[PATCH 00/61][Dizzy-next] Feb 2015

[PATCH 00/61][Dizzy-next] Feb 2015

[Armin Kuster]

Please consider these changes for oe-core Dizzy

The following changes since commit 9fc095a439c36014c73b3a8f240afba09fe0e4d7:

  image.bbclass: avoid boot error on read-only systemd image (2015-01-15 16:01:47 +0000)

are available in the git repository at:

  git://git.yoctoproject.org/poky-contrib akuster/dizzy-next
  http://git.yoctoproject.org/cgit.cgi//log/?h=akuster/dizzy-next

André Draszik (1):
  openssl: fix hard paths in native openssl

Armin Kuster (5):
  glibc: CVE-2014-9402 endless loop in getaddr_r
  tzcode: update to 2015a leap second changes too
  tzdata: update to 2015a including leap second
  busybox: cve-2014-9645
  groff: fix QA issue with rdepends

Chong.Lu@windriver.com (1):
  file: CVE-2014-9620 and CVE-2014-9621

Dan McGregor (1):
  dpkg: fix host contamination

Dmitry Eremin-Solenikov (1):
  icecc.bbclass: properly handle disabling of icecc

Enrico Scholz (2):
  image_types.bbclass: fixed 'init' creation for cpio images
  image_types.bbclass: manage 'cpio_append' directory

Fabien Proriol (1):
  boost: Avoid to use local host configuration

Gary Thomas (1):
  perl: Backport fix for bug #123591

Hongxu Jia (1):
  distcc: fix initscript can not stop distcc daemon correctly

Joe MacDonald (1):
  libxml2: fix CVE-2014-3660

Kai Kang (1):
  openssh: deliver ssh-copy-id

Khem Raj (1):
  systemd: Backports fixes to 216

Li xin (1):
  elfutils_0.148.bb: CVE-2014-9447 fix

Mark Hatle (2):
  gcc/libgcc-common.inc: Add missing 'fakeroot' to two tasks
  python-smartpm: Fix attemptonly builds when file conflicts occur

Martin Jansa (2):
  package.bbclass: Fix support for private libs
  xorg-app: add x11 to required DISTRO_FEATURES and cleanup dependencies

Maxin B. John (1):
  coreutils: Fix CVE-2014-9471

Mike Looijmans (1):
  package.bbclass: Let PR server update PKGV, not PV

Paul Eggleton (2):
  poky.conf: add file-rdeps to WARN_QA
  gcc: ensure target gcc headers can be included

Paul Gortmaker (1):
  packagegroup-self-hosted: package all of Python

Richard Purdie (13):
  libxml2: Backport fix for CVE introduced entity issues
  bitbake: cooker: Shut down the parser in error state
  bitbake: bitbake-worker: Use setsid() rather than setpgid()
  bitbake: cache/fetch2/siggen: Ensure we track include history for file
    checksums
  bitbake: wget: Add localpaths method which gives localpath with
    history
  bitbake: ast: Add error when trying to use dash in sh function names
  cross-canadian/meta-environment: Allow modification of TARGET_OS to be
    optional
  oeqa/utils/decorators: Try and improve ugly _ErrorHandler tracebacks
  lib/oe/package: Ensure strip breaks hardlinks
  bitbake: siggen: Ensure taskdata default functions exist in base class
  net-tools: Fix rerunning of do_patch task
  package/prserv: Merge two similar functions into one
  scripts/send-error-report: Set exit code if error occurs

Robert Yang (5):
  parted: parted-ptest RDEPENDS on python
  pax-utils: RDEPENDS on python
  guile: fixed installed-vs-shipped error
  neard: fix parallel issue
  perf: fix for rebuilding

Ross Burton (5):
  systemd: add missing RDEPENDS
  socat: forcibly disable use of libbsd
  python: ensure all of Python is installed in nativesdk
  python: remove spurious nativesdk dependency
  security_flags: disable PIE on expect

Saul Wold (2):
  glibc: Fix up minimal build with libc-libm
  security_flags: disable pie support for libaio, blktrace and ltp

Sona Sarmadi (1):
  python: Disables SSLv3

Ting Liu (4):
  libunwind: Fix test case link failure on PowerPC with Altivec
  bitbake.conf: add PKGDATA_DIR to BB_HASHBASE_WHITELIST
  valgrind: build with altivec only if it supported
  bind: fix typo chown->chmod

Tom Zanussi (3):
  perf: Add libdw unwind support to perf-libunwind feature
  perf: Disable perf-libunwind
  yocto-bsp: Add branch to SRC_URI for custom kernels

Vincent Génieux (1):
  fix '[[: not found' error message using dash

 bitbake/bin/bitbake-worker                         |    7 +-
 bitbake/lib/bb/cache.py                            |    9 +-
 bitbake/lib/bb/cooker.py                           |    2 +-
 bitbake/lib/bb/fetch2/__init__.py                  |   35 +-
 bitbake/lib/bb/fetch2/local.py                     |   54 +-
 bitbake/lib/bb/parse/ast.py                        |    2 +
 bitbake/lib/bb/siggen.py                           |   16 +-
 meta-yocto/conf/distro/poky.conf                   |    2 +-
 meta/classes/cross-canadian.bbclass                |    4 +
 meta/classes/icecc.bbclass                         |   15 +-
 meta/classes/image_types.bbclass                   |    6 +-
 meta/classes/kernel.bbclass                        |    2 +-
 meta/classes/package.bbclass                       |   57 +-
 meta/classes/prserv.bbclass                        |   31 -
 meta/conf/bitbake.conf                             |    2 +-
 meta/conf/distro/include/security_flags.inc        |    4 +
 meta/lib/oe/package.py                             |    3 +-
 meta/lib/oeqa/utils/decorators.py                  |   23 +-
 meta/recipes-connectivity/bind/bind/conf.patch     |    2 +-
 .../bind/bind/generate-rndc-key.sh                 |    2 +-
 .../neard/Makefile.am-fix-parallel-issue.patch     |   33 +
 meta/recipes-connectivity/neard/neard_0.14.bb      |    1 +
 meta/recipes-connectivity/openssh/openssh_6.6p1.bb |    1 +
 meta/recipes-connectivity/openssl/openssl.inc      |    9 +-
 meta/recipes-connectivity/socat/socat_1.7.2.4.bb   |    1 +
 ..._busybox_reject_module_names_with_slashes.patch |   41 +
 meta/recipes-core/busybox/busybox_1.22.1.bb        |    1 +
 .../coreutils/coreutils-8.22/date-tz-crash.patch   |   43 +
 meta/recipes-core/coreutils/coreutils_8.22.bb      |    1 +
 .../CVE-2014-9402_endless-loop-in-getaddr_r.patch  |   65 +
 .../glibc/glibc/eglibc-use-option-groups.patch     |    3 +-
 meta/recipes-core/glibc/glibc_2.20.bb              |    4 +
 meta/recipes-core/libxml/libxml2.inc               |    1 +
 .../72a46a519ce7326d9a00f0b6a7f2a8e958cd1675.patch |   30 +
 .../libxml/libxml2/libxml2-CVE-2014-3660.patch     |  147 ++
 meta/recipes-core/libxml/libxml2_2.9.1.bb          |    3 +-
 meta/recipes-core/meta/meta-environment.bb         |    5 +-
 .../packagegroups/packagegroup-self-hosted.bb      |   28 +-
 ...onfigure-the-list-of-system-users-files-a.patch |  176 +++
 ...o-not-install-tmpfiles-and-sysusers-files.patch |   56 +
 ...ke-resolv.conf-entry-conditional-on-resol.patch |  142 ++
 ...es.d-etc.conf-disable-resolv.conf-symlink.patch |   35 -
 meta/recipes-core/systemd/systemd_216.bb           |   16 +-
 meta/recipes-devtools/distcc/files/distcc          |    5 +
 meta/recipes-devtools/dpkg/dpkg.inc                |    2 +
 .../elf_begin.c-CVE-2014-9447-fix.patch            |   36 +
 meta/recipes-devtools/elfutils/elfutils_0.148.bb   |   23 +-
 .../file-CVE-2014-9620-and-CVE-2014-9621.patch     | 1414 ++++++++++++++++++++
 meta/recipes-devtools/file/file_5.18.bb            |    1 +
 meta/recipes-devtools/gcc/gcc-4.8.inc              |    1 +
 .../gcc/gcc-4.8/target-gcc-includedir.patch        |   81 ++
 meta/recipes-devtools/gcc/gcc-4.9.inc              |    1 +
 .../gcc/gcc-4.9/target-gcc-includedir.patch        |   81 ++
 meta/recipes-devtools/gcc/libgcc-common.inc        |    4 +-
 .../guile/files/libguile-Makefile.am-depends.patch |   39 +
 meta/recipes-devtools/guile/guile_2.0.11.bb        |    1 +
 meta/recipes-devtools/pax-utils/pax-utils_0.8.1.bb |    2 +-
 .../perl/perl-5.20.0/fix-FF_MORE-crash.patch       |   21 +
 meta/recipes-devtools/perl/perl_5.20.0.bb          |    1 +
 .../python/python-smartpm/smart-attempt.patch      |   97 +-
 .../python/python/python2.7.3-nossl3.patch         |   37 +
 meta/recipes-devtools/python/python_2.7.3.bb       |    3 +-
 .../pass-maltivec-only-if-it-supported.patch       |   68 +
 meta/recipes-devtools/valgrind/valgrind_3.9.0.bb   |    1 +
 meta/recipes-extended/groff/groff_1.22.2.bb        |    2 +
 .../net-tools/net-tools_1.60-25.bb                 |    1 +
 meta/recipes-extended/parted/parted_3.1.bb         |    2 +-
 .../recipes-extended/tzcode/tzcode-native_2014j.bb |   10 -
 .../recipes-extended/tzcode/tzcode-native_2015a.bb |   10 +
 meta/recipes-extended/tzdata/tzdata_2014j.bb       |    6 -
 meta/recipes-extended/tzdata/tzdata_2015a.bb       |    6 +
 meta/recipes-graphics/xorg-app/xeyes_1.1.1.bb      |    2 +-
 meta/recipes-graphics/xorg-app/xorg-app-common.inc |    5 +-
 meta/recipes-graphics/xorg-app/xprop_1.2.2.bb      |    2 +-
 meta/recipes-kernel/perf/perf-features.inc         |    2 +-
 meta/recipes-kernel/perf/perf.bb                   |    6 +-
 meta/recipes-support/boost/boost.inc               |    3 +-
 ...k-failure-on-PowerPC-systems-with-Altivec.patch |   28 +
 meta/recipes-support/libunwind/libunwind_1.1.bb    |    4 +
 ...choice == \"custom\": }} linux-yocto-custom.bb" |    4 +-
 scripts/send-error-report                          |    6 +-
 81 files changed, 2871 insertions(+), 267 deletions(-)
 create mode 100644 meta/recipes-connectivity/neard/neard/Makefile.am-fix-parallel-issue.patch
 create mode 100644 meta/recipes-core/busybox/busybox/CVE-2014-9645_busybox_reject_module_names_with_slashes.patch
 create mode 100644 meta/recipes-core/coreutils/coreutils-8.22/date-tz-crash.patch
 create mode 100644 meta/recipes-core/glibc/glibc/CVE-2014-9402_endless-loop-in-getaddr_r.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/72a46a519ce7326d9a00f0b6a7f2a8e958cd1675.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2014-3660.patch
 create mode 100644 meta/recipes-core/systemd/systemd/0001-build-sys-configure-the-list-of-system-users-files-a.patch
 create mode 100644 meta/recipes-core/systemd/systemd/0001-build-sys-do-not-install-tmpfiles-and-sysusers-files.patch
 create mode 100644 meta/recipes-core/systemd/systemd/0001-tmpfiles-make-resolv.conf-entry-conditional-on-resol.patch
 delete mode 100644 meta/recipes-core/systemd/systemd/0001-tmpfiles.d-etc.conf-disable-resolv.conf-symlink.patch
 create mode 100644 meta/recipes-devtools/elfutils/elfutils-0.148/elf_begin.c-CVE-2014-9447-fix.patch
 create mode 100644 meta/recipes-devtools/file/file/file-CVE-2014-9620-and-CVE-2014-9621.patch
 create mode 100644 meta/recipes-devtools/gcc/gcc-4.8/target-gcc-includedir.patch
 create mode 100644 meta/recipes-devtools/gcc/gcc-4.9/target-gcc-includedir.patch
 create mode 100644 meta/recipes-devtools/guile/files/libguile-Makefile.am-depends.patch
 create mode 100644 meta/recipes-devtools/perl/perl-5.20.0/fix-FF_MORE-crash.patch
 create mode 100644 meta/recipes-devtools/python/python/python2.7.3-nossl3.patch
 create mode 100644 meta/recipes-devtools/valgrind/valgrind/pass-maltivec-only-if-it-supported.patch
 delete mode 100644 meta/recipes-extended/tzcode/tzcode-native_2014j.bb
 create mode 100644 meta/recipes-extended/tzcode/tzcode-native_2015a.bb
 delete mode 100644 meta/recipes-extended/tzdata/tzdata_2014j.bb
 create mode 100644 meta/recipes-extended/tzdata/tzdata_2015a.bb
 create mode 100644 meta/recipes-support/libunwind/libunwind-1.1/Fix-test-case-link-failure-on-PowerPC-systems-with-Altivec.patch

-- 
1.9.1

[PATCH 01/61] glibc: Fix up minimal build with libc-libm

[Armin Kuster]

From: Saul Wold <sgw@linux.intel.com>

This addresses 2 issues discovered trying to build a minimal libc with
libm option.  By default nscd was always being built and without inet
enabled there were missing symbols.

[YOCTO #7108]

(From OE-Core rev: 89649881bcd0e76d6ee7c85c30e75bb01e1c004f)

Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-core/glibc/glibc/eglibc-use-option-groups.patch | 3 ++-
 meta/recipes-core/glibc/glibc_2.20.bb                        | 3 +++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-core/glibc/glibc/eglibc-use-option-groups.patch b/meta/recipes-core/glibc/glibc/eglibc-use-option-groups.patch
index 7136253..332b8f7 100644
--- a/meta/recipes-core/glibc/glibc/eglibc-use-option-groups.patch
+++ b/meta/recipes-core/glibc/glibc/eglibc-use-option-groups.patch
@@ -4205,7 +4205,8 @@ Index: git/nss/getent.c
  D(gshadow)
 -D(hosts)
 +DN(hosts)
- D(initgroups)
+-D(initgroups)
++DN(initgroups)
 -D(netgroup)
 -D(networks)
 +DN(netgroup)
diff --git a/meta/recipes-core/glibc/glibc_2.20.bb b/meta/recipes-core/glibc/glibc_2.20.bb
index 9dd5e67..f67fbfd 100644
--- a/meta/recipes-core/glibc/glibc_2.20.bb
+++ b/meta/recipes-core/glibc/glibc_2.20.bb
@@ -90,9 +90,12 @@ EXTRA_OECONF = "--enable-kernel=${OLDEST_KERNEL} \
                 --without-selinux \
                 --enable-obsolete-rpc \
                 --with-kconfig=${STAGING_BINDIR_NATIVE} \
+                --disable-nscd \
                 ${GLIBC_EXTRA_OECONF}"
 
 EXTRA_OECONF += "${@get_libc_fpu_setting(bb, d)}"
+EXTRA_OECONF += "${@bb.utils.contains('DISTRO_FEATURES', 'libc-inet-anl', '--enable-nscd', '--disable-nscd', d)}"
+
 
 do_patch_append() {
     bb.build.exec_func('do_fix_readlib_c', d)
-- 
1.9.1

[PATCH 02/61] coreutils: Fix CVE-2014-9471

[Armin Kuster]

From: "Maxin B. John" <maxin.john@enea.com>

Fiedler Roman discovered that coreutils' parse_datetime() function
has some flaws that may be exploitable if the date(1), touch(1),
or potentially other programs, accept untrusted input for certain
parameters. While researching this issue, he discovered that it
was independently discovered by Bertrand Jacquin and reported at
http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16872

$ touch '--date=TZ="123"345" @1'
*** Error in `touch': free(): invalid pointer: 0x00007fffd33e55e0 ***
Aborted

$ date '--date=TZ="123"345" @1'
date[394]: segfault at 7fff24000000 ip 00007f6dd5b73404 sp 00007fff27cce8f8
error 4 in libc-2.20.so[7f6dd5af7000+199000]
Segmentation fault

Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../coreutils/coreutils-8.22/date-tz-crash.patch   | 43 ++++++++++++++++++++++
 meta/recipes-core/coreutils/coreutils_8.22.bb      |  1 +
 2 files changed, 44 insertions(+)
 create mode 100644 meta/recipes-core/coreutils/coreutils-8.22/date-tz-crash.patch

diff --git a/meta/recipes-core/coreutils/coreutils-8.22/date-tz-crash.patch b/meta/recipes-core/coreutils/coreutils-8.22/date-tz-crash.patch
new file mode 100644
index 0000000..570e4fd
--- /dev/null
+++ b/meta/recipes-core/coreutils/coreutils-8.22/date-tz-crash.patch
@@ -0,0 +1,43 @@
+This was reported in http://bugs.gnu.org/16872
+from the coreutils command: date -d 'TZ="""'
+
+The infinite loop for this case was present since the
+initial TZ="" parsing support in commit de95bdc2 29-10-2004.
+This was changed to a crash or heap corruption depending
+on the platform with commit 2e3e4195 18-01-2010.
+
+* lib/parse-datetime.y (parse_datetime): Break out of the
+TZ="" parsing loop once the second significant " is found.
+Also skip over any subsequent whitespace to be consistent
+with the non TZ= case.
+
+Fixes: CVE-2014-9471
+
+Upstream-Status: backport
+
+Signed-off-by: Maxin B. John <maxin.john@enea.com>
+Signed-off-by: Pádraig Brady <P@draigBrady.com>
+---
+diff -Naur coreutils-8.22-origin/lib/parse-datetime.y coreutils-8.22/lib/parse-datetime.y
+--- coreutils-8.22-origin/lib/parse-datetime.y	2013-12-04 15:53:33.000000000 +0100
++++ coreutils-8.22/lib/parse-datetime.y	2015-01-05 17:11:16.754358184 +0100
+@@ -1303,8 +1303,6 @@
+             char tz1buf[TZBUFSIZE];
+             bool large_tz = TZBUFSIZE < tzsize;
+             bool setenv_ok;
+-            /* Free tz0, in case this is the 2nd or subsequent time through. */
+-            free (tz0);
+             tz0 = get_tz (tz0buf);
+             z = tz1 = large_tz ? xmalloc (tzsize) : tz1buf;
+             for (s = tzbase; *s != '"'; s++)
+@@ -1317,6 +1315,10 @@
+               goto fail;
+             tz_was_altered = true;
+             p = s + 1;
++            while (c = *p, c_isspace (c))
++              p++;
++
++            break;
+           }
+     }
+ 
diff --git a/meta/recipes-core/coreutils/coreutils_8.22.bb b/meta/recipes-core/coreutils/coreutils_8.22.bb
index f85baca..4a1aee6 100644
--- a/meta/recipes-core/coreutils/coreutils_8.22.bb
+++ b/meta/recipes-core/coreutils/coreutils_8.22.bb
@@ -17,6 +17,7 @@ SRC_URI = "${GNU_MIRROR}/coreutils/${BP}.tar.xz \
            file://dummy_help2man.patch \
            file://fix-for-dummy-man-usage.patch \
            file://fix-selinux-flask.patch \
+           file://date-tz-crash.patch \
           "
 
 SRC_URI[md5sum] = "8fb0ae2267aa6e728958adc38f8163a2"
-- 
1.9.1

[PATCH 03/61] libxml2: fix CVE-2014-3660

[Armin Kuster]

From: Joe MacDonald <joe_macdonald@mentor.com>

It was discovered that the patch for CVE-2014-0191 for libxml2 is
incomplete.  It is still possible to have libxml2 incorrectly perform
entity substituton even when the application using libxml2 explicitly
disables the feature.  This can allow a remote denial-of-service attack on
systems with libxml2 prior to 2.9.2.

References:
    http://www.openwall.com/lists/oss-security/2014/10/17/7
    https://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2.html

(From OE-Core rev: 643597a5c432b2e02033d0cefa3ba4da980d078f)

Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-core/libxml/libxml2.inc               |   1 +
 .../libxml/libxml2/libxml2-CVE-2014-3660.patch     | 147 +++++++++++++++++++++
 2 files changed, 148 insertions(+)
 create mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2014-3660.patch

diff --git a/meta/recipes-core/libxml/libxml2.inc b/meta/recipes-core/libxml/libxml2.inc
index bcf9a62..c729c19 100644
--- a/meta/recipes-core/libxml/libxml2.inc
+++ b/meta/recipes-core/libxml/libxml2.inc
@@ -21,6 +21,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
            file://libxml2-CVE-2014-0191-fix.patch \
            file://python-sitepackages-dir.patch \
            file://libxml-m4-use-pkgconfig.patch \
+           file://libxml2-CVE-2014-3660.patch \
           "
 
 BINCONFIG = "${bindir}/xml2-config"
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2014-3660.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2014-3660.patch
new file mode 100644
index 0000000..b9621c9
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2014-3660.patch
@@ -0,0 +1,147 @@
+From be2a7edaf289c5da74a4f9ed3a0b6c733e775230 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Thu, 16 Oct 2014 13:59:47 +0800
+Subject: Fix for CVE-2014-3660
+
+Issues related to the billion laugh entity expansion which happened to
+escape the initial set of fixes
+
+Upstream-status: Backport
+Reference: https://git.gnome.org/browse/libxml2/commit/?id=be2a7edaf289c5da74a4f9ed3a0b6c733e775230&context=3&ignorews=0&ss=0
+
+Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
+
+diff --git a/parser.c b/parser.c
+index f51e8d2..1d93967 100644
+--- a/parser.c
++++ b/parser.c
+@@ -130,6 +130,29 @@ xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size,
+         return (0);
+     if (ctxt->lastError.code == XML_ERR_ENTITY_LOOP)
+         return (1);
++
++    /*
++     * This may look absurd but is needed to detect
++     * entities problems
++     */
++    if ((ent != NULL) && (ent->etype != XML_INTERNAL_PREDEFINED_ENTITY) &&
++	(ent->content != NULL) && (ent->checked == 0)) {
++	unsigned long oldnbent = ctxt->nbentities;
++	xmlChar *rep;
++
++	ent->checked = 1;
++
++	rep = xmlStringDecodeEntities(ctxt, ent->content,
++				  XML_SUBSTITUTE_REF, 0, 0, 0);
++
++	ent->checked = (ctxt->nbentities - oldnbent + 1) * 2;
++	if (rep != NULL) {
++	    if (xmlStrchr(rep, '<'))
++		ent->checked |= 1;
++	    xmlFree(rep);
++	    rep = NULL;
++	}
++    }
+     if (replacement != 0) {
+ 	if (replacement < XML_MAX_TEXT_LENGTH)
+ 	    return(0);
+@@ -189,9 +212,12 @@ xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size,
+             return (0);
+     } else {
+         /*
+-         * strange we got no data for checking just return
++         * strange we got no data for checking
+          */
+-        return (0);
++	if (((ctxt->lastError.code != XML_ERR_UNDECLARED_ENTITY) &&
++	     (ctxt->lastError.code != XML_WAR_UNDECLARED_ENTITY)) ||
++	    (ctxt->nbentities <= 10000))
++	    return (0);
+     }
+     xmlFatalErr(ctxt, XML_ERR_ENTITY_LOOP, NULL);
+     return (1);
+@@ -2589,6 +2615,7 @@ xmlParserHandlePEReference(xmlParserCtxtPtr ctxt) {
+ 				      name, NULL);
+ 		    ctxt->valid = 0;
+ 		}
++		xmlParserEntityCheck(ctxt, 0, NULL, 0);
+ 	    } else if (ctxt->input->free != deallocblankswrapper) {
+ 		    input = xmlNewBlanksWrapperInputStream(ctxt, entity);
+ 		    if (xmlPushInput(ctxt, input) < 0)
+@@ -2759,6 +2786,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
+ 	    if ((ctxt->lastError.code == XML_ERR_ENTITY_LOOP) ||
+ 	        (ctxt->lastError.code == XML_ERR_INTERNAL_ERROR))
+ 	        goto int_error;
++	    xmlParserEntityCheck(ctxt, 0, ent, 0);
+ 	    if (ent != NULL)
+ 	        ctxt->nbentities += ent->checked / 2;
+ 	    if ((ent != NULL) &&
+@@ -2810,6 +2838,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
+ 	    ent = xmlParseStringPEReference(ctxt, &str);
+ 	    if (ctxt->lastError.code == XML_ERR_ENTITY_LOOP)
+ 	        goto int_error;
++	    xmlParserEntityCheck(ctxt, 0, ent, 0);
+ 	    if (ent != NULL)
+ 	        ctxt->nbentities += ent->checked / 2;
+ 	    if (ent != NULL) {
+@@ -7312,6 +7341,7 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
+ 		   (ret != XML_WAR_UNDECLARED_ENTITY)) {
+ 	    xmlFatalErrMsgStr(ctxt, XML_ERR_UNDECLARED_ENTITY,
+ 		     "Entity '%s' failed to parse\n", ent->name);
++	    xmlParserEntityCheck(ctxt, 0, ent, 0);
+ 	} else if (list != NULL) {
+ 	    xmlFreeNodeList(list);
+ 	    list = NULL;
+@@ -7418,7 +7448,7 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
+ 		/*
+ 		 * We are copying here, make sure there is no abuse
+ 		 */
+-		ctxt->sizeentcopy += ent->length;
++		ctxt->sizeentcopy += ent->length + 5;
+ 		if (xmlParserEntityCheck(ctxt, 0, ent, ctxt->sizeentcopy))
+ 		    return;
+ 
+@@ -7466,7 +7496,7 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
+ 		/*
+ 		 * We are copying here, make sure there is no abuse
+ 		 */
+-		ctxt->sizeentcopy += ent->length;
++		ctxt->sizeentcopy += ent->length + 5;
+ 		if (xmlParserEntityCheck(ctxt, 0, ent, ctxt->sizeentcopy))
+ 		    return;
+ 
+@@ -7652,6 +7682,7 @@ xmlParseEntityRef(xmlParserCtxtPtr ctxt) {
+ 		ctxt->sax->reference(ctxt->userData, name);
+ 	    }
+ 	}
++	xmlParserEntityCheck(ctxt, 0, ent, 0);
+ 	ctxt->valid = 0;
+     }
+ 
+@@ -7845,6 +7876,7 @@ xmlParseStringEntityRef(xmlParserCtxtPtr ctxt, const xmlChar ** str) {
+ 			  "Entity '%s' not defined\n",
+ 			  name);
+ 	}
++	xmlParserEntityCheck(ctxt, 0, ent, 0);
+ 	/* TODO ? check regressions ctxt->valid = 0; */
+     }
+ 
+@@ -8004,6 +8036,7 @@ xmlParsePEReference(xmlParserCtxtPtr ctxt)
+ 			  name, NULL);
+ 	    ctxt->valid = 0;
+ 	}
++	xmlParserEntityCheck(ctxt, 0, NULL, 0);
+     } else {
+ 	/*
+ 	 * Internal checking in case the entity quest barfed
+@@ -8243,6 +8276,7 @@ xmlParseStringPEReference(xmlParserCtxtPtr ctxt, const xmlChar **str) {
+ 			  name, NULL);
+ 	    ctxt->valid = 0;
+ 	}
++	xmlParserEntityCheck(ctxt, 0, NULL, 0);
+     } else {
+ 	/*
+ 	 * Internal checking in case the entity quest barfed
+-- 
+cgit v0.10.1
+
-- 
1.9.1

[PATCH 04/61] libxml2: Backport fix for CVE introduced entity issues

[Armin Kuster]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

The CVE fix introduced problems with entity issues, we observed this
when building the Yocto Docs in particular. Backport the fix from
upstream so we can build our docs correctly.

[YOCTO #7134]

(From OE-Core rev: af501bd51f9a86edd34e0405bc32dabe21312229)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../72a46a519ce7326d9a00f0b6a7f2a8e958cd1675.patch | 30 ++++++++++++++++++++++
 meta/recipes-core/libxml/libxml2_2.9.1.bb          |  3 ++-
 2 files changed, 32 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-core/libxml/libxml2/72a46a519ce7326d9a00f0b6a7f2a8e958cd1675.patch

diff --git a/meta/recipes-core/libxml/libxml2/72a46a519ce7326d9a00f0b6a7f2a8e958cd1675.patch b/meta/recipes-core/libxml/libxml2/72a46a519ce7326d9a00f0b6a7f2a8e958cd1675.patch
new file mode 100644
index 0000000..10a8112
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/72a46a519ce7326d9a00f0b6a7f2a8e958cd1675.patch
@@ -0,0 +1,30 @@
+From 72a46a519ce7326d9a00f0b6a7f2a8e958cd1675 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Thu, 23 Oct 2014 11:35:36 +0800
+Subject: Fix missing entities after CVE-2014-3660 fix
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=738805
+
+The fix for CVE-2014-3660 introduced a regression in some case
+where entity substitution is required and the entity is used
+first in anotther entity referenced from an attribute value
+
+Upstream-Status: Backport
+
+diff --git a/parser.c b/parser.c
+index 67c9dfd..a8d1b67 100644
+--- a/parser.c
++++ b/parser.c
+@@ -7235,7 +7235,8 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
+      * far more secure as the parser will only process data coming from
+      * the document entity by default.
+      */
+-    if ((ent->checked == 0) &&
++    if (((ent->checked == 0) ||
++         ((ent->children == NULL) && (ctxt->options & XML_PARSE_NOENT))) &&
+         ((ent->etype != XML_EXTERNAL_GENERAL_PARSED_ENTITY) ||
+          (ctxt->options & (XML_PARSE_NOENT | XML_PARSE_DTDVALID)))) {
+ 	unsigned long oldnbent = ctxt->nbentities;
+-- 
+cgit v0.10.1
+
diff --git a/meta/recipes-core/libxml/libxml2_2.9.1.bb b/meta/recipes-core/libxml/libxml2_2.9.1.bb
index 0b6ac5d..e087324 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.1.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.1.bb
@@ -1,6 +1,7 @@
 require libxml2.inc
 
-SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;name=testtar"
+SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;name=testtar \
+            file://72a46a519ce7326d9a00f0b6a7f2a8e958cd1675.patch"
 
 SRC_URI[libtar.md5sum] = "9c0cfef285d5c4a5c80d00904ddab380"
 SRC_URI[libtar.sha256sum] = "fd3c64cb66f2c4ea27e934d275904d92cec494a8e8405613780cbc8a71680fdb"
-- 
1.9.1

[PATCH 05/61] libunwind: Fix test case link failure on PowerPC with Altivec

[Armin Kuster]

From: Ting Liu <ting.liu@freescale.com>

Signed-off-by: Ting Liu <ting.liu@freescale.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 ...k-failure-on-PowerPC-systems-with-Altivec.patch | 28 ++++++++++++++++++++++
 meta/recipes-support/libunwind/libunwind_1.1.bb    |  4 ++++
 2 files changed, 32 insertions(+)
 create mode 100644 meta/recipes-support/libunwind/libunwind-1.1/Fix-test-case-link-failure-on-PowerPC-systems-with-Altivec.patch

diff --git a/meta/recipes-support/libunwind/libunwind-1.1/Fix-test-case-link-failure-on-PowerPC-systems-with-Altivec.patch b/meta/recipes-support/libunwind/libunwind-1.1/Fix-test-case-link-failure-on-PowerPC-systems-with-Altivec.patch
new file mode 100644
index 0000000..dc0f5c1
--- /dev/null
+++ b/meta/recipes-support/libunwind/libunwind-1.1/Fix-test-case-link-failure-on-PowerPC-systems-with-Altivec.patch
@@ -0,0 +1,28 @@
+Fix test case link failure on PowerPC systems with Altivec
+
+Upstream-Status:backport
+
+On systems where the system compiler supports Altivec by default,
+the libunwind Makefile will attempt to build an extra test case
+ppc64-test-altivec.  Unfortunately, the link step will fail since
+the Makefile does not actually link against the libunwind library.
+
+Fixed by adding the appropriate LDADD macro.
+
+Signed-off-by: Ulrich Weigand <address@hidden>
+---
+ tests/Makefile.am | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index 0e30536..9c76628 100644
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -201,3 +201,4 @@ Lia64_test_rbs_LDADD = $(LIBUNWIND_local)
+ Lia64_test_readonly_LDADD = $(LIBUNWIND_local)
+ ia64_test_dyn1_LDADD = $(LIBUNWIND)
+ ia64_test_sig_LDADD = $(LIBUNWIND)
++ppc64_test_altivec_LDADD = $(LIBUNWIND)
+-- 
+1.8.5
+
diff --git a/meta/recipes-support/libunwind/libunwind_1.1.bb b/meta/recipes-support/libunwind/libunwind_1.1.bb
index bc38e36..20db132 100644
--- a/meta/recipes-support/libunwind/libunwind_1.1.bb
+++ b/meta/recipes-support/libunwind/libunwind_1.1.bb
@@ -1,4 +1,8 @@
 require libunwind.inc
 
+SRC_URI += "\
+    file://Fix-test-case-link-failure-on-PowerPC-systems-with-Altivec.patch \
+"
+
 SRC_URI[md5sum] = "fb4ea2f6fbbe45bf032cd36e586883ce"
 SRC_URI[sha256sum] = "9dfe0fcae2a866de9d3942c66995e4b460230446887dbdab302d41a8aee8d09a"
-- 
1.9.1

[PATCH 06/61] bitbake.conf: add PKGDATA_DIR to BB_HASHBASE_WHITELIST

[Armin Kuster]

From: Ting Liu <b28495@freescale.com>

In meta/conf/bitbake.conf, PKGDATA_DIR is default to:
PKGDATA_DIR = "${STAGING_DIR_HOST}/pkgdata"

But in meta/conf/multilib.conf, PKGDATA_DIR is set as:
PKGDATA_DIR = "${STAGING_DIR}/${MACHINE}/pkgdata"

When multilib enabled, linux-libc-headers cache will be machine
specific:
$ bitbake-diffsigs sstate-cache/1a/sstate:linux-libc-headers:ppce6500-poky-linux:3.17.7:r0:ppce6500:3:1a0c3934d91479fd7242a5b1d407d155_package.tgz.siginfo sstate-cache/28/sstate:linux-libc-headers:ppce6500-poky-linux:3.17.7:r0:ppce6500:3:28c918e8f9f4a4cfceb3a38b258f7501_package.tgz.siginfo
basehash changed from 8d3158bbddcee612fa30badd05f47b8e to 68ac258fc6c8e489f360fde3123a5894
Variable MACHINE value changed from 'b4420qds' to 'b4860qds'

Signed-off-by: Ting Liu <ting.liu@freescale.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/conf/bitbake.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf
index 74813a2..90b64b0 100644
--- a/meta/conf/bitbake.conf
+++ b/meta/conf/bitbake.conf
@@ -771,7 +771,7 @@ BB_HASHBASE_WHITELIST ?= "TMPDIR FILE PATH PWD BB_TASKHASH BBPATH DL_DIR \
     USER FILESPATH STAGING_DIR_HOST STAGING_DIR_TARGET COREBASE PRSERV_HOST \
     PRSERV_DUMPDIR PRSERV_DUMPFILE PRSERV_LOCKDOWN PARALLEL_MAKE \
     CCACHE_DIR EXTERNAL_TOOLCHAIN CCACHE CCACHE_DISABLE LICENSE_PATH SDKPKGSUFFIX \
-    WARN_QA ERROR_QA WORKDIR STAMPCLEAN"
+    WARN_QA ERROR_QA WORKDIR STAMPCLEAN PKGDATA_DIR"
 BB_HASHCONFIG_WHITELIST ?= "${BB_HASHBASE_WHITELIST} DATE TIME SSH_AGENT_PID \
     SSH_AUTH_SOCK PSEUDO_BUILD BB_ENV_EXTRAWHITE DISABLE_SANITY_CHECKS \
     PARALLEL_MAKE BB_NUMBER_THREADS BB_ORIGENV BB_INVALIDCONF BBINCLUDED"
-- 
1.9.1

[PATCH 07/61] valgrind: build with altivec only if it supported

[Armin Kuster]

From: Ting Liu <ting.liu@freescale.com>

Signed-off-by: Ting Liu <ting.liu@freescale.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../pass-maltivec-only-if-it-supported.patch       | 68 ++++++++++++++++++++++
 meta/recipes-devtools/valgrind/valgrind_3.9.0.bb   |  1 +
 2 files changed, 69 insertions(+)
 create mode 100644 meta/recipes-devtools/valgrind/valgrind/pass-maltivec-only-if-it-supported.patch

diff --git a/meta/recipes-devtools/valgrind/valgrind/pass-maltivec-only-if-it-supported.patch b/meta/recipes-devtools/valgrind/valgrind/pass-maltivec-only-if-it-supported.patch
new file mode 100644
index 0000000..12ad4c3
--- /dev/null
+++ b/meta/recipes-devtools/valgrind/valgrind/pass-maltivec-only-if-it-supported.patch
@@ -0,0 +1,68 @@
+Upstream-status: Backport
+
+r14566 | florian | 2014-09-24 17:02:54 -0500 (Wed, 24 Sep 2014) | 4 lines
+
+The testbuckets none/tests/ppc{32,64} did not build in case the
+toolchain did not support -maltivec -mabi=altivec.
+This should work now. Fixes BZ #338731
+
+Index: none/tests/ppc32/Makefile.am
+===================================================================
+--- a/none/tests/ppc32/Makefile.am	(revision 14565)
++++ b/none/tests/ppc32/Makefile.am	(revision 14566)
+@@ -72,8 +72,12 @@
+ allexec_CFLAGS		= $(AM_CFLAGS) @FLAG_W_NO_NONNULL@
+ 
+ if HAS_ALTIVEC
++BUILD_FLAG_ALTIVEC = -maltivec
++BUILD_FLAG_ABI_ALTIVEC = -mabi=altivec
+ ALTIVEC_FLAG = -DHAS_ALTIVEC
+ else
++BUILD_FLAG_ALTIVEC =
++BUILD_FLAG_ABI_ALTIVEC =
+ ALTIVEC_FLAG =
+ endif
+ 
+@@ -101,11 +105,12 @@
+ ISA_2_07_FLAG =
+ endif
+ 
+-jm_insns_CFLAGS = $(AM_CFLAGS) -Winline -Wall -O -g -mregnames -maltivec \
+-			@FLAG_M32@ $(ALTIVEC_FLAG)
++jm_insns_CFLAGS = $(AM_CFLAGS) -Winline -Wall -O -g -mregnames \
++			@FLAG_M32@ $(ALTIVEC_FLAG) $(BUILD_FLAG_ALTIVEC)
+ 
+-testVMX_CFLAGS  = $(AM_CFLAGS) -O -g -Wall -maltivec -mabi=altivec -DALTIVEC \
+-			-DGCC_COMPILER @FLAG_M32@
++testVMX_CFLAGS  = $(AM_CFLAGS) -O -g -Wall -DALTIVEC \
++			-DGCC_COMPILER @FLAG_M32@  $(BUILD_FLAG_ALTIVEC) \
++			$(BUILD_FLAG_ABI_ALTIVEC)
+ 
+ test_isa_2_06_part1_CFLAGS = $(AM_CFLAGS) -Winline -Wall -O -g -mregnames $(VSX_FLAG) \
+ 			@FLAG_M32@ $(ALTIVEC_FLAG) $(BUILD_FLAG_VSX)
+Index: none/tests/ppc64/Makefile.am
+===================================================================
+--- a/none/tests/ppc64/Makefile.am	(revision 14565)
++++ b/none/tests/ppc64/Makefile.am	(revision 14566)
+@@ -50,8 +50,10 @@
+ allexec_CFLAGS		= $(AM_CFLAGS) @FLAG_W_NO_NONNULL@
+ 
+ if HAS_ALTIVEC
++BUILD_FLAG_ALTIVEC = -maltivec
+ ALTIVEC_FLAG = -DHAS_ALTIVEC
+ else
++BUILD_FLAG_ALTIVEC =
+ ALTIVEC_FLAG =
+ endif
+ 
+@@ -88,8 +90,8 @@
+ test_isa_2_06_part3_CFLAGS = $(AM_CFLAGS) -Winline -Wall -O -g -mregnames $(VSX_FLAG) \
+ 			@FLAG_M64@ $(ALTIVEC_FLAG) $(BUILD_FLAG_VSX)
+ 
+-jm_insns_CFLAGS = $(AM_CFLAGS) -Winline -Wall -O -g -mregnames -maltivec \
+-			@FLAG_M64@ $(ALTIVEC_FLAG)
++jm_insns_CFLAGS = $(AM_CFLAGS) -Winline -Wall -O -g -mregnames \
++			@FLAG_M64@ $(ALTIVEC_FLAG) $(BUILD_FLAG_ALTIVEC)
+ 
+ test_dfp1_CFLAGS = $(AM_CFLAGS) -Winline -Wall -O -g -mregnames $(DFP_FLAG) \
+ 			@FLAG_M64@ $(BUILD_FLAGS_DFP)
diff --git a/meta/recipes-devtools/valgrind/valgrind_3.9.0.bb b/meta/recipes-devtools/valgrind/valgrind_3.9.0.bb
index c415e77..eea81a2 100644
--- a/meta/recipes-devtools/valgrind/valgrind_3.9.0.bb
+++ b/meta/recipes-devtools/valgrind/valgrind_3.9.0.bb
@@ -20,6 +20,7 @@ SRC_URI = "http://www.valgrind.org/downloads/valgrind-${PV}.tar.bz2 \
            file://remove-arm-variant-specific.patch \
            file://remove-ppc-tests-failing-build.patch \
            file://add-ptest.patch \
+           file://pass-maltivec-only-if-it-supported.patch \
            file://run-ptest \
           "
 
-- 
1.9.1

[PATCH 08/61] bitbake: cooker: Shut down the parser in error state

[Armin Kuster]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

If the cooker is in an error state, we shouldn't continue to try parsing.
This fixes an issue where an invalid PR server is detected when bitbake
is started and ensures bitbake exits cleanly rather than hanging.

[YOCTO #6934]

(Bitbake rev: 294bb9cad294423d4f8998405ceff58655f12660)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 bitbake/lib/bb/cooker.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bitbake/lib/bb/cooker.py b/bitbake/lib/bb/cooker.py
index a900b07..8e6d91b 100644
--- a/bitbake/lib/bb/cooker.py
+++ b/bitbake/lib/bb/cooker.py
@@ -1286,7 +1286,7 @@ class BBCooker:
         if self.state == state.running:
             return
 
-        if self.state in (state.shutdown, state.forceshutdown):
+        if self.state in (state.shutdown, state.forceshutdown, state.error):
             if hasattr(self.parser, 'shutdown'):
                 self.parser.shutdown(clean=False, force = True)
             raise bb.BBHandledException()
-- 
1.9.1

[PATCH 09/61] bitbake: bitbake-worker: Use setsid() rather than setpgid()

[Armin Kuster]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

The bug has a long discussion of this. Basically, in some environments,
the exact details of which aren't understood, a Ctrl+C signal to the
UI is being transmitted to all the process children. Looking at the output
of "ps ax -O tpgid", its clear the main process is still the terminal
owner of these processes.

stty -a on a problematic system shows: "-ignbrk brkint"
and on a working system shows: "-ignbrk -brkint"

The description of brkint would suggest this is the problem, setting up
that terminal environment wasn't able to reproduce the problem though.
It was confirmed that using setsid() caused the problem to be resolved
and is probably the right thing to be doing anyway, so lets do it.

[YOCTO #6949]

(Bitbake rev: 461aa73fff0ab616032d28c4fd0322eb88838be6)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 bitbake/bin/bitbake-worker | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/bitbake/bin/bitbake-worker b/bitbake/bin/bitbake-worker
index 371c99a..8a24161 100755
--- a/bitbake/bin/bitbake-worker
+++ b/bitbake/bin/bitbake-worker
@@ -156,8 +156,11 @@ def fork_off_task(cfg, data, workerdata, fn, task, taskname, appends, taskdepdat
             bb.event.worker_fire = worker_child_fire
             worker_pipe = pipeout
 
-            # Make the child the process group leader
-            os.setpgid(0, 0)
+            # Make the child the process group leader and ensure no
+            # child process will be controlled by the current terminal
+            # This ensures signals sent to the controlling terminal like Ctrl+C
+            # don't stop the child processes.
+            os.setsid()
             # No stdin
             newsi = os.open(os.devnull, os.O_RDWR)
             os.dup2(newsi, sys.stdin.fileno())
-- 
1.9.1

[PATCH 10/61] bitbake: cache/fetch2/siggen: Ensure we track include history for file checksums

[Armin Kuster]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

Currently, if you reference a file url, its checksum is included in the
task hash, however if you change to a different file at a different
location, perhaps taking advantage of the FILESPATH functionality, the
system will not reparse the file in question and change its checksum to
match the new file.

To correctly handle this, the system not only needs to know if the
existing file still exists or not, but also check the existance
of every file it would have looked at when computing the original file.

We already do this in the bitbake parsing code for class inclusion. This
change uses the same technique to log the file list we looked at and
if files in these locations exist when they previously did not, to
invalidate and reparse the file.

Since data stored in the cache is flattened text, we have to use a string
form of the data and split on the ":" character which is ugly, but is
an internal detail we can improve later if a better method is found.

The cache version changes to trigger a reparse since the previous
cache data is now incompatible.

[YOCTO #7019]

(Bitbake rev: 6c0706a28d72c591f1b75b6e3f3b645859387c7e)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 bitbake/lib/bb/cache.py           |  9 ++++++---
 bitbake/lib/bb/fetch2/__init__.py | 35 ++++++++++++++++++-----------------
 bitbake/lib/bb/siggen.py          |  3 ++-
 3 files changed, 26 insertions(+), 21 deletions(-)

diff --git a/bitbake/lib/bb/cache.py b/bitbake/lib/bb/cache.py
index ac0c27f..715da07 100644
--- a/bitbake/lib/bb/cache.py
+++ b/bitbake/lib/bb/cache.py
@@ -43,7 +43,7 @@ except ImportError:
     logger.info("Importing cPickle failed. "
                 "Falling back to a very slow implementation.")
 
-__cache_version__ = "147"
+__cache_version__ = "148"
 
 def getCacheFile(path, filename, data_hash):
     return os.path.join(path, filename + "." + data_hash)
@@ -529,8 +529,11 @@ class Cache(object):
         if hasattr(info_array[0], 'file_checksums'):
             for _, fl in info_array[0].file_checksums.items():
                 for f in fl.split():
-                    if not ('*' in f or os.path.exists(f)):
-                        logger.debug(2, "Cache: %s's file checksum list file %s was removed",
+                    if "*" in f:
+                        continue
+                    f, exist = f.split(":")
+                    if (exist == "True" and not os.path.exists(f)) or (exist == "False" and os.path.exists(f)):
+                        logger.debug(2, "Cache: %s's file checksum list file %s changed",
                                         fn, f)
                         self.remove(fn)
                         return False
diff --git a/bitbake/lib/bb/fetch2/__init__.py b/bitbake/lib/bb/fetch2/__init__.py
index c0a4763..378d41e 100644
--- a/bitbake/lib/bb/fetch2/__init__.py
+++ b/bitbake/lib/bb/fetch2/__init__.py
@@ -936,22 +936,21 @@ def get_checksum_file_list(d):
         ud = fetch.ud[u]
 
         if ud and isinstance(ud.method, local.Local):
-            ud.setup_localpath(d)
-            f = ud.localpath
-            pth = ud.decodedurl
-            if '*' in pth:
-                f = os.path.join(os.path.abspath(f), pth)
-            if f.startswith(dl_dir):
-                # The local fetcher's behaviour is to return a path under DL_DIR if it couldn't find the file anywhere else
-                if os.path.exists(f):
-                    bb.warn("Getting checksum for %s SRC_URI entry %s: file not found except in DL_DIR" % (d.getVar('PN', True), os.path.basename(f)))
-                else:
-                    bb.warn("Unable to get checksum for %s SRC_URI entry %s: file could not be found" % (d.getVar('PN', True), os.path.basename(f)))
-            filelist.append(f)
+            paths = ud.method.localpaths(ud, d)
+            for f in paths:
+                pth = ud.decodedurl
+                if '*' in pth:
+                    f = os.path.join(os.path.abspath(f), pth)
+                if f.startswith(dl_dir):
+                    # The local fetcher's behaviour is to return a path under DL_DIR if it couldn't find the file anywhere else
+                    if os.path.exists(f):
+                        bb.warn("Getting checksum for %s SRC_URI entry %s: file not found except in DL_DIR" % (d.getVar('PN', True), os.path.basename(f)))
+                    else:
+                        bb.warn("Unable to get checksum for %s SRC_URI entry %s: file could not be found" % (d.getVar('PN', True), os.path.basename(f)))
+                filelist.append(f + ":" + str(os.path.exists(f)))
 
     return " ".join(filelist)
 
-
 def get_file_checksums(filelist, pn):
     """Get a list of the checksums for a list of local files
 
@@ -981,6 +980,10 @@ def get_file_checksums(filelist, pn):
 
     checksums = []
     for pth in filelist.split():
+        exist = pth.split(":")[1]
+        if exist == "False":
+            continue
+        pth = pth.split(":")[0]
         if '*' in pth:
             # Handle globs
             for f in glob.glob(pth):
@@ -988,14 +991,12 @@ def get_file_checksums(filelist, pn):
                     checksums.extend(checksum_dir(f))
                 else:
                     checksum = checksum_file(f)
-                    if checksum:
-                        checksums.append((f, checksum))
+                    checksums.append((f, checksum))
         elif os.path.isdir(pth):
             checksums.extend(checksum_dir(pth))
         else:
             checksum = checksum_file(pth)
-            if checksum:
-                checksums.append((pth, checksum))
+            checksums.append((pth, checksum))
 
     checksums.sort(key=operator.itemgetter(1))
     return checksums
diff --git a/bitbake/lib/bb/siggen.py b/bitbake/lib/bb/siggen.py
index 28f93ba..ef683ba 100644
--- a/bitbake/lib/bb/siggen.py
+++ b/bitbake/lib/bb/siggen.py
@@ -185,7 +185,8 @@ class SignatureGeneratorBasic(SignatureGenerator):
             checksums = bb.fetch2.get_file_checksums(dataCache.file_checksums[fn][task], recipename)
             for (f,cs) in checksums:
                 self.file_checksum_values[k][f] = cs
-                data = data + cs
+                if cs:
+                    data = data + cs
 
         taint = self.read_taint(fn, task, dataCache.stamp[fn])
         if taint:
-- 
1.9.1

[PATCH 11/61] bitbake: wget: Add localpaths method which gives localpath with history

[Armin Kuster]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

In some cases for cache purpoes we not only need to know which file
is going to be used but also which paths were considered. Add a
localpaths method which includes the history.

The core which() funciton already supports this, this just extends
the function to preserve the extra data we need. localpath becomes
just a special case of the case with history.

(Bitbake rev: ea5efeac5c1f7986666c979f789786f29fc1619a)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 bitbake/lib/bb/fetch2/local.py | 54 ++++++++++++++++++++++++++----------------
 1 file changed, 33 insertions(+), 21 deletions(-)

diff --git a/bitbake/lib/bb/fetch2/local.py b/bitbake/lib/bb/fetch2/local.py
index 6fa188f..0785236 100644
--- a/bitbake/lib/bb/fetch2/local.py
+++ b/bitbake/lib/bb/fetch2/local.py
@@ -51,29 +51,41 @@ class Local(FetchMethod):
         """
         Return the local filename of a given url assuming a successful fetch.
         """
+        return self.localpaths(urldata, d)[-1]
+
+    def localpaths(self, urldata, d):
+        """
+        Return the local filename of a given url assuming a successful fetch.
+        """
+        searched = []
         path = urldata.decodedurl
         newpath = path
-        if path[0] != "/":
-            filespath = data.getVar('FILESPATH', d, True)
-            if filespath:
-                logger.debug(2, "Searching for %s in paths:\n    %s" % (path, "\n    ".join(filespath.split(":"))))
-                newpath = bb.utils.which(filespath, path)
-            if not newpath:
-                filesdir = data.getVar('FILESDIR', d, True)
-                if filesdir:
-                    logger.debug(2, "Searching for %s in path: %s" % (path, filesdir))
-                    newpath = os.path.join(filesdir, path)
-            if (not newpath or not os.path.exists(newpath)) and path.find("*") != -1:
-                # For expressions using '*', best we can do is take the first directory in FILESPATH that exists
-                newpath = bb.utils.which(filespath, ".")
-                logger.debug(2, "Searching for %s in path: %s" % (path, newpath))
-                return newpath
-            if not os.path.exists(newpath):
-                dldirfile = os.path.join(d.getVar("DL_DIR", True), path)
-                logger.debug(2, "Defaulting to %s for %s" % (dldirfile, path))
-                bb.utils.mkdirhier(os.path.dirname(dldirfile))
-                return dldirfile
-        return newpath
+        if path[0] == "/":
+            return [path]
+        filespath = data.getVar('FILESPATH', d, True)
+        if filespath:
+            logger.debug(2, "Searching for %s in paths:\n    %s" % (path, "\n    ".join(filespath.split(":"))))
+            newpath, hist = bb.utils.which(filespath, path, history=True)
+            searched.extend(hist)
+        if not newpath:
+            filesdir = data.getVar('FILESDIR', d, True)
+            if filesdir:
+                logger.debug(2, "Searching for %s in path: %s" % (path, filesdir))
+                newpath = os.path.join(filesdir, path)
+                searched.append(newpath)
+        if (not newpath or not os.path.exists(newpath)) and path.find("*") != -1:
+            # For expressions using '*', best we can do is take the first directory in FILESPATH that exists
+            newpath, hist = bb.utils.which(filespath, ".", history=True)
+            searched.extend(hist)
+            logger.debug(2, "Searching for %s in path: %s" % (path, newpath))
+            return searched
+        if not os.path.exists(newpath):
+            dldirfile = os.path.join(d.getVar("DL_DIR", True), path)
+            logger.debug(2, "Defaulting to %s for %s" % (dldirfile, path))
+            bb.utils.mkdirhier(os.path.dirname(dldirfile))
+            searched.append(dldirfile)
+            return searched
+        return searched
 
     def need_update(self, ud, d):
         if ud.url.find("*") != -1:
-- 
1.9.1

[PATCH 12/61] bitbake: ast: Add error when trying to use dash in sh function names

[Armin Kuster]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

A dash character is illegal in function names in sh (but not bash). Since
our shell tasks run under sh and the shell parser is sh based, EXPORT_FUNCTIONS
won't work with class names containing a dash.

We can't change sh, we can ensure the user is warned about the problem
straight away though.

[YOCTO #7006]

(Bitbake rev: 86704281b79e524dccccc88cbf996b299b33bae2)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 bitbake/lib/bb/parse/ast.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/bitbake/lib/bb/parse/ast.py b/bitbake/lib/bb/parse/ast.py
index 4e5a06e..4b10ee7 100644
--- a/bitbake/lib/bb/parse/ast.py
+++ b/bitbake/lib/bb/parse/ast.py
@@ -226,6 +226,8 @@ class ExportFuncsNode(AstNode):
             if data.getVarFlag(calledfunc, "python"):
                 data.setVar(func, "    bb.build.exec_func('" + calledfunc + "', d)\n")
             else:
+                if "-" in self.classname:
+                   bb.fatal("The classname %s contains a dash character and is calling an sh function %s using EXPORT_FUNCTIONS. Since a dash is illegal in sh function names, this cannot work, please rename the class or don't use EXPORT_FUNCTIONS." % (self.classname, calledfunc))
                 data.setVar(func, "    " + calledfunc + "\n")
             data.setVarFlag(func, 'export_func', '1')
 
-- 
1.9.1

[PATCH 13/61] openssl: fix hard paths in native openssl

[Armin Kuster]

From: André Draszik <adraszik@digisoft.tv>

This causes the package to not be relocateable from sstate

The OpenSSL binaries respect a few environment variables for determining
locations of files, so we now use these to point the binaries to the
relocated locations.

[YOCTO #6827]

(From OE-Core rev: 771d3123331fbfab1eb9ce47e3013eabcb2248f5)

Signed-off-by: André Draszik <adraszik@digisoft.tv>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-connectivity/openssl/openssl.inc | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc
index 9ec884f..31dfd8f 100644
--- a/meta/recipes-connectivity/openssl/openssl.inc
+++ b/meta/recipes-connectivity/openssl/openssl.inc
@@ -193,5 +193,12 @@ do_install_ptest () {
 	install util/shlib_wrap.sh     ${D}${PTEST_PATH}/util
 }
 
-BBCLASSEXTEND = "native nativesdk"
+do_install_append_virtclass-native() {
+	create_wrapper ${D}${bindir}/openssl \
+	    OPENSSL_CONF=${libdir}/ssl/openssl.cnf \
+	    SSL_CERT_DIR=${libdir}/ssl/certs \
+	    SSL_CERT_FILE=${libdir}/ssl/cert.pem \
+	    OPENSSL_ENGINES=${libdir}/ssl/engines
+}
 
+BBCLASSEXTEND = "native nativesdk"
-- 
1.9.1

[PATCH 14/61] poky.conf: add file-rdeps to WARN_QA

[Armin Kuster]

From: Paul Eggleton <paul.eggleton@linux.intel.com>

This was added to the default value of WARN_QA in insane.bbclass in
OE-Core, but we missed adding it to the value set in poky.conf.

(From meta-yocto rev: 125621909c69ac00ca90e6001b7798c5123b0405)

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-yocto/conf/distro/poky.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-yocto/conf/distro/poky.conf b/meta-yocto/conf/distro/poky.conf
index db6ad5f..0a5d99e 100644
--- a/meta-yocto/conf/distro/poky.conf
+++ b/meta-yocto/conf/distro/poky.conf
@@ -112,7 +112,7 @@ INHERIT += "poky-sanity"
 
 # QA check settings - a little stricter than the OE-Core defaults
 WARN_QA = "textrel files-invalid incompatible-license xorg-driver-abi libdir \
-           unknown-configure-option build-deps"
+           unknown-configure-option build-deps file-rdeps"
 ERROR_QA = "dev-so debug-deps dev-deps debug-files arch pkgconfig la perms \
             useless-rpaths rpaths staticdev ldflags pkgvarcheck already-stripped \
             compile-host-path dep-cmp installed-vs-shipped install-host-path \
-- 
1.9.1

[PATCH 15/61] security_flags: disable pie support for libaio, blktrace and ltp

[Armin Kuster]

From: Saul Wold <sgw@linux.intel.com>

libaio when built with pie and fpie does not link correctly with blktrace or ltp
so we need to disable those flags until a better solution comes along.

(From OE-Core rev: 4fbf13a6c28fc1170a4defbf50032546a14eaa59)

Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/conf/distro/include/security_flags.inc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
index 840f68a..d6f7e9c 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -16,6 +16,7 @@ SECURITY_CFLAGS_pn-lttng-tools_arm = "${SECURITY_NO_PIE_CFLAGS}"
 
 SECURITY_CFLAGS_pn-aspell = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-beecrypt = "${SECURITY_NO_PIE_CFLAGS}"
+SECURITY_CFLAGS_pn-blktrace = "${SECURITY_NO_PIE_CFLAGS}"
 # Curl seems to check for FORTIFY_SOURCE in CFLAGS, but even assigned
 # to CPPFLAGS it gets picked into CFLAGS in bitbake.
 #TARGET_CPPFLAGS_pn-curl += "-D_FORTIFY_SOURCE=2"
@@ -43,6 +44,7 @@ SECURITY_CFLAGS_pn-gst-plugins-gl = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-gstreamer1.0-plugins-good = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-harfbuzz = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-kexec-tools = "${SECURITY_NO_PIE_CFLAGS}"
+SECURITY_CFLAGS_pn-libaio = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-libcap = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-libgcc = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-libid3tag = "${SECURITY_NO_PIE_CFLAGS}"
@@ -51,6 +53,7 @@ SECURITY_CFLAGS_pn-libglu = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-libpcap = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-libpcre = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-libproxy = "${SECURITY_NO_PIE_CFLAGS}"
+SECURITY_CFLAGS_pn-ltp = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-lttng-ust = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-mesa = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-mesa-gl = "${SECURITY_NO_PIE_CFLAGS}"
-- 
1.9.1

[PATCH 16/61] systemd: add missing RDEPENDS

[Armin Kuster]

From: Ross Burton <ross.burton@intel.com>

systemd-ptest also needs a Python interpretter.  Also remove the redundant
comment.

systemd-kernel-install is a bash script that can't be trivially ported to POSIX
sh.

(From OE-Core rev: 9f6b34493d332f9eff54c3eb2da9483a344e6d3c)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-core/systemd/systemd_216.bb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-core/systemd/systemd_216.bb b/meta/recipes-core/systemd/systemd_216.bb
index 8e1b5aa..5e76f7c 100644
--- a/meta/recipes-core/systemd/systemd_216.bb
+++ b/meta/recipes-core/systemd/systemd_216.bb
@@ -192,8 +192,7 @@ RDEPENDS_${PN}-initramfs = "${PN}"
 
 FILES_libgudev = "${libdir}/libgudev*${SOLIBS}"
 
-# The test cases need perl and bash to run correctly.
-RDEPENDS_${PN}-ptest += "perl bash"
+RDEPENDS_${PN}-ptest += "perl python bash"
 FILES_${PN}-ptest += "${libdir}/udev/rules.d"
 
 FILES_${PN}-dbg += "${libdir}/systemd/ptest/.debug"
@@ -204,6 +203,7 @@ FILES_${PN}-vconsole-setup = "${rootlibexecdir}/systemd/systemd-vconsole-setup \
                               ${systemd_unitdir}/system/systemd-vconsole-setup.service \
                               ${systemd_unitdir}/system/sysinit.target.wants/systemd-vconsole-setup.service"
 
+RDEPENDS_${PN}-kernel-install += "bash"
 FILES_${PN}-kernel-install = "${bindir}/kernel-install \
                               ${sysconfdir}/kernel/ \
                               ${exec_prefix}/lib/kernel \
-- 
1.9.1

[PATCH 17/61] openssh: deliver ssh-copy-id

[Armin Kuster]

From: Kai Kang <kai.kang@windriver.com>

Deliver script ssh-copy-id from openssh which is useful to add an
authorized ssh key.

(From OE-Core rev: 16562034a2c28cbfc6c90f9324c42c08e0655b7d)

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-connectivity/openssh/openssh_6.6p1.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-connectivity/openssh/openssh_6.6p1.bb b/meta/recipes-connectivity/openssh/openssh_6.6p1.bb
index 0b9e0fb..f575665 100644
--- a/meta/recipes-connectivity/openssh/openssh_6.6p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_6.6p1.bb
@@ -94,6 +94,7 @@ do_install_append () {
 	rmdir ${D}${localstatedir}/run/sshd ${D}${localstatedir}/run ${D}${localstatedir}
 	install -d ${D}/${sysconfdir}/default/volatiles
 	install -m 644 ${WORKDIR}/volatiles.99_sshd ${D}/${sysconfdir}/default/volatiles/99_sshd
+	install -m 0755 ${S}/contrib/ssh-copy-id ${D}${bindir}
 
 	# Create config files for read-only rootfs
 	install -d ${D}${sysconfdir}/ssh
-- 
1.9.1

[PATCH 18/61] icecc.bbclass: properly handle disabling of icecc

[Armin Kuster]

From: Dmitry Eremin-Solenikov <dmitry_eremin@mentor.com>

Always use use_icc to check if IceCC should be enabled. Move
ICECC_DISABLED variable checking to use_icc function. Also while we are
at it, fix condition in icc_is_allarch function.

(From OE-Core rev: 20b0168da47d6e30fcbaf6adab3bde0d398d0d00)

Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin@mentor.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/classes/icecc.bbclass | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/meta/classes/icecc.bbclass b/meta/classes/icecc.bbclass
index 3ec8c06..2f9e3cf 100644
--- a/meta/classes/icecc.bbclass
+++ b/meta/classes/icecc.bbclass
@@ -91,6 +91,10 @@ def create_path(compilers, bb, d):
     return staging
 
 def use_icc(bb,d):
+    if d.getVar('ICECC_DISABLED') == "1":
+        # don't even try it, when explicitly disabled
+        return "no"
+
     # allarch recipes don't use compiler
     if icc_is_allarch(bb, d):
         return "no"
@@ -133,8 +137,7 @@ def use_icc(bb,d):
     return "yes"
 
 def icc_is_allarch(bb, d):
-    return \
-        bb.data.inherits_class("allarch", d);
+    return d.getVar("PACKAGE_ARCH") == "all"
 
 def icc_is_kernel(bb, d):
     return \
@@ -148,10 +151,6 @@ def icc_is_native(bb, d):
 # Don't pollute allarch signatures with TARGET_FPU
 icc_version[vardepsexclude] += "TARGET_FPU"
 def icc_version(bb, d):
-    if d.getVar('ICECC_DISABLED') == "1":
-        # don't even try it, when explicitly disabled
-        return ""
-
     if use_icc(bb, d) == "no":
         return ""
 
@@ -179,7 +178,7 @@ def icc_version(bb, d):
     return tar_file
 
 def icc_path(bb,d):
-    if d.getVar('ICECC_DISABLED') == "1":
+    if use_icc(bb, d) == "no":
         # don't create unnecessary directories when icecc is disabled
         return
 
@@ -246,7 +245,7 @@ def set_icecc_env():
     return
 
 set_icecc_env() {
-    if [ "${ICECC_DISABLED}" = "1" ]
+    if [ "${@use_icc(bb, d)}" = "no" ]
     then
         return
     fi
-- 
1.9.1

[PATCH 19/61] cross-canadian/meta-environment: Allow modification of TARGET_OS to be optional

[Armin Kuster]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

There are some cases we want the manipulation cross-canadian performance
on TARGET_OS, there are also cases like meta-environment where we do not
want this manipulation.

We did try and use immediate expansion to avoid this problem and it
works in the non multilib case. If we have a multilib that used an
extension, like for example:

require conf/multilib.conf
MULTILIBS = "multilib:lib32 multilib:lib64"
DEFAULTTUNE = "mips32r2"
DEFAULTTUNE_virtclass-multilib-lib32 = "mips64-n32"
DEFAULTTUNE_virtclass-multilib-lib64 = "mips64"

then the n32 extension case will be misconfigured.

It turns out saving an unexpanded variable is hard. The best I could
come up with was:

SAVEDTOS := "${@d.getVar('TARGET_OS', False).replace("{", "*")}"

and then

localdata.setVar("TARGET_OS", d.getVar("SAVEDOS", False).replace('*','{'))

which is rather evil, I'd challenge someone to come up with a nicer way
of making it work though!

Rather than the above madness, we modify cross-canadian to make the
problamtic code conditional.

This fixes the original issue (where a linux-gnuspe target was seeing
'linux') of
http://cgit.openembedded.org/openembedded-core/commit/?id=0038634ee6e2b6035c023a2702547f20f67c103a
but also fixes the multilib one.

(From OE-Core rev: 85ff3d6491c54aa712ed238c561742cda4f4ba07)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/classes/cross-canadian.bbclass        | 4 ++++
 meta/recipes-core/meta/meta-environment.bb | 5 ++---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/meta/classes/cross-canadian.bbclass b/meta/classes/cross-canadian.bbclass
index fec6438..a8565e9 100644
--- a/meta/classes/cross-canadian.bbclass
+++ b/meta/classes/cross-canadian.bbclass
@@ -16,6 +16,7 @@ STAGING_BINDIR_TOOLCHAIN = "${STAGING_DIR_NATIVE}${bindir_native}/${SDK_ARCH}${S
 #
 PACKAGE_ARCH = "${SDK_ARCH}-${SDKPKGSUFFIX}"
 CANADIANEXTRAOS = ""
+MODIFYTOS ??= "1"
 python () {
     archs = d.getVar('PACKAGE_ARCHS', True).split()
     sdkarchs = []
@@ -23,6 +24,9 @@ python () {
         sdkarchs.append(arch + '-${SDKPKGSUFFIX}')
     d.setVar('PACKAGE_ARCHS', " ".join(sdkarchs))
 
+    # Allow the following code segment to be disabled, e.g. meta-environment
+    if d.getVar("MODIFYTOS", True) != "1":
+        return
     # PowerPC can build "linux" and "linux-gnuspe"
     tarch = d.getVar("TARGET_ARCH", True)
     if tarch == "powerpc":
diff --git a/meta/recipes-core/meta/meta-environment.bb b/meta/recipes-core/meta/meta-environment.bb
index bb208a3..90959b5 100644
--- a/meta/recipes-core/meta/meta-environment.bb
+++ b/meta/recipes-core/meta/meta-environment.bb
@@ -6,9 +6,9 @@ PR = "r8"
 
 EXCLUDE_FROM_WORLD = "1"
 
-ORIGOS := "${TARGET_OS}"
+MODIFYTOS = "0"
 
-REAL_MULTIMACH_TARGET_SYS = "${TUNE_PKGARCH}${TARGET_VENDOR}-${ORIGOS}"
+REAL_MULTIMACH_TARGET_SYS = "${TUNE_PKGARCH}${TARGET_VENDOR}-${TARGET_OS}"
 
 inherit toolchain-scripts
 TOOLCHAIN_NEED_CONFIGSITE_CACHE += "zlib"
@@ -31,7 +31,6 @@ python do_generate_content() {
 
     # make sure we only use the SDKTARGETSYSROOT value from 'd'
     localdata.setVar('SDKTARGETSYSROOT', d.getVar('SDKTARGETSYSROOT', True))
-    localdata.setVar('TARGET_OS', d.getVar('ORIGOS', True))
     localdata.setVar('libdir', d.getVar('target_libdir', False))
 
     # Process DEFAULTTUNE
-- 
1.9.1

[PATCH 20/61] parted: parted-ptest RDEPENDS on python

[Armin Kuster]

From: Robert Yang <liezhi.yang@windriver.com>

python scripts:
parted-ptest/usr/lib64/parted/ptest/tests/gpt-header-move
parted-ptest/usr/lib64/parted/ptest/tests/msdos-overlap

(From OE-Core rev: 80262094fde6a44afd954bbecc7e016243661b81)

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-extended/parted/parted_3.1.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-extended/parted/parted_3.1.bb b/meta/recipes-extended/parted/parted_3.1.bb
index 9057463..3f36f9f 100644
--- a/meta/recipes-extended/parted/parted_3.1.bb
+++ b/meta/recipes-extended/parted/parted_3.1.bb
@@ -42,4 +42,4 @@ do_install_ptest() {
 	sed -e 's| ../parted||' -i $t/tests/*.sh
 }
 
-RDEPENDS_${PN}-ptest = "bash coreutils perl util-linux-losetup"
+RDEPENDS_${PN}-ptest = "bash coreutils perl util-linux-losetup python"
-- 
1.9.1

[PATCH 21/61] pax-utils: RDEPENDS on python

[Armin Kuster]

From: Robert Yang <liezhi.yang@windriver.com>

python script:
pax-utils/usr/bin/lddtree

(From OE-Core rev: b972e7fc5774a6daf92511e897919ebad29f405b)

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-devtools/pax-utils/pax-utils_0.8.1.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/pax-utils/pax-utils_0.8.1.bb b/meta/recipes-devtools/pax-utils/pax-utils_0.8.1.bb
index 79e58ba..1b4ee0c 100644
--- a/meta/recipes-devtools/pax-utils/pax-utils_0.8.1.bb
+++ b/meta/recipes-devtools/pax-utils/pax-utils_0.8.1.bb
@@ -12,7 +12,7 @@ SRC_URI = "http://gentoo.osuosl.org/distfiles/pax-utils-${PV}.tar.xz"
 SRC_URI[md5sum] = "bc42279c5aff3682c12be40f72805cec"
 SRC_URI[sha256sum] = "844ff25b1a11bcef92ef34b22f576f226a772b67196818656f8874513438f5b9"
 
-RDEPENDS_${PN} += "bash"
+RDEPENDS_${PN} += "bash python"
 
 do_install() {
     oe_runmake PREFIX=${D}${prefix} DESTDIR=${D} install
-- 
1.9.1

[PATCH 22/61] file: CVE-2014-9620 and CVE-2014-9621

[Armin Kuster]

From: "Chong.Lu@windriver.com" <Chong.Lu@windriver.com>

CVE-2014-9620:
Limit the number of ELF notes processed - DoS
CVE-2014-9621:
Limit string printing to 100 chars - DoS

The patch comes from:
https://github.com/file/file/commit/6ce24f35cd4a43c4bdd249e8e0c4952c1f8eac67
https://github.com/file/file/commit/0056ec32255de1de973574b0300161a1568767d6
https://github.com/file/file/commit/09e41625c999a2e5b51e1092f0ef2432a99b5c33
https://github.com/file/file/commit/af444af0738468393f40f9d2261b1ea10fc4b2ba
https://github.com/file/file/commit/68bd8433c7e11a8dbe100deefdfac69138ee7cd9
https://github.com/file/file/commit/dddd3cdb95210a765dd90f7d722cb8b5534daee7
https://github.com/file/file/commit/445c8fb0ebff85195be94cd9f7e1df89cade5c7f
https://github.com/file/file/commit/ce90e05774dd77d86cfc8dfa6da57b32816841c4
https://github.com/file/file/commit/65437cee25199dbd385fb35901bc0011e164276c

[YOCTO #7178]

Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../file-CVE-2014-9620-and-CVE-2014-9621.patch     | 1414 ++++++++++++++++++++
 meta/recipes-devtools/file/file_5.18.bb            |    1 +
 2 files changed, 1415 insertions(+)
 create mode 100644 meta/recipes-devtools/file/file/file-CVE-2014-9620-and-CVE-2014-9621.patch

diff --git a/meta/recipes-devtools/file/file/file-CVE-2014-9620-and-CVE-2014-9621.patch b/meta/recipes-devtools/file/file/file-CVE-2014-9620-and-CVE-2014-9621.patch
new file mode 100644
index 0000000..2482de3
--- /dev/null
+++ b/meta/recipes-devtools/file/file/file-CVE-2014-9620-and-CVE-2014-9621.patch
@@ -0,0 +1,1414 @@
+file: CVE-2014-9620 and CVE-2014-9621
+
+CVE-2014-9620:
+Limit the number of ELF notes processed - DoS
+CVE-2014-9621:
+Limit string printing to 100 chars - DoS
+
+The patch comes from:
+https://github.com/file/file/commit/6ce24f35cd4a43c4bdd249e8e0c4952c1f8eac67
+https://github.com/file/file/commit/0056ec32255de1de973574b0300161a1568767d6
+https://github.com/file/file/commit/09e41625c999a2e5b51e1092f0ef2432a99b5c33
+https://github.com/file/file/commit/af444af0738468393f40f9d2261b1ea10fc4b2ba
+https://github.com/file/file/commit/68bd8433c7e11a8dbe100deefdfac69138ee7cd9
+https://github.com/file/file/commit/dddd3cdb95210a765dd90f7d722cb8b5534daee7
+https://github.com/file/file/commit/445c8fb0ebff85195be94cd9f7e1df89cade5c7f
+https://github.com/file/file/commit/ce90e05774dd77d86cfc8dfa6da57b32816841c4
+https://github.com/file/file/commit/65437cee25199dbd385fb35901bc0011e164276c
+
+Upstream-Status: Backport
+
+Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
+---
+ src/apprentice.c |   5 +
+ src/ascmagic.c   |   3 +-
+ src/elfclass.h   |  34 ++--
+ src/file.c       |  59 ++++++-
+ src/file.h       |  20 ++-
+ src/file_opts.h  |   6 +
+ src/funcs.c      |  42 ++++-
+ src/magic.c      |  50 ++++++
+ src/magic.h      |   9 ++
+ src/magic.h.in   |   9 ++
+ src/readelf.c    | 471 +++++++++++++++++++++++++++++++++----------------------
+ src/softmagic.c  |  93 ++++++-----
+ 12 files changed, 566 insertions(+), 235 deletions(-)
+
+diff --git a/src/apprentice.c b/src/apprentice.c
+index 7400c57..231dc7e 100644
+--- a/src/apprentice.c
++++ b/src/apprentice.c
+@@ -506,6 +506,11 @@ file_ms_alloc(int flags)
+ 		ms->mlist[i] = NULL;
+ 	ms->file = "unknown";
+ 	ms->line = 0;
++	ms->indir_max = FILE_INDIR_MAX;
++	ms->name_max = FILE_NAME_MAX;
++	ms->elf_shnum_max = FILE_ELF_SHNUM_MAX;
++	ms->elf_phnum_max = FILE_ELF_PHNUM_MAX;
++	ms->elf_notes_max = FILE_ELF_NOTES_MAX;
+ 	return ms;
+ free:
+ 	free(ms);
+diff --git a/src/ascmagic.c b/src/ascmagic.c
+index ca26665..0a4cd10 100644
+--- a/src/ascmagic.c
++++ b/src/ascmagic.c
+@@ -147,7 +147,8 @@ file_ascmagic_with_encoding(struct magic_set *ms, const unsigned char *buf,
+ 		    == NULL)
+ 			goto done;
+ 		if ((rv = file_softmagic(ms, utf8_buf,
+-		    (size_t)(utf8_end - utf8_buf), 0, TEXTTEST, text)) == 0)
++		    (size_t)(utf8_end - utf8_buf), 0, NULL,
++		    TEXTTEST, text)) == 0)
+ 			rv = -1;
+ 	}
+ 
+diff --git a/src/elfclass.h b/src/elfclass.h
+index 010958a..5360b0b 100644
+--- a/src/elfclass.h
++++ b/src/elfclass.h
+@@ -32,39 +32,51 @@
+ 	swap = (u.c[sizeof(int32_t) - 1] + 1) != elfhdr.e_ident[EI_DATA];
+ 
+ 	type = elf_getu16(swap, elfhdr.e_type);
++	notecount = ms->elf_notes_max;
+ 	switch (type) {
+ #ifdef ELFCORE
+ 	case ET_CORE:
++		phnum = elf_getu16(swap, elfhdr.e_phnum);
++		if (phnum > ms->elf_phnum_max)
++			return toomany(ms, "program headers", phnum);
+ 		flags |= FLAGS_IS_CORE;
+ 		if (dophn_core(ms, clazz, swap, fd,
+-		    (off_t)elf_getu(swap, elfhdr.e_phoff),
+-		    elf_getu16(swap, elfhdr.e_phnum), 
++		    (off_t)elf_getu(swap, elfhdr.e_phoff), phnum,
+ 		    (size_t)elf_getu16(swap, elfhdr.e_phentsize),
+-		    fsize, &flags) == -1)
++		    fsize, &flags, &notecount) == -1)
+ 			return -1;
+ 		break;
+ #endif
+ 	case ET_EXEC:
+ 	case ET_DYN:
++		phnum = elf_getu16(swap, elfhdr.e_phnum);
++		if (phnum > ms->elf_phnum_max)
++			return toomany(ms, "program", phnum);
++		shnum = elf_getu16(swap, elfhdr.e_shnum);
++		if (shnum > ms->elf_shnum_max)
++			return toomany(ms, "section", shnum);
+ 		if (dophn_exec(ms, clazz, swap, fd,
+-		    (off_t)elf_getu(swap, elfhdr.e_phoff),
+-		    elf_getu16(swap, elfhdr.e_phnum), 
++		    (off_t)elf_getu(swap, elfhdr.e_phoff), phnum,
+ 		    (size_t)elf_getu16(swap, elfhdr.e_phentsize),
+-		    fsize, &flags, elf_getu16(swap, elfhdr.e_shnum))
+-		    == -1)
++		    fsize, shnum, &flags, &notecount) == -1)
+ 			return -1;
+ 		/*FALLTHROUGH*/
+ 	case ET_REL:
++		shnum = elf_getu16(swap, elfhdr.e_shnum);
++		if (shnum > ms->elf_shnum_max)
++			return toomany(ms, "section headers", shnum);
+ 		if (doshn(ms, clazz, swap, fd,
+-		    (off_t)elf_getu(swap, elfhdr.e_shoff),
+-		    elf_getu16(swap, elfhdr.e_shnum),
++		    (off_t)elf_getu(swap, elfhdr.e_shoff), shnum,
+ 		    (size_t)elf_getu16(swap, elfhdr.e_shentsize),
+-		    fsize, &flags, elf_getu16(swap, elfhdr.e_machine),
+-		    (int)elf_getu16(swap, elfhdr.e_shstrndx)) == -1)
++		    fsize, elf_getu16(swap, elfhdr.e_machine),
++		    (int)elf_getu16(swap, elfhdr.e_shstrndx),
++		    &flags, &notecount) == -1)
+ 			return -1;
+ 		break;
+ 
+ 	default:
+ 		break;
+ 	}
++	if (notecount == 0)
++		return toomany(ms, "notes", ms->elf_notes_max);
+ 	return 1;
+diff --git a/src/file.c b/src/file.c
+index 370da91..b69b725 100644
+--- a/src/file.c
++++ b/src/file.c
+@@ -101,7 +101,7 @@ private const struct option long_options[] = {
+ #undef OPT_LONGONLY
+     {0, 0, NULL, 0}
+ };
+-#define OPTSTRING	"bcCde:Ef:F:hiklLm:nNprsvz0"
++#define OPTSTRING	"bcCde:Ef:F:hiklLm:nNpP:rsvz0"
+ 
+ private const struct {
+ 	const char *name;
+@@ -119,6 +119,18 @@ private const struct {
+ 	{ "tokens",	MAGIC_NO_CHECK_TOKENS }, /* OBSOLETE: ignored for backwards compatibility */
+ };
+ 
++private struct {
++	const char *name;
++	int tag;
++	size_t value;
++} pm[] = {
++	{ "indir",	MAGIC_PARAM_INDIR_MAX, 0 },
++	{ "name",	MAGIC_PARAM_NAME_MAX, 0 },
++	{ "elf_phnum",	MAGIC_PARAM_ELF_PHNUM_MAX, 0 },
++	{ "elf_shnum",	MAGIC_PARAM_ELF_SHNUM_MAX, 0 },
++	{ "elf_notes",	MAGIC_PARAM_ELF_NOTES_MAX, 0 },
++};
++
+ private char *progname;		/* used throughout 		*/
+ 
+ private void usage(void);
+@@ -128,6 +140,8 @@ private void help(void);
+ private int unwrap(struct magic_set *, const char *);
+ private int process(struct magic_set *ms, const char *, int);
+ private struct magic_set *load(const char *, int);
++private void setparam(const char *);
++private void applyparam(magic_t);
+ 
+ 
+ /*
+@@ -243,9 +257,13 @@ main(int argc, char *argv[])
+ 			flags |= MAGIC_PRESERVE_ATIME;
+ 			break;
+ #endif
++		case 'P':
++			setparam(optarg);
++			break;
+ 		case 'r':
+ 			flags |= MAGIC_RAW;
+ 			break;
++			break;
+ 		case 's':
+ 			flags |= MAGIC_DEVICES;
+ 			break;
+@@ -298,6 +316,8 @@ main(int argc, char *argv[])
+ 			    strerror(errno));
+ 			return 1;
+ 		}
++
++
+ 		switch(action) {
+ 		case FILE_CHECK:
+ 			c = magic_check(magic, magicfile);
+@@ -321,7 +341,7 @@ main(int argc, char *argv[])
+ 		if (magic == NULL)
+ 			if ((magic = load(magicfile, flags)) == NULL)
+ 				return 1;
+-		break;
++		applyparam(magic);
+ 	}
+ 
+ 	if (optind == argc) {
+@@ -351,6 +371,41 @@ main(int argc, char *argv[])
+ 	return e;
+ }
+ 
++private void
++applyparam(magic_t magic)
++{
++	size_t i;
++
++	for (i = 0; i < __arraycount(pm); i++) {
++		if (pm[i].value == 0)
++			continue;
++		if (magic_setparam(magic, pm[i].tag, &pm[i].value) == -1) {
++			(void)fprintf(stderr, "%s: Can't set %s %s\n", progname,
++				pm[i].name, strerror(errno));
++			exit(1);
++		}
++	}
++}
++
++private void
++setparam(const char *p)
++{
++	size_t i;
++	char *s;
++
++	if ((s = strchr(p, '=')) == NULL)
++		goto badparm;
++
++	for (i = 0; i < __arraycount(pm); i++) {
++		if (strncmp(p, pm[i].name, s - p) != 0)
++			continue;
++		pm[i].value = atoi(s + 1);
++		return;
++	}
++badparm:
++	(void)fprintf(stderr, "%s: Unknown param %s\n", progname, p);
++	exit(1);
++}
+ 
+ private struct magic_set *
+ /*ARGSUSED*/
+diff --git a/src/file.h b/src/file.h
+index 5c67ddd..88da1d1 100644
+--- a/src/file.h
++++ b/src/file.h
+@@ -400,6 +400,16 @@ struct magic_set {
+ 	/* FIXME: Make the string dynamically allocated so that e.g.
+ 	   strings matched in files can be longer than MAXstring */
+ 	union VALUETYPE ms_value;	/* either number or string */
++	uint16_t indir_max;
++	uint16_t name_max;
++	uint16_t elf_shnum_max;
++	uint16_t elf_phnum_max;
++	uint16_t elf_notes_max;
++#define	FILE_INDIR_MAX			15
++#define	FILE_NAME_MAX			30
++#define	FILE_ELF_SHNUM_MAX		32768
++#define	FILE_ELF_PHNUM_MAX		128
++#define	FILE_ELF_NOTES_MAX		256
+ };
+ 
+ /* Type for Unicode characters */
+@@ -439,7 +449,7 @@ protected int file_encoding(struct magic_set *, const unsigned char *, size_t,
+     unichar **, size_t *, const char **, const char **, const char **);
+ protected int file_is_tar(struct magic_set *, const unsigned char *, size_t);
+ protected int file_softmagic(struct magic_set *, const unsigned char *, size_t,
+-    size_t, int, int);
++    uint16_t, uint16_t *, int, int);
+ protected int file_apprentice(struct magic_set *, const char *, int);
+ protected int file_magicfind(struct magic_set *, const char *, struct mlist *);
+ protected uint64_t file_signextend(struct magic_set *, struct magic *,
+@@ -469,6 +479,14 @@ protected int file_os2_apptype(struct magic_set *, const char *, const void *,
+ #endif /* __EMX__ */
+ 
+ 
++typedef struct {
++	char *buf;
++	uint32_t offset;
++} file_pushbuf_t;
++
++protected file_pushbuf_t *file_push_buffer(struct magic_set *);
++protected char  *file_pop_buffer(struct magic_set *, file_pushbuf_t *);
++
+ #ifndef COMPILE_ONLY
+ extern const char *file_names[];
+ extern const size_t file_nnames;
+diff --git a/src/file_opts.h b/src/file_opts.h
+index db34eb7..3286ac6 100644
+--- a/src/file_opts.h
++++ b/src/file_opts.h
+@@ -43,6 +43,12 @@ OPT('0', "print0", 0, "               terminate filenames with ASCII NUL\n")
+ #if defined(HAVE_UTIME) || defined(HAVE_UTIMES)
+ OPT('p', "preserve-date", 0, "        preserve access times on files\n")
+ #endif
++OPT('P', "parameter", 0, "            set file engine parameter limits\n"
++    "                               indir        15 recursion limit for indirection\n"
++    "                               name         30 use limit for name/use magic\n"
++    "                               elf_notes   256 max ELF notes processed\n"
++    "                               elf_phnum   128 max ELF prog sections processed\n"
++    "                               elf_shnum 32768 max ELF sections processed\n")
+ OPT('r', "raw", 0, "                  don't translate unprintable chars to \\ooo\n")
+ OPT('s', "special-files", 0, "        treat special (block/char devices) files as\n"
+     "                             ordinary ones\n")
+diff --git a/src/funcs.c b/src/funcs.c
+index a9624a2..c3cf2be 100644
+--- a/src/funcs.c
++++ b/src/funcs.c
+@@ -230,7 +230,7 @@ file_buffer(struct magic_set *ms, int fd, const char *inname __attribute__ ((unu
+ 
+ 	/* try soft magic tests */
+ 	if ((ms->flags & MAGIC_NO_CHECK_SOFT) == 0)
+-		if ((m = file_softmagic(ms, ubuf, nb, 0, BINTEST,
++		if ((m = file_softmagic(ms, ubuf, nb, 0, NULL, BINTEST,
+ 		    looks_text)) != 0) {
+ 			if ((ms->flags & MAGIC_DEBUG) != 0)
+ 				(void)fprintf(stderr, "softmagic %d\n", m);
+@@ -459,3 +459,43 @@ out:
+ 	free(old_lc_ctype);
+ 	return rv;
+ }
++
++protected file_pushbuf_t *
++file_push_buffer(struct magic_set *ms)
++{
++	file_pushbuf_t *pb;
++
++	if (ms->event_flags & EVENT_HAD_ERR)
++		return NULL;
++
++	if ((pb = (CAST(file_pushbuf_t *, malloc(sizeof(*pb))))) == NULL)
++		return NULL;
++
++	pb->buf = ms->o.buf;
++	pb->offset = ms->offset;
++
++	ms->o.buf = NULL;
++	ms->offset = 0;
++
++	return pb;
++}
++
++protected char *
++file_pop_buffer(struct magic_set *ms, file_pushbuf_t *pb)
++{
++	char *rbuf;
++
++	if (ms->event_flags & EVENT_HAD_ERR) {
++		free(pb->buf);
++		free(pb);
++		return NULL;
++	}
++
++	rbuf = ms->o.buf;
++
++	ms->o.buf = pb->buf;
++	ms->offset = pb->offset;
++
++	free(pb);
++	return rbuf;
++}
+diff --git a/src/magic.c b/src/magic.c
+index 22174b8..a89647c 100644
+--- a/src/magic.c
++++ b/src/magic.c
+@@ -490,3 +490,53 @@ magic_version(void)
+ {
+ 	return MAGIC_VERSION;
+ }
++
++public int
++magic_setparam(struct magic_set *ms, int param, const void *val)
++{
++	switch (param) {
++	case MAGIC_PARAM_INDIR_MAX:
++		ms->indir_max = *(const size_t *)val;
++		return 0;
++	case MAGIC_PARAM_NAME_MAX:
++		ms->name_max = *(const size_t *)val;
++		return 0;
++	case MAGIC_PARAM_ELF_PHNUM_MAX:
++		ms->elf_phnum_max = *(const size_t *)val;
++		return 0;
++	case MAGIC_PARAM_ELF_SHNUM_MAX:
++		ms->elf_shnum_max = *(const size_t *)val;
++		return 0;
++	case MAGIC_PARAM_ELF_NOTES_MAX:
++		ms->elf_notes_max = *(const size_t *)val;
++		return 0;
++	default:
++		errno = EINVAL;
++		return -1;
++	}
++}
++
++public int
++magic_getparam(struct magic_set *ms, int param, void *val)
++{
++	switch (param) {
++	case MAGIC_PARAM_INDIR_MAX:
++		*(size_t *)val = ms->indir_max;
++		return 0;
++	case MAGIC_PARAM_NAME_MAX:
++		*(size_t *)val = ms->name_max;
++		return 0;
++	case MAGIC_PARAM_ELF_PHNUM_MAX:
++		*(size_t *)val = ms->elf_phnum_max;
++		return 0;
++	case MAGIC_PARAM_ELF_SHNUM_MAX:
++		*(size_t *)val = ms->elf_shnum_max;
++		return 0;
++	case MAGIC_PARAM_ELF_NOTES_MAX:
++		*(size_t *)val = ms->elf_notes_max;
++		return 0;
++	default:
++		errno = EINVAL;
++		return -1;
++	}
++}
+diff --git a/src/magic.h b/src/magic.h
+index 535a177..89bfe4b 100644
+--- a/src/magic.h
++++ b/src/magic.h
+@@ -101,6 +101,15 @@ int magic_check(magic_t, const char *);
+ int magic_list(magic_t, const char *);
+ int magic_errno(magic_t);
+ 
++#define MAGIC_PARAM_INDIR_MAX          0
++#define MAGIC_PARAM_NAME_MAX           1
++#define MAGIC_PARAM_ELF_PHNUM_MAX      2
++#define MAGIC_PARAM_ELF_SHNUM_MAX      3
++#define MAGIC_PARAM_ELF_NOTES_MAX      4
++
++int magic_setparam(magic_t, int, const void *);
++int magic_getparam(magic_t, int, void *);
++
+ #ifdef __cplusplus
+ };
+ #endif
+diff --git a/src/magic.h.in b/src/magic.h.in
+index 86fc41b..2efc7bc 100644
+--- a/src/magic.h.in
++++ b/src/magic.h.in
+@@ -101,6 +101,15 @@ int magic_check(magic_t, const char *);
+ int magic_list(magic_t, const char *);
+ int magic_errno(magic_t);
+ 
++#define MAGIC_PARAM_INDIR_MAX		0
++#define MAGIC_PARAM_NAME_MAX		1
++#define MAGIC_PARAM_ELF_PHNUM_MAX	2
++#define MAGIC_PARAM_ELF_SHNUM_MAX	3
++#define MAGIC_PARAM_ELF_NOTES_MAX	4
++
++int magic_setparam(magic_t, int, const void *);
++int magic_getparam(magic_t, int, void *);
++
+ #ifdef __cplusplus
+ };
+ #endif
+diff --git a/src/readelf.c b/src/readelf.c
+index cbed129..87df727 100644
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -43,14 +43,14 @@ FILE_RCSID("@(#)$File: readelf.c,v 1.102 2014/03/11 21:00:13 christos Exp $")
+ 
+ #ifdef	ELFCORE
+ private int dophn_core(struct magic_set *, int, int, int, off_t, int, size_t,
+-    off_t, int *);
++    off_t, int *, uint16_t *);
+ #endif
+ private int dophn_exec(struct magic_set *, int, int, int, off_t, int, size_t,
+-    off_t, int *, int);
++    off_t, int, int *, uint16_t *);
+ private int doshn(struct magic_set *, int, int, int, off_t, int, size_t,
+-    off_t, int *, int, int);
++    off_t, int, int, int *, uint16_t *);
+ private size_t donote(struct magic_set *, void *, size_t, size_t, int,
+-    int, size_t, int *);
++    int, size_t, int *, uint16_t *);
+ 
+ #define	ELF_ALIGN(a)	((((a) + align - 1) / align) * align)
+ 
+@@ -60,6 +60,19 @@ private uint16_t getu16(int, uint16_t);
+ private uint32_t getu32(int, uint32_t);
+ private uint64_t getu64(int, uint64_t);
+ 
++#define MAX_PHNUM	128
++#define	MAX_SHNUM	32768
++#define SIZE_UNKNOWN	((off_t)-1)
++
++private int
++toomany(struct magic_set *ms, const char *name, uint16_t num)
++{
++	if (file_printf(ms, ", too many %s (%u)", name, num
++	    ) == -1)
++		return -1;
++	return 0;
++}
++
+ private uint16_t
+ getu16(int swap, uint16_t value)
+ {
+@@ -280,15 +293,19 @@ private const char os_style_names[][8] = {
+ 	"NetBSD",
+ };
+ 
+-#define FLAGS_DID_CORE		0x01
+-#define FLAGS_DID_NOTE		0x02
+-#define FLAGS_DID_BUILD_ID	0x04
+-#define FLAGS_DID_CORE_STYLE	0x08
+-#define FLAGS_IS_CORE		0x10
++#define FLAGS_DID_CORE			0x001
++#define FLAGS_DID_OS_NOTE		0x002
++#define FLAGS_DID_BUILD_ID		0x004
++#define FLAGS_DID_CORE_STYLE		0x008
++#define FLAGS_DID_NETBSD_PAX		0x010
++#define FLAGS_DID_NETBSD_MARCH		0x020
++#define FLAGS_DID_NETBSD_CMODEL		0x040
++#define FLAGS_DID_NETBSD_UNKNOWN	0x080
++#define FLAGS_IS_CORE			0x100
+ 
+ private int
+ dophn_core(struct magic_set *ms, int clazz, int swap, int fd, off_t off,
+-    int num, size_t size, off_t fsize, int *flags)
++    int num, size_t size, off_t fsize, int *flags, uint16_t *notecount)
+ {
+ 	Elf32_Phdr ph32;
+ 	Elf64_Phdr ph64;
+@@ -306,13 +323,13 @@ dophn_core(struct magic_set *ms, int clazz, int swap, int fd, off_t off,
+ 	 * Loop through all the program headers.
+ 	 */
+ 	for ( ; num; num--) {
+-		if (pread(fd, xph_addr, xph_sizeof, off) == -1) {
++		if (pread(fd, xph_addr, xph_sizeof, off) < (ssize_t)xph_sizeof) {
+ 			file_badread(ms);
+ 			return -1;
+ 		}
+ 		off += size;
+ 
+-		if (xph_offset > fsize) {
++		if (fsize != SIZE_UNKNOWN && xph_offset > fsize) {
+ 			/* Perhaps warn here */
+ 			continue;
+ 		}
+@@ -334,7 +351,7 @@ dophn_core(struct magic_set *ms, int clazz, int swap, int fd, off_t off,
+ 			if (offset >= (size_t)bufsize)
+ 				break;
+ 			offset = donote(ms, nbuf, offset, (size_t)bufsize,
+-			    clazz, swap, 4, flags);
++			    clazz, swap, 4, flags, notecount);
+ 			if (offset == 0)
+ 				break;
+ 
+@@ -464,125 +481,128 @@ do_note_freebsd_version(struct magic_set *ms, int swap, void *v)
+ 	}
+ }
+ 
+-private size_t
+-donote(struct magic_set *ms, void *vbuf, size_t offset, size_t size,
+-    int clazz, int swap, size_t align, int *flags)
++private int
++do_bid_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type,
++    int swap __attribute__((__unused__)), uint32_t namesz, uint32_t descsz,
++    size_t noff, size_t doff, int *flags)
+ {
+-	Elf32_Nhdr nh32;
+-	Elf64_Nhdr nh64;
+-	size_t noff, doff;
+-#ifdef ELFCORE
+-	int os_style = -1;
+-#endif
+-	uint32_t namesz, descsz;
+-	unsigned char *nbuf = CAST(unsigned char *, vbuf);
+-
+-	(void)memcpy(xnh_addr, &nbuf[offset], xnh_sizeof);
+-	offset += xnh_sizeof;
+-
+-	namesz = xnh_namesz;
+-	descsz = xnh_descsz;
+-	if ((namesz == 0) && (descsz == 0)) {
+-		/*
+-		 * We're out of note headers.
+-		 */
+-		return (offset >= size) ? offset : size;
+-	}
+-
+-	if (namesz & 0x80000000) {
+-	    (void)file_printf(ms, ", bad note name size 0x%lx",
+-		(unsigned long)namesz);
+-	    return offset;
+-	}
+-
+-	if (descsz & 0x80000000) {
+-	    (void)file_printf(ms, ", bad note description size 0x%lx",
+-		(unsigned long)descsz);
+-	    return offset;
+-	}
+-
+-
+-	noff = offset;
+-	doff = ELF_ALIGN(offset + namesz);
+-
+-	if (offset + namesz > size) {
+-		/*
+-		 * We're past the end of the buffer.
+-		 */
+-		return doff;
+-	}
+-
+-	offset = ELF_ALIGN(doff + descsz);
+-	if (doff + descsz > size) {
+-		/*
+-		 * We're past the end of the buffer.
+-		 */
+-		return (offset >= size) ? offset : size;
++	if (namesz == 4 && strcmp((char *)&nbuf[noff], "GNU") == 0 &&
++	    type == NT_GNU_BUILD_ID && (descsz == 16 || descsz == 20)) {
++		uint8_t desc[20];
++		uint32_t i;
++		*flags |= FLAGS_DID_BUILD_ID;
++		if (file_printf(ms, ", BuildID[%s]=", descsz == 16 ? "md5/uuid" :
++		    "sha1") == -1)
++			return 1;
++		(void)memcpy(desc, &nbuf[doff], descsz);
++		for (i = 0; i < descsz; i++)
++		    if (file_printf(ms, "%02x", desc[i]) == -1)
++			return 1;
++		return 1;
+ 	}
+-
+-	if ((*flags & (FLAGS_DID_NOTE|FLAGS_DID_BUILD_ID)) ==
+-	    (FLAGS_DID_NOTE|FLAGS_DID_BUILD_ID))
+-		goto core;
+-
++	return 0;
++}
++	
++private int
++do_os_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type,
++    int swap, uint32_t namesz, uint32_t descsz,
++    size_t noff, size_t doff, int *flags)
++{
+ 	if (namesz == 5 && strcmp((char *)&nbuf[noff], "SuSE") == 0 &&
+-	    xnh_type == NT_GNU_VERSION && descsz == 2) {
++	    type == NT_GNU_VERSION && descsz == 2) {
++	    *flags |= FLAGS_DID_OS_NOTE;
+ 	    file_printf(ms, ", for SuSE %d.%d", nbuf[doff], nbuf[doff + 1]);
++	    return 1;
+ 	}
++
+ 	if (namesz == 4 && strcmp((char *)&nbuf[noff], "GNU") == 0 &&
+-	    xnh_type == NT_GNU_VERSION && descsz == 16) {
++	    type == NT_GNU_VERSION && descsz == 16) {
+ 		uint32_t desc[4];
+ 		(void)memcpy(desc, &nbuf[doff], sizeof(desc));
+ 
++		*flags |= FLAGS_DID_OS_NOTE;
+ 		if (file_printf(ms, ", for GNU/") == -1)
+-			return size;
++			return 1;
+ 		switch (elf_getu32(swap, desc[0])) {
+ 		case GNU_OS_LINUX:
+ 			if (file_printf(ms, "Linux") == -1)
+-				return size;
++				return 1;
+ 			break;
+ 		case GNU_OS_HURD:
+ 			if (file_printf(ms, "Hurd") == -1)
+-				return size;
++				return 1;
+ 			break;
+ 		case GNU_OS_SOLARIS:
+ 			if (file_printf(ms, "Solaris") == -1)
+-				return size;
++				return 1;
+ 			break;
+ 		case GNU_OS_KFREEBSD:
+ 			if (file_printf(ms, "kFreeBSD") == -1)
+-				return size;
++				return 1;
+ 			break;
+ 		case GNU_OS_KNETBSD:
+ 			if (file_printf(ms, "kNetBSD") == -1)
+-				return size;
++				return 1;
+ 			break;
+ 		default:
+ 			if (file_printf(ms, "<unknown>") == -1)
+-				return size; 
++				return 1;
+ 		}
+ 		if (file_printf(ms, " %d.%d.%d", elf_getu32(swap, desc[1]),
+ 		    elf_getu32(swap, desc[2]), elf_getu32(swap, desc[3])) == -1)
+-			return size;
+-		*flags |= FLAGS_DID_NOTE;
+-		return size;
++			return 1;
++		return 1;
+ 	}
+ 
+-	if (namesz == 4 && strcmp((char *)&nbuf[noff], "GNU") == 0 &&
+-	    xnh_type == NT_GNU_BUILD_ID && (descsz == 16 || descsz == 20)) {
+-	    uint8_t desc[20];
+-	    uint32_t i;
+-	    if (file_printf(ms, ", BuildID[%s]=", descsz == 16 ? "md5/uuid" :
+-		"sha1") == -1)
+-		    return size;
+-	    (void)memcpy(desc, &nbuf[doff], descsz);
+-	    for (i = 0; i < descsz; i++)
+-		if (file_printf(ms, "%02x", desc[i]) == -1)
+-		    return size;
+-	    *flags |= FLAGS_DID_BUILD_ID;
++	if (namesz == 7 && strcmp((char *)&nbuf[noff], "NetBSD") == 0) {
++	    	if (type == NT_NETBSD_VERSION && descsz == 4) {
++			*flags |= FLAGS_DID_OS_NOTE;
++			do_note_netbsd_version(ms, swap, &nbuf[doff]);
++			return 1;
++		}
++	}
++
++	if (namesz == 8 && strcmp((char *)&nbuf[noff], "FreeBSD") == 0) {
++	    	if (type == NT_FREEBSD_VERSION && descsz == 4) {
++			*flags |= FLAGS_DID_OS_NOTE;
++			do_note_freebsd_version(ms, swap, &nbuf[doff]);
++			return 1;
++		}
++	}
++
++	if (namesz == 8 && strcmp((char *)&nbuf[noff], "OpenBSD") == 0 &&
++	    type == NT_OPENBSD_VERSION && descsz == 4) {
++		*flags |= FLAGS_DID_OS_NOTE;
++		if (file_printf(ms, ", for OpenBSD") == -1)
++			return 1;
++		/* Content of note is always 0 */
++		return 1;
++	}
++
++	if (namesz == 10 && strcmp((char *)&nbuf[noff], "DragonFly") == 0 &&
++	    type == NT_DRAGONFLY_VERSION && descsz == 4) {
++		uint32_t desc;
++		*flags |= FLAGS_DID_OS_NOTE;
++		if (file_printf(ms, ", for DragonFly") == -1)
++			return 1;
++		(void)memcpy(&desc, &nbuf[doff], sizeof(desc));
++		desc = elf_getu32(swap, desc);
++		if (file_printf(ms, " %d.%d.%d", desc / 100000,
++		    desc / 10000 % 10, desc % 10000) == -1)
++			return 1;
++		return 1;
+ 	}
++	return 0;
++}
++ 
++private int
++do_pax_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type,
++    int swap, uint32_t namesz, uint32_t descsz,
++    size_t noff, size_t doff, int *flags)
++{
+ 
+ 	if (namesz == 4 && strcmp((char *)&nbuf[noff], "PaX") == 0 &&
+-	    xnh_type == NT_NETBSD_PAX && descsz == 4) {
++	    type == NT_NETBSD_PAX && descsz == 4) {
+ 		static const char *pax[] = {
+ 		    "+mprotect",
+ 		    "-mprotect",
+@@ -595,80 +615,32 @@ donote(struct magic_set *ms, void *vbuf, size_t offset, size_t size,
+ 		size_t i;
+ 		int did = 0;
+ 
++		*flags |= FLAGS_DID_NETBSD_PAX;
+ 		(void)memcpy(&desc, &nbuf[doff], sizeof(desc));
+ 		desc = elf_getu32(swap, desc);
+ 
+ 		if (desc && file_printf(ms, ", PaX: ") == -1)
+-			return size;
++			return 1;
+ 
+ 		for (i = 0; i < __arraycount(pax); i++) {
+ 			if (((1 << i) & desc) == 0)
+ 				continue;
+ 			if (file_printf(ms, "%s%s", did++ ? "," : "",
+ 			    pax[i]) == -1)
+-				return size;
+-		}
+-	}
+-
+-	if (namesz == 7 && strcmp((char *)&nbuf[noff], "NetBSD") == 0) {
+-		switch (xnh_type) {
+-		case NT_NETBSD_VERSION:
+-			if (descsz == 4) {
+-				do_note_netbsd_version(ms, swap, &nbuf[doff]);
+-				*flags |= FLAGS_DID_NOTE;
+-				return size;
+-			}
+-			break;
+-		case NT_NETBSD_MARCH:
+-			if (file_printf(ms, ", compiled for: %.*s", (int)descsz,
+-			    (const char *)&nbuf[doff]) == -1)
+-				return size;
+-			break;
+-		case NT_NETBSD_CMODEL:
+-			if (file_printf(ms, ", compiler model: %.*s",
+-			    (int)descsz, (const char *)&nbuf[doff]) == -1)
+-				return size;
+-			break;
+-		default:
+-			if (file_printf(ms, ", note=%u", xnh_type) == -1)
+-				return size;
+-			break;
+-		}
+-		return size;
+-	}
+-
+-	if (namesz == 8 && strcmp((char *)&nbuf[noff], "FreeBSD") == 0) {
+-	    	if (xnh_type == NT_FREEBSD_VERSION && descsz == 4) {
+-			do_note_freebsd_version(ms, swap, &nbuf[doff]);
+-			*flags |= FLAGS_DID_NOTE;
+-			return size;
++				return 1;
+ 		}
++		return 1;
+ 	}
++	return 0;
++}
+ 
+-	if (namesz == 8 && strcmp((char *)&nbuf[noff], "OpenBSD") == 0 &&
+-	    xnh_type == NT_OPENBSD_VERSION && descsz == 4) {
+-		if (file_printf(ms, ", for OpenBSD") == -1)
+-			return size;
+-		/* Content of note is always 0 */
+-		*flags |= FLAGS_DID_NOTE;
+-		return size;
+-	}
+-
+-	if (namesz == 10 && strcmp((char *)&nbuf[noff], "DragonFly") == 0 &&
+-	    xnh_type == NT_DRAGONFLY_VERSION && descsz == 4) {
+-		uint32_t desc;
+-		if (file_printf(ms, ", for DragonFly") == -1)
+-			return size;
+-		(void)memcpy(&desc, &nbuf[doff], sizeof(desc));
+-		desc = elf_getu32(swap, desc);
+-		if (file_printf(ms, " %d.%d.%d", desc / 100000,
+-		    desc / 10000 % 10, desc % 10000) == -1)
+-			return size;
+-		*flags |= FLAGS_DID_NOTE;
+-		return size;
+-	}
+-
+-core:
++private int
++do_core_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type,
++    int swap, uint32_t namesz, uint32_t descsz,
++    size_t noff, size_t doff, int *flags, size_t size, int clazz)
++{
++#ifdef ELFCORE
++	int os_style = -1;
+ 	/*
+ 	 * Sigh.  The 2.0.36 kernel in Debian 2.1, at
+ 	 * least, doesn't correctly implement name
+@@ -697,20 +669,17 @@ core:
+ 		os_style = OS_STYLE_NETBSD;
+ 	}
+ 
+-#ifdef ELFCORE
+-	if ((*flags & FLAGS_DID_CORE) != 0)
+-		return size;
+-
+ 	if (os_style != -1 && (*flags & FLAGS_DID_CORE_STYLE) == 0) {
+ 		if (file_printf(ms, ", %s-style", os_style_names[os_style])
+ 		    == -1)
+-			return size;
++			return 1;
+ 		*flags |= FLAGS_DID_CORE_STYLE;
+ 	}
+ 
+ 	switch (os_style) {
+ 	case OS_STYLE_NETBSD:
+-		if (xnh_type == NT_NETBSD_CORE_PROCINFO) {
++		if (type == NT_NETBSD_CORE_PROCINFO) {
++			char sbuf[512];
+ 			uint32_t signo;
+ 			/*
+ 			 * Extract the program name.  It is at
+@@ -719,7 +688,7 @@ core:
+ 			 */
+ 			if (file_printf(ms, ", from '%.31s'",
+ 			    &nbuf[doff + 0x7c]) == -1)
+-				return size;
++				return 1;
+ 			
+ 			/*
+ 			 * Extract the signal number.  It is at
+@@ -729,14 +698,14 @@ core:
+ 			    sizeof(signo));
+ 			if (file_printf(ms, " (signal %u)",
+ 			    elf_getu32(swap, signo)) == -1)
+-				return size;
++				return 1;
+ 			*flags |= FLAGS_DID_CORE;
+-			return size;
++			return 1;
+ 		}
+ 		break;
+ 
+ 	default:
+-		if (xnh_type == NT_PRPSINFO && *flags & FLAGS_IS_CORE) {
++		if (type == NT_PRPSINFO && *flags & FLAGS_IS_CORE) {
+ 			size_t i, j;
+ 			unsigned char c;
+ 			/*
+@@ -804,7 +773,7 @@ core:
+ 				 * Try next offsets, in case this match is
+ 				 * in the middle of a string.
+ 				 */
+-				for (k = i + 1 ; k < NOFFSETS ; k++) {
++				for (k = i + 1 ; k < NOFFSETS; k++) {
+ 					size_t no;
+ 					int adjust = 1;
+ 					if (prpsoffsets(k) >= prpsoffsets(i))
+@@ -829,9 +798,9 @@ core:
+ 					cp--;
+ 				if (file_printf(ms, ", from '%.*s'",
+ 				    (int)(cp - cname), cname) == -1)
+-					return size;
++					return 1;
+ 				*flags |= FLAGS_DID_CORE;
+-				return size;
++				return 1;
+ 
+ 			tryanother:
+ 				;
+@@ -840,6 +809,129 @@ core:
+ 		break;
+ 	}
+ #endif
++	return 0;
++}
++
++private size_t
++donote(struct magic_set *ms, void *vbuf, size_t offset, size_t size,
++    int clazz, int swap, size_t align, int *flags, uint16_t *notecount)
++{
++	Elf32_Nhdr nh32;
++	Elf64_Nhdr nh64;
++	size_t noff, doff;
++	uint32_t namesz, descsz;
++	unsigned char *nbuf = CAST(unsigned char *, vbuf);
++
++	if (*notecount == 0)
++		return 0;
++	--*notecount;
++
++	if (xnh_sizeof + offset > size) {
++		/*
++		 * We're out of note headers.
++		 */
++		return xnh_sizeof + offset;
++	}
++
++	(void)memcpy(xnh_addr, &nbuf[offset], xnh_sizeof);
++	offset += xnh_sizeof;
++
++	namesz = xnh_namesz;
++	descsz = xnh_descsz;
++	if ((namesz == 0) && (descsz == 0)) {
++		/*
++		 * We're out of note headers.
++		 */
++		return (offset >= size) ? offset : size;
++	}
++
++	if (namesz & 0x80000000) {
++	    (void)file_printf(ms, ", bad note name size 0x%lx",
++		(unsigned long)namesz);
++	    return 0;
++	}
++
++	if (descsz & 0x80000000) {
++	    (void)file_printf(ms, ", bad note description size 0x%lx",
++		(unsigned long)descsz);
++	    return 0;
++	}
++
++	noff = offset;
++	doff = ELF_ALIGN(offset + namesz);
++
++	if (offset + namesz > size) {
++		/*
++		 * We're past the end of the buffer.
++		 */
++		return doff;
++	}
++
++	offset = ELF_ALIGN(doff + descsz);
++	if (doff + descsz > size) {
++		/*
++		 * We're past the end of the buffer.
++		 */
++		return (offset >= size) ? offset : size;
++	}
++
++	if ((*flags & FLAGS_DID_OS_NOTE) == 0) {
++		if (do_os_note(ms, nbuf, xnh_type, swap,
++		    namesz, descsz, noff, doff, flags))
++			return size;
++	}
++
++	if ((*flags & FLAGS_DID_BUILD_ID) == 0) {
++		if (do_bid_note(ms, nbuf, xnh_type, swap,
++		    namesz, descsz, noff, doff, flags))
++			return size;
++	}
++		
++	if ((*flags & FLAGS_DID_NETBSD_PAX) == 0) {
++		if (do_pax_note(ms, nbuf, xnh_type, swap,
++		    namesz, descsz, noff, doff, flags))
++			return size;
++	}
++
++	if ((*flags & FLAGS_DID_CORE) == 0) {
++		if (do_core_note(ms, nbuf, xnh_type, swap,
++		    namesz, descsz, noff, doff, flags, size, clazz))
++			return size;
++	}
++
++	if (namesz == 7 && strcmp((char *)&nbuf[noff], "NetBSD") == 0) {
++		if (descsz > 100)
++			descsz = 100;
++		switch (xnh_type) {
++	    	case NT_NETBSD_VERSION:
++			return size;
++		case NT_NETBSD_MARCH:
++			if (*flags & FLAGS_DID_NETBSD_MARCH)
++				return size;
++			*flags |= FLAGS_DID_NETBSD_MARCH;
++			if (file_printf(ms, ", compiled for: %.*s",
++			    (int)descsz, (const char *)&nbuf[doff]) == -1)
++				return size;
++			break;
++		case NT_NETBSD_CMODEL:
++			if (*flags & FLAGS_DID_NETBSD_CMODEL)
++				return size;
++			*flags |= FLAGS_DID_NETBSD_CMODEL;
++			if (file_printf(ms, ", compiler model: %.*s",
++			    (int)descsz, (const char *)&nbuf[doff]) == -1)
++				return size;
++			break;
++		default:
++			if (*flags & FLAGS_DID_NETBSD_UNKNOWN)
++				return size;
++			*flags |= FLAGS_DID_NETBSD_UNKNOWN;
++			if (file_printf(ms, ", note=%u", xnh_type) == -1)
++				return size;
++			break;
++		}
++		return size;
++	}
++
+ 	return offset;
+ }
+ 
+@@ -895,16 +987,19 @@ static const cap_desc_t cap_desc_386[] = {
+ 
+ private int
+ doshn(struct magic_set *ms, int clazz, int swap, int fd, off_t off, int num,
+-    size_t size, off_t fsize, int *flags, int mach, int strtab)
++    size_t size, off_t fsize, int mach, int strtab, int *flags,
++    uint16_t *notecount)
+ {
+ 	Elf32_Shdr sh32;
+ 	Elf64_Shdr sh64;
+ 	int stripped = 1;
++	size_t nbadcap = 0;
+ 	void *nbuf;
+ 	off_t noff, coff, name_off;
+ 	uint64_t cap_hw1 = 0;	/* SunOS 5.x hardware capabilites */
+ 	uint64_t cap_sf1 = 0;	/* SunOS 5.x software capabilites */
+ 	char name[50];
++	ssize_t namesize;
+ 
+ 	if (size != xsh_sizeof) {
+ 		if (file_printf(ms, ", corrupted section header size") == -1)
+@@ -913,7 +1008,7 @@ doshn(struct magic_set *ms, int clazz, int swap, int fd, off_t off, int num,
+ 	}
+ 
+ 	/* Read offset of name section to be able to read section names later */
+-	if (pread(fd, xsh_addr, xsh_sizeof, off + size * strtab) == -1) {
++	if (pread(fd, xsh_addr, xsh_sizeof, off + size * strtab) < (ssize_t)xsh_sizeof) {
+ 		file_badread(ms);
+ 		return -1;
+ 	}
+@@ -921,15 +1016,15 @@ doshn(struct magic_set *ms, int clazz, int swap, int fd, off_t off, int num,
+ 
+ 	for ( ; num; num--) {
+ 		/* Read the name of this section. */
+-		if (pread(fd, name, sizeof(name), name_off + xsh_name) == -1) {
++		if ((namesize = pread(fd, name, sizeof(name) - 1, name_off + xsh_name)) == -1) {
+ 			file_badread(ms);
+ 			return -1;
+ 		}
+-		name[sizeof(name) - 1] = '\0';
++		name[namesize] = '\0';
+ 		if (strcmp(name, ".debug_info") == 0)
+ 			stripped = 0;
+ 
+-		if (pread(fd, xsh_addr, xsh_sizeof, off) == -1) {
++		if (pread(fd, xsh_addr, xsh_sizeof, off) < (ssize_t)xsh_sizeof) {
+ 			file_badread(ms);
+ 			return -1;
+ 		}
+@@ -944,7 +1039,7 @@ doshn(struct magic_set *ms, int clazz, int swap, int fd, off_t off, int num,
+ 			stripped = 0;
+ 			break;
+ 		default:
+-			if (xsh_offset > fsize) {
++			if (fsize != SIZE_UNKNOWN && xsh_offset > fsize) {
+ 				/* Perhaps warn here */
+ 				continue;
+ 			}
+@@ -959,7 +1054,7 @@ doshn(struct magic_set *ms, int clazz, int swap, int fd, off_t off, int num,
+ 				    " for note");
+ 				return -1;
+ 			}
+-			if (pread(fd, nbuf, xsh_size, xsh_offset) == -1) {
++			if (pread(fd, nbuf, xsh_size, xsh_offset) < (ssize_t)xsh_size) {
+ 				file_badread(ms);
+ 				free(nbuf);
+ 				return -1;
+@@ -970,7 +1065,7 @@ doshn(struct magic_set *ms, int clazz, int swap, int fd, off_t off, int num,
+ 				if (noff >= (off_t)xsh_size)
+ 					break;
+ 				noff = donote(ms, nbuf, (size_t)noff,
+-				    xsh_size, clazz, swap, 4, flags);
++				    xsh_size, clazz, swap, 4, flags, notecount);
+ 				if (noff == 0)
+ 					break;
+ 			}
+@@ -988,6 +1083,8 @@ doshn(struct magic_set *ms, int clazz, int swap, int fd, off_t off, int num,
+ 				goto skip;
+ 			}
+ 
++			if (nbadcap > 5)
++				break;
+ 			if (lseek(fd, xsh_offset, SEEK_SET) == (off_t)-1) {
+ 				file_badseek(ms);
+ 				return -1;
+@@ -1023,6 +1120,8 @@ doshn(struct magic_set *ms, int clazz, int swap, int fd, off_t off, int num,
+ 					    (unsigned long long)xcap_tag,
+ 					    (unsigned long long)xcap_val) == -1)
+ 						return -1;
++					if (nbadcap++ > 2)
++						coff = xsh_size;
+ 					break;
+ 				}
+ 			}
+@@ -1103,7 +1202,8 @@ doshn(struct magic_set *ms, int clazz, int swap, int fd, off_t off, int num,
+  */
+ private int
+ dophn_exec(struct magic_set *ms, int clazz, int swap, int fd, off_t off,
+-    int num, size_t size, off_t fsize, int *flags, int sh_num)
++    int num, size_t size, off_t fsize, int sh_num, int *flags,
++    uint16_t *notecount)
+ {
+ 	Elf32_Phdr ph32;
+ 	Elf64_Phdr ph64;
+@@ -1120,7 +1220,7 @@ dophn_exec(struct magic_set *ms, int clazz, int swap, int fd, off_t off,
+ 	}
+ 
+   	for ( ; num; num--) {
+-		if (pread(fd, xph_addr, xph_sizeof, off) == -1) {
++		if (pread(fd, xph_addr, xph_sizeof, off) < (ssize_t)xph_sizeof) {
+ 			file_badread(ms);
+ 			return -1;
+ 		}
+@@ -1136,7 +1236,7 @@ dophn_exec(struct magic_set *ms, int clazz, int swap, int fd, off_t off,
+ 			shared_libraries = " (uses shared libs)";
+ 			break;
+ 		default:
+-			if (xph_offset > fsize) {
++			if (fsize != SIZE_UNKNOWN && xph_offset > fsize) {
+ 				/* Maybe warn here? */
+ 				continue;
+ 			}
+@@ -1172,7 +1272,7 @@ dophn_exec(struct magic_set *ms, int clazz, int swap, int fd, off_t off,
+ 					break;
+ 				offset = donote(ms, nbuf, offset,
+ 				    (size_t)bufsize, clazz, swap, align,
+-				    flags);
++				    flags, notecount);
+ 				if (offset == 0)
+ 					break;
+ 			}
+@@ -1203,7 +1303,7 @@ file_tryelf(struct magic_set *ms, int fd, const unsigned char *buf,
+ 	int flags = 0;
+ 	Elf32_Ehdr elf32hdr;
+ 	Elf64_Ehdr elf64hdr;
+-	uint16_t type;
++	uint16_t type, phnum, shnum, notecount;
+ 
+ 	if (ms->flags & (MAGIC_MIME|MAGIC_APPLE))
+ 		return 0;
+@@ -1229,7 +1329,10 @@ file_tryelf(struct magic_set *ms, int fd, const unsigned char *buf,
+   		file_badread(ms);
+ 		return -1;
+ 	}
+-	fsize = st.st_size;
++	if (S_ISREG(st.st_mode))
++		fsize = st.st_size;
++	else
++		fsize = SIZE_UNKNOWN;
+ 
+ 	clazz = buf[EI_CLASS];
+ 
+diff --git a/src/softmagic.c b/src/softmagic.c
+index eaa0f6b..9b11b93 100644
+--- a/src/softmagic.c
++++ b/src/softmagic.c
+@@ -48,11 +48,11 @@ FILE_RCSID("@(#)$File: softmagic.c,v 1.180 2014/03/15 21:47:40 christos Exp $")
+ 
+ 
+ private int match(struct magic_set *, struct magic *, uint32_t,
+-    const unsigned char *, size_t, size_t, int, int, int, int, int *, int *,
+-    int *);
++    const unsigned char *, size_t, size_t, int, int, int, uint16_t,
++    uint16_t *, int *, int *, int *);
+ private int mget(struct magic_set *, const unsigned char *,
+-    struct magic *, size_t, size_t, unsigned int, int, int, int, int, int *,
+-    int *, int *);
++    struct magic *, size_t, size_t, unsigned int, int, int, int, uint16_t,
++    uint16_t *, int *, int *, int *);
+ private int magiccheck(struct magic_set *, struct magic *);
+ private int32_t mprint(struct magic_set *, struct magic *);
+ private int32_t moffset(struct magic_set *, struct magic *);
+@@ -68,6 +68,7 @@ private void cvt_32(union VALUETYPE *, const struct magic *);
+ private void cvt_64(union VALUETYPE *, const struct magic *);
+ 
+ #define OFFSET_OOB(n, o, i)	((n) < (o) || (i) > ((n) - (o)))
++
+ /*
+  * softmagic - lookup one file in parsed, in-memory copy of database
+  * Passed the name and FILE * of one file to be typed.
+@@ -75,14 +76,20 @@ private void cvt_64(union VALUETYPE *, const struct magic *);
+ /*ARGSUSED1*/		/* nbytes passed for regularity, maybe need later */
+ protected int
+ file_softmagic(struct magic_set *ms, const unsigned char *buf, size_t nbytes,
+-    size_t level, int mode, int text)
++    uint16_t indir_level, uint16_t *name_count, int mode, int text)
+ {
+ 	struct mlist *ml;
+ 	int rv, printed_something = 0, need_separator = 0;
++	uint16_t nc;
++
++	if (name_count == NULL) {
++		nc = 0;
++		name_count = &nc;
++	}
+ 	for (ml = ms->mlist[0]->next; ml != ms->mlist[0]; ml = ml->next)
+ 		if ((rv = match(ms, ml->magic, ml->nmagic, buf, nbytes, 0, mode,
+-		    text, 0, level, &printed_something, &need_separator,
+-		    NULL)) != 0)
++		    text, 0, indir_level, name_count,
++		    &printed_something, &need_separator, NULL)) != 0)
+ 			return rv;
+ 
+ 	return 0;
+@@ -118,8 +125,8 @@ file_softmagic(struct magic_set *ms, const unsigned char *buf, size_t nbytes,
+ private int
+ match(struct magic_set *ms, struct magic *magic, uint32_t nmagic,
+     const unsigned char *s, size_t nbytes, size_t offset, int mode, int text,
+-    int flip, int recursion_level, int *printed_something, int *need_separator,
+-    int *returnval)
++    int flip, uint16_t indir_level, uint16_t *name_count,
++    int *printed_something, int *need_separator, int *returnval)
+ {
+ 	uint32_t magindex = 0;
+ 	unsigned int cont_level = 0;
+@@ -156,8 +163,8 @@ match(struct magic_set *ms, struct magic *magic, uint32_t nmagic,
+ 
+ 		/* if main entry matches, print it... */
+ 		switch (mget(ms, s, m, nbytes, offset, cont_level, mode, text,
+-		    flip, recursion_level + 1, printed_something,
+-		    need_separator, returnval)) {
++		    flip, indir_level, name_count,
++		    printed_something, need_separator, returnval)) {
+ 		case -1:
+ 			return -1;
+ 		case 0:
+@@ -245,8 +252,8 @@ match(struct magic_set *ms, struct magic *magic, uint32_t nmagic,
+ 			}
+ #endif
+ 			switch (mget(ms, s, m, nbytes, offset, cont_level, mode,
+-			    text, flip, recursion_level + 1, printed_something,
+-			    need_separator, returnval)) {
++			    text, flip, indir_level, name_count,
++			    printed_something, need_separator, returnval)) {
+ 			case -1:
+ 				return -1;
+ 			case 0:
+@@ -1155,18 +1162,26 @@ mcopy(struct magic_set *ms, union VALUETYPE *p, int type, int indir,
+ private int
+ mget(struct magic_set *ms, const unsigned char *s, struct magic *m,
+     size_t nbytes, size_t o, unsigned int cont_level, int mode, int text,
+-    int flip, int recursion_level, int *printed_something,
+-    int *need_separator, int *returnval)
++    int flip, uint16_t indir_level, uint16_t *name_count,
++    int *printed_something, int *need_separator, int *returnval)
+ {
+-	uint32_t soffset, offset = ms->offset;
++	uint32_t offset = ms->offset;
+ 	uint32_t count = m->str_range;
++	file_pushbuf_t *pb;
+ 	int rv, oneed_separator, in_type;
+-	char *sbuf, *rbuf;
++	char *rbuf;
+ 	union VALUETYPE *p = &ms->ms_value;
+ 	struct mlist ml;
+ 
+-	if (recursion_level >= 20) {
+-		file_error(ms, 0, "recursion nesting exceeded");
++	if (indir_level >= ms->indir_max) {
++		file_error(ms, 0, "indirect recursion nesting (%hu) exceeded",
++		    indir_level);
++		return -1;
++	}
++
++	if (*name_count >= ms->name_max) {
++		file_error(ms, 0, "name use count (%hu) exceeded",
++		    *name_count);
+ 		return -1;
+ 	}
+ 
+@@ -1678,6 +1693,10 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m,
+ 		ms->offset = offset;
+ 
+ 		if ((ms->flags & MAGIC_DEBUG) != 0) {
++ 			fprintf(stderr, "mget(type=%d, flag=%x, offset=%u, o=%zu, "
++			"nbytes=%zu, il=%hu, nc=%hu)\n",
++			m->type, m->flag, offset, o, nbytes,
++			indir_level, *name_count);
+ 			mdebug(offset, (char *)(void *)p,
+ 			    sizeof(union VALUETYPE));
+ #ifndef COMPILE_ONLY
+@@ -1741,19 +1760,23 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m,
+ 	case FILE_INDIRECT:
+ 		if (offset == 0)
+ 			return 0;
++
+ 		if (nbytes < offset)
+ 			return 0;
+-		sbuf = ms->o.buf;
+-		soffset = ms->offset;
+-		ms->o.buf = NULL;
+-		ms->offset = 0;
++
++		if ((pb = file_push_buffer(ms)) == NULL)
++			return -1;
++
+ 		rv = file_softmagic(ms, s + offset, nbytes - offset,
+-		    recursion_level, BINTEST, text);
++		    indir_level + 1, name_count, BINTEST, text);
++
+ 		if ((ms->flags & MAGIC_DEBUG) != 0)
+ 			fprintf(stderr, "indirect @offs=%u[%d]\n", offset, rv);
+-		rbuf = ms->o.buf;
+-		ms->o.buf = sbuf;
+-		ms->offset = soffset;
++
++		rbuf = file_pop_buffer(ms, pb);
++		if (rbuf == NULL && ms->event_flags & EVENT_HAD_ERR)
++			return -1;
++
+ 		if (rv == 1) {
+ 			if ((ms->flags & (MAGIC_MIME|MAGIC_APPLE)) == 0 &&
+ 			    file_printf(ms, F(m->desc, "%u"), offset) == -1) {
+@@ -1771,22 +1794,22 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m,
+ 	case FILE_USE:
+ 		if (nbytes < offset)
+ 			return 0;
+-		sbuf = m->value.s;
+-		if (*sbuf == '^') {
+-			sbuf++;
++		rbuf = m->value.s;
++		if (*rbuf == '^') {
++			rbuf++;
+ 			flip = !flip;
+ 		}
+-		if (file_magicfind(ms, sbuf, &ml) == -1) {
+-			file_error(ms, 0, "cannot find entry `%s'", sbuf);
++		if (file_magicfind(ms, rbuf, &ml) == -1) {
++			file_error(ms, 0, "cannot find entry `%s'", rbuf);
+ 			return -1;
+ 		}
+-
++		(*name_count)++;
+ 		oneed_separator = *need_separator;
+ 		if (m->flag & NOSPACE)
+ 			*need_separator = 0;
+ 		rv = match(ms, ml.magic, ml.nmagic, s, nbytes, offset + o,
+-		    mode, text, flip, recursion_level, printed_something,
+-		    need_separator, returnval);
++		    mode, text, flip, indir_level, name_count,
++		    printed_something, need_separator, returnval);
+ 		if (rv != 1)
+ 		    *need_separator = oneed_separator;
+ 		return rv;
+-- 
+1.9.1
+
diff --git a/meta/recipes-devtools/file/file_5.18.bb b/meta/recipes-devtools/file/file_5.18.bb
index 9068b93..d6e7d61 100644
--- a/meta/recipes-devtools/file/file_5.18.bb
+++ b/meta/recipes-devtools/file/file_5.18.bb
@@ -13,6 +13,7 @@ DEPENDS_class-native = "zlib-native"
 
 SRC_URI = "ftp://ftp.astron.com/pub/file/file-${PV}.tar.gz \
            file://debian-742262.patch \
+           file://file-CVE-2014-9620-and-CVE-2014-9621.patch \
           "
 
 SRC_URI[md5sum] = "d420d8f2990cd344673acfbf8d76ff5a"
-- 
1.9.1

[PATCH 23/61] package.bbclass: Fix support for private libs

[Armin Kuster]

From: Martin Jansa <martin.jansa@gmail.com>

* n is a tuple since this commit:
  commit d3aa7668a9f001044d0a0f1ba2de425a36056102
  Author: Richard Purdie <richard.purdie@linuxfoundation.org>
  Date:   Mon Jul 7 18:41:23 2014 +0100
  Subject package.bbclass: Improve shlibs needed data structure

  since then 'n in private_libs' was always false and private libs
  were always processed
* this is bad when we have libfoo in private libs, but also some package
  providing libfoo, that way we ship own libfoo.so, but together with
  runtime dependency on package providing libfoo

(From OE-Core rev: ec1d379683cedca4be1c252475d02c8041227142)

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/classes/package.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/package.bbclass b/meta/classes/package.bbclass
index 96d7fd9..4685cd2 100644
--- a/meta/classes/package.bbclass
+++ b/meta/classes/package.bbclass
@@ -1572,7 +1572,7 @@ python package_do_shlibs() {
             # /opt/abc/lib/libfoo.so.1 and contains /usr/bin/abc depending on system library libfoo.so.1
             # but skipping it is still better alternative than providing own
             # version and then adding runtime dependency for the same system library
-            if private_libs and n in private_libs:
+            if private_libs and n[0] in private_libs:
                 bb.debug(2, '%s: Dependency %s covered by PRIVATE_LIBS' % (pkg, n[0]))
                 continue
             if n[0] in shlib_provider.keys():
-- 
1.9.1

[PATCH 24/61] guile: fixed installed-vs-shipped error

[Armin Kuster]

From: Robert Yang <liezhi.yang@windriver.com>

Fixed:
guile-2.0.11: guile: Files/directories were installed but not shipped
  /usr/lib64/libguile-2.0*-gdb.scm [installed-vs-shipped]

This is because when there is no file in the directory:
for f in libguile-2.0*; do
    [snip]
done

The f would be libguile-2.0* itself, make sure the libs are installed
firstly will fix the problem.

(From OE-Core rev: adf32ca3d0657cb5d363ae7a3fdb539c6627cf39)

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../guile/files/libguile-Makefile.am-depends.patch | 39 ++++++++++++++++++++++
 meta/recipes-devtools/guile/guile_2.0.11.bb        |  1 +
 2 files changed, 40 insertions(+)
 create mode 100644 meta/recipes-devtools/guile/files/libguile-Makefile.am-depends.patch

diff --git a/meta/recipes-devtools/guile/files/libguile-Makefile.am-depends.patch b/meta/recipes-devtools/guile/files/libguile-Makefile.am-depends.patch
new file mode 100644
index 0000000..1045cbe
--- /dev/null
+++ b/meta/recipes-devtools/guile/files/libguile-Makefile.am-depends.patch
@@ -0,0 +1,39 @@
+From 9c4e120a7a87db34d22a50883a5a525170b480d7 Mon Sep 17 00:00:00 2001
+From: Robert Yang <liezhi.yang@windriver.com>
+Date: Tue, 6 Jan 2015 23:10:51 -0800
+Subject: [PATCH] libguile/Makefile.am: install-data-hook: depends on
+ install-libLTLIBRARIES
+
+It may install such a file:
+/usr/lib64/libguile-2.0*-gdb.scm
+
+This is because when there is no file in the directory:
+for f in libguile-2.0*; do
+    [snip]
+done
+
+The f would be libguile-2.0* itself.
+
+Upstream-Status: Pending
+
+Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
+---
+ libguile/Makefile.am |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libguile/Makefile.am b/libguile/Makefile.am
+index 281faac..fe0a3ba 100644
+--- a/libguile/Makefile.am
++++ b/libguile/Makefile.am
+@@ -449,7 +449,7 @@ EXTRA_libguile_@GUILE_EFFECTIVE_VERSION@_la_SOURCES = _scm.h		\
+ install-exec-hook:
+ 	rm -f $(DESTDIR)$(bindir)/guile-snarf.awk
+ 
+-install-data-hook: libguile-2.0-gdb.scm
++install-data-hook: libguile-2.0-gdb.scm install-libLTLIBRARIES
+ 	@$(MKDIR_P) $(DESTDIR)$(libdir)
+ ## We want to install libguile-2.0-gdb.scm as SOMETHING-gdb.scm.
+ ## SOMETHING is the full name of the final library.  We want to ignore
+-- 
+1.7.9.5
+
diff --git a/meta/recipes-devtools/guile/guile_2.0.11.bb b/meta/recipes-devtools/guile/guile_2.0.11.bb
index bd23c2b..8fda850 100644
--- a/meta/recipes-devtools/guile/guile_2.0.11.bb
+++ b/meta/recipes-devtools/guile/guile_2.0.11.bb
@@ -20,6 +20,7 @@ SRC_URI = "${GNU_MIRROR}/guile/guile-${PV}.tar.xz \
            file://guile_2.0.6_fix_sed_error.patch \
            file://arm_endianness.patch \
            file://workaround-ice-ssa-corruption.patch \
+           file://libguile-Makefile.am-depends.patch \
            "
 
 #           file://debian/0001-Change-guile-to-guile-X.Y-for-info-pages.patch
-- 
1.9.1

[PATCH 25/61] socat: forcibly disable use of libbsd

[Armin Kuster]

From: Ross Burton <ross.burton@intel.com>

Socat will look for openpty() in BSD headers before Linux headers, so if libbsd
is present at configure time then that will be used.  We don't need to depend on
libbsd though, and leaving it floating can cause build errors, so tell configure
that the libbsd header isn't present.

(From OE-Core rev: 7defa2bb5b28ea69f749363a607a114cfa4ba4ed)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-connectivity/socat/socat_1.7.2.4.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-connectivity/socat/socat_1.7.2.4.bb b/meta/recipes-connectivity/socat/socat_1.7.2.4.bb
index efa3b91..44d7220 100644
--- a/meta/recipes-connectivity/socat/socat_1.7.2.4.bb
+++ b/meta/recipes-connectivity/socat/socat_1.7.2.4.bb
@@ -26,6 +26,7 @@ EXTRA_AUTORECONF += "--exclude=autoheader"
 EXTRA_OECONF += "ac_cv_have_z_modifier=yes sc_cv_sys_crdly_shift=9 \
         sc_cv_sys_tabdly_shift=11 sc_cv_sys_csize_shift=4 \
         ac_cv_ispeed_offset=13 \
+        ac_cv_header_bsd_libutil_h=no \
 "
 
 PACKAGECONFIG ??= "tcp-wrappers"
-- 
1.9.1

[PATCH 26/61] perf: Add libdw unwind support to perf-libunwind feature

[Armin Kuster]

From: Tom Zanussi <tom.zanussi@linux.intel.com>

perf can use either libdw or libunwind dwarf unwinders, or neither.
The perf-libunwind feature implies that if disabled, neither should be
used, so have it disable both libdw and libunwind DWARF unwinders if
disabled.

This fixes [YOCTO #7129].

(From OE-Core rev: 868dd446fa2732858813e96dd8f3f64b2a9ec339)

Signed-off-by: Tom Zanussi <tom.zanussi@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-kernel/perf/perf.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-kernel/perf/perf.bb b/meta/recipes-kernel/perf/perf.bb
index 3771cdb..2a47f52 100644
--- a/meta/recipes-kernel/perf/perf.bb
+++ b/meta/recipes-kernel/perf/perf.bb
@@ -64,7 +64,7 @@ B = "${WORKDIR}/${BPN}-${PV}"
 
 SCRIPTING_DEFINES = "${@perf_feature_enabled('perf-scripting', '', 'NO_LIBPERL=1 NO_LIBPYTHON=1',d)}"
 TUI_DEFINES = "${@perf_feature_enabled('perf-tui', '', 'NO_NEWT=1',d)}"
-LIBUNWIND_DEFINES = "${@perf_feature_enabled('perf-libunwind', '', 'NO_LIBUNWIND=1',d)}"
+LIBUNWIND_DEFINES = "${@perf_feature_enabled('perf-libunwind', '', 'NO_LIBUNWIND=1 NO_LIBDW_DWARF_UNWIND=1',d)}"
 
 # The LDFLAGS is required or some old kernels fails due missing
 # symbols and this is preferred than requiring patches to every old
-- 
1.9.1

[PATCH 27/61] perf: Disable perf-libunwind

[Armin Kuster]

From: Tom Zanussi <tom.zanussi@linux.intel.com>

It hasn't actually been being enabled anyway: 'Disabling post unwind,
no support found.'.  For now, turn it off because of [YOCTO #7129].

Fixes [YOCTO #7129].

(From OE-Core rev: d8c839afa96925b27909eb5a7b89ee83c87924bc)

Signed-off-by: Tom Zanussi <tom.zanussi@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-kernel/perf/perf-features.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-kernel/perf/perf-features.inc b/meta/recipes-kernel/perf/perf-features.inc
index 2dbbb47..b8859ab 100644
--- a/meta/recipes-kernel/perf/perf-features.inc
+++ b/meta/recipes-kernel/perf/perf-features.inc
@@ -1,4 +1,4 @@
-PERF_FEATURES_ENABLE ?= "perf-scripting perf-tui perf-libunwind"
+PERF_FEATURES_ENABLE ?= "perf-scripting perf-tui"
 
 def perf_feature_enabled(feature, trueval, falseval, d):
     """
-- 
1.9.1

[PATCH 28/61] dpkg: fix host contamination

[Armin Kuster]

From: Dan McGregor <dan.mcgregor@usask.ca>

Force dpkg to use "tar" on the target.

The dpkg configure script looks for gnutar, gtar, and
tar in order. If it finds gnutar or gtar on the host
it expects to use that as its tar program on the target.
Without this, if gtar exists (as it does on my system) then
dpkg will consistently fail on the target with an error about
gtar not being found.

(From OE-Core rev: 45bcb1ea92f244df4745aca6f9f9556c43e9b6ce)

Signed-off-by: Dan McGregor <dan.mcgregor@usask.ca>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-devtools/dpkg/dpkg.inc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-devtools/dpkg/dpkg.inc b/meta/recipes-devtools/dpkg/dpkg.inc
index 929906d..92d4020 100644
--- a/meta/recipes-devtools/dpkg/dpkg.inc
+++ b/meta/recipes-devtools/dpkg/dpkg.inc
@@ -37,6 +37,8 @@ EXTRA_OECONF = "\
 		--without-selinux \
 		"
 
+EXTRA_OECONF_append_class-target = " TAR=tar"
+
 do_configure () {
     echo >> ${S}/m4/compiler.m4
     sed -i -e 's#PERL_LIBDIR=.*$#PERL_LIBDIR="${libdir}/perl"#' ${S}/configure
-- 
1.9.1

[PATCH 29/61] neard: fix parallel issue

[Armin Kuster]

From: Robert Yang <liezhi.yang@windriver.com>

There might be no src dir if the src/builtin.h runs earlier, create it
to fix the race issue:
src/genbuiltin nfctype1 nfctype2 nfctype3 nfctype4 p2p > src/builtin.h
/bin/sh: src/builtin.h: No such file or directory

(From OE-Core rev: 4b6762b924a561febede13b85330309dbf75da19)

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../neard/Makefile.am-fix-parallel-issue.patch     | 33 ++++++++++++++++++++++
 meta/recipes-connectivity/neard/neard_0.14.bb      |  1 +
 2 files changed, 34 insertions(+)
 create mode 100644 meta/recipes-connectivity/neard/neard/Makefile.am-fix-parallel-issue.patch

diff --git a/meta/recipes-connectivity/neard/neard/Makefile.am-fix-parallel-issue.patch b/meta/recipes-connectivity/neard/neard/Makefile.am-fix-parallel-issue.patch
new file mode 100644
index 0000000..4660676
--- /dev/null
+++ b/meta/recipes-connectivity/neard/neard/Makefile.am-fix-parallel-issue.patch
@@ -0,0 +1,33 @@
+From 43acc56d5506c7e318f717fb3634bc16e3438913 Mon Sep 17 00:00:00 2001
+From: Robert Yang <liezhi.yang@windriver.com>
+Date: Thu, 15 Jan 2015 18:12:07 -0800
+Subject: [PATCH] Makefile.am: fix parallel issue
+
+There might be no src dir if src/builtin.h runs earlier, create it to
+fix the race issue:
+
+src/genbuiltin nfctype1 nfctype2 nfctype3 nfctype4 p2p > src/builtin.h
+/bin/sh: src/builtin.h: No such file or directory
+
+Upstream-Status: Pending
+
+Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
+---
+ Makefile.am |    1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/Makefile.am b/Makefile.am
+index 3241311..a43eaa2 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -164,6 +164,7 @@ MAINTAINERCLEANFILES = Makefile.in \
+ src/plugin.$(OBJEXT): src/builtin.h
+ 
+ src/builtin.h: src/genbuiltin $(builtin_sources)
++	$(AM_V_at)$(MKDIR_P) src
+ 	$(AM_V_GEN)$(srcdir)/src/genbuiltin $(builtin_modules) > $@
+ 
+ $(src_neard_OBJECTS) \
+-- 
+1.7.9.5
+
diff --git a/meta/recipes-connectivity/neard/neard_0.14.bb b/meta/recipes-connectivity/neard/neard_0.14.bb
index daf3a4b..2fb47cc 100644
--- a/meta/recipes-connectivity/neard/neard_0.14.bb
+++ b/meta/recipes-connectivity/neard/neard_0.14.bb
@@ -4,6 +4,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/network/nfc/${BPN}-${PV}.tar.xz \
            file://parallel-build.patch \
            file://neard.in \
            file://neard.service.in \
+           file://Makefile.am-fix-parallel-issue.patch \
           "
 SRC_URI[md5sum] = "692ba2653d60155255244c87396c486b"
 SRC_URI[sha256sum] = "6ea724b443d39d679168fc7776a965d1f64727c3735391df2c01469ee7cd8cca"
-- 
1.9.1

[PATCH 30/61] perl: Backport fix for bug #123591

[Armin Kuster]

From: Gary Thomas <gary@mlbassoc.com>

This patch fixes a crash in perl when using formatted strings @...

(From OE-Core rev: 6ff3776bb7f1a7ba2fc641bfd9b8546c4bb02466)

Signed-off-by: Gary Thomas <gary@mlbassoc.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../perl/perl-5.20.0/fix-FF_MORE-crash.patch        | 21 +++++++++++++++++++++
 meta/recipes-devtools/perl/perl_5.20.0.bb           |  1 +
 2 files changed, 22 insertions(+)
 create mode 100644 meta/recipes-devtools/perl/perl-5.20.0/fix-FF_MORE-crash.patch

diff --git a/meta/recipes-devtools/perl/perl-5.20.0/fix-FF_MORE-crash.patch b/meta/recipes-devtools/perl/perl-5.20.0/fix-FF_MORE-crash.patch
new file mode 100644
index 0000000..9ec041c
--- /dev/null
+++ b/meta/recipes-devtools/perl/perl-5.20.0/fix-FF_MORE-crash.patch
@@ -0,0 +1,21 @@
+Upstream-Status: Backport
+Reference: https://rt.perl.org/Public/Bug/Display.html?id=123591
+  From 62db6ea5fed19611596cbc5fc0b8a4df2c604e58 Mon Sep 17 00:00:00 2001
+  From: Tony Cook <tony@develop-help.com>
+  Date: Mon, 19 Jan 2015 16:03:18 +1100
+  Subject: [PATCH 1/1] [perl #123538] always set chophere and itembytes at the same time
+
+  Previously this would crash in FF_MORE because chophere was still NULL.
+
+Signed-off-by: Gary Thomas <gary@mlbassoc.com>
+Index: perl-5.20.0/pp_ctl.c
+===================================================================
+--- perl-5.20.0.orig/pp_ctl.c
++++ perl-5.20.0/pp_ctl.c
+@@ -590,6 +590,7 @@ PP(pp_formline)
+                         break;
+                 }
+                 itembytes = s - item;
++                chophere = s;
+ 		break;
+ 	    }
diff --git a/meta/recipes-devtools/perl/perl_5.20.0.bb b/meta/recipes-devtools/perl/perl_5.20.0.bb
index 3ca0f53..bc7866b 100644
--- a/meta/recipes-devtools/perl/perl_5.20.0.bb
+++ b/meta/recipes-devtools/perl/perl_5.20.0.bb
@@ -63,6 +63,7 @@ SRC_URI += " \
 	file://fix_bad_rpath.patch \
 	file://perl-archlib-exp.patch \
 	file://dynaloaderhack.patch \
+	file://fix-FF_MORE-crash.patch \
 	\
         \
         file://config.sh \
-- 
1.9.1

[PATCH 31/61] glibc: CVE-2014-9402 endless loop in getaddr_r

[Armin Kuster]

From: Armin Kuster <akuster@mvista.com>

The getnetbyname function in glibc 2.21 in earlier will enter an infinite loop
if the DNS backend is activated in the system Name Service Switch
configuration, and the DNS resolver receives a positive answer while processing
the network name.

(From OE-Core rev: f03bf84c179f69ef4800ed92a4a9d9401d0e5966)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../CVE-2014-9402_endless-loop-in-getaddr_r.patch  | 65 ++++++++++++++++++++++
 meta/recipes-core/glibc/glibc_2.20.bb              |  1 +
 2 files changed, 66 insertions(+)
 create mode 100644 meta/recipes-core/glibc/glibc/CVE-2014-9402_endless-loop-in-getaddr_r.patch

diff --git a/meta/recipes-core/glibc/glibc/CVE-2014-9402_endless-loop-in-getaddr_r.patch b/meta/recipes-core/glibc/glibc/CVE-2014-9402_endless-loop-in-getaddr_r.patch
new file mode 100644
index 0000000..ba1da67
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2014-9402_endless-loop-in-getaddr_r.patch
@@ -0,0 +1,65 @@
+CVE-2014-9402 endless loop in getaddr_r
+
+
+https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=11e3417af6e354f1942c68a271ae51e892b2814d
+
+Upstream-Status: Backport
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+From 11e3417af6e354f1942c68a271ae51e892b2814d Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 15 Dec 2014 17:41:13 +0100
+Subject: [PATCH] Avoid infinite loop in nss_dns getnetbyname [BZ #17630]
+
+---
+ ChangeLog                    | 6 ++++++
+ NEWS                         | 7 +++++--
+ resolv/nss_dns/dns-network.c | 4 ++--
+ 3 files changed, 13 insertions(+), 4 deletions(-)
+
+Index: git/NEWS
+===================================================================
+--- git.orig/NEWS
++++ git/NEWS
+@@ -24,7 +24,10 @@ Version 2.20
+   17031, 17042, 17048, 17050, 17058, 17061, 17062, 17069, 17075, 17078,
+   17079, 17084, 17086, 17088, 17092, 17097, 17125, 17135, 17137, 17150,
+   17153, 17187, 17213, 17259, 17261, 17262, 17263, 17319, 17325, 17354,
+-  17625.
++  17625, 17630.
++
++* The nss_dns implementation of getnetbyname could run into an infinite loop
++  if the DNS response contained a PTR record of an unexpected format.
+ 
+ * CVE-2104-7817 The wordexp function could ignore the WRDE_NOCMD flag
+   under certain input conditions resulting in the execution of a shell for
+Index: git/resolv/nss_dns/dns-network.c
+===================================================================
+--- git.orig/resolv/nss_dns/dns-network.c
++++ git/resolv/nss_dns/dns-network.c
+@@ -398,8 +398,8 @@ getanswer_r (const querybuf *answer, int
+ 
+ 	case BYNAME:
+ 	  {
+-	    char **ap = result->n_aliases++;
+-	    while (*ap != NULL)
++	    char **ap;
++	    for (ap = result->n_aliases; *ap != NULL; ++ap)
+ 	      {
+ 		/* Check each alias name for being of the forms:
+ 		   4.3.2.1.in-addr.arpa		= net 1.2.3.4
+Index: git/ChangeLog
+===================================================================
+--- git.orig/ChangeLog
++++ git/ChangeLog
+@@ -1,3 +1,9 @@
++2014-12-16  Florian Weimer  <fweimer@redhat.com>
++
++       [BZ #17630]
++       * resolv/nss_dns/dns-network.c (getanswer_r): Iterate over alias
++       names.
++
+ 2014-12-15  Jeff Law  <law@redhat.com>
+ 
+    [BZ #16617]
diff --git a/meta/recipes-core/glibc/glibc_2.20.bb b/meta/recipes-core/glibc/glibc_2.20.bb
index f67fbfd..8a8b296 100644
--- a/meta/recipes-core/glibc/glibc_2.20.bb
+++ b/meta/recipes-core/glibc/glibc_2.20.bb
@@ -44,6 +44,7 @@ EGLIBCPATCHES = "\
 CVEPATCHES = "\
         file://CVE-2014-7817-wordexp-fails-to-honour-WRDE_NOCMD.patch \
         file://CVE-2012-3406-Stack-overflow-in-vfprintf-BZ-16617.patch \
+        file://CVE-2014-9402_endless-loop-in-getaddr_r.patch \
     "
 LIC_FILES_CHKSUM = "file://LICENSES;md5=e9a558e243b36d3209f380deb394b213 \
       file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
-- 
1.9.1

[PATCH 32/61] gcc: ensure target gcc headers can be included

[Armin Kuster]

From: Paul Eggleton <paul.eggleton@linux.intel.com>

There are a few headers installed as part of gcc-runtime (omp.h,
ssp/*.h). Being installed from a recipe built for the target
architecture, these are within the target sysroot and not
cross/nativesdk; thus they weren't able to be found by gcc with the
existing search paths. Add support for picking up these headers
under the sysroot supplied on the gcc command line in order to
resolve this.

Thanks to Richard Purdie for giving me a number of pointers during
fixing this issue.

Fixes [YOCTO #7141].

(From OE-Core rev: 5c87bb9ac2b35b3f8cf2b7d3e4507e7013115162)

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-devtools/gcc/gcc-4.8.inc              |  1 +
 .../gcc/gcc-4.8/target-gcc-includedir.patch        | 81 ++++++++++++++++++++++
 meta/recipes-devtools/gcc/gcc-4.9.inc              |  1 +
 .../gcc/gcc-4.9/target-gcc-includedir.patch        | 81 ++++++++++++++++++++++
 4 files changed, 164 insertions(+)
 create mode 100644 meta/recipes-devtools/gcc/gcc-4.8/target-gcc-includedir.patch
 create mode 100644 meta/recipes-devtools/gcc/gcc-4.9/target-gcc-includedir.patch

diff --git a/meta/recipes-devtools/gcc/gcc-4.8.inc b/meta/recipes-devtools/gcc/gcc-4.8.inc
index 18a6692..06e6982 100644
--- a/meta/recipes-devtools/gcc/gcc-4.8.inc
+++ b/meta/recipes-devtools/gcc/gcc-4.8.inc
@@ -73,6 +73,7 @@ SRC_URI = "\
     file://0049-Enable-SPE-AltiVec-generation-on-powepc-linux-target.patch \
     file://0050-PR-target-58595.patch \
     file://0052-PR-rtl-optimization-61801.patch \
+    file://target-gcc-includedir.patch \
 "
 SRC_URI[md5sum] = "a3d7d63b9cb6b6ea049469a0c4a43c9d"
 SRC_URI[sha256sum] = "09dc2276c73424bbbfda1dbddc62bbbf900c9f185acf7f3e1d773ce2d7e3cdc8"
diff --git a/meta/recipes-devtools/gcc/gcc-4.8/target-gcc-includedir.patch b/meta/recipes-devtools/gcc/gcc-4.8/target-gcc-includedir.patch
new file mode 100644
index 0000000..f48c66d
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc-4.8/target-gcc-includedir.patch
@@ -0,0 +1,81 @@
+Ensure target gcc headers can be included
+
+There are a few headers installed as part of the OpenEmbedded
+gcc-runtime target (omp.h, ssp/*.h). Being installed from a recipe
+built for the target architecture, these are within the target
+sysroot and not cross/nativesdk; thus they weren't able to be
+found by gcc with the existing search paths. Add support for
+picking up these headers under the sysroot supplied on the gcc
+command line in order to resolve this.
+
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+Upstream-Status: Pending
+
+--- a/gcc/Makefile.in	2014-12-23 11:57:33.327873331 +0000
++++ b/gcc/Makefile.in	2015-01-21 11:32:35.447305394 +0000
+@@ -587,6 +587,7 @@
+ 
+ # Directory in which the compiler finds libraries etc.
+ libsubdir = $(libdir)/gcc/$(target_noncanonical)/$(version)
++libsubdir_target = gcc/$(target_noncanonical)/$(version)
+ # Directory in which the compiler finds executables
+ libexecsubdir = $(libexecdir)/gcc/$(target_noncanonical)/$(version)
+ # Directory in which all plugin resources are installed
+@@ -2534,6 +2535,7 @@
+ 
+ PREPROCESSOR_DEFINES = \
+   -DGCC_INCLUDE_DIR=\"$(libsubdir)/include\" \
++  -DGCC_INCLUDE_SUBDIR_TARGET=\"$(libsubdir_target)/include\" \
+   -DFIXED_INCLUDE_DIR=\"$(libsubdir)/include-fixed\" \
+   -DGPLUSPLUS_INCLUDE_DIR=\"$(gcc_gxx_include_dir)\" \
+   -DGPLUSPLUS_INCLUDE_DIR_ADD_SYSROOT=$(gcc_gxx_include_dir_add_sysroot) \
+--- a/gcc/cppdefault.c	2015-01-13 17:40:26.131012725 +0000
++++ b/gcc/cppdefault.c	2015-01-21 11:30:08.928426492 +0000
+@@ -59,6 +59,10 @@
+     /* This is the dir for gcc's private headers.  */
+     { GCC_INCLUDE_DIR, "GCC", 0, 0, 0, 0 },
+ #endif
++#ifdef GCC_INCLUDE_SUBDIR_TARGET
++    /* This is the dir for gcc's private headers under the specified sysroot.  */
++    { STANDARD_STARTFILE_PREFIX_2 GCC_INCLUDE_SUBDIR_TARGET, "GCC", 0, 0, 1, 0 },
++#endif
+ #ifdef LOCAL_INCLUDE_DIR
+     /* /usr/local/include comes before the fixincluded header files.  */
+     { LOCAL_INCLUDE_DIR, 0, 0, 1, 1, 2 },
+diff --git a/gcc/defaults.h b/gcc/defaults.h
+index f94ae17..d98b40b 100644
+--- a/gcc/defaults.h
++++ b/gcc/defaults.h
+@@ -1390,4 +1390,13 @@ see the files COPYING3 and COPYING.RUNTIME respectively.  If not, see
+ 
+ #endif /* GCC_INSN_FLAGS_H  */
+ 
++/* Default prefixes to attach to command names.  */
++
++#ifndef STANDARD_STARTFILE_PREFIX_1
++#define STANDARD_STARTFILE_PREFIX_1 "/lib/"
++#endif
++#ifndef STANDARD_STARTFILE_PREFIX_2
++#define STANDARD_STARTFILE_PREFIX_2 "/usr/lib/"
++#endif
++
+ #endif  /* ! GCC_DEFAULTS_H */
+diff --git a/gcc/gcc.c b/gcc/gcc.c
+index 9f0b781..174fca8 100644
+--- a/gcc/gcc.c
++++ b/gcc/gcc.c
+@@ -1189,13 +1189,6 @@ static const char *gcc_libexec_prefix;
+ 
+ /* Default prefixes to attach to command names.  */
+ 
+-#ifndef STANDARD_STARTFILE_PREFIX_1
+-#define STANDARD_STARTFILE_PREFIX_1 "/lib/"
+-#endif
+-#ifndef STANDARD_STARTFILE_PREFIX_2
+-#define STANDARD_STARTFILE_PREFIX_2 "/usr/lib/"
+-#endif
+-
+ #ifdef CROSS_DIRECTORY_STRUCTURE  /* Don't use these prefixes for a cross compiler.  */
+ #undef MD_EXEC_PREFIX
+ #undef MD_STARTFILE_PREFIX
diff --git a/meta/recipes-devtools/gcc/gcc-4.9.inc b/meta/recipes-devtools/gcc/gcc-4.9.inc
index 8769128..c88a496 100644
--- a/meta/recipes-devtools/gcc/gcc-4.9.inc
+++ b/meta/recipes-devtools/gcc/gcc-4.9.inc
@@ -73,6 +73,7 @@ SRC_URI = "\
     file://0056-top-level-reorder_gcc-bug-61144.patch \
     file://0058-gcc-r212171.patch \
     file://0059-gcc-PR-rtl-optimization-63348.patch \
+    file://target-gcc-includedir.patch \
 "
 SRC_URI[md5sum] = "fddf71348546af523353bd43d34919c1"
 SRC_URI[sha256sum] = "d334781a124ada6f38e63b545e2a3b8c2183049515a1abab6d513f109f1d717e"
diff --git a/meta/recipes-devtools/gcc/gcc-4.9/target-gcc-includedir.patch b/meta/recipes-devtools/gcc/gcc-4.9/target-gcc-includedir.patch
new file mode 100644
index 0000000..f48c66d
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc-4.9/target-gcc-includedir.patch
@@ -0,0 +1,81 @@
+Ensure target gcc headers can be included
+
+There are a few headers installed as part of the OpenEmbedded
+gcc-runtime target (omp.h, ssp/*.h). Being installed from a recipe
+built for the target architecture, these are within the target
+sysroot and not cross/nativesdk; thus they weren't able to be
+found by gcc with the existing search paths. Add support for
+picking up these headers under the sysroot supplied on the gcc
+command line in order to resolve this.
+
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+Upstream-Status: Pending
+
+--- a/gcc/Makefile.in	2014-12-23 11:57:33.327873331 +0000
++++ b/gcc/Makefile.in	2015-01-21 11:32:35.447305394 +0000
+@@ -587,6 +587,7 @@
+ 
+ # Directory in which the compiler finds libraries etc.
+ libsubdir = $(libdir)/gcc/$(target_noncanonical)/$(version)
++libsubdir_target = gcc/$(target_noncanonical)/$(version)
+ # Directory in which the compiler finds executables
+ libexecsubdir = $(libexecdir)/gcc/$(target_noncanonical)/$(version)
+ # Directory in which all plugin resources are installed
+@@ -2534,6 +2535,7 @@
+ 
+ PREPROCESSOR_DEFINES = \
+   -DGCC_INCLUDE_DIR=\"$(libsubdir)/include\" \
++  -DGCC_INCLUDE_SUBDIR_TARGET=\"$(libsubdir_target)/include\" \
+   -DFIXED_INCLUDE_DIR=\"$(libsubdir)/include-fixed\" \
+   -DGPLUSPLUS_INCLUDE_DIR=\"$(gcc_gxx_include_dir)\" \
+   -DGPLUSPLUS_INCLUDE_DIR_ADD_SYSROOT=$(gcc_gxx_include_dir_add_sysroot) \
+--- a/gcc/cppdefault.c	2015-01-13 17:40:26.131012725 +0000
++++ b/gcc/cppdefault.c	2015-01-21 11:30:08.928426492 +0000
+@@ -59,6 +59,10 @@
+     /* This is the dir for gcc's private headers.  */
+     { GCC_INCLUDE_DIR, "GCC", 0, 0, 0, 0 },
+ #endif
++#ifdef GCC_INCLUDE_SUBDIR_TARGET
++    /* This is the dir for gcc's private headers under the specified sysroot.  */
++    { STANDARD_STARTFILE_PREFIX_2 GCC_INCLUDE_SUBDIR_TARGET, "GCC", 0, 0, 1, 0 },
++#endif
+ #ifdef LOCAL_INCLUDE_DIR
+     /* /usr/local/include comes before the fixincluded header files.  */
+     { LOCAL_INCLUDE_DIR, 0, 0, 1, 1, 2 },
+diff --git a/gcc/defaults.h b/gcc/defaults.h
+index f94ae17..d98b40b 100644
+--- a/gcc/defaults.h
++++ b/gcc/defaults.h
+@@ -1390,4 +1390,13 @@ see the files COPYING3 and COPYING.RUNTIME respectively.  If not, see
+ 
+ #endif /* GCC_INSN_FLAGS_H  */
+ 
++/* Default prefixes to attach to command names.  */
++
++#ifndef STANDARD_STARTFILE_PREFIX_1
++#define STANDARD_STARTFILE_PREFIX_1 "/lib/"
++#endif
++#ifndef STANDARD_STARTFILE_PREFIX_2
++#define STANDARD_STARTFILE_PREFIX_2 "/usr/lib/"
++#endif
++
+ #endif  /* ! GCC_DEFAULTS_H */
+diff --git a/gcc/gcc.c b/gcc/gcc.c
+index 9f0b781..174fca8 100644
+--- a/gcc/gcc.c
++++ b/gcc/gcc.c
+@@ -1189,13 +1189,6 @@ static const char *gcc_libexec_prefix;
+ 
+ /* Default prefixes to attach to command names.  */
+ 
+-#ifndef STANDARD_STARTFILE_PREFIX_1
+-#define STANDARD_STARTFILE_PREFIX_1 "/lib/"
+-#endif
+-#ifndef STANDARD_STARTFILE_PREFIX_2
+-#define STANDARD_STARTFILE_PREFIX_2 "/usr/lib/"
+-#endif
+-
+ #ifdef CROSS_DIRECTORY_STRUCTURE  /* Don't use these prefixes for a cross compiler.  */
+ #undef MD_EXEC_PREFIX
+ #undef MD_STARTFILE_PREFIX
-- 
1.9.1

[PATCH 33/61] boost: Avoid to use local host configuration

[Armin Kuster]

From: Fabien Proriol <fabien.proriol@jdsu.com>

(From OE-Core rev: 6586aeb3e26d58322c169dfef0228a425fe5d3fa)

Signed-off-by: Fabien Proriol <fabien.proriol@jdsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-support/boost/boost.inc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-support/boost/boost.inc b/meta/recipes-support/boost/boost.inc
index d34ca7c..069b1c8 100644
--- a/meta/recipes-support/boost/boost.inc
+++ b/meta/recipes-support/boost/boost.inc
@@ -90,7 +90,8 @@ EQD = '\"'
 #boost.bb:   "...  '-sGCC=... '${SQD}'-DBOOST_PLATFORM_CONFIG=${EQD}config${EQD}'${SQD} ..."
 BJAM_CONF = "${SQD}'-DBOOST_PLATFORM_CONFIG=${EQD}boost/config/platform/${TARGET_OS}.hpp${EQD}'${SQD}"
 
-BJAM_TOOLS   = "-sTOOLS=gcc \
+BJAM_TOOLS   = "--ignore-site-config \
+		'-sTOOLS=gcc' \
 		'-sGCC=${CC} '${BJAM_CONF} \
 		'-sGXX=${CXX} '${BJAM_CONF} \
 		'-sGCC_INCLUDE_DIRECTORY=${STAGING_INCDIR}' \
-- 
1.9.1

[PATCH 34/61] perf: fix for rebuilding

[Armin Kuster]

From: Robert Yang <liezhi.yang@windriver.com>

Fix for rebuilding error:
make[3]: *** No rule to make target `/path/to/sysroots/qemuarm64/usr/src/kernel/tools/lib/traceevent//trace-seq.c',
needed by `.trace-seq.d'.  Stop.
make[2]: *** [sub-make] Error 2

(From OE-Core rev: 9dafa571ed0a40d21a886dec7704c31150b21942)

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-kernel/perf/perf.bb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/meta/recipes-kernel/perf/perf.bb b/meta/recipes-kernel/perf/perf.bb
index 2a47f52..19772d8 100644
--- a/meta/recipes-kernel/perf/perf.bb
+++ b/meta/recipes-kernel/perf/perf.bb
@@ -115,6 +115,10 @@ do_install() {
 }
 
 do_configure_prepend () {
+    # Fix for rebuilding
+    rm -rf ${B}/
+    mkdir ${B}/
+
     #kernels before 3.1 do not support WERROR env variable
     sed -i 's,-Werror ,,' ${S}/tools/perf/Makefile
     if [ -e "${S}/tools/perf/config/Makefile" ]; then
-- 
1.9.1

[PATCH 35/61] oeqa/utils/decorators: Try and improve ugly _ErrorHandler tracebacks

[Armin Kuster]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

Currently, if one module is skipped, any other module calling skipModule
causes tracebacks about _ErrorHandler not having a _testMethodName
method.

This reworks the code in a way to avoid some of the problems by using
the id() method of the objects. It also maps to the correct name
format rather than "setupModule" or just skiping the item entirely.

(From OE-Core rev: 78d3bf2e4c88779df32b9dfbe8362dc24e9ad080)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/lib/oeqa/utils/decorators.py | 23 +++++++++++++++--------
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/meta/lib/oeqa/utils/decorators.py b/meta/lib/oeqa/utils/decorators.py
index 7f845db..40bd4ef 100644
--- a/meta/lib/oeqa/utils/decorators.py
+++ b/meta/lib/oeqa/utils/decorators.py
@@ -18,14 +18,21 @@ class getResults(object):
         upperf = sys._current_frames().values()[0]
         while (upperf.f_globals['__name__'] != 'unittest.case'):
             upperf = upperf.f_back
-        self.faillist = [ seq[0]._testMethodName for seq in upperf.f_locals['result'].failures ]
-        self.errorlist = [ seq[0]._testMethodName for seq in upperf.f_locals['result'].errors ]
-        #ignore the _ErrorHolder objects from the skipped tests list
-        self.skiplist = []
-        for seq in upperf.f_locals['result'].skipped:
-            try:
-                self.skiplist.append(seq[0]._testMethodName)
-            except: pass
+
+        def handleList(items):
+            ret = []
+            # items is a list of tuples, (test, failure) or (_ErrorHandler(), Exception())
+            for i in items:
+                s = i[0].id()
+                #Handle the _ErrorHolder objects from skipModule failures
+                if "setUpModule (" in s:
+                    ret.append(s.replace("setUpModule (", "").replace(")",""))
+                else:
+                    ret.append(s)
+            return ret
+        self.faillist = handleList(upperf.f_locals['result'].failures)
+        self.errorlist = handleList(upperf.f_locals['result'].errors)
+        self.skiplist = handleList(upperf.f_locals['result'].skipped)
 
     def getFailList(self):
         return self.faillist
-- 
1.9.1

[PATCH 36/61] fix '[[: not found' error message using dash

[Armin Kuster]

From: Vincent Génieux <vincent2014@startigen.fr>

Remove bash specific syntax '[[ test ]]' replaced with '[ test ]'.

Fixes [YOCTO #7112]

(From OE-Core rev: f2ff849d5936d3dc5e24301e0620da265df50fea)

Signed-off-by: Vincent Génieux <vincent2014@startigen.fr>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/classes/kernel.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/kernel.bbclass b/meta/classes/kernel.bbclass
index 70ed95b..2a6ec34 100644
--- a/meta/classes/kernel.bbclass
+++ b/meta/classes/kernel.bbclass
@@ -403,7 +403,7 @@ do_strip() {
 			  gawk '{print $1}'`
 
 		for str in ${KERNEL_IMAGE_STRIP_EXTRA_SECTIONS}; do {
-			if [[ "$headers" != *"$str"* ]]; then
+			if [ "$headers" != *"$str"* ]; then
 				bbwarn "Section not found: $str";
 			fi
 
-- 
1.9.1

[PATCH 37/61] lib/oe/package: Ensure strip breaks hardlinks

[Armin Kuster]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

Normally, strip preserves hardlinks which in the case of the way our hardlink
rather than copy functionality works, is a disadvantage and leads to non-deterministic
builds. This adds a move into place after the strip operation to ensure hardlinks
are broken and we bring back build determinism.

(From OE-Core rev: 7c0fd561bad0250a00cef63e3d787573112a59cf)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/lib/oe/package.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/meta/lib/oe/package.py b/meta/lib/oe/package.py
index f8b5322..a26a631 100644
--- a/meta/lib/oe/package.py
+++ b/meta/lib/oe/package.py
@@ -30,7 +30,8 @@ def runstrip(arg):
     elif elftype & 8 or elftype & 4:
         extraflags = "--remove-section=.comment --remove-section=.note"
 
-    stripcmd = "'%s' %s '%s'" % (strip, extraflags, file)
+    # Use mv to break hardlinks
+    stripcmd = "'%s' %s '%s' -o '%s.tmp' && mv '%s.tmp' '%s'" % (strip, extraflags, file, file, file, file)
     bb.debug(1, "runstrip: %s" % stripcmd)
 
     ret = subprocess.call(stripcmd, shell=True)
-- 
1.9.1

[PATCH 38/61] bind: fix typo chown->chmod

[Armin Kuster]

From: Ting Liu <ting.liu@freescale.com>

(From OE-Core rev: a6ee74222b43d0bb7fe9ef0072ede78f82a5e446)

Signed-off-by: Ting Liu <ting.liu@freescale.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-connectivity/bind/bind/conf.patch           | 2 +-
 meta/recipes-connectivity/bind/bind/generate-rndc-key.sh | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-connectivity/bind/bind/conf.patch b/meta/recipes-connectivity/bind/bind/conf.patch
index 2785c6a..432c874 100644
--- a/meta/recipes-connectivity/bind/bind/conf.patch
+++ b/meta/recipes-connectivity/bind/bind/conf.patch
@@ -261,7 +261,7 @@ diff -urN bind-9.3.1.orig/init.d bind-9.3.1/init.d
 +	modprobe capability >/dev/null 2>&1 || true
 +	if [ ! -f /etc/bind/rndc.key ]; then
 +	    /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom
-+	    chown 0640 /etc/bind/rndc.key
++	    chmod 0640 /etc/bind/rndc.key
 +	fi
 +	if [ -f /var/run/named/named.pid ]; then
 +	    ps `cat /var/run/named/named.pid` > /dev/null && exit 1
diff --git a/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh b/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh
index c2e88bf..db20127 100644
--- a/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh
+++ b/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh
@@ -3,5 +3,5 @@
 if [ ! -s /etc/bind/rndc.key ]; then
     echo -n "Generating /etc/bind/rndc.key:"
     /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom
-    chown 0640 /etc/bind/rndc.key
+    chmod 0640 /etc/bind/rndc.key
 fi
-- 
1.9.1

[PATCH 39/61] distcc: fix initscript can not stop distcc daemon correctly

[Armin Kuster]

From: Hongxu Jia <hongxu.jia@windriver.com>

The distcc's initscript has used option '--pid-file' to save daemon
process id, but it didn't to create that file, that caused start/stop
distcc daemon failed.

We refer what Ubuntu 14.04 did, create pid file before start and
delete it after stop

[YOCTO #7090]

(From OE-Core rev: 3b0d6c7c324f0283cfab10445d1a5a3bf2526598)

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-devtools/distcc/files/distcc | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/meta/recipes-devtools/distcc/files/distcc b/meta/recipes-devtools/distcc/files/distcc
index c7c414d..e36f0fa 100755
--- a/meta/recipes-devtools/distcc/files/distcc
+++ b/meta/recipes-devtools/distcc/files/distcc
@@ -51,6 +51,9 @@ should_start() {
 		echo "$DAEMON not starting"
 		exit 0
 	fi
+	# we need permission to write to the pid file
+	touch /var/run/$NAME.pid
+	chown distcc /var/run/$NAME.pid
 }
 
 case "$1" in
@@ -75,6 +78,7 @@ case "$1" in
 	    echo "$0: stop failed with error code $code" >&2
 	    exit $code
 	}
+	rm -f /var/run/$NAME.pid >/dev/null 2>&1
 	echo "."
 	;;
   restart|force-reload)
@@ -92,6 +96,7 @@ case "$1" in
 		--exec $DAEMON -- $DAEMON_ARGS $ALLOW ||
 	{
 	    code=$?
+	    rm -f /var/run/$NAME.pid >/dev/null 2>&1
 	    echo "$0: restart failed with error code $code" >&2
 	    exit $code
 	}
-- 
1.9.1

[PATCH 40/61] gcc/libgcc-common.inc: Add missing 'fakeroot' to two tasks

[Armin Kuster]

From: Mark Hatle <mark.hatle@windriver.com>

Without the fakeroot flag the two tasks may create files or
symbolic links that end up being owned by the user and not
root:root as expected.

(From OE-Core rev: 7e9fd9d34a540fdfc1243d059d1f13f1d09864d2)

Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-devtools/gcc/libgcc-common.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-devtools/gcc/libgcc-common.inc b/meta/recipes-devtools/gcc/libgcc-common.inc
index 1e1e1c1..3101762 100644
--- a/meta/recipes-devtools/gcc/libgcc-common.inc
+++ b/meta/recipes-devtools/gcc/libgcc-common.inc
@@ -54,7 +54,7 @@ addtask multilib_install after do_install before do_package do_populate_sysroot
 # by creating this symlink to it
 #    /usr/lib64/x86_64-poky-linux/4.7/32
 
-python do_multilib_install() {
+fakeroot python do_multilib_install() {
     import re
 
     multilibs = d.getVar('MULTILIB_VARIANTS', True)
@@ -117,7 +117,7 @@ python do_multilib_install() {
 }
 
 addtask extra_symlinks after do_multilib_install before do_package do_populate_sysroot
-python do_extra_symlinks() {
+fakeroot python do_extra_symlinks() {
     targetsysnoext = d.getVar('TARGET_SYS_NO_EXTENSION', True)
 
     if targetsysnoext != d.getVar('TARGET_SYS', True):
-- 
1.9.1

[PATCH 41/61] image_types.bbclass: fixed 'init' creation for cpio images

[Armin Kuster]

From: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>

When /init is a dangling symlink or a symlink to a file which can not be
stated on the build system (e.g. due to SELinux restrictions), the '[ !
-e .../init ]' test will succeed which causes the manual creation of
/init.

E.g. here:

| $ ls -la cpio_append/init
| lrwxrwxrwx. 1 ensc ensc 10 22. Jan 16:26 cpio_append/init -> /sbin/init
|
| $ strace /bin/test -e  cpio_append/init
| stat("cpio_append/init", 0x7fff374a9db0) = -1 EACCES (Permission denied)
| exit_group(1)                           = ?

To test for the existence of a file, both '-L' and '-e' checks must be
executed and to prevent SELinux noise, the '-L' should happen before
'-e'.

(From OE-Core rev: 2aa5d2880ee3578f4965f245addd365fb7b1c1ca)

Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/classes/image_types.bbclass | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/classes/image_types.bbclass b/meta/classes/image_types.bbclass
index 8e33214..650c2f8 100644
--- a/meta/classes/image_types.bbclass
+++ b/meta/classes/image_types.bbclass
@@ -68,9 +68,9 @@ IMAGE_CMD_tar = "tar -cvf ${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.rootfs.tar -C ${IMAG
 
 IMAGE_CMD_cpio () {
 	(cd ${IMAGE_ROOTFS} && find . | cpio -o -H newc >${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.rootfs.cpio)
-	if [ ! -e ${IMAGE_ROOTFS}/init ]; then
+	if [ ! -L ${IMAGE_ROOTFS}/init -a ! -e ${IMAGE_ROOTFS}/init ]; then
 		mkdir -p ${WORKDIR}/cpio_append
-		if [ -e ${IMAGE_ROOTFS}/sbin/init -o -L ${IMAGE_ROOTFS}/sbin/init ]; then
+		if [ -L ${IMAGE_ROOTFS}/sbin/init -o -e ${IMAGE_ROOTFS}/sbin/init ]; then
 			ln -sf /sbin/init ${WORKDIR}/cpio_append/init
 		else
 			touch ${WORKDIR}/cpio_append/init
-- 
1.9.1

[PATCH 42/61] bitbake: siggen: Ensure taskdata default functions exist in base class

[Armin Kuster]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

The get/set_taskdata functions are now part of the API of the class,
ensure they exist in the base class definition so the noop handler
works.

[YOCTO #7233]

(Bitbake rev: 9b5b1bd7d77e3f5886f6c557d3b750de1f6d6025)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 bitbake/lib/bb/siggen.py | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/bitbake/lib/bb/siggen.py b/bitbake/lib/bb/siggen.py
index ef683ba..e77be6a 100644
--- a/bitbake/lib/bb/siggen.py
+++ b/bitbake/lib/bb/siggen.py
@@ -62,6 +62,13 @@ class SignatureGenerator(object):
     def dump_sigs(self, dataCache, options):
         return
 
+    def get_taskdata(self):
+       return (self.runtaskdeps, self.taskhash, self.file_checksum_values)
+
+    def set_taskdata(self, data):
+        self.runtaskdeps, self.taskhash, self.file_checksum_values = data
+
+
 class SignatureGeneratorBasic(SignatureGenerator):
     """
     """
@@ -198,12 +205,6 @@ class SignatureGeneratorBasic(SignatureGenerator):
         #d.setVar("BB_TASKHASH_task-%s" % task, taskhash[task])
         return h
 
-    def get_taskdata(self):
-       return (self.runtaskdeps, self.taskhash, self.file_checksum_values)
-
-    def set_taskdata(self, data):
-        self.runtaskdeps, self.taskhash, self.file_checksum_values = data
-
     def dump_sigtask(self, fn, task, stampbase, runtime):
         k = fn + "." + task
         if runtime == "customfile":
-- 
1.9.1

[PATCH 43/61] net-tools: Fix rerunning of do_patch task

[Armin Kuster]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

Rerunning the do_patch task currently fails. The code is nearly correct
but needs to remove the quilt ".pc" directory and move the secondary
one into place in order to rerun, not move it into the .pc directory
as the code currently does.

[YOCTO #7128]

(From OE-Core rev: 2a775ebbb175dd70fc7228607c306d4ccb9e4ba4)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-extended/net-tools/net-tools_1.60-25.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-extended/net-tools/net-tools_1.60-25.bb b/meta/recipes-extended/net-tools/net-tools_1.60-25.bb
index 02826a0..0e4ee75 100644
--- a/meta/recipes-extended/net-tools/net-tools_1.60-25.bb
+++ b/meta/recipes-extended/net-tools/net-tools_1.60-25.bb
@@ -34,6 +34,7 @@ nettools_do_patch() {
 	cd ${S}
 	quilt pop -a || true
 	if [ -d ${S}/.pc-nettools ]; then
+		rm -rf ${S}/.pc
 		mv ${S}/.pc-nettools ${S}/.pc
 		QUILT_PATCHES=${S}/debian/patches quilt pop -a
 		rm -rf ${S}/.pc ${S}/debian
-- 
1.9.1

[PATCH 44/61] package/prserv: Merge two similar functions into one

[Armin Kuster]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

Having these two separate functions handling PR values seems pointless,
and worse, there are impossible code branches mixed within them.

Merge them into one function and tweak comments so at least you
don't have to read both functions to figure out what is going on.

This does restructure the conditionals to try and aid readability.

(From OE-Core rev: 865d001de168915a5796e5c760f96bdd04cebd61)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/classes/package.bbclass | 52 ++++++++++++++++++++++++++++++++------------
 meta/classes/prserv.bbclass  | 31 --------------------------
 2 files changed, 38 insertions(+), 45 deletions(-)

diff --git a/meta/classes/package.bbclass b/meta/classes/package.bbclass
index 4685cd2..320ec0e 100644
--- a/meta/classes/package.bbclass
+++ b/meta/classes/package.bbclass
@@ -394,28 +394,52 @@ def runtime_mapping_rename (varname, pkg, d):
 #
 
 python package_get_auto_pr() {
-    # per recipe PRSERV_HOST
+    import oe.prservice
+    import re
+
+    # Support per recipe PRSERV_HOST
     pn = d.getVar('PN', True)
     host = d.getVar("PRSERV_HOST_" + pn, True)
     if not (host is None):
         d.setVar("PRSERV_HOST", host)
 
-    if d.getVar('PRSERV_HOST', True):
-        try:
-            auto_pr=prserv_get_pr_auto(d)
-        except Exception as e:
-            bb.fatal("Can NOT get PRAUTO, exception %s" %  str(e))
-        if auto_pr is None:
-            if d.getVar('PRSERV_LOCKDOWN', True):
-                bb.fatal("Can NOT get PRAUTO from lockdown exported file")
-            else:
-                bb.fatal("Can NOT get PRAUTO from remote PR service")
-            return
-        d.setVar('PRAUTO',str(auto_pr))
-    else:
+    # PR Server not active, handle AUTOINC
+    if not d.getVar('PRSERV_HOST', True):
         pkgv = d.getVar("PKGV", True)
         if 'AUTOINC' in pkgv:
             d.setVar("PKGV", pkgv.replace("AUTOINC", "0"))
+        return
+
+    auto_pr = None
+    pv = d.getVar("PV", True)
+    version = d.getVar("PRAUTOINX", True)
+    pkgarch = d.getVar("PACKAGE_ARCH", True)
+    checksum = d.getVar("BB_TASKHASH", True)
+
+    if d.getVar('PRSERV_LOCKDOWN', True):
+        auto_pr = d.getVar('PRAUTO_' + version + '_' + pkgarch, True) or d.getVar('PRAUTO_' + version, True) or None
+        if auto_pr is None:
+            bb.fatal("Can NOT get PRAUTO from lockdown exported file")
+        d.setVar('PRAUTO',str(auto_pr))
+        return
+
+    try:
+        conn = d.getVar("__PRSERV_CONN", True)
+        if conn is None:
+            conn = oe.prservice.prserv_make_conn(d)
+        if conn is not None:
+            if "AUTOINC" in pv:
+                srcpv = bb.fetch2.get_srcrev(d)
+                base_ver = "AUTOINC-%s" % version[:version.find(srcpv)]
+                value = conn.getPR(base_ver, pkgarch, srcpv)
+                d.setVar("PKGV", pv.replace("AUTOINC", str(value)))
+
+            auto_pr = conn.getPR(version, pkgarch, checksum)
+    except Exception as e:
+        bb.fatal("Can NOT get PRAUTO, exception %s" %  str(e))
+    if auto_pr is None:
+        bb.fatal("Can NOT get PRAUTO from remote PR service")
+    d.setVar('PRAUTO',str(auto_pr))
 }
 
 LOCALEBASEPN ??= "${PN}"
diff --git a/meta/classes/prserv.bbclass b/meta/classes/prserv.bbclass
index b440d86..139597f 100644
--- a/meta/classes/prserv.bbclass
+++ b/meta/classes/prserv.bbclass
@@ -1,33 +1,2 @@
-def prserv_get_pr_auto(d):
-    import oe.prservice
-    import re
 
-    pv = d.getVar("PV", True)
-    if not d.getVar('PRSERV_HOST', True):
-        if 'AUTOINC' in pv:
-            d.setVar("PKGV", pv.replace("AUTOINC", "0"))
-        bb.warn("Not using network based PR service")
-        return None
 
-    version = d.getVar("PRAUTOINX", True)
-    pkgarch = d.getVar("PACKAGE_ARCH", True)
-    checksum = d.getVar("BB_TASKHASH", True)
-
-    conn = d.getVar("__PRSERV_CONN", True)
-    if conn is None:
-        conn = oe.prservice.prserv_make_conn(d)
-        if conn is None:
-            return None
-
-    if "AUTOINC" in pv:
-        srcpv = bb.fetch2.get_srcrev(d)
-        base_ver = "AUTOINC-%s" % version[:version.find(srcpv)]
-        value = conn.getPR(base_ver, pkgarch, srcpv)
-        d.setVar("PKGV", pv.replace("AUTOINC", str(value)))
-
-    if d.getVar('PRSERV_LOCKDOWN', True):
-        auto_rev = d.getVar('PRAUTO_' + version + '_' + pkgarch, True) or d.getVar('PRAUTO_' + version, True) or None
-    else:
-        auto_rev = conn.getPR(version, pkgarch, checksum)
-
-    return auto_rev
-- 
1.9.1

[PATCH 45/61] package.bbclass: Let PR server update PKGV, not PV

[Armin Kuster]

From: Mike Looijmans <mike.looijmans@topic.nl>

PV is the package version as we need it to be during the build. PKGV is the
final version as it ends up in the package, and defaults to PV.

The packager handled builds without PR-server by replacing the AUTOINC string
in PKGV, but when the PR-server is being used, the script replaces the contents
of PKGV with the PV if the PV contains "AUTOINC". Thus the packager overrides
any change to PKGV the recipe might have made.
This breaks classes like gitpkgv that provide a correctly numbered PKGV, the
number as calculated by that class will simply be replaced with a 0-based index
from the PR-server.

This patch makes the packager look at the PKGV version instead of the PV, and
update the PKGV only based on the PKGV contents as set by the recipe.

See also the discussion here:
http://lists.openembedded.org/pipermail/openembedded-core/2015-January/100329.html

From investigating the history of the code and changes in the past year, the
use of "pv" instead of "pkgv" appears to be just an oversight, introduced in:
commit b27b438221e16ac3df6ac66d761b77e3bd43db67 "prs: use the PRServer to replace the BB_URI_LOCALCOUNT functionality"
A later commit 865d001de168915a5796e5c760f96bdd04cebd61 "package/prserv: Merge two similar functions into one"
silently fixed this only for the case without PR-server by using pkgv there.

(From OE-Core rev: 7895c0a67d381ff66668fca5207bd196f36c91db)

Signed-off-by: Mike Looijmans <mike.looijmans@topic.nl>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/classes/package.bbclass | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/meta/classes/package.bbclass b/meta/classes/package.bbclass
index 320ec0e..4cddbef 100644
--- a/meta/classes/package.bbclass
+++ b/meta/classes/package.bbclass
@@ -403,9 +403,10 @@ python package_get_auto_pr() {
     if not (host is None):
         d.setVar("PRSERV_HOST", host)
 
+    pkgv = d.getVar("PKGV", True)
+
     # PR Server not active, handle AUTOINC
     if not d.getVar('PRSERV_HOST', True):
-        pkgv = d.getVar("PKGV", True)
         if 'AUTOINC' in pkgv:
             d.setVar("PKGV", pkgv.replace("AUTOINC", "0"))
         return
@@ -428,11 +429,11 @@ python package_get_auto_pr() {
         if conn is None:
             conn = oe.prservice.prserv_make_conn(d)
         if conn is not None:
-            if "AUTOINC" in pv:
+            if "AUTOINC" in pkgv:
                 srcpv = bb.fetch2.get_srcrev(d)
                 base_ver = "AUTOINC-%s" % version[:version.find(srcpv)]
                 value = conn.getPR(base_ver, pkgarch, srcpv)
-                d.setVar("PKGV", pv.replace("AUTOINC", str(value)))
+                d.setVar("PKGV", pkgv.replace("AUTOINC", str(value)))
 
             auto_pr = conn.getPR(version, pkgarch, checksum)
     except Exception as e:
-- 
1.9.1

[PATCH 46/61] image_types.bbclass: manage 'cpio_append' directory

[Armin Kuster]

From: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>

For cpio images, do_rootfs() can operate on a dirty '${WORKDIR}/cpio_append'
directory which contains e.g. files from previous builds.  This can cause
unwanted files in the image or can break the build.

E.g. when there is a cpio_append/init -> /sbin/init symlink symlink, the
'ln -sf' can fail due to SELinux restrictions:

| $ ls -la cpio_append/init
| lrwxrwxrwx. 1 ensc ensc 10 22. Jan 16:26 cpio_append/init -> /sbin/init
|
| $ strace ln -sf /sbin/init cpio_append/init
| ...
| stat("cpio_append/init", 0x7fffbb9ca310) = -1 EACCES (Permission denied)
| exit_group(1)                           = ?

Patch cleans up 'cpio_append' before executing the 'do_rootfs' task by
adding it to 'cleandirs'.  An alternative implementation (which avoids
creation of this empty dir for non-cpio images) might remove it within
IMAGE_CMD_cpio, but this might break builds where people rely on the
existence of this directory (e.g. to add local files).

(From OE-Core rev: 4db3cc2360289c062fa0df4678f2f2ef990f0c1a)

Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/classes/image_types.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/image_types.bbclass b/meta/classes/image_types.bbclass
index 650c2f8..c7da4c3 100644
--- a/meta/classes/image_types.bbclass
+++ b/meta/classes/image_types.bbclass
@@ -66,10 +66,10 @@ IMAGE_CMD_squashfs-xz = "mksquashfs ${IMAGE_ROOTFS} ${DEPLOY_DIR_IMAGE}/${IMAGE_
 IMAGE_CMD_squashfs-lzo = "mksquashfs ${IMAGE_ROOTFS} ${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.rootfs.squashfs-lzo ${EXTRA_IMAGECMD} -noappend -comp lzo"
 IMAGE_CMD_tar = "tar -cvf ${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.rootfs.tar -C ${IMAGE_ROOTFS} ."
 
+do_rootfs[cleandirs] += "${WORKDIR}/cpio_append"
 IMAGE_CMD_cpio () {
 	(cd ${IMAGE_ROOTFS} && find . | cpio -o -H newc >${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.rootfs.cpio)
 	if [ ! -L ${IMAGE_ROOTFS}/init -a ! -e ${IMAGE_ROOTFS}/init ]; then
-		mkdir -p ${WORKDIR}/cpio_append
 		if [ -L ${IMAGE_ROOTFS}/sbin/init -o -e ${IMAGE_ROOTFS}/sbin/init ]; then
 			ln -sf /sbin/init ${WORKDIR}/cpio_append/init
 		else
-- 
1.9.1

[PATCH 47/61] python-smartpm: Fix attemptonly builds when file conflicts occur

[Armin Kuster]

From: Mark Hatle <mark.hatle@windriver.com>

[YOCTO #7299]

When file conflicts occur, the RPM transaction aborts.  Instead of
simply accepting the failure, we now identify, capture, and remove
the offending package(s) from the transaction and retry.

(From OE-Core rev: cd475aea5f5bc4b6a2dd3e576070a117ae079597)

Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../python/python-smartpm/smart-attempt.patch      | 97 +++++++++++++++-------
 1 file changed, 66 insertions(+), 31 deletions(-)

diff --git a/meta/recipes-devtools/python/python-smartpm/smart-attempt.patch b/meta/recipes-devtools/python/python-smartpm/smart-attempt.patch
index 45f7947..82d2e6c 100644
--- a/meta/recipes-devtools/python/python-smartpm/smart-attempt.patch
+++ b/meta/recipes-devtools/python/python-smartpm/smart-attempt.patch
@@ -9,40 +9,24 @@ failures (usually conflicts).
 
 This option only works for the install operation.
 
+If a complementary install fails, an actual error occurred, one that
+we can't ignore without losing the entire attempted transaction.  Keep
+this as an error so that we can catch these cases in the futre.
+
 Upstream-Status: Pending
 
 Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
 Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
-
-For complementary and 'attemptonly' package processing, we should
-make sure the warn rather than error reported.
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
 ---
  smart.py                  |  5 +++-
  smart/commands/install.py |  5 ++++
  smart/transaction.py      | 65 +++++++++++++++++++++++++++++++++++------------
  3 files changed, 58 insertions(+), 17 deletions(-)
 
-diff --git a/smart.py b/smart.py
-index c5c7a02..7e7fd34 100755
---- a/smart.py
-+++ b/smart.py
-@@ -179,7 +179,10 @@ def main(argv):
-         if opts and opts.log_level == "debug":
-             import traceback
-             traceback.print_exc()
--        if iface.object:
-+        if iface.object and sysconf.has("attempt-install", soft=True):
-+            iface.warning(unicode(e))
-+            exitcode = 0
-+        elif iface.object:
-             iface.error(unicode(e))
-         else:
-             sys.stderr.write(_("error: %s\n") % e)
-diff --git a/smart/commands/install.py b/smart/commands/install.py
-index 590222c..6ef9682 100644
---- a/smart/commands/install.py
-+++ b/smart/commands/install.py
+Index: smart-1.4.1/smart/commands/install.py
+===================================================================
+--- smart-1.4.1.orig/smart/commands/install.py
++++ smart-1.4.1/smart/commands/install.py
 @@ -50,6 +50,8 @@ def option_parser():
      parser = OptionParser(usage=USAGE,
                            description=DESCRIPTION,
@@ -62,10 +46,10 @@ index 590222c..6ef9682 100644
      if opts.explain:
          sysconf.set("explain-changesets", True, soft=True)
  
-diff --git a/smart/transaction.py b/smart/transaction.py
-index 5730a42..e3e61c6 100644
---- a/smart/transaction.py
-+++ b/smart/transaction.py
+Index: smart-1.4.1/smart/transaction.py
+===================================================================
+--- smart-1.4.1.orig/smart/transaction.py
++++ smart-1.4.1/smart/transaction.py
 @@ -555,6 +555,8 @@ class Transaction(object):
          changeset.set(pkg, INSTALL)
          isinst = changeset.installed
@@ -183,6 +167,57 @@ index 5730a42..e3e61c6 100644
                  elif op is REMOVE:
                      self._remove(pkg, changeset, locked, pending)
                  elif op is UPGRADE:
--- 
-1.9.1
-
+Index: smart-1.4.1/smart/backends/rpm/pm.py
+===================================================================
+--- smart-1.4.1.orig/smart/backends/rpm/pm.py
++++ smart-1.4.1/smart/backends/rpm/pm.py
+@@ -243,15 +253,48 @@ class RPMPackageManager(PackageManager):
+         cb = RPMCallback(prog, upgradednames)
+         cb.grabOutput(True)
+         probs = None
++        retry = 0
+         try:
+             probs = ts.run(cb, None)
+         finally:
+             del getTS.ts
+             cb.grabOutput(False)
++            if probs and sysconf.has("attempt-install", soft=True):
++                def remove_conflict(pkgNEVR):
++                    for key in changeset.keys():
++                        if pkgNEVR == str(key):
++                            del changeset[key]
++                            del pkgpaths[key]
++                            iface.warning("Removing %s due to file %s conflicting with %s" % (pkgNEVR, fname, altNEVR))
++                            break
++
++                retry = 1
++                for prob in probs:
++                    if prob[1][0] == rpm.RPMPROB_NEW_FILE_CONFLICT:
++                        msg = prob[0].split()
++                        fname = msg[1]
++                        pkgNEVR = msg[7]
++                        altNEVR = msg[9]
++                        pkgNEVR = pkgNEVR.rsplit('.', 1)[0] + '@' + pkgNEVR.rsplit('.', 1)[1]
++                        altNEVR = altNEVR.rsplit('.', 1)[0] + '@' + altNEVR.rsplit('.', 1)[1]
++                        remove_conflict(pkgNEVR)
++                    elif prob[1][0] == rpm.RPMPROB_FILE_CONFLICT:
++                        msg = prob[0].split()
++                        fname = msg[1]
++                        pkgNEVR = msg[5]
++                        altNEVR = msg[11]
++                        pkgNEVR = pkgNEVR.rsplit('.', 1)[0] + '@' + pkgNEVR.rsplit('.', 1)[1]
++                        altNEVR = altNEVR.rsplit('.', 1)[0] + '@' + altNEVR.rsplit('.', 1)[1]
++                        remove_conflict(pkgNEVR)
++                    else:
++                        retry = 0
++
+             prog.setDone()
+-            if probs:
++            if probs and (not retry):
+                 raise Error, "\n".join([x[0] for x in probs])
+             prog.stop()
++            if retry and len(changeset):
++                self.commit(changeset, pkgpaths)
+ 
+ class RPMCallback:
+     def __init__(self, prog, upgradednames):
-- 
1.9.1

[PATCH 48/61] packagegroup-self-hosted: package all of Python

[Armin Kuster]

From: Paul Gortmaker <paul.gortmaker@windriver.com>

Based on commit 745dfbc869fd593d1b92e2bc9c01d589ab21ade3
"buildtools-tarball: package all of Python", we do the same here
for packagegroup-self-hosted.

The switch to the fetcher where it added BeautifulSoup revealed
a shortcoming in the python packaged for the self hosting (missing
htmlentitydefs).  Here we fix it in the same way as what was done
for buildtools-tarball and include python-modules vs. all the
individual little chunks.

(From OE-Core rev: 4afbc5f7b2b8a6587110b16cda90e72c3e73a506)

Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../packagegroups/packagegroup-self-hosted.bb      | 28 +---------------------
 1 file changed, 1 insertion(+), 27 deletions(-)

diff --git a/meta/recipes-core/packagegroups/packagegroup-self-hosted.bb b/meta/recipes-core/packagegroups/packagegroup-self-hosted.bb
index f95ce77..af57fac0 100644
--- a/meta/recipes-core/packagegroups/packagegroup-self-hosted.bb
+++ b/meta/recipes-core/packagegroups/packagegroup-self-hosted.bb
@@ -154,37 +154,11 @@ RDEPENDS_packagegroup-self-hosted-extended = "\
     perl-pod \
     ${PTH} \
     python \
-    python-compile \
     python-compiler \
-    python-compression \
-    python-core \
-    python-curses \
-    python-datetime \
-    python-difflib \
-    python-distutils \
-    python-elementtree \
-    python-email \
-    python-fcntl \
     python-git \
-    python-json \
-    python-logging \
     python-misc \
-    python-mmap \
-    python-multiprocessing \
-    python-netclient \
-    python-netserver \
-    python-pickle \
-    python-pkgutil \
-    python-pprint \
-    python-re \
+    python-modules \
     python-rpm \
-    python-shell \
-    python-sqlite3 \
-    python-subprocess \
-    python-textutils \
-    python-unittest \
-    python-unixadmin \
-    python-xmlrpc \
     quota \
     readline \
     rpm \
-- 
1.9.1

[PATCH 49/61] xorg-app: add x11 to required DISTRO_FEATURES and cleanup dependencies

[Armin Kuster]

From: Martin Jansa <Martin.Jansa@gmail.com>

(From OE-Core rev: 1cf0245344ce272e7330cfe1b04a0ed7bd18e8f5)

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-graphics/xorg-app/xeyes_1.1.1.bb      | 2 +-
 meta/recipes-graphics/xorg-app/xorg-app-common.inc | 5 ++++-
 meta/recipes-graphics/xorg-app/xprop_1.2.2.bb      | 2 +-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-graphics/xorg-app/xeyes_1.1.1.bb b/meta/recipes-graphics/xorg-app/xeyes_1.1.1.bb
index 96ea030..84d0cb8 100644
--- a/meta/recipes-graphics/xorg-app/xeyes_1.1.1.bb
+++ b/meta/recipes-graphics/xorg-app/xeyes_1.1.1.bb
@@ -11,4 +11,4 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=3ea51b365051ac32d1813a7dbaa4bfc6"
 SRC_URI[md5sum] = "a3035dcecdbdb89e864177c080924981"
 SRC_URI[sha256sum] = "975e98680cd59e1f9439016386609546ed08c284d0f05a95276f96aca6e8a521"
 
-DEPENDS += " virtual/libx11 libxau libxt libxext libxmu libxrender"
+DEPENDS += "libxau libxt libxext libxmu libxrender"
diff --git a/meta/recipes-graphics/xorg-app/xorg-app-common.inc b/meta/recipes-graphics/xorg-app/xorg-app-common.inc
index 524a2d3..59a04fa 100644
--- a/meta/recipes-graphics/xorg-app/xorg-app-common.inc
+++ b/meta/recipes-graphics/xorg-app/xorg-app-common.inc
@@ -5,12 +5,15 @@ SECTION = "x11/apps"
 LICENSE = "MIT-X"
 DEPENDS = "util-macros-native virtual/libx11"
 
+# depends on virtual/libx11
+REQUIRED_DISTRO_FEATURES = "x11"
+
 INC_PR = "r8"
 
 SRC_URI = "${XORG_MIRROR}/individual/app/${BPN}-${PV}.tar.bz2"
 
 S = "${WORKDIR}/${BPN}-${PV}"
 
-inherit autotools pkgconfig
+inherit autotools pkgconfig distro_features_check
 
 FILES_${PN} += " ${libdir}/X11/${BPN} ${datadir}/X11/app-defaults/"
diff --git a/meta/recipes-graphics/xorg-app/xprop_1.2.2.bb b/meta/recipes-graphics/xorg-app/xprop_1.2.2.bb
index efbb1b3..d78bf04 100644
--- a/meta/recipes-graphics/xorg-app/xprop_1.2.2.bb
+++ b/meta/recipes-graphics/xorg-app/xprop_1.2.2.bb
@@ -10,7 +10,7 @@ formatting information."
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=e226ab8db88ac0bc0391673be40c9f91"
 
-DEPENDS += " libxmu virtual/libx11"
+DEPENDS += "libxmu"
 
 PE = "1"
 
-- 
1.9.1

[PATCH 50/61] yocto-bsp: Add branch to SRC_URI for custom kernels

[Armin Kuster]

From: Tom Zanussi <tom.zanussi@linux.intel.com>

Without 'branch' in the SRC_URI, a SRCREV specified for a non-master
KBRANCH will result in a fetch failure since the branch tested by the
fetcher will default to master, which doesn't contain the SRCREV.
This fixes the problem by adding branch=KBRANCH to the SRC_URI.

Fixes [Yocto #6518].

Signed-off-by: Tom Zanussi <tom.zanussi@linux.intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../{{ if kernel_choice == \"custom\": }} linux-yocto-custom.bb"      | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git "a/scripts/lib/bsp/substrate/target/arch/common/recipes-kernel/linux/{{ if kernel_choice == \"custom\": }} linux-yocto-custom.bb" "b/scripts/lib/bsp/substrate/target/arch/common/recipes-kernel/linux/{{ if kernel_choice == \"custom\": }} linux-yocto-custom.bb"
index 6d3cc6f..c85e731 100644
--- "a/scripts/lib/bsp/substrate/target/arch/common/recipes-kernel/linux/{{ if kernel_choice == \"custom\": }} linux-yocto-custom.bb"	
+++ "b/scripts/lib/bsp/substrate/target/arch/common/recipes-kernel/linux/{{ if kernel_choice == \"custom\": }} linux-yocto-custom.bb"	
@@ -31,9 +31,9 @@ inherit kernel
 require recipes-kernel/linux/linux-yocto.inc
 
 {{ if kernel_choice == "custom" and custom_kernel_remote == "y": }}
-SRC_URI = "{{=custom_kernel_remote_path}};protocol=git;bareclone=1"
+SRC_URI = "{{=custom_kernel_remote_path}};protocol=git;bareclone=1;branch=${KBRANCH}"
 {{ if kernel_choice == "custom" and custom_kernel_remote == "n": }}
-SRC_URI = "git://{{=custom_kernel_local_path}};protocol=file;bareclone=1"
+SRC_URI = "git://{{=custom_kernel_local_path}};protocol=file;bareclone=1;branch=${KBRANCH}"
 
 SRC_URI += "file://defconfig"
 
-- 
1.9.1

[PATCH 51/61] python: ensure all of Python is installed in nativesdk

[Armin Kuster]

From: Ross Burton <ross.burton@intel.com>

If any part of Python gets installed in a SDK, we need to ensure that all of
Python gets installed to avoid replacing python in the environment with a
minimal package set.

[ YOCTO #6735 ]

(From OE-Core rev: e36ff98a7a4da478bb886f61005cd72a0b5a9c0e)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-devtools/python/python_2.7.3.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-devtools/python/python_2.7.3.bb b/meta/recipes-devtools/python/python_2.7.3.bb
index 2547ea4..bada39b 100644
--- a/meta/recipes-devtools/python/python_2.7.3.bb
+++ b/meta/recipes-devtools/python/python_2.7.3.bb
@@ -160,6 +160,7 @@ require python-${PYTHON_MAJMIN}-manifest.inc
 # manual dependency additions
 RPROVIDES_${PN}-core = "${PN}"
 RRECOMMENDS_${PN}-core = "${PN}-readline"
+RRECOMMENDS_${PN}-core_append_class-nativesdk = " nativesdk-python-modules"
 RRECOMMENDS_${PN}-crypt = "openssl"
 RRECOMMENDS_${PN}-crypt_class-nativesdk = "nativesdk-openssl"
 
-- 
1.9.1

[PATCH 52/61] python: remove spurious nativesdk dependency

[Armin Kuster]

From: Ross Burton <ross.burton@intel.com>

There's no need to add a dependency on python-crypt_class-native to
nativesdk-openssl as the general dependency there is transformed appropriately.

Presumably this is cruft from back when SDK packages were suffixed instead of
prefixed, and there were mapping problems.

(From OE-Core rev: f0b1eab1ef24fabac98609eb9d314f618dca713a)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-devtools/python/python_2.7.3.bb | 1 -
 1 file changed, 1 deletion(-)

diff --git a/meta/recipes-devtools/python/python_2.7.3.bb b/meta/recipes-devtools/python/python_2.7.3.bb
index bada39b..efaa4a7 100644
--- a/meta/recipes-devtools/python/python_2.7.3.bb
+++ b/meta/recipes-devtools/python/python_2.7.3.bb
@@ -162,7 +162,6 @@ RPROVIDES_${PN}-core = "${PN}"
 RRECOMMENDS_${PN}-core = "${PN}-readline"
 RRECOMMENDS_${PN}-core_append_class-nativesdk = " nativesdk-python-modules"
 RRECOMMENDS_${PN}-crypt = "openssl"
-RRECOMMENDS_${PN}-crypt_class-nativesdk = "nativesdk-openssl"
 
 # package libpython2
 PACKAGES =+ "lib${BPN}2"
-- 
1.9.1

[PATCH 53/61] tzcode: update to 2015a leap second changes too

[Armin Kuster]

Changes affecting code

tzalloc now scrubs time zone abbreviations compatibly with the way
that tzset always has, by replacing invalid bytes with '_' and by
shortening too-long abbreviations.

tzselect ports to POSIX awk implementations, no longer mishandles
POSIX TZ settings when GNU awk is used, and reports POSIX TZ
settings to the user.  (Thanks to Stefan Kuhn.)

Changes affecting build procedure

'make check' now checks for links to links in the data.
One such link (for Africa/Asmera) has been fixed.
(Thanks to Stephen Colebourne for pointing out the problem.)

Changes affecting commentary
The leapseconds file commentary now mentions the expiration date.
(Problem reported by Martin Burnicki.)

Update Mexican Library of Congress URL.

(From OE-Core rev: ccc543570b96bb1f1efefd5ed79469da142cafd3)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-extended/tzcode/tzcode-native_2014j.bb | 10 ----------
 meta/recipes-extended/tzcode/tzcode-native_2015a.bb | 10 ++++++++++
 2 files changed, 10 insertions(+), 10 deletions(-)
 delete mode 100644 meta/recipes-extended/tzcode/tzcode-native_2014j.bb
 create mode 100644 meta/recipes-extended/tzcode/tzcode-native_2015a.bb

diff --git a/meta/recipes-extended/tzcode/tzcode-native_2014j.bb b/meta/recipes-extended/tzcode/tzcode-native_2014j.bb
deleted file mode 100644
index b76aa33..0000000
--- a/meta/recipes-extended/tzcode/tzcode-native_2014j.bb
+++ /dev/null
@@ -1,10 +0,0 @@
-# note that we allow for us to use data later than our code version
-#
-SRC_URI =" ftp://ftp.iana.org/tz/releases/tzcode${PV}.tar.gz;name=tzcode \
-           ftp://ftp.iana.org/tz/releases/tzdata2014j.tar.gz;name=tzdata"
-
-SRC_URI[tzcode.md5sum] = "970119e9765bc5a9320368851c91ecb6"
-SRC_URI[tzcode.sha256sum] = "7fd46125464856309fc81fe85a67a61de862b8ab884ce8ca82051f5fa308ede2"
-SRC_URI[tzdata.md5sum] = "2d7ea9c309f0d4e162e426e568290ca3"
-SRC_URI[tzdata.sha256sum] = "a2d870320694d40535df822ac8074dc629a90e92abafa5d3373314f78ddc0e0d"
-require tzcode-native.inc
diff --git a/meta/recipes-extended/tzcode/tzcode-native_2015a.bb b/meta/recipes-extended/tzcode/tzcode-native_2015a.bb
new file mode 100644
index 0000000..a0a31d6
--- /dev/null
+++ b/meta/recipes-extended/tzcode/tzcode-native_2015a.bb
@@ -0,0 +1,10 @@
+# note that we allow for us to use data later than our code version
+#
+SRC_URI =" ftp://ftp.iana.org/tz/releases/tzcode${PV}.tar.gz;name=tzcode \
+           ftp://ftp.iana.org/tz/releases/tzdata2015a.tar.gz;name=tzdata"
+
+SRC_URI[tzcode.md5sum] = "8f375ede46ae137fbac047ac431bda37"
+SRC_URI[tzcode.sha256sum] = "885bab11f286852f34030d7a86ede7d4126319ca74b8ee22be8ca7c17d72dd19"
+SRC_URI[tzdata.md5sum] = "4ed11c894a74a5ea64201b1c6dbb8831"
+SRC_URI[tzdata.sha256sum] = "c52490917d00a8e7fc9b5f0b1b65ef6ec76d612b5b20c81bf86a04147af18e4c"
+require tzcode-native.inc
-- 
1.9.1

[PATCH 54/61] tzdata: update to 2015a including leap second

[Armin Kuster]

Changes affecting future time stamps

The Mexican state of Quintana Roo, represented by America/Cancun,
will shift from Central Time with DST to Eastern Time without DST
on 2015-02-01 at 02:00.  (Thanks to Steffen Thorsen and Gwillim Law.)

Chile will not change clocks in April or thereafter; its new standard time
will be its old daylight saving time.  This affects America/Santiago,
Pacific/Easter, and Antarctica/Palmer.  (Thanks to Juan Correa.)

New leap second 2015-06-30 23:59:60 UTC as per IERS Bulletin C 49.
(Thanks to Tim Parenti.)

Changes affecting past time stamps
Iceland observed DST in 1919 and 1921, and its 1939 fallback
transition was Oct. 29, not Nov. 29.  Remove incorrect data from
Shanks about time in Iceland between 1837 and 1908.

Some more zones have been turned into links, when they differed
from existing zones only for older time stamps.  As usual,
these changes affect UTC offsets in pre-1970 time stamps only.
Their old contents have been moved to the 'backzone' file.
The affected zones are: Asia/Aden, Asia/Bahrain, Asia/Kuwait,
and Asia/Muscat.

(From OE-Core rev: 4ee327602a0cc3200b5d6490ef2f115768cff2f4)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-extended/tzdata/tzdata_2014j.bb | 6 ------
 meta/recipes-extended/tzdata/tzdata_2015a.bb | 6 ++++++
 2 files changed, 6 insertions(+), 6 deletions(-)
 delete mode 100644 meta/recipes-extended/tzdata/tzdata_2014j.bb
 create mode 100644 meta/recipes-extended/tzdata/tzdata_2015a.bb

diff --git a/meta/recipes-extended/tzdata/tzdata_2014j.bb b/meta/recipes-extended/tzdata/tzdata_2014j.bb
deleted file mode 100644
index f0388c2..0000000
--- a/meta/recipes-extended/tzdata/tzdata_2014j.bb
+++ /dev/null
@@ -1,6 +0,0 @@
-SRC_URI = "ftp://ftp.iana.org/tz/releases/tzdata${PV}.tar.gz;name=tzdata"
-
-SRC_URI[tzdata.md5sum] = "2d7ea9c309f0d4e162e426e568290ca3"
-SRC_URI[tzdata.sha256sum] = "a2d870320694d40535df822ac8074dc629a90e92abafa5d3373314f78ddc0e0d"
-
-require tzdata.inc
diff --git a/meta/recipes-extended/tzdata/tzdata_2015a.bb b/meta/recipes-extended/tzdata/tzdata_2015a.bb
new file mode 100644
index 0000000..6151aee
--- /dev/null
+++ b/meta/recipes-extended/tzdata/tzdata_2015a.bb
@@ -0,0 +1,6 @@
+SRC_URI = "ftp://ftp.iana.org/tz/releases/tzdata${PV}.tar.gz;name=tzdata"
+
+SRC_URI[tzdata.md5sum] = "4ed11c894a74a5ea64201b1c6dbb8831"
+SRC_URI[tzdata.sha256sum] = "c52490917d00a8e7fc9b5f0b1b65ef6ec76d612b5b20c81bf86a04147af18e4c"
+
+require tzdata.inc
-- 
1.9.1

[PATCH 55/61] python: Disables SSLv3

[Armin Kuster]

From: Sona Sarmadi <sona.sarmadi@enea.com>

This is related to "SSLv3 POODLE vulnerability" CVE-2014-3566

Building python without SSLv3 support when openssl is built without
any support for SSLv3 (e.g. by adding EXTRA_OECONF = " -no-ssl3" in
the openssl recipes).

Backport from:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768611#22
[python2.7-nossl3.patch] only Modules/_ssl.c is backported.

References:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=7015
https://bugzilla.yoctoproject.org/show_bug.cgi?id=6843
http://bugs.python.org/issue22638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

(From OE-Core rev: 3462cac82cf0ab32e5e530f543b14fdcc211c678)

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../python/python/python2.7.3-nossl3.patch         | 37 ++++++++++++++++++++++
 meta/recipes-devtools/python/python_2.7.3.bb       |  1 +
 2 files changed, 38 insertions(+)
 create mode 100644 meta/recipes-devtools/python/python/python2.7.3-nossl3.patch

diff --git a/meta/recipes-devtools/python/python/python2.7.3-nossl3.patch b/meta/recipes-devtools/python/python/python2.7.3-nossl3.patch
new file mode 100644
index 0000000..2d35520
--- /dev/null
+++ b/meta/recipes-devtools/python/python/python2.7.3-nossl3.patch
@@ -0,0 +1,37 @@
+python: Building without SSLv3 support
+
+Building without SSLv3 support when openssl is built
+without any support for SSLv3
+
+Upstream-Status: Backport
+
+Reference:
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=76A8611#22
+
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+diff -ruN a/Modules/_ssl.c b/Modules/_ssl.c
+--- a/Modules/_ssl.c	2014-11-26 07:43:58.755679939 +0100
++++ b/Modules/_ssl.c	2014-11-26 07:49:10.454182400 +0100
+@@ -302,8 +302,10 @@
+     PySSL_BEGIN_ALLOW_THREADS
+     if (proto_version == PY_SSL_VERSION_TLS1)
+         self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
++#ifndef OPENSSL_NO_SSL3
+     else if (proto_version == PY_SSL_VERSION_SSL3)
+         self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
++#endif
+ #ifndef OPENSSL_NO_SSL2
+     else if (proto_version == PY_SSL_VERSION_SSL2)
+         self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
+@@ -1777,8 +1779,10 @@
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
+                             PY_SSL_VERSION_SSL2);
+ #endif
++#ifndef OPENSSL_NO_SSL3
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
+                             PY_SSL_VERSION_SSL3);
++#endif
+     PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
+                             PY_SSL_VERSION_SSL23);
+     PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",
diff --git a/meta/recipes-devtools/python/python_2.7.3.bb b/meta/recipes-devtools/python/python_2.7.3.bb
index efaa4a7..cbe8d7f 100644
--- a/meta/recipes-devtools/python/python_2.7.3.bb
+++ b/meta/recipes-devtools/python/python_2.7.3.bb
@@ -39,6 +39,7 @@ SRC_URI += "\
   file://json-flaw-fix.patch \
   file://posix_close.patch \
   file://python-2.7.3-CVE-2014-7185.patch \
+  file://python2.7.3-nossl3.patch \
 "
 
 S = "${WORKDIR}/Python-${PV}"
-- 
1.9.1

[PATCH 56/61] elfutils_0.148.bb: CVE-2014-9447 fix

[Armin Kuster]

From: Li xin <lixin.fnst@cn.fujitsu.com>

Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9447

(From OE-Core rev: c992868a989926eac6c4b78a6bb9729bce54f2ed)

Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../elf_begin.c-CVE-2014-9447-fix.patch            | 36 ++++++++++++++++++++++
 meta/recipes-devtools/elfutils/elfutils_0.148.bb   | 23 +++++++-------
 2 files changed, 48 insertions(+), 11 deletions(-)
 create mode 100644 meta/recipes-devtools/elfutils/elfutils-0.148/elf_begin.c-CVE-2014-9447-fix.patch

diff --git a/meta/recipes-devtools/elfutils/elfutils-0.148/elf_begin.c-CVE-2014-9447-fix.patch b/meta/recipes-devtools/elfutils/elfutils-0.148/elf_begin.c-CVE-2014-9447-fix.patch
new file mode 100644
index 0000000..84e8ddc
--- /dev/null
+++ b/meta/recipes-devtools/elfutils/elfutils-0.148/elf_begin.c-CVE-2014-9447-fix.patch
@@ -0,0 +1,36 @@
+From 323ca04a0c9189544075c19b49da67f6443a8950 Mon Sep 17 00:00:00 2001
+From: Li xin <lixin.fnst@cn.fujitsu.com>
+Date: Wed, 21 Jan 2015 09:33:38 +0900
+Subject: [PATCH] elf_begin.c: CVE-2014-9447 fix
+
+this patch is from:
+ https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e
+
+Upstream-Status: Backport
+
+Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
+---
+ libelf/elf_begin.c | 7 ++-----
+ 1 file changed, 2 insertions(+), 5 deletions(-)
+
+diff --git a/libelf/elf_begin.c b/libelf/elf_begin.c
+index e46add3..e83ba35 100644
+--- a/libelf/elf_begin.c
++++ b/libelf/elf_begin.c
+@@ -736,11 +736,8 @@ read_long_names (Elf *elf)
+ 	    break;
+ 
+ 	  /* NUL-terminate the string.  */
+-	  *runp = '\0';
+-
+-	  /* Skip the NUL byte and the \012.  */
+-	  runp += 2;
+-
++	  *runp++ = '\0';
++ 
+ 	  /* A sanity check.  Somebody might have generated invalid
+ 	     archive.  */
+ 	  if (runp >= newp + len)
+-- 
+1.8.4.2
+
diff --git a/meta/recipes-devtools/elfutils/elfutils_0.148.bb b/meta/recipes-devtools/elfutils/elfutils_0.148.bb
index ab95639..5e75f12 100644
--- a/meta/recipes-devtools/elfutils/elfutils_0.148.bb
+++ b/meta/recipes-devtools/elfutils/elfutils_0.148.bb
@@ -8,7 +8,7 @@ DEPENDS = "libtool bzip2 zlib virtual/libintl"
 
 PR = "r11"
 
-SRC_URI = "https://fedorahosted.org/releases/e/l/elfutils/elfutils-${PV}.tar.bz2"
+SRC_URI = "https://fedorahosted.org/releases/e/l/${PN}/${BP}.tar.bz2"
 
 SRC_URI[md5sum] = "a0bed1130135f17ad27533b0034dba8d"
 SRC_URI[sha256sum] = "8aebfa4a745db21cf5429c9541fe482729b62efc7e53e9110151b4169fe887da"
@@ -25,14 +25,15 @@ SRC_URI += "\
         file://m68k_backend.diff \
         file://testsuite-ignore-elflint.diff \
         file://elf_additions.diff \
-	file://elfutils-fsize.patch \
-	file://remove-unused.patch \
-	file://mempcpy.patch \
-	file://fix_for_gcc-4.7.patch \
-	file://dso-link-change.patch \
-	file://nm-Fix-size-passed-to-snprintf-for-invalid-sh_name-case.patch \
-	file://elfutils-ar-c-fix-num-passed-to-memset.patch \
-	file://Fix_elf_cvt_gunhash.patch \
+        file://elfutils-fsize.patch \
+        file://remove-unused.patch \
+        file://mempcpy.patch \
+        file://fix_for_gcc-4.7.patch \
+        file://dso-link-change.patch \
+        file://nm-Fix-size-passed-to-snprintf-for-invalid-sh_name-case.patch \
+        file://elfutils-ar-c-fix-num-passed-to-memset.patch \
+        file://Fix_elf_cvt_gunhash.patch \
+        file://elf_begin.c-CVE-2014-9447-fix.patch \
 "
 # Only apply when building uclibc based target recipe
 SRC_URI_append_libc-uclibc = " file://uclibc-support.patch"
@@ -52,9 +53,9 @@ EXTRA_OECONF_append_class-native = " --without-bzlib"
 EXTRA_OECONF_append_libc-uclibc = " --enable-uclibc"
 
 do_configure_prepend() {
-	sed -i '/^i386_dis.h:/,+4 {/.*/d}' ${S}/libcpu/Makefile.am
+    sed -i '/^i386_dis.h:/,+4 {/.*/d}' ${S}/libcpu/Makefile.am
 
-	cp ${WORKDIR}/*dis.h ${S}/libcpu
+    cp ${WORKDIR}/*dis.h ${S}/libcpu
 }
 
 # we can not build complete elfutils when using uclibc
-- 
1.9.1

[PATCH 57/61] security_flags: disable PIE on expect

[Armin Kuster]

From: Ross Burton <ross.burton@intel.com>

Disable PIE in expect as otherwise it tries to link the shared library as an
executable.

(From OE-Core rev: fe1f5c90eede593100fe57630d39cf329e59ef8f)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/conf/distro/include/security_flags.inc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
index d6f7e9c..5becfae 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -27,6 +27,7 @@ SECURITY_CFLAGS_pn-directfb = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-glibc = ""
 SECURITY_CFLAGS_pn-glibc-initial = ""
 SECURITY_CFLAGS_pn-enchant = "${SECURITY_NO_PIE_CFLAGS}"
+SECURITY_CFLAGS_pn-expect = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-flac = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-gcc-runtime = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-gdb = "${SECURITY_NO_PIE_CFLAGS}"
-- 
1.9.1

[PATCH 58/61] scripts/send-error-report: Set exit code if error occurs

[Armin Kuster]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

If an error occurs, set an error exit code so the world knows about it. This fixes
issues where the autobuilder doesn't notice these failures.

[YOCTO #7265]

(From OE-Core rev: b219377defc9517af360986352bd7da1a7906f10)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 scripts/send-error-report | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/scripts/send-error-report b/scripts/send-error-report
index c99d387..01c292e 100755
--- a/scripts/send-error-report
+++ b/scripts/send-error-report
@@ -62,6 +62,7 @@ def sendData(json_file, server):
                     g.write(email + "\n")
             else:
                 print("Invalid inputs, try again.")
+                sys.exit(1)
                 return
 
         with open(json_file) as f:
@@ -74,6 +75,7 @@ def sendData(json_file, server):
             data = json.dumps(jsondata, indent=4, sort_keys=True)
         except:
             print("Invalid json data")
+            sys.exit(1)
             return
 
         try:
@@ -87,12 +89,14 @@ def sendData(json_file, server):
                 print("There was a problem submiting your data, response written in %s.response.html" % json_file)
                 with open("%s.response.html" % json_file, "w") as f:
                     f.write(res)
+                sys.exit(1)
             conn.close()
         except Exception as e:
                 print("Server connection failed: %s" % e)
-
+                sys.exit(1)
     else:
         print("No data file found.")
+        sys.exit(1)
 
 
 if __name__ == '__main__':
-- 
1.9.1

[PATCH 59/61] busybox: cve-2014-9645

[Armin Kuster]

From: Armin Kuster <akuster@mvista.com>

modprobe,rmmod: reject module names with slashes

(From OE-Core rev: 815a7b6fbf3b0cf95f5464bca687d97366d7ed6a)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 ..._busybox_reject_module_names_with_slashes.patch | 41 ++++++++++++++++++++++
 meta/recipes-core/busybox/busybox_1.22.1.bb        |  1 +
 2 files changed, 42 insertions(+)
 create mode 100644 meta/recipes-core/busybox/busybox/CVE-2014-9645_busybox_reject_module_names_with_slashes.patch

diff --git a/meta/recipes-core/busybox/busybox/CVE-2014-9645_busybox_reject_module_names_with_slashes.patch b/meta/recipes-core/busybox/busybox/CVE-2014-9645_busybox_reject_module_names_with_slashes.patch
new file mode 100644
index 0000000..4e76067
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/CVE-2014-9645_busybox_reject_module_names_with_slashes.patch
@@ -0,0 +1,41 @@
+Upstream-status: Backport
+http://git.busybox.net/busybox/commit/?id=4e314faa0aecb66717418e9a47a4451aec59262b
+
+CVE-2014-9645 fix.
+
+[YOCTO #7257]
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+From 4e314faa0aecb66717418e9a47a4451aec59262b Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Thu, 20 Nov 2014 17:24:33 +0000
+Subject: modprobe,rmmod: reject module names with slashes
+
+function                                             old     new   delta
+add_probe                                             86     113     +27
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+---
+Index: busybox-1.22.1/modutils/modprobe.c
+===================================================================
+--- busybox-1.22.1.orig/modutils/modprobe.c
++++ busybox-1.22.1/modutils/modprobe.c
+@@ -238,6 +238,17 @@ static void add_probe(const char *name)
+ {
+ 	struct module_entry *m;
+ 
++	/*
++	 * get_or_add_modentry() strips path from name and works
++	 * on remaining basename.
++	 * This would make "rmmod dir/name" and "modprobe dir/name"
++	 * to work like "rmmod name" and "modprobe name",
++	 * which is wrong, and can be abused via implicit modprobing:
++	 * "ifconfig /usbserial up" tries to modprobe netdev-/usbserial.
++	 */
++	if (strchr(name, '/'))
++		bb_error_msg_and_die("malformed module name '%s'", name);
++
+ 	m = get_or_add_modentry(name);
+ 	if (!(option_mask32 & (OPT_REMOVE | OPT_SHOW_DEPS))
+ 	 && (m->flags & MODULE_FLAG_LOADED)
diff --git a/meta/recipes-core/busybox/busybox_1.22.1.bb b/meta/recipes-core/busybox/busybox_1.22.1.bb
index 8879e52..7736520 100644
--- a/meta/recipes-core/busybox/busybox_1.22.1.bb
+++ b/meta/recipes-core/busybox/busybox_1.22.1.bb
@@ -32,6 +32,7 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
            file://0001-build-system-Specify-nostldlib-when-linking-to-.o-fi.patch \
            file://recognize_connmand.patch \
            file://busybox-cross-menuconfig.patch \
+           file://CVE-2014-9645_busybox_reject_module_names_with_slashes.patch \
 "
 
 SRC_URI[tarball.md5sum] = "337d1a15ab1cb1d4ed423168b1eb7d7e"
-- 
1.9.1

[PATCH 60/61] systemd: Backports fixes to 216

[Armin Kuster]

From: Khem Raj <raj.khem@gmail.com>

Fix systemd-timesyncd assertion

when networkd is disabled then we now do not
create /run/systemd/netif/links but timesyncd needs it. So lets
manually create this file when networkd is disabled so timesyncd
can still function

When enabling systemd-timesyncd we need systemd-timesync user

Backport patches to enable timesyncd when resolved and networkd
are disabled

replace the resolv.conf symlinink patch with a proper backport

Change-Id: I53f1a53eec4e4a4dbdfb7e8cd155d544ee5d81ec
(From OE-Core rev: 2a675bc63b22724f12e6ed6ff58d0f1d1e0d3b29)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 ...onfigure-the-list-of-system-users-files-a.patch | 176 +++++++++++++++++++++
 ...o-not-install-tmpfiles-and-sysusers-files.patch |  56 +++++++
 ...ke-resolv.conf-entry-conditional-on-resol.patch | 142 +++++++++++++++++
 ...es.d-etc.conf-disable-resolv.conf-symlink.patch |  35 ----
 meta/recipes-core/systemd/systemd_216.bb           |  12 +-
 5 files changed, 384 insertions(+), 37 deletions(-)
 create mode 100644 meta/recipes-core/systemd/systemd/0001-build-sys-configure-the-list-of-system-users-files-a.patch
 create mode 100644 meta/recipes-core/systemd/systemd/0001-build-sys-do-not-install-tmpfiles-and-sysusers-files.patch
 create mode 100644 meta/recipes-core/systemd/systemd/0001-tmpfiles-make-resolv.conf-entry-conditional-on-resol.patch
 delete mode 100644 meta/recipes-core/systemd/systemd/0001-tmpfiles.d-etc.conf-disable-resolv.conf-symlink.patch

diff --git a/meta/recipes-core/systemd/systemd/0001-build-sys-configure-the-list-of-system-users-files-a.patch b/meta/recipes-core/systemd/systemd/0001-build-sys-configure-the-list-of-system-users-files-a.patch
new file mode 100644
index 0000000..e004359
--- /dev/null
+++ b/meta/recipes-core/systemd/systemd/0001-build-sys-configure-the-list-of-system-users-files-a.patch
@@ -0,0 +1,176 @@
+From 5a16bc264c32237e38a844d55e7a1820a31b8440 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=C5=81ukasz=20Stelmach?= <l.stelmach@samsung.com>
+Date: Fri, 28 Nov 2014 15:59:59 +0100
+Subject: [PATCH] build-sys: configure the list of system users, files and
+ directories
+
+Choose which system users defined in sysusers.d/systemd.conf and files
+or directories in tmpfiles.d/systemd.conf, should be provided depending
+on comile-time configuration.
+
+Upstream-Status: Backport
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ Makefile.am                                  | 4 ++++
+ configure.ac                                 | 2 ++
+ sysusers.d/.gitignore                        | 1 +
+ sysusers.d/{systemd.conf => systemd.conf.m4} | 8 ++++++++
+ tmpfiles.d/.gitignore                        | 3 ++-
+ tmpfiles.d/{systemd.conf => systemd.conf.m4} | 2 ++
+ 6 files changed, 19 insertions(+), 1 deletion(-)
+ rename sysusers.d/{systemd.conf => systemd.conf.m4} (77%)
+ rename tmpfiles.d/{systemd.conf => systemd.conf.m4} (96%)
+
+Index: git/Makefile.am
+===================================================================
+--- git.orig/Makefile.am	2015-01-23 21:23:04.000000000 +0000
++++ git/Makefile.am	2015-01-23 21:23:04.000000000 +0000
+@@ -5698,6 +5698,10 @@
+ 	$(AM_V_at)$(MKDIR_P) $(dir $@)
+ 	$(AM_V_M4)$(M4) -P $(M4_DEFINES) < $< > $@
+ 
++sysusers.d/%: sysusers.d/%.m4
++	$(AM_V_at)$(MKDIR_P) $(dir $@)
++	$(AM_V_M4)$(M4) -P $(M4_DEFINES) < $< > $@
++
+ tmpfiles.d/%: tmpfiles.d/%.m4
+ 	$(AM_V_at)$(MKDIR_P) $(dir $@)
+ 	$(AM_V_M4)$(M4) -P $(M4_DEFINES) < $< > $@
+Index: git/configure.ac
+===================================================================
+--- git.orig/configure.ac	2015-01-23 21:23:04.000000000 +0000
++++ git/configure.ac	2015-01-23 21:23:04.000000000 +0000
+@@ -971,6 +971,7 @@
+ AC_ARG_ENABLE(timesyncd, AS_HELP_STRING([--disable-timesyncd], [disable timesync daemon]))
+ if test "x$enable_timesyncd" != "xno"; then
+         have_timesyncd=yes
++        M4_DEFINES="$M4_DEFINES -DENABLE_TIMESYNCD"
+ fi
+ AM_CONDITIONAL(ENABLE_TIMESYNCD, [test "$have_timesyncd" = "yes"])
+ 
+@@ -1060,6 +1061,7 @@
+ AS_IF([test "x$enable_networkd" != "xno"], [
+         AC_DEFINE(ENABLE_NETWORKD, 1, [Define if networkd support is to be enabled])
+         have_networkd=yes
++        M4_DEFINES="$M4_DEFINES -DENABLE_NETWORKD"
+ ])
+ AM_CONDITIONAL(ENABLE_NETWORKD, [test "x$have_networkd" = "xyes"])
+ 
+Index: git/sysusers.d/systemd.conf
+===================================================================
+--- git.orig/sysusers.d/systemd.conf	2015-01-23 21:23:02.000000000 +0000
++++ /dev/null	1970-01-01 00:00:00.000000000 +0000
+@@ -1,12 +0,0 @@
+-#  This file is part of systemd.
+-#
+-#  systemd is free software; you can redistribute it and/or modify it
+-#  under the terms of the GNU Lesser General Public License as published by
+-#  the Free Software Foundation; either version 2.1 of the License, or
+-#  (at your option) any later version.
+-
+-g systemd-journal   - -
+-u systemd-bus-proxy - "systemd Bus Proxy"
+-u systemd-network   - "systemd Network Management"
+-u systemd-resolve   - "systemd Resolver"
+-u systemd-timesync  - "systemd Time Synchronization"
+Index: git/sysusers.d/systemd.conf.m4
+===================================================================
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
++++ git/sysusers.d/systemd.conf.m4	2015-01-23 21:26:30.000000000 +0000
+@@ -0,0 +1,20 @@
++#  This file is part of systemd.
++#
++#  systemd is free software; you can redistribute it and/or modify it
++#  under the terms of the GNU Lesser General Public License as published by
++#  the Free Software Foundation; either version 2.1 of the License, or
++#  (at your option) any later version.
++
++g systemd-journal   - -
++m4_ifdef(`ENABLE_KDBUS',
++u systemd-bus-proxy - "systemd Bus Proxy"
++)m4_dnl
++m4_ifdef(`ENABLE_NETWORKD',
++u systemd-network   - "systemd Network Management"
++)m4_dnl
++m4_ifdef(`ENABLE_RESOLVED',
++u systemd-resolve   - "systemd Resolver"
++)m4_dnl
++m4_ifdef(`ENABLE_TIMESYNCD',
++u systemd-timesync  - "systemd Time Synchronization"
++)m4_dnl
+Index: git/tmpfiles.d/systemd.conf
+===================================================================
+--- git.orig/tmpfiles.d/systemd.conf	2015-01-23 21:23:02.000000000 +0000
++++ /dev/null	1970-01-01 00:00:00.000000000 +0000
+@@ -1,32 +0,0 @@
+-#  This file is part of systemd.
+-#
+-#  systemd is free software; you can redistribute it and/or modify it
+-#  under the terms of the GNU Lesser General Public License as published by
+-#  the Free Software Foundation; either version 2.1 of the License, or
+-#  (at your option) any later version.
+-
+-# See tmpfiles.d(5) for details
+-
+-d /run/user 0755 root root -
+-F! /run/utmp 0664 root utmp -
+-
+-d /run/systemd/ask-password 0755 root root -
+-d /run/systemd/seats 0755 root root -
+-d /run/systemd/sessions 0755 root root -
+-d /run/systemd/users 0755 root root -
+-d /run/systemd/machines 0755 root root -
+-d /run/systemd/shutdown 0755 root root -
+-d /run/systemd/netif 0755 systemd-network systemd-network -
+-d /run/systemd/netif/links 0755 systemd-network systemd-network -
+-d /run/systemd/netif/leases 0755 systemd-network systemd-network -
+-
+-d /run/log 0755 root root -
+-
+-z /run/log/journal 2755 root systemd-journal - -
+-Z /run/log/journal/%m ~2750 root systemd-journal - -
+-
+-z /var/log/journal 2755 root systemd-journal - -
+-z /var/log/journal/%m 2755 root systemd-journal - -
+-
+-d /var/lib/systemd 0755 root root -
+-d /var/lib/systemd/coredump 0755 root root 3d
+Index: git/tmpfiles.d/systemd.conf.m4
+===================================================================
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
++++ git/tmpfiles.d/systemd.conf.m4	2015-01-23 21:26:46.000000000 +0000
+@@ -0,0 +1,34 @@
++#  This file is part of systemd.
++#
++#  systemd is free software; you can redistribute it and/or modify it
++#  under the terms of the GNU Lesser General Public License as published by
++#  the Free Software Foundation; either version 2.1 of the License, or
++#  (at your option) any later version.
++
++# See tmpfiles.d(5) for details
++
++d /run/user 0755 root root -
++F! /run/utmp 0664 root utmp -
++
++d /run/systemd/ask-password 0755 root root -
++d /run/systemd/seats 0755 root root -
++d /run/systemd/sessions 0755 root root -
++d /run/systemd/users 0755 root root -
++d /run/systemd/machines 0755 root root -
++d /run/systemd/shutdown 0755 root root -
++m4_ifdef(`ENABLE_NETWORKD',
++d /run/systemd/netif 0755 systemd-network systemd-network -
++d /run/systemd/netif/links 0755 systemd-network systemd-network -
++d /run/systemd/netif/leases 0755 systemd-network systemd-network -
++)m4_dnl
++
++d /run/log 0755 root root -
++
++z /run/log/journal 2755 root systemd-journal - -
++Z /run/log/journal/%m ~2750 root systemd-journal - -
++
++z /var/log/journal 2755 root systemd-journal - -
++z /var/log/journal/%m 2755 root systemd-journal - -
++
++d /var/lib/systemd 0755 root root -
++d /var/lib/systemd/coredump 0755 root root 3d
diff --git a/meta/recipes-core/systemd/systemd/0001-build-sys-do-not-install-tmpfiles-and-sysusers-files.patch b/meta/recipes-core/systemd/systemd/0001-build-sys-do-not-install-tmpfiles-and-sysusers-files.patch
new file mode 100644
index 0000000..4795f86
--- /dev/null
+++ b/meta/recipes-core/systemd/systemd/0001-build-sys-do-not-install-tmpfiles-and-sysusers-files.patch
@@ -0,0 +1,56 @@
+From bedd083aaedb3bbb14ef579a047bf4b4fed56d9b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=C5=81ukasz=20Stelmach?= <l.stelmach@samsung.com>
+Date: Wed, 26 Nov 2014 09:17:50 +0100
+Subject: [PATCH] build-sys: do not install tmpfiles and sysusers files by
+ default
+
+Upstream-Status: Backport
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+---
+ Makefile.am | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index ddd0df1..65bb176 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -2039,7 +2039,6 @@ nodist_tmpfiles_DATA = \
+ dist_tmpfiles_DATA = \
+ 	tmpfiles.d/systemd.conf \
+ 	tmpfiles.d/systemd-nologin.conf \
+-	tmpfiles.d/systemd-remote.conf \
+ 	tmpfiles.d/tmp.conf \
+ 	tmpfiles.d/x11.conf \
+ 	tmpfiles.d/var.conf
+@@ -2094,8 +2093,7 @@ SYSINIT_TARGET_WANTS += \
+ 	systemd-sysusers.service
+ 
+ dist_sysusers_DATA = \
+-	sysusers.d/systemd.conf \
+-	sysusers.d/systemd-remote.conf
++	sysusers.d/systemd.conf
+ 
+ nodist_sysusers_DATA = \
+ 	sysusers.d/basic.conf
+@@ -3839,6 +3837,16 @@ systemd_journal_remote_CFLAGS = \
+ systemd_journal_remote_LDADD += \
+ 	$(MICROHTTPD_LIBS)
+ 
++if ENABLE_SYSUSERS
++dist_sysusers_DATA += \
++	sysusers.d/systemd-remote.conf
++endif
++
++if ENABLE_TMPFILES
++dist_tmpfiles_DATA += \
++	tmpfiles.d/systemd-remote.conf
++endif
++
+ if HAVE_GNUTLS
+ systemd_journal_remote_LDADD += \
+ 	$(GNUTLS_LIBS)
+-- 
+1.9.1
+
diff --git a/meta/recipes-core/systemd/systemd/0001-tmpfiles-make-resolv.conf-entry-conditional-on-resol.patch b/meta/recipes-core/systemd/systemd/0001-tmpfiles-make-resolv.conf-entry-conditional-on-resol.patch
new file mode 100644
index 0000000..b5b0168
--- /dev/null
+++ b/meta/recipes-core/systemd/systemd/0001-tmpfiles-make-resolv.conf-entry-conditional-on-resol.patch
@@ -0,0 +1,142 @@
+From aeb50ff0bd4bbbca74c4695072232348351d512d Mon Sep 17 00:00:00 2001
+From: Tom Gundersen <teg@jklm.no>
+Date: Wed, 27 Aug 2014 17:45:41 +0200
+Subject: [PATCH] tmpfiles: make resolv.conf entry conditional on resolved
+ support
+
+Upstream-Status: Backport
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+---
+ Makefile.am                          | 15 +++++++++++++--
+ TODO                                 |  2 --
+ configure.ac                         |  1 +
+ tmpfiles.d/.gitignore                |  1 +
+ tmpfiles.d/{etc.conf => etc.conf.m4} |  2 ++
+ 5 files changed, 17 insertions(+), 4 deletions(-)
+ create mode 100644 tmpfiles.d/.gitignore
+ rename tmpfiles.d/{etc.conf => etc.conf.m4} (95%)
+
+Index: git/Makefile.am
+===================================================================
+--- git.orig/Makefile.am	2015-01-24 00:41:20.134716451 -0800
++++ git/Makefile.am	2015-01-24 00:41:20.126716451 -0800
+@@ -1935,14 +1935,16 @@
+ 	units/systemd-tmpfiles-setup.service \
+ 	units/systemd-tmpfiles-clean.service
+ 
++nodist_tmpfiles_DATA = \
++	tmpfiles.d/etc.conf
++
+ dist_tmpfiles_DATA = \
+ 	tmpfiles.d/systemd.conf \
+ 	tmpfiles.d/systemd-nologin.conf \
+ 	tmpfiles.d/systemd-remote.conf \
+ 	tmpfiles.d/tmp.conf \
+ 	tmpfiles.d/x11.conf \
+-	tmpfiles.d/var.conf \
+-	tmpfiles.d/etc.conf
++	tmpfiles.d/var.conf
+ 
+ if HAVE_SYSV_COMPAT
+ dist_tmpfiles_DATA += \
+@@ -1965,10 +1967,14 @@
+ endif
+ 
+ EXTRA_DIST += \
++	tmpfiles.d/etc.conf.m4 \
+ 	units/systemd-tmpfiles-setup-dev.service.in \
+ 	units/systemd-tmpfiles-setup.service.in \
+ 	units/systemd-tmpfiles-clean.service.in
+ 
++CLEANFILES += \
++	tmpfiles.d/etc.conf
++
+ # ------------------------------------------------------------------------------
+ if ENABLE_SYSUSERS
+ systemd_sysusers_SOURCES = \
+@@ -5684,6 +5690,11 @@
+ 	$(AM_V_at)$(MKDIR_P) $(dir $@)
+ 	$(AM_V_M4)$(M4) -P $(M4_DEFINES) < $< > $@
+ 
++tmpfiles.d/%: tmpfiles.d/%.m4
++	$(AM_V_at)$(MKDIR_P) $(dir $@)
++	$(AM_V_M4)$(M4) -P $(M4_DEFINES) < $< > $@
++
++
+ units/%: units/%.m4
+ 	$(AM_V_at)$(MKDIR_P) $(dir $@)
+ 	$(AM_V_M4)$(M4) -P $(M4_DEFINES) -DFOR_SYSTEM=1 < $< > $@
+Index: git/TODO
+===================================================================
+--- git.orig/TODO	2015-01-24 00:41:20.134716451 -0800
++++ git/TODO	2015-01-24 00:41:20.126716451 -0800
+@@ -111,8 +111,6 @@
+ 
+ * Allow multiple ExecStart= for all Type= settings, so that we can cover rescue.service nicely
+ 
+-* the resolv.conf tmpfiles line should be covered by ENABLE_NETWORKD...
+-
+ * Add a new verb "systemctl top"
+ 
+ * logind: allow users to kill or lock their own sessions
+Index: git/configure.ac
+===================================================================
+--- git.orig/configure.ac	2015-01-24 00:41:20.134716451 -0800
++++ git/configure.ac	2015-01-24 00:41:20.126716451 -0800
+@@ -1041,6 +1041,7 @@
+ AC_ARG_ENABLE(resolved, AS_HELP_STRING([--disable-resolved], [disable resolve daemon]))
+ if test "x$enable_resolved" != "xno"; then
+         have_resolved=yes
++        M4_DEFINES="$M4_DEFINES -DENABLE_RESOLVED"
+ fi
+ AM_CONDITIONAL(ENABLE_RESOLVED, [test "$have_resolved" = "yes"])
+ 
+Index: git/tmpfiles.d/.gitignore
+===================================================================
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
++++ git/tmpfiles.d/.gitignore	2015-01-24 00:41:20.126716451 -0800
+@@ -0,0 +1 @@
++etc.conf
+Index: git/tmpfiles.d/etc.conf
+===================================================================
+--- git.orig/tmpfiles.d/etc.conf	2015-01-24 00:41:20.134716451 -0800
++++ /dev/null	1970-01-01 00:00:00.000000000 +0000
+@@ -1,15 +0,0 @@
+-#  This file is part of systemd.
+-#
+-#  systemd is free software; you can redistribute it and/or modify it
+-#  under the terms of the GNU Lesser General Public License as published by
+-#  the Free Software Foundation; either version 2.1 of the License, or
+-#  (at your option) any later version.
+-
+-# See tmpfiles.d(5) for details
+-
+-L /etc/os-release - - - - ../usr/lib/os-release
+-L /etc/localtime - - - - ../usr/share/zoneinfo/UTC
+-L+ /etc/mtab - - - - ../proc/self/mounts
+-L /etc/resolv.conf - - - - ../run/systemd/resolve/resolv.conf
+-C /etc/nsswitch.conf - - - -
+-C /etc/pam.d - - - -
+Index: git/tmpfiles.d/etc.conf.m4
+===================================================================
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
++++ git/tmpfiles.d/etc.conf.m4	2015-01-24 00:41:20.126716451 -0800
+@@ -0,0 +1,17 @@
++#  This file is part of systemd.
++#
++#  systemd is free software; you can redistribute it and/or modify it
++#  under the terms of the GNU Lesser General Public License as published by
++#  the Free Software Foundation; either version 2.1 of the License, or
++#  (at your option) any later version.
++
++# See tmpfiles.d(5) for details
++
++L /etc/os-release - - - - ../usr/lib/os-release
++L /etc/localtime - - - - ../usr/share/zoneinfo/UTC
++L+ /etc/mtab - - - - ../proc/self/mounts
++m4_ifdef(`ENABLE_RESOLVED',
++L /etc/resolv.conf - - - - ../run/systemd/resolve/resolv.conf
++)
++C /etc/nsswitch.conf - - - -
++C /etc/pam.d - - - -
diff --git a/meta/recipes-core/systemd/systemd/0001-tmpfiles.d-etc.conf-disable-resolv.conf-symlink.patch b/meta/recipes-core/systemd/systemd/0001-tmpfiles.d-etc.conf-disable-resolv.conf-symlink.patch
deleted file mode 100644
index 7218322..0000000
--- a/meta/recipes-core/systemd/systemd/0001-tmpfiles.d-etc.conf-disable-resolv.conf-symlink.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From f0ab1600fb56d680e6aba3d0d51dfb9ffa3d9403 Mon Sep 17 00:00:00 2001
-From: "Peter A. Bigot" <pab@pabigot.com>
-Date: Thu, 18 Sep 2014 08:36:54 -0500
-Subject: [PATCH] tmpfiles.d/etc.conf: disable resolv.conf symlink
-
-This link is valid only if ENABLE_RESOLVED is configured for systemd.
-If left unconditional, the symlink is created preventing connman from
-storing the configuration it received from DHCP or other sources.
-
-Upstream has a TODO to fix this, but has not done so as of this date.
-Provide a temporary workaround for OE until this is done properly
-upstream.
-
-Upstream-Status: Inappropriate [OE-specific]
-Signed-off-by: Peter A. Bigot <pab@pabigot.com>
----
- tmpfiles.d/etc.conf | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/tmpfiles.d/etc.conf b/tmpfiles.d/etc.conf
-index b23272c..5364dd8 100644
---- a/tmpfiles.d/etc.conf
-+++ b/tmpfiles.d/etc.conf
-@@ -10,6 +10,7 @@
- L /etc/os-release - - - - ../usr/lib/os-release
- L /etc/localtime - - - - ../usr/share/zoneinfo/UTC
- L+ /etc/mtab - - - - ../proc/self/mounts
--L /etc/resolv.conf - - - - ../run/systemd/resolve/resolv.conf
-+# TODO: conditional on ENABLE_RESOLVED
-+#L /etc/resolv.conf - - - - ../run/systemd/resolve/resolv.conf
- C /etc/nsswitch.conf - - - -
- C /etc/pam.d - - - -
--- 
-1.8.5.5
-
diff --git a/meta/recipes-core/systemd/systemd_216.bb b/meta/recipes-core/systemd/systemd_216.bb
index 5e76f7c..3852841 100644
--- a/meta/recipes-core/systemd/systemd_216.bb
+++ b/meta/recipes-core/systemd/systemd_216.bb
@@ -35,11 +35,13 @@ SRC_URI = "git://anongit.freedesktop.org/systemd/systemd;branch=master;protocol=
            file://0001-Make-root-s-home-directory-configurable.patch \
            file://0001-systemd-user-avoid-using-system-auth.patch \
            file://0001-journal-Fix-navigating-backwards-missing-entries.patch \
+           file://0001-tmpfiles-make-resolv.conf-entry-conditional-on-resol.patch \
+           file://0001-build-sys-do-not-install-tmpfiles-and-sysusers-files.patch \
+           file://0001-build-sys-configure-the-list-of-system-users-files-a.patch \
            file://touchscreen.rules \
            file://00-create-volatile.conf \
            file://init \
            file://run-ptest \
-           ${@bb.utils.contains('PACKAGECONFIG', 'resolved', '', 'file://0001-tmpfiles.d-etc.conf-disable-resolv.conf-symlink.patch', d)} \
           "
 
 S = "${WORKDIR}/git"
@@ -151,6 +153,12 @@ do_install() {
 
 	# Enable journal to forward message to syslog daemon
 	sed -i -e 's/.*ForwardToSyslog.*/ForwardToSyslog=yes/' ${D}${sysconfdir}/systemd/journald.conf
+	# its needed in 216 upstream has fixed it with 919699ec301ea507edce4a619141ed22e789ac0d
+	# don't order journal flushing afte remote-fs.target
+	sed -i -e 's/ remote-fs.target$//' ${D}${systemd_unitdir}/system/systemd-journal-flush.service
+	# this file is needed to exist if networkd is disabled but timesyncd is still in use since timesyncd checks it
+	# for existence else it fails
+	${@bb.utils.contains('PACKAGECONFIG', 'networkd', '', 'sed -i -e "\$ad /run/systemd/netif/links 0755 root root -" ${D}${libdir}/tmpfiles.d/systemd.conf', d)}
 }
 
 do_install_ptest () {
@@ -182,7 +190,7 @@ SYSTEMD_PACKAGES = "${PN}-binfmt"
 SYSTEMD_SERVICE_${PN}-binfmt = "systemd-binfmt.service"
 
 USERADD_PACKAGES = "${PN}"
-USERADD_PARAM_${PN} += "--system systemd-journal-gateway"
+USERADD_PARAM_${PN} += "--system systemd-journal-gateway; --system systemd-timesync"
 GROUPADD_PARAM_${PN} = "-r lock; -r systemd-journal"
 
 FILES_${PN}-analyze = "${bindir}/systemd-analyze"
-- 
1.9.1

[PATCH 61/61] groff: fix QA issue with rdepends

[Armin Kuster]

WARNING: QA Issue: groff requires /bin/sed, but no providers in its RDEPENDS [file-rdeps]

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-extended/groff/groff_1.22.2.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-extended/groff/groff_1.22.2.bb b/meta/recipes-extended/groff/groff_1.22.2.bb
index 63f0425..6c6926f 100644
--- a/meta/recipes-extended/groff/groff_1.22.2.bb
+++ b/meta/recipes-extended/groff/groff_1.22.2.bb
@@ -63,4 +63,6 @@ do_install_append_class-native() {
 FILES_${PN} += "${libdir}/${BPN}/site-tmac \
                 ${libdir}/${BPN}/groffer/"
 
+RDEPENDS_${PN} = " sed"
+
 BBCLASSEXTEND = "native"
-- 
1.9.1

Re: [PATCH 37/61] lib/oe/package: Ensure strip breaks hardlinks

[Enrico Scholz]

Armin Kuster <akuster808-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
writes:

> Normally, strip preserves hardlinks which in the case of the way our
> hardlink rather than copy functionality works,

This breaks stripping of hardlinked files.  'package.bbclass' contains
logic to run 'strip' only once per hardlinked file.  With this patch,
only one instance gets stripped.

E.g. the 'e2fsprogs-mke2fs' package contains now

-rwxr-xr-x    4 root     root        350025 Feb 18 01:42 /sbin/mke2fs
-rwxr-xr-x    4 root     root        350025 Feb 18 01:42 /sbin/mkfs.ext2
-rwxr-xr-x    4 root     root        350025 Feb 18 01:42 /sbin/mkfs.ext3
-rwxr-xr-x    4 root     root        350025 Feb 18 01:42 /sbin/mkfs.ext4
-rwxr-xr-x    1 root     root         84700 Feb 18 01:42 /sbin/mkfs.ext4dev

where the first 4 programs (which are one inode with 4 hardlinks) are
not stripped.



> -    stripcmd = "'%s' %s '%s'" % (strip, extraflags, file)
> +    # Use mv to break hardlinks
> +    stripcmd = "'%s' %s '%s' -o '%s.tmp' && mv '%s.tmp' '%s'" % (strip, extraflags, file, file, file, file)

How are these files then merged again?



Enrico

Re: [PATCH 37/61] lib/oe/package: Ensure strip breaks hardlinks

[Richard Purdie]

On Wed, 2015-02-18 at 19:25 +0100, Enrico Scholz wrote:
> Armin Kuster <akuster808-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
> writes:
> 
> > Normally, strip preserves hardlinks which in the case of the way our
> > hardlink rather than copy functionality works,
> 
> This breaks stripping of hardlinked files.  'package.bbclass' contains
> logic to run 'strip' only once per hardlinked file.  With this patch,
> only one instance gets stripped.
> 
> E.g. the 'e2fsprogs-mke2fs' package contains now
> 
> -rwxr-xr-x    4 root     root        350025 Feb 18 01:42 /sbin/mke2fs
> -rwxr-xr-x    4 root     root        350025 Feb 18 01:42 /sbin/mkfs.ext2
> -rwxr-xr-x    4 root     root        350025 Feb 18 01:42 /sbin/mkfs.ext3
> -rwxr-xr-x    4 root     root        350025 Feb 18 01:42 /sbin/mkfs.ext4
> -rwxr-xr-x    1 root     root         84700 Feb 18 01:42 /sbin/mkfs.ext4dev
> 
> where the first 4 programs (which are one inode with 4 hardlinks) are
> not stripped.

There is a problem here for sure. The issue is that for
space/performance reasons we hardlink the files in the sysroot with the
ones in the packaging process amongst other places. If one set gets
stripped, before this patch they'd all get stripped and the process was
not deterministic. Were the files in the sysroot stripped or unstripped
for example?

So the patch addresses a real issue.


> > -    stripcmd = "'%s' %s '%s'" % (strip, extraflags, file)
> > +    # Use mv to break hardlinks
> > +    stripcmd = "'%s' %s '%s' -o '%s.tmp' && mv '%s.tmp' '%s'" % (strip, extraflags, file, file, file, file)
> 
> How are these files then merged again?

They're not :(. So we have a different problem introduced by the patch.
I'll give this a bit more thought overnight. We might need to implement
some code to merge these back given we already maintain the lists of
files.

Cheers,

Richard