build-appliance-image: Update to morty head revision

(From OE-Core rev: 4b32784b8c95047dafbc7048bfe03e9e5ceb3367)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

bitbake/bin/toaster

@@ -151,14 +151,7 @@ fi
 
 unset OE_ROOT
 
-# this defines the dir toaster will use for
-# 1) clones of layers (in _toaster_clones )
-# 2) the build dir (in build)
-# 3) the sqlite db if that is being used.
-# 4) pid's we need to clean up on exit/shutdown
-# note: for future. in order to make this an arbitrary directory, we need to
-# make sure that the toaster.sqlite file doesn't default to `pwd` like it currently does.
-export TOASTER_DIR=`pwd`
+
 
 WEBSERVER=1
 ADDR_PORT="localhost:8000"
@@ -214,10 +207,8 @@ fi
 # 2) the build dir (in build)
 # 3) the sqlite db if that is being used.
 # 4) pid's we need to clean up on exit/shutdown
-# note: for future. in order to make this an arbitrary directory, we need to
-# make sure that the toaster.sqlite file doesn't default to `pwd`
-# like it currently does.
 export TOASTER_DIR=`dirname $BUILDDIR`
+export BB_ENV_EXTRAWHITE="$BB_ENV_EXTRAWHITE TOASTER_DIR"
 
 # Determine the action. If specified by arguments, fine, if not, toggle it
 if [ "$CMD" = "start" ] ; then

bitbake/doc/bitbake-user-manual/bitbake-user-manual-hello.xml

@@ -134,7 +134,7 @@
                     <ulink url="http://www.mail-archive.com/yocto@yoctoproject.org/msg09379.html">Mailing List post - The BitBake equivalent of "Hello, World!"</ulink>
                     </para></listitem>
                 <listitem><para>
-                    <ulink url="http://hambedded.org/blog/2012/11/24/from-bitbake-hello-world-to-an-image/">Hambedded Linux blog post - From Bitbake Hello World to an Image</ulink>
+                    <ulink url="https://web.archive.org/web/20150325165911/http://hambedded.org/blog/2012/11/24/from-bitbake-hello-world-to-an-image/">Hambedded Linux blog post - From Bitbake Hello World to an Image</ulink>
                     </para></listitem>
             </itemizedlist>
         </note>
@@ -269,7 +269,7 @@
                 and define some key BitBake variables.
                 For more information on the <filename>bitbake.conf</filename>,
                 see
-                <ulink url='http://hambedded.org/blog/2012/11/24/from-bitbake-hello-world-to-an-image/#an-overview-of-bitbakeconf'></ulink>
+                <ulink url='https://web.archive.org/web/20150325165911/http://hambedded.org/blog/2012/11/24/from-bitbake-hello-world-to-an-image/#an-overview-of-bitbakeconf'></ulink>
                 </para>
                 <para>Use the following commands to create the <filename>conf</filename>
                 directory in the project directory:
@@ -354,7 +354,7 @@ ERROR: Unable to parse base: ParseError in configuration INHERITs: Could not inh
                 supporting.
                 For more information on the <filename>base.bbclass</filename> file,
                 you can look at
-                <ulink url='http://hambedded.org/blog/2012/11/24/from-bitbake-hello-world-to-an-image/#tasks'></ulink>.
+                <ulink url='https://web.archive.org/web/20150325165911/http://hambedded.org/blog/2012/11/24/from-bitbake-hello-world-to-an-image/#tasks'></ulink>.
                 </para></listitem>
             <listitem><para><emphasis>Run Bitbake:</emphasis>
                 After making sure that the <filename>classes/base.bbclass</filename>
@@ -376,7 +376,7 @@ ERROR: Unable to parse base: ParseError in configuration INHERITs: Could not inh
                 Thus, this example creates and uses a layer called "mylayer".
                 <note>
                     You can find additional information on adding a layer at
-                    <ulink url='http://hambedded.org/blog/2012/11/24/from-bitbake-hello-world-to-an-image/#adding-an-example-layer'></ulink>.
+                    <ulink url='https://web.archive.org/web/20150325165911/http://hambedded.org/blog/2012/11/24/from-bitbake-hello-world-to-an-image/#adding-an-example-layer'></ulink>.
                 </note>
                 </para>
                 <para>Minimally, you need a recipe file and a layer configuration

bitbake/lib/bb/fetch2/__init__.py

@@ -967,7 +967,14 @@ def try_mirror_url(fetch, origud, ud, ld, check = False):
                 open(ud.donestamp, 'w').close()
             dest = os.path.join(dldir, os.path.basename(ud.localpath))
             if not os.path.exists(dest):
-                os.symlink(ud.localpath, dest)
+                # In case this is executing without any file locks held (as is
+                # the case for file:// URLs), two tasks may end up here at the
+                # same time, in which case we do not want the second task to
+                # fail when the link has already been created by the first task.
+                try:
+                    os.symlink(ud.localpath, dest)
+                except FileExistsError:
+                    pass
             if not verify_donestamp(origud, ld) or origud.method.need_update(origud, ld):
                 origud.method.download(origud, ld)
                 if hasattr(origud.method,"build_mirror_data"):
@@ -979,7 +986,11 @@ def try_mirror_url(fetch, origud, ud, ld, check = False):
                 # Broken symbolic link
                 os.unlink(origud.localpath)
 
-            os.symlink(ud.localpath, origud.localpath)
+            # As per above, in case two tasks end up here simultaneously.
+            try:
+                os.symlink(ud.localpath, origud.localpath)
+            except FileExistsError:
+                pass
         update_stamp(origud, ld)
         return ud.localpath
 

bitbake/lib/bb/providers.py

@@ -245,17 +245,17 @@ def _filterProviders(providers, item, cfgData, dataCache):
             pkg_pn[pn] = []
         pkg_pn[pn].append(p)
 
-    logger.debug(1, "providers for %s are: %s", item, list(pkg_pn.keys()))
+    logger.debug(1, "providers for %s are: %s", item, list(sorted(pkg_pn.keys())))
 
     # First add PREFERRED_VERSIONS
-    for pn in pkg_pn:
+    for pn in sorted(pkg_pn):
         sortpkg_pn[pn] = sortPriorities(pn, dataCache, pkg_pn)
         preferred_versions[pn] = findPreferredProvider(pn, cfgData, dataCache, sortpkg_pn[pn], item)
         if preferred_versions[pn][1]:
             eligible.append(preferred_versions[pn][1])
 
     # Now add latest versions
-    for pn in sortpkg_pn:
+    for pn in sorted(sortpkg_pn):
         if pn in preferred_versions and preferred_versions[pn][1]:
             continue
         preferred_versions[pn] = findLatestProvider(pn, cfgData, dataCache, sortpkg_pn[pn][0])

bitbake/lib/bblayers/layerindex.py

@@ -56,7 +56,7 @@ class LayerIndexPlugin(ActionPlugin):
         r = conn.getresponse()
         if r.status != 200:
             raise Exception("Failed to read " + path + ": %d %s" % (r.status, r.reason))
-        return json.loads(r.read())
+        return json.loads(r.read().decode())
 
     def get_layer_deps(self, layername, layeritems, layerbranches, layerdependencies, branchnum, selfname=False):
         def layeritems_info_id(items_name, layeritems):

bitbake/lib/toaster/toastermain/settings.py

@@ -38,8 +38,7 @@ ADMINS = (
 
 MANAGERS = ADMINS
 
-TOASTER_SQLITE_DEFAULT_DIR = os.path.join(os.environ.get('TOASTER_DIR', ''),
-                                          'build')
+TOASTER_SQLITE_DEFAULT_DIR = os.environ.get('TOASTER_DIR')
 
 DATABASES = {
     'default': {

documentation/bsp-guide/bsp-guide.xml

@@ -128,6 +128,11 @@
                 <date>December 2017</date>
                 <revremark>Released with the Yocto Project 2.2.3 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.2.4</revnumber>
+                <date>April 2018</date>
+                <revremark>Released with the Yocto Project 2.2.4 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/dev-manual/dev-manual-common-tasks.xml

@@ -7277,7 +7277,7 @@
             you much of a performance difference across the other systems
             as compared to using a more general tuning across all the builds
             (e.g. setting
-            <ulink url='var-DEFAULTTUNE'><filename>DEFAULTTUNE</filename></ulink>
+            <ulink url='&YOCTO_DOCS_REF_URL;#var-DEFAULTTUNE'><filename>DEFAULTTUNE</filename></ulink>
             specifically for each machine's build).
             Rather than "max out" each build's tunings, you can take steps that
             cause the OpenEmbedded build system to reuse software across the

documentation/dev-manual/dev-manual.xml

@@ -106,6 +106,11 @@
                 <date>December 2017</date>
                 <revremark>Released with the Yocto Project 2.2.3 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.2.4</revnumber>
+                <date>April 2018</date>
+                <revremark>Released with the Yocto Project 2.2.4 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/kernel-dev/kernel-dev.xml

@@ -91,6 +91,11 @@
                 <date>December 2017</date>
                 <revremark>Released with the Yocto Project 2.2.3 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.2.4</revnumber>
+                <date>April 2018</date>
+                <revremark>Released with the Yocto Project 2.2.4 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/mega-manual/mega-manual.xml

@@ -75,6 +75,11 @@
                 <date>December 2017</date>
                 <revremark>Released with the Yocto Project 2.2.3 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.2.4</revnumber>
+                <date>April 2018</date>
+                <revremark>Released with the Yocto Project 2.2.4 Release.</revremark>
+            </revision>
        </revhistory>
 
     <copyright>

documentation/poky.ent

@@ -1,12 +1,12 @@
-<!ENTITY DISTRO "2.2.3">
-<!ENTITY DISTRO_COMPRESSED "223">
+<!ENTITY DISTRO "2.2.4">
+<!ENTITY DISTRO_COMPRESSED "224">
 <!ENTITY DISTRO_NAME_NO_CAP "morty">
 <!ENTITY DISTRO_NAME "Morty">
-<!ENTITY YOCTO_DOC_VERSION "2.2.3">
-<!ENTITY POKYVERSION "17.0.3">
-<!ENTITY POKYVERSION_COMPRESSED "1703">
+<!ENTITY YOCTO_DOC_VERSION "2.2.4">
+<!ENTITY POKYVERSION "17.0.4">
+<!ENTITY POKYVERSION_COMPRESSED "1704">
 <!ENTITY YOCTO_POKY "poky-&DISTRO_NAME_NO_CAP;-&POKYVERSION;">
-<!ENTITY COPYRIGHT_YEAR "2010-2017">
+<!ENTITY COPYRIGHT_YEAR "2010-2018">
 <!ENTITY YOCTO_DL_URL "http://downloads.yoctoproject.org">
 <!ENTITY YOCTO_HOME_URL "http://www.yoctoproject.org">
 <!ENTITY YOCTO_LISTS_URL "http://lists.yoctoproject.org">
@@ -71,5 +71,4 @@
      python3-pexpect">
 <!ENTITY CENTOS_HOST_PACKAGES_ESSENTIAL "gawk make wget tar bzip2 gzip python unzip perl patch \
      diffutils diffstat git cpp gcc gcc-c++ glibc-devel texinfo chrpath socat \
-     perl-Data-Dumper perl-Text-ParseWords perl-Thread-Queue python3-pip python3-pexpect">
-
+     perl-Data-Dumper perl-Text-ParseWords perl-Thread-Queue python34-pip python3-pexpect">

documentation/profile-manual/profile-manual.xml

@@ -91,6 +91,11 @@
                 <date>December 2017</date>
                 <revremark>Released with the Yocto Project 2.2.3 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.2.4</revnumber>
+                <date>April 2018</date>
+                <revremark>Released with the Yocto Project 2.2.4 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/ref-manual/introduction.xml

@@ -351,18 +351,6 @@
             <para>
                 The following list shows the required packages by function
                 given a supported CentOS Linux distribution:
-                <note>
-                    For CentOS 6.x, some of the versions of the components
-                    provided by the distribution are too old (e.g. Git, Python,
-                    and tar).
-                    It is recommended that you install the buildtools in order
-                    to provide versions that will work with the OpenEmbedded
-                    build system.
-                    For information on how to install the buildtools tarball,
-                    see the
-                    "<link linkend='required-git-tar-and-python-versions'>Required Git, Tar, and Python Versions</link>"
-                    section.
-                </note>
                 <itemizedlist>
                     <listitem><para><emphasis>Essentials:</emphasis>
                         Packages needed to build an image for a headless

documentation/ref-manual/ref-manual.xml

@@ -122,6 +122,11 @@
                 <date>December 2017</date>
                 <revremark>Released with the Yocto Project 2.2.3 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.2.4</revnumber>
+                <date>April 2018</date>
+                <revremark>Released with the Yocto Project 2.2.4 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/sdk-manual/sdk-manual.xml

@@ -56,6 +56,11 @@
                 <date>December 2017</date>
                 <revremark>Released with the Yocto Project 2.2.3 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.2.4</revnumber>
+                <date>April 2018</date>
+                <revremark>Released with the Yocto Project 2.2.4 Release.</revremark>
+            </revision>
        </revhistory>
 
     <copyright>

documentation/toaster-manual/toaster-manual.xml

@@ -66,6 +66,11 @@
                 <date>December 2017</date>
                 <revremark>Released with the Yocto Project 2.2.3 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.2.4</revnumber>
+                <date>April 2018</date>
+                <revremark>Released with the Yocto Project 2.2.4 Release.</revremark>
+            </revision>
        </revhistory>
 
     <copyright>

documentation/tools/mega-manual.sed

@@ -2,32 +2,32 @@
 # This style is for manual folders like "yocto-project-qs" and "poky-ref-manual".
 # This is the old way that did it.  Can't do that now that we have "bitbake-user-manual" strings
 # in the mega-manual.
-# s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.2.3\/[a-z]*-[a-z]*-[a-z]*\/[a-z]*-[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.2.3\/yocto-project-qs\/yocto-project-qs.html#/\"link\" href=\"#/g
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.2.3\/poky-ref-manual\/poky-ref-manual.html#/\"link\" href=\"#/g
+# s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.2.4\/[a-z]*-[a-z]*-[a-z]*\/[a-z]*-[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.2.4\/yocto-project-qs\/yocto-project-qs.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.2.4\/poky-ref-manual\/poky-ref-manual.html#/\"link\" href=\"#/g
 
 # Processes all other manuals (<word>-<word> style) except for the BitBake User Manual because
 # it is not included in the mega-manual.
 # This style is for manual folders that use two word, which is the standard now (e.g. "ref-manual").
 # This was the one-liner that worked before we introduced the BitBake User Manual, which is
 # not in the mega-manual.
-# s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.2.3\/[a-z]*-[a-z]*\/[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
+# s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.2.4\/[a-z]*-[a-z]*\/[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
 
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.2.3\/sdk-manual\/sdk-manual.html#/\"link\" href=\"#/g
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.2.3\/bsp-guide\/bsp-guide.html#/\"link\" href=\"#/g
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.2.3\/dev-manual\/dev-manual.html#/\"link\" href=\"#/g
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.2.3\/kernel-dev\/kernel-dev.html#/\"link\" href=\"#/g
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.2.3\/profile-manual\/profile-manual.html#/\"link\" href=\"#/g
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.2.3\/ref-manual\/ref-manual.html#/\"link\" href=\"#/g
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.2.3\/toaster-manual\/toaster-manual.html#/\"link\" href=\"#/g
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.2.3\/yocto-project-qs\/yocto-project-qs.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.2.4\/sdk-manual\/sdk-manual.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.2.4\/bsp-guide\/bsp-guide.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.2.4\/dev-manual\/dev-manual.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.2.4\/kernel-dev\/kernel-dev.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.2.4\/profile-manual\/profile-manual.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.2.4\/ref-manual\/ref-manual.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.2.4\/toaster-manual\/toaster-manual.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.2.4\/yocto-project-qs\/yocto-project-qs.html#/\"link\" href=\"#/g
 
 # Process cases where just an external manual is referenced without an id anchor
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.2.3\/yocto-project-qs\/yocto-project-qs.html\" target=\"_top\">Yocto Project Quick Start<\/a>/Yocto Project Quick Start/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.2.3\/dev-manual\/dev-manual.html\" target=\"_top\">Yocto Project Development Manual<\/a>/Yocto Project Development Manual/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.2.3\/sdk-manual\/sdk-manual.html\" target=\"_top\">Yocto Project Software Development Kit (SDK) Developer's Guide<\/a>/Yocto Project Software Development Kit (SDK) Developer's Guide/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.2.3\/bsp-guide\/bsp-guide.html\" target=\"_top\">Yocto Project Board Support Package (BSP) Developer's Guide<\/a>/Yocto Project Board Support Package (BSP) Developer's Guide/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.2.3\/profile-manual\/profile-manual.html\" target=\"_top\">Yocto Project Profiling and Tracing Manual<\/a>/Yocto Project Profiling and Tracing Manual/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.2.3\/kernel-dev\/kernel-dev.html\" target=\"_top\">Yocto Project Linux Kernel Development Manual<\/a>/Yocto Project Linux Kernel Development Manual/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.2.3\/ref-manual\/ref-manual.html\" target=\"_top\">Yocto Project Reference Manual<\/a>/Yocto Project Reference Manual/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.2.3\/toaster-manual\/toaster-manual.html\" target=\"_top\">Toaster User Manual<\/a>/Toaster User Manual/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.2.4\/yocto-project-qs\/yocto-project-qs.html\" target=\"_top\">Yocto Project Quick Start<\/a>/Yocto Project Quick Start/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.2.4\/dev-manual\/dev-manual.html\" target=\"_top\">Yocto Project Development Manual<\/a>/Yocto Project Development Manual/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.2.4\/sdk-manual\/sdk-manual.html\" target=\"_top\">Yocto Project Software Development Kit (SDK) Developer's Guide<\/a>/Yocto Project Software Development Kit (SDK) Developer's Guide/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.2.4\/bsp-guide\/bsp-guide.html\" target=\"_top\">Yocto Project Board Support Package (BSP) Developer's Guide<\/a>/Yocto Project Board Support Package (BSP) Developer's Guide/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.2.4\/profile-manual\/profile-manual.html\" target=\"_top\">Yocto Project Profiling and Tracing Manual<\/a>/Yocto Project Profiling and Tracing Manual/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.2.4\/kernel-dev\/kernel-dev.html\" target=\"_top\">Yocto Project Linux Kernel Development Manual<\/a>/Yocto Project Linux Kernel Development Manual/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.2.4\/ref-manual\/ref-manual.html\" target=\"_top\">Yocto Project Reference Manual<\/a>/Yocto Project Reference Manual/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.2.4\/toaster-manual\/toaster-manual.html\" target=\"_top\">Toaster User Manual<\/a>/Toaster User Manual/g

documentation/yocto-project-qs/yocto-project-qs.xml

@@ -322,14 +322,6 @@
      $ sudo yum install &CENTOS_HOST_PACKAGES_ESSENTIAL; \
      SDL-devel xterm
                         </literallayout>
-                        <note>
-                            CentOS 6.x users need to ensure that the required
-                            versions of Git, tar and Python are available.
-                            For details, See the
-                            "<ulink url='&YOCTO_DOCS_REF_URL;#required-git-tar-and-python-versions'>Required Git, tar, and Python Versions</ulink>"
-                            section in the Yocto Project Reference Manual for
-                            information.
-                        </note>
                         </para></listitem>
                 </itemizedlist>
             </para>

meta-poky/conf/distro/poky.conf

@@ -1,6 +1,6 @@
 DISTRO = "poky"
 DISTRO_NAME = "Poky (Yocto Project Reference Distro)"
-DISTRO_VERSION = "2.2.3"
+DISTRO_VERSION = "2.2.4"
 DISTRO_CODENAME = "morty"
 SDK_VENDOR = "-pokysdk"
 SDK_VERSION := "${@'${DISTRO_VERSION}'.replace('snapshot-${DATE}','snapshot')}"

meta-poky/conf/local.conf.sample

@@ -191,7 +191,7 @@ PATCHRESOLVE = "noop"
 # files and damages the build in ways which may not be easily recoverable.
 # It's necesary to monitor /tmp, if there is no space left the build will fail
 # with very exotic errors.
-BB_DISKMON_DIRS = "\
+BB_DISKMON_DIRS ??= "\
     STOPTASKS,${TMPDIR},1G,100K \
     STOPTASKS,${DL_DIR},1G,100K \
     STOPTASKS,${SSTATE_DIR},1G,100K \

meta/classes/archiver.bbclass

@@ -67,6 +67,12 @@ python () {
     else:
         bb.debug(1, 'archiver: %s is included: %s' % (pn, reason))
 
+
+    # glibc-locale: do_fetch, do_unpack and do_patch tasks have been deleted,
+    # so avoid archiving source here.
+    if pn.startswith('glibc-locale'):
+        return
+
     # We just archive gcc-source for all the gcc related recipes
     if d.getVar('BPN', True) in ['gcc', 'libgcc'] \
             and not pn.startswith('gcc-source'):

meta/classes/buildhistory.bbclass

@@ -833,7 +833,7 @@ python write_srcrev() {
                         f.write('# SRCREV_%s = "%s"\n' % (name, orig_srcrev))
                     f.write('SRCREV_%s = "%s"\n' % (name, srcrev))
             else:
-                f.write('SRCREV = "%s"\n' % srcrevs.values())
+                f.write('SRCREV = "%s"\n' % next(iter(srcrevs.values())))
             if len(tag_srcrevs) > 0:
                 for name, srcrev in tag_srcrevs.items():
                     f.write('# tag_%s = "%s"\n' % (name, srcrev))

meta/classes/buildstats.bbclass

@@ -31,6 +31,11 @@ def get_process_cputime(pid):
                 i = f.readline().strip()
                 if not i:
                     break
+                if not ":" in i:
+                    # one more extra line is appended (empty or containing "0")
+                    # most probably due to race condition in kernel while
+                    # updating IO stats
+                    break
                 i = i.split(": ")
                 iostats[i[0]] = i[1]
     resources = resource.getrusage(resource.RUSAGE_SELF)

meta/classes/image.bbclass

@@ -439,6 +439,8 @@ python () {
         # This means the task's hash can be stable rather than having hardcoded
         # date/time values. It will get expanded at execution time.
         # Similarly TMPDIR since otherwise we see QA stamp comparision problems
+        # Expand PV else it can trigger get_srcrev which can fail due to these variables being unset
+        localdata.setVar('PV', d.getVar('PV', True))
         localdata.delVar('DATETIME')
         localdata.delVar('TMPDIR')
 
@@ -604,7 +606,7 @@ do_patch[noexec] = "1"
 do_configure[noexec] = "1"
 do_compile[noexec] = "1"
 do_install[noexec] = "1"
-do_populate_sysroot[noexec] = "1"
+deltask do_populate_sysroot
 do_package[noexec] = "1"
 do_package_qa[noexec] = "1"
 do_packagedata[noexec] = "1"

meta/classes/insane.bbclass

@@ -1118,7 +1118,8 @@ python do_package_qa () {
                     oe.utils.write_ld_so_conf(d)
             return warnchecks, errorchecks
 
-        skip = (d.getVar('INSANE_SKIP_' + package, True) or "").split()
+        skip = set((d.getVar('INSANE_SKIP', True) or "").split() +
+                   (d.getVar('INSANE_SKIP_' + package, True) or "").split())
         if skip:
             bb.note("Package %s skipping QA tests: %s" % (package, str(skip)))
 

meta/classes/libc-package.bbclass

@@ -9,6 +9,8 @@
 
 GLIBC_INTERNAL_USE_BINARY_LOCALE ?= "ondevice"
 
+GLIBC_SPLIT_LC_PACKAGES ?= "0"
+
 python __anonymous () {
     enabled = d.getVar("ENABLE_BINARY_LOCALE_GENERATION", True)
 
@@ -219,13 +221,12 @@ python package_do_split_gconvs () {
         (locale, encoding, locale))
 
     def output_locale_binary_rdepends(name, pkgname, locale, encoding):
-        m = re.match("(.*)\.(.*)", name)
-        if m:
-            libc_name = "%s.%s" % (m.group(1), m.group(2).lower())
-        else:
-            libc_name = name
-        d.setVar('RDEPENDS_%s' % pkgname, legitimize_package_name('%s-binary-localedata-%s' \
-            % (mlprefix+bpn, libc_name)))
+        dep = legitimize_package_name('%s-binary-localedata-%s' % (bpn, name))
+        lcsplit = d.getVar('GLIBC_SPLIT_LC_PACKAGES', True)
+        if lcsplit and int(lcsplit):
+            d.appendVar('PACKAGES', ' ' + dep)
+            d.setVar('ALLOW_EMPTY_%s' % dep, '1')
+        d.setVar('RDEPENDS_%s' % pkgname, mlprefix + dep)
 
     commands = {}
 
@@ -337,6 +338,11 @@ python package_do_split_gconvs () {
             else:
                 output_locale('%s.%s' % (base, charset), base, charset)
 
+    def metapkg_hook(file, pkg, pattern, format, basename):
+        name = basename.split('/', 1)[0]
+        metapkg = legitimize_package_name('%s-binary-localedata-%s' % (mlprefix+bpn, name))
+        d.appendVar('RDEPENDS_%s' % metapkg, ' ' + pkg)
+
     if use_bin == "compile":
         makefile = base_path_join(d.getVar("WORKDIR", True), "locale-tree", "Makefile")
         m = open(makefile, "w")
@@ -350,13 +356,18 @@ python package_do_split_gconvs () {
         bb.build.exec_func("oe_runmake", d)
         bb.note("collecting binary locales from locale tree")
         bb.build.exec_func("do_collect_bins_from_locale_tree", d)
-        do_split_packages(d, binary_locales_dir, file_regex='(.*)', \
-            output_pattern=bpn+'-binary-localedata-%s', \
-            description='binary locale definition for %s', extra_depends='', allow_dirs=True)
-    elif use_bin == "precompiled":
-        do_split_packages(d, binary_locales_dir, file_regex='(.*)', \
-            output_pattern=bpn+'-binary-localedata-%s', \
-            description='binary locale definition for %s', extra_depends='', allow_dirs=True)
+
+    if use_bin in ('compile', 'precompiled'):
+        lcsplit = d.getVar('GLIBC_SPLIT_LC_PACKAGES', True)
+        if lcsplit and int(lcsplit):
+            do_split_packages(d, binary_locales_dir, file_regex='^(.*/LC_\w+)', \
+                output_pattern=bpn+'-binary-localedata-%s', \
+                description='binary locale definition for %s', recursive=True,
+                hook=metapkg_hook, extra_depends='', allow_dirs=True, match_path=True)
+        else:
+            do_split_packages(d, binary_locales_dir, file_regex='(.*)', \
+                output_pattern=bpn+'-binary-localedata-%s', \
+                description='binary locale definition for %s', extra_depends='', allow_dirs=True)
     else:
         bb.note("generation of binary locales disabled. this may break i18n!")
 

meta/classes/packagegroup.bbclass

@@ -46,7 +46,7 @@ do_patch[noexec] = "1"
 do_configure[noexec] = "1"
 do_compile[noexec] = "1"
 do_install[noexec] = "1"
-do_populate_sysroot[noexec] = "1"
+deltask do_populate_sysroot
 
 python () {
     initman = d.getVar("VIRTUAL-RUNTIME_init_manager", True)

meta/classes/populate_sdk_base.bbclass

@@ -17,9 +17,12 @@ def complementary_globs(featurevar, d):
             globs.append(glob)
     return ' '.join(globs)
 
-SDKIMAGE_FEATURES ??= "dev-pkgs dbg-pkgs"
+SDKIMAGE_FEATURES ??= "dev-pkgs dbg-pkgs ${@bb.utils.contains('DISTRO_FEATURES', 'api-documentation', 'doc-pkgs', '', d)}"
 SDKIMAGE_INSTALL_COMPLEMENTARY = '${@complementary_globs("SDKIMAGE_FEATURES", d)}'
 
+# List of locales to install, or "all" for all of them, or unset for none.
+SDKIMAGE_LINGUAS ?= "all"
+
 inherit rootfs_${IMAGE_PKGTYPE}
 
 SDK_DIR = "${WORKDIR}/sdk"
@@ -42,7 +45,8 @@ TOOLCHAIN_TARGET_TASK_ATTEMPTONLY ?= ""
 TOOLCHAIN_OUTPUTNAME ?= "${SDK_NAME}-toolchain-${SDK_VERSION}"
 
 SDK_RDEPENDS = "${TOOLCHAIN_TARGET_TASK} ${TOOLCHAIN_HOST_TASK}"
-SDK_DEPENDS = "virtual/fakeroot-native pixz-native"
+SDK_DEPENDS = "virtual/fakeroot-native pixz-native cross-localedef-native"
+SDK_DEPENDS_append_libc-glibc = " nativesdk-glibc-locale"
 
 # We want the MULTIARCH_TARGET_SYS to point to the TUNE_PKGARCH, not PACKAGE_ARCH as it
 # could be set to the MACHINE_ARCH
@@ -222,6 +226,7 @@ EOF
 		-e 's#@SDK_VERSION@#${SDK_VERSION}#g' \
 		-e '/@SDK_PRE_INSTALL_COMMAND@/d' \
 		-e '/@SDK_POST_INSTALL_COMMAND@/d' \
+		-e 's#@SDK_GCC_VER@#${@oe.utils.host_gcc_version(d)}#g' \
 		${SDKDEPLOYDIR}/${TOOLCHAIN_OUTPUTNAME}.sh
 
 	# add execution permission
@@ -269,6 +274,6 @@ do_populate_sdk[file-checksums] += "${COREBASE}/meta/files/toolchain-shar-reloca
 
 do_populate_sdk[dirs] = "${PKGDATA_DIR} ${TOPDIR}"
 do_populate_sdk[depends] += "${@' '.join([x + ':do_populate_sysroot' for x in d.getVar('SDK_DEPENDS', True).split()])}  ${@d.getVarFlag('do_rootfs', 'depends', False)}"
-do_populate_sdk[rdepends] = "${@' '.join([x + ':do_populate_sysroot' for x in d.getVar('SDK_RDEPENDS', True).split()])}"
+do_populate_sdk[rdepends] = "${@' '.join([x + ':do_package_write_${IMAGE_PKGTYPE} ' + x + ':do_packagedata' for x in d.getVar('SDK_RDEPENDS', True).split()])}"
 do_populate_sdk[recrdeptask] += "do_packagedata do_package_write_rpm do_package_write_ipk do_package_write_deb"
 addtask populate_sdk

meta/classes/populate_sdk_ext.bbclass

@@ -622,7 +622,8 @@ fakeroot python do_populate_sdk_ext() {
     d.setVar('SDK_REQUIRED_UTILITIES', get_sdk_required_utilities(buildtools_fn, d))
     d.setVar('SDK_BUILDTOOLS_INSTALLER', buildtools_fn)
     d.setVar('SDKDEPLOYDIR', '${SDKEXTDEPLOYDIR}')
-
+    # ESDKs have a libc from the buildtools so ensure we don't ship linguas twice
+    d.delVar('SDKIMAGE_LINGUAS')
     populate_sdk_common(d)
 }
 
@@ -679,7 +680,7 @@ SDKEXTDEPLOYDIR = "${WORKDIR}/deploy-${PN}-populate-sdk-ext"
 
 SSTATETASKS += "do_populate_sdk_ext"
 SSTATE_SKIP_CREATION_task-populate-sdk-ext = '1'
-do_populate_sdk_ext[cleandirs] = "${SDKDEPLOYDIR}"
+do_populate_sdk_ext[cleandirs] = "${SDKEXTDEPLOYDIR}"
 do_populate_sdk_ext[sstate-inputdirs] = "${SDKEXTDEPLOYDIR}"
 do_populate_sdk_ext[sstate-outputdirs] = "${SDK_DEPLOY}"
 do_populate_sdk_ext[stamp-extra-info] = "${MACHINE}"

meta/classes/rootfs_deb.bbclass

@@ -12,6 +12,7 @@ do_rootfs[vardeps] += "PACKAGE_FEED_URIS"
 
 do_rootfs[lockfiles] += "${DEPLOY_DIR_DEB}/deb.lock"
 do_populate_sdk[lockfiles] += "${DEPLOY_DIR_DEB}/deb.lock"
+do_populate_sdk_ext[lockfiles] += "${DEPLOY_DIR_DEB}/deb.lock"
 
 python rootfs_deb_bad_recommendations() {
     if d.getVar("BAD_RECOMMENDATIONS", True):

meta/classes/rootfs_ipk.bbclass

@@ -16,6 +16,7 @@ do_rootfs[vardeps] += "PACKAGE_FEED_URIS"
 
 do_rootfs[lockfiles] += "${WORKDIR}/ipk.lock"
 do_populate_sdk[lockfiles] += "${WORKDIR}/ipk.lock"
+do_populate_sdk_ext[lockfiles] += "${WORKDIR}/ipk.lock"
 
 OPKG_PREPROCESS_COMMANDS = ""
 

meta/classes/rootfs_rpm.bbclass

@@ -24,6 +24,10 @@ do_populate_sdk[depends] += "${RPMROOTFSDEPENDS}"
 do_rootfs[recrdeptask] += "do_package_write_rpm"
 do_rootfs[vardeps] += "PACKAGE_FEED_URIS"
 
+do_rootfs[lockfiles] += "${WORKDIR}/rpm.lock"
+do_populate_sdk[lockfiles] += "${WORKDIR}/rpm.lock"
+do_populate_sdk_ext[lockfiles] += "${WORKDIR}/rpm.lock"
+
 python () {
     if d.getVar('BUILD_IMAGES_FROM_FEEDS', True):
         flags = d.getVarFlag('do_rootfs', 'recrdeptask', True)

meta/classes/sanity.bbclass

@@ -816,7 +816,7 @@ def check_sanity_everybuild(status, d):
     machinevalid = True
     if d.getVar('MACHINE', True):
         if not check_conf_exists("conf/machine/${MACHINE}.conf", d):
-            status.addresult('Please set a valid MACHINE in your local.conf or environment\n')
+            status.addresult('MACHINE=%s is invalid. Please set a valid MACHINE in your local.conf, environment or other configuration file.\n' % (d.getVar('MACHINE', True)))
             machinevalid = False
         else:
             status.addresult(check_sanity_validmachine(d))

meta/classes/uninative.bbclass

@@ -59,6 +59,11 @@ python uninative_event_fetchloader() {
             if localpath != tarballpath and os.path.exists(localpath) and not os.path.exists(tarballpath):
                     os.symlink(localpath, tarballpath)
 
+        # ldd output is "ldd (Ubuntu GLIBC 2.23-0ubuntu10) 2.23", extract last option from first line
+        glibcver = subprocess.check_output(["ldd", "--version"]).decode('utf-8').split('\n')[0].split()[-1]
+        if bb.utils.vercmp_string(d.getVar("UNINATIVE_MAXGLIBCVERSION", True), glibcver) < 0:
+            raise RuntimeError("Your host glibc verson (%s) is newer than that in uninative (%s). Disabling uninative so that sstate is not corrupted." % (glibcver, d.getVar("UNINATIVE_MAXGLIBCVERSION", True)))
+
         cmd = d.expand("mkdir -p ${UNINATIVE_STAGING_DIR}-uninative; cd ${UNINATIVE_STAGING_DIR}-uninative; tar -xjf ${UNINATIVE_DLDIR}/%s/${UNINATIVE_TARBALL}; ${UNINATIVE_STAGING_DIR}-uninative/relocate_sdk.py ${UNINATIVE_STAGING_DIR}-uninative/${BUILD_ARCH}-linux ${UNINATIVE_LOADER} ${UNINATIVE_LOADER} ${UNINATIVE_STAGING_DIR}-uninative/${BUILD_ARCH}-linux/${bindir_native}/patchelf-uninative ${UNINATIVE_STAGING_DIR}-uninative/${BUILD_ARCH}-linux${base_libdir_native}/libc*.so" % chksum)
         subprocess.check_call(cmd, shell=True)
 
@@ -67,6 +72,8 @@ python uninative_event_fetchloader() {
 
         enable_uninative(d)
 
+    except RuntimeError as e:
+        bb.warn(str(e))
     except bb.fetch2.BBFetchException as exc:
         bb.warn("Disabling uninative as unable to fetch uninative tarball: %s" % str(exc))
         bb.warn("To build your own uninative loader, please bitbake uninative-tarball and set UNINATIVE_TARBALL appropriately.")

meta/conf/distro/include/default-distrovars.inc

@@ -8,6 +8,7 @@ IMAGE_LINGUAS ?= "en-us en-gb"
 ENABLE_BINARY_LOCALE_GENERATION ?= "1"
 LOCALE_UTF8_ONLY ?= "0"
 LOCALE_UTF8_IS_DEFAULT ?= "1"
+LOCALE_UTF8_IS_DEFAULT_class-nativesdk = "0"
 
 DISTRO_FEATURES_DEFAULT ?= "alsa argp bluetooth ext2 irda largefile pcmcia usbgadget usbhost wifi xattr nfs zeroconf pci 3g nfc x11"
 DISTRO_FEATURES_LIBC_DEFAULT ?= "ipv4 ipv6 libc-backtrace libc-big-macros libc-bsd libc-cxx-tests libc-catgets libc-charsets libc-crypt \

meta/conf/distro/include/tcmode-default.inc

@@ -22,7 +22,7 @@ PREFERRED_PROVIDER_virtual/${TARGET_PREFIX}libc-initial = "${TCLIBC}-initial"
 PREFERRED_PROVIDER_virtual/nativesdk-${SDK_PREFIX}libc-initial ?= "nativesdk-glibc-initial"
 PREFERRED_PROVIDER_virtual/gettext ??= "gettext"
 
-GCCVERSION ?= "6.2%"
+GCCVERSION ?= "6.4%"
 SDKGCCVERSION ?= "${GCCVERSION}"
 BINUVERSION ?= "2.27%"
 GDBVERSION ?= "7.11%"

meta/conf/distro/include/world-broken.inc

@@ -5,11 +5,6 @@
 # rt-tests needs PI mutex support in libc
 EXCLUDE_FROM_WORLD_pn-rt-tests_libc-musl = "1"
 
-# error: no member named 'sin_port' in 'struct sockaddr_in6'
-# this is due to libtirpc using ipv6 but portmap rpc expecting ipv4
-EXCLUDE_FROM_WORLD_pn-portmap_libc-musl = "1"
-EXCLUDE_FROM_WORLD_pn-unfs3_libc-musl = "1"
-
 # error: use of undeclared identifier '_STAT_VER'
 EXCLUDE_FROM_WORLD_pn-pseudo_libc-musl = "1"
 
@@ -33,6 +28,10 @@ EXCLUDE_FROM_WORLD_pn-lttng-tools_libc-musl = "1"
 EXCLUDE_FROM_WORLD_pn-systemtap_libc-musl = "1"
 EXCLUDE_FROM_WORLD_pn-systemtap-uprobes_libc-musl = "1"
 
+# portmap.c:488:32: error: 'struct sockaddr_in6' has no member named 'sin_port'; did you mean 'sin6_port'?
+# We removed portmap in rocko onwards and it doesn't work with libtirpc
+EXCLUDE_FROM_WORLD_pn-portmap_libc-musl = "1"
+
 # error: a parameter list without types is only allowed in a function definition
 #            void (*_function)(sigval_t);
 EXCLUDE_FROM_WORLD_pn-qemu_libc-musl = "1"

meta/conf/distro/include/yocto-uninative.inc

@@ -6,6 +6,8 @@
 # to the distro running on the build machine.
 #
 
-UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/1.7/"
-UNINATIVE_CHECKSUM[i686] ?= "d7c341460035936c19d63fe02f354ef1bc993c62d694ae3a31458d1c6997f0c5"
-UNINATIVE_CHECKSUM[x86_64] ?= "ed033c868b87852b07957a4400f3b744c00aef5d6470346ea1a59b6d3e03075e"
+UNINATIVE_MAXGLIBCVERSION = "2.27"
+
+UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/1.8/"
+UNINATIVE_CHECKSUM[i686] ?= "427ce522ec97f65c75fd89587d90ef789e8cbca4a617abc4b5822abb01c2d0ae"
+UNINATIVE_CHECKSUM[x86_64] ?= "de4947e98e09e1432d069311cc2093974ecb9138a714fd5466f73524de66a693"

meta/files/toolchain-shar-extract.sh

@@ -11,6 +11,9 @@ export PATH=`echo "$PATH" | sed -e 's/:\.//' -e 's/::/:/'`
 INST_ARCH=$(uname -m | sed -e "s/i[3-6]86/ix86/" -e "s/x86[-_]64/x86_64/")
 SDK_ARCH=$(echo @SDK_ARCH@ | sed -e "s/i[3-6]86/ix86/" -e "s/x86[-_]64/x86_64/")
 
+INST_GCC_VER=$(gcc --version | sed -ne 's/.* \([0-9]\+\.[0-9]\+\)\.[0-9]\+.*/\1/p')
+SDK_GCC_VER='@SDK_GCC_VER@'
+
 verlte () {
 	[  "$1" = "`printf "$1\n$2" | sort -V | head -n1`" ]
 }
@@ -112,6 +115,11 @@ fi
 # SDK_EXTENSIBLE is exposed from the SDK_PRE_INSTALL_COMMAND above
 if [ "$SDK_EXTENSIBLE" = "1" ]; then
 	DEFAULT_INSTALL_DIR="@SDKEXTPATH@"
+	if [ "$INST_GCC_VER" = '4.8' -a "$SDK_GCC_VER" = '4.9' ] || [ "$INST_GCC_VER" = '4.8' -a "$SDK_GCC_VER" = '' ] || \
+		[ "$INST_GCC_VER" = '4.9' -a "$SDK_GCC_VER" = '' ]; then
+		echo "Error: Incompatible SDK installer! Your host gcc version is $INST_GCC_VER and this SDK was built by gcc higher version."
+		exit 1
+	fi
 fi
 
 if [ "$target_sdk_dir" = "" ]; then

meta/lib/oe/package.py

@@ -18,23 +18,24 @@ def runstrip(arg):
         newmode = origmode | stat.S_IWRITE | stat.S_IREAD
         os.chmod(file, newmode)
 
-    extraflags = ""
+    stripcmd = [strip]
 
     # kernel module    
     if elftype & 16:
-        extraflags = "--strip-debug --remove-section=.comment --remove-section=.note --preserve-dates"
+        stripcmd.extend(["--strip-debug", "--remove-section=.comment",
+            "--remove-section=.note", "--preserve-dates"])
     # .so and shared library
     elif ".so" in file and elftype & 8:
-        extraflags = "--remove-section=.comment --remove-section=.note --strip-unneeded"
+        stripcmd.extend(["--remove-section=.comment", "--remove-section=.note", "--strip-unneeded"])
     # shared or executable:
     elif elftype & 8 or elftype & 4:
-        extraflags = "--remove-section=.comment --remove-section=.note"
+        stripcmd.extend(["--remove-section=.comment", "--remove-section=.note"])
 
-    stripcmd = "'%s' %s '%s'" % (strip, extraflags, file)
+    stripcmd.append(file)
     bb.debug(1, "runstrip: %s" % stripcmd)
 
     try:
-        output = subprocess.check_output(stripcmd, stderr=subprocess.STDOUT, shell=True)
+        output = subprocess.check_output(stripcmd, stderr=subprocess.STDOUT)
     except subprocess.CalledProcessError as e:
         bb.error("runstrip: '%s' strip command failed with %s (%s)" % (stripcmd, e.returncode, e.output))
 

meta/lib/oe/package_manager.py

@@ -165,6 +165,10 @@ class RpmIndexer(Indexer):
         archs = archs.union(set(sdk_pkg_archs))
 
         rpm_createrepo = bb.utils.which(os.getenv('PATH'), "createrepo")
+        if not rpm_createrepo:
+            bb.error("Cannot rebuild index as createrepo was not found in %s" % os.environ['PATH'])
+            return
+
         if self.d.getVar('PACKAGE_FEED_SIGN', True) == '1':
             signer = get_signer(self.d, self.d.getVar('PACKAGE_FEED_GPG_BACKEND', True))
         else:
@@ -358,12 +362,11 @@ class RpmPkgsList(PkgsList):
             RpmIndexer(d, rootfs_dir).get_ml_prefix_and_os_list(arch_var, os_var)
 
         # Determine rpm version
-        cmd = "%s --version" % self.rpm_cmd
         try:
-            output = subprocess.check_output(cmd, stderr=subprocess.STDOUT, shell=True).decode("utf-8")
+            output = subprocess.check_output([self.rpm_cmd, "--version"], stderr=subprocess.STDOUT).decode("utf-8")
         except subprocess.CalledProcessError as e:
             bb.fatal("Getting rpm version failed. Command '%s' "
-                     "returned %d:\n%s" % (cmd, e.returncode, e.output.decode("utf-8")))
+                     "returned %d:\n%s" % (self.rpm_cmd, e.returncode, e.output.decode("utf-8")))
 
     '''
     Translate the RPM/Smart format names to the OE multilib format names
@@ -412,16 +415,15 @@ class RpmPkgsList(PkgsList):
         return output
 
     def list_pkgs(self):
-        cmd = self.rpm_cmd + ' --root ' + self.rootfs_dir
-        cmd += ' -D "_dbpath /var/lib/rpm" -qa'
-        cmd += " --qf '[%{NAME} %{ARCH} %{VERSION} %{PACKAGEORIGIN}\n]'"
+        cmd = [self.rpm_cmd, '--root', self.rootfs_dir]
+        cmd.extend(['-D', '_dbpath /var/lib/rpm'])
+        cmd.extend(['-qa', '--qf', '[%{NAME} %{ARCH} %{VERSION} %{PACKAGEORIGIN}\n]'])
 
         try:
-            # bb.note(cmd)
-            tmp_output = subprocess.check_output(cmd, stderr=subprocess.STDOUT, shell=True).strip().decode("utf-8")
+            tmp_output = subprocess.check_output(cmd, stderr=subprocess.STDOUT).strip().decode("utf-8")
         except subprocess.CalledProcessError as e:
             bb.fatal("Cannot get the installed packages list. Command '%s' "
-                     "returned %d:\n%s" % (cmd, e.returncode, e.output.decode("utf-8")))
+                     "returned %d:\n%s" % (' '.join(cmd), e.returncode, e.output.decode("utf-8")))
 
         output = dict()
         deps = dict()
@@ -560,6 +562,29 @@ class PackageManager(object, metaclass=ABCMeta):
     def insert_feeds_uris(self):
         pass
 
+    """
+    Install all packages that match a glob.
+    """
+    def install_glob(self, globs, sdk=False):
+        # TODO don't have sdk here but have a property on the superclass
+        # (and respect in install_complementary)
+        if sdk:
+            pkgdatadir = self.d.expand("${STAGING_DIR}/${SDK_ARCH}-${SDKPKGSUFFIX}${SDK_VENDOR}-${SDK_OS}/pkgdata")
+        else:
+            pkgdatadir = self.d.getVar("PKGDATA_DIR", True)
+
+        try:
+            bb.note("Installing globbed packages...")
+            cmd = ["oe-pkgdata-util", "-p", pkgdatadir, "list-pkgs", globs]
+            pkgs = subprocess.check_output(cmd, stderr=subprocess.STDOUT).decode("utf-8")
+            self.install(pkgs.split(), attempt_only=True)
+        except subprocess.CalledProcessError as e:
+            # Return code 1 means no packages matched
+            if e.returncode != 1:
+                bb.fatal("Could not compute globbed packages list. Command "
+                         "'%s' returned %d:\n%s" %
+                         (' '.join(cmd), e.returncode, e.output.decode("utf-8")))
+
     """
     Install complementary packages based upon the list of currently installed
     packages e.g. locales, *-dev, *-dbg, etc. This will only attempt to install
@@ -568,15 +593,6 @@ class PackageManager(object, metaclass=ABCMeta):
     installation
     """
     def install_complementary(self, globs=None):
-        # we need to write the list of installed packages to a file because the
-        # oe-pkgdata-util reads it from a file
-        installed_pkgs_file = os.path.join(self.d.getVar('WORKDIR', True),
-                                           "installed_pkgs.txt")
-        with open(installed_pkgs_file, "w+") as installed_pkgs:
-            pkgs = self.list_installed()
-            output = oe.utils.format_pkg_list(pkgs, "arch")
-            installed_pkgs.write(output)
-
         if globs is None:
             globs = self.d.getVar('IMAGE_INSTALL_COMPLEMENTARY', True)
             split_linguas = set()
@@ -593,22 +609,29 @@ class PackageManager(object, metaclass=ABCMeta):
         if globs is None:
             return
 
-        cmd = [bb.utils.which(os.getenv('PATH'), "oe-pkgdata-util"),
-               "-p", self.d.getVar('PKGDATA_DIR', True), "glob", installed_pkgs_file,
-               globs]
-        exclude = self.d.getVar('PACKAGE_EXCLUDE_COMPLEMENTARY', True)
-        if exclude:
-            cmd.extend(['--exclude=' + '|'.join(exclude.split())])
-        try:
-            bb.note("Installing complementary packages ...")
-            bb.note('Running %s' % cmd)
-            complementary_pkgs = subprocess.check_output(cmd, stderr=subprocess.STDOUT).decode("utf-8")
-        except subprocess.CalledProcessError as e:
-            bb.fatal("Could not compute complementary packages list. Command "
-                     "'%s' returned %d:\n%s" %
-                     (' '.join(cmd), e.returncode, e.output.decode("utf-8")))
-        self.install(complementary_pkgs.split(), attempt_only=True)
-        os.remove(installed_pkgs_file)
+        # we need to write the list of installed packages to a file because the
+        # oe-pkgdata-util reads it from a file
+        with tempfile.NamedTemporaryFile(mode="w+", prefix="installed-pkgs") as installed_pkgs:
+            pkgs = self.list_installed()
+            output = oe.utils.format_pkg_list(pkgs, "arch")
+            installed_pkgs.write(output)
+            installed_pkgs.flush()
+
+            cmd = ["oe-pkgdata-util",
+                   "-p", self.d.getVar('PKGDATA_DIR', True), "glob", installed_pkgs.name,
+                   globs]
+            exclude = self.d.getVar('PACKAGE_EXCLUDE_COMPLEMENTARY', True)
+            if exclude:
+                cmd.extend(['--exclude=' + '|'.join(exclude.split())])
+            try:
+                bb.note("Installing complementary packages ...")
+                bb.note('Running %s' % cmd)
+                complementary_pkgs = subprocess.check_output(cmd, stderr=subprocess.STDOUT).decode("utf-8")
+                self.install(complementary_pkgs.split(), attempt_only=True)
+            except subprocess.CalledProcessError as e:
+                bb.fatal("Could not compute complementary packages list. Command "
+                         "'%s' returned %d:\n%s" %
+                         (' '.join(cmd), e.returncode, e.output.decode("utf-8")))
 
     def deploy_dir_lock(self):
         if self.deploy_dir is None:
@@ -654,7 +677,8 @@ class RpmPM(PackageManager):
                  task_name='target',
                  providename=None,
                  arch_var=None,
-                 os_var=None):
+                 os_var=None,
+                 rpm_repo_workdir="oe-rootfs-repo"):
         super(RpmPM, self).__init__(d)
         self.target_rootfs = target_rootfs
         self.target_vendor = target_vendor
@@ -672,11 +696,11 @@ class RpmPM(PackageManager):
         # 2 = --log-level=debug
         # 3 = --log-level=debug plus dumps of scriplet content and command invocation
         self.debug_level = int(d.getVar('ROOTFS_RPM_DEBUG', True) or "0")
-        self.smart_opt = "--log-level=%s --data-dir=%s" % \
+        self.smart_opt = ["--log-level=%s" %
                          ("warning" if self.debug_level == 0 else
                           "info" if self.debug_level == 1 else
-                          "debug",
-                          os.path.join(target_rootfs, 'var/lib/smart'))
+                          "debug"), "--data-dir=%s" %
+                          os.path.join(target_rootfs, 'var/lib/smart')]
         self.scriptlet_wrapper = self.d.expand('${WORKDIR}/scriptlet_wrapper')
         self.solution_manifest = self.d.expand('${T}/saved/%s_solution' %
                                                self.task_name)
@@ -732,18 +756,18 @@ class RpmPM(PackageManager):
                 for arch in arch_list:
                     bb.note('Adding Smart channel url%d%s (%s)' %
                             (uri_iterator, arch, channel_priority))
-                    self._invoke_smart('channel --add url%d-%s type=rpm-md baseurl=%s/%s -y'
-                                       % (uri_iterator, arch, uri, arch))
-                    self._invoke_smart('channel --set url%d-%s priority=%d' %
-                                       (uri_iterator, arch, channel_priority))
+                    self._invoke_smart(['channel', '--add', 'url%d-%s' % (uri_iterator, arch),
+                        'type=rpm-md', 'baseurl=%s/%s' % (uri, arch), '-y'])
+                    self._invoke_smart(['channel', '--set', 'url%d-%s' % (uri_iterator, arch),
+                        'priority=%d' % channel_priority])
                     channel_priority -= 5
             else:
                 bb.note('Adding Smart channel url%d (%s)' %
                         (uri_iterator, channel_priority))
-                self._invoke_smart('channel --add url%d type=rpm-md baseurl=%s -y'
-                                   % (uri_iterator, uri))
-                self._invoke_smart('channel --set url%d priority=%d' %
-                                   (uri_iterator, channel_priority))
+                self._invoke_smart(['channel', '--add', 'url%d' % uri_iterator,
+                    'type=rpm-md', 'baseurl=%s' % uri, '-y'])
+                self._invoke_smart(['channel', '--set', 'url%d' % uri_iterator, 
+                    'priority=%d' % channel_priority])
                 channel_priority -= 5
 
             uri_iterator += 1
@@ -774,18 +798,17 @@ class RpmPM(PackageManager):
 
         self._create_configs(platform, platform_extra)
 
+    #takes array args
     def _invoke_smart(self, args):
-        cmd = "%s %s %s" % (self.smart_cmd, self.smart_opt, args)
+        cmd = [self.smart_cmd] + self.smart_opt + args
         # bb.note(cmd)
         try:
-            complementary_pkgs = subprocess.check_output(cmd,
-                                                         stderr=subprocess.STDOUT,
-                                                         shell=True).decode("utf-8")
+            complementary_pkgs = subprocess.check_output(cmd,stderr=subprocess.STDOUT).decode("utf-8")
             # bb.note(complementary_pkgs)
             return complementary_pkgs
         except subprocess.CalledProcessError as e:
             bb.fatal("Could not invoke smart. Command "
-                     "'%s' returned %d:\n%s" % (cmd, e.returncode, e.output.decode("utf-8")))
+                     "'%s' returned %d:\n%s" % (' '.join(cmd), e.returncode, e.output.decode("utf-8")))
 
     def _search_pkg_name_in_feeds(self, pkg, feed_archs):
         for arch in feed_archs:
@@ -800,19 +823,23 @@ class RpmPM(PackageManager):
 
         # Search provides if not found by pkgname.
         bb.note('Not found %s by name, searching provides ...' % pkg)
-        cmd = "%s %s query --provides %s --show-format='$name-$version'" % \
-                (self.smart_cmd, self.smart_opt, pkg)
-        cmd += " | sed -ne 's/ *Provides://p'"
-        bb.note('cmd: %s' % cmd)
-        output = subprocess.check_output(cmd, stderr=subprocess.STDOUT, shell=True).decode("utf-8")
-        # Found a provider
-        if output:
-            bb.note('Found providers for %s: %s' % (pkg, output))
-            for p in output.split():
-                for arch in feed_archs:
-                    arch = arch.replace('-', '_')
-                    if p.rstrip().endswith('@' + arch):
-                        return p
+        cmd = [self.smart_cmd] + self.smart_opt + ["query", "--provides", pkg,
+                "--show-format=$name-$version"]
+        bb.note('cmd: %s' % ' '.join(cmd))
+        ps = subprocess.Popen(cmd, stdout=subprocess.PIPE)
+        try:
+            output = subprocess.check_output(["sed", "-ne", "s/ *Provides://p"],
+                stdin=ps.stdout, stderr=subprocess.STDOUT).decode("utf-8")
+            # Found a provider
+            if output:
+                bb.note('Found providers for %s: %s' % (pkg, output))
+                for p in output.split():
+                    for arch in feed_archs:
+                        arch = arch.replace('-', '_')
+                        if p.rstrip().endswith('@' + arch):
+                            return p
+        except subprocess.CalledProcessError as e:
+            bb.error("Failed running smart query on package %s." % pkg)
 
         return ""
 
@@ -949,30 +976,32 @@ class RpmPM(PackageManager):
             open(db_config_dir, 'w+').write(DB_CONFIG_CONTENT)
 
         # Create database so that smart doesn't complain (lazy init)
-        opt = "-qa"
-        cmd = "%s --root %s --dbpath /var/lib/rpm %s > /dev/null" % (
-              self.rpm_cmd, self.target_rootfs, opt)
+        cmd = [self.rpm_cmd, '--root', self.target_rootfs, '--dbpath', '/var/lib/rpm', '-qa']
         try:
-            subprocess.check_output(cmd, stderr=subprocess.STDOUT, shell=True)
+            subprocess.check_output(cmd, stderr=subprocess.STDOUT)
         except subprocess.CalledProcessError as e:
             bb.fatal("Create rpm database failed. Command '%s' "
-                     "returned %d:\n%s" % (cmd, e.returncode, e.output.decode("utf-8")))
+                     "returned %d:\n%s" % (' '.join(cmd), e.returncode, e.output.decode("utf-8")))
         # Import GPG key to RPM database of the target system
         if self.d.getVar('RPM_SIGN_PACKAGES', True) == '1':
             pubkey_path = self.d.getVar('RPM_GPG_PUBKEY', True)
-            cmd = "%s --root %s --dbpath /var/lib/rpm --import %s > /dev/null" % (
-                  self.rpm_cmd, self.target_rootfs, pubkey_path)
-            subprocess.check_output(cmd, stderr=subprocess.STDOUT, shell=True)
+            cmd = [self.rpm_cmd, '--root', self.target_rootfs, '--dbpath', '/var/lib/rpm', '--import', pubkey_path]
+            try:
+                subprocess.check_output(cmd, stderr=subprocess.STDOUT)
+            except subprocess.CalledProcessError as e:
+                bb.fatal("Import GPG key failed. Command '%s' "
+                        "returned %d:\n%s" % (' '.join(cmd), e.returncode, e.output.decode("utf-8")))
+
 
         # Configure smart
         bb.note("configuring Smart settings")
         bb.utils.remove(os.path.join(self.target_rootfs, 'var/lib/smart'),
                         True)
-        self._invoke_smart('config --set rpm-root=%s' % self.target_rootfs)
-        self._invoke_smart('config --set rpm-dbpath=/var/lib/rpm')
-        self._invoke_smart('config --set rpm-extra-macros._var=%s' %
-                           self.d.getVar('localstatedir', True))
-        cmd = "config --set rpm-extra-macros._tmppath=/%s/tmp" % (self.install_dir_name)
+        self._invoke_smart(['config', '--set', 'rpm-root=%s' % self.target_rootfs])
+        self._invoke_smart(['config', '--set', 'rpm-dbpath=/var/lib/rpm'])
+        self._invoke_smart(['config', '--set', 'rpm-extra-macros._var=%s' %
+                           self.d.getVar('localstatedir', True)])
+        cmd = ["config", "--set", "rpm-extra-macros._tmppath=/%s/tmp" % self.install_dir_name]
 
         prefer_color = self.d.getVar('RPM_PREFER_ELF_ARCH', True)
         if prefer_color:
@@ -986,32 +1015,32 @@ class RpmPM(PackageManager):
                                     ['mips64', 'mips64el']:
                 bb.fatal("RPM_PREFER_ELF_ARCH = \"4\" is for mips64 or mips64el "
                          "only.")
-            self._invoke_smart('config --set rpm-extra-macros._prefer_color=%s'
-                        % prefer_color)
+            self._invoke_smart(['config', '--set', 'rpm-extra-macros._prefer_color=%s'
+                        % prefer_color])
 
         self._invoke_smart(cmd)
-        self._invoke_smart('config --set rpm-ignoresize=1')
+        self._invoke_smart(['config', '--set', 'rpm-ignoresize=1'])
 
         # Write common configuration for host and target usage
-        self._invoke_smart('config --set rpm-nolinktos=1')
-        self._invoke_smart('config --set rpm-noparentdirs=1')
+        self._invoke_smart(['config', '--set', 'rpm-nolinktos=1'])
+        self._invoke_smart(['config', '--set', 'rpm-noparentdirs=1'])
         check_signature = self.d.getVar('RPM_CHECK_SIGNATURES', True)
         if check_signature and check_signature.strip() == "0":
-            self._invoke_smart('config --set rpm-check-signatures=false')
+            self._invoke_smart(['config', '--set rpm-check-signatures=false'])
         for i in self.d.getVar('BAD_RECOMMENDATIONS', True).split():
-            self._invoke_smart('flag --set ignore-recommends %s' % i)
+            self._invoke_smart(['flag', '--set', 'ignore-recommends', i])
 
         # Do the following configurations here, to avoid them being
         # saved for field upgrade
         if self.d.getVar('NO_RECOMMENDATIONS', True).strip() == "1":
-            self._invoke_smart('config --set ignore-all-recommends=1')
+            self._invoke_smart(['config', '--set', 'ignore-all-recommends=1'])
         pkg_exclude = self.d.getVar('PACKAGE_EXCLUDE', True) or ""
         for i in pkg_exclude.split():
-            self._invoke_smart('flag --set exclude-packages %s' % i)
+            self._invoke_smart(['flag', '--set', 'exclude-packages', i])
 
         # Optional debugging
-        # self._invoke_smart('config --set rpm-log-level=debug')
-        # cmd = 'config --set rpm-log-file=/tmp/smart-debug-logfile'
+        # self._invoke_smart(['config', '--set', 'rpm-log-level=debug'])
+        # cmd = ['config', '--set', 'rpm-log-file=/tmp/smart-debug-logfile']
         # self._invoke_smart(cmd)
         ch_already_added = []
         for canonical_arch in platform_extra:
@@ -1030,16 +1059,16 @@ class RpmPM(PackageManager):
             if not arch in ch_already_added:
                 bb.note('Adding Smart channel %s (%s)' %
                         (arch, channel_priority))
-                self._invoke_smart('channel --add %s type=rpm-md baseurl=%s -y'
-                                   % (arch, arch_channel))
-                self._invoke_smart('channel --set %s priority=%d' %
-                                   (arch, channel_priority))
+                self._invoke_smart(['channel', '--add', arch, 'type=rpm-md',
+                    'baseurl=%s' % arch_channel, '-y'])
+                self._invoke_smart(['channel', '--set', arch, 'priority=%d' %
+                                   channel_priority])
                 channel_priority -= 5
 
                 ch_already_added.append(arch)
 
         bb.note('adding Smart RPM DB channel')
-        self._invoke_smart('channel --add rpmsys type=rpm-sys -y')
+        self._invoke_smart(['channel', '--add', 'rpmsys', 'type=rpm-sys', '-y'])
 
         # Construct install scriptlet wrapper.
         # Scripts need to be ordered when executed, this ensures numeric order.
@@ -1102,15 +1131,15 @@ class RpmPM(PackageManager):
 
         bb.note("configuring RPM cross-install scriptlet_wrapper")
         os.chmod(self.scriptlet_wrapper, 0o755)
-        cmd = 'config --set rpm-extra-macros._cross_scriptlet_wrapper=%s' % \
-              self.scriptlet_wrapper
+        cmd = ['config', '--set', 'rpm-extra-macros._cross_scriptlet_wrapper=%s' %
+              self.scriptlet_wrapper]
         self._invoke_smart(cmd)
 
         # Debug to show smart config info
-        # bb.note(self._invoke_smart('config --show'))
+        # bb.note(self._invoke_smart(['config', '--show']))
 
     def update(self):
-        self._invoke_smart('update rpmsys')
+        self._invoke_smart(['update', 'rpmsys'])
 
     def get_rdepends_recursively(self, pkgs):
         # pkgs will be changed during the loop, so use [:] to make a copy.
@@ -1207,20 +1236,19 @@ class RpmPM(PackageManager):
             return
         if not attempt_only:
             bb.note('to be installed: %s' % ' '.join(pkgs))
-            cmd = "%s %s install -y %s" % \
-                  (self.smart_cmd, self.smart_opt, ' '.join(pkgs))
-            bb.note(cmd)
+            cmd = [self.smart_cmd] + self.smart_opt + ["install", "-y"] + pkgs
+            bb.note(' '.join(cmd))
         else:
             bb.note('installing attempt only packages...')
             bb.note('Attempting %s' % ' '.join(pkgs))
-            cmd = "%s %s install --attempt -y %s" % \
-                  (self.smart_cmd, self.smart_opt, ' '.join(pkgs))
+            cmd = [self.smart_cmd] + self.smart_opt + ["install", "--attempt",
+                    "-y"] + pkgs
         try:
-            output = subprocess.check_output(cmd.split(), stderr=subprocess.STDOUT).decode("utf-8")
+            output = subprocess.check_output(cmd, stderr=subprocess.STDOUT).decode("utf-8")
             bb.note(output)
         except subprocess.CalledProcessError as e:
             bb.fatal("Unable to install packages. Command '%s' "
-                     "returned %d:\n%s" % (cmd, e.returncode, e.output.decode("utf-8")))
+                     "returned %d:\n%s" % (' '.join(cmd), e.returncode, e.output.decode("utf-8")))
 
     '''
     Remove pkgs with smart, the pkg name is smart/rpm format
@@ -1229,24 +1257,19 @@ class RpmPM(PackageManager):
         bb.note('to be removed: ' + ' '.join(pkgs))
 
         if not with_dependencies:
-            cmd = "%s -e --nodeps " % self.rpm_cmd
-            cmd += "--root=%s " % self.target_rootfs
-            cmd += "--dbpath=/var/lib/rpm "
-            cmd += "--define='_cross_scriptlet_wrapper %s' " % \
-                   self.scriptlet_wrapper
-            cmd += "--define='_tmppath /%s/tmp' %s" % (self.install_dir_name, ' '.join(pkgs))
+            cmd = [self.rpm_cmd] + ["-e", "--nodeps", "--root=%s" %
+                    self.target_rootfs, "--dbpath=/var/lib/rpm",
+                    "--define='_cross_scriptlet_wrapper %s'" %
+                    self.scriptlet_wrapper,
+                    "--define='_tmppath /%s/tmp'" % self.install_dir_name] + pkgs
         else:
             # for pkg in pkgs:
             #   bb.note('Debug: What required: %s' % pkg)
-            #   bb.note(self._invoke_smart('query %s --show-requiredby' % pkg))
-
-            cmd = "%s %s remove -y %s" % (self.smart_cmd,
-                                          self.smart_opt,
-                                          ' '.join(pkgs))
-
+            #   bb.note(self._invoke_smart(['query', pkg, '--show-requiredby']))
+            cmd = [self.smart_cmd] + self.smart_opt + ["remove", "-y"] + pkgs
         try:
-            bb.note(cmd)
-            output = subprocess.check_output(cmd, stderr=subprocess.STDOUT, shell=True).decode("utf-8")
+            bb.note(' '.join(cmd))
+            output = subprocess.check_output(cmd, stderr=subprocess.STDOUT).decode("utf-8")
             bb.note(output)
         except subprocess.CalledProcessError as e:
             bb.note("Unable to remove packages. Command '%s' "
@@ -1254,7 +1277,7 @@ class RpmPM(PackageManager):
 
     def upgrade(self):
         bb.note('smart upgrade')
-        self._invoke_smart('upgrade')
+        self._invoke_smart(['upgrade'])
 
     def write_index(self):
         result = self.indexer.write_index()
@@ -1307,25 +1330,24 @@ class RpmPM(PackageManager):
         pkgs = self._pkg_translate_oe_to_smart(pkgs, False)
         install_pkgs = list()
 
-        cmd = "%s %s install -y --dump %s 2>%s" %  \
-              (self.smart_cmd,
-               self.smart_opt,
-               ' '.join(pkgs),
-               self.solution_manifest)
+        cmd = [self.smart_cmd] + self.smart_opt + ['install', '-y', '--dump'] + pkgs
         try:
             # Disable rpmsys channel for the fake install
-            self._invoke_smart('channel --disable rpmsys')
+            self._invoke_smart(['channel', '--disable', 'rpmsys'])
 
-            subprocess.check_output(cmd, stderr=subprocess.STDOUT, shell=True)
+            output = subprocess.check_output(cmd,stderr=subprocess.STDOUT).decode('utf-8')
+            f = open(self.solution_manifest, 'w')
+            f.write(output)
+            f.close()
             with open(self.solution_manifest, 'r') as manifest:
                 for pkg in manifest.read().split('\n'):
                     if '@' in pkg:
-                        install_pkgs.append(pkg)
+                        install_pkgs.append(pkg.strip())
         except subprocess.CalledProcessError as e:
             bb.note("Unable to dump install packages. Command '%s' "
                     "returned %d:\n%s" % (cmd, e.returncode, e.output.decode("utf-8")))
         # Recovery rpmsys channel
-        self._invoke_smart('channel --enable rpmsys')
+        self._invoke_smart(['channel', '--enable', 'rpmsys'])
         return install_pkgs
 
     '''
@@ -1355,17 +1377,16 @@ class RpmPM(PackageManager):
     def dump_all_available_pkgs(self):
         available_manifest = self.d.expand('${T}/saved/available_pkgs.txt')
         available_pkgs = list()
-        cmd = "%s %s query --output %s" %  \
-              (self.smart_cmd, self.smart_opt, available_manifest)
+        cmd = [self.smart_cmd] + self.smart_opt + ['query', '--output', available_manifest]
         try:
-            subprocess.check_output(cmd, stderr=subprocess.STDOUT, shell=True)
+            subprocess.check_output(cmd, stderr=subprocess.STDOUT)
             with open(available_manifest, 'r') as manifest:
                 for pkg in manifest.read().split('\n'):
                     if '@' in pkg:
                         available_pkgs.append(pkg.strip())
         except subprocess.CalledProcessError as e:
             bb.note("Unable to list all available packages. Command '%s' "
-                    "returned %d:\n%s" % (cmd, e.returncode, e.output.decode("utf-8")))
+                    "returned %d:\n%s" % (' '.join(cmd), e.returncode, e.output.decode("utf-8")))
 
         self.fullpkglist = available_pkgs
 
@@ -1404,11 +1425,11 @@ class RpmPM(PackageManager):
         bb.utils.remove(os.path.join(self.target_rootfs, 'var/lib/smart'),
                         True)
 
-        self._invoke_smart('config --set rpm-nolinktos=1')
-        self._invoke_smart('config --set rpm-noparentdirs=1')
+        self._invoke_smart(['config', '--set', 'rpm-nolinktos=1'])
+        self._invoke_smart(['config', '--set', 'rpm-noparentdirs=1'])
         for i in self.d.getVar('BAD_RECOMMENDATIONS', True).split():
-            self._invoke_smart('flag --set ignore-recommends %s' % i)
-        self._invoke_smart('channel --add rpmsys type=rpm-sys -y')
+            self._invoke_smart(['flag', '--set', 'ignore-recommends', i])
+        self._invoke_smart(['channel', '--add', 'rpmsys', 'type=rpm-sys', '-y'])
 
     '''
     The rpm db lock files were produced after invoking rpm to query on
@@ -1425,12 +1446,12 @@ class RpmPM(PackageManager):
     Returns a dictionary with the package info.
     """
     def package_info(self, pkg):
-        cmd = "%s %s info --urls %s" % (self.smart_cmd, self.smart_opt, pkg)
+        cmd = [self.smart_cmd] + self.smart_opt + ['info', '--urls', pkg]
         try:
-            output = subprocess.check_output(cmd, stderr=subprocess.STDOUT, shell=True).decode("utf-8")
+            output = subprocess.check_output(cmd, stderr=subprocess.STDOUT).decode("utf-8")
         except subprocess.CalledProcessError as e:
             bb.fatal("Unable to list available packages. Command '%s' "
-                     "returned %d:\n%s" % (cmd, e.returncode, e.output.decode("utf-8")))
+                     "returned %d:\n%s" % (' '.join(cmd), e.returncode, e.output.decode("utf-8")))
 
         # Set default values to avoid UnboundLocalError
         arch = ""
@@ -1550,18 +1571,18 @@ class OpkgDpkgPM(PackageManager):
         os.chdir(tmp_dir)
 
         try:
-            cmd = "%s x %s" % (ar_cmd, pkg_path)
-            output = subprocess.check_output(cmd, stderr=subprocess.STDOUT, shell=True)
-            cmd = "%s xf data.tar.*" % tar_cmd
-            output = subprocess.check_output(cmd, stderr=subprocess.STDOUT, shell=True)
+            cmd = [ar_cmd, 'x', pkg_path]
+            output = subprocess.check_output(cmd, stderr=subprocess.STDOUT)
+            cmd = [tar_cmd, 'xf', 'data.tar.*']
+            output = subprocess.check_output(cmd, stderr=subprocess.STDOUT)
         except subprocess.CalledProcessError as e:
             bb.utils.remove(tmp_dir, recurse=True)
             bb.fatal("Unable to extract %s package. Command '%s' "
-                     "returned %d:\n%s" % (pkg_path, cmd, e.returncode, e.output.decode("utf-8")))
+                     "returned %d:\n%s" % (pkg_path, ' '.join(cmd), e.returncode, e.output.decode("utf-8")))
         except OSError as e:
             bb.utils.remove(tmp_dir, recurse=True)
             bb.fatal("Unable to extract %s package. Command '%s' "
-                     "returned %d:\n%s at %s" % (pkg_path, cmd, e.errno, e.strerror, e.filename))
+                     "returned %d:\n%s at %s" % (pkg_path, ' '.join(cmd), e.errno, e.strerror, e.filename))
 
         bb.note("Extracted %s to %s" % (pkg_path, tmp_dir))
         bb.utils.remove(os.path.join(tmp_dir, "debian-binary"))
@@ -2000,7 +2021,10 @@ class DpkgPM(OpkgDpkgPM):
     """
     def run_pre_post_installs(self, package_name=None):
         info_dir = self.target_rootfs + "/var/lib/dpkg/info"
-        suffixes = [(".preinst", "Preinstall"), (".postinst", "Postinstall")]
+        ControlScript = collections.namedtuple("ControlScript", ["suffix", "name", "argument"])
+        control_scripts = [
+                ControlScript(".preinst", "Preinstall", "install"),
+                ControlScript(".postinst", "Postinstall", "configure")]
         status_file = self.target_rootfs + "/var/lib/dpkg/status"
         installed_pkgs = []
 
@@ -2023,16 +2047,18 @@ class DpkgPM(OpkgDpkgPM):
 
         failed_pkgs = []
         for pkg_name in installed_pkgs:
-            for suffix in suffixes:
-                p_full = os.path.join(info_dir, pkg_name + suffix[0])
+            for control_script in control_scripts:
+                p_full = os.path.join(info_dir, pkg_name + control_script.suffix)
                 if os.path.exists(p_full):
                     try:
                         bb.note("Executing %s for package: %s ..." %
-                                 (suffix[1].lower(), pkg_name))
-                        subprocess.check_output(p_full, stderr=subprocess.STDOUT)
+                                 (control_script.name.lower(), pkg_name))
+                        subprocess.check_output([p_full, control_script.argument],
+                                stderr=subprocess.STDOUT)
                     except subprocess.CalledProcessError as e:
                         bb.note("%s for package %s failed with %d:\n%s" %
-                                (suffix[1], pkg_name, e.returncode, e.output.decode("utf-8")))
+                                (control_script.name, pkg_name, e.returncode,
+                                    e.output.decode("utf-8")))
                         failed_pkgs.append(pkg_name)
                         break
 

meta/lib/oe/sdk.py

@@ -7,6 +7,51 @@ import shutil
 import glob
 import traceback
 
+def generate_locale_archive(d, rootfs):
+    # Pretty sure we don't need this for SDK archive generation but
+    # keeping it to be safe...
+    target_arch = d.getVar('SDK_ARCH', True)
+    locale_arch_options = { \
+        "arm": ["--uint32-align=4", "--little-endian"],
+        "armeb": ["--uint32-align=4", "--big-endian"],
+        "aarch64": ["--uint32-align=4", "--little-endian"],
+        "aarch64_be": ["--uint32-align=4", "--big-endian"],
+        "sh4": ["--uint32-align=4", "--big-endian"],
+        "powerpc": ["--uint32-align=4", "--big-endian"],
+        "powerpc64": ["--uint32-align=4", "--big-endian"],
+        "mips": ["--uint32-align=4", "--big-endian"],
+        "mipsisa32r6": ["--uint32-align=4", "--big-endian"],
+        "mips64": ["--uint32-align=4", "--big-endian"],
+        "mipsisa64r6": ["--uint32-align=4", "--big-endian"],
+        "mipsel": ["--uint32-align=4", "--little-endian"],
+        "mipsisa32r6el": ["--uint32-align=4", "--little-endian"],
+        "mips64el": ["--uint32-align=4", "--little-endian"],
+        "mipsisa64r6el": ["--uint32-align=4", "--little-endian"],
+        "i586": ["--uint32-align=4", "--little-endian"],
+        "i686": ["--uint32-align=4", "--little-endian"],
+        "x86_64": ["--uint32-align=4", "--little-endian"]
+    }
+    if target_arch in locale_arch_options:
+        arch_options = locale_arch_options[target_arch]
+    else:
+        bb.error("locale_arch_options not found for target_arch=" + target_arch)
+        bb.fatal("unknown arch:" + target_arch + " for locale_arch_options")
+
+    localedir = oe.path.join(rootfs, d.getVar("libdir_nativesdk", True), "locale")
+    # Need to set this so cross-localedef knows where the archive is
+    env = dict(os.environ)
+    env["LOCALEARCHIVE"] = oe.path.join(localedir, "locale-archive")
+
+    for name in os.listdir(localedir):
+        path = os.path.join(localedir, name)
+        if os.path.isdir(path):
+            try:
+                cmd = ["cross-localedef", "--verbose"]
+                cmd += arch_options
+                cmd += ["--add-to-archive", path]
+                subprocess.check_output(cmd, env=env, stderr=subprocess.STDOUT)
+            except Exception as e:
+                bb.fatal("Cannot create locale archive: %s" % e.output)
 
 class Sdk(object, metaclass=ABCMeta):
     def __init__(self, d, manifest_dir):
@@ -84,8 +129,32 @@ class Sdk(object, metaclass=ABCMeta):
             bb.debug(1, "printing the stack trace\n %s" %traceback.format_exc())
             bb.warn("cannot remove SDK dir: %s" % path)
 
+    def install_locales(self, pm):
+        # This is only relevant for glibc
+        if self.d.getVar("TCLIBC", True) != "glibc":
+            return
+
+        linguas = self.d.getVar("SDKIMAGE_LINGUAS", True)
+        if linguas:
+            import fnmatch
+            # Install the binary locales
+            if linguas == "all":
+                pm.install_glob("nativesdk-glibc-binary-localedata-*.utf-8", sdk=True)
+            else:
+                for lang in linguas.split():
+                    pm.install("nativesdk-glibc-binary-localedata-%s.utf-8" % lang)
+            # Generate a locale archive of them
+            generate_locale_archive(self.d, oe.path.join(self.sdk_host_sysroot, self.sdk_native_path))
+            # And now delete the binary locales
+            pkgs = fnmatch.filter(pm.list_installed(), "nativesdk-glibc-binary-localedata-*.utf-8")
+            pm.remove(pkgs, with_dependencies=False)
+        else:
+            # No linguas so do nothing
+            pass
+
+
 class RpmSdk(Sdk):
-    def __init__(self, d, manifest_dir=None):
+    def __init__(self, d, manifest_dir=None, rpm_workdir="oe-sdk-repo"):
         super(RpmSdk, self).__init__(d, manifest_dir)
 
         self.target_manifest = RpmManifest(d, self.manifest_dir,
@@ -100,11 +169,17 @@ class RpmSdk(Sdk):
                               'pkgconfig'
                               ]
 
+        rpm_repo_workdir = "oe-sdk-repo"
+        if "sdk_ext" in d.getVar("BB_RUNTASK", True):
+            rpm_repo_workdir = "oe-sdk-ext-repo"
+
+
         self.target_pm = RpmPM(d,
                                self.sdk_target_sysroot,
                                self.d.getVar('TARGET_VENDOR', True),
                                'target',
-                               target_providename
+                               target_providename,
+                               rpm_repo_workdir=rpm_repo_workdir
                                )
 
         sdk_providename = ['/bin/sh',
@@ -122,7 +197,8 @@ class RpmSdk(Sdk):
                              'host',
                              sdk_providename,
                              "SDK_PACKAGE_ARCHS",
-                             "SDK_OS"
+                             "SDK_OS",
+                             rpm_repo_workdir=rpm_repo_workdir
                              )
 
     def _populate_sysroot(self, pm, manifest):
@@ -158,6 +234,7 @@ class RpmSdk(Sdk):
 
         bb.note("Installing NATIVESDK packages")
         self._populate_sysroot(self.host_pm, self.host_manifest)
+        self.install_locales(self.host_pm)
 
         execute_pre_post_process(self.d, self.d.getVar("POPULATE_SDK_POST_HOST_COMMAND", True))
 
@@ -237,6 +314,7 @@ class OpkgSdk(Sdk):
 
         bb.note("Installing NATIVESDK packages")
         self._populate_sysroot(self.host_pm, self.host_manifest)
+        self.install_locales(self.host_pm)
 
         execute_pre_post_process(self.d, self.d.getVar("POPULATE_SDK_POST_HOST_COMMAND", True))
 
@@ -321,6 +399,7 @@ class DpkgSdk(Sdk):
 
         bb.note("Installing NATIVESDK packages")
         self._populate_sysroot(self.host_pm, self.host_manifest)
+        self.install_locales(self.host_pm)
 
         execute_pre_post_process(self.d, self.d.getVar("POPULATE_SDK_POST_HOST_COMMAND", True))
 

meta/lib/oe/terminal.py

@@ -67,7 +67,7 @@ class Gnome(XTerminal):
         import tempfile
         pidfile = tempfile.NamedTemporaryFile(delete = False).name
         try:
-            sh_cmd = "oe-gnome-terminal-phonehome " + pidfile + " " + sh_cmd
+            sh_cmd = bb.utils.which(os.getenv('PATH'), "oe-gnome-terminal-phonehome") + " " + pidfile + " " + sh_cmd
             XTerminal.__init__(self, sh_cmd, title, env, d)
             while os.stat(pidfile).st_size <= 0:
                 continue

meta/lib/oeqa/selftest/signing.py

@@ -26,7 +26,7 @@ class Signing(oeSelfTest):
         cls.pub_key_path = os.path.join(cls.testlayer_path, 'files', 'signing', "key.pub")
         cls.secret_key_path = os.path.join(cls.testlayer_path, 'files', 'signing', "key.secret")
 
-        runCmd('gpg --homedir %s --import %s %s' % (cls.gpg_dir, cls.pub_key_path, cls.secret_key_path))
+        runCmd('gpg --batch --homedir %s --import %s %s' % (cls.gpg_dir, cls.pub_key_path, cls.secret_key_path))
 
     @classmethod
     def tearDownClass(cls):
@@ -104,13 +104,7 @@ class Signing(oeSelfTest):
         self.add_command_to_tearDown('bitbake -c clean %s' % test_recipe)
         self.add_command_to_tearDown('rm -rf %s' % sstatedir)
 
-        # Determine the pub key signature
-        ret = runCmd('gpg --homedir %s --list-keys' % self.gpg_dir)
-        pub_key = re.search(r'^pub\s+\S+/(\S+)\s+', ret.output, re.M)
-        self.assertIsNotNone(pub_key, 'Failed to determine the public key signature.')
-        pub_key = pub_key.group(1)
-
-        feature = 'SSTATE_SIG_KEY ?= "%s"\n' % pub_key
+        feature = 'SSTATE_SIG_KEY ?= "testuser"\n'
         feature += 'SSTATE_SIG_PASSPHRASE ?= "test123"\n'
         feature += 'SSTATE_VERIFY_SIG ?= "1"\n'
         feature += 'GPG_PATH = "%s"\n' % self.gpg_dir

meta/recipes-bsp/acpid/acpid.inc

@@ -9,6 +9,8 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/acpid2/acpid-${PV}.tar.xz \
            file://acpid.service \
           "
 
+CVE_PRODUCT = "acpid2"
+
 inherit autotools update-rc.d systemd
 
 INITSCRIPT_NAME = "acpid"

meta/recipes-bsp/gnu-efi/gnu-efi/0001-Mark-our-explicit-fall-through-so-Wextra-will-work-i.patch

@@ -0,0 +1,34 @@
+From 676a8a9001f06808b4dbe0a545d76b5d9a8ebf48 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Thu, 2 Feb 2017 13:51:27 -0500
+Subject: [PATCH] Mark our explicit fall through so -Wextra will work in gcc 7
+
+gcc 7 introduces detection of fall-through behavior in switch/case
+statements, and will warn if -Wimplicit-fallthrough is present and there
+is no comment stating that the fall-through is intentional.  This is
+also triggered by -Wextra, as it enables -Wimplicit-fallthrough=1.
+
+This patch adds the comment in the one place we use fall-through.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+Upstream-Status: Pending
+
+ lib/print.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/lib/print.c b/lib/print.c
+index b8a9d38..cb732f0 100644
+--- a/lib/print.c
++++ b/lib/print.c
+@@ -1131,6 +1131,7 @@ Returns:
+             case 'X':
+                 Item.Width = Item.Long ? 16 : 8;
+                 Item.Pad = '0';
++		/* falls through */
+             case 'x':
+                 ValueToHex (
+                     Item.Scratch,
+-- 
+2.12.2
+

meta/recipes-bsp/gnu-efi/gnu-efi_3.0.4.bb

@@ -17,7 +17,8 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BP}.tar.bz2 \
            file://lib-Makefile-fix-parallel-issue.patch \
            file://gcc46-compatibility.patch \
            file://aarch64-initplat.c-fix-const-qualifier.patch \
-          "
+           file://0001-Mark-our-explicit-fall-through-so-Wextra-will-work-i.patch \
+           "
 
 SRC_URI[md5sum] = "612e0f327f31c4b8468ef55f4eeb9649"
 SRC_URI[sha256sum] = "51a00428c3ccb96db24089ed8394843c4f83cf8f42c6a4dfddb4b7c23f2bf8af"

meta/recipes-bsp/grub/files/0001-configure-fix-check-for-sys-sysmacros.h-under-glibc-.patch

@@ -0,0 +1,48 @@
+From 07662af7aed55bcec448bc2a6610de1f0cb62100 Mon Sep 17 00:00:00 2001
+From: Andrei Borzenkov <arvidjaar@gmail.com>
+Date: Thu, 22 Dec 2016 22:48:25 +0300
+Subject: [PATCH] configure: fix check for sys/sysmacros.h under glibc 2.25+
+
+glibc 2.25 still includes sys/sysmacros.h in sys/types.h but also emits
+deprecation warning. So test for sys/types.h succeeds in configure but later
+compilation fails because we use -Werror by default.
+
+While this is fixed in current autoconf GIT, we really cannot force everyone
+to use bleeding edge (that is not even released right now). So run test under
+-Werror as well to force proper detection.
+
+This should have no impact on autoconf 2.70+ as AC_HEADER_MAJOR in this version
+simply checks for header existence.
+
+Upstream-Status: Backport [http://git.savannah.gnu.org/cgit/grub.git/commit/?id=07662af7aed55bcec448bc2a6610de1f0cb62100]
+
+Reported and tested by Khem Raj <raj.khem@gmail.com>
+
+Signed-off-by: Andrei Borzenkov <arvidjaar@gmail.com>
+Signed-off-by: Maxin B. John <maxin.john@intel.com>
+---
+ configure.ac | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/configure.ac b/configure.ac
+index dc56564..4e980c5 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -389,7 +389,14 @@ fi
+ # Check for functions and headers.
+ AC_CHECK_FUNCS(posix_memalign memalign getextmntent)
+ AC_CHECK_HEADERS(sys/param.h sys/mount.h sys/mnttab.h limits.h)
++
++# glibc 2.25 still includes sys/sysmacros.h in sys/types.h but emits deprecation
++# warning which causes compilation failure later with -Werror. So use -Werror here
++# as well to force proper sys/sysmacros.h detection.
++SAVED_CFLAGS="$CFLAGS"
++CFLAGS="$HOST_CFLAGS -Werror"
+ AC_HEADER_MAJOR
++CFLAGS="$SAVED_CFLAGS"
+ 
+ AC_CHECK_MEMBERS([struct statfs.f_fstypename],,,[$ac_includes_default
+ #include <sys/param.h>
+-- 
+2.4.0
+

meta/recipes-bsp/grub/grub-efi_2.00.bb

@@ -6,6 +6,7 @@ PR = "r3"
 
 SRC_URI += " \
            file://cfg \
+           file://0001-configure-fix-check-for-sys-sysmacros.h-under-glibc-.patch \
           "
 
 S = "${WORKDIR}/grub-${PV}"

meta/recipes-connectivity/bluez5/bluez5.inc

@@ -27,6 +27,8 @@ SRC_URI = "\
 "
 S = "${WORKDIR}/bluez-${PV}"
 
+CVE_PRODUCT = "bluez"
+
 inherit autotools pkgconfig systemd update-rc.d distro_features_check ptest
 
 EXTRA_OECONF = "\

meta/recipes-connectivity/portmap/portmap_6.0.bb

@@ -4,7 +4,7 @@ DEPENDS_append_libc-musl = " libtirpc "
 
 PR = "r9"
 
-SRC_URI = "http://www.sourcefiles.org/Networking/Tools/Miscellanenous/portmap-6.0.tgz \
+SRC_URI = "https://fossies.org/linux/misc/old/portmap-6.0.tgz \
            file://destdir-no-strip.patch \
            file://tcpd-config.patch \
            file://portmap.init \

meta/recipes-core/glib-2.0/glib.inc

@@ -15,6 +15,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=3bf50002aefd002f49e7bb854063f7e7 \
 BUGTRACKER = "http://bugzilla.gnome.org"
 SECTION = "libs"
 
+CVE_PRODUCT = "glib"
+
 BBCLASSEXTEND = "native nativesdk"
 
 DEPENDS = "virtual/libiconv libffi zlib glib-2.0-native"

meta/recipes-core/glibc/cross-localedef-native_2.24.bb

@@ -37,6 +37,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
            file://0024-eglibc-Forward-port-cross-locale-generation-support.patch \
            file://0025-Define-DUMMY_LOCALE_T-if-not-defined.patch \
            file://0001-Include-locale_t.h-compatibility-header.patch \
+           file://archive-path.patch \
 "
 # Makes for a rather long rev (22 characters), but...
 #

meta/recipes-core/glibc/glibc-collateral.inc

@@ -15,7 +15,7 @@ do_patch[noexec] = "1"
 do_configure[noexec] = "1"
 do_compile[noexec] = "1"
 
-do_install[depends] += "virtual/${MLPREFIX}libc:do_populate_sysroot"
+do_install[depends] += "virtual/${MLPREFIX}libc:do_stash_locale"
 
 COMPATIBLE_HOST_libc-musl_class-target = "null"
 COMPATIBLE_HOST_libc-uclibc_class-target = "null"

meta/recipes-core/glibc/glibc-common.inc

@@ -7,3 +7,4 @@ LIC_FILES_CHKSUM ?= "file://LICENSES;md5=07a394b26e0902b9ffdec03765209770 \
       file://COPYING;md5=393a5ca445f6965873eca0259a17f833 \
       file://posix/rxspencer/COPYRIGHT;md5=dc5485bb394a13b2332ec1c785f5d83a \
       file://COPYING.LIB;md5=bbb461211a33b134d42ed5ee802b37ff "
+CVE_PRODUCT = "glibc"

meta/recipes-core/glibc/glibc-initial.inc

@@ -48,7 +48,7 @@ do_install () {
 	done
 }
 
-do_install_locale() {
+do_stash_locale() {
 	:
 }
 

meta/recipes-core/glibc/glibc-locale.inc

@@ -12,7 +12,7 @@ BINUTILSDEP = "virtual/${MLPREFIX}${TARGET_PREFIX}binutils:do_populate_sysroot"
 BINUTILSDEP_class-nativesdk = "virtual/${TARGET_PREFIX}binutils-crosssdk:do_populate_sysroot"
 do_package[depends] += "${BINUTILSDEP}"
 
-# localedef links with libc.so and glibc-collateral.incinhibits all default deps
+# localedef links with libc.so and glibc-collateral.inc inhibits all default deps
 # cannot add virtual/libc to DEPENDS, because it would conflict with libc-initial in RSS
 RDEPENDS_localedef += "glibc"
 
@@ -39,7 +39,6 @@ PACKAGES = "localedef ${PN}-dbg"
 
 PACKAGES_DYNAMIC = "^locale-base-.* \
                     ^glibc-gconv-.* ^glibc-charmap-.* ^glibc-localedata-.* ^glibc-binary-localedata-.* \
-                    ^glibc-gconv-.*  ^glibc-charmap-.*  ^glibc-localedata-.*  ^glibc-binary-localedata-.* \
                     ^${MLPREFIX}glibc-gconv$"
 
 # Create a glibc-binaries package
@@ -70,7 +69,7 @@ DESCRIPTION_localedef = "glibc: compile locale definition files"
 FILES_${MLPREFIX}glibc-gconv = "${libdir}/gconv/*"
 FILES_localedef = "${bindir}/localedef"
 
-LOCALETREESRC = "${STAGING_INCDIR}/glibc-locale-internal-${MULTIMACH_TARGET_SYS}"
+LOCALETREESRC = "${STAGING_DIR}-components/${PACKAGE_ARCH}/glibc-stash-locale"
 
 do_install () {
 	mkdir -p ${D}${bindir} ${D}${datadir} ${D}${libdir}

meta/recipes-core/glibc/glibc-mtrace.inc

@@ -5,7 +5,7 @@ DESCRIPTION = "mtrace utility provided by glibc"
 RDEPENDS_${PN} = "perl"
 RPROVIDES_${PN} = "libc-mtrace"
 
-SRC = "${STAGING_INCDIR}/glibc-scripts-internal-${MULTIMACH_TARGET_SYS}"
+SRC = "${STAGING_DIR}-components/${PACKAGE_ARCH}/glibc-stash-locale/scripts"
 
 do_install() {
 	install -d -m 0755 ${D}${bindir}

meta/recipes-core/glibc/glibc-package.inc

@@ -145,8 +145,11 @@ do_install_append_aarch64 () {
 	fi
 }
 
-do_install_locale () {
-	dest=${D}/${includedir}/glibc-locale-internal-${MULTIMACH_TARGET_SYS}
+LOCALESTASH = "${WORKDIR}/stashed-locale"
+bashscripts = "mtrace sotruss xtrace"
+
+do_stash_locale () {
+	dest=${LOCALESTASH}
 	install -d ${dest}${base_libdir} ${dest}${bindir} ${dest}${libdir} ${dest}${datadir}
 	if [ "${base_libdir}" != "${libdir}" ]; then
 		cp -fpPR ${D}${base_libdir}/* ${dest}${base_libdir}
@@ -166,14 +169,8 @@ do_install_locale () {
 	cp -fpPR ${D}${datadir}/* ${dest}${datadir}
 	rm -rf ${D}${datadir}/locale/
 	cp -fpPR ${WORKDIR}/SUPPORTED ${dest}
-}
 
-addtask do_install_locale after do_install before do_populate_sysroot do_package
-
-bashscripts = "mtrace sotruss xtrace"
-
-do_evacuate_scripts () {
-	target=${D}${includedir}/glibc-scripts-internal-${MULTIMACH_TARGET_SYS}
+	target=${dest}/scripts
 	mkdir -p $target
 	for i in ${bashscripts}; do
 		if [ -f ${D}${bindir}/$i ]; then
@@ -182,22 +179,36 @@ do_evacuate_scripts () {
 	done
 }
 
-addtask evacuate_scripts after do_install before do_populate_sysroot do_package
+addtask do_stash_locale after do_install before do_populate_sysroot do_package
+do_stash_locale[dirs] = "${B}"
+do_stash_locale[cleandirs] = "${LOCALESTASH}"
+SSTATETASKS += "do_stash_locale"
+do_stash_locale[sstate-inputdirs] = "${LOCALESTASH}"
+do_stash_locale[sstate-outputdirs] = "${STAGING_DIR}-components/${PACKAGE_ARCH}/glibc-stash-locale"
+do_stash_locale[sstate-fixmedir] = "${STAGING_DIR}-components/${PACKAGE_ARCH}/glibc-stash-locale"
 
-PACKAGE_PREPROCESS_FUNCS += "glibc_package_preprocess"
+python do_stash_locale_setscene () {
+    sstate_setscene(d)
+}
+addtask do_stash_locale_setscene
 
-glibc_package_preprocess () {
-	rm -rf ${PKGD}/${includedir}/glibc-locale-internal-${MULTIMACH_TARGET_SYS}
-	rm -rf ${PKGD}/${includedir}/glibc-scripts-internal-${MULTIMACH_TARGET_SYS}
+do_poststash_install_cleanup () {
+	# Remove all files which do_stash_locale would remove (mv)
+	# since that task could have come from sstate and not get run.
 	for i in ${bashscripts}; do
-	    rm -f ${PKGD}${bindir}/$i
+	    rm -f ${D}${bindir}/$i
 	done
-	rm -rf ${PKGD}/${localedir}
+	rm -f ${D}${bindir}/localedef
+	rm -rf ${D}${datadir}/i18n
+	rm -rf ${D}${libdir}/gconv
+	rm -rf ${D}/${localedir}
+	rm -rf ${D}${datadir}/locale
 	if [ "${libdir}" != "${exec_prefix}/lib" ]; then
 		# This dir only exists to hold locales
-		rm -rf ${PKGD}${exec_prefix}/lib
+		rm -rf ${D}${exec_prefix}/lib
 	fi
 }
+addtask do_poststash_install_cleanup after do_stash_locale do_install before do_populate_sysroot do_package
 
 pkg_postinst_nscd () {
 	if [ -z "$D" ]; then

meta/recipes-core/glibc/glibc-scripts.inc

@@ -4,7 +4,7 @@ SUMMARY = "utility scripts provided by glibc"
 DESCRIPTION = "utility scripts provided by glibc"
 RDEPENDS_${PN} = "bash glibc-mtrace"
 
-SRC = "${STAGING_INCDIR}/glibc-scripts-internal-${MULTIMACH_TARGET_SYS}"
+SRC = "${STAGING_DIR}-components/${PACKAGE_ARCH}/glibc-stash-locale/scripts"
 
 bashscripts = "sotruss xtrace"
 

meta/recipes-core/glibc/glibc/archive-path.patch

@@ -0,0 +1,39 @@
+localedef --add-to-archive uses a hard-coded locale path which doesn't exist in
+normal use, and there's no way to pass an alternative filename.
+
+Add a fallback of $LOCALEARCHIVE from the environment, and allow creation of new locale archives that are not the system archive.
+
+Upstream-Status: Inappropriate (OE-specific)
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+diff --git a/locale/programs/locarchive.c b/locale/programs/locarchive.c
+index ca332a34..6b7ba9b2 100644
+--- a/locale/programs/locarchive.c
++++ b/locale/programs/locarchive.c
+@@ -569,10 +569,13 @@ open_archive (struct locarhandle *ah, bool readonly)
+   /* If ah has a non-NULL fname open that otherwise open the default.  */
+   if (archivefname == NULL)
+     {
+-      archivefname = default_fname;
+-      if (output_prefix)
+-        memcpy (default_fname, output_prefix, prefix_len);
+-      strcpy (default_fname + prefix_len, ARCHIVE_NAME);
++      archivefname = getenv("LOCALEARCHIVE");
++      if (archivefname == NULL) {
++              archivefname = default_fname;
++              if (output_prefix)
++                memcpy (default_fname, output_prefix, prefix_len);
++              strcpy (default_fname + prefix_len, ARCHIVE_NAME);
++      }
+     }
+ 
+   while (1)
+@@ -585,7 +588,7 @@ open_archive (struct locarhandle *ah, bool readonly)
+ 	     the default locale archive we ignore the failure and
+ 	     list an empty archive, otherwise we print an error
+ 	     and exit.  */
+-	  if (errno == ENOENT && archivefname == default_fname)
++	  if (errno == ENOENT)
+ 	    {
+ 	      if (readonly)
+ 		{

meta/recipes-core/glibc/glibc/relocate-locales.patch

@@ -0,0 +1,33 @@
+The glibc locale path is hard-coded to the install prefix, but in SDKs we need
+to be able to relocate the binaries.  Expand the strings to 4K and put them in a
+magic segment that we can relocate at install time.
+
+Upstream-Status: Inappropriate (OE-specific)
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+Index: git/locale/localeinfo.h
+===================================================================
+--- git.orig/locale/localeinfo.h
++++ git/locale/localeinfo.h
+@@ -325,7 +325,7 @@ _nl_lookup_word (locale_t l, int categor
+ }
+ 
+ /* Default search path if no LOCPATH environment variable.  */
+-extern char _nl_default_locale_path[] attribute_hidden;
++extern char _nl_default_locale_path[4096] attribute_hidden;
+ 
+ /* Load the locale data for CATEGORY from the file specified by *NAME.
+    If *NAME is "", use environment variables as specified by POSIX, and
+Index: git/locale/loadarchive.c
+===================================================================
+--- git.orig/locale/loadarchive.c
++++ git/locale/loadarchive.c
+@@ -42,7 +42,7 @@
+ 
+ 
+ /* Name of the locale archive file.  */
+-static const char archfname[] = COMPLOCALEDIR "/locale-archive";
++static const char archfname[4096] __attribute__ ((section (".gccrelocprefix"))) = COMPLOCALEDIR "/locale-archive";
+ 
+ /* Size of initial mapping window, optimal if large enough to
+    cover the header plus the initial locale.  */

meta/recipes-core/glibc/glibc_2.24.bb

@@ -65,6 +65,7 @@ SRC_URI_append_class-nativesdk = "\
            file://0002-nativesdk-glibc-Fix-buffer-overrun-with-a-relocated-.patch \
            file://0003-nativesdk-glibc-Raise-the-size-of-arrays-containing-.patch \
            file://0004-nativesdk-glibc-Allow-64-bit-atomics-for-x86.patch \
+           file://relocate-locales.patch \
 "
 
 S = "${WORKDIR}/git"
@@ -144,12 +145,6 @@ do_compile () {
 
 }
 
-# Use the host locale archive when built for nativesdk so that we don't need to
-# ship a complete (100MB) locale set.
-do_compile_prepend_class-nativesdk() {
-    echo "complocaledir=/usr/lib/locale" >> ${S}/configparms
-}
-
 require glibc-package.inc
 
 BBCLASSEXTEND = "nativesdk"

meta/recipes-core/images/build-appliance-image_15.0.0.bb

@@ -22,7 +22,7 @@ IMAGE_FSTYPES = "vmdk"
 
 inherit core-image module-base
 
-SRCREV ?= "a3765887d3efa4c464ef7a00450f218ae2b15eb2"
+SRCREV ?= "f627c9a573c709488e71ac1c6d75eafa03718f10"
 SRC_URI = "git://git.yoctoproject.org/poky;branch=morty \
            file://Yocto_Build_Appliance.vmx \
            file://Yocto_Build_Appliance.vmxf \

meta/recipes-core/meta/buildtools-tarball.bb

@@ -23,7 +23,6 @@ TOOLCHAIN_HOST_TASK ?= "\
     nativesdk-wget \
     nativesdk-ca-certificates \
     nativesdk-texinfo \
-    nativesdk-locale-base-en-us \
     "
 
 MULTIMACH_TARGET_SYS = "${SDK_ARCH}-nativesdk${SDK_VENDOR}-${SDK_OS}"

meta/recipes-devtools/binutils/binutils-2.27.inc

@@ -45,6 +45,64 @@ SRC_URI = "\
      file://CVE-2017-6969_2.patch \
      file://CVE-2017-7209.patch \
      file://CVE-2017-7210.patch \
+     file://CVE-2017-7614.patch \
+     file://CVE-2017-9038.patch \
+     file://CVE-2017-9039.patch \
+     file://CVE-2017-9039_1.patch \
+     file://CVE-2017-9040_and_9042.patch \
+     file://CVE-2017-9041_1.patch \
+     file://CVE-2017-9041_2.patch \
+     file://CVE-2017-7226.patch \
+     file://CVE-2017-12448.patch \
+     file://CVE-2017-12449_12455_12457_1.patch \
+     file://CVE-2017-12449_12455_12457.patch \
+     file://CVE-2017-12451.patch \
+     file://CVE-2017-12450_12452_12453_12454_12456_1.patch \
+     file://CVE-2017-12450_12452_12453_12454_12456.patch \
+     file://CVE-2017-7223.patch \
+     file://CVE-2017-7224.patch \
+     file://CVE-2017-7225.patch \
+     file://CVE-2017-7227.patch \
+     file://CVE-2017-7301.patch \
+     file://CVE-2017-7302.patch \
+     file://CVE-2017-7303.patch \
+     file://CVE-2017-7304.patch \
+     file://CVE-2017-8393.patch \
+     file://CVE-2017-8395.patch \
+     file://CVE-2017-8397.patch \
+     file://CVE-2017-7300.patch \
+     file://CVE-2017-8396.patch \
+     file://CVE-2017-8421.patch \
+     file://CVE-2017-8394_1.patch \
+     file://CVE-2017-8394.patch \
+     file://CVE-2017-8398.patch \
+     file://CVE-2017-7299_1.patch \
+     file://CVE-2017-7299_2.patch \
+     file://CVE-2017-9751.patch \
+     file://CVE-2017-9749.patch \
+     file://CVE-2017-9746.patch \
+     file://CVE-2017-9748.patch \
+     file://CVE-2017-9747.patch \
+     file://CVE-2017-9750.patch \
+     file://CVE-2017-9752.patch \
+     file://CVE-2017-9753_9754.patch \
+     file://CVE-2017-9755_1.patch \
+     file://CVE-2017-9755_2.patch \
+     file://CVE-2017-9756.patch \
+     file://CVE-2017-9745.patch \
+     file://CVE-2017-9954.patch \
+     file://CVE-2017-9955_1.patch \
+     file://CVE-2017-9955_2.patch \
+     file://CVE-2017-9955_3.patch \
+     file://CVE-2017-9955_4.patch \
+     file://CVE-2017-9955_5.patch \
+     file://CVE-2017-9955_6.patch \
+     file://CVE-2017-9955_7.patch \
+     file://CVE-2017-9955_8.patch \
+     file://CVE-2017-9955_9.patch \
+     file://CVE-2017-14729.patch \
+     file://CVE-2017-15024.patch \
+     file://CVE-2017-15938.patch \
 "
 S  = "${WORKDIR}/git"
 

meta/recipes-devtools/binutils/binutils/CVE-2017-12448.patch

@@ -0,0 +1,49 @@
+commit 909e4e716c4d77e33357bbe9bc902bfaf2e1af24
+Author: Nick Clifton <nickc@redhat.com>
+Date:   Wed Jul 19 14:49:12 2017 +0100
+
+    Fix use-after-free error when parsing a corrupt nested archive.
+    
+    	PR 21787
+    	* archive.c (bfd_generic_archive_p): If the bfd does not have the
+    	correct magic bytes at the start, set the error to wrong format
+    	and clear the format selector before returning NULL.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-12448
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/archive.c
+===================================================================
+--- git.orig/bfd/archive.c	2017-08-30 16:44:10.848601412 +0530
++++ git/bfd/archive.c	2017-08-30 16:44:21.400855758 +0530
+@@ -834,7 +834,12 @@
+   if (strncmp (armag, ARMAG, SARMAG) != 0
+       && strncmp (armag, ARMAGB, SARMAG) != 0
+       && ! bfd_is_thin_archive (abfd))
+-    return NULL;
++    {
++      bfd_set_error (bfd_error_wrong_format);
++      if (abfd->format == bfd_archive)
++	abfd->format = bfd_unknown;
++      return NULL;
++    }
+ 
+   tdata_hold = bfd_ardata (abfd);
+ 
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog	2017-08-30 16:44:21.340854320 +0530
++++ git/bfd/ChangeLog	2017-08-30 16:46:48.716143277 +0530
+@@ -1,3 +1,10 @@
++2017-07-19  Nick Clifton  <nickc@redhat.com>
++
++       PR 21787
++       * archive.c (bfd_generic_archive_p): If the bfd does not have the
++       correct magic bytes at the start, set the error to wrong format
++       and clear the format selector before returning NULL.
++
+ 2017-04-25  Maciej W. Rozycki  <macro@imgtec.com>
+ 
+        * readelf.c (process_mips_specific): Remove error reporting from

meta/recipes-devtools/binutils/binutils/CVE-2017-12449_12455_12457.patch

@@ -0,0 +1,240 @@
+commit 8bdf0be19d2777565a8b1c88347f65d6a4b8c5fc
+Author: Nick Clifton <nickc@redhat.com>
+Date:   Thu Jul 27 12:04:50 2017 +0100
+
+    Fix address violation issues encountered when parsing corrupt binaries.
+    
+    	PR 21840
+    	* mach-o.c (bfd_mach_o_read_symtab_strtab): Fail if the symtab
+    	size is -1.
+    	* nlmcode.h (nlm_swap_auxiliary_headers_in): Replace assertion
+    	with error return.
+    	* section.c (bfd_make_section_with_flags): Fail if the name or bfd
+    	are NULL.
+    	* vms-alpha.c (bfd_make_section_with_flags): Correct computation
+    	of end pointer.
+    	(evax_bfd_print_emh): Check for invalid string lengths.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-12449_12455_12457
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/mach-o.c
+===================================================================
+--- git.orig/bfd/mach-o.c	2017-08-30 17:21:59.684671218 +0530
++++ git/bfd/mach-o.c	2017-08-30 17:22:19.136813620 +0530
+@@ -3739,6 +3739,9 @@
+     }
+   else
+     {
++      /* See PR 21840 for a reproducer.  */
++      if ((sym->strsize + 1) == 0)
++	return FALSE;
+       sym->strtab = bfd_alloc (abfd, sym->strsize + 1);
+       if (sym->strtab == NULL)
+         return FALSE;
+Index: git/bfd/nlmcode.h
+===================================================================
+--- git.orig/bfd/nlmcode.h	2017-08-30 17:21:59.688671247 +0530
++++ git/bfd/nlmcode.h	2017-08-30 17:22:19.140813649 +0530
+@@ -351,7 +351,9 @@
+ 	      bfd_byte *contents;
+ 	      bfd_byte *p, *pend;
+ 
+-	      BFD_ASSERT (hdrLength == 0 && hdr == NULL);
++	      /* See PR 21840 for a reproducer.  */
++	      if (hdrLength != 0 || hdr != NULL)
++		return FALSE;
+ 
+ 	      pos = bfd_tell (abfd);
+ 	      if (bfd_seek (abfd, dataOffset, SEEK_SET) != 0)
+Index: git/bfd/section.c
+===================================================================
+--- git.orig/bfd/section.c	2017-08-30 17:21:59.708671392 +0530
++++ git/bfd/section.c	2017-08-30 17:22:19.140813649 +0530
+@@ -1240,7 +1240,7 @@
+   struct section_hash_entry *sh;
+   asection *newsect;
+ 
+-  if (abfd->output_has_begun)
++  if (abfd == NULL || name == NULL || abfd->output_has_begun)
+     {
+       bfd_set_error (bfd_error_invalid_operation);
+       return NULL;
+Index: git/bfd/vms-alpha.c
+===================================================================
+--- git.orig/bfd/vms-alpha.c	2017-08-30 17:22:19.080813209 +0530
++++ git/bfd/vms-alpha.c	2017-08-30 17:22:19.140813649 +0530
+@@ -5562,8 +5562,9 @@
+ {
+   struct vms_emh_common *emh = (struct vms_emh_common *)rec;
+   unsigned int subtype;
++  int extra;
+ 
+-  subtype = (unsigned)bfd_getl16 (emh->subtyp);
++  subtype = (unsigned) bfd_getl16 (emh->subtyp);
+ 
+   fprintf (file, _("  EMH %u (len=%u): "), subtype, rec_len);
+ 
+@@ -5573,58 +5574,82 @@
+       fprintf (file, _("   Error: The length is less than the length of an EMH record\n"));
+       return;
+     }
+-  
++  extra = rec_len - sizeof (struct vms_emh_common);
++
+   switch (subtype)
+     {
+     case EMH__C_MHD:
+       {
+-        struct vms_emh_mhd *mhd = (struct vms_emh_mhd *)rec;
+-        const char *name;
++        struct vms_emh_mhd *mhd = (struct vms_emh_mhd *) rec;
++        const char * name;
++	const char * nextname;
++	const char * maxname;
+ 
++	/* PR 21840: Check for invalid lengths.  */
++	if (rec_len < sizeof (* mhd))
++	  {
++	    fprintf (file, _("   Error: The record length is less than the size of an EMH_MHD record\n"));
++	    return;
++	  }
+         fprintf (file, _("Module header\n"));
+         fprintf (file, _("   structure level: %u\n"), mhd->strlvl);
+         fprintf (file, _("   max record size: %u\n"),
+-                 (unsigned)bfd_getl32 (mhd->recsiz));
++                 (unsigned) bfd_getl32 (mhd->recsiz));
+         name = (char *)(mhd + 1);
++	maxname = (char *) rec + rec_len;
++	if (name > maxname - 2)
++	  {
++	    fprintf (file, _("   Error: The module name is missing\n"));
++	    return;
++	  }
++	nextname = name + name[0] + 1;
++	if (nextname >= maxname)
++	  {
++	    fprintf (file, _("   Error: The module name is too long\n"));
++	    return;
++	  }
+         fprintf (file, _("   module name    : %.*s\n"), name[0], name + 1);
+-        name += name[0] + 1;
++        name = nextname;
++	if (name > maxname - 2)
++	  {
++	    fprintf (file, _("   Error: The module version is missing\n"));
++	    return;
++	  }
++	nextname = name + name[0] + 1;
++	if (nextname >= maxname)
++	  {
++	    fprintf (file, _("   Error: The module version is too long\n"));
++	    return;
++	  }
+         fprintf (file, _("   module version : %.*s\n"), name[0], name + 1);
+-        name += name[0] + 1;
+-        fprintf (file, _("   compile date   : %.17s\n"), name);
++        name = nextname;
++	if ((maxname - name) < 17 && maxname[-1] != 0)
++	  fprintf (file, _("   Error: The compile date is truncated\n"));
++	else
++	  fprintf (file, _("   compile date   : %.17s\n"), name);
+       }
+       break;
++
+     case EMH__C_LNM:
+-      {
+-        fprintf (file, _("Language Processor Name\n"));
+-        fprintf (file, _("   language name: %.*s\n"),
+-                 (int)(rec_len - sizeof (struct vms_emh_common)),
+-                 (char *)rec + sizeof (struct vms_emh_common));
+-      }
++      fprintf (file, _("Language Processor Name\n"));
++      fprintf (file, _("   language name: %.*s\n"), extra, (char *)(emh + 1));
+       break;
++
+     case EMH__C_SRC:
+-      {
+-        fprintf (file, _("Source Files Header\n"));
+-        fprintf (file, _("   file: %.*s\n"),
+-                 (int)(rec_len - sizeof (struct vms_emh_common)),
+-                 (char *)rec + sizeof (struct vms_emh_common));
+-      }
++      fprintf (file, _("Source Files Header\n"));
++      fprintf (file, _("   file: %.*s\n"), extra, (char *)(emh + 1));
+       break;
++
+     case EMH__C_TTL:
+-      {
+-        fprintf (file, _("Title Text Header\n"));
+-        fprintf (file, _("   title: %.*s\n"),
+-                 (int)(rec_len - sizeof (struct vms_emh_common)),
+-                 (char *)rec + sizeof (struct vms_emh_common));
+-      }
++      fprintf (file, _("Title Text Header\n"));
++      fprintf (file, _("   title: %.*s\n"), extra, (char *)(emh + 1));
+       break;
++
+     case EMH__C_CPR:
+-      {
+-        fprintf (file, _("Copyright Header\n"));
+-        fprintf (file, _("   copyright: %.*s\n"),
+-                 (int)(rec_len - sizeof (struct vms_emh_common)),
+-                 (char *)rec + sizeof (struct vms_emh_common));
+-      }
++      fprintf (file, _("Copyright Header\n"));
++      fprintf (file, _("   copyright: %.*s\n"), extra, (char *)(emh + 1));
+       break;
++
+     default:
+       fprintf (file, _("unhandled emh subtype %u\n"), subtype);
+       break;
+Index: git/bfd/vms-misc.c
+===================================================================
+--- git.orig/bfd/vms-misc.c	2017-08-30 17:21:59.716671451 +0530
++++ git/bfd/vms-misc.c	2017-08-30 17:22:19.140813649 +0530
+@@ -135,8 +135,8 @@
+ #endif
+ 
+ 
+-/* Copy sized string (string with fixed size) to new allocated area
+-   size is string size (size of record)  */
++/* Copy sized string (string with fixed size) to new allocated area.
++   Size is string size (size of record).  */
+ 
+ char *
+ _bfd_vms_save_sized_string (unsigned char *str, int size)
+@@ -151,8 +151,8 @@
+   return newstr;
+ }
+ 
+-/* Copy counted string (string with size at first byte) to new allocated area
+-   ptr points to size byte on entry  */
++/* Copy counted string (string with size at first byte) to new allocated area.
++   PTR points to size byte on entry.  */
+ 
+ char *
+ _bfd_vms_save_counted_string (unsigned char *ptr)
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog	2017-08-30 17:22:19.080813209 +0530
++++ git/bfd/ChangeLog	2017-08-30 17:23:51.069502425 +0530
+@@ -1,3 +1,16 @@
++2017-07-27  Nick Clifton  <nickc@redhat.com>
++
++       PR 21840
++       * mach-o.c (bfd_mach_o_read_symtab_strtab): Fail if the symtab
++       size is -1.
++       * nlmcode.h (nlm_swap_auxiliary_headers_in): Replace assertion
++       with error return.
++       * section.c (bfd_make_section_with_flags): Fail if the name or bfd
++       are NULL.
++       * vms-alpha.c (bfd_make_section_with_flags): Correct computation
++       of end pointer.
++       (evax_bfd_print_emh): Check for invalid string lengths.
++
+ 2017-07-19  Nick Clifton  <nickc@redhat.com>
+ 
+        PR 21787

meta/recipes-devtools/binutils/binutils/CVE-2017-12449_12455_12457_1.patch

@@ -0,0 +1,97 @@
+commit bc21b167eb0106eb31d946a0eb5acfb7e4d5d8a1
+Author: Nick Clifton <nickc@redhat.com>
+Date:   Mon Jun 19 14:52:36 2017 +0100
+
+    Fix address violations when reading corrupt VMS records.
+    
+    	PR binutils/21618
+    	* vms-alpha.c (evax_bfd_print_emh): Check for insufficient record
+    	length.
+    	(evax_bfd_print_eeom): Likewise.
+    	(evax_bfd_print_egsd): Check for an overlarge record length.
+    	(evax_bfd_print_etir): Likewise.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-12449_12455_12457
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/vms-alpha.c
+===================================================================
+--- git.orig/bfd/vms-alpha.c	2017-08-30 17:08:27.408159234 +0530
++++ git/bfd/vms-alpha.c	2017-08-30 17:12:07.289044702 +0530
+@@ -5567,6 +5567,13 @@
+ 
+   fprintf (file, _("  EMH %u (len=%u): "), subtype, rec_len);
+ 
++  /* PR 21618: Check for invalid lengths.  */
++  if (rec_len < sizeof (* emh))
++    {
++      fprintf (file, _("   Error: The length is less than the length of an EMH record\n"));
++      return;
++    }
++  
+   switch (subtype)
+     {
+     case EMH__C_MHD:
+@@ -5630,6 +5637,14 @@
+   struct vms_eeom *eeom = (struct vms_eeom *)rec;
+ 
+   fprintf (file, _("  EEOM (len=%u):\n"), rec_len);
++
++  /* PR 21618: Check for invalid lengths.  */
++  if (rec_len < sizeof (* eeom))
++    {
++      fprintf (file, _("   Error: The length is less than the length of an EEOM record\n"));
++      return;
++    }
++  
+   fprintf (file, _("   number of cond linkage pairs: %u\n"),
+            (unsigned)bfd_getl32 (eeom->total_lps));
+   fprintf (file, _("   completion code: %u\n"),
+@@ -5718,6 +5733,12 @@
+                n, type, len);
+       n++;
+ 
++      if (off + len > rec_len || off + len < off)
++	{
++	  fprintf (file, _("   Error: length larger than remaining space in record\n"));
++	  return;
++	}
++
+       switch (type)
+         {
+         case EGSD__C_PSC:
+@@ -5958,6 +5979,12 @@
+       size = bfd_getl16 (etir->size);
+       buf = rec + off + sizeof (struct vms_etir);
+ 
++      if (off + size > rec_len || off + size < off)
++       {
++         fprintf (file, _("   Error: length larger than remaining space in record\n"));
++         return;
++       }
++
+       fprintf (file, _("   (type: %3u, size: 4+%3u): "), type, size - 4);
+       switch (type)
+         {
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog	2017-08-30 17:08:43.612213596 +0530
++++ git/bfd/ChangeLog	2017-08-30 17:13:27.217438742 +0530
+@@ -5,6 +5,15 @@
+        correct magic bytes at the start, set the error to wrong format
+        and clear the format selector before returning NULL.
+ 
++ 2017-06-19  Nick Clifton  <nickc@redhat.com>
++ 
++       PR binutils/21618
++       * vms-alpha.c (evax_bfd_print_emh): Check for insufficient record
++       length.
++       (evax_bfd_print_eeom): Likewise.
++       (evax_bfd_print_egsd): Check for an overlarge record length.
++       (evax_bfd_print_etir): Likewise.
++
+ 2017-04-25  Maciej W. Rozycki  <macro@imgtec.com>
+ 
+        * readelf.c (process_mips_specific): Remove error reporting from

meta/recipes-devtools/binutils/binutils/CVE-2017-12450_12452_12453_12454_12456.patch

@@ -0,0 +1,375 @@
+commit ca4cf9b9c622a5695e01f7f5815a7382a31fcf51
+Author: Nick Clifton <nickc@redhat.com>
+Date:   Mon Jul 24 13:49:22 2017 +0100
+
+    Fix address violation errors parsing corrupt binary files.
+    
+    	PR 21813
+    binutils* rddbg.c (read_symbol_stabs_debugging_info): Check for an empty
+    	string whilst concatenating symbol names.
+    
+    bfd	* mach-o.c (bfd_mach_o_canonicalize_relocs): Pass the base address
+    	of the relocs to the canonicalize_one_reloc routine.
+    	* mach-o.h (struct bfd_mach_o_backend_data): Update the prototype
+    	for the _bfd_mach_o_canonicalize_one_reloc field.
+    	* mach-o-arm.c (bfd_mach_o_arm_canonicalize_one_reloc): Add
+    	res_base parameter.  Use to check for corrupt pair relocs.
+    	* mach-o-aarch64.c (bfd_mach_o_arm64_canonicalize_one_reloc):
+    	Likewise.
+    	* mach-o-i386.c (bfd_mach_o_i386_canonicalize_one_reloc):
+    	Likewise.
+    	* mach-o-x86-64.c (bfd_mach_o_x86_64_canonicalize_one_reloc):
+    	Likewise.
+    
+    	* vms-alpha.c (_bfd_vms_slurp_eihd): Make sure that there is
+    	enough data in the record before attempting to parse it.
+    	(_bfd_vms_slurp_eeom): Likewise.
+    
+    	(_bfd_vms_slurp_egsd): Check for an invalid section index.
+    	(image_set_ptr): Likewise.
+    	(alpha_vms_slurp_relocs): Likewise.
+
+        (alpha_vms_object_p): Check for a truncated record.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-12450, CVE-2017-12452, CVE-2017-12453, CVE-2017-12454, CVE-2017-12456
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/mach-o-aarch64.c
+===================================================================
+--- git.orig/bfd/mach-o-aarch64.c	2017-08-31 19:17:51.264385450 +0530
++++ git/bfd/mach-o-aarch64.c	2017-08-31 19:18:02.620442777 +0530
+@@ -147,9 +147,11 @@
+ };
+ 
+ static bfd_boolean
+-bfd_mach_o_arm64_canonicalize_one_reloc (bfd *abfd,
+-				       struct mach_o_reloc_info_external *raw,
+-					 arelent *res, asymbol **syms)
++bfd_mach_o_arm64_canonicalize_one_reloc (bfd *       abfd,
++					 struct mach_o_reloc_info_external * raw,
++					 arelent *   res,
++					 asymbol **  syms,
++					 arelent *   res_base ATTRIBUTE_UNUSED)
+ {
+   bfd_mach_o_reloc_info reloc;
+ 
+Index: git/bfd/mach-o-i386.c
+===================================================================
+--- git.orig/bfd/mach-o-i386.c	2017-08-31 19:17:51.264385450 +0530
++++ git/bfd/mach-o-i386.c	2017-08-31 19:18:02.620442777 +0530
+@@ -112,9 +112,11 @@
+ };
+ 
+ static bfd_boolean
+-bfd_mach_o_i386_canonicalize_one_reloc (bfd *abfd,
+-				        struct mach_o_reloc_info_external *raw,
+-					arelent *res, asymbol **syms)
++bfd_mach_o_i386_canonicalize_one_reloc (bfd *       abfd,
++				        struct mach_o_reloc_info_external * raw,
++					arelent *   res,
++					asymbol **  syms,
++					arelent *   res_base)
+ {
+   bfd_mach_o_reloc_info reloc;
+ 
+@@ -126,6 +128,9 @@
+       switch (reloc.r_type)
+         {
+         case BFD_MACH_O_GENERIC_RELOC_PAIR:
++	  /* PR 21813: Check for a corrupt PAIR reloc at the start.  */
++	  if (res == res_base)
++	    return FALSE;
+           if (reloc.r_length == 2)
+             {
+ 	      res->howto = &i386_howto_table[7];
+@@ -391,9 +396,9 @@
+     { NULL, NULL }
+   };
+ 
+-#define bfd_mach_o_canonicalize_one_reloc bfd_mach_o_i386_canonicalize_one_reloc
+-#define bfd_mach_o_swap_reloc_out bfd_mach_o_i386_swap_reloc_out
+-#define bfd_mach_o_print_thread bfd_mach_o_i386_print_thread
++#define bfd_mach_o_canonicalize_one_reloc  bfd_mach_o_i386_canonicalize_one_reloc
++#define bfd_mach_o_swap_reloc_out          bfd_mach_o_i386_swap_reloc_out
++#define bfd_mach_o_print_thread            bfd_mach_o_i386_print_thread
+ 
+ #define bfd_mach_o_tgt_seg_table mach_o_i386_segsec_names_xlat
+ #define bfd_mach_o_section_type_valid_for_tgt NULL
+Index: git/bfd/mach-o-x86-64.c
+===================================================================
+--- git.orig/bfd/mach-o-x86-64.c	2017-08-31 19:17:51.264385450 +0530
++++ git/bfd/mach-o-x86-64.c	2017-08-31 19:18:02.620442777 +0530
+@@ -120,9 +120,11 @@
+ };
+ 
+ static bfd_boolean
+-bfd_mach_o_x86_64_canonicalize_one_reloc (bfd *abfd,
+-				        struct mach_o_reloc_info_external *raw,
+-					arelent *res, asymbol **syms)
++bfd_mach_o_x86_64_canonicalize_one_reloc (bfd *       abfd,
++					  struct mach_o_reloc_info_external * raw,
++					  arelent *   res,
++					  asymbol **  syms,
++					  arelent *   res_base ATTRIBUTE_UNUSED)
+ {
+   bfd_mach_o_reloc_info reloc;
+ 
+Index: git/bfd/mach-o.c
+===================================================================
+--- git.orig/bfd/mach-o.c	2017-08-31 19:18:02.440441869 +0530
++++ git/bfd/mach-o.c	2017-08-31 19:18:02.620442777 +0530
+@@ -1496,7 +1496,7 @@
+   for (i = 0; i < count; i++)
+     {
+       if (!(*bed->_bfd_mach_o_canonicalize_one_reloc)(abfd, &native_relocs[i],
+-						      &res[i], syms))
++						      &res[i], syms, res))
+         goto err;
+     }
+   free (native_relocs);
+Index: git/bfd/mach-o.h
+===================================================================
+--- git.orig/bfd/mach-o.h	2017-08-31 19:17:51.264385450 +0530
++++ git/bfd/mach-o.h	2017-08-31 19:18:02.620442777 +0530
+@@ -746,7 +746,7 @@
+   enum bfd_architecture arch;
+   bfd_vma page_size;
+   bfd_boolean (*_bfd_mach_o_canonicalize_one_reloc)
+-    (bfd *, struct mach_o_reloc_info_external *, arelent *, asymbol **);
++  (bfd *, struct mach_o_reloc_info_external *, arelent *, asymbol **, arelent *);
+   bfd_boolean (*_bfd_mach_o_swap_reloc_out)(arelent *, bfd_mach_o_reloc_info *);
+   bfd_boolean (*_bfd_mach_o_print_thread)(bfd *, bfd_mach_o_thread_flavour *,
+                                           void *, char *);
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog	2017-08-31 19:18:02.564442494 +0530
++++ git/bfd/ChangeLog	2017-08-31 19:18:02.620442777 +0530
+@@ -11,6 +11,30 @@
+        of end pointer.
+        (evax_bfd_print_emh): Check for invalid string lengths.
+ 
++ 2017-07-24  Nick Clifton  <nickc@redhat.com>
++ 
++       PR 21813
++       * mach-o.c (bfd_mach_o_canonicalize_relocs): Pass the base address
++       of the relocs to the canonicalize_one_reloc routine.
++       * mach-o.h (struct bfd_mach_o_backend_data): Update the prototype
++       for the _bfd_mach_o_canonicalize_one_reloc field.
++       * mach-o-arm.c (bfd_mach_o_arm_canonicalize_one_reloc): Add
++       res_base parameter.  Use to check for corrupt pair relocs.
++       * mach-o-aarch64.c (bfd_mach_o_arm64_canonicalize_one_reloc):
++       Likewise.
++       * mach-o-i386.c (bfd_mach_o_i386_canonicalize_one_reloc):
++       Likewise.
++       * mach-o-x86-64.c (bfd_mach_o_x86_64_canonicalize_one_reloc):
++       Likewise.
++
++       * vms-alpha.c (_bfd_vms_slurp_eihd): Make sure that there is
++       enough data in the record before attempting to parse it.
++       (_bfd_vms_slurp_eeom): Likewise.
++
++       (_bfd_vms_slurp_egsd): Check for an invalid section index.
++       (image_set_ptr): Likewise.
++       (alpha_vms_slurp_relocs): Likewise.
++
+ 2017-07-19  Nick Clifton  <nickc@redhat.com>
+ 
+        PR 21786
+Index: git/bfd/mach-o-arm.c
+===================================================================
+--- git.orig/bfd/mach-o-arm.c	2017-08-31 19:17:51.264385450 +0530
++++ git/bfd/mach-o-arm.c	2017-08-31 19:18:02.620442777 +0530
+@@ -30,7 +30,7 @@
+ #define bfd_mach_o_mkobject bfd_mach_o_arm_mkobject
+ 
+ #define bfd_mach_o_canonicalize_one_reloc bfd_mach_o_arm_canonicalize_one_reloc
+-#define bfd_mach_o_swap_reloc_out NULL
++#define bfd_mach_o_swap_reloc_out  NULL
+ #define bfd_mach_o_bfd_reloc_type_lookup bfd_mach_o_arm_bfd_reloc_type_lookup
+ #define bfd_mach_o_bfd_reloc_name_lookup bfd_mach_o_arm_bfd_reloc_name_lookup
+ 
+@@ -147,9 +147,11 @@
+ };
+ 
+ static bfd_boolean
+-bfd_mach_o_arm_canonicalize_one_reloc (bfd *abfd,
+-                                      struct mach_o_reloc_info_external *raw,
+-                                      arelent *res, asymbol **syms)
++bfd_mach_o_arm_canonicalize_one_reloc (bfd *       abfd,
++                                      struct mach_o_reloc_info_external * raw,
++                                      arelent *   res,
++                                      asymbol **  syms,
++                                      arelent *   res_base)
+  {
+   bfd_mach_o_reloc_info reloc;
+ 
+@@ -161,6 +163,9 @@
+       switch (reloc.r_type)
+         {
+         case BFD_MACH_O_ARM_RELOC_PAIR:
++         /* PR 21813: Check for a corrupt PAIR reloc at the start.  */
++         if (res == res_base)
++           return FALSE;
+           if (reloc.r_length == 2)
+             {
+ 	      res->howto = &arm_howto_table[7];
+Index: git/bfd/vms-alpha.c
+===================================================================
+--- git.orig/bfd/vms-alpha.c	2017-08-31 19:18:02.556442454 +0530
++++ git/bfd/vms-alpha.c	2017-08-31 19:20:56.233322607 +0530
+@@ -473,6 +473,14 @@
+ 
+   vms_debug2 ((8, "_bfd_vms_slurp_eihd\n"));
+ 
++  /* PR 21813: Check for an undersized record.  */
++  if (PRIV (recrd.buf_size) < sizeof (* eihd))
++    {
++      _bfd_error_handler (_("Corrupt EIHD record - size is too small"));
++      bfd_set_error (bfd_error_bad_value);
++      return FALSE;
++    }
++
+   size = bfd_getl32 (eihd->size);
+   imgtype = bfd_getl32 (eihd->imgtype);
+ 
+@@ -1255,19 +1263,39 @@
+ 	    if (old_flags & EGSY__V_DEF)
+               {
+                 struct vms_esdf *esdf = (struct vms_esdf *)vms_rec;
++                long psindx;
+ 
+ 		entry->value = bfd_getl64 (esdf->value);
+ 		if (PRIV (sections) == NULL)
+ 		  return FALSE;
+-		entry->section = PRIV (sections)[bfd_getl32 (esdf->psindx)];
++
++                psindx = bfd_getl32 (esdf->psindx);
++                /* PR 21813: Check for an out of range index.  */
++                if (psindx < 0 || psindx >= (int) PRIV (section_count))
++                  {
++                    _bfd_error_handler (_("Corrupt EGSD record: its psindx field is too big (%#lx)"),
++                                        psindx);
++                    bfd_set_error (bfd_error_bad_value);
++                    return FALSE;
++                  }
++                entry->section = PRIV (sections)[psindx];
+ 
+                 if (old_flags & EGSY__V_NORM)
+                   {
+                     PRIV (norm_sym_count)++;
+ 
+                     entry->code_value = bfd_getl64 (esdf->code_address);
+-                    entry->code_section =
+-                      PRIV (sections)[bfd_getl32 (esdf->ca_psindx)];
++                    psindx = bfd_getl32 (esdf->ca_psindx);
++                /* PR 21813: Check for an out of range index.  */
++                    if (psindx < 0 || psindx >= (int) PRIV (section_count))
++                      {
++                        _bfd_error_handler (_("Corrupt EGSD record: its psindx field is too big (%#lx)"),
++                                            psindx);
++                        bfd_set_error (bfd_error_bad_value);
++                        return FALSE;
++                      }
++                     entry->code_section = PRIV (sections)[psindx];
++
+                   }
+               }
+ 	  }
+@@ -1294,9 +1322,20 @@
+ 
+             if (old_flags & EGSY__V_REL)
+ 	      {
++                long psindx;
++
+ 		if (PRIV (sections) == NULL)
+ 		  return FALSE;
+-		entry->section = PRIV (sections)[bfd_getl32 (egst->psindx)];
++                psindx = bfd_getl32 (egst->psindx);
++                /* PR 21813: Check for an out of range index.  */
++                if (psindx < 0 || psindx >= (int) PRIV (section_count))
++                  {
++                    _bfd_error_handler (_("Corrupt EGSD record: its psindx field is too big (%#lx)"),
++                                        psindx);
++                    bfd_set_error (bfd_error_bad_value);
++                    return FALSE;
++                  }
++                entry->section = PRIV (sections)[psindx];
+ 	      }
+             else
+               entry->section = bfd_abs_section_ptr;
+@@ -1387,6 +1426,10 @@
+ 
+   if (PRIV (sections) == NULL)
+     return;
++
++  if (sect < 0 || sect >= (int) PRIV (section_count))
++    return;
++
+   sec = PRIV (sections)[sect];
+ 
+   if (info)
+@@ -2360,6 +2403,14 @@
+ 
+   vms_debug2 ((2, "EEOM\n"));
+ 
++   /* PR 21813: Check for an undersized record.  */
++   if (PRIV (recrd.buf_size) < sizeof (* eeom))
++     {
++       _bfd_error_handler (_("Corrupt EEOM record - size is too small"));
++       bfd_set_error (bfd_error_bad_value);
++       return FALSE;
++     }
++
+   PRIV (eom_data).eom_l_total_lps = bfd_getl32 (eeom->total_lps);
+   PRIV (eom_data).eom_w_comcod = bfd_getl16 (eeom->comcod);
+   if (PRIV (eom_data).eom_w_comcod > 1)
+@@ -2540,6 +2591,10 @@
+           PRIV (recrd.buf_size) = PRIV (recrd.rec_size);
+         }
+ 
++      /* PR 21813: Check for a truncated record.  */
++      if (PRIV (recrd.rec_size < test_len))
++       goto error_ret;
++
+       /* Read the remaining record.  */
+       remaining = PRIV (recrd.rec_size) - test_len;
+       to_read = MIN (VMS_BLOCK_SIZE - test_len, remaining);
+@@ -5074,7 +5129,7 @@
+               }
+             else if (cur_psidx >= 0)
+ 	      {
+-		if (PRIV (sections) == NULL)
++                if (PRIV (sections) == NULL || cur_psidx >= (int) PRIV (section_count))
+ 		  return FALSE;
+ 		reloc->sym_ptr_ptr =
+ 		  PRIV (sections)[cur_psidx]->symbol_ptr_ptr;
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog	2017-08-31 19:18:01.816438718 +0530
++++ git/binutils/ChangeLog	2017-08-31 19:18:02.624442798 +0530
+@@ -1,3 +1,9 @@
++2017-07-24  Nick Clifton  <nickc@redhat.com>
++
++       PR 21813
++       * rddbg.c (read_symbol_stabs_debugging_info): Check for an empty
++       string whilst concatenating symbol names.
++
+ 2017-02-14  Nick Clifton  <nickc@redhat.com>
+ 
+ 	PR binutils/21157
+Index: git/binutils/rddbg.c
+===================================================================
+--- git.orig/binutils/rddbg.c	2017-08-31 19:17:51.596387126 +0530
++++ git/binutils/rddbg.c	2017-08-31 19:18:02.624442798 +0530
+@@ -300,7 +300,8 @@
+ 
+ 	  s = i.name;
+ 	  f = NULL;
+-	  while (s[strlen (s) - 1] == '\\'
++          while (strlen (s) > 0
++                && s[strlen (s) - 1] == '\\'
+ 		 && ps + 1 < symend)
+ 	    {
+ 	      char *sc, *n;

meta/recipes-devtools/binutils/binutils/CVE-2017-12450_12452_12453_12454_12456_1.patch

@@ -0,0 +1,113 @@
+commit cb06d03ad92ffcfaa09c3f065837cb39e9e1486d
+Author: Nick Clifton <nickc@redhat.com>
+Date:   Wed Jun 21 11:13:49 2017 +0100
+
+    Fix address violation parsing a corrupt IEEE Alpha binary.
+    
+    	PR binutils/21637
+    	* vms-alpha.c (_bfd_vms_slurp_egsd): Check for an empty section
+    	list.
+    	(image_set_ptr): Likewise.
+    	(alpha_vms_fix_sec_rel): Likewise.
+    	(alpha_vms_slurp_relocs): Likewise.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-12450, CVE-2017-12452, CVE-2017-12453, CVE-2017-12454, CVE-2017-12456
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/vms-alpha.c
+===================================================================
+--- git.orig/bfd/vms-alpha.c	2017-08-31 18:01:00.742098130 +0530
++++ git/bfd/vms-alpha.c	2017-08-31 18:01:06.000000000 +0530
+@@ -1257,6 +1257,8 @@
+                 struct vms_esdf *esdf = (struct vms_esdf *)vms_rec;
+ 
+ 		entry->value = bfd_getl64 (esdf->value);
++		if (PRIV (sections) == NULL)
++		  return FALSE;
+ 		entry->section = PRIV (sections)[bfd_getl32 (esdf->psindx)];
+ 
+                 if (old_flags & EGSY__V_NORM)
+@@ -1291,7 +1293,11 @@
+             entry->symbol_vector = bfd_getl32 (egst->value);
+ 
+             if (old_flags & EGSY__V_REL)
+-              entry->section = PRIV (sections)[bfd_getl32 (egst->psindx)];
++	      {
++		if (PRIV (sections) == NULL)
++		  return FALSE;
++		entry->section = PRIV (sections)[bfd_getl32 (egst->psindx)];
++	      }
+             else
+               entry->section = bfd_abs_section_ptr;
+ 
+@@ -1379,6 +1385,8 @@
+ 
+   vms_debug2 ((4, "image_set_ptr (0x%08x, sect=%d)\n", (unsigned)vma, sect));
+ 
++  if (PRIV (sections) == NULL)
++    return;
+   sec = PRIV (sections)[sect];
+ 
+   if (info)
+@@ -1691,7 +1699,12 @@
+ alpha_vms_fix_sec_rel (bfd *abfd, struct bfd_link_info *info,
+                        unsigned int rel, bfd_vma vma)
+ {
+-  asection *sec = PRIV (sections)[rel & RELC_MASK];
++  asection *sec;
++
++  if (PRIV (sections) == NULL)
++    return 0;
++
++  sec = PRIV (sections)[rel & RELC_MASK];
+ 
+   if (info)
+     {
+@@ -5000,6 +5013,8 @@
+                 return FALSE;
+               }
+ 
++	    if (PRIV (sections) == NULL)
++	      return FALSE;
+             sec = PRIV (sections)[cur_psect];
+             if (sec == bfd_abs_section_ptr)
+               {
+@@ -5058,8 +5073,12 @@
+                   reloc->sym_ptr_ptr = sym;
+               }
+             else if (cur_psidx >= 0)
+-              reloc->sym_ptr_ptr =
+-                PRIV (sections)[cur_psidx]->symbol_ptr_ptr;
++	      {
++		if (PRIV (sections) == NULL)
++		  return FALSE;
++		reloc->sym_ptr_ptr =
++		  PRIV (sections)[cur_psidx]->symbol_ptr_ptr;
++	      }
+             else
+               reloc->sym_ptr_ptr = NULL;
+ 
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog	2017-08-31 18:01:06.000000000 +0530
++++ git/bfd/ChangeLog	2017-08-31 18:01:49.114384620 +0530
+@@ -31,7 +31,16 @@
+        correct magic bytes at the start, set the error to wrong format
+        and clear the format selector before returning NULL.
+ 
+- 2017-06-19  Nick Clifton  <nickc@redhat.com>
++ 2017-06-21  Nick Clifton  <nickc@redhat.com>
++ 
++       PR binutils/21637
++       * vms-alpha.c (_bfd_vms_slurp_egsd): Check for an empty section
++       list.
++       (image_set_ptr): Likewise.
++       (alpha_vms_fix_sec_rel): Likewise.
++       (alpha_vms_slurp_relocs): Likewise.
++
++2017-06-19  Nick Clifton  <nickc@redhat.com>
+  
+        PR binutils/21618
+        * vms-alpha.c (evax_bfd_print_emh): Check for insufficient record

meta/recipes-devtools/binutils/binutils/CVE-2017-12451.patch

@@ -0,0 +1,384 @@
+commit 29866fa186ee3ebda5242221607dba360b2e541e
+Author: Nick Clifton <nickc@redhat.com>
+Date:   Wed Jul 19 11:07:43 2017 +0100
+
+    Fix address violation when attempting to read a corrupt field in a COFF archive header structure.
+   
+       PR 21786
+       * coff-rs6000.c (_bfd_strntol): New function.
+       (_bfd_strntoll): New function.
+       (GET_VALUE_IN_FIELD): New macro.
+       (EQ_VALUE_IN_FIELD): new macro.
+       (_bfd_xcoff_slurp_armap): Use new macros.
+       (_bfd_xcoff_archive_p): Likewise.
+       (_bfd_xcoff_read_ar_hdr): Likewise.
+       (_bfd_xcoff_openr_next_archived_file): Likewise.
+       (_bfd_xcoff_stat_arch_elt): Likewise.
+
+commit 6c4e7b6bfbc4679f695106de2817ecf02b27c8be
+Author: Nick Clifton <nickc@redhat.com>
+Date:   Wed Jul 19 16:14:02 2017 +0100
+
+    Extend previous fix to coff-rs6000.c to coff64-rs6000.c
+
+        PR 21786
+        * coff64-rs6000.c (_bfd_strntol): New function.
+        (_bfd_strntoll): New function.
+        (GET_VALUE_IN_FIELD): New macro.
+        (xcoff64_slurp_armap): Use new macros.
+
+Upstream-Status: backport
+
+CVE: CVE-2017-12451
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog	2017-08-31 16:07:20.966269193 +0530
++++ git/bfd/ChangeLog	2017-08-31 16:25:04.423155789 +0530
+@@ -13,6 +13,19 @@
+ 
+ 2017-07-19  Nick Clifton  <nickc@redhat.com>
+ 
++       PR 21786
++       * coff-rs6000.c (_bfd_strntol): New function.
++       (_bfd_strntoll): New function.
++       (GET_VALUE_IN_FIELD): New macro.
++       (EQ_VALUE_IN_FIELD): new macro.
++       (_bfd_xcoff_slurp_armap): Use new macros.
++       (_bfd_xcoff_archive_p): Likewise.
++       (_bfd_xcoff_read_ar_hdr): Likewise.
++       (_bfd_xcoff_openr_next_archived_file): Likewise.
++       (_bfd_xcoff_stat_arch_elt): Likewise.
++
++2017-07-19  Nick Clifton  <nickc@redhat.com>
++
+        PR 21787
+        * archive.c (bfd_generic_archive_p): If the bfd does not have the
+        correct magic bytes at the start, set the error to wrong format
+Index: git/bfd/coff-rs6000.c
+===================================================================
+--- git.orig/bfd/coff-rs6000.c	2017-08-31 16:07:14.278208353 +0530
++++ git/bfd/coff-rs6000.c	2017-08-31 16:24:05.414696722 +0530
+@@ -203,7 +203,8 @@
+ };
+ 
+ /* Information about one member of an archive.  */
+-struct member_layout {
++struct member_layout
++{
+   /* The archive member that this structure describes.  */
+   bfd *member;
+ 
+@@ -237,7 +238,8 @@
+ };
+ 
+ /* A structure used for iterating over the members of an archive.  */
+-struct archive_iterator {
++struct archive_iterator
++{
+   /* The archive itself.  */
+   bfd *archive;
+ 
+@@ -654,8 +656,6 @@
+ end:
+   return bfd_coff_auxesz (abfd);
+ }
+-
+-
+ 
+ /* The XCOFF reloc table.  Actually, XCOFF relocations specify the
+    bitsize and whether they are signed or not, along with a
+@@ -663,7 +663,6 @@
+    different algorithms for putting in the reloc.  Many of these
+    relocs need special_function entries, which I have not written.  */
+ 
+-
+ reloc_howto_type xcoff_howto_table[] =
+ {
+   /* 0x00: Standard 32 bit relocation.  */
+@@ -1185,6 +1184,51 @@
+  /* bfd_xcoff_archive_set_magic (abfd, magic); */
+ }
+ 
++/* PR 21786:  The PE/COFF standard does not require NUL termination for any of
++   the ASCII fields in the archive headers.  So in order to be able to extract
++   numerical values we provide our own versions of strtol and strtoll which
++   take a maximum length as an additional parameter.  Also - just to save space,
++   we omit the endptr return parameter, since we know that it is never used.  */
++
++static long
++_bfd_strntol (const char * nptr, int base, unsigned int maxlen)
++{
++  char buf[24]; /* Should be enough.  */
++
++  BFD_ASSERT (maxlen < (sizeof (buf) - 1));
++
++  memcpy (buf, nptr, maxlen);
++  buf[maxlen] = 0;
++  return strtol (buf, NULL, base);
++}
++
++static long long
++_bfd_strntoll (const char * nptr, int base, unsigned int maxlen)
++{
++  char buf[32]; /* Should be enough.  */
++
++  BFD_ASSERT (maxlen < (sizeof (buf) - 1));
++
++  memcpy (buf, nptr, maxlen);
++  buf[maxlen] = 0;
++  return strtoll (buf, NULL, base);
++}
++
++/* Macro to read an ASCII value stored in an archive header field.  */
++#define GET_VALUE_IN_FIELD(VAR, FIELD)		  \
++  do						  \
++    {						  \
++      (VAR) = sizeof (VAR) > sizeof (long)	  \
++        ? _bfd_strntoll (FIELD, 10, sizeof FIELD) \
++	: _bfd_strntol (FIELD, 10, sizeof FIELD); \
++    }						  \
++  while (0)
++
++#define EQ_VALUE_IN_FIELD(VAR, FIELD)			\
++  (sizeof (VAR) > sizeof (long)				\
++   ? (VAR) ==_bfd_strntoll (FIELD, 10, sizeof FIELD)	\
++   : (VAR) == _bfd_strntol (FIELD, 10, sizeof FIELD))
++
+ /* Read in the armap of an XCOFF archive.  */
+ 
+ bfd_boolean
+@@ -1209,7 +1253,7 @@
+       /* This is for the old format.  */
+       struct xcoff_ar_hdr hdr;
+ 
+-      off = strtol (xcoff_ardata (abfd)->symoff, (char **) NULL, 10);
++      GET_VALUE_IN_FIELD (off, xcoff_ardata (abfd)->symoff);
+       if (off == 0)
+ 	{
+ 	  bfd_has_map (abfd) = FALSE;
+@@ -1225,12 +1269,12 @@
+ 	return FALSE;
+ 
+       /* Skip the name (normally empty).  */
+-      namlen = strtol (hdr.namlen, (char **) NULL, 10);
++      GET_VALUE_IN_FIELD (namlen, hdr.namlen);
+       off = ((namlen + 1) & ~ (size_t) 1) + SXCOFFARFMAG;
+       if (bfd_seek (abfd, off, SEEK_CUR) != 0)
+ 	return FALSE;
+ 
+-      sz = strtol (hdr.size, (char **) NULL, 10);
++      GET_VALUE_IN_FIELD (sz, hdr.size);
+ 
+       /* Read in the entire symbol table.  */
+       contents = (bfd_byte *) bfd_alloc (abfd, sz);
+@@ -1264,7 +1308,7 @@
+       /* This is for the new format.  */
+       struct xcoff_ar_hdr_big hdr;
+ 
+-      off = strtol (xcoff_ardata_big (abfd)->symoff, (char **) NULL, 10);
++      GET_VALUE_IN_FIELD (off, xcoff_ardata_big (abfd)->symoff);
+       if (off == 0)
+ 	{
+ 	  bfd_has_map (abfd) = FALSE;
+@@ -1280,15 +1324,12 @@
+ 	return FALSE;
+ 
+       /* Skip the name (normally empty).  */
+-      namlen = strtol (hdr.namlen, (char **) NULL, 10);
++      GET_VALUE_IN_FIELD (namlen, hdr.namlen);
+       off = ((namlen + 1) & ~ (size_t) 1) + SXCOFFARFMAG;
+       if (bfd_seek (abfd, off, SEEK_CUR) != 0)
+ 	return FALSE;
+ 
+-      /* XXX This actually has to be a call to strtoll (at least on 32-bit
+-	 machines) since the field width is 20 and there numbers with more
+-	 than 32 bits can be represented.  */
+-      sz = strtol (hdr.size, (char **) NULL, 10);
++      GET_VALUE_IN_FIELD (sz, hdr.size);
+ 
+       /* Read in the entire symbol table.  */
+       contents = (bfd_byte *) bfd_alloc (abfd, sz);
+@@ -1393,8 +1434,8 @@
+ 	  goto error_ret;
+ 	}
+ 
+-      bfd_ardata (abfd)->first_file_filepos = strtol (hdr.firstmemoff,
+-						      (char **) NULL, 10);
++      GET_VALUE_IN_FIELD (bfd_ardata (abfd)->first_file_filepos,
++			  hdr.firstmemoff);
+ 
+       amt = SIZEOF_AR_FILE_HDR;
+       bfd_ardata (abfd)->tdata = bfd_zalloc (abfd, amt);
+@@ -1469,7 +1510,7 @@
+ 	  return NULL;
+ 	}
+ 
+-      namlen = strtol (hdr.namlen, (char **) NULL, 10);
++      GET_VALUE_IN_FIELD (namlen, hdr.namlen);
+       amt = SIZEOF_AR_HDR + namlen + 1;
+       hdrp = (struct xcoff_ar_hdr *) bfd_alloc (abfd, amt);
+       if (hdrp == NULL)
+@@ -1486,7 +1527,7 @@
+       ((char *) hdrp)[SIZEOF_AR_HDR + namlen] = '\0';
+ 
+       ret->arch_header = (char *) hdrp;
+-      ret->parsed_size = strtol (hdr.size, (char **) NULL, 10);
++      GET_VALUE_IN_FIELD (ret->parsed_size, hdr.size);
+       ret->filename = (char *) hdrp + SIZEOF_AR_HDR;
+     }
+   else
+@@ -1501,7 +1542,7 @@
+ 	  return NULL;
+ 	}
+ 
+-      namlen = strtol (hdr.namlen, (char **) NULL, 10);
++      GET_VALUE_IN_FIELD (namlen, hdr.namlen);
+       amt = SIZEOF_AR_HDR_BIG + namlen + 1;
+       hdrp = (struct xcoff_ar_hdr_big *) bfd_alloc (abfd, amt);
+       if (hdrp == NULL)
+@@ -1518,10 +1559,7 @@
+       ((char *) hdrp)[SIZEOF_AR_HDR_BIG + namlen] = '\0';
+ 
+       ret->arch_header = (char *) hdrp;
+-      /* XXX This actually has to be a call to strtoll (at least on 32-bit
+-	 machines) since the field width is 20 and there numbers with more
+-	 than 32 bits can be represented.  */
+-      ret->parsed_size = strtol (hdr.size, (char **) NULL, 10);
++      GET_VALUE_IN_FIELD (ret->parsed_size, hdr.size);
+       ret->filename = (char *) hdrp + SIZEOF_AR_HDR_BIG;
+     }
+ 
+@@ -1550,14 +1588,11 @@
+       if (last_file == NULL)
+ 	filestart = bfd_ardata (archive)->first_file_filepos;
+       else
+-	filestart = strtol (arch_xhdr (last_file)->nextoff, (char **) NULL,
+-			    10);
++	GET_VALUE_IN_FIELD (filestart, arch_xhdr (last_file)->nextoff);
+ 
+       if (filestart == 0
+-	  || filestart == strtol (xcoff_ardata (archive)->memoff,
+-				  (char **) NULL, 10)
+-	  || filestart == strtol (xcoff_ardata (archive)->symoff,
+-				  (char **) NULL, 10))
++	  || EQ_VALUE_IN_FIELD (filestart, xcoff_ardata (archive)->memoff)
++	  || EQ_VALUE_IN_FIELD (filestart, xcoff_ardata (archive)->symoff))
+ 	{
+ 	  bfd_set_error (bfd_error_no_more_archived_files);
+ 	  return NULL;
+@@ -1568,20 +1603,11 @@
+       if (last_file == NULL)
+ 	filestart = bfd_ardata (archive)->first_file_filepos;
+       else
+-	/* XXX These actually have to be a calls to strtoll (at least
+-	   on 32-bit machines) since the fields's width is 20 and
+-	   there numbers with more than 32 bits can be represented.  */
+-	filestart = strtol (arch_xhdr_big (last_file)->nextoff, (char **) NULL,
+-			    10);
+-
+-      /* XXX These actually have to be calls to strtoll (at least on 32-bit
+-	 machines) since the fields's width is 20 and there numbers with more
+-	 than 32 bits can be represented.  */
++	GET_VALUE_IN_FIELD (filestart, arch_xhdr_big (last_file)->nextoff);
++
+       if (filestart == 0
+-	  || filestart == strtol (xcoff_ardata_big (archive)->memoff,
+-				  (char **) NULL, 10)
+-	  || filestart == strtol (xcoff_ardata_big (archive)->symoff,
+-				  (char **) NULL, 10))
++	  || EQ_VALUE_IN_FIELD (filestart, xcoff_ardata_big (archive)->memoff)
++	  || EQ_VALUE_IN_FIELD (filestart, xcoff_ardata_big (archive)->symoff))
+ 	{
+ 	  bfd_set_error (bfd_error_no_more_archived_files);
+ 	  return NULL;
+@@ -1606,20 +1632,20 @@
+     {
+       struct xcoff_ar_hdr *hdrp = arch_xhdr (abfd);
+ 
+-      s->st_mtime = strtol (hdrp->date, (char **) NULL, 10);
+-      s->st_uid = strtol (hdrp->uid, (char **) NULL, 10);
+-      s->st_gid = strtol (hdrp->gid, (char **) NULL, 10);
+-      s->st_mode = strtol (hdrp->mode, (char **) NULL, 8);
++      GET_VALUE_IN_FIELD (s->st_mtime, hdrp->date);
++      GET_VALUE_IN_FIELD (s->st_uid, hdrp->uid);
++      GET_VALUE_IN_FIELD (s->st_gid, hdrp->gid);
++      GET_VALUE_IN_FIELD (s->st_mode, hdrp->mode);
+       s->st_size = arch_eltdata (abfd)->parsed_size;
+     }
+   else
+     {
+       struct xcoff_ar_hdr_big *hdrp = arch_xhdr_big (abfd);
+ 
+-      s->st_mtime = strtol (hdrp->date, (char **) NULL, 10);
+-      s->st_uid = strtol (hdrp->uid, (char **) NULL, 10);
+-      s->st_gid = strtol (hdrp->gid, (char **) NULL, 10);
+-      s->st_mode = strtol (hdrp->mode, (char **) NULL, 8);
++      GET_VALUE_IN_FIELD (s->st_mtime, hdrp->date);
++      GET_VALUE_IN_FIELD (s->st_uid, hdrp->uid);
++      GET_VALUE_IN_FIELD (s->st_gid, hdrp->gid);
++      GET_VALUE_IN_FIELD (s->st_mode, hdrp->mode);
+       s->st_size = arch_eltdata (abfd)->parsed_size;
+     }
+ 
+Index: git/bfd/coff64-rs6000.c
+===================================================================
+--- git.orig/bfd/coff64-rs6000.c	2017-08-31 16:07:14.282208390 +0530
++++ git/bfd/coff64-rs6000.c	2017-08-31 16:28:43.228864485 +0530
+@@ -1852,6 +1852,46 @@
+   return NULL;
+ }
+ 
++/* PR 21786:  The PE/COFF standard does not require NUL termination for any of
++   the ASCII fields in the archive headers.  So in order to be able to extract
++   numerical values we provide our own versions of strtol and strtoll which
++   take a maximum length as an additional parameter.  Also - just to save space,
++   we omit the endptr return parameter, since we know that it is never used.  */
++
++static long
++_bfd_strntol (const char * nptr, int base, unsigned int maxlen)
++{
++  char buf[24]; /* Should be enough.  */
++
++  BFD_ASSERT (maxlen < (sizeof (buf) - 1));
++
++  memcpy (buf, nptr, maxlen);
++  buf[maxlen] = 0;
++  return strtol (buf, NULL, base);
++}
++
++static long long
++_bfd_strntoll (const char * nptr, int base, unsigned int maxlen)
++{
++  char buf[32]; /* Should be enough.  */
++
++  BFD_ASSERT (maxlen < (sizeof (buf) - 1));
++
++  memcpy (buf, nptr, maxlen);
++  buf[maxlen] = 0;
++  return strtoll (buf, NULL, base);
++}
++
++/* Macro to read an ASCII value stored in an archive header field.  */
++#define GET_VALUE_IN_FIELD(VAR, FIELD)		  \
++  do						  \
++    {						  \
++      (VAR) = sizeof (VAR) > sizeof (long)	  \
++        ? _bfd_strntoll (FIELD, 10, sizeof FIELD) \
++	: _bfd_strntol (FIELD, 10, sizeof FIELD); \
++    }						  \
++  while (0)
++
+ /* Read in the armap of an XCOFF archive.  */
+ 
+ static bfd_boolean
+@@ -1892,7 +1932,7 @@
+     return FALSE;
+ 
+   /* Skip the name (normally empty).  */
+-  namlen = strtol (hdr.namlen, (char **) NULL, 10);
++  GET_VALUE_IN_FIELD (namlen, hdr.namlen);
+   pos = ((namlen + 1) & ~(size_t) 1) + SXCOFFARFMAG;
+   if (bfd_seek (abfd, pos, SEEK_CUR) != 0)
+     return FALSE;

meta/recipes-devtools/binutils/binutils/CVE-2017-14729.patch

@@ -0,0 +1,45 @@
+commit 61e3bf5f83f7e505b6bc51ef65426e5b31e6e360
+Author: H.J. Lu <hjl.tools@gmail.com>
+Date:   Fri Sep 22 14:15:40 2017 -0700
+
+x86: Guard against corrupted PLT
+
+There should be only one entry in PLT for a given symbol.  Set howto to
+NULL after processing a PLT entry to guard against corrupted PLT so that
+the duplicated PLT entries are skipped.
+
+PR binutils/22170
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-14729
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+Index: git/bfd/elf-ifunc.c
+===================================================================
+--- git.orig/bfd/elf-ifunc.c	2017-11-08 12:34:22.063320490 +0530
++++ git/bfd/elf-ifunc.c	2017-11-08 12:34:29.995404891 +0530
+@@ -473,6 +473,10 @@
+       memcpy (names, "@plt", sizeof ("@plt"));
+       names += sizeof ("@plt");
+       ++s, ++n;
++      /* There should be only one entry in PLT for a given 
++         symbol.  Set howto to NULL after processing a PLT 
++         entry to guard against corrupted PLT.  */
++      p->howto = NULL;	
+     }
+ 
+   free (plt_sym_val);
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog	2017-11-08 12:34:29.939404297 +0530
++++ git/bfd/ChangeLog	2017-11-08 12:35:55.660271599 +0530
+@@ -1,3 +1,9 @@
++2017-09-22  H.J. Lu  <hongjiu.lu@intel.com>
++
++       PR binutils/22170
++       * elf-ifunc.c (elf_get_synthetic_symtab): Guard against
++       corrupted PLT.
++
+ 2017-07-27  Nick Clifton  <nickc@redhat.com>
+ 
+        PR 21840

meta/recipes-devtools/binutils/binutils/CVE-2017-15024.patch

@@ -0,0 +1,241 @@
+commit 52a93b95ec0771c97e26f0bb28630a271a667bd2
+Author: Alan Modra <amodra@gmail.com>
+Date:   Sun Sep 24 14:37:16 2017 +0930
+
+    PR22187, infinite loop in find_abstract_instance_name
+    
+    This patch prevents the simple case of infinite recursion in
+    find_abstract_instance_name by ensuring that the attributes being
+    processed are not the same as the previous call.
+    
+    The patch also does a little cleanup, and leaves in place some changes
+    to the nested_funcs array that I made when I wrongly thought looping
+    might occur in scan_unit_for_symbols.
+    
+    	PR 22187
+    	* dwarf2.c (find_abstract_instance_name): Add orig_info_ptr and
+    	pname param.  Return status.  Make name const.  Don't abort,
+    	return an error.  Formatting.  Exit if current info_ptr matches
+    	orig_info_ptr.  Update callers.
+    	(scan_unit_for_symbols): Start at nesting_level of zero.  Make
+    	nested_funcs an array of structs for extensibility.  Formatting.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-15024
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c	2017-11-08 12:44:59.198052588 +0530
++++ git/bfd/dwarf2.c	2017-11-08 12:45:10.670155730 +0530
+@@ -2273,9 +2273,11 @@
+     return FALSE;
+ }
+ 
+-static char *
++static bfd_boolean
+ find_abstract_instance_name (struct comp_unit *unit,
++			     bfd_byte *orig_info_ptr,
+ 			     struct attribute *attr_ptr,
++			     const char **pname,
+ 			     bfd_boolean *is_linkage)
+ {
+   bfd *abfd = unit->abfd;
+@@ -2285,7 +2287,7 @@
+   struct abbrev_info *abbrev;
+   bfd_uint64_t die_ref = attr_ptr->u.val;
+   struct attribute attr;
+-  char *name = NULL;
++  const char *name = NULL;
+ 
+   /* DW_FORM_ref_addr can reference an entry in a different CU. It
+      is an offset from the .debug_info section, not the current CU.  */
+@@ -2294,7 +2296,12 @@
+       /* We only support DW_FORM_ref_addr within the same file, so
+ 	 any relocations should be resolved already.  */
+       if (!die_ref)
+-	abort ();
++	{
++	  _bfd_error_handler
++	    (_("Dwarf Error: Abstract instance DIE ref zero."));
++	  bfd_set_error (bfd_error_bad_value);
++	  return FALSE;
++	}
+ 
+       info_ptr = unit->sec_info_ptr + die_ref;
+       info_ptr_end = unit->end_ptr;
+@@ -2329,9 +2336,10 @@
+ 	  (*_bfd_error_handler)
+ 	    (_("Dwarf Error: Unable to read alt ref %u."), die_ref);
+ 	  bfd_set_error (bfd_error_bad_value);
+-	  return NULL;
++	  return FALSE;
+ 	}
+-      info_ptr_end = unit->stash->alt_dwarf_info_buffer + unit->stash->alt_dwarf_info_size;
++      info_ptr_end = (unit->stash->alt_dwarf_info_buffer
++		      + unit->stash->alt_dwarf_info_size);
+ 
+       /* FIXME: Do we need to locate the correct CU, in a similar
+ 	 fashion to the code in the DW_FORM_ref_addr case above ?  */
+@@ -2353,6 +2361,7 @@
+ 	  (*_bfd_error_handler)
+ 	    (_("Dwarf Error: Could not find abbrev number %u."), abbrev_number);
+ 	  bfd_set_error (bfd_error_bad_value);
++	  return FALSE;
+ 	}
+       else
+ 	{
+@@ -2362,6 +2371,15 @@
+ 					 info_ptr, info_ptr_end);
+ 	      if (info_ptr == NULL)
+ 		break;
++	      /* It doesn't ever make sense for DW_AT_specification to
++		 refer to the same DIE.  Stop simple recursion.  */
++	      if (info_ptr == orig_info_ptr)
++		{
++		  _bfd_error_handler
++		    (_("Dwarf Error: Abstract instance recursion detected."));
++		  bfd_set_error (bfd_error_bad_value);
++		  return FALSE;
++		}
+ 	      switch (attr.name)
+ 		{
+ 		case DW_AT_name:
+@@ -2375,7 +2393,9 @@
+ 		    }
+ 		  break;
+ 		case DW_AT_specification:
+-		  name = find_abstract_instance_name (unit, &attr, is_linkage);
++		  if (!find_abstract_instance_name (unit, info_ptr, &attr,
++						    pname, is_linkage))
++		    return FALSE;
+ 		  break;
+ 		case DW_AT_linkage_name:
+ 		case DW_AT_MIPS_linkage_name:
+@@ -2393,7 +2413,8 @@
+ 	    }
+ 	}
+     }
+-  return name;
++  *pname = name;
++  return TRUE;
+ }
+ 
+ static bfd_boolean
+@@ -2454,20 +2475,22 @@
+   bfd *abfd = unit->abfd;
+   bfd_byte *info_ptr = unit->first_child_die_ptr;
+   bfd_byte *info_ptr_end = unit->stash->info_ptr_end;
+-  int nesting_level = 1;
+-  struct funcinfo **nested_funcs;
++  int nesting_level = 0;
++  struct nest_funcinfo {
++    struct funcinfo *func;
++  } *nested_funcs;
+   int nested_funcs_size;
+ 
+   /* Maintain a stack of in-scope functions and inlined functions, which we
+      can use to set the caller_func field.  */
+   nested_funcs_size = 32;
+-  nested_funcs = (struct funcinfo **)
+-    bfd_malloc (nested_funcs_size * sizeof (struct funcinfo *));
++  nested_funcs = (struct nest_funcinfo *)
++    bfd_malloc (nested_funcs_size * sizeof (*nested_funcs));
+   if (nested_funcs == NULL)
+     return FALSE;
+-  nested_funcs[nesting_level] = 0;
++  nested_funcs[nesting_level].func = 0;
+ 
+-  while (nesting_level)
++  while (nesting_level >= 0)
+     {
+       unsigned int abbrev_number, bytes_read, i;
+       struct abbrev_info *abbrev;
+@@ -2516,13 +2539,13 @@
+ 	  BFD_ASSERT (!unit->cached);
+ 
+ 	  if (func->tag == DW_TAG_inlined_subroutine)
+-	    for (i = nesting_level - 1; i >= 1; i--)
+-	      if (nested_funcs[i])
++	    for (i = nesting_level; i-- != 0; )
++	      if (nested_funcs[i].func)
+ 		{
+-		  func->caller_func = nested_funcs[i];
++		  func->caller_func = nested_funcs[i].func;
+ 		  break;
+ 		}
+-	  nested_funcs[nesting_level] = func;
++	  nested_funcs[nesting_level].func = func;
+ 	}
+       else
+ 	{
+@@ -2541,12 +2564,13 @@
+ 	    }
+ 
+ 	  /* No inline function in scope at this nesting level.  */
+-	  nested_funcs[nesting_level] = 0;
++	  nested_funcs[nesting_level].func = 0;
+ 	}
+ 
+       for (i = 0; i < abbrev->num_attrs; ++i)
+ 	{
+-	  info_ptr = read_attribute (&attr, &abbrev->attrs[i], unit, info_ptr, info_ptr_end);
++	  info_ptr = read_attribute (&attr, &abbrev->attrs[i],
++				     unit, info_ptr, info_ptr_end);
+ 	  if (info_ptr == NULL)
+ 	    goto fail;
+ 
+@@ -2565,8 +2589,10 @@
+ 
+ 		case DW_AT_abstract_origin:
+ 		case DW_AT_specification:
+-		  func->name = find_abstract_instance_name (unit, &attr,
+-							    &func->is_linkage);
++		  if (!find_abstract_instance_name (unit, info_ptr, &attr,
++						    &func->name,
++						    &func->is_linkage))
++		    goto fail;
+ 		  break;
+ 
+ 		case DW_AT_name:
+@@ -2691,17 +2717,17 @@
+ 
+ 	  if (nesting_level >= nested_funcs_size)
+ 	    {
+-	      struct funcinfo **tmp;
++	      struct nest_funcinfo *tmp;
+ 
+ 	      nested_funcs_size *= 2;
+-	      tmp = (struct funcinfo **)
++	      tmp = (struct nest_funcinfo *)
+ 		bfd_realloc (nested_funcs,
+-			     nested_funcs_size * sizeof (struct funcinfo *));
++			     nested_funcs_size * sizeof (*nested_funcs));
+ 	      if (tmp == NULL)
+ 		goto fail;
+ 	      nested_funcs = tmp;
+ 	    }
+-	  nested_funcs[nesting_level] = 0;
++	  nested_funcs[nesting_level].func = 0;
+ 	}
+     }
+ 
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog	2017-11-08 12:45:10.614155229 +0530
++++ git/bfd/ChangeLog	2017-11-08 12:46:55.791054918 +0530
+@@ -1,3 +1,13 @@
++2017-09-24  Alan Modra  <amodra@gmail.com>
++
++       PR 22187
++       * dwarf2.c (find_abstract_instance_name): Add orig_info_ptr and
++       pname param.  Return status.  Make name const.  Don't abort,
++       return an error.  Formatting.  Exit if current info_ptr matches
++       orig_info_ptr.  Update callers.
++       (scan_unit_for_symbols): Start at nesting_level of zero.  Make
++       nested_funcs an array of structs for extensibility.  Formatting.
++
+ 2017-09-22  H.J. Lu  <hongjiu.lu@intel.com>
+ 
+        PR binutils/22170

meta/recipes-devtools/binutils/binutils/CVE-2017-15938.patch

@@ -0,0 +1,153 @@
+commit 1b86808a86077722ee4f42ff97f836b12420bb2a
+Author: Alan Modra <amodra@gmail.com>
+Date:   Tue Sep 26 21:47:24 2017 +0930
+
+    PR22209, invalid memory read in find_abstract_instance_name
+    
+    This patch adds bounds checking for DW_FORM_ref_addr die refs, and
+    calculates them relative to the first .debug_info section.  See the
+    big comment for why calculating relative to the current .debug_info
+    section was wrong for relocatable object files.
+    
+    	PR 22209
+    	* dwarf2.c (struct comp_unit): Delete sec_info_ptr field.
+    	(find_abstract_instance_name): Calculate DW_FORM_ref_addr relative
+    	to stash->info_ptr_memory, and check die_ref is within that memory.
+    	Set info_ptr_end correctly when another CU is refd.  Check die_ref
+    	for DW_FORM_ref4 etc. is within CU.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-15938
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c	2017-11-07 18:52:19.896253364 +0530
++++ git/bfd/dwarf2.c	2017-11-07 18:52:19.952253802 +0530
+@@ -119,8 +119,7 @@
+ 
+   /* A pointer to the memory block allocated for info_ptr.  Neither
+      info_ptr nor sec_info_ptr are guaranteed to stay pointing to the
+-     beginning of the malloc block.  This is used only to free the
+-     memory later.  */
++     beginning of the malloc block.  */
+   bfd_byte *info_ptr_memory;
+ 
+   /* Pointer to the symbol table.  */
+@@ -238,9 +237,6 @@
+      by its reference.  */
+   bfd_byte *info_ptr_unit;
+ 
+-  /* Pointer to the start of the debug section, for DW_FORM_ref_addr.  */
+-  bfd_byte *sec_info_ptr;
+-
+   /* The offset into .debug_line of the line number table.  */
+   unsigned long line_offset;
+ 
+@@ -2294,21 +2290,37 @@
+   if (attr_ptr->form == DW_FORM_ref_addr)
+     {
+       /* We only support DW_FORM_ref_addr within the same file, so
+-	 any relocations should be resolved already.  */
+-      if (!die_ref)
++	 any relocations should be resolved already.  Check this by
++	 testing for a zero die_ref;  There can't be a valid reference
++	 to the header of a .debug_info section.
++	 DW_FORM_ref_addr is an offset relative to .debug_info.
++	 Normally when using the GNU linker this is accomplished by
++	 emitting a symbolic reference to a label, because .debug_info
++	 sections are linked at zero.  When there are multiple section
++	 groups containing .debug_info, as there might be in a
++	 relocatable object file, it would be reasonable to assume that
++	 a symbolic reference to a label in any .debug_info section
++	 might be used.  Since we lay out multiple .debug_info
++	 sections at non-zero VMAs (see place_sections), and read
++	 them contiguously into stash->info_ptr_memory, that means
++	 the reference is relative to stash->info_ptr_memory.  */
++      size_t total;
++
++      info_ptr = unit->stash->info_ptr_memory;
++      info_ptr_end = unit->stash->info_ptr_end;
++      total = info_ptr_end - info_ptr;
++      if (!die_ref || die_ref >= total)
+ 	{
+ 	  _bfd_error_handler
+-	    (_("Dwarf Error: Abstract instance DIE ref zero."));
++	    (_("Dwarf Error: Invalid abstract instance DIE ref."));
+ 	  bfd_set_error (bfd_error_bad_value);
+ 	  return FALSE;
+ 	}
+-
+-      info_ptr = unit->sec_info_ptr + die_ref;
+-      info_ptr_end = unit->end_ptr;
++      info_ptr += die_ref;
+ 
+       /* Now find the CU containing this pointer.  */
+       if (info_ptr >= unit->info_ptr_unit && info_ptr < unit->end_ptr)
+-	;
++	info_ptr_end = unit->end_ptr;
+       else
+ 	{
+ 	  /* Check other CUs to see if they contain the abbrev.  */
+@@ -2324,7 +2336,10 @@
+ 		break;
+ 
+ 	  if (u)
+-	    unit = u;
++	    {
++	      unit = u;
++	      info_ptr_end = unit->end_ptr;
++	    }
+ 	  /* else FIXME: What do we do now ?  */
+ 	}
+     }
+@@ -2346,8 +2361,22 @@
+     }
+   else
+     {
+-      info_ptr = unit->info_ptr_unit + die_ref;
++      /* DW_FORM_ref1, DW_FORM_ref2, DW_FORM_ref4, DW_FORM_ref8 or
++	 DW_FORM_ref_udata.  These are all references relative to the
++	 start of the current CU.  */
++      size_t total;
++
++      info_ptr = unit->info_ptr_unit;
+       info_ptr_end = unit->end_ptr;
++      total = info_ptr_end - info_ptr;
++      if (!die_ref || die_ref >= total)
++	{
++	  _bfd_error_handler
++	    (_("Dwarf Error: Invalid abstract instance DIE ref."));
++	  bfd_set_error (bfd_error_bad_value);
++	  return FALSE;
++	}
++      info_ptr += die_ref;
+     }
+ 
+   abbrev_number = safe_read_leb128 (abfd, info_ptr, &bytes_read, FALSE, info_ptr_end);
+@@ -2846,7 +2875,6 @@
+   unit->end_ptr = end_ptr;
+   unit->stash = stash;
+   unit->info_ptr_unit = info_ptr_unit;
+-  unit->sec_info_ptr = stash->sec_info_ptr;
+ 
+   for (i = 0; i < abbrev->num_attrs; ++i)
+     {
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog	2017-11-07 18:52:19.900253395 +0530
++++ git/bfd/ChangeLog	2017-11-07 18:53:29.668799630 +0530
+@@ -1,3 +1,12 @@
++2017-09-26  Alan Modra  <amodra@gmail.com>
++
++       PR 22209
++       * dwarf2.c (struct comp_unit): Delete sec_info_ptr field.
++       (find_abstract_instance_name): Calculate DW_FORM_ref_addr relative
++       to stash->info_ptr_memory, and check die_ref is within that memory.
++       Set info_ptr_end correctly when another CU is refd.  Check die_ref
++       for DW_FORM_ref4 etc. is within CU.
++
+ 2017-09-24  Alan Modra  <amodra@gmail.com>
+ 
+        PR 22187

meta/recipes-devtools/binutils/binutils/CVE-2017-7223.patch

@@ -0,0 +1,40 @@
+commit 69ace2200106348a1b00d509a6a234337c104c17
+Author: Nick Clifton <nickc@redhat.com>
+Date:   Thu Dec 1 15:20:19 2016 +0000
+
+    Fix seg fault attempting to unget an EOF character.
+    
+        PR gas/20898
+        * app.c (do_scrub_chars): Do not attempt to unget EOF.
+
+Upstream-Status: backport
+
+CVE: CVE-2017-7223
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/gas/ChangeLog
+===================================================================
+--- git.orig/gas/ChangeLog	2017-09-04 12:42:08.941602299 +0530
++++ git/gas/ChangeLog	2017-09-04 12:48:28.863820763 +0530
+@@ -1,3 +1,8 @@
++2016-12-01  Nick Clifton  <nickc@redhat.com>
++
++	PR gas/20898
++	* app.c (do_scrub_chars): Do not attempt to unget EOF.
++
+ 2016-08-05  Nick Clifton  <nickc@redhat.com>
+ 
+ 	PR gas/20364
+Index: git/gas/app.c
+===================================================================
+--- git.orig/gas/app.c	2017-09-04 12:42:05.261580103 +0530
++++ git/gas/app.c	2017-09-04 12:47:19.923428673 +0530
+@@ -1187,7 +1187,7 @@
+ 		  state = -2;
+ 		  break;
+ 		}
+-	      else
++	      else if (ch2 != EOF)
+ 		{
+ 		  UNGET (ch2);
+ 		}

meta/recipes-devtools/binutils/binutils/CVE-2017-7224.patch

@@ -0,0 +1,48 @@
+commit e82ab856bb4689330c29fb9f1c57a8555b26380e
+Author: Nick Clifton <nickc@redhat.com>
+Date:   Thu Dec 1 10:49:39 2016 +0000
+
+    Fix a seg-fault disassembling a corrupt binary.
+    
+        PR binutils/20892
+        * aoutx.h (find_nearest_line): Handle the case where the function
+        name is empty.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-7224
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog	2017-09-04 12:54:37.513859864 +0530
++++ git/bfd/ChangeLog	2017-09-04 13:00:22.891753836 +0530
+@@ -120,6 +120,10 @@
+        * peicode.h (pe_ILF_object_p): Use strnlen to avoid running over
+        the end of the string buffer.
+ 
++       PR binutils/20892
++       * aoutx.h (find_nearest_line): Handle the case where the function
++       name is empty.
++
+ 2016-08-02  Nick Clifton  <nickc@redhat.com>
+ 
+ 	PR ld/17739
+Index: git/bfd/aoutx.h
+===================================================================
+--- git.orig/bfd/aoutx.h	2017-09-04 12:54:35.957851411 +0530
++++ git/bfd/aoutx.h	2017-09-04 12:57:50.634902163 +0530
+@@ -2819,6 +2819,13 @@
+       const char *function = func->name;
+       char *colon;
+ 
++      if (buf == NULL)
++       {
++         /* PR binutils/20892: In a corrupt input file func can be empty.  */
++         * functionname_ptr = NULL;
++         return TRUE;
++       }
++
+       /* The caller expects a symbol name.  We actually have a
+ 	 function name, without the leading underscore.  Put the
+ 	 underscore back in, so that the caller gets a symbol name.  */

meta/recipes-devtools/binutils/binutils/CVE-2017-7225.patch

@@ -0,0 +1,66 @@
+commit 50455f1ab2935f7321215dfa681745c9b1cb5b19
+Author: Nick Clifton <nickc@redhat.com>
+Date:   Thu Dec 1 10:15:07 2016 +0000
+
+    Fix seg-fault running addr2line on a corrupt binary.
+    
+        PR binutils/20891
+        * aoutx.h (find_nearest_line): Handle the case where the main file
+        name and the directory name are both empty.
+
+Upstream-Status: backport
+
+CVE: CVE-2017-7225
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog	2017-09-04 13:04:20.941485636 +0530
++++ git/bfd/ChangeLog	2017-09-04 13:08:05.003175703 +0530
+@@ -120,6 +120,12 @@
+        * peicode.h (pe_ILF_object_p): Use strnlen to avoid running over
+        the end of the string buffer.
+ 
++2016-12-01  Nick Clifton  <nickc@redhat.com>
++
++       PR binutils/20891
++       * aoutx.h (find_nearest_line): Handle the case where the main file
++       name and the directory name are both empty.
++
+        PR binutils/20892
+        * aoutx.h (find_nearest_line): Handle the case where the function
+        name is empty.
+Index: git/bfd/aoutx.h
+===================================================================
+--- git.orig/bfd/aoutx.h	2017-09-04 13:04:20.941485636 +0530
++++ git/bfd/aoutx.h	2017-09-04 13:10:55.856441243 +0530
+@@ -2663,7 +2663,7 @@
+   char *buf;
+ 
+   *filename_ptr = abfd->filename;
+-  *functionname_ptr = 0;
++  *functionname_ptr = NULL;
+   *line_ptr = 0;
+   if (disriminator_ptr)
+     *disriminator_ptr = 0;
+@@ -2808,9 +2808,17 @@
+ 	*filename_ptr = main_file_name;
+       else
+ 	{
+-	  sprintf (buf, "%s%s", directory_name, main_file_name);
+-	  *filename_ptr = buf;
+-	  buf += filelen + 1;
++         if (buf == NULL)
++           /* PR binutils/20891: In a corrupt input file both
++              main_file_name and directory_name can be empty...  */
++           * filename_ptr = NULL;
++         else
++           {
++             snprintf (buf, filelen + 1, "%s%s", directory_name,
++                       main_file_name);
++             *filename_ptr = buf;
++             buf += filelen + 1;
++           }
+ 	}
+     }
+ 

meta/recipes-devtools/binutils/binutils/CVE-2017-7226.patch

@@ -0,0 +1,42 @@
+Fix seg-fault in the binutils utilities when reading a corrupt input file.
+
+PR binutils/20905
+* peicode.h (pe_ILF_object_p): Use strnlen to avoid running over
+the end of the string buffer.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-7226
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog	2017-08-23 13:59:16.868424171 +0530
++++ git/bfd/ChangeLog	2017-08-23 14:03:22.683013823 +0530
+@@ -39,6 +39,12 @@
+        (bfd_elf_final_link): Only initialize the extended symbol index
+        section if there are extended symbol tables to list.
+ 
++2016-12-05  Nick Clifton  <nickc@redhat.com>
++ 
++       PR binutils/20905
++       * peicode.h (pe_ILF_object_p): Use strnlen to avoid running over
++       the end of the string buffer.
++
+ 2016-08-02  Nick Clifton  <nickc@redhat.com>
+ 
+ 	PR ld/17739
+Index: git/bfd/peicode.h
+===================================================================
+--- git.orig/bfd/peicode.h	2017-08-23 13:59:06.948319100 +0530
++++ git/bfd/peicode.h	2017-08-23 13:59:16.920424722 +0530
+@@ -1264,7 +1264,8 @@
+     }
+ 
+   symbol_name = (char *) ptr;
+-  source_dll  = symbol_name + strlen (symbol_name) + 1;
++  /* See PR 20905 for an example of where the strnlen is necessary.  */
++  source_dll  = symbol_name + strnlen (symbol_name, size - 1) + 1;
+ 
+   /* Verify that the strings are null terminated.  */
+   if (ptr[size - 1] != 0

meta/recipes-devtools/binutils/binutils/CVE-2017-7227.patch

@@ -0,0 +1,49 @@
+commit 406bd128dba2a59d0736839fc87a59bce319076c
+Author: Nick Clifton <nickc@redhat.com>
+Date:   Mon Dec 5 16:00:43 2016 +0000
+
+    Fix seg-fault in linker when passed a bogus input script.
+    
+        PR ld/20906
+        * ldlex.l: Check for bogus strings in linker scripts.
+
+Upstream-Status: backport
+
+CVE: CVE-2017-7227
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/ld/ChangeLog
+===================================================================
+--- git.orig/ld/ChangeLog	2017-09-04 13:18:09.660584245 +0530
++++ git/ld/ChangeLog	2017-09-04 13:20:34.286155911 +0530
+@@ -1,3 +1,8 @@
++2016-12-05  Nick Clifton  <nickc@redhat.com>
++
++	PR ld/20906
++	* ldlex.l: Check for bogus strings in linker scripts.
++
+ 2016-08-02  Nick Clifton  <nickc@redhat.com>
+ 
+ 	PR ld/17739
+Index: git/ld/ldlex.l
+===================================================================
+--- git.orig/ld/ldlex.l	2017-09-04 13:18:09.692584605 +0530
++++ git/ld/ldlex.l	2017-09-04 13:22:54.483583368 +0530
+@@ -416,9 +416,15 @@
+ 
+ <EXPRESSION,BOTH,SCRIPT,VERS_NODE,INPUTLIST>"\""[^\"]*"\"" {
+ 					/* No matter the state, quotes
+-					   give what's inside */
++                                          give what's inside.  */
++                                        bfd_size_type len;
+ 					yylval.name = xstrdup (yytext + 1);
+-					yylval.name[yyleng - 2] = 0;
++                                        /* PR ld/20906.  A corrupt input file
++                                           can contain bogus strings.  */
++                                        len = strlen (yylval.name);
++                                        if (len > yyleng - 2)
++                                          len = yyleng - 2;
++                                        yylval.name[len] = 0;
+ 					return NAME;
+ 				}
+ <BOTH,SCRIPT,EXPRESSION>"\n"		{ lineno++;}

meta/recipes-devtools/binutils/binutils/CVE-2017-7299_1.patch

@@ -0,0 +1,47 @@
+commit d7f399a8de4c55eb841db6493597a587fac002de
+Author: Nick Clifton <nickc@redhat.com>
+Date:   Fri Dec 2 17:46:26 2016 +0000
+
+    Fix seg-fault in linker when passed a corrupt binary input file.
+    
+    	PR lf/20908
+    	* elflink.c (bfd_elf_final_link): Check for ELF flavour binaries
+    	when following indirect links.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-7299
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/elflink.c
+===================================================================
+--- git.orig/bfd/elflink.c	2017-09-20 14:15:26.337333504 +0530
++++ git/bfd/elflink.c	2017-09-20 14:20:19.000000000 +0530
+@@ -11201,6 +11201,12 @@
+ 	      asection *sec;
+ 
+ 	      sec = p->u.indirect.section;
++	      /* See PR 20908 for a reproducer.  */
++	      if (bfd_get_flavour (sec->owner) != bfd_target_elf_flavour)
++		{
++		  _bfd_error_handler (_("%B: not in ELF format"), sec->owner);
++		  goto error_return;
++		}
+ 	      esdi = elf_section_data (sec);
+ 
+ 	      /* Mark all sections which are to be included in the
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog	2017-09-20 14:20:19.000000000 +0530
++++ git/bfd/ChangeLog	2017-09-20 14:23:48.743556932 +0530
+@@ -192,6 +192,10 @@
+ 
+ 2016-12-02  Nick Clifton  <nickc@redhat.com>
+ 
++	PR lf/20908
++	* elflink.c (bfd_elf_final_link): Check for ELF flavour binaries
++	when following indirect links.
++
+ 	PR ld/20909
+ 	* aoutx.h (aout_link_add_symbols): Fix off-by-one error in check
+ 	for an illegal string offset.

meta/recipes-devtools/binutils/binutils/CVE-2017-7299_2.patch

@@ -0,0 +1,120 @@
+commit a961cdd5f139d3c3e09170db52bd8df7dafae13f
+Author: Alan Modra <amodra@gmail.com>
+Date:   Thu Dec 15 21:29:44 2016 +1030
+
+    Linking non-ELF file broken by PR20908 fix
+    
+    	PR ld/20968
+    	PR ld/20908
+    	* elflink.c (bfd_elf_final_link): Revert 2016-12-02 change.  Move
+    	reloc counting code later after ELF flavour test.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-7299
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/elflink.c
+===================================================================
+--- git.orig/bfd/elflink.c	2017-09-20 14:15:28.133343092 +0530
++++ git/bfd/elflink.c	2017-09-20 14:15:28.189343391 +0530
+@@ -11201,13 +11201,6 @@
+ 	      asection *sec;
+ 
+ 	      sec = p->u.indirect.section;
+-	      /* See PR 20908 for a reproducer.  */
+-	      if (bfd_get_flavour (sec->owner) != bfd_target_elf_flavour)
+-		{
+-		  _bfd_error_handler (_("%B: not in ELF format"), sec->owner);
+-		  goto error_return;
+-		}
+-	      esdi = elf_section_data (sec);
+ 
+ 	      /* Mark all sections which are to be included in the
+ 		 link.  This will normally be every section.  We need
+@@ -11218,37 +11211,18 @@
+ 	      if (sec->flags & SEC_MERGE)
+ 		merged = TRUE;
+ 
+-	      if (esdo->this_hdr.sh_type == SHT_REL
+-		  || esdo->this_hdr.sh_type == SHT_RELA)
+-		/* Some backends use reloc_count in relocation sections
+-		   to count particular types of relocs.  Of course,
+-		   reloc sections themselves can't have relocations.  */
+-		reloc_count = 0;
+-	      else if (emit_relocs)
+-		{
+-		  reloc_count = sec->reloc_count;
+-		  if (bed->elf_backend_count_additional_relocs)
+-		    {
+-		      int c;
+-		      c = (*bed->elf_backend_count_additional_relocs) (sec);
+-		      additional_reloc_count += c;
+-		    }
+-		}
+-	      else if (bed->elf_backend_count_relocs)
+-		reloc_count = (*bed->elf_backend_count_relocs) (info, sec);
+-
+ 	      if (sec->rawsize > max_contents_size)
+ 		max_contents_size = sec->rawsize;
+ 	      if (sec->size > max_contents_size)
+ 		max_contents_size = sec->size;
+ 
+-	      /* We are interested in just local symbols, not all
+-		 symbols.  */
+ 	      if (bfd_get_flavour (sec->owner) == bfd_target_elf_flavour
+ 		  && (sec->owner->flags & DYNAMIC) == 0)
+ 		{
+ 		  size_t sym_count;
+ 
++		  /* We are interested in just local symbols, not all
++		     symbols.  */
+ 		  if (elf_bad_symtab (sec->owner))
+ 		    sym_count = (elf_tdata (sec->owner)->symtab_hdr.sh_size
+ 				 / bed->s->sizeof_sym);
+@@ -11262,6 +11236,27 @@
+ 		      && elf_symtab_shndx_list (sec->owner) != NULL)
+ 		    max_sym_shndx_count = sym_count;
+ 
++		  if (esdo->this_hdr.sh_type == SHT_REL
++		      || esdo->this_hdr.sh_type == SHT_RELA)
++		    /* Some backends use reloc_count in relocation sections
++		       to count particular types of relocs.  Of course,
++		       reloc sections themselves can't have relocations.  */
++		    ;
++		  else if (emit_relocs)
++		    {
++		      reloc_count = sec->reloc_count;
++		      if (bed->elf_backend_count_additional_relocs)
++			{
++			  int c;
++			  c = (*bed->elf_backend_count_additional_relocs) (sec);
++			  additional_reloc_count += c;
++			}
++		    }
++		  else if (bed->elf_backend_count_relocs)
++		    reloc_count = (*bed->elf_backend_count_relocs) (info, sec);
++
++		  esdi = elf_section_data (sec);
++
+ 		  if ((sec->flags & SEC_RELOC) != 0)
+ 		    {
+ 		      size_t ext_size = 0;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog	2017-09-20 14:15:28.013342453 +0530
++++ git/bfd/ChangeLog	2017-09-20 14:19:06.990419395 +0530
+@@ -156,6 +156,13 @@
+        (bfd_elf_final_link): Only initialize the extended symbol index
+        section if there are extended symbol tables to list.
+ 
++2016-12-15  Alan Modra  <amodra@gmail.com>
++
++	PR ld/20968
++	PR ld/20908
++	 * elflink.c (bfd_elf_final_link): Revert 2016-12-02 change.  Move
++	reloc counting code later after ELF flavour test.
++
+  2016-12-06  Nick Clifton  <nickc@redhat.com>
+  
+        PR binutils/20931

meta/recipes-devtools/binutils/binutils/CVE-2017-7300.patch

@@ -0,0 +1,55 @@
+From 531336e3a0b79ed60cfc36ad2d6579b6a71175da Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Fri, 2 Dec 2016 16:41:14 +0000
+Subject: [PATCH] Fix seg-fault in the linker when examining a corrupt binary.
+
+	PR ld/20909
+	* aoutx.h (aout_link_add_symbols): Fix off-by-one error in check
+	for an illegal string offset.
+
+Upstream-Status: Backport
+CVE: CVE-2017-7300
+VER: < 2.27-r0.9.1
+Signed-off-by: Manjunath Matti <mmatti@mvista.com>
+
+---
+ bfd/ChangeLog | 6 ++++++
+ bfd/aoutx.h   | 3 +--
+ 2 files changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/bfd/ChangeLog b/bfd/ChangeLog
+index d061e66..c8085e7 100644
+--- a/bfd/ChangeLog
++++ b/bfd/ChangeLog
+@@ -175,6 +175,12 @@
+        * aoutx.h (find_nearest_line): Handle the case where the function
+        name is empty.
+ 
++2016-12-02  Nick Clifton  <nickc@redhat.com>
++
++	PR ld/20909
++	* aoutx.h (aout_link_add_symbols): Fix off-by-one error in check
++	for an illegal string offset.
++
+ 2016-08-02  Nick Clifton  <nickc@redhat.com>
+ 
+ 	PR ld/17739
+diff --git a/bfd/aoutx.h b/bfd/aoutx.h
+index 4308679..b9ac2b7 100644
+--- a/bfd/aoutx.h
++++ b/bfd/aoutx.h
+@@ -3031,10 +3031,9 @@ aout_link_add_symbols (bfd *abfd, struct bfd_link_info *info)
+ 	continue;
+ 
+       /* PR 19629: Corrupt binaries can contain illegal string offsets.  */
+-      if (GET_WORD (abfd, p->e_strx) > obj_aout_external_string_size (abfd))
++      if (GET_WORD (abfd, p->e_strx) >= obj_aout_external_string_size (abfd))
+ 	return FALSE;
+       name = strings + GET_WORD (abfd, p->e_strx);
+-      
+       value = GET_WORD (abfd, p->e_value);
+       flags = BSF_GLOBAL;
+       string = NULL;
+-- 
+2.9.3
+

meta/recipes-devtools/binutils/binutils/CVE-2017-7301.patch

@@ -0,0 +1,52 @@
+commit daae68f4f372e0618d6b9c64ec0f1f74eae6ab3d
+Author: Nick Clifton <nickc@redhat.com>
+Date:   Mon Dec 5 12:25:34 2016 +0000
+
+    Fix seg-fault in linker parsing a corrupt input file.
+    
+        PR ld/20924
+        (aout_link_add_symbols): Fix off by one error checking for
+        overflow of string offset.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-7301
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog	2017-09-04 15:42:15.244812577 +0530
++++ git/bfd/ChangeLog	2017-09-04 15:51:36.573466525 +0530
+@@ -120,6 +120,10 @@
+        * peicode.h (pe_ILF_object_p): Use strnlen to avoid running over
+        the end of the string buffer.
+ 
++       PR ld/20924
++       (aout_link_add_symbols): Fix off by one error checking for
++       overflow of string offset.
++
+ 2016-12-01  Nick Clifton  <nickc@redhat.com>
+ 
+        PR binutils/20891
+Index: git/bfd/aoutx.h
+===================================================================
+--- git.orig/bfd/aoutx.h	2017-09-04 15:42:15.244812577 +0530
++++ git/bfd/aoutx.h	2017-09-04 15:49:36.500479341 +0530
+@@ -3091,7 +3091,7 @@
+ 	  BFD_ASSERT (p + 1 < pend);
+ 	  ++p;
+ 	  /* PR 19629: Corrupt binaries can contain illegal string offsets.  */
+-	  if (GET_WORD (abfd, p->e_strx) > obj_aout_external_string_size (abfd))
++	  if (GET_WORD (abfd, p->e_strx) >= obj_aout_external_string_size (abfd))
+ 	    return FALSE;
+ 	  string = strings + GET_WORD (abfd, p->e_strx);
+ 	  section = bfd_ind_section_ptr;
+@@ -3127,7 +3127,7 @@
+ 	  ++p;
+ 	  string = name;
+ 	  /* PR 19629: Corrupt binaries can contain illegal string offsets.  */
+-	  if (GET_WORD (abfd, p->e_strx) > obj_aout_external_string_size (abfd))
++	  if (GET_WORD (abfd, p->e_strx) >= obj_aout_external_string_size (abfd))
+ 	    return FALSE;
+ 	  name = strings + GET_WORD (abfd, p->e_strx);
+ 	  section = bfd_und_section_ptr;

meta/recipes-devtools/binutils/binutils/CVE-2017-7302.patch

@@ -0,0 +1,81 @@
+commit e2996cc315d6ea242e1a954dc20246485ccc8512
+Author: Nick Clifton <nickc@redhat.com>
+Date:   Mon Dec 5 14:32:30 2016 +0000
+
+    Fix seg-fault running strip on a corrupt binary.
+    
+        PR binutils/20921
+        * aoutx.h (squirt_out_relocs): Check for and report any relocs
+        that could not be recognised.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-7302
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog	2017-09-04 15:57:38.564419146 +0530
++++ git/bfd/ChangeLog	2017-09-04 16:02:31.994883900 +0530
+@@ -124,6 +124,10 @@
+        (aout_link_add_symbols): Fix off by one error checking for
+        overflow of string offset.
+ 
++       PR binutils/20921
++       * aoutx.h (squirt_out_relocs): Check for and report any relocs
++       that could not be recognised.
++
+ 2016-12-01  Nick Clifton  <nickc@redhat.com>
+ 
+        PR binutils/20891
+Index: git/bfd/aoutx.h
+===================================================================
+--- git.orig/bfd/aoutx.h	2017-09-04 15:57:38.564419146 +0530
++++ git/bfd/aoutx.h	2017-09-04 16:01:08.830188291 +0530
+@@ -1952,6 +1952,7 @@
+ 
+   PUT_WORD (abfd, g->address, natptr->r_address);
+ 
++  BFD_ASSERT (g->howto != NULL);
+   r_length = g->howto->size ;	/* Size as a power of two.  */
+   r_pcrel  = (int) g->howto->pc_relative; /* Relative to PC?  */
+   /* XXX This relies on relocs coming from a.out files.  */
+@@ -2390,16 +2391,34 @@
+       for (natptr = native;
+ 	   count != 0;
+ 	   --count, natptr += each_size, ++generic)
+-	MY_swap_ext_reloc_out (abfd, *generic,
+-			       (struct reloc_ext_external *) natptr);
++	{
++	  if ((*generic)->howto == NULL)
++	    {
++	      bfd_set_error (bfd_error_invalid_operation);
++	      _bfd_error_handler (_("%B: attempt to write out unknown reloc type"), abfd);
++	      return FALSE;
++	    }
++	  MY_swap_ext_reloc_out (abfd, *generic,
++				 (struct reloc_ext_external *) natptr);
++	}
+     }
+   else
+     {
+       for (natptr = native;
+ 	   count != 0;
+ 	   --count, natptr += each_size, ++generic)
+-	MY_swap_std_reloc_out (abfd, *generic,
+-			       (struct reloc_std_external *) natptr);
++	{
++	  /* PR 20921: If the howto field has not been initialised then skip
++	     this reloc.  */
++	  if ((*generic)->howto == NULL)
++	    {
++	      bfd_set_error (bfd_error_invalid_operation);
++	      _bfd_error_handler (_("%B: attempt to write out unknown reloc type"), abfd);
++	      return FALSE;
++	    }
++	  MY_swap_std_reloc_out (abfd, *generic,
++				 (struct reloc_std_external *) natptr);
++	}
+     }
+ 
+   if (bfd_bwrite ((void *) native, natsize, abfd) != natsize)

meta/recipes-devtools/binutils/binutils/CVE-2017-7303.patch

@@ -0,0 +1,55 @@
+commit a55c9876bb111fd301b4762cf501de0040b8f9db
+Author: Nick Clifton <nickc@redhat.com>
+Date:   Mon Dec 5 13:35:50 2016 +0000
+
+    Fix seg-fault attempting to strip a corrupt binary.
+    
+        PR binutils/20922
+        * elf.c (find_link): Check for null headers before attempting to
+        match them.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-7303
+Signed-off-by: Thiruvadi Rajaraman <tarjaraman@mvista.com>
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog	2017-09-04 16:06:08.996688391 +0530
++++ git/bfd/ChangeLog	2017-09-04 16:09:26.810320541 +0530
+@@ -124,6 +124,10 @@
+        (aout_link_add_symbols): Fix off by one error checking for
+        overflow of string offset.
+ 
++       PR binutils/20922
++       * elf.c (find_link): Check for null headers before attempting to
++       match them.
++
+        PR binutils/20921
+        * aoutx.h (squirt_out_relocs): Check for and report any relocs
+        that could not be recognised.
+Index: git/bfd/elf.c
+===================================================================
+--- git.orig/bfd/elf.c	2017-09-04 16:05:55.612577527 +0530
++++ git/bfd/elf.c	2017-09-04 16:08:35.709900050 +0530
+@@ -1249,13 +1249,19 @@
+   Elf_Internal_Shdr ** oheaders = elf_elfsections (obfd);
+   unsigned int i;
+ 
+-  if (section_match (oheaders[hint], iheader))
++  BFD_ASSERT (iheader != NULL);
++
++  /* See PR 20922 for a reproducer of the NULL test.  */
++  if (oheaders[hint] != NULL
++      && section_match (oheaders[hint], iheader))
+     return hint;
+ 
+   for (i = 1; i < elf_numsections (obfd); i++)
+     {
+       Elf_Internal_Shdr * oheader = oheaders[i];
+ 
++      if (oheader == NULL)
++	continue;
+       if (section_match (oheader, iheader))
+ 	/* FIXME: Do we care if there is a potential for
+ 	   multiple matches ?  */

meta/recipes-devtools/binutils/binutils/CVE-2017-7304.patch

@@ -0,0 +1,53 @@
+commit 4f3ca05b487e9755018b4c9a053a2e6c35d8a7df
+Author: Nick Clifton <nickc@redhat.com>
+Date:   Tue Dec 6 16:53:57 2016 +0000
+
+    Fix seg-fault in strip when copying a corrupt binary.
+    
+        PR binutils/20931
+        * elf.c (copy_special_section_fields): Check for an invalid
+        sh_link field before attempting to follow it.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-7304
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog	2017-09-04 16:13:03.512095249 +0530
++++ git/bfd/ChangeLog	2017-09-04 16:16:25.173745111 +0530
+@@ -114,6 +114,12 @@
+        (bfd_elf_final_link): Only initialize the extended symbol index
+        section if there are extended symbol tables to list.
+ 
++ 2016-12-06  Nick Clifton  <nickc@redhat.com>
++ 
++       PR binutils/20931
++       * elf.c (copy_special_section_fields): Check for an invalid
++       sh_link field before attempting to follow it.
++
+ 2016-12-05  Nick Clifton  <nickc@redhat.com>
+  
+        PR binutils/20905
+Index: git/bfd/elf.c
+===================================================================
+--- git.orig/bfd/elf.c	2017-09-04 16:13:03.512095249 +0530
++++ git/bfd/elf.c	2017-09-04 16:15:38.257359045 +0530
+@@ -1324,6 +1324,16 @@
+      in the input bfd.  */
+   if (iheader->sh_link != SHN_UNDEF)
+     {
++      /* See PR 20931 for a reproducer.  */
++      if (iheader->sh_link >= elf_numsections (ibfd))
++	{
++	  (* _bfd_error_handler)
++	    /* xgettext:c-format */
++	    (_("%B: Invalid sh_link field (%d) in section number %d"),
++	     ibfd, iheader->sh_link, secnum);
++	  return FALSE;
++	}
++
+       sh_link = find_link (obfd, iheaders[iheader->sh_link], iheader->sh_link);
+       if (sh_link != SHN_UNDEF)
+ 	{

meta/recipes-devtools/binutils/binutils/CVE-2017-7614.patch

@@ -0,0 +1,105 @@
+From ad32986fdf9da1c8748e47b8b45100398223dba8 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 4 Apr 2017 11:23:36 +0100
+Subject: [PATCH] Fix null pointer dereferences when using a link built with
+ clang.
+
+	PR binutils/21342
+	* elflink.c (_bfd_elf_define_linkage_sym): Prevent null pointer
+	dereference.
+	(bfd_elf_final_link): Only initialize the extended symbol index
+	section if there are extended symbol tables to list.
+
+Upstream-Status: Backport
+https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ad32986fdf9da1c8748e47b8b45100398223dba8
+
+CVE: CVE-2017-7614
+
+Singed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/elflink.c | 35 +++++++++++++++++++++--------------
+ 2 files changed, 29 insertions(+), 14 deletions(-)
+
+Index: git/bfd/elflink.c
+===================================================================
+--- git.orig/bfd/elflink.c
++++ git/bfd/elflink.c
+@@ -118,15 +118,18 @@ _bfd_elf_define_linkage_sym (bfd *abfd,
+ 	 defined in shared libraries can't be overridden, because we
+ 	 lose the link to the bfd which is via the symbol section.  */
+       h->root.type = bfd_link_hash_new;
++      bh = &h->root;
+     }
++  else
++    bh = NULL;
+ 
+-  bh = &h->root;
+   bed = get_elf_backend_data (abfd);
+   if (!_bfd_generic_link_add_one_symbol (info, abfd, name, BSF_GLOBAL,
+ 					 sec, 0, NULL, FALSE, bed->collect,
+ 					 &bh))
+     return NULL;
+   h = (struct elf_link_hash_entry *) bh;
++  BFD_ASSERT (h != NULL);
+   h->def_regular = 1;
+   h->non_elf = 0;
+   h->root.linker_def = 1;
+@@ -11789,24 +11792,28 @@ bfd_elf_final_link (bfd *abfd, struct bf
+     {
+       /* Finish up and write out the symbol string table (.strtab)
+ 	 section.  */
+-      Elf_Internal_Shdr *symstrtab_hdr;
++      Elf_Internal_Shdr *symstrtab_hdr = NULL;
+       file_ptr off = symtab_hdr->sh_offset + symtab_hdr->sh_size;
+ 
+-      symtab_shndx_hdr = & elf_symtab_shndx_list (abfd)->hdr;
+-      if (symtab_shndx_hdr != NULL && symtab_shndx_hdr->sh_name != 0)
++      if (elf_symtab_shndx_list (abfd))
+ 	{
+-	  symtab_shndx_hdr->sh_type = SHT_SYMTAB_SHNDX;
+-	  symtab_shndx_hdr->sh_entsize = sizeof (Elf_External_Sym_Shndx);
+-	  symtab_shndx_hdr->sh_addralign = sizeof (Elf_External_Sym_Shndx);
+-	  amt = bfd_get_symcount (abfd) * sizeof (Elf_External_Sym_Shndx);
+-	  symtab_shndx_hdr->sh_size = amt;
++	  symtab_shndx_hdr = & elf_symtab_shndx_list (abfd)->hdr;
+ 
+-	  off = _bfd_elf_assign_file_position_for_section (symtab_shndx_hdr,
+-							   off, TRUE);
++	  if (symtab_shndx_hdr != NULL && symtab_shndx_hdr->sh_name != 0)
++	    {
++	      symtab_shndx_hdr->sh_type = SHT_SYMTAB_SHNDX;
++	      symtab_shndx_hdr->sh_entsize = sizeof (Elf_External_Sym_Shndx);
++	      symtab_shndx_hdr->sh_addralign = sizeof (Elf_External_Sym_Shndx);
++	      amt = bfd_get_symcount (abfd) * sizeof (Elf_External_Sym_Shndx);
++	      symtab_shndx_hdr->sh_size = amt;
+ 
+-	  if (bfd_seek (abfd, symtab_shndx_hdr->sh_offset, SEEK_SET) != 0
+-	      || (bfd_bwrite (flinfo.symshndxbuf, amt, abfd) != amt))
+-	    return FALSE;
++	      off = _bfd_elf_assign_file_position_for_section (symtab_shndx_hdr,
++							       off, TRUE);
++
++	      if (bfd_seek (abfd, symtab_shndx_hdr->sh_offset, SEEK_SET) != 0
++		  || (bfd_bwrite (flinfo.symshndxbuf, amt, abfd) != amt))
++		return FALSE;
++	    }
+ 	}
+ 
+       symstrtab_hdr = &elf_tdata (abfd)->strtab_hdr;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,11 @@
++2017-04-04  Nick Clifton  <nickc@redhat.com>
++
++       PR binutils/21342
++       * elflink.c (_bfd_elf_define_linkage_sym): Prevent null pointer
++       dereference.
++       (bfd_elf_final_link): Only initialize the extended symbol index
++       section if there are extended symbol tables to list.
++
+ 2016-08-02  Nick Clifton  <nickc@redhat.com>
+ 
+ 	PR ld/17739

meta/recipes-devtools/binutils/binutils/CVE-2017-8393.patch

@@ -0,0 +1,201 @@
+commit bce964aa6c777d236fbd641f2bc7bb931cfe4bf3
+Author: Alan Modra <amodra@gmail.com>
+Date:   Sun Apr 23 11:03:34 2017 +0930
+
+    PR 21412, get_reloc_section assumes .rel/.rela name for SHT_REL/RELA.
+    
+    This patch fixes an assumption made by code that runs for objcopy and
+    strip, that SHT_REL/SHR_RELA sections are always named starting with a
+    .rel/.rela prefix.  I'm also modifying the interface for
+    elf_backend_get_reloc_section, so any backend function just needs to
+    handle name mapping.
+    
+    	PR 21412
+    	* elf-bfd.h (struct elf_backend_data <get_reloc_section>): Change
+    	parameters and comment.
+    	(_bfd_elf_get_reloc_section): Delete.
+    	(_bfd_elf_plt_get_reloc_section): Declare.
+    	* elf.c (_bfd_elf_plt_get_reloc_section, elf_get_reloc_section):
+    	New functions.  Don't blindly skip over assumed .rel/.rela prefix.
+    	Extracted from..
+    	(_bfd_elf_get_reloc_section): ..here.  Delete.
+    	(assign_section_numbers): Call elf_get_reloc_section.
+    	* elf64-ppc.c (elf_backend_get_reloc_section): Define.
+    	* elfxx-target.h (elf_backend_get_reloc_section): Update.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-8393
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/elf-bfd.h
+===================================================================
+--- git.orig/bfd/elf-bfd.h	2017-09-04 17:43:22.156623008 +0530
++++ git/bfd/elf-bfd.h	2017-09-04 17:43:33.836716941 +0530
+@@ -1298,8 +1298,10 @@
+   bfd_size_type (*maybe_function_sym) (const asymbol *sym, asection *sec,
+ 				       bfd_vma *code_off);
+ 
+-  /* Return the section which RELOC_SEC applies to.  */
+-  asection *(*get_reloc_section) (asection *reloc_sec);
++  /* Given NAME, the name of a relocation section stripped of its
++     .rel/.rela prefix, return the section in ABFD to which the
++     relocations apply.  */
++  asection *(*get_reloc_section) (bfd *abfd, const char *name);
+ 
+   /* Called to set the sh_flags, sh_link and sh_info fields of OSECTION which
+      has a type >= SHT_LOOS.  Returns TRUE if the fields were initialised,
+@@ -2358,7 +2360,7 @@
+ extern bfd_size_type _bfd_elf_maybe_function_sym (const asymbol *, asection *,
+ 						  bfd_vma *);
+ 
+-extern asection *_bfd_elf_get_reloc_section (asection *);
++extern asection *_bfd_elf_plt_get_reloc_section (bfd *, const char *);
+ 
+ extern int bfd_elf_get_default_section_type (flagword);
+ 
+Index: git/bfd/elf.c
+===================================================================
+--- git.orig/bfd/elf.c	2017-09-04 17:43:33.780716491 +0530
++++ git/bfd/elf.c	2017-09-04 17:43:33.836716941 +0530
+@@ -3493,17 +3493,39 @@
+   H_PUT_32 (abfd, sec->flags & SEC_LINK_ONCE ? GRP_COMDAT : 0, loc);
+ }
+ 
+-/* Return the section which RELOC_SEC applies to.  */
++/* Given NAME, the name of a relocation section stripped of its
++   .rel/.rela prefix, return the section in ABFD to which the
++   relocations apply.  */
+ 
+ asection *
+-_bfd_elf_get_reloc_section (asection *reloc_sec)
++_bfd_elf_plt_get_reloc_section (bfd *abfd, const char *name)
++{
++  /* If a target needs .got.plt section, relocations in rela.plt/rel.plt
++     section likely apply to .got.plt or .got section.  */
++  if (get_elf_backend_data (abfd)->want_got_plt
++      && strcmp (name, ".plt") == 0)
++    {
++      asection *sec;
++
++      name = ".got.plt";
++      sec = bfd_get_section_by_name (abfd, name);
++      if (sec != NULL)
++	return sec;
++      name = ".got";
++    }
++
++  return bfd_get_section_by_name (abfd, name);
++}
++
++/* Return the section to which RELOC_SEC applies.  */
++
++static asection *
++elf_get_reloc_section (asection *reloc_sec)
+ {
+   const char *name;
+   unsigned int type;
+   bfd *abfd;
+-
+-  if (reloc_sec == NULL)
+-    return NULL;
++  const struct elf_backend_data *bed;
+ 
+   type = elf_section_data (reloc_sec)->this_hdr.sh_type;
+   if (type != SHT_REL && type != SHT_RELA)
+@@ -3511,28 +3533,15 @@
+ 
+   /* We look up the section the relocs apply to by name.  */
+   name = reloc_sec->name;
+-  if (type == SHT_REL)
+-    name += 4;
+-  else
+-    name += 5;
++  if (strncmp (name, ".rel", 4) != 0)
++    return NULL;
++  name += 4;
++  if (type == SHT_RELA && *name++ != 'a')
++    return NULL;
+ 
+-  /* If a target needs .got.plt section, relocations in rela.plt/rel.plt
+-     section apply to .got.plt section.  */
+   abfd = reloc_sec->owner;
+-  if (get_elf_backend_data (abfd)->want_got_plt
+-      && strcmp (name, ".plt") == 0)
+-    {
+-      /* .got.plt is a linker created input section.  It may be mapped
+-	 to some other output section.  Try two likely sections.  */
+-      name = ".got.plt";
+-      reloc_sec = bfd_get_section_by_name (abfd, name);
+-      if (reloc_sec != NULL)
+-	return reloc_sec;
+-      name = ".got";
+-    }
+-
+-  reloc_sec = bfd_get_section_by_name (abfd, name);
+-  return reloc_sec;
++  bed = get_elf_backend_data (abfd);
++  return bed->get_reloc_section (abfd, name);
+ }
+ 
+ /* Assign all ELF section numbers.  The dummy first section is handled here
+@@ -3790,7 +3799,7 @@
+ 	  if (s != NULL)
+ 	    d->this_hdr.sh_link = elf_section_data (s)->this_idx;
+ 
+-	  s = get_elf_backend_data (abfd)->get_reloc_section (sec);
++	  s = elf_get_reloc_section (sec);
+ 	  if (s != NULL)
+ 	    {
+ 	      d->this_hdr.sh_info = elf_section_data (s)->this_idx;
+Index: git/bfd/elfxx-target.h
+===================================================================
+--- git.orig/bfd/elfxx-target.h	2017-09-04 17:43:22.216623490 +0530
++++ git/bfd/elfxx-target.h	2017-09-04 17:43:33.836716941 +0530
+@@ -686,7 +686,7 @@
+ #endif
+ 
+ #ifndef elf_backend_get_reloc_section
+-#define elf_backend_get_reloc_section _bfd_elf_get_reloc_section
++#define elf_backend_get_reloc_section _bfd_elf_plt_get_reloc_section
+ #endif
+ 
+ #ifndef elf_backend_copy_special_section_fields
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog	2017-09-04 17:43:33.780716491 +0530
++++ git/bfd/ChangeLog	2017-09-04 17:45:58.349944078 +0530
+@@ -82,6 +82,21 @@
+  
+        * readelf.c (process_mips_specific): Remove null GOT data check.
+ 
++2017-04-23  Alan Modra  <amodra@gmail.com>
++ 
++       PR 21412
++       * elf-bfd.h (struct elf_backend_data <get_reloc_section>): Change
++       parameters and comment.
++       (_bfd_elf_get_reloc_section): Delete.
++       (_bfd_elf_plt_get_reloc_section): Declare.
++       * elf.c (_bfd_elf_plt_get_reloc_section, elf_get_reloc_section):
++       New functions.  Don't blindly skip over assumed .rel/.rela prefix.
++       Extracted from..
++       (_bfd_elf_get_reloc_section): ..here.  Delete.
++       (assign_section_numbers): Call elf_get_reloc_section.
++       * elf64-ppc.c (elf_backend_get_reloc_section): Define.
++       * elfxx-target.h (elf_backend_get_reloc_section): Update.
++
+ 2017-04-13  Nick Clifton  <nickc@redhat.com>
+  
+        PR binutils/21379
+Index: git/bfd/elf64-ppc.c
+===================================================================
+--- git.orig/bfd/elf64-ppc.c	2017-09-04 17:43:22.200623362 +0530
++++ git/bfd/elf64-ppc.c	2017-09-04 17:47:04.458511122 +0530
+@@ -117,6 +117,7 @@
+ #define elf_backend_link_output_symbol_hook   ppc64_elf_output_symbol_hook
+ #define elf_backend_special_sections	      ppc64_elf_special_sections
+ #define elf_backend_merge_symbol_attribute    ppc64_elf_merge_symbol_attribute
++#define elf_backend_get_reloc_section        bfd_get_section_by_name
+ 
+ /* The name of the dynamic interpreter.  This is put in the .interp
+    section.  */

meta/recipes-devtools/binutils/binutils/CVE-2017-8394.patch

@@ -0,0 +1,114 @@
+commit 7eacd66b086cabb1daab20890d5481894d4f56b2
+Author: Alan Modra <amodra@gmail.com>
+Date:   Sun Apr 23 15:21:11 2017 +0930
+
+    PR 21414, null pointer deref of _bfd_elf_large_com_section sym
+    
+    	PR 21414
+    	* section.c (GLOBAL_SYM_INIT): Make available in bfd.h.
+    	* elf.c (lcomm_sym): New.
+    	(_bfd_elf_large_com_section): Use lcomm_sym section symbol.
+    	* bfd-in2.h: Regenerate.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-8394
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/bfd-in2.h
+===================================================================
+--- git.orig/bfd/bfd-in2.h	2017-09-20 12:54:44.847475928 +0530
++++ git/bfd/bfd-in2.h	2017-09-20 12:54:44.903476171 +0530
+@@ -1805,6 +1805,18 @@
+      { NULL }, { NULL }                                                \
+     }
+ 
++/* We use a macro to initialize the static asymbol structures because
++   traditional C does not permit us to initialize a union member while
++   gcc warns if we don't initialize it.
++   the_bfd, name, value, attr, section [, udata]  */
++#ifdef __STDC__
++#define GLOBAL_SYM_INIT(NAME, SECTION) \
++  { 0, NAME, 0, BSF_SECTION_SYM, SECTION, { 0 }}
++#else
++#define GLOBAL_SYM_INIT(NAME, SECTION) \
++  { 0, NAME, 0, BSF_SECTION_SYM, SECTION }
++#endif
++
+ void bfd_section_list_clear (bfd *);
+ 
+ asection *bfd_get_section_by_name (bfd *abfd, const char *name);
+Index: git/bfd/section.c
+===================================================================
+--- git.orig/bfd/section.c	2017-09-20 12:54:44.847475928 +0530
++++ git/bfd/section.c	2017-09-20 12:54:44.903476171 +0530
+@@ -738,20 +738,20 @@
+ .     { NULL }, { NULL }						\
+ .    }
+ .
++.{* We use a macro to initialize the static asymbol structures because
++.   traditional C does not permit us to initialize a union member while
++.   gcc warns if we don't initialize it.
++.   the_bfd, name, value, attr, section [, udata]  *}
++.#ifdef __STDC__
++.#define GLOBAL_SYM_INIT(NAME, SECTION) \
++.  { 0, NAME, 0, BSF_SECTION_SYM, SECTION, { 0 }}
++.#else
++.#define GLOBAL_SYM_INIT(NAME, SECTION) \
++.  { 0, NAME, 0, BSF_SECTION_SYM, SECTION }
++.#endif
++.
+ */
+ 
+-/* We use a macro to initialize the static asymbol structures because
+-   traditional C does not permit us to initialize a union member while
+-   gcc warns if we don't initialize it.  */
+- /* the_bfd, name, value, attr, section [, udata] */
+-#ifdef __STDC__
+-#define GLOBAL_SYM_INIT(NAME, SECTION) \
+-  { 0, NAME, 0, BSF_SECTION_SYM, SECTION, { 0 }}
+-#else
+-#define GLOBAL_SYM_INIT(NAME, SECTION) \
+-  { 0, NAME, 0, BSF_SECTION_SYM, SECTION }
+-#endif
+-
+ /* These symbols are global, not specific to any BFD.  Therefore, anything
+    that tries to change them is broken, and should be repaired.  */
+ 
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog	2017-09-20 12:54:44.735475444 +0530
++++ git/bfd/ChangeLog	2017-09-20 12:54:44.903476171 +0530
+@@ -102,6 +102,14 @@
+        * readelf.c (process_mips_specific): Remove null GOT data check.
+ 
+ 2017-04-23  Alan Modra  <amodra@gmail.com>
++
++	PR 21414
++	* section.c (GLOBAL_SYM_INIT): Make available in bfd.h.
++	* elf.c (lcomm_sym): New.
++	(_bfd_elf_large_com_section): Use lcomm_sym section symbol.
++	* bfd-in2.h: Regenerate.
++
++2017-04-23  Alan Modra  <amodra@gmail.com>
+  
+        PR 21412
+        * elf-bfd.h (struct elf_backend_data <get_reloc_section>): Change
+Index: git/bfd/elf.c
+===================================================================
+--- git.orig/bfd/elf.c	2017-09-20 12:54:44.847475928 +0530
++++ git/bfd/elf.c	2017-09-20 13:00:22.636091768 +0530
+@@ -10986,9 +10986,11 @@
+ 
+ /* It is only used by x86-64 so far.
+    ??? This repeats *COM* id of zero.  sec->id is supposed to be unique,
+-   but current usage would allow all of _bfd_std_section to be zero.  t*/
++   but current usage would allow all of _bfd_std_section to be zero.  */
++static const asymbol lcomm_sym
++  = GLOBAL_SYM_INIT ("LARGE_COMMON", &_bfd_elf_large_com_section);
+ asection _bfd_elf_large_com_section
+-  = BFD_FAKE_SECTION (_bfd_elf_large_com_section, NULL,
++  = BFD_FAKE_SECTION (_bfd_elf_large_com_section, &lcomm_sym,
+ 		      "LARGE_COMMON", 0, SEC_IS_COMMON);
+ 
+ void

meta/recipes-devtools/binutils/binutils/CVE-2017-8394_1.patch

@@ -0,0 +1,80 @@
+commit 821e6ff6299aa39e841ca50e1ae8a98e3554fd5f
+Author: Alan Modra <amodra@gmail.com>
+Date:   Wed Oct 12 09:41:33 2016 +1030
+
+    BFD_FAKE_SECTION macro params
+    
+    Order NAME, IDX, FLAGS as per STD_SECTION macro.
+    
+    	* section.c (BFD_FAKE_SECTION): Reorder parameters.  Formatting.
+    	(STD_SECTION): Adjust to suit.
+    	* elf.c (_bfd_elf_large_com_section): Likewise.
+    	* bfd-in2.h: Regenerate.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-8394
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+
+Index: git/bfd/bfd-in2.h
+===================================================================
+--- git.orig/bfd/bfd-in2.h	2017-09-20 12:54:42.423465338 +0530
++++ git/bfd/bfd-in2.h	2017-09-20 13:02:48.000000000 +0530
+@@ -1767,9 +1767,9 @@
+ #define bfd_section_removed_from_list(ABFD, S) \
+   ((S)->next == NULL ? (ABFD)->section_last != (S) : (S)->next->prev != (S))
+ 
+-#define BFD_FAKE_SECTION(SEC, FLAGS, SYM, NAME, IDX)                   \
++#define BFD_FAKE_SECTION(SEC, SYM, NAME, IDX, FLAGS)                   \
+   /* name, id,  index, next, prev, flags, user_set_vma,            */  \
+-  { NAME,  IDX, 0,     NULL, NULL, FLAGS, 0,                           \
++  {  NAME, IDX, 0,     NULL, NULL, FLAGS, 0,                           \
+                                                                        \
+   /* linker_mark, linker_has_input, gc_mark, decompress_status,    */  \
+      0,           0,                1,       0,                        \
+Index: git/bfd/elf.c
+===================================================================
+--- git.orig/bfd/elf.c	2017-09-20 12:54:44.503474440 +0530
++++ git/bfd/elf.c	2017-09-20 13:02:48.000000000 +0530
+@@ -10984,10 +10984,12 @@
+   return n;
+ }
+ 
+-/* It is only used by x86-64 so far.  */
++/* It is only used by x86-64 so far.
++   ??? This repeats *COM* id of zero.  sec->id is supposed to be unique,
++   but current usage would allow all of _bfd_std_section to be zero.  t*/
+ asection _bfd_elf_large_com_section
+-  = BFD_FAKE_SECTION (_bfd_elf_large_com_section,
+-		      SEC_IS_COMMON, NULL, "LARGE_COMMON", 0);
++  = BFD_FAKE_SECTION (_bfd_elf_large_com_section, NULL,
++		      "LARGE_COMMON", 0, SEC_IS_COMMON);
+ 
+ void
+ _bfd_elf_post_process_headers (bfd * abfd,
+Index: git/bfd/section.c
+===================================================================
+--- git.orig/bfd/section.c	2017-09-20 12:54:43.815471454 +0530
++++ git/bfd/section.c	2017-09-20 13:02:48.000000000 +0530
+@@ -700,9 +700,9 @@
+ .#define bfd_section_removed_from_list(ABFD, S) \
+ .  ((S)->next == NULL ? (ABFD)->section_last != (S) : (S)->next->prev != (S))
+ .
+-.#define BFD_FAKE_SECTION(SEC, FLAGS, SYM, NAME, IDX)			\
++.#define BFD_FAKE_SECTION(SEC, SYM, NAME, IDX, FLAGS)			\
+ .  {* name, id,  index, next, prev, flags, user_set_vma,            *}	\
+-.  { NAME,  IDX, 0,     NULL, NULL, FLAGS, 0,				\
++.  {  NAME, IDX, 0,     NULL, NULL, FLAGS, 0,				\
+ .									\
+ .  {* linker_mark, linker_has_input, gc_mark, decompress_status,    *}	\
+ .     0,           0,                1,       0,			\
+@@ -764,7 +764,7 @@
+ };
+ 
+ #define STD_SECTION(NAME, IDX, FLAGS) \
+-  BFD_FAKE_SECTION(_bfd_std_section[IDX], FLAGS, &global_syms[IDX], NAME, IDX)
++  BFD_FAKE_SECTION(_bfd_std_section[IDX], &global_syms[IDX], NAME, IDX, FLAGS)
+ 
+ asection _bfd_std_section[] = {
+   STD_SECTION (BFD_COM_SECTION_NAME, 0, SEC_IS_COMMON),

meta/recipes-devtools/binutils/binutils/CVE-2017-8395.patch

@@ -0,0 +1,72 @@
+commit e63d123268f23a4cbc45ee55fb6dbc7d84729da3
+Author: Nick Clifton <nickc@redhat.com>
+Date:   Wed Apr 26 13:07:49 2017 +0100
+
+    Fix seg-fault attempting to compress a debug section in a corrupt binary.
+    
+    	PR binutils/21431
+    	* compress.c (bfd_init_section_compress_status): Check the return
+    	value from bfd_malloc.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-8395
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/compress.c
+===================================================================
+--- git.orig/bfd/compress.c	2017-09-04 17:55:00.546577566 +0530
++++ git/bfd/compress.c	2017-09-04 17:55:10.770664577 +0530
+@@ -534,7 +534,6 @@
+ {
+   bfd_size_type uncompressed_size;
+   bfd_byte *uncompressed_buffer;
+-  bfd_boolean ret;
+ 
+   /* Error if not opened for read.  */
+   if (abfd->direction != read_direction
+@@ -550,18 +549,18 @@
+   /* Read in the full section contents and compress it.  */
+   uncompressed_size = sec->size;
+   uncompressed_buffer = (bfd_byte *) bfd_malloc (uncompressed_size);
++  /* PR 21431 */
++  if (uncompressed_buffer == NULL)
++    return FALSE;
++
+   if (!bfd_get_section_contents (abfd, sec, uncompressed_buffer,
+ 				 0, uncompressed_size))
+-    ret = FALSE;
+-  else
+-    {
+-      uncompressed_size = bfd_compress_section_contents (abfd, sec,
+-							 uncompressed_buffer,
+-							 uncompressed_size);
+-      ret = uncompressed_size != 0;
+-    }
++    return FALSE;
+ 
+-  return ret;
++  uncompressed_size = bfd_compress_section_contents (abfd, sec,
++						     uncompressed_buffer,
++						     uncompressed_size);
++  return uncompressed_size != 0;
+ }
+ 
+ /*
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog	2017-09-04 17:55:10.714664101 +0530
++++ git/bfd/ChangeLog	2017-09-04 17:56:40.991431847 +0530
+@@ -73,6 +73,12 @@
+        (evax_bfd_print_egsd): Check for an overlarge record length.
+        (evax_bfd_print_etir): Likewise.
+ 
++2017-04-26  Nick Clifton  <nickc@redhat.com>
++
++       PR binutils/21431
++       * compress.c (bfd_init_section_compress_status): Check the return
++       value from bfd_malloc.
++
+ 2017-04-25  Maciej W. Rozycki  <macro@imgtec.com>
+ 
+        * readelf.c (process_mips_specific): Remove error reporting from

meta/recipes-devtools/binutils/binutils/CVE-2017-8396.patch

@@ -0,0 +1,102 @@
+commit a941291cab71b9ac356e1c03968c177c03e602ab
+Author: Alan Modra <amodra@gmail.com>
+Date:   Sat Apr 29 14:48:16 2017 +0930
+
+    PR21432, buffer overflow in perform_relocation
+    
+    The existing reloc offset range tests didn't catch small negative
+    offsets less than the size of the reloc field.
+    
+    	PR 21432
+    	* reloc.c (reloc_offset_in_range): New function.
+    	(bfd_perform_relocation, bfd_install_relocation): Use it.
+    	(_bfd_final_link_relocate): Likewise.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-8396
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/reloc.c
+===================================================================
+--- git.orig/bfd/reloc.c	2017-09-05 18:12:07.448886623 +0530
++++ git/bfd/reloc.c	2017-09-05 18:12:07.564887511 +0530
+@@ -538,6 +538,22 @@
+   return flag;
+ }
+ 
++/* HOWTO describes a relocation, at offset OCTET.  Return whether the
++   relocation field is within SECTION of ABFD.  */
++
++static bfd_boolean
++reloc_offset_in_range (reloc_howto_type *howto, bfd *abfd,
++		       asection *section, bfd_size_type octet)
++{
++  bfd_size_type octet_end = bfd_get_section_limit_octets (abfd, section);
++  bfd_size_type reloc_size = bfd_get_reloc_size (howto);
++
++  /* The reloc field must be contained entirely within the section.
++     Allow zero length fields (marker relocs or NONE relocs where no
++     relocation will be performed) at the end of the section.  */
++  return octet <= octet_end && octet + reloc_size <= octet_end;
++}
++
+ /*
+ FUNCTION
+ 	bfd_perform_relocation
+@@ -618,15 +634,9 @@
+ 	return cont;
+     }
+ 
+-  /* Is the address of the relocation really within the section?
+-     Include the size of the reloc in the test for out of range addresses.
+-     PR 17512: file: c146ab8b, 46dff27f, 38e53ebf.  */
++  /* Is the address of the relocation really within the section?  */
+   octets = reloc_entry->address * bfd_octets_per_byte (abfd);
+-  if (octets + bfd_get_reloc_size (howto)
+-      > bfd_get_section_limit_octets (abfd, input_section)
+-      /* Check for an overly large offset which
+-	 masquerades as a negative value too.  */
+-      || (octets + bfd_get_reloc_size (howto) < bfd_get_reloc_size (howto)))
++  if (!reloc_offset_in_range (howto, abfd, input_section, octets))
+     return bfd_reloc_outofrange;
+ 
+   /* Work out which section the relocation is targeted at and the
+@@ -1010,8 +1020,7 @@
+ 
+   /* Is the address of the relocation really within the section?  */
+   octets = reloc_entry->address * bfd_octets_per_byte (abfd);
+-  if (octets + bfd_get_reloc_size (howto)
+-      > bfd_get_section_limit_octets (abfd, input_section))
++  if (!reloc_offset_in_range (howto, abfd, input_section, octets))
+     return bfd_reloc_outofrange;
+ 
+   /* Work out which section the relocation is targeted at and the
+@@ -1349,8 +1358,7 @@
+   bfd_size_type octets = address * bfd_octets_per_byte (input_bfd);
+ 
+   /* Sanity check the address.  */
+-  if (octets + bfd_get_reloc_size (howto)
+-      > bfd_get_section_limit_octets (input_bfd, input_section))
++  if (!reloc_offset_in_range (howto, input_bfd, input_section, octets))
+     return bfd_reloc_outofrange;
+ 
+   /* This function assumes that we are dealing with a basic relocation
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog	2017-09-05 18:12:07.448886623 +0530
++++ git/bfd/ChangeLog	2017-09-05 18:13:46.745645897 +0530
+@@ -73,6 +73,13 @@
+        (evax_bfd_print_egsd): Check for an overlarge record length.
+        (evax_bfd_print_etir): Likewise.
+ 
++2017-04-29  Alan Modra  <amodra@gmail.com>
++
++       PR 21432
++       * reloc.c (reloc_offset_in_range): New function.
++       (bfd_perform_relocation, bfd_install_relocation): Use it.
++       (_bfd_final_link_relocate): Likewise.
++
+ 2017-04-26  Nick Clifton  <nickc@redhat.com>
+ 
+        PR binutils/21434

meta/recipes-devtools/binutils/binutils/CVE-2017-8397.patch

@@ -0,0 +1,50 @@
+commit 04b31182bf3f8a1a76e995bdfaaaab4c009b9cb2
+Author: Nick Clifton <nickc@redhat.com>
+Date:   Wed Apr 26 16:30:22 2017 +0100
+
+    Fix a seg-fault when processing a corrupt binary containing reloc(s) with negative addresses.
+    
+    	PR binutils/21434
+    	* reloc.c (bfd_perform_relocation): Check for a negative address
+    	in the reloc.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-8397
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+
+
+Index: git/bfd/reloc.c
+===================================================================
+--- git.orig/bfd/reloc.c	2017-09-04 18:06:00.651987605 +0530
++++ git/bfd/reloc.c	2017-09-04 18:06:10.740066291 +0530
+@@ -623,7 +623,10 @@
+      PR 17512: file: c146ab8b, 46dff27f, 38e53ebf.  */
+   octets = reloc_entry->address * bfd_octets_per_byte (abfd);
+   if (octets + bfd_get_reloc_size (howto)
+-      > bfd_get_section_limit_octets (abfd, input_section))
++      > bfd_get_section_limit_octets (abfd, input_section)
++      /* Check for an overly large offset which
++	 masquerades as a negative value too.  */
++      || (octets + bfd_get_reloc_size (howto) < bfd_get_reloc_size (howto)))
+     return bfd_reloc_outofrange;
+ 
+   /* Work out which section the relocation is targeted at and the
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog	2017-09-04 18:06:10.684065855 +0530
++++ git/bfd/ChangeLog	2017-09-04 18:08:33.845183050 +0530
+@@ -75,6 +75,12 @@
+ 
+ 2017-04-26  Nick Clifton  <nickc@redhat.com>
+ 
++       PR binutils/21434
++       * reloc.c (bfd_perform_relocation): Check for a negative address
++       in the reloc.
++
++2017-04-26  Nick Clifton  <nickc@redhat.com>
++
+        PR binutils/21431
+        * compress.c (bfd_init_section_compress_status): Check the return
+        value from bfd_malloc.

meta/recipes-devtools/binutils/binutils/CVE-2017-8398.patch

@@ -0,0 +1,147 @@
+commit d949ff5607b9f595e0eed2ff15fbe5eb84eb3a34
+Author: Nick Clifton <nickc@redhat.com>
+Date:   Fri Apr 28 10:28:04 2017 +0100
+
+    Fix heap-buffer overflow bugs caused when dumping debug information from a corrupt binary.
+    
+    	PR binutils/21438
+    	* dwarf.c (process_extended_line_op): Do not assume that the
+    	string extracted from the section is NUL terminated.
+    	(fetch_indirect_string): If the string retrieved from the section
+    	is not NUL terminated, return an error message.
+    	(fetch_indirect_line_string): Likewise.
+    	(fetch_indexed_string): Likewise.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-8398
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/binutils/dwarf.c
+===================================================================
+--- git.orig/binutils/dwarf.c	2017-09-20 13:40:17.148898512 +0530
++++ git/binutils/dwarf.c	2017-09-20 13:45:17.564730907 +0530
+@@ -472,15 +472,20 @@
+       printf (_("  Entry\tDir\tTime\tSize\tName\n"));
+       printf ("   %d\t", ++state_machine_regs.last_file_entry);
+ 
+-      name = data;
+-      data += strnlen ((char *) data, end - data) + 1;
+-      printf ("%s\t", dwarf_vmatoa ("u", read_uleb128 (data, & bytes_read, end)));
+-      data += bytes_read;
+-      printf ("%s\t", dwarf_vmatoa ("u", read_uleb128 (data, & bytes_read, end)));
+-      data += bytes_read;
+-      printf ("%s\t", dwarf_vmatoa ("u", read_uleb128 (data, & bytes_read, end)));
+-      data += bytes_read;
+-      printf ("%s\n\n", name);
++      {
++	size_t l;
++
++	name = data;
++	l = strnlen ((char *) data, end - data);
++	data += len + 1;
++	printf ("%s\t", dwarf_vmatoa ("u", read_uleb128 (data, & bytes_read, end)));
++	data += bytes_read;
++	printf ("%s\t", dwarf_vmatoa ("u", read_uleb128 (data, & bytes_read, end)));
++	data += bytes_read;
++	printf ("%s\t", dwarf_vmatoa ("u", read_uleb128 (data, & bytes_read, end)));
++	data += bytes_read;
++	printf ("%.*s\n\n", (int) l, name);
++      }
+ 
+       if (((unsigned int) (data - orig_data) != len) || data == end)
+ 	warn (_("DW_LNE_define_file: Bad opcode length\n"));
+@@ -597,18 +602,28 @@
+ fetch_indirect_string (dwarf_vma offset)
+ {
+   struct dwarf_section *section = &debug_displays [str].section;
++  const unsigned char * ret;
+ 
+   if (section->start == NULL)
+     return (const unsigned char *) _("<no .debug_str section>");
+ 
+-  if (offset > section->size)
++  if (offset >= section->size)
+     {
+       warn (_("DW_FORM_strp offset too big: %s\n"),
+ 	    dwarf_vmatoa ("x", offset));
+       return (const unsigned char *) _("<offset is too big>");
+     }
+ 
+-  return (const unsigned char *) section->start + offset;
++  ret = section->start + offset;
++  /* Unfortunately we cannot rely upon the .debug_str section ending with a
++     NUL byte.  Since our caller is expecting to receive a well formed C
++     string we test for the lack of a terminating byte here.  */
++  if (strnlen ((const char *) ret, section->size - offset)
++      == section->size - offset)
++    ret = (const unsigned char *)
++      _("<no NUL byte at end of .debug_str section>");
++
++  return ret; 
+ }
+ 
+ static const char *
+@@ -621,6 +636,7 @@
+   struct dwarf_section *str_section = &debug_displays [str_sec_idx].section;
+   dwarf_vma index_offset = idx * offset_size;
+   dwarf_vma str_offset;
++  const char * ret;
+ 
+   if (index_section->start == NULL)
+     return (dwo ? _("<no .debug_str_offsets.dwo section>")
+@@ -628,7 +644,7 @@
+ 
+   if (this_set != NULL)
+     index_offset += this_set->section_offsets [DW_SECT_STR_OFFSETS];
+-  if (index_offset > index_section->size)
++  if (index_offset >= index_section->size)
+     {
+       warn (_("DW_FORM_GNU_str_index offset too big: %s\n"),
+ 	    dwarf_vmatoa ("x", index_offset));
+@@ -641,14 +657,22 @@
+ 
+   str_offset = byte_get (index_section->start + index_offset, offset_size);
+   str_offset -= str_section->address;
+-  if (str_offset > str_section->size)
++  if (str_offset >= str_section->size)
+     {
+       warn (_("DW_FORM_GNU_str_index indirect offset too big: %s\n"),
+ 	    dwarf_vmatoa ("x", str_offset));
+       return _("<indirect index offset is too big>");
+     }
+ 
+-  return (const char *) str_section->start + str_offset;
++  ret = (const char *) str_section->start + str_offset;
++  /* Unfortunately we cannot rely upon str_section ending with a NUL byte.
++     Since our caller is expecting to receive a well formed C string we test
++     for the lack of a terminating byte here.  */
++  if (strnlen (ret, str_section->size - str_offset)
++      == str_section->size - str_offset)
++    ret = (const char *) _("<no NUL byte at end of section>");
++
++  return ret;
+ }
+ 
+ static const char *
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog	2017-09-20 13:40:18.900898599 +0530
++++ git/binutils/ChangeLog	2017-09-20 13:48:02.976503560 +0530
+@@ -10,6 +10,16 @@
+        * objdump.c (dump_relocs_in_section): Check for an excessive
+        number of relocs before attempting to dump them.
+ 
++2017-04-28  Nick Clifton  <nickc@redhat.com>
++
++       PR binutils/21438
++       * dwarf.c (process_extended_line_op): Do not assume that the
++       string extracted from the section is NUL terminated.
++       (fetch_indirect_string): If the string retrieved from the section
++       is not NUL terminated, return an error message.
++       (fetch_indirect_line_string): Likewise.
++       (fetch_indexed_string): Likewise.
++
+ 2017-02-14  Nick Clifton  <nickc@redhat.com>
+ 
+ 	PR binutils/21157

meta/recipes-devtools/binutils/binutils/CVE-2017-8421.patch

@@ -0,0 +1,51 @@
+commit 39ff1b79f687b65f4144ddb379f22587003443fb
+Author: Nick Clifton <nickc@redhat.com>
+Date:   Tue May 2 11:54:53 2017 +0100
+
+    Prevent memory exhaustion from a corrupt PE binary with an overlarge number of relocs.
+    
+    	PR 21440
+    	* objdump.c (dump_relocs_in_section): Check for an excessive
+    	number of relocs before attempting to dump them.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-8421
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/binutils/objdump.c
+===================================================================
+--- git.orig/binutils/objdump.c	2017-09-05 11:34:23.140802515 +0530
++++ git/binutils/objdump.c	2017-09-05 11:34:28.716824776 +0530
+@@ -3238,6 +3238,14 @@
+       return;
+     }
+ 
++  if ((bfd_get_file_flags (abfd) & (BFD_IN_MEMORY | BFD_LINKER_CREATED)) == 0
++      && relsize > get_file_size (bfd_get_filename (abfd)))
++    {
++      printf (" (too many: 0x%x)\n", section->reloc_count);
++      bfd_set_error (bfd_error_file_truncated);
++      bfd_fatal (bfd_get_filename (abfd));
++    }
++
+   relpp = (arelent **) xmalloc (relsize);
+   relcount = bfd_canonicalize_reloc (abfd, section, relpp, syms);
+ 
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog	2017-09-05 11:34:28.040822070 +0530
++++ git/binutils/ChangeLog	2017-09-05 11:36:02.413217129 +0530
+@@ -4,6 +4,12 @@
+        * rddbg.c (read_symbol_stabs_debugging_info): Check for an empty
+        string whilst concatenating symbol names.
+ 
++2017-05-02  Nick Clifton  <nickc@redhat.com>
++
++       PR 21440
++       * objdump.c (dump_relocs_in_section): Check for an excessive
++       number of relocs before attempting to dump them.
++
+ 2017-02-14  Nick Clifton  <nickc@redhat.com>
+ 
+ 	PR binutils/21157

meta/recipes-devtools/binutils/binutils/CVE-2017-9038.patch

@@ -0,0 +1,51 @@
+From f32ba72991d2406b21ab17edc234a2f3fa7fb23d Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Mon, 3 Apr 2017 11:01:45 +0100
+Subject: [PATCH] readelf: Update check for invalid word offsets in ARM unwind
+ information.
+
+	PR binutils/21343
+	* readelf.c (get_unwind_section_word): Fix snafu checking for
+	invalid word offsets in ARM unwind information.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9039
+Affects: binutils <= 2.28
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog | 6 ++++++
+ binutils/readelf.c | 6 +++---
+ 2 files changed, 9 insertions(+), 3 deletions(-)
+
+Index: git/binutils/readelf.c
+===================================================================
+--- git.orig/binutils/readelf.c
++++ git/binutils/readelf.c
+@@ -7745,9 +7745,9 @@ get_unwind_section_word (struct arm_unw_
+     return FALSE;
+ 
+   /* If the offset is invalid then fail.  */
+-  if (word_offset > (sec->sh_size - 4)
+-      /* PR 18879 */
+-      || (sec->sh_size < 5 && word_offset >= sec->sh_size)
++  if (/* PR 21343 *//* PR 18879 */
++      sec->sh_size < 4
++      || word_offset > (sec->sh_size - 4)
+       || ((bfd_signed_vma) word_offset) < 0)
+     return FALSE;
+ 
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,9 @@
++2017-04-03  Nick Clifton  <nickc@redhat.com>
++
++	PR binutils/21343
++	* readelf.c (get_unwind_section_word): Fix snafu checking for
++	invalid word offsets in ARM unwind information.
++
+ 2017-04-04  Nick Clifton  <nickc@redhat.com>
+ 
+        PR binutils/21342

meta/recipes-devtools/binutils/binutils/CVE-2017-9039.patch

@@ -0,0 +1,72 @@
+From 75ec1fdbb797a389e4fe4aaf2e15358a070dcc19 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Mon, 3 Apr 2017 11:13:21 +0100
+Subject: [PATCH] Fix runtime seg-fault in readelf when parsing a corrupt MIPS
+ binary.
+
+	PR binutils/21344
+	* readelf.c (process_mips_specific): Check for an out of range GOT
+	entry before reading the module pointer.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9039 supporting patch
+VER: <= 2.28
+Signed-off-by: Armin kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog |  6 ++++++
+ binutils/readelf.c | 26 ++++++++++++++++++--------
+ 2 files changed, 24 insertions(+), 8 deletions(-)
+
+Index: git/binutils/readelf.c
+===================================================================
+--- git.orig/binutils/readelf.c
++++ git/binutils/readelf.c
+@@ -14987,14 +14987,24 @@ process_mips_specific (FILE * file)
+       printf (_(" Lazy resolver\n"));
+       if (ent == (bfd_vma) -1)
+ 	goto got_print_fail;
+-      if (data
+-	  && (byte_get (data + ent - pltgot, addr_size)
+-	      >> (addr_size * 8 - 1)) != 0)
++
++      if (data)
+ 	{
+-	  ent = print_mips_got_entry (data, pltgot, ent, data_end);
+-	  printf (_(" Module pointer (GNU extension)\n"));
+-	  if (ent == (bfd_vma) -1)
+-	    goto got_print_fail;
++	  /* PR 21344 */
++	  if (data + ent - pltgot > data_end - addr_size)
++	    {
++	      error (_("Invalid got entry - %#lx - overflows GOT table\n"), ent);
++	      goto got_print_fail;
++	    }
++	  
++	  if (byte_get (data + ent - pltgot, addr_size)
++	      >> (addr_size * 8 - 1) != 0)
++	    {
++	      ent = print_mips_got_entry (data, pltgot, ent, data_end);
++	      printf (_(" Module pointer (GNU extension)\n"));
++	      if (ent == (bfd_vma) -1)
++		goto got_print_fail;
++	    }
+ 	}
+       printf ("\n");
+ 
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,5 +1,11 @@
+ 2017-04-03  Nick Clifton  <nickc@redhat.com>
+ 
++       PR binutils/21344
++       * readelf.c (process_mips_specific): Check for an out of range GOT
++       entry before reading the module pointer.
++
++2017-04-03  Nick Clifton  <nickc@redhat.com>
++
+ 	PR binutils/21343
+ 	* readelf.c (get_unwind_section_word): Fix snafu checking for
+ 	invalid word offsets in ARM unwind information.

meta/recipes-devtools/binutils/binutils/CVE-2017-9039_1.patch

@@ -0,0 +1,56 @@
+From 82156ab704b08b124d319c0decdbd48b3ca2dac5 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Mon, 3 Apr 2017 12:14:06 +0100
+Subject: [PATCH] readelf: Fix overlarge memory allocation when reading a
+ binary with an excessive number of program headers.
+
+	PR binutils/21345
+	* readelf.c (get_program_headers): Check for there being too many
+	program headers before attempting to allocate space for them.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9039
+VER: <= 2.28
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog |  6 ++++++
+ binutils/readelf.c | 17 ++++++++++++++---
+ 2 files changed, 20 insertions(+), 3 deletions(-)
+
+Index: git/binutils/readelf.c
+===================================================================
+--- git.orig/binutils/readelf.c
++++ git/binutils/readelf.c
+@@ -4705,9 +4705,19 @@ get_program_headers (FILE * file)
+   if (program_headers != NULL)
+     return 1;
+ 
+-  phdrs = (Elf_Internal_Phdr *) cmalloc (elf_header.e_phnum,
+-                                         sizeof (Elf_Internal_Phdr));
++  /* Be kind to memory checkers by looking for
++     e_phnum values which we know must be invalid.  */
++  if (elf_header.e_phnum
++      * (is_32bit_elf ? sizeof (Elf32_External_Phdr) : sizeof (Elf64_External_Phdr))
++      >= current_file_size)
++    {
++      error (_("Too many program headers - %#x - the file is not that big\n"),
++	     elf_header.e_phnum);
++      return FALSE;
++    }
+ 
++  phdrs = (Elf_Internal_Phdr *) cmalloc (elf_header.e_phnum,
++					 sizeof (Elf_Internal_Phdr));
+   if (phdrs == NULL)
+     {
+       error (_("Out of memory reading %u program headers\n"),
+@@ -14993,7 +15003,8 @@ process_mips_specific (FILE * file)
+ 	  /* PR 21344 */
+ 	  if (data + ent - pltgot > data_end - addr_size)
+ 	    {
+-	      error (_("Invalid got entry - %#lx - overflows GOT table\n"), ent);
++	      error (_("Invalid got entry - %#lx - overflows GOT table\n"),
++		     (long) ent);
+ 	      goto got_print_fail;
+ 	    }
+