21 files changed, 615 insertions, 380 deletions
diff --git a/core/binutils/PKGBUILD b/core/binutils/PKGBUILD
index 655c19c7e..9ca57f86e 100644
--- a/core/binutils/PKGBUILD
+++ b/core/binutils/PKGBUILD
@@ -1,17 +1,17 @@
-# $Id: PKGBUILD 182643 2013-04-12 00:05:23Z allan $
+# $Id: PKGBUILD 193064 2013-08-15 12:08:13Z allan $
 # Maintainer: Allan McRae <allan@archlinux.org>
 
 # toolchain build order: linux-api-headers->glibc->binutils->gcc->binutils->glibc
 
 pkgname=binutils
 pkgver=2.23.2
-pkgrel=2
+pkgrel=3
 pkgdesc="A set of programs to assemble and manipulate binary and object files"
 arch=('i686' 'x86_64' 'mips64el')
 url="http://www.gnu.org/software/binutils/"
 license=('GPL')
 groups=('base-devel')
-depends=('glibc>=2.17' 'zlib')
+depends=('glibc>=2.18' 'zlib')
 checkdepends=('dejagnu' 'bc')
 options=('!libtool' '!distcc' '!ccache')
 install=binutils.install
diff --git a/core/curl/PKGBUILD b/core/curl/PKGBUILD
index 8c980e783..15de2cadf 100644
--- a/core/curl/PKGBUILD
+++ b/core/curl/PKGBUILD
@@ -1,4 +1,4 @@
-# $Id: PKGBUILD 188993 2013-06-28 01:14:19Z dreisner $
+# $Id: PKGBUILD 193070 2013-08-15 13:17:43Z dreisner $
 # Maintainer: Dave Reisner <dreisner@archlinux.org>
 # Contributor: Angel Velasquez <angvp@archlinux.org>
 # Contributor: Eric Belanger <eric@archlinux.org>
@@ -6,7 +6,7 @@
 # Contributor: Daniel J Griffiths <ghost1227@archlinux.us>
 
 pkgname=curl
-pkgver=7.31.0
+pkgver=7.32.0
 pkgrel=1
 pkgdesc="An URL retrieval utility and library"
 arch=('i686' 'x86_64' 'mips64el')
@@ -17,7 +17,7 @@ provides=('libcurl.so')
 options=('!libtool')
 source=("http://curl.haxx.se/download/$pkgname-$pkgver.tar.gz"{,.asc}
         curlbuild.h)
-md5sums=('6f26843f7e3a2fb06e02f68a55efe8c7'
+md5sums=('f77cf3cb59cf2bfe686b80338323fd40'
          'SKIP'
          '751bd433ede935c8fae727377625a8ae')
 
@@ -27,7 +27,6 @@ build() {
   ./configure \
       --prefix=/usr \
       --mandir=/usr/share/man \
-      --disable-dependency-tracking \
       --disable-ldap \
       --disable-ldaps \
       --enable-ipv6 \
@@ -59,7 +58,6 @@ package() {
   install -Dm644 COPYING "$pkgdir/usr/share/licenses/$pkgname/COPYING"
 
   # devel
-  install -Dm644 docs/libcurl/libcurl.m4 "$pkgdir/usr/share/aclocal/libcurl.m4"
   mv "$pkgdir/usr/include/curl/curlbuild.h" "$pkgdir/usr/include/curl/$_curlbuild"
   install -m644 "$srcdir/curlbuild.h" "$pkgdir/usr/include/curl/curlbuild.h"
 }
diff --git a/core/dhcpcd/PKGBUILD b/core/dhcpcd/PKGBUILD
index 8896727b7..5e2fb8a2d 100644
--- a/core/dhcpcd/PKGBUILD
+++ b/core/dhcpcd/PKGBUILD
@@ -1,10 +1,10 @@
-# $Id: PKGBUILD 191940 2013-08-01 13:10:13Z dreisner $
+# $Id: PKGBUILD 192483 2013-08-12 21:11:39Z dreisner $
 # Maintainer: Ronald van Haren <ronald.archlinux.org>
 # Contributor: Tom Killian <tom.archlinux.org>
 # Contributor: Judd Vinet <jvinet.zeroflux.org>
 
 pkgname=dhcpcd
-pkgver=6.0.4
+pkgver=6.0.5
 pkgrel=1
 pkgdesc="RFC2131 compliant DHCP client daemon"
 url="http://roy.marples.name/projects/dhcpcd/"
@@ -18,7 +18,7 @@ options=('emptydirs')  # We Need the Empty /var/lib/dhcpcd Directory
 source=("http://roy.marples.name/downloads/$pkgname/$pkgname-$pkgver.tar.bz2"
         'dhcpcd_.service'
         'dhcpcd.service')
-sha1sums=('3e93b02071015e90f9199658c04509e4b565dd4d'
+sha1sums=('433555ac11669333344d7ec80120f3ccdd0fcae5'
           '6245b8db7e6f39a0305571726bb693a53901c400'
           'e49e01041f831281a1cd0c97ca21204e0aa07fda')
 
diff --git a/core/gcc/PKGBUILD b/core/gcc/PKGBUILD
index 62e9e9bde..c6a0452bb 100644
--- a/core/gcc/PKGBUILD
+++ b/core/gcc/PKGBUILD
@@ -1,4 +1,4 @@
-# $Id: PKGBUILD 191961 2013-08-02 00:55:05Z allan $
+# $Id: PKGBUILD 193063 2013-08-15 12:08:11Z allan $
 # Maintainer: Allan McRae <allan@archlinux.org>
 
 # toolchain build order: linux-api-headers->glibc->binutils->gcc->binutils->glibc
@@ -10,7 +10,7 @@ else
     pkgname=('gcc' 'gcc-libs' 'gcc-fortran' 'gcc-objc')
 fi
 pkgver=4.8.1
-pkgrel=2
+pkgrel=3
 _snapshot=4.8-20130725
 pkgdesc="The GNU Compiler Collection"
 arch=('i686' 'x86_64' 'mips64el')
diff --git a/core/glibc/PKGBUILD b/core/glibc/PKGBUILD
index 63b7ca609..7ccb55440 100644
--- a/core/glibc/PKGBUILD
+++ b/core/glibc/PKGBUILD
@@ -1,12 +1,12 @@
-# $Id: PKGBUILD 187027 2013-06-03 11:15:09Z allan $
+# $Id: PKGBUILD 193120 2013-08-16 21:44:47Z allan $
 # Maintainer: Allan McRae <allan@archlinux.org>
 
 # toolchain build order: linux-api-headers->glibc->binutils->gcc->binutils->glibc
 # NOTE: valgrind requires rebuilt with each major glibc version
 
 pkgname=glibc
-pkgver=2.17
-pkgrel=6
+pkgver=2.18
+pkgrel=2
 pkgdesc="GNU C Library"
 arch=('i686' 'x86_64' 'mips64el')
 url="http://www.gnu.org/software/libc"
@@ -20,39 +20,36 @@ backup=(etc/gai.conf
 options=('!strip')
 install=glibc.install
 source=(http://ftp.gnu.org/gnu/libc/${pkgname}-${pkgver}.tar.xz{,.sig}
-        glibc-2.17-sync-with-linux37.patch
-        glibc-2.17-getaddrinfo-stack-overflow.patch
-        glibc-2.17-regexp-matcher-overrun.patch
+        glibc-2.18-readdir_r-CVE-2013-4237.patch
+        glibc-2.18-strstr-hackfix.patch
         nscd.service
         nscd.tmpfiles
         locale.gen.txt
         locale-gen)
-md5sums=('87bf675c8ee523ebda4803e8e1cec638'
+md5sums=('88fbbceafee809e82efd52efa1e3c58f'
          'SKIP'
-         'fb99380d94598cc76d793deebf630022'
-         '56d5f2c09503a348281a20ae404b7de3'
-         '200acc05961b084ee00dde919e64f82d'
-         'c1e07c0bec0fe89791bfd9d13fc85edf'
-         'bccbe5619e75cf1d97312ec3681c605c'
+         '154da6bf5a5248f42a7bf5bf08e01a47'
+         '4441f6dfe7d75ced1fa75e54dd21d36e'
+         'd5fab2cd3abea65aa5ae696ea4a47d6b'
+         'da662ca76e7c8d7efbc7986ab7acea2d'
          '07ac979b6ab5eeb778d55f041529d623'
          '476e9113489f93b348b21e144b6a8fcf')
 
 
-build() {
+prepare() {
   cd ${srcdir}/${pkgname}-${pkgver}
+  
+  # upstream commit 91ce4085
+  patch -p1 -i $srcdir/glibc-2.18-readdir_r-CVE-2013-4237.patch
+  
+  # hack fix for strstr issues on x86
+  patch -p1 -i $srcdir/glibc-2.18-strstr-hackfix.patch
 
-  # combination of upstream commits 318cd0b, b540704 and fc1abbe
-  patch -p1 -i ${srcdir}/glibc-2.17-sync-with-linux37.patch
-
-  # CVE-2013-1914 - upstream commit 1cef1b19
-  patch -p1 -i ${srcdir}/glibc-2.17-getaddrinfo-stack-overflow.patch
-
-  # CVE-2013-0242 - upstream commit a445af0b
-  patch -p1 -i ${srcdir}/glibc-2.17-regexp-matcher-overrun.patch
+  mkdir ${srcdir}/glibc-build
+}
 
-  cd ${srcdir}
-  mkdir -p glibc-build 
-  cd glibc-build
+build() {
+  cd ${srcdir}/glibc-build
 
   if [[ ${CARCH} = "i686" ]]; then
     # Hack to fix NPTL issues with Xen, only required on 32bit platforms
@@ -152,5 +149,5 @@ package() {
                       usr/lib/libnss_{compat,db,dns,files,hesiod,nis,nisplus}-*.so \
                       usr/lib/{libdl,libm,libnsl,libresolv,librt,libutil}-*.so \
                       usr/lib/{libmemusage,libpcprofile,libSegFault}.so \
-                      usr/lib/{pt_chown,{audit,gconv}/*.so}
+                      usr/lib/{audit,gconv}/*.so
 }
diff --git a/core/glibc/glibc-2.17-getaddrinfo-stack-overflow.patch b/core/glibc/glibc-2.17-getaddrinfo-stack-overflow.patch
deleted file mode 100644
index aa916ac2c..000000000
--- a/core/glibc/glibc-2.17-getaddrinfo-stack-overflow.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
-index d95c2d1..2309281 100644
---- a/sysdeps/posix/getaddrinfo.c
-+++ b/sysdeps/posix/getaddrinfo.c
-@@ -2489,11 +2489,27 @@ getaddrinfo (const char *name, const char *service,
-       __typeof (once) old_once = once;
-       __libc_once (once, gaiconf_init);
-       /* Sort results according to RFC 3484.  */
--      struct sort_result results[nresults];
--      size_t order[nresults];
-+      struct sort_result *results;
-+      size_t *order;
-       struct addrinfo *q;
-       struct addrinfo *last = NULL;
-       char *canonname = NULL;
-+      bool malloc_results;
-+
-+      malloc_results
-+	= !__libc_use_alloca (nresults * (sizeof (*results) + sizeof (size_t)));
-+      if (malloc_results)
-+	{
-+	  results = malloc (nresults * (sizeof (*results) + sizeof (size_t)));
-+	  if (results == NULL)
-+	    {
-+	      __free_in6ai (in6ai);
-+	      return EAI_MEMORY;
-+	    }
-+	}
-+      else
-+	results = alloca (nresults * (sizeof (*results) + sizeof (size_t)));
-+      order = (size_t *) (results + nresults);
- 
-       /* Now we definitely need the interface information.  */
-       if (! check_pf_called)
-@@ -2664,6 +2680,9 @@ getaddrinfo (const char *name, const char *service,
- 
-       /* Fill in the canonical name into the new first entry.  */
-       p->ai_canonname = canonname;
-+
-+      if (malloc_results)
-+	free (results);
-     }
- 
-   __free_in6ai (in6ai);
--- 
-1.7.1
-
diff --git a/core/glibc/glibc-2.17-regexp-matcher-overrun.patch b/core/glibc/glibc-2.17-regexp-matcher-overrun.patch
deleted file mode 100644
index b108f9d42..000000000
--- a/core/glibc/glibc-2.17-regexp-matcher-overrun.patch
+++ /dev/null
@@ -1,137 +0,0 @@
-diff --git a/posix/Makefile b/posix/Makefile
-index 88d409f..2cacd21 100644
---- a/posix/Makefile
-+++ b/posix/Makefile
-@@ -86,7 +86,7 @@ tests		:= tstgetopt testfnm runtests runptests	     \
- 		   tst-rfc3484-3 \
- 		   tst-getaddrinfo3 tst-fnmatch2 tst-cpucount tst-cpuset \
- 		   bug-getopt1 bug-getopt2 bug-getopt3 bug-getopt4 \
--		   bug-getopt5 tst-getopt_long1
-+		   bug-getopt5 tst-getopt_long1 bug-regex34
- xtests		:= bug-ga2
- ifeq (yes,$(build-shared))
- test-srcs	:= globtest
-@@ -199,5 +199,6 @@ bug-regex26-ENV = LOCPATH=$(common-objpfx)localedata
- bug-regex30-ENV = LOCPATH=$(common-objpfx)localedata
- bug-regex32-ENV = LOCPATH=$(common-objpfx)localedata
- bug-regex33-ENV = LOCPATH=$(common-objpfx)localedata
-+bug-regex34-ENV = LOCPATH=$(common-objpfx)localedata
- tst-rxspencer-ARGS = --utf8 rxspencer/tests
- tst-rxspencer-ENV = LOCPATH=$(common-objpfx)localedata
-diff --git a/posix/bug-regex34.c b/posix/bug-regex34.c
-new file mode 100644
-index 0000000..bb3b613
---- /dev/null
-+++ b/posix/bug-regex34.c
-@@ -0,0 +1,46 @@
-+/* Test re_search with multi-byte characters in UTF-8.
-+   Copyright (C) 2013 Free Software Foundation, Inc.
-+   This file is part of the GNU C Library.
-+
-+   The GNU C Library is free software; you can redistribute it and/or
-+   modify it under the terms of the GNU Lesser General Public
-+   License as published by the Free Software Foundation; either
-+   version 2.1 of the License, or (at your option) any later version.
-+
-+   The GNU C Library is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   Lesser General Public License for more details.
-+
-+   You should have received a copy of the GNU Lesser General Public
-+   License along with the GNU C Library; if not, see
-+   <http://www.gnu.org/licenses/>.  */
-+
-+#define _GNU_SOURCE 1
-+#include <stdio.h>
-+#include <string.h>
-+#include <locale.h>
-+#include <regex.h>
-+
-+static int
-+do_test (void)
-+{
-+  struct re_pattern_buffer r;
-+  /* áá»á½ááºá¯ááºx */
-+  const char *s = "\xe1\x80\x80\xe1\x80\xbb\xe1\x80\xbd\xe1\x80\x94\xe1\x80\xba\xe1\x80\xaf\xe1\x80\x95\xe1\x80\xbax";
-+
-+  if (setlocale (LC_ALL, "en_US.UTF-8") == NULL)
-+    {
-+      puts ("setlocale failed");
-+      return 1;
-+    }
-+  memset (&r, 0, sizeof (r));
-+
-+  re_compile_pattern ("[^x]x", 5, &r);
-+  /* This was triggering a buffer overflow.  */
-+  re_search (&r, s, strlen (s), 0, strlen (s), 0);
-+  return 0;
-+}
-+
-+#define TEST_FUNCTION do_test ()
-+#include "../test-skeleton.c"
-diff --git a/posix/regexec.c b/posix/regexec.c
-index 7f2de85..5ca2bf6 100644
---- a/posix/regexec.c
-+++ b/posix/regexec.c
-@@ -197,7 +197,7 @@ static int group_nodes_into_DFAstates (const re_dfa_t *dfa,
- static int check_node_accept (const re_match_context_t *mctx,
- 			      const re_token_t *node, int idx)
-      internal_function;
--static reg_errcode_t extend_buffers (re_match_context_t *mctx)
-+static reg_errcode_t extend_buffers (re_match_context_t *mctx, int min_len)
-      internal_function;
- 
- /* Entry point for POSIX code.  */
-@@ -1160,7 +1160,7 @@ check_matching (re_match_context_t *mctx, int fl_longest_match,
- 	  || (BE (next_char_idx >= mctx->input.valid_len, 0)
- 	      && mctx->input.valid_len < mctx->input.len))
- 	{
--	  err = extend_buffers (mctx);
-+	  err = extend_buffers (mctx, next_char_idx + 1);
- 	  if (BE (err != REG_NOERROR, 0))
- 	    {
- 	      assert (err == REG_ESPACE);
-@@ -1738,7 +1738,7 @@ clean_state_log_if_needed (re_match_context_t *mctx, int next_state_log_idx)
- 	  && mctx->input.valid_len < mctx->input.len))
-     {
-       reg_errcode_t err;
--      err = extend_buffers (mctx);
-+      err = extend_buffers (mctx, next_state_log_idx + 1);
-       if (BE (err != REG_NOERROR, 0))
- 	return err;
-     }
-@@ -2792,7 +2792,7 @@ get_subexp (re_match_context_t *mctx, int bkref_node, int bkref_str_idx)
- 		  if (bkref_str_off >= mctx->input.len)
- 		    break;
- 
--		  err = extend_buffers (mctx);
-+		  err = extend_buffers (mctx, bkref_str_off + 1);
- 		  if (BE (err != REG_NOERROR, 0))
- 		    return err;
- 
-@@ -4102,7 +4102,7 @@ check_node_accept (const re_match_context_t *mctx, const re_token_t *node,
- 
- static reg_errcode_t
- internal_function __attribute_warn_unused_result__
--extend_buffers (re_match_context_t *mctx)
-+extend_buffers (re_match_context_t *mctx, int min_len)
- {
-   reg_errcode_t ret;
-   re_string_t *pstr = &mctx->input;
-@@ -4111,8 +4111,10 @@ extend_buffers (re_match_context_t *mctx)
-   if (BE (INT_MAX / 2 / sizeof (re_dfastate_t *) <= pstr->bufs_len, 0))
-     return REG_ESPACE;
- 
--  /* Double the lengthes of the buffers.  */
--  ret = re_string_realloc_buffers (pstr, MIN (pstr->len, pstr->bufs_len * 2));
-+  /* Double the lengthes of the buffers, but allocate at least MIN_LEN.  */
-+  ret = re_string_realloc_buffers (pstr,
-+				   MAX (min_len,
-+					MIN (pstr->len, pstr->bufs_len * 2)));
-   if (BE (ret != REG_NOERROR, 0))
-     return ret;
- 
--- 
-1.7.1
-
diff --git a/core/glibc/glibc-2.17-sync-with-linux37.patch b/core/glibc/glibc-2.17-sync-with-linux37.patch
deleted file mode 100644
index 24b25c997..000000000
--- a/core/glibc/glibc-2.17-sync-with-linux37.patch
+++ /dev/null
@@ -1,130 +0,0 @@
-diff --git a/sysdeps/gnu/netinet/tcp.h b/sysdeps/gnu/netinet/tcp.h
-index 06e8414..b62a696 100644
---- a/sysdeps/gnu/netinet/tcp.h
-+++ b/sysdeps/gnu/netinet/tcp.h
-@@ -37,20 +37,29 @@
- /*
-  * User-settable options (used with setsockopt).
-  */
--#define	TCP_NODELAY	 1	/* Don't delay send to coalesce packets  */
--#define	TCP_MAXSEG	 2	/* Set maximum segment size  */
--#define TCP_CORK	 3	/* Control sending of partial frames  */
--#define TCP_KEEPIDLE	 4	/* Start keeplives after this period */
--#define TCP_KEEPINTVL	 5	/* Interval between keepalives */
--#define TCP_KEEPCNT	 6	/* Number of keepalives before death */
--#define TCP_SYNCNT	 7	/* Number of SYN retransmits */
--#define TCP_LINGER2	 8	/* Life time of orphaned FIN-WAIT-2 state */
--#define TCP_DEFER_ACCEPT 9	/* Wake up listener only when data arrive */
--#define TCP_WINDOW_CLAMP 10	/* Bound advertised window */
--#define TCP_INFO	 11	/* Information about this connection. */
--#define	TCP_QUICKACK	 12	/* Bock/reenable quick ACKs.  */
--#define TCP_CONGESTION	 13	/* Congestion control algorithm.  */
--#define TCP_MD5SIG	 14	/* TCP MD5 Signature (RFC2385) */
-+#define	TCP_NODELAY		 1  /* Don't delay send to coalesce packets  */
-+#define	TCP_MAXSEG		 2  /* Set maximum segment size  */
-+#define TCP_CORK		 3  /* Control sending of partial frames  */
-+#define TCP_KEEPIDLE		 4  /* Start keeplives after this period */
-+#define TCP_KEEPINTVL		 5  /* Interval between keepalives */
-+#define TCP_KEEPCNT		 6  /* Number of keepalives before death */
-+#define TCP_SYNCNT		 7  /* Number of SYN retransmits */
-+#define TCP_LINGER2		 8  /* Life time of orphaned FIN-WAIT-2 state */
-+#define TCP_DEFER_ACCEPT	 9  /* Wake up listener only when data arrive */
-+#define TCP_WINDOW_CLAMP	 10 /* Bound advertised window */
-+#define TCP_INFO		 11 /* Information about this connection. */
-+#define	TCP_QUICKACK		 12 /* Bock/reenable quick ACKs.  */
-+#define TCP_CONGESTION		 13 /* Congestion control algorithm.  */
-+#define TCP_MD5SIG		 14 /* TCP MD5 Signature (RFC2385) */
-+#define TCP_COOKIE_TRANSACTIONS	 15 /* TCP Cookie Transactions */
-+#define TCP_THIN_LINEAR_TIMEOUTS 16 /* Use linear timeouts for thin streams*/
-+#define TCP_THIN_DUPACK		 17 /* Fast retrans. after 1 dupack */
-+#define TCP_USER_TIMEOUT	 18 /* How long for loss retry before timeout */
-+#define TCP_REPAIR		 19 /* TCP sock is under repair right now */
-+#define TCP_REPAIR_QUEUE	 20 /* Set TCP queue to repair */
-+#define TCP_QUEUE_SEQ		 21 /* Set sequence number of repaired queue. */
-+#define TCP_REPAIR_OPTIONS	 22 /* Repair TCP connection options */
-+#define TCP_FASTOPEN		 23 /* Enable FastOpen on listeners */
- 
- #ifdef __USE_MISC
- # include <sys/types.h>
-@@ -173,7 +182,9 @@ enum
- # define TCPI_OPT_TIMESTAMPS	1
- # define TCPI_OPT_SACK		2
- # define TCPI_OPT_WSCALE	4
--# define TCPI_OPT_ECN		8
-+# define TCPI_OPT_ECN		8  /* ECN was negociated at TCP session init */
-+# define TCPI_OPT_ECN_SEEN	16 /* we received at least one packet with ECT */
-+# define TCPI_OPT_SYN_DATA	32 /* SYN-ACK acked data in SYN sent or rcvd */
- 
- /* Values for tcpi_state.  */
- enum tcp_ca_state
-@@ -241,6 +252,49 @@ struct tcp_md5sig
-   u_int8_t	tcpm_key[TCP_MD5SIG_MAXKEYLEN];	/* Key (binary).  */
- };
- 
-+/* For socket repair options.  */
-+struct tcp_repair_opt
-+{
-+  u_int32_t	opt_code;
-+  u_int32_t	opt_val;
-+};
-+
-+/* Queue to repair, for TCP_REPAIR_QUEUE.  */
-+enum
-+{
-+  TCP_NO_QUEUE,
-+  TCP_RECV_QUEUE,
-+  TCP_SEND_QUEUE,
-+  TCP_QUEUES_NR,
-+};
-+
-+/* For cookie transactions socket options.  */
-+#define TCP_COOKIE_MIN		8		/*  64-bits */
-+#define TCP_COOKIE_MAX		16		/* 128-bits */
-+#define TCP_COOKIE_PAIR_SIZE	(2*TCP_COOKIE_MAX)
-+
-+/* Flags for both getsockopt and setsockopt */
-+#define TCP_COOKIE_IN_ALWAYS	(1 << 0)	/* Discard SYN without cookie */
-+#define TCP_COOKIE_OUT_NEVER	(1 << 1)	/* Prohibit outgoing cookies,
-+						 * supercedes everything. */
-+
-+/* Flags for getsockopt */
-+#define TCP_S_DATA_IN		(1 << 2)	/* Was data received? */
-+#define TCP_S_DATA_OUT		(1 << 3)	/* Was data sent? */
-+
-+#define TCP_MSS_DEFAULT		 536U	/* IPv4 (RFC1122, RFC2581) */
-+#define TCP_MSS_DESIRED		1220U	/* IPv6 (tunneled), EDNS0 (RFC3226) */
-+
-+struct tcp_cookie_transactions
-+{
-+  u_int16_t	tcpct_flags;
-+  u_int8_t	__tcpct_pad1;
-+  u_int8_t	tcpct_cookie_desired;
-+  u_int16_t	tcpct_s_data_desired;
-+  u_int16_t	tcpct_used;
-+  u_int8_t	tcpct_value[TCP_MSS_DEFAULT];
-+};
-+
- #endif /* Misc.  */
- 
- #endif /* netinet/tcp.h */
-diff --git a/sysdeps/unix/sysv/linux/bits/socket.h b/sysdeps/unix/sysv/linux/bits/socket.h
-index df8f167..eadd7d9 100644
---- a/sysdeps/unix/sysv/linux/bits/socket.h
-+++ b/sysdeps/unix/sysv/linux/bits/socket.h
-@@ -1,6 +1,5 @@
- /* System-specific socket constants and types.  Linux version.
--   Copyright (C) 1991, 1992, 1994-2001, 2004, 2006-2010, 2011, 2012
--   Free Software Foundation, Inc.
-+   Copyright (C) 1991-2013 Free Software Foundation, Inc.
-    This file is part of the GNU C Library.
- 
-    The GNU C Library is free software; you can redistribute it and/or
-@@ -208,6 +207,8 @@ enum
- #define	MSG_MORE	MSG_MORE
-     MSG_WAITFORONE	= 0x10000, /* Wait for at least one packet to return.*/
- #define MSG_WAITFORONE	MSG_WAITFORONE
-+    MSG_FASTOPEN	= 0x20000000, /* Send data in TCP SYN.  */
-+#define MSG_FASTOPEN	MSG_FASTOPEN
- 
-     MSG_CMSG_CLOEXEC	= 0x40000000	/* Set close_on_exit for file
- 					   descriptor received through
diff --git a/core/glibc/glibc-2.18-readdir_r-CVE-2013-4237.patch b/core/glibc/glibc-2.18-readdir_r-CVE-2013-4237.patch
new file mode 100644
index 000000000..7277ca229
--- /dev/null
+++ b/core/glibc/glibc-2.18-readdir_r-CVE-2013-4237.patch
@@ -0,0 +1,281 @@
+diff --git a/manual/conf.texi b/manual/conf.texi
+index 7eb8b36..c720063 100644
+--- a/manual/conf.texi
++++ b/manual/conf.texi
+@@ -1149,6 +1149,9 @@ typed ahead as input.  @xref{I/O Queues}.
+ @deftypevr Macro int NAME_MAX
+ The uniform system limit (if any) for the length of a file name component, not
+ including the terminating null character.
++
++@strong{Portability Note:} On some systems, @theglibc{} defines
++@code{NAME_MAX}, but does not actually enforce this limit.
+ @end deftypevr
+ 
+ @comment limits.h
+@@ -1157,6 +1160,9 @@ including the terminating null character.
+ The uniform system limit (if any) for the length of an entire file name (that
+ is, the argument given to system calls such as @code{open}), including the
+ terminating null character.
++
++@strong{Portability Note:} @Theglibc{} does not enforce this limit
++even if @code{PATH_MAX} is defined.
+ @end deftypevr
+ 
+ @cindex limits, pipe buffer size
+@@ -1476,6 +1482,9 @@ Inquire about the value of @code{POSIX_REC_MIN_XFER_SIZE}.
+ Inquire about the value of @code{POSIX_REC_XFER_ALIGN}.
+ @end table
+ 
++@strong{Portability Note:} On some systems, @theglibc{} does not
++enforce @code{_PC_NAME_MAX} or @code{_PC_PATH_MAX} limits.
++
+ @node Utility Limits
+ @section Utility Program Capacity Limits
+ 
+diff --git a/manual/filesys.texi b/manual/filesys.texi
+index 1df9cf2..814c210 100644
+--- a/manual/filesys.texi
++++ b/manual/filesys.texi
+@@ -444,9 +444,9 @@ symbols are declared in the header file @file{dirent.h}.
+ @comment POSIX.1
+ @deftypefun {struct dirent *} readdir (DIR *@var{dirstream})
+ This function reads the next entry from the directory.  It normally
+-returns a pointer to a structure containing information about the file.
+-This structure is statically allocated and can be rewritten by a
+-subsequent call.
++returns a pointer to a structure containing information about the
++file.  This structure is associated with the @var{dirstream} handle
++and can be rewritten by a subsequent call.
+ 
+ @strong{Portability Note:} On some systems @code{readdir} may not
+ return entries for @file{.} and @file{..}, even though these are always
+@@ -461,19 +461,61 @@ conditions are defined for this function:
+ The @var{dirstream} argument is not valid.
+ @end table
+ 
+-@code{readdir} is not thread safe.  Multiple threads using
+-@code{readdir} on the same @var{dirstream} may overwrite the return
+-value.  Use @code{readdir_r} when this is critical.
++To distinguish between an end-of-directory condition or an error, you
++must set @code{errno} to zero before calling @code{readdir}.  To avoid
++entering an infinite loop, you should stop reading from the directory
++after the first error.
++
++In POSIX.1-2008, @code{readdir} is not thread-safe.  In @theglibc{}
++implementation, it is safe to call @code{readdir} concurrently on
++different @var{dirstream}s, but multiple threads accessing the same
++@var{dirstream} result in undefined behavior.  @code{readdir_r} is a
++fully thread-safe alternative, but suffers from poor portability (see
++below).  It is recommended that you use @code{readdir}, with external
++locking if multiple threads access the same @var{dirstream}.
+ @end deftypefun
+ 
+ @comment dirent.h
+ @comment GNU
+ @deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result})
+-This function is the reentrant version of @code{readdir}.  Like
+-@code{readdir} it returns the next entry from the directory.  But to
+-prevent conflicts between simultaneously running threads the result is
+-not stored in statically allocated memory.  Instead the argument
+-@var{entry} points to a place to store the result.
++This function is a version of @code{readdir} which performs internal
++locking.  Like @code{readdir} it returns the next entry from the
++directory.  To prevent conflicts between simultaneously running
++threads the result is stored inside the @var{entry} object.
++
++@strong{Portability Note:} It is recommended to use @code{readdir}
++instead of @code{readdir_r} for the following reasons:
++
++@itemize @bullet
++@item
++On systems which do not define @code{NAME_MAX}, it may not be possible
++to use @code{readdir_r} safely because the caller does not specify the
++length of the buffer for the directory entry.
++
++@item
++On some systems, @code{readdir_r} cannot read directory entries with
++very long names.  If such a name is encountered, @theglibc{}
++implementation of @code{readdir_r} returns with an error code of
++@code{ENAMETOOLONG} after the final directory entry has been read.  On
++other systems, @code{readdir_r} may return successfully, but the
++@code{d_name} member may not be NUL-terminated or may be truncated.
++
++@item
++POSIX-1.2008 does not guarantee that @code{readdir} is thread-safe,
++even when access to the same @var{dirstream} is serialized.  But in
++current implementations (including @theglibc{}), it is safe to call
++@code{readdir} concurrently on different @var{dirstream}s, so there is
++no need to use @code{readdir_r} in most multi-threaded programs.  In
++the rare case that multiple threads need to read from the same
++@var{dirstream}, it is still better to use @code{readdir} and external
++synchronization.
++
++@item
++It is expected that future versions of POSIX will obsolete
++@code{readdir_r} and mandate the level of thread safety for
++@code{readdir} which is provided by @theglibc{} and other
++implementations today.
++@end itemize
+ 
+ Normally @code{readdir_r} returns zero and sets @code{*@var{result}}
+ to @var{entry}.  If there are no more entries in the directory or an
+@@ -481,15 +523,6 @@ error is detected, @code{readdir_r} sets @code{*@var{result}} to a
+ null pointer and returns a nonzero error code, also stored in
+ @code{errno}, as described for @code{readdir}.
+ 
+-@strong{Portability Note:} On some systems @code{readdir_r} may not
+-return a NUL terminated string for the file name, even when there is no
+-@code{d_reclen} field in @code{struct dirent} and the file
+-name is the maximum allowed size.  Modern systems all have the
+-@code{d_reclen} field, and on old systems multi-threading is not
+-critical.  In any case there is no such problem with the @code{readdir}
+-function, so that even on systems without the @code{d_reclen} member one
+-could use multiple threads by using external locking.
+-
+ It is also important to look at the definition of the @code{struct
+ dirent} type.  Simply passing a pointer to an object of this type for
+ the second parameter of @code{readdir_r} might not be enough.  Some
+diff --git a/sysdeps/posix/dirstream.h b/sysdeps/posix/dirstream.h
+index a7a074d..8e8570d 100644
+--- a/sysdeps/posix/dirstream.h
++++ b/sysdeps/posix/dirstream.h
+@@ -39,6 +39,8 @@ struct __dirstream
+ 
+     off_t filepos;		/* Position of next entry to read.  */
+ 
++    int errcode;		/* Delayed error code.  */
++
+     /* Directory block.  */
+     char data[0] __attribute__ ((aligned (__alignof__ (void*))));
+   };
+diff --git a/sysdeps/posix/opendir.c b/sysdeps/posix/opendir.c
+index ddfc3a7..fc05b0f 100644
+--- a/sysdeps/posix/opendir.c
++++ b/sysdeps/posix/opendir.c
+@@ -231,6 +231,7 @@ __alloc_dir (int fd, bool close_fd, int flags, const struct stat64 *statp)
+   dirp->size = 0;
+   dirp->offset = 0;
+   dirp->filepos = 0;
++  dirp->errcode = 0;
+ 
+   return dirp;
+ }
+diff --git a/sysdeps/posix/readdir_r.c b/sysdeps/posix/readdir_r.c
+index b5a8e2e..8ed5c3f 100644
+--- a/sysdeps/posix/readdir_r.c
++++ b/sysdeps/posix/readdir_r.c
+@@ -40,6 +40,7 @@ __READDIR_R (DIR *dirp, DIRENT_TYPE *entry, DIRENT_TYPE **result)
+   DIRENT_TYPE *dp;
+   size_t reclen;
+   const int saved_errno = errno;
++  int ret;
+ 
+   __libc_lock_lock (dirp->lock);
+ 
+@@ -70,10 +71,10 @@ __READDIR_R (DIR *dirp, DIRENT_TYPE *entry, DIRENT_TYPE **result)
+ 		  bytes = 0;
+ 		  __set_errno (saved_errno);
+ 		}
++	      if (bytes < 0)
++		dirp->errcode = errno;
+ 
+ 	      dp = NULL;
+-	      /* Reclen != 0 signals that an error occurred.  */
+-	      reclen = bytes != 0;
+ 	      break;
+ 	    }
+ 	  dirp->size = (size_t) bytes;
+@@ -106,29 +107,46 @@ __READDIR_R (DIR *dirp, DIRENT_TYPE *entry, DIRENT_TYPE **result)
+       dirp->filepos += reclen;
+ #endif
+ 
+-      /* Skip deleted files.  */
++#ifdef NAME_MAX
++      if (reclen > offsetof (DIRENT_TYPE, d_name) + NAME_MAX + 1)
++	{
++	  /* The record is very long.  It could still fit into the
++	     caller-supplied buffer if we can skip padding at the
++	     end.  */
++	  size_t namelen = _D_EXACT_NAMLEN (dp);
++	  if (namelen <= NAME_MAX)
++	    reclen = offsetof (DIRENT_TYPE, d_name) + namelen + 1;
++	  else
++	    {
++	      /* The name is too long.  Ignore this file.  */
++	      dirp->errcode = ENAMETOOLONG;
++	      dp->d_ino = 0;
++	      continue;
++	    }
++	}
++#endif
++
++      /* Skip deleted and ignored files.  */
+     }
+   while (dp->d_ino == 0);
+ 
+   if (dp != NULL)
+     {
+-#ifdef GETDENTS_64BIT_ALIGNED
+-      /* The d_reclen value might include padding which is not part of
+-	 the DIRENT_TYPE data structure.  */
+-      reclen = MIN (reclen,
+-		    offsetof (DIRENT_TYPE, d_name) + sizeof (dp->d_name));
+-#endif
+       *result = memcpy (entry, dp, reclen);
+-#ifdef GETDENTS_64BIT_ALIGNED
++#ifdef _DIRENT_HAVE_D_RECLEN
+       entry->d_reclen = reclen;
+ #endif
++      ret = 0;
+     }
+   else
+-    *result = NULL;
++    {
++      *result = NULL;
++      ret = dirp->errcode;
++    }
+ 
+   __libc_lock_unlock (dirp->lock);
+ 
+-  return dp != NULL ? 0 : reclen ? errno : 0;
++  return ret;
+ }
+ 
+ #ifdef __READDIR_R_ALIAS
+diff --git a/sysdeps/posix/rewinddir.c b/sysdeps/posix/rewinddir.c
+index 2935a8e..d4991ad 100644
+--- a/sysdeps/posix/rewinddir.c
++++ b/sysdeps/posix/rewinddir.c
+@@ -33,6 +33,7 @@ rewinddir (dirp)
+   dirp->filepos = 0;
+   dirp->offset = 0;
+   dirp->size = 0;
++  dirp->errcode = 0;
+ #ifndef NOT_IN_libc
+   __libc_lock_unlock (dirp->lock);
+ #endif
+diff --git a/sysdeps/unix/sysv/linux/i386/readdir64_r.c b/sysdeps/unix/sysv/linux/i386/readdir64_r.c
+index 8ebbcfd..a7d114e 100644
+--- a/sysdeps/unix/sysv/linux/i386/readdir64_r.c
++++ b/sysdeps/unix/sysv/linux/i386/readdir64_r.c
+@@ -18,7 +18,6 @@
+ #define __READDIR_R __readdir64_r
+ #define __GETDENTS __getdents64
+ #define DIRENT_TYPE struct dirent64
+-#define GETDENTS_64BIT_ALIGNED 1
+ 
+ #include <sysdeps/posix/readdir_r.c>
+ 
+diff --git a/sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c b/sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c
+index 5ed8e95..290f2c8 100644
+--- a/sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c
++++ b/sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c
+@@ -1,5 +1,4 @@
+ #define readdir64_r __no_readdir64_r_decl
+-#define GETDENTS_64BIT_ALIGNED 1
+ #include <sysdeps/posix/readdir_r.c>
+ #undef readdir64_r
+ weak_alias (__readdir_r, readdir64_r)
+-- 
+1.8.3.4
+
diff --git a/core/glibc/glibc-2.18-strstr-hackfix.patch b/core/glibc/glibc-2.18-strstr-hackfix.patch
new file mode 100644
index 000000000..6149f88bc
--- /dev/null
+++ b/core/glibc/glibc-2.18-strstr-hackfix.patch
@@ -0,0 +1,13 @@
+diff --git a/sysdeps/x86_64/multiarch/strstr.c b/sysdeps/x86_64/multiarch/strstr.c
+index cd63b68..03d8b9a 100644
+--- a/sysdeps/x86_64/multiarch/strstr.c
++++ b/sysdeps/x86_64/multiarch/strstr.c
+@@ -86,7 +86,7 @@
+ /* Simple replacement of movdqu to address 4KB boundary cross issue.
+    If EOS occurs within less than 16B before 4KB boundary, we don't
+    cross to next page.  */
+-static __m128i
++static inline __m128i
+ __m128i_strloadu (const unsigned char * p, __m128i zero)
+ {
+   if (__builtin_expect ((int) ((size_t) p & 0xfff) > 0xff0, 0))
diff --git a/core/glibc/nscd.service b/core/glibc/nscd.service
index bc80a0730..875570dc2 100644
--- a/core/glibc/nscd.service
+++ b/core/glibc/nscd.service
@@ -1,10 +1,11 @@
+# systemd service file for nscd
+
 [Unit]
 Description=Name Service Cache Daemon
-After=syslog.target
  
 [Service]
-Type=forking
-ExecStart=/usr/sbin/nscd
+Type=simple
+ExecStart=/usr/sbin/nscd --foreground
 ExecStop=/usr/sbin/nscd --shutdown
 ExecReload=/usr/sbin/nscd -i passwd
 ExecReload=/usr/sbin/nscd -i group
diff --git a/core/glibc/nscd.tmpfiles b/core/glibc/nscd.tmpfiles
index 8a24a785e..52edbba67 100644
--- a/core/glibc/nscd.tmpfiles
+++ b/core/glibc/nscd.tmpfiles
@@ -1 +1,4 @@
+# Configuration to create /run/nscd directory
+# Used as part of systemd's tmpfiles
+
 d /run/nscd 0755 root root
diff --git a/core/gpgme/PKGBUILD b/core/gpgme/PKGBUILD
index be4cba731..347c5b6fd 100644
--- a/core/gpgme/PKGBUILD
+++ b/core/gpgme/PKGBUILD
@@ -1,11 +1,11 @@
-# $Id: PKGBUILD 189898 2013-07-11 06:27:55Z tpowa $
+# $Id: PKGBUILD 192198 2013-08-07 12:41:11Z tpowa $
 # Maintainer: Tobias Powalowski <tpowa@archlinux.org>
 # Contributor: Roman Kyrylych <roman@archlinux.org>
 # Contributor: Sarah Hay <sarah@archlinux.org>
 
 pkgname=gpgme
 pkgver=1.4.2
-pkgrel=1
+pkgrel=2
 pkgdesc="A C wrapper library for GnuPG"
 arch=('i686' 'x86_64' 'mips64el')
 url="http://www.gnupg.org/related_software/gpgme/"
@@ -19,7 +19,8 @@ md5sums=('c8cb345ba7c0353e47bdf3c5c05e49be'
 
 build() {
   cd ${srcdir}/${pkgname}-${pkgver}
-  ./configure --prefix=/usr --disable-static --disable-gpgsm-test
+  ./configure --prefix=/usr --disable-fd-passing --disable-static \
+              --disable-gpgsm-test
   make
 }
 
diff --git a/core/iproute2/PKGBUILD b/core/iproute2/PKGBUILD
index 47e721da8..4f40ea294 100644
--- a/core/iproute2/PKGBUILD
+++ b/core/iproute2/PKGBUILD
@@ -1,10 +1,10 @@
-# $Id: PKGBUILD 187029 2013-06-03 11:15:12Z allan $
+# $Id: PKGBUILD 192132 2013-08-06 06:57:03Z bpiotrowski $
 # Maintainer: Ronald van Haren <ronald.archlinux.org>
 # Contributor: Judd Vinet <jvinet@zeroflux.org>
 
 pkgname=iproute2
-pkgver=3.9.0
-pkgrel=2
+pkgver=3.10.0
+pkgrel=1
 pkgdesc="IP Routing Utilities"
 arch=('i686' 'x86_64' 'mips64el')
 license=('GPL2')
@@ -20,8 +20,8 @@ options=('!makeflags')
 backup=('etc/iproute2/ematch_map' 'etc/iproute2/rt_dsfield' 'etc/iproute2/rt_protos' \
 	'etc/iproute2/rt_realms' 'etc/iproute2/rt_scopes' 'etc/iproute2/rt_tables')
 source=(http://www.kernel.org/pub/linux/utils/net/$pkgname/$pkgname-$pkgver.tar.xz
-         iproute2-fhs.patch)
-sha1sums=('3f48a6d3019f1766f26cda6c4de5d3858837d92b'
+        iproute2-fhs.patch)
+sha1sums=('e94b5dc9dc586006b272f67134ec07f6fbc81bd7'
           '35b8cf2dc94b73eccad427235c07596146cd6f6c')
 
 prepare() {
diff --git a/core/iputils/PKGBUILD b/core/iputils/PKGBUILD
index f0a0d9d73..059d69140 100644
--- a/core/iputils/PKGBUILD
+++ b/core/iputils/PKGBUILD
@@ -1,14 +1,14 @@
-# $Id: PKGBUILD 185694 2013-05-17 11:13:03Z stephane $
+# $Id: PKGBUILD 192554 2013-08-14 06:31:20Z tpowa $
 # Maintainer: Stéphane Gaudreault <stephane@archlinux.org>
 # Maintainer: Tobias Powalowski <tpowa@archlinux.org>
 # Contributor: Aaron Griffin <aaron@archlinux.org>
 
 pkgname=iputils
 pkgver=20121221
-pkgrel=2
+pkgrel=3
 pkgdesc="Network monitoring tools, including ping"
 arch=('i686' 'x86_64' 'mips64el')
-license=('GPL' 'BSD')
+license=('GPL')
 url="http://www.skbuff.net/iputils/"
 groups=('base')
 depends=('openssl' 'sysfsutils' 'libcap')
diff --git a/core/libusbx/0001-linux-Use-a-separate-lock-to-serialize-start-stop-vs.patch b/core/libusbx/0001-linux-Use-a-separate-lock-to-serialize-start-stop-vs.patch
new file mode 100644
index 000000000..b66abd48f
--- /dev/null
+++ b/core/libusbx/0001-linux-Use-a-separate-lock-to-serialize-start-stop-vs.patch
@@ -0,0 +1,103 @@
+From daf4c9fadaf8a49198c53c039bf78980dc251a4b Mon Sep 17 00:00:00 2001
+From: Hans de Goede <hdegoede@redhat.com>
+Date: Tue, 30 Jul 2013 15:57:16 +0200
+Subject: [PATCH 1/2] linux: Use a separate lock to serialize start/stop vs
+ hotplug events
+
+Using one lock for this is a bad idea, as we should not be holding any
+locks used by the hotplug thread when trying to stop otherwise the stop
+function may wait indefinetely in pthread_join, while the event-thread
+is waiting for the lock the caller of the stop function holds.
+
+Using 2 separate locks for this should fix this deadlock, which has been
+reported here: https://bugzilla.redhat.com/show_bug.cgi?id=985484
+
+Many thanks to Chris Dickens for figuring out the cause of this deadlock!
+
+CC: Chris Dickens <christopher.a.dickens@gmail.com>
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+---
+ libusb/os/linux_usbfs.c | 24 +++++++++++++++++-------
+ libusb/version_nano.h   |  2 +-
+ 2 files changed, 18 insertions(+), 8 deletions(-)
+
+diff --git a/libusb/os/linux_usbfs.c b/libusb/os/linux_usbfs.c
+index 09288af..90e23b7 100644
+--- a/libusb/os/linux_usbfs.c
++++ b/libusb/os/linux_usbfs.c
+@@ -120,7 +120,9 @@ static int sysfs_has_descriptors = -1;
+ /* how many times have we initted (and not exited) ? */
+ static volatile int init_count = 0;
+ 
+-/* Serialize hotplug start/stop, scan-devices, event-thread, and poll */
++/* Serialize hotplug start/stop */
++usbi_mutex_static_t linux_hotplug_startstop_lock = USBI_MUTEX_INITIALIZER;
++/* Serialize scan-devices, event-thread, and poll */
+ usbi_mutex_static_t linux_hotplug_lock = USBI_MUTEX_INITIALIZER;
+ 
+ static int linux_start_event_monitor(void);
+@@ -419,7 +421,7 @@ static int op_init(struct libusb_context *ctx)
+ 	if (sysfs_has_descriptors)
+ 		usbi_dbg("sysfs has complete descriptors");
+ 
+-	usbi_mutex_static_lock(&linux_hotplug_lock);
++	usbi_mutex_static_lock(&linux_hotplug_startstop_lock);
+ 	r = LIBUSB_SUCCESS;
+ 	if (init_count == 0) {
+ 		/* start up hotplug event handler */
+@@ -433,20 +435,20 @@ static int op_init(struct libusb_context *ctx)
+ 			linux_stop_event_monitor();
+ 	} else
+ 		usbi_err(ctx, "error starting hotplug event monitor");
+-	usbi_mutex_static_unlock(&linux_hotplug_lock);
++	usbi_mutex_static_unlock(&linux_hotplug_startstop_lock);
+ 
+ 	return r;
+ }
+ 
+ static void op_exit(void)
+ {
+-	usbi_mutex_static_lock(&linux_hotplug_lock);
++	usbi_mutex_static_lock(&linux_hotplug_startstop_lock);
+ 	assert(init_count != 0);
+ 	if (!--init_count) {
+ 		/* tear down event handler */
+ 		(void)linux_stop_event_monitor();
+ 	}
+-	usbi_mutex_static_unlock(&linux_hotplug_lock);
++	usbi_mutex_static_unlock(&linux_hotplug_startstop_lock);
+ }
+ 
+ static int linux_start_event_monitor(void)
+@@ -469,11 +471,19 @@ static int linux_stop_event_monitor(void)
+ 
+ static int linux_scan_devices(struct libusb_context *ctx)
+ {
++	int ret;
++
++	usbi_mutex_static_lock(&linux_hotplug_lock);
++
+ #if defined(USE_UDEV)
+-	return linux_udev_scan_devices(ctx);
++	ret = linux_udev_scan_devices(ctx);
+ #else
+-	return linux_default_scan_devices(ctx);
++	ret = linux_default_scan_devices(ctx);
+ #endif
++
++	usbi_mutex_static_unlock(&linux_hotplug_lock);
++
++	return ret;
+ }
+ 
+ static void op_hotplug_poll(void)
+diff --git a/libusb/version_nano.h b/libusb/version_nano.h
+index ebf41e1..34e26ff 100644
+--- a/libusb/version_nano.h
++++ b/libusb/version_nano.h
+@@ -1 +1 @@
+-#define LIBUSB_NANO 10774
++#define LIBUSB_NANO 10777
+-- 
+1.8.3.1
+
diff --git a/core/libusbx/0002-hotplug-Remove-use-of-pthread_cancel-from-linux_udev.patch b/core/libusbx/0002-hotplug-Remove-use-of-pthread_cancel-from-linux_udev.patch
new file mode 100644
index 000000000..5342fbe70
--- /dev/null
+++ b/core/libusbx/0002-hotplug-Remove-use-of-pthread_cancel-from-linux_udev.patch
@@ -0,0 +1,141 @@
+From 852efb5a3e82de43cf6288e9904cb254ff636aa0 Mon Sep 17 00:00:00 2001
+From: Chris Dickens <christopher.a.dickens@gmail.com>
+Date: Sat, 20 Jul 2013 13:01:41 -0700
+Subject: [PATCH 2/2] hotplug: Remove use of pthread_cancel from linux_udev
+
+Using pthread_cancel() presents the opportunity for deadlock, so
+use a control pipe to cause the event thread to gracefully exit.
+
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+---
+ libusb/os/linux_udev.c | 63 ++++++++++++++++++++++++++++++++++++++------------
+ libusb/version_nano.h  |  2 +-
+ 2 files changed, 49 insertions(+), 16 deletions(-)
+
+diff --git a/libusb/os/linux_udev.c b/libusb/os/linux_udev.c
+index 5a2aadf..70f632d 100644
+--- a/libusb/os/linux_udev.c
++++ b/libusb/os/linux_udev.c
+@@ -46,6 +46,7 @@
+ /* udev context */
+ static struct udev *udev_ctx = NULL;
+ static int udev_monitor_fd = -1;
++static int udev_control_pipe[2] = {-1, -1};
+ static struct udev_monitor *udev_monitor = NULL;
+ static pthread_t linux_event_thread;
+ 
+@@ -95,14 +96,23 @@ int linux_udev_start_event_monitor(void)
+ 		goto err_free_monitor;
+ 	}
+ 
++	r = usbi_pipe(udev_control_pipe);
++	if (r) {
++		usbi_err(NULL, "could not create udev control pipe");
++		goto err_free_monitor;
++	}
++
+ 	r = pthread_create(&linux_event_thread, NULL, linux_udev_event_thread_main, NULL);
+ 	if (r) {
+ 		usbi_err(NULL, "creating hotplug event thread (%d)", r);
+-		goto err_free_monitor;
++		goto err_close_pipe;
+ 	}
+ 
+ 	return LIBUSB_SUCCESS;
+ 
++err_close_pipe:
++	close(udev_control_pipe[0]);
++	close(udev_control_pipe[1]);
+ err_free_monitor:
+ 	udev_monitor_unref(udev_monitor);
+ 	udev_monitor = NULL;
+@@ -115,14 +125,19 @@ err_free_ctx:
+ 
+ int linux_udev_stop_event_monitor(void)
+ {
++	char dummy = 1;
++	int r;
++
+ 	assert(udev_ctx != NULL);
+ 	assert(udev_monitor != NULL);
+ 	assert(udev_monitor_fd != -1);
+ 
+-	/* Cancel the event thread. This is the only way to guarantee the
+-	   thread exits since closing the monitor fd won't necessarily cause
+-	   poll to return. */
+-	pthread_cancel(linux_event_thread);
++	/* Write some dummy data to the control pipe and
++	 * wait for the thread to exit */
++	r = usbi_write(udev_control_pipe[1], &dummy, sizeof(dummy));
++	if (r <= 0) {
++		usbi_warn(NULL, "udev control pipe signal failed");
++	}
+ 	pthread_join(linux_event_thread, NULL);
+ 
+ 	/* Release the udev monitor */
+@@ -134,27 +149,45 @@ int linux_udev_stop_event_monitor(void)
+ 	udev_unref(udev_ctx);
+ 	udev_ctx = NULL;
+ 
++	/* close and reset control pipe */
++	close(udev_control_pipe[0]);
++	close(udev_control_pipe[1]);
++	udev_control_pipe[0] = -1;
++	udev_control_pipe[1] = -1;
++
+ 	return LIBUSB_SUCCESS;
+ }
+ 
+ static void *linux_udev_event_thread_main(void *arg)
+ {
++	char dummy;
++	int r;
+ 	struct udev_device* udev_dev;
+-	struct pollfd fds = {.fd = udev_monitor_fd,
+-			     .events = POLLIN};
++	struct pollfd fds[] = {
++		{.fd = udev_control_pipe[0],
++		 .events = POLLIN},
++		{.fd = udev_monitor_fd,
++		 .events = POLLIN},
++	};
+ 
+ 	usbi_dbg("udev event thread entering.");
+ 
+-	while (1 == poll(&fds, 1, -1)) {
+-		if (NULL == udev_monitor || POLLIN != fds.revents) {
++	while (poll(fds, 2, -1) >= 0) {
++		if (fds[0].revents & POLLIN) {
++			/* activity on control pipe, read the byte and exit */
++			r = usbi_read(udev_control_pipe[0], &dummy, sizeof(dummy));
++			if (r <= 0) {
++				usbi_warn(NULL, "udev control pipe read failed");
++			}
+ 			break;
+ 		}
+-
+-		usbi_mutex_static_lock(&linux_hotplug_lock);
+-		udev_dev = udev_monitor_receive_device(udev_monitor);
+-		if (udev_dev)
+-			udev_hotplug_event(udev_dev);
+-		usbi_mutex_static_unlock(&linux_hotplug_lock);
++		if (fds[1].revents & POLLIN) {
++			usbi_mutex_static_lock(&linux_hotplug_lock);
++			udev_dev = udev_monitor_receive_device(udev_monitor);
++			if (udev_dev)
++				udev_hotplug_event(udev_dev);
++			usbi_mutex_static_unlock(&linux_hotplug_lock);
++		}
+ 	}
+ 
+ 	usbi_dbg("udev event thread exiting");
+diff --git a/libusb/version_nano.h b/libusb/version_nano.h
+index 34e26ff..39ad7e3 100644
+--- a/libusb/version_nano.h
++++ b/libusb/version_nano.h
+@@ -1 +1 @@
+-#define LIBUSB_NANO 10777
++#define LIBUSB_NANO 10778
+-- 
+1.8.3.1
+
diff --git a/core/libusbx/PKGBUILD b/core/libusbx/PKGBUILD
index 31daad167..8dc78efd1 100644
--- a/core/libusbx/PKGBUILD
+++ b/core/libusbx/PKGBUILD
@@ -1,19 +1,30 @@
-# $Id: PKGBUILD 191277 2013-07-23 09:46:53Z tpowa $
+# $Id: PKGBUILD 192163 2013-08-06 15:03:05Z tpowa $
 # Maintainer: Tobias Powalowski <tpowa@archlinux.org>
 pkgname=libusbx
 pkgver=1.0.16
-pkgrel=1
+pkgrel=2
 depends=('glibc' 'systemd')
 pkgdesc="Library that provides generic access to USB device"
 arch=(i686 x86_64 mips64el)
 url="http://libusbx.org"
 license=('LGPL')
-source=(http://downloads.sourceforge.net/${pkgname}/releases/${pkgver}/${pkgname}-${pkgver}.tar.bz2)
+source=(http://downloads.sourceforge.net/${pkgname}/releases/${pkgver}/${pkgname}-${pkgver}.tar.bz2
+        0001-linux-Use-a-separate-lock-to-serialize-start-stop-vs.patch
+        0002-hotplug-Remove-use-of-pthread_cancel-from-linux_udev.patch)
 options=(!libtool)
 replaces=('libusb1' 'libusb')
 provides=("libusb=$pkgver")
 conflicts=("libusb")
+md5sums=('7f5715d624cd6c26b30a317eb6c2fe5e'
+         'dad04322621fe7cabd2fe631c6d9929f'
+         '259238c92c92f8b3df5dcad0db8aaf2f')
 
+prepare() {
+  cd "${srcdir}/${pkgname}-${pkgver}"
+  # fix #36418
+  patch -Np1 -i ../0001-linux-Use-a-separate-lock-to-serialize-start-stop-vs.patch
+  patch -Np1 -i ../0002-hotplug-Remove-use-of-pthread_cancel-from-linux_udev.patch
+}
 build() {
   cd "${srcdir}/${pkgname}-${pkgver}"
   ./configure --prefix=/usr --disable-static
@@ -29,4 +40,3 @@ package () {
   cd "${srcdir}/${pkgname}-${pkgver}"
   make DESTDIR="${pkgdir}" install
 }
-md5sums=('7f5715d624cd6c26b30a317eb6c2fe5e')
diff --git a/core/logrotate/PKGBUILD b/core/logrotate/PKGBUILD
index 0243b31ed..8066904f1 100644
--- a/core/logrotate/PKGBUILD
+++ b/core/logrotate/PKGBUILD
@@ -1,8 +1,8 @@
-# $Id: PKGBUILD 188802 2013-06-21 12:38:33Z pierre $
+# $Id: PKGBUILD 192722 2013-08-14 17:32:14Z pierre $
 # Maintainer: Pierre Schmitz <pierre@archlinux.de>
 
 pkgname=logrotate
-pkgver=3.8.5
+pkgver=3.8.6
 pkgrel=1
 pkgdesc="Rotates system logs automatically"
 arch=('i686' 'x86_64' 'mips64el')
@@ -16,7 +16,7 @@ source=("https://fedorahosted.org/releases/l/o/logrotate/logrotate-${pkgver}.tar
         'paths.patch'
         'logrotate.conf'
         'logrotate.cron.daily')
-md5sums=('d3c13e2a963a55c584cfaa83e96b173d'
+md5sums=('cd0082bbd7248e627ec659f2442fcdf9'
          'e76526bcd6fc33c9d921e1cb1eff1ffb'
          '86209d257c8b8bc0ae34d6f6ef057c0f'
          '3909380f8a55fa160f62ed976a8bef4b')
diff --git a/core/run-parts/PKGBUILD b/core/run-parts/PKGBUILD
index d37232a68..ff1637356 100644
--- a/core/run-parts/PKGBUILD
+++ b/core/run-parts/PKGBUILD
@@ -1,8 +1,8 @@
-# $Id: PKGBUILD 167702 2012-10-03 08:21:43Z pierre $
+# $Id: PKGBUILD 192723 2013-08-14 17:32:15Z pierre $
 # Maintainer: Pierre Schmitz <pierre@archlinux.de>
 
 pkgname=run-parts
-pkgver=4.3.4
+pkgver=4.4
 pkgrel=1
 pkgdesc='run scripts or programs in a directory'
 arch=('i686' 'x86_64' 'mips64el')
@@ -10,7 +10,7 @@ url='http://packages.qa.debian.org/d/debianutils.html'
 license=('GPL')
 depends=('glibc')
 source=("ftp://ftp.archlinux.org/other/run-parts/debianutils_${pkgver}.tar.gz")
-sha256sums=('1739976cb62b85e641ee36859a87dfb8e4c3214e1043b6bb00b56b87e96a19f5')
+sha256sums=('190850cdd6b5302e0a1ba1aaed1bc7074d67d3bd8d04c613f242f7145afa53a6')
 
 build() {
 	cd $srcdir/debianutils-$pkgver
diff --git a/core/util-linux/PKGBUILD b/core/util-linux/PKGBUILD
index 0d33104f1..ee267fb16 100644
--- a/core/util-linux/PKGBUILD
+++ b/core/util-linux/PKGBUILD
@@ -1,10 +1,11 @@
-# $Id: PKGBUILD 187046 2013-06-03 11:15:40Z allan $
+# $Id: PKGBUILD 192147 2013-08-06 13:08:02Z tomegun $
 # Maintainer: Tom Gundersen <teg@jklm.no>
+# Maintainer: Dave Reisner <dreisner@archlinux.org>
 # Contributor: judd <jvinet@zeroflux.org>
 
 pkgname=util-linux
-pkgver=2.23.1
-pkgrel=2
+pkgver=2.23.2
+pkgrel=1
 pkgdesc="Miscellaneous system utilities for Linux"
 url="http://www.kernel.org/pub/linux/utils/util-linux/"
 arch=('i686' 'x86_64' 'mips64el')
@@ -27,7 +28,7 @@ backup=(etc/pam.d/chfn
         etc/pam.d/su
         etc/pam.d/su-l)
 install=util-linux.install
-md5sums=('33ba55ce82f8e3b8d7a38fac0f62779a'
+md5sums=('b39fde897334a4858bb2098edcce5b3f'
          'a39554bfd65cccfd8254bb46922f4a67'
          '4368b3f98abd8a32662e094c54e7f9b1'
          'a31374fef2cba0ca34dfc7078e2969e4'