summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--meta-phosphor/common/recipes-core/busybox/busybox/0001-umount-ignore--c.patch49
-rw-r--r--meta-phosphor/common/recipes-core/busybox/busybox_%.bbappend1
-rw-r--r--meta-raspberrypi/recipes-kernel/linux-firmware/linux-firmware_%.bbappend24
-rw-r--r--meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_4.9.bb2
-rw-r--r--poky/bitbake/lib/bb/fetch2/clearcase.py3
-rw-r--r--poky/bitbake/lib/bb/fetch2/npm.py1
-rw-r--r--poky/documentation/bsp-guide/bsp-guide.xml5
-rw-r--r--poky/documentation/dev-manual/dev-manual.xml5
-rw-r--r--poky/documentation/kernel-dev/kernel-dev.xml5
-rw-r--r--poky/documentation/mega-manual/figures/sdk-installed-extensible-sdk-directory.pngbin42892 -> 66753 bytes
-rw-r--r--poky/documentation/mega-manual/figures/sdk-installed-standard-sdk-directory.pngbin56096 -> 39099 bytes
-rw-r--r--poky/documentation/mega-manual/mega-manual.xml5
-rw-r--r--poky/documentation/overview-manual/overview-manual.xml5
-rw-r--r--poky/documentation/poky.ent14
-rw-r--r--poky/documentation/profile-manual/profile-manual.xml5
-rw-r--r--poky/documentation/ref-manual/ref-manual.xml5
-rw-r--r--poky/documentation/ref-manual/ref-variables.xml134
-rw-r--r--poky/documentation/sdk-manual/figures/sdk-installed-extensible-sdk-directory.pngbin42892 -> 66753 bytes
-rw-r--r--poky/documentation/sdk-manual/figures/sdk-installed-standard-sdk-directory.pngbin56096 -> 39099 bytes
-rw-r--r--poky/documentation/sdk-manual/sdk-appendix-customizing.xml198
-rw-r--r--poky/documentation/sdk-manual/sdk-appendix-neon.xml297
-rw-r--r--poky/documentation/sdk-manual/sdk-appendix-obtain.xml134
-rw-r--r--poky/documentation/sdk-manual/sdk-eclipse-project.xml169
-rw-r--r--poky/documentation/sdk-manual/sdk-extensible.xml28
-rw-r--r--poky/documentation/sdk-manual/sdk-manual.xml5
-rw-r--r--poky/documentation/toaster-manual/toaster-manual.xml5
-rw-r--r--poky/documentation/tools/mega-manual.sed48
-rw-r--r--poky/meta-poky/conf/distro/poky.conf2
-rw-r--r--poky/meta-selftest/lib/oeqa/runtime/cases/dnf_runtime.py3
-rw-r--r--poky/meta-yocto-bsp/lib/oeqa/selftest/cases/systemd_boot.py2
-rw-r--r--poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_4.12.bbappend20
-rw-r--r--poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_4.14.bbappend20
-rw-r--r--poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_4.15.bbappend20
-rw-r--r--poky/meta/classes/gio-module-cache.bbclass1
-rw-r--r--poky/meta/classes/insane.bbclass4
-rw-r--r--poky/meta/classes/mirrors.bbclass1
-rw-r--r--poky/meta/classes/rootfs-postcommands.bbclass5
-rw-r--r--poky/meta/classes/sanity.bbclass67
-rw-r--r--poky/meta/classes/staging.bbclass25
-rw-r--r--poky/meta/classes/testimage.bbclass21
-rw-r--r--poky/meta/classes/utils.bbclass2
-rw-r--r--poky/meta/conf/bitbake.conf7
-rw-r--r--poky/meta/conf/distro/include/yocto-uninative.inc7
-rw-r--r--poky/meta/conf/licenses.conf2
-rw-r--r--poky/meta/conf/machine/qemux86-64.conf2
-rw-r--r--poky/meta/conf/machine/qemux86.conf2
-rw-r--r--poky/meta/files/common-licenses/EPL-2.0277
-rw-r--r--poky/meta/lib/bblayers/create.py3
-rw-r--r--poky/meta/lib/oeqa/core/decorator/__init__.py10
-rw-r--r--poky/meta/lib/oeqa/core/decorator/data.py4
-rw-r--r--poky/meta/lib/oeqa/core/loader.py17
-rw-r--r--poky/meta/lib/oeqa/core/target/ssh.py2
-rw-r--r--poky/meta/lib/oeqa/runtime/cases/multilib.py4
-rw-r--r--poky/meta/lib/oeqa/runtime/cases/rpm.py1
-rw-r--r--poky/meta/recipes-bsp/pcmciautils/pcmciautils.inc2
-rw-r--r--poky/meta/recipes-bsp/u-boot/files/0001-efi_loader-avoid-make-race-condition.patch51
-rw-r--r--poky/meta/recipes-bsp/u-boot/u-boot-common_2018.01.inc1
-rw-r--r--poky/meta/recipes-bsp/u-boot/u-boot.inc3
-rw-r--r--poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple.patch1025
-rw-r--r--poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple1.patch191
-rw-r--r--poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple2.patch267
-rw-r--r--poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple3.patch201
-rw-r--r--poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple4.patch96
-rw-r--r--poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple5.patch81
-rw-r--r--poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple6.patch149
-rw-r--r--poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple7.patch60
-rw-r--r--poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple8.patch99
-rw-r--r--poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb9
-rw-r--r--poky/meta/recipes-core/busybox/busybox/busybox-fix-lzma-segfaults.patch106
-rw-r--r--poky/meta/recipes-core/busybox/busybox/umount-ignore-c.patch40
-rw-r--r--poky/meta/recipes-core/busybox/busybox_1.27.2.bb2
-rw-r--r--poky/meta/recipes-core/coreutils/coreutils_8.29.bb2
-rwxr-xr-xpoky/meta/recipes-core/dropbear/dropbear/init26
-rw-r--r--poky/meta/recipes-core/glibc/glibc-locale.inc13
-rw-r--r--poky/meta/recipes-core/glibc/glibc-package.inc1
-rw-r--r--poky/meta/recipes-core/glibc/glibc/CVE-2017-18269.patch178
-rw-r--r--poky/meta/recipes-core/glibc/glibc/CVE-2018-11236.patch164
-rw-r--r--poky/meta/recipes-core/glibc/glibc_2.27.bb2
-rw-r--r--poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb2
-rw-r--r--poky/meta/recipes-core/initrdscripts/files/init-install.sh2
-rwxr-xr-xpoky/meta/recipes-core/initscripts/initscripts-1.0/mountnfs.sh9
-rw-r--r--poky/meta/recipes-core/libxml/libxml2_2.9.7.bb7
-rw-r--r--poky/meta/recipes-core/ovmf/ovmf/0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch71
-rw-r--r--poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-header.makefile-add-Wno-restrict.patch102
-rw-r--r--poky/meta/recipes-core/ovmf/ovmf/0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch53
-rw-r--r--poky/meta/recipes-core/ovmf/ovmf/0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch66
-rw-r--r--poky/meta/recipes-core/ovmf/ovmf_git.bb6
-rw-r--r--poky/meta/recipes-core/systemd/systemd_237.bb2
-rw-r--r--poky/meta/recipes-devtools/binutils/binutils-2.30.inc12
-rw-r--r--poky/meta/recipes-devtools/binutils/binutils/CVE-2018-10372.patch58
-rw-r--r--poky/meta/recipes-devtools/binutils/binutils/CVE-2018-10373.patch45
-rw-r--r--poky/meta/recipes-devtools/binutils/binutils/CVE-2018-10534.patch3429
-rw-r--r--poky/meta/recipes-devtools/binutils/binutils/CVE-2018-10535.patch61
-rw-r--r--poky/meta/recipes-devtools/binutils/binutils/CVE-2018-6759.patch108
-rw-r--r--poky/meta/recipes-devtools/binutils/binutils/CVE-2018-6872.patch50
-rw-r--r--poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7208.patch47
-rw-r--r--poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7568.patch85
-rw-r--r--poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7569.patch119
-rw-r--r--poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7642.patch51
-rw-r--r--poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7643.patch102
-rw-r--r--poky/meta/recipes-devtools/binutils/binutils/CVE-2018-8945.patch70
-rw-r--r--poky/meta/recipes-devtools/chrpath/chrpath_0.16.bb4
-rw-r--r--poky/meta/recipes-devtools/gcc/gcc-7.3.inc2
-rw-r--r--poky/meta/recipes-devtools/gcc/gcc-7.3/0001-Fix-ppc64le-build-Partial-backport-r256656.patch5
-rw-r--r--poky/meta/recipes-devtools/gcc/gcc-7.3/0001-PR-c-80290-memory-hog-with-std-pair.patch2
-rw-r--r--poky/meta/recipes-devtools/go/go-1.10.inc6
-rw-r--r--poky/meta/recipes-devtools/go/go-1.9.inc6
-rw-r--r--poky/meta/recipes-devtools/python/python-scons-native_3.0.1.bb2
-rw-r--r--poky/meta/recipes-devtools/python/python3_3.5.5.bb2
-rw-r--r--poky/meta/recipes-devtools/python/python_2.7.14.bb2
-rw-r--r--poky/meta/recipes-devtools/qemu/qemu/0001-CVE-2018-11806-QEMU-slirp-heap-buffer-overflow.patch69
-rw-r--r--poky/meta/recipes-devtools/qemu/qemu/0001-sdl.c-allow-user-to-disable-pointer-grabs.patch (renamed from poky/meta/recipes-devtools/qemu/qemu/disable-grabs.patch)25
-rw-r--r--poky/meta/recipes-devtools/qemu/qemu/0002-qemu-Add-missing-wacom-HID-descriptor.patch (renamed from poky/meta/recipes-devtools/qemu/qemu/wacom.patch)24
-rw-r--r--poky/meta/recipes-devtools/qemu/qemu/0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch (renamed from poky/meta/recipes-devtools/qemu/qemu/add-ptest-in-makefile-v10.patch)12
-rw-r--r--poky/meta/recipes-devtools/qemu/qemu/0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch (renamed from poky/meta/recipes-devtools/qemu/qemu/qemu-enlarge-env-entry-size.patch)17
-rw-r--r--poky/meta/recipes-devtools/qemu/qemu/0005-qemu-disable-Valgrind.patch33
-rw-r--r--poky/meta/recipes-devtools/qemu/qemu/0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch (renamed from poky/meta/recipes-devtools/qemu/qemu/pathlimit.patch)34
-rw-r--r--poky/meta/recipes-devtools/qemu/qemu/0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch (renamed from poky/meta/recipes-devtools/qemu/qemu/qemu-2.5.0-cflags.patch)12
-rw-r--r--poky/meta/recipes-devtools/qemu/qemu/0008-chardev-connect-socket-to-a-spawned-command.patch (renamed from poky/meta/recipes-devtools/qemu/qemu/chardev-connect-socket-to-a-spawned-command.patch)33
-rw-r--r--poky/meta/recipes-devtools/qemu/qemu/0009-apic-fixup-fallthrough-to-PIC.patch (renamed from poky/meta/recipes-devtools/qemu/qemu/apic-fixup-fallthrough-to-PIC.patch)14
-rw-r--r--poky/meta/recipes-devtools/qemu/qemu/0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch (renamed from poky/meta/recipes-devtools/qemu/qemu/linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch)9
-rw-r--r--poky/meta/recipes-devtools/qemu/qemu/0011-memfd-fix-configure-test.patch (renamed from poky/meta/recipes-devtools/qemu/qemu/memfd.patch)15
-rw-r--r--poky/meta/recipes-devtools/qemu/qemu/0012-arm-translate-a64-treat-DISAS_UPDATE-as-variant-of-D.patch (renamed from poky/meta/recipes-devtools/qemu/qemu/0001-arm-translate-a64-treat-DISAS_UPDATE-as-variant-of-D.patch)9
-rw-r--r--poky/meta/recipes-devtools/qemu/qemu/0013-ps2-check-PS2Queue-pointers-in-post_load-routine.patch (renamed from poky/meta/recipes-devtools/qemu/qemu/check-PS2Queue-pointers-in-post_load-routine.patch)5
-rw-r--r--poky/meta/recipes-devtools/qemu/qemu/0014-fix-libcap-header-issue-on-some-distro.patch (renamed from poky/meta/recipes-devtools/qemu/qemu/fix-libcap-header-issue-on-some-distro.patch)15
-rw-r--r--poky/meta/recipes-devtools/qemu/qemu/0015-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch (renamed from poky/meta/recipes-devtools/qemu/qemu/cpus.c-qemu_cpu_kick_thread_debugging.patch)11
-rw-r--r--poky/meta/recipes-devtools/qemu/qemu/no-valgrind.patch19
-rw-r--r--poky/meta/recipes-devtools/qemu/qemu_2.11.1.bb32
-rw-r--r--poky/meta/recipes-devtools/rpm/files/0001-When-cross-installing-execute-package-scriptlets-wit.patch35
-rw-r--r--poky/meta/recipes-devtools/rpm/rpm_4.14.1.bb42
-rw-r--r--poky/meta/recipes-extended/at/at_3.1.20.bb6
-rw-r--r--poky/meta/recipes-extended/bash/bash.inc2
-rw-r--r--poky/meta/recipes-extended/cpio/cpio-2.12/0001-CVE-2016-2037-1-byte-out-of-bounds-write.patch346
-rw-r--r--poky/meta/recipes-extended/cpio/cpio_2.12.bb39
-rw-r--r--poky/meta/recipes-extended/cpio/cpio_v2.inc43
-rw-r--r--poky/meta/recipes-extended/gawk/gawk_4.2.1.bb (renamed from poky/meta/recipes-extended/gawk/gawk_4.2.0.bb)6
-rw-r--r--poky/meta/recipes-extended/ltp/ltp_20180118.bb2
-rw-r--r--poky/meta/recipes-extended/minicom/minicom_2.7.1.bb2
-rw-r--r--poky/meta/recipes-extended/shadow/files/CVE-2017-2616.patch64
-rw-r--r--poky/meta/recipes-extended/shadow/files/pam.d/chpasswd2
-rw-r--r--poky/meta/recipes-extended/shadow/files/pam.d/newusers2
-rw-r--r--poky/meta/recipes-extended/shadow/shadow.inc8
-rw-r--r--poky/meta/recipes-extended/sysklogd/sysklogd.inc2
-rw-r--r--poky/meta/recipes-extended/xinetd/xinetd/xinetd.service5
-rw-r--r--poky/meta/recipes-kernel/cryptodev/cryptodev-module_1.9.bb1
-rw-r--r--poky/meta/recipes-kernel/cryptodev/files/0001-ioctl.c-Fix-build-with-linux-4.17.patch43
-rw-r--r--poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb2
-rw-r--r--poky/meta/recipes-kernel/kexec/kexec-tools/kdump.service1
-rw-r--r--poky/meta/recipes-kernel/linux-firmware/linux-firmware_git.bb206
-rw-r--r--poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers.inc4
-rw-r--r--poky/meta/recipes-kernel/linux/linux-yocto-rt_4.12.bb6
-rw-r--r--poky/meta/recipes-kernel/linux/linux-yocto-rt_4.14.bb6
-rw-r--r--poky/meta/recipes-kernel/linux/linux-yocto-rt_4.15.bb6
-rw-r--r--poky/meta/recipes-kernel/linux/linux-yocto-tiny_4.12.bb6
-rw-r--r--poky/meta/recipes-kernel/linux/linux-yocto-tiny_4.14.bb6
-rw-r--r--poky/meta/recipes-kernel/linux/linux-yocto-tiny_4.15.bb6
-rw-r--r--poky/meta/recipes-kernel/linux/linux-yocto_4.12.bb20
-rw-r--r--poky/meta/recipes-kernel/linux/linux-yocto_4.14.bb20
-rw-r--r--poky/meta/recipes-kernel/linux/linux-yocto_4.15.bb20
-rw-r--r--poky/meta/recipes-kernel/lttng/lttng-modules_2.10.6.bb (renamed from poky/meta/recipes-kernel/lttng/lttng-modules_2.10.5.bb)4
-rw-r--r--poky/meta/recipes-kernel/perf/perf.bb7
-rw-r--r--poky/meta/recipes-multimedia/lame/lame_3.100.bb6
-rw-r--r--poky/meta/recipes-multimedia/libtiff/files/CVE-2018-10963.patch39
-rw-r--r--poky/meta/recipes-multimedia/libtiff/files/CVE-2018-7456.patch178
-rw-r--r--poky/meta/recipes-multimedia/libtiff/files/CVE-2018-8905.patch61
-rw-r--r--poky/meta/recipes-multimedia/libtiff/tiff_4.0.9.bb3
-rw-r--r--poky/meta/recipes-multimedia/mpg123/mpg123_1.25.10.bb1
-rw-r--r--poky/meta/recipes-support/attr/ea-acl.inc3
-rw-r--r--poky/meta/recipes-support/bmap-tools/bmap-tools_3.4.bb2
-rw-r--r--poky/meta/recipes-support/curl/curl_7.61.0.bb (renamed from poky/meta/recipes-support/curl/curl_7.60.0.bb)4
-rw-r--r--poky/meta/recipes-support/gnutls/gnutls.inc2
-rw-r--r--poky/meta/recipes-support/iso-codes/iso-codes_3.77.bb7
-rw-r--r--poky/meta/recipes-support/nettle/nettle_3.4.bb6
-rw-r--r--poky/meta/recipes-support/popt/popt_1.16.bb2
-rw-r--r--poky/meta/recipes-support/shared-mime-info/shared-mime-info.inc2
-rw-r--r--poky/meta/recipes-support/sqlite/sqlite3.inc2
-rw-r--r--poky/meta/site/powerpc64-linux2
-rw-r--r--poky/scripts/lib/devtool/sdk.py3
-rw-r--r--poky/scripts/lib/wic/canned-wks/qemux86-directdisk.wks2
-rw-r--r--poky/scripts/lib/wic/engine.py17
-rw-r--r--poky/scripts/lib/wic/plugins/source/bootimg-efi.py20
-rw-r--r--poky/scripts/multilib_header_wrapper.h4
-rwxr-xr-xpoky/scripts/oe-pkgdata-util60
-rwxr-xr-xpoky/scripts/runqemu-extract-sdk4
-rwxr-xr-xpoky/scripts/send-error-report2
185 files changed, 8805 insertions, 2020 deletions
diff --git a/meta-phosphor/common/recipes-core/busybox/busybox/0001-umount-ignore--c.patch b/meta-phosphor/common/recipes-core/busybox/busybox/0001-umount-ignore--c.patch
deleted file mode 100644
index 0c8e83697..000000000
--- a/meta-phosphor/common/recipes-core/busybox/busybox/0001-umount-ignore--c.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 24cd2c1c2893cf456bd93ed3091fca878bfc014f Mon Sep 17 00:00:00 2001
-From: Eddie James <eajames@us.ibm.com>
-Date: Thu, 5 Jul 2018 08:46:18 -0500
-Subject: [PATCH] umount: ignore -c
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-systemd uses -c.
- -c, --no-canonicalize
- Do not canonicalize paths. The paths canonicalization is based
- on stat(2) and readlink(2) system calls. These system calls may
- hang in some cases (for example on NFS if server is not avail‐
- able). The option has to be used with canonical path to the
- mount point.
-
- For more details about this option see the mount(8) man page.
- Note that umount does not pass this option to the
- /sbin/umount.type helpers.
-
-As busybox doesn't canonicalize paths in the first place it is safe to
-ignore this option.
-
-See https://github.com/systemd/systemd/issues/7786
-
-Signed-off-by: Shawn Landden <slandden at gmail.com>
-Signed-off-by: Eddie James <eajames@us.ibm.com>
----
- util-linux/umount.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/util-linux/umount.c b/util-linux/umount.c
-index 0c50dc9..0425c5b 100644
---- a/util-linux/umount.c
-+++ b/util-linux/umount.c
-@@ -68,8 +68,8 @@ static struct mntent *getmntent_r(FILE* stream, struct mntent* result,
- }
- #endif
-
--/* ignored: -v -t -i */
--#define OPTION_STRING "fldnra" "vt:i"
-+/* ignored: -c -v -t -i */
-+#define OPTION_STRING "fldnra" "cvt:i"
- #define OPT_FORCE (1 << 0) // Same as MNT_FORCE
- #define OPT_LAZY (1 << 1) // Same as MNT_DETACH
- #define OPT_FREELOOP (1 << 2)
---
-1.8.3.1
-
diff --git a/meta-phosphor/common/recipes-core/busybox/busybox_%.bbappend b/meta-phosphor/common/recipes-core/busybox/busybox_%.bbappend
index 5acaf3c2e..e6678fc8a 100644
--- a/meta-phosphor/common/recipes-core/busybox/busybox_%.bbappend
+++ b/meta-phosphor/common/recipes-core/busybox/busybox_%.bbappend
@@ -3,4 +3,3 @@ SRC_URI += "file://busybox.cfg"
SRC_URI += "file://flash.cfg"
SRC_URI += "file://mountpoint.cfg"
SRC_URI += "file://0001-Stop-watchdog-first-on-startup.patch"
-SRC_URI += "file://0001-umount-ignore--c.patch"
diff --git a/meta-raspberrypi/recipes-kernel/linux-firmware/linux-firmware_%.bbappend b/meta-raspberrypi/recipes-kernel/linux-firmware/linux-firmware_%.bbappend
index 34d2b6765..c0f9e1704 100644
--- a/meta-raspberrypi/recipes-kernel/linux-firmware/linux-firmware_%.bbappend
+++ b/meta-raspberrypi/recipes-kernel/linux-firmware/linux-firmware_%.bbappend
@@ -3,15 +3,6 @@
# https://github.com/RPi-Distro/firmware-nonfree
# https://github.com/RPi-Distro/bluez-firmware
-LICENSE_append_rpi = "\
- & Firmware-cypress \
-"
-
-LIC_FILES_CHKSUM_append_rpi = "\
- file://LICENCE.cypress;md5=cbc5f665d04f741f1e006d2096236ba7 \
-"
-NO_GENERIC_LICENSE[Firmware-cypress] = "LICENCE.cypress"
-
SRC_URI_append_rpi = " \
git://github.com/RPi-Distro/firmware-nonfree;destsuffix=raspbian-nf;name=raspbian-nf \
git://github.com/RPi-Distro/bluez-firmware;destsuffix=raspbian-bluez;name=raspbian-bluez \
@@ -40,12 +31,18 @@ do_install_append_rpi() {
# NB: Must prepend, else these become empty and their content is left in
# the roll-up package which precedes them.
PACKAGES_prepend_rpi = "\
- ${PN}-bcm43455 \
- ${PN}-cypress-license \
${PN}-bcm43430a1-hcd \
${PN}-bcm4345c0-hcd \
"
+# ${PN}-bcm43455 package and brcmfmac43455-sdio from linux-firmware
+# is already included in the oe-core recipe, so don't add it to PACKAGES
+# again, the version from raspbian-nf seems a bit newer:
+# $ strings ./1_0.0+gitAUTOINC+d114732723+86e88fbf03+e28cd7ee86-r0/git/brcm/brcmfmac43455-sdio.bin | grep Ver
+# Version: 7.45.18.0 CRC: d7226371 Date: Sun 2015-03-01 07:31:57 PST Ucode Ver: 1026.2 FWID: 01-6a2c8ad4
+# $ strings ./1_0.0+gitAUTOINC+d114732723+86e88fbf03+e28cd7ee86-r0/raspbian-nf/brcm/brcmfmac43455-sdio.bin | grep Ver
+# Version: 7.45.154 (r684107 CY) CRC: b1f79383 Date: Tue 2018-02-27 03:18:17 PST Ucode Ver: 1043.2105 FWID 01-4fbe0b04
+
# For additional Broadcom
LICENSE_${PN}-bcm43455 = "Firmware-broadcom_bcm43xx"
@@ -58,11 +55,6 @@ FILES_${PN}-bcm43455 = " \
RDEPENDS_${PN}-bcm43455 += "${PN}-broadcom-license"
-# For additional Cypress
-FILES_${PN}-cypress-license = "\
- ${nonarch_base_libdir}/firmware/LICENCE.cypress \
-"
-
LICENSE_${PN}-bcm43430a1-hcd = "Firmware-cypress"
LICENSE_${PN}-bcm4345c0-hcd = "Firmware-cypress"
diff --git a/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_4.9.bb b/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_4.9.bb
index 21fcfef93..b3f324829 100644
--- a/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_4.9.bb
+++ b/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_4.9.bb
@@ -2,7 +2,7 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}-${PV}:"
LINUX_VERSION ?= "4.9.80"
-SRCREV = "ffd7bf4085b09447e5db96edd74e524f118ca3fe"
+SRCREV = "7f9c648dad6473469b4133898fa6bb8d818ecff9"
SRC_URI = " \
git://github.com/raspberrypi/linux.git;branch=rpi-4.9.y \
file://0001-menuconfig-check-lxdiaglog.sh-Allow-specification-of.patch \
diff --git a/poky/bitbake/lib/bb/fetch2/clearcase.py b/poky/bitbake/lib/bb/fetch2/clearcase.py
index 36beab6a5..3a6573d0b 100644
--- a/poky/bitbake/lib/bb/fetch2/clearcase.py
+++ b/poky/bitbake/lib/bb/fetch2/clearcase.py
@@ -69,7 +69,6 @@ from bb.fetch2 import FetchMethod
from bb.fetch2 import FetchError
from bb.fetch2 import runfetchcmd
from bb.fetch2 import logger
-from distutils import spawn
class ClearCase(FetchMethod):
"""Class to fetch urls via 'clearcase'"""
@@ -107,7 +106,7 @@ class ClearCase(FetchMethod):
else:
ud.module = ""
- ud.basecmd = d.getVar("FETCHCMD_ccrc") or spawn.find_executable("cleartool") or spawn.find_executable("rcleartool")
+ ud.basecmd = d.getVar("FETCHCMD_ccrc") or "/usr/bin/env cleartool || rcleartool"
if d.getVar("SRCREV") == "INVALID":
raise FetchError("Set a valid SRCREV for the clearcase fetcher in your recipe, e.g. SRCREV = \"/main/LATEST\" or any other label of your choice.")
diff --git a/poky/bitbake/lib/bb/fetch2/npm.py b/poky/bitbake/lib/bb/fetch2/npm.py
index 730c346a9..408dfc3d0 100644
--- a/poky/bitbake/lib/bb/fetch2/npm.py
+++ b/poky/bitbake/lib/bb/fetch2/npm.py
@@ -32,7 +32,6 @@ from bb.fetch2 import runfetchcmd
from bb.fetch2 import logger
from bb.fetch2 import UnpackError
from bb.fetch2 import ParameterError
-from distutils import spawn
def subprocess_setup():
# Python installs a SIGPIPE handler by default. This is usually not what
diff --git a/poky/documentation/bsp-guide/bsp-guide.xml b/poky/documentation/bsp-guide/bsp-guide.xml
index 7ca4c5d7d..7dc8326c7 100644
--- a/poky/documentation/bsp-guide/bsp-guide.xml
+++ b/poky/documentation/bsp-guide/bsp-guide.xml
@@ -121,6 +121,11 @@
<date>May 2018</date>
<revremark>Released with the Yocto Project 2.5 Release.</revremark>
</revision>
+ <revision>
+ <revnumber>2.5.1</revnumber>
+ <date>September 2018</date>
+ <revremark>The initial document released with the Yocto Project 2.5.1 Release.</revremark>
+ </revision>
</revhistory>
<copyright>
diff --git a/poky/documentation/dev-manual/dev-manual.xml b/poky/documentation/dev-manual/dev-manual.xml
index 93a615c2a..0db938aea 100644
--- a/poky/documentation/dev-manual/dev-manual.xml
+++ b/poky/documentation/dev-manual/dev-manual.xml
@@ -106,6 +106,11 @@
<date>May 2018</date>
<revremark>Released with the Yocto Project 2.5 Release.</revremark>
</revision>
+ <revision>
+ <revnumber>2.5.1</revnumber>
+ <date>September 2018</date>
+ <revremark>The initial document released with the Yocto Project 2.5.1 Release.</revremark>
+ </revision>
</revhistory>
<copyright>
diff --git a/poky/documentation/kernel-dev/kernel-dev.xml b/poky/documentation/kernel-dev/kernel-dev.xml
index 986c44044..52341fba8 100644
--- a/poky/documentation/kernel-dev/kernel-dev.xml
+++ b/poky/documentation/kernel-dev/kernel-dev.xml
@@ -91,6 +91,11 @@
<date>May 2018</date>
<revremark>Released with the Yocto Project 2.5 Release.</revremark>
</revision>
+ <revision>
+ <revnumber>2.5.1</revnumber>
+ <date>September 2018</date>
+ <revremark>The initial document released with the Yocto Project 2.5.1 Release.</revremark>
+ </revision>
</revhistory>
<copyright>
diff --git a/poky/documentation/mega-manual/figures/sdk-installed-extensible-sdk-directory.png b/poky/documentation/mega-manual/figures/sdk-installed-extensible-sdk-directory.png
index 99e07ce6f..b71c8ad73 100644
--- a/poky/documentation/mega-manual/figures/sdk-installed-extensible-sdk-directory.png
+++ b/poky/documentation/mega-manual/figures/sdk-installed-extensible-sdk-directory.png
Binary files differ
diff --git a/poky/documentation/mega-manual/figures/sdk-installed-standard-sdk-directory.png b/poky/documentation/mega-manual/figures/sdk-installed-standard-sdk-directory.png
index d4af85020..45c0154b1 100644
--- a/poky/documentation/mega-manual/figures/sdk-installed-standard-sdk-directory.png
+++ b/poky/documentation/mega-manual/figures/sdk-installed-standard-sdk-directory.png
Binary files differ
diff --git a/poky/documentation/mega-manual/mega-manual.xml b/poky/documentation/mega-manual/mega-manual.xml
index 2c0943e26..ea35ce2ef 100644
--- a/poky/documentation/mega-manual/mega-manual.xml
+++ b/poky/documentation/mega-manual/mega-manual.xml
@@ -75,6 +75,11 @@
<date>May 2018</date>
<revremark>Released with the Yocto Project 2.5 Release.</revremark>
</revision>
+ <revision>
+ <revnumber>2.5.1</revnumber>
+ <date>September 2018</date>
+ <revremark>The initial document released with the Yocto Project 2.5.1 Release.</revremark>
+ </revision>
</revhistory>
<copyright>
diff --git a/poky/documentation/overview-manual/overview-manual.xml b/poky/documentation/overview-manual/overview-manual.xml
index c283f9a37..4f581afd9 100644
--- a/poky/documentation/overview-manual/overview-manual.xml
+++ b/poky/documentation/overview-manual/overview-manual.xml
@@ -36,6 +36,11 @@
<date>May 2018</date>
<revremark>The initial document released with the Yocto Project 2.5 Release.</revremark>
</revision>
+ <revision>
+ <revnumber>2.5.1</revnumber>
+ <date>September 2018</date>
+ <revremark>The initial document released with the Yocto Project 2.5.1 Release.</revremark>
+ </revision>
</revhistory>
<copyright>
diff --git a/poky/documentation/poky.ent b/poky/documentation/poky.ent
index 49b19008f..4f5646686 100644
--- a/poky/documentation/poky.ent
+++ b/poky/documentation/poky.ent
@@ -1,17 +1,17 @@
-<!ENTITY DISTRO "2.5">
-<!ENTITY DISTRO_COMPRESSED "25">
+<!ENTITY DISTRO "2.5.1">
+<!ENTITY DISTRO_COMPRESSED "251">
<!ENTITY DISTRO_NAME_NO_CAP "sumo">
<!ENTITY DISTRO_NAME "Sumo">
<!ENTITY DISTRO_NAME_NO_CAP_MINUS_ONE "rocko">
<!ENTITY DISTRO_NAME_MINUS_ONE "Rocko">
-<!ENTITY YOCTO_DOC_VERSION "2.5">
+<!ENTITY YOCTO_DOC_VERSION "2.5.1">
<!ENTITY YOCTO_DOC_VERSION_MINUS_ONE "2.4">
-<!ENTITY DISTRO_REL_TAG "yocto-2.5">
+<!ENTITY DISTRO_REL_TAG "yocto-2.5.1">
<!ENTITY METAINTELVERSION "9.0">
-<!ENTITY REL_MONTH_YEAR "May 2018">
+<!ENTITY REL_MONTH_YEAR "September 2018">
<!ENTITY META_INTEL_REL_TAG "&METAINTELVERSION;-&DISTRO_NAME_NO_CAP;-&YOCTO_DOC_VERSION;">
-<!ENTITY POKYVERSION "20.0.0">
-<!ENTITY POKYVERSION_COMPRESSED "2000">
+<!ENTITY POKYVERSION "20.0.1">
+<!ENTITY POKYVERSION_COMPRESSED "2001">
<!ENTITY YOCTO_POKY "poky-&DISTRO_NAME_NO_CAP;-&POKYVERSION;">
<!ENTITY COPYRIGHT_YEAR "2010-2018">
<!ENTITY YOCTO_DL_URL "http://downloads.yoctoproject.org">
diff --git a/poky/documentation/profile-manual/profile-manual.xml b/poky/documentation/profile-manual/profile-manual.xml
index b64875b8c..e329d4b68 100644
--- a/poky/documentation/profile-manual/profile-manual.xml
+++ b/poky/documentation/profile-manual/profile-manual.xml
@@ -91,6 +91,11 @@
<date>May 2018</date>
<revremark>Released with the Yocto Project 2.5 Release.</revremark>
</revision>
+ <revision>
+ <revnumber>2.5.1</revnumber>
+ <date>September 2018</date>
+ <revremark>The initial document released with the Yocto Project 2.5.1 Release.</revremark>
+ </revision>
</revhistory>
<copyright>
diff --git a/poky/documentation/ref-manual/ref-manual.xml b/poky/documentation/ref-manual/ref-manual.xml
index 169a31e99..82c1d0bc3 100644
--- a/poky/documentation/ref-manual/ref-manual.xml
+++ b/poky/documentation/ref-manual/ref-manual.xml
@@ -122,6 +122,11 @@
<date>May 2018</date>
<revremark>Released with the Yocto Project 2.5 Release.</revremark>
</revision>
+ <revision>
+ <revnumber>2.5.1</revnumber>
+ <date>September 2018</date>
+ <revremark>The initial document released with the Yocto Project 2.5.1 Release.</revremark>
+ </revision>
</revhistory>
<copyright>
diff --git a/poky/documentation/ref-manual/ref-variables.xml b/poky/documentation/ref-manual/ref-variables.xml
index 1c55a92d1..e88389647 100644
--- a/poky/documentation/ref-manual/ref-variables.xml
+++ b/poky/documentation/ref-manual/ref-variables.xml
@@ -3636,10 +3636,17 @@
<para role="glossdeffirst">
<!-- <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
The short name of the distribution.
- This variable corresponds to a distribution
- configuration file whose root name is the same as the
- variable's argument and whose filename extension is
- <filename>.conf</filename>.
+ For information on the long name of the distribution, see
+ the
+ <link linkend='var-DISTRO_NAME'><filename>DISTRO_NAME</filename></link>
+ variable.
+ </para>
+
+ <para>
+ The <filename>DISTRO</filename> variable corresponds to a
+ distribution configuration file whose root name is the
+ same as the variable's argument and whose filename
+ extension is <filename>.conf</filename>.
For example, the distribution configuration file for the
Poky distribution is named <filename>poky.conf</filename>
and resides in the
@@ -3664,9 +3671,9 @@
The value for <filename>DISTRO</filename> must not contain
spaces, and is typically all lower-case.
<note>
- If the <filename>DISTRO</filename> variable is blank, a set
- of default configurations are used, which are specified
- within
+ If the <filename>DISTRO</filename> variable is blank,
+ a set of default configurations are used, which are
+ specified within
<filename>meta/conf/distro/defaultsetup.conf</filename>
also in the Source Directory.
</note>
@@ -3931,6 +3938,46 @@
<para role="glossdeffirst">
<!-- <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
The long name of the distribution.
+ For information on the short name of the distribution, see
+ the
+ <link linkend='var-DISTRO'><filename>DISTRO</filename></link>
+ variable.
+ </para>
+
+ <para>
+ The <filename>DISTRO_NAME</filename> variable corresponds
+ to a distribution configuration file whose root name is the
+ same as the variable's argument and whose filename
+ extension is <filename>.conf</filename>.
+ For example, the distribution configuration file for the
+ Poky distribution is named <filename>poky.conf</filename>
+ and resides in the
+ <filename>meta-poky/conf/distro</filename> directory of
+ the
+ <link linkend='source-directory'>Source Directory</link>.
+ </para>
+
+ <para>
+ Within that <filename>poky.conf</filename> file, the
+ <filename>DISTRO_NAME</filename> variable is set as
+ follows:
+ <literallayout class='monospaced'>
+ DISTRO_NAME = "Poky (Yocto Project Reference Distro)"
+ </literallayout>
+ </para>
+
+ <para>
+ Distribution configuration files are located in a
+ <filename>conf/distro</filename> directory within the
+ <link linkend='metadata'>Metadata</link>
+ that contains the distribution configuration.
+ <note>
+ If the <filename>DISTRO_NAME</filename> variable is
+ blank, a set of default configurations are used, which
+ are specified within
+ <filename>meta/conf/distro/defaultsetup.conf</filename>
+ also in the Source Directory.
+ </note>
</para>
</glossdef>
</glossentry>
@@ -9917,7 +9964,7 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
execute at rootfs creation time rather than on the
target but depends on a native tool in order to execute,
you need to list the tools in
- <filename>PACKAGE_WRITE_DEPENDS</filename>.
+ <filename>PACKAGE_WRITE_DEPS</filename>.
</para>
<para>
@@ -12175,13 +12222,26 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
A list of classes to remove from the
<link linkend='var-INHERIT'><filename>INHERIT</filename></link>
value globally within the extensible SDK configuration.
- The default value is "buildhistory icecc".
+ The
+ <link linkend='ref-classes-populate-sdk-*'><filename>populate-sdk-ext</filename></link>
+ class sets the default value:
+ <literallayout class='monospaced'>
+ SDK_INHERIT_BLACKLIST ?= "buildhistory icecc"
+ </literallayout>
</para>
<para>
Some classes are not generally applicable within
- the extensible SDK context and you can use this variable
- to disable them.
+ the extensible SDK context.
+ You can use this variable to disable those classes.
+ </para>
+
+ <para>
+ For additional information on how to customize the
+ extensible SDK's configuration, see the
+ "<ulink url='&YOCTO_DOCS_SDK_URL;#sdk-configuring-the-extensible-sdk'>Configuring the Extensible SDK</ulink>"
+ section in the Yocto Project Application Development and
+ the Extensible Software Development Kit (eSDK) manual.
</para>
</glossdef>
</glossentry>
@@ -12193,12 +12253,40 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
<glossdef>
<para role="glossdeffirst">
<!-- <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
- A list of variables not allowed through from the build
- system configuration into the extensible SDK configuration.
+ A list of variables not allowed through from the
+ OpenEmbedded build system configuration into the extensible
+ SDK configuration.
Usually, these are variables that are specific to the
machine on which the build system is running and thus
would be potentially problematic within the extensible SDK.
+ </para>
+
+ <para>By default,
+ <filename>SDK_LOCAL_CONF_BLACKLIST</filename> is set in the
+ <link linkend='ref-classes-populate-sdk-*'><filename>populate-sdk-ext</filename></link>
+ class and excludes the following variables:
+ <literallayout class='monospaced'>
+ <link linkend='var-CONF_VERSION'>CONF_VERSION</link>
+ <link linkend='var-BB_NUMBER_THREADS'>BB_NUMBER_THREADS</link>
+ <ulink url='&YOCTO_DOCS_BB_URL;#var-BB_NUMBER_PARSE_THREADS'>BB_NUMBER_PARSE_THREADS</ulink>
+ <link linkend='var-PARALLEL_MAKE'>PARALLEL_MAKE</link>
+ <link linkend='var-PRSERV_HOST'>PRSERV_HOST</link>
+ <link linkend='var-SSTATE_MIRRORS'>SSTATE_MIRRORS</link>
+ <link linkend='var-DL_DIR'>DL_DIR</link>
+ <link linkend='var-SSTATE_DIR'>SSTATE_DIR</link>
+ <link linkend='var-TMPDIR'>TMPDIR</link>
+ <link linkend='var-BB_SERVER_TIMEOUT'>BB_SERVER_TIMEOUT</link>
+ </literallayout>
</para>
+
+ <para>
+ For additional information on how to customize the
+ extensible SDK's configuration, see the
+ "<ulink url='&YOCTO_DOCS_SDK_URL;#sdk-configuring-the-extensible-sdk'>Configuring the Extensible SDK</ulink>"
+ section in the Yocto Project Application Development and
+ the Extensible Software Development Kit (eSDK) manual.
+ </para>
+
</glossdef>
</glossentry>
@@ -12209,8 +12297,16 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
<glossdef>
<para role="glossdeffirst">
<!-- <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
- A list of variables allowed through from the build system
- configuration into the extensible SDK configuration.
+ A list of variables allowed through from the OpenEmbedded
+ build system configuration into the extensible SDK
+ configuration.
+ By default, the list of variables is empty and is set in
+ the
+ <link linkend='ref-classes-populate-sdk-*'><filename>populate-sdk-ext</filename></link>
+ class.
+ </para>
+
+ <para>
This list overrides the variables specified using the
<link linkend='var-SDK_LOCAL_CONF_BLACKLIST'><filename>SDK_LOCAL_CONF_BLACKLIST</filename></link>
variable as well as any variables identified by automatic
@@ -12219,6 +12315,14 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
path and thus might not be valid on the system where the
SDK is installed.
</para>
+
+ <para>
+ For additional information on how to customize the
+ extensible SDK's configuration, see the
+ "<ulink url='&YOCTO_DOCS_SDK_URL;#sdk-configuring-the-extensible-sdk'>Configuring the Extensible SDK</ulink>"
+ section in the Yocto Project Application Development and
+ the Extensible Software Development Kit (eSDK) manual.
+ </para>
</glossdef>
</glossentry>
diff --git a/poky/documentation/sdk-manual/figures/sdk-installed-extensible-sdk-directory.png b/poky/documentation/sdk-manual/figures/sdk-installed-extensible-sdk-directory.png
index 99e07ce6f..b71c8ad73 100644
--- a/poky/documentation/sdk-manual/figures/sdk-installed-extensible-sdk-directory.png
+++ b/poky/documentation/sdk-manual/figures/sdk-installed-extensible-sdk-directory.png
Binary files differ
diff --git a/poky/documentation/sdk-manual/figures/sdk-installed-standard-sdk-directory.png b/poky/documentation/sdk-manual/figures/sdk-installed-standard-sdk-directory.png
index d4af85020..45c0154b1 100644
--- a/poky/documentation/sdk-manual/figures/sdk-installed-standard-sdk-directory.png
+++ b/poky/documentation/sdk-manual/figures/sdk-installed-standard-sdk-directory.png
Binary files differ
diff --git a/poky/documentation/sdk-manual/sdk-appendix-customizing.xml b/poky/documentation/sdk-manual/sdk-appendix-customizing.xml
index 5b56e738d..c3215e622 100644
--- a/poky/documentation/sdk-manual/sdk-appendix-customizing.xml
+++ b/poky/documentation/sdk-manual/sdk-appendix-customizing.xml
@@ -17,26 +17,31 @@
The extensible SDK primarily consists of a pre-configured copy of
the OpenEmbedded build system from which it was produced.
Thus, the SDK's configuration is derived using that build system and
- the following filters, which the OpenEmbedded build system applies
- against <filename>local.conf</filename> and
- <filename>auto.conf</filename> if they are present:
+ the filters shown in the following list.
+ When these filters are present, the OpenEmbedded build system applies
+ them against <filename>local.conf</filename> and
+ <filename>auto.conf</filename>:
<itemizedlist>
<listitem><para>
Variables whose values start with "/" are excluded since the
assumption is that those values are paths that are likely to
- be specific to the build host.
+ be specific to the
+ <ulink url='&YOCTO_DOCS_REF_URL;#hardware-build-system-term'>build host</ulink>.
</para></listitem>
<listitem><para>
Variables listed in
<ulink url='&YOCTO_DOCS_REF_URL;#var-SDK_LOCAL_CONF_BLACKLIST'><filename>SDK_LOCAL_CONF_BLACKLIST</filename></ulink>
are excluded.
- The default value blacklists
- <ulink url='&YOCTO_DOCS_REF_URL;#var-CONF_VERSION'><filename>CONF_VERSION</filename></ulink>,
- <ulink url='&YOCTO_DOCS_REF_URL;#var-BB_NUMBER_THREADS'><filename>BB_NUMBER_THREADS</filename></ulink>,
- <ulink url='&YOCTO_DOCS_REF_URL;#var-PARALLEL_MAKE'><filename>PARALLEL_MAKE</filename></ulink>,
- <ulink url='&YOCTO_DOCS_REF_URL;#var-PRSERV_HOST'><filename>PRSERV_HOST</filename></ulink>,
- and
- <ulink url='&YOCTO_DOCS_REF_URL;#var-SSTATE_MIRRORS'><filename>SSTATE_MIRRORS</filename></ulink>.
+ These variables are not allowed through from the OpenEmbedded
+ build system configuration into the extensible SDK
+ configuration.
+ Typically, these variables are specific to the machine on
+ which the build system is running and could be problematic
+ as part of the extensible SDK configuration.</para>
+
+ <para>For a list of the variables excluded by default, see the
+ <ulink url='&YOCTO_DOCS_REF_URL;#var-SDK_LOCAL_CONF_BLACKLIST'><filename>SDK_LOCAL_CONF_BLACKLIST</filename></ulink>
+ in the glossary of the Yocto Project Reference Manual.
</para></listitem>
<listitem><para>
Variables listed in
@@ -44,7 +49,7 @@
are included.
Including a variable in the value of
<filename>SDK_LOCAL_CONF_WHITELIST</filename> overrides either
- of the above two conditions.
+ of the previous two filters.
The default value is blank.
</para></listitem>
<listitem><para>
@@ -54,7 +59,7 @@
<ulink url='&YOCTO_DOCS_REF_URL;#var-SDK_INHERIT_BLACKLIST'><filename>SDK_INHERIT_BLACKLIST</filename></ulink>
are disabled.
Using <filename>SDK_INHERIT_BLACKLIST</filename> to disable
- these classes is is the typical method to disable classes that
+ these classes is the typical method to disable classes that
are problematic or unnecessary in the SDK context.
The default value blacklists the
<ulink url='&YOCTO_DOCS_REF_URL;#ref-classes-buildhistory'><filename>buildhistory</filename></ulink>
@@ -73,11 +78,13 @@
</para>
</section>
-<section id='adjusting-the-extensible-sdk-to-suit-your-build-system-setup'>
- <title>Adjusting the Extensible SDK to Suit Your Build System Setup</title>
+<section id='adjusting-the-extensible-sdk-to-suit-your-build-hosts-setup'>
+ <title>Adjusting the Extensible SDK to Suit Your Build Host's Setup</title>
<para>
- In most cases, the extensible SDK defaults should work.
+ In most cases, the extensible SDK defaults should work with your
+ <ulink url='&YOCTO_DOCS_REF_URL;#hardware-build-system-term'>build host's</ulink>
+ setup.
However, some cases exist for which you might consider making
adjustments:
<itemizedlist>
@@ -88,33 +95,43 @@
variable and you do not need or want those classes enabled in
the SDK, you can blacklist them by adding them to the
<ulink url='&YOCTO_DOCS_REF_URL;#var-SDK_INHERIT_BLACKLIST'><filename>SDK_INHERIT_BLACKLIST</filename></ulink>
- variable.
- The default value of <filename>SDK_INHERIT_BLACKLIST</filename>
- is set using the "?=" operator.
- Consequently, you will need to either set the complete value
- using "=" or append the value using "_append".
+ variable as described in the fourth bullet of the previous
+ section.
+ <note>
+ The default value of
+ <filename>SDK_INHERIT_BLACKLIST</filename> is set using
+ the "?=" operator.
+ Consequently, you will need to either define the entire
+ list by using the "=" operator, or you will need to append
+ a value using either "_append" or the "+=" operator.
+ You can learn more about these operators in the
+ "<ulink url='&YOCTO_DOCS_BB_URL;#basic-syntax'>Basic Syntax</ulink>"
+ section of the BitBake User Manual.
+ </note>.
</para></listitem>
<listitem><para>
If you have classes or recipes that add additional tasks to
- the standard build flow (i.e. that execute as part of building
- the recipe as opposed to needing to be called explicitly), then
- you need to do one of the following:
+ the standard build flow (i.e. the tasks execute as the recipe
+ builds as opposed to being called explicitly), then you need
+ to do one of the following:
<itemizedlist>
<listitem><para>
- Ensure the tasks are shared state tasks (i.e. their
- output is saved to and can be restored from the shared
- state cache), or that the tasks are able to be
- produced quickly from a task that is a shared state
- task and add the task name to the value of
+ After ensuring the tasks are
+ <ulink url='&YOCTO_DOCS_OM_URL;#shared-state-cache'>shared state</ulink>
+ tasks (i.e. the output of the task is saved to and
+ can be restored from the shared state cache) or
+ ensuring the tasks are able to be produced quickly from
+ a task that is a shared state task, add the task name
+ to the value of
<ulink url='&YOCTO_DOCS_REF_URL;#var-SDK_RECRDEP_TASKS'><filename>SDK_RECRDEP_TASKS</filename></ulink>.
</para></listitem>
<listitem><para>
Disable the tasks if they are added by a class and
you do not need the functionality the class provides
in the extensible SDK.
- To disable the tasks, add the class to
- <filename>SDK_INHERIT_BLACKLIST</filename> as previously
- described.
+ To disable the tasks, add the class to the
+ <filename>SDK_INHERIT_BLACKLIST</filename> variable
+ as described in the previous section.
</para></listitem>
</itemizedlist>
</para></listitem>
@@ -132,7 +149,7 @@
<ulink url='&YOCTO_DOCS_REF_URL;#var-SDK_UPDATE_URL'><filename>SDK_UPDATE_URL</filename></ulink>
variable.
For more information, see the
- "<link linkend='sdk-providing-updates-after-installing-the-extensible-sdk'>Providing Updates After Installing the Extensible SDK</link>"
+ "<link linkend='sdk-providing-updates-to-the-extensible-sdk-after-installation'>Providing Updates to the Extensible SDK After Installation</link>"
section.
</para></listitem>
<listitem><para>
@@ -162,11 +179,12 @@
</para>
</section>
-<section id='sdk-changing-the-appearance-of-the-extensible-sdk'>
- <title>Changing the Appearance of the Extensible SDK</title>
+<section id='sdk-changing-the-sdk-installer-title'>
+ <title>Changing the Extensible SDK Installer Title</title>
<para>
- You can change the title shown by the SDK installer by setting the
+ You can change the displayed title for the SDK installer by setting
+ the
<ulink url='&YOCTO_DOCS_REF_URL;#var-SDK_TITLE'><filename>SDK_TITLE</filename></ulink>
variable.
By default, this title is derived from
@@ -177,21 +195,37 @@
<ulink url='&YOCTO_DOCS_REF_URL;#var-DISTRO'><filename>DISTRO</filename></ulink>
variable.
</para>
+
+ <para>
+ The
+ <ulink url='&YOCTO_DOCS_REF_URL;#ref-classes-populate-sdk-*'><filename>populate_sdk_ext</filename></ulink>
+ class defines the default value of the <filename>SDK_TITLE</filename>
+ variable as follows:
+ <literallayout class='monospaced'>
+ SDK_TITLE_task-populate-sdk-ext = "${@d.getVar('DISTRO_NAME') or d.getVar('DISTRO')} Extensible SDK"
+ </literallayout>
+ </para>
</section>
-<section id='sdk-providing-updates-after-installing-the-extensible-sdk'>
- <title>Providing Updates After Installing the Extensible SDK</title>
+<section id='sdk-providing-updates-to-the-extensible-sdk-after-installation'>
+ <title>Providing Updates to the Extensible SDK After Installation</title>
<para>
When you make changes to your configuration or to the metadata and
if you want those changes to be reflected in installed SDKs, you need
- to perform additional steps to make it possible for those that use
- the SDK to update their installations with the
+ to perform additional steps.
+ These steps make it possible for anyone using the installed SDKs to
+ update the installed SDKs by using the
<filename>devtool sdk-update</filename> command:
<orderedlist>
<listitem><para>
- Arrange to be created a directory that can be shared over
- HTTP or HTTPS.
+ Create a directory that can be shared over HTTP or HTTPS.
+ You can do this by setting up a web server such as an
+ <ulink url='https://en.wikipedia.org/wiki/Apache_HTTP_Server'>Apache HTTP Server</ulink>
+ or
+ <ulink url='https://en.wikipedia.org/wiki/Nginx'>Nginx</ulink>
+ server in the cloud to host the directory.
+ This directory must contain the published SDK.
</para></listitem>
<listitem><para>
Set the
@@ -199,7 +233,10 @@
variable to point to the corresponding HTTP or HTTPS URL.
Setting this variable causes any SDK built to default to that
URL and thus, the user does not have to pass the URL to the
- <filename>devtool sdk-update</filename> command.
+ <filename>devtool sdk-update</filename> command as described
+ in the
+ "<link linkend='sdk-applying-updates-to-an-installed-extensible-sdk'>Applying Updates to an Installed Extensible SDK</link>"
+ section.
</para></listitem>
<listitem><para>
Build the extensible SDK normally (i.e., use the
@@ -209,7 +246,7 @@
<listitem><para>
Publish the SDK using the following command:
<literallayout class='monospaced'>
- $ oe-publish-sdk <replaceable>some_path</replaceable>/sdk-installer.sh <replaceable>path_to_shared/http_directory</replaceable>
+ $ oe-publish-sdk <replaceable>some_path</replaceable>/sdk-installer.sh <replaceable>path_to_shared_http_directory</replaceable>
</literallayout>
You must repeat this step each time you rebuild the SDK
with changes that you want to make available through the
@@ -219,11 +256,11 @@
</para>
<para>
- Completing the above steps allows users of the existing SDKs to
- simply run <filename>devtool sdk-update</filename> to retrieve the
- latest updates.
+ Completing the above steps allows users of the existing installed
+ SDKs to simply run <filename>devtool sdk-update</filename> to
+ retrieve and apply the latest updates.
See the
- "<link linkend='sdk-updating-the-extensible-sdk'>Updating the Extensible SDK</link>"
+ "<link linkend='sdk-applying-updates-to-an-installed-extensible-sdk'>Applying Updates to an Installed Extensible SDK</link>"
section for further information.
</para>
</section>
@@ -232,27 +269,38 @@
<title>Providing Additional Installable Extensible SDK Content</title>
<para>
- If you want the users of the extensible SDK you are building to be
- able to add items to the SDK without needing to build the
- items from source, you need to do a number of things:
+ If you want the users of an extensible SDK you build to be
+ able to add items to the SDK without requiring the users to build
+ the items from source, you need to do a number of things:
<orderedlist>
<listitem><para>
Ensure the additional items you want the user to be able to
- install are actually built.
- You can ensure these items are built a number of different
- ways: 1) Build them explicitly, perhaps using one or more
- "meta" recipes that depend on lists of other recipes to keep
- things tidy, or 2) Build the "world" target and set
- <filename>EXCLUDE_FROM_WORLD_pn-</filename><replaceable>recipename</replaceable>
- for the recipes you do not want built.
- See the
- <ulink url='&YOCTO_DOCS_REF_URL;#var-EXCLUDE_FROM_WORLD'><filename>EXCLUDE_FROM_WORLD</filename></ulink>
- variable for additional information.
+ install are already built:
+ <itemizedlist>
+ <listitem><para>
+ Build the items explicitly.
+ You could use one or more "meta" recipes that depend
+ on lists of other recipes.
+ </para></listitem>
+ <listitem><para>
+ Build the "world" target and set
+ <filename>EXCLUDE_FROM_WORLD_pn-</filename><replaceable>recipename</replaceable>
+ for the recipes you do not want built.
+ See the
+ <ulink url='&YOCTO_DOCS_REF_URL;#var-EXCLUDE_FROM_WORLD'><filename>EXCLUDE_FROM_WORLD</filename></ulink>
+ variable for additional information.
+ </para></listitem>
+ </itemizedlist>
</para></listitem>
<listitem><para>
Expose the <filename>sstate-cache</filename> directory
produced by the build.
- Typically, you expose this directory over HTTP or HTTPS.
+ Typically, you expose this directory by making it available
+ through an
+ <ulink url='https://en.wikipedia.org/wiki/Apache_HTTP_Server'>Apache HTTP Server</ulink>
+ or
+ <ulink url='https://en.wikipedia.org/wiki/Nginx'>Nginx</ulink>
+ server.
</para></listitem>
<listitem><para>
Set the appropriate configuration so that the produced SDK
@@ -285,7 +333,7 @@
Alternatively, if you just want to set the
<filename>SSTATE_MIRRORS</filename> variable's value
for the SDK alone, create a
- <filename>conf/sdk-extra.conf</filename> either in
+ <filename>conf/sdk-extra.conf</filename> file either in
your
<ulink url='&YOCTO_DOCS_REF_URL;#build-directory'>Build Directory</ulink>
or within any layer and put your
@@ -324,24 +372,24 @@
size, which downloads and installs quickly.
You need to realize, though, that the minimal installer does not
install any libraries or tools out of the box.
- These must be installed either "on the fly" or through actions you
- perform using <filename>devtool</filename> or explicitly with the
- <filename>devtool sdk-install</filename> command.
+ These libraries and tools must be installed either "on the fly" or
+ through actions you perform using <filename>devtool</filename> or
+ explicitly with the <filename>devtool sdk-install</filename> command.
</para>
<para>
- In most cases, when building a minimal SDK you will need to also enable
+ In most cases, when building a minimal SDK you need to also enable
bringing in the information on a wider range of packages produced by
the system.
- This is particularly true so that <filename>devtool add</filename>
- is able to effectively map dependencies it discovers in a source tree
- to the appropriate recipes.
- Also so that the <filename>devtool search</filename> command
- is able to return useful results.
+ Requiring this wider range of information is particularly true
+ so that <filename>devtool add</filename> is able to effectively map
+ dependencies it discovers in a source tree to the appropriate recipes.
+ Additionally, the information enables the
+ <filename>devtool search</filename> command to return useful results.
</para>
<para>
- To facilitate this wider range of information, you would additionally
+ To facilitate this wider range of information, you would need to
set the following:
<literallayout class='monospaced'>
SDK_INCLUDE_PKGDATA = "1"
@@ -384,8 +432,8 @@
<ulink url='&YOCTO_DOCS_REF_URL;#var-SDK_INCLUDE_TOOLCHAIN'><filename>SDK_INCLUDE_TOOLCHAIN</filename></ulink>
variable to "1".
In particular, it is useful to include the toolchain when you
- have set <filename>SDK_EXT_TYPE</filename> to
- "minimal", which by default, excludes the toolchain.
+ have set <filename>SDK_EXT_TYPE</filename> to "minimal", which by
+ default, excludes the toolchain.
Also, it is helpful if you are building a small SDK for use with
an IDE, such as <trademark class='trade'>Eclipse</trademark>, or some
other tool where you do not want to take extra steps to install a
diff --git a/poky/documentation/sdk-manual/sdk-appendix-neon.xml b/poky/documentation/sdk-manual/sdk-appendix-neon.xml
index f648047ef..0fb92985a 100644
--- a/poky/documentation/sdk-manual/sdk-appendix-neon.xml
+++ b/poky/documentation/sdk-manual/sdk-appendix-neon.xml
@@ -14,8 +14,8 @@
from start to finish.
For general information on using the Eclipse IDE and the Yocto
Project Eclipse Plug-In, see the
- "<link linkend='sdk-eclipse-project'>Developing Applications Using <trademark class='trade'>Eclipse</trademark></link>"
- Chapter.
+ "<link linkend='application-development-workflow-using-eclipse'>Application Development Workflow Using <trademark class='trade'>Eclipse</trademark></link>"
+ section.
</para>
<section id='neon-setting-up-the-eclipse-ide'>
@@ -53,13 +53,18 @@
<ulink url='http://www.eclipse.org/neon/'>http://www.eclipse.org/neon/</ulink>.
</para></listitem>
<listitem><para><emphasis>Download the Tarball:</emphasis>
- Click the "Download" button and then use the "Eclipse
- IDE for C/C++ Developers"
- appropriate for your development system.
+ Click the "Download" button and look for the
+ "Eclipse IDE for C/C++ Developers" Neon 3 Package.
+ Select the correct platform download link listed at
+ the right.
+ For example, click on "64-bit" next to Linux if your
+ build host is running a 64-bit Linux distribution.
+ Click through the process to save the file.
</para></listitem>
<listitem><para><emphasis>Unpack the Tarball:</emphasis>
- Move to a clean directory and unpack the tarball.
- Here is an example:
+ Move to a directory and unpack the tarball.
+ The following commands unpack the tarball into the
+ home directory:
<literallayout class='monospaced'>
$ cd ~
$ tar -xzvf ~/Downloads/eclipse-cpp-neon-3-linux-gtk-x86_64.tar.gz
@@ -84,11 +89,22 @@
<para>
Follow these steps to configure the Neon Eclipse IDE.
- <note>
- Depending on how you installed Eclipse and what you have
- already done, some of the options will not appear.
- If you cannot find an option as directed by the manual,
- it has already been installed.
+ <note><title>Notes</title>
+ <itemizedlist>
+ <listitem><para>
+ Depending on how you installed Eclipse and what
+ you have already done, some of the options do
+ not appear.
+ If you cannot find an option as directed by the
+ manual, it has already been installed.
+ </para></listitem>
+ <listitem><para>
+ If you want to see all options regardless of
+ whether they are installed or not, deselect the
+ "Hide items that are already installed"
+ check box.
+ </para></listitem>
+ </itemizedlist>
</note>
<orderedlist>
<listitem><para>Be sure Eclipse is running and
@@ -164,11 +180,11 @@
in the URL field and provide a meaningful name
in the "Name" field.
</para></listitem>
- <listitem><para>Click "OK" to have the entry added
- to the "Work with:" drop-down list.
- </para></listitem>
- <listitem><para>Select the entry for the plug-in
- from the "Work with:" drop-down list.
+ <listitem><para>
+ Click "OK" to have the entry automatically
+ populate the "Work with:" field and to have
+ the items for installation appear in the window
+ below.
</para></listitem>
<listitem><para>Check the boxes next to the following:
<literallayout class='monospaced'>
@@ -196,8 +212,14 @@
To install the Neon Eclipse Yocto Plug-in from the latest
source code, follow these steps:
<orderedlist>
- <listitem><para>Be sure your development system
- has JDK 1.8+
+ <listitem><para>
+ Be sure your build host has JDK version 1.8
+ or greater.
+ On a Linux build host you can determine the
+ version using the following command:
+ <literallayout class='monospaced'>
+ $ java -version
+ </literallayout>
</para></listitem>
<listitem><para>install X11-related packages:
<literallayout class='monospaced'>
@@ -211,18 +233,19 @@
$ git clone git://git.yoctoproject.org/eclipse-yocto
</literallayout>
</para></listitem>
- <listitem><para>Use Git to checkout the correct
- tag:
+ <listitem><para>
+ Use Git to create the correct tag:
<literallayout class='monospaced'>
$ cd ~/eclipse-yocto
- $ git checkout neon/yocto-&DISTRO;
+ $ git checkout -b neon/&DISTRO_NAME_NO_CAP; remotes/origin/neon/&DISTRO_NAME_NO_CAP;
</literallayout>
This creates a local tag named
- <filename>neon/yocto-&DISTRO;</filename> based on
- the branch <filename>origin/neon-master</filename>.
- This puts you in a detached HEAD state, which
- is fine since you are only going to be building
- and not developing.
+ <filename>neon/&DISTRO_NAME_NO_CAP;</filename>
+ based on the branch
+ <filename>origin/neon/&DISTRO_NAME_NO_CAP;</filename>.
+ You are put into a detached HEAD state,
+ which is fine since you are only going to
+ be building and not developing.
</para></listitem>
<listitem><para>Change to the
<filename>scripts</filename>
@@ -243,20 +266,22 @@
directory of the Git repository created
earlier.
</para></listitem>
- <listitem><para>Run the <filename>build.sh</filename>
+ <listitem><para>
+ Run the <filename>build.sh</filename>
script as directed.
- Be sure to provide the tag name, documentation
- branch, and a release name.</para>
- <para>
- Following is an example:
+ Be sure to provide the tag name,
+ documentation branch, and a release name.</para>
+
+ <para>Following is an example:
<literallayout class='monospaced'>
- $ ECLIPSE_HOME=/home/scottrif/eclipse-yocto/scripts/eclipse ./build.sh -l neon/yocto-&DISTRO; master yocto-&DISTRO; 2>&amp;1 | tee build.log
+ $ ECLIPSE_HOME=/home/scottrif/eclipse-yocto/scripts/eclipse ./build.sh -l neon/&DISTRO_NAME_NO_CAP; master yocto-&DISTRO; 2>&amp;1 | tee build.log
</literallayout>
- The previous example command adds the tag you
- need for <filename>neon/yocto-&DISTRO;</filename>
- to <filename>HEAD</filename>, then tells the
- build script to use the local (-l) Git checkout
- for the build.
+ The previous example command adds the tag
+ you need for
+ <filename>neon/&DISTRO_NAME_NO_CAP;</filename>
+ to <filename>HEAD</filename>, then tells
+ the build script to use the local (-l) Git
+ checkout for the build.
After running the script, the file
<filename>org.yocto.sdk-</filename><replaceable>release</replaceable><filename>-</filename><replaceable>date</replaceable><filename>-archive.zip</filename>
is in the current directory.
@@ -310,7 +335,7 @@
</section>
<section id='neon-configuring-the-eclipse-yocto-plug-in'>
- <title>Configuring the Neon Eclipse Yocto Plug-in</title>
+ <title>Configuring the Neon Eclipse Yocto Plug-In</title>
<para>
Configuring the Neon Eclipse Yocto Plug-in involves setting the
@@ -324,14 +349,16 @@
<para>
To start, you need to do the following from within the
Eclipse IDE:
- <itemizedlist>
- <listitem><para>Choose "Preferences" from the
+ <orderedlist>
+ <listitem><para>
+ Choose "Preferences" from the
"Window" menu to display the Preferences Dialog.
</para></listitem>
- <listitem><para>Click "Yocto Project SDK" to display
+ <listitem><para>
+ Click "Yocto Project SDK" to display
the configuration screen.
</para></listitem>
- </itemizedlist>
+ </orderedlist>
The following sub-sections describe how to configure the
the plug-in.
<note>
@@ -354,15 +381,15 @@
the sysroot location, and select the target
architecture.
<itemizedlist>
- <listitem><para><emphasis>Selecting the Toolchain Type:</emphasis>
- Choose between
- <filename>Standalone pre-built toolchain</filename>
+ <listitem><para>
+ <emphasis>Selecting the Toolchain Type:</emphasis>
+ Choose between "Standalone pre-built toolchain"
and
- <filename>Build system derived toolchain</filename>
- for Cross Compiler Options.
+ "Build system derived toolchain" for Cross Compiler
+ Options.
<itemizedlist>
- <listitem><para><emphasis>
- <filename>Standalone Pre-built Toolchain:</filename></emphasis>
+ <listitem><para>
+ <emphasis>Standalone Pre-built Toolchain:</emphasis>
Select this type when you are using
a stand-alone cross-toolchain.
For example, suppose you are an
@@ -376,24 +403,25 @@
and installed a pre-built toolchain
for an existing image.
</para></listitem>
- <listitem><para><emphasis>
- <filename>Build System Derived Toolchain:</filename></emphasis>
+ <listitem><para>
+ <emphasis>Build System Derived Toolchain:</emphasis>
Select this type if you built the
toolchain as part of the
<ulink url='&YOCTO_DOCS_REF_URL;#build-directory'>Build Directory</ulink>.
- When you select
- <filename>Build system derived toolchain</filename>,
- you are using the toolchain built and
- bundled inside the Build Directory.
+ When you select "Build system derived
+ toolchain", you are using the toolchain
+ built and bundled inside the Build
+ Directory.
For example, suppose you created a
suitable image using the steps in the
<ulink url='https://wiki.yoctoproject.org/wiki/TipsAndTricks/RunningEclipseAgainstBuiltImage'>wiki</ulink>.
- In this situation, you would select the
- <filename>Build system derived toolchain</filename>.
+ In this situation, you would select
+ "Build system derived toolchain".
</para></listitem>
</itemizedlist>
</para></listitem>
- <listitem><para><emphasis>Specify the Toolchain Root Location:</emphasis>
+ <listitem><para>
+ <emphasis>Specify the Toolchain Root Location:</emphasis>
If you are using a stand-alone pre-built
toolchain, you should be pointing to where it is
installed (e.g.
@@ -402,10 +430,10 @@
"<link linkend='sdk-installing-the-sdk'>Installing the SDK</link>"
section for information about how the SDK is
installed.</para>
+
<para>If you are using a build system derived
toolchain, the path you provide for the
- <filename>Toolchain Root Location</filename>
- field is the
+ "Toolchain Root Location" field is the
<ulink url='&YOCTO_DOCS_REF_URL;#build-directory'>Build Directory</ulink>
from which you run the
<filename>bitbake</filename> command (e.g
@@ -414,10 +442,12 @@
"<link linkend='sdk-building-an-sdk-installer'>Building an SDK Installer</link>"
section.
</para></listitem>
- <listitem><para><emphasis>Specify Sysroot Location:</emphasis>
+ <listitem><para>
+ <emphasis>Specify Sysroot Location:</emphasis>
This location is where the root filesystem for
the target hardware resides.
</para>
+
<para>This location depends on where you
separately extracted and installed the
target filesystem when you either built
@@ -438,17 +468,18 @@
and you would browse to and select that directory
(e.g. <filename>/home/scottrif/build/MY_QEMU_ROOTFS</filename>).
</para>
+
<para>For more information on how to install the
toolchain and on how to extract and install the
sysroot filesystem, see the
"<link linkend='sdk-building-an-sdk-installer'>Building an SDK Installer</link>"
section.
</para></listitem>
- <listitem><para><emphasis>Select the Target Architecture:</emphasis>
+ <listitem><para>
+ <emphasis>Select the Target Architecture:</emphasis>
The target architecture is the type of hardware
you are going to use or emulate.
- Use the pull-down
- <filename>Target Architecture</filename> menu
+ Use the pull-down "Target Architecture" menu
to make your selection.
The pull-down menu should have the supported
architectures.
@@ -473,16 +504,17 @@
emulator, or you can choose to run your image on actual
hardware.
<itemizedlist>
- <listitem><para><emphasis>QEMU:</emphasis>
+ <listitem><para>
+ <emphasis>QEMU:</emphasis>
Select this option if you will be using the
QEMU emulator.
If you are using the emulator, you also need to
locate the kernel and specify any custom
options.</para>
- <para>If you selected the
- <filename>Build system derived toolchain</filename>,
- the target kernel you built will be located in
- the
+
+ <para>If you selected the Build system derived
+ toolchain, the target kernel you built will be
+ located in the
<ulink url='&YOCTO_DOCS_REF_URL;#build-directory'>Build Directory</ulink>
in
<filename>tmp/deploy/images/<replaceable>machine</replaceable></filename>
@@ -494,10 +526,12 @@
followed by the image (e.g.
<filename>/home/scottrif/poky/build/tmp/deploy/images/qemux86/bzImage-qemux86.bin</filename>).
</para>
+
<para>If you selected the standalone pre-built
toolchain, the pre-built image you downloaded is
located in the directory you specified when you
downloaded the image.</para>
+
<para>Most custom options are for advanced QEMU
users to further customize their QEMU instance.
These options are specified between paired
@@ -514,16 +548,16 @@
The following is an example:
<literallayout class='monospaced'>
serial ‘&lt;-m 256 -full-screen&gt;’
- </literallayout></para>
- <para>
+ </literallayout>
Regardless of the mode, Sysroot is already
defined as part of the Cross-Compiler Options
- configuration in the
- <filename>Sysroot Location:</filename> field.
+ configuration in the "Sysroot Location:" field.
</para></listitem>
- <listitem><para><emphasis>External HW:</emphasis>
+ <listitem><para>
+ <emphasis>External HW:</emphasis>
Select this option if you will be using actual
- hardware.</para></listitem>
+ hardware.
+ </para></listitem>
</itemizedlist>
</para>
@@ -558,31 +592,37 @@
To create a project based on a Yocto template and then display
the source code, follow these steps:
<orderedlist>
- <listitem><para>Select "C Project" from the "File -> New" menu.
+ <listitem><para>
+ Select "C Project" from the "File -> New" menu.
</para></listitem>
- <listitem><para>Expand <filename>Yocto Project SDK Autotools Project</filename>.
+ <listitem><para>
+ Expand "Yocto Project SDK Autotools Project".
</para></listitem>
- <listitem><para>Select <filename>Hello World ANSI C Autotools Projects</filename>.
+ <listitem><para>
+ Select "Hello World ANSI C Autotools Projects".
This is an Autotools-based project based on a Yocto
template.
</para></listitem>
- <listitem><para>Put a name in the <filename>Project name:</filename>
- field.
+ <listitem><para>
+ Put a name in the "Project name:" field.
Do not use hyphens as part of the name
- (e.g. <filename>hello</filename>).
+ (e.g. "hello").
</para></listitem>
- <listitem><para>Click "Next".
+ <listitem><para>
+ Click "Next".
</para></listitem>
- <listitem><para>Add appropriate information in the various
- fields.
+ <listitem><para>
+ Add appropriate information in the various fields.
</para></listitem>
- <listitem><para>Click "Finish".
+ <listitem><para>
+ Click "Finish".
</para></listitem>
- <listitem><para>If the "open perspective" prompt appears,
+ <listitem><para>
+ If the "open perspective" prompt appears,
click "Yes" so that you are in the C/C++ perspective.
</para></listitem>
- <listitem><para>The left-hand navigation pane shows your
- project.
+ <listitem><para>
+ The left-hand navigation pane shows your project.
You can display your source by double clicking the
project's source file.
</para></listitem>
@@ -600,7 +640,8 @@
You can override these settings for a given project by following
these steps:
<orderedlist>
- <listitem><para>Select "Yocto Project Settings" from
+ <listitem><para>
+ Select "Yocto Project Settings" from
the "Project -> Properties" menu.
This selection brings up the Yocto Project Settings
Dialog and allows you to make changes specific to an
@@ -613,22 +654,19 @@
The Yocto Project Settings Dialog allows you to override
those default settings for a given project.
</para></listitem>
- <listitem><para>Make or verify your configurations for the
- project and click "OK".
+ <listitem><para>
+ Make or verify your configurations for the project and
+ click "OK".
</para></listitem>
- <listitem><para>Right-click in the navigation pane and
- select "Reconfigure Project" from the pop-up menu.
+ <listitem><para>
+ Right-click in the navigation pane and select
+ "Reconfigure Project" from the pop-up menu.
This selection reconfigures the project by running
- <filename>autogen.sh</filename> in the workspace for
- your project.
- The script also runs <filename>libtoolize</filename>,
- <filename>aclocal</filename>,
- <filename>autoconf</filename>,
- <filename>autoheader</filename>,
- <filename>automake --a</filename>, and
- <filename>./configure</filename>.
- Click on the "Console" tab beneath your source code to
- see the results of reconfiguring your project.
+ <ulink url='https://en.wikipedia.org/wiki/GNU_Build_System'>Autotools GNU utility programs</ulink>
+ such as Autoconf, Automake, and so forth in the
+ workspace for your project.
+ Click on the "Console" tab beneath your source code
+ to see the results of reconfiguring your project.
</para></listitem>
</orderedlist>
</para>
@@ -656,8 +694,7 @@
Select the project.
</para></listitem>
<listitem><para>
- Select "Folder" from the
- <filename>File > New</filename> menu.
+ Select "Folder" from the "File > New" menu.
</para></listitem>
<listitem><para>
In the "New Folder" Dialog, select "Link to alternate
@@ -782,54 +819,66 @@
exit out of or close that shell).
</note>
<orderedlist>
- <listitem><para>Select "Debug Configurations..." from the
+ <listitem><para>
+ Select "Debug Configurations..." from the
"Run" menu.</para></listitem>
- <listitem><para>In the left area, expand
- <filename>C/C++Remote Application</filename>.
+ <listitem><para>
+ In the left area, expand
+ "C/C++Remote Application".
</para></listitem>
- <listitem><para>Locate your project and select it to bring
+ <listitem><para>
+ Locate your project and select it to bring
up a new tabbed view in the Debug Configurations Dialog.
</para></listitem>
- <listitem><para>Click on the "Debugger" tab to see the
+ <listitem><para>
+ Click on the "Debugger" tab to see the
cross-tool debugger you are using.
Be sure to change to the debugger perspective in Eclipse.
</para></listitem>
- <listitem><para>Click on the "Main" tab.
+ <listitem><para>
+ Click on the "Main" tab.
</para></listitem>
<listitem><para>Create a new connection to the QEMU instance
by clicking on "new".</para></listitem>
- <listitem><para>Select <filename>SSH</filename>, which means
+ <listitem><para>
+ Select "SSH", which means
Secure Socket Shell.
Optionally, you can select a TCF connection instead.
</para></listitem>
- <listitem><para>Click "Next".
+ <listitem><para>
+ Click "Next".
</para></listitem>
- <listitem><para>Clear out the "Connection name" field and
+ <listitem><para>
+ Clear out the "Connection name" field and
enter any name you want for the connection.
</para></listitem>
- <listitem><para>Put the IP address for the connection in
+ <listitem><para>
+ Put the IP address for the connection in
the "Host" field.
- For QEMU, the default is <filename>192.168.7.2</filename>.
+ For QEMU, the default is "192.168.7.2".
However, if a previous QEMU session did not exit
cleanly, the IP address increments (e.g.
- <filename>192.168.7.3</filename>).
+ "192.168.7.3").
<note>
You can find the IP address for the current QEMU
session by looking in the xterm that opens when
you launch QEMU.
</note>
</para></listitem>
- <listitem><para>Enter <filename>root</filename>, which
+ <listitem><para>
+ Enter "root", which
is the default for QEMU, for the "User" field.
Be sure to leave the password field empty.
</para></listitem>
<listitem><para>Click "Finish" to close the
New Connections Dialog.
</para></listitem>
- <listitem><para>If necessary, use the drop-down menu now in the
+ <listitem><para>
+ If necessary, use the drop-down menu now in the
"Connection" field and pick the IP Address you entered.
</para></listitem>
- <listitem><para>Assuming you are connecting as the root user,
+ <listitem><para>
+ Assuming you are connecting as the root user,
which is the default for QEMU x86-64 SDK images provided by
the Yocto Project, in the "Remote Absolute File Path for
C/C++ Application" field, browse to
@@ -874,9 +923,11 @@
<listitem><para>
Be sure you change to the "Debug" perspective in Eclipse.
</para></listitem>
- <listitem><para>Click "Debug"
+ <listitem><para>
+ Click "Debug"
</para></listitem>
- <listitem><para>Accept the debug perspective.
+ <listitem><para>
+ Accept the debug perspective.
</para></listitem>
</orderedlist>
</para>
diff --git a/poky/documentation/sdk-manual/sdk-appendix-obtain.xml b/poky/documentation/sdk-manual/sdk-appendix-obtain.xml
index aa06358a0..c608e6f54 100644
--- a/poky/documentation/sdk-manual/sdk-appendix-obtain.xml
+++ b/poky/documentation/sdk-manual/sdk-appendix-obtain.xml
@@ -25,32 +25,33 @@
Go to <ulink url='&YOCTO_TOOLCHAIN_DL_URL;'></ulink>
</para></listitem>
<listitem><para>
- <emphasis>Open the Folder for Your Development System:</emphasis>
- Open the folder that matches your host development system
+ <emphasis>Open the Folder for Your Build Host:</emphasis>
+ Open the folder that matches your
+ <ulink url='&YOCTO_DOCS_REF_URL;#build-system-term'>build host</ulink>
(i.e. <filename>i686</filename> for 32-bit machines or
<filename>x86_64</filename> for 64-bit machines).
</para></listitem>
<listitem><para>
<emphasis>Locate and Download the SDK Installer:</emphasis>
You need to find and download the installer appropriate for
- your development system, target hardware, and image type.
+ your build host, target hardware, and image type.
</para>
<para>The installer files (<filename>*.sh</filename>) follow
this naming convention:
<literallayout class='monospaced'>
- poky-eglibc-<replaceable>host_system</replaceable>-core-image-<replaceable>type</replaceable>-<replaceable>arch</replaceable>-toolchain-ext-<replaceable>release</replaceable>.sh
+ poky-glibc-<replaceable>host_system</replaceable>-core-image-<replaceable>type</replaceable>-<replaceable>arch</replaceable>-toolchain[-ext]-<replaceable>release</replaceable>.sh
Where:
<replaceable>host_system</replaceable> is a string representing your development system:
- i686 or x86_64.
+ "i686" or "x86_64"
- <replaceable>type</replaceable> is a string representing either a "sato" or "minimal"
- image.
+ <replaceable>type</replaceable> is a string representing the image:
+ "sato" or "minimal"
<replaceable>arch</replaceable> is a string representing the target architecture:
- aarch64, armv5e, core2-64, coretexa8hf-neon, i586, mips3242,
- mips64, or ppc7400.
+ "aarch64", "armv5e", "core2-64", "coretexa8hf-neon", "i586", "mips32r2",
+ "mips64", or "ppc7400"
<replaceable>release</replaceable> is the version of Yocto Project.
@@ -65,10 +66,10 @@
libraries appropriate for developing against those images.
</para>
- <para>For example, if your host development system is a
- 64-bit x86 system and you are need an extended SDK for a
- 64-bit core2 target, go into the <filename>x86_64</filename>
- folder and download the following installer:
+ <para>For example, if your build host is a 64-bit x86 system
+ and you need an extended SDK for a 64-bit core2 target, go
+ into the <filename>x86_64</filename> folder and download the
+ following installer:
<literallayout class='monospaced'>
poky-glibc-x86_64-core-image-sato-core2-64-toolchain-ext-&DISTRO;.sh
</literallayout>
@@ -97,7 +98,7 @@
<title>Building an SDK Installer</title>
<para>
- As an alternative to locating and downloading a SDK installer,
+ As an alternative to locating and downloading an SDK installer,
you can build the SDK installer.
Follow these steps:
<orderedlist>
@@ -138,8 +139,7 @@
Among other things, the script creates the
<ulink url='&YOCTO_DOCS_REF_URL;#build-directory'>Build Directory</ulink>,
which is <filename>build</filename> in this case
- and is located in the
- <ulink url='&YOCTO_DOCS_REF_URL;#source-directory'>Source Directory</ulink>.
+ and is located in the Source Directory.
After the script runs, your current working directory
is set to the <filename>build</filename> directory.
</para></listitem>
@@ -148,17 +148,31 @@
Check to be sure that your
<ulink url='&YOCTO_DOCS_REF_URL;#var-MACHINE'><filename>MACHINE</filename></ulink>
variable in the <filename>local.conf</filename> file in your
- <ulink url='&YOCTO_DOCS_REF_URL;#build-directory'>Build Directory</ulink>
- matches the architecture for which you are building.
+ Build Directory matches the architecture for which you are
+ building.
</para></listitem>
<listitem><para>
<emphasis>Make Sure Your SDK Machine is Correctly Set:</emphasis>
If you are building a toolchain designed to run on an
architecture that differs from your current development host
- machine (i.e. the build machine), be sure that the
+ machine (i.e. the build host), be sure that the
<ulink url='&YOCTO_DOCS_REF_URL;#var-SDKMACHINE'><filename>SDKMACHINE</filename></ulink>
variable in the <filename>local.conf</filename> file in your
Build Directory is correctly set.
+ <note>
+ If you are building an SDK installer for the Extensible
+ SDK, the <filename>SDKMACHINE</filename> value must be
+ set for the architecture of the machine you are using to
+ build the installer.
+ If <filename>SDKMACHINE</filename> is not set appropriately,
+ the build fails and provides an error message similar to
+ the following:
+ <literallayout class='monospaced'>
+ The extensible SDK can currently only be built for the same architecture as the machine being built on - SDK_ARCH is
+ set to i686 (likely via setting SDKMACHINE) which is different from the architecture of the build machine (x86_64).
+ Unable to continue.
+ </literallayout>
+ </note>
</para></listitem>
<listitem><para>
<emphasis>Build the SDK Installer:</emphasis>
@@ -174,7 +188,7 @@
<literallayout class='monospaced'>
$ bitbake <replaceable>image</replaceable> -c populate_sdk_ext
</literallayout>
- These commands result in a SDK installer that contains the
+ These commands produce an SDK installer that contains the
sysroot that matches your target root filesystem.</para>
<para>When the <filename>bitbake</filename> command completes,
@@ -183,16 +197,18 @@
<note><title>Notes</title>
<itemizedlist>
<listitem><para>
- By default, this toolchain does not build static
- binaries.
+ By default, the previous BitBake command does not
+ build static binaries.
If you want to use the toolchain to build these
types of libraries, you need to be sure your SDK
has the appropriate static development libraries.
Use the
<ulink url='&YOCTO_DOCS_REF_URL;#var-TOOLCHAIN_TARGET_TASK'><filename>TOOLCHAIN_TARGET_TASK</filename></ulink>
variable inside your <filename>local.conf</filename>
- file to install the appropriate library packages
- in the SDK.
+ file before building the SDK installer.
+ Doing so ensures that the eventual SDK installation
+ process installs the appropriate library packages
+ as part of the SDK.
Following is an example using
<filename>libc</filename> static development
libraries:
@@ -262,32 +278,40 @@
Root Filesystem Image File:</emphasis>
You need to find and download the root filesystem image
file that is appropriate for your target system.
- These files are kept in the
+ These files are kept in machine-specific folders in the
<ulink url='&YOCTO_DL_URL;/releases/yocto/yocto-&DISTRO;/machines/'>Index of Releases</ulink>
in the "machines" directory.</para>
- <para>The "machines" directory contains tarballs
- (<filename>*.tar.bz2</filename>) for supported machines.
- The directory also contains flattened root filesystem
+ <para>The machine-specific folders of the "machines" directory
+ contain tarballs (<filename>*.tar.bz2</filename>) for supported
+ machines.
+ These directories also contain flattened root filesystem
image files (<filename>*.ext4</filename>), which you can use
with QEMU directly.</para>
<para>The pre-built root filesystem image files
follow these naming conventions:
<literallayout class='monospaced'>
+<!--
+ core-image-<replaceable>profile</replaceable>-<replaceable>arch</replaceable>-<replaceable>date_time</replaceable>.rootfs.tar.bz2
+-->
core-image-<replaceable>profile</replaceable>-<replaceable>arch</replaceable>.tar.bz2
Where:
<replaceable>profile</replaceable> is the filesystem image's profile:
- lsb, lsb-dev, lsb-sdk, lsb-qt3, minimal, minimal-dev, sato,
- sato-dev, sato-sdk, minimal-initramfs, or sdk-ptest. For
- information on these types of image profiles, see the
- "Images" chapter in the Yocto Project Reference Manual.
+ lsb, lsb-dev, lsb-sdk, minimal, minimal-dev, minimal-initramfs,
+ sato, sato-dev, sato-sdk, sato-sdk-ptest. For information on
+ these types of image profiles, see the "<ulink url='&YOCTO_DOCS_REF_URL;#ref-images'>Images</ulink>" chapter in
+ the Yocto Project Reference Manual.
<replaceable>arch</replaceable> is a string representing the target architecture:
- beaglebone, edgerouter, genericx86, genericx86-64, mpc8315e-rdb,
- qemuarm, qemuarm64, qemumips, qemumips64, qemuppc, qemux86, or
- qemux86-64.
+ beaglebone-yocto, beaglebone-yocto-lsb, edgerouter, edgerouter-lsb,
+ genericx86, genericx86-64, genericx86-64-lsb, genericx86-lsb,
+ mpc8315e-rdb, mpc8315e-rdb-lsb, and qemu*.
+
+<!-->
+ <replaceable>date_time</replaceable> is a date and time stamp.
+-->
</literallayout>
The root filesystems provided by the Yocto Project are based
@@ -295,26 +319,28 @@
<filename>core-image-minimal</filename> images.
</para>
- <para>For example, if your target hardware system is a
- BeagleBone board and your image is a
- <filename>core-image-minimal</filename> image, you need
- to download the following root filesystem image file:
+ <para>For example, if you plan on using a BeagleBone device
+ as your target hardware and your image is a
+ <filename>core-image-sato-sdk</filename>
+ image, you can download the following file:
<literallayout class='monospaced'>
- core-image-minimal-beaglebone.tar.bz2
+ core-image-sato-sdk-beaglebone-yocto.tar.bz2
</literallayout>
</para></listitem>
<listitem><para>
<emphasis>Initialize the Cross-Development Environment:</emphasis>
- You must <filename>source</filename>
- the cross-development environment setup script to establish
- necessary environment variables.</para>
+ You must <filename>source</filename> the cross-development
+ environment setup script to establish necessary environment
+ variables.</para>
<para>This script is located in the top-level directory in
which you installed the toolchain (e.g.
<filename>poky_sdk</filename>).</para>
- <para>Following is an example for the Core2 64-bit
- architecture:
+ <para>Following is an example based on the toolchain installed
+ in the
+ "<link linkend='sdk-locating-pre-built-sdk-installers'>Locating Pre-Built SDK Installers</link>"
+ section:
<literallayout class='monospaced'>
$ source ~/poky_sdk/environment-setup-core2-64-poky-linux
</literallayout>
@@ -331,10 +357,10 @@
This command extracts the root filesystem into the
<filename>core2-64-sato</filename> directory:
<literallayout class='monospaced'>
- $ runqemu-extract-sdk ~/Downloads/core-image-sato-core2-64.tar.bz2 ~/core2-64-sato
+ $ runqemu-extract-sdk ~/Downloads/core-image-sato-sdk-beaglebone-yocto.tar.bz2 ~/beaglebone-sato
</literallayout>
You could now point to the target sysroot at
- <filename>core2-64-sato</filename>.
+ <filename>beablebone-sato</filename>.
</para></listitem>
</orderedlist>
</para>
@@ -350,7 +376,7 @@
</para>
<para>
- <imagedata fileref="figures/sdk-installed-standard-sdk-directory.png" scale="60" align="center" />
+ <imagedata fileref="figures/sdk-installed-standard-sdk-directory.png" scale="80" align="center" />
</para>
<para>
@@ -391,7 +417,7 @@
</para>
<para>
- <imagedata fileref="figures/sdk-installed-extensible-sdk-directory.png" scale="60" align="center" />
+ <imagedata fileref="figures/sdk-installed-extensible-sdk-directory.png" scale="80" align="center" />
</para>
<para>
@@ -406,8 +432,8 @@
<para>
Of note in the directory structure are an environment setup script
for the SDK, a configuration file for the target, a version file for
- the target, and a log file for the OpenEmbedded build system
- preparation script run by the installer.
+ the target, and log files for the OpenEmbedded build system
+ preparation script run by the installer and BitBake.
</para>
<para>
@@ -415,11 +441,9 @@
portions of the file or directory name.
For example,
<replaceable>install_dir</replaceable> is the directory where the SDK
- is installed, which is <filename>poky_sdk</filename> by default.
+ is installed, which is <filename>poky_sdk</filename> by default, and
<replaceable>target</replaceable> represents the target
- architecture (e.g. <filename>i586</filename>) and
- <replaceable>host</replaceable> represents the development system's
- architecture (e.g. <filename>x86_64</filename>).
+ architecture (e.g. <filename>i586</filename>).
</para>
</section>
diff --git a/poky/documentation/sdk-manual/sdk-eclipse-project.xml b/poky/documentation/sdk-manual/sdk-eclipse-project.xml
index 3eb85e8ab..f8a586f54 100644
--- a/poky/documentation/sdk-manual/sdk-eclipse-project.xml
+++ b/poky/documentation/sdk-manual/sdk-eclipse-project.xml
@@ -12,15 +12,34 @@
application all from within Eclipse.
This chapter describes general workflow using the SDK and Eclipse
and how to configure and set up Eclipse.
+ <note><title>Notes</title>
+ <itemizedlist>
+ <listitem><para>
+ This chapter assumes development of applications on top of
+ an image prepared using the Yocto Project.
+ As such, inclusion of a pre-built image or the building of
+ an image is included in the workflow.
+ </para></listitem>
+ <listitem><para>
+ The chapter also assumes development on a build host that
+ is set up to use the Yocto Project.
+ Realize that you can easily use Eclipse and the Yocto
+ Project plug-in to develop an application for any number
+ of images developed and tested on different machines.
+ </para></listitem>
+ </itemizedlist>
+ </note>
</para>
- <section id='workflow-using-eclipse'>
- <title>Workflow Using <trademark class='trade'>Eclipse</trademark></title>
+ <section id='application-development-workflow-using-eclipse'>
+ <title>Application Development Workflow Using <trademark class='trade'>Eclipse</trademark></title>
<para>
- The following figure and supporting list summarize the
+ The following figure and supporting list summarize a
general workflow for application development that uses the
SDK within the Eclipse IDE.
+ The application developed runs on top of an image created using
+ the Yocto Project.
</para>
<para>
@@ -32,22 +51,29 @@
<orderedlist>
<listitem><para>
<emphasis>Prepare the Host System for the Yocto Project</emphasis>:
+ Because this example workflow assumes development on a
+ system set up to use the Yocto Project, you need to be
+ sure your
+ <ulink url='&YOCTO_DOCS_REF_URL;#hardware-build-system-term'>build host</ulink>
+ can use the Yocto Project.
See the
- "<ulink url='&YOCTO_DOCS_REF_URL;#detailed-supported-distros'>Supported Linux Distributions</ulink>"
- and
- "<ulink url='&YOCTO_DOCS_REF_URL;#required-packages-for-the-host-development-system'>Required Packages for the Host Development System</ulink>"
- sections both in the Yocto Project Reference Manual for
- requirements.
- In particular, be sure your host system has the
- <filename>xterm</filename> package installed.
+ "<ulink url='&YOCTO_DOCS_DEV_URL;#setting-up-the-development-host-to-use-the-yocto-project'>Preparing a Build Host</ulink>"
+ section in the Yocto Project Development Tasks Manual for
+ information on how to set up your build host.
+ <note>
+ Be sure you install the "xterm" package, which is a
+ <ulink url='&YOCTO_DOCS_REF_URL;#required-packages-for-the-host-development-system'>graphical and Eclipse plug-in extra</ulink>
+ needed by Eclipse.
+ </note>
</para></listitem>
<listitem><para>
- <emphasis>Secure the Yocto Project Kernel Target
- Image</emphasis>:
- You must have a target kernel image that has been built
- using the OpenEmbedded build system.</para>
- <para>Depending on whether the Yocto Project has a
- pre-built image that matches your target architecture
+ <emphasis>Secure the Yocto Project Kernel Target Image</emphasis>:
+ This example workflow assumes application development on
+ top of an image built using the Yocto Project.
+ Depending on whether you are using a pre-built image
+ that matches your target architecture or you are using an
+ image you build using the
+ <ulink url='&YOCTO_DOCS_REF_URL;#build-system-term'>OpenEmbedded Build System</ulink>
and where you are going to run the image while you
develop your application (QEMU or real hardware), the
area from which you get the image differs.
@@ -78,6 +104,10 @@
"<ulink url='&YOCTO_DOCS_KERNEL_DEV_URL;#using-devtool-to-patch-the-kernel'>Using <filename>devtool</filename> to Patch the Kernel</ulink>"
section in the Yocto Project Linux Kernel
Development Manual for an example.
+ You can also see the
+ "<ulink url='https://wiki.yoctoproject.org/wiki/TipsAndTricks/RunningEclipseAgainstBuiltImage#Making_a_Suitable_Qemux86_Image'>Making a Suitable Qemux86 Image</ulink>"
+ wiki for steps needed to build an image suitable
+ for QEMU and for debugging within the Eclipse IDE.
</para></listitem>
</itemizedlist>
</para></listitem>
@@ -91,10 +121,10 @@
section.
</para></listitem>
<listitem><para>
- <emphasis>Secure the Target Root Filesystem
- and the Cross-Development Toolchain</emphasis>:
+ <emphasis>Secure the Target Root Filesystem and the Cross-Development Toolchain</emphasis>:
You need to find and download the appropriate root
filesystem and the cross-development toolchain.</para>
+
<para>You can find the tarballs for the root filesystem
in the same area used for the kernel image.
Depending on the type of image you are running, the
@@ -102,6 +132,7 @@
For example, if you are developing an application that
runs on an image that supports Sato, you need to get a
root filesystem that supports Sato.</para>
+
<para>You can find the cross-development toolchains at
<ulink url='&YOCTO_TOOLCHAIN_DL_URL;'><filename>toolchains</filename></ulink>.
Be sure to get the correct toolchain for your
@@ -124,8 +155,7 @@
</para></listitem>
<listitem><para>
<emphasis>Create and Build Your Application</emphasis>:
- At this point, you need to have source files for your
- application.
+ You need to have source files for your application.
Once you have the files, you can use the Eclipse IDE
to import them and build the project.
</para></listitem>
@@ -270,6 +300,17 @@
"Launch" button.
You should see the Eclipse welcome page from which
can click "workbench" to enter your workspace.
+ <note>
+ The executable for Eclipse is located in the
+ <filename>eclipse/cpp-oxygen/eclipse</filename>
+ folder.
+ To launch Eclipse outside of the installation
+ process, simply execute that binary.
+ Here is an example:
+ <literallayout class='monospaced'>
+ $ ~/eclipse/cpp-oxygen/eclipse/eclipse
+ </literallayout>
+ </note>
</para></listitem>
</orderedlist>
</para>
@@ -284,13 +325,13 @@
<itemizedlist>
<listitem><para>
Depending on how you installed Eclipse and what
- you have already done, some of the options will
+ you have already done, some of the options do
not appear.
If you cannot find an option as directed by the
manual, it has already been installed.
</para></listitem>
<listitem><para>
- If you want to see all items regardless of
+ If you want to see all options regardless of
whether they are installed or not, deselect the
"Hide items that are already installed"
check box.
@@ -555,7 +596,7 @@
</section>
<section id='oxygen-configuring-the-eclipse-yocto-plug-in'>
- <title>Configuring the Oxygen Eclipse Yocto Plug-in</title>
+ <title>Configuring the Oxygen Eclipse Yocto Plug-In</title>
<para>
Configuring the Oxygen Eclipse Yocto Plug-in involves
@@ -604,18 +645,13 @@
architecture.
<itemizedlist>
<listitem><para>
- <emphasis>Selecting the Toolchain
- Type:</emphasis>
- Choose between
- <filename>Standalone pre-built toolchain</filename>
- and
- <filename>Build system derived toolchain</filename>
- for Cross Compiler Options.
+ <emphasis>Selecting the Toolchain Type:</emphasis>
+ Choose between "Standalone pre-built toolchain"
+ and "Build system derived toolchain" for
+ Cross Compiler Options.
<itemizedlist>
<listitem><para>
- <emphasis>
- <filename>Standalone Pre-built Toolchain:</filename>
- </emphasis>
+ <emphasis>Standalone Pre-built Toolchain:</emphasis>
Select this type when you are using
a stand-alone cross-toolchain.
For example, suppose you are an
@@ -630,29 +666,24 @@
for an existing image.
</para></listitem>
<listitem><para>
- <emphasis>
- <filename>Build System Derived Toolchain:</filename>
- </emphasis>
+ <emphasis>Build System Derived Toolchain:</emphasis>
Select this type if you built the
toolchain as part of the
<ulink url='&YOCTO_DOCS_REF_URL;#build-directory'>Build Directory</ulink>.
- When you select
- <filename>Build system derived toolchain</filename>,
- you are using the toolchain built
- and bundled inside the Build
+ When you select "Build system derived
+ toolchain", you are using the toolchain
+ built and bundled inside the Build
Directory.
For example, suppose you created a
suitable image using the steps in the
<ulink url='https://wiki.yoctoproject.org/wiki/TipsAndTricks/RunningEclipseAgainstBuiltImage'>wiki</ulink>.
In this situation, you would select
- the
- <filename>Build system derived toolchain</filename>.
+ "Build system derived toolchain".
</para></listitem>
</itemizedlist>
</para></listitem>
<listitem><para>
- <emphasis>Specify the Toolchain Root
- Location:</emphasis>
+ <emphasis>Specify the Toolchain Root Location:</emphasis>
If you are using a stand-alone pre-built
toolchain, you should be pointing to where
it is installed (e.g.
@@ -661,11 +692,10 @@
"<link linkend='sdk-installing-the-sdk'>Installing the SDK</link>"
section for information about how the SDK is
installed.</para>
+
<para>If you are using a build system
derived toolchain, the path you provide for
- the
- <filename>Toolchain Root Location</filename>
- field is the
+ the "Toolchain Root Location" field is the
<ulink url='&YOCTO_DOCS_REF_URL;#build-directory'>Build Directory</ulink>
from which you run the
<filename>bitbake</filename> command (e.g
@@ -676,11 +706,11 @@
section.
</para></listitem>
<listitem><para>
- <emphasis>Specify Sysroot Location:
- </emphasis>
+ <emphasis>Specify Sysroot Location:</emphasis>
This location is where the root filesystem
for the target hardware resides.
</para>
+
<para>This location depends on where you
separately extracted and installed the
target filesystem when you either built
@@ -702,6 +732,7 @@
directory (e.g.
<filename>/home/scottrif/poky/build/MY_QEMU_ROOTFS</filename>).
</para>
+
<para>For more information on how to
install the toolchain and on how to extract
and install the sysroot filesystem, see the
@@ -709,12 +740,10 @@
section.
</para></listitem>
<listitem><para>
- <emphasis>Select the Target Architecture:
- </emphasis>
+ <emphasis>Select the Target Architecture:</emphasis>
The target architecture is the type of
hardware you are going to use or emulate.
- Use the pull-down
- <filename>Target Architecture</filename>
+ Use the pull-down "Target Architecture"
menu to make your selection.
The pull-down menu should have the
supported architectures.
@@ -747,10 +776,10 @@
If you are using the emulator, you also
need to locate the kernel and specify any
custom options.</para>
- <para>If you selected the
- <filename>Build system derived toolchain</filename>,
- the target kernel you built will be located
- in the
+
+ <para>If you selected the Build system derived
+ toolchain, the target kernel you built will be
+ located in the
<ulink url='&YOCTO_DOCS_REF_URL;#build-directory'>Build Directory</ulink>
in
<filename>tmp/deploy/images/<replaceable>machine</replaceable></filename>
@@ -762,11 +791,13 @@
Directory path followed by the image (e.g.
<filename>/home/scottrif/poky/build/tmp/deploy/images/qemux86/bzImage-qemux86.bin</filename>).
</para>
+
<para>If you selected the standalone
pre-built toolchain, the pre-built image
you downloaded is located in the directory
you specified when you downloaded the
image.</para>
+
<para>Most custom options are for advanced
QEMU users to further customize their QEMU
instance.
@@ -785,18 +816,17 @@
The following is an example:
<literallayout class='monospaced'>
serial ‘&lt;-m 256 -full-screen&gt;’
- </literallayout></para>
- <para>
+ </literallayout>
Regardless of the mode, Sysroot is already
defined as part of the Cross-Compiler
- Options configuration in the
- <filename>Sysroot Location:</filename>
- field.
+ Options configuration in the "Sysroot
+ Location:" field.
</para></listitem>
<listitem><para>
<emphasis>External HW:</emphasis>
Select this option if you will be using
- actual hardware.</para></listitem>
+ actual hardware.
+ </para></listitem>
</itemizedlist>
</para>
@@ -849,7 +879,7 @@
<listitem><para>
Put a name in the "Project name:" field.
Do not use hyphens as part of the name
- (e.g. <filename>hello</filename>).
+ (e.g. "hello").
</para></listitem>
<listitem><para>
Click "Next".
@@ -1080,7 +1110,7 @@
</para></listitem>
<listitem><para>
In the left area, expand
- <filename>C/C++Remote Application</filename>.
+ "C/C++Remote Application".
</para></listitem>
<listitem><para>
Locate your project and select it to bring
@@ -1099,7 +1129,7 @@
<listitem><para>
Create a new connection to the QEMU instance
by clicking on "new".</para></listitem>
- <listitem><para>Select <filename>SSH</filename>, which
+ <listitem><para>Select "SSH", which
means Secure Socket Shell and then click "OK".
Optionally, you can select a TCF connection
instead.
@@ -1111,11 +1141,10 @@
<listitem><para>
Put the IP address for the connection in
the "Host" field.
- For QEMU, the default is
- <filename>192.168.7.2</filename>.
+ For QEMU, the default is "192.168.7.2".
However, if a previous QEMU session did not exit
cleanly, the IP address increments (e.g.
- <filename>192.168.7.3</filename>).
+ "192.168.7.3").
<note>
You can find the IP address for the current
QEMU session by looking in the xterm that
@@ -1123,7 +1152,7 @@
</note>
</para></listitem>
<listitem><para>
- Enter <filename>root</filename>, which
+ Enter "root", which
is the default for QEMU, for the "User" field.
Be sure to leave the password field empty.
</para></listitem>
diff --git a/poky/documentation/sdk-manual/sdk-extensible.xml b/poky/documentation/sdk-manual/sdk-extensible.xml
index 5215a9d09..09f06088d 100644
--- a/poky/documentation/sdk-manual/sdk-extensible.xml
+++ b/poky/documentation/sdk-manual/sdk-extensible.xml
@@ -1715,31 +1715,35 @@
</para>
</section>
- <section id='sdk-updating-the-extensible-sdk'>
- <title>Updating the Extensible SDK</title>
+ <section id='sdk-applying-updates-to-an-installed-extensible-sdk'>
+ <title>Applying Updates to an Installed Extensible SDK</title>
<para>
- If you are working with an extensible SDK that gets occasionally
- updated (e.g. typically when that SDK has been provided to you by
- another party), then you will need to manually pull down those
- updates to your installed SDK.
+ If you are working with an installed extensible SDK that gets
+ occasionally updated (e.g. a third-party SDK), then you will need
+ to manually "pull down" the updates into the installed SDK.
</para>
<para>
- To update your installed SDK, run the following:
+ To update your installed SDK, use <filename>devtool</filename> as
+ follows:
<literallayout class='monospaced'>
$ devtool sdk-update
</literallayout>
The previous command assumes your SDK provider has set the default
- update URL for you.
- If that URL has not been set, you need to specify it yourself as
- follows:
+ update URL for you through the
+ <ulink url='&YOCTO_DOCS_REF_URL;#var-SDK_UPDATE_URL'><filename>SDK_UPDATE_URL</filename></ulink>
+ variable as described in the
+ "<link linkend='sdk-providing-updates-to-the-extensible-sdk-after-installation'>Providing Updates to the Extensible SDK After Installation</link>"
+ section.
+ If the SDK provider has not set that default URL, you need to
+ specify it yourself in the command as follows:
<literallayout class='monospaced'>
$ devtool sdk-update <replaceable>path_to_update_directory</replaceable>
</literallayout>
<note>
- The URL needs to point specifically to a published SDK and not an
- SDK installer that you would download and install.
+ The URL needs to point specifically to a published SDK and
+ not to an SDK installer that you would download and install.
</note>
</para>
</section>
diff --git a/poky/documentation/sdk-manual/sdk-manual.xml b/poky/documentation/sdk-manual/sdk-manual.xml
index e858b9b1c..60db9dc8e 100644
--- a/poky/documentation/sdk-manual/sdk-manual.xml
+++ b/poky/documentation/sdk-manual/sdk-manual.xml
@@ -56,6 +56,11 @@
<date>May 2018</date>
<revremark>Released with the Yocto Project 2.5 Release.</revremark>
</revision>
+ <revision>
+ <revnumber>2.5.1</revnumber>
+ <date>September 2018</date>
+ <revremark>The initial document released with the Yocto Project 2.5.1 Release.</revremark>
+ </revision>
</revhistory>
<copyright>
diff --git a/poky/documentation/toaster-manual/toaster-manual.xml b/poky/documentation/toaster-manual/toaster-manual.xml
index 188874488..4a9a65720 100644
--- a/poky/documentation/toaster-manual/toaster-manual.xml
+++ b/poky/documentation/toaster-manual/toaster-manual.xml
@@ -66,6 +66,11 @@
<date>May 2018</date>
<revremark>Released with the Yocto Project 2.5 Release.</revremark>
</revision>
+ <revision>
+ <revnumber>2.5.1</revnumber>
+ <date>September 2018</date>
+ <revremark>The initial document released with the Yocto Project 2.5.1 Release.</revremark>
+ </revision>
</revhistory>
<copyright>
diff --git a/poky/documentation/tools/mega-manual.sed b/poky/documentation/tools/mega-manual.sed
index 64fa4d219..d0c667f3f 100644
--- a/poky/documentation/tools/mega-manual.sed
+++ b/poky/documentation/tools/mega-manual.sed
@@ -2,39 +2,39 @@
# This style is for manual folders like "yocto-project-qs" and "poky-ref-manual".
# This is the old way that did it. Can't do that now that we have "bitbake-user-manual" strings
# in the mega-manual.
-# s@"ulink" href="http://www.yoctoproject.org/docs/2.5/[a-z]*-[a-z]*-[a-z]*/[a-z]*-[a-z]*-[a-z]*.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.5/yocto-project-qs/yocto-project-qs.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.5/poky-ref-manual/poky-ref-manual.html#@"link" href="#@g
+# s@"ulink" href="http://www.yoctoproject.org/docs/2.5.1/[a-z]*-[a-z]*-[a-z]*/[a-z]*-[a-z]*-[a-z]*.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/2.5.1/yocto-project-qs/yocto-project-qs.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/2.5.1/poky-ref-manual/poky-ref-manual.html#@"link" href="#@g
# Processes all other manuals (<word>-<word> style) except for the BitBake User Manual because
# it is not included in the mega-manual.
# This style is for manual folders that use two word, which is the standard now (e.g. "ref-manual").
# This was the one-liner that worked before we introduced the BitBake User Manual, which is
# not in the mega-manual.
-# s@"ulink" href="http://www.yoctoproject.org/docs/2.5/[a-z]*-[a-z]*/[a-z]*-[a-z]*.html#@"link" href="#@g
+# s@"ulink" href="http://www.yoctoproject.org/docs/2.5.1/[a-z]*-[a-z]*/[a-z]*-[a-z]*.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.5/sdk-manual/sdk-manual.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.5/bsp-guide/bsp-guide.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.5/dev-manual/dev-manual.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.5/overview-manual/overview-manual.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.5/brief-yoctoprojectqs/brief-yoctoprojectqs.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.5/kernel-dev/kernel-dev.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.5/profile-manual/profile-manual.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.5/ref-manual/ref-manual.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.5/toaster-manual/toaster-manual.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/2.5.1/sdk-manual/sdk-manual.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/2.5.1/bsp-guide/bsp-guide.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/2.5.1/dev-manual/dev-manual.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/2.5.1/overview-manual/overview-manual.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/2.5.1/brief-yoctoprojectqs/brief-yoctoprojectqs.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/2.5.1/kernel-dev/kernel-dev.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/2.5.1/profile-manual/profile-manual.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/2.5.1/ref-manual/ref-manual.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/2.5.1/toaster-manual/toaster-manual.html#@"link" href="#@g
# Process cases where just an external manual is referenced without an id anchor
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.5/brief-yoctoprojectqs/brief-yoctoprojectqs.html" target="_top">Yocto Project Quick Build</a>@Yocto Project Quick Build@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.5/yocto-project-qs/yocto-project-qs.html" target="_top">Yocto Project Quick Start</a>@Yocto Project Quick Start@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.5/dev-manual/dev-manual.html" target="_top">Yocto Project Development Tasks Manual</a>@Yocto Project Development Tasks Manual@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.5/overview-manual/overview-manual.html" target="_top">Yocto Project Overview and Concepts Manual</a>@Yocto project Overview and Concepts Manual@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.5/sdk-manual/sdk-manual.html" target="_top">Yocto Project Application Development and the Extensible Software Development Kit (eSDK)</a>@Yocto Project Application Development and the Extensible Software Development Kit (eSDK)@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.5/bsp-guide/bsp-guide.html" target="_top">Yocto Project Board Support Package (BSP) Developer's Guide</a>@Yocto Project Board Support Package (BSP) Developer's Guide@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.5/profile-manual/profile-manual.html" target="_top">Yocto Project Profiling and Tracing Manual</a>@Yocto Project Profiling and Tracing Manual@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.5/kernel-dev/kernel-dev.html" target="_top">Yocto Project Linux Kernel Development Manual</a>@Yocto Project Linux Kernel Development Manual@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.5/ref-manual/ref-manual.html" target="_top">Yocto Project Reference Manual</a>@Yocto Project Reference Manual@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.5/toaster-manual/toaster-manual.html" target="_top">Toaster User Manual</a>@Toaster User Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.5.1/brief-yoctoprojectqs/brief-yoctoprojectqs.html" target="_top">Yocto Project Quick Build</a>@Yocto Project Quick Build@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.5.1/yocto-project-qs/yocto-project-qs.html" target="_top">Yocto Project Quick Start</a>@Yocto Project Quick Start@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.5.1/dev-manual/dev-manual.html" target="_top">Yocto Project Development Tasks Manual</a>@Yocto Project Development Tasks Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.5.1/overview-manual/overview-manual.html" target="_top">Yocto Project Overview and Concepts Manual</a>@Yocto project Overview and Concepts Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.5.1/sdk-manual/sdk-manual.html" target="_top">Yocto Project Application Development and the Extensible Software Development Kit (eSDK)</a>@Yocto Project Application Development and the Extensible Software Development Kit (eSDK)@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.5.1/bsp-guide/bsp-guide.html" target="_top">Yocto Project Board Support Package (BSP) Developer's Guide</a>@Yocto Project Board Support Package (BSP) Developer's Guide@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.5.1/profile-manual/profile-manual.html" target="_top">Yocto Project Profiling and Tracing Manual</a>@Yocto Project Profiling and Tracing Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.5.1/kernel-dev/kernel-dev.html" target="_top">Yocto Project Linux Kernel Development Manual</a>@Yocto Project Linux Kernel Development Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.5.1/ref-manual/ref-manual.html" target="_top">Yocto Project Reference Manual</a>@Yocto Project Reference Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.5.1/toaster-manual/toaster-manual.html" target="_top">Toaster User Manual</a>@Toaster User Manual@g
# Process a single, rouge occurrence of a linked reference to the Mega-Manual.
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.5/mega-manual/mega-manual.html" target="_top">Yocto Project Mega-Manual</a>@Yocto Project Mega-Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.5.1/mega-manual/mega-manual.html" target="_top">Yocto Project Mega-Manual</a>@Yocto Project Mega-Manual@g
diff --git a/poky/meta-poky/conf/distro/poky.conf b/poky/meta-poky/conf/distro/poky.conf
index 7b1f24e0d..e5730f39d 100644
--- a/poky/meta-poky/conf/distro/poky.conf
+++ b/poky/meta-poky/conf/distro/poky.conf
@@ -1,6 +1,6 @@
DISTRO = "poky"
DISTRO_NAME = "Poky (Yocto Project Reference Distro)"
-DISTRO_VERSION = "2.5"
+DISTRO_VERSION = "2.5.1"
DISTRO_CODENAME = "sumo"
SDK_VENDOR = "-pokysdk"
SDK_VERSION := "${@'${DISTRO_VERSION}'.replace('snapshot-${DATE}','snapshot')}"
diff --git a/poky/meta-selftest/lib/oeqa/runtime/cases/dnf_runtime.py b/poky/meta-selftest/lib/oeqa/runtime/cases/dnf_runtime.py
index 81c50ed97..1aa727470 100644
--- a/poky/meta-selftest/lib/oeqa/runtime/cases/dnf_runtime.py
+++ b/poky/meta-selftest/lib/oeqa/runtime/cases/dnf_runtime.py
@@ -1,6 +1,7 @@
from oeqa.core.decorator.depends import OETestDepends
from oeqa.runtime.cases.dnf import DnfTest
from oeqa.utils.httpserver import HTTPService
+from oeqa.core.decorator.data import skipIfDataVar
class DnfSelftest(DnfTest):
@@ -18,6 +19,8 @@ class DnfSelftest(DnfTest):
cls.temp_dir.cleanup()
@OETestDepends(['dnf.DnfBasicTest.test_dnf_help'])
+ @skipIfDataVar('PACKAGE_FEED_URIS', None,
+ 'Not suitable as PACKAGE_FEED_URIS is not set')
def test_verify_package_feeds(self):
"""
Summary: Check correct setting of PACKAGE_FEED_URIS var
diff --git a/poky/meta-yocto-bsp/lib/oeqa/selftest/cases/systemd_boot.py b/poky/meta-yocto-bsp/lib/oeqa/selftest/cases/systemd_boot.py
index dd5eeec16..26c775c09 100644
--- a/poky/meta-yocto-bsp/lib/oeqa/selftest/cases/systemd_boot.py
+++ b/poky/meta-yocto-bsp/lib/oeqa/selftest/cases/systemd_boot.py
@@ -44,7 +44,7 @@ class Systemdboot(OESelftestTestCase):
# Ensure we're actually testing that this gets built and not that
# it was around from an earlier build
- bitbake('-c cleansstate systemd-boot')
+ bitbake('-c clean systemd-boot')
runCmd('rm -f %s' % systemdbootfile)
self._common_build()
diff --git a/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_4.12.bbappend b/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_4.12.bbappend
index e28360b69..642809a38 100644
--- a/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_4.12.bbappend
+++ b/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_4.12.bbappend
@@ -8,11 +8,11 @@ KBRANCH_beaglebone-yocto = "standard/beaglebone"
KMACHINE_beaglebone-yocto = "beaglebone"
KBRANCH_mpc8315e-rdb = "standard/fsl-mpc8315e-rdb"
-SRCREV_machine_genericx86 ?= "97e710ef0545c19d3c10bd81a61bdca9fe543b81"
-SRCREV_machine_genericx86-64 ?= "97e710ef0545c19d3c10bd81a61bdca9fe543b81"
-SRCREV_machine_edgerouter ?= "97e710ef0545c19d3c10bd81a61bdca9fe543b81"
-SRCREV_machine_beaglebone-yocto ?= "97e710ef0545c19d3c10bd81a61bdca9fe543b81"
-SRCREV_machine_mpc8315e-rdb ?= "55fcfbee2560f57a490c5724ac5b5cb49bacb01c"
+SRCREV_machine_genericx86 ?= "7e7ac3f0fda9707e94b3311a4510ae080cd86238"
+SRCREV_machine_genericx86-64 ?= "7e7ac3f0fda9707e94b3311a4510ae080cd86238"
+SRCREV_machine_edgerouter ?= "89e003746eee54e86bc78e1170e7029d6597b583"
+SRCREV_machine_beaglebone-yocto ?= "89e003746eee54e86bc78e1170e7029d6597b583"
+SRCREV_machine_mpc8315e-rdb ?= "7080a5fe6af338576207fff999ea2ca35e689997"
COMPATIBLE_MACHINE_genericx86 = "genericx86"
@@ -21,8 +21,8 @@ COMPATIBLE_MACHINE_edgerouter = "edgerouter"
COMPATIBLE_MACHINE_beaglebone-yocto = "beaglebone-yocto"
COMPATIBLE_MACHINE_mpc8315e-rdb = "mpc8315e-rdb"
-LINUX_VERSION_genericx86 = "4.12.21"
-LINUX_VERSION_genericx86-64 = "4.12.21"
-LINUX_VERSION_edgerouter = "4.12.21"
-LINUX_VERSION_beaglebone-yocto = "4.12.21"
-LINUX_VERSION_mpc8315e-rdb = "4.12.21"
+LINUX_VERSION_genericx86 = "4.12.24"
+LINUX_VERSION_genericx86-64 = "4.12.24"
+LINUX_VERSION_edgerouter = "4.12.24"
+LINUX_VERSION_beaglebone-yocto = "4.12.24"
+LINUX_VERSION_mpc8315e-rdb = "4.12.24"
diff --git a/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_4.14.bbappend b/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_4.14.bbappend
index 5130707dd..a8313e7ee 100644
--- a/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_4.14.bbappend
+++ b/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_4.14.bbappend
@@ -8,11 +8,11 @@ KMACHINE_genericx86 ?= "common-pc"
KMACHINE_genericx86-64 ?= "common-pc-64"
KMACHINE_beaglebone-yocto ?= "beaglebone"
-SRCREV_machine_genericx86 ?= "1d50ce210b0536eb9a66d1e56ae215f92176444a"
-SRCREV_machine_genericx86-64 ?= "1d50ce210b0536eb9a66d1e56ae215f92176444a"
-SRCREV_machine_edgerouter ?= "f2dc94f77d19ab65a832bad6f42662c509d2ef9e"
-SRCREV_machine_beaglebone-yocto ?= "6c1a02d4a9c227eca356911715a52cf92457ec16"
-SRCREV_machine_mpc8315e-rdb ?= "7e9a0b017be7b685e094638f4bdaa33a7df8f7c0"
+SRCREV_machine_genericx86 ?= "2bf00ed1aee9c26b48c26b10c731c2f8970d50c2"
+SRCREV_machine_genericx86-64 ?= "2bf00ed1aee9c26b48c26b10c731c2f8970d50c2"
+SRCREV_machine_edgerouter ?= "65d1c849534179bbfa494f77947f8be615e9871a"
+SRCREV_machine_beaglebone-yocto ?= "d62ddfa26a59c83f6128790b7aa2baadc04d2960"
+SRCREV_machine_mpc8315e-rdb ?= "80a106ecf737b69864e07b955eccb62f809cf120"
COMPATIBLE_MACHINE_genericx86 = "genericx86"
COMPATIBLE_MACHINE_genericx86-64 = "genericx86-64"
@@ -20,8 +20,8 @@ COMPATIBLE_MACHINE_edgerouter = "edgerouter"
COMPATIBLE_MACHINE_beaglebone-yocto = "beaglebone-yocto"
COMPATIBLE_MACHINE_mpc8315e-rdb = "mpc8315e-rdb"
-LINUX_VERSION_genericx86 = "4.14.30"
-LINUX_VERSION_genericx86-64 = "4.14.30"
-LINUX_VERSION_edgerouter = "4.14.30"
-LINUX_VERSION_beaglebone-yocto = "4.14.30"
-LINUX_VERSION_mpc8315e-rdb = "4.14.30"
+LINUX_VERSION_genericx86 = "4.14.48"
+LINUX_VERSION_genericx86-64 = "4.14.48"
+LINUX_VERSION_edgerouter = "4.14.48"
+LINUX_VERSION_beaglebone-yocto = "4.14.48"
+LINUX_VERSION_mpc8315e-rdb = "4.14.48"
diff --git a/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_4.15.bbappend b/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_4.15.bbappend
index c0c6ad92d..461daa050 100644
--- a/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_4.15.bbappend
+++ b/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_4.15.bbappend
@@ -8,11 +8,11 @@ KMACHINE_genericx86 ?= "common-pc"
KMACHINE_genericx86-64 ?= "common-pc-64"
KMACHINE_beaglebone-yocto ?= "beaglebone"
-SRCREV_machine_genericx86 ?= "f73fd8783a3e7529902366ba75aafb81c19ec3c9"
-SRCREV_machine_genericx86-64 ?= "f73fd8783a3e7529902366ba75aafb81c19ec3c9"
-SRCREV_machine_edgerouter ?= "f73fd8783a3e7529902366ba75aafb81c19ec3c9"
-SRCREV_machine_beaglebone-yocto ?= "f73fd8783a3e7529902366ba75aafb81c19ec3c9"
-SRCREV_machine_mpc8315e-rdb ?= "cc2711c4f3b83b5cd78358e7c949fdbb6076e25b"
+SRCREV_machine_genericx86 ?= "51273ff79f4ad930f4a788257f58e1266cb236e3"
+SRCREV_machine_genericx86-64 ?= "51273ff79f4ad930f4a788257f58e1266cb236e3"
+SRCREV_machine_edgerouter ?= "e25dbfe95302eeaa1a03a828d05c09479574488a"
+SRCREV_machine_beaglebone-yocto ?= "e25dbfe95302eeaa1a03a828d05c09479574488a"
+SRCREV_machine_mpc8315e-rdb ?= "0b32edc46dfe7c40bf5451e9b7533c823bb2c6c4"
COMPATIBLE_MACHINE_genericx86 = "genericx86"
COMPATIBLE_MACHINE_genericx86-64 = "genericx86-64"
@@ -20,8 +20,8 @@ COMPATIBLE_MACHINE_edgerouter = "edgerouter"
COMPATIBLE_MACHINE_beaglebone-yocto = "beaglebone-yocto"
COMPATIBLE_MACHINE_mpc8315e-rdb = "mpc8315e-rdb"
-LINUX_VERSION_genericx86 = "4.15.13"
-LINUX_VERSION_genericx86-64 = "4.15.13"
-LINUX_VERSION_edgerouter = "4.15.13"
-LINUX_VERSION_beaglebone-yocto = "4.15.13"
-LINUX_VERSION_mpc8315e-rdb = "4.15.13"
+LINUX_VERSION_genericx86 = "4.15.18"
+LINUX_VERSION_genericx86-64 = "4.15.18"
+LINUX_VERSION_edgerouter = "4.15.18"
+LINUX_VERSION_beaglebone-yocto = "4.15.18"
+LINUX_VERSION_mpc8315e-rdb = "4.15.18"
diff --git a/poky/meta/classes/gio-module-cache.bbclass b/poky/meta/classes/gio-module-cache.bbclass
index e429bd319..0520c2257 100644
--- a/poky/meta/classes/gio-module-cache.bbclass
+++ b/poky/meta/classes/gio-module-cache.bbclass
@@ -2,6 +2,7 @@ PACKAGE_WRITE_DEPS += "qemu-native"
inherit qemu
GIO_MODULE_PACKAGES ??= "${PN}"
+GIO_MODULE_PACKAGES_class-nativesdk = ""
gio_module_cache_common() {
if [ "x$D" != "x" ]; then
diff --git a/poky/meta/classes/insane.bbclass b/poky/meta/classes/insane.bbclass
index fa1546084..eb2d96711 100644
--- a/poky/meta/classes/insane.bbclass
+++ b/poky/meta/classes/insane.bbclass
@@ -534,9 +534,9 @@ def package_qa_check_buildpaths(path, name, d, elf, messages):
if path.find(name + "/CONTROL/") != -1 or path.find(name + "/DEBIAN/") != -1:
return
- tmpdir = d.getVar('TMPDIR')
+ tmpdir = bytes(d.getVar('TMPDIR'), encoding="utf-8")
with open(path, 'rb') as f:
- file_content = f.read().decode('utf-8', errors='ignore')
+ file_content = f.read()
if tmpdir in file_content:
package_qa_add_message(messages, "buildpaths", "File %s in package contained reference to tmpdir" % package_qa_clean_path(path,d))
diff --git a/poky/meta/classes/mirrors.bbclass b/poky/meta/classes/mirrors.bbclass
index b331afc5d..ed53dfbca 100644
--- a/poky/meta/classes/mirrors.bbclass
+++ b/poky/meta/classes/mirrors.bbclass
@@ -1,4 +1,5 @@
MIRRORS += "\
+${DEBIAN_MIRROR} http://snapshot.debian.org/archive/debian/20180310T215105Z/pool \n \
${DEBIAN_MIRROR} http://snapshot.debian.org/archive/debian-archive/20120328T092752Z/debian/pool \n \
${DEBIAN_MIRROR} http://snapshot.debian.org/archive/debian-archive/20110127T084257Z/debian/pool \n \
${DEBIAN_MIRROR} http://snapshot.debian.org/archive/debian-archive/20090802T004153Z/debian/pool \n \
diff --git a/poky/meta/classes/rootfs-postcommands.bbclass b/poky/meta/classes/rootfs-postcommands.bbclass
index 552220953..221869e04 100644
--- a/poky/meta/classes/rootfs-postcommands.bbclass
+++ b/poky/meta/classes/rootfs-postcommands.bbclass
@@ -112,14 +112,11 @@ read_only_rootfs_hook () {
# Also tweak the key location for dropbear in the same way.
if [ -d ${IMAGE_ROOTFS}/etc/dropbear ]; then
- if [ -e ${IMAGE_ROOTFS}/etc/dropbear/dropbear_rsa_host_key ]; then
- echo "DROPBEAR_RSAKEY_DIR=/etc/dropbear" >> ${IMAGE_ROOTFS}/etc/default/dropbear
- else
+ if [ ! -e ${IMAGE_ROOTFS}/etc/dropbear/dropbear_rsa_host_key ]; then
echo "DROPBEAR_RSAKEY_DIR=/var/lib/dropbear" >> ${IMAGE_ROOTFS}/etc/default/dropbear
fi
fi
-
if ${@bb.utils.contains("DISTRO_FEATURES", "sysvinit", "true", "false", d)}; then
# Change the value of ROOTFS_READ_ONLY in /etc/default/rcS to yes
if [ -e ${IMAGE_ROOTFS}/etc/default/rcS ]; then
diff --git a/poky/meta/classes/sanity.bbclass b/poky/meta/classes/sanity.bbclass
index e0e57ceec..4e8eae894 100644
--- a/poky/meta/classes/sanity.bbclass
+++ b/poky/meta/classes/sanity.bbclass
@@ -336,11 +336,11 @@ def check_path_length(filepath, pathname, limit):
return ""
def get_filesystem_id(path):
- status, result = oe.utils.getstatusoutput("stat -f -c '%s' '%s'" % ("%t", path))
- if status == 0:
- return result
- else:
- bb.warn("Can't get the filesystem id of: %s" % path)
+ import subprocess
+ try:
+ return subprocess.check_output(["stat", "-f", "-c", "%t", path]).decode('utf-8')
+ except subprocess.CalledProcessError:
+ bb.warn("Can't get filesystem id of: %s" % path)
return None
# Check that the path isn't located on nfs.
@@ -463,7 +463,7 @@ def check_patch_version(sanity_data):
import re, subprocess
try:
- result = subprocess.check_output(["patch", "--version"], stderr=subprocess.STDOUT, universal_newlines=True)
+ result = subprocess.check_output(["patch", "--version"], stderr=subprocess.STDOUT).decode('utf-8')
version = re.search(r"[0-9.]+", result.splitlines()[0]).group()
if LooseVersion(version) < LooseVersion("2.7"):
return "Your version of patch is older than 2.7 and has bugs which will break builds. Please install a newer version of patch.\n"
@@ -476,9 +476,12 @@ def check_patch_version(sanity_data):
# Use a modified reproducer from http://savannah.gnu.org/bugs/?30612 to validate.
def check_make_version(sanity_data):
from distutils.version import LooseVersion
- status, result = oe.utils.getstatusoutput("make --version")
- if status != 0:
- return "Unable to execute make --version, exit code %d\n" % status
+ import subprocess
+
+ try:
+ result = subprocess.check_output(['make', '--version'], stderr=subprocess.STDOUT).decode('utf-8')
+ except subprocess.CalledProcessError as e:
+ return "Unable to execute make --version, exit code %d\n%s\n" % (e.returncode, e.output)
version = result.split()[2]
if LooseVersion(version) == LooseVersion("3.82"):
# Construct a test file
@@ -493,18 +496,18 @@ def check_make_version(sanity_data):
f.close()
# Check if make 3.82 has been patched
- status,result = oe.utils.getstatusoutput("make -f makefile_test")
-
- os.remove("makefile_test")
- if os.path.exists("makefile_test_a.c"):
- os.remove("makefile_test_a.c")
- if os.path.exists("makefile_test_b.c"):
- os.remove("makefile_test_b.c")
- if os.path.exists("makefile_test.a"):
- os.remove("makefile_test.a")
-
- if status != 0:
+ try:
+ subprocess.check_call(['make', '-f', 'makefile_test'])
+ except subprocess.CalledProcessError as e:
return "Your version of make 3.82 is broken. Please revert to 3.81 or install a patched version.\n"
+ finally:
+ os.remove("makefile_test")
+ if os.path.exists("makefile_test_a.c"):
+ os.remove("makefile_test_a.c")
+ if os.path.exists("makefile_test_b.c"):
+ os.remove("makefile_test_b.c")
+ if os.path.exists("makefile_test.a"):
+ os.remove("makefile_test.a")
return None
@@ -512,9 +515,11 @@ def check_make_version(sanity_data):
# but earlier versions do not; this needs to work properly for sstate
def check_tar_version(sanity_data):
from distutils.version import LooseVersion
- status, result = oe.utils.getstatusoutput("tar --version")
- if status != 0:
- return "Unable to execute tar --version, exit code %d\n" % status
+ import subprocess
+ try:
+ result = subprocess.check_output(["tar", "--version"], stderr=subprocess.STDOUT).decode('utf-8')
+ except subprocess.CalledProcessError as e:
+ return "Unable to execute tar --version, exit code %d\n%s\n" % (e.returncode, e.output)
version = result.split()[3]
if LooseVersion(version) < LooseVersion("1.24"):
return "Your version of tar is older than 1.24 and has bugs which will break builds. Please install a newer version of tar.\n"
@@ -525,9 +530,11 @@ def check_tar_version(sanity_data):
# The git fetcher also had workarounds for git < 1.7.9.2 which we've dropped
def check_git_version(sanity_data):
from distutils.version import LooseVersion
- status, result = oe.utils.getstatusoutput("git --version 2> /dev/null")
- if status != 0:
- return "Unable to execute git --version, exit code %d\n" % status
+ import subprocess
+ try:
+ result = subprocess.check_output(["git", "--version"], stderr=subprocess.DEVNULL).decode('utf-8')
+ except subprocess.CalledProcessError as e:
+ return "Unable to execute git --version, exit code %d\n%s\n" % (e.returncode, e.output)
version = result.split()[2]
if LooseVersion(version) < LooseVersion("1.8.3.1"):
return "Your version of git is older than 1.8.3.1 and has bugs which will break builds. Please install a newer version of git.\n"
@@ -535,13 +542,15 @@ def check_git_version(sanity_data):
# Check the required perl modules which may not be installed by default
def check_perl_modules(sanity_data):
+ import subprocess
ret = ""
modules = ( "Text::ParseWords", "Thread::Queue", "Data::Dumper" )
errresult = ''
for m in modules:
- status, result = oe.utils.getstatusoutput("perl -e 'use %s'" % m)
- if status != 0:
- errresult += result
+ try:
+ subprocess.check_output(["perl", "-e", "use %s" % m])
+ except subprocess.CalledProcessError as e:
+ errresult += e.output
ret += "%s " % m
if ret:
return "Required perl module(s) not found: %s\n\n%s\n" % (ret, errresult)
diff --git a/poky/meta/classes/staging.bbclass b/poky/meta/classes/staging.bbclass
index 3fcbc9f15..939042eb4 100644
--- a/poky/meta/classes/staging.bbclass
+++ b/poky/meta/classes/staging.bbclass
@@ -383,8 +383,6 @@ python extend_recipe_sysroot() {
lock = bb.utils.lockfile(recipesysroot + "/sysroot.lock")
fixme = {}
- fixme[''] = []
- fixme['native'] = []
seendirs = set()
postinsts = []
multilibs = {}
@@ -471,7 +469,14 @@ python extend_recipe_sysroot() {
os.symlink(c + "." + taskhash, depdir + "/" + c)
manifest, d2 = oe.sstatesig.find_sstate_manifest(c, setscenedeps[dep][2], "populate_sysroot", d, multilibs)
+ if d2 is not d:
+ # If we don't do this, the recipe sysroot will be placed in the wrong WORKDIR for multilibs
+ # We need a consistent WORKDIR for the image
+ d2.setVar("WORKDIR", d.getVar("WORKDIR"))
destsysroot = d2.getVar("RECIPE_SYSROOT")
+ # We put allarch recipes into the default sysroot
+ if manifest and "allarch" in manifest:
+ destsysroot = d.getVar("RECIPE_SYSROOT")
native = False
if c.endswith("-native") or "-cross-" in c or "-crosssdk" in c:
@@ -479,12 +484,13 @@ python extend_recipe_sysroot() {
if manifest:
newmanifest = collections.OrderedDict()
+ targetdir = destsysroot
if native:
- fm = fixme['native']
targetdir = recipesysrootnative
- else:
- fm = fixme['']
- targetdir = destsysroot
+ if targetdir not in fixme:
+ fixme[targetdir] = []
+ fm = fixme[targetdir]
+
with open(manifest, "r") as f:
manifests[dep] = manifest
for l in f:
@@ -542,12 +548,7 @@ python extend_recipe_sysroot() {
bb.note("Skipping as already exists in sysroot: %s" % str(msg_exists))
for f in fixme:
- if f == '':
- staging_processfixme(fixme[f], recipesysroot, recipesysroot, recipesysrootnative, d)
- elif f == 'native':
- staging_processfixme(fixme[f], recipesysrootnative, recipesysroot, recipesysrootnative, d)
- else:
- staging_processfixme(fixme[f], multilibs[f].getVar("RECIPE_SYSROOT"), recipesysroot, recipesysrootnative, d)
+ staging_processfixme(fixme[f], f, recipesysroot, recipesysrootnative, d)
for p in postinsts:
subprocess.check_output(p, shell=True, stderr=subprocess.STDOUT)
diff --git a/poky/meta/classes/testimage.bbclass b/poky/meta/classes/testimage.bbclass
index 77291c22c..9feb26770 100644
--- a/poky/meta/classes/testimage.bbclass
+++ b/poky/meta/classes/testimage.bbclass
@@ -117,13 +117,6 @@ testimage_dump_host () {
}
python do_testimage() {
-
- testimage_sanity(d)
-
- if (d.getVar('IMAGE_PKGTYPE') == 'rpm'
- and 'dnf' in d.getVar('TEST_SUITES')):
- create_rpm_index(d)
-
testimage_main(d)
}
@@ -159,6 +152,12 @@ def testimage_main(d):
"""
raise RuntimeError
+ testimage_sanity(d)
+
+ if (d.getVar('IMAGE_PKGTYPE') == 'rpm'
+ and ('dnf' in d.getVar('TEST_SUITES') or 'auto' in d.getVar('TEST_SUITES'))):
+ create_rpm_index(d)
+
logger = make_logger_bitbake_compatible(logging.getLogger("BitBake"))
pn = d.getVar("PN")
@@ -260,10 +259,16 @@ def testimage_main(d):
# Load tests before starting the target
test_paths = get_runtime_paths(d)
test_modules = d.getVar('TEST_SUITES').split()
+ if not test_modules:
+ bb.fatal('Empty test suite, please verify TEST_SUITES variable')
+
tc.loadTests(test_paths, modules=test_modules)
- if not getSuiteCases(tc.suites):
+ suitecases = getSuiteCases(tc.suites)
+ if not suitecases:
bb.fatal('Empty test suite, please verify TEST_SUITES variable')
+ else:
+ bb.debug(2, 'test suites:\n\t%s' % '\n\t'.join([str(c) for c in suitecases]))
package_extraction(d, tc.suites)
diff --git a/poky/meta/classes/utils.bbclass b/poky/meta/classes/utils.bbclass
index 4f016e3d0..3f4f51b56 100644
--- a/poky/meta/classes/utils.bbclass
+++ b/poky/meta/classes/utils.bbclass
@@ -338,6 +338,8 @@ def all_multilib_tune_values(d, var, unique = True, need_split = True, delim = '
variants = d.getVar("MULTILIB_VARIANTS") or ""
for item in variants.split():
localdata = get_multilib_datastore(item, d)
+ # We need WORKDIR to be consistent with the original datastore
+ localdata.setVar("WORKDIR", d.getVar("WORKDIR"))
value = localdata.getVar(var) or ""
if value != "":
if need_split:
diff --git a/poky/meta/conf/bitbake.conf b/poky/meta/conf/bitbake.conf
index a21b7282f..ecc43a46f 100644
--- a/poky/meta/conf/bitbake.conf
+++ b/poky/meta/conf/bitbake.conf
@@ -487,7 +487,7 @@ HOSTTOOLS += " \
"
# Tools needed to run testimage runtime image testing
-HOSTTOOLS += "${@['', 'ip ping ps scp ssh stty'][bb.data.inherits_class('testimage', d)]}"
+HOSTTOOLS += "${@'ip ping ps scp ssh stty' if (bb.data.inherits_class('testimage', d) or d.getVar('TEST_IMAGE') == '1') else ''}"
# Link to these if present
HOSTTOOLS_NONFATAL += "aws ccache gcc-ar gpg ld.bfd ld.gold nc sftp socat ssh sudo"
@@ -587,9 +587,6 @@ TARGET_LINK_HASH_STYLE ?= "${@['-Wl,--hash-style=gnu',''][d.getVar('LINKER_HASH_
export LDFLAGS = "${TARGET_LDFLAGS}"
export TARGET_LDFLAGS = "-Wl,-O1 ${TARGET_LINK_HASH_STYLE}"
-#export TARGET_LDFLAGS = "-L${STAGING_DIR_TARGET}${libdir} \
-# -Wl,-rpath-link,${STAGING_DIR_TARGET}${libdir} \
-# -Wl,-O1"
# Pass parallel make options to the compile task
EXTRA_OEMAKE_prepend_task-compile = "${PARALLEL_MAKE} "
@@ -664,7 +661,7 @@ SRC_URI[vardepsexclude] += "\
FETCHCMD_svn = "/usr/bin/env svn --non-interactive --trust-server-cert"
FETCHCMD_cvs = "/usr/bin/env cvs"
-FETCHCMD_wget = "/usr/bin/env wget -t 2 -T 30 -nv --passive-ftp --no-check-certificate"
+FETCHCMD_wget = "/usr/bin/env wget -t 2 -T 30 --passive-ftp --no-check-certificate"
FETCHCMD_bzr = "/usr/bin/env bzr"
FETCHCMD_hg = "/usr/bin/env hg"
diff --git a/poky/meta/conf/distro/include/yocto-uninative.inc b/poky/meta/conf/distro/include/yocto-uninative.inc
index a8e82cb5d..38080c63b 100644
--- a/poky/meta/conf/distro/include/yocto-uninative.inc
+++ b/poky/meta/conf/distro/include/yocto-uninative.inc
@@ -8,6 +8,7 @@
UNINATIVE_MAXGLIBCVERSION = "2.27"
-UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/1.9/"
-UNINATIVE_CHECKSUM[i686] ?= "83a4f927da81d9889ef0cbe5c12cb782e21c6cc11e6155600b94ff0c99576dce"
-UNINATIVE_CHECKSUM[x86_64] ?= "c26622a1f27dbf5b25de986b11584b5c5b2f322d9eb367f705a744f58a5561ec"
+UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/2.2/"
+UNINATIVE_CHECKSUM[i686] ?= "036b60092fe4acfa1a321d110673030db20344a2d56f33a4d047f0279498bdad"
+UNINATIVE_CHECKSUM[x86_64] ?= "e3b77208169bf1ac4e89496f3cdbf27695f5b18a2694a908a793390f28b67f83"
+
diff --git a/poky/meta/conf/licenses.conf b/poky/meta/conf/licenses.conf
index 3e2d2589a..90c486ebe 100644
--- a/poky/meta/conf/licenses.conf
+++ b/poky/meta/conf/licenses.conf
@@ -16,7 +16,7 @@ SRC_DISTRIBUTE_LICENSES += "CC-BY-SA-1.0 CC-BY-SA-2.0 CC-BY-SA-2.5 CC-BY-SA-3.0"
SRC_DISTRIBUTE_LICENSES += "CDDL-1.0 CECILL-1.0 CECILL-2.0 CECILL-B CECILL-C"
SRC_DISTRIBUTE_LICENSES += "ClArtistic CPAL-1.0 CPL-1.0 CUA-OPL-1.0 DSSSL"
SRC_DISTRIBUTE_LICENSES += "ECL-1.0 ECL-2.0 eCos-2.0 EDL-1.0 EFL-1.0 EFL-2.0"
-SRC_DISTRIBUTE_LICENSES += "Elfutils-Exception Entessa EPL-1.0 ErlPL-1.1"
+SRC_DISTRIBUTE_LICENSES += "Elfutils-Exception Entessa EPL-1.0 EPL-2.0 ErlPL-1.1"
SRC_DISTRIBUTE_LICENSES += "EUDatagrid EUPL-1.0 EUPL-1.1 Fair Frameworx-1.0"
SRC_DISTRIBUTE_LICENSES += "FreeType GFDL-1.1 GFDL-1.2 GFDL-1.3 GPL-1.0"
SRC_DISTRIBUTE_LICENSES += "GPL-2.0 GPL-2.0-with-autoconf-exception"
diff --git a/poky/meta/conf/machine/qemux86-64.conf b/poky/meta/conf/machine/qemux86-64.conf
index fcc44595e..2330c7d86 100644
--- a/poky/meta/conf/machine/qemux86-64.conf
+++ b/poky/meta/conf/machine/qemux86-64.conf
@@ -33,5 +33,5 @@ KERNEL_MODULE_AUTOLOAD += "uvesafb"
KERNEL_MODULE_PROBECONF += "uvesafb"
module_conf_uvesafb = "options uvesafb mode_option=${UVESA_MODE}"
-WKS_FILE ?= "directdisk.wks"
+WKS_FILE ?= "qemux86-directdisk.wks"
do_image_wic[depends] += "syslinux:do_populate_sysroot syslinux-native:do_populate_sysroot mtools-native:do_populate_sysroot dosfstools-native:do_populate_sysroot"
diff --git a/poky/meta/conf/machine/qemux86.conf b/poky/meta/conf/machine/qemux86.conf
index c53f7a92c..811e3ef7c 100644
--- a/poky/meta/conf/machine/qemux86.conf
+++ b/poky/meta/conf/machine/qemux86.conf
@@ -32,5 +32,5 @@ KERNEL_MODULE_AUTOLOAD += "uvesafb"
KERNEL_MODULE_PROBECONF += "uvesafb"
module_conf_uvesafb = "options uvesafb mode_option=${UVESA_MODE}"
-WKS_FILE ?= "directdisk.wks"
+WKS_FILE ?= "qemux86-directdisk.wks"
do_image_wic[depends] += "syslinux:do_populate_sysroot syslinux-native:do_populate_sysroot mtools-native:do_populate_sysroot dosfstools-native:do_populate_sysroot"
diff --git a/poky/meta/files/common-licenses/EPL-2.0 b/poky/meta/files/common-licenses/EPL-2.0
new file mode 100644
index 000000000..e48e09634
--- /dev/null
+++ b/poky/meta/files/common-licenses/EPL-2.0
@@ -0,0 +1,277 @@
+Eclipse Public License - v 2.0
+
+ THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF THIS ECLIPSE
+ PUBLIC LICENSE ("AGREEMENT"). ANY USE, REPRODUCTION OR DISTRIBUTION
+ OF THE PROGRAM CONSTITUTES RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT.
+
+1. DEFINITIONS
+
+"Contribution" means:
+
+ a) in the case of the initial Contributor, the initial content
+ Distributed under this Agreement, and
+
+ b) in the case of each subsequent Contributor:
+ i) changes to the Program, and
+ ii) additions to the Program;
+ where such changes and/or additions to the Program originate from
+ and are Distributed by that particular Contributor. A Contribution
+ "originates" from a Contributor if it was added to the Program by
+ such Contributor itself or anyone acting on such Contributor's behalf.
+ Contributions do not include changes or additions to the Program that
+ are not Modified Works.
+
+"Contributor" means any person or entity that Distributes the Program.
+
+"Licensed Patents" mean patent claims licensable by a Contributor which
+are necessarily infringed by the use or sale of its Contribution alone
+or when combined with the Program.
+
+"Program" means the Contributions Distributed in accordance with this
+Agreement.
+
+"Recipient" means anyone who receives the Program under this Agreement
+or any Secondary License (as applicable), including Contributors.
+
+"Derivative Works" shall mean any work, whether in Source Code or other
+form, that is based on (or derived from) the Program and for which the
+editorial revisions, annotations, elaborations, or other modifications
+represent, as a whole, an original work of authorship.
+
+"Modified Works" shall mean any work in Source Code or other form that
+results from an addition to, deletion from, or modification of the
+contents of the Program, including, for purposes of clarity any new file
+in Source Code form that contains any contents of the Program. Modified
+Works shall not include works that contain only declarations,
+interfaces, types, classes, structures, or files of the Program solely
+in each case in order to link to, bind by name, or subclass the Program
+or Modified Works thereof.
+
+"Distribute" means the acts of a) distributing or b) making available
+in any manner that enables the transfer of a copy.
+
+"Source Code" means the form of a Program preferred for making
+modifications, including but not limited to software source code,
+documentation source, and configuration files.
+
+"Secondary License" means either the GNU General Public License,
+Version 2.0, or any later versions of that license, including any
+exceptions or additional permissions as identified by the initial
+Contributor.
+
+2. GRANT OF RIGHTS
+
+ a) Subject to the terms of this Agreement, each Contributor hereby
+ grants Recipient a non-exclusive, worldwide, royalty-free copyright
+ license to reproduce, prepare Derivative Works of, publicly display,
+ publicly perform, Distribute and sublicense the Contribution of such
+ Contributor, if any, and such Derivative Works.
+
+ b) Subject to the terms of this Agreement, each Contributor hereby
+ grants Recipient a non-exclusive, worldwide, royalty-free patent
+ license under Licensed Patents to make, use, sell, offer to sell,
+ import and otherwise transfer the Contribution of such Contributor,
+ if any, in Source Code or other form. This patent license shall
+ apply to the combination of the Contribution and the Program if, at
+ the time the Contribution is added by the Contributor, such addition
+ of the Contribution causes such combination to be covered by the
+ Licensed Patents. The patent license shall not apply to any other
+ combinations which include the Contribution. No hardware per se is
+ licensed hereunder.
+
+ c) Recipient understands that although each Contributor grants the
+ licenses to its Contributions set forth herein, no assurances are
+ provided by any Contributor that the Program does not infringe the
+ patent or other intellectual property rights of any other entity.
+ Each Contributor disclaims any liability to Recipient for claims
+ brought by any other entity based on infringement of intellectual
+ property rights or otherwise. As a condition to exercising the
+ rights and licenses granted hereunder, each Recipient hereby
+ assumes sole responsibility to secure any other intellectual
+ property rights needed, if any. For example, if a third party
+ patent license is required to allow Recipient to Distribute the
+ Program, it is Recipient's responsibility to acquire that license
+ before distributing the Program.
+
+ d) Each Contributor represents that to its knowledge it has
+ sufficient copyright rights in its Contribution, if any, to grant
+ the copyright license set forth in this Agreement.
+
+ e) Notwithstanding the terms of any Secondary License, no
+ Contributor makes additional grants to any Recipient (other than
+ those set forth in this Agreement) as a result of such Recipient's
+ receipt of the Program under the terms of a Secondary License
+ (if permitted under the terms of Section 3).
+
+3. REQUIREMENTS
+
+3.1 If a Contributor Distributes the Program in any form, then:
+
+ a) the Program must also be made available as Source Code, in
+ accordance with section 3.2, and the Contributor must accompany
+ the Program with a statement that the Source Code for the Program
+ is available under this Agreement, and informs Recipients how to
+ obtain it in a reasonable manner on or through a medium customarily
+ used for software exchange; and
+
+ b) the Contributor may Distribute the Program under a license
+ different than this Agreement, provided that such license:
+ i) effectively disclaims on behalf of all other Contributors all
+ warranties and conditions, express and implied, including
+ warranties or conditions of title and non-infringement, and
+ implied warranties or conditions of merchantability and fitness
+ for a particular purpose;
+
+ ii) effectively excludes on behalf of all other Contributors all
+ liability for damages, including direct, indirect, special,
+ incidental and consequential damages, such as lost profits;
+
+ iii) does not attempt to limit or alter the recipients' rights
+ in the Source Code under section 3.2; and
+
+ iv) requires any subsequent distribution of the Program by any
+ party to be under a license that satisfies the requirements
+ of this section 3.
+
+3.2 When the Program is Distributed as Source Code:
+
+ a) it must be made available under this Agreement, or if the
+ Program (i) is combined with other material in a separate file or
+ files made available under a Secondary License, and (ii) the initial
+ Contributor attached to the Source Code the notice described in
+ Exhibit A of this Agreement, then the Program may be made available
+ under the terms of such Secondary Licenses, and
+
+ b) a copy of this Agreement must be included with each copy of
+ the Program.
+
+3.3 Contributors may not remove or alter any copyright, patent,
+trademark, attribution notices, disclaimers of warranty, or limitations
+of liability ("notices") contained within the Program from any copy of
+the Program which they Distribute, provided that Contributors may add
+their own appropriate notices.
+
+4. COMMERCIAL DISTRIBUTION
+
+Commercial distributors of software may accept certain responsibilities
+with respect to end users, business partners and the like. While this
+license is intended to facilitate the commercial use of the Program,
+the Contributor who includes the Program in a commercial product
+offering should do so in a manner which does not create potential
+liability for other Contributors. Therefore, if a Contributor includes
+the Program in a commercial product offering, such Contributor
+("Commercial Contributor") hereby agrees to defend and indemnify every
+other Contributor ("Indemnified Contributor") against any losses,
+damages and costs (collectively "Losses") arising from claims, lawsuits
+and other legal actions brought by a third party against the Indemnified
+Contributor to the extent caused by the acts or omissions of such
+Commercial Contributor in connection with its distribution of the Program
+in a commercial product offering. The obligations in this section do not
+apply to any claims or Losses relating to any actual or alleged
+intellectual property infringement. In order to qualify, an Indemnified
+Contributor must: a) promptly notify the Commercial Contributor in
+writing of such claim, and b) allow the Commercial Contributor to control,
+and cooperate with the Commercial Contributor in, the defense and any
+related settlement negotiations. The Indemnified Contributor may
+participate in any such claim at its own expense.
+
+For example, a Contributor might include the Program in a commercial
+product offering, Product X. That Contributor is then a Commercial
+Contributor. If that Commercial Contributor then makes performance
+claims, or offers warranties related to Product X, those performance
+claims and warranties are such Commercial Contributor's responsibility
+alone. Under this section, the Commercial Contributor would have to
+defend claims against the other Contributors related to those performance
+claims and warranties, and if a court requires any other Contributor to
+pay any damages as a result, the Commercial Contributor must pay
+those damages.
+
+5. NO WARRANTY
+
+EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, AND TO THE EXTENT
+PERMITTED BY APPLICABLE LAW, THE PROGRAM IS PROVIDED ON AN "AS IS"
+BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR
+IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR CONDITIONS OF
+TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR
+PURPOSE. Each Recipient is solely responsible for determining the
+appropriateness of using and distributing the Program and assumes all
+risks associated with its exercise of rights under this Agreement,
+including but not limited to the risks and costs of program errors,
+compliance with applicable laws, damage to or loss of data, programs
+or equipment, and unavailability or interruption of operations.
+
+6. DISCLAIMER OF LIABILITY
+
+EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, AND TO THE EXTENT
+PERMITTED BY APPLICABLE LAW, NEITHER RECIPIENT NOR ANY CONTRIBUTORS
+SHALL HAVE ANY LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION LOST
+PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE
+EXERCISE OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+7. GENERAL
+
+If any provision of this Agreement is invalid or unenforceable under
+applicable law, it shall not affect the validity or enforceability of
+the remainder of the terms of this Agreement, and without further
+action by the parties hereto, such provision shall be reformed to the
+minimum extent necessary to make such provision valid and enforceable.
+
+If Recipient institutes patent litigation against any entity
+(including a cross-claim or counterclaim in a lawsuit) alleging that the
+Program itself (excluding combinations of the Program with other software
+or hardware) infringes such Recipient's patent(s), then such Recipient's
+rights granted under Section 2(b) shall terminate as of the date such
+litigation is filed.
+
+All Recipient's rights under this Agreement shall terminate if it
+fails to comply with any of the material terms or conditions of this
+Agreement and does not cure such failure in a reasonable period of
+time after becoming aware of such noncompliance. If all Recipient's
+rights under this Agreement terminate, Recipient agrees to cease use
+and distribution of the Program as soon as reasonably practicable.
+However, Recipient's obligations under this Agreement and any licenses
+granted by Recipient relating to the Program shall continue and survive.
+
+Everyone is permitted to copy and distribute copies of this Agreement,
+but in order to avoid inconsistency the Agreement is copyrighted and
+may only be modified in the following manner. The Agreement Steward
+reserves the right to publish new versions (including revisions) of
+this Agreement from time to time. No one other than the Agreement
+Steward has the right to modify this Agreement. The Eclipse Foundation
+is the initial Agreement Steward. The Eclipse Foundation may assign the
+responsibility to serve as the Agreement Steward to a suitable separate
+entity. Each new version of the Agreement will be given a distinguishing
+version number. The Program (including Contributions) may always be
+Distributed subject to the version of the Agreement under which it was
+received. In addition, after a new version of the Agreement is published,
+Contributor may elect to Distribute the Program (including its
+Contributions) under the new version.
+
+Except as expressly stated in Sections 2(a) and 2(b) above, Recipient
+receives no rights or licenses to the intellectual property of any
+Contributor under this Agreement, whether expressly, by implication,
+estoppel or otherwise. All rights in the Program not expressly granted
+under this Agreement are reserved. Nothing in this Agreement is intended
+to be enforceable by any entity that is not a Contributor or Recipient.
+No third-party beneficiary rights are created under this Agreement.
+
+Exhibit A - Form of Secondary Licenses Notice
+
+"This Source Code may also be made available under the following
+Secondary Licenses when the conditions for such availability set forth
+in the Eclipse Public License, v. 2.0 are satisfied: {name license(s),
+version(s), and exceptions or additional permissions here}."
+
+ Simply including a copy of this Agreement, including this Exhibit A
+ is not sufficient to license the Source Code under Secondary Licenses.
+
+ If it is not possible or desirable to put the notice in a particular
+ file, then You may include the notice in a location (such as a LICENSE
+ file in a relevant directory) where a recipient would be likely to
+ look for such a notice.
+
+ You may add additional accurate notices of copyright ownership.
diff --git a/poky/meta/lib/bblayers/create.py b/poky/meta/lib/bblayers/create.py
index 6a41fe050..c1923166f 100644
--- a/poky/meta/lib/bblayers/create.py
+++ b/poky/meta/lib/bblayers/create.py
@@ -53,7 +53,7 @@ class CreatePlugin(LayerPlugin):
example_template = read_template('example.bb')
example = os.path.join(layerdir, 'recipes-' + args.examplerecipe, args.examplerecipe)
bb.utils.mkdirhier(example)
- with open(os.path.join(example, args.examplerecipe + '.bb'), 'w') as fd:
+ with open(os.path.join(example, args.examplerecipe + '_%s.bb') % args.version, 'w') as fd:
fd.write(example_template)
logger.plain('Add your new layer with \'bitbake-layers add-layer %s\'' % args.layerdir)
@@ -63,4 +63,5 @@ class CreatePlugin(LayerPlugin):
parser_create_layer.add_argument('layerdir', help='Layer directory to create')
parser_create_layer.add_argument('--priority', '-p', default=6, help='Layer directory to create')
parser_create_layer.add_argument('--example-recipe-name', '-e', dest='examplerecipe', default='example', help='Filename of the example recipe')
+ parser_create_layer.add_argument('--example-recipe-version', '-v', dest='version', default='0.1', help='Version number for the example recipe')
diff --git a/poky/meta/lib/oeqa/core/decorator/__init__.py b/poky/meta/lib/oeqa/core/decorator/__init__.py
index 855b6b9d2..14d7bfcd3 100644
--- a/poky/meta/lib/oeqa/core/decorator/__init__.py
+++ b/poky/meta/lib/oeqa/core/decorator/__init__.py
@@ -2,15 +2,15 @@
# Released under the MIT license (see COPYING.MIT)
from functools import wraps
-from abc import abstractmethod
+from abc import abstractmethod, ABCMeta
decoratorClasses = set()
-def registerDecorator(obj):
- decoratorClasses.add(obj)
- return obj
+def registerDecorator(cls):
+ decoratorClasses.add(cls)
+ return cls
-class OETestDecorator(object):
+class OETestDecorator(object, metaclass=ABCMeta):
case = None # Reference of OETestCase decorated
attrs = None # Attributes to be loaded by decorator implementation
diff --git a/poky/meta/lib/oeqa/core/decorator/data.py b/poky/meta/lib/oeqa/core/decorator/data.py
index ff7bdd98b..31c6dd6be 100644
--- a/poky/meta/lib/oeqa/core/decorator/data.py
+++ b/poky/meta/lib/oeqa/core/decorator/data.py
@@ -61,10 +61,10 @@ class skipIfNotInDataVar(OETestDecorator):
attrs = ('var', 'value', 'msg')
def setUpDecorator(self):
- msg = ('Checking if %r value is in %r to run '
+ msg = ('Checking if %r value contains %r to run '
'the test' % (self.var, self.value))
self.logger.debug(msg)
- if not self.value in self.case.td.get(self.var):
+ if not self.value in (self.case.td.get(self.var) or ""):
self.case.skipTest(self.msg)
@registerDecorator
diff --git a/poky/meta/lib/oeqa/core/loader.py b/poky/meta/lib/oeqa/core/loader.py
index a4744dee0..98fc0f696 100644
--- a/poky/meta/lib/oeqa/core/loader.py
+++ b/poky/meta/lib/oeqa/core/loader.py
@@ -155,7 +155,16 @@ class OETestLoader(unittest.TestLoader):
class_name = case.__class__.__name__
test_name = case._testMethodName
- if self.modules:
+ # 'auto' is a reserved key word to run test cases automatically
+ # warn users if their test case belong to a module named 'auto'
+ if module_name_small == "auto":
+ bb.warn("'auto' is a reserved key word for TEST_SUITES. "
+ "But test case '%s' is detected to belong to auto module. "
+ "Please condier using a new name for your module." % str(case))
+
+ # check if case belongs to any specified module
+ # if 'auto' is specified, such check is skipped
+ if self.modules and not 'auto' in self.modules:
module = None
try:
module = self.modules[module_name_small]
@@ -245,7 +254,7 @@ class OETestLoader(unittest.TestLoader):
for tcName in testCaseNames:
case = self._getTestCase(testCaseClass, tcName)
# Filer by case id
- if not (self.tests and not 'all' in self.tests
+ if not (self.tests and not 'auto' in self.tests
and not getCaseID(case) in self.tests):
self._handleTestCaseDecorators(case)
@@ -309,14 +318,14 @@ class OETestLoader(unittest.TestLoader):
module_name = module.__name__
# Normal test modules are loaded if no modules were specified,
- # if module is in the specified module list or if 'all' is in
+ # if module is in the specified module list or if 'auto' is in
# module list.
# Underscore modules are loaded only if specified in module list.
load_module = True if not module_name.startswith('_') \
and (not self.modules \
or module_name in self.modules \
or module_name_small in self.modules \
- or 'all' in self.modules) \
+ or 'auto' in self.modules) \
else False
load_underscore = True if module_name.startswith('_') \
diff --git a/poky/meta/lib/oeqa/core/target/ssh.py b/poky/meta/lib/oeqa/core/target/ssh.py
index 151b99a77..8ff1f6c67 100644
--- a/poky/meta/lib/oeqa/core/target/ssh.py
+++ b/poky/meta/lib/oeqa/core/target/ssh.py
@@ -208,7 +208,7 @@ def SSHCall(command, logger, timeout=None, **opts):
try:
if select.select([process.stdout], [], [], 5)[0] != []:
reader = codecs.getreader('utf-8')(process.stdout)
- data = reader.read(1024, 1024)
+ data = reader.read(1024, 4096)
if not data:
process.stdout.close()
eof = True
diff --git a/poky/meta/lib/oeqa/runtime/cases/multilib.py b/poky/meta/lib/oeqa/runtime/cases/multilib.py
index 8c167f100..89020386b 100644
--- a/poky/meta/lib/oeqa/runtime/cases/multilib.py
+++ b/poky/meta/lib/oeqa/runtime/cases/multilib.py
@@ -27,6 +27,8 @@ class MultilibTest(OERuntimeTestCase):
@skipIfNotInDataVar('MULTILIBS', 'multilib:lib32',
"This isn't a multilib:lib32 image")
@OETestDepends(['ssh.SSHTest.test_ssh'])
+ @OEHasPackage(['binutils'])
+ @OEHasPackage(['lib32-libc6'])
def test_check_multilib_libc(self):
"""
Check that a multilib image has both 32-bit and 64-bit libc in.
@@ -36,6 +38,6 @@ class MultilibTest(OERuntimeTestCase):
@OETestID(279)
@OETestDepends(['multilib.MultilibTest.test_check_multilib_libc'])
- @OEHasPackage(['lib32-connman'])
+ @OEHasPackage(['lib32-connman', '!connman'])
def test_file_connman(self):
self.archtest("/usr/sbin/connmand", "ELF32")
diff --git a/poky/meta/lib/oeqa/runtime/cases/rpm.py b/poky/meta/lib/oeqa/runtime/cases/rpm.py
index 05b94c7b4..84c59a614 100644
--- a/poky/meta/lib/oeqa/runtime/cases/rpm.py
+++ b/poky/meta/lib/oeqa/runtime/cases/rpm.py
@@ -16,6 +16,7 @@ class RpmBasicTest(OERuntimeTestCase):
cls.skipTest('Tests require image to be build from rpm')
@OETestID(960)
+ @OEHasPackage(['rpm'])
@OETestDepends(['ssh.SSHTest.test_ssh'])
def test_rpm_help(self):
status, output = self.target.run('rpm --help')
diff --git a/poky/meta/recipes-bsp/pcmciautils/pcmciautils.inc b/poky/meta/recipes-bsp/pcmciautils/pcmciautils.inc
index 052498050..26c6d75d4 100644
--- a/poky/meta/recipes-bsp/pcmciautils/pcmciautils.inc
+++ b/poky/meta/recipes-bsp/pcmciautils/pcmciautils.inc
@@ -5,7 +5,7 @@ SECTION = "kernel/userland"
LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
-DEPENDS = "udev sysfsutils flex-native"
+DEPENDS = "udev sysfsutils flex-native bison-native"
RDEPENDS_${PN} = "udev module-init-tools"
SRC_URI = "${KERNELORG_MIRROR}/linux/utils/kernel/pcmcia/${BP}.tar.xz"
diff --git a/poky/meta/recipes-bsp/u-boot/files/0001-efi_loader-avoid-make-race-condition.patch b/poky/meta/recipes-bsp/u-boot/files/0001-efi_loader-avoid-make-race-condition.patch
new file mode 100644
index 000000000..da7e27c64
--- /dev/null
+++ b/poky/meta/recipes-bsp/u-boot/files/0001-efi_loader-avoid-make-race-condition.patch
@@ -0,0 +1,51 @@
+From 5c2e24a9ed54dfee77d1844a080e998b4affe916 Mon Sep 17 00:00:00 2001
+From: Heinrich Schuchardt <xypron.glpk@gmx.de>
+Date: Sat, 2 Jun 2018 19:00:41 +0200
+Subject: [PATCH] efi_loader: avoid make race condition
+
+When U-Boot is built with 'make -j' there is not guarantee that targets in
+directory arch/ are built before targets in directory lib/. The current
+build instruction for EFI binaries in lib/ rely on dependencies in arch/.
+If $(EFI_CRT0) or $(EFI_RELOC) is not yet built before trying to build
+%.efi an error
+ *** No rule to make target '%.efi'
+occurs.
+
+With the patch separate copies of $(EFI_CRT0) and $(EFI_RELOC) named
+efi_crt0.o and efi_reloc.o are built in lib/efi_loader and
+lib/efi_selftest.
+
+Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
+Signed-off-by: Alexander Graf <agraf@suse.de>
+
+Upstream-Status: Backport from 2018.07
+
+Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
+---
+ scripts/Makefile.lib | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib
+index 8f19b2db56..f2f398c935 100644
+--- a/scripts/Makefile.lib
++++ b/scripts/Makefile.lib
+@@ -404,8 +404,14 @@ cmd_efi_ld = $(LD) -nostdlib -znocombreloc -T $(EFI_LDS_PATH) -shared \
+
+ EFI_LDS_PATH = $(srctree)/arch/$(ARCH)/lib/$(EFI_LDS)
+
+-$(obj)/%_efi.so: $(obj)/%.o arch/$(ARCH)/lib/$(EFI_CRT0) \
+- arch/$(ARCH)/lib/$(EFI_RELOC)
++$(obj)/efi_crt0.o: $(srctree)/arch/$(ARCH)/lib/$(EFI_CRT0:.o=.S)
++ $(call if_changed_dep,as_o_S)
++
++$(obj)/efi_reloc.o: $(srctree)/arch/$(ARCH)/lib/$(EFI_RELOC:.o=.c) $(recordmcount_source) FORCE
++ $(call cmd,force_checksrc)
++ $(call if_changed_rule,cc_o_c)
++
++$(obj)/%_efi.so: $(obj)/%.o $(obj)/efi_crt0.o $(obj)/efi_reloc.o
+ $(call cmd,efi_ld)
+
+ # ACPI
+--
+2.17.1
+
diff --git a/poky/meta/recipes-bsp/u-boot/u-boot-common_2018.01.inc b/poky/meta/recipes-bsp/u-boot/u-boot-common_2018.01.inc
index d2073ea0c..11b82b7e2 100644
--- a/poky/meta/recipes-bsp/u-boot/u-boot-common_2018.01.inc
+++ b/poky/meta/recipes-bsp/u-boot/u-boot-common_2018.01.inc
@@ -11,6 +11,7 @@ SRCREV = "f3dd87e0b98999a78e500e8c6d2b063ebadf535a"
SRC_URI = "git://git.denx.de/u-boot.git \
file://MPC8315ERDB-enable-DHCP.patch \
+ file://0001-efi_loader-avoid-make-race-condition.patch \
"
S = "${WORKDIR}/git"
diff --git a/poky/meta/recipes-bsp/u-boot/u-boot.inc b/poky/meta/recipes-bsp/u-boot/u-boot.inc
index c2bcf9984..95c2f4db1 100644
--- a/poky/meta/recipes-bsp/u-boot/u-boot.inc
+++ b/poky/meta/recipes-bsp/u-boot/u-boot.inc
@@ -7,8 +7,11 @@ PACKAGE_ARCH = "${MACHINE_ARCH}"
inherit uboot-config uboot-extlinux-config uboot-sign deploy
+DEPENDS += "swig-native python-native"
+
EXTRA_OEMAKE = 'CROSS_COMPILE=${TARGET_PREFIX} CC="${TARGET_PREFIX}gcc ${TOOLCHAIN_OPTIONS}" V=1'
EXTRA_OEMAKE += 'HOSTCC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}"'
+EXTRA_OEMAKE += 'PYTHON=nativepython STAGING_INCDIR=${STAGING_INCDIR_NATIVE} STAGING_LIBDIR=${STAGING_LIBDIR_NATIVE}'
PACKAGECONFIG ??= "openssl"
# u-boot will compile its own tools during the build, with specific
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple.patch
deleted file mode 100644
index 436520fe6..000000000
--- a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple.patch
+++ /dev/null
@@ -1,1025 +0,0 @@
-The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
-result in unauthenticated clients gaining access to the network.
-
-Backport a number of patches from upstream to fix this.
-
-CVE: CVE-2017-13077
-CVE: CVE-2017-13078
-CVE: CVE-2017-13079
-CVE: CVE-2017-13080
-CVE: CVE-2017-13081
-CVE: CVE-2017-13082
-CVE: CVE-2017-13086
-CVE: CVE-2017-13087
-CVE: CVE-2017-13088
-
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001
-From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
-Date: Fri, 14 Jul 2017 15:15:35 +0200
-Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake
-
-Do not reinstall TK to the driver during Reassociation Response frame
-processing if the first attempt of setting the TK succeeded. This avoids
-issues related to clearing the TX/RX PN that could result in reusing
-same PN values for transmitted frames (e.g., due to CCM nonce reuse and
-also hitting replay protection on the receiver) and accepting replayed
-frames on RX side.
-
-This issue was introduced by the commit
-0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in
-authenticator') which allowed wpa_ft_install_ptk() to be called multiple
-times with the same PTK. While the second configuration attempt is
-needed with some drivers, it must be done only if the first attempt
-failed.
-
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
----
- src/ap/ieee802_11.c | 16 +++++++++++++---
- src/ap/wpa_auth.c | 11 +++++++++++
- src/ap/wpa_auth.h | 3 ++-
- src/ap/wpa_auth_ft.c | 10 ++++++++++
- src/ap/wpa_auth_i.h | 1 +
- 5 files changed, 37 insertions(+), 4 deletions(-)
-
-diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
-index 4e04169..333035f 100644
---- a/src/ap/ieee802_11.c
-+++ b/src/ap/ieee802_11.c
-@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd,
- {
- struct ieee80211_ht_capabilities ht_cap;
- struct ieee80211_vht_capabilities vht_cap;
-+ int set = 1;
-
- /*
- * Remove the STA entry to ensure the STA PS state gets cleared and
-@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd,
- * FT-over-the-DS, where a station re-associates back to the same AP but
- * skips the authentication flow, or if working with a driver that
- * does not support full AP client state.
-+ *
-+ * Skip this if the STA has already completed FT reassociation and the
-+ * TK has been configured since the TX/RX PN must not be reset to 0 for
-+ * the same key.
- */
-- if (!sta->added_unassoc)
-+ if (!sta->added_unassoc &&
-+ (!(sta->flags & WLAN_STA_AUTHORIZED) ||
-+ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) {
- hostapd_drv_sta_remove(hapd, sta->addr);
-+ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
-+ set = 0;
-+ }
-
- #ifdef CONFIG_IEEE80211N
- if (sta->flags & WLAN_STA_HT)
-@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd,
- sta->flags & WLAN_STA_VHT ? &vht_cap : NULL,
- sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
- sta->vht_opmode, sta->p2p_ie ? 1 : 0,
-- sta->added_unassoc)) {
-+ set)) {
- hostapd_logger(hapd, sta->addr,
- HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE,
- "Could not %s STA to kernel driver",
-- sta->added_unassoc ? "set" : "add");
-+ set ? "set" : "add");
-
- if (sta->added_unassoc) {
- hostapd_drv_sta_remove(hapd, sta->addr);
-diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
-index 3587086..707971d 100644
---- a/src/ap/wpa_auth.c
-+++ b/src/ap/wpa_auth.c
-@@ -1745,6 +1745,9 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event)
- #else /* CONFIG_IEEE80211R */
- break;
- #endif /* CONFIG_IEEE80211R */
-+ case WPA_DRV_STA_REMOVED:
-+ sm->tk_already_set = FALSE;
-+ return 0;
- }
-
- #ifdef CONFIG_IEEE80211R
-@@ -3250,6 +3253,14 @@ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
- }
-
-
-+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm)
-+{
-+ if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt))
-+ return 0;
-+ return sm->tk_already_set;
-+}
-+
-+
- int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
- struct rsn_pmksa_cache_entry *entry)
- {
-diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
-index 0de8d97..97461b0 100644
---- a/src/ap/wpa_auth.h
-+++ b/src/ap/wpa_auth.h
-@@ -267,7 +267,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
- u8 *data, size_t data_len);
- enum wpa_event {
- WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH,
-- WPA_REAUTH_EAPOL, WPA_ASSOC_FT
-+ WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_DRV_STA_REMOVED
- };
- void wpa_remove_ptk(struct wpa_state_machine *sm);
- int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event);
-@@ -280,6 +280,7 @@ int wpa_auth_pairwise_set(struct wpa_state_machine *sm);
- int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
- int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
- int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
-+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm);
- int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
- struct rsn_pmksa_cache_entry *entry);
- struct rsn_pmksa_cache_entry *
-diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
-index 42242a5..e63b99a 100644
---- a/src/ap/wpa_auth_ft.c
-+++ b/src/ap/wpa_auth_ft.c
-@@ -780,6 +780,14 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
- return;
- }
-
-+ if (sm->tk_already_set) {
-+ /* Must avoid TK reconfiguration to prevent clearing of TX/RX
-+ * PN in the driver */
-+ wpa_printf(MSG_DEBUG,
-+ "FT: Do not re-install same PTK to the driver");
-+ return;
-+ }
-+
- /* FIX: add STA entry to kernel/driver here? The set_key will fail
- * most likely without this.. At the moment, STA entry is added only
- * after association has been completed. This function will be called
-@@ -792,6 +800,7 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
-
- /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
- sm->pairwise_set = TRUE;
-+ sm->tk_already_set = TRUE;
- }
-
-
-@@ -898,6 +907,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm,
-
- sm->pairwise = pairwise;
- sm->PTK_valid = TRUE;
-+ sm->tk_already_set = FALSE;
- wpa_ft_install_ptk(sm);
-
- buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
-diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h
-index 72b7eb3..7fd8f05 100644
---- a/src/ap/wpa_auth_i.h
-+++ b/src/ap/wpa_auth_i.h
-@@ -65,6 +65,7 @@ struct wpa_state_machine {
- struct wpa_ptk PTK;
- Boolean PTK_valid;
- Boolean pairwise_set;
-+ Boolean tk_already_set;
- int keycount;
- Boolean Pair;
- struct wpa_key_replay_counter {
---
-2.7.4
-
-From 927f891007c402fefd1ff384645b3f07597c3ede Mon Sep 17 00:00:00 2001
-From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
-Date: Wed, 12 Jul 2017 16:03:24 +0200
-Subject: [PATCH 2/8] Prevent reinstallation of an already in-use group key
-
-Track the current GTK and IGTK that is in use and when receiving a
-(possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do
-not install the given key if it is already in use. This prevents an
-attacker from trying to trick the client into resetting or lowering the
-sequence counter associated to the group key.
-
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
----
- src/common/wpa_common.h | 11 +++++
- src/rsn_supp/wpa.c | 116 ++++++++++++++++++++++++++++++------------------
- src/rsn_supp/wpa_i.h | 4 ++
- 3 files changed, 87 insertions(+), 44 deletions(-)
-
-diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
-index af1d0f0..d200285 100644
---- a/src/common/wpa_common.h
-+++ b/src/common/wpa_common.h
-@@ -217,6 +217,17 @@ struct wpa_ptk {
- size_t tk_len;
- };
-
-+struct wpa_gtk {
-+ u8 gtk[WPA_GTK_MAX_LEN];
-+ size_t gtk_len;
-+};
-+
-+#ifdef CONFIG_IEEE80211W
-+struct wpa_igtk {
-+ u8 igtk[WPA_IGTK_MAX_LEN];
-+ size_t igtk_len;
-+};
-+#endif /* CONFIG_IEEE80211W */
-
- /* WPA IE version 1
- * 00-50-f2:1 (OUI:OUI type)
-diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
-index 3c47879..95bd7be 100644
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -714,6 +714,15 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
- const u8 *_gtk = gd->gtk;
- u8 gtk_buf[32];
-
-+ /* Detect possible key reinstallation */
-+ if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
-+ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
-+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
-+ "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
-+ gd->keyidx, gd->tx, gd->gtk_len);
-+ return 0;
-+ }
-+
- wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
-@@ -748,6 +757,9 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
- }
- os_memset(gtk_buf, 0, sizeof(gtk_buf));
-
-+ sm->gtk.gtk_len = gd->gtk_len;
-+ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
-+
- return 0;
- }
-
-@@ -854,6 +866,48 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
- }
-
-
-+#ifdef CONFIG_IEEE80211W
-+static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
-+ const struct wpa_igtk_kde *igtk)
-+{
-+ size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
-+ u16 keyidx = WPA_GET_LE16(igtk->keyid);
-+
-+ /* Detect possible key reinstallation */
-+ if (sm->igtk.igtk_len == len &&
-+ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
-+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
-+ "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
-+ keyidx);
-+ return 0;
-+ }
-+
-+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
-+ "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x",
-+ keyidx, MAC2STR(igtk->pn));
-+ wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len);
-+ if (keyidx > 4095) {
-+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
-+ "WPA: Invalid IGTK KeyID %d", keyidx);
-+ return -1;
-+ }
-+ if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
-+ broadcast_ether_addr,
-+ keyidx, 0, igtk->pn, sizeof(igtk->pn),
-+ igtk->igtk, len) < 0) {
-+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
-+ "WPA: Failed to configure IGTK to the driver");
-+ return -1;
-+ }
-+
-+ sm->igtk.igtk_len = len;
-+ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
-+
-+ return 0;
-+}
-+#endif /* CONFIG_IEEE80211W */
-+
-+
- static int ieee80211w_set_keys(struct wpa_sm *sm,
- struct wpa_eapol_ie_parse *ie)
- {
-@@ -864,30 +918,14 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
- if (ie->igtk) {
- size_t len;
- const struct wpa_igtk_kde *igtk;
-- u16 keyidx;
-+
- len = wpa_cipher_key_len(sm->mgmt_group_cipher);
- if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len)
- return -1;
-+
- igtk = (const struct wpa_igtk_kde *) ie->igtk;
-- keyidx = WPA_GET_LE16(igtk->keyid);
-- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d "
-- "pn %02x%02x%02x%02x%02x%02x",
-- keyidx, MAC2STR(igtk->pn));
-- wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK",
-- igtk->igtk, len);
-- if (keyidx > 4095) {
-- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
-- "WPA: Invalid IGTK KeyID %d", keyidx);
-- return -1;
-- }
-- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
-- broadcast_ether_addr,
-- keyidx, 0, igtk->pn, sizeof(igtk->pn),
-- igtk->igtk, len) < 0) {
-- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
-- "WPA: Failed to configure IGTK to the driver");
-+ if (wpa_supplicant_install_igtk(sm, igtk) < 0)
- return -1;
-- }
- }
-
- return 0;
-@@ -2307,7 +2345,7 @@ void wpa_sm_deinit(struct wpa_sm *sm)
- */
- void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
- {
-- int clear_ptk = 1;
-+ int clear_keys = 1;
-
- if (sm == NULL)
- return;
-@@ -2333,11 +2371,11 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
- /* Prepare for the next transition */
- wpa_ft_prepare_auth_request(sm, NULL);
-
-- clear_ptk = 0;
-+ clear_keys = 0;
- }
- #endif /* CONFIG_IEEE80211R */
-
-- if (clear_ptk) {
-+ if (clear_keys) {
- /*
- * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
- * this is not part of a Fast BSS Transition.
-@@ -2347,6 +2385,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
- os_memset(&sm->ptk, 0, sizeof(sm->ptk));
- sm->tptk_set = 0;
- os_memset(&sm->tptk, 0, sizeof(sm->tptk));
-+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
-+#ifdef CONFIG_IEEE80211W
-+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
-+#endif /* CONFIG_IEEE80211W */
- }
-
- #ifdef CONFIG_TDLS
-@@ -2877,6 +2919,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
- os_memset(sm->pmk, 0, sizeof(sm->pmk));
- os_memset(&sm->ptk, 0, sizeof(sm->ptk));
- os_memset(&sm->tptk, 0, sizeof(sm->tptk));
-+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
-+#ifdef CONFIG_IEEE80211W
-+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
-+#endif /* CONFIG_IEEE80211W */
- #ifdef CONFIG_IEEE80211R
- os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
- os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0));
-@@ -2949,29 +2995,11 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
- os_memset(&gd, 0, sizeof(gd));
- #ifdef CONFIG_IEEE80211W
- } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) {
-- struct wpa_igtk_kde igd;
-- u16 keyidx;
--
-- os_memset(&igd, 0, sizeof(igd));
-- keylen = wpa_cipher_key_len(sm->mgmt_group_cipher);
-- os_memcpy(igd.keyid, buf + 2, 2);
-- os_memcpy(igd.pn, buf + 4, 6);
--
-- keyidx = WPA_GET_LE16(igd.keyid);
-- os_memcpy(igd.igtk, buf + 10, keylen);
--
-- wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)",
-- igd.igtk, keylen);
-- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
-- broadcast_ether_addr,
-- keyidx, 0, igd.pn, sizeof(igd.pn),
-- igd.igtk, keylen) < 0) {
-- wpa_printf(MSG_DEBUG, "Failed to install the IGTK in "
-- "WNM mode");
-- os_memset(&igd, 0, sizeof(igd));
-+ const struct wpa_igtk_kde *igtk;
-+
-+ igtk = (const struct wpa_igtk_kde *) (buf + 2);
-+ if (wpa_supplicant_install_igtk(sm, igtk) < 0)
- return -1;
-- }
-- os_memset(&igd, 0, sizeof(igd));
- #endif /* CONFIG_IEEE80211W */
- } else {
- wpa_printf(MSG_DEBUG, "Unknown element id");
-diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
-index f653ba6..afc9e37 100644
---- a/src/rsn_supp/wpa_i.h
-+++ b/src/rsn_supp/wpa_i.h
-@@ -31,6 +31,10 @@ struct wpa_sm {
- u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN];
- int rx_replay_counter_set;
- u8 request_counter[WPA_REPLAY_COUNTER_LEN];
-+ struct wpa_gtk gtk;
-+#ifdef CONFIG_IEEE80211W
-+ struct wpa_igtk igtk;
-+#endif /* CONFIG_IEEE80211W */
-
- struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
-
---
-2.7.4
-
-From 8280294e74846ea342389a0cd17215050fa5afe8 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Sun, 1 Oct 2017 12:12:24 +0300
-Subject: [PATCH 3/8] Extend protection of GTK/IGTK reinstallation of WNM-Sleep
- Mode cases
-
-This extends the protection to track last configured GTK/IGTK value
-separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a
-corner case where these two different mechanisms may get used when the
-GTK/IGTK has changed and tracking a single value is not sufficient to
-detect a possible key reconfiguration.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/rsn_supp/wpa.c | 53 +++++++++++++++++++++++++++++++++++++---------------
- src/rsn_supp/wpa_i.h | 2 ++
- 2 files changed, 40 insertions(+), 15 deletions(-)
-
-diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
-index 95bd7be..7a2c68d 100644
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -709,14 +709,17 @@ struct wpa_gtk_data {
-
- static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
- const struct wpa_gtk_data *gd,
-- const u8 *key_rsc)
-+ const u8 *key_rsc, int wnm_sleep)
- {
- const u8 *_gtk = gd->gtk;
- u8 gtk_buf[32];
-
- /* Detect possible key reinstallation */
-- if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
-- os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
-+ if ((sm->gtk.gtk_len == (size_t) gd->gtk_len &&
-+ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) ||
-+ (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len &&
-+ os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk,
-+ sm->gtk_wnm_sleep.gtk_len) == 0)) {
- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
- gd->keyidx, gd->tx, gd->gtk_len);
-@@ -757,8 +760,14 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
- }
- os_memset(gtk_buf, 0, sizeof(gtk_buf));
-
-- sm->gtk.gtk_len = gd->gtk_len;
-- os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
-+ if (wnm_sleep) {
-+ sm->gtk_wnm_sleep.gtk_len = gd->gtk_len;
-+ os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk,
-+ sm->gtk_wnm_sleep.gtk_len);
-+ } else {
-+ sm->gtk.gtk_len = gd->gtk_len;
-+ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
-+ }
-
- return 0;
- }
-@@ -852,7 +861,7 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
- (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
- gtk_len, gtk_len,
- &gd.key_rsc_len, &gd.alg) ||
-- wpa_supplicant_install_gtk(sm, &gd, key_rsc))) {
-+ wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) {
- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- "RSN: Failed to install GTK");
- os_memset(&gd, 0, sizeof(gd));
-@@ -868,14 +877,18 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
-
- #ifdef CONFIG_IEEE80211W
- static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
-- const struct wpa_igtk_kde *igtk)
-+ const struct wpa_igtk_kde *igtk,
-+ int wnm_sleep)
- {
- size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
- u16 keyidx = WPA_GET_LE16(igtk->keyid);
-
- /* Detect possible key reinstallation */
-- if (sm->igtk.igtk_len == len &&
-- os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
-+ if ((sm->igtk.igtk_len == len &&
-+ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) ||
-+ (sm->igtk_wnm_sleep.igtk_len == len &&
-+ os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk,
-+ sm->igtk_wnm_sleep.igtk_len) == 0)) {
- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
- keyidx);
-@@ -900,8 +913,14 @@ static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
- return -1;
- }
-
-- sm->igtk.igtk_len = len;
-- os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
-+ if (wnm_sleep) {
-+ sm->igtk_wnm_sleep.igtk_len = len;
-+ os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk,
-+ sm->igtk_wnm_sleep.igtk_len);
-+ } else {
-+ sm->igtk.igtk_len = len;
-+ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
-+ }
-
- return 0;
- }
-@@ -924,7 +943,7 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
- return -1;
-
- igtk = (const struct wpa_igtk_kde *) ie->igtk;
-- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
-+ if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0)
- return -1;
- }
-
-@@ -1574,7 +1593,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
- if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
- key_rsc = null_rsc;
-
-- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) ||
-+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) ||
- wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0)
- goto failed;
- os_memset(&gd, 0, sizeof(gd));
-@@ -2386,8 +2405,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
- sm->tptk_set = 0;
- os_memset(&sm->tptk, 0, sizeof(sm->tptk));
- os_memset(&sm->gtk, 0, sizeof(sm->gtk));
-+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
- #ifdef CONFIG_IEEE80211W
- os_memset(&sm->igtk, 0, sizeof(sm->igtk));
-+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
- #endif /* CONFIG_IEEE80211W */
- }
-
-@@ -2920,8 +2941,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
- os_memset(&sm->ptk, 0, sizeof(sm->ptk));
- os_memset(&sm->tptk, 0, sizeof(sm->tptk));
- os_memset(&sm->gtk, 0, sizeof(sm->gtk));
-+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
- #ifdef CONFIG_IEEE80211W
- os_memset(&sm->igtk, 0, sizeof(sm->igtk));
-+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
- #endif /* CONFIG_IEEE80211W */
- #ifdef CONFIG_IEEE80211R
- os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
-@@ -2986,7 +3009,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
-
- wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
- gd.gtk, gd.gtk_len);
-- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) {
-+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) {
- os_memset(&gd, 0, sizeof(gd));
- wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
- "WNM mode");
-@@ -2998,7 +3021,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
- const struct wpa_igtk_kde *igtk;
-
- igtk = (const struct wpa_igtk_kde *) (buf + 2);
-- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
-+ if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0)
- return -1;
- #endif /* CONFIG_IEEE80211W */
- } else {
-diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
-index afc9e37..9a54631 100644
---- a/src/rsn_supp/wpa_i.h
-+++ b/src/rsn_supp/wpa_i.h
-@@ -32,8 +32,10 @@ struct wpa_sm {
- int rx_replay_counter_set;
- u8 request_counter[WPA_REPLAY_COUNTER_LEN];
- struct wpa_gtk gtk;
-+ struct wpa_gtk gtk_wnm_sleep;
- #ifdef CONFIG_IEEE80211W
- struct wpa_igtk igtk;
-+ struct wpa_igtk igtk_wnm_sleep;
- #endif /* CONFIG_IEEE80211W */
-
- struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
---
-2.7.4
-
-From 8f82bc94e8697a9d47fa8774dfdaaede1084912c Mon Sep 17 00:00:00 2001
-From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
-Date: Fri, 29 Sep 2017 04:22:51 +0200
-Subject: [PATCH 4/8] Prevent installation of an all-zero TK
-
-Properly track whether a PTK has already been installed to the driver
-and the TK part cleared from memory. This prevents an attacker from
-trying to trick the client into installing an all-zero TK.
-
-This fixes the earlier fix in commit
-ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the
-driver in EAPOL-Key 3/4 retry case') which did not take into account
-possibility of an extra message 1/4 showing up between retries of
-message 3/4.
-
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
----
- src/common/wpa_common.h | 1 +
- src/rsn_supp/wpa.c | 5 ++---
- src/rsn_supp/wpa_i.h | 1 -
- 3 files changed, 3 insertions(+), 4 deletions(-)
-
-diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
-index d200285..1021ccb 100644
---- a/src/common/wpa_common.h
-+++ b/src/common/wpa_common.h
-@@ -215,6 +215,7 @@ struct wpa_ptk {
- size_t kck_len;
- size_t kek_len;
- size_t tk_len;
-+ int installed; /* 1 if key has already been installed to driver */
- };
-
- struct wpa_gtk {
-diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
-index 7a2c68d..0550a41 100644
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -510,7 +510,6 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
- os_memset(buf, 0, sizeof(buf));
- }
- sm->tptk_set = 1;
-- sm->tk_to_set = 1;
-
- kde = sm->assoc_wpa_ie;
- kde_len = sm->assoc_wpa_ie_len;
-@@ -615,7 +614,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
- enum wpa_alg alg;
- const u8 *key_rsc;
-
-- if (!sm->tk_to_set) {
-+ if (sm->ptk.installed) {
- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- "WPA: Do not re-install same PTK to the driver");
- return 0;
-@@ -659,7 +658,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
-
- /* TK is not needed anymore in supplicant */
- os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
-- sm->tk_to_set = 0;
-+ sm->ptk.installed = 1;
-
- if (sm->wpa_ptk_rekey) {
- eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
-diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
-index 9a54631..41f371f 100644
---- a/src/rsn_supp/wpa_i.h
-+++ b/src/rsn_supp/wpa_i.h
-@@ -24,7 +24,6 @@ struct wpa_sm {
- struct wpa_ptk ptk, tptk;
- int ptk_set, tptk_set;
- unsigned int msg_3_of_4_ok:1;
-- unsigned int tk_to_set:1;
- u8 snonce[WPA_NONCE_LEN];
- u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */
- int renew_snonce;
---
-2.7.4
-
-From 12fac09b437a1dc8a0f253e265934a8aaf4d2f8b Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Sun, 1 Oct 2017 12:32:57 +0300
-Subject: [PATCH 5/8] Fix PTK rekeying to generate a new ANonce
-
-The Authenticator state machine path for PTK rekeying ended up bypassing
-the AUTHENTICATION2 state where a new ANonce is generated when going
-directly to the PTKSTART state since there is no need to try to
-determine the PMK again in such a case. This is far from ideal since the
-new PTK would depend on a new nonce only from the supplicant.
-
-Fix this by generating a new ANonce when moving to the PTKSTART state
-for the purpose of starting new 4-way handshake to rekey PTK.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/ap/wpa_auth.c | 24 +++++++++++++++++++++---
- 1 file changed, 21 insertions(+), 3 deletions(-)
-
-diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
-index 707971d..bf10cc1 100644
---- a/src/ap/wpa_auth.c
-+++ b/src/ap/wpa_auth.c
-@@ -1901,6 +1901,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2)
- }
-
-
-+static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm)
-+{
-+ if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
-+ wpa_printf(MSG_ERROR,
-+ "WPA: Failed to get random data for ANonce");
-+ sm->Disconnect = TRUE;
-+ return -1;
-+ }
-+ wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce,
-+ WPA_NONCE_LEN);
-+ sm->TimeoutCtr = 0;
-+ return 0;
-+}
-+
-+
- SM_STATE(WPA_PTK, INITPMK)
- {
- u8 msk[2 * PMK_LEN];
-@@ -2458,9 +2473,12 @@ SM_STEP(WPA_PTK)
- SM_ENTER(WPA_PTK, AUTHENTICATION);
- else if (sm->ReAuthenticationRequest)
- SM_ENTER(WPA_PTK, AUTHENTICATION2);
-- else if (sm->PTKRequest)
-- SM_ENTER(WPA_PTK, PTKSTART);
-- else switch (sm->wpa_ptk_state) {
-+ else if (sm->PTKRequest) {
-+ if (wpa_auth_sm_ptk_update(sm) < 0)
-+ SM_ENTER(WPA_PTK, DISCONNECTED);
-+ else
-+ SM_ENTER(WPA_PTK, PTKSTART);
-+ } else switch (sm->wpa_ptk_state) {
- case WPA_PTK_INITIALIZE:
- break;
- case WPA_PTK_DISCONNECT:
---
-2.7.4
-
-From 6c4bed4f47d1960ec04981a9d50e5076aea5223d Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Fri, 22 Sep 2017 11:03:15 +0300
-Subject: [PATCH 6/8] TDLS: Reject TPK-TK reconfiguration
-
-Do not try to reconfigure the same TPK-TK to the driver after it has
-been successfully configured. This is an explicit check to avoid issues
-related to resetting the TX/RX packet number. There was already a check
-for this for TPK M2 (retries of that message are ignored completely), so
-that behavior does not get modified.
-
-For TPK M3, the TPK-TK could have been reconfigured, but that was
-followed by immediate teardown of the link due to an issue in updating
-the STA entry. Furthermore, for TDLS with any real security (i.e.,
-ignoring open/WEP), the TPK message exchange is protected on the AP path
-and simple replay attacks are not feasible.
-
-As an additional corner case, make sure the local nonce gets updated if
-the peer uses a very unlikely "random nonce" of all zeros.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/rsn_supp/tdls.c | 38 ++++++++++++++++++++++++++++++++++++--
- 1 file changed, 36 insertions(+), 2 deletions(-)
-
-diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c
-index e424168..9eb9738 100644
---- a/src/rsn_supp/tdls.c
-+++ b/src/rsn_supp/tdls.c
-@@ -112,6 +112,7 @@ struct wpa_tdls_peer {
- u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */
- } tpk;
- int tpk_set;
-+ int tk_set; /* TPK-TK configured to the driver */
- int tpk_success;
- int tpk_in_progress;
-
-@@ -192,6 +193,20 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
- u8 rsc[6];
- enum wpa_alg alg;
-
-+ if (peer->tk_set) {
-+ /*
-+ * This same TPK-TK has already been configured to the driver
-+ * and this new configuration attempt (likely due to an
-+ * unexpected retransmitted frame) would result in clearing
-+ * the TX/RX sequence number which can break security, so must
-+ * not allow that to happen.
-+ */
-+ wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR
-+ " has already been configured to the driver - do not reconfigure",
-+ MAC2STR(peer->addr));
-+ return -1;
-+ }
-+
- os_memset(rsc, 0, 6);
-
- switch (peer->cipher) {
-@@ -209,12 +224,15 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
- return -1;
- }
-
-+ wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR,
-+ MAC2STR(peer->addr));
- if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1,
- rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) {
- wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the "
- "driver");
- return -1;
- }
-+ peer->tk_set = 1;
- return 0;
- }
-
-@@ -696,7 +714,7 @@ static void wpa_tdls_peer_clear(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
- peer->cipher = 0;
- peer->qos_info = 0;
- peer->wmm_capable = 0;
-- peer->tpk_set = peer->tpk_success = 0;
-+ peer->tk_set = peer->tpk_set = peer->tpk_success = 0;
- peer->chan_switch_enabled = 0;
- os_memset(&peer->tpk, 0, sizeof(peer->tpk));
- os_memset(peer->inonce, 0, WPA_NONCE_LEN);
-@@ -1159,6 +1177,7 @@ skip_rsnie:
- wpa_tdls_peer_free(sm, peer);
- return -1;
- }
-+ peer->tk_set = 0; /* A new nonce results in a new TK */
- wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake",
- peer->inonce, WPA_NONCE_LEN);
- os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN);
-@@ -1751,6 +1770,19 @@ static int wpa_tdls_addset_peer(struct wpa_sm *sm, struct wpa_tdls_peer *peer,
- }
-
-
-+static int tdls_nonce_set(const u8 *nonce)
-+{
-+ int i;
-+
-+ for (i = 0; i < WPA_NONCE_LEN; i++) {
-+ if (nonce[i])
-+ return 1;
-+ }
-+
-+ return 0;
-+}
-+
-+
- static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr,
- const u8 *buf, size_t len)
- {
-@@ -2004,7 +2036,8 @@ skip_rsn:
- peer->rsnie_i_len = kde.rsn_ie_len;
- peer->cipher = cipher;
-
-- if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) {
-+ if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 ||
-+ !tdls_nonce_set(peer->inonce)) {
- /*
- * There is no point in updating the RNonce for every obtained
- * TPK M1 frame (e.g., retransmission due to timeout) with the
-@@ -2020,6 +2053,7 @@ skip_rsn:
- "TDLS: Failed to get random data for responder nonce");
- goto error;
- }
-+ peer->tk_set = 0; /* A new nonce results in a new TK */
- }
-
- #if 0
---
-2.7.4
-
-From 53c5eb58e95004f86e65ee9fbfccbc291b139057 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Fri, 22 Sep 2017 11:25:02 +0300
-Subject: [PATCH 7/8] WNM: Ignore WNM-Sleep Mode Response without pending
- request
-
-Commit 03ed0a52393710be6bdae657d1b36efa146520e5 ('WNM: Ignore WNM-Sleep
-Mode Response if WNM-Sleep Mode has not been used') started ignoring the
-response when no WNM-Sleep Mode Request had been used during the
-association. This can be made tighter by clearing the used flag when
-successfully processing a response. This adds an additional layer of
-protection against unexpected retransmissions of the response frame.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- wpa_supplicant/wnm_sta.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c
-index 1b3409c..67a07ff 100644
---- a/wpa_supplicant/wnm_sta.c
-+++ b/wpa_supplicant/wnm_sta.c
-@@ -260,7 +260,7 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s,
-
- if (!wpa_s->wnmsleep_used) {
- wpa_printf(MSG_DEBUG,
-- "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode has not been used in this association");
-+ "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode operation has not been requested");
- return;
- }
-
-@@ -299,6 +299,8 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s,
- return;
- }
-
-+ wpa_s->wnmsleep_used = 0;
-+
- if (wnmsleep_ie->status == WNM_STATUS_SLEEP_ACCEPT ||
- wnmsleep_ie->status == WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) {
- wpa_printf(MSG_DEBUG, "Successfully recv WNM-Sleep Response "
---
-2.7.4
-
-From b372ab0b7daea719749194dc554b26e6367603f2 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Fri, 22 Sep 2017 12:06:37 +0300
-Subject: [PATCH 8/8] FT: Do not allow multiple Reassociation Response frames
-
-The driver is expected to not report a second association event without
-the station having explicitly request a new association. As such, this
-case should not be reachable. However, since reconfiguring the same
-pairwise or group keys to the driver could result in nonce reuse issues,
-be extra careful here and do an additional state check to avoid this
-even if the local driver ends up somehow accepting an unexpected
-Reassociation Response frame.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/rsn_supp/wpa.c | 3 +++
- src/rsn_supp/wpa_ft.c | 8 ++++++++
- src/rsn_supp/wpa_i.h | 1 +
- 3 files changed, 12 insertions(+)
-
-diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
-index 0550a41..2a53c6f 100644
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -2440,6 +2440,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm)
- #ifdef CONFIG_TDLS
- wpa_tdls_disassoc(sm);
- #endif /* CONFIG_TDLS */
-+#ifdef CONFIG_IEEE80211R
-+ sm->ft_reassoc_completed = 0;
-+#endif /* CONFIG_IEEE80211R */
-
- /* Keys are not needed in the WPA state machine anymore */
- wpa_sm_drop_sa(sm);
-diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c
-index 205793e..d45bb45 100644
---- a/src/rsn_supp/wpa_ft.c
-+++ b/src/rsn_supp/wpa_ft.c
-@@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len,
- u16 capab;
-
- sm->ft_completed = 0;
-+ sm->ft_reassoc_completed = 0;
-
- buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
- 2 + sm->r0kh_id_len + ric_ies_len + 100;
-@@ -681,6 +682,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
- return -1;
- }
-
-+ if (sm->ft_reassoc_completed) {
-+ wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission");
-+ return 0;
-+ }
-+
- if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
- wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs");
- return -1;
-@@ -781,6 +787,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
- return -1;
- }
-
-+ sm->ft_reassoc_completed = 1;
-+
- if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0)
- return -1;
-
-diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
-index 41f371f..56f88dc 100644
---- a/src/rsn_supp/wpa_i.h
-+++ b/src/rsn_supp/wpa_i.h
-@@ -128,6 +128,7 @@ struct wpa_sm {
- size_t r0kh_id_len;
- u8 r1kh_id[FT_R1KH_ID_LEN];
- int ft_completed;
-+ int ft_reassoc_completed;
- int over_the_ds_in_progress;
- u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */
- int set_ptk_after_assoc;
---
-2.7.4
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple1.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple1.patch
new file mode 100644
index 000000000..d4d49e7fc
--- /dev/null
+++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple1.patch
@@ -0,0 +1,191 @@
+The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
+result in unauthenticated clients gaining access to the network.
+
+Backport a number of patches from upstream to fix this.
+
+CVE: CVE-2017-13077
+CVE: CVE-2017-13078
+CVE: CVE-2017-13079
+CVE: CVE-2017-13080
+CVE: CVE-2017-13081
+CVE: CVE-2017-13082
+CVE: CVE-2017-13086
+CVE: CVE-2017-13087
+CVE: CVE-2017-13088
+
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+Date: Fri, 14 Jul 2017 15:15:35 +0200
+Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake
+
+Do not reinstall TK to the driver during Reassociation Response frame
+processing if the first attempt of setting the TK succeeded. This avoids
+issues related to clearing the TX/RX PN that could result in reusing
+same PN values for transmitted frames (e.g., due to CCM nonce reuse and
+also hitting replay protection on the receiver) and accepting replayed
+frames on RX side.
+
+This issue was introduced by the commit
+0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in
+authenticator') which allowed wpa_ft_install_ptk() to be called multiple
+times with the same PTK. While the second configuration attempt is
+needed with some drivers, it must be done only if the first attempt
+failed.
+
+Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+---
+ src/ap/ieee802_11.c | 16 +++++++++++++---
+ src/ap/wpa_auth.c | 11 +++++++++++
+ src/ap/wpa_auth.h | 3 ++-
+ src/ap/wpa_auth_ft.c | 10 ++++++++++
+ src/ap/wpa_auth_i.h | 1 +
+ 5 files changed, 37 insertions(+), 4 deletions(-)
+
+diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
+index 4e04169..333035f 100644
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd,
+ {
+ struct ieee80211_ht_capabilities ht_cap;
+ struct ieee80211_vht_capabilities vht_cap;
++ int set = 1;
+
+ /*
+ * Remove the STA entry to ensure the STA PS state gets cleared and
+@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd,
+ * FT-over-the-DS, where a station re-associates back to the same AP but
+ * skips the authentication flow, or if working with a driver that
+ * does not support full AP client state.
++ *
++ * Skip this if the STA has already completed FT reassociation and the
++ * TK has been configured since the TX/RX PN must not be reset to 0 for
++ * the same key.
+ */
+- if (!sta->added_unassoc)
++ if (!sta->added_unassoc &&
++ (!(sta->flags & WLAN_STA_AUTHORIZED) ||
++ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) {
+ hostapd_drv_sta_remove(hapd, sta->addr);
++ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
++ set = 0;
++ }
+
+ #ifdef CONFIG_IEEE80211N
+ if (sta->flags & WLAN_STA_HT)
+@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd,
+ sta->flags & WLAN_STA_VHT ? &vht_cap : NULL,
+ sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
+ sta->vht_opmode, sta->p2p_ie ? 1 : 0,
+- sta->added_unassoc)) {
++ set)) {
+ hostapd_logger(hapd, sta->addr,
+ HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE,
+ "Could not %s STA to kernel driver",
+- sta->added_unassoc ? "set" : "add");
++ set ? "set" : "add");
+
+ if (sta->added_unassoc) {
+ hostapd_drv_sta_remove(hapd, sta->addr);
+diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
+index 3587086..707971d 100644
+--- a/src/ap/wpa_auth.c
++++ b/src/ap/wpa_auth.c
+@@ -1745,6 +1745,9 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event)
+ #else /* CONFIG_IEEE80211R */
+ break;
+ #endif /* CONFIG_IEEE80211R */
++ case WPA_DRV_STA_REMOVED:
++ sm->tk_already_set = FALSE;
++ return 0;
+ }
+
+ #ifdef CONFIG_IEEE80211R
+@@ -3250,6 +3253,14 @@ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
+ }
+
+
++int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm)
++{
++ if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt))
++ return 0;
++ return sm->tk_already_set;
++}
++
++
+ int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
+ struct rsn_pmksa_cache_entry *entry)
+ {
+diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
+index 0de8d97..97461b0 100644
+--- a/src/ap/wpa_auth.h
++++ b/src/ap/wpa_auth.h
+@@ -267,7 +267,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
+ u8 *data, size_t data_len);
+ enum wpa_event {
+ WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH,
+- WPA_REAUTH_EAPOL, WPA_ASSOC_FT
++ WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_DRV_STA_REMOVED
+ };
+ void wpa_remove_ptk(struct wpa_state_machine *sm);
+ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event);
+@@ -280,6 +280,7 @@ int wpa_auth_pairwise_set(struct wpa_state_machine *sm);
+ int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
+ int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
+ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
++int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm);
+ int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
+ struct rsn_pmksa_cache_entry *entry);
+ struct rsn_pmksa_cache_entry *
+diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
+index 42242a5..e63b99a 100644
+--- a/src/ap/wpa_auth_ft.c
++++ b/src/ap/wpa_auth_ft.c
+@@ -780,6 +780,14 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
+ return;
+ }
+
++ if (sm->tk_already_set) {
++ /* Must avoid TK reconfiguration to prevent clearing of TX/RX
++ * PN in the driver */
++ wpa_printf(MSG_DEBUG,
++ "FT: Do not re-install same PTK to the driver");
++ return;
++ }
++
+ /* FIX: add STA entry to kernel/driver here? The set_key will fail
+ * most likely without this.. At the moment, STA entry is added only
+ * after association has been completed. This function will be called
+@@ -792,6 +800,7 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
+
+ /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
+ sm->pairwise_set = TRUE;
++ sm->tk_already_set = TRUE;
+ }
+
+
+@@ -898,6 +907,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm,
+
+ sm->pairwise = pairwise;
+ sm->PTK_valid = TRUE;
++ sm->tk_already_set = FALSE;
+ wpa_ft_install_ptk(sm);
+
+ buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
+diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h
+index 72b7eb3..7fd8f05 100644
+--- a/src/ap/wpa_auth_i.h
++++ b/src/ap/wpa_auth_i.h
+@@ -65,6 +65,7 @@ struct wpa_state_machine {
+ struct wpa_ptk PTK;
+ Boolean PTK_valid;
+ Boolean pairwise_set;
++ Boolean tk_already_set;
+ int keycount;
+ Boolean Pair;
+ struct wpa_key_replay_counter {
+--
+2.7.4 \ No newline at end of file
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple2.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple2.patch
new file mode 100644
index 000000000..501bb4b56
--- /dev/null
+++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple2.patch
@@ -0,0 +1,267 @@
+The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
+result in unauthenticated clients gaining access to the network.
+
+Backport a number of patches from upstream to fix this.
+
+CVE: CVE-2017-13077
+CVE: CVE-2017-13078
+CVE: CVE-2017-13079
+CVE: CVE-2017-13080
+CVE: CVE-2017-13081
+CVE: CVE-2017-13082
+CVE: CVE-2017-13086
+CVE: CVE-2017-13087
+CVE: CVE-2017-13088
+
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From 927f891007c402fefd1ff384645b3f07597c3ede Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+Date: Wed, 12 Jul 2017 16:03:24 +0200
+Subject: [PATCH 2/8] Prevent reinstallation of an already in-use group key
+
+Track the current GTK and IGTK that is in use and when receiving a
+(possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do
+not install the given key if it is already in use. This prevents an
+attacker from trying to trick the client into resetting or lowering the
+sequence counter associated to the group key.
+
+Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+---
+ src/common/wpa_common.h | 11 +++++
+ src/rsn_supp/wpa.c | 116 ++++++++++++++++++++++++++++++------------------
+ src/rsn_supp/wpa_i.h | 4 ++
+ 3 files changed, 87 insertions(+), 44 deletions(-)
+
+diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
+index af1d0f0..d200285 100644
+--- a/src/common/wpa_common.h
++++ b/src/common/wpa_common.h
+@@ -217,6 +217,17 @@ struct wpa_ptk {
+ size_t tk_len;
+ };
+
++struct wpa_gtk {
++ u8 gtk[WPA_GTK_MAX_LEN];
++ size_t gtk_len;
++};
++
++#ifdef CONFIG_IEEE80211W
++struct wpa_igtk {
++ u8 igtk[WPA_IGTK_MAX_LEN];
++ size_t igtk_len;
++};
++#endif /* CONFIG_IEEE80211W */
+
+ /* WPA IE version 1
+ * 00-50-f2:1 (OUI:OUI type)
+diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
+index 3c47879..95bd7be 100644
+--- a/src/rsn_supp/wpa.c
++++ b/src/rsn_supp/wpa.c
+@@ -714,6 +714,15 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
+ const u8 *_gtk = gd->gtk;
+ u8 gtk_buf[32];
+
++ /* Detect possible key reinstallation */
++ if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
++ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
++ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
++ "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
++ gd->keyidx, gd->tx, gd->gtk_len);
++ return 0;
++ }
++
+ wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
+@@ -748,6 +757,9 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
+ }
+ os_memset(gtk_buf, 0, sizeof(gtk_buf));
+
++ sm->gtk.gtk_len = gd->gtk_len;
++ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
++
+ return 0;
+ }
+
+@@ -854,6 +866,48 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
+ }
+
+
++#ifdef CONFIG_IEEE80211W
++static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
++ const struct wpa_igtk_kde *igtk)
++{
++ size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
++ u16 keyidx = WPA_GET_LE16(igtk->keyid);
++
++ /* Detect possible key reinstallation */
++ if (sm->igtk.igtk_len == len &&
++ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
++ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
++ "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
++ keyidx);
++ return 0;
++ }
++
++ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
++ "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x",
++ keyidx, MAC2STR(igtk->pn));
++ wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len);
++ if (keyidx > 4095) {
++ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
++ "WPA: Invalid IGTK KeyID %d", keyidx);
++ return -1;
++ }
++ if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
++ broadcast_ether_addr,
++ keyidx, 0, igtk->pn, sizeof(igtk->pn),
++ igtk->igtk, len) < 0) {
++ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
++ "WPA: Failed to configure IGTK to the driver");
++ return -1;
++ }
++
++ sm->igtk.igtk_len = len;
++ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
++
++ return 0;
++}
++#endif /* CONFIG_IEEE80211W */
++
++
+ static int ieee80211w_set_keys(struct wpa_sm *sm,
+ struct wpa_eapol_ie_parse *ie)
+ {
+@@ -864,30 +918,14 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
+ if (ie->igtk) {
+ size_t len;
+ const struct wpa_igtk_kde *igtk;
+- u16 keyidx;
++
+ len = wpa_cipher_key_len(sm->mgmt_group_cipher);
+ if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len)
+ return -1;
++
+ igtk = (const struct wpa_igtk_kde *) ie->igtk;
+- keyidx = WPA_GET_LE16(igtk->keyid);
+- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d "
+- "pn %02x%02x%02x%02x%02x%02x",
+- keyidx, MAC2STR(igtk->pn));
+- wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK",
+- igtk->igtk, len);
+- if (keyidx > 4095) {
+- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+- "WPA: Invalid IGTK KeyID %d", keyidx);
+- return -1;
+- }
+- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
+- broadcast_ether_addr,
+- keyidx, 0, igtk->pn, sizeof(igtk->pn),
+- igtk->igtk, len) < 0) {
+- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+- "WPA: Failed to configure IGTK to the driver");
++ if (wpa_supplicant_install_igtk(sm, igtk) < 0)
+ return -1;
+- }
+ }
+
+ return 0;
+@@ -2307,7 +2345,7 @@ void wpa_sm_deinit(struct wpa_sm *sm)
+ */
+ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
+ {
+- int clear_ptk = 1;
++ int clear_keys = 1;
+
+ if (sm == NULL)
+ return;
+@@ -2333,11 +2371,11 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
+ /* Prepare for the next transition */
+ wpa_ft_prepare_auth_request(sm, NULL);
+
+- clear_ptk = 0;
++ clear_keys = 0;
+ }
+ #endif /* CONFIG_IEEE80211R */
+
+- if (clear_ptk) {
++ if (clear_keys) {
+ /*
+ * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
+ * this is not part of a Fast BSS Transition.
+@@ -2347,6 +2385,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
+ os_memset(&sm->ptk, 0, sizeof(sm->ptk));
+ sm->tptk_set = 0;
+ os_memset(&sm->tptk, 0, sizeof(sm->tptk));
++ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
++#ifdef CONFIG_IEEE80211W
++ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
++#endif /* CONFIG_IEEE80211W */
+ }
+
+ #ifdef CONFIG_TDLS
+@@ -2877,6 +2919,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
+ os_memset(sm->pmk, 0, sizeof(sm->pmk));
+ os_memset(&sm->ptk, 0, sizeof(sm->ptk));
+ os_memset(&sm->tptk, 0, sizeof(sm->tptk));
++ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
++#ifdef CONFIG_IEEE80211W
++ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
++#endif /* CONFIG_IEEE80211W */
+ #ifdef CONFIG_IEEE80211R
+ os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
+ os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0));
+@@ -2949,29 +2995,11 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
+ os_memset(&gd, 0, sizeof(gd));
+ #ifdef CONFIG_IEEE80211W
+ } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) {
+- struct wpa_igtk_kde igd;
+- u16 keyidx;
+-
+- os_memset(&igd, 0, sizeof(igd));
+- keylen = wpa_cipher_key_len(sm->mgmt_group_cipher);
+- os_memcpy(igd.keyid, buf + 2, 2);
+- os_memcpy(igd.pn, buf + 4, 6);
+-
+- keyidx = WPA_GET_LE16(igd.keyid);
+- os_memcpy(igd.igtk, buf + 10, keylen);
+-
+- wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)",
+- igd.igtk, keylen);
+- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
+- broadcast_ether_addr,
+- keyidx, 0, igd.pn, sizeof(igd.pn),
+- igd.igtk, keylen) < 0) {
+- wpa_printf(MSG_DEBUG, "Failed to install the IGTK in "
+- "WNM mode");
+- os_memset(&igd, 0, sizeof(igd));
++ const struct wpa_igtk_kde *igtk;
++
++ igtk = (const struct wpa_igtk_kde *) (buf + 2);
++ if (wpa_supplicant_install_igtk(sm, igtk) < 0)
+ return -1;
+- }
+- os_memset(&igd, 0, sizeof(igd));
+ #endif /* CONFIG_IEEE80211W */
+ } else {
+ wpa_printf(MSG_DEBUG, "Unknown element id");
+diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
+index f653ba6..afc9e37 100644
+--- a/src/rsn_supp/wpa_i.h
++++ b/src/rsn_supp/wpa_i.h
+@@ -31,6 +31,10 @@ struct wpa_sm {
+ u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN];
+ int rx_replay_counter_set;
+ u8 request_counter[WPA_REPLAY_COUNTER_LEN];
++ struct wpa_gtk gtk;
++#ifdef CONFIG_IEEE80211W
++ struct wpa_igtk igtk;
++#endif /* CONFIG_IEEE80211W */
+
+ struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
+
+--
+2.7.4 \ No newline at end of file
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple3.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple3.patch
new file mode 100644
index 000000000..2e2265585
--- /dev/null
+++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple3.patch
@@ -0,0 +1,201 @@
+The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
+result in unauthenticated clients gaining access to the network.
+
+Backport a number of patches from upstream to fix this.
+
+CVE: CVE-2017-13077
+CVE: CVE-2017-13078
+CVE: CVE-2017-13079
+CVE: CVE-2017-13080
+CVE: CVE-2017-13081
+CVE: CVE-2017-13082
+CVE: CVE-2017-13086
+CVE: CVE-2017-13087
+CVE: CVE-2017-13088
+
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From 8280294e74846ea342389a0cd17215050fa5afe8 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sun, 1 Oct 2017 12:12:24 +0300
+Subject: [PATCH 3/8] Extend protection of GTK/IGTK reinstallation of WNM-Sleep
+ Mode cases
+
+This extends the protection to track last configured GTK/IGTK value
+separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a
+corner case where these two different mechanisms may get used when the
+GTK/IGTK has changed and tracking a single value is not sufficient to
+detect a possible key reconfiguration.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/rsn_supp/wpa.c | 53 +++++++++++++++++++++++++++++++++++++---------------
+ src/rsn_supp/wpa_i.h | 2 ++
+ 2 files changed, 40 insertions(+), 15 deletions(-)
+
+diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
+index 95bd7be..7a2c68d 100644
+--- a/src/rsn_supp/wpa.c
++++ b/src/rsn_supp/wpa.c
+@@ -709,14 +709,17 @@ struct wpa_gtk_data {
+
+ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
+ const struct wpa_gtk_data *gd,
+- const u8 *key_rsc)
++ const u8 *key_rsc, int wnm_sleep)
+ {
+ const u8 *_gtk = gd->gtk;
+ u8 gtk_buf[32];
+
+ /* Detect possible key reinstallation */
+- if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
+- os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
++ if ((sm->gtk.gtk_len == (size_t) gd->gtk_len &&
++ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) ||
++ (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len &&
++ os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk,
++ sm->gtk_wnm_sleep.gtk_len) == 0)) {
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
+ gd->keyidx, gd->tx, gd->gtk_len);
+@@ -757,8 +760,14 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
+ }
+ os_memset(gtk_buf, 0, sizeof(gtk_buf));
+
+- sm->gtk.gtk_len = gd->gtk_len;
+- os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
++ if (wnm_sleep) {
++ sm->gtk_wnm_sleep.gtk_len = gd->gtk_len;
++ os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk,
++ sm->gtk_wnm_sleep.gtk_len);
++ } else {
++ sm->gtk.gtk_len = gd->gtk_len;
++ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
++ }
+
+ return 0;
+ }
+@@ -852,7 +861,7 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
+ (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
+ gtk_len, gtk_len,
+ &gd.key_rsc_len, &gd.alg) ||
+- wpa_supplicant_install_gtk(sm, &gd, key_rsc))) {
++ wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) {
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "RSN: Failed to install GTK");
+ os_memset(&gd, 0, sizeof(gd));
+@@ -868,14 +877,18 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
+
+ #ifdef CONFIG_IEEE80211W
+ static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
+- const struct wpa_igtk_kde *igtk)
++ const struct wpa_igtk_kde *igtk,
++ int wnm_sleep)
+ {
+ size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
+ u16 keyidx = WPA_GET_LE16(igtk->keyid);
+
+ /* Detect possible key reinstallation */
+- if (sm->igtk.igtk_len == len &&
+- os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
++ if ((sm->igtk.igtk_len == len &&
++ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) ||
++ (sm->igtk_wnm_sleep.igtk_len == len &&
++ os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk,
++ sm->igtk_wnm_sleep.igtk_len) == 0)) {
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
+ keyidx);
+@@ -900,8 +913,14 @@ static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
+ return -1;
+ }
+
+- sm->igtk.igtk_len = len;
+- os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
++ if (wnm_sleep) {
++ sm->igtk_wnm_sleep.igtk_len = len;
++ os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk,
++ sm->igtk_wnm_sleep.igtk_len);
++ } else {
++ sm->igtk.igtk_len = len;
++ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
++ }
+
+ return 0;
+ }
+@@ -924,7 +943,7 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
+ return -1;
+
+ igtk = (const struct wpa_igtk_kde *) ie->igtk;
+- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
++ if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0)
+ return -1;
+ }
+
+@@ -1574,7 +1593,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
+ if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
+ key_rsc = null_rsc;
+
+- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) ||
++ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) ||
+ wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0)
+ goto failed;
+ os_memset(&gd, 0, sizeof(gd));
+@@ -2386,8 +2405,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
+ sm->tptk_set = 0;
+ os_memset(&sm->tptk, 0, sizeof(sm->tptk));
+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
++ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
+ #ifdef CONFIG_IEEE80211W
+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
++ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
+ #endif /* CONFIG_IEEE80211W */
+ }
+
+@@ -2920,8 +2941,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
+ os_memset(&sm->ptk, 0, sizeof(sm->ptk));
+ os_memset(&sm->tptk, 0, sizeof(sm->tptk));
+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
++ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
+ #ifdef CONFIG_IEEE80211W
+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
++ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
+ #endif /* CONFIG_IEEE80211W */
+ #ifdef CONFIG_IEEE80211R
+ os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
+@@ -2986,7 +3009,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
+
+ wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
+ gd.gtk, gd.gtk_len);
+- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) {
++ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) {
+ os_memset(&gd, 0, sizeof(gd));
+ wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
+ "WNM mode");
+@@ -2998,7 +3021,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
+ const struct wpa_igtk_kde *igtk;
+
+ igtk = (const struct wpa_igtk_kde *) (buf + 2);
+- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
++ if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0)
+ return -1;
+ #endif /* CONFIG_IEEE80211W */
+ } else {
+diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
+index afc9e37..9a54631 100644
+--- a/src/rsn_supp/wpa_i.h
++++ b/src/rsn_supp/wpa_i.h
+@@ -32,8 +32,10 @@ struct wpa_sm {
+ int rx_replay_counter_set;
+ u8 request_counter[WPA_REPLAY_COUNTER_LEN];
+ struct wpa_gtk gtk;
++ struct wpa_gtk gtk_wnm_sleep;
+ #ifdef CONFIG_IEEE80211W
+ struct wpa_igtk igtk;
++ struct wpa_igtk igtk_wnm_sleep;
+ #endif /* CONFIG_IEEE80211W */
+
+ struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
+--
+2.7.4 \ No newline at end of file
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple4.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple4.patch
new file mode 100644
index 000000000..6c1948696
--- /dev/null
+++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple4.patch
@@ -0,0 +1,96 @@
+The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
+result in unauthenticated clients gaining access to the network.
+
+Backport a number of patches from upstream to fix this.
+
+CVE: CVE-2017-13077
+CVE: CVE-2017-13078
+CVE: CVE-2017-13079
+CVE: CVE-2017-13080
+CVE: CVE-2017-13081
+CVE: CVE-2017-13082
+CVE: CVE-2017-13086
+CVE: CVE-2017-13087
+CVE: CVE-2017-13088
+
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From 8f82bc94e8697a9d47fa8774dfdaaede1084912c Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+Date: Fri, 29 Sep 2017 04:22:51 +0200
+Subject: [PATCH 4/8] Prevent installation of an all-zero TK
+
+Properly track whether a PTK has already been installed to the driver
+and the TK part cleared from memory. This prevents an attacker from
+trying to trick the client into installing an all-zero TK.
+
+This fixes the earlier fix in commit
+ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the
+driver in EAPOL-Key 3/4 retry case') which did not take into account
+possibility of an extra message 1/4 showing up between retries of
+message 3/4.
+
+Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+---
+ src/common/wpa_common.h | 1 +
+ src/rsn_supp/wpa.c | 5 ++---
+ src/rsn_supp/wpa_i.h | 1 -
+ 3 files changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
+index d200285..1021ccb 100644
+--- a/src/common/wpa_common.h
++++ b/src/common/wpa_common.h
+@@ -215,6 +215,7 @@ struct wpa_ptk {
+ size_t kck_len;
+ size_t kek_len;
+ size_t tk_len;
++ int installed; /* 1 if key has already been installed to driver */
+ };
+
+ struct wpa_gtk {
+diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
+index 7a2c68d..0550a41 100644
+--- a/src/rsn_supp/wpa.c
++++ b/src/rsn_supp/wpa.c
+@@ -510,7 +510,6 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
+ os_memset(buf, 0, sizeof(buf));
+ }
+ sm->tptk_set = 1;
+- sm->tk_to_set = 1;
+
+ kde = sm->assoc_wpa_ie;
+ kde_len = sm->assoc_wpa_ie_len;
+@@ -615,7 +614,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
+ enum wpa_alg alg;
+ const u8 *key_rsc;
+
+- if (!sm->tk_to_set) {
++ if (sm->ptk.installed) {
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "WPA: Do not re-install same PTK to the driver");
+ return 0;
+@@ -659,7 +658,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
+
+ /* TK is not needed anymore in supplicant */
+ os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
+- sm->tk_to_set = 0;
++ sm->ptk.installed = 1;
+
+ if (sm->wpa_ptk_rekey) {
+ eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
+diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
+index 9a54631..41f371f 100644
+--- a/src/rsn_supp/wpa_i.h
++++ b/src/rsn_supp/wpa_i.h
+@@ -24,7 +24,6 @@ struct wpa_sm {
+ struct wpa_ptk ptk, tptk;
+ int ptk_set, tptk_set;
+ unsigned int msg_3_of_4_ok:1;
+- unsigned int tk_to_set:1;
+ u8 snonce[WPA_NONCE_LEN];
+ u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */
+ int renew_snonce;
+--
+2.7.4 \ No newline at end of file
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple5.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple5.patch
new file mode 100644
index 000000000..b262dcac5
--- /dev/null
+++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple5.patch
@@ -0,0 +1,81 @@
+The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
+result in unauthenticated clients gaining access to the network.
+
+Backport a number of patches from upstream to fix this.
+
+CVE: CVE-2017-13077
+CVE: CVE-2017-13078
+CVE: CVE-2017-13079
+CVE: CVE-2017-13080
+CVE: CVE-2017-13081
+CVE: CVE-2017-13082
+CVE: CVE-2017-13086
+CVE: CVE-2017-13087
+CVE: CVE-2017-13088
+
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From 12fac09b437a1dc8a0f253e265934a8aaf4d2f8b Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sun, 1 Oct 2017 12:32:57 +0300
+Subject: [PATCH 5/8] Fix PTK rekeying to generate a new ANonce
+
+The Authenticator state machine path for PTK rekeying ended up bypassing
+the AUTHENTICATION2 state where a new ANonce is generated when going
+directly to the PTKSTART state since there is no need to try to
+determine the PMK again in such a case. This is far from ideal since the
+new PTK would depend on a new nonce only from the supplicant.
+
+Fix this by generating a new ANonce when moving to the PTKSTART state
+for the purpose of starting new 4-way handshake to rekey PTK.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/ap/wpa_auth.c | 24 +++++++++++++++++++++---
+ 1 file changed, 21 insertions(+), 3 deletions(-)
+
+diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
+index 707971d..bf10cc1 100644
+--- a/src/ap/wpa_auth.c
++++ b/src/ap/wpa_auth.c
+@@ -1901,6 +1901,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2)
+ }
+
+
++static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm)
++{
++ if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
++ wpa_printf(MSG_ERROR,
++ "WPA: Failed to get random data for ANonce");
++ sm->Disconnect = TRUE;
++ return -1;
++ }
++ wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce,
++ WPA_NONCE_LEN);
++ sm->TimeoutCtr = 0;
++ return 0;
++}
++
++
+ SM_STATE(WPA_PTK, INITPMK)
+ {
+ u8 msk[2 * PMK_LEN];
+@@ -2458,9 +2473,12 @@ SM_STEP(WPA_PTK)
+ SM_ENTER(WPA_PTK, AUTHENTICATION);
+ else if (sm->ReAuthenticationRequest)
+ SM_ENTER(WPA_PTK, AUTHENTICATION2);
+- else if (sm->PTKRequest)
+- SM_ENTER(WPA_PTK, PTKSTART);
+- else switch (sm->wpa_ptk_state) {
++ else if (sm->PTKRequest) {
++ if (wpa_auth_sm_ptk_update(sm) < 0)
++ SM_ENTER(WPA_PTK, DISCONNECTED);
++ else
++ SM_ENTER(WPA_PTK, PTKSTART);
++ } else switch (sm->wpa_ptk_state) {
+ case WPA_PTK_INITIALIZE:
+ break;
+ case WPA_PTK_DISCONNECT:
+--
+2.7.4 \ No newline at end of file
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple6.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple6.patch
new file mode 100644
index 000000000..15183f40c
--- /dev/null
+++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple6.patch
@@ -0,0 +1,149 @@
+The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
+result in unauthenticated clients gaining access to the network.
+
+Backport a number of patches from upstream to fix this.
+
+CVE: CVE-2017-13077
+CVE: CVE-2017-13078
+CVE: CVE-2017-13079
+CVE: CVE-2017-13080
+CVE: CVE-2017-13081
+CVE: CVE-2017-13082
+CVE: CVE-2017-13086
+CVE: CVE-2017-13087
+CVE: CVE-2017-13088
+
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From 6c4bed4f47d1960ec04981a9d50e5076aea5223d Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Fri, 22 Sep 2017 11:03:15 +0300
+Subject: [PATCH 6/8] TDLS: Reject TPK-TK reconfiguration
+
+Do not try to reconfigure the same TPK-TK to the driver after it has
+been successfully configured. This is an explicit check to avoid issues
+related to resetting the TX/RX packet number. There was already a check
+for this for TPK M2 (retries of that message are ignored completely), so
+that behavior does not get modified.
+
+For TPK M3, the TPK-TK could have been reconfigured, but that was
+followed by immediate teardown of the link due to an issue in updating
+the STA entry. Furthermore, for TDLS with any real security (i.e.,
+ignoring open/WEP), the TPK message exchange is protected on the AP path
+and simple replay attacks are not feasible.
+
+As an additional corner case, make sure the local nonce gets updated if
+the peer uses a very unlikely "random nonce" of all zeros.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/rsn_supp/tdls.c | 38 ++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 36 insertions(+), 2 deletions(-)
+
+diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c
+index e424168..9eb9738 100644
+--- a/src/rsn_supp/tdls.c
++++ b/src/rsn_supp/tdls.c
+@@ -112,6 +112,7 @@ struct wpa_tdls_peer {
+ u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */
+ } tpk;
+ int tpk_set;
++ int tk_set; /* TPK-TK configured to the driver */
+ int tpk_success;
+ int tpk_in_progress;
+
+@@ -192,6 +193,20 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
+ u8 rsc[6];
+ enum wpa_alg alg;
+
++ if (peer->tk_set) {
++ /*
++ * This same TPK-TK has already been configured to the driver
++ * and this new configuration attempt (likely due to an
++ * unexpected retransmitted frame) would result in clearing
++ * the TX/RX sequence number which can break security, so must
++ * not allow that to happen.
++ */
++ wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR
++ " has already been configured to the driver - do not reconfigure",
++ MAC2STR(peer->addr));
++ return -1;
++ }
++
+ os_memset(rsc, 0, 6);
+
+ switch (peer->cipher) {
+@@ -209,12 +224,15 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
+ return -1;
+ }
+
++ wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR,
++ MAC2STR(peer->addr));
+ if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1,
+ rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) {
+ wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the "
+ "driver");
+ return -1;
+ }
++ peer->tk_set = 1;
+ return 0;
+ }
+
+@@ -696,7 +714,7 @@ static void wpa_tdls_peer_clear(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
+ peer->cipher = 0;
+ peer->qos_info = 0;
+ peer->wmm_capable = 0;
+- peer->tpk_set = peer->tpk_success = 0;
++ peer->tk_set = peer->tpk_set = peer->tpk_success = 0;
+ peer->chan_switch_enabled = 0;
+ os_memset(&peer->tpk, 0, sizeof(peer->tpk));
+ os_memset(peer->inonce, 0, WPA_NONCE_LEN);
+@@ -1159,6 +1177,7 @@ skip_rsnie:
+ wpa_tdls_peer_free(sm, peer);
+ return -1;
+ }
++ peer->tk_set = 0; /* A new nonce results in a new TK */
+ wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake",
+ peer->inonce, WPA_NONCE_LEN);
+ os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN);
+@@ -1751,6 +1770,19 @@ static int wpa_tdls_addset_peer(struct wpa_sm *sm, struct wpa_tdls_peer *peer,
+ }
+
+
++static int tdls_nonce_set(const u8 *nonce)
++{
++ int i;
++
++ for (i = 0; i < WPA_NONCE_LEN; i++) {
++ if (nonce[i])
++ return 1;
++ }
++
++ return 0;
++}
++
++
+ static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr,
+ const u8 *buf, size_t len)
+ {
+@@ -2004,7 +2036,8 @@ skip_rsn:
+ peer->rsnie_i_len = kde.rsn_ie_len;
+ peer->cipher = cipher;
+
+- if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) {
++ if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 ||
++ !tdls_nonce_set(peer->inonce)) {
+ /*
+ * There is no point in updating the RNonce for every obtained
+ * TPK M1 frame (e.g., retransmission due to timeout) with the
+@@ -2020,6 +2053,7 @@ skip_rsn:
+ "TDLS: Failed to get random data for responder nonce");
+ goto error;
+ }
++ peer->tk_set = 0; /* A new nonce results in a new TK */
+ }
+
+ #if 0
+--
+2.7.4 \ No newline at end of file
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple7.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple7.patch
new file mode 100644
index 000000000..2e12bc755
--- /dev/null
+++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple7.patch
@@ -0,0 +1,60 @@
+The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
+result in unauthenticated clients gaining access to the network.
+
+Backport a number of patches from upstream to fix this.
+
+CVE: CVE-2017-13077
+CVE: CVE-2017-13078
+CVE: CVE-2017-13079
+CVE: CVE-2017-13080
+CVE: CVE-2017-13081
+CVE: CVE-2017-13082
+CVE: CVE-2017-13086
+CVE: CVE-2017-13087
+CVE: CVE-2017-13088
+
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From 53c5eb58e95004f86e65ee9fbfccbc291b139057 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Fri, 22 Sep 2017 11:25:02 +0300
+Subject: [PATCH 7/8] WNM: Ignore WNM-Sleep Mode Response without pending
+ request
+
+Commit 03ed0a52393710be6bdae657d1b36efa146520e5 ('WNM: Ignore WNM-Sleep
+Mode Response if WNM-Sleep Mode has not been used') started ignoring the
+response when no WNM-Sleep Mode Request had been used during the
+association. This can be made tighter by clearing the used flag when
+successfully processing a response. This adds an additional layer of
+protection against unexpected retransmissions of the response frame.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ wpa_supplicant/wnm_sta.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c
+index 1b3409c..67a07ff 100644
+--- a/wpa_supplicant/wnm_sta.c
++++ b/wpa_supplicant/wnm_sta.c
+@@ -260,7 +260,7 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s,
+
+ if (!wpa_s->wnmsleep_used) {
+ wpa_printf(MSG_DEBUG,
+- "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode has not been used in this association");
++ "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode operation has not been requested");
+ return;
+ }
+
+@@ -299,6 +299,8 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s,
+ return;
+ }
+
++ wpa_s->wnmsleep_used = 0;
++
+ if (wnmsleep_ie->status == WNM_STATUS_SLEEP_ACCEPT ||
+ wnmsleep_ie->status == WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) {
+ wpa_printf(MSG_DEBUG, "Successfully recv WNM-Sleep Response "
+--
+2.7.4 \ No newline at end of file
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple8.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple8.patch
new file mode 100644
index 000000000..7f5390c31
--- /dev/null
+++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple8.patch
@@ -0,0 +1,99 @@
+The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
+result in unauthenticated clients gaining access to the network.
+
+Backport a number of patches from upstream to fix this.
+
+CVE: CVE-2017-13077
+CVE: CVE-2017-13078
+CVE: CVE-2017-13079
+CVE: CVE-2017-13080
+CVE: CVE-2017-13081
+CVE: CVE-2017-13082
+CVE: CVE-2017-13086
+CVE: CVE-2017-13087
+CVE: CVE-2017-13088
+
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From b372ab0b7daea719749194dc554b26e6367603f2 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Fri, 22 Sep 2017 12:06:37 +0300
+Subject: [PATCH 8/8] FT: Do not allow multiple Reassociation Response frames
+
+The driver is expected to not report a second association event without
+the station having explicitly request a new association. As such, this
+case should not be reachable. However, since reconfiguring the same
+pairwise or group keys to the driver could result in nonce reuse issues,
+be extra careful here and do an additional state check to avoid this
+even if the local driver ends up somehow accepting an unexpected
+Reassociation Response frame.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/rsn_supp/wpa.c | 3 +++
+ src/rsn_supp/wpa_ft.c | 8 ++++++++
+ src/rsn_supp/wpa_i.h | 1 +
+ 3 files changed, 12 insertions(+)
+
+diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
+index 0550a41..2a53c6f 100644
+--- a/src/rsn_supp/wpa.c
++++ b/src/rsn_supp/wpa.c
+@@ -2440,6 +2440,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm)
+ #ifdef CONFIG_TDLS
+ wpa_tdls_disassoc(sm);
+ #endif /* CONFIG_TDLS */
++#ifdef CONFIG_IEEE80211R
++ sm->ft_reassoc_completed = 0;
++#endif /* CONFIG_IEEE80211R */
+
+ /* Keys are not needed in the WPA state machine anymore */
+ wpa_sm_drop_sa(sm);
+diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c
+index 205793e..d45bb45 100644
+--- a/src/rsn_supp/wpa_ft.c
++++ b/src/rsn_supp/wpa_ft.c
+@@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len,
+ u16 capab;
+
+ sm->ft_completed = 0;
++ sm->ft_reassoc_completed = 0;
+
+ buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
+ 2 + sm->r0kh_id_len + ric_ies_len + 100;
+@@ -681,6 +682,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
+ return -1;
+ }
+
++ if (sm->ft_reassoc_completed) {
++ wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission");
++ return 0;
++ }
++
+ if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
+ wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs");
+ return -1;
+@@ -781,6 +787,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
+ return -1;
+ }
+
++ sm->ft_reassoc_completed = 1;
++
+ if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0)
+ return -1;
+
+diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
+index 41f371f..56f88dc 100644
+--- a/src/rsn_supp/wpa_i.h
++++ b/src/rsn_supp/wpa_i.h
+@@ -128,6 +128,7 @@ struct wpa_sm {
+ size_t r0kh_id_len;
+ u8 r1kh_id[FT_R1KH_ID_LEN];
+ int ft_completed;
++ int ft_reassoc_completed;
+ int over_the_ds_in_progress;
+ u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */
+ int set_ptk_after_assoc;
+--
+2.7.4 \ No newline at end of file
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb
index d6d4206a5..e68453748 100644
--- a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb
+++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb
@@ -24,7 +24,14 @@ SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \
file://wpa_supplicant.conf \
file://wpa_supplicant.conf-sane \
file://99_wpa_supplicant \
- file://key-replay-cve-multiple.patch \
+ file://key-replay-cve-multiple1.patch \
+ file://key-replay-cve-multiple2.patch \
+ file://key-replay-cve-multiple3.patch \
+ file://key-replay-cve-multiple4.patch \
+ file://key-replay-cve-multiple5.patch \
+ file://key-replay-cve-multiple6.patch \
+ file://key-replay-cve-multiple7.patch \
+ file://key-replay-cve-multiple8.patch \
"
SRC_URI[md5sum] = "091569eb4440b7d7f2b4276dbfc03c3c"
SRC_URI[sha256sum] = "b4936d34c4e6cdd44954beba74296d964bc2c9668ecaa5255e499636fe2b1450"
diff --git a/poky/meta/recipes-core/busybox/busybox/busybox-fix-lzma-segfaults.patch b/poky/meta/recipes-core/busybox/busybox/busybox-fix-lzma-segfaults.patch
new file mode 100644
index 000000000..da6dfa802
--- /dev/null
+++ b/poky/meta/recipes-core/busybox/busybox/busybox-fix-lzma-segfaults.patch
@@ -0,0 +1,106 @@
+busybox-1.27.2: Fix lzma segfaults
+
+[No upstream tracking] -- https://bugs.busybox.net/show_bug.cgi?id=10871
+
+libarchive: check buffer index in lzma_decompress
+
+With specific defconfig busybox fails to check zip fileheader magic
+(archival/unzip.c) and uses (archival/libarchive/decompress_unlzma.c)
+for decompression which leads to segmentation fault. It prevents accessing into
+buffer, which is smaller than pos index. Patch includes multiple segmentation
+fault fixes.
+
+Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=a36986bb80289c1cd8d15a557e49207c9a42946b]
+bug: 10436 10871
+Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
+
+diff --git a/archival/libarchive/decompress_unlzma.c b/archival/libarchive/decompress_unlzma.c
+index a904087..29eee2a 100644
+--- a/archival/libarchive/decompress_unlzma.c
++++ b/archival/libarchive/decompress_unlzma.c
+@@ -11,6 +11,14 @@
+ #include "libbb.h"
+ #include "bb_archive.h"
+
++
++#if 0
++# define dbg(...) bb_error_msg(__VA_ARGS__)
++#else
++# define dbg(...) ((void)0)
++#endif
++
++
+ #if ENABLE_FEATURE_LZMA_FAST
+ # define speed_inline ALWAYS_INLINE
+ # define size_inline
+@@ -217,6 +225,7 @@ unpack_lzma_stream(transformer_state_t *xstate)
+ rc_t *rc;
+ int i;
+ uint8_t *buffer;
++ uint32_t buffer_size;
+ uint8_t previous_byte = 0;
+ size_t buffer_pos = 0, global_pos = 0;
+ int len = 0;
+@@ -246,7 +255,8 @@ unpack_lzma_stream(transformer_state_t *xstate)
+ if (header.dict_size == 0)
+ header.dict_size++;
+
+- buffer = xmalloc(MIN(header.dst_size, header.dict_size));
++ buffer_size = MIN(header.dst_size, header.dict_size);
++ buffer = xmalloc(buffer_size);
+
+ {
+ int num_probs;
+@@ -341,8 +351,12 @@ unpack_lzma_stream(transformer_state_t *xstate)
+ state = state < LZMA_NUM_LIT_STATES ? 9 : 11;
+
+ pos = buffer_pos - rep0;
+- if ((int32_t)pos < 0)
++ if ((int32_t)pos < 0) {
+ pos += header.dict_size;
++ /* see unzip_bad_lzma_2.zip: */
++ if (pos >= buffer_size)
++ goto bad;
++ }
+ previous_byte = buffer[pos];
+ goto one_byte1;
+ #else
+@@ -417,6 +431,10 @@ unpack_lzma_stream(transformer_state_t *xstate)
+ for (; num_bits2 != LZMA_NUM_ALIGN_BITS; num_bits2--)
+ rep0 = (rep0 << 1) | rc_direct_bit(rc);
+ rep0 <<= LZMA_NUM_ALIGN_BITS;
++ if ((int32_t)rep0 < 0) {
++ dbg("%d rep0:%d", __LINE__, rep0);
++ goto bad;
++ }
+ prob3 = p + LZMA_ALIGN;
+ }
+ i2 = 1;
+@@ -450,8 +468,12 @@ unpack_lzma_stream(transformer_state_t *xstate)
+ IF_NOT_FEATURE_LZMA_FAST(string:)
+ do {
+ uint32_t pos = buffer_pos - rep0;
+- if ((int32_t)pos < 0)
++ if ((int32_t)pos < 0) {
+ pos += header.dict_size;
++ /* more stringent test (see unzip_bad_lzma_1.zip): */
++ if (pos >= buffer_size)
++ goto bad;
++ }
+ previous_byte = buffer[pos];
+ IF_NOT_FEATURE_LZMA_FAST(one_byte2:)
+ buffer[buffer_pos++] = previous_byte;
+@@ -478,6 +500,12 @@ unpack_lzma_stream(transformer_state_t *xstate)
+ IF_DESKTOP(total_written += buffer_pos;)
+ if (transformer_write(xstate, buffer, buffer_pos) != (ssize_t)buffer_pos) {
+ bad:
++ /* One of our users, bbunpack(), expects _us_ to emit
++ * the error message (since it's the best place to give
++ * potentially more detailed information).
++ * Do not fail silently.
++ */
++ bb_error_msg("corrupted data");
+ total_written = -1; /* failure */
+ }
+ rc_free(rc);
+
diff --git a/poky/meta/recipes-core/busybox/busybox/umount-ignore-c.patch b/poky/meta/recipes-core/busybox/busybox/umount-ignore-c.patch
new file mode 100644
index 000000000..9fe7998df
--- /dev/null
+++ b/poky/meta/recipes-core/busybox/busybox/umount-ignore-c.patch
@@ -0,0 +1,40 @@
+Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br>
+Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=426134128112738c97a665170b21153ef0764b7d]
+
+From 95ea12791c8623bf825bc711ac7790306e7e1adb Mon Sep 17 00:00:00 2001
+From: Shawn Landden <slandden@gmail.com>
+Date: Mon, 8 Jan 2018 13:31:58 +0100
+Subject: [PATCH] umount: ignore -c
+Organization: O.S. Systems Software LTDA.
+
+"-c, --no-canonicalize: Do not canonicalize paths."
+
+As busybox doesn't canonicalize paths in the first place it is safe to ignore
+this option.
+
+See https://github.com/systemd/systemd/issues/7786
+
+Signed-off-by: Shawn Landden <slandden@gmail.com>
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+---
+ util-linux/umount.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/util-linux/umount.c b/util-linux/umount.c
+index 0c50dc9ee..0425c5b76 100644
+--- a/util-linux/umount.c
++++ b/util-linux/umount.c
+@@ -68,8 +68,8 @@ static struct mntent *getmntent_r(FILE* stream, struct mntent* result,
+ }
+ #endif
+
+-/* ignored: -v -t -i */
+-#define OPTION_STRING "fldnra" "vt:i"
++/* ignored: -c -v -t -i */
++#define OPTION_STRING "fldnra" "cvt:i"
+ #define OPT_FORCE (1 << 0) // Same as MNT_FORCE
+ #define OPT_LAZY (1 << 1) // Same as MNT_DETACH
+ #define OPT_FREELOOP (1 << 2)
+--
+2.18.0
+
diff --git a/poky/meta/recipes-core/busybox/busybox_1.27.2.bb b/poky/meta/recipes-core/busybox/busybox_1.27.2.bb
index 36a6342aa..1ce4823d4 100644
--- a/poky/meta/recipes-core/busybox/busybox_1.27.2.bb
+++ b/poky/meta/recipes-core/busybox/busybox_1.27.2.bb
@@ -45,6 +45,8 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
file://CVE-2011-5325.patch \
file://CVE-2017-15873.patch \
file://busybox-CVE-2017-16544.patch \
+ file://busybox-fix-lzma-segfaults.patch \
+ file://umount-ignore-c.patch \
"
SRC_URI_append_libc-musl = " file://musl.cfg "
diff --git a/poky/meta/recipes-core/coreutils/coreutils_8.29.bb b/poky/meta/recipes-core/coreutils/coreutils_8.29.bb
index 0b8acc588..4704f3219 100644
--- a/poky/meta/recipes-core/coreutils/coreutils_8.29.bb
+++ b/poky/meta/recipes-core/coreutils/coreutils_8.29.bb
@@ -26,7 +26,7 @@ SRC_URI[sha256sum] = "92d0fa1c311cacefa89853bdb53c62f4110cdfda3820346b59cbd098f4
EXTRA_OECONF_class-native = "--without-gmp"
EXTRA_OECONF_class-target = "--enable-install-program=arch,hostname --libexecdir=${libdir}"
-EXTRA_OECONF_class-nativesdk = "--enable-install-program=arch"
+EXTRA_OECONF_class-nativesdk = "--enable-install-program=arch,hostname"
# acl and xattr are not default features
#
diff --git a/poky/meta/recipes-core/dropbear/dropbear/init b/poky/meta/recipes-core/dropbear/dropbear/init
index f6e1c462f..ffab7a236 100755
--- a/poky/meta/recipes-core/dropbear/dropbear/init
+++ b/poky/meta/recipes-core/dropbear/dropbear/init
@@ -17,8 +17,11 @@ NAME=dropbear
DESC="Dropbear SSH server"
PIDFILE=/var/run/dropbear.pid
+# These values may be replaced by those from /etc/default/dropbear
+DROPBEAR_RSAKEY_DIR="/etc/dropbear"
DROPBEAR_PORT=22
DROPBEAR_EXTRA_ARGS=
+DROPBEAR_RSAKEY_ARGS=
NO_START=0
set -e
@@ -28,32 +31,19 @@ test "$NO_START" = "0" || exit 0
test -x "$DAEMON" || exit 0
test ! -h /var/service/dropbear || exit 0
-readonly_rootfs=0
-for flag in `awk '{ if ($2 == "/") { split($4,FLAGS,",") } }; END { for (f in FLAGS) print FLAGS[f] }' </proc/mounts`; do
- case $flag in
- ro)
- readonly_rootfs=1
- ;;
- esac
-done
-
-if [ $readonly_rootfs = "1" ]; then
- mkdir -p /var/lib/dropbear
- DROPBEAR_RSAKEY_DEFAULT="/var/lib/dropbear/dropbear_rsa_host_key"
-else
- DROPBEAR_RSAKEY_DEFAULT="/etc/dropbear/dropbear_rsa_host_key"
-fi
-
test -z "$DROPBEAR_BANNER" || \
DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -b $DROPBEAR_BANNER"
test -n "$DROPBEAR_RSAKEY" || \
- DROPBEAR_RSAKEY=$DROPBEAR_RSAKEY_DEFAULT
+ DROPBEAR_RSAKEY="${DROPBEAR_RSAKEY_DIR}/dropbear_rsa_host_key"
gen_keys() {
if [ -f "$DROPBEAR_RSAKEY" -a ! -s "$DROPBEAR_RSAKEY" ]; then
rm $DROPBEAR_RSAKEY || true
fi
- test -f $DROPBEAR_RSAKEY || dropbearkey -t rsa -f $DROPBEAR_RSAKEY $DROPBEAR_RSAKEY_ARGS
+ if [ ! -f "$DROPBEAR_RSAKEY" ]; then
+ mkdir -p ${DROPBEAR_RSAKEY%/*}
+ dropbearkey -t rsa -f $DROPBEAR_RSAKEY $DROPBEAR_RSAKEY_ARGS
+ fi
}
case "$1" in
diff --git a/poky/meta/recipes-core/glibc/glibc-locale.inc b/poky/meta/recipes-core/glibc/glibc-locale.inc
index b3cb10b87..e50e5cf5e 100644
--- a/poky/meta/recipes-core/glibc/glibc-locale.inc
+++ b/poky/meta/recipes-core/glibc/glibc-locale.inc
@@ -74,23 +74,22 @@ LOCALETREESRC = "${COMPONENTS_DIR}/${PACKAGE_ARCH}/glibc-stash-locale"
do_install () {
mkdir -p ${D}${bindir} ${D}${datadir} ${D}${libdir}
if [ -n "$(ls ${LOCALETREESRC}/${bindir})" ]; then
- cp -fpPR ${LOCALETREESRC}/${bindir}/* ${D}${bindir}
+ cp -R --no-dereference --preserve=mode,links ${LOCALETREESRC}/${bindir}/* ${D}${bindir}
fi
if [ -n "$(ls ${LOCALETREESRC}/${localedir})" ]; then
mkdir -p ${D}${localedir}
- cp -fpPR ${LOCALETREESRC}/${localedir}/* ${D}${localedir}
+ cp -R --no-dereference --preserve=mode,links ${LOCALETREESRC}/${localedir}/* ${D}${localedir}
fi
if [ -e ${LOCALETREESRC}/${libdir}/gconv ]; then
- cp -fpPR ${LOCALETREESRC}/${libdir}/gconv ${D}${libdir}
+ cp -R --no-dereference --preserve=mode,links ${LOCALETREESRC}/${libdir}/gconv ${D}${libdir}
fi
if [ -e ${LOCALETREESRC}/${datadir}/i18n ]; then
- cp -fpPR ${LOCALETREESRC}/${datadir}/i18n ${D}${datadir}
+ cp -R --no-dereference --preserve=mode,links ${LOCALETREESRC}/${datadir}/i18n ${D}${datadir}
fi
if [ -e ${LOCALETREESRC}/${datadir}/locale ]; then
- cp -fpPR ${LOCALETREESRC}/${datadir}/locale ${D}${datadir}
+ cp -R --no-dereference --preserve=mode,links ${LOCALETREESRC}/${datadir}/locale ${D}${datadir}
fi
- chown root:root -R ${D}
- cp -fpPR ${LOCALETREESRC}/SUPPORTED ${WORKDIR}
+ cp -R --no-dereference --preserve=mode,links ${LOCALETREESRC}/SUPPORTED ${WORKDIR}
}
inherit libc-package
diff --git a/poky/meta/recipes-core/glibc/glibc-package.inc b/poky/meta/recipes-core/glibc/glibc-package.inc
index 728bc5381..c1d186ab9 100644
--- a/poky/meta/recipes-core/glibc/glibc-package.inc
+++ b/poky/meta/recipes-core/glibc/glibc-package.inc
@@ -137,7 +137,6 @@ do_install_append_armeb () {
}
do_install_armmultilib () {
-
oe_multilib_header bits/endian.h bits/fcntl.h bits/fenv.h bits/fp-fast.h bits/hwcap.h bits/ipc.h bits/link.h bits/wordsize.h
oe_multilib_header bits/local_lim.h bits/mman.h bits/msq.h bits/pthreadtypes.h bits/pthreadtypes-arch.h bits/sem.h bits/semaphore.h bits/setjmp.h
oe_multilib_header bits/shm.h bits/sigstack.h bits/stat.h bits/statfs.h bits/typesizes.h
diff --git a/poky/meta/recipes-core/glibc/glibc/CVE-2017-18269.patch b/poky/meta/recipes-core/glibc/glibc/CVE-2017-18269.patch
new file mode 100644
index 000000000..d873c51e6
--- /dev/null
+++ b/poky/meta/recipes-core/glibc/glibc/CVE-2017-18269.patch
@@ -0,0 +1,178 @@
+From cd66c0e584c6d692bc8347b5e72723d02b8a8ada Mon Sep 17 00:00:00 2001
+From: Andrew Senkevich <andrew.n.senkevich@gmail.com>
+Date: Fri, 23 Mar 2018 16:19:45 +0100
+Subject: [PATCH] Fix i386 memmove issue (bug 22644).
+
+ [BZ #22644]
+ * sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S: Fixed
+ branch conditions.
+ * string/test-memmove.c (do_test2): New testcase.
+
+Upstream-Status: Backport
+CVE: CVE-2017-18269
+Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
+---
+ ChangeLog | 8 +++
+ string/test-memmove.c | 58 ++++++++++++++++++++++
+ .../i386/i686/multiarch/memcpy-sse2-unaligned.S | 12 ++---
+ 3 files changed, 72 insertions(+), 6 deletions(-)
+
+diff --git a/ChangeLog b/ChangeLog
+index 18ed09e..afdb766 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,3 +1,11 @@
++2018-03-23 Andrew Senkevich <andrew.senkevich@intel.com>
++ Max Horn <max@quendi.de>
++
++ [BZ #22644]
++ * sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S: Fixed
++ branch conditions.
++ * string/test-memmove.c (do_test2): New testcase.
++
+ 2018-02-22 Andrew Waterman <andrew@sifive.com>
+
+ [BZ # 22884]
+diff --git a/string/test-memmove.c b/string/test-memmove.c
+index edc7a4c..64e3651 100644
+--- a/string/test-memmove.c
++++ b/string/test-memmove.c
+@@ -24,6 +24,7 @@
+ # define TEST_NAME "memmove"
+ #endif
+ #include "test-string.h"
++#include <support/test-driver.h>
+
+ char *simple_memmove (char *, const char *, size_t);
+
+@@ -245,6 +246,60 @@ do_random_tests (void)
+ }
+ }
+
++static void
++do_test2 (void)
++{
++ size_t size = 0x20000000;
++ uint32_t * large_buf;
++
++ large_buf = mmap ((void*) 0x70000000, size, PROT_READ | PROT_WRITE,
++ MAP_PRIVATE | MAP_ANON, -1, 0);
++
++ if (large_buf == MAP_FAILED)
++ error (EXIT_UNSUPPORTED, errno, "Large mmap failed");
++
++ if ((uintptr_t) large_buf > 0x80000000 - 128
++ || 0x80000000 - (uintptr_t) large_buf > 0x20000000)
++ {
++ error (0, 0, "Large mmap allocated improperly");
++ ret = EXIT_UNSUPPORTED;
++ munmap ((void *) large_buf, size);
++ return;
++ }
++
++ size_t bytes_move = 0x80000000 - (uintptr_t) large_buf;
++ size_t arr_size = bytes_move / sizeof (uint32_t);
++ size_t i;
++
++ FOR_EACH_IMPL (impl, 0)
++ {
++ for (i = 0; i < arr_size; i++)
++ large_buf[i] = (uint32_t) i;
++
++ uint32_t * dst = &large_buf[33];
++
++#ifdef TEST_BCOPY
++ CALL (impl, (char *) large_buf, (char *) dst, bytes_move);
++#else
++ CALL (impl, (char *) dst, (char *) large_buf, bytes_move);
++#endif
++
++ for (i = 0; i < arr_size; i++)
++ {
++ if (dst[i] != (uint32_t) i)
++ {
++ error (0, 0,
++ "Wrong result in function %s dst \"%p\" src \"%p\" offset \"%zd\"",
++ impl->name, dst, large_buf, i);
++ ret = 1;
++ break;
++ }
++ }
++ }
++
++ munmap ((void *) large_buf, size);
++}
++
+ int
+ test_main (void)
+ {
+@@ -284,6 +339,9 @@ test_main (void)
+ }
+
+ do_random_tests ();
++
++ do_test2 ();
++
+ return ret;
+ }
+
+diff --git a/sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S b/sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S
+index 9c3bbe7..9aa17de 100644
+--- a/sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S
++++ b/sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S
+@@ -72,7 +72,7 @@ ENTRY (MEMCPY)
+ cmp %edx, %eax
+
+ # ifdef USE_AS_MEMMOVE
+- jg L(check_forward)
++ ja L(check_forward)
+
+ L(mm_len_0_or_more_backward):
+ /* Now do checks for lengths. We do [0..16], [16..32], [32..64], [64..128]
+@@ -81,7 +81,7 @@ L(mm_len_0_or_more_backward):
+ jbe L(mm_len_0_16_bytes_backward)
+
+ cmpl $32, %ecx
+- jg L(mm_len_32_or_more_backward)
++ ja L(mm_len_32_or_more_backward)
+
+ /* Copy [0..32] and return. */
+ movdqu (%eax), %xmm0
+@@ -92,7 +92,7 @@ L(mm_len_0_or_more_backward):
+
+ L(mm_len_32_or_more_backward):
+ cmpl $64, %ecx
+- jg L(mm_len_64_or_more_backward)
++ ja L(mm_len_64_or_more_backward)
+
+ /* Copy [0..64] and return. */
+ movdqu (%eax), %xmm0
+@@ -107,7 +107,7 @@ L(mm_len_32_or_more_backward):
+
+ L(mm_len_64_or_more_backward):
+ cmpl $128, %ecx
+- jg L(mm_len_128_or_more_backward)
++ ja L(mm_len_128_or_more_backward)
+
+ /* Copy [0..128] and return. */
+ movdqu (%eax), %xmm0
+@@ -132,7 +132,7 @@ L(mm_len_128_or_more_backward):
+ add %ecx, %eax
+ cmp %edx, %eax
+ movl SRC(%esp), %eax
+- jle L(forward)
++ jbe L(forward)
+ PUSH (%esi)
+ PUSH (%edi)
+ PUSH (%ebx)
+@@ -269,7 +269,7 @@ L(check_forward):
+ add %edx, %ecx
+ cmp %eax, %ecx
+ movl LEN(%esp), %ecx
+- jle L(forward)
++ jbe L(forward)
+
+ /* Now do checks for lengths. We do [0..16], [0..32], [0..64], [0..128]
+ separately. */
+--
+2.9.3
diff --git a/poky/meta/recipes-core/glibc/glibc/CVE-2018-11236.patch b/poky/meta/recipes-core/glibc/glibc/CVE-2018-11236.patch
new file mode 100644
index 000000000..e2bb40b0d
--- /dev/null
+++ b/poky/meta/recipes-core/glibc/glibc/CVE-2018-11236.patch
@@ -0,0 +1,164 @@
+From 5460617d1567657621107d895ee2dd83bc1f88f2 Mon Sep 17 00:00:00 2001
+From: Paul Pluzhnikov <ppluzhnikov@google.com>
+Date: Tue, 8 May 2018 18:12:41 -0700
+Subject: [PATCH] Fix BZ 22786: integer addition overflow may cause stack
+ buffer overflow when realpath() input length is close to SSIZE_MAX.
+
+2018-05-09 Paul Pluzhnikov <ppluzhnikov@google.com>
+
+ [BZ #22786]
+ * stdlib/canonicalize.c (__realpath): Fix overflow in path length
+ computation.
+ * stdlib/Makefile (test-bz22786): New test.
+ * stdlib/test-bz22786.c: New test.
+
+CVE: CVE-2018-11236
+Upstream-Status: Backport
+Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
+---
+ ChangeLog | 8 +++++
+ stdlib/Makefile | 2 +-
+ stdlib/canonicalize.c | 2 +-
+ stdlib/test-bz22786.c | 90 +++++++++++++++++++++++++++++++++++++++++++++++++++
+ 4 files changed, 100 insertions(+), 2 deletions(-)
+ create mode 100644 stdlib/test-bz22786.c
+
+diff --git a/ChangeLog b/ChangeLog
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,3 +1,11 @@
++2018-05-09 Paul Pluzhnikov <ppluzhnikov@google.com>
++
++ [BZ #22786]
++ * stdlib/canonicalize.c (__realpath): Fix overflow in path length
++ computation.
++ * stdlib/Makefile (test-bz22786): New test.
++ * stdlib/test-bz22786.c: New test.
++
+ 2018-03-23 Andrew Senkevich <andrew.senkevich@intel.com>
+ Max Horn <max@quendi.de>
+
+diff --git a/stdlib/Makefile b/stdlib/Makefile
+index af1643c..1ddb1f9 100644
+--- a/stdlib/Makefile
++++ b/stdlib/Makefile
+@@ -84,7 +84,7 @@ tests := tst-strtol tst-strtod testmb testrand testsort testdiv \
+ tst-cxa_atexit tst-on_exit test-atexit-race \
+ test-at_quick_exit-race test-cxa_atexit-race \
+ test-on_exit-race test-dlclose-exit-race \
+- tst-makecontext-align
++ tst-makecontext-align test-bz22786
+
+ tests-internal := tst-strtod1i tst-strtod3 tst-strtod4 tst-strtod5i \
+ tst-tls-atexit tst-tls-atexit-nodelete
+diff --git a/stdlib/canonicalize.c b/stdlib/canonicalize.c
+index 4135f3f..390fb43 100644
+--- a/stdlib/canonicalize.c
++++ b/stdlib/canonicalize.c
+@@ -181,7 +181,7 @@ __realpath (const char *name, char *resolved)
+ extra_buf = __alloca (path_max);
+
+ len = strlen (end);
+- if ((long int) (n + len) >= path_max)
++ if (path_max - n <= len)
+ {
+ __set_errno (ENAMETOOLONG);
+ goto error;
+diff --git a/stdlib/test-bz22786.c b/stdlib/test-bz22786.c
+new file mode 100644
+index 0000000..e7837f9
+--- /dev/null
++++ b/stdlib/test-bz22786.c
+@@ -0,0 +1,90 @@
++/* Bug 22786: test for buffer overflow in realpath.
++ Copyright (C) 2018 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++/* This file must be run from within a directory called "stdlib". */
++
++#include <errno.h>
++#include <limits.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <unistd.h>
++#include <sys/stat.h>
++#include <sys/types.h>
++#include <support/test-driver.h>
++#include <libc-diag.h>
++
++static int
++do_test (void)
++{
++ const char dir[] = "bz22786";
++ const char lnk[] = "bz22786/symlink";
++
++ rmdir (dir);
++ if (mkdir (dir, 0755) != 0 && errno != EEXIST)
++ {
++ printf ("mkdir %s: %m\n", dir);
++ return EXIT_FAILURE;
++ }
++ if (symlink (".", lnk) != 0 && errno != EEXIST)
++ {
++ printf ("symlink (%s, %s): %m\n", dir, lnk);
++ return EXIT_FAILURE;
++ }
++
++ const size_t path_len = (size_t) INT_MAX + 1;
++
++ DIAG_PUSH_NEEDS_COMMENT;
++#if __GNUC_PREREQ (7, 0)
++ /* GCC 7 warns about too-large allocations; here we need such
++ allocation to succeed for the test to work. */
++ DIAG_IGNORE_NEEDS_COMMENT (7, "-Walloc-size-larger-than=");
++#endif
++ char *path = malloc (path_len);
++ DIAG_POP_NEEDS_COMMENT;
++
++ if (path == NULL)
++ {
++ printf ("malloc (%zu): %m\n", path_len);
++ return EXIT_UNSUPPORTED;
++ }
++
++ /* Construct very long path = "bz22786/symlink/aaaa....." */
++ char *p = mempcpy (path, lnk, sizeof (lnk) - 1);
++ *(p++) = '/';
++ memset (p, 'a', path_len - (path - p) - 2);
++ p[path_len - (path - p) - 1] = '\0';
++
++ /* This call crashes before the fix for bz22786 on 32-bit platforms. */
++ p = realpath (path, NULL);
++
++ if (p != NULL || errno != ENAMETOOLONG)
++ {
++ printf ("realpath: %s (%m)", p);
++ return EXIT_FAILURE;
++ }
++
++ /* Cleanup. */
++ unlink (lnk);
++ rmdir (dir);
++
++ return 0;
++}
++
++#define TEST_FUNCTION do_test
++#include <support/test-driver.c>
+--
+2.9.3
diff --git a/poky/meta/recipes-core/glibc/glibc_2.27.bb b/poky/meta/recipes-core/glibc/glibc_2.27.bb
index c814798bb..22a9881ea 100644
--- a/poky/meta/recipes-core/glibc/glibc_2.27.bb
+++ b/poky/meta/recipes-core/glibc/glibc_2.27.bb
@@ -45,6 +45,8 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0028-bits-siginfo-consts.h-enum-definition-for-TRAP_HWBKP.patch \
file://0029-Replace-strncpy-with-memccpy-to-fix-Wstringop-trunca.patch \
file://0030-plural_c_no_preprocessor_lines.patch \
+ file://CVE-2017-18269.patch \
+ file://CVE-2018-11236.patch \
"
NATIVESDKFIXES ?= ""
diff --git a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb
index db2f58dfb..1e78f4f9c 100644
--- a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb
+++ b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb
@@ -22,7 +22,7 @@ IMAGE_FSTYPES = "wic.vmdk"
inherit core-image module-base setuptools3
-SRCREV ?= "14d62d5c14e3552f2aeabdbd80d1504bb2c6ed64"
+SRCREV ?= "2464dd404041a7a00b18e42950cbf4719180141d"
SRC_URI = "git://git.yoctoproject.org/poky;branch=sumo \
file://Yocto_Build_Appliance.vmx \
file://Yocto_Build_Appliance.vmxf \
diff --git a/poky/meta/recipes-core/initrdscripts/files/init-install.sh b/poky/meta/recipes-core/initrdscripts/files/init-install.sh
index 28e8f09d1..e71579631 100644
--- a/poky/meta/recipes-core/initrdscripts/files/init-install.sh
+++ b/poky/meta/recipes-core/initrdscripts/files/init-install.sh
@@ -302,6 +302,8 @@ if [ -f /etc/grub.d/00_header -a $grub_version -ne 0 ] ; then
GRUBCFG="/boot/grub/grub.cfg"
mkdir -p $(dirname $GRUBCFG)
cat >$GRUBCFG <<_EOF
+timeout=5
+default=0
menuentry "Linux" {
search --no-floppy --fs-uuid $boot_uuid --set root
linux /$kernel root=PARTUUID=$root_part_uuid $rootwait rw $5 $3 $4 quiet
diff --git a/poky/meta/recipes-core/initscripts/initscripts-1.0/mountnfs.sh b/poky/meta/recipes-core/initscripts/initscripts-1.0/mountnfs.sh
index fe6c19605..be9f5970f 100755
--- a/poky/meta/recipes-core/initscripts/initscripts-1.0/mountnfs.sh
+++ b/poky/meta/recipes-core/initscripts/initscripts-1.0/mountnfs.sh
@@ -67,9 +67,12 @@ if test "$rpcbind" = yes
then
if test -x /usr/sbin/rpcbind
then
- echo -n "Starting rpcbind... "
- start-stop-daemon --start --quiet --exec /usr/sbin/rpcbind
- sleep 2
+ service rpcbind status > /dev/null
+ if [ $? != 0 ]; then
+ echo -n "Starting rpcbind..."
+ start-stop-daemon --start --quiet --exec /usr/sbin/rpcbind
+ sleep 2
+ fi
fi
fi
diff --git a/poky/meta/recipes-core/libxml/libxml2_2.9.7.bb b/poky/meta/recipes-core/libxml/libxml2_2.9.7.bb
index 2fb90a68a..deb3488a7 100644
--- a/poky/meta/recipes-core/libxml/libxml2_2.9.7.bb
+++ b/poky/meta/recipes-core/libxml/libxml2_2.9.7.bb
@@ -44,7 +44,12 @@ RDEPENDS_${PN}-ptest += "make ${@bb.utils.contains('PACKAGECONFIG', 'python', 'l
RDEPENDS_${PN}-python += "${@bb.utils.contains('PACKAGECONFIG', 'python', 'python3-core', '', d)}"
-RDEPENDS_${PN}-ptest_append_libc-glibc = " glibc-gconv-ebcdic-us glibc-gconv-ibm1141 glibc-gconv-iso8859-5"
+RDEPENDS_${PN}-ptest_append_libc-glibc = " glibc-gconv-ebcdic-us \
+ glibc-gconv-ibm1141 \
+ glibc-gconv-iso8859-5 \
+ glibc-gconv-euc-jp \
+ locale-base-en-us \
+ "
export PYTHON_SITE_PACKAGES="${PYTHON_SITEPACKAGES_DIR}"
diff --git a/poky/meta/recipes-core/ovmf/ovmf/0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch b/poky/meta/recipes-core/ovmf/ovmf/0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch
new file mode 100644
index 000000000..342fcc623
--- /dev/null
+++ b/poky/meta/recipes-core/ovmf/ovmf/0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch
@@ -0,0 +1,71 @@
+From 9fce4bab014b9aa618060eba13d6dd04b0fa1b70 Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Fri, 2 Mar 2018 17:11:52 +0100
+Subject: [PATCH 1/4] BaseTools/header.makefile: add "-Wno-stringop-truncation"
+
+gcc-8 (which is part of Fedora 28) enables the new warning
+"-Wstringop-truncation" in "-Wall". This warning is documented in detail
+at <https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html>; the
+introduction says
+
+> Warn for calls to bounded string manipulation functions such as strncat,
+> strncpy, and stpncpy that may either truncate the copied string or leave
+> the destination unchanged.
+
+It breaks the BaseTools build with:
+
+> EfiUtilityMsgs.c: In function 'PrintMessage':
+> EfiUtilityMsgs.c:484:9: error: 'strncat' output may be truncated copying
+> between 0 and 511 bytes from a string of length 511
+> [-Werror=stringop-truncation]
+> strncat (Line, Line2, MAX_LINE_LEN - strlen (Line) - 1);
+> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+> EfiUtilityMsgs.c:469:9: error: 'strncat' output may be truncated copying
+> between 0 and 511 bytes from a string of length 511
+> [-Werror=stringop-truncation]
+> strncat (Line, Line2, MAX_LINE_LEN - strlen (Line) - 1);
+> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+> EfiUtilityMsgs.c:511:5: error: 'strncat' output may be truncated copying
+> between 0 and 511 bytes from a string of length 511
+> [-Werror=stringop-truncation]
+> strncat (Line, Line2, MAX_LINE_LEN - strlen (Line) - 1);
+> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The right way to fix the warning would be to implement string concat with
+snprintf(). However, Microsoft does not appear to support snprintf()
+before VS2015
+<https://stackoverflow.com/questions/2915672/snprintf-and-visual-studio-2010>,
+so we just have to shut up the warning. The strncat() calls flagged above
+are valid BTW.
+
+Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Cc: Cole Robinson <crobinso@redhat.com>
+Cc: Liming Gao <liming.gao@intel.com>
+Cc: Paolo Bonzini <pbonzini@redhat.com>
+Cc: Yonghong Zhu <yonghong.zhu@intel.com>
+Contributed-under: TianoCore Contribution Agreement 1.1
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+Reviewed-by: Liming Gao <liming.gao@intel.com>
+---
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Upstream-Status: Backport
+
+ BaseTools/Source/C/Makefiles/header.makefile | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+Index: git/BaseTools/Source/C/Makefiles/header.makefile
+===================================================================
+--- git.orig/BaseTools/Source/C/Makefiles/header.makefile
++++ git/BaseTools/Source/C/Makefiles/header.makefile
+@@ -47,9 +47,9 @@ INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT)
+ BUILD_CPPFLAGS += $(INCLUDE) -O2
+ ifeq ($(DARWIN),Darwin)
+ # assume clang or clang compatible flags on OS X
+-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -c -g
++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-self-assign -Wno-unused-result -nostdlib -c -g
+ else
+-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-unused-result -nostdlib -c -g
++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-unused-result -nostdlib -c -g
+ endif
+ BUILD_LFLAGS = $(LDFLAGS)
+ BUILD_CXXFLAGS += -Wno-unused-result
diff --git a/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-header.makefile-add-Wno-restrict.patch b/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-header.makefile-add-Wno-restrict.patch
new file mode 100644
index 000000000..a076665c3
--- /dev/null
+++ b/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-header.makefile-add-Wno-restrict.patch
@@ -0,0 +1,102 @@
+From 86dbdac5a25bd23deb4a0e0a97b527407e02184d Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Fri, 2 Mar 2018 17:11:52 +0100
+Subject: [PATCH 2/4] BaseTools/header.makefile: add "-Wno-restrict"
+
+gcc-8 (which is part of Fedora 28) enables the new warning
+"-Wrestrict" in "-Wall". This warning is documented in detail
+at <https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html>; the
+introduction says
+
+> Warn when an object referenced by a restrict-qualified parameter (or, in
+> C++, a __restrict-qualified parameter) is aliased by another argument,
+> or when copies between such objects overlap.
+
+It breaks the BaseTools build (in the Brotli compression library) with:
+
+> In function 'ProcessCommandsInternal',
+> inlined from 'ProcessCommands' at dec/decode.c:1828:10:
+> dec/decode.c:1781:9: error: 'memcpy' accessing between 17 and 2147483631
+> bytes at offsets 16 and 16 overlaps between 17 and 2147483631 bytes at
+> offset 16 [-Werror=restrict]
+> memcpy(copy_dst + 16, copy_src + 16, (size_t)(i - 16));
+> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+> In function 'ProcessCommandsInternal',
+> inlined from 'SafeProcessCommands' at dec/decode.c:1833:10:
+> dec/decode.c:1781:9: error: 'memcpy' accessing between 17 and 2147483631
+> bytes at offsets 16 and 16 overlaps between 17 and 2147483631 bytes at
+> offset 16 [-Werror=restrict]
+> memcpy(copy_dst + 16, copy_src + 16, (size_t)(i - 16));
+> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Paolo Bonzini <pbonzini@redhat.com> analyzed the Brotli source in detail,
+and concluded that the warning is a false positive:
+
+> This seems safe to me, because it's preceded by:
+>
+> uint8_t* copy_dst = &s->ringbuffer[pos];
+> uint8_t* copy_src = &s->ringbuffer[src_start];
+> int dst_end = pos + i;
+> int src_end = src_start + i;
+> if (src_end > pos && dst_end > src_start) {
+> /* Regions intersect. */
+> goto CommandPostWrapCopy;
+> }
+>
+> If [src_start, src_start + i) and [pos, pos + i) don't intersect, then
+> neither do [src_start + 16, src_start + i) and [pos + 16, pos + i).
+>
+> The if seems okay:
+>
+> (src_start + i > pos && pos + i > src_start)
+>
+> which can be rewritten to:
+>
+> (pos < src_start + i && src_start < pos + i)
+>
+> Then the numbers are in one of these two orders:
+>
+> pos <= src_start < pos + i <= src_start + i
+> src_start <= pos < src_start + i <= pos + i
+>
+> These two would be allowed by the "if", but they can only happen if pos
+> == src_start so they degenerate to the same two orders above:
+>
+> pos <= src_start < src_start + i <= pos + i
+> src_start <= pos < pos + i <= src_start + i
+>
+> So it is a false positive in GCC.
+
+Disable the warning for now.
+
+Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Cc: Cole Robinson <crobinso@redhat.com>
+Cc: Liming Gao <liming.gao@intel.com>
+Cc: Paolo Bonzini <pbonzini@redhat.com>
+Cc: Yonghong Zhu <yonghong.zhu@intel.com>
+Reported-by: Cole Robinson <crobinso@redhat.com>
+Contributed-under: TianoCore Contribution Agreement 1.1
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+Reviewed-by: Liming Gao <liming.gao@intel.com>
+---
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Upstream-Status: Backport
+ BaseTools/Source/C/Makefiles/header.makefile | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+Index: git/BaseTools/Source/C/Makefiles/header.makefile
+===================================================================
+--- git.orig/BaseTools/Source/C/Makefiles/header.makefile
++++ git/BaseTools/Source/C/Makefiles/header.makefile
+@@ -47,9 +47,9 @@ INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT)
+ BUILD_CPPFLAGS += $(INCLUDE) -O2
+ ifeq ($(DARWIN),Darwin)
+ # assume clang or clang compatible flags on OS X
+-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-self-assign -Wno-unused-result -nostdlib -c -g
++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-self-assign -Wno-unused-result -nostdlib -c -g
+ else
+-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-unused-result -nostdlib -c -g
++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-unused-result -nostdlib -c -g
+ endif
+ BUILD_LFLAGS = $(LDFLAGS)
+ BUILD_CXXFLAGS += -Wno-unused-result
diff --git a/poky/meta/recipes-core/ovmf/ovmf/0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch b/poky/meta/recipes-core/ovmf/ovmf/0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch
new file mode 100644
index 000000000..920723e32
--- /dev/null
+++ b/poky/meta/recipes-core/ovmf/ovmf/0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch
@@ -0,0 +1,53 @@
+From 6866325dd9c17412e555974dde41f9631224db52 Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Wed, 7 Mar 2018 10:17:28 +0100
+Subject: [PATCH 3/4] BaseTools/header.makefile: revert gcc-8 "-Wno-xxx"
+ options on OSX
+
+I recently added the gcc-8 specific "-Wno-stringop-truncation" and
+"-Wno-restrict" options to BUILD_CFLAGS, both for "Darwin" (XCODE5 /
+clang, OSX) and otherwise (gcc, Linux / Cygwin).
+
+I also regression-tested the change with gcc-4.8 on Linux -- gcc-4.8 does
+not know either of the (gcc-8 specific) "-Wno-stringop-truncation" and
+"-Wno-restrict" options, yet the build completed fine (by GCC design).
+
+Regarding OSX, my expectation was that
+
+- XCODE5 / clang would either recognize these warnings options (because
+ clang does recognize most -W options of gcc),
+
+- or, similarly to gcc, clang would simply ignore the "-Wno-xxx" flags
+ that it didn't recognize.
+
+Neither is the case; the new flags have broken the BaseTools build on OSX.
+Revert them (for OSX only).
+
+Cc: Liming Gao <liming.gao@intel.com>
+Cc: Yonghong Zhu <yonghong.zhu@intel.com>
+Reported-by: Liming Gao <liming.gao@intel.com>
+Fixes: 1d212a83df0eaf32a6f5d4159beb2d77832e0231
+Fixes: 9222154ae7b3eef75ae88cdb56158256227cb929
+Contributed-under: TianoCore Contribution Agreement 1.1
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+Reviewed-by: Liming Gao <liming.gao@intel.com>
+Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+---
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Upstream-Status: Backport
+ BaseTools/Source/C/Makefiles/header.makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: git/BaseTools/Source/C/Makefiles/header.makefile
+===================================================================
+--- git.orig/BaseTools/Source/C/Makefiles/header.makefile
++++ git/BaseTools/Source/C/Makefiles/header.makefile
+@@ -47,7 +47,7 @@ INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT)
+ BUILD_CPPFLAGS += $(INCLUDE) -O2
+ ifeq ($(DARWIN),Darwin)
+ # assume clang or clang compatible flags on OS X
+-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-self-assign -Wno-unused-result -nostdlib -c -g
++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -c -g
+ else
+ BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-unused-result -nostdlib -c -g
+ endif
diff --git a/poky/meta/recipes-core/ovmf/ovmf/0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch b/poky/meta/recipes-core/ovmf/ovmf/0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch
new file mode 100644
index 000000000..7ad7cdf0c
--- /dev/null
+++ b/poky/meta/recipes-core/ovmf/ovmf/0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch
@@ -0,0 +1,66 @@
+From dfb42a5bff78d9239a80731e337855234badef3e Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Fri, 2 Mar 2018 17:11:52 +0100
+Subject: [PATCH 4/4] BaseTools/GenVtf: silence false "stringop-overflow"
+ warning with memcpy()
+
+gcc-8 (which is part of Fedora 28) enables the new warning
+"-Wstringop-overflow" in "-Wall". This warning is documented in detail at
+<https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html>; the
+introduction says
+
+> Warn for calls to string manipulation functions such as memcpy and
+> strcpy that are determined to overflow the destination buffer.
+
+It breaks the BaseTools build with:
+
+> GenVtf.c: In function 'ConvertVersionInfo':
+> GenVtf.c:132:7: error: 'strncpy' specified bound depends on the length
+> of the source argument [-Werror=stringop-overflow=]
+> strncpy (TemStr + 4 - Length, Str, Length);
+> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+> GenVtf.c:130:14: note: length computed here
+> Length = strlen(Str);
+> ^~~~~~~~~~~
+
+It is a false positive because, while the bound equals the length of the
+source argument, the destination pointer is moved back towards the
+beginning of the destination buffer by the same amount (and this amount is
+range-checked first, so we can't precede the start of the dest buffer).
+
+Replace both strncpy() calls with memcpy().
+
+Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Cc: Cole Robinson <crobinso@redhat.com>
+Cc: Liming Gao <liming.gao@intel.com>
+Cc: Paolo Bonzini <pbonzini@redhat.com>
+Cc: Yonghong Zhu <yonghong.zhu@intel.com>
+Reported-by: Cole Robinson <crobinso@redhat.com>
+Contributed-under: TianoCore Contribution Agreement 1.1
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+Reviewed-by: Liming Gao <liming.gao@intel.com>
+---
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Upstream-Status: Backport
+ BaseTools/Source/C/GenVtf/GenVtf.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/BaseTools/Source/C/GenVtf/GenVtf.c b/BaseTools/Source/C/GenVtf/GenVtf.c
+index 2ae9a7be2c..0cd33e71e9 100644
+--- a/BaseTools/Source/C/GenVtf/GenVtf.c
++++ b/BaseTools/Source/C/GenVtf/GenVtf.c
+@@ -129,9 +129,9 @@ Returns:
+ } else {
+ Length = strlen(Str);
+ if (Length < 4) {
+- strncpy (TemStr + 4 - Length, Str, Length);
++ memcpy (TemStr + 4 - Length, Str, Length);
+ } else {
+- strncpy (TemStr, Str + Length - 4, 4);
++ memcpy (TemStr, Str + Length - 4, 4);
+ }
+
+ sscanf (
+--
+2.17.0
+
diff --git a/poky/meta/recipes-core/ovmf/ovmf_git.bb b/poky/meta/recipes-core/ovmf/ovmf_git.bb
index 8750b3c52..e57fa0972 100644
--- a/poky/meta/recipes-core/ovmf/ovmf_git.bb
+++ b/poky/meta/recipes-core/ovmf/ovmf_git.bb
@@ -19,6 +19,10 @@ SRC_URI = "git://github.com/tianocore/edk2.git;branch=master \
file://0004-ovmf-enable-long-path-file.patch \
file://VfrCompile-increase-path-length-limit.patch \
file://no-stack-protector-all-archs.patch \
+ file://0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch \
+ file://0002-BaseTools-header.makefile-add-Wno-restrict.patch \
+ file://0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch \
+ file://0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch \
"
UPSTREAM_VERSION_UNKNOWN = "1"
@@ -35,7 +39,7 @@ SRC_URI[openssl.sha256sum] = "57be8618979d80c910728cfc99369bf97b2a1abd8f366ab6eb
inherit deploy
-PARALLEL_MAKE_class-native = ""
+PARALLEL_MAKE = ""
S = "${WORKDIR}/git"
diff --git a/poky/meta/recipes-core/systemd/systemd_237.bb b/poky/meta/recipes-core/systemd/systemd_237.bb
index 2e6558ded..a409b1829 100644
--- a/poky/meta/recipes-core/systemd/systemd_237.bb
+++ b/poky/meta/recipes-core/systemd/systemd_237.bb
@@ -312,7 +312,7 @@ USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'networkd', '--sys
USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'coredump', '--system -d / -M --shell /bin/nologin systemd-coredump;', '', d)}"
USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'resolved', '--system -d / -M --shell /bin/nologin systemd-resolve;', '', d)}"
USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'polkit', '--system --no-create-home --user-group --home-dir ${sysconfdir}/polkit-1 polkitd;', '', d)}"
-GROUPADD_PARAM_${PN} = "-r lock; -r systemd-journal"
+GROUPADD_PARAM_${PN} = "-r systemd-journal"
USERADD_PARAM_${PN}-extra-utils += "--system -d / -M --shell /bin/nologin systemd-bus-proxy;"
FILES_${PN}-analyze = "${bindir}/systemd-analyze"
diff --git a/poky/meta/recipes-devtools/binutils/binutils-2.30.inc b/poky/meta/recipes-devtools/binutils/binutils-2.30.inc
index 9c883acc5..37243db1b 100644
--- a/poky/meta/recipes-devtools/binutils/binutils-2.30.inc
+++ b/poky/meta/recipes-devtools/binutils/binutils-2.30.inc
@@ -35,6 +35,18 @@ SRC_URI = "\
file://0013-fix-the-incorrect-assembling-for-ppc-wait-mnemonic.patch \
file://0014-Detect-64-bit-MIPS-targets.patch \
file://0015-sync-with-OE-libtool-changes.patch \
+ file://CVE-2018-8945.patch \
+ file://CVE-2018-7643.patch \
+ file://CVE-2018-6872.patch \
+ file://CVE-2018-6759.patch \
+ file://CVE-2018-7642.patch \
+ file://CVE-2018-7208.patch \
+ file://CVE-2018-7569.patch \
+ file://CVE-2018-7568.patch \
+ file://CVE-2018-10373.patch \
+ file://CVE-2018-10372.patch \
+ file://CVE-2018-10535.patch \
+ file://CVE-2018-10534.patch \
"
S = "${WORKDIR}/git"
diff --git a/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-10372.patch b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-10372.patch
new file mode 100644
index 000000000..053e9d8d6
--- /dev/null
+++ b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-10372.patch
@@ -0,0 +1,58 @@
+From 6aea08d9f3e3d6475a65454da488a0c51f5dc97d Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 17 Apr 2018 12:35:55 +0100
+Subject: [PATCH] Fix illegal memory access when parsing corrupt DWARF
+ information.
+
+ PR 23064
+ * dwarf.c (process_cu_tu_index): Test for a potential buffer
+ overrun before copying signature pointer.
+
+Upstream-Status: Backport
+Affects: Binutils <= 2.30
+CVE: CVE-2018-10372
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog | 6 ++++++
+ binutils/dwarf.c | 13 ++++++++++++-
+ 2 files changed, 18 insertions(+), 1 deletion(-)
+
+Index: git/binutils/dwarf.c
+===================================================================
+--- git.orig/binutils/dwarf.c
++++ git/binutils/dwarf.c
+@@ -9252,7 +9252,18 @@ process_cu_tu_index (struct dwarf_sectio
+ }
+
+ if (!do_display)
+- memcpy (&this_set[row - 1].signature, ph, sizeof (uint64_t));
++ {
++ size_t num_copy = sizeof (uint64_t);
++
++ /* PR 23064: Beware of buffer overflow. */
++ if (ph + num_copy < limit)
++ memcpy (&this_set[row - 1].signature, ph, num_copy);
++ else
++ {
++ warn (_("Signature (%p) extends beyond end of space in section\n"), ph);
++ return 0;
++ }
++ }
+
+ prow = poffsets + (row - 1) * ncols * 4;
+ /* PR 17531: file: b8ce60a8. */
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog
++++ git/binutils/ChangeLog
+@@ -1,3 +1,9 @@
++2018-04-17 Nick Clifton <nickc@redhat.com>
++
++ PR 23064
++ * dwarf.c (process_cu_tu_index): Test for a potential buffer
++ overrun before copying signature pointer.
++
+ 2018-01-27 Nick Clifton <nickc@redhat.com>
+
+ Back to development.
diff --git a/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-10373.patch b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-10373.patch
new file mode 100644
index 000000000..d547cf115
--- /dev/null
+++ b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-10373.patch
@@ -0,0 +1,45 @@
+From 6327533b1fd29fa86f6bf34e61c332c010e3c689 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 17 Apr 2018 14:30:07 +0100
+Subject: [PATCH] Add a check for a NULL table pointer before attempting to
+ compute a DWARF filename.
+
+ PR 23065
+ * dwarf2.c (concat_filename): Check for a NULL table pointer.
+
+Upstream-Status: Backport
+Affects: Binutils <= 2.30
+CVE: CVE-2018-10373
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 5 +++++
+ bfd/dwarf2.c | 2 +-
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c
++++ git/bfd/dwarf2.c
+@@ -1565,7 +1565,7 @@ concat_filename (struct line_info_table
+ {
+ char *filename;
+
+- if (file - 1 >= table->num_files)
++ if (table == NULL || file - 1 >= table->num_files)
+ {
+ /* FILE == 0 means unknown. */
+ if (file)
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,8 @@
++2018-04-17 Nick Clifton <nickc@redhat.com>
++
++ PR 23065
++ * dwarf2.c (concat_filename): Check for a NULL table pointer.
++
+ 2018-01-29 Alan Modra <amodra@gmail.com>
+
+ PR 22741
diff --git a/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-10534.patch b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-10534.patch
new file mode 100644
index 000000000..6847020a9
--- /dev/null
+++ b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-10534.patch
@@ -0,0 +1,3429 @@
+From aa4a8c2a2a67545e90c877162c53cc9de42dc8b4 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 24 Apr 2018 16:31:27 +0100
+Subject: [PATCH] Fix an illegal memory access when copying a PE format file
+ with corrupt debug information.
+
+ PR 23110
+ * peXXigen.c (_bfd_XX_bfd_copy_private_bfd_data_common): Check for
+ a negative PE_DEBUG_DATA size before iterating over the debug data.
+
+Upstream-Status: Backport
+Affects: Binutils <= 2.30
+CVE: CVE-2018-10534
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 6 +
+ bfd/peXXigen.c | 9 +
+ bfd/po/bfd.pot | 5631 ++++++++++++++++++++++++++------------------------------
+ 3 files changed, 2662 insertions(+), 2984 deletions(-)
+
+Index: git/bfd/peXXigen.c
+===================================================================
+--- git.orig/bfd/peXXigen.c
++++ git/bfd/peXXigen.c
+@@ -2991,6 +2991,15 @@ _bfd_XX_bfd_copy_private_bfd_data_common
+ bfd_get_section_size (section) - (addr - section->vma));
+ return FALSE;
+ }
++ /* PR 23110. */
++ else if (ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size < 0)
++ {
++ /* xgettext:c-format */
++ _bfd_error_handler
++ (_("%pB: Data Directory size (%#lx) is negative"),
++ obfd, ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size);
++ return FALSE;
++ }
+
+ for (i = 0; i < ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size
+ / sizeof (struct external_IMAGE_DEBUG_DIRECTORY); i++)
+Index: git/bfd/po/bfd.pot
+===================================================================
+--- git.orig/bfd/po/bfd.pot
++++ git/bfd/po/bfd.pot
+@@ -18,175 +18,214 @@ msgstr ""
+ "Content-Transfer-Encoding: 8bit\n"
+ "Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\n"
+
+-#: aout-adobe.c:126
+-#, c-format
+-msgid "%B: Unknown section type in a.out.adobe file: %x\n"
+-msgstr ""
+-
+ #: aout-cris.c:200
+ #, c-format
+-msgid "%B: Invalid relocation type exported: %d"
++msgid "%pB: unsupported relocation type exported: %#x"
+ msgstr ""
+
+ #: aout-cris.c:244
+ #, c-format
+-msgid "%B: Invalid relocation type imported: %d"
++msgid "%pB: unsupported relocation type imported: %#x"
+ msgstr ""
+
+ #: aout-cris.c:256
+ #, c-format
+-msgid "%B: Bad relocation record imported: %d"
++msgid "%pB: bad relocation record imported: %d"
+ msgstr ""
+
+-#: aoutx.h:1284 aoutx.h:1636 pdp11.c:1152 pdp11.c:1413
++#: aoutx.h:1264 aoutx.h:1617 pdp11.c:1138 pdp11.c:1399
+ #, c-format
+-msgid "%B: can not represent section `%A' in a.out object file format"
++msgid "%pB: can not represent section `%pA' in a.out object file format"
+ msgstr ""
+
+-#: aoutx.h:1600 pdp11.c:1385
++#: aoutx.h:1581 pdp11.c:1371
+ #, c-format
+ msgid ""
+-"%B: can not represent section for symbol `%s' in a.out object file format"
++"%pB: can not represent section for symbol `%s' in a.out object file format"
+ msgstr ""
+
+-#: aoutx.h:1603 vms-alpha.c:7853
++#: aoutx.h:1584 vms-alpha.c:7854
+ msgid "*unknown*"
+ msgstr ""
+
+-#: aoutx.h:2422 aoutx.h:2440
+-msgid "%B: attempt to write out unknown reloc type"
++#: aoutx.h:1720
++#, c-format
++msgid "%pB: invalid string offset %<PRIu64> >= %<PRIu64>"
+ msgstr ""
+
+-#: aoutx.h:4093 aoutx.h:4414
+-msgid "%P: %B: unexpected relocation type\n"
++#: aoutx.h:2411 aoutx.h:2429
++#, c-format
++msgid "%pB: attempt to write out unknown reloc type"
+ msgstr ""
+
+-#: aoutx.h:5440 pdp11.c:3708
++#: aoutx.h:4084
+ #, c-format
+-msgid "%B: relocatable link from %s to %s not supported"
++msgid "%pB: unsupported relocation type"
+ msgstr ""
+
+-#: archive.c:2305
+-msgid "Warning: writing archive was slow: rewriting timestamp\n"
++#. Unknown relocation.
++#: aoutx.h:4405 coff-alpha.c:601 coff-alpha.c:1514 coff-rs6000.c:2773
++#: coff-sh.c:504 coff-tic4x.c:184 coff-tic54x.c:279 elf-hppa.h:1040
++#: elf-hppa.h:1068 elf-m10200.c:226 elf-m10300.c:812 elf32-arc.c:519
++#: elf32-arm.c:1852 elf32-avr.c:959 elf32-bfin.c:1061 elf32-bfin.c:4698
++#: elf32-cr16.c:653 elf32-cr16.c:683 elf32-cr16c.c:186 elf32-cris.c:467
++#: elf32-crx.c:429 elf32-d10v.c:234 elf32-d30v.c:522 elf32-d30v.c:544
++#: elf32-dlx.c:548 elf32-epiphany.c:376 elf32-fr30.c:381 elf32-frv.c:2558
++#: elf32-frv.c:6262 elf32-ft32.c:306 elf32-h8300.c:302 elf32-i386.c:401
++#: elf32-ip2k.c:1245 elf32-iq2000.c:442 elf32-lm32.c:539 elf32-m32c.c:305
++#: elf32-m32r.c:1286 elf32-m32r.c:1311 elf32-m32r.c:2417 elf32-m68hc11.c:390
++#: elf32-m68hc12.c:510 elf32-m68k.c:352 elf32-mcore.c:354 elf32-mcore.c:440
++#: elf32-mep.c:389 elf32-metag.c:878 elf32-microblaze.c:692
++#: elf32-microblaze.c:969 elf32-mips.c:2229 elf32-moxie.c:137
++#: elf32-msp430.c:648 elf32-msp430.c:658 elf32-mt.c:241 elf32-nds32.c:2880
++#: elf32-nds32.c:2904 elf32-nds32.c:4423 elf32-nios2.c:3015 elf32-or1k.c:715
++#: elf32-pj.c:325 elf32-ppc.c:2061 elf32-ppc.c:2074 elf32-pru.c:420
++#: elf32-rl78.c:292 elf32-rx.c:314 elf32-rx.c:323 elf32-s390.c:347
++#: elf32-sh.c:438 elf32-spu.c:160 elf32-tic6x.c:1508 elf32-tic6x.c:1518
++#: elf32-tic6x.c:1537 elf32-tic6x.c:1547 elf32-tic6x.c:2642 elf32-tilepro.c:803
++#: elf32-v850.c:1899 elf32-v850.c:1921 elf32-v850.c:4270 elf32-vax.c:290
++#: elf32-visium.c:482 elf32-wasm32.c:106 elf32-xc16x.c:241 elf32-xgate.c:428
++#: elf32-xstormy16.c:395 elf32-xtensa.c:454 elf32-xtensa.c:488
++#: elf64-alpha.c:1112 elf64-alpha.c:4101 elf64-alpha.c:4249
++#: elf64-ia64-vms.c:254 elf64-ia64-vms.c:3440 elf64-mips.c:3623
++#: elf64-mips.c:3639 elf64-mmix.c:1264 elf64-ppc.c:2281 elf64-ppc.c:2555
++#: elf64-ppc.c:2564 elf64-s390.c:328 elf64-s390.c:378 elf64-x86-64.c:285
++#: elfn32-mips.c:3451 elfxx-ia64.c:325 elfxx-riscv.c:955 elfxx-sparc.c:589
++#: elfxx-sparc.c:639 elfxx-sparc.c:661 elfxx-tilegx.c:912 elfxx-tilegx.c:952
++#: /work/sources/binutils/current/bfd/elfnn-aarch64.c:2126
++#: /work/sources/binutils/current/bfd/elfnn-aarch64.c:2224 elf32-ia64.c:211
++#: elf32-ia64.c:3863 elf64-ia64.c:211 elf64-ia64.c:3863
++#, c-format
++msgid "%pB: unsupported relocation type %#x"
++msgstr ""
++
++#: aoutx.h:5432 pdp11.c:3694
++#, c-format
++msgid "%pB: relocatable link from %s to %s not supported"
++msgstr ""
++
++#: archive.c:2216
++msgid "warning: writing archive was slow: rewriting timestamp"
+ msgstr ""
+
+-#: archive.c:2421 linker.c:1410
+-msgid "%B: plugin needed to handle lto object"
++#: archive.c:2332 linker.c:1416
++#, c-format
++msgid "%pB: plugin needed to handle lto object"
+ msgstr ""
+
+-#: archive.c:2650
++#: archive.c:2561
+ msgid "Reading archive file mod timestamp"
+ msgstr ""
+
+-#: archive.c:2674
++#: archive.c:2585
+ msgid "Writing updated armap timestamp"
+ msgstr ""
+
++#: bfd.c:448
++msgid "no error"
++msgstr ""
++
++#: bfd.c:449
++msgid "system call error"
++msgstr ""
++
++#: bfd.c:450
++msgid "invalid bfd target"
++msgstr ""
++
++#: bfd.c:451
++msgid "file in wrong format"
++msgstr ""
++
++#: bfd.c:452
++msgid "archive object file in wrong format"
++msgstr ""
++
++#: bfd.c:453
++msgid "invalid operation"
++msgstr ""
++
+ #: bfd.c:454
+-msgid "No error"
++msgid "memory exhausted"
+ msgstr ""
+
+ #: bfd.c:455
+-msgid "System call error"
++msgid "no symbols"
+ msgstr ""
+
+ #: bfd.c:456
+-msgid "Invalid bfd target"
++msgid "archive has no index; run ranlib to add one"
+ msgstr ""
+
+ #: bfd.c:457
+-msgid "File in wrong format"
++msgid "no more archived files"
+ msgstr ""
+
+ #: bfd.c:458
+-msgid "Archive object file in wrong format"
++msgid "malformed archive"
+ msgstr ""
+
+ #: bfd.c:459
+-msgid "Invalid operation"
++msgid "DSO missing from command line"
+ msgstr ""
+
+ #: bfd.c:460
+-msgid "Memory exhausted"
++msgid "file format not recognized"
+ msgstr ""
+
+ #: bfd.c:461
+-msgid "No symbols"
++msgid "file format is ambiguous"
+ msgstr ""
+
+ #: bfd.c:462
+-msgid "Archive has no index; run ranlib to add one"
++msgid "section has no contents"
+ msgstr ""
+
+ #: bfd.c:463
+-msgid "No more archived files"
++msgid "nonrepresentable section on output"
+ msgstr ""
+
+ #: bfd.c:464
+-msgid "Malformed archive"
++msgid "symbol needs debug section which does not exist"
+ msgstr ""
+
+ #: bfd.c:465
+-msgid "DSO missing from command line"
++msgid "bad value"
+ msgstr ""
+
+ #: bfd.c:466
+-msgid "File format not recognized"
++msgid "file truncated"
+ msgstr ""
+
+ #: bfd.c:467
+-msgid "File format is ambiguous"
++msgid "file too big"
+ msgstr ""
+
+ #: bfd.c:468
+-msgid "Section has no contents"
+-msgstr ""
+-
+-#: bfd.c:469
+-msgid "Nonrepresentable section on output"
+-msgstr ""
+-
+-#: bfd.c:470
+-msgid "Symbol needs debug section which does not exist"
+-msgstr ""
+-
+-#: bfd.c:471
+-msgid "Bad value"
+-msgstr ""
+-
+-#: bfd.c:472
+-msgid "File truncated"
+-msgstr ""
+-
+-#: bfd.c:473
+-msgid "File too big"
+-msgstr ""
+-
+-#: bfd.c:474
+ #, c-format
+-msgid "Error reading %s: %s"
++msgid "error reading %s: %s"
+ msgstr ""
+
+-#: bfd.c:475
+-msgid "#<Invalid error code>"
++#: bfd.c:469
++msgid "#<invalid error code>"
+ msgstr ""
+
+-#: bfd.c:1442
++#: bfd.c:1416
+ #, c-format
+ msgid "BFD %s assertion fail %s:%d"
+ msgstr ""
+
+-#: bfd.c:1455
++#: bfd.c:1429
+ #, c-format
+ msgid "BFD %s internal error, aborting at %s:%d in %s\n"
+ msgstr ""
+
+-#: bfd.c:1460
++#: bfd.c:1434
+ #, c-format
+ msgid "BFD %s internal error, aborting at %s:%d\n"
+ msgstr ""
+
+-#: bfd.c:1462
++#: bfd.c:1436
+ msgid "Please report this bug.\n"
+ msgstr ""
+
+@@ -332,7 +371,7 @@ msgstr ""
+ msgid "private flags = %x:"
+ msgstr ""
+
+-#: coff-arm.c:2306 elf32-arm.c:14160
++#: coff-arm.c:2306 elf32-arm.c:14191
+ #, c-format
+ msgid " [floats passed in float registers]"
+ msgstr ""
+@@ -342,7 +381,7 @@ msgstr ""
+ msgid " [floats passed in integer registers]"
+ msgstr ""
+
+-#: coff-arm.c:2311 elf32-arm.c:14163
++#: coff-arm.c:2311 elf32-arm.c:14194
+ #, c-format
+ msgid " [position independent]"
+ msgstr ""
+@@ -2565,224 +2604,180 @@ msgstr ""
+ msgid "ip2k relaxer: switch table header corrupt."
+ msgstr ""
+
+-#: elf32-ip2k.c:1245
+-#, c-format
+-msgid "%B: invalid IP2K reloc number: %d"
+-msgstr ""
+-
+-#: elf32-ip2k.c:1298
+-#, c-format
+-msgid "ip2k linker: missing page instruction at %#Lx (dest = %#Lx)"
+-msgstr ""
+-
+-#: elf32-ip2k.c:1315
+-#, c-format
+-msgid "ip2k linker: redundant page instruction at %#Lx (dest = %#Lx)"
+-msgstr ""
+-
+-#: elf32-iq2000.c:441
++#: elf32-ip2k.c:1302
+ #, c-format
+-msgid "%B: invalid IQ2000 reloc number: %d"
++msgid "ip2k linker: missing page instruction at %#<PRIx64> (dest = %#<PRIx64>)"
+ msgstr ""
+
+-#: elf32-lm32.c:539
++#: elf32-ip2k.c:1321
+ #, c-format
+-msgid "%B: invalid LM32 reloc number: %d"
++msgid ""
++"ip2k linker: redundant page instruction at %#<PRIx64> (dest = %#<PRIx64>)"
+ msgstr ""
+
+-#: elf32-lm32.c:648 elf32-nios2.c:3133
++#: elf32-lm32.c:651 elf32-nios2.c:3141
+ msgid "global pointer relative relocation when _gp not defined"
+ msgstr ""
+
+-#: elf32-lm32.c:703 elf32-nios2.c:3570
++#: elf32-lm32.c:706 elf32-nios2.c:3578
+ msgid "global pointer relative address out of range"
+ msgstr ""
+
+-#: elf32-lm32.c:998
+-msgid "internal error: addend should be zero for R_LM32_16_GOT"
+-msgstr ""
+-
+-#: elf32-m32c.c:306
++#: elf32-lm32.c:1002 elf32-or1k.c:968
+ #, c-format
+-msgid "%B: invalid M32C reloc number: %d"
++msgid "internal error: addend should be zero for %s"
+ msgstr ""
+
+-#: elf32-m32r.c:1286
+-#, c-format
+-msgid "%B: invalid M32R reloc number: %d"
+-msgstr ""
+-
+-#: elf32-m32r.c:1458
++#: elf32-m32r.c:1471
+ msgid "SDA relocation when _SDA_BASE_ not defined"
+ msgstr ""
+
+-#: elf32-m32r.c:2971 elf32-microblaze.c:1064 elf32-microblaze.c:1112
++#: elf32-m32r.c:2984 elf32-microblaze.c:1101 elf32-microblaze.c:1149
+ #, c-format
+-msgid "%B: The target (%s) of an %s relocation is in the wrong section (%A)"
++msgid "%pB: the target (%s) of an %s relocation is in the wrong section (%pA)"
+ msgstr ""
+
+-#: elf32-m32r.c:3473
+-msgid "%B: Instruction set mismatch with previous modules"
++#: elf32-m32r.c:3487
++#, c-format
++msgid "%pB: instruction set mismatch with previous modules"
+ msgstr ""
+
+-#: elf32-m32r.c:3494 elf32-nds32.c:6037
++#: elf32-m32r.c:3508 elf32-nds32.c:6010
+ #, c-format
+ msgid "private flags = %lx"
+ msgstr ""
+
+-#: elf32-m32r.c:3499
++#: elf32-m32r.c:3513
+ #, c-format
+ msgid ": m32r instructions"
+ msgstr ""
+
+-#: elf32-m32r.c:3500
++#: elf32-m32r.c:3514
+ #, c-format
+ msgid ": m32rx instructions"
+ msgstr ""
+
+-#: elf32-m32r.c:3501
++#: elf32-m32r.c:3515
+ #, c-format
+ msgid ": m32r2 instructions"
+ msgstr ""
+
+-#: elf32-m68hc11.c:390
+-#, c-format
+-msgid "%B: invalid M68HC11 reloc number: %d"
+-msgstr ""
+-
+-#: elf32-m68hc12.c:510
+-#, c-format
+-msgid "%B: invalid M68HC12 reloc number: %d"
+-msgstr ""
+-
+-#: elf32-m68hc1x.c:1115
++#: elf32-m68hc1x.c:1116
+ #, c-format
+ msgid ""
+-"Reference to the far symbol `%s' using a wrong relocation may result in "
++"reference to the far symbol `%s' using a wrong relocation may result in "
+ "incorrect execution"
+ msgstr ""
+
+-#: elf32-m68hc1x.c:1149
++#: elf32-m68hc1x.c:1150
+ #, c-format
+ msgid ""
+ "XGATE address (%lx) is not within shared RAM(0xE000-0xFFFF), therefore you "
+ "must manually offset the address, and possibly manage the page, in your code."
+ msgstr ""
+
+-#: elf32-m68hc1x.c:1167
++#: elf32-m68hc1x.c:1168
+ #, c-format
+ msgid ""
+ "banked address [%lx:%04lx] (%lx) is not in the same bank as current banked "
+ "address [%lx:%04lx] (%lx)"
+ msgstr ""
+
+-#: elf32-m68hc1x.c:1183
++#: elf32-m68hc1x.c:1184
+ #, c-format
+ msgid ""
+ "reference to a banked address [%lx:%04lx] in the normal address space at "
+ "%04lx"
+ msgstr ""
+
+-#: elf32-m68hc1x.c:1224
++#: elf32-m68hc1x.c:1225
+ #, c-format
+ msgid ""
+ "S12 address (%lx) is not within shared RAM(0x2000-0x4000), therefore you "
+ "must manually offset the address in your code"
+ msgstr ""
+
+-#: elf32-m68hc1x.c:1351
++#: elf32-m68hc1x.c:1352
++#, c-format
+ msgid ""
+-"%B: linking files compiled for 16-bit integers (-mshort) and others for 32-"
++"%pB: linking files compiled for 16-bit integers (-mshort) and others for 32-"
+ "bit integers"
+ msgstr ""
+
+-#: elf32-m68hc1x.c:1358
++#: elf32-m68hc1x.c:1359
++#, c-format
+ msgid ""
+-"%B: linking files compiled for 32-bit double (-fshort-double) and others for "
+-"64-bit double"
++"%pB: linking files compiled for 32-bit double (-fshort-double) and others "
++"for 64-bit double"
+ msgstr ""
+
+-#: elf32-m68hc1x.c:1367
+-msgid "%B: linking files compiled for HCS12 with others compiled for HC12"
++#: elf32-m68hc1x.c:1368
++#, c-format
++msgid "%pB: linking files compiled for HCS12 with others compiled for HC12"
+ msgstr ""
+
+-#: elf32-m68hc1x.c:1412 elf32-xgate.c:672
++#: elf32-m68hc1x.c:1413 elf32-xgate.c:675
+ #, c-format
+ msgid "[abi=32-bit int, "
+ msgstr ""
+
+-#: elf32-m68hc1x.c:1414 elf32-xgate.c:674
++#: elf32-m68hc1x.c:1415 elf32-xgate.c:677
+ #, c-format
+ msgid "[abi=16-bit int, "
+ msgstr ""
+
+-#: elf32-m68hc1x.c:1417 elf32-xgate.c:677
++#: elf32-m68hc1x.c:1418 elf32-xgate.c:680
+ #, c-format
+ msgid "64-bit double, "
+ msgstr ""
+
+-#: elf32-m68hc1x.c:1419 elf32-xgate.c:679
++#: elf32-m68hc1x.c:1420 elf32-xgate.c:682
+ #, c-format
+ msgid "32-bit double, "
+ msgstr ""
+
+-#: elf32-m68hc1x.c:1422
++#: elf32-m68hc1x.c:1423
+ #, c-format
+ msgid "cpu=HC11]"
+ msgstr ""
+
+-#: elf32-m68hc1x.c:1424
++#: elf32-m68hc1x.c:1425
+ #, c-format
+ msgid "cpu=HCS12]"
+ msgstr ""
+
+-#: elf32-m68hc1x.c:1426
++#: elf32-m68hc1x.c:1427
+ #, c-format
+ msgid "cpu=HC12]"
+ msgstr ""
+
+-#: elf32-m68hc1x.c:1429
++#: elf32-m68hc1x.c:1430
+ #, c-format
+ msgid " [memory=bank-model]"
+ msgstr ""
+
+-#: elf32-m68hc1x.c:1431
++#: elf32-m68hc1x.c:1432
+ #, c-format
+ msgid " [memory=flat]"
+ msgstr ""
+
+-#: elf32-m68hc1x.c:1434
++#: elf32-m68hc1x.c:1435
+ #, c-format
+ msgid " [XGATE RAM offsetting]"
+ msgstr ""
+
+-#: elf32-m68k.c:1214 elf32-m68k.c:1215 vms-alpha.c:7477 vms-alpha.c:7493
++#: elf32-m68k.c:1216 elf32-m68k.c:1217 vms-alpha.c:7478 vms-alpha.c:7494
+ msgid "unknown"
+ msgstr ""
+
+-#: elf32-m68k.c:1658
+-#, c-format
+-msgid "%B: GOT overflow: Number of relocations with 8-bit offset > %d"
+-msgstr ""
+-
+-#: elf32-m68k.c:1665
+-#, c-format
+-msgid "%B: GOT overflow: Number of relocations with 8- or 16-bit offset > %d"
+-msgstr ""
+-
+-#: elf32-mcore.c:100 elf32-mcore.c:455
++#: elf32-m68k.c:1660
+ #, c-format
+-msgid "%B: Relocation %s (%d) is not currently supported.\n"
++msgid "%pB: GOT overflow: number of relocations with 8-bit offset > %d"
+ msgstr ""
+
+-#: elf32-mcore.c:355
++#: elf32-m68k.c:1667
+ #, c-format
+-msgid "%B: unrecognised MCore reloc number: %d"
+-msgstr ""
+-
+-#: elf32-mcore.c:440
+-#, c-format
+-msgid "%B: Unknown relocation type %d\n"
++msgid "%pB: GOT overflow: number of relocations with 8- or 16-bit offset > %d"
+ msgstr ""
+
+ #. Pacify gcc -Wall.
+@@ -5936,124 +5931,128 @@ msgstr ""
+ #. XXX code yet to be written.
+ #: peicode.h:775
+ #, c-format
+-msgid "%B: Unhandled import type; %x"
++msgid "%pB: unhandled import type; %x"
+ msgstr ""
+
+ #: peicode.h:781
+ #, c-format
+-msgid "%B: Unrecognised import type; %x"
++msgid "%pB: unrecognized import type; %x"
+ msgstr ""
+
+ #: peicode.h:796
+ #, c-format
+-msgid "%B: Unrecognised import name type; %x"
++msgid "%pB: unrecognized import name type; %x"
+ msgstr ""
+
+-#: peicode.h:1217
++#: peicode.h:1211
+ #, c-format
+-msgid "%B: Unrecognised machine type (0x%x) in Import Library Format archive"
++msgid "%pB: unrecognised machine type (0x%x) in Import Library Format archive"
+ msgstr ""
+
+-#: peicode.h:1230
++#: peicode.h:1224
+ #, c-format
+ msgid ""
+-"%B: Recognised but unhandled machine type (0x%x) in Import Library Format "
++"%pB: recognised but unhandled machine type (0x%x) in Import Library Format "
+ "archive"
+ msgstr ""
+
+-#: peicode.h:1248
+-msgid "%B: size field is zero in Import Library Format header"
++#: peicode.h:1242
++#, c-format
++msgid "%pB: size field is zero in Import Library Format header"
+ msgstr ""
+
+-#: peicode.h:1280
+-msgid "%B: string not null terminated in ILF object file."
++#: peicode.h:1274
++#, c-format
++msgid "%pB: string not null terminated in ILF object file"
+ msgstr ""
+
+-#: peicode.h:1335
+-msgid "%B: Error: Debug Data ends beyond end of debug directory."
++#: peicode.h:1330
++#, c-format
++msgid "%pB: error: debug data ends beyond end of debug directory"
+ msgstr ""
+
+-#: ppcboot.c:393
++#: ppcboot.c:392
+ #, c-format
+ msgid ""
+ "\n"
+ "ppcboot header:\n"
+ msgstr ""
+
+-#: ppcboot.c:394
++#: ppcboot.c:393
+ #, c-format
+ msgid "Entry offset = 0x%.8lx (%ld)\n"
+ msgstr ""
+
+-#: ppcboot.c:396
++#: ppcboot.c:395
+ #, c-format
+ msgid "Length = 0x%.8lx (%ld)\n"
+ msgstr ""
+
+-#: ppcboot.c:400
++#: ppcboot.c:399
+ #, c-format
+ msgid "Flag field = 0x%.2x\n"
+ msgstr ""
+
+-#: ppcboot.c:406
++#: ppcboot.c:405
+ #, c-format
+ msgid "Partition name = \"%s\"\n"
+ msgstr ""
+
+-#: ppcboot.c:426
++#: ppcboot.c:425
+ #, c-format
+ msgid ""
+ "\n"
+ "Partition[%d] start = { 0x%.2x, 0x%.2x, 0x%.2x, 0x%.2x }\n"
+ msgstr ""
+
+-#: ppcboot.c:433
++#: ppcboot.c:432
+ #, c-format
+ msgid "Partition[%d] end = { 0x%.2x, 0x%.2x, 0x%.2x, 0x%.2x }\n"
+ msgstr ""
+
+-#: ppcboot.c:440
++#: ppcboot.c:439
+ #, c-format
+ msgid "Partition[%d] sector = 0x%.8lx (%ld)\n"
+ msgstr ""
+
+-#: ppcboot.c:444
++#: ppcboot.c:443
+ #, c-format
+ msgid "Partition[%d] length = 0x%.8lx (%ld)\n"
+ msgstr ""
+
+-#: reloc.c:8106
+-msgid "INPUT_SECTION_FLAGS are not supported.\n"
++#: reloc.c:8125
++msgid "INPUT_SECTION_FLAGS are not supported"
+ msgstr ""
+
+-#: reloc.c:8207
++#: reloc.c:8226
+ #, c-format
+-msgid "%X%P: %B(%A): error: relocation for offset %V has no value\n"
++msgid "%X%P: %pB(%pA): error: relocation for offset %V has no value\n"
+ msgstr ""
+
+-#: reloc.c:8283
++#: reloc.c:8302
+ #, c-format
+-msgid "%X%P: %B(%A): relocation \"%R\" is not supported\n"
++msgid "%X%P: %pB(%pA): relocation \"%pR\" is not supported\n"
+ msgstr ""
+
+-#: reloc.c:8292
++#: reloc.c:8311
+ #, c-format
+-msgid "%X%P: %B(%A): relocation \"%R\" returns an unrecognized value %x\n"
++msgid "%X%P: %pB(%pA): relocation \"%pR\" returns an unrecognized value %x\n"
+ msgstr ""
+
+-#: reloc.c:8354
++#: reloc.c:8373
+ #, c-format
+-msgid "%B: unrecognized relocation (%#x) in section `%A'"
++msgid "%pB: unrecognized relocation type %#x in section `%pA'"
+ msgstr ""
+
+ #. PR 21803: Suggest the most likely cause of this error.
+-#: reloc.c:8358
++#: reloc.c:8377
+ #, c-format
+-msgid "Is this version of the linker - %s - out of date ?"
++msgid "is this version of the linker - %s - out of date ?"
+ msgstr ""
+
+ #: rs6000-core.c:471
+-msgid "%B: warning core file truncated"
++#, c-format
++msgid "%pB: warning core file truncated"
+ msgstr ""
+
+ #: som.c:5478
+@@ -6069,91 +6068,91 @@ msgstr ""
+
+ #: srec.c:260
+ #, c-format
+-msgid "%B:%d: Unexpected character `%s' in S-record file\n"
++msgid "%pB:%d: unexpected character `%s' in S-record file"
+ msgstr ""
+
+ #: srec.c:488
+ #, c-format
+-msgid "%B:%d: byte count %d too small\n"
++msgid "%pB:%d: byte count %d too small"
+ msgstr ""
+
+ #: srec.c:581 srec.c:615
+ #, c-format
+-msgid "%B:%d: Bad checksum in S-record file\n"
++msgid "%pB:%d: bad checksum in S-record file"
+ msgstr ""
+
+ #: stabs.c:279
+ #, c-format
+-msgid "%B(%A+%#lx): Stabs entry has invalid string index."
++msgid "%pB(%pA+%#lx): stabs entry has invalid string index"
+ msgstr ""
+
+ #: syms.c:1079
+-msgid "Unsupported .stab relocation"
++msgid "unsupported .stab relocation"
+ msgstr ""
+
+ #: vms-alpha.c:479
+-msgid "Corrupt EIHD record - size is too small"
++msgid "corrupt EIHD record - size is too small"
+ msgstr ""
+
+ #: vms-alpha.c:660
+ #, c-format
+-msgid "Unable to read EIHS record at offset %#x"
++msgid "unable to read EIHS record at offset %#x"
+ msgstr ""
+
+-#: vms-alpha.c:1172
++#: vms-alpha.c:1173
+ #, c-format
+-msgid "Corrupt EGSD record: its size (%#x) is too small"
++msgid "corrupt EGSD record: its size (%#x) is too small"
+ msgstr ""
+
+-#: vms-alpha.c:1196
++#: vms-alpha.c:1197
+ #, c-format
+-msgid "Corrupt EGSD record: size (%#x) is larger than remaining space (%#x)"
++msgid "corrupt EGSD record: size (%#x) is larger than remaining space (%#x)"
+ msgstr ""
+
+-#: vms-alpha.c:1204
++#: vms-alpha.c:1205
+ #, c-format
+-msgid "Corrupt EGSD record: size (%#x) is too small"
++msgid "corrupt EGSD record: size (%#x) is too small"
+ msgstr ""
+
+-#: vms-alpha.c:1333 vms-alpha.c:1349 vms-alpha.c:1389
++#: vms-alpha.c:1334 vms-alpha.c:1350 vms-alpha.c:1390
+ #, c-format
+-msgid "Corrupt EGSD record: its psindx field is too big (%#lx)"
++msgid "corrupt EGSD record: its psindx field is too big (%#lx)"
+ msgstr ""
+
+-#: vms-alpha.c:1418
++#: vms-alpha.c:1419
+ #, c-format
+-msgid "Unknown EGSD subtype %d"
++msgid "unknown EGSD subtype %d"
+ msgstr ""
+
+-#: vms-alpha.c:1451
++#: vms-alpha.c:1452
+ #, c-format
+-msgid "Stack overflow (%d) in _bfd_vms_push"
++msgid "stack overflow (%d) in _bfd_vms_push"
+ msgstr ""
+
+-#: vms-alpha.c:1464
+-msgid "Stack underflow in _bfd_vms_pop"
++#: vms-alpha.c:1465
++msgid "stack underflow in _bfd_vms_pop"
+ msgstr ""
+
+ #. These names have not yet been added to this switch statement.
+-#: vms-alpha.c:1706
++#: vms-alpha.c:1707
+ #, c-format
+ msgid "unknown ETIR command %d"
+ msgstr ""
+
+-#: vms-alpha.c:1737
+-msgid "Corrupt vms value"
++#: vms-alpha.c:1738
++msgid "corrupt vms value"
+ msgstr ""
+
+-#: vms-alpha.c:1865
+-msgid "Corrupt ETIR record encountered"
++#: vms-alpha.c:1866
++msgid "corrupt ETIR record encountered"
+ msgstr ""
+
+-#: vms-alpha.c:1922
++#: vms-alpha.c:1923
+ #, c-format
+ msgid "bad section index in %s"
+ msgstr ""
+
+-#: vms-alpha.c:1935
++#: vms-alpha.c:1936
+ #, c-format
+ msgid "unsupported STA cmd %s"
+ msgstr ""
+@@ -6163,1961 +6162,1932 @@ msgstr ""
+ #. Rotate.
+ #. Redefine symbol to current location.
+ #. Define a literal.
+-#: vms-alpha.c:2115 vms-alpha.c:2146 vms-alpha.c:2237 vms-alpha.c:2395
++#: vms-alpha.c:2116 vms-alpha.c:2147 vms-alpha.c:2238 vms-alpha.c:2396
+ #, c-format
+ msgid "%s: not supported"
+ msgstr ""
+
+-#: vms-alpha.c:2121
++#: vms-alpha.c:2122
+ #, c-format
+ msgid "%s: not implemented"
+ msgstr ""
+
+-#: vms-alpha.c:2379
++#: vms-alpha.c:2380
+ #, c-format
+ msgid "invalid use of %s with contexts"
+ msgstr ""
+
+-#: vms-alpha.c:2413
++#: vms-alpha.c:2414
+ #, c-format
+ msgid "reserved cmd %d"
+ msgstr ""
+
+-#: vms-alpha.c:2497
+-msgid "Corrupt EEOM record - size is too small"
++#: vms-alpha.c:2498
++msgid "corrupt EEOM record - size is too small"
+ msgstr ""
+
+-#: vms-alpha.c:2506
+-msgid "Object module NOT error-free !\n"
++#: vms-alpha.c:2507
++msgid "object module not error-free !"
+ msgstr ""
+
+-#: vms-alpha.c:3830
++#: vms-alpha.c:3831
+ #, c-format
+-msgid "SEC_RELOC with no relocs in section %A"
++msgid "SEC_RELOC with no relocs in section %pA"
+ msgstr ""
+
+-#: vms-alpha.c:3882 vms-alpha.c:4095
++#: vms-alpha.c:3883 vms-alpha.c:4096
+ #, c-format
+-msgid "Size error in section %A"
++msgid "size error in section %pA"
+ msgstr ""
+
+-#: vms-alpha.c:4041
+-msgid "Spurious ALPHA_R_BSR reloc"
++#: vms-alpha.c:4042
++msgid "spurious ALPHA_R_BSR reloc"
+ msgstr ""
+
+-#: vms-alpha.c:4082
++#: vms-alpha.c:4083
+ #, c-format
+-msgid "Unhandled relocation %s"
++msgid "unhandled relocation %s"
+ msgstr ""
+
+-#: vms-alpha.c:4375
++#: vms-alpha.c:4376
+ #, c-format
+ msgid "unknown source command %d"
+ msgstr ""
+
+-#: vms-alpha.c:4436
+-msgid "DST__K_SET_LINUM_INCR not implemented"
+-msgstr ""
+-
+-#: vms-alpha.c:4442
+-msgid "DST__K_SET_LINUM_INCR_W not implemented"
+-msgstr ""
+-
+-#: vms-alpha.c:4448
+-msgid "DST__K_RESET_LINUM_INCR not implemented"
+-msgstr ""
+-
+-#: vms-alpha.c:4454
+-msgid "DST__K_BEG_STMT_MODE not implemented"
+-msgstr ""
+-
+-#: vms-alpha.c:4460
+-msgid "DST__K_END_STMT_MODE not implemented"
+-msgstr ""
+-
+-#: vms-alpha.c:4487
+-msgid "DST__K_SET_PC not implemented"
+-msgstr ""
+-
+-#: vms-alpha.c:4493
+-msgid "DST__K_SET_PC_W not implemented"
+-msgstr ""
+-
+-#: vms-alpha.c:4499
+-msgid "DST__K_SET_PC_L not implemented"
+-msgstr ""
+-
+-#: vms-alpha.c:4505
+-msgid "DST__K_SET_STMTNUM not implemented"
++#: vms-alpha.c:4437 vms-alpha.c:4443 vms-alpha.c:4449 vms-alpha.c:4455
++#: vms-alpha.c:4461 vms-alpha.c:4488 vms-alpha.c:4494 vms-alpha.c:4500
++#: vms-alpha.c:4506
++#, c-format
++msgid "%s not implemented"
+ msgstr ""
+
+-#: vms-alpha.c:4548
++#: vms-alpha.c:4549
+ #, c-format
+ msgid "unknown line command %d"
+ msgstr ""
+
+-#: vms-alpha.c:5008 vms-alpha.c:5026 vms-alpha.c:5041 vms-alpha.c:5057
+-#: vms-alpha.c:5070 vms-alpha.c:5082 vms-alpha.c:5095
++#: vms-alpha.c:5009 vms-alpha.c:5027 vms-alpha.c:5042 vms-alpha.c:5058
++#: vms-alpha.c:5071 vms-alpha.c:5083 vms-alpha.c:5096
+ #, c-format
+-msgid "Unknown reloc %s + %s"
++msgid "unknown reloc %s + %s"
+ msgstr ""
+
+-#: vms-alpha.c:5150
++#: vms-alpha.c:5151
+ #, c-format
+-msgid "Unknown reloc %s"
++msgid "unknown reloc %s"
+ msgstr ""
+
+-#: vms-alpha.c:5163
+-msgid "Invalid section index in ETIR"
++#: vms-alpha.c:5164
++msgid "invalid section index in ETIR"
+ msgstr ""
+
+-#: vms-alpha.c:5172
+-msgid "Relocation for non-REL psect"
++#: vms-alpha.c:5173
++msgid "relocation for non-REL psect"
+ msgstr ""
+
+-#: vms-alpha.c:5219
++#: vms-alpha.c:5220
+ #, c-format
+-msgid "Unknown symbol in command %s"
++msgid "unknown symbol in command %s"
+ msgstr ""
+
+-#: vms-alpha.c:5629
++#: vms-alpha.c:5630
+ #, c-format
+ msgid "reloc (%d) is *UNKNOWN*"
+ msgstr ""
+
+-#: vms-alpha.c:5745
++#: vms-alpha.c:5746
+ #, c-format
+ msgid " EMH %u (len=%u): "
+ msgstr ""
+
+-#: vms-alpha.c:5750
++#: vms-alpha.c:5751
+ #, c-format
+ msgid " Error: The length is less than the length of an EMH record\n"
+ msgstr ""
+
+-#: vms-alpha.c:5767
++#: vms-alpha.c:5768
+ #, c-format
+ msgid ""
+ " Error: The record length is less than the size of an EMH_MHD record\n"
+ msgstr ""
+
+-#: vms-alpha.c:5770
++#: vms-alpha.c:5771
+ #, c-format
+ msgid "Module header\n"
+ msgstr ""
+
+-#: vms-alpha.c:5771
++#: vms-alpha.c:5772
+ #, c-format
+ msgid " structure level: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:5772
++#: vms-alpha.c:5773
+ #, c-format
+ msgid " max record size: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:5778
++#: vms-alpha.c:5779
+ #, c-format
+ msgid " Error: The module name is missing\n"
+ msgstr ""
+
+-#: vms-alpha.c:5784
++#: vms-alpha.c:5785
+ #, c-format
+ msgid " Error: The module name is too long\n"
+ msgstr ""
+
+-#: vms-alpha.c:5787
++#: vms-alpha.c:5788
+ #, c-format
+ msgid " module name : %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:5791
++#: vms-alpha.c:5792
+ #, c-format
+ msgid " Error: The module version is missing\n"
+ msgstr ""
+
+-#: vms-alpha.c:5797
++#: vms-alpha.c:5798
+ #, c-format
+ msgid " Error: The module version is too long\n"
+ msgstr ""
+
+-#: vms-alpha.c:5800
++#: vms-alpha.c:5801
+ #, c-format
+ msgid " module version : %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:5803
++#: vms-alpha.c:5804
+ #, c-format
+ msgid " Error: The compile date is truncated\n"
+ msgstr ""
+
+-#: vms-alpha.c:5805
++#: vms-alpha.c:5806
+ #, c-format
+ msgid " compile date : %.17s\n"
+ msgstr ""
+
+-#: vms-alpha.c:5810
++#: vms-alpha.c:5811
+ #, c-format
+ msgid "Language Processor Name\n"
+ msgstr ""
+
+-#: vms-alpha.c:5811
++#: vms-alpha.c:5812
+ #, c-format
+ msgid " language name: %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:5815
++#: vms-alpha.c:5816
+ #, c-format
+ msgid "Source Files Header\n"
+ msgstr ""
+
+-#: vms-alpha.c:5816
++#: vms-alpha.c:5817
+ #, c-format
+ msgid " file: %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:5820
++#: vms-alpha.c:5821
+ #, c-format
+ msgid "Title Text Header\n"
+ msgstr ""
+
+-#: vms-alpha.c:5821
++#: vms-alpha.c:5822
+ #, c-format
+ msgid " title: %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:5825
++#: vms-alpha.c:5826
+ #, c-format
+ msgid "Copyright Header\n"
+ msgstr ""
+
+-#: vms-alpha.c:5826
++#: vms-alpha.c:5827
+ #, c-format
+ msgid " copyright: %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:5830
++#: vms-alpha.c:5831
+ #, c-format
+ msgid "unhandled emh subtype %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:5840
++#: vms-alpha.c:5841
+ #, c-format
+ msgid " EEOM (len=%u):\n"
+ msgstr ""
+
+-#: vms-alpha.c:5845
++#: vms-alpha.c:5846
+ #, c-format
+ msgid " Error: The length is less than the length of an EEOM record\n"
+ msgstr ""
+
+-#: vms-alpha.c:5849
++#: vms-alpha.c:5850
+ #, c-format
+ msgid " number of cond linkage pairs: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:5851
++#: vms-alpha.c:5852
+ #, c-format
+ msgid " completion code: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:5855
++#: vms-alpha.c:5856
+ #, c-format
+ msgid " transfer addr flags: 0x%02x\n"
+ msgstr ""
+
+-#: vms-alpha.c:5856
++#: vms-alpha.c:5857
+ #, c-format
+ msgid " transfer addr psect: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:5858
++#: vms-alpha.c:5859
+ #, c-format
+ msgid " transfer address : 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:5867
++#: vms-alpha.c:5868
+ msgid " WEAK"
+ msgstr ""
+
+-#: vms-alpha.c:5869
++#: vms-alpha.c:5870
+ msgid " DEF"
+ msgstr ""
+
+-#: vms-alpha.c:5871
++#: vms-alpha.c:5872
+ msgid " UNI"
+ msgstr ""
+
+-#: vms-alpha.c:5873 vms-alpha.c:5894
++#: vms-alpha.c:5874 vms-alpha.c:5895
+ msgid " REL"
+ msgstr ""
+
+-#: vms-alpha.c:5875
++#: vms-alpha.c:5876
+ msgid " COMM"
+ msgstr ""
+
+-#: vms-alpha.c:5877
++#: vms-alpha.c:5878
+ msgid " VECEP"
+ msgstr ""
+
+-#: vms-alpha.c:5879
++#: vms-alpha.c:5880
+ msgid " NORM"
+ msgstr ""
+
+-#: vms-alpha.c:5881
++#: vms-alpha.c:5882
+ msgid " QVAL"
+ msgstr ""
+
+-#: vms-alpha.c:5888
++#: vms-alpha.c:5889
+ msgid " PIC"
+ msgstr ""
+
+-#: vms-alpha.c:5890
++#: vms-alpha.c:5891
+ msgid " LIB"
+ msgstr ""
+
+-#: vms-alpha.c:5892
++#: vms-alpha.c:5893
+ msgid " OVR"
+ msgstr ""
+
+-#: vms-alpha.c:5896
++#: vms-alpha.c:5897
+ msgid " GBL"
+ msgstr ""
+
+-#: vms-alpha.c:5898
++#: vms-alpha.c:5899
+ msgid " SHR"
+ msgstr ""
+
+-#: vms-alpha.c:5900
++#: vms-alpha.c:5901
+ msgid " EXE"
+ msgstr ""
+
+-#: vms-alpha.c:5902
++#: vms-alpha.c:5903
+ msgid " RD"
+ msgstr ""
+
+-#: vms-alpha.c:5904
++#: vms-alpha.c:5905
+ msgid " WRT"
+ msgstr ""
+
+-#: vms-alpha.c:5906
++#: vms-alpha.c:5907
+ msgid " VEC"
+ msgstr ""
+
+-#: vms-alpha.c:5908
++#: vms-alpha.c:5909
+ msgid " NOMOD"
+ msgstr ""
+
+-#: vms-alpha.c:5910
++#: vms-alpha.c:5911
+ msgid " COM"
+ msgstr ""
+
+-#: vms-alpha.c:5912
++#: vms-alpha.c:5913
+ msgid " 64B"
+ msgstr ""
+
+-#: vms-alpha.c:5921
++#: vms-alpha.c:5922
+ #, c-format
+ msgid " EGSD (len=%u):\n"
+ msgstr ""
+
+-#: vms-alpha.c:5934
++#: vms-alpha.c:5935
+ #, c-format
+ msgid " EGSD entry %2u (type: %u, len: %u): "
+ msgstr ""
+
+-#: vms-alpha.c:5940 vms-alpha.c:6191
++#: vms-alpha.c:5941 vms-alpha.c:6192
+ #, c-format
+ msgid " Error: length larger than remaining space in record\n"
+ msgstr ""
+
+-#: vms-alpha.c:5952
++#: vms-alpha.c:5953
+ #, c-format
+ msgid "PSC - Program section definition\n"
+ msgstr ""
+
+-#: vms-alpha.c:5953 vms-alpha.c:5970
++#: vms-alpha.c:5954 vms-alpha.c:5971
+ #, c-format
+ msgid " alignment : 2**%u\n"
+ msgstr ""
+
+-#: vms-alpha.c:5954 vms-alpha.c:5971
++#: vms-alpha.c:5955 vms-alpha.c:5972
+ #, c-format
+ msgid " flags : 0x%04x"
+ msgstr ""
+
+-#: vms-alpha.c:5958
++#: vms-alpha.c:5959
+ #, c-format
+ msgid " alloc (len): %u (0x%08x)\n"
+ msgstr ""
+
+-#: vms-alpha.c:5959 vms-alpha.c:6016 vms-alpha.c:6065
++#: vms-alpha.c:5960 vms-alpha.c:6017 vms-alpha.c:6066
+ #, c-format
+ msgid " name : %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:5969
++#: vms-alpha.c:5970
+ #, c-format
+ msgid "SPSC - Shared Image Program section def\n"
+ msgstr ""
+
+-#: vms-alpha.c:5975
++#: vms-alpha.c:5976
+ #, c-format
+ msgid " alloc (len) : %u (0x%08x)\n"
+ msgstr ""
+
+-#: vms-alpha.c:5976
++#: vms-alpha.c:5977
+ #, c-format
+ msgid " image offset : 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:5978
++#: vms-alpha.c:5979
+ #, c-format
+ msgid " symvec offset : 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:5980
++#: vms-alpha.c:5981
+ #, c-format
+ msgid " name : %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:5993
++#: vms-alpha.c:5994
+ #, c-format
+ msgid "SYM - Global symbol definition\n"
+ msgstr ""
+
+-#: vms-alpha.c:5994 vms-alpha.c:6054 vms-alpha.c:6075 vms-alpha.c:6094
++#: vms-alpha.c:5995 vms-alpha.c:6055 vms-alpha.c:6076 vms-alpha.c:6095
+ #, c-format
+ msgid " flags: 0x%04x"
+ msgstr ""
+
+-#: vms-alpha.c:5997
++#: vms-alpha.c:5998
+ #, c-format
+ msgid " psect offset: 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6001
++#: vms-alpha.c:6002
+ #, c-format
+ msgid " code address: 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6003
++#: vms-alpha.c:6004
+ #, c-format
+ msgid " psect index for entry point : %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:6006 vms-alpha.c:6082 vms-alpha.c:6101
++#: vms-alpha.c:6007 vms-alpha.c:6083 vms-alpha.c:6102
+ #, c-format
+ msgid " psect index : %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:6008 vms-alpha.c:6084 vms-alpha.c:6103
++#: vms-alpha.c:6009 vms-alpha.c:6085 vms-alpha.c:6104
+ #, c-format
+ msgid " name : %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:6015
++#: vms-alpha.c:6016
+ #, c-format
+ msgid "SYM - Global symbol reference\n"
+ msgstr ""
+
+-#: vms-alpha.c:6027
++#: vms-alpha.c:6028
+ #, c-format
+ msgid "IDC - Ident Consistency check\n"
+ msgstr ""
+
+-#: vms-alpha.c:6028
++#: vms-alpha.c:6029
+ #, c-format
+ msgid " flags : 0x%08x"
+ msgstr ""
+
+-#: vms-alpha.c:6032
++#: vms-alpha.c:6033
+ #, c-format
+ msgid " id match : %x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6034
++#: vms-alpha.c:6035
+ #, c-format
+ msgid " error severity: %x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6037
++#: vms-alpha.c:6038
+ #, c-format
+ msgid " entity name : %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:6039
++#: vms-alpha.c:6040
+ #, c-format
+ msgid " object name : %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:6042
++#: vms-alpha.c:6043
+ #, c-format
+ msgid " binary ident : 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6045
++#: vms-alpha.c:6046
+ #, c-format
+ msgid " ascii ident : %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:6053
++#: vms-alpha.c:6054
+ #, c-format
+ msgid "SYMG - Universal symbol definition\n"
+ msgstr ""
+
+-#: vms-alpha.c:6057
++#: vms-alpha.c:6058
+ #, c-format
+ msgid " symbol vector offset: 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6059
++#: vms-alpha.c:6060
+ #, c-format
+ msgid " entry point: 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6061
++#: vms-alpha.c:6062
+ #, c-format
+ msgid " proc descr : 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6063
++#: vms-alpha.c:6064
+ #, c-format
+ msgid " psect index: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:6074
++#: vms-alpha.c:6075
+ #, c-format
+ msgid "SYMV - Vectored symbol definition\n"
+ msgstr ""
+
+-#: vms-alpha.c:6078
++#: vms-alpha.c:6079
+ #, c-format
+ msgid " vector : 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6080 vms-alpha.c:6099
++#: vms-alpha.c:6081 vms-alpha.c:6100
+ #, c-format
+ msgid " psect offset: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:6093
++#: vms-alpha.c:6094
+ #, c-format
+ msgid "SYMM - Global symbol definition with version\n"
+ msgstr ""
+
+-#: vms-alpha.c:6097
++#: vms-alpha.c:6098
+ #, c-format
+ msgid " version mask: 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6108
++#: vms-alpha.c:6109
+ #, c-format
+ msgid "unhandled egsd entry type %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:6143
++#: vms-alpha.c:6144
+ #, c-format
+ msgid " linkage index: %u, replacement insn: 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6147
++#: vms-alpha.c:6148
+ #, c-format
+ msgid " psect idx 1: %u, offset 1: 0x%08x %08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6152
++#: vms-alpha.c:6153
+ #, c-format
+ msgid " psect idx 2: %u, offset 2: 0x%08x %08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6158
++#: vms-alpha.c:6159
+ #, c-format
+ msgid " psect idx 3: %u, offset 3: 0x%08x %08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6163
++#: vms-alpha.c:6164
+ #, c-format
+ msgid " global name: %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:6174
++#: vms-alpha.c:6175
+ #, c-format
+ msgid " %s (len=%u+%u):\n"
+ msgstr ""
+
+-#: vms-alpha.c:6196
++#: vms-alpha.c:6197
+ #, c-format
+ msgid " (type: %3u, size: 4+%3u): "
+ msgstr ""
+
+-#: vms-alpha.c:6200
++#: vms-alpha.c:6201
+ #, c-format
+ msgid "STA_GBL (stack global) %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:6204
++#: vms-alpha.c:6205
+ #, c-format
+ msgid "STA_LW (stack longword) 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6208
++#: vms-alpha.c:6209
+ #, c-format
+ msgid "STA_QW (stack quadword) 0x%08x %08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6213
++#: vms-alpha.c:6214
+ #, c-format
+ msgid "STA_PQ (stack psect base + offset)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6215
++#: vms-alpha.c:6216
+ #, c-format
+ msgid " psect: %u, offset: 0x%08x %08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6221
++#: vms-alpha.c:6222
+ #, c-format
+ msgid "STA_LI (stack literal)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6224
++#: vms-alpha.c:6225
+ #, c-format
+ msgid "STA_MOD (stack module)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6227
++#: vms-alpha.c:6228
+ #, c-format
+ msgid "STA_CKARG (compare procedure argument)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6231
++#: vms-alpha.c:6232
+ #, c-format
+ msgid "STO_B (store byte)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6234
++#: vms-alpha.c:6235
+ #, c-format
+ msgid "STO_W (store word)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6237
++#: vms-alpha.c:6238
+ #, c-format
+ msgid "STO_LW (store longword)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6240
++#: vms-alpha.c:6241
+ #, c-format
+ msgid "STO_QW (store quadword)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6246
++#: vms-alpha.c:6247
+ #, c-format
+ msgid "STO_IMMR (store immediate repeat) %u bytes\n"
+ msgstr ""
+
+-#: vms-alpha.c:6253
++#: vms-alpha.c:6254
+ #, c-format
+ msgid "STO_GBL (store global) %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:6257
++#: vms-alpha.c:6258
+ #, c-format
+ msgid "STO_CA (store code address) %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:6261
++#: vms-alpha.c:6262
+ #, c-format
+ msgid "STO_RB (store relative branch)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6264
++#: vms-alpha.c:6265
+ #, c-format
+ msgid "STO_AB (store absolute branch)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6267
++#: vms-alpha.c:6268
+ #, c-format
+ msgid "STO_OFF (store offset to psect)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6273
++#: vms-alpha.c:6274
+ #, c-format
+ msgid "STO_IMM (store immediate) %u bytes\n"
+ msgstr ""
+
+-#: vms-alpha.c:6280
++#: vms-alpha.c:6281
+ #, c-format
+ msgid "STO_GBL_LW (store global longword) %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:6284
++#: vms-alpha.c:6285
+ #, c-format
+ msgid "STO_OFF (store LP with procedure signature)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6287
++#: vms-alpha.c:6288
+ #, c-format
+ msgid "STO_BR_GBL (store branch global) *todo*\n"
+ msgstr ""
+
+-#: vms-alpha.c:6290
++#: vms-alpha.c:6291
+ #, c-format
+ msgid "STO_BR_PS (store branch psect + offset) *todo*\n"
+ msgstr ""
+
+-#: vms-alpha.c:6294
++#: vms-alpha.c:6295
+ #, c-format
+ msgid "OPR_NOP (no-operation)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6297
++#: vms-alpha.c:6298
+ #, c-format
+ msgid "OPR_ADD (add)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6300
++#: vms-alpha.c:6301
+ #, c-format
+ msgid "OPR_SUB (subtract)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6303
++#: vms-alpha.c:6304
+ #, c-format
+ msgid "OPR_MUL (multiply)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6306
++#: vms-alpha.c:6307
+ #, c-format
+ msgid "OPR_DIV (divide)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6309
++#: vms-alpha.c:6310
+ #, c-format
+ msgid "OPR_AND (logical and)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6312
++#: vms-alpha.c:6313
+ #, c-format
+ msgid "OPR_IOR (logical inclusive or)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6315
++#: vms-alpha.c:6316
+ #, c-format
+ msgid "OPR_EOR (logical exclusive or)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6318
++#: vms-alpha.c:6319
+ #, c-format
+ msgid "OPR_NEG (negate)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6321
++#: vms-alpha.c:6322
+ #, c-format
+ msgid "OPR_COM (complement)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6324
++#: vms-alpha.c:6325
+ #, c-format
+ msgid "OPR_INSV (insert field)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6327
++#: vms-alpha.c:6328
+ #, c-format
+ msgid "OPR_ASH (arithmetic shift)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6330
++#: vms-alpha.c:6331
+ #, c-format
+ msgid "OPR_USH (unsigned shift)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6333
++#: vms-alpha.c:6334
+ #, c-format
+ msgid "OPR_ROT (rotate)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6336
++#: vms-alpha.c:6337
+ #, c-format
+ msgid "OPR_SEL (select)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6339
++#: vms-alpha.c:6340
+ #, c-format
+ msgid "OPR_REDEF (redefine symbol to curr location)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6342
++#: vms-alpha.c:6343
+ #, c-format
+ msgid "OPR_REDEF (define a literal)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6346
++#: vms-alpha.c:6347
+ #, c-format
+ msgid "STC_LP (store cond linkage pair)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6350
++#: vms-alpha.c:6351
+ #, c-format
+ msgid "STC_LP_PSB (store cond linkage pair + signature)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6352
++#: vms-alpha.c:6353
+ #, c-format
+ msgid " linkage index: %u, procedure: %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:6355
++#: vms-alpha.c:6356
+ #, c-format
+ msgid " signature: %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:6358
++#: vms-alpha.c:6359
+ #, c-format
+ msgid "STC_GBL (store cond global)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6360
++#: vms-alpha.c:6361
+ #, c-format
+ msgid " linkage index: %u, global: %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:6364
++#: vms-alpha.c:6365
+ #, c-format
+ msgid "STC_GCA (store cond code address)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6366
++#: vms-alpha.c:6367
+ #, c-format
+ msgid " linkage index: %u, procedure name: %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:6370
++#: vms-alpha.c:6371
+ #, c-format
+ msgid "STC_PS (store cond psect + offset)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6373
++#: vms-alpha.c:6374
+ #, c-format
+ msgid " linkage index: %u, psect: %u, offset: 0x%08x %08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6380
++#: vms-alpha.c:6381
+ #, c-format
+ msgid "STC_NOP_GBL (store cond NOP at global addr)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6384
++#: vms-alpha.c:6385
+ #, c-format
+ msgid "STC_NOP_PS (store cond NOP at psect + offset)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6388
++#: vms-alpha.c:6389
+ #, c-format
+ msgid "STC_BSR_GBL (store cond BSR at global addr)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6392
++#: vms-alpha.c:6393
+ #, c-format
+ msgid "STC_BSR_PS (store cond BSR at psect + offset)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6396
++#: vms-alpha.c:6397
+ #, c-format
+ msgid "STC_LDA_GBL (store cond LDA at global addr)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6400
++#: vms-alpha.c:6401
+ #, c-format
+ msgid "STC_LDA_PS (store cond LDA at psect + offset)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6404
++#: vms-alpha.c:6405
+ #, c-format
+ msgid "STC_BOH_GBL (store cond BOH at global addr)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6408
++#: vms-alpha.c:6409
+ #, c-format
+ msgid "STC_BOH_PS (store cond BOH at psect + offset)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6413
++#: vms-alpha.c:6414
+ #, c-format
+ msgid "STC_NBH_GBL (store cond or hint at global addr)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6417
++#: vms-alpha.c:6418
+ #, c-format
+ msgid "STC_NBH_PS (store cond or hint at psect + offset)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6421
++#: vms-alpha.c:6422
+ #, c-format
+ msgid "CTL_SETRB (set relocation base)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6427
++#: vms-alpha.c:6428
+ #, c-format
+ msgid "CTL_AUGRB (augment relocation base) %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:6431
++#: vms-alpha.c:6432
+ #, c-format
+ msgid "CTL_DFLOC (define location)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6434
++#: vms-alpha.c:6435
+ #, c-format
+ msgid "CTL_STLOC (set location)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6437
++#: vms-alpha.c:6438
+ #, c-format
+ msgid "CTL_STKDL (stack defined location)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6440 vms-alpha.c:6864 vms-alpha.c:6990
++#: vms-alpha.c:6441 vms-alpha.c:6865 vms-alpha.c:6991
+ #, c-format
+ msgid "*unhandled*\n"
+ msgstr ""
+
+-#: vms-alpha.c:6470 vms-alpha.c:6509
++#: vms-alpha.c:6471 vms-alpha.c:6510
+ #, c-format
+ msgid "cannot read GST record length\n"
+ msgstr ""
+
+ #. Ill-formed.
+-#: vms-alpha.c:6491
++#: vms-alpha.c:6492
+ #, c-format
+ msgid "cannot find EMH in first GST record\n"
+ msgstr ""
+
+-#: vms-alpha.c:6517
++#: vms-alpha.c:6518
+ #, c-format
+ msgid "cannot read GST record header\n"
+ msgstr ""
+
+-#: vms-alpha.c:6530
++#: vms-alpha.c:6531
+ #, c-format
+ msgid " corrupted GST\n"
+ msgstr ""
+
+-#: vms-alpha.c:6538
++#: vms-alpha.c:6539
+ #, c-format
+ msgid "cannot read GST record\n"
+ msgstr ""
+
+-#: vms-alpha.c:6567
++#: vms-alpha.c:6568
+ #, c-format
+ msgid " unhandled EOBJ record type %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:6591
++#: vms-alpha.c:6592
+ #, c-format
+ msgid " bitcount: %u, base addr: 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6605
++#: vms-alpha.c:6606
+ #, c-format
+ msgid " bitmap: 0x%08x (count: %u):\n"
+ msgstr ""
+
+-#: vms-alpha.c:6612
++#: vms-alpha.c:6613
+ #, c-format
+ msgid " %08x"
+ msgstr ""
+
+-#: vms-alpha.c:6638
++#: vms-alpha.c:6639
+ #, c-format
+ msgid " image %u (%u entries)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6644
++#: vms-alpha.c:6645
+ #, c-format
+ msgid " offset: 0x%08x, val: 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6666
++#: vms-alpha.c:6667
+ #, c-format
+ msgid " image %u (%u entries), offsets:\n"
+ msgstr ""
+
+-#: vms-alpha.c:6673
++#: vms-alpha.c:6674
+ #, c-format
+ msgid " 0x%08x"
+ msgstr ""
+
+ #. 64 bits.
+-#: vms-alpha.c:6795
++#: vms-alpha.c:6796
+ #, c-format
+ msgid "64 bits *unhandled*\n"
+ msgstr ""
+
+-#: vms-alpha.c:6800
++#: vms-alpha.c:6801
+ #, c-format
+ msgid "class: %u, dtype: %u, length: %u, pointer: 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6811
++#: vms-alpha.c:6812
+ #, c-format
+ msgid "non-contiguous array of %s\n"
+ msgstr ""
+
+-#: vms-alpha.c:6816
++#: vms-alpha.c:6817
+ #, c-format
+ msgid "dimct: %u, aflags: 0x%02x, digits: %u, scale: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:6821
++#: vms-alpha.c:6822
+ #, c-format
+ msgid "arsize: %u, a0: 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6825
++#: vms-alpha.c:6826
+ #, c-format
+ msgid "Strides:\n"
+ msgstr ""
+
+-#: vms-alpha.c:6835
++#: vms-alpha.c:6836
+ #, c-format
+ msgid "Bounds:\n"
+ msgstr ""
+
+-#: vms-alpha.c:6841
++#: vms-alpha.c:6842
+ #, c-format
+ msgid "[%u]: Lower: %u, upper: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:6853
++#: vms-alpha.c:6854
+ #, c-format
+ msgid "unaligned bit-string of %s\n"
+ msgstr ""
+
+-#: vms-alpha.c:6858
++#: vms-alpha.c:6859
+ #, c-format
+ msgid "base: %u, pos: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:6879
++#: vms-alpha.c:6880
+ #, c-format
+ msgid "vflags: 0x%02x, value: 0x%08x "
+ msgstr ""
+
+-#: vms-alpha.c:6885
++#: vms-alpha.c:6886
+ #, c-format
+ msgid "(no value)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6888
++#: vms-alpha.c:6889
+ #, c-format
+ msgid "(not active)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6891
++#: vms-alpha.c:6892
+ #, c-format
+ msgid "(not allocated)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6894
++#: vms-alpha.c:6895
+ #, c-format
+ msgid "(descriptor)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6898
++#: vms-alpha.c:6899
+ #, c-format
+ msgid "(trailing value)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6901
++#: vms-alpha.c:6902
+ #, c-format
+ msgid "(value spec follows)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6904
++#: vms-alpha.c:6905
+ #, c-format
+ msgid "(at bit offset %u)\n"
+ msgstr ""
+
+-#: vms-alpha.c:6908
++#: vms-alpha.c:6909
+ #, c-format
+ msgid "(reg: %u, disp: %u, indir: %u, kind: "
+ msgstr ""
+
+-#: vms-alpha.c:6915
++#: vms-alpha.c:6916
+ msgid "literal"
+ msgstr ""
+
+-#: vms-alpha.c:6918
++#: vms-alpha.c:6919
+ msgid "address"
+ msgstr ""
+
+-#: vms-alpha.c:6921
++#: vms-alpha.c:6922
+ msgid "desc"
+ msgstr ""
+
+-#: vms-alpha.c:6924
++#: vms-alpha.c:6925
+ msgid "reg"
+ msgstr ""
+
+-#: vms-alpha.c:6941
++#: vms-alpha.c:6942
+ #, c-format
+ msgid "len: %2u, kind: %2u "
+ msgstr ""
+
+-#: vms-alpha.c:6947
++#: vms-alpha.c:6948
+ #, c-format
+ msgid "atomic, type=0x%02x %s\n"
+ msgstr ""
+
+-#: vms-alpha.c:6951
++#: vms-alpha.c:6952
+ #, c-format
+ msgid "indirect, defined at 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:6955
++#: vms-alpha.c:6956
+ #, c-format
+ msgid "typed pointer\n"
+ msgstr ""
+
+-#: vms-alpha.c:6959
++#: vms-alpha.c:6960
+ #, c-format
+ msgid "pointer\n"
+ msgstr ""
+
+-#: vms-alpha.c:6967
++#: vms-alpha.c:6968
+ #, c-format
+ msgid "array, dim: %u, bitmap: "
+ msgstr ""
+
+-#: vms-alpha.c:6974
++#: vms-alpha.c:6975
+ #, c-format
+ msgid "array descriptor:\n"
+ msgstr ""
+
+-#: vms-alpha.c:6981
++#: vms-alpha.c:6982
+ #, c-format
+ msgid "type spec for element:\n"
+ msgstr ""
+
+-#: vms-alpha.c:6983
++#: vms-alpha.c:6984
+ #, c-format
+ msgid "type spec for subscript %u:\n"
+ msgstr ""
+
+-#: vms-alpha.c:7001
++#: vms-alpha.c:7002
+ #, c-format
+ msgid "Debug symbol table:\n"
+ msgstr ""
+
+-#: vms-alpha.c:7012
++#: vms-alpha.c:7013
+ #, c-format
+ msgid "cannot read DST header\n"
+ msgstr ""
+
+-#: vms-alpha.c:7018
++#: vms-alpha.c:7019
+ #, c-format
+ msgid " type: %3u, len: %3u (at 0x%08x): "
+ msgstr ""
+
+-#: vms-alpha.c:7032
++#: vms-alpha.c:7033
+ #, c-format
+ msgid "cannot read DST symbol\n"
+ msgstr ""
+
+-#: vms-alpha.c:7075
++#: vms-alpha.c:7076
+ #, c-format
+ msgid "standard data: %s\n"
+ msgstr ""
+
+-#: vms-alpha.c:7078 vms-alpha.c:7166
++#: vms-alpha.c:7079 vms-alpha.c:7167
+ #, c-format
+ msgid " name: %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:7085
++#: vms-alpha.c:7086
+ #, c-format
+ msgid "modbeg\n"
+ msgstr ""
+
+-#: vms-alpha.c:7087
++#: vms-alpha.c:7088
+ #, c-format
+ msgid " flags: %d, language: %u, major: %u, minor: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7093 vms-alpha.c:7367
++#: vms-alpha.c:7094 vms-alpha.c:7368
+ #, c-format
+ msgid " module name: %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:7096
++#: vms-alpha.c:7097
+ #, c-format
+ msgid " compiler : %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:7101
++#: vms-alpha.c:7102
+ #, c-format
+ msgid "modend\n"
+ msgstr ""
+
+-#: vms-alpha.c:7108
++#: vms-alpha.c:7109
+ msgid "rtnbeg\n"
+ msgstr ""
+
+-#: vms-alpha.c:7110
++#: vms-alpha.c:7111
+ #, c-format
+ msgid " flags: %u, address: 0x%08x, pd-address: 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:7115
++#: vms-alpha.c:7116
+ #, c-format
+ msgid " routine name: %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:7123
++#: vms-alpha.c:7124
+ #, c-format
+ msgid "rtnend: size 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:7131
++#: vms-alpha.c:7132
+ #, c-format
+ msgid "prolog: bkpt address 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:7140
++#: vms-alpha.c:7141
+ #, c-format
+ msgid "epilog: flags: %u, count: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7150
++#: vms-alpha.c:7151
+ #, c-format
+ msgid "blkbeg: address: 0x%08x, name: %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:7159
++#: vms-alpha.c:7160
+ #, c-format
+ msgid "blkend: size: 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:7165
++#: vms-alpha.c:7166
+ #, c-format
+ msgid "typspec (len: %u)\n"
+ msgstr ""
+
+-#: vms-alpha.c:7172
++#: vms-alpha.c:7173
+ #, c-format
+ msgid "septyp, name: %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:7181
++#: vms-alpha.c:7182
+ #, c-format
+ msgid "recbeg: name: %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:7183
++#: vms-alpha.c:7184
+ #, c-format
+ msgid " len: %u bits\n"
+ msgstr ""
+
+-#: vms-alpha.c:7188
++#: vms-alpha.c:7189
+ #, c-format
+ msgid "recend\n"
+ msgstr ""
+
+-#: vms-alpha.c:7192
++#: vms-alpha.c:7193
+ #, c-format
+ msgid "enumbeg, len: %u, name: %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:7196
++#: vms-alpha.c:7197
+ #, c-format
+ msgid "enumelt, name: %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:7200
++#: vms-alpha.c:7201
+ #, c-format
+ msgid "enumend\n"
+ msgstr ""
+
+-#: vms-alpha.c:7205
++#: vms-alpha.c:7206
+ #, c-format
+ msgid "label, name: %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:7207
++#: vms-alpha.c:7208
+ #, c-format
+ msgid " address: 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:7217
++#: vms-alpha.c:7218
+ #, c-format
+ msgid "discontiguous range (nbr: %u)\n"
+ msgstr ""
+
+-#: vms-alpha.c:7220
++#: vms-alpha.c:7221
+ #, c-format
+ msgid " address: 0x%08x, size: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7230
++#: vms-alpha.c:7231
+ #, c-format
+ msgid "line num (len: %u)\n"
+ msgstr ""
+
+-#: vms-alpha.c:7247
++#: vms-alpha.c:7248
+ #, c-format
+ msgid "delta_pc_w %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7254
++#: vms-alpha.c:7255
+ #, c-format
+ msgid "incr_linum(b): +%u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7260
++#: vms-alpha.c:7261
+ #, c-format
+ msgid "incr_linum_w: +%u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7266
++#: vms-alpha.c:7267
+ #, c-format
+ msgid "incr_linum_l: +%u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7272
++#: vms-alpha.c:7273
+ #, c-format
+ msgid "set_line_num(w) %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7277
++#: vms-alpha.c:7278
+ #, c-format
+ msgid "set_line_num_b %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7282
++#: vms-alpha.c:7283
+ #, c-format
+ msgid "set_line_num_l %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7287
++#: vms-alpha.c:7288
+ #, c-format
+ msgid "set_abs_pc: 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:7291
++#: vms-alpha.c:7292
+ #, c-format
+ msgid "delta_pc_l: +0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:7296
++#: vms-alpha.c:7297
+ #, c-format
+ msgid "term(b): 0x%02x"
+ msgstr ""
+
+-#: vms-alpha.c:7298
++#: vms-alpha.c:7299
+ #, c-format
+ msgid " pc: 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:7303
++#: vms-alpha.c:7304
+ #, c-format
+ msgid "term_w: 0x%04x"
+ msgstr ""
+
+-#: vms-alpha.c:7305
++#: vms-alpha.c:7306
+ #, c-format
+ msgid " pc: 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:7311
++#: vms-alpha.c:7312
+ #, c-format
+ msgid "delta pc +%-4d"
+ msgstr ""
+
+-#: vms-alpha.c:7315
++#: vms-alpha.c:7316
+ #, c-format
+ msgid " pc: 0x%08x line: %5u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7320
++#: vms-alpha.c:7321
+ #, c-format
+ msgid " *unhandled* cmd %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7335
++#: vms-alpha.c:7336
+ #, c-format
+ msgid "source (len: %u)\n"
+ msgstr ""
+
+-#: vms-alpha.c:7350
++#: vms-alpha.c:7351
+ #, c-format
+ msgid " declfile: len: %u, flags: %u, fileid: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7355
++#: vms-alpha.c:7356
+ #, c-format
+ msgid " rms: cdt: 0x%08x %08x, ebk: 0x%08x, ffb: 0x%04x, rfo: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7364
++#: vms-alpha.c:7365
+ #, c-format
+ msgid " filename : %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:7373
++#: vms-alpha.c:7374
+ #, c-format
+ msgid " setfile %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7378 vms-alpha.c:7383
++#: vms-alpha.c:7379 vms-alpha.c:7384
+ #, c-format
+ msgid " setrec %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7388 vms-alpha.c:7393
++#: vms-alpha.c:7389 vms-alpha.c:7394
+ #, c-format
+ msgid " setlnum %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7398 vms-alpha.c:7403
++#: vms-alpha.c:7399 vms-alpha.c:7404
+ #, c-format
+ msgid " deflines %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7407
++#: vms-alpha.c:7408
+ #, c-format
+ msgid " formfeed\n"
+ msgstr ""
+
+-#: vms-alpha.c:7411
++#: vms-alpha.c:7412
+ #, c-format
+ msgid " *unhandled* cmd %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7423
++#: vms-alpha.c:7424
+ #, c-format
+ msgid "*unhandled* dst type %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7455
++#: vms-alpha.c:7456
+ #, c-format
+ msgid "cannot read EIHD\n"
+ msgstr ""
+
+-#: vms-alpha.c:7459
++#: vms-alpha.c:7460
+ #, c-format
+ msgid "EIHD: (size: %u, nbr blocks: %u)\n"
+ msgstr ""
+
+-#: vms-alpha.c:7463
++#: vms-alpha.c:7464
+ #, c-format
+ msgid " majorid: %u, minorid: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7471
++#: vms-alpha.c:7472
+ msgid "executable"
+ msgstr ""
+
+-#: vms-alpha.c:7474
++#: vms-alpha.c:7475
+ msgid "linkable image"
+ msgstr ""
+
+-#: vms-alpha.c:7481
++#: vms-alpha.c:7482
+ #, c-format
+ msgid " image type: %u (%s)"
+ msgstr ""
+
+-#: vms-alpha.c:7487
++#: vms-alpha.c:7488
+ msgid "native"
+ msgstr ""
+
+-#: vms-alpha.c:7490
++#: vms-alpha.c:7491
+ msgid "CLI"
+ msgstr ""
+
+-#: vms-alpha.c:7497
++#: vms-alpha.c:7498
+ #, c-format
+ msgid ", subtype: %u (%s)\n"
+ msgstr ""
+
+-#: vms-alpha.c:7504
++#: vms-alpha.c:7505
+ #, c-format
+ msgid " offsets: isd: %u, activ: %u, symdbg: %u, imgid: %u, patch: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7508
++#: vms-alpha.c:7509
+ #, c-format
+ msgid " fixup info rva: "
+ msgstr ""
+
+-#: vms-alpha.c:7510
++#: vms-alpha.c:7511
+ #, c-format
+ msgid ", symbol vector rva: "
+ msgstr ""
+
+-#: vms-alpha.c:7513
++#: vms-alpha.c:7514
+ #, c-format
+ msgid ""
+ "\n"
+ " version array off: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7518
++#: vms-alpha.c:7519
+ #, c-format
+ msgid " img I/O count: %u, nbr channels: %u, req pri: %08x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:7524
++#: vms-alpha.c:7525
+ #, c-format
+ msgid " linker flags: %08x:"
+ msgstr ""
+
+-#: vms-alpha.c:7555
++#: vms-alpha.c:7556
+ #, c-format
+ msgid " ident: 0x%08x, sysver: 0x%08x, match ctrl: %u, symvect_size: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7561
++#: vms-alpha.c:7562
+ #, c-format
+ msgid " BPAGE: %u"
+ msgstr ""
+
+-#: vms-alpha.c:7568
++#: vms-alpha.c:7569
+ #, c-format
+ msgid ", ext fixup offset: %u, no_opt psect off: %u"
+ msgstr ""
+
+-#: vms-alpha.c:7571
++#: vms-alpha.c:7572
+ #, c-format
+ msgid ", alias: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7579
++#: vms-alpha.c:7580
+ #, c-format
+ msgid "system version array information:\n"
+ msgstr ""
+
+-#: vms-alpha.c:7583
++#: vms-alpha.c:7584
+ #, c-format
+ msgid "cannot read EIHVN header\n"
+ msgstr ""
+
+-#: vms-alpha.c:7593
++#: vms-alpha.c:7594
+ #, c-format
+ msgid "cannot read EIHVN version\n"
+ msgstr ""
+
+-#: vms-alpha.c:7596
++#: vms-alpha.c:7597
+ #, c-format
+ msgid " %02u "
+ msgstr ""
+
+-#: vms-alpha.c:7600
++#: vms-alpha.c:7601
+ msgid "BASE_IMAGE "
+ msgstr ""
+
+-#: vms-alpha.c:7603
++#: vms-alpha.c:7604
+ msgid "MEMORY_MANAGEMENT"
+ msgstr ""
+
+-#: vms-alpha.c:7606
++#: vms-alpha.c:7607
+ msgid "IO "
+ msgstr ""
+
+-#: vms-alpha.c:7609
++#: vms-alpha.c:7610
+ msgid "FILES_VOLUMES "
+ msgstr ""
+
+-#: vms-alpha.c:7612
++#: vms-alpha.c:7613
+ msgid "PROCESS_SCHED "
+ msgstr ""
+
+-#: vms-alpha.c:7615
++#: vms-alpha.c:7616
+ msgid "SYSGEN "
+ msgstr ""
+
+-#: vms-alpha.c:7618
++#: vms-alpha.c:7619
+ msgid "CLUSTERS_LOCKMGR "
+ msgstr ""
+
+-#: vms-alpha.c:7621
++#: vms-alpha.c:7622
+ msgid "LOGICAL_NAMES "
+ msgstr ""
+
+-#: vms-alpha.c:7624
++#: vms-alpha.c:7625
+ msgid "SECURITY "
+ msgstr ""
+
+-#: vms-alpha.c:7627
++#: vms-alpha.c:7628
+ msgid "IMAGE_ACTIVATOR "
+ msgstr ""
+
+-#: vms-alpha.c:7630
++#: vms-alpha.c:7631
+ msgid "NETWORKS "
+ msgstr ""
+
+-#: vms-alpha.c:7633
++#: vms-alpha.c:7634
+ msgid "COUNTERS "
+ msgstr ""
+
+-#: vms-alpha.c:7636
++#: vms-alpha.c:7637
+ msgid "STABLE "
+ msgstr ""
+
+-#: vms-alpha.c:7639
++#: vms-alpha.c:7640
+ msgid "MISC "
+ msgstr ""
+
+-#: vms-alpha.c:7642
++#: vms-alpha.c:7643
+ msgid "CPU "
+ msgstr ""
+
+-#: vms-alpha.c:7645
++#: vms-alpha.c:7646
+ msgid "VOLATILE "
+ msgstr ""
+
+-#: vms-alpha.c:7648
++#: vms-alpha.c:7649
+ msgid "SHELL "
+ msgstr ""
+
+-#: vms-alpha.c:7651
++#: vms-alpha.c:7652
+ msgid "POSIX "
+ msgstr ""
+
+-#: vms-alpha.c:7654
++#: vms-alpha.c:7655
+ msgid "MULTI_PROCESSING "
+ msgstr ""
+
+-#: vms-alpha.c:7657
++#: vms-alpha.c:7658
+ msgid "GALAXY "
+ msgstr ""
+
+-#: vms-alpha.c:7660
++#: vms-alpha.c:7661
+ msgid "*unknown* "
+ msgstr ""
+
+-#: vms-alpha.c:7676 vms-alpha.c:7951
++#: vms-alpha.c:7677 vms-alpha.c:7952
+ #, c-format
+ msgid "cannot read EIHA\n"
+ msgstr ""
+
+-#: vms-alpha.c:7679
++#: vms-alpha.c:7680
+ #, c-format
+ msgid "Image activation: (size=%u)\n"
+ msgstr ""
+
+-#: vms-alpha.c:7682
++#: vms-alpha.c:7683
+ #, c-format
+ msgid " First address : 0x%08x 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:7686
++#: vms-alpha.c:7687
+ #, c-format
+ msgid " Second address: 0x%08x 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:7690
++#: vms-alpha.c:7691
+ #, c-format
+ msgid " Third address : 0x%08x 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:7694
++#: vms-alpha.c:7695
+ #, c-format
+ msgid " Fourth address: 0x%08x 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:7698
++#: vms-alpha.c:7699
+ #, c-format
+ msgid " Shared image : 0x%08x 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:7709
++#: vms-alpha.c:7710
+ #, c-format
+ msgid "cannot read EIHI\n"
+ msgstr ""
+
+-#: vms-alpha.c:7713
++#: vms-alpha.c:7714
+ #, c-format
+ msgid "Image identification: (major: %u, minor: %u)\n"
+ msgstr ""
+
+-#: vms-alpha.c:7716
++#: vms-alpha.c:7717
+ #, c-format
+ msgid " image name : %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:7718
++#: vms-alpha.c:7719
+ #, c-format
+ msgid " link time : %s\n"
+ msgstr ""
+
+-#: vms-alpha.c:7720
++#: vms-alpha.c:7721
+ #, c-format
+ msgid " image ident : %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:7722
++#: vms-alpha.c:7723
+ #, c-format
+ msgid " linker ident : %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:7724
++#: vms-alpha.c:7725
+ #, c-format
+ msgid " image build ident: %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:7734
++#: vms-alpha.c:7735
+ #, c-format
+ msgid "cannot read EIHS\n"
+ msgstr ""
+
+-#: vms-alpha.c:7738
++#: vms-alpha.c:7739
+ #, c-format
+ msgid "Image symbol & debug table: (major: %u, minor: %u)\n"
+ msgstr ""
+
+-#: vms-alpha.c:7744
++#: vms-alpha.c:7745
+ #, c-format
+ msgid " debug symbol table : vbn: %u, size: %u (0x%x)\n"
+ msgstr ""
+
+-#: vms-alpha.c:7749
++#: vms-alpha.c:7750
+ #, c-format
+ msgid " global symbol table: vbn: %u, records: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7754
++#: vms-alpha.c:7755
+ #, c-format
+ msgid " debug module table : vbn: %u, size: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7767
++#: vms-alpha.c:7768
+ #, c-format
+ msgid "cannot read EISD\n"
+ msgstr ""
+
+-#: vms-alpha.c:7778
++#: vms-alpha.c:7779
+ #, c-format
+ msgid ""
+ "Image section descriptor: (major: %u, minor: %u, size: %u, offset: %u)\n"
+ msgstr ""
+
+-#: vms-alpha.c:7786
++#: vms-alpha.c:7787
+ #, c-format
+ msgid " section: base: 0x%08x%08x size: 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:7791
++#: vms-alpha.c:7792
+ #, c-format
+ msgid " flags: 0x%04x"
+ msgstr ""
+
+-#: vms-alpha.c:7829
++#: vms-alpha.c:7830
+ #, c-format
+ msgid " vbn: %u, pfc: %u, matchctl: %u type: %u ("
+ msgstr ""
+
+-#: vms-alpha.c:7835
++#: vms-alpha.c:7836
+ msgid "NORMAL"
+ msgstr ""
+
+-#: vms-alpha.c:7838
++#: vms-alpha.c:7839
+ msgid "SHRFXD"
+ msgstr ""
+
+-#: vms-alpha.c:7841
++#: vms-alpha.c:7842
+ msgid "PRVFXD"
+ msgstr ""
+
+-#: vms-alpha.c:7844
++#: vms-alpha.c:7845
+ msgid "SHRPIC"
+ msgstr ""
+
+-#: vms-alpha.c:7847
++#: vms-alpha.c:7848
+ msgid "PRVPIC"
+ msgstr ""
+
+-#: vms-alpha.c:7850
++#: vms-alpha.c:7851
+ msgid "USRSTACK"
+ msgstr ""
+
+-#: vms-alpha.c:7856
++#: vms-alpha.c:7857
+ msgid ")\n"
+ msgstr ""
+
+-#: vms-alpha.c:7859
++#: vms-alpha.c:7860
+ #, c-format
+ msgid " ident: 0x%08x, name: %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:7869
++#: vms-alpha.c:7870
+ #, c-format
+ msgid "cannot read DMT\n"
+ msgstr ""
+
+-#: vms-alpha.c:7873
++#: vms-alpha.c:7874
+ #, c-format
+ msgid "Debug module table:\n"
+ msgstr ""
+
+-#: vms-alpha.c:7882
++#: vms-alpha.c:7883
+ #, c-format
+ msgid "cannot read DMT header\n"
+ msgstr ""
+
+-#: vms-alpha.c:7888
++#: vms-alpha.c:7889
+ #, c-format
+ msgid " module offset: 0x%08x, size: 0x%08x, (%u psects)\n"
+ msgstr ""
+
+-#: vms-alpha.c:7898
++#: vms-alpha.c:7899
+ #, c-format
+ msgid "cannot read DMT psect\n"
+ msgstr ""
+
+-#: vms-alpha.c:7902
++#: vms-alpha.c:7903
+ #, c-format
+ msgid " psect start: 0x%08x, length: %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7915
++#: vms-alpha.c:7916
+ #, c-format
+ msgid "cannot read DST\n"
+ msgstr ""
+
+-#: vms-alpha.c:7925
++#: vms-alpha.c:7926
+ #, c-format
+ msgid "cannot read GST\n"
+ msgstr ""
+
+-#: vms-alpha.c:7929
++#: vms-alpha.c:7930
+ #, c-format
+ msgid "Global symbol table:\n"
+ msgstr ""
+
+-#: vms-alpha.c:7958
++#: vms-alpha.c:7959
+ #, c-format
+ msgid "Image activator fixup: (major: %u, minor: %u)\n"
+ msgstr ""
+
+-#: vms-alpha.c:7962
++#: vms-alpha.c:7963
+ #, c-format
+ msgid " iaflink : 0x%08x %08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:7966
++#: vms-alpha.c:7967
+ #, c-format
+ msgid " fixuplnk: 0x%08x %08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:7969
++#: vms-alpha.c:7970
+ #, c-format
+ msgid " size : %u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7971
++#: vms-alpha.c:7972
+ #, c-format
+ msgid " flags: 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:7976
++#: vms-alpha.c:7977
+ #, c-format
+ msgid " qrelfixoff: %5u, lrelfixoff: %5u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7981
++#: vms-alpha.c:7982
+ #, c-format
+ msgid " qdotadroff: %5u, ldotadroff: %5u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7986
++#: vms-alpha.c:7987
+ #, c-format
+ msgid " codeadroff: %5u, lpfixoff : %5u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7989
++#: vms-alpha.c:7990
+ #, c-format
+ msgid " chgprtoff : %5u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7993
++#: vms-alpha.c:7994
+ #, c-format
+ msgid " shlstoff : %5u, shrimgcnt : %5u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7996
++#: vms-alpha.c:7997
+ #, c-format
+ msgid " shlextra : %5u, permctx : %5u\n"
+ msgstr ""
+
+-#: vms-alpha.c:7999
++#: vms-alpha.c:8000
+ #, c-format
+ msgid " base_va : 0x%08x\n"
+ msgstr ""
+
+-#: vms-alpha.c:8001
++#: vms-alpha.c:8002
+ #, c-format
+ msgid " lppsbfixoff: %5u\n"
+ msgstr ""
+
+-#: vms-alpha.c:8009
++#: vms-alpha.c:8010
+ #, c-format
+ msgid " Shareable images:\n"
+ msgstr ""
+
+-#: vms-alpha.c:8014
++#: vms-alpha.c:8015
+ #, c-format
+ msgid " %u: size: %u, flags: 0x%02x, name: %.*s\n"
+ msgstr ""
+
+-#: vms-alpha.c:8021
++#: vms-alpha.c:8022
+ #, c-format
+ msgid " quad-word relocation fixups:\n"
+ msgstr ""
+
+-#: vms-alpha.c:8026
++#: vms-alpha.c:8027
+ #, c-format
+ msgid " long-word relocation fixups:\n"
+ msgstr ""
+
+-#: vms-alpha.c:8031
++#: vms-alpha.c:8032
+ #, c-format
+ msgid " quad-word .address reference fixups:\n"
+ msgstr ""
+
+-#: vms-alpha.c:8036
++#: vms-alpha.c:8037
+ #, c-format
+ msgid " long-word .address reference fixups:\n"
+ msgstr ""
+
+-#: vms-alpha.c:8041
++#: vms-alpha.c:8042
+ #, c-format
+ msgid " Code Address Reference Fixups:\n"
+ msgstr ""
+
+-#: vms-alpha.c:8046
++#: vms-alpha.c:8047
+ #, c-format
+ msgid " Linkage Pairs Reference Fixups:\n"
+ msgstr ""
+
+-#: vms-alpha.c:8055
++#: vms-alpha.c:8056
+ #, c-format
+ msgid " Change Protection (%u entries):\n"
+ msgstr ""
+
+-#: vms-alpha.c:8061
++#: vms-alpha.c:8062
+ #, c-format
+ msgid " base: 0x%08x %08x, size: 0x%08x, prot: 0x%08x "
+ msgstr ""
+
+ #. FIXME: we do not yet support relocatable link. It is not obvious
+ #. how to do it for debug infos.
+-#: vms-alpha.c:8901
++#: vms-alpha.c:8902
+ msgid "%P: relocatable link is not supported\n"
+ msgstr ""
+
+-#: vms-alpha.c:8972
++#: vms-alpha.c:8973
+ #, c-format
+-msgid "%P: multiple entry points: in modules %B and %B\n"
++msgid "%P: multiple entry points: in modules %pB and %pB\n"
+ msgstr ""
+
+ #: vms-lib.c:1445
+@@ -8594,7 +8564,7 @@ msgstr ""
+ #: peigen.c:1906 peigen.c:2103 pepigen.c:1906 pepigen.c:2103 pex64igen.c:1906
+ #: pex64igen.c:2103
+ #, c-format
+-msgid "Warning, .pdata section size (%ld) is not a multiple of %d\n"
++msgid "warning, .pdata section size (%ld) is not a multiple of %d\n"
+ msgstr ""
+
+ #: peigen.c:1910 peigen.c:2107 pepigen.c:1910 pepigen.c:2107 pex64igen.c:1910
+@@ -8795,82 +8765,92 @@ msgid ""
+ "Characteristics 0x%x\n"
+ msgstr ""
+
+-#: peigen.c:2989 pepigen.c:2989 pex64igen.c:2989
++#: peigen.c:2990 pepigen.c:2990 pex64igen.c:2990
+ #, c-format
+-msgid "%B: Data Directory size (%lx) exceeds space left in section (%Lx)"
++msgid ""
++"%pB: Data Directory size (%lx) exceeds space left in section (%<PRIx64>)"
+ msgstr ""
+
+-#: peigen.c:3019 pepigen.c:3019 pex64igen.c:3019
+-msgid "Failed to update file offsets in debug directory"
++#: peigen.c:3021 pepigen.c:3021 pex64igen.c:3021
++msgid "failed to update file offsets in debug directory"
+ msgstr ""
+
+-#: peigen.c:3025 pepigen.c:3025 pex64igen.c:3025
+-msgid "%B: Failed to read debug data section"
++#: peigen.c:3027 pepigen.c:3027 pex64igen.c:3027
++#, c-format
++msgid "%pB: failed to read debug data section"
+ msgstr ""
+
+-#: peigen.c:3841 pepigen.c:3841 pex64igen.c:3841
++#: peigen.c:3843 pepigen.c:3843 pex64igen.c:3843
+ #, c-format
+ msgid ".rsrc merge failure: duplicate string resource: %d"
+ msgstr ""
+
+-#: peigen.c:3976 pepigen.c:3976 pex64igen.c:3976
++#: peigen.c:3978 pepigen.c:3978 pex64igen.c:3978
+ msgid ".rsrc merge failure: multiple non-default manifests"
+ msgstr ""
+
+-#: peigen.c:3994 pepigen.c:3994 pex64igen.c:3994
++#: peigen.c:3996 pepigen.c:3996 pex64igen.c:3996
+ msgid ".rsrc merge failure: a directory matches a leaf"
+ msgstr ""
+
+-#: peigen.c:4036 pepigen.c:4036 pex64igen.c:4036
++#: peigen.c:4038 pepigen.c:4038 pex64igen.c:4038
+ msgid ".rsrc merge failure: duplicate leaf"
+ msgstr ""
+
+-#: peigen.c:4038 pepigen.c:4038 pex64igen.c:4038
++#: peigen.c:4040 pepigen.c:4040 pex64igen.c:4040
+ #, c-format
+ msgid ".rsrc merge failure: duplicate leaf: %s"
+ msgstr ""
+
+-#: peigen.c:4104 pepigen.c:4104 pex64igen.c:4104
+-msgid ".rsrc merge failure: dirs with differing characteristics\n"
++#: peigen.c:4106 pepigen.c:4106 pex64igen.c:4106
++msgid ".rsrc merge failure: dirs with differing characteristics"
+ msgstr ""
+
+-#: peigen.c:4111 pepigen.c:4111 pex64igen.c:4111
+-msgid ".rsrc merge failure: differing directory versions\n"
++#: peigen.c:4113 pepigen.c:4113 pex64igen.c:4113
++msgid ".rsrc merge failure: differing directory versions"
+ msgstr ""
+
+ #. Corrupted .rsrc section - cannot merge.
+-#: peigen.c:4228 pepigen.c:4228 pex64igen.c:4228
+-msgid "%B: .rsrc merge failure: corrupt .rsrc section"
++#: peigen.c:4230 pepigen.c:4230 pex64igen.c:4230
++#, c-format
++msgid "%pB: .rsrc merge failure: corrupt .rsrc section"
+ msgstr ""
+
+-#: peigen.c:4236 pepigen.c:4236 pex64igen.c:4236
+-msgid "%B: .rsrc merge failure: unexpected .rsrc size"
++#: peigen.c:4238 pepigen.c:4238 pex64igen.c:4238
++#, c-format
++msgid "%pB: .rsrc merge failure: unexpected .rsrc size"
+ msgstr ""
+
+-#: peigen.c:4375 pepigen.c:4375 pex64igen.c:4375
+-msgid "%B: unable to fill in DataDictionary[1] because .idata$2 is missing"
++#: peigen.c:4377 pepigen.c:4377 pex64igen.c:4377
++#, c-format
++msgid "%pB: unable to fill in DataDictionary[1] because .idata$2 is missing"
+ msgstr ""
+
+-#: peigen.c:4395 pepigen.c:4395 pex64igen.c:4395
+-msgid "%B: unable to fill in DataDictionary[1] because .idata$4 is missing"
++#: peigen.c:4397 pepigen.c:4397 pex64igen.c:4397
++#, c-format
++msgid "%pB: unable to fill in DataDictionary[1] because .idata$4 is missing"
+ msgstr ""
+
+-#: peigen.c:4416 pepigen.c:4416 pex64igen.c:4416
+-msgid "%B: unable to fill in DataDictionary[12] because .idata$5 is missing"
++#: peigen.c:4418 pepigen.c:4418 pex64igen.c:4418
++#, c-format
++msgid "%pB: unable to fill in DataDictionary[12] because .idata$5 is missing"
+ msgstr ""
+
+-#: peigen.c:4436 pepigen.c:4436 pex64igen.c:4436
++#: peigen.c:4438 pepigen.c:4438 pex64igen.c:4438
++#, c-format
+ msgid ""
+-"%B: unable to fill in DataDictionary[PE_IMPORT_ADDRESS_TABLE (12)] because ."
++"%pB: unable to fill in DataDictionary[PE_IMPORT_ADDRESS_TABLE (12)] because ."
+ "idata$6 is missing"
+ msgstr ""
+
+-#: peigen.c:4478 pepigen.c:4478 pex64igen.c:4478
++#: peigen.c:4480 pepigen.c:4480 pex64igen.c:4480
++#, c-format
+ msgid ""
+-"%B: unable to fill in DataDictionary[PE_IMPORT_ADDRESS_TABLE(12)] because ."
++"%pB: unable to fill in DataDictionary[PE_IMPORT_ADDRESS_TABLE(12)] because ."
+ "idata$6 is missing"
+ msgstr ""
+
+-#: peigen.c:4503 pepigen.c:4503 pex64igen.c:4503
+-msgid "%B: unable to fill in DataDictionary[9] because __tls_used is missing"
++#: peigen.c:4505 pepigen.c:4505 pex64igen.c:4505
++#, c-format
++msgid "%pB: unable to fill in DataDictionary[9] because __tls_used is missing"
+ msgstr ""
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,5 +1,9 @@
+ 2018-04-24 Nick Clifton <nickc@redhat.com>
+
++ PR 23110
++ * peXXigen.c (_bfd_XX_bfd_copy_private_bfd_data_common): Check for
++ a negative PE_DEBUG_DATA size before iterating over the debug data.
++
+ PR 23113
+ * elf.c (ignore_section_sym): Check for the output_section pointer
+ being NULL before dereferencing it.
diff --git a/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-10535.patch b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-10535.patch
new file mode 100644
index 000000000..fa8fbd2ae
--- /dev/null
+++ b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-10535.patch
@@ -0,0 +1,61 @@
+From db0c309f4011ca94a4abc8458e27f3734dab92ac Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 24 Apr 2018 16:57:04 +0100
+Subject: [PATCH] Fix an illegal memory access when trying to copy an ELF
+ binary with corrupt section symbols.
+
+ PR 23113
+ * elf.c (ignore_section_sym): Check for the output_section pointer
+ being NULL before dereferencing it.
+
+Upstream-Status: Backport
+CVE: CVE-2018-10535
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 4 ++++
+ bfd/elf.c | 9 ++++++++-
+ 2 files changed, 12 insertions(+), 1 deletion(-)
+
+Index: git/bfd/elf.c
+===================================================================
+--- git.orig/bfd/elf.c
++++ git/bfd/elf.c
+@@ -4021,15 +4021,22 @@ ignore_section_sym (bfd *abfd, asymbol *
+ {
+ elf_symbol_type *type_ptr;
+
++ if (sym == NULL)
++ return FALSE;
++
+ if ((sym->flags & BSF_SECTION_SYM) == 0)
+ return FALSE;
+
++ if (sym->section == NULL)
++ return TRUE;
++
+ type_ptr = elf_symbol_from (abfd, sym);
+ return ((type_ptr != NULL
+ && type_ptr->internal_elf_sym.st_shndx != 0
+ && bfd_is_abs_section (sym->section))
+ || !(sym->section->owner == abfd
+- || (sym->section->output_section->owner == abfd
++ || (sym->section->output_section != NULL
++ && sym->section->output_section->owner == abfd
+ && sym->section->output_offset == 0)
+ || bfd_is_abs_section (sym->section)));
+ }
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,9 @@
++2018-04-24 Nick Clifton <nickc@redhat.com>
++
++ PR 23113
++ * elf.c (ignore_section_sym): Check for the output_section pointer
++ being NULL before dereferencing it.
++
+ 2018-04-17 Nick Clifton <nickc@redhat.com>
+
+ PR 23065
diff --git a/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-6759.patch b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-6759.patch
new file mode 100644
index 000000000..fff497942
--- /dev/null
+++ b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-6759.patch
@@ -0,0 +1,108 @@
+From 64e234d417d5685a4aec0edc618114d9991c031b Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 6 Feb 2018 15:48:29 +0000
+Subject: [PATCH] Prevent attempts to call strncpy with a zero-length field by
+ chacking the size of debuglink sections.
+
+ PR 22794
+ * opncls.c (bfd_get_debug_link_info_1): Check the size of the
+ section before attempting to read it in.
+ (bfd_get_alt_debug_link_info): Likewise.
+
+Upstream-Status: Backport
+Affects: Binutils <= 2.30
+CVE: CVE-2018-6759
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 7 +++++++
+ bfd/opncls.c | 22 +++++++++++++++++-----
+ 2 files changed, 24 insertions(+), 5 deletions(-)
+
+Index: git/bfd/opncls.c
+===================================================================
+--- git.orig/bfd/opncls.c
++++ git/bfd/opncls.c
+@@ -1179,6 +1179,7 @@ bfd_get_debug_link_info_1 (bfd *abfd, vo
+ bfd_byte *contents;
+ unsigned int crc_offset;
+ char *name;
++ bfd_size_type size;
+
+ BFD_ASSERT (abfd);
+ BFD_ASSERT (crc32_out);
+@@ -1188,6 +1189,12 @@ bfd_get_debug_link_info_1 (bfd *abfd, vo
+ if (sect == NULL)
+ return NULL;
+
++ size = bfd_get_section_size (sect);
++
++ /* PR 22794: Make sure that the section has a reasonable size. */
++ if (size < 8 || size >= bfd_get_size (abfd))
++ return NULL;
++
+ if (!bfd_malloc_and_get_section (abfd, sect, &contents))
+ {
+ if (contents != NULL)
+@@ -1197,10 +1204,10 @@ bfd_get_debug_link_info_1 (bfd *abfd, vo
+
+ /* CRC value is stored after the filename, aligned up to 4 bytes. */
+ name = (char *) contents;
+- /* PR 17597: avoid reading off the end of the buffer. */
+- crc_offset = strnlen (name, bfd_get_section_size (sect)) + 1;
++ /* PR 17597: Avoid reading off the end of the buffer. */
++ crc_offset = strnlen (name, size) + 1;
+ crc_offset = (crc_offset + 3) & ~3;
+- if (crc_offset + 4 > bfd_get_section_size (sect))
++ if (crc_offset + 4 > size)
+ return NULL;
+
+ *crc32 = bfd_get_32 (abfd, contents + crc_offset);
+@@ -1261,6 +1268,7 @@ bfd_get_alt_debug_link_info (bfd * abfd,
+ bfd_byte *contents;
+ unsigned int buildid_offset;
+ char *name;
++ bfd_size_type size;
+
+ BFD_ASSERT (abfd);
+ BFD_ASSERT (buildid_len);
+@@ -1271,6 +1279,10 @@ bfd_get_alt_debug_link_info (bfd * abfd,
+ if (sect == NULL)
+ return NULL;
+
++ size = bfd_get_section_size (sect);
++ if (size < 8 || size >= bfd_get_size (abfd))
++ return NULL;
++
+ if (!bfd_malloc_and_get_section (abfd, sect, & contents))
+ {
+ if (contents != NULL)
+@@ -1280,11 +1292,11 @@ bfd_get_alt_debug_link_info (bfd * abfd,
+
+ /* BuildID value is stored after the filename. */
+ name = (char *) contents;
+- buildid_offset = strnlen (name, bfd_get_section_size (sect)) + 1;
++ buildid_offset = strnlen (name, size) + 1;
+ if (buildid_offset >= bfd_get_section_size (sect))
+ return NULL;
+
+- *buildid_len = bfd_get_section_size (sect) - buildid_offset;
++ *buildid_len = size - buildid_offset;
+ *buildid_out = bfd_malloc (*buildid_len);
+ memcpy (*buildid_out, contents + buildid_offset, *buildid_len);
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,10 @@
++2018-02-06 Nick Clifton <nickc@redhat.com>
++
++ PR 22794
++ * opncls.c (bfd_get_debug_link_info_1): Check the size of the
++ section before attempting to read it in.
++ (bfd_get_alt_debug_link_info): Likewise.
++
+ 2018-02-09 Nick Clifton <nickc@redhat.com>
+
+ Import patch from mainline:
diff --git a/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-6872.patch b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-6872.patch
new file mode 100644
index 000000000..2ef36c232
--- /dev/null
+++ b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-6872.patch
@@ -0,0 +1,50 @@
+From d895ef77ffc94e02e748856c2ab54f5bb8cc867e Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Fri, 9 Feb 2018 09:28:45 +0000
+Subject: [PATCH] Import patch from mainline to fix possible seg-fault whilst
+ parsing corrupt ELF notes with extravagent alignments.
+
+ PR 22788
+ * elf.c (elf_parse_notes): Reject notes with excessuively large
+ alignments.
+
+Upstream-Status: Backport
+Affects: Binutils <= 2.30
+CVE: CVE-2018-6872
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 9 +++++++++
+ bfd/elf.c | 2 ++
+ 2 files changed, 11 insertions(+)
+
+Index: git/bfd/elf.c
+===================================================================
+--- git.orig/bfd/elf.c
++++ git/bfd/elf.c
+@@ -11020,6 +11020,8 @@ elf_parse_notes (bfd *abfd, char *buf, s
+ align is less than 4, we use 4 byte alignment. */
+ if (align < 4)
+ align = 4;
++ if (align != 4 && align != 8)
++ return FALSE;
+
+ p = buf;
+ while (p < buf + size)
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,12 @@
++2018-02-09 Nick Clifton <nickc@redhat.com>
++
++ Import patch from mainline:
++ 2018-02-08 Nick Clifton <nickc@redhat.com>
++
++ PR 22788
++ * elf.c (elf_parse_notes): Reject notes with excessuively large
++ alignments.
++
+ 2018-03-01 Nick Clifton <nickc@redhat.com>
+
+ PR 22905
diff --git a/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7208.patch b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7208.patch
new file mode 100644
index 000000000..8efefebc2
--- /dev/null
+++ b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7208.patch
@@ -0,0 +1,47 @@
+From eb77f6a4621795367a39cdd30957903af9dbb815 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sat, 27 Jan 2018 08:19:33 +1030
+Subject: [PATCH] PR22741, objcopy segfault on fuzzed COFF object
+
+ PR 22741
+ * coffgen.c (coff_pointerize_aux): Ensure auxent tagndx is in
+ range before converting to a symbol table pointer.
+
+Upstream-Status: Backport
+Affects: Binutils <= 2.30
+CVE: CVE-2018-7208
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 6 ++++++
+ bfd/coffgen.c | 3 ++-
+ 2 files changed, 8 insertions(+), 1 deletion(-)
+
+Index: git/bfd/coffgen.c
+===================================================================
+--- git.orig/bfd/coffgen.c
++++ git/bfd/coffgen.c
+@@ -1555,7 +1555,8 @@ coff_pointerize_aux (bfd *abfd,
+ }
+ /* A negative tagndx is meaningless, but the SCO 3.2v4 cc can
+ generate one, so we must be careful to ignore it. */
+- if (auxent->u.auxent.x_sym.x_tagndx.l > 0)
++ if ((unsigned long) auxent->u.auxent.x_sym.x_tagndx.l
++ < obj_raw_syment_count (abfd))
+ {
+ auxent->u.auxent.x_sym.x_tagndx.p =
+ table_base + auxent->u.auxent.x_sym.x_tagndx.l;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,9 @@
++2018-01-29 Alan Modra <amodra@gmail.com>
++
++ PR 22741
++ * coffgen.c (coff_pointerize_aux): Ensure auxent tagndx is in
++ range before converting to a symbol table pointer.
++
+ 2018-02-28 Alan Modra <amodra@gmail.com>
+
+ PR 22887
diff --git a/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7568.patch b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7568.patch
new file mode 100644
index 000000000..815b32c30
--- /dev/null
+++ b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7568.patch
@@ -0,0 +1,85 @@
+From eef104664efb52965d85a28bc3fc7c77e52e48e2 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 28 Feb 2018 10:13:54 +0000
+Subject: [PATCH] Fix potential integer overflow when reading corrupt dwarf1
+ debug information.
+
+ PR 22894
+ * dwarf1.c (parse_die): Check the length of form blocks before
+ advancing the data pointer.
+
+Upstream-Status: Backport
+Affects: Binutils <= 2.30
+CVE: CVE-2018-7568
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 6 ++++++
+ bfd/dwarf1.c | 17 +++++++++++++++--
+ 2 files changed, 21 insertions(+), 2 deletions(-)
+
+Index: git/bfd/dwarf1.c
+===================================================================
+--- git.orig/bfd/dwarf1.c
++++ git/bfd/dwarf1.c
+@@ -213,6 +213,7 @@ parse_die (bfd * abfd,
+ /* Then the attributes. */
+ while (xptr + 2 <= aDiePtrEnd)
+ {
++ unsigned int block_len;
+ unsigned short attr;
+
+ /* Parse the attribute based on its form. This section
+@@ -255,12 +256,24 @@ parse_die (bfd * abfd,
+ break;
+ case FORM_BLOCK2:
+ if (xptr + 2 <= aDiePtrEnd)
+- xptr += bfd_get_16 (abfd, xptr);
++ {
++ block_len = bfd_get_16 (abfd, xptr);
++ if (xptr + block_len > aDiePtrEnd
++ || xptr + block_len < xptr)
++ return FALSE;
++ xptr += block_len;
++ }
+ xptr += 2;
+ break;
+ case FORM_BLOCK4:
+ if (xptr + 4 <= aDiePtrEnd)
+- xptr += bfd_get_32 (abfd, xptr);
++ {
++ block_len = bfd_get_32 (abfd, xptr);
++ if (xptr + block_len > aDiePtrEnd
++ || xptr + block_len < xptr)
++ return FALSE;
++ xptr += block_len;
++ }
+ xptr += 4;
+ break;
+ case FORM_STRING:
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -4,7 +4,11 @@
+ * coffgen.c (coff_pointerize_aux): Ensure auxent tagndx is in
+ range before converting to a symbol table pointer.
+
+-2018-02-28 Alan Modra <amodra@gmail.com>
++2018-02-28 Nick Clifton <nickc@redhat.com>
++
++ PR 22894
++ * dwarf1.c (parse_die): Check the length of form blocks before
++ advancing the data pointer.
+
+ PR 22895
+ PR 22893
+@@ -14,6 +18,8 @@
+ size is invalid.
+ (read_attribute_value): Adjust invocations of read_n_bytes.
+
++2018-02-28 Alan Modra <amodra@gmail.com>
++
+ PR 22887
+ * aoutx.h (swap_std_reloc_in): Correct r_index bound check.
+
diff --git a/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7569.patch b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7569.patch
new file mode 100644
index 000000000..96c0fd242
--- /dev/null
+++ b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7569.patch
@@ -0,0 +1,119 @@
+From 12c963421d045a127c413a0722062b9932c50aa9 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 28 Feb 2018 11:50:49 +0000
+Subject: [PATCH] Catch integer overflows/underflows when parsing corrupt DWARF
+ FORM blocks.
+
+ PR 22895
+ PR 22893
+ * dwarf2.c (read_n_bytes): Replace size parameter with dwarf_block
+ pointer. Drop unused abfd parameter. Check the size of the block
+ before initialising the data field. Return the end pointer if the
+ size is invalid.
+ (read_attribute_value): Adjust invocations of read_n_bytes.
+
+Upstream-Status: Backport
+Affects: Binutils <= 2.30
+CVE: CVE-2018-7569
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ bfd/ChangeLog | 8 ++++++++
+ bfd/dwarf2.c | 36 +++++++++++++++++++++---------------
+ 2 files changed, 29 insertions(+), 15 deletions(-)
+
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c
++++ git/bfd/dwarf2.c
+@@ -622,14 +622,24 @@ read_8_bytes (bfd *abfd, bfd_byte *buf,
+ }
+
+ static bfd_byte *
+-read_n_bytes (bfd *abfd ATTRIBUTE_UNUSED,
+- bfd_byte *buf,
+- bfd_byte *end,
+- unsigned int size ATTRIBUTE_UNUSED)
+-{
+- if (buf + size > end)
+- return NULL;
+- return buf;
++read_n_bytes (bfd_byte * buf,
++ bfd_byte * end,
++ struct dwarf_block * block)
++{
++ unsigned int size = block->size;
++ bfd_byte * block_end = buf + size;
++
++ if (block_end > end || block_end < buf)
++ {
++ block->data = NULL;
++ block->size = 0;
++ return end;
++ }
++ else
++ {
++ block->data = buf;
++ return block_end;
++ }
+ }
+
+ /* Scans a NUL terminated string starting at BUF, returning a pointer to it.
+@@ -1127,8 +1137,7 @@ read_attribute_value (struct attribute *
+ return NULL;
+ blk->size = read_2_bytes (abfd, info_ptr, info_ptr_end);
+ info_ptr += 2;
+- blk->data = read_n_bytes (abfd, info_ptr, info_ptr_end, blk->size);
+- info_ptr += blk->size;
++ info_ptr = read_n_bytes (info_ptr, info_ptr_end, blk);
+ attr->u.blk = blk;
+ break;
+ case DW_FORM_block4:
+@@ -1138,8 +1147,7 @@ read_attribute_value (struct attribute *
+ return NULL;
+ blk->size = read_4_bytes (abfd, info_ptr, info_ptr_end);
+ info_ptr += 4;
+- blk->data = read_n_bytes (abfd, info_ptr, info_ptr_end, blk->size);
+- info_ptr += blk->size;
++ info_ptr = read_n_bytes (info_ptr, info_ptr_end, blk);
+ attr->u.blk = blk;
+ break;
+ case DW_FORM_data2:
+@@ -1179,8 +1187,7 @@ read_attribute_value (struct attribute *
+ blk->size = _bfd_safe_read_leb128 (abfd, info_ptr, &bytes_read,
+ FALSE, info_ptr_end);
+ info_ptr += bytes_read;
+- blk->data = read_n_bytes (abfd, info_ptr, info_ptr_end, blk->size);
+- info_ptr += blk->size;
++ info_ptr = read_n_bytes (info_ptr, info_ptr_end, blk);
+ attr->u.blk = blk;
+ break;
+ case DW_FORM_block1:
+@@ -1190,8 +1197,7 @@ read_attribute_value (struct attribute *
+ return NULL;
+ blk->size = read_1_byte (abfd, info_ptr, info_ptr_end);
+ info_ptr += 1;
+- blk->data = read_n_bytes (abfd, info_ptr, info_ptr_end, blk->size);
+- info_ptr += blk->size;
++ info_ptr = read_n_bytes (info_ptr, info_ptr_end, blk);
+ attr->u.blk = blk;
+ break;
+ case DW_FORM_data1:
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -6,6 +6,14 @@
+
+ 2018-02-28 Alan Modra <amodra@gmail.com>
+
++ PR 22895
++ PR 22893
++ * dwarf2.c (read_n_bytes): Replace size parameter with dwarf_block
++ pointer. Drop unused abfd parameter. Check the size of the block
++ before initialising the data field. Return the end pointer if the
++ size is invalid.
++ (read_attribute_value): Adjust invocations of read_n_bytes.
++
+ PR 22887
+ * aoutx.h (swap_std_reloc_in): Correct r_index bound check.
+
diff --git a/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7642.patch b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7642.patch
new file mode 100644
index 000000000..9def46cf5
--- /dev/null
+++ b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7642.patch
@@ -0,0 +1,51 @@
+From 116acb2c268c89c89186673a7c92620d21825b25 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Wed, 28 Feb 2018 22:09:50 +1030
+Subject: [PATCH] PR22887, null pointer dereference in
+ aout_32_swap_std_reloc_out
+
+ PR 22887
+ * aoutx.h (swap_std_reloc_in): Correct r_index bound check.
+
+Upstream-Status: Backport
+Affects: Binutils <= 2.30
+CVE: CVE-2018-7642
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 5 +++++
+ bfd/aoutx.h | 6 ++++--
+ 2 files changed, 9 insertions(+), 2 deletions(-)
+
+Index: git/bfd/aoutx.h
+===================================================================
+--- git.orig/bfd/aoutx.h
++++ git/bfd/aoutx.h
+@@ -2284,10 +2284,12 @@ NAME (aout, swap_std_reloc_in) (bfd *abf
+ if (r_baserel)
+ r_extern = 1;
+
+- if (r_extern && r_index > symcount)
++ if (r_extern && r_index >= symcount)
+ {
+ /* We could arrange to return an error, but it might be useful
+- to see the file even if it is bad. */
++ to see the file even if it is bad. FIXME: Of course this
++ means that objdump -r *doesn't* see the actual reloc, and
++ objcopy silently writes a different reloc. */
+ r_extern = 0;
+ r_index = N_ABS;
+ }
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,8 @@
++2018-02-28 Alan Modra <amodra@gmail.com>
++
++ PR 22887
++ * aoutx.h (swap_std_reloc_in): Correct r_index bound check.
++
+ 2018-02-06 Nick Clifton <nickc@redhat.com>
+
+ PR 22794
diff --git a/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7643.patch b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7643.patch
new file mode 100644
index 000000000..2a2dec3a4
--- /dev/null
+++ b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7643.patch
@@ -0,0 +1,102 @@
+From d11ae95ea3403559f052903ab053f43ad7821e37 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Thu, 1 Mar 2018 16:14:08 +0000
+Subject: [PATCH] Prevent illegal memory accesses triggerd by intger overflow
+ when parsing corrupt DWARF information on a 32-bit host.
+
+ PR 22905
+ * dwarf.c (display_debug_ranges): Check that the offset loaded
+ from the range_entry structure is valid.
+
+Upstream-Status: Backport
+Affects: Binutils <= 2.30
+CVE: CVE-2018-7643
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog | 6 ++++++
+ binutils/dwarf.c | 15 +++++++++++++++
+ 2 files changed, 21 insertions(+)
+
+Index: git/binutils/dwarf.c
+===================================================================
+--- git.orig/binutils/dwarf.c
++++ git/binutils/dwarf.c
+@@ -387,6 +387,9 @@ read_uleb128 (unsigned char * data,
+ } \
+ while (0)
+
++/* Read AMOUNT bytes from PTR and store them in VAL as an unsigned value.
++ Checks to make sure that the read will not reach or pass END
++ and that VAL is big enough to hold AMOUNT bytes. */
+ #define SAFE_BYTE_GET(VAL, PTR, AMOUNT, END) \
+ do \
+ { \
+@@ -415,6 +418,7 @@ read_uleb128 (unsigned char * data,
+ } \
+ while (0)
+
++/* Like SAFE_BYTE_GET, but also increments PTR by AMOUNT. */
+ #define SAFE_BYTE_GET_AND_INC(VAL, PTR, AMOUNT, END) \
+ do \
+ { \
+@@ -423,6 +427,7 @@ read_uleb128 (unsigned char * data,
+ } \
+ while (0)
+
++/* Like SAFE_BYTE_GET, but reads a signed value. */
+ #define SAFE_SIGNED_BYTE_GET(VAL, PTR, AMOUNT, END) \
+ do \
+ { \
+@@ -441,6 +446,7 @@ read_uleb128 (unsigned char * data,
+ } \
+ while (0)
+
++/* Like SAFE_SIGNED_BYTE_GET, but also increments PTR by AMOUNT. */
+ #define SAFE_SIGNED_BYTE_GET_AND_INC(VAL, PTR, AMOUNT, END) \
+ do \
+ { \
+@@ -6543,6 +6549,7 @@ display_debug_ranges_list (unsigned char
+ break;
+ SAFE_SIGNED_BYTE_GET_AND_INC (end, start, pointer_size, finish);
+
++
+ printf (" %8.8lx ", offset);
+
+ if (begin == 0 && end == 0)
+@@ -6810,6 +6817,13 @@ display_debug_ranges (struct dwarf_secti
+ continue;
+ }
+
++ if (next < section_begin || next >= finish)
++ {
++ warn (_("Corrupt offset (%#8.8lx) in range entry %u\n"),
++ (unsigned long) offset, i);
++ continue;
++ }
++
+ if (dwarf_check != 0 && i > 0)
+ {
+ if (start < next)
+@@ -6825,6 +6839,7 @@ display_debug_ranges (struct dwarf_secti
+ (unsigned long) (next - section_begin), section->name);
+ }
+ }
++
+ start = next;
+ last_start = next;
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,9 @@
++2018-03-01 Nick Clifton <nickc@redhat.com>
++
++ PR 22905
++ * dwarf.c (display_debug_ranges): Check that the offset loaded
++ from the range_entry structure is valid.
++
+ 2018-05-08 Nick Clifton <nickc@redhat.com>
+
+ PR 22809
diff --git a/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-8945.patch b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-8945.patch
new file mode 100644
index 000000000..6a43168b8
--- /dev/null
+++ b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-8945.patch
@@ -0,0 +1,70 @@
+From 95a6d23566165208853a68d9cd3c6eedca840ec6 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 8 May 2018 12:51:06 +0100
+Subject: [PATCH] Prevent a memory exhaustion failure when running objdump on a
+ fuzzed input file with corrupt string and attribute sections.
+
+ PR 22809
+ * elf.c (bfd_elf_get_str_section): Check for an excessively large
+ string section.
+ * elf-attrs.c (_bfd_elf_parse_attributes): Issue an error if the
+ attribute section is larger than the size of the file.
+
+Upsteram-Status: Backport
+Affects: Binutils <= 2.30
+CVE: CVE-2018-8945
+Signed-off-by: Armin kuster <akuster@mvista.com>
+---
+ bfd/ChangeLog | 8 ++++++++
+ bfd/elf-attrs.c | 9 +++++++++
+ bfd/elf.c | 1 +
+ 3 files changed, 18 insertions(+)
+
+Index: git/bfd/elf-attrs.c
+===================================================================
+--- git.orig/bfd/elf-attrs.c
++++ git/bfd/elf-attrs.c
+@@ -438,6 +438,15 @@ _bfd_elf_parse_attributes (bfd *abfd, El
+ /* PR 17512: file: 2844a11d. */
+ if (hdr->sh_size == 0)
+ return;
++ if (hdr->sh_size > bfd_get_file_size (abfd))
++ {
++ /* xgettext:c-format */
++ _bfd_error_handler (_("%pB: error: attribute section '%pA' too big: %#llx"),
++ abfd, hdr->bfd_section, (long long) hdr->sh_size);
++ bfd_set_error (bfd_error_invalid_operation);
++ return;
++ }
++
+ contents = (bfd_byte *) bfd_malloc (hdr->sh_size + 1);
+ if (!contents)
+ return;
+Index: git/bfd/elf.c
+===================================================================
+--- git.orig/bfd/elf.c
++++ git/bfd/elf.c
+@@ -298,6 +298,7 @@ bfd_elf_get_str_section (bfd *abfd, unsi
+ /* Allocate and clear an extra byte at the end, to prevent crashes
+ in case the string table is not terminated. */
+ if (shstrtabsize + 1 <= 1
++ || shstrtabsize > bfd_get_file_size (abfd)
+ || bfd_seek (abfd, offset, SEEK_SET) != 0
+ || (shstrtab = (bfd_byte *) bfd_alloc (abfd, shstrtabsize + 1)) == NULL)
+ shstrtab = NULL;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,11 @@
++2018-05-08 Nick Clifton <nickc@redhat.com>
++
++ PR 22809
++ * elf.c (bfd_elf_get_str_section): Check for an excessively large
++ string section.
++ * elf-attrs.c (_bfd_elf_parse_attributes): Issue an error if the
++ attribute section is larger than the size of the file.
++
+ 2018-02-07 Alan Modra <amodra@gmail.com>
+
+ Revert 2018-01-17 Alan Modra <amodra@gmail.com>
diff --git a/poky/meta/recipes-devtools/chrpath/chrpath_0.16.bb b/poky/meta/recipes-devtools/chrpath/chrpath_0.16.bb
index b61eef9c8..8de885057 100644
--- a/poky/meta/recipes-devtools/chrpath/chrpath_0.16.bb
+++ b/poky/meta/recipes-devtools/chrpath/chrpath_0.16.bb
@@ -7,14 +7,12 @@ BUGTRACKER = "http://alioth.debian.org/tracker/?atid=412807&group_id=31052"
LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=59530bdf33659b29e73d4adb9f9f6552"
-SRC_URI = "https://alioth.debian.org/frs/download.php/file/3979/chrpath-0.16.tar.gz \
+SRC_URI = "${DEBIAN_MIRROR}/main/c/${BPN}/${BPN}_${PV}.orig.tar.gz \
file://standarddoc.patch"
SRC_URI[md5sum] = "2bf8d1d1ee345fc8a7915576f5649982"
SRC_URI[sha256sum] = "bb0d4c54bac2990e1bdf8132f2c9477ae752859d523e141e72b3b11a12c26e7b"
-UPSTREAM_CHECK_URI = "http://alioth.debian.org/frs/?group_id=31052"
-
inherit autotools
# We don't have a staged chrpath-native for ensuring our binary is
diff --git a/poky/meta/recipes-devtools/gcc/gcc-7.3.inc b/poky/meta/recipes-devtools/gcc/gcc-7.3.inc
index 6dff694a1..d4aaca40d 100644
--- a/poky/meta/recipes-devtools/gcc/gcc-7.3.inc
+++ b/poky/meta/recipes-devtools/gcc/gcc-7.3.inc
@@ -79,8 +79,8 @@ SRC_URI = "\
BACKPORTS = "\
file://0001-Fix-internal-compiler-error-in-testcase.patch \
file://0001-PR-rtl-optimization-83030.patch \
- file://0001-PR-c-80290-memory-hog-with-std-pair.patch \
file://0001-Fix-ppc64le-build-Partial-backport-r256656.patch \
+ file://0001-PR-c-80290-memory-hog-with-std-pair.patch \
"
SRC_URI[md5sum] = "be2da21680f27624f3a87055c4ba5af2"
diff --git a/poky/meta/recipes-devtools/gcc/gcc-7.3/0001-Fix-ppc64le-build-Partial-backport-r256656.patch b/poky/meta/recipes-devtools/gcc/gcc-7.3/0001-Fix-ppc64le-build-Partial-backport-r256656.patch
index 5d8ffb7ba..cfb70e1ec 100644
--- a/poky/meta/recipes-devtools/gcc/gcc-7.3/0001-Fix-ppc64le-build-Partial-backport-r256656.patch
+++ b/poky/meta/recipes-devtools/gcc/gcc-7.3/0001-Fix-ppc64le-build-Partial-backport-r256656.patch
@@ -13,10 +13,7 @@ Subject: [PATCH] Partial backport r256656
use of __builtin_vec_vsx_ld () built-in function, which operates
on unaligned pointer values.
-git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/branches/gcc-6-branch@261621 138bc75d-0d04-0410-961f-82ee72b054a4
-
-
-git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/branches/gcc-7-branch@262243 138bc75d-0d04-0410-961f-82ee72b054a4
+Upstream-Status: Backport
Signed-off-by: Joel Stanley <joel@jms.id.au>
---
libcpp/lex.c | 2 +-
diff --git a/poky/meta/recipes-devtools/gcc/gcc-7.3/0001-PR-c-80290-memory-hog-with-std-pair.patch b/poky/meta/recipes-devtools/gcc/gcc-7.3/0001-PR-c-80290-memory-hog-with-std-pair.patch
index ba43af92f..603a29afe 100644
--- a/poky/meta/recipes-devtools/gcc/gcc-7.3/0001-PR-c-80290-memory-hog-with-std-pair.patch
+++ b/poky/meta/recipes-devtools/gcc/gcc-7.3/0001-PR-c-80290-memory-hog-with-std-pair.patch
@@ -7,7 +7,7 @@ Subject: [PATCH] PR c++/80290 - memory-hog with std::pair.
check for a nested list argument.
(braced_init_depth): New.
-git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/branches/gcc-7-branch@262204 138bc75d-0d04-0410-961f-82ee72b054a4
+Upstream-Status: Backport
Signed-off-by: Joel Stanley <joel@jms.id.au>
---
gcc/cp/pt.c | 22 ++++++++++++++++++++++
diff --git a/poky/meta/recipes-devtools/go/go-1.10.inc b/poky/meta/recipes-devtools/go/go-1.10.inc
index 3a135bf28..1df0fc5b6 100644
--- a/poky/meta/recipes-devtools/go/go-1.10.inc
+++ b/poky/meta/recipes-devtools/go/go-1.10.inc
@@ -1,7 +1,7 @@
require go-common.inc
GO_BASEVERSION = "1.10"
-GO_MINOR = ".2"
+GO_MINOR = ".3"
PV .= "${GO_MINOR}"
FILESEXTRAPATHS_prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:"
@@ -20,5 +20,5 @@ SRC_URI += "\
SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
-SRC_URI[main.md5sum] = "c63b35075bed693bbfc84d4a6262948a"
-SRC_URI[main.sha256sum] = "6264609c6b9cd8ed8e02ca84605d727ce1898d74efa79841660b2e3e985a98bd"
+SRC_URI[main.md5sum] = "d15dfb264105c5e84fbe33f4a4aa5021"
+SRC_URI[main.sha256sum] = "567b1cc66c9704d1c019c50bef946272e911ec6baf244310f87f4e678be155f2"
diff --git a/poky/meta/recipes-devtools/go/go-1.9.inc b/poky/meta/recipes-devtools/go/go-1.9.inc
index a942f6d8a..329cee061 100644
--- a/poky/meta/recipes-devtools/go/go-1.9.inc
+++ b/poky/meta/recipes-devtools/go/go-1.9.inc
@@ -1,7 +1,7 @@
require go-common.inc
GO_BASEVERSION = "1.9"
-GO_MINOR = ".6"
+GO_MINOR = ".7"
PV .= "${GO_MINOR}"
FILESEXTRAPATHS_prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:"
@@ -22,5 +22,5 @@ SRC_URI += "\
"
SRC_URI_append_libc-musl = " file://set-external-linker.patch"
-SRC_URI[main.md5sum] = "52c1a3063291036597552d3fed0b2917"
-SRC_URI[main.sha256sum] = "36f4059be658f7f07091e27fe04bb9e97a0c4836eb446e4c5bac3c90ff9e5828"
+SRC_URI[main.md5sum] = "3c2cf876ed6612a022574a565206c6ea"
+SRC_URI[main.sha256sum] = "582814fa45e8ecb0859a208e517b48aa0ad951e3b36c7fff203d834e0ef27722"
diff --git a/poky/meta/recipes-devtools/python/python-scons-native_3.0.1.bb b/poky/meta/recipes-devtools/python/python-scons-native_3.0.1.bb
index dae89ab5d..68b63c935 100644
--- a/poky/meta/recipes-devtools/python/python-scons-native_3.0.1.bb
+++ b/poky/meta/recipes-devtools/python/python-scons-native_3.0.1.bb
@@ -4,5 +4,5 @@ DEPENDS = "python-native"
RDEPENDS_${PN} = ""
do_install_append() {
- create_wrapper ${D}${bindir}/scons SCONS_LIB_DIR='${STAGING_DIR_HOST}/${PYTHON_SITEPACKAGES_DIR}'
+ create_wrapper ${D}${bindir}/scons SCONS_LIB_DIR='${STAGING_DIR_HOST}/${PYTHON_SITEPACKAGES_DIR}' PYTHONNOUSERSITE='1'
}
diff --git a/poky/meta/recipes-devtools/python/python3_3.5.5.bb b/poky/meta/recipes-devtools/python/python3_3.5.5.bb
index f893b846a..4dae4fa4c 100644
--- a/poky/meta/recipes-devtools/python/python3_3.5.5.bb
+++ b/poky/meta/recipes-devtools/python/python3_3.5.5.bb
@@ -176,7 +176,7 @@ do_install() {
}
do_install_append_class-nativesdk () {
- create_wrapper ${D}${bindir}/python${PYTHON_MAJMIN} TERMINFO_DIRS='${sysconfdir}/terminfo:/etc/terminfo:/usr/share/terminfo:/usr/share/misc/terminfo:/lib/terminfo'
+ create_wrapper ${D}${bindir}/python${PYTHON_MAJMIN} TERMINFO_DIRS='${sysconfdir}/terminfo:/etc/terminfo:/usr/share/terminfo:/usr/share/misc/terminfo:/lib/terminfo' PYTHONNOUSERSITE='1'
}
SSTATE_SCAN_FILES += "Makefile"
diff --git a/poky/meta/recipes-devtools/python/python_2.7.14.bb b/poky/meta/recipes-devtools/python/python_2.7.14.bb
index 41a8609b1..b923b9237 100644
--- a/poky/meta/recipes-devtools/python/python_2.7.14.bb
+++ b/poky/meta/recipes-devtools/python/python_2.7.14.bb
@@ -130,7 +130,7 @@ do_install() {
}
do_install_append_class-nativesdk () {
- create_wrapper ${D}${bindir}/python2.7 PYTHONHOME='${prefix}' TERMINFO_DIRS='${sysconfdir}/terminfo:/etc/terminfo:/usr/share/terminfo:/usr/share/misc/terminfo:/lib/terminfo'
+ create_wrapper ${D}${bindir}/python2.7 PYTHONHOME='${prefix}' TERMINFO_DIRS='${sysconfdir}/terminfo:/etc/terminfo:/usr/share/terminfo:/usr/share/misc/terminfo:/lib/terminfo' PYTHONNOUSERSITE='1'
}
SSTATE_SCAN_FILES += "Makefile"
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0001-CVE-2018-11806-QEMU-slirp-heap-buffer-overflow.patch b/poky/meta/recipes-devtools/qemu/qemu/0001-CVE-2018-11806-QEMU-slirp-heap-buffer-overflow.patch
new file mode 100644
index 000000000..862236011
--- /dev/null
+++ b/poky/meta/recipes-devtools/qemu/qemu/0001-CVE-2018-11806-QEMU-slirp-heap-buffer-overflow.patch
@@ -0,0 +1,69 @@
+Upstream-Status: Backport
+
+https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg01012.html
+
+From dc21a9d2951f0a2a7e63633e2b5c68c54e4edc4b Mon Sep 17 00:00:00 2001
+From: Jeremy Puhlman <jpuhlman@mvista.com>
+Date: Thu, 14 Jun 2018 01:28:49 +0000
+Subject: [PATCH] CVE-2018-11806 QEMU: slirp: heap buffer overflow
+
+Subject: [Qemu-devel] [PATCH 1/2] slirp: correct size computation while concatenating mbuf
+Date: Tue, 5 Jun 2018 23:38:35 +0530
+From: Prasad J Pandit <address@hidden>
+
+While reassembling incoming fragmented datagrams, 'm_cat' routine
+extends the 'mbuf' buffer, if it has insufficient room. It computes
+a wrong buffer size, which leads to overwriting adjacent heap buffer
+area. Correct this size computation in m_cat.
+
+Reported-by: ZDI Disclosures <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+---
+ slirp/mbuf.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com>
+---
+ slirp/mbuf.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/slirp/mbuf.c b/slirp/mbuf.c
+index 5ff2455..7fb4501 100644
+--- a/slirp/mbuf.c
++++ b/slirp/mbuf.c
+@@ -138,7 +138,7 @@ m_cat(struct mbuf *m, struct mbuf *n)
+ * If there's no room, realloc
+ */
+ if (M_FREEROOM(m) < n->m_len)
+- m_inc(m,m->m_size+MINCSIZE);
++ m_inc(m, m->m_len + n->m_len);
+
+ memcpy(m->m_data+m->m_len, n->m_data, n->m_len);
+ m->m_len += n->m_len;
+@@ -158,12 +158,12 @@ m_inc(struct mbuf *m, int size)
+
+ if (m->m_flags & M_EXT) {
+ datasize = m->m_data - m->m_ext;
+- m->m_ext = g_realloc(m->m_ext, size);
++ m->m_ext = g_realloc(m->m_ext, size + datasize);
+ m->m_data = m->m_ext + datasize;
+ } else {
+ char *dat;
+ datasize = m->m_data - m->m_dat;
+- dat = g_malloc(size);
++ dat = g_malloc(size + datasize);
+ memcpy(dat, m->m_dat, m->m_size);
+
+ m->m_ext = dat;
+@@ -171,7 +171,7 @@ m_inc(struct mbuf *m, int size)
+ m->m_flags |= M_EXT;
+ }
+
+- m->m_size = size;
++ m->m_size = size + datasize;
+
+ }
+
+--
+2.13.3
+
diff --git a/poky/meta/recipes-devtools/qemu/qemu/disable-grabs.patch b/poky/meta/recipes-devtools/qemu/qemu/0001-sdl.c-allow-user-to-disable-pointer-grabs.patch
index 77117890f..add5d8b02 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/disable-grabs.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0001-sdl.c-allow-user-to-disable-pointer-grabs.patch
@@ -1,3 +1,11 @@
+From 273e1af49d3e0a58bb9464369deb2652f243e649 Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@intel.com>
+Date: Wed, 18 Sep 2013 14:04:54 +0100
+Subject: [PATCH] sdl.c: allow user to disable pointer grabs
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
When the pointer enters the Qemu window it calls SDL_WM_GrabInput, which calls
XGrabPointer in a busyloop until it returns GrabSuccess. However if there's already
a pointer grab (screen is locked, a menu is open) then qemu will hang until the
@@ -12,22 +20,15 @@ the current grabbing behaviour for everyone else.
Upstream-Status: Pending
Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From 4b1988ecb01a178269ec0513a75f2ec620c7ef6a Mon Sep 17 00:00:00 2001
-From: Ross Burton <ross.burton@intel.com>
-Date: Wed, 18 Sep 2013 14:04:54 +0100
-Subject: [PATCH] sdl.c: allow user to disable pointer grabs
-
-Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Eric Bénard <eric@eukrea.com>
---
ui/sdl.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
-Index: qemu-2.11.1/ui/sdl.c
-===================================================================
---- qemu-2.11.1.orig/ui/sdl.c
-+++ qemu-2.11.1/ui/sdl.c
+diff --git a/ui/sdl.c b/ui/sdl.c
+index 7b71a9a..29ce1b9 100644
+--- a/ui/sdl.c
++++ b/ui/sdl.c
@@ -63,6 +63,10 @@ static SDL_PixelFormat host_format;
static int scaling_active = 0;
static Notifier mouse_mode_notifier;
@@ -58,7 +59,7 @@ Index: qemu-2.11.1/ui/sdl.c
gui_grab = 0;
sdl_show_cursor();
sdl_update_caption();
-@@ -986,6 +992,8 @@ void sdl_display_init(DisplayState *ds,
+@@ -986,6 +992,8 @@ void sdl_display_init(DisplayState *ds, int full_screen, int no_frame)
* This requires SDL >= 1.2.14. */
setenv("SDL_DISABLE_LOCK_KEYS", "1", 1);
diff --git a/poky/meta/recipes-devtools/qemu/qemu/wacom.patch b/poky/meta/recipes-devtools/qemu/qemu/0002-qemu-Add-missing-wacom-HID-descriptor.patch
index cd06aa4ac..281803ecb 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/wacom.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0002-qemu-Add-missing-wacom-HID-descriptor.patch
@@ -1,19 +1,27 @@
+From a42726e017605ed3ca2b3fc2b1cc8d01ccf34730 Mon Sep 17 00:00:00 2001
+From: Richard Purdie <richard.purdie@linuxfoundation.org>
+Date: Thu, 27 Nov 2014 14:04:29 +0000
+Subject: [PATCH] qemu: Add missing wacom HID descriptor
+
The USB wacom device is missing a HID descriptor which causes it
to fail to operate with recent kernels (e.g. 3.17).
-This patch adds a HID desriptor to the device, based upon one from
+This patch adds a HID desriptor to the device, based upon one from
real wcom device.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Upstream-Status: Submitted
2014/11/27
+---
+ hw/usb/dev-wacom.c | 94 +++++++++++++++++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 93 insertions(+), 1 deletion(-)
-Index: qemu-2.1.0/hw/usb/dev-wacom.c
-===================================================================
---- qemu-2.1.0.orig/hw/usb/dev-wacom.c 2014-08-01 15:12:17.000000000 +0100
-+++ qemu-2.1.0/hw/usb/dev-wacom.c 2014-10-12 12:13:30.540306042 +0100
-@@ -68,6 +68,89 @@
+diff --git a/hw/usb/dev-wacom.c b/hw/usb/dev-wacom.c
+index bf70013..2f6e129 100644
+--- a/hw/usb/dev-wacom.c
++++ b/hw/usb/dev-wacom.c
+@@ -72,6 +72,89 @@ static const USBDescStrings desc_strings = {
[STR_SERIALNUMBER] = "1",
};
@@ -103,7 +111,7 @@ Index: qemu-2.1.0/hw/usb/dev-wacom.c
static const USBDescIface desc_iface_wacom = {
.bInterfaceNumber = 0,
.bNumEndpoints = 1,
-@@ -85,7 +168,7 @@
+@@ -89,7 +172,7 @@ static const USBDescIface desc_iface_wacom = {
0x00, /* u8 country_code */
0x01, /* u8 num_descriptors */
0x22, /* u8 type: Report */
@@ -112,7 +120,7 @@ Index: qemu-2.1.0/hw/usb/dev-wacom.c
},
},
},
-@@ -265,6 +350,15 @@
+@@ -269,6 +352,15 @@ static void usb_wacom_handle_control(USBDevice *dev, USBPacket *p,
}
switch (request) {
diff --git a/poky/meta/recipes-devtools/qemu/qemu/add-ptest-in-makefile-v10.patch b/poky/meta/recipes-devtools/qemu/qemu/0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch
index e9639820b..dc073000c 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/add-ptest-in-makefile-v10.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch
@@ -1,19 +1,23 @@
-From 4201a5791fc4798a45a9b9f881602d7bacb74ed1 Mon Sep 17 00:00:00 2001
+From fda1eee8bc717528d57f6ff454f72c5325043c31 Mon Sep 17 00:00:00 2001
From: Juro Bystricky <juro.bystricky@intel.com>
Date: Thu, 31 Aug 2017 11:06:56 -0700
-Subject: Add subpackage -ptest which runs all unit test cases for qemu.
+Subject: [PATCH] Add subpackage -ptest which runs all unit test cases for
+ qemu.
Upstream-Status: Pending
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
+---
+ tests/Makefile.include | 8 ++++++++
+ 1 file changed, 8 insertions(+)
diff --git a/tests/Makefile.include b/tests/Makefile.include
-index f08b741..3d1b3e9 100644
+index c002352..f557c26 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
-@@ -924,4 +924,12 @@ all: $(QEMU_IOTESTS_HELPERS-y)
+@@ -935,4 +935,12 @@ all: $(QEMU_IOTESTS_HELPERS-y)
-include $(wildcard tests/*.d)
-include $(wildcard tests/libqos/*.d)
diff --git a/poky/meta/recipes-devtools/qemu/qemu/qemu-enlarge-env-entry-size.patch b/poky/meta/recipes-devtools/qemu/qemu/0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch
index c7425ab8d..4f28e1676 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/qemu-enlarge-env-entry-size.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch
@@ -1,4 +1,8 @@
-qemu: Add addition environment space to boot loader qemu-system-mips
+From ad70fdcaf75084da2e02474c61d1d441ca100ab2 Mon Sep 17 00:00:00 2001
+From: Jason Wessel <jason.wessel@windriver.com>
+Date: Fri, 28 Mar 2014 17:42:43 +0800
+Subject: [PATCH] qemu: Add addition environment space to boot loader
+ qemu-system-mips
Upstream-Status: Inappropriate - OE uses deep paths
@@ -10,14 +14,14 @@ to only 256 bytes. This patch expands the limit.
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
---
- hw/mips/mips_malta.c | 2 +-
- 1 files changed, 1 insertions(+), 1 deletions(-)
+ hw/mips/mips_malta.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
-index 9d521cc..17c0391 100644
+index ec6af4a..6e76166 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
-@@ -53,7 +53,7 @@
+@@ -61,7 +61,7 @@
#define ENVP_ADDR 0x80002000l
#define ENVP_NB_ENTRIES 16
@@ -26,6 +30,3 @@ index 9d521cc..17c0391 100644
/* Hardware addresses */
#define FLASH_ADDRESS 0x1e000000ULL
---
-1.7.10.4
-
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0005-qemu-disable-Valgrind.patch b/poky/meta/recipes-devtools/qemu/qemu/0005-qemu-disable-Valgrind.patch
new file mode 100644
index 000000000..b9e01834e
--- /dev/null
+++ b/poky/meta/recipes-devtools/qemu/qemu/0005-qemu-disable-Valgrind.patch
@@ -0,0 +1,33 @@
+From e85ee3cc9988172662d6969af01f23fa8ffd5262 Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@intel.com>
+Date: Tue, 20 Oct 2015 22:19:08 +0100
+Subject: [PATCH] qemu: disable Valgrind
+
+There isn't an option to enable or disable valgrind support, so disable it to avoid non-deterministic builds.
+
+Upstream-Status: Inappropriate
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+---
+ configure | 9 ---------
+ 1 file changed, 9 deletions(-)
+
+diff --git a/configure b/configure
+index 0c6e757..c30fd45 100755
+--- a/configure
++++ b/configure
+@@ -4741,15 +4741,6 @@ fi
+ # check if we have valgrind/valgrind.h
+
+ valgrind_h=no
+-cat > $TMPC << EOF
+-#include <valgrind/valgrind.h>
+-int main(void) {
+- return 0;
+-}
+-EOF
+-if compile_prog "" "" ; then
+- valgrind_h=yes
+-fi
+
+ ########################################
+ # check if environ is declared
diff --git a/poky/meta/recipes-devtools/qemu/qemu/pathlimit.patch b/poky/meta/recipes-devtools/qemu/qemu/0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch
index 57ab981c6..9315f8561 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/pathlimit.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch
@@ -1,3 +1,8 @@
+From c79c48a79710d0e2ef68062435596ac455cd9f71 Mon Sep 17 00:00:00 2001
+From: Richard Purdie <richard.purdie@linuxfoundation.org>
+Date: Wed, 9 Mar 2016 22:49:02 +0000
+Subject: [PATCH] qemu: Limit paths searched during user mode emulation
+
By default qemu builds a complete list of directories within the user
emulation sysroot (-L option). The OE sysroot directory is large and
this is confusing, for example it indexes all pkgdata. In particular this
@@ -8,18 +13,21 @@ things if/as/when it needs to. This drastically reduces the files it
reads and reduces memory usage and cleans up strace.
It would also avoid the infinite directory traversal bug in [YOCTO #6996]
-although the code could still be vulnerable if it parsed those specific
+although the code could still be vulnerable if it parsed those specific
paths.
RP
2016/3/9
Upstream-Status: Pending
+---
+ util/path.c | 44 ++++++++++++++++++++++----------------------
+ 1 file changed, 22 insertions(+), 22 deletions(-)
-Index: qemu-2.5.0/util/path.c
-===================================================================
---- qemu-2.5.0.orig/util/path.c
-+++ qemu-2.5.0/util/path.c
-@@ -19,6 +19,7 @@ struct pathelem
+diff --git a/util/path.c b/util/path.c
+index 7f9fc27..a416cd4 100644
+--- a/util/path.c
++++ b/util/path.c
+@@ -15,6 +15,7 @@ struct pathelem
char *name;
/* Full path name, eg. /usr/gnemul/x86-linux/lib. */
char *pathname;
@@ -27,7 +35,7 @@ Index: qemu-2.5.0/util/path.c
struct pathelem *parent;
/* Children */
unsigned int num_entries;
-@@ -49,6 +50,7 @@ static struct pathelem *new_entry(const
+@@ -45,6 +46,7 @@ static struct pathelem *new_entry(const char *root,
new->name = g_strdup(name);
new->pathname = g_strdup_printf("%s/%s", root, name);
new->num_entries = 0;
@@ -35,7 +43,7 @@ Index: qemu-2.5.0/util/path.c
return new;
}
-@@ -57,15 +59,16 @@ static struct pathelem *new_entry(const
+@@ -53,15 +55,16 @@ static struct pathelem *new_entry(const char *root,
/* Not all systems provide this feature */
#if defined(DT_DIR) && defined(DT_UNKNOWN) && defined(DT_LNK)
# define dirent_type(dirent) ((dirent)->d_type)
@@ -55,7 +63,7 @@ Index: qemu-2.5.0/util/path.c
DIR *dir;
if ((dir = opendir(path->pathname)) != NULL) {
-@@ -78,6 +81,11 @@ static struct pathelem *add_dir_maybe(st
+@@ -74,6 +77,11 @@ static struct pathelem *add_dir_maybe(struct pathelem *path)
}
closedir(dir);
}
@@ -67,7 +75,7 @@ Index: qemu-2.5.0/util/path.c
return path;
}
-@@ -93,26 +101,16 @@ static struct pathelem *add_entry(struct
+@@ -89,26 +97,16 @@ static struct pathelem *add_entry(struct pathelem *root, const char *name,
e = &root->entries[root->num_entries-1];
*e = new_entry(root->pathname, root, name);
@@ -97,7 +105,7 @@ Index: qemu-2.5.0/util/path.c
{
unsigned int i, namelen;
-@@ -123,14 +121,18 @@ follow_path(const struct pathelem *curso
+@@ -119,14 +117,18 @@ follow_path(const struct pathelem *cursor, const char *name)
return cursor->pathname;
if (strneq(name, namelen, ".."))
@@ -119,7 +127,7 @@ Index: qemu-2.5.0/util/path.c
/* Not found */
return NULL;
-@@ -164,8 +166,6 @@ void init_paths(const char *prefix)
+@@ -160,8 +162,6 @@ void init_paths(const char *prefix)
g_free(base->name);
g_free(base);
base = NULL;
@@ -128,7 +136,7 @@ Index: qemu-2.5.0/util/path.c
}
}
-@@ -177,5 +177,5 @@ const char *path(const char *name)
+@@ -173,5 +173,5 @@ const char *path(const char *name)
if (!base || !name || name[0] != '/')
return name;
diff --git a/poky/meta/recipes-devtools/qemu/qemu/qemu-2.5.0-cflags.patch b/poky/meta/recipes-devtools/qemu/qemu/0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch
index eb99d1463..ad52f37d9 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/qemu-2.5.0-cflags.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch
@@ -1,8 +1,18 @@
+From 4b21a8db60c32f93df56e6111bb926c91680d6f2 Mon Sep 17 00:00:00 2001
+From: Stephen Arnold <sarnold@vctlabs.com>
+Date: Sun, 12 Jun 2016 18:09:56 -0700
+Subject: [PATCH] qemu-native: set ld.bfd, fix cflags, and set some environment
+
Upstream-Status: Pending
+---
+ configure | 4 ----
+ 1 file changed, 4 deletions(-)
+diff --git a/configure b/configure
+index c30fd45..b5312f4 100755
--- a/configure
+++ b/configure
-@@ -4468,10 +4468,6 @@ fi
+@@ -5115,10 +5115,6 @@ fi
if test "$gcov" = "yes" ; then
CFLAGS="-fprofile-arcs -ftest-coverage -g $CFLAGS"
LDFLAGS="-fprofile-arcs -ftest-coverage $LDFLAGS"
diff --git a/poky/meta/recipes-devtools/qemu/qemu/chardev-connect-socket-to-a-spawned-command.patch b/poky/meta/recipes-devtools/qemu/qemu/0008-chardev-connect-socket-to-a-spawned-command.patch
index 6e6bf95c1..f0c0fa19b 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/chardev-connect-socket-to-a-spawned-command.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0008-chardev-connect-socket-to-a-spawned-command.patch
@@ -1,4 +1,4 @@
-From 3bb3100c22eb30146a69656480bdffeef8663575 Mon Sep 17 00:00:00 2001
+From 55c9510311b7481a0c8f3f71b3ce130cc25563f9 Mon Sep 17 00:00:00 2001
From: Alistair Francis <alistair.francis@xilinx.com>
Date: Thu, 21 Dec 2017 11:35:16 -0800
Subject: [PATCH] chardev: connect socket to a spawned command
@@ -45,13 +45,13 @@ Upstream-Status: Inappropriate [embedded specific]
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
---
- chardev/char-socket.c | 86 ++++++++++++++++++++++++++++++++++++++++++++++++---
+ chardev/char-socket.c | 99 +++++++++++++++++++++++++++++++++++++++++++++++++++
chardev/char.c | 3 ++
qapi/char.json | 5 +++
- 3 files changed, 90 insertions(+), 4 deletions(-)
+ 3 files changed, 107 insertions(+)
diff --git a/chardev/char-socket.c b/chardev/char-socket.c
-index 53eda8ef00..f566107c35 100644
+index 53eda8e..6c63555 100644
--- a/chardev/char-socket.c
+++ b/chardev/char-socket.c
@@ -852,6 +852,68 @@ static gboolean socket_reconnect_timeout(gpointer opaque)
@@ -123,7 +123,7 @@ index 53eda8ef00..f566107c35 100644
static void qmp_chardev_open_socket(Chardev *chr,
ChardevBackend *backend,
bool *be_opened,
-@@ -859,6 +921,9 @@
+@@ -859,6 +921,9 @@ static void qmp_chardev_open_socket(Chardev *chr,
{
SocketChardev *s = SOCKET_CHARDEV(chr);
ChardevSocket *sock = backend->u.socket.data;
@@ -133,15 +133,14 @@ index 53eda8ef00..f566107c35 100644
bool do_nodelay = sock->has_nodelay ? sock->nodelay : false;
bool is_listen = sock->has_server ? sock->server : true;
bool is_telnet = sock->has_telnet ? sock->telnet : false;
-@@ -925,7 +990,14 @@
+@@ -925,7 +990,14 @@ static void qmp_chardev_open_socket(Chardev *chr,
} else if (reconnect > 0) {
s->reconnect_time = reconnect;
}
--
+#ifndef _WIN32
+ if (cmd) {
+ chardev_open_socket_cmd(chr, cmd, errp);
-+
+
+ /* everything ready (or failed permanently) before we return */
+ *be_opened = true;
+ } else
@@ -149,7 +148,7 @@ index 53eda8ef00..f566107c35 100644
if (s->reconnect_time) {
sioc = qio_channel_socket_new();
tcp_chr_set_client_ioc_name(chr, sioc);
-@@ -985,10 +1057,26 @@
+@@ -985,10 +1057,26 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend,
const char *host = qemu_opt_get(opts, "host");
const char *port = qemu_opt_get(opts, "port");
const char *tls_creds = qemu_opt_get(opts, "tls-creds");
@@ -176,7 +175,7 @@ index 53eda8ef00..f566107c35 100644
if (!path) {
if (!host) {
error_setg(errp, "chardev: socket: no host given");
-@@ -1021,13 +1109,24 @@
+@@ -1021,13 +1109,24 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend,
sock->has_reconnect = true;
sock->reconnect = reconnect;
sock->tls_creds = g_strdup(tls_creds);
@@ -202,21 +201,21 @@ index 53eda8ef00..f566107c35 100644
addr->type = SOCKET_ADDRESS_LEGACY_KIND_INET;
addr->u.inet.data = g_new(InetSocketAddress, 1);
diff --git a/chardev/char.c b/chardev/char.c
-index 2ae4f465ec..5d52cd5de5 100644
+index 2ae4f46..5d52cd5 100644
--- a/chardev/char.c
+++ b/chardev/char.c
-@@ -792,6 +792,9 @@ QemuOptsList qemu_chardev_opts = {
- },{
+@@ -793,6 +793,9 @@ QemuOptsList qemu_chardev_opts = {
.name = "path",
.type = QEMU_OPT_STRING,
-+ },{
+ },{
+ .name = "cmd",
+ .type = QEMU_OPT_STRING,
- },{
++ },{
.name = "host",
.type = QEMU_OPT_STRING,
+ },{
diff --git a/qapi/char.json b/qapi/char.json
-index ae19dcd1ed..6de0f29bcd 100644
+index ae19dcd..6de0f29 100644
--- a/qapi/char.json
+++ b/qapi/char.json
@@ -241,6 +241,10 @@
@@ -238,5 +237,3 @@ index ae19dcd1ed..6de0f29bcd 100644
'*tls-creds' : 'str',
'*server' : 'bool',
'*wait' : 'bool',
---
-2.14.1
diff --git a/poky/meta/recipes-devtools/qemu/qemu/apic-fixup-fallthrough-to-PIC.patch b/poky/meta/recipes-devtools/qemu/qemu/0009-apic-fixup-fallthrough-to-PIC.patch
index d6a3522ed..915bfdac5 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/apic-fixup-fallthrough-to-PIC.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0009-apic-fixup-fallthrough-to-PIC.patch
@@ -1,7 +1,7 @@
-From bef93bb81588b5323a52d2e1886f2a77b64a976b Mon Sep 17 00:00:00 2001
+From 945f428016f278fa8e38bc8d153397c3195f85a5 Mon Sep 17 00:00:00 2001
From: Mark Asselstine <mark.asselstine@windriver.com>
Date: Tue, 26 Feb 2013 11:43:28 -0500
-Subject: [PATCH 03/18] apic: fixup fallthrough to PIC
+Subject: [PATCH] apic: fixup fallthrough to PIC
Commit 0e21e12bb311c4c1095d0269dc2ef81196ccb60a [Don't route PIC
interrupts through the local APIC if the local APIC config says so.]
@@ -28,11 +28,11 @@ Signed-off-by: He Zhe <zhe.he@windriver.com>
hw/intc/apic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
-Index: qemu-2.11.1/hw/intc/apic.c
-===================================================================
---- qemu-2.11.1.orig/hw/intc/apic.c
-+++ qemu-2.11.1/hw/intc/apic.c
-@@ -591,7 +591,7 @@ int apic_accept_pic_intr(DeviceState *de
+diff --git a/hw/intc/apic.c b/hw/intc/apic.c
+index fe15fb6..8352c39 100644
+--- a/hw/intc/apic.c
++++ b/hw/intc/apic.c
+@@ -591,7 +591,7 @@ int apic_accept_pic_intr(DeviceState *dev)
APICCommonState *s = APIC(dev);
uint32_t lvt0;
diff --git a/poky/meta/recipes-devtools/qemu/qemu/linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch b/poky/meta/recipes-devtools/qemu/qemu/0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
index d2c52252f..ceb3980fc 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
@@ -1,4 +1,4 @@
-From 4fa4aae4176ef6d8f4d4b8323d061e2433918a26 Mon Sep 17 00:00:00 2001
+From 4333b2b269d997a719e19f00d044105e17700be2 Mon Sep 17 00:00:00 2001
From: Alistair Francis <alistair.francis@xilinx.com>
Date: Wed, 17 Jan 2018 10:51:49 -0800
Subject: [PATCH] linux-user: Fix webkitgtk hangs on 32-bit x86 target
@@ -18,10 +18,10 @@ Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/linux-user/main.c b/linux-user/main.c
-index 450eb3ce65..c7cc0a184e 100644
+index 146ee3e..1332b5c 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
-@@ -77,7 +77,7 @@ do { \
+@@ -78,7 +78,7 @@ do { \
(TARGET_LONG_BITS == 32 || defined(TARGET_ABI32))
/* There are a number of places where we assign reserved_va to a variable
of type abi_ulong and expect it to fit. Avoid the last page. */
@@ -30,6 +30,3 @@ index 450eb3ce65..c7cc0a184e 100644
# else
# define MAX_RESERVED_VA (1ul << TARGET_VIRT_ADDR_SPACE_BITS)
# endif
---
-2.14.1
-
diff --git a/poky/meta/recipes-devtools/qemu/qemu/memfd.patch b/poky/meta/recipes-devtools/qemu/qemu/0011-memfd-fix-configure-test.patch
index 62e8d3800..880cb980a 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/memfd.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0011-memfd-fix-configure-test.patch
@@ -1,7 +1,4 @@
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From 75e5b70e6b5dcc4f2219992d7cffa462aa406af0 Mon Sep 17 00:00:00 2001
+From 0c8af3f651a125d636a71d93bafd35ff5240431a Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue, 28 Nov 2017 11:51:27 +0100
Subject: [PATCH] memfd: fix configure test
@@ -19,6 +16,8 @@ file actually does not exist---it is a typo in the memfd_create(2) man
page.
Cc: Marc-André Lureau <marcandre.lureau@redhat.com>
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
configure | 2 +-
@@ -26,10 +25,10 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/configure b/configure
-index 9c8aa5a98b..99ccc1725a 100755
+index b5312f4..ec12f36 100755
--- a/configure
+++ b/configure
-@@ -3923,7 +3923,7 @@ fi
+@@ -3920,7 +3920,7 @@ fi
# check if memfd is supported
memfd=no
cat > $TMPC << EOF
@@ -39,7 +38,7 @@ index 9c8aa5a98b..99ccc1725a 100755
int main(void)
{
diff --git a/util/memfd.c b/util/memfd.c
-index 4571d1aba8..412e94a405 100644
+index 4571d1a..412e94a 100644
--- a/util/memfd.c
+++ b/util/memfd.c
@@ -31,9 +31,7 @@
@@ -53,5 +52,3 @@ index 4571d1aba8..412e94a405 100644
#include <sys/syscall.h>
#include <asm/unistd.h>
---
-2.11.0
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0001-arm-translate-a64-treat-DISAS_UPDATE-as-variant-of-D.patch b/poky/meta/recipes-devtools/qemu/qemu/0012-arm-translate-a64-treat-DISAS_UPDATE-as-variant-of-D.patch
index f90cae694..be9250209 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/0001-arm-translate-a64-treat-DISAS_UPDATE-as-variant-of-D.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0012-arm-translate-a64-treat-DISAS_UPDATE-as-variant-of-D.patch
@@ -1,4 +1,4 @@
-From a75a52d62418dafe462be4fe30485501d1010bb9 Mon Sep 17 00:00:00 2001
+From 7354b9b24c36ee712bb6e881d39504bf1b6a4c8b Mon Sep 17 00:00:00 2001
From: Victor Kamensky <kamensky@cisco.com>
Date: Fri, 23 Mar 2018 18:26:45 +0000
Subject: [PATCH] arm/translate-a64: treat DISAS_UPDATE as variant of
@@ -43,10 +43,10 @@ Upstream-Status: Backport
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
-index 31ff047..327513e 100644
+index 625ef2d..c381091 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
-@@ -13378,12 +13378,12 @@ static void aarch64_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
+@@ -11384,12 +11384,12 @@ static void aarch64_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
case DISAS_UPDATE:
gen_a64_set_pc_im(dc->pc);
/* fall through */
@@ -62,6 +62,3 @@ index 31ff047..327513e 100644
case DISAS_NORETURN:
case DISAS_SWI:
break;
---
-2.7.4
-
diff --git a/poky/meta/recipes-devtools/qemu/qemu/check-PS2Queue-pointers-in-post_load-routine.patch b/poky/meta/recipes-devtools/qemu/qemu/0013-ps2-check-PS2Queue-pointers-in-post_load-routine.patch
index f8d7f66ac..d2bdf6b01 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/check-PS2Queue-pointers-in-post_load-routine.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0013-ps2-check-PS2Queue-pointers-in-post_load-routine.patch
@@ -1,4 +1,4 @@
-From ee9a17d0e12143971a9676227cce953c0dbe52fb Mon Sep 17 00:00:00 2001
+From 065061dca34fa5b91be6dce9a87a8755d8826c78 Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Thu, 16 Nov 2017 13:21:55 +0530
Subject: [PATCH] ps2: check PS2Queue pointers in post_load routine
@@ -58,6 +58,3 @@ index f388a23..de171a2 100644
/* reset rptr/wptr/count */
q->rptr = 0;
q->wptr = size;
---
-2.7.4
-
diff --git a/poky/meta/recipes-devtools/qemu/qemu/fix-libcap-header-issue-on-some-distro.patch b/poky/meta/recipes-devtools/qemu/qemu/0014-fix-libcap-header-issue-on-some-distro.patch
index cee6a676a..b662a4150 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/fix-libcap-header-issue-on-some-distro.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0014-fix-libcap-header-issue-on-some-distro.patch
@@ -1,4 +1,7 @@
-fix libcap header issue on some distro
+From 47fdb0b6e2e393194a8c81544c647fdd997aec7f Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Tue, 12 Mar 2013 09:54:06 +0800
+Subject: [PATCH] fix libcap header issue on some distro
1, When build qemu-native on SLED 11.2, there is an error:
...
@@ -52,13 +55,14 @@ http://patchwork.linuxtv.org/patch/12748/
Upstream-Status: Pending
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
- fsdev/virtfs-proxy-helper.c | 7 +++++--
+ fsdev/virtfs-proxy-helper.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/fsdev/virtfs-proxy-helper.c b/fsdev/virtfs-proxy-helper.c
+index 8e48500..6490030 100644
--- a/fsdev/virtfs-proxy-helper.c
+++ b/fsdev/virtfs-proxy-helper.c
-@@ -12,7 +12,6 @@
+@@ -13,7 +13,6 @@
#include <sys/resource.h>
#include <getopt.h>
#include <syslog.h>
@@ -66,7 +70,7 @@ diff --git a/fsdev/virtfs-proxy-helper.c b/fsdev/virtfs-proxy-helper.c
#include <sys/fsuid.h>
#include <sys/vfs.h>
#include <sys/ioctl.h>
-@@ -26,7 +25,11 @@
+@@ -27,7 +26,11 @@
#include "9p-iov-marshal.h"
#include "hw/9pfs/9p-proxy.h"
#include "fsdev/9p-iov-marshal.h"
@@ -79,6 +83,3 @@ diff --git a/fsdev/virtfs-proxy-helper.c b/fsdev/virtfs-proxy-helper.c
#define PROGNAME "virtfs-proxy-helper"
#ifndef XFS_SUPER_MAGIC
---
-1.7.10.4
-
diff --git a/poky/meta/recipes-devtools/qemu/qemu/cpus.c-qemu_cpu_kick_thread_debugging.patch b/poky/meta/recipes-devtools/qemu/qemu/0015-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch
index 682213254..a5621caa9 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/cpus.c-qemu_cpu_kick_thread_debugging.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0015-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch
@@ -1,4 +1,4 @@
-From 697a834c35d19447b7dcdb9e1d9434bc6ce17c21 Mon Sep 17 00:00:00 2001
+From db914e0f93a32b6731a636517002ecadc207718b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?An=C3=ADbal=20Lim=C3=B3n?= <anibal.limon@linux.intel.com>
Date: Wed, 12 Aug 2015 15:11:30 -0500
Subject: [PATCH] cpus.c: Add error messages when qemi_cpu_kick_thread fails.
@@ -19,10 +19,10 @@ Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
create mode 100644 custom_debug.h
diff --git a/cpus.c b/cpus.c
-index a822ce3..7e4786e 100644
+index 114c29b..c3dd2e0 100644
--- a/cpus.c
+++ b/cpus.c
-@@ -1080,6 +1080,8 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
+@@ -1510,6 +1510,8 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
return NULL;
}
@@ -31,7 +31,7 @@ index a822ce3..7e4786e 100644
static void qemu_cpu_kick_thread(CPUState *cpu)
{
#ifndef _WIN32
-@@ -1088,6 +1090,9 @@ static void qemu_cpu_kick_thread(CPUState *cpu)
+@@ -1522,6 +1524,9 @@ static void qemu_cpu_kick_thread(CPUState *cpu)
err = pthread_kill(cpu->thread->thread, SIG_IPI);
if (err) {
fprintf(stderr, "qemu:%s: %s", __func__, strerror(err));
@@ -71,6 +71,3 @@ index 0000000..f029e45
+
+ free(symbols);
+}
---
-1.9.1
-
diff --git a/poky/meta/recipes-devtools/qemu/qemu/no-valgrind.patch b/poky/meta/recipes-devtools/qemu/qemu/no-valgrind.patch
deleted file mode 100644
index 91f728042..000000000
--- a/poky/meta/recipes-devtools/qemu/qemu/no-valgrind.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-There isn't an option to enable or disable valgrind support, so disable it to avoid non-deterministic builds.
-
-Upstream-Status: Inappropriate
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-diff --git a/configure b/configure
-index b3c4f51..4d3929e 100755
---- a/configure
-+++ b/configure
-@@ -4193,9 +4192,0 @@ valgrind_h=no
--cat > $TMPC << EOF
--#include <valgrind/valgrind.h>
--int main(void) {
-- return 0;
--}
--EOF
--if compile_prog "" "" ; then
-- valgrind_h=yes
--fi
diff --git a/poky/meta/recipes-devtools/qemu/qemu_2.11.1.bb b/poky/meta/recipes-devtools/qemu/qemu_2.11.1.bb
index ab82c5fe5..7de21ac0f 100644
--- a/poky/meta/recipes-devtools/qemu/qemu_2.11.1.bb
+++ b/poky/meta/recipes-devtools/qemu/qemu_2.11.1.bb
@@ -9,27 +9,27 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=441c28d2cf86e15a37fa47e15a72fbac \
SRC_URI = "http://wiki.qemu-project.org/download/${BP}.tar.bz2 \
file://powerpc_rom.bin \
- file://disable-grabs.patch \
- file://wacom.patch \
- file://add-ptest-in-makefile-v10.patch \
+ file://0001-sdl.c-allow-user-to-disable-pointer-grabs.patch \
+ file://0002-qemu-Add-missing-wacom-HID-descriptor.patch \
+ file://0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch \
file://run-ptest \
- file://qemu-enlarge-env-entry-size.patch \
- file://no-valgrind.patch \
- file://pathlimit.patch \
- file://qemu-2.5.0-cflags.patch \
- file://chardev-connect-socket-to-a-spawned-command.patch \
- file://apic-fixup-fallthrough-to-PIC.patch \
- file://linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch \
- file://memfd.patch \
- file://0001-arm-translate-a64-treat-DISAS_UPDATE-as-variant-of-D.patch \
- file://check-PS2Queue-pointers-in-post_load-routine.patch \
+ file://0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch \
+ file://0005-qemu-disable-Valgrind.patch \
+ file://0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch \
+ file://0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch \
+ file://0008-chardev-connect-socket-to-a-spawned-command.patch \
+ file://0009-apic-fixup-fallthrough-to-PIC.patch \
+ file://0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch \
+ file://0011-memfd-fix-configure-test.patch \
+ file://0012-arm-translate-a64-treat-DISAS_UPDATE-as-variant-of-D.patch \
+ file://0013-ps2-check-PS2Queue-pointers-in-post_load-routine.patch \
+ file://0001-CVE-2018-11806-QEMU-slirp-heap-buffer-overflow.patch \
"
UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+\..*)\.tar"
-
SRC_URI_append_class-native = " \
- file://fix-libcap-header-issue-on-some-distro.patch \
- file://cpus.c-qemu_cpu_kick_thread_debugging.patch \
+ file://0014-fix-libcap-header-issue-on-some-distro.patch \
+ file://0015-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch \
"
SRC_URI[md5sum] = "61cf862b6007eba4ac98247776af2e27"
diff --git a/poky/meta/recipes-devtools/rpm/files/0001-When-cross-installing-execute-package-scriptlets-wit.patch b/poky/meta/recipes-devtools/rpm/files/0001-When-cross-installing-execute-package-scriptlets-wit.patch
index 2be3cb5af..4020a3109 100644
--- a/poky/meta/recipes-devtools/rpm/files/0001-When-cross-installing-execute-package-scriptlets-wit.patch
+++ b/poky/meta/recipes-devtools/rpm/files/0001-When-cross-installing-execute-package-scriptlets-wit.patch
@@ -1,4 +1,4 @@
-From a6f269f879221f2777169c5f7291322afe6b661b Mon Sep 17 00:00:00 2001
+From a89daa75ac970d8e247edc762d1181e9a5b0c5d0 Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Tue, 17 Jan 2017 14:07:17 +0200
Subject: [PATCH] When cross-installing, execute package scriptlets without
@@ -7,17 +7,42 @@ Subject: [PATCH] When cross-installing, execute package scriptlets without
This is triggered only when RPM_NO_CHROOT_FOR_SCRIPTS environment variable is defined.
Otherwise they will trigger an explosion of failures, obviously.
+Amended 2018-07-03 by Olof Johansson <olofjn@axis.com>:
+
+ Remove leaking temporary scriptlet files
+
+ Since we tell dnf to run rpm with debug output, this will result in rpm not
+ cleaning up written temporary scriptlet files (same flag controls both
+ behaviors). This wouldn't have been a problem since we normally would use the
+ target sysroot also for temporary files, but we need to chroot out to be able
+ to actually run the rpm scriptlets (purpose of this patch), so the temporary
+ files are written to the host's /var/tmp/ directory, causing a gradual
+ resource leakage on the host system for every RPM based do_rootfs task
+ executed.
+
+ Signed-off-by: Olof Johansson <olofjn@axis.com>
+
Upstream-Status: Inappropriate [oe-core specific]
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
---
- lib/rpmscript.c | 8 +++++++-
- 1 file changed, 7 insertions(+), 1 deletion(-)
+ lib/rpmscript.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/lib/rpmscript.c b/lib/rpmscript.c
-index 98d3f420d..b95b5d606 100644
+index cc98c4885..f8bd3df04 100644
--- a/lib/rpmscript.c
+++ b/lib/rpmscript.c
-@@ -467,7 +467,13 @@ rpmRC rpmScriptRun(rpmScript script, int arg1, int arg2, FD_t scriptFd,
+@@ -394,8 +394,7 @@ exit:
+ Fclose(out); /* XXX dup'd STDOUT_FILENO */
+
+ if (fn) {
+- if (!rpmIsDebug())
+- unlink(fn);
++ unlink(fn);
+ free(fn);
+ }
+ free(mline);
+@@ -428,7 +427,13 @@ rpmRC rpmScriptRun(rpmScript script, int arg1, int arg2, FD_t scriptFd,
if (rc != RPMRC_FAIL) {
if (script_type & RPMSCRIPTLET_EXEC) {
diff --git a/poky/meta/recipes-devtools/rpm/rpm_4.14.1.bb b/poky/meta/recipes-devtools/rpm/rpm_4.14.1.bb
index 6012922ad..1a03a0fce 100644
--- a/poky/meta/recipes-devtools/rpm/rpm_4.14.1.bb
+++ b/poky/meta/recipes-devtools/rpm/rpm_4.14.1.bb
@@ -69,6 +69,7 @@ EXTRA_OECONF_append_libc-musl = " --disable-nls"
# Disable dbus for native, so that rpm doesn't attempt to inhibit shutdown via session dbus even when plugins support is enabled.
# Also disable plugins by default for native.
EXTRA_OECONF_append_class-native = " --sysconfdir=/etc --localstatedir=/var --without-dbus --disable-plugins"
+EXTRA_OECONF_append_class-nativesdk = " --sysconfdir=/etc --localstatedir=/var --without-dbus --disable-plugins"
BBCLASSEXTEND = "native nativesdk"
@@ -77,21 +78,22 @@ PACKAGECONFIG[imaevm] = "--with-imaevm,,ima-evm-utils"
# Direct rpm-native to read configuration from our sysroot, not the one it was compiled in
# libmagic also has sysroot path contamination, so override it
+
+WRAPPER_TOOLS = " \
+ ${bindir}/rpm \
+ ${bindir}/rpm2archive \
+ ${bindir}/rpm2cpio \
+ ${bindir}/rpmbuild \
+ ${bindir}/rpmdb \
+ ${bindir}/rpmgraph \
+ ${bindir}/rpmkeys \
+ ${bindir}/rpmsign \
+ ${bindir}/rpmspec \
+ ${libdir}/rpm/rpmdeps \
+"
+
do_install_append_class-native() {
- tools="\
- ${bindir}/rpm \
- ${bindir}/rpm2archive \
- ${bindir}/rpm2cpio \
- ${bindir}/rpmbuild \
- ${bindir}/rpmdb \
- ${bindir}/rpmgraph \
- ${bindir}/rpmkeys \
- ${bindir}/rpmsign \
- ${bindir}/rpmspec \
- ${libdir}/rpm/rpmdeps \
- "
-
- for tool in $tools; do
+ for tool in ${WRAPPER_TOOLS}; do
create_wrapper ${D}$tool \
RPM_CONFIGDIR=${STAGING_LIBDIR_NATIVE}/rpm \
RPM_ETCCONFIGDIR=${STAGING_DIR_NATIVE} \
@@ -100,6 +102,18 @@ do_install_append_class-native() {
done
}
+do_install_append_class-nativesdk() {
+ for tool in ${WRAPPER_TOOLS}; do
+ create_wrapper ${D}$tool \
+ RPM_CONFIGDIR='`dirname $''realpath`'/${@os.path.relpath(d.getVar('libdir', True), d.getVar('bindir', True))}/rpm \
+ RPM_ETCCONFIGDIR='$'{RPM_ETCCONFIGDIR-'`dirname $''realpath`'/${@os.path.relpath(d.getVar('sysconfdir', True), d.getVar('bindir', True))}/..} \
+ MAGIC='`dirname $''realpath`'/${@os.path.relpath(d.getVar('datadir', True), d.getVar('bindir', True))}/misc/magic.mgc \
+ RPM_NO_CHROOT_FOR_SCRIPTS=1
+ done
+
+ rm -rf ${D}/var
+}
+
# Rpm's make install creates var/tmp which clashes with base-files packaging
do_install_append_class-target() {
rm -rf ${D}/var
diff --git a/poky/meta/recipes-extended/at/at_3.1.20.bb b/poky/meta/recipes-extended/at/at_3.1.20.bb
index 8fe3b437e..b76e83d1d 100644
--- a/poky/meta/recipes-extended/at/at_3.1.20.bb
+++ b/poky/meta/recipes-extended/at/at_3.1.20.bb
@@ -8,6 +8,12 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4325afd396febcb659c36b49533135d4"
DEPENDS = "flex flex-native bison-native \
${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
+PACKAGECONFIG ?= "\
+ ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)} \
+"
+
+PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux,"
+
RDEPENDS_${PN} = "${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_DEPS}', '', d)} \
"
diff --git a/poky/meta/recipes-extended/bash/bash.inc b/poky/meta/recipes-extended/bash/bash.inc
index 9c2b065f9..2e7f261a2 100644
--- a/poky/meta/recipes-extended/bash/bash.inc
+++ b/poky/meta/recipes-extended/bash/bash.inc
@@ -7,7 +7,7 @@ DEPENDS = "ncurses bison-native virtual/libiconv"
inherit autotools gettext texinfo update-alternatives ptest
EXTRA_AUTORECONF += "--exclude=autoheader --exclude=aclocal"
-EXTRA_OECONF = "--enable-job-control --without-bash-malloc"
+EXTRA_OECONF = "--enable-job-control --without-bash-malloc bash_cv_wexitstatus_offset=8"
# If NON_INTERACTIVE_LOGIN_SHELLS is defined, all login shells read the
# startup files, even if they are not interactive.
diff --git a/poky/meta/recipes-extended/cpio/cpio-2.12/0001-CVE-2016-2037-1-byte-out-of-bounds-write.patch b/poky/meta/recipes-extended/cpio/cpio-2.12/0001-CVE-2016-2037-1-byte-out-of-bounds-write.patch
new file mode 100644
index 000000000..0a3054483
--- /dev/null
+++ b/poky/meta/recipes-extended/cpio/cpio-2.12/0001-CVE-2016-2037-1-byte-out-of-bounds-write.patch
@@ -0,0 +1,346 @@
+From ebf9a2d776474181936a720ce811d72bbd1da3b6 Mon Sep 17 00:00:00 2001
+From: Pavel Raiskup <praiskup@redhat.com>
+Date: Tue, 26 Jan 2016 23:17:54 +0100
+Subject: [PATCH] CVE-2016-2037 - 1 byte out-of-bounds write
+
+Ensure that cpio_safer_name_suffix always works with dynamically
+allocated buffer, and that it has size of at least 32 bytes.
+Then, any call to cpio_safer_name_suffix is safe (it requires at
+least 2 bytes in the buffer).
+
+Also ensure that c_namesize is always correctly initialized (by
+cpio_set_c_name) to avoid undefined behavior when reading
+file_hdr.c_namesize (previously happened for tar archives).
+
+References:
+http://www.mail-archive.com/bug-cpio@gnu.org/msg00545.html
+
+* src/copyin.c (query_rename): Drop the hack, as we now work with
+dynamically allocated buffer. Use cpio_set_c_name.
+(create_defered_links_to_skipped): Use cpio_set_c_name rather than
+manual assignment.
+(read_name_from_file): New function to avoid C&P.
+(read_in_old_ascii, read_in_new_ascii, read_in_binary): Use
+read_name_from_file.
+(process_copy_in): Initialize file_hdr.c_namesize.
+* src/copyout.c (process_copy_out): Use cpio_set_c_name.
+* src/cpiohdr.h (cpio_set_c_name): New prototype.
+* src/tar.c (read_in_tar_header): Use cpio_set_c_name.
+* src/util.c (cpio_set_c_name): New function to set
+file_hdr->c_name and c_namesize from arbitrary string.
+(cpio_safer_name_suffix): Some docs fixes.
+* tests/inout.at: Also test copy-in, and try various formats.
+
+CVE: CVE-2016-2037
+
+Upstream-Status: Backport [http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=d36ec5f4e93130efb24fb9678aafd88e8070095b]
+
+Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
+---
+ src/copyin.c | 68 +++++++++++++++++++---------------------------------------
+ src/copyout.c | 13 +++++------
+ src/cpiohdr.h | 1 +
+ src/tar.c | 10 +++++----
+ src/util.c | 32 ++++++++++++++++++++++++++-
+ tests/inout.at | 19 ++++++++++++++--
+ 6 files changed, 82 insertions(+), 61 deletions(-)
+
+diff --git a/src/copyin.c b/src/copyin.c
+index cde911e..972f8a6 100644
+--- a/src/copyin.c
++++ b/src/copyin.c
+@@ -76,28 +76,7 @@ query_rename(struct cpio_file_stat* file_hdr, FILE *tty_in, FILE *tty_out,
+ return -1;
+ }
+ else
+- /* Debian hack: file_hrd.c_name is sometimes set to
+- point to static memory by code in tar.c. This
+- causes a segfault. This has been fixed and an
+- additional check to ensure that the file name
+- is not too long has been added. (Reported by
+- Horst Knobloch.) This bug has been reported to
+- "bug-gnu-utils@prep.ai.mit.edu". (99/1/6) -BEM */
+- {
+- if (archive_format != arf_tar && archive_format != arf_ustar)
+- {
+- free (file_hdr->c_name);
+- file_hdr->c_name = xstrdup (new_name.ds_string);
+- }
+- else
+- {
+- if (is_tar_filename_too_long (new_name.ds_string))
+- error (0, 0, _("%s: file name too long"),
+- new_name.ds_string);
+- else
+- strcpy (file_hdr->c_name, new_name.ds_string);
+- }
+- }
++ cpio_set_c_name (file_hdr, new_name.ds_string);
+ return 0;
+ }
+
+@@ -344,8 +323,7 @@ create_defered_links_to_skipped (struct cpio_file_stat *file_hdr,
+ d_prev->next = d->next;
+ else
+ deferments = d->next;
+- free (file_hdr->c_name);
+- file_hdr->c_name = xstrdup(d->header.c_name);
++ cpio_set_c_name (file_hdr, d->header.c_name);
+ free_deferment (d);
+ copyin_regular_file(file_hdr, in_file_des);
+ return 0;
+@@ -1064,6 +1042,22 @@ read_in_header (struct cpio_file_stat *file_hdr, int in_des)
+ }
+ }
+
++static void
++read_name_from_file (struct cpio_file_stat *file_hdr, int fd, uintmax_t len)
++{
++ static char *tmp_filename;
++ static size_t buflen;
++
++ if (buflen < len)
++ {
++ buflen = len;
++ tmp_filename = xrealloc (tmp_filename, buflen);
++ }
++
++ tape_buffered_read (tmp_filename, fd, len);
++ cpio_set_c_name (file_hdr, tmp_filename);
++}
++
+ /* Fill in FILE_HDR by reading an old-format ASCII format cpio header from
+ file descriptor IN_DES, except for the magic number, which is
+ already filled in. */
+@@ -1090,14 +1084,8 @@ read_in_old_ascii (struct cpio_file_stat *file_hdr, int in_des)
+ file_hdr->c_rdev_min = minor (dev);
+
+ file_hdr->c_mtime = FROM_OCTAL (ascii_header.c_mtime);
+- file_hdr->c_namesize = FROM_OCTAL (ascii_header.c_namesize);
+ file_hdr->c_filesize = FROM_OCTAL (ascii_header.c_filesize);
+-
+- /* Read file name from input. */
+- if (file_hdr->c_name != NULL)
+- free (file_hdr->c_name);
+- file_hdr->c_name = (char *) xmalloc (file_hdr->c_namesize + 1);
+- tape_buffered_read (file_hdr->c_name, in_des, (long) file_hdr->c_namesize);
++ read_name_from_file (file_hdr, in_des, FROM_OCTAL (ascii_header.c_namesize));
+
+ /* HP/UX cpio creates archives that look just like ordinary archives,
+ but for devices it sets major = 0, minor = 1, and puts the
+@@ -1152,14 +1140,8 @@ read_in_new_ascii (struct cpio_file_stat *file_hdr, int in_des)
+ file_hdr->c_dev_min = FROM_HEX (ascii_header.c_dev_min);
+ file_hdr->c_rdev_maj = FROM_HEX (ascii_header.c_rdev_maj);
+ file_hdr->c_rdev_min = FROM_HEX (ascii_header.c_rdev_min);
+- file_hdr->c_namesize = FROM_HEX (ascii_header.c_namesize);
+ file_hdr->c_chksum = FROM_HEX (ascii_header.c_chksum);
+-
+- /* Read file name from input. */
+- if (file_hdr->c_name != NULL)
+- free (file_hdr->c_name);
+- file_hdr->c_name = (char *) xmalloc (file_hdr->c_namesize);
+- tape_buffered_read (file_hdr->c_name, in_des, (long) file_hdr->c_namesize);
++ read_name_from_file (file_hdr, in_des, FROM_HEX (ascii_header.c_namesize));
+
+ /* In SVR4 ASCII format, the amount of space allocated for the header
+ is rounded up to the next long-word, so we might need to drop
+@@ -1207,16 +1189,9 @@ read_in_binary (struct cpio_file_stat *file_hdr,
+ file_hdr->c_rdev_min = minor (short_hdr->c_rdev);
+ file_hdr->c_mtime = (unsigned long) short_hdr->c_mtimes[0] << 16
+ | short_hdr->c_mtimes[1];
+-
+- file_hdr->c_namesize = short_hdr->c_namesize;
+ file_hdr->c_filesize = (unsigned long) short_hdr->c_filesizes[0] << 16
+ | short_hdr->c_filesizes[1];
+-
+- /* Read file name from input. */
+- if (file_hdr->c_name != NULL)
+- free (file_hdr->c_name);
+- file_hdr->c_name = (char *) xmalloc (file_hdr->c_namesize);
+- tape_buffered_read (file_hdr->c_name, in_des, (long) file_hdr->c_namesize);
++ read_name_from_file (file_hdr, in_des, short_hdr->c_namesize);
+
+ /* In binary mode, the amount of space allocated in the header for
+ the filename is `c_namesize' rounded up to the next short-word,
+@@ -1297,6 +1272,7 @@ process_copy_in ()
+ read_pattern_file ();
+ }
+ file_hdr.c_name = NULL;
++ file_hdr.c_namesize = 0;
+
+ if (rename_batch_file)
+ {
+diff --git a/src/copyout.c b/src/copyout.c
+index 1f0987a..bb39559 100644
+--- a/src/copyout.c
++++ b/src/copyout.c
+@@ -660,8 +660,7 @@ process_copy_out ()
+ cpio_safer_name_suffix (input_name.ds_string, false,
+ !no_abs_paths_flag, true);
+ #ifndef HPUX_CDF
+- file_hdr.c_name = input_name.ds_string;
+- file_hdr.c_namesize = strlen (input_name.ds_string) + 1;
++ cpio_set_c_name (&file_hdr, input_name.ds_string);
+ #else
+ if ( (archive_format != arf_tar) && (archive_format != arf_ustar) )
+ {
+@@ -670,16 +669,15 @@ process_copy_out ()
+ properly recreate the directory as hidden (in case the
+ files of a directory go into the archive before the
+ directory itself (e.g from "find ... -depth ... | cpio")). */
+- file_hdr.c_name = add_cdf_double_slashes (input_name.ds_string);
+- file_hdr.c_namesize = strlen (file_hdr.c_name) + 1;
++ cpio_set_c_name (&file_hdr,
++ add_cdf_double_slashes (input_name.ds_string));
+ }
+ else
+ {
+ /* We don't mark CDF's in tar files. We assume the "hidden"
+ directory will always go into the archive before any of
+ its files. */
+- file_hdr.c_name = input_name.ds_string;
+- file_hdr.c_namesize = strlen (input_name.ds_string) + 1;
++ cpio_set_c_name (&file_hdr, input_name.ds_string);
+ }
+ #endif
+
+@@ -866,8 +864,7 @@ process_copy_out ()
+ file_hdr.c_chksum = 0;
+
+ file_hdr.c_filesize = 0;
+- file_hdr.c_namesize = 11;
+- file_hdr.c_name = CPIO_TRAILER_NAME;
++ cpio_set_c_name (&file_hdr, CPIO_TRAILER_NAME);
+ if (archive_format != arf_tar && archive_format != arf_ustar)
+ write_out_header (&file_hdr, out_file_des);
+ else
+diff --git a/src/cpiohdr.h b/src/cpiohdr.h
+index b29e6fb..f4c63be 100644
+--- a/src/cpiohdr.h
++++ b/src/cpiohdr.h
+@@ -129,5 +129,6 @@ struct cpio_file_stat /* Internal representation of a CPIO header */
+ char *c_tar_linkname;
+ };
+
++void cpio_set_c_name(struct cpio_file_stat *file_hdr, char *name);
+
+ #endif /* cpiohdr.h */
+diff --git a/src/tar.c b/src/tar.c
+index a2ce171..e41f89d 100644
+--- a/src/tar.c
++++ b/src/tar.c
+@@ -282,7 +282,7 @@ read_in_tar_header (struct cpio_file_stat *file_hdr, int in_des)
+ if (null_block ((long *) &tar_rec, TARRECORDSIZE))
+ #endif
+ {
+- file_hdr->c_name = CPIO_TRAILER_NAME;
++ cpio_set_c_name (file_hdr, CPIO_TRAILER_NAME);
+ return;
+ }
+ #if 0
+@@ -316,9 +316,11 @@ read_in_tar_header (struct cpio_file_stat *file_hdr, int in_des)
+ }
+
+ if (archive_format != arf_ustar)
+- file_hdr->c_name = stash_tar_filename (NULL, tar_hdr->name);
++ cpio_set_c_name (file_hdr, stash_tar_filename (NULL, tar_hdr->name));
+ else
+- file_hdr->c_name = stash_tar_filename (tar_hdr->prefix, tar_hdr->name);
++ cpio_set_c_name (file_hdr, stash_tar_filename (tar_hdr->prefix,
++ tar_hdr->name));
++
+ file_hdr->c_nlink = 1;
+ file_hdr->c_mode = FROM_OCTAL (tar_hdr->mode);
+ file_hdr->c_mode = file_hdr->c_mode & 07777;
+@@ -398,7 +400,7 @@ read_in_tar_header (struct cpio_file_stat *file_hdr, int in_des)
+ case AREGTYPE:
+ /* Old tar format; if the last char in filename is '/' then it is
+ a directory, otherwise it's a regular file. */
+- if (file_hdr->c_name[strlen (file_hdr->c_name) - 1] == '/')
++ if (file_hdr->c_name[file_hdr->c_namesize - 1] == '/')
+ file_hdr->c_mode |= CP_IFDIR;
+ else
+ file_hdr->c_mode |= CP_IFREG;
+diff --git a/src/util.c b/src/util.c
+index 6ff6032..4f3c073 100644
+--- a/src/util.c
++++ b/src/util.c
+@@ -1410,8 +1410,34 @@ set_file_times (int fd,
+ utime_error (name);
+ }
+
++
++void
++cpio_set_c_name (struct cpio_file_stat *file_hdr, char *name)
++{
++ static size_t buflen = 0;
++ size_t len = strlen (name) + 1;
++
++ if (buflen == 0)
++ {
++ buflen = len;
++ if (buflen < 32)
++ buflen = 32;
++ file_hdr->c_name = xmalloc (buflen);
++ }
++ else if (buflen < len)
++ {
++ buflen = len;
++ file_hdr->c_name = xrealloc (file_hdr->c_name, buflen);
++ }
++
++ file_hdr->c_namesize = len;
++ memmove (file_hdr->c_name, name, len);
++}
++
+ /* Do we have to ignore absolute paths, and if so, does the filename
+- have an absolute path? */
++ have an absolute path? Before calling this function make sure that the
++ allocated NAME buffer has capacity at least 2 bytes. */
++
+ void
+ cpio_safer_name_suffix (char *name, bool link_target, bool absolute_names,
+ bool strip_leading_dots)
+@@ -1426,6 +1452,10 @@ cpio_safer_name_suffix (char *name, bool link_target, bool absolute_names,
+ ++p;
+ }
+ if (p != name)
++ /* The 'p' string is shortened version of 'name' with one exception; when
++ the 'name' points to an empty string (buffer where name[0] == '\0') the
++ 'p' then points to static string ".". So caller needs to ensure there
++ are at least two bytes available in 'name' buffer so memmove succeeds. */
+ memmove (name, p, (size_t)(strlen (p) + 1));
+ }
+
+diff --git a/tests/inout.at b/tests/inout.at
+index 60c3716..730cbd2 100644
+--- a/tests/inout.at
++++ b/tests/inout.at
+@@ -35,7 +35,22 @@ while read NAME LENGTH
+ do
+ genfile --length $LENGTH > $NAME
+ echo $NAME
+-done < filelist |
+- cpio --quiet -o > archive])
++done < filelist > filelist_raw
++
++for format in bin odc newc crc tar ustar hpbin hpodc
++do
++ cpio --format=$format --quiet -o < filelist_raw > archive.$format
++ rm -rf output
++ mkdir output && cd output
++ cpio -i --quiet < ../archive.$format
++
++ while read file
++ do
++ test -f $file || echo "$file not found"
++ done < ../filelist_raw
++
++ cd ..
++done
++])
+
+ AT_CLEANUP
+--
+1.9.1
+
diff --git a/poky/meta/recipes-extended/cpio/cpio_2.12.bb b/poky/meta/recipes-extended/cpio/cpio_2.12.bb
index 405a90e03..69d36983e 100644
--- a/poky/meta/recipes-extended/cpio/cpio_2.12.bb
+++ b/poky/meta/recipes-extended/cpio/cpio_2.12.bb
@@ -1,12 +1,47 @@
-require cpio_v2.inc
-
+SUMMARY = "GNU cpio is a program to manage archives of files"
+DESCRIPTION = "GNU cpio is a tool for creating and extracting archives, or copying files from one place to \
+another. It handles a number of cpio formats as well as reading and writing tar files."
+HOMEPAGE = "http://www.gnu.org/software/cpio/"
+SECTION = "base"
LICENSE = "GPLv3"
LIC_FILES_CHKSUM = "file://COPYING;md5=f27defe1e96c2e1ecd4e0c9be8967949"
SRC_URI = "${GNU_MIRROR}/cpio/cpio-${PV}.tar.gz \
file://0001-Unset-need_charset_alias-when-building-for-musl.patch \
file://0001-Fix-CVE-2015-1197.patch \
+ file://0001-CVE-2016-2037-1-byte-out-of-bounds-write.patch \
"
SRC_URI[md5sum] = "fc207561a86b63862eea4b8300313e86"
SRC_URI[sha256sum] = "08a35e92deb3c85d269a0059a27d4140a9667a6369459299d08c17f713a92e73"
+
+inherit autotools gettext texinfo
+
+EXTRA_OECONF += "DEFAULT_RMT_DIR=${base_sbindir}"
+
+do_install () {
+ autotools_do_install
+ if [ "${base_bindir}" != "${bindir}" ]; then
+ install -d ${D}${base_bindir}/
+ mv "${D}${bindir}/cpio" "${D}${base_bindir}/cpio"
+ rmdir ${D}${bindir}/
+ fi
+}
+
+PACKAGES =+ "${PN}-rmt"
+
+FILES_${PN}-rmt = "${base_sbindir}/rmt*"
+
+inherit update-alternatives
+
+ALTERNATIVE_PRIORITY = "100"
+
+ALTERNATIVE_${PN} = "cpio"
+ALTERNATIVE_${PN}-rmt = "rmt"
+
+ALTERNATIVE_LINK_NAME[cpio] = "${base_bindir}/cpio"
+
+ALTERNATIVE_PRIORITY[rmt] = "50"
+ALTERNATIVE_LINK_NAME[rmt] = "${base_sbindir}/rmt"
+
+BBCLASSEXTEND = "native"
diff --git a/poky/meta/recipes-extended/cpio/cpio_v2.inc b/poky/meta/recipes-extended/cpio/cpio_v2.inc
deleted file mode 100644
index 31adb717d..000000000
--- a/poky/meta/recipes-extended/cpio/cpio_v2.inc
+++ /dev/null
@@ -1,43 +0,0 @@
-SUMMARY = "GNU cpio is a program to manage archives of files"
-DESCRIPTION = "GNU cpio is a tool for creating and extracting archives, or copying files from one place to \
-another. It handles a number of cpio formats as well as reading and writing tar files."
-HOMEPAGE = "http://www.gnu.org/software/cpio/"
-SECTION = "base"
-
-DEPENDS = "texinfo-native"
-
-SRC_URI = "${GNU_MIRROR}/cpio/cpio-${PV}.tar.gz \
- "
-
-inherit autotools gettext texinfo
-
-S = "${WORKDIR}/cpio-${PV}"
-
-EXTRA_OECONF += "DEFAULT_RMT_DIR=${base_sbindir}"
-
-do_install () {
- autotools_do_install
- if [ "${base_bindir}" != "${bindir}" ]; then
- install -d ${D}${base_bindir}/
- mv "${D}${bindir}/cpio" "${D}${base_bindir}/cpio"
- rmdir ${D}${bindir}/
- fi
-}
-
-PACKAGES =+ "${PN}-rmt"
-
-FILES_${PN}-rmt = "${base_sbindir}/rmt*"
-
-inherit update-alternatives
-
-ALTERNATIVE_PRIORITY = "100"
-
-ALTERNATIVE_${PN} = "cpio"
-ALTERNATIVE_${PN}-rmt = "rmt"
-
-ALTERNATIVE_LINK_NAME[cpio] = "${base_bindir}/cpio"
-
-ALTERNATIVE_PRIORITY[rmt] = "50"
-ALTERNATIVE_LINK_NAME[rmt] = "${base_sbindir}/rmt"
-
-BBCLASSEXTEND = "native"
diff --git a/poky/meta/recipes-extended/gawk/gawk_4.2.0.bb b/poky/meta/recipes-extended/gawk/gawk_4.2.1.bb
index 27f79a2be..966375239 100644
--- a/poky/meta/recipes-extended/gawk/gawk_4.2.0.bb
+++ b/poky/meta/recipes-extended/gawk/gawk_4.2.1.bb
@@ -19,8 +19,8 @@ SRC_URI = "${GNU_MIRROR}/gawk/gawk-${PV}.tar.gz \
file://run-ptest \
"
-SRC_URI[md5sum] = "0b598c31bc703d66082bd958d4189980"
-SRC_URI[sha256sum] = "c88046c6e8396ee548bcb941e16def809b7b55b60a1044b5dd254094f347c7d9"
+SRC_URI[md5sum] = "0256724a0af50cb83ac92f833488673d"
+SRC_URI[sha256sum] = "2b23d51503b2df9a41aa6fddc6002ad7ebf2a386ac19dc1b6be0dd48b0acf6db"
inherit autotools gettext texinfo update-alternatives
@@ -43,6 +43,8 @@ do_install_ptest() {
for i in `grep -vE "@|^$|#|Gt-dummy" ${S}/test/Maketests |awk -F: '{print $1}'` Maketests inclib.awk; \
do cp ${S}/test/$i* ${D}${PTEST_PATH}/test; \
done
+ sed -i -e 's|/usr/local/bin|${bindir}|g' \
+ -e 's|#!${base_bindir}/awk|#!${bindir}/awk|g' ${D}${PTEST_PATH}/test/*.awk
}
BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-extended/ltp/ltp_20180118.bb b/poky/meta/recipes-extended/ltp/ltp_20180118.bb
index 14fb41b3b..8754fcd9f 100644
--- a/poky/meta/recipes-extended/ltp/ltp_20180118.bb
+++ b/poky/meta/recipes-extended/ltp/ltp_20180118.bb
@@ -58,7 +58,7 @@ export exec_prefix = "/opt/ltp"
PACKAGECONFIG[numa] = "--with-numa, --without-numa, numactl,"
EXTRA_AUTORECONF += "-I ${S}/testcases/realtime/m4"
-EXTRA_OECONF = " --with-power-management-testsuite --with-realtime-testsuite "
+EXTRA_OECONF = " --with-power-management-testsuite --with-realtime-testsuite --with-open-posix-testsuite "
# ltp network/rpc test cases ftbfs when libtirpc is found
EXTRA_OECONF += " --without-tirpc "
diff --git a/poky/meta/recipes-extended/minicom/minicom_2.7.1.bb b/poky/meta/recipes-extended/minicom/minicom_2.7.1.bb
index e6afe2b65..be0b48dfd 100644
--- a/poky/meta/recipes-extended/minicom/minicom_2.7.1.bb
+++ b/poky/meta/recipes-extended/minicom/minicom_2.7.1.bb
@@ -7,7 +7,7 @@ LICENSE = "GPLv2+"
LIC_FILES_CHKSUM = "file://COPYING;md5=420477abc567404debca0a2a1cb6b645 \
file://src/minicom.h;beginline=1;endline=12;md5=a58838cb709f0db517f4e42730c49e81"
-SRC_URI = "https://alioth.debian.org/frs/download.php/latestfile/3/${BP}.tar.gz \
+SRC_URI = "${DEBIAN_MIRROR}/main/m/${BPN}/${BPN}_${PV}.orig.tar.gz \
file://allow.to.disable.lockdev.patch \
file://0001-fix-minicom-h-v-return-value-is-not-0.patch \
file://0001-Fix-build-issus-surfaced-due-to-musl.patch \
diff --git a/poky/meta/recipes-extended/shadow/files/CVE-2017-2616.patch b/poky/meta/recipes-extended/shadow/files/CVE-2017-2616.patch
new file mode 100644
index 000000000..ee728f095
--- /dev/null
+++ b/poky/meta/recipes-extended/shadow/files/CVE-2017-2616.patch
@@ -0,0 +1,64 @@
+shadow-4.2.1: Fix CVE-2017-2616
+
+[No upstream tracking] -- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855943
+
+su: properly clear child PID
+
+If su is compiled with PAM support, it is possible for any local user
+to send SIGKILL to other processes with root privileges. There are
+only two conditions. First, the user must be able to perform su with
+a successful login. This does NOT have to be the root user, even using
+su with the same id is enough, e.g. "su $(whoami)". Second, SIGKILL
+can only be sent to processes which were executed after the su process.
+It is not possible to send SIGKILL to processes which were already
+running. I consider this as a security vulnerability, because I was
+able to write a proof of concept which unlocked a screen saver of
+another user this way.
+
+Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/08fd4b69e84364677a10e519ccb25b71710ee686]
+CVE: CVE-2017-2616
+bug: 855943
+Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
+
+diff --git a/src/su.c b/src/su.c
+index 3704217..1efcd61 100644
+--- a/src/su.c
++++ b/src/su.c
+@@ -363,20 +363,35 @@ static void prepare_pam_close_session (void)
+ /* wake child when resumed */
+ kill (pid, SIGCONT);
+ stop = false;
++ } else {
++ pid_child = 0;
+ }
+ } while (!stop);
+ }
+
+- if (0 != caught) {
++ if (0 != caught && 0 != pid_child) {
+ (void) fputs ("\n", stderr);
+ (void) fputs (_("Session terminated, terminating shell..."),
+ stderr);
+ (void) kill (-pid_child, caught);
+
+ (void) signal (SIGALRM, kill_child);
++ (void) signal (SIGCHLD, catch_signals);
+ (void) alarm (2);
+
+- (void) wait (&status);
++ sigemptyset (&ourset);
++ if ((sigaddset (&ourset, SIGALRM) != 0)
++ || (sigprocmask (SIG_BLOCK, &ourset, NULL) != 0)) {
++ fprintf (stderr, _("%s: signal masking malfunction\n"), Prog);
++ kill_child (0);
++ } else {
++ while (0 == waitpid (pid_child, &status, WNOHANG)) {
++ sigsuspend (&ourset);
++ }
++ pid_child = 0;
++ (void) sigprocmask (SIG_UNBLOCK, &ourset, NULL);
++ }
++
+ (void) fputs (_(" ...terminated.\n"), stderr);
+ }
+
diff --git a/poky/meta/recipes-extended/shadow/files/pam.d/chpasswd b/poky/meta/recipes-extended/shadow/files/pam.d/chpasswd
index 9e3efa68b..b769d92ba 100644
--- a/poky/meta/recipes-extended/shadow/files/pam.d/chpasswd
+++ b/poky/meta/recipes-extended/shadow/files/pam.d/chpasswd
@@ -1,4 +1,6 @@
# The PAM configuration file for the Shadow 'chpasswd' service
#
+auth sufficient pam_rootok.so
+account required pam_permit.so
password include common-password
diff --git a/poky/meta/recipes-extended/shadow/files/pam.d/newusers b/poky/meta/recipes-extended/shadow/files/pam.d/newusers
index 4aa3dde48..4c59dfa47 100644
--- a/poky/meta/recipes-extended/shadow/files/pam.d/newusers
+++ b/poky/meta/recipes-extended/shadow/files/pam.d/newusers
@@ -1,4 +1,6 @@
# The PAM configuration file for the Shadow 'newusers' service
#
+auth sufficient pam_rootok.so
+account required pam_permit.so
password include common-password
diff --git a/poky/meta/recipes-extended/shadow/shadow.inc b/poky/meta/recipes-extended/shadow/shadow.inc
index 673207fc9..6efe4a911 100644
--- a/poky/meta/recipes-extended/shadow/shadow.inc
+++ b/poky/meta/recipes-extended/shadow/shadow.inc
@@ -8,7 +8,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=ed80ff1c2b40843cf5768e5229cf16e5 \
DEPENDS = "virtual/crypt"
-SRC_URI = "http://pkg-shadow.alioth.debian.org/releases/${BPN}-${PV}.tar.xz \
+UPSTREAM_CHECK_URI = "https://github.com/shadow-maint/shadow/releases"
+
+SRC_URI = "https://downloads.yoctoproject.org/mirror/sources/${BP}.tar.xz \
file://shadow-4.1.3-dots-in-usernames.patch \
file://usermod-fix-compilation-failure-with-subids-disabled.patch \
file://fix-installation-failure-with-subids-disabled.patch \
@@ -16,6 +18,7 @@ SRC_URI = "http://pkg-shadow.alioth.debian.org/releases/${BPN}-${PV}.tar.xz \
file://check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch \
file://0001-useradd-copy-extended-attributes-of-home.patch \
file://0001-shadow-CVE-2017-12424 \
+ file://CVE-2017-2616.patch \
${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \
"
@@ -127,7 +130,8 @@ do_install_append() {
# Ensure that the image has as a /var/spool/mail dir so shadow can
# put mailboxes there if the user reconfigures shadow to its
# defaults (see sed below).
- install -d ${D}${localstatedir}/spool/mail
+ install -m 0775 -d ${D}${localstatedir}/spool/mail
+ chown root:mail ${D}${localstatedir}/spool/mail
if [ -e ${WORKDIR}/pam.d ]; then
install -d ${D}${sysconfdir}/pam.d/
diff --git a/poky/meta/recipes-extended/sysklogd/sysklogd.inc b/poky/meta/recipes-extended/sysklogd/sysklogd.inc
index 1a537fabf..fc4e67c18 100644
--- a/poky/meta/recipes-extended/sysklogd/sysklogd.inc
+++ b/poky/meta/recipes-extended/sysklogd/sysklogd.inc
@@ -33,7 +33,7 @@ SYSTEMD_AUTO_ENABLE = "enable"
INITSCRIPT_NAME = "syslog"
CONFFILES_${PN} = "${sysconfdir}/syslog.conf"
-RCONFLICTS_${PN}-syslog = "rsyslog busybox-syslog syslog-ng"
+RCONFLICTS_${PN} = "rsyslog busybox-syslog syslog-ng"
CFLAGS += "-DSYSV -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE"
diff --git a/poky/meta/recipes-extended/xinetd/xinetd/xinetd.service b/poky/meta/recipes-extended/xinetd/xinetd/xinetd.service
index d5fdc5bc2..6da92f2bf 100644
--- a/poky/meta/recipes-extended/xinetd/xinetd/xinetd.service
+++ b/poky/meta/recipes-extended/xinetd/xinetd/xinetd.service
@@ -3,11 +3,8 @@ Description=Xinetd A Powerful Replacement For Inetd
After=syslog.target network.target
[Service]
-Type=forking
-PIDFile=/var/run/xinetd.pid
EnvironmentFile=-/etc/sysconfig/xinetd
-ExecStart=@SBINDIR@/xinetd -stayalive -pidfile /var/run/xinetd.pid "$EXTRAOPTIONS"
-ExecReload=@BASE_BINDIR@/kill -HUP $MAINPID
+ExecStart=@SBINDIR@/xinetd -dontfork "$EXTRAOPTIONS"
[Install]
WantedBy=multi-user.target
diff --git a/poky/meta/recipes-kernel/cryptodev/cryptodev-module_1.9.bb b/poky/meta/recipes-kernel/cryptodev/cryptodev-module_1.9.bb
index ed6d0ecae..6052650c9 100644
--- a/poky/meta/recipes-kernel/cryptodev/cryptodev-module_1.9.bb
+++ b/poky/meta/recipes-kernel/cryptodev/cryptodev-module_1.9.bb
@@ -10,6 +10,7 @@ DEPENDS += "cryptodev-linux"
SRC_URI += " \
file://0001-Disable-installing-header-file-provided-by-another-p.patch \
file://0001-ioctl.c-Fix-build-with-linux-4.13.patch \
+file://0001-ioctl.c-Fix-build-with-linux-4.17.patch \
"
EXTRA_OEMAKE='KERNEL_DIR="${STAGING_KERNEL_DIR}" PREFIX="${D}"'
diff --git a/poky/meta/recipes-kernel/cryptodev/files/0001-ioctl.c-Fix-build-with-linux-4.17.patch b/poky/meta/recipes-kernel/cryptodev/files/0001-ioctl.c-Fix-build-with-linux-4.17.patch
new file mode 100644
index 000000000..5881d1c4e
--- /dev/null
+++ b/poky/meta/recipes-kernel/cryptodev/files/0001-ioctl.c-Fix-build-with-linux-4.17.patch
@@ -0,0 +1,43 @@
+From f60aa08c63fc02780554a0a12180a478ca27d49f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Horia=20Geant=C4=83?= <horia.geanta@nxp.com>
+Date: Wed, 23 May 2018 18:43:39 +0300
+Subject: [PATCH] ioctl.c: Fix build with linux 4.17
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Since kernel 4.17-rc1, sys_* syscalls can no longer be called directly:
+819671ff849b ("syscalls: define and explain goal to not call syscalls in the kernel")
+
+Since cryptodev uses sys_close() - and this has been removed in commit:
+2ca2a09d6215 ("fs: add ksys_close() wrapper; remove in-kernel calls to sys_close()")
+cryptodev has to be updated to use the ksys_close() wrapper.
+
+Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
+
+Upstream-Status: Backport
+
+Signed-off-by: He Zhe <zhe.he@windriver.com>
+---
+ ioctl.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/ioctl.c b/ioctl.c
+index d831b0c..2571034 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -828,7 +828,11 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+ fd = clonefd(filp);
+ ret = put_user(fd, p);
+ if (unlikely(ret)) {
++#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 17, 0))
+ sys_close(fd);
++#else
++ ksys_close(fd);
++#endif
+ return ret;
+ }
+ return ret;
+--
+2.7.4
+
diff --git a/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb b/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb
index 8ccd8cee1..4ccf9b07f 100644
--- a/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb
+++ b/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb
@@ -4,7 +4,7 @@ LIC_FILES_CHKSUM = "file://git/tools/kgit;beginline=5;endline=9;md5=a6c2fa8aef1b
DEPENDS = "git-native"
-SRCREV = "b46b1c4f0973bf1eb09cf1191f5f4e69bcd0475d"
+SRCREV = "8cd13500a27c0a6a911cc83c0349dec01ef66e27"
PR = "r12"
PV = "0.2+git${SRCPV}"
diff --git a/poky/meta/recipes-kernel/kexec/kexec-tools/kdump.service b/poky/meta/recipes-kernel/kexec/kexec-tools/kdump.service
index 4e65a46ac..013c5a62b 100644
--- a/poky/meta/recipes-kernel/kexec/kexec-tools/kdump.service
+++ b/poky/meta/recipes-kernel/kexec/kexec-tools/kdump.service
@@ -1,6 +1,7 @@
[Unit]
Description=Reboot and dump vmcore via kexec
DefaultDependencies=no
+After=basic.target
[Service]
Type=oneshot
diff --git a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_git.bb b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_git.bb
index 8d6f2f2db..cf7abb0f9 100644
--- a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_git.bb
+++ b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_git.bb
@@ -14,6 +14,7 @@ LICENSE = "\
& Firmware-cavium \
& Firmware-chelsio_firmware \
& Firmware-cw1200 \
+ & Firmware-cypress \
& Firmware-dib0700 \
& Firmware-e100 \
& Firmware-ene_firmware \
@@ -66,7 +67,7 @@ LIC_FILES_CHKSUM = "\
file://LICENCE.adsp_sst;md5=615c45b91a5a4a9fe046d6ab9a2df728 \
file://LICENCE.agere;md5=af0133de6b4a9b2522defd5f188afd31 \
file://LICENSE.amdgpu;md5=0aa3c2f3e736af320a08a3aeeccecf29 \
- file://LICENSE.amd-ucode;md5=3a0de451253cc1edbf30a3c621effee3 \
+ file://LICENSE.amd-ucode;md5=3c5399dc9148d7f0e1f41e34b69cf14f \
file://LICENCE.atheros_firmware;md5=30a14c7823beedac9fa39c64fdd01a13 \
file://LICENSE.atmel;md5=aa74ac0c60595dee4d4e239107ea77a3 \
file://LICENCE.broadcom_bcm43xx;md5=3160c14df7228891b868060e1951dfbc \
@@ -74,6 +75,7 @@ LIC_FILES_CHKSUM = "\
file://LICENCE.cavium;md5=c37aaffb1ebe5939b2580d073a95daea \
file://LICENCE.chelsio_firmware;md5=819aa8c3fa453f1b258ed8d168a9d903 \
file://LICENCE.cw1200;md5=f0f770864e7a8444a5c5aa9d12a3a7ed \
+ file://LICENCE.cypress;md5=48cd9436c763bf873961f9ed7b5c147b \
file://LICENSE.dib0700;md5=f7411825c8a555a1a3e5eab9ca773431 \
file://LICENCE.e100;md5=ec0f84136766df159a3ae6d02acdf5a8 \
file://LICENCE.ene_firmware;md5=ed67f0f62f8f798130c296720b7d3921 \
@@ -118,7 +120,7 @@ LIC_FILES_CHKSUM = "\
file://LICENCE.xc4000;md5=0ff51d2dc49fce04814c9155081092f0 \
file://LICENCE.xc5000;md5=1e170c13175323c32c7f4d0998d53f66 \
file://LICENCE.xc5000c;md5=12b02efa3049db65d524aeb418dd87ca \
- file://WHENCE;md5=6f46986f4e913ef16b765c2319cc5141 \
+ file://WHENCE;md5=eaaf310bac02fee05ea1b334f58c5caf \
"
# These are not common licenses, set NO_GENERIC_LICENSE for them
@@ -135,6 +137,7 @@ NO_GENERIC_LICENSE[Firmware-ca0132] = "LICENCE.ca0132"
NO_GENERIC_LICENSE[Firmware-cavium] = "LICENCE.cavium"
NO_GENERIC_LICENSE[Firmware-chelsio_firmware] = "LICENCE.chelsio_firmware"
NO_GENERIC_LICENSE[Firmware-cw1200] = "LICENCE.cw1200"
+NO_GENERIC_LICENSE[Firmware-cypress] = "LICENCE.cypress"
NO_GENERIC_LICENSE[Firmware-dib0700] = "LICENSE.dib0700"
NO_GENERIC_LICENSE[Firmware-e100] = "LICENCE.e100"
NO_GENERIC_LICENSE[Firmware-ene_firmware] = "LICENCE.ene_firmware"
@@ -181,7 +184,7 @@ NO_GENERIC_LICENSE[Firmware-xc5000] = "LICENCE.xc5000"
NO_GENERIC_LICENSE[Firmware-xc5000c] = "LICENCE.xc5000c"
NO_GENERIC_LICENSE[WHENCE] = "WHENCE"
-SRCREV = "8fc2d4e55685bf73b6f7752383da9067404a74bb"
+SRCREV = "d1147327232ec4616a66ab898df84f9700c816c1"
PE = "1"
PV = "0.0+git${SRCPV}"
@@ -232,9 +235,41 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \
${PN}-ti-connectivity-license ${PN}-wl12xx ${PN}-wl18xx \
${PN}-vt6656-license ${PN}-vt6656 \
${PN}-rtl-license ${PN}-rtl8188 ${PN}-rtl8192cu ${PN}-rtl8192ce ${PN}-rtl8192su ${PN}-rtl8723 ${PN}-rtl8821 \
+ ${PN}-rtl8168 \
+ ${PN}-cypress-license \
${PN}-broadcom-license \
- ${PN}-bcm4329 ${PN}-bcm4330 ${PN}-bcm4334 ${PN}-bcm43340 \
- ${PN}-bcm43362 ${PN}-bcm4339 ${PN}-bcm43430 ${PN}-bcm4354 \
+ ${PN}-bcm-0bb4-0306 \
+ ${PN}-bcm43143 \
+ ${PN}-bcm43236b \
+ ${PN}-bcm43241b0 \
+ ${PN}-bcm43241b4 \
+ ${PN}-bcm43241b5 \
+ ${PN}-bcm43242a \
+ ${PN}-bcm4329 \
+ ${PN}-bcm4329-fullmac \
+ ${PN}-bcm4330 \
+ ${PN}-bcm4334 \
+ ${PN}-bcm43340 \
+ ${PN}-bcm4335 \
+ ${PN}-bcm43362 \
+ ${PN}-bcm4339 \
+ ${PN}-bcm43430 \
+ ${PN}-bcm43430a0 \
+ ${PN}-bcm43455 \
+ ${PN}-bcm4350 \
+ ${PN}-bcm4350c2 \
+ ${PN}-bcm4354 \
+ ${PN}-bcm4356 \
+ ${PN}-bcm4356-pcie \
+ ${PN}-bcm43569 \
+ ${PN}-bcm43570 \
+ ${PN}-bcm4358 \
+ ${PN}-bcm43602 \
+ ${PN}-bcm4366b \
+ ${PN}-bcm4371 \
+ ${PN}-bcm4373 \
+ ${PN}-bcm43xx \
+ ${PN}-bcm43xx-hdr \
${PN}-atheros-license ${PN}-ar9170 ${PN}-ath6k ${PN}-ath9k \
${PN}-gplv2-license ${PN}-carl9170 \
${PN}-ar3k-license ${PN}-ar3k ${PN}-ath10k-license ${PN}-ath10k ${PN}-qca \
@@ -440,6 +475,7 @@ LICENSE_${PN}-rtl8192su = "Firmware-rtlwifi_firmware"
LICENSE_${PN}-rtl8723 = "Firmware-rtlwifi_firmware"
LICENSE_${PN}-rtl8821 = "Firmware-rtlwifi_firmware"
LICENSE_${PN}-rtl-license = "Firmware-rtlwifi_firmware"
+LICENSE_${PN}-rtl8168 = "WHENCE"
FILES_${PN}-rtl-license = " \
${nonarch_base_libdir}/firmware/LICENCE.rtlwifi_firmware.txt \
@@ -462,6 +498,9 @@ FILES_${PN}-rtl8723 = " \
FILES_${PN}-rtl8821 = " \
${nonarch_base_libdir}/firmware/rtlwifi/rtl8821*.bin \
"
+FILES_${PN}-rtl8168 = " \
+ ${nonarch_base_libdir}/firmware/rtl_nic/rtl8168*.fw \
+"
RDEPENDS_${PN}-rtl8188 += "${PN}-rtl-license"
RDEPENDS_${PN}-rtl8192ce += "${PN}-rtl-license"
@@ -469,6 +508,7 @@ RDEPENDS_${PN}-rtl8192cu += "${PN}-rtl-license"
RDEPENDS_${PN}-rtl8192su = "${PN}-rtl-license"
RDEPENDS_${PN}-rtl8723 += "${PN}-rtl-license"
RDEPENDS_${PN}-rtl8821 += "${PN}-rtl-license"
+RDEPENDS_${PN}-rtl8168 += "${PN}-whence-license"
# For ti-connectivity
LICENSE_${PN}-wl12xx = "Firmware-ti-connectivity"
@@ -503,52 +543,126 @@ RDEPENDS_${PN}-vt6656 = "${PN}-vt6656-license"
# For broadcom
-LICENSE_${PN}-bcm4329 = "Firmware-broadcom_bcm43xx"
-LICENSE_${PN}-bcm4330 = "Firmware-broadcom_bcm43xx"
-LICENSE_${PN}-bcm4334 = "Firmware-broadcom_bcm43xx"
-LICENSE_${PN}-bcm43340 = "Firmware-broadcom_bcm43xx"
-LICENSE_${PN}-bcm43362 = "Firmware-broadcom_bcm43xx"
-LICENSE_${PN}-bcm4339 = "Firmware-broadcom_bcm43xx"
-LICENSE_${PN}-bcm43430 = "Firmware-broadcom_bcm43xx"
-LICENSE_${PN}-bcm4354 = "Firmware-broadcom_bcm43xx"
-LICENSE_${PN}-broadcom-license = "Firmware-broadcom_bcm43xx"
-
-FILES_${PN}-broadcom-license = " \
- ${nonarch_base_libdir}/firmware/LICENCE.broadcom_bcm43xx \
-"
-FILES_${PN}-bcm4329 = " \
- ${nonarch_base_libdir}/firmware/brcm/brcmfmac4329-sdio.bin \
-"
-FILES_${PN}-bcm4330 = " \
- ${nonarch_base_libdir}/firmware/brcm/brcmfmac4330-sdio.bin \
-"
-FILES_${PN}-bcm4334 = " \
- ${nonarch_base_libdir}/firmware/brcm/brcmfmac4334-sdio.bin \
-"
-FILES_${PN}-bcm43340 = " \
- ${nonarch_base_libdir}/firmware/brcm/brcmfmac43340-sdio.bin \
-"
-FILES_${PN}-bcm43362 = " \
- ${nonarch_base_libdir}/firmware/brcm/brcmfmac43362-sdio.bin \
-"
-FILES_${PN}-bcm4339 = " \
- ${nonarch_base_libdir}/firmware/brcm/brcmfmac4339-sdio.bin \
-"
-FILES_${PN}-bcm43430 = " \
- ${nonarch_base_libdir}/firmware/brcm/brcmfmac43430-sdio.bin \
-"
-FILES_${PN}-bcm4354 = " \
- ${nonarch_base_libdir}/firmware/brcm/brcmfmac4354-sdio.bin \
-"
+# for i in `grep brcm WHENCE | grep ^File | sed 's/File: brcm.//g'`; do pkg=`echo $i | sed 's/-[sp40].*//g; s/\.bin//g; s/brcmfmac/bcm/g; s/_hdr/-hdr/g; s/BCM/bcm-0bb4-0306/g'`; echo -e " \${PN}-$pkg \\"; done | sort -u
+LICENSE_${PN}-broadcom-license = "Firmware-broadcom_bcm43xx"
+FILES_${PN}-broadcom-license = "${nonarch_base_libdir}/firmware/LICENCE.broadcom_bcm43xx"
+
+# for i in `grep brcm WHENCE | grep ^File | sed 's/File: brcm.//g'`; do pkg=`echo $i | sed 's/-[sp40].*//g; s/\.bin//g; s/brcmfmac/bcm/g; s/_hdr/-hdr/g; s/BCM/bcm-0bb4-0306/g'`; echo "$i - $pkg"; echo -e "FILES_\${PN}-$pkg = \"\${nonarch_base_libdir}/firmware/brcm/$i\""; done | grep ^FILES
+
+FILES_${PN}-bcm43xx = "${nonarch_base_libdir}/firmware/brcm/bcm43xx-0.fw"
+FILES_${PN}-bcm43xx-hdr = "${nonarch_base_libdir}/firmware/brcm/bcm43xx_hdr-0.fw"
+FILES_${PN}-bcm4329-fullmac = "${nonarch_base_libdir}/firmware/brcm/bcm4329-fullmac-4.bin"
+FILES_${PN}-bcm43236b = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43236b.bin"
+FILES_${PN}-bcm4329 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4329-sdio.bin"
+FILES_${PN}-bcm4330 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4330-sdio.bin"
+FILES_${PN}-bcm4334 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4334-sdio.bin"
+FILES_${PN}-bcm4335 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4335-sdio.bin"
+FILES_${PN}-bcm4339 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4339-sdio.bin"
+FILES_${PN}-bcm43241b0 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43241b0-sdio.bin"
+FILES_${PN}-bcm43241b4 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43241b4-sdio.bin"
+FILES_${PN}-bcm43241b5 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43241b5-sdio.bin"
+FILES_${PN}-bcm43242a = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43242a.bin"
+FILES_${PN}-bcm43143 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43143.bin \
+ ${nonarch_base_libdir}/firmware/brcm/brcmfmac43143-sdio.bin \
+"
+FILES_${PN}-bcm43430a0 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43430a0-sdio.bin"
+FILES_${PN}-bcm43455 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43455-sdio.bin"
+FILES_${PN}-bcm4350c2 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4350c2-pcie.bin"
+FILES_${PN}-bcm4350 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4350-pcie.bin"
+FILES_${PN}-bcm4356 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4356-sdio.bin"
+FILES_${PN}-bcm43569 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43569.bin"
+FILES_${PN}-bcm43570 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43570-pcie.bin"
+FILES_${PN}-bcm4358 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4358-pcie.bin"
+FILES_${PN}-bcm43602 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43602-pcie.bin \
+ ${nonarch_base_libdir}/firmware/brcm/brcmfmac43602-pcie.ap.bin \
+"
+FILES_${PN}-bcm4366b = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4366b-pcie.bin"
+FILES_${PN}-bcm4371 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4371-pcie.bin"
+
+# for i in `grep brcm WHENCE | grep ^File | sed 's/File: brcm.//g'`; do pkg=`echo $i | sed 's/-[sp40].*//g; s/\.bin//g; s/brcmfmac/bcm/g; s/_hdr/-hdr/g; s/BCM/bcm-0bb4-0306/g'`; echo -e "LICENSE_\${PN}-$pkg = \"Firmware-broadcom_bcm43xx\"\nRDEPENDS_\${PN}-$pkg += \"\${PN}-broadcom-license\""; done
+# Currently 1st one and last 6 have cypress LICENSE
+
+LICENSE_${PN}-bcm43xx = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm43xx += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm43xx-hdr = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm43xx-hdr += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm4329-fullmac = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm4329-fullmac += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm43236b = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm43236b += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm4329 = "Firmware-broadcom_bcm43xx"
RDEPENDS_${PN}-bcm4329 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm4330 = "Firmware-broadcom_bcm43xx"
RDEPENDS_${PN}-bcm4330 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm4334 = "Firmware-broadcom_bcm43xx"
RDEPENDS_${PN}-bcm4334 += "${PN}-broadcom-license"
-RDEPENDS_${PN}-bcm43340 += "${PN}-broadcom-license"
-RDEPENDS_${PN}-bcm43362 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm4335 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm4335 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm4339 = "Firmware-broadcom_bcm43xx"
RDEPENDS_${PN}-bcm4339 += "${PN}-broadcom-license"
-RDEPENDS_${PN}-bcm43430 += "${PN}-broadcom-license"
-RDEPENDS_${PN}-bcm4354 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm43241b0 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm43241b0 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm43241b4 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm43241b4 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm43241b5 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm43241b5 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm43242a = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm43242a += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm43143 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm43143 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm43430a0 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm43430a0 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm43455 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm43455 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm4350c2 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm4350c2 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm4350 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm4350 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm4356 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm4356 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm43569 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm43569 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm43570 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm43570 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm4358 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm4358 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm43602 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm43602 += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm4366b = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm4366b += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm4371 = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm4371 += "${PN}-broadcom-license"
+
+# For broadcom cypress
+
+LICENSE_${PN}-cypress-license = "Firmware-cypress"
+FILES_${PN}-cypress-license = "${nonarch_base_libdir}/firmware/LICENCE.cypress"
+
+FILES_${PN}-bcm-0bb4-0306 = "${nonarch_base_libdir}/firmware/brcm/BCM-0bb4-0306.hcd"
+FILES_${PN}-bcm43340 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43340-sdio.bin"
+FILES_${PN}-bcm43362 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43362-sdio.bin"
+FILES_${PN}-bcm43430 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43430-sdio.bin"
+FILES_${PN}-bcm4354 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4354-sdio.bin"
+FILES_${PN}-bcm4356-pcie = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4356-pcie.bin"
+FILES_${PN}-bcm4373 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4373-sdio.bin \
+ ${nonarch_base_libdir}/firmware/brcm/brcmfmac4373.bin \
+"
+
+LICENSE_${PN}-bcm-0bb4-0306 = "Firmware-cypress"
+RDEPENDS_${PN}-bcm-0bb4-0306 += "${PN}-cypress-license"
+LICENSE_${PN}-bcm43340 = "Firmware-cypress"
+RDEPENDS_${PN}-bcm43340 += "${PN}-cypress-license"
+LICENSE_${PN}-bcm43362 = "Firmware-cypress"
+RDEPENDS_${PN}-bcm43362 += "${PN}-cypress-license"
+LICENSE_${PN}-bcm43430 = "Firmware-cypress"
+RDEPENDS_${PN}-bcm43430 += "${PN}-cypress-license"
+LICENSE_${PN}-bcm4354 = "Firmware-cypress"
+RDEPENDS_${PN}-bcm4354 += "${PN}-cypress-license"
+LICENSE_${PN}-bcm4356-pcie = "Firmware-cypress"
+RDEPENDS_${PN}-bcm4356-pcie += "${PN}-cypress-license"
+LICENSE_${PN}-bcm4373 = "Firmware-cypress"
+RDEPENDS_${PN}-bcm4373 += "${PN}-cypress-license"
# For Broadcom bnx2-mips
#
diff --git a/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers.inc b/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers.inc
index 9903c06c2..b5cf96dd4 100644
--- a/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers.inc
+++ b/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers.inc
@@ -77,6 +77,10 @@ do_install_append_arm () {
do_install_armmultilib
}
+do_install_append_armeb () {
+ do_install_armmultilib
+}
+
do_install_armmultilib () {
oe_multilib_header asm/auxvec.h asm/bitsperlong.h asm/byteorder.h asm/fcntl.h asm/hwcap.h asm/ioctls.h asm/kvm.h asm/kvm_para.h asm/mman.h asm/param.h asm/perf_regs.h asm/bpf_perf_event.h
oe_multilib_header asm/posix_types.h asm/ptrace.h asm/setup.h asm/sigcontext.h asm/siginfo.h asm/signal.h asm/stat.h asm/statfs.h asm/swab.h asm/types.h asm/unistd.h
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_4.12.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_4.12.bb
index 5edc0fa40..cf6a733ce 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_4.12.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_4.12.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "705d03507a0c10dcbf9cad3ff70f5d60b70f2d99"
-SRCREV_meta ?= "46171de19220c49d670544017cfbeffc1ec70e80"
+SRCREV_machine ?= "7ba09f891939cbf2c58801a7a4a740365896d6ba"
+SRCREV_meta ?= "367bd3633d5a661035f90f0b8daa38e97da1a587"
SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.12.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.12;destsuffix=${KMETA}"
-LINUX_VERSION ?= "4.12.24"
+LINUX_VERSION ?= "4.12.26"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_4.14.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_4.14.bb
index 81306a984..00671182d 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_4.14.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_4.14.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "7272e9132fdaaf0dd78bc94e9f297aaf73452982"
-SRCREV_meta ?= "ea9330894eea727bd1655569b16f338976b72563"
+SRCREV_machine ?= "aeeb2d73f2a828a9c0b121b2aa3bb345009f5698"
+SRCREV_meta ?= "94457657b8d621868672917d1c2631df4a4fadd8"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.14;destsuffix=${KMETA}"
-LINUX_VERSION ?= "4.14.30"
+LINUX_VERSION ?= "4.14.48"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_4.15.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_4.15.bb
index c5d3ee03f..d166a4098 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_4.15.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_4.15.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "91084d030bc841c483c31e8664289c7940aa5506"
-SRCREV_meta ?= "939d935b0c992c6f1e51a7a1c9e4fbe6ef3c3174"
+SRCREV_machine ?= "e25dbfe95302eeaa1a03a828d05c09479574488a"
+SRCREV_meta ?= "45c256a5ca6f9478bce212fec19e2bc273472631"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.15;destsuffix=${KMETA}"
-LINUX_VERSION ?= "4.15.13"
+LINUX_VERSION ?= "4.15.18"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_4.12.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_4.12.bb
index 31307a638..9d5e1582b 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_4.12.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_4.12.bb
@@ -4,13 +4,13 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "4.12.24"
+LINUX_VERSION ?= "4.12.26"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "f9d67777b07ac97966186c1b56db78afe2a16f92"
-SRCREV_meta ?= "46171de19220c49d670544017cfbeffc1ec70e80"
+SRCREV_machine ?= "bd8f931e213614bc5fdc6aeaa132d273caa002af"
+SRCREV_meta ?= "367bd3633d5a661035f90f0b8daa38e97da1a587"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_4.14.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_4.14.bb
index 34bee0949..58945f25d 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_4.14.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_4.14.bb
@@ -4,7 +4,7 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "4.14.30"
+LINUX_VERSION ?= "4.14.48"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
@@ -12,8 +12,8 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "ad31896630f8bf6a459164263adc0a8faf984d9e"
-SRCREV_meta ?= "ea9330894eea727bd1655569b16f338976b72563"
+SRCREV_machine ?= "9e246607d5c23f8bb3b8800734b1707766e0b2b9"
+SRCREV_meta ?= "94457657b8d621868672917d1c2631df4a4fadd8"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_4.15.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_4.15.bb
index 05b9ca38b..5f9b3c7fb 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_4.15.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_4.15.bb
@@ -4,13 +4,13 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "4.15.13"
+LINUX_VERSION ?= "4.15.18"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "91084d030bc841c483c31e8664289c7940aa5506"
-SRCREV_meta ?= "939d935b0c992c6f1e51a7a1c9e4fbe6ef3c3174"
+SRCREV_machine ?= "e25dbfe95302eeaa1a03a828d05c09479574488a"
+SRCREV_meta ?= "45c256a5ca6f9478bce212fec19e2bc273472631"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_4.12.bb b/poky/meta/recipes-kernel/linux/linux-yocto_4.12.bb
index 8d560127f..ac98ca85f 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto_4.12.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto_4.12.bb
@@ -11,22 +11,22 @@ KBRANCH_qemux86 ?= "standard/base"
KBRANCH_qemux86-64 ?= "standard/base"
KBRANCH_qemumips64 ?= "standard/mti-malta64"
-SRCREV_machine_qemuarm ?= "45824c60ca37f414a5ac5783e970338db9a5a2af"
-SRCREV_machine_qemuarm64 ?= "f9d67777b07ac97966186c1b56db78afe2a16f92"
-SRCREV_machine_qemumips ?= "66f741b0b3d093e6b6df0f44120913ef3a259e23"
-SRCREV_machine_qemuppc ?= "f9d67777b07ac97966186c1b56db78afe2a16f92"
-SRCREV_machine_qemux86 ?= "f9d67777b07ac97966186c1b56db78afe2a16f92"
-SRCREV_machine_qemux86-64 ?= "f9d67777b07ac97966186c1b56db78afe2a16f92"
-SRCREV_machine_qemumips64 ?= "c5d838c9e26bd657b49dfe28b115e5bc4b580850"
-SRCREV_machine ?= "f9d67777b07ac97966186c1b56db78afe2a16f92"
-SRCREV_meta ?= "46171de19220c49d670544017cfbeffc1ec70e80"
+SRCREV_machine_qemuarm ?= "86b02dd23be1e3b3449885b38ed1b876ebec31e8"
+SRCREV_machine_qemuarm64 ?= "bd8f931e213614bc5fdc6aeaa132d273caa002af"
+SRCREV_machine_qemumips ?= "67b93101c52504fd5077166c70baa296190e6166"
+SRCREV_machine_qemuppc ?= "bd8f931e213614bc5fdc6aeaa132d273caa002af"
+SRCREV_machine_qemux86 ?= "bd8f931e213614bc5fdc6aeaa132d273caa002af"
+SRCREV_machine_qemux86-64 ?= "bd8f931e213614bc5fdc6aeaa132d273caa002af"
+SRCREV_machine_qemumips64 ?= "38da8c72733da9619bbbddf14140204631faf488"
+SRCREV_machine ?= "bd8f931e213614bc5fdc6aeaa132d273caa002af"
+SRCREV_meta ?= "367bd3633d5a661035f90f0b8daa38e97da1a587"
SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.12.git;name=machine;branch=${KBRANCH}; \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.12;destsuffix=${KMETA}"
DEPENDS += "openssl-native util-linux-native"
-LINUX_VERSION ?= "4.12.24"
+LINUX_VERSION ?= "4.12.26"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_4.14.bb b/poky/meta/recipes-kernel/linux/linux-yocto_4.14.bb
index 16142f8ce..0449213d4 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto_4.14.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto_4.14.bb
@@ -11,20 +11,20 @@ KBRANCH_qemux86 ?= "v4.14/standard/base"
KBRANCH_qemux86-64 ?= "v4.14/standard/base"
KBRANCH_qemumips64 ?= "v4.14/standard/mti-malta64"
-SRCREV_machine_qemuarm ?= "d6268fc3460d3904fd49087f7a822efbaab9bfe8"
-SRCREV_machine_qemuarm64 ?= "c94189843b8ad62cafe9a307e7f7d60741690505"
-SRCREV_machine_qemumips ?= "4afd92347b2b35dc8e0006712f8fa00ac57f2a36"
-SRCREV_machine_qemuppc ?= "e8af5c9b65c5187d148ecd11bd7979489460ca64"
-SRCREV_machine_qemux86 ?= "74f6cd2b6976e37491779fcb1bc4966d3a61492c"
-SRCREV_machine_qemux86-64 ?= "74f6cd2b6976e37491779fcb1bc4966d3a61492c"
-SRCREV_machine_qemumips64 ?= "9863b327e770b42b8c18da3e0cfaf06e8f99ae97"
-SRCREV_machine ?= "74f6cd2b6976e37491779fcb1bc4966d3a61492c"
-SRCREV_meta ?= "ea9330894eea727bd1655569b16f338976b72563"
+SRCREV_machine_qemuarm ?= "363723ef50c06df54e146c8fe78faa962e96a8c8"
+SRCREV_machine_qemuarm64 ?= "798d15552a4d5d9355a300290ed6bf72106b7e96"
+SRCREV_machine_qemumips ?= "6c2433d7c51c3e78b1be2c7d1fbfe840b13d04df"
+SRCREV_machine_qemuppc ?= "c03babad17499489b20216576d608c94e7fddc5d"
+SRCREV_machine_qemux86 ?= "65d1c849534179bbfa494f77947f8be615e9871a"
+SRCREV_machine_qemux86-64 ?= "65d1c849534179bbfa494f77947f8be615e9871a"
+SRCREV_machine_qemumips64 ?= "59f70381cbde371e41206b7902390ae78558c310"
+SRCREV_machine ?= "65d1c849534179bbfa494f77947f8be615e9871a"
+SRCREV_meta ?= "94457657b8d621868672917d1c2631df4a4fadd8"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH}; \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.14;destsuffix=${KMETA}"
-LINUX_VERSION ?= "4.14.30"
+LINUX_VERSION ?= "4.14.48"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_4.15.bb b/poky/meta/recipes-kernel/linux/linux-yocto_4.15.bb
index 70bd7118b..693670c61 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto_4.15.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto_4.15.bb
@@ -11,20 +11,20 @@ KBRANCH_qemux86 ?= "v4.15/standard/base"
KBRANCH_qemux86-64 ?= "v4.15/standard/base"
KBRANCH_qemumips64 ?= "v4.15/standard/mti-malta64"
-SRCREV_machine_qemuarm ?= "4b6902b42f47593928117b2ff0900cd965cf6443"
-SRCREV_machine_qemuarm64 ?= "91084d030bc841c483c31e8664289c7940aa5506"
-SRCREV_machine_qemumips ?= "19ba2d843750ff65d8fe590acdfc99aea6153945"
-SRCREV_machine_qemuppc ?= "91084d030bc841c483c31e8664289c7940aa5506"
-SRCREV_machine_qemux86 ?= "91084d030bc841c483c31e8664289c7940aa5506"
-SRCREV_machine_qemux86-64 ?= "91084d030bc841c483c31e8664289c7940aa5506"
-SRCREV_machine_qemumips64 ?= "97000c3f4664643bac7828bbdc048f7ec216cc31"
-SRCREV_machine ?= "91084d030bc841c483c31e8664289c7940aa5506"
-SRCREV_meta ?= "939d935b0c992c6f1e51a7a1c9e4fbe6ef3c3174"
+SRCREV_machine_qemuarm ?= "d16b10fb69974f1804a02f2678f40d22c80526cf"
+SRCREV_machine_qemuarm64 ?= "e25dbfe95302eeaa1a03a828d05c09479574488a"
+SRCREV_machine_qemumips ?= "182eaefab712f4360126e044c758e75d763d05c4"
+SRCREV_machine_qemuppc ?= "e25dbfe95302eeaa1a03a828d05c09479574488a"
+SRCREV_machine_qemux86 ?= "e25dbfe95302eeaa1a03a828d05c09479574488a"
+SRCREV_machine_qemux86-64 ?= "e25dbfe95302eeaa1a03a828d05c09479574488a"
+SRCREV_machine_qemumips64 ?= "ce3876a091477260fcb1197e3c6565dfbf9c6e80"
+SRCREV_machine ?= "e25dbfe95302eeaa1a03a828d05c09479574488a"
+SRCREV_meta ?= "45c256a5ca6f9478bce212fec19e2bc273472631"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH}; \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.15;destsuffix=${KMETA}"
-LINUX_VERSION ?= "4.15.13"
+LINUX_VERSION ?= "4.15.18"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
diff --git a/poky/meta/recipes-kernel/lttng/lttng-modules_2.10.5.bb b/poky/meta/recipes-kernel/lttng/lttng-modules_2.10.6.bb
index 370b78aae..614696689 100644
--- a/poky/meta/recipes-kernel/lttng/lttng-modules_2.10.5.bb
+++ b/poky/meta/recipes-kernel/lttng/lttng-modules_2.10.6.bb
@@ -16,8 +16,8 @@ SRC_URI = "https://lttng.org/files/${BPN}/${BPN}-${PV}.tar.bz2 \
file://BUILD_RUNTIME_BUG_ON-vs-gcc7.patch \
"
-SRC_URI[md5sum] = "4aaabaafd15d9455c83972e26ccfbca7"
-SRC_URI[sha256sum] = "b8dbbbee45a673c381f51b99c555e36655c3c2c7a5477aab927591cc7f003a1f"
+SRC_URI[md5sum] = "8110099f4615fc89a74ffe9189b56cfc"
+SRC_URI[sha256sum] = "04a080c81743eb29d181bac29ceb0c15819a2f4210793f2cc9958d885435029f"
export INSTALL_MOD_DIR="kernel/lttng-modules"
diff --git a/poky/meta/recipes-kernel/perf/perf.bb b/poky/meta/recipes-kernel/perf/perf.bb
index 51f5597eb..90bbed25c 100644
--- a/poky/meta/recipes-kernel/perf/perf.bb
+++ b/poky/meta/recipes-kernel/perf/perf.bb
@@ -97,6 +97,13 @@ EXTRA_OEMAKE += "\
'infodir=${@os.path.relpath(infodir, prefix)}' \
"
+# During do_configure, we might run a 'make clean'. That often breaks
+# when done in parallel, so disable parallelism for do_configure. Note
+# that it has to be done this way rather than by passing -j1, since
+# perf's build system by default ignores any -j argument, but does
+# honour a JOBS variable.
+EXTRA_OEMAKE_append_task-configure = " JOBS=1"
+
PERF_SRC ?= "Makefile \
include \
tools/arch \
diff --git a/poky/meta/recipes-multimedia/lame/lame_3.100.bb b/poky/meta/recipes-multimedia/lame/lame_3.100.bb
index ff6ac7efb..7f8996fb5 100644
--- a/poky/meta/recipes-multimedia/lame/lame_3.100.bb
+++ b/poky/meta/recipes-multimedia/lame/lame_3.100.bb
@@ -3,14 +3,12 @@ HOMEPAGE = "http://lame.sourceforge.net/"
BUGTRACKER = "http://sourceforge.net/tracker/?group_id=290&atid=100290"
SECTION = "console/utils"
LICENSE = "LGPLv2+"
-LICENSE_FLAGS = "commercial"
-
-DEPENDS = "ncurses gettext-native"
-
LIC_FILES_CHKSUM = "file://COPYING;md5=c46bda00ffbb0ba1dac22f8d087f54d9 \
file://include/lame.h;beginline=1;endline=20;md5=a2258182c593c398d15a48262130a92b \
"
+DEPENDS = "ncurses gettext-native"
+
SRC_URI = "${SOURCEFORGE_MIRROR}/lame/lame-${PV}.tar.gz \
file://no-gtk1.patch \
"
diff --git a/poky/meta/recipes-multimedia/libtiff/files/CVE-2018-10963.patch b/poky/meta/recipes-multimedia/libtiff/files/CVE-2018-10963.patch
new file mode 100644
index 000000000..7252298b5
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libtiff/files/CVE-2018-10963.patch
@@ -0,0 +1,39 @@
+From de144fd228e4be8aa484c3caf3d814b6fa88c6d9 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Sat, 12 May 2018 14:24:15 +0200
+Subject: [PATCH] TIFFWriteDirectorySec: avoid assertion. Fixes
+ http://bugzilla.maptools.org/show_bug.cgi?id=2795.
+ CVE-2018-10963
+
+---
+CVE: CVE-2018-10963
+
+Upstream-Status: Backport [gitlab.com/libtiff/libtiff/commit/de144f...]
+
+Signed-off-by: Joe Slater <joe.slater@windriver.com>
+
+---
+ libtiff/tif_dirwrite.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c
+index 2430de6..c15a28d 100644
+--- a/libtiff/tif_dirwrite.c
++++ b/libtiff/tif_dirwrite.c
+@@ -695,8 +695,11 @@ TIFFWriteDirectorySec(TIFF* tif, int isimage, int imagedone, uint64* pdiroff)
+ }
+ break;
+ default:
+- assert(0); /* we should never get here */
+- break;
++ TIFFErrorExt(tif->tif_clientdata,module,
++ "Cannot write tag %d (%s)",
++ TIFFFieldTag(o),
++ o->field_name ? o->field_name : "unknown");
++ goto bad;
+ }
+ }
+ }
+--
+1.7.9.5
+
diff --git a/poky/meta/recipes-multimedia/libtiff/files/CVE-2018-7456.patch b/poky/meta/recipes-multimedia/libtiff/files/CVE-2018-7456.patch
new file mode 100644
index 000000000..2c11f93d1
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libtiff/files/CVE-2018-7456.patch
@@ -0,0 +1,178 @@
+From be4c85b16e8801a16eec25e80eb9f3dd6a96731b Mon Sep 17 00:00:00 2001
+From: Hugo Lefeuvre <hle@debian.org>
+Date: Sun, 8 Apr 2018 14:07:08 -0400
+Subject: [PATCH] Fix NULL pointer dereference in TIFFPrintDirectory
+
+The TIFFPrintDirectory function relies on the following assumptions,
+supposed to be guaranteed by the specification:
+
+(a) A Transfer Function field is only present if the TIFF file has
+ photometric type < 3.
+
+(b) If SamplesPerPixel > Color Channels, then the ExtraSamples field
+ has count SamplesPerPixel - (Color Channels) and contains
+ information about supplementary channels.
+
+While respect of (a) and (b) are essential for the well functioning of
+TIFFPrintDirectory, no checks are realized neither by the callee nor
+by TIFFPrintDirectory itself. Hence, following scenarios might happen
+and trigger the NULL pointer dereference:
+
+(1) TIFF File of photometric type 4 or more has illegal Transfer
+ Function field.
+
+(2) TIFF File has photometric type 3 or less and defines a
+ SamplesPerPixel field such that SamplesPerPixel > Color Channels
+ without defining all extra samples in the ExtraSamples fields.
+
+In this patch, we address both issues with respect of the following
+principles:
+
+(A) In the case of (1), the defined transfer table should be printed
+ safely even if it isn't 'legal'. This allows us to avoid expensive
+ checks in TIFFPrintDirectory. Also, it is quite possible that
+ an alternative photometric type would be developed (not part of the
+ standard) and would allow definition of Transfer Table. We want
+ libtiff to be able to handle this scenario out of the box.
+
+(B) In the case of (2), the transfer table should be printed at its
+ right size, that is if TIFF file has photometric type Palette
+ then the transfer table should have one row and not three, even
+ if two extra samples are declared.
+
+In order to fulfill (A) we simply add a new 'i < 3' end condition to
+the broken TIFFPrintDirectory loop. This makes sure that in any case
+where (b) would be respected but not (a), everything stays fine.
+
+(B) is fulfilled by the loop condition
+'i < td->td_samplesperpixel - td->td_extrasamples'. This is enough as
+long as (b) is respected.
+
+Naturally, we also make sure (b) is respected. This is done in the
+TIFFReadDirectory function by making sure any non-color channel is
+counted in ExtraSamples.
+
+This commit addresses CVE-2018-7456.
+
+---
+CVE: CVE-2018-7456
+
+Upstream-Status: Backport [gitlab.com/libtiff/libtiff/commit/be4c85b...]
+
+Signed-off-by: Joe Slater <joe.slater@windriver.com>
+
+---
+ libtiff/tif_dirread.c | 62 +++++++++++++++++++++++++++++++++++++++++++++++++
+ libtiff/tif_print.c | 2 +-
+ 2 files changed, 63 insertions(+), 1 deletion(-)
+
+diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
+index 6baa7b3..af5b84a 100644
+--- a/libtiff/tif_dirread.c
++++ b/libtiff/tif_dirread.c
+@@ -165,6 +165,7 @@ static int TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32 nstrips, uin
+ static int TIFFFetchSubjectDistance(TIFF*, TIFFDirEntry*);
+ static void ChopUpSingleUncompressedStrip(TIFF*);
+ static uint64 TIFFReadUInt64(const uint8 *value);
++static int _TIFFGetMaxColorChannels(uint16 photometric);
+
+ static int _TIFFFillStrilesInternal( TIFF *tif, int loadStripByteCount );
+
+@@ -3505,6 +3506,35 @@ static void TIFFReadDirEntryOutputErr(TIFF* tif, enum TIFFReadDirEntryErr err, c
+ }
+
+ /*
++ * Return the maximum number of color channels specified for a given photometric
++ * type. 0 is returned if photometric type isn't supported or no default value
++ * is defined by the specification.
++ */
++static int _TIFFGetMaxColorChannels( uint16 photometric )
++{
++ switch (photometric) {
++ case PHOTOMETRIC_PALETTE:
++ case PHOTOMETRIC_MINISWHITE:
++ case PHOTOMETRIC_MINISBLACK:
++ return 1;
++ case PHOTOMETRIC_YCBCR:
++ case PHOTOMETRIC_RGB:
++ case PHOTOMETRIC_CIELAB:
++ return 3;
++ case PHOTOMETRIC_SEPARATED:
++ case PHOTOMETRIC_MASK:
++ return 4;
++ case PHOTOMETRIC_LOGL:
++ case PHOTOMETRIC_LOGLUV:
++ case PHOTOMETRIC_CFA:
++ case PHOTOMETRIC_ITULAB:
++ case PHOTOMETRIC_ICCLAB:
++ default:
++ return 0;
++ }
++}
++
++/*
+ * Read the next TIFF directory from a file and convert it to the internal
+ * format. We read directories sequentially.
+ */
+@@ -3520,6 +3550,7 @@ TIFFReadDirectory(TIFF* tif)
+ uint32 fii=FAILED_FII;
+ toff_t nextdiroff;
+ int bitspersample_read = FALSE;
++ int color_channels;
+
+ tif->tif_diroff=tif->tif_nextdiroff;
+ if (!TIFFCheckDirOffset(tif,tif->tif_nextdiroff))
+@@ -4024,6 +4055,37 @@ TIFFReadDirectory(TIFF* tif)
+ }
+ }
+ }
++
++ /*
++ * Make sure all non-color channels are extrasamples.
++ * If it's not the case, define them as such.
++ */
++ color_channels = _TIFFGetMaxColorChannels(tif->tif_dir.td_photometric);
++ if (color_channels && tif->tif_dir.td_samplesperpixel - tif->tif_dir.td_extrasamples > color_channels) {
++ uint16 old_extrasamples;
++ uint16 *new_sampleinfo;
++
++ TIFFWarningExt(tif->tif_clientdata,module, "Sum of Photometric type-related "
++ "color channels and ExtraSamples doesn't match SamplesPerPixel. "
++ "Defining non-color channels as ExtraSamples.");
++
++ old_extrasamples = tif->tif_dir.td_extrasamples;
++ tif->tif_dir.td_extrasamples = (tif->tif_dir.td_samplesperpixel - color_channels);
++
++ // sampleinfo should contain information relative to these new extra samples
++ new_sampleinfo = (uint16*) _TIFFcalloc(tif->tif_dir.td_extrasamples, sizeof(uint16));
++ if (!new_sampleinfo) {
++ TIFFErrorExt(tif->tif_clientdata, module, "Failed to allocate memory for "
++ "temporary new sampleinfo array (%d 16 bit elements)",
++ tif->tif_dir.td_extrasamples);
++ goto bad;
++ }
++
++ memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16));
++ _TIFFsetShortArray(&tif->tif_dir.td_sampleinfo, new_sampleinfo, tif->tif_dir.td_extrasamples);
++ _TIFFfree(new_sampleinfo);
++ }
++
+ /*
+ * Verify Palette image has a Colormap.
+ */
+diff --git a/libtiff/tif_print.c b/libtiff/tif_print.c
+index 8deceb2..1d86adb 100644
+--- a/libtiff/tif_print.c
++++ b/libtiff/tif_print.c
+@@ -544,7 +544,7 @@ TIFFPrintDirectory(TIFF* tif, FILE* fd, long flags)
+ uint16 i;
+ fprintf(fd, " %2ld: %5u",
+ l, td->td_transferfunction[0][l]);
+- for (i = 1; i < td->td_samplesperpixel; i++)
++ for (i = 1; i < td->td_samplesperpixel - td->td_extrasamples && i < 3; i++)
+ fprintf(fd, " %5u",
+ td->td_transferfunction[i][l]);
+ fputc('\n', fd);
+--
+1.7.9.5
+
diff --git a/poky/meta/recipes-multimedia/libtiff/files/CVE-2018-8905.patch b/poky/meta/recipes-multimedia/libtiff/files/CVE-2018-8905.patch
new file mode 100644
index 000000000..962646dbe
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libtiff/files/CVE-2018-8905.patch
@@ -0,0 +1,61 @@
+From 58a898cb4459055bb488ca815c23b880c242a27d Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Sat, 12 May 2018 15:32:31 +0200
+Subject: [PATCH] LZWDecodeCompat(): fix potential index-out-of-bounds write.
+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2780 /
+ CVE-2018-8905
+
+The fix consists in using the similar code LZWDecode() to validate we
+don't write outside of the output buffer.
+
+---
+CVE: CVE-2018-8905
+
+Upstream-Status: Backport [gitlab.com/libtiff/libtiff/commit/58a898...]
+
+Signed-off-by: Joe Slater <joe.slater@windriver.com>
+
+---
+ libtiff/tif_lzw.c | 18 ++++++++++++------
+ 1 file changed, 12 insertions(+), 6 deletions(-)
+
+diff --git a/libtiff/tif_lzw.c b/libtiff/tif_lzw.c
+index 4ccb443..94d85e3 100644
+--- a/libtiff/tif_lzw.c
++++ b/libtiff/tif_lzw.c
+@@ -602,6 +602,7 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s)
+ char *tp;
+ unsigned char *bp;
+ int code, nbits;
++ int len;
+ long nextbits, nextdata, nbitsmask;
+ code_t *codep, *free_entp, *maxcodep, *oldcodep;
+
+@@ -753,13 +754,18 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s)
+ } while (--occ);
+ break;
+ }
+- assert(occ >= codep->length);
+- op += codep->length;
+- occ -= codep->length;
+- tp = op;
++ len = codep->length;
++ tp = op + len;
+ do {
+- *--tp = codep->value;
+- } while( (codep = codep->next) != NULL );
++ int t;
++ --tp;
++ t = codep->value;
++ codep = codep->next;
++ *tp = (char)t;
++ } while (codep && tp > op);
++ assert(occ >= len);
++ op += len;
++ occ -= len;
+ } else {
+ *op++ = (char)code;
+ occ--;
+--
+1.7.9.5
+
diff --git a/poky/meta/recipes-multimedia/libtiff/tiff_4.0.9.bb b/poky/meta/recipes-multimedia/libtiff/tiff_4.0.9.bb
index 8c3bba5c6..fa64d1121 100644
--- a/poky/meta/recipes-multimedia/libtiff/tiff_4.0.9.bb
+++ b/poky/meta/recipes-multimedia/libtiff/tiff_4.0.9.bb
@@ -9,6 +9,9 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
file://CVE-2017-9935.patch \
file://CVE-2017-18013.patch \
file://CVE-2018-5784.patch \
+ file://CVE-2018-10963.patch \
+ file://CVE-2018-8905.patch \
+ file://CVE-2018-7456.patch \
"
SRC_URI[md5sum] = "54bad211279cc93eb4fca31ba9bfdc79"
diff --git a/poky/meta/recipes-multimedia/mpg123/mpg123_1.25.10.bb b/poky/meta/recipes-multimedia/mpg123/mpg123_1.25.10.bb
index 929069ab4..ff2b7d893 100644
--- a/poky/meta/recipes-multimedia/mpg123/mpg123_1.25.10.bb
+++ b/poky/meta/recipes-multimedia/mpg123/mpg123_1.25.10.bb
@@ -7,7 +7,6 @@ BUGTRACKER = "http://sourceforge.net/p/mpg123/bugs/"
SECTION = "multimedia"
LICENSE = "LGPLv2.1"
-LICENSE_FLAGS = "commercial"
LIC_FILES_CHKSUM = "file://COPYING;md5=1e86753638d3cf2512528b99079bc4f3"
SRC_URI = "https://www.mpg123.de/download/${BP}.tar.bz2"
diff --git a/poky/meta/recipes-support/attr/ea-acl.inc b/poky/meta/recipes-support/attr/ea-acl.inc
index 1339eccdb..9336ffc93 100644
--- a/poky/meta/recipes-support/attr/ea-acl.inc
+++ b/poky/meta/recipes-support/attr/ea-acl.inc
@@ -7,6 +7,9 @@ SRC_URI_append = " file://0001-Added-configure-option-to-enable-disable-static-l
inherit autotools-brokensep gettext
+# When upstream is using automake properly, this can be removed
+CLEANBROKEN = "1"
+
# the package comes with a custom config.h.in, it cannot be
# overwritten by autoheader
EXTRA_AUTORECONF += "--exclude=autoheader"
diff --git a/poky/meta/recipes-support/bmap-tools/bmap-tools_3.4.bb b/poky/meta/recipes-support/bmap-tools/bmap-tools_3.4.bb
index 9d8191f33..2aae9a3fe 100644
--- a/poky/meta/recipes-support/bmap-tools/bmap-tools_3.4.bb
+++ b/poky/meta/recipes-support/bmap-tools/bmap-tools_3.4.bb
@@ -16,7 +16,7 @@ SRC_URI[sha256sum] = "0064891270c180c190f41925b0f6fb9cecac3056f1168d2592dbe90e5f
UPSTREAM_CHECK_URI = "https://github.com/intel/${BPN}/releases"
-RDEPENDS_${PN} = "python3-core python3-compression python3-mmap python3-setuptools"
+RDEPENDS_${PN} = "python3-core python3-compression python3-mmap python3-setuptools python3-fcntl"
inherit python3native
inherit setuptools3
diff --git a/poky/meta/recipes-support/curl/curl_7.60.0.bb b/poky/meta/recipes-support/curl/curl_7.61.0.bb
index fe04fa63c..d118c3ff9 100644
--- a/poky/meta/recipes-support/curl/curl_7.60.0.bb
+++ b/poky/meta/recipes-support/curl/curl_7.61.0.bb
@@ -9,8 +9,8 @@ SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
file://0001-replace-krb5-config-with-pkg-config.patch \
"
-SRC_URI[md5sum] = "bd2aabf78ded6a9aec8a54532fd6b5d7"
-SRC_URI[sha256sum] = "897dfb2204bd99be328279f88f55b7c61592216b0542fcbe995c60aa92871e9b"
+SRC_URI[md5sum] = "31d0a9f48dc796a7db351898a1e5058a"
+SRC_URI[sha256sum] = "5f6f336921cf5b84de56afbd08dfb70adeef2303751ffb3e570c936c6d656c9c"
CVE_PRODUCT = "libcurl"
inherit autotools pkgconfig binconfig multilib_header
diff --git a/poky/meta/recipes-support/gnutls/gnutls.inc b/poky/meta/recipes-support/gnutls/gnutls.inc
index 7bcb9133a..98ec8d966 100644
--- a/poky/meta/recipes-support/gnutls/gnutls.inc
+++ b/poky/meta/recipes-support/gnutls/gnutls.inc
@@ -17,7 +17,7 @@ DEPENDS_append_libc-musl = " argp-standalone"
SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}"
-SRC_URI = "ftp://ftp.gnutls.org/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz"
+SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz"
inherit autotools texinfo binconfig pkgconfig gettext lib_package gtk-doc
diff --git a/poky/meta/recipes-support/iso-codes/iso-codes_3.77.bb b/poky/meta/recipes-support/iso-codes/iso-codes_3.77.bb
index bd613ac57..52e56ca55 100644
--- a/poky/meta/recipes-support/iso-codes/iso-codes_3.77.bb
+++ b/poky/meta/recipes-support/iso-codes/iso-codes_3.77.bb
@@ -2,14 +2,15 @@ SUMMARY = "ISO language, territory, currency, script codes and their translation
LICENSE = "LGPLv2.1"
LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"
-SRC_URI = "https://pkg-isocodes.alioth.debian.org/downloads/iso-codes-${PV}.tar.xz"
-SRC_URI[md5sum] = "9d0d06cfb4634428b300845edcd7140a"
-SRC_URI[sha256sum] = "21cd73a4c6f95d9474ebfcffd4e065223857720f24858e564f4409b19f7f0d90"
+SRC_URI = "git://salsa.debian.org/iso-codes-team/iso-codes.git;protocol=http"
+SRCREV = "0a932d3e1e6d9058a6ef874c8ff1dc4a193bc030"
# inherit gettext cannot be used, because it adds gettext-native to BASEDEPENDS which
# are inhibited by allarch
DEPENDS = "gettext-native"
+S = "${WORKDIR}/git"
+
inherit allarch autotools
FILES_${PN} += "${datadir}/xml/"
diff --git a/poky/meta/recipes-support/nettle/nettle_3.4.bb b/poky/meta/recipes-support/nettle/nettle_3.4.bb
index 7a3cc654c..ca8450ea9 100644
--- a/poky/meta/recipes-support/nettle/nettle_3.4.bb
+++ b/poky/meta/recipes-support/nettle/nettle_3.4.bb
@@ -25,7 +25,7 @@ SRC_URI[sha256sum] = "ae7a42df026550b85daca8389b6a60ba6313b0567f374392e54918588a
UPSTREAM_CHECK_REGEX = "nettle-(?P<pver>\d+(\.\d+)+)\.tar"
-inherit autotools ptest
+inherit autotools ptest multilib_header
EXTRA_AUTORECONF += "--exclude=aclocal"
@@ -35,6 +35,10 @@ do_compile_ptest() {
oe_runmake buildtest
}
+do_install_append() {
+ oe_multilib_header nettle/nettle-stdint.h nettle/version.h
+}
+
do_install_ptest() {
install -d ${D}${PTEST_PATH}/testsuite/
install ${S}/testsuite/gold-bug.txt ${D}${PTEST_PATH}/testsuite/
diff --git a/poky/meta/recipes-support/popt/popt_1.16.bb b/poky/meta/recipes-support/popt/popt_1.16.bb
index 478288f9b..377d10844 100644
--- a/poky/meta/recipes-support/popt/popt_1.16.bb
+++ b/poky/meta/recipes-support/popt/popt_1.16.bb
@@ -8,7 +8,7 @@ PR = "r3"
DEPENDS = "virtual/libiconv"
-SRC_URI = "http://rpm5.org/files/popt/popt-${PV}.tar.gz \
+SRC_URI = "https://fossies.org/linux/misc/popt-${PV}.tar.gz \
file://pkgconfig_fix.patch \
file://popt_fix_for_automake-1.12.patch \
file://disable_tests.patch \
diff --git a/poky/meta/recipes-support/shared-mime-info/shared-mime-info.inc b/poky/meta/recipes-support/shared-mime-info/shared-mime-info.inc
index 1f51225b0..344da7ea7 100644
--- a/poky/meta/recipes-support/shared-mime-info/shared-mime-info.inc
+++ b/poky/meta/recipes-support/shared-mime-info/shared-mime-info.inc
@@ -2,7 +2,7 @@ SUMMARY = "Shared MIME type database and specification"
HOMEPAGE = "http://freedesktop.org/wiki/Software/shared-mime-info"
SECTION = "base"
-LICENSE = "LGPLv2+"
+LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
DEPENDS = "libxml2 intltool-native glib-2.0 shared-mime-info-native"
diff --git a/poky/meta/recipes-support/sqlite/sqlite3.inc b/poky/meta/recipes-support/sqlite/sqlite3.inc
index 95ec89cef..30847b958 100644
--- a/poky/meta/recipes-support/sqlite/sqlite3.inc
+++ b/poky/meta/recipes-support/sqlite/sqlite3.inc
@@ -37,10 +37,12 @@ CFLAGS_append = " -fPIC"
# pread() is in POSIX.1-2001 so any reasonable system must surely support it
BUILD_CFLAGS += "-DUSE_PREAD"
+BUILDSDK_CFLAGS += "-DUSE_PREAD"
TARGET_CFLAGS += "-DUSE_PREAD"
# Provide column meta-data API
BUILD_CFLAGS += "-DSQLITE_ENABLE_COLUMN_METADATA"
+BUILDSDK_CFLAGS += "-DSQLITE_ENABLE_COLUMN_METADATA"
TARGET_CFLAGS += "-DSQLITE_ENABLE_COLUMN_METADATA"
PACKAGES = "lib${BPN} lib${BPN}-dev lib${BPN}-doc ${PN}-dbg lib${BPN}-staticdev ${PN}"
diff --git a/poky/meta/site/powerpc64-linux b/poky/meta/site/powerpc64-linux
index d64e230af..820a4b844 100644
--- a/poky/meta/site/powerpc64-linux
+++ b/poky/meta/site/powerpc64-linux
@@ -37,3 +37,5 @@ ac_cv_linux_vers=${ac_cv_linux_vers=2}
# apr
apr_cv_tcp_nodelay_with_cork=${apr_cv_tcp_nodelay_with_cork=yes}
+# cvs
+cvs_cv_func_printf_ptr=${cvs_cv_func_printf_ptr=yes}
diff --git a/poky/scripts/lib/devtool/sdk.py b/poky/scripts/lib/devtool/sdk.py
index f46577c2a..461675379 100644
--- a/poky/scripts/lib/devtool/sdk.py
+++ b/poky/scripts/lib/devtool/sdk.py
@@ -145,6 +145,9 @@ def sdk_update(args, config, basepath, workspace):
# Fetch manifest from server
tmpmanifest = os.path.join(tmpsdk_dir, 'conf', 'sdk-conf-manifest')
ret = subprocess.call("wget -q -O %s %s/conf/sdk-conf-manifest" % (tmpmanifest, updateserver), shell=True)
+ if ret != 0:
+ logger.error("Cannot dowload files from %s" % updateserver)
+ return ret
changedfiles = check_manifest(tmpmanifest, basepath)
if not changedfiles:
logger.info("Already up-to-date")
diff --git a/poky/scripts/lib/wic/canned-wks/qemux86-directdisk.wks b/poky/scripts/lib/wic/canned-wks/qemux86-directdisk.wks
index 1f8466af2..cfa32bd38 100644
--- a/poky/scripts/lib/wic/canned-wks/qemux86-directdisk.wks
+++ b/poky/scripts/lib/wic/canned-wks/qemux86-directdisk.wks
@@ -4,5 +4,5 @@
include common.wks.inc
-bootloader --timeout=0 --append="vga=0 uvesafb.mode_option=640x480-32 rw mem=256M ip=192.168.7.2::192.168.7.1:255.255.255.0 oprofile.timer=1 rootfstype=ext4 "
+bootloader --timeout=0 --append="vga=0 rw mem=256M ip=192.168.7.2::192.168.7.1:255.255.255.0 oprofile.timer=1 rootfstype=ext4 "
diff --git a/poky/scripts/lib/wic/engine.py b/poky/scripts/lib/wic/engine.py
index edcfab39e..f0c5ff0aa 100644
--- a/poky/scripts/lib/wic/engine.py
+++ b/poky/scripts/lib/wic/engine.py
@@ -284,8 +284,8 @@ class Disk:
aname = "_%s" % name
if aname not in self.__dict__:
setattr(self, aname, find_executable(name, self.paths))
- if aname not in self.__dict__:
- raise WicError("Can't find executable {}".format(name))
+ if aname not in self.__dict__ or self.__dict__[aname] is None:
+ raise WicError("Can't find executable '{}'".format(name))
return self.__dict__[aname]
return self.__dict__[name]
@@ -391,11 +391,8 @@ class Disk:
def write_ptable(parts, target):
with tempfile.NamedTemporaryFile(prefix="wic-sfdisk-", mode='w') as outf:
write_sfdisk_script(outf, parts)
- cmd = "{} --no-reread {} < {} 2>/dev/null".format(self.sfdisk, target, outf.name)
- try:
- subprocess.check_output(cmd, shell=True)
- except subprocess.CalledProcessError as err:
- raise WicError("Can't run '{}' command: {}".format(cmd, err))
+ cmd = "{} --no-reread {} < {} ".format(self.sfdisk, target, outf.name)
+ exec_cmd(cmd, as_shell=True)
if expand is None:
sparse_copy(self.imagepath, target)
@@ -412,11 +409,14 @@ class Disk:
for line in exec_cmd("{} -F {}".format(self.sfdisk, target)).splitlines():
if line.startswith("Unpartitioned space ") and line.endswith("sectors"):
free = int(line.split()[-2])
+ # Align free space to a 2048 sector boundary. YOCTO #12840.
+ free = free - (free % 2048)
if free is None:
raise WicError("Can't get size of unpartitioned space")
# calculate expanded partitions sizes
sizes = {}
+ num_auto_resize = 0
for num, part in enumerate(parts['partitiontable']['partitions'], 1):
if num in expand:
if expand[num] != 0: # don't resize partition if size is set to 0
@@ -426,10 +426,11 @@ class Disk:
sizes[num] = sectors
elif part['type'] != 'f':
sizes[num] = -1
+ num_auto_resize += 1
for num, part in enumerate(parts['partitiontable']['partitions'], 1):
if sizes.get(num) == -1:
- part['size'] += free // len(sizes)
+ part['size'] += free // num_auto_resize
# write resized partition table to the target
write_ptable(parts, target)
diff --git a/poky/scripts/lib/wic/plugins/source/bootimg-efi.py b/poky/scripts/lib/wic/plugins/source/bootimg-efi.py
index beb74d7a7..0eb86a079 100644
--- a/poky/scripts/lib/wic/plugins/source/bootimg-efi.py
+++ b/poky/scripts/lib/wic/plugins/source/bootimg-efi.py
@@ -45,7 +45,7 @@ class BootimgEFIPlugin(SourcePlugin):
name = 'bootimg-efi'
@classmethod
- def do_configure_grubefi(cls, creator, cr_workdir):
+ def do_configure_grubefi(cls, hdddir, creator, cr_workdir, source_params):
"""
Create loader-specific (grub-efi) config
"""
@@ -62,6 +62,18 @@ class BootimgEFIPlugin(SourcePlugin):
raise WicError("configfile is specified but failed to "
"get it from %s." % configfile)
+ initrd = source_params.get('initrd')
+
+ if initrd:
+ bootimg_dir = get_bitbake_var("DEPLOY_DIR_IMAGE")
+ if not bootimg_dir:
+ raise WicError("Couldn't find DEPLOY_DIR_IMAGE, exiting")
+
+ cp_cmd = "cp %s/%s %s" % (bootimg_dir, initrd, hdddir)
+ exec_cmd(cp_cmd, True)
+ else:
+ logger.debug("Ignoring missing initrd")
+
if not custom_cfg:
# Create grub configuration using parameters from wks file
bootloader = creator.ks.bootloader
@@ -76,6 +88,10 @@ class BootimgEFIPlugin(SourcePlugin):
grubefi_conf += "linux %s root=%s rootwait %s\n" \
% (kernel, creator.rootdev, bootloader.append)
+
+ if initrd:
+ grubefi_conf += "initrd /%s\n" % initrd
+
grubefi_conf += "}\n"
logger.debug("Writing grubefi config %s/hdd/boot/EFI/BOOT/grub.cfg",
@@ -167,7 +183,7 @@ class BootimgEFIPlugin(SourcePlugin):
try:
if source_params['loader'] == 'grub-efi':
- cls.do_configure_grubefi(creator, cr_workdir)
+ cls.do_configure_grubefi(hdddir, creator, cr_workdir, source_params)
elif source_params['loader'] == 'systemd-boot':
cls.do_configure_systemdboot(hdddir, creator, cr_workdir, source_params)
else:
diff --git a/poky/scripts/multilib_header_wrapper.h b/poky/scripts/multilib_header_wrapper.h
index f516673b6..9660225fd 100644
--- a/poky/scripts/multilib_header_wrapper.h
+++ b/poky/scripts/multilib_header_wrapper.h
@@ -22,7 +22,9 @@
*/
-#if defined (__arm__)
+#if defined (__bpf__)
+#define __MHWORDSIZE 64
+#elif defined (__arm__)
#define __MHWORDSIZE 32
#elif defined (__aarch64__) && defined ( __LP64__)
#define __MHWORDSIZE 64
diff --git a/poky/scripts/oe-pkgdata-util b/poky/scripts/oe-pkgdata-util
index aea8a5751..e6c9df94e 100755
--- a/poky/scripts/oe-pkgdata-util
+++ b/poky/scripts/oe-pkgdata-util
@@ -277,7 +277,7 @@ def lookup_recipe(args):
print("%s is in the RPROVIDES of %s:" % (pkg, f))
pkgdatafile = os.path.join(args.pkgdata_dir, "runtime", f)
parse_pkgdatafile(pkgdatafile)
- break
+ continue
pkgdatafile = os.path.join(args.pkgdata_dir, 'runtime-reverse', pkg)
if not os.path.exists(pkgdatafile):
logger.error("The following packages could not be found: %s" % pkg)
@@ -286,37 +286,35 @@ def lookup_recipe(args):
def package_info(args):
def parse_pkgdatafile(pkgdatafile):
+ vars = ['PKGV', 'PKGE', 'PKGR', 'PN', 'PV', 'PE', 'PR', 'PKGSIZE']
+ if args.extra:
+ vars += args.extra
with open(pkgdatafile, 'r') as f:
- pkge = ''
- pkgr = ''
- pe = ''
- pr = ''
+ vals = dict()
+ extra = ''
for line in f:
- if line.startswith('PKGV:'):
- pkg_version = line.split(':', 1)[1].strip()
- elif line.startswith('PKGE:'):
- pkge = line.split(':', 1)[1].strip()
- elif line.startswith('PKGR:'):
- pkgr = line.split(':', 1)[1].strip()
- elif line.startswith('PN:'):
- recipe = line.split(':', 1)[1].strip()
- elif line.startswith('PV:'):
- recipe_version = line.split(':', 1)[1].strip()
- elif line.startswith('PE:'):
- pe = line.split(':', 1)[1].strip()
- elif line.startswith('PR:'):
- pr = line.split(':', 1)[1].strip()
- elif line.startswith('PKGSIZE'):
- pkg_size = line.split(':', 1)[1].strip()
- if pkge:
- pkg_version = pkge + ":" + pkg_version
- if pkgr:
- pkg_version = pkg_version + "-" + pkgr
- if pe:
- recipe_version = pe + ":" + recipe_version
- if pr:
- recipe_version = recipe_version + "-" + pr
- print("%s %s %s %s %s" % (pkg, pkg_version, recipe, recipe_version, pkg_size))
+ for var in vars:
+ m = re.match(var + '(?:_\S+)?:\s*(.+?)\s*$', line)
+ if m:
+ vals[var] = m.group(1)
+ pkg_version = vals['PKGV'] or ''
+ recipe = vals['PN'] or ''
+ recipe_version = vals['PV'] or ''
+ pkg_size = vals['PKGSIZE'] or ''
+ if 'PKGE' in vals:
+ pkg_version = vals['PKGE'] + ":" + pkg_version
+ if 'PKGR' in vals:
+ pkg_version = pkg_version + "-" + vals['PKGR']
+ if 'PE' in vals:
+ recipe_version = vals['PE'] + ":" + recipe_version
+ if 'PR' in vals:
+ recipe_version = recipe_version + "-" + vals['PR']
+ if args.extra:
+ for var in args.extra:
+ if var in vals:
+ val = re.sub(r'\s+', ' ', vals[var])
+ extra += ' "%s"' % val
+ print("%s %s %s %s %s%s" % (pkg, pkg_version, recipe, recipe_version, pkg_size, extra))
# Handle both multiple arguments and multiple values within an arg (old syntax)
packages = []
@@ -341,7 +339,7 @@ def package_info(args):
print("%s is in the RPROVIDES of %s:" % (pkg, f))
pkgdatafile = os.path.join(args.pkgdata_dir, "runtime", f)
parse_pkgdatafile(pkgdatafile)
- break
+ continue
pkgdatafile = os.path.join(args.pkgdata_dir, "runtime-reverse", pkg)
if not os.path.exists(pkgdatafile):
logger.error("Unable to find any built runtime package named %s" % pkg)
diff --git a/poky/scripts/runqemu-extract-sdk b/poky/scripts/runqemu-extract-sdk
index 2a0dd50e0..f4286efb1 100755
--- a/poky/scripts/runqemu-extract-sdk
+++ b/poky/scripts/runqemu-extract-sdk
@@ -76,7 +76,9 @@ fi
pseudo_state_dir="$SDK_ROOTFS_DIR/../$(basename "$SDK_ROOTFS_DIR").pseudo_state"
pseudo_state_dir="$(readlink -f $pseudo_state_dir)"
-if [ -e "$pseudo_state_dir" ]; then
+debug_image="`echo $ROOTFS_TARBALL | grep '\-dbg\.tar\.'`"
+
+if [ -e "$pseudo_state_dir" -a -z "$debug_image" ]; then
echo "Error: $pseudo_state_dir already exists!"
echo "Please delete the rootfs tree and pseudo directory manually"
echo "if this is really what you want."
diff --git a/poky/scripts/send-error-report b/poky/scripts/send-error-report
index 15b5e8491..cd2e7f4b9 100755
--- a/poky/scripts/send-error-report
+++ b/poky/scripts/send-error-report
@@ -143,7 +143,7 @@ def send_data(data, args):
logging.error(e.reason)
sys.exit(1)
- print(response.read())
+ print(response.read().decode('utf-8'))
if __name__ == '__main__':
OpenPOWER on IntegriCloud