From 8c9a7881729d82afefc74a8c6e552b20b722b011 Mon Sep 17 00:00:00 2001
From: Paul Spooren <mail@aparcar.org>
Date: Thu, 13 Aug 2020 13:46:43 -1000
Subject: [PATCH 01/10] build: SDK/IB reproducible and faster compression

Both IB and SDK now use the same logic for packing.

This commit add reproducible multithread compression to the SDK and
corrects the file mtime for both. Previously all files where just copied
over from the build system, generating random mtimes.

Signed-off-by: Paul Spooren <mail@aparcar.org>
---
 target/imagebuilder/Makefile | 5 ++++-
 target/sdk/Makefile          | 3 ++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/target/imagebuilder/Makefile b/target/imagebuilder/Makefile
index b463feb456..ad19ab2b53 100644
--- a/target/imagebuilder/Makefile
+++ b/target/imagebuilder/Makefile
@@ -86,7 +86,10 @@ endif
 	(cd $(PKG_BUILD_DIR); find staging_dir/host/bin/ $(IB_LDIR)/scripts/dtc/ -type f | \
 		$(XARGS) $(SCRIPT_DIR)/bundle-libraries.sh $(PKG_BUILD_DIR)/staging_dir/host)
 	STRIP=sstrip $(SCRIPT_DIR)/rstrip.sh $(PKG_BUILD_DIR)/staging_dir/host/bin/
-	$(TAR) -cf - -C $(BUILD_DIR) $(IB_NAME) | xz -T$(if $(filter 1,$(NPROC)),2,0) -zc -7e > $@
+	(cd $(BUILD_DIR); \
+		tar -I '$(STAGING_DIR_HOST)/bin/xz -7e -T$(if $(filter 1,$(NPROC)),2,0)' -cf $@ $(IB_NAME) \
+		--mtime="$(shell date --date=@$(SOURCE_DATE_EPOCH))"; \
+	)
 
 download:
 prepare:
diff --git a/target/sdk/Makefile b/target/sdk/Makefile
index d3552b47eb..022a791ebf 100644
--- a/target/sdk/Makefile
+++ b/target/sdk/Makefile
@@ -152,7 +152,8 @@ $(BIN_DIR)/$(SDK_NAME).tar.xz: clean
 	find $(SDK_BUILD_DIR) -name CVS | $(XARGS) rm -rf
 	-make -C $(SDK_BUILD_DIR)/scripts/config clean
 	(cd $(BUILD_DIR); \
-		tar -I 'xz -7e' -cf $@ $(SDK_NAME); \
+		tar -I '$(STAGING_DIR_HOST)/bin/xz -7e -T$(if $(filter 1,$(NPROC)),2,0)' -cf $@ $(SDK_NAME) \
+		--mtime="$(shell date --date=@$(SOURCE_DATE_EPOCH))"; \
 	)
 
 download:

From 4faf7704a2426c1b93262473d547e38fa067c356 Mon Sep 17 00:00:00 2001
From: Hannu Nyman <hannu.nyman@iki.fi>
Date: Sun, 23 Aug 2020 17:08:14 +0300
Subject: [PATCH 02/10] tools/mpfr: update to 4.1.0

Update mpfr to version 4.1.0.
Refresh patches.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
---
 tools/mpfr/Makefile                   | 4 ++--
 tools/mpfr/patches/001-only_src.patch | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/tools/mpfr/Makefile b/tools/mpfr/Makefile
index fdb316efb9..65e6f8959f 100644
--- a/tools/mpfr/Makefile
+++ b/tools/mpfr/Makefile
@@ -7,12 +7,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=mpfr
-PKG_VERSION:=4.0.2
+PKG_VERSION:=4.1.0
 PKG_CPE_ID:=cpe:/a:mpfr:gnu_mpfr
 
 PKG_SOURCE_URL:=@GNU/mpfr http://www.mpfr.org/mpfr-$(PKG_VERSION)
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_HASH:=1d3be708604eae0e42d578ba93b390c2a145f17743a744d8f3f8c2ad5855a38a
+PKG_HASH:=0c98a3f1732ff6ca4ea690552079da9c597872d30e96ec28414ee23c95558a7f
 
 HOST_BUILD_PARALLEL:=1
 HOST_FIXUP:=autoreconf
diff --git a/tools/mpfr/patches/001-only_src.patch b/tools/mpfr/patches/001-only_src.patch
index 019928741a..dbc7d32343 100644
--- a/tools/mpfr/patches/001-only_src.patch
+++ b/tools/mpfr/patches/001-only_src.patch
@@ -1,6 +1,6 @@
 --- a/Makefile.am
 +++ b/Makefile.am
-@@ -18,7 +18,7 @@ AUTOMAKE_OPTIONS = gnu
+@@ -24,7 +24,7 @@ AUTOMAKE_OPTIONS = gnu
  # old Automake version.
  ACLOCAL_AMFLAGS = -I m4
  
@@ -11,7 +11,7 @@
  pkgconfig_DATA = mpfr.pc
 --- a/Makefile.in
 +++ b/Makefile.in
-@@ -383,7 +383,7 @@ AUTOMAKE_OPTIONS = gnu
+@@ -384,7 +384,7 @@ AUTOMAKE_OPTIONS = gnu
  # libtoolize and in case some developer needs to switch back to an
  # old Automake version.
  ACLOCAL_AMFLAGS = -I m4

From 84834df9b9867b37b1ac6ade8abcf17cda456974 Mon Sep 17 00:00:00 2001
From: Hannu Nyman <hannu.nyman@iki.fi>
Date: Sun, 23 Aug 2020 17:11:11 +0300
Subject: [PATCH 03/10] tools/cmake: update to 3.18.2

Update cmake to version 3.18.2.
Refresh patches.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
---
 tools/cmake/Makefile                                 |  8 ++++----
 tools/cmake/patches/100-no-testing.patch             | 12 ++++++------
 .../patches/120-curl-fix-libressl-linking.patch      |  6 +++---
 .../patches/130-bootstrap_parallel_make_flag.patch   |  6 +++---
 4 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/tools/cmake/Makefile b/tools/cmake/Makefile
index fd066da326..7839d7b00a 100644
--- a/tools/cmake/Makefile
+++ b/tools/cmake/Makefile
@@ -7,14 +7,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=cmake
-PKG_VERSION:=3.17.0
-PKG_RELEASE:=2
+PKG_VERSION:=3.18.2
+PKG_RELEASE:=1
 PKG_CPE_ID:=cpe:/a:kitware:cmake
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/Kitware/CMake/releases/download/v$(PKG_VERSION)/ \
-		https://cmake.org/files/v3.17/
-PKG_HASH:=b74c05b55115eacc4fa2b77a814981dbda05cdc95a53e279fe16b7b272f00847
+		https://cmake.org/files/v3.18/
+PKG_HASH:=5d4e40fc775d3d828c72e5c45906b4d9b59003c9433ff1b36a1cb552bbd51d7e
 
 HOST_BUILD_PARALLEL:=1
 HOST_CONFIGURE_PARALLEL:=1
diff --git a/tools/cmake/patches/100-no-testing.patch b/tools/cmake/patches/100-no-testing.patch
index 501302b835..44452ce39e 100644
--- a/tools/cmake/patches/100-no-testing.patch
+++ b/tools/cmake/patches/100-no-testing.patch
@@ -1,6 +1,6 @@
 --- a/Modules/CTest.cmake
 +++ b/Modules/CTest.cmake
-@@ -47,7 +47,7 @@ the :variable:`CTEST_USE_LAUNCHERS` variable::
+@@ -47,7 +47,7 @@ the :variable:`CTEST_USE_LAUNCHERS` vari
  in the ``CTestConfig.cmake`` file.
  #]=======================================================================]
  
@@ -11,7 +11,7 @@
  # like vs9 or vs10
 --- a/Modules/Dart.cmake
 +++ b/Modules/Dart.cmake
-@@ -33,7 +33,7 @@ whether testing support should be enabled.  The default is ON.
+@@ -33,7 +33,7 @@ whether testing support should be enable
  #
  #
  
@@ -22,12 +22,12 @@
    find_package(Dart QUIET)
 --- a/Tests/Contracts/VTK/Dashboard.cmake.in
 +++ b/Tests/Contracts/VTK/Dashboard.cmake.in
-@@ -25,7 +25,7 @@ ctest_empty_binary_directory(${CTEST_BINARY_DIRECTORY})
+@@ -25,7 +25,7 @@ ctest_empty_binary_directory(${CTEST_BIN
  
  file(WRITE "${CTEST_BINARY_DIRECTORY}/CMakeCache.txt" "
-   BUILD_EXAMPLES:BOOL=ON
--  BUILD_TESTING:BOOL=ON
-+  BUILD_TESTING:BOOL=OFF
+   VTK_BUILD_EXAMPLES:BOOL=ON
+-  VTK_BUILD_TESTING:STRING=WANT
++  VTK_BUILD_TESTING:STRING=OFF
    VTK_WRAP_PYTHON:BOOL=ON
    ExternalData_OBJECT_STORES:FILEPATH=@base_dir@/ExternalData
  ")
diff --git a/tools/cmake/patches/120-curl-fix-libressl-linking.patch b/tools/cmake/patches/120-curl-fix-libressl-linking.patch
index 66e3f81c6f..4fb541f3e4 100644
--- a/tools/cmake/patches/120-curl-fix-libressl-linking.patch
+++ b/tools/cmake/patches/120-curl-fix-libressl-linking.patch
@@ -20,10 +20,10 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 ---
 --- a/Utilities/cmcurl/CMakeLists.txt
 +++ b/Utilities/cmcurl/CMakeLists.txt
-@@ -459,6 +459,14 @@ if(CMAKE_USE_OPENSSL)
+@@ -488,6 +488,14 @@ if(CMAKE_USE_OPENSSL)
+   endif()
+   set(SSL_ENABLED ON)
    set(USE_OPENSSL ON)
-   set(HAVE_LIBCRYPTO ON)
-   set(HAVE_LIBSSL ON)
 +  check_library_exists("rt" clock_gettime "" HAVE_LIBRT)
 +  if(HAVE_LIBRT)
 +    list(APPEND OPENSSL_LIBRARIES rt)
diff --git a/tools/cmake/patches/130-bootstrap_parallel_make_flag.patch b/tools/cmake/patches/130-bootstrap_parallel_make_flag.patch
index 45ad885953..4d5ed266c4 100644
--- a/tools/cmake/patches/130-bootstrap_parallel_make_flag.patch
+++ b/tools/cmake/patches/130-bootstrap_parallel_make_flag.patch
@@ -1,9 +1,9 @@
 --- a/bootstrap
 +++ b/bootstrap
-@@ -1283,7 +1283,10 @@ int main(){ printf("1%c", (char)0x0a); r
+@@ -1296,7 +1296,10 @@ int main(){ printf("1%c", (char)0x0a); r
  ' > "test.c"
  cmake_original_make_flags="${cmake_make_flags}"
- if [ "x${cmake_parallel_make}" != "x" ]; then
+ if test "x${cmake_parallel_make}" != "x"; then
 -  cmake_make_flags="${cmake_make_flags} -j ${cmake_parallel_make}"
 +  case "$cmake_parallel_make" in
 +    [0-9]*) cmake_parallel_make="-j ${cmake_parallel_make}";;
@@ -11,4 +11,4 @@
 +  cmake_make_flags="${cmake_make_flags} ${cmake_parallel_make}"
  fi
  for a in ${cmake_make_processors}; do
-   if [ -z "${cmake_make_processor}" ] && cmake_try_make "${a}" "${cmake_make_flags}" >> ../cmake_bootstrap.log 2>&1; then
+   if test -z "${cmake_make_processor}" && cmake_try_make "${a}" "${cmake_make_flags}" >> ../cmake_bootstrap.log 2>&1; then

From d622cf81af348a094d84e6ac2b6251fda3ff9584 Mon Sep 17 00:00:00 2001
From: Hannu Nyman <hannu.nyman@iki.fi>
Date: Sun, 23 Aug 2020 17:04:07 +0300
Subject: [PATCH 04/10] tools/ccache: update to 3.7.11

Update ccache to 3.7.11

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
---
 tools/ccache/Makefile                       | 4 ++--
 tools/ccache/patches/100-honour-copts.patch | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/tools/ccache/Makefile b/tools/ccache/Makefile
index bf81f2d388..6e55001fd5 100644
--- a/tools/ccache/Makefile
+++ b/tools/ccache/Makefile
@@ -8,11 +8,11 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/target.mk
 
 PKG_NAME:=ccache
-PKG_VERSION:=3.7.9
+PKG_VERSION:=3.7.11
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=https://github.com/ccache/ccache/releases/download/v$(PKG_VERSION)
-PKG_HASH:=f893da7543bfb9172bd55e603fcbdfcd83e6def176a28689c13235695b4cf44b
+PKG_HASH:=8d450208099a4d202bd7df87caaec81baee20ce9dd62da91e9ea7b95a9072f68
 
 include $(INCLUDE_DIR)/host-build.mk
 
diff --git a/tools/ccache/patches/100-honour-copts.patch b/tools/ccache/patches/100-honour-copts.patch
index 31f70090e4..ccfa1c0247 100644
--- a/tools/ccache/patches/100-honour-copts.patch
+++ b/tools/ccache/patches/100-honour-copts.patch
@@ -1,6 +1,6 @@
 --- a/src/ccache.c
 +++ b/src/ccache.c
-@@ -2227,6 +2227,7 @@ calculate_object_hash(struct args *args,
+@@ -2277,6 +2277,7 @@ calculate_object_hash(struct args *args,
  			"CPLUS_INCLUDE_PATH",
  			"OBJC_INCLUDE_PATH",
  			"OBJCPLUS_INCLUDE_PATH", // clang

From f75c70aecaca0d296207ad15e11cf1363b6bdcaf Mon Sep 17 00:00:00 2001
From: Hans Dedecker <dedeckeh@gmail.com>
Date: Sun, 23 Aug 2020 20:07:00 +0200
Subject: [PATCH 05/10] nat46: update to latest git HEAD

362640b nat46-module: fix compilation with kernel 5.6

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
---
 package/kernel/nat46/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/kernel/nat46/Makefile b/package/kernel/nat46/Makefile
index f37ee6e395..dd9d606d27 100644
--- a/package/kernel/nat46/Makefile
+++ b/package/kernel/nat46/Makefile
@@ -5,9 +5,9 @@ PKG_NAME:=nat46
 
 PKG_MIRROR_HASH:=d0bc80038cadeb7e857118e8d6bae242670ab27377af49f74bad494e0e5da598
 PKG_SOURCE_URL:=https://github.com/ayourtch/nat46.git
-PKG_SOURCE_DATE:=2020-08-06
+PKG_SOURCE_DATE:=2020-08-17
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=71e9f0941a666c7010bb6d31d45bb795439038fa
+PKG_SOURCE_VERSION:=362640b41ae52b732d9e9729e61ac555492442a3
 
 PKG_MAINTAINER:=Hans Dedecker <dedeckeh@gmail.com>
 PKG_LICENSE:=GPL-2.0

From b2f19d3ef707c60c46a75a1fe2c38365474a5921 Mon Sep 17 00:00:00 2001
From: Rustam Gaptulin <rascal6@gmail.com>
Date: Sun, 23 Aug 2020 15:02:48 +0500
Subject: [PATCH 06/10] ramips: mt7621: use lzma-loader for ZBT-WG3526

The wg3526 fails to boot if the kernel is large.
Enabling lzma-loader resolves the issue on both the wg3526-16m
and wg3526-32m.

Fixes: FS#3143

Signed-off-by: Rustam Gaptulin <rascal6@gmail.com>
[commit message facelift]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
---
 target/linux/ramips/image/mt7621.mk | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/target/linux/ramips/image/mt7621.mk b/target/linux/ramips/image/mt7621.mk
index 9e481af98f..896a27324b 100644
--- a/target/linux/ramips/image/mt7621.mk
+++ b/target/linux/ramips/image/mt7621.mk
@@ -1286,6 +1286,7 @@ TARGET_DEVICES += zbtlink_zbt-wg2626
 
 define Device/zbtlink_zbt-wg3526-16m
   $(Device/dsa-migration)
+  $(Device/uimage-lzma-loader)
   IMAGE_SIZE := 16064k
   DEVICE_VENDOR := Zbtlink
   DEVICE_MODEL := ZBT-WG3526
@@ -1298,6 +1299,7 @@ TARGET_DEVICES += zbtlink_zbt-wg3526-16m
 
 define Device/zbtlink_zbt-wg3526-32m
   $(Device/dsa-migration)
+  $(Device/uimage-lzma-loader)
   IMAGE_SIZE := 32448k
   DEVICE_VENDOR := Zbtlink
   DEVICE_MODEL := ZBT-WG3526

From 2e06f8ae24ec47cd1db9703ce6474bbd9304ef99 Mon Sep 17 00:00:00 2001
From: Paul Spooren <mail@aparcar.org>
Date: Wed, 19 Aug 2020 11:40:27 -1000
Subject: [PATCH 07/10] busybox: add selinux variant

This commit adds a `selinux` variant which comes with with a number of
SELinux applets and also SELinux label support.

Signed-off-by: Paul Spooren <mail@aparcar.org>
---
 package/utils/busybox/Config.in      |  2 +-
 package/utils/busybox/Makefile       | 33 ++++++++++++++++++++++++----
 package/utils/busybox/selinux.config | 15 +++++++++++++
 3 files changed, 45 insertions(+), 5 deletions(-)
 create mode 100644 package/utils/busybox/selinux.config

diff --git a/package/utils/busybox/Config.in b/package/utils/busybox/Config.in
index 4d87e18278..dcd027e7ee 100644
--- a/package/utils/busybox/Config.in
+++ b/package/utils/busybox/Config.in
@@ -1,4 +1,4 @@
-if PACKAGE_busybox
+if PACKAGE_busybox || PACKAGE_busybox-selinux
 
 config BUSYBOX_CUSTOM
 	bool "Customize busybox options"
diff --git a/package/utils/busybox/Makefile b/package/utils/busybox/Makefile
index baf375eb13..4d098ac4a8 100644
--- a/package/utils/busybox/Makefile
+++ b/package/utils/busybox/Makefile
@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2006-2016 OpenWrt.org
+# Copyright (C) 2006-2020 OpenWrt.org
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=busybox
 PKG_VERSION:=1.31.1
-PKG_RELEASE:=2
+PKG_RELEASE:=3
 PKG_FLAGS:=essential
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
@@ -39,14 +39,27 @@ BUSYBOX_IF_ENABLED=$(if $(CONFIG_BUSYBOX_$(BUSYBOX_SYM)_$(1)),$(2))
 
 # All files provided by busybox will serve as fallback alternatives by opkg.
 # There should be no need to enumerate ALTERNATIVES entries here
-define Package/busybox
+define Package/busybox/Default
   SECTION:=base
   CATEGORY:=Base system
   MAINTAINER:=Felix Fietkau <nbd@nbd.name>
   TITLE:=Core utilities for embedded Linux
   URL:=http://busybox.net/
   DEPENDS:=+BUSYBOX_CONFIG_PAM:libpam +BUSYBOX_CONFIG_NTPD:jsonfilter
-  MENU:=1
+endef
+
+define Package/busybox
+  $(call Package/busybox/Default)
+  CONFLICTS:=busybox-selinux
+  VARIANT:=default
+endef
+
+define Package/busybox-selinux
+  $(call Package/busybox/Default)
+  TITLE += with SELinux support
+  DEPENDS += +libselinux
+  VARIANT:=selinux
+  PROVIDES:=busybox
 endef
 
 define Package/busybox/description
@@ -62,6 +75,8 @@ ifdef CONFIG_BUSYBOX_CONFIG_FEATURE_SYSLOG
 define Package/busybox/conffiles
 /etc/syslog.conf
 endef
+
+Package/busybox-selinux/conffiiles = $(Package/busybox/conffiles)
 endif
 
 # don't create a version string containing the actual timestamp
@@ -77,6 +92,10 @@ ifeq ($(CONFIG_USE_GLIBC),y)
   LDLIBS += $(call BUSYBOX_IF_ENABLED,NSLOOKUP_OPENWRT,resolv)
 endif
 
+ifeq ($(BUILD_VARIANT),selinux)
+  LDLIBS += selinux sepol
+endif
+
 TARGET_CFLAGS += -flto
 TARGET_LDFLAGS += -flto=jobserver -fuse-linker-plugin
 
@@ -96,6 +115,9 @@ define Build/Configure
 	touch $(PKG_BUILD_DIR)/.config
 ifeq ($(DEVICE_TYPE),nas)
 	echo "CONFIG_HDPARM=y" >> $(PKG_BUILD_DIR)/.config
+endif
+ifeq ($(BUILD_VARIANT),selinux)
+	cat $(TOPDIR)/$(SOURCE)/selinux.config >> $(PKG_BUILD_DIR)/.config
 endif
 	grep 'CONFIG_BUSYBOX_$(BUSYBOX_SYM)' $(TOPDIR)/.config | sed -e "s,\\(# \)\\?CONFIG_BUSYBOX_$(BUSYBOX_SYM)_\\(.*\\),\\1CONFIG_\\2,g" >> $(PKG_BUILD_DIR)/.config
 	yes 'n' | $(MAKE) -C $(PKG_BUILD_DIR) $(MAKE_FLAGS) oldconfig
@@ -125,4 +147,7 @@ endif
 	-rm -rf $(1)/lib64
 endef
 
+Package/busybox-selinux/install = $(Package/busybox/install)
+
 $(eval $(call BuildPackage,busybox))
+$(eval $(call BuildPackage,busybox-selinux))
diff --git a/package/utils/busybox/selinux.config b/package/utils/busybox/selinux.config
new file mode 100644
index 0000000000..ef20155814
--- /dev/null
+++ b/package/utils/busybox/selinux.config
@@ -0,0 +1,15 @@
+CONFIG_SELINUX=y
+CONFIG_FEATURE_TAR_SELINUX=y
+CONFIG_CHCON=y
+CONFIG_GETENFORCE=y
+CONFIG_GETSEBOOL=y
+CONFIG_LOAD_POLICY=y
+CONFIG_MATCHPATHCON=y
+CONFIG_RUNCON=y
+CONFIG_SELINUXENABLED=y
+CONFIG_SESTATUS=y
+CONFIG_SETFILES=y
+CONFIG_FEATURE_SETFILES_CHECK_OPTION=y
+CONFIG_RESTORECON=y
+CONFIG_SETSEBOOL=y
+CONFIG_SETENFORCE=y

From aeea91d5eeb84fa0ce24e4e4a9c18c4eb6ab9fb7 Mon Sep 17 00:00:00 2001
From: Paul Spooren <mail@aparcar.org>
Date: Wed, 19 Aug 2020 15:02:24 -1000
Subject: [PATCH 08/10] f2fs-tools: add selinux variant

This variant is build with `libselinux` and required to set labels
during runtime.

Signed-off-by: Paul Spooren <mail@aparcar.org>
---
 package/utils/f2fs-tools/Makefile | 55 ++++++++++++++++++++++++++++++-
 1 file changed, 54 insertions(+), 1 deletion(-)

diff --git a/package/utils/f2fs-tools/Makefile b/package/utils/f2fs-tools/Makefile
index 8c7d958c7e..1decfd7ae7 100644
--- a/package/utils/f2fs-tools/Makefile
+++ b/package/utils/f2fs-tools/Makefile
@@ -31,22 +31,51 @@ define Package/f2fs-tools/Default
   SUBMENU:=Filesystem
   DEPENDS:=+libf2fs
   URL:=http://git.kernel.org/cgit/linux/kernel/git/jaegeuk/f2fs-tools.git
+  VARIANT:=default
+endef
+
+define Package/f2fs-tools/SELinux
+  SECTION:=utils
+  CATEGORY:=Utilities
+  SUBMENU:=Filesystem
+  DEPENDS:=+libf2fs-selinux +libselinux
+  URL:=http://git.kernel.org/cgit/linux/kernel/git/jaegeuk/f2fs-tools.git
+  VARIANT:=selinux
 endef
 
 define Package/mkf2fs
   $(Package/f2fs-tools/Default)
   TITLE:=Utility for creating a Flash-Friendly File System (F2FS)
+  CONFLICTS:=mkf2fs-selinux
+endef
+
+define Package/mkf2fs-selinux
+  $(Package/f2fs-tools/SELinux)
+  TITLE:=Utility for creating a Flash-Friendly File System (F2FS) with SELinux support
 endef
 
 define Package/f2fsck
   $(Package/f2fs-tools/Default)
   TITLE:=Utility for checking/repairing a Flash-Friendly File System (F2FS)
+  CONFLICTS:=f2fsck-selinux
+endef
+
+define Package/f2fsck-selinux
+  $(Package/f2fs-tools/SELinux)
+  TITLE:=Utility for checking/repairing a Flash-Friendly File System (F2FS) with SELinux support
 endef
 
 define Package/f2fs-tools
   $(Package/f2fs-tools/Default)
   TITLE:=Tools for Flash-Friendly File System (F2FS)
   DEPENDS += +mkf2fs +f2fsck
+  CONFLICTS:=f2fs-tools-selinux
+endef
+
+define Package/f2fs-tools-selinux
+  $(Package/f2fs-tools/SELinux)
+  TITLE:=Tools for Flash-Friendly File System (F2FS) with SELinux support
+  DEPENDS += +mkf2fs-selinux +f2fsck-selinux
 endef
 
 define Package/libf2fs
@@ -55,13 +84,25 @@ define Package/libf2fs
   TITLE:=Library for Flash-Friendly File System (F2FS) tools
   DEPENDS:=+libuuid
   ABI_VERSION:=6
+  CONFLICTS:=libf2fs-selinux
+endef
+
+define Package/libf2fs-selinux
+  SECTION:=libs
+  CATEGORY:=Libraries
+  TITLE:=Library for Flash-Friendly File System (F2FS) tools with SELinux support
+  DEPENDS:=+libuuid +libselinux
+  ABI_VERSION:=6
 endef
 
 CONFIGURE_ARGS += \
 	--disable-static \
-	--without-selinux \
 	--without-blkid
 
+ifneq ($(BUILD_VARIANT),selinux)
+  CONFIGURE_ARGS += --without-selinux
+endif
+
 CONFIGURE_VARS += \
 	ac_cv_file__git=no
 
@@ -71,11 +112,15 @@ define Package/libf2fs/install
 		$(PKG_INSTALL_DIR)/usr/lib/libf2fs.so.* $(1)/usr/lib/
 endef
 
+Package/libf2fs-selinux/install = $(Package/libf2fs/install)
+
 define Package/mkf2fs/install
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/mkfs.f2fs $(1)/usr/sbin
 endef
 
+Package/mkf2fs-selinux/install = $(Package/mkf2fs/install)
+
 define Package/f2fsck/install
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/fsck.f2fs $(1)/usr/sbin
@@ -85,6 +130,8 @@ define Package/f2fsck/install
 	ln -s /usr/sbin/fsck.f2fs $(1)/usr/sbin/resize.f2fs
 endef
 
+Package/f2fsck-selinux/install = $(Package/f2fsck/install)
+
 define Package/f2fs-tools/install
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/f2fstat $(1)/usr/sbin
@@ -92,7 +139,13 @@ define Package/f2fs-tools/install
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/parse.f2fs $(1)/usr/sbin
 endef
 
+Package/f2fs-tools-selinux/install = $(Package/f2fs-tools/install)
+
 $(eval $(call BuildPackage,libf2fs))
+$(eval $(call BuildPackage,libf2fs-selinux))
 $(eval $(call BuildPackage,mkf2fs))
+$(eval $(call BuildPackage,mkf2fs-selinux))
 $(eval $(call BuildPackage,f2fsck))
+$(eval $(call BuildPackage,f2fsck-selinux))
 $(eval $(call BuildPackage,f2fs-tools))
+$(eval $(call BuildPackage,f2fs-tools-selinux))

From 2eaf03b4d8fffbbb5f987382c2af28a12a8f8993 Mon Sep 17 00:00:00 2001
From: Daniel Golle <daniel@makrotopia.org>
Date: Sun, 23 Aug 2020 23:58:18 +0100
Subject: [PATCH 09/10] busybox: fix typo in Makefile

'conffiiles' -> 'conffiles'

Fixes: 2e06f8ae24 ("busybox: add selinux variant")
Reported-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
---
 package/utils/busybox/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package/utils/busybox/Makefile b/package/utils/busybox/Makefile
index 4d098ac4a8..0b56e0b9fd 100644
--- a/package/utils/busybox/Makefile
+++ b/package/utils/busybox/Makefile
@@ -76,7 +76,7 @@ define Package/busybox/conffiles
 /etc/syslog.conf
 endef
 
-Package/busybox-selinux/conffiiles = $(Package/busybox/conffiles)
+Package/busybox-selinux/conffiles = $(Package/busybox/conffiles)
 endif
 
 # don't create a version string containing the actual timestamp

From ba2ddba56b7824008fb3b544b1e1ae5d52ee39e5 Mon Sep 17 00:00:00 2001
From: Yuan Tao <ty@wevs.org>
Date: Sat, 22 Aug 2020 19:31:20 +0800
Subject: [PATCH 10/10] config: kernel: fix missed CGROUP_HUGETLB symbol

The symbol KERNEL_CGROUP_HUGETLB is always used whenever KERNEL_CGROUPS is enabled.
The absence of this notation will cause the user to be asked to enter this parameter the first time it is compiled.

Signed-off-by: Yuan Tao <ty@wevs.org>
---
 config/Config-kernel.in | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/Config-kernel.in b/config/Config-kernel.in
index 496ec887cf..d666176064 100644
--- a/config/Config-kernel.in
+++ b/config/Config-kernel.in
@@ -596,8 +596,8 @@ if KERNEL_CGROUPS
 
 	config KERNEL_CGROUP_HUGETLB
 		bool "HugeTLB controller"
-		default y if KERNEL_HUGETLB_PAGE
-		depends on KERNEL_HUGETLB_PAGE
+		default n
+		select KERNEL_HUGETLB_PAGE
 
 	config KERNEL_CGROUP_PIDS
 		bool "PIDs cgroup subsystem"