build-appliance-image: Update to pyro head revision

(From OE-Core rev: beab5b357cd46094b1c376c47d04e8d0de73e1e3)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

bitbake/lib/bb/fetch2/__init__.py

@@ -1619,6 +1619,15 @@ class Fetch(object):
                     logger.debug(1, "Trying PREMIRRORS")
                     mirrors = mirror_from_string(self.d.getVar('PREMIRRORS'))
                     localpath = try_mirrors(self, self.d, ud, mirrors, False)
+                    if localpath:
+                        try:
+                            # early checksum verification so that if the checksum of the premirror
+                            # contents mismatch the fetcher can still try upstream and mirrors
+                            update_stamp(ud, self.d)
+                        except ChecksumError as e:
+                            logger.warning("Checksum failure encountered with premirror download of %s - will attempt other sources." % u)
+                            logger.debug(1, str(e))
+                            localpath = ""
 
                 if premirroronly:
                     self.d.setVar("BB_NO_NETWORK", "1")

bitbake/lib/bb/siggen.py

@@ -667,7 +667,8 @@ def calc_taskhash(sigdata):
         data = data + sigdata['runtaskhashes'][dep]
 
     for c in sigdata['file_checksum_values']:
-        data = data + c[1]
+        if c[1]:
+            data = data + c[1]
 
     if 'taint' in sigdata:
         if 'nostamp:' in sigdata['taint']:

documentation/bsp-guide/bsp-guide.xml

@@ -118,6 +118,11 @@
                 <date>May 2017</date>
                 <revremark>Released with the Yocto Project 2.3 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.3.1</revnumber>
+                <date>June 2017</date>
+                <revremark>Released with the Yocto Project 2.3.1 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/dev-manual/dev-manual-intro.xml

@@ -158,6 +158,7 @@
                     Toaster, which is a web interface to the Yocto Project's
                     <link linkend='build-system-term'>OpenEmbedded Build System</link>.
                     </para></listitem>
+<!--
                 <listitem><para><emphasis>
                     <ulink url='http://www.youtube.com/watch?v=3ZlOu-gLsh0'>
                     Eclipse IDE Yocto Plug-in</ulink>:</emphasis>
@@ -165,6 +166,13 @@
                     demonstrates how an application developer uses Yocto Plug-in features within
                     the Eclipse IDE.
                     </para></listitem>
+-->
+                <listitem><para><emphasis>
+                    <ulink url='&YOCTO_DOCS_SDK_URL;#sdk-appendix-latest-yp-eclipse-plug-in'>Eclipse IDE Yocto Plug-in</ulink>:</emphasis>
+                    Instructions that demonstrate how an application developer
+                    uses the Eclipse Yocto Project Plug-in feature within
+                    the Eclipse IDE.
+                    </para></listitem>
                 <listitem><para><emphasis>
                     <ulink url='&YOCTO_WIKI_URL;/wiki/FAQ'>FAQ</ulink>:</emphasis>
                     A list of commonly asked questions and their answers.

documentation/dev-manual/dev-manual-newbie.xml

@@ -1646,15 +1646,16 @@
                     For example, the Yocto Project uses a specific convention
                     for bug references - any commit that addresses a specific
                     bug should use the following form for the detailed
-                    description:
+                    description.
+                    Be sure to use the actual bug-tracking ID from
+                    Bugzilla for
+                    <replaceable>bug-id</replaceable>:
                     <literallayout class='monospaced'>
      Fixes [YOCTO #<replaceable>bug-id</replaceable>]
 
      <replaceable>detailed description of change</replaceable>
                     </literallayout>
                     </para></listitem>
-                Where <replaceable>bug-id</replaceable> is replaced with the
-                specific bug ID from the Yocto Project Bugzilla instance.
             </itemizedlist>
         </para>
 

documentation/dev-manual/dev-manual-start.xml

@@ -278,7 +278,7 @@
                 applications using the Eclipse Integrated Development Environment (IDE),
                 you will need this plug-in.
                 See the
-                "<ulink url='&YOCTO_DOCS_SDK_URL;#setting-up-the-eclipse-ide'>Setting up the Eclipse IDE</ulink>"
+                "<ulink url='&YOCTO_DOCS_SDK_URL;#sdk-appendix-latest-yp-eclipse-plug-in'>Using Eclipse</ulink>"
                 section in the Yocto Project Software Development Kit (SDK)
                 Developer's Guide for more information.</para></listitem>
         </itemizedlist>

documentation/dev-manual/dev-manual.xml

@@ -96,6 +96,11 @@
                 <date>May 2017</date>
                 <revremark>Released with the Yocto Project 2.3 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.3.1</revnumber>
+                <date>June 2017</date>
+                <revremark>Released with the Yocto Project 2.3.1 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/kernel-dev/kernel-dev.xml

@@ -81,6 +81,11 @@
                 <date>May 2017</date>
                 <revremark>Released with the Yocto Project 2.3 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.3.1</revnumber>
+                <date>June 2017</date>
+                <revremark>Released with the Yocto Project 2.3.1 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/mega-manual/mega-manual.xml

@@ -65,6 +65,11 @@
                 <date>May 2017</date>
                 <revremark>Released with the Yocto Project 2.3 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.3.1</revnumber>
+                <date>June 2017</date>
+                <revremark>Released with the Yocto Project 2.3.1 Release.</revremark>
+            </revision>
        </revhistory>
 
     <copyright>

documentation/poky.ent

@@ -1,10 +1,10 @@
-<!ENTITY DISTRO "2.3">
-<!ENTITY DISTRO_COMPRESSED "23">
+<!ENTITY DISTRO "2.3.1">
+<!ENTITY DISTRO_COMPRESSED "231">
 <!ENTITY DISTRO_NAME_NO_CAP "pyro">
 <!ENTITY DISTRO_NAME "Pyro">
-<!ENTITY YOCTO_DOC_VERSION "2.3">
-<!ENTITY POKYVERSION "18.0.0">
-<!ENTITY POKYVERSION_COMPRESSED "1800">
+<!ENTITY YOCTO_DOC_VERSION "2.3.1">
+<!ENTITY POKYVERSION "18.0.1">
+<!ENTITY POKYVERSION_COMPRESSED "1801">
 <!ENTITY YOCTO_POKY "poky-&DISTRO_NAME_NO_CAP;-&POKYVERSION;">
 <!ENTITY COPYRIGHT_YEAR "2010-2017">
 <!ENTITY YOCTO_DL_URL "http://downloads.yoctoproject.org">

documentation/profile-manual/profile-manual.xml

@@ -81,6 +81,11 @@
                 <date>May 2017</date>
                 <revremark>Released with the Yocto Project 2.3 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.3.1</revnumber>
+                <date>June 2017</date>
+                <revremark>Released with the Yocto Project 2.3.1 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/ref-manual/migration.xml

@@ -3988,7 +3988,7 @@ $ runqemu qemux86-64 tmp/deploy/images/qemux86-64/core-image-minimal-qemux86-64.
                     populated into the sysroot for the recipe.
                     </para></listitem>
                 <listitem><para>
-                    <emphasis>Specify Pre-Installation and Post-Installtion
+                    <emphasis>Specify Pre-Installation and Post-Installation
                     Native Tool Dependencies:</emphasis>
                     You must specifically specify any special native tool
                     dependencies of <filename>pkg_preinst</filename> and

documentation/ref-manual/ref-classes.xml

@@ -1301,19 +1301,27 @@
     <title><filename>image-live.bbclass</filename></title>
 
     <para>
-        The <filename>image-live</filename> class supports building "live"
-        images.
+        This class controls building "live" (i.e. HDDIMG and ISO) images.
+        Live images contain syslinux for legacy booting, as well as the
+        bootloader specified by
+        <link linkend='var-EFI_PROVIDER'><filename>EFI_PROVIDER</filename></link>
+        if
+        <link linkend='var-MACHINE_FEATURES'><filename>MACHINE_FEATURES</filename></link>
+        contains "efi".
     </para>
 
     <para>
         Normally, you do not use this class directly.
         Instead, you add "live" to
         <link linkend='var-IMAGE_FSTYPES'><filename>IMAGE_FSTYPES</filename></link>.
+        You can selectively build just one of these types through the
+        <link linkend='var-NOISO'><filename>NOISO</filename></link>
+        and
+        <link linkend='var-NOHDD'><filename>NOHDD</filename></link> variables.
         For example, if you were building an ISO image, you would add "live"
         to <filename>IMAGE_FSTYPES</filename>, set the
-        <link linkend='var-NOISO'><filename>NOISO</filename></link> variable to
-        "0" and the build system would use the <filename>image-live</filename>
-        class to build the ISO image.
+        <filename>NOISO</filename> variable to "0" and the build system would
+        use the <filename>image-live</filename> class to build the ISO image.
     </para>
 </section>
 
@@ -2220,6 +2228,14 @@ This check was removed for YP 2.3 release
                 functionality specific to the respective native or target
                 case.</para></listitem>
         </itemizedlist>
+        <note><title>Warning</title>
+            When creating a recipe, you must follow this naming convention:
+            <literallayout class='monospaced'>
+     native-<replaceable>myrecipe</replaceable>.bb
+            </literallayout>
+            Not doing so can lead to subtle problems because code exists
+            that depends on the naming convention.
+        </note>
     </para>
 
     <para>

documentation/ref-manual/ref-manual.xml

@@ -112,6 +112,11 @@
                 <date>May 2017</date>
                 <revremark>Released with the Yocto Project 2.3 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.3.1</revnumber>
+                <date>June 2017</date>
+                <revremark>Released with the Yocto Project 2.3.1 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/ref-manual/ref-variables.xml

@@ -3880,7 +3880,9 @@
                 <para>
                     See the
                     <link linkend='ref-classes-systemd-boot'><filename>systemd-boot</filename></link>
-                    class for more information.
+                    and
+                    <link linkend='ref-classes-image-live'><filename>image-live</filename></link>
+                    classes for more information.
                 </para>
             </glossdef>
         </glossentry>
@@ -5129,9 +5131,9 @@
                     is normally the same as the
                     <link linkend='var-TARGET_OS'><filename>TARGET_OS</filename></link>.
                     The variable can be set to "linux" for <filename>glibc</filename>-based systems and
-                    to "linux-uclibc" for <filename>uclibc</filename>.
+                    to "linux-musl" for <filename>musl</filename>.
                     For ARM/EABI targets, there are also "linux-gnueabi" and
-                    "linux-uclibc-gnueabi" values possible.
+                    "linux-musleabi" values possible.
                 </para>
             </glossdef>
         </glossentry>
@@ -6314,14 +6316,24 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
 
         <glossentry id='var-INHERIT'><glossterm>INHERIT</glossterm>
             <info>
-                INHERIT[doc] = "Causes the named class to be inherited at this point during parsing. The variable is only valid in configuration files."
+                INHERIT[doc] = "Causes the named class or classes to be inherited globally."
             </info>
             <glossdef>
                 <para role="glossdeffirst">
 <!--                <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
-                    Causes the named class to be inherited at
-                    this point during parsing.
-                    The variable is only valid in configuration files.
+                    Causes the named class or classes to be inherited globally.
+                    Anonymous functions in the class or classes
+                    are not executed for the
+                    base configuration and in each individual recipe.
+                    The OpenEmbedded build system ignores changes to
+                    <filename>INHERIT</filename> in individual recipes.
+                </para>
+
+                <para>
+                    For more information on <filename>INHERIT</filename>, see
+                    the
+                    "<ulink url="&YOCTO_DOCS_BB_URL;#inherit-configuration-directive"><filename>INHERIT</filename> Configuration Directive</ulink>"
+                    section in the Yocto Project Bitbake User Manual.
                 </para>
             </glossdef>
         </glossentry>
@@ -7429,21 +7441,30 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
 
         <glossentry id='var-LAYERDEPENDS'><glossterm>LAYERDEPENDS</glossterm>
             <info>
-                LAYERDEPENDS[doc] = "Lists the layers, separated by spaces, upon which this recipe depends. This variable is used in the conf/layer.conf file and must be suffixed with the name of the specific layer."
+                LAYERDEPENDS[doc] = "Lists the layers, separated by spaces, on which this recipe depends. This variable is used in the conf/layer.conf file and must be suffixed with the name of the specific layer."
             </info>
             <glossdef>
                 <para role="glossdeffirst">
 <!--                <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
-                    Lists the layers that this recipe depends upon, separated by spaces.
-                    Optionally, you can specify a specific layer version for a dependency
-                    by adding it to the end of the layer name with a colon, (e.g. "anotherlayer:3"
-                    to be compared against
-                    <link linkend='var-LAYERVERSION'><filename>LAYERVERSION</filename></link><filename>_anotherlayer</filename>
-                    in this case).
-                    An error will be produced if any dependency is missing or
-                    the version numbers do not match exactly (if specified).
-                    This variable is used in the <filename>conf/layer.conf</filename> file
-                    and must be suffixed with the name of the specific layer (e.g.
+                    Lists the layers, separated by spaces, on which this
+                    recipe depends.
+                    Optionally, you can specify a specific layer version for a
+                    dependency by adding it to the end of the layer name.
+                    Here is an example:
+                    <literallayout class='monospaced'>
+     LAYERDEPENDS_mylayer = "anotherlayer (=3)"
+                    </literallayout>
+                    In this previous example, version 3 of "anotherlayer"
+                    is compared against
+                    <link linkend='var-LAYERVERSION'><filename>LAYERVERSION</filename></link><filename>_anotherlayer</filename>.
+                </para>
+
+                <para>
+                    An error is produced if any dependency is missing or
+                    the version numbers (if specified) do not match exactly.
+                    This variable is used in the
+                    <filename>conf/layer.conf</filename> file and must be
+                    suffixed with the name of the specific layer (e.g.
                     <filename>LAYERDEPENDS_mylayer</filename>).
                 </para>
             </glossdef>
@@ -7464,6 +7485,39 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
             </glossdef>
         </glossentry>
 
+        <glossentry id='var-LAYERRECOMMENDS'><glossterm>LAYERRECOMMENDS</glossterm>
+            <info>
+                LAYERRECOMMENDS[doc] = "Lists the layers, separated by spaces, recommended for use with this layer."
+            </info>
+            <glossdef>
+                <para role="glossdeffirst">
+<!--                <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
+                    Lists the layers, separated by spaces, recommended for
+                    use with this layer.
+                </para>
+
+                <para>
+                    Optionally, you can specify a specific layer version for a
+                    recommendation by adding the version to the end of the
+                    layer name.
+                    Here is an example:
+                    <literallayout class='monospaced'>
+     LAYERRECOMMENDS_mylayer = "anotherlayer (=3)"
+                    </literallayout>
+                    In this previous example, version 3 of "anotherlayer" is
+                    compared against
+                    <filename>LAYERVERSION_anotherlayer</filename>.
+                </para>
+
+                <para>
+                    This variable is used in the
+                    <filename>conf/layer.conf</filename> file and must be
+                    suffixed with the name of the specific layer (e.g.
+                    <filename>LAYERRECOMMENDS_mylayer</filename>).
+                </para>
+            </glossdef>
+        </glossentry>
+
         <glossentry id='var-LAYERVERSION'><glossterm>LAYERVERSION</glossterm>
             <info>
                 LAYERVERSION[doc] = "Optionally specifies the version of a layer as a single number. This variable is used in the conf/layer.conf file and must be suffixed with the name of the specific layer."
@@ -9609,29 +9663,22 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
                     from the
                     <link linkend='var-PACKAGECONFIG'><filename>PACKAGECONFIG</filename></link>
                     setting.
-                    This list of options helps other classes and
-                    recipes take advantage of the
-                    <filename>PACKAGECONFIG</filename> mechanism without
-                    having to include options from
-                    <link linkend='var-EXTRA_OECONF'><filename>EXTRA_OECONF</filename></link>.
                 </para>
 
                 <para>
-                    To illustrate how to use
-                    <filename>PACKAGECONFIG_CONFARGS</filename>, consider the
-                    following example:
-                    <literallayout class='monospaced'>
-     PACKAGECONFIG_CONFARGS = " \
-          -prefix ${prefix} \
-          -sysroot ${STAGING_DIR_NATIVE} \
-          -no-gcc-sysroot
-          "
-                    </literallayout>
-                    In the previous example,
-                    <filename>PACKAGECONFIG_CONFARGS</filename> is set with
-                    three configuration options that can be passed using the
-                    <filename>PACKAGECONFIG</filename> mechanism, thus
-                    avoiding having to use <filename>EXTRA_OECONF</filename>.
+                    Classes such as
+                    <link linkend='ref-classes-autotools'><filename>autotools</filename></link>
+                    and
+                    <link linkend='ref-classes-cmake'><filename>cmake</filename></link>
+                    use <filename>PACKAGECONFIG_CONFARGS</filename> to pass
+                    <link linkend='var-PACKAGECONFIG'><filename>PACKAGECONFIG</filename></link>
+                    options to <filename>configure</filename> and
+                    <filename>cmake</filename>, respectively.
+                    If you are using
+                    <filename>PACKAGECONFIG</filename> but not a class that
+                    handles the <filename>do_configure</filename> task, then
+                    you need to use
+                    <filename>PACKAGECONFIG_CONFARGS</filename> appropriately.
                 </para>
 
                 <para>
@@ -14106,9 +14153,9 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
 <!--                <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
                     Specifies the target's operating system.
                     The variable can be set to "linux" for <filename>glibc</filename>-based systems and
-                    to "linux-uclibc" for <filename>uclibc</filename>.
+                    to "linux-musl" for <filename>musl</filename>.
                     For ARM/EABI targets, there are also "linux-gnueabi" and
-                    "linux-uclibc-gnueabi" values possible.
+                    "linux-musleabi" values possible.
                 </para>
             </glossdef>
         </glossentry>
@@ -14237,7 +14284,7 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
 
         <glossentry id='var-TCLIBC'><glossterm>TCLIBC</glossterm>
             <info>
-                TCLIBC[doc] = "Specifies GNU standard C library (libc) variant to use during the build process. You can select 'glibc' or 'uclibc'."
+                TCLIBC[doc] = "Specifies GNU standard C library (libc) variant to use during the build process. You can select 'glibc' or 'musl'."
             </info>
             <glossdef>
                 <para role="glossdeffirst">
@@ -14249,7 +14296,7 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
                 </para>
 
                 <para>
-                    You can select "glibc" or "uclibc".
+                    You can select "glibc" or "musl".
                 </para>
             </glossdef>
         </glossentry>
@@ -14288,7 +14335,7 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
                     <link linkend='var-TCLIBC'><filename>TCLIBC</filename></link>,
                     which controls the variant of the GNU standard C library
                     (<filename>libc</filename>) used during the build process:
-                    <filename>glibc</filename> or <filename>uclibc</filename>.
+                    <filename>glibc</filename> or <filename>musl</filename>.
                 </para>
 
                 <para>

documentation/sdk-manual/sdk-appendix-mars.xml

@@ -2,7 +2,7 @@
 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
 [<!ENTITY % poky SYSTEM "../poky.ent"> %poky; ] >
 
-<appendix id='sdk-appendix-mars'>
+<appendix id='sdk-appendix-latest-yp-eclipse-plug-in'>
     <title>Using Eclipse Mars</title>
 
     <para>

documentation/sdk-manual/sdk-appendix-obtain.xml

@@ -96,16 +96,16 @@
                 <listitem><para>
                     By default, this toolchain does not build static binaries.
                     If you want to use the toolchain to build these types of
-                    libraries, you need to be sure your image has the
+                    libraries, you need to be sure your SDK has the
                     appropriate static development libraries.
                     Use the
-                    <ulink url='&YOCTO_DOCS_REF_URL;#var-IMAGE_INSTALL'><filename>IMAGE_INSTALL</filename></ulink>
+                    <ulink url='&YOCTO_DOCS_REF_URL;#var-TOOLCHAIN_TARGET_TASK'><filename>TOOLCHAIN_TARGET_TASK</filename></ulink>
                     variable inside your <filename>local.conf</filename> file
-                    to install the appropriate library packages.
-                    Following is an example using <filename>glibc</filename>
+                    to install the appropriate library packages in the SDK.
+                    Following is an example using <filename>libc</filename>
                     static development libraries:
                     <literallayout class='monospaced'>
-     IMAGE_INSTALL_append = " glibc-staticdev"
+     TOOLCHAIN_TARGET_TASK_append = " libc-staticdev"
                     </literallayout>
                     </para></listitem>
                 <listitem><para>

documentation/sdk-manual/sdk-manual.xml

@@ -46,6 +46,11 @@
                 <date>May 2017</date>
                 <revremark>Released with the Yocto Project 2.3 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.3.1</revnumber>
+                <date>June 2017</date>
+                <revremark>Released with the Yocto Project 2.3.1 Release.</revremark>
+            </revision>
        </revhistory>
 
     <copyright>

documentation/sdk-manual/sdk-working-projects.xml

@@ -459,7 +459,7 @@
                     release with the Yocto Project.
                     For information on how to use the Mars version of Eclipse
                     with the Yocto Project, see
-                    "<link linkend='sdk-appendix-mars'>Appendix C</link>.
+                    "<link linkend='sdk-appendix-latest-yp-eclipse-plug-in'>Appendix C</link>.
                 </note>
             </para>
 

documentation/toaster-manual/toaster-manual.xml

@@ -56,6 +56,11 @@
                 <date>May 2017</date>
                 <revremark>Released with the Yocto Project 2.3 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.3.1</revnumber>
+                <date>June 2017</date>
+                <revremark>Released with the Yocto Project 2.3.1 Release.</revremark>
+            </revision>
        </revhistory>
 
     <copyright>

documentation/tools/mega-manual.sed

@@ -2,32 +2,32 @@
 # This style is for manual folders like "yocto-project-qs" and "poky-ref-manual".
 # This is the old way that did it.  Can't do that now that we have "bitbake-user-manual" strings
 # in the mega-manual.
-# s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.3\/[a-z]*-[a-z]*-[a-z]*\/[a-z]*-[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.3\/yocto-project-qs\/yocto-project-qs.html#/\"link\" href=\"#/g
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.3\/poky-ref-manual\/poky-ref-manual.html#/\"link\" href=\"#/g
+# s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.3.1\/[a-z]*-[a-z]*-[a-z]*\/[a-z]*-[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.3.1\/yocto-project-qs\/yocto-project-qs.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.3.1\/poky-ref-manual\/poky-ref-manual.html#/\"link\" href=\"#/g
 
 # Processes all other manuals (<word>-<word> style) except for the BitBake User Manual because
 # it is not included in the mega-manual.
 # This style is for manual folders that use two word, which is the standard now (e.g. "ref-manual").
 # This was the one-liner that worked before we introduced the BitBake User Manual, which is
 # not in the mega-manual.
-# s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.3\/[a-z]*-[a-z]*\/[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
+# s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.3.1\/[a-z]*-[a-z]*\/[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
 
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.3\/sdk-manual\/sdk-manual.html#/\"link\" href=\"#/g
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.3\/bsp-guide\/bsp-guide.html#/\"link\" href=\"#/g
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.3\/dev-manual\/dev-manual.html#/\"link\" href=\"#/g
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.3\/kernel-dev\/kernel-dev.html#/\"link\" href=\"#/g
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.3\/profile-manual\/profile-manual.html#/\"link\" href=\"#/g
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.3\/ref-manual\/ref-manual.html#/\"link\" href=\"#/g
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.3\/toaster-manual\/toaster-manual.html#/\"link\" href=\"#/g
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.3\/yocto-project-qs\/yocto-project-qs.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.3.1\/sdk-manual\/sdk-manual.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.3.1\/bsp-guide\/bsp-guide.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.3.1\/dev-manual\/dev-manual.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.3.1\/kernel-dev\/kernel-dev.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.3.1\/profile-manual\/profile-manual.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.3.1\/ref-manual\/ref-manual.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.3.1\/toaster-manual\/toaster-manual.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.3.1\/yocto-project-qs\/yocto-project-qs.html#/\"link\" href=\"#/g
 
 # Process cases where just an external manual is referenced without an id anchor
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.3\/yocto-project-qs\/yocto-project-qs.html\" target=\"_top\">Yocto Project Quick Start<\/a>/Yocto Project Quick Start/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.3\/dev-manual\/dev-manual.html\" target=\"_top\">Yocto Project Development Manual<\/a>/Yocto Project Development Manual/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.3\/sdk-manual\/sdk-manual.html\" target=\"_top\">Yocto Project Software Development Kit (SDK) Developer's Guide<\/a>/Yocto Project Software Development Kit (SDK) Developer's Guide/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.3\/bsp-guide\/bsp-guide.html\" target=\"_top\">Yocto Project Board Support Package (BSP) Developer's Guide<\/a>/Yocto Project Board Support Package (BSP) Developer's Guide/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.3\/profile-manual\/profile-manual.html\" target=\"_top\">Yocto Project Profiling and Tracing Manual<\/a>/Yocto Project Profiling and Tracing Manual/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.3\/kernel-dev\/kernel-dev.html\" target=\"_top\">Yocto Project Linux Kernel Development Manual<\/a>/Yocto Project Linux Kernel Development Manual/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.3\/ref-manual\/ref-manual.html\" target=\"_top\">Yocto Project Reference Manual<\/a>/Yocto Project Reference Manual/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.3\/toaster-manual\/toaster-manual.html\" target=\"_top\">Toaster User Manual<\/a>/Toaster User Manual/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.3.1\/yocto-project-qs\/yocto-project-qs.html\" target=\"_top\">Yocto Project Quick Start<\/a>/Yocto Project Quick Start/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.3.1\/dev-manual\/dev-manual.html\" target=\"_top\">Yocto Project Development Manual<\/a>/Yocto Project Development Manual/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.3.1\/sdk-manual\/sdk-manual.html\" target=\"_top\">Yocto Project Software Development Kit (SDK) Developer's Guide<\/a>/Yocto Project Software Development Kit (SDK) Developer's Guide/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.3.1\/bsp-guide\/bsp-guide.html\" target=\"_top\">Yocto Project Board Support Package (BSP) Developer's Guide<\/a>/Yocto Project Board Support Package (BSP) Developer's Guide/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.3.1\/profile-manual\/profile-manual.html\" target=\"_top\">Yocto Project Profiling and Tracing Manual<\/a>/Yocto Project Profiling and Tracing Manual/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.3.1\/kernel-dev\/kernel-dev.html\" target=\"_top\">Yocto Project Linux Kernel Development Manual<\/a>/Yocto Project Linux Kernel Development Manual/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.3.1\/ref-manual\/ref-manual.html\" target=\"_top\">Yocto Project Reference Manual<\/a>/Yocto Project Reference Manual/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.3.1\/toaster-manual\/toaster-manual.html\" target=\"_top\">Toaster User Manual<\/a>/Toaster User Manual/g

documentation/yocto-project-qs/yocto-project-qs.xml

@@ -64,7 +64,8 @@
             tool, to construct complete Linux images.
             The BitBake and OE components are combined together to form
             a reference build host, historically known as
-            <ulink url='&YOCTO_DOCS_DEV_URL;#poky'>Poky</ulink>.
+            <ulink url='&YOCTO_DOCS_DEV_URL;#poky'>Poky</ulink>
+            (<emphasis>Pah</emphasis>-key).
         </para>
 
         <para>
@@ -145,11 +146,8 @@
         <mediaobject>
             <imageobject>
                 <imagedata fileref="figures/yocto-environment.png"
-                    format="PNG" align='center' scalefit='1' width="100%"/>
+                    format="PNG" align='center' width="8in"/>
             </imageobject>
-            <caption>
-                <para>The Yocto Project Development Environment</para>
-            </caption>
          </mediaobject>
 
         <para>
@@ -670,8 +668,8 @@
                         </para></listitem>
                     <listitem><para><emphasis>Exit QEMU:</emphasis>
                         Exit QEMU by either clicking on the shutdown icon or by
-                        opening a terminal, typing
-                        <filename>poweroff</filename>, and then pressing "Enter".
+                        typing <filename>Ctrl-C</filename> in the QEMU
+                        transcript window from which you evoked QEMU.
                         </para></listitem>
                 </orderedlist>
             </para>

meta-poky/conf/distro/poky.conf

@@ -1,6 +1,6 @@
 DISTRO = "poky"
 DISTRO_NAME = "Poky (Yocto Project Reference Distro)"
-DISTRO_VERSION = "2.3"
+DISTRO_VERSION = "2.3.1"
 DISTRO_CODENAME = "pyro"
 SDK_VENDOR = "-pokysdk"
 SDK_VERSION := "${@'${DISTRO_VERSION}'.replace('snapshot-${DATE}','snapshot')}"

meta/classes/cve-check.bbclass

@@ -234,7 +234,7 @@ def cve_write_data(d, patched, unpatched, cve_data):
     cve_file = d.getVar("CVE_CHECK_LOCAL_FILE")
     nvd_link = "https://web.nvd.nist.gov/view/vuln/detail?vulnId="
     write_string = ""
-    first_alert = True
+    unpatched_cves = []
     bb.utils.mkdirhier(d.getVar("CVE_CHECK_LOCAL_DIR"))
 
     for cve in sorted(cve_data):
@@ -244,15 +244,16 @@ def cve_write_data(d, patched, unpatched, cve_data):
         if cve in patched:
             write_string += "CVE STATUS: Patched\n"
         else:
+            unpatched_cves.append(cve)
             write_string += "CVE STATUS: Unpatched\n"
-            if first_alert:
-                bb.warn("Found unpatched CVE, for more information check %s" % cve_file)
-                first_alert = False
         write_string += "CVE SUMMARY: %s\n" % cve_data[cve]["summary"]
         write_string += "CVSS v2 BASE SCORE: %s\n" % cve_data[cve]["score"]
         write_string += "VECTOR: %s\n" % cve_data[cve]["vector"]
         write_string += "MORE INFORMATION: %s%s\n\n" % (nvd_link, cve)
 
+    if unpatched_cves:
+        bb.warn("Found unpatched CVE (%s), for more information check %s" % (" ".join(unpatched_cves),cve_file))
+
     with open(cve_file, "w") as f:
         bb.note("Writing file %s with CVE information" % cve_file)
         f.write(write_string)

meta/classes/image-vm.bbclass

@@ -93,7 +93,7 @@ build_boot_dd() {
 
 	parted $IMAGE print
 
-	awk "BEGIN { printf \"$(echo ${DISK_SIGNATURE} | fold -w 2 | tac | paste -sd '' | sed 's/\(..\)/\\x&/g')\" }" | \
+	awk "BEGIN { printf \"$(echo ${DISK_SIGNATURE} | sed 's/\(..\)\(..\)\(..\)\(..\)/\\x\4\\x\3\\x\2\\x\1/')\" }" | \
 		dd of=$IMAGE bs=1 seek=440 conv=notrunc
 
 	OFFSET=`expr $END2 / 512`

meta/classes/kernel.bbclass

@@ -130,6 +130,8 @@ PACKAGES_DYNAMIC += "^kernel-firmware-.*"
 
 export OS = "${TARGET_OS}"
 export CROSS_COMPILE = "${TARGET_PREFIX}"
+export KBUILD_BUILD_USER = "oe-user"
+export KBUILD_BUILD_HOST = "oe-host"
 
 KERNEL_PRIORITY ?= "${@int(d.getVar('PV').split('-')[0].split('+')[0].split('.')[0]) * 10000 + \
                        int(d.getVar('PV').split('-')[0].split('+')[0].split('.')[1]) * 100 + \

meta/classes/package_ipk.bbclass

@@ -48,6 +48,8 @@ python do_package_ipk () {
             if os.path.exists(p):
                 bb.utils.prunedir(p)
 
+    recipesource = os.path.basename(d.getVar('FILE'))
+
     for pkg in packages.split():
         localdata = bb.data.createCopy(d)
         root = "%s/%s" % (pkgdest, pkg)
@@ -204,10 +206,7 @@ python do_package_ipk () {
             ctrlfile.write("Replaces: %s\n" % bb.utils.join_deps(rreplaces))
         if rconflicts:
             ctrlfile.write("Conflicts: %s\n" % bb.utils.join_deps(rconflicts))
-        src_uri = localdata.getVar("SRC_URI").strip() or "None"
-        if src_uri:
-            src_uri = re.sub("\s+", " ", src_uri)
-            ctrlfile.write("Source: %s\n" % " ".join(src_uri.split()))
+        ctrlfile.write("Source: %s\n" % recipesource)
         ctrlfile.close()
 
         for script in ["preinst", "postinst", "prerm", "postrm"]:

meta/classes/sstate.bbclass

@@ -33,7 +33,7 @@ SSTATE_DUPWHITELIST += "${DEPLOY_DIR_SRC}"
 
 SSTATE_SCAN_FILES ?= "*.la *-config *_config postinst-*"
 SSTATE_SCAN_CMD ??= 'find ${SSTATE_BUILDDIR} \( -name "${@"\" -o -name \"".join(d.getVar("SSTATE_SCAN_FILES").split())}" \) -type f'
-SSTATE_SCAN_CMD_NATIVE ??= 'grep -Irl -e ${RECIPE_SYSROOT} -e ${RECIPE_SYSROOT_NATIVE} ${SSTATE_BUILDDIR}'
+SSTATE_SCAN_CMD_NATIVE ??= 'grep -Irl -e ${RECIPE_SYSROOT} -e ${RECIPE_SYSROOT_NATIVE} -e ${HOSTTOOLS_DIR} ${SSTATE_BUILDDIR}'
 
 BB_HASHFILENAME = "False ${SSTATE_PKGSPEC} ${SSTATE_SWSPEC}"
 

meta/classes/staging.bbclass

@@ -331,12 +331,26 @@ python extend_recipe_sysroot() {
 
     taskdepdata = d.getVar("BB_TASKDEPDATA", False)
     mytaskname = d.getVar("BB_RUNTASK")
+    if mytaskname.endswith("_setscene"):
+        mytaskname = mytaskname.replace("_setscene", "")
     workdir = d.getVar("WORKDIR")
     #bb.warn(str(taskdepdata))
     pn = d.getVar("PN")
 
-    if mytaskname.endswith("_setscene"):
-        mytaskname = mytaskname.replace("_setscene", "")
+    stagingdir = d.getVar("STAGING_DIR")
+    sharedmanifests = d.getVar("COMPONENTS_DIR") + "/manifests"
+    recipesysroot = d.getVar("RECIPE_SYSROOT")
+    recipesysrootnative = d.getVar("RECIPE_SYSROOT_NATIVE")
+    current_variant = d.getVar("BBEXTENDVARIANT")
+
+    # Detect bitbake -b usage
+    nodeps = d.getVar("BB_LIMITEDDEPS") or False
+    if nodeps:
+        lock = bb.utils.lockfile(recipesysroot + "/sysroot.lock")
+        staging_populate_sysroot_dir(recipesysroot, recipesysrootnative, True, d)
+        staging_populate_sysroot_dir(recipesysroot, recipesysrootnative, False, d)
+        bb.utils.unlockfile(lock)
+        return
 
     start = None
     configuredeps = []
@@ -441,20 +455,6 @@ python extend_recipe_sysroot() {
 
     bb.note("\n".join(msgbuf))
 
-    stagingdir = d.getVar("STAGING_DIR")
-    sharedmanifests = d.getVar("COMPONENTS_DIR") + "/manifests"
-    recipesysroot = d.getVar("RECIPE_SYSROOT")
-    recipesysrootnative = d.getVar("RECIPE_SYSROOT_NATIVE")
-    current_variant = d.getVar("BBEXTENDVARIANT")
-
-    # Detect bitbake -b usage
-    nodeps = d.getVar("BB_LIMITEDDEPS") or False
-    if nodeps:
-        lock = bb.utils.lockfile(recipesysroot + "/sysroot.lock")
-        staging_populate_sysroot_dir(recipesysroot, recipesysrootnative, True, d)
-        staging_populate_sysroot_dir(recipesysroot, recipesysrootnative, False, d)
-        bb.utils.unlockfile(lock)
-
     depdir = recipesysrootnative + "/installeddeps"
     bb.utils.mkdirhier(depdir)
     bb.utils.mkdirhier(sharedmanifests)

meta/classes/systemd-boot.bbclass

@@ -50,6 +50,7 @@ efi_iso_populate() {
         efi_populate $iso_dir
         mkdir -p ${EFIIMGDIR}/${EFIDIR}
         cp $iso_dir/${EFIDIR}/* ${EFIIMGDIR}${EFIDIR}
+        cp -r $iso_dir/loader ${EFIIMGDIR}
         cp $iso_dir/vmlinuz ${EFIIMGDIR}
         EFIPATH=$(echo "${EFIDIR}" | sed 's/\//\\/g')
         echo "fs0:${EFIPATH}\\${DEST_EFI_IMAGE}" > ${EFIIMGDIR}/startup.nsh

meta/lib/oe/package_manager.py

@@ -399,6 +399,7 @@ class PackageManager(object, metaclass=ABCMeta):
             pkgs = self.list_installed()
             output = oe.utils.format_pkg_list(pkgs, "arch")
             installed_pkgs.write(output)
+            installed_pkgs.flush()
 
             cmd = [bb.utils.which(os.getenv('PATH'), "oe-pkgdata-util"),
                    "-p", self.d.getVar('PKGDATA_DIR'), "glob", installed_pkgs.name,

meta/lib/oeqa/selftest/recipetool.py

@@ -449,8 +449,8 @@ class RecipetoolTests(RecipetoolBase):
         temprecipe = os.path.join(self.tempdir, 'recipe')
         os.makedirs(temprecipe)
         recipefile = os.path.join(temprecipe, 'meson_git.bb')
-        srcuri = 'https://github.com/mesonbuild/meson'
-        result = runCmd('recipetool create -o %s %s' % (temprecipe, srcuri))
+        srcuri = 'https://github.com/mesonbuild/meson;rev=0.32.0'
+        result = runCmd(['recipetool', 'create', '-o', temprecipe, srcuri])
         self.assertTrue(os.path.isfile(recipefile))
         checkvars = {}
         checkvars['LICENSE'] = set(['Apache-2.0'])

meta/recipes-bsp/u-boot/u-boot-mkimage_2017.01.bb

@@ -7,7 +7,7 @@ DEPENDS = "openssl"
 
 EXTRA_OEMAKE_class-target = 'CROSS_COMPILE="${TARGET_PREFIX}" CC="${CC} ${CFLAGS} ${LDFLAGS}" HOSTCC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}" STRIP=true V=1'
 EXTRA_OEMAKE_class-native = 'CC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}" HOSTCC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}" STRIP=true V=1'
-EXTRA_OEMAKE_class-nativesdk = 'CC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}" HOSTCC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}" STRIP=true V=1'
+EXTRA_OEMAKE_class-nativesdk = 'CROSS_COMPILE="${HOST_PREFIX}" CC="${CC} ${CFLAGS} ${LDFLAGS}" HOSTCC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}" STRIP=true V=1'
 
 do_compile () {
 	oe_runmake sandbox_defconfig

meta/recipes-core/images/build-appliance-image_15.0.0.bb

@@ -23,8 +23,8 @@ IMAGE_FSTYPES = "vmdk"
 
 inherit core-image module-base setuptools3
 
-SRCREV ?= "1d57ca352f798dd671fd8c15ee4286644c49c4b9"
-SRC_URI = "git://git.yoctoproject.org/poky;branch=master \
+SRCREV ?= "405517b4290d740f7d5b7e47a68ef37080ead63b"
+SRC_URI = "git://git.yoctoproject.org/poky;branch=pyro \
            file://Yocto_Build_Appliance.vmx \
            file://Yocto_Build_Appliance.vmxf \
            file://README_VirtualBox_Guest_Additions.txt \

meta/recipes-devtools/automake/automake/0001-automake-port-to-Perl-5.22-and-later.patch

@@ -0,0 +1,32 @@
+From 13f00eb4493c217269b76614759e452d8302955e Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert@cs.ucla.edu>
+Date: Thu, 31 Mar 2016 16:35:29 -0700
+Subject: [PATCH] automake: port to Perl 5.22 and later
+
+Without this change, Perl 5.22 complains "Unescaped left brace in
+regex is deprecated" and this is planned to become a hard error in
+Perl 5.26.  See:
+http://search.cpan.org/dist/perl-5.22.0/pod/perldelta.pod#A_literal_%22{%22_should_now_be_escaped_in_a_pattern
+* bin/automake.in (substitute_ac_subst_variables): Escape left brace.
+
+Upstream-Status: Backport [13f00eb4493c217269b76614759e452d8302955e]
+---
+ bin/automake.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/bin/automake.in b/bin/automake.in
+index a3a0aa318..2c8f31e14 100644
+--- a/bin/automake.in
++++ b/bin/automake.in
+@@ -3878,7 +3878,7 @@ sub substitute_ac_subst_variables_worker
+ sub substitute_ac_subst_variables
+ {
+   my ($text) = @_;
+-  $text =~ s/\${([^ \t=:+{}]+)}/substitute_ac_subst_variables_worker ($1)/ge;
++  $text =~ s/\$[{]([^ \t=:+{}]+)}/substitute_ac_subst_variables_worker ($1)/ge;
+   return $text;
+ }
+ 
+-- 
+2.11.0
+

meta/recipes-devtools/automake/automake_1.15.bb

@@ -24,6 +24,7 @@ SRC_URI += "file://python-libdir.patch \
             file://performance.patch \
             file://new_rt_path_for_test-driver.patch \
             file://automake-replace-w-option-in-shebangs-with-modern-use-warnings.patch \
+            file://0001-automake-port-to-Perl-5.22-and-later.patch \
             "
 
 SRC_URI[md5sum] = "716946a105ca228ab545fc37a70df3a3"

meta/recipes-devtools/binutils/binutils-2.28.inc

@@ -37,6 +37,12 @@ SRC_URI = "\
      file://0016-Detect-64-bit-MIPS-targets.patch \
      file://CVE-2017-6965.patch \
      file://CVE-2017-6966.patch \
+     file://0017-bfd-Improve-lookup-of-file-line-information-for-erro.patch \
+     file://0018-PR-21409-segfault-in-_bfd_dwarf2_find_nearest_line.patch \
+     file://CVE-2017-6969.patch \
+     file://CVE-2017-6969_2.patch \
+     file://CVE-2017-7209.patch \
+     file://CVE-2017-7210.patch \
 "
 S  = "${WORKDIR}/git"
 

meta/recipes-devtools/binutils/binutils/0017-bfd-Improve-lookup-of-file-line-information-for-erro.patch

@@ -0,0 +1,75 @@
+From 3239a4231ff79bf8b67b8faaf414b1667486167c Mon Sep 17 00:00:00 2001
+From: Andrew Burgess <andrew.burgess@embecosm.com>
+Date: Mon, 19 Dec 2016 15:27:59 +0000
+Subject: [PATCH] bfd: Improve lookup of file / line information for errors
+
+When looking up file and line information (used from the linker to
+report error messages) if no symbol is passed in, then use the symbol
+list to look for a matching symbol.
+
+If a matching symbol is found then use this to look up the file / line
+information.
+
+This should improve errors when looking up file / line information for
+data sections.  Hopefully we should find a matching data symbol, which
+should, in turn (we hope) match a DW_TAG_variable in the DWARF, this
+should allow us to give accurate file / line errors for data symbols.
+
+As the hope is to find a matching DW_TAG_variable in the DWARF then we
+ignore section symbols, and prefer global symbols to locals.
+
+CVE: CVE-2017-8392
+Upstream-Status: Accepted
+
+Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
+---
+ bfd/dwarf2.c                   | 32 ++++++++++++++++++++++++++++++++
+ 1 files changed, 32 insertions(+)
+
+
+diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
+index 03447a9..9bb8126 100644
+--- a/bfd/dwarf2.c
++++ b/bfd/dwarf2.c
+@@ -4155,6 +4155,38 @@ _bfd_dwarf2_find_nearest_line (bfd *abfd,
+     {
+       BFD_ASSERT (section != NULL && functionname_ptr != NULL);
+       addr = offset;
++
++      /* If we have no SYMBOL but the section we're looking at is not a
++         code section, then take a look through the list of symbols to see
++         if we have a symbol at the address we're looking for.  If we do
++         then use this to look up line information.  This will allow us to
++         give file and line results for data symbols.  We exclude code
++         symbols here, if we look up a function symbol and then look up the
++         line information we'll actually return the line number for the
++         opening '{' rather than the function definition line.  This is
++         because looking up by symbol uses the line table, in which the
++         first line for a function is usually the opening '{', while
++         looking up the function by section + offset uses the
++         DW_AT_decl_line from the function DW_TAG_subprogram for the line,
++         which will be the line of the function name.  */
++      if ((section->flags & SEC_CODE) == 0)
++	{
++	  asymbol **tmp;
++
++	  for (tmp = symbols; (*tmp) != NULL; ++tmp)
++	    if ((*tmp)->the_bfd == abfd
++		&& (*tmp)->section == section
++		&& (*tmp)->value == offset
++		&& ((*tmp)->flags & BSF_SECTION_SYM) == 0)
++	      {
++		symbol = *tmp;
++		do_line = TRUE;
++                /* For local symbols, keep going in the hope we find a
++                   global.  */
++                if ((symbol->flags & BSF_GLOBAL) != 0)
++                  break;
++	      }
++	}
+     }
+ 
+   if (section->output_section)
+-- 
+1.9.1
+

meta/recipes-devtools/binutils/binutils/0018-PR-21409-segfault-in-_bfd_dwarf2_find_nearest_line.patch

@@ -0,0 +1,33 @@
+From 97e83a100aa8250be783304bfe0429761c6e6b6b Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sun, 23 Apr 2017 13:55:49 +0930
+Subject: [PATCH] PR 21409, segfault in _bfd_dwarf2_find_nearest_line
+
+	PR 21409
+	* dwarf2.c (_bfd_dwarf2_find_nearest_line): Don't segfault when
+	no symbols.
+
+CVE: CVE-2017-8392
+Upstream-Status: Accepted
+
+Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
+---
+ bfd/dwarf2.c  | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletion(-)
+
+diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
+index 132a674..0ef3e1f 100644
+--- a/bfd/dwarf2.c
++++ b/bfd/dwarf2.c
+@@ -4205,7 +4205,7 @@ _bfd_dwarf2_find_nearest_line (bfd *abfd,
+          looking up the function by section + offset uses the
+          DW_AT_decl_line from the function DW_TAG_subprogram for the line,
+          which will be the line of the function name.  */
+-      if ((section->flags & SEC_CODE) == 0)
++      if (symbols != NULL && (section->flags & SEC_CODE) == 0)
+ 	{
+ 	  asymbol **tmp;
+ 
+-- 
+1.9.1
+

meta/recipes-devtools/binutils/binutils/CVE-2017-6969.patch

@@ -0,0 +1,57 @@
+From 1d9a2696903fc59d6a936f4ab4e4407ef329d066 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Fri, 17 Feb 2017 15:59:45 +0000
+Subject: Fix illegal memory accesses in readelf when parsing
+ a corrupt binary.
+
+	PR binutils/21156
+	* readelf.c (find_section_in_set): Test for invalid section
+	indicies.
+
+CVE: CVE-2017-6969
+Upstream-Status: Backport [master]
+
+Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
+---
+ binutils/ChangeLog |  6 ++++++
+ binutils/readelf.c | 10 ++++++++--
+ 2 files changed, 14 insertions(+), 2 deletions(-)
+
+diff --git a/binutils/ChangeLog b/binutils/ChangeLog
+index bd63c8a0d8..1d840b42f9 100644
+--- a/binutils/ChangeLog
++++ b/binutils/ChangeLog
+@@ -1,3 +1,9 @@
++2017-02-17  Nick Clifton  <nickc@redhat.com>
++
++	PR binutils/21156
++	* readelf.c (find_section_in_set): Test for invalid section
++	indicies.
++
+ 2017-02-13  Nick Clifton  <nickc@redhat.com>
+ 
+ 	PR binutils/21139
+diff --git a/binutils/readelf.c b/binutils/readelf.c
+index 7c158c6342..4960491c5c 100644
+--- a/binutils/readelf.c
++++ b/binutils/readelf.c
+@@ -675,8 +675,14 @@ find_section_in_set (const char * name, unsigned int * set)
+   if (set != NULL)
+     {
+       while ((i = *set++) > 0)
+-	if (streq (SECTION_NAME (section_headers + i), name))
+-	  return section_headers + i;
++	{
++	  /* See PR 21156 for a reproducer.  */
++	  if (i >= elf_header.e_shnum)
++	    continue; /* FIXME: Should we issue an error message ?  */
++
++	  if (streq (SECTION_NAME (section_headers + i), name))
++	    return section_headers + i;
++	}
+     }
+ 
+   return find_section (name);
+-- 
+2.11.0
+

meta/recipes-devtools/binutils/binutils/CVE-2017-6969_2.patch

@@ -0,0 +1,122 @@
+From ef81126314f67472a46db9581530fbf5ccb6b3f2 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Mon, 20 Feb 2017 14:40:39 +0000
+Subject: Fix another memory access error in readelf when
+ parsing a corrupt binary.
+
+	PR binutils/21156
+	* dwarf.c (cu_tu_indexes_read): Move into...
+	(load_cu_tu_indexes): ... here.  Change the variable into
+	tri-state.  Change the function into boolean, returning
+	false if the indicies could not be loaded.
+	(find_cu_tu_set): Return NULL if the indicies could not be
+	loaded.
+
+CVE: CVE-2017-6969
+Upstream-Status: Backport [master]
+
+Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
+---
+ binutils/ChangeLog | 10 ++++++++++
+ binutils/dwarf.c   | 34 ++++++++++++++++++++--------------
+ 2 files changed, 30 insertions(+), 14 deletions(-)
+
+diff --git a/binutils/ChangeLog b/binutils/ChangeLog
+index 1d840b42f9..53352c1801 100644
+--- a/binutils/ChangeLog
++++ b/binutils/ChangeLog
+@@ -1,3 +1,13 @@
++2017-02-20  Nick Clifton  <nickc@redhat.com>
++
++	PR binutils/21156
++	* dwarf.c (cu_tu_indexes_read): Move into...
++	(load_cu_tu_indexes): ... here.  Change the variable into
++	tri-state.  Change the function into boolean, returning
++	false if the indicies could not be loaded.
++	(find_cu_tu_set): Return NULL if the indicies could not be
++	loaded.
++
+ 2017-02-17  Nick Clifton  <nickc@redhat.com>
+ 
+ 	PR binutils/21156
+diff --git a/binutils/dwarf.c b/binutils/dwarf.c
+index 0184a7ab2e..6d879c9b61 100644
+--- a/binutils/dwarf.c
++++ b/binutils/dwarf.c
+@@ -76,7 +76,6 @@ int dwarf_check = 0;
+    as a zero-terminated list of section indexes comprising one set of debug
+    sections from a .dwo file.  */
+ 
+-static int cu_tu_indexes_read = 0;
+ static unsigned int *shndx_pool = NULL;
+ static unsigned int shndx_pool_size = 0;
+ static unsigned int shndx_pool_used = 0;
+@@ -99,7 +98,7 @@ static int tu_count = 0;
+ static struct cu_tu_set *cu_sets = NULL;
+ static struct cu_tu_set *tu_sets = NULL;
+ 
+-static void load_cu_tu_indexes (void *file);
++static bfd_boolean load_cu_tu_indexes (void *);
+ 
+ /* Values for do_debug_lines.  */
+ #define FLAG_DEBUG_LINES_RAW	 1
+@@ -2715,7 +2714,7 @@ load_debug_info (void * file)
+     return num_debug_info_entries;
+ 
+   /* If this is a DWARF package file, load the CU and TU indexes.  */
+-  load_cu_tu_indexes (file);
++  (void) load_cu_tu_indexes (file);
+ 
+   if (load_debug_section (info, file)
+       && process_debug_info (&debug_displays [info].section, file, abbrev, 1, 0))
+@@ -7378,21 +7377,27 @@ process_cu_tu_index (struct dwarf_section *section, int do_display)
+    section sets that we can use to associate a .debug_info.dwo section
+    with its associated .debug_abbrev.dwo section in a .dwp file.  */
+ 
+-static void
++static bfd_boolean
+ load_cu_tu_indexes (void *file)
+ {
++  static int cu_tu_indexes_read = -1; /* Tri-state variable.  */
++
+   /* If we have already loaded (or tried to load) the CU and TU indexes
+      then do not bother to repeat the task.  */
+-  if (cu_tu_indexes_read)
+-    return;
+-
+-  if (load_debug_section (dwp_cu_index, file))
+-    process_cu_tu_index (&debug_displays [dwp_cu_index].section, 0);
+-
+-  if (load_debug_section (dwp_tu_index, file))
+-    process_cu_tu_index (&debug_displays [dwp_tu_index].section, 0);
++  if (cu_tu_indexes_read == -1)
++    {
++      cu_tu_indexes_read = TRUE;
++  
++      if (load_debug_section (dwp_cu_index, file))
++	if (! process_cu_tu_index (&debug_displays [dwp_cu_index].section, 0))
++	  cu_tu_indexes_read = FALSE;
++
++      if (load_debug_section (dwp_tu_index, file))
++	if (! process_cu_tu_index (&debug_displays [dwp_tu_index].section, 0))
++	  cu_tu_indexes_read = FALSE;
++    }
+ 
+-  cu_tu_indexes_read = 1;
++  return (bfd_boolean) cu_tu_indexes_read;
+ }
+ 
+ /* Find the set of sections that includes section SHNDX.  */
+@@ -7402,7 +7407,8 @@ find_cu_tu_set (void *file, unsigned int shndx)
+ {
+   unsigned int i;
+ 
+-  load_cu_tu_indexes (file);
++  if (! load_cu_tu_indexes (file))
++    return NULL;
+ 
+   /* Find SHNDX in the shndx pool.  */
+   for (i = 0; i < shndx_pool_used; i++)
+-- 
+2.11.0
+

meta/recipes-devtools/binutils/binutils/CVE-2017-7209.patch

@@ -0,0 +1,62 @@
+From b2706ceadac7239e7b02d43f05100fc6538b0d65 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Mon, 13 Feb 2017 15:04:37 +0000
+Subject: Fix invalid read of section contents whilst processing a corrupt binary.
+
+	PR binutils/21135
+	* readelf.c (dump_section_as_bytes): Handle the case where
+	uncompress_section_contents returns false.
+
+CVE: CVE-2017-7209
+Upstream-Status: Backport[master]
+
+Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
+---
+ binutils/ChangeLog |  6 ++++++
+ binutils/readelf.c | 16 ++++++++++++----
+ 2 files changed, 18 insertions(+), 4 deletions(-)
+
+diff --git a/binutils/ChangeLog b/binutils/ChangeLog
+index 53352c1801..cf92744c12 100644
+--- a/binutils/ChangeLog
++++ b/binutils/ChangeLog
+@@ -1,3 +1,9 @@
++2017-02-13  Nick Clifton  <nickc@redhat.com>
++
++	PR binutils/21135
++	* readelf.c (dump_section_as_bytes): Handle the case where
++	uncompress_section_contents returns false.
++
+ 2017-02-20  Nick Clifton  <nickc@redhat.com>
+ 
+ 	PR binutils/21156
+diff --git a/binutils/readelf.c b/binutils/readelf.c
+index 4960491c5c..f0e7b080e8 100644
+--- a/binutils/readelf.c
++++ b/binutils/readelf.c
+@@ -12803,10 +12803,18 @@ dump_section_as_bytes (Elf_Internal_Shdr * section,
+ 	  new_size -= 12;
+ 	}
+ 
+-      if (uncompressed_size
+-	  && uncompress_section_contents (& start, uncompressed_size,
+-					  & new_size))
+-	section_size = new_size;
++      if (uncompressed_size)
++	{
++	  if (uncompress_section_contents (& start, uncompressed_size,
++					   & new_size))
++	    section_size = new_size;
++	  else
++	    {
++	      error (_("Unable to decompress section %s\n"),
++		     printable_section_name (section));
++	      return;
++	    }
++	}
+     }
+ 
+   if (relocate)
+-- 
+2.11.0
+

meta/recipes-devtools/binutils/binutils/CVE-2017-7210.patch

@@ -0,0 +1,71 @@
+From 4da598a472e1d298825035e452e3bc68f714311c Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 14 Feb 2017 14:07:29 +0000
+Subject: Fix handling of corrupt STABS enum type strings.
+
+	PR binutils/21157
+	* stabs.c (parse_stab_enum_type): Check for corrupt NAME:VALUE
+	pairs.
+	(parse_number): Exit early if passed an empty string.
+
+CVE: CVE-2017-7210
+Upstream-Status: Backport [master]
+
+Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
+---
+ binutils/ChangeLog |  7 +++++++
+ binutils/stabs.c   | 14 +++++++++++++-
+ 2 files changed, 20 insertions(+), 1 deletion(-)
+
+diff --git a/binutils/ChangeLog b/binutils/ChangeLog
+index cf92744c12..0045fbaaa6 100644
+--- a/binutils/ChangeLog
++++ b/binutils/ChangeLog
+@@ -1,3 +1,10 @@
++2017-02-14  Nick Clifton  <nickc@redhat.com>
++
++	PR binutils/21157
++	* stabs.c (parse_stab_enum_type): Check for corrupt NAME:VALUE
++	pairs.
++	(parse_number): Exit early if passed an empty string.
++
+ 2017-02-13  Nick Clifton  <nickc@redhat.com>
+ 
+ 	PR binutils/21135
+diff --git a/binutils/stabs.c b/binutils/stabs.c
+index f5c5d2d8e0..5d013cc361 100644
+--- a/binutils/stabs.c
++++ b/binutils/stabs.c
+@@ -232,6 +232,10 @@ parse_number (const char **pp, bfd_boolean *poverflow)
+ 
+   orig = *pp;
+ 
++  /* Stop early if we are passed an empty string.  */
++  if (*orig == 0)
++    return (bfd_vma) 0;
++
+   errno = 0;
+   ul = strtoul (*pp, (char **) pp, 0);
+   if (ul + 1 != 0 || errno == 0)
+@@ -1975,9 +1979,17 @@ parse_stab_enum_type (void *dhandle, const char **pp)
+       bfd_signed_vma val;
+ 
+       p = *pp;
+-      while (*p != ':')
++      while (*p != ':' && *p != 0)
+ 	++p;
+ 
++      if (*p == 0)
++	{
++	  bad_stab (orig);
++	  free (names);
++	  free (values);
++	  return DEBUG_TYPE_NULL;
++	}
++
+       name = savestring (*pp, p - *pp);
+ 
+       *pp = p + 1;
+-- 
+2.11.0
+

meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb

@@ -10,6 +10,7 @@ SRC_URI = "https://github.com/ikeydoherty/${BPN}/releases/download/v${PV}/${BP}.
            file://check-for-malloc_trim-before-using-it.patch \
            file://0001-print-progress-in-percent-when-downloading-CVE-db.patch \
            file://0001-curl-allow-overriding-default-CA-certificate-file.patch \
+           file://0001-update-Compare-computed-vs-expected-sha256-digit-str.patch \
           "
 
 SRC_URI[md5sum] = "c5f4247140fc9be3bf41491d31a34155"

meta/recipes-devtools/cve-check-tool/files/0001-update-Compare-computed-vs-expected-sha256-digit-str.patch

@@ -0,0 +1,52 @@
+From b0426e63c9ac61657e029f689bcb8dd051e752c6 Mon Sep 17 00:00:00 2001
+From: Sergey Popovich <popovich_sergei@mail.ua>
+Date: Fri, 21 Apr 2017 07:32:23 -0700
+Subject: [PATCH] update: Compare computed vs expected sha256 digit string
+ ignoring case
+
+We produce sha256 digest string using %x snprintf()
+qualifier for each byte of digest which uses alphabetic
+characters from "a" to "f" in lower case to represent
+integer values from 10 to 15.
+
+Previously all of the NVD META files supply sha256
+digest string for corresponding XML file in lower case.
+
+However due to some reason this changed recently to
+provide digest digits in upper case causing fetched
+data consistency checks to fail. This prevents database
+from being updated periodically.
+
+While commit c4f6e94 (update: Do not treat sha256 failure
+as fatal if requested) adds useful option to skip
+digest validation at all and thus provides workaround for
+this situation, it might be unacceptable for some
+deployments where we need to ensure that downloaded
+data is consistent before start parsing it and update
+SQLite database.
+
+Use strcasecmp() to compare two digest strings case
+insensitively and addressing this case.
+
+Upstream-Status: Backport
+Signed-off-by: Sergey Popovich <popovich_sergei@mail.ua>
+---
+ src/update.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/update.c b/src/update.c
+index 8588f38..3cc6b67 100644
+--- a/src/update.c
++++ b/src/update.c
+@@ -187,7 +187,7 @@ static bool nvdcve_data_ok(const char *meta, const char *data)
+                 snprintf(&csum_data[idx], len, "%02hhx", digest[i]);
+         }
+ 
+-        ret = streq(csum_meta, csum_data);
++        ret = !strcasecmp(csum_meta, csum_data);
+ 
+ err_unmap:
+         munmap(buffer, length);
+-- 
+2.11.0
+

meta/recipes-devtools/mkelfimage/mkelfimage/fix-makefile-to-find-libz.patch

@@ -3,8 +3,11 @@ Let makefile find libz and zlib.h by CFLAGS and LDFLAGS.
 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
 Upstream-Status: Pending
 ---
+ configure.ac | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
 diff --git a/configure.ac b/configure.ac
-index d1acc36..6f865b0 100644
+index 0f2ac72..f9099a2 100644
 --- a/configure.ac
 +++ b/configure.ac
 @@ -62,7 +62,7 @@ AC_CHECK_PROG([RPM],   rpm,   rpm,   [], [$PATH])
@@ -16,15 +19,15 @@ index d1acc36..6f865b0 100644
  
  dnl Find the default programs
  if test "with_default" != no ; then
-@@ -175,7 +175,7 @@ fi
- 
+@@ -176,7 +176,7 @@ fi
  dnl ---Output variables...
  
--HOST_CFLAGS="$HOST_CFLAGS -O2 -Wall \$(HOST_CPPFLAGS)"
-+HOST_CFLAGS="$HOST_CFLAGS -O2 -Wall \$(HOST_CPPFLAGS) $CFLAGS"
+ CFLAGS="${CFLAGS:--O2} -Wall \$(CPPFLAGS)"
+-HOST_CFLAGS="${HOST_CFLAGS:--O2} -Wall \$(HOST_CPPFLAGS)"
++HOST_CFLAGS="${HOST_CFLAGS:--O2} -Wall \$(HOST_CPPFLAGS) $CFLAGS"
  
  dnl TODO: figure out how to set these appropriately for compilers other than gcc
  I386_CFLAGS="$I386_CFLAGS -Os -ffreestanding -Wall -W -Wno-format \$(I386_CPPFLAGS)"
 -- 
-1.7.10.4
+2.7.4
 

meta/recipes-devtools/python/python.inc

@@ -30,3 +30,9 @@ EXTRA_OECONF = "\
   ac_cv_header_bluetooth_bluetooth_h=no ac_cv_header_bluetooth_h=no \
   ${PYTHONLSBOPTS} \
 "
+
+do_install_append () {
+	sed -i -e 's:${HOSTTOOLS_DIR}/install:install:g' \
+		-e 's:${HOSTTOOLS_DIR}/mkdir:mkdir:g' \
+		${D}/${libdir}/python${PYTHON_MAJMIN}/_sysconfigdata.py
+}

meta/recipes-devtools/rpm/rpm_git.bb

@@ -128,6 +128,10 @@ do_install_append_class-target() {
     rm -rf ${D}/var
 }
 
+do_install_append () {
+	sed -i -e 's:${HOSTTOOLS_DIR}/::g' ${D}/${libdir}/rpm/macros
+}
+
 FILES_${PN} += "${libdir}/rpm-plugins/*.so \
                "
 

meta/recipes-extended/bash/bash_4.3.30.bb

@@ -21,6 +21,7 @@ SRC_URI = "${GNU_MIRROR}/bash/${BP}.tar.gz;name=tarball \
            ${GNU_MIRROR}/bash/bash-4.3-patches/bash43-044;apply=yes;striplevel=0;name=patch044 \
            ${GNU_MIRROR}/bash/bash-4.3-patches/bash43-045;apply=yes;striplevel=0;name=patch045 \
            ${GNU_MIRROR}/bash/bash-4.3-patches/bash43-046;apply=yes;striplevel=0;name=patch046 \
+           ${GNU_MIRROR}/bash/bash-4.3-patches/bash43-047;apply=yes;striplevel=0;name=patch047 \
            file://execute_cmd.patch;striplevel=0 \
            file://mkbuiltins_have_stringize.patch \
            file://build-tests.patch \
@@ -68,5 +69,7 @@ SRC_URI[patch045.md5sum] = "4473244ca5abfd4b018ea26dc73e7412"
 SRC_URI[patch045.sha256sum] = "ba6ec3978e9eaa1eb3fabdaf3cc6fdf8c4606ac1c599faaeb4e2d69864150023"
 SRC_URI[patch046.md5sum] = "7e5fb09991c077076b86e0e057798913"
 SRC_URI[patch046.sha256sum] = "b3b456a6b690cd293353f17e22d92a202b3c8bce587ae5f2667c20c9ab6f688f"
+SRC_URI[patch047.md5sum] = "8483153bad1a6f52cadc3bd9a8df7835"
+SRC_URI[patch047.sha256sum] = "c69248de7e78ba6b92f118fe1ef47bc86479d5040fe0b1f908ace1c9e3c67c4a"
 
 BBCLASSEXTEND = "nativesdk"

meta/recipes-extended/ghostscript/ghostscript/CVE-2016-7977.patch

@@ -0,0 +1,33 @@
+From 8abd22010eb4db0fb1b10e430d5f5d83e015ef70 Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Mon, 3 Oct 2016 01:46:28 +0100
+Subject: [PATCH] Bug 697169: Be rigorous with SAFER permissions
+
+Once we've opened our input file from the command line, enforce the SAFER
+rules.
+
+Upstream-Status: Backport
+CVE: CVE-2016-7977
+
+Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
+---
+ psi/zfile.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/psi/zfile.c b/psi/zfile.c
+index b6caea2..2c6c958 100644
+--- a/psi/zfile.c
++++ b/psi/zfile.c
+@@ -1081,6 +1081,9 @@ lib_file_open(gs_file_path_ptr  lib_path, const gs_memory_t *mem, i_ctx_t *i_ctx
+     gs_main_instance *minst = get_minst_from_memory(mem);
+     int code;
+ 
++    if (i_ctx_p && starting_arg_file)
++        i_ctx_p->starting_arg_file = false;
++
+     /* when starting arg files (@ files) iodev_default is not yet set */
+     if (iodev == 0)
+         iodev = (gx_io_device *)gx_io_device_table[0];
+-- 
+2.10.2
+

meta/recipes-extended/ghostscript/ghostscript/CVE-2016-7978.patch

@@ -0,0 +1,30 @@
+From 6f749c0c44e7b9e09737b9f29edf29925a34f0cf Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Wed, 5 Oct 2016 09:59:25 +0100
+Subject: [PATCH] Bug 697179: Reference count device icc profile
+
+when copying a device
+
+Upstream-Status: Backport
+CVE: CVE-2016-7978
+
+Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
+---
+ base/gsdevice.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/base/gsdevice.c b/base/gsdevice.c
+index 778106f..aea986a 100644
+--- a/base/gsdevice.c
++++ b/base/gsdevice.c
+@@ -614,6 +614,7 @@ gx_device_init(gx_device * dev, const gx_device * proto, gs_memory_t * mem,
+     dev->memory = mem;
+     dev->retained = !internal;
+     rc_init(dev, mem, (internal ? 0 : 1));
++    rc_increment(dev->icc_struct);
+ }
+ 
+ void
+-- 
+2.10.2
+

meta/recipes-extended/ghostscript/ghostscript/CVE-2016-7979.patch

@@ -0,0 +1,48 @@
+From 875a0095f37626a721c7ff57d606a0f95af03913 Mon Sep 17 00:00:00 2001
+From: Ken Sharp <ken.sharp@artifex.com>
+Date: Wed, 5 Oct 2016 10:10:58 +0100
+Subject: [PATCH] DSC parser - validate parameters
+
+Bug #697190 ".initialize_dsc_parser doesn't validate the parameter is a dict type before using it."
+
+Regardless of any security implications, its simply wrong for a PostScript
+operator not to validate its parameter(s).
+
+No differences expected.
+
+Upstream-Status: Backport
+CVE: CVE-2016-7979
+
+Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
+---
+ psi/zdscpars.c | 13 +++++++++----
+ 1 file changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/psi/zdscpars.c b/psi/zdscpars.c
+index c05e154..9b4b605 100644
+--- a/psi/zdscpars.c
++++ b/psi/zdscpars.c
+@@ -150,11 +150,16 @@ zinitialize_dsc_parser(i_ctx_t *i_ctx_p)
+     ref local_ref;
+     int code;
+     os_ptr const op = osp;
+-    dict * const pdict = op->value.pdict;
+-    gs_memory_t * const mem = (gs_memory_t *)dict_memory(pdict);
+-    dsc_data_t * const data =
+-        gs_alloc_struct(mem, dsc_data_t, &st_dsc_data_t, "DSC parser init");
++    dict *pdict;
++    gs_memory_t *mem;
++    dsc_data_t *data;
+ 
++    check_read_type(*op, t_dictionary);
++
++    pdict = op->value.pdict;
++    mem = (gs_memory_t *)dict_memory(pdict);
++
++    data = gs_alloc_struct(mem, dsc_data_t, &st_dsc_data_t, "DSC parser init");
+     if (!data)
+         return_error(gs_error_VMerror);
+     data->document_level = 0;
+-- 
+2.10.2
+

meta/recipes-extended/ghostscript/ghostscript/CVE-2016-8602.patch

@@ -0,0 +1,47 @@
+From f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78 Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Sat, 8 Oct 2016 16:10:27 +0100
+Subject: [PATCH] Bug 697203: check for sufficient params in .sethalftone5
+
+and param types
+
+Upstream-Status: Backport
+CVE: CVE-2016-8602
+
+Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
+---
+ psi/zht2.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/psi/zht2.c b/psi/zht2.c
+index fb4a264..dfa27a4 100644
+--- a/psi/zht2.c
++++ b/psi/zht2.c
+@@ -82,14 +82,22 @@ zsethalftone5(i_ctx_t *i_ctx_p)
+     gs_memory_t *mem;
+     uint edepth = ref_stack_count(&e_stack);
+     int npop = 2;
+-    int dict_enum = dict_first(op);
++    int dict_enum;
+     ref rvalue[2];
+     int cname, colorant_number;
+     byte * pname;
+     uint name_size;
+     int halftonetype, type = 0;
+     gs_gstate *pgs = igs;
+-    int space_index = r_space_index(op - 1);
++    int space_index;
++
++    if (ref_stack_count(&o_stack) < 2)
++        return_error(gs_error_stackunderflow);
++    check_type(*op, t_dictionary);
++    check_type(*(op - 1), t_dictionary);
++
++    dict_enum = dict_first(op);
++    space_index = r_space_index(op - 1);
+ 
+     mem = (gs_memory_t *) idmemory->spaces_indexed[space_index];
+ 
+-- 
+2.10.2
+

meta/recipes-extended/ghostscript/ghostscript/CVE-2017-7975.patch

@@ -0,0 +1,36 @@
+From 5e57e483298dae8b8d4ec9aab37a526736ac2e97 Mon Sep 17 00:00:00 2001
+From: Shailesh Mistry <shailesh.mistry@hotmail.co.uk>
+Date: Wed, 26 Apr 2017 22:12:14 +0100
+Subject: [PATCH] Bug 697693: Prevent SEGV due to integer overflow.
+
+While building a Huffman table, the start and end points were susceptible
+to integer overflow.
+
+Thank you to Jiaqi for finding this issue and suggesting a patch.
+
+Upstream-Status: Backport
+CVE: CVE-2017-7975
+
+Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
+---
+ jbig2dec/jbig2_huffman.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/jbig2dec/jbig2_huffman.c b/jbig2dec/jbig2_huffman.c
+index 511e461..b4189a1 100644
+--- a/jbig2dec/jbig2_huffman.c
++++ b/jbig2dec/jbig2_huffman.c
+@@ -421,8 +421,8 @@ jbig2_build_huffman_table(Jbig2Ctx *ctx, const Jbig2HuffmanParams *params)
+ 
+             if (PREFLEN == CURLEN) {
+                 int RANGELEN = lines[CURTEMP].RANGELEN;
+-                int start_j = CURCODE << shift;
+-                int end_j = (CURCODE + 1) << shift;
++                uint32_t start_j = CURCODE << shift;
++                uint32_t end_j = (CURCODE + 1) << shift;
+                 byte eflags = 0;
+ 
+                 if (end_j > max_j) {
+-- 
+2.10.2
+

meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9216.patch

@@ -0,0 +1,36 @@
+From 3ebffb1d96ba0cacec23016eccb4047dab365853 Mon Sep 17 00:00:00 2001
+From: Shailesh Mistry <shailesh.mistry@hotmail.co.uk>
+Date: Wed, 24 May 2017 19:29:57 +0100
+Subject: [PATCH] Bug 697934: Fix SEGV due to error code being ignored.
+
+The return code from jbig2_decode_text_region was being ignored so the
+code continued to try and parse the invalid file using incomplete/empty
+structures.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9216
+
+Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
+---
+ jbig2dec/jbig2_symbol_dict.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/jbig2dec/jbig2_symbol_dict.c b/jbig2dec/jbig2_symbol_dict.c
+index 3cc1731..672425d 100644
+--- a/jbig2dec/jbig2_symbol_dict.c
++++ b/jbig2dec/jbig2_symbol_dict.c
+@@ -493,8 +493,10 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
+                         }
+ 
+                         /* multiple symbols are handled as a text region */
+-                        jbig2_decode_text_region(ctx, segment, tparams, (const Jbig2SymbolDict * const *)refagg_dicts,
++                        code = jbig2_decode_text_region(ctx, segment, tparams, (const Jbig2SymbolDict * const *)refagg_dicts,
+                                                  n_refagg_dicts, image, data, size, GR_stats, as, ws);
++                        if (code < 0)
++                            goto cleanup4;
+ 
+                         SDNEWSYMS->glyphs[NSYMSDECODED] = image;
+                         refagg_dicts[0]->glyphs[params->SDNUMINSYMS + NSYMSDECODED] = jbig2_image_clone(ctx, SDNEWSYMS->glyphs[NSYMSDECODED]);
+-- 
+2.10.2
+

meta/recipes-extended/ghostscript/ghostscript_9.20.bb

@@ -35,6 +35,12 @@ SRC_URI = "${SRC_URI_BASE} \
            file://CVE-2016-10219.patch \
            file://CVE-2016-10220.patch \
            file://CVE-2017-5951.patch \
+           file://CVE-2016-8602.patch \
+           file://CVE-2017-7975.patch \
+           file://CVE-2016-7977.patch \
+           file://CVE-2016-7978.patch \
+           file://CVE-2016-7979.patch \
+           file://CVE-2017-9216.patch \
            "
 
 SRC_URI_class-native = "${SRC_URI_BASE} \

meta/recipes-extended/rpcbind/rpcbind/0001-rpcbind-pair-all-svc_getargs-calls-with-svc_freeargs.patch

@@ -0,0 +1,221 @@
+From 7ea36eeece56b59f98e469934e4c20b4da043346 Mon Sep 17 00:00:00 2001
+From: Doran Moppert <dmoppert@redhat.com>
+Date: Thu, 11 May 2017 11:42:54 -0400
+Subject: [PATCH] rpcbind: pair all svc_getargs() calls with svc_freeargs() to
+ avoid memory leak
+
+This patch is to address CVE-2017-8779 "rpcbomb" in rpcbind, discussed
+at [1], [2], [3].  The last link suggests this issue is actually a bug
+in rpcbind, which led me here.
+
+The leak caused by the reproducer at [4] appears to come from
+rpcb_service_4(), in the case where svc_getargs() returns false and the
+function had an early return, rather than passing through the cleanup
+path at done:, as would otherwise occur.
+
+It also addresses a couple of other locations where the same fault seems
+to exist, though I haven't been able to exercise those.  I hope someone
+more intimate with rpc(3) can confirm my understanding is correct, and
+that I haven't introduced any new bugs.
+
+Without this patch, using the reproducer (and variants) repeatedly
+against rpcbind with a numBytes argument of 1_000_000_000, /proc/$(pidof
+rpcbind)/status reports VmSize increase of 976564 kB each call, and
+VmRSS increase of around 260 kB every 33 calls - the specific numbers
+are probably an artifact of my rhel/glibc version.  With the patch,
+there is a small (~50 kB) VmSize increase with the first message, but
+thereafter both VmSize and VmRSS remain steady.
+
+[1]: http://seclists.org/oss-sec/2017/q2/209
+[2]: https://bugzilla.redhat.com/show_bug.cgi?id=1448124
+[3]: https://sourceware.org/ml/libc-alpha/2017-05/msg00129.html
+[4]: https://github.com/guidovranken/rpcbomb/
+
+
+CVE: CVE-2017-8779
+Upstream-Status: Backport
+
+Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
+---
+ src/pmap_svc.c     | 56 +++++++++++++++++++++++++++++++++++++++++++++---------
+ src/rpcb_svc.c     |  2 +-
+ src/rpcb_svc_4.c   |  2 +-
+ src/rpcb_svc_com.c |  8 ++++++++
+ 4 files changed, 57 insertions(+), 11 deletions(-)
+
+diff --git a/src/pmap_svc.c b/src/pmap_svc.c
+index 4c744fe..e926cdc 100644
+--- a/src/pmap_svc.c
++++ b/src/pmap_svc.c
+@@ -175,6 +175,7 @@ pmapproc_change(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt, unsigned long
+ 	long ans;
+ 	uid_t uid;
+ 	char uidbuf[32];
++	int rc = TRUE;
+ 
+ 	/*
+ 	 * Can't use getpwnam here. We might end up calling ourselves
+@@ -194,7 +195,8 @@ pmapproc_change(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt, unsigned long
+ 
+ 	if (!svc_getargs(xprt, (xdrproc_t) xdr_pmap, (char *)&reg)) {
+ 		svcerr_decode(xprt);
+-		return (FALSE);
++		rc = FALSE;
++		goto done;
+ 	}
+ #ifdef RPCBIND_DEBUG
+ 	if (debugging)
+@@ -205,7 +207,8 @@ pmapproc_change(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt, unsigned long
+ 
+ 	if (!check_access(xprt, op, reg.pm_prog, PMAPVERS)) {
+ 		svcerr_weakauth(xprt);
+-		return (FALSE);
++		rc = (FALSE);
++		goto done;
+ 	}
+ 
+ 	rpcbreg.r_prog = reg.pm_prog;
+@@ -258,7 +261,16 @@ done_change:
+ 		rpcbs_set(RPCBVERS_2_STAT, ans);
+ 	else
+ 		rpcbs_unset(RPCBVERS_2_STAT, ans);
+-	return (TRUE);
++done:
++	if (!svc_freeargs(xprt, (xdrproc_t) xdr_pmap, (char *)&reg)) {
++		if (debugging) {
++			/*(void) xlog(LOG_DEBUG, "unable to free arguments\n");*/
++			if (doabort) {
++				rpcbind_abort();
++			}
++		}
++	}
++	return (rc);
+ }
+ 
+ /* ARGSUSED */
+@@ -272,15 +284,18 @@ pmapproc_getport(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt)
+ #ifdef RPCBIND_DEBUG
+ 	char *uaddr;
+ #endif
++	int rc = TRUE;
+ 
+ 	if (!svc_getargs(xprt, (xdrproc_t) xdr_pmap, (char *)&reg)) {
+ 		svcerr_decode(xprt);
+-		return (FALSE);
++		rc = FALSE;
++		goto done;
+ 	}
+ 
+ 	if (!check_access(xprt, PMAPPROC_GETPORT, reg.pm_prog, PMAPVERS)) {
+ 		svcerr_weakauth(xprt);
+-		return FALSE;
++		rc = FALSE;
++		goto done;
+ 	}
+ 
+ #ifdef RPCBIND_DEBUG
+@@ -330,21 +345,34 @@ pmapproc_getport(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt)
+ 		pmap_ipprot2netid(reg.pm_prot) ?: "<unknown>",
+ 		port ? udptrans : "");
+ 
+-	return (TRUE);
++done:
++	if (!svc_freeargs(xprt, (xdrproc_t) xdr_pmap, (char *)&reg)) {
++		if (debugging) {
++			/* (void) xlog(LOG_DEBUG, "unable to free arguments\n");*/
++			if (doabort) {
++				rpcbind_abort();
++			}
++		}
++	}
++	return (rc);
+ }
+ 
+ /* ARGSUSED */
+ static bool_t
+ pmapproc_dump(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt)
+ {
++	int rc = TRUE;
++
+ 	if (!svc_getargs(xprt, (xdrproc_t)xdr_void, NULL)) {
+ 		svcerr_decode(xprt);
+-		return (FALSE);
++		rc = FALSE;
++		goto done;
+ 	}
+ 
+ 	if (!check_access(xprt, PMAPPROC_DUMP, 0, PMAPVERS)) {
+ 		svcerr_weakauth(xprt);
+-		return FALSE;
++		rc = FALSE;
++		goto done;
+ 	}
+ 	
+ 	if ((!svc_sendreply(xprt, (xdrproc_t) xdr_pmaplist_ptr,
+@@ -354,7 +382,17 @@ pmapproc_dump(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt)
+ 			rpcbind_abort();
+ 		}
+ 	}
+-	return (TRUE);
++
++done:
++	if (!svc_freeargs(xprt, (xdrproc_t) xdr_pmap, (char *)NULL)) {
++		if (debugging) {
++			/*(void) xlog(LOG_DEBUG, "unable to free arguments\n");*/
++			if (doabort) {
++				rpcbind_abort();
++			}
++		}
++	}
++	return (rc);
+ }
+ 
+ int pmap_netid2ipprot(const char *netid)
+diff --git a/src/rpcb_svc.c b/src/rpcb_svc.c
+index 709e3fb..091f530 100644
+--- a/src/rpcb_svc.c
++++ b/src/rpcb_svc.c
+@@ -166,7 +166,7 @@ rpcb_service_3(struct svc_req *rqstp, SVCXPRT *transp)
+ 		svcerr_decode(transp);
+ 		if (debugging)
+ 			(void) xlog(LOG_DEBUG, "rpcbind: could not decode");
+-		return;
++		goto done;
+ 	}
+ 
+ 	if (rqstp->rq_proc == RPCBPROC_SET
+diff --git a/src/rpcb_svc_4.c b/src/rpcb_svc_4.c
+index 5094879..eebbbbe 100644
+--- a/src/rpcb_svc_4.c
++++ b/src/rpcb_svc_4.c
+@@ -218,7 +218,7 @@ rpcb_service_4(struct svc_req *rqstp, SVCXPRT *transp)
+ 		svcerr_decode(transp);
+ 		if (debugging)
+ 			(void) xlog(LOG_DEBUG, "rpcbind: could not decode\n");
+-		return;
++		goto done;
+ 	}
+ 
+ 	if (rqstp->rq_proc == RPCBPROC_SET
+diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c
+index 5862c26..cb63afd 100644
+--- a/src/rpcb_svc_com.c
++++ b/src/rpcb_svc_com.c
+@@ -927,6 +927,14 @@ error:
+ 	if (call_msg.rm_xid != 0)
+ 		(void) free_slot_by_xid(call_msg.rm_xid);
+ out:
++	if (!svc_freeargs(transp, (xdrproc_t) xdr_rmtcall_args, (char *) &a)) {
++		if (debugging) {
++			(void) xlog(LOG_DEBUG, "unable to free arguments\n");
++			if (doabort) {
++				rpcbind_abort();
++			}
++		}
++	}
+ 	if (local_uaddr)
+ 		free(local_uaddr);
+ 	if (buf_alloc)
+-- 
+1.9.1
+

meta/recipes-extended/rpcbind/rpcbind_0.2.4.bb

@@ -18,6 +18,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/rpcbind/rpcbind-${PV}.tar.bz2 \
            file://rpcbind.conf \
            file://rpcbind.socket \
            file://rpcbind.service \
+           file://0001-rpcbind-pair-all-svc_getargs-calls-with-svc_freeargs.patch \
           "
 MUSLPATCHES_libc-musl = "file://musl-sunrpc.patch"
 

meta/recipes-graphics/piglit/piglit/0001-CMake-define-GBM_BO_MAP-only-when-symbol-is-found.patch

@@ -0,0 +1,51 @@
+From 47697aee05a112422acf203982085e7b3e6c05b2 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20D=C3=ADaz?= <daniel.diaz@linaro.org>
+Date: Thu, 4 May 2017 00:57:39 -0500
+Subject: [PATCH 1/4] CMake: define GBM_BO_MAP only when symbol is found
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+gbm_bo_map() and _unmap() have been added recently to Mesa,
+and this update may not have reached all implementations of
+GBM, such as the one provided by Mali r6, where said
+definitions can be found in the header file but not in the
+library itself. This leads to errors like the following when
+linking:
+  ../../../../lib/libpiglitutil_gl.so.0: undefined reference to `gbm_bo_unmap'
+  ../../../../lib/libpiglitutil_gl.so.0: undefined reference to `gbm_bo_map'
+  collect2: error: ld returned 1 exit status
+  make[2]: *** [bin/point-sprite] Error 1
+
+Instead of relying on the header file, actually try to link
+using that symbol to determine if PIGLIT_HAS_GBM_BO_MAP
+should be defined.
+
+Upstream-Status: Submitted [piglit@lists.freedesktop.org]
+
+Signed-off-by: Daniel Díaz <daniel.diaz@linaro.org>
+Reviewed-by: Jan Vesely <jan.vesely@rutgers.edu>
+Reviewed-by: Dylan Baker <dylan@pnwbakers.com>
+---
+ CMakeLists.txt | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index a4ff99e..cc26fa8 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -141,8 +141,9 @@ IF(${CMAKE_SYSTEM_NAME} MATCHES "Linux")
+ 	if(GBM_FOUND)
+ 		set(PIGLIT_HAS_GBM True)
+ 		add_definitions(-DPIGLIT_HAS_GBM)
+-		if (GBM_VERSION VERSION_EQUAL "12.1" OR GBM_VERSION VERSION_GREATER "12.1")
+-			set(PIGLIT_HAS_GBM_BO_MAP True)
++		set(CMAKE_REQUIRED_LIBRARIES ${CMAKE_REQUIRED_LIBRARIES} ${GBM_LIBRARIES})
++		CHECK_FUNCTION_EXISTS(gbm_bo_map PIGLIT_HAS_GBM_BO_MAP)
++		if (PIGLIT_HAS_GBM_BO_MAP)
+ 			add_definitions(-DPIGLIT_HAS_GBM_BO_MAP)
+ 		endif()
+ 	endif(GBM_FOUND)
+-- 
+1.9.1
+

meta/recipes-graphics/piglit/piglit/0002-util-egl-Honour-Surfaceless-MESA-in-get_default_disp.patch

@@ -0,0 +1,54 @@
+From a6608f218b5023cef36b3de5ec3c5f00b0211d1c Mon Sep 17 00:00:00 2001
+From: Daniel Diaz <daniel.diaz@linaro.org>
+Date: Wed, 17 May 2017 18:00:15 -0500
+Subject: [PATCH 2/4] util/egl: Honour Surfaceless MESA in get_default_display
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The EGL_MESA_platform_surfaceless extension was introduced not too long
+ago. Add support for it our helper.
+
+Upstream-Status: Accepted, since git 7b74602.
+
+Signed-off-by: Daniel Díaz <daniel.diaz@linaro.org>
+Reviewed-by: Emil Velikov <emil.velikov@collabora.com>
+---
+ tests/util/piglit-util-egl.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/tests/util/piglit-util-egl.c b/tests/util/piglit-util-egl.c
+index 106c735..389fe12 100644
+--- a/tests/util/piglit-util-egl.c
++++ b/tests/util/piglit-util-egl.c
+@@ -85,6 +85,7 @@ piglit_egl_get_default_display(EGLenum platform)
+ 	static bool has_x11 = false;
+ 	static bool has_wayland = false;
+ 	static bool has_gbm = false;
++	static bool has_surfaceless_mesa = false;
+ 
+ 	static EGLDisplay (*peglGetPlatformDisplayEXT)(EGLenum platform, void *native_display, const EGLint *attrib_list);
+ 
+@@ -99,6 +100,7 @@ piglit_egl_get_default_display(EGLenum platform)
+ 		has_x11 = piglit_is_egl_extension_supported(EGL_NO_DISPLAY, "EGL_EXT_platform_x11");
+ 		has_wayland = piglit_is_egl_extension_supported(EGL_NO_DISPLAY, "EGL_EXT_platform_wayland");
+ 		has_gbm = piglit_is_egl_extension_supported(EGL_NO_DISPLAY, "EGL_EXT_platform_gbm");
++		has_surfaceless_mesa = piglit_is_egl_extension_supported(EGL_NO_DISPLAY, "EGL_MESA_platform_surfaceless");
+ 
+ 		peglGetPlatformDisplayEXT = (void*) eglGetProcAddress("eglGetPlatformDisplayEXT");
+ 	}
+@@ -123,6 +125,11 @@ piglit_egl_get_default_display(EGLenum platform)
+ 			return EGL_NO_DISPLAY;
+ 		}
+ 		break;
++	case EGL_PLATFORM_SURFACELESS_MESA:
++		if (!has_surfaceless_mesa) {
++			return EGL_NO_DISPLAY;
++		}
++		break;
+ 	default:
+ 		fprintf(stderr, "%s: unrecognized platform %#x\n", __func__, platform);
+ 		return EGL_NO_DISPLAY;
+-- 
+1.9.1
+

meta/recipes-graphics/piglit/piglit/0003-egl_mesa_platform_surfaceless-Don-t-use-eglGetPlatfo.patch

@@ -0,0 +1,36 @@
+From c0dc430b8f5deeacdb11cd188195e16f512af233 Mon Sep 17 00:00:00 2001
+From: Daniel Diaz <daniel.diaz@linaro.org>
+Date: Wed, 17 May 2017 18:00:16 -0500
+Subject: [PATCH 3/4] egl_mesa_platform_surfaceless: Don't use
+ eglGetPlatformDisplay directly
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The entry point is not guaranteed to exist, so use the
+piglit_egl_get_default_display() helper which does the correct thing.
+
+Upstream-Status: Accepted, since git 7b74602.
+
+Signed-off-by: Daniel Díaz <daniel.diaz@linaro.org>
+Reviewed-by: Emil Velikov <emil.velikov@collabora.com>
+---
+ .../spec/egl_mesa_platform_surfaceless/egl_mesa_platform_surfaceless.c  | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tests/egl/spec/egl_mesa_platform_surfaceless/egl_mesa_platform_surfaceless.c b/tests/egl/spec/egl_mesa_platform_surfaceless/egl_mesa_platform_surfaceless.c
+index 3bbd6aa..81a3919 100644
+--- a/tests/egl/spec/egl_mesa_platform_surfaceless/egl_mesa_platform_surfaceless.c
++++ b/tests/egl/spec/egl_mesa_platform_surfaceless/egl_mesa_platform_surfaceless.c
+@@ -31,7 +31,7 @@ test_setup(EGLDisplay *dpy)
+ 
+ 	piglit_require_egl_extension(EGL_NO_DISPLAY, "EGL_MESA_platform_surfaceless");
+ 
+-	*dpy = eglGetPlatformDisplay(EGL_PLATFORM_SURFACELESS_MESA, NULL, NULL);
++	*dpy = piglit_egl_get_default_display(EGL_PLATFORM_SURFACELESS_MESA);
+ 	if (*dpy == EGL_NO_DISPLAY) {
+ 		printf("failed to get EGLDisplay\n");
+ 		piglit_report_result(PIGLIT_SKIP);
+-- 
+1.9.1
+

meta/recipes-graphics/piglit/piglit/0004-egl_mesa_platform_surfaceless-Use-EXT-functions-for-.patch

@@ -0,0 +1,78 @@
+From 57de1ff6758ec5ea4a52637f233e3e3150086255 Mon Sep 17 00:00:00 2001
+From: Daniel Diaz <daniel.diaz@linaro.org>
+Date: Wed, 17 May 2017 18:00:17 -0500
+Subject: [PATCH 4/4] egl_mesa_platform_surfaceless: Use EXT functions for
+ surfaces
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+These EXT symbols are guaranteed to exist since they require
+EGL_EXT_platform_base.
+
+Upstream-Status: Accepted, since git 7b74602.
+
+Signed-off-by: Daniel Díaz <daniel.diaz@linaro.org>
+Reviewed-by: Emil Velikov <emil.velikov@collabora.com>
+---
+ .../egl_mesa_platform_surfaceless.c                | 23 ++++++++++++++++++++--
+ 1 file changed, 21 insertions(+), 2 deletions(-)
+
+diff --git a/tests/egl/spec/egl_mesa_platform_surfaceless/egl_mesa_platform_surfaceless.c b/tests/egl/spec/egl_mesa_platform_surfaceless/egl_mesa_platform_surfaceless.c
+index 81a3919..264ed71 100644
+--- a/tests/egl/spec/egl_mesa_platform_surfaceless/egl_mesa_platform_surfaceless.c
++++ b/tests/egl/spec/egl_mesa_platform_surfaceless/egl_mesa_platform_surfaceless.c
+@@ -24,6 +24,24 @@
+ #include "piglit-util.h"
+ #include "piglit-util-egl.h"
+ 
++/* Extension function pointers.
++ *
++ * Use prefix 'pegl' (piglit egl) instead of 'egl' to avoid collisions with
++ * prototypes in eglext.h. */
++EGLSurface (*peglCreatePlatformPixmapSurfaceEXT)(EGLDisplay display, EGLConfig config,
++	    NativePixmapType native_pixmap, const EGLint *attrib_list);
++EGLSurface (*peglCreatePlatformWindowSurfaceEXT)(EGLDisplay display, EGLConfig config,
++	    NativeWindowType native_window, const EGLint *attrib_list);
++
++static void
++init_egl_extension_funcs(void)
++{
++	peglCreatePlatformPixmapSurfaceEXT = (void*)
++		eglGetProcAddress("eglCreatePlatformPixmapSurfaceEXT");
++	peglCreatePlatformWindowSurfaceEXT = (void*)
++		eglGetProcAddress("eglCreatePlatformWindowSurfaceEXT");
++}
++
+ static void
+ test_setup(EGLDisplay *dpy)
+ {
+@@ -72,7 +90,7 @@ test_create_window(void *test_data)
+ 
+ 	test_setup(&dpy);
+ 
+-	surf = eglCreatePlatformWindowSurface(dpy, EGL_NO_CONFIG_KHR,
++	surf = peglCreatePlatformWindowSurfaceEXT(dpy, EGL_NO_CONFIG_KHR,
+ 					      /*native_window*/ NULL,
+ 					      /*attrib_list*/ NULL);
+ 	if (surf) {
+@@ -103,7 +121,7 @@ test_create_pixmap(void *test_data)
+ 
+ 	test_setup(&dpy);
+ 
+-	surf = eglCreatePlatformPixmapSurface(dpy, EGL_NO_CONFIG_KHR,
++	surf = peglCreatePlatformPixmapSurfaceEXT(dpy, EGL_NO_CONFIG_KHR,
+ 					      /*native_window*/ NULL,
+ 					      /*attrib_list*/ NULL);
+ 	if (surf) {
+@@ -205,6 +223,7 @@ main(int argc, char **argv)
+ 		piglit_report_result(PIGLIT_FAIL);
+ 	}
+ 
++	init_egl_extension_funcs();
+ 	result = piglit_run_selected_subtests(subtests, selected_names,
+ 					      num_selected, result);
+ 	piglit_report_result(result);
+-- 
+1.9.1
+

meta/recipes-graphics/piglit/piglit_git.bb

@@ -5,6 +5,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b2beded7103a3d8a442a2a0391d607b0"
 SRC_URI = "git://anongit.freedesktop.org/piglit \
            file://0001-cmake-install-bash-completions-in-the-right-place.patch \
            file://0001-tests-Use-FE_UPWARD-only-if-its-defined-in-fenv.h.patch \
+           file://0001-CMake-define-GBM_BO_MAP-only-when-symbol-is-found.patch \
+           file://0002-util-egl-Honour-Surfaceless-MESA-in-get_default_disp.patch \
+           file://0003-egl_mesa_platform_surfaceless-Don-t-use-eglGetPlatfo.patch \
+           file://0004-egl_mesa_platform_surfaceless-Use-EXT-functions-for-.patch \
            "
 
 # From 2017-02-06
@@ -14,7 +18,7 @@ PV = "1.0+gitr${SRCPV}"
 
 S = "${WORKDIR}/git"
 
-DEPENDS = "libpng virtual/libx11 libxkbcommon libxrender waffle virtual/libgl libglu python3-mako-native python3-numpy-native python3-six-native"
+DEPENDS = "libpng virtual/libx11 libxkbcommon libxrender waffle virtual/libgl libglu python3-mako-native python3-numpy-native python3-six-native virtual/egl"
 
 inherit cmake python3native distro_features_check bash-completion
 # depends on virtual/libx11

meta/recipes-kernel/cryptodev/cryptodev.inc

@@ -3,7 +3,7 @@ HOMEPAGE = "http://cryptodev-linux.org/"
 LICENSE = "GPLv2"
 LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
 
-SRC_URI = "http://download.gna.org/cryptodev-linux/cryptodev-linux-${PV}.tar.gz \
+SRC_URI = "http://nwl.cc/pub/cryptodev-linux/cryptodev-linux-${PV}.tar.gz \
            file://06d6b560c6e45dc317dae47c74706fa43f4a31d8.patch \
            file://cb186f682679383e8b5806240927903730ce85d9.patch \
            file://0001-Adjust-to-another-change-in-the-user-page-API.patch \

meta/recipes-support/libxslt/libxslt/0001-Check-for-integer-overflow-in-xsltAddTextString.patch

@@ -0,0 +1,80 @@
+From 08ab2774b870de1c7b5a48693df75e8154addae5 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Thu, 12 Jan 2017 15:39:52 +0100
+Subject: [PATCH] Check for integer overflow in xsltAddTextString
+
+Limit buffer size in xsltAddTextString to INT_MAX. The issue can be
+exploited to trigger an out of bounds write on 64-bit systems.
+
+Originally reported to Chromium:
+
+https://crbug.com/676623
+
+CVE: CVE-2017-5029
+Upstream-Status: Backport
+
+Signed-off-by: Fan Xin <fan.xin@jp.fujitus.com>
+
+---
+ libxslt/transform.c     | 25 ++++++++++++++++++++++---
+ libxslt/xsltInternals.h |  4 ++--
+ 2 files changed, 24 insertions(+), 5 deletions(-)
+
+diff --git a/libxslt/transform.c b/libxslt/transform.c
+index 519133f..02bff34 100644
+--- a/libxslt/transform.c
++++ b/libxslt/transform.c
+@@ -813,13 +813,32 @@ xsltAddTextString(xsltTransformContextPtr ctxt, xmlNodePtr target,
+         return(target);
+ 
+     if (ctxt->lasttext == target->content) {
++        int minSize;
+ 
+-	if (ctxt->lasttuse + len >= ctxt->lasttsize) {
++        /* Check for integer overflow accounting for NUL terminator. */
++        if (len >= INT_MAX - ctxt->lasttuse) {
++            xsltTransformError(ctxt, NULL, target,
++                "xsltCopyText: text allocation failed\n");
++            return(NULL);
++        }
++        minSize = ctxt->lasttuse + len + 1;
++
++        if (ctxt->lasttsize < minSize) {
+ 	    xmlChar *newbuf;
+ 	    int size;
++            int extra;
++
++            /* Double buffer size but increase by at least 100 bytes. */
++            extra = minSize < 100 ? 100 : minSize;
++
++            /* Check for integer overflow. */
++            if (extra > INT_MAX - ctxt->lasttsize) {
++                size = INT_MAX;
++            }
++            else {
++                size = ctxt->lasttsize + extra;
++            }
+ 
+-	    size = ctxt->lasttsize + len + 100;
+-	    size *= 2;
+ 	    newbuf = (xmlChar *) xmlRealloc(target->content,size);
+ 	    if (newbuf == NULL) {
+ 		xsltTransformError(ctxt, NULL, target,
+diff --git a/libxslt/xsltInternals.h b/libxslt/xsltInternals.h
+index 060b178..5ad1771 100644
+--- a/libxslt/xsltInternals.h
++++ b/libxslt/xsltInternals.h
+@@ -1754,8 +1754,8 @@ struct _xsltTransformContext {
+      * Speed optimization when coalescing text nodes
+      */
+     const xmlChar  *lasttext;		/* last text node content */
+-    unsigned int    lasttsize;		/* last text node size */
+-    unsigned int    lasttuse;		/* last text node use */
++    int             lasttsize;		/* last text node size */
++    int             lasttuse;		/* last text node use */
+     /*
+      * Per Context Debugging
+      */
+-- 
+1.9.1
+

meta/recipes-support/libxslt/libxslt_1.1.29.bb

@@ -12,6 +12,7 @@ SRC_URI = "ftp://xmlsoft.org/libxslt/libxslt-${PV}.tar.gz \
            file://pkgconfig_fix.patch \
            file://0001-Use-pkg-config-to-find-gcrypt-and-libxml2.patch \
            file://0001-Link-libraries-with-libm.patch \
+           file://0001-Check-for-integer-overflow-in-xsltAddTextString.patch \
            "
 
 SRC_URI[md5sum] = "a129d3c44c022de3b9dcf6d6f288d72e"

scripts/contrib/mkefidisk.sh

@@ -444,7 +444,7 @@ if [ -d $ROOTFS_MNT/etc/udev/ ] ; then
 fi
 
 # Add startup.nsh script for automated boot
-echo "fs0:\EFI\BOOT\bootx64.efi" > $BOOTFS_MNT/startup.nsh
+printf "fs0:\%s\BOOT\%s\n" "EFI" "bootx64.efi" > $BOOTFS_MNT/startup.nsh
 
 
 # Call cleanup to unmount devices and images and remove the TMPDIR

scripts/lib/scriptutils.py

@@ -21,6 +21,8 @@ import logging
 import glob
 import argparse
 import subprocess
+import tempfile
+import shutil
 
 def logger_create(name, stream=None):
     logger = logging.getLogger(name)
@@ -78,32 +80,47 @@ def git_convert_standalone_clone(repodir):
 
 def fetch_uri(d, uri, destdir, srcrev=None):
     """Fetch a URI to a local directory"""
-    import bb.data
-    bb.utils.mkdirhier(destdir)
-    localdata = bb.data.createCopy(d)
-    localdata.setVar('BB_STRICT_CHECKSUM', '')
-    localdata.setVar('SRCREV', srcrev)
-    ret = (None, None)
-    olddir = os.getcwd()
+    import bb
+    tmpparent = d.getVar('BASE_WORKDIR')
+    bb.utils.mkdirhier(tmpparent)
+    tmpworkdir = tempfile.mkdtemp(dir=tmpparent)
     try:
-        fetcher = bb.fetch2.Fetch([uri], localdata)
-        for u in fetcher.ud:
-            ud = fetcher.ud[u]
-            ud.ignore_checksums = True
-        fetcher.download()
-        for u in fetcher.ud:
-            ud = fetcher.ud[u]
-            if ud.localpath.rstrip(os.sep) == localdata.getVar('DL_DIR').rstrip(os.sep):
-                raise Exception('Local path is download directory - please check that the URI "%s" is correct' % uri)
-        fetcher.unpack(destdir)
-        for u in fetcher.ud:
-            ud = fetcher.ud[u]
-            if ud.method.recommends_checksum(ud):
-                md5value = bb.utils.md5_file(ud.localpath)
-                sha256value = bb.utils.sha256_file(ud.localpath)
-                ret = (md5value, sha256value)
+        bb.utils.mkdirhier(destdir)
+        localdata = bb.data.createCopy(d)
+
+        # Set some values to allow extend_recipe_sysroot to work here we're we are not running from a task
+        localdata.setVar('WORKDIR', tmpworkdir)
+        localdata.setVar('BB_RUNTASK', 'do_fetch')
+        localdata.setVar('PN', 'dummy')
+        localdata.setVar('BB_LIMITEDDEPS', '1')
+        bb.build.exec_func("extend_recipe_sysroot", localdata)
+
+        # Set some values for the benefit of the fetcher code
+        localdata.setVar('BB_STRICT_CHECKSUM', '')
+        localdata.setVar('SRCREV', srcrev)
+        ret = (None, None)
+        olddir = os.getcwd()
+        try:
+            fetcher = bb.fetch2.Fetch([uri], localdata)
+            for u in fetcher.ud:
+                ud = fetcher.ud[u]
+                ud.ignore_checksums = True
+            fetcher.download()
+            for u in fetcher.ud:
+                ud = fetcher.ud[u]
+                if ud.localpath.rstrip(os.sep) == localdata.getVar('DL_DIR').rstrip(os.sep):
+                    raise Exception('Local path is download directory - please check that the URI "%s" is correct' % uri)
+            fetcher.unpack(destdir)
+            for u in fetcher.ud:
+                ud = fetcher.ud[u]
+                if ud.method.recommends_checksum(ud):
+                    md5value = bb.utils.md5_file(ud.localpath)
+                    sha256value = bb.utils.sha256_file(ud.localpath)
+                    ret = (md5value, sha256value)
+        finally:
+            os.chdir(olddir)
     finally:
-        os.chdir(olddir)
+        shutil.rmtree(tmpworkdir)
     return ret
 
 def run_editor(fn):