12 files changed, 108 insertions, 538 deletions
diff --git a/package/busybox/Config.in b/package/busybox/Config.in
index 68abf16f5..9e957e122 100644
--- a/package/busybox/Config.in
+++ b/package/busybox/Config.in
@@ -45,7 +45,7 @@ config BR2_BUSYBOX_VERSION
 	default "1.13.4"	if BR2_BUSYBOX_VERSION_1_13_X
 	default "1.14.4"	if BR2_BUSYBOX_VERSION_1_14_X
 	default "1.15.3"	if BR2_BUSYBOX_VERSION_1_15_X
-	default "1.16.1"	if BR2_BUSYBOX_VERSION_1_16_X
+	default "1.16.2"	if BR2_BUSYBOX_VERSION_1_16_X
 
 config BR2_PACKAGE_BUSYBOX_FULLINSTALL
 	bool "Run BusyBox's own full installation"
diff --git a/package/busybox/busybox-1.16.1-ash.patch b/package/busybox/busybox-1.16.1-ash.patch
deleted file mode 100644
index 629874e21..000000000
--- a/package/busybox/busybox-1.16.1-ash.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-diff -urpN busybox-1.16.1/shell/ash.c busybox-1.16.1-ash/shell/ash.c
---- busybox-1.16.1/shell/ash.c	2010-03-28 19:44:04.000000000 +0200
-+++ busybox-1.16.1-ash/shell/ash.c	2010-04-26 14:18:36.000000000 +0200
-@@ -5424,7 +5424,11 @@ rmescapes(char *str, int flag)
- 		size_t fulllen = len + strlen(p) + 1;
- 
- 		if (flag & RMESCAPE_GROW) {
-+			int strloc = str - (char *)stackblock();
- 			r = makestrspace(fulllen, expdest);
-+			/* p and str may be invalidated by makestrspace */
-+			str = (char *)stackblock() + strloc;
-+			p = str + len;
- 		} else if (flag & RMESCAPE_HEAP) {
- 			r = ckmalloc(fulllen);
- 		} else {
diff --git a/package/busybox/busybox-1.16.1-cpio.patch b/package/busybox/busybox-1.16.1-cpio.patch
deleted file mode 100644
index e8282bd9d..000000000
--- a/package/busybox/busybox-1.16.1-cpio.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-diff -urpN busybox-1.16.1/archival/cpio.c busybox-1.16.1-cpio/archival/cpio.c
---- busybox-1.16.1/archival/cpio.c	2010-03-20 03:58:07.000000000 +0100
-+++ busybox-1.16.1-cpio/archival/cpio.c	2010-04-27 08:15:37.000000000 +0200
-@@ -424,7 +424,7 @@ int cpio_main(int argc UNUSED_PARAM, cha
- 	if (archive_handle->cpio__blocks != (off_t)-1
- 	 && !(opt & CPIO_OPT_QUIET)
- 	) {
--		printf("%"OFF_FMT"u blocks\n", archive_handle->cpio__blocks);
-+		fprintf(stderr, "%"OFF_FMT"u blocks\n", archive_handle->cpio__blocks);
- 	}
- 
- 	return EXIT_SUCCESS;
-diff -urpN busybox-1.16.1/testsuite/cpio.tests busybox-1.16.1-cpio/testsuite/cpio.tests
---- busybox-1.16.1/testsuite/cpio.tests	2010-03-28 19:59:59.000000000 +0200
-+++ busybox-1.16.1-cpio/testsuite/cpio.tests	2010-04-27 08:15:37.000000000 +0200
-@@ -32,7 +32,7 @@ rm -rf cpio.testdir cpio.testdir2 2>/dev
- # testing "test name" "command" "expected result" "file input" "stdin"
- 
- testing "cpio extracts zero-sized hardlinks" \
--"$ECHO -ne '$hexdump' | bzcat | cpio -i; echo \$?;
-+"$ECHO -ne '$hexdump' | bzcat | cpio -i 2>&1; echo \$?;
- ls -ln cpio.testdir | $FILTER_LS" \
- "\
- 1 blocks
-@@ -45,7 +45,7 @@ ls -ln cpio.testdir | $FILTER_LS" \
- 
- test x"$SKIP_KNOWN_BUGS" = x"" && {
- # Currently fails. Numerous buglets: "1 blocks" versus "1 block",
--# "1 block" must go to stderr, does not list cpio.testdir/x and cpio.testdir/y
-+# does not list cpio.testdir/x and cpio.testdir/y
- testing "cpio lists hardlinks" \
- "$ECHO -ne '$hexdump' | bzcat | cpio -t 2>&1; echo \$?" \
- "\
-@@ -70,7 +70,7 @@ ln cpio.testdir/nonempty cpio.testdir/no
- mkdir cpio.testdir2
- 
- testing "cpio extracts zero-sized hardlinks 2" \
--"find cpio.testdir | cpio -H newc --create | (cd cpio.testdir2 && cpio -i); echo \$?;
-+"find cpio.testdir | cpio -H newc --create | (cd cpio.testdir2 && cpio -i 2>&1); echo \$?;
- ls -ln cpio.testdir2/cpio.testdir | $FILTER_LS" \
- "\
- 2 blocks
-@@ -87,7 +87,7 @@ ls -ln cpio.testdir2/cpio.testdir | $FIL
- # Was trying to create "/usr/bin", correct is "usr/bin".
- rm -rf cpio.testdir
- testing "cpio -p with absolute paths" \
--"echo /usr/bin | cpio -dp cpio.testdir; echo \$?;
-+"echo /usr/bin | cpio -dp cpio.testdir 2>&1; echo \$?;
- ls cpio.testdir" \
- "\
- 1 blocks
diff --git a/package/busybox/busybox-1.16.1-dhcpd.patch b/package/busybox/busybox-1.16.1-dhcpd.patch
deleted file mode 100644
index 6867e2476..000000000
--- a/package/busybox/busybox-1.16.1-dhcpd.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -urpN busybox-1.16.1/networking/udhcp/leases.c busybox-1.16.1-dhcpd/networking/udhcp/leases.c
---- busybox-1.16.1/networking/udhcp/leases.c	2010-03-28 19:43:36.000000000 +0200
-+++ busybox-1.16.1-dhcpd/networking/udhcp/leases.c	2010-05-15 20:47:08.000000000 +0200
-@@ -64,6 +64,8 @@ struct dyn_lease* FAST_FUNC add_lease(
- 		oldest->hostname[0] = '\0';
- 		if (hostname) {
- 			char *p;
-+
-+			hostname_len++; /* include NUL */
- 			if (hostname_len > sizeof(oldest->hostname))
- 				hostname_len = sizeof(oldest->hostname);
- 			p = safe_strncpy(oldest->hostname, hostname, hostname_len);
diff --git a/package/busybox/busybox-1.16.1-dnsd.patch b/package/busybox/busybox-1.16.1-dnsd.patch
deleted file mode 100644
index bbcd11672..000000000
--- a/package/busybox/busybox-1.16.1-dnsd.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-diff -urpN busybox-1.16.1/include/platform.h busybox-1.16.1-dnsd/include/platform.h
---- busybox-1.16.1/include/platform.h	2010-03-28 19:43:35.000000000 +0200
-+++ busybox-1.16.1-dnsd/include/platform.h	2010-04-14 19:06:10.000000000 +0200
-@@ -291,10 +291,12 @@ typedef unsigned smalluint;
- #if 1 /* if needed: !defined(arch1) && !defined(arch2) */
- # define ALIGN1 __attribute__((aligned(1)))
- # define ALIGN2 __attribute__((aligned(2)))
-+# define ALIGN4 __attribute__((aligned(4)))
- #else
- /* Arches which MUST have 2 or 4 byte alignment for everything are here */
- # define ALIGN1
- # define ALIGN2
-+# define ALIGN4
- #endif
- 
- 
-diff -urpN busybox-1.16.1/networking/dnsd.c busybox-1.16.1-dnsd/networking/dnsd.c
---- busybox-1.16.1/networking/dnsd.c	2010-03-28 19:43:36.000000000 +0200
-+++ busybox-1.16.1-dnsd/networking/dnsd.c	2010-04-26 14:20:25.000000000 +0200
-@@ -44,10 +44,15 @@ struct dns_head {
- 	uint16_t nauth;
- 	uint16_t nadd;
- };
-+/* Structure used to access type and class fields.
-+ * They are totally unaligned, but gcc 4.3.4 thinks that pointer of type uint16_t*
-+ * is 16-bit aligned and replaces 16-bit memcpy (in move_from_unaligned16 macro)
-+ * with aligned halfword access on arm920t!
-+ * Oh well. Slapping PACKED everywhere seems to help: */
- struct dns_prop {
--	uint16_t type;
--	uint16_t class;
--};
-+	uint16_t type PACKED;
-+	uint16_t class PACKED;
-+} PACKED;
- /* element of known name, ip address and reversed ip address */
- struct dns_entry {
- 	struct dns_entry *next;
-@@ -459,7 +464,8 @@ int dnsd_main(int argc UNUSED_PARAM, cha
- 	unsigned lsa_size;
- 	int udps, opts;
- 	uint16_t port = 53;
--	uint8_t buf[MAX_PACK_LEN + 1];
-+	/* Ensure buf is 32bit aligned (we need 16bit, but 32bit can't hurt) */
-+	uint8_t buf[MAX_PACK_LEN + 1] ALIGN4;
- 
- 	opts = getopt32(argv, "vi:c:t:p:d", &listen_interface, &fileconf, &sttl, &sport);
- 	//if (opts & 0x1) // -v
diff --git a/package/busybox/busybox-1.16.1-hwclock.patch b/package/busybox/busybox-1.16.1-hwclock.patch
deleted file mode 100644
index 63350aeb3..000000000
--- a/package/busybox/busybox-1.16.1-hwclock.patch
+++ /dev/null
@@ -1,152 +0,0 @@
-diff -urpN busybox-1.16.1/util-linux/hwclock.c busybox-1.16.1-hwclock/util-linux/hwclock.c
---- busybox-1.16.1/util-linux/hwclock.c	2010-03-19 19:58:07.000000000 -0700
-+++ busybox-1.16.1-hwclock/util-linux/hwclock.c	2010-04-14 09:29:37.889208237 -0700
-@@ -109,10 +109,53 @@ static void to_sys_clock(const char **pp
- 
- static void from_sys_clock(const char **pp_rtcname, int utc)
- {
--#define TWEAK_USEC 200
--	struct tm tm_time;
-+#if 1
- 	struct timeval tv;
-+	struct tm tm_time;
-+	int rtc;
-+
-+	rtc = rtc_xopen(pp_rtcname, O_WRONLY);
-+	gettimeofday(&tv, NULL);
-+	/* Prepare tm_time */
-+	if (sizeof(time_t) == sizeof(tv.tv_sec)) {
-+		if (utc)
-+			gmtime_r((time_t*)&tv.tv_sec, &tm_time);
-+		else
-+			localtime_r((time_t*)&tv.tv_sec, &tm_time);
-+	} else {
-+		time_t t = tv.tv_sec;
-+		if (utc)
-+			gmtime_r(&t, &tm_time);
-+		else
-+			localtime_r(&t, &tm_time);
-+	}
-+#else
-+/* Bloated code which tries to set hw clock with better precision.
-+ * On x86, even though code does set hw clock within <1ms of exact
-+ * whole seconds, apparently hw clock (at least on some machines)
-+ * doesn't reset internal fractional seconds to 0,
-+ * making all this a pointless excercise.
-+ */
-+	/* If we see that we are N usec away from whole second,
-+	 * we'll sleep for N-ADJ usecs. ADJ corrects for the fact
-+	 * that CPU is not infinitely fast.
-+	 * On infinitely fast CPU, next wakeup would be
-+	 * on (exactly_next_whole_second - ADJ). On real CPUs,
-+	 * this difference between current time and whole second
-+	 * is less than ADJ (assuming system isn't heavily loaded).
-+	 */
-+	/* Small value of 256us gives very precise sync for 2+ GHz CPUs.
-+	 * Slower CPUs will fail to sync and will go to bigger
-+	 * ADJ values. qemu-emulated armv4tl with ~100 MHz
-+	 * performance ends up using ADJ ~= 4*1024 and it takes
-+	 * 2+ secs (2 tries with successively larger ADJ)
-+	 * to sync. Even straced one on the same qemu (very slow)
-+	 * takes only 4 tries.
-+	 */
-+#define TWEAK_USEC 256
- 	unsigned adj = TWEAK_USEC;
-+	struct tm tm_time;
-+	struct timeval tv;
- 	int rtc = rtc_xopen(pp_rtcname, O_WRONLY);
- 
- 	/* Try to catch the moment when whole second is close */
-@@ -124,55 +167,64 @@ static void from_sys_clock(const char **
- 
- 		t = tv.tv_sec;
- 		rem_usec = 1000000 - tv.tv_usec;
--		if (rem_usec < 1024) {
--			/* Less than 1ms to next second. Good enough */
-+		if (rem_usec < adj) {
-+			/* Close enough */
-  small_rem:
- 			t++;
- 		}
- 
--		/* Prepare tm */
-+		/* Prepare tm_time from t */
- 		if (utc)
- 			gmtime_r(&t, &tm_time); /* may read /etc/xxx (it takes time) */
- 		else
- 			localtime_r(&t, &tm_time); /* same */
--		tm_time.tm_isdst = 0;
-+
-+		if (adj >= 32*1024) {
-+			break; /* 32 ms diff and still no luck?? give up trying to sync */
-+		}
- 
- 		/* gmtime/localtime took some time, re-get cur time */
- 		gettimeofday(&tv, NULL);
- 
--		if (tv.tv_sec < t /* may happen if rem_usec was < 1024 */
--		 || (tv.tv_sec == t && tv.tv_usec < 1024)
-+		if (tv.tv_sec < t /* we are still in old second */
-+		 || (tv.tv_sec == t && tv.tv_usec < adj) /* not too far into next second */
- 		) {
--			/* We are not too far into next second. Good. */
--			break;
--		}
--		adj += 32; /* 2^(10-5) = 2^5 = 32 iterations max */
--		if (adj >= 1024) {
--			/* Give up trying to sync */
--			break;
-+			break; /* good, we are in sync! */
- 		}
- 
--		/* Try to sync up by sleeping */
- 		rem_usec = 1000000 - tv.tv_usec;
--		if (rem_usec < 1024) {
--			goto small_rem; /* already close, don't sleep */
-+		if (rem_usec < adj) {
-+			t = tv.tv_sec;
-+			goto small_rem; /* already close to next sec, don't sleep */
- 		}
--		/* Need to sleep.
--		 * Note that small adj on slow processors can make us
--		 * to always overshoot tv.tv_usec < 1024 check on next
--		 * iteration. That's why adj is increased on each iteration.
--		 * This also allows it to be reused as a loop limiter.
--		 */
--		usleep(rem_usec - adj);
--	}
- 
--	xioctl(rtc, RTC_SET_TIME, &tm_time);
-+		/* Try to sync up by sleeping */
-+		usleep(rem_usec - adj);
- 
--	/* Debug aid to find "good" TWEAK_USEC.
-+		/* Jump to 1ms diff, then increase fast (x2): EVERY loop
-+		 * takes ~1 sec, people won't like slowly converging code here!
-+		 */
-+	//bb_error_msg("adj:%d tv.tv_usec:%d", adj, (int)tv.tv_usec);
-+		if (adj < 512)
-+			adj = 512;
-+		/* ... and if last "overshoot" does not look insanely big,
-+		 * just use it as adj increment. This makes convergence faster.
-+		 */
-+		if (tv.tv_usec < adj * 8) {
-+			adj += tv.tv_usec;
-+			continue;
-+		}
-+		adj *= 2;
-+	}
-+	/* Debug aid to find "optimal" TWEAK_USEC with nearly exact sync.
- 	 * Look for a value which makes tv_usec close to 999999 or 0.
--	 * for 2.20GHz Intel Core 2: TWEAK_USEC ~= 200
-+	 * For 2.20GHz Intel Core 2: optimal TWEAK_USEC ~= 200
- 	 */
--	//bb_error_msg("tv.tv_usec:%d adj:%d", (int)tv.tv_usec, adj);
-+	//bb_error_msg("tv.tv_usec:%d", (int)tv.tv_usec);
-+#endif
-+
-+	tm_time.tm_isdst = 0;
-+	xioctl(rtc, RTC_SET_TIME, &tm_time);
- 
- 	if (ENABLE_FEATURE_CLEAN_UP)
- 		close(rtc);
diff --git a/package/busybox/busybox-1.16.1-sed.patch b/package/busybox/busybox-1.16.1-sed.patch
deleted file mode 100644
index 0376cc92f..000000000
--- a/package/busybox/busybox-1.16.1-sed.patch
+++ /dev/null
@@ -1,89 +0,0 @@
-diff -urpN busybox-1.16.1/editors/sed.c busybox-1.16.1-sed/editors/sed.c
---- busybox-1.16.1/editors/sed.c	2010-03-28 19:43:35.000000000 +0200
-+++ busybox-1.16.1-sed/editors/sed.c	2010-05-12 01:46:57.000000000 +0200
-@@ -487,7 +487,7 @@ static const char *parse_cmd_args(sed_cm
- static void add_cmd(const char *cmdstr)
- {
- 	sed_cmd_t *sed_cmd;
--	int temp;
-+	unsigned len, n;
- 
- 	/* Append this line to any unfinished line from last time. */
- 	if (G.add_cmd_line) {
-@@ -496,12 +496,14 @@ static void add_cmd(const char *cmdstr)
- 		cmdstr = G.add_cmd_line = tp;
- 	}
- 
--	/* If this line ends with backslash, request next line. */
--	temp = strlen(cmdstr);
--	if (temp && cmdstr[--temp] == '\\') {
-+	/* If this line ends with unescaped backslash, request next line. */
-+	n = len = strlen(cmdstr);
-+	while (n && cmdstr[n-1] == '\\')
-+		n--;
-+	if ((len - n) & 1) { /* if odd number of trailing backslashes */
- 		if (!G.add_cmd_line)
- 			G.add_cmd_line = xstrdup(cmdstr);
--		G.add_cmd_line[temp] = '\0';
-+		G.add_cmd_line[len-1] = '\0';
- 		return;
- 	}
- 
-@@ -936,7 +938,15 @@ static void process_files(void)
- 		/* Skip blocks of commands we didn't match */
- 		if (sed_cmd->cmd == '{') {
- 			if (sed_cmd->invert ? matched : !matched) {
--				while (sed_cmd->cmd != '}') {
-+				unsigned nest_cnt = 0;
-+				while (1) {
-+					if (sed_cmd->cmd == '{')
-+						nest_cnt++;
-+					if (sed_cmd->cmd == '}') {
-+						nest_cnt--;
-+						if (nest_cnt == 0)
-+							break;
-+					}
- 					sed_cmd = sed_cmd->next;
- 					if (!sed_cmd)
- 						bb_error_msg_and_die("unterminated {");
-@@ -1031,7 +1041,7 @@ static void process_files(void)
- 		case 'c':
- 			/* Only triggers on last line of a matching range. */
- 			if (!sed_cmd->in_match)
--				sed_puts(sed_cmd->string, NO_EOL_CHAR);
-+				sed_puts(sed_cmd->string, '\n');
- 			goto discard_line;
- 
- 		/* Read file, append contents to output */
-diff -urpN busybox-1.16.1/testsuite/sed.tests busybox-1.16.1-sed/testsuite/sed.tests
---- busybox-1.16.1/testsuite/sed.tests	2010-03-20 03:58:07.000000000 +0100
-+++ busybox-1.16.1-sed/testsuite/sed.tests	2010-05-12 01:46:57.000000000 +0200
-@@ -248,4 +248,28 @@ testing "sed beginning (^) matches only 
- 	">/usr</>lib<\n" "" \
- 	"/usr/lib\n"
- 
-+testing "sed c" \
-+	"sed 'crepl'" \
-+	"repl\nrepl\n" "" \
-+	"first\nsecond\n"
-+
-+testing "sed nested {}s" \
-+	"sed '/asd/ { p; /s/ { s/s/c/ }; p; q }'" \
-+	"qwe\nasd\nacd\nacd\n" "" \
-+	"qwe\nasd\nzxc\n"
-+
-+testing "sed a cmd ended by double backslash" \
-+	"sed -e '/| one /a \\
-+	| three \\\\' -e '/| one-/a \\
-+	| three-* \\\\'" \
-+'	| one \\
-+	| three \\
-+	| two \\
-+' '' \
-+'	| one \\
-+	| two \\
-+'
-+
-+# testing "description" "arguments" "result" "infile" "stdin"
-+
- exit $FAILCOUNT
diff --git a/package/busybox/busybox-1.16.2-devmem.patch b/package/busybox/busybox-1.16.2-devmem.patch
new file mode 100644
index 000000000..f7d1d1df7
--- /dev/null
+++ b/package/busybox/busybox-1.16.2-devmem.patch
@@ -0,0 +1,76 @@
+From 351ef7188a1a2e2f154bbda6f703c2d3f4af6d79 Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Wed, 14 Apr 2010 13:37:25 -0700
+Subject: [PATCH] devmem: map two pages only if it is necessary
+
+function                                             old     new   delta
+devmem_main                                          463     469      +6
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+---
+ miscutils/devmem.c |   21 ++++++++++++++-------
+ 1 files changed, 14 insertions(+), 7 deletions(-)
+
+diff --git a/miscutils/devmem.c b/miscutils/devmem.c
+index e13dedc..39b5808 100644
+--- a/miscutils/devmem.c
++++ b/miscutils/devmem.c
+@@ -13,9 +13,9 @@ int devmem_main(int argc UNUSED_PARAM, char **argv)
+ 	uint64_t read_result;
+ 	uint64_t writeval = writeval; /* for compiler */
+ 	off_t target;
+-	unsigned page_size = getpagesize();
++	unsigned page_size, mapped_size, offset_in_page;
+ 	int fd;
+-	int width = 8 * sizeof(int);
++	unsigned width = 8 * sizeof(int);
+ 
+ 	/* devmem ADDRESS [WIDTH [VALUE]] */
+ // TODO: options?
+@@ -50,15 +50,22 @@ int devmem_main(int argc UNUSED_PARAM, char **argv)
+ 		if (argv[3])
+ 			writeval = bb_strtoull(argv[3], NULL, 0);
+ 	} else { /* argv[2] == NULL */
+-		/* make argv[3] to be a valid thing to use */
++		/* make argv[3] to be a valid thing to fetch */
+ 		argv--;
+ 	}
+ 	if (errno)
+-		bb_show_usage(); /* bb_strtouXX failed */
++		bb_show_usage(); /* one of bb_strtouXX failed */
+ 
+ 	fd = xopen("/dev/mem", argv[3] ? (O_RDWR | O_SYNC) : (O_RDONLY | O_SYNC));
++	mapped_size = page_size = getpagesize();
++	offset_in_page = (unsigned)target & (page_size - 1);
++	if (offset_in_page + width > page_size) {
++		/* This access spans pages.
++		 * Must map two pages to make it possible: */
++		mapped_size *= 2;
++	}
+ 	map_base = mmap(NULL,
+-			page_size * 2 /* in case value spans page */,
++			mapped_size,
+ 			argv[3] ? (PROT_READ | PROT_WRITE) : PROT_READ,
+ 			MAP_SHARED,
+ 			fd,
+@@ -68,7 +75,7 @@ int devmem_main(int argc UNUSED_PARAM, char **argv)
+ 
+ //	printf("Memory mapped at address %p.\n", map_base);
+ 
+-	virt_addr = (char*)map_base + (target & (page_size - 1));
++	virt_addr = (char*)map_base + offset_in_page;
+ 
+ 	if (!argv[3]) {
+ 		switch (width) {
+@@ -119,7 +126,7 @@ int devmem_main(int argc UNUSED_PARAM, char **argv)
+ 	}
+ 
+ 	if (ENABLE_FEATURE_CLEAN_UP) {
+-		if (munmap(map_base, page_size * 2) == -1)
++		if (munmap(map_base, mapped_size) == -1)
+ 			bb_perror_msg_and_die("munmap");
+ 		close(fd);
+ 	}
+-- 
+1.7.1
+
diff --git a/package/ipsec-tools/Config.in b/package/ipsec-tools/Config.in
index d29cb8604..8a5f3d1e4 100644
--- a/package/ipsec-tools/Config.in
+++ b/package/ipsec-tools/Config.in
@@ -6,16 +6,16 @@ config BR2_PACKAGE_IPSEC_TOOLS
 	help
 	  This package is required to support IPSec for Linux 2.6+
 
+if BR2_PACKAGE_IPSEC_TOOLS
+
 config BR2_PACKAGE_IPSEC_TOOLS_ADMINPORT
 	default y
-	depends on BR2_PACKAGE_IPSEC_TOOLS
 	bool "Enable racoonctl(8)."
 	help
 	  Lets racoon to listen to racoon admin port, which is to
 	  be contacted by racoonctl(8).
 
 config BR2_PACKAGE_IPSEC_TOOLS_NATT
-	depends on BR2_PACKAGE_IPSEC_TOOLS
 	bool "Enable NAT-Traversal"
 	help
 	  This needs kernel support, which is available on Linux. On
@@ -27,9 +27,7 @@ config BR2_PACKAGE_IPSEC_TOOLS_NATT
 	  live in a country where software patents are legal, using
 	  NAT-Traversal might infringe a patent.
 
-
 config BR2_PACKAGE_IPSEC_TOOLS_FRAG
-	depends on BR2_PACKAGE_IPSEC_TOOLS
 	bool "Enable IKE fragmentation."
 	help
 	  Enable IKE fragmentation, which is a workaround for
@@ -37,32 +35,12 @@ config BR2_PACKAGE_IPSEC_TOOLS_FRAG
 
 config BR2_PACKAGE_IPSEC_TOOLS_STATS
 	default y
-	depends on BR2_PACKAGE_IPSEC_TOOLS
 	bool "Enable statistics logging function."
 
-config BR2_PACKAGE_IPSEC_TOOLS_IPV6
-	default y
-	depends on BR2_PACKAGE_IPSEC_TOOLS && BR2_INET_IPV6
-	bool "Enable IPv6 support"
-	help
-	  This option has no effect if uClibc has been compiled without
-	  IPv6 support.
-
 config BR2_PACKAGE_IPSEC_TOOLS_READLINE
-	depends on BR2_PACKAGE_IPSEC_TOOLS
 	select BR2_PACKAGE_READLINE
 	bool "Enable readline input support if available."
 
-config BR2_PACKAGE_IPSEC_TOOLS_LIBS
-	bool "Install IPSec libraries under staging_dir/lib"
-	default y
-	depends on BR2_PACKAGE_IPSEC_TOOLS
-	help
-	  Install libipsec.a and libracoon.a under staging_dir/lib for further
-	  development on a host machine.
-
-if BR2_PACKAGE_IPSEC_TOOLS
-
 choice
 	prompt "Security context"
 	default BR2_PACKAGE_IPSEC_SECCTX_DISABLE
diff --git a/package/ipsec-tools/ipsec-tools.mk b/package/ipsec-tools/ipsec-tools.mk
index 911da7cc2..eddc7cec5 100644
--- a/package/ipsec-tools/ipsec-tools.mk
+++ b/package/ipsec-tools/ipsec-tools.mk
@@ -4,158 +4,65 @@
 #
 #############################################################
 
-IPSEC_TOOLS_VERSION:=0.7.2
-IPSEC_TOOLS_SOURCE:=ipsec-tools-$(IPSEC_TOOLS_VERSION).tar.bz2
-IPSEC_TOOLS_CAT:=$(BZCAT)
-IPSEC_TOOLS_DIR:=$(BUILD_DIR)/ipsec-tools-$(IPSEC_TOOLS_VERSION)
+IPSEC_TOOLS_VERSION = 0.7.3
+IPSEC_TOOLS_SOURCE = ipsec-tools-$(IPSEC_TOOLS_VERSION).tar.bz2
+IPSEC_TOOLS_SITE = http://ftp.sunet.se/pub/NetBSD/misc/ipsec-tools/0.7/
+IPSEC_TOOLS_INSTALL_STAGING = YES
+IPSEC_TOOLS_DEPENDENCIES = openssl flex host-flex
 
-IPSEC_TOOLS_BINARY_SETKEY:=src/setkey/setkey
-IPSEC_TOOLS_BINARY_RACOON:=src/racoon/racoon
-IPSEC_TOOLS_BINARY_RACOONCTL:=src/racoon/racoonctl
+# configure hardcodes -Werror, so override CFLAGS on make invocation
+IPSEC_TOOLS_MAKE_OPT = CFLAGS='$(TARGET_CFLAGS)'
 
-IPSEC_TOOLS_TARGET_BINARY_SETKEY:=usr/sbin/setkey
-IPSEC_TOOLS_TARGET_BINARY_RACOON:=usr/sbin/racoon
-IPSEC_TOOLS_TARGET_BINARY_RACOONCTL:=usr/sbin/racoonctl
-IPSEC_TOOLS_SITE=http://ftp.sunet.se/pub/NetBSD/misc/ipsec-tools/0.7/
+IPSEC_TOOLS_CONF_OPT = \
+	  --disable-hybrid \
+	  --without-libpam \
+	  --disable-gssapi \
+	  --with-kernel-headers=$(STAGING_DIR)/usr/include
 
 ifeq ($(BR2_PACKAGE_IPSEC_TOOLS_ADMINPORT), y)
-IPSEC_TOOLS_CONFIG_FLAGS+= --enable-adminport
+IPSEC_TOOLS_CONF_OPT+= --enable-adminport
 else
-IPSEC_TOOLS_CONFIG_FLAGS+= --disable-adminport
+IPSEC_TOOLS_CONF_OPT+= --disable-adminport
 endif
 
 ifeq ($(BR2_PACKAGE_IPSEC_TOOLS_NATT), y)
-IPSEC_TOOLS_CONFIG_FLAGS+= --enable-natt
+IPSEC_TOOLS_CONF_OPT+= --enable-natt
 else
-IPSEC_TOOLS_CONFIG_FLAGS+= --disable-natt
+IPSEC_TOOLS_CONF_OPT+= --disable-natt
 endif
 
 ifeq ($(BR2_PACKAGE_IPSEC_TOOLS_FRAG), y)
-IPSEC_TOOLS_CONFIG_FLAGS+= --enable-frag
+IPSEC_TOOLS_CONF_OPT+= --enable-frag
 else
-IPSEC_TOOLS_CONFIG_FLAGS+= --disable-frag
+IPSEC_TOOLS_CONF_OPT+= --disable-frag
 endif
 
 ifeq ($(BR2_PACKAGE_IPSEC_TOOLS_STATS), y)
-IPSEC_TOOLS_CONFIG_FLAGS+= --enable-stats
+IPSEC_TOOLS_CONF_OPT+= --enable-stats
 else
-IPSEC_TOOLS_CONFIG_FLAGS+= --disable-stats
+IPSEC_TOOLS_CONF_OPT+= --disable-stats
 endif
 
 ifeq ($(BR2_INET_IPV6),y)
-
-ifeq ($(BR2_PACKAGE_IPSEC_TOOLS_IPV6), y)
-IPSEC_TOOLS_CONFIG_FLAGS+= --enable-ipv6
+IPSEC_TOOLS_CONF_OPT+= --enable-ipv6
 else
-IPSEC_TOOLS_CONFIG_FLAGS+= $(DISABLE_IPV6)
-endif
-
-else # ignore user's choice if it doesn't
-IPSEC_TOOLS_CONFIG_FLAGS+= $(DISABLE_IPV6)
+IPSEC_TOOLS_CONF_OPT+= --disable-ipv6
 endif
 
 ifneq ($(BR2_PACKAGE_IPSEC_TOOLS_READLINE), y)
-IPSEC_TOOLS_CONFIG_FLAGS+= --without-readline
+IPSEC_TOOLS_CONF_OPT+= --without-readline
+else
+IPSEC_DEPENDENCIES += readline
 endif
 
 ifeq ($(BR2_PACKAGE_IPSEC_SECCTX_DISABLE),y)
-IPSEC_TOOLS_CONFIG_FLAGS+= --enable-security-context=no
+IPSEC_TOOLS_CONF_OPT+= --enable-security-context=no
 endif
 ifeq ($(BR2_PACKAGE_IPSEC_SECCTX_ENABLE),y)
-IPSEC_TOOLS_CONFIG_FLAGS+= --enable-security-context=yes
+IPSEC_TOOLS_CONF_OPT+= --enable-security-context=yes
 endif
 ifeq ($(BR2_PACKAGE_IPSEC_SECCTX_KERNEL),y)
-IPSEC_TOOLS_CONFIG_FLAGS+= --enable-security-context=kernel
-endif
-
-$(DL_DIR)/$(IPSEC_TOOLS_SOURCE):
-	$(call DOWNLOAD,$(IPSEC_TOOLS_SITE),$(IPSEC_TOOLS_SOURCE))
-
-$(IPSEC_TOOLS_DIR)/.patched: $(DL_DIR)/$(IPSEC_TOOLS_SOURCE)
-	$(IPSEC_TOOLS_CAT) $(DL_DIR)/$(IPSEC_TOOLS_SOURCE) | tar -C $(BUILD_DIR) $(TAR_OPTIONS) -
-	toolchain/patch-kernel.sh $(IPSEC_TOOLS_DIR) package/ipsec-tools ipsec-tools-$(IPSEC_TOOLS_VERSION)\*.patch
-	$(CONFIG_UPDATE) $(IPSEC_TOOLS_DIR)
-	touch $@
-
-$(IPSEC_TOOLS_DIR)/.configured: $(IPSEC_TOOLS_DIR)/.patched
-	( cd $(IPSEC_TOOLS_DIR); rm -rf config.cache; \
-		$(TARGET_CONFIGURE_OPTS) \
-		$(TARGET_CONFIGURE_ARGS) \
-	  ./configure $(QUIET) \
-	  --target=$(GNU_TARGET_NAME) \
-	  --host=$(GNU_TARGET_NAME) \
-	  --build=$(GNU_HOST_NAME) \
-	  --prefix=/usr \
-	  --sysconfdir=/etc \
-	  --disable-hybrid \
-	  --without-libpam \
-	  --disable-gssapi \
-	  --with-kernel-headers=$(STAGING_DIR)/usr/include \
-	  $(IPSEC_TOOLS_CONFIG_FLAGS) \
-	)
-	# simpler than patching that cruft..
-	(echo '#undef bzero'; \
-	 echo '#define bzero(a, b) memset((a), 0, (b))'; \
-	 echo '#undef bcopy'; \
-	 echo '#define bcopy(src, dest, len) memmove(dest, src, len)'; \
-	 echo '#undef index'; \
-	 echo '#define index(a, b) strchr(a, b)'; \
-	) >> $(IPSEC_TOOLS_DIR)/config.h
-	touch $@
-
-$(IPSEC_TOOLS_DIR)/$(IPSEC_TOOLS_BINARY_SETKEY) \
-$(IPSEC_TOOLS_DIR)/$(IPSEC_TOOLS_BINARY_RACOON) \
-$(IPSEC_TOOLS_DIR)/$(IPSEC_TOOLS_BINARY_RACOONCTL): \
-    $(IPSEC_TOOLS_DIR)/.configured
-	$(MAKE) $(TARGET_CONFIGURE_OPTS) -C $(IPSEC_TOOLS_DIR)
-
-$(TARGET_DIR)/$(IPSEC_TOOLS_TARGET_BINARY_SETKEY) \
-$(TARGET_DIR)/$(IPSEC_TOOLS_TARGET_BINARY_RACOON) \
-$(TARGET_DIR)/$(IPSEC_TOOLS_TARGET_BINARY_RACOONCTL): \
-  $(IPSEC_TOOLS_DIR)/$(IPSEC_TOOLS_BINARY_SETKEY) \
-  $(IPSEC_TOOLS_DIR)/$(IPSEC_TOOLS_BINARY_RACOON) \
-  $(IPSEC_TOOLS_DIR)/$(IPSEC_TOOLS_BINARY_RACOONCTL)
-	$(MAKE) -C $(IPSEC_TOOLS_DIR) DESTDIR=$(TARGET_DIR) install
-	$(STRIPCMD) $(STRIP_STRIP_UNNEEDED) $(REMOVE_SECTION_COMMENT) \
-	  $(REMOVE_SECTION_NOTE) \
-	  $(TARGET_DIR)/$(IPSEC_TOOLS_TARGET_BINARY_SETKEY) \
-	  $(TARGET_DIR)/$(IPSEC_TOOLS_TARGET_BINARY_RACOON) \
-	  $(TARGET_DIR)/$(IPSEC_TOOLS_TARGET_BINARY_RACOONCTL)
-ifeq ($(BR2_PACKAGE_IPSEC_TOOLS_LIBS), y)
-	install -D $(addprefix $(IPSEC_TOOLS_DIR)/src/, \
-		libipsec/.libs/libipsec.a libipsec/.libs/libipsec.la \
-		racoon/.libs/libracoon.a racoon/.libs/libracoon.la) \
-		$(STAGING_DIR)/lib
-endif
-ifneq ($(BR2_PACKAGE_IPSEC_TOOLS_ADMINPORT), y)
-	rm -f $(TARGET_DIR)/$(IPSEC_TOOLS_TARGET_BINARY_RACOONCTL)
-endif
-
-IPSEC_TOOLS_PROGS= $(TARGET_DIR)/$(IPSEC_TOOLS_TARGET_BINARY_SETKEY) \
-    $(TARGET_DIR)/$(IPSEC_TOOLS_TARGET_BINARY_RACOON)
-
-ifeq ($(BR2_PACKAGE_IPSEC_TOOLS_ADMINPORT), y)
-IPSEC_TOOLS_PROGS+= $(TARGET_DIR)/$(IPSEC_TOOLS_TARGET_BINARY_RACOONCTL)
+IPSEC_TOOLS_CONF_OPT+= --enable-security-context=kernel
 endif
 
-ipsec-tools: openssl flex host-flex $(IPSEC_TOOLS_PROGS)
-
-ipsec-tools-source: $(DL_DIR)/$(IPSEC_TOOLS_SOURCE)
-
-ipsec-tools-uninstall:
-
-ipsec-tools-clean:
-	-$(MAKE) -C $(IPSEC_TOOLS_DIR) DESTDIR=$(TARGET_DIR) uninstall
-	-$(MAKE) -C $(IPSEC_TOOLS_DIR) clean
-ifeq ($(BR2_PACKAGE_IPSEC_TOOLS_LIBS),y)
-	rm -f $(addprefix $(STAGING_DIR)/lib/, \
-		libipsec.a libipsec.la libracoon.a libracoon.la)
-endif
-	rm -f $(IPSEC_TOOLS_DIR)/.configured
-
-ipsec-tools-dirclean:
-	rm -rf $(IPSEC_TOOLS_DIR)
-
-ifeq ($(BR2_PACKAGE_IPSEC_TOOLS), y)
-TARGETS+=ipsec-tools
-endif
+$(eval $(call AUTOTARGETS,package,ipsec-tools))
diff --git a/package/vpnc/vpnc-0.4.0.patch b/package/vpnc/vpnc-0.4.0.patch
deleted file mode 100644
index 9520c3fa1..000000000
--- a/package/vpnc/vpnc-0.4.0.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -urN vpnc-0.4.0-0rig/Makefile vpnc-0.4.0/Makefile
---- vpnc-0.4.0-0rig/Makefile	2007-02-19 21:51:12.000000000 +0100
-+++ vpnc-0.4.0/Makefile	2007-07-17 19:59:53.000000000 +0200
-@@ -35,7 +35,7 @@
- RELEASE_VERSION := $(shell cat VERSION)
- 
- CC=gcc
--CFLAGS += -W -Wall -O3 -Wmissing-declarations -Wwrite-strings -g
-+CFLAGS += -W -Wall -O3 -Wmissing-declarations -Wwrite-strings -g -I$(INCLUDE)
- CPPFLAGS = -DVERSION=\"$(VERSION)\"
- LDFLAGS = -g $(shell libgcrypt-config --libs)
- CFLAGS +=  $(shell libgcrypt-config --cflags)
diff --git a/package/vpnc/vpnc-0.5.1-susv3-legacy.patch b/package/vpnc/vpnc-0.5.1-susv3-legacy.patch
deleted file mode 100644
index 2e577e388..000000000
--- a/package/vpnc/vpnc-0.5.1-susv3-legacy.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -rdup vpnc-0.5.1.oorig/config.c vpnc-0.5.1/config.c
---- vpnc-0.5.1.oorig/config.c	2007-09-10 22:39:48.000000000 +0200
-+++ vpnc-0.5.1/config.c	2007-09-19 14:19:46.000000000 +0200
-@@ -538,7 +538,7 @@ static char *get_config_filename(const c
- {
- 	char *realname;
- 	
--	asprintf(&realname, "%s%s%s", index(name, '/') ? "" : "/etc/vpnc/", name, add_dot_conf ? ".conf" : "");
-+	asprintf(&realname, "%s%s%s", strchr(name, '/') ? "" : "/etc/vpnc/", name, add_dot_conf ? ".conf" : "");
- 	return realname;
- }
-