documentation: Updated the date in Manual Revision History table

Updated the manuals for a December 2014 1.5.4 release date.

(From yocto-docs rev: 34d5133e8b97a8debb2458733a2b15ad3f0988d0)

Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

bitbake/bin/bitbake-worker

@@ -97,7 +97,8 @@ def fork_off_task(cfg, data, workerdata, fn, task, taskname, appends, quieterror
         except TypeError:
              umask = taskdep['umask'][taskname]
 
-    if 'fakeroot' in taskdep and taskname in taskdep['fakeroot']:
+    # We can't use the fakeroot environment in a dry run as it possibly hasn't been built
+    if 'fakeroot' in taskdep and taskname in taskdep['fakeroot'] and not cfg.dry_run:
         envvars = (workerdata["fakerootenv"][fn] or "").split()
         for key, value in (var.split('=') for var in envvars):
             envbackup[key] = os.environ.get(key)

bitbake/lib/bb/data.py

@@ -214,7 +214,7 @@ def emit_var(var, o=sys.__stdout__, d = init(), all=False):
         o.write('unset %s\n' % varExpanded)
         return 0
 
-    if not val:
+    if val is None:
         return 0
 
     val = str(val)
@@ -229,7 +229,7 @@ def emit_var(var, o=sys.__stdout__, d = init(), all=False):
 
     # if we're going to output this within doublequotes,
     # to a shell, we need to escape the quotes in the var
-    alter = re.sub('"', '\\"', val.strip())
+    alter = re.sub('"', '\\"', val)
     alter = re.sub('\n', ' \\\n', alter)
     o.write('%s="%s"\n' % (varExpanded, alter))
     return 0

bitbake/lib/bb/fetch2/__init__.py

@@ -329,7 +329,7 @@ def decodeurl(url):
     user, password, parameters).
     """
 
-    m = re.compile('(?P<type>[^:]*)://((?P<user>.+)@)?(?P<location>[^;]+)(;(?P<parm>.*))?').match(url)
+    m = re.compile('(?P<type>[^:]*)://((?P<user>[^/]+)@)?(?P<location>[^;]+)(;(?P<parm>.*))?').match(url)
     if not m:
         raise MalformedUrl(url)
 
@@ -807,9 +807,9 @@ def try_mirror_url(newuri, origud, ud, ld, check = False):
                 os.symlink(ud.localpath, dest)
             if not os.path.exists(origud.donestamp) or origud.method.need_update(origud.url, origud, ld):
                 origud.method.download(origud.url, origud, ld)
-                if hasattr(ud.method,"build_mirror_data"):
+                if hasattr(origud.method,"build_mirror_data"):
                     origud.method.build_mirror_data(origud.url, origud, ld)
-            return None
+            return ud.localpath
         # Otherwise the result is a local file:// and we symlink to it
         if not os.path.exists(origud.localpath):
             if os.path.islink(origud.localpath):

bitbake/lib/bb/fetch2/git.py

@@ -305,8 +305,8 @@ class Git(FetchMethod):
             username = ""
 
         basecmd = data.getVar("FETCHCMD_git", d, True) or "git"
-        cmd = "%s ls-remote %s://%s%s%s %s" % \
-              (basecmd, ud.proto, username, ud.host, ud.path, ud.branches[name])
+        cmd = "%s ls-remote %s://%s%s%s refs/heads/%s refs/tags/%s" % \
+              (basecmd, ud.proto, username, ud.host, ud.path, ud.branches[name], ud.branches[name])
         if ud.proto.lower() != 'file':
             bb.fetch2.check_network_access(d, cmd)
         output = runfetchcmd(cmd, d, True)

bitbake/lib/bb/parse/__init__.py

@@ -73,9 +73,17 @@ def update_mtime(f):
 def mark_dependency(d, f):
     if f.startswith('./'):
         f = "%s/%s" % (os.getcwd(), f[2:])
-    deps = (d.getVar('__depends') or []) + [(f, cached_mtime(f))]
-    d.setVar('__depends', deps)
+    deps = (d.getVar('__depends') or [])
+    s = (f, cached_mtime_noerror(f))
+    if s not in deps:
+        deps.append(s)
+        d.setVar('__depends', deps)
 
+def check_dependency(d, f):
+    s = (f, cached_mtime_noerror(f))
+    deps = (d.getVar('__depends') or [])
+    return s in deps
+   
 def supports(fn, data):
     """Returns true if we have a handler for this file, false otherwise"""
     for h in handlers:
@@ -102,11 +110,14 @@ def init_parser(d):
 def resolve_file(fn, d):
     if not os.path.isabs(fn):
         bbpath = d.getVar("BBPATH", True)
-        newfn = bb.utils.which(bbpath, fn)
+        newfn, attempts = bb.utils.which(bbpath, fn, history=True)
+        for af in attempts:
+            mark_dependency(d, af)
         if not newfn:
             raise IOError("file %s not found in %s" % (fn, bbpath))
         fn = newfn
 
+    mark_dependency(d, fn)
     if not os.path.isfile(fn):
         raise IOError("file %s not found" % fn)
 

bitbake/lib/bb/parse/parse_py/BBHandler.py

@@ -77,7 +77,10 @@ def inherit(files, fn, lineno, d):
         if not os.path.isabs(file):
             dname = os.path.dirname(fn)
             bbpath = "%s:%s" % (dname, d.getVar("BBPATH", True))
-            abs_fn = bb.utils.which(bbpath, file)
+            abs_fn, attempts = bb.utils.which(bbpath, file, history=True)
+            for af in attempts:
+                if af != abs_fn:
+                    bb.parse.mark_dependency(d, af)
             if abs_fn:
                 file = abs_fn
 

bitbake/lib/bb/parse/parse_py/ConfHandler.py

@@ -82,9 +82,15 @@ def include(oldfn, fn, lineno, data, error_out):
     if not os.path.isabs(fn):
         dname = os.path.dirname(oldfn)
         bbpath = "%s:%s" % (dname, data.getVar("BBPATH", True))
-        abs_fn = bb.utils.which(bbpath, fn)
+        abs_fn, attempts = bb.utils.which(bbpath, fn, history=True)
+        if abs_fn and bb.parse.check_dependency(data, abs_fn):
+            bb.warn("Duplicate inclusion for %s in %s" % (abs_fn, data.getVar('FILE', True)))
+        for af in attempts:
+            bb.parse.mark_dependency(data, af)
         if abs_fn:
             fn = abs_fn
+    elif bb.parse.check_dependency(data, fn):
+        bb.warn("Duplicate inclusion for %s in %s" % (fn, data.getVar('FILE', True)))
 
     from bb.parse import handle
     try:
@@ -93,6 +99,7 @@ def include(oldfn, fn, lineno, data, error_out):
         if error_out:
             raise ParseError("Could not %(error_out)s file %(fn)s" % vars(), oldfn, lineno)
         logger.debug(2, "CONF file '%s' not found", fn)
+        bb.parse.mark_dependency(data, fn)
 
 # We have an issue where a UI might want to enforce particular settings such as
 # an empty DISTRO variable. If configuration files do something like assigning

bitbake/lib/bb/runqueue.py

@@ -1408,7 +1408,7 @@ class RunQueueExecuteTasks(RunQueueExecute):
                 bb.event.fire(startevent, self.cfgData)
 
             taskdep = self.rqdata.dataCache.task_deps[fn]
-            if 'fakeroot' in taskdep and taskname in taskdep['fakeroot']:
+            if 'fakeroot' in taskdep and taskname in taskdep['fakeroot'] and not self.cooker.configuration.dry_run:
                 if not self.rq.fakeworker:
                     self.rq.start_fakeworker(self)
                 self.rq.fakeworker.stdin.write("<runtask>" + pickle.dumps((fn, task, taskname, False, self.cooker.collection.get_file_appends(fn))) + "</runtask>")

bitbake/lib/bb/tests/fetch.py

@@ -407,7 +407,8 @@ class URLHandle(unittest.TestCase):
     datatable = {
        "http://www.google.com/index.html" : ('http', 'www.google.com', '/index.html', '', '', {}),
        "cvs://anoncvs@cvs.handhelds.org/cvs;module=familiar/dist/ipkg" : ('cvs', 'cvs.handhelds.org', '/cvs', 'anoncvs', '', {'module': 'familiar/dist/ipkg'}),
-       "cvs://anoncvs:anonymous@cvs.handhelds.org/cvs;tag=V0-99-81;module=familiar/dist/ipkg" : ('cvs', 'cvs.handhelds.org', '/cvs', 'anoncvs', 'anonymous', {'tag': 'V0-99-81', 'module': 'familiar/dist/ipkg'})
+       "cvs://anoncvs:anonymous@cvs.handhelds.org/cvs;tag=V0-99-81;module=familiar/dist/ipkg" : ('cvs', 'cvs.handhelds.org', '/cvs', 'anoncvs', 'anonymous', {'tag': 'V0-99-81', 'module': 'familiar/dist/ipkg'}),
+       "git://git.openembedded.org/bitbake;branch=@foo" : ('git', 'git.openembedded.org', '/bitbake', '', '', {'branch': '@foo'})
     }
 
     def test_decodeurl(self):

bitbake/lib/bb/ui/crumbs/hoblistmodel.py

@@ -199,7 +199,9 @@ class PackageListModel(gtk.ListStore):
         return self.cmp_vals(val1, val2, user_data)
 
     def cmp_vals(self, val1, val2, user_data):
-        if val1.startswith(user_data) and not val2.startswith(user_data):
+        if val1 is None or val2 is None:
+            return 0
+        elif val1.startswith(user_data) and not val2.startswith(user_data):
             return -1
         elif not val1.startswith(user_data) and val2.startswith(user_data):
             return 1
@@ -575,7 +577,9 @@ class RecipeListModel(gtk.ListStore):
         return self.cmp_vals(val1, val2, user_data)
 
     def cmp_vals(self, val1, val2, user_data):
-        if val1.startswith(user_data) and not val2.startswith(user_data):
+        if val1 is None or val2 is None:
+            return 0
+        elif val1.startswith(user_data) and not val2.startswith(user_data):
             return -1
         elif not val1.startswith(user_data) and val2.startswith(user_data):
             return 1

bitbake/lib/bb/ui/crumbs/imagedetailspage.py

@@ -355,9 +355,9 @@ class ImageDetailsPage (HobPage):
             vallist.append(base_image)
             i = 0
             for layer in layers:
-                varlist.append(" - ")
                 if i > layer_num_limit:
                     break
+                varlist.append(" - ")
                 i += 1
             vallist.append("")
             i = 0

bitbake/lib/bb/utils.py

@@ -793,22 +793,28 @@ def copyfile(src, dest, newmtime = None, sstat = None):
         newmtime = sstat[stat.ST_MTIME]
     return newmtime
 
-def which(path, item, direction = 0):
+def which(path, item, direction = 0, history = False):
     """
     Locate a file in a PATH
     """
 
+    hist = []
     paths = (path or "").split(':')
     if direction != 0:
         paths.reverse()
 
     for p in paths:
         next = os.path.join(p, item)
+        hist.append(next)
         if os.path.exists(next):
             if not os.path.isabs(next):
                 next = os.path.abspath(next)
+            if history:
+                return next, hist
             return next
 
+    if history:
+        return "", hist
     return ""
 
 def to_boolean(string, default=None):

documentation/adt-manual/adt-manual.xml

@@ -68,9 +68,24 @@
             </revision>
             <revision>
                 <revnumber>1.5.1</revnumber>
-                <date>Sometime in 2013</date>
+                <date>January 2014</date>
                 <revremark>Released with the Yocto Project 1.5.1 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>1.5.2</revnumber>
+                <date>May 2014</date>
+                <revremark>Released with the Yocto Project 1.5.2 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>1.5.3</revnumber>
+                <date>July 2014</date>
+                <revremark>Released with the Yocto Project 1.5.3 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>1.5.4</revnumber>
+                <date>December 2014</date>
+                <revremark>Released with the Yocto Project 1.5.4 Release.</revremark>
+            </revision>
        </revhistory>
 
     <copyright>

documentation/adt-manual/adt-prepare.xml

@@ -201,10 +201,7 @@
 
             <para>
                 After you have configured the <filename>adt_installer.conf</filename> file,
-                run the installer using the following command.
-                Be sure that you are not trying to use cross-compilation tools.
-                When you run the installer, the environment must use a
-                host <filename>gcc</filename>:
+                run the installer using the following command:
                 <literallayout class='monospaced'>
      $ cd adt-installer
      $ ./adt_installer

documentation/bsp-guide/bsp-guide.xml

@@ -80,9 +80,24 @@
             </revision>
             <revision>
                 <revnumber>1.5.1</revnumber>
-                <date>Sometime in 2013</date>
+                <date>January 2014</date>
                 <revremark>Released with the Yocto Project 1.5.1 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>1.5.2</revnumber>
+                <date>May 2014</date>
+                <revremark>Released with the Yocto Project 1.5.2 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>1.5.3</revnumber>
+                <date>July 2014</date>
+                <revremark>Released with the Yocto Project 1.5.3 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>1.5.4</revnumber>
+                <date>December 2014</date>
+                <revremark>Released with the Yocto Project 1.5.4 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/dev-manual/dev-manual-common-tasks.xml

@@ -1940,7 +1940,7 @@
             format the device requires.
             Should your device require multiple partitions on an SD card, flash,
             or an HDD, you can use the OpenEmbedded Image Creator
-            () to create the properly partitioned image.
+            to create the properly partitioned image.
         </para>
 
         <para>
@@ -1949,8 +1949,10 @@
             Image generation is driven by partitioning commands contained
             in an Openembedded kickstart file (<filename>.wks</filename>)
             specified either directly on the command-line or as one of a
-            selection of canned <filename>.wks</filename> files
-            (see 'wic list images').
+            selection of canned <filename>.wks</filename> files as shown
+            with the <filename>wic list images</filename> command in the
+            "<link linkend='using-a-provided-kickstart_file'>Using a Provided Kickstart File</link>"
+            section.
             When applied to a given set of build artifacts, the result is an
             image or set of images that can be directly written onto media and
             used on a particular system.
@@ -2003,34 +2005,6 @@
             </para>
         </section>
 
-<!--
-
-        <para>
-            This section covers the mechanics of invoking and providing help for
-the command and sub-commands; it contains hooks for future commits to
-connect with the actual functionality, once implemented.
-        </para>
-
-        <para>
-            Help is integrated into the 'wic' command itself - you can also see
-that for details and reminders on usage (simply invoke 'wic' without
-any arguments to get started).
-        </para>
-
-        <note>
-            Just because 'wic' can generate an image does not mean that it
-will boot on a given machine. 'wic' tries to spot the most obvious
-usages that are likely to cause problems but, as a relatively
-low-level tool, it can't in general figure out whether a generated
-image is appropriate for a given piece of hardware - it's really up to
-you to provide intelligent inputs to the image creation process. If
-you suspect that your image is not working as expected due to some bug
-or missing feature of the tool, please file a bug report describing
-the details.
-        </note>
-
--->
-
         <section id='wic-requirements'>
             <title>Requirements</title>
 
@@ -2125,20 +2099,71 @@ the details.
                         command-line arguments.</para></listitem>
                     <listitem><para><emphasis>Cooked Mode:</emphasis>
                         The current
-                        <ulink url='&YOCTO_DOCS_REF_URL;var-MACHINE'><filename>MACHINE</filename></ulink>
+                        <ulink url='&YOCTO_DOCS_REF_URL;#var-MACHINE'><filename>MACHINE</filename></ulink>
                         setting and image name are used to automatically locate
                         and provide the build artifacts.</para></listitem>
                 </itemizedlist>
             </para>
 
+            <para>
+                Regardless of the mode you use, you need to have the build
+                artifacts ready and available.
+                Additionally, the environment must be set up using the
+                <ulink url='&YOCTO_DOCS_REF_URL;#structure-core-script'><filename>&OE_INIT_FILE;</filename></ulink>
+                or
+                <ulink url='&YOCTO_DOCS_REF_URL;#structure-memres-core-script'><filename>oe-init-build-env-memres</filename></ulink>
+                script found in the
+                <link linkend='build-directory'>Build Directory</link>.
+            </para>
+
             <section id='raw-mode'>
                 <title>Raw Mode</title>
 
                 <para>
                     The general form of the 'wic' command in raw mode is:
                     <literallayout class='monospaced'>
-     $ wic create &lt;image_name&gt;.wks -r &lt;rootfs_dir&gt; -b &lt;bootimg_dir&gt; /
-           -k &lt;kernel_dir&gt; -n &lt;native_sysroot&gt;
+     $ wic create <replaceable>image_name</replaceable>.wks [<replaceable>options</replaceable>] [...]
+
+         Where:
+
+             <replaceable>image_name</replaceable>.wks
+                               An an OpenEmbedded kickstart file.  You can provide
+                               your own custom file or use a file from a set of
+                               provided files as described by further options.
+
+             -o <replaceable>OUTDIR</replaceable>, --outdir=<replaceable>OUTDIR</replaceable>
+                               The name of a directory in which to create image.
+
+             -i <replaceable>PROPERTIES_FILE</replaceable>, --infile=<replaceable>PROPERTIES_FILE</replaceable>
+                               The name of a file containing the values for image
+                               properties as a JSON file.
+
+             -e <replaceable>IMAGE_NAME</replaceable>, --image-name=<replaceable>IMAGE_NAME</replaceable>
+                               The name of the image from which to use the artifacts
+                               (e.g. <filename>core-image-sato</filename>).
+
+             -r <replaceable>ROOTFS_DIR</replaceable>, --rootfs-dir=<replaceable>ROOTFS_DIR</replaceable>
+                               The path to the <filename>/rootfs</filename> directory to use as the
+                               <filename>.wks</filename> rootfs source.
+
+             -b <replaceable>BOOTIMG_DIR</replaceable>, --bootimg-dir=<replaceable>BOOTIMG_DIR</replaceable>
+                               The path to the directory containing the boot artifacts
+                               (e.g. <filename>/EFI</filename> or <filename>/syslinux</filename>) to use as the <filename>.wks</filename> bootimg
+                               source.
+
+             -k <replaceable>KERNEL_DIR</replaceable>, --kernel-dir=<replaceable>KERNEL_DIR</replaceable>
+                               The path to the directory containing the kernel to use
+                               in the <filename>.wks</filename> boot image.
+
+             -n <replaceable>NATIVE_SYSROOT</replaceable>, --native-sysroot=<replaceable>NATIVE_SYSROOT</replaceable>
+                               The path to the native sysroot containing the tools to use
+                               to build the image.
+
+             -p, --skip-build-check
+                               Skips the build check.
+
+             -D, --debug
+                               Output debug information.
                     </literallayout>
                     <note>
                         You do not need root privileges to run
@@ -2147,37 +2172,6 @@ the details.
                         utility.
                     </note>
                 </para>
-
-                <para>
-                    Following is a description of the <filename>wic</filename>
-                    parameters and options:
-                    <itemizedlist>
-                        <listitem><para><emphasis><filename>&lt;image_name&gt;.wks</filename>:</emphasis>
-                            An OpenEmbedded kickstart file.
-                            You can provide your own custom file or use a
-                            file from a set of provided files as described
-                            following this list.</para></listitem>
-                        <listitem><para><emphasis><filename>-r &lt;rootfs_dir&gt;</filename>:</emphasis>
-                            Specifies the path to the root filesystem directory
-                            to be used and the <filename>.wks</filename>
-                            root filesystem source.</para></listitem>
-                        <listitem><para><emphasis><filename>-b &lt;bootimg_dir&gt;</filename>:</emphasis>
-                            Specifies the path to the directory that contains
-                            the boot artifacts (e.g. the
-                            <filename>EFI</filename> or
-                            <filename>syslinux</filename> directories) to use
-                            as the <filename>.wks</filename> boot image source.
-                            </para></listitem>
-                        <listitem><para><emphasis><filename>-k &lt;kernel_dir&gt;</filename>:</emphasis>
-                            Specifies the path to the dir containing the kernel
-                            to use in the <filename>.wks</filename> boot
-                            image.</para></listitem>
-                        <listitem><para><emphasis><filename>-n &lt;native_sysroot&gt;</filename>:</emphasis>
-                             Specifies the path to the native sysroot
-                             that contains the tools used to build the image.
-                             </para></listitem>
-                    </itemizedlist>
-                </para>
             </section>
 
             <section id='cooked-mode'>
@@ -2187,7 +2181,17 @@ the details.
                     The general form of the <filename>wic</filename> command
                     using Cooked Mode is:
                     <literallayout class='monospaced'>
-     $ wic create &lt;kickstart_file&gt; -e &lt;image_name&gt;
+     $ wic create <replaceable>kickstart_file</replaceable> -e <replaceable>image_name</replaceable>
+
+         Where:
+
+             <replaceable>kickstart_file</replaceable>
+                               An OpenEmbedded kickstart file. You can provide your own
+                               custom file or supplied file.
+
+             <replaceable>image_name</replaceable>
+                               Specifies the image built using the OpenEmbedded build
+                               system.
                     </literallayout>
                     This form is the simplest and most user-friendly, as it
                     does not require specifying all individual parameters.
@@ -2195,20 +2199,6 @@ the details.
                     <filename>.wks</filename> file or one provided with the
                     release.
                 </para>
-
-                <para>
-                    Following is a description of the <filename>wic</filename>
-                    parameters and options:
-                    <itemizedlist>
-                        <listitem><para><emphasis><filename>&lt;kickstart&gt;</filename>:</emphasis>
-                            An OpenEmbedded kickstart file.
-                            You can provide your own custom file or supplied
-                            file.</para></listitem>
-                        <listitem><para><emphasis><filename>-e &lt;image_name&gt;</filename>:</emphasis>
-                            Specifies the image built using the OpenEmbedded
-                            build system.</para></listitem>
-                    </itemizedlist>
-                </para>
             </section>
         </section>
 
@@ -2222,16 +2212,16 @@ the details.
                 Use the following command to list the available files:
                 <literallayout class='monospaced'>
      $ wic list images
-     mkefidisk Create an EFI disk image
      directdisk Create a 'pcbios' direct disk image
+     mkefidisk Create an EFI disk image
                  </literallayout>
                  When you use a provided file, you do not have to use the
                  <filename>.wks</filename> extension.
                  Here is an example in Raw Mode that uses the
                  <filename>directdisk</filename> file:
                  <literallayout class='monospaced'>
-     $ wic create directdisk -r &lt;rootfs_dir&gt; -b &lt;bootimg_dir&gt; \
-           -k &lt;kernel_dir&gt; -n &lt;native_sysroot&gt;
+     $ wic create directdisk -r <replaceable>rootfs_dir</replaceable> -b <replaceable>bootimg_dir</replaceable> \
+           -k <replaceable>kernel_dir</replaceable> -n <replaceable>native_sysroot</replaceable>
                 </literallayout>
             </para>
 
@@ -2244,13 +2234,13 @@ the details.
      # long-description: Creates a partitioned EFI disk image that the user
      # can directly dd to boot media.
 
-     part /boot --source bootimg --ondisk sda --fstype=efi --label msdos --active --align 1024
+     part /boot &dash;&dash;source bootimg-efi &dash;&dash;ondisk sda &dash;&dash;fstype=efi &dash;&dash;active
 
-     part / --source rootfs --ondisk sda --fstype=ext3 --label platform --align 1024
+     part / &dash;&dash;source rootfs &dash;&dash;ondisk sda &dash;&dash;fstype=ext3 &dash;&dash;label platform
 
-     part swap --ondisk sda --size 44 --label swap1 --fstype=swap
+     part swap &dash;&dash;ondisk sda &dash;&dash;size 44 &dash;&dash;label swap1 &dash;&dash;fstype=swap
 
-     bootloader --timeout=10 --append="rootwait rootfstype=ext3 console=ttyPCH0,115200 console=tty0 vmalloc=256MB snd-hda-     intel.enable_msi=0"
+     bootloader  &dash;&dash;timeout=10  &dash;&dash;append="rootwait console=ttyPCH0,115200"
                 </literallayout>
             </para>
         </section>
@@ -2377,7 +2367,8 @@ the details.
                     directory and then changing the lines that specify the
                     target disk from which to boot.
                     <literallayout class='monospaced'>
-     $ cp /home/trz/yocto/yocto-image/scripts/lib/image/canned-wks/directdisk.wks /home/trz/yocto/yocto-image/scripts/lib/image/canned-wks/directdisksdb.wks
+     $ cp /home/trz/yocto/yocto-image/scripts/lib/image/canned-wks/directdisk.wks \
+          /home/trz/yocto/yocto-image/scripts/lib/image/canned-wks/directdisksdb.wks
                     </literallayout>
                     Next, the example modifies the
                     <filename>directdisksdb.wks</filename> file and changes all
@@ -2474,7 +2465,11 @@ the details.
                     somewhere other than the default
                     <filename>/var/tmp/wic</filename> directory:
                     <literallayout class='monospaced'>
-     $ wic create ~/test.wks -o /home/trz/testwic --rootfs-dir /home/trz/yocto/yocto-image/build/tmp/work/crownbay_noemgd-poky-linux/core-image-minimal/1.0-r0/rootfs --bootimg-dir /home/trz/yocto/yocto-image/build/tmp/sysroots/crownbay-noemgd/usr/share  --kernel-dir /home/trz/yocto/yocto-image/build/tmp/sysroots/crownbay-noemgd/usr/src/kernel --native-sysroot /home/trz/yocto/yocto-image/build/tmp/sysroots/x86_64-linux
+     $ wic create ~/test.wks -o /home/trz/testwic --rootfs-dir \
+          /home/trz/yocto/yocto-image/build/tmp/work/crownbay_noemgd-poky-linux/core-image-minimal/1.0-r0/rootfs \
+          --bootimg-dir /home/trz/yocto/yocto-image/build/tmp/sysroots/crownbay-noemgd/usr/share \
+          --kernel-dir /home/trz/yocto/yocto-image/build/tmp/sysroots/crownbay-noemgd/usr/src/kernel \
+          --native-sysroot /home/trz/yocto/yocto-image/build/tmp/sysroots/x86_64-linux
 
      Creating image(s)...
 
@@ -6544,8 +6539,7 @@ the details.
                 <link linkend='build-directory'>Build Directory</link>:
                 <literallayout class='monospaced'>
      ARCHIVER_MODE ?= "original"
-     ARCHIVER_CLASS = "${@'archive-${ARCHIVER_MODE}-source' if
-     ARCHIVER_MODE != 'none' else ''}"
+     ARCHIVER_CLASS = "${@'archive-${ARCHIVER_MODE}-source' if ARCHIVER_MODE != 'none' else ''}"
      INHERIT += "${ARCHIVER_CLASS}"
      SOURCE_ARCHIVE_PACKAGE_TYPE = "tar"
                 </literallayout>

documentation/dev-manual/dev-manual-model.xml

@@ -18,8 +18,7 @@
              "<ulink url='&YOCTO_DOCS_BSP_URL;#creating-a-new-bsp-layer-using-the-yocto-bsp-script'>Creating a New BSP Layer Using the yocto-bsp Script</ulink>"
              section in the Yocto Project Board Support Package (BSP) Developer's Guide.
              For more complete information on how to work with the kernel, see the
-             <ulink url='&YOCTO_DOCS_KERNEL_DEV_URL;'>Yocto Project Linux Kernel
-             Development Manual</ulink>.
+             <ulink url='&YOCTO_DOCS_KERNEL_DEV_URL;'>Yocto Project Linux Kernel Development Manual</ulink>.
              </para></listitem>
          <listitem><para><emphasis>User Application Development:</emphasis>
              User Application Development covers development of applications that you intend

documentation/dev-manual/dev-manual.xml

@@ -58,9 +58,24 @@
             </revision>
             <revision>
                 <revnumber>1.5.1</revnumber>
-                <date>Sometime in 2013</date>
+                <date>January 2014</date>
                 <revremark>Released with the Yocto Project 1.5.1 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>1.5.2</revnumber>
+                <date>May 2014</date>
+                <revremark>Released with the Yocto Project 1.5.2 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>1.5.3</revnumber>
+                <date>July 2014</date>
+                <revremark>Released with the Yocto Project 1.5.3 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>1.5.4</revnumber>
+                <date>December 2014</date>
+                <revremark>Released with the Yocto Project 1.5.4 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/kernel-dev/kernel-dev.xml

@@ -43,9 +43,24 @@
             </revision>
             <revision>
                 <revnumber>1.5.1</revnumber>
-                <date>Sometime in 2013</date>
+                <date>January 2014</date>
                 <revremark>Released with the Yocto Project 1.5.1 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>1.5.2</revnumber>
+                <date>May 2014</date>
+                <revremark>Released with the Yocto Project 1.5.2 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>1.5.3</revnumber>
+                <date>July 2014</date>
+                <revremark>Released with the Yocto Project 1.5.3 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>1.5.4</revnumber>
+                <date>December 2014</date>
+                <revremark>Released with the Yocto Project 1.5.4 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/poky.ent

@@ -1,11 +1,11 @@
-<!ENTITY DISTRO "1.5.1">
-<!ENTITY DISTRO_COMPRESSED "151">
+<!ENTITY DISTRO "1.5.4">
+<!ENTITY DISTRO_COMPRESSED "154">
 <!ENTITY DISTRO_NAME "dora">
-<!ENTITY YOCTO_DOC_VERSION "1.5.1">
-<!ENTITY POKYVERSION "10.0.1">
-<!ENTITY POKYVERSION_COMPRESSED "1001">
+<!ENTITY YOCTO_DOC_VERSION "1.5.4">
+<!ENTITY POKYVERSION "10.0.4">
+<!ENTITY POKYVERSION_COMPRESSED "1004">
 <!ENTITY YOCTO_POKY "poky-&DISTRO_NAME;-&POKYVERSION;">
-<!ENTITY COPYRIGHT_YEAR "2010-2013">
+<!ENTITY COPYRIGHT_YEAR "2010-2014">
 <!ENTITY YOCTO_DL_URL "http://downloads.yoctoproject.org">
 <!ENTITY YOCTO_HOME_URL "http://www.yoctoproject.org">
 <!ENTITY YOCTO_LISTS_URL "http://lists.yoctoproject.org">
@@ -14,9 +14,9 @@
 <!ENTITY YOCTO_AB_URL "http://autobuilder.yoctoproject.org">
 <!ENTITY YOCTO_GIT_URL "http://git.yoctoproject.org">
 <!ENTITY YOCTO_ADTREPO_URL "http://adtrepo.yoctoproject.org">
-<!ENTITY YOCTO_RELEASE_NOTES "&YOCTO_HOME_URL;/download/yocto-project-&DISTRO_COMPRESSED;-poky-&POKYVERSION_COMPRESSED;">
+<!ENTITY YOCTO_RELEASE_NOTES "&YOCTO_HOME_URL;/downloads/core/&DISTRO_NAME;&DISTRO_COMPRESSED;">
 <!ENTITY OE_HOME_URL "http://www.openembedded.org">
-<!ENTITY OE_LISTS_URL "http://lists.linuxtogo.org/cgi-bin/mailman">
+<!ENTITY OE_LISTS_URL "http://lists.openembedded.org/mailman">
 <!ENTITY OE_DOCS_URL "http://docs.openembedded.org">
 <!ENTITY OH_HOME_URL "http://o-hand.com">
 <!ENTITY BITBAKE_HOME_URL "http://developer.berlios.de/projects/bitbake/">

documentation/profile-manual/profile-manual-intro.xml

@@ -4,7 +4,7 @@
 
 <chapter id='profile-manual-intro'>
 
-<title>Yocto Project Tracing and Profiling Manual</title>
+<title>Yocto Project Profiling and Tracing Manual</title>
     <section id='intro'>
         <title>Introduction</title>
 

documentation/profile-manual/profile-manual-usage.xml

@@ -842,7 +842,7 @@
                 idea.  One of the first projects to do this was IBM's DProbes
                 dpcc compiler, an ANSI C compiler which targeted a low-level
                 assembly language running on an in-kernel interpreter on the
-                target system.  This is exactly analagous to what Sun's DTrace
+                target system.  This is exactly analogous to what Sun's DTrace
                 did, except that DTrace invented its own language for the purpose.
                 Systemtap, heavily inspired by DTrace, also created its own
                 one-off language, but rather than running the product on an
@@ -1275,7 +1275,7 @@
             </para>
 
             <informalexample>
-                <emphasis>Tying it Together:</emphasis> The trace events subsystem accomodate static
+                <emphasis>Tying it Together:</emphasis> The trace events subsystem accommodate static
                 and dynamic tracepoints in exactly the same way - there's no
                 difference as far as the infrastructure is concerned.  See the
                 ftrace section for more details on the trace event subsystem.
@@ -3258,15 +3258,25 @@
         <title>Documentation</title>
 
         <para>
-            There doesn't seem to be any current documentation covering
-            LTTng 2.0, but maybe that's because the project is in transition.
-            The LTTng 2.0 website, however, is here:
-            <ulink url='http://lttng.org/lttng2.0'>LTTng Project</ulink>
+            You can find the primary LTTng Documentation on the
+            <ulink url='https://lttng.org/docs/'>LTTng Documentation</ulink>
+            site.
+            The documentation on this site is appropriate for intermediate to
+            advanced software developers who are working in a Linux environment
+            and are interested in efficient software tracing.
         </para>
 
         <para>
-            You can access extensive help information on how to use the
-            LTTng plug-in to search and analyze captured traces via the
+            For information on LTTng in general, visit the
+            <ulink url='http://lttng.org/lttng2.0'>LTTng Project</ulink>
+            site.
+            You can find a "Getting Started" link on this site that takes
+            you to an LTTng Quick Start.
+        </para>
+
+        <para>
+            Finally, you can access extensive help information on how to use
+            the LTTng plug-in to search and analyze captured traces via the
             Eclipse help system:
             <literallayout class='monospaced'>
      Help | Help Contents | LTTng Plug-in User Guide

documentation/profile-manual/profile-manual.xml

@@ -43,9 +43,24 @@
             </revision>
             <revision>
                 <revnumber>1.5.1</revnumber>
-                <date>Sometime in 2013</date>
+                <date>January 2014</date>
                 <revremark>Released with the Yocto Project 1.5.1 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>1.5.2</revnumber>
+                <date>May 2014</date>
+                <revremark>Released with the Yocto Project 1.5.2 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>1.5.3</revnumber>
+                <date>July 2014</date>
+                <revremark>Released with the Yocto Project 1.5.3 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>1.5.4</revnumber>
+                <date>December 2014</date>
+                <revremark>Released with the Yocto Project 1.5.4 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/ref-manual/introduction.xml

@@ -285,11 +285,17 @@
             <para>
                 The following list shows the required packages by function
                 given a supported CentOS Linux distribution:
-                <note>Depending on the CentOS version you are using, other requirements
-                    and dependencies might exist.
-                    For details, you should look at the CentOS sections on the
-                    <ulink url='https://wiki.yoctoproject.org/wiki/Poky/GettingStarted/Dependencies'>Poky/GettingStarted/Dependencies</ulink>
-                    wiki page.
+                <note>
+                    For CentOS 6.x, some of the versions of the components
+                    provided by the distribution are too old (e.g. Git, Python,
+                    and tar).
+                    It is recommended that you install the buildtools in order
+                    to provide versions that will work with the OpenEmbedded
+                    build system.
+                    For information on how to install the buildtools tarball,
+                    see the
+                    "<link linkend='required-git-tar-and-python-versions'>Required Git, Tar, and Python Versions</link>"
+                    section.
                 </note>
                 <itemizedlist>
                     <listitem><para><emphasis>Essentials:</emphasis>

documentation/ref-manual/ref-features.xml

@@ -78,6 +78,9 @@
                     bluetooth support (integrated BT only).</para></listitem>
                 <listitem><para><emphasis>cramfs:</emphasis> Include CramFS
                     support.</para></listitem>
+                <listitem><para><emphasis>directfb:</emphasis>
+                    Include DirectFB support.
+                    </para></listitem>
                 <listitem><para><emphasis>ext2:</emphasis> Include tools for
                     supporting for devices with internal HDD/Microdrive for
                     storing files (instead of Flash only devices).

documentation/ref-manual/ref-manual.xml

@@ -74,9 +74,24 @@
             </revision>
             <revision>
                 <revnumber>1.5.1</revnumber>
-                <date>Sometime in 2013</date>
+                <date>January 2014</date>
                 <revremark>Released with the Yocto Project 1.5.1 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>1.5.2</revnumber>
+                <date>May 2014</date>
+                <revremark>Released with the Yocto Project 1.5.2 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>1.5.3</revnumber>
+                <date>July 2014</date>
+                <revremark>Released with the Yocto Project 1.5.3 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>1.5.4</revnumber>
+                <date>December 2014</date>
+                <revremark>Released with the Yocto Project 1.5.4 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/ref-manual/technical-details.xml

@@ -1005,7 +1005,7 @@
                     <literallayout class='monospaced'>
      mkdir -p /tmp/$USER-weston
      chmod 0700 /tmp/$USER-weston
-     export XDG_RUNTIME_DIR=/tmp/$USER=weston
+     export XDG_RUNTIME_DIR=/tmp/$USER-weston
                     </literallayout></para></listitem>
                 <listitem><para>Launch Weston in the shell:
                     <literallayout class='monospaced'>

documentation/tools/mega-manual.sed

@@ -1,13 +1,14 @@
 # Processes ref-manual and yocto-project-qs manual (<word>-<word>-<word> style)
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.5.1\/[a-z]*-[a-z]*-[a-z]*\/[a-z]*-[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.5.4\/[a-z]*-[a-z]*-[a-z]*\/[a-z]*-[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
 
 # Processes all other manuals (<word>-<word> style)
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.5.1\/[a-z]*-[a-z]*\/[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.5.4\/[a-z]*-[a-z]*\/[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
 
 # Process cases where just an external manual is referenced without an id anchor
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.5.1\/yocto-project-qs\/yocto-project-qs.html\" target=\"_top\">Yocto Project Quick Start<\/a>/Yocto Project Quick Start/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.5.1\/dev-manual\/dev-manual.html\" target=\"_top\">Yocto Project Development Manual<\/a>/Yocto Project Development Manual/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.5.1\/adt-manual\/adt-manual.html\" target=\"_top\">Yocto Project Application Developer's Guide<\/a>/Yocto Project Application Developer's Guide/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.5.1\/bsp-guide\/bsp-guide.html\" target=\"_top\">Yocto Project Board Support Package (BSP) Developer's Guide<\/a>/Yocto Project Board Support Package (BSP) Developer's Guide/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.5.1\/kernel-dev\/kernel-dev.html\" target=\"_top\">Yocto Project Linux Kernel Development Manual<\/a>/Yocto Project Linux Kernel Development Manual/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.5.1\/ref-manual\/ref-manual.html\" target=\"_top\">Yocto Project Reference Manual<\/a>/Yocto Project Reference Manual/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.5.4\/yocto-project-qs\/yocto-project-qs.html\" target=\"_top\">Yocto Project Quick Start<\/a>/Yocto Project Quick Start/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.5.4\/dev-manual\/dev-manual.html\" target=\"_top\">Yocto Project Development Manual<\/a>/Yocto Project Development Manual/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.5.4\/adt-manual\/adt-manual.html\" target=\"_top\">Yocto Project Application Developer's Guide<\/a>/Yocto Project Application Developer's Guide/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.5.4\/bsp-guide\/bsp-guide.html\" target=\"_top\">Yocto Project Board Support Package (BSP) Developer's Guide<\/a>/Yocto Project Board Support Package (BSP) Developer's Guide/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.5.4\/profile-manual\/profile-manual.html\" target=\"_top\">Yocto Project Profiling and Tracing Manual<\/a>/Yocto Project Profiling and Tracing Manual/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.5.4\/kernel-dev\/kernel-dev.html\" target=\"_top\">Yocto Project Linux Kernel Development Manual<\/a>/Yocto Project Linux Kernel Development Manual/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.5.4\/ref-manual\/ref-manual.html\" target=\"_top\">Yocto Project Reference Manual<\/a>/Yocto Project Reference Manual/g

meta-yocto/conf/distro/poky.conf

@@ -1,7 +1,7 @@
 DISTRO = "poky"
 DISTRO_NAME = "Poky (Yocto Project Reference Distro)"
-DISTRO_VERSION = "1.5.1"
-DISTRO_CODENAME = "next"
+DISTRO_VERSION = "1.5.4"
+DISTRO_CODENAME = "dora"
 SDK_VENDOR = "-pokysdk"
 SDK_VERSION := "${@'${DISTRO_VERSION}'.replace('snapshot-${DATE}','snapshot')}"
 
@@ -77,12 +77,16 @@ SANITY_TESTED_DISTROS ?= " \
             Ubuntu-12.04 \n \
             Ubuntu-12.10 \n \
             Ubuntu-13.04 \n \
+            Ubuntu-13.10 \n \
             Fedora-18 \n \
             Fedora-19 \n \
+            Fedora-20 \n \
             CentOS-6.4 \n \
             Debian-6.0.7 \n \
             Debian-7.0 \n \
             Debian-7.1 \n \
+            Debian-7.2 \n \
+            Debian-7.3 \n \
             SUSE-LINUX-12.2 \n \
             openSUSE-project-12.3 \n \
             "

meta-yocto/recipes-core/busybox/busybox_1.21.1.bbappend

@@ -1,2 +1,2 @@
-FILESEXTRAPATHS_prepend_poky := "${THISDIR}/${P}:"
+FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:"
 

meta/classes/base.bbclass

@@ -485,14 +485,15 @@ python () {
     # If we're building a target package we need to use fakeroot (pseudo)
     # in order to capture permissions, owners, groups and special files
     if not bb.data.inherits_class('native', d) and not bb.data.inherits_class('cross', d):
-        d.setVarFlag('do_configure', 'umask', 022)
-        d.setVarFlag('do_compile', 'umask', 022)
+        d.setVarFlag('do_unpack', 'umask', '022')
+        d.setVarFlag('do_configure', 'umask', '022')
+        d.setVarFlag('do_compile', 'umask', '022')
         d.appendVarFlag('do_install', 'depends', ' virtual/fakeroot-native:do_populate_sysroot')
         d.setVarFlag('do_install', 'fakeroot', 1)
-        d.setVarFlag('do_install', 'umask', 022)
+        d.setVarFlag('do_install', 'umask', '022')
         d.appendVarFlag('do_package', 'depends', ' virtual/fakeroot-native:do_populate_sysroot')
         d.setVarFlag('do_package', 'fakeroot', 1)
-        d.setVarFlag('do_package', 'umask', 022)
+        d.setVarFlag('do_package', 'umask', '022')
         d.setVarFlag('do_package_setscene', 'fakeroot', 1)
         d.appendVarFlag('do_package_setscene', 'depends', ' virtual/fakeroot-native:do_populate_sysroot')
         d.setVarFlag('do_devshell', 'fakeroot', 1)
@@ -581,6 +582,10 @@ python () {
     if ".zip" in srcuri:
         d.appendVarFlag('do_unpack', 'depends', ' unzip-native:do_populate_sysroot')
 
+    # file is needed by rpm2cpio.sh
+    if ".src.rpm" in srcuri:
+        d.appendVarFlag('do_unpack', 'depends', ' file-native:do_populate_sysroot')
+
     set_packagetriplet(d)
 
     # 'multimachine' handling

meta/classes/binconfig.bbclass

@@ -5,6 +5,7 @@ def get_binconfig_mangle(d):
 	s = "-e ''"
 	if not bb.data.inherits_class('native', d):
 		optional_quote = r"\(\"\?\)"
+		s += " -e 's:=%s${base_libdir}:=\\1OEBASELIBDIR:;'" % optional_quote
 		s += " -e 's:=%s${libdir}:=\\1OELIBDIR:;'" % optional_quote
 		s += " -e 's:=%s${includedir}:=\\1OEINCDIR:;'" % optional_quote
 		s += " -e 's:=%s${datadir}:=\\1OEDATADIR:'" % optional_quote
@@ -12,6 +13,7 @@ def get_binconfig_mangle(d):
 		s += " -e 's:=%s${exec_prefix}/:=\\1OEEXECPREFIX/:'" % optional_quote
 		s += " -e 's:-L${libdir}:-LOELIBDIR:;'"
 		s += " -e 's:-I${includedir}:-IOEINCDIR:;'"
+		s += " -e 's:OEBASELIBDIR:${STAGING_BASELIBDIR}:;'"
 		s += " -e 's:OELIBDIR:${STAGING_LIBDIR}:;'"
 		s += " -e 's:OEINCDIR:${STAGING_INCDIR}:;'"
 		s += " -e 's:OEDATADIR:${STAGING_DATADIR}:'"
@@ -31,7 +33,8 @@ PACKAGE_PREPROCESS_FUNCS += "binconfig_package_preprocess"
 binconfig_package_preprocess () {
 	for config in `find ${PKGD} -name '${BINCONFIG_GLOB}'`; do
 		sed -i \
-		    -e 's:${STAGING_LIBDIR}:${libdir}:g;' \ 
+		    -e 's:${STAGING_BASELIBDIR}:${base_libdir}:g;' \
+		    -e 's:${STAGING_LIBDIR}:${libdir}:g;' \
 		    -e 's:${STAGING_INCDIR}:${includedir}:g;' \
 		    -e 's:${STAGING_DATADIR}:${datadir}:' \
 		    -e 's:${STAGING_DIR_HOST}${prefix}:${prefix}:' \
@@ -39,6 +42,7 @@ binconfig_package_preprocess () {
 	done
 	for lafile in `find ${PKGD} -name "*.la"` ; do
 		sed -i \
+		    -e 's:${STAGING_BASELIBDIR}:${base_libdir}:g;' \
 		    -e 's:${STAGING_LIBDIR}:${libdir}:g;' \
 		    -e 's:${STAGING_INCDIR}:${includedir}:g;' \
 		    -e 's:${STAGING_DATADIR}:${datadir}:' \

meta/classes/cpan-base.bbclass

@@ -10,6 +10,9 @@ RDEPENDS_${PN} += "${@["perl", ""][(bb.data.inherits_class('native', d))]}"
 PERL_OWN_DIR = "${@["", "/perl-native"][(bb.data.inherits_class('native', d))]}"
 
 # Determine the staged version of perl from the perl configuration file
+# Assign vardepvalue, because otherwise signature is changed before and after
+# perl is built (from None to real version in config.sh).
+get_perl_version[vardepvalue] = "${PERL_OWN_DIR}"
 def get_perl_version(d):
     import re
     cfg = d.expand('${STAGING_LIBDIR}${PERL_OWN_DIR}/perl/config.sh')

meta/classes/image.bbclass

@@ -95,6 +95,8 @@ inherit image-${IMAGE_TYPE_live}
 IMAGE_TYPE_vmdk = '${@base_contains("IMAGE_FSTYPES", "vmdk", "vmdk", "empty", d)}'
 inherit image-${IMAGE_TYPE_vmdk}
 
+do_build[depends] += "virtual/kernel:do_deploy"
+
 python () {
     deps = " " + imagetypes_getdepends(d)
     d.appendVarFlag('do_rootfs', 'depends', deps)
@@ -408,7 +410,7 @@ log_check() {
 	done
 }
 
-MULTILIBRE_ALLOW_REP =. "${base_bindir}|${base_sbindir}|${bindir}|${sbindir}|${libexecdir}|"
+MULTILIBRE_ALLOW_REP =. "${base_bindir}|${base_sbindir}|${bindir}|${sbindir}|${libexecdir}|/lib/modules/[^/]*/modules.*|"
 MULTILIB_CHECK_FILE = "${WORKDIR}/multilib_check.py"
 MULTILIB_TEMP_ROOTFS = "${WORKDIR}/multilib"
 

meta/classes/image_types.bbclass

@@ -210,9 +210,9 @@ JFFS2_ERASEBLOCK ?= "0x40000"
 EXTRA_IMAGECMD_jffs2 ?= "--pad ${JFFS2_ENDIANNESS} --eraseblock=${JFFS2_ERASEBLOCK} --no-cleanmarkers"
 
 # Change these if you want default mkfs behavior (i.e. create minimal inode number)
-EXTRA_IMAGECMD_ext2 ?= "-i 8192"
-EXTRA_IMAGECMD_ext3 ?= "-i 8192"
-EXTRA_IMAGECMD_ext4 ?= "-i 8192"
+EXTRA_IMAGECMD_ext2 ?= "-i 4096"
+EXTRA_IMAGECMD_ext3 ?= "-i 4096"
+EXTRA_IMAGECMD_ext4 ?= "-i 4096"
 EXTRA_IMAGECMD_btrfs ?= ""
 EXTRA_IMAGECMD_elf ?= ""
 

meta/classes/kernel.bbclass

@@ -134,25 +134,14 @@ do_bundle_initramfs () {
 		echo "There is kernel image bundled with initramfs: ${B}/${KERNEL_OUTPUT}.initramfs"
 		install -m 0644 ${B}/${KERNEL_OUTPUT}.initramfs ${D}/boot/${KERNEL_IMAGETYPE}-initramfs-${MACHINE}.bin
 		echo "${B}/${KERNEL_OUTPUT}.initramfs"
-		cd ${B}
-		# Update deploy directory
-		if [ -e "${KERNEL_OUTPUT}.initramfs" ]; then
-			echo "Copying deploy kernel-initramfs image and setting up links..."
-			initramfs_base_name=${INITRAMFS_BASE_NAME}
-			initramfs_symlink_name=${KERNEL_IMAGETYPE}-initramfs-${MACHINE}
-			install -m 0644 ${KERNEL_OUTPUT}.initramfs ${DEPLOY_DIR_IMAGE}/${initramfs_base_name}.bin
-			cd ${DEPLOY_DIR_IMAGE}
-			ln -sf ${initramfs_base_name}.bin ${initramfs_symlink_name}.bin
-		fi
 	fi
 }
-do_bundle_initramfs[nostamp] = "1"
 
 python do_devshell_prepend () {
     os.environ["LDFLAGS"] = ''
 }
 
-addtask bundle_initramfs after do_kernel_link_vmlinux before do_build
+addtask bundle_initramfs after do_install before do_deploy
 
 kernel_do_compile() {
 	unset CFLAGS CPPFLAGS CXXFLAGS LDFLAGS MACHINE
@@ -348,8 +337,7 @@ ALLOW_EMPTY_kernel-image = "1"
 ALLOW_EMPTY_kernel-modules = "1"
 DESCRIPTION_kernel-modules = "Kernel modules meta package"
 
-pkg_postinst_kernel-image () {
-	update-alternatives --install /${KERNEL_IMAGEDEST}/${KERNEL_IMAGETYPE} ${KERNEL_IMAGETYPE} ${KERNEL_IMAGETYPE}-${KERNEL_VERSION} ${KERNEL_PRIORITY} || true
+pkg_postinst_kernel-base () {
 	if [ ! -e "$D/lib/modules/${KERNEL_VERSION}" ]; then
 		mkdir -p $D/lib/modules/${KERNEL_VERSION}
 	fi
@@ -360,6 +348,10 @@ pkg_postinst_kernel-image () {
 	fi
 }
 
+pkg_postinst_kernel-image () {
+	update-alternatives --install /${KERNEL_IMAGEDEST}/${KERNEL_IMAGETYPE} ${KERNEL_IMAGETYPE} ${KERNEL_IMAGETYPE}-${KERNEL_VERSION} ${KERNEL_PRIORITY} || true
+}
+
 pkg_postrm_kernel-image () {
 	update-alternatives --remove ${KERNEL_IMAGETYPE} ${KERNEL_IMAGETYPE}-${KERNEL_VERSION} || true
 }
@@ -464,6 +456,17 @@ kernel_do_deploy() {
 	ln -sf ${KERNEL_IMAGE_BASE_NAME}.bin ${DEPLOYDIR}/${KERNEL_IMAGETYPE}
 
 	cp ${COREBASE}/meta/files/deploydir_readme.txt ${DEPLOYDIR}/README_-_DO_NOT_DELETE_FILES_IN_THIS_DIRECTORY.txt
+
+	cd ${B}
+	# Update deploy directory
+	if [ -e "${KERNEL_OUTPUT}.initramfs" ]; then
+		echo "Copying deploy kernel-initramfs image and setting up links..."
+		initramfs_base_name=${INITRAMFS_BASE_NAME}
+		initramfs_symlink_name=${KERNEL_IMAGETYPE}-initramfs-${MACHINE}
+		install -m 0644 ${KERNEL_OUTPUT}.initramfs ${DEPLOYDIR}/${initramfs_base_name}.bin
+		cd ${DEPLOYDIR}
+		ln -sf ${initramfs_base_name}.bin ${initramfs_symlink_name}.bin
+	fi
 }
 do_deploy[dirs] = "${DEPLOYDIR} ${B}"
 do_deploy[prefuncs] += "package_get_auto_pr"

meta/classes/license.bbclass

@@ -68,15 +68,18 @@ license_create_manifest() {
 		if [ -n "${COPY_LIC_DIRS}" ]; then
 			for pkg in ${INSTALLED_PKGS}; do
 				mkdir -p ${IMAGE_ROOTFS}/usr/share/common-licenses/${pkg}
-				for lic in `ls ${LICENSE_DIRECTORY}/${pkg}`; do
+				pkged_pn="$(sed -n "/^PACKAGE NAME: ${pkg}$/,/^$/ \
+                                           {s/^RECIPE NAME: //; /^PACKAGE NAME:/d; /^PACKAGE VERSION:/d; /^LICENSE:/d; p}" \
+                                           ${LICENSE_MANIFEST})"
+				for lic in `ls ${LICENSE_DIRECTORY}/${pkged_pn}`; do
 					# Really don't need to copy the generics as they're 
 					# represented in the manifest and in the actual pkg licenses
 					# Doing so would make your image quite a bit larger
 					if [ "${lic#generic_}" = "${lic}" ]; then
-						cp ${LICENSE_DIRECTORY}/${pkg}/${lic} ${IMAGE_ROOTFS}/usr/share/common-licenses/${pkg}/${lic}
+						cp ${LICENSE_DIRECTORY}/${pkged_pn}/${lic} ${IMAGE_ROOTFS}/usr/share/common-licenses/${pkg}/${lic}
 					else
 						if [ ! -f ${IMAGE_ROOTFS}/usr/share/common-licenses/${lic} ]; then
-							cp ${LICENSE_DIRECTORY}/${pkg}/${lic} ${IMAGE_ROOTFS}/usr/share/common-licenses/
+							cp ${LICENSE_DIRECTORY}/${pkged_pn}/${lic} ${IMAGE_ROOTFS}/usr/share/common-licenses/
 						fi
 						ln -s ../${lic} ${IMAGE_ROOTFS}/usr/share/common-licenses/${pkg}/${lic}
 					fi

meta/classes/multilib.bbclass

@@ -105,6 +105,7 @@ python __anonymous () {
     clsextend.map_variable("PACKAGE_INSTALL")
     clsextend.map_variable("INITSCRIPT_PACKAGES")
     clsextend.map_variable("USERADD_PACKAGES")
+    clsextend.map_variable("SYSTEMD_PACKAGES")
 }
 
 PACKAGEFUNCS_append = " do_package_qa_multilib"

meta/classes/nativesdk.bbclass

@@ -81,6 +81,7 @@ python () {
     clsextend.map_depends_variable("DEPENDS")
     clsextend.map_packagevars()
     clsextend.map_variable("PROVIDES")
+    clsextend.map_regexp_variable("PACKAGES_DYNAMIC")
 }
 
 addhandler nativesdk_virtclass_handler

meta/classes/package.bbclass

@@ -1800,7 +1800,7 @@ python package_depchains() {
 
 # Since bitbake can't determine which variables are accessed during package
 # iteration, we need to list them here:
-PACKAGEVARS = "FILES RDEPENDS RRECOMMENDS SUMMARY DESCRIPTION RSUGGESTS RPROVIDES RCONFLICTS PKG ALLOW_EMPTY pkg_postinst pkg_postrm INITSCRIPT_NAME INITSCRIPT_PARAMS DEBIAN_NOAUTONAME ALTERNATIVE PKGE PKGV PKGR USERADD_PARAM GROUPADD_PARAM"
+PACKAGEVARS = "FILES RDEPENDS RRECOMMENDS SUMMARY DESCRIPTION RSUGGESTS RPROVIDES RCONFLICTS PKG ALLOW_EMPTY pkg_postinst pkg_postrm INITSCRIPT_NAME INITSCRIPT_PARAMS DEBIAN_NOAUTONAME ALTERNATIVE PKGE PKGV PKGR USERADD_PARAM GROUPADD_PARAM CONFFILES"
 
 def gen_packagevar(d):
     ret = []

meta/classes/populate_sdk_base.bbclass

@@ -253,7 +253,7 @@ if [ "$dl_path" = "" ] ; then
 	echo "SDK could not be set up. Relocate script unable to find ld-linux.so. Abort!"
 	exit 1
 fi
-executable_files=$($SUDO_EXEC find $native_sysroot -type f -perm /111)
+executable_files=$($SUDO_EXEC find $native_sysroot -type f -perm /111 -exec file '{}' \;| grep "\(executable\|dynamically linked\)" | cut -f 1 -d ':') 
 
 tdir=`mktemp -d`
 if [ x$tdir = x ] ; then

meta/classes/ptest.bbclass

@@ -57,3 +57,8 @@ do_install_ptest_base[cleandirs] = "${D}${PTEST_PATH}"
 addtask configure_ptest_base after do_configure before do_compile
 addtask compile_ptest_base   after do_compile   before do_install
 addtask install_ptest_base   after do_install   before do_package
+
+python () {
+    if not bb.data.inherits_class('native', d) and not bb.data.inherits_class('cross', d):
+        d.setVarFlag('do_install_ptest_base', 'fakeroot', 1)
+}

meta/classes/terminal.bbclass

@@ -64,6 +64,10 @@ def oe_terminal(command, title, d):
             envdata.setVar(key, str(value))
             envdata.setVarFlag(key, 'export', 1)
 
+    # A complex PS1 might need more escaping of chars.
+    # Lets not export PS1 instead.
+    envdata.delVar("PS1")
+
     # Replace command with an executable wrapper script
     command = emit_terminal_func(command, envdata, d)
 

meta/classes/useradd.bbclass

@@ -182,6 +182,8 @@ fakeroot python populate_packages_prepend () {
         rdepends = d.getVar("RDEPENDS_%s" % pkg, True) or ""
         rdepends += ' ' + d.getVar('MLPREFIX') + 'base-passwd'
         rdepends += ' ' + d.getVar('MLPREFIX') + 'shadow'
+        # base-files is where the default /etc/skel is packaged
+        rdepends += ' ' + d.getVar('MLPREFIX') + 'base-files'
         d.setVar("RDEPENDS_%s" % pkg, rdepends)
 
     # Add the user/group preinstall scripts and RDEPENDS requirements

meta/conf/distro/include/default-providers.inc

@@ -43,3 +43,5 @@ PREFERRED_PROVIDER_udev ?= "${@base_contains('DISTRO_FEATURES','systemd','system
 # There are issues with runtime packages and PREFERRED_PROVIDER, see YOCTO #5044 for details
 # on this rather strange entry.
 PREFERRED_PROVIDER_bluez4 ?= "bluez4"
+# Alternative is ltp-ddt in meta-oe: meta-oe/recipes-devtools/ltp-ddt/ltp-ddt_0.0.4.bb
+PREFERRED_PROVIDER_ltp ?= "ltp"

meta/lib/oe/buildhistory_analysis.py

@@ -400,7 +400,7 @@ def process_changes(repopath, revision1, revision2 = 'HEAD', report_all = False)
                     chg = ChangeRecord(path, filename, d.a_blob.data_stream.read(), d.b_blob.data_stream.read(), True)
                     changes.append(chg)
             elif filename == 'image-info.txt':
-                changes.extend(compare_dict_blobs(path, d.a_blob, d.b_blob, report_all, report_ver))
+                changes.extend(compare_dict_blobs(path, d.a_blob, d.b_blob, report_all))
             elif '/image-files/' in path:
                 chg = ChangeRecord(path, filename, d.a_blob.data_stream.read(), d.b_blob.data_stream.read(), True)
                 changes.append(chg)

meta/lib/oe/sstatesig.py

@@ -10,7 +10,9 @@ def sstate_rundepfilter(siggen, fn, recipename, task, dep, depname, dataCache):
         return x.startswith("nativesdk-")
     def isKernel(fn):
         inherits = " ".join(dataCache.inherits[fn])
-        return inherits.find("module-base.bbclass") != -1 or inherits.find("linux-kernel-base.bbclass") != -1
+        return inherits.find("/module-base.bbclass") != -1 or inherits.find("/linux-kernel-base.bbclass") != -1
+    def isImage(fn):
+        return "/image.bbclass" in " ".join(dataCache.inherits[fn])
 
     # Always include our own inter-task dependencies
     if recipename == depname:
@@ -32,7 +34,7 @@ def sstate_rundepfilter(siggen, fn, recipename, task, dep, depname, dataCache):
         return False
 
     # Exclude well defined machine specific configurations which don't change ABI
-    if depname in siggen.abisaferecipes:
+    if depname in siggen.abisaferecipes and not isImage(fn):
         return False
 
     # Exclude well defined recipe->dependency

meta/lib/oe/terminal.py

@@ -52,11 +52,11 @@ class XTerminal(Terminal):
             raise UnsupportedTerminal(self.name)
 
 class Gnome(XTerminal):
-    command = 'gnome-terminal --disable-factory -t "{title}" -x {command}'
+    command = 'gnome-terminal -t "{title}" -x {command}'
     priority = 2
 
 class Mate(XTerminal):
-    command = 'mate-terminal --disable-factory -t "{title}" -x {command}'
+    command = 'mate-terminal -t "{title}" -x {command}'
     priority = 2
 
 class Xfce(XTerminal):

meta/recipes-bsp/acpid/acpid.inc

@@ -6,7 +6,8 @@ LICENSE="GPLv2+"
 
 SECTION = "base"
 SRC_URI = "${SOURCEFORGE_MIRROR}/acpid/acpid-${PV}.tar.gz \
-           file://init"
+           file://init \
+           file://set_socket_noblock.patch "
 
 inherit update-rc.d
 

meta/recipes-bsp/acpid/acpid/set_socket_noblock.patch

@@ -0,0 +1,10 @@
+--- a/acpid.c
++++ b/acpid.c
+@@ -307,6 +307,7 @@ main(int argc, char **argv)
+ 				non_root_clients++;
+ 			}
+ 			fcntl(cli_fd, F_SETFD, FD_CLOEXEC);
++			fcntl(cli_fd, F_SETFL, O_NONBLOCK);
+ 			snprintf(buf, sizeof(buf)-1, "%d[%d:%d]",
+ 				creds.pid, creds.uid, creds.gid);
+ 			acpid_add_client(cli_fd, buf);

meta/recipes-bsp/apmd/apmd-3.2.2-14/apmd.service

@@ -3,5 +3,5 @@ Description=Advanced Power Management daemon
 After=remote-fs.target
 
 [Service]
-EnvironmentFile-= @SYSCONFDIR@/default/apmd
+EnvironmentFile=-@SYSCONFDIR@/default/apmd
 ExecStart=@SBINDIR@/apmd -P @SYSCONFDIR@/apm/apmd_proxy $APMD

meta/recipes-bsp/grub/grub_2.00.bb

@@ -11,8 +11,8 @@ SECTION = "bootloaders"
 LICENSE = "GPLv3"
 LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
 
-DEPENDS = "autogen-native flex-native"
-RDEPENDS_${PN} = "diffutils freetype xz"
+DEPENDS = "autogen-native flex-native bison-native xz"
+RDEPENDS_${PN} = "diffutils freetype"
 PR = "r1"
 
 SRC_URI = "ftp://ftp.gnu.org/gnu/grub/grub-${PV}.tar.gz \
@@ -37,6 +37,7 @@ inherit gettext
 
 PACKAGECONFIG ??= ""
 PACKAGECONFIG[grub-mount] = "--enable-grub-mount,--disable-grub-mount,fuse"
+PACKAGECONFIG[device-mapper] = "--enable-device-mapper,--disable-device-mapper,lvm2"
 
 EXTRA_OECONF = "--with-platform=pc --disable-grub-mkfont --program-prefix="" \
                --enable-liblzma=no --enable-device-mapper=no --enable-libzfs=no"

meta/recipes-connectivity/avahi/avahi.inc

@@ -25,6 +25,7 @@ SRC_URI = "http://avahi.org/download/avahi-${PV}.tar.gz \
           file://avahi_fix_install_issue.patch \
           file://fix_for_automake_1.12.x.patch \
           file://out-of-tree.patch \
+          file://reuseport-check.patch \
           "
 
 USERADD_PACKAGES = "avahi-daemon avahi-autoipd"
@@ -98,8 +99,8 @@ FILES_libavahi-gobject = "${libdir}/libavahi-gobject.so.*"
 FILES_avahi-utils = "${bindir}/avahi-*"
 
 # uclibc has no nss
-RRECOMMENDS_avahi-daemon_append_libc-glibc = "libnss-mdns"
-RRECOMMENDS_${PN}_append_libc-glibc = "libnss-mdns"
+RRECOMMENDS_avahi-daemon_append_libc-glibc = " libnss-mdns"
+RRECOMMENDS_${PN}_append_libc-glibc = " libnss-mdns"
 
 RRECOMMENDS_avahi-dev = "expat-dev libcap-dev libdaemon-dev dbus-dev glib-2.0-dev update-rc.d-dev"
 RRECOMMENDS_avahi-dev_append_libc-glibc = " gettext-dev"

meta/recipes-connectivity/avahi/files/reuseport-check.patch

@@ -0,0 +1,30 @@
+Fix avahi-daemon when running on kernel < 3.9 (patch taken from Ubuntu).
+
+Upstream-Status: Pending (unmaintained upstream)
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+Description: SO_REUSEPORT may not exist in running kernel
+ When userspace defines SO_REUSEPORT we will attempt to enable socket
+ port number reuse.  However if the running kernel does not support
+ this call it will fail preventing daemon startup.  If this call is
+ present but fails ENOPROTOOPT then we know that actually the kernel
+ does not support it and we should continue as if we did not have the
+ call at all.  (LP: #1228204)
+ .
+ This patch could be removed from the debian package after jessie release.
+Author: Andy Whitcroft <apw@canonical.com>
+
+Index: avahi-0.6.31/avahi-core/socket.c
+===================================================================
+--- avahi-0.6.31.orig/avahi-core/socket.c	2013-09-20 16:36:50.000000000 +0100
++++ avahi-0.6.31/avahi-core/socket.c	2013-09-20 16:38:23.781863644 +0100
+@@ -177,7 +177,8 @@
+     yes = 1;
+     if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &yes, sizeof(yes)) < 0) {
+         avahi_log_warn("SO_REUSEPORT failed: %s", strerror(errno));
+-        return -1;
++        if (errno != ENOPROTOOPT)
++            return -1;
+     }
+ #endif
+ 

meta/recipes-connectivity/bluez/bluez4.inc

@@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \
                     file://COPYING.LIB;md5=fb504b67c50331fc78734fed90fb0e09 \
                     file://src/main.c;beginline=1;endline=24;md5=9bc54b93cd7e17bf03f52513f39f926e \
                     file://sbc/sbc.c;beginline=1;endline=25;md5=1a40781ed30d50d8639323a184aeb191"
-DEPENDS = "udev libusb dbus-glib glib-2.0 libcheck readline"
+DEPENDS = "udev libusb dbus-glib glib-2.0 libcheck readline libsndfile1"
 RDEPENDS_${PN}-dev = "bluez-hcidump"
 
 PACKAGECONFIG ??= "\

meta/recipes-connectivity/iproute2/iproute2/0001-iproute2-de-bash-scripts.patch

@@ -0,0 +1,64 @@
+Subject: [PATCH] iproute2: de-bash scripts
+
+de-bash these two scripts to make iproute2 not depend on bash.
+
+Upstream-Status: Pending
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+
+---
+ ip/ifcfg |   15 ++++++++-------
+ ip/rtpr  |    2 +-
+ 2 files changed, 9 insertions(+), 8 deletions(-)
+
+diff --git a/ip/ifcfg b/ip/ifcfg
+index 083d9df..60bcf1f 100644
+--- a/ip/ifcfg
++++ b/ip/ifcfg
+@@ -1,12 +1,13 @@
+-#! /bin/bash
++#! /bin/sh
+ 
+ CheckForwarding () {
+-  local sbase fwd
++  local sbase fwd forwarding
+   sbase=/proc/sys/net/ipv4/conf
+   fwd=0
+   if [ -d $sbase ]; then
+     for dir in $sbase/*/forwarding; do
+-      fwd=$[$fwd + `cat $dir`]
++      forwarding=`cat $dir`
++      fwd=$(($fwd+$forwarding))
+     done
+   else
+     fwd=2
+@@ -127,12 +128,12 @@ fi
+ arping -q -A -c 1 -I $dev $ipaddr
+ noarp=$?
+ ( sleep 2 ;
+-  arping -q -U -c 1 -I $dev $ipaddr ) >& /dev/null </dev/null &
++  arping -q -U -c 1 -I $dev $ipaddr ) > /dev/null 2>&1 </dev/null &
+ 
+-ip route add unreachable 224.0.0.0/24 >& /dev/null
+-ip route add unreachable 255.255.255.255 >& /dev/null
++ip route add unreachable 224.0.0.0/24 > /dev/null 2>&1
++ip route add unreachable 255.255.255.255 > /dev/null 2>&1
+ if [ `ip link ls $dev | grep -c MULTICAST` -ge 1 ]; then
+-  ip route add 224.0.0.0/4 dev $dev scope global >& /dev/null
++  ip route add 224.0.0.0/4 dev $dev scope global > /dev/null 2>&1
+ fi
+ 
+ if [ $fwd -eq 0 ]; then
+diff --git a/ip/rtpr b/ip/rtpr
+index c3629fd..674198d 100644
+--- a/ip/rtpr
++++ b/ip/rtpr
+@@ -1,4 +1,4 @@
+-#! /bin/bash
++#! /bin/sh
+ 
+ exec tr "[\\\\]" "[
+ ]"
+-- 
+1.7.9.5
+

meta/recipes-connectivity/iproute2/iproute2_3.10.0.bb

@@ -2,6 +2,7 @@ require iproute2.inc
 
 SRC_URI = "${KERNELORG_MIRROR}/linux/utils/net/${BPN}/${BPN}-${PV}.tar.xz \
            file://configure-cross.patch \
+           file://0001-iproute2-de-bash-scripts.patch \
           "
 
 SRC_URI[md5sum] = "45fb5427fc723a0001c72b92c931ba02"

meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-DTLS-retransmission-from-previous-session.patch

@@ -0,0 +1,81 @@
+From 34628967f1e65dc8f34e000f0f5518e21afbfc7b Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve@openssl.org>
+Date: Fri, 20 Dec 2013 15:26:50 +0000
+Subject: [PATCH] Fix DTLS retransmission from previous session.
+
+Upstream-Status: Backport
+commit 34628967f1e65dc8f34e000f0f5518e21afbfc7b upstream
+
+For DTLS we might need to retransmit messages from the previous session
+so keep a copy of write context in DTLS retransmission buffers instead
+of replacing it after sending CCS. CVE-2013-6450.
+---
+ ssl/d1_both.c  |    6 ++++++
+ ssl/ssl_locl.h |    2 ++
+ ssl/t1_enc.c   |   17 +++++++++++------
+ 4 files changed, 24 insertions(+), 6 deletions(-)
+
+diff --git a/ssl/d1_both.c b/ssl/d1_both.c
+index 65ec001..7a5596a 100644
+--- a/ssl/d1_both.c
++++ b/ssl/d1_both.c
+@@ -214,6 +214,12 @@ dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
+ static void
+ dtls1_hm_fragment_free(hm_fragment *frag)
+ 	{
++
++	if (frag->msg_header.is_ccs)
++		{
++		EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx);
++		EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash);
++		}
+ 	if (frag->fragment) OPENSSL_free(frag->fragment);
+ 	if (frag->reassembly) OPENSSL_free(frag->reassembly);
+ 	OPENSSL_free(frag);
+diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
+index 96ce9a7..e485907 100644
+--- a/ssl/ssl_locl.h
++++ b/ssl/ssl_locl.h
+@@ -621,6 +621,8 @@ extern SSL3_ENC_METHOD TLSv1_enc_data;
+ extern SSL3_ENC_METHOD SSLv3_enc_data;
+ extern SSL3_ENC_METHOD DTLSv1_enc_data;
+ 
++#define SSL_IS_DTLS(s) (s->method->version == DTLS1_VERSION)
++
+ #define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \
+ 				s_get_meth) \
+ const SSL_METHOD *func_name(void)  \
+diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
+index 72015f5..56db834 100644
+--- a/ssl/t1_enc.c
++++ b/ssl/t1_enc.c
+@@ -414,15 +414,20 @@ int tls1_change_cipher_state(SSL *s, int which)
+ 			s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
+ 			else
+ 			s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
+-		if (s->enc_write_ctx != NULL)
++		if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s))
+ 			reuse_dd = 1;
+-		else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
++		else if ((s->enc_write_ctx=EVP_CIPHER_CTX_new()) == NULL)
+ 			goto err;
+-		else
+-			/* make sure it's intialized in case we exit later with an error */
+-			EVP_CIPHER_CTX_init(s->enc_write_ctx);
+ 		dd= s->enc_write_ctx;
+-		mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
++		if (SSL_IS_DTLS(s))
++			{
++			mac_ctx = EVP_MD_CTX_create();
++			if (!mac_ctx)
++				goto err;
++			s->write_hash = mac_ctx;
++			}
++		else
++			mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
+ #ifndef OPENSSL_NO_COMP
+ 		if (s->compress != NULL)
+ 			{
+-- 
+1.7.5.4
+

meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch

@@ -0,0 +1,31 @@
+From 197e0ea817ad64820789d86711d55ff50d71f631 Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve@openssl.org>
+Date: Mon, 6 Jan 2014 14:35:04 +0000
+Subject: [PATCH] Fix for TLS record tampering bug CVE-2013-4353
+
+Upstream-Status: Backport
+commit 197e0ea817ad64820789d86711d55ff50d71f631 upstream
+
+ ssl/s3_both.c |    6 +++++-
+ 3 files changed, 11 insertions(+), 1 deletions(-)
+
+diff --git a/ssl/s3_both.c b/ssl/s3_both.c
+index 1e5dcab..53b9390 100644
+--- a/ssl/s3_both.c
++++ b/ssl/s3_both.c
+@@ -210,7 +210,11 @@ static void ssl3_take_mac(SSL *s)
+ 	{
+ 	const char *sender;
+ 	int slen;
+-
++	/* If no new cipher setup return immediately: other functions will
++	 * set the appropriate error.
++	 */
++	if (s->s3->tmp.new_cipher == NULL)
++		return;
+ 	if (s->state & SSL_ST_CONNECT)
+ 		{
+ 		sender=s->method->ssl3_enc->server_finished_label;
+-- 
+1.7.5.4
+

meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch

@@ -0,0 +1,33 @@
+From ca989269a2876bae79393bd54c3e72d49975fc75 Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve@openssl.org>
+Date: Thu, 19 Dec 2013 14:37:39 +0000
+Subject: [PATCH] Use version in SSL_METHOD not SSL structure.
+
+Upstream-Status: Backport
+commit ca989269a2876bae79393bd54c3e72d49975fc75 upstream
+
+When deciding whether to use TLS 1.2 PRF and record hash algorithms
+use the version number in the corresponding SSL_METHOD structure
+instead of the SSL structure. The SSL structure version is sometimes
+inaccurate. Note: OpenSSL 1.0.2 and later effectively do this already.
+(CVE-2013-6449)
+---
+ ssl/s3_lib.c |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
+index bf832bb..c4ef273 100644
+--- a/ssl/s3_lib.c
++++ b/ssl/s3_lib.c
+@@ -4286,7 +4286,7 @@ need to go to SSL_ST_ACCEPT.
+ long ssl_get_algorithm2(SSL *s)
+ 	{
+ 	long alg2 = s->s3->tmp.new_cipher->algorithm2;
+-	if (TLS1_get_version(s) >= TLS1_2_VERSION &&
++	if (s->method->version == TLS1_2_VERSION &&
+ 	    alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
+ 		return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
+ 	return alg2;
+-- 
+1.7.5.4
+

meta/recipes-connectivity/openssl/openssl-1.0.1e/CVE-2014-0160.patch

@@ -0,0 +1,118 @@
+From 96db9023b881d7cd9f379b0c154650d6c108e9a3 Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve@openssl.org>
+Date: Sun, 6 Apr 2014 00:51:06 +0100
+Subject: [PATCH] Add heartbeat extension bounds check.
+
+A missing bounds check in the handling of the TLS heartbeat extension
+can be used to reveal up to 64k of memory to a connected client or
+server.
+
+Thanks for Neel Mehta of Google Security for discovering this bug and to
+Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
+preparing the fix (CVE-2014-0160)
+
+Patch (tweaked version of upstream fix without CHANGES change) borrowed
+from Debian.
+
+Upstream-Status: Backport
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+---
+ ssl/d1_both.c | 26 ++++++++++++++++++--------
+ ssl/t1_lib.c  | 14 +++++++++-----
+ 3 files changed, 36 insertions(+), 13 deletions(-)
+
+diff --git a/ssl/d1_both.c b/ssl/d1_both.c
+index 7a5596a..2e8cf68 100644
+--- a/ssl/d1_both.c
++++ b/ssl/d1_both.c
+@@ -1459,26 +1459,36 @@ dtls1_process_heartbeat(SSL *s)
+ 	unsigned int payload;
+ 	unsigned int padding = 16; /* Use minimum padding */
+ 
+-	/* Read type and payload length first */
+-	hbtype = *p++;
+-	n2s(p, payload);
+-	pl = p;
+-
+ 	if (s->msg_callback)
+ 		s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
+ 			&s->s3->rrec.data[0], s->s3->rrec.length,
+ 			s, s->msg_callback_arg);
+ 
++	/* Read type and payload length first */
++	if (1 + 2 + 16 > s->s3->rrec.length)
++		return 0; /* silently discard */
++	hbtype = *p++;
++	n2s(p, payload);
++	if (1 + 2 + payload + 16 > s->s3->rrec.length)
++		return 0; /* silently discard per RFC 6520 sec. 4 */
++	pl = p;
++
+ 	if (hbtype == TLS1_HB_REQUEST)
+ 		{
+ 		unsigned char *buffer, *bp;
++		unsigned int write_length = 1 /* heartbeat type */ +
++					    2 /* heartbeat length */ +
++					    payload + padding;
+ 		int r;
+ 
++		if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
++			return 0;
++
+ 		/* Allocate memory for the response, size is 1 byte
+ 		 * message type, plus 2 bytes payload length, plus
+ 		 * payload, plus padding
+ 		 */
+-		buffer = OPENSSL_malloc(1 + 2 + payload + padding);
++		buffer = OPENSSL_malloc(write_length);
+ 		bp = buffer;
+ 
+ 		/* Enter response type, length and copy payload */
+@@ -1489,11 +1499,11 @@ dtls1_process_heartbeat(SSL *s)
+ 		/* Random padding */
+ 		RAND_pseudo_bytes(bp, padding);
+ 
+-		r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
++		r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length);
+ 
+ 		if (r >= 0 && s->msg_callback)
+ 			s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
+-				buffer, 3 + payload + padding,
++				buffer, write_length,
+ 				s, s->msg_callback_arg);
+ 
+ 		OPENSSL_free(buffer);
+diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
+index b82fada..bddffd9 100644
+--- a/ssl/t1_lib.c
++++ b/ssl/t1_lib.c
+@@ -2588,16 +2588,20 @@ tls1_process_heartbeat(SSL *s)
+ 	unsigned int payload;
+ 	unsigned int padding = 16; /* Use minimum padding */
+ 
+-	/* Read type and payload length first */
+-	hbtype = *p++;
+-	n2s(p, payload);
+-	pl = p;
+-
+ 	if (s->msg_callback)
+ 		s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
+ 			&s->s3->rrec.data[0], s->s3->rrec.length,
+ 			s, s->msg_callback_arg);
+ 
++	/* Read type and payload length first */
++	if (1 + 2 + 16 > s->s3->rrec.length)
++		return 0; /* silently discard */
++	hbtype = *p++;
++	n2s(p, payload);
++	if (1 + 2 + payload + 16 > s->s3->rrec.length)
++		return 0; /* silently discard per RFC 6520 sec. 4 */
++	pl = p;
++
+ 	if (hbtype == TLS1_HB_REQUEST)
+ 		{
+ 		unsigned char *buffer, *bp;
+-- 
+1.9.1
+

meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0195.patch

@@ -0,0 +1,40 @@
+commit 208d54db20d58c9a5e45e856a0650caadd7d9612
+Author: Dr. Stephen Henson <steve@openssl.org>
+Date:   Tue May 13 18:48:31 2014 +0100
+
+    Fix for CVE-2014-0195
+    
+    A buffer overrun attack can be triggered by sending invalid DTLS fragments
+    to an OpenSSL DTLS client or server. This is potentially exploitable to
+    run arbitrary code on a vulnerable client or server.
+    
+    Fixed by adding consistency check for DTLS fragments.
+    
+    Thanks to Jüri Aedla for reporting this issue.
+
+Patch borrowed from Fedora
+Upstream-Status: Backport
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+diff --git a/ssl/d1_both.c b/ssl/d1_both.c
+index 2e8cf68..07f67f8 100644
+--- a/ssl/d1_both.c
++++ b/ssl/d1_both.c
+@@ -627,7 +627,16 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
+ 		frag->msg_header.frag_off = 0;
+ 		}
+ 	else
++		{
+ 		frag = (hm_fragment*) item->data;
++		if (frag->msg_header.msg_len != msg_hdr->msg_len)
++			{
++			item = NULL;
++			frag = NULL;
++			goto err;
++			}
++		}
++
+ 
+ 	/* If message is already reassembled, this must be a
+ 	 * retransmit and can be dropped.
+

meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0198.patch

@@ -0,0 +1,38 @@
+From: Matt Caswell <matt@openssl.org>
+Date: Sun, 11 May 2014 23:38:37 +0000 (+0100)
+Subject: Fixed NULL pointer dereference. See PR#3321
+X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=b107586
+
+Fixed NULL pointer dereference. See PR#3321
+
+Patch borrowed from Fedora
+Upstream-Status: Backport
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+---
+
+diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
+index 40eb0dd..d961d12 100644
+--- a/ssl/s3_pkt.c
++++ b/ssl/s3_pkt.c
+@@ -657,9 +657,6 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+ 	SSL3_BUFFER *wb=&(s->s3->wbuf);
+ 	SSL_SESSION *sess;
+ 
+- 	if (wb->buf == NULL)
+-		if (!ssl3_setup_write_buffer(s))
+-			return -1;
+ 
+ 	/* first check if there is a SSL3_BUFFER still being written
+ 	 * out.  This will happen with non blocking IO */
+@@ -675,6 +672,10 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+ 		/* if it went, fall through and send more stuff */
+ 		}
+ 
++ 	if (wb->buf == NULL)
++		if (!ssl3_setup_write_buffer(s))
++			return -1;
++
+ 	if (len == 0 && !create_empty_fragment)
+ 		return 0;
+ 

meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0221.patch

@@ -0,0 +1,38 @@
+commit d30e582446b027868cdabd0994681643682045a4
+Author: Dr. Stephen Henson <steve@openssl.org>
+Date:   Fri May 16 13:00:45 2014 +0100
+
+    Fix CVE-2014-0221
+    
+    Unnecessary recursion when receiving a DTLS hello request can be used to
+    crash a DTLS client. Fixed by handling DTLS hello request without recursion.
+    
+    Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.
+
+Patch borrowed from Fedora
+Upstream-Status: Backport
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+diff --git a/ssl/d1_both.c b/ssl/d1_both.c
+index 07f67f8..4c2fd03 100644
+--- a/ssl/d1_both.c
++++ b/ssl/d1_both.c
+@@ -793,6 +793,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
+ 	int i,al;
+ 	struct hm_header_st msg_hdr;
+ 
++	redo:
+ 	/* see if we have the required fragment already */
+ 	if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok)
+ 		{
+@@ -851,8 +852,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
+ 					s->msg_callback_arg);
+ 			
+ 			s->init_num = 0;
+-			return dtls1_get_message_fragment(s, st1, stn,
+-				max, ok);
++			goto redo;
+ 			}
+ 		else /* Incorrectly formated Hello request */
+ 			{
+

meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0224.patch

@@ -0,0 +1,103 @@
+Fix for CVE-2014-0224
+
+Only accept change cipher spec when it is expected instead of at any
+time. This prevents premature setting of session keys before the master
+secret is determined which an attacker could use as a MITM attack.
+
+Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for reporting this issue
+and providing the initial fix this patch is based on.
+
+
+Patch borrowed from Fedora
+Upstream-Status: Backport
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+
+diff -up openssl-1.0.1e/ssl/ssl3.h.keying-mitm openssl-1.0.1e/ssl/ssl3.h
+--- openssl-1.0.1e/ssl/ssl3.h.keying-mitm	2014-06-02 19:48:04.518100562 +0200
++++ openssl-1.0.1e/ssl/ssl3.h	2014-06-02 19:48:04.642103429 +0200
+@@ -388,6 +388,7 @@ typedef struct ssl3_buffer_st
+ #define TLS1_FLAGS_TLS_PADDING_BUG		0x0008
+ #define TLS1_FLAGS_SKIP_CERT_VERIFY		0x0010
+ #define TLS1_FLAGS_KEEP_HANDSHAKE		0x0020
++#define SSL3_FLAGS_CCS_OK			0x0080
+  
+ /* SSL3_FLAGS_SGC_RESTART_DONE is set when we
+  * restart a handshake because of MS SGC and so prevents us
+diff -up openssl-1.0.1e/ssl/s3_clnt.c.keying-mitm openssl-1.0.1e/ssl/s3_clnt.c
+--- openssl-1.0.1e/ssl/s3_clnt.c.keying-mitm	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/ssl/s3_clnt.c	2014-06-02 19:49:57.042701985 +0200
+@@ -559,6 +559,7 @@ int ssl3_connect(SSL *s)
+ 		case SSL3_ST_CR_FINISHED_A:
+ 		case SSL3_ST_CR_FINISHED_B:
+ 
++			s->s3->flags |= SSL3_FLAGS_CCS_OK;
+ 			ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
+ 				SSL3_ST_CR_FINISHED_B);
+ 			if (ret <= 0) goto end;
+@@ -916,6 +917,7 @@ int ssl3_get_server_hello(SSL *s)
+ 		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
+ 		goto f_err;
+ 		}
++	    s->s3->flags |= SSL3_FLAGS_CCS_OK;
+ 	    s->hit=1;
+ 	    }
+ 	else	/* a miss or crap from the other end */
+diff -up openssl-1.0.1e/ssl/s3_pkt.c.keying-mitm openssl-1.0.1e/ssl/s3_pkt.c
+--- openssl-1.0.1e/ssl/s3_pkt.c.keying-mitm	2014-06-02 19:48:04.640103383 +0200
++++ openssl-1.0.1e/ssl/s3_pkt.c	2014-06-02 19:48:04.643103452 +0200
+@@ -1298,6 +1298,15 @@ start:
+ 			goto f_err;
+ 			}
+ 
++		if (!(s->s3->flags & SSL3_FLAGS_CCS_OK))
++			{
++			al=SSL_AD_UNEXPECTED_MESSAGE;
++			SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY);
++			goto f_err;
++			}
++
++		s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
++
+ 		rr->length=0;
+ 
+ 		if (s->msg_callback)
+@@ -1432,7 +1441,7 @@ int ssl3_do_change_cipher_spec(SSL *s)
+ 
+ 	if (s->s3->tmp.key_block == NULL)
+ 		{
+-		if (s->session == NULL) 
++		if (s->session == NULL || s->session->master_key_length == 0)
+ 			{
+ 			/* might happen if dtls1_read_bytes() calls this */
+ 			SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);
+diff -up openssl-1.0.1e/ssl/s3_srvr.c.keying-mitm openssl-1.0.1e/ssl/s3_srvr.c
+--- openssl-1.0.1e/ssl/s3_srvr.c.keying-mitm	2014-06-02 19:48:04.630103151 +0200
++++ openssl-1.0.1e/ssl/s3_srvr.c	2014-06-02 19:48:04.643103452 +0200
+@@ -673,6 +673,7 @@ int ssl3_accept(SSL *s)
+ 		case SSL3_ST_SR_CERT_VRFY_A:
+ 		case SSL3_ST_SR_CERT_VRFY_B:
+ 
++			s->s3->flags |= SSL3_FLAGS_CCS_OK;
+ 			/* we should decide if we expected this one */
+ 			ret=ssl3_get_cert_verify(s);
+ 			if (ret <= 0) goto end;
+@@ -700,6 +701,7 @@ int ssl3_accept(SSL *s)
+ 
+ 		case SSL3_ST_SR_FINISHED_A:
+ 		case SSL3_ST_SR_FINISHED_B:
++			s->s3->flags |= SSL3_FLAGS_CCS_OK;
+ 			ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
+ 				SSL3_ST_SR_FINISHED_B);
+ 			if (ret <= 0) goto end;
+@@ -770,7 +772,10 @@ int ssl3_accept(SSL *s)
+ 				s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
+ #else
+ 				if (s->s3->next_proto_neg_seen)
++					{
++					s->s3->flags |= SSL3_FLAGS_CCS_OK;
+ 					s->s3->tmp.next_state=SSL3_ST_SR_NEXT_PROTO_A;
++					}
+ 				else
+ 					s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
+ #endif

meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-3470.patch

@@ -0,0 +1,31 @@
+commit 4ad43d511f6cf064c66eb4bfd0fb0919b5dd8a86
+Author: Dr. Stephen Henson <steve@openssl.org>
+Date:   Thu May 29 15:00:05 2014 +0100
+
+    Fix CVE-2014-3470
+    
+    Check session_cert is not NULL before dereferencing it.
+
+Patch borrowed from Fedora
+Upstream-Status: Backport
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+
+diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
+index d35376d..4324f8d 100644
+--- a/ssl/s3_clnt.c
++++ b/ssl/s3_clnt.c
+@@ -2511,6 +2511,13 @@ int ssl3_send_client_key_exchange(SSL *s)
+ 			int ecdh_clnt_cert = 0;
+ 			int field_size = 0;
+ 
++			if (s->session->sess_cert == NULL) 
++				{
++				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
++				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
++				goto err;
++				}
++
+ 			/* Did we send out the client's
+ 			 * ECDH share for use in premaster
+ 			 * computation as part of client certificate?

meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-CVE-2010-5298.patch

@@ -0,0 +1,24 @@
+openssl fix for CVE-2010-5298
+
+Upstream-Status: Backport
+
+Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL
+through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote
+attackers to inject data across sessions or cause a denial of service
+(use-after-free and parsing error) via an SSL connection in a
+multithreaded environment.
+
+http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298
+
+Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
+--- a/ssl/s3_pkt.c
++++ b/ssl/s3_pkt.c
+@@ -1013,7 +1013,7 @@ start:
+ 				{
+ 				s->rstate=SSL_ST_READ_HEADER;
+ 				rr->off=0;
+-				if (s->mode & SSL_MODE_RELEASE_BUFFERS)
++				if (s->mode & SSL_MODE_RELEASE_BUFFERS && s->s3->rbuf.left == 0)
+ 					ssl3_release_read_buffer(s);
+ 				}
+ 			}

meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-fix-CVE-2014-3513.patch

@@ -0,0 +1,211 @@
+From 2b0532f3984324ebe1236a63d15893792384328d Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Wed, 15 Oct 2014 01:20:38 +0100
+Subject: [PATCH] Fix for SRTP Memory Leak
+
+CVE-2014-3513
+
+This issue was reported to OpenSSL on 26th September 2014, based on an origi
+issue and patch developed by the LibreSSL project. Further analysis of the i
+was performed by the OpenSSL team.
+
+The fix was developed by the OpenSSL team.
+
+Reviewed-by: Tim Hudson <tjh@openssl.org>
+Signed-off-by: Catalin Popeanga <catalin.popeanga@enea.com>
+---
+ ssl/d1_srtp.c |   93 +++++++++++++++++++--------------------------------------
+ ssl/t1_lib.c  |    9 +++---
+ 2 files changed, 36 insertions(+), 66 deletions(-)
+
+diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c
+index ab9c419..535539b 100644
+--- a/ssl/d1_srtp.c
++++ b/ssl/d1_srtp.c
+@@ -168,25 +168,6 @@ static int find_profile_by_name(char *profile_name,
+ 	return 1;
+ 	}
+ 
+-static int find_profile_by_num(unsigned profile_num,
+-			       SRTP_PROTECTION_PROFILE **pptr)
+-	{
+-	SRTP_PROTECTION_PROFILE *p;
+-
+-	p=srtp_known_profiles;
+-	while(p->name)
+-		{
+-		if(p->id == profile_num)
+-			{
+-			*pptr=p;
+-			return 0;
+-			}
+-		p++;
+-		}
+-
+-	return 1;
+-	}
+-
+ static int ssl_ctx_make_profiles(const char *profiles_string,STACK_OF(SRTP_PROTECTION_PROFILE) **out)
+ 	{
+ 	STACK_OF(SRTP_PROTECTION_PROFILE) *profiles;
+@@ -209,11 +190,19 @@ static int ssl_ctx_make_profiles(const char *profiles_string,STACK_OF(SRTP_PROTE
+ 		if(!find_profile_by_name(ptr,&p,
+ 					 col ? col-ptr : (int)strlen(ptr)))
+ 			{
++			if (sk_SRTP_PROTECTION_PROFILE_find(profiles,p) >= 0)
++				{
++				SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
++				sk_SRTP_PROTECTION_PROFILE_free(profiles);
++				return 1;
++				}
++
+ 			sk_SRTP_PROTECTION_PROFILE_push(profiles,p);
+ 			}
+ 		else
+ 			{
+ 			SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
++			sk_SRTP_PROTECTION_PROFILE_free(profiles);
+ 			return 1;
+ 			}
+ 
+@@ -305,13 +294,12 @@ int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int max
+ 
+ int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al)
+ 	{
+-	SRTP_PROTECTION_PROFILE *cprof,*sprof;
+-	STACK_OF(SRTP_PROTECTION_PROFILE) *clnt=0,*srvr;
++	SRTP_PROTECTION_PROFILE *sprof;
++	STACK_OF(SRTP_PROTECTION_PROFILE) *srvr;
+         int ct;
+         int mki_len;
+-	int i,j;
+-	int id;
+-	int ret;
++	int i, srtp_pref;
++	unsigned int id;
+ 
+          /* Length value + the MKI length */
+         if(len < 3)
+@@ -341,22 +329,32 @@ int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al
+ 		return 1;
+ 		}
+ 
++	srvr=SSL_get_srtp_profiles(s);
++	s->srtp_profile = NULL;
++	/* Search all profiles for a match initially */
++	srtp_pref = sk_SRTP_PROTECTION_PROFILE_num(srvr);
+         
+-	clnt=sk_SRTP_PROTECTION_PROFILE_new_null();
+-
+ 	while(ct)
+ 		{
+ 		n2s(d,id);
+ 		ct-=2;
+                 len-=2;
+ 
+-		if(!find_profile_by_num(id,&cprof))
++		/*
++		 * Only look for match in profiles of higher preference than
++		 * current match.
++		 * If no profiles have been have been configured then this
++		 * does nothing.
++		 */
++		for (i = 0; i < srtp_pref; i++)
+ 			{
+-			sk_SRTP_PROTECTION_PROFILE_push(clnt,cprof);
+-			}
+-		else
+-			{
+-			; /* Ignore */
++			sprof = sk_SRTP_PROTECTION_PROFILE_value(srvr, i);
++			if (sprof->id == id)
++				{
++				s->srtp_profile = sprof;
++				srtp_pref = i;
++				break;
++				}
+ 			}
+ 		}
+ 
+@@ -371,36 +369,7 @@ int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al
+ 		return 1;
+ 		}
+ 
+-	srvr=SSL_get_srtp_profiles(s);
+-
+-	/* Pick our most preferred profile. If no profiles have been
+-	 configured then the outer loop doesn't run 
+-	 (sk_SRTP_PROTECTION_PROFILE_num() = -1)
+-	 and so we just return without doing anything */
+-	for(i=0;i<sk_SRTP_PROTECTION_PROFILE_num(srvr);i++)
+-		{
+-		sprof=sk_SRTP_PROTECTION_PROFILE_value(srvr,i);
+-
+-		for(j=0;j<sk_SRTP_PROTECTION_PROFILE_num(clnt);j++)
+-			{
+-			cprof=sk_SRTP_PROTECTION_PROFILE_value(clnt,j);
+-            
+-			if(cprof->id==sprof->id)
+-				{
+-				s->srtp_profile=sprof;
+-				*al=0;
+-				ret=0;
+-				goto done;
+-				}
+-			}
+-		}
+-
+-	ret=0;
+-    
+-done:
+-	if(clnt) sk_SRTP_PROTECTION_PROFILE_free(clnt);
+-
+-	return ret;
++	return 0;
+ 	}
+ 
+ int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen)
+diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
+index 022a4fb..12ee3c9 100644
+--- a/ssl/t1_lib.c
++++ b/ssl/t1_lib.c
+@@ -643,7 +643,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c
+ #endif
+ 
+ #ifndef OPENSSL_NO_SRTP
+-        if(SSL_get_srtp_profiles(s))
++	if(SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s))
+                 {
+                 int el;
+ 
+@@ -806,7 +806,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c
+ #endif
+ 
+ #ifndef OPENSSL_NO_SRTP
+-        if(s->srtp_profile)
++	if(SSL_IS_DTLS(s) && s->srtp_profile)
+                 {
+                 int el;
+ 
+@@ -1444,7 +1444,8 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
+ 
+ 		/* session ticket processed earlier */
+ #ifndef OPENSSL_NO_SRTP
+-		else if (type == TLSEXT_TYPE_use_srtp)
++		else if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)
++			 && type == TLSEXT_TYPE_use_srtp)
+ 			{
+ 			if(ssl_parse_clienthello_use_srtp_ext(s, data, size,
+ 							      al))
+@@ -1698,7 +1699,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
+ 			}
+ #endif
+ #ifndef OPENSSL_NO_SRTP
+-		else if (type == TLSEXT_TYPE_use_srtp)
++		else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_use_srtp)
+ 			{
+                         if(ssl_parse_serverhello_use_srtp_ext(s, data, size,
+ 							      al))
+-- 
+1.7.9.5
+

meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-fix-CVE-2014-3566.patch

@@ -0,0 +1,502 @@
+From 6bfe55380abbf7528e04e59f18921bd6c896af1c Mon Sep 17 00:00:00 2001
+From: Bodo Moeller <bodo@openssl.org>
+Date: Wed, 15 Oct 2014 04:05:42 +0200
+Subject: [PATCH] Support TLS_FALLBACK_SCSV.
+
+Upstream-Status: Backport
+
+Reviewed-by: Rich Salz <rsalz@openssl.org>
+Signed-off-by: Catalin Popeanga <catalin.popeanga@enea.com>
+---
+ CHANGES               |    6 +++++
+ apps/s_client.c       |   10 +++++++++
+ crypto/err/openssl.ec |    1 +
+ ssl/d1_lib.c          |   10 +++++++++
+ ssl/dtls1.h           |    3 ++-
+ ssl/s23_clnt.c        |    3 +++
+ ssl/s23_srvr.c        |    3 +++
+ ssl/s2_lib.c          |    4 +++-
+ ssl/s3_enc.c          |    2 +-
+ ssl/s3_lib.c          |   29 +++++++++++++++++++++++-
+ ssl/ssl.h             |    9 ++++++++
+ ssl/ssl3.h            |    7 +++++-
+ ssl/ssl_err.c         |    2 ++
+ ssl/ssl_lib.c         |   60 +++++++++++++++++++++++++++++++++++++------------
+ ssl/t1_enc.c          |    1 +
+ ssl/tls1.h            |   15 ++++++++-----
+ 16 files changed, 140 insertions(+), 25 deletions(-)
+
+diff --git a/CHANGES b/CHANGES
+index 79477f6..c79f4d0 100644
+--- a/CHANGES
++++ b/CHANGES
+@@ -2,6 +2,14 @@
+  OpenSSL CHANGES
+  _______________
+ 
++ Changes added due to poodle vulnerability
++
++  *) Add support for TLS_FALLBACK_SCSV.
++     Client applications doing fallback retries should call
++     SSL_set_mode(s, SSL_MODE_SEND_FALLBACK_SCSV).
++     (CVE-2014-3566)
++     [Adam Langley, Bodo Moeller]
++
+  Changes between 1.0.1d and 1.0.1e [11 Feb 2013]
+ 
+   *)
+diff --git a/apps/s_client.c b/apps/s_client.c
+index 4625467..c2e160c 100644
+--- a/apps/s_client.c
++++ b/apps/s_client.c
+@@ -337,6 +337,7 @@ static void sc_usage(void)
+ 	BIO_printf(bio_err," -tls1_1       - just use TLSv1.1\n");
+ 	BIO_printf(bio_err," -tls1         - just use TLSv1\n");
+ 	BIO_printf(bio_err," -dtls1        - just use DTLSv1\n");    
++	BIO_printf(bio_err," -fallback_scsv - send TLS_FALLBACK_SCSV\n");
+ 	BIO_printf(bio_err," -mtu          - set the link layer MTU\n");
+ 	BIO_printf(bio_err," -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
+ 	BIO_printf(bio_err," -bugs         - Switch on all SSL implementation bug workarounds\n");
+@@ -617,6 +618,7 @@ int MAIN(int argc, char **argv)
+ 	char *sess_out = NULL;
+ 	struct sockaddr peer;
+ 	int peerlen = sizeof(peer);
++	int fallback_scsv = 0;
+ 	int enable_timeouts = 0 ;
+ 	long socket_mtu = 0;
+ #ifndef OPENSSL_NO_JPAKE
+@@ -823,6 +825,10 @@ int MAIN(int argc, char **argv)
+ 			meth=DTLSv1_client_method();
+ 			socket_type=SOCK_DGRAM;
+ 			}
++		else if (strcmp(*argv,"-fallback_scsv") == 0)
++			{
++			fallback_scsv = 1;
++			}
+ 		else if (strcmp(*argv,"-timeout") == 0)
+ 			enable_timeouts=1;
+ 		else if (strcmp(*argv,"-mtu") == 0)
+@@ -1235,6 +1241,10 @@ bad:
+ 		SSL_set_session(con, sess);
+ 		SSL_SESSION_free(sess);
+ 		}
++
++	if (fallback_scsv)
++		SSL_set_mode(con, SSL_MODE_SEND_FALLBACK_SCSV);
++
+ #ifndef OPENSSL_NO_TLSEXT
+ 	if (servername != NULL)
+ 		{
+diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec
+index e0554b4..34754e5 100644
+--- a/crypto/err/openssl.ec
++++ b/crypto/err/openssl.ec
+@@ -71,6 +71,7 @@ R SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION		1060
+ R SSL_R_TLSV1_ALERT_PROTOCOL_VERSION		1070
+ R SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY	1071
+ R SSL_R_TLSV1_ALERT_INTERNAL_ERROR		1080
++R SSL_R_SSLV3_ALERT_INAPPROPRIATE_FALLBACK	1086
+ R SSL_R_TLSV1_ALERT_USER_CANCELLED		1090
+ R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION		1100
+ R SSL_R_TLSV1_UNSUPPORTED_EXTENSION		1110
+diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
+index 6bde16f..82ca653 100644
+--- a/ssl/d1_lib.c
++++ b/ssl/d1_lib.c
+@@ -266,6 +266,16 @@ long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
+ 	case DTLS_CTRL_LISTEN:
+ 		ret = dtls1_listen(s, parg);
+ 		break;
++	case SSL_CTRL_CHECK_PROTO_VERSION:
++		/* For library-internal use; checks that the current protocol
++		 * is the highest enabled version (according to s->ctx->method,
++		 * as version negotiation may have changed s->method). */
++#if DTLS_MAX_VERSION != DTLS1_VERSION
++#  error Code needs update for DTLS_method() support beyond DTLS1_VERSION.
++#endif
++		/* Just one protocol version is supported so far;
++		 * fail closed if the version is not as expected. */
++		return s->version == DTLS_MAX_VERSION;
+ 
+ 	default:
+ 		ret = ssl3_ctrl(s, cmd, larg, parg);
+diff --git a/ssl/dtls1.h b/ssl/dtls1.h
+index e65d501..192c5de 100644
+--- a/ssl/dtls1.h
++++ b/ssl/dtls1.h
+@@ -84,6 +84,8 @@ extern "C" {
+ #endif
+ 
+ #define DTLS1_VERSION			0xFEFF
++#define DTLS_MAX_VERSION		DTLS1_VERSION
++
+ #define DTLS1_BAD_VER			0x0100
+ 
+ #if 0
+@@ -284,4 +286,3 @@ typedef struct dtls1_record_data_st
+ }
+ #endif
+ #endif
+-
+diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
+index 2b93c63..d4e43c3 100644
+--- a/ssl/s23_clnt.c
++++ b/ssl/s23_clnt.c
+@@ -736,6 +736,9 @@ static int ssl23_get_server_hello(SSL *s)
+ 			goto err;
+ 			}
+ 
++		/* ensure that TLS_MAX_VERSION is up-to-date */
++		OPENSSL_assert(s->version <= TLS_MAX_VERSION);
++
+ 		if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING)
+ 			{
+ 			/* fatal alert */
+diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
+index 2901a6b..567a6b1 100644
+--- a/ssl/s23_srvr.c
++++ b/ssl/s23_srvr.c
+@@ -421,6 +421,9 @@ int ssl23_get_client_hello(SSL *s)
+ 			}
+ 		}
+ 
++	/* ensure that TLS_MAX_VERSION is up-to-date */
++	OPENSSL_assert(s->version <= TLS_MAX_VERSION);
++
+ #ifdef OPENSSL_FIPS
+ 	if (FIPS_mode() && (s->version < TLS1_VERSION))
+ 		{
+diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c
+index c0bdae5..c63be30 100644
+--- a/ssl/s2_lib.c
++++ b/ssl/s2_lib.c
+@@ -391,6 +391,8 @@ long ssl2_ctrl(SSL *s, int cmd, long larg, void *parg)
+ 	case SSL_CTRL_GET_SESSION_REUSED:
+ 		ret=s->hit;
+ 		break;
++	case SSL_CTRL_CHECK_PROTO_VERSION:
++		return ssl3_ctrl(s, SSL_CTRL_CHECK_PROTO_VERSION, larg, parg);
+ 	default:
+ 		break;
+ 		}
+@@ -437,7 +439,7 @@ int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
+ 	if (p != NULL)
+ 		{
+ 		l=c->id;
+-		if ((l & 0xff000000) != 0x02000000) return(0);
++		if ((l & 0xff000000) != 0x02000000 && l != SSL3_CK_FALLBACK_SCSV) return(0);
+ 		p[0]=((unsigned char)(l>>16L))&0xFF;
+ 		p[1]=((unsigned char)(l>> 8L))&0xFF;
+ 		p[2]=((unsigned char)(l     ))&0xFF;
+diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
+index 9962677..9db45af 100644
+--- a/ssl/s3_enc.c
++++ b/ssl/s3_enc.c
+@@ -900,7 +900,7 @@ int ssl3_alert_code(int code)
+ 	case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(SSL3_AD_HANDSHAKE_FAILURE);
+ 	case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(SSL3_AD_HANDSHAKE_FAILURE);
+ 	case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY);
++	case SSL_AD_INAPPROPRIATE_FALLBACK:return(TLS1_AD_INAPPROPRIATE_FALLBACK);
+ 	default:			return(-1);
+ 		}
+ 	}
+-
+diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
+index e17f126..3f17453 100644
+--- a/ssl/s3_lib.c
++++ b/ssl/s3_lib.c
+@@ -3355,6 +3355,33 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
+ #endif
+ 
+ #endif /* !OPENSSL_NO_TLSEXT */
++
++	case SSL_CTRL_CHECK_PROTO_VERSION:
++		/* For library-internal use; checks that the current protocol
++		 * is the highest enabled version (according to s->ctx->method,
++		 * as version negotiation may have changed s->method). */
++		if (s->version == s->ctx->method->version)
++			return 1;
++		/* Apparently we're using a version-flexible SSL_METHOD
++		 * (not at its highest protocol version). */
++		if (s->ctx->method->version == SSLv23_method()->version)
++			{
++#if TLS_MAX_VERSION != TLS1_2_VERSION
++#  error Code needs update for SSLv23_method() support beyond TLS1_2_VERSION.
++#endif
++			if (!(s->options & SSL_OP_NO_TLSv1_2))
++				return s->version == TLS1_2_VERSION;
++			if (!(s->options & SSL_OP_NO_TLSv1_1))
++				return s->version == TLS1_1_VERSION;
++			if (!(s->options & SSL_OP_NO_TLSv1))
++				return s->version == TLS1_VERSION;
++			if (!(s->options & SSL_OP_NO_SSLv3))
++				return s->version == SSL3_VERSION;
++			if (!(s->options & SSL_OP_NO_SSLv2))
++				return s->version == SSL2_VERSION;
++			}
++		return 0; /* Unexpected state; fail closed. */
++
+ 	default:
+ 		break;
+ 		}
+@@ -3714,6 +3741,7 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
+ 		break;
+ #endif
+ #endif
++
+ 	default:
+ 		return(0);
+ 		}
+@@ -4296,4 +4324,3 @@ long ssl_get_algorithm2(SSL *s)
+ 		return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
+ 	return alg2;
+ 	}
+-		
+diff --git a/ssl/ssl.h b/ssl/ssl.h
+index b73da5e..b78a1cc 100644
+--- a/ssl/ssl.h
++++ b/ssl/ssl.h
+@@ -642,6 +642,11 @@
+  * or just freed (depending on the context's setting for freelist_max_len). */
+ #define SSL_MODE_RELEASE_BUFFERS 0x00000010L
+ 
++/* Send TLS_FALLBACK_SCSV in the ClientHello.
++ * To be set by applications that reconnect with a downgraded protocol
++ * version; see draft-ietf-tls-downgrade-scsv-00 for details. */
++#define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L
++
+ /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
+  * they cannot be used to clear bits. */
+ 
+@@ -1499,6 +1504,7 @@
+ #define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
+ #define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
+ #define SSL_AD_UNKNOWN_PSK_IDENTITY     TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */
++#define SSL_AD_INAPPROPRIATE_FALLBACK	TLS1_AD_INAPPROPRIATE_FALLBACK /* fatal */
+ 
+ #define SSL_ERROR_NONE			0
+ #define SSL_ERROR_SSL			1
+@@ -1608,6 +1614,7 @@
+ 
+ #define SSL_CTRL_GET_EXTRA_CHAIN_CERTS		82
+ #define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS	83
++#define SSL_CTRL_CHECK_PROTO_VERSION		119
+ 
+ #define DTLSv1_get_timeout(ssl, arg) \
+ 	SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
+@@ -2362,6 +2369,7 @@
+ #define SSL_R_HTTPS_PROXY_REQUEST			 155
+ #define SSL_R_HTTP_REQUEST				 156
+ #define SSL_R_ILLEGAL_PADDING				 283
++#define SSL_R_INAPPROPRIATE_FALLBACK                     373
+ #define SSL_R_INCONSISTENT_COMPRESSION			 340
+ #define SSL_R_INVALID_CHALLENGE_LENGTH			 158
+ #define SSL_R_INVALID_COMMAND				 280
+@@ -2508,6 +2516,7 @@
+ #define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED		 1021
+ #define SSL_R_TLSV1_ALERT_DECRYPT_ERROR			 1051
+ #define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION		 1060
++#define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK         1086
+ #define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY		 1071
+ #define SSL_R_TLSV1_ALERT_INTERNAL_ERROR		 1080
+ #define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION		 1100
+diff --git a/ssl/ssl3.h b/ssl/ssl3.h
+index 37f19e3..85f1504 100644
+--- a/ssl/ssl3.h
++++ b/ssl/ssl3.h
+@@ -128,9 +128,14 @@
+ extern "C" {
+ #endif
+ 
+-/* Signalling cipher suite value: from draft-ietf-tls-renegotiation-03.txt */
++/* Signalling cipher suite value from RFC 5746
++ * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV) */
+ #define SSL3_CK_SCSV				0x030000FF
+ 
++/* Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00
++ * (TLS_FALLBACK_SCSV) */
++#define SSL3_CK_FALLBACK_SCSV			0x03005600
++
+ #define SSL3_CK_RSA_NULL_MD5			0x03000001
+ #define SSL3_CK_RSA_NULL_SHA			0x03000002
+ #define SSL3_CK_RSA_RC4_40_MD5 			0x03000003
+diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
+index d2f0dec..1b7eb47 100644
+--- a/ssl/ssl_err.c
++++ b/ssl/ssl_err.c
+@@ -383,6 +383,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
+ {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST)   ,"https proxy request"},
+ {ERR_REASON(SSL_R_HTTP_REQUEST)          ,"http request"},
+ {ERR_REASON(SSL_R_ILLEGAL_PADDING)       ,"illegal padding"},
++{ERR_REASON(SSL_R_INAPPROPRIATE_FALLBACK),"inappropriate fallback"},
+ {ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION),"inconsistent compression"},
+ {ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"},
+ {ERR_REASON(SSL_R_INVALID_COMMAND)       ,"invalid command"},
+@@ -529,6 +530,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
+ {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED),"tlsv1 alert decryption failed"},
+ {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR),"tlsv1 alert decrypt error"},
+ {ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION),"tlsv1 alert export restriction"},
++{ERR_REASON(SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK),"tlsv1 alert inappropriate fallback"},
+ {ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY),"tlsv1 alert insufficient security"},
+ {ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR),"tlsv1 alert internal error"},
+ {ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION),"tlsv1 alert no renegotiation"},
+diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
+index cc094e4..3f66fc0 100644
+--- a/ssl/ssl_lib.c
++++ b/ssl/ssl_lib.c
+@@ -1387,6 +1387,8 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
+ 
+ 	if (sk == NULL) return(0);
+ 	q=p;
++	if (put_cb == NULL)
++		put_cb = s->method->put_cipher_by_char;
+ 
+ 	for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
+ 		{
+@@ -1402,24 +1402,36 @@ int ssl_cipher_list_to_bytes(SSL *s,STAC
+ 		    s->psk_client_callback == NULL)
+ 			continue;
+ #endif /* OPENSSL_NO_PSK */
+-		j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);
++		j = put_cb(c,p);
+ 		p+=j;
+ 		}
+-	/* If p == q, no ciphers and caller indicates an error. Otherwise
++	/* If p == q, no ciphers; caller indicates an error. Otherwise
+ 	 * add SCSV if not renegotiating.
+ 	 */
+-	if (p != q && !s->renegotiate)
++	if (p != q)
+ 		{
+-		static SSL_CIPHER scsv =
++		 if (!s->renegotiate)
+ 			{
+-			0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
+-			};
+-		j = put_cb ? put_cb(&scsv,p) : ssl_put_cipher_by_char(s,&scsv,p);
+-		p+=j;
++			static SSL_CIPHER scsv =
++				{
++				0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
++				};
++			j = put_cb(&scsv,p);
++			p+=j;
+ #ifdef OPENSSL_RI_DEBUG
+-		fprintf(stderr, "SCSV sent by client\n");
++			fprintf(stderr, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV sent by client\n");
+ #endif
+-		}
++			}
++		if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV)
++			{
++			static SSL_CIPHER scsv =
++				{
++				0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
++				};
++			j = put_cb(&scsv,p);
++			p+=j;
++			}
++ 		}
+ 
+ 	return(p-q);
+ 	}
+@@ -1439,11 +1453,12 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
+ 	const SSL_CIPHER *c;
+ 	STACK_OF(SSL_CIPHER) *sk;
+ 	int i,n;
++
+ 	if (s->s3)
+ 		s->s3->send_connection_binding = 0;
+ 
+ 	n=ssl_put_cipher_by_char(s,NULL,NULL);
+-	if ((num%n) != 0)
++	if (n == 0 || (num%n) != 0)
+ 		{
+ 		SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
+ 		return(NULL);
+@@ -1458,7 +1473,7 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
+ 
+ 	for (i=0; i<num; i+=n)
+ 		{
+-		/* Check for SCSV */
++		/* Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV */
+ 		if (s->s3 && (n != 3 || !p[0]) &&
+ 			(p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) &&
+ 			(p[n-1] == (SSL3_CK_SCSV & 0xff)))
+@@ -1478,6 +1493,23 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
+ 			continue;
+ 			}
+ 
++		/* Check for TLS_FALLBACK_SCSV */
++		if ((n != 3 || !p[0]) &&
++			(p[n-2] == ((SSL3_CK_FALLBACK_SCSV >> 8) & 0xff)) &&
++			(p[n-1] == (SSL3_CK_FALLBACK_SCSV & 0xff)))
++			{
++			/* The SCSV indicates that the client previously tried a higher version.
++			 * Fail if the current version is an unexpected downgrade. */
++			if (!SSL_ctrl(s, SSL_CTRL_CHECK_PROTO_VERSION, 0, NULL))
++				{
++				SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_INAPPROPRIATE_FALLBACK);
++				if (s->s3)
++					ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INAPPROPRIATE_FALLBACK);
++				goto err;
++				}
++			continue;
++			}
++
+ 		c=ssl_get_cipher_by_char(s,p);
+ 		p+=n;
+ 		if (c != NULL)
+diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
+index 1427484..1923cf3 100644
+--- a/ssl/t1_enc.c
++++ b/ssl/t1_enc.c
+@@ -1241,6 +1241,7 @@ int tls1_alert_code(int code)
+ 	case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE);
+ 	case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(TLS1_AD_BAD_CERTIFICATE_HASH_VALUE);
+ 	case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY);
++	case SSL_AD_INAPPROPRIATE_FALLBACK:return(TLS1_AD_INAPPROPRIATE_FALLBACK);
+ #if 0 /* not appropriate for TLS, not used for DTLS */
+ 	case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return 
+ 					  (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
+diff --git a/ssl/tls1.h b/ssl/tls1.h
+index c992091..6ae8876 100644
+--- a/ssl/tls1.h
++++ b/ssl/tls1.h
+@@ -159,17 +159,19 @@ extern "C" {
+ 
+ #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES	0
+ 
++#define TLS1_VERSION			0x0301
++#define TLS1_1_VERSION			0x0302
+ #define TLS1_2_VERSION			0x0303
+-#define TLS1_2_VERSION_MAJOR		0x03
+-#define TLS1_2_VERSION_MINOR		0x03
++#define TLS_MAX_VERSION			TLS1_2_VERSION
++
++#define TLS1_VERSION_MAJOR		0x03
++#define TLS1_VERSION_MINOR		0x01
+ 
+-#define TLS1_1_VERSION			0x0302
+ #define TLS1_1_VERSION_MAJOR		0x03
+ #define TLS1_1_VERSION_MINOR		0x02
+ 
+-#define TLS1_VERSION			0x0301
+-#define TLS1_VERSION_MAJOR		0x03
+-#define TLS1_VERSION_MINOR		0x01
++#define TLS1_2_VERSION_MAJOR		0x03
++#define TLS1_2_VERSION_MINOR		0x03
+ 
+ #define TLS1_get_version(s) \
+ 		((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0)
+@@ -187,6 +189,7 @@ extern "C" {
+ #define TLS1_AD_PROTOCOL_VERSION	70	/* fatal */
+ #define TLS1_AD_INSUFFICIENT_SECURITY	71	/* fatal */
+ #define TLS1_AD_INTERNAL_ERROR		80	/* fatal */
++#define TLS1_AD_INAPPROPRIATE_FALLBACK	86	/* fatal */
+ #define TLS1_AD_USER_CANCELLED		90
+ #define TLS1_AD_NO_RENEGOTIATION	100
+ /* codes 110-114 are from RFC3546 */
+-- 
+1.7.9.5
+

meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-fix-CVE-2014-3567.patch

@@ -0,0 +1,32 @@
+From 748270554824d2a51d1718f52a8d3ab34116bbfb Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve@openssl.org>
+Date: Wed, 15 Oct 2014 01:53:55 +0100
+Subject: [PATCH] Fix for session tickets memory leak.
+
+CVE-2014-3567
+
+Reviewed-by: Rich Salz <rsalz@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Signed-off-by: Catalin Popeanga <catalin.popeanga@enea.com>
+---
+ ssl/t1_lib.c |    3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
+index 879467c..77fe232 100644
+--- a/ssl/t1_lib.c
++++ b/ssl/t1_lib.c
+@@ -3380,7 +3380,10 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
+ 	HMAC_Final(&hctx, tick_hmac, NULL);
+ 	HMAC_CTX_cleanup(&hctx);
+ 	if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen))
++		{
++		EVP_CIPHER_CTX_cleanup(&ctx);
+ 		return 2;
++		}
+ 	/* Attempt to decrypt session data */
+ 	/* Move p after IV to start of encrypted ticket, update length */
+ 	p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx);
+-- 
+1.7.9.5
+

meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-fix-CVE-2014-3568.patch

@@ -0,0 +1,99 @@
+From 26a59d9b46574e457870197dffa802871b4c8fc7 Mon Sep 17 00:00:00 2001
+From: Geoff Thorpe <geoff@openssl.org>
+Date: Wed, 15 Oct 2014 03:25:50 -0400
+Subject: [PATCH] Fix no-ssl3 configuration option
+
+CVE-2014-3568
+
+Reviewed-by: Emilia Kasper <emilia@openssl.org>
+Reviewed-by: Rich Salz <rsalz@openssl.org>
+Signed-off-by: Catalin Popeanga <catalin.popeanga@enea.com>
+---
+ ssl/s23_clnt.c |    9 +++++++--
+ ssl/s23_srvr.c |   18 +++++++++---------
+ 2 files changed, 16 insertions(+), 11 deletions(-)
+
+diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
+index d4e43c3..86ab3de 100644
+--- a/ssl/s23_clnt.c
++++ b/ssl/s23_clnt.c
+@@ -125,9 +125,11 @@ static const SSL_METHOD *ssl23_get_client_method(int ver)
+ 	if (ver == SSL2_VERSION)
+ 		return(SSLv2_client_method());
+ #endif
++#ifndef OPENSSL_NO_SSL3
+ 	if (ver == SSL3_VERSION)
+ 		return(SSLv3_client_method());
+-	else if (ver == TLS1_VERSION)
++#endif
++	if (ver == TLS1_VERSION)
+ 		return(TLSv1_client_method());
+ 	else if (ver == TLS1_1_VERSION)
+ 		return(TLSv1_1_client_method());
+@@ -698,6 +700,7 @@ static int ssl23_get_server_hello(SSL *s)
+ 		{
+ 		/* we have sslv3 or tls1 (server hello or alert) */
+ 
++#ifndef OPENSSL_NO_SSL3
+ 		if ((p[2] == SSL3_VERSION_MINOR) &&
+ 			!(s->options & SSL_OP_NO_SSLv3))
+ 			{
+@@ -712,7 +715,9 @@ static int ssl23_get_server_hello(SSL *s)
+ 			s->version=SSL3_VERSION;
+ 			s->method=SSLv3_client_method();
+ 			}
+-		else if ((p[2] == TLS1_VERSION_MINOR) &&
++		else
++#endif
++		if ((p[2] == TLS1_VERSION_MINOR) &&
+ 			!(s->options & SSL_OP_NO_TLSv1))
+ 			{
+ 			s->version=TLS1_VERSION;
+diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
+index 567a6b1..93ca7d5 100644
+--- a/ssl/s23_srvr.c
++++ b/ssl/s23_srvr.c
+@@ -127,9 +127,11 @@ static const SSL_METHOD *ssl23_get_server_method(int ver)
+ 	if (ver == SSL2_VERSION)
+ 		return(SSLv2_server_method());
+ #endif
++#ifndef OPENSSL_NO_SSL3
+ 	if (ver == SSL3_VERSION)
+ 		return(SSLv3_server_method());
+-	else if (ver == TLS1_VERSION)
++#endif
++	if (ver == TLS1_VERSION)
+ 		return(TLSv1_server_method());
+ 	else if (ver == TLS1_1_VERSION)
+ 		return(TLSv1_1_server_method());
+@@ -600,6 +602,12 @@ int ssl23_get_client_hello(SSL *s)
+ 	if ((type == 2) || (type == 3))
+ 		{
+ 		/* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */
++                s->method = ssl23_get_server_method(s->version);
++		if (s->method == NULL)
++			{
++			SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
++			goto err;
++			}
+ 
+ 		if (!ssl_init_wbio_buffer(s,1)) goto err;
+ 
+@@ -627,14 +635,6 @@ int ssl23_get_client_hello(SSL *s)
+ 			s->s3->rbuf.left=0;
+ 			s->s3->rbuf.offset=0;
+ 			}
+-		if (s->version == TLS1_2_VERSION)
+-			s->method = TLSv1_2_server_method();
+-		else if (s->version == TLS1_1_VERSION)
+-			s->method = TLSv1_1_server_method();
+-		else if (s->version == TLS1_VERSION)
+-			s->method = TLSv1_server_method();
+-		else
+-			s->method = SSLv3_server_method();
+ #if 0 /* ssl3_get_client_hello does this */
+ 		s->client_version=(v[0]<<8)|v[1];
+ #endif
+-- 
+1.7.9.5
+

meta/recipes-connectivity/openssl/openssl.inc

@@ -17,6 +17,8 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
           "
 S = "${WORKDIR}/openssl-${PV}"
 
+PACKAGECONFIG[perl] = ",,,"
+
 AR_append = " r"
 # Avoid binaries being marked as requiring an executable stack since it 
 # doesn't(which causes and this causes issues with SELinux
@@ -37,7 +39,8 @@ PACKAGES =+ "libcrypto libssl ${PN}-misc openssl-conf"
 FILES_libcrypto = "${base_libdir}/libcrypto${SOLIBS}"
 FILES_libssl = "${libdir}/libssl.so.*"
 FILES_${PN} =+ " ${libdir}/ssl/*"
-FILES_${PN}-misc = "${libdir}/ssl/misc"
+FILES_${PN}-misc = "${libdir}/ssl/misc ${bindir}/c_rehash"
+RDEPENDS_${PN}-misc = "${@base_contains('PACKAGECONFIG', 'perl', 'perl', '', d)}"
 FILES_${PN}-dev += "${base_libdir}/libcrypto${SOLIBSDEV}"
 
 # Add the openssl.cnf file to the openssl-conf package.  Make the libcrypto
@@ -151,9 +154,18 @@ do_install () {
 
 	install -d ${D}${includedir}
 	cp --dereference -R include/openssl ${D}${includedir}
-	sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl
 
 	oe_multilib_header openssl/opensslconf.h
+	if [ "${@base_contains('PACKAGECONFIG', 'perl', 'perl', '', d)}" = "perl" ]; then
+		install -m 0755 ${S}/tools/c_rehash ${D}${bindir}
+		sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${bindir}/c_rehash
+		sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl
+		sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget
+		# The c_rehash utility isn't installed by the normal installation process.
+	else
+		rm -f ${D}${bindir}/c_rehash
+		rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget
+	fi
 }
 
 BBCLASSEXTEND = "native nativesdk"

meta/recipes-connectivity/openssl/openssl_1.0.1e.bb

@@ -6,7 +6,7 @@ DEPENDS += "ocf-linux"
 
 CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
 
-PR = "${INC_PR}.0"
+PR = "${INC_PR}.2"
 
 LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8"
 
@@ -34,6 +34,20 @@ SRC_URI += "file://configure-targets.patch \
             file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
             file://openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch \
             file://find.pl \
+            file://0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch \
+            file://0001-Fix-DTLS-retransmission-from-previous-session.patch \
+            file://0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch \
+            file://CVE-2014-0160.patch \
+            file://openssl-1.0.1e-cve-2014-0195.patch \
+            file://openssl-1.0.1e-cve-2014-0198.patch \
+            file://openssl-1.0.1e-cve-2014-0221.patch \
+            file://openssl-1.0.1e-cve-2014-0224.patch \
+            file://openssl-1.0.1e-cve-2014-3470.patch \
+            file://openssl-CVE-2010-5298.patch \
+	    file://openssl-fix-CVE-2014-3566.patch \
+	    file://openssl-fix-CVE-2014-3513.patch \
+	    file://openssl-fix-CVE-2014-3567.patch \
+	    file://openssl-fix-CVE-2014-3568.patch \
            "
 
 SRC_URI[md5sum] = "66bf6f10f060d561929de96f9dfe5b8c"

meta/recipes-connectivity/wpa-supplicant/wpa-supplicant-2.0.inc

@@ -82,9 +82,8 @@ do_install () {
 
 pkg_postinst_wpa-supplicant () {
 	# If we're offline, we don't need to do this.
-	if [ "x$D" != "x" ]; then
-		exit 0
+	if [ "x$D" = "x" ]; then
+		killall -q -HUP dbus-daemon || true
 	fi
 
-	killall -q -HUP dbus-daemon || true
 }

meta/recipes-core/coreutils/coreutils-6.9/coreutils-fix-texinfo.patch

@@ -0,0 +1,375 @@
+From 170be4023bbf9e9698a709e03265945588ac8e01 Mon Sep 17 00:00:00 2001
+From: Robert Yang <liezhi.yang@windriver.com>
+Date: Tue, 26 Nov 2013 00:21:50 +0800
+Subject: [PATCH] doc/coreutils.texi: Use '@item' instead of '@itemx'
+
+Use '@item' instead of '@itemx' in several places, as Texinfo 5 refuses
+to process an '@itemx' that is not preceded by an '@item'.  Ensure that
+node extended names in menus and sectioning are consistent, and that
+ordering and presence of nodes in menus and in the actual text are
+consistent as well.
+
+Upstream-Status: Backport [From: coreutils.7620.n7.nabble.com, bug#11828]
+
+Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
+---
+ doc/coreutils.texi | 82 +++++++++++++++++++++++++++---------------------------
+ 1 file changed, 41 insertions(+), 41 deletions(-)
+
+diff --git a/doc/coreutils.texi b/doc/coreutils.texi
+index 588147f..2dae3fe 100644
+--- a/doc/coreutils.texi
++++ b/doc/coreutils.texi
+@@ -555,7 +555,7 @@ symbolic link to a directory.  @xref{Target directory}.
+ @end macro
+ 
+ @macro optSi
+-@itemx --si
++@item --si
+ @opindex --si
+ @cindex SI output
+ Append an SI-style abbreviation to each size, such as @samp{M} for
+@@ -578,7 +578,7 @@ Use the @option{--si} option if you prefer powers of 1000.
+ @end macro
+ 
+ @macro optStripTrailingSlashes
+-@itemx @w{@kbd{--strip-trailing-slashes}}
++@item @w{@kbd{--strip-trailing-slashes}}
+ @opindex --strip-trailing-slashes
+ @cindex stripping trailing slashes
+ Remove any trailing slashes from each @var{source} argument.
+@@ -2496,7 +2496,7 @@ by 1048576.
+ However, if @var{n} starts with a @samp{-},
+ print all but the last @var{n} bytes of each file.
+ 
+-@itemx -n @var{n}
++@item -n @var{n}
+ @itemx --lines=@var{n}
+ @opindex -n
+ @opindex --lines
+@@ -2633,7 +2633,7 @@ This option is the same as @option{--follow=name --retry}.  That is, tail
+ will attempt to reopen a file when it is removed.  Should this fail, tail
+ will keep trying until it becomes accessible again.
+ 
+-@itemx --retry
++@item --retry
+ @opindex --retry
+ This option is useful mainly when following by name (i.e., with
+ @option{--follow=name}).
+@@ -2641,7 +2641,7 @@ Without this option, when tail encounters a file that doesn't
+ exist or is otherwise inaccessible, it reports that fact and
+ never checks it again.
+ 
+-@itemx --sleep-interval=@var{number}
++@item --sleep-interval=@var{number}
+ @opindex --sleep-interval
+ Change the number of seconds to wait between iterations (the default is 1.0).
+ During one iteration, every specified file is checked to see if it has
+@@ -2651,7 +2651,7 @@ Historical implementations of @command{tail} have required that
+ an arbitrary floating point number (using a period before any
+ fractional digits).
+ 
+-@itemx --pid=@var{pid}
++@item --pid=@var{pid}
+ @opindex --pid
+ When following by name or by descriptor, you may specify the process ID,
+ @var{pid}, of the sole writer of all @var{file} arguments.  Then, shortly
+@@ -2674,7 +2674,7 @@ terminate until long after the real writer has terminated.
+ Note that @option{--pid} cannot be supported on some systems; @command{tail}
+ will print a warning if this is the case.
+ 
+-@itemx --max-unchanged-stats=@var{n}
++@item --max-unchanged-stats=@var{n}
+ @opindex --max-unchanged-stats
+ When tailing a file by name, if there have been @var{n} (default
+ n=@value{DEFAULT_MAX_N_UNCHANGED_STATS_BETWEEN_OPENS}) consecutive
+@@ -2686,7 +2686,7 @@ number of seconds between when tail prints the last pre-rotation lines
+ and when it prints the lines that have accumulated in the new log file.
+ This option is meaningful only when following by name.
+ 
+-@itemx -n @var{n}
++@item -n @var{n}
+ @itemx --lines=@var{n}
+ @opindex -n
+ @opindex --lines
+@@ -2817,7 +2817,7 @@ option.
+ @opindex --numeric-suffixes
+ Use digits in suffixes rather than lower-case letters.
+ 
+-@itemx --verbose
++@item --verbose
+ @opindex --verbose
+ Write a diagnostic to standard error just before each output file is opened.
+ 
+@@ -3055,7 +3055,7 @@ Print only the newline counts.
+ @opindex --max-line-length
+ Print only the maximum line lengths.
+ 
+-@itemx --files0-from=@var{FILE}
++@item --files0-from=@var{FILE}
+ @opindex --files0-from=@var{FILE}
+ @cindex including files from @command{du}
+ Rather than processing files named on the command line, process those
+@@ -3250,7 +3250,7 @@ an MD5 checksum inconsistent with the associated file, or if no valid
+ line is found, @command{md5sum} exits with nonzero status.  Otherwise,
+ it exits successfully.
+ 
+-@itemx --status
++@item --status
+ @opindex --status
+ @cindex verifying MD5 checksums
+ This option is useful only when verifying checksums.
+@@ -5837,7 +5837,7 @@ command line unless the @option{--dereference-command-line} (@option{-H}),
+ If a command line argument specifies a symbolic link, show information
+ for the file the link references rather than for the link itself.
+ 
+-@itemx --dereference-command-line-symlink-to-dir
++@item --dereference-command-line-symlink-to-dir
+ @opindex --dereference-command-line-symlink-to-dir
+ @cindex symbolic links, dereferencing
+ Do not dereference symbolic links, with one exception:
+@@ -7015,15 +7015,15 @@ If specified, the @var{attribute_list} must be a comma-separated list
+ of one or more of the following strings:
+ 
+ @table @samp
+-@itemx mode
++@item mode
+ Preserve the file mode bits and access control lists.
+-@itemx ownership
++@item ownership
+ Preserve the owner and group.  On most modern systems,
+ only users with appropriate privileges may change the owner of a file,
+ and ordinary users
+ may preserve the group ownership of a file only if they happen to be
+ a member of the desired group.
+-@itemx timestamps
++@item timestamps
+ Preserve the times of last access and last modification, when possible.
+ In general, it is not possible to preserve these attributes
+ when the affected file is a symbolic link.
+@@ -7031,12 +7031,12 @@ However, FreeBSD now provides the @code{lutimes} function, which makes
+ it possibile even for symbolic links.  However, this implementation does
+ not yet take advantage of that.
+ @c FIXME: once we provide lutimes support, update the above.
+-@itemx links
++@item links
+ Preserve in the destination files
+ any links between corresponding source files.
+ @c Give examples illustrating how hard links are preserved.
+ @c Also, show how soft links map to hard links with -L and -H.
+-@itemx all
++@item all
+ Preserve all file attributes.
+ Equivalent to specifying all of the above.
+ @end table
+@@ -7049,12 +7049,12 @@ mode bits of the corresponding source file, minus the bits set in the
+ umask and minus the set-user-ID and set-group-ID bits.
+ @xref{File permissions}.
+ 
+-@itemx @w{@kbd{--no-preserve}=@var{attribute_list}}
++@item @w{@kbd{--no-preserve}=@var{attribute_list}}
+ @cindex file information, preserving
+ Do not preserve the specified attributes.  The @var{attribute_list}
+ has the same form as for @option{--preserve}.
+ 
+-@itemx --parents
++@item --parents
+ @opindex --parents
+ @cindex parent directories and @command{cp}
+ Form the name of each destination file by appending to the target
+@@ -7070,7 +7070,7 @@ cp --parents a/b/c existing_dir
+ copies the file @file{a/b/c} to @file{existing_dir/a/b/c}, creating
+ any missing intermediate directories.
+ 
+-@itemx @w{@kbd{--reply}=@var{how}}
++@item @w{@kbd{--reply}=@var{how}}
+ @opindex --reply
+ @cindex interactivity
+ @c FIXME: remove in 2008
+@@ -7742,7 +7742,7 @@ Prompt whether to overwrite each existing destination file, regardless
+ of its permissions.
+ If the response is not affirmative, the file is skipped.
+ 
+-@itemx @w{@kbd{--reply}=@var{how}}
++@item @w{@kbd{--reply}=@var{how}}
+ @opindex --reply
+ @cindex interactivity
+ @c FIXME: remove in 2008
+@@ -7847,7 +7847,7 @@ files are named or if a recursive removal is requested.  Ignore any
+ previous @option{--force} (@option{-f}) option.  Equivalent to
+ @option{--interactive=once}.
+ 
+-@itemx --interactive [=@var{when}]
++@item --interactive [=@var{when}]
+ @opindex --interactive
+ Specify when to issue an interactive prompt.  @var{when} may be
+ omitted, or one of:
+@@ -7866,7 +7866,7 @@ removal is requested.  Equivalent to @option{-I}.
+ Specifying @option{--interactive} and no @var{when} is equivalent to
+ @option{--interactive=always}.
+ 
+-@itemx --one-file-system
++@item --one-file-system
+ @opindex --one-file-system
+ @cindex one file system, restricting @command{rm} to
+ When removing a hierarchy recursively, skip any directory that is on a
+@@ -7884,7 +7884,7 @@ warn about and skip directories on other file systems.
+ Of course, this will not save your @file{/home} if it and your
+ chroot happen to be on the same file system.
+ 
+-@itemx --preserve-root
++@item --preserve-root
+ @opindex --preserve-root
+ @cindex root directory, disallow recursive destruction
+ Fail upon any attempt to remove the root directory, @file{/},
+@@ -7892,7 +7892,7 @@ when used with the @option{--recursive} option.
+ This is the default behavior.
+ @xref{Treating / specially}.
+ 
+-@itemx --no-preserve-root
++@item --no-preserve-root
+ @opindex --no-preserve-root
+ @cindex root directory, allow recursive destruction
+ Do not treat @file{/} specially when removing recursively.
+@@ -8874,7 +8874,7 @@ actually changes.
+ Do not print error messages about files whose ownership cannot be
+ changed.
+ 
+-@itemx @w{@kbd{--from}=@var{old-owner}}
++@item @w{@kbd{--from}=@var{old-owner}}
+ @opindex --from
+ @cindex symbolic links, changing owner
+ Change a @var{file}'s ownership only if it has current attributes specified
+@@ -8928,14 +8928,14 @@ is a symbolic link.
+ By default, no diagnostic is issued for symbolic links encountered
+ during a recursive traversal, but see @option{--verbose}.
+ 
+-@itemx --preserve-root
++@item --preserve-root
+ @opindex --preserve-root
+ @cindex root directory, disallow recursive modification
+ Fail upon any attempt to recursively change the root directory, @file{/}.
+ Without @option{--recursive}, this option has no effect.
+ @xref{Treating / specially}.
+ 
+-@itemx --no-preserve-root
++@item --no-preserve-root
+ @opindex --no-preserve-root
+ @cindex root directory, allow recursive modification
+ Cancel the effect of any preceding @option{--preserve-root} option.
+@@ -9054,14 +9054,14 @@ is a symbolic link.
+ By default, no diagnostic is issued for symbolic links encountered
+ during a recursive traversal, but see @option{--verbose}.
+ 
+-@itemx --preserve-root
++@item --preserve-root
+ @opindex --preserve-root
+ @cindex root directory, disallow recursive modification
+ Fail upon any attempt to recursively change the root directory, @file{/}.
+ Without @option{--recursive}, this option has no effect.
+ @xref{Treating / specially}.
+ 
+-@itemx --no-preserve-root
++@item --no-preserve-root
+ @opindex --no-preserve-root
+ @cindex root directory, allow recursive modification
+ Cancel the effect of any preceding @option{--preserve-root} option.
+@@ -9175,14 +9175,14 @@ actually changes.
+ Do not print error messages about files whose permissions cannot be
+ changed.
+ 
+-@itemx --preserve-root
++@item --preserve-root
+ @opindex --preserve-root
+ @cindex root directory, disallow recursive modification
+ Fail upon any attempt to recursively change the root directory, @file{/}.
+ Without @option{--recursive}, this option has no effect.
+ @xref{Treating / specially}.
+ 
+-@itemx --no-preserve-root
++@item --no-preserve-root
+ @opindex --no-preserve-root
+ @cindex root directory, allow recursive modification
+ Cancel the effect of any preceding @option{--preserve-root} option.
+@@ -9603,7 +9603,7 @@ The program accepts the following options.  Also see @ref{Common options}.
+ @opindex --all
+ Show counts for all files, not just directories.
+ 
+-@itemx --apparent-size
++@item --apparent-size
+ @opindex --apparent-size
+ Print apparent sizes, rather than disk usage.  The apparent size of a
+ file is the number of bytes reported by @code{wc -c} on regular files,
+@@ -9654,7 +9654,7 @@ Does not affect other symbolic links.  This is helpful for finding
+ out the disk usage of directories, such as @file{/usr/tmp}, which
+ are often symbolic links.
+ 
+-@itemx --files0-from=@var{FILE}
++@item --files0-from=@var{FILE}
+ @opindex --files0-from=@var{FILE}
+ @cindex including files from @command{du}
+ Rather than processing files named on the command line, process those
+@@ -9733,7 +9733,7 @@ Output a null byte at the end of each line, rather than a newline.
+ This option enables other programs to parse the output of @command{du}
+ even when that output would contain file names with embedded newlines.
+ 
+-@itemx --si
++@item --si
+ @opindex --si
+ @cindex SI output
+ Append an SI-style abbreviation to each size, such as @samp{MB} for
+@@ -9754,13 +9754,13 @@ Display only a total for each argument.
+ Report the size of each directory separately, not including the sizes
+ of subdirectories.
+ 
+-@itemx --time
++@item --time
+ @opindex --time
+ @cindex last modified dates, displaying in @command{du}
+ Show time of the most recent modification of any file in the directory,
+ or any of its subdirectories.
+ 
+-@itemx --time=ctime
++@item --time=ctime
+ @itemx --time=status
+ @itemx --time=use
+ @opindex --time
+@@ -9770,7 +9770,7 @@ or any of its subdirectories.
+ Show the most recent status change time (the @samp{ctime} in the inode) of
+ any file in the directory, instead of the modification time.
+ 
+-@itemx --time=atime
++@item --time=atime
+ @itemx --time=access
+ @opindex --time
+ @opindex atime@r{, show the most recent}
+@@ -9911,7 +9911,7 @@ $ stat --format=%d:%i / /usr
+ 2057:2
+ @end example
+ 
+-@itemx --printf=@var{format}
++@item --printf=@var{format}
+ @opindex --printf=@var{format}
+ @cindex output format
+ Use @var{format} rather than the default format.
+@@ -12240,7 +12240,7 @@ Overrides all other options.
+ @opindex -s
+ Ignored; for compatibility with other versions of @command{who}.
+ 
+-@itemx -u
++@item -u
+ @opindex -u
+ @cindex idle time
+ After the login time, print the number of hours and minutes that the
+@@ -12254,7 +12254,7 @@ user has been idle.  @samp{.} means the user was active in the last minute.
+ List only the entries that correspond to processes via which the
+ system is waiting for a user to login.  The user name is always @samp{LOGIN}.
+ 
+-@itemx --lookup
++@item --lookup
+ @opindex --lookup
+ Attempt to canonicalize hostnames found in utmp through a DNS lookup.  This
+ is not the default because it can cause significant delays on systems with
+-- 
+1.8.3.1
+

meta/recipes-core/coreutils/coreutils_6.9.bb

@@ -24,6 +24,7 @@ SRC_URI_BASE = "${GNU_MIRROR}/coreutils/${BP}.tar.bz2 \
            file://man-touch.patch \
            file://coreutils_fix_for_automake-1.12.patch \
            file://coreutils-build-with-acl.patch \
+           file://coreutils-fix-texinfo.patch \
            "
 
 SRC_URI = "${SRC_URI_BASE} file://fix_for_manpage_building.patch"

meta/recipes-core/dbus/dbus.inc

@@ -5,10 +5,7 @@ SECTION = "base"
 LICENSE = "AFL-2 | GPLv2+"
 LIC_FILES_CHKSUM = "file://COPYING;md5=10dded3b58148f3f1fd804b26354af3e \
                     file://dbus/dbus.h;beginline=6;endline=20;md5=7755c9d7abccd5dbd25a6a974538bb3c"
-X11DEPENDS = "virtual/libx11 libsm"
-DEPENDS = "expat virtual/libintl ${@base_contains('DISTRO_FEATURES', 'x11', '${X11DEPENDS}', '', d)}"
-DEPENDS_class-native = "expat-native virtual/libintl-native"
-DEPENDS_class-nativesdk = "nativesdk-expat virtual/nativesdk-libintl"
+DEPENDS = "expat virtual/libintl"
 RDEPENDS_dbus = "${@base_contains('DISTRO_FEATURES', 'ptest', 'dbus-ptest-ptest', '', d)}"
 RDEPENDS_class-native = ""
 
@@ -72,21 +69,23 @@ pkg_postinst_dbus() {
 	fi
 }
 
-EXTRA_OECONF_X = "${@base_contains('DISTRO_FEATURES', 'x11', '--with-x', '--without-x', d)}"
-EXTRA_OECONF_X_class-native = "--without-x --disable-x11-autolaunch"
-# TODO: would like to --enable-systemd but that's a circular build-dependency
-# between systemd<->dbus
-EXTRA_OECONF_SYSTEMD = "${@base_contains('DISTRO_FEATURES', 'systemd', '--with-systemdsystemunitdir=${systemd_unitdir}/system/', '--without-systemdsystemunitdir', d)}"
-
 EXTRA_OECONF = "--disable-tests \
                 --disable-checks \
                 --disable-xml-docs \
                 --disable-doxygen-docs \
                 --disable-libaudit \
                 --with-xml=expat \
-                --disable-systemd \
-                ${EXTRA_OECONF_SYSTEMD} \
-                ${EXTRA_OECONF_X}"
+                --disable-systemd"
+
+PACKAGECONFIG ??= "${@base_contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)} \
+                   ${@base_contains('DISTRO_FEATURES', 'x11', 'x11', '', d)}"
+PACKAGECONFIG_class-native = ""
+PACKAGECONFIG_class-nativesdk = ""
+
+# Would like to --enable-systemd but that's a circular build-dependency between
+# systemd<->dbus
+PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_unitdir}/system/,--without-systemdsystemunitdir"
+PACKAGECONFIG[x11] = "--with-x --enable-x11-autolaunch,--without-x --disable-x11-autolaunch, virtual/libx11 libsm"
 
 do_install() {
 	autotools_do_install

meta/recipes-core/eglibc/eglibc-2.18/ppc-fix-time-related-syscalls.patch

@@ -0,0 +1,227 @@
+Upstream-Status: Backport
+
+Concatenated fix of PowerPC time related system calls in eglibc 2.18 taken
+from upstream glibc. Eglibc 2.17 does not have this issue and the patches are
+already part of 2.19.
+This compilation includes the following committs:
+
+
+PowerPC: Fix vDSO missing ODP entries
+
+author	Adhemerval Zanella <azanella@linux.vnet.ibm.com>
+	Thu, 7 Nov 2013 11:34:22 +0000 (05:34 -0600)
+
+This patch fixes the vDSO symbol used directed in IFUNC resolver where
+they do not have an associated ODP entry leading to undefined behavior
+in some cases. It adds an artificial OPD static entry to such cases
+and set its TOC to non 0 to avoid triggering lazy resolutions.
+
+
+Update copyright notices with scripts/update-copyrights
+
+author	Allan McRae <allan@archlinux.org>
+	Wed, 1 Jan 2014 11:03:15 +0000 (21:03 +1000)
+
+((Only for files otherwise touched by this patch))
+
+
+PowerPC: Fix ftime gettimeofday internal call returning bogus data
+
+author	Adhemerval Zanella <azanella@linux.vnet.ibm.com>
+	Thu, 16 Jan 2014 12:53:18 +0000 (06:53 -0600)
+
+This patches fixes BZ#16430 by setting a different symbol for internal
+GLIBC calls that points to ifunc resolvers. For PPC32, if the symbol
+is defined as hidden (which is the case for gettimeofday and time) the
+compiler will create local branches (symbol@local) and linker will not
+create PLT calls (required for IFUNC). This will leads to internal symbol
+calling the IFUNC resolver instead of the resolved symbol.
+For PPC64 this behavior does not occur because a call to a function in
+another translation unit might use a different toc pointer thus requiring
+a PLT call.
+
+
+PowerPC: Fix gettimeofday ifunc selection
+
+author	Adhemerval Zanella <azanella@linux.vnet.ibm.com>
+	Mon, 20 Jan 2014 18:29:51 +0000 (12:29 -0600)
+
+The IFUNC selector for gettimeofday runs before _libc_vdso_platform_setup where
+__vdso_gettimeofday is set. The selector then sets __gettimeofday (the internal
+version used within GLIBC) to use the system call version instead of the vDSO one.
+This patch changes the check if vDSO is available to get its value directly
+instead of rely on __vdso_gettimeofday.
+
+This patch changes it by getting the vDSO value directly.
+
+It fixes BZ#16431.
+
+
+---
+diff -pruN libc.orig/sysdeps/unix/sysv/linux/powerpc/bits/libc-vdso.h libc/sysdeps/unix/sysv/linux/powerpc/bits/libc-vdso.h
+--- libc.orig/sysdeps/unix/sysv/linux/powerpc/bits/libc-vdso.h
++++ libc/sysdeps/unix/sysv/linux/powerpc/bits/libc-vdso.h
+@@ -1,5 +1,5 @@
+ /* Resolve function pointers to VDSO functions.
+-   Copyright (C) 2005-2013 Free Software Foundation, Inc.
++   Copyright (C) 2005-2014 Free Software Foundation, Inc.
+    This file is part of the GNU C Library.
+ 
+    The GNU C Library is free software; you can redistribute it and/or
+@@ -34,12 +34,32 @@ extern void *__vdso_getcpu;
+ 
+ extern void *__vdso_time;
+ 
+-/* This macro is needed for PPC64 to return a skeleton OPD entry of a vDSO
+-   symbol.  This works because _dl_vdso_vsym always return the function
+-   address, and no vDSO symbols use the TOC or chain pointers from the OPD
+-   so we can allow them to be garbage.  */
+ #if defined(__PPC64__) || defined(__powerpc64__)
+-#define VDSO_IFUNC_RET(value)  ((void *) &(value))
++/* The correct solution is for _dl_vdso_vsym to return the address of the OPD
++   for the kernel VDSO function.  That address would then be stored in the
++   __vdso_* variables and returned as the result of the IFUNC resolver function.
++   Yet, the kernel does not contain any OPD entries for the VDSO functions
++   (incomplete implementation).  However, PLT relocations for IFUNCs still expect
++   the address of an OPD to be returned from the IFUNC resolver function (since
++   PLT entries on PPC64 are just copies of OPDs).  The solution for now is to
++   create an artificial static OPD for each VDSO function returned by a resolver
++   function.  The TOC value is set to a non-zero value to avoid triggering lazy
++   symbol resolution via .glink0/.plt0 for a zero TOC (requires thread-safe PLT
++   sequences) when the dynamic linker isn't prepared for it e.g. RTLD_NOW.  None
++   of the kernel VDSO routines use the TOC or AUX values so any non-zero value
++   will work.  Note that function pointer comparisons will not use this artificial
++   static OPD since those are resolved via ADDR64 relocations and will point at
++   the non-IFUNC default OPD for the symbol.  Lastly, because the IFUNC relocations
++   are processed immediately at startup the resolver functions and this code need
++   not be thread-safe, but if the caller writes to a PLT slot it must do so in a
++   thread-safe manner with all the required barriers.  */
++#define VDSO_IFUNC_RET(value)                            \
++  ({                                                     \
++    static Elf64_FuncDesc vdso_opd = { .fd_toc = ~0x0 }; \
++    vdso_opd.fd_func = (Elf64_Addr)value;                \
++    &vdso_opd;                                           \
++  })
++
+ #else
+ #define VDSO_IFUNC_RET(value)  ((void *) (value))
+ #endif
+diff -pruN libc.orig/sysdeps/unix/sysv/linux/powerpc/gettimeofday.c libc/sysdeps/unix/sysv/linux/powerpc/gettimeofday.c
+--- libc.orig/sysdeps/unix/sysv/linux/powerpc/gettimeofday.c
++++ libc/sysdeps/unix/sysv/linux/powerpc/gettimeofday.c
+@@ -1,4 +1,4 @@
+-/* Copyright (C) 2005-2013 Free Software Foundation, Inc.
++/* Copyright (C) 2005-2014 Free Software Foundation, Inc.
+    This file is part of the GNU C Library.
+ 
+    The GNU C Library is free software; you can redistribute it and/or
+@@ -22,6 +22,7 @@
+ 
+ # include <dl-vdso.h>
+ # include <bits/libc-vdso.h>
++# include <dl-machine.h>
+ 
+ void *gettimeofday_ifunc (void) __asm__ ("__gettimeofday");
+ 
+@@ -34,17 +35,36 @@ __gettimeofday_syscall (struct timeval *
+ void *
+ gettimeofday_ifunc (void)
+ {
++  PREPARE_VERSION (linux2615, "LINUX_2.6.15", 123718565);
++
+   /* If the vDSO is not available we fall back syscall.  */
+-  return (__vdso_gettimeofday ? VDSO_IFUNC_RET (__vdso_gettimeofday)
+-	  : __gettimeofday_syscall);
++  void *vdso_gettimeofday = _dl_vdso_vsym ("__kernel_gettimeofday", &linux2615);
++  return (vdso_gettimeofday ? VDSO_IFUNC_RET (vdso_gettimeofday)
++         : (void*)__gettimeofday_syscall);
+ }
+ asm (".type __gettimeofday, %gnu_indirect_function");
+ 
+ /* This is doing "libc_hidden_def (__gettimeofday)" but the compiler won't
+    let us do it in C because it doesn't know we're defining __gettimeofday
+    here in this file.  */
+-asm (".globl __GI___gettimeofday\n"
+-     "__GI___gettimeofday = __gettimeofday");
++asm (".globl __GI___gettimeofday");
++
++/* __GI___gettimeofday is defined as hidden and for ppc32 it enables the
++   compiler make a local call (symbol@local) for internal GLIBC usage. It
++   means the PLT won't be used and the ifunc resolver will be called directly.
++   For ppc64 a call to a function in another translation unit might use a
++   different toc pointer thus disallowing direct branchess and making internal
++   ifuncs calls safe.  */
++#ifdef __powerpc64__
++asm ("__GI___gettimeofday = __gettimeofday");
++#else
++int
++__gettimeofday_vsyscall (struct timeval *tv, struct timezone *tz)
++{
++  return INLINE_VSYSCALL (gettimeofday, 2, tv, tz);
++}
++asm ("__GI___gettimeofday = __gettimeofday_vsyscall");
++#endif
+ 
+ #else
+ 
+diff -pruN libc.orig/sysdeps/unix/sysv/linux/powerpc/time.c libc/sysdeps/unix/sysv/linux/powerpc/time.c
+--- libc.orig/sysdeps/unix/sysv/linux/powerpc/time.c
++++ libc/sysdeps/unix/sysv/linux/powerpc/time.c
+@@ -1,5 +1,5 @@
+ /* time system call for Linux/PowerPC.
+-   Copyright (C) 2013 Free Software Foundation, Inc.
++   Copyright (C) 2013-2014 Free Software Foundation, Inc.
+    This file is part of the GNU C Library.
+ 
+    The GNU C Library is free software; you can redistribute it and/or
+@@ -20,7 +20,9 @@
+ 
+ # include <time.h>
+ # include <sysdep.h>
++# include <dl-vdso.h>
+ # include <bits/libc-vdso.h>
++# include <dl-machine.h>
+ 
+ void *time_ifunc (void) asm ("time");
+ 
+@@ -43,17 +45,36 @@ time_syscall (time_t *t)
+ void *
+ time_ifunc (void)
+ {
++  PREPARE_VERSION (linux2615, "LINUX_2.6.15", 123718565);
++
+   /* If the vDSO is not available we fall back to the syscall.  */
+-  return (__vdso_time ? VDSO_IFUNC_RET (__vdso_time)
+-	  : time_syscall);
++  void *vdso_time = _dl_vdso_vsym ("__kernel_time", &linux2615);
++  return (vdso_time ? VDSO_IFUNC_RET (vdso_time)
++         : (void*)time_syscall);
+ }
+ asm (".type time, %gnu_indirect_function");
+ 
+ /* This is doing "libc_hidden_def (time)" but the compiler won't
+  * let us do it in C because it doesn't know we're defining time
+  * here in this file.  */
+-asm (".globl __GI_time\n"
+-     "__GI_time = time");
++asm (".globl __GI_time");
++
++/* __GI_time is defined as hidden and for ppc32 it enables the
++   compiler make a local call (symbol@local) for internal GLIBC usage. It
++   means the PLT won't be used and the ifunc resolver will be called directly.
++   For ppc64 a call to a function in another translation unit might use a
++   different toc pointer thus disallowing direct branchess and making internal
++   ifuncs calls safe.  */
++#ifdef __powerpc64__
++asm ("__GI_time = time");
++#else
++time_t
++__time_vsyscall (time_t *t)
++{
++  return INLINE_VSYSCALL (time, 1, t);
++}
++asm ("__GI_time = __time_vsyscall");
++#endif
+ 
+ #else
+ 

meta/recipes-core/eglibc/eglibc-initial.inc

@@ -1,5 +1,3 @@
-require eglibc-common.inc
-
 DEPENDS = "linux-libc-headers virtual/${TARGET_PREFIX}gcc-initial"
 PROVIDES = "virtual/${TARGET_PREFIX}libc-initial"
 

meta/recipes-core/eglibc/eglibc-locale.inc

@@ -8,7 +8,9 @@ LOCALEBASEPN = "${MLPREFIX}eglibc"
 # eglibc-collateral.inc inhibits all default deps, but do_package needs objcopy
 # ERROR: objcopy failed with exit code 127 (cmd was 'i586-webos-linux-objcopy' --only-keep-debug 'eglibc-locale/2.17-r0/package/usr/lib/gconv/IBM1166.so' 'eglibc-locale/2.17-r0/package/usr/lib/gconv/.debug/IBM1166.so')
 # ERROR: Function failed: split_and_strip_files
-DEPENDS_class-target = "virtual/${TARGET_PREFIX}binutils"
+BINUTILSDEP = "virtual/${MLPREFIX}${TARGET_PREFIX}binutils:do_populate_sysroot"
+BINUTILSDEP_class-nativesdk = "virtual/${TARGET_PREFIX}binutils-crosssdk:do_populate_sysroot"
+do_package[depends] += "${BINUTILSDEP}"
 
 # Binary locales are generated at build time if ENABLE_BINARY_LOCALE_GENERATION
 # is set. The idea is to avoid running localedef on the target (at first boot)

meta/recipes-core/eglibc/eglibc_2.18.bb

@@ -28,6 +28,7 @@ SRC_URI = "http://downloads.yoctoproject.org/releases/eglibc/eglibc-${PV}-svnr23
            file://fix-tibetian-locales.patch \
            file://0001-ARM-Pass-dl_hwcap-to-IFUNC-resolver.patch \
            file://make-4.patch \
+           file://ppc-fix-time-related-syscalls.patch \
           "
 SRC_URI[md5sum] = "b395b021422a027d89884992e91734fc"
 SRC_URI[sha256sum] = "15f564b45dc5dd65faf0875579e3447961ae61e876933384ae05d19328539ad4"

meta/recipes-core/images/build-appliance-image_8.0.bb

@@ -21,7 +21,7 @@ IMAGE_FSTYPES = "vmdk"
 
 inherit core-image
 
-SRCREV ?= "785b7e392922453698dd8b21cae5b229a9352031"
+SRCREV ?= "0f1edf6ea5e4e206149a4c1f95ce675e17bbac92"
 SRC_URI = "git://git.yoctoproject.org/poky \
            file://Yocto_Build_Appliance.vmx \
            file://Yocto_Build_Appliance.vmxf \

meta/recipes-core/systemd/systemd/journald-fix-fd-leak-in-journal_file_empty.patch

@@ -0,0 +1,27 @@
+journald: fix fd leak in journal_file_empty
+Before my previous patch, journal_file_empty wasn't be called with the
+correct filename. Now that it's being called with the correct filename
+it leaks file descriptors. This patch closes the file descriptors before
+returning.
+
+Signed-off-by: George McCollister <george.mccollister@gmail.com>
+
+
+Index: systemd-206/src/journal/journal-vacuum.c
+===================================================================
+--- systemd-206.orig/src/journal/journal-vacuum.c	2013-07-21 19:43:28.146183128 -0300
++++ systemd-206/src/journal/journal-vacuum.c	2014-01-29 20:43:27.492343295 -0200
+@@ -129,9 +129,9 @@
+ }
+ 
+ static int journal_file_empty(int dir_fd, const char *name) {
+-        int fd, r;
++        int r;
+         le64_t n_entries;
+-
++        _cleanup_close_ int fd;
+         fd = openat(dir_fd, name, O_RDONLY|O_CLOEXEC|O_NOFOLLOW|O_NONBLOCK);
+         if (fd < 0)
+                 return -errno;
+
+Upstream-Status: Backport [207]

meta/recipes-core/systemd/systemd/journald-fix-vacuuming-of-archived-journals.patch

@@ -0,0 +1,37 @@
+journald: fix vacuuming of archived journals
+d_name is modified on line 227 so if the entire journal name is needed
+again p must be used. Before this change when journal_file_empty was called
+on archived journals it would always return with -2.
+
+Signed-off-by: George McCollister <george.mccollister@gmail.com>
+
+Index: systemd-206/src/journal/journal-vacuum.c
+===================================================================
+--- systemd-206.orig/src/journal/journal-vacuum.c	2014-01-29 20:43:27.492343295 -0200
++++ systemd-206/src/journal/journal-vacuum.c	2014-01-29 20:48:55.076356876 -0200
+@@ -265,18 +265,18 @@
+                         /* We do not vacuum active files or unknown files! */
+                         continue;
+ 
+-                if (journal_file_empty(dirfd(d), de->d_name)) {
++                if (journal_file_empty(dirfd(d), p)) {
+ 
+                         /* Always vacuum empty non-online files. */
+ 
+-                        if (unlinkat(dirfd(d), de->d_name, 0) >= 0)
+-                                log_debug("Deleted empty journal %s/%s.", directory, de->d_name);
++                        if (unlinkat(dirfd(d), p, 0) >= 0)
++                                log_debug("Deleted empty journal %s/%s.", directory, p);
+                         else if (errno != ENOENT)
+-                                log_warning("Failed to delete %s/%s: %m", directory, de->d_name);
++                                log_warning("Failed to delete %s/%s: %m", directory, p);
+                         continue;
+                 }
+ 
+-                patch_realtime(directory, de->d_name, &st, &realtime);
++                patch_realtime(directory, p, &st, &realtime);
+ 
+                 GREEDY_REALLOC(list, n_allocated, n_list + 1);
+
+
+Upstream-Status: Backport [207] 

meta/recipes-core/systemd/systemd_206.bb

@@ -21,6 +21,8 @@ SRC_URI = "http://www.freedesktop.org/software/systemd/systemd-${PV}.tar.xz \
            file://0001-use-CAP_MKNOD-ConditionCapability.patch \
            file://0001-Use-bin-mkdir-instead-of-host-mkdir-path.patch \
            file://binfmt-install.patch \
+           file://journald-fix-fd-leak-in-journal_file_empty.patch \
+           file://journald-fix-vacuuming-of-archived-journals.patch \
            file://touchscreen.rules \
            ${UCLIBCPATCHES} \
            file://00-create-volatile.conf \

meta/recipes-devtools/binutils/binutils-2.23.2.inc

@@ -30,6 +30,8 @@ SRC_URI = "\
      ${BACKPORT} \
      file://binutils-fix-over-array-bounds-issue.patch \
      file://binutils-xlp-support.patch \
+     file://replace_macros_with_static_inline.patch \
+     file://0001-Fix-MMIX-build-breakage-from-bfd_set_section_vma-cha.patch \
      "
 
 BACKPORT = "\

meta/recipes-devtools/binutils/binutils.inc

@@ -11,7 +11,7 @@ BUGTRACKER = "http://sourceware.org/bugzilla/"
 SECTION = "devel"
 LICENSE = "GPLv3"
 
-DEPENDS = "flex-native bison-native zlib-native gnu-config-native"
+DEPENDS = "flex-native bison-native zlib-native gnu-config-native autoconf-native"
 
 inherit autotools gettext multilib_header
 

meta/recipes-devtools/binutils/binutils/0001-Fix-MMIX-build-breakage-from-bfd_set_section_vma-cha.patch

@@ -0,0 +1,31 @@
+Upstream-Status: Backport
+
+From 0a09fb4a09e80c36fa3ef763ae276fd13d272a36 Mon Sep 17 00:00:00 2001
+From: Hans-Peter Nilsson <hp@bitrange.com>
+Date: Sat, 1 Feb 2014 01:11:28 +0100
+Subject: [PATCH] Fix MMIX build breakage from bfd_set_section_vma change.
+
+	* emultempl/mmix-elfnmmo.em (mmix_after_allocation): Fix typo in
+	call to bfd_set_section_vma exposed by recent bfd_set_section_vma
+	change.
+---
+ ld/ChangeLog                 |    6 ++++++
+ ld/emultempl/mmix-elfnmmo.em |    2 +-
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/ld/emultempl/mmix-elfnmmo.em b/ld/emultempl/mmix-elfnmmo.em
+index 0059792..5e9781a 100644
+--- a/ld/emultempl/mmix-elfnmmo.em
++++ b/ld/emultempl/mmix-elfnmmo.em
+@@ -102,7 +102,7 @@ mmix_after_allocation (void)
+      This section is only present when there are register symbols.  */
+   sec = bfd_get_section_by_name (link_info.output_bfd, MMIX_REG_SECTION_NAME);
+   if (sec != NULL)
+-    bfd_set_section_vma (abfd, sec, 0);
++    bfd_set_section_vma (sec->owner, sec, 0);
+ 
+   if (!_bfd_mmix_after_linker_allocation (link_info.output_bfd, &link_info))
+     {
+-- 
+1.7.10.4
+

meta/recipes-devtools/binutils/binutils/replace_macros_with_static_inline.patch

@@ -0,0 +1,188 @@
+Upstream-Status: Backport
+
+From 27b829ee701e29804216b3803fbaeb629be27491 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 29 Jan 2014 13:46:39 +0000
+Subject: [PATCH 1/1] Following up on Tom's suggestion I am checking in a patch to replace the various
+ bfd_xxx_set macros with static inline functions, so that we can avoid compile time
+ warnings about comma expressions with unused values.
+
+	* bfd-in.h (bfd_set_section_vma): Delete.
+	(bfd_set_section_alignment): Delete.
+	(bfd_set_section_userdata): Delete.
+	(bfd_set_cacheable): Delete.
+	* bfd.c (bfd_set_cacheable): New static inline function.
+	* section.c (bfd_set_section_userdata): Likewise.
+	(bfd_set_section_vma): Likewise.
+	(bfd_set_section_alignment): Likewise.
+	* bfd-in2.h: Regenerate.
+---
+ bfd/ChangeLog |   12 ++++++++++++
+ bfd/bfd-in.h  |    5 -----
+ bfd/bfd-in2.h |   41 +++++++++++++++++++++++++++++++++++------
+ bfd/bfd.c     |    8 ++++++++
+ bfd/section.c |   26 ++++++++++++++++++++++++++
+ 5 files changed, 81 insertions(+), 11 deletions(-)
+
+diff --git a/bfd/bfd-in.h b/bfd/bfd-in.h
+index 3afd71b..c7c5a7d 100644
+--- a/bfd/bfd-in.h
++++ b/bfd/bfd-in.h
+@@ -292,9 +292,6 @@ typedef struct bfd_section *sec_ptr;
+ 
+ #define bfd_is_com_section(ptr) (((ptr)->flags & SEC_IS_COMMON) != 0)
+ 
+-#define bfd_set_section_vma(bfd, ptr, val) (((ptr)->vma = (ptr)->lma = (val)), ((ptr)->user_set_vma = TRUE), TRUE)
+-#define bfd_set_section_alignment(bfd, ptr, val) (((ptr)->alignment_power = (val)),TRUE)
+-#define bfd_set_section_userdata(bfd, ptr, val) (((ptr)->userdata = (val)),TRUE)
+ /* Find the address one past the end of SEC.  */
+ #define bfd_get_section_limit(bfd, sec) \
+   (((bfd)->direction != write_direction && (sec)->rawsize != 0	\
+@@ -517,8 +514,6 @@ extern void warn_deprecated (const char *, const char *, int, const char *);
+ 
+ #define bfd_get_symbol_leading_char(abfd) ((abfd)->xvec->symbol_leading_char)
+ 
+-#define bfd_set_cacheable(abfd,bool) (((abfd)->cacheable = bool), TRUE)
+-
+ extern bfd_boolean bfd_cache_close
+   (bfd *abfd);
+ /* NB: This declaration should match the autogenerated one in libbfd.h.  */
+diff --git a/bfd/bfd-in2.h b/bfd/bfd-in2.h
+index 71996db..b5aeb40 100644
+--- a/bfd/bfd-in2.h
++++ b/bfd/bfd-in2.h
+@@ -299,9 +299,6 @@ typedef struct bfd_section *sec_ptr;
+ 
+ #define bfd_is_com_section(ptr) (((ptr)->flags & SEC_IS_COMMON) != 0)
+ 
+-#define bfd_set_section_vma(bfd, ptr, val) (((ptr)->vma = (ptr)->lma = (val)), ((ptr)->user_set_vma = TRUE), TRUE)
+-#define bfd_set_section_alignment(bfd, ptr, val) (((ptr)->alignment_power = (val)),TRUE)
+-#define bfd_set_section_userdata(bfd, ptr, val) (((ptr)->userdata = (val)),TRUE)
+ /* Find the address one past the end of SEC.  */
+ #define bfd_get_section_limit(bfd, sec) \
+   (((bfd)->direction != write_direction && (sec)->rawsize != 0	\
+@@ -524,8 +521,6 @@ extern void warn_deprecated (const char *, const char *, int, const char *);
+ 
+ #define bfd_get_symbol_leading_char(abfd) ((abfd)->xvec->symbol_leading_char)
+ 
+-#define bfd_set_cacheable(abfd,bool) (((abfd)->cacheable = bool), TRUE)
+-
+ extern bfd_boolean bfd_cache_close
+   (bfd *abfd);
+ /* NB: This declaration should match the autogenerated one in libbfd.h.  */
+@@ -1029,7 +1024,7 @@ bfd *bfd_openr (const char *filename, const char *target);
+ 
+ bfd *bfd_fdopenr (const char *filename, const char *target, int fd);
+ 
+-bfd *bfd_openstreamr (const char *, const char *, void *);
++bfd *bfd_openstreamr (const char * filename, const char * target, void * stream);
+ 
+ bfd *bfd_openr_iovec (const char *filename, const char *target,
+     void *(*open_func) (struct bfd *nbfd,
+@@ -1596,6 +1591,32 @@ struct relax_table {
+   int size;
+ };
+ 
++/* Note: the following are provided as inline functions rather than macros
++   because not all callers use the return value.  A macro implementation
++   would use a comma expression, eg: "((ptr)->foo = val, TRUE)" and some
++   compilers will complain about comma expressions that have no effect.  */
++static inline bfd_boolean
++bfd_set_section_userdata (bfd * abfd ATTRIBUTE_UNUSED, asection * ptr, void * val)
++{
++  ptr->userdata = val;
++  return TRUE;
++}
++
++static inline bfd_boolean
++bfd_set_section_vma (bfd * abfd ATTRIBUTE_UNUSED, asection * ptr, bfd_vma val)
++{
++  ptr->vma = ptr->lma = val;
++  ptr->user_set_vma = TRUE;
++  return TRUE;
++}
++
++static inline bfd_boolean
++bfd_set_section_alignment (bfd * abfd ATTRIBUTE_UNUSED, asection * ptr, unsigned int val)
++{
++  ptr->alignment_power = val;
++  return TRUE;
++}
++
+ /* These sections are global, and are managed by BFD.  The application
+    and target back end are not permitted to change the values in
+    these sections.  */
+@@ -6415,6 +6436,14 @@ struct bfd
+   unsigned int selective_search : 1;
+ };
+ 
++/* See note beside bfd_set_section_userdata.  */
++static inline bfd_boolean
++bfd_set_cacheable (bfd * abfd, bfd_boolean val)
++{
++  abfd->cacheable = val;
++  return TRUE;
++}
++
+ typedef enum bfd_error
+ {
+   bfd_error_no_error = 0,
+diff --git a/bfd/bfd.c b/bfd/bfd.c
+index 8d0580c..2d174f3 100644
+--- a/bfd/bfd.c
++++ b/bfd/bfd.c
+@@ -311,6 +311,14 @@ CODE_FRAGMENT
+ .  unsigned int selective_search : 1;
+ .};
+ .
++.{* See note beside bfd_set_section_userdata.  *}
++.static inline bfd_boolean
++.bfd_set_cacheable (bfd * abfd, bfd_boolean val)
++.{
++.  abfd->cacheable = val;
++.  return TRUE;
++.}
++.
+ */
+ 
+ #include "sysdep.h"
+diff --git a/bfd/section.c b/bfd/section.c
+index fb19d8c..a661228 100644
+--- a/bfd/section.c
++++ b/bfd/section.c
+@@ -542,6 +542,32 @@ CODE_FRAGMENT
+ .  int size;
+ .};
+ .
++.{* Note: the following are provided as inline functions rather than macros
++.   because not all callers use the return value.  A macro implementation
++.   would use a comma expression, eg: "((ptr)->foo = val, TRUE)" and some
++.   compilers will complain about comma expressions that have no effect.  *}
++.static inline bfd_boolean
++.bfd_set_section_userdata (bfd * abfd ATTRIBUTE_UNUSED, asection * ptr, void * val)
++.{
++.  ptr->userdata = val;
++.  return TRUE;
++.}
++.
++.static inline bfd_boolean
++.bfd_set_section_vma (bfd * abfd ATTRIBUTE_UNUSED, asection * ptr, bfd_vma val)
++.{
++.  ptr->vma = ptr->lma = val;
++.  ptr->user_set_vma = TRUE;
++.  return TRUE;
++.}
++.
++.static inline bfd_boolean
++.bfd_set_section_alignment (bfd * abfd ATTRIBUTE_UNUSED, asection * ptr, unsigned int val)
++.{
++.  ptr->alignment_power = val;
++.  return TRUE;
++.}
++.
+ .{* These sections are global, and are managed by BFD.  The application
+ .   and target back end are not permitted to change the values in
+ .   these sections.  *}
+-- 
+1.7.1
+

meta/recipes-devtools/e2fsprogs/e2fsprogs-1.42.8/populate-extfs.sh

@@ -23,40 +23,75 @@ DEBUGFS="debugfs"
 	find $SRCDIR | while read FILE; do
                 TGT="${FILE##*/}"
                 DIR="${FILE#$SRCDIR}"
-                DIR="${DIR%$TGT}"
 
 		# Skip the root dir
 		[ ! -z "$DIR" ] || continue
 		[ ! -z "$TGT" ] || continue
 
+                DIR="$(dirname "$DIR")"
+
+                # debugfs handles the quotation mark differently from other special marks like {
+                # If FILE contains quotation marks in its name, then we have to replace " with ""
+                # so that debugfs could correclty recognize them. In this script, we use the prefix
+                # of D_ to denote the file names that should be used by debugfs.
+                #
+                # The usage of case statements here is to avoid performace impact.
+                case $FILE in
+                *\"*)
+			D_FILE="$(echo $FILE | sed -e 's#\"#\"\"#g')"
+			;;
+                *)
+			D_FILE="$FILE"
+			;;
+                esac
+
+                case $DIR in
+                *\"*)
+			D_DIR="$(echo $DIR | sed -e 's#\"#\"\"#g')"
+			;;
+                *)
+			D_DIR="$DIR"
+			;;
+                esac
+
+                case $TGT in
+                *\"*)
+			D_TGT="$(echo $TGT | sed -e 's#\"#\"\"#g')"
+			;;
+                *)
+			D_TGT="$TGT"
+			;;
+                esac
+
 		if [ "$DIR" != "$CWD" ]; then
-			echo "cd $DIR"
+			echo "cd \"$D_DIR\""
 			CWD="$DIR"
 		fi
 
 		# Only stat once since stat is a time consuming command
-		STAT=$(stat -c "TYPE=\"%F\";DEVNO=\"0x%t 0x%T\";MODE=\"%f\";U=\"%u\";G=\"%g\"" "$FILE")
+		STAT=$(stat -c "TYPE=\"%F\";DEVNO=\"0x%t 0x%T\";MODE=\"%f\";U=\"%u\";G=\"%g\";AT=\"%x\";MT=\"%y\";CT=\"%z\"" "$FILE")
 		eval $STAT
 
 		case $TYPE in
 		"directory")
-			echo "mkdir $TGT"
+			echo "mkdir \"$D_TGT\""
 			;;
 		"regular file" | "regular empty file")
-			echo "write \"$FILE\" \"$TGT\""
+			echo "write \"$D_FILE\" \"$D_TGT\""
 			;;
 		"symbolic link")
 			LINK_TGT=$(readlink "$FILE")
-			echo "symlink \"$TGT\" \"$LINK_TGT\""
+			D_LINK_TGT="$(echo $LINK_TGT | sed -e 's#\"#\"\"#g')"
+			echo "symlink \"$D_TGT\" \"$D_LINK_TGT\""
 			;;
 		"block special file")
-			echo "mknod \"$TGT\" b $DEVNO"
+			echo "mknod \"$D_TGT\" b $DEVNO"
 			;;
 		"character special file")
-			echo "mknod \"$TGT\" c $DEVNO"
+			echo "mknod \"$D_TGT\" c $DEVNO"
 			;;
 		"fifo")
-			echo "mknod \"$TGT\" p"
+			echo "mknod \"$D_TGT\" p"
 			;;
 		*)
 			echo "Unknown/unhandled file type '$TYPE' file: $FILE" 1>&2
@@ -64,11 +99,19 @@ DEBUGFS="debugfs"
 		esac
 
 		# Set the file mode
-		echo "sif \"$TGT\" mode 0x$MODE"
+		echo "sif \"$D_TGT\" mode 0x$MODE"
 
 		# Set uid and gid
-		echo "sif \"$TGT\" uid $U"
-		echo "sif \"$TGT\" gid $G"
+		echo "sif \"$D_TGT\" uid $U"
+		echo "sif \"$D_TGT\" gid $G"
+
+		# Set atime, mtime and ctime
+		AT=`echo $AT | cut -d'.' -f1 | sed -e 's#[- :]##g'`
+		MT=`echo $MT | cut -d'.' -f1 | sed -e 's#[- :]##g'`
+		CT=`echo $CT | cut -d'.' -f1 | sed -e 's#[- :]##g'`
+		echo "sif \"$D_TGT\" atime $AT"
+		echo "sif \"$D_TGT\" mtime $MT"
+		echo "sif \"$D_TGT\" ctime $CT"
 	done
 
 	# Handle the hard links.
@@ -82,15 +125,22 @@ DEBUGFS="debugfs"
 	# Use the debugfs' ln and "sif links_count" to handle them.
 	for i in `ls $INODE_DIR`; do
 		# The link source
-		SRC=`head -1 $INODE_DIR/$i`
+		SRC="$(head -1 $INODE_DIR/$i)"
+		D_SRC="$(echo $SRC | sed -e 's#\"#\"\"#g')"
 		# Remove the files and link them again except the first one
-		for TGT in `sed -n -e '1!p' $INODE_DIR/$i`; do
-			echo "rm $TGT"
-			echo "ln $SRC $TGT"
+		sed -n -e '1!p' $INODE_DIR/$i | while read TGT; do
+			D_TGT="$(echo $TGT | sed -e 's#\"#\"\"#g')"
+			echo "rm \"$D_TGT\""
+			echo "ln \"$D_SRC\" \"$D_TGT\""
 		done
 		LN_CNT=`cat $INODE_DIR/$i | wc -l`
 		# Set the links count
-		echo "sif $SRC links_count $LN_CNT"
+		echo "sif \"$D_SRC\" links_count $LN_CNT"
 	done
 	rm -fr $INODE_DIR
-} | $DEBUGFS -w -f - $DEVICE
+} | $DEBUGFS -w -f - $DEVICE 2>&1 1>/dev/null | grep '.*: .*'
+
+if [ $? = 0 ]; then
+    echo "Some error occured while executing [$DEBUGFS -w -f - $DEVICE]"
+    exit 1
+fi

meta/recipes-devtools/gcc/gcc-4.8.inc

@@ -77,6 +77,9 @@ SRC_URI = "${GNU_MIRROR}/gcc/gcc-${PV}/gcc-${PV}.tar.bz2 \
 	   file://0045-gcc-4.8-PR57717-PowerPC-E500v2.patch \
 	   file://0046-libatomic-deptracking.patch \
 	   file://0047-repomembug.patch \
+	   file://0048-PR57532.patch \
+	   file://0048-PR58854_fix_arm_apcs_epilogue.patch \
+           file://0001-fix-ICE-when-building-opus.patch \
 	  "
 SRC_URI[md5sum] = "3b2386c114cd74185aa3754b58a79304"
 SRC_URI[sha256sum] = "545b44be3ad9f2c4e90e6880f5c9d4f0a8f0e5f67e1ffb0d45da9fa01bb05813"

meta/recipes-devtools/gcc/gcc-4.8/0001-fix-ICE-when-building-opus.patch

@@ -0,0 +1,121 @@
+From 22228d8ba86c70381f7c34c22ac6994234d0f3e7 Mon Sep 17 00:00:00 2001
+From: xguo <xguo@138bc75d-0d04-0410-961f-82ee72b054a4>
+Date: Fri, 9 Aug 2013 06:59:01 +0000
+Subject: [PATCH] gcc/ChangeLog:
+
+        Backport from mainline:
+        2013-08-09  Zhenqiang Chen  <zhenqiang.chen@linaro.org>
+
+        * config/arm/neon.md (vcond): Fix floating-point vector
+        comparisons against 0.
+
+gcc/testsuite/ChangeLog:
+
+        Backport from mainline:
+        2013-08-09  Zhenqiang Chen  <zhenqiang.chen@linaro.org>
+
+        * gcc.target/arm/lp1189445.c: New testcase.
+
+Upstream-Status: Backport from 4.8.2
+Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
+
+More details in:
+http://gcc.1065356.n5.nabble.com/PATCH-ARM-Fix-unrecognizable-vector-comparisons-td947064.html
+
+git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/branches/gcc-4_8-branch@201620 138bc75d-0d04-0410-961f-82ee72b054a4
+---
+ gcc/ChangeLog                            |  8 ++++++++
+ gcc/config/arm/neon.md                   | 34 +++++++++++++++++++++++++++-----
+ gcc/testsuite/ChangeLog                  |  7 +++++++
+ gcc/testsuite/gcc.target/arm/lp1189445.c | 18 +++++++++++++++++
+ 4 files changed, 62 insertions(+), 5 deletions(-)
+ create mode 100644 gcc/testsuite/gcc.target/arm/lp1189445.c
+
+diff --git a/gcc/config/arm/neon.md b/gcc/config/arm/neon.md
+index d8d4202..86a5932 100644
+--- a/gcc/config/arm/neon.md
++++ b/gcc/config/arm/neon.md
+@@ -1732,6 +1732,7 @@
+ 			     ? 3 : 1;
+   rtx magic_rtx = GEN_INT (magic_word);
+   int inverse = 0;
++  int use_zero_form = 0;
+   int swap_bsl_operands = 0;
+   rtx mask = gen_reg_rtx (<V_cmp_result>mode);
+   rtx tmp = gen_reg_rtx (<V_cmp_result>mode);
+@@ -1742,12 +1743,16 @@
+   switch (GET_CODE (operands[3]))
+     {
+     case GE:
++    case GT:
+     case LE:
++    case LT:
+     case EQ:
+-      if (!REG_P (operands[5])
+-	  && (operands[5] != CONST0_RTX (<MODE>mode)))
+-	operands[5] = force_reg (<MODE>mode, operands[5]);
+-      break;
++      if (operands[5] == CONST0_RTX (<MODE>mode))
++	{
++	  use_zero_form = 1;
++	  break;
++	}
++      /* Fall through.  */
+     default:
+       if (!REG_P (operands[5]))
+ 	operands[5] = force_reg (<MODE>mode, operands[5]);
+@@ -1798,7 +1803,26 @@
+ 	 a GT b -> a GT b
+ 	 a LE b -> b GE a
+ 	 a LT b -> b GT a
+-	 a EQ b -> a EQ b  */
++	 a EQ b -> a EQ b
++	 Note that there also exist direct comparison against 0 forms,
++	 so catch those as a special case.  */
++      if (use_zero_form)
++	{
++	  inverse = 0;
++	  switch (GET_CODE (operands[3]))
++	    {
++	    case LT:
++	      base_comparison = gen_neon_vclt<mode>;
++	      break;
++	    case LE:
++	      base_comparison = gen_neon_vcle<mode>;
++	      break;
++	    default:
++	      /* Do nothing, other zero form cases already have the correct
++		 base_comparison.  */
++	      break;
++	    }
++	}
+ 
+       if (!inverse)
+ 	emit_insn (base_comparison (mask, operands[4], operands[5], magic_rtx));
+diff --git a/gcc/testsuite/gcc.target/arm/lp1189445.c b/gcc/testsuite/gcc.target/arm/lp1189445.c
+new file mode 100644
+index 0000000..766748e
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/arm/lp1189445.c
+@@ -0,0 +1,18 @@
++/* { dg-do compile } */
++/* { dg-require-effective-target arm_neon } */
++/* { dg-add-options arm_neon } */
++/* { dg-options "-O3" } */
++
++int id;
++int
++test (const long int *data)
++{
++  int i, retval;
++  retval = id;
++  for (i = 0; i < id; i++)
++    {
++      retval &= (data[i] <= 0);
++    }
++
++  return (retval);
++}
+-- 
+2.0.0
+

meta/recipes-devtools/gcc/gcc-4.8/0031-Disable-sdt.patch

@@ -1,4 +1,4 @@
-From eb70cb2785af7171897f363298bbfcd83de5ec57 Mon Sep 17 00:00:00 2001
+From b85265bc94ec1beaf1d3b697c03db62991553467 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Fri, 29 Mar 2013 09:28:10 +0400
 Subject: [PATCH 31/35] Disable sdt.
@@ -12,16 +12,23 @@ RP 2012/8/7
 
 Signed-off-by: Khem Raj <raj.khem@gmail.com>
 
+Disable sdt for libstdc++-v3.
+
+Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
+
 Upstream-Status: Inappropriate [hack]
 ---
- gcc/configure |   12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
+ gcc/configure             | 12 ++++++------
+ gcc/configure.ac          | 18 +++++++++---------
+ libstdc++-v3/configure    |  6 +++---
+ libstdc++-v3/configure.ac |  2 +-
+ 4 files changed, 19 insertions(+), 19 deletions(-)
 
 diff --git a/gcc/configure b/gcc/configure
-index d587993..8bc0c98 100755
+index 3c550a6..01c7626 100755
 --- a/gcc/configure
 +++ b/gcc/configure
-@@ -26792,12 +26792,12 @@ fi
+@@ -26812,12 +26812,12 @@ fi
  { $as_echo "$as_me:${as_lineno-$LINENO}: checking sys/sdt.h in the target C library" >&5
  $as_echo_n "checking sys/sdt.h in the target C library... " >&6; }
  have_sys_sdt_h=no
@@ -40,6 +47,67 @@ index d587993..8bc0c98 100755
  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $have_sys_sdt_h" >&5
  $as_echo "$have_sys_sdt_h" >&6; }
  
+diff --git a/gcc/configure.ac b/gcc/configure.ac
+index 3601ab6..06e501f 100644
+--- a/gcc/configure.ac
++++ b/gcc/configure.ac
+@@ -4779,15 +4779,15 @@ if test x$gcc_cv_libc_provides_ssp = xyes; then
+ fi
+ 
+ # Test for <sys/sdt.h> on the target.
+-GCC_TARGET_TEMPLATE([HAVE_SYS_SDT_H])
+-AC_MSG_CHECKING(sys/sdt.h in the target C library)
+-have_sys_sdt_h=no
+-if test -f $target_header_dir/sys/sdt.h; then
+-  have_sys_sdt_h=yes
+-  AC_DEFINE(HAVE_SYS_SDT_H, 1,
+-            [Define if your target C library provides sys/sdt.h])
+-fi
+-AC_MSG_RESULT($have_sys_sdt_h)
++#GCC_TARGET_TEMPLATE([HAVE_SYS_SDT_H])
++#AC_MSG_CHECKING(sys/sdt.h in the target C library)
++#have_sys_sdt_h=no
++#if test -f $target_header_dir/sys/sdt.h; then
++#  have_sys_sdt_h=yes
++#  AC_DEFINE(HAVE_SYS_SDT_H, 1,
++#            [Define if your target C library provides sys/sdt.h])
++#fi
++#AC_MSG_RESULT($have_sys_sdt_h)
+ 
+ # Check if TFmode long double should be used by default or not.
+ # Some glibc targets used DFmode long double, but with glibc 2.4
+diff --git a/libstdc++-v3/configure b/libstdc++-v3/configure
+index 4953c9f..53a1145 100755
+--- a/libstdc++-v3/configure
++++ b/libstdc++-v3/configure
+@@ -20578,11 +20578,11 @@ ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ ac_compiler_gnu=$ac_cv_c_compiler_gnu
+ 
+-  if test $glibcxx_cv_sys_sdt_h = yes; then
++#  if test $glibcxx_cv_sys_sdt_h = yes; then
+ 
+-$as_echo "#define HAVE_SYS_SDT_H 1" >>confdefs.h
++#$as_echo "#define HAVE_SYS_SDT_H 1" >>confdefs.h
+ 
+-  fi
++#  fi
+   { $as_echo "$as_me:${as_lineno-$LINENO}: result: $glibcxx_cv_sys_sdt_h" >&5
+ $as_echo "$glibcxx_cv_sys_sdt_h" >&6; }
+ 
+diff --git a/libstdc++-v3/configure.ac b/libstdc++-v3/configure.ac
+index 73d430a..f2135e2 100644
+--- a/libstdc++-v3/configure.ac
++++ b/libstdc++-v3/configure.ac
+@@ -211,7 +211,7 @@ GLIBCXX_CHECK_SC_NPROCESSORS_ONLN
+ GLIBCXX_CHECK_SC_NPROC_ONLN
+ GLIBCXX_CHECK_PTHREADS_NUM_PROCESSORS_NP
+ GLIBCXX_CHECK_SYSCTL_HW_NCPU
+-GLIBCXX_CHECK_SDT_H
++#GLIBCXX_CHECK_SDT_H
+ 
+ # Check for available headers.
+ AC_CHECK_HEADERS([endian.h execinfo.h float.h fp.h ieeefp.h inttypes.h \
 -- 
-1.7.10.4
+1.8.3.1
 

meta/recipes-devtools/gcc/gcc-4.8/0048-PR57532.patch

@@ -0,0 +1,36 @@
+Upstream-Status: Backport
+Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
+
+r200836 | jason | 2013-07-09 14:52:17 -0300 (Tue, 09 Jul 2013) | 3 lines
+
+        PR c++/57532
+        * parser.c (cp_parser_ref_qualifier_opt): Don't tentatively parse
+        a ref-qualifier in C++98 mode.
+
+Index: gcc/testsuite/g++.dg/parse/ref-qual2.C
+===================================================================
+--- a/gcc/testsuite/g++.dg/parse/ref-qual2.C	(revision 0)
++++ b/gcc/testsuite/g++.dg/parse/ref-qual2.C	(revision 200836)
+@@ -0,0 +1,6 @@
++// PR c++/57532
++
++int main()
++{
++    return (int() & int());
++}
+Index: gcc/cp/parser.c
+===================================================================
+--- a/gcc/cp/parser.c	(revision 200835)
++++ b/gcc/cp/parser.c	(revision 200836)
+@@ -16986,6 +16986,11 @@
+ {
+   cp_ref_qualifier ref_qual = REF_QUAL_NONE;
+   cp_token *token = cp_lexer_peek_token (parser->lexer);
++
++  /* Don't try to parse bitwise '&' as a ref-qualifier (c++/57532).  */
++  if (cxx_dialect < cxx11 && cp_parser_parsing_tentatively (parser))
++    return ref_qual;
++
+   switch (token->type)
+     {
+     case CPP_AND:

meta/recipes-devtools/gcc/gcc-4.8/0048-PR58854_fix_arm_apcs_epilogue.patch

@@ -0,0 +1,23 @@
+Backport fix for PR target/58854
+
+2013-11-11  Ramana Radhakrishnan  <ramana.radhakrishnan@arm.com>
+
+       Backported from mainline
+        2013-10-30  Ramana Radhakrishnan  <ramana.radhakrishnan@arm.com>
+
+       PR target/58854
+       * config/arm/arm.c (arm_expand_epilogue_apcs_frame): Emit blockage
+
+
+Upstream-Status: Backport
+
+--- gcc-4_8-branch/gcc/config/arm/arm.c	2013/11/11 08:00:45	204664
++++ gcc-4_8-branch/gcc/config/arm/arm.c	2013/11/11 09:38:14	204665
+@@ -23555,6 +23555,7 @@
+   num_regs = bit_count (saved_regs_mask);
+   if ((offsets->outgoing_args != (1 + num_regs)) || cfun->calls_alloca)
+     {
++      emit_insn (gen_blockage ());
+       /* Unwind the stack to just below the saved registers.  */
+       emit_insn (gen_addsi3 (stack_pointer_rtx,
+                              hard_frame_pointer_rtx,

meta/recipes-devtools/gcc/gcc-common.inc

@@ -89,6 +89,7 @@ do_patch[stamp-base] = "${SS}"
 SSCLEAN = "${TMPDIR}/stamps/work-shared/gcc-[0-9]*-*"
 do_fetch[stamp-base-clean] = "${SSCLEAN}"
 do_unpack[stamp-base-clean] = "${SSCLEAN}"
+do_unpack[umask] = "022"
 do_patch[stamp-base-clean] = "${SSCLEAN}"
 
 # SW means Shared Work directory

meta/recipes-devtools/gcc/gcc-cross-canadian.inc

@@ -103,6 +103,7 @@ do_install () {
 	# Cleanup some of the ${libdir}{,exec}/gcc stuff ...
 	rm -r ${D}${libdir}/gcc/${TARGET_SYS}/${BINV}/install-tools
 	rm -r ${D}${libexecdir}/gcc/${TARGET_SYS}/${BINV}/install-tools
+	rm -rf ${D}${libdir}/gcc/${TARGET_SYS}/${BINV}/finclude
 
 	# We care about g++ not c++
 	rm -f ${D}${bindir}/*c++

meta/recipes-devtools/gcc/gcc-crosssdk.inc

@@ -6,5 +6,5 @@ SYSTEMLIBS1 = "${SDKPATHNATIVE}${libdir_nativesdk}/"
 
 GCCMULTILIB = "--disable-multilib"
 
-DEPENDS = "virtual/${TARGET_PREFIX}binutils-crosssdk virtual/nativesdk-${TARGET_PREFIX}libc-for-gcc gettext-native"
+DEPENDS = "virtual/${TARGET_PREFIX}binutils-crosssdk virtual/nativesdk-${TARGET_PREFIX}libc-for-gcc gettext-native ${NATIVEDEPS}"
 PROVIDES = "virtual/${TARGET_PREFIX}gcc-crosssdk virtual/${TARGET_PREFIX}g++-crosssdk"

meta/recipes-devtools/guile/guile_2.0.9.bb

@@ -34,7 +34,7 @@ BBCLASSEXTEND = "native"
 
 DEPENDS = "libunistring bdwgc gmp libtool libffi"
 # add guile-native only to the target recipe's DEPENDS
-DEPENDS += "${@['guile-native libatomics-ops', ''][d.getVar('PN', True) != 'guile']}"
+DEPENDS_append_class-target = " guile-native libatomics-ops"
 
 RDEPENDS_${PN}_append_libc-glibc_class-target = "glibc-gconv-iso8859-1"
 

meta/recipes-devtools/kconfig-frontends/kconfig-frontends_3.10.0.0.bb

@@ -10,7 +10,8 @@ HOMEPAGE = "http://ymorin.is-a-geek.org/projects/kconfig-frontends"
 LICENSE = "GPL-2.0"
 LIC_FILES_CHKSUM = "file://COPYING;md5=9b8cf60ff39767ff04b671fca8302408"
 SECTION = "devel"
-DEPENDS += "ncurses flex bison gperf pkgconfig-native"
+DEPENDS += "ncurses flex bison gperf-native pkgconfig-native"
+RDEPENDS_${PN} += "python"
 SRC_URI = "http://ymorin.is-a-geek.org/download/${BPN}/${BP}.tar.xz"
 
 SRC_URI[md5sum] = "1ebf13983eb5b2ce960d131cae290cad"