Merge Official Source

package/boot/rbcfg/Makefile

@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=rbcfg
-PKG_RELEASE:=2
+PKG_RELEASE:=3
 
 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
 

package/boot/rbcfg/src/main.c

@@ -498,7 +498,7 @@ rbcfg_update(int tmp)
 	put_u32(ctx->buf + 4, crc);
 
 	name = (tmp) ? ctx->tmp_file : ctx->mtd_device;
-	fd = open(name, O_WRONLY | O_CREAT);
+	fd = open(name, O_WRONLY | O_CREAT, 0640);
 	if (fd < 0) {
 		fprintf(stderr, "unable to open %s for writing\n", name);
 		err = RB_ERR_IO;

package/devel/binutils/Makefile

@@ -49,6 +49,7 @@ define Package/binutils
   CATEGORY:=Development
   TITLE:=binutils
   DEPENDS:=+objdump +ar
+  ALTERNATIVES:=200:/usr/bin/strings:/usr/bin/binutils-strings
 endef
 
 define Package/objdump
@@ -114,7 +115,7 @@ endef
 define Package/binutils/install
 	$(INSTALL_DIR) $(1)/usr $(1)/bin
 	$(CP) $(PKG_INSTALL_DIR)/usr/bin/ $(1)/usr/
-	mv $(1)/usr/bin/strings $(1)/bin/strings
+	mv $(1)/usr/bin/strings $(1)/usr/bin/binutils-strings
 	rm -f $(1)/usr/bin/objdump
 	rm -f $(1)/usr/bin/ar
 endef

package/network/services/openvpn/Makefile

@@ -9,14 +9,14 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openvpn
 
-PKG_VERSION:=2.4.8
+PKG_VERSION:=2.4.9
 PKG_RELEASE:=1
 
 PKG_SOURCE_URL:=\
 	https://build.openvpn.net/downloads/releases/ \
 	https://swupdate.openvpn.net/community/releases/
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_HASH:=fb8ca66bb7807fff595fbdf2a0afd085c02a6aa47715c9aa3171002f9f1a3f91
+PKG_HASH:=641f3add8694b2ccc39fd4fd92554e4f089ad16a8db6d2b473ec284839a5ebe2
 
 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
 

package/network/services/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch

@@ -1,6 +1,6 @@
 --- a/src/openvpn/ssl_mbedtls.c
 +++ b/src/openvpn/ssl_mbedtls.c
-@@ -1406,7 +1406,7 @@ const char *
+@@ -1415,7 +1415,7 @@ const char *
  get_ssl_library_version(void)
  {
      static char mbedtls_version[30];

package/network/services/openvpn/patches/110-openssl-dont-use-deprecated-ssleay-symbols.patch

@@ -47,7 +47,7 @@ Signed-off-by: Gert Doering <gert@greenie.muc.de>
  #endif
 --- a/src/openvpn/ssl_openssl.c
 +++ b/src/openvpn/ssl_openssl.c
-@@ -1977,7 +1977,7 @@ get_highest_preference_tls_cipher(char *
+@@ -2008,7 +2008,7 @@ get_highest_preference_tls_cipher(char *
  const char *
  get_ssl_library_version(void)
  {

package/network/utils/dante/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dante
 PKG_VERSION:=1.4.1
-PKG_RELEASE:=3
+PKG_RELEASE:=4
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://www.inet.no/dante/files/

package/network/utils/dante/patches/210-deactivate-sched_setscheduler.patch

@@ -0,0 +1,53 @@
+When compiled with glibc the config_scan.c wants to use the 
+cpupolicy2numeric() function which is only available when 
+HAVE_SCHED_SETSCHEDULER is set. It looks like the wrong define was used here.
+
+This fixes a build problem with glibc in combination with the force 
+ac_cv_func_sched_setscheduler=no in the OpenWrt CONFIGURE_VARS.
+
+--- a/lib/config_scan.c
++++ b/lib/config_scan.c
+@@ -3891,7 +3891,7 @@ YY_RULE_SETUP
+    SERRX(0);
+ 
+ #else /* !SOCKS_CLIENT */
+-#if HAVE_SCHED_SETAFFINITY
++#if HAVE_SCHED_SETSCHEDULER
+ 
+    BEGIN(0);
+ 
+@@ -3899,9 +3899,9 @@ YY_RULE_SETUP
+       yyerrorx("unknown scheduling policy \"%s\"", yytext);
+ 
+    return SCHEDULEPOLICY;
+-#else /* !HAVE_SCHED_SETAFFINITY */
++#else /* !HAVE_SCHED_SETSCHEDULER */
+    yyerrorx("setting cpu scheduling policy is not supported on this platform");
+-#endif /* !HAVE_SCHED_SETAFFINITY */
++#endif /* !HAVE_SCHED_SETSCHEDULER */
+ 
+ #endif /* SOCKS_CLIENT */
+ }
+--- a/lib/config_scan.l
++++ b/lib/config_scan.l
+@@ -456,7 +456,7 @@ cpu {
+    SERRX(0);
+ 
+ #else /* !SOCKS_CLIENT */
+-#if HAVE_SCHED_SETAFFINITY
++#if HAVE_SCHED_SETSCHEDULER
+ 
+    BEGIN(0);
+ 
+@@ -464,9 +464,9 @@ cpu {
+       yyerrorx("unknown scheduling policy \"%s\"", yytext);
+ 
+    return SCHEDULEPOLICY;
+-#else /* !HAVE_SCHED_SETAFFINITY */
++#else /* !HAVE_SCHED_SETSCHEDULER */
+    yyerrorx("setting cpu scheduling policy is not supported on this platform");
+-#endif /* !HAVE_SCHED_SETAFFINITY */
++#endif /* !HAVE_SCHED_SETSCHEDULER */
+ 
+ #endif /* SOCKS_CLIENT */
+ }

package/utils/busybox/patches/001-remove-stime-function-calls.patch

@@ -0,0 +1,84 @@
+From d3539be8f27b8cbfdfee460fe08299158f08bcd9 Mon Sep 17 00:00:00 2001
+From: Alistair Francis <alistair.francis@wdc.com>
+Date: Tue, 19 Nov 2019 13:06:40 +0100
+Subject: Remove stime() function calls
+
+stime() has been deprecated in glibc 2.31 and replaced with
+clock_settime(). Let's replace the stime() function calls with
+clock_settime() in preperation.
+
+function                                             old     new   delta
+rdate_main                                           197     224     +27
+clock_settime                                          -      27     +27
+date_main                                            926     941     +15
+stime                                                 37       -     -37
+------------------------------------------------------------------------------
+(add/remove: 2/2 grow/shrink: 2/0 up/down: 69/-37)             Total: 32 bytes
+
+Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+---
+ coreutils/date.c         | 6 +++++-
+ libbb/missing_syscalls.c | 8 --------
+ util-linux/rdate.c       | 8 ++++++--
+ 3 files changed, 11 insertions(+), 11 deletions(-)
+
+--- a/coreutils/date.c
++++ b/coreutils/date.c
+@@ -279,6 +279,9 @@ int date_main(int argc UNUSED_PARAM, cha
+ 		time(&ts.tv_sec);
+ #endif
+ 	}
++#if !ENABLE_FEATURE_DATE_NANO
++	ts.tv_nsec = 0;
++#endif
+ 	localtime_r(&ts.tv_sec, &tm_time);
+ 
+ 	/* If date string is given, update tm_time, and maybe set date */
+@@ -301,9 +304,10 @@ int date_main(int argc UNUSED_PARAM, cha
+ 		if (date_str[0] != '@')
+ 			tm_time.tm_isdst = -1;
+ 		ts.tv_sec = validate_tm_time(date_str, &tm_time);
++		ts.tv_nsec = 0;
+ 
+ 		/* if setting time, set it */
+-		if ((opt & OPT_SET) && stime(&ts.tv_sec) < 0) {
++		if ((opt & OPT_SET) && clock_settime(CLOCK_REALTIME, &ts) < 0) {
+ 			bb_perror_msg("can't set date");
+ 		}
+ 	}
+--- a/libbb/missing_syscalls.c
++++ b/libbb/missing_syscalls.c
+@@ -15,14 +15,6 @@ pid_t getsid(pid_t pid)
+ 	return syscall(__NR_getsid, pid);
+ }
+ 
+-int stime(const time_t *t)
+-{
+-	struct timeval tv;
+-	tv.tv_sec = *t;
+-	tv.tv_usec = 0;
+-	return settimeofday(&tv, NULL);
+-}
+-
+ int sethostname(const char *name, size_t len)
+ {
+ 	return syscall(__NR_sethostname, name, len);
+--- a/util-linux/rdate.c
++++ b/util-linux/rdate.c
+@@ -95,9 +95,13 @@ int rdate_main(int argc UNUSED_PARAM, ch
+ 	if (!(flags & 2)) { /* no -p (-s may be present) */
+ 		if (time(NULL) == remote_time)
+ 			bb_error_msg("current time matches remote time");
+-		else
+-			if (stime(&remote_time) < 0)
++		else {
++			struct timespec ts;
++			ts.tv_sec = remote_time;
++			ts.tv_nsec = 0;
++			if (clock_settime(CLOCK_REALTIME, &ts) < 0)
+ 				bb_perror_msg_and_die("can't set time of day");
++		}
+ 	}
+ 
+ 	if (flags != 1) /* not lone -s */

package/utils/ugps/Makefile

@@ -31,10 +31,6 @@ endef
 
 TARGET_CFLAGS += -I$(STAGING_DIR)/usr/include
 
-ifneq ($(CONFIG_USE_GLIBC),)
-  TARGET_CFLAGS += -D_DEFAULT_SOURCE
-endif
-
 define Package/ugps/conffiles
 /etc/config/gps
 endef

target/linux/bcm63xx/Makefile

@@ -12,8 +12,7 @@ BOARD:=bcm63xx
 BOARDNAME:=Broadcom BCM63xx
 SUBTARGETS:=generic smp
 FEATURES:=squashfs usb atm pci pcmcia usbgadget
-KERNEL_PATCHVER:=4.14
-KERNEL_TESTING_PATCHVER:=5.4
+KERNEL_PATCHVER:=5.4
 
 define Target/Description
 	Build firmware images for Broadcom based xDSL/routers

target/linux/generic/pending-5.4/482-mtd-spi-nor-fix-4-byte-opcode-support-for-w25q256.patch

@@ -0,0 +1,60 @@
+From: Mantas Pucka <mantas@8devices.com>
+To: linux-mtd@lists.infradead.org
+Subject: [PATCH] mtd: spi-nor: fix 4-byte opcode support for w25q256
+Date: Wed, 15 Apr 2020 16:48:30 +0300
+Message-ID: <1586958510-24012-1-git-send-email-mantas@8devices.com>
+
+There are 2 different chips (w25q256fv and w25q256jv) that share
+the same JEDEC ID. Only w25q256jv fully supports 4-byte opcodes.
+Use SFDP header version to differentiate between them.
+
+for OpenWRT only: rebased to linux-v5.4
+
+Signed-off-by: Mantas Pucka <mantas@8devices.com>
+---
+
+--- a/drivers/mtd/spi-nor/spi-nor.c
++++ b/drivers/mtd/spi-nor/spi-nor.c
+@@ -2170,6 +2170,32 @@ static struct spi_nor_fixups gd25q256_fi
+ 	.default_init = gd25q256_default_init,
+ };
+ 
++static int
++w25q256_post_bfpt_fixups(struct spi_nor *nor,
++			 const struct sfdp_parameter_header *bfpt_header,
++			 const struct sfdp_bfpt *bfpt,
++			 struct spi_nor_flash_parameter *params)
++{
++	/*
++	 * W25Q256JV supports 4B opcodes but W25Q256FV does not.
++	 * Unfortunately, Winbond has re-used the same JEDEC ID for both
++	 * variants which prevents us from defining a new entry in the parts
++	 * table.
++	 * To differentiate between W25Q256JV and W25Q256FV check SFDP header
++	 * version: only JV has JESD216A compliant structure (version 5)
++	 */
++
++	if (bfpt_header->major == SFDP_JESD216_MAJOR &&
++	    bfpt_header->minor == SFDP_JESD216A_MINOR)
++		nor->flags |= SNOR_F_4B_OPCODES;
++
++	return 0;
++}
++
++static struct spi_nor_fixups w25q256_fixups = {
++	.post_bfpt = w25q256_post_bfpt_fixups,
++};
++
+ /* NOTE: double check command sets and memory organization when you add
+  * more nor chips.  This current list focusses on newer chips, which
+  * have been converging on command sets which including JEDEC ID.
+@@ -2508,7 +2534,8 @@ static const struct flash_info spi_nor_i
+ 	{ "w25q80", INFO(0xef5014, 0, 64 * 1024,  16, SECT_4K) },
+ 	{ "w25q80bl", INFO(0xef4014, 0, 64 * 1024,  16, SECT_4K) },
+ 	{ "w25q128", INFO(0xef4018, 0, 64 * 1024, 256, SECT_4K) },
+-	{ "w25q256", INFO(0xef4019, 0, 64 * 1024, 512, SECT_4K | SPI_NOR_DUAL_READ | SPI_NOR_QUAD_READ) },
++	{ "w25q256", INFO(0xef4019, 0, 64 * 1024, 512, SECT_4K | SPI_NOR_DUAL_READ | SPI_NOR_QUAD_READ)
++			  .fixups = &w25q256_fixups },
+ 	{ "w25q256jvm", INFO(0xef7019, 0, 64 * 1024, 512,
+ 			     SECT_4K | SPI_NOR_DUAL_READ | SPI_NOR_QUAD_READ) },
+ 	{ "w25m512jv", INFO(0xef7119, 0, 64 * 1024, 1024,

target/linux/ramips/dts/mt7620a_iptime.dtsi

@@ -21,7 +21,7 @@
 	flash@0 {
 		compatible = "jedec,spi-nor";
 		reg = <0>;
-		spi-max-frequency = <40000000>;
+		spi-max-frequency = <50000000>;
 
 		partitions {
 			compatible = "fixed-partitions";

target/linux/ramips/dts/mt7620a_iptime_a1004ns.dts

@@ -0,0 +1,104 @@
+// SPDX-License-Identifier: GPL-2.0-or-later OR MIT
+/dts-v1/;
+
+#include "mt7620a_iptime.dtsi"
+
+/ {
+	compatible = "iptime,a1004ns", "ralink,mt7620a-soc";
+	model = "ipTIME A1004ns";
+
+	aliases {
+		led-boot = &led_cpu;
+		led-failsafe = &led_cpu;
+		led-running = &led_cpu;
+		led-upgrade = &led_cpu;
+	};
+
+	leds {
+		compatible = "gpio-leds";
+
+		led_cpu: cpu {
+			label = "a1004ns:blue:cpu";
+			gpios = <&gpio0 11 GPIO_ACTIVE_LOW>;
+		};
+
+		usb {
+			label = "a1004ns:blue:usb";
+			gpios = <&gpio1 15 GPIO_ACTIVE_LOW>;
+			trigger-sources = <&ohci_port1>, <&ehci_port1>;
+			linux,default-trigger = "usbport";
+		};
+	};
+
+	keys {
+		compatible = "gpio-keys";
+
+		reset {
+			label = "reset";
+			gpios = <&gpio0 1 GPIO_ACTIVE_LOW>;
+			linux,code = <KEY_RESTART>;
+		};
+
+		wps {
+			label = "wps";
+			gpios = <&gpio0 2 GPIO_ACTIVE_LOW>;
+			linux,code = <KEY_WPS_BUTTON>;
+		};
+	};
+};
+
+&firmware {
+	reg = <0x30000 0xfd0000>;
+};
+
+&state_default {
+	gpio {
+		groups = "i2c", "uartf", "spi refclk";
+		function = "gpio";
+	};
+};
+
+&ethernet {
+	pinctrl-names = "default";
+	pinctrl-0 = <&rgmii1_pins &mdio_pins>;
+
+	port@5 {
+		status = "okay";
+		mediatek,fixed-link = <1000 1 1 1>;
+		phy-mode = "rgmii";
+	};
+
+	mdio-bus {
+		status = "okay";
+
+		ethernet-phy@0 {
+			reg = <0>;
+			phy-mode = "rgmii";
+		};
+
+		ethernet-phy@1 {
+			reg = <1>;
+			phy-mode = "rgmii";
+		};
+
+		ethernet-phy@2 {
+			reg = <2>;
+			phy-mode = "rgmii";
+		};
+
+		ethernet-phy@3 {
+			reg = <3>;
+			phy-mode = "rgmii";
+		};
+
+		ethernet-phy@4 {
+			reg = <4>;
+			phy-mode = "rgmii";
+		};
+
+		ethernet-phy@1f {
+			reg = <0x1f>;
+			phy-mode = "rgmii";
+		};
+	};
+};

target/linux/ramips/dts/mt7621.dtsi

@@ -568,11 +568,10 @@
 			0x01000000 0 0x00000000 0x1e160000 0 0x00010000 /* io space */
 		>;
 
-		#interrupt-cells = <1>;
-		interrupt-map-mask = <0xF0000 0 0 1>;
-		interrupt-map = <0x10000 0 0 1 &gic GIC_SHARED 4 IRQ_TYPE_LEVEL_HIGH>,
-				<0x20000 0 0 1 &gic GIC_SHARED 24 IRQ_TYPE_LEVEL_HIGH>,
-				<0x30000 0 0 1 &gic GIC_SHARED 25 IRQ_TYPE_LEVEL_HIGH>;
+		interrupt-parent = <&gic>;
+		interrupts = <GIC_SHARED 4 IRQ_TYPE_LEVEL_HIGH
+				GIC_SHARED 24 IRQ_TYPE_LEVEL_HIGH
+				GIC_SHARED 25 IRQ_TYPE_LEVEL_HIGH>;
 
 		status = "disabled";
 

target/linux/ramips/dts/mt7621_hiwifi_hc5962.dts

@@ -44,6 +44,22 @@
 			linux,code = <KEY_RESTART>;
 		};
 	};
+
+	ubi-concat {
+		compatible = "mtd-concat";
+		devices = <&ubipart0 &ubipart1>;
+
+		partitions {
+			compatible = "fixed-partitions";
+			#address-cells = <1>;
+			#size-cells = <1>;
+
+			ubi@0 {
+				label = "ubi";
+				reg = <0x0 0x79c0000>;
+			};
+		};
+	};
 };
 
 &nand {
@@ -74,18 +90,12 @@
 
 		partition@140000 {
 			label = "kernel";
-			reg = <0x140000 0x200000>;
+			reg = <0x140000 0x400000>;
 		};
 
-		partition@340000 {
-			label = "ubi";
-			reg = <0x340000 0x1E00000>;
-		};
-
-		partition@2140000 {
-			label = "hw_panic";
-			reg = <0x2140000 0x80000>;
-			read-only;
+		ubipart0: partition@540000 {
+			label = "ubipart0";
+			reg = <0x540000 0x1c80000>;
 		};
 
 		partition@21c0000 {
@@ -94,30 +104,9 @@
 			read-only;
 		};
 
-		partition@2240000 {
-			label = "backup";
-			reg = <0x2240000 0x80000>;
-			read-only;
-		};
-
-		partition@22c0000 {
-			label = "overly";
-			reg = <0x22c0000 0x1000000>;
-		};
-
-		partition@32c0000 {
-			label = "firmware_backup";
-			reg = <0x32c0000 0x2000000>;
-		};
-
-		partition@52c0000 {
-			label = "oem";
-			reg = <0x52c0000 0x200000>;
-		};
-
-		partition@54c0000 {
-			label = "opt";
-			reg = <0x54c0000 0x2ac0000>;
+		ubipart1: partition@2240000 {
+			label = "ubipart1";
+			reg = <0x2240000 0x5d40000>;
 		};
 	};
 };

target/linux/ramips/image/Makefile

@@ -39,7 +39,7 @@ endef
 
 define Device/uimage-lzma-loader
   LOADER_TYPE := bin
-  KERNEL := $(KERNEL_DTB) | loader-kernel | uImage none
+  KERNEL := kernel-bin | append-dtb | lzma | loader-kernel | uImage none
 endef
 
 define Device/seama

target/linux/ramips/image/mt7620.mk

@@ -503,6 +503,17 @@ define Device/iodata_wn-ac733gr3
 endef
 TARGET_DEVICES += iodata_wn-ac733gr3
 
+define Device/iptime_a1004ns
+  SOC := mt7620a
+  IMAGE_SIZE := 16192k
+  UIMAGE_NAME := a1004ns
+  DEVICE_VENDOR := ipTIME
+  DEVICE_MODEL := A1004ns
+  DEVICE_PACKAGES := kmod-mt76x0e kmod-usb2 kmod-usb-ohci \
+	kmod-usb-ledtrig-usbport
+endef
+TARGET_DEVICES += iptime_a1004ns
+
 define Device/iptime_a104ns
   SOC := mt7620a
   IMAGE_SIZE := 8000k

target/linux/ramips/image/mt7621.mk

@@ -229,6 +229,7 @@ endef
 TARGET_DEVICES += dlink_dir-860l-b1
 
 define Device/d-team_newifi-d2
+  $(Device/uimage-lzma-loader)
   IMAGE_SIZE := 32448k
   DEVICE_VENDOR := Newifi
   DEVICE_MODEL := D2
@@ -339,7 +340,7 @@ TARGET_DEVICES += gnubee_gb-pc2
 define Device/hiwifi_hc5962
   BLOCKSIZE := 128k
   PAGESIZE := 2048
-  KERNEL_SIZE := 2097152
+  KERNEL_SIZE := 4096k
   UBINIZE_OPTS := -E 5
   IMAGE_SIZE := 32768k
   IMAGES += factory.bin
@@ -349,9 +350,6 @@ define Device/hiwifi_hc5962
   DEVICE_VENDOR := HiWiFi
   DEVICE_MODEL := HC5962
   DEVICE_PACKAGES := kmod-mt7603 kmod-mt76x2 kmod-usb3 wpad-basic
-  SUPPORTED_DEVICES += hc5962
-  # Kernel partition too small
-  DEFAULT := n
 endef
 TARGET_DEVICES += hiwifi_hc5962
 
@@ -463,6 +461,7 @@ endef
 TARGET_DEVICES += jcg_jhr-ac876m
 
 define Device/lenovo_newifi-d1
+  $(Device/uimage-lzma-loader)
   IMAGE_SIZE := 32448k
   DEVICE_VENDOR := Newifi
   DEVICE_MODEL := D1
@@ -747,6 +746,7 @@ endef
 TARGET_DEVICES += telco-electronics_x1
 
 define Device/thunder_timecloud
+  $(Device/uimage-lzma-loader)
   IMAGE_SIZE := 16064k
   DEVICE_VENDOR := Thunder
   DEVICE_MODEL := Timecloud

target/linux/ramips/mt7620/base-files/etc/board.d/02_network

@@ -143,7 +143,8 @@ ramips_setup_interfaces()
 			"0:lan" "1:lan" "5:wan" "6@eth0"
 		;;
 	iodata,wn-ac1167gr|\
-	iodata,wn-ac733gr3)
+	iodata,wn-ac733gr3|\
+	iptime,a1004ns)
 		ucidef_add_switch "switch0"
 		ucidef_add_switch_attr "switch0" "enable" "false"
 		ucidef_add_switch "switch1" \
@@ -312,6 +313,9 @@ ramips_setup_macs()
 	iodata,wn-ac733gr3)
 		wan_mac=$(mtd_get_mac_ascii u-boot-env wanaddr)
 		;;
+	iptime,a1004ns)
+		wan_mac=$(mtd_get_mac_binary u-boot 0x1fc40)
+		;;
 	iptime,a104ns)
 		wan_mac=$(macaddr_add "$(mtd_get_mac_binary u-boot 0x1fc20)" 2)
 		;;

target/linux/ramips/mt7621/base-files/etc/board.d/03_gpio_switches

@@ -14,14 +14,14 @@ telco-electronics,x1)
 	ucidef_add_gpio_switch "modem_reset" "Modem Reset" "16"
 	;;
 ubnt,edgerouter-x)
-	ucidef_add_gpio_switch "poe_passthrough" "PoE Passthrough" "0"
+	ucidef_add_gpio_switch "poe_passthrough" "PoE Passthrough" "480"
 	;;
 ubnt,edgerouter-x-sfp)
-	ucidef_add_gpio_switch "poe_power_port0" "PoE Power Port0" "496"
-	ucidef_add_gpio_switch "poe_power_port1" "PoE Power Port1" "497"
-	ucidef_add_gpio_switch "poe_power_port2" "PoE Power Port2" "498"
-	ucidef_add_gpio_switch "poe_power_port3" "PoE Power Port3" "499"
-	ucidef_add_gpio_switch "poe_power_port4" "PoE Power Port4" "500"
+	ucidef_add_gpio_switch "poe_power_port0" "PoE Power Port0" "400"
+	ucidef_add_gpio_switch "poe_power_port1" "PoE Power Port1" "401"
+	ucidef_add_gpio_switch "poe_power_port2" "PoE Power Port2" "402"
+	ucidef_add_gpio_switch "poe_power_port3" "PoE Power Port3" "403"
+	ucidef_add_gpio_switch "poe_power_port4" "PoE Power Port4" "404"
 	;;
 esac
 

target/linux/ramips/mt7621/config-5.4

@@ -217,6 +217,7 @@ CONFIG_MTD_UBI_BLOCK=y
 # CONFIG_MTD_UBI_FASTMAP is not set
 # CONFIG_MTD_UBI_GLUEBI is not set
 CONFIG_MTD_UBI_WL_THRESHOLD=4096
+CONFIG_MTD_VIRT_CONCAT=y
 # CONFIG_MTK_HSDMA is not set
 CONFIG_NEED_DMA_MAP_STATE=y
 CONFIG_NET_DEVLINK=y

target/linux/ramips/patches-5.4/0120-staging-mt7621-pci-properly-power-off-dual-ported-pc.patch

@@ -0,0 +1,65 @@
+From 5fcded5e857cf66c9592e4be28c4dab4520c9177 Mon Sep 17 00:00:00 2001
+From: Sergio Paracuellos <sergio.paracuellos@gmail.com>
+Date: Thu, 9 Apr 2020 13:16:52 +0200
+Subject: [PATCH] staging: mt7621-pci: properly power off dual-ported pcie phy
+
+Pcie phy for pcie0 and pcie1 is shared using a dual ported
+one. Current code was assuming that if nothing is connected
+in pcie0 it won't be also nothing connected in pcie1. This
+assumtion is wrong for some devices such us 'Mikrotik rbm33g'
+and 'ZyXEL LTE3301-PLUS' where only connecting a card to the
+second bus on the phy is possible. For such devices kernel
+hangs in the same point because of the wrong poweroff of the
+phy getting the following trace:
+
+mt7621-pci-phy 1e149000.pcie-phy: PHY for 0xbe149000 (dual port = 1)
+mt7621-pci-phy 1e14a000.pcie-phy: PHY for 0xbe14a000 (dual port = 0)
+mt7621-pci-phy 1e149000.pcie-phy: Xtal is 40MHz
+mt7621-pci-phy 1e14a000.pcie-phy: Xtal is 40MHz
+mt7621-pci 1e140000.pcie: pcie0 no card, disable it (RST & CLK)
+[hangs]
+
+The wrong assumption is located in the 'mt7621_pcie_init_ports'
+function where we are just making a power off of the phy for
+slots 0 and 2 if nothing is connected in them. Hence, only
+poweroff the phy if nothing is connected in both slot 0 and
+slot 1 avoiding the kernel to hang.
+
+Fixes: 5737cfe87a9c ("staging: mt7621-pci: avoid to poweroff the phy for slot one")
+Signed-off-by: Sergio Paracuellos <sergio.paracuellos@gmail.com>
+Link: https://lore.kernel.org/r/20200409111652.30964-1-sergio.paracuellos@gmail.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/staging/mt7621-pci/pci-mt7621.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+--- a/drivers/staging/mt7621-pci/pci-mt7621.c
++++ b/drivers/staging/mt7621-pci/pci-mt7621.c
+@@ -502,17 +502,25 @@ static void mt7621_pcie_init_ports(struc
+ 
+ 	mt7621_pcie_reset_ep_deassert(pcie);
+ 
++	tmp = NULL;
+ 	list_for_each_entry(port, &pcie->ports, list) {
+ 		u32 slot = port->slot;
+ 
+ 		if (!mt7621_pcie_port_is_linkup(port)) {
+ 			dev_err(dev, "pcie%d no card, disable it (RST & CLK)\n",
+ 				slot);
+-			if (slot != 1)
+-				phy_power_off(port->phy);
+ 			mt7621_control_assert(port);
+ 			mt7621_pcie_port_clk_disable(port);
+ 			port->enabled = false;
++
++			if (slot == 0) {
++				tmp = port;
++				continue;
++			}
++
++			if (slot == 1 && tmp && !tmp->enabled)
++				phy_power_off(tmp->phy);
++
+ 		}
+ 	}
+ }

target/linux/ramips/patches-5.4/0121-staging-mt7621-pci-fix-PCIe-interrupt-mapping.patch

@@ -0,0 +1,157 @@
+From fab6710e4c51f4eb622f95a08322ab5fdbe3f295 Mon Sep 17 00:00:00 2001
+From: Sergio Paracuellos <sergio.paracuellos@gmail.com>
+Date: Mon, 13 Apr 2020 07:59:42 +0200
+Subject: [PATCH] staging: mt7621-pci: fix PCIe interrupt mapping
+
+MT7621 has three assigned interrupts for the pcie. This
+interrupts should properly being mapped taking into account
+which devices are finally connected in which bus according
+to link status. So the irq mappings should be as follows
+according to link status (three bits indicating which devices
+are link up):
+
+* For PCIe Bus 1 slot 0:
+  - status = 0x2 || status = 0x6 => IRQ = pcie1_irq (24).
+  - status = 0x4 => IRQ = pcie2_irq (25).
+  - default => IRQ = pcie0_irq (23).
+* For PCIe Bus 2 slot 0:
+  - status = 0x5 || status = 0x6 => IRQ = pcie2_irq (25).
+  - default => IRQ = pcie1_irq (24).
+* For PCIe Bus 2 slot 1:
+  - status = 0x5 || status = 0x6 => IRQ = pcie2_irq (25).
+  - default => IRQ = pcie1_irq (24).
+* For PCIe Bus 3 any slot:
+  - default => IRQ = pcie2_irq (25).
+
+Because of this, the function 'of_irq_parse_and_map_pci' cannot
+be used and we need to change device tree information from using
+the 'interrupt-map' and 'interrupt-map-mask' properties into an
+'interrupts' property to be able to get irq information from the
+ports using the 'platform_get_irq' and storing an 'irq-map' into
+the pcie driver data node to properly map correct irq using a
+new 'mt7621_map_irq' function where this map will be read and the
+correct irq returned.
+
+Fixes: 46d093124df4 ("staging: mt7621-pci: improve interrupt mapping")
+Signed-off-by: Sergio Paracuellos <sergio.paracuellos@gmail.com>
+Link: https://lore.kernel.org/r/20200413055942.2714-1-sergio.paracuellos@gmail.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/staging/mt7621-dts/mt7621.dtsi  |  9 +++----
+ drivers/staging/mt7621-pci/pci-mt7621.c | 36 +++++++++++++++++++++++--
+ 2 files changed, 38 insertions(+), 7 deletions(-)
+
+--- a/drivers/staging/mt7621-pci/pci-mt7621.c
++++ b/drivers/staging/mt7621-pci/pci-mt7621.c
+@@ -97,6 +97,7 @@
+  * @pcie_rst: pointer to port reset control
+  * @gpio_rst: gpio reset
+  * @slot: port slot
++ * @irq: GIC irq
+  * @enabled: indicates if port is enabled
+  */
+ struct mt7621_pcie_port {
+@@ -107,6 +108,7 @@ struct mt7621_pcie_port {
+ 	struct reset_control *pcie_rst;
+ 	struct gpio_desc *gpio_rst;
+ 	u32 slot;
++	int irq;
+ 	bool enabled;
+ };
+ 
+@@ -120,6 +122,7 @@ struct mt7621_pcie_port {
+  * @dev: Pointer to PCIe device
+  * @io_map_base: virtual memory base address for io
+  * @ports: pointer to PCIe port information
++ * @irq_map: irq mapping info according pcie link status
+  * @resets_inverted: depends on chip revision
+  * reset lines are inverted.
+  */
+@@ -135,6 +138,7 @@ struct mt7621_pcie {
+ 	} offset;
+ 	unsigned long io_map_base;
+ 	struct list_head ports;
++	int irq_map[PCIE_P2P_MAX];
+ 	bool resets_inverted;
+ };
+ 
+@@ -279,6 +283,16 @@ static void setup_cm_memory_region(struc
+ 	}
+ }
+ 
++static int mt7621_map_irq(const struct pci_dev *pdev, u8 slot, u8 pin)
++{
++	struct mt7621_pcie *pcie = pdev->bus->sysdata;
++	struct device *dev = pcie->dev;
++	int irq = pcie->irq_map[slot];
++
++	dev_info(dev, "bus=%d slot=%d irq=%d\n", pdev->bus->number, slot, irq);
++	return irq;
++}
++
+ static int mt7621_pci_parse_request_of_pci_ranges(struct mt7621_pcie *pcie)
+ {
+ 	struct device *dev = pcie->dev;
+@@ -330,6 +344,7 @@ static int mt7621_pcie_parse_port(struct
+ {
+ 	struct mt7621_pcie_port *port;
+ 	struct device *dev = pcie->dev;
++	struct platform_device *pdev = to_platform_device(dev);
+ 	struct device_node *pnode = dev->of_node;
+ 	struct resource regs;
+ 	char name[10];
+@@ -371,6 +386,12 @@ static int mt7621_pcie_parse_port(struct
+ 	port->slot = slot;
+ 	port->pcie = pcie;
+ 
++	port->irq = platform_get_irq(pdev, slot);
++	if (port->irq < 0) {
++		dev_err(dev, "Failed to get IRQ for PCIe%d\n", slot);
++		return -ENXIO;
++	}
++
+ 	INIT_LIST_HEAD(&port->list);
+ 	list_add_tail(&port->list, &pcie->ports);
+ 
+@@ -585,13 +606,15 @@ static int mt7621_pcie_init_virtual_brid
+ {
+ 	u32 pcie_link_status = 0;
+ 	u32 n;
+-	int i;
++	int i = 0;
+ 	u32 p2p_br_devnum[PCIE_P2P_MAX];
++	int irqs[PCIE_P2P_MAX];
+ 	struct mt7621_pcie_port *port;
+ 
+ 	list_for_each_entry(port, &pcie->ports, list) {
+ 		u32 slot = port->slot;
+ 
++		irqs[i++] = port->irq;
+ 		if (port->enabled)
+ 			pcie_link_status |= BIT(slot);
+ 	}
+@@ -614,6 +637,15 @@ static int mt7621_pcie_init_virtual_brid
+ 		 (p2p_br_devnum[1] << PCIE_P2P_BR_DEVNUM1_SHIFT) |
+ 		 (p2p_br_devnum[2] << PCIE_P2P_BR_DEVNUM2_SHIFT));
+ 
++	/* Assign IRQs */
++	n = 0;
++	for (i = 0; i < PCIE_P2P_MAX; i++)
++		if (pcie_link_status & BIT(i))
++			pcie->irq_map[n++] = irqs[i];
++
++	for (i = n; i < PCIE_P2P_MAX; i++)
++		pcie->irq_map[i] = -1;
++
+ 	return 0;
+ }
+ 
+@@ -638,7 +670,7 @@ static int mt7621_pcie_register_host(str
+ 	host->busnr = pcie->busn.start;
+ 	host->dev.parent = pcie->dev;
+ 	host->ops = &mt7621_pci_ops;
+-	host->map_irq = of_irq_parse_and_map_pci;
++	host->map_irq = mt7621_map_irq;
+ 	host->swizzle_irq = pci_common_swizzle;
+ 	host->sysdata = pcie;
+ 

toolchain/glibc/common.mk

@@ -7,12 +7,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=glibc
-PKG_VERSION:=2.27
+PKG_VERSION:=2.31
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=bef0b1cb31bed76a355776154af9191ed1758222
-PKG_MIRROR_HASH:=24a137758acdc0d8c5254891204ba38d759838123bab09a64ec0bdb94289aafd
+PKG_SOURCE_VERSION:=54ba2541b3a76441a9cbe5dd14c963bf874fd5e9
+PKG_MIRROR_HASH:=333bff38151f333e93a239aa91e0de28a1e7d24863aafe569caf05b9bdb01461
 PKG_SOURCE_URL:=https://sourceware.org/git/glibc.git
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz
 
@@ -60,7 +60,8 @@ GLIBC_CONFIGURE:= \
 		--without-gd \
 		--without-cvs \
 		--enable-add-ons \
-		--$(if $(CONFIG_SOFT_FLOAT),without,with)-fp
+		--$(if $(CONFIG_SOFT_FLOAT),without,with)-fp \
+		--enable-kernel=4.14.0
 
 export libc_cv_ssp=no
 export libc_cv_ssp_strong=no

toolchain/glibc/patches/001-regex-read-overrun.patch

@@ -1,26 +0,0 @@
-commit 583dd860d5b833037175247230a328f0050dbfe9
-Author: Paul Eggert <eggert@cs.ucla.edu>
-Date:   Mon Jan 21 11:08:13 2019 -0800
-
-    regex: fix read overrun [BZ #24114]
-    
-    Problem found by AddressSanitizer, reported by Hongxu Chen in:
-    https://debbugs.gnu.org/34140
-    * posix/regexec.c (proceed_next_node):
-    Do not read past end of input buffer.
-
---- a/posix/regexec.c
-+++ b/posix/regexec.c
-@@ -1293,8 +1293,10 @@ proceed_next_node (const re_match_context_t *mctx, Idx nregs, regmatch_t *regs,
- 	      else if (naccepted)
- 		{
- 		  char *buf = (char *) re_string_get_buffer (&mctx->input);
--		  if (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx,
--			      naccepted) != 0)
-+		  if (mctx->input.valid_len - *pidx < naccepted
-+		      || (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx,
-+				  naccepted)
-+			  != 0))
- 		    return -1;
- 		}
- 	    }

toolchain/glibc/patches/050-Revert-Disallow-use-of-DES-encryption-functions-in-n.patch

@@ -0,0 +1,686 @@
+From cfc93329e00cd23c226f34b3ffd5552a93c35bd7 Mon Sep 17 00:00:00 2001
+From: Hauke Mehrtens <hauke@hauke-m.de>
+Date: Mon, 23 Mar 2020 22:33:46 +0100
+Subject: Revert "Disallow use of DES encryption functions in new programs."
+
+This reverts commit b10a0accee709a5efff2fadf0b0bbb79ff0ad759.
+
+ppp still uses the encrypt functions from the libc. musl libc also
+provides them.
+---
+ conform/data/stdlib.h-data |   3 +
+ conform/data/unistd.h-data |   6 ++
+ crypt/cert.c               |  26 -----
+ crypt/crypt-entry.c        |  15 ++-
+ crypt/crypt.h              |  16 +++
+ crypt/crypt_util.c         |   9 --
+ manual/conf.texi           |   2 -
+ manual/crypt.texi          | 201 +++++++++++++++++++++++++++++++++++++
+ manual/string.texi         |  82 +++++++--------
+ posix/unistd.h             |  22 ++--
+ stdlib/stdlib.h            |   6 ++
+ sunrpc/Makefile            |   2 +-
+ sunrpc/des_crypt.c         |   7 +-
+ sunrpc/des_soft.c          |   2 +-
+ 14 files changed, 303 insertions(+), 96 deletions(-)
+
+--- a/conform/data/stdlib.h-data
++++ b/conform/data/stdlib.h-data
+@@ -149,6 +149,9 @@ function {unsigned short int*} seed48 (u
+ #if !defined ISO && !defined ISO99 && !defined ISO11 && !defined POSIX && !defined XPG4 && !defined XPG42 && !defined UNIX98
+ function int setenv (const char*, const char*, int)
+ #endif
++#if !defined ISO && !defined ISO99 && !defined ISO11 && !defined POSIX && !defined POSIX2008
++function void setkey (const char*)
++#endif
+ #if !defined ISO && !defined ISO99 && !defined ISO11 && !defined XPG4 && !defined POSIX && !defined POSIX2008
+ function {char*} setstate (char*)
+ #endif
+--- a/conform/data/unistd.h-data
++++ b/conform/data/unistd.h-data
+@@ -437,6 +437,9 @@ function int chroot (const char*)
+ function int chown (const char*, uid_t, gid_t)
+ function int close (int)
+ function size_t confstr (int, char*, size_t)
++#if !defined POSIX && !defined POSIX2008
++function {char*} crypt (const char*, const char*)
++#endif
+ #if defined XPG4 || defined XPG42 || defined UNIX98
+ function {char*} ctermid (char*)
+ function {char*} cuserid (char*)
+@@ -446,6 +449,9 @@ allow cuserid
+ #endif
+ function int dup (int)
+ function int dup2 (int, int)
++#if !defined POSIX && !defined POSIX2008
++function void encrypt (char[64], int)
++#endif
+ function int execl (const char*, const char*, ...)
+ function int execle (const char*, const char*, ...)
+ function int execlp (const char*, const char*, ...)
+--- a/crypt/cert.c
++++ b/crypt/cert.c
+@@ -10,22 +10,6 @@
+ #include <stdlib.h>
+ #include "crypt.h"
+ 
+-/* This file tests the deprecated setkey/encrypt interface.  */
+-#include <shlib-compat.h>
+-#if TEST_COMPAT (libcrypt, GLIBC_2_0, GLIBC_2_28)
+-
+-#define libcrypt_version_reference(symbol, version) \
+-  _libcrypt_version_reference (symbol, VERSION_libcrypt_##version)
+-#define _libcrypt_version_reference(symbol, version) \
+-  __libcrypt_version_reference (symbol, version)
+-#define __libcrypt_version_reference(symbol, version) \
+-  __asm__ (".symver " #symbol ", " #symbol "@" #version)
+-
+-extern void setkey (const char *);
+-extern void encrypt (const char *, int);
+-libcrypt_version_reference (setkey, GLIBC_2_0);
+-libcrypt_version_reference (encrypt, GLIBC_2_0);
+-
+ int totfails = 0;
+ 
+ int main (int argc, char *argv[]);
+@@ -120,13 +104,3 @@ put8 (char *cp)
+ 	  printf("%02x", t);
+ 	}
+ }
+-
+-#else /* encrypt and setkey are not available.  */
+-
+-int
+-main (void)
+-{
+-  return 77; /* UNSUPPORTED */
+-}
+-
+-#endif
+--- a/crypt/crypt-entry.c
++++ b/crypt/crypt-entry.c
+@@ -35,7 +35,6 @@
+ #endif
+ 
+ #include "crypt-private.h"
+-#include <shlib-compat.h>
+ 
+ /* Prototypes for local functions.  */
+ #ifndef __GNU_LIBRARY__
+@@ -177,7 +176,17 @@ crypt (const char *key, const char *salt
+   return __crypt_r (key, salt, &_ufc_foobar);
+ }
+ 
+-#if SHLIB_COMPAT (libcrypt, GLIBC_2_0, GLIBC_2_28)
++
++/*
++ * To make fcrypt users happy.
++ * They don't need to call init_des.
++ */
++#ifdef _LIBC
+ weak_alias (crypt, fcrypt)
+-compat_symbol (libcrypt, fcrypt, fcrypt, GLIBC_2_0);
++#else
++char *
++__fcrypt (const char *key, const char *salt)
++{
++  return crypt (key, salt);
++}
+ #endif
+--- a/crypt/crypt.h
++++ b/crypt/crypt.h
+@@ -36,6 +36,14 @@ __BEGIN_DECLS
+ extern char *crypt (const char *__phrase, const char *__salt)
+      __THROW __nonnull ((1, 2));
+ 
++/* Setup DES tables according KEY.  */
++extern void setkey (const char *__key) __THROW __nonnull ((1));
++
++/* Encrypt data in BLOCK in place if EDFLAG is zero; otherwise decrypt
++   block in place.  */
++extern void encrypt (char *__glibc_block, int __edflag)
++     __THROW __nonnull ((1));
++
+ #ifdef __USE_GNU
+ 
+ /* This structure provides scratch and output buffers for 'crypt_r'.
+@@ -63,6 +71,14 @@ struct crypt_data
+ extern char *crypt_r (const char *__phrase, const char *__salt,
+ 		      struct crypt_data * __restrict __data)
+      __THROW __nonnull ((1, 2, 3));
++
++extern void setkey_r (const char *__key,
++		      struct crypt_data * __restrict __data)
++     __THROW __nonnull ((1, 2));
++
++extern void encrypt_r (char *__glibc_block, int __edflag,
++		       struct crypt_data * __restrict __data)
++     __THROW __nonnull ((1, 3));
+ #endif
+ 
+ __END_DECLS
+--- a/crypt/crypt_util.c
++++ b/crypt/crypt_util.c
+@@ -34,7 +34,6 @@
+ #endif
+ 
+ #include "crypt-private.h"
+-#include <shlib-compat.h>
+ 
+ /* Prototypes for local functions.  */
+ #ifndef __GNU_LIBRARY__
+@@ -151,7 +150,6 @@ static const int sbox[8][4][16]= {
+ 	}
+ };
+ 
+-#if SHLIB_COMPAT (libcrypt, GLIBC_2_0, GLIBC_2_28)
+ /*
+  * This is the initial
+  * permutation matrix
+@@ -162,7 +160,6 @@ static const int initial_perm[64] = {
+   57, 49, 41, 33, 25, 17,  9,  1, 59, 51, 43, 35, 27, 19, 11, 3,
+   61, 53, 45, 37, 29, 21, 13,  5, 63, 55, 47, 39, 31, 23, 15, 7
+ };
+-#endif
+ 
+ /*
+  * This is the final
+@@ -788,7 +785,6 @@ _ufc_output_conversion_r (ufc_long v1, u
+   __data->crypt_3_buf[13] = 0;
+ }
+ 
+-#if SHLIB_COMPAT (libcrypt, GLIBC_2_0, GLIBC_2_28)
+ 
+ /*
+  * UNIX encrypt function. Takes a bitvector
+@@ -889,14 +885,12 @@ __encrypt_r (char *__block, int __edflag
+   }
+ }
+ weak_alias (__encrypt_r, encrypt_r)
+-compat_symbol (libcrypt, encrypt_r, encrypt_r, GLIBC_2_0);
+ 
+ void
+ encrypt (char *__block, int __edflag)
+ {
+   __encrypt_r(__block, __edflag, &_ufc_foobar);
+ }
+-compat_symbol (libcrypt, encrypt, encrypt, GLIBC_2_0);
+ 
+ 
+ /*
+@@ -921,15 +915,12 @@ __setkey_r (const char *__key, struct cr
+   _ufc_mk_keytab_r((char *) ktab, __data);
+ }
+ weak_alias (__setkey_r, setkey_r)
+-compat_symbol (libcrypt, setkey_r, setkey_r, GLIBC_2_0);
+ 
+ void
+ setkey (const char *__key)
+ {
+   __setkey_r(__key, &_ufc_foobar);
+ }
+-compat_symbol (libcrypt, setkey, setkey, GLIBC_2_0);
+-#endif /* SHLIB_COMPAT (libcrypt, GLIBC_2_0, GLIBC_2_28) */
+ 
+ void
+ __b64_from_24bit (char **cp, int *buflen,
+--- a/manual/conf.texi
++++ b/manual/conf.texi
+@@ -780,8 +780,6 @@ Inquire about the parameter correspondin
+ @item _SC_XOPEN_CRYPT
+ @standards{X/Open, unistd.h}
+ Inquire about the parameter corresponding to @code{_XOPEN_CRYPT}.
+-@Theglibc no longer implements the @code{_XOPEN_CRYPT} extensions,
+-so @samp{sysconf (_SC_XOPEN_CRYPT)} always returns @code{-1}.
+ 
+ @item _SC_XOPEN_ENH_I18N
+ @standards{X/Open, unistd.h}
+--- a/manual/crypt.texi
++++ b/manual/crypt.texi
+@@ -16,8 +16,19 @@ subject to them, even if you do not use
+ yourself.  The restrictions vary from place to place and are changed
+ often, so we cannot give any more specific advice than this warning.
+ 
++@vindex AUTH_DES
++@cindex FIPS 140-2
++It also provides support for Secure RPC, and some library functions that
++can be used to perform normal DES encryption.  The @code{AUTH_DES}
++authentication flavor in Secure RPC, as provided by @theglibc{},
++uses DES and does not comply with FIPS 140-2 nor does any other use of DES
++within @theglibc{}.  It is recommended that Secure RPC should not be used
++for systems that need to comply with FIPS 140-2 since all flavors of
++encrypted authentication use normal DES.
++
+ @menu
+ * Passphrase Storage::          One-way hashing for passphrases.
++* DES Encryption::              Routines for DES encryption.
+ * Unpredictable Bytes::         Randomness for cryptographic purposes.
+ @end menu
+ 
+@@ -200,6 +211,196 @@ hashes for the same passphrase.
+ @include testpass.c.texi
+ @end smallexample
+ 
++@node DES Encryption
++@section DES Encryption
++
++@cindex FIPS 46-3
++The Data Encryption Standard is described in the US Government Federal
++Information Processing Standards (FIPS) 46-3 published by the National
++Institute of Standards and Technology.  The DES has been very thoroughly
++analyzed since it was developed in the late 1970s, and no new
++significant flaws have been found.
++
++However, the DES uses only a 56-bit key (plus 8 parity bits), and a
++machine has been built in 1998 which can search through all possible
++keys in about 6 days, which cost about US$200000; faster searches would
++be possible with more money.  This makes simple DES insecure for most
++purposes, and NIST no longer permits new US government systems
++to use simple DES.
++
++For serious encryption functionality, it is recommended that one of the
++many free encryption libraries be used instead of these routines.
++
++The DES is a reversible operation which takes a 64-bit block and a
++64-bit key, and produces another 64-bit block.  Usually the bits are
++numbered so that the most-significant bit, the first bit, of each block
++is numbered 1.
++
++Under that numbering, every 8th bit of the key (the 8th, 16th, and so
++on) is not used by the encryption algorithm itself.  But the key must
++have odd parity; that is, out of bits 1 through 8, and 9 through 16, and
++so on, there must be an odd number of `1' bits, and this completely
++specifies the unused bits.
++
++@deftypefun void setkey (const char *@var{key})
++@standards{BSD, crypt.h}
++@standards{SVID, crypt.h}
++@safety{@prelim{}@mtunsafe{@mtasurace{:crypt}}@asunsafe{@asucorrupt{} @asulock{}}@acunsafe{@aculock{}}}
++@c The static buffer stores the key, making it fundamentally
++@c thread-unsafe.  The locking issues are only in the initialization
++@c path; cancelling the initialization will leave the lock held, it
++@c would otherwise repeat the initialization on the next call.
++
++The @code{setkey} function sets an internal data structure to be an
++expanded form of @var{key}.  @var{key} is specified as an array of 64
++bits each stored in a @code{char}, the first bit is @code{key[0]} and
++the 64th bit is @code{key[63]}.  The @var{key} should have the correct
++parity.
++@end deftypefun
++
++@deftypefun void encrypt (char *@var{block}, int @var{edflag})
++@standards{BSD, crypt.h}
++@standards{SVID, crypt.h}
++@safety{@prelim{}@mtunsafe{@mtasurace{:crypt}}@asunsafe{@asucorrupt{} @asulock{}}@acunsafe{@aculock{}}}
++@c Same issues as setkey.
++
++The @code{encrypt} function encrypts @var{block} if
++@var{edflag} is 0, otherwise it decrypts @var{block}, using a key
++previously set by @code{setkey}.  The result is
++placed in @var{block}.
++
++Like @code{setkey}, @var{block} is specified as an array of 64 bits each
++stored in a @code{char}, but there are no parity bits in @var{block}.
++@end deftypefun
++
++@deftypefun void setkey_r (const char *@var{key}, {struct crypt_data *} @var{data})
++@deftypefunx void encrypt_r (char *@var{block}, int @var{edflag}, {struct crypt_data *} @var{data})
++@standards{GNU, crypt.h}
++@c setkey_r: @safety{@prelim{}@mtsafe{}@asunsafe{@asucorrupt{} @asulock{}}@acunsafe{@aculock{}}}
++@safety{@prelim{}@mtsafe{}@asunsafe{@asucorrupt{} @asulock{}}@acunsafe{@aculock{}}}
++
++These are reentrant versions of @code{setkey} and @code{encrypt}.  The
++only difference is the extra parameter, which stores the expanded
++version of @var{key}.  Before calling @code{setkey_r} the first time,
++@code{data->initialized} must be cleared to zero.
++@end deftypefun
++
++The @code{setkey_r} and @code{encrypt_r} functions are GNU extensions.
++@code{setkey}, @code{encrypt}, @code{setkey_r}, and @code{encrypt_r} are
++defined in @file{crypt.h}.
++
++@deftypefun int ecb_crypt (char *@var{key}, char *@var{blocks}, unsigned int @var{len}, unsigned int @var{mode})
++@standards{SUNRPC, rpc/des_crypt.h}
++@safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
++
++The function @code{ecb_crypt} encrypts or decrypts one or more blocks
++using DES.  Each block is encrypted independently.
++
++The @var{blocks} and the @var{key} are stored packed in 8-bit bytes, so
++that the first bit of the key is the most-significant bit of
++@code{key[0]} and the 63rd bit of the key is stored as the
++least-significant bit of @code{key[7]}.  The @var{key} should have the
++correct parity.
++
++@var{len} is the number of bytes in @var{blocks}.  It should be a
++multiple of 8 (so that there are a whole number of blocks to encrypt).
++@var{len} is limited to a maximum of @code{DES_MAXDATA} bytes.
++
++The result of the encryption replaces the input in @var{blocks}.
++
++The @var{mode} parameter is the bitwise OR of two of the following:
++
++@vtable @code
++@item DES_ENCRYPT
++@standards{SUNRPC, rpc/des_crypt.h}
++This constant, used in the @var{mode} parameter, specifies that
++@var{blocks} is to be encrypted.
++
++@item DES_DECRYPT
++@standards{SUNRPC, rpc/des_crypt.h}
++This constant, used in the @var{mode} parameter, specifies that
++@var{blocks} is to be decrypted.
++
++@item DES_HW
++@standards{SUNRPC, rpc/des_crypt.h}
++This constant, used in the @var{mode} parameter, asks to use a hardware
++device.  If no hardware device is available, encryption happens anyway,
++but in software.
++
++@item DES_SW
++@standards{SUNRPC, rpc/des_crypt.h}
++This constant, used in the @var{mode} parameter, specifies that no
++hardware device is to be used.
++@end vtable
++
++The result of the function will be one of these values:
++
++@vtable @code
++@item DESERR_NONE
++@standards{SUNRPC, rpc/des_crypt.h}
++The encryption succeeded.
++
++@item DESERR_NOHWDEVICE
++@standards{SUNRPC, rpc/des_crypt.h}
++The encryption succeeded, but there was no hardware device available.
++
++@item DESERR_HWERROR
++@standards{SUNRPC, rpc/des_crypt.h}
++The encryption failed because of a hardware problem.
++
++@item DESERR_BADPARAM
++@standards{SUNRPC, rpc/des_crypt.h}
++The encryption failed because of a bad parameter, for instance @var{len}
++is not a multiple of 8 or @var{len} is larger than @code{DES_MAXDATA}.
++@end vtable
++@end deftypefun
++
++@deftypefun int DES_FAILED (int @var{err})
++@standards{SUNRPC, rpc/des_crypt.h}
++@safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
++This macro returns 1 if @var{err} is a `success' result code from
++@code{ecb_crypt} or @code{cbc_crypt}, and 0 otherwise.
++@end deftypefun
++
++@deftypefun int cbc_crypt (char *@var{key}, char *@var{blocks}, unsigned int @var{len}, unsigned int @var{mode}, char *@var{ivec})
++@standards{SUNRPC, rpc/des_crypt.h}
++@safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
++
++The function @code{cbc_crypt} encrypts or decrypts one or more blocks
++using DES in Cipher Block Chaining mode.
++
++For encryption in CBC mode, each block is exclusive-ored with @var{ivec}
++before being encrypted, then @var{ivec} is replaced with the result of
++the encryption, then the next block is processed.  Decryption is the
++reverse of this process.
++
++This has the advantage that blocks which are the same before being
++encrypted are very unlikely to be the same after being encrypted, making
++it much harder to detect patterns in the data.
++
++Usually, @var{ivec} is set to 8 random bytes before encryption starts.
++Then the 8 random bytes are transmitted along with the encrypted data
++(without themselves being encrypted), and passed back in as @var{ivec}
++for decryption.  Another possibility is to set @var{ivec} to 8 zeroes
++initially, and have the first block encrypted consist of 8 random
++bytes.
++
++Otherwise, all the parameters are similar to those for @code{ecb_crypt}.
++@end deftypefun
++
++@deftypefun void des_setparity (char *@var{key})
++@standards{SUNRPC, rpc/des_crypt.h}
++@safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
++
++The function @code{des_setparity} changes the 64-bit @var{key}, stored
++packed in 8-bit bytes, to have odd parity by altering the low bits of
++each byte.
++@end deftypefun
++
++The @code{ecb_crypt}, @code{cbc_crypt}, and @code{des_setparity}
++functions and their accompanying macros are all defined in the header
++@file{rpc/des_crypt.h}.
++
+ @node Unpredictable Bytes
+ @section Generating Unpredictable Bytes
+ @cindex randomness source
+--- a/manual/string.texi
++++ b/manual/string.texi
+@@ -36,8 +36,8 @@ too.
+ 				 for delimiters.
+ * Erasing Sensitive Data::      Clearing memory which contains sensitive
+                                  data, after it's no longer needed.
+-* Shuffling Bytes::             Or how to flash-cook a string.
+-* Obfuscating Data::            Reversibly obscuring data from casual view.
++* strfry::                      Function for flash-cooking a string.
++* Trivial Encryption::          Obscuring data.
+ * Encode Binary Data::          Encoding and Decoding of Binary Data.
+ * Argz and Envz Vectors::       Null-separated string vectors.
+ @end menu
+@@ -2426,73 +2426,73 @@ functionality under a different name, su
+ systems it may be in @file{strings.h} instead.
+ @end deftypefun
+ 
+-
+-@node Shuffling Bytes
+-@section Shuffling Bytes
++@node strfry
++@section strfry
+ 
+ The function below addresses the perennial programming quandary: ``How do
+ I take good data in string form and painlessly turn it into garbage?''
+-This is not a difficult thing to code for oneself, but the authors of
+-@theglibc{} wish to make it as convenient as possible.
++This is actually a fairly simple task for C programmers who do not use
++@theglibc{} string functions, but for programs based on @theglibc{},
++the @code{strfry} function is the preferred method for
++destroying string data.
+ 
+-To @emph{erase} data, use @code{explicit_bzero} (@pxref{Erasing
+-Sensitive Data}); to obfuscate it reversibly, use @code{memfrob}
+-(@pxref{Obfuscating Data}).
++The prototype for this function is in @file{string.h}.
+ 
+ @deftypefun {char *} strfry (char *@var{string})
+ @standards{GNU, string.h}
+ @safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
+ @c Calls initstate_r, time, getpid, strlen, and random_r.
+ 
+-@code{strfry} performs an in-place shuffle on @var{string}.  Each
+-character is swapped to a position selected at random, within the
+-portion of the string starting with the character's original position.
+-(This is the Fisher-Yates algorithm for unbiased shuffling.)
+-
+-Calling @code{strfry} will not disturb any of the random number
+-generators that have global state (@pxref{Pseudo-Random Numbers}).
++@code{strfry} creates a pseudorandom anagram of a string, replacing the
++input with the anagram in place.  For each position in the string,
++@code{strfry} swaps it with a position in the string selected at random
++(from a uniform distribution).  The two positions may be the same.
+ 
+ The return value of @code{strfry} is always @var{string}.
+ 
+ @strong{Portability Note:}  This function is unique to @theglibc{}.
+-It is declared in @file{string.h}.
++
+ @end deftypefun
+ 
+ 
+-@node Obfuscating Data
+-@section Obfuscating Data
++@node Trivial Encryption
++@section Trivial Encryption
++@cindex encryption
++
++
++The @code{memfrob} function converts an array of data to something
++unrecognizable and back again.  It is not encryption in its usual sense
++since it is easy for someone to convert the encrypted data back to clear
++text.  The transformation is analogous to Usenet's ``Rot13'' encryption
++method for obscuring offensive jokes from sensitive eyes and such.
++Unlike Rot13, @code{memfrob} works on arbitrary binary data, not just
++text.
+ @cindex Rot13
+ 
+-The @code{memfrob} function reversibly obfuscates an array of binary
+-data.  This is not true encryption; the obfuscated data still bears a
+-clear relationship to the original, and no secret key is required to
+-undo the obfuscation.  It is analogous to the ``Rot13'' cipher used on
+-Usenet for obscuring offensive jokes, spoilers for works of fiction,
+-and so on, but it can be applied to arbitrary binary data.
+-
+-Programs that need true encryption---a transformation that completely
+-obscures the original and cannot be reversed without knowledge of a
+-secret key---should use a dedicated cryptography library, such as
+-@uref{https://www.gnu.org/software/libgcrypt/,,libgcrypt}.
+-
+-Programs that need to @emph{destroy} data should use
+-@code{explicit_bzero} (@pxref{Erasing Sensitive Data}), or possibly
+-@code{strfry} (@pxref{Shuffling Bytes}).
++For true encryption, @xref{Cryptographic Functions}.
++
++This function is declared in @file{string.h}.
++@pindex string.h
+ 
+ @deftypefun {void *} memfrob (void *@var{mem}, size_t @var{length})
+ @standards{GNU, string.h}
+ @safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
+ 
+-The function @code{memfrob} obfuscates @var{length} bytes of data
+-beginning at @var{mem}, in place.  Each byte is bitwise xor-ed with
+-the binary pattern 00101010 (hexadecimal 0x2A).  The return value is
+-always @var{mem}.
+-
+-@code{memfrob} a second time on the same data returns it to
+-its original state.
++@code{memfrob} transforms (frobnicates) each byte of the data structure
++at @var{mem}, which is @var{length} bytes long, by bitwise exclusive
++oring it with binary 00101010.  It does the transformation in place and
++its return value is always @var{mem}.
++
++Note that @code{memfrob} a second time on the same data structure
++returns it to its original state.
++
++This is a good function for hiding information from someone who doesn't
++want to see it or doesn't want to see it very much.  To really prevent
++people from retrieving the information, use stronger encryption such as
++that described in @xref{Cryptographic Functions}.
+ 
+ @strong{Portability Note:}  This function is unique to @theglibc{}.
+-It is declared in @file{string.h}.
++
+ @end deftypefun
+ 
+ @node Encode Binary Data
+--- a/posix/unistd.h
++++ b/posix/unistd.h
+@@ -107,6 +107,9 @@ __BEGIN_DECLS
+ /* The X/Open Unix extensions are available.  */
+ #define _XOPEN_UNIX	1
+ 
++/* Encryption is present.  */
++#define	_XOPEN_CRYPT	1
++
+ /* The enhanced internationalization capabilities according to XPG4.2
+    are present.  */
+ #define	_XOPEN_ENH_I18N	1
+@@ -1115,17 +1118,20 @@ ssize_t copy_file_range (int __infd, __o
+ extern int fdatasync (int __fildes);
+ #endif /* Use POSIX199309 */
+ 
+-#ifdef __USE_MISC
+-/* One-way hash PHRASE, returning a string suitable for storage in the
+-   user database.  SALT selects the one-way function to use, and
+-   ensures that no two users' hashes are the same, even if they use
+-   the same passphrase.  The return value points to static storage
+-   which will be overwritten by the next call to crypt.  */
++
++/* XPG4.2 specifies that prototypes for the encryption functions must
++   be defined here.  */
++#ifdef	__USE_XOPEN
++/* Encrypt at most 8 characters from KEY using salt to perturb DES.  */
+ extern char *crypt (const char *__key, const char *__salt)
+      __THROW __nonnull ((1, 2));
+-#endif
+ 
+-#ifdef	__USE_XOPEN
++/* Encrypt data in BLOCK in place if EDFLAG is zero; otherwise decrypt
++   block in place.  */
++extern void encrypt (char *__glibc_block, int __edflag)
++     __THROW __nonnull ((1));
++
++
+ /* Swab pairs bytes in the first N bytes of the area pointed to by
+    FROM and copy the result to TO.  The value of TO must not be in the
+    range [FROM - N + 1, FROM - 1].  If N is odd the first byte in FROM
+--- a/stdlib/stdlib.h
++++ b/stdlib/stdlib.h
+@@ -961,6 +961,12 @@ extern int getsubopt (char **__restrict
+ #endif
+ 
+ 
++#ifdef __USE_XOPEN
++/* Setup DES tables according KEY.  */
++extern void setkey (const char *__key) __THROW __nonnull ((1));
++#endif
++
++
+ /* X/Open pseudo terminal handling.  */
+ 
+ #ifdef __USE_XOPEN2KXSI
+--- a/sunrpc/Makefile
++++ b/sunrpc/Makefile
+@@ -51,7 +51,7 @@ rpcsvc = bootparam_prot.x nlm_prot.x rst
+ headers-sunrpc = $(addprefix rpc/,auth.h auth_unix.h clnt.h pmap_clnt.h \
+ 				  pmap_prot.h pmap_rmt.h rpc.h rpc_msg.h \
+ 				  svc.h svc_auth.h types.h xdr.h auth_des.h \
+-				  key_prot.h) \
++				  des_crypt.h key_prot.h rpc_des.h) \
+ 		       $(rpcsvc:%=rpcsvc/%) rpcsvc/bootparam.h
+ headers = rpc/netdb.h
+ install-others = $(inst_sysconfdir)/rpc
+--- a/sunrpc/des_crypt.c
++++ b/sunrpc/des_crypt.c
+@@ -86,9 +86,6 @@ common_crypt (char *key, char *buf, regi
+   return desdev == DES_SW ? DESERR_NONE : DESERR_NOHWDEVICE;
+ }
+ 
+-/* Note: these cannot be excluded from the build yet, because they are
+-   still used internally.  */
+-
+ /*
+  * CBC mode encryption
+  */
+@@ -105,7 +102,7 @@ cbc_crypt (char *key, char *buf, unsigne
+   COPY8 (dp.des_ivec, ivec);
+   return err;
+ }
+-hidden_nolink (cbc_crypt, libc, GLIBC_2_1)
++libc_hidden_nolink_sunrpc (cbc_crypt, GLIBC_2_1)
+ 
+ /*
+  * ECB mode encryption
+@@ -118,4 +115,4 @@ ecb_crypt (char *key, char *buf, unsigne
+   dp.des_mode = ECB;
+   return common_crypt (key, buf, len, mode, &dp);
+ }
+-hidden_nolink (ecb_crypt, libc, GLIBC_2_1)
++libc_hidden_nolink_sunrpc (ecb_crypt, GLIBC_2_1)
+--- a/sunrpc/des_soft.c
++++ b/sunrpc/des_soft.c
+@@ -71,4 +71,4 @@ des_setparity (char *p)
+       p++;
+     }
+ }
+-hidden_nolink (des_setparity, libc, GLIBC_2_1)
++libc_hidden_nolink_sunrpc (des_setparity, GLIBC_2_1)

toolchain/glibc/patches/200-add-dl-search-paths.patch

@@ -2,7 +2,7 @@ add /usr/lib to default search path for the dynamic linker
 
 --- a/Makeconfig
 +++ b/Makeconfig
-@@ -589,6 +589,9 @@ else
+@@ -601,6 +601,9 @@ else
  default-rpath = $(libdir)
  endif