxttest.cpp
+===================================================================
+--- source/test/intltest/utxttest.cpp	(revision 39670)
++++ source/test/intltest/utxttest.cpp	(revision 39671)
+@@ -67,6 +67,8 @@
+             if (exec) Ticket10983();  break;
+         case 7: name = "Ticket12130";
+             if (exec) Ticket12130(); break;
++        case 8: name = "Ticket12888";
++            if (exec) Ticket12888(); break;
+         default: name = "";          break;
+     }
+ }
+@@ -1583,3 +1585,63 @@
+     }
+     utext_close(&ut);
+ }
++
++// Ticket 12888: bad handling of illegal utf-8 containing many instances of the archaic, now illegal,
++//               six byte utf-8 forms. Original implementation had an assumption that
++//               there would be at most three utf-8 bytes per UTF-16 code unit.
++//               The five and six byte sequences map to a single replacement character.
++
++void UTextTest::Ticket12888() {
++    const char *badString = 
++            "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++            "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++            "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++            "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++            "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++            "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++            "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++            "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++            "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++            "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++            "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++            "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++            "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++            "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++            "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++            "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++            "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++            "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++            "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++            "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80";
++
++    UErrorCode status = U_ZERO_ERROR;
++    LocalUTextPointer ut(utext_openUTF8(NULL, badString, -1, &status));
++    TEST_SUCCESS(status);
++    for (;;) {
++        UChar32 c = utext_next32(ut.getAlias());
++        if (c == U_SENTINEL) {
++            break;
++        }
++    }
++    int32_t endIdx = utext_getNativeIndex(ut.getAlias());
++    if (endIdx != (int32_t)strlen(badString)) {
++        errln("%s:%d expected=%d, actual=%d", __FILE__, __LINE__, strlen(badString), endIdx);
++        return;
++    }
++
++    for (int32_t prevIndex = endIdx; prevIndex>0;) {
++        UChar32 c = utext_previous32(ut.getAlias());
++        int32_t currentIndex = utext_getNativeIndex(ut.getAlias());
++        if (c != 0xfffd) {
++            errln("%s:%d (expected, actual, index) = (%d, %d, %d)\n",
++                    __FILE__, __LINE__, 0xfffd, c, currentIndex);
++            break;
++        }
++        if (currentIndex != prevIndex - 6) {
++            errln("%s:%d: wrong index. Expected, actual = %d, %d",
++                    __FILE__, __LINE__, prevIndex - 6, currentIndex);
++            break;
++        }
++        prevIndex = currentIndex;
++    }
++}
+Index: source/common/utext.cpp
+===================================================================
+--- source/common/utext.cpp	(revision 39670)
++++ source/common/utext.cpp	(revision 39671)
+@@ -847,9 +847,15 @@
+ //------------------------------------------------------------------------------
+ 
+ // Chunk size.
+-//     Must be less than 85, because of byte mapping from UChar indexes to native indexes.
+-//     Worst case is three native bytes to one UChar.  (Supplemenaries are 4 native bytes
+-//     to two UChars.)
++//     Must be less than 42  (256/6), because of byte mapping from UChar indexes to native indexes.
++//     Worst case there are six UTF-8 bytes per UChar.
++//         obsolete 6 byte form fd + 5 trails maps to fffd
++//         obsolete 5 byte form fc + 4 trails maps to fffd
++//         non-shortest 4 byte forms maps to fffd
++//         normal supplementaries map to a pair of utf-16, two utf8 bytes per utf-16 unit
++//     mapToUChars array size must allow for the worst case, 6.
++//     This could be brought down to 4, by treating fd and fc as pure illegal,
++//     rather than obsolete lead bytes. But that is not compatible with the utf-8 access macros.
+ //
+ enum { UTF8_TEXT_CHUNK_SIZE=32 };
+ 
+@@ -889,7 +895,7 @@
+                                                      //  Requires two extra slots,
+                                                      //    one for a supplementary starting in the last normal position,
+                                                      //    and one for an entry for the buffer limit position.
+-    uint8_t   mapToUChars[UTF8_TEXT_CHUNK_SIZE*3+6]; // Map native offset from bufNativeStart to
++    uint8_t   mapToUChars[UTF8_TEXT_CHUNK_SIZE*6+6]; // Map native offset from bufNativeStart to
+                                                      //   correspoding offset in filled part of buf.
+     int32_t   align;
+ };
+@@ -1032,6 +1038,7 @@
+             // Requested index is in this buffer.
+             u8b = (UTF8Buf *)ut->p;   // the current buffer
+             mapIndex = ix - u8b->toUCharsMapStart;
++            U_ASSERT(mapIndex < (int32_t)sizeof(UTF8Buf::mapToUChars));
+             ut->chunkOffset = u8b->mapToUChars[mapIndex] - u8b->bufStartIdx;
+             return TRUE;
+ 
+@@ -1298,6 +1305,10 @@
+         // Can only do this if the incoming index is somewhere in the interior of the string.
+         //   If index is at the end, there is no character there to look at.
+         if (ix != ut->b) {
++            // Note: this function will only move the index back if it is on a trail byte
++            //       and there is a preceding lead byte and the sequence from the lead 
++            //       through this trail could be part of a valid UTF-8 sequence
++            //       Otherwise the index remains unchanged.
+             U8_SET_CP_START(s8, 0, ix);
+         }
+ 
+@@ -1311,7 +1322,10 @@
+         UChar   *buf = u8b->buf;
+         uint8_t *mapToNative = u8b->mapToNative;
+         uint8_t *mapToUChars = u8b->mapToUChars;
+-        int32_t  toUCharsMapStart = ix - (UTF8_TEXT_CHUNK_SIZE*3 + 1);
++        int32_t  toUCharsMapStart = ix - sizeof(UTF8Buf::mapToUChars) + 1;
++        // Note that toUCharsMapStart can be negative. Happens when the remaining
++        // text from current position to the beginning is less than the buffer size.
++        // + 1 because mapToUChars must have a slot at the end for the bufNativeLimit entry.
+         int32_t  destIx = UTF8_TEXT_CHUNK_SIZE+2;   // Start in the overflow region
+                                                     //   at end of buffer to leave room
+                                                     //   for a surrogate pair at the
+@@ -1338,6 +1352,7 @@
+             if (c<0x80) {
+                 // Special case ASCII range for speed.
+                 buf[destIx] = (UChar)c;
++                U_ASSERT(toUCharsMapStart <= srcIx);
+                 mapToUChars[srcIx - toUCharsMapStart] = (uint8_t)destIx;
+                 mapToNative[destIx] = (uint8_t)(srcIx - toUCharsMapStart);
+             } else {
+@@ -1367,6 +1382,7 @@
+                 do {
+                     mapToUChars[sIx-- - toUCharsMapStart] = (uint8_t)destIx;
+                 } while (sIx >= srcIx);
++                U_ASSERT(toUCharsMapStart <= (srcIx+1));
+ 
+                 // Set native indexing limit to be the current position.
+                 //   We are processing a non-ascii, non-native-indexing char now;
+@@ -1541,6 +1557,7 @@
+     U_ASSERT(index>=ut->chunkNativeStart+ut->nativeIndexingLimit);
+     U_ASSERT(index<=ut->chunkNativeLimit);
+     int32_t mapIndex = index - u8b->toUCharsMapStart;
++    U_ASSERT(mapIndex < (int32_t)sizeof(UTF8Buf::mapToUChars));
+     int32_t offset = u8b->mapToUChars[mapIndex] - u8b->bufStartIdx;
+     U_ASSERT(offset>=0 && offset<=ut->chunkLength);
+     return offset;

libs/libdmapsharing/Makefile

@@ -10,7 +10,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libdmapsharing
-PKG_VERSION:=2.9.35
+PKG_VERSION:=2.9.38
 PKG_RELEASE:=1
 
 PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org>
@@ -20,7 +20,7 @@ PKG_LICENSE_FILES:=COPYING
 
 PKG_SOURCE:=libdmapsharing-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://www.flyn.org/projects/libdmapsharing/
-PKG_MD5SUM:=02008e1998646d0bb6ca45784133b748
+PKG_MD5SUM:=2494161340c4c3c36907359eeddc4da3
 
 PKG_FIXUP:=autoreconf
 PKG_INSTALL:=1
@@ -44,8 +44,9 @@ define Package/libdmapsharing/decription
 endef
 
 CONFIGURE_ARGS += \
-	--disable-introspection \
-	--disable-gtk-doc
+	--disable-check \
+	--disable-gtk-doc \
+	--disable-introspection
 
 define Build/InstallDev
 	$(INSTALL_DIR) $(1)/usr/include/

libs/libdmapsharing/patches/003-make_unit_test_optional.patch

@@ -1,17 +0,0 @@
---- a/configure.ac
-+++ b/configure.ac
-@@ -357,7 +357,13 @@ if test -n "$BUILD_DPAPVIEW" ; then
- 	AC_WARN([will not build dpapview])
- fi
- 
--PKG_CHECK_MODULES([CHECK], [check >= 0.9.4],have_check=yes,have_check=no)
-+dnl Test if --enable-unit-test given
-+AC_ARG_ENABLE(unit-test, [AC_HELP_STRING([--enable-unit-test],[enable unit test])])
-+if test "x$enable_unit_test" = "xyes" ; then
-+  PKG_CHECK_MODULES([CHECK], [check >= 0.9.4],have_check=yes,have_check=no)
-+else
-+  have_check=no
-+fi
- AM_CONDITIONAL(HAVE_CHECK, test x"$have_check" = "xyes")
- if test "x$have_check" = "xyes"; then
- 	AC_DEFINE(HAVE_CHECK, 1, [Define if check support is enabled])

libs/libgee/Makefile

@@ -1,6 +1,4 @@
 #
-# Copyright (C) 2009-2015 OpenWrt.org
-#
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
 #
@@ -9,7 +7,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libgee
 PKG_VERSION:=0.18.0
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org>
 
@@ -23,12 +21,11 @@ PKG_MD5SUM:=29ea6125e653d7e60b49a9a9544abc96
 PKG_FIXUP:=autoreconf
 PKG_INSTALL:=1
 
+PKG_BUILD_DEPENDS:=vala/host
+
 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/nls.mk
 
-TARGET_LDFLAGS+= \
-	-Wl,-rpath-link=$(STAGING_DIR)/usr/lib
-
 define Package/libgee
   SECTION:=libs
   CATEGORY:=Libraries
@@ -57,10 +54,10 @@ define Build/InstallDev
 	$(INSTALL_DATA) \
 		$(PKG_INSTALL_DIR)/usr/lib/pkgconfig/*.pc \
 		$(1)/usr/lib/pkgconfig/
-	$(INSTALL_DIR) $(STAGING_DIR_HOSTPKG)/share/vala-0.30/vapi/
+	$(INSTALL_DIR) $(STAGING_DIR_HOSTPKG)/share/vala-`$(STAGING_DIR_HOSTPKG)/bin/valac --api-version`/vapi/
 	$(INSTALL_DATA) \
                 $(PKG_INSTALL_DIR)/usr/share/vala/vapi/* \
-                $(STAGING_DIR_HOSTPKG)/share/vala-0.30/vapi
+                $(STAGING_DIR_HOSTPKG)/share/vala-`$(STAGING_DIR_HOSTPKG)/bin/valac --api-version`/vapi
 endef
 
 define Package/libgee/install

libs/libgpg-error/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libgpg-error
 PKG_VERSION:=1.12
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=ftp://ftp.gnupg.org/gcrypt/libgpg-error
@@ -18,6 +18,8 @@ PKG_MD5SUM:=8f0eb41a344d19ac2aa9bd101dfb9ce6
 PKG_BUILD_PARALLEL:=1
 PKG_INSTALL:=1
 
+PKG_FIXUP:=autoreconf
+
 include $(INCLUDE_DIR)/package.mk
 
 define Package/libgpg-error

libs/libgpg-error/patches/020-gawk5-support.patch

@@ -0,0 +1,158 @@
+From 7865041c77f4f7005282f10f9b6666b19072fbdf Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Mon, 15 Apr 2019 15:10:44 +0900
+Subject: [PATCH] awk: Prepare for Gawk 5.0.
+
+* src/Makefile.am: Use pkg_namespace (instead of namespace).
+* src/mkerrnos.awk: Likewise.
+* lang/cl/mkerrcodes.awk: Don't escape # in regexp.
+* src/mkerrcodes.awk, src/mkerrcodes1.awk, src/mkerrcodes2.awk: Ditto.
+
+--
+
+In Gawk 5.0, regexp routines are replaced by Gnulib implementation,
+which only allows escaping specific characters.
+
+GnuPG-bug-id: 4459
+Reported-by: Marius Schamschula
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+---
+ lang/cl/mkerrcodes.awk |  2 +-
+ src/Makefile.am        |  2 +-
+ src/mkerrcodes.awk     |  2 +-
+ src/mkerrcodes1.awk    |  2 +-
+ src/mkerrcodes2.awk    |  2 +-
+ src/mkerrnos.awk       |  2 +-
+ src/mkstrtable.awk     | 10 +++++-----
+ 7 files changed, 11 insertions(+), 11 deletions(-)
+
+diff --git a/lang/cl/mkerrcodes.awk b/lang/cl/mkerrcodes.awk
+index ae29043..9a1fc18 100644
+--- a/lang/cl/mkerrcodes.awk
++++ b/lang/cl/mkerrcodes.awk
+@@ -122,7 +122,7 @@ header {
+ }
+ 
+ !header {
+-  sub (/\#.+/, "");
++  sub (/#.+/, "");
+   sub (/[ 	]+$/, ""); # Strip trailing space and tab characters.
+ 
+   if (/^$/)
+diff --git a/src/Makefile.am b/src/Makefile.am
+index ce1b882..f2590cb 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -293,7 +293,7 @@ code-from-errno.h: mkerrcodes$(EXEEXT_FOR_BUILD) Makefile
+ 
+ errnos-sym.h: Makefile mkstrtable.awk errnos.in
+ 	$(AWK) -f $(srcdir)/mkstrtable.awk -v textidx=2 -v nogettext=1 \
+-		-v prefix=GPG_ERR_ -v namespace=errnos_ \
++		-v prefix=GPG_ERR_ -v pkg_namespace=errnos_ \
+ 		$(srcdir)/errnos.in >$@
+ 
+ 
+diff --git a/src/mkerrcodes.awk b/src/mkerrcodes.awk
+index 46d436c..e9c857c 100644
+--- a/src/mkerrcodes.awk
++++ b/src/mkerrcodes.awk
+@@ -85,7 +85,7 @@ header {
+ }
+ 
+ !header {
+-  sub (/\#.+/, "");
++  sub (/#.+/, "");
+   sub (/[ 	]+$/, ""); # Strip trailing space and tab characters.
+ 
+   if (/^$/)
+diff --git a/src/mkerrcodes1.awk b/src/mkerrcodes1.awk
+index a771a73..4578e29 100644
+--- a/src/mkerrcodes1.awk
++++ b/src/mkerrcodes1.awk
+@@ -81,7 +81,7 @@ header {
+ }
+ 
+ !header {
+-  sub (/\#.+/, "");
++  sub (/#.+/, "");
+   sub (/[ 	]+$/, ""); # Strip trailing space and tab characters.
+ 
+   if (/^$/)
+diff --git a/src/mkerrcodes2.awk b/src/mkerrcodes2.awk
+index ea58503..188f7a4 100644
+--- a/src/mkerrcodes2.awk
++++ b/src/mkerrcodes2.awk
+@@ -91,7 +91,7 @@ header {
+ }
+ 
+ !header {
+-  sub (/\#.+/, "");
++  sub (/#.+/, "");
+   sub (/[ 	]+$/, ""); # Strip trailing space and tab characters.
+ 
+   if (/^$/)
+diff --git a/src/mkerrnos.awk b/src/mkerrnos.awk
+index f79df66..15b1aad 100644
+--- a/src/mkerrnos.awk
++++ b/src/mkerrnos.awk
+@@ -83,7 +83,7 @@ header {
+ }
+ 
+ !header {
+-  sub (/\#.+/, "");
++  sub (/#.+/, "");
+   sub (/[ 	]+$/, ""); # Strip trailing space and tab characters.
+ 
+   if (/^$/)
+diff --git a/src/mkstrtable.awk b/src/mkstrtable.awk
+index c9de9c1..285e45f 100644
+--- a/src/mkstrtable.awk
++++ b/src/mkstrtable.awk
+@@ -77,7 +77,7 @@
+ #
+ # The variable prefix can be used to prepend a string to each message.
+ #
+-# The variable namespace can be used to prepend a string to each
++# The variable pkg_namespace can be used to prepend a string to each
+ # variable and macro name.
+ 
+ BEGIN {
+@@ -102,7 +102,7 @@ header {
+       print "/* The purpose of this complex string table is to produce";
+       print "   optimal code with a minimum of relocations.  */";
+       print "";
+-      print "static const char " namespace "msgstr[] = ";
++      print "static const char " pkg_namespace "msgstr[] = ";
+       header = 0;
+     }
+   else
+@@ -110,7 +110,7 @@ header {
+ }
+ 
+ !header {
+-  sub (/\#.+/, "");
++  sub (/#.+/, "");
+   sub (/[ 	]+$/, ""); # Strip trailing space and tab characters.
+ 
+   if (/^$/)
+@@ -150,7 +150,7 @@ END {
+   else
+     print "  gettext_noop (\"" last_msgstr "\");";
+   print "";
+-  print "static const int " namespace "msgidx[] =";
++  print "static const int " pkg_namespace "msgidx[] =";
+   print "  {";
+   for (i = 0; i < coded_msgs; i++)
+     print "    " pos[i] ",";
+@@ -158,7 +158,7 @@ END {
+   print "  };";
+   print "";
+   print "static GPG_ERR_INLINE int";
+-  print namespace "msgidxof (int code)";
++  print pkg_namespace "msgidxof (int code)";
+   print "{";
+   print "  return (0 ? 0";
+ 
+-- 
+2.21.0
+

libs/libgpg-error/patches/025-Don-t-build-po.patch

@@ -0,0 +1,29 @@
+From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <rafal@milecki.pl>
+Date: Wed, 6 May 2020 22:51:26 +0200
+Subject: [PATCH] Don't build po
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This is needed to fix:
+*** error: gettext infrastructure mismatch: using a Makefile.in.in from gettext version 0.17 but the autoconf macros are from gettext version 0.18
+
+Using PKG_FIXUP:=autoreconf doesn't regenrate Makefile.in.in so it
+results in GETTEXT_MACRO_VERSION mismatch. The same problem affected
+minidlna: 90d3ef2f7633 ("minidlna: exclude "po" directory to fix
+CONFIG_BUILD_NLS=y builds").
+
+Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
+---
+
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -33,7 +33,7 @@ else
+ lang_subdirs =
+ endif
+ 
+-SUBDIRS = m4 src tests po $(lang_subdirs)
++SUBDIRS = m4 src tests $(lang_subdirs)
+ 
+ 
+ dist-hook: gen-ChangeLog

libs/libhttp-parser/Makefile

@@ -16,7 +16,7 @@ PKG_LICENSE_FILES:=LICENSE-MIT
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_URL:=git://github.com/joyent/http-parser.git
+PKG_SOURCE_URL:=https://github.com/joyent/http-parser.git
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_VERSION:=56f7ad0e2e5a80f79d214015c91e1f17d11d109f
 

libs/libidn/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libidn
 PKG_VERSION:=1.33
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=@GNU/libidn
@@ -28,7 +28,7 @@ define Package/idn/Default
   SECTION:=net
   CATEGORY:=Network
   URL:=http://www.gnu.org/software/libidn/
-  MAINTAINER:=Marcel Denia <naoir@gmx.net>
+  MAINTAINER:=Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
 endef
 
 define Package/idn/Default/description
@@ -79,6 +79,8 @@ define Build/InstallDev
 	$(CP) $(PKG_INSTALL_DIR)/usr/include/*.h $(1)/usr/include/
 	$(INSTALL_DIR) $(1)/usr/lib
 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libidn.{a,so*} $(1)/usr/lib/
+	$(INSTALL_DIR) $(1)/usr/lib/pkgconfig
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libidn.pc $(1)/usr/lib/pkgconfig/
 endef
 
 define Package/idn/install

libs/libidn/patches/002-disable-po-docs-examples.patch

@@ -11,7 +11,7 @@
  EXTRA_DIST = cfg.mk maint.mk .clcopying
 --- a/configure.ac
 +++ b/configure.ac
-@@ -48,8 +48,6 @@ AC_PROG_LIBTOOL
+@@ -47,8 +47,6 @@ LT_INIT([win32-dll])
  # Checks for programs.
  AM_MISSING_PROG(PERL, perl, $missing_dir)
  AM_MISSING_PROG(HELP2MAN, help2man, $missing_dir)

libs/libidn/patches/010-fix-idn-error-usage.patch

@@ -1,6 +1,6 @@
 --- a/src/idn.c
 +++ b/src/idn.c
-@@ -169,7 +169,7 @@ main (int argc, char *argv[])
+@@ -170,7 +170,7 @@ main (int argc, char *argv[])
        (args_info.idna_to_unicode_given ? 1 : 0) +
        (args_info.nfkc_given ? 1 : 0) != 1)
      {
@@ -9,7 +9,7 @@
        usage (EXIT_FAILURE);
      }
  
-@@ -184,7 +184,7 @@ main (int argc, char *argv[])
+@@ -185,7 +185,7 @@ main (int argc, char *argv[])
    if (!args_info.quiet_given
        && args_info.inputs_num == 0
        && isatty (fileno (stdin)))
@@ -18,7 +18,7 @@
  		       "terminated by a newline character.\n"));
  
    do
-@@ -199,7 +199,7 @@ main (int argc, char *argv[])
+@@ -197,7 +197,7 @@ main (int argc, char *argv[])
  	  if (feof (stdin))
  	    break;
  
@@ -26,8 +26,8 @@
 +	  error (EXIT_FAILURE, errno, "%s", _("input error"));
  	}
  
-       if (readbuf[strlen (readbuf) - 1] == '\n')
-@@ -216,7 +216,7 @@ main (int argc, char *argv[])
+       if (strlen (line) > 0)
+@@ -215,7 +215,7 @@ main (int argc, char *argv[])
  	  if (!q)
  	    {
  	      free (p);
@@ -36,7 +36,7 @@
  		     _("could not convert from UTF-8 to UCS-4"));
  	    }
  
-@@ -241,7 +241,7 @@ main (int argc, char *argv[])
+@@ -240,7 +240,7 @@ main (int argc, char *argv[])
  	  if (!q)
  	    {
  	      free (r);

libs/liboping/Makefile

@@ -8,14 +8,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=liboping
-PKG_VERSION:=1.6.2
+PKG_VERSION:=1.9.0
 PKG_RELEASE:=1
 PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
-PKG_LICENSE:=GPL-2.0
+PKG_LICENSE:=LGPL-2.1+
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
-PKG_SOURCE_URL:=http://verplant.org/liboping/files
-PKG_MD5SUM:=64a6f31310093d2517cfe7f05aa011e0
+PKG_SOURCE_URL:=https://noping.cc/files
+PKG_MD5SUM:=9c9f65bfd297d7e7092c7f219c31f66a
 
 PKG_FIXUP:=autoreconf
 

libs/libsoup/Makefile

@@ -1,5 +1,3 @@
-# 
-# Copyright (C) 2014 OpenWrt.org
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@@ -18,15 +16,14 @@ PKG_MD5SUM:=73b1fb774de16c29b380f87016f9f9dd
 PKG_LICENSE:=GPL-2.0
 PKG_LICENSE_FILES:=COPYING
 
+PKG_BUILD_DEPENDS:=intltool/host
+PKG_BUILD_PARALLEL:=1
 PKG_FIXUP:=autoreconf
 PKG_INSTALL:=1
 
 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/nls.mk
 
-TARGET_LDFLAGS+=\
-	-Wl,-rpath-link=$(STAGING_DIR)/usr/lib $(if $(ICONV_FULL),-liconv)
-
 define Package/libsoup
   SECTION:=libs
   CATEGORY:=Libraries
@@ -36,17 +33,14 @@ define Package/libsoup
   DEPENDS:=+glib2 +libxml2 +libgnutls +libsqlite3 $(ICONV_DEPENDS) $(INTL_DEPENDS)
 endef
 
-define Build/Configure
-	$(call Build/Configure/Default, \
+CONFIGURE_ARGS += \
 		--enable-ssl \
 		--disable-glibtest \
 		--without-apache-httpd \
 		--without-gnome \
 		--without-gssapi \
 		--enable-vala=no \
-		--disable-more-warnings \
-	)
-endef
+		--disable-more-warnings
 
 define package/libsoup/decription
 Libsoup is an HTTP library implementation in C

libs/libsoxr/Makefile

@@ -13,7 +13,7 @@ PKG_VERSION:=0.1.1
 PKG_RELEASE:=3
 
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=git://git.code.sf.net/p/soxr/code
+PKG_SOURCE_URL:=https://git.code.sf.net/p/soxr/code
 PKG_SOURCE_VERSION:=$(PKG_VERSION)
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz

libs/libssh2/Makefile

@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2015-2016 OpenWrt.org
+# Copyright (C) 2015-2018 OpenWrt.org
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libssh2
-PKG_VERSION:=1.7.0
+PKG_VERSION:=1.8.1
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=http://www.libssh2.org/download
-PKG_MD5SUM:=b01662a210e94cccf2f76094db7dac5c
+PKG_SOURCE_URL:=https://www.libssh2.org/download
+PKG_HASH:=40b517f35b1bb869d0075b15125c7a015557f53a5a3a6a8bffb89b69fd70f159
 
 PKG_INSTALL:=1
 
@@ -26,7 +26,7 @@ define Package/libssh2
   SECTION:=libs
   CATEGORY:=Libraries
   TITLE:=SSH2 library
-  URL:=http://www.libssh2.org/
+  URL:=https://www.libssh2.org/
   DEPENDS:=+libopenssl +zlib
   MAINTAINER:=Jiri Slachta <jiri@slachta.eu>
 endef
@@ -35,11 +35,11 @@ define Package/libssh2/description
  libssh2 is a client-side C library implementing the SSH2 protocol.
 endef
 
-TARGET_CFLAGS += $(FPIC)
-
 CONFIGURE_ARGS += \
 	--disable-examples-build \
-	--with-libssl-prefix=$(STAGING_DIR)/usr
+	--with-libssl-prefix=$(STAGING_DIR)/usr \
+	--with-libz-prefix=$(STAGING_DIR)/usr \
+	--with-openssl
 
 define Build/InstallDev
 	$(INSTALL_DIR) $(1)/usr/include

libs/libtasn1/Makefile

@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libtasn1
-PKG_VERSION:=4.9
+PKG_VERSION:=4.12
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=@GNU/$(PKG_NAME)
-PKG_MD5SUM:=4f6f7a8fd691ac2b8307c8ca365bad711db607d4ad5966f6938a9d2ecd65c920
+PKG_HASH:=6753da2e621257f33f5b051cc114d417e5206a0818fe0b1ecfd6153f70934753
 PKG_LICENSE:=LGPLv2.1+
 PKG_LICENSE_FILES:=COPYING.LIB
 

libs/libtins/Makefile

@@ -0,0 +1,53 @@
+#
+# Copyright (C) 2017 Steven Hessing
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=libtins
+PKG_RELEASE:=1
+
+PKG_MAINTAINER:= Steven Hessing <steven.hessing@gmail.com>
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/mfontanini/libtins.git
+PKG_SOURCE_VERSION:=v3.5
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.xz
+PKG_HASH:=47cd7d659ffa75dcfc2172ef54151fd36dc87de9e0f04bb066f6b076a7df7b57
+PKG_MIRROR_HASH:=47cd7d659ffa75dcfc2172ef54151fd36dc87de9e0f04bb066f6b076a7df7b57
+
+PKG_LICENSE:=BSD-2-Clause
+PKG_LICENSE_FILES:=LICENSE
+
+PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
+PKG_BUILD_PARALLEL:=1
+
+CMAKE_INSTALL:=1
+include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/cmake.mk
+CMAKE_OPTIONS += -D_RUN_RESULT_VAR=FORCE
+CMAKE_OPTIONS += -DLIBTINS_ENABLE_WPA2=0
+CMAKE_OPTIONS += -DLIBTINS_ENABLE_CXX11=1
+
+define Package/libtins
+	SECTION:=net
+	CATEGORY:=Libraries
+	TITLE:=libtins 
+	URL:=http://libtins.github.io/
+	DEPENDS:=+libstdcpp +libpcap 
+endef
+
+define Package/libtins/description
+libtins is a high-level, multiplatform C++ network packet sniffing and crafting library.
+endef
+
+define Package/libtins/install
+    $(INSTALL_DIR) $(1)/usr/lib
+	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libtins.so.3.5 $(1)/usr/lib/
+endef
+
+$(eval $(call BuildPackage,libtins))

libs/libvpx/Makefile

@@ -9,7 +9,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libvpx
-PKG_VERSION:=1.6.0
+PKG_VERSION:=1.6.1
 PKG_RELEASE:=1
 
 PKG_REV:=v$(PKG_VERSION)
@@ -24,6 +24,8 @@ PKG_MAINTAINER:=Luiz Angelo Daros de Luca <luizluca@gmail.com>
 PKG_LICENSE:=BSD-3-Clause
 PKG_LICENSE_FILES:=LICENSE
 
+PKG_ABI_VERSION:=$(subst $(space),.,$(wordlist 1, 2, $(subst .,$(space),$(PKG_VERSION))))
+
 PKG_INSTALL:=1
 
 include $(INCLUDE_DIR)/package.mk
@@ -34,7 +36,7 @@ define Package/libvpx
   TITLE:=libvpx
   URL:=http://www.webmproject.org/
   DEPENDS:=+libpthread
-  ABI_VERSION:=$(PKG_VERSION)
+  ABI_VERSION:=$(PKG_ABI_VERSION)
 endef
 
 define Package/libvpx/description

libs/libwebsockets/Makefile

@@ -43,6 +43,7 @@ define Package/$(PKG_NAME)/Default
 	SECTION:=libs
 	CATEGORY:=Libraries
 	TITLE:=libwebsockets
+	PROVIDES:=libwebsockets
 	DEPENDS:=+zlib
 	URL:=https://libwebsockets.org
 	MAINTAINER:=Karl Palsson <karlp@etactica.com>

libs/libxml2/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libxml2
 PKG_VERSION:=2.9.4
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://gd.tuwien.ac.at/languages/libxml/ \

libs/libxml2/patches/0003-Fix-NULL-pointer-deref-in-XPointer-range-to.patch

@@ -0,0 +1,53 @@
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sat, 25 Jun 2016 12:35:50 +0200
+Subject: Fix NULL pointer deref in XPointer range-to
+
+- Check for errors after evaluating first operand.
+- Add sanity check for empty stack.
+
+Found with afl-fuzz.
+---
+ result/XPath/xptr/viderror | 4 ++++
+ test/XPath/xptr/viderror   | 1 +
+ xpath.c                    | 7 ++++++-
+ 3 files changed, 11 insertions(+), 1 deletion(-)
+ create mode 100644 result/XPath/xptr/viderror
+ create mode 100644 test/XPath/xptr/viderror
+
+diff --git a/result/XPath/xptr/viderror b/result/XPath/xptr/viderror
+new file mode 100644
+index 0000000..d589882
+--- /dev/null
++++ b/result/XPath/xptr/viderror
+@@ -0,0 +1,4 @@
++
++========================
++Expression: xpointer(non-existing-fn()/range-to(id('chapter2')))
++Object is empty (NULL)
+diff --git a/test/XPath/xptr/viderror b/test/XPath/xptr/viderror
+new file mode 100644
+index 0000000..da8c53b
+--- /dev/null
++++ b/test/XPath/xptr/viderror
+@@ -0,0 +1 @@
++xpointer(non-existing-fn()/range-to(id('chapter2')))
+diff --git a/xpath.c b/xpath.c
+index 113bce6..751665b 100644
+--- a/xpath.c
++++ b/xpath.c
+@@ -14005,9 +14005,14 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op)
+                 xmlNodeSetPtr oldset;
+                 int i, j;
+ 
+-                if (op->ch1 != -1)
++                if (op->ch1 != -1) {
+                     total +=
+                         xmlXPathCompOpEval(ctxt, &comp->steps[op->ch1]);
++                    CHECK_ERROR0;
++                }
++                if (ctxt->value == NULL) {
++                    XP_ERROR0(XPATH_INVALID_OPERAND);
++                }
+                 if (op->ch2 == -1)
+                     return (total);
+ 

libs/libxml2/patches/0004-Fix-comparison-with-root-node-in-xmlXPathCmpNodes.patch

@@ -0,0 +1,34 @@
+From a005199330b86dada19d162cae15ef9bdcb6baa8 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Tue, 28 Jun 2016 14:19:58 +0200
+Subject: [PATCH] Fix comparison with root node in xmlXPathCmpNodes
+
+This change has already been made in xmlXPathCmpNodesExt but not in
+xmlXPathCmpNodes.
+---
+ xpath.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/xpath.c b/xpath.c
+index 751665b..d992841 100644
+--- a/xpath.c
++++ b/xpath.c
+@@ -3342,13 +3342,13 @@ xmlXPathCmpNodes(xmlNodePtr node1, xmlNodePtr node2) {
+      * compute depth to root
+      */
+     for (depth2 = 0, cur = node2;cur->parent != NULL;cur = cur->parent) {
+-	if (cur == node1)
++	if (cur->parent == node1)
+ 	    return(1);
+ 	depth2++;
+     }
+     root = cur;
+     for (depth1 = 0, cur = node1;cur->parent != NULL;cur = cur->parent) {
+-	if (cur == node2)
++	if (cur->parent == node2)
+ 	    return(-1);
+ 	depth1++;
+     }
+-- 
+2.10.1
+

libs/libxml2/patches/0005-Fix-XPointer-paths-beginning-with-range-to.patch

@@ -0,0 +1,138 @@
+From 9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Tue, 28 Jun 2016 14:22:23 +0200
+Subject: [PATCH] Fix XPointer paths beginning with range-to
+
+The old code would invoke the broken xmlXPtrRangeToFunction. range-to
+isn't really a function but a special kind of location step. Remove
+this function and always handle range-to in the XPath code.
+
+The old xmlXPtrRangeToFunction could also be abused to trigger a
+use-after-free error with the potential for remote code execution.
+
+Found with afl-fuzz.
+
+Fixes CVE-2016-5131.
+---
+ result/XPath/xptr/vidbase | 13 ++++++++
+ test/XPath/xptr/vidbase   |  1 +
+ xpath.c                   |  7 ++++-
+ xpointer.c                | 76 ++++-------------------------------------------
+ 4 files changed, 26 insertions(+), 71 deletions(-)
+
+--- a/xpath.c
++++ b/xpath.c
+@@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserConte
+ 		    lc = 1;
+ 		    break;
+ 		} else if ((NXT(len) == '(')) {
+-		    /* Note Type or Function */
++		    /* Node Type or Function */
+ 		    if (xmlXPathIsNodeType(name)) {
+ #ifdef DEBUG_STEP
+ 		        xmlGenericError(xmlGenericErrorContext,
+ 				"PathExpr: Type search\n");
+ #endif
+ 			lc = 1;
++#ifdef LIBXML_XPTR_ENABLED
++                    } else if (ctxt->xptr &&
++                               xmlStrEqual(name, BAD_CAST "range-to")) {
++                        lc = 1;
++#endif
+ 		    } else {
+ #ifdef DEBUG_STEP
+ 		        xmlGenericError(xmlGenericErrorContext,
+--- a/xpointer.c
++++ b/xpointer.c
+@@ -1332,8 +1332,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNode
+     ret->here = here;
+     ret->origin = origin;
+ 
+-    xmlXPathRegisterFunc(ret, (xmlChar *)"range-to",
+-	                 xmlXPtrRangeToFunction);
+     xmlXPathRegisterFunc(ret, (xmlChar *)"range",
+ 	                 xmlXPtrRangeFunction);
+     xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside",
+@@ -2243,76 +2241,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParse
+  * @nargs:  the number of args
+  *
+  * Implement the range-to() XPointer function
++ *
++ * Obsolete. range-to is not a real function but a special type of location
++ * step which is handled in xpath.c.
+  */
+ void
+-xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) {
+-    xmlXPathObjectPtr range;
+-    const xmlChar *cur;
+-    xmlXPathObjectPtr res, obj;
+-    xmlXPathObjectPtr tmp;
+-    xmlLocationSetPtr newset = NULL;
+-    xmlNodeSetPtr oldset;
+-    int i;
+-
+-    if (ctxt == NULL) return;
+-    CHECK_ARITY(1);
+-    /*
+-     * Save the expression pointer since we will have to evaluate
+-     * it multiple times. Initialize the new set.
+-     */
+-    CHECK_TYPE(XPATH_NODESET);
+-    obj = valuePop(ctxt);
+-    oldset = obj->nodesetval;
+-    ctxt->context->node = NULL;
+-
+-    cur = ctxt->cur;
+-    newset = xmlXPtrLocationSetCreate(NULL);
+-
+-    for (i = 0; i < oldset->nodeNr; i++) {
+-	ctxt->cur = cur;
+-
+-	/*
+-	 * Run the evaluation with a node list made of a single item
+-	 * in the nodeset.
+-	 */
+-	ctxt->context->node = oldset->nodeTab[i];
+-	tmp = xmlXPathNewNodeSet(ctxt->context->node);
+-	valuePush(ctxt, tmp);
+-
+-	xmlXPathEvalExpr(ctxt);
+-	CHECK_ERROR;
+-
+-	/*
+-	 * The result of the evaluation need to be tested to
+-	 * decided whether the filter succeeded or not
+-	 */
+-	res = valuePop(ctxt);
+-	range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res);
+-	if (range != NULL) {
+-	    xmlXPtrLocationSetAdd(newset, range);
+-	}
+-
+-	/*
+-	 * Cleanup
+-	 */
+-	if (res != NULL)
+-	    xmlXPathFreeObject(res);
+-	if (ctxt->value == tmp) {
+-	    res = valuePop(ctxt);
+-	    xmlXPathFreeObject(res);
+-	}
+-
+-	ctxt->context->node = NULL;
+-    }
+-
+-    /*
+-     * The result is used as the new evaluation set.
+-     */
+-    xmlXPathFreeObject(obj);
+-    ctxt->context->node = NULL;
+-    ctxt->context->contextSize = -1;
+-    ctxt->context->proximityPosition = -1;
+-    valuePush(ctxt, xmlXPtrWrapLocationSet(newset));
++xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt,
++                       int nargs ATTRIBUTE_UNUSED) {
++    XP_ERROR(XPATH_EXPR_ERROR);
+ }
+ 
+ /**

libs/libxml2/patches/0006-Disallow-namespace-nodes-in-XPointer-ranges.patch

@@ -0,0 +1,249 @@
+From c1d1f7121194036608bf555f08d3062a36fd344b Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Tue, 28 Jun 2016 18:34:52 +0200
+Subject: [PATCH] Disallow namespace nodes in XPointer ranges
+
+Namespace nodes must be copied to avoid use-after-free errors.
+But they don't necessarily have a physical representation in a
+document, so simply disallow them in XPointer ranges.
+
+Found with afl-fuzz.
+
+Fixes CVE-2016-4658.
+---
+ xpointer.c | 149 +++++++++++++++++++++++--------------------------------------
+ 1 file changed, 56 insertions(+), 93 deletions(-)
+
+diff --git a/xpointer.c b/xpointer.c
+index a7b03fb..694d120 100644
+--- a/xpointer.c
++++ b/xpointer.c
+@@ -320,6 +320,45 @@ xmlXPtrRangesEqual(xmlXPathObjectPtr range1, xmlXPathObjectPtr range2) {
+ }
+ 
+ /**
++ * xmlXPtrNewRangeInternal:
++ * @start:  the starting node
++ * @startindex:  the start index
++ * @end:  the ending point
++ * @endindex:  the ending index
++ *
++ * Internal function to create a new xmlXPathObjectPtr of type range
++ *
++ * Returns the newly created object.
++ */
++static xmlXPathObjectPtr
++xmlXPtrNewRangeInternal(xmlNodePtr start, int startindex,
++                        xmlNodePtr end, int endindex) {
++    xmlXPathObjectPtr ret;
++
++    /*
++     * Namespace nodes must be copied (see xmlXPathNodeSetDupNs).
++     * Disallow them for now.
++     */
++    if ((start != NULL) && (start->type == XML_NAMESPACE_DECL))
++	return(NULL);
++    if ((end != NULL) && (end->type == XML_NAMESPACE_DECL))
++	return(NULL);
++
++    ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
++    if (ret == NULL) {
++        xmlXPtrErrMemory("allocating range");
++	return(NULL);
++    }
++    memset(ret, 0, sizeof(xmlXPathObject));
++    ret->type = XPATH_RANGE;
++    ret->user = start;
++    ret->index = startindex;
++    ret->user2 = end;
++    ret->index2 = endindex;
++    return(ret);
++}
++
++/**
+  * xmlXPtrNewRange:
+  * @start:  the starting node
+  * @startindex:  the start index
+@@ -344,17 +383,7 @@ xmlXPtrNewRange(xmlNodePtr start, int startindex,
+     if (endindex < 0)
+ 	return(NULL);
+ 
+-    ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
+-    if (ret == NULL) {
+-        xmlXPtrErrMemory("allocating range");
+-	return(NULL);
+-    }
+-    memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
+-    ret->type = XPATH_RANGE;
+-    ret->user = start;
+-    ret->index = startindex;
+-    ret->user2 = end;
+-    ret->index2 = endindex;
++    ret = xmlXPtrNewRangeInternal(start, startindex, end, endindex);
+     xmlXPtrRangeCheckOrder(ret);
+     return(ret);
+ }
+@@ -381,17 +410,8 @@ xmlXPtrNewRangePoints(xmlXPathObjectPtr start, xmlXPathObjectPtr end) {
+     if (end->type != XPATH_POINT)
+ 	return(NULL);
+ 
+-    ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
+-    if (ret == NULL) {
+-        xmlXPtrErrMemory("allocating range");
+-	return(NULL);
+-    }
+-    memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
+-    ret->type = XPATH_RANGE;
+-    ret->user = start->user;
+-    ret->index = start->index;
+-    ret->user2 = end->user;
+-    ret->index2 = end->index;
++    ret = xmlXPtrNewRangeInternal(start->user, start->index, end->user,
++                                  end->index);
+     xmlXPtrRangeCheckOrder(ret);
+     return(ret);
+ }
+@@ -416,17 +436,7 @@ xmlXPtrNewRangePointNode(xmlXPathObjectPtr start, xmlNodePtr end) {
+     if (start->type != XPATH_POINT)
+ 	return(NULL);
+ 
+-    ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
+-    if (ret == NULL) {
+-        xmlXPtrErrMemory("allocating range");
+-	return(NULL);
+-    }
+-    memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
+-    ret->type = XPATH_RANGE;
+-    ret->user = start->user;
+-    ret->index = start->index;
+-    ret->user2 = end;
+-    ret->index2 = -1;
++    ret = xmlXPtrNewRangeInternal(start->user, start->index, end, -1);
+     xmlXPtrRangeCheckOrder(ret);
+     return(ret);
+ }
+@@ -453,17 +463,7 @@ xmlXPtrNewRangeNodePoint(xmlNodePtr start, xmlXPathObjectPtr end) {
+     if (end->type != XPATH_POINT)
+ 	return(NULL);
+ 
+-    ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
+-    if (ret == NULL) {
+-        xmlXPtrErrMemory("allocating range");
+-	return(NULL);
+-    }
+-    memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
+-    ret->type = XPATH_RANGE;
+-    ret->user = start;
+-    ret->index = -1;
+-    ret->user2 = end->user;
+-    ret->index2 = end->index;
++    ret = xmlXPtrNewRangeInternal(start, -1, end->user, end->index);
+     xmlXPtrRangeCheckOrder(ret);
+     return(ret);
+ }
+@@ -486,17 +486,7 @@ xmlXPtrNewRangeNodes(xmlNodePtr start, xmlNodePtr end) {
+     if (end == NULL)
+ 	return(NULL);
+ 
+-    ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
+-    if (ret == NULL) {
+-        xmlXPtrErrMemory("allocating range");
+-	return(NULL);
+-    }
+-    memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
+-    ret->type = XPATH_RANGE;
+-    ret->user = start;
+-    ret->index = -1;
+-    ret->user2 = end;
+-    ret->index2 = -1;
++    ret = xmlXPtrNewRangeInternal(start, -1, end, -1);
+     xmlXPtrRangeCheckOrder(ret);
+     return(ret);
+ }
+@@ -516,17 +506,7 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
+     if (start == NULL)
+ 	return(NULL);
+ 
+-    ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
+-    if (ret == NULL) {
+-        xmlXPtrErrMemory("allocating range");
+-	return(NULL);
+-    }
+-    memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
+-    ret->type = XPATH_RANGE;
+-    ret->user = start;
+-    ret->index = -1;
+-    ret->user2 = NULL;
+-    ret->index2 = -1;
++    ret = xmlXPtrNewRangeInternal(start, -1, NULL, -1);
+     return(ret);
+ }
+ 
+@@ -541,6 +521,8 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
+  */
+ xmlXPathObjectPtr
+ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
++    xmlNodePtr endNode;
++    int endIndex;
+     xmlXPathObjectPtr ret;
+ 
+     if (start == NULL)
+@@ -549,7 +531,12 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
+ 	return(NULL);
+     switch (end->type) {
+ 	case XPATH_POINT:
++	    endNode = end->user;
++	    endIndex = end->index;
++	    break;
+ 	case XPATH_RANGE:
++	    endNode = end->user2;
++	    endIndex = end->index2;
+ 	    break;
+ 	case XPATH_NODESET:
+ 	    /*
+@@ -557,39 +544,15 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
+ 	     */
+ 	    if (end->nodesetval->nodeNr <= 0)
+ 		return(NULL);
++	    endNode = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
++	    endIndex = -1;
+ 	    break;
+ 	default:
+ 	    /* TODO */
+ 	    return(NULL);
+     }
+ 
+-    ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
+-    if (ret == NULL) {
+-        xmlXPtrErrMemory("allocating range");
+-	return(NULL);
+-    }
+-    memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
+-    ret->type = XPATH_RANGE;
+-    ret->user = start;
+-    ret->index = -1;
+-    switch (end->type) {
+-	case XPATH_POINT:
+-	    ret->user2 = end->user;
+-	    ret->index2 = end->index;
+-	    break;
+-	case XPATH_RANGE:
+-	    ret->user2 = end->user2;
+-	    ret->index2 = end->index2;
+-	    break;
+-	case XPATH_NODESET: {
+-	    ret->user2 = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
+-	    ret->index2 = -1;
+-	    break;
+-	}
+-	default:
+-	    STRANGE
+-	    return(NULL);
+-    }
++    ret = xmlXPtrNewRangeInternal(start, -1, endNode, endIndex);
+     xmlXPtrRangeCheckOrder(ret);
+     return(ret);
+ }
+-- 
+2.10.1
+

libs/libxml2/patches/0007-Fix-more-NULL-pointer-derefs-in-xpointer.c.patch

@@ -0,0 +1,50 @@
+From e905f08123e4a6e7731549e6f09dadff4cab65bd Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sun, 26 Jun 2016 12:38:28 +0200
+Subject: [PATCH] Fix more NULL pointer derefs in xpointer.c
+
+Found with afl-fuzz.
+---
+ xpointer.c | 12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+diff --git a/xpointer.c b/xpointer.c
+index 694d120..e643ee9 100644
+--- a/xpointer.c
++++ b/xpointer.c
+@@ -542,7 +542,7 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
+ 	    /*
+ 	     * Empty set ...
+ 	     */
+-	    if (end->nodesetval->nodeNr <= 0)
++	    if ((end->nodesetval == NULL) || (end->nodesetval->nodeNr <= 0))
+ 		return(NULL);
+ 	    endNode = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
+ 	    endIndex = -1;
+@@ -1361,7 +1361,7 @@ xmlXPtrEval(const xmlChar *str, xmlXPathContextPtr ctx) {
+ 		     */
+ 		    xmlNodeSetPtr set;
+ 		    set = tmp->nodesetval;
+-		    if ((set->nodeNr != 1) ||
++		    if ((set == NULL) || (set->nodeNr != 1) ||
+ 			(set->nodeTab[0] != (xmlNodePtr) ctx->doc))
+ 			stack++;
+ 		} else
+@@ -2034,9 +2034,11 @@ xmlXPtrRangeFunction(xmlXPathParserContextPtr ctxt, int nargs) {
+ 	xmlXPathFreeObject(set);
+         XP_ERROR(XPATH_MEMORY_ERROR);
+     }
+-    for (i = 0;i < oldset->locNr;i++) {
+-	xmlXPtrLocationSetAdd(newset,
+-		xmlXPtrCoveringRange(ctxt, oldset->locTab[i]));
++    if (oldset != NULL) {
++        for (i = 0;i < oldset->locNr;i++) {
++            xmlXPtrLocationSetAdd(newset,
++                    xmlXPtrCoveringRange(ctxt, oldset->locTab[i]));
++        }
+     }
+ 
+     /*
+-- 
+2.1.4
+

libs/libxml2/patches/0008-Fix-attribute-decoding-during-XML-schema-validation.patch

@@ -0,0 +1,66 @@
+From 256366ed60f8795279b25f7b7b55e8089b4c6ff4 Mon Sep 17 00:00:00 2001
+From: Alex Henrie <alexhenrie24@gmail.com>
+Date: Thu, 26 May 2016 17:38:35 -0600
+Subject: [PATCH] Fix attribute decoding during XML schema validation
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=766834
+
+vctxt->parserCtxt is always NULL in xmlSchemaSAXHandleStartElementNs,
+so this function can't call xmlStringLenDecodeEntities to decode the
+entities.
+---
+ xmlschemas.c | 30 +++++++++++++++++++++++++-----
+ 1 file changed, 25 insertions(+), 5 deletions(-)
+
+diff --git a/xmlschemas.c b/xmlschemas.c
+index e1b3a4f..59535e5 100644
+--- a/xmlschemas.c
++++ b/xmlschemas.c
+@@ -27391,6 +27391,7 @@ xmlSchemaSAXHandleStartElementNs(void *ctx,
+     * attributes yet.
+     */
+     if (nb_attributes != 0) {
++	int valueLen, k, l;
+ 	xmlChar *value;
+ 
+         for (j = 0, i = 0; i < nb_attributes; i++, j += 5) {
+@@ -27400,12 +27401,31 @@ xmlSchemaSAXHandleStartElementNs(void *ctx,
+ 	    * libxml2 differs from normal SAX here in that it escapes all ampersands
+ 	    * as &#38; instead of delivering the raw converted string. Changing the
+ 	    * behavior at this point would break applications that use this API, so
+-	    * we are forced to work around it. There is no danger of accidentally
+-	    * decoding some entity other than &#38; in this step because without
+-	    * unescaped ampersands there can be no other entities in the string.
++	    * we are forced to work around it.
+ 	    */
+-	    value = xmlStringLenDecodeEntities(vctxt->parserCtxt, attributes[j+3],
+-		attributes[j+4] - attributes[j+3], XML_SUBSTITUTE_REF, 0, 0, 0);
++	    valueLen = attributes[j+4] - attributes[j+3];
++	    value = xmlMallocAtomic(valueLen + 1);
++	    if (value == NULL) {
++		xmlSchemaVErrMemory(vctxt,
++		    "allocating string for decoded attribute",
++		    NULL);
++		goto internal_error;
++	    }
++	    for (k = 0, l = 0; k < valueLen; l++) {
++		if (k < valueLen - 4 &&
++		    attributes[j+3][k+0] == '&' &&
++		    attributes[j+3][k+1] == '#' &&
++		    attributes[j+3][k+2] == '3' &&
++		    attributes[j+3][k+3] == '8' &&
++		    attributes[j+3][k+4] == ';') {
++		    value[l] = '&';
++		    k += 5;
++		} else {
++		    value[l] = attributes[j+3][k];
++		    k++;
++		}
++	    }
++	    value[l] = '\0';
+ 	    /*
+ 	    * TODO: Set the node line.
+ 	    */
+-- 
+2.8.3
+

libs/libxml2/patches/0009-Increase-buffer-space-for-port-in-HTTP-redirect-supp.patch

@@ -0,0 +1,34 @@
+From: Daniel Veillard <veillard@redhat.com>
+Date: Fri, 7 Apr 2017 17:13:28 +0200
+Subject: Increase buffer space for port in HTTP redirect support
+Origin: https://git.gnome.org/browse/libxml2/commit/?id=5dca9eea1bd4263bfa4d037ab2443de1cd730f7e
+Bug: https://bugzilla.gnome.org/show_bug.cgi?id=780690
+Bug-Debian: https://bugs.debian.org/870865
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-7376
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=780690
+
+nanohttp.c: the code wrongly assumed a short int port value.
+---
+ nanohttp.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/nanohttp.c b/nanohttp.c
+index e109ad75..373425de 100644
+--- a/nanohttp.c
++++ b/nanohttp.c
+@@ -1423,9 +1423,9 @@ retry:
+     if (ctxt->port != 80) {
+ 	/* reserve space for ':xxxxx', incl. potential proxy */
+ 	if (proxy)
+-	    blen += 12;
++	    blen += 17;
+ 	else
+-	    blen += 6;
++	    blen += 11;
+     }
+     bp = (char*)xmlMallocAtomic(blen);
+     if ( bp == NULL ) {
+-- 
+2.11.0
+

libs/libxml2/patches/0010-Prevent-unwanted-external-entity-reference.patch

@@ -0,0 +1,38 @@
+From: Neel Mehta <nmehta@google.com>
+Date: Fri, 7 Apr 2017 17:43:02 +0200
+Subject: Prevent unwanted external entity reference
+Origin: https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e
+Bug: https://bugzilla.gnome.org/show_bug.cgi?id=780691
+Bug-Debian: https://bugs.debian.org/870867
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-7375
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=780691
+
+* parser.c: add a specific check to avoid PE reference
+---
+ parser.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/parser.c b/parser.c
+index 609a2703..c2c812de 100644
+--- a/parser.c
++++ b/parser.c
+@@ -8123,6 +8123,15 @@ xmlParsePEReference(xmlParserCtxtPtr ctxt)
+ 	    if (xmlPushInput(ctxt, input) < 0)
+ 		return;
+ 	} else {
++	    if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) &&
++	        ((ctxt->options & XML_PARSE_NOENT) == 0) &&
++		((ctxt->options & XML_PARSE_DTDVALID) == 0) &&
++		((ctxt->options & XML_PARSE_DTDLOAD) == 0) &&
++		((ctxt->options & XML_PARSE_DTDATTR) == 0) &&
++		(ctxt->replaceEntities == 0) &&
++		(ctxt->validate == 0))
++		return;
++
+ 	    /*
+ 	     * TODO !!!
+ 	     * handle the extra spaces added before and after
+-- 
+2.11.0
+

libs/libxml2/patches/0011-Fix-handling-of-parameter-entity-references.patch

@@ -0,0 +1,280 @@
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Mon, 5 Jun 2017 15:37:17 +0200
+Subject: Fix handling of parameter-entity references
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+Origin: https://git.gnome.org/browse/libxml2/commit/?id=e26630548e7d138d2c560844c43820b6767251e3
+Bug: https://bugzilla.gnome.org/show_bug.cgi?id=781205
+Bug-Debian: https://bugs.debian.org/863019
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-9049
+Bug: https://bugzilla.gnome.org/show_bug.cgi?id=781361
+Bug-Debian: https://bugs.debian.org/863018
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-9050
+
+There were two bugs where parameter-entity references could lead to an
+unexpected change of the input buffer in xmlParseNameComplex and
+xmlDictLookup being called with an invalid pointer.
+
+Percent sign in DTD Names
+=========================
+
+The NEXTL macro used to call xmlParserHandlePEReference. When parsing
+"complex" names inside the DTD, this could result in entity expansion
+which created a new input buffer. The fix is to simply remove the call
+to xmlParserHandlePEReference from the NEXTL macro. This is safe because
+no users of the macro require expansion of parameter entities.
+
+- xmlParseNameComplex
+- xmlParseNCNameComplex
+- xmlParseNmtoken
+
+The percent sign is not allowed in names, which are grammatical tokens.
+
+- xmlParseEntityValue
+
+Parameter-entity references in entity values are expanded but this
+happens in a separate step in this function.
+
+- xmlParseSystemLiteral
+
+Parameter-entity references are ignored in the system literal.
+
+- xmlParseAttValueComplex
+- xmlParseCharDataComplex
+- xmlParseCommentComplex
+- xmlParsePI
+- xmlParseCDSect
+
+Parameter-entity references are ignored outside the DTD.
+
+- xmlLoadEntityContent
+
+This function is only called from xmlStringLenDecodeEntities and
+entities are replaced in a separate step immediately after the function
+call.
+
+This bug could also be triggered with an internal subset and double
+entity expansion.
+
+This fixes bug 766956 initially reported by Wei Lei and independently by
+Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone
+involved.
+
+xmlParseNameComplex with XML_PARSE_OLD10
+========================================
+
+When parsing Names inside an expanded parameter entity with the
+XML_PARSE_OLD10 option, xmlParseNameComplex would call xmlGROW via the
+GROW macro if the input buffer was exhausted. At the end of the
+parameter entity's replacement text, this function would then call
+xmlPopInput which invalidated the input buffer.
+
+There should be no need to invoke GROW in this situation because the
+buffer is grown periodically every XML_PARSER_CHUNK_SIZE characters and,
+at least for UTF-8, in xmlCurrentChar. This also matches the code path
+executed when XML_PARSE_OLD10 is not set.
+
+This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050).
+Thanks to Marcel Böhme and Thuan Pham for the report.
+
+Additional hardening
+====================
+
+A separate check was added in xmlParseNameComplex to validate the
+buffer size.
+---
+ Makefile.am                     | 18 ++++++++++++++++++
+ parser.c                        | 18 ++++++++++--------
+ result/errors10/781205.xml      |  0
+ result/errors10/781205.xml.err  | 21 +++++++++++++++++++++
+ result/errors10/781361.xml      |  0
+ result/errors10/781361.xml.err  | 13 +++++++++++++
+ result/valid/766956.xml         |  0
+ result/valid/766956.xml.err     |  9 +++++++++
+ result/valid/766956.xml.err.rdr | 10 ++++++++++
+ runtest.c                       |  3 +++
+ test/errors10/781205.xml        |  3 +++
+ test/errors10/781361.xml        |  3 +++
+ test/valid/766956.xml           |  2 ++
+ test/valid/dtds/766956.dtd      |  2 ++
+ 14 files changed, 94 insertions(+), 8 deletions(-)
+ create mode 100644 result/errors10/781205.xml
+ create mode 100644 result/errors10/781205.xml.err
+ create mode 100644 result/errors10/781361.xml
+ create mode 100644 result/errors10/781361.xml.err
+ create mode 100644 result/valid/766956.xml
+ create mode 100644 result/valid/766956.xml.err
+ create mode 100644 result/valid/766956.xml.err.rdr
+ create mode 100644 test/errors10/781205.xml
+ create mode 100644 test/errors10/781361.xml
+ create mode 100644 test/valid/766956.xml
+ create mode 100644 test/valid/dtds/766956.dtd
+
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -422,6 +422,24 @@ Errtests : xmllint$(EXEEXT)
+ 	      if [ -n "$$log" ] ; then echo $$name result ; echo $$log ; fi ; \
+ 	      rm result.$$name error.$$name ; \
+ 	  fi ; fi ; done)
++	@echo "## Error cases regression tests (old 1.0)"
++	-@(for i in $(srcdir)/test/errors10/*.xml ; do \
++	  name=`basename $$i`; \
++	  if [ ! -d $$i ] ; then \
++	  if [ ! -f $(srcdir)/result/errors10/$$name ] ; then \
++	      echo New test file $$name ; \
++	      $(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i \
++	         2> $(srcdir)/result/errors10/$$name.err \
++		 > $(srcdir)/result/errors10/$$name ; \
++	      grep "MORY ALLO" .memdump  | grep -v "MEMORY ALLOCATED : 0"; \
++	  else \
++	      log=`$(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i 2> error.$$name > result.$$name ; \
++	      grep "MORY ALLO" .memdump  | grep -v "MEMORY ALLOCATED : 0"; \
++	      diff $(srcdir)/result/errors10/$$name result.$$name ; \
++	      diff $(srcdir)/result/errors10/$$name.err error.$$name` ; \
++	      if [ -n "$$log" ] ; then echo $$name result ; echo "$$log" ; fi ; \
++	      rm result.$$name error.$$name ; \
++	  fi ; fi ; done)
+ 	@echo "## Error cases stream regression tests"
+ 	-@(for i in $(srcdir)/test/errors/*.xml ; do \
+ 	  name=`basename $$i`; \
+--- a/parser.c
++++ b/parser.c
+@@ -2115,7 +2115,6 @@ static void xmlGROW (xmlParserCtxtPtr ct
+ 	ctxt->input->line++; ctxt->input->col = 1;			\
+     } else ctxt->input->col++;						\
+     ctxt->input->cur += l;				\
+-    if (*ctxt->input->cur == '%') xmlParserHandlePEReference(ctxt);	\
+   } while (0)
+ 
+ #define CUR_CHAR(l) xmlCurrentChar(ctxt, &l)
+@@ -3406,13 +3405,6 @@ xmlParseNameComplex(xmlParserCtxtPtr ctx
+ 	    len += l;
+ 	    NEXTL(l);
+ 	    c = CUR_CHAR(l);
+-	    if (c == 0) {
+-		count = 0;
+-		GROW;
+-                if (ctxt->instate == XML_PARSER_EOF)
+-                    return(NULL);
+-		c = CUR_CHAR(l);
+-	    }
+ 	}
+     }
+     if ((len > XML_MAX_NAME_LENGTH) &&
+@@ -3420,6 +3412,16 @@ xmlParseNameComplex(xmlParserCtxtPtr ctx
+         xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name");
+         return(NULL);
+     }
++    if (ctxt->input->cur - ctxt->input->base < len) {
++        /*
++         * There were a couple of bugs where PERefs lead to to a change
++         * of the buffer. Check the buffer size to avoid passing an invalid
++         * pointer to xmlDictLookup.
++         */
++        xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR,
++                    "unexpected change of input buffer");
++        return (NULL);
++    }
+     if ((*ctxt->input->cur == '\n') && (ctxt->input->cur[-1] == '\r'))
+         return(xmlDictLookup(ctxt->dict, ctxt->input->cur - (len + 1), len));
+     return(xmlDictLookup(ctxt->dict, ctxt->input->cur - len, len));
+--- /dev/null
++++ b/result/errors10/781205.xml.err
+@@ -0,0 +1,21 @@
++Entity: line 1: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
++
++ %a; 
++    ^
++Entity: line 1: 
++<:0000
++^
++Entity: line 1: parser error : DOCTYPE improperly terminated
++ %a; 
++    ^
++Entity: line 1: 
++<:0000
++^
++namespace error : Failed to parse QName ':0000'
++ %a; 
++    ^
++<:0000
++      ^
++./test/errors10/781205.xml:4: parser error : Couldn't find end of Start Tag :0000 line 1
++
++^
+--- /dev/null
++++ b/result/errors10/781361.xml.err
+@@ -0,0 +1,13 @@
++./test/errors10/781361.xml:4: parser error : xmlParseElementDecl: 'EMPTY', 'ANY' or '(' expected
++
++^
++./test/errors10/781361.xml:4: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
++
++
++^
++./test/errors10/781361.xml:4: parser error : DOCTYPE improperly terminated
++
++^
++./test/errors10/781361.xml:4: parser error : Start tag expected, '<' not found
++
++^
+--- /dev/null
++++ b/result/valid/766956.xml.err
+@@ -0,0 +1,9 @@
++test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
++%ä%ent;
++   ^
++Entity: line 1: parser error : Content error in the external subset
++ %ent; 
++      ^
++Entity: line 1: 
++value
++^
+--- /dev/null
++++ b/result/valid/766956.xml.err.rdr
+@@ -0,0 +1,10 @@
++test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
++%ä%ent;
++   ^
++Entity: line 1: parser error : Content error in the external subset
++ %ent; 
++      ^
++Entity: line 1: 
++value
++^
++./test/valid/766956.xml : failed to parse
+--- a/runtest.c
++++ b/runtest.c
+@@ -4202,6 +4202,9 @@ testDesc testDescriptions[] = {
+     { "Error cases regression tests",
+       errParseTest, "./test/errors/*.xml", "result/errors/", "", ".err",
+       0 },
++    { "Error cases regression tests (old 1.0)",
++      errParseTest, "./test/errors10/*.xml", "result/errors10/", "", ".err",
++      XML_PARSE_OLD10 },
+ #ifdef LIBXML_READER_ENABLED
+     { "Error cases stream regression tests",
+       streamParseTest, "./test/errors/*.xml", "result/errors/", NULL, ".str",
+--- /dev/null
++++ b/test/errors10/781205.xml
+@@ -0,0 +1,3 @@
++<!DOCTYPE D [
++  <!ENTITY % a "<:0000">
++  %a;
+--- /dev/null
++++ b/test/errors10/781361.xml
+@@ -0,0 +1,3 @@
++<!DOCTYPE doc [
++  <!ENTITY % elem "<!ELEMENT e0000000000">
++  %elem;
+--- /dev/null
++++ b/test/valid/766956.xml
+@@ -0,0 +1,2 @@
++<!DOCTYPE test SYSTEM "dtds/766956.dtd">
++<test/>
+--- /dev/null
++++ b/test/valid/dtds/766956.dtd
+@@ -0,0 +1,2 @@
++<!ENTITY % ent "value">
++%ä%ent;

libs/libxml2/patches/0013-Fix-type-confusion-in-xmlValidateOneNamespace.patch

@@ -0,0 +1,46 @@
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Tue, 6 Jun 2017 12:56:28 +0200
+Subject: Fix type confusion in xmlValidateOneNamespace
+Origin: https://git.gnome.org/browse/libxml2/commit/?id=92b9e8c8b3787068565a1820ba575d042f9eec66
+Bug: https://bugzilla.gnome.org/show_bug.cgi?id=780228
+Bug-Debian: https://bugs.debian.org/870870
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-0663
+
+Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types on
+namespace declarations make no practical sense anyway.
+
+Fixes bug 780228.
+
+Found with libFuzzer and ASan.
+---
+ valid.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/valid.c b/valid.c
+index 8075d3a0..c51ea290 100644
+--- a/valid.c
++++ b/valid.c
+@@ -4627,6 +4627,12 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
+ 	}
+     }
+ 
++    /*
++     * Casting ns to xmlAttrPtr is wrong. We'd need separate functions
++     * xmlAddID and xmlAddRef for namespace declarations, but it makes
++     * no practical sense to use ID types anyway.
++     */
++#if 0
+     /* Validity Constraint: ID uniqueness */
+     if (attrDecl->atype == XML_ATTRIBUTE_ID) {
+         if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
+@@ -4638,6 +4644,7 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
+         if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
+ 	    ret = 0;
+     }
++#endif
+ 
+     /* Validity Constraint: Notation Attributes */
+     if (attrDecl->atype == XML_ATTRIBUTE_NOTATION) {
+-- 
+2.11.0
+

libs/libxml2/patches/0014-Fix-XPath-stack-frame-logic.patch

@@ -0,0 +1,39 @@
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Thu, 1 Jun 2017 23:12:19 +0200
+Subject: Fix XPath stack frame logic
+Origin: https://git.gnome.org/browse/libxml2/commit/?id=0f3b843b3534784ef57a4f9b874238aa1fda5a73
+Bug-Debian: https://bugs.debian.org/883790
+Bug: https://bugzilla.gnome.org/show_bug.cgi?id=783160
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-15412
+
+Move the calls to xmlXPathSetFrame and xmlXPathPopFrame around in
+xmlXPathCompOpEvalPositionalPredicate to make sure that the context
+object on the stack is actually protected. Otherwise, memory corruption
+can occur when calling sloppily coded XPath extension functions.
+
+Fixes bug 783160.
+---
+ xpath.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/xpath.c b/xpath.c
+index 94815075..b816bd36 100644
+--- a/xpath.c
++++ b/xpath.c
+@@ -11932,11 +11932,11 @@ xmlXPathCompOpEvalPositionalPredicate(xmlXPathParserContextPtr ctxt,
+ 		}
+ 	    }
+
+-            frame = xmlXPathSetFrame(ctxt);
+ 	    valuePush(ctxt, contextObj);
++            frame = xmlXPathSetFrame(ctxt);
+ 	    res = xmlXPathCompOpEvalToBoolean(ctxt, exprOp, 1);
+-            tmp = valuePop(ctxt);
+             xmlXPathPopFrame(ctxt, frame);
++            tmp = valuePop(ctxt);
+
+ 	    if ((ctxt->error != XPATH_EXPRESSION_OK) || (res == -1)) {
+                 while (tmp != contextObj) {
+--
+2.15.1
+

libs/libxslt/Makefile

@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2014 OpenWrt.org
+# Copyright (C) 2014 - 2018 OpenWrt.org
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libxslt
 PKG_VERSION:=1.1.28
-PKG_RELEASE:=2
+PKG_RELEASE:=4
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:= \
@@ -64,6 +64,7 @@ define Package/xsltproc/description
 endef
 
 CONFIGURE_ARGS+= \
+	--disable-silent-rules \
 	--enable-shared \
 	--enable-static \
 	--without-python \

libs/libxslt/patches/0005-Fix-a-couple-of-places-where-f-printf-parameters-wer.patch

@@ -0,0 +1,48 @@
+From: Daniel Veillard <veillard@redhat.com>
+Date: Wed, 30 Jan 2013 16:31:37 +0000
+Subject: Fix a couple of places where (f)printf parameters were broken
+
+As reported by Thomas Jarosch <thomas.jarosch@intra2net.com>
+---
+ python/libxslt.c    |   10 +++++-----
+ xsltproc/xsltproc.c |    2 +-
+ 2 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/python/libxslt.c b/python/libxslt.c
+index 6a4f1c3..8dd6c78 100644
+--- a/python/libxslt.c
++++ b/python/libxslt.c
+@@ -356,15 +356,15 @@ libxslt_xsltRegisterExtModuleElement(PyObject *self ATTRIBUTE_UNUSED,
+     PyObject *pyobj_element_f;
+     PyObject *pyobj_precomp_f;
+ 
+-#ifdef DEBUG_EXTENSIONS
+-    printf("libxslt_xsltRegisterExtModuleElement called\n",
+-	   name, ns_uri);
+-#endif
+-
+     if (!PyArg_ParseTuple(args, (char *)"szOO:registerExtModuleElement",
+ 		          &name, &ns_uri, &pyobj_precomp_f, &pyobj_element_f))
+         return(NULL);
+ 
++#ifdef DEBUG_EXTENSIONS
++    printf("libxslt_xsltRegisterExtModuleElement called: %s %s\n",
++	   name, ns_uri);
++#endif
++
+     if ((name == NULL) || (pyobj_element_f == NULL) || (pyobj_precomp_f == NULL)) {
+ 	py_retval = libxml_intWrap(-1);
+ 	return(py_retval);
+diff --git a/xsltproc/xsltproc.c b/xsltproc/xsltproc.c
+index 9ec4b76..33beddf 100644
+--- a/xsltproc/xsltproc.c
++++ b/xsltproc/xsltproc.c
+@@ -319,7 +319,7 @@ static void endTimer(char *format, ...)
+     va_start(ap, format);
+     vfprintf(stderr,format,ap);
+     va_end(ap);
+-    fprintf(stderr, " was not timed\n", msec);
++    fprintf(stderr, " was not timed\n");
+ #else
+   /* We don't have gettimeofday, time or stdarg.h, what crazy world is
+    * this ?!

libs/libxslt/patches/0006-Initialize-pseudo-random-number-generator-with-curre.patch

@@ -0,0 +1,56 @@
+From: Nils Werner <wernerns@iis.fraunhofer.de>
+Date: Thu, 24 Jan 2013 18:44:03 +0000
+Subject: Initialize pseudo random number generator with current time or
+ optional command line parameter
+
+---
+ xsltproc/xsltproc.c |   15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+
+diff --git a/xsltproc/xsltproc.c b/xsltproc/xsltproc.c
+index 33beddf..7d1fe61 100644
+--- a/xsltproc/xsltproc.c
++++ b/xsltproc/xsltproc.c
+@@ -514,6 +514,7 @@ static void usage(const char *name) {
+     printf("\t--maxdepth val : increase the maximum depth (default %d)\n", xsltMaxDepth);
+     printf("\t--maxvars val : increase the maximum variables (default %d)\n", xsltMaxVars);
+     printf("\t--maxparserdepth val : increase the maximum parser depth\n");
++    printf("\t--seed-rand val : initialize pseudo random number generator with specific seed\n");
+ #ifdef LIBXML_HTML_ENABLED
+     printf("\t--html: the input document is(are) an HTML file(s)\n");
+ #endif
+@@ -556,6 +557,7 @@ main(int argc, char **argv)
+         return (1);
+     }
+ 
++    srand(time(NULL));
+     xmlInitMemory();
+ 
+     LIBXML_TEST_VERSION
+@@ -750,6 +752,15 @@ main(int argc, char **argv)
+                 if (value > 0)
+                     xmlParserMaxDepth = value;
+             }
++        } else if ((!strcmp(argv[i], "-seed-rand")) ||
++                   (!strcmp(argv[i], "--seed-rand"))) {
++            int value;
++
++            i++;
++            if (sscanf(argv[i], "%d", &value) == 1) {
++                if (value > 0)
++                    srand(value);
++            }
+         } else if ((!strcmp(argv[i],"-dumpextensions"))||
+ 			(!strcmp(argv[i],"--dumpextensions"))) {
+ 		dumpextensions++;
+@@ -786,6 +797,10 @@ main(int argc, char **argv)
+             (!strcmp(argv[i], "--maxparserdepth"))) {
+             i++;
+             continue;
++        } else if ((!strcmp(argv[i], "-seed-rand")) ||
++            (!strcmp(argv[i], "--seed-rand"))) {
++            i++;
++            continue;
+         } else if ((!strcmp(argv[i], "-o")) ||
+                    (!strcmp(argv[i], "-output")) ||
+                    (!strcmp(argv[i], "--output"))) {

libs/libxslt/patches/0007-EXSLT-function-str-replace-is-broken-as-is.patch

@@ -0,0 +1,38 @@
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Mon, 1 Jul 2013 13:10:10 +0000
+Subject: EXSLT function str:replace() is broken as-is
+
+the str:replace() function is no longer usable without a transform
+context. I take it from the bug report that it is not supposed to be used
+from plain XPath but only from XSLT according to the EXSLT specification.
+
+However, the previous implementation used to work in XPath and is still
+registered on an xmlXPathContext by the exsltStrXpathCtxtRegister()
+function. When called from plain XPath, it results in a memory error in
+line 526 (exsltStrReturnString()) of strings.c because xsltCreateRVT()
+returns NULL as an error indicator due to a NULL transform context being
+passed in, which was the return value from xsltXPathGetTransformContext() a
+bit further up (and the code doesn't validate that).
+
+Since fixing the function looks impossible, best is to remove it.
+---
+ libexslt/strings.c |    6 +-----
+ 1 file changed, 1 insertion(+), 5 deletions(-)
+
+diff --git a/libexslt/strings.c b/libexslt/strings.c
+index 045cc14..c0c7a18 100644
+--- a/libexslt/strings.c
++++ b/libexslt/strings.c
+@@ -838,11 +838,7 @@ exsltStrXpathCtxtRegister (xmlXPathContextPtr ctxt, const xmlChar *prefix)
+         && !xmlXPathRegisterFuncNS(ctxt,
+                                    (const xmlChar *) "concat",
+                                    (const xmlChar *) EXSLT_STRINGS_NAMESPACE,
+-                                   exsltStrConcatFunction)
+-        && !xmlXPathRegisterFuncNS(ctxt,
+-                                   (const xmlChar *) "replace",
+-                                   (const xmlChar *) EXSLT_STRINGS_NAMESPACE,
+-                                   exsltStrReplaceFunction)) {
++                                   exsltStrConcatFunction)) {
+         return 0;
+     }
+     return -1;

libs/libxslt/patches/0008-Fix-quoting-of-xlocale-test-program-in-configure.in.patch

@@ -0,0 +1,43 @@
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Tue, 30 Jul 2013 11:57:28 +0000
+Subject: Fix quoting of xlocale test program in configure.in
+
+Double square brackets aren't needed anymore, probably due to the
+changes in commit a2cd8a03.
+---
+ configure.in |   14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/configure.in b/configure.in
+index 767e980..ac004fe 100644
+--- a/configure.in
++++ b/configure.in
+@@ -196,21 +196,21 @@ typedef locale_t xsltLocale;
+ #endif
+ ]],[[
+     xsltLocale locale;
+-    const char *src[[2]] = { "\xc3\x84rger", "Zeppelin" };
+-    char *dst[[2]];
++    const char *src[2] = { "\xc3\x84rger", "Zeppelin" };
++    char *dst[2];
+     size_t len, r;
+     int i;
+ 
+     locale = newlocale(LC_COLLATE_MASK, "en_US.utf8", NULL);
+     if (locale == NULL) exit(1);
+     for (i=0; i<2; ++i) {
+-        len = strxfrm_l(NULL, src[[i]], 0, locale) + 1;
+-        dst[[i]] = malloc(len);
+-        if(dst[[i]] == NULL) exit(1);
+-        r = strxfrm_l(dst[[i]], src[[i]], len, locale);
++        len = strxfrm_l(NULL, src[i], 0, locale) + 1;
++        dst[i] = malloc(len);
++        if(dst[i] == NULL) exit(1);
++        r = strxfrm_l(dst[i], src[i], len, locale);
+         if(r >= len) exit(1);
+     }
+-    if (strcmp(dst[[0]], dst[[1]]) >= 0) exit(1);
++    if (strcmp(dst[0], dst[1]) >= 0) exit(1);
+ 
+     exit(0);
+     return(0);

libs/libxslt/patches/0009-Fix-for-type-confusion-in-preprocessing-attributes.patch

@@ -0,0 +1,24 @@
+From 7ca19df892ca22d9314e95d59ce2abdeff46b617 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Thu, 29 Oct 2015 19:33:23 +0800
+Subject: [PATCH] Fix for type confusion in preprocessing attributes
+
+CVE-2015-7995 http://www.openwall.com/lists/oss-security/2015/10/27/10
+We need to check that the parent node is an element before dereferencing
+its namespace
+---
+ libxslt/preproc.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/libxslt/preproc.c
++++ b/libxslt/preproc.c
+@@ -2245,7 +2245,8 @@ xsltStylePreCompute(xsltStylesheetPtr st
+ 	} else if (IS_XSLT_NAME(inst, "attribute")) {
+ 	    xmlNodePtr parent = inst->parent;
+ 
+-	    if ((parent == NULL) || (parent->ns == NULL) ||
++	    if ((parent == NULL) ||
++	        (parent->type != XML_ELEMENT_NODE) || (parent->ns == NULL) ||
+ 		((parent->ns != inst->ns) &&
+ 		 (!xmlStrEqual(parent->ns->href, inst->ns->href))) ||
+ 		(!xmlStrEqual(parent->name, BAD_CAST "attribute-set"))) {

libs/libxslt/patches/0010-Always-initialize-EXSLT-month-and-day-to-1.patch

@@ -0,0 +1,62 @@
+From 3309feb654036280d2355f8025150a69bfded6e2 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sun, 3 Jan 2016 16:45:24 +0100
+Subject: [PATCH] Always initialize EXSLT month and day to 1
+
+Fixes bug #757970
+https://bugzilla.gnome.org/show_bug.cgi?id=757970
+---
+ libexslt/date.c | 17 +++++++----------
+ 1 file changed, 7 insertions(+), 10 deletions(-)
+
+diff --git a/libexslt/date.c b/libexslt/date.c
+index 9ca993c..272c61b 100644
+--- a/libexslt/date.c
++++ b/libexslt/date.c
+@@ -667,6 +667,11 @@ exsltDateCreateDate (exsltDateType type)
+     }
+     memset (ret, 0, sizeof(exsltDateVal));
+ 
++    if (type != XS_DURATION) {
++        ret->value.date.mon = 1;
++        ret->value.date.day = 1;
++    }
++
+     if (type != EXSLT_UNKNOWN)
+         ret->type = type;
+ 
+@@ -1395,10 +1400,10 @@ _exsltDateTruncateDate (exsltDateValPtr dt, exsltDateType type)
+     }
+ 
+     if ((type & XS_GDAY) != XS_GDAY)
+-        dt->value.date.day = 0;
++        dt->value.date.day = 1;
+ 
+     if ((type & XS_GMONTH) != XS_GMONTH)
+-        dt->value.date.mon = 0;
++        dt->value.date.mon = 1;
+ 
+     if ((type & XS_GYEAR) != XS_GYEAR)
+         dt->value.date.year = 0;
+@@ -1473,18 +1478,10 @@ _exsltDateAdd (exsltDateValPtr dt, exsltDateValPtr dur)
+     d = &(dt->value.date);
+     u = &(dur->value.dur);
+ 
+-    /* normalization */
+-    if (d->mon == 0)
+-        d->mon = 1;
+-
+     /* normalize for time zone offset */
+     u->sec -= (d->tzo * 60);	/* changed from + to - (bug 153000) */
+     d->tzo = 0;
+ 
+-    /* normalization */
+-    if (d->day == 0)
+-        d->day = 1;
+-
+     /* month */
+     carry  = d->mon + u->mon;
+     r->mon = (unsigned int)MODULO_RANGE(carry, 1, 13);
+-- 
+2.8.1
+

libs/libxslt/patches/0011-Fix-use-after-free-in-xsltDocumentFunctionLoadDocume.patch

@@ -0,0 +1,105 @@
+From fc1ff481fd01e9a65a921c542fed68d8c965e8a3 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Thu, 25 Feb 2016 17:16:06 +0100
+Subject: [PATCH] Fix use-after-free in xsltDocumentFunctionLoadDocument
+
+Also fixes a memory leak in an unlikely error case.
+
+Fixes bug #758291
+https://bugzilla.gnome.org/show_bug.cgi?id=758291
+---
+ libxslt/functions.c         |  3 ++-
+ tests/docs/bug-185-data.xml |  5 +++++
+ tests/docs/bug-185.xml      |  2 ++
+ tests/general/bug-185.err   |  3 +++
+ tests/general/bug-185.out   |  0
+ tests/general/bug-185.xsl   | 14 ++++++++++++++
+ 6 files changed, 26 insertions(+), 1 deletion(-)
+ create mode 100644 tests/docs/bug-185-data.xml
+ create mode 100644 tests/docs/bug-185.xml
+ create mode 100644 tests/general/bug-185.err
+ create mode 100644 tests/general/bug-185.out
+ create mode 100644 tests/general/bug-185.xsl
+
+diff --git a/libxslt/functions.c b/libxslt/functions.c
+index 549649c..a5e7021 100644
+--- a/libxslt/functions.c
++++ b/libxslt/functions.c
+@@ -180,7 +180,6 @@ xsltDocumentFunctionLoadDocument(xmlXPathParserContextPtr ctxt, xmlChar* URI)
+     resObj = xmlXPtrEval(fragment, xptrctxt);
+     xmlXPathFreeContext(xptrctxt);
+ #endif
+-    xmlFree(fragment);
+ 
+     if (resObj == NULL)
+ 	goto out_fragment;
+@@ -204,6 +203,7 @@ xsltDocumentFunctionLoadDocument(xmlXPathParserContextPtr ctxt, xmlChar* URI)
+     }
+ 
+     valuePush(ctxt, resObj);
++    xmlFree(fragment);
+     return;
+ 
+ out_object:
+@@ -211,6 +211,7 @@ out_object:
+ 
+ out_fragment:
+     valuePush(ctxt, xmlXPathNewNodeSet(NULL));
++    xmlFree(fragment);
+ }
+ 
+ /**
+diff --git a/tests/docs/bug-185-data.xml b/tests/docs/bug-185-data.xml
+new file mode 100644
+index 0000000..166ef17
+--- /dev/null
++++ b/tests/docs/bug-185-data.xml
+@@ -0,0 +1,5 @@
++<!DOCTYPE test [ <!ATTLIST A id ID #REQUIRED> ] >
++<test>
++  <A id="X"/>
++  <A id="Y"/>
++</test>
+diff --git a/tests/docs/bug-185.xml b/tests/docs/bug-185.xml
+new file mode 100644
+index 0000000..72bfdc4
+--- /dev/null
++++ b/tests/docs/bug-185.xml
+@@ -0,0 +1,2 @@
++<?xml-stylesheet href="poc.xsl" type="text/xsl"?>
++<in>bug-185-data.xml#xpointer(id('X')/range-to(id('Y')))</in>
+diff --git a/tests/general/bug-185.err b/tests/general/bug-185.err
+new file mode 100644
+index 0000000..d7bbe92
+--- /dev/null
++++ b/tests/general/bug-185.err
+@@ -0,0 +1,3 @@
++runtime error: file ./bug-185.xsl line 7 element copy-of
++document() : XPointer does not select a node set: #xpointer(id('X')/range-to(id('Y')))
++no result for ./../docs/bug-185.xml
+diff --git a/tests/general/bug-185.out b/tests/general/bug-185.out
+new file mode 100644
+index 0000000..e69de29
+diff --git a/tests/general/bug-185.xsl b/tests/general/bug-185.xsl
+new file mode 100644
+index 0000000..1c5c7d1
+--- /dev/null
++++ b/tests/general/bug-185.xsl
+@@ -0,0 +1,14 @@
++<?xml version="1.0" encoding="utf-8"?>
++<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
++  <xsl:template match="in">
++    <annotation>
++      <xsl:copy-of select="."/>
++      <value>
++        <xsl:copy-of select="document(.)"/>
++      </value>
++    </annotation>
++  </xsl:template>
++  <xsl:template match="@*|node()">
++    <xsl:apply-templates/>
++  </xsl:template>
++</xsl:stylesheet>
+-- 
+2.8.1
+

libs/libxslt/patches/0012-Fix-xsltNumberFormatGetMultipleLevel.patch

@@ -0,0 +1,157 @@
+From d182d8f6ba3071503d96ce17395c9d55871f0242 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Tue, 22 Mar 2016 18:20:01 +0100
+Subject: [PATCH] Fix xsltNumberFormatGetMultipleLevel
+
+Namespace nodes are actually an xmlNs, not an xmlNode. They must be
+special-cased in xsltNumberFormatGetMultipleLevel to avoid an
+out-of-bounds heap access.
+
+Move the test whether a node matches the "count" pattern to a separate
+function to make the code more readable. As a side effect, we also
+compare expanded names when walking up the ancestor axis, fixing an
+insignificant bug.
+---
+ libxslt/numbers.c         | 82 +++++++++++++++++++++++++++--------------------
+ tests/docs/bug-186.xml    |  4 +++
+ tests/general/bug-186.out |  5 +++
+ tests/general/bug-186.xsl |  7 ++++
+ 4 files changed, 63 insertions(+), 35 deletions(-)
+ create mode 100644 tests/docs/bug-186.xml
+ create mode 100644 tests/general/bug-186.out
+ create mode 100644 tests/general/bug-186.xsl
+
+--- a/libxslt/numbers.c
++++ b/libxslt/numbers.c
+@@ -532,6 +532,43 @@ xsltNumberFormatInsertNumbers(xsltNumber
+ }
+ 
+ static int
++xsltTestCompMatchCount(xsltTransformContextPtr context,
++                       xmlNodePtr node,
++                       xsltCompMatchPtr countPat,
++                       xmlNodePtr cur)
++{
++    if (countPat != NULL) {
++        return xsltTestCompMatchList(context, node, countPat);
++    }
++    else {
++        /*
++         * 7.7 Numbering
++         *
++         * If count attribute is not specified, then it defaults to the
++         * pattern that matches any node with the same node type as the
++         * current node and, if the current node has an expanded-name, with
++         * the same expanded-name as the current node.
++         */
++        if (node->type != cur->type)
++            return 0;
++        if (node->type == XML_NAMESPACE_DECL)
++            /*
++             * Namespace nodes have no preceding siblings and no parents
++             * that are namespace nodes. This means that node == cur.
++             */
++            return 1;
++        /* TODO: Skip node types without expanded names like text nodes. */
++        if (!xmlStrEqual(node->name, cur->name))
++            return 0;
++        if (node->ns == cur->ns)
++            return 1;
++        if ((node->ns == NULL) || (cur->ns == NULL))
++            return 0;
++        return (xmlStrEqual(node->ns->href, cur->ns->href));
++    }
++}
++
++static int
+ xsltNumberFormatGetAnyLevel(xsltTransformContextPtr context,
+ 			    xmlNodePtr node,
+ 			    xsltCompMatchPtr countPat,
+@@ -564,21 +601,8 @@ xsltNumberFormatGetAnyLevel(xsltTransfor
+ 
+     while (cur != NULL) {
+ 	/* process current node */
+-	if (countPat == NULL) {
+-	    if ((node->type == cur->type) &&
+-		/* FIXME: must use expanded-name instead of local name */
+-		xmlStrEqual(node->name, cur->name)) {
+-		    if ((node->ns == cur->ns) ||
+-		        ((node->ns != NULL) &&
+-			 (cur->ns != NULL) &&
+-		         (xmlStrEqual(node->ns->href,
+-		             cur->ns->href) )))
+-		        cnt++;
+-	    }
+-	} else {
+-	    if (xsltTestCompMatchList(context, cur, countPat))
+-		cnt++;
+-	}
++	if (xsltTestCompMatchCount(context, cur, countPat, node))
++	    cnt++;
+ 	if ((fromPat != NULL) &&
+ 	    xsltTestCompMatchList(context, cur, fromPat)) {
+ 	    break; /* while */
+@@ -637,30 +661,18 @@ xsltNumberFormatGetMultipleLevel(xsltTra
+ 		xsltTestCompMatchList(context, ancestor, fromPat))
+ 		break; /* for */
+ 
+-	    if ((countPat == NULL && node->type == ancestor->type &&
+-		xmlStrEqual(node->name, ancestor->name)) ||
+-		xsltTestCompMatchList(context, ancestor, countPat)) {
++	    if (xsltTestCompMatchCount(context, ancestor, countPat, node)) {
+ 		/* count(preceding-sibling::*) */
+-		cnt = 0;
+-		for (preceding = ancestor;
++		cnt = 1;
++		for (preceding =
++                        xmlXPathNextPrecedingSibling(parser, ancestor);
+ 		     preceding != NULL;
+ 		     preceding =
+ 		        xmlXPathNextPrecedingSibling(parser, preceding)) {
+-		    if (countPat == NULL) {
+-			if ((preceding->type == ancestor->type) &&
+-			    xmlStrEqual(preceding->name, ancestor->name)){
+-			    if ((preceding->ns == ancestor->ns) ||
+-			        ((preceding->ns != NULL) &&
+-				 (ancestor->ns != NULL) &&
+-			         (xmlStrEqual(preceding->ns->href,
+-			             ancestor->ns->href) )))
+-			        cnt++;
+-			}
+-		    } else {
+-			if (xsltTestCompMatchList(context, preceding,
+-				                  countPat))
+-			    cnt++;
+-		    }
++
++	            if (xsltTestCompMatchCount(context, preceding, countPat,
++                                               node))
++			cnt++;
+ 		}
+ 		array[amount++] = (double)cnt;
+ 		if (amount >= max)
+--- /dev/null
++++ b/tests/docs/bug-186.xml
+@@ -0,0 +1,4 @@
++<top xmlns:a="AAAA" xmlns:b="BBBB" xmlns:c="CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC">
++<foo/>
++<bar/>
++</top>
+--- /dev/null
++++ b/tests/general/bug-186.out
+@@ -0,0 +1,5 @@
++<?xml version="1.0"?>
++
++1111
++1111
++
+--- /dev/null
++++ b/tests/general/bug-186.xsl
+@@ -0,0 +1,7 @@
++<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
++ <xsl:template match="*/*">
++  <xsl:for-each select="namespace::*">
++   <xsl:number/>
++  </xsl:for-each>
++ </xsl:template>
++</xsl:stylesheet>

libs/libxslt/patches/0013-Round-xsl-number-values-to-nearest-integer.patch

@@ -0,0 +1,26 @@
+From 345e0bfb1c1131155a32dfbdfc8f78d1c602dc40 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sun, 10 Apr 2016 12:50:02 +0200
+Subject: [PATCH] Round xsl:number values to nearest integer
+
+This matches XSLT 2.0 behavior.
+---
+ libxslt/numbers.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libxslt/numbers.c b/libxslt/numbers.c
+index 184ee6f..eb087bc 100644
+--- a/libxslt/numbers.c
++++ b/libxslt/numbers.c
+@@ -440,6 +440,8 @@ xsltNumberFormatInsertNumbers(xsltNumberDataPtr data,
+     for (i = 0; i < numbers_max; i++) {
+ 	/* Insert number */
+ 	number = numbers[(numbers_max - 1) - i];
++        /* Round to nearest like XSLT 2.0 */
++        number = floor(number + 0.5);
+ 	if (i < tokens->nTokens) {
+ 	  /*
+ 	   * The "n"th format token will be used to format the "n"th
+-- 
+2.8.1
+

libs/libxslt/patches/0014-Handle-negative-xsl-number-values.patch

@@ -0,0 +1,51 @@
+From 69ec3da1b653024aca6515ddd4adc91919dd188e Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sun, 10 Apr 2016 12:51:57 +0200
+Subject: [PATCH] Handle negative xsl:number values
+
+According to XSLT 2.0, negative values are a non-recoverable dynamic error.
+Print an error message and treat negative values as zero.
+
+Fixes an OOB array access in xsltNumberFormatAlpha.
+---
+ libxslt/numbers.c | 17 ++++++++++++++++-
+ 1 file changed, 16 insertions(+), 1 deletion(-)
+
+diff --git a/libxslt/numbers.c b/libxslt/numbers.c
+index eb087bc..a3cabcf 100644
+--- a/libxslt/numbers.c
++++ b/libxslt/numbers.c
+@@ -246,7 +246,7 @@ xsltNumberFormatAlpha(xmlBufferPtr buffer,
+ 	number--;
+ 	*(--pointer) = alpha_list[((int)fmod(number, alpha_size))];
+ 	number /= alpha_size;
+-	if (fabs(number) < 1.0)
++	if (number < 1.0)
+ 	    break; /* for */
+     }
+     xmlBufferCCat(buffer, pointer);
+@@ -442,6 +442,21 @@ xsltNumberFormatInsertNumbers(xsltNumberDataPtr data,
+ 	number = numbers[(numbers_max - 1) - i];
+         /* Round to nearest like XSLT 2.0 */
+         number = floor(number + 0.5);
++        /*
++         * XSLT 1.0 isn't clear on how to handle negative numbers, but XSLT
++         * 2.0 says:
++         *
++         *     It is a non-recoverable dynamic error if any undiscarded item
++         *     in the atomized sequence supplied as the value of the value
++         *     attribute of xsl:number cannot be converted to an integer, or
++         *     if the resulting integer is less than 0 (zero).
++         */
++        if (number < 0.0) {
++            xsltTransformError(NULL, NULL, NULL,
++                    "xsl-number : negative value\n");
++            /* Recover by treating negative values as zero. */
++            number = 0.0;
++        }
+ 	if (i < tokens->nTokens) {
+ 	  /*
+ 	   * The "n"th format token will be used to format the "n"th
+-- 
+2.8.1
+

libs/libxslt/patches/0015-Lower-bound-for-format-token-a.patch

@@ -0,0 +1,75 @@
+From 405034286fbdd6166229335b7203a41bf53b40fc Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sun, 10 Apr 2016 13:11:31 +0200
+Subject: [PATCH] Lower bound for format token "a"
+
+Handle xsl:number with format "a" and value 0 according to XSLT 2.0.
+
+Fixes an OOB array access in xsltNumberFormatAlpha.
+---
+ libxslt/numbers.c | 33 ++++++++++++++++++++++++---------
+ 1 file changed, 24 insertions(+), 9 deletions(-)
+
+diff --git a/libxslt/numbers.c b/libxslt/numbers.c
+index a3cabcf..af52883 100644
+--- a/libxslt/numbers.c
++++ b/libxslt/numbers.c
+@@ -227,7 +227,8 @@ xsltNumberFormatDecimal(xmlBufferPtr buffer,
+ }
+ 
+ static void
+-xsltNumberFormatAlpha(xmlBufferPtr buffer,
++xsltNumberFormatAlpha(xsltNumberDataPtr data,
++		      xmlBufferPtr buffer,
+ 		      double number,
+ 		      int is_upper)
+ {
+@@ -237,6 +238,26 @@ xsltNumberFormatAlpha(xmlBufferPtr buffer,
+     char *alpha_list;
+     double alpha_size = (double)(sizeof(alpha_upper_list) - 1);
+ 
++    /*
++     * XSLT 1.0 isn't clear on how to handle zero, but XSLT 2.0 says:
++     *
++     *     For all format tokens other than the first kind above (one that
++     *     consists of decimal digits), there may be implementation-defined
++     *     lower and upper bounds on the range of numbers that can be
++     *     formatted using this format token; indeed, for some numbering
++     *     sequences there may be intrinsic limits. [...] Numbers that fall
++     *     outside this range must be formatted using the format token 1.
++     *
++     * The "a" token has an intrinsic lower limit of 1.
++     */
++    if (number < 1.0) {
++        xsltNumberFormatDecimal(buffer, number, '0', 1,
++                                data->digitsPerGroup,
++                                data->groupingCharacter,
++                                data->groupingCharacterLen);
++        return;
++    }
++
+     /* Build buffer from back */
+     pointer = &temp_string[sizeof(temp_string)];
+     *(--pointer) = 0;
+@@ -500,16 +521,10 @@ xsltNumberFormatInsertNumbers(xsltNumberDataPtr data,
+ 
+ 		switch (token->token) {
+ 		case 'A':
+-		    xsltNumberFormatAlpha(buffer,
+-					  number,
+-					  TRUE);
+-
++		    xsltNumberFormatAlpha(data, buffer, number, TRUE);
+ 		    break;
+ 		case 'a':
+-		    xsltNumberFormatAlpha(buffer,
+-					  number,
+-					  FALSE);
+-
++		    xsltNumberFormatAlpha(data, buffer, number, FALSE);
+ 		    break;
+ 		case 'I':
+ 		    xsltNumberFormatRoman(buffer,
+-- 
+2.8.1
+

libs/libxslt/patches/0016-Lower-and-upper-bound-for-format-token-i.patch

@@ -0,0 +1,64 @@
+From 91d0540ac9beaa86719a05b749219a69baa0dd8d Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sun, 10 Apr 2016 13:12:28 +0200
+Subject: [PATCH] Lower and upper bound for format token "i"
+
+Handle xsl:number with format "i" and value 0 according to XSLT 2.0.
+
+Also introduce an upper bound to fix a denial of service.
+---
+ libxslt/numbers.c | 25 ++++++++++++++++---------
+ 1 file changed, 16 insertions(+), 9 deletions(-)
+
+diff --git a/libxslt/numbers.c b/libxslt/numbers.c
+index af52883..e769c42 100644
+--- a/libxslt/numbers.c
++++ b/libxslt/numbers.c
+@@ -274,11 +274,24 @@ xsltNumberFormatAlpha(xsltNumberDataPtr data,
+ }
+ 
+ static void
+-xsltNumberFormatRoman(xmlBufferPtr buffer,
++xsltNumberFormatRoman(xsltNumberDataPtr data,
++		      xmlBufferPtr buffer,
+ 		      double number,
+ 		      int is_upper)
+ {
+     /*
++     * See discussion in xsltNumberFormatAlpha. Also use a reasonable upper
++     * bound to avoid denial of service.
++     */
++    if (number < 1.0 || number > 5000.0) {
++        xsltNumberFormatDecimal(buffer, number, '0', 1,
++                                data->digitsPerGroup,
++                                data->groupingCharacter,
++                                data->groupingCharacterLen);
++        return;
++    }
++
++    /*
+      * Based on an example by Jim Walsh
+      */
+     while (number >= 1000.0) {
+@@ -527,16 +540,10 @@ xsltNumberFormatInsertNumbers(xsltNumberDataPtr data,
+ 		    xsltNumberFormatAlpha(data, buffer, number, FALSE);
+ 		    break;
+ 		case 'I':
+-		    xsltNumberFormatRoman(buffer,
+-					  number,
+-					  TRUE);
+-
++		    xsltNumberFormatRoman(data, buffer, number, TRUE);
+ 		    break;
+ 		case 'i':
+-		    xsltNumberFormatRoman(buffer,
+-					  number,
+-					  FALSE);
+-
++		    xsltNumberFormatRoman(data, buffer, number, FALSE);
+ 		    break;
+ 		default:
+ 		    if (IS_DIGIT_ZERO(token->token)) {
+-- 
+2.8.1
+

libs/libxslt/patches/0017-Fix-double-free-in-libexslt-hash-functions.patch

@@ -0,0 +1,57 @@
+From d8862309f08054218b28e2c8f5fb3cb2f650cac7 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Wed, 20 Apr 2016 14:35:43 +0200
+Subject: [PATCH] Fix double free in libexslt hash functions
+
+Thanks to Nicolas Gregoire for the report.
+
+Fixes bug #765271:
+
+https://bugzilla.gnome.org/show_bug.cgi?id=765271
+---
+ libexslt/crypto.c             | 15 +++------------
+ tests/exslt/crypto/hash.1.out |  2 ++
+ tests/exslt/crypto/hash.1.xml |  5 +++++
+ 3 files changed, 10 insertions(+), 12 deletions(-)
+
+--- a/libexslt/crypto.c
++++ b/libexslt/crypto.c
+@@ -498,11 +498,8 @@ exsltCryptoMd4Function (xmlXPathParserCo
+     unsigned char hex[MD5_DIGEST_LENGTH * 2 + 1];
+ 
+     str_len = exsltCryptoPopString (ctxt, nargs, &str);
+-    if (str_len == 0) {
+-	xmlXPathReturnEmptyString (ctxt);
+-	xmlFree (str);
++    if (str_len == 0)
+ 	return;
+-    }
+ 
+     PLATFORM_HASH (ctxt, PLATFORM_MD4, (const char *) str, str_len,
+ 		   (char *) hash);
+@@ -531,11 +528,8 @@ exsltCryptoMd5Function (xmlXPathParserCo
+     unsigned char hex[MD5_DIGEST_LENGTH * 2 + 1];
+ 
+     str_len = exsltCryptoPopString (ctxt, nargs, &str);
+-    if (str_len == 0) {
+-	xmlXPathReturnEmptyString (ctxt);
+-	xmlFree (str);
++    if (str_len == 0)
+ 	return;
+-    }
+ 
+     PLATFORM_HASH (ctxt, PLATFORM_MD5, (const char *) str, str_len,
+ 		   (char *) hash);
+@@ -564,11 +558,8 @@ exsltCryptoSha1Function (xmlXPathParserC
+     unsigned char hex[SHA1_DIGEST_LENGTH * 2 + 1];
+ 
+     str_len = exsltCryptoPopString (ctxt, nargs, &str);
+-    if (str_len == 0) {
+-	xmlXPathReturnEmptyString (ctxt);
+-	xmlFree (str);
++    if (str_len == 0)
+ 	return;
+-    }
+ 
+     PLATFORM_HASH (ctxt, PLATFORM_SHA1, (const char *) str, str_len,
+ 		   (char *) hash);

libs/libxslt/patches/0018-Fix-buffer-overflow-in-exsltDateFormat.patch

@@ -0,0 +1,33 @@
+From 5d0c6565bab5b9b7efceb33b626916d22b4101a7 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Thu, 28 Apr 2016 17:34:27 +0200
+Subject: [PATCH] Fix buffer overflow in exsltDateFormat
+
+Long years can overflow a stack-based buffer on 64-bit platforms by
+up to four bytes.
+
+Thanks to Nicolas Gregoire for the report.
+
+Fixes bug #765380:
+
+https://bugzilla.gnome.org/show_bug.cgi?id=765380
+---
+ libexslt/date.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libexslt/date.c b/libexslt/date.c
+index 272c61b..12c9919 100644
+--- a/libexslt/date.c
++++ b/libexslt/date.c
+@@ -1283,7 +1283,7 @@ exsltDateFormat (const exsltDateValPtr dt)
+     }
+ 
+     if (dt->type & XS_GYEAR) {
+-        xmlChar buf[20], *cur = buf;
++        xmlChar buf[100], *cur = buf;
+ 
+         FORMAT_GYEAR(dt->value.date.year, cur);
+         if (dt->type == XS_GYEARMONTH) {
+-- 
+2.8.1
+

libs/libxslt/patches/0019-Fix-OOB-heap-read-in-xsltExtModuleRegisterDynamic.patch

@@ -0,0 +1,36 @@
+From 87c3d9ea214fc0503fd8130b6dd97431d69cc066 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Thu, 5 May 2016 15:12:48 +0200
+Subject: [PATCH] Fix OOB heap read in xsltExtModuleRegisterDynamic
+
+xsltExtModuleRegisterDynamic would read a byte before the start of a
+string under certain circumstances. I looks like this piece code was
+supposed to strip characters from the end of the extension name, but
+it didn't have any effect. Don't read beyond the beginning of the
+string and actually strip unwanted characters.
+
+Found with afl-fuzz and ASan.
+---
+ libxslt/extensions.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/libxslt/extensions.c b/libxslt/extensions.c
+index 5ad73cb..ae6eef0 100644
+--- a/libxslt/extensions.c
++++ b/libxslt/extensions.c
+@@ -367,8 +367,11 @@ xsltExtModuleRegisterDynamic(const xmlChar * URI)
+         i++;
+     }
+ 
+-    if (*(i - 1) == '_')
++    /* Strip underscores from end of string. */
++    while (i > ext_name && *(i - 1) == '_') {
++        i--;
+         *i = '\0';
++    }
+ 
+     /* determine module directory */
+     ext_directory = (xmlChar *) getenv("LIBXSLT_PLUGINS_PATH");
+-- 
+2.8.1
+

libs/libxslt/patches/0020-Fix-heap-overread-in-xsltFormatNumberConversion.patch

@@ -0,0 +1,26 @@
+From eb1030de31165b68487f288308f9d1810fed6880 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Fri, 10 Jun 2016 14:23:58 +0200
+Subject: [PATCH] Fix heap overread in xsltFormatNumberConversion
+
+An empty decimal-separator could cause a heap overread. This can be
+exploited to leak a couple of bytes after the buffer that holds the
+pattern string.
+
+Found with afl-fuzz and ASan.
+---
+ libxslt/numbers.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/libxslt/numbers.c
++++ b/libxslt/numbers.c
+@@ -1109,7 +1109,8 @@ xsltFormatNumberConversion(xsltDecimalFo
+     }
+ 
+     /* We have finished the integer part, now work on fraction */
+-    if (xsltUTF8Charcmp(the_format, self->decimalPoint) == 0) {
++    if ( (*the_format != 0) &&
++         (xsltUTF8Charcmp(the_format, self->decimalPoint) == 0) ) {
+         format_info.add_decimal = TRUE;
+ 	the_format += xsltUTF8Size(the_format);	/* Skip over the decimal */
+     }

libs/libxslt/patches/0021-Check-for-integer-overflow-in-xsltAddTextString.patch

@@ -0,0 +1,67 @@
+From 08ab2774b870de1c7b5a48693df75e8154addae5 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Thu, 12 Jan 2017 15:39:52 +0100
+Subject: [PATCH] Check for integer overflow in xsltAddTextString
+
+Limit buffer size in xsltAddTextString to INT_MAX. The issue can be
+exploited to trigger an out of bounds write on 64-bit systems.
+
+Originally reported to Chromium:
+
+https://crbug.com/676623
+---
+ libxslt/transform.c     | 25 ++++++++++++++++++++++---
+ libxslt/xsltInternals.h |  4 ++--
+ 2 files changed, 24 insertions(+), 5 deletions(-)
+
+--- a/libxslt/transform.c
++++ b/libxslt/transform.c
+@@ -718,13 +718,32 @@ xsltAddTextString(xsltTransformContextPt
+         return(target);
+ 
+     if (ctxt->lasttext == target->content) {
++        int minSize;
+ 
+-	if (ctxt->lasttuse + len >= ctxt->lasttsize) {
++        /* Check for integer overflow accounting for NUL terminator. */
++        if (len >= INT_MAX - ctxt->lasttuse) {
++            xsltTransformError(ctxt, NULL, target,
++                "xsltCopyText: text allocation failed\n");
++            return(NULL);
++        }
++        minSize = ctxt->lasttuse + len + 1;
++
++        if (ctxt->lasttsize < minSize) {
+ 	    xmlChar *newbuf;
+ 	    int size;
++            int extra;
++
++            /* Double buffer size but increase by at least 100 bytes. */
++            extra = minSize < 100 ? 100 : minSize;
++
++            /* Check for integer overflow. */
++            if (extra > INT_MAX - ctxt->lasttsize) {
++                size = INT_MAX;
++            }
++            else {
++                size = ctxt->lasttsize + extra;
++            }
+ 
+-	    size = ctxt->lasttsize + len + 100;
+-	    size *= 2;
+ 	    newbuf = (xmlChar *) xmlRealloc(target->content,size);
+ 	    if (newbuf == NULL) {
+ 		xsltTransformError(ctxt, NULL, target,
+--- a/libxslt/xsltInternals.h
++++ b/libxslt/xsltInternals.h
+@@ -1752,8 +1752,8 @@ struct _xsltTransformContext {
+      * Speed optimization when coalescing text nodes
+      */
+     const xmlChar  *lasttext;		/* last text node content */
+-    unsigned int    lasttsize;		/* last text node size */
+-    unsigned int    lasttuse;		/* last text node use */
++    int             lasttsize;		/* last text node size */
++    int             lasttuse;		/* last text node use */
+     /*
+      * Per Context Debugging
+      */

libs/libxslt/patches/0022-fix-cve-2019-11068.patch

@@ -0,0 +1,109 @@
+From e03553605b45c88f0b4b2980adfbbb8f6fca2fd6 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sun, 24 Mar 2019 09:51:39 +0100
+Subject: [PATCH] Fix security framework bypass
+
+xsltCheckRead and xsltCheckWrite return -1 in case of error but callers
+don't check for this condition and allow access. With a specially
+crafted URL, xsltCheckRead could be tricked into returning an error
+because of a supposedly invalid URL that would still be loaded
+succesfully later on.
+
+Fixes #12.
+
+Thanks to Felix Wilhelm for the report.
+---
+ libxslt/documents.c | 18 ++++++++++--------
+ libxslt/imports.c   |  9 +++++----
+ libxslt/transform.c |  9 +++++----
+ libxslt/xslt.c      |  9 +++++----
+ 4 files changed, 25 insertions(+), 20 deletions(-)
+
+--- a/libxslt/documents.c
++++ b/libxslt/documents.c
+@@ -296,10 +296,11 @@ xsltLoadDocument(xsltTransformContextPtr
+ 	int res;
+ 
+ 	res = xsltCheckRead(ctxt->sec, ctxt, URI);
+-	if (res == 0) {
+-	    xsltTransformError(ctxt, NULL, NULL,
+-		 "xsltLoadDocument: read rights for %s denied\n",
+-			     URI);
++	if (res <= 0) {
++            if (res == 0)
++                xsltTransformError(ctxt, NULL, NULL,
++                     "xsltLoadDocument: read rights for %s denied\n",
++                                 URI);
+ 	    return(NULL);
+ 	}
+     }
+@@ -372,10 +373,11 @@ xsltLoadStyleDocument(xsltStylesheetPtr
+ 	int res;
+ 
+ 	res = xsltCheckRead(sec, NULL, URI);
+-	if (res == 0) {
+-	    xsltTransformError(NULL, NULL, NULL,
+-		 "xsltLoadStyleDocument: read rights for %s denied\n",
+-			     URI);
++	if (res <= 0) {
++            if (res == 0)
++                xsltTransformError(NULL, NULL, NULL,
++                     "xsltLoadStyleDocument: read rights for %s denied\n",
++                                 URI);
+ 	    return(NULL);
+ 	}
+     }
+--- a/libxslt/imports.c
++++ b/libxslt/imports.c
+@@ -131,10 +131,11 @@ xsltParseStylesheetImport(xsltStylesheet
+ 	int secres;
+ 
+ 	secres = xsltCheckRead(sec, NULL, URI);
+-	if (secres == 0) {
+-	    xsltTransformError(NULL, NULL, NULL,
+-		 "xsl:import: read rights for %s denied\n",
+-			     URI);
++	if (secres <= 0) {
++            if (secres == 0)
++                xsltTransformError(NULL, NULL, NULL,
++                     "xsl:import: read rights for %s denied\n",
++                                 URI);
+ 	    goto error;
+ 	}
+     }
+--- a/libxslt/transform.c
++++ b/libxslt/transform.c
+@@ -3416,10 +3416,11 @@ xsltDocumentElem(xsltTransformContextPtr
+      */
+     if (ctxt->sec != NULL) {
+ 	ret = xsltCheckWrite(ctxt->sec, ctxt, filename);
+-	if (ret == 0) {
+-	    xsltTransformError(ctxt, NULL, inst,
+-		 "xsltDocumentElem: write rights for %s denied\n",
+-			     filename);
++	if (ret <= 0) {
++            if (ret == 0)
++                xsltTransformError(ctxt, NULL, inst,
++                     "xsltDocumentElem: write rights for %s denied\n",
++                                 filename);
+ 	    xmlFree(URL);
+ 	    xmlFree(filename);
+ 	    return;
+--- a/libxslt/xslt.c
++++ b/libxslt/xslt.c
+@@ -6729,10 +6729,11 @@ xsltParseStylesheetFile(const xmlChar* f
+ 	int res;
+ 
+ 	res = xsltCheckRead(sec, NULL, filename);
+-	if (res == 0) {
+-	    xsltTransformError(NULL, NULL, NULL,
+-		 "xsltParseStylesheetFile: read rights for %s denied\n",
+-			     filename);
++	if (res <= 0) {
++            if (res == 0)
++                xsltTransformError(NULL, NULL, NULL,
++                     "xsltParseStylesheetFile: read rights for %s denied\n",
++                                 filename);
+ 	    return(NULL);
+ 	}
+     }

libs/openldap/Makefile

@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openldap
-PKG_VERSION:=2.4.44
+PKG_VERSION:=2.4.45
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tgz
@@ -16,7 +16,7 @@ PKG_SOURCE_URL:=ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/ \
 	ftp://sunsite.cnlab-switch.ch/mirror/OpenLDAP/openldap-release/ \
 	ftp://ftp.nl.uu.net/pub/unix/db/openldap/openldap-release/ \
 	ftp://ftp.plig.org/pub/OpenLDAP/openldap-release/
-PKG_MD5SUM:=693ac26de86231f8dcae2b4e9d768e51
+PKG_MD5SUM:=00ff8301277cdfd0af728a6927042a13
 
 PKG_FIXUP:=autoreconf
 

libs/opus/Makefile

@@ -8,16 +8,17 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=opus
-PKG_VERSION:=1.1.3
-PKG_RELEASE:=2
+PKG_VERSION:=1.1.4
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://downloads.xiph.org/releases/opus/
-PKG_MD5SUM:=32bbb6b557fe1b6066adc0ae1f08b629
+PKG_MD5SUM:=a2c09d995d0885665ff83b5df2505a5f
+PKG_HASH:=9122b6b380081dd2665189f97bfd777f04f92dc3ab6698eea1dbb27ad59d8692
 
 PKG_LICENSE:=BSD-3-Clause
 PKG_LICENSE_FILES:=COPYING
-PKG_MAINTAINER:=Nicolas Thill <nico@openwrt.org>
+PKG_MAINTAINER:=Ted Hess <thess@kitchensync.net> Ian Leonard <antonlacon@gmail.com>
 
 PKG_INSTALL:=1
 

libs/p11-kit/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=p11-kit
 PKG_VERSION:=0.23.1
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 PKG_MAINTAINER:=Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
@@ -35,7 +35,8 @@ define Package/p11-kit/description
 endef
 
 CONFIGURE_ARGS+= \
-	--without-libffi
+	--without-libffi \
+	--disable-trust-module
 
 define Build/InstallDev
 	$(INSTALL_DIR) $(1)/usr/include/p11-kit-1/p11-kit/

libs/pcre/Makefile

@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=pcre
-PKG_VERSION:=8.39
-PKG_RELEASE:=1
+PKG_VERSION:=8.41
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/
-PKG_MD5SUM:=e3fca7650a0556a2647821679d81f585
+PKG_MD5SUM:=c160d22723b1670447341b08c58981c1
 PKG_MAINTAINER:=Thomas Heil <heil@terminal-consulting.de>
 
 PKG_LICENSE:=BSD-3-Clause
@@ -53,6 +53,7 @@ CONFIGURE_ARGS += \
 	--enable-utf8 \
 	--enable-unicode-properties \
 	--enable-pcre16 \
+	--with-match-limit-recursion=16000 \
 
 ifneq ($(CONFIG_PACKAGE_libpcrecpp),)
   CONFIGURE_ARGS+= --enable-cpp

libs/postgresql/Makefile

@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2006-2014 OpenWrt.org
+# Copyright (C) 2006-2018 OpenWrt.org
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@@ -8,8 +8,8 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=postgresql
-PKG_VERSION:=9.5.4
-PKG_RELEASE:=4
+PKG_VERSION:=9.5.14
+PKG_RELEASE:=1
 PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
 PKG_LICENSE:=PostgreSQL
 
@@ -18,7 +18,7 @@ PKG_SOURCE_URL:=\
 	https://ftp.postgresql.org/pub/source/v$(PKG_VERSION) \
 	http://ftp.postgresql.org/pub/source/v$(PKG_VERSION) \
 	ftp://ftp.postgresql.org/pub/source/v$(PKG_VERSION)
-PKG_MD5SUM:=cf5e571164ad66028ecd7dd8819e3765470d45bcd440d258b686be7e69c76ed0
+PKG_MD5SUM:=3e2cd5ea0117431f72c9917c1bbad578ea68732cb284d1691f37356ca0301a4d
 PKG_BUILD_PARALLEL:=1
 PKG_USE_MIPS16:=0
 PKG_FIXUP:=autoreconf

libs/protobuf-c/Makefile

@@ -13,10 +13,13 @@ PKG_RELEASE:=$(PKG_SOURCE_VERSION)
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_URL:=git://github.com/protobuf-c/protobuf-c.git
+PKG_SOURCE_URL:=https://github.com/protobuf-c/protobuf-c.git
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_VERSION:=$(PKG_VERSION)
 
+PKG_BUILD_DEPENDS:=protobuf-c/host
+PKG_BUILD_DEPENDS:=protobuf/host
+
 PKG_INSTALL:=1
 PKG_FIXUP:=autoreconf
 
@@ -25,6 +28,7 @@ PKG_LICENSE:=BSD-2c
 PKG_MAINTAINER:=Jacob Siverskog <jacob@teenageengineering.com>
 
 include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/host-build.mk
 
 define Package/libprotobuf-c
   TITLE:=Protocol Buffers library
@@ -60,3 +64,5 @@ define Package/libprotobuf-c/install
 endef
 
 $(eval $(call BuildPackage,libprotobuf-c))
+$(eval $(call HostBuild))
+

libs/sqlite3/Makefile

@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2006-2014 OpenWrt.org
+# Copyright (C) 2006-2018 OpenWrt.org
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sqlite
-PKG_VERSION:=3160000
+PKG_VERSION:=3260000
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-autoconf-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=http://www.sqlite.org/2017/
-PKG_MD5SUM:=5102404047054b2cec2f43463293f94dea39425d42bf386d24596ab4fac7c7ff
+PKG_HASH:=5daa6a3fb7d1e8c767cd59c4ded8da6e4b00c61d3b466d0685e35c4dd6d7bf5d
+PKG_SOURCE_URL:=https://www.sqlite.org/2018/
 
 PKG_LICENSE:=PUBLICDOMAIN
 PKG_LICENSE_FILES:=
@@ -43,7 +43,7 @@ define Package/libsqlite3
   $(call Package/sqlite3/Default)
   SECTION:=libs
   CATEGORY:=Libraries
-  DEPENDS:=+libpthread
+  DEPENDS:=+libpthread +zlib
   TITLE+= (library)
 endef
 
@@ -68,6 +68,9 @@ $(call Package/sqlite3/Default/description)
  formats.
 endef
 
+# On uClibc libm needs to be linked in for ISNAN()
+TARGET_LDFLAGS += $(if $(CONFIG_USE_UCLIBC),-lm)
+
 TARGET_CFLAGS += $(FPIC) \
 	-DSQLITE_ENABLE_UNLOCK_NOTIFY=1 \
 	-DHAVE_ISNAN=1 \
@@ -76,7 +79,8 @@ TARGET_CFLAGS += $(FPIC) \
 CONFIGURE_ARGS += \
 	--enable-shared \
 	--enable-static \
-	--disable-editline
+	--disable-editline \
+	--disable-static-shell
 
 CONFIGURE_VARS += \
 	config_BUILD_CC="$(HOSTCC)" \

libs/tiff/Makefile

@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2006-2016 OpenWrt.org
+# Copyright (C) 2006-2018 OpenWrt.org
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=tiff
-PKG_VERSION:=4.0.6
-PKG_RELEASE:=2
+PKG_VERSION:=4.0.10
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=http://download.osgeo.org/libtiff
-PKG_MD5SUM:=d1d2e940dea0b5ad435f21f03d96dd72
+PKG_SOURCE_URL:=https://download.osgeo.org/libtiff
+PKG_HASH:=2c52d11ccaf767457db0c46795d9c7d1a8d8f76f68b0b800a3dfe45786b996e4
 
 PKG_FIXUP:=autoreconf
 PKG_REMOVE_FILES:=autogen.sh aclocal.m4
@@ -30,7 +30,7 @@ include $(INCLUDE_DIR)/package.mk
 
 define Package/tiff/Default
   TITLE:=TIFF
-  URL:=http://www.remotesensing.org/libtiff/
+  URL:=http://simplesystems.org/libtiff/
   MAINTAINER:=Jiri Slachta <jiri@slachta.eu>
 endef
 
@@ -79,6 +79,8 @@ define Build/Configure
 		--enable-jpeg \
 		--disable-old-jpeg \
 		--disable-jbig \
+		--disable-webp \
+		--disable-zstd \
 		--without-x \
 	)
 endef

libs/tiff/patches/001-autoconf-compat.patch

@@ -1,6 +1,5 @@
-diff -rupN tiff-4.0.6/Makefile.am tiff-new/Makefile.am
---- tiff-4.0.6/Makefile.am	2015-09-06 21:30:46.179705536 +0200
-+++ tiff-new/Makefile.am	2016-04-05 14:26:09.539194844 +0200
+--- a/Makefile.am
++++ b/Makefile.am
 @@ -25,7 +25,7 @@
  
  docdir = $(LIBTIFF_DOCDIR)
@@ -10,7 +9,7 @@ diff -rupN tiff-4.0.6/Makefile.am tiff-new/Makefile.am
  ACLOCAL_AMFLAGS = -I m4
  
  docfiles = \
-@@ -61,7 +61,7 @@ distcheck-hook:
+@@ -60,7 +60,7 @@ distcheck-hook:
  	rm -rf $(distdir)/_build/cmake
  	rm -rf $(distdir)/_inst/cmake
  
@@ -19,9 +18,8 @@ diff -rupN tiff-4.0.6/Makefile.am tiff-new/Makefile.am
  
  release:
  	(rm -f $(top_srcdir)/RELEASE-DATE && echo $(LIBTIFF_RELEASE_DATE) > $(top_srcdir)/RELEASE-DATE)
-diff -rupN tiff-4.0.6/test/Makefile.am tiff-new/test/Makefile.am
---- tiff-4.0.6/test/Makefile.am	2015-09-01 04:41:07.598381354 +0200
-+++ tiff-new/test/Makefile.am	2016-04-05 14:26:39.763453075 +0200
+--- a/test/Makefile.am
++++ b/test/Makefile.am
 @@ -23,7 +23,7 @@
  
  # Process this file with automake to produce Makefile.in.

libs/tiff/patches/002-CVE-2015-8665_and_CVE-2015-8683.patch

@@ -1,136 +0,0 @@
-From f3f0cad770593eaef0766e5be896a6a034fc6313 Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Sat, 26 Dec 2015 17:32:03 +0000
-Subject: [PATCH] * libtiff/tif_getimage.c: fix out-of-bound reads in
- TIFFRGBAImage interface in case of unsupported values of
- SamplesPerPixel/ExtraSamples for LogLUV / CIELab. Add explicit call to
- TIFFRGBAImageOK() in TIFFRGBAImageBegin(). Fix CVE-2015-8665 reported by
- limingxing and CVE-2015-8683 reported by zzf of Alibaba.
-
----
- ChangeLog              |  8 ++++++++
- libtiff/tif_getimage.c | 37 +++++++++++++++++++++++--------------
- 2 files changed, 31 insertions(+), 14 deletions(-)
-
-diff --git a/ChangeLog b/ChangeLog
-index a7d283a..4beb30b 100644
---- a/ChangeLog
-+++ b/ChangeLog
-@@ -1,3 +1,11 @@
-+2015-12-26  Even Rouault <even.rouault at spatialys.com>
-+
-+	* libtiff/tif_getimage.c: fix out-of-bound reads in TIFFRGBAImage
-+	interface in case of unsupported values of SamplesPerPixel/ExtraSamples
-+	for LogLUV / CIELab. Add explicit call to TIFFRGBAImageOK() in
-+	TIFFRGBAImageBegin(). Fix CVE-2015-8665 reported by limingxing and
-+	CVE-2015-8683 reported by zzf of Alibaba.
-+
- 2015-09-12  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
- 
- 	* libtiff 4.0.6 released.
-diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c
-index fd0a4f9..fae1e31 100644
---- a/libtiff/tif_getimage.c
-+++ b/libtiff/tif_getimage.c
-@@ -1,4 +1,4 @@
--/* $Id: tif_getimage.c,v 1.90 2015-06-17 01:34:08 bfriesen Exp $ */
-+/* $Id: tif_getimage.c,v 1.94 2015-12-26 17:32:03 erouault Exp $ */
- 
- /*
-  * Copyright (c) 1991-1997 Sam Leffler
-@@ -182,20 +182,22 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024])
- 				    "Planarconfiguration", td->td_planarconfig);
- 				return (0);
- 			}
--			if( td->td_samplesperpixel != 3 )
-+			if( td->td_samplesperpixel != 3 || colorchannels != 3 )
-             {
-                 sprintf(emsg,
--                        "Sorry, can not handle image with %s=%d",
--                        "Samples/pixel", td->td_samplesperpixel);
-+                        "Sorry, can not handle image with %s=%d, %s=%d",
-+                        "Samples/pixel", td->td_samplesperpixel,
-+                        "colorchannels", colorchannels);
-                 return 0;
-             }
- 			break;
- 		case PHOTOMETRIC_CIELAB:
--            if( td->td_samplesperpixel != 3 || td->td_bitspersample != 8 )
-+            if( td->td_samplesperpixel != 3 || colorchannels != 3 || td->td_bitspersample != 8 )
-             {
-                 sprintf(emsg,
--                        "Sorry, can not handle image with %s=%d and %s=%d",
-+                        "Sorry, can not handle image with %s=%d, %s=%d and %s=%d",
-                         "Samples/pixel", td->td_samplesperpixel,
-+                        "colorchannels", colorchannels,
-                         "Bits/sample", td->td_bitspersample);
-                 return 0;
-             }
-@@ -255,6 +257,9 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int stop, char emsg[1024])
- 	int colorchannels;
- 	uint16 *red_orig, *green_orig, *blue_orig;
- 	int n_color;
-+	
-+	if( !TIFFRGBAImageOK(tif, emsg) )
-+		return 0;
- 
- 	/* Initialize to normal values */
- 	img->row_offset = 0;
-@@ -2508,29 +2513,33 @@ PickContigCase(TIFFRGBAImage* img)
- 		case PHOTOMETRIC_RGB:
- 			switch (img->bitspersample) {
- 				case 8:
--					if (img->alpha == EXTRASAMPLE_ASSOCALPHA)
-+					if (img->alpha == EXTRASAMPLE_ASSOCALPHA &&
-+						img->samplesperpixel >= 4)
- 						img->put.contig = putRGBAAcontig8bittile;
--					else if (img->alpha == EXTRASAMPLE_UNASSALPHA)
-+					else if (img->alpha == EXTRASAMPLE_UNASSALPHA &&
-+							 img->samplesperpixel >= 4)
- 					{
- 						if (BuildMapUaToAa(img))
- 							img->put.contig = putRGBUAcontig8bittile;
- 					}
--					else
-+					else if( img->samplesperpixel >= 3 )
- 						img->put.contig = putRGBcontig8bittile;
- 					break;
- 				case 16:
--					if (img->alpha == EXTRASAMPLE_ASSOCALPHA)
-+					if (img->alpha == EXTRASAMPLE_ASSOCALPHA &&
-+						img->samplesperpixel >=4 )
- 					{
- 						if (BuildMapBitdepth16To8(img))
- 							img->put.contig = putRGBAAcontig16bittile;
- 					}
--					else if (img->alpha == EXTRASAMPLE_UNASSALPHA)
-+					else if (img->alpha == EXTRASAMPLE_UNASSALPHA &&
-+							 img->samplesperpixel >=4 )
- 					{
- 						if (BuildMapBitdepth16To8(img) &&
- 						    BuildMapUaToAa(img))
- 							img->put.contig = putRGBUAcontig16bittile;
- 					}
--					else
-+					else if( img->samplesperpixel >=3 )
- 					{
- 						if (BuildMapBitdepth16To8(img))
- 							img->put.contig = putRGBcontig16bittile;
-@@ -2539,7 +2548,7 @@ PickContigCase(TIFFRGBAImage* img)
- 			}
- 			break;
- 		case PHOTOMETRIC_SEPARATED:
--			if (buildMap(img)) {
-+			if (img->samplesperpixel >=4 && buildMap(img)) {
- 				if (img->bitspersample == 8) {
- 					if (!img->Map)
- 						img->put.contig = putRGBcontig8bitCMYKtile;
-@@ -2635,7 +2644,7 @@ PickContigCase(TIFFRGBAImage* img)
- 			}
- 			break;
- 		case PHOTOMETRIC_CIELAB:
--			if (buildMap(img)) {
-+			if (img->samplesperpixel == 3 && buildMap(img)) {
- 				if (img->bitspersample == 8)
- 					img->put.contig = initCIELabConversion(img);
- 				break;

libs/tiff/patches/003-fix_potential_out-of-bound_writes_in_decode_functions.patch

@@ -1,193 +0,0 @@
-From 3899f0ab62dd307f63f87ec99aaf289e104f4070 Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Sun, 27 Dec 2015 16:25:11 +0000
-Subject: [PATCH] * libtiff/tif_luv.c: fix potential out-of-bound writes in
- decode functions in non debug builds by replacing assert()s by regular if
- checks (bugzilla #2522). Fix potential out-of-bound reads in case of short
- input data.
-
----
- ChangeLog         |  7 +++++++
- libtiff/tif_luv.c | 57 +++++++++++++++++++++++++++++++++++++++++++------------
- 2 files changed, 52 insertions(+), 12 deletions(-)
-
-diff --git a/ChangeLog b/ChangeLog
-index 4beb30b..b8aa23c 100644
---- a/ChangeLog
-+++ b/ChangeLog
-@@ -1,3 +1,10 @@
-+2015-12-27  Even Rouault <even.rouault at spatialys.com>
-+
-+	* libtiff/tif_luv.c: fix potential out-of-bound writes in decode
-+	functions in non debug builds by replacing assert()s by regular if
-+	checks (bugzilla #2522).
-+	Fix potential out-of-bound reads in case of short input data.
-+
- 2015-12-26  Even Rouault <even.rouault at spatialys.com>
- 
- 	* libtiff/tif_getimage.c: fix out-of-bound reads in TIFFRGBAImage
-diff --git a/libtiff/tif_luv.c b/libtiff/tif_luv.c
-index 4e328ba..60a174d 100644
---- a/libtiff/tif_luv.c
-+++ b/libtiff/tif_luv.c
-@@ -1,4 +1,4 @@
--/* $Id: tif_luv.c,v 1.40 2015-06-21 01:09:09 bfriesen Exp $ */
-+/* $Id: tif_luv.c,v 1.41 2015-12-27 16:25:11 erouault Exp $ */
- 
- /*
-  * Copyright (c) 1997 Greg Ward Larson
-@@ -202,7 +202,11 @@ LogL16Decode(TIFF* tif, uint8* op, tmsize_t occ, uint16 s)
- 	if (sp->user_datafmt == SGILOGDATAFMT_16BIT)
- 		tp = (int16*) op;
- 	else {
--		assert(sp->tbuflen >= npixels);
-+		if(sp->tbuflen < npixels) {
-+			TIFFErrorExt(tif->tif_clientdata, module,
-+						 "Translation buffer too short");
-+			return (0);
-+		}
- 		tp = (int16*) sp->tbuf;
- 	}
- 	_TIFFmemset((void*) tp, 0, npixels*sizeof (tp[0]));
-@@ -211,9 +215,11 @@ LogL16Decode(TIFF* tif, uint8* op, tmsize_t occ, uint16 s)
- 	cc = tif->tif_rawcc;
- 	/* get each byte string */
- 	for (shft = 2*8; (shft -= 8) >= 0; ) {
--		for (i = 0; i < npixels && cc > 0; )
-+		for (i = 0; i < npixels && cc > 0; ) {
- 			if (*bp >= 128) {		/* run */
--				rc = *bp++ + (2-128);   /* TODO: potential input buffer overrun when decoding corrupt or truncated data */
-+				if( cc < 2 )
-+					break;
-+				rc = *bp++ + (2-128);
- 				b = (int16)(*bp++ << shft);
- 				cc -= 2;
- 				while (rc-- && i < npixels)
-@@ -223,6 +229,7 @@ LogL16Decode(TIFF* tif, uint8* op, tmsize_t occ, uint16 s)
- 				while (--cc && rc-- && i < npixels)
- 					tp[i++] |= (int16)*bp++ << shft;
- 			}
-+		}
- 		if (i != npixels) {
- #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
- 			TIFFErrorExt(tif->tif_clientdata, module,
-@@ -268,13 +275,17 @@ LogLuvDecode24(TIFF* tif, uint8* op, tmsize_t occ, uint16 s)
- 	if (sp->user_datafmt == SGILOGDATAFMT_RAW)
- 		tp = (uint32 *)op;
- 	else {
--		assert(sp->tbuflen >= npixels);
-+		if(sp->tbuflen < npixels) {
-+			TIFFErrorExt(tif->tif_clientdata, module,
-+						 "Translation buffer too short");
-+			return (0);
-+		}
- 		tp = (uint32 *) sp->tbuf;
- 	}
- 	/* copy to array of uint32 */
- 	bp = (unsigned char*) tif->tif_rawcp;
- 	cc = tif->tif_rawcc;
--	for (i = 0; i < npixels && cc > 0; i++) {
-+	for (i = 0; i < npixels && cc >= 3; i++) {
- 		tp[i] = bp[0] << 16 | bp[1] << 8 | bp[2];
- 		bp += 3;
- 		cc -= 3;
-@@ -325,7 +336,11 @@ LogLuvDecode32(TIFF* tif, uint8* op, tmsize_t occ, uint16 s)
- 	if (sp->user_datafmt == SGILOGDATAFMT_RAW)
- 		tp = (uint32*) op;
- 	else {
--		assert(sp->tbuflen >= npixels);
-+		if(sp->tbuflen < npixels) {
-+			TIFFErrorExt(tif->tif_clientdata, module,
-+						 "Translation buffer too short");
-+			return (0);
-+		}
- 		tp = (uint32*) sp->tbuf;
- 	}
- 	_TIFFmemset((void*) tp, 0, npixels*sizeof (tp[0]));
-@@ -334,11 +349,13 @@ LogLuvDecode32(TIFF* tif, uint8* op, tmsize_t occ, uint16 s)
- 	cc = tif->tif_rawcc;
- 	/* get each byte string */
- 	for (shft = 4*8; (shft -= 8) >= 0; ) {
--		for (i = 0; i < npixels && cc > 0; )
-+		for (i = 0; i < npixels && cc > 0; ) {
- 			if (*bp >= 128) {		/* run */
-+				if( cc < 2 )
-+					break;
- 				rc = *bp++ + (2-128);
- 				b = (uint32)*bp++ << shft;
--				cc -= 2;                /* TODO: potential input buffer overrun when decoding corrupt or truncated data */
-+				cc -= 2;
- 				while (rc-- && i < npixels)
- 					tp[i++] |= b;
- 			} else {			/* non-run */
-@@ -346,6 +363,7 @@ LogLuvDecode32(TIFF* tif, uint8* op, tmsize_t occ, uint16 s)
- 				while (--cc && rc-- && i < npixels)
- 					tp[i++] |= (uint32)*bp++ << shft;
- 			}
-+		}
- 		if (i != npixels) {
- #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
- 			TIFFErrorExt(tif->tif_clientdata, module,
-@@ -413,6 +431,7 @@ LogLuvDecodeTile(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
- static int
- LogL16Encode(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
- {
-+	static const char module[] = "LogL16Encode";
- 	LogLuvState* sp = EncoderState(tif);
- 	int shft;
- 	tmsize_t i;
-@@ -433,7 +452,11 @@ LogL16Encode(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
- 		tp = (int16*) bp;
- 	else {
- 		tp = (int16*) sp->tbuf;
--		assert(sp->tbuflen >= npixels);
-+		if(sp->tbuflen < npixels) {
-+			TIFFErrorExt(tif->tif_clientdata, module,
-+						 "Translation buffer too short");
-+			return (0);
-+		}
- 		(*sp->tfunc)(sp, bp, npixels);
- 	}
- 	/* compress each byte string */
-@@ -506,6 +529,7 @@ LogL16Encode(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
- static int
- LogLuvEncode24(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
- {
-+	static const char module[] = "LogLuvEncode24";
- 	LogLuvState* sp = EncoderState(tif);
- 	tmsize_t i;
- 	tmsize_t npixels;
-@@ -521,7 +545,11 @@ LogLuvEncode24(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
- 		tp = (uint32*) bp;
- 	else {
- 		tp = (uint32*) sp->tbuf;
--		assert(sp->tbuflen >= npixels);
-+		if(sp->tbuflen < npixels) {
-+			TIFFErrorExt(tif->tif_clientdata, module,
-+						 "Translation buffer too short");
-+			return (0);
-+		}
- 		(*sp->tfunc)(sp, bp, npixels);
- 	}
- 	/* write out encoded pixels */
-@@ -553,6 +581,7 @@ LogLuvEncode24(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
- static int
- LogLuvEncode32(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
- {
-+	static const char module[] = "LogLuvEncode32";
- 	LogLuvState* sp = EncoderState(tif);
- 	int shft;
- 	tmsize_t i;
-@@ -574,7 +603,11 @@ LogLuvEncode32(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
- 		tp = (uint32*) bp;
- 	else {
- 		tp = (uint32*) sp->tbuf;
--		assert(sp->tbuflen >= npixels);
-+		if(sp->tbuflen < npixels) {
-+			TIFFErrorExt(tif->tif_clientdata, module,
-+						 "Translation buffer too short");
-+			return (0);
-+		}
- 		(*sp->tfunc)(sp, bp, npixels);
- 	}
- 	/* compress each byte string */