documentation: Updated the Manual Revision History tables.

The release pushed into March so I changed the revision date
in the manual history tables from February to March.

(From yocto-docs rev: 27214ecebd7a74eb54bc92aaff020b5dbfa8d2ba)

Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

bitbake/lib/bb/cache.py

@@ -526,7 +526,7 @@ class Cache(object):
 
         if appends != info_array[0].appends:
             logger.debug(2, "Cache: appends for %s changed", fn)
-            bb.note("%s to %s" % (str(appends), str(info_array[0].appends)))
+            logger.debug(2, "%s to %s" % (str(appends), str(info_array[0].appends)))
             self.remove(fn)
             return False
 

bitbake/lib/bb/cooker.py

@@ -1606,6 +1606,7 @@ class Parser(multiprocessing.Process):
         self.quit = quit
         self.init = init
         multiprocessing.Process.__init__(self)
+        self.context = bb.utils._context.copy()
 
     def run(self):
         if self.init:
@@ -1640,6 +1641,7 @@ class Parser(multiprocessing.Process):
 
     def parse(self, filename, appends, caches_array):
         try:
+            bb.utils._context = self.context.copy()
             return True, bb.cache.Cache.parse(filename, appends, self.cfg, caches_array)
         except Exception as exc:
             tb = sys.exc_info()[2]

bitbake/lib/bb/fetch2/__init__.py

@@ -325,7 +325,7 @@ def decodeurl(url):
     user, password, parameters).
     """
 
-    m = re.compile('(?P<type>[^:]*)://((?P<user>.+)@)?(?P<location>[^;]+)(;(?P<parm>.*))?').match(url)
+    m = re.compile('(?P<type>[^:]*)://((?P<user>[^/]+)@)?(?P<location>[^;]+)(;(?P<parm>.*))?').match(url)
     if not m:
         raise MalformedUrl(url)
 

bitbake/lib/bb/fetch2/hg.py

@@ -92,7 +92,10 @@ class Hg(FetchMethod):
         if not ud.user:
             hgroot = host + ud.path
         else:
-            hgroot = ud.user + "@" + host + ud.path
+            if ud.pswd:
+                hgroot = ud.user + ":" + ud.pswd + "@" + host + ud.path
+            else:
+                hgroot = ud.user + "@" + host + ud.path
 
         if command == "info":
             return "%s identify -i %s://%s/%s" % (basecmd, proto, hgroot, ud.module)
@@ -112,7 +115,10 @@ class Hg(FetchMethod):
             # do not pass options list; limiting pull to rev causes the local
             # repo not to contain it and immediately following "update" command
             # will crash
-            cmd = "%s pull" % (basecmd)
+            if ud.user and ud.pswd:
+                cmd = "%s --config auth.default.prefix=* --config auth.default.username=%s --config auth.default.password=%s --config \"auth.default.schemes=%s\" pull" % (basecmd, ud.user, ud.pswd, proto)
+            else:
+                cmd = "%s pull" % (basecmd)
         elif command == "update":
             cmd = "%s update -C %s" % (basecmd, " ".join(options))
         else:

bitbake/lib/bb/fetch2/perforce.py

@@ -112,7 +112,7 @@ class Perforce(FetchMethod):
         base = path
         which = path.find('/...')
         if which != -1:
-            base = path[:which]
+            base = path[:which-1]
 
         base = self._strip_leading_slashes(base)
 

bitbake/lib/bb/fetch2/svn.py

@@ -27,6 +27,7 @@ import os
 import sys
 import logging
 import bb
+import re
 from   bb import data
 from   bb.fetch2 import FetchMethod
 from   bb.fetch2 import FetchError
@@ -89,6 +90,8 @@ class Svn(FetchMethod):
 
         if command == "info":
             svncmd = "%s info %s %s://%s/%s/" % (ud.basecmd, " ".join(options), proto, svnroot, ud.module)
+        elif command == "log1":
+            svncmd = "%s log --limit 1 %s %s://%s/%s/" % (ud.basecmd, " ".join(options), proto, svnroot, ud.module)
         else:
             suffix = ""
             if ud.revision:
@@ -165,14 +168,13 @@ class Svn(FetchMethod):
         """
         Return the latest upstream revision number
         """
-        bb.fetch2.check_network_access(d, self._buildsvncommand(ud, d, "info"))
+        bb.fetch2.check_network_access(d, self._buildsvncommand(ud, d, "log1"))
 
-        output = runfetchcmd("LANG=C LC_ALL=C " + self._buildsvncommand(ud, d, "info"), d, True)
+        output = runfetchcmd("LANG=C LC_ALL=C " + self._buildsvncommand(ud, d, "log1"), d, True)
 
-        revision = None
-        for line in output.splitlines():
-            if "Last Changed Rev" in line:
-                revision = line.split(":")[1].strip()
+        # skip the first line, as per output of svn log
+        # then we expect the revision on the 2nd line
+        revision = re.search('^r([0-9]*)', output.splitlines()[1]).group(1)
 
         return revision
 

bitbake/lib/bb/methodpool.py

@@ -17,24 +17,7 @@
 # with this program; if not, write to the Free Software Foundation, Inc.,
 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 
-
-"""
-    What is a method pool?
-
-    BitBake has a global method scope where .bb, .inc and .bbclass
-    files can install methods. These methods are parsed from strings.
-    To avoid recompiling and executing these string we introduce
-    a method pool to do this task.
-
-    This pool will be used to compile and execute the functions. It
-    will be smart enough to
-"""
-
 from bb.utils import better_compile, better_exec
-from bb       import error
-
-# A dict of function names we have seen
-_parsed_fns     = { }
 
 def insert_method(modulename, code, fn):
     """
@@ -43,29 +26,3 @@ def insert_method(modulename, code, fn):
     """
     comp = better_compile(code, modulename, fn )
     better_exec(comp, None, code, fn)
-
-    # now some instrumentation
-    code = comp.co_names
-    for name in code:
-        if name in ['None', 'False']:
-            continue
-        elif name in _parsed_fns and not _parsed_fns[name] == modulename:
-            error("The function %s defined in %s was already declared in %s. BitBake has a global python function namespace so shared functions should be declared in a common include file rather than being duplicated, or if the functions are different, please use different function names." % (name, modulename, _parsed_fns[name]))
-        else:
-            _parsed_fns[name] = modulename
-
-# A dict of modules the parser has finished with
-_parsed_methods = {}
-
-def parsed_module(modulename):
-    """
-    Has module been parsed?
-    """
-    return modulename in _parsed_methods
-
-def set_parsed_module(modulename):
-    """
-    Set module as parsed
-    """
-    _parsed_methods[modulename] = True
-

bitbake/lib/bb/parse/ast.py

@@ -148,9 +148,8 @@ class MethodNode(AstNode):
         text = '\n'.join(self.body)
         if self.func_name == "__anonymous":
             funcname = ("__anon_%s_%s" % (self.lineno, self.filename.translate(string.maketrans('/.+-', '____'))))
-            if not funcname in bb.methodpool._parsed_fns:
-                text = "def %s(d):\n" % (funcname) + text
-                bb.methodpool.insert_method(funcname, text, self.filename)
+            text = "def %s(d):\n" % (funcname) + text
+            bb.methodpool.insert_method(funcname, text, self.filename)
             anonfuncs = data.getVar('__BBANONFUNCS') or []
             anonfuncs.append(funcname)
             data.setVar('__BBANONFUNCS', anonfuncs)
@@ -171,8 +170,7 @@ class PythonMethodNode(AstNode):
         # 'this' file. This means we will not parse methods from
         # bb classes twice
         text = '\n'.join(self.body)
-        if not bb.methodpool.parsed_module(self.modulename):
-            bb.methodpool.insert_method(self.modulename, text, self.filename)
+        bb.methodpool.insert_method(self.modulename, text, self.filename)
         data.setVarFlag(self.function, "func", 1)
         data.setVarFlag(self.function, "python", 1)
         data.setVar(self.function, text)

bitbake/lib/bb/parse/parse_py/BBHandler.py

@@ -166,10 +166,6 @@ def handle(fn, d, include):
     if oldfile:
         d.setVar("FILE", oldfile)
 
-    # we have parsed the bb class now
-    if ext == ".bbclass" or ext == ".inc":
-        bb.methodpool.set_parsed_module(base_name)
-
     return d
 
 def feeder(lineno, s, fn, root, statements):

bitbake/lib/bb/tests/fetch.py

@@ -407,7 +407,8 @@ class URLHandle(unittest.TestCase):
     datatable = {
        "http://www.google.com/index.html" : ('http', 'www.google.com', '/index.html', '', '', {}),
        "cvs://anoncvs@cvs.handhelds.org/cvs;module=familiar/dist/ipkg" : ('cvs', 'cvs.handhelds.org', '/cvs', 'anoncvs', '', {'module': 'familiar/dist/ipkg'}),
-       "cvs://anoncvs:anonymous@cvs.handhelds.org/cvs;tag=V0-99-81;module=familiar/dist/ipkg" : ('cvs', 'cvs.handhelds.org', '/cvs', 'anoncvs', 'anonymous', {'tag': 'V0-99-81', 'module': 'familiar/dist/ipkg'})
+       "cvs://anoncvs:anonymous@cvs.handhelds.org/cvs;tag=V0-99-81;module=familiar/dist/ipkg" : ('cvs', 'cvs.handhelds.org', '/cvs', 'anoncvs', 'anonymous', {'tag': 'V0-99-81', 'module': 'familiar/dist/ipkg'}),
+       "git://git.openembedded.org/bitbake;branch=@foo" : ('git', 'git.openembedded.org', '/bitbake', '', '', {'branch': '@foo'})
     }
 
     def test_decodeurl(self):

bitbake/lib/bb/ui/crumbs/hoblistmodel.py

@@ -181,7 +181,9 @@ class PackageListModel(gtk.ListStore):
     def sort_func(self, model, iter1, iter2, user_data):
         val1 = model.get_value(iter1, PackageListModel.COL_NAME)
         val2 = model.get_value(iter2, PackageListModel.COL_NAME)
-        if val1.startswith(user_data) and not val2.startswith(user_data):
+        if val1 is None or val2 is None:
+            return 0
+        elif val1.startswith(user_data) and not val2.startswith(user_data):
             return -1
         elif not val1.startswith(user_data) and val2.startswith(user_data):
             return 1
@@ -562,7 +564,9 @@ class RecipeListModel(gtk.ListStore):
     def sort_func(self, model, iter1, iter2, user_data):
         val1 = model.get_value(iter1, RecipeListModel.COL_NAME)
         val2 = model.get_value(iter2, RecipeListModel.COL_NAME)
-        if val1.startswith(user_data) and not val2.startswith(user_data):
+        if val1 is None or val2 is None:
+            return 0
+        elif val1.startswith(user_data) and not val2.startswith(user_data):
             return -1
         elif not val1.startswith(user_data) and val2.startswith(user_data):
             return 1

documentation/adt-manual/adt-manual.xml

@@ -71,6 +71,11 @@
                 <date>August 2013</date>
                 <revremark>Released with the Yocto Project 1.4.2 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>1.4.3</revnumber>
+                <date>March 2014</date>
+                <revremark>Released with the Yocto Project 1.4.3 Release.</revremark>
+            </revision>
       </revhistory>
 
     <copyright>

documentation/bsp-guide/bsp-guide.xml

@@ -83,6 +83,11 @@
                 <date>August 2013</date>
                 <revremark>Released with the Yocto Project 1.4.2 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>1.4.3</revnumber>
+                <date>March 2014</date>
+                <revremark>Released with the Yocto Project 1.4.3 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/dev-manual/dev-manual.xml

@@ -61,6 +61,11 @@
                 <date>August 2013</date>
                 <revremark>Released with the Yocto Project 1.4.2 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>1.4.3</revnumber>
+                <date>March 2014</date>
+                <revremark>Released with the Yocto Project 1.4.3 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/kernel-dev/kernel-dev.xml

@@ -46,6 +46,11 @@
                 <date>August 2013</date>
                 <revremark>Released with the Yocto Project 1.4.2 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>1.4.3</revnumber>
+                <date>March 2014</date>
+                <revremark>Released with the Yocto Project 1.4.3 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/poky.ent

@@ -1,11 +1,11 @@
-<!ENTITY DISTRO "1.4.2">
-<!ENTITY DISTRO_COMPRESSED "142">
+<!ENTITY DISTRO "1.4.3">
+<!ENTITY DISTRO_COMPRESSED "143">
 <!ENTITY DISTRO_NAME "dylan">
-<!ENTITY YOCTO_DOC_VERSION "1.4.2">
-<!ENTITY POKYVERSION "9.0.2">
-<!ENTITY POKYVERSION_COMPRESSED "902">
+<!ENTITY YOCTO_DOC_VERSION "1.4.3">
+<!ENTITY POKYVERSION "9.0.3">
+<!ENTITY POKYVERSION_COMPRESSED "903">
 <!ENTITY YOCTO_POKY "poky-&DISTRO_NAME;-&POKYVERSION;">
-<!ENTITY COPYRIGHT_YEAR "2010-2013">
+<!ENTITY COPYRIGHT_YEAR "2010-2014">
 <!ENTITY YOCTO_DL_URL "http://downloads.yoctoproject.org">
 <!ENTITY YOCTO_HOME_URL "http://www.yoctoproject.org">
 <!ENTITY YOCTO_LISTS_URL "http://lists.yoctoproject.org">
@@ -16,7 +16,7 @@
 <!ENTITY YOCTO_ADTREPO_URL "http://adtrepo.yoctoproject.org">
 <!ENTITY YOCTO_RELEASE_NOTES "&YOCTO_HOME_URL;/download/yocto-project-&DISTRO_COMPRESSED;-poky-&POKYVERSION_COMPRESSED;">
 <!ENTITY OE_HOME_URL "http://www.openembedded.org">
-<!ENTITY OE_LISTS_URL "http://lists.linuxtogo.org/cgi-bin/mailman">
+<!ENTITY OE_LISTS_URL "http://lists.openembedded.org/mailman">
 <!ENTITY OE_DOCS_URL "http://docs.openembedded.org">
 <!ENTITY OH_HOME_URL "http://o-hand.com">
 <!ENTITY BITBAKE_HOME_URL "http://developer.berlios.de/projects/bitbake/">
@@ -35,7 +35,7 @@
 <!ENTITY YOCTO_RELEASE_DL_URL "&YOCTO_DL_URL;/releases/yocto/yocto-&DISTRO;">
 <!ENTITY YOCTO_TOOLCHAIN_DL_URL "&YOCTO_RELEASE_DL_URL;/toolchain/">
 <!ENTITY YOCTO_ECLIPSE_DL_URL "&YOCTO_RELEASE_DL_URL;/eclipse-plugin/indigo;">
-<!ENTITY YOCTO_ADTINSTALLER_DL_URL "&YOCTO_RELEASE_DL_URL;/adt_installer">
+<!ENTITY YOCTO_ADTINSTALLER_DL_URL "&YOCTO_RELEASE_DL_URL;/adt-installer">
 <!ENTITY YOCTO_POKY_DL_URL "&YOCTO_RELEASE_DL_URL;/&YOCTO_POKY;.tar.bz2">
 <!ENTITY YOCTO_MACHINES_DL_URL "&YOCTO_RELEASE_DL_URL;/machines">
 <!ENTITY YOCTO_QEMU_DL_URL "&YOCTO_MACHINES_DL_URL;/qemu">

documentation/profile-manual/profile-manual.xml

@@ -46,6 +46,11 @@
                 <date>August 2013</date>
                 <revremark>Released with the Yocto Project 1.4.2 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>1.4.3</revnumber>
+                <date>March 2014</date>
+                <revremark>Released with the Yocto Project 1.4.3 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/ref-manual/ref-manual.xml

@@ -77,6 +77,11 @@
                 <date>August 2013</date>
                 <revremark>Released with the Yocto Project 1.4.2 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>1.4.3</revnumber>
+                <date>March 2014</date>
+                <revremark>Released with the Yocto Project 1.4.3 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/tools/mega-manual.sed

@@ -1,14 +1,14 @@
 # Processes ref-manual and yocto-project-qs manual (<word>-<word>-<word> style)
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.2\/[a-z]*-[a-z]*-[a-z]*\/[a-z]*-[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.3\/[a-z]*-[a-z]*-[a-z]*\/[a-z]*-[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
 
 # Processes all other manuals (<word>-<word> style)
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.2\/[a-z]*-[a-z]*\/[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.3\/[a-z]*-[a-z]*\/[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
 
 # Process cases where just an external manual is referenced without an id anchor
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.2\/yocto-project-qs\/yocto-project-qs.html\" target=\"_top\">Yocto Project Quick Start<\/a>/Yocto Project Quick Start/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.2\/dev-manual\/dev-manual.html\" target=\"_top\">Yocto Project Development Manual<\/a>/Yocto Project Development Manual/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.2\/adt-manual\/adt-manual.html\" target=\"_top\">Yocto Project Application Developer's Guide<\/a>/Yocto Project Application Developer's Guide/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.2\/bsp-guide\/bsp-guide.html\" target=\"_top\">Yocto Project Board Support Package (BSP) Developer's Guide<\/a>/Yocto Project Board Support Package (BSP) Developer's Guide/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.2\/profile-manual\/profile-manual.html\" target=\"_top\">Yocto Project Profile and Tracing Manual<\/a>/Yocto Project Profile and Tracing Manual/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.2\/kernel-dev\/kernel-dev.html\" target=\"_top\">Yocto Project Linux Kernel Development Manual<\/a>/Yocto Project Linux Kernel Development Manual/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.2\/ref-manual\/ref-manual.html\" target=\"_top\">Yocto Project Reference Manual<\/a>/Yocto Project Reference Manual/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.3\/yocto-project-qs\/yocto-project-qs.html\" target=\"_top\">Yocto Project Quick Start<\/a>/Yocto Project Quick Start/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.3\/dev-manual\/dev-manual.html\" target=\"_top\">Yocto Project Development Manual<\/a>/Yocto Project Development Manual/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.3\/adt-manual\/adt-manual.html\" target=\"_top\">Yocto Project Application Developer's Guide<\/a>/Yocto Project Application Developer's Guide/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.3\/bsp-guide\/bsp-guide.html\" target=\"_top\">Yocto Project Board Support Package (BSP) Developer's Guide<\/a>/Yocto Project Board Support Package (BSP) Developer's Guide/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.3\/profile-manual\/profile-manual.html\" target=\"_top\">Yocto Project Profile and Tracing Manual<\/a>/Yocto Project Profile and Tracing Manual/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.3\/kernel-dev\/kernel-dev.html\" target=\"_top\">Yocto Project Linux Kernel Development Manual<\/a>/Yocto Project Linux Kernel Development Manual/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.3\/ref-manual\/ref-manual.html\" target=\"_top\">Yocto Project Reference Manual<\/a>/Yocto Project Reference Manual/g

meta-yocto/conf/distro/poky.conf

@@ -1,6 +1,6 @@
 DISTRO = "poky"
-DISTRO_NAME = "Poky 9.0.2 (Yocto Project 1.4 Reference Distro)"
-DISTRO_VERSION = "1.4.2"
+DISTRO_NAME = "Poky 9.0.3 (Yocto Project 1.4.3 Reference Distro)"
+DISTRO_VERSION = "1.4.3"
 DISTRO_CODENAME = "dylan"
 SDK_VENDOR = "-pokysdk"
 SDK_VERSION := "${@'${DISTRO_VERSION}'}"
@@ -77,6 +77,7 @@ SANITY_TESTED_DISTROS ?= " \
             Poky-1.4 \n \
             Poky-1.4.1 \n \
             Poky-1.4.2 \n \
+            Poky-1.4.3 \n \
             Ubuntu-10.04 \n \
             Ubuntu-11.10 \n \
             Ubuntu-12.04 \n \

meta/classes/cmake.bbclass

@@ -35,7 +35,7 @@ cmake_do_generate_toolchain_file() {
 	cat > ${WORKDIR}/toolchain.cmake <<EOF
 # CMake system name must be something like "Linux".
 # This is important for cross-compiling.
-set( CMAKE_SYSTEM_NAME `echo ${SDK_OS} | sed 's/^./\u&/'` )
+set( CMAKE_SYSTEM_NAME `echo ${TARGET_OS} | sed -e 's/^./\u&/' -e 's/^\(Linux\).*/\1/'` )
 set( CMAKE_SYSTEM_PROCESSOR ${TARGET_ARCH} )
 set( CMAKE_C_COMPILER ${OECMAKE_C_COMPILER} )
 set( CMAKE_CXX_COMPILER ${OECMAKE_CXX_COMPILER} )

meta/classes/image-mklibs.bbclass

@@ -40,6 +40,7 @@ mklibs_optimize_image_doit() {
 		--ldlib ${dynamic_loader} \
 		--libdir ${baselib} \
 		--sysroot ${PKG_CONFIG_SYSROOT_DIR} \
+		--gcc-options "--sysroot=${PKG_CONFIG_SYSROOT_DIR}" \
 		--root ${IMAGE_ROOTFS} \
 		--target `echo ${TARGET_PREFIX} | sed 's/-$//' ` \
 		-d ${WORKDIR}/mklibs/dest \

meta/classes/kernel.bbclass

@@ -237,14 +237,6 @@ do_savedefconfig() {
 do_savedefconfig[nostamp] = "1"
 addtask savedefconfig after do_configure
 
-pkg_postinst_kernel-base () {
-	update-alternatives --install /${KERNEL_IMAGEDEST}/${KERNEL_IMAGETYPE} ${KERNEL_IMAGETYPE} ${KERNEL_IMAGETYPE}-${KERNEL_VERSION} ${KERNEL_PRIORITY} || true
-}
-
-pkg_postrm_kernel-base () {
-	update-alternatives --remove ${KERNEL_IMAGETYPE} ${KERNEL_IMAGETYPE}-${KERNEL_VERSION} || true
-}
-
 inherit cml1
 
 EXPORT_FUNCTIONS do_compile do_install do_configure
@@ -272,14 +264,19 @@ ALLOW_EMPTY_kernel-modules = "1"
 DESCRIPTION_kernel-modules = "Kernel modules meta package"
 
 pkg_postinst_kernel-image () {
-if [ ! -e "$D/lib/modules/${KERNEL_VERSION}" ]; then
-	mkdir -p $D/lib/modules/${KERNEL_VERSION}
-fi
-if [ -n "$D" ]; then
-	depmodwrapper -a -b $D ${KERNEL_VERSION}
-else
-	depmod -a ${KERNEL_VERSION}
-fi
+	update-alternatives --install /${KERNEL_IMAGEDEST}/${KERNEL_IMAGETYPE} ${KERNEL_IMAGETYPE} ${KERNEL_IMAGETYPE}-${KERNEL_VERSION} ${KERNEL_PRIORITY} || true
+	if [ ! -e "$D/lib/modules/${KERNEL_VERSION}" ]; then
+		mkdir -p $D/lib/modules/${KERNEL_VERSION}
+	fi
+	if [ -n "$D" ]; then
+		depmodwrapper -a -b $D ${KERNEL_VERSION}
+	else
+		depmod -a ${KERNEL_VERSION}
+	fi
+}
+
+pkg_postrm_kernel-image () {
+	update-alternatives --remove ${KERNEL_IMAGETYPE} ${KERNEL_IMAGETYPE}-${KERNEL_VERSION} || true
 }
 
 PACKAGESPLITFUNCS_prepend = "split_kernel_packages "

meta/classes/libc-package.bbclass

@@ -96,14 +96,14 @@ do_prep_locale_tree() {
 	treedir=${WORKDIR}/locale-tree
 	rm -rf $treedir
 	mkdir -p $treedir/${base_bindir} $treedir/${base_libdir} $treedir/${datadir} $treedir/${localedir}
-	tar -cf - -C ${LOCALETREESRC}${datadir} -ps i18n | tar -xf - -C $treedir/${datadir}
+	tar -cf - -C ${LOCALETREESRC}${datadir} -p i18n | tar -xf - -C $treedir/${datadir}
 	# unzip to avoid parsing errors
 	for i in $treedir/${datadir}/i18n/charmaps/*gz; do 
 		gunzip $i
 	done
-	tar -cf - -C ${LOCALETREESRC}${base_libdir} -ps . | tar -xf - -C $treedir/${base_libdir}
+	tar -cf - -C ${LOCALETREESRC}${base_libdir} -p . | tar -xf - -C $treedir/${base_libdir}
 	if [ -f ${STAGING_DIR_NATIVE}${prefix_native}/lib/libgcc_s.* ]; then
-		tar -cf - -C ${STAGING_DIR_NATIVE}/${prefix_native}/${base_libdir} -ps libgcc_s.* | tar -xf - -C $treedir/${base_libdir}
+		tar -cf - -C ${STAGING_DIR_NATIVE}/${prefix_native}/${base_libdir} -p libgcc_s.* | tar -xf - -C $treedir/${base_libdir}
 	fi
 	install -m 0755 ${LOCALETREESRC}${bindir}/localedef $treedir/${base_bindir}
 }
@@ -113,7 +113,7 @@ do_collect_bins_from_locale_tree() {
 
 	parent=$(dirname ${localedir})
 	mkdir -p ${PKGD}/$parent
-	tar -cf - -C $treedir/$parent -ps $(basename ${localedir}) | tar -xf - -C ${PKGD}$parent
+	tar -cf - -C $treedir/$parent -p $(basename ${localedir}) | tar -xf - -C ${PKGD}$parent
 }
 
 inherit qemu

meta/classes/license.bbclass

@@ -51,11 +51,10 @@ license_create_manifest() {
 		printf "LICENSE:" >> ${LICENSE_MANIFEST}
 		for lic in ${pkged_lic}; do
 			# to reference a license file trim trailing + symbol
-			if [ -e "${LICENSE_DIRECTORY}/${pkged_pn}/generic_${lic%+}" ]; then
-				printf " ${lic}" >> ${LICENSE_MANIFEST}
-			else
-				echo "WARNING: The license listed ${lic} was not in the licenses collected for ${pkged_pn}"
+			if ! [ -e "${LICENSE_DIRECTORY}/${pkged_pn}/generic_${lic%+}" ]; then
+				bbwarn "The license listed ${lic} was not in the licenses collected for ${pkged_pn}"
 			fi
+                        printf " ${lic}" >> ${LICENSE_MANIFEST}
 		done
 		printf "\n\n" >> ${LICENSE_MANIFEST}
 	done
@@ -74,9 +73,9 @@ license_create_manifest() {
 					# Really don't need to copy the generics as they're 
 					# represented in the manifest and in the actual pkg licenses
 					# Doing so would make your image quite a bit larger
-					if [[ "${lic}" != "generic_"* ]]; then
+					if [ "${lic#generic_}" = "${lic}" ]; then
 						cp ${LICENSE_DIRECTORY}/${pkg}/${lic} ${IMAGE_ROOTFS}/usr/share/common-licenses/${pkg}/${lic}
-					elif [[ "${lic}" == "generic_"* ]]; then
+					else
 						if [ ! -f ${IMAGE_ROOTFS}/usr/share/common-licenses/${lic} ]; then
 							cp ${LICENSE_DIRECTORY}/${pkg}/${lic} ${IMAGE_ROOTFS}/usr/share/common-licenses/
 						fi

meta/classes/metadata_scm.bbclass

@@ -52,10 +52,13 @@ def base_get_metadata_monotone_revision(path, d):
     return monotone_revision
 
 def base_get_metadata_svn_revision(path, d):
+    # This only works with older subversion. For newer versions
+    # this function will need to be fixed by someone interested
     revision = "<unknown>"
     try:
-        revision = file( "%s/.svn/entries" % path ).readlines()[3].strip()
-    except IOError:
+        with open("%s/.svn/entries" % path) as f:
+            revision = f.readlines()[3].strip()
+    except IOError, IndexError:
         pass
     return revision
 

meta/classes/package.bbclass

@@ -451,7 +451,7 @@ python perform_packagecopy () {
     # Start by package population by taking a copy of the installed
     # files to operate on
     # Preserve sparse files and hard links
-    cmd = 'tar -cf - -C %s -ps . | tar -xf - -C %s' % (dest, dvar)
+    cmd = 'tar -cf - -C %s -p . | tar -xf - -C %s' % (dest, dvar)
     retval = subprocess.call(cmd, shell=True)
     if retval:
         bb.fatal("file copy failed with exit code %s (cmd was %s)" % (retval, cmd))
@@ -925,7 +925,7 @@ python populate_packages () {
     for pkg in packages.split():
         if d.getVar('LICENSE_EXCLUSION-' + pkg, True):
             bb.warn("%s has an incompatible license. Excluding from packaging." % pkg)
-        elif pkg in package_list:
+        if pkg in package_list:
             bb.error("%s is listed in PACKAGES multiple times, this leads to packaging errors." % pkg)
         else:
             package_list.append(pkg)
@@ -965,6 +965,9 @@ python populate_packages () {
                 continue
             seen.append(file)
 
+            if d.getVar('LICENSE_EXCLUSION-' + pkg, True):
+                continue
+
             def mkdir(src, dest, p):
                 src = os.path.join(src, p)
                 dest = os.path.join(dest, p)

meta/classes/package_rpm.bbclass

@@ -35,6 +35,11 @@ package_update_index_rpm () {
 		done
 	done
 
+	# FIXME stopgap for broken "bitbake package-index" since MULTILIB_PREFIX_LIST isn't set for that
+	if [ "$target_archs" = "" ] ; then
+		target_archs="${ALL_MULTILIB_PACKAGE_ARCHS}"
+	fi
+
 	target_archs=`echo "$target_archs" | tr - _`
 
 	archs=`for arch in $target_archs $sdk_archs ; do

meta/classes/populate_sdk_deb.bbclass

@@ -13,7 +13,7 @@ populate_sdk_post_deb () {
 	local target_rootfs=$1
 
 	mkdir -p ${target_rootfs}/etc
-	tar -cf - -C ${STAGING_ETCDIR_NATIVE} -ps apt | tar -xf - -C ${target_rootfs}/etc
+	tar -cf - -C ${STAGING_ETCDIR_NATIVE} -p apt | tar -xf - -C ${target_rootfs}/etc
 }
 
 populate_sdk_deb () {

meta/classes/sstate.bbclass

@@ -639,19 +639,12 @@ def setscene_depvalid(task, taskdependees, notneeded, d):
         return x.endswith("-native")
     def isNativeCross(x):
         return x.endswith("-native") or x.endswith("-cross") or x.endswith("-cross-initial")
-    def isSafeDep(x):
-        if x in ["quilt-native", "autoconf-native", "automake-native", "gnu-config-native", "libtool-native", "pkgconfig-native", "gcc-cross", "binutils-cross", "gcc-cross-initial"]:
-            return True
-        return False
+
     def isPostInstDep(x):
         if x in ["qemu-native", "gdk-pixbuf-native", "qemuwrapper-cross", "depmodwrapper-cross", "systemd-systemctl-native", "gtk-update-icon-cache-native"]:
             return True
         return False
 
-    # We can skip these "safe" dependencies since the aren't runtime dependencies, just build time
-    if isSafeDep(taskdependees[task][0]) and taskdependees[task][1] == "do_populate_sysroot":
-        return True
-
     # We only need to trigger populate_lic through direct dependencies
     if taskdependees[task][1] == "do_populate_lic":
         return True

meta/classes/staging.bbclass

@@ -13,7 +13,7 @@ sysroot_stage_dir() {
 	# However we always want to stage a $src itself, even if it's empty
 	mkdir -p "$dest"
 	if [ -d "$src" ]; then
-		tar -cf - -C "$src" -ps . | tar -xf - -C "$dest"
+		tar -cf - -C "$src" -p . | tar -xf - -C "$dest"
 	fi
 }
 

meta/lib/oe/path.py

@@ -81,7 +81,7 @@ def copytree(src, dst):
     # This way we also preserve hardlinks between files in the tree.
 
     bb.utils.mkdirhier(dst)
-    cmd = 'tar -cf - -C %s -ps . | tar -xf - -C %s' % (src, dst)
+    cmd = 'tar -cf - -C %s -p . | tar -xf - -C %s' % (src, dst)
     check_output(cmd, shell=True, stderr=subprocess.STDOUT)
 
 def copyhardlinktree(src, dst):
@@ -93,7 +93,7 @@ def copyhardlinktree(src, dst):
     if (os.stat(src).st_dev ==  os.stat(dst).st_dev):
         # Need to copy directories only with tar first since cp will error if two 
         # writers try and create a directory at the same time
-        cmd = 'cd %s; find . -type d -print | tar -cf - -C %s -ps --files-from - | tar -xf - -C %s' % (src, src, dst)
+        cmd = 'cd %s; find . -type d -print | tar -cf - -C %s -p --files-from - | tar -xf - -C %s' % (src, src, dst)
         check_output(cmd, shell=True, stderr=subprocess.STDOUT)
         if os.path.isdir(src):
             src = src + "/*"

meta/recipes-core/busybox/busybox-1.20.2/defconfig

@@ -457,8 +457,8 @@ CONFIG_USE_BB_CRYPT=y
 # CONFIG_ADDUSER is not set
 # CONFIG_FEATURE_ADDUSER_LONG_OPTIONS is not set
 # CONFIG_FEATURE_CHECK_NAMES is not set
-CONFIG_FIRST_SYSTEM_ID=0
-CONFIG_LAST_SYSTEM_ID=0
+CONFIG_FIRST_SYSTEM_ID=100
+CONFIG_LAST_SYSTEM_ID=999
 # CONFIG_ADDGROUP is not set
 # CONFIG_FEATURE_ADDGROUP_LONG_OPTIONS is not set
 # CONFIG_FEATURE_ADDUSER_TO_GROUP is not set

meta/recipes-core/dropbear/dropbear.inc

@@ -41,6 +41,7 @@ BINCOMMANDS = "dbclient ssh scp"
 EXTRA_OEMAKE = 'MULTI=1 SCPPROGRESS=1 PROGRAMS="${SBINCOMMANDS} ${BINCOMMANDS}"'
 EXTRA_OECONF += "\
  ${@base_contains('DISTRO_FEATURES', 'pam', '--enable-pam', '--disable-pam', d)}"
+CFLAGS += "-DSFTPSERVER_PATH=\\"${libdir}/openssh/sftp-server\\""
 
 do_install() {
 	install -d ${D}${sysconfdir} \

meta/recipes-core/images/build-appliance-image.bb

@@ -19,7 +19,7 @@ IMAGE_FSTYPES = "vmdk"
 
 inherit core-image
 
-SRCREV ?= "beda5013e46da16a3d76f095869a5a5c5b1bc08a"
+SRCREV ?= "465a8605191e39be443fe999619a034ae49889d8"
 SRC_URI = "git://git.yoctoproject.org/poky;protocol=git \
            file://Yocto_Build_Appliance.vmx \
            file://Yocto_Build_Appliance.vmxf \

meta/recipes-core/initrdscripts/files/init-install-efi.sh

@@ -58,6 +58,7 @@ echo "Installing image on /dev/${device}"
 #
 # The udev automounter can cause pain here, kill it
 #
+rm -f /etc/udev/rules.d/automount.rules
 rm -f /etc/udev/scripts/mount*
 
 #

meta/recipes-core/libxml/libxml2/libxml2-CVE-2012-2871.patch

@@ -1,34 +0,0 @@
-libxml2 CVE-2012-2871
-
-the patch come from:
-http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src \
-/include/libxml/tree.h?r1=56276&r2=149930
-
-libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89,
-does not properly support a cast of an unspecified variable during handling
-of XSL transforms, which allows remote attackers to cause a denial of service
-or possibly have unknown other impact via a crafted document, related to the
-_xmlNs data structure in include/libxml/tree.h.
-
-http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2871
-
-Signed-off-by: Li Wang <li.wang@windriver.com>
----
- include/libxml/tree.h |    1 +
- 1 files changed, 1 insertions(+), 0 deletions(-)
-
-diff --git a/include/libxml/tree.h b/include/libxml/tree.h
-index b733589..5422dda 100644
---- a/include/libxml/tree.h
-+++ b/include/libxml/tree.h
-@@ -351,6 +351,7 @@ struct _xmlNs {
-     struct _xmlNs  *next;	/* next Ns link for this node  */
-     xmlNsType      type;	/* global or local */
-     const xmlChar *href;	/* URL for the namespace */
-+    const char *dummy_children;	/* lines up with node->children */
-     const xmlChar *prefix;	/* prefix for the namespace */
-     void           *_private;   /* application data */
-     struct _xmlDoc *context;		/* normally an xmlDoc */
--- 
-1.7.0.5
-

meta/recipes-core/libxml/libxml2_2.9.0.bb

@@ -5,5 +5,3 @@ PR = "${INC_PR}.1"
 SRC_URI[md5sum] = "5b9bebf4f5d2200ae2c4efe8fa6103f7"
 SRC_URI[sha256sum] = "ad25d91958b7212abdc12b9611cfb4dc4e5cddb6d1e9891532f48aacee422b82"
 
-SRC_URI += "file://libxml2-CVE-2012-2871.patch \
-	   "

meta/recipes-core/ncurses/ncurses.inc

@@ -42,6 +42,8 @@ EXCONFIG_ARGS_virtclass-nativesdk = " \
 		--with-chtype='long' \
 		--with-mmask-t='long'"
 
+PACKAGES_DYNAMIC = "^${PN}-lib.*"
+
 # Fall back to the host termcap / terminfo for -nativesdk and -native
 # The reality is a work around for strange problems with things like
 # "bitbake -c menuconfig busybox" where it cannot find the terminfo

meta/recipes-core/packagegroups/packagegroup-self-hosted.bb

@@ -130,6 +130,7 @@ RDEPENDS_packagegroup-self-hosted-extended = "\
     minicom \
     mtools \
     ncurses \
+    ncurses-terminfo-base \
     neon \
     nfs-utils \
     nfs-utils-client \
@@ -150,17 +151,21 @@ RDEPENDS_packagegroup-self-hosted-extended = "\
     python-core \
     python-curses \
     python-datetime \
+    python-difflib \
     python-distutils \
     python-elementtree \
     python-email \
     python-fcntl \
+    python-json \
     python-logging \
     python-misc \
+    python-mmap \
     python-multiprocessing \
     python-netclient \
     python-netserver \
     python-pickle \
     python-pkgutil \
+    python-pprint \
     python-re \
     python-rpm \
     python-shell \

meta/recipes-core/sysvinit/sysvinit-inittab_2.88dsf.bb

@@ -21,14 +21,12 @@ do_install() {
         echo "S:2345:respawn:${base_sbindir}/getty ${SERIAL_CONSOLE}" >> ${D}${sysconfdir}/inittab
     fi
 
-    idx=0
     tmp="${SERIAL_CONSOLES}"
     for i in $tmp
     do
 	j=`echo ${i} | sed s/\;/\ /g`
-	echo "${idx}:12345:respawn:${base_sbindir}/getty ${j}" >> ${D}${sysconfdir}/inittab
-
-	idx=`expr $idx + 1`
+	label=`echo ${i} | sed -e 's/^.*;tty//'`
+	echo "$label:12345:respawn:${base_sbindir}/getty ${j}" >> ${D}${sysconfdir}/inittab
     done
 
     if [ "${USE_VT}" = "1" ]; then

meta/recipes-devtools/elfutils/elfutils/fix-build-gcc-4.8.patch

@@ -0,0 +1,57 @@
+This patch fixes a warning seen with gcc 4.8 (especially on ubuntu 13.10)
+
+| addr2line.c: In function 'handle_address':
+| addr2line.c:450:7: error: format '%a' expects argument of type 'float *', but argument 3 has type 'char **' [-Werror=format=]
+|        if (sscanf (string, "(%a[^)])%" PRIiMAX "%n", &name, &addr, &i) == 2
+|        ^
+| addr2line.c:453:7: error: format '%a' expects argument of type 'float *', but argument 3 has type 'char **' [-Werror=format=]
+|        switch (sscanf (string, "%a[^-+]%n%" PRIiMAX "%n", &name, &i, &addr, &j))
+|        ^
+| cc1: all warnings being treated as errors
+
+
+%a is old GNU style and should be abandoned in favor of %m
+
+Also see
+
+http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54361
+
+to support this assertion
+
+This patch is added via redhat-compatibility patch so lets revert this part
+here.
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+Upstream-Status: Inappropriate [Caused by an earlier patch]
+
+Index: elfutils-0.148/src/addr2line.c
+===================================================================
+--- elfutils-0.148.orig/src/addr2line.c	2013-09-23 17:46:45.513586538 -0700
++++ elfutils-0.148/src/addr2line.c	2013-09-23 17:46:46.329586558 -0700
+@@ -447,10 +447,10 @@
+       bool parsed = false;
+       int i, j;
+       char *name = NULL;
+-      if (sscanf (string, "(%a[^)])%" PRIiMAX "%n", &name, &addr, &i) == 2
++      if (sscanf (string, "(%m[^)])%" PRIiMAX "%n", &name, &addr, &i) == 2
+ 	  && string[i] == '\0')
+ 	parsed = adjust_to_section (name, &addr, dwfl);
+-      switch (sscanf (string, "%a[^-+]%n%" PRIiMAX "%n", &name, &i, &addr, &j))
++      switch (sscanf (string, "%m[^-+]%n%" PRIiMAX "%n", &name, &i, &addr, &j))
+ 	{
+ 	default:
+ 	  break;
+Index: elfutils-0.148/tests/line2addr.c
+===================================================================
+--- elfutils-0.148.orig/tests/line2addr.c	2013-09-23 17:46:45.521586538 -0700
++++ elfutils-0.148/tests/line2addr.c	2013-09-23 17:46:46.329586558 -0700
+@@ -132,7 +132,7 @@
+     {
+       struct args a = { .arg = argv[cnt] };
+ 
+-      switch (sscanf (a.arg, "%a[^:]:%d", &a.file, &a.line))
++      switch (sscanf (a.arg, "%m[^:]:%d", &a.file, &a.line))
+ 	{
+ 	default:
+ 	case 0:

meta/recipes-devtools/elfutils/elfutils_0.148.bb

@@ -33,6 +33,7 @@ SRC_URI += "\
 	file://dso-link-change.patch \
 	file://nm-Fix-size-passed-to-snprintf-for-invalid-sh_name-case.patch \
 	file://elfutils-ar-c-fix-num-passed-to-memset.patch \
+	file://fix-build-gcc-4.8.patch \
 "
 # Only apply when building uclibc based target recipe
 SRC_URI_append_libc-uclibc = " file://uclibc-support.patch"

meta/recipes-devtools/guile/files/0001-doc-Fix-build-with-Texinfo-5.0.patch

@@ -0,0 +1,71 @@
+From 183d2ace576710079a2bcf2a8bfcbc39b7d9becc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
+Date: Fri, 1 Mar 2013 17:49:24 +0100
+Subject: [PATCH] doc: Fix build with Texinfo 5.0.
+
+* doc/ref/api-control.texi (Handling Errors): Move misplaced description
+  for `scm_memory_error' & co.
+* doc/ref/r6rs.texi (rnrs base): Change `deffnx' of `let-syntax' and
+  `letrec-syntax' to fit on one line.
+
+Upstream-Status: Backport [in 2.0.9 release]
+
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+---
+ doc/ref/api-control.texi | 6 +++---
+ doc/ref/r6rs.texi        | 8 +++-----
+ 2 files changed, 6 insertions(+), 8 deletions(-)
+
+diff --git a/doc/ref/api-control.texi b/doc/ref/api-control.texi
+index 95c4925..ea943d3 100644
+--- a/doc/ref/api-control.texi
++++ b/doc/ref/api-control.texi
+@@ -1,7 +1,7 @@
+ @c -*-texinfo-*-
+ @c This is part of the GNU Guile Reference Manual.
+-@c Copyright (C)  1996, 1997, 2000, 2001, 2002, 2003, 2004, 2009, 2010, 2011, 2012
+-@c   Free Software Foundation, Inc.
++@c Copyright (C)  1996, 1997, 2000, 2001, 2002, 2003, 2004, 2009, 2010,
++@c   2011, 2012, 2013 Free Software Foundation, Inc.
+ @c See the file guile.texi for copying conditions.
+ 
+ @node Control Mechanisms
+@@ -1732,8 +1732,8 @@ and the call to these routines doesn't change @code{errno}.
+ @deftypefnx {C Function} void scm_wrong_type_arg (char *@var{subr}, int @var{argnum}, SCM @var{bad_value})
+ @deftypefnx {C Function} void scm_wrong_type_arg_msg (char *@var{subr}, int @var{argnum}, SCM @var{bad_value}, const char *@var{expected})
+ @deftypefnx {C Function} void scm_memory_error (char *@var{subr})
+-Throw an error with the various keys described above.
+ @deftypefnx {C Function} void scm_misc_error (const char *@var{subr}, const char *@var{message}, SCM @var{args})
++Throw an error with the various keys described above.
+ 
+ In @code{scm_wrong_num_args}, @var{proc} should be a Scheme symbol
+ which is the name of the procedure incorrectly invoked.  The other
+diff --git a/doc/ref/r6rs.texi b/doc/ref/r6rs.texi
+index 2028ada..13f9e20 100644
+--- a/doc/ref/r6rs.texi
++++ b/doc/ref/r6rs.texi
+@@ -1,6 +1,6 @@
+ @c -*-texinfo-*-
+ @c This is part of the GNU Guile Reference Manual.
+-@c Copyright (C)  2010, 2011, 2012
++@c Copyright (C)  2010, 2011, 2012, 2013
+ @c   Free Software Foundation, Inc.
+ @c See the file guile.texi for copying conditions.
+ 
+@@ -273,10 +273,8 @@ grouped below by the existing manual sections to which they correspond.
+ @end deffn
+ 
+ @deffn {Scheme Syntax} define-syntax keyword expression
+-@deffnx {Scheme Syntax} let-syntax ((keyword transformer) @dots{})
+-                        exp1 exp2 @dots{}
+-@deffnx {Scheme Syntax} letrec-syntax ((keyword transformer) @dots{})
+-                        exp1 exp2 @dots{}
++@deffnx {Scheme Syntax} let-syntax ((keyword transformer) @dots{}) exp1 exp2 @dots{}
++@deffnx {Scheme Syntax} letrec-syntax ((keyword transformer) @dots{}) exp1 exp2 @dots{}
+ @xref{Defining Macros}, for documentation.
+ @end deffn
+ 
+-- 
+1.8.4.2
+

meta/recipes-devtools/guile/guile_2.0.7.bb

@@ -20,6 +20,7 @@ SRC_URI = "${GNU_MIRROR}/guile/guile-${PV}.tar.xz \
            file://guile_2.0.6_fix_sed_error.patch \
            file://arm_endianness.patch \
            file://fix_parallel_build_issue.patch \
+           file://0001-doc-Fix-build-with-Texinfo-5.0.patch \
            "
 
 #           file://debian/0001-Change-guile-to-guile-X.Y-for-info-pages.patch
@@ -35,7 +36,7 @@ BBCLASSEXTEND = "native"
 
 DEPENDS = "libunistring bdwgc gmp libtool libffi"
 # add guile-native only to the target recipe's DEPENDS
-DEPENDS += "${@['guile-native libatomics-ops', ''][d.getVar('PN', True) != 'guile']}"
+DEPENDS_append_class-target = " guile-native libatomics-ops"
 
 RDEPENDS_${PN}_append_libc-glibc_class-target = "glibc-gconv-iso8859-1"
 

meta/recipes-devtools/perl/perl-5.14.3/0001-Fix-misparsing-of-maketext-strings.patch

@@ -0,0 +1,86 @@
+From 1735f6f53ca19f99c6e9e39496c486af323ba6a8 Mon Sep 17 00:00:00 2001
+From: Brian Carlson <brian.carlson@cpanel.net>
+Date: Wed, 28 Nov 2012 08:54:33 -0500
+Subject: [PATCH] Fix misparsing of maketext strings.
+
+Case 61251: This commit fixes a misparse of maketext strings that could
+lead to arbitrary code execution.  Basically, maketext was compiling
+bracket notation into functions, but neglected to escape backslashes
+inside the content or die on fully-qualified method names when
+generating the code.  This change escapes all such backslashes and dies
+when a method name with a colon or apostrophe is specified.
+---
+ AUTHORS                                     |  1 +
+ dist/Locale-Maketext/lib/Locale/Maketext.pm | 24 ++++++++----------------
+ 2 files changed, 9 insertions(+), 16 deletions(-)
+
+Upstream-Status: Backport
+
+Signed-off-by: Saul Wold <sgw@linux.intel.com>
+
+
+diff --git a/AUTHORS b/AUTHORS
+index 70734b0..009dea0 100644
+--- a/AUTHORS
++++ b/AUTHORS
+@@ -154,6 +154,7 @@ Breno G. de Oliveira		<garu@cpan.org>
+ Brent Dax			<brentdax@cpan.org>
+ Brooks D Boyd
+ Brian Callaghan			<callagh@itginc.com>
++Brian Carlson			<brian.carlson@cpanel.net>
+ Brian Clarke			<clarke@appliedmeta.com>
+ brian d foy			<brian.d.foy@gmail.com>
+ Brian Fraser			<fraserbn@gmail.com>
+diff --git a/dist/Locale-Maketext/lib/Locale/Maketext.pm b/dist/Locale-Maketext/lib/Locale/Maketext.pm
+index 4822027..63e5fba 100644
+--- a/dist/Locale-Maketext/lib/Locale/Maketext.pm
++++ b/dist/Locale-Maketext/lib/Locale/Maketext.pm
+@@ -625,21 +625,9 @@ sub _compile {
+                         # 0-length method name means to just interpolate:
+                         push @code, ' (';
+                     }
+-                    elsif($m =~ /^\w+(?:\:\:\w+)*$/s
+-                            and $m !~ m/(?:^|\:)\d/s
+-                        # exclude starting a (sub)package or symbol with a digit
++                    elsif($m =~ /^\w+$/s
++                        # exclude anything fancy, especially fully-qualified module names
+                     ) {
+-                        # Yes, it even supports the demented (and undocumented?)
+-                        #  $obj->Foo::bar(...) syntax.
+-                        $target->_die_pointing(
+-                            $string_to_compile, q{Can't use "SUPER::" in a bracket-group method},
+-                            2 + length($c[-1])
+-                        )
+-                        if $m =~ m/^SUPER::/s;
+-                        # Because for SUPER:: to work, we'd have to compile this into
+-                        #  the right package, and that seems just not worth the bother,
+-                        #  unless someone convinces me otherwise.
+-
+                         push @code, ' $_[0]->' . $m . '(';
+                     }
+                     else {
+@@ -693,7 +681,9 @@ sub _compile {
+             elsif(substr($1,0,1) ne '~') {
+                 # it's stuff not containing "~" or "[" or "]"
+                 # i.e., a literal blob
+-                $c[-1] .= $1;
++                my $text = $1;
++                $text =~ s/\\/\\\\/g;
++                $c[-1] .= $text;
+ 
+             }
+             elsif($1 eq '~~') { # "~~"
+@@ -731,7 +721,9 @@ sub _compile {
+             else {
+                 # It's a "~X" where X is not a special character.
+                 # Consider it a literal ~ and X.
+-                $c[-1] .= $1;
++                my $text = $1;
++                $text =~ s/\\/\\\\/g;
++                $c[-1] .= $text;
+             }
+         }
+     }
+-- 
+1.8.3.1
+

meta/recipes-devtools/perl/perl-5.14.3/0001-Prevent-premature-hsplit-calls-and-only-trigger-REHA.patch

@@ -0,0 +1,178 @@
+From d59e31fc729d8a39a774f03bc6bc457029a7aef2 Mon Sep 17 00:00:00 2001
+From: Yves Orton <demerphq@gmail.com>
+Date: Tue, 12 Feb 2013 10:53:05 +0100
+Subject: [PATCH] Prevent premature hsplit() calls, and only trigger REHASH
+ after hsplit()
+
+Triggering a hsplit due to long chain length allows an attacker
+to create a carefully chosen set of keys which can cause the hash
+to use 2 * (2**32) * sizeof(void *) bytes ram. AKA a DOS via memory
+exhaustion. Doing so also takes non trivial time.
+
+Eliminating this check, and only inspecting chain length after a
+normal hsplit() (triggered when keys>buckets) prevents the attack
+entirely, and makes such attacks relatively benign.
+
+(cherry picked from commit f1220d61455253b170e81427c9d0357831ca0fac)
+
+Upstream-Status: Backport
+
+Signed-off-by: Saul Wold <sgw@linux.intel.com>
+
+
+---
+ ext/Hash-Util-FieldHash/t/10_hash.t | 18 ++++++++++++++++--
+ hv.c                                | 35 ++++++++---------------------------
+ t/op/hash.t                         | 20 +++++++++++++++++---
+ 3 files changed, 41 insertions(+), 32 deletions(-)
+
+diff --git a/ext/Hash-Util-FieldHash/t/10_hash.t b/ext/Hash-Util-FieldHash/t/10_hash.t
+index 2cfb4e8..d58f053 100644
+--- a/ext/Hash-Util-FieldHash/t/10_hash.t
++++ b/ext/Hash-Util-FieldHash/t/10_hash.t
+@@ -38,15 +38,29 @@ use constant START     => "a";
+ 
+ # some initial hash data
+ fieldhash my %h2;
+-%h2 = map {$_ => 1} 'a'..'cc';
++my $counter= "a";
++$h2{$counter++}++ while $counter ne 'cd';
+ 
+ ok (!Internals::HvREHASH(%h2), 
+     "starting with pre-populated non-pathological hash (rehash flag if off)");
+ 
+ my @keys = get_keys(\%h2);
++my $buckets= buckets(\%h2);
+ $h2{$_}++ for @keys;
++$h2{$counter++}++ while buckets(\%h2) == $buckets; # force a split
+ ok (Internals::HvREHASH(%h2), 
+-    scalar(@keys) . " colliding into the same bucket keys are triggering rehash");
++    scalar(@keys) . " colliding into the same bucket keys are triggering rehash after split");
++
++# returns the number of buckets in a hash
++sub buckets {
++    my $hr = shift;
++    my $keys_buckets= scalar(%$hr);
++    if ($keys_buckets=~m!/([0-9]+)\z!) {
++        return 0+$1;
++    } else {
++        return 8;
++    }
++}
+ 
+ sub get_keys {
+     my $hr = shift;
+diff --git a/hv.c b/hv.c
+index 2be1feb..abb9d76 100644
+--- a/hv.c
++++ b/hv.c
+@@ -35,7 +35,8 @@ holds the key and hash value.
+ #define PERL_HASH_INTERNAL_ACCESS
+ #include "perl.h"
+ 
+-#define HV_MAX_LENGTH_BEFORE_SPLIT 14
++#define HV_MAX_LENGTH_BEFORE_REHASH 14
++#define SHOULD_DO_HSPLIT(xhv) ((xhv)->xhv_keys > (xhv)->xhv_max) /* HvTOTALKEYS(hv) > HvMAX(hv) */
+ 
+ static const char S_strtab_error[]
+     = "Cannot modify shared string table in hv_%s";
+@@ -794,29 +795,9 @@ Perl_hv_common(pTHX_ HV *hv, SV *keysv, const char *key, STRLEN klen,
+     if (masked_flags & HVhek_ENABLEHVKFLAGS)
+ 	HvHASKFLAGS_on(hv);
+ 
+-    {
+-	const HE *counter = HeNEXT(entry);
+-
+-	xhv->xhv_keys++; /* HvTOTALKEYS(hv)++ */
+-	if (!counter) {				/* initial entry? */
+-	} else if (xhv->xhv_keys > xhv->xhv_max) {
+-		/* Use only the old HvKEYS(hv) > HvMAX(hv) condition to limit
+-		   bucket splits on a rehashed hash, as we're not going to
+-		   split it again, and if someone is lucky (evil) enough to
+-		   get all the keys in one list they could exhaust our memory
+-		   as we repeatedly double the number of buckets on every
+-		   entry. Linear search feels a less worse thing to do.  */
+-	    hsplit(hv);
+-	} else if(!HvREHASH(hv)) {
+-	    U32 n_links = 1;
+-
+-	    while ((counter = HeNEXT(counter)))
+-		n_links++;
+-
+-	    if (n_links > HV_MAX_LENGTH_BEFORE_SPLIT) {
+-		hsplit(hv);
+-	    }
+-	}
++    xhv->xhv_keys++; /* HvTOTALKEYS(hv)++ */
++    if ( SHOULD_DO_HSPLIT(xhv) ) {
++        hsplit(hv);
+     }
+ 
+     if (return_svp) {
+@@ -1192,7 +1173,7 @@ S_hsplit(pTHX_ HV *hv)
+ 
+ 
+     /* Pick your policy for "hashing isn't working" here:  */
+-    if (longest_chain <= HV_MAX_LENGTH_BEFORE_SPLIT /* split worked?  */
++    if (longest_chain <= HV_MAX_LENGTH_BEFORE_REHASH /* split worked?  */
+ 	|| HvREHASH(hv)) {
+ 	return;
+     }
+@@ -2831,8 +2812,8 @@ S_share_hek_flags(pTHX_ const char *str, I32 len, register U32 hash, int flags)
+ 
+ 	xhv->xhv_keys++; /* HvTOTALKEYS(hv)++ */
+ 	if (!next) {			/* initial entry? */
+-	} else if (xhv->xhv_keys > xhv->xhv_max /* HvKEYS(hv) > HvMAX(hv) */) {
+-		hsplit(PL_strtab);
++	} else if ( SHOULD_DO_HSPLIT(xhv) ) {
++            hsplit(PL_strtab);
+ 	}
+     }
+ 
+diff --git a/t/op/hash.t b/t/op/hash.t
+index 278bea7..201260a 100644
+--- a/t/op/hash.t
++++ b/t/op/hash.t
+@@ -39,22 +39,36 @@ use constant THRESHOLD => 14;
+ use constant START     => "a";
+ 
+ # some initial hash data
+-my %h2 = map {$_ => 1} 'a'..'cc';
++my %h2;
++my $counter= "a";
++$h2{$counter++}++ while $counter ne 'cd';
+ 
+ ok (!Internals::HvREHASH(%h2), 
+     "starting with pre-populated non-pathological hash (rehash flag if off)");
+ 
+ my @keys = get_keys(\%h2);
++my $buckets= buckets(\%h2);
+ $h2{$_}++ for @keys;
++$h2{$counter++}++ while buckets(\%h2) == $buckets; # force a split
+ ok (Internals::HvREHASH(%h2), 
+-    scalar(@keys) . " colliding into the same bucket keys are triggering rehash");
++    scalar(@keys) . " colliding into the same bucket keys are triggering rehash after split");
++
++# returns the number of buckets in a hash
++sub buckets {
++    my $hr = shift;
++    my $keys_buckets= scalar(%$hr);
++    if ($keys_buckets=~m!/([0-9]+)\z!) {
++        return 0+$1;
++    } else {
++        return 8;
++    }
++}
+ 
+ sub get_keys {
+     my $hr = shift;
+ 
+     # the minimum of bits required to mount the attack on a hash
+     my $min_bits = log(THRESHOLD)/log(2);
+-
+     # if the hash has already been populated with a significant amount
+     # of entries the number of mask bits can be higher
+     my $keys = scalar keys %$hr;
+-- 
+1.8.3.1
+

meta/recipes-devtools/perl/perl_5.14.3.bb

@@ -65,6 +65,9 @@ SRC_URI = "http://www.cpan.org/src/5.0/perl-${PV}.tar.gz \
 	file://perl-archlib-exp.patch \
 	file://dynaloaderhack.patch \
 	\
+        file://0001-Fix-misparsing-of-maketext-strings.patch \
+        file://0001-Prevent-premature-hsplit-calls-and-only-trigger-REHA.patch \
+        \
         file://config.sh \
         file://config.sh-32 \
         file://config.sh-32-le \

meta/recipes-devtools/python/python-2.7-manifest.inc

@@ -151,7 +151,7 @@ RDEPENDS_${PN}-mmap="${PN}-core ${PN}-io"
 FILES_${PN}-mmap="${libdir}/python2.7/lib-dynload/mmap.so "
 
 DESCRIPTION_${PN}-multiprocessing="Python Multiprocessing Support"
-RDEPENDS_${PN}-multiprocessing="${PN}-core ${PN}-io ${PN}-lang ${PN}-pickle ${PN}-threading"
+RDEPENDS_${PN}-multiprocessing="${PN}-core ${PN}-io ${PN}-lang ${PN}-pickle ${PN}-threading ${PN}-ctypes"
 FILES_${PN}-multiprocessing="${libdir}/python2.7/lib-dynload/_multiprocessing.so ${libdir}/python2.7/multiprocessing "
 
 DESCRIPTION_${PN}-netclient="Python Internet Protocol Clients"

meta/recipes-devtools/python/python/CVE-2013-4073_py27.patch

@@ -0,0 +1,251 @@
+Upstream-Status: Backport
+
+Signed-off-by: Saul Wold <sgw@linux.intel.com>
+
+diff -r 9ddc63c039ba Lib/test/nullbytecert.pem
+--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
++++ b/Lib/test/nullbytecert.pem	Sun Aug 11 18:13:17 2013 +0200
+@@ -0,0 +1,90 @@
++Certificate:
++    Data:
++        Version: 3 (0x2)
++        Serial Number: 0 (0x0)
++    Signature Algorithm: sha1WithRSAEncryption
++        Issuer: C=US, ST=Oregon, L=Beaverton, O=Python Software Foundation, OU=Python Core Development, CN=null.python.org\x00example.org/emailAddress=python-dev@python.org
++        Validity
++            Not Before: Aug  7 13:11:52 2013 GMT
++            Not After : Aug  7 13:12:52 2013 GMT
++        Subject: C=US, ST=Oregon, L=Beaverton, O=Python Software Foundation, OU=Python Core Development, CN=null.python.org\x00example.org/emailAddress=python-dev@python.org
++        Subject Public Key Info:
++            Public Key Algorithm: rsaEncryption
++                Public-Key: (2048 bit)
++                Modulus:
++                    00:b5:ea:ed:c9:fb:46:7d:6f:3b:76:80:dd:3a:f3:
++                    03:94:0b:a7:a6:db:ec:1d:df:ff:23:74:08:9d:97:
++                    16:3f:a3:a4:7b:3e:1b:0e:96:59:25:03:a7:26:e2:
++                    88:a9:cf:79:cd:f7:04:56:b0:ab:79:32:6e:59:c1:
++                    32:30:54:eb:58:a8:cb:91:f0:42:a5:64:27:cb:d4:
++                    56:31:88:52:ad:cf:bd:7f:f0:06:64:1f:cc:27:b8:
++                    a3:8b:8c:f3:d8:29:1f:25:0b:f5:46:06:1b:ca:02:
++                    45:ad:7b:76:0a:9c:bf:bb:b9:ae:0d:16:ab:60:75:
++                    ae:06:3e:9c:7c:31:dc:92:2f:29:1a:e0:4b:0c:91:
++                    90:6c:e9:37:c5:90:d7:2a:d7:97:15:a3:80:8f:5d:
++                    7b:49:8f:54:30:d4:97:2c:1c:5b:37:b5:ab:69:30:
++                    68:43:d3:33:78:4b:02:60:f5:3c:44:80:a1:8f:e7:
++                    f0:0f:d1:5e:87:9e:46:cf:62:fc:f9:bf:0c:65:12:
++                    f1:93:c8:35:79:3f:c8:ec:ec:47:f5:ef:be:44:d5:
++                    ae:82:1e:2d:9a:9f:98:5a:67:65:e1:74:70:7c:cb:
++                    d3:c2:ce:0e:45:49:27:dc:e3:2d:d4:fb:48:0e:2f:
++                    9e:77:b8:14:46:c0:c4:36:ca:02:ae:6a:91:8c:da:
++                    2f:85
++                Exponent: 65537 (0x10001)
++        X509v3 extensions:
++            X509v3 Basic Constraints: critical
++                CA:FALSE
++            X509v3 Subject Key Identifier:
++                88:5A:55:C0:52:FF:61:CD:52:A3:35:0F:EA:5A:9C:24:38:22:F7:5C
++            X509v3 Key Usage:
++                Digital Signature, Non Repudiation, Key Encipherment
++            X509v3 Subject Alternative Name:
++                *************************************************************
++                WARNING: The values for DNS, email and URI are WRONG. OpenSSL
++                         doesn't print the text after a NULL byte.
++                *************************************************************
++                DNS:altnull.python.org, email:null@python.org, URI:http://null.python.org, IP Address:192.0.2.1, IP Address:2001:DB8:0:0:0:0:0:1
++    Signature Algorithm: sha1WithRSAEncryption
++         ac:4f:45:ef:7d:49:a8:21:70:8e:88:59:3e:d4:36:42:70:f5:
++         a3:bd:8b:d7:a8:d0:58:f6:31:4a:b1:a4:a6:dd:6f:d9:e8:44:
++         3c:b6:0a:71:d6:7f:b1:08:61:9d:60:ce:75:cf:77:0c:d2:37:
++         86:02:8d:5e:5d:f9:0f:71:b4:16:a8:c1:3d:23:1c:f1:11:b3:
++         56:6e:ca:d0:8d:34:94:e6:87:2a:99:f2:ae:ae:cc:c2:e8:86:
++         de:08:a8:7f:c5:05:fa:6f:81:a7:82:e6:d0:53:9d:34:f4:ac:
++         3e:40:fe:89:57:7a:29:a4:91:7e:0b:c6:51:31:e5:10:2f:a4:
++         60:76:cd:95:51:1a:be:8b:a1:b0:fd:ad:52:bd:d7:1b:87:60:
++         d2:31:c7:17:c4:18:4f:2d:08:25:a3:a7:4f:b7:92:ca:e2:f5:
++         25:f1:54:75:81:9d:b3:3d:61:a2:f7:da:ed:e1:c6:6f:2c:60:
++         1f:d8:6f:c5:92:05:ab:c9:09:62:49:a9:14:ad:55:11:cc:d6:
++         4a:19:94:99:97:37:1d:81:5f:8b:cf:a3:a8:96:44:51:08:3d:
++         0b:05:65:12:eb:b6:70:80:88:48:72:4f:c6:c2:da:cf:cd:8e:
++         5b:ba:97:2f:60:b4:96:56:49:5e:3a:43:76:63:04:be:2a:f6:
++         c1:ca:a9:94
++-----BEGIN CERTIFICATE-----
++MIIE2DCCA8CgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBxTELMAkGA1UEBhMCVVMx
++DzANBgNVBAgMBk9yZWdvbjESMBAGA1UEBwwJQmVhdmVydG9uMSMwIQYDVQQKDBpQ
++eXRob24gU29mdHdhcmUgRm91bmRhdGlvbjEgMB4GA1UECwwXUHl0aG9uIENvcmUg
++RGV2ZWxvcG1lbnQxJDAiBgNVBAMMG251bGwucHl0aG9uLm9yZwBleGFtcGxlLm9y
++ZzEkMCIGCSqGSIb3DQEJARYVcHl0aG9uLWRldkBweXRob24ub3JnMB4XDTEzMDgw
++NzEzMTE1MloXDTEzMDgwNzEzMTI1MlowgcUxCzAJBgNVBAYTAlVTMQ8wDQYDVQQI
++DAZPcmVnb24xEjAQBgNVBAcMCUJlYXZlcnRvbjEjMCEGA1UECgwaUHl0aG9uIFNv
++ZnR3YXJlIEZvdW5kYXRpb24xIDAeBgNVBAsMF1B5dGhvbiBDb3JlIERldmVsb3Bt
++ZW50MSQwIgYDVQQDDBtudWxsLnB5dGhvbi5vcmcAZXhhbXBsZS5vcmcxJDAiBgkq
++hkiG9w0BCQEWFXB5dGhvbi1kZXZAcHl0aG9uLm9yZzCCASIwDQYJKoZIhvcNAQEB
++BQADggEPADCCAQoCggEBALXq7cn7Rn1vO3aA3TrzA5QLp6bb7B3f/yN0CJ2XFj+j
++pHs+Gw6WWSUDpybiiKnPec33BFawq3kyblnBMjBU61ioy5HwQqVkJ8vUVjGIUq3P
++vX/wBmQfzCe4o4uM89gpHyUL9UYGG8oCRa17dgqcv7u5rg0Wq2B1rgY+nHwx3JIv
++KRrgSwyRkGzpN8WQ1yrXlxWjgI9de0mPVDDUlywcWze1q2kwaEPTM3hLAmD1PESA
++oY/n8A/RXoeeRs9i/Pm/DGUS8ZPINXk/yOzsR/XvvkTVroIeLZqfmFpnZeF0cHzL
++08LODkVJJ9zjLdT7SA4vnne4FEbAxDbKAq5qkYzaL4UCAwEAAaOB0DCBzTAMBgNV
++HRMBAf8EAjAAMB0GA1UdDgQWBBSIWlXAUv9hzVKjNQ/qWpwkOCL3XDALBgNVHQ8E
++BAMCBeAwgZAGA1UdEQSBiDCBhYIeYWx0bnVsbC5weXRob24ub3JnAGV4YW1wbGUu
++Y29tgSBudWxsQHB5dGhvbi5vcmcAdXNlckBleGFtcGxlLm9yZ4YpaHR0cDovL251
++bGwucHl0aG9uLm9yZwBodHRwOi8vZXhhbXBsZS5vcmeHBMAAAgGHECABDbgAAAAA
++AAAAAAAAAAEwDQYJKoZIhvcNAQEFBQADggEBAKxPRe99SaghcI6IWT7UNkJw9aO9
++i9eo0Fj2MUqxpKbdb9noRDy2CnHWf7EIYZ1gznXPdwzSN4YCjV5d+Q9xtBaowT0j
++HPERs1ZuytCNNJTmhyqZ8q6uzMLoht4IqH/FBfpvgaeC5tBTnTT0rD5A/olXeimk
++kX4LxlEx5RAvpGB2zZVRGr6LobD9rVK91xuHYNIxxxfEGE8tCCWjp0+3ksri9SXx
++VHWBnbM9YaL32u3hxm8sYB/Yb8WSBavJCWJJqRStVRHM1koZlJmXNx2BX4vPo6iW
++RFEIPQsFZRLrtnCAiEhyT8bC2s/Njlu6ly9gtJZWSV46Q3ZjBL4q9sHKqZQ=
++-----END CERTIFICATE-----
+diff -r 9ddc63c039ba Lib/test/test_ssl.py
+--- a/Lib/test/test_ssl.py	Sun Aug 11 13:04:50 2013 +0300
++++ b/Lib/test/test_ssl.py	Sun Aug 11 18:13:17 2013 +0200
+@@ -25,6 +25,7 @@
+ HOST = test_support.HOST
+ CERTFILE = None
+ SVN_PYTHON_ORG_ROOT_CERT = None
++NULLBYTECERT = None
+ 
+ def handle_error(prefix):
+     exc_format = ' '.join(traceback.format_exception(*sys.exc_info()))
+@@ -123,6 +124,27 @@
+                           ('DNS', 'projects.forum.nokia.com'))
+                         )
+ 
++    def test_parse_cert_CVE_2013_4073(self):
++        p = ssl._ssl._test_decode_cert(NULLBYTECERT)
++        if test_support.verbose:
++            sys.stdout.write("\n" + pprint.pformat(p) + "\n")
++        subject = ((('countryName', 'US'),),
++                   (('stateOrProvinceName', 'Oregon'),),
++                   (('localityName', 'Beaverton'),),
++                   (('organizationName', 'Python Software Foundation'),),
++                   (('organizationalUnitName', 'Python Core Development'),),
++                   (('commonName', 'null.python.org\x00example.org'),),
++                   (('emailAddress', 'python-dev@python.org'),))
++        self.assertEqual(p['subject'], subject)
++        self.assertEqual(p['issuer'], subject)
++        self.assertEqual(p['subjectAltName'],
++                         (('DNS', 'altnull.python.org\x00example.com'),
++                         ('email', 'null@python.org\x00user@example.org'),
++                         ('URI', 'http://null.python.org\x00http://example.org'),
++                         ('IP Address', '192.0.2.1'),
++                         ('IP Address', '2001:DB8:0:0:0:0:0:1\n'))
++                        )
++
+     def test_DER_to_PEM(self):
+         with open(SVN_PYTHON_ORG_ROOT_CERT, 'r') as f:
+             pem = f.read()
+@@ -1360,7 +1382,7 @@
+ 
+ 
+ def test_main(verbose=False):
+-    global CERTFILE, SVN_PYTHON_ORG_ROOT_CERT, NOKIACERT
++    global CERTFILE, SVN_PYTHON_ORG_ROOT_CERT, NOKIACERT, NULLBYTECERT
+     CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir,
+                             "keycert.pem")
+     SVN_PYTHON_ORG_ROOT_CERT = os.path.join(
+@@ -1368,10 +1390,13 @@
+         "https_svn_python_org_root.pem")
+     NOKIACERT = os.path.join(os.path.dirname(__file__) or os.curdir,
+                              "nokia.pem")
++    NULLBYTECERT = os.path.join(os.path.dirname(__file__) or os.curdir,
++                                "nullbytecert.pem")
+ 
+     if (not os.path.exists(CERTFILE) or
+         not os.path.exists(SVN_PYTHON_ORG_ROOT_CERT) or
+-        not os.path.exists(NOKIACERT)):
++        not os.path.exists(NOKIACERT) or
++        not os.path.exists(NULLBYTECERT)):
+         raise test_support.TestFailed("Can't read certificate files!")
+ 
+     tests = [BasicTests, BasicSocketTests]
+diff -r 9ddc63c039ba Modules/_ssl.c
+--- a/Modules/_ssl.c	Sun Aug 11 13:04:50 2013 +0300
++++ b/Modules/_ssl.c	Sun Aug 11 18:13:17 2013 +0200
+@@ -741,8 +741,13 @@
+ 
+             /* get a rendering of each name in the set of names */
+ 
++            int gntype;
++            ASN1_STRING *as = NULL;
++
+             name = sk_GENERAL_NAME_value(names, j);
+-            if (name->type == GEN_DIRNAME) {
++            gntype = name-> type;
++            switch (gntype) {
++            case GEN_DIRNAME:
+ 
+                 /* we special-case DirName as a tuple of tuples of attributes */
+ 
+@@ -764,11 +769,61 @@
+                     goto fail;
+                 }
+                 PyTuple_SET_ITEM(t, 1, v);
++                break;
+ 
+-            } else {
++            case GEN_EMAIL:
++            case GEN_DNS:
++            case GEN_URI:
++                /* GENERAL_NAME_print() doesn't handle NUL bytes in ASN1_string
++                   correctly. */
++                t = PyTuple_New(2);
++                if (t == NULL)
++                    goto fail;
++                switch (gntype) {
++                case GEN_EMAIL:
++                    v = PyUnicode_FromString("email");
++                    as = name->d.rfc822Name;
++                    break;
++                case GEN_DNS:
++                    v = PyUnicode_FromString("DNS");
++                    as = name->d.dNSName;
++                    break;
++                case GEN_URI:
++                    v = PyUnicode_FromString("URI");
++                    as = name->d.uniformResourceIdentifier;
++                    break;
++                }
++                if (v == NULL) {
++                    Py_DECREF(t);
++                    goto fail;
++                }
++                PyTuple_SET_ITEM(t, 0, v);
++                v = PyString_FromStringAndSize((char *)ASN1_STRING_data(as),
++                                               ASN1_STRING_length(as));
++                if (v == NULL) {
++                    Py_DECREF(t);
++                    goto fail;
++                }
++                PyTuple_SET_ITEM(t, 1, v);
++                break;
+ 
++            default:
+                 /* for everything else, we use the OpenSSL print form */
+-
++                switch (gntype) {
++                    /* check for new general name type */
++                    case GEN_OTHERNAME:
++                    case GEN_X400:
++                    case GEN_EDIPARTY:
++                    case GEN_IPADD:
++                    case GEN_RID:
++                        break;
++                    default:
++                        if (PyErr_Warn(PyExc_RuntimeWarning,
++				       "Unknown general name type") == -1) {
++                            goto fail;
++                        }
++                        break;
++                }
+                 (void) BIO_reset(biobuf);
+                 GENERAL_NAME_print(biobuf, name);
+                 len = BIO_gets(biobuf, buf, sizeof(buf)-1);
+@@ -794,6 +849,7 @@
+                     goto fail;
+                 }
+                 PyTuple_SET_ITEM(t, 1, v);
++		break;
+             }
+ 
+             /* and add that rendering to the list */

meta/recipes-devtools/python/python/pypirc-secure.patch

@@ -0,0 +1,35 @@
+# HG changeset patch
+# User Philip Jenvey <pjenvey@underboss.org>
+# Date 1322701507 28800
+# Branch 2.7
+# Node ID e7c20a8476a0e2ca18f8040864cbc400818d8f24
+# Parent  3ecddf168f1f554a17a047384fe0b02f2d688277
+create the .pypirc securely
+
+Upstream-Status: Backport
+
+Signed-off-by: Saul Wold <sgw@linux.intel.com>
+
+
+diff -r 3ecddf168f1f -r e7c20a8476a0 Lib/distutils/config.py
+--- a/Lib/distutils/config.py	Tue Nov 29 00:53:09 2011 +0100
++++ b/Lib/distutils/config.py	Wed Nov 30 17:05:07 2011 -0800
+@@ -42,16 +42,8 @@
+     def _store_pypirc(self, username, password):
+         """Creates a default .pypirc file."""
+         rc = self._get_rc_file()
+-        f = open(rc, 'w')
+-        try:
+-            f.write(DEFAULT_PYPIRC % (username, password))
+-        finally:
+-            f.close()
+-        try:
+-            os.chmod(rc, 0600)
+-        except OSError:
+-            # should do something better here
+-            pass
++        with os.fdopen(os.open(rc, os.O_CREAT | os.O_WRONLY, 0600), 'w') as fp:
++            fp.write(DEFAULT_PYPIRC % (username, password))
+ 
+     def _read_pypirc(self):
+         """Reads the .pypirc file."""

meta/recipes-devtools/python/python_2.7.3.bb

@@ -29,6 +29,8 @@ SRC_URI += "\
   file://python-2.7.3-remove-bsdb-rpath.patch \
   file://builddir.patch \
   file://python-2.7.3-CVE-2012-2135.patch \
+  file://CVE-2013-4073_py27.patch \
+  file://pypirc-secure.patch \
 "
 
 S = "${WORKDIR}/Python-${PV}"

meta/recipes-devtools/rpm/rpm/rpm-lsb-compatibility.patch

@@ -0,0 +1,24 @@
+Enable platform tag matching workaround in OE.
+
+When installing some LSB packages the 'platform' field in the package
+appears to be invalid.  Instead of relying solely on the platform comparison
+we also want to generate a perceived platform based on the valid rpm contents
+of arch and os.
+
+Upstream-Status: Pending
+
+Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
+
+Index: rpm-5.4.9/lib/depends.c
+===================================================================
+--- rpm-5.4.9.orig/lib/depends.c
++++ rpm-5.4.9/lib/depends.c
+@@ -594,7 +594,7 @@ int rpmtsAddInstallElement(rpmts ts, Hea
+ 	    platform = rpmExpand(arch, "-unknown-", os, NULL);
+ 
+ 	rc = rpmPlatformScore(platform, platpat, nplatpat);
+-#if defined(RPM_VENDOR_MANDRIVA)
++#if defined(RPM_VENDOR_MANDRIVA) || defined(RPM_VENDOR_OE)
+ 	/*
+ 	 * If no match on platform tag, we'll try again with arch tag
+ 	 * in case platform tag is inconsistent with it, which is the case

meta/recipes-devtools/rpm/rpm_5.4.9.bb

@@ -86,7 +86,8 @@ SRC_URI = "http://www.rpm5.org/files/rpm/rpm-5.4/rpm-5.4.9-0.20120508.src.rpm;ex
 	   file://rpm-platform2.patch \
 	   file://rpm-remove-sykcparse-decl.patch \
 	   file://debugedit-segv.patch \
-     file://rpm-platform-file-fix.patch \
+	   file://rpm-platform-file-fix.patch \
+	   file://rpm-lsb-compatibility.patch \
 	  "
 
 # Uncomment the following line to enable platform score debugging
@@ -155,7 +156,7 @@ PACKAGECONFIG[neon] = "${WITH_NEON},${WITHOUT_NEON},neon expat,"
 PACKAGECONFIG[lua] = "--with-lua,--without-lua,expat,"
 PACKAGECONFIG[tcl] = "--with-tcl,--without-tcl,tcl,"
 
-PACAKGECONFIG[augeas] = "--with-augeas,--without-augeas,augeas,"
+PACKAGECONFIG[augeas] = "--with-augeas,--without-augeas,augeas,"
 
 EXTRA_OECONF += "--verbose \
 		--sysconfdir=${sysconfdir} \

meta/recipes-devtools/subversion/subversion-1.7.8/neon.m4-fix-includes-and-cflags.patch

@@ -0,0 +1,32 @@
+Fix to get correct SVN_NEON_CONFIG and CFLAGS when sysroot path contains '-D' and '-I'
+characters.
+
+Upstream-Status: Pending
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+
+index f951039..a813145 100644
+--- a/build/ac-macros/neon.m4
++++ b/build/ac-macros/neon.m4
+@@ -105,8 +105,8 @@ AC_DEFUN(SVN_NEON_CONFIG,
+            test "$svn_allowed_neon" = "any"; then
+             svn_allowed_neon_on_system="yes"
+             if test "$NEON_PKG_CONFIG" = "yes"; then
+-              SVN_NEON_INCLUDES=[`$PKG_CONFIG neon --cflags | $SED -e 's/-D[^ ]*//g'`]
+-              CFLAGS=["$CFLAGS `$PKG_CONFIG neon --cflags | $SED -e 's/-I[^ ]*//g'`"]
++              SVN_NEON_INCLUDES=["`$PKG_CONFIG neon --cflags | $SED -e 's/^-D[^ ]*//g' -e 's/ -D[^ ]*//g'`"]
++              CFLAGS=["$CFLAGS `$PKG_CONFIG neon --cflags | $SED -e 's/^-I[^ ]*//g' -e 's/ -I[^ ]*//g'`"]
+               old_CFLAGS="$CFLAGS"
+               old_LIBS="$LIBS"
+               NEON_LIBS=`$PKG_CONFIG neon --libs`
+@@ -126,8 +126,8 @@ int main()
+               CFLAGS="$old_CFLAGS"
+               LIBS="$old_LIBS"
+             else
+-              SVN_NEON_INCLUDES=[`$neon_config --cflags | $SED -e 's/-D[^ ]*//g'`]
+-              CFLAGS=["$CFLAGS `$neon_config --cflags | $SED -e 's/-I[^ ]*//g'`"]
++              SVN_NEON_INCLUDES=[`$neon_config --cflags | $SED -e 's/^-D[^ ]*//g' -e 's/ -D[^ ]*//g'`]
++              CFLAGS=["$CFLAGS `$neon_config --cflags | $SED -e 's/^-I[^ ]*//g' -e 's/ -I[^ ]*//g'`"]
+               NEON_LIBS=`$neon_config --libs`
+             fi
+             svn_lib_neon="yes"

meta/recipes-devtools/subversion/subversion_1.7.8.bb

@@ -12,6 +12,7 @@ inherit gettext
 SRC_URI = "${APACHE_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
            file://libtool2.patch \
            file://fix-install-depends.patch \
+           file://neon.m4-fix-includes-and-cflags.patch \
 "
 SRC_URI[md5sum] = "454b9f398415c3504435bf8c3f6ed127"
 SRC_URI[sha256sum] = "fc83d4d98ccea8b7bfa8f5c20fff545c8baa7d035db930977550c51c6ca23686"

meta/recipes-extended/findutils/findutils-4.2.31/findutils-fix-doc-build-error.patch

@@ -0,0 +1,53 @@
+From 33cba24cba7b0973a702e9627bd5b93962948ae4 Mon Sep 17 00:00:00 2001
+From: Jackie Huang <jackie.huang@windriver.com>
+Date: Tue, 17 Sep 2013 16:11:16 +0800
+Subject: [PATCH] findutils: fix doc build error
+
+Upstream-Status: Backport
+
+Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
+---
+ doc/find.texi |    6 +++---
+ 1 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/doc/find.texi b/doc/find.texi
+index 5b5f0cf..b3d9c6b 100644
+--- a/doc/find.texi
++++ b/doc/find.texi
+@@ -63,7 +63,7 @@ translation approved by the Foundation.
+
+ @page
+ @vskip 0pt plus 1filll
+-@insertcopying{}
++@insertcopying
+ @end titlepage
+
+ @contents
+@@ -1466,6 +1466,7 @@ no output is ever sent to it.
+ * Escapes::
+ * Format Directives::
+ * Time Formats::
++* Formatting Flags::
+ @end menu
+
+ @node Escapes
+@@ -1534,7 +1535,6 @@ from the novel you are reading.
+ * Size Directives::
+ * Location Directives::
+ * Time Directives::
+-* Formatting Flags::
+ @end menu
+
+ @node Name Directives
+@@ -1780,7 +1780,7 @@ setting the TZ environment variable).  This is a GNU extension.
+ @end table
+
+ @node Formatting Flags
+-@subsubsection Formatting Flags
++@subsection Formatting Flags
+
+ The @samp{%m} and @samp{%d} directives support the @samp{#}, @samp{0}
+ and @samp{+} flags, but the other directives do not, even if they
+--
+1.7.4.1
+

meta/recipes-extended/findutils/findutils_4.2.31.bb

@@ -6,6 +6,7 @@ require findutils.inc
 
 SRC_URI += "file://gnulib-extension.patch \
             file://findutils_fix_for_automake-1.12.patch \
+            file://findutils-fix-doc-build-error.patch \
            "
 
 SRC_URI[md5sum] = "a0e31a0f18a49709bf5a449867c8049a"

meta/recipes-extended/grep/grep-2.5.1a/fix-for-texinfo-5.1.patch

@@ -0,0 +1,13 @@
+Index: grep-2.5.1a/doc/grep.texi
+===================================================================
+--- grep-2.5.1a.orig/doc/grep.texi
++++ grep-2.5.1a/doc/grep.texi
+@@ -288,7 +288,7 @@ This version number should be included i
+ Print a usage message briefly summarizing these command-line options
+ and the bug-reporting address, then exit.
+ 
+-@itemx --binary-files=@var{type}
++@item --binary-files=@var{type}
+ @opindex --binary-files
+ @cindex binary files
+ If the first few bytes of a file indicate that the file contains binary

meta/recipes-extended/grep/grep_2.5.1a.bb

@@ -14,6 +14,7 @@ SRC_URI = "${GNU_MIRROR}/grep/grep-${PV}.tar.bz2 \
            file://fix64-int-to-pointer.patch \
            file://Makevars \
            file://grep-CVE-2012-5667.patch \
+           file://fix-for-texinfo-5.1.patch \
           "
 
 SRC_URI[md5sum] = "52202fe462770fa6be1bb667bd6cf30c"

meta/recipes-extended/lsb/lsbtest/LSB_Test.sh

@@ -272,7 +272,7 @@ then
 fi
 
 if ! `grep -F -q "noarch-suse" ${PLATFORM_FILE}`; then
-	if [ ${ARCH} == i686 ];then
+	if [ ${ARCH} = i686 ];then
 		echo "i486-suse" >> ${PLATFORM_FILE}
 		echo "i486-noarch" >> ${PLATFORM_FILE}
 		echo "i486-pc" >> ${PLATFORM_FILE}

meta/recipes-extended/lsb/lsbtest_1.0.bb

@@ -19,15 +19,15 @@ do_install() {
 	install -d  ${D}/opt/lsb-test
 	install -m 0644 ${S}/packages_list ${D}/opt/lsb-test/packages_list
 	install -m 0644 ${S}/session ${D}/opt/lsb-test/session
-	if [ "${TARGET_ARCH}" == "i586" ];then
+	if [ "${TARGET_ARCH}" = "i586" ];then
 		sed -i -e 's/lsbarch/ia32/g' -e 's/targetarch/i486/g' ${D}/opt/lsb-test/packages_list
 		sed -i -e 's/targetarch/x86/g' ${D}/opt/lsb-test/session
 	fi
-	if [ "${TARGET_ARCH}" == "x86_64" ];then
+	if [ "${TARGET_ARCH}" = "x86_64" ];then
 		sed -i -e 's/lsbarch/amd64/g' -e 's/targetarch/x86_64/g' ${D}/opt/lsb-test/packages_list
 		sed -i -e 's/targetarch/x86-64/g' ${D}/opt/lsb-test/session
 	fi
-	if [ "${TARGET_ARCH}" == "powerpc" ];then
+	if [ "${TARGET_ARCH}" = "powerpc" ];then
 		sed -i -e 's/lsbarch/ppc32/g' -e 's/targetarch/ppc/g' ${D}/opt/lsb-test/packages_list
 		sed -i -e 's/targetarch/PPC32/g' ${D}/opt/lsb-test/session
 	fi

meta/recipes-extended/mc/mc_4.7.5.2.bb

@@ -20,6 +20,28 @@ EXTRA_OECONF = "--with-screen=ncurses --without-gpm-mouse --without-x --without-
 FILES_${PN}-dbg += "${libexecdir}/mc/.debug/"
 
 do_install_append () {
-       sed -i -e '1s,#!.*perl,#!${bindir}/env perl,' ${D}${libexecdir}/mc/extfs.d/*
-       
+	sed -i -e '1s,#!.*perl,#!${bindir}/env perl,' ${D}${libexecdir}/mc/extfs.d/*
+	sed -i -e '1s,#!.*python,#!${bindir}/env python,' ${D}${libexecdir}/mc/extfs.d/*
 }
+
+PACKAGES =+ "${BPN}-helpers-perl ${BPN}-helpers-python ${BPN}-helpers ${BPN}-fish"
+
+DESCRIPTION_${BPN}-helpers-perl = "Midnight Commander perl based helper scripts" 
+FILES_${BPN}-helpers-perl = "${libexecdir}/mc/extfs.d/a+ ${libexecdir}/mc/extfs.d/apt+ \
+                             ${libexecdir}/mc/extfs.d/deb ${libexecdir}/mc/extfs.d/deba \
+                             ${libexecdir}/mc/extfs.d/debd ${libexecdir}/mc/extfs.d/dpkg+ \
+                             ${libexecdir}/mc/extfs.d/mailfs ${libexecdir}/mc/extfs.d/patchfs \ 
+                             ${libexecdir}/mc/extfs.d/rpms+ ${libexecdir}/mc/extfs.d/ulib \ 
+                             ${libexecdir}/mc/extfs.d/uzip"
+RDEPENDS_${BPN}-helpers-perl = "perl"
+
+DESCRIPTION_${BPN}-helpers-python = "Midnight Commander python based helper scripts" 
+FILES_${BPN}-helpers-python = "${libexecdir}/mc/extfs.d/s3+ ${libexecdir}/mc/extfs.d/uc1541"
+RDEPENDS_${BPN}-helpers-python = "python"
+
+DESCRIPTION_${BPN}-helpers = "Midnight Commander shell helper scripts" 
+FILES_${BPN}-helpers = "${libexecdir}/mc/extfs.d/* ${libexecdir}/mc/ext.d/*"
+
+DESCRIPTION_${BPN}-fish = "Midnight Commander Fish scripts"
+FILES_${BPN}-fish = "${libexecdir}/mc/fish"
+

meta/recipes-extended/mc/mc_4.8.7.bb

@@ -21,5 +21,26 @@ FILES_${PN}-dbg += "${libexecdir}/mc/.debug/"
 
 do_install_append () {
 	sed -i -e '1s,#!.*perl,#!${bindir}/env perl,' ${D}${libexecdir}/mc/extfs.d/*
-	rm -rf ${D}${libdir}
+	sed -i -e '1s,#!.*python,#!${bindir}/env python,' ${D}${libexecdir}/mc/extfs.d/*
 }
+
+PACKAGES =+ "${BPN}-helpers-perl ${BPN}-helpers-python ${BPN}-helpers ${BPN}-fish"
+
+DESCRIPTION_${BPN}-helpers-perl = "Midnight Commander perl based helper scripts" 
+FILES_${BPN}-helpers-perl = "${libexecdir}/mc/extfs.d/a+ ${libexecdir}/mc/extfs.d/apt+ \
+                             ${libexecdir}/mc/extfs.d/deb ${libexecdir}/mc/extfs.d/deba \
+                             ${libexecdir}/mc/extfs.d/debd ${libexecdir}/mc/extfs.d/dpkg+ \
+                             ${libexecdir}/mc/extfs.d/mailfs ${libexecdir}/mc/extfs.d/patchfs \ 
+                             ${libexecdir}/mc/extfs.d/rpms+ ${libexecdir}/mc/extfs.d/ulib \ 
+                             ${libexecdir}/mc/extfs.d/uzip"
+RDEPENDS_${BPN}-helpers-perl = "perl"
+
+DESCRIPTION_${BPN}-helpers-python = "Midnight Commander python based helper scripts" 
+FILES_${BPN}-helpers-python = "${libexecdir}/mc/extfs.d/s3+ ${libexecdir}/mc/extfs.d/uc1541"
+RDEPENDS_${BPN}-helpers-python = "python"
+
+DESCRIPTION_${BPN}-helpers = "Midnight Commander shell helper scripts" 
+FILES_${BPN}-helpers = "${libexecdir}/mc/extfs.d/* ${libexecdir}/mc/ext.d/*"
+
+DESCRIPTION_${BPN}-fish = "Midnight Commander Fish scripts"
+FILES_${BPN}-fish = "${libexecdir}/mc/fish"

meta/recipes-graphics/xorg-lib/libx11/xeatdatawords.patch

@@ -0,0 +1,65 @@
+From 9f5d83706543696fc944c1835a403938c06f2cc5 Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Sat, 02 Mar 2013 04:54:24 +0000
+Subject: Add _XEatDataWords to discard a given number of 32-bit words of reply data
+
+Matches the units of the length field in X protocol replies, and provides
+a single implementation of overflow checking to avoid having to replicate
+those checks in every caller.
+
+Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+Reviewed-by: Matthieu Herrb <matthieu.herrb@laas.fr>
+
+Upstream-Status: Backport
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+---
+diff --git a/include/X11/Xlibint.h b/include/X11/Xlibint.h
+index 06395b3..d63a534 100644
+--- a/include/X11/Xlibint.h
++++ b/include/X11/Xlibint.h
+@@ -855,6 +855,10 @@ extern void _XEatData(
+     Display*		/* dpy */,
+     unsigned long	/* n */
+ );
++extern void _XEatDataWords(
++    Display*		/* dpy */,
++    unsigned long	/* n */
++);
+ extern char *_XAllocScratch(
+     Display*		/* dpy */,
+     unsigned long	/* nbytes */
+diff --git a/src/xcb_io.c b/src/xcb_io.c
+index 300ef57..727c6c7 100644
+--- a/src/xcb_io.c
++++ b/src/xcb_io.c
+@@ -19,6 +19,7 @@
+ #include <stdint.h>
+ #include <stdlib.h>
+ #include <string.h>
++#include <limits.h>
+ #ifdef HAVE_SYS_SELECT_H
+ #include <sys/select.h>
+ #endif
+@@ -757,3 +758,19 @@ void _XEatData(Display *dpy, unsigned long n)
+ 	dpy->xcb->reply_consumed += n;
+ 	_XFreeReplyData(dpy, False);
+ }
++
++/*
++ * Read and discard "n" 32-bit words of data
++ * Matches the units of the length field in X protocol replies, and provides
++ * a single implementation of overflow checking to avoid having to replicate
++ * those checks in every caller.
++ */
++void _XEatDataWords(Display *dpy, unsigned long n)
++{
++	if (n < ((INT_MAX - dpy->xcb->reply_consumed) >> 2))
++		dpy->xcb->reply_consumed += (n << 2);
++	else
++		/* Overflow would happen, so just eat the rest of the reply */
++		dpy->xcb->reply_consumed = dpy->xcb->reply_length;
++	_XFreeReplyData(dpy, False);
++}
+--
+cgit v0.9.0.2-2-gbebe

meta/recipes-graphics/xorg-lib/libx11_1.5.0.bb

@@ -7,6 +7,7 @@ BBCLASSEXTEND = "native nativesdk"
 
 SRC_URI += "file://keysymdef_include.patch \
             file://disable_tests.patch \
+            file://xeatdatawords.patch \
            "
 
 SRC_URI[md5sum] = "78b4b3bab4acbdf0abcfca30a8c70cc6"

meta/recipes-kernel/kern-tools/kern-tools-native_git.bb

@@ -4,13 +4,13 @@ LIC_FILES_CHKSUM = "file://git/tools/kgit;beginline=5;endline=9;md5=d8d1d729a70c
 
 DEPENDS = "git-native guilt-native"
 
-SRCREV = "1a3c59526d6abe95662820b9493c8a62dab52d79"
+SRCREV = "2700c5d1c214766f01e68bdfa25049fa1a5960bc"
 PR = "r12"
 PV = "0.1+git${SRCPV}"
 
 inherit native
 
-SRC_URI = "git://git.yoctoproject.org/yocto-kernel-tools.git;protocol=git"
+SRC_URI = "git://git.yoctoproject.org/yocto-kernel-tools.git;protocol=git;branch=dylan"
 S = "${WORKDIR}"
 
 do_compile() { 

meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/gst-ffmpeg-CVE-2013-3674.patch

@@ -0,0 +1,26 @@
+avcodec/cdgraphics: check buffer size before use
+
+Fixes out of array accesses
+
+Backported from:http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ad002e1a13a8df934bd6cb2c84175a4780ab8942
+
+Upstream-status: Backport
+
+Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
+Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
+Signed-off-by: Ming Liu <ming.liu@windriver.com>
+
+diff -urpN a/gst-libs/ext/libav/libavcodec/cdgraphics.c b/gst-libs/ext/libav/libavcodec/cdgraphics.c
+--- a/gst-libs/ext/libav/libavcodec/cdgraphics.c	2013-07-18 13:17:08.399876575 +0800
++++ b/gst-libs/ext/libav/libavcodec/cdgraphics.c	2013-07-18 13:18:05.880502267 +0800
+@@ -291,7 +291,9 @@ static int cdg_decode_frame(AVCodecConte
+     inst    = bytestream_get_byte(&buf);
+     inst    &= CDG_MASK;
+     buf += 2;  /// skipping 2 unneeded bytes
+-    bytestream_get_buffer(&buf, cdg_data, buf_size - CDG_HEADER_SIZE);
++
++    if (buf_size > CDG_HEADER_SIZE)
++        bytestream_get_buffer(&buf, cdg_data, buf_size - CDG_HEADER_SIZE);
+ 
+     if ((command & CDG_MASK) == CDG_COMMAND) {
+         switch (inst) {

meta/recipes-multimedia/gstreamer/gst-ffmpeg_0.10.13.bb

@@ -21,6 +21,7 @@ SRC_URI = "http://gstreamer.freedesktop.org/src/${BPN}/${BPN}-${PV}.tar.bz2 \
            file://configure-fix.patch \
            file://h264_qpel_mmx.patch \
            file://libav_e500mc.patch \
+           file://gst-ffmpeg-CVE-2013-3674.patch \
 "
 
 SRC_URI[md5sum] = "7f5beacaf1312db2db30a026b36888c4"

meta/recipes-multimedia/libtiff/files/libtiff-CVE-2013-1960.patch

@@ -0,0 +1,151 @@
+This patch comes from: http://pkgs.fedoraproject.org/cgit/libtiff.git/plain/libtiff-CVE-2013-1960.patch
+
+Upstream-Status: Pending
+
+Signed-off-by: Ming Liu <ming.liu@windriver.com>
+
+diff -Naur a/tools/tiff2pdf.c b/tools/tiff2pdf.c
+--- a/tools/tiff2pdf.c	2012-07-25 22:56:43.000000000 -0400
++++ b/tools/tiff2pdf.c	2013-05-02 12:04:49.057090227 -0400
+@@ -3341,33 +3341,56 @@
+ 	uint32 height){
+ 
+ 	tsize_t i=0;
+-	uint16 ri =0;
+-	uint16 v_samp=1;
+-	uint16 h_samp=1;
+-	int j=0;
+-	
+-	i++;
+-	
+-	while(i<(*striplength)){
++
++	while (i < *striplength) {
++		tsize_t datalen;
++		uint16 ri;
++		uint16 v_samp;
++		uint16 h_samp;
++		int j;
++		int ncomp;
++
++		/* marker header: one or more FFs */
++		if (strip[i] != 0xff)
++			return(0);
++		i++;
++		while (i < *striplength && strip[i] == 0xff)
++			i++;
++		if (i >= *striplength)
++			return(0);
++		/* SOI is the only pre-SOS marker without a length word */
++		if (strip[i] == 0xd8)
++			datalen = 0;
++		else {
++			if ((*striplength - i) <= 2)
++				return(0);
++			datalen = (strip[i+1] << 8) | strip[i+2];
++			if (datalen < 2 || datalen >= (*striplength - i))
++				return(0);
++		}
+ 		switch( strip[i] ){
+-			case 0xd8:
+-				/* SOI - start of image */
++			case 0xd8:	/* SOI - start of image */
+ 				_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), 2);
+ 				*bufferoffset+=2;
+-				i+=2;
+ 				break;
+-			case 0xc0:
+-			case 0xc1:
+-			case 0xc3:
+-			case 0xc9:
+-			case 0xca:
++			case 0xc0:	/* SOF0 */
++			case 0xc1:	/* SOF1 */
++			case 0xc3:	/* SOF3 */
++			case 0xc9:	/* SOF9 */
++			case 0xca:	/* SOF10 */
+ 				if(no==0){
+-					_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), strip[i+2]+2);
+-					for(j=0;j<buffer[*bufferoffset+9];j++){
+-						if( (buffer[*bufferoffset+11+(2*j)]>>4) > h_samp) 
+-							h_samp = (buffer[*bufferoffset+11+(2*j)]>>4);
+-						if( (buffer[*bufferoffset+11+(2*j)] & 0x0f) > v_samp) 
+-							v_samp = (buffer[*bufferoffset+11+(2*j)] & 0x0f);
++					_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2);
++					ncomp = buffer[*bufferoffset+9];
++					if (ncomp < 1 || ncomp > 4)
++						return(0);
++					v_samp=1;
++					h_samp=1;
++					for(j=0;j<ncomp;j++){
++						uint16 samp = buffer[*bufferoffset+11+(3*j)];
++						if( (samp>>4) > h_samp) 
++							h_samp = (samp>>4);
++						if( (samp & 0x0f) > v_samp) 
++							v_samp = (samp & 0x0f);
+ 					}
+ 					v_samp*=8;
+ 					h_samp*=8;
+@@ -3381,45 +3404,43 @@
+                                           (unsigned char) ((height>>8) & 0xff);
+ 					buffer[*bufferoffset+6]=
+                                             (unsigned char) (height & 0xff);
+-					*bufferoffset+=strip[i+2]+2;
+-					i+=strip[i+2]+2;
+-
++					*bufferoffset+=datalen+2;
++					/* insert a DRI marker */
+ 					buffer[(*bufferoffset)++]=0xff;
+ 					buffer[(*bufferoffset)++]=0xdd;
+ 					buffer[(*bufferoffset)++]=0x00;
+ 					buffer[(*bufferoffset)++]=0x04;
+ 					buffer[(*bufferoffset)++]=(ri >> 8) & 0xff;
+ 					buffer[(*bufferoffset)++]= ri & 0xff;
+-				} else {
+-					i+=strip[i+2]+2;
+ 				}
+ 				break;
+-			case 0xc4:
+-			case 0xdb:
+-				_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), strip[i+2]+2);
+-				*bufferoffset+=strip[i+2]+2;
+-				i+=strip[i+2]+2;
++			case 0xc4: /* DHT */
++			case 0xdb: /* DQT */
++				_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2);
++				*bufferoffset+=datalen+2;
+ 				break;
+-			case 0xda:
++			case 0xda: /* SOS */
+ 				if(no==0){
+-					_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), strip[i+2]+2);
+-					*bufferoffset+=strip[i+2]+2;
+-					i+=strip[i+2]+2;
++					_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2);
++					*bufferoffset+=datalen+2;
+ 				} else {
+ 					buffer[(*bufferoffset)++]=0xff;
+ 					buffer[(*bufferoffset)++]=
+                                             (unsigned char)(0xd0 | ((no-1)%8));
+-					i+=strip[i+2]+2;
+ 				}
+-				_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), (*striplength)-i-1);
+-				*bufferoffset+=(*striplength)-i-1;
++				i += datalen + 1;
++				/* copy remainder of strip */
++				_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i]), *striplength - i);
++				*bufferoffset+= *striplength - i;
+ 				return(1);
+ 			default:
+-				i+=strip[i+2]+2;
++				/* ignore any other marker */
++				break;
+ 		}
++		i += datalen + 1;
+ 	}
+-	
+ 
++	/* failed to find SOS marker */
+ 	return(0);
+ }
+ #endif

meta/recipes-multimedia/libtiff/files/libtiff-CVE-2013-4232.patch

@@ -0,0 +1,15 @@
+This patch comes from: http://bugzilla.maptools.org/attachment.cgi?id=513&action=diff 
+
+Upstream-Status: Pending
+
+Signed-off-by: Baogen shang <baogen.shang@windriver.com>
+--- a/tools/tiff2pdf.c	2013-10-21 10:36:38.214170346 +0800
++++ b/tools/tiff2pdf.c	2013-10-21 10:38:58.246170329 +0800
+@@ -2387,6 +2387,7 @@
+ 					TIFFFileName(input));
+ 				t2p->t2p_error = T2P_ERR_ERROR;
+ 			  _TIFFfree(buffer);
++			  return(0);
+ 			} else {
+ 				buffer=samplebuffer;
+ 				t2p->tiff_datasize *= t2p->tiff_samplesperpixel;

meta/recipes-multimedia/libtiff/files/libtiff-CVE-2013-4243.patch

@@ -0,0 +1,40 @@
+This patch comes from: http://bugzilla.maptools.org/attachment.cgi?id=518&action=diff#tools/gif2tiff.c_sec2
+
+Upstream-Status: Pending
+
+Signed-off-by: Baogen shang <baogen.shang@windriver.com>
+--- a/tools/gif2tiff.c	2013-10-14 17:08:43.966239709 +0800
++++ b/tools/gif2tiff.c	2013-10-14 17:18:22.994239638 +0800
+@@ -280,6 +280,10 @@
+         fprintf(stderr, "no colormap present for image\n");
+         return (0);
+     }
++    if (width == 0 || height == 0) {
++        fprintf(stderr, "Invalid value of width or height\n");
++        return(0);
++    }
+     if ((raster = (unsigned char*) _TIFFmalloc(width*height+EXTRAFUDGE)) == NULL) {
+         fprintf(stderr, "not enough memory for image\n");
+         return (0);
+@@ -397,6 +401,10 @@
+ 	return 1;
+     }
+ 
++    if (*fill >= raster + width*height) {
++        fprintf(stderr, "raster full before eoi code\n");
++        return 0;
++    }
+     if (oldcode == -1) {
+ 	*(*fill)++ = suffix[code];
+ 	firstchar = oldcode = code;
+@@ -428,6 +436,10 @@
+     }
+     oldcode = incode;
+     do {
++    if (*fill >= raster + width*height) {
++        fprintf(stderr, "raster full before eoi code\n");
++        return 0;
++    }
+ 	*(*fill)++ = *--stackp;
+     } while (stackp > stack);
+     return 1;

meta/recipes-multimedia/libtiff/tiff_4.0.3.bb

@@ -6,7 +6,10 @@ DEPENDS = "zlib jpeg xz"
 PR = "r0"
 
 SRC_URI = "ftp://ftp.remotesensing.org/pub/libtiff/tiff-${PV}.tar.gz \
-           file://libtool2.patch"
+           file://libtool2.patch \
+           file://libtiff-CVE-2013-1960.patch \
+           file://libtiff-CVE-2013-4232.patch \
+           file://libtiff-CVE-2013-4243.patch"
 
 SRC_URI[md5sum] = "051c1068e6a0627f461948c365290410"
 SRC_URI[sha256sum] = "ea1aebe282319537fb2d4d7805f478dd4e0e05c33d0928baba76a7c963684872"

meta/recipes-qt/meta/meta-toolchain-qt.inc

@@ -24,6 +24,7 @@ toolchain_create_sdk_env_script_append() {
     echo 'export OE_QMAKE_QDBUSXML2CPP=${QT_TOOLS_PREFIX}/qdbusxml2cpp4' >> $script
     echo 'export OE_QMAKE_QT_CONFIG=${SDKTARGETSYSROOT}/${datadir}/${QT_DIR_NAME}/mkspecs/qconfig.pri' >> $script
     echo 'export QMAKESPEC=${SDKTARGETSYSROOT}/${datadir}/${QT_DIR_NAME}/mkspecs/linux-g++' >> $script
+    echo 'export QT_CONF_PATH=${SDKPATHNATIVE}/${sysconfdir}/qt.conf' >> $script
 
     # make a symbolic link to mkspecs for compatibility with Nokia's SDK
     # and QTCreator

meta/recipes-qt/qt4/nativesdk-qt4-tools.inc

@@ -118,4 +118,10 @@ do_install() {
     for i in moc uic uic3 rcc lrelease lupdate qdbuscpp2xml qdbusxml2cpp; do \
         ln -s ${i}4 ${i}; \
     done)
+
+    install -d ${D}${sysconfdir}
+    cat >${D}${sysconfdir}/qt.conf <<EOF
+[Paths]
+Prefix = ${prefix}
+EOF
 }

meta/recipes-support/boost/boost.inc

@@ -115,6 +115,8 @@ def get_boost_parallel_make(bb, d):
             bb.error("Unable to analyse format of PARALLEL_MAKE variable: %s" % pm)
         pm_nval = min(64, int(pm_val.group(0)))
         return pm_prefix.group(0) + str(pm_nval) + pm[pm_val.end():]
+    else:
+        return ""
 
 BOOST_PARALLEL_MAKE = "${@get_boost_parallel_make(bb, d)}"
 BJAM_OPTS    = '${BOOST_PARALLEL_MAKE} \

meta/recipes-support/db/db/fix-parallel-build.patch

@@ -0,0 +1,19 @@
+With higher paralelism it sometimes fails with:
+libtool: link: `util_log.lo' is not a valid libtool object
+make: *** [db_replicate] Error 1
+
+Upstream-Status: Pending
+
+Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
+
+--- dist.orig/Makefile.in	2012-05-11 19:57:48.000000000 +0200
++++ dist/Makefile.in	2013-10-31 18:17:11.875532522 +0100
+@@ -1034,7 +1034,7 @@
+ 	    db_recover@o@ util_sig@o@ $(DEF_LIB) $(LIBS)
+ 	$(POSTLINK) $@
+ 
+-db_replicate: db_replicate@o@ util_sig@o@ $(DEF_LIB)
++db_replicate: db_replicate@o@ util_log@o@ util_sig@o@ $(DEF_LIB)
+ 	$(CCLINK) -o $@ $(LDFLAGS) \
+ 	    db_replicate@o@ util_log@o@ util_sig@o@ $(DEF_LIB) $(LIBS)
+ 	$(POSTLINK) $@

meta/recipes-support/db/db_5.3.21.bb

@@ -17,7 +17,8 @@ RCONFLICTS_${PN} = "db3"
 PR = "r0"
 
 SRC_URI = "http://download.oracle.com/berkeley-db/db-${PV}.tar.gz"
-SRC_URI += "file://arm-thumb-mutex_db5.patch;patchdir=.."
+SRC_URI += "file://arm-thumb-mutex_db5.patch;patchdir=.. \
+            file://fix-parallel-build.patch"
 
 SRC_URI[md5sum] = "3fda0b004acdaa6fa350bfc41a3b95ca"
 SRC_URI[sha256sum] = "ddd92a930317df92021054c03992392db9ea5cddba43bef8920d392a82114fb8"

meta/recipes-support/gnutls/gnutls/25_updatedgdocfrommaster.diff

@@ -0,0 +1,636 @@
+Description: Update gdoc script from gnutls master.
+ This includes bef38b98c0536d81c0e4b2e78a9182e1df1d451c among other fixes:
+ .
+ [PATCH] Avoid depending on hash order in gdoc.
+ .
+ Previously, gdoc had a hash of regexp replacements for each output
+ format, and applied the replacements in the order that "keys" returned
+ for the hash. However, not all orders are safe -- and now that Perl 5.18
+ randomises hash order per-process, it only worked sometimes!
+
+Bug-Debian: http://bugs.debian.org/724167
+
+Upstream-Status: Backport
+
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+--- gnutls26-2.12.23.orig/doc/scripts/gdoc
++++ gnutls26-2.12.23/doc/scripts/gdoc
+@@ -1,4 +1,6 @@
+-#!/usr/bin/perl
++eval '(exit $?0)' && eval 'exec perl "$0" ${1+"$@"}'
++  & eval 'exec perl "$0" $argv:q'
++    if 0;
+ 
+ ## Copyright (c) 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Simon Josefsson
+ ##                    added -texinfo, -listfunc, -pkg-name
+@@ -7,6 +9,8 @@
+ ## Copyright (c) 2001, 2002 Nikos Mavrogiannopoulos
+ ##                    added -tex
+ ## Copyright (c) 1998 Michael Zucchi
++## Copyright (c) 2013 Adam Sampson
++##                    made highlighting not depend on hash order, for Perl 5.18
+ 
+ # This program is free software: you can redistribute it and/or modify
+ # it under the terms of the GNU General Public License as published by
+@@ -132,57 +136,59 @@
+ use POSIX qw(strftime);
+ 
+ # match expressions used to find embedded type information
+-$type_constant = "((?<!\")\\\%(\\w+))";
+-$type_func = "(\\w+\\(\\))";
+-$type_param = "\\\@(\\w+)";
+-$type_struct = "\\\#(\\w+)";
+-$type_env = "(\\\$\\w+)";
++$type_constant = "\\\%([A-Za-z0-9_]+)";
++$type_func = "([A-Za-z0-9_]+\\(\\))";
++$type_param = '\@([A-Za-z0-9_]+)\s*';
++$type_struct = "\\\#([A-Za-z0-9_]+)";
++$type_env = "(\\\$[A-Za-z0-9_]+)";
+ 
+ 
+ # Output conversion substitutions.
+ #  One for each output format
+ 
+ # these work fairly well
+-%highlights_html = ( $type_constant, "<i>\$2</i>",
+-		     $type_func, "<b>\$1</b>",
+-		     $type_struct, "<i>\$1</i>",
+-		     $type_param, "<tt><b>\$1</b></tt>" );
++@highlights_html = ( [$type_constant, '"<i>$1</i>"'],
++		     [$type_func, '"<b>$1</b>"'],
++		     [$type_struct, '"<i>$1</i>"'],
++		     [$type_param, '" <tt><b>$1</b></tt> "'] );
+ $blankline_html = "<p>";
+ 
+-%highlights_texinfo = ( $type_constant, "\\\@code{\$2}",
+-			$type_func, "\\\@code{\$1}",
+-			$type_struct, "\\\@code{\$1}",
+-			$type_param, "\\\@code{\$1}" );
++@highlights_texinfo = ( [$type_param, '" \@code{$1} "'],
++			[$type_constant, '"\@code{$1} "'],
++			[$type_func, '"\@code{$1} "'],
++			[$type_struct, '"\@code{$1} "'],
++			 );
+ $blankline_texinfo = "";
+ 
+-%highlights_tex = ( $type_constant, "{\\\\it \$2}",
+-		     $type_func, "{\\\\bf \$1}",
+-		     $type_struct, "{\\\\it \$1}",
+-		     $type_param, "{\\\\bf \$1}" );
++@highlights_tex = ( [$type_param, '" {\\\bf $1} "'],
++		[$type_constant, '"{\\\it $1}"'],
++		[$type_func, '"{\\\bf $1}"'],
++		[$type_struct, '"{\\\it $1}"'],
++		      );
+ $blankline_tex = "\\\\";
+ 
+ # sgml, docbook format
+-%highlights_sgml = ( $type_constant, "<replaceable class=\"option\">\$2</replaceable>",
+-		     $type_func, "<function>\$1</function>",
+-		     $type_struct, "<structname>\$1</structname>",
+-		     $type_env, "<envar>\$1</envar>",
+-		     $type_param, "<parameter>\$1</parameter>" );
++@highlights_sgml = ( [$type_constant, '"<replaceable class=\"option\">$1</replaceable>"'],
++		     [$type_func, '"<function>$1</function>"'],
++		     [$type_struct, '"<structname>$1</structname>"'],
++		     [$type_env, '"<envar>$1</envar>"'],
++		     [$type_param, '" <parameter>$1</parameter> "'] );
+ $blankline_sgml = "</para><para>\n";
+ 
+ # these are pretty rough
+-%highlights_man = ( $type_constant, "\\\\fB\$2\\\\fP",
+-		    $type_func, "\\\\fB\$1\\\\fP",
+-		    $type_struct, "\\\\fB\$1\\\\fP",
+-		    $type_param, "\\\\fI\$1\\\\fP" );
++@highlights_man = ( [$type_constant, '"\\\fB$1\\\fP"'],
++		    [$type_func, '"\\\fB$1\\\fP"'],
++		    [$type_struct, '"\\\fB$1\\\fP"'],
++		    [$type_param, '" \\\fI$1\\\fP "'] );
+ $blankline_man = "";
+ 
+ # text-mode
+-%highlights_text = ( $type_constant, "\$2",
+-		     $type_func, "\$1",
+-		     $type_struct, "\$1",
+-		     $type_param, "\$1" );
++@highlights_text = ( [$type_constant, '"$1"'],
++		     [$type_func, '"$1"'],
++		     [$type_struct, '"$1"'],
++		     [$type_param, '"$1 "'] );
+ $blankline_text = "";
+-
++my $lineprefix = "";
+ 
+ sub usage {
+     print "Usage: $0 [ -v ] [ -docbook | -html | -text | -man | -tex | -texinfo  -listfunc ]\n";
+@@ -201,7 +207,7 @@ if ($#ARGV==-1) {
+ 
+ $verbose = 0;
+ $output_mode = "man";
+-%highlights = %highlights_man;
++@highlights = @highlights_man;
+ $blankline = $blankline_man;
+ $modulename = "API Documentation";
+ $sourceversion = strftime "%Y-%m-%d", localtime;
+@@ -210,27 +216,27 @@ while ($ARGV[0] =~ m/^-(.*)/) {
+     $cmd = shift @ARGV;
+     if ($cmd eq "-html") {
+ 	$output_mode = "html";
+-	%highlights = %highlights_html;
++	@highlights = @highlights_html;
+ 	$blankline = $blankline_html;
+     } elsif ($cmd eq "-man") {
+ 	$output_mode = "man";
+-	%highlights = %highlights_man;
++	@highlights = @highlights_man;
+ 	$blankline = $blankline_man;
+     } elsif ($cmd eq "-tex") {
+ 	$output_mode = "tex";
+-	%highlights = %highlights_tex;
++	@highlights = @highlights_tex;
+ 	$blankline = $blankline_tex;
+     } elsif ($cmd eq "-texinfo") {
+ 	$output_mode = "texinfo";
+-	%highlights = %highlights_texinfo;
++	@highlights = @highlights_texinfo;
+ 	$blankline = $blankline_texinfo;
+     } elsif ($cmd eq "-text") {
+ 	$output_mode = "text";
+-	%highlights = %highlights_text;
++	@highlights = @highlights_text;
+ 	$blankline = $blankline_text;
+     } elsif ($cmd eq "-docbook") {
+ 	$output_mode = "sgml";
+-	%highlights = %highlights_sgml;
++	@highlights = @highlights_sgml;
+ 	$blankline = $blankline_sgml;
+     } elsif ($cmd eq "-listfunc") {
+ 	$output_mode = "listfunc";
+@@ -270,6 +276,8 @@ sub dump_section {
+     my $name = shift @_;
+     my $contents = join "\n", @_;
+ 
++    $name = " $name";
++
+     if ($name =~ m/$type_constant/) {
+ 	$name = $1;
+ #	print STDERR "constant section '$1' = '$contents'\n";
+@@ -280,6 +288,7 @@ sub dump_section {
+ 	$parameters{$name} = $contents;
+     } else {
+ #	print STDERR "other section '$name' = '$contents'\n";
++	$name =~ tr/ //d;
+ 	$sections{$name} = $contents;
+ 	push @sectionlist, $name;
+     }
+@@ -296,35 +305,15 @@ sub dump_section {
+ #  sections => %descriont descriptions
+ #  
+ 
+-sub repstr {
+-    $pattern = shift;
+-    $repl = shift;
+-    $match1 = shift;
+-    $match2 = shift;
+-    $match3 = shift;
+-    $match4 = shift;
+-
+-    $output = $repl;
+-    $output =~ s,\$1,$match1,g;
+-    $output =~ s,\$2,$match2,g;
+-    $output =~ s,\$3,$match3,g;
+-    $output =~ s,\$4,$match4,g;
+-
+-    eval "\$return = qq/$output/";
+-
+-#    print "pattern $pattern matched 1=$match1 2=$match2 3=$match3 4=$match4 replace $repl yielded $output interpolated $return\n";
+-
+-    $return;
+-}
+-
+ sub just_highlight {
+     my $contents = join "\n", @_;
+     my $line;
+     my $ret = "";
+ 
+-    foreach $pattern (keys %highlights) {
+-#	print "scanning pattern $pattern ($highlights{$pattern})\n";
+-	$contents =~ s:$pattern:repstr($pattern, $highlights{$pattern}, $1, $2, $3, $4):gse;
++    foreach $highlight (@highlights) {
++	my ($pattern, $replace) = @$highlight;
++	#print "scanning pattern $pattern ($replace)\n";
++	$contents =~ s/$pattern/$replace/gees;
+     }
+     foreach $line (split "\n", $contents) {
+ 	if ($line eq ""){
+@@ -370,13 +359,45 @@ sub output_texinfo {
+ 	}
+     }
+     foreach $section (@{$args{'sectionlist'}}) {
++	$section =~ s/\@//g;
+ 	print "\n\@strong{$section:} " if $section ne $section_default;
+-	$args{'sections'}{$section} =~ s:([{}]):\@\1:gs;
++	$args{'sections'}{$section} =~ s:([{}]):\@$1:gs;
+ 	output_highlight($args{'sections'}{$section});
+     }
+     print "\@end deftypefun\n\n";
+ }
+ 
++sub output_enum_texinfo {
++    my %args = %{$_[0]};
++    my ($parameter, $section);
++    my $count;
++    my $name = $args{'enum'};
++    my $param;
++    my $param2;
++    my $sec;
++    my $check;
++    my $type;
++
++    print "\n\@c $name\n";
++    print "\@table \@code\n";
++
++    $check=0;
++    foreach $parameter (@{$args{'parameterlist'}}) {
++        $param1 = $parameter;
++	$param1 =~ s/_/_\@-/g;
++
++	$check = 1;
++	print "\@item ".$param1."\n";
++#	print "\n";
++
++        $param2 = $args{'parameters'}{$parameter};
++	$out = just_highlight($param2);
++	chomp $out;
++	print $out . "\n";
++    }
++    print "\@end table\n";
++}
++
+ # output in html
+ sub output_html {
+     my %args = %{$_[0]};
+@@ -428,7 +449,9 @@ sub output_tex {
+ 
+     $func =~ s/_/\\_/g;
+ 
+-    print "\n\n\\subsection{". $func . "}\n\\label{" . $args{'function'} . "}\n";
++    print "\n\n\\begin{function}\n";
++    print "\\functionTitle{". $func . "}\n";
++    print "\\index{". $func . "}\n";
+ 
+     $type = $args{'functiontype'};
+     $type =~ s/_/\\_/g;
+@@ -451,9 +474,8 @@ sub output_tex {
+     }
+     print ")\n";
+ 
+-    print "\n{\\large{Arguments}}\n";
++    print "\n\\begin{functionArguments}\n";
+ 
+-    print "\\begin{itemize}\n";
+     $check=0;
+     foreach $parameter (@{$args{'parameterlist'}}) {
+         $param1 = $args{'parametertypes'}{$parameter};
+@@ -462,11 +484,12 @@ sub output_tex {
+ 	$param2 =~ s/_/\\_/g;
+ 
+ 	$check = 1;
+-	print "\\item {\\it ".$param1."} {\\bf ".$param2."}: \n";
++	print "\\functionArgument {\\it ".$param1."} {\\bf ".$param2."}: \n";
+ #	print "\n";
+ 
+ 	$param3 = $args{'parameters'}{$parameter};
+-	$param3 =~ s/#([a-zA-Z\_]+)/{\\it \1}/g;
++	$param3 =~ s/\#([a-zA-Z\_]+)/{\\it $1}/g;
++	$param3 =~ s/\%([a-zA-Z\_]+)/{\\bf $1}/g;
+ 
+ 	$out = just_highlight($param3);
+ 	$out =~ s/_/\\_/g;
+@@ -475,31 +498,72 @@ sub output_tex {
+     if ($check==0) {
+ 	print "\\item void\n";
+     }
+-    print "\\end{itemize}\n";
++    print "\\end{functionArguments}\n";
+ 
+     foreach $section (@{$args{'sectionlist'}}) {
+ 	$sec = $section;
+ 	$sec =~ s/_/\\_/g;
+-	$sec =~ s/#([a-zA-Z\_]+)/{\\it \1}/g;
++	$sec =~ s/#([a-zA-Z\_]+)/{\\it $1}/g;
+ 
+-	print "\n{\\large{$sec}}\\\\\n";
+-	print "\\begin{rmfamily}\n";
++	print "\n\\begin{function${sec}}\n";
++	$out = $args{'sections'}{$section};
+ 
+-	$sec = $args{'sections'}{$section};
+-	$sec =~ s/\\:/:/g;
+-	$sec =~ s/#([a-zA-Z\_]+)/{\\it \1}/g;
+-	$sec =~ s/->/\$\\rightarrow\$/g;
+-	$sec =~ s/([0-9]+)\^([0-9]+)/\$\{\1\}\^\{\2\}\$/g;
+-
+-	$out = just_highlight($sec);
+-	$out =~ s/_/\\_/g;
++	$out =~ s/\#([a-zA-Z\_]+)/{\\it $1}/g;
++	$out =~ s/\%([a-zA-Z\_]+)/{\\bf $1}/g;
++	$out =~ s/\@([a-zA-Z\_]+)/{\\bf $1}/g;
++	$out =~ s/_/\\_\\-/g;
++        $out =~ s/\$/\\\$/g;
++	$out =~ s/#/\\#/g;
++	$out =~ s/\n\n/\n/g;
++	$out =~ s/\\:/:/g;
++	$out =~ s/\-\>/\$\\rightarrow\$/g;
++	$out =~ s/([0-9]+)\^([0-9]+)/\$\{$1\}\^\{$2\}\$/g;
+ 
+ 	print $out;
+-	print "\\end{rmfamily}\n";
++	print "\\end{function${sec}}\n";
+     }
+-    print "\n";
++    print "\\end{function}\n\n";
+ }
+ 
++sub output_enum_tex {
++    my %args = %{$_[0]};
++    my ($parameter, $section);
++    my $count;
++    my $name = $args{'enum'};
++    my $param;
++    my $param2;
++    my $sec;
++    my $check;
++    my $type;
++
++    print "\n\n\\begin{enum}\n";
++    $name =~ s/_/\\_/g;
++    print "\\enumTitle{". $name . "}\n";
++    print "\\index{". $name . "}\n";
++
++    print "\n\\begin{enumList}\n";
++
++    $check=0;
++    foreach $parameter (@{$args{'parameterlist'}}) {
++        $param1 = $parameter;
++	$param1 =~ s/_/\\_\\-/g;
++
++	$check = 1;
++	print "\\enumElement{".$param1."}{";
++#	print "\n";
++
++        $param2 = $args{'parameters'}{$parameter};
++	$param2 =~ s/\#([a-zA-Z\_]+)/{\\it $1}/g;
++	$param2 =~ s/\%([a-zA-Z\_]+)/{\\bf $1}/g;
++	$out = just_highlight($param2);
++	$out =~ s/_/\\_/g;
++	chomp $out;
++	print $out . "}\n";
++    }
++    print "\\end{enumList}\n";
++
++    print "\\end{enum}\n\n";
++}
+ 
+ # output in sgml DocBook
+ sub output_sgml {
+@@ -639,11 +703,14 @@ sub output_man {
+     if ($args{'bugsto'}) {
+ 	print ".SH \"REPORTING BUGS\"\n";
+ 	print "Report bugs to <". $args{'bugsto'} . ">.\n";
++        print ".br\n";
++	print "General guidelines for reporting bugs: http://www.gnu.org/gethelp/\n";
++        print ".br\n";
+ 	if ($args{'pkgname'}) {
+ 	    print $args{'pkgname'} . " home page: " .
+ 		"http://www.gnu.org/software/" . $args{'module'} . "/\n";
+ 	}
+-	print "General help using GNU software: http://www.gnu.org/gethelp/\n";
++	print "\n";
+     }
+ 
+     if ($args{'copyright'}) {
+@@ -670,6 +737,10 @@ sub output_man {
+ 	print ".B info " . $args{'seeinfo'} . "\n";
+ 	print ".PP\n";
+ 	print "should give you access to the complete manual.\n";
++	print "As an alternative you may obtain the manual from:\n";
++	print ".IP\n";
++	print ".B http://www.gnu.org/software/" . $args{'module'} . "/manual/\n";
++	print ".PP\n";
+     }
+ }
+ 
+@@ -705,6 +776,10 @@ sub output_function {
+     eval "output_".$output_mode."(\@_);";
+ }
+ 
++sub output_enum {
++    eval "output_enum_".$output_mode."(\@_);";
++}
++
+ 
+ ##
+ # takes a function prototype and spits out all the details
+@@ -744,7 +819,7 @@ sub dump_function {
+ #	    print STDERR " :> @args\n";
+ 	    $type = join " ", @args;
+ 
+-	    if ($parameters{$param} eq "" && $param != "void") {
++	    if ((!defined($parameters{$param}) || $parameters{$param} eq "") && $param ne "void") {
+ 		$parameters{$param} = "-- undescribed --";
+ 		print STDERR "warning: $lineno: Function parameter '$param' not described in '$function_name'\n";
+ 	    }
+@@ -781,6 +856,56 @@ sub dump_function {
+     }
+ }
+ 
++sub dump_enum {
++    my $prototype = shift @_;
++
++    if (($prototype =~ m/^\s*typedef\s+enum\s*[a-zA-Z0-9_~:]*\s*\{([\-a-zA-Z0-9_~=,:\s\(\)\<]+)\s*\}\s*([a-zA-Z0-9_]+);.*/)) {
++#        || $prototype =~ m/^\s*enum\s+([a-zA-Z0-9_~:]+).*/) {
++        $args = $1;
++	$name = $2;
++
++	foreach $arg (split ',', $args) {
++	    # strip leading/trailing spaces
++	    $arg =~ s/^\s*//;
++	    $arg =~ s/\s*$//;
++	    $arg =~ s/([A-Za-z0-9_]+)\s*=.*/$1/g;
++#	    print STDERR "SCAN ARG: '$arg'\n";
++
++            next if $arg eq '';
++	    if ((!defined($parameters{$arg}) || $parameters{$arg} eq "")) {
++		$parameters{$arg} = "-- undescribed --";
++		print STDERR "warning: $lineno: Enumeration parameter '$arg' not described in '$name'\n";
++	    }
++
++	    push @parameterlist, $arg;
++
++#	    print STDERR "param = '$arg'\n";
++	}
++    } else {
++#	print STDERR "warning: $lineno: Cannot understand enumeration: '$prototype'\n";
++	return;
++    }
++
++    output_enum({'enum' => $name,
++			 'module' => $modulename,
++			 'sourceversion' => $sourceversion,
++			 'include' => $include,
++			 'includefuncprefix' => $includefuncprefix,
++			 'bugsto' => $bugsto,
++			 'pkgname' => $pkgname,
++			 'copyright' => $copyright,
++			 'verbatimcopying' => $verbatimcopying,
++			 'seeinfo' => $seeinfo,
++			 'functiontype' => $return_type,
++			 'parameterlist' => \@parameterlist,
++			 'parameters' => \%parameters,
++			 'parametertypes' => \%parametertypes,
++			 'sectionlist' => \@sectionlist,
++			 'sections' => \%sections,
++			 'purpose' => $function_purpose
++			 });
++}
++
+ ######################################################################
+ # main
+ # states
+@@ -797,7 +922,7 @@ $doc_start = "^/\\*\\*\$";
+ $doc_end = "\\*/";
+ $doc_com = "\\s*\\*\\s*";
+ $doc_func = $doc_com."(\\w+):?";
+-$doc_sect = $doc_com."([".$doc_special."[:upper:]][\\w ]+):\\s*(.*)";
++$doc_sect = $doc_com."([".$doc_special."[:upper:]][\\w]+):\\s*(.*)";
+ $doc_content = $doc_com."(.*)";
+ 
+ %constants = ();
+@@ -809,6 +934,7 @@ $doc_content = $doc_com."(.*)";
+ $contents = "";
+ $section_default = "Description";	# default section
+ $section = $section_default;
++$enum = 0;
+ 
+ $lineno = 0;
+ foreach $file (@ARGV) {
+@@ -816,18 +942,21 @@ foreach $file (@ARGV) {
+ 	print STDERR "Error: Cannot open file $file\n";
+ 	next;
+     }
+-    while (<IN>) {
++    while ($line = <IN>) {
+ 	$lineno++;
+ 
+ 	if ($state == 0) {
+-	    if (/$doc_start/o) {
++	    if ($line =~ /$doc_start/o) {
+ 		$state = 1;		# next line is always the function name
++#	    print STDERR "XXX: start of doc comment\n";
+ 	    }
+ 	} elsif ($state == 1) {	# this line is the function name (always)
+-	    if (/$doc_func/o) {
++	    if ($line =~ /$doc_func/o) {
+ 		$function = $1;
+ 		$state = 2;
+-		if (/-\s*(.*)/) {
++#	    print STDERR "XXX: start of doc comment, looking for prototype\n";
++
++		if ($line =~ /-\s*(.*)/) {
+ 		    $function_purpose = $1;
+ 		} else {
+ 		    $function_purpose = "";
+@@ -841,11 +970,11 @@ foreach $file (@ARGV) {
+ 		$state = 0;
+ 	    }
+ 	} elsif ($state == 2) {	# look for head: lines, and include content
+-	    if (/$doc_sect/o) {
++	    if ($line =~ /$doc_sect/o) {
+ 		$newsection = $1;
+ 		$newcontents = $2;
+ 
+-		if ($contents ne "") {
++		if ($contents ne '') {
+ 		    dump_section($section, $contents);
+ 		    $section = $section_default;
+ 		}
+@@ -855,7 +984,7 @@ foreach $file (@ARGV) {
+ 		    $contents .= "\n";
+ 		}
+ 		$section = $newsection;
+-	    } elsif (/$doc_end/) {
++	    } elsif ($line =~ /$doc_end/) {
+ 
+ 		if ($contents ne "") {
+ 		    dump_section($section, $contents);
+@@ -863,13 +992,12 @@ foreach $file (@ARGV) {
+ 		    $contents = "";
+ 		}
+ 
+-#	    print STDERR "end of doc comment, looking for prototype\n";
+ 		$prototype = "";
+ 		$state = 3;
+-	    } elsif (/$doc_content/) {
++	    } elsif ($line =~ /$doc_content/) {
+ 		# miguel-style comment kludge, look for blank lines after
+ 		# @parameter line to signify start of description
+-		if ($1 eq "" && $section =~ m/^@/) {
++		if ($1 eq '' && $section =~ m/^@/) {
+ 		    dump_section($section, $contents);
+ 		    $section = $section_default;
+ 		    $contents = "";
+@@ -881,13 +1009,16 @@ foreach $file (@ARGV) {
+ 		print STDERR "warning: $lineno: Bad line: $_";
+ 	    }
+ 	} elsif ($state == 3) {	# scanning for function { (end of prototype)
+-	    if (m#\s*/\*\s+MACDOC\s*#io) {
++	    if ($line =~ m#\s*/\*\s+MACDOC\s*#io) {
+ 	      # do nothing
+ 	    }
+-	    elsif (/([^\{]*)/) {
++	    elsif ($enum == 1 && $line =~ /(^\s*\{).*/) {
++		$prototype .= "{";
++	    }
++	    elsif ($line =~ /([^\{]*)/) {
+ 		$prototype .= $1;
+ 	    }
+-	    if (/\{/) {
++	    if ($enum == 0 && $line =~ /\{/) {
+ 		$prototype =~ s@/\*.*?\*/@@gos;	# strip comments.
+ 		$prototype =~ s@[\r\n]+@ @gos; # strip newlines/cr's.
+ 		$prototype =~ s@^ +@@gos; # strip leading spaces
+@@ -901,9 +1032,32 @@ foreach $file (@ARGV) {
+ 		%sections = ();
+ 		@sectionlist = ();
+ 		$prototype = "";
++		$enum = 0;
+ 
+ 		$state = 0;
+ 	    }
++	    elsif ($enum == 1 && $line =~ /\}/) {
++		$prototype =~ s@/\*.*?\*/@@gos;	# strip comments.
++		$prototype =~ s@[\r\n]+@ @gos; # strip newlines/cr's.
++		$prototype =~ s@^ +@@gos; # strip leading spaces
++		dump_enum($prototype);
++
++		$function = "";
++		%constants = ();
++		%parameters = ();
++		%parametertypes = ();
++		@parameterlist = ();
++		%sections = ();
++		@sectionlist = ();
++		$prototype = "";
++		$enum = 0;
++
++		$state = 0;
++	    }
++	    elsif ($line =~ /([a-zA-Z\s]+)enum(.*)$/) {
++	        $enum = 1;
++	    }
++    
+ 	}
+     }
+ }

meta/recipes-support/gnutls/gnutls/CVE-2014-0092-corrected-return-codes.patch

@@ -0,0 +1,106 @@
+From 6aa26f78150ccbdf0aec1878a41c17c41d358a3b Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+Date: Thu, 27 Feb 2014 19:42:26 +0100
+Subject: [PATCH 1/3] corrected return codes
+
+Upstream-Status: Backport
+
+Signed-off-by: Karl Hiramoto <karl@hiramoto.org>
+
+---
+ lib/x509/verify.c | 16 ++++++++++------
+ 1 file changed, 10 insertions(+), 6 deletions(-)
+
+diff --git a/lib/x509/verify.c b/lib/x509/verify.c
+index c9a6b0d..eef85a8 100644
+--- a/lib/x509/verify.c
++++ b/lib/x509/verify.c
+@@ -141,7 +141,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
+   if (result < 0)
+     {
+       gnutls_assert ();
+-      goto cleanup;
++      goto fail;
+     }
+ 
+   result =
+@@ -150,7 +150,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
+   if (result < 0)
+     {
+       gnutls_assert ();
+-      goto cleanup;
++      goto fail;
+     }
+ 
+   result =
+@@ -158,7 +158,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
+   if (result < 0)
+     {
+       gnutls_assert ();
+-      goto cleanup;
++      goto fail;
+     }
+ 
+   result =
+@@ -166,7 +166,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
+   if (result < 0)
+     {
+       gnutls_assert ();
+-      goto cleanup;
++      goto fail;
+     }
+ 
+   /* If the subject certificate is the same as the issuer
+@@ -206,6 +206,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
+   else
+     gnutls_assert ();
+ 
++fail:
+   result = 0;
+ 
+ cleanup:
+@@ -330,7 +331,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
+   gnutls_datum_t cert_signed_data = { NULL, 0 };
+   gnutls_datum_t cert_signature = { NULL, 0 };
+   gnutls_x509_crt_t issuer = NULL;
+-  int issuer_version, result;
++  int issuer_version, result = 0;
+ 
+   if (output)
+     *output = 0;
+@@ -363,7 +364,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
+   if (issuer_version < 0)
+     {
+       gnutls_assert ();
+-      return issuer_version;
++      return 0;
+     }
+ 
+   if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) &&
+@@ -385,6 +386,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
+   if (result < 0)
+     {
+       gnutls_assert ();
++      result = 0;
+       goto cleanup;
+     }
+ 
+@@ -393,6 +395,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
+   if (result < 0)
+     {
+       gnutls_assert ();
++      result = 0;
+       goto cleanup;
+     }
+ 
+@@ -410,6 +413,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
+   else if (result < 0)
+     {
+       gnutls_assert();
++      result = 0;
+       goto cleanup;
+     }
+ 
+-- 
+1.8.3.2
+

meta/recipes-support/gnutls/gnutls/CVE-2014-1959-rejection-of-v1-intermediate-cert.patch

@@ -0,0 +1,33 @@
+From 467478d8ff08a3cb4be3034ff04c9d08a0ceba3e Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Wed, 12 Feb 2014 16:41:33 +0100
+Subject: [PATCH 1/5] Fixed bug that prevented the rejection of v1 intermediate
+ CA certificates.
+
+Upstream-Status: Backport
+
+Signed-off-by: Karl Hiramoto <karl@hiramoto.org>
+
+---
+ lib/x509/verify.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/lib/x509/verify.c b/lib/x509/verify.c
+index 2efcebf..c9a6b0d 100644
+--- a/lib/x509/verify.c
++++ b/lib/x509/verify.c
+@@ -645,7 +645,10 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list,
+        * certificates can exist in a supplied chain.
+        */
+       if (!(flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT))
+-        flags &= ~(GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
++        {
++          flags &= ~(GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
++          flags |= GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT;
++        }
+       if ((ret =
+            _gnutls_verify_certificate2 (certificate_list[i - 1],
+                                         &certificate_list[i], 1, flags,
+-- 
+1.8.3.2
+

meta/recipes-support/gnutls/gnutls_2.12.23.bb

@@ -6,6 +6,9 @@ SRC_URI += "file://gnutls-openssl.patch \
             file://correct_rpl_gettimeofday_signature.patch \
             file://configure-fix.patch \
             file://avoid_AM_PROG_MKDIR_P_warning_error_with_automake_1.12.patch \
+            file://CVE-2014-1959-rejection-of-v1-intermediate-cert.patch \
+            file://CVE-2014-0092-corrected-return-codes.patch \
+            file://25_updatedgdocfrommaster.diff \
             ${@['', 'file://fix-gettext-version.patch'][bb.data.inherits_class('native', d) or (not ((d.getVar("INCOMPATIBLE_LICENSE", True) or "").find("GPLv3") != -1))]} \
            "
 

meta/recipes-support/libsoup/libsoup-2.4_2.40.2.bb

@@ -9,7 +9,7 @@ PR = "r1"
 
 SECTION = "x11/gnome/libs"
 
-DEPENDS = "glib-2.0 gnutls libxml2 libproxy"
+DEPENDS = "glib-2.0 gnutls libxml2 libproxy intltool-native"
 
 PACKAGECONFIG ??= "${@base_contains('DISTRO_FEATURES', 'x11', 'gnome', '', d)}"
 PACKAGECONFIG[gnome] = "--with-gnome,--without-gnome,libgnome-keyring sqlite3"

scripts/contrib/python/generate-manifest-2.7.py

@@ -300,7 +300,7 @@ if __name__ == "__main__":
     m.addPackage( "${PN}-mmap", "Python Memory-Mapped-File Support", "${PN}-core ${PN}-io",
     "lib-dynload/mmap.so " )
 
-    m.addPackage( "${PN}-multiprocessing", "Python Multiprocessing Support", "${PN}-core ${PN}-io ${PN}-lang ${PN}-pickle ${PN}-threading",
+    m.addPackage( "${PN}-multiprocessing", "Python Multiprocessing Support", "${PN}-core ${PN}-io ${PN}-lang ${PN}-pickle ${PN}-threading ${PN}-ctypes",
     "lib-dynload/_multiprocessing.so multiprocessing" ) # package
 
     m.addPackage( "${PN}-netclient", "Python Internet Protocol Clients", "${PN}-core ${PN}-crypt ${PN}-datetime ${PN}-io ${PN}-lang ${PN}-logging ${PN}-mime",

scripts/runqemu

@@ -261,7 +261,11 @@ if [ "x$KVM_ENABLED" = "xyes" ]; then
         exit 1;
     fi
     if [ -w /dev/kvm -a -r /dev/kvm ]; then
-        SCRIPT_QEMU_OPT="$SCRIPT_QEMU_OPT -enable-kvm -cpu host"
+        if [ "x$MACHINE" = "xqemux86" ]; then
+            SCRIPT_QEMU_OPT="$SCRIPT_QEMU_OPT -enable-kvm -cpu kvm32"
+        elif [ "x$MACHINE" = "xqemux86-64" ]; then
+            SCRIPT_QEMU_OPT="$SCRIPT_QEMU_OPT -enable-kvm -cpu kvm64"
+        fi
         KVM_ACTIVE="yes"
     else
         echo "You have no rights on /dev/kvm."