build-appliance-image: Update to head revision

(From OE-Core rev: b2d96a966215d90bd2514e2bbe8deabe9eaabea1)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

bitbake/lib/bb/ui/crumbs/hig/layerselectiondialog.py

@@ -132,12 +132,13 @@ class LayerSelectionDialog (CrumbsDialog):
         tree_selection.set_mode(gtk.SELECTION_SINGLE)
 
         # Allow enable drag and drop of rows including row move
+        dnd_internal_target = ''
+        dnd_targets = [(dnd_internal_target, gtk.TARGET_SAME_WIDGET, 0)]
         layer_tv.enable_model_drag_source( gtk.gdk.BUTTON1_MASK,
-            self.TARGETS,
-            gtk.gdk.ACTION_DEFAULT|
+            dnd_targets,
+            gtk.gdk.ACTION_MOVE)
+        layer_tv.enable_model_drag_dest(dnd_targets,
             gtk.gdk.ACTION_MOVE)
-        layer_tv.enable_model_drag_dest(self.TARGETS,
-            gtk.gdk.ACTION_DEFAULT)
         layer_tv.connect("drag_data_get", self.drag_data_get_cb)
         layer_tv.connect("drag_data_received", self.drag_data_received_cb)
 

documentation/adt-manual/adt-manual.xml

@@ -76,6 +76,11 @@
                 <date>March 2014</date>
                 <revremark>Released with the Yocto Project 1.4.3 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>1.4.4</revnumber>
+                <date>May 2014</date>
+                <revremark>Released with the Yocto Project 1.4.4 Release.</revremark>
+            </revision>
       </revhistory>
 
     <copyright>

documentation/bsp-guide/bsp-guide.xml

@@ -88,6 +88,11 @@
                 <date>March 2014</date>
                 <revremark>Released with the Yocto Project 1.4.3 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>1.4.4</revnumber>
+                <date>May 2014</date>
+                <revremark>Released with the Yocto Project 1.4.4 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/dev-manual/dev-manual.xml

@@ -66,6 +66,11 @@
                 <date>March 2014</date>
                 <revremark>Released with the Yocto Project 1.4.3 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>1.4.4</revnumber>
+                <date>May 2014</date>
+                <revremark>Released with the Yocto Project 1.4.4 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/kernel-dev/kernel-dev.xml

@@ -51,6 +51,11 @@
                 <date>March 2014</date>
                 <revremark>Released with the Yocto Project 1.4.3 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>1.4.4</revnumber>
+                <date>May 2014</date>
+                <revremark>Released with the Yocto Project 1.4.4 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/poky.ent

@@ -1,9 +1,9 @@
-<!ENTITY DISTRO "1.4.3">
-<!ENTITY DISTRO_COMPRESSED "143">
+<!ENTITY DISTRO "1.4.4">
+<!ENTITY DISTRO_COMPRESSED "144">
 <!ENTITY DISTRO_NAME "dylan">
-<!ENTITY YOCTO_DOC_VERSION "1.4.3">
+<!ENTITY YOCTO_DOC_VERSION "1.4.4">
 <!ENTITY POKYVERSION "9.0.3">
-<!ENTITY POKYVERSION_COMPRESSED "903">
+<!ENTITY POKYVERSION_COMPRESSED "904">
 <!ENTITY YOCTO_POKY "poky-&DISTRO_NAME;-&POKYVERSION;">
 <!ENTITY COPYRIGHT_YEAR "2010-2014">
 <!ENTITY YOCTO_DL_URL "http://downloads.yoctoproject.org">

documentation/profile-manual/profile-manual.xml

@@ -51,6 +51,11 @@
                 <date>March 2014</date>
                 <revremark>Released with the Yocto Project 1.4.3 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>1.4.4</revnumber>
+                <date>May 2014</date>
+                <revremark>Released with the Yocto Project 1.4.4 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/ref-manual/ref-manual.xml

@@ -82,6 +82,11 @@
                 <date>March 2014</date>
                 <revremark>Released with the Yocto Project 1.4.3 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>1.4.4</revnumber>
+                <date>May 2014</date>
+                <revremark>Released with the Yocto Project 1.4.4 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/tools/mega-manual.sed

@@ -1,14 +1,14 @@
 # Processes ref-manual and yocto-project-qs manual (<word>-<word>-<word> style)
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.3\/[a-z]*-[a-z]*-[a-z]*\/[a-z]*-[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.4\/[a-z]*-[a-z]*-[a-z]*\/[a-z]*-[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
 
 # Processes all other manuals (<word>-<word> style)
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.3\/[a-z]*-[a-z]*\/[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.4\/[a-z]*-[a-z]*\/[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
 
 # Process cases where just an external manual is referenced without an id anchor
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.3\/yocto-project-qs\/yocto-project-qs.html\" target=\"_top\">Yocto Project Quick Start<\/a>/Yocto Project Quick Start/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.3\/dev-manual\/dev-manual.html\" target=\"_top\">Yocto Project Development Manual<\/a>/Yocto Project Development Manual/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.3\/adt-manual\/adt-manual.html\" target=\"_top\">Yocto Project Application Developer's Guide<\/a>/Yocto Project Application Developer's Guide/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.3\/bsp-guide\/bsp-guide.html\" target=\"_top\">Yocto Project Board Support Package (BSP) Developer's Guide<\/a>/Yocto Project Board Support Package (BSP) Developer's Guide/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.3\/profile-manual\/profile-manual.html\" target=\"_top\">Yocto Project Profile and Tracing Manual<\/a>/Yocto Project Profile and Tracing Manual/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.3\/kernel-dev\/kernel-dev.html\" target=\"_top\">Yocto Project Linux Kernel Development Manual<\/a>/Yocto Project Linux Kernel Development Manual/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.3\/ref-manual\/ref-manual.html\" target=\"_top\">Yocto Project Reference Manual<\/a>/Yocto Project Reference Manual/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.4\/yocto-project-qs\/yocto-project-qs.html\" target=\"_top\">Yocto Project Quick Start<\/a>/Yocto Project Quick Start/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.4\/dev-manual\/dev-manual.html\" target=\"_top\">Yocto Project Development Manual<\/a>/Yocto Project Development Manual/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.4\/adt-manual\/adt-manual.html\" target=\"_top\">Yocto Project Application Developer's Guide<\/a>/Yocto Project Application Developer's Guide/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.4\/bsp-guide\/bsp-guide.html\" target=\"_top\">Yocto Project Board Support Package (BSP) Developer's Guide<\/a>/Yocto Project Board Support Package (BSP) Developer's Guide/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.4\/profile-manual\/profile-manual.html\" target=\"_top\">Yocto Project Profile and Tracing Manual<\/a>/Yocto Project Profile and Tracing Manual/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.4\/kernel-dev\/kernel-dev.html\" target=\"_top\">Yocto Project Linux Kernel Development Manual<\/a>/Yocto Project Linux Kernel Development Manual/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.4.4\/ref-manual\/ref-manual.html\" target=\"_top\">Yocto Project Reference Manual<\/a>/Yocto Project Reference Manual/g

meta-yocto/conf/distro/poky.conf

@@ -1,6 +1,6 @@
 DISTRO = "poky"
-DISTRO_NAME = "Poky 9.0.3 (Yocto Project 1.4.3 Reference Distro)"
-DISTRO_VERSION = "1.4.3"
+DISTRO_NAME = "Poky 9.0.4 (Yocto Project 1.4.4 Reference Distro)"
+DISTRO_VERSION = "1.4.4"
 DISTRO_CODENAME = "dylan"
 SDK_VENDOR = "-pokysdk"
 SDK_VERSION := "${@'${DISTRO_VERSION}'}"
@@ -78,6 +78,7 @@ SANITY_TESTED_DISTROS ?= " \
             Poky-1.4.1 \n \
             Poky-1.4.2 \n \
             Poky-1.4.3 \n \
+            Poky-1.4.4 \n \
             Ubuntu-10.04 \n \
             Ubuntu-11.10 \n \
             Ubuntu-12.04 \n \

meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-DTLS-retransmission-from-previous-session.patch

@@ -0,0 +1,81 @@
+From 34628967f1e65dc8f34e000f0f5518e21afbfc7b Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve@openssl.org>
+Date: Fri, 20 Dec 2013 15:26:50 +0000
+Subject: [PATCH] Fix DTLS retransmission from previous session.
+
+Upstream-Status: Backport
+commit 34628967f1e65dc8f34e000f0f5518e21afbfc7b upstream
+
+For DTLS we might need to retransmit messages from the previous session
+so keep a copy of write context in DTLS retransmission buffers instead
+of replacing it after sending CCS. CVE-2013-6450.
+---
+ ssl/d1_both.c  |    6 ++++++
+ ssl/ssl_locl.h |    2 ++
+ ssl/t1_enc.c   |   17 +++++++++++------
+ 4 files changed, 24 insertions(+), 6 deletions(-)
+
+diff --git a/ssl/d1_both.c b/ssl/d1_both.c
+index 65ec001..7a5596a 100644
+--- a/ssl/d1_both.c
++++ b/ssl/d1_both.c
+@@ -214,6 +214,12 @@ dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
+ static void
+ dtls1_hm_fragment_free(hm_fragment *frag)
+ 	{
++
++	if (frag->msg_header.is_ccs)
++		{
++		EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx);
++		EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash);
++		}
+ 	if (frag->fragment) OPENSSL_free(frag->fragment);
+ 	if (frag->reassembly) OPENSSL_free(frag->reassembly);
+ 	OPENSSL_free(frag);
+diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
+index 96ce9a7..e485907 100644
+--- a/ssl/ssl_locl.h
++++ b/ssl/ssl_locl.h
+@@ -621,6 +621,8 @@ extern SSL3_ENC_METHOD TLSv1_enc_data;
+ extern SSL3_ENC_METHOD SSLv3_enc_data;
+ extern SSL3_ENC_METHOD DTLSv1_enc_data;
+ 
++#define SSL_IS_DTLS(s) (s->method->version == DTLS1_VERSION)
++
+ #define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \
+ 				s_get_meth) \
+ const SSL_METHOD *func_name(void)  \
+diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
+index 72015f5..56db834 100644
+--- a/ssl/t1_enc.c
++++ b/ssl/t1_enc.c
+@@ -414,15 +414,20 @@ int tls1_change_cipher_state(SSL *s, int which)
+ 			s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
+ 			else
+ 			s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
+-		if (s->enc_write_ctx != NULL)
++		if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s))
+ 			reuse_dd = 1;
+-		else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
++		else if ((s->enc_write_ctx=EVP_CIPHER_CTX_new()) == NULL)
+ 			goto err;
+-		else
+-			/* make sure it's intialized in case we exit later with an error */
+-			EVP_CIPHER_CTX_init(s->enc_write_ctx);
+ 		dd= s->enc_write_ctx;
+-		mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
++		if (SSL_IS_DTLS(s))
++			{
++			mac_ctx = EVP_MD_CTX_create();
++			if (!mac_ctx)
++				goto err;
++			s->write_hash = mac_ctx;
++			}
++		else
++			mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
+ #ifndef OPENSSL_NO_COMP
+ 		if (s->compress != NULL)
+ 			{
+-- 
+1.7.5.4
+

meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch

@@ -0,0 +1,31 @@
+From 197e0ea817ad64820789d86711d55ff50d71f631 Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve@openssl.org>
+Date: Mon, 6 Jan 2014 14:35:04 +0000
+Subject: [PATCH] Fix for TLS record tampering bug CVE-2013-4353
+
+Upstream-Status: Backport
+commit 197e0ea817ad64820789d86711d55ff50d71f631 upstream
+
+ ssl/s3_both.c |    6 +++++-
+ 3 files changed, 11 insertions(+), 1 deletions(-)
+
+diff --git a/ssl/s3_both.c b/ssl/s3_both.c
+index 1e5dcab..53b9390 100644
+--- a/ssl/s3_both.c
++++ b/ssl/s3_both.c
+@@ -210,7 +210,11 @@ static void ssl3_take_mac(SSL *s)
+ 	{
+ 	const char *sender;
+ 	int slen;
+-
++	/* If no new cipher setup return immediately: other functions will
++	 * set the appropriate error.
++	 */
++	if (s->s3->tmp.new_cipher == NULL)
++		return;
+ 	if (s->state & SSL_ST_CONNECT)
+ 		{
+ 		sender=s->method->ssl3_enc->server_finished_label;
+-- 
+1.7.5.4
+

meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch

@@ -0,0 +1,33 @@
+From ca989269a2876bae79393bd54c3e72d49975fc75 Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve@openssl.org>
+Date: Thu, 19 Dec 2013 14:37:39 +0000
+Subject: [PATCH] Use version in SSL_METHOD not SSL structure.
+
+Upstream-Status: Backport
+commit ca989269a2876bae79393bd54c3e72d49975fc75 upstream
+
+When deciding whether to use TLS 1.2 PRF and record hash algorithms
+use the version number in the corresponding SSL_METHOD structure
+instead of the SSL structure. The SSL structure version is sometimes
+inaccurate. Note: OpenSSL 1.0.2 and later effectively do this already.
+(CVE-2013-6449)
+---
+ ssl/s3_lib.c |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
+index bf832bb..c4ef273 100644
+--- a/ssl/s3_lib.c
++++ b/ssl/s3_lib.c
+@@ -4286,7 +4286,7 @@ need to go to SSL_ST_ACCEPT.
+ long ssl_get_algorithm2(SSL *s)
+ 	{
+ 	long alg2 = s->s3->tmp.new_cipher->algorithm2;
+-	if (TLS1_get_version(s) >= TLS1_2_VERSION &&
++	if (s->method->version == TLS1_2_VERSION &&
+ 	    alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
+ 		return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
+ 	return alg2;
+-- 
+1.7.5.4
+

meta/recipes-connectivity/openssl/openssl-1.0.1e/CVE-2014-0160.patch

@@ -0,0 +1,118 @@
+From 96db9023b881d7cd9f379b0c154650d6c108e9a3 Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve@openssl.org>
+Date: Sun, 6 Apr 2014 00:51:06 +0100
+Subject: [PATCH] Add heartbeat extension bounds check.
+
+A missing bounds check in the handling of the TLS heartbeat extension
+can be used to reveal up to 64k of memory to a connected client or
+server.
+
+Thanks for Neel Mehta of Google Security for discovering this bug and to
+Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
+preparing the fix (CVE-2014-0160)
+
+Patch (tweaked version of upstream fix without CHANGES change) borrowed
+from Debian.
+
+Upstream-Status: Backport
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+---
+ ssl/d1_both.c | 26 ++++++++++++++++++--------
+ ssl/t1_lib.c  | 14 +++++++++-----
+ 3 files changed, 36 insertions(+), 13 deletions(-)
+
+diff --git a/ssl/d1_both.c b/ssl/d1_both.c
+index 7a5596a..2e8cf68 100644
+--- a/ssl/d1_both.c
++++ b/ssl/d1_both.c
+@@ -1459,26 +1459,36 @@ dtls1_process_heartbeat(SSL *s)
+ 	unsigned int payload;
+ 	unsigned int padding = 16; /* Use minimum padding */
+ 
+-	/* Read type and payload length first */
+-	hbtype = *p++;
+-	n2s(p, payload);
+-	pl = p;
+-
+ 	if (s->msg_callback)
+ 		s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
+ 			&s->s3->rrec.data[0], s->s3->rrec.length,
+ 			s, s->msg_callback_arg);
+ 
++	/* Read type and payload length first */
++	if (1 + 2 + 16 > s->s3->rrec.length)
++		return 0; /* silently discard */
++	hbtype = *p++;
++	n2s(p, payload);
++	if (1 + 2 + payload + 16 > s->s3->rrec.length)
++		return 0; /* silently discard per RFC 6520 sec. 4 */
++	pl = p;
++
+ 	if (hbtype == TLS1_HB_REQUEST)
+ 		{
+ 		unsigned char *buffer, *bp;
++		unsigned int write_length = 1 /* heartbeat type */ +
++					    2 /* heartbeat length */ +
++					    payload + padding;
+ 		int r;
+ 
++		if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
++			return 0;
++
+ 		/* Allocate memory for the response, size is 1 byte
+ 		 * message type, plus 2 bytes payload length, plus
+ 		 * payload, plus padding
+ 		 */
+-		buffer = OPENSSL_malloc(1 + 2 + payload + padding);
++		buffer = OPENSSL_malloc(write_length);
+ 		bp = buffer;
+ 
+ 		/* Enter response type, length and copy payload */
+@@ -1489,11 +1499,11 @@ dtls1_process_heartbeat(SSL *s)
+ 		/* Random padding */
+ 		RAND_pseudo_bytes(bp, padding);
+ 
+-		r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
++		r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length);
+ 
+ 		if (r >= 0 && s->msg_callback)
+ 			s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
+-				buffer, 3 + payload + padding,
++				buffer, write_length,
+ 				s, s->msg_callback_arg);
+ 
+ 		OPENSSL_free(buffer);
+diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
+index b82fada..bddffd9 100644
+--- a/ssl/t1_lib.c
++++ b/ssl/t1_lib.c
+@@ -2588,16 +2588,20 @@ tls1_process_heartbeat(SSL *s)
+ 	unsigned int payload;
+ 	unsigned int padding = 16; /* Use minimum padding */
+ 
+-	/* Read type and payload length first */
+-	hbtype = *p++;
+-	n2s(p, payload);
+-	pl = p;
+-
+ 	if (s->msg_callback)
+ 		s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
+ 			&s->s3->rrec.data[0], s->s3->rrec.length,
+ 			s, s->msg_callback_arg);
+ 
++	/* Read type and payload length first */
++	if (1 + 2 + 16 > s->s3->rrec.length)
++		return 0; /* silently discard */
++	hbtype = *p++;
++	n2s(p, payload);
++	if (1 + 2 + payload + 16 > s->s3->rrec.length)
++		return 0; /* silently discard per RFC 6520 sec. 4 */
++	pl = p;
++
+ 	if (hbtype == TLS1_HB_REQUEST)
+ 		{
+ 		unsigned char *buffer, *bp;
+-- 
+1.9.1
+

meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-CVE-2014-0198-fix.patch

@@ -0,0 +1,23 @@
+Upstream-Status: Backport
+
+Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1093837
+
+CVE-2014-0198: An attacker can trigger generation of an SSL
+alert which could cause a null pointer dereference.
+
+Signed-off-by: Maxin B. John <maxin.john@enea.com>
+---
+diff -Naur openssl-1.0.1g-orig/ssl/s3_pkt.c openssl-1.0.1g/ssl/s3_pkt.c
+--- openssl-1.0.1g-orig/ssl/s3_pkt.c	2014-03-17 17:14:20.000000000 +0100
++++ openssl-1.0.1g/ssl/s3_pkt.c	2014-05-06 02:32:43.862587660 +0200
+@@ -657,6 +657,10 @@
+ 		if (i <= 0)
+ 			return(i);
+ 		/* if it went, fall through and send more stuff */
++		/* we may have released our buffer, so get it again */
++		if (wb->buf == NULL)
++			if (!ssl3_setup_write_buffer(s))
++				return -1;
+ 		}
+ 
+ 	if (len == 0 && !create_empty_fragment)

meta/recipes-connectivity/openssl/openssl_1.0.1e.bb

@@ -6,7 +6,7 @@ DEPENDS += "ocf-linux"
 
 CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
 
-PR = "${INC_PR}.0"
+PR = "${INC_PR}.2"
 
 LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8"
 
@@ -32,6 +32,11 @@ SRC_URI += "file://configure-targets.patch \
             file://openssl-fix-doc.patch \
             file://fix-cipher-des-ede3-cfb1.patch \
             file://find.pl \
+            file://0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch \
+            file://0001-Fix-DTLS-retransmission-from-previous-session.patch \
+            file://0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch \
+            file://CVE-2014-0160.patch \
+            file://openssl-CVE-2014-0198-fix.patch \
            "
 
 SRC_URI[md5sum] = "66bf6f10f060d561929de96f9dfe5b8c"

meta/recipes-core/eglibc/eglibc-2.17/make-4.patch

@@ -0,0 +1,31 @@
+Accept make versions 4.0 and greater
+
+Backport of glibc 28d708c44bc47b56f6551ff285f78edcf61c208a.
+
+Upstream-Status: Backport
+Signed-off-by: Jonathan Liu <net147@gmail.com>
+
+diff -Nur libc.orig/configure libc/configure
+--- libc.orig/configure	2012-12-03 08:11:45.000000000 +1100
++++ libc/configure	2013-11-04 17:15:31.344984184 +1100
+@@ -4995,7 +4995,7 @@
+   ac_prog_version=`$MAKE --version 2>&1 | sed -n 's/^.*GNU Make[^0-9]*\([0-9][0-9.]*\).*$/\1/p'`
+   case $ac_prog_version in
+     '') ac_prog_version="v. ?.??, bad"; ac_verc_fail=yes;;
+-    3.79* | 3.[89]*)
++    3.79* | 3.[89]* | [4-9].* | [1-9][0-9]*)
+        ac_prog_version="$ac_prog_version, ok"; ac_verc_fail=no;;
+     *) ac_prog_version="$ac_prog_version, bad"; ac_verc_fail=yes;;
+ 
+diff -Nur libc.orig/configure.in libc/configure.in
+--- libc.orig/configure.in	2012-12-03 08:11:45.000000000 +1100
++++ libc/configure.in	2013-11-04 17:15:31.351650849 +1100
+@@ -958,7 +958,7 @@
+   critic_missing="$critic_missing gcc")
+ AC_CHECK_PROG_VER(MAKE, gnumake gmake make, --version,
+   [GNU Make[^0-9]*\([0-9][0-9.]*\)],
+-  [3.79* | 3.[89]*], critic_missing="$critic_missing make")
++  [3.79* | 3.[89]* | [4-9].* | [1-9][0-9]*], critic_missing="$critic_missing make")
+ 
+ AC_CHECK_PROG_VER(MSGFMT, gnumsgfmt gmsgfmt msgfmt, --version,
+   [GNU gettext.* \([0-9]*\.[0-9.]*\)],

meta/recipes-core/eglibc/eglibc_2.17.bb

@@ -28,6 +28,7 @@ SRC_URI = "http://downloads.yoctoproject.org/releases/eglibc/eglibc-${PV}-svnr22
            file://tzselect-awk.patch \
            file://0001-eglibc-run-libm-err-tab.pl-with-specific-dirs-in-S.patch \
            file://fix-tibetian-locales.patch \
+           file://make-4.patch \
            ${BACKPORTS} \
           "
 BACKPORTS = "\

meta/recipes-core/images/build-appliance-image.bb

@@ -19,7 +19,7 @@ IMAGE_FSTYPES = "vmdk"
 
 inherit core-image
 
-SRCREV ?= "465a8605191e39be443fe999619a034ae49889d8"
+SRCREV ?= "5b12a3441b859b3b12bb1e7b61acf97a1cfa8c08"
 SRC_URI = "git://git.yoctoproject.org/poky;protocol=git \
            file://Yocto_Build_Appliance.vmx \
            file://Yocto_Build_Appliance.vmxf \