build-appliance-image: Update to rocko head revision

(From OE-Core rev: 8a2c177c7dad5c838b3c6abd3088a2bc3896a6a3)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

bitbake/bin/toaster

@@ -68,7 +68,7 @@ webserverKillAll()
         if [ -f ${pidfile} ]; then
             pid=`cat ${pidfile}`
             while kill -0 $pid 2>/dev/null; do
-                kill -SIGTERM -$pid 2>/dev/null
+                kill -SIGTERM $pid 2>/dev/null
                 sleep 1
             done
             rm  ${pidfile}
@@ -91,7 +91,7 @@ webserverStartAll()
 
     echo "Starting webserver..."
 
-    $MANAGE runserver "$ADDR_PORT" \
+    $MANAGE runserver --noreload "$ADDR_PORT" \
            </dev/null >>${BUILDDIR}/toaster_web.log 2>&1 \
            & echo $! >${BUILDDIR}/.toastermain.pid
 

bitbake/lib/bb/checksum.py

@@ -97,6 +97,8 @@ class FileChecksumCache(MultiProcessCache):
 
         def checksum_dir(pth):
             # Handle directories recursively
+            if pth == "/":
+                bb.fatal("Refusing to checksum /")
             dirchecksums = []
             for root, dirs, files in os.walk(pth):
                 for name in files:

bitbake/lib/bb/fetch2/__init__.py

@@ -853,6 +853,9 @@ def runfetchcmd(cmd, d, quiet=False, cleanup=None, log=None, workdir=None):
         if val:
             cmd = 'export ' + var + '=\"%s\"; %s' % (val, cmd)
 
+    # Disable pseudo as it may affect ssh, potentially causing it to hang.
+    cmd = 'export PSEUDO_DISABLED=1; ' + cmd
+
     logger.debug(1, "Running %s", cmd)
 
     success = False

bitbake/lib/bb/fetch2/clearcase.py

@@ -69,7 +69,6 @@ from   bb.fetch2 import FetchMethod
 from   bb.fetch2 import FetchError
 from   bb.fetch2 import runfetchcmd
 from   bb.fetch2 import logger
-from   distutils import spawn
 
 class ClearCase(FetchMethod):
     """Class to fetch urls via 'clearcase'"""
@@ -107,7 +106,7 @@ class ClearCase(FetchMethod):
         else:
             ud.module = ""
 
-        ud.basecmd = d.getVar("FETCHCMD_ccrc") or spawn.find_executable("cleartool") or spawn.find_executable("rcleartool")
+        ud.basecmd = d.getVar("FETCHCMD_ccrc") or "/usr/bin/env cleartool || rcleartool"
 
         if d.getVar("SRCREV") == "INVALID":
           raise FetchError("Set a valid SRCREV for the clearcase fetcher in your recipe, e.g. SRCREV = \"/main/LATEST\" or any other label of your choice.")

bitbake/lib/bb/fetch2/npm.py

@@ -32,7 +32,6 @@ from   bb.fetch2 import runfetchcmd
 from   bb.fetch2 import logger
 from   bb.fetch2 import UnpackError
 from   bb.fetch2 import ParameterError
-from   distutils import spawn
 
 def subprocess_setup():
     # Python installs a SIGPIPE handler by default. This is usually not what

bitbake/lib/bb/tests/fetch.py

@@ -757,12 +757,12 @@ class FetchLatestVersionTest(FetcherTest):
         ("dtc", "git://git.qemu.org/dtc.git", "65cc4d2748a2c2e6f27f1cf39e07a5dbabd80ebf", "")
             : "1.4.0",
         # combination version pattern
-        ("sysprof", "git://git.gnome.org/sysprof", "cd44ee6644c3641507fb53b8a2a69137f2971219", "")
+        ("sysprof", "git://gitlab.gnome.org/GNOME/sysprof;protocol=https", "cd44ee6644c3641507fb53b8a2a69137f2971219", "")
             : "1.2.0",
         ("u-boot-mkimage", "git://git.denx.de/u-boot.git;branch=master;protocol=git", "62c175fbb8a0f9a926c88294ea9f7e88eb898f6c", "")
             : "2014.01",
         # version pattern "yyyymmdd"
-        ("mobile-broadband-provider-info", "git://git.gnome.org/mobile-broadband-provider-info", "4ed19e11c2975105b71b956440acdb25d46a347d", "")
+        ("mobile-broadband-provider-info", "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info;protocol=https", "4ed19e11c2975105b71b956440acdb25d46a347d", "")
             : "20120614",
         # packages with a valid UPSTREAM_CHECK_GITTAGREGEX
         ("xf86-video-omap", "git://anongit.freedesktop.org/xorg/driver/xf86-video-omap", "ae0394e687f1a77e966cf72f895da91840dffb8f", "(?P<pver>(\d+\.(\d\.?)*))")

bitbake/lib/bb/utils.py

@@ -523,12 +523,17 @@ def md5_file(filename):
     """
     Return the hex string representation of the MD5 checksum of filename.
     """
-    import hashlib
-    m = hashlib.md5()
+    import hashlib, mmap
 
     with open(filename, "rb") as f:
-        for line in f:
-            m.update(line)
+        m = hashlib.md5()
+        try:
+            with mmap.mmap(f.fileno(), 0, access=mmap.ACCESS_READ) as mm:
+                for chunk in iter(lambda: mm.read(8192), b''):
+                    m.update(chunk)
+        except ValueError:
+            # You can't mmap() an empty file so silence this exception
+            pass
     return m.hexdigest()
 
 def sha256_file(filename):

bitbake/lib/toaster/bldcontrol/management/commands/checksettings.py

@@ -107,7 +107,10 @@ class Command(BaseCommand):
                                 action="ignore",
                                 message="^.*No fixture named.*$")
                             print("Importing custom settings if present")
-                            call_command("loaddata", "custom")
+                            try:
+                                call_command("loaddata", "custom")
+                            except:
+                                print("NOTE: optional fixture 'custom' not found")
 
                         # we run lsupdates after config update
                         print("\nFetching information from the layer index, "

documentation/bsp-guide/bsp-guide.xml

@@ -126,6 +126,16 @@
                 <date>March 2018</date>
                 <revremark>Released with the Yocto Project 2.4.2 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.4.3</revnumber>
+                <date>June 2018</date>
+                <revremark>Released with the Yocto Project 2.4.3 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>2.4.4</revnumber>
+                <date>November 2018</date>
+                <revremark>Released with the Yocto Project 2.4.4 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>
@@ -142,28 +152,40 @@
                <itemizedlist>
                    <listitem><para>
                        This version of the
-                       <emphasis>Yocto Project Board Support Package Developer's Guide</emphasis>
+                       <emphasis>Yocto Project Board Support Package (BSP) Developer's Guide</emphasis>
                        is for the &YOCTO_DOC_VERSION; release of the
                        Yocto Project.
                        To be sure you have the latest version of the manual
-                       for this release, use the manual from the
-                       <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>.
-                       </para></listitem>
-                   <listitem><para>
-                       For manuals associated with other releases of the Yocto
-                       Project, go to the
+                       for this release, go to the
                        <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>
-                       and use the drop-down "Active Releases" button
-                       and choose the manual associated with the desired
-                       Yocto Project.
+                       and select the manual from that site.
+                       Manuals from the site are more up-to-date than manuals
+                       derived from the Yocto Project released TAR files.
                        </para></listitem>
                    <listitem><para>
-                        To report any inaccuracies or problems with this
-                        manual, send an email to the Yocto Project
-                        discussion group at
-                        <filename>yocto@yoctoproject.com</filename> or log into
-                        the freenode <filename>#yocto</filename> channel.
-                        </para></listitem>
+                       If you located this manual through a web search, the
+                       version of the manual might not be the one you want
+                       (e.g. the search might have returned a manual much
+                       older than the Yocto Project version with which you
+                       are working).
+                       You can see all Yocto Project major releases by
+                       visiting the
+                       <ulink url='&YOCTO_WIKI_URL;/wiki/Releases'>Releases</ulink>
+                       page.
+                       If you need a version of this manual for a different
+                       Yocto Project release, visit the
+                       <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>
+                       and select the manual set by using the
+                       "ACTIVE RELEASES DOCUMENTATION" or "DOCUMENTS ARCHIVE"
+                       pull-down menus.
+                       </para></listitem>
+                   <listitem><para>
+                       To report any inaccuracies or problems with this
+                       manual, send an email to the Yocto Project
+                       discussion group at
+                       <filename>yocto@yoctoproject.com</filename> or log into
+                       the freenode <filename>#yocto</filename> channel.
+                       </para></listitem>
                </itemizedlist>
            </note>
     </legalnotice>

documentation/dev-manual/dev-manual.xml

@@ -111,6 +111,16 @@
                 <date>March 2018</date>
                 <revremark>Released with the Yocto Project 2.4.2 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.4.3</revnumber>
+                <date>June 2018</date>
+                <revremark>Released with the Yocto Project 2.4.3 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>2.4.4</revnumber>
+                <date>November 2018</date>
+                <revremark>Released with the Yocto Project 2.4.4 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>
@@ -125,6 +135,7 @@
           Creative Commons Attribution-Share Alike 2.0 UK: England &amp; Wales</ulink> as published by
           Creative Commons.
       </para>
+
            <note><title>Manual Notes</title>
                <itemizedlist>
                    <listitem><para>
@@ -133,24 +144,36 @@
                        is for the &YOCTO_DOC_VERSION; release of the
                        Yocto Project.
                        To be sure you have the latest version of the manual
-                       for this release, use the manual from the
-                       <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>.
-                       </para></listitem>
-                   <listitem><para>
-                       For manuals associated with other releases of the Yocto
-                       Project, go to the
+                       for this release, go to the
                        <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>
-                       and use the drop-down "Active Releases" button
-                       and choose the manual associated with the desired
-                       Yocto Project.
+                       and select the manual from that site.
+                       Manuals from the site are more up-to-date than manuals
+                       derived from the Yocto Project released TAR files.
                        </para></listitem>
                    <listitem><para>
-                        To report any inaccuracies or problems with this
-                        manual, send an email to the Yocto Project
-                        discussion group at
-                        <filename>yocto@yoctoproject.com</filename> or log into
-                        the freenode <filename>#yocto</filename> channel.
-                        </para></listitem>
+                       If you located this manual through a web search, the
+                       version of the manual might not be the one you want
+                       (e.g. the search might have returned a manual much
+                       older than the Yocto Project version with which you
+                       are working).
+                       You can see all Yocto Project major releases by
+                       visiting the
+                       <ulink url='&YOCTO_WIKI_URL;/wiki/Releases'>Releases</ulink>
+                       page.
+                       If you need a version of this manual for a different
+                       Yocto Project release, visit the
+                       <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>
+                       and select the manual set by using the
+                       "ACTIVE RELEASES DOCUMENTATION" or "DOCUMENTS ARCHIVE"
+                       pull-down menus.
+                       </para></listitem>
+                   <listitem><para>
+                       To report any inaccuracies or problems with this
+                       manual, send an email to the Yocto Project
+                       discussion group at
+                       <filename>yocto@yoctoproject.com</filename> or log into
+                       the freenode <filename>#yocto</filename> channel.
+                       </para></listitem>
                </itemizedlist>
            </note>
     </legalnotice>

documentation/kernel-dev/kernel-dev.xml

@@ -96,6 +96,16 @@
                 <date>March 2018</date>
                 <revremark>Released with the Yocto Project 2.4.2 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.4.3</revnumber>
+                <date>June 2018</date>
+                <revremark>Released with the Yocto Project 2.4.3 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>2.4.4</revnumber>
+                <date>November 2018</date>
+                <revremark>Released with the Yocto Project 2.4.4 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>
@@ -116,24 +126,36 @@
                        is for the &YOCTO_DOC_VERSION; release of the
                        Yocto Project.
                        To be sure you have the latest version of the manual
-                       for this release, use the manual from the
-                       <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>.
-                       </para></listitem>
-                   <listitem><para>
-                       For manuals associated with other releases of the Yocto
-                       Project, go to the
+                       for this release, go to the
                        <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>
-                       and use the drop-down "Active Releases" button
-                       and choose the manual associated with the desired
-                       Yocto Project.
+                       and select the manual from that site.
+                       Manuals from the site are more up-to-date than manuals
+                       derived from the Yocto Project released TAR files.
                        </para></listitem>
                    <listitem><para>
-                        To report any inaccuracies or problems with this
-                        manual, send an email to the Yocto Project
-                        discussion group at
-                        <filename>yocto@yoctoproject.com</filename> or log into
-                        the freenode <filename>#yocto</filename> channel.
-                        </para></listitem>
+                       If you located this manual through a web search, the
+                       version of the manual might not be the one you want
+                       (e.g. the search might have returned a manual much
+                       older than the Yocto Project version with which you
+                       are working).
+                       You can see all Yocto Project major releases by
+                       visiting the
+                       <ulink url='&YOCTO_WIKI_URL;/wiki/Releases'>Releases</ulink>
+                       page.
+                       If you need a version of this manual for a different
+                       Yocto Project release, visit the
+                       <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>
+                       and select the manual set by using the
+                       "ACTIVE RELEASES DOCUMENTATION" or "DOCUMENTS ARCHIVE"
+                       pull-down menus.
+                       </para></listitem>
+                   <listitem><para>
+                       To report any inaccuracies or problems with this
+                       manual, send an email to the Yocto Project
+                       discussion group at
+                       <filename>yocto@yoctoproject.com</filename> or log into
+                       the freenode <filename>#yocto</filename> channel.
+                       </para></listitem>
                </itemizedlist>
            </note>
     </legalnotice>

documentation/mega-manual/mega-manual.xml

@@ -80,6 +80,16 @@
                 <date>March 2018</date>
                 <revremark>Released with the Yocto Project 2.4.2 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.4.3</revnumber>
+                <date>June 2018</date>
+                <revremark>Released with the Yocto Project 2.4.3 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>2.4.4</revnumber>
+                <date>November 2018</date>
+                <revremark>Released with the Yocto Project 2.4.4 Release.</revremark>
+            </revision>
        </revhistory>
 
     <copyright>
@@ -100,24 +110,36 @@
                        is for the &YOCTO_DOC_VERSION; release of the
                        Yocto Project.
                        To be sure you have the latest version of the manual
-                       for this release, use the manual from the
-                       <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>.
-                       </para></listitem>
-                   <listitem><para>
-                       For manuals associated with other releases of the Yocto
-                       Project, go to the
+                       for this release, go to the
                        <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>
-                       and use the drop-down "Active Releases" button
-                       and choose the manual associated with the desired
-                       Yocto Project.
+                       and select the manual from that site.
+                       Manuals from the site are more up-to-date than manuals
+                       derived from the Yocto Project released TAR files.
                        </para></listitem>
                    <listitem><para>
-                        To report any inaccuracies or problems with this
-                        manual, send an email to the Yocto Project
-                        discussion group at
-                        <filename>yocto@yoctoproject.com</filename> or log into
-                        the freenode <filename>#yocto</filename> channel.
-                        </para></listitem>
+                       If you located this manual through a web search, the
+                       version of the manual might not be the one you want
+                       (e.g. the search might have returned a manual much
+                       older than the Yocto Project version with which you
+                       are working).
+                       You can see all Yocto Project major releases by
+                       visiting the
+                       <ulink url='&YOCTO_WIKI_URL;/wiki/Releases'>Releases</ulink>
+                       page.
+                       If you need a version of this manual for a different
+                       Yocto Project release, visit the
+                       <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>
+                       and select the manual set by using the
+                       "ACTIVE RELEASES DOCUMENTATION" or "DOCUMENTS ARCHIVE"
+                       pull-down menus.
+                       </para></listitem>
+                   <listitem><para>
+                       To report any inaccuracies or problems with this
+                       manual, send an email to the Yocto Project
+                       discussion group at
+                       <filename>yocto@yoctoproject.com</filename> or log into
+                       the freenode <filename>#yocto</filename> channel.
+                       </para></listitem>
                </itemizedlist>
            </note>
 

documentation/poky.ent

@@ -1,13 +1,13 @@
-<!ENTITY DISTRO "2.4.2">
-<!ENTITY DISTRO_COMPRESSED "242">
+<!ENTITY DISTRO "2.4.4">
+<!ENTITY DISTRO_COMPRESSED "244">
 <!ENTITY DISTRO_NAME_NO_CAP "rocko">
 <!ENTITY DISTRO_NAME "Rocko">
-<!ENTITY YOCTO_DOC_VERSION "2.4.2">
-<!ENTITY DISTRO_REL_TAG "yocto-2.4.2">
+<!ENTITY YOCTO_DOC_VERSION "2.4.4">
+<!ENTITY DISTRO_REL_TAG "yocto-2.4.4">
 <!ENTITY METAINTELVERSION "8.0">
 <!ENTITY META_INTEL_REL_TAG "&METAINTELVERSION;-&DISTRO_NAME_NO_CAP;-&YOCTO_DOC_VERSION;">
-<!ENTITY POKYVERSION "19.0.2">
-<!ENTITY POKYVERSION_COMPRESSED "1902">
+<!ENTITY POKYVERSION "18.0.4">
+<!ENTITY POKYVERSION_COMPRESSED "1804">
 <!ENTITY YOCTO_POKY "poky-&DISTRO_NAME_NO_CAP;-&POKYVERSION;">
 <!ENTITY COPYRIGHT_YEAR "2010-2018">
 <!ENTITY YOCTO_DL_URL "http://downloads.yoctoproject.org">

documentation/profile-manual/profile-manual.xml

@@ -96,6 +96,16 @@
                 <date>March 2018</date>
                 <revremark>Released with the Yocto Project 2.4.2 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.4.3</revnumber>
+                <date>June 2018</date>
+                <revremark>Released with the Yocto Project 2.4.3 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>2.4.4</revnumber>
+                <date>November 2018</date>
+                <revremark>Released with the Yocto Project 2.4.4 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>
@@ -110,6 +120,7 @@
           Creative Commons Attribution-Share Alike 2.0 UK: England &amp; Wales</ulink> as published by
           Creative Commons.
       </para>
+
            <note><title>Manual Notes</title>
                <itemizedlist>
                    <listitem><para>
@@ -118,24 +129,36 @@
                        is for the &YOCTO_DOC_VERSION; release of the
                        Yocto Project.
                        To be sure you have the latest version of the manual
-                       for this release, use the manual from the
-                       <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>.
-                       </para></listitem>
-                   <listitem><para>
-                       For manuals associated with other releases of the Yocto
-                       Project, go to the
+                       for this release, go to the
                        <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>
-                       and use the drop-down "Active Releases" button
-                       and choose the manual associated with the desired
-                       Yocto Project.
+                       and select the manual from that site.
+                       Manuals from the site are more up-to-date than manuals
+                       derived from the Yocto Project released TAR files.
                        </para></listitem>
                    <listitem><para>
-                        To report any inaccuracies or problems with this
-                        manual, send an email to the Yocto Project
-                        discussion group at
-                        <filename>yocto@yoctoproject.com</filename> or log into
-                        the freenode <filename>#yocto</filename> channel.
-                        </para></listitem>
+                       If you located this manual through a web search, the
+                       version of the manual might not be the one you want
+                       (e.g. the search might have returned a manual much
+                       older than the Yocto Project version with which you
+                       are working).
+                       You can see all Yocto Project major releases by
+                       visiting the
+                       <ulink url='&YOCTO_WIKI_URL;/wiki/Releases'>Releases</ulink>
+                       page.
+                       If you need a version of this manual for a different
+                       Yocto Project release, visit the
+                       <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>
+                       and select the manual set by using the
+                       "ACTIVE RELEASES DOCUMENTATION" or "DOCUMENTS ARCHIVE"
+                       pull-down menus.
+                       </para></listitem>
+                   <listitem><para>
+                       To report any inaccuracies or problems with this
+                       manual, send an email to the Yocto Project
+                       discussion group at
+                       <filename>yocto@yoctoproject.com</filename> or log into
+                       the freenode <filename>#yocto</filename> channel.
+                       </para></listitem>
                </itemizedlist>
            </note>
     </legalnotice>

documentation/ref-manual/ref-manual.xml

@@ -127,6 +127,16 @@
                 <date>March 2018</date>
                 <revremark>Released with the Yocto Project 2.4.2 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.4.3</revnumber>
+                <date>June 2018</date>
+                <revremark>Released with the Yocto Project 2.4.3 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>2.4.4</revnumber>
+                <date>November 2018</date>
+                <revremark>Released with the Yocto Project 2.4.4 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>
@@ -139,6 +149,7 @@
         Permission is granted to copy, distribute and/or modify this document under
         the terms of the <ulink type="http" url="http://creativecommons.org/licenses/by-sa/2.0/uk/">Creative Commons Attribution-Share Alike 2.0 UK: England &amp; Wales</ulink> as published by Creative Commons.
       </para>
+
            <note><title>Manual Notes</title>
                <itemizedlist>
                    <listitem><para>
@@ -147,24 +158,36 @@
                        is for the &YOCTO_DOC_VERSION; release of the
                        Yocto Project.
                        To be sure you have the latest version of the manual
-                       for this release, use the manual from the
-                       <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>.
-                       </para></listitem>
-                   <listitem><para>
-                       For manuals associated with other releases of the Yocto
-                       Project, go to the
+                       for this release, go to the
                        <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>
-                       and use the drop-down "Active Releases" button
-                       and choose the manual associated with the desired
-                       Yocto Project.
+                       and select the manual from that site.
+                       Manuals from the site are more up-to-date than manuals
+                       derived from the Yocto Project released TAR files.
                        </para></listitem>
                    <listitem><para>
-                        To report any inaccuracies or problems with this
-                        manual, send an email to the Yocto Project
-                        discussion group at
-                        <filename>yocto@yoctoproject.com</filename> or log into
-                        the freenode <filename>#yocto</filename> channel.
-                        </para></listitem>
+                       If you located this manual through a web search, the
+                       version of the manual might not be the one you want
+                       (e.g. the search might have returned a manual much
+                       older than the Yocto Project version with which you
+                       are working).
+                       You can see all Yocto Project major releases by
+                       visiting the
+                       <ulink url='&YOCTO_WIKI_URL;/wiki/Releases'>Releases</ulink>
+                       page.
+                       If you need a version of this manual for a different
+                       Yocto Project release, visit the
+                       <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>
+                       and select the manual set by using the
+                       "ACTIVE RELEASES DOCUMENTATION" or "DOCUMENTS ARCHIVE"
+                       pull-down menus.
+                       </para></listitem>
+                   <listitem><para>
+                       To report any inaccuracies or problems with this
+                       manual, send an email to the Yocto Project
+                       discussion group at
+                       <filename>yocto@yoctoproject.com</filename> or log into
+                       the freenode <filename>#yocto</filename> channel.
+                       </para></listitem>
                </itemizedlist>
            </note>
     </legalnotice>

documentation/ref-manual/ref-variables.xml

@@ -12527,8 +12527,8 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
                 </para>
 
                 <para>
-                    In this example, <filename>intone</filename> depends on
-                    <filename>mplayer2</filename>.
+                    In the previous example, <filename>intone</filename>
+                    depends on <filename>mplayer2</filename>.
                 </para>
 
                 <para>

documentation/sdk-manual/sdk-manual.xml

@@ -61,6 +61,16 @@
                 <date>March 2018</date>
                 <revremark>Released with the Yocto Project 2.4.2 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.4.3</revnumber>
+                <date>June 2018</date>
+                <revremark>Released with the Yocto Project 2.4.3 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>2.4.4</revnumber>
+                <date>November 2018</date>
+                <revremark>Released with the Yocto Project 2.4.4 Release.</revremark>
+            </revision>
        </revhistory>
 
     <copyright>
@@ -73,6 +83,7 @@
         Permission is granted to copy, distribute and/or modify this document under
         the terms of the <ulink type="http" url="http://creativecommons.org/licenses/by-sa/2.0/uk/">Creative Commons Attribution-Share Alike 2.0 UK: England &amp; Wales</ulink> as published by Creative Commons.
       </para>
+
            <note><title>Manual Notes</title>
                <itemizedlist>
                    <listitem><para>
@@ -81,24 +92,36 @@
                        manual is for the &YOCTO_DOC_VERSION; release of the
                        Yocto Project.
                        To be sure you have the latest version of the manual
-                       for this release, use the manual from the
-                       <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>.
-                       </para></listitem>
-                   <listitem><para>
-                       For manuals associated with other releases of the Yocto
-                       Project, go to the
+                       for this release, go to the
                        <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>
-                       and use the drop-down "Active Releases" button
-                       and choose the manual associated with the desired
-                       Yocto Project.
+                       and select the manual from that site.
+                       Manuals from the site are more up-to-date than manuals
+                       derived from the Yocto Project released TAR files.
                        </para></listitem>
                    <listitem><para>
-                        To report any inaccuracies or problems with this
-                        manual, send an email to the Yocto Project
-                        discussion group at
-                        <filename>yocto@yoctoproject.com</filename> or log into
-                        the freenode <filename>#yocto</filename> channel.
-                        </para></listitem>
+                       If you located this manual through a web search, the
+                       version of the manual might not be the one you want
+                       (e.g. the search might have returned a manual much
+                       older than the Yocto Project version with which you
+                       are working).
+                       You can see all Yocto Project major releases by
+                       visiting the
+                       <ulink url='&YOCTO_WIKI_URL;/wiki/Releases'>Releases</ulink>
+                       page.
+                       If you need a version of this manual for a different
+                       Yocto Project release, visit the
+                       <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>
+                       and select the manual set by using the
+                       "ACTIVE RELEASES DOCUMENTATION" or "DOCUMENTS ARCHIVE"
+                       pull-down menus.
+                       </para></listitem>
+                   <listitem><para>
+                       To report any inaccuracies or problems with this
+                       manual, send an email to the Yocto Project
+                       discussion group at
+                       <filename>yocto@yoctoproject.com</filename> or log into
+                       the freenode <filename>#yocto</filename> channel.
+                       </para></listitem>
                </itemizedlist>
            </note>
 

documentation/toaster-manual/toaster-manual.xml

@@ -71,6 +71,16 @@
                 <date>March 2018</date>
                 <revremark>Released with the Yocto Project 2.4.2 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.4.3</revnumber>
+                <date>June 2018</date>
+                <revremark>Released with the Yocto Project 2.4.3 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>2.4.4</revnumber>
+                <date>November 2018</date>
+                <revremark>Released with the Yocto Project 2.4.4 Release.</revremark>
+            </revision>
        </revhistory>
 
     <copyright>
@@ -91,24 +101,36 @@
                        is for the &YOCTO_DOC_VERSION; release of the
                        Yocto Project.
                        To be sure you have the latest version of the manual
-                       for this release, use the manual from the
-                       <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>.
-                       </para></listitem>
-                   <listitem><para>
-                       For manuals associated with other releases of the Yocto
-                       Project, go to the
+                       for this release, go to the
                        <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>
-                       and use the drop-down "Active Releases" button
-                       and choose the manual associated with the desired
-                       Yocto Project.
+                       and select the manual from that site.
+                       Manuals from the site are more up-to-date than manuals
+                       derived from the Yocto Project released TAR files.
                        </para></listitem>
                    <listitem><para>
-                        To report any inaccuracies or problems with this
-                        manual, send an email to the Yocto Project
-                        discussion group at
-                        <filename>yocto@yoctoproject.com</filename> or log into
-                        the freenode <filename>#yocto</filename> channel.
-                        </para></listitem>
+                       If you located this manual through a web search, the
+                       version of the manual might not be the one you want
+                       (e.g. the search might have returned a manual much
+                       older than the Yocto Project version with which you
+                       are working).
+                       You can see all Yocto Project major releases by
+                       visiting the
+                       <ulink url='&YOCTO_WIKI_URL;/wiki/Releases'>Releases</ulink>
+                       page.
+                       If you need a version of this manual for a different
+                       Yocto Project release, visit the
+                       <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>
+                       and select the manual set by using the
+                       "ACTIVE RELEASES DOCUMENTATION" or "DOCUMENTS ARCHIVE"
+                       pull-down menus.
+                       </para></listitem>
+                   <listitem><para>
+                       To report any inaccuracies or problems with this
+                       manual, send an email to the Yocto Project
+                       discussion group at
+                       <filename>yocto@yoctoproject.com</filename> or log into
+                       the freenode <filename>#yocto</filename> channel.
+                       </para></listitem>
                </itemizedlist>
            </note>
 

documentation/tools/mega-manual.sed

@@ -2,32 +2,32 @@
 # This style is for manual folders like "yocto-project-qs" and "poky-ref-manual".
 # This is the old way that did it.  Can't do that now that we have "bitbake-user-manual" strings
 # in the mega-manual.
-# s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.2\/[a-z]*-[a-z]*-[a-z]*\/[a-z]*-[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.2\/yocto-project-qs\/yocto-project-qs.html#/\"link\" href=\"#/g
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.2\/poky-ref-manual\/poky-ref-manual.html#/\"link\" href=\"#/g
+# s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.4\/[a-z]*-[a-z]*-[a-z]*\/[a-z]*-[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.4\/yocto-project-qs\/yocto-project-qs.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.4\/poky-ref-manual\/poky-ref-manual.html#/\"link\" href=\"#/g
 
 # Processes all other manuals (<word>-<word> style) except for the BitBake User Manual because
 # it is not included in the mega-manual.
 # This style is for manual folders that use two word, which is the standard now (e.g. "ref-manual").
 # This was the one-liner that worked before we introduced the BitBake User Manual, which is
 # not in the mega-manual.
-# s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.2\/[a-z]*-[a-z]*\/[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
+# s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.4\/[a-z]*-[a-z]*\/[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
 
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.2\/sdk-manual\/sdk-manual.html#/\"link\" href=\"#/g
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.2\/bsp-guide\/bsp-guide.html#/\"link\" href=\"#/g
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.2\/dev-manual\/dev-manual.html#/\"link\" href=\"#/g
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.2\/kernel-dev\/kernel-dev.html#/\"link\" href=\"#/g
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.2\/profile-manual\/profile-manual.html#/\"link\" href=\"#/g
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.2\/ref-manual\/ref-manual.html#/\"link\" href=\"#/g
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.2\/toaster-manual\/toaster-manual.html#/\"link\" href=\"#/g
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.2\/yocto-project-qs\/yocto-project-qs.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.4\/sdk-manual\/sdk-manual.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.4\/bsp-guide\/bsp-guide.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.4\/dev-manual\/dev-manual.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.4\/kernel-dev\/kernel-dev.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.4\/profile-manual\/profile-manual.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.4\/ref-manual\/ref-manual.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.4\/toaster-manual\/toaster-manual.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.4\/yocto-project-qs\/yocto-project-qs.html#/\"link\" href=\"#/g
 
 # Process cases where just an external manual is referenced without an id anchor
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.2\/yocto-project-qs\/yocto-project-qs.html\" target=\"_top\">Yocto Project Quick Start<\/a>/Yocto Project Quick Start/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.2\/dev-manual\/dev-manual.html\" target=\"_top\">Yocto Project Development Tasks Manual<\/a>/Yocto Project Development Tasks Manual/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.2\/sdk-manual\/sdk-manual.html\" target=\"_top\">Yocto Project Application Development and the Extensible Software Development Kit (eSDK)<\/a>/Yocto Project Application Development and the Extensible Software Development Kit (eSDK)/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.2\/bsp-guide\/bsp-guide.html\" target=\"_top\">Yocto Project Board Support Package (BSP) Developer's Guide<\/a>/Yocto Project Board Support Package (BSP) Developer's Guide/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.2\/profile-manual\/profile-manual.html\" target=\"_top\">Yocto Project Profiling and Tracing Manual<\/a>/Yocto Project Profiling and Tracing Manual/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.2\/kernel-dev\/kernel-dev.html\" target=\"_top\">Yocto Project Linux Kernel Development Manual<\/a>/Yocto Project Linux Kernel Development Manual/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.2\/ref-manual\/ref-manual.html\" target=\"_top\">Yocto Project Reference Manual<\/a>/Yocto Project Reference Manual/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.2\/toaster-manual\/toaster-manual.html\" target=\"_top\">Toaster User Manual<\/a>/Toaster User Manual/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.4\/yocto-project-qs\/yocto-project-qs.html\" target=\"_top\">Yocto Project Quick Start<\/a>/Yocto Project Quick Start/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.4\/dev-manual\/dev-manual.html\" target=\"_top\">Yocto Project Development Tasks Manual<\/a>/Yocto Project Development Tasks Manual/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.4\/sdk-manual\/sdk-manual.html\" target=\"_top\">Yocto Project Application Development and the Extensible Software Development Kit (eSDK)<\/a>/Yocto Project Application Development and the Extensible Software Development Kit (eSDK)/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.4\/bsp-guide\/bsp-guide.html\" target=\"_top\">Yocto Project Board Support Package (BSP) Developer's Guide<\/a>/Yocto Project Board Support Package (BSP) Developer's Guide/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.4\/profile-manual\/profile-manual.html\" target=\"_top\">Yocto Project Profiling and Tracing Manual<\/a>/Yocto Project Profiling and Tracing Manual/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.4\/kernel-dev\/kernel-dev.html\" target=\"_top\">Yocto Project Linux Kernel Development Manual<\/a>/Yocto Project Linux Kernel Development Manual/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.4\/ref-manual\/ref-manual.html\" target=\"_top\">Yocto Project Reference Manual<\/a>/Yocto Project Reference Manual/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.4.4\/toaster-manual\/toaster-manual.html\" target=\"_top\">Toaster User Manual<\/a>/Toaster User Manual/g

documentation/yocto-project-qs/yocto-project-qs.xml

@@ -16,34 +16,48 @@
                 Permission is granted to copy, distribute and/or modify this document under
                 the terms of the <ulink type="http" url="http://creativecommons.org/licenses/by-sa/2.0/uk/">Creative Commons Attribution-Share Alike 2.0 UK: England &amp; Wales</ulink> as published by Creative Commons.
             </para>
-           <note><title>Manual Notes</title>
-               <itemizedlist>
-                   <listitem><para>
-                       This version of the
-                       <emphasis>Yocto Project Quick Start</emphasis>
-                       is for the &YOCTO_DOC_VERSION; release of the
-                       Yocto Project.
-                       To be sure you have the latest version of the manual
-                       for this release, use the manual from the
-                       <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>.
-                       </para></listitem>
-                   <listitem><para>
-                       For manuals associated with other releases of the Yocto
-                       Project, go to the
-                       <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>
-                       and use the drop-down "Active Releases" button
-                       and choose the manual associated with the desired
-                       Yocto Project.
-                       </para></listitem>
-                   <listitem><para>
+
+            <note><title>Manual Notes</title>
+                <itemizedlist>
+                    <listitem><para>
+                        This version of the
+                        <emphasis>Yocto Project Quick Start</emphasis>
+                        is for the &YOCTO_DOC_VERSION; release of the
+                        Yocto Project.
+                        To be sure you have the latest version of the manual
+                        for this release, go to the
+                        <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>
+                        and select the manual from that site.
+                        Manuals from the site are more up-to-date than manuals
+                        derived from the Yocto Project released TAR files.
+                        </para></listitem>
+                    <listitem><para>
+                        If you located this manual through a web search, the
+                        version of the manual might not be the one you want
+                        (e.g. the search might have returned a manual much
+                        older than the Yocto Project version with which you
+                        are working).
+                        You can see all Yocto Project major releases by
+                        visiting the
+                        <ulink url='&YOCTO_WIKI_URL;/wiki/Releases'>Releases</ulink>
+                        page.
+                        If you need a version of this manual for a different
+                        Yocto Project release, visit the
+                        <ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>
+                        and select the manual set by using the
+                        "ACTIVE RELEASES DOCUMENTATION" or "DOCUMENTS ARCHIVE"
+                        pull-down menus.
+                        </para></listitem>
+                    <listitem><para>
                         To report any inaccuracies or problems with this
                         manual, send an email to the Yocto Project
                         discussion group at
                         <filename>yocto@yoctoproject.com</filename> or log into
                         the freenode <filename>#yocto</filename> channel.
                         </para></listitem>
-               </itemizedlist>
-           </note>
+                </itemizedlist>
+            </note>
+
         </legalnotice>
 
         <abstract>

meta-poky/conf/distro/poky.conf

@@ -1,6 +1,6 @@
 DISTRO = "poky"
 DISTRO_NAME = "Poky (Yocto Project Reference Distro)"
-DISTRO_VERSION = "2.4.3"
+DISTRO_VERSION = "2.4.4"
 DISTRO_CODENAME = "rocko"
 SDK_VENDOR = "-pokysdk"
 SDK_VERSION := "${@'${DISTRO_VERSION}'.replace('snapshot-${DATE}','snapshot')}"

meta-yocto-bsp/lib/oeqa/selftest/cases/systemd_boot.py

@@ -44,7 +44,7 @@ class Systemdboot(OESelftestTestCase):
 
         # Ensure we're actually testing that this gets built and not that
         # it was around from an earlier build
-        bitbake('-c cleansstate systemd-boot')
+        bitbake('-c clean systemd-boot')
         runCmd('rm -f %s' % systemdbootfile)
 
         self._common_build()

meta/classes/base.bbclass

@@ -100,8 +100,8 @@ def get_lic_checksum_file_list(d):
         # We only care about items that are absolute paths since
         # any others should be covered by SRC_URI.
         try:
-            path = bb.fetch.decodeurl(url)[2]
-            if not path:
+            (method, host, path, user, pswd, parm) = bb.fetch.decodeurl(url)
+            if method != "file" or not path:
                 raise bb.fetch.MalformedUrl(url)
 
             if path[0] == '/':

meta/classes/clutter.bbclass

@@ -14,7 +14,7 @@ REALNAME = "${@get_real_name("${BPN}")}"
 
 CLUTTER_SRC_FTP = "${GNOME_MIRROR}/${REALNAME}/${VERMINOR}/${REALNAME}-${PV}.tar.xz;name=archive"
 
-CLUTTER_SRC_GIT = "git://git.gnome.org/${REALNAME}"
+CLUTTER_SRC_GIT = "git://gitlab.gnome.org/GNOME/${REALNAME};protocol=https"
 
 SRC_URI = "${CLUTTER_SRC_FTP}"
 S = "${WORKDIR}/${REALNAME}-${PV}"

meta/classes/license.bbclass

@@ -226,9 +226,7 @@ def get_deployed_dependencies(d):
     # The manifest file name contains the arch. Because we are not running
     # in the recipe context it is necessary to check every arch used.
     sstate_manifest_dir = d.getVar("SSTATE_MANIFESTS")
-    sstate_archs = d.getVar("SSTATE_ARCHS")
-    extra_archs = d.getVar("PACKAGE_EXTRA_ARCHS")
-    archs = list(set(("%s %s" % (sstate_archs, extra_archs)).split()))
+    archs = list(set(d.getVar("SSTATE_ARCHS").split()))
     for dep in depends:
         # Some recipes have an arch on their own, so we try that first.
         special_arch = d.getVar("PACKAGE_ARCH_pn-%s" % dep)
@@ -336,7 +334,7 @@ def add_package_and_files(d):
     files = d.getVar('LICENSE_FILES_DIRECTORY')
     pn = d.getVar('PN')
     pn_lic = "%s%s" % (pn, d.getVar('LICENSE_PACKAGE_SUFFIX', False))
-    if pn_lic in packages:
+    if pn_lic in packages.split():
         bb.warn("%s package already existed in %s." % (pn_lic, pn))
     else:
         # first in PACKAGES to be sure that nothing else gets LICENSE_FILES_DIRECTORY
@@ -482,7 +480,9 @@ def find_license_files(d):
 
     for url in lic_files.split():
         try:
-            (type, host, path, user, pswd, parm) = bb.fetch.decodeurl(url)
+            (method, host, path, user, pswd, parm) = bb.fetch.decodeurl(url)
+            if method != "file" or not path:
+                raise bb.fetch.MalformedUrl()
         except bb.fetch.MalformedUrl:
             bb.fatal("%s: LIC_FILES_CHKSUM contains an invalid URL:  %s" % (d.getVar('PF'), url))
         # We want the license filename and path

meta/classes/mirrors.bbclass

@@ -1,4 +1,5 @@
 MIRRORS += "\
+${DEBIAN_MIRROR}	http://snapshot.debian.org/archive/debian/20180310T215105Z/pool \n \
 ${DEBIAN_MIRROR}	http://snapshot.debian.org/archive/debian-archive/20120328T092752Z/debian/pool \n \
 ${DEBIAN_MIRROR}	http://snapshot.debian.org/archive/debian-archive/20110127T084257Z/debian/pool \n \
 ${DEBIAN_MIRROR}	http://snapshot.debian.org/archive/debian-archive/20090802T004153Z/debian/pool \n \
@@ -68,7 +69,7 @@ ${CPAN_MIRROR}  http://search.cpan.org/CPAN/ \n \
 
 MIRRORS += "\
 git://salsa.debian.org/.*     git://salsa.debian.org/PATH;protocol=https \n \
-git://git.gnome.org/.*        git://git.gnome.org/browse/PATH;protocol=https \n \
+git://git.gnome.org/.*        git://gitlab.gnome.org/GNOME/PATH;protocol=https \n \
 git://git.savannah.gnu.org/.* git://git.savannah.gnu.org/git/PATH;protocol=https \n \
 git://git.yoctoproject.org/.* git://git.yoctoproject.org/git/PATH;protocol=https \n \
 git://.*/.*                   git://HOST/PATH;protocol=https \n \

meta/classes/module-base.bbclass

@@ -12,6 +12,8 @@ export CROSS_COMPILE = "${TARGET_PREFIX}"
 # we didn't pick the name.
 export KBUILD_OUTPUT = "${STAGING_KERNEL_BUILDDIR}"
 
+DEPENDS += "bc-native"
+
 export KERNEL_VERSION = "${@base_read_file('${STAGING_KERNEL_BUILDDIR}/kernel-abiversion')}"
 KERNEL_OBJECT_SUFFIX = ".ko"
 
@@ -23,5 +25,6 @@ PACKAGE_ARCH = "${MACHINE_ARCH}"
 do_make_scripts() {
 	unset CFLAGS CPPFLAGS CXXFLAGS LDFLAGS 
 	make CC="${KERNEL_CC}" LD="${KERNEL_LD}" AR="${KERNEL_AR}" \
-	           -C ${STAGING_KERNEL_DIR} O=${STAGING_KERNEL_BUILDDIR} scripts
+	           HOSTCC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}" HOSTCPP="${BUILD_CPP}" \
+	           -C ${STAGING_KERNEL_DIR} O=${STAGING_KERNEL_BUILDDIR} scripts prepare
 }

meta/classes/module.bbclass

@@ -2,7 +2,7 @@ inherit module-base kernel-module-split pkgconfig
 
 addtask make_scripts after do_prepare_recipe_sysroot before do_configure
 do_make_scripts[lockfiles] = "${TMPDIR}/kernel-scripts.lock"
-do_make_scripts[depends] += "virtual/kernel:do_shared_workdir"
+do_make_scripts[depends] += "virtual/kernel:do_shared_workdir openssl-native:do_populate_sysroot"
 
 EXTRA_OEMAKE += "KERNEL_SRC=${STAGING_KERNEL_DIR}"
 

meta/classes/toolchain-scripts.bbclass

@@ -62,7 +62,8 @@ toolchain_create_tree_env_script () {
 	script=${TMPDIR}/environment-setup-${REAL_MULTIMACH_TARGET_SYS}
 	rm -f $script
 	touch $script
-	echo 'export PATH=${STAGING_DIR_NATIVE}/usr/bin:${PATH}' >> $script
+	echo ". ${COREBASE}/oe-init-build-env ${TOPDIR}" >> $script
+	echo 'export PATH=${STAGING_DIR_NATIVE}/usr/bin:${STAGING_BINDIR_TOOLCHAIN}:$PATH' >> $script
 	echo 'export PKG_CONFIG_SYSROOT_DIR=${PKG_CONFIG_SYSROOT_DIR}' >> $script
 	echo 'export PKG_CONFIG_PATH=${PKG_CONFIG_PATH}' >> $script
 	echo 'export CONFIG_SITE="${@siteinfo_get_files(d)}"' >> $script

meta/conf/bitbake.conf

@@ -620,7 +620,7 @@ BBLAYERS_FETCH_DIR ??= "${COREBASE}"
 APACHE_MIRROR = "http://archive.apache.org/dist"
 DEBIAN_MIRROR = "http://ftp.debian.org/debian/pool"
 GENTOO_MIRROR = "http://distfiles.gentoo.org/distfiles"
-GNOME_GIT = "git://git.gnome.org"
+GNOME_GIT = "git://gitlab.gnome.org/GNOME"
 GNOME_MIRROR = "http://ftp.gnome.org/pub/GNOME/sources"
 GNU_MIRROR = "http://ftp.gnu.org/gnu"
 GNUPG_MIRROR = "https://www.gnupg.org/ftp/gcrypt"

meta/conf/distro/include/yocto-uninative.inc

@@ -6,8 +6,9 @@
 # to the distro running on the build machine.
 #
 
-UNINATIVE_MAXGLIBCVERSION = "2.27"
+UNINATIVE_MAXGLIBCVERSION = "2.28"
+
+UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/2.3/"
+UNINATIVE_CHECKSUM[i686] ?= "44253cddbf629082568cea4fff59419106871a0cf81b4845b5d34e7014887b20"
+UNINATIVE_CHECKSUM[x86_64] ?= "c6954563dad3c95608117c6fc328099036c832bbd924ebf5fdccb622fc0a8684"
 
-UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/1.9/"
-UNINATIVE_CHECKSUM[i686] ?= "83a4f927da81d9889ef0cbe5c12cb782e21c6cc11e6155600b94ff0c99576dce"
-UNINATIVE_CHECKSUM[x86_64] ?= "c26622a1f27dbf5b25de986b11584b5c5b2f322d9eb367f705a744f58a5561ec"

meta/files/common-licenses/BSD-1-Clause

@@ -0,0 +1,9 @@
+
+Copyright (c) <YEAR>, <OWNER>
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+THIS SOFTWARE IS PROVIDED BY Berkeley Software Design, Inc. "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL Berkeley Software Design, Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+

meta/lib/oeqa/runtime/cases/kernelmodule.py

@@ -28,7 +28,7 @@ class KernelModuleTest(OERuntimeTestCase):
     @OETestDepends(['gcc.GccCompileTest.test_gcc_compile'])
     def test_kernel_module(self):
         cmds = [
-            'cd /usr/src/kernel && make scripts',
+            'cd /usr/src/kernel && make scripts prepare',
             'cd /tmp && make',
             'cd /tmp && insmod hellomod.ko',
             'lsmod | grep hellomod',

meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb

@@ -7,7 +7,8 @@ SRCREV = "befcbbc9867e742ac16415660b0b7521218a530c"
 PV = "20170310"
 PE = "1"
 
-SRC_URI = "git://git.gnome.org/mobile-broadband-provider-info"
+SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info;protocol=https"
+
 S = "${WORKDIR}/git"
 
 inherit autotools

meta/recipes-core/glib-networking/glib-networking_2.50.0.bb

@@ -1,6 +1,6 @@
 SUMMARY = "GLib networking extensions"
 DESCRIPTION = "glib-networking contains the implementations of certain GLib networking features that cannot be implemented directly in GLib itself because of their dependencies."
-HOMEPAGE = "http://git.gnome.org/browse/glib-networking/"
+HOMEPAGE = "https://gitlab.gnome.org/GNOME/glib-networking/"
 BUGTRACKER = "http://bugzilla.gnome.org"
 
 LICENSE = "LGPLv2"

meta/recipes-core/glibc/glibc_2.26.bb

@@ -1,13 +1,13 @@
 require glibc.inc
 
-LIC_FILES_CHKSUM = "file://LICENSES;md5=e9a558e243b36d3209f380deb394b213 \
+LIC_FILES_CHKSUM = "file://LICENSES;md5=ebc14508894997e6daaad1b8ffd53a15\
       file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
       file://posix/rxspencer/COPYRIGHT;md5=dc5485bb394a13b2332ec1c785f5d83a \
       file://COPYING.LIB;md5=4fbd65380cdd255951079008b364516c"
 
 DEPENDS += "gperf-native bison-native"
 
-SRCREV ?= "d300041c533a3d837c9f37a099bcc95466860e98"
+SRCREV ?= "c9570bd2f54abb68e4e3c767aca3a54e05d2c7f6"
 
 SRCBRANCH ?= "release/${PV}/master"
 

meta/recipes-core/ifupdown/ifupdown_0.8.16.bb

@@ -6,7 +6,7 @@ the file /etc/network/interfaces."
 LICENSE = "GPLv2"
 LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
 
-SRC_URI = "git://anonscm.debian.org/git/collab-maint/ifupdown.git \
+SRC_URI = "git://salsa.debian.org/debian/ifupdown.git;protocol=https \
 	   file://defn2-c-man-don-t-rely-on-dpkg-architecture-to-set-a.patch \
 	   file://inet-6-.defn-fix-inverted-checks-for-loopback.patch \
 	   file://99_network \

meta/recipes-core/images/build-appliance-image_15.0.0.bb

@@ -22,7 +22,7 @@ IMAGE_FSTYPES = "wic.vmdk"
 
 inherit core-image module-base setuptools3
 
-SRCREV ?= "78b61238f2a3eb18d97d31ac5d27bce9566438d2"
+SRCREV ?= "30c10a3d8bd9bcd909cc1600894815c2fd5400a2"
 SRC_URI = "git://git.yoctoproject.org/poky;branch=rocko \
            file://Yocto_Build_Appliance.vmx \
            file://Yocto_Build_Appliance.vmxf \

meta/recipes-core/libxml/libxml2/fix-execution-of-ptests.patch

@@ -0,0 +1,21 @@
+Make sure that Makefile doesn't try to compile these tests again
+on the target where the source dependencies won't be available.
+
+Upstream-Status: Inappropriate [cross-compile specific]
+
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+
+Index: libxml2-2.9.7/Makefile.am
+===================================================================
+--- libxml2-2.9.7.orig/Makefile.am
++++ libxml2-2.9.7/Makefile.am
+@@ -211,8 +211,7 @@ install-ptest:
+ 	sed -i -e 's|^Makefile:|_Makefile:|' $(DESTDIR)/Makefile
+ 	$(MAKE) -C python install-ptest
+ 
+-runtests: runtest$(EXEEXT) testrecurse$(EXEEXT) testapi$(EXEEXT) \
+-          testchar$(EXEEXT) testdict$(EXEEXT) runxmlconf$(EXEEXT)
++runtests:
+ 	[ -d test   ] || $(LN_S) $(srcdir)/test   .
+ 	[ -d result ] || $(LN_S) $(srcdir)/result .
+ 	$(CHECKER) ./runtest$(EXEEXT) && \

meta/recipes-core/libxml/libxml2_2.9.5.bb

@@ -20,6 +20,7 @@ SRC_URI = "http://www.xmlsoft.org/sources/libxml2-${PV}.tar.gz;name=libtar \
            file://python-sitepackages-dir.patch \
            file://libxml-m4-use-pkgconfig.patch \
            file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \
+           file://fix-execution-of-ptests.patch \
            "
 
 SRC_URI[libtar.md5sum] = "5ce0da9bdaa267b40c4ca36d35363b8b"

meta/recipes-core/os-release/os-release.bb

@@ -1,7 +1,7 @@
 inherit allarch
 
 SUMMARY = "Operating system identification"
-DESCRIPTION = "The /etc/os-release file contains operating system identification data."
+DESCRIPTION = "The /usr/lib/os-release file contains operating system identification data."
 LICENSE = "MIT"
 INHIBIT_DEFAULT_DEPS = "1"
 
@@ -42,6 +42,9 @@ python do_compile () {
 do_compile[vardeps] += "${OS_RELEASE_FIELDS}"
 
 do_install () {
-    install -d ${D}${sysconfdir}
-    install -m 0644 os-release ${D}${sysconfdir}/
+    install -d ${D}${nonarch_libdir} ${D}${sysconfdir}
+    install -m 0644 os-release ${D}${nonarch_libdir}/
+    lnr ${D}${nonarch_libdir}/os-release ${D}${sysconfdir}/os-release
 }
+
+FILES_${PN} += "${nonarch_libdir}/os-release"

meta/recipes-core/ovmf/ovmf/0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch

@@ -0,0 +1,71 @@
+From 9fce4bab014b9aa618060eba13d6dd04b0fa1b70 Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Fri, 2 Mar 2018 17:11:52 +0100
+Subject: [PATCH 1/4] BaseTools/header.makefile: add "-Wno-stringop-truncation"
+
+gcc-8 (which is part of Fedora 28) enables the new warning
+"-Wstringop-truncation" in "-Wall". This warning is documented in detail
+at <https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html>; the
+introduction says
+
+> Warn for calls to bounded string manipulation functions such as strncat,
+> strncpy, and stpncpy that may either truncate the copied string or leave
+> the destination unchanged.
+
+It breaks the BaseTools build with:
+
+> EfiUtilityMsgs.c: In function 'PrintMessage':
+> EfiUtilityMsgs.c:484:9: error: 'strncat' output may be truncated copying
+> between 0 and 511 bytes from a string of length 511
+> [-Werror=stringop-truncation]
+>          strncat (Line, Line2, MAX_LINE_LEN - strlen (Line) - 1);
+>          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+> EfiUtilityMsgs.c:469:9: error: 'strncat' output may be truncated copying
+> between 0 and 511 bytes from a string of length 511
+> [-Werror=stringop-truncation]
+>          strncat (Line, Line2, MAX_LINE_LEN - strlen (Line) - 1);
+>          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+> EfiUtilityMsgs.c:511:5: error: 'strncat' output may be truncated copying
+> between 0 and 511 bytes from a string of length 511
+> [-Werror=stringop-truncation]
+>      strncat (Line, Line2, MAX_LINE_LEN - strlen (Line) - 1);
+>      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The right way to fix the warning would be to implement string concat with
+snprintf(). However, Microsoft does not appear to support snprintf()
+before VS2015
+<https://stackoverflow.com/questions/2915672/snprintf-and-visual-studio-2010>,
+so we just have to shut up the warning. The strncat() calls flagged above
+are valid BTW.
+
+Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Cc: Cole Robinson <crobinso@redhat.com>
+Cc: Liming Gao <liming.gao@intel.com>
+Cc: Paolo Bonzini <pbonzini@redhat.com>
+Cc: Yonghong Zhu <yonghong.zhu@intel.com>
+Contributed-under: TianoCore Contribution Agreement 1.1
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+Reviewed-by: Liming Gao <liming.gao@intel.com>
+---
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Upstream-Status: Backport
+
+ BaseTools/Source/C/Makefiles/header.makefile | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+Index: git/BaseTools/Source/C/Makefiles/header.makefile
+===================================================================
+--- git.orig/BaseTools/Source/C/Makefiles/header.makefile
++++ git/BaseTools/Source/C/Makefiles/header.makefile
+@@ -47,9 +47,9 @@ INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT)
+ BUILD_CPPFLAGS += $(INCLUDE) -O2
+ ifeq ($(DARWIN),Darwin)
+ # assume clang or clang compatible flags on OS X
+-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -c -g
++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-self-assign -Wno-unused-result -nostdlib -c -g
+ else
+-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-unused-result -nostdlib -c -g
++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-unused-result -nostdlib -c -g
+ endif
+ BUILD_LFLAGS = $(LDFLAGS)
+ BUILD_CXXFLAGS += -Wno-unused-result

meta/recipes-core/ovmf/ovmf/0002-BaseTools-header.makefile-add-Wno-restrict.patch

@@ -0,0 +1,102 @@
+From 86dbdac5a25bd23deb4a0e0a97b527407e02184d Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Fri, 2 Mar 2018 17:11:52 +0100
+Subject: [PATCH 2/4] BaseTools/header.makefile: add "-Wno-restrict"
+
+gcc-8 (which is part of Fedora 28) enables the new warning
+"-Wrestrict" in "-Wall". This warning is documented in detail
+at <https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html>; the
+introduction says
+
+> Warn when an object referenced by a restrict-qualified parameter (or, in
+> C++, a __restrict-qualified parameter) is aliased by another argument,
+> or when copies between such objects overlap.
+
+It breaks the BaseTools build (in the Brotli compression library) with:
+
+> In function 'ProcessCommandsInternal',
+>     inlined from 'ProcessCommands' at dec/decode.c:1828:10:
+> dec/decode.c:1781:9: error: 'memcpy' accessing between 17 and 2147483631
+> bytes at offsets 16 and 16 overlaps between 17 and 2147483631 bytes at
+> offset 16 [-Werror=restrict]
+>          memcpy(copy_dst + 16, copy_src + 16, (size_t)(i - 16));
+>          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+> In function 'ProcessCommandsInternal',
+>     inlined from 'SafeProcessCommands' at dec/decode.c:1833:10:
+> dec/decode.c:1781:9: error: 'memcpy' accessing between 17 and 2147483631
+> bytes at offsets 16 and 16 overlaps between 17 and 2147483631 bytes at
+> offset 16 [-Werror=restrict]
+>          memcpy(copy_dst + 16, copy_src + 16, (size_t)(i - 16));
+>          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Paolo Bonzini <pbonzini@redhat.com> analyzed the Brotli source in detail,
+and concluded that the warning is a false positive:
+
+> This seems safe to me, because it's preceded by:
+>
+>     uint8_t* copy_dst = &s->ringbuffer[pos];
+>     uint8_t* copy_src = &s->ringbuffer[src_start];
+>     int dst_end = pos + i;
+>     int src_end = src_start + i;
+>     if (src_end > pos && dst_end > src_start) {
+>       /* Regions intersect. */
+>       goto CommandPostWrapCopy;
+>     }
+>
+> If [src_start, src_start + i) and [pos, pos + i) don't intersect, then
+> neither do [src_start + 16, src_start + i) and [pos + 16, pos + i).
+>
+> The if seems okay:
+>
+>        (src_start + i > pos && pos + i > src_start)
+>
+> which can be rewritten to:
+>
+>        (pos < src_start + i && src_start < pos + i)
+>
+> Then the numbers are in one of these two orders:
+>
+>      pos <= src_start < pos + i <= src_start + i
+>      src_start <= pos < src_start + i <= pos + i
+>
+> These two would be allowed by the "if", but they can only happen if pos
+> == src_start so they degenerate to the same two orders above:
+>
+>      pos <= src_start < src_start + i <= pos + i
+>      src_start <= pos < pos + i <= src_start + i
+>
+> So it is a false positive in GCC.
+
+Disable the warning for now.
+
+Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Cc: Cole Robinson <crobinso@redhat.com>
+Cc: Liming Gao <liming.gao@intel.com>
+Cc: Paolo Bonzini <pbonzini@redhat.com>
+Cc: Yonghong Zhu <yonghong.zhu@intel.com>
+Reported-by: Cole Robinson <crobinso@redhat.com>
+Contributed-under: TianoCore Contribution Agreement 1.1
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+Reviewed-by: Liming Gao <liming.gao@intel.com>
+---
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Upstream-Status: Backport
+ BaseTools/Source/C/Makefiles/header.makefile | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+Index: git/BaseTools/Source/C/Makefiles/header.makefile
+===================================================================
+--- git.orig/BaseTools/Source/C/Makefiles/header.makefile
++++ git/BaseTools/Source/C/Makefiles/header.makefile
+@@ -47,9 +47,9 @@ INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT)
+ BUILD_CPPFLAGS += $(INCLUDE) -O2
+ ifeq ($(DARWIN),Darwin)
+ # assume clang or clang compatible flags on OS X
+-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-self-assign -Wno-unused-result -nostdlib -c -g
++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-self-assign -Wno-unused-result -nostdlib -c -g
+ else
+-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-unused-result -nostdlib -c -g
++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-unused-result -nostdlib -c -g
+ endif
+ BUILD_LFLAGS = $(LDFLAGS)
+ BUILD_CXXFLAGS += -Wno-unused-result

meta/recipes-core/ovmf/ovmf/0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch

@@ -0,0 +1,53 @@
+From 6866325dd9c17412e555974dde41f9631224db52 Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Wed, 7 Mar 2018 10:17:28 +0100
+Subject: [PATCH 3/4] BaseTools/header.makefile: revert gcc-8 "-Wno-xxx"
+ options on OSX
+
+I recently added the gcc-8 specific "-Wno-stringop-truncation" and
+"-Wno-restrict" options to BUILD_CFLAGS, both for "Darwin" (XCODE5 /
+clang, OSX) and otherwise (gcc, Linux / Cygwin).
+
+I also regression-tested the change with gcc-4.8 on Linux -- gcc-4.8 does
+not know either of the (gcc-8 specific) "-Wno-stringop-truncation" and
+"-Wno-restrict" options, yet the build completed fine (by GCC design).
+
+Regarding OSX, my expectation was that
+
+- XCODE5 / clang would either recognize these warnings options (because
+  clang does recognize most -W options of gcc),
+
+- or, similarly to gcc, clang would simply ignore the "-Wno-xxx" flags
+  that it didn't recognize.
+
+Neither is the case; the new flags have broken the BaseTools build on OSX.
+Revert them (for OSX only).
+
+Cc: Liming Gao <liming.gao@intel.com>
+Cc: Yonghong Zhu <yonghong.zhu@intel.com>
+Reported-by: Liming Gao <liming.gao@intel.com>
+Fixes: 1d212a83df0eaf32a6f5d4159beb2d77832e0231
+Fixes: 9222154ae7b3eef75ae88cdb56158256227cb929
+Contributed-under: TianoCore Contribution Agreement 1.1
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+Reviewed-by: Liming Gao <liming.gao@intel.com>
+Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+---
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Upstream-Status: Backport
+ BaseTools/Source/C/Makefiles/header.makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: git/BaseTools/Source/C/Makefiles/header.makefile
+===================================================================
+--- git.orig/BaseTools/Source/C/Makefiles/header.makefile
++++ git/BaseTools/Source/C/Makefiles/header.makefile
+@@ -47,7 +47,7 @@ INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT)
+ BUILD_CPPFLAGS += $(INCLUDE) -O2
+ ifeq ($(DARWIN),Darwin)
+ # assume clang or clang compatible flags on OS X
+-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-self-assign -Wno-unused-result -nostdlib -c -g
++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -c -g
+ else
+ BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-unused-result -nostdlib -c -g
+ endif

meta/recipes-core/ovmf/ovmf/0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch

@@ -0,0 +1,66 @@
+From dfb42a5bff78d9239a80731e337855234badef3e Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Fri, 2 Mar 2018 17:11:52 +0100
+Subject: [PATCH 4/4] BaseTools/GenVtf: silence false "stringop-overflow"
+ warning with memcpy()
+
+gcc-8 (which is part of Fedora 28) enables the new warning
+"-Wstringop-overflow" in "-Wall". This warning is documented in detail at
+<https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html>; the
+introduction says
+
+> Warn for calls to string manipulation functions such as memcpy and
+> strcpy that are determined to overflow the destination buffer.
+
+It breaks the BaseTools build with:
+
+> GenVtf.c: In function 'ConvertVersionInfo':
+> GenVtf.c:132:7: error: 'strncpy' specified bound depends on the length
+> of the source argument [-Werror=stringop-overflow=]
+>        strncpy (TemStr + 4 - Length, Str, Length);
+>        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+> GenVtf.c:130:14: note: length computed here
+>      Length = strlen(Str);
+>               ^~~~~~~~~~~
+
+It is a false positive because, while the bound equals the length of the
+source argument, the destination pointer is moved back towards the
+beginning of the destination buffer by the same amount (and this amount is
+range-checked first, so we can't precede the start of the dest buffer).
+
+Replace both strncpy() calls with memcpy().
+
+Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Cc: Cole Robinson <crobinso@redhat.com>
+Cc: Liming Gao <liming.gao@intel.com>
+Cc: Paolo Bonzini <pbonzini@redhat.com>
+Cc: Yonghong Zhu <yonghong.zhu@intel.com>
+Reported-by: Cole Robinson <crobinso@redhat.com>
+Contributed-under: TianoCore Contribution Agreement 1.1
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+Reviewed-by: Liming Gao <liming.gao@intel.com>
+---
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Upstream-Status: Backport
+ BaseTools/Source/C/GenVtf/GenVtf.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/BaseTools/Source/C/GenVtf/GenVtf.c b/BaseTools/Source/C/GenVtf/GenVtf.c
+index 2ae9a7be2c..0cd33e71e9 100644
+--- a/BaseTools/Source/C/GenVtf/GenVtf.c
++++ b/BaseTools/Source/C/GenVtf/GenVtf.c
+@@ -129,9 +129,9 @@ Returns:
+   } else {
+     Length = strlen(Str);
+     if (Length < 4) {
+-      strncpy (TemStr + 4 - Length, Str, Length);
++      memcpy (TemStr + 4 - Length, Str, Length);
+     } else {
+-      strncpy (TemStr, Str + Length - 4, 4);
++      memcpy (TemStr, Str + Length - 4, 4);
+     }
+   
+     sscanf (
+-- 
+2.17.0
+

meta/recipes-core/ovmf/ovmf/no-stack-protector-all-archs.patch

@@ -17,4 +17,4 @@ Index: git/BaseTools/Conf/tools_def.template
 +DEFINE GCC44_ALL_CC_FLAGS            = -g -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -ffunction-sections -fdata-sections -fno-stack-protector -include AutoGen.h -fno-common -DSTRING_ARRAY_NAME=$(BASE_NAME)Strings
  DEFINE GCC44_IA32_CC_FLAGS           = DEF(GCC44_ALL_CC_FLAGS) -m32 -march=i586 -malign-double -fno-stack-protector -D EFI32 -fno-asynchronous-unwind-tables -fno-PIE -no-pie
  DEFINE GCC44_X64_CC_FLAGS            = DEF(GCC44_ALL_CC_FLAGS) -m64 -fno-stack-protector "-DEFIAPI=__attribute__((ms_abi))" -maccumulate-outgoing-args -mno-red-zone -Wno-address -mcmodel=small -fpie -fno-asynchronous-unwind-tables
- DEFINE GCC44_IA32_X64_DLINK_COMMON   = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x20
+ DEFINE GCC44_IA32_X64_DLINK_COMMON   = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x20 -no-pie

meta/recipes-core/ovmf/ovmf_git.bb

@@ -19,6 +19,10 @@ SRC_URI = "git://github.com/tianocore/edk2.git;branch=master \
 	file://0004-ovmf-enable-long-path-file.patch \
 	file://VfrCompile-increase-path-length-limit.patch \
 	file://no-stack-protector-all-archs.patch \
+	file://0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch \
+	file://0002-BaseTools-header.makefile-add-Wno-restrict.patch \
+	file://0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch \
+	file://0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch \
         "
 UPSTREAM_VERSION_UNKNOWN = "1"
 
@@ -35,7 +39,7 @@ SRC_URI[openssl.sha256sum] = "57be8618979d80c910728cfc99369bf97b2a1abd8f366ab6eb
 
 inherit deploy
 
-PARALLEL_MAKE_class-native = ""
+PARALLEL_MAKE = ""
 
 S = "${WORKDIR}/git"
 

meta/recipes-core/systemd/systemd_234.bb

@@ -344,7 +344,7 @@ USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'networkd', '--sys
 USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'coredump', '--system -d / -M --shell /bin/nologin systemd-coredump;', '', d)}"
 USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'resolved', '--system -d / -M --shell /bin/nologin systemd-resolve;', '', d)}"
 USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'polkit', '--system --no-create-home --user-group --home-dir ${sysconfdir}/polkit-1 polkitd;', '', d)}"
-GROUPADD_PARAM_${PN} = "-r lock; -r systemd-journal"
+GROUPADD_PARAM_${PN} = "-r systemd-journal"
 USERADD_PARAM_${PN}-extra-utils += "--system -d / -M --shell /bin/nologin systemd-bus-proxy;"
 
 FILES_${PN}-analyze = "${bindir}/systemd-analyze"

meta/recipes-devtools/binutils/binutils-2.29.1.inc

@@ -18,7 +18,7 @@ BINUPV = "${@binutils_branch_version(d)}"
 
 UPSTREAM_CHECK_GITTAGREGEX = "binutils-(?P<pver>\d+_(\d_?)*)"
 
-SRCREV ?= "90276f15379d380761fc499da2ba24cfb3c12a94"
+SRCREV ?= "8efd17cb25686c51b9db6531ae2fbeb2e6ef2399"
 BINUTILS_GIT_URI ?= "git://sourceware.org/git/binutils-gdb.git;branch=binutils-${BINUPV}-branch;protocol=git"
 SRC_URI = "\
      ${BINUTILS_GIT_URI} \
@@ -35,6 +35,48 @@ SRC_URI = "\
      file://0013-fix-the-incorrect-assembling-for-ppc-wait-mnemonic.patch \
      file://0014-Detect-64-bit-MIPS-targets.patch \
      file://0015-sync-with-OE-libtool-changes.patch \
+     file://CVE-2017-17124.patch \
+     file://CVE-2017-14930.patch \
+     file://CVE-2017-14932.patch \
+     file://CVE-2017-14933_p1.patch \
+     file://CVE-2017-14933_p2.patch \
+     file://CVE-2017-14934.patch \
+     file://CVE-2017-14938.patch \
+     file://CVE-2017-14939.patch \
+     file://CVE-2017-14940.patch \
+     file://CVE-2017-15021.patch \
+     file://CVE-2017-15022.patch \
+     file://CVE-2017-15023.patch \
+     file://CVE-2017-15024.patch \
+     file://CVE-2017-15025.patch \
+     file://CVE-2017-15225.patch \
+     file://CVE-2017-15939.patch \
+     file://CVE-2017-15996.patch \
+     file://CVE-2017-16826.patch \
+     file://CVE-2017-16827.patch \
+     file://CVE-2017-16828_p1.patch \
+     file://CVE-2017-16828_p2.patch \
+     file://CVE-2017-16829.patch \
+     file://CVE-2017-16830.patch \
+     file://CVE-2017-16831.patch \
+     file://CVE-2017-16832.patch \
+     file://CVE-2017-17080.patch \
+     file://CVE-2017-17121.patch \
+     file://CVE-2017-17122.patch \
+     file://CVE-2017-17125.patch \
+     file://CVE-2017-17123.patch \
+     file://CVE-2018-10372.patch \
+     file://CVE-2018-10373.patch \
+     file://CVE-2018-10534.patch \
+     file://CVE-2018-10535.patch \
+     file://CVE-2018-13033.patch \
+     file://CVE-2018-6323.patch \
+     file://CVE-2018-6759.patch \
+     file://CVE-2018-7208.patch \
+     file://CVE-2018-7568_p1.patch \
+     file://CVE-2018-7568_p2.patch \
+     file://CVE-2018-7569.patch \
+     file://CVE-2018-7642.patch \
 "
 S  = "${WORKDIR}/git"
 

meta/recipes-devtools/binutils/binutils/CVE-2017-14930.patch

@@ -0,0 +1,53 @@
+From a26a013f22a19e2c16729e64f40ef8a7dfcc086e Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sun, 24 Sep 2017 17:10:14 +0930
+Subject: [PATCH] PR22191, memory leak in dwarf2.c
+
+table->sequences is a linked list before it is replaced by a bfd_alloc
+array in sort_line_sequences.
+
+	PR 22191
+	* dwarf2.c (decode_line_info): Properly free line sequences on error.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE:  CVE-2017-14930
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 5 +++++
+ bfd/dwarf2.c  | 8 ++++++--
+ 2 files changed, 11 insertions(+), 2 deletions(-)
+
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c
++++ git/bfd/dwarf2.c
+@@ -2473,8 +2473,12 @@ decode_line_info (struct comp_unit *unit
+     return table;
+ 
+  fail:
+-  if (table->sequences != NULL)
+-    free (table->sequences);
++  while (table->sequences != NULL)
++    {
++      struct line_sequence* seq = table->sequences;
++      table->sequences = table->sequences->prev_sequence;
++      free (seq);
++    }
+   if (table->files != NULL)
+     free (table->files);
+   if (table->dirs != NULL)
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,8 @@
++2017-09-24  Alan Modra  <amodra@gmail.com>
++
++       PR 22191
++       * dwarf2.c (decode_line_info): Properly free line sequences on error.
++
+ 2017-11-28  Nick Clifton  <nickc@redhat.com>
+ 
+        PR 22507

meta/recipes-devtools/binutils/binutils/CVE-2017-14932.patch

@@ -0,0 +1,46 @@
+From e338894dc2e603683bed2172e8e9f25b29051005 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Tue, 26 Sep 2017 09:32:18 +0930
+Subject: [PATCH] PR22204, Lack of DW_LNE_end_sequence causes "infinite" loop
+
+	PR 22204
+	* dwarf2.c (decode_line_info): Ensure line_ptr stays within
+	bounds in inner loop.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-14932
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 6 ++++++
+ bfd/dwarf2.c  | 2 +-
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c
++++ git/bfd/dwarf2.c
+@@ -2269,7 +2269,7 @@ decode_line_info (struct comp_unit *unit
+       bfd_vma high_pc = 0;
+ 
+       /* Decode the table.  */
+-      while (! end_sequence)
++      while (!end_sequence && line_ptr < line_end)
+ 	{
+ 	  op_code = read_1_byte (abfd, line_ptr, line_end);
+ 	  line_ptr += 1;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,9 @@
++2017-09-26  Alan Modra  <amodra@gmail.com>
++
++       PR 22204
++       * dwarf2.c (decode_line_info): Ensure line_ptr stays within
++       bounds in inner loop.
++
+ 2017-09-24  Alan Modra  <amodra@gmail.com>
+ 
+        PR 22191

meta/recipes-devtools/binutils/binutils/CVE-2017-14933_p1.patch

@@ -0,0 +1,58 @@
+From 30d0157a2ad64e64e5ff9fcc0dbe78a3e682f573 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 26 Sep 2017 14:37:47 +0100
+Subject: [PATCH] Avoid needless resource usage when processing a corrupt DWARF
+ directory or file name table.
+
+	PR 22210
+	* dwarf2.c (read_formatted_entries): Fail early if we know that
+	the loop parsing data entries will overflow the end of the
+	section.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-14933 #1
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog |  7 +++++++
+ bfd/dwarf2.c  | 10 ++++++++++
+ 2 files changed, 17 insertions(+)
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,10 @@
++2017-09-26  Nick Clifton  <nickc@redhat.com>
++
++	PR 22210
++	* dwarf2.c (read_formatted_entries): Fail early if we know that
++	the loop parsing data entries will overflow the end of the
++	section.
++
+ 2017-09-26  Alan Modra  <amodra@gmail.com>
+ 
+        PR 22204
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c
++++ git/bfd/dwarf2.c
+@@ -1933,6 +1933,17 @@ read_formatted_entries (struct comp_unit
+ 
+   data_count = _bfd_safe_read_leb128 (abfd, buf, &bytes_read, FALSE, buf_end);
+   buf += bytes_read;
++
++  /* PR 22210.  Paranoia check.  Don't bother running the loop
++     if we know that we are going to run out of buffer.  */
++  if (data_count > (bfd_vma) (buf_end - buf))
++    {
++      _bfd_error_handler (_("Dwarf Error: data count (%Lx) larger than buffer size."),
++                         data_count);
++      bfd_set_error (bfd_error_bad_value);
++      return FALSE;
++    }
++
+   for (datai = 0; datai < data_count; datai++)
+     {
+       bfd_byte *format = format_header_data;

meta/recipes-devtools/binutils/binutils/CVE-2017-14933_p2.patch

@@ -0,0 +1,102 @@
+From 33e0a9a056bd23e923b929a4f2ab049ade0b1c32 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Tue, 26 Sep 2017 23:20:06 +0930
+Subject: [PATCH] Tidy reading data in read_formatted_entries
+
+Using read_attribute_value accomplishes two things: It checks for
+unexpected formats, and ensures the buffer pointer always increments.
+
+	PR 22210
+	* dwarf2.c (read_formatted_entries): Use read_attribute_value to
+	read data.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-14933 #2
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog |  6 ++++++
+ bfd/dwarf2.c  | 37 +++++++------------------------------
+ 2 files changed, 13 insertions(+), 30 deletions(-)
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,9 @@
++2017-09-26  Alan Modra  <amodra@gmail.com>
++
++	PR 22210
++	* dwarf2.c (read_formatted_entries): Use read_attribute_value to
++	read data.
++
+ 2017-09-26  Nick Clifton  <nickc@redhat.com>
+ 
+ 	PR 22210
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c
++++ git/bfd/dwarf2.c
+@@ -1955,6 +1955,7 @@ read_formatted_entries (struct comp_unit
+ 	  char *string_trash;
+ 	  char **stringp = &string_trash;
+ 	  unsigned int uint_trash, *uintp = &uint_trash;
++	  struct attribute attr;
+ 
+ 	  content_type = _bfd_safe_read_leb128 (abfd, format, &bytes_read,
+ 						FALSE, buf_end);
+@@ -1986,47 +1987,23 @@ read_formatted_entries (struct comp_unit
+ 	  form = _bfd_safe_read_leb128 (abfd, format, &bytes_read, FALSE,
+ 					buf_end);
+ 	  format += bytes_read;
++
++	  buf = read_attribute_value (&attr, form, 0, unit, buf, buf_end);
++	  if (buf == NULL)
++	    return FALSE;
+ 	  switch (form)
+ 	    {
+ 	    case DW_FORM_string:
+-	      *stringp = read_string (abfd, buf, buf_end, &bytes_read);
+-	      buf += bytes_read;
+-	      break;
+-
+ 	    case DW_FORM_line_strp:
+-	      *stringp = read_indirect_line_string (unit, buf, buf_end, &bytes_read);
+-	      buf += bytes_read;
++	      *stringp = attr.u.str;
+ 	      break;
+ 
+ 	    case DW_FORM_data1:
+-	      *uintp = read_1_byte (abfd, buf, buf_end);
+-	      buf += 1;
+-	      break;
+-
+ 	    case DW_FORM_data2:
+-	      *uintp = read_2_bytes (abfd, buf, buf_end);
+-	      buf += 2;
+-	      break;
+-
+ 	    case DW_FORM_data4:
+-	      *uintp = read_4_bytes (abfd, buf, buf_end);
+-	      buf += 4;
+-	      break;
+-
+ 	    case DW_FORM_data8:
+-	      *uintp = read_8_bytes (abfd, buf, buf_end);
+-	      buf += 8;
+-	      break;
+-
+ 	    case DW_FORM_udata:
+-	      *uintp = _bfd_safe_read_leb128 (abfd, buf, &bytes_read, FALSE,
+-					      buf_end);
+-	      buf += bytes_read;
+-	      break;
+-
+-	    case DW_FORM_block:
+-	      /* It is valid only for DW_LNCT_timestamp which is ignored by
+-		 current GDB.  */
++	      *uintp = attr.u.val;
+ 	      break;
+ 	    }
+ 	}

meta/recipes-devtools/binutils/binutils/CVE-2017-14934.patch

@@ -0,0 +1,63 @@
+From 19485196044b2521af979f1e5c4a89bfb90fba0b Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 27 Sep 2017 10:42:51 +0100
+Subject: [PATCH] Prevent an infinite loop in the DWARF parsing code when
+ encountering a CU structure with a small negative size.
+
+	PR 22219
+	* dwarf.c (process_debug_info): Add a check for a negative
+	cu_length field.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-14934
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog |  6 ++++++
+ binutils/dwarf.c   | 11 ++++++++++-
+ 2 files changed, 16 insertions(+), 1 deletion(-)
+
+Index: git/binutils/dwarf.c
+===================================================================
+--- git.orig/binutils/dwarf.c
++++ git/binutils/dwarf.c
+@@ -2547,7 +2547,7 @@ process_debug_info (struct dwarf_section
+       int level, last_level, saved_level;
+       dwarf_vma cu_offset;
+       unsigned int offset_size;
+-      int initial_length_size;
++      unsigned int initial_length_size;
+       dwarf_vma signature_high = 0;
+       dwarf_vma signature_low = 0;
+       dwarf_vma type_offset = 0;
+@@ -2695,6 +2695,15 @@ process_debug_info (struct dwarf_section
+ 	  num_units = unit;
+ 	  break;
+ 	}
++      else if (compunit.cu_length + initial_length_size < initial_length_size)
++	{
++	  warn (_("Debug info is corrupted, length of CU at %s is negative (%s)\n"),
++		dwarf_vmatoa ("x", cu_offset),
++		dwarf_vmatoa ("x", compunit.cu_length));
++	  num_units = unit;
++	  break;
++	}
++
+       tags = hdrptr;
+       start += compunit.cu_length + initial_length_size;
+ 
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog
++++ git/binutils/ChangeLog
+@@ -1,3 +1,9 @@
++2017-09-27  Nick Clifton  <nickc@redhat.com>
++
++       PR 22219
++       * dwarf.c (process_debug_info): Add a check for a negative
++       cu_length field.
++
+ 2017-11-01  Alan Modra  <amodra@gmail.com>
+ 
+ 	Apply from master

meta/recipes-devtools/binutils/binutils/CVE-2017-14938.patch

@@ -0,0 +1,64 @@
+From bd61e135492ecf624880e6b78e5fcde3c9716df6 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sun, 24 Sep 2017 14:34:57 +0930
+Subject: [PATCH] PR22166, SHT_GNU_verneed memory allocation
+
+The sanity check covers the previous minimim size, plus that the size
+is at least enough for sh_info verneed entries.
+
+Also, since we write all verneed fields or exit with an error, there
+isn't any need to zero the memory allocated for verneed entries.
+
+	PR 22166
+	* elf.c (_bfd_elf_slurp_version_tables): Test sh_info on
+	SHT_GNU_verneed section for sanity.  Don't zalloc memory for
+	verref.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-14938
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 7 +++++++
+ bfd/elf.c     | 5 +++--
+ 2 files changed, 10 insertions(+), 2 deletions(-)
+
+Index: git/bfd/elf.c
+===================================================================
+--- git.orig/bfd/elf.c
++++ git/bfd/elf.c
+@@ -8198,7 +8198,8 @@ _bfd_elf_slurp_version_tables (bfd *abfd
+ 
+       hdr = &elf_tdata (abfd)->dynverref_hdr;
+ 
+-      if (hdr->sh_info == 0 || hdr->sh_size < sizeof (Elf_External_Verneed))
++      if (hdr->sh_info == 0
++	  || hdr->sh_info > hdr->sh_size / sizeof (Elf_External_Verneed))
+ 	{
+ error_return_bad_verref:
+ 	  _bfd_error_handler
+@@ -8219,7 +8220,7 @@ error_return_verref:
+ 	goto error_return_verref;
+ 
+       elf_tdata (abfd)->verref = (Elf_Internal_Verneed *)
+-	bfd_zalloc2 (abfd, hdr->sh_info, sizeof (Elf_Internal_Verneed));
++	bfd_alloc2 (abfd, hdr->sh_info, sizeof (Elf_Internal_Verneed));
+ 
+       if (elf_tdata (abfd)->verref == NULL)
+ 	goto error_return_verref;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,10 @@
++2017-09-24  Alan Modra  <amodra@gmail.com>
++
++       PR 22166
++       * elf.c (_bfd_elf_slurp_version_tables): Test sh_info on
++       SHT_GNU_verneed section for sanity.  Don't zalloc memory for
++       verref.
++
+ 2017-09-26  Alan Modra  <amodra@gmail.com>
+ 
+ 	PR 22210

meta/recipes-devtools/binutils/binutils/CVE-2017-14939.patch

@@ -0,0 +1,56 @@
+From 515f23e63c0074ab531bc954f84ca40c6281a724 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sun, 24 Sep 2017 14:36:16 +0930
+Subject: [PATCH] PR22169, heap-based buffer overflow in read_1_byte
+
+The .debug_line header length field doesn't include the length field
+itself, ie. it's the size of the rest of .debug_line.
+
+	PR 22169
+	* dwarf2.c (decode_line_info): Correct .debug_line unit_length check.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-14939
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 5 +++++
+ bfd/dwarf2.c  | 7 ++++---
+ 2 files changed, 9 insertions(+), 3 deletions(-)
+
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c
++++ git/bfd/dwarf2.c
+@@ -2084,12 +2084,13 @@ decode_line_info (struct comp_unit *unit
+       offset_size = 8;
+     }
+ 
+-  if (unit->line_offset + lh.total_length > stash->dwarf_line_size)
++  if (lh.total_length > (size_t) (line_end - line_ptr))
+     {
+       _bfd_error_handler
+ 	/* xgettext: c-format */
+-	(_("Dwarf Error: Line info data is bigger (%#Lx) than the space remaining in the section (%#Lx)"),
+-	 lh.total_length, stash->dwarf_line_size - unit->line_offset);
++	(_("Dwarf Error: Line info data is bigger (%#Lx)"
++	   " than the space remaining in the section (%#lx)"),
++	 lh.total_length, (unsigned long) (line_end - line_ptr));
+       bfd_set_error (bfd_error_bad_value);
+       return NULL;
+     }
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,4 +1,9 @@
+ 2017-09-24  Alan Modra  <amodra@gmail.com>
++ 
++       PR 22169
++       * dwarf2.c (decode_line_info): Correct .debug_line unit_length check.
++
++2017-09-24  Alan Modra  <amodra@gmail.com>
+ 
+        PR 22166
+        * elf.c (_bfd_elf_slurp_version_tables): Test sh_info on

meta/recipes-devtools/binutils/binutils/CVE-2017-14940.patch

@@ -0,0 +1,47 @@
+From 0d76029f92182c3682d8be2c833d45bc9a2068fe Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sun, 24 Sep 2017 14:35:33 +0930
+Subject: [PATCH] PR22167, NULL pointer dereference in scan_unit_for_symbols
+
+	PR 22167
+	* dwarf2.c (scan_unit_for_symbols): Check u.blk->data is non-NULL.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-14940
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 5 +++++
+ bfd/dwarf2.c  | 3 ++-
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c
++++ git/bfd/dwarf2.c
+@@ -3202,7 +3202,8 @@ scan_unit_for_symbols (struct comp_unit
+ 		    case DW_FORM_block2:
+ 		    case DW_FORM_block4:
+ 		    case DW_FORM_exprloc:
+-		      if (*attr.u.blk->data == DW_OP_addr)
++		      if (attr.u.blk->data != NULL
++			  && *attr.u.blk->data == DW_OP_addr)
+ 			{
+ 			  var->stack = 0;
+ 
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,5 +1,10 @@
+ 2017-09-24  Alan Modra  <amodra@gmail.com>
+  
++       PR 22167
++       * dwarf2.c (scan_unit_for_symbols): Check u.blk->data is non-NULL.
++
++2017-09-24  Alan Modra  <amodra@gmail.com>
++ 
+        PR 22169
+        * dwarf2.c (decode_line_info): Correct .debug_line unit_length check.
+ 

meta/recipes-devtools/binutils/binutils/CVE-2017-15021.patch

@@ -0,0 +1,48 @@
+From 52b36c51e5bf6d7600fdc6ba115b170b0e78e31d Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sun, 24 Sep 2017 21:36:18 +0930
+Subject: [PATCH] PR22197, buffer overflow in bfd_get_debug_link_info_1
+
+	PR 22197
+	* opncls.c (bfd_get_debug_link_info_1): Properly check that crc is
+	within section bounds.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-15021
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 6 ++++++
+ bfd/opncls.c  | 2 +-
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+Index: git/bfd/opncls.c
+===================================================================
+--- git.orig/bfd/opncls.c
++++ git/bfd/opncls.c
+@@ -1200,7 +1200,7 @@ bfd_get_debug_link_info_1 (bfd *abfd, vo
+   /* PR 17597: avoid reading off the end of the buffer.  */
+   crc_offset = strnlen (name, bfd_get_section_size (sect)) + 1;
+   crc_offset = (crc_offset + 3) & ~3;
+-  if (crc_offset >= bfd_get_section_size (sect))
++  if (crc_offset + 4 > bfd_get_section_size (sect))
+     return NULL;
+ 
+   *crc32 = bfd_get_32 (abfd, contents + crc_offset);
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,5 +1,11 @@
+ 2017-09-24  Alan Modra  <amodra@gmail.com>
+  
++       PR 22197
++       * opncls.c (bfd_get_debug_link_info_1): Properly check that crc is
++       within section bounds.
++
++2017-09-24  Alan Modra  <amodra@gmail.com>
++ 
+        PR 22167
+        * dwarf2.c (scan_unit_for_symbols): Check u.blk->data is non-NULL.
+ 

meta/recipes-devtools/binutils/binutils/CVE-2017-15022.patch

@@ -0,0 +1,61 @@
+From 11855d8a1f11b102a702ab76e95b22082cccf2f8 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Mon, 25 Sep 2017 19:46:34 +0930
+Subject: [PATCH] PR22201, DW_AT_name with out of bounds reference
+
+DW_AT_name ought to always have a string value.
+
+	PR 22201
+	* dwarf2.c (scan_unit_for_symbols): Ignore DW_AT_name unless it
+	has string form.
+	(parse_comp_unit): Likewise.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-15022
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 7 +++++++
+ bfd/dwarf2.c  | 6 ++++--
+ 2 files changed, 11 insertions(+), 2 deletions(-)
+
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c
++++ git/bfd/dwarf2.c
+@@ -3177,7 +3177,8 @@ scan_unit_for_symbols (struct comp_unit
+ 	      switch (attr.name)
+ 		{
+ 		case DW_AT_name:
+-		  var->name = attr.u.str;
++		  if (is_str_attr (attr.form))
++		    var->name = attr.u.str;
+ 		  break;
+ 
+ 		case DW_AT_decl_file:
+@@ -3429,7 +3430,8 @@ parse_comp_unit (struct dwarf2_debug *st
+ 	  break;
+ 
+ 	case DW_AT_name:
+-	  unit->name = attr.u.str;
++	  if (is_str_attr (attr.form))
++	    unit->name = attr.u.str;
+ 	  break;
+ 
+ 	case DW_AT_low_pc:
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,10 @@
++2017-09-25  Alan Modra  <amodra@gmail.com>
++ 
++       PR 22201
++       * dwarf2.c (scan_unit_for_symbols): Ignore DW_AT_name unless it
++       has string form.
++       (parse_comp_unit): Likewise.
++
+ 2017-09-24  Alan Modra  <amodra@gmail.com>
+  
+        PR 22197

meta/recipes-devtools/binutils/binutils/CVE-2017-15023.patch

@@ -0,0 +1,52 @@
+From c361faae8d964db951b7100cada4dcdc983df1bf Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Mon, 25 Sep 2017 19:03:46 +0930
+Subject: [PATCH] PR22200, DWARF5 .debug_line sanity check
+
+The format_count entry can't be zero unless the count is also zero.
+
+	PR 22200
+	* dwarf2.c (read_formatted_entries): Error on format_count zero.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-15023
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 5 +++++
+ bfd/dwarf2.c  | 7 +++++++
+ 2 files changed, 12 insertions(+)
+
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c
++++ git/bfd/dwarf2.c
+@@ -1934,6 +1934,13 @@ read_formatted_entries (struct comp_unit
+   data_count = _bfd_safe_read_leb128 (abfd, buf, &bytes_read, FALSE, buf_end);
+   buf += bytes_read;
+ 
++  if (format_count == 0 && data_count != 0)
++    {
++      _bfd_error_handler (_("Dwarf Error: Zero format count."));
++      bfd_set_error (bfd_error_bad_value);
++      return FALSE;
++    }
++
+   /* PR 22210.  Paranoia check.  Don't bother running the loop
+      if we know that we are going to run out of buffer.  */
+   if (data_count > (bfd_vma) (buf_end - buf))
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,4 +1,9 @@
+ 2017-09-25  Alan Modra  <amodra@gmail.com>
++
++       PR 22200
++       * dwarf2.c (read_formatted_entries): Error on format_count zero.
++
++2017-09-25  Alan Modra  <amodra@gmail.com>
+  
+        PR 22201
+        * dwarf2.c (scan_unit_for_symbols): Ignore DW_AT_name unless it

meta/recipes-devtools/binutils/binutils/CVE-2017-15024.patch

@@ -0,0 +1,227 @@
+From 52a93b95ec0771c97e26f0bb28630a271a667bd2 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sun, 24 Sep 2017 14:37:16 +0930
+Subject: [PATCH] PR22187, infinite loop in find_abstract_instance_name
+
+This patch prevents the simple case of infinite recursion in
+find_abstract_instance_name by ensuring that the attributes being
+processed are not the same as the previous call.
+
+The patch also does a little cleanup, and leaves in place some changes
+to the nested_funcs array that I made when I wrongly thought looping
+might occur in scan_unit_for_symbols.
+
+	PR 22187
+	* dwarf2.c (find_abstract_instance_name): Add orig_info_ptr and
+	pname param.  Return status.  Make name const.  Don't abort,
+	return an error.  Formatting.  Exit if current info_ptr matches
+	orig_info_ptr.  Update callers.
+	(scan_unit_for_symbols): Start at nesting_level of zero.  Make
+	nested_funcs an array of structs for extensibility.  Formatting.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-15024
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 10 ++++++++
+ bfd/dwarf2.c  | 76 +++++++++++++++++++++++++++++++++++++++--------------------
+ 2 files changed, 61 insertions(+), 25 deletions(-)
+
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c
++++ git/bfd/dwarf2.c
+@@ -2823,9 +2823,11 @@ lookup_symbol_in_variable_table (struct
+   return FALSE;
+ }
+ 
+-static char *
++static bfd_boolean
+ find_abstract_instance_name (struct comp_unit *unit,
++			     bfd_byte *orig_info_ptr,
+ 			     struct attribute *attr_ptr,
++			     const char **pname,
+ 			     bfd_boolean *is_linkage)
+ {
+   bfd *abfd = unit->abfd;
+@@ -2835,7 +2837,7 @@ find_abstract_instance_name (struct comp
+   struct abbrev_info *abbrev;
+   bfd_uint64_t die_ref = attr_ptr->u.val;
+   struct attribute attr;
+-  char *name = NULL;
++  const char *name = NULL;
+ 
+   /* DW_FORM_ref_addr can reference an entry in a different CU. It
+      is an offset from the .debug_info section, not the current CU.  */
+@@ -2844,7 +2846,12 @@ find_abstract_instance_name (struct comp
+       /* We only support DW_FORM_ref_addr within the same file, so
+ 	 any relocations should be resolved already.  */
+       if (!die_ref)
+-	abort ();
++	{
++	  _bfd_error_handler
++	    (_("Dwarf Error: Abstract instance DIE ref zero."));
++	  bfd_set_error (bfd_error_bad_value);
++	  return FALSE;
++	}
+ 
+       info_ptr = unit->sec_info_ptr + die_ref;
+       info_ptr_end = unit->end_ptr;
+@@ -2879,9 +2886,10 @@ find_abstract_instance_name (struct comp
+ 	  _bfd_error_handler
+ 	    (_("Dwarf Error: Unable to read alt ref %u."), die_ref);
+ 	  bfd_set_error (bfd_error_bad_value);
+-	  return NULL;
++	  return FALSE;
+ 	}
+-      info_ptr_end = unit->stash->alt_dwarf_info_buffer + unit->stash->alt_dwarf_info_size;
++      info_ptr_end = (unit->stash->alt_dwarf_info_buffer
++		      + unit->stash->alt_dwarf_info_size);
+ 
+       /* FIXME: Do we need to locate the correct CU, in a similar
+ 	 fashion to the code in the DW_FORM_ref_addr case above ?  */
+@@ -2904,6 +2912,7 @@ find_abstract_instance_name (struct comp
+ 	  _bfd_error_handler
+ 	    (_("Dwarf Error: Could not find abbrev number %u."), abbrev_number);
+ 	  bfd_set_error (bfd_error_bad_value);
++	  return FALSE;
+ 	}
+       else
+ 	{
+@@ -2913,6 +2922,15 @@ find_abstract_instance_name (struct comp
+ 					 info_ptr, info_ptr_end);
+ 	      if (info_ptr == NULL)
+ 		break;
++	      /* It doesn't ever make sense for DW_AT_specification to
++		 refer to the same DIE.  Stop simple recursion.  */
++	      if (info_ptr == orig_info_ptr)
++		{
++		  _bfd_error_handler
++		    (_("Dwarf Error: Abstract instance recursion detected."));
++		  bfd_set_error (bfd_error_bad_value);
++		  return FALSE;
++		}
+ 	      switch (attr.name)
+ 		{
+ 		case DW_AT_name:
+@@ -2926,7 +2944,9 @@ find_abstract_instance_name (struct comp
+ 		    }
+ 		  break;
+ 		case DW_AT_specification:
+-		  name = find_abstract_instance_name (unit, &attr, is_linkage);
++		  if (!find_abstract_instance_name (unit, info_ptr, &attr,
++						    pname, is_linkage))
++		    return FALSE;
+ 		  break;
+ 		case DW_AT_linkage_name:
+ 		case DW_AT_MIPS_linkage_name:
+@@ -2944,7 +2964,8 @@ find_abstract_instance_name (struct comp
+ 	    }
+ 	}
+     }
+-  return name;
++  *pname = name;
++  return TRUE;
+ }
+ 
+ static bfd_boolean
+@@ -3005,20 +3026,22 @@ scan_unit_for_symbols (struct comp_unit
+   bfd *abfd = unit->abfd;
+   bfd_byte *info_ptr = unit->first_child_die_ptr;
+   bfd_byte *info_ptr_end = unit->stash->info_ptr_end;
+-  int nesting_level = 1;
+-  struct funcinfo **nested_funcs;
++  int nesting_level = 0;
++  struct nest_funcinfo {
++    struct funcinfo *func;
++  } *nested_funcs;
+   int nested_funcs_size;
+ 
+   /* Maintain a stack of in-scope functions and inlined functions, which we
+      can use to set the caller_func field.  */
+   nested_funcs_size = 32;
+-  nested_funcs = (struct funcinfo **)
+-    bfd_malloc (nested_funcs_size * sizeof (struct funcinfo *));
++  nested_funcs = (struct nest_funcinfo *)
++    bfd_malloc (nested_funcs_size * sizeof (*nested_funcs));
+   if (nested_funcs == NULL)
+     return FALSE;
+-  nested_funcs[nesting_level] = 0;
++  nested_funcs[nesting_level].func = 0;
+ 
+-  while (nesting_level)
++  while (nesting_level >= 0)
+     {
+       unsigned int abbrev_number, bytes_read, i;
+       struct abbrev_info *abbrev;
+@@ -3076,13 +3099,13 @@ scan_unit_for_symbols (struct comp_unit
+ 	  BFD_ASSERT (!unit->cached);
+ 
+ 	  if (func->tag == DW_TAG_inlined_subroutine)
+-	    for (i = nesting_level - 1; i >= 1; i--)
+-	      if (nested_funcs[i])
++	    for (i = nesting_level; i-- != 0; )
++	      if (nested_funcs[i].func)
+ 		{
+-		  func->caller_func = nested_funcs[i];
++		  func->caller_func = nested_funcs[i].func;
+ 		  break;
+ 		}
+-	  nested_funcs[nesting_level] = func;
++	  nested_funcs[nesting_level].func = func;
+ 	}
+       else
+ 	{
+@@ -3102,12 +3125,13 @@ scan_unit_for_symbols (struct comp_unit
+ 	    }
+ 
+ 	  /* No inline function in scope at this nesting level.  */
+-	  nested_funcs[nesting_level] = 0;
++	  nested_funcs[nesting_level].func = 0;
+ 	}
+ 
+       for (i = 0; i < abbrev->num_attrs; ++i)
+ 	{
+-	  info_ptr = read_attribute (&attr, &abbrev->attrs[i], unit, info_ptr, info_ptr_end);
++	  info_ptr = read_attribute (&attr, &abbrev->attrs[i],
++				     unit, info_ptr, info_ptr_end);
+ 	  if (info_ptr == NULL)
+ 	    goto fail;
+ 
+@@ -3126,8 +3150,10 @@ scan_unit_for_symbols (struct comp_unit
+ 
+ 		case DW_AT_abstract_origin:
+ 		case DW_AT_specification:
+-		  func->name = find_abstract_instance_name (unit, &attr,
+-							    &func->is_linkage);
++		  if (!find_abstract_instance_name (unit, info_ptr, &attr,
++						    &func->name,
++						    &func->is_linkage))
++		    goto fail;
+ 		  break;
+ 
+ 		case DW_AT_name:
+@@ -3254,17 +3280,17 @@ scan_unit_for_symbols (struct comp_unit
+ 
+ 	  if (nesting_level >= nested_funcs_size)
+ 	    {
+-	      struct funcinfo **tmp;
++	      struct nest_funcinfo *tmp;
+ 
+ 	      nested_funcs_size *= 2;
+-	      tmp = (struct funcinfo **)
++	      tmp = (struct nest_funcinfo *)
+ 		bfd_realloc (nested_funcs,
+-			     nested_funcs_size * sizeof (struct funcinfo *));
++			     nested_funcs_size * sizeof (*nested_funcs));
+ 	      if (tmp == NULL)
+ 		goto fail;
+ 	      nested_funcs = tmp;
+ 	    }
+-	  nested_funcs[nesting_level] = 0;
++	  nested_funcs[nesting_level].func = 0;
+ 	}
+     }
+ 

meta/recipes-devtools/binutils/binutils/CVE-2017-15025.patch

@@ -0,0 +1,47 @@
+From d8010d3e75ec7194a4703774090b27486b742d48 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sun, 24 Sep 2017 14:36:48 +0930
+Subject: [PATCH] PR22186, divide-by-zero in decode_line_info
+
+	PR 22186
+	* dwarf2.c (decode_line_info): Fail on lh.line_range of zero
+	rather than dividing by zero.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-15025
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 6 ++++++
+ bfd/dwarf2.c  | 2 ++
+ 2 files changed, 8 insertions(+)
+
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c
++++ git/bfd/dwarf2.c
+@@ -2432,6 +2432,8 @@ decode_line_info (struct comp_unit *unit
+ 	    case DW_LNS_set_basic_block:
+ 	      break;
+ 	    case DW_LNS_const_add_pc:
++	      if (lh.line_range == 0)
++		goto line_fail;
+ 	      if (lh.maximum_ops_per_insn == 1)
+ 		address += (lh.minimum_instruction_length
+ 			    * ((255 - lh.opcode_base) / lh.line_range));
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,10 @@
++2017-09-24  Alan Modra  <amodra@gmail.com>
++
++       PR 22186
++       * dwarf2.c (decode_line_info): Fail on lh.line_range of zero
++       rather than dividing by zero.
++
++
+ 2017-09-25  Alan Modra  <amodra@gmail.com>
+ 
+        PR 22200

meta/recipes-devtools/binutils/binutils/CVE-2017-15225.patch

@@ -0,0 +1,48 @@
+From b55ec8b676ed05d93ee49d6c79ae0403616c4fb0 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Mon, 9 Oct 2017 13:21:44 +1030
+Subject: [PATCH] PR22212, memory leak in nm
+
+	PR 22212
+	* dwarf2.c (_bfd_dwarf2_cleanup_debug_info): Free
+	funcinfo_hash_table and varinfo_hash_table.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-15225
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 6 ++++++
+ bfd/dwarf2.c  | 4 ++++
+ 2 files changed, 10 insertions(+)
+
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c
++++ git/bfd/dwarf2.c
+@@ -4932,6 +4932,10 @@ _bfd_dwarf2_cleanup_debug_info (bfd *abf
+ 	}
+     }
+ 
++  if (stash->funcinfo_hash_table)
++    bfd_hash_table_free (&stash->funcinfo_hash_table->base);
++  if (stash->varinfo_hash_table)
++    bfd_hash_table_free (&stash->varinfo_hash_table->base);
+   if (stash->dwarf_abbrev_buffer)
+     free (stash->dwarf_abbrev_buffer);
+   if (stash->dwarf_line_buffer)
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,9 @@
++2017-10-09  Alan Modra  <amodra@gmail.com>
++
++       PR 22212
++       * dwarf2.c (_bfd_dwarf2_cleanup_debug_info): Free
++       funcinfo_hash_table and varinfo_hash_table.
++
+ 2017-09-24  Alan Modra  <amodra@gmail.com>
+ 
+        PR 22186

meta/recipes-devtools/binutils/binutils/CVE-2017-15939.patch

@@ -0,0 +1,113 @@
+From a54018b72d75abf2e74bf36016702da06399c1d9 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Tue, 26 Sep 2017 09:38:26 +0930
+Subject: [PATCH] PR22205, .debug_line file table NULL filename
+
+The PR22200 fuzzer testcase found one way to put NULLs into .debug_line
+file tables.  PR22205 finds another.  This patch gives up on trying to
+prevent NULL files in the file table and instead just copes with them.
+Arguably, this is better than giving up and showing no info from
+.debug_line.  I've also fixed a case where the fairly recent DWARF5
+support in handling broken DWARG could result in uninitialized memory
+reads, and made a small tidy.
+
+	PR 22205
+	* dwarf2.c (concat_filename): Return "<unknown>" on NULL filename.
+	(read_formatted_entries): Init "fe".
+	(decode_line_info <DW_LNE_define_file>): Use line_info_add_file_name.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-15939
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog |  7 +++++++
+ bfd/dwarf2.c  | 35 +++++++++++++----------------------
+ 2 files changed, 20 insertions(+), 22 deletions(-)
+
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c
++++ git/bfd/dwarf2.c
+@@ -1597,6 +1597,8 @@ concat_filename (struct line_info_table
+     }
+ 
+   filename = table->files[file - 1].name;
++  if (filename == NULL)
++    return strdup ("<unknown>");
+ 
+   if (!IS_ABSOLUTE_PATH (filename))
+     {
+@@ -1956,6 +1958,7 @@ read_formatted_entries (struct comp_unit
+       bfd_byte *format = format_header_data;
+       struct fileinfo fe;
+ 
++      memset (&fe, 0, sizeof fe);
+       for (formati = 0; formati < format_count; formati++)
+ 	{
+ 	  bfd_vma content_type, form;
+@@ -2256,6 +2259,7 @@ decode_line_info (struct comp_unit *unit
+       unsigned int discriminator = 0;
+       int is_stmt = lh.default_is_stmt;
+       int end_sequence = 0;
++      unsigned int dir, xtime, size;
+       /* eraxxon@alumni.rice.edu: Against the DWARF2 specs, some
+ 	 compilers generate address sequences that are wildly out of
+ 	 order using DW_LNE_set_address (e.g. Intel C++ 6.0 compiler
+@@ -2330,31 +2334,18 @@ decode_line_info (struct comp_unit *unit
+ 		case DW_LNE_define_file:
+ 		  cur_file = read_string (abfd, line_ptr, line_end, &bytes_read);
+ 		  line_ptr += bytes_read;
+-		  if ((table->num_files % FILE_ALLOC_CHUNK) == 0)
+-		    {
+-		      struct fileinfo *tmp;
+-
+-		      amt = table->num_files + FILE_ALLOC_CHUNK;
+-		      amt *= sizeof (struct fileinfo);
+-		      tmp = (struct fileinfo *) bfd_realloc (table->files, amt);
+-		      if (tmp == NULL)
+-			goto line_fail;
+-		      table->files = tmp;
+-		    }
+-		  table->files[table->num_files].name = cur_file;
+-		  table->files[table->num_files].dir =
+-		    _bfd_safe_read_leb128 (abfd, line_ptr, &bytes_read,
+-					   FALSE, line_end);
++		  dir = _bfd_safe_read_leb128 (abfd, line_ptr, &bytes_read,
++					       FALSE, line_end);
+ 		  line_ptr += bytes_read;
+-		  table->files[table->num_files].time =
+-		    _bfd_safe_read_leb128 (abfd, line_ptr, &bytes_read,
+-					   FALSE, line_end);
++		  xtime = _bfd_safe_read_leb128 (abfd, line_ptr, &bytes_read,
++						 FALSE, line_end);
+ 		  line_ptr += bytes_read;
+-		  table->files[table->num_files].size =
+-		    _bfd_safe_read_leb128 (abfd, line_ptr, &bytes_read,
+-					   FALSE, line_end);
++		  size = _bfd_safe_read_leb128 (abfd, line_ptr, &bytes_read,
++						FALSE, line_end);
+ 		  line_ptr += bytes_read;
+-		  table->num_files++;
++		  if (!line_info_add_file_name (table, cur_file, dir,
++						xtime, size))
++		    goto line_fail;
+ 		  break;
+ 		case DW_LNE_set_discriminator:
+ 		  discriminator =
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,10 @@
++2017-09-26  Alan Modra  <amodra@gmail.com>
++ 
++       PR 22205
++       * dwarf2.c (concat_filename): Return "<unknown>" on NULL filename.
++       (read_formatted_entries): Init "fe".
++       (decode_line_info <DW_LNE_define_file>): Use line_info_add_file_name.
++
+ 2017-10-09  Alan Modra  <amodra@gmail.com>
+ 
+        PR 22212

meta/recipes-devtools/binutils/binutils/CVE-2017-15996.patch

@@ -0,0 +1,84 @@
+From d91f0b20e561e326ee91a09a76206257bde8438b Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sat, 28 Oct 2017 21:31:16 +1030
+Subject: [PATCH] PR22361 readelf buffer overflow on fuzzed archive header
+
+	PR 22361
+	* readelf.c (process_archive_index_and_symbols): Ensure ar_size
+	field is zero terminated for strtoul.
+	(setup_archive, get_archive_member_name): Likewise.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-15996
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog |  7 +++++++
+ binutils/elfcomm.c | 11 +++++++++++
+ 2 files changed, 18 insertions(+)
+
+Index: git/binutils/elfcomm.c
+===================================================================
+--- git.orig/binutils/elfcomm.c
++++ git/binutils/elfcomm.c
+@@ -466,8 +466,12 @@ process_archive_index_and_symbols (struc
+ {
+   size_t got;
+   unsigned long size;
++  char fmag_save;
+ 
++  fmag_save = arch->arhdr.ar_fmag[0];
++  arch->arhdr.ar_fmag[0] = 0;
+   size = strtoul (arch->arhdr.ar_size, NULL, 10);
++  arch->arhdr.ar_fmag[0] = fmag_save;
+   /* PR 17531: file: 912bd7de.  */
+   if ((signed long) size < 0)
+     {
+@@ -655,7 +659,10 @@ setup_archive (struct archive_info *arch
+   if (const_strneq (arch->arhdr.ar_name, "//              "))
+     {
+       /* This is the archive string table holding long member names.  */
++      char fmag_save = arch->arhdr.ar_fmag[0];
++      arch->arhdr.ar_fmag[0] = 0;
+       arch->longnames_size = strtoul (arch->arhdr.ar_size, NULL, 10);
++      arch->arhdr.ar_fmag[0] = fmag_save;
+       /* PR 17531: file: 01068045.  */
+       if (arch->longnames_size < 8)
+ 	{
+@@ -758,6 +765,7 @@ get_archive_member_name (struct archive_
+       char *endp;
+       char *member_file_name;
+       char *member_name;
++      char fmag_save;
+ 
+       if (arch->longnames == NULL || arch->longnames_size == 0)
+ 	{
+@@ -766,9 +774,12 @@ get_archive_member_name (struct archive_
+ 	}
+ 
+       arch->nested_member_origin = 0;
++      fmag_save = arch->arhdr.ar_fmag[0];
++      arch->arhdr.ar_fmag[0] = 0;
+       k = j = strtoul (arch->arhdr.ar_name + 1, &endp, 10);
+       if (arch->is_thin_archive && endp != NULL && * endp == ':')
+         arch->nested_member_origin = strtoul (endp + 1, NULL, 10);
++      arch->arhdr.ar_fmag[0] = fmag_save;
+ 
+       if (j > arch->longnames_size)
+ 	{
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,10 @@
++2017-10-28  Alan Modra  <amodra@gmail.com>
++
++       PR 22361
++       * readelf.c (process_archive_index_and_symbols): Ensure ar_size
++       field is zero terminated for strtoul.
++       (setup_archive, get_archive_member_name): Likewise.
++
+ 2017-09-26  Alan Modra  <amodra@gmail.com>
+  
+        PR 22205

meta/recipes-devtools/binutils/binutils/CVE-2017-16826.patch

@@ -0,0 +1,53 @@
+From a67d66eb97e7613a38ffe6622d837303b3ecd31d Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 1 Nov 2017 15:21:46 +0000
+Subject: [PATCH] Prevent illegal memory accesses when attempting to read
+ excessively large COFF line number tables.
+
+	PR 22376
+	* coffcode.h (coff_slurp_line_table): Check for an excessively
+	large line number count.
+
+Upstream-Status: Backport 
+Affects: <= 2.29.1
+CVE: CVE-2017-16826
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog  | 6 ++++++
+ bfd/coffcode.h | 8 ++++++++
+ 2 files changed, 14 insertions(+)
+
+Index: git/bfd/coffcode.h
+===================================================================
+--- git.orig/bfd/coffcode.h
++++ git/bfd/coffcode.h
+@@ -4578,6 +4578,14 @@ coff_slurp_line_table (bfd *abfd, asecti
+ 
+   BFD_ASSERT (asect->lineno == NULL);
+ 
++  if (asect->lineno_count > asect->size)
++    {
++      _bfd_error_handler
++	(_("%B: warning: line number count (%#lx) exceeds section size (%#lx)"),
++	 abfd, (unsigned long) asect->lineno_count, (unsigned long) asect->size);
++      return FALSE;
++    }
++
+   amt = ((bfd_size_type) asect->lineno_count + 1) * sizeof (alent);
+   lineno_cache = (alent *) bfd_alloc (abfd, amt);
+   if (lineno_cache == NULL)
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,9 @@
++2017-11-01  Nick Clifton  <nickc@redhat.com>
++ 
++       PR 22376
++       * coffcode.h (coff_slurp_line_table): Check for an excessively
++       large line number count.
++
+ 2017-10-28  Alan Modra  <amodra@gmail.com>
+ 
+        PR 22361

meta/recipes-devtools/binutils/binutils/CVE-2017-16827.patch

@@ -0,0 +1,95 @@
+From 0301ce1486b1450f219202677f30d0fa97335419 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Tue, 17 Oct 2017 16:43:47 +1030
+Subject: [PATCH] PR22306, Invalid free() in slurp_symtab()
+
+	PR 22306
+	* aoutx.h (aout_get_external_symbols): Handle stringsize of zero,
+	and error for any other size that doesn't cover the header word.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-16827
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog |  6 ++++++
+ bfd/aoutx.h   | 45 ++++++++++++++++++++++++++++++---------------
+ 2 files changed, 36 insertions(+), 15 deletions(-)
+
+Index: git/bfd/aoutx.h
+===================================================================
+--- git.orig/bfd/aoutx.h
++++ git/bfd/aoutx.h
+@@ -1352,27 +1352,42 @@ aout_get_external_symbols (bfd *abfd)
+ 	  || bfd_bread ((void *) string_chars, amt, abfd) != amt)
+ 	return FALSE;
+       stringsize = GET_WORD (abfd, string_chars);
++      if (stringsize == 0)
++	stringsize = 1;
++      else if (stringsize < BYTES_IN_WORD
++	       || (size_t) stringsize != stringsize)
++	{
++	  bfd_set_error (bfd_error_bad_value);
++	  return FALSE;
++	}
+ 
+ #ifdef USE_MMAP
+-      if (! bfd_get_file_window (abfd, obj_str_filepos (abfd), stringsize,
+-				 &obj_aout_string_window (abfd), TRUE))
+-	return FALSE;
+-      strings = (char *) obj_aout_string_window (abfd).data;
+-#else
+-      strings = (char *) bfd_malloc (stringsize + 1);
+-      if (strings == NULL)
+-	return FALSE;
+-
+-      /* Skip space for the string count in the buffer for convenience
+-	 when using indexes.  */
+-      amt = stringsize - BYTES_IN_WORD;
+-      if (bfd_bread (strings + BYTES_IN_WORD, amt, abfd) != amt)
++      if (stringsize >= BYTES_IN_WORD)
+ 	{
+-	  free (strings);
+-	  return FALSE;
++	  if (! bfd_get_file_window (abfd, obj_str_filepos (abfd), stringsize,
++				     &obj_aout_string_window (abfd), TRUE))
++	    return FALSE;
++	  strings = (char *) obj_aout_string_window (abfd).data;
+ 	}
++      else
+ #endif
++	{
++	  strings = (char *) bfd_malloc (stringsize);
++	  if (strings == NULL)
++	    return FALSE;
+ 
++	  if (stringsize >= BYTES_IN_WORD)
++	    {
++	      /* Keep the string count in the buffer for convenience
++		 when indexing with e_strx.  */
++	      amt = stringsize - BYTES_IN_WORD;
++	      if (bfd_bread (strings + BYTES_IN_WORD, amt, abfd) != amt)
++		{
++		  free (strings);
++		  return FALSE;
++		}
++	    }
++	}
+       /* Ensure that a zero index yields an empty string.  */
+       strings[0] = '\0';
+ 
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,9 @@
++2017-10-17  Alan Modra  <amodra@gmail.com>
++
++       PR 22306
++       * aoutx.h (aout_get_external_symbols): Handle stringsize of zero,
++       and error for any other size that doesn't cover the header word.
++
+ 2017-11-01  Nick Clifton  <nickc@redhat.com>
+  
+        PR 22376

meta/recipes-devtools/binutils/binutils/CVE-2017-16828_p1.patch

@@ -0,0 +1,79 @@
+From 9c0f3d3f2017829ffd908c9893b85094985c3b58 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Thu, 5 Oct 2017 17:32:18 +1030
+Subject: [PATCH] PR22239 - invalid memory read in display_debug_frames
+
+Pointer comparisons have traps for the unwary.  After adding a large
+unknown value to "start", the test "start < end" depends on where
+"start" is originally in memory.
+
+	PR 22239
+	* dwarf.c (read_cie): Don't compare "start" and "end" pointers
+	after adding a possibly wild length to "start", compare the length
+	to the difference of the pointers instead.  Remove now redundant
+	"negative" length test.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-16828 patch1
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog |  8 ++++++++
+ binutils/dwarf.c   | 15 ++++-----------
+ 2 files changed, 12 insertions(+), 11 deletions(-)
+
+Index: git/binutils/dwarf.c
+===================================================================
+--- git.orig/binutils/dwarf.c
++++ git/binutils/dwarf.c
+@@ -6652,14 +6652,14 @@ read_cie (unsigned char *start, unsigned
+     {
+       READ_ULEB (augmentation_data_len);
+       augmentation_data = start;
+-      start += augmentation_data_len;
+       /* PR 17512: file: 11042-2589-0.004.  */
+-      if (start > end)
++      if (augmentation_data_len > (size_t) (end - start))
+ 	{
+ 	  warn (_("Augmentation data too long: %#lx, expected at most %#lx\n"),
+-		augmentation_data_len, (long)((end - start) + augmentation_data_len));
++		augmentation_data_len, (unsigned long) (end - start));
+ 	  return end;
+ 	}
++      start += augmentation_data_len;
+     }
+ 
+   if (augmentation_data_len)
+@@ -6672,14 +6672,7 @@ read_cie (unsigned char *start, unsigned
+       q = augmentation_data;
+       qend = q + augmentation_data_len;
+ 
+-      /* PR 17531: file: 015adfaa.  */
+-      if (qend < q)
+-	{
+-	  warn (_("Negative augmentation data length: 0x%lx"), augmentation_data_len);
+-	  augmentation_data_len = 0;
+-	}
+-
+-      while (p < end && q < augmentation_data + augmentation_data_len)
++      while (p < end && q < qend)
+ 	{
+ 	  if (*p == 'L')
+ 	    q++;
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog
++++ git/binutils/ChangeLog
+@@ -1,3 +1,11 @@
++2017-10-05  Alan Modra  <amodra@gmail.com>
++
++       PR 22239
++       * dwarf.c (read_cie): Don't compare "start" and "end" pointers
++       after adding a possibly wild length to "start", compare the length
++       to the difference of the pointers instead.  Remove now redundant
++       "negative" length test.
++
+ 2017-09-27  Nick Clifton  <nickc@redhat.com>
+ 
+        PR 22219

meta/recipes-devtools/binutils/binutils/CVE-2017-16828_p2.patch

@@ -0,0 +1,149 @@
+From bf59c5d5f4f5b8b4da1f5f605cfa546f8029b43d Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Fri, 3 Nov 2017 13:57:15 +0000
+Subject: [PATCH] Fix integer overflow problems when reading an ELF binary with
+ corrupt augmentation data.
+
+	PR 22386
+	* dwarf.c (read_cie): Use bfd_size_type for
+	augmentation_data_len.
+	(display_augmentation_data): New function.
+	(display_debug_frames): Use it.
+	Check for integer overflow when testing augmentation_data_len.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-16828 patch2
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog | 10 +++++++++
+ binutils/dwarf.c   | 65 +++++++++++++++++++++++++++++++++---------------------
+ 2 files changed, 50 insertions(+), 25 deletions(-)
+
+Index: git/binutils/dwarf.c
+===================================================================
+--- git.orig/binutils/dwarf.c
++++ git/binutils/dwarf.c
+@@ -6577,13 +6577,13 @@ frame_display_row (Frame_Chunk *fc, int
+ static unsigned char *
+ read_cie (unsigned char *start, unsigned char *end,
+ 	  Frame_Chunk **p_cie, int *p_version,
+-	  unsigned long *p_aug_len, unsigned char **p_aug)
++	  bfd_size_type *p_aug_len, unsigned char **p_aug)
+ {
+   int version;
+   Frame_Chunk *fc;
+   unsigned int length_return;
+   unsigned char *augmentation_data = NULL;
+-  unsigned long augmentation_data_len = 0;
++  bfd_size_type augmentation_data_len = 0;
+ 
+   * p_cie = NULL;
+   /* PR 17512: file: 001-228113-0.004.  */
+@@ -6653,10 +6653,11 @@ read_cie (unsigned char *start, unsigned
+       READ_ULEB (augmentation_data_len);
+       augmentation_data = start;
+       /* PR 17512: file: 11042-2589-0.004.  */
+-      if (augmentation_data_len > (size_t) (end - start))
++      if (augmentation_data_len > (bfd_size_type) (end - start))
+ 	{
+-	  warn (_("Augmentation data too long: %#lx, expected at most %#lx\n"),
+-		augmentation_data_len, (unsigned long) (end - start));
++	  warn (_("Augmentation data too long: 0x%s, expected at most %#lx\n"),
++		dwarf_vmatoa ("x", augmentation_data_len),
++		(unsigned long) (end - start));
+ 	  return end;
+ 	}
+       start += augmentation_data_len;
+@@ -6701,6 +6702,31 @@ read_cie (unsigned char *start, unsigned
+   return start;
+ }
+ 
++/* Prints out the contents on the augmentation data array.
++   If do_wide is not enabled, then formats the output to fit into 80 columns.  */
++
++static void
++display_augmentation_data (const unsigned char * data, const bfd_size_type len)
++{
++  bfd_size_type i;
++
++  i = printf (_("  Augmentation data:    "));
++
++  if (do_wide || len < ((80 - i) / 3))
++    for (i = 0; i < len; ++i)
++      printf (" %02x", data[i]);
++  else
++    {
++      for (i = 0; i < len; ++i)
++	{
++	  if (i % (80 / 3) == 0)
++	    putchar ('\n');
++	  printf (" %02x", data[i]);
++	}
++    }
++  putchar ('\n');
++}
++
+ static int
+ display_debug_frames (struct dwarf_section *section,
+ 		      void *file ATTRIBUTE_UNUSED)
+@@ -6729,7 +6755,7 @@ display_debug_frames (struct dwarf_secti
+       Frame_Chunk *cie;
+       int need_col_headers = 1;
+       unsigned char *augmentation_data = NULL;
+-      unsigned long augmentation_data_len = 0;
++      bfd_size_type augmentation_data_len = 0;
+       unsigned int encoded_ptr_size = saved_eh_addr_size;
+       unsigned int offset_size;
+       unsigned int initial_length_size;
+@@ -6823,16 +6849,8 @@ display_debug_frames (struct dwarf_secti
+ 	      printf ("  Return address column: %d\n", fc->ra);
+ 
+ 	      if (augmentation_data_len)
+-		{
+-		  unsigned long i;
++		display_augmentation_data (augmentation_data, augmentation_data_len);
+ 
+-		  printf ("  Augmentation data:    ");
+-		  for (i = 0; i < augmentation_data_len; ++i)
+-		    /* FIXME: If do_wide is FALSE, then we should
+-		       add carriage returns at 80 columns...  */
+-		    printf (" %02x", augmentation_data[i]);
+-		  putchar ('\n');
+-		}
+ 	      putchar ('\n');
+ 	    }
+ 	}
+@@ -6988,11 +7006,13 @@ display_debug_frames (struct dwarf_secti
+ 	      READ_ULEB (augmentation_data_len);
+ 	      augmentation_data = start;
+ 	      start += augmentation_data_len;
+-	      /* PR 17512: file: 722-8446-0.004.  */
+-	      if (start >= end || ((signed long) augmentation_data_len) < 0)
++	      /* PR 17512 file: 722-8446-0.004 and PR 22386.  */
++	      if (start >= end
++		  || ((bfd_signed_vma) augmentation_data_len) < 0
++		  || augmentation_data > start)
+ 		{
+-		  warn (_("Corrupt augmentation data length: %lx\n"),
+-			augmentation_data_len);
++		  warn (_("Corrupt augmentation data length: 0x%s\n"),
++			dwarf_vmatoa ("x", augmentation_data_len));
+ 		  start = end;
+ 		  augmentation_data = NULL;
+ 		  augmentation_data_len = 0;
+@@ -7014,12 +7034,7 @@ display_debug_frames (struct dwarf_secti
+ 
+ 	  if (! do_debug_frames_interp && augmentation_data_len)
+ 	    {
+-	      unsigned long i;
+-
+-	      printf ("  Augmentation data:    ");
+-	      for (i = 0; i < augmentation_data_len; ++i)
+-		printf (" %02x", augmentation_data[i]);
+-	      putchar ('\n');
++	      display_augmentation_data (augmentation_data, augmentation_data_len);
+ 	      putchar ('\n');
+ 	    }
+ 	}

meta/recipes-devtools/binutils/binutils/CVE-2017-16829.patch

@@ -0,0 +1,82 @@
+From cf54ebff3b7361989712fd9c0128a9b255578163 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Tue, 17 Oct 2017 21:57:29 +1030
+Subject: [PATCH] PR22307, Heap out of bounds read in
+ _bfd_elf_parse_gnu_properties
+
+When adding an unbounded increment to a pointer, you can't just check
+against the end of the buffer but also must check that overflow
+doesn't result in "negative" pointer movement.  Pointer comparisons
+are signed.  Better, check the increment against the space left using
+an unsigned comparison.
+
+	PR 22307
+	* elf-properties.c (_bfd_elf_parse_gnu_properties): Compare datasz
+	against size left rather than comparing pointers.  Reorganise loop.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-16829
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog        |  6 ++++++
+ bfd/elf-properties.c | 18 +++++++++---------
+ 2 files changed, 15 insertions(+), 9 deletions(-)
+
+Index: git/bfd/elf-properties.c
+===================================================================
+--- git.orig/bfd/elf-properties.c
++++ git/bfd/elf-properties.c
+@@ -93,15 +93,20 @@ bad_size:
+       return FALSE;
+     }
+ 
+-  while (1)
++  while (ptr != ptr_end)
+     {
+-      unsigned int type = bfd_h_get_32 (abfd, ptr);
+-      unsigned int datasz = bfd_h_get_32 (abfd, ptr + 4);
++      unsigned int type;
++      unsigned int datasz;
+       elf_property *prop;
+ 
++      if ((size_t) (ptr_end - ptr) < 8)
++	goto bad_size;
++
++      type = bfd_h_get_32 (abfd, ptr);
++      datasz = bfd_h_get_32 (abfd, ptr + 4);
+       ptr += 8;
+ 
+-      if ((ptr + datasz) > ptr_end)
++      if (datasz > (size_t) (ptr_end - ptr))
+ 	{
+ 	  _bfd_error_handler
+ 	    (_("warning: %B: corrupt GNU_PROPERTY_TYPE (%ld) type (0x%x) datasz: 0x%x"),
+@@ -182,11 +187,6 @@ bad_size:
+ 
+ next:
+       ptr += (datasz + (align_size - 1)) & ~ (align_size - 1);
+-      if (ptr == ptr_end)
+-	break;
+-
+-      if (ptr > (ptr_end - 8))
+-	goto bad_size;
+     }
+ 
+   return TRUE;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,4 +1,10 @@
+ 2017-10-17  Alan Modra  <amodra@gmail.com>
++ 
++       PR 22307
++       * elf-properties.c (_bfd_elf_parse_gnu_properties): Compare datasz
++       against size left rather than comparing pointers.  Reorganise loop.
++
++2017-10-17  Alan Modra  <amodra@gmail.com>
+ 
+        PR 22306
+        * aoutx.h (aout_get_external_symbols): Handle stringsize of zero,

meta/recipes-devtools/binutils/binutils/CVE-2017-16830.patch

@@ -0,0 +1,91 @@
+From 6ab2c4ed51f9c4243691755e1b1d2149c6a426f4 Mon Sep 17 00:00:00 2001
+From: Mingi Cho <mgcho.minic@gmail.com>
+Date: Thu, 2 Nov 2017 17:01:08 +0000
+Subject: [PATCH] Work around integer overflows when readelf is checking for
+ corrupt ELF notes when run on a 32-bit host.
+
+	PR 22384
+	* readelf.c (print_gnu_property_note): Improve overflow checks so
+	that they will work on a 32-bit host.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-16830
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog |  6 ++++++
+ binutils/readelf.c | 33 +++++++++++++++++----------------
+ 2 files changed, 23 insertions(+), 16 deletions(-)
+
+Index: git/binutils/readelf.c
+===================================================================
+--- git.orig/binutils/readelf.c
++++ git/binutils/readelf.c
+@@ -16431,15 +16431,24 @@ print_gnu_property_note (Elf_Internal_No
+       return;
+     }
+ 
+-  while (1)
++  while (ptr < ptr_end)
+     {
+       unsigned int j;
+-      unsigned int type = byte_get (ptr, 4);
+-      unsigned int datasz = byte_get (ptr + 4, 4);
++      unsigned int type;
++      unsigned int datasz;
++
++      if ((size_t) (ptr_end - ptr) < 8)
++	{
++	  printf (_("<corrupt descsz: %#lx>\n"), pnote->descsz);
++	  break;
++	}
++
++      type = byte_get (ptr, 4);
++      datasz = byte_get (ptr + 4, 4);
+ 
+       ptr += 8;
+ 
+-      if ((ptr + datasz) > ptr_end)
++      if (datasz > (size_t) (ptr_end - ptr))
+ 	{
+ 	  printf (_("<corrupt type (%#x) datasz: %#x>\n"),
+ 		  type, datasz);
+@@ -16520,19 +16529,11 @@ next:
+       ptr += ((datasz + (size - 1)) & ~ (size - 1));
+       if (ptr == ptr_end)
+ 	break;
+-      else
+-	{
+-	  if (do_wide)
+-	    printf (", ");
+-	  else
+-	    printf ("\n\t");
+-	}
+ 
+-      if (ptr > (ptr_end - 8))
+-	{
+-	  printf (_("<corrupt descsz: %#lx>\n"), pnote->descsz);
+-	  break;
+-	}
++      if (do_wide)
++	printf (", ");
++      else
++	printf ("\n\t");
+     }
+ 
+   printf ("\n");
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog
++++ git/binutils/ChangeLog
+@@ -1,3 +1,9 @@
++2017-11-02  Mingi Cho  <mgcho.minic@gmail.com>
++
++       PR 22384
++       * readelf.c (print_gnu_property_note): Improve overflow checks so
++       that they will work on a 32-bit host.
++
+ 2017-10-05  Alan Modra  <amodra@gmail.com>
+ 
+        PR 22239

meta/recipes-devtools/binutils/binutils/CVE-2017-16831.patch

@@ -0,0 +1,77 @@
+From 6cee897971d4d7cd37d2a686bb6d2aa3e759c8ca Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Fri, 3 Nov 2017 11:55:21 +0000
+Subject: [PATCH] Fix excessive memory allocation attempts and possible integer
+ overfloaws when attempting to read a COFF binary with a corrupt symbol count.
+
+	PR 22385
+	* coffgen.c (_bfd_coff_get_external_symbols): Check for an
+	overlarge raw syment count.
+	(coff_get_normalized_symtab): Likewise.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE:  CVE-2017-16831
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog |  8 ++++++++
+ bfd/coffgen.c | 17 +++++++++++++++--
+ 2 files changed, 23 insertions(+), 2 deletions(-)
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,11 @@
++2017-11-03  Mingi Cho  <mgcho.minic@gmail.com>
++           Nick Clifton  <nickc@redhat.com>
++
++       PR 22385
++       * coffgen.c (_bfd_coff_get_external_symbols): Check for an
++       overlarge raw syment count.
++       (coff_get_normalized_symtab): Likewise.
++
+ 2017-10-17  Alan Modra  <amodra@gmail.com>
+  
+        PR 22307
+Index: git/bfd/coffgen.c
+===================================================================
+--- git.orig/bfd/coffgen.c
++++ git/bfd/coffgen.c
+@@ -1640,13 +1640,23 @@ _bfd_coff_get_external_symbols (bfd *abf
+   size = obj_raw_syment_count (abfd) * symesz;
+   if (size == 0)
+     return TRUE;
++   /* Check for integer overflow and for unreasonable symbol counts.  */
++   if (size < obj_raw_syment_count (abfd)
++       || (bfd_get_file_size (abfd) > 0
++          && size > bfd_get_file_size (abfd)))
++
++     {
++       _bfd_error_handler (_("%B: corrupt symbol count: %#Lx"),
++                         abfd, obj_raw_syment_count (abfd));
++       return FALSE;
++    }
+ 
+   syms = bfd_malloc (size);
+   if (syms == NULL)
+     {
+       /* PR 21013: Provide an error message when the alloc fails.  */
+-      _bfd_error_handler (_("%B: Not enough memory to allocate space for %lu symbols"),
+-			  abfd, size);
++      _bfd_error_handler (_("%B: not enough memory to allocate space for %#Lx symbols of size %#Lx"),
++                         abfd, obj_raw_syment_count (abfd), symesz);
+       return FALSE;
+     }
+ 
+@@ -1790,6 +1800,9 @@ coff_get_normalized_symtab (bfd *abfd)
+     return NULL;
+ 
+   size = obj_raw_syment_count (abfd) * sizeof (combined_entry_type);
++  /* Check for integer overflow.  */
++  if (size < obj_raw_syment_count (abfd))
++    return NULL;
+   internal = (combined_entry_type *) bfd_zalloc (abfd, size);
+   if (internal == NULL && size != 0)
+     return NULL;

meta/recipes-devtools/binutils/binutils/CVE-2017-16832.patch

@@ -0,0 +1,61 @@
+From 0bb6961f18b8e832d88b490d421ca56cea16c45b Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 31 Oct 2017 14:29:40 +0000
+Subject: [PATCH] Fix illegal memory access triggered when parsing a PE binary
+ with a corrupt data dictionary.
+
+	PR 22373
+	* peicode.h (pe_bfd_read_buildid): Check for invalid size and data
+	offset values.
+
+Upstrem-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-16832
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 6 ++++++
+ bfd/peicode.h | 9 ++++++---
+ 2 files changed, 12 insertions(+), 3 deletions(-)
+
+Index: git/bfd/peicode.h
+===================================================================
+--- git.orig/bfd/peicode.h
++++ git/bfd/peicode.h
+@@ -1303,7 +1303,6 @@ pe_bfd_read_buildid (bfd *abfd)
+   bfd_byte *data = 0;
+   bfd_size_type dataoff;
+   unsigned int i;
+-
+   bfd_vma addr = extra->DataDirectory[PE_DEBUG_DATA].VirtualAddress;
+   bfd_size_type size = extra->DataDirectory[PE_DEBUG_DATA].Size;
+ 
+@@ -1327,8 +1326,12 @@ pe_bfd_read_buildid (bfd *abfd)
+ 
+   dataoff = addr - section->vma;
+ 
+-  /* PR 20605: Make sure that the data is really there.  */
+-  if (dataoff + size > section->size)
++  /* PR 20605 and 22373: Make sure that the data is really there.
++     Note - since we are dealing with unsigned quantities we have
++     to be careful to check for potential overflows.  */
++  if (dataoff > section->size
++      || size > section->size
++      || dataoff + size > section->size)
+     {
+       _bfd_error_handler (_("%B: Error: Debug Data ends beyond end of debug directory."),
+ 			  abfd);
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,9 @@
++2017-10-31  Nick Clifton  <nickc@redhat.com>
++
++       PR 22373
++       * peicode.h (pe_bfd_read_buildid): Check for invalid size and data
++       offset values.
++
+ 2017-11-03  Mingi Cho  <mgcho.minic@gmail.com>
+            Nick Clifton  <nickc@redhat.com>
+ 

meta/recipes-devtools/binutils/binutils/CVE-2017-17080.patch

@@ -0,0 +1,78 @@
+From 80a0437873045cc08753fcac4af154e2931a99fd Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Thu, 16 Nov 2017 14:53:32 +0000
+Subject: [PATCH] Prevent illegal memory accesses when parsing incorrecctly
+ formated core notes.
+
+	PR 22421
+	* elf.c (elfcore_grok_netbsd_procinfo): Check that the note is big enough.
+	(elfcore_grok_openbsd_procinfo): Likewise.
+	(elfcore_grok_nto_status): Likewise.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-17080 
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog |  7 +++++++
+ bfd/elf.c     | 10 ++++++++++
+ 2 files changed, 17 insertions(+)
+
+Index: git/bfd/elf.c
+===================================================================
+--- git.orig/bfd/elf.c
++++ git/bfd/elf.c
+@@ -9862,6 +9862,7 @@ elfcore_grok_freebsd_psinfo (bfd *abfd,
+   /* Check for version 1 in pr_version.  */
+   if (bfd_h_get_32 (abfd, (bfd_byte *) note->descdata) != 1)
+     return FALSE;
++
+   offset = 4;
+ 
+   /* Skip over pr_psinfosz. */
+@@ -10030,6 +10031,9 @@ elfcore_netbsd_get_lwpid (Elf_Internal_N
+ static bfd_boolean
+ elfcore_grok_netbsd_procinfo (bfd *abfd, Elf_Internal_Note *note)
+ {
++  if (note->descsz <= 0x7c + 31)
++    return FALSE;
++
+   /* Signal number at offset 0x08. */
+   elf_tdata (abfd)->core->signal
+     = bfd_h_get_32 (abfd, (bfd_byte *) note->descdata + 0x08);
+@@ -10114,6 +10118,9 @@ elfcore_grok_netbsd_note (bfd *abfd, Elf
+ static bfd_boolean
+ elfcore_grok_openbsd_procinfo (bfd *abfd, Elf_Internal_Note *note)
+ {
++  if (note->descsz <= 0x48 + 31)
++    return FALSE;
++
+   /* Signal number at offset 0x08. */
+   elf_tdata (abfd)->core->signal
+     = bfd_h_get_32 (abfd, (bfd_byte *) note->descdata + 0x08);
+@@ -10185,6 +10192,9 @@ elfcore_grok_nto_status (bfd *abfd, Elf_
+   short sig;
+   unsigned flags;
+ 
++  if (note->descsz < 16)
++    return FALSE;
++
+   /* nto_procfs_status 'pid' field is at offset 0.  */
+   elf_tdata (abfd)->core->pid = bfd_get_32 (abfd, (bfd_byte *) ddata);
+ 
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,10 @@
++2017-11-16  Nick Clifton  <nickc@redhat.com>
++ 
++       PR 22421
++       * elf.c (elfcore_grok_netbsd_procinfo): Check that the note is big enough.
++       (elfcore_grok_openbsd_procinfo): Likewise.
++       (elfcore_grok_nto_status): Likewise.
++
+ 2017-10-31  Nick Clifton  <nickc@redhat.com>
+ 
+        PR 22373

meta/recipes-devtools/binutils/binutils/CVE-2017-17121.patch

@@ -0,0 +1,366 @@
+From b23dc97fe237a1d9e850d7cbeee066183a00630b Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 28 Nov 2017 13:20:31 +0000
+Subject: [PATCH] Fix a memory access violation when attempting to parse a
+ corrupt COFF binary with a relocation that points beyond the end of the
+ section to be relocated.
+
+	PR 22506
+	* reloc.c (reloc_offset_in_range): Rename to
+	bfd_reloc_offset_in_range and export.
+	(bfd_perform_relocation): Rename function invocation.
+	(bfd_install_relocation): Likewise.
+	(bfd_final_link_relocate): Likewise.
+	* bfd-in2.h: Regenerate.
+	* coff-arm.c (coff_arm_reloc): Use bfd_reloc_offset_in_range.
+	* coff-i386.c (coff_i386_reloc): Likewise.
+	* coff-i860.c (coff_i860_reloc): Likewise.
+	* coff-m68k.c (mk68kcoff_common_addend_special_fn): Likewise.
+	* coff-m88k.c (m88k_special_reloc): Likewise.
+	* coff-mips.c (mips_reflo_reloc): Likewise.
+	* coff-x86_64.c (coff_amd64_reloc): Likewise.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-17121
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog     | 17 +++++++++++++++
+ bfd/bfd-in2.h     |  6 +++++
+ bfd/coff-arm.c    | 65 ++++++++++++++++++++++++++++++-------------------------
+ bfd/coff-i386.c   |  5 +++++
+ bfd/coff-i860.c   |  5 +++++
+ bfd/coff-m68k.c   |  5 +++++
+ bfd/coff-m88k.c   |  9 +++++++-
+ bfd/coff-mips.c   |  6 +++++
+ bfd/coff-x86_64.c | 16 +++++---------
+ bfd/reloc.c       | 40 +++++++++++++++++++++++++++++-----
+ 10 files changed, 126 insertions(+), 48 deletions(-)
+
+Index: git/bfd/bfd-in2.h
+===================================================================
+--- git.orig/bfd/bfd-in2.h
++++ git/bfd/bfd-in2.h
+@@ -2661,6 +2661,12 @@ bfd_reloc_status_type bfd_check_overflow
+     unsigned int addrsize,
+     bfd_vma relocation);
+ 
++bfd_boolean bfd_reloc_offset_in_range
++   (reloc_howto_type *howto,
++    bfd *abfd,
++    asection *section,
++    bfd_size_type offset);
++
+ bfd_reloc_status_type bfd_perform_relocation
+    (bfd *abfd,
+     arelent *reloc_entry,
+Index: git/bfd/coff-arm.c
+===================================================================
+--- git.orig/bfd/coff-arm.c
++++ git/bfd/coff-arm.c
+@@ -109,41 +109,46 @@ coff_arm_reloc (bfd *abfd,
+   x = ((x & ~howto->dst_mask)					\
+        | (((x & howto->src_mask) + diff) & howto->dst_mask))
+ 
+-    if (diff != 0)
+-      {
+-	reloc_howto_type *howto = reloc_entry->howto;
+-	unsigned char *addr = (unsigned char *) data + reloc_entry->address;
++  if (diff != 0)
++    {
++      reloc_howto_type *howto = reloc_entry->howto;
++      unsigned char *addr = (unsigned char *) data + reloc_entry->address;
++
++      if (! bfd_reloc_offset_in_range (howto, abfd, input_section,
++				       reloc_entry->address
++				       * bfd_octets_per_byte (abfd)))
++	return bfd_reloc_outofrange;
++
++      switch (howto->size)
++	{
++	case 0:
++	  {
++	    char x = bfd_get_8 (abfd, addr);
++	    DOIT (x);
++	    bfd_put_8 (abfd, x, addr);
++	  }
++	  break;
+ 
+-	switch (howto->size)
++	case 1:
+ 	  {
+-	  case 0:
+-	    {
+-	      char x = bfd_get_8 (abfd, addr);
+-	      DOIT (x);
+-	      bfd_put_8 (abfd, x, addr);
+-	    }
+-	    break;
+-
+-	  case 1:
+-	    {
+-	      short x = bfd_get_16 (abfd, addr);
+-	      DOIT (x);
+-	      bfd_put_16 (abfd, (bfd_vma) x, addr);
+-	    }
+-	    break;
+-
+-	  case 2:
+-	    {
+-	      long x = bfd_get_32 (abfd, addr);
+-	      DOIT (x);
+-	      bfd_put_32 (abfd, (bfd_vma) x, addr);
+-	    }
+-	    break;
++	    short x = bfd_get_16 (abfd, addr);
++	    DOIT (x);
++	    bfd_put_16 (abfd, (bfd_vma) x, addr);
++	  }
++	  break;
+ 
+-	  default:
+-	    abort ();
++	case 2:
++	  {
++	    long x = bfd_get_32 (abfd, addr);
++	    DOIT (x);
++	    bfd_put_32 (abfd, (bfd_vma) x, addr);
+ 	  }
+-      }
++	  break;
++
++	default:
++	  abort ();
++	}
++    }
+ 
+   /* Now let bfd_perform_relocation finish everything up.  */
+   return bfd_reloc_continue;
+Index: git/bfd/coff-i386.c
+===================================================================
+--- git.orig/bfd/coff-i386.c
++++ git/bfd/coff-i386.c
+@@ -144,6 +144,11 @@ coff_i386_reloc (bfd *abfd,
+       reloc_howto_type *howto = reloc_entry->howto;
+       unsigned char *addr = (unsigned char *) data + reloc_entry->address;
+ 
++      if (! bfd_reloc_offset_in_range (howto, abfd, input_section,
++				       reloc_entry->address
++				       * bfd_octets_per_byte (abfd)))
++	return bfd_reloc_outofrange;
++
+       switch (howto->size)
+ 	{
+ 	case 0:
+Index: git/bfd/coff-i860.c
+===================================================================
+--- git.orig/bfd/coff-i860.c
++++ git/bfd/coff-i860.c
+@@ -95,6 +95,11 @@ coff_i860_reloc (bfd *abfd,
+ 	reloc_howto_type *howto = reloc_entry->howto;
+ 	unsigned char *addr = (unsigned char *) data + reloc_entry->address;
+ 
++	if (! bfd_reloc_offset_in_range (howto, abfd, input_section,
++					 reloc_entry->address
++					 * bfd_octets_per_byte (abfd)))
++	  return bfd_reloc_outofrange;
++
+ 	switch (howto->size)
+ 	  {
+ 	  case 0:
+Index: git/bfd/coff-m68k.c
+===================================================================
+--- git.orig/bfd/coff-m68k.c
++++ git/bfd/coff-m68k.c
+@@ -305,6 +305,11 @@ m68kcoff_common_addend_special_fn (bfd *
+       reloc_howto_type *howto = reloc_entry->howto;
+       unsigned char *addr = (unsigned char *) data + reloc_entry->address;
+ 
++      if (! bfd_reloc_offset_in_range (howto, abfd, input_section,
++				       reloc_entry->address
++				       * bfd_octets_per_byte (abfd)))
++	return bfd_reloc_outofrange;
++
+       switch (howto->size)
+ 	{
+ 	case 0:
+Index: git/bfd/coff-m88k.c
+===================================================================
+--- git.orig/bfd/coff-m88k.c
++++ git/bfd/coff-m88k.c
+@@ -72,10 +72,17 @@ m88k_special_reloc (bfd *abfd,
+ 	{
+ 	  bfd_vma output_base = 0;
+ 	  bfd_vma addr = reloc_entry->address;
+-	  bfd_vma x = bfd_get_16 (abfd, (bfd_byte *) data + addr);
++	  bfd_vma x;
+ 	  asection *reloc_target_output_section;
+ 	  long relocation = 0;
+ 
++	  if (! bfd_reloc_offset_in_range (howto, abfd, input_section,
++					   reloc_entry->address
++					   * bfd_octets_per_byte (abfd)))
++	    return bfd_reloc_outofrange;
++
++	  x = bfd_get_16 (abfd, (bfd_byte *) data + addr);
++
+ 	  /* Work out which section the relocation is targeted at and the
+ 	     initial relocation command value.  */
+ 
+Index: git/bfd/coff-mips.c
+===================================================================
+--- git.orig/bfd/coff-mips.c
++++ git/bfd/coff-mips.c
+@@ -504,6 +504,12 @@ mips_reflo_reloc (bfd *abfd ATTRIBUTE_UN
+ 	  unsigned long vallo;
+ 	  struct mips_hi *next;
+ 
++	  if (! bfd_reloc_offset_in_range (reloc_entry->howto, abfd,
++					   input_section,
++					   reloc_entry->address
++					   * bfd_octets_per_byte (abfd)))
++	    return bfd_reloc_outofrange;
++
+ 	  /* Do the REFHI relocation.  Note that we actually don't
+ 	     need to know anything about the REFLO itself, except
+ 	     where to find the low 16 bits of the addend needed by the
+Index: git/bfd/coff-x86_64.c
+===================================================================
+--- git.orig/bfd/coff-x86_64.c
++++ git/bfd/coff-x86_64.c
+@@ -143,16 +143,10 @@ coff_amd64_reloc (bfd *abfd,
+       reloc_howto_type *howto = reloc_entry->howto;
+       unsigned char *addr = (unsigned char *) data + reloc_entry->address;
+ 
+-      /* FIXME: We do not have an end address for data, so we cannot
+-	 accurately range check any addresses computed against it.
+-	 cf: PR binutils/17512: file: 1085-1761-0.004.
+-	 For now we do the best that we can.  */
+-      if (addr < (unsigned char *) data
+-	  || addr > ((unsigned char *) data) + input_section->size)
+-	{
+-	  bfd_set_error (bfd_error_bad_value);
+-	  return bfd_reloc_notsupported;
+-	}
++      if (! bfd_reloc_offset_in_range (howto, abfd, input_section,
++				       reloc_entry->address
++				       * bfd_octets_per_byte (abfd)))
++	return bfd_reloc_outofrange;
+ 
+       switch (howto->size)
+ 	{
+Index: git/bfd/reloc.c
+===================================================================
+--- git.orig/bfd/reloc.c
++++ git/bfd/reloc.c
+@@ -538,12 +538,31 @@ bfd_check_overflow (enum complain_overfl
+   return flag;
+ }
+ 
++/*
++FUNCTION
++	bfd_reloc_offset_in_range
++
++SYNOPSIS
++	bfd_boolean bfd_reloc_offset_in_range
++          (reloc_howto_type *howto,
++           bfd *abfd,
++           asection *section,
++           bfd_size_type offset);
++
++DESCRIPTION
++        Returns TRUE if the reloc described by @var{HOWTO} can be
++	applied at @var{OFFSET} octets in @var{SECTION}.
++
++*/
++
+ /* HOWTO describes a relocation, at offset OCTET.  Return whether the
+    relocation field is within SECTION of ABFD.  */
+ 
+-static bfd_boolean
+-reloc_offset_in_range (reloc_howto_type *howto, bfd *abfd,
+-		       asection *section, bfd_size_type octet)
++bfd_boolean
++bfd_reloc_offset_in_range (reloc_howto_type *howto,
++			   bfd *abfd,
++			   asection *section,
++			   bfd_size_type octet)
+ {
+   bfd_size_type octet_end = bfd_get_section_limit_octets (abfd, section);
+   bfd_size_type reloc_size = bfd_get_reloc_size (howto);
+@@ -617,6 +636,11 @@ bfd_perform_relocation (bfd *abfd,
+   if (howto && howto->special_function)
+     {
+       bfd_reloc_status_type cont;
++
++      /* Note - we do not call bfd_reloc_offset_in_range here as the
++	 reloc_entry->address field might actually be valid for the
++	 backend concerned.  It is up to the special_function itself
++	 to call bfd_reloc_offset_in_range if needed.  */
+       cont = howto->special_function (abfd, reloc_entry, symbol, data,
+ 				      input_section, output_bfd,
+ 				      error_message);
+@@ -637,7 +661,7 @@ bfd_perform_relocation (bfd *abfd,
+ 
+   /* Is the address of the relocation really within the section?  */
+   octets = reloc_entry->address * bfd_octets_per_byte (abfd);
+-  if (!reloc_offset_in_range (howto, abfd, input_section, octets))
++  if (!bfd_reloc_offset_in_range (howto, abfd, input_section, octets))
+     return bfd_reloc_outofrange;
+ 
+   /* Work out which section the relocation is targeted at and the
+@@ -1003,6 +1027,10 @@ bfd_install_relocation (bfd *abfd,
+     {
+       bfd_reloc_status_type cont;
+ 
++      /* Note - we do not call bfd_reloc_offset_in_range here as the
++	 reloc_entry->address field might actually be valid for the
++	 backend concerned.  It is up to the special_function itself
++	 to call bfd_reloc_offset_in_range if needed.  */
+       /* XXX - The special_function calls haven't been fixed up to deal
+ 	 with creating new relocations and section contents.  */
+       cont = howto->special_function (abfd, reloc_entry, symbol,
+@@ -1025,7 +1053,7 @@ bfd_install_relocation (bfd *abfd,
+ 
+   /* Is the address of the relocation really within the section?  */
+   octets = reloc_entry->address * bfd_octets_per_byte (abfd);
+-  if (!reloc_offset_in_range (howto, abfd, input_section, octets))
++  if (!bfd_reloc_offset_in_range (howto, abfd, input_section, octets))
+     return bfd_reloc_outofrange;
+ 
+   /* Work out which section the relocation is targeted at and the
+@@ -1363,7 +1391,7 @@ _bfd_final_link_relocate (reloc_howto_ty
+   bfd_size_type octets = address * bfd_octets_per_byte (input_bfd);
+ 
+   /* Sanity check the address.  */
+-  if (!reloc_offset_in_range (howto, input_bfd, input_section, octets))
++  if (!bfd_reloc_offset_in_range (howto, input_bfd, input_section, octets))
+     return bfd_reloc_outofrange;
+ 
+   /* This function assumes that we are dealing with a basic relocation
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,20 @@
++2017-11-28  Nick Clifton  <nickc@redhat.com>
++
++       PR 22506
++       * reloc.c (reloc_offset_in_range): Rename to
++      bfd_reloc_offset_in_range and export.
++       (bfd_perform_relocation): Rename function invocation.
++       (bfd_install_relocation): Likewise.
++       (bfd_final_link_relocate): Likewise.
++       * bfd-in2.h: Regenerate.
++       * coff-arm.c (coff_arm_reloc): Use bfd_reloc_offset_in_range.
++       * coff-i386.c (coff_i386_reloc): Likewise.
++       * coff-i860.c (coff_i860_reloc): Likewise.
++       * coff-m68k.c (mk68kcoff_common_addend_special_fn): Likewise.
++       * coff-m88k.c (m88k_special_reloc): Likewise.
++       * coff-mips.c (mips_reflo_reloc): Likewise.
++       * coff-x86_64.c (coff_amd64_reloc): Likewise.
++
+ 2017-11-16  Nick Clifton  <nickc@redhat.com>
+  
+        PR 22421

meta/recipes-devtools/binutils/binutils/CVE-2017-17122.patch

@@ -0,0 +1,58 @@
+From d785b7d4b877ed465d04072e17ca19d0f47d840f Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 29 Nov 2017 12:40:43 +0000
+Subject: [PATCH] Stop objdump from attempting to allocate a huge chunk of
+ memory when parsing relocs in a corrupt file.
+
+	PR 22508
+	* objdump.c (dump_relocs_in_section): Also check the section's
+	relocation count to make sure that it is reasonable before
+	attempting to allocate space for the relocs.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE:  CVE-2017-17122
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog |  7 +++++++
+ binutils/objdump.c | 11 ++++++++++-
+ 2 files changed, 17 insertions(+), 1 deletion(-)
+
+Index: git/binutils/objdump.c
+===================================================================
+--- git.orig/binutils/objdump.c
++++ git/binutils/objdump.c
+@@ -3381,7 +3381,16 @@ dump_relocs_in_section (bfd *abfd,
+     }
+ 
+   if ((bfd_get_file_flags (abfd) & (BFD_IN_MEMORY | BFD_LINKER_CREATED)) == 0
+-      && (ufile_ptr) relsize > bfd_get_file_size (abfd))
++      && (((ufile_ptr) relsize > bfd_get_file_size (abfd))
++	  /* Also check the section's reloc count since if this is negative
++	     (or very large) the computation in bfd_get_reloc_upper_bound
++	     may have resulted in returning a small, positive integer.
++	     See PR 22508 for a reproducer.
++
++	     Note - we check against file size rather than section size as
++	     it is possible for there to be more relocs that apply to a
++	     section than there are bytes in that section.  */
++	  || (section->reloc_count > bfd_get_file_size (abfd))))
+     {
+       printf (" (too many: 0x%x)\n", section->reloc_count);
+       bfd_set_error (bfd_error_file_truncated);
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog
++++ git/binutils/ChangeLog
+@@ -1,3 +1,10 @@
++2017-11-29  Nick Clifton  <nickc@redhat.com>
++
++       PR 22508
++       * objdump.c (dump_relocs_in_section): Also check the section's
++       relocation count to make sure that it is reasonable before
++       attempting to allocate space for the relocs.
++
+ 2017-11-02  Mingi Cho  <mgcho.minic@gmail.com>
+ 
+        PR 22384

meta/recipes-devtools/binutils/binutils/CVE-2017-17123.patch

@@ -0,0 +1,33 @@
+From 4581a1c7d304ce14e714b27522ebf3d0188d6543 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 29 Nov 2017 17:12:12 +0000
+Subject: [PATCH] Check for a NULL symbol pointer when reading relocs from a
+ COFF based file.
+
+	PR 22509
+	* coffcode.h (coff_slurp_reloc_table): Check for a NULL symbol
+	pointer when processing relocs.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-17123
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog  | 6 ++++++
+ bfd/coffcode.h | 2 +-
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+Index: git/bfd/coffcode.h
+===================================================================
+--- git.orig/bfd/coffcode.h
++++ git/bfd/coffcode.h
+@@ -5326,7 +5326,7 @@ coff_slurp_reloc_table (bfd * abfd, sec_
+ #else
+       cache_ptr->address = dst.r_vaddr;
+ 
+-      if (dst.r_symndx != -1)
++      if (dst.r_symndx != -1 && symbols != NULL)
+ 	{
+ 	  if (dst.r_symndx < 0 || dst.r_symndx >= obj_conv_table_size (abfd))
+ 	    {

meta/recipes-devtools/binutils/binutils/CVE-2017-17124.patch

@@ -0,0 +1,47 @@
+From b0029dce6867de1a2828293177b0e030d2f0f03c Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 28 Nov 2017 18:00:29 +0000
+Subject: [PATCH] Prevent a memory exhaustion problem when trying to read in
+ strings from a COFF binary with a corrupt string table size.
+
+	PR 22507
+	* coffgen.c (_bfd_coff_read_string_table): Check for an excessive
+	size of the external string table.
+
+Upstream-Status: Backport
+Affects binutls <= 2.29.1
+CVE:  CVE-2017-17124 
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 6 ++++++
+ bfd/coffgen.c | 4 ++--
+ 2 files changed, 8 insertions(+), 2 deletions(-)
+
+Index: git/bfd/coffgen.c
+===================================================================
+--- git.orig/bfd/coffgen.c
++++ git/bfd/coffgen.c
+@@ -1709,7 +1709,7 @@ _bfd_coff_read_string_table (bfd *abfd)
+ #endif
+     }
+ 
+-  if (strsize < STRING_SIZE_SIZE)
++  if (strsize < STRING_SIZE_SIZE || strsize > bfd_get_file_size (abfd))
+     {
+       _bfd_error_handler
+ 	/* xgettext: c-format */
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,9 @@
++2017-11-28  Nick Clifton  <nickc@redhat.com>
++
++       PR 22507
++       * coffgen.c (_bfd_coff_read_string_table): Check for an excessive
++       size of the external string table.
++
+ 2018-03-28  Eric Botcazou  <ebotcazou@adacore.com>
+ 
+ 	PR ld/22972

meta/recipes-devtools/binutils/binutils/CVE-2017-17125.patch

@@ -0,0 +1,129 @@
+From 160b1a618ad94988410dc81fce9189fcda5b7ff4 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sat, 18 Nov 2017 23:18:22 +1030
+Subject: [PATCH] PR22443, Global buffer overflow in
+ _bfd_elf_get_symbol_version_string
+
+Symbols like *ABS* defined in bfd/section.c:global_syms are not
+elf_symbol_type.  They can appear on relocs and perhaps other places
+in an ELF bfd, so a number of places in nm.c and objdump.c are wrong
+to cast an asymbol based on the bfd being ELF.  I think we lose
+nothing by excluding all section symbols, not just the global_syms.
+
+	PR 22443
+	* nm.c (sort_symbols_by_size): Don't attempt to access
+	section symbol internal_elf_sym.
+	(print_symbol): Likewise.  Don't call bfd_get_symbol_version_string
+	for section symbols.
+	* objdump.c (compare_symbols): Don't attempt to access
+	section symbol internal_elf_sym.
+	(objdump_print_symname): Don't call bfd_get_symbol_version_string
+	for section symbols.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE:  CVE-2017-17125
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog | 12 ++++++++++++
+ binutils/nm.c      | 17 ++++++++++-------
+ binutils/objdump.c |  6 +++---
+ 3 files changed, 25 insertions(+), 10 deletions(-)
+
+Index: git/binutils/nm.c
+===================================================================
+--- git.orig/binutils/nm.c
++++ git/binutils/nm.c
+@@ -765,7 +765,6 @@ sort_symbols_by_size (bfd *abfd, bfd_boo
+       asection *sec;
+       bfd_vma sz;
+       asymbol *temp;
+-      int synthetic = (sym->flags & BSF_SYNTHETIC);
+ 
+       if (from + size < fromend)
+ 	{
+@@ -782,10 +781,13 @@ sort_symbols_by_size (bfd *abfd, bfd_boo
+       sec = bfd_get_section (sym);
+ 
+       /* Synthetic symbols don't have a full type set of data available, thus
+-	 we can't rely on that information for the symbol size.  */
+-      if (!synthetic && bfd_get_flavour (abfd) == bfd_target_elf_flavour)
++	 we can't rely on that information for the symbol size.  Ditto for
++	 bfd/section.c:global_syms like *ABS*.  */
++      if ((sym->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0
++	  && bfd_get_flavour (abfd) == bfd_target_elf_flavour)
+ 	sz = ((elf_symbol_type *) sym)->internal_elf_sym.st_size;
+-      else if (!synthetic && bfd_is_com_section (sec))
++      else if ((sym->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0
++	       && bfd_is_com_section (sec))
+ 	sz = sym->value;
+       else
+ 	{
+@@ -874,8 +876,9 @@ print_symbol (bfd *        abfd,
+ 
+   info.sinfo = &syminfo;
+   info.ssize = ssize;
+-  /* Synthetic symbols do not have a full symbol type set of data available.  */
+-  if ((sym->flags & BSF_SYNTHETIC) != 0)
++  /* Synthetic symbols do not have a full symbol type set of data available.
++     Nor do bfd/section.c:global_syms like *ABS*.  */
++  if ((sym->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) != 0)
+     {
+       info.elfinfo = NULL;
+       info.coffinfo = NULL;
+@@ -893,7 +896,7 @@ print_symbol (bfd *        abfd,
+       const char *  version_string = NULL;
+       bfd_boolean   hidden = FALSE;
+ 
+-      if ((sym->flags & BSF_SYNTHETIC) == 0)
++      if ((sym->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0)
+ 	version_string = bfd_get_symbol_version_string (abfd, sym, &hidden);
+ 
+       if (bfd_is_und_section (bfd_get_section (sym)))
+Index: git/binutils/objdump.c
+===================================================================
+--- git.orig/binutils/objdump.c
++++ git/binutils/objdump.c
+@@ -799,10 +799,10 @@ compare_symbols (const void *ap, const v
+       bfd_vma asz, bsz;
+ 
+       asz = 0;
+-      if ((a->flags & BSF_SYNTHETIC) == 0)
++      if ((a->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0)
+ 	asz = ((elf_symbol_type *) a)->internal_elf_sym.st_size;
+       bsz = 0;
+-      if ((b->flags & BSF_SYNTHETIC) == 0)
++      if ((b->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0)
+ 	bsz = ((elf_symbol_type *) b)->internal_elf_sym.st_size;
+       if (asz != bsz)
+ 	return asz > bsz ? -1 : 1;
+@@ -888,7 +888,7 @@ objdump_print_symname (bfd *abfd, struct
+ 	name = alloc;
+     }
+ 
+-  if ((sym->flags & BSF_SYNTHETIC) == 0)
++  if ((sym->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0)
+     version_string = bfd_get_symbol_version_string (abfd, sym, &hidden);
+ 
+   if (bfd_is_und_section (bfd_get_section (sym)))
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog
++++ git/binutils/ChangeLog
+@@ -1,3 +1,15 @@
++2017-11-18  Alan Modra  <amodra@gmail.com>
++
++       PR 22443
++       * nm.c (sort_symbols_by_size): Don't attempt to access
++       section symbol internal_elf_sym.
++       (print_symbol): Likewise.  Don't call bfd_get_symbol_version_string
++       for section symbols.
++       * objdump.c (compare_symbols): Don't attempt to access
++       section symbol internal_elf_sym.
++       (objdump_print_symname): Don't call bfd_get_symbol_version_string
++       for section symbols.
++
+ 2017-11-29  Nick Clifton  <nickc@redhat.com>
+ 
+        PR 22508

meta/recipes-devtools/binutils/binutils/CVE-2018-10372.patch

@@ -0,0 +1,58 @@
+From 6aea08d9f3e3d6475a65454da488a0c51f5dc97d Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 17 Apr 2018 12:35:55 +0100
+Subject: [PATCH] Fix illegal memory access when parsing corrupt DWARF
+ information.
+
+	PR 23064
+	* dwarf.c (process_cu_tu_index): Test for a potential buffer
+	overrun before copying signature pointer.
+
+Upstream-Status: Backport
+Affects: <= 2.30
+CVE: CVE-2018-10372
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog |  6 ++++++
+ binutils/dwarf.c   | 13 ++++++++++++-
+ 2 files changed, 18 insertions(+), 1 deletion(-)
+
+Index: git/binutils/dwarf.c
+===================================================================
+--- git.orig/binutils/dwarf.c
++++ git/binutils/dwarf.c
+@@ -8526,7 +8526,18 @@ process_cu_tu_index (struct dwarf_sectio
+ 		}
+ 
+ 	      if (!do_display)
+-		memcpy (&this_set[row - 1].signature, ph, sizeof (uint64_t));
++		{
++		  size_t num_copy = sizeof (uint64_t);
++
++		  /* PR 23064: Beware of buffer overflow.  */
++		  if (ph + num_copy < limit)
++		    memcpy (&this_set[row - 1].signature, ph, num_copy);
++		  else
++		    {
++		      warn (_("Signature (%p) extends beyond end of space in section\n"), ph);
++		      return 0;
++		    }
++		}
+ 
+ 	      prow = poffsets + (row - 1) * ncols * 4;
+ 	      /* PR 17531: file: b8ce60a8.  */
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog
++++ git/binutils/ChangeLog
+@@ -1,3 +1,9 @@
++2018-04-17  Nick Clifton  <nickc@redhat.com>
++
++       PR 23064
++       * dwarf.c (process_cu_tu_index): Test for a potential buffer
++       overrun before copying signature pointer.
++
+ 2017-11-18  Alan Modra  <amodra@gmail.com>
+ 
+        PR 22443

meta/recipes-devtools/binutils/binutils/CVE-2018-10373.patch

@@ -0,0 +1,45 @@
+From 6327533b1fd29fa86f6bf34e61c332c010e3c689 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 17 Apr 2018 14:30:07 +0100
+Subject: [PATCH] Add a check for a NULL table pointer before attempting to
+ compute a DWARF filename.
+
+	PR 23065
+	* dwarf2.c (concat_filename): Check for a NULL table pointer.
+
+Upstream-Status: Backport
+Affects: <= 2.30
+CVE: CVE-2018-10373
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 5 +++++
+ bfd/dwarf2.c  | 2 +-
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c
++++ git/bfd/dwarf2.c
+@@ -1587,7 +1587,7 @@ concat_filename (struct line_info_table
+ {
+   char *filename;
+ 
+-  if (file - 1 >= table->num_files)
++  if (table == NULL || file - 1 >= table->num_files)
+     {
+       /* FILE == 0 means unknown.  */
+       if (file)
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,8 @@
++2018-04-17  Nick Clifton  <nickc@redhat.com>
++
++       PR 23065
++       * dwarf2.c (concat_filename): Check for a NULL table pointer.
++
+ 2017-11-28  Nick Clifton  <nickc@redhat.com>
+ 
+        PR 22506

meta/recipes-devtools/binutils/binutils/CVE-2018-10535.patch

@@ -0,0 +1,63 @@
+From db0c309f4011ca94a4abc8458e27f3734dab92ac Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 24 Apr 2018 16:57:04 +0100
+Subject: [PATCH] Fix an illegal memory access when trying to copy an ELF
+ binary with corrupt section symbols.
+
+	PR 23113
+	* elf.c (ignore_section_sym): Check for the output_section pointer
+	being NULL before dereferencing it.
+
+Upstream-Status: Backport
+Affects: <= 2.30
+CVE: CVE-2018-10535
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 4 ++++
+ bfd/elf.c     | 9 ++++++++-
+ 2 files changed, 12 insertions(+), 1 deletion(-)
+
+Index: git/bfd/elf.c
+===================================================================
+--- git.orig/bfd/elf.c
++++ git/bfd/elf.c
+@@ -3994,15 +3994,22 @@ ignore_section_sym (bfd *abfd, asymbol *
+ {
+   elf_symbol_type *type_ptr;
+ 
++  if (sym == NULL)
++    return FALSE;
++
+   if ((sym->flags & BSF_SECTION_SYM) == 0)
+     return FALSE;
+ 
++  if (sym->section == NULL)
++    return TRUE;
++
+   type_ptr = elf_symbol_from (abfd, sym);
+   return ((type_ptr != NULL
+ 	   && type_ptr->internal_elf_sym.st_shndx != 0
+ 	   && bfd_is_abs_section (sym->section))
+ 	  || !(sym->section->owner == abfd
+-	       || (sym->section->output_section->owner == abfd
++	       || (sym->section->output_section != NULL
++		   && sym->section->output_section->owner == abfd
+ 		   && sym->section->output_offset == 0)
+ 	       || bfd_is_abs_section (sym->section)));
+ }
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,4 +1,10 @@
+ 2018-04-24  Nick Clifton  <nickc@redhat.com>
++ 
++       PR 23113
++       * elf.c (ignore_section_sym): Check for the output_section pointer
++       being NULL before dereferencing it.
++
++2018-04-24  Nick Clifton  <nickc@redhat.com>
+ 
+        PR 23110
+        * peXXigen.c (_bfd_XX_bfd_copy_private_bfd_data_common): Check for

meta/recipes-devtools/binutils/binutils/CVE-2018-13033.patch

@@ -0,0 +1,71 @@
+From 95a6d23566165208853a68d9cd3c6eedca840ec6 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 8 May 2018 12:51:06 +0100
+Subject: [PATCH] Prevent a memory exhaustion failure when running objdump on a
+ fuzzed input file with corrupt string and attribute sections.
+
+	PR 22809
+	* elf.c (bfd_elf_get_str_section): Check for an excessively large
+	string section.
+	* elf-attrs.c (_bfd_elf_parse_attributes): Issue an error if the
+	attribute section is larger than the size of the file.
+
+Upstream-Status: Backport
+Affects: <= 2.30
+CVE: CVE-2018-13033
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog   | 8 ++++++++
+ bfd/elf-attrs.c | 9 +++++++++
+ bfd/elf.c       | 1 +
+ 3 files changed, 18 insertions(+)
+
+Index: git/bfd/elf-attrs.c
+===================================================================
+--- git.orig/bfd/elf-attrs.c
++++ git/bfd/elf-attrs.c
+@@ -438,6 +438,15 @@ _bfd_elf_parse_attributes (bfd *abfd, El
+   /* PR 17512: file: 2844a11d.  */
+   if (hdr->sh_size == 0)
+     return;
++  if (hdr->sh_size > bfd_get_file_size (abfd))
++    {
++      /* xgettext:c-format */
++      _bfd_error_handler (_("%pB: error: attribute section '%pA' too big: %#llx"),
++			  abfd, hdr->bfd_section, (long long) hdr->sh_size);
++      bfd_set_error (bfd_error_invalid_operation);
++      return;
++    }
++
+   contents = (bfd_byte *) bfd_malloc (hdr->sh_size + 1);
+   if (!contents)
+     return;
+Index: git/bfd/elf.c
+===================================================================
+--- git.orig/bfd/elf.c
++++ git/bfd/elf.c
+@@ -297,6 +297,7 @@ bfd_elf_get_str_section (bfd *abfd, unsi
+       /* Allocate and clear an extra byte at the end, to prevent crashes
+ 	 in case the string table is not terminated.  */
+       if (shstrtabsize + 1 <= 1
++	  || shstrtabsize > bfd_get_file_size (abfd)
+ 	  || bfd_seek (abfd, offset, SEEK_SET) != 0
+ 	  || (shstrtab = (bfd_byte *) bfd_alloc (abfd, shstrtabsize + 1)) == NULL)
+ 	shstrtab = NULL;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,11 @@
++2018-05-08  Nick Clifton  <nickc@redhat.com>
++
++       PR 22809
++       * elf.c (bfd_elf_get_str_section): Check for an excessively large
++       string section.
++       * elf-attrs.c (_bfd_elf_parse_attributes): Issue an error if the
++       attribute section is larger than the size of the file.
++
+ 2018-04-24  Nick Clifton  <nickc@redhat.com>
+  
+        PR 23113

meta/recipes-devtools/binutils/binutils/CVE-2018-6323.patch

@@ -0,0 +1,55 @@
+From 38e64b0ecc7f4ee64a02514b8d532782ac057fa2 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Thu, 25 Jan 2018 21:47:41 +1030
+Subject: [PATCH] PR22746, crash when running 32-bit objdump on corrupted file
+
+Avoid unsigned int overflow by performing bfd_size_type multiplication.
+
+	PR 22746
+	* elfcode.h (elf_object_p): Avoid integer overflow.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2018-6323
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 5 +++++
+ bfd/elfcode.h | 4 ++--
+ 2 files changed, 7 insertions(+), 2 deletions(-)
+
+Index: git/bfd/elfcode.h
+===================================================================
+--- git.orig/bfd/elfcode.h
++++ git/bfd/elfcode.h
+@@ -680,7 +680,7 @@ elf_object_p (bfd *abfd)
+       if (i_ehdrp->e_shnum > ((bfd_size_type) -1) / sizeof (*i_shdrp))
+ 	goto got_wrong_format_error;
+ #endif
+-      amt = sizeof (*i_shdrp) * i_ehdrp->e_shnum;
++      amt = sizeof (*i_shdrp) * (bfd_size_type) i_ehdrp->e_shnum;
+       i_shdrp = (Elf_Internal_Shdr *) bfd_alloc (abfd, amt);
+       if (!i_shdrp)
+ 	goto got_no_match;
+@@ -776,7 +776,7 @@ elf_object_p (bfd *abfd)
+       if (i_ehdrp->e_phnum > ((bfd_size_type) -1) / sizeof (*i_phdr))
+ 	goto got_wrong_format_error;
+ #endif
+-      amt = i_ehdrp->e_phnum * sizeof (*i_phdr);
++      amt = (bfd_size_type) i_ehdrp->e_phnum * sizeof (*i_phdr);
+       elf_tdata (abfd)->phdr = (Elf_Internal_Phdr *) bfd_alloc (abfd, amt);
+       if (elf_tdata (abfd)->phdr == NULL)
+ 	goto got_no_match;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,8 @@
++2018-01-25  Alan Modra  <amodra@gmail.com>
++
++       PR 22746
++       * elfcode.h (elf_object_p): Avoid integer overflow.
++
+ 2018-05-08  Nick Clifton  <nickc@redhat.com>
+ 
+        PR 22809

meta/recipes-devtools/binutils/binutils/CVE-2018-6759.patch

@@ -0,0 +1,108 @@
+From 64e234d417d5685a4aec0edc618114d9991c031b Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 6 Feb 2018 15:48:29 +0000
+Subject: [PATCH] Prevent attempts to call strncpy with a zero-length field by
+ chacking the size of debuglink sections.
+
+	PR 22794
+	* opncls.c (bfd_get_debug_link_info_1): Check the size of the
+	section before attempting to read it in.
+	(bfd_get_alt_debug_link_info): Likewise.
+
+Upstream-Status: Backport
+Affects: <= 2.30
+CVE: CVE-2018-6759
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog |  7 +++++++
+ bfd/opncls.c  | 22 +++++++++++++++++-----
+ 2 files changed, 24 insertions(+), 5 deletions(-)
+
+Index: git/bfd/opncls.c
+===================================================================
+--- git.orig/bfd/opncls.c
++++ git/bfd/opncls.c
+@@ -1179,6 +1179,7 @@ bfd_get_debug_link_info_1 (bfd *abfd, vo
+   bfd_byte *contents;
+   unsigned int crc_offset;
+   char *name;
++  bfd_size_type size;
+ 
+   BFD_ASSERT (abfd);
+   BFD_ASSERT (crc32_out);
+@@ -1188,6 +1189,12 @@ bfd_get_debug_link_info_1 (bfd *abfd, vo
+   if (sect == NULL)
+     return NULL;
+ 
++  size = bfd_get_section_size (sect);
++
++  /* PR 22794: Make sure that the section has a reasonable size.  */
++  if (size < 8 || size >= bfd_get_size (abfd))
++    return NULL;
++
+   if (!bfd_malloc_and_get_section (abfd, sect, &contents))
+     {
+       if (contents != NULL)
+@@ -1197,10 +1204,10 @@ bfd_get_debug_link_info_1 (bfd *abfd, vo
+ 
+   /* CRC value is stored after the filename, aligned up to 4 bytes.  */
+   name = (char *) contents;
+-  /* PR 17597: avoid reading off the end of the buffer.  */
+-  crc_offset = strnlen (name, bfd_get_section_size (sect)) + 1;
++  /* PR 17597: Avoid reading off the end of the buffer.  */
++  crc_offset = strnlen (name, size) + 1;
+   crc_offset = (crc_offset + 3) & ~3;
+-  if (crc_offset + 4 > bfd_get_section_size (sect))
++  if (crc_offset + 4 > size)
+     return NULL;
+ 
+   *crc32 = bfd_get_32 (abfd, contents + crc_offset);
+@@ -1261,6 +1268,7 @@ bfd_get_alt_debug_link_info (bfd * abfd,
+   bfd_byte *contents;
+   unsigned int buildid_offset;
+   char *name;
++  bfd_size_type size;
+ 
+   BFD_ASSERT (abfd);
+   BFD_ASSERT (buildid_len);
+@@ -1271,6 +1279,10 @@ bfd_get_alt_debug_link_info (bfd * abfd,
+   if (sect == NULL)
+     return NULL;
+ 
++  size = bfd_get_section_size (sect);
++  if (size < 8 || size >= bfd_get_size (abfd))
++    return NULL;
++
+   if (!bfd_malloc_and_get_section (abfd, sect, & contents))
+     {
+       if (contents != NULL)
+@@ -1280,11 +1292,11 @@ bfd_get_alt_debug_link_info (bfd * abfd,
+ 
+   /* BuildID value is stored after the filename.  */
+   name = (char *) contents;
+-  buildid_offset = strnlen (name, bfd_get_section_size (sect)) + 1;
++  buildid_offset = strnlen (name, size) + 1;
+   if (buildid_offset >= bfd_get_section_size (sect))
+     return NULL;
+ 
+-  *buildid_len = bfd_get_section_size (sect) - buildid_offset;
++  *buildid_len = size - buildid_offset;
+   *buildid_out = bfd_malloc (*buildid_len);
+   memcpy (*buildid_out, contents + buildid_offset, *buildid_len);
+ 
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,10 @@
++2018-02-06  Nick Clifton  <nickc@redhat.com>
++
++       PR 22794
++       * opncls.c (bfd_get_debug_link_info_1): Check the size of the
++       section before attempting to read it in.
++       (bfd_get_alt_debug_link_info): Likewise.
++
+ 2018-01-25  Alan Modra  <amodra@gmail.com>
+ 
+        PR 22746

meta/recipes-devtools/binutils/binutils/CVE-2018-7208.patch

@@ -0,0 +1,47 @@
+From eb77f6a4621795367a39cdd30957903af9dbb815 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sat, 27 Jan 2018 08:19:33 +1030
+Subject: [PATCH] PR22741, objcopy segfault on fuzzed COFF object
+
+	PR 22741
+	* coffgen.c (coff_pointerize_aux): Ensure auxent tagndx is in
+	range before converting to a symbol table pointer.
+
+Upstream-Status: Backport
+Affects: <= 2.30
+CVE: CVE-2018-7208
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 6 ++++++
+ bfd/coffgen.c | 3 ++-
+ 2 files changed, 8 insertions(+), 1 deletion(-)
+
+Index: git/bfd/coffgen.c
+===================================================================
+--- git.orig/bfd/coffgen.c
++++ git/bfd/coffgen.c
+@@ -1555,7 +1555,8 @@ coff_pointerize_aux (bfd *abfd,
+     }
+   /* A negative tagndx is meaningless, but the SCO 3.2v4 cc can
+      generate one, so we must be careful to ignore it.  */
+-  if (auxent->u.auxent.x_sym.x_tagndx.l > 0)
++  if ((unsigned long) auxent->u.auxent.x_sym.x_tagndx.l
++      < obj_raw_syment_count (abfd))
+     {
+       auxent->u.auxent.x_sym.x_tagndx.p =
+ 	table_base + auxent->u.auxent.x_sym.x_tagndx.l;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,9 @@
++2018-01-29  Alan Modra  <amodra@gmail.com>
++
++       PR 22741
++       * coffgen.c (coff_pointerize_aux): Ensure auxent tagndx is in
++       range before converting to a symbol table pointer.
++
+ 2018-02-06  Nick Clifton  <nickc@redhat.com>
+ 
+        PR 22794

meta/recipes-devtools/binutils/binutils/CVE-2018-7568_p1.patch

@@ -0,0 +1,161 @@
+From 1da5c9a485f3dcac4c45e96ef4b7dae5948314b5 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Mon, 25 Sep 2017 20:20:38 +0930
+Subject: [PATCH] PR22202, buffer overflow in parse_die
+
+There was a complete lack of sanity checking in dwarf1.c
+
+	PR 22202
+	* dwarf1.c (parse_die): Sanity check pointer against section limit
+	before dereferencing.
+	(parse_line_table): Likewise.
+
+Upstream-Status: Backport
+Affects: <= 2.30
+CVE: CVE-2018-7568 patch1
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog |  7 +++++++
+ bfd/dwarf1.c  | 56 ++++++++++++++++++++++++++++++++++++++------------------
+ 2 files changed, 45 insertions(+), 18 deletions(-)
+
+Index: git/bfd/dwarf1.c
+===================================================================
+--- git.orig/bfd/dwarf1.c
++++ git/bfd/dwarf1.c
+@@ -189,11 +189,14 @@ parse_die (bfd *             abfd,
+   memset (aDieInfo, 0, sizeof (* aDieInfo));
+ 
+   /* First comes the length.  */
+-  aDieInfo->length = bfd_get_32 (abfd, (bfd_byte *) xptr);
++  if (xptr + 4 > aDiePtrEnd)
++    return FALSE;
++  aDieInfo->length = bfd_get_32 (abfd, xptr);
+   xptr += 4;
+   if (aDieInfo->length == 0
+-      || (this_die + aDieInfo->length) >= aDiePtrEnd)
++      || this_die + aDieInfo->length > aDiePtrEnd)
+     return FALSE;
++  aDiePtrEnd = this_die + aDieInfo->length;
+   if (aDieInfo->length < 6)
+     {
+       /* Just padding bytes.  */
+@@ -202,18 +205,20 @@ parse_die (bfd *             abfd,
+     }
+ 
+   /* Then the tag.  */
+-  aDieInfo->tag = bfd_get_16 (abfd, (bfd_byte *) xptr);
++  if (xptr + 2 > aDiePtrEnd)
++    return FALSE;
++  aDieInfo->tag = bfd_get_16 (abfd, xptr);
+   xptr += 2;
+ 
+   /* Then the attributes.  */
+-  while (xptr < (this_die + aDieInfo->length))
++  while (xptr + 2 <= aDiePtrEnd)
+     {
+       unsigned short attr;
+ 
+       /* Parse the attribute based on its form.  This section
+          must handle all dwarf1 forms, but need only handle the
+ 	 actual attributes that we care about.  */
+-      attr = bfd_get_16 (abfd, (bfd_byte *) xptr);
++      attr = bfd_get_16 (abfd, xptr);
+       xptr += 2;
+ 
+       switch (FORM_FROM_ATTR (attr))
+@@ -223,12 +228,15 @@ parse_die (bfd *             abfd,
+ 	  break;
+ 	case FORM_DATA4:
+ 	case FORM_REF:
+-	  if (attr == AT_sibling)
+-	    aDieInfo->sibling = bfd_get_32 (abfd, (bfd_byte *) xptr);
+-	  else if (attr == AT_stmt_list)
++	  if (xptr + 4 <= aDiePtrEnd)
+ 	    {
+-	      aDieInfo->stmt_list_offset = bfd_get_32 (abfd, (bfd_byte *) xptr);
+-	      aDieInfo->has_stmt_list = 1;
++	      if (attr == AT_sibling)
++		aDieInfo->sibling = bfd_get_32 (abfd, xptr);
++	      else if (attr == AT_stmt_list)
++		{
++		  aDieInfo->stmt_list_offset = bfd_get_32 (abfd, xptr);
++		  aDieInfo->has_stmt_list = 1;
++		}
+ 	    }
+ 	  xptr += 4;
+ 	  break;
+@@ -236,22 +244,29 @@ parse_die (bfd *             abfd,
+ 	  xptr += 8;
+ 	  break;
+ 	case FORM_ADDR:
+-	  if (attr == AT_low_pc)
+-	    aDieInfo->low_pc = bfd_get_32 (abfd, (bfd_byte *) xptr);
+-	  else if (attr == AT_high_pc)
+-	    aDieInfo->high_pc = bfd_get_32 (abfd, (bfd_byte *) xptr);
++	  if (xptr + 4 <= aDiePtrEnd)
++	    {
++	      if (attr == AT_low_pc)
++		aDieInfo->low_pc = bfd_get_32 (abfd, xptr);
++	      else if (attr == AT_high_pc)
++		aDieInfo->high_pc = bfd_get_32 (abfd, xptr);
++	    }
+ 	  xptr += 4;
+ 	  break;
+ 	case FORM_BLOCK2:
+-	  xptr += 2 + bfd_get_16 (abfd, (bfd_byte *) xptr);
++	  if (xptr + 2 <= aDiePtrEnd)
++	    xptr += bfd_get_16 (abfd, xptr);
++	  xptr += 2;
+ 	  break;
+ 	case FORM_BLOCK4:
+-	  xptr += 4 + bfd_get_32 (abfd, (bfd_byte *) xptr);
++	  if (xptr + 4 <= aDiePtrEnd)
++	    xptr += bfd_get_32 (abfd, xptr);
++	  xptr += 4;
+ 	  break;
+ 	case FORM_STRING:
+ 	  if (attr == AT_name)
+ 	    aDieInfo->name = (char *) xptr;
+-	  xptr += strlen ((char *) xptr) + 1;
++	  xptr += strnlen ((char *) xptr, aDiePtrEnd - xptr) + 1;
+ 	  break;
+ 	}
+     }
+@@ -290,7 +305,7 @@ parse_line_table (struct dwarf1_debug* s
+     }
+ 
+   xptr = stash->line_section + aUnit->stmt_list_offset;
+-  if (xptr < stash->line_section_end)
++  if (xptr + 8 <= stash->line_section_end)
+     {
+       unsigned long eachLine;
+       bfd_byte *tblend;
+@@ -318,6 +333,11 @@ parse_line_table (struct dwarf1_debug* s
+ 
+       for (eachLine = 0; eachLine < aUnit->line_count; eachLine++)
+ 	{
++	  if (xptr + 10 > stash->line_section_end)
++	    {
++	      aUnit->line_count = eachLine;
++	      break;
++	    }
+ 	  /* A line number.  */
+ 	  aUnit->linenumber_table[eachLine].linenumber
+ 	    = bfd_get_32 (stash->abfd, (bfd_byte *) xptr);
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,10 @@
++2017-09-25  Alan Modra  <amodra@gmail.com>
++
++       PR 22202
++       * dwarf1.c (parse_die): Sanity check pointer against section limit
++       before dereferencing.
++       (parse_line_table): Likewise.
++
+ 2018-01-29  Alan Modra  <amodra@gmail.com>
+ 
+        PR 22741

meta/recipes-devtools/binutils/binutils/CVE-2018-7568_p2.patch

@@ -0,0 +1,73 @@
+From eef104664efb52965d85a28bc3fc7c77e52e48e2 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 28 Feb 2018 10:13:54 +0000
+Subject: [PATCH] Fix potential integer overflow when reading corrupt dwarf1
+ debug information.
+
+	PR 22894
+	* dwarf1.c (parse_die): Check the length of form blocks before
+	advancing the data pointer.
+
+Upstream-Status: Backport
+Affects: <= 2.30
+CVE: CVE-2018-7568 patch2
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog |  6 ++++++
+ bfd/dwarf1.c  | 17 +++++++++++++++--
+ 2 files changed, 21 insertions(+), 2 deletions(-)
+
+Index: git/bfd/dwarf1.c
+===================================================================
+--- git.orig/bfd/dwarf1.c
++++ git/bfd/dwarf1.c
+@@ -213,6 +213,7 @@ parse_die (bfd *             abfd,
+   /* Then the attributes.  */
+   while (xptr + 2 <= aDiePtrEnd)
+     {
++      unsigned int   block_len;
+       unsigned short attr;
+ 
+       /* Parse the attribute based on its form.  This section
+@@ -255,12 +256,24 @@ parse_die (bfd *             abfd,
+ 	  break;
+ 	case FORM_BLOCK2:
+ 	  if (xptr + 2 <= aDiePtrEnd)
+-	    xptr += bfd_get_16 (abfd, xptr);
++	    {
++	      block_len = bfd_get_16 (abfd, xptr);
++	      if (xptr + block_len > aDiePtrEnd
++		  || xptr + block_len < xptr)
++		return FALSE;
++	      xptr += block_len;
++	    }
+ 	  xptr += 2;
+ 	  break;
+ 	case FORM_BLOCK4:
+ 	  if (xptr + 4 <= aDiePtrEnd)
+-	    xptr += bfd_get_32 (abfd, xptr);
++	    {
++	      block_len = bfd_get_32 (abfd, xptr);
++	      if (xptr + block_len > aDiePtrEnd
++		  || xptr + block_len < xptr)
++		return FALSE;
++	      xptr += block_len;
++	    }
+ 	  xptr += 4;
+ 	  break;
+ 	case FORM_STRING:
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,9 @@
++2018-02-28  Nick Clifton  <nickc@redhat.com>
++
++       PR 22894
++       * dwarf1.c (parse_die): Check the length of form blocks before
++       advancing the data pointer.
++
+ 2017-09-25  Alan Modra  <amodra@gmail.com>
+ 
+        PR 22202

meta/recipes-devtools/binutils/binutils/CVE-2018-7569.patch

@@ -0,0 +1,120 @@
+From 12c963421d045a127c413a0722062b9932c50aa9 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 28 Feb 2018 11:50:49 +0000
+Subject: [PATCH] Catch integer overflows/underflows when parsing corrupt DWARF
+ FORM blocks.
+
+	PR 22895
+	PR 22893
+	* dwarf2.c (read_n_bytes): Replace size parameter with dwarf_block
+	pointer.  Drop unused abfd parameter.  Check the size of the block
+	before initialising the data field.  Return the end pointer if the
+	size is invalid.
+	(read_attribute_value): Adjust invocations of read_n_bytes.
+
+Upstream-Status: Backport
+Affects: <= 2.30
+CVE: CVE-2018-7569
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog |  8 ++++++++
+ bfd/dwarf2.c  | 36 +++++++++++++++++++++---------------
+ 2 files changed, 29 insertions(+), 15 deletions(-)
+
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c
++++ git/bfd/dwarf2.c
+@@ -649,14 +649,24 @@ read_8_bytes (bfd *abfd, bfd_byte *buf,
+ }
+ 
+ static bfd_byte *
+-read_n_bytes (bfd *abfd ATTRIBUTE_UNUSED,
+-	      bfd_byte *buf,
+-	      bfd_byte *end,
+-	      unsigned int size ATTRIBUTE_UNUSED)
+-{
+-  if (buf + size > end)
+-    return NULL;
+-  return buf;
++read_n_bytes (bfd_byte *           buf,
++	      bfd_byte *           end,
++	      struct dwarf_block * block)
++{
++  unsigned int  size = block->size;
++  bfd_byte *    block_end = buf + size;
++
++  if (block_end > end || block_end < buf)
++    {
++      block->data = NULL;
++      block->size = 0;
++      return end;
++    }
++  else
++    {
++      block->data = buf;
++      return block_end;
++    }
+ }
+ 
+ /* Scans a NUL terminated string starting at BUF, returning a pointer to it.
+@@ -1154,8 +1164,7 @@ read_attribute_value (struct attribute *
+ 	return NULL;
+       blk->size = read_2_bytes (abfd, info_ptr, info_ptr_end);
+       info_ptr += 2;
+-      blk->data = read_n_bytes (abfd, info_ptr, info_ptr_end, blk->size);
+-      info_ptr += blk->size;
++      info_ptr = read_n_bytes (info_ptr, info_ptr_end, blk);
+       attr->u.blk = blk;
+       break;
+     case DW_FORM_block4:
+@@ -1165,8 +1174,7 @@ read_attribute_value (struct attribute *
+ 	return NULL;
+       blk->size = read_4_bytes (abfd, info_ptr, info_ptr_end);
+       info_ptr += 4;
+-      blk->data = read_n_bytes (abfd, info_ptr, info_ptr_end, blk->size);
+-      info_ptr += blk->size;
++      info_ptr = read_n_bytes (info_ptr, info_ptr_end, blk);
+       attr->u.blk = blk;
+       break;
+     case DW_FORM_data2:
+@@ -1206,8 +1214,7 @@ read_attribute_value (struct attribute *
+       blk->size = _bfd_safe_read_leb128 (abfd, info_ptr, &bytes_read,
+ 					 FALSE, info_ptr_end);
+       info_ptr += bytes_read;
+-      blk->data = read_n_bytes (abfd, info_ptr, info_ptr_end, blk->size);
+-      info_ptr += blk->size;
++      info_ptr = read_n_bytes (info_ptr, info_ptr_end, blk);
+       attr->u.blk = blk;
+       break;
+     case DW_FORM_block1:
+@@ -1217,8 +1224,7 @@ read_attribute_value (struct attribute *
+ 	return NULL;
+       blk->size = read_1_byte (abfd, info_ptr, info_ptr_end);
+       info_ptr += 1;
+-      blk->data = read_n_bytes (abfd, info_ptr, info_ptr_end, blk->size);
+-      info_ptr += blk->size;
++      info_ptr = read_n_bytes (info_ptr, info_ptr_end, blk);
+       attr->u.blk = blk;
+       break;
+     case DW_FORM_data1:
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,4 +1,14 @@
+ 2018-02-28  Nick Clifton  <nickc@redhat.com>
++ 
++       PR 22895
++       PR 22893
++       * dwarf2.c (read_n_bytes): Replace size parameter with dwarf_block
++       pointer.  Drop unused abfd parameter.  Check the size of the block
++       before initialising the data field.  Return the end pointer if the
++       size is invalid.
++       (read_attribute_value): Adjust invocations of read_n_bytes.
++
++2018-02-28  Nick Clifton  <nickc@redhat.com>
+ 
+        PR 22894
+        * dwarf1.c (parse_die): Check the length of form blocks before

meta/recipes-devtools/binutils/binutils/CVE-2018-7642.patch

@@ -0,0 +1,51 @@
+From 116acb2c268c89c89186673a7c92620d21825b25 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Wed, 28 Feb 2018 22:09:50 +1030
+Subject: [PATCH] PR22887, null pointer dereference in
+ aout_32_swap_std_reloc_out
+
+	PR 22887
+	* aoutx.h (swap_std_reloc_in): Correct r_index bound check.
+
+Upstream-Status: Backport
+Affects: <= 2.30
+CVE: CVE-2018-7642
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 5 +++++
+ bfd/aoutx.h   | 6 ++++--
+ 2 files changed, 9 insertions(+), 2 deletions(-)
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,8 @@
++2018-02-28  Alan Modra  <amodra@gmail.com>
++
++	PR 22887
++	* aoutx.h (swap_std_reloc_in): Correct r_index bound check.
++
+ 2018-02-28  Nick Clifton  <nickc@redhat.com>
+  
+        PR 22895
+Index: git/bfd/aoutx.h
+===================================================================
+--- git.orig/bfd/aoutx.h
++++ git/bfd/aoutx.h
+@@ -2211,10 +2211,12 @@ NAME (aout, swap_ext_reloc_in) (bfd *abf
+       || r_type == (unsigned int) RELOC_BASE22)
+     r_extern = 1;
+ 
+-  if (r_extern && r_index > symcount)
++  if (r_extern && r_index >= symcount)
+     {
+       /* We could arrange to return an error, but it might be useful
+-         to see the file even if it is bad.  */
++        to see the file even if it is bad.  FIXME: Of course this
++        means that objdump -r *doesn't* see the actual reloc, and
++        objcopy silently writes a different reloc.  */
+       r_extern = 0;
+       r_index = N_ABS;
+     }

meta/recipes-devtools/chrpath/chrpath_0.16.bb

@@ -7,14 +7,12 @@ BUGTRACKER = "http://alioth.debian.org/tracker/?atid=412807&group_id=31052"
 LICENSE = "GPLv2"
 LIC_FILES_CHKSUM = "file://COPYING;md5=59530bdf33659b29e73d4adb9f9f6552"
 
-SRC_URI = "https://alioth.debian.org/frs/download.php/file/3979/chrpath-0.16.tar.gz \
+SRC_URI = "${DEBIAN_MIRROR}/main/c/${BPN}/${BPN}_${PV}.orig.tar.gz \
            file://standarddoc.patch"
 
 SRC_URI[md5sum] = "2bf8d1d1ee345fc8a7915576f5649982"
 SRC_URI[sha256sum] = "bb0d4c54bac2990e1bdf8132f2c9477ae752859d523e141e72b3b11a12c26e7b"
 
-UPSTREAM_CHECK_URI = "http://alioth.debian.org/frs/?group_id=31052"
-
 inherit autotools
 
 # We don't have a staged chrpath-native for ensuring our binary is

meta/recipes-devtools/distcc/distcc_3.2.bb

@@ -41,7 +41,9 @@ INITSCRIPT_NAME = "distcc"
 SYSTEMD_PACKAGES = "${PN}"
 SYSTEMD_SERVICE_${PN} = "distcc.service"
 
-do_install_append() {
+do_install() {
+    # Improve reproducibility: compress w/o timestamps
+    oe_runmake 'DESTDIR=${D}'  "GZIP_BIN=gzip -n" install
     install -d ${D}${sysconfdir}/init.d/
     install -d ${D}${sysconfdir}/default
     install -m 0755 ${WORKDIR}/distcc ${D}${sysconfdir}/init.d/

meta/recipes-devtools/make/make.inc

@@ -5,7 +5,10 @@ called the makefile, which lists each of the non-source files and how to compute
 HOMEPAGE = "http://www.gnu.org/software/make/"
 SECTION = "devel"
 
-SRC_URI = "${GNU_MIRROR}/make/make-${PV}.tar.bz2"
+SRC_URI = "${GNU_MIRROR}/make/make-${PV}.tar.bz2 \
+           file://0001-glob-Do-not-assume-glibc-glob-internals.patch \
+           file://0002-glob-Do-not-assume-glibc-glob-internals.patch \
+           "
 
 inherit autotools gettext pkgconfig texinfo
 

meta/recipes-devtools/make/make/0001-glob-Do-not-assume-glibc-glob-internals.patch

@@ -0,0 +1,70 @@
+From c90a7dda6c572f79b8e78da44b6ebf8704edef65 Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert@cs.ucla.edu>
+Date: Sun, 24 Sep 2017 09:12:58 -0400
+Subject: [PATCH 1/2] glob: Do not assume glibc glob internals.
+
+It has been proposed that glibc glob start using gl_lstat,
+which the API allows it to do.  GNU 'make' should not get in
+the way of this.  See:
+https://sourceware.org/ml/libc-alpha/2017-09/msg00409.html
+
+* dir.c (local_lstat): New function, like local_stat.
+(dir_setup_glob): Use it to initialize gl_lstat too, as the API
+requires.
+---
+Upstream-Status: Backport
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+ dir.c | 29 +++++++++++++++++++++++++++--
+ 1 file changed, 27 insertions(+), 2 deletions(-)
+
+diff --git a/dir.c b/dir.c
+index f34bbf5..12eef30 100644
+--- a/dir.c
++++ b/dir.c
+@@ -1299,15 +1299,40 @@ local_stat (const char *path, struct stat *buf)
+ }
+ #endif
+ 
++/* Similarly for lstat.  */
++#if !defined(lstat) && !defined(WINDOWS32) || defined(VMS)
++# ifndef VMS
++#  ifndef HAVE_SYS_STAT_H
++int lstat (const char *path, struct stat *sbuf);
++#  endif
++# else
++    /* We are done with the fake lstat.  Go back to the real lstat */
++#   ifdef lstat
++#     undef lstat
++#   endif
++# endif
++# define local_lstat lstat
++#elif defined(WINDOWS32)
++/* Windows doesn't support lstat().  */
++# define local_lstat local_stat
++#else
++static int
++local_lstat (const char *path, struct stat *buf)
++{
++  int e;
++  EINTRLOOP (e, lstat (path, buf));
++  return e;
++}
++#endif
++
+ void
+ dir_setup_glob (glob_t *gl)
+ {
+   gl->gl_opendir = open_dirstream;
+   gl->gl_readdir = read_dirstream;
+   gl->gl_closedir = free;
++  gl->gl_lstat = local_lstat;
+   gl->gl_stat = local_stat;
+-  /* We don't bother setting gl_lstat, since glob never calls it.
+-     The slot is only there for compatibility with 4.4 BSD.  */
+ }
+ 
+ void
+-- 
+2.16.1
+

meta/recipes-devtools/make/make/0002-glob-Do-not-assume-glibc-glob-internals.patch

@@ -0,0 +1,38 @@
+From 9858702dbd1e137262c06765919937660879f63c Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert@cs.ucla.edu>
+Date: Sun, 24 Sep 2017 09:12:58 -0400
+Subject: [PATCH 2/2] glob: Do not assume glibc glob internals.
+
+It has been proposed that glibc glob start using gl_lstat,
+which the API allows it to do.  GNU 'make' should not get in
+the way of this.  See:
+https://sourceware.org/ml/libc-alpha/2017-09/msg00409.html
+
+* dir.c (local_lstat): New function, like local_stat.
+(dir_setup_glob): Use it to initialize gl_lstat too, as the API
+requires.
+---
+Upstream-Status: Backport
+
+ configure.ac | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 64ec870..e87901c 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -399,10 +399,9 @@ AC_CACHE_CHECK([if system libc has GNU glob], [make_cv_sys_gnu_glob],
+ #include <glob.h>
+ #include <fnmatch.h>
+ 
+-#define GLOB_INTERFACE_VERSION 1
+ #if !defined _LIBC && defined __GNU_LIBRARY__ && __GNU_LIBRARY__ > 1
+ # include <gnu-versions.h>
+-# if _GNU_GLOB_INTERFACE_VERSION == GLOB_INTERFACE_VERSION
++if _GNU_GLOB_INTERFACE_VERSION == 1 || _GNU_GLOB_INTERFACE_VERSION == 2
+    gnu glob
+ # endif
+ #endif],
+-- 
+2.16.1
+

meta/recipes-devtools/patch/patch/0001-Fix-swapping-fake-lines-in-pch_swap.patch

@@ -0,0 +1,36 @@
+From 9c986353e420ead6e706262bf204d6e03322c300 Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruen@gnu.org>
+Date: Fri, 17 Aug 2018 13:35:40 +0200
+Subject: [PATCH] Fix swapping fake lines in pch_swap
+
+* src/pch.c (pch_swap): Fix swapping p_bfake and p_efake when there is a
+blank line in the middle of a context-diff hunk: that empty line stays
+in the middle of the hunk and isn't swapped.
+
+Fixes: https://savannah.gnu.org/bugs/index.php?53133
+Signed-off-by: Andreas Gruenbacher <agruen@gnu.org>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/git/patch.git]
+CVE: CVE-2018-6952
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+
+---
+ src/pch.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/pch.c b/src/pch.c
+index e92bc64..a500ad9 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -2122,7 +2122,7 @@ pch_swap (void)
+     }
+     if (p_efake >= 0) {			/* fix non-freeable ptr range */
+ 	if (p_efake <= i)
+-	    n = p_end - i + 1;
++	    n = p_end - p_ptrn_lines;
+ 	else
+ 	    n = -i;
+ 	p_efake += n;
+-- 
+2.10.2
+

meta/recipes-devtools/patch/patch_2.7.6.bb

@@ -5,6 +5,7 @@ SRC_URI += "file://0001-Unset-need_charset_alias-when-building-for-musl.patch \
             file://0002-Fix-segfault-with-mangled-rename-patch.patch \
             file://0003-Allow-input-files-to-be-missing-for-ed-style-patches.patch \
             file://0004-Fix-arbitrary-command-execution-in-ed-style-patches-.patch \
+            file://0001-Fix-swapping-fake-lines-in-pch_swap.patch \
 "
 
 SRC_URI[md5sum] = "4c68cee989d83c87b00a3860bcd05600"

meta/recipes-devtools/perl/perl/0001-Skip-various-tests-if-PERL_BUILD_PACKAGING-is-set.patch

@@ -0,0 +1,126 @@
+From ba6733216202523a95b0b7ee2e534b8e30b6d7df Mon Sep 17 00:00:00 2001
+From: Dominic Hargreaves <dom@earth.li>
+Date: Sat, 14 Oct 2017 16:27:53 +0200
+Subject: [PATCH] Skip various tests if PERL_BUILD_PACKAGING is set
+
+These are tests which tend not to be useful for downstream packagers
+
+t/porting/customized.t change originally from Todd Rinaldo
+
+Upstream-Status: Backport[https://perl5.git.perl.org/perl.git/ba6733216202523a95b0b7ee2e534b8e30b6d7df]
+
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ INSTALL                |  3 ++-
+ MANIFEST               |  1 +
+ PACKAGING              | 30 ++++++++++++++++++++++++++++++
+ regen/lib_cleanup.pl   |  5 +++++
+ t/porting/customized.t |  1 +
+ t/test.pl              |  3 +++
+ 6 files changed, 42 insertions(+), 1 deletion(-)
+ create mode 100644 PACKAGING
+
+diff --git a/INSTALL b/INSTALL
+index 636f4bd52f..1285fc69a2 100644
+--- a/INSTALL
++++ b/INSTALL
+@@ -2714,4 +2714,5 @@ This document is part of the Perl package and may be distributed under
+ the same terms as perl itself, with the following additional request:
+ If you are distributing a modified version of perl (perhaps as part of
+ a larger package) please B<do> modify these installation instructions
+-and the contact information to match your distribution.
++and the contact information to match your distribution. Additional
++information for packagers is in F<PACKAGING>.
+diff --git a/MANIFEST b/MANIFEST
+index b3207030a9..32de824ca1 100644
+--- a/MANIFEST
++++ b/MANIFEST
+@@ -4932,6 +4932,7 @@ os2/perlrexx.c			Support perl interpreter embedded in REXX
+ os2/perlrexx.cmd		Test perl interpreter embedded in REXX
+ overload.h			generated overload enum (public)
+ overload.inc			generated overload name table (implementation)
++PACKAGING			notes and best practice for packaging perl 5
+ packsizetables.inc		The generated packprops array used in pp_pack.c
+ pad.c				Scratchpad functions
+ pad.h				Scratchpad headers
+diff --git a/PACKAGING b/PACKAGING
+new file mode 100644
+index 0000000000..0c69b87ba6
+--- /dev/null
++++ b/PACKAGING
+@@ -0,0 +1,30 @@
++If you read this file _as_is_, just ignore the funny characters you
++see.  It is written in the POD format (see pod/perlpod.pod) which is
++specifically designed to be readable as is.
++
++=head1 NAME
++
++PACKAGING - notes and best practice for packaging perl 5
++
++=head1 SYNOPSIS
++
++This document is aimed at anyone who is producing their own version of
++perl for distribution to other users. It is intended as a collection
++of useful tips, advice and best practice, rather than being a complete
++packaging manual. The starting point for installing perl remains
++F<INSTALL>.
++
++=head1 Customizing test running
++
++A small number of porting tests (those in t/porting) are not well suited
++to typical distribution packaging scenarios. For example, they assume
++they are working in a git clone of the upstream Perl repository, or
++enforce rules which are not relevant to downstream packagers. These can
++be skipped by setting the environment variable PERL_BUILD_PACKAGING.
++A complete list of tests which this applied to can be found by searching
++the codebase for this string.
++
++An alternative strategy would be to skip all porting tests, but many of
++them are useful if additional patches might be applied.
++
++=cut
+diff --git a/regen/lib_cleanup.pl b/regen/lib_cleanup.pl
+index 5e40b405a4..6caf74a563 100644
+--- a/regen/lib_cleanup.pl
++++ b/regen/lib_cleanup.pl
+@@ -164,6 +164,11 @@ if ($TAP && !-d '.git' && !-f 'lib/.gitignore') {
+     exit 0;
+ }
+ 
++if ($ENV{'PERL_BUILD_PACKAGING'}) {
++    print "ok # skip explicitly disabled git tests by PERL_BUILD_PACKAGING\n";
++    exit 0;
++}
++
+ $fh = open_new('lib/.gitignore', '>',
+                { by => $0,
+                  from => 'MANIFEST and parsing files in cpan/ dist/ and ext/'});
+diff --git a/t/porting/customized.t b/t/porting/customized.t
+index 45fcafb100..5c3739198c 100644
+--- a/t/porting/customized.t
++++ b/t/porting/customized.t
+@@ -13,6 +13,7 @@ BEGIN {
+     @INC = qw(lib Porting t);
+     require 'test.pl';
+     skip_all("pre-computed SHA1 won't match under EBCDIC") if $::IS_EBCDIC;
++    skip_all("This distro may have modified some files in cpan/. Skipping validation.") if $ENV{'PERL_BUILD_PACKAGING'};
+ }
+ 
+ use strict;
+diff --git a/t/test.pl b/t/test.pl
+index 79e6e25e95..1782dcf73c 100644
+--- a/t/test.pl
++++ b/t/test.pl
+@@ -212,6 +212,9 @@ sub find_git_or_skip {
+     } else {
+ 	$reason = 'not being run from a git checkout';
+     }
++    if ($ENV{'PERL_BUILD_PACKAGING'}) {
++	$reason = 'PERL_BUILD_PACKAGING is set';
++    }
+     skip_all($reason) if $_[0] && $_[0] eq 'all';
+     skip($reason, @_);
+ }
+-- 
+2.17.1
+

meta/recipes-devtools/perl/perl/CVE-2017-12837.patch

@@ -0,0 +1,32 @@
+From 73d7247ecab863ef26b5687a37ccc75d6144ad0f Mon Sep 17 00:00:00 2001
+From: Karl Williamson <khw@cpan.org>
+Date: Tue, 17 Oct 2017 13:49:14 +0800
+Subject: [PATCH] fix CVE-2017-12837
+
+Signed-off-by: Karl Williamson <khw@cpan.org>
+Signed-off-by: Steve Hay <steve.m.hay@googlemail.com>
+
+CVE: CVE-2017-12837
+Upstream-Status: Backport
+https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5
+
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ regcomp.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/regcomp.c b/regcomp.c
+index 5498d14..31ec383 100644
+--- a/regcomp.c
++++ b/regcomp.c
+@@ -13021,6 +13021,7 @@ S_regatom(pTHX_ RExC_state_t *pRExC_state, I32 *flagp, U32 depth)
+                             goto loopdone;
+                         }
+                         p = RExC_parse;
++                        RExC_parse = parse_start;
+                         if (ender > 0xff) {
+                             REQUIRE_UTF8(flagp);
+                         }
+-- 
+1.8.3.1
+