kernel.bbclass: Complete fix for modules symlink

The fix backported in commit aa9fc551 of oe-core does not completely fix the
issue (Yocto #4595) as intended. The modules symlink is still created in the
working directory instead of in the deploy directory. To fix this, we just need
to use an absolute path to ${DEPLOYDIR} when creating the symlink.

(From OE-Core rev: f07a4e0d80f5e0dd94514f6aae11a7bd56034f30)

Signed-off-by: Paul Barker <paul.barker@commagility.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

bitbake/lib/bb/cache.py

@@ -526,7 +526,7 @@ class Cache(object):
 
         if appends != info_array[0].appends:
             logger.debug(2, "Cache: appends for %s changed", fn)
-            bb.note("%s to %s" % (str(appends), str(info_array[0].appends)))
+            logger.debug(2, "%s to %s" % (str(appends), str(info_array[0].appends)))
             self.remove(fn)
             return False
 

bitbake/lib/bb/cooker.py

@@ -1606,6 +1606,7 @@ class Parser(multiprocessing.Process):
         self.quit = quit
         self.init = init
         multiprocessing.Process.__init__(self)
+        self.context = bb.utils._context.copy()
 
     def run(self):
         if self.init:
@@ -1640,6 +1641,7 @@ class Parser(multiprocessing.Process):
 
     def parse(self, filename, appends, caches_array):
         try:
+            bb.utils._context = self.context.copy()
             return True, bb.cache.Cache.parse(filename, appends, self.cfg, caches_array)
         except Exception as exc:
             tb = sys.exc_info()[2]

bitbake/lib/bb/fetch2/__init__.py

@@ -325,7 +325,7 @@ def decodeurl(url):
     user, password, parameters).
     """
 
-    m = re.compile('(?P<type>[^:]*)://((?P<user>.+)@)?(?P<location>[^;]+)(;(?P<parm>.*))?').match(url)
+    m = re.compile('(?P<type>[^:]*)://((?P<user>[^/]+)@)?(?P<location>[^;]+)(;(?P<parm>.*))?').match(url)
     if not m:
         raise MalformedUrl(url)
 

bitbake/lib/bb/fetch2/hg.py

@@ -92,7 +92,10 @@ class Hg(FetchMethod):
         if not ud.user:
             hgroot = host + ud.path
         else:
-            hgroot = ud.user + "@" + host + ud.path
+            if ud.pswd:
+                hgroot = ud.user + ":" + ud.pswd + "@" + host + ud.path
+            else:
+                hgroot = ud.user + "@" + host + ud.path
 
         if command == "info":
             return "%s identify -i %s://%s/%s" % (basecmd, proto, hgroot, ud.module)
@@ -112,7 +115,10 @@ class Hg(FetchMethod):
             # do not pass options list; limiting pull to rev causes the local
             # repo not to contain it and immediately following "update" command
             # will crash
-            cmd = "%s pull" % (basecmd)
+            if ud.user and ud.pswd:
+                cmd = "%s --config auth.default.prefix=* --config auth.default.username=%s --config auth.default.password=%s --config \"auth.default.schemes=%s\" pull" % (basecmd, ud.user, ud.pswd, proto)
+            else:
+                cmd = "%s pull" % (basecmd)
         elif command == "update":
             cmd = "%s update -C %s" % (basecmd, " ".join(options))
         else:

bitbake/lib/bb/fetch2/perforce.py

@@ -112,7 +112,7 @@ class Perforce(FetchMethod):
         base = path
         which = path.find('/...')
         if which != -1:
-            base = path[:which]
+            base = path[:which-1]
 
         base = self._strip_leading_slashes(base)
 

bitbake/lib/bb/fetch2/svn.py

@@ -27,6 +27,7 @@ import os
 import sys
 import logging
 import bb
+import re
 from   bb import data
 from   bb.fetch2 import FetchMethod
 from   bb.fetch2 import FetchError
@@ -89,6 +90,8 @@ class Svn(FetchMethod):
 
         if command == "info":
             svncmd = "%s info %s %s://%s/%s/" % (ud.basecmd, " ".join(options), proto, svnroot, ud.module)
+        elif command == "log1":
+            svncmd = "%s log --limit 1 %s %s://%s/%s/" % (ud.basecmd, " ".join(options), proto, svnroot, ud.module)
         else:
             suffix = ""
             if ud.revision:
@@ -165,14 +168,13 @@ class Svn(FetchMethod):
         """
         Return the latest upstream revision number
         """
-        bb.fetch2.check_network_access(d, self._buildsvncommand(ud, d, "info"))
+        bb.fetch2.check_network_access(d, self._buildsvncommand(ud, d, "log1"))
 
-        output = runfetchcmd("LANG=C LC_ALL=C " + self._buildsvncommand(ud, d, "info"), d, True)
+        output = runfetchcmd("LANG=C LC_ALL=C " + self._buildsvncommand(ud, d, "log1"), d, True)
 
-        revision = None
-        for line in output.splitlines():
-            if "Last Changed Rev" in line:
-                revision = line.split(":")[1].strip()
+        # skip the first line, as per output of svn log
+        # then we expect the revision on the 2nd line
+        revision = re.search('^r([0-9]*)', output.splitlines()[1]).group(1)
 
         return revision
 

bitbake/lib/bb/methodpool.py

@@ -17,24 +17,7 @@
 # with this program; if not, write to the Free Software Foundation, Inc.,
 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 
-
-"""
-    What is a method pool?
-
-    BitBake has a global method scope where .bb, .inc and .bbclass
-    files can install methods. These methods are parsed from strings.
-    To avoid recompiling and executing these string we introduce
-    a method pool to do this task.
-
-    This pool will be used to compile and execute the functions. It
-    will be smart enough to
-"""
-
 from bb.utils import better_compile, better_exec
-from bb       import error
-
-# A dict of function names we have seen
-_parsed_fns     = { }
 
 def insert_method(modulename, code, fn):
     """
@@ -43,29 +26,3 @@ def insert_method(modulename, code, fn):
     """
     comp = better_compile(code, modulename, fn )
     better_exec(comp, None, code, fn)
-
-    # now some instrumentation
-    code = comp.co_names
-    for name in code:
-        if name in ['None', 'False']:
-            continue
-        elif name in _parsed_fns and not _parsed_fns[name] == modulename:
-            error("The function %s defined in %s was already declared in %s. BitBake has a global python function namespace so shared functions should be declared in a common include file rather than being duplicated, or if the functions are different, please use different function names." % (name, modulename, _parsed_fns[name]))
-        else:
-            _parsed_fns[name] = modulename
-
-# A dict of modules the parser has finished with
-_parsed_methods = {}
-
-def parsed_module(modulename):
-    """
-    Has module been parsed?
-    """
-    return modulename in _parsed_methods
-
-def set_parsed_module(modulename):
-    """
-    Set module as parsed
-    """
-    _parsed_methods[modulename] = True
-

bitbake/lib/bb/parse/ast.py

@@ -148,9 +148,8 @@ class MethodNode(AstNode):
         text = '\n'.join(self.body)
         if self.func_name == "__anonymous":
             funcname = ("__anon_%s_%s" % (self.lineno, self.filename.translate(string.maketrans('/.+-', '____'))))
-            if not funcname in bb.methodpool._parsed_fns:
-                text = "def %s(d):\n" % (funcname) + text
-                bb.methodpool.insert_method(funcname, text, self.filename)
+            text = "def %s(d):\n" % (funcname) + text
+            bb.methodpool.insert_method(funcname, text, self.filename)
             anonfuncs = data.getVar('__BBANONFUNCS') or []
             anonfuncs.append(funcname)
             data.setVar('__BBANONFUNCS', anonfuncs)
@@ -171,8 +170,7 @@ class PythonMethodNode(AstNode):
         # 'this' file. This means we will not parse methods from
         # bb classes twice
         text = '\n'.join(self.body)
-        if not bb.methodpool.parsed_module(self.modulename):
-            bb.methodpool.insert_method(self.modulename, text, self.filename)
+        bb.methodpool.insert_method(self.modulename, text, self.filename)
         data.setVarFlag(self.function, "func", 1)
         data.setVarFlag(self.function, "python", 1)
         data.setVar(self.function, text)

bitbake/lib/bb/parse/parse_py/BBHandler.py

@@ -166,10 +166,6 @@ def handle(fn, d, include):
     if oldfile:
         d.setVar("FILE", oldfile)
 
-    # we have parsed the bb class now
-    if ext == ".bbclass" or ext == ".inc":
-        bb.methodpool.set_parsed_module(base_name)
-
     return d
 
 def feeder(lineno, s, fn, root, statements):

bitbake/lib/bb/tests/fetch.py

@@ -407,7 +407,8 @@ class URLHandle(unittest.TestCase):
     datatable = {
        "http://www.google.com/index.html" : ('http', 'www.google.com', '/index.html', '', '', {}),
        "cvs://anoncvs@cvs.handhelds.org/cvs;module=familiar/dist/ipkg" : ('cvs', 'cvs.handhelds.org', '/cvs', 'anoncvs', '', {'module': 'familiar/dist/ipkg'}),
-       "cvs://anoncvs:anonymous@cvs.handhelds.org/cvs;tag=V0-99-81;module=familiar/dist/ipkg" : ('cvs', 'cvs.handhelds.org', '/cvs', 'anoncvs', 'anonymous', {'tag': 'V0-99-81', 'module': 'familiar/dist/ipkg'})
+       "cvs://anoncvs:anonymous@cvs.handhelds.org/cvs;tag=V0-99-81;module=familiar/dist/ipkg" : ('cvs', 'cvs.handhelds.org', '/cvs', 'anoncvs', 'anonymous', {'tag': 'V0-99-81', 'module': 'familiar/dist/ipkg'}),
+       "git://git.openembedded.org/bitbake;branch=@foo" : ('git', 'git.openembedded.org', '/bitbake', '', '', {'branch': '@foo'})
     }
 
     def test_decodeurl(self):

bitbake/lib/bb/ui/crumbs/hig/layerselectiondialog.py

@@ -132,12 +132,13 @@ class LayerSelectionDialog (CrumbsDialog):
         tree_selection.set_mode(gtk.SELECTION_SINGLE)
 
         # Allow enable drag and drop of rows including row move
+        dnd_internal_target = ''
+        dnd_targets = [(dnd_internal_target, gtk.TARGET_SAME_WIDGET, 0)]
         layer_tv.enable_model_drag_source( gtk.gdk.BUTTON1_MASK,
-            self.TARGETS,
-            gtk.gdk.ACTION_DEFAULT|
+            dnd_targets,
+            gtk.gdk.ACTION_MOVE)
+        layer_tv.enable_model_drag_dest(dnd_targets,
             gtk.gdk.ACTION_MOVE)
-        layer_tv.enable_model_drag_dest(self.TARGETS,
-            gtk.gdk.ACTION_DEFAULT)
         layer_tv.connect("drag_data_get", self.drag_data_get_cb)
         layer_tv.connect("drag_data_received", self.drag_data_received_cb)
 

bitbake/lib/bb/ui/crumbs/hoblistmodel.py

@@ -181,7 +181,9 @@ class PackageListModel(gtk.ListStore):
     def sort_func(self, model, iter1, iter2, user_data):
         val1 = model.get_value(iter1, PackageListModel.COL_NAME)
         val2 = model.get_value(iter2, PackageListModel.COL_NAME)
-        if val1.startswith(user_data) and not val2.startswith(user_data):
+        if val1 is None or val2 is None:
+            return 0
+        elif val1.startswith(user_data) and not val2.startswith(user_data):
             return -1
         elif not val1.startswith(user_data) and val2.startswith(user_data):
             return 1
@@ -562,7 +564,9 @@ class RecipeListModel(gtk.ListStore):
     def sort_func(self, model, iter1, iter2, user_data):
         val1 = model.get_value(iter1, RecipeListModel.COL_NAME)
         val2 = model.get_value(iter2, RecipeListModel.COL_NAME)
-        if val1.startswith(user_data) and not val2.startswith(user_data):
+        if val1 is None or val2 is None:
+            return 0
+        elif val1.startswith(user_data) and not val2.startswith(user_data):
             return -1
         elif not val1.startswith(user_data) and val2.startswith(user_data):
             return 1

documentation/adt-manual/adt-manual.xml

@@ -71,6 +71,21 @@
                 <date>August 2013</date>
                 <revremark>Released with the Yocto Project 1.4.2 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>1.4.3</revnumber>
+                <date>March 2014</date>
+                <revremark>Released with the Yocto Project 1.4.3 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>1.4.4</revnumber>
+                <date>May 2014</date>
+                <revremark>Released with the Yocto Project 1.4.4 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>1.4.5</revnumber>
+                <date>July 2014</date>
+                <revremark>Released with the Yocto Project 1.4.5 Release.</revremark>
+            </revision>
       </revhistory>
 
     <copyright>

documentation/bsp-guide/bsp-guide.xml

@@ -83,6 +83,21 @@
                 <date>August 2013</date>
                 <revremark>Released with the Yocto Project 1.4.2 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>1.4.3</revnumber>
+                <date>March 2014</date>
+                <revremark>Released with the Yocto Project 1.4.3 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>1.4.4</revnumber>
+                <date>May 2014</date>
+                <revremark>Released with the Yocto Project 1.4.4 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>1.4.5</revnumber>
+                <date>July 2014</date>
+                <revremark>Released with the Yocto Project 1.4.5 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/dev-manual/dev-manual-model.xml

@@ -18,8 +18,7 @@
              "<ulink url='&YOCTO_DOCS_BSP_URL;#creating-a-new-bsp-layer-using-the-yocto-bsp-script'>Creating a New BSP Layer Using the yocto-bsp Script</ulink>"
              section in the Yocto Project Board Support Package (BSP) Developer's Guide.
              For more complete information on how to work with the kernel, see the
-             <ulink url='&YOCTO_DOCS_KERNEL_DEV_URL;'>Yocto Project Linux Kernel
-             Development Manual</ulink>.
+             <ulink url='&YOCTO_DOCS_KERNEL_DEV_URL;'>Yocto Project Linux Kernel Development Manual</ulink>.
              </para></listitem>
          <listitem><para><emphasis>User Application Development:</emphasis>
              User Application Development covers development of applications that you intend
@@ -131,7 +130,7 @@
                     <ulink url='&YOCTO_DOCS_BSP_URL;#creating-a-new-bsp-layer-using-the-yocto-bsp-script'><filename>yocto-bsp</filename></ulink> script</emphasis>:
                     Layers are ideal for
                     isolating and storing work for a given piece of hardware.
-                    A layer is really just a location or area in which you place 
+                    A layer is really just a location or area in which you place
                     the recipes and configurations for your BSP.
                     In fact, a BSP is, in itself, a special type of layer.
                     The simplest way to create a new BSP layer that is compliant with the
@@ -165,7 +164,7 @@
                     Romley, sys940x, Sugar Bay, and tlk exist in their own separate layers
                     within the larger <filename>meta-intel</filename> layer.</note>
                     <para>When you set up a layer for a new BSP, you should follow a standard layout.
-                    This layout is described in the 
+                    This layout is described in the
                     "<ulink url='&YOCTO_DOCS_BSP_URL;#bsp-filelayout'>Example Filesystem Layout</ulink>"
                     section of the Board Support Package (BSP) Development Guide.
                     In the standard layout, you will notice a suggested structure for recipes and
@@ -343,10 +342,10 @@
                 If you are working in the kernel all the time, you probably would want
                 to set up your own local Git repository of the kernel tree.
                 If you just need to make some patches to the kernel, you can access
-                temporary kernel source files that were extracted and used 
+                temporary kernel source files that were extracted and used
                 during a build.
                 We will just talk about working with the temporary source code.
-                For more information on how to get kernel source code onto your 
+                For more information on how to get kernel source code onto your
                 host system, see the
                 "<link linkend='local-kernel-files'>Yocto Project Kernel</link>"
                 bulleted item earlier in the manual.
@@ -411,7 +410,7 @@
                         "<link linkend='local-yp-release'>Yocto Project Release</link>" earlier in this manual.
                         </para></listitem>
                     <listitem><para><emphasis>Establish the temporary kernel source files</emphasis>:
-                        Temporary kernel source files are kept in the 
+                        Temporary kernel source files are kept in the
                         <link linkend='build-directory'>Build Directory</link>
                         created by the
                         OpenEmbedded build system when you run BitBake.
@@ -474,7 +473,7 @@
         Application development involves creating an application that you want
         to run on your target hardware, which is running a kernel image created using the
         OpenEmbedded build system.
-        The Yocto Project provides an 
+        The Yocto Project provides an
         <ulink url='&YOCTO_DOCS_ADT_URL;#adt-intro-section'>Application Development Toolkit (ADT)</ulink>
         and stand-alone
         <ulink url='&YOCTO_DOCS_ADT_URL;#the-cross-development-toolchain'>cross-development toolchains</ulink>
@@ -950,7 +949,7 @@
                                 and then click "Next".</para></listitem>
                             <listitem><para>Select the root directory and browse to
                                 <filename>~/yocto-eclipse/plugins</filename>.</para></listitem>
-                            <listitem><para>Three plug-ins exist: 
+                            <listitem><para>Three plug-ins exist:
                                 <filename>org.yocto.bc.ui</filename>,
                                 <filename>org.yocto.sdk.ide</filename>, and
                                 <filename>org.yocto.sdk.remotetools</filename>.
@@ -980,7 +979,7 @@
                 <para>
                     To start, you need to do the following from within the Eclipse IDE:
                     <itemizedlist>
-                        <listitem><para>Choose "Preferences" from the 
+                        <listitem><para>Choose "Preferences" from the
                             "Windows" menu to display
                             the Preferences Dialog</para></listitem>
                         <listitem><para>Click "Yocto Project ADT"</para></listitem>
@@ -1010,7 +1009,7 @@
                                        <listitem><para><emphasis>
                                             <filename>Build System Derived Toolchain:</filename></emphasis>
                                             Select this mode if the cross-toolchain has been installed and built
-                                            as part of the 
+                                            as part of the
                                             <link linkend='build-directory'>Build Directory</link>.
                                             When you select <filename>Build system derived toolchain</filename>,
                                             you are using the toolchain bundled
@@ -1022,7 +1021,7 @@
                                 If you are using a stand-alone pre-built toolchain, you should be pointing to the
                                 where it is installed.
                                 If you used the ADT Installer script and accepted the default
-                                installation directory, the toolchain will be installed in 
+                                installation directory, the toolchain will be installed in
                                 the <filename>&YOCTO_ADTPATH_DIR;</filename> directory.
                                 Sections "<ulink url='&YOCTO_DOCS_ADT_URL;#configuring-and-running-the-adt-installer-script'>Configuring
                                 and Running the ADT Installer Script</ulink>" and
@@ -1034,17 +1033,17 @@
                                 field is the <link linkend='build-directory'>Build Directory</link>.
                                 See the "<ulink url='&YOCTO_DOCS_ADT_URL;#using-the-toolchain-from-within-the-build-tree'>Using
                                 BitBake and the Build Directory</ulink>" section in the Yocto Project Application
-                                Developer's Guide for information on how to install 
+                                Developer's Guide for information on how to install
                                 the toolchain into the Build Directory.</para></listitem>
                             <listitem><para><emphasis>Specify the Sysroot Location:</emphasis>
                                 This location is where the root filesystem for the target hardware resides.
-                                If you used the ADT Installer script and accepted the 
+                                If you used the ADT Installer script and accepted the
                                 default installation directory, then the location is
                                 <filename>/opt/poky/&lt;release&gt;</filename>.
                                 Additionally, when you use the ADT Installer script,
                                 the same location is used for
                                 the QEMU user-space tools and the NFS boot process.</para>
-                                <para>If you used either of the other two methods to 
+                                <para>If you used either of the other two methods to
                                 install the toolchain or did not accept the ADT Installer
                                 script's default installation directory, then the
                                 location of the sysroot filesystem depends on where you separately
@@ -1160,7 +1159,7 @@
                 configurations.
                 You can override these settings for a given project by following these steps:
                 <orderedlist>
-                    <listitem><para>Select "Change Yocto Project Settings" from the 
+                    <listitem><para>Select "Change Yocto Project Settings" from the
                         "Project" menu.
                         This selection brings up the Yocto Project Settings Dialog
                         and allows you to make changes specific to an individual project.
@@ -1170,14 +1169,14 @@
                         Dialog as described earlier
                         in the "<link linkend='configuring-the-eclipse-yocto-plug-in'>Configuring the Eclipse
                         Yocto Plug-in</link>" section.
-                        The Yocto Project Settings Dialog allows you to override 
+                        The Yocto Project Settings Dialog allows you to override
                         those default settings for a given project.</para></listitem>
                     <listitem><para>Make your configurations for the project and click "OK".
                         If you are running the Juno version of Eclipse, you can skip down to the next
                         section where you build the project.
                         If you are not working with Juno, you need to reconfigure the project as
                         described in the next step.</para></listitem>
-                    <listitem><para>Select "Reconfigure Project" from the 
+                    <listitem><para>Select "Reconfigure Project" from the
                         "Project" menu.
                         This selection reconfigures the project by running
                        <filename>autogen.sh</filename> in the workspace for your project.
@@ -1197,7 +1196,7 @@
             <para>
                 To build the project in Juno, right click on the project in the navigator pane and select
                 "Build Project".
-                If you are not running Juno, select "Build Project" from the 
+                If you are not running Juno, select "Build Project" from the
                 "Project" menu.
                 The console should update and you can note the cross-compiler you are using.
             </para>
@@ -1209,7 +1208,7 @@
             <para>
                 To start the QEMU emulator from within Eclipse, follow these steps:
                 <orderedlist>
-                    <listitem><para>Expose and select "External Tools" from 
+                    <listitem><para>Expose and select "External Tools" from
                         the "Run" menu.
                         Your image should appear as a selectable menu item.
                         </para></listitem>
@@ -1232,12 +1231,12 @@
             <title>Deploying and Debugging the Application</title>
 
             <para>
-                Once the QEMU emulator is running the image, you can deploy 
-                your application using the Eclipse IDE and use then use 
+                Once the QEMU emulator is running the image, you can deploy
+                your application using the Eclipse IDE and use then use
                 the emulator to perform debugging.
                 Follow these steps to deploy the application.
                 <orderedlist>
-                    <listitem><para>Select "Debug Configurations..." from the 
+                    <listitem><para>Select "Debug Configurations..." from the
                     "Run" menu.</para></listitem>
                     <listitem><para>In the left area, expand <filename>C/C++Remote Application</filename>.</para></listitem>
                     <listitem><para>Locate your project and select it to bring up a new
@@ -1258,7 +1257,7 @@
                         determined earlier.</para></listitem>
                     <listitem><para>Click "Finish" to close the
                         New Connections Dialog.</para></listitem>
-                    <listitem><para>Use the drop-down menu now in the 
+                    <listitem><para>Use the drop-down menu now in the
                         "Connection" field and pick the IP Address you entered.
                          </para></listitem>
                     <listitem><para>Click "Run" to bring up a login screen
@@ -1315,8 +1314,8 @@
                         display the output.
                         For information on how to use Lttng to trace an application,
                         see <ulink url='http://lttng.org/documentation'></ulink>
-                        and the 
-                        "<ulink url='&YOCTO_DOCS_PROF_URL;#lttng-linux-trace-toolkit-next-generation'>LTTng (Linux Trace Toolkit, next generation)</ulink>" 
+                        and the
+                        "<ulink url='&YOCTO_DOCS_PROF_URL;#lttng-linux-trace-toolkit-next-generation'>LTTng (Linux Trace Toolkit, next generation)</ulink>"
                         section, which is in the Yocto Project Profiling and Tracing Manual.
                         <note>Do not use <filename>Lttng-user space (legacy)</filename> tool.
                             This tool no longer has any upstream support.</note>
@@ -1326,18 +1325,18 @@
                         Tracing project.
                         Do the following:
                         <orderedlist>
-                            <listitem><para>Select "Open Perspective" from the 
+                            <listitem><para>Select "Open Perspective" from the
                                 "Window" menu and then select "Tracing".</para></listitem>
                             <listitem><para>Click "OK" to change the Eclipse perspective
                                 into the Tracing perspective.</para></listitem>
                             <listitem><para>Create a new Tracing project by selecting
                                 "Project" from the "File -> New" menu.</para></listitem>
-                            <listitem><para>Choose "Tracing Project" from the 
+                            <listitem><para>Choose "Tracing Project" from the
                                 "Tracing" menu.
                                 </para></listitem>
                             <listitem><para>Generate your tracing data on the remote target.
                                 </para></listitem>
-                            <listitem><para>Select "Lttng2.0 ust trace import" from 
+                            <listitem><para>Select "Lttng2.0 ust trace import" from
                                 the "Yocto Project Tools" menu to
                                 start the data import process.</para></listitem>
                             <listitem><para>Specify your remote connection name.</para></listitem>
@@ -1348,8 +1347,8 @@
                             <listitem><para>Click "OK" to complete the import process.
                                 The data is now in the local tracing project you created.</para></listitem>
                             <listitem><para>Right click on the data and then use the menu to
-                                Select "Generic CTF Trace" from the 
-                                "Trace Type... -> Common Trace Format" menu to map 
+                                Select "Generic CTF Trace" from the
+                                "Trace Type... -> Common Trace Format" menu to map
                                 the tracing type.</para></listitem>
                             <listitem><para>Right click the mouse and select "Open"
                                 to bring up the Eclipse Lttng Trace Viewer so you
@@ -1386,7 +1385,7 @@
 
             <para>
                 Within the Eclipse IDE, you can create a Yocto BitBake Commander project,
-                edit the <link linkend='metadata'>Metadata</link>, and then use 
+                edit the <link linkend='metadata'>Metadata</link>, and then use
                 <ulink url='&YOCTO_HOME_URL;/tools-resources/projects/hob'>Hob</ulink> to build a customized
                 image all within one IDE.
             </para>
@@ -1397,16 +1396,16 @@
                 <para>
                     To create a Yocto BitBake Commander project, follow these steps:
                     <orderedlist>
-                        <listitem><para>Select "Other" from the 
-                            "Window -> Open Perspective" menu 
+                        <listitem><para>Select "Other" from the
+                            "Window -> Open Perspective" menu
                             and then choose "Bitbake Commander".</para></listitem>
                         <listitem><para>Click "OK" to change the perspective to
                             Bitbake Commander.</para></listitem>
                         <listitem><para>Select "Project" from the "File -> New"
                             menu to create a new Yocto
                             Bitbake Commander project.</para></listitem>
-                        <listitem><para>Choose "New Yocto Project" from the 
-                            "Yocto Project Bitbake Commander" menu and click 
+                        <listitem><para>Choose "New Yocto Project" from the
+                            "Yocto Project Bitbake Commander" menu and click
                             "Next".</para></listitem>
                         <listitem><para>Enter the Project Name and choose the Project Location.
                             The Yocto project's Metadata files will be put under the directory
@@ -1424,7 +1423,7 @@
                 <title>Editing the Metadata</title>
 
                 <para>
-                    After you create the Yocto Bitbake Commander project, you can modify the 
+                    After you create the Yocto Bitbake Commander project, you can modify the
                     <link linkend='metadata'>Metadata</link> files
                     by opening them in the project.
                     When editing recipe files (<filename>.bb</filename> files), you can view BitBake
@@ -1436,8 +1435,8 @@
                     To edit the Metadata, follow these steps:
                     <orderedlist>
                         <listitem><para>Select your Yocto Bitbake Commander project.</para></listitem>
-                        <listitem><para>Select "BitBake Recipe" from the 
-                        "File -> New -> Yocto BitBake Commander" menu 
+                        <listitem><para>Select "BitBake Recipe" from the
+                        "File -> New -> Yocto BitBake Commander" menu
                             to open a new recipe wizard.</para></listitem>
                         <listitem><para>Point to your source by filling in the "SRC_URL" field.
                             For example, you can add a recipe to your
@@ -1459,13 +1458,13 @@
                 <title>Building and Customizing the Image Using Hob</title>
 
                 <para>
-                    To build and customize the image using Hob from within the 
+                    To build and customize the image using Hob from within the
                     Eclipse IDE, follow these steps:
                     <orderedlist>
                         <listitem><para>Select your Yocto Bitbake Commander project.</para></listitem>
                         <listitem><para>Select "Launch Hob" from the "Project"
                             menu.</para></listitem>
-                        <listitem><para>Enter the 
+                        <listitem><para>Enter the
                             <link linkend='build-directory'>Build Directory</link>
                             where you want to put your final images.</para></listitem>
                         <listitem><para>Click "OK" to launch Hob.</para></listitem>
@@ -1508,7 +1507,7 @@
                     support development using actual hardware.
                     For example, the area might contain
                     <filename>.hddimg</filename> files that combine the
-                    kernel image with the filesystem, boot loaders, and 
+                    kernel image with the filesystem, boot loaders, and
                     so forth.
                     Be sure to get the files you need for your particular
                     development process.</para>
@@ -1879,9 +1878,9 @@
 
     <para>
         For a better understanding of Hob, see the project page at
-        <ulink url='&YOCTO_HOME_URL;/tools-resources/projects/hob'></ulink> 
+        <ulink url='&YOCTO_HOME_URL;/tools-resources/projects/hob'></ulink>
         on the Yocto Project website.
-        If you follow the "Documentation" link from the Hob page, you will 
+        If you follow the "Documentation" link from the Hob page, you will
         find a short introductory training video on Hob.
         The following lists some features of Hob:
         <itemizedlist>
@@ -1893,9 +1892,9 @@
             <listitem><para>You can set the
                 <ulink url='&YOCTO_DOCS_REF_URL;#var-MACHINE'><filename>MACHINE</filename></ulink>
                 for which you are building the image.</para></listitem>
-            <listitem><para>You can modify various policy settings such as the 
+            <listitem><para>You can modify various policy settings such as the
                 package format with which to build,
-                the parallelism BitBake uses, whether or not to build an 
+                the parallelism BitBake uses, whether or not to build an
                 external toolchain, and which host to build against.
                 </para></listitem>
             <listitem><para>You can manage

documentation/dev-manual/dev-manual.xml

@@ -61,6 +61,21 @@
                 <date>August 2013</date>
                 <revremark>Released with the Yocto Project 1.4.2 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>1.4.3</revnumber>
+                <date>March 2014</date>
+                <revremark>Released with the Yocto Project 1.4.3 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>1.4.4</revnumber>
+                <date>May 2014</date>
+                <revremark>Released with the Yocto Project 1.4.4 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>1.4.5</revnumber>
+                <date>July 2014</date>
+                <revremark>Released with the Yocto Project 1.4.5 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/kernel-dev/kernel-dev.xml

@@ -46,6 +46,21 @@
                 <date>August 2013</date>
                 <revremark>Released with the Yocto Project 1.4.2 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>1.4.3</revnumber>
+                <date>March 2014</date>
+                <revremark>Released with the Yocto Project 1.4.3 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>1.4.4</revnumber>
+                <date>May 2014</date>
+                <revremark>Released with the Yocto Project 1.4.4 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>1.4.5</revnumber>
+                <date>July 2014</date>
+                <revremark>Released with the Yocto Project 1.4.5 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>
@@ -61,7 +76,7 @@
       <note>
           Due to production processes, there could be differences between the Yocto Project
           documentation bundled in the release tarball and the
-          <ulink url='&YOCTO_DOCS_KERNEL_URL;'>Yocto Project Linux Kernel Development Manual</ulink> on
+          <ulink url='&YOCTO_DOCS_KERNEL_DEV_URL;'>Yocto Project Linux Kernel Development Manual</ulink> on
           the <ulink url='&YOCTO_HOME_URL;'>Yocto Project</ulink> website.
           For the latest version of this manual, see the manual on the website.
       </note>

documentation/poky.ent

@@ -1,11 +1,11 @@
-<!ENTITY DISTRO "1.4.2">
-<!ENTITY DISTRO_COMPRESSED "142">
+<!ENTITY DISTRO "1.4.5">
+<!ENTITY DISTRO_COMPRESSED "145">
 <!ENTITY DISTRO_NAME "dylan">
-<!ENTITY YOCTO_DOC_VERSION "1.4.2">
-<!ENTITY POKYVERSION "9.0.2">
-<!ENTITY POKYVERSION_COMPRESSED "902">
+<!ENTITY YOCTO_DOC_VERSION "1.4.5">
+<!ENTITY POKYVERSION "9.0.5">
+<!ENTITY POKYVERSION_COMPRESSED "905">
 <!ENTITY YOCTO_POKY "poky-&DISTRO_NAME;-&POKYVERSION;">
-<!ENTITY COPYRIGHT_YEAR "2010-2013">
+<!ENTITY COPYRIGHT_YEAR "2010-2014">
 <!ENTITY YOCTO_DL_URL "http://downloads.yoctoproject.org">
 <!ENTITY YOCTO_HOME_URL "http://www.yoctoproject.org">
 <!ENTITY YOCTO_LISTS_URL "http://lists.yoctoproject.org">
@@ -16,7 +16,7 @@
 <!ENTITY YOCTO_ADTREPO_URL "http://adtrepo.yoctoproject.org">
 <!ENTITY YOCTO_RELEASE_NOTES "&YOCTO_HOME_URL;/download/yocto-project-&DISTRO_COMPRESSED;-poky-&POKYVERSION_COMPRESSED;">
 <!ENTITY OE_HOME_URL "http://www.openembedded.org">
-<!ENTITY OE_LISTS_URL "http://lists.linuxtogo.org/cgi-bin/mailman">
+<!ENTITY OE_LISTS_URL "http://lists.openembedded.org/mailman">
 <!ENTITY OE_DOCS_URL "http://docs.openembedded.org">
 <!ENTITY OH_HOME_URL "http://o-hand.com">
 <!ENTITY BITBAKE_HOME_URL "http://developer.berlios.de/projects/bitbake/">
@@ -35,7 +35,7 @@
 <!ENTITY YOCTO_RELEASE_DL_URL "&YOCTO_DL_URL;/releases/yocto/yocto-&DISTRO;">
 <!ENTITY YOCTO_TOOLCHAIN_DL_URL "&YOCTO_RELEASE_DL_URL;/toolchain/">
 <!ENTITY YOCTO_ECLIPSE_DL_URL "&YOCTO_RELEASE_DL_URL;/eclipse-plugin/indigo;">
-<!ENTITY YOCTO_ADTINSTALLER_DL_URL "&YOCTO_RELEASE_DL_URL;/adt_installer">
+<!ENTITY YOCTO_ADTINSTALLER_DL_URL "&YOCTO_RELEASE_DL_URL;/adt-installer">
 <!ENTITY YOCTO_POKY_DL_URL "&YOCTO_RELEASE_DL_URL;/&YOCTO_POKY;.tar.bz2">
 <!ENTITY YOCTO_MACHINES_DL_URL "&YOCTO_RELEASE_DL_URL;/machines">
 <!ENTITY YOCTO_QEMU_DL_URL "&YOCTO_MACHINES_DL_URL;/qemu">

documentation/profile-manual/profile-manual-intro.xml

@@ -4,7 +4,7 @@
 
 <chapter id='profile-manual-intro'>
 
-<title>Yocto Project Tracing and Profiling Manual</title>
+<title>Yocto Project Profiling and Tracing Manual</title>
     <section id='intro'>
         <title>Introduction</title>
 

documentation/profile-manual/profile-manual.xml

@@ -46,6 +46,21 @@
                 <date>August 2013</date>
                 <revremark>Released with the Yocto Project 1.4.2 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>1.4.3</revnumber>
+                <date>March 2014</date>
+                <revremark>Released with the Yocto Project 1.4.3 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>1.4.4</revnumber>
+                <date>May 2014</date>
+                <revremark>Released with the Yocto Project 1.4.4 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>1.4.5</revnumber>
+                <date>July 2014</date>
+                <revremark>Released with the Yocto Project 1.4.5 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>
@@ -64,7 +79,7 @@
       <note>
           Due to production processes, there could be differences between the Yocto Project
           documentation bundled in the release tarball and the
-          <ulink url='&YOCTO_DOCS_PROF_URL;'>Yocto Project Tracing and Profiling Manual</ulink> on
+          <ulink url='&YOCTO_DOCS_PROF_URL;'>Yocto Project Profiling and Tracing Manual</ulink> on
           the <ulink url='&YOCTO_HOME_URL;'>Yocto Project</ulink> website.
           For the latest version of this manual, see the manual on the website.
       </note>

documentation/ref-manual/ref-manual.xml

@@ -77,6 +77,21 @@
                 <date>August 2013</date>
                 <revremark>Released with the Yocto Project 1.4.2 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>1.4.3</revnumber>
+                <date>March 2014</date>
+                <revremark>Released with the Yocto Project 1.4.3 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>1.4.4</revnumber>
+                <date>May 2014</date>
+                <revremark>Released with the Yocto Project 1.4.4 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>1.4.5</revnumber>
+                <date>July 2014</date>
+                <revremark>Released with the Yocto Project 1.4.5 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/tools/mega-manual.sed

@@ -1,14 +1,14 @@
 # Processes ref-manual and yocto-project-qs manual (<word>-<word>-<word> style)
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.2\/[a-z]*-[a-z]*-[a-z]*\/[a-z]*-[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.5\/[a-z]*-[a-z]*-[a-z]*\/[a-z]*-[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
 
 # Processes all other manuals (<word>-<word> style)
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.2\/[a-z]*-[a-z]*\/[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.5\/[a-z]*-[a-z]*\/[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
 
 # Process cases where just an external manual is referenced without an id anchor
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.2\/yocto-project-qs\/yocto-project-qs.html\" target=\"_top\">Yocto Project Quick Start<\/a>/Yocto Project Quick Start/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.2\/dev-manual\/dev-manual.html\" target=\"_top\">Yocto Project Development Manual<\/a>/Yocto Project Development Manual/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.2\/adt-manual\/adt-manual.html\" target=\"_top\">Yocto Project Application Developer's Guide<\/a>/Yocto Project Application Developer's Guide/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.2\/bsp-guide\/bsp-guide.html\" target=\"_top\">Yocto Project Board Support Package (BSP) Developer's Guide<\/a>/Yocto Project Board Support Package (BSP) Developer's Guide/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.2\/profile-manual\/profile-manual.html\" target=\"_top\">Yocto Project Profile and Tracing Manual<\/a>/Yocto Project Profile and Tracing Manual/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.2\/kernel-dev\/kernel-dev.html\" target=\"_top\">Yocto Project Linux Kernel Development Manual<\/a>/Yocto Project Linux Kernel Development Manual/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.2\/ref-manual\/ref-manual.html\" target=\"_top\">Yocto Project Reference Manual<\/a>/Yocto Project Reference Manual/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.5\/yocto-project-qs\/yocto-project-qs.html\" target=\"_top\">Yocto Project Quick Start<\/a>/Yocto Project Quick Start/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.5\/dev-manual\/dev-manual.html\" target=\"_top\">Yocto Project Development Manual<\/a>/Yocto Project Development Manual/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.5\/adt-manual\/adt-manual.html\" target=\"_top\">Yocto Project Application Developer's Guide<\/a>/Yocto Project Application Developer's Guide/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.5\/bsp-guide\/bsp-guide.html\" target=\"_top\">Yocto Project Board Support Package (BSP) Developer's Guide<\/a>/Yocto Project Board Support Package (BSP) Developer's Guide/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.5\/profile-manual\/profile-manual.html\" target=\"_top\">Yocto Project Profiling and Tracing Manual<\/a>/Yocto Project Profiling and Tracing Manual/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.5\/kernel-dev\/kernel-dev.html\" target=\"_top\">Yocto Project Linux Kernel Development Manual<\/a>/Yocto Project Linux Kernel Development Manual/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.5\/ref-manual\/ref-manual.html\" target=\"_top\">Yocto Project Reference Manual<\/a>/Yocto Project Reference Manual/g

meta-yocto/conf/distro/poky.conf

@@ -1,6 +1,6 @@
 DISTRO = "poky"
-DISTRO_NAME = "Poky 9.0.2 (Yocto Project 1.4 Reference Distro)"
-DISTRO_VERSION = "1.4.2"
+DISTRO_NAME = "Poky 9.0.4 (Yocto Project 1.4.4 Reference Distro)"
+DISTRO_VERSION = "1.4.4"
 DISTRO_CODENAME = "dylan"
 SDK_VENDOR = "-pokysdk"
 SDK_VERSION := "${@'${DISTRO_VERSION}'}"
@@ -77,6 +77,8 @@ SANITY_TESTED_DISTROS ?= " \
             Poky-1.4 \n \
             Poky-1.4.1 \n \
             Poky-1.4.2 \n \
+            Poky-1.4.3 \n \
+            Poky-1.4.4 \n \
             Ubuntu-10.04 \n \
             Ubuntu-11.10 \n \
             Ubuntu-12.04 \n \

meta/classes/cmake.bbclass

@@ -35,7 +35,7 @@ cmake_do_generate_toolchain_file() {
 	cat > ${WORKDIR}/toolchain.cmake <<EOF
 # CMake system name must be something like "Linux".
 # This is important for cross-compiling.
-set( CMAKE_SYSTEM_NAME `echo ${SDK_OS} | sed 's/^./\u&/'` )
+set( CMAKE_SYSTEM_NAME `echo ${TARGET_OS} | sed -e 's/^./\u&/' -e 's/^\(Linux\).*/\1/'` )
 set( CMAKE_SYSTEM_PROCESSOR ${TARGET_ARCH} )
 set( CMAKE_C_COMPILER ${OECMAKE_C_COMPILER} )
 set( CMAKE_CXX_COMPILER ${OECMAKE_CXX_COMPILER} )

meta/classes/image-mklibs.bbclass

@@ -40,6 +40,7 @@ mklibs_optimize_image_doit() {
 		--ldlib ${dynamic_loader} \
 		--libdir ${baselib} \
 		--sysroot ${PKG_CONFIG_SYSROOT_DIR} \
+		--gcc-options "--sysroot=${PKG_CONFIG_SYSROOT_DIR}" \
 		--root ${IMAGE_ROOTFS} \
 		--target `echo ${TARGET_PREFIX} | sed 's/-$//' ` \
 		-d ${WORKDIR}/mklibs/dest \

meta/classes/kernel.bbclass

@@ -237,14 +237,6 @@ do_savedefconfig() {
 do_savedefconfig[nostamp] = "1"
 addtask savedefconfig after do_configure
 
-pkg_postinst_kernel-base () {
-	update-alternatives --install /${KERNEL_IMAGEDEST}/${KERNEL_IMAGETYPE} ${KERNEL_IMAGETYPE} ${KERNEL_IMAGETYPE}-${KERNEL_VERSION} ${KERNEL_PRIORITY} || true
-}
-
-pkg_postrm_kernel-base () {
-	update-alternatives --remove ${KERNEL_IMAGETYPE} ${KERNEL_IMAGETYPE}-${KERNEL_VERSION} || true
-}
-
 inherit cml1
 
 EXPORT_FUNCTIONS do_compile do_install do_configure
@@ -272,14 +264,19 @@ ALLOW_EMPTY_kernel-modules = "1"
 DESCRIPTION_kernel-modules = "Kernel modules meta package"
 
 pkg_postinst_kernel-image () {
-if [ ! -e "$D/lib/modules/${KERNEL_VERSION}" ]; then
-	mkdir -p $D/lib/modules/${KERNEL_VERSION}
-fi
-if [ -n "$D" ]; then
-	depmodwrapper -a -b $D ${KERNEL_VERSION}
-else
-	depmod -a ${KERNEL_VERSION}
-fi
+	update-alternatives --install /${KERNEL_IMAGEDEST}/${KERNEL_IMAGETYPE} ${KERNEL_IMAGETYPE} ${KERNEL_IMAGETYPE}-${KERNEL_VERSION} ${KERNEL_PRIORITY} || true
+	if [ ! -e "$D/lib/modules/${KERNEL_VERSION}" ]; then
+		mkdir -p $D/lib/modules/${KERNEL_VERSION}
+	fi
+	if [ -n "$D" ]; then
+		depmodwrapper -a -b $D ${KERNEL_VERSION}
+	else
+		depmod -a ${KERNEL_VERSION}
+	fi
+}
+
+pkg_postrm_kernel-image () {
+	update-alternatives --remove ${KERNEL_IMAGETYPE} ${KERNEL_IMAGETYPE}-${KERNEL_VERSION} || true
 }
 
 PACKAGESPLITFUNCS_prepend = "split_kernel_packages "
@@ -375,7 +372,7 @@ kernel_do_deploy() {
 	if [ ${MODULE_TARBALL_DEPLOY} = "1" ] && (grep -q -i -e '^CONFIG_MODULES=y$' .config); then
 		mkdir -p ${D}/lib
 		tar -cvzf ${DEPLOYDIR}/${MODULE_TARBALL_BASE_NAME} -C ${D} lib
-		ln -sf ${MODULE_TARBALL_BASE_NAME}.bin ${MODULE_TARBALL_SYMLINK_NAME}
+		ln -sf ${MODULE_TARBALL_BASE_NAME} ${DEPLOYDIR}/${MODULE_TARBALL_SYMLINK_NAME}
 	fi
 
 	cd ${DEPLOYDIR}

meta/classes/libc-package.bbclass

@@ -96,14 +96,14 @@ do_prep_locale_tree() {
 	treedir=${WORKDIR}/locale-tree
 	rm -rf $treedir
 	mkdir -p $treedir/${base_bindir} $treedir/${base_libdir} $treedir/${datadir} $treedir/${localedir}
-	tar -cf - -C ${LOCALETREESRC}${datadir} -ps i18n | tar -xf - -C $treedir/${datadir}
+	tar -cf - -C ${LOCALETREESRC}${datadir} -p i18n | tar -xf - -C $treedir/${datadir}
 	# unzip to avoid parsing errors
 	for i in $treedir/${datadir}/i18n/charmaps/*gz; do 
 		gunzip $i
 	done
-	tar -cf - -C ${LOCALETREESRC}${base_libdir} -ps . | tar -xf - -C $treedir/${base_libdir}
+	tar -cf - -C ${LOCALETREESRC}${base_libdir} -p . | tar -xf - -C $treedir/${base_libdir}
 	if [ -f ${STAGING_DIR_NATIVE}${prefix_native}/lib/libgcc_s.* ]; then
-		tar -cf - -C ${STAGING_DIR_NATIVE}/${prefix_native}/${base_libdir} -ps libgcc_s.* | tar -xf - -C $treedir/${base_libdir}
+		tar -cf - -C ${STAGING_DIR_NATIVE}/${prefix_native}/${base_libdir} -p libgcc_s.* | tar -xf - -C $treedir/${base_libdir}
 	fi
 	install -m 0755 ${LOCALETREESRC}${bindir}/localedef $treedir/${base_bindir}
 }
@@ -113,7 +113,7 @@ do_collect_bins_from_locale_tree() {
 
 	parent=$(dirname ${localedir})
 	mkdir -p ${PKGD}/$parent
-	tar -cf - -C $treedir/$parent -ps $(basename ${localedir}) | tar -xf - -C ${PKGD}$parent
+	tar -cf - -C $treedir/$parent -p $(basename ${localedir}) | tar -xf - -C ${PKGD}$parent
 }
 
 inherit qemu

meta/classes/license.bbclass

@@ -51,11 +51,10 @@ license_create_manifest() {
 		printf "LICENSE:" >> ${LICENSE_MANIFEST}
 		for lic in ${pkged_lic}; do
 			# to reference a license file trim trailing + symbol
-			if [ -e "${LICENSE_DIRECTORY}/${pkged_pn}/generic_${lic%+}" ]; then
-				printf " ${lic}" >> ${LICENSE_MANIFEST}
-			else
-				echo "WARNING: The license listed ${lic} was not in the licenses collected for ${pkged_pn}"
+			if ! [ -e "${LICENSE_DIRECTORY}/${pkged_pn}/generic_${lic%+}" ]; then
+				bbwarn "The license listed ${lic} was not in the licenses collected for ${pkged_pn}"
 			fi
+                        printf " ${lic}" >> ${LICENSE_MANIFEST}
 		done
 		printf "\n\n" >> ${LICENSE_MANIFEST}
 	done
@@ -74,9 +73,9 @@ license_create_manifest() {
 					# Really don't need to copy the generics as they're 
 					# represented in the manifest and in the actual pkg licenses
 					# Doing so would make your image quite a bit larger
-					if [[ "${lic}" != "generic_"* ]]; then
+					if [ "${lic#generic_}" = "${lic}" ]; then
 						cp ${LICENSE_DIRECTORY}/${pkg}/${lic} ${IMAGE_ROOTFS}/usr/share/common-licenses/${pkg}/${lic}
-					elif [[ "${lic}" == "generic_"* ]]; then
+					else
 						if [ ! -f ${IMAGE_ROOTFS}/usr/share/common-licenses/${lic} ]; then
 							cp ${LICENSE_DIRECTORY}/${pkg}/${lic} ${IMAGE_ROOTFS}/usr/share/common-licenses/
 						fi

meta/classes/metadata_scm.bbclass

@@ -52,10 +52,13 @@ def base_get_metadata_monotone_revision(path, d):
     return monotone_revision
 
 def base_get_metadata_svn_revision(path, d):
+    # This only works with older subversion. For newer versions
+    # this function will need to be fixed by someone interested
     revision = "<unknown>"
     try:
-        revision = file( "%s/.svn/entries" % path ).readlines()[3].strip()
-    except IOError:
+        with open("%s/.svn/entries" % path) as f:
+            revision = f.readlines()[3].strip()
+    except IOError, IndexError:
         pass
     return revision
 

meta/classes/package.bbclass

@@ -451,7 +451,7 @@ python perform_packagecopy () {
     # Start by package population by taking a copy of the installed
     # files to operate on
     # Preserve sparse files and hard links
-    cmd = 'tar -cf - -C %s -ps . | tar -xf - -C %s' % (dest, dvar)
+    cmd = 'tar -cf - -C %s -p . | tar -xf - -C %s' % (dest, dvar)
     retval = subprocess.call(cmd, shell=True)
     if retval:
         bb.fatal("file copy failed with exit code %s (cmd was %s)" % (retval, cmd))
@@ -925,7 +925,7 @@ python populate_packages () {
     for pkg in packages.split():
         if d.getVar('LICENSE_EXCLUSION-' + pkg, True):
             bb.warn("%s has an incompatible license. Excluding from packaging." % pkg)
-        elif pkg in package_list:
+        if pkg in package_list:
             bb.error("%s is listed in PACKAGES multiple times, this leads to packaging errors." % pkg)
         else:
             package_list.append(pkg)
@@ -965,6 +965,9 @@ python populate_packages () {
                 continue
             seen.append(file)
 
+            if d.getVar('LICENSE_EXCLUSION-' + pkg, True):
+                continue
+
             def mkdir(src, dest, p):
                 src = os.path.join(src, p)
                 dest = os.path.join(dest, p)

meta/classes/package_rpm.bbclass

@@ -35,6 +35,11 @@ package_update_index_rpm () {
 		done
 	done
 
+	# FIXME stopgap for broken "bitbake package-index" since MULTILIB_PREFIX_LIST isn't set for that
+	if [ "$target_archs" = "" ] ; then
+		target_archs="${ALL_MULTILIB_PACKAGE_ARCHS}"
+	fi
+
 	target_archs=`echo "$target_archs" | tr - _`
 
 	archs=`for arch in $target_archs $sdk_archs ; do

meta/classes/populate_sdk_deb.bbclass

@@ -13,7 +13,7 @@ populate_sdk_post_deb () {
 	local target_rootfs=$1
 
 	mkdir -p ${target_rootfs}/etc
-	tar -cf - -C ${STAGING_ETCDIR_NATIVE} -ps apt | tar -xf - -C ${target_rootfs}/etc
+	tar -cf - -C ${STAGING_ETCDIR_NATIVE} -p apt | tar -xf - -C ${target_rootfs}/etc
 }
 
 populate_sdk_deb () {

meta/classes/sstate.bbclass

@@ -431,13 +431,14 @@ def sstate_package(ss, d):
         if not link.startswith(tmpdir):
             return
 
-        depth = link.rpartition(tmpdir)[2].count('/')
+        depth = outputpath.rpartition(tmpdir)[2].count('/')
         base = link.partition(tmpdir)[2].strip()
         while depth > 1:
-            base = "../" + base
+            base = "/.." + base
             depth -= 1
+        base = "." + base
 
-        bb.debug(2, "Replacing absolute path %s with relative path %s" % (link, base))
+        bb.debug(2, "Replacing absolute path %s with relative path %s for %s" % (link, base, outputpath))
         os.remove(path)
         os.symlink(base, path)
 
@@ -455,11 +456,11 @@ def sstate_package(ss, d):
         for walkroot, dirs, files in os.walk(state[1]):
             for file in files:
                 srcpath = os.path.join(walkroot, file)
-                dstpath = srcpath.replace(state[1], sstatebuild + state[0])
+                dstpath = srcpath.replace(state[1], state[2])
                 make_relative_symlink(srcpath, dstpath, d)
             for dir in dirs:
                 srcpath = os.path.join(walkroot, dir)
-                dstpath = srcpath.replace(state[1], sstatebuild + state[0])
+                dstpath = srcpath.replace(state[1], state[2])
                 make_relative_symlink(srcpath, dstpath, d)
         bb.debug(2, "Preparing tree %s for packaging at %s" % (state[1], sstatebuild + state[0]))
         oe.path.copyhardlinktree(state[1], sstatebuild + state[0])
@@ -639,19 +640,12 @@ def setscene_depvalid(task, taskdependees, notneeded, d):
         return x.endswith("-native")
     def isNativeCross(x):
         return x.endswith("-native") or x.endswith("-cross") or x.endswith("-cross-initial")
-    def isSafeDep(x):
-        if x in ["quilt-native", "autoconf-native", "automake-native", "gnu-config-native", "libtool-native", "pkgconfig-native", "gcc-cross", "binutils-cross", "gcc-cross-initial"]:
-            return True
-        return False
+
     def isPostInstDep(x):
         if x in ["qemu-native", "gdk-pixbuf-native", "qemuwrapper-cross", "depmodwrapper-cross", "systemd-systemctl-native", "gtk-update-icon-cache-native"]:
             return True
         return False
 
-    # We can skip these "safe" dependencies since the aren't runtime dependencies, just build time
-    if isSafeDep(taskdependees[task][0]) and taskdependees[task][1] == "do_populate_sysroot":
-        return True
-
     # We only need to trigger populate_lic through direct dependencies
     if taskdependees[task][1] == "do_populate_lic":
         return True

meta/classes/staging.bbclass

@@ -13,7 +13,7 @@ sysroot_stage_dir() {
 	# However we always want to stage a $src itself, even if it's empty
 	mkdir -p "$dest"
 	if [ -d "$src" ]; then
-		tar -cf - -C "$src" -ps . | tar -xf - -C "$dest"
+		tar -cf - -C "$src" -p . | tar -xf - -C "$dest"
 	fi
 }
 

meta/lib/oe/path.py

@@ -81,7 +81,7 @@ def copytree(src, dst):
     # This way we also preserve hardlinks between files in the tree.
 
     bb.utils.mkdirhier(dst)
-    cmd = 'tar -cf - -C %s -ps . | tar -xf - -C %s' % (src, dst)
+    cmd = 'tar -cf - -C %s -p . | tar -xf - -C %s' % (src, dst)
     check_output(cmd, shell=True, stderr=subprocess.STDOUT)
 
 def copyhardlinktree(src, dst):
@@ -93,7 +93,7 @@ def copyhardlinktree(src, dst):
     if (os.stat(src).st_dev ==  os.stat(dst).st_dev):
         # Need to copy directories only with tar first since cp will error if two 
         # writers try and create a directory at the same time
-        cmd = 'cd %s; find . -type d -print | tar -cf - -C %s -ps --files-from - | tar -xf - -C %s' % (src, src, dst)
+        cmd = 'cd %s; find . -type d -print | tar -cf - -C %s -p --files-from - | tar -xf - -C %s' % (src, src, dst)
         check_output(cmd, shell=True, stderr=subprocess.STDOUT)
         if os.path.isdir(src):
             src = src + "/*"

meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-DTLS-retransmission-from-previous-session.patch

@@ -0,0 +1,81 @@
+From 34628967f1e65dc8f34e000f0f5518e21afbfc7b Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve@openssl.org>
+Date: Fri, 20 Dec 2013 15:26:50 +0000
+Subject: [PATCH] Fix DTLS retransmission from previous session.
+
+Upstream-Status: Backport
+commit 34628967f1e65dc8f34e000f0f5518e21afbfc7b upstream
+
+For DTLS we might need to retransmit messages from the previous session
+so keep a copy of write context in DTLS retransmission buffers instead
+of replacing it after sending CCS. CVE-2013-6450.
+---
+ ssl/d1_both.c  |    6 ++++++
+ ssl/ssl_locl.h |    2 ++
+ ssl/t1_enc.c   |   17 +++++++++++------
+ 4 files changed, 24 insertions(+), 6 deletions(-)
+
+diff --git a/ssl/d1_both.c b/ssl/d1_both.c
+index 65ec001..7a5596a 100644
+--- a/ssl/d1_both.c
++++ b/ssl/d1_both.c
+@@ -214,6 +214,12 @@ dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
+ static void
+ dtls1_hm_fragment_free(hm_fragment *frag)
+ 	{
++
++	if (frag->msg_header.is_ccs)
++		{
++		EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx);
++		EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash);
++		}
+ 	if (frag->fragment) OPENSSL_free(frag->fragment);
+ 	if (frag->reassembly) OPENSSL_free(frag->reassembly);
+ 	OPENSSL_free(frag);
+diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
+index 96ce9a7..e485907 100644
+--- a/ssl/ssl_locl.h
++++ b/ssl/ssl_locl.h
+@@ -621,6 +621,8 @@ extern SSL3_ENC_METHOD TLSv1_enc_data;
+ extern SSL3_ENC_METHOD SSLv3_enc_data;
+ extern SSL3_ENC_METHOD DTLSv1_enc_data;
+ 
++#define SSL_IS_DTLS(s) (s->method->version == DTLS1_VERSION)
++
+ #define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \
+ 				s_get_meth) \
+ const SSL_METHOD *func_name(void)  \
+diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
+index 72015f5..56db834 100644
+--- a/ssl/t1_enc.c
++++ b/ssl/t1_enc.c
+@@ -414,15 +414,20 @@ int tls1_change_cipher_state(SSL *s, int which)
+ 			s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
+ 			else
+ 			s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
+-		if (s->enc_write_ctx != NULL)
++		if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s))
+ 			reuse_dd = 1;
+-		else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
++		else if ((s->enc_write_ctx=EVP_CIPHER_CTX_new()) == NULL)
+ 			goto err;
+-		else
+-			/* make sure it's intialized in case we exit later with an error */
+-			EVP_CIPHER_CTX_init(s->enc_write_ctx);
+ 		dd= s->enc_write_ctx;
+-		mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
++		if (SSL_IS_DTLS(s))
++			{
++			mac_ctx = EVP_MD_CTX_create();
++			if (!mac_ctx)
++				goto err;
++			s->write_hash = mac_ctx;
++			}
++		else
++			mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
+ #ifndef OPENSSL_NO_COMP
+ 		if (s->compress != NULL)
+ 			{
+-- 
+1.7.5.4
+

meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch

@@ -0,0 +1,31 @@
+From 197e0ea817ad64820789d86711d55ff50d71f631 Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve@openssl.org>
+Date: Mon, 6 Jan 2014 14:35:04 +0000
+Subject: [PATCH] Fix for TLS record tampering bug CVE-2013-4353
+
+Upstream-Status: Backport
+commit 197e0ea817ad64820789d86711d55ff50d71f631 upstream
+
+ ssl/s3_both.c |    6 +++++-
+ 3 files changed, 11 insertions(+), 1 deletions(-)
+
+diff --git a/ssl/s3_both.c b/ssl/s3_both.c
+index 1e5dcab..53b9390 100644
+--- a/ssl/s3_both.c
++++ b/ssl/s3_both.c
+@@ -210,7 +210,11 @@ static void ssl3_take_mac(SSL *s)
+ 	{
+ 	const char *sender;
+ 	int slen;
+-
++	/* If no new cipher setup return immediately: other functions will
++	 * set the appropriate error.
++	 */
++	if (s->s3->tmp.new_cipher == NULL)
++		return;
+ 	if (s->state & SSL_ST_CONNECT)
+ 		{
+ 		sender=s->method->ssl3_enc->server_finished_label;
+-- 
+1.7.5.4
+

meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch

@@ -0,0 +1,33 @@
+From ca989269a2876bae79393bd54c3e72d49975fc75 Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve@openssl.org>
+Date: Thu, 19 Dec 2013 14:37:39 +0000
+Subject: [PATCH] Use version in SSL_METHOD not SSL structure.
+
+Upstream-Status: Backport
+commit ca989269a2876bae79393bd54c3e72d49975fc75 upstream
+
+When deciding whether to use TLS 1.2 PRF and record hash algorithms
+use the version number in the corresponding SSL_METHOD structure
+instead of the SSL structure. The SSL structure version is sometimes
+inaccurate. Note: OpenSSL 1.0.2 and later effectively do this already.
+(CVE-2013-6449)
+---
+ ssl/s3_lib.c |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
+index bf832bb..c4ef273 100644
+--- a/ssl/s3_lib.c
++++ b/ssl/s3_lib.c
+@@ -4286,7 +4286,7 @@ need to go to SSL_ST_ACCEPT.
+ long ssl_get_algorithm2(SSL *s)
+ 	{
+ 	long alg2 = s->s3->tmp.new_cipher->algorithm2;
+-	if (TLS1_get_version(s) >= TLS1_2_VERSION &&
++	if (s->method->version == TLS1_2_VERSION &&
+ 	    alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
+ 		return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
+ 	return alg2;
+-- 
+1.7.5.4
+

meta/recipes-connectivity/openssl/openssl-1.0.1e/CVE-2014-0160.patch

@@ -0,0 +1,118 @@
+From 96db9023b881d7cd9f379b0c154650d6c108e9a3 Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve@openssl.org>
+Date: Sun, 6 Apr 2014 00:51:06 +0100
+Subject: [PATCH] Add heartbeat extension bounds check.
+
+A missing bounds check in the handling of the TLS heartbeat extension
+can be used to reveal up to 64k of memory to a connected client or
+server.
+
+Thanks for Neel Mehta of Google Security for discovering this bug and to
+Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
+preparing the fix (CVE-2014-0160)
+
+Patch (tweaked version of upstream fix without CHANGES change) borrowed
+from Debian.
+
+Upstream-Status: Backport
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+---
+ ssl/d1_both.c | 26 ++++++++++++++++++--------
+ ssl/t1_lib.c  | 14 +++++++++-----
+ 3 files changed, 36 insertions(+), 13 deletions(-)
+
+diff --git a/ssl/d1_both.c b/ssl/d1_both.c
+index 7a5596a..2e8cf68 100644
+--- a/ssl/d1_both.c
++++ b/ssl/d1_both.c
+@@ -1459,26 +1459,36 @@ dtls1_process_heartbeat(SSL *s)
+ 	unsigned int payload;
+ 	unsigned int padding = 16; /* Use minimum padding */
+ 
+-	/* Read type and payload length first */
+-	hbtype = *p++;
+-	n2s(p, payload);
+-	pl = p;
+-
+ 	if (s->msg_callback)
+ 		s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
+ 			&s->s3->rrec.data[0], s->s3->rrec.length,
+ 			s, s->msg_callback_arg);
+ 
++	/* Read type and payload length first */
++	if (1 + 2 + 16 > s->s3->rrec.length)
++		return 0; /* silently discard */
++	hbtype = *p++;
++	n2s(p, payload);
++	if (1 + 2 + payload + 16 > s->s3->rrec.length)
++		return 0; /* silently discard per RFC 6520 sec. 4 */
++	pl = p;
++
+ 	if (hbtype == TLS1_HB_REQUEST)
+ 		{
+ 		unsigned char *buffer, *bp;
++		unsigned int write_length = 1 /* heartbeat type */ +
++					    2 /* heartbeat length */ +
++					    payload + padding;
+ 		int r;
+ 
++		if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
++			return 0;
++
+ 		/* Allocate memory for the response, size is 1 byte
+ 		 * message type, plus 2 bytes payload length, plus
+ 		 * payload, plus padding
+ 		 */
+-		buffer = OPENSSL_malloc(1 + 2 + payload + padding);
++		buffer = OPENSSL_malloc(write_length);
+ 		bp = buffer;
+ 
+ 		/* Enter response type, length and copy payload */
+@@ -1489,11 +1499,11 @@ dtls1_process_heartbeat(SSL *s)
+ 		/* Random padding */
+ 		RAND_pseudo_bytes(bp, padding);
+ 
+-		r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
++		r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length);
+ 
+ 		if (r >= 0 && s->msg_callback)
+ 			s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
+-				buffer, 3 + payload + padding,
++				buffer, write_length,
+ 				s, s->msg_callback_arg);
+ 
+ 		OPENSSL_free(buffer);
+diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
+index b82fada..bddffd9 100644
+--- a/ssl/t1_lib.c
++++ b/ssl/t1_lib.c
+@@ -2588,16 +2588,20 @@ tls1_process_heartbeat(SSL *s)
+ 	unsigned int payload;
+ 	unsigned int padding = 16; /* Use minimum padding */
+ 
+-	/* Read type and payload length first */
+-	hbtype = *p++;
+-	n2s(p, payload);
+-	pl = p;
+-
+ 	if (s->msg_callback)
+ 		s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
+ 			&s->s3->rrec.data[0], s->s3->rrec.length,
+ 			s, s->msg_callback_arg);
+ 
++	/* Read type and payload length first */
++	if (1 + 2 + 16 > s->s3->rrec.length)
++		return 0; /* silently discard */
++	hbtype = *p++;
++	n2s(p, payload);
++	if (1 + 2 + payload + 16 > s->s3->rrec.length)
++		return 0; /* silently discard per RFC 6520 sec. 4 */
++	pl = p;
++
+ 	if (hbtype == TLS1_HB_REQUEST)
+ 		{
+ 		unsigned char *buffer, *bp;
+-- 
+1.9.1
+

meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0195.patch

@@ -0,0 +1,40 @@
+commit 208d54db20d58c9a5e45e856a0650caadd7d9612
+Author: Dr. Stephen Henson <steve@openssl.org>
+Date:   Tue May 13 18:48:31 2014 +0100
+
+    Fix for CVE-2014-0195
+    
+    A buffer overrun attack can be triggered by sending invalid DTLS fragments
+    to an OpenSSL DTLS client or server. This is potentially exploitable to
+    run arbitrary code on a vulnerable client or server.
+    
+    Fixed by adding consistency check for DTLS fragments.
+    
+    Thanks to Jüri Aedla for reporting this issue.
+
+Patch borrowed from Fedora
+Upstream-Status: Backport
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+diff --git a/ssl/d1_both.c b/ssl/d1_both.c
+index 2e8cf68..07f67f8 100644
+--- a/ssl/d1_both.c
++++ b/ssl/d1_both.c
+@@ -627,7 +627,16 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
+ 		frag->msg_header.frag_off = 0;
+ 		}
+ 	else
++		{
+ 		frag = (hm_fragment*) item->data;
++		if (frag->msg_header.msg_len != msg_hdr->msg_len)
++			{
++			item = NULL;
++			frag = NULL;
++			goto err;
++			}
++		}
++
+ 
+ 	/* If message is already reassembled, this must be a
+ 	 * retransmit and can be dropped.
+

meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0198.patch

@@ -0,0 +1,38 @@
+From: Matt Caswell <matt@openssl.org>
+Date: Sun, 11 May 2014 23:38:37 +0000 (+0100)
+Subject: Fixed NULL pointer dereference. See PR#3321
+X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=b107586
+
+Fixed NULL pointer dereference. See PR#3321
+
+Patch borrowed from Fedora
+Upstream-Status: Backport
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+---
+
+diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
+index 40eb0dd..d961d12 100644
+--- a/ssl/s3_pkt.c
++++ b/ssl/s3_pkt.c
+@@ -657,9 +657,6 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+ 	SSL3_BUFFER *wb=&(s->s3->wbuf);
+ 	SSL_SESSION *sess;
+ 
+- 	if (wb->buf == NULL)
+-		if (!ssl3_setup_write_buffer(s))
+-			return -1;
+ 
+ 	/* first check if there is a SSL3_BUFFER still being written
+ 	 * out.  This will happen with non blocking IO */
+@@ -675,6 +672,10 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+ 		/* if it went, fall through and send more stuff */
+ 		}
+ 
++ 	if (wb->buf == NULL)
++		if (!ssl3_setup_write_buffer(s))
++			return -1;
++
+ 	if (len == 0 && !create_empty_fragment)
+ 		return 0;
+ 

meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0221.patch

@@ -0,0 +1,38 @@
+commit d30e582446b027868cdabd0994681643682045a4
+Author: Dr. Stephen Henson <steve@openssl.org>
+Date:   Fri May 16 13:00:45 2014 +0100
+
+    Fix CVE-2014-0221
+    
+    Unnecessary recursion when receiving a DTLS hello request can be used to
+    crash a DTLS client. Fixed by handling DTLS hello request without recursion.
+    
+    Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.
+
+Patch borrowed from Fedora
+Upstream-Status: Backport
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+diff --git a/ssl/d1_both.c b/ssl/d1_both.c
+index 07f67f8..4c2fd03 100644
+--- a/ssl/d1_both.c
++++ b/ssl/d1_both.c
+@@ -793,6 +793,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
+ 	int i,al;
+ 	struct hm_header_st msg_hdr;
+ 
++	redo:
+ 	/* see if we have the required fragment already */
+ 	if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok)
+ 		{
+@@ -851,8 +852,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
+ 					s->msg_callback_arg);
+ 			
+ 			s->init_num = 0;
+-			return dtls1_get_message_fragment(s, st1, stn,
+-				max, ok);
++			goto redo;
+ 			}
+ 		else /* Incorrectly formated Hello request */
+ 			{
+

meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0224.patch

@@ -0,0 +1,103 @@
+Fix for CVE-2014-0224
+
+Only accept change cipher spec when it is expected instead of at any
+time. This prevents premature setting of session keys before the master
+secret is determined which an attacker could use as a MITM attack.
+
+Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for reporting this issue
+and providing the initial fix this patch is based on.
+
+
+Patch borrowed from Fedora
+Upstream-Status: Backport
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+
+diff -up openssl-1.0.1e/ssl/ssl3.h.keying-mitm openssl-1.0.1e/ssl/ssl3.h
+--- openssl-1.0.1e/ssl/ssl3.h.keying-mitm	2014-06-02 19:48:04.518100562 +0200
++++ openssl-1.0.1e/ssl/ssl3.h	2014-06-02 19:48:04.642103429 +0200
+@@ -388,6 +388,7 @@ typedef struct ssl3_buffer_st
+ #define TLS1_FLAGS_TLS_PADDING_BUG		0x0008
+ #define TLS1_FLAGS_SKIP_CERT_VERIFY		0x0010
+ #define TLS1_FLAGS_KEEP_HANDSHAKE		0x0020
++#define SSL3_FLAGS_CCS_OK			0x0080
+  
+ /* SSL3_FLAGS_SGC_RESTART_DONE is set when we
+  * restart a handshake because of MS SGC and so prevents us
+diff -up openssl-1.0.1e/ssl/s3_clnt.c.keying-mitm openssl-1.0.1e/ssl/s3_clnt.c
+--- openssl-1.0.1e/ssl/s3_clnt.c.keying-mitm	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/ssl/s3_clnt.c	2014-06-02 19:49:57.042701985 +0200
+@@ -559,6 +559,7 @@ int ssl3_connect(SSL *s)
+ 		case SSL3_ST_CR_FINISHED_A:
+ 		case SSL3_ST_CR_FINISHED_B:
+ 
++			s->s3->flags |= SSL3_FLAGS_CCS_OK;
+ 			ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
+ 				SSL3_ST_CR_FINISHED_B);
+ 			if (ret <= 0) goto end;
+@@ -916,6 +917,7 @@ int ssl3_get_server_hello(SSL *s)
+ 		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
+ 		goto f_err;
+ 		}
++	    s->s3->flags |= SSL3_FLAGS_CCS_OK;
+ 	    s->hit=1;
+ 	    }
+ 	else	/* a miss or crap from the other end */
+diff -up openssl-1.0.1e/ssl/s3_pkt.c.keying-mitm openssl-1.0.1e/ssl/s3_pkt.c
+--- openssl-1.0.1e/ssl/s3_pkt.c.keying-mitm	2014-06-02 19:48:04.640103383 +0200
++++ openssl-1.0.1e/ssl/s3_pkt.c	2014-06-02 19:48:04.643103452 +0200
+@@ -1298,6 +1298,15 @@ start:
+ 			goto f_err;
+ 			}
+ 
++		if (!(s->s3->flags & SSL3_FLAGS_CCS_OK))
++			{
++			al=SSL_AD_UNEXPECTED_MESSAGE;
++			SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY);
++			goto f_err;
++			}
++
++		s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
++
+ 		rr->length=0;
+ 
+ 		if (s->msg_callback)
+@@ -1432,7 +1441,7 @@ int ssl3_do_change_cipher_spec(SSL *s)
+ 
+ 	if (s->s3->tmp.key_block == NULL)
+ 		{
+-		if (s->session == NULL) 
++		if (s->session == NULL || s->session->master_key_length == 0)
+ 			{
+ 			/* might happen if dtls1_read_bytes() calls this */
+ 			SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);
+diff -up openssl-1.0.1e/ssl/s3_srvr.c.keying-mitm openssl-1.0.1e/ssl/s3_srvr.c
+--- openssl-1.0.1e/ssl/s3_srvr.c.keying-mitm	2014-06-02 19:48:04.630103151 +0200
++++ openssl-1.0.1e/ssl/s3_srvr.c	2014-06-02 19:48:04.643103452 +0200
+@@ -673,6 +673,7 @@ int ssl3_accept(SSL *s)
+ 		case SSL3_ST_SR_CERT_VRFY_A:
+ 		case SSL3_ST_SR_CERT_VRFY_B:
+ 
++			s->s3->flags |= SSL3_FLAGS_CCS_OK;
+ 			/* we should decide if we expected this one */
+ 			ret=ssl3_get_cert_verify(s);
+ 			if (ret <= 0) goto end;
+@@ -700,6 +701,7 @@ int ssl3_accept(SSL *s)
+ 
+ 		case SSL3_ST_SR_FINISHED_A:
+ 		case SSL3_ST_SR_FINISHED_B:
++			s->s3->flags |= SSL3_FLAGS_CCS_OK;
+ 			ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
+ 				SSL3_ST_SR_FINISHED_B);
+ 			if (ret <= 0) goto end;
+@@ -770,7 +772,10 @@ int ssl3_accept(SSL *s)
+ 				s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
+ #else
+ 				if (s->s3->next_proto_neg_seen)
++					{
++					s->s3->flags |= SSL3_FLAGS_CCS_OK;
+ 					s->s3->tmp.next_state=SSL3_ST_SR_NEXT_PROTO_A;
++					}
+ 				else
+ 					s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
+ #endif

meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-3470.patch

@@ -0,0 +1,31 @@
+commit 4ad43d511f6cf064c66eb4bfd0fb0919b5dd8a86
+Author: Dr. Stephen Henson <steve@openssl.org>
+Date:   Thu May 29 15:00:05 2014 +0100
+
+    Fix CVE-2014-3470
+    
+    Check session_cert is not NULL before dereferencing it.
+
+Patch borrowed from Fedora
+Upstream-Status: Backport
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+
+diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
+index d35376d..4324f8d 100644
+--- a/ssl/s3_clnt.c
++++ b/ssl/s3_clnt.c
+@@ -2511,6 +2511,13 @@ int ssl3_send_client_key_exchange(SSL *s)
+ 			int ecdh_clnt_cert = 0;
+ 			int field_size = 0;
+ 
++			if (s->session->sess_cert == NULL) 
++				{
++				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
++				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
++				goto err;
++				}
++
+ 			/* Did we send out the client's
+ 			 * ECDH share for use in premaster
+ 			 * computation as part of client certificate?

meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-CVE-2010-5298.patch

@@ -0,0 +1,24 @@
+openssl fix for CVE-2010-5298
+
+Upstream-Status: Backport
+
+Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL
+through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote
+attackers to inject data across sessions or cause a denial of service
+(use-after-free and parsing error) via an SSL connection in a
+multithreaded environment.
+
+http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298
+
+Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
+--- a/ssl/s3_pkt.c
++++ b/ssl/s3_pkt.c
+@@ -1013,7 +1013,7 @@ start:
+ 				{
+ 				s->rstate=SSL_ST_READ_HEADER;
+ 				rr->off=0;
+-				if (s->mode & SSL_MODE_RELEASE_BUFFERS)
++				if (s->mode & SSL_MODE_RELEASE_BUFFERS && s->s3->rbuf.left == 0)
+ 					ssl3_release_read_buffer(s);
+ 				}
+ 			}

meta/recipes-connectivity/openssl/openssl_1.0.1e.bb

@@ -6,7 +6,7 @@ DEPENDS += "ocf-linux"
 
 CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
 
-PR = "${INC_PR}.0"
+PR = "${INC_PR}.2"
 
 LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8"
 
@@ -32,6 +32,16 @@ SRC_URI += "file://configure-targets.patch \
             file://openssl-fix-doc.patch \
             file://fix-cipher-des-ede3-cfb1.patch \
             file://find.pl \
+            file://0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch \
+            file://0001-Fix-DTLS-retransmission-from-previous-session.patch \
+            file://0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch \
+            file://CVE-2014-0160.patch \
+            file://openssl-1.0.1e-cve-2014-0195.patch \
+            file://openssl-1.0.1e-cve-2014-0198.patch \
+            file://openssl-1.0.1e-cve-2014-0221.patch \
+            file://openssl-1.0.1e-cve-2014-0224.patch \
+            file://openssl-1.0.1e-cve-2014-3470.patch \
+            file://openssl-CVE-2010-5298.patch \
            "
 
 SRC_URI[md5sum] = "66bf6f10f060d561929de96f9dfe5b8c"

meta/recipes-core/busybox/busybox-1.20.2/defconfig

@@ -457,8 +457,8 @@ CONFIG_USE_BB_CRYPT=y
 # CONFIG_ADDUSER is not set
 # CONFIG_FEATURE_ADDUSER_LONG_OPTIONS is not set
 # CONFIG_FEATURE_CHECK_NAMES is not set
-CONFIG_FIRST_SYSTEM_ID=0
-CONFIG_LAST_SYSTEM_ID=0
+CONFIG_FIRST_SYSTEM_ID=100
+CONFIG_LAST_SYSTEM_ID=999
 # CONFIG_ADDGROUP is not set
 # CONFIG_FEATURE_ADDGROUP_LONG_OPTIONS is not set
 # CONFIG_FEATURE_ADDUSER_TO_GROUP is not set

meta/recipes-core/dropbear/dropbear.inc

@@ -41,6 +41,7 @@ BINCOMMANDS = "dbclient ssh scp"
 EXTRA_OEMAKE = 'MULTI=1 SCPPROGRESS=1 PROGRAMS="${SBINCOMMANDS} ${BINCOMMANDS}"'
 EXTRA_OECONF += "\
  ${@base_contains('DISTRO_FEATURES', 'pam', '--enable-pam', '--disable-pam', d)}"
+CFLAGS += "-DSFTPSERVER_PATH=\\"${libdir}/openssh/sftp-server\\""
 
 do_install() {
 	install -d ${D}${sysconfdir} \

meta/recipes-core/eglibc/eglibc-2.17/make-4.patch

@@ -0,0 +1,31 @@
+Accept make versions 4.0 and greater
+
+Backport of glibc 28d708c44bc47b56f6551ff285f78edcf61c208a.
+
+Upstream-Status: Backport
+Signed-off-by: Jonathan Liu <net147@gmail.com>
+
+diff -Nur libc.orig/configure libc/configure
+--- libc.orig/configure	2012-12-03 08:11:45.000000000 +1100
++++ libc/configure	2013-11-04 17:15:31.344984184 +1100
+@@ -4995,7 +4995,7 @@
+   ac_prog_version=`$MAKE --version 2>&1 | sed -n 's/^.*GNU Make[^0-9]*\([0-9][0-9.]*\).*$/\1/p'`
+   case $ac_prog_version in
+     '') ac_prog_version="v. ?.??, bad"; ac_verc_fail=yes;;
+-    3.79* | 3.[89]*)
++    3.79* | 3.[89]* | [4-9].* | [1-9][0-9]*)
+        ac_prog_version="$ac_prog_version, ok"; ac_verc_fail=no;;
+     *) ac_prog_version="$ac_prog_version, bad"; ac_verc_fail=yes;;
+ 
+diff -Nur libc.orig/configure.in libc/configure.in
+--- libc.orig/configure.in	2012-12-03 08:11:45.000000000 +1100
++++ libc/configure.in	2013-11-04 17:15:31.351650849 +1100
+@@ -958,7 +958,7 @@
+   critic_missing="$critic_missing gcc")
+ AC_CHECK_PROG_VER(MAKE, gnumake gmake make, --version,
+   [GNU Make[^0-9]*\([0-9][0-9.]*\)],
+-  [3.79* | 3.[89]*], critic_missing="$critic_missing make")
++  [3.79* | 3.[89]* | [4-9].* | [1-9][0-9]*], critic_missing="$critic_missing make")
+ 
+ AC_CHECK_PROG_VER(MSGFMT, gnumsgfmt gmsgfmt msgfmt, --version,
+   [GNU gettext.* \([0-9]*\.[0-9.]*\)],

meta/recipes-core/eglibc/eglibc_2.17.bb

@@ -28,6 +28,7 @@ SRC_URI = "http://downloads.yoctoproject.org/releases/eglibc/eglibc-${PV}-svnr22
            file://tzselect-awk.patch \
            file://0001-eglibc-run-libm-err-tab.pl-with-specific-dirs-in-S.patch \
            file://fix-tibetian-locales.patch \
+           file://make-4.patch \
            ${BACKPORTS} \
           "
 BACKPORTS = "\

meta/recipes-core/images/build-appliance-image.bb

@@ -19,7 +19,7 @@ IMAGE_FSTYPES = "vmdk"
 
 inherit core-image
 
-SRCREV ?= "beda5013e46da16a3d76f095869a5a5c5b1bc08a"
+SRCREV ?= "5b12a3441b859b3b12bb1e7b61acf97a1cfa8c08"
 SRC_URI = "git://git.yoctoproject.org/poky;protocol=git \
            file://Yocto_Build_Appliance.vmx \
            file://Yocto_Build_Appliance.vmxf \

meta/recipes-core/initrdscripts/files/init-install-efi.sh

@@ -58,6 +58,7 @@ echo "Installing image on /dev/${device}"
 #
 # The udev automounter can cause pain here, kill it
 #
+rm -f /etc/udev/rules.d/automount.rules
 rm -f /etc/udev/scripts/mount*
 
 #

meta/recipes-core/libxml/libxml2/libxml2-CVE-2012-2871.patch

@@ -1,34 +0,0 @@
-libxml2 CVE-2012-2871
-
-the patch come from:
-http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src \
-/include/libxml/tree.h?r1=56276&r2=149930
-
-libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89,
-does not properly support a cast of an unspecified variable during handling
-of XSL transforms, which allows remote attackers to cause a denial of service
-or possibly have unknown other impact via a crafted document, related to the
-_xmlNs data structure in include/libxml/tree.h.
-
-http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2871
-
-Signed-off-by: Li Wang <li.wang@windriver.com>
----
- include/libxml/tree.h |    1 +
- 1 files changed, 1 insertions(+), 0 deletions(-)
-
-diff --git a/include/libxml/tree.h b/include/libxml/tree.h
-index b733589..5422dda 100644
---- a/include/libxml/tree.h
-+++ b/include/libxml/tree.h
-@@ -351,6 +351,7 @@ struct _xmlNs {
-     struct _xmlNs  *next;	/* next Ns link for this node  */
-     xmlNsType      type;	/* global or local */
-     const xmlChar *href;	/* URL for the namespace */
-+    const char *dummy_children;	/* lines up with node->children */
-     const xmlChar *prefix;	/* prefix for the namespace */
-     void           *_private;   /* application data */
-     struct _xmlDoc *context;		/* normally an xmlDoc */
--- 
-1.7.0.5
-

meta/recipes-core/libxml/libxml2_2.9.0.bb

@@ -5,5 +5,3 @@ PR = "${INC_PR}.1"
 SRC_URI[md5sum] = "5b9bebf4f5d2200ae2c4efe8fa6103f7"
 SRC_URI[sha256sum] = "ad25d91958b7212abdc12b9611cfb4dc4e5cddb6d1e9891532f48aacee422b82"
 
-SRC_URI += "file://libxml2-CVE-2012-2871.patch \
-	   "

meta/recipes-core/ncurses/ncurses.inc

@@ -42,6 +42,8 @@ EXCONFIG_ARGS_virtclass-nativesdk = " \
 		--with-chtype='long' \
 		--with-mmask-t='long'"
 
+PACKAGES_DYNAMIC = "^${PN}-lib.*"
+
 # Fall back to the host termcap / terminfo for -nativesdk and -native
 # The reality is a work around for strange problems with things like
 # "bitbake -c menuconfig busybox" where it cannot find the terminfo

meta/recipes-core/packagegroups/packagegroup-self-hosted.bb

@@ -130,6 +130,7 @@ RDEPENDS_packagegroup-self-hosted-extended = "\
     minicom \
     mtools \
     ncurses \
+    ncurses-terminfo-base \
     neon \
     nfs-utils \
     nfs-utils-client \
@@ -150,17 +151,21 @@ RDEPENDS_packagegroup-self-hosted-extended = "\
     python-core \
     python-curses \
     python-datetime \
+    python-difflib \
     python-distutils \
     python-elementtree \
     python-email \
     python-fcntl \
+    python-json \
     python-logging \
     python-misc \
+    python-mmap \
     python-multiprocessing \
     python-netclient \
     python-netserver \
     python-pickle \
     python-pkgutil \
+    python-pprint \
     python-re \
     python-rpm \
     python-shell \

meta/recipes-core/sysvinit/sysvinit-inittab_2.88dsf.bb

@@ -21,14 +21,12 @@ do_install() {
         echo "S:2345:respawn:${base_sbindir}/getty ${SERIAL_CONSOLE}" >> ${D}${sysconfdir}/inittab
     fi
 
-    idx=0
     tmp="${SERIAL_CONSOLES}"
     for i in $tmp
     do
 	j=`echo ${i} | sed s/\;/\ /g`
-	echo "${idx}:12345:respawn:${base_sbindir}/getty ${j}" >> ${D}${sysconfdir}/inittab
-
-	idx=`expr $idx + 1`
+	label=`echo ${i} | sed -e 's/^.*;tty//'`
+	echo "$label:12345:respawn:${base_sbindir}/getty ${j}" >> ${D}${sysconfdir}/inittab
     done
 
     if [ "${USE_VT}" = "1" ]; then

meta/recipes-devtools/binutils/binutils-2.23.1.inc

@@ -29,6 +29,9 @@ SRC_URI = "\
      file://mips64-default-ld-emulation.patch \
      ${BACKPORT} \
      file://binutils-fix-over-array-bounds-issue.patch \
+     file://replace_macros_with_static_inline.patch \
+     file://0001-Fix-MMIX-build-breakage-from-bfd_set_section_vma-cha.patch \
+     file://0001-write.c-chain_frchains_together_1-Reorder-assertion-.patch \
      "
 
 BACKPORT = "\

meta/recipes-devtools/binutils/binutils/0001-Fix-MMIX-build-breakage-from-bfd_set_section_vma-cha.patch

@@ -0,0 +1,31 @@
+Upstream-Status: Backport
+
+From 0a09fb4a09e80c36fa3ef763ae276fd13d272a36 Mon Sep 17 00:00:00 2001
+From: Hans-Peter Nilsson <hp@bitrange.com>
+Date: Sat, 1 Feb 2014 01:11:28 +0100
+Subject: [PATCH] Fix MMIX build breakage from bfd_set_section_vma change.
+
+	* emultempl/mmix-elfnmmo.em (mmix_after_allocation): Fix typo in
+	call to bfd_set_section_vma exposed by recent bfd_set_section_vma
+	change.
+---
+ ld/ChangeLog                 |    6 ++++++
+ ld/emultempl/mmix-elfnmmo.em |    2 +-
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/ld/emultempl/mmix-elfnmmo.em b/ld/emultempl/mmix-elfnmmo.em
+index 0059792..5e9781a 100644
+--- a/ld/emultempl/mmix-elfnmmo.em
++++ b/ld/emultempl/mmix-elfnmmo.em
+@@ -102,7 +102,7 @@ mmix_after_allocation (void)
+      This section is only present when there are register symbols.  */
+   sec = bfd_get_section_by_name (link_info.output_bfd, MMIX_REG_SECTION_NAME);
+   if (sec != NULL)
+-    bfd_set_section_vma (abfd, sec, 0);
++    bfd_set_section_vma (sec->owner, sec, 0);
+ 
+   if (!_bfd_mmix_after_linker_allocation (link_info.output_bfd, &link_info))
+     {
+-- 
+1.7.10.4
+

meta/recipes-devtools/binutils/binutils/0001-write.c-chain_frchains_together_1-Reorder-assertion-.patch

@@ -0,0 +1,30 @@
+From c50d883cb61ff9917464cb695a0fd83fdb0f9c20 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@bigpond.net.au>
+Date: Mon, 21 Jan 2013 13:48:31 +0000
+Subject: [PATCH] write.c (chain_frchains_together_1): Reorder assertion to
+ avoid uninit warning.
+
+Upstream-Status: Backport from 2.23.2
+Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
+---
+ gas/write.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/gas/write.c b/gas/write.c
+index a467147..56ebb6c 100644
+--- a/gas/write.c
++++ b/gas/write.c
+@@ -406,8 +406,8 @@ chain_frchains_together_1 (segT section, struct frchain *frchp)
+ 	  prev_fix = frchp->fix_tail;
+ 	}
+     }
+-  gas_assert (prev_frag->fr_type != 0);
+-  gas_assert (prev_frag != &dummy);
++  gas_assert (prev_frag != &dummy
++	      && prev_frag->fr_type != 0);
+   prev_frag->fr_next = 0;
+   return prev_frag;
+ }
+-- 
+2.3.5
+

meta/recipes-devtools/binutils/binutils/replace_macros_with_static_inline.patch

@@ -0,0 +1,188 @@
+Upstream-Status: Backport
+
+From 27b829ee701e29804216b3803fbaeb629be27491 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 29 Jan 2014 13:46:39 +0000
+Subject: [PATCH 1/1] Following up on Tom's suggestion I am checking in a patch to replace the various
+ bfd_xxx_set macros with static inline functions, so that we can avoid compile time
+ warnings about comma expressions with unused values.
+
+	* bfd-in.h (bfd_set_section_vma): Delete.
+	(bfd_set_section_alignment): Delete.
+	(bfd_set_section_userdata): Delete.
+	(bfd_set_cacheable): Delete.
+	* bfd.c (bfd_set_cacheable): New static inline function.
+	* section.c (bfd_set_section_userdata): Likewise.
+	(bfd_set_section_vma): Likewise.
+	(bfd_set_section_alignment): Likewise.
+	* bfd-in2.h: Regenerate.
+---
+ bfd/ChangeLog |   12 ++++++++++++
+ bfd/bfd-in.h  |    5 -----
+ bfd/bfd-in2.h |   41 +++++++++++++++++++++++++++++++++++------
+ bfd/bfd.c     |    8 ++++++++
+ bfd/section.c |   26 ++++++++++++++++++++++++++
+ 5 files changed, 81 insertions(+), 11 deletions(-)
+
+diff --git a/bfd/bfd-in.h b/bfd/bfd-in.h
+index 3afd71b..c7c5a7d 100644
+--- a/bfd/bfd-in.h
++++ b/bfd/bfd-in.h
+@@ -292,9 +292,6 @@ typedef struct bfd_section *sec_ptr;
+ 
+ #define bfd_is_com_section(ptr) (((ptr)->flags & SEC_IS_COMMON) != 0)
+ 
+-#define bfd_set_section_vma(bfd, ptr, val) (((ptr)->vma = (ptr)->lma = (val)), ((ptr)->user_set_vma = TRUE), TRUE)
+-#define bfd_set_section_alignment(bfd, ptr, val) (((ptr)->alignment_power = (val)),TRUE)
+-#define bfd_set_section_userdata(bfd, ptr, val) (((ptr)->userdata = (val)),TRUE)
+ /* Find the address one past the end of SEC.  */
+ #define bfd_get_section_limit(bfd, sec) \
+   (((bfd)->direction != write_direction && (sec)->rawsize != 0	\
+@@ -517,8 +514,6 @@ extern void warn_deprecated (const char *, const char *, int, const char *);
+ 
+ #define bfd_get_symbol_leading_char(abfd) ((abfd)->xvec->symbol_leading_char)
+ 
+-#define bfd_set_cacheable(abfd,bool) (((abfd)->cacheable = bool), TRUE)
+-
+ extern bfd_boolean bfd_cache_close
+   (bfd *abfd);
+ /* NB: This declaration should match the autogenerated one in libbfd.h.  */
+diff --git a/bfd/bfd-in2.h b/bfd/bfd-in2.h
+index 71996db..b5aeb40 100644
+--- a/bfd/bfd-in2.h
++++ b/bfd/bfd-in2.h
+@@ -299,9 +299,6 @@ typedef struct bfd_section *sec_ptr;
+ 
+ #define bfd_is_com_section(ptr) (((ptr)->flags & SEC_IS_COMMON) != 0)
+ 
+-#define bfd_set_section_vma(bfd, ptr, val) (((ptr)->vma = (ptr)->lma = (val)), ((ptr)->user_set_vma = TRUE), TRUE)
+-#define bfd_set_section_alignment(bfd, ptr, val) (((ptr)->alignment_power = (val)),TRUE)
+-#define bfd_set_section_userdata(bfd, ptr, val) (((ptr)->userdata = (val)),TRUE)
+ /* Find the address one past the end of SEC.  */
+ #define bfd_get_section_limit(bfd, sec) \
+   (((bfd)->direction != write_direction && (sec)->rawsize != 0	\
+@@ -524,8 +521,6 @@ extern void warn_deprecated (const char *, const char *, int, const char *);
+ 
+ #define bfd_get_symbol_leading_char(abfd) ((abfd)->xvec->symbol_leading_char)
+ 
+-#define bfd_set_cacheable(abfd,bool) (((abfd)->cacheable = bool), TRUE)
+-
+ extern bfd_boolean bfd_cache_close
+   (bfd *abfd);
+ /* NB: This declaration should match the autogenerated one in libbfd.h.  */
+@@ -1029,7 +1024,7 @@ bfd *bfd_openr (const char *filename, const char *target);
+ 
+ bfd *bfd_fdopenr (const char *filename, const char *target, int fd);
+ 
+-bfd *bfd_openstreamr (const char *, const char *, void *);
++bfd *bfd_openstreamr (const char * filename, const char * target, void * stream);
+ 
+ bfd *bfd_openr_iovec (const char *filename, const char *target,
+     void *(*open_func) (struct bfd *nbfd,
+@@ -1596,6 +1591,32 @@ struct relax_table {
+   int size;
+ };
+ 
++/* Note: the following are provided as inline functions rather than macros
++   because not all callers use the return value.  A macro implementation
++   would use a comma expression, eg: "((ptr)->foo = val, TRUE)" and some
++   compilers will complain about comma expressions that have no effect.  */
++static inline bfd_boolean
++bfd_set_section_userdata (bfd * abfd ATTRIBUTE_UNUSED, asection * ptr, void * val)
++{
++  ptr->userdata = val;
++  return TRUE;
++}
++
++static inline bfd_boolean
++bfd_set_section_vma (bfd * abfd ATTRIBUTE_UNUSED, asection * ptr, bfd_vma val)
++{
++  ptr->vma = ptr->lma = val;
++  ptr->user_set_vma = TRUE;
++  return TRUE;
++}
++
++static inline bfd_boolean
++bfd_set_section_alignment (bfd * abfd ATTRIBUTE_UNUSED, asection * ptr, unsigned int val)
++{
++  ptr->alignment_power = val;
++  return TRUE;
++}
++
+ /* These sections are global, and are managed by BFD.  The application
+    and target back end are not permitted to change the values in
+    these sections.  */
+@@ -6415,6 +6436,14 @@ struct bfd
+   unsigned int selective_search : 1;
+ };
+ 
++/* See note beside bfd_set_section_userdata.  */
++static inline bfd_boolean
++bfd_set_cacheable (bfd * abfd, bfd_boolean val)
++{
++  abfd->cacheable = val;
++  return TRUE;
++}
++
+ typedef enum bfd_error
+ {
+   bfd_error_no_error = 0,
+diff --git a/bfd/bfd.c b/bfd/bfd.c
+index 8d0580c..2d174f3 100644
+--- a/bfd/bfd.c
++++ b/bfd/bfd.c
+@@ -311,6 +311,14 @@ CODE_FRAGMENT
+ .  unsigned int selective_search : 1;
+ .};
+ .
++.{* See note beside bfd_set_section_userdata.  *}
++.static inline bfd_boolean
++.bfd_set_cacheable (bfd * abfd, bfd_boolean val)
++.{
++.  abfd->cacheable = val;
++.  return TRUE;
++.}
++.
+ */
+ 
+ #include "sysdep.h"
+diff --git a/bfd/section.c b/bfd/section.c
+index fb19d8c..a661228 100644
+--- a/bfd/section.c
++++ b/bfd/section.c
+@@ -542,6 +542,32 @@ CODE_FRAGMENT
+ .  int size;
+ .};
+ .
++.{* Note: the following are provided as inline functions rather than macros
++.   because not all callers use the return value.  A macro implementation
++.   would use a comma expression, eg: "((ptr)->foo = val, TRUE)" and some
++.   compilers will complain about comma expressions that have no effect.  *}
++.static inline bfd_boolean
++.bfd_set_section_userdata (bfd * abfd ATTRIBUTE_UNUSED, asection * ptr, void * val)
++.{
++.  ptr->userdata = val;
++.  return TRUE;
++.}
++.
++.static inline bfd_boolean
++.bfd_set_section_vma (bfd * abfd ATTRIBUTE_UNUSED, asection * ptr, bfd_vma val)
++.{
++.  ptr->vma = ptr->lma = val;
++.  ptr->user_set_vma = TRUE;
++.  return TRUE;
++.}
++.
++.static inline bfd_boolean
++.bfd_set_section_alignment (bfd * abfd ATTRIBUTE_UNUSED, asection * ptr, unsigned int val)
++.{
++.  ptr->alignment_power = val;
++.  return TRUE;
++.}
++.
+ .{* These sections are global, and are managed by BFD.  The application
+ .   and target back end are not permitted to change the values in
+ .   these sections.  *}
+-- 
+1.7.1
+

meta/recipes-devtools/elfutils/elfutils/fix-build-gcc-4.8.patch

@@ -0,0 +1,57 @@
+This patch fixes a warning seen with gcc 4.8 (especially on ubuntu 13.10)
+
+| addr2line.c: In function 'handle_address':
+| addr2line.c:450:7: error: format '%a' expects argument of type 'float *', but argument 3 has type 'char **' [-Werror=format=]
+|        if (sscanf (string, "(%a[^)])%" PRIiMAX "%n", &name, &addr, &i) == 2
+|        ^
+| addr2line.c:453:7: error: format '%a' expects argument of type 'float *', but argument 3 has type 'char **' [-Werror=format=]
+|        switch (sscanf (string, "%a[^-+]%n%" PRIiMAX "%n", &name, &i, &addr, &j))
+|        ^
+| cc1: all warnings being treated as errors
+
+
+%a is old GNU style and should be abandoned in favor of %m
+
+Also see
+
+http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54361
+
+to support this assertion
+
+This patch is added via redhat-compatibility patch so lets revert this part
+here.
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+Upstream-Status: Inappropriate [Caused by an earlier patch]
+
+Index: elfutils-0.148/src/addr2line.c
+===================================================================
+--- elfutils-0.148.orig/src/addr2line.c	2013-09-23 17:46:45.513586538 -0700
++++ elfutils-0.148/src/addr2line.c	2013-09-23 17:46:46.329586558 -0700
+@@ -447,10 +447,10 @@
+       bool parsed = false;
+       int i, j;
+       char *name = NULL;
+-      if (sscanf (string, "(%a[^)])%" PRIiMAX "%n", &name, &addr, &i) == 2
++      if (sscanf (string, "(%m[^)])%" PRIiMAX "%n", &name, &addr, &i) == 2
+ 	  && string[i] == '\0')
+ 	parsed = adjust_to_section (name, &addr, dwfl);
+-      switch (sscanf (string, "%a[^-+]%n%" PRIiMAX "%n", &name, &i, &addr, &j))
++      switch (sscanf (string, "%m[^-+]%n%" PRIiMAX "%n", &name, &i, &addr, &j))
+ 	{
+ 	default:
+ 	  break;
+Index: elfutils-0.148/tests/line2addr.c
+===================================================================
+--- elfutils-0.148.orig/tests/line2addr.c	2013-09-23 17:46:45.521586538 -0700
++++ elfutils-0.148/tests/line2addr.c	2013-09-23 17:46:46.329586558 -0700
+@@ -132,7 +132,7 @@
+     {
+       struct args a = { .arg = argv[cnt] };
+ 
+-      switch (sscanf (a.arg, "%a[^:]:%d", &a.file, &a.line))
++      switch (sscanf (a.arg, "%m[^:]:%d", &a.file, &a.line))
+ 	{
+ 	default:
+ 	case 0:

meta/recipes-devtools/elfutils/elfutils_0.148.bb

@@ -33,6 +33,7 @@ SRC_URI += "\
 	file://dso-link-change.patch \
 	file://nm-Fix-size-passed-to-snprintf-for-invalid-sh_name-case.patch \
 	file://elfutils-ar-c-fix-num-passed-to-memset.patch \
+	file://fix-build-gcc-4.8.patch \
 "
 # Only apply when building uclibc based target recipe
 SRC_URI_append_libc-uclibc = " file://uclibc-support.patch"

meta/recipes-devtools/guile/files/0001-doc-Fix-build-with-Texinfo-5.0.patch

@@ -0,0 +1,71 @@
+From 183d2ace576710079a2bcf2a8bfcbc39b7d9becc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
+Date: Fri, 1 Mar 2013 17:49:24 +0100
+Subject: [PATCH] doc: Fix build with Texinfo 5.0.
+
+* doc/ref/api-control.texi (Handling Errors): Move misplaced description
+  for `scm_memory_error' & co.
+* doc/ref/r6rs.texi (rnrs base): Change `deffnx' of `let-syntax' and
+  `letrec-syntax' to fit on one line.
+
+Upstream-Status: Backport [in 2.0.9 release]
+
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+---
+ doc/ref/api-control.texi | 6 +++---
+ doc/ref/r6rs.texi        | 8 +++-----
+ 2 files changed, 6 insertions(+), 8 deletions(-)
+
+diff --git a/doc/ref/api-control.texi b/doc/ref/api-control.texi
+index 95c4925..ea943d3 100644
+--- a/doc/ref/api-control.texi
++++ b/doc/ref/api-control.texi
+@@ -1,7 +1,7 @@
+ @c -*-texinfo-*-
+ @c This is part of the GNU Guile Reference Manual.
+-@c Copyright (C)  1996, 1997, 2000, 2001, 2002, 2003, 2004, 2009, 2010, 2011, 2012
+-@c   Free Software Foundation, Inc.
++@c Copyright (C)  1996, 1997, 2000, 2001, 2002, 2003, 2004, 2009, 2010,
++@c   2011, 2012, 2013 Free Software Foundation, Inc.
+ @c See the file guile.texi for copying conditions.
+ 
+ @node Control Mechanisms
+@@ -1732,8 +1732,8 @@ and the call to these routines doesn't change @code{errno}.
+ @deftypefnx {C Function} void scm_wrong_type_arg (char *@var{subr}, int @var{argnum}, SCM @var{bad_value})
+ @deftypefnx {C Function} void scm_wrong_type_arg_msg (char *@var{subr}, int @var{argnum}, SCM @var{bad_value}, const char *@var{expected})
+ @deftypefnx {C Function} void scm_memory_error (char *@var{subr})
+-Throw an error with the various keys described above.
+ @deftypefnx {C Function} void scm_misc_error (const char *@var{subr}, const char *@var{message}, SCM @var{args})
++Throw an error with the various keys described above.
+ 
+ In @code{scm_wrong_num_args}, @var{proc} should be a Scheme symbol
+ which is the name of the procedure incorrectly invoked.  The other
+diff --git a/doc/ref/r6rs.texi b/doc/ref/r6rs.texi
+index 2028ada..13f9e20 100644
+--- a/doc/ref/r6rs.texi
++++ b/doc/ref/r6rs.texi
+@@ -1,6 +1,6 @@
+ @c -*-texinfo-*-
+ @c This is part of the GNU Guile Reference Manual.
+-@c Copyright (C)  2010, 2011, 2012
++@c Copyright (C)  2010, 2011, 2012, 2013
+ @c   Free Software Foundation, Inc.
+ @c See the file guile.texi for copying conditions.
+ 
+@@ -273,10 +273,8 @@ grouped below by the existing manual sections to which they correspond.
+ @end deffn
+ 
+ @deffn {Scheme Syntax} define-syntax keyword expression
+-@deffnx {Scheme Syntax} let-syntax ((keyword transformer) @dots{})
+-                        exp1 exp2 @dots{}
+-@deffnx {Scheme Syntax} letrec-syntax ((keyword transformer) @dots{})
+-                        exp1 exp2 @dots{}
++@deffnx {Scheme Syntax} let-syntax ((keyword transformer) @dots{}) exp1 exp2 @dots{}
++@deffnx {Scheme Syntax} letrec-syntax ((keyword transformer) @dots{}) exp1 exp2 @dots{}
+ @xref{Defining Macros}, for documentation.
+ @end deffn
+ 
+-- 
+1.8.4.2
+

meta/recipes-devtools/guile/guile_2.0.7.bb

@@ -20,6 +20,7 @@ SRC_URI = "${GNU_MIRROR}/guile/guile-${PV}.tar.xz \
            file://guile_2.0.6_fix_sed_error.patch \
            file://arm_endianness.patch \
            file://fix_parallel_build_issue.patch \
+           file://0001-doc-Fix-build-with-Texinfo-5.0.patch \
            "
 
 #           file://debian/0001-Change-guile-to-guile-X.Y-for-info-pages.patch
@@ -35,7 +36,7 @@ BBCLASSEXTEND = "native"
 
 DEPENDS = "libunistring bdwgc gmp libtool libffi"
 # add guile-native only to the target recipe's DEPENDS
-DEPENDS += "${@['guile-native libatomics-ops', ''][d.getVar('PN', True) != 'guile']}"
+DEPENDS_append_class-target = " guile-native libatomics-ops"
 
 RDEPENDS_${PN}_append_libc-glibc_class-target = "glibc-gconv-iso8859-1"
 

meta/recipes-devtools/perl/perl-5.14.3/0001-Fix-misparsing-of-maketext-strings.patch

@@ -0,0 +1,86 @@
+From 1735f6f53ca19f99c6e9e39496c486af323ba6a8 Mon Sep 17 00:00:00 2001
+From: Brian Carlson <brian.carlson@cpanel.net>
+Date: Wed, 28 Nov 2012 08:54:33 -0500
+Subject: [PATCH] Fix misparsing of maketext strings.
+
+Case 61251: This commit fixes a misparse of maketext strings that could
+lead to arbitrary code execution.  Basically, maketext was compiling
+bracket notation into functions, but neglected to escape backslashes
+inside the content or die on fully-qualified method names when
+generating the code.  This change escapes all such backslashes and dies
+when a method name with a colon or apostrophe is specified.
+---
+ AUTHORS                                     |  1 +
+ dist/Locale-Maketext/lib/Locale/Maketext.pm | 24 ++++++++----------------
+ 2 files changed, 9 insertions(+), 16 deletions(-)
+
+Upstream-Status: Backport
+
+Signed-off-by: Saul Wold <sgw@linux.intel.com>
+
+
+diff --git a/AUTHORS b/AUTHORS
+index 70734b0..009dea0 100644
+--- a/AUTHORS
++++ b/AUTHORS
+@@ -154,6 +154,7 @@ Breno G. de Oliveira		<garu@cpan.org>
+ Brent Dax			<brentdax@cpan.org>
+ Brooks D Boyd
+ Brian Callaghan			<callagh@itginc.com>
++Brian Carlson			<brian.carlson@cpanel.net>
+ Brian Clarke			<clarke@appliedmeta.com>
+ brian d foy			<brian.d.foy@gmail.com>
+ Brian Fraser			<fraserbn@gmail.com>
+diff --git a/dist/Locale-Maketext/lib/Locale/Maketext.pm b/dist/Locale-Maketext/lib/Locale/Maketext.pm
+index 4822027..63e5fba 100644
+--- a/dist/Locale-Maketext/lib/Locale/Maketext.pm
++++ b/dist/Locale-Maketext/lib/Locale/Maketext.pm
+@@ -625,21 +625,9 @@ sub _compile {
+                         # 0-length method name means to just interpolate:
+                         push @code, ' (';
+                     }
+-                    elsif($m =~ /^\w+(?:\:\:\w+)*$/s
+-                            and $m !~ m/(?:^|\:)\d/s
+-                        # exclude starting a (sub)package or symbol with a digit
++                    elsif($m =~ /^\w+$/s
++                        # exclude anything fancy, especially fully-qualified module names
+                     ) {
+-                        # Yes, it even supports the demented (and undocumented?)
+-                        #  $obj->Foo::bar(...) syntax.
+-                        $target->_die_pointing(
+-                            $string_to_compile, q{Can't use "SUPER::" in a bracket-group method},
+-                            2 + length($c[-1])
+-                        )
+-                        if $m =~ m/^SUPER::/s;
+-                        # Because for SUPER:: to work, we'd have to compile this into
+-                        #  the right package, and that seems just not worth the bother,
+-                        #  unless someone convinces me otherwise.
+-
+                         push @code, ' $_[0]->' . $m . '(';
+                     }
+                     else {
+@@ -693,7 +681,9 @@ sub _compile {
+             elsif(substr($1,0,1) ne '~') {
+                 # it's stuff not containing "~" or "[" or "]"
+                 # i.e., a literal blob
+-                $c[-1] .= $1;
++                my $text = $1;
++                $text =~ s/\\/\\\\/g;
++                $c[-1] .= $text;
+ 
+             }
+             elsif($1 eq '~~') { # "~~"
+@@ -731,7 +721,9 @@ sub _compile {
+             else {
+                 # It's a "~X" where X is not a special character.
+                 # Consider it a literal ~ and X.
+-                $c[-1] .= $1;
++                my $text = $1;
++                $text =~ s/\\/\\\\/g;
++                $c[-1] .= $text;
+             }
+         }
+     }
+-- 
+1.8.3.1
+

meta/recipes-devtools/perl/perl-5.14.3/0001-Prevent-premature-hsplit-calls-and-only-trigger-REHA.patch

@@ -0,0 +1,178 @@
+From d59e31fc729d8a39a774f03bc6bc457029a7aef2 Mon Sep 17 00:00:00 2001
+From: Yves Orton <demerphq@gmail.com>
+Date: Tue, 12 Feb 2013 10:53:05 +0100
+Subject: [PATCH] Prevent premature hsplit() calls, and only trigger REHASH
+ after hsplit()
+
+Triggering a hsplit due to long chain length allows an attacker
+to create a carefully chosen set of keys which can cause the hash
+to use 2 * (2**32) * sizeof(void *) bytes ram. AKA a DOS via memory
+exhaustion. Doing so also takes non trivial time.
+
+Eliminating this check, and only inspecting chain length after a
+normal hsplit() (triggered when keys>buckets) prevents the attack
+entirely, and makes such attacks relatively benign.
+
+(cherry picked from commit f1220d61455253b170e81427c9d0357831ca0fac)
+
+Upstream-Status: Backport
+
+Signed-off-by: Saul Wold <sgw@linux.intel.com>
+
+
+---
+ ext/Hash-Util-FieldHash/t/10_hash.t | 18 ++++++++++++++++--
+ hv.c                                | 35 ++++++++---------------------------
+ t/op/hash.t                         | 20 +++++++++++++++++---
+ 3 files changed, 41 insertions(+), 32 deletions(-)
+
+diff --git a/ext/Hash-Util-FieldHash/t/10_hash.t b/ext/Hash-Util-FieldHash/t/10_hash.t
+index 2cfb4e8..d58f053 100644
+--- a/ext/Hash-Util-FieldHash/t/10_hash.t
++++ b/ext/Hash-Util-FieldHash/t/10_hash.t
+@@ -38,15 +38,29 @@ use constant START     => "a";
+ 
+ # some initial hash data
+ fieldhash my %h2;
+-%h2 = map {$_ => 1} 'a'..'cc';
++my $counter= "a";
++$h2{$counter++}++ while $counter ne 'cd';
+ 
+ ok (!Internals::HvREHASH(%h2), 
+     "starting with pre-populated non-pathological hash (rehash flag if off)");
+ 
+ my @keys = get_keys(\%h2);
++my $buckets= buckets(\%h2);
+ $h2{$_}++ for @keys;
++$h2{$counter++}++ while buckets(\%h2) == $buckets; # force a split
+ ok (Internals::HvREHASH(%h2), 
+-    scalar(@keys) . " colliding into the same bucket keys are triggering rehash");
++    scalar(@keys) . " colliding into the same bucket keys are triggering rehash after split");
++
++# returns the number of buckets in a hash
++sub buckets {
++    my $hr = shift;
++    my $keys_buckets= scalar(%$hr);
++    if ($keys_buckets=~m!/([0-9]+)\z!) {
++        return 0+$1;
++    } else {
++        return 8;
++    }
++}
+ 
+ sub get_keys {
+     my $hr = shift;
+diff --git a/hv.c b/hv.c
+index 2be1feb..abb9d76 100644
+--- a/hv.c
++++ b/hv.c
+@@ -35,7 +35,8 @@ holds the key and hash value.
+ #define PERL_HASH_INTERNAL_ACCESS
+ #include "perl.h"
+ 
+-#define HV_MAX_LENGTH_BEFORE_SPLIT 14
++#define HV_MAX_LENGTH_BEFORE_REHASH 14
++#define SHOULD_DO_HSPLIT(xhv) ((xhv)->xhv_keys > (xhv)->xhv_max) /* HvTOTALKEYS(hv) > HvMAX(hv) */
+ 
+ static const char S_strtab_error[]
+     = "Cannot modify shared string table in hv_%s";
+@@ -794,29 +795,9 @@ Perl_hv_common(pTHX_ HV *hv, SV *keysv, const char *key, STRLEN klen,
+     if (masked_flags & HVhek_ENABLEHVKFLAGS)
+ 	HvHASKFLAGS_on(hv);
+ 
+-    {
+-	const HE *counter = HeNEXT(entry);
+-
+-	xhv->xhv_keys++; /* HvTOTALKEYS(hv)++ */
+-	if (!counter) {				/* initial entry? */
+-	} else if (xhv->xhv_keys > xhv->xhv_max) {
+-		/* Use only the old HvKEYS(hv) > HvMAX(hv) condition to limit
+-		   bucket splits on a rehashed hash, as we're not going to
+-		   split it again, and if someone is lucky (evil) enough to
+-		   get all the keys in one list they could exhaust our memory
+-		   as we repeatedly double the number of buckets on every
+-		   entry. Linear search feels a less worse thing to do.  */
+-	    hsplit(hv);
+-	} else if(!HvREHASH(hv)) {
+-	    U32 n_links = 1;
+-
+-	    while ((counter = HeNEXT(counter)))
+-		n_links++;
+-
+-	    if (n_links > HV_MAX_LENGTH_BEFORE_SPLIT) {
+-		hsplit(hv);
+-	    }
+-	}
++    xhv->xhv_keys++; /* HvTOTALKEYS(hv)++ */
++    if ( SHOULD_DO_HSPLIT(xhv) ) {
++        hsplit(hv);
+     }
+ 
+     if (return_svp) {
+@@ -1192,7 +1173,7 @@ S_hsplit(pTHX_ HV *hv)
+ 
+ 
+     /* Pick your policy for "hashing isn't working" here:  */
+-    if (longest_chain <= HV_MAX_LENGTH_BEFORE_SPLIT /* split worked?  */
++    if (longest_chain <= HV_MAX_LENGTH_BEFORE_REHASH /* split worked?  */
+ 	|| HvREHASH(hv)) {
+ 	return;
+     }
+@@ -2831,8 +2812,8 @@ S_share_hek_flags(pTHX_ const char *str, I32 len, register U32 hash, int flags)
+ 
+ 	xhv->xhv_keys++; /* HvTOTALKEYS(hv)++ */
+ 	if (!next) {			/* initial entry? */
+-	} else if (xhv->xhv_keys > xhv->xhv_max /* HvKEYS(hv) > HvMAX(hv) */) {
+-		hsplit(PL_strtab);
++	} else if ( SHOULD_DO_HSPLIT(xhv) ) {
++            hsplit(PL_strtab);
+ 	}
+     }
+ 
+diff --git a/t/op/hash.t b/t/op/hash.t
+index 278bea7..201260a 100644
+--- a/t/op/hash.t
++++ b/t/op/hash.t
+@@ -39,22 +39,36 @@ use constant THRESHOLD => 14;
+ use constant START     => "a";
+ 
+ # some initial hash data
+-my %h2 = map {$_ => 1} 'a'..'cc';
++my %h2;
++my $counter= "a";
++$h2{$counter++}++ while $counter ne 'cd';
+ 
+ ok (!Internals::HvREHASH(%h2), 
+     "starting with pre-populated non-pathological hash (rehash flag if off)");
+ 
+ my @keys = get_keys(\%h2);
++my $buckets= buckets(\%h2);
+ $h2{$_}++ for @keys;
++$h2{$counter++}++ while buckets(\%h2) == $buckets; # force a split
+ ok (Internals::HvREHASH(%h2), 
+-    scalar(@keys) . " colliding into the same bucket keys are triggering rehash");
++    scalar(@keys) . " colliding into the same bucket keys are triggering rehash after split");
++
++# returns the number of buckets in a hash
++sub buckets {
++    my $hr = shift;
++    my $keys_buckets= scalar(%$hr);
++    if ($keys_buckets=~m!/([0-9]+)\z!) {
++        return 0+$1;
++    } else {
++        return 8;
++    }
++}
+ 
+ sub get_keys {
+     my $hr = shift;
+ 
+     # the minimum of bits required to mount the attack on a hash
+     my $min_bits = log(THRESHOLD)/log(2);
+-
+     # if the hash has already been populated with a significant amount
+     # of entries the number of mask bits can be higher
+     my $keys = scalar keys %$hr;
+-- 
+1.8.3.1
+

meta/recipes-devtools/perl/perl_5.14.3.bb

@@ -65,6 +65,9 @@ SRC_URI = "http://www.cpan.org/src/5.0/perl-${PV}.tar.gz \
 	file://perl-archlib-exp.patch \
 	file://dynaloaderhack.patch \
 	\
+        file://0001-Fix-misparsing-of-maketext-strings.patch \
+        file://0001-Prevent-premature-hsplit-calls-and-only-trigger-REHA.patch \
+        \
         file://config.sh \
         file://config.sh-32 \
         file://config.sh-32-le \

meta/recipes-devtools/python/python-2.7-manifest.inc

@@ -151,7 +151,7 @@ RDEPENDS_${PN}-mmap="${PN}-core ${PN}-io"
 FILES_${PN}-mmap="${libdir}/python2.7/lib-dynload/mmap.so "
 
 DESCRIPTION_${PN}-multiprocessing="Python Multiprocessing Support"
-RDEPENDS_${PN}-multiprocessing="${PN}-core ${PN}-io ${PN}-lang ${PN}-pickle ${PN}-threading"
+RDEPENDS_${PN}-multiprocessing="${PN}-core ${PN}-io ${PN}-lang ${PN}-pickle ${PN}-threading ${PN}-ctypes"
 FILES_${PN}-multiprocessing="${libdir}/python2.7/lib-dynload/_multiprocessing.so ${libdir}/python2.7/multiprocessing "
 
 DESCRIPTION_${PN}-netclient="Python Internet Protocol Clients"

meta/recipes-devtools/python/python/CVE-2013-4073_py27.patch

@@ -0,0 +1,251 @@
+Upstream-Status: Backport
+
+Signed-off-by: Saul Wold <sgw@linux.intel.com>
+
+diff -r 9ddc63c039ba Lib/test/nullbytecert.pem
+--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
++++ b/Lib/test/nullbytecert.pem	Sun Aug 11 18:13:17 2013 +0200
+@@ -0,0 +1,90 @@
++Certificate:
++    Data:
++        Version: 3 (0x2)
++        Serial Number: 0 (0x0)
++    Signature Algorithm: sha1WithRSAEncryption
++        Issuer: C=US, ST=Oregon, L=Beaverton, O=Python Software Foundation, OU=Python Core Development, CN=null.python.org\x00example.org/emailAddress=python-dev@python.org
++        Validity
++            Not Before: Aug  7 13:11:52 2013 GMT
++            Not After : Aug  7 13:12:52 2013 GMT
++        Subject: C=US, ST=Oregon, L=Beaverton, O=Python Software Foundation, OU=Python Core Development, CN=null.python.org\x00example.org/emailAddress=python-dev@python.org
++        Subject Public Key Info:
++            Public Key Algorithm: rsaEncryption
++                Public-Key: (2048 bit)
++                Modulus:
++                    00:b5:ea:ed:c9:fb:46:7d:6f:3b:76:80:dd:3a:f3:
++                    03:94:0b:a7:a6:db:ec:1d:df:ff:23:74:08:9d:97:
++                    16:3f:a3:a4:7b:3e:1b:0e:96:59:25:03:a7:26:e2:
++                    88:a9:cf:79:cd:f7:04:56:b0:ab:79:32:6e:59:c1:
++                    32:30:54:eb:58:a8:cb:91:f0:42:a5:64:27:cb:d4:
++                    56:31:88:52:ad:cf:bd:7f:f0:06:64:1f:cc:27:b8:
++                    a3:8b:8c:f3:d8:29:1f:25:0b:f5:46:06:1b:ca:02:
++                    45:ad:7b:76:0a:9c:bf:bb:b9:ae:0d:16:ab:60:75:
++                    ae:06:3e:9c:7c:31:dc:92:2f:29:1a:e0:4b:0c:91:
++                    90:6c:e9:37:c5:90:d7:2a:d7:97:15:a3:80:8f:5d:
++                    7b:49:8f:54:30:d4:97:2c:1c:5b:37:b5:ab:69:30:
++                    68:43:d3:33:78:4b:02:60:f5:3c:44:80:a1:8f:e7:
++                    f0:0f:d1:5e:87:9e:46:cf:62:fc:f9:bf:0c:65:12:
++                    f1:93:c8:35:79:3f:c8:ec:ec:47:f5:ef:be:44:d5:
++                    ae:82:1e:2d:9a:9f:98:5a:67:65:e1:74:70:7c:cb:
++                    d3:c2:ce:0e:45:49:27:dc:e3:2d:d4:fb:48:0e:2f:
++                    9e:77:b8:14:46:c0:c4:36:ca:02:ae:6a:91:8c:da:
++                    2f:85
++                Exponent: 65537 (0x10001)
++        X509v3 extensions:
++            X509v3 Basic Constraints: critical
++                CA:FALSE
++            X509v3 Subject Key Identifier:
++                88:5A:55:C0:52:FF:61:CD:52:A3:35:0F:EA:5A:9C:24:38:22:F7:5C
++            X509v3 Key Usage:
++                Digital Signature, Non Repudiation, Key Encipherment
++            X509v3 Subject Alternative Name:
++                *************************************************************
++                WARNING: The values for DNS, email and URI are WRONG. OpenSSL
++                         doesn't print the text after a NULL byte.
++                *************************************************************
++                DNS:altnull.python.org, email:null@python.org, URI:http://null.python.org, IP Address:192.0.2.1, IP Address:2001:DB8:0:0:0:0:0:1
++    Signature Algorithm: sha1WithRSAEncryption
++         ac:4f:45:ef:7d:49:a8:21:70:8e:88:59:3e:d4:36:42:70:f5:
++         a3:bd:8b:d7:a8:d0:58:f6:31:4a:b1:a4:a6:dd:6f:d9:e8:44:
++         3c:b6:0a:71:d6:7f:b1:08:61:9d:60:ce:75:cf:77:0c:d2:37:
++         86:02:8d:5e:5d:f9:0f:71:b4:16:a8:c1:3d:23:1c:f1:11:b3:
++         56:6e:ca:d0:8d:34:94:e6:87:2a:99:f2:ae:ae:cc:c2:e8:86:
++         de:08:a8:7f:c5:05:fa:6f:81:a7:82:e6:d0:53:9d:34:f4:ac:
++         3e:40:fe:89:57:7a:29:a4:91:7e:0b:c6:51:31:e5:10:2f:a4:
++         60:76:cd:95:51:1a:be:8b:a1:b0:fd:ad:52:bd:d7:1b:87:60:
++         d2:31:c7:17:c4:18:4f:2d:08:25:a3:a7:4f:b7:92:ca:e2:f5:
++         25:f1:54:75:81:9d:b3:3d:61:a2:f7:da:ed:e1:c6:6f:2c:60:
++         1f:d8:6f:c5:92:05:ab:c9:09:62:49:a9:14:ad:55:11:cc:d6:
++         4a:19:94:99:97:37:1d:81:5f:8b:cf:a3:a8:96:44:51:08:3d:
++         0b:05:65:12:eb:b6:70:80:88:48:72:4f:c6:c2:da:cf:cd:8e:
++         5b:ba:97:2f:60:b4:96:56:49:5e:3a:43:76:63:04:be:2a:f6:
++         c1:ca:a9:94
++-----BEGIN CERTIFICATE-----
++MIIE2DCCA8CgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBxTELMAkGA1UEBhMCVVMx
++DzANBgNVBAgMBk9yZWdvbjESMBAGA1UEBwwJQmVhdmVydG9uMSMwIQYDVQQKDBpQ
++eXRob24gU29mdHdhcmUgRm91bmRhdGlvbjEgMB4GA1UECwwXUHl0aG9uIENvcmUg
++RGV2ZWxvcG1lbnQxJDAiBgNVBAMMG251bGwucHl0aG9uLm9yZwBleGFtcGxlLm9y
++ZzEkMCIGCSqGSIb3DQEJARYVcHl0aG9uLWRldkBweXRob24ub3JnMB4XDTEzMDgw
++NzEzMTE1MloXDTEzMDgwNzEzMTI1MlowgcUxCzAJBgNVBAYTAlVTMQ8wDQYDVQQI
++DAZPcmVnb24xEjAQBgNVBAcMCUJlYXZlcnRvbjEjMCEGA1UECgwaUHl0aG9uIFNv
++ZnR3YXJlIEZvdW5kYXRpb24xIDAeBgNVBAsMF1B5dGhvbiBDb3JlIERldmVsb3Bt
++ZW50MSQwIgYDVQQDDBtudWxsLnB5dGhvbi5vcmcAZXhhbXBsZS5vcmcxJDAiBgkq
++hkiG9w0BCQEWFXB5dGhvbi1kZXZAcHl0aG9uLm9yZzCCASIwDQYJKoZIhvcNAQEB
++BQADggEPADCCAQoCggEBALXq7cn7Rn1vO3aA3TrzA5QLp6bb7B3f/yN0CJ2XFj+j
++pHs+Gw6WWSUDpybiiKnPec33BFawq3kyblnBMjBU61ioy5HwQqVkJ8vUVjGIUq3P
++vX/wBmQfzCe4o4uM89gpHyUL9UYGG8oCRa17dgqcv7u5rg0Wq2B1rgY+nHwx3JIv
++KRrgSwyRkGzpN8WQ1yrXlxWjgI9de0mPVDDUlywcWze1q2kwaEPTM3hLAmD1PESA
++oY/n8A/RXoeeRs9i/Pm/DGUS8ZPINXk/yOzsR/XvvkTVroIeLZqfmFpnZeF0cHzL
++08LODkVJJ9zjLdT7SA4vnne4FEbAxDbKAq5qkYzaL4UCAwEAAaOB0DCBzTAMBgNV
++HRMBAf8EAjAAMB0GA1UdDgQWBBSIWlXAUv9hzVKjNQ/qWpwkOCL3XDALBgNVHQ8E
++BAMCBeAwgZAGA1UdEQSBiDCBhYIeYWx0bnVsbC5weXRob24ub3JnAGV4YW1wbGUu
++Y29tgSBudWxsQHB5dGhvbi5vcmcAdXNlckBleGFtcGxlLm9yZ4YpaHR0cDovL251
++bGwucHl0aG9uLm9yZwBodHRwOi8vZXhhbXBsZS5vcmeHBMAAAgGHECABDbgAAAAA
++AAAAAAAAAAEwDQYJKoZIhvcNAQEFBQADggEBAKxPRe99SaghcI6IWT7UNkJw9aO9
++i9eo0Fj2MUqxpKbdb9noRDy2CnHWf7EIYZ1gznXPdwzSN4YCjV5d+Q9xtBaowT0j
++HPERs1ZuytCNNJTmhyqZ8q6uzMLoht4IqH/FBfpvgaeC5tBTnTT0rD5A/olXeimk
++kX4LxlEx5RAvpGB2zZVRGr6LobD9rVK91xuHYNIxxxfEGE8tCCWjp0+3ksri9SXx
++VHWBnbM9YaL32u3hxm8sYB/Yb8WSBavJCWJJqRStVRHM1koZlJmXNx2BX4vPo6iW
++RFEIPQsFZRLrtnCAiEhyT8bC2s/Njlu6ly9gtJZWSV46Q3ZjBL4q9sHKqZQ=
++-----END CERTIFICATE-----
+diff -r 9ddc63c039ba Lib/test/test_ssl.py
+--- a/Lib/test/test_ssl.py	Sun Aug 11 13:04:50 2013 +0300
++++ b/Lib/test/test_ssl.py	Sun Aug 11 18:13:17 2013 +0200
+@@ -25,6 +25,7 @@
+ HOST = test_support.HOST
+ CERTFILE = None
+ SVN_PYTHON_ORG_ROOT_CERT = None
++NULLBYTECERT = None
+ 
+ def handle_error(prefix):
+     exc_format = ' '.join(traceback.format_exception(*sys.exc_info()))
+@@ -123,6 +124,27 @@
+                           ('DNS', 'projects.forum.nokia.com'))
+                         )
+ 
++    def test_parse_cert_CVE_2013_4073(self):
++        p = ssl._ssl._test_decode_cert(NULLBYTECERT)
++        if test_support.verbose:
++            sys.stdout.write("\n" + pprint.pformat(p) + "\n")
++        subject = ((('countryName', 'US'),),
++                   (('stateOrProvinceName', 'Oregon'),),
++                   (('localityName', 'Beaverton'),),
++                   (('organizationName', 'Python Software Foundation'),),
++                   (('organizationalUnitName', 'Python Core Development'),),
++                   (('commonName', 'null.python.org\x00example.org'),),
++                   (('emailAddress', 'python-dev@python.org'),))
++        self.assertEqual(p['subject'], subject)
++        self.assertEqual(p['issuer'], subject)
++        self.assertEqual(p['subjectAltName'],
++                         (('DNS', 'altnull.python.org\x00example.com'),
++                         ('email', 'null@python.org\x00user@example.org'),
++                         ('URI', 'http://null.python.org\x00http://example.org'),
++                         ('IP Address', '192.0.2.1'),
++                         ('IP Address', '2001:DB8:0:0:0:0:0:1\n'))
++                        )
++
+     def test_DER_to_PEM(self):
+         with open(SVN_PYTHON_ORG_ROOT_CERT, 'r') as f:
+             pem = f.read()
+@@ -1360,7 +1382,7 @@
+ 
+ 
+ def test_main(verbose=False):
+-    global CERTFILE, SVN_PYTHON_ORG_ROOT_CERT, NOKIACERT
++    global CERTFILE, SVN_PYTHON_ORG_ROOT_CERT, NOKIACERT, NULLBYTECERT
+     CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir,
+                             "keycert.pem")
+     SVN_PYTHON_ORG_ROOT_CERT = os.path.join(
+@@ -1368,10 +1390,13 @@
+         "https_svn_python_org_root.pem")
+     NOKIACERT = os.path.join(os.path.dirname(__file__) or os.curdir,
+                              "nokia.pem")
++    NULLBYTECERT = os.path.join(os.path.dirname(__file__) or os.curdir,
++                                "nullbytecert.pem")
+ 
+     if (not os.path.exists(CERTFILE) or
+         not os.path.exists(SVN_PYTHON_ORG_ROOT_CERT) or
+-        not os.path.exists(NOKIACERT)):
++        not os.path.exists(NOKIACERT) or
++        not os.path.exists(NULLBYTECERT)):
+         raise test_support.TestFailed("Can't read certificate files!")
+ 
+     tests = [BasicTests, BasicSocketTests]
+diff -r 9ddc63c039ba Modules/_ssl.c
+--- a/Modules/_ssl.c	Sun Aug 11 13:04:50 2013 +0300
++++ b/Modules/_ssl.c	Sun Aug 11 18:13:17 2013 +0200
+@@ -741,8 +741,13 @@
+ 
+             /* get a rendering of each name in the set of names */
+ 
++            int gntype;
++            ASN1_STRING *as = NULL;
++
+             name = sk_GENERAL_NAME_value(names, j);
+-            if (name->type == GEN_DIRNAME) {
++            gntype = name-> type;
++            switch (gntype) {
++            case GEN_DIRNAME:
+ 
+                 /* we special-case DirName as a tuple of tuples of attributes */
+ 
+@@ -764,11 +769,61 @@
+                     goto fail;
+                 }
+                 PyTuple_SET_ITEM(t, 1, v);
++                break;
+ 
+-            } else {
++            case GEN_EMAIL:
++            case GEN_DNS:
++            case GEN_URI:
++                /* GENERAL_NAME_print() doesn't handle NUL bytes in ASN1_string
++                   correctly. */
++                t = PyTuple_New(2);
++                if (t == NULL)
++                    goto fail;
++                switch (gntype) {
++                case GEN_EMAIL:
++                    v = PyUnicode_FromString("email");
++                    as = name->d.rfc822Name;
++                    break;
++                case GEN_DNS:
++                    v = PyUnicode_FromString("DNS");
++                    as = name->d.dNSName;
++                    break;
++                case GEN_URI:
++                    v = PyUnicode_FromString("URI");
++                    as = name->d.uniformResourceIdentifier;
++                    break;
++                }
++                if (v == NULL) {
++                    Py_DECREF(t);
++                    goto fail;
++                }
++                PyTuple_SET_ITEM(t, 0, v);
++                v = PyString_FromStringAndSize((char *)ASN1_STRING_data(as),
++                                               ASN1_STRING_length(as));
++                if (v == NULL) {
++                    Py_DECREF(t);
++                    goto fail;
++                }
++                PyTuple_SET_ITEM(t, 1, v);
++                break;
+ 
++            default:
+                 /* for everything else, we use the OpenSSL print form */
+-
++                switch (gntype) {
++                    /* check for new general name type */
++                    case GEN_OTHERNAME:
++                    case GEN_X400:
++                    case GEN_EDIPARTY:
++                    case GEN_IPADD:
++                    case GEN_RID:
++                        break;
++                    default:
++                        if (PyErr_Warn(PyExc_RuntimeWarning,
++				       "Unknown general name type") == -1) {
++                            goto fail;
++                        }
++                        break;
++                }
+                 (void) BIO_reset(biobuf);
+                 GENERAL_NAME_print(biobuf, name);
+                 len = BIO_gets(biobuf, buf, sizeof(buf)-1);
+@@ -794,6 +849,7 @@
+                     goto fail;
+                 }
+                 PyTuple_SET_ITEM(t, 1, v);
++		break;
+             }
+ 
+             /* and add that rendering to the list */

meta/recipes-devtools/python/python/pypirc-secure.patch

@@ -0,0 +1,35 @@
+# HG changeset patch
+# User Philip Jenvey <pjenvey@underboss.org>
+# Date 1322701507 28800
+# Branch 2.7
+# Node ID e7c20a8476a0e2ca18f8040864cbc400818d8f24
+# Parent  3ecddf168f1f554a17a047384fe0b02f2d688277
+create the .pypirc securely
+
+Upstream-Status: Backport
+
+Signed-off-by: Saul Wold <sgw@linux.intel.com>
+
+
+diff -r 3ecddf168f1f -r e7c20a8476a0 Lib/distutils/config.py
+--- a/Lib/distutils/config.py	Tue Nov 29 00:53:09 2011 +0100
++++ b/Lib/distutils/config.py	Wed Nov 30 17:05:07 2011 -0800
+@@ -42,16 +42,8 @@
+     def _store_pypirc(self, username, password):
+         """Creates a default .pypirc file."""
+         rc = self._get_rc_file()
+-        f = open(rc, 'w')
+-        try:
+-            f.write(DEFAULT_PYPIRC % (username, password))
+-        finally:
+-            f.close()
+-        try:
+-            os.chmod(rc, 0600)
+-        except OSError:
+-            # should do something better here
+-            pass
++        with os.fdopen(os.open(rc, os.O_CREAT | os.O_WRONLY, 0600), 'w') as fp:
++            fp.write(DEFAULT_PYPIRC % (username, password))
+ 
+     def _read_pypirc(self):
+         """Reads the .pypirc file."""

meta/recipes-devtools/python/python_2.7.3.bb

@@ -29,6 +29,8 @@ SRC_URI += "\
   file://python-2.7.3-remove-bsdb-rpath.patch \
   file://builddir.patch \
   file://python-2.7.3-CVE-2012-2135.patch \
+  file://CVE-2013-4073_py27.patch \
+  file://pypirc-secure.patch \
 "
 
 S = "${WORKDIR}/Python-${PV}"

meta/recipes-devtools/rpm/rpm/rpm-lsb-compatibility.patch

@@ -0,0 +1,24 @@
+Enable platform tag matching workaround in OE.
+
+When installing some LSB packages the 'platform' field in the package
+appears to be invalid.  Instead of relying solely on the platform comparison
+we also want to generate a perceived platform based on the valid rpm contents
+of arch and os.
+
+Upstream-Status: Pending
+
+Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
+
+Index: rpm-5.4.9/lib/depends.c
+===================================================================
+--- rpm-5.4.9.orig/lib/depends.c
++++ rpm-5.4.9/lib/depends.c
+@@ -594,7 +594,7 @@ int rpmtsAddInstallElement(rpmts ts, Hea
+ 	    platform = rpmExpand(arch, "-unknown-", os, NULL);
+ 
+ 	rc = rpmPlatformScore(platform, platpat, nplatpat);
+-#if defined(RPM_VENDOR_MANDRIVA)
++#if defined(RPM_VENDOR_MANDRIVA) || defined(RPM_VENDOR_OE)
+ 	/*
+ 	 * If no match on platform tag, we'll try again with arch tag
+ 	 * in case platform tag is inconsistent with it, which is the case

meta/recipes-devtools/rpm/rpm_5.4.9.bb

@@ -86,7 +86,8 @@ SRC_URI = "http://www.rpm5.org/files/rpm/rpm-5.4/rpm-5.4.9-0.20120508.src.rpm;ex
 	   file://rpm-platform2.patch \
 	   file://rpm-remove-sykcparse-decl.patch \
 	   file://debugedit-segv.patch \
-     file://rpm-platform-file-fix.patch \
+	   file://rpm-platform-file-fix.patch \
+	   file://rpm-lsb-compatibility.patch \
 	  "
 
 # Uncomment the following line to enable platform score debugging
@@ -155,7 +156,7 @@ PACKAGECONFIG[neon] = "${WITH_NEON},${WITHOUT_NEON},neon expat,"
 PACKAGECONFIG[lua] = "--with-lua,--without-lua,expat,"
 PACKAGECONFIG[tcl] = "--with-tcl,--without-tcl,tcl,"
 
-PACAKGECONFIG[augeas] = "--with-augeas,--without-augeas,augeas,"
+PACKAGECONFIG[augeas] = "--with-augeas,--without-augeas,augeas,"
 
 EXTRA_OECONF += "--verbose \
 		--sysconfdir=${sysconfdir} \

meta/recipes-devtools/subversion/subversion-1.7.8/neon.m4-fix-includes-and-cflags.patch

@@ -0,0 +1,32 @@
+Fix to get correct SVN_NEON_CONFIG and CFLAGS when sysroot path contains '-D' and '-I'
+characters.
+
+Upstream-Status: Pending
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+
+index f951039..a813145 100644
+--- a/build/ac-macros/neon.m4
++++ b/build/ac-macros/neon.m4
+@@ -105,8 +105,8 @@ AC_DEFUN(SVN_NEON_CONFIG,
+            test "$svn_allowed_neon" = "any"; then
+             svn_allowed_neon_on_system="yes"
+             if test "$NEON_PKG_CONFIG" = "yes"; then
+-              SVN_NEON_INCLUDES=[`$PKG_CONFIG neon --cflags | $SED -e 's/-D[^ ]*//g'`]
+-              CFLAGS=["$CFLAGS `$PKG_CONFIG neon --cflags | $SED -e 's/-I[^ ]*//g'`"]
++              SVN_NEON_INCLUDES=["`$PKG_CONFIG neon --cflags | $SED -e 's/^-D[^ ]*//g' -e 's/ -D[^ ]*//g'`"]
++              CFLAGS=["$CFLAGS `$PKG_CONFIG neon --cflags | $SED -e 's/^-I[^ ]*//g' -e 's/ -I[^ ]*//g'`"]
+               old_CFLAGS="$CFLAGS"
+               old_LIBS="$LIBS"
+               NEON_LIBS=`$PKG_CONFIG neon --libs`
+@@ -126,8 +126,8 @@ int main()
+               CFLAGS="$old_CFLAGS"
+               LIBS="$old_LIBS"
+             else
+-              SVN_NEON_INCLUDES=[`$neon_config --cflags | $SED -e 's/-D[^ ]*//g'`]
+-              CFLAGS=["$CFLAGS `$neon_config --cflags | $SED -e 's/-I[^ ]*//g'`"]
++              SVN_NEON_INCLUDES=[`$neon_config --cflags | $SED -e 's/^-D[^ ]*//g' -e 's/ -D[^ ]*//g'`]
++              CFLAGS=["$CFLAGS `$neon_config --cflags | $SED -e 's/^-I[^ ]*//g' -e 's/ -I[^ ]*//g'`"]
+               NEON_LIBS=`$neon_config --libs`
+             fi
+             svn_lib_neon="yes"

meta/recipes-devtools/subversion/subversion_1.7.8.bb

@@ -12,6 +12,7 @@ inherit gettext
 SRC_URI = "${APACHE_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
            file://libtool2.patch \
            file://fix-install-depends.patch \
+           file://neon.m4-fix-includes-and-cflags.patch \
 "
 SRC_URI[md5sum] = "454b9f398415c3504435bf8c3f6ed127"
 SRC_URI[sha256sum] = "fc83d4d98ccea8b7bfa8f5c20fff545c8baa7d035db930977550c51c6ca23686"

meta/recipes-extended/bash/bash-3.2.48/Fix-for-bash-exported-function-namespace-change.patch

@@ -0,0 +1,158 @@
+Fix for exported function namespace change
+
+Upstream-Status: Backport
+
+Downloaded from: http://ftp.gnu.org/gnu/bash/bash-3.2-patches/bash32-054
+
+Author: Chet Ramey <chet.ramey@case.edu>
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+
+
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release: 3.2
+Patch-ID: bash32-054
+
+Bug-Reported-by:	Florian Weimer <fweimer@redhat.com>
+Bug-Reference-ID:
+Bug-Reference-URL:
+
+Bug-Description:
+
+This patch changes the encoding bash uses for exported functions to avoid
+clashes with shell variables and to avoid depending only on an environment
+variable's contents to determine whether or not to interpret it as a shell
+function.
+---
+--- a/variables.c	2014-09-16 19:10:39.000000000 -0400
++++ b/variables.c	2014-09-27 21:02:08.000000000 -0400
+@@ -75,4 +75,9 @@
+ #define ifsname(s)	((s)[0] == 'I' && (s)[1] == 'F' && (s)[2] == 'S' && (s)[3] == '\0')
+ 
++#define BASHFUNC_PREFIX		"BASH_FUNC_"
++#define BASHFUNC_PREFLEN	10	/* == strlen(BASHFUNC_PREFIX */
++#define BASHFUNC_SUFFIX		"%%"
++#define BASHFUNC_SUFFLEN	2	/* == strlen(BASHFUNC_SUFFIX) */
++
+ extern char **environ;
+ 
+@@ -242,5 +247,5 @@
+ static void dispose_temporary_env __P((sh_free_func_t *));
+ 
+-static inline char *mk_env_string __P((const char *, const char *));
++static inline char *mk_env_string __P((const char *, const char *, int));
+ static char **make_env_array_from_var_list __P((SHELL_VAR **));
+ static char **make_var_export_array __P((VAR_CONTEXT *));
+@@ -310,19 +315,30 @@
+       /* If exported function, define it now.  Don't import functions from
+ 	 the environment in privileged mode. */
+-      if (privmode == 0 && read_but_dont_execute == 0 && STREQN ("() {", string, 4))
++      if (privmode == 0 && read_but_dont_execute == 0 &&
++	  STREQN (BASHFUNC_PREFIX, name, BASHFUNC_PREFLEN) &&
++	  STREQ (BASHFUNC_SUFFIX, name + char_index - BASHFUNC_SUFFLEN) &&
++	  STREQN ("() {", string, 4))
+ 	{
++	  size_t namelen;
++	  char *tname;		/* desired imported function name */
++
++	  namelen = char_index - BASHFUNC_PREFLEN - BASHFUNC_SUFFLEN;
++
++	  tname = name + BASHFUNC_PREFLEN;	/* start of func name */
++	  tname[namelen] = '\0';		/* now tname == func name */
++
+ 	  string_length = strlen (string);
+-	  temp_string = (char *)xmalloc (3 + string_length + char_index);
++	  temp_string = (char *)xmalloc (namelen + string_length + 2);
+ 
+-	  strcpy (temp_string, name);
+-	  temp_string[char_index] = ' ';
+-	  strcpy (temp_string + char_index + 1, string);
++	  memcpy (temp_string, tname, namelen);
++	  temp_string[namelen] = ' ';
++	  memcpy (temp_string + namelen + 1, string, string_length + 1);
+ 
+ 	  /* Don't import function names that are invalid identifiers from the
+ 	     environment. */
+-	  if (legal_identifier (name))
+-	    parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
++	  if (absolute_program (tname) == 0 && (posixly_correct == 0 || legal_identifier (tname)))
++	    parse_and_execute (temp_string, tname, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
+ 
+-	  if (temp_var = find_function (name))
++	  if (temp_var = find_function (tname))
+ 	    {
+ 	      VSETATTR (temp_var, (att_exported|att_imported));
+@@ -330,5 +346,8 @@
+ 	    }
+ 	  else
+-	    report_error (_("error importing function definition for `%s'"), name);
++	    report_error (_("error importing function definition for `%s'"), tname);
++
++	  /* Restore original suffix */
++	  tname[namelen] = BASHFUNC_SUFFIX[0];
+ 	}
+ #if defined (ARRAY_VARS)
+@@ -2208,5 +2227,5 @@
+ 
+   INVALIDATE_EXPORTSTR (var);
+-  var->exportstr = mk_env_string (name, value);
++  var->exportstr = mk_env_string (name, value, 0);
+ 
+   array_needs_making = 1;
+@@ -2999,19 +3018,40 @@
+ 
+ static inline char *
+-mk_env_string (name, value)
++mk_env_string (name, value, isfunc)
+      const char *name, *value;
++     int isfunc;
+ {
+-  int name_len, value_len;
+-  char	*p;
++  size_t name_len, value_len;
++  char	*p, *q;
+ 
+   name_len = strlen (name);
+   value_len = STRLEN (value);
+-  p = (char *)xmalloc (2 + name_len + value_len);
+-  strcpy (p, name);
+-  p[name_len] = '=';
++
++  /* If we are exporting a shell function, construct the encoded function
++     name. */
++  if (isfunc && value)
++    {
++      p = (char *)xmalloc (BASHFUNC_PREFLEN + name_len + BASHFUNC_SUFFLEN + value_len + 2);
++      q = p;
++      memcpy (q, BASHFUNC_PREFIX, BASHFUNC_PREFLEN);
++      q += BASHFUNC_PREFLEN;
++      memcpy (q, name, name_len);
++      q += name_len;
++      memcpy (q, BASHFUNC_SUFFIX, BASHFUNC_SUFFLEN);
++      q += BASHFUNC_SUFFLEN;
++    }
++  else
++    {
++      p = (char *)xmalloc (2 + name_len + value_len);
++      memcpy (p, name, name_len);
++      q = p + name_len;
++    }
++
++  q[0] = '=';
+   if (value && *value)
+-    strcpy (p + name_len + 1, value);
++    memcpy (q + 1, value, value_len + 1);
+   else
+-    p[name_len + 1] = '\0';
++    q[1] = '\0';
++
+   return (p);
+ }
+@@ -3088,5 +3128,5 @@
+ 	     using the cached exportstr... */
+ 	  list[list_index] = USE_EXPORTSTR ? savestring (value)
+-					   : mk_env_string (var->name, value);
++					   : mk_env_string (var->name, value, function_p (var));
+ 
+ 	  if (USE_EXPORTSTR == 0)

meta/recipes-extended/bash/bash-3.2.48/cve-2014-6271.patch

@@ -0,0 +1,77 @@
+Fix CVE-2014-6271, aka ShellShock.
+
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+*** ../bash-3.2.51/builtins/common.h	2006-03-06 09:38:44.000000000 -0500
+--- builtins/common.h	2014-09-16 19:08:02.000000000 -0400
+***************
+*** 34,37 ****
+--- 34,39 ----
+  
+  /* Flags for describe_command, shared between type.def and command.def */
++ #define SEVAL_FUNCDEF	0x080		/* only allow function definitions */
++ #define SEVAL_ONECMD	0x100		/* only allow a single command */
+  #define CDESC_ALL		0x001	/* type -a */
+  #define CDESC_SHORTDESC		0x002	/* command -V */
+*** ../bash-3.2.51/builtins/evalstring.c	2008-11-15 17:47:04.000000000 -0500
+--- builtins/evalstring.c	2014-09-16 19:08:02.000000000 -0400
+***************
+*** 235,238 ****
+--- 235,246 ----
+  	      struct fd_bitmap *bitmap;
+  
++ 	      if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def)
++ 		{
++ 		  internal_warning ("%s: ignoring function definition attempt", from_file);
++ 		  should_jump_to_top_level = 0;
++ 		  last_result = last_command_exit_value = EX_BADUSAGE;
++ 		  break;
++ 		}
++ 
+  	      bitmap = new_fd_bitmap (FD_BITMAP_SIZE);
+  	      begin_unwind_frame ("pe_dispose");
+***************
+*** 292,295 ****
+--- 300,306 ----
+  	      dispose_fd_bitmap (bitmap);
+  	      discard_unwind_frame ("pe_dispose");
++ 
++ 	      if (flags & SEVAL_ONECMD)
++ 		break;
+  	    }
+  	}
+*** ../bash-3.2.51/variables.c	2008-11-15 17:15:06.000000000 -0500
+--- variables.c	2014-09-16 19:10:39.000000000 -0400
+***************
+*** 319,328 ****
+  	  strcpy (temp_string + char_index + 1, string);
+  
+! 	  parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST);
+! 
+! 	  /* Ancient backwards compatibility.  Old versions of bash exported
+! 	     functions like name()=() {...} */
+! 	  if (name[char_index - 1] == ')' && name[char_index - 2] == '(')
+! 	    name[char_index - 2] = '\0';
+  
+  	  if (temp_var = find_function (name))
+--- 319,326 ----
+  	  strcpy (temp_string + char_index + 1, string);
+  
+! 	  /* Don't import function names that are invalid identifiers from the
+! 	     environment. */
+! 	  if (legal_identifier (name))
+! 	    parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
+  
+  	  if (temp_var = find_function (name))
+***************
+*** 333,340 ****
+  	  else
+  	    report_error (_("error importing function definition for `%s'"), name);
+- 
+- 	  /* ( */
+- 	  if (name[char_index - 1] == ')' && name[char_index - 2] == '\0')
+- 	    name[char_index - 2] = '(';		/* ) */
+  	}
+  #if defined (ARRAY_VARS)
+--- 331,334 ----

meta/recipes-extended/bash/bash-3.2.48/cve-2014-6277.patch

@@ -0,0 +1,44 @@
+bash: Fix CVE-2014-6277 (shellshock)
+ 
+Upstream-status: backport
+ 
+Downloaded from: 
+ftp://ftp.gnu.org/pub/bash/bash-3.2-patches/bash32-056
+
+Author: Chet Ramey <chet.ramey@case.edu>
+Signed-off-by: Catalin Popeanga <catalin.popeanga@enea.com>
+
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release: 3.2
+Patch-ID: bash32-056
+
+Bug-Reported-by:	Michal Zalewski <lcamtuf@coredump.cx>
+Bug-Reference-ID:
+Bug-Reference-URL:
+
+Bug-Description:
+
+When bash is parsing a function definition that contains a here-document
+delimited by end-of-file (or end-of-string), it leaves the closing delimiter
+uninitialized.  This can result in an invalid memory access when the parsed
+function is later copied.
+---
+--- a/make_cmd.c	2006-09-12 09:21:22.000000000 -0400
++++ b/make_cmd.c	2014-10-02 11:41:40.000000000 -0400
+@@ -677,4 +677,5 @@
+   temp->redirector = source;
+   temp->redirectee = dest_and_filename;
++  temp->here_doc_eof = 0;
+   temp->instruction = instruction;
+   temp->flags = 0;
+--- a/copy_cmd.c	2003-10-07 11:43:44.000000000 -0400
++++ b/copy_cmd.c	2014-10-02 11:41:40.000000000 -0400
+@@ -117,5 +117,5 @@
+     case r_reading_until:
+     case r_deblank_reading_until:
+-      new_redirect->here_doc_eof = savestring (redirect->here_doc_eof);
++      new_redirect->here_doc_eof = redirect->here_doc_eof ? savestring (redirect->here_doc_eof) : 0;
+       /*FALLTHROUGH*/
+     case r_reading_string:

meta/recipes-extended/bash/bash-3.2.48/cve-2014-6278.patch

@@ -0,0 +1,99 @@
+bash: Fix CVE-2014-6278 (shellshock)
+ 
+Upstream-status: backport
+ 
+Downloaded from: 
+ftp://ftp.gnu.org/pub/bash/bash-3.2-patches/bash32-057
+
+Author: Chet Ramey <chet.ramey@case.edu>
+Signed-off-by: Catalin Popeanga <catalin.popeanga@enea.com>
+
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release: 3.2
+Patch-ID: bash32-057
+
+Bug-Reported-by:	Michal Zalewski <lcamtuf@coredump.cx>
+Bug-Reference-ID:
+Bug-Reference-URL:
+
+Bug-Description:
+
+A combination of nested command substitutions and function importing from
+the environment can cause bash to execute code appearing in the environment
+variable value following the function definition.
+
+--- a/builtins/evalstring.c	2014-09-16 19:08:02.000000000 -0400
++++ b/builtins/evalstring.c	2014-10-04 15:58:35.000000000 -0400
+@@ -44,4 +44,5 @@
+ #include "../redir.h"
+ #include "../trap.h"
++#include "../bashintl.h"
+ 
+ #if defined (HISTORY)
+@@ -235,10 +236,23 @@
+ 	      struct fd_bitmap *bitmap;
+ 
+-	      if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def)
++	      if (flags & SEVAL_FUNCDEF)
+ 		{
+-		  internal_warning ("%s: ignoring function definition attempt", from_file);
+-		  should_jump_to_top_level = 0;
+-		  last_result = last_command_exit_value = EX_BADUSAGE;
+-		  break;
++		  char *x;
++
++		  /* If the command parses to something other than a straight
++		     function definition, or if we have not consumed the entire
++		     string, or if the parser has transformed the function
++		     name (as parsing will if it begins or ends with shell
++		     whitespace, for example), reject the attempt */
++		  if (command->type != cm_function_def ||
++		      ((x = parser_remaining_input ()) && *x) ||
++		      (STREQ (from_file, command->value.Function_def->name->word) == 0))
++		    {
++		      internal_warning (_("%s: ignoring function definition attempt"), from_file);
++		      should_jump_to_top_level = 0;
++		      last_result = last_command_exit_value = EX_BADUSAGE;
++		      reset_parser ();
++		      break;
++		    }
+ 		}
+ 
+@@ -302,5 +316,8 @@
+ 
+ 	      if (flags & SEVAL_ONECMD)
+-		break;
++		{
++		  reset_parser ();
++		  break;
++		}
+ 	    }
+ 	}
+--- a/parse.y	2014-09-30 19:43:22.000000000 -0400
++++ b/parse.y	2014-10-04 15:58:35.000000000 -0400
+@@ -2125,4 +2125,14 @@
+ }
+ 
++char *
++parser_remaining_input ()
++{
++  if (shell_input_line == 0)
++    return 0;
++  if (shell_input_line_index < 0 || shell_input_line_index >= shell_input_line_len)
++    return '\0';	/* XXX */
++  return (shell_input_line + shell_input_line_index);
++}
++
+ #ifdef INCLUDE_UNUSED
+ /* Back the input pointer up by one, effectively `ungetting' a character. */
+--- a/shell.h	2008-04-28 22:00:24.000000000 -0400
++++ b/shell.h	2014-10-04 15:58:35.000000000 -0400
+@@ -161,4 +161,6 @@
+ 
+ /* Let's try declaring these here. */
++extern char *parser_remaining_input __P((void));
++
+ extern sh_parser_state_t *save_parser_state __P((sh_parser_state_t *));
+ extern void restore_parser_state __P((sh_parser_state_t *));

meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch

@@ -0,0 +1,16 @@
+Taken from http://www.openwall.com/lists/oss-security/2016/09/25/10
+
+Upstream-Status: Backport
+Index: bash-3.2.48/parse.y
+===================================================================
+--- bash-3.2.48.orig/parse.y	2008-04-29 18:24:55.000000000 -0700
++++ bash-3.2.48/parse.y	2014-09-26 13:07:31.956080056 -0700
+@@ -2503,6 +2503,8 @@
+   FREE (word_desc_to_read);
+   word_desc_to_read = (WORD_DESC *)NULL;
+ 
++  eol_ungetc_lookahead = 0;
++
+   last_read_token = '\n';
+   token_to_read = '\n';
+ }

meta/recipes-extended/bash/bash-3.2.48/cve-2014-7186_cve-2014-7187.patch

@@ -0,0 +1,99 @@
+bash: Fix for CVE-2014-7186 and CVE-2014-7187
+
+Upstream-Status: Backport {GNU Patch-ID: bash32-055}
+
+Downloaded from: http://ftp.gnu.org/gnu/bash/bash-3.2-patches/bash32-055 
+
+Author: Chet Ramey <chet.ramey@case.edu>
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release: 3.2
+Patch-ID: bash32-055
+
+Bug-Reported-by:	Florian Weimer <fweimer@redhat.com>
+Bug-Reference-ID:
+Bug-Reference-URL:
+
+Bug-Description:
+
+There are two local buffer overflows in parse.y that can cause the shell
+to dump core when given many here-documents attached to a single command
+or many nested loops.
+---
+--- a/parse.y	2014-09-27 12:17:16.000000000 -0400
++++ b/parse.y	2014-09-30 19:43:22.000000000 -0400
+@@ -166,4 +166,7 @@
+ static int reserved_word_acceptable __P((int));
+ static int yylex __P((void));
++
++static void push_heredoc __P((REDIRECT *));
++static char *mk_alexpansion __P((char *));
+ static int alias_expand_token __P((char *));
+ static int time_command_acceptable __P((void));
+@@ -254,5 +257,7 @@
+ /* Variables to manage the task of reading here documents, because we need to
+    defer the reading until after a complete command has been collected. */
+-static REDIRECT *redir_stack[10];
++#define HEREDOC_MAX 16
++
++static REDIRECT *redir_stack[HEREDOC_MAX];
+ int need_here_doc;
+ 
+@@ -280,5 +285,5 @@
+    index is decremented after a case, select, or for command is parsed. */
+ #define MAX_CASE_NEST	128
+-static int word_lineno[MAX_CASE_NEST];
++static int word_lineno[MAX_CASE_NEST+1];
+ static int word_top = -1;
+ 
+@@ -425,5 +430,5 @@
+ 			  redir.filename = $2;
+ 			  $$ = make_redirection (0, r_reading_until, redir);
+-			  redir_stack[need_here_doc++] = $$;
++			  push_heredoc ($$);
+ 			}
+ 	|	NUMBER LESS_LESS WORD
+@@ -431,5 +436,5 @@
+ 			  redir.filename = $3;
+ 			  $$ = make_redirection ($1, r_reading_until, redir);
+-			  redir_stack[need_here_doc++] = $$;
++			  push_heredoc ($$);
+ 			}
+ 	|	LESS_LESS_LESS WORD
+@@ -488,5 +493,5 @@
+ 			  $$ = make_redirection
+ 			    (0, r_deblank_reading_until, redir);
+-			  redir_stack[need_here_doc++] = $$;
++			  push_heredoc ($$);
+ 			}
+ 	|	NUMBER LESS_LESS_MINUS WORD
+@@ -495,5 +500,5 @@
+ 			  $$ = make_redirection
+ 			    ($1, r_deblank_reading_until, redir);
+-			  redir_stack[need_here_doc++] = $$;
++			  push_heredoc ($$);
+ 			}
+ 	|	GREATER_AND '-'
+@@ -2214,4 +2219,19 @@
+ static int esacs_needed_count;
+ 
++static void
++push_heredoc (r)
++     REDIRECT *r;
++{
++  if (need_here_doc >= HEREDOC_MAX)
++    {
++      last_command_exit_value = EX_BADUSAGE;
++      need_here_doc = 0;
++      report_syntax_error (_("maximum here-document count exceeded"));
++      reset_parser ();
++      exit_shell (last_command_exit_value);
++    }
++  redir_stack[need_here_doc++] = r;
++}
++
+ void
+ gather_here_documents ()

meta/recipes-extended/bash/bash-4.2/Fix-for-bash-exported-function-namespace-change.patch

@@ -0,0 +1,212 @@
+Fix for exported function namespace change
+
+Upstream-Status: Backport
+
+Downloaded from: http://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-050
+
+Author: Chet Ramey <chet.ramey@case.edu>
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-050
+
+Bug-Reported-by:	Florian Weimer <fweimer@redhat.com>
+Bug-Reference-ID:
+Bug-Reference-URL:
+
+Bug-Description:
+
+This patch changes the encoding bash uses for exported functions to avoid
+clashes with shell variables and to avoid depending only on an environment
+variable's contents to determine whether or not to interpret it as a shell
+function.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2.49/variables.c	2014-09-16 19:35:45.000000000 -0400
+--- variables.c	2014-09-27 20:54:00.000000000 -0400
+***************
+*** 80,83 ****
+--- 80,88 ----
+  #define ifsname(s)	((s)[0] == 'I' && (s)[1] == 'F' && (s)[2] == 'S' && (s)[3] == '\0')
+  
++ #define BASHFUNC_PREFIX		"BASH_FUNC_"
++ #define BASHFUNC_PREFLEN	10	/* == strlen(BASHFUNC_PREFIX */
++ #define BASHFUNC_SUFFIX		"%%"
++ #define BASHFUNC_SUFFLEN	2	/* == strlen(BASHFUNC_SUFFIX) */
++ 
+  extern char **environ;
+  
+***************
+*** 269,273 ****
+  static void dispose_temporary_env __P((sh_free_func_t *));     
+  
+! static inline char *mk_env_string __P((const char *, const char *));
+  static char **make_env_array_from_var_list __P((SHELL_VAR **));
+  static char **make_var_export_array __P((VAR_CONTEXT *));
+--- 274,278 ----
+  static void dispose_temporary_env __P((sh_free_func_t *));     
+  
+! static inline char *mk_env_string __P((const char *, const char *, int));
+  static char **make_env_array_from_var_list __P((SHELL_VAR **));
+  static char **make_var_export_array __P((VAR_CONTEXT *));
+***************
+*** 339,357 ****
+        /* If exported function, define it now.  Don't import functions from
+  	 the environment in privileged mode. */
+!       if (privmode == 0 && read_but_dont_execute == 0 && STREQN ("() {", string, 4))
+  	{
+  	  string_length = strlen (string);
+! 	  temp_string = (char *)xmalloc (3 + string_length + char_index);
+  
+! 	  strcpy (temp_string, name);
+! 	  temp_string[char_index] = ' ';
+! 	  strcpy (temp_string + char_index + 1, string);
+  
+  	  /* Don't import function names that are invalid identifiers from the
+  	     environment. */
+! 	  if (legal_identifier (name))
+! 	    parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
+  
+! 	  if (temp_var = find_function (name))
+  	    {
+  	      VSETATTR (temp_var, (att_exported|att_imported));
+--- 344,373 ----
+        /* If exported function, define it now.  Don't import functions from
+  	 the environment in privileged mode. */
+!       if (privmode == 0 && read_but_dont_execute == 0 &&
+! 	  STREQN (BASHFUNC_PREFIX, name, BASHFUNC_PREFLEN) &&
+! 	  STREQ (BASHFUNC_SUFFIX, name + char_index - BASHFUNC_SUFFLEN) &&
+! 	  STREQN ("() {", string, 4))
+  	{
++ 	  size_t namelen;
++ 	  char *tname;		/* desired imported function name */
++ 
++ 	  namelen = char_index - BASHFUNC_PREFLEN - BASHFUNC_SUFFLEN;
++ 
++ 	  tname = name + BASHFUNC_PREFLEN;	/* start of func name */
++ 	  tname[namelen] = '\0';		/* now tname == func name */
++ 
+  	  string_length = strlen (string);
+! 	  temp_string = (char *)xmalloc (namelen + string_length + 2);
+  
+! 	  memcpy (temp_string, tname, namelen);
+! 	  temp_string[namelen] = ' ';
+! 	  memcpy (temp_string + namelen + 1, string, string_length + 1);
+  
+  	  /* Don't import function names that are invalid identifiers from the
+  	     environment. */
+! 	  if (absolute_program (tname) == 0 && (posixly_correct == 0 || legal_identifier (tname)))
+! 	    parse_and_execute (temp_string, tname, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
+  
+! 	  if (temp_var = find_function (tname))
+  	    {
+  	      VSETATTR (temp_var, (att_exported|att_imported));
+***************
+*** 359,363 ****
+  	    }
+  	  else
+! 	    report_error (_("error importing function definition for `%s'"), name);
+  	}
+  #if defined (ARRAY_VARS)
+--- 375,382 ----
+  	    }
+  	  else
+! 	    report_error (_("error importing function definition for `%s'"), tname);
+! 
+! 	  /* Restore original suffix */
+! 	  tname[namelen] = BASHFUNC_SUFFIX[0];
+  	}
+  #if defined (ARRAY_VARS)
+***************
+*** 2538,2542 ****
+  
+    INVALIDATE_EXPORTSTR (var);
+!   var->exportstr = mk_env_string (name, value);
+  
+    array_needs_making = 1;
+--- 2557,2561 ----
+  
+    INVALIDATE_EXPORTSTR (var);
+!   var->exportstr = mk_env_string (name, value, 0);
+  
+    array_needs_making = 1;
+***************
+*** 3390,3408 ****
+  
+  static inline char *
+! mk_env_string (name, value)
+       const char *name, *value;
+  {
+!   int name_len, value_len;
+!   char	*p;
+  
+    name_len = strlen (name);
+    value_len = STRLEN (value);
+!   p = (char *)xmalloc (2 + name_len + value_len);
+!   strcpy (p, name);
+!   p[name_len] = '=';
+    if (value && *value)
+!     strcpy (p + name_len + 1, value);
+    else
+!     p[name_len + 1] = '\0';
+    return (p);
+  }
+--- 3409,3448 ----
+  
+  static inline char *
+! mk_env_string (name, value, isfunc)
+       const char *name, *value;
++      int isfunc;
+  {
+!   size_t name_len, value_len;
+!   char	*p, *q;
+  
+    name_len = strlen (name);
+    value_len = STRLEN (value);
+! 
+!   /* If we are exporting a shell function, construct the encoded function
+!      name. */
+!   if (isfunc && value)
+!     {
+!       p = (char *)xmalloc (BASHFUNC_PREFLEN + name_len + BASHFUNC_SUFFLEN + value_len + 2);
+!       q = p;
+!       memcpy (q, BASHFUNC_PREFIX, BASHFUNC_PREFLEN);
+!       q += BASHFUNC_PREFLEN;
+!       memcpy (q, name, name_len);
+!       q += name_len;
+!       memcpy (q, BASHFUNC_SUFFIX, BASHFUNC_SUFFLEN);
+!       q += BASHFUNC_SUFFLEN;
+!     }
+!   else
+!     {
+!       p = (char *)xmalloc (2 + name_len + value_len);
+!       memcpy (p, name, name_len);
+!       q = p + name_len;
+!     }
+! 
+!   q[0] = '=';
+    if (value && *value)
+!     memcpy (q + 1, value, value_len + 1);
+    else
+!     q[1] = '\0';
+! 
+    return (p);
+  }
+***************
+*** 3490,3494 ****
+  	     using the cached exportstr... */
+  	  list[list_index] = USE_EXPORTSTR ? savestring (value)
+! 					   : mk_env_string (var->name, value);
+  
+  	  if (USE_EXPORTSTR == 0)
+--- 3530,3534 ----
+  	     using the cached exportstr... */
+  	  list[list_index] = USE_EXPORTSTR ? savestring (value)
+! 					   : mk_env_string (var->name, value, function_p (var));
+  
+  	  if (USE_EXPORTSTR == 0)

meta/recipes-extended/bash/bash-4.2/cve-2014-6271.patch

@@ -0,0 +1,95 @@
+Fix CVE-2014-6271, aka ShellShock.  This is the upstream 4.2 patchlevel 48, minus the hunk to
+set the patch level.
+
+Upstream-Status: Backport
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-048
+
+Bug-Reported-by:	Stephane Chazelas <stephane.chazelas@gmail.com>
+Bug-Reference-ID:
+Bug-Reference-URL:
+
+Bug-Description:
+
+Under certain circumstances, bash will execute user code while processing the
+environment for exported function definitions.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2.47/builtins/common.h	2010-05-30 18:31:51.000000000 -0400
+--- builtins/common.h	2014-09-16 19:35:45.000000000 -0400
+***************
+*** 36,39 ****
+--- 36,41 ----
+  
+  /* Flags for describe_command, shared between type.def and command.def */
++ #define SEVAL_FUNCDEF	0x080		/* only allow function definitions */
++ #define SEVAL_ONECMD	0x100		/* only allow a single command */
+  #define CDESC_ALL		0x001	/* type -a */
+  #define CDESC_SHORTDESC		0x002	/* command -V */
+*** ../bash-4.2.47/builtins/evalstring.c	2010-11-23 08:22:15.000000000 -0500
+--- builtins/evalstring.c	2014-09-16 19:35:45.000000000 -0400
+***************
+*** 262,265 ****
+--- 262,273 ----
+  	      struct fd_bitmap *bitmap;
+  
++ 	      if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def)
++ 		{
++ 		  internal_warning ("%s: ignoring function definition attempt", from_file);
++ 		  should_jump_to_top_level = 0;
++ 		  last_result = last_command_exit_value = EX_BADUSAGE;
++ 		  break;
++ 		}
++ 
+  	      bitmap = new_fd_bitmap (FD_BITMAP_SIZE);
+  	      begin_unwind_frame ("pe_dispose");
+***************
+*** 322,325 ****
+--- 330,336 ----
+  	      dispose_fd_bitmap (bitmap);
+  	      discard_unwind_frame ("pe_dispose");
++ 
++ 	      if (flags & SEVAL_ONECMD)
++ 		break;
+  	    }
+  	}
+*** ../bash-4.2.47/variables.c	2011-03-01 16:15:20.000000000 -0500
+--- variables.c	2014-09-16 19:35:45.000000000 -0400
+***************
+*** 348,357 ****
+  	  strcpy (temp_string + char_index + 1, string);
+  
+! 	  parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST);
+! 
+! 	  /* Ancient backwards compatibility.  Old versions of bash exported
+! 	     functions like name()=() {...} */
+! 	  if (name[char_index - 1] == ')' && name[char_index - 2] == '(')
+! 	    name[char_index - 2] = '\0';
+  
+  	  if (temp_var = find_function (name))
+--- 348,355 ----
+  	  strcpy (temp_string + char_index + 1, string);
+  
+! 	  /* Don't import function names that are invalid identifiers from the
+! 	     environment. */
+! 	  if (legal_identifier (name))
+! 	    parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
+  
+  	  if (temp_var = find_function (name))
+***************
+*** 362,369 ****
+  	  else
+  	    report_error (_("error importing function definition for `%s'"), name);
+- 
+- 	  /* ( */
+- 	  if (name[char_index - 1] == ')' && name[char_index - 2] == '\0')
+- 	    name[char_index - 2] = '(';		/* ) */
+  	}
+  #if defined (ARRAY_VARS)
+--- 360,363 ----

meta/recipes-extended/bash/bash-4.2/cve-2014-6277.patch

@@ -0,0 +1,44 @@
+bash: Fix CVE-2014-6277 (shellshock)
+ 
+Upstream-status: backport
+ 
+Downloaded from: 
+ftp://ftp.gnu.org/pub/bash/bash-4.3-patches/bash43-029
+ 
+Author: Chet Ramey <chet.ramey@case.edu>
+Signed-off-by: Catalin Popeanga <catalin.popeanga@enea.com>
+
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.3
+Patch-ID:	bash43-029
+
+Bug-Reported-by:	Michal Zalewski <lcamtuf@coredump.cx>
+Bug-Reference-ID:
+Bug-Reference-URL:
+
+Bug-Description:
+
+When bash is parsing a function definition that contains a here-document
+delimited by end-of-file (or end-of-string), it leaves the closing delimiter
+uninitialized.  This can result in an invalid memory access when the parsed
+function is later copied.
+---
+--- a/make_cmd.c	2011-12-16 08:08:01.000000000 -0500
++++ b/make_cmd.c	2014-10-02 11:24:23.000000000 -0400
+@@ -693,4 +693,5 @@
+   temp->redirector = source;
+   temp->redirectee = dest_and_filename;
++  temp->here_doc_eof = 0;
+   temp->instruction = instruction;
+   temp->flags = 0;
+--- a/copy_cmd.c	2009-09-11 16:28:02.000000000 -0400
++++ b/copy_cmd.c	2014-10-02 11:24:23.000000000 -0400
+@@ -127,5 +127,5 @@
+     case r_reading_until:
+     case r_deblank_reading_until:
+-      new_redirect->here_doc_eof = savestring (redirect->here_doc_eof);
++      new_redirect->here_doc_eof = redirect->here_doc_eof ? savestring (redirect->here_doc_eof) : 0;
+       /*FALLTHROUGH*/
+     case r_reading_string:

meta/recipes-extended/bash/bash-4.2/cve-2014-6278.patch

@@ -0,0 +1,127 @@
+bash: Fix CVE-2014-6278 (shellshock)
+ 
+Upstream-status: backport
+ 
+Downloaded from: 
+http://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-053
+
+Author: Chet Ramey <chet.ramey@case.edu>
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-053
+
+Bug-Reported-by:	Michal Zalewski <lcamtuf@coredump.cx>
+Bug-Reference-ID:
+Bug-Reference-URL:
+
+Bug-Description:
+
+A combination of nested command substitutions and function importing from
+the environment can cause bash to execute code appearing in the environment
+variable value following the function definition.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2.52/builtins/evalstring.c	2014-09-16 19:35:45.000000000 -0400
+--- builtins/evalstring.c	2014-10-04 15:00:26.000000000 -0400
+***************
+*** 262,271 ****
+  	      struct fd_bitmap *bitmap;
+  
+! 	      if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def)
+  		{
+! 		  internal_warning ("%s: ignoring function definition attempt", from_file);
+! 		  should_jump_to_top_level = 0;
+! 		  last_result = last_command_exit_value = EX_BADUSAGE;
+! 		  break;
+  		}
+  
+--- 262,284 ----
+  	      struct fd_bitmap *bitmap;
+  
+! 	      if (flags & SEVAL_FUNCDEF)
+  		{
+! 		  char *x;
+! 
+! 		  /* If the command parses to something other than a straight
+! 		     function definition, or if we have not consumed the entire
+! 		     string, or if the parser has transformed the function
+! 		     name (as parsing will if it begins or ends with shell
+! 		     whitespace, for example), reject the attempt */
+! 		  if (command->type != cm_function_def ||
+! 		      ((x = parser_remaining_input ()) && *x) ||
+! 		      (STREQ (from_file, command->value.Function_def->name->word) == 0))
+! 		    {
+! 		      internal_warning (_("%s: ignoring function definition attempt"), from_file);
+! 		      should_jump_to_top_level = 0;
+! 		      last_result = last_command_exit_value = EX_BADUSAGE;
+! 		      reset_parser ();
+! 		      break;
+! 		    }
+  		}
+  
+***************
+*** 332,336 ****
+  
+  	      if (flags & SEVAL_ONECMD)
+! 		break;
+  	    }
+  	}
+--- 345,352 ----
+  
+  	      if (flags & SEVAL_ONECMD)
+! 		{
+! 		  reset_parser ();
+! 		  break;
+! 		}
+  	    }
+  	}
+*** ../bash-4.2.52/parse.y	2014-09-30 19:24:19.000000000 -0400
+--- parse.y	2014-10-04 15:00:26.000000000 -0400
+***************
+*** 2436,2439 ****
+--- 2436,2449 ----
+  }
+  
++ char *
++ parser_remaining_input ()
++ {
++   if (shell_input_line == 0)
++     return 0;
++   if (shell_input_line_index < 0 || shell_input_line_index >= shell_input_line_len)
++     return '\0';	/* XXX */
++   return (shell_input_line + shell_input_line_index);
++ }
++ 
+  #ifdef INCLUDE_UNUSED
+  /* Back the input pointer up by one, effectively `ungetting' a character. */
+***************
+*** 3891,3896 ****
+    /* reset_parser clears shell_input_line and associated variables */
+    restore_input_line_state (&ls);
+!   if (interactive)
+!     token_to_read = 0;
+  
+    /* Need to find how many characters parse_and_execute consumed, update
+--- 3901,3906 ----
+    /* reset_parser clears shell_input_line and associated variables */
+    restore_input_line_state (&ls);
+! 
+!   token_to_read = 0;
+  
+    /* Need to find how many characters parse_and_execute consumed, update
+*** ../bash-4.2.52/shell.h	2011-11-21 18:03:32.000000000 -0500
+--- shell.h	2014-10-04 15:00:26.000000000 -0400
+***************
+*** 178,181 ****
+--- 178,183 ----
+  
+  /* Let's try declaring these here. */
++ extern char *parser_remaining_input __P((void));
++ 
+  extern sh_parser_state_t *save_parser_state __P((sh_parser_state_t *));
+  extern void restore_parser_state __P((sh_parser_state_t *));

meta/recipes-extended/bash/bash-4.2/cve-2014-7169.patch

@@ -0,0 +1,16 @@
+Taken from http://www.openwall.com/lists/oss-security/2016/09/25/10
+
+Upstream-Status: Backport
+Index: bash-4.3/parse.y
+===================================================================
+--- bash-4.3.orig/parse.y	2014-09-26 13:10:44.340080056 -0700
++++ bash-4.3/parse.y	2014-09-26 13:11:44.764080056 -0700
+@@ -2953,6 +2953,8 @@
+   FREE (word_desc_to_read);
+   word_desc_to_read = (WORD_DESC *)NULL;
+ 
++  eol_ungetc_lookahead = 0;
++
+   current_token = '\n';		/* XXX */
+   last_read_token = '\n';
+   token_to_read = '\n';

meta/recipes-extended/bash/bash-4.2/cve-2014-7186_cve-2014-7187.patch

@@ -0,0 +1,167 @@
+bash: Fix for CVE-2014-7186 and CVE-2014-7187
+
+Upstream-Status: Backport {GNU Patch-ID: bash42-051}
+
+Downloaded from: http://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-051
+
+Author: Chet Ramey <chet.ramey@case.edu>
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-051
+
+Bug-Reported-by:	Florian Weimer <fweimer@redhat.com>
+Bug-Reference-ID:
+Bug-Reference-URL:
+
+Bug-Description:
+
+There are two local buffer overflows in parse.y that can cause the shell
+to dump core when given many here-documents attached to a single command
+or many nested loops.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2.50/parse.y	2014-09-27 12:18:53.000000000 -0400
+--- parse.y	2014-09-30 19:24:19.000000000 -0400
+***************
+*** 168,171 ****
+--- 168,174 ----
+  static int reserved_word_acceptable __P((int));
+  static int yylex __P((void));
++ 
++ static void push_heredoc __P((REDIRECT *));
++ static char *mk_alexpansion __P((char *));
+  static int alias_expand_token __P((char *));
+  static int time_command_acceptable __P((void));
+***************
+*** 265,269 ****
+  /* Variables to manage the task of reading here documents, because we need to
+     defer the reading until after a complete command has been collected. */
+! static REDIRECT *redir_stack[10];
+  int need_here_doc;
+  
+--- 268,274 ----
+  /* Variables to manage the task of reading here documents, because we need to
+     defer the reading until after a complete command has been collected. */
+! #define HEREDOC_MAX 16
+! 
+! static REDIRECT *redir_stack[HEREDOC_MAX];
+  int need_here_doc;
+  
+***************
+*** 307,311 ****
+     index is decremented after a case, select, or for command is parsed. */
+  #define MAX_CASE_NEST	128
+! static int word_lineno[MAX_CASE_NEST];
+  static int word_top = -1;
+  
+--- 312,316 ----
+     index is decremented after a case, select, or for command is parsed. */
+  #define MAX_CASE_NEST	128
+! static int word_lineno[MAX_CASE_NEST+1];
+  static int word_top = -1;
+  
+***************
+*** 520,524 ****
+  			  redir.filename = $2;
+  			  $$ = make_redirection (source, r_reading_until, redir, 0);
+! 			  redir_stack[need_here_doc++] = $$;
+  			}
+  	|	NUMBER LESS_LESS WORD
+--- 525,529 ----
+  			  redir.filename = $2;
+  			  $$ = make_redirection (source, r_reading_until, redir, 0);
+! 			  push_heredoc ($$);
+  			}
+  	|	NUMBER LESS_LESS WORD
+***************
+*** 527,531 ****
+  			  redir.filename = $3;
+  			  $$ = make_redirection (source, r_reading_until, redir, 0);
+! 			  redir_stack[need_here_doc++] = $$;
+  			}
+  	|	REDIR_WORD LESS_LESS WORD
+--- 532,536 ----
+  			  redir.filename = $3;
+  			  $$ = make_redirection (source, r_reading_until, redir, 0);
+! 			  push_heredoc ($$);
+  			}
+  	|	REDIR_WORD LESS_LESS WORD
+***************
+*** 534,538 ****
+  			  redir.filename = $3;
+  			  $$ = make_redirection (source, r_reading_until, redir, REDIR_VARASSIGN);
+! 			  redir_stack[need_here_doc++] = $$;
+  			}
+  	|	LESS_LESS_MINUS WORD
+--- 539,543 ----
+  			  redir.filename = $3;
+  			  $$ = make_redirection (source, r_reading_until, redir, REDIR_VARASSIGN);
+! 			  push_heredoc ($$);
+  			}
+  	|	LESS_LESS_MINUS WORD
+***************
+*** 541,545 ****
+  			  redir.filename = $2;
+  			  $$ = make_redirection (source, r_deblank_reading_until, redir, 0);
+! 			  redir_stack[need_here_doc++] = $$;
+  			}
+  	|	NUMBER LESS_LESS_MINUS WORD
+--- 546,550 ----
+  			  redir.filename = $2;
+  			  $$ = make_redirection (source, r_deblank_reading_until, redir, 0);
+! 			  push_heredoc ($$);
+  			}
+  	|	NUMBER LESS_LESS_MINUS WORD
+***************
+*** 548,552 ****
+  			  redir.filename = $3;
+  			  $$ = make_redirection (source, r_deblank_reading_until, redir, 0);
+! 			  redir_stack[need_here_doc++] = $$;
+  			}
+  	|	REDIR_WORD  LESS_LESS_MINUS WORD
+--- 553,557 ----
+  			  redir.filename = $3;
+  			  $$ = make_redirection (source, r_deblank_reading_until, redir, 0);
+! 			  push_heredoc ($$);
+  			}
+  	|	REDIR_WORD  LESS_LESS_MINUS WORD
+***************
+*** 555,559 ****
+  			  redir.filename = $3;
+  			  $$ = make_redirection (source, r_deblank_reading_until, redir, REDIR_VARASSIGN);
+! 			  redir_stack[need_here_doc++] = $$;
+  			}
+  	|	LESS_LESS_LESS WORD
+--- 560,564 ----
+  			  redir.filename = $3;
+  			  $$ = make_redirection (source, r_deblank_reading_until, redir, REDIR_VARASSIGN);
+! 			  push_heredoc ($$);
+  			}
+  	|	LESS_LESS_LESS WORD
+***************
+*** 2534,2537 ****
+--- 2539,2557 ----
+  static int esacs_needed_count;
+  
++ static void
++ push_heredoc (r)
++      REDIRECT *r;
++ {
++   if (need_here_doc >= HEREDOC_MAX)
++     {
++       last_command_exit_value = EX_BADUSAGE;
++       need_here_doc = 0;
++       report_syntax_error (_("maximum here-document count exceeded"));
++       reset_parser ();
++       exit_shell (last_command_exit_value);
++     }
++   redir_stack[need_here_doc++] = r;
++ }
++ 
+  void
+  gather_here_documents ()

meta/recipes-extended/bash/bash_3.2.48.bb

@@ -10,6 +10,12 @@ SRC_URI = "${GNU_MIRROR}/bash/bash-${PV}.tar.gz;name=tarball \
            ${GNU_MIRROR}/bash/bash-3.2-patches/bash32-050;apply=yes;striplevel=0;name=patch002 \
            ${GNU_MIRROR}/bash/bash-3.2-patches/bash32-051;apply=yes;striplevel=0;name=patch003 \
            file://mkbuiltins_have_stringize.patch \
+           file://cve-2014-6271.patch;striplevel=0 \
+           file://cve-2014-7169.patch \
+           file://Fix-for-bash-exported-function-namespace-change.patch \
+           file://cve-2014-7186_cve-2014-7187.patch \
+           file://cve-2014-6277.patch \
+           file://cve-2014-6278.patch \
           "
 
 SRC_URI[tarball.md5sum] = "338dcf975a93640bb3eaa843ca42e3f8"

meta/recipes-extended/bash/bash_4.2.bb

@@ -19,8 +19,14 @@ SRC_URI = "${GNU_MIRROR}/bash/${BPN}-${PV}.tar.gz;name=tarball \
            ${GNU_MIRROR}/bash/bash-4.2-patches/bash42-010;apply=yes;striplevel=0;name=patch010 \
            file://execute_cmd.patch;striplevel=0 \
            file://mkbuiltins_have_stringize.patch \
+           file://cve-2014-6271.patch;striplevel=0 \
+           file://cve-2014-7169.patch \
            file://build-tests.patch \
            file://test-output.patch \
+           file://Fix-for-bash-exported-function-namespace-change.patch;striplevel=0 \
+           file://cve-2014-7186_cve-2014-7187.patch;striplevel=0 \
+           file://cve-2014-6277.patch \
+           file://cve-2014-6278.patch;striplevel=0 \
            file://run-ptest \
            "
 

meta/recipes-extended/findutils/findutils-4.2.31/findutils-fix-doc-build-error.patch

@@ -0,0 +1,53 @@
+From 33cba24cba7b0973a702e9627bd5b93962948ae4 Mon Sep 17 00:00:00 2001
+From: Jackie Huang <jackie.huang@windriver.com>
+Date: Tue, 17 Sep 2013 16:11:16 +0800
+Subject: [PATCH] findutils: fix doc build error
+
+Upstream-Status: Backport
+
+Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
+---
+ doc/find.texi |    6 +++---
+ 1 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/doc/find.texi b/doc/find.texi
+index 5b5f0cf..b3d9c6b 100644
+--- a/doc/find.texi
++++ b/doc/find.texi
+@@ -63,7 +63,7 @@ translation approved by the Foundation.
+
+ @page
+ @vskip 0pt plus 1filll
+-@insertcopying{}
++@insertcopying
+ @end titlepage
+
+ @contents
+@@ -1466,6 +1466,7 @@ no output is ever sent to it.
+ * Escapes::
+ * Format Directives::
+ * Time Formats::
++* Formatting Flags::
+ @end menu
+
+ @node Escapes
+@@ -1534,7 +1535,6 @@ from the novel you are reading.
+ * Size Directives::
+ * Location Directives::
+ * Time Directives::
+-* Formatting Flags::
+ @end menu
+
+ @node Name Directives
+@@ -1780,7 +1780,7 @@ setting the TZ environment variable).  This is a GNU extension.
+ @end table
+
+ @node Formatting Flags
+-@subsubsection Formatting Flags
++@subsection Formatting Flags
+
+ The @samp{%m} and @samp{%d} directives support the @samp{#}, @samp{0}
+ and @samp{+} flags, but the other directives do not, even if they
+--
+1.7.4.1
+

meta/recipes-extended/findutils/findutils_4.2.31.bb

@@ -6,6 +6,7 @@ require findutils.inc
 
 SRC_URI += "file://gnulib-extension.patch \
             file://findutils_fix_for_automake-1.12.patch \
+            file://findutils-fix-doc-build-error.patch \
            "
 
 SRC_URI[md5sum] = "a0e31a0f18a49709bf5a449867c8049a"

meta/recipes-extended/grep/grep-2.5.1a/fix-for-texinfo-5.1.patch

@@ -0,0 +1,13 @@
+Index: grep-2.5.1a/doc/grep.texi
+===================================================================
+--- grep-2.5.1a.orig/doc/grep.texi
++++ grep-2.5.1a/doc/grep.texi
+@@ -288,7 +288,7 @@ This version number should be included i
+ Print a usage message briefly summarizing these command-line options
+ and the bug-reporting address, then exit.
+ 
+-@itemx --binary-files=@var{type}
++@item --binary-files=@var{type}
+ @opindex --binary-files
+ @cindex binary files
+ If the first few bytes of a file indicate that the file contains binary

meta/recipes-extended/grep/grep_2.5.1a.bb

@@ -14,6 +14,7 @@ SRC_URI = "${GNU_MIRROR}/grep/grep-${PV}.tar.bz2 \
            file://fix64-int-to-pointer.patch \
            file://Makevars \
            file://grep-CVE-2012-5667.patch \
+           file://fix-for-texinfo-5.1.patch \
           "
 
 SRC_URI[md5sum] = "52202fe462770fa6be1bb667bd6cf30c"

meta/recipes-extended/lsb/lsbtest/LSB_Test.sh

@@ -272,7 +272,7 @@ then
 fi
 
 if ! `grep -F -q "noarch-suse" ${PLATFORM_FILE}`; then
-	if [ ${ARCH} == i686 ];then
+	if [ ${ARCH} = i686 ];then
 		echo "i486-suse" >> ${PLATFORM_FILE}
 		echo "i486-noarch" >> ${PLATFORM_FILE}
 		echo "i486-pc" >> ${PLATFORM_FILE}

meta/recipes-extended/lsb/lsbtest_1.0.bb

@@ -19,15 +19,15 @@ do_install() {
 	install -d  ${D}/opt/lsb-test
 	install -m 0644 ${S}/packages_list ${D}/opt/lsb-test/packages_list
 	install -m 0644 ${S}/session ${D}/opt/lsb-test/session
-	if [ "${TARGET_ARCH}" == "i586" ];then
+	if [ "${TARGET_ARCH}" = "i586" ];then
 		sed -i -e 's/lsbarch/ia32/g' -e 's/targetarch/i486/g' ${D}/opt/lsb-test/packages_list
 		sed -i -e 's/targetarch/x86/g' ${D}/opt/lsb-test/session
 	fi
-	if [ "${TARGET_ARCH}" == "x86_64" ];then
+	if [ "${TARGET_ARCH}" = "x86_64" ];then
 		sed -i -e 's/lsbarch/amd64/g' -e 's/targetarch/x86_64/g' ${D}/opt/lsb-test/packages_list
 		sed -i -e 's/targetarch/x86-64/g' ${D}/opt/lsb-test/session
 	fi
-	if [ "${TARGET_ARCH}" == "powerpc" ];then
+	if [ "${TARGET_ARCH}" = "powerpc" ];then
 		sed -i -e 's/lsbarch/ppc32/g' -e 's/targetarch/ppc/g' ${D}/opt/lsb-test/packages_list
 		sed -i -e 's/targetarch/PPC32/g' ${D}/opt/lsb-test/session
 	fi

meta/recipes-extended/mc/mc_4.7.5.2.bb

@@ -20,6 +20,28 @@ EXTRA_OECONF = "--with-screen=ncurses --without-gpm-mouse --without-x --without-
 FILES_${PN}-dbg += "${libexecdir}/mc/.debug/"
 
 do_install_append () {
-       sed -i -e '1s,#!.*perl,#!${bindir}/env perl,' ${D}${libexecdir}/mc/extfs.d/*
-       
+	sed -i -e '1s,#!.*perl,#!${bindir}/env perl,' ${D}${libexecdir}/mc/extfs.d/*
+	sed -i -e '1s,#!.*python,#!${bindir}/env python,' ${D}${libexecdir}/mc/extfs.d/*
 }
+
+PACKAGES =+ "${BPN}-helpers-perl ${BPN}-helpers-python ${BPN}-helpers ${BPN}-fish"
+
+DESCRIPTION_${BPN}-helpers-perl = "Midnight Commander perl based helper scripts" 
+FILES_${BPN}-helpers-perl = "${libexecdir}/mc/extfs.d/a+ ${libexecdir}/mc/extfs.d/apt+ \
+                             ${libexecdir}/mc/extfs.d/deb ${libexecdir}/mc/extfs.d/deba \
+                             ${libexecdir}/mc/extfs.d/debd ${libexecdir}/mc/extfs.d/dpkg+ \
+                             ${libexecdir}/mc/extfs.d/mailfs ${libexecdir}/mc/extfs.d/patchfs \ 
+                             ${libexecdir}/mc/extfs.d/rpms+ ${libexecdir}/mc/extfs.d/ulib \ 
+                             ${libexecdir}/mc/extfs.d/uzip"
+RDEPENDS_${BPN}-helpers-perl = "perl"
+
+DESCRIPTION_${BPN}-helpers-python = "Midnight Commander python based helper scripts" 
+FILES_${BPN}-helpers-python = "${libexecdir}/mc/extfs.d/s3+ ${libexecdir}/mc/extfs.d/uc1541"
+RDEPENDS_${BPN}-helpers-python = "python"
+
+DESCRIPTION_${BPN}-helpers = "Midnight Commander shell helper scripts" 
+FILES_${BPN}-helpers = "${libexecdir}/mc/extfs.d/* ${libexecdir}/mc/ext.d/*"
+
+DESCRIPTION_${BPN}-fish = "Midnight Commander Fish scripts"
+FILES_${BPN}-fish = "${libexecdir}/mc/fish"
+

meta/recipes-extended/mc/mc_4.8.7.bb

@@ -21,5 +21,26 @@ FILES_${PN}-dbg += "${libexecdir}/mc/.debug/"
 
 do_install_append () {
 	sed -i -e '1s,#!.*perl,#!${bindir}/env perl,' ${D}${libexecdir}/mc/extfs.d/*
-	rm -rf ${D}${libdir}
+	sed -i -e '1s,#!.*python,#!${bindir}/env python,' ${D}${libexecdir}/mc/extfs.d/*
 }
+
+PACKAGES =+ "${BPN}-helpers-perl ${BPN}-helpers-python ${BPN}-helpers ${BPN}-fish"
+
+DESCRIPTION_${BPN}-helpers-perl = "Midnight Commander perl based helper scripts" 
+FILES_${BPN}-helpers-perl = "${libexecdir}/mc/extfs.d/a+ ${libexecdir}/mc/extfs.d/apt+ \
+                             ${libexecdir}/mc/extfs.d/deb ${libexecdir}/mc/extfs.d/deba \
+                             ${libexecdir}/mc/extfs.d/debd ${libexecdir}/mc/extfs.d/dpkg+ \
+                             ${libexecdir}/mc/extfs.d/mailfs ${libexecdir}/mc/extfs.d/patchfs \ 
+                             ${libexecdir}/mc/extfs.d/rpms+ ${libexecdir}/mc/extfs.d/ulib \ 
+                             ${libexecdir}/mc/extfs.d/uzip"
+RDEPENDS_${BPN}-helpers-perl = "perl"
+
+DESCRIPTION_${BPN}-helpers-python = "Midnight Commander python based helper scripts" 
+FILES_${BPN}-helpers-python = "${libexecdir}/mc/extfs.d/s3+ ${libexecdir}/mc/extfs.d/uc1541"
+RDEPENDS_${BPN}-helpers-python = "python"
+
+DESCRIPTION_${BPN}-helpers = "Midnight Commander shell helper scripts" 
+FILES_${BPN}-helpers = "${libexecdir}/mc/extfs.d/* ${libexecdir}/mc/ext.d/*"
+
+DESCRIPTION_${BPN}-fish = "Midnight Commander Fish scripts"
+FILES_${BPN}-fish = "${libexecdir}/mc/fish"

meta/recipes-graphics/xorg-lib/libx11/xeatdatawords.patch

@@ -0,0 +1,65 @@
+From 9f5d83706543696fc944c1835a403938c06f2cc5 Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Sat, 02 Mar 2013 04:54:24 +0000
+Subject: Add _XEatDataWords to discard a given number of 32-bit words of reply data
+
+Matches the units of the length field in X protocol replies, and provides
+a single implementation of overflow checking to avoid having to replicate
+those checks in every caller.
+
+Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+Reviewed-by: Matthieu Herrb <matthieu.herrb@laas.fr>
+
+Upstream-Status: Backport
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+---
+diff --git a/include/X11/Xlibint.h b/include/X11/Xlibint.h
+index 06395b3..d63a534 100644
+--- a/include/X11/Xlibint.h
++++ b/include/X11/Xlibint.h
+@@ -855,6 +855,10 @@ extern void _XEatData(
+     Display*		/* dpy */,
+     unsigned long	/* n */
+ );
++extern void _XEatDataWords(
++    Display*		/* dpy */,
++    unsigned long	/* n */
++);
+ extern char *_XAllocScratch(
+     Display*		/* dpy */,
+     unsigned long	/* nbytes */
+diff --git a/src/xcb_io.c b/src/xcb_io.c
+index 300ef57..727c6c7 100644
+--- a/src/xcb_io.c
++++ b/src/xcb_io.c
+@@ -19,6 +19,7 @@
+ #include <stdint.h>
+ #include <stdlib.h>
+ #include <string.h>
++#include <limits.h>
+ #ifdef HAVE_SYS_SELECT_H
+ #include <sys/select.h>
+ #endif
+@@ -757,3 +758,19 @@ void _XEatData(Display *dpy, unsigned long n)
+ 	dpy->xcb->reply_consumed += n;
+ 	_XFreeReplyData(dpy, False);
+ }
++
++/*
++ * Read and discard "n" 32-bit words of data
++ * Matches the units of the length field in X protocol replies, and provides
++ * a single implementation of overflow checking to avoid having to replicate
++ * those checks in every caller.
++ */
++void _XEatDataWords(Display *dpy, unsigned long n)
++{
++	if (n < ((INT_MAX - dpy->xcb->reply_consumed) >> 2))
++		dpy->xcb->reply_consumed += (n << 2);
++	else
++		/* Overflow would happen, so just eat the rest of the reply */
++		dpy->xcb->reply_consumed = dpy->xcb->reply_length;
++	_XFreeReplyData(dpy, False);
++}
+--
+cgit v0.9.0.2-2-gbebe

meta/recipes-graphics/xorg-lib/libx11_1.5.0.bb

@@ -7,6 +7,7 @@ BBCLASSEXTEND = "native nativesdk"
 
 SRC_URI += "file://keysymdef_include.patch \
             file://disable_tests.patch \
+            file://xeatdatawords.patch \
            "
 
 SRC_URI[md5sum] = "78b4b3bab4acbdf0abcfca30a8c70cc6"