Merge tag '2019.02-rc1' into next

Release 2019.02-rc1

CHANGES

@@ -1,3 +1,153 @@
+2019.02-rc1, released February 13th, 2019
+
+	Fixes all over the tree and new features.
+
+
+	Dependencies:
+
+	Require Python >= 2.7 as it is needed for E.G. building
+	libglib2.
+
+	Ensure GNU gzip is used for reproducible tarballs (instead of
+	pigz)
+
+
+	Infrastucture:
+
+	Ensure the PLATFORM and OS environment variables are not set,
+	as they cause build issues for some packages.
+
+	The package list infrastructure now correctly handles packages
+	installing files with old mtime.
+
+	Add a config option to force all optional host utilities to be
+	built, even if suitable versions are available on the build
+	machine.
+
+	graph-build-time: Also show time spent downloading
+
+	Download: fixes for SSH/SCP support
+
+	Ensure user provided permissions override permissions from
+	packages.
+
+	SDK: Fix handling of relative symlinks (targets starting with
+	'.' or '..')
+
+	BR2_SYSTEM_DEFAULT_PATH setting to customize the default path
+	for processes.
+
+	The custom skeleton logic will now populate the needed /bin,
+	/lib, /sbin directories/symlinks if not present. Merged /usr
+	can now be used with a custom skeleton.
+
+	Rootfs overlays can now override symbolic links from
+	packages. This was disabled to ensure the correct symbolic
+	links are present when merged /usr is used. Instead validate
+	that the rootfs overlays do not include invalid /bin, /sbin
+	and /lib entries.
+
+	The waf infrastructure now support the <pkg>_SUBDIR variable,
+	similar to the other package types.
+
+	cmake: Also set CMAKE_SYSTEM_VERSION in toolchainfile.cmake
+
+	Various improvements to the meson infrastructure.
+
+	Luarocks: A Buildroot addon has been added to automate
+	creating a Buildroot package from luarocks, similar to
+	scancpan and scanpypi.
+
+	scanpypi: protect against zip-slip vulnerability in zip/tar
+	handling
+
+	check-package: fix Python 3 support
+
+	get-developers: Fix behaviour when called from elsewhere than
+	the toplevel directory.
+
+	pkg-stats: Show latest upstream version of each package, based
+	on data from release-monitoring.org
+
+	kconfig: Fix for make linux-menuconfig / uboot-menuconfig from
+	a clean tree when ccache is enabled.
+
+	Default to sha256 password encoding, drop md5 support.
+
+
+	Architecture:
+
+	Support for RISC-V 32bit architecture, ARM A55, 75 and Saphira
+	variants, MIPS support for mips32r3, mips64r3 and Marvell
+	Octeon II/III variants.
+
+
+	Toolchain:
+
+	ARC toolchain 2018.09, ARM 8.2-2018.11, Codescape IMG/MTI MIPS
+	2018.09-02, MUSL 1.1.21, GCC 6.5.0 / 7.4.0, GDB 8.2.1
+
+
+	Packages:
+
+	openssl: Bump to 1.1.1x series, bringing TLSv1.3 support and
+	long term support.
+
+	fftw: Split into fftw-{single,double,long-double,quad}
+	packages for the different data precision options.
+
+	libcurl: Now has explicit TLS backend selection options.
+
+	linux: Support building device tree blobs with the -@ option
+	for device tree overlays.
+
+	weston: The weston-imx i.MX variant is now used when
+	imx-gpu-viv is enabled
+
+	pkgconf: Update to 1.5.3, which brings support for
+	--define-prefix (used by GStreamer)
+
+	Add host-python3-setuptools package to handle host python
+	packages needing python3 with setuptools support.
+
+
+	New defconfigs: Aarch64 EFI, Orangepi one plus, Orangepi lite
+	2, QEMU RISC-V 32bit virt, Rock64
+
+
+	New packages: brcm-patchram-plus, clinfo, cunit, docker-cli,
+	erlang-p1-eimp, exempi, fail2ban, fftw-double,
+	fftw-double-long, fftw-quad, fftw-single, gerbera, grpc,
+	gst1-shark, intel-gmmlib, iwd, kf5-kcoreaddons, libeastl,
+	libpackagekite, libtorrent-rasterbar, lua-std-debug,
+	lua-std-normalize, mini-snmpd, netsurf, pamtester, pcm-tools,
+	python-aiodns, python-aiohttp, python-aiohttp-jinja2,
+	python-aiohttp-remotes, python-aiohttp-security,
+	python-aiohttp-session, python-aiohttpd-sse, python-aiojobs,
+	python-cchardet, python-pycares, python-sentry-sdk,
+	python-wtforms, python3-setuptools, rcw, rtc-tools, shim,
+	utp_com, vmtouch, websocketpp
+
+	Removed packages: fftw, lua 5.2.x, luacrypto, perl-time-hires,
+	python-pyqt, qt, qtuio, tn5250
+
+	Issues resolved (http://bugs.uclibc.org):
+
+	#10851: Patch to handle numpad Enter key properly
+	#11066: x11r7 X11 S40xorg leads to a black screen on QEMU x86..
+	#11126: Bash Shell Programming using Buildroot
+	#11426: pps-tools bash dependency
+	#11476: stdio2.h error invalid use of __builtin_va_arg_pack
+	#11536: dt-utils building fails with glibc 2.28
+	#11546: open-vm-tools with glibc 2.28
+	#11566: Fix init script
+	#11576: Unable to start apache with event MPM on raspberry pi 3
+	#11591: [pkgconf 1.5.3] xserver OpenGL support is missing
+	#11606: libjpeg has no Config.in
+	#11616: 2018.02.09 fails to build libzlib with full RELRO..
+	#11656: Custom device tree and u-boot boot.scr not integrated..
+	#11666: Touchscreen with (Py)Qt5 should use tslib instead of evdev
+
 2018.11.2, Released January 30th, 2019
 
 	Important / security related fixes.

Config.in.legacy

@@ -207,12 +207,6 @@ config BR2_PACKAGE_GNURADIO_QTGUI
 	help
 	  The gr-qtgui option was removed.
 
-config BR2_PACKAGE_MONGODB
-	bool "mongodb package removed"
-	select BR2_LEGACY
-	help
-	  The mongodb package was removed.
-
 config BR2_PACKAGE_LUACRYPTO
 	bool "luacrypto package removed"
 	select BR2_LEGACY

DEVELOPERS

@@ -797,6 +797,7 @@ F:	package/libxslt/
 F:	package/mbedtls/
 F:	package/minissdpd/
 F:	package/minizip/
+F:	package/mongodb/
 F:	package/motion/
 F:	package/mutt/
 F:	package/ncmpc/

Makefile

@@ -92,9 +92,9 @@ all:
 .PHONY: all
 
 # Set and export the version string
-export BR2_VERSION := 2019.02-git
+export BR2_VERSION := 2019.02-rc1
 # Actual time the release is cut (for reproducible builds)
-BR2_VERSION_EPOCH = 1543701000
+BR2_VERSION_EPOCH = 1550044800
 
 # Save running make version since it's clobbered by the make package
 RUNNING_MAKE_VERSION := $(MAKE_VERSION)

board/pc/post-build.sh

@@ -7,4 +7,4 @@ BOARD_DIR=$(dirname "$0")
 cp -f "$BOARD_DIR/grub-bios.cfg" "$TARGET_DIR/boot/grub/grub.cfg"
 
 # Copy grub 1st stage to binaries, required for genimage
-cp -f "$HOST_DIR/lib/grub/i387-pc/boot.img" "$BINARIES_DIR"
+cp -f "$HOST_DIR/lib/grub/i386-pc/boot.img" "$BINARIES_DIR"

board/qemu/arm-versatile/patches/linux/versatile-nommu.patch

@@ -1,10 +1,30 @@
+From 4ac4324dcdaf237aa34545b3795acb2e5c42d10e Mon Sep 17 00:00:00 2001
+From: Waldemar Brodkorb <wbx@openadk.org>
+Date: Fri, 1 Feb 2019 11:36:20 +0100
+Subject: [PATCH] arm-versatile-nommu: Linux patch
+
+Originally made by Waldemar Brodkorb <wbx@openadk.org> from LKML.
+
 Signed-Off-by: Waldemar Brodkorb <wbx@openadk.org>
-From LKML.
+[Gerome: reformated as a Git patch]
+Signed-off-by: Gerome Burlats <gerome.burlats@smile.fr>
+[Romain: fix Waldemar's authorship in Git patch]
+Signed-off-by: Romain Naour <romain.naour@smile.fr>
+---
+ arch/arm/Kconfig                       | 11 +++++++++++
+ arch/arm/Kconfig.debug                 |  3 ++-
+ arch/arm/include/asm/mach/map.h        |  1 +
+ arch/arm/mach-versatile/Kconfig        |  5 +++--
+ arch/arm/mach-versatile/Makefile.boot  |  3 +++
+ arch/arm/mach-versatile/versatile_dt.c |  4 ++++
+ 6 files changed, 24 insertions(+), 3 deletions(-)
+ create mode 100644 arch/arm/mach-versatile/Makefile.boot
 
-diff -Nur linux-4.15.13.orig/arch/arm/Kconfig linux-4.15.13/arch/arm/Kconfig
---- linux-4.15.13.orig/arch/arm/Kconfig	2018-03-24 11:02:53.000000000 +0100
-+++ linux-4.15.13/arch/arm/Kconfig	2018-04-01 03:47:33.415078244 +0100
-@@ -355,6 +355,17 @@
+diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
+index e8cd55a5b04c..fc2dbff70394 100644
+--- a/arch/arm/Kconfig
++++ b/arch/arm/Kconfig
+@@ -353,6 +353,17 @@ config ARM_SINGLE_ARMV7M
  	select SPARSE_IRQ
  	select USE_OF
  
@@ -22,10 +42,11 @@ diff -Nur linux-4.15.13.orig/arch/arm/Kconfig linux-4.15.13/arch/arm/Kconfig
  config ARCH_EBSA110
  	bool "EBSA-110"
  	select ARCH_USES_GETTIMEOFFSET
-diff -Nur linux-4.15.13.orig/arch/arm/Kconfig.debug linux-4.15.13/arch/arm/Kconfig.debug
---- linux-4.15.13.orig/arch/arm/Kconfig.debug	2018-03-24 11:02:53.000000000 +0100
-+++ linux-4.15.13/arch/arm/Kconfig.debug	2018-04-01 03:47:33.416078232 +0100
-@@ -1795,7 +1795,8 @@
+diff --git a/arch/arm/Kconfig.debug b/arch/arm/Kconfig.debug
+index f6fcb8a79889..92fc637d3db8 100644
+--- a/arch/arm/Kconfig.debug
++++ b/arch/arm/Kconfig.debug
+@@ -1843,7 +1843,8 @@ config DEBUG_UNCOMPRESS
  config UNCOMPRESS_INCLUDE
  	string
  	default "debug/uncompress.h" if ARCH_MULTIPLATFORM || ARCH_MSM || \
@@ -35,10 +56,11 @@ diff -Nur linux-4.15.13.orig/arch/arm/Kconfig.debug linux-4.15.13/arch/arm/Kconf
  	default "mach/uncompress.h"
  
  config EARLY_PRINTK
-diff -Nur linux-4.15.13.orig/arch/arm/include/asm/mach/map.h linux-4.15.13/arch/arm/include/asm/mach/map.h
---- linux-4.15.13.orig/arch/arm/include/asm/mach/map.h	2018-03-24 11:02:53.000000000 +0100
-+++ linux-4.15.13/arch/arm/include/asm/mach/map.h	2018-04-01 03:47:17.587276119 +0100
-@@ -62,6 +62,7 @@
+diff --git a/arch/arm/include/asm/mach/map.h b/arch/arm/include/asm/mach/map.h
+index 9b7c328fb207..b1fe9c8b5c3e 100644
+--- a/arch/arm/include/asm/mach/map.h
++++ b/arch/arm/include/asm/mach/map.h
+@@ -62,6 +62,7 @@ extern int ioremap_page(unsigned long virt, unsigned long phys,
  #else
  #define iotable_init(map,num)	do { } while (0)
  #define vm_reserve_area_early(a,s,c)	do { } while (0)
@@ -46,9 +68,10 @@ diff -Nur linux-4.15.13.orig/arch/arm/include/asm/mach/map.h linux-4.15.13/arch/
  #endif
  
  #endif
-diff -Nur linux-4.15.13.orig/arch/arm/mach-versatile/Kconfig linux-4.15.13/arch/arm/mach-versatile/Kconfig
---- linux-4.15.13.orig/arch/arm/mach-versatile/Kconfig	2018-03-24 11:02:53.000000000 +0100
-+++ linux-4.15.13/arch/arm/mach-versatile/Kconfig	2018-04-01 03:47:33.417078219 +0100
+diff --git a/arch/arm/mach-versatile/Kconfig b/arch/arm/mach-versatile/Kconfig
+index f5c275434d6c..06ad999d5978 100644
+--- a/arch/arm/mach-versatile/Kconfig
++++ b/arch/arm/mach-versatile/Kconfig
 @@ -1,7 +1,8 @@
  # SPDX-License-Identifier: GPL-2.0
  config ARCH_VERSATILE
@@ -60,16 +83,19 @@ diff -Nur linux-4.15.13.orig/arch/arm/mach-versatile/Kconfig linux-4.15.13/arch/
  	select ARM_AMBA
  	select ARM_TIMER_SP804
  	select ARM_VIC
-diff -Nur linux-4.15.13.orig/arch/arm/mach-versatile/Makefile.boot linux-4.15.13/arch/arm/mach-versatile/Makefile.boot
---- linux-4.15.13.orig/arch/arm/mach-versatile/Makefile.boot	1970-01-01 01:00:00.000000000 +0100
-+++ linux-4.15.13/arch/arm/mach-versatile/Makefile.boot	2018-04-01 03:47:25.644175394 +0100
+diff --git a/arch/arm/mach-versatile/Makefile.boot b/arch/arm/mach-versatile/Makefile.boot
+new file mode 100644
+index 000000000000..eacfc3f5c33e
+--- /dev/null
++++ b/arch/arm/mach-versatile/Makefile.boot
 @@ -0,0 +1,3 @@
 +# Empty file waiting for deletion once Makefile.boot isn't needed any more.
 +# Patch waits for application at
 +# http://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=7889/1 .
-diff -Nur linux-4.15.13.orig/arch/arm/mach-versatile/versatile_dt.c linux-4.15.13/arch/arm/mach-versatile/versatile_dt.c
---- linux-4.15.13.orig/arch/arm/mach-versatile/versatile_dt.c	2018-03-24 11:02:53.000000000 +0100
-+++ linux-4.15.13/arch/arm/mach-versatile/versatile_dt.c	2018-04-01 03:47:10.913359555 +0100
+diff --git a/arch/arm/mach-versatile/versatile_dt.c b/arch/arm/mach-versatile/versatile_dt.c
+index 3c8d39c12909..8cfa05a37295 100644
+--- a/arch/arm/mach-versatile/versatile_dt.c
++++ b/arch/arm/mach-versatile/versatile_dt.c
 @@ -37,7 +37,11 @@
  #include <asm/mach/map.h>
  
@@ -82,3 +108,6 @@ diff -Nur linux-4.15.13.orig/arch/arm/mach-versatile/versatile_dt.c linux-4.15.1
  #define __io_address(n)		((void __iomem __force *)IO_ADDRESS(n))
  
  /*
+-- 
+2.14.5
+

board/qemu/xtensa-lx60/linux-nommu.config

@@ -6,6 +6,7 @@ CONFIG_XTENSA_VARIANT_CUSTOM_NAME="dc233c"
 # CONFIG_XTENSA_VARIANT_MMU is not set
 CONFIG_XTENSA_UNALIGNED_USER=y
 CONFIG_PREEMPT=y
+CONFIG_MEMMAP_CACHEATTR=0x2cccccc7
 CONFIG_KERNEL_LOAD_ADDRESS=0x00003000
 # CONFIG_PCI is not set
 CONFIG_XTENSA_PLATFORM_XTFPGA=y

configs/qemu_aarch64_virt_defconfig

@@ -11,13 +11,13 @@ BR2_TARGET_ROOTFS_EXT2=y
 BR2_TARGET_ROOTFS_EXT2_4=y
 # BR2_TARGET_ROOTFS_TAR is not set
 
-# Linux headers same as kernel, a 4.16 series
-BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
+# Linux headers same as kernel, a 4.19 series
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
 
 # Kernel
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_VERSION=y
-BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
+BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
 BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
 BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/aarch64-virt/linux.config"
 BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y

configs/qemu_arm_versatile_defconfig

@@ -10,13 +10,13 @@ BR2_TARGET_GENERIC_GETTY_PORT="ttyAMA0"
 BR2_TARGET_ROOTFS_EXT2=y
 # BR2_TARGET_ROOTFS_TAR is not set
 
-# Linux headers same as kernel, a 4.16 series
-BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
+# Linux headers same as kernel, a 4.19 series
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
 
 # Kernel
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_VERSION=y
-BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
+BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
 BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
 BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/arm-versatile/linux.config"
 BR2_LINUX_KERNEL_DTS_SUPPORT=y

configs/qemu_arm_versatile_nommu_defconfig

@@ -21,13 +21,13 @@ BR2_TARGET_GENERIC_GETTY_PORT="ttyAMA0"
 # BR2_TARGET_ROOTFS_TAR is not set
 BR2_TARGET_ROOTFS_INITRAMFS=y
 
-# Linux headers same as kernel, a 4.16 series
-BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
+# Linux headers same as kernel, a 4.19 series
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
 
 # Kernel
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_VERSION=y
-BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
+BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
 BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
 BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/arm-versatile/linux-nommu.config"
 BR2_LINUX_KERNEL_DTS_SUPPORT=y

configs/qemu_arm_vexpress_defconfig

@@ -13,13 +13,13 @@ BR2_TARGET_GENERIC_GETTY_PORT="ttyAMA0"
 BR2_TARGET_ROOTFS_EXT2=y
 # BR2_TARGET_ROOTFS_TAR is not set
 
-# Linux headers same as kernel, a 4.16 series
-BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
+# Linux headers same as kernel, a 4.19 series
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
 
 # Kernel
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_VERSION=y
-BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
+BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
 BR2_LINUX_KERNEL_DEFCONFIG="vexpress"
 BR2_LINUX_KERNEL_DTS_SUPPORT=y
 BR2_LINUX_KERNEL_INTREE_DTS_NAME="vexpress-v2p-ca9"

configs/qemu_m68k_mcf5208_defconfig

@@ -9,13 +9,13 @@ BR2_SYSTEM_DHCP="eth0"
 BR2_TARGET_ROOTFS_INITRAMFS=y
 # BR2_TARGET_ROOTFS_TAR is not set
 
-# Linux headers same as kernel, a 4.16 series
-BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
+# Linux headers same as kernel, a 4.19 series
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
 
 # Kernel
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_VERSION=y
-BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
+BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
 BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
 BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/m68k-mcf5208/linux.config"
 BR2_LINUX_KERNEL_VMLINUX=y

configs/qemu_m68k_q800_defconfig

@@ -9,13 +9,13 @@ BR2_SYSTEM_DHCP="eth0"
 BR2_TARGET_ROOTFS_EXT2=y
 # BR2_TARGET_ROOTFS_TAR is not set
 
-# Linux headers same as kernel, a 4.16 series
-BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
+# Linux headers same as kernel, a 4.19 series
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
 
 # Kernel
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_VERSION=y
-BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
+BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
 BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
 BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/m68k-q800/linux.config"
 BR2_LINUX_KERNEL_VMLINUX=y

configs/qemu_microblazebe_mmu_defconfig

@@ -10,13 +10,13 @@ BR2_TARGET_GENERIC_GETTY_PORT="ttyUL0"
 # BR2_TARGET_ROOTFS_TAR is not set
 BR2_TARGET_ROOTFS_INITRAMFS=y
 
-# Linux headers same as kernel, a 4.16 series
-BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
+# Linux headers same as kernel, a 4.19 series
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
 
 # Kernel
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_VERSION=y
-BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
+BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
 BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
 BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/microblazebe-mmu/linux.config"
 BR2_LINUX_KERNEL_LINUX_BIN=y

configs/qemu_microblazeel_mmu_defconfig

@@ -10,13 +10,13 @@ BR2_TARGET_GENERIC_GETTY_PORT="ttyUL0"
 # BR2_TARGET_ROOTFS_TAR is not set
 BR2_TARGET_ROOTFS_INITRAMFS=y
 
-# Linux headers same as kernel, a 4.16 series
-BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
+# Linux headers same as kernel, a 4.19 series
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
 
 # Kernel
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_VERSION=y
-BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
+BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
 BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
 BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/microblazeel-mmu/linux.config"
 BR2_LINUX_KERNEL_LINUX_BIN=y

configs/qemu_mips32r2_malta_defconfig

@@ -9,13 +9,13 @@ BR2_SYSTEM_DHCP="eth0"
 BR2_TARGET_ROOTFS_EXT2=y
 # BR2_TARGET_ROOTFS_TAR is not set
 
-# Linux headers same as kernel, a 4.16 series
-BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
+# Linux headers same as kernel, a 4.19 series
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
 
 # Kernel
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_VERSION=y
-BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
+BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
 BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
 BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/mips32r2-malta/linux.config"
 BR2_LINUX_KERNEL_VMLINUX=y

configs/qemu_mips32r2el_malta_defconfig

@@ -9,13 +9,13 @@ BR2_SYSTEM_DHCP="eth0"
 BR2_TARGET_ROOTFS_EXT2=y
 # BR2_TARGET_ROOTFS_TAR is not set
 
-# Linux headers same as kernel, a 4.16 series
-BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
+# Linux headers same as kernel, a 4.19 series
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
 
 # Kernel
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_VERSION=y
-BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
+BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
 BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
 BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/mips32r2el-malta/linux.config"
 BR2_LINUX_KERNEL_VMLINUX=y

configs/qemu_mips32r6_malta_defconfig

@@ -9,13 +9,13 @@ BR2_SYSTEM_DHCP="eth0"
 BR2_TARGET_ROOTFS_EXT2=y
 # BR2_TARGET_ROOTFS_TAR is not set
 
-# Linux headers same as kernel, a 4.16 series
-BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
+# Linux headers same as kernel, a 4.19 series
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
 
 # Kernel
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_VERSION=y
-BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
+BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
 BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
 BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/mips32r6-malta/linux.config"
 BR2_LINUX_KERNEL_VMLINUX=y

configs/qemu_mips32r6el_malta_defconfig

@@ -9,13 +9,13 @@ BR2_SYSTEM_DHCP="eth0"
 BR2_TARGET_ROOTFS_EXT2=y
 # BR2_TARGET_ROOTFS_TAR is not set
 
-# Linux headers same as kernel, a 4.16 series
-BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
+# Linux headers same as kernel, a 4.19 series
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
 
 # Kernel
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_VERSION=y
-BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
+BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
 BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
 BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/mips32r6el-malta/linux.config"
 BR2_LINUX_KERNEL_VMLINUX=y

configs/qemu_mips64_malta_defconfig

@@ -9,13 +9,13 @@ BR2_SYSTEM_DHCP="eth0"
 BR2_TARGET_ROOTFS_EXT2=y
 # BR2_TARGET_ROOTFS_TAR is not set
 
-# Linux headers same as kernel, a 4.16 series
-BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
+# Linux headers same as kernel, a 4.19 series
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
 
 # Kernel
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_VERSION=y
-BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
+BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
 BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
 BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/mips64-malta/linux.config"
 BR2_LINUX_KERNEL_VMLINUX=y

configs/qemu_mips64el_malta_defconfig

@@ -9,13 +9,13 @@ BR2_SYSTEM_DHCP="eth0"
 BR2_TARGET_ROOTFS_EXT2=y
 # BR2_TARGET_ROOTFS_TAR is not set
 
-# Linux headers same as kernel, a 4.16 series
-BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
+# Linux headers same as kernel, a 4.19 series
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
 
 # Kernel
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_VERSION=y
-BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
+BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
 BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
 BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/mips64el-malta/linux.config"
 BR2_LINUX_KERNEL_VMLINUX=y

configs/qemu_mips64r6_malta_defconfig

@@ -10,13 +10,13 @@ BR2_SYSTEM_DHCP="eth0"
 BR2_TARGET_ROOTFS_EXT2=y
 # BR2_TARGET_ROOTFS_TAR is not set
 
-# Linux headers same as kernel, a 4.16 series
-BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
+# Linux headers same as kernel, a 4.19 series
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
 
 # Kernel
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_VERSION=y
-BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
+BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
 BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
 BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/mips64r6-malta/linux.config"
 BR2_LINUX_KERNEL_VMLINUX=y

configs/qemu_mips64r6el_malta_defconfig

@@ -10,13 +10,13 @@ BR2_SYSTEM_DHCP="eth0"
 BR2_TARGET_ROOTFS_EXT2=y
 # BR2_TARGET_ROOTFS_TAR is not set
 
-# Linux headers same as kernel, a 4.16 series
-BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
+# Linux headers same as kernel, a 4.19 series
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
 
 # Kernel
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_VERSION=y
-BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
+BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
 BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
 BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/mips64r6el-malta/linux.config"
 BR2_LINUX_KERNEL_VMLINUX=y

configs/qemu_nios2_10m50_defconfig

@@ -1,10 +1,10 @@
 BR2_nios2=y
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_VERSION=y
-BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
+BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
 BR2_LINUX_KERNEL_DEFCONFIG="10m50"
 BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="board/qemu/nios2-10m50/linux.fragment"
 BR2_TARGET_ROOTFS_INITRAMFS=y
 
-# Linux headers same as kernel, a 4.16 series
-BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
+# Linux headers same as kernel, a 4.19 series
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y

configs/qemu_or1k_defconfig

@@ -5,12 +5,12 @@ BR2_or1k=y
 # BR2_TARGET_ROOTFS_TAR is not set
 BR2_TARGET_ROOTFS_INITRAMFS=y
 
-# Linux headers same as kernel, a 4,16 series
-BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
+# Linux headers same as kernel, a 4,19 series
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
 
 # Kernel
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_VERSION=y
-BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
+BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
 BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
 BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/or1k/linux.config"

configs/qemu_ppc64_e5500_defconfig

@@ -6,12 +6,12 @@ BR2_powerpc_e5500=y
 BR2_TARGET_GENERIC_GETTY_PORT="ttyS0"
 
 # Linux headers same as the kernel
-BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
 
 # Kernel
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_VERSION=y
-BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
+BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
 BR2_LINUX_KERNEL_DEFCONFIG="corenet64_smp"
 BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="board/qemu/ppc64-e5500/linux.fragment"
 BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y

configs/qemu_ppc64_pseries_defconfig

@@ -10,12 +10,12 @@ BR2_TARGET_GENERIC_GETTY_PORT="hvc0"
 BR2_TARGET_ROOTFS_EXT2=y
 # BR2_TARGET_ROOTFS_TAR is not set
 
-# Linux headers same as kernel, a 4.16 series
-BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
+# Linux headers same as kernel, a 4.19 series
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
 
 # Kernel
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_VERSION=y
-BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
+BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
 BR2_LINUX_KERNEL_DEFCONFIG="pseries"
 BR2_LINUX_KERNEL_VMLINUX=y

configs/qemu_ppc64le_pseries_defconfig

@@ -10,12 +10,12 @@ BR2_SYSTEM_DHCP="eth0"
 BR2_TARGET_ROOTFS_EXT2=y
 # BR2_TARGET_ROOTFS_TAR is not set
 
-# Linux headers same as kernel, a 4.16 series
-BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
+# Linux headers same as kernel, a 4.19 series
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
 
 # Kernel
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_VERSION=y
-BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
+BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
 BR2_LINUX_KERNEL_DEFCONFIG="pseries_le"
 BR2_LINUX_KERNEL_VMLINUX=y

configs/qemu_ppc_g3beige_defconfig

@@ -9,13 +9,13 @@ BR2_SYSTEM_DHCP="eth0"
 BR2_TARGET_ROOTFS_EXT2=y
 # BR2_TARGET_ROOTFS_TAR is not set
 
-# Linux headers same as kernel, a 4.16 series
-BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
+# Linux headers same as kernel, a 4.19 series
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
 
 # Kernel
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_VERSION=y
-BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
+BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
 BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
 BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/ppc-g3beige/linux.config"
 BR2_LINUX_KERNEL_VMLINUX=y

configs/qemu_ppc_mpc8544ds_defconfig

@@ -9,13 +9,13 @@ BR2_SYSTEM_DHCP="eth0"
 # BR2_TARGET_ROOTFS_TAR is not set
 BR2_TARGET_ROOTFS_INITRAMFS=y
 
-# Linux headers same as kernel, a 4.16 series
-BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
+# Linux headers same as kernel, a 4.19 series
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
 
 # Kernel
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_VERSION=y
-BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
+BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
 BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
 BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/ppc-mpc8544ds/linux.config"
 BR2_LINUX_KERNEL_VMLINUX=y

configs/qemu_ppc_virtex_ml507_defconfig

@@ -6,8 +6,8 @@ BR2_powerpc_440=y
 # BR2_TARGET_ROOTFS_TAR is not set
 BR2_TARGET_ROOTFS_INITRAMFS=y
 
-# Linux headers same as kernel, a 4.16 series
-BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
+# Linux headers same as kernel, a 4.19 series
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
 
 # Use soft float
 BR2_SOFT_FLOAT=y
@@ -15,7 +15,7 @@ BR2_SOFT_FLOAT=y
 # Kernel
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_VERSION=y
-BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
+BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
 BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
 BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/ppc-virtex-ml507/linux.config"
 BR2_LINUX_KERNEL_VMLINUX=y

configs/qemu_sh4_r2d_defconfig

@@ -11,13 +11,13 @@ BR2_TARGET_GENERIC_GETTY_PORT="ttySC1"
 BR2_TARGET_ROOTFS_EXT2=y
 # BR2_TARGET_ROOTFS_TAR is not set
 
-# Linux headers same as kernel, a 4.16 series
-BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
+# Linux headers same as kernel, a 4.19 series
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
 
 # Linux kernel
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_VERSION=y
-BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
+BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
 BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
 BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/sh4-r2d/linux.config"
 BR2_LINUX_KERNEL_ZIMAGE=y

configs/qemu_sh4eb_r2d_defconfig

@@ -10,13 +10,13 @@ BR2_TARGET_GENERIC_GETTY_PORT="ttySC1"
 BR2_TARGET_ROOTFS_EXT2=y
 # BR2_TARGET_ROOTFS_TAR is not set
 
-# Linux headers same as kernel, a 4.16 series
-BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
+# Linux headers same as kernel, a 4.19 series
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
 
 # Linux kernel
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_VERSION=y
-BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
+BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
 BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
 BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/sh4eb-r2d/linux.config"
 BR2_LINUX_KERNEL_ZIMAGE=y

configs/qemu_sparc64_sun4u_defconfig

@@ -9,12 +9,12 @@ BR2_SYSTEM_DHCP="eth0"
 BR2_TARGET_ROOTFS_EXT2=y
 # BR2_TARGET_ROOTFS_TAR is not set
 
-# Linux headers same as kernel, a 4.16 series
-BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
+# Linux headers same as kernel, a 4.19 series
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
 
 # Linux kernel
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_VERSION=y
-BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
+BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
 BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
 BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/sparc64-sun4u/linux.config"

configs/qemu_sparc_ss10_defconfig

@@ -9,12 +9,12 @@ BR2_SYSTEM_DHCP="eth0"
 BR2_TARGET_ROOTFS_EXT2=y
 # BR2_TARGET_ROOTFS_TAR is not set
 
-# Linux headers same as kernel, a 4.16 series
-BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
+# Linux headers same as kernel, a 4.19 series
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
 
 # Linux kernel
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_VERSION=y
-BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
+BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
 BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
 BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/sparc-ss10/linux.config"

configs/qemu_x86_64_defconfig

@@ -9,12 +9,12 @@ BR2_TARGET_GENERIC_GETTY_PORT="tty1"
 BR2_TARGET_ROOTFS_EXT2=y
 # BR2_TARGET_ROOTFS_TAR is not set
 
-# Linux headers same as kernel, a 4.16 series
-BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
+# Linux headers same as kernel, a 4.19 series
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
 
 # Kernel
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_VERSION=y
-BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
+BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
 BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
 BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/x86_64/linux.config"

configs/qemu_x86_defconfig

@@ -10,12 +10,12 @@ BR2_TARGET_GENERIC_GETTY_PORT="tty1"
 BR2_TARGET_ROOTFS_EXT2=y
 # BR2_TARGET_ROOTFS_TAR is not set
 
-# Linux headers same as kernel, a 4.16 series
-BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
+# Linux headers same as kernel, a 4.19 series
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
 
 # Kernel
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_VERSION=y
-BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
+BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
 BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
 BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/x86/linux.config"

configs/qemu_xtensa_lx60_defconfig

@@ -11,13 +11,13 @@ BR2_TARGET_GENERIC_GETTY_PORT="ttyS0"
 # BR2_TARGET_ROOTFS_TAR is not set
 BR2_TARGET_ROOTFS_INITRAMFS=y
 
-# Linux headers same as kernel, a 4.16 series
-BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
+# Linux headers same as kernel, a 4.19 series
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
 
 # Kernel
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_VERSION=y
-BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
+BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
 BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
 BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/xtensa-lx60/linux.config"
 BR2_LINUX_KERNEL_IMAGE_TARGET_CUSTOM=y

configs/qemu_xtensa_lx60_nommu_defconfig

@@ -15,13 +15,13 @@ BR2_TARGET_GENERIC_GETTY_PORT="ttyS0"
 # BR2_TARGET_ROOTFS_TAR is not set
 BR2_TARGET_ROOTFS_INITRAMFS=y
 
-# Linux headers same as kernel, a 4.16 series
-BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
+# Linux headers same as kernel, a 4.19 series
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
 
 # Kernel
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_VERSION=y
-BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
+BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
 BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
 BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/xtensa-lx60/linux-nommu.config"
 BR2_LINUX_KERNEL_IMAGE_TARGET_CUSTOM=y

docs/website/download.html

@@ -75,38 +75,38 @@
 	  <p><a href="/downloads/buildroot-2018.11.2.tar.bz2.sign">PGP signature</a></p>
 	</div>
       </div>
-<!--
-      <h3 style="text-align: center;">Latest release candidate: <b>2018.11-rc3</b></h3>
+
+      <h3 style="text-align: center;">Latest release candidate: <b>2019.02-rc1</b></h3>
       <div class="row mt centered">
 	<div class="col-sm-6">
 	  <div class="flip-container center-block" ontouchstart="this.classList.toggle('hover');">
 	    <div class="flipper">
 	      <div class="front">
-		<a href="/downloads/buildroot-2018.11-rc3.tar.gz"><img src="images/zip.png" width="180" alt=""></a>
+		<a href="/downloads/buildroot-2019.02-rc1.tar.gz"><img src="images/zip.png" width="180" alt=""></a>
 	      </div>
 	      <div class="back">
-		<a href="/downloads/buildroot-2018.11-rc3.tar.gz"><img src="images/zip.png" width="180" alt=""></a>
+		<a href="/downloads/buildroot-2019.02-rc1.tar.gz"><img src="images/zip.png" width="180" alt=""></a>
 	      </div>
 	    </div>
 	  </div>
 
-	  <h3><a href="/downloads/buildroot-2018.11-rc3.tar.gz">buildroot-2018.11-rc3.tar.gz</a></h3>
-	  <p><a href="/downloads/buildroot-2018.11-rc3.tar.gz.sign">PGP signature</a></p>
+	  <h3><a href="/downloads/buildroot-2019.02-rc1.tar.gz">buildroot-2019.02-rc1.tar.gz</a></h3>
+	  <p><a href="/downloads/buildroot-2019.02-rc1.tar.gz.sign">PGP signature</a></p>
 	</div>
 	<div class="col-sm-6">
 	  <div class="flip-container center-block" ontouchstart="this.classList.toggle('hover');">
 	    <div class="flipper">
 	      <div class="front">
-		<a href="/downloads/buildroot-2018.11-rc3.tar.bz2"><img src="images/package.png" width="180" alt=""></a>
+		<a href="/downloads/buildroot-2019.02-rc1.tar.bz2"><img src="images/package.png" width="180" alt=""></a>
 	      </div>
 	      <div class="back">
-		<a href="/downloads/buildroot-2018.11-rc3.tar.bz2"><img src="images/package.png" width="180" alt=""></a>
+		<a href="/downloads/buildroot-2019.02-rc1.tar.bz2"><img src="images/package.png" width="180" alt=""></a>
 	      </div>
 	    </div>
 	  </div>
 
-	  <h3><a href="/downloads/buildroot-2018.11-rc3.tar.bz2">buildroot-2018.11-rc3.tar.bz2</a></h3>
-	  <p><a href="/downloads/buildroot-2018.11-rc3.tar.bz2.sign">PGP signature</a></p>
+	  <h3><a href="/downloads/buildroot-2019.02-rc1.tar.bz2">buildroot-2019.02-rc1.tar.bz2</a></h3>
+	  <p><a href="/downloads/buildroot-2019.02-rc1.tar.bz2.sign">PGP signature</a></p>
 	</div>
       </div>
 
@@ -114,7 +114,7 @@
       <a href="/downloads/">http://buildroot.net/downloads/</a>.
     </div>
   </div>
--->
+
   <div class="panel panel-primary">
     <div class="panel-heading">Source code</div>
     <div class="panel-body">

docs/website/news.html

@@ -9,6 +9,29 @@
 <h2>News</h2>
 <ul class="timeline">
 
+  <li class="timeline-inverted">
+    <div class="timeline-badge"><i class="glyphicon glyphicon-thumbs-up"></i></div>
+    <div class="timeline-panel">
+      <div class="timeline-heading">
+	<h4 class="timeline-title">2019.02-rc1 released</h4>
+	<p><small class="text-muted"><i class="glyphicon glyphicon-time"></i>13 February 2019</small></p>
+      </div>
+      <div class="timeline-body">
+	<p>We have a new release candidate! Lots of changes all over the
+	  tree, see the
+	  <a href="http://git.buildroot.net/buildroot/plain/CHANGES?id=2019.02-rc1">CHANGES</a>
+	  file for details.
+	</p>
+
+	<p>Head to the <a href="/downloads/">downloads page</a> to pick up the
+	  <a href="/downloads/buildroot-2019.02-rc1.tar.bz2">2019.02-rc1
+	    release candidate</a>, and report any problems found to the
+	  <a href="support.html">mailing list</a> or
+	  <a href="https://bugs.buildroot.org">bug tracker</a>.</p>
+      </div>
+    </div>
+  </li>
+
   <li>
     <div class="timeline-badge"><i class="glyphicon glyphicon-thumbs-up"></i></div>
     <div class="timeline-panel">

package/Config.in

@@ -1215,6 +1215,7 @@ menu "Database"
 	source "package/leveldb/Config.in"
 	source "package/libgit2/Config.in"
 	source "package/libpqxx/Config.in"
+	source "package/mongodb/Config.in"
 	source "package/mysql/Config.in"
 	source "package/postgresql/Config.in"
 	source "package/redis/Config.in"

package/brcm-patchram-plus/0001-src-main.c-fix-build-on-SPARC.patch

@@ -1,64 +0,0 @@
-From 8ff9d421372a7cb780fbafd8b1d556ee549bf109 Mon Sep 17 00:00:00 2001
-From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-Date: Fri, 8 Feb 2019 23:21:04 +0100
-Subject: [PATCH] src/main.c: fix build on SPARC
-
-On SPARC, the definitions of B2500000, B3000000, B3500000 and B4000000
-are not necessarily available, so use those values only if defined in
-the kernel headers.
-
-It fixes SPARC build failures such as:
-main.c:382:13: error: 'B2500000' undeclared here (not in a function)
-  { 2500000, B2500000 },
-             ^~~~~~~~
-main.c:383:13: error: 'B3000000' undeclared here (not in a function)
-  { 3000000, B3000000 },
-             ^~~~~~~~
-main.c:385:13: error: 'B3500000' undeclared here (not in a function)
-  { 3500000, B3500000 },
-             ^~~~~~~~
-main.c:386:13: error: 'B4000000' undeclared here (not in a function)
-  { 4000000, B4000000 }
-
-Fixes:
- - http://autobuild.buildroot.org/results/f7012c08c935c3a6ccae50b84170190af5cd5cba
-
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-[Upstream status: https://github.com/AsteroidOS/brcm-patchram-plus/pull/1]
----
- src/main.c | 18 +++++++++++++-----
- 1 file changed, 13 insertions(+), 5 deletions(-)
-
-diff --git a/src/main.c b/src/main.c
-index 040cfe1..17c5191 100644
---- a/src/main.c
-+++ b/src/main.c
-@@ -378,12 +378,20 @@ tBaudRates baud_rates[] = {
- 	{ 1000000, B1000000 },
- 	{ 1152000, B1152000 },
- 	{ 1500000, B1500000 },
--	{ 2000000, B2000000 },
--	{ 2500000, B2500000 },
--	{ 3000000, B3000000 },
-+	{ 2000000, B2000000 }
-+#ifdef B2500000
-+	,{ 2500000, B2500000 }
-+#endif
-+#ifdef B3000000
-+	,{ 3000000, B3000000 }
-+#endif
- #ifndef __CYGWIN__
--	{ 3500000, B3500000 },
--	{ 4000000, B4000000 }
-+#ifdef B3500000
-+	,{ 3500000, B3500000 }
-+#endif
-+#ifdef B4000000
-+	,{ 4000000, B4000000 }
-+#endif
- #endif
- };
- 
--- 
-2.14.1
-

package/brcm-patchram-plus/brcm-patchram-plus.hash

@@ -1,3 +1,3 @@
 # locally computed
-sha256  7d63f3a0c79cb5d187a0f2647734601f9c97d4eb8e545ce9ace7653c1f3f9a58  brcm-patchram-plus-94fb127e614b19a9a95561b8c1a0716e2e1e6293.tar.gz
-sha256  3bbeac0dc9f456695e692687c9d90a3c4ffc0253b0476d487d8cede207a8dc5b  src/main.c
+sha256  febad69fbc9185b4c6a31188cf381fd280b88d93cb7f5a40dfdbab9c599c29a7  brcm-patchram-plus-95b7b6916d661a4da3f9c0adf52d5e1f4f8ab042.tar.gz
+sha256  26324f5c563b7e338c2876c8abe90c3681c1e9a6163fc59b494c94ad6493eda4  COPYING

package/brcm-patchram-plus/brcm-patchram-plus.mk

@@ -4,10 +4,10 @@
 #
 ################################################################################
 
-BRCM_PATCHRAM_PLUS_VERSION = 94fb127e614b19a9a95561b8c1a0716e2e1e6293
+BRCM_PATCHRAM_PLUS_VERSION = 95b7b6916d661a4da3f9c0adf52d5e1f4f8ab042
 BRCM_PATCHRAM_PLUS_SITE = $(call github,AsteroidOS,brcm-patchram-plus,$(BRCM_PATCHRAM_PLUS_VERSION))
 BRCM_PATCHRAM_PLUS_LICENSE = Apache-2.0
-BRCM_PATCHRAM_PLUS_LICENSE_FILES = src/main.c
+BRCM_PATCHRAM_PLUS_LICENSE_FILES = COPYING
 BRCM_PATCHRAM_PLUS_AUTORECONF = YES
 
 $(eval $(autotools-package))

package/docker-cli/docker-cli.hash

@@ -1,3 +1,3 @@
 # Locally calculated
-sha256	3e578406dead2fc72c4b52f77db39dc779fa8b460352116c06f1ae29219bd8c2  docker-cli-v18.09.0.tar.gz
+sha256	29f3a435bfcd52dbe26f6315ee92bffc0220a537608935a2c3870f6b729fc16e  docker-cli-v18.09.2.tar.gz
 sha256	2d81ea060825006fc8f3fe28aa5dc0ffeb80faf325b612c955229157b8c10dc0  LICENSE

package/docker-cli/docker-cli.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DOCKER_CLI_VERSION = v18.09.0
+DOCKER_CLI_VERSION = v18.09.2
 DOCKER_CLI_SITE = $(call github,docker,cli,$(DOCKER_CLI_VERSION))
 DOCKER_CLI_WORKSPACE = gopath
 

package/docker-containerd/Config.in

@@ -3,6 +3,7 @@ config BR2_PACKAGE_DOCKER_CONTAINERD
 	depends on BR2_PACKAGE_HOST_GO_ARCH_SUPPORTS
 	depends on BR2_PACKAGE_HOST_GO_CGO_LINKING_SUPPORTS
 	depends on BR2_TOOLCHAIN_HAS_THREADS
+	depends on !BR2_PACKAGE_TOOLCHAIN_USES_UCLIBC # runc
 	depends on BR2_USE_MMU # util-linux
 	select BR2_PACKAGE_RUNC # runtime dependency
 	select BR2_PACKAGE_UTIL_LINUX # runtime dependency
@@ -27,8 +28,8 @@ config BR2_PACKAGE_DOCKER_CONTAINERD_DRIVER_BTRFS
 
 endif
 
-comment "docker-containerd needs a toolchain w/ threads"
+comment "docker-containerd needs a glibc or musl toolchain w/ threads"
 	depends on BR2_PACKAGE_HOST_GO_ARCH_SUPPORTS
 	depends on BR2_PACKAGE_HOST_GO_CGO_LINKING_SUPPORTS
 	depends on BR2_USE_MMU
-	depends on !BR2_TOOLCHAIN_HAS_THREADS
+	depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_TOOLCHAIN_USES_UCLIBC

package/docker-containerd/docker-containerd.hash

@@ -1,3 +1,3 @@
 # Computed locally
-sha256	a2780aca4d72bb8aced14ca9de99bdc9a90bdaacb06c5ddd8378a66443c1d70f  docker-containerd-v1.2.1.tar.gz
+sha256	ff4c2ad680c9e2484e335868a54b0c1ea49d9165dd5b38b64ef7d9dacf2b96b4  docker-containerd-v1.2.3.tar.gz
 sha256  4bbe3b885e8cd1907ab4cf9a41e862e74e24b5422297a4f2fe524e6a30ada2b4	LICENSE

package/docker-containerd/docker-containerd.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DOCKER_CONTAINERD_VERSION = v1.2.1
+DOCKER_CONTAINERD_VERSION = v1.2.3
 DOCKER_CONTAINERD_SITE = $(call github,containerd,containerd,$(DOCKER_CONTAINERD_VERSION))
 DOCKER_CONTAINERD_LICENSE = Apache-2.0
 DOCKER_CONTAINERD_LICENSE_FILES = LICENSE

package/docker-engine/0001-Fix-faulty-runc-version-commit-scrape.patch

@@ -0,0 +1,45 @@
+From 324e7be4b252c13002bca6a9d82e7b2e43664634 Mon Sep 17 00:00:00 2001
+From: Christian Stewart <christian@paral.in>
+Date: Mon, 26 Nov 2018 22:59:32 -0800
+Subject: [PATCH] Fix faulty runc version commit scrape
+
+This commit replaces faulty logic to determine the runc version commit hash.
+
+The original logic takes the second line of the output of "runc --version" and
+does not work if there are a different number of lines printed from the command
+than expected. The buildroot version of runc outputs two lines instead of the
+expected three, causing the error:
+
+unknown output format: runc version commit: ...
+
+This patch replaces this logic with a simple scan of the "runc --version"
+output, searching for the "runc version commit" prefixed line.
+
+Signed-off-by: Christian Stewart <christian@paral.in>
+---
+ daemon/info_unix.go | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/daemon/info_unix.go b/daemon/info_unix.go
+index 60b2f99870..688a510796 100644
+--- a/daemon/info_unix.go
++++ b/daemon/info_unix.go
+@@ -32,10 +32,11 @@ func (daemon *Daemon) fillPlatformInfo(v *types.Info, sysInfo *sysinfo.SysInfo)
+ 	defaultRuntimeBinary := daemon.configStore.GetRuntime(v.DefaultRuntime).Path
+ 	if rv, err := exec.Command(defaultRuntimeBinary, "--version").Output(); err == nil {
+ 		parts := strings.Split(strings.TrimSpace(string(rv)), "\n")
+-		if len(parts) == 3 {
+-			parts = strings.Split(parts[1], ": ")
+-			if len(parts) == 2 {
+-				v.RuncCommit.ID = strings.TrimSpace(parts[1])
++		for _, pt := range parts {
++			ptKv := strings.Split(pt, ":")
++			if strings.HasSuffix(strings.TrimSpace(ptKv[0]), "commit") {
++				v.RuncCommit.ID = strings.TrimSpace(ptKv[1])
++				break
+ 			}
+ 		}
+ 
+-- 
+2.18.1
+

package/docker-engine/Config.in

@@ -3,6 +3,7 @@ config BR2_PACKAGE_DOCKER_ENGINE
 	depends on BR2_PACKAGE_HOST_GO_ARCH_SUPPORTS
 	depends on BR2_PACKAGE_HOST_GO_CGO_LINKING_SUPPORTS
 	depends on BR2_TOOLCHAIN_HAS_THREADS
+	depends on !BR2_TOOLCHAIN_USES_UCLIBC # docker-containerd -> runc
 	depends on BR2_USE_MMU # docker-containerd
 	select BR2_PACKAGE_DOCKER_CONTAINERD # runtime dependency
 	select BR2_PACKAGE_DOCKER_PROXY # runtime dependency
@@ -49,8 +50,8 @@ config BR2_PACKAGE_DOCKER_ENGINE_DRIVER_VFS
 
 endif
 
-comment "docker-engine needs a toolchain w/ threads"
+comment "docker-engine needs a glibc or musl toolchain w/ threads"
 	depends on BR2_PACKAGE_HOST_GO_ARCH_SUPPORTS
 	depends on BR2_PACKAGE_HOST_GO_CGO_LINKING_SUPPORTS
-	depends on !BR2_TOOLCHAIN_HAS_THREADS
+	depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_TOOLCHAIN_USES_UCLIBC
 	depends on BR2_USE_MMU

package/docker-engine/docker-engine.hash

@@ -1,3 +1,3 @@
 # Locally calculated
-sha256	b5278b3f2b460ea61f47833abd2a844f348b4518e73f309294ad178c205a48e1  docker-engine-v18.09.0.tar.gz
+sha256	4babbcbc3e1d7750c61a1e5bee29bd206256948961feaac5b44cabb0c70a50a6  docker-engine-v18.09.2.tar.gz
 sha256	2d81ea060825006fc8f3fe28aa5dc0ffeb80faf325b612c955229157b8c10dc0  LICENSE

package/docker-engine/docker-engine.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DOCKER_ENGINE_VERSION = v18.09.0
+DOCKER_ENGINE_VERSION = v18.09.2
 DOCKER_ENGINE_SITE = $(call github,docker,engine,$(DOCKER_ENGINE_VERSION))
 
 DOCKER_ENGINE_LICENSE = Apache-2.0

package/ghostscript/0002-Sanitize-op-stack-for-error-conditions.patch

@@ -0,0 +1,176 @@
+From a1de1e6ab51ab37a17975aad1193f2523e7e7e84 Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Wed, 5 Dec 2018 12:22:13 +0000
+Subject: [PATCH] Sanitize op stack for error conditions
+
+We save the stacks to an array and store the array for the error handler to
+access.
+
+For SAFER, we traverse the array, and deep copy any op arrays (procedures). As
+we make these copies, we check for operators that do *not* exist in systemdict,
+when we find one, we replace the operator with a name object (of the form
+"/--opname--").
+
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Upstream status: commit 13b0a36f818
+
+ psi/int.mak  |  3 +-
+ psi/interp.c |  8 ++++++
+ psi/istack.c | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++
+ psi/istack.h |  3 ++
+ 4 files changed, 91 insertions(+), 1 deletion(-)
+
+diff --git a/psi/int.mak b/psi/int.mak
+index 6ab5bf0069dd..6b349cb042dd 100644
+--- a/psi/int.mak
++++ b/psi/int.mak
+@@ -204,7 +204,8 @@ $(PSOBJ)iparam.$(OBJ) : $(PSSRC)iparam.c $(GH)\
+ $(PSOBJ)istack.$(OBJ) : $(PSSRC)istack.c $(GH) $(memory__h)\
+  $(ierrors_h) $(gsstruct_h) $(gsutil_h)\
+  $(ialloc_h) $(istack_h) $(istkparm_h) $(istruct_h) $(iutil_h) $(ivmspace_h)\
+- $(store_h) $(INT_MAK) $(MAKEDIRS)
++ $(store_h) $(icstate_h) $(iname_h) $(dstack_h) $(idict_h) \
++ $(INT_MAK) $(MAKEDIRS)
+ 	$(PSCC) $(PSO_)istack.$(OBJ) $(C_) $(PSSRC)istack.c
+ 
+ $(PSOBJ)iutil.$(OBJ) : $(PSSRC)iutil.c $(GH) $(math__h) $(memory__h) $(string__h)\
+diff --git a/psi/interp.c b/psi/interp.c
+index 6dc0ddae1b3c..aa5779c51420 100644
+--- a/psi/interp.c
++++ b/psi/interp.c
+@@ -761,6 +761,7 @@ copy_stack(i_ctx_t *i_ctx_p, const ref_stack_t * pstack, int skip, ref * arr)
+     uint size = ref_stack_count(pstack) - skip;
+     uint save_space = ialloc_space(idmemory);
+     int code, i;
++    ref *safety, *safe;
+ 
+     if (size > 65535)
+         size = 65535;
+@@ -778,6 +779,13 @@ copy_stack(i_ctx_t *i_ctx_p, const ref_stack_t * pstack, int skip, ref * arr)
+                 make_null(&arr->value.refs[i]);
+         }
+     }
++    if (pstack == &o_stack && dict_find_string(systemdict, "SAFETY", &safety) > 0 &&
++        dict_find_string(safety, "safe", &safe) > 0 && r_has_type(safe, t_boolean) &&
++        safe->value.boolval == true) {
++        code = ref_stack_array_sanitize(i_ctx_p, arr, arr);
++        if (code < 0)
++            return code;
++    }
+     ialloc_set_space(idmemory, save_space);
+     return code;
+ }
+diff --git a/psi/istack.c b/psi/istack.c
+index 8fe151fa5628..f1a3e511534d 100644
+--- a/psi/istack.c
++++ b/psi/istack.c
+@@ -27,6 +27,10 @@
+ #include "iutil.h"
+ #include "ivmspace.h"		/* for local/global test */
+ #include "store.h"
++#include "icstate.h"
++#include "iname.h"
++#include "dstack.h"
++#include "idict.h"
+ 
+ /* Forward references */
+ static void init_block(ref_stack_t *pstack, const ref *pblock_array,
+@@ -294,6 +298,80 @@ ref_stack_store_check(const ref_stack_t *pstack, ref *parray, uint count,
+     return 0;
+ }
+ 
++int
++ref_stack_array_sanitize(i_ctx_t *i_ctx_p, ref *sarr, ref *darr)
++{
++    int i, code;
++    ref obj, arr2;
++    ref *pobj2;
++    gs_memory_t *mem = (gs_memory_t *)idmemory->current;
++
++    if (!r_is_array(sarr) || !r_has_type(darr, t_array))
++        return_error(gs_error_typecheck);
++
++    for (i = 0; i < r_size(sarr); i++) {
++        code = array_get(mem, sarr, i, &obj);
++        if (code < 0)
++            make_null(&obj);
++        switch(r_type(&obj)) {
++          case t_operator:
++          {
++            int index = op_index(&obj);
++
++            if (index > 0 && index < op_def_count) {
++                const byte *data = (const byte *)(op_index_def(index)->oname + 1);
++                if (dict_find_string(systemdict, (const char *)data, &pobj2) <= 0) {
++                    byte *s = gs_alloc_bytes(mem, strlen((char *)data) + 5, "ref_stack_array_sanitize");
++                    if (s) {
++                        s[0] =  '\0';
++                        strcpy((char *)s, "--");
++                        strcpy((char *)s + 2, (char *)data);
++                        strcpy((char *)s + strlen((char *)data) + 2, "--");
++                    }
++                    else {
++                        s = (byte *)data;
++                    }
++                    code = name_ref(imemory, s, strlen((char *)s), &obj, 1);
++                    if (code < 0) make_null(&obj);
++                    if (s != data)
++                        gs_free_object(mem, s, "ref_stack_array_sanitize");
++                }
++            }
++            else {
++                make_null(&obj);
++            }
++            ref_assign(darr->value.refs + i, &obj);
++            break;
++          }
++          case t_array:
++          case t_shortarray:
++          case t_mixedarray:
++          {
++            int attrs = r_type_attrs(&obj) & (a_write | a_read | a_execute | a_executable);
++            /* We only want to copy executable arrays */
++            if (attrs & (a_execute | a_executable)) {
++                code = ialloc_ref_array(&arr2, attrs, r_size(&obj), "ref_stack_array_sanitize");
++                if (code < 0) {
++                    make_null(&arr2);
++                }
++                else {
++                    code = ref_stack_array_sanitize(i_ctx_p, &obj, &arr2);
++                }
++                ref_assign(darr->value.refs + i, &arr2);
++            }
++            else {
++                ref_assign(darr->value.refs + i, &obj);
++            }
++            break;
++          }
++          default:
++            ref_assign(darr->value.refs + i, &obj);
++        }
++    }
++    return 0;
++}
++
++
+ /*
+  * Store the top 'count' elements of a stack, starting 'skip' elements below
+  * the top, into an array, with or without store/undo checking.  age=-1 for
+diff --git a/psi/istack.h b/psi/istack.h
+index 051dcbe216cf..54be405adfb3 100644
+--- a/psi/istack.h
++++ b/psi/istack.h
+@@ -129,6 +129,9 @@ int ref_stack_store(const ref_stack_t *pstack, ref *parray, uint count,
+                     uint skip, int age, bool check,
+                     gs_dual_memory_t *idmem, client_name_t cname);
+ 
++int
++ref_stack_array_sanitize(i_ctx_t *i_ctx_p, ref *sarr, ref *darr);
++
+ /*
+  * Pop the top N elements off a stack.
+  * The number must not exceed the number of elements in use.
+-- 
+2.20.1
+

package/ghostscript/0003-Any-transient-procedures-that-call-.force-operators.patch

@@ -0,0 +1,441 @@
+From f0397dbfbe5eea325613ff375b30eb0db5551ffe Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Thu, 13 Dec 2018 15:28:34 +0000
+Subject: [PATCH] Any transient procedures that call .force* operators
+
+(i.e. for conditionals or loops) make them executeonly.
+
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Upstream status: commit 2db98f9c661
+
+ Resource/Init/gs_diskn.ps |  2 +-
+ Resource/Init/gs_dps1.ps  |  4 ++--
+ Resource/Init/gs_fntem.ps |  4 ++--
+ Resource/Init/gs_fonts.ps | 12 ++++++------
+ Resource/Init/gs_init.ps  |  4 ++--
+ Resource/Init/gs_lev2.ps  | 11 ++++++-----
+ Resource/Init/gs_pdfwr.ps |  2 +-
+ Resource/Init/gs_res.ps   |  4 ++--
+ Resource/Init/gs_setpd.ps |  2 +-
+ Resource/Init/pdf_base.ps | 13 ++++++++-----
+ Resource/Init/pdf_draw.ps | 16 +++++++++-------
+ Resource/Init/pdf_font.ps |  6 +++---
+ Resource/Init/pdf_main.ps |  4 ++--
+ Resource/Init/pdf_ops.ps  |  7 ++++---
+ 14 files changed, 49 insertions(+), 42 deletions(-)
+
+diff --git a/Resource/Init/gs_diskn.ps b/Resource/Init/gs_diskn.ps
+index fd694bc44b5a..8bf20542040d 100644
+--- a/Resource/Init/gs_diskn.ps
++++ b/Resource/Init/gs_diskn.ps
+@@ -51,7 +51,7 @@ systemdict begin
+     mark 5 1 roll ] mark exch { { } forall } forall ]
+     //systemdict /.searchabledevs 2 index .forceput
+     exch .setglobal
+-  }
++  } executeonly
+   if
+ } .bind executeonly odef % must be bound and hidden for .forceput
+ 
+diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps
+index ec5db61b9f03..4fae2839940c 100644
+--- a/Resource/Init/gs_dps1.ps
++++ b/Resource/Init/gs_dps1.ps
+@@ -78,7 +78,7 @@ level2dict begin
+    .currentglobal
+     {		% Current mode is global; delete from local directory too.
+       //systemdict /LocalFontDirectory .knownget
+-       { 1 index .forceundef }		% LocalFontDirectory is readonly
++       { 1 index .forceundef } executeonly		% LocalFontDirectory is readonly
+       if
+     }
+     {		% Current mode is local; if there was a shadowed global
+@@ -126,7 +126,7 @@ level2dict begin
+           }
+          ifelse
+        } forall
+-      pop counttomark 2 idiv { .forceundef } repeat pop		% readonly
++      pop counttomark 2 idiv { .forceundef } executeonly repeat pop		% readonly
+     }
+    if
+    //SharedFontDirectory exch .forcecopynew pop
+diff --git a/Resource/Init/gs_fntem.ps b/Resource/Init/gs_fntem.ps
+index c1f7651f18cc..6eb672a6840e 100644
+--- a/Resource/Init/gs_fntem.ps
++++ b/Resource/Init/gs_fntem.ps
+@@ -401,12 +401,12 @@ currentdict end def
+       .forceput % FontInfo can be read-only.
+       pop                                                        % bool <font>
+       exit
+-    } if
++    } executeonly if
+     dup /FontInfo get                                            % bool <font> <FI>
+     /GlyphNames2Unicode /Unicode /Decoding findresource
+     .forceput % FontInfo can be read-only.
+     exit
+-  } loop
++  } executeonly loop
+   exch setglobal
+ } .bind executeonly odef % must be bound and hidden for .forceput
+ 
+diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps
+index 803faca4918d..290da0cd6819 100644
+--- a/Resource/Init/gs_fonts.ps
++++ b/Resource/Init/gs_fonts.ps
+@@ -374,7 +374,7 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
+ /.setnativefontmapbuilt { % set whether we've been run
+   dup type /booleantype eq {
+       systemdict exch /.nativefontmapbuilt exch .forceput
+-  }
++  } executeonly
+   {pop}
+   ifelse
+ } .bind executeonly odef
+@@ -1007,11 +1007,11 @@ $error /SubstituteFont { } put
+ { 2 index gcheck currentglobal
+   2 copy eq {
+     pop pop .forceput
+-  } {
++  } executeonly {
+     5 1 roll setglobal
+     dup length string copy
+     .forceput setglobal
+-  } ifelse
++  } executeonly ifelse
+ } .bind executeonly odef % must be bound and hidden for .forceput
+ 
+ % Attempt to load a font from a file.
+@@ -1084,7 +1084,7 @@ $error /SubstituteFont { } put
+            .FontDirectory 3 index .forceundef		% readonly
+            1 index (r) file .loadfont .FontDirectory exch
+            /.setglobal .systemvar exec
+-         }
++         } executeonly
+          { .loadfont .FontDirectory
+          }
+         ifelse
+@@ -1105,7 +1105,7 @@ $error /SubstituteFont { } put
+         dup 3 index .fontknownget
+          { dup /PathLoad 4 index .putgstringcopy
+            4 1 roll pop pop pop //true exit
+-         } if
++         } executeonly if
+ 
+                 % Maybe the file had a different FontName.
+                 % See if we can get a FontName from the file, and if so,
+@@ -1134,7 +1134,7 @@ $error /SubstituteFont { } put
+               ifelse  % Stack: origfontname fontdict
+               exch pop //true exit
+                       % Stack: fontdict
+-            }
++            } executeonly
+            if pop % Stack: origfontname fontdirectory path
+          }
+         if pop pop  % Stack: origfontname
+diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
+index d733124b96d1..56c0bd268b53 100644
+--- a/Resource/Init/gs_init.ps
++++ b/Resource/Init/gs_init.ps
+@@ -2357,7 +2357,7 @@ SAFER { .setsafeglobal } if
+         % Update the copy of the user parameters.
+   mark .currentuserparams counttomark 2 idiv {
+     userparams 3 1 roll .forceput	% userparams is read-only
+-  } repeat pop
++  } executeonly repeat pop
+         % Turn on idiom recognition, if available.
+   currentuserparams /IdiomRecognition known {
+     /IdiomRecognition //true .definepsuserparam
+@@ -2376,7 +2376,7 @@ SAFER { .setsafeglobal } if
+         % Remove real system params from pssystemparams.
+   mark .currentsystemparams counttomark 2 idiv {
+     pop pssystemparams exch .forceundef
+-  } repeat pop
++  } executeonly repeat pop
+ } if
+ 
+ % Set up AlignToPixels :
+diff --git a/Resource/Init/gs_lev2.ps b/Resource/Init/gs_lev2.ps
+index 44fe61956659..0f0d57331c23 100644
+--- a/Resource/Init/gs_lev2.ps
++++ b/Resource/Init/gs_lev2.ps
+@@ -154,7 +154,8 @@ end
+       % protect top level of parameters that we copied
+       dup type dup /arraytype eq exch /stringtype eq or { readonly } if
+       /userparams .systemvar 3 1 roll .forceput  % userparams is read-only
+-    } {
++    } executeonly
++    {
+       pop pop
+     } ifelse
+   } forall
+@@ -224,7 +225,7 @@ end
+          % protect top level parameters that we copied
+          dup type dup /arraytype eq exch /stringtype eq or { readonly } if
+          //pssystemparams 3 1 roll .forceput	% pssystemparams is read-only
+-       }
++       } executeonly
+        { pop pop
+        }
+       ifelse
+@@ -934,7 +935,7 @@ mark
+   dup /PaintProc get
+   1 index /Implementation known not {
+     1 index dup /Implementation //null .forceput readonly pop
+-  } if
++  } executeonly if
+   exec
+ }.bind odef
+ 
+@@ -958,7 +959,7 @@ mark
+   dup /PaintProc get
+   1 index /Implementation known not {
+     1 index dup /Implementation //null .forceput readonly pop
+-  } if
++  } executeonly if
+   /UNROLLFORMS where {/UNROLLFORMS get}{false}ifelse not
+   %% [CTM] <<Form>> PaintProc .beginform -
+   {
+@@ -1005,7 +1006,7 @@ mark
+         %% Form dictioanry using the /Implementation key).
+         1 dict dup /FormID 4 -1 roll put
+         1 index exch /Implementation exch .forceput readonly pop
+-      }
++      } executeonly
+       ifelse
+     }
+     {
+diff --git a/Resource/Init/gs_pdfwr.ps b/Resource/Init/gs_pdfwr.ps
+index 58e75d3a4831..b425103d1cf3 100644
+--- a/Resource/Init/gs_pdfwr.ps
++++ b/Resource/Init/gs_pdfwr.ps
+@@ -650,7 +650,7 @@ currentdict /.pdfmarkparams .undef
+             } ifelse
+           } bind .makeoperator .forceput
+           systemdict /.pdf_hooked_DSC_Creator //true .forceput
+-        } if
++        } executeonly if
+         pop
+       } if
+     } {
+diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps
+index 8eb8bb0e5829..d9b34599e7c2 100644
+--- a/Resource/Init/gs_res.ps
++++ b/Resource/Init/gs_res.ps
+@@ -152,7 +152,7 @@ setglobal
+                 % use .forceput / .forcedef later to replace the dummy,
+                 % empty .Instances dictionary with the real one later.
+           readonly
+-        } {
++        }{
+           /defineresource cvx /typecheck signaloperror
+         } ifelse
+ } bind executeonly odef
+@@ -424,7 +424,7 @@ status {
+                         % As noted above, Category dictionaries are read-only,
+                         % so we have to use .forcedef here.
+                   /.Instances 1 index .forcedef	% Category dict is read-only
+-                } if
++                } executeonly if
+               }
+               { .LocalInstances dup //.emptydict eq
+                  { pop 3 dict localinstancedict Category 2 index put
+diff --git a/Resource/Init/gs_setpd.ps b/Resource/Init/gs_setpd.ps
+index e22597ebb5f3..7875d1f2f131 100644
+--- a/Resource/Init/gs_setpd.ps
++++ b/Resource/Init/gs_setpd.ps
+@@ -634,7 +634,7 @@ NOMEDIAATTRS {
+   SETPDDEBUG { (Rolling back.) = pstack flush } if
+   3 index 2 index 3 -1 roll .forceput
+   4 index 1 index .knownget
+-  { 4 index 3 1 roll .forceput }
++  { 4 index 3 1 roll .forceput } executeonly
+   { 3 index exch .undef }
+   ifelse
+ } bind executeonly odef
+diff --git a/Resource/Init/pdf_base.ps b/Resource/Init/pdf_base.ps
+index b45e9803165e..73127296c221 100644
+--- a/Resource/Init/pdf_base.ps
++++ b/Resource/Init/pdf_base.ps
+@@ -130,26 +130,29 @@ currentdict /num-chars-dict .undef
+ 
+ /.pdfexectoken {		% <count> <opdict> <exectoken> .pdfexectoken ?
+   PDFDEBUG {
+-    pdfdict /PDFSTEPcount known not { pdfdict /PDFSTEPcount 1 .forceput } if
++    pdfdict /PDFSTEPcount known not { pdfdict /PDFSTEPcount 1 .forceput } executeonly if
+     PDFSTEP {
+       pdfdict /PDFtokencount 2 copy .knownget { 1 add } { 1 } ifelse .forceput
+       PDFSTEPcount 1 gt {
+         pdfdict /PDFSTEPcount PDFSTEPcount 1 sub .forceput
+-      } {
++      } executeonly
++      {
+         dup ==only
+         (    step # ) print PDFtokencount =only
+         ( ? ) print flush 1 //false .outputpage
+         (%stdin) (r) file 255 string readline {
+           token {
+             exch pop pdfdict /PDFSTEPcount 3 -1 roll .forceput
+-          } {
++          } executeonly
++          {
+             pdfdict /PDFSTEPcount 1 .forceput
+-          } ifelse % token
++          } executeonly ifelse % token
+         } {
+           pop /PDFSTEP //false def	 % EOF on stdin
+         } ifelse % readline
+       } ifelse % PDFSTEPcount > 1
+-    } {
++    } executeonly
++    {
+       dup ==only () = flush
+     } ifelse % PDFSTEP
+   } if % PDFDEBUG
+diff --git a/Resource/Init/pdf_draw.ps b/Resource/Init/pdf_draw.ps
+index 6b0ba93e1e73..40c6ac80acce 100644
+--- a/Resource/Init/pdf_draw.ps
++++ b/Resource/Init/pdf_draw.ps
+@@ -1118,14 +1118,14 @@ currentdict end readonly def
+           pdfdict /.Qqwarning_issued //true .forceput
+           .setglobal
+           pdfformaterror
+-        } ifelse
++        } executeonly ifelse
+       }
+       {
+         currentglobal pdfdict gcheck .setglobal
+         pdfdict /.Qqwarning_issued //true .forceput
+         .setglobal
+         pdfformaterror
+-      } ifelse
++      } executeonly ifelse
+       end
+     } ifelse
+   } loop
+@@ -1141,14 +1141,14 @@ currentdict end readonly def
+         pdfdict /.Qqwarning_issued //true .forceput
+         .setglobal
+         pdfformaterror
+-      } ifelse
++      } executeonly ifelse
+     }
+     {
+       currentglobal pdfdict gcheck .setglobal
+       pdfdict /.Qqwarning_issued //true .forceput
+       .setglobal
+       pdfformaterror
+-    } ifelse
++    } executeonly ifelse
+   } if
+   pop
+ 
+@@ -2350,9 +2350,10 @@ currentdict /last-ditch-bpc-csp undef
+ /IncrementAppearanceNumber {
+   pdfdict /AppearanceNumber .knownget {
+     1 add pdfdict /AppearanceNumber 3 -1 roll .forceput
+-  }{
++  } executeonly
++  {
+     pdfdict /AppearanceNumber 0 .forceput
+-  } ifelse
++  } executeonly ifelse
+ }bind executeonly odef
+ 
+ /MakeAppearanceName {
+@@ -2510,7 +2511,8 @@ currentdict /last-ditch-bpc-csp undef
+     %% want to preserve it.
+     pdfdict /.PreservePDFForm false .forceput
+     /q cvx /execform cvx 5 -2 roll
+-  }{
++  } executeonly
++  {
+     /q cvx /PDFexecform cvx 5 -2 roll
+   } ifelse
+ 
+diff --git a/Resource/Init/pdf_font.ps b/Resource/Init/pdf_font.ps
+index bea9ea95ad1d..4cd62b9d9bb4 100644
+--- a/Resource/Init/pdf_font.ps
++++ b/Resource/Init/pdf_font.ps
+@@ -714,7 +714,7 @@ currentdict end readonly def
+     pop pop pop
+     currentdict /.stackdepth .forceundef
+     currentdict /.dstackdepth .forceundef
+-  }
++  } executeonly
+   {pop pop pop}
+   ifelse
+ 
+@@ -1232,7 +1232,7 @@ currentdict /eexec_pdf_param_dict .undef
+                 (\n   **** Warning: Type 3 glyph has unbalanced q/Q operators \(too many q's\)\n               Output may be incorrect.\n)
+                 pdfformatwarning
+                 pdfdict /.Qqwarning_issued //true .forceput
+-              } if
++              } executeonly if
+               Q
+             } repeat
+             Q
+@@ -2016,7 +2016,7 @@ currentdict /CMap_read_dict undef
+               /CIDFallBack /CIDFont findresource
+             } if
+             exit
+-          } if
++          } executeonly if
+         } if
+       } if
+ 
+diff --git a/Resource/Init/pdf_main.ps b/Resource/Init/pdf_main.ps
+index 00da47a48711..37e69b39ac98 100644
+--- a/Resource/Init/pdf_main.ps
++++ b/Resource/Init/pdf_main.ps
+@@ -2701,14 +2701,14 @@ currentdict /PDF2PS_matrix_key undef
+           pdfdict /.Qqwarning_issued //true .forceput
+           .setglobal
+           pdfformaterror
+-        } ifelse
++        } executeonly ifelse
+       }
+       {
+         currentglobal pdfdict gcheck .setglobal
+         pdfdict /.Qqwarning_issued //true .forceput
+         .setglobal
+         pdfformaterror
+-      } ifelse
++      } executeonly ifelse
+     } if
+   } if
+   pop
+diff --git a/Resource/Init/pdf_ops.ps b/Resource/Init/pdf_ops.ps
+index 8672d617f363..aa0964139a56 100644
+--- a/Resource/Init/pdf_ops.ps
++++ b/Resource/Init/pdf_ops.ps
+@@ -184,14 +184,14 @@ currentdict /gput_always_allow .undef
+         pdfdict /.Qqwarning_issued //true .forceput
+         .setglobal
+         pdfformaterror
+-      } ifelse
++      } executeonly ifelse
+     }
+     {
+       currentglobal pdfdict gcheck .setglobal
+       pdfdict /.Qqwarning_issued //true .forceput
+       .setglobal
+       pdfformaterror
+-    } ifelse
++    } executeonly ifelse
+   } if
+ } bind executeonly odef
+ 
+@@ -439,7 +439,8 @@ currentdict /gput_always_allow .undef
+   dup type /booleantype eq {
+     .currentSMask type /dicttype eq {
+       .currentSMask /Processed 2 index .forceput
+-    } {
++  } executeonly
++  {
+       .setSMask
+   }ifelse
+   }{
+-- 
+2.20.1
+

package/ghostscript/0004-Bug700317-Fix-logic-for-an-older-change.patch

@@ -0,0 +1,31 @@
+From af9a9dceb7be7df743d55c4d078a1ae846b6f556 Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Sat, 15 Dec 2018 09:08:32 +0000
+Subject: [PATCH] Bug700317: Fix logic for an older change
+
+Unlike almost every other function in gs, dict_find_string() returns 1 on
+success 0 or <0 on failure. The logic for this case was wrong.
+
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Upstream status: commit 99f13091a3
+
+ psi/interp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/psi/interp.c b/psi/interp.c
+index aa5779c51420..f6c45bbe24dc 100644
+--- a/psi/interp.c
++++ b/psi/interp.c
+@@ -703,7 +703,7 @@ again:
+                  * i.e. it's an internal operator we have hidden
+                  */
+                 code = dict_find_string(systemdict, (const char *)bufptr, &tobj);
+-                if (code < 0) {
++                if (code <= 0) {
+                     buf[0] = buf[1] = buf[rlen + 2] = buf[rlen + 3] = '-';
+                     rlen += 4;
+                     bufptr = buf;
+-- 
+2.20.1
+

package/ghostscript/0005-Harden-some-uses-of-.force-operators.patch

@@ -0,0 +1,135 @@
+From b197ea0e528c20b7ee67785c50b4e06e0aa990f8 Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Tue, 18 Dec 2018 10:42:10 +0000
+Subject: [PATCH] Harden some uses of .force* operators
+
+by adding a few immediate evalutions
+
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Upstream status: commit 59d8f4deef90
+
+ Resource/Init/gs_dps1.ps  |  4 ++--
+ Resource/Init/gs_fonts.ps | 20 ++++++++++----------
+ Resource/Init/gs_init.ps  |  6 +++---
+ 3 files changed, 15 insertions(+), 15 deletions(-)
+
+diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps
+index 4fae2839940c..b75ea14e77a3 100644
+--- a/Resource/Init/gs_dps1.ps
++++ b/Resource/Init/gs_dps1.ps
+@@ -74,7 +74,7 @@ level2dict begin
+  } odef
+ % undefinefont has to take local/global VM into account.
+ /undefinefont		% <fontname> undefinefont -
+- { .FontDirectory 1 .argindex .forceundef	% FontDirectory is readonly
++ { //.FontDirectory 1 .argindex .forceundef	% FontDirectory is readonly
+    .currentglobal
+     {		% Current mode is global; delete from local directory too.
+       //systemdict /LocalFontDirectory .knownget
+@@ -85,7 +85,7 @@ level2dict begin
+                 % definition, copy it into the local directory.
+       //systemdict /SharedFontDirectory .knownget
+        { 1 index .knownget
+-          { .FontDirectory 2 index 3 -1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse } % readonly
++          { //.FontDirectory 2 index 3 -1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse } % readonly
+          if
+        }
+       if
+diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps
+index 290da0cd6819..c13a2fcc2d43 100644
+--- a/Resource/Init/gs_fonts.ps
++++ b/Resource/Init/gs_fonts.ps
+@@ -516,7 +516,7 @@ buildfontdict 3 /.buildfont3 cvx put
+       if
+     }
+    if
+-   dup .FontDirectory 4 -2 roll { .growput } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse	% readonly
++   dup //.FontDirectory 4 -2 roll { .growput } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse	% readonly
+                 % If the font originated as a resource, register it.
+    currentfile .currentresourcefile eq { dup .registerfont } if
+    readonly
+@@ -943,7 +943,7 @@ $error /SubstituteFont { } put
+ % Try to find a font using only the present contents of Fontmap.
+ /.tryfindfont {         % <fontname> .tryfindfont <font> true
+                         % <fontname> .tryfindfont false
+-  .FontDirectory 1 index .fontknownget
++  //.FontDirectory 1 index .fontknownget
+     {                   % Already loaded
+       exch pop //true
+     }
+@@ -975,7 +975,7 @@ $error /SubstituteFont { } put
+                {                % Font with a procedural definition
+                  exec           % The procedure will load the font.
+                                 % Check to make sure this really happened.
+-                 .FontDirectory 1 index .knownget
++                 //.FontDirectory 1 index .knownget
+                   { exch pop //true exit }
+                  if
+                }
+@@ -1081,11 +1081,11 @@ $error /SubstituteFont { } put
+                 % because it's different depending on language level.
+            .currentglobal exch /.setglobal .systemvar exec
+                 % Remove the fake definition, if any.
+-           .FontDirectory 3 index .forceundef		% readonly
+-           1 index (r) file .loadfont .FontDirectory exch
++           //.FontDirectory 3 index .forceundef		% readonly
++           1 index (r) file .loadfont //.FontDirectory exch
+            /.setglobal .systemvar exec
+          } executeonly
+-         { .loadfont .FontDirectory
++         { .loadfont //.FontDirectory
+          }
+         ifelse
+                 % Stack: fontname fontfilename fontdirectory
+@@ -1119,8 +1119,8 @@ $error /SubstituteFont { } put
+                       % Stack: origfontname fontdirectory filefontname fontdict
+               3 -1 roll pop
+                       % Stack: origfontname filefontname fontdict
+-              dup /FontName get dup FontDirectory exch .forceundef
+-              GlobalFontDirectory exch .forceundef
++              dup /FontName get dup //.FontDirectory exch .forceundef
++              /GlobalFontDirectory .systemvar exch .forceundef
+               dup length dict .copydict dup 3 index /FontName exch put
+               2 index exch definefont
+               exch
+@@ -1176,10 +1176,10 @@ currentdict /.putgstringcopy .undef
+       {
+         {
+           pop dup type /stringtype eq { cvn } if
+-          .FontDirectory 1 index known not {
++          //.FontDirectory 1 index known not {
+             2 dict dup /FontName 3 index put
+             dup /FontType 1 put
+-            .FontDirectory 3 1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse   % readonly
++            //.FontDirectory 3 1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse   % readonly
+           } {
+             pop
+           } ifelse
+diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
+index 56c0bd268b53..d9a0829f7f97 100644
+--- a/Resource/Init/gs_init.ps
++++ b/Resource/Init/gs_init.ps
+@@ -1168,8 +1168,8 @@ errordict /unknownerror .undef
+     }ifelse
+   }forall
+   noaccess pop
+-  systemdict /.setsafeerrors .forceundef
+-  systemdict /.SAFERERRORLIST .forceundef
++  //systemdict /.setsafeerrors .forceundef
++  //systemdict /.SAFERERRORLIST .forceundef
+ } bind executeonly odef
+ 
+ SAFERERRORS {.setsafererrors} if
+@@ -2114,7 +2114,7 @@ currentdict /tempfilepaths undef
+ 
+ /.locksafe {
+   .locksafe_userparams
+-  systemdict /getenv {pop //false} .forceput
++  //systemdict /getenv {pop //false} .forceput
+   % setpagedevice has the side effect of clearing the page, but
+   % we will just document that. Using setpagedevice keeps the device
+   % properties and pagedevice .LockSafetyParams in agreement even
+-- 
+2.20.1
+

package/ghostscript/0006-Undefine-a-bunch-of-gs_fonts.ps-specific-procs.patch

@@ -0,0 +1,587 @@
+From 5628be1c41d23298aa5fce2f6dd48e2eb81f4be1 Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Wed, 9 Jan 2019 14:24:07 +0000
+Subject: [PATCH] Undefine a bunch of gs_fonts.ps specific procs
+
+Also reorder and add some immediate evaluation, so it still works with the
+undefining.
+
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Upstream status: commit 2768d1a6dddb
+
+ Resource/Init/gs_dps1.ps  |   3 +-
+ Resource/Init/gs_fonts.ps | 275 +++++++++++++++++++++-----------------
+ Resource/Init/gs_res.ps   |   6 +-
+ 3 files changed, 156 insertions(+), 128 deletions(-)
+
+diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps
+index b75ea14e77a3..8700c8cb304b 100644
+--- a/Resource/Init/gs_dps1.ps
++++ b/Resource/Init/gs_dps1.ps
+@@ -67,7 +67,8 @@ level2dict begin
+ 
+ /selectfont		% <fontname> <size> selectfont -
+  {
+-   { 1 .argindex findfont
++   {
++     1 .argindex findfont
+      1 index dup type /arraytype eq { makefont } { scalefont } ifelse
+      setfont pop pop
+    } stopped { /selectfont .systemvar $error /errorname get signalerror } if
+diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps
+index c13a2fcc2d43..056223544340 100644
+--- a/Resource/Init/gs_fonts.ps
++++ b/Resource/Init/gs_fonts.ps
+@@ -100,7 +100,7 @@ userdict /.nativeFontmap .FontDirectory maxlength dict put
+        { 2 index token not
+           { (Fontmap entry for ) print 1 index =only
+             ( ends prematurely!  Giving up.) = flush
+-            {.loadFontmap} 0 get 1 .quit
++            {//.loadFontmap exec} 0 get 1 .quit
+           } if
+          dup /; eq { pop 3 index 3 1 roll .growput exit } if
+          pop
+@@ -202,6 +202,14 @@ NOFONTPATH { /FONTPATH () def } if
+  { pop }
+  { /FONTPATH (GS_FONTPATH) getenv not { () } if def }
+ ifelse
++
++% The following are dummy definitions that, if we have a FONTPATH, will
++% be replaced in the following section.
++% They are here so immediately evaulation will work, and allow them to
++% undefined at the bottom of the file.
++/.scanfontbegin{} bind def
++/.scanfontdir {} bind def
++
+ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
+ /FONTPATH [ FONTPATH .pathlist ] def
+ 
+@@ -242,12 +250,12 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
+ /.scanfontbegin
+  {      % Construct the table of all file names already in Fontmap.
+    currentglobal //true setglobal
+-   .scanfontdict dup maxlength Fontmap length 2 add .max .setmaxlength
++   //.scanfontdict dup maxlength Fontmap length 2 add .max .setmaxlength
+    Fontmap
+     { exch pop
+        { dup type /stringtype eq
+-          { .splitfilename pop .fonttempstring copy .lowerstring cvn
+-            .scanfontdict exch //true put
++          { //.splitfilename exec pop //.fonttempstring copy //.lowerstring exec cvn
++            //.scanfontdict exch //true put
+           }
+           { pop
+           }
+@@ -280,9 +288,9 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
+   /txt //true
+ .dicttomark def
+ /.scan1fontstring 8192 string def
+-% %%BeginFont: is not per Adobe documentation, but a few fonts have it.
++% BeginFont: is not per Adobe documentation, but a few fonts have it.
+ /.scanfontheaders [(%!PS-Adobe*) (%!FontType*) (%%BeginFont:*)] def
+-0 .scanfontheaders { length .max } forall 6 add % extra for PFB header
++0 //.scanfontheaders { length .max } forall 6 add % extra for PFB header
+ /.scan1fontfirst exch string def
+ /.scanfontdir           % <dirname> .scanfontdir -
+  { currentglobal exch //true setglobal
+@@ -291,10 +299,10 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
+    0 0 0 4 -1 roll      % found scanned files
+     {           % stack: <fontcount> <scancount> <filecount> <filename>
+       exch 1 add exch                   % increment filecount
+-      dup .splitfilename .fonttempstring copy .lowerstring
++      dup //.splitfilename exec //.fonttempstring copy //.lowerstring exec
+                 % stack: <fontcount> <scancount> <filecount+1> <filename>
+                 %       <BASE> <ext>
+-      .scanfontskip exch known exch .scanfontdict exch known or
++      //.scanfontskip exch known exch //.scanfontdict exch known or
+        { pop
+                 % stack: <fontcount> <scancount> <filecount+1>
+        }
+@@ -309,7 +317,7 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
+                 % On some platforms, the file operator will open directories,
+                 % but an error will occur if we try to read from one.
+                 % Handle this possibility here.
+-            dup .scan1fontfirst { readstring } .internalstopped
++            dup //.scan1fontfirst { readstring } .internalstopped
+              { pop pop () }
+              { pop }
+             ifelse
+@@ -322,7 +330,7 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
+           { dup length 6 sub 6 exch getinterval }
+          if
+                 % Check for font file headers.
+-         //false .scanfontheaders
++         //false //.scanfontheaders
+           { 2 index exch .stringmatch or
+           }
+          forall exch pop
+@@ -335,7 +343,7 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
+                 { exch copystring exch
+                   DEBUG { ( ) print dup =only flush } if
+                   1 index .definenativefontmap
+-                  .splitfilename pop //true .scanfontdict 3 1 roll .growput
++                  //.splitfilename exec pop //true //.scanfontdict 3 1 roll .growput
+                         % Increment fontcount.
+                   3 -1 roll 1 add 3 1 roll
+                 }
+@@ -352,7 +360,7 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
+        }
+       ifelse
+     }
+-   .scan1fontstring filenameforall
++   //.scan1fontstring filenameforall
+    QUIET
+     { pop pop pop }
+     { ( ) print =only ( files, ) print =only ( scanned, ) print
+@@ -422,7 +430,6 @@ systemdict /NONATIVEFONTMAP known .setnativefontmapbuilt
+     //true .setnativefontmapbuilt
+   } ifelse
+ } bind def
+-currentdict /.setnativefontmapbuilt .forceundef
+ 
+ % Create the dictionary that registers the .buildfont procedure
+ % (called by definefont) for each FontType.
+@@ -526,7 +533,8 @@ buildfontdict 3 /.buildfont3 cvx put
+ % We use this only for explicitly aliased fonts, not substituted fonts:
+ % we think this matches the observed behavior of Adobe interpreters.
+ /.aliasfont             % <name> <font> .aliasfont <newFont>
+- { .currentglobal 3 1 roll dup .gcheck .setglobal
++ {
++   currentglobal 3 1 roll dup gcheck setglobal
+                              % <bool> <name> <font>
+    dup length 2 add dict     % <bool> <name> <font> <dict>
+    dup 3 -1 roll             % <bool> <name> <dict> <dict> <font>
+@@ -541,7 +549,7 @@ buildfontdict 3 /.buildfont3 cvx put
+                 % whose FontName is a local non-string, if someone passed a
+                 % garbage value to findfont.  In this case, just don't
+                 % call definefont at all.
+-   2 index dup type /stringtype eq exch .gcheck or 1 index .gcheck not or
++    2 index dup type /stringtype eq exch gcheck or 1 index gcheck not or
+     { pop                              % <bool> <name> <dict>
+       1 index dup type /stringtype eq { cvn } if
+                                        % <bool> <name> <dict> <name1>
+@@ -566,10 +574,11 @@ buildfontdict 3 /.buildfont3 cvx put
+                 % Don't bind in definefont, since Level 2 redefines it.
+       /definefont .systemvar exec
+     }
+-    { /findfont cvx {.completefont} .errorexec pop exch pop
++    {
++      /findfont cvx {.completefont} //.errorexec exec pop exch pop
+     }
+    ifelse
+-   exch .setglobal
++   exch setglobal
+  } odef         % so findfont will bind it
+ 
+ % Define .loadfontfile for loading a font.  If we recognize Type 1 and/or
+@@ -669,10 +678,19 @@ buildfontdict 3 /.buildfont3 cvx put
+   [(Cn) 4] [(Cond) 4] [(Narrow) 4] [(Pkg) 4] [(Compr) 4]
+   [(Serif) 8] [(Sans) -8]
+ ] readonly def
++
++/.fontnamestring {              % <fontname> .fontnamestring <string|name>
++  dup type dup /nametype eq {
++    pop .namestring
++  } {
++    /stringtype ne { pop () } if
++  } ifelse
++} bind def
++
+ /.fontnameproperties {          % <int> <string|name> .fontnameproperties
+                                 %   <int'>
+-  .fontnamestring
+-  .substituteproperties {
++  //.fontnamestring exec
++  //.substituteproperties {
+     2 copy 0 get search {
+       pop pop pop dup length 1 sub 1 exch getinterval 3 -1 roll exch {
+         dup 0 ge { or } { neg not and } ifelse
+@@ -710,13 +728,7 @@ buildfontdict 3 /.buildfont3 cvx put
+                                 % <other> .nametostring <other>
+   dup type /nametype eq { .namestring } if
+ } bind def
+-/.fontnamestring {              % <fontname> .fontnamestring <string|name>
+-  dup type dup /nametype eq {
+-    pop .namestring
+-  } {
+-    /stringtype ne { pop () } if
+-  } ifelse
+-} bind def
++
+ /.substitutefontname {          % <fontname> <properties> .substitutefontname
+                                 %   <altname|null>
+         % Look for properties and/or a face name in the font name.
+@@ -724,7 +736,7 @@ buildfontdict 3 /.buildfont3 cvx put
+         % base font; otherwise, use the default font.
+         % Note that the "substituted" font name may be the same as
+         % the requested one; the caller must check this.
+-  exch .fontnamestring {
++  exch //.fontnamestring exec {
+     defaultfontname /Helvetica-Oblique /Helvetica-Bold /Helvetica-BoldOblique
+     /Helvetica-Narrow /Helvetica-Narrow-Oblique
+     /Helvetica-Narrow-Bold /Helvetica-Narrow-BoldOblique
+@@ -734,12 +746,12 @@ buildfontdict 3 /.buildfont3 cvx put
+   } 3 1 roll
+         % Stack: facelist properties fontname
+         % Look for a face name.
+-  .substitutefaces {
++  //.substitutefaces {
+     2 copy 0 get search {
+       pop pop pop
+         % Stack: facelist properties fontname [(pattern) family properties]
+       dup 2 get 4 -1 roll or 3 1 roll
+-      1 get .substitutefamilies exch get
++      1 get //.substitutefamilies exch get
+       4 -1 roll pop 3 1 roll
+     } {
+       pop pop
+@@ -748,7 +760,7 @@ buildfontdict 3 /.buildfont3 cvx put
+   1 index length mod get exec
+ } bind def
+ /.substitutefont {              % <fontname> .substitutefont <altname>
+-  dup 0 exch .fontnameproperties .substitutefontname
++  dup 0 exch //.fontnameproperties exec .substitutefontname
+         % Only accept fonts known in the Fontmap.
+    Fontmap 1 index known not
+    {
+@@ -814,7 +826,7 @@ FAKEFONTS not { (%END FAKEFONTS) .skipeof } if
+   counttomark 1 sub { .aliasfont } repeat end
+                       % <fontname> mark <font>
+   exch pop exch pop
+-} odef
++} bind odef
+ /findfont {
+   .findfont
+ } bind def
+@@ -860,7 +872,7 @@ FAKEFONTS not { (%END FAKEFONTS) .skipeof } if
+       } {
+         dup .substitutefont
+         2 copy eq { pop defaultfontname } if
+-        .checkalias
++        //.checkalias exec
+         QUIET not {
+           SHORTERRORS {
+             (%%[) print 1 index =only
+@@ -886,8 +898,8 @@ $error /SubstituteFont { } put
+   //null 0 1 FONTPATH length 1 sub {
+     FONTPATH 1 index get //null ne { exch pop exit } if pop
+   } for dup //null ne {
+-    dup 0 eq { .scanfontbegin } if
+-    FONTPATH 1 index get .scanfontdir
++    dup 0 eq { //.scanfontbegin exec} if
++    FONTPATH 1 index get //.scanfontdir exec
+     FONTPATH exch //null put //true
+   } {
+     pop //false
+@@ -897,11 +909,10 @@ $error /SubstituteFont { } put
+ % scanning of FONTPATH.
+ /.dofindfont {   %  mark <fontname> .dofindfont % mark <alias> ... <font>
+   .tryfindfont not {
+-
+                         % We didn't find the font.  If we haven't scanned
+                         % all the directories in FONTPATH, scan the next one
+                         % now and look for the font again.
+-    .scannextfontdir {
++    //.scannextfontdir exec {
+                         % Start over with an empty alias list.
+       counttomark 1 sub { pop } repeat    % mark <fontname>
+       .dofindfont
+@@ -927,6 +938,7 @@ $error /SubstituteFont { } put
+         } if
+                         % Substitute for the font.  Don't alias.
+                         % Same stack as at the beginning of .dofindfont.
++
+         $error /SubstituteFont get exec
+                          %
+                          % igorm: I guess the surrounding code assumes that .stdsubstfont
+@@ -935,72 +947,11 @@ $error /SubstituteFont { } put
+                          % used in .dofindfont and through .stdsubstfont
+                          % just to represent a simple iteration,
+                          % which accumulates the aliases after the mark.
+-        .stdsubstfont
++        //.stdsubstfont exec
+       } ifelse
+     } ifelse
+   } if
+ } bind def
+-% Try to find a font using only the present contents of Fontmap.
+-/.tryfindfont {         % <fontname> .tryfindfont <font> true
+-                        % <fontname> .tryfindfont false
+-  //.FontDirectory 1 index .fontknownget
+-    {                   % Already loaded
+-      exch pop //true
+-    }
+-    {
+-       dup Fontmap exch .knownget
+-       { //true //true }
+-       {                % Unknown font name.  Look for a file with the
+-                        % same name as the requested font.
+-         dup .tryloadfont
+-         { exch pop //true //false }
+-         {
+-           % if we can't load by name check the native font map
+-           dup .nativeFontmap exch .knownget
+-           { //true //true }
+-           { //false //false } ifelse
+-         } ifelse
+-       } ifelse
+-
+-       {                % Try each element of the Fontmap in turn.
+-         pop
+-         //false exch   % (in case we exhaust the list)
+-                        % Stack: fontname false fontmaplist
+-         { exch pop
+-           dup type /nametype eq
+-            {                   % Font alias
+-              .checkalias .tryfindfont exit
+-            }
+-            { dup dup type dup /arraytype eq exch /packedarraytype eq or exch xcheck and
+-               {                % Font with a procedural definition
+-                 exec           % The procedure will load the font.
+-                                % Check to make sure this really happened.
+-                 //.FontDirectory 1 index .knownget
+-                  { exch pop //true exit }
+-                 if
+-               }
+-               {                % Font file name
+-                 //true .loadfontloop { //true exit } if
+-               }
+-              ifelse
+-            }
+-           ifelse //false
+-         }
+-         forall
+-                        % Stack: font true -or- fontname false
+-         { //true
+-         }
+-         {                      % None of the Fontmap entries worked.
+-                                % Try loading a file with the same name
+-                                % as the requested font.
+-           .tryloadfont
+-         }
+-        ifelse
+-       }
+-      if
+-    }
+-   ifelse
+- } bind def
+ 
+ % any user of .putgstringcopy must use bind and executeonly
+ /.putgstringcopy  %   <dict> <name> <string> .putgstringcopy -
+@@ -1014,25 +965,6 @@ $error /SubstituteFont { } put
+   } executeonly ifelse
+ } .bind executeonly odef % must be bound and hidden for .forceput
+ 
+-% Attempt to load a font from a file.
+-/.tryloadfont {         % <fontname> .tryloadfont <font> true
+-                        % <fontname> .tryloadfont false
+-  dup .nametostring
+-                % Hack: check for the presence of the resource machinery.
+-  /.genericrfn where {
+-    pop
+-    pop dup .fonttempstring /FontResourceDir getsystemparam .genericrfn
+-    {//false .loadfontloop} .internalstopped {//false} if {
+-      //true
+-    } {
+-      dup .nametostring
+-      {//true .loadfontloop} .internalstopped {//false} if
+-    } ifelse
+-  } {
+-    {//true .loadfontloop} .internalstopped {//false} if
+-  } ifelse
+-} bind def
+-
+ /.loadfontloop {        % <fontname> <filename> <libflag> .loadfontloop
+                         %   <font> true
+                         % -or-
+@@ -1102,7 +1034,7 @@ $error /SubstituteFont { } put
+          } if
+ 
+                 % Check to make sure the font was actually loaded.
+-        dup 3 index .fontknownget
++        dup 3 index //.fontknownget exec
+          { dup /PathLoad 4 index .putgstringcopy
+            4 1 roll pop pop pop //true exit
+          } executeonly if
+@@ -1113,7 +1045,7 @@ $error /SubstituteFont { } put
+         exch dup      % Stack: origfontname fontdirectory path path
+         (r) file .findfontname
+          {            % Stack: origfontname fontdirectory path filefontname
+-           2 index 1 index .fontknownget
++           2 index 1 index //.fontknownget exec
+             {   % Yes.  Stack: origfontname fontdirectory path filefontname fontdict
+               dup 4 -1 roll /PathLoad exch .putgstringcopy
+                       % Stack: origfontname fontdirectory filefontname fontdict
+@@ -1136,7 +1068,7 @@ $error /SubstituteFont { } put
+                       % Stack: fontdict
+             } executeonly
+            if pop % Stack: origfontname fontdirectory path
+-         }
++         } executeonly
+         if pop pop  % Stack: origfontname
+ 
+                 % The font definitely did not load correctly.
+@@ -1150,7 +1082,87 @@ $error /SubstituteFont { } put
+ 
+  } bind executeonly odef % must be bound and hidden for .putgstringcopy
+ 
+-currentdict /.putgstringcopy .undef
++% Attempt to load a font from a file.
++/.tryloadfont {         % <fontname> .tryloadfont <font> true
++                        % <fontname> .tryloadfont false
++  dup //.nametostring exec
++                % Hack: check for the presence of the resource machinery.
++  /.genericrfn where {
++    pop
++    pop dup //.fonttempstring /FontResourceDir getsystemparam .genericrfn
++    {//false .loadfontloop} .internalstopped {//false} if {
++      //true
++    } {
++      dup //.nametostring exec
++      {//true .loadfontloop} .internalstopped {//false} if
++    } ifelse
++  } {
++    {//true .loadfontloop} .internalstopped {//false} if
++  } ifelse
++} bind def
++
++% Try to find a font using only the present contents of Fontmap.
++/.tryfindfont {         % <fontname> .tryfindfont <font> true
++                        % <fontname> .tryfindfont false
++  //.FontDirectory 1 index //.fontknownget exec
++    {                   % Already loaded
++      exch pop //true
++    }
++    {
++       dup Fontmap exch .knownget
++       { //true //true }
++       {                % Unknown font name.  Look for a file with the
++                        % same name as the requested font.
++         dup //.tryloadfont exec
++         { exch pop //true //false }
++         {
++           % if we can't load by name check the native font map
++           dup .nativeFontmap exch .knownget
++           { //true //true }
++           { //false //false } ifelse
++         } ifelse
++       } ifelse
++
++       {                % Try each element of the Fontmap in turn.
++         pop
++         //false exch   % (in case we exhaust the list)
++                        % Stack: fontname false fontmaplist
++         { exch pop
++           dup type /nametype eq
++            {                   % Font alias
++              //.checkalias exec
++              .tryfindfont exit
++            }
++            { dup dup type dup /arraytype eq exch /packedarraytype eq or exch xcheck and
++               {                % Font with a procedural definition
++                 exec           % The procedure will load the font.
++                                % Check to make sure this really happened.
++                 //.FontDirectory 1 index .knownget
++                  { exch pop //true exit }
++                 if
++               }
++               {                % Font file name
++                 //true .loadfontloop { //true exit } if
++               }
++              ifelse
++            }
++           ifelse //false
++         }
++         forall
++                        % Stack: font true -or- fontname false
++         { //true
++         }
++         {                      % None of the Fontmap entries worked.
++                                % Try loading a file with the same name
++                                % as the requested font.
++           //.tryloadfont exec
++         }
++        ifelse
++       }
++      if
++    }
++   ifelse
++ } bind def
+ 
+ % Define a procedure to load all known fonts.
+ % This isn't likely to be very useful.
+@@ -1192,9 +1204,9 @@ FAKEFONTS { exch } if pop def   % don't bind, .current/setglobal get redefined
+ /.loadinitialfonts
+  { NOFONTMAP not
+     { /FONTMAP where
+-          { pop [ FONTMAP .pathlist ]
++          { pop [ FONTMAP //.pathlist exec]
+              { dup VMDEBUG findlibfile
+-                { exch pop .loadFontmap }
++                { exch pop //.loadFontmap exec }
+                 { /undefinedfilename signalerror }
+                ifelse
+              }
+@@ -1208,7 +1220,7 @@ FAKEFONTS { exch } if pop def   % don't bind, .current/setglobal get redefined
+                    pop pop
+                    defaultfontmap_content { .definefontmap } forall
+                  } {
+-                   .loadFontmap
++                   //.loadFontmap exec
+                  } ifelse
+                } {
+                  pop pop
+@@ -1272,3 +1284,18 @@ FAKEFONTS { exch } if pop def   % don't bind, .current/setglobal get redefined
+  { .makemodifiedfont
+    dup /FontName get exch definefont pop
+  } bind def
++
++% Undef these, not needed outside this file
++[
++ % /.fonttempstring /.scannextfontdir - are also used in gs_res.ps, so are undefined there
++ % /.fontnameproperties - is used in pdf_font.ps
++ % /.scanfontheaders - used in gs_cff.ps, gs_ttf.ps
++ /.loadfontloop /.tryloadfont /.findfont /.pathlist /.loadFontmap /.lowerstring
++ /.splitfilename /.scanfontdict /.scanfontbegin
++ /.scanfontskip /.scan1fontstring
++ /.scan1fontfirst /.scanfontdir
++ /.setnativefontmapbuilt /.aliasfont
++ /.setloadingfont /.substitutefaces /.substituteproperties /.substitutefamilies
++ /.nametostring /.fontnamestring /.checkalias /.fontknownget /.stdsubstfont
++ /.putgstringcopy
++] {systemdict exch .forceundef} forall
+diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps
+index d9b34599e7c2..fd7eaf953ae9 100644
+--- a/Resource/Init/gs_res.ps
++++ b/Resource/Init/gs_res.ps
+@@ -961,7 +961,7 @@ userdict /.localcsdefaults //false put
+     dup type /nametype eq { .namestring } if
+     dup type /stringtype ne { //false exit } if
+                 % Check the resource directory.
+-    dup .fonttempstring /FontResourceDir getsystemparam .genericrfn
++    dup //.fonttempstring /FontResourceDir getsystemparam .genericrfn
+     status {
+       pop pop pop pop //true exit
+     } if
+@@ -969,7 +969,7 @@ userdict /.localcsdefaults //false put
+                 % as the font.
+     findlibfile { closefile //true exit } if
+                 % Scan a FONTPATH directory and try again.
+-    .scannextfontdir not { //false exit } if
++    //.scannextfontdir exec not { //false exit } if
+   } loop
+ } bind def
+ 
+@@ -1008,7 +1008,7 @@ currentdict /.fontstatusaux .undef
+         } ifelse
+ } bind executeonly
+ /ResourceForAll {
+-        { .scannextfontdir not { exit } if } loop
++        { //.scannextfontdir exec not { exit } if } loop
+         /Generic /Category findresource /ResourceForAll get exec
+ } bind executeonly
+ /.ResourceFileStatus {
+-- 
+2.20.1
+

package/ghostscript/0007-Remove-.forcedef-and-harden-.force-ops-more.patch

@@ -0,0 +1,345 @@
+From ba2336b3b1ca5cfe1e67dbe37a084c9644a65ac7 Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Fri, 11 Jan 2019 13:36:36 +0000
+Subject: [PATCH] Remove .forcedef, and harden .force* ops more
+
+Remove .forcedef and replace all uses with a direct call to .forceput instead.
+
+Ensure every procedure (named and trasient) that calls .forceput is
+executeonly.
+
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Upstream status: commit 49c8092da88e
+
+ Resource/Init/gs_dps1.ps  | 15 +++++++-----
+ Resource/Init/gs_init.ps  | 28 ++++++++-------------
+ Resource/Init/gs_lev2.ps  | 51 +++++++++++++++++++--------------------
+ Resource/Init/gs_ll3.ps   |  5 ++--
+ Resource/Init/gs_res.ps   | 29 +++++++++++-----------
+ Resource/Init/gs_statd.ps |  4 +--
+ 6 files changed, 63 insertions(+), 69 deletions(-)
+
+diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps
+index 8700c8cb304b..3d2cf7a1ad01 100644
+--- a/Resource/Init/gs_dps1.ps
++++ b/Resource/Init/gs_dps1.ps
+@@ -33,14 +33,17 @@ systemdict begin
+ 
+ /SharedFontDirectory .FontDirectory .gcheck
+  { .currentglobal //false .setglobal
++   currentdict
+    /LocalFontDirectory .FontDirectory dup maxlength dict copy
+-   .forcedef	% LocalFontDirectory is local, systemdict is global
++   .forceput	% LocalFontDirectory is local, systemdict is global
+    .setglobal .FontDirectory
+- }
+- { /LocalFontDirectory .FontDirectory
+-   .forcedef	% LocalFontDirectory is local, systemdict is global
++ } executeonly
++ {
++   currentdict
++   /LocalFontDirectory .FontDirectory
++   .forceput	% LocalFontDirectory is local, systemdict is global
+    50 dict
+- }
++ }executeonly
+ ifelse def
+ 
+ end				% systemdict
+@@ -55,7 +58,7 @@ level2dict begin
+     { //SharedFontDirectory }
+     { /LocalFontDirectory .systemvar }	% can't embed ref to local VM
+    ifelse .forceput pop	% LocalFontDirectory is local, systemdict is global
+- } .bind odef
++ } .bind executeonly odef
+ % Don't just copy (load) the definition of .setglobal:
+ % it gets redefined for LL3.
+ /setshared { /.setglobal .systemvar exec } odef
+diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
+index d9a0829f7f97..45bebf479bae 100644
+--- a/Resource/Init/gs_init.ps
++++ b/Resource/Init/gs_init.ps
+@@ -54,7 +54,7 @@ systemdict exch
+    dup /userdict
+    currentdict dup 200 .setmaxlength		% userdict
+    .forceput			% userdict is local, systemdict is global
+- }
++ } executeonly
+ if begin
+ 
+ % Define dummy local/global operators if needed.
+@@ -299,13 +299,6 @@ QUIET not { printgreeting flush } if
+   1 index exch .makeoperator def
+ } .bind def
+ 
+-% Define a special version of def for storing local objects into global
+-% dictionaries.  Like .forceput, this exists only during initialization.
+-/.forcedef {		% <key> <value> .forcedef -
+-  1 .argindex pop	% check # of args
+-  currentdict 3 1 roll .forceput
+-} .bind odef
+-
+ % Define procedures for accessing variables in systemdict and userdict
+ % regardless of the contents of the dictionary stack.
+ /.systemvar {		% <name> .systemvar <value>
+@@ -347,7 +340,7 @@ DELAYBIND
+        }
+       ifelse
+     } .bind def
+-} if
++} executeonly if
+ 
+ %**************** BACKWARD COMPATIBILITY ****************
+ /hwsizedict mark /HWSize //null .dicttomark readonly def
+@@ -655,7 +648,7 @@ currentdict /.typenames .undef
+       /ifelse .systemvar
+     ] cvx executeonly
+   exch .setglobal
+-} odef
++} executeonly odef
+ systemdict /internaldict dup .makeinternaldict .makeoperator
+ .forceput		% proc is local, systemdict is global
+ 
+@@ -1093,7 +1086,7 @@ def
+ 
+ % Define $error.  This must be in local VM.
+ .currentglobal //false .setglobal
+-/$error 40 dict .forcedef	% $error is local, systemdict is global
++currentdict /$error 40 dict .forceput	% $error is local, systemdict is global
+                 % newerror, errorname, command, errorinfo,
+                 % ostack, estack, dstack, recordstacks,
+                 % binary, globalmode,
+@@ -1112,8 +1105,8 @@ end
+ % Define errordict similarly.  It has one entry per error name,
+ %   plus handleerror.  However, some astonishingly badly written PostScript
+ %   files require it to have at least one empty slot.
+-/errordict ErrorNames length 3 add dict
+-.forcedef		% errordict is local, systemdict is global
++currentdict /errordict ErrorNames length 3 add dict
++.forceput		% errordict is local, systemdict is global
+ .setglobal		% back to global VM
+ %  gserrordict contains all the default error handling methods, but unlike
+ %  errordict it is noaccess after creation (also it is in global VM).
+@@ -1273,8 +1266,9 @@ end
+ (END PROCS) VMDEBUG
+ 
+ % Define the font directory.
++currentdict
+ /FontDirectory //false .setglobal 100 dict //true .setglobal
+-.forcedef		% FontDirectory is local, systemdict is global
++.forceput		% FontDirectory is local, systemdict is global
+ 
+ % Define the encoding dictionary.
+ /EncodingDirectory 16 dict def	% enough for Level 2 + PDF standard encodings
+@@ -2333,7 +2327,6 @@ SAFER { .setsafeglobal } if
+   //systemdict /UndefinePostScriptOperators get exec
+   //systemdict /UndefinePDFOperators get exec
+   //systemdict /.forcecopynew .forceundef	% remove temptation
+-  //systemdict /.forcedef .forceundef		% ditto
+   //systemdict /.forceput .forceundef		% ditto
+   //systemdict /.undef .forceundef		    % ditto
+   //systemdict /.forceundef .forceundef		% ditto
+@@ -2368,9 +2361,9 @@ SAFER { .setsafeglobal } if
+         % (and, if implemented, context switching).
+   .currentglobal //false .setglobal
+      mark userparams { } forall .dicttomark readonly
+-     /userparams exch .forcedef		% systemdict is read-only
++     currentdict exch /userparams exch .forceput		% systemdict is read-only
+   .setglobal
+-} if
++} executeonly if
+ /.currentsystemparams where {
+   pop
+         % Remove real system params from pssystemparams.
+@@ -2458,7 +2451,6 @@ end
+ DELAYBIND not {
+   systemdict /.bindnow .undef       % We only need this for DELAYBIND
+   systemdict /.forcecopynew .undef	% remove temptation
+-  systemdict /.forcedef .undef		% ditto
+   systemdict /.forceput .undef		% ditto
+   systemdict /.forceundef .undef	% ditto
+ } if
+diff --git a/Resource/Init/gs_lev2.ps b/Resource/Init/gs_lev2.ps
+index 0f0d57331c23..9c0c3a6fc485 100644
+--- a/Resource/Init/gs_lev2.ps
++++ b/Resource/Init/gs_lev2.ps
+@@ -304,31 +304,30 @@ end
+     psuserparams exch /.checkFilePermitparams load put
+   .setglobal
+ 
+-pssystemparams begin
+-  /CurDisplayList 0 .forcedef
+-  /CurFormCache 0 .forcedef
+-  /CurInputDevice () .forcedef
+-  /CurOutlineCache 0 .forcedef
+-  /CurOutputDevice () .forcedef
+-  /CurPatternCache 0 .forcedef
+-  /CurUPathCache 0 .forcedef
+-  /CurScreenStorage 0 .forcedef
+-  /CurSourceList 0 .forcedef
+-  /DoPrintErrors //false .forcedef
+-  /JobTimeout 0 .forcedef
+-  /LicenseID (LN-001) .forcedef     % bogus
+-  /MaxDisplayList 140000 .forcedef
+-  /MaxFormCache 100000 .forcedef
+-  /MaxImageBuffer 524288 .forcedef
+-  /MaxOutlineCache 65000 .forcedef
+-  /MaxPatternCache 100000 .forcedef
+-  /MaxUPathCache 300000 .forcedef
+-  /MaxScreenStorage 84000 .forcedef
+-  /MaxSourceList 25000 .forcedef
+-  /PrinterName product .forcedef
+-  /RamSize 4194304 .forcedef
+-  /WaitTimeout 40 .forcedef
+-end
++pssystemparams
++dup /CurDisplayList 0 .forceput
++dup /CurFormCache 0 .forceput
++dup /CurInputDevice () .forceput
++dup /CurOutlineCache 0 .forceput
++dup /CurOutputDevice () .forceput
++dup /CurPatternCache 0 .forceput
++dup /CurUPathCache 0 .forceput
++dup /CurScreenStorage 0 .forceput
++dup /CurSourceList 0 .forceput
++dup /DoPrintErrors //false .forceput
++dup /JobTimeout 0 .forceput
++dup /LicenseID (LN-001) .forceput     % bogus
++dup /MaxDisplayList 140000 .forceput
++dup /MaxFormCache 100000 .forceput
++dup /MaxImageBuffer 524288 .forceput
++dup /MaxOutlineCache 65000 .forceput
++dup /MaxPatternCache 100000 .forceput
++dup /MaxUPathCache 300000 .forceput
++dup /MaxScreenStorage 84000 .forceput
++dup /MaxSourceList 25000 .forceput
++dup /PrinterName product .forceput
++dup /RamSize 4194304 .forceput
++    /WaitTimeout 40 .forceput
+ 
+ % Define the procedures for handling comment scanning.  The names
+ % %ProcessComment and %ProcessDSCComment are known to the interpreter.
+@@ -710,7 +709,7 @@ pop		% currentsystemparams
+ /statusdict currentdict def
+ 
+ currentdict end
+-/statusdict exch .forcedef	% statusdict is local, systemdict is global
++currentdict exch /statusdict exch .forceput	% statusdict is local, systemdict is global
+ 
+ % The following compatibility operators are in systemdict.  They are
+ % defined here, rather than in gs_init.ps, because they require the
+diff --git a/Resource/Init/gs_ll3.ps b/Resource/Init/gs_ll3.ps
+index c86721f39fc0..881af44e9fd2 100644
+--- a/Resource/Init/gs_ll3.ps
++++ b/Resource/Init/gs_ll3.ps
+@@ -521,9 +521,8 @@ end
+ % Define additional user and system parameters.
+ /HalftoneMode 0 .definepsuserparam
+ /MaxSuperScreen 1016 .definepsuserparam
+-pssystemparams begin		% read-only, so use .forcedef
+-  /MaxDisplayAndSourceList 160000 .forcedef
+-end
++% read-only, so use .forceput
++pssystemparams  /MaxDisplayAndSourceList 160000 .forceput
+ 
+ % Define the IdiomSet resource category.
+ { /IdiomSet } {
+diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps
+index fd7eaf953ae9..0b4e0514b2a1 100644
+--- a/Resource/Init/gs_res.ps
++++ b/Resource/Init/gs_res.ps
+@@ -41,10 +41,10 @@ level2dict begin
+ % However, Ed Taft of Adobe says their interpreters don't implement this
+ % either, so we aren't going to worry about it for a while.
+ 
+-currentglobal //false setglobal systemdict begin
+-  /localinstancedict 5 dict
+-  .forcedef	% localinstancedict is local, systemdict is global
+-end //true setglobal
++currentglobal //false setglobal
++  systemdict /localinstancedict 5 dict
++  .forceput	% localinstancedict is local, systemdict is global
++//true setglobal
+ /.emptydict 0 dict readonly def
+ setglobal
+ 
+@@ -149,7 +149,7 @@ setglobal
+           dup [ exch 0 -1 ] exch
+           .Instances 4 2 roll put
+                 % Make the Category dictionary read-only.  We will have to
+-                % use .forceput / .forcedef later to replace the dummy,
++                % use .forceput / .forceput later to replace the dummy,
+                 % empty .Instances dictionary with the real one later.
+           readonly
+         }{
+@@ -304,7 +304,8 @@ systemdict begin
+      dup () ne {
+      .file_name_directory_separator concatstrings
+     } if
+-    2 index exch //false .file_name_combine not {
++    2 index exch //false
++    .file_name_combine not {
+       (Error: .default_resource_dir returned ) print exch print ( that can't combine with ) print =
+       /.default_resource_dir cvx /configurationerror signalerror
+     } if
+@@ -317,14 +318,14 @@ currentdict /pssystemparams known not {
+ pssystemparams begin
+   .default_resource_dir
+   /FontResourceDir (Font) .resource_dir_name
+-     readonly .forcedef	% pssys'params is r-o
++     readonly currentdict 3 1 roll .forceput	% pssys'params is r-o
+   /GenericResourceDir () .resource_dir_name
+-     readonly .forcedef	% pssys'params is r-o
++     readonly currentdict 3 1 roll .forceput	% pssys'params is r-o
+   pop % .default_resource_dir
+   /GenericResourcePathSep
+-        .file_name_separator readonly .forcedef		% pssys'params is r-o
+-  (%diskFontResourceDir) cvn (/Resource/Font/) readonly .forcedef	% pssys'params is r-o
+-  (%diskGenericResourceDir) cvn (/Resource/) readonly .forcedef	% pssys'params is r-o
++        .file_name_separator readonly currentdict 3 1 roll .forceput		% pssys'params is r-o
++  currentdict (%diskFontResourceDir) cvn (/Resource/Font/) readonly .forceput	% pssys'params is r-o
++  currentdict (%diskGenericResourceDir) cvn (/Resource/) readonly .forceput	% pssys'params is r-o
+ end
+ end
+ 
+@@ -422,8 +423,8 @@ status {
+                 .Instances dup //.emptydict eq {
+                   pop 3 dict
+                         % As noted above, Category dictionaries are read-only,
+-                        % so we have to use .forcedef here.
+-                  /.Instances 1 index .forcedef	% Category dict is read-only
++                        % so we have to use .forceput here.
++                  currentdict /.Instances 2 index .forceput	% Category dict is read-only
+                 } executeonly if
+               }
+               { .LocalInstances dup //.emptydict eq
+@@ -441,7 +442,7 @@ status {
+            { /defineresource cvx /typecheck signaloperror
+            }
+         ifelse
+-} .bind executeonly .makeoperator		% executeonly to prevent access to .forcedef
++} .bind executeonly .makeoperator		% executeonly to prevent access to .forceput
+ /UndefineResource
+         {  { dup 2 index .knownget
+               { dup 1 get 1 ge
+diff --git a/Resource/Init/gs_statd.ps b/Resource/Init/gs_statd.ps
+index 20d4c96c4f8f..b6a76590dd09 100644
+--- a/Resource/Init/gs_statd.ps
++++ b/Resource/Init/gs_statd.ps
+@@ -21,10 +21,10 @@ systemdict begin
+         % We make statusdict a little larger for Level 2 stuff.
+         % Note that it must be allocated in local VM.
+  .currentglobal //false .setglobal
+- /statusdict 91 dict .forcedef		% statusdict is local, sys'dict global
++ currentdict /statusdict 91 dict .forceput		% statusdict is local, sys'dict global
+         % To support the Level 2 job control features,
+         % serverdict must also be in local VM.
+- /serverdict 10 dict .forcedef		% serverdict is local, sys'dict global
++ currentdict /serverdict 10 dict .forceput		% serverdict is local, sys'dict global
+  .setglobal
+ end
+ 
+-- 
+2.20.1
+

package/googlefontdirectory/googlefontdirectory.mk

@@ -11,22 +11,21 @@ GOOGLEFONTDIRECTORY_FONTS = \
 	$(call qstrip,$(BR2_PACKAGE_GOOGLEFONTDIRECTORY_FONTS))
 
 ifneq ($(filter apache/%,$(GOOGLEFONTDIRECTORY_FONTS)),)
-GOOGLEFONTDIRECTORY_LICENSE += Apache-2.0
+GOOGLEFONTDIRECTORY_ALL_LICENSES += Apache-2.0
 GOOGLEFONTDIRECTORY_LICENSE_FILES += $(addsuffix /LICENSE.txt,$(filter apache/%,$(GOOGLEFONTDIRECTORY_FONTS)))
 endif
 
 ifneq ($(filter ofl/%,$(GOOGLEFONTDIRECTORY_FONTS)),)
-GOOGLEFONTDIRECTORY_LICENSE += OFL-1.1
+GOOGLEFONTDIRECTORY_ALL_LICENSES += OFL-1.1
 GOOGLEFONTDIRECTORY_LICENSE_FILES += $(addsuffix /OFL.txt,$(filter ofl/%,$(GOOGLEFONTDIRECTORY_FONTS)))
 endif
 
 ifneq ($(filter ufl/%,$(GOOGLEFONTDIRECTORY_FONTS)),)
-GOOGLEFONTDIRECTORY_LICENSE += UFL-1.1
+GOOGLEFONTDIRECTORY_ALL_LICENSES += UFL-1.1
 GOOGLEFONTDIRECTORY_LICENSE_FILES += $(addsuffix /LICENCE.txt,$(filter ufl/%,$(GOOGLEFONTDIRECTORY_FONTS)))
 endif
 
-# check-package OverriddenVariable
-GOOGLEFONTDIRECTORY_LICENSE := $(subst $(space),$(comma)$(space),$(GOOGLEFONTDIRECTORY_LICENSE))
+GOOGLEFONTDIRECTORY_LICENSE = $(subst $(space),$(comma)$(space),$(GOOGLEFONTDIRECTORY_ALL_LICENSES))
 
 define GOOGLEFONTDIRECTORY_INSTALL_TARGET_CMDS
 	$(foreach d,$(GOOGLEFONTDIRECTORY_FONTS), \

package/jpeg-turbo/0001-tjLoadImage-Fix-int-overflow-segfault-w-big-BMP.patch

@@ -0,0 +1,51 @@
+From 3d9c64e9f8aa1ee954d1d0bb3390fc894bb84da3 Mon Sep 17 00:00:00 2001
+From: DRC <information@libjpeg-turbo.org>
+Date: Tue, 1 Jan 2019 18:57:36 -0600
+Subject: [PATCH] tjLoadImage(): Fix int overflow/segfault w/big BMP
+
+Fixes #304
+
+[baruch: drop the ChangeLog.md hunk]
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Upstream status: commit 3d9c64e9f8aa
+
+ ChangeLog.md | 4 ++++
+ turbojpeg.c  | 9 ++++++---
+ 2 files changed, 10 insertions(+), 3 deletions(-)
+
+diff --git a/turbojpeg.c b/turbojpeg.c
+index 90a9ce6a0be8..3f7cd640677f 100644
+--- a/turbojpeg.c
++++ b/turbojpeg.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (C)2009-2018 D. R. Commander.  All Rights Reserved.
++ * Copyright (C)2009-2019 D. R. Commander.  All Rights Reserved.
+  *
+  * Redistribution and use in source and binary forms, with or without
+  * modification, are permitted provided that the following conditions are met:
+@@ -1960,7 +1960,8 @@ DLLEXPORT unsigned char *tjLoadImage(const char *filename, int *width,
+                                      int align, int *height, int *pixelFormat,
+                                      int flags)
+ {
+-  int retval = 0, tempc, pitch;
++  int retval = 0, tempc;
++  size_t pitch;
+   tjhandle handle = NULL;
+   tjinstance *this;
+   j_compress_ptr cinfo = NULL;
+@@ -2013,7 +2014,9 @@ DLLEXPORT unsigned char *tjLoadImage(const char *filename, int *width,
+   *pixelFormat = cs2pf[cinfo->in_color_space];
+ 
+   pitch = PAD((*width) * tjPixelSize[*pixelFormat], align);
+-  if ((dstBuf = (unsigned char *)malloc(pitch * (*height))) == NULL)
++  if ((unsigned long long)pitch * (unsigned long long)(*height) >
++      (unsigned long long)((size_t)-1) ||
++      (dstBuf = (unsigned char *)malloc(pitch * (*height))) == NULL)
+     _throwg("tjLoadImage(): Memory allocation failure");
+ 
+   if (setjmp(this->jerr.setjmp_buffer)) {
+-- 
+2.20.1
+

package/jpeg-turbo/0002-wrbmp.c-Don-t-allow-quantization-w-non-RGB-CS.patch

@@ -0,0 +1,39 @@
+From f8cca819a4fb42aafa5f70df43c45e8c416d716f Mon Sep 17 00:00:00 2001
+From: DRC <information@libjpeg-turbo.org>
+Date: Tue, 1 Jan 2019 20:32:40 -0600
+Subject: [PATCH] wrbmp.c: Don't allow quantization w/ non-RGB CS
+
+If cinfo->quantize_colors == 1, then jpeg_calc_output_dimensions() will
+set cinfo->output_components to 1, and if cinfo->out_color_space is not
+RGB (or extended RGB), hilarity will ensue.
+
+Fixes #305
+
+[baruch: drop the ChangeLog.md hunk]
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Upstream status: commit f8cca819a4
+
+ ChangeLog.md | 4 ++++
+ wrbmp.c      | 5 +++--
+ 2 files changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/wrbmp.c b/wrbmp.c
+index 4bf81426b0ef..239f64eb3c3f 100644
+--- a/wrbmp.c
++++ b/wrbmp.c
+@@ -502,8 +502,9 @@ jinit_write_bmp(j_decompress_ptr cinfo, boolean is_os2,
+       dest->pub.put_pixel_rows = put_gray_rows;
+     else
+       dest->pub.put_pixel_rows = put_pixel_rows;
+-  } else if (cinfo->out_color_space == JCS_RGB565 ||
+-             cinfo->out_color_space == JCS_CMYK) {
++  } else if (!cinfo->quantize_colors &&
++             (cinfo->out_color_space == JCS_RGB565 ||
++              cinfo->out_color_space == JCS_CMYK)) {
+     dest->pub.put_pixel_rows = put_pixel_rows;
+   } else {
+     ERREXIT(cinfo, JERR_BMP_COLORSPACE);
+-- 
+2.20.1
+

package/libarchive/0005-iso9660-Fail-when-expected-Rockridge-extensions-is-m.patch

@@ -0,0 +1,62 @@
+From 8312eaa576014cd9b965012af51bc1f967b12423 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Tue, 1 Jan 2019 17:10:49 +1100
+Subject: [PATCH] iso9660: Fail when expected Rockridge extensions is missing
+
+A corrupted or malicious ISO9660 image can cause read_CE() to loop
+forever.
+
+read_CE() calls parse_rockridge(), expecting a Rockridge extension
+to be read. However, parse_rockridge() is structured as a while
+loop starting with a sanity check, and if the sanity check fails
+before the loop has run, the function returns ARCHIVE_OK without
+advancing the position in the file. This causes read_CE() to retry
+indefinitely.
+
+Make parse_rockridge() return ARCHIVE_WARN if it didn't read an
+extension. As someone with no real knowledge of the format, this
+seems more apt than ARCHIVE_FATAL, but both the call-sites escalate
+it to a fatal error immediately anyway.
+
+Found with a combination of AFL, afl-rb (FairFuzz) and qsym.
+
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Upstream status: commit 8312eaa57601
+
+ libarchive/archive_read_support_format_iso9660.c | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/libarchive/archive_read_support_format_iso9660.c b/libarchive/archive_read_support_format_iso9660.c
+index 28acfefbba8a..bad8f1dfef3a 100644
+--- a/libarchive/archive_read_support_format_iso9660.c
++++ b/libarchive/archive_read_support_format_iso9660.c
+@@ -2102,6 +2102,7 @@ parse_rockridge(struct archive_read *a, struct file_info *file,
+     const unsigned char *p, const unsigned char *end)
+ {
+ 	struct iso9660 *iso9660;
++	int entry_seen = 0;
+ 
+ 	iso9660 = (struct iso9660 *)(a->format->data);
+ 
+@@ -2257,8 +2258,16 @@ parse_rockridge(struct archive_read *a, struct file_info *file,
+ 		}
+ 
+ 		p += p[2];
++		entry_seen = 1;
++	}
++
++	if (entry_seen)
++		return (ARCHIVE_OK);
++	else {
++		archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
++				  "Tried to parse Rockridge extensions, but none found");
++		return (ARCHIVE_WARN);
+ 	}
+-	return (ARCHIVE_OK);
+ }
+ 
+ static int
+-- 
+2.20.1
+

package/libarchive/0006-7zip-fix-crash-when-parsing-certain-archives.patch

@@ -0,0 +1,62 @@
+From 65a23f5dbee4497064e9bb467f81138a62b0dae1 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Tue, 1 Jan 2019 16:01:40 +1100
+Subject: [PATCH] 7zip: fix crash when parsing certain archives
+
+Fuzzing with CRCs disabled revealed that a call to get_uncompressed_data()
+would sometimes fail to return at least 'minimum' bytes. This can cause
+the crc32() invocation in header_bytes to read off into invalid memory.
+
+A specially crafted archive can use this to cause a crash.
+
+An ASAN trace is below, but ASAN is not required - an uninstrumented
+binary will also crash.
+
+==7719==ERROR: AddressSanitizer: SEGV on unknown address 0x631000040000 (pc 0x7fbdb3b3ec1d bp 0x7ffe77a51310 sp 0x7ffe77a51150 T0)
+==7719==The signal is caused by a READ memory access.
+    #0 0x7fbdb3b3ec1c in crc32_z (/lib/x86_64-linux-gnu/libz.so.1+0x2c1c)
+    #1 0x84f5eb in header_bytes (/tmp/libarchive/bsdtar+0x84f5eb)
+    #2 0x856156 in read_Header (/tmp/libarchive/bsdtar+0x856156)
+    #3 0x84e134 in slurp_central_directory (/tmp/libarchive/bsdtar+0x84e134)
+    #4 0x849690 in archive_read_format_7zip_read_header (/tmp/libarchive/bsdtar+0x849690)
+    #5 0x5713b7 in _archive_read_next_header2 (/tmp/libarchive/bsdtar+0x5713b7)
+    #6 0x570e63 in _archive_read_next_header (/tmp/libarchive/bsdtar+0x570e63)
+    #7 0x6f08bd in archive_read_next_header (/tmp/libarchive/bsdtar+0x6f08bd)
+    #8 0x52373f in read_archive (/tmp/libarchive/bsdtar+0x52373f)
+    #9 0x5257be in tar_mode_x (/tmp/libarchive/bsdtar+0x5257be)
+    #10 0x51daeb in main (/tmp/libarchive/bsdtar+0x51daeb)
+    #11 0x7fbdb27cab96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
+    #12 0x41dd09 in _start (/tmp/libarchive/bsdtar+0x41dd09)
+
+This was primarly done with afl and FairFuzz. Some early corpus entries
+may have been generated by qsym.
+
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Upstream status: commit 65a23f5dbee
+
+ libarchive/archive_read_support_format_7zip.c | 8 +-------
+ 1 file changed, 1 insertion(+), 7 deletions(-)
+
+diff --git a/libarchive/archive_read_support_format_7zip.c b/libarchive/archive_read_support_format_7zip.c
+index bccbf896603b..b6d1505d372e 100644
+--- a/libarchive/archive_read_support_format_7zip.c
++++ b/libarchive/archive_read_support_format_7zip.c
+@@ -2964,13 +2964,7 @@ get_uncompressed_data(struct archive_read *a, const void **buff, size_t size,
+ 	if (zip->codec == _7Z_COPY && zip->codec2 == (unsigned long)-1) {
+ 		/* Copy mode. */
+ 
+-		/*
+-		 * Note: '1' here is a performance optimization.
+-		 * Recall that the decompression layer returns a count of
+-		 * available bytes; asking for more than that forces the
+-		 * decompressor to combine reads by copying data.
+-		 */
+-		*buff = __archive_read_ahead(a, 1, &bytes_avail);
++		*buff = __archive_read_ahead(a, minimum, &bytes_avail);
+ 		if (bytes_avail <= 0) {
+ 			archive_set_error(&a->archive,
+ 			    ARCHIVE_ERRNO_FILE_FORMAT,
+-- 
+2.20.1
+

package/libupnp18/0001-configure.ac-fix-build-with-openssl.patch

@@ -0,0 +1,51 @@
+From c70d326f3ae88aa2dca903fb17a1f18d3b45a2ca Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Fri, 8 Feb 2019 16:45:32 +0100
+Subject: [PATCH] configure.ac: fix build with openssl
+
+- Add a call to PKG_CHECK_MODULES to get openssl libraries and its
+  dependencies if openssl support is enabled
+- Add OPENSSL_LIBS to libupnp.pc.in so that applications linking with
+  pupnp (such as mpd) will be able to retrieve openssl libraries
+
+Fixes:
+ - http://autobuild.buildroot.org/results/a4148e516070b79816769f3443fc24d6d8192073
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Upstream status: https://github.com/mrjimenez/pupnp/pull/105]
+---
+ configure.ac  | 5 +++++
+ libupnp.pc.in | 2 +-
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 670d363..190b30c 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -722,6 +722,11 @@ AC_COMPILE_IFELSE(
+ 			AC_MSG_ERROR([pthread_rwlock_t not available])])])
+ echo "-------------------------------------------------------------------------------"
+ 
++if test "x$enable_open_ssl" = xyes ; then
++	PKG_CHECK_MODULES(OPENSSL, libssl,
++		[LIBS="$LIBS $OPENSSL_LIBS" CFLAGS="$CFLAGS $OPENSSL_CFLAGS"],
++		[AC_MSG_ERROR([openssl not found])])
++fi
+ 
+ AC_CONFIG_FILES([
+ 	Makefile
+diff --git a/libupnp.pc.in b/libupnp.pc.in
+index bd2d7b3..54cba90 100644
+--- a/libupnp.pc.in
++++ b/libupnp.pc.in
+@@ -6,6 +6,6 @@ includedir=@includedir@
+ Name: libupnp
+ Description: Linux SDK for UPnP Devices
+ Version: @VERSION@
+-Libs: @PTHREAD_CFLAGS@ @PTHREAD_LIBS@ -L${libdir} -lupnp -lixml
++Libs: @PTHREAD_CFLAGS@ @PTHREAD_LIBS@ -L${libdir} -lupnp -lixml @OPENSSL_LIBS@
+ Cflags: @PTHREAD_CFLAGS@ -I${includedir}/upnp
+ 
+-- 
+2.14.1
+

package/libupnp18/libupnp18.mk

@@ -11,11 +11,12 @@ LIBUPNP18_CONF_ENV = ac_cv_lib_compat_ftime=no
 LIBUPNP18_INSTALL_STAGING = YES
 LIBUPNP18_LICENSE = BSD-3-Clause
 LIBUPNP18_LICENSE_FILES = COPYING
+# We're patching configure.ac
+LIBUPNP18_AUTORECONF = YES
 
 ifeq ($(BR2_PACKAGE_OPENSSL),y)
 LIBUPNP18_CONF_OPTS += --enable-open-ssl
 LIBUPNP18_DEPENDENCIES += host-pkgconf openssl
-LIBUPNP18_CONF_ENV += LIBS="`$(PKG_CONFIG_HOST_BINARY) --libs libssl libcrypto`"
 else
 LIBUPNP18_CONF_OPTS += --disable-open-ssl
 endif

package/libva-utils/0002-Fix-build-failure-when-x11-support-is-disabled.patch

@@ -0,0 +1,33 @@
+From ad66d3c202eb72ac5808f13a0489ac836dc55aac Mon Sep 17 00:00:00 2001
+From: Bernd Kuhls <bernd.kuhls@t-online.de>
+Date: Mon, 11 Feb 2019 20:31:42 +0100
+Subject: [PATCH] Fix build failure when x11 support is disabled
+
+Patch suggested on upstream bug tracker:
+https://github.com/intel/libva-utils/issues/150#issuecomment-462059528
+
+Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
+---
+ Makefile.am | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index d28175a..12da79e 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -24,10 +24,10 @@ ACLOCAL_AMFLAGS = -I m4 ${ACLOCAL_FLAGS}
+ 
+ AUTOMAKE_OPTIONS = foreign
+ 
+-SUBDIRS = common decode encode vainfo videoprocess vendor/intel vendor/intel/sfcsample
++SUBDIRS = common decode encode vainfo videoprocess vendor/intel
+ 
+ if USE_X11
+-SUBDIRS += putsurface
++SUBDIRS += putsurface vendor/intel/sfcsample
+ else
+ if USE_WAYLAND
+ SUBDIRS += putsurface
+-- 
+2.20.1
+

package/libva-utils/libva-utils.mk

@@ -10,6 +10,7 @@ LIBVA_UTILS_SITE = https://github.com/intel/libva-utils/releases/download/$(LIBV
 LIBVA_UTILS_LICENSE = MIT
 LIBVA_UTILS_LICENSE_FILES = COPYING
 # 0001-check-ssp.patch
+# 0002-Fix-build-failure-when-x11-support-is-disabled.patch
 LIBVA_UTILS_AUTORECONF = YES
 LIBVA_UTILS_DEPENDENCIES = host-pkgconf libva
 

package/libyaml/libyaml.mk

@@ -12,3 +12,4 @@ LIBYAML_LICENSE = MIT
 LIBYAML_LICENSE_FILES = LICENSE
 
 $(eval $(autotools-package))
+$(eval $(host-autotools-package))

package/mongodb/0001-ssl_manager.cpp-fix-build-with-gcc-7-and-fpermissive.patch

@@ -0,0 +1,55 @@
+From 362be06fc16a5ad0f9e9aa90cc763c5242e8e35c Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Sat, 9 Feb 2019 12:41:45 +0100
+Subject: [PATCH] ssl_manager.cpp: fix build with gcc 7 and -fpermissive
+
+Change prototype of DERToken::parse function from
+parse(ConstDataRange cdr, size_t* outLength);
+to parse(ConstDataRange cdr, uint64_t* outLength);
+
+Otherwise, we got the following error:
+
+src/mongo/util/net/ssl_manager.cpp: In static member function 'static mongo::StatusWith<mongo::{anonymous}::DERToken> mongo::{anonymous}::DERToken::parse(mongo::ConstDataRange, size_t*)':
+src/mongo/util/net/ssl_manager.cpp:575:79: error: invalid conversion from 'size_t* {aka unsigned int*}' to 'long unsigned int*' [-fpermissive]
+  if (mongoUnsignedAddOverflow64(tagAndLengthByteCount, derLength, outLength) ||
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Upstream status: https://github.com/mongodb/mongo/pull/1296]
+---
+ src/mongo/util/net/ssl_manager.cpp | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/mongo/util/net/ssl_manager.cpp b/src/mongo/util/net/ssl_manager.cpp
+index b93ebe84a4..3511eb5d99 100644
+--- a/src/mongo/util/net/ssl_manager.cpp
++++ b/src/mongo/util/net/ssl_manager.cpp
+@@ -782,7 +782,7 @@ public:
+      *
+      * Returns a DERToken which consists of the (tag, length, value) tuple.
+      */
+-    static StatusWith<DERToken> parse(ConstDataRange cdr, size_t* outLength);
++    static StatusWith<DERToken> parse(ConstDataRange cdr, uint64_t* outLength);
+ 
+ private:
+     DERType _type{DERType::EndOfContent};
+@@ -799,7 +799,7 @@ struct DataType::Handler<DERToken> {
+                        size_t length,
+                        size_t* advanced,
+                        std::ptrdiff_t debug_offset) {
+-        size_t outLength;
++        uint64_t outLength;
+ 
+         auto swPair = DERToken::parse(ConstDataRange(ptr, length), &outLength);
+ 
+@@ -844,7 +844,7 @@ StatusWith<std::string> readDERString(ConstDataRangeCursor& cdc) {
+ }
+ 
+ 
+-StatusWith<DERToken> DERToken::parse(ConstDataRange cdr, size_t* outLength) {
++StatusWith<DERToken> DERToken::parse(ConstDataRange cdr, uint64_t* outLength) {
+     const size_t kTagLength = 1;
+     const size_t kTagLengthAndInitialLengthByteLength = kTagLength + 1;
+ 
+-- 
+2.14.1
+

package/mongodb/Config.in

@@ -0,0 +1,40 @@
+# from https://docs.mongodb.com/manual/installation/#supported-platforms
+config BR2_PACKAGE_MONGODB_ARCH_SUPPORTS
+	bool
+	# ARM needs LDREX/STREX, so ARMv6+
+	default y if BR2_arm && !BR2_ARM_CPU_ARMV4 && !BR2_ARM_CPU_ARMV5
+	default y if BR2_aarch64 || BR2_powerpc64 || BR2_x86_64
+
+config BR2_PACKAGE_MONGODB
+	bool "mongodb"
+	depends on BR2_PACKAGE_MONGODB_ARCH_SUPPORTS
+	depends on BR2_TOOLCHAIN_USES_GLIBC # needs glibc malloc_usable_size
+	depends on BR2_USE_WCHAR
+	depends on BR2_TOOLCHAIN_HAS_THREADS
+	depends on BR2_INSTALL_LIBSTDCPP
+	depends on BR2_TOOLCHAIN_GCC_AT_LEAST_6
+	select BR2_PACKAGE_BOOST
+	select BR2_PACKAGE_BOOST_FILESYSTEM
+	select BR2_PACKAGE_BOOST_IOSTREAMS
+	select BR2_PACKAGE_BOOST_PROGRAM_OPTIONS
+	select BR2_PACKAGE_BOOST_SYSTEM
+	select BR2_PACKAGE_PCRE
+	select BR2_PACKAGE_SNAPPY
+	select BR2_PACKAGE_SQLITE
+	select BR2_PACKAGE_YAML_CPP
+	select BR2_PACKAGE_ZLIB
+	help
+	  MongoDB is a cross-platform document-oriented database
+	  (NoSQL).
+
+	  It uses JSON-like documents with dynamic schemas (BSON),
+	  making the integration of data in certain types of
+	  applications easier and faster.
+
+	  https://www.mongodb.org/
+
+comment "mongodb needs a glibc toolchain w/ wchar, threads, C++, gcc >= 6"
+	depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS || \
+		!BR2_INSTALL_LIBSTDCPP || !BR2_TOOLCHAIN_USES_GLIBC || \
+		!BR2_TOOLCHAIN_GCC_AT_LEAST_6
+	depends on BR2_PACKAGE_MONGODB_ARCH_SUPPORTS

package/mongodb/mongodb.hash

@@ -0,0 +1,4 @@
+# Locally computed:
+sha256 5db85f06b2a0b2ae393339a4aed1366928aaef2b46c7c32826fa87c3217dc6f7  mongodb-r4.0.6.tar.gz
+sha256 cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30  APACHE-2.0.txt
+sha256 09d99ca61eb07873d5334077acba22c33e7f7d0a9fa08c92734e0ac8430d6e27  LICENSE-Community.txt

package/mongodb/mongodb.mk

@@ -0,0 +1,92 @@
+################################################################################
+#
+# mongodb
+#
+################################################################################
+
+MONGODB_VERSION_BASE = 4.0.6
+MONGODB_VERSION = r$(MONGODB_VERSION_BASE)
+MONGODB_SITE = $(call github,mongodb,mongo,$(MONGODB_VERSION))
+
+MONGODB_LICENSE = Apache-2.0 (drivers), SSPL (database)
+MONGODB_LICENSE_FILES = APACHE-2.0.txt LICENSE-Community.txt
+
+MONGODB_DEPENDENCIES = \
+	boost \
+	host-python-cheetah \
+	host-python-pyyaml \
+	host-python-typing \
+	host-scons \
+	pcre \
+	snappy \
+	sqlite \
+	yaml-cpp \
+	zlib
+
+MONGODB_SCONS_TARGETS = mongod mongos
+
+MONGODB_SCONS_ENV = CC="$(TARGET_CC)" CXX="$(TARGET_CXX)" \
+	-j"$(PARALLEL_JOBS)"
+
+MONGODB_SCONS_OPTS = \
+	--disable-warnings-as-errors \
+	--use-system-boost \
+	--use-system-pcre \
+	--use-system-snappy \
+	--use-system-sqlite \
+	--use-system-yaml \
+	--use-system-zlib
+
+# need to pass mongo version when not building from git repo
+MONGODB_SCONS_OPTS += MONGO_VERSION=$(MONGODB_VERSION_BASE)-
+
+# WiredTiger database storage engine only supported on 64 bits
+ifeq ($(BR2_ARCH_IS_64),y)
+MONGODB_SCONS_OPTS += --wiredtiger=on
+else
+MONGODB_SCONS_OPTS += --wiredtiger=off
+endif
+
+# JavaScript scripting engine and tcmalloc supported only on
+# x86/x86-64 systems. Mongo target is a shell interface that
+# depends on the javascript engine, so it will also only be
+# built on x86/x86-64 systems.
+ifeq ($(BR2_i386)$(BR2_x86_64),y)
+MONGODB_SCONS_OPTS += --js-engine=mozjs --allocator=tcmalloc
+MONGODB_SCONS_TARGETS += mongo
+else
+MONGODB_SCONS_OPTS += --js-engine=none --allocator=system
+endif
+
+ifeq ($(BR2_PACKAGE_LIBCURL),y)
+MONGODB_DEPENDENCIES += libcurl
+MONGODB_SCONS_OPTS += --enable-free-mon=on
+else
+MONGODB_SCONS_OPTS += --enable-free-mon=off
+endif
+
+ifeq ($(BR2_PACKAGE_OPENSSL),y)
+MONGODB_DEPENDENCIES += openssl
+MONGODB_SCONS_OPTS += \
+	--ssl \
+	--ssl-provider=openssl
+endif
+
+define MONGODB_BUILD_CMDS
+	(cd $(@D); \
+		$(SCONS) \
+		$(MONGODB_SCONS_ENV) \
+		$(MONGODB_SCONS_OPTS) \
+		$(MONGODB_SCONS_TARGETS))
+endef
+
+define MONGODB_INSTALL_TARGET_CMDS
+	(cd $(@D); \
+		$(SCONS) \
+		$(MONGODB_SCONS_ENV) \
+		$(MONGODB_SCONS_OPTS) \
+		--prefix=$(TARGET_DIR)/usr \
+		install)
+endef
+
+$(eval $(generic-package))

package/openssh/0002-upstream-Sanitize-scp-filenames-via-snmprintf.-To-do.patch

@@ -0,0 +1,275 @@
+From 5979bdfeca813dd7e997a1edb0f928d77ce70304 Mon Sep 17 00:00:00 2001
+From: "dtucker@openbsd.org" <dtucker@openbsd.org>
+Date: Wed, 23 Jan 2019 08:01:46 +0000
+Subject: [PATCH] upstream: Sanitize scp filenames via snmprintf. To do this we
+ move
+
+the progressmeter formatting outside of signal handler context and have the
+atomicio callback called for EINTR too.  bz#2434 with contributions from djm
+and jjelen at redhat.com, ok djm@
+
+OpenBSD-Commit-ID: 1af61c1f70e4f3bd8ab140b9f1fa699481db57d8
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Upstream status (openssh-portable): backported from commit 8976f1c4b27
+---
+ atomicio.c      | 20 ++++++++++++++-----
+ progressmeter.c | 53 ++++++++++++++++++++++---------------------------
+ progressmeter.h |  3 ++-
+ scp.c           |  1 +
+ sftp-client.c   | 16 ++++++++-------
+ 5 files changed, 51 insertions(+), 42 deletions(-)
+
+diff --git a/atomicio.c b/atomicio.c
+index f854a06f5f50..d91bd7621c12 100644
+--- a/atomicio.c
++++ b/atomicio.c
+@@ -1,4 +1,4 @@
+-/* $OpenBSD: atomicio.c,v 1.28 2016/07/27 23:18:12 djm Exp $ */
++/* $OpenBSD: atomicio.c,v 1.29 2019/01/23 08:01:46 dtucker Exp $ */
+ /*
+  * Copyright (c) 2006 Damien Miller. All rights reserved.
+  * Copyright (c) 2005 Anil Madhavapeddy. All rights reserved.
+@@ -65,9 +65,14 @@ atomicio6(ssize_t (*f) (int, void *, size_t), int fd, void *_s, size_t n,
+ 		res = (f) (fd, s + pos, n - pos);
+ 		switch (res) {
+ 		case -1:
+-			if (errno == EINTR)
++			if (errno == EINTR) {
++				/* possible SIGALARM, update callback */
++				if (cb != NULL && cb(cb_arg, 0) == -1) {
++					errno = EINTR;
++					return pos;
++				}
+ 				continue;
+-			if (errno == EAGAIN || errno == EWOULDBLOCK) {
++			} else if (errno == EAGAIN || errno == EWOULDBLOCK) {
+ #ifndef BROKEN_READ_COMPARISON
+ 				(void)poll(&pfd, 1, -1);
+ #endif
+@@ -122,9 +127,14 @@ atomiciov6(ssize_t (*f) (int, const struct iovec *, int), int fd,
+ 		res = (f) (fd, iov, iovcnt);
+ 		switch (res) {
+ 		case -1:
+-			if (errno == EINTR)
++			if (errno == EINTR) {
++				/* possible SIGALARM, update callback */
++				if (cb != NULL && cb(cb_arg, 0) == -1) {
++					errno = EINTR;
++					return pos;
++				}
+ 				continue;
+-			if (errno == EAGAIN || errno == EWOULDBLOCK) {
++			} else if (errno == EAGAIN || errno == EWOULDBLOCK) {
+ #ifndef BROKEN_READV_COMPARISON
+ 				(void)poll(&pfd, 1, -1);
+ #endif
+diff --git a/progressmeter.c b/progressmeter.c
+index fe9bf52e4c90..add462dde500 100644
+--- a/progressmeter.c
++++ b/progressmeter.c
+@@ -1,4 +1,4 @@
+-/* $OpenBSD: progressmeter.c,v 1.45 2016/06/30 05:17:05 dtucker Exp $ */
++/* $OpenBSD: progressmeter.c,v 1.46 2019/01/23 08:01:46 dtucker Exp $ */
+ /*
+  * Copyright (c) 2003 Nils Nordman.  All rights reserved.
+  *
+@@ -31,6 +31,7 @@
+ 
+ #include <errno.h>
+ #include <signal.h>
++#include <stdarg.h>
+ #include <stdio.h>
+ #include <string.h>
+ #include <time.h>
+@@ -39,6 +40,7 @@
+ #include "progressmeter.h"
+ #include "atomicio.h"
+ #include "misc.h"
++#include "utf8.h"
+ 
+ #define DEFAULT_WINSIZE 80
+ #define MAX_WINSIZE 512
+@@ -61,7 +63,7 @@ static void setscreensize(void);
+ void refresh_progress_meter(void);
+ 
+ /* signal handler for updating the progress meter */
+-static void update_progress_meter(int);
++static void sig_alarm(int);
+ 
+ static double start;		/* start progress */
+ static double last_update;	/* last progress update */
+@@ -74,6 +76,7 @@ static long stalled;		/* how long we have been stalled */
+ static int bytes_per_second;	/* current speed in bytes per second */
+ static int win_size;		/* terminal window size */
+ static volatile sig_atomic_t win_resized; /* for window resizing */
++static volatile sig_atomic_t alarm_fired;
+ 
+ /* units for format_size */
+ static const char unit[] = " KMGT";
+@@ -126,9 +129,17 @@ refresh_progress_meter(void)
+ 	off_t bytes_left;
+ 	int cur_speed;
+ 	int hours, minutes, seconds;
+-	int i, len;
+ 	int file_len;
+ 
++	if ((!alarm_fired && !win_resized) || !can_output())
++		return;
++	alarm_fired = 0;
++
++	if (win_resized) {
++		setscreensize();
++		win_resized = 0;
++	}
++
+ 	transferred = *counter - (cur_pos ? cur_pos : start_pos);
+ 	cur_pos = *counter;
+ 	now = monotime_double();
+@@ -158,16 +169,11 @@ refresh_progress_meter(void)
+ 
+ 	/* filename */
+ 	buf[0] = '\0';
+-	file_len = win_size - 35;
++	file_len = win_size - 36;
+ 	if (file_len > 0) {
+-		len = snprintf(buf, file_len + 1, "\r%s", file);
+-		if (len < 0)
+-			len = 0;
+-		if (len >= file_len + 1)
+-			len = file_len;
+-		for (i = len; i < file_len; i++)
+-			buf[i] = ' ';
+-		buf[file_len] = '\0';
++		buf[0] = '\r';
++		snmprintf(buf+1, sizeof(buf)-1 , &file_len, "%*s",
++		    file_len * -1, file);
+ 	}
+ 
+ 	/* percent of transfer done */
+@@ -228,22 +234,11 @@ refresh_progress_meter(void)
+ 
+ /*ARGSUSED*/
+ static void
+-update_progress_meter(int ignore)
++sig_alarm(int ignore)
+ {
+-	int save_errno;
+-
+-	save_errno = errno;
+-
+-	if (win_resized) {
+-		setscreensize();
+-		win_resized = 0;
+-	}
+-	if (can_output())
+-		refresh_progress_meter();
+-
+-	signal(SIGALRM, update_progress_meter);
++	signal(SIGALRM, sig_alarm);
++	alarm_fired = 1;
+ 	alarm(UPDATE_INTERVAL);
+-	errno = save_errno;
+ }
+ 
+ void
+@@ -259,10 +254,9 @@ start_progress_meter(const char *f, off_t filesize, off_t *ctr)
+ 	bytes_per_second = 0;
+ 
+ 	setscreensize();
+-	if (can_output())
+-		refresh_progress_meter();
++	refresh_progress_meter();
+ 
+-	signal(SIGALRM, update_progress_meter);
++	signal(SIGALRM, sig_alarm);
+ 	signal(SIGWINCH, sig_winch);
+ 	alarm(UPDATE_INTERVAL);
+ }
+@@ -286,6 +280,7 @@ stop_progress_meter(void)
+ static void
+ sig_winch(int sig)
+ {
++	signal(SIGWINCH, sig_winch);
+ 	win_resized = 1;
+ }
+ 
+diff --git a/progressmeter.h b/progressmeter.h
+index bf179dca6518..8f6678060195 100644
+--- a/progressmeter.h
++++ b/progressmeter.h
+@@ -1,4 +1,4 @@
+-/* $OpenBSD: progressmeter.h,v 1.3 2015/01/14 13:54:13 djm Exp $ */
++/* $OpenBSD: progressmeter.h,v 1.4 2019/01/23 08:01:46 dtucker Exp $ */
+ /*
+  * Copyright (c) 2002 Nils Nordman.  All rights reserved.
+  *
+@@ -24,4 +24,5 @@
+  */
+ 
+ void	start_progress_meter(const char *, off_t, off_t *);
++void	refresh_progress_meter(void);
+ void	stop_progress_meter(void);
+diff --git a/scp.c b/scp.c
+index 4f3fdcd3db89..4a342a63873c 100644
+--- a/scp.c
++++ b/scp.c
+@@ -585,6 +585,7 @@ scpio(void *_cnt, size_t s)
+ 	off_t *cnt = (off_t *)_cnt;
+ 
+ 	*cnt += s;
++	refresh_progress_meter();
+ 	if (limit_kbps > 0)
+ 		bandwidth_limit(&bwlimit, s);
+ 	return 0;
+diff --git a/sftp-client.c b/sftp-client.c
+index 4986d6d8d291..2bc698f868bc 100644
+--- a/sftp-client.c
++++ b/sftp-client.c
+@@ -101,7 +101,9 @@ sftpio(void *_bwlimit, size_t amount)
+ {
+ 	struct bwlimit *bwlimit = (struct bwlimit *)_bwlimit;
+ 
+-	bandwidth_limit(bwlimit, amount);
++	refresh_progress_meter();
++	if (bwlimit != NULL)
++		bandwidth_limit(bwlimit, amount);
+ 	return 0;
+ }
+ 
+@@ -121,8 +123,8 @@ send_msg(struct sftp_conn *conn, struct sshbuf *m)
+ 	iov[1].iov_base = (u_char *)sshbuf_ptr(m);
+ 	iov[1].iov_len = sshbuf_len(m);
+ 
+-	if (atomiciov6(writev, conn->fd_out, iov, 2,
+-	    conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_out) !=
++	if (atomiciov6(writev, conn->fd_out, iov, 2, sftpio,
++	    conn->limit_kbps > 0 ? &conn->bwlimit_out : NULL) !=
+ 	    sshbuf_len(m) + sizeof(mlen))
+ 		fatal("Couldn't send packet: %s", strerror(errno));
+ 
+@@ -138,8 +140,8 @@ get_msg_extended(struct sftp_conn *conn, struct sshbuf *m, int initial)
+ 
+ 	if ((r = sshbuf_reserve(m, 4, &p)) != 0)
+ 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+-	if (atomicio6(read, conn->fd_in, p, 4,
+-	    conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_in) != 4) {
++	if (atomicio6(read, conn->fd_in, p, 4, sftpio,
++	    conn->limit_kbps > 0 ? &conn->bwlimit_in : NULL) != 4) {
+ 		if (errno == EPIPE || errno == ECONNRESET)
+ 			fatal("Connection closed");
+ 		else
+@@ -157,8 +159,8 @@ get_msg_extended(struct sftp_conn *conn, struct sshbuf *m, int initial)
+ 
+ 	if ((r = sshbuf_reserve(m, msg_len, &p)) != 0)
+ 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+-	if (atomicio6(read, conn->fd_in, p, msg_len,
+-	    conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_in)
++	if (atomicio6(read, conn->fd_in, p, msg_len, sftpio,
++	    conn->limit_kbps > 0 ? &conn->bwlimit_in : NULL)
+ 	    != msg_len) {
+ 		if (errno == EPIPE)
+ 			fatal("Connection closed");
+-- 
+2.20.1
+

package/openssh/0003-upstream-check-in-scp-client-that-filenames-sent-dur.patch

@@ -0,0 +1,186 @@
+From f853123eda6b279a87be48e18bbea8dec82a94f2 Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Sat, 26 Jan 2019 22:41:28 +0000
+Subject: [PATCH] upstream: check in scp client that filenames sent during
+
+remote->local directory copies satisfy the wildcard specified by the user.
+
+This checking provides some protection against a malicious server
+sending unexpected filenames, but it comes at a risk of rejecting wanted
+files due to differences between client and server wildcard expansion rules.
+
+For this reason, this also adds a new -T flag to disable the check.
+
+reported by Harry Sintonen
+fix approach suggested by markus@;
+has been in snaps for ~1wk courtesy deraadt@
+
+OpenBSD-Commit-ID: 00f44b50d2be8e321973f3c6d014260f8f7a8eda
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Upstream status (openssh-portable): backported from commit 8976f1c4b2
+---
+ scp.1 | 12 +++++++++++-
+ scp.c | 37 +++++++++++++++++++++++++++++--------
+ 2 files changed, 40 insertions(+), 9 deletions(-)
+
+diff --git a/scp.1 b/scp.1
+index 0e5cc1b2d675..397e7709195a 100644
+--- a/scp.1
++++ b/scp.1
+@@ -18,7 +18,7 @@
+ .Nd secure copy (remote file copy program)
+ .Sh SYNOPSIS
+ .Nm scp
+-.Op Fl 346BCpqrv
++.Op Fl 346BCpqrTv
+ .Op Fl c Ar cipher
+ .Op Fl F Ar ssh_config
+ .Op Fl i Ar identity_file
+@@ -208,6 +208,16 @@ to use for the encrypted connection.
+ The program must understand
+ .Xr ssh 1
+ options.
++.It Fl T
++Disable strict filename checking.
++By default when copying files from a remote host to a local directory
++.Nm
++checks that the received filenames match those requested on the command-line
++to prevent the remote end from sending unexpected or unwanted files.
++Because of differences in how various operating systems and shells interpret
++filename wildcards, these checks may cause wanted files to be rejected.
++This option disables these checks at the expense of fully trusting that
++the server will not send unexpected filenames.
+ .It Fl v
+ Verbose mode.
+ Causes
+diff --git a/scp.c b/scp.c
+index 4a342a63873c..7b0a08efb274 100644
+--- a/scp.c
++++ b/scp.c
+@@ -94,6 +94,7 @@
+ #include <dirent.h>
+ #include <errno.h>
+ #include <fcntl.h>
++#include <fnmatch.h>
+ #include <limits.h>
+ #include <locale.h>
+ #include <pwd.h>
+@@ -375,14 +376,14 @@ void verifydir(char *);
+ struct passwd *pwd;
+ uid_t userid;
+ int errs, remin, remout;
+-int pflag, iamremote, iamrecursive, targetshouldbedirectory;
++int Tflag, pflag, iamremote, iamrecursive, targetshouldbedirectory;
+ 
+ #define	CMDNEEDS	64
+ char cmd[CMDNEEDS];		/* must hold "rcp -r -p -d\0" */
+ 
+ int response(void);
+ void rsource(char *, struct stat *);
+-void sink(int, char *[]);
++void sink(int, char *[], const char *);
+ void source(int, char *[]);
+ void tolocal(int, char *[]);
+ void toremote(int, char *[]);
+@@ -421,8 +422,9 @@ main(int argc, char **argv)
+ 	addargs(&args, "-oRemoteCommand=none");
+ 	addargs(&args, "-oRequestTTY=no");
+ 
+-	fflag = tflag = 0;
+-	while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q12346S:o:F:")) != -1)
++	fflag = Tflag = tflag = 0;
++	while ((ch = getopt(argc, argv,
++	    "dfl:prtTvBCc:i:P:q12346S:o:F:")) != -1) {
+ 		switch (ch) {
+ 		/* User-visible flags. */
+ 		case '1':
+@@ -501,9 +503,13 @@ main(int argc, char **argv)
+ 			setmode(0, O_BINARY);
+ #endif
+ 			break;
++		case 'T':
++			Tflag = 1;
++			break;
+ 		default:
+ 			usage();
+ 		}
++	}
+ 	argc -= optind;
+ 	argv += optind;
+ 
+@@ -534,7 +540,7 @@ main(int argc, char **argv)
+ 	}
+ 	if (tflag) {
+ 		/* Receive data. */
+-		sink(argc, argv);
++		sink(argc, argv, NULL);
+ 		exit(errs != 0);
+ 	}
+ 	if (argc < 2)
+@@ -792,7 +798,7 @@ tolocal(int argc, char **argv)
+ 			continue;
+ 		}
+ 		free(bp);
+-		sink(1, argv + argc - 1);
++		sink(1, argv + argc - 1, src);
+ 		(void) close(remin);
+ 		remin = remout = -1;
+ 	}
+@@ -968,7 +974,7 @@ rsource(char *name, struct stat *statp)
+ 	 (sizeof(type) != 4 && sizeof(type) != 8))
+ 
+ void
+-sink(int argc, char **argv)
++sink(int argc, char **argv, const char *src)
+ {
+ 	static BUF buffer;
+ 	struct stat stb;
+@@ -984,6 +990,7 @@ sink(int argc, char **argv)
+ 	unsigned long long ull;
+ 	int setimes, targisdir, wrerrno = 0;
+ 	char ch, *cp, *np, *targ, *why, *vect[1], buf[2048], visbuf[2048];
++	char *src_copy = NULL, *restrict_pattern = NULL;
+ 	struct timeval tv[2];
+ 
+ #define	atime	tv[0]
+@@ -1008,6 +1015,17 @@ sink(int argc, char **argv)
+ 	(void) atomicio(vwrite, remout, "", 1);
+ 	if (stat(targ, &stb) == 0 && S_ISDIR(stb.st_mode))
+ 		targisdir = 1;
++	if (src != NULL && !iamrecursive && !Tflag) {
++		/*
++		 * Prepare to try to restrict incoming filenames to match
++		 * the requested destination file glob.
++		 */
++		if ((src_copy = strdup(src)) == NULL)
++			fatal("strdup failed");
++		if ((restrict_pattern = strrchr(src_copy, '/')) != NULL) {
++			*restrict_pattern++ = '\0';
++		}
++	}
+ 	for (first = 1;; first = 0) {
+ 		cp = buf;
+ 		if (atomicio(read, remin, cp, 1) != 1)
+@@ -1112,6 +1130,9 @@ sink(int argc, char **argv)
+ 			run_err("error: unexpected filename: %s", cp);
+ 			exit(1);
+ 		}
++		if (restrict_pattern != NULL &&
++		    fnmatch(restrict_pattern, cp, 0) != 0)
++			SCREWUP("filename does not match request");
+ 		if (targisdir) {
+ 			static char *namebuf;
+ 			static size_t cursize;
+@@ -1149,7 +1170,7 @@ sink(int argc, char **argv)
+ 					goto bad;
+ 			}
+ 			vect[0] = xstrdup(np);
+-			sink(1, vect);
++			sink(1, vect, src);
+ 			if (setimes) {
+ 				setimes = 0;
+ 				if (utimes(vect[0], tv) < 0)
+-- 
+2.20.1
+

package/opentracing-cpp/Config.in

@@ -2,6 +2,7 @@ config BR2_PACKAGE_OPENTRACING_CPP
 	bool "opentracing-cpp"
 	depends on BR2_INSTALL_LIBSTDCPP
 	depends on BR2_TOOLCHAIN_HAS_THREADS
+	depends on !BR2_STATIC_LIBS
 	depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_8 # C++11
 	depends on !BR2_TOOLCHAIN_HAS_GCC_BUG_64735 # exception_ptr
 	help
@@ -9,8 +10,9 @@ config BR2_PACKAGE_OPENTRACING_CPP
 
 	  http://opentracing.io
 
-comment "opentracing-cpp needs a toolchain w/ C++, threads, gcc >= 4.8"
-	depends on !BR2_INSTALL_LIBSTDCPP || !BR2_TOOLCHAIN_HAS_THREADS || !BR2_TOOLCHAIN_GCC_AT_LEAST_4_8
+comment "opentracing-cpp needs a toolchain w/ C++, threads, dynamic library, gcc >= 4.8"
+	depends on !BR2_INSTALL_LIBSTDCPP || !BR2_TOOLCHAIN_HAS_THREADS \
+		|| BR2_STATIC_LIBS || !BR2_TOOLCHAIN_GCC_AT_LEAST_4_8
 
 comment "opentracing-cpp needs exception_ptr"
 	depends on BR2_TOOLCHAIN_HAS_GCC_BUG_64735

package/python-pyyaml/python-pyyaml.mk

@@ -11,5 +11,7 @@ PYTHON_PYYAML_SETUP_TYPE = distutils
 PYTHON_PYYAML_LICENSE = MIT
 PYTHON_PYYAML_LICENSE_FILES = LICENSE
 PYTHON_PYYAML_DEPENDENCIES = libyaml
+HOST_PYTHON_PYYAML_DEPENDENCIES = host-libyaml
 
 $(eval $(python-package))
+$(eval $(host-python-package))

package/python-typing/python-typing.mk

@@ -12,3 +12,4 @@ PYTHON_TYPING_LICENSE = Python-2.0, others
 PYTHON_TYPING_LICENSE_FILES = LICENSE
 
 $(eval $(python-package))
+$(eval $(host-python-package))

package/runc/0001-nsenter-clone-proc-self-exe-to-avoid-exposing-host-b.patch

@@ -0,0 +1,338 @@
+From 0a8e4117e7f715d5fbeef398405813ce8e88558b Mon Sep 17 00:00:00 2001
+From: Aleksa Sarai <asarai@suse.de>
+Date: Wed, 9 Jan 2019 13:40:01 +1100
+Subject: [PATCH] nsenter: clone /proc/self/exe to avoid exposing host binary
+ to container
+
+There are quite a few circumstances where /proc/self/exe pointing to a
+pretty important container binary is a _bad_ thing, so to avoid this we
+have to make a copy (preferably doing self-clean-up and not being
+writeable).
+
+We require memfd_create(2) -- though there is an O_TMPFILE fallback --
+but we can always extend this to use a scratch MNT_DETACH overlayfs or
+tmpfs. The main downside to this approach is no page-cache sharing for
+the runc binary (which overlayfs would give us) but this is far less
+complicated.
+
+This is only done during nsenter so that it happens transparently to the
+Go code, and any libcontainer users benefit from it. This also makes
+ExtraFiles and --preserve-fds handling trivial (because we don't need to
+worry about it).
+
+Fixes: CVE-2019-5736
+Co-developed-by: Christian Brauner <christian.brauner@ubuntu.com>
+Signed-off-by: Aleksa Sarai <asarai@suse.de>
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ libcontainer/nsenter/cloned_binary.c | 268 +++++++++++++++++++++++++++++++++++
+ libcontainer/nsenter/nsexec.c        |  11 ++
+ 2 files changed, 279 insertions(+)
+ create mode 100644 libcontainer/nsenter/cloned_binary.c
+
+diff --git a/libcontainer/nsenter/cloned_binary.c b/libcontainer/nsenter/cloned_binary.c
+new file mode 100644
+index 00000000..c8a42c23
+--- /dev/null
++++ b/libcontainer/nsenter/cloned_binary.c
+@@ -0,0 +1,268 @@
++/*
++ * Copyright (C) 2019 Aleksa Sarai <cyphar@cyphar.com>
++ * Copyright (C) 2019 SUSE LLC
++ *
++ * Licensed under the Apache License, Version 2.0 (the "License");
++ * you may not use this file except in compliance with the License.
++ * You may obtain a copy of the License at
++ *
++ *     http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ */
++
++#define _GNU_SOURCE
++#include <unistd.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <stdbool.h>
++#include <string.h>
++#include <limits.h>
++#include <fcntl.h>
++#include <errno.h>
++
++#include <sys/types.h>
++#include <sys/stat.h>
++#include <sys/vfs.h>
++#include <sys/mman.h>
++#include <sys/sendfile.h>
++#include <sys/syscall.h>
++
++/* Use our own wrapper for memfd_create. */
++#if !defined(SYS_memfd_create) && defined(__NR_memfd_create)
++#  define SYS_memfd_create __NR_memfd_create
++#endif
++#ifdef SYS_memfd_create
++#  define HAVE_MEMFD_CREATE
++/* memfd_create(2) flags -- copied from <linux/memfd.h>. */
++#  ifndef MFD_CLOEXEC
++#    define MFD_CLOEXEC       0x0001U
++#    define MFD_ALLOW_SEALING 0x0002U
++#  endif
++int memfd_create(const char *name, unsigned int flags)
++{
++	return syscall(SYS_memfd_create, name, flags);
++}
++#endif
++
++/* This comes directly from <linux/fcntl.h>. */
++#ifndef F_LINUX_SPECIFIC_BASE
++#  define F_LINUX_SPECIFIC_BASE 1024
++#endif
++#ifndef F_ADD_SEALS
++#  define F_ADD_SEALS (F_LINUX_SPECIFIC_BASE + 9)
++#  define F_GET_SEALS (F_LINUX_SPECIFIC_BASE + 10)
++#endif
++#ifndef F_SEAL_SEAL
++#  define F_SEAL_SEAL   0x0001	/* prevent further seals from being set */
++#  define F_SEAL_SHRINK 0x0002	/* prevent file from shrinking */
++#  define F_SEAL_GROW   0x0004	/* prevent file from growing */
++#  define F_SEAL_WRITE  0x0008	/* prevent writes */
++#endif
++
++#define RUNC_SENDFILE_MAX 0x7FFFF000 /* sendfile(2) is limited to 2GB. */
++#ifdef HAVE_MEMFD_CREATE
++#  define RUNC_MEMFD_COMMENT "runc_cloned:/proc/self/exe"
++#  define RUNC_MEMFD_SEALS \
++	(F_SEAL_SEAL | F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE)
++#endif
++
++static void *must_realloc(void *ptr, size_t size)
++{
++	void *old = ptr;
++	do {
++		ptr = realloc(old, size);
++	} while(!ptr);
++	return ptr;
++}
++
++/*
++ * Verify whether we are currently in a self-cloned program (namely, is
++ * /proc/self/exe a memfd). F_GET_SEALS will only succeed for memfds (or rather
++ * for shmem files), and we want to be sure it's actually sealed.
++ */
++static int is_self_cloned(void)
++{
++	int fd, ret, is_cloned = 0;
++
++	fd = open("/proc/self/exe", O_RDONLY|O_CLOEXEC);
++	if (fd < 0)
++		return -ENOTRECOVERABLE;
++
++#ifdef HAVE_MEMFD_CREATE
++	ret = fcntl(fd, F_GET_SEALS);
++	is_cloned = (ret == RUNC_MEMFD_SEALS);
++#else
++	struct stat statbuf = {0};
++	ret = fstat(fd, &statbuf);
++	if (ret >= 0)
++		is_cloned = (statbuf.st_nlink == 0);
++#endif
++	close(fd);
++	return is_cloned;
++}
++
++/*
++ * Basic wrapper around mmap(2) that gives you the file length so you can
++ * safely treat it as an ordinary buffer. Only gives you read access.
++ */
++static char *read_file(char *path, size_t *length)
++{
++	int fd;
++	char buf[4096], *copy = NULL;
++
++	if (!length)
++		return NULL;
++
++	fd = open(path, O_RDONLY | O_CLOEXEC);
++	if (fd < 0)
++		return NULL;
++
++	*length = 0;
++	for (;;) {
++		int n;
++
++		n = read(fd, buf, sizeof(buf));
++		if (n < 0)
++			goto error;
++		if (!n)
++			break;
++
++		copy = must_realloc(copy, (*length + n) * sizeof(*copy));
++		memcpy(copy + *length, buf, n);
++		*length += n;
++	}
++	close(fd);
++	return copy;
++
++error:
++	close(fd);
++	free(copy);
++	return NULL;
++}
++
++/*
++ * A poor-man's version of "xargs -0". Basically parses a given block of
++ * NUL-delimited data, within the given length and adds a pointer to each entry
++ * to the array of pointers.
++ */
++static int parse_xargs(char *data, int data_length, char ***output)
++{
++	int num = 0;
++	char *cur = data;
++
++	if (!data || *output != NULL)
++		return -1;
++
++	while (cur < data + data_length) {
++		num++;
++		*output = must_realloc(*output, (num + 1) * sizeof(**output));
++		(*output)[num - 1] = cur;
++		cur += strlen(cur) + 1;
++	}
++	(*output)[num] = NULL;
++	return num;
++}
++
++/*
++ * "Parse" out argv and envp from /proc/self/cmdline and /proc/self/environ.
++ * This is necessary because we are running in a context where we don't have a
++ * main() that we can just get the arguments from.
++ */
++static int fetchve(char ***argv, char ***envp)
++{
++	char *cmdline = NULL, *environ = NULL;
++	size_t cmdline_size, environ_size;
++
++	cmdline = read_file("/proc/self/cmdline", &cmdline_size);
++	if (!cmdline)
++		goto error;
++	environ = read_file("/proc/self/environ", &environ_size);
++	if (!environ)
++		goto error;
++
++	if (parse_xargs(cmdline, cmdline_size, argv) <= 0)
++		goto error;
++	if (parse_xargs(environ, environ_size, envp) <= 0)
++		goto error;
++
++	return 0;
++
++error:
++	free(environ);
++	free(cmdline);
++	return -EINVAL;
++}
++
++static int clone_binary(void)
++{
++	int binfd, memfd;
++	ssize_t sent = 0;
++
++#ifdef HAVE_MEMFD_CREATE
++	memfd = memfd_create(RUNC_MEMFD_COMMENT, MFD_CLOEXEC | MFD_ALLOW_SEALING);
++#else
++	memfd = open("/tmp", O_TMPFILE | O_EXCL | O_RDWR | O_CLOEXEC, 0711);
++#endif
++	if (memfd < 0)
++		return -ENOTRECOVERABLE;
++
++	binfd = open("/proc/self/exe", O_RDONLY | O_CLOEXEC);
++	if (binfd < 0)
++		goto error;
++
++	sent = sendfile(memfd, binfd, NULL, RUNC_SENDFILE_MAX);
++	close(binfd);
++	if (sent < 0)
++		goto error;
++
++#ifdef HAVE_MEMFD_CREATE
++	int err = fcntl(memfd, F_ADD_SEALS, RUNC_MEMFD_SEALS);
++	if (err < 0)
++		goto error;
++#else
++	/* Need to re-open "memfd" as read-only to avoid execve(2) giving -EXTBUSY. */
++	int newfd;
++	char *fdpath = NULL;
++
++	if (asprintf(&fdpath, "/proc/self/fd/%d", memfd) < 0)
++		goto error;
++	newfd = open(fdpath, O_RDONLY | O_CLOEXEC);
++	free(fdpath);
++	if (newfd < 0)
++		goto error;
++
++	close(memfd);
++	memfd = newfd;
++#endif
++	return memfd;
++
++error:
++	close(memfd);
++	return -EIO;
++}
++
++int ensure_cloned_binary(void)
++{
++	int execfd;
++	char **argv = NULL, **envp = NULL;
++
++	/* Check that we're not self-cloned, and if we are then bail. */
++	int cloned = is_self_cloned();
++	if (cloned > 0 || cloned == -ENOTRECOVERABLE)
++		return cloned;
++
++	if (fetchve(&argv, &envp) < 0)
++		return -EINVAL;
++
++	execfd = clone_binary();
++	if (execfd < 0)
++		return -EIO;
++
++	fexecve(execfd, argv, envp);
++	return -ENOEXEC;
++}
+diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c
+index 28269dfc..7750af35 100644
+--- a/libcontainer/nsenter/nsexec.c
++++ b/libcontainer/nsenter/nsexec.c
+@@ -534,6 +534,9 @@ void join_namespaces(char *nslist)
+ 	free(namespaces);
+ }
+ 
++/* Defined in cloned_binary.c. */
++extern int ensure_cloned_binary(void);
++
+ void nsexec(void)
+ {
+ 	int pipenum;
+@@ -549,6 +552,14 @@ void nsexec(void)
+ 	if (pipenum == -1)
+ 		return;
+ 
++	/*
++	 * We need to re-exec if we are not in a cloned binary. This is necessary
++	 * to ensure that containers won't be able to access the host binary
++	 * through /proc/self/exe. See CVE-2019-5736.
++	 */
++	if (ensure_cloned_binary() < 0)
++		bail("could not ensure we are a cloned binary");
++
+ 	/* Parse all of the netlink configuration. */
+ 	nl_parse(pipenum, &config);
+ 
+-- 
+2.11.0
+

package/runc/Config.in

@@ -3,13 +3,14 @@ config BR2_PACKAGE_RUNC
 	depends on BR2_PACKAGE_HOST_GO_ARCH_SUPPORTS
 	depends on BR2_PACKAGE_HOST_GO_CGO_LINKING_SUPPORTS
 	depends on BR2_TOOLCHAIN_HAS_THREADS
+	depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve
 	help
 	  runC is a CLI tool for spawning and running containers
 	  according to the OCP specification.
 
 	  https://github.com/opencontainers/runc
 
-comment "runc needs a toolchain w/ threads"
+comment "runc needs a glibc or musl toolchain toolchain w/ threads"
 	depends on BR2_PACKAGE_HOST_GO_ARCH_SUPPORTS && \
 		BR2_PACKAGE_HOST_GO_CGO_LINKING_SUPPORTS
-	depends on !BR2_TOOLCHAIN_HAS_THREADS
+	depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_TOOLCHAN_USES_UCLIBC

package/sg3_utils/0002-src-Makefile.am-add-missing-RT_LIB-for-sg_turs.patch

@@ -0,0 +1,29 @@
+From 68b0591cf37760e09e358533bbcecf36eddfceed Mon Sep 17 00:00:00 2001
+From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+Date: Sun, 10 Feb 2019 14:46:41 +0100
+Subject: [PATCH] src/Makefile.am: add missing @RT_LIB@ for sg_turs
+
+The sg_turs program uses clock_gettime(), so it should link against
+librt, as provided by @RT_LIB@.
+
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+---
+ src/Makefile.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/Makefile.am b/src/Makefile.am
+index 881cf29..0eba680 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -170,7 +170,7 @@ sg_test_rwbuf_LDADD = ../lib/libsgutils2.la
+ 
+ sg_timestamp_LDADD = ../lib/libsgutils2.la
+ 
+-sg_turs_LDADD = ../lib/libsgutils2.la
++sg_turs_LDADD = ../lib/libsgutils2.la @RT_LIB@
+ 
+ sg_unmap_LDADD = ../lib/libsgutils2.la
+ 
+-- 
+2.20.1
+

package/sg3_utils/sg3_utils.mk

@@ -14,7 +14,7 @@ SG3_UTILS_LICENSE := $(SG3_UTILS_LICENSE), GPL-2.0+ (programs), BSD-3-Clause (pr
 endif
 SG3_UTILS_LICENSE_FILES = COPYING BSD_LICENSE
 
-# Patching configure.ac
+# Patching configure.ac/Makefile.am
 SG3_UTILS_AUTORECONF = YES
 
 # install the libsgutils2 library

package/sqlcipher/0001-Support-OpenSSL-1.1.0-and-prior.patch

@@ -0,0 +1,97 @@
+From 43f71fa7b4c6a20f4078b9098369abb8d38a5617 Mon Sep 17 00:00:00 2001
+From: Nick Parker <nparker@zetetic.net>
+Date: Fri, 9 Dec 2016 11:47:39 -0600
+Subject: [PATCH] Support OpenSSL 1.1.0 and prior
+
+(cherry picked from commit 939c83a007e4724436c3955ae2afd8b11b92d867)
+Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
+---
+ src/crypto_openssl.c | 53 +++++++++++++++++++++++++++++++++++++---------------
+ 1 file changed, 38 insertions(+), 15 deletions(-)
+
+diff --git a/src/crypto_openssl.c b/src/crypto_openssl.c
+index 150ab92..6822325 100644
+--- a/src/crypto_openssl.c
++++ b/src/crypto_openssl.c
+@@ -47,6 +47,29 @@ static unsigned int openssl_external_init = 0;
+ static unsigned int openssl_init_count = 0;
+ static sqlite3_mutex* openssl_rand_mutex = NULL;
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++static HMAC_CTX *HMAC_CTX_new(void)
++{
++  HMAC_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
++  if (ctx != NULL) {
++    HMAC_CTX_init(ctx);
++  }
++  return ctx;
++}
++
++// Per 1.1.0 (https://wiki.openssl.org/index.php/1.1_API_Changes)
++// HMAC_CTX_free should call HMAC_CTX_cleanup, then EVP_MD_CTX_Cleanup.
++// HMAC_CTX_cleanup internally calls EVP_MD_CTX_cleanup so these
++// calls are not needed.
++static void HMAC_CTX_free(HMAC_CTX *ctx)
++{
++  if (ctx != NULL) {
++    HMAC_CTX_cleanup(ctx);
++    OPENSSL_free(ctx);
++  }
++}
++#endif
++
+ static int sqlcipher_openssl_add_random(void *ctx, void *buffer, int length) {
+ #ifndef SQLCIPHER_OPENSSL_NO_MUTEX_RAND
+   sqlite3_mutex_enter(openssl_rand_mutex);
+@@ -143,14 +166,14 @@ static int sqlcipher_openssl_random (void *ctx, void *buffer, int length) {
+ }
+ 
+ static int sqlcipher_openssl_hmac(void *ctx, unsigned char *hmac_key, int key_sz, unsigned char *in, int in_sz, unsigned char *in2, int in2_sz, unsigned char *out) {
+-  HMAC_CTX hctx;
+   unsigned int outlen;
+-  HMAC_CTX_init(&hctx);
+-  HMAC_Init_ex(&hctx, hmac_key, key_sz, EVP_sha1(), NULL);
+-  HMAC_Update(&hctx, in, in_sz);
+-  HMAC_Update(&hctx, in2, in2_sz);
+-  HMAC_Final(&hctx, out, &outlen);
+-  HMAC_CTX_cleanup(&hctx);
++  HMAC_CTX* hctx = HMAC_CTX_new();
++  if(hctx == NULL) return SQLITE_ERROR;
++  HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha1(), NULL);
++  HMAC_Update(hctx, in, in_sz);
++  HMAC_Update(hctx, in2, in2_sz);
++  HMAC_Final(hctx, out, &outlen);
++  HMAC_CTX_free(hctx);
+   return SQLITE_OK; 
+ }
+ 
+@@ -160,18 +183,18 @@ static int sqlcipher_openssl_kdf(void *ctx, const unsigned char *pass, int pass_
+ }
+ 
+ static int sqlcipher_openssl_cipher(void *ctx, int mode, unsigned char *key, int key_sz, unsigned char *iv, unsigned char *in, int in_sz, unsigned char *out) {
+-  EVP_CIPHER_CTX ectx;
+   int tmp_csz, csz;
+- 
+-  EVP_CipherInit(&ectx, ((openssl_ctx *)ctx)->evp_cipher, NULL, NULL, mode);
+-  EVP_CIPHER_CTX_set_padding(&ectx, 0); // no padding
+-  EVP_CipherInit(&ectx, NULL, key, iv, mode);
+-  EVP_CipherUpdate(&ectx, out, &tmp_csz, in, in_sz);
++  EVP_CIPHER_CTX* ectx = EVP_CIPHER_CTX_new();
++  if(ectx == NULL) return SQLITE_ERROR;
++  EVP_CipherInit_ex(ectx, ((openssl_ctx *)ctx)->evp_cipher, NULL, NULL, NULL, mode);
++  EVP_CIPHER_CTX_set_padding(ectx, 0); // no padding
++  EVP_CipherInit_ex(ectx, NULL, NULL, key, iv, mode);
++  EVP_CipherUpdate(ectx, out, &tmp_csz, in, in_sz);
+   csz = tmp_csz;  
+   out += tmp_csz;
+-  EVP_CipherFinal(&ectx, out, &tmp_csz);
++  EVP_CipherFinal_ex(ectx, out, &tmp_csz);
+   csz += tmp_csz;
+-  EVP_CIPHER_CTX_cleanup(&ectx);
++  EVP_CIPHER_CTX_free(ectx);
+   assert(in_sz == csz);
+   return SQLITE_OK; 
+ }
+-- 
+1.9.1
+

package/sqlcipher/0002-Guard-OpenSSL-init-and-cleanup-routines-on-versions-.patch

@@ -0,0 +1,42 @@
+From 6b4dbecbcfe35d36fea264c04c41b338852d4e88 Mon Sep 17 00:00:00 2001
+From: Nick Parker <nparker@zetetic.net>
+Date: Wed, 1 Mar 2017 15:35:43 -0600
+Subject: [PATCH] Guard OpenSSL init and cleanup routines on versions less
+ than 1.1.0
+
+(cherry picked from commit 1c495b933cee3381f1ea6a70edcbcda1754d7409)
+Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
+
+Conflicts:
+	src/crypto_openssl.c
+---
+ src/crypto_openssl.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/crypto_openssl.c b/src/crypto_openssl.c
+index 6822325..09bc2a2 100644
+--- a/src/crypto_openssl.c
++++ b/src/crypto_openssl.c
+@@ -102,7 +102,9 @@ static int sqlcipher_openssl_activate(void *ctx) {
+ 
+   if(openssl_init_count == 0 && openssl_external_init == 0)  {
+     /* if the library was not externally initialized, then should be now */
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+     OpenSSL_add_all_algorithms();
++#endif
+   } 
+ 
+ #ifndef SQLCIPHER_OPENSSL_NO_MUTEX_RAND
+@@ -131,7 +133,9 @@ static int sqlcipher_openssl_deactivate(void *ctx) {
+        Note: this code will only be reached if OpensSSL_add_all_algorithms()
+        is called by SQLCipher internally. This should prevent SQLCipher from 
+        "cleaning up" openssl when it was initialized externally by the program */
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+       EVP_cleanup();
++#endif
+     }
+ #ifndef SQLCIPHER_OPENSSL_NO_MUTEX_RAND
+     sqlite3_mutex_free(openssl_rand_mutex);
+-- 
+1.9.1
+

package/sqlcipher/0003-correct-compliation-under-openssl-1.1.x.patch

@@ -0,0 +1,48 @@
+From 3da532754fb2bb7d379d4386a8c3339742edfb0b Mon Sep 17 00:00:00 2001
+From: Stephen Lombardo <sjlombardo@zetetic.net>
+Date: Wed, 10 Oct 2018 15:55:49 -0400
+Subject: [PATCH] correct compliation under openssl 1.1.x
+
+(cherry picked from commit 57ea35296ce7f2c1c93ce79194eea19a008b69ae)
+Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
+
+Conflicts:
+	src/crypto_openssl.c
+---
+ src/crypto_openssl.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/crypto_openssl.c b/src/crypto_openssl.c
+index 09bc2a2..57a1104 100644
+--- a/src/crypto_openssl.c
++++ b/src/crypto_openssl.c
+@@ -47,7 +47,7 @@ static unsigned int openssl_external_init = 0;
+ static unsigned int openssl_init_count = 0;
+ static sqlite3_mutex* openssl_rand_mutex = NULL;
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if (defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L) || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L)
+ static HMAC_CTX *HMAC_CTX_new(void)
+ {
+   HMAC_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
+@@ -102,7 +102,7 @@ static int sqlcipher_openssl_activate(void *ctx) {
+ 
+   if(openssl_init_count == 0 && openssl_external_init == 0)  {
+     /* if the library was not externally initialized, then should be now */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if (defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L) || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L)
+     OpenSSL_add_all_algorithms();
+ #endif
+   } 
+@@ -133,7 +133,7 @@ static int sqlcipher_openssl_deactivate(void *ctx) {
+        Note: this code will only be reached if OpensSSL_add_all_algorithms()
+        is called by SQLCipher internally. This should prevent SQLCipher from 
+        "cleaning up" openssl when it was initialized externally by the program */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if (defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L) || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L)
+       EVP_cleanup();
+ #endif
+     }
+-- 
+1.9.1
+

package/sqlcipher/Config.in

@@ -3,6 +3,7 @@ config BR2_PACKAGE_SQLCIPHER
 	depends on !BR2_PACKAGE_SQLITE
 	depends on BR2_TOOLCHAIN_HAS_THREADS
 	select BR2_PACKAGE_OPENSSL
+	select BR2_PACKAGE_OPENSSL_FORCE_LIBOPENSSL
 	help
 	  SQLCipher is an SQLite extension that provides 256 bits AES
 	  encryption of database files. Note that it is a fork of

package/systemd/systemd.mk

@@ -10,6 +10,7 @@ SYSTEMD_LICENSE = LGPL-2.1+, GPL-2.0+ (udev), Public Domain (few source files, s
 SYSTEMD_LICENSE_FILES = LICENSE.GPL2 LICENSE.LGPL2.1 README
 SYSTEMD_INSTALL_STAGING = YES
 SYSTEMD_DEPENDENCIES = \
+	$(if $(BR2_PACKAGE_BASH_COMPLETION),bash-completion) \
 	host-gperf \
 	host-intltool \
 	kmod \
@@ -23,7 +24,6 @@ SYSTEMD_CONF_OPTS += \
 	-Dblkid=true \
 	-Dman=false \
 	-Dima=false \
-	-Dlibcryptsetup=false \
 	-Defi=false \
 	-Dgnu-efi=false \
 	-Dldconfig=false \
@@ -57,6 +57,13 @@ else
 SYSTEMD_CONF_OPTS += -Daudit=false
 endif
 
+ifeq ($(BR2_PACKAGE_CRYPTSETUP),y)
+SYSTEMD_DEPENDENCIES += cryptsetup
+SYSTEMD_CONF_OPTS += -Dlibcryptsetup=true
+else
+SYSTEMD_CONF_OPTS += -Dlibcryptsetup=false
+endif
+
 ifeq ($(BR2_PACKAGE_ELFUTILS),y)
 SYSTEMD_DEPENDENCIES += elfutils
 SYSTEMD_CONF_OPTS += -Delfutils=true
@@ -117,6 +124,13 @@ else
 SYSTEMD_CONF_OPTS += -Dpam=false
 endif
 
+ifeq ($(BR2_PACKAGE_VALGRIND),y)
+SYSTEMD_DEPENDENCIES += valgrind
+SYSTEMD_CONF_OPTS += -Dvalgrind=true
+else
+SYSTEMD_CONF_OPTS += -Dvalgrind=false
+endif
+
 ifeq ($(BR2_PACKAGE_XZ),y)
 SYSTEMD_DEPENDENCIES += xz
 SYSTEMD_CONF_OPTS += -Dxz=true

support/testing/tests/package/test_docker_compose.py

@@ -4,19 +4,12 @@ import infra.basetest
 
 
 class TestDockerCompose(infra.basetest.BRTest):
-    config = infra.basetest.BASIC_TOOLCHAIN_CONFIG + \
+    config = \
         """
         BR2_x86_64=y
         BR2_x86_core2=y
-        BR2_TOOLCHAIN_EXTERNAL=y
-        BR2_TOOLCHAIN_EXTERNAL_CUSTOM=y
-        BR2_TOOLCHAIN_EXTERNAL_DOWNLOAD=y
-        BR2_TOOLCHAIN_EXTERNAL_URL="http://autobuild.buildroot.org/toolchains/tarballs/br-x86-64-core2-full-2018.05.tar.bz2"
-        BR2_TOOLCHAIN_EXTERNAL_GCC_6=y
-        BR2_TOOLCHAIN_EXTERNAL_HEADERS_4_16=y
-        BR2_TOOLCHAIN_EXTERNAL_LOCALE=y
-        # BR2_TOOLCHAIN_EXTERNAL_HAS_THREADS_DEBUG is not set
-        BR2_TOOLCHAIN_EXTERNAL_CXX=y
+        BR2_TOOLCHAIN_BUILDROOT_GLIBC=y
+        BR2_KERNEL_HEADERS_4_19=y
         BR2_SYSTEM_DHCP="eth0"
         BR2_ROOTFS_POST_BUILD_SCRIPT="{}"
         BR2_ROOTFS_POST_SCRIPT_ARGS="{}"

utils/scanpypi

@@ -225,6 +225,22 @@ class BuildrootPackage():
         self.filename = self.used_url['filename']
         self.url = self.used_url['url']
 
+    def check_archive(self, members):
+        """
+        Check archive content before extracting
+
+        Keyword arguments:
+        members -- list of archive members
+        """
+        # Protect against https://github.com/snyk/zip-slip-vulnerability
+        # Older python versions do not validate that the extracted files are
+        # inside the target directory. Detect and error out on evil paths
+        evil = [e for e in members if os.path.relpath(e).startswith(('/', '..'))]
+        if evil:
+            print('ERROR: Refusing to extract {} with suspicious members {}'.format(
+                self.filename, evil))
+            sys.exit(1)
+
     def extract_package(self, tmp_path):
         """
         Extract the package contents into a directrory
@@ -249,6 +265,7 @@ class BuildrootPackage():
                     print('Removing {pkg}...'.format(pkg=tmp_pkg))
                     shutil.rmtree(tmp_pkg)
                     os.makedirs(tmp_pkg)
+                self.check_archive(as_zipfile.namelist())
                 as_zipfile.extractall(tmp_pkg)
                 pkg_filename = self.filename.split(".zip")[0]
         else:
@@ -264,6 +281,7 @@ class BuildrootPackage():
                     print('Removing {pkg}...'.format(pkg=tmp_pkg))
                     shutil.rmtree(tmp_pkg)
                     os.makedirs(tmp_pkg)
+                self.check_archive(as_tarfile.getnames())
                 as_tarfile.extractall(tmp_pkg)
                 pkg_filename = self.filename.split(".tar")[0]