bitbake: bitbake-user-manual: Fixed porno hack for hello world example

Someone hacked the http://hambedded site or it was moved and some links to that site in the BB manual had been hijacked to point to an entry portal for a pornography site. Replaced the link with an archived version that restores the integrity of the links. (Bitbake rev: daa0aa05a04d8d20473a05b5b5878610e40ef820) Signed-off-by: Scott Rifenbark <srifenbark@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
init-install-efi.sh: Avoid /mnt/mtab creation if already present
2026-02-01 22:38:42 +01:00 · 2018-01-17 22:33:30 +00:00 · 2016-07-11 23:10:10 +01:00 · 2016-03-21 15:48:47 +00:00 · 2016-03-21 15:48:47 +00:00 · 2016-03-21 15:48:47 +00:00
287 changed files with 14345 additions and 875 deletions
--- a/bitbake/bin/bitbake
+++ b/bitbake/bin/bitbake
@@ -263,6 +263,7 @@ def start_server(servermodule, configParams, configuration, features):
                logger.handle(event)
        raise exc_info[1], None, exc_info[2]
    server.detach()
+    cooker.lock.close()
    return server


--- a/bitbake/bin/bitbake-worker
+++ b/bitbake/bin/bitbake-worker
@@ -156,8 +156,11 @@ def fork_off_task(cfg, data, workerdata, fn, task, taskname, appends, taskdepdat
            bb.event.worker_fire = worker_child_fire
            worker_pipe = pipeout

-            # Make the child the process group leader
-            os.setpgid(0, 0)
+            # Make the child the process group leader and ensure no
+            # child process will be controlled by the current terminal
+            # This ensures signals sent to the controlling terminal like Ctrl+C
+            # don't stop the child processes.
+            os.setsid()
            # No stdin
            newsi = os.open(os.devnull, os.O_RDWR)
            os.dup2(newsi, sys.stdin.fileno())
--- a/bitbake/doc/bitbake-user-manual/bitbake-user-manual-hello.xml
+++ b/bitbake/doc/bitbake-user-manual/bitbake-user-manual-hello.xml
@@ -135,7 +135,7 @@
                    <ulink url="http://www.mail-archive.com/yocto@yoctoproject.org/msg09379.html">Mailing List post - The BitBake equivalent of "Hello, World!"</ulink>
                    </para></listitem>
                <listitem><para>
-                    <ulink url="http://hambedded.org/blog/2012/11/24/from-bitbake-hello-world-to-an-image/">Hambedded Linux blog post - From Bitbake Hello World to an Image</ulink>
+                    <ulink url="https://web.archive.org/web/20150325165911/http://hambedded.org/blog/2012/11/24/from-bitbake-hello-world-to-an-image/">Hambedded Linux blog post - From Bitbake Hello World to an Image</ulink>
                    </para></listitem>
            </itemizedlist>
        </note>
@@ -270,7 +270,7 @@
                and define some key BitBake variables.
                For more information on the <filename>bitbake.conf</filename>,
                see
-                <ulink url='http://hambedded.org/blog/2012/11/24/from-bitbake-hello-world-to-an-image/#an-overview-of-bitbakeconf'></ulink>
+                <ulink url='https://web.archive.org/web/20150325165911/http://hambedded.org/blog/2012/11/24/from-bitbake-hello-world-to-an-image/#an-overview-of-bitbakeconf'></ulink>
                </para>
                <para>Use the following commands to create the <filename>conf</filename>
                directory in the project directory:
@@ -355,7 +355,7 @@ ERROR: Unable to parse base: ParseError in configuration INHERITs: Could not inh
                supporting.
                For more information on the <filename>base.bbclass</filename> file,
                you can look at
-                <ulink url='http://hambedded.org/blog/2012/11/24/from-bitbake-hello-world-to-an-image/#tasks'></ulink>.
+                <ulink url='https://web.archive.org/web/20150325165911/http://hambedded.org/blog/2012/11/24/from-bitbake-hello-world-to-an-image/#tasks'></ulink>.
                </para></listitem>
            <listitem><para><emphasis>Run Bitbake:</emphasis>
                After making sure that the <filename>classes/base.bbclass</filename>
@@ -377,7 +377,7 @@ ERROR: Unable to parse base: ParseError in configuration INHERITs: Could not inh
                Thus, this example creates and uses a layer called "mylayer".
                <note>
                    You can find additional information on adding a layer at
-                    <ulink url='http://hambedded.org/blog/2012/11/24/from-bitbake-hello-world-to-an-image/#adding-an-example-layer'></ulink>.
+                    <ulink url='https://web.archive.org/web/20150325165911/http://hambedded.org/blog/2012/11/24/from-bitbake-hello-world-to-an-image/#adding-an-example-layer'></ulink>.
                </note>
                </para>
                <para>Minimally, you need a recipe file and a layer configuration
--- a/bitbake/lib/bb/cache.py
+++ b/bitbake/lib/bb/cache.py
@@ -43,7 +43,7 @@ except ImportError:
    logger.info("Importing cPickle failed. "
                "Falling back to a very slow implementation.")

-__cache_version__ = "147"
+__cache_version__ = "148"

 def getCacheFile(path, filename, data_hash):
    return os.path.join(path, filename + "." + data_hash)
@@ -529,8 +529,11 @@ class Cache(object):
        if hasattr(info_array[0], 'file_checksums'):
            for _, fl in info_array[0].file_checksums.items():
                for f in fl.split():
-                    if not ('*' in f or os.path.exists(f)):
-                        logger.debug(2, "Cache: %s's file checksum list file %s was removed",
+                    if "*" in f:
+                        continue
+                    f, exist = f.split(":")
+                    if (exist == "True" and not os.path.exists(f)) or (exist == "False" and os.path.exists(f)):
+                        logger.debug(2, "Cache: %s's file checksum list file %s changed",
                                        fn, f)
                        self.remove(fn)
                        return False
@@ -620,10 +623,13 @@ class Cache(object):
    def mtime(cachefile):
        return bb.parse.cached_mtime_noerror(cachefile)

-    def add_info(self, filename, info_array, cacheData, parsed=None):
+    def add_info(self, filename, info_array, cacheData, parsed=None, watcher=None):
        if isinstance(info_array[0], CoreRecipeInfo) and (not info_array[0].skipped):
            cacheData.add_from_recipeinfo(filename, info_array)

+            if watcher:
+                watcher(info_array[0].file_depends)
+
        if not self.has_cache:
            return

--- a/bitbake/lib/bb/cooker.py
+++ b/bitbake/lib/bb/cooker.py
@@ -38,7 +38,10 @@ import bb, bb.exceptions, bb.command
 from bb import utils, data, parse, event, cache, providers, taskdata, runqueue
 import Queue
 import signal
+import subprocess
+import errno
 import prserv.serv
+import pyinotify

 logger      = logging.getLogger("BitBake")
 collectlog  = logging.getLogger("BitBake.Collection")
@@ -120,8 +123,34 @@ class BBCooker:

        self.configuration = configuration

+        self.configwatcher = pyinotify.WatchManager()
+        self.configwatcher.bbseen = []
+        self.confignotifier = pyinotify.Notifier(self.configwatcher, self.config_notifications)
+        self.watchmask = pyinotify.IN_CLOSE_WRITE | pyinotify.IN_CREATE | pyinotify.IN_DELETE | \
+                         pyinotify.IN_DELETE_SELF | pyinotify.IN_MODIFY | pyinotify.IN_MOVE_SELF | \
+                         pyinotify.IN_MOVED_FROM | pyinotify.IN_MOVED_TO 
+        self.watcher = pyinotify.WatchManager()
+        self.watcher.bbseen = []
+        self.notifier = pyinotify.Notifier(self.watcher, self.notifications)
+
+
        self.initConfigurationData()

+        self.inotify_modified_files = []
+
+        def _process_inotify_updates(server, notifier_list, abort):
+            for n in notifier_list:
+                if n.check_events(timeout=0):
+                    # read notified events and enqeue them
+                    n.read_events()
+                    n.process_events()
+            return 1.0
+
+        self.configuration.server_register_idlecallback(_process_inotify_updates, [self.confignotifier, self.notifier])
+
+        self.baseconfig_valid = True
+        self.parsecache_valid = False
+
        # Take a lock so only one copy of bitbake can run against a given build
        # directory at a time
        lockfile = self.data.expand("${TOPDIR}/bitbake.lock")
@@ -156,6 +185,38 @@ class BBCooker:
        # Let SIGHUP exit as SIGTERM
        signal.signal(signal.SIGHUP, self.sigterm_exception)

+    def config_notifications(self, event):
+        if not event.path in self.inotify_modified_files:
+            self.inotify_modified_files.append(event.path)
+        self.baseconfig_valid = False
+
+    def notifications(self, event):
+        if not event.path in self.inotify_modified_files:
+            self.inotify_modified_files.append(event.path)
+        self.parsecache_valid = False
+
+    def add_filewatch(self, deps, watcher=None):
+        if not watcher:
+            watcher = self.watcher
+        for i in deps:
+            f = i[0]
+            if f in watcher.bbseen:
+                continue
+            watcher.bbseen.append(f)
+            while True:
+                # We try and add watches for files that don't exist but if they did, would influence
+                # the parser. The parent directory of these files may not exist, in which case we need 
+                # to watch any parent that does exist for changes.
+                try:
+                    watcher.add_watch(f, self.watchmask, quiet=False)
+                    break
+                except pyinotify.WatchManagerError as e:
+                    if 'ENOENT' in str(e):
+                        f = os.path.dirname(f)
+                        watcher.bbseen.append(f)
+                        continue
+                    raise
+
    def sigterm_exception(self, signum, stackframe):
        if signum == signal.SIGTERM:
            bb.warn("Cooker recieved SIGTERM, shutting down...")
@@ -1286,12 +1347,25 @@ class BBCooker:
        if self.state == state.running:
            return

-        if self.state in (state.shutdown, state.forceshutdown):
+        if self.state in (state.shutdown, state.forceshutdown, state.error):
            if hasattr(self.parser, 'shutdown'):
                self.parser.shutdown(clean=False, force = True)
            raise bb.BBHandledException()

        if self.state != state.parsing:
+
+            # reload files for which we got notifications
+            for p in self.inotify_modified_files:
+                bb.parse.update_cache(p)
+            self.inotify_modified_files = []
+
+            if not self.baseconfig_valid:
+                logger.debug(1, "Reloading base configuration data")
+                self.initConfigurationData()
+                self.baseconfig_valid = True
+                self.parsecache_valid = False
+
+        if self.state != state.parsing and not self.parsecache_valid:
            self.parseConfiguration ()
            if CookerFeatures.SEND_SANITYEVENTS in self.featureset:
                bb.event.fire(bb.event.SanityCheck(False), self.data)
@@ -1306,9 +1380,12 @@ class BBCooker:
            (filelist, masked) = self.collection.collect_bbfiles(self.data, self.event_data)

            self.data.renameVar("__depends", "__base_depends")
+            self.add_filewatch(self.data.getVar("__base_depends"), self.configwatcher)

            self.parser = CookerParser(self, filelist, masked)
-            self.state = state.parsing
+            self.parsecache_valid = True
+
+        self.state = state.parsing

        if not self.parser.parse_next():
            collectlog.debug(1, "parsing complete")
@@ -1367,6 +1444,33 @@ class BBCooker:
    def post_serve(self):
        prserv.serv.auto_shutdown(self.data)
        bb.event.fire(CookerExit(), self.event_data)
+        lockfile = self.lock.name
+        self.lock.close()
+        self.lock = None
+
+        while not self.lock:
+            with bb.utils.timeout(3):
+                self.lock = bb.utils.lockfile(lockfile, shared=False, retry=False, block=True)
+                if not self.lock:
+                    # Some systems may not have lsof available
+                    procs = None
+                    try:
+                        procs = subprocess.check_output(["lsof", '-w', lockfile], stderr=subprocess.STDOUT)
+                    except OSError as e:
+                        if e.errno != errno.ENOENT:
+                            raise
+                    if procs is None:
+                        # Fall back to fuser if lsof is unavailable
+                        try:
+                            procs = subprocess.check_output(["fuser", '-v', lockfile], stderr=subprocess.STDOUT)
+                        except OSError as e:
+                            if e.errno != errno.ENOENT:
+                                raise
+
+                    msg = "Delaying shutdown due to active processes which appear to be holding bitbake.lock"
+                    if procs:
+                        msg += ":\n%s" % str(procs)
+                    print(msg)

    def shutdown(self, force = False):
        if force:
@@ -1415,6 +1519,7 @@ class CookerExit(bb.event.Event):
 class CookerCollectFiles(object):
    def __init__(self, priorities):
        self.appendlist = {}
+        self.bbappends = []
        self.appliedappendlist = []
        self.bbfile_config_priorities = priorities

@@ -1509,6 +1614,7 @@ class CookerCollectFiles(object):
        # Build a list of .bbappend files for each .bb file
        for f in bbappend:
            base = os.path.basename(f).replace('.bbappend', '.bb')
+            self.bbappends.append((base, f))
            if not base in self.appendlist:
               self.appendlist[base] = []
            if f not in self.appendlist[base]:
@@ -1534,11 +1640,11 @@ class CookerCollectFiles(object):
        """
        filelist = []
        f = os.path.basename(fn)
-        for bbappend in self.appendlist:
+        for b in self.bbappends:
+            (bbappend, filename) = b
            if (bbappend == f) or ('%' in bbappend and bbappend.startswith(f[:bbappend.index('%')])):
                self.appliedappendlist.append(bbappend)
-                for filename in self.appendlist[bbappend]:
-                    filelist.append(filename)
+                filelist.append(filename)
        return filelist

    def collection_priorities(self, pkgfns):
@@ -1558,10 +1664,10 @@ class CookerCollectFiles(object):
                unmatched.add(regex)

        def findmatch(regex):
-            for bbfile in self.appendlist:
-                for append in self.appendlist[bbfile]:
-                    if regex.match(append):
-                        return True
+            for b in self.bbappends:
+                (bbfile, append) = b
+                if regex.match(append):
+                    return True
            return False

        for unmatch in unmatched.copy():
@@ -1870,7 +1976,7 @@ class CookerParser(object):
                self.skipped += 1
                self.cooker.skiplist[virtualfn] = SkippedPackage(info_array[0])
            self.bb_cache.add_info(virtualfn, info_array, self.cooker.recipecache,
-                                        parsed=parsed)
+                                        parsed=parsed, watcher = self.cooker.add_filewatch)
        return True

    def reparse(self, filename):
--- a/bitbake/lib/bb/data.py
+++ b/bitbake/lib/bb/data.py
@@ -238,6 +238,7 @@ def emit_var(var, o=sys.__stdout__, d = init(), all=False):
    # to a shell, we need to escape the quotes in the var
    alter = re.sub('"', '\\"', val)
    alter = re.sub('\n', ' \\\n', alter)
+    alter = re.sub('\\$', '\\\\$', alter)
    o.write('%s="%s"\n' % (varExpanded, alter))
    return 0

--- a/bitbake/lib/bb/data_smart.py
+++ b/bitbake/lib/bb/data_smart.py
@@ -616,7 +616,8 @@ class DataSmart(MutableMapping):
                cachename = var + "[" + flag + "]"
            value = self.expand(value, cachename)
        if value and flag == "_content" and local_var is not None and "_removeactive" in local_var:
-            removes = [self.expand(r) for r in local_var["_removeactive"]]
+            removes = [self.expand(r).split()  for r in local_var["_removeactive"]]
+            removes = reduce(lambda a, b: a+b, removes, [])
            filtered = filter(lambda v: v not in removes,
                              value.split())
            value = " ".join(filtered)
--- a/bitbake/lib/bb/fetch2/init.py
+++ b/bitbake/lib/bb/fetch2/init.py
@@ -936,22 +936,21 @@ def get_checksum_file_list(d):
        ud = fetch.ud[u]

        if ud and isinstance(ud.method, local.Local):
-            ud.setup_localpath(d)
-            f = ud.localpath
-            pth = ud.decodedurl
-            if '*' in pth:
-                f = os.path.join(os.path.abspath(f), pth)
-            if f.startswith(dl_dir):
-                # The local fetcher's behaviour is to return a path under DL_DIR if it couldn't find the file anywhere else
-                if os.path.exists(f):
-                    bb.warn("Getting checksum for %s SRC_URI entry %s: file not found except in DL_DIR" % (d.getVar('PN', True), os.path.basename(f)))
-                else:
-                    bb.warn("Unable to get checksum for %s SRC_URI entry %s: file could not be found" % (d.getVar('PN', True), os.path.basename(f)))
-            filelist.append(f)
+            paths = ud.method.localpaths(ud, d)
+            for f in paths:
+                pth = ud.decodedurl
+                if '*' in pth:
+                    f = os.path.join(os.path.abspath(f), pth)
+                if f.startswith(dl_dir):
+                    # The local fetcher's behaviour is to return a path under DL_DIR if it couldn't find the file anywhere else
+                    if os.path.exists(f):
+                        bb.warn("Getting checksum for %s SRC_URI entry %s: file not found except in DL_DIR" % (d.getVar('PN', True), os.path.basename(f)))
+                    else:
+                        bb.warn("Unable to get checksum for %s SRC_URI entry %s: file could not be found" % (d.getVar('PN', True), os.path.basename(f)))
+                filelist.append(f + ":" + str(os.path.exists(f)))

    return " ".join(filelist)

-
 def get_file_checksums(filelist, pn):
    """Get a list of the checksums for a list of local files

@@ -981,6 +980,10 @@ def get_file_checksums(filelist, pn):

    checksums = []
    for pth in filelist.split():
+        exist = pth.split(":")[1]
+        if exist == "False":
+            continue
+        pth = pth.split(":")[0]
        if '*' in pth:
            # Handle globs
            for f in glob.glob(pth):
@@ -988,14 +991,12 @@ def get_file_checksums(filelist, pn):
                    checksums.extend(checksum_dir(f))
                else:
                    checksum = checksum_file(f)
-                    if checksum:
-                        checksums.append((f, checksum))
+                    checksums.append((f, checksum))
        elif os.path.isdir(pth):
            checksums.extend(checksum_dir(pth))
        else:
            checksum = checksum_file(pth)
-            if checksum:
-                checksums.append((pth, checksum))
+            checksums.append((pth, checksum))

    checksums.sort(key=operator.itemgetter(1))
    return checksums
--- a/bitbake/lib/bb/fetch2/git.py
+++ b/bitbake/lib/bb/fetch2/git.py
@@ -245,7 +245,7 @@ class Git(FetchMethod):
        subdir = ud.parm.get("subpath", "")
        if subdir != "":
            readpathspec = ":%s" % (subdir)
-            def_destsuffix = "%s/" % os.path.basename(subdir)
+            def_destsuffix = "%s/" % os.path.basename(subdir.rstrip('/'))
        else:
            readpathspec = ""
            def_destsuffix = "git/"
--- a/bitbake/lib/bb/fetch2/local.py
+++ b/bitbake/lib/bb/fetch2/local.py
@@ -51,29 +51,41 @@ class Local(FetchMethod):
        """
        Return the local filename of a given url assuming a successful fetch.
        """
+        return self.localpaths(urldata, d)[-1]
+
+    def localpaths(self, urldata, d):
+        """
+        Return the local filename of a given url assuming a successful fetch.
+        """
+        searched = []
        path = urldata.decodedurl
        newpath = path
-        if path[0] != "/":
-            filespath = data.getVar('FILESPATH', d, True)
-            if filespath:
-                logger.debug(2, "Searching for %s in paths:\n    %s" % (path, "\n    ".join(filespath.split(":"))))
-                newpath = bb.utils.which(filespath, path)
-            if not newpath:
-                filesdir = data.getVar('FILESDIR', d, True)
-                if filesdir:
-                    logger.debug(2, "Searching for %s in path: %s" % (path, filesdir))
-                    newpath = os.path.join(filesdir, path)
-            if (not newpath or not os.path.exists(newpath)) and path.find("*") != -1:
-                # For expressions using '*', best we can do is take the first directory in FILESPATH that exists
-                newpath = bb.utils.which(filespath, ".")
-                logger.debug(2, "Searching for %s in path: %s" % (path, newpath))
-                return newpath
-            if not os.path.exists(newpath):
-                dldirfile = os.path.join(d.getVar("DL_DIR", True), path)
-                logger.debug(2, "Defaulting to %s for %s" % (dldirfile, path))
-                bb.utils.mkdirhier(os.path.dirname(dldirfile))
-                return dldirfile
-        return newpath
+        if path[0] == "/":
+            return [path]
+        filespath = data.getVar('FILESPATH', d, True)
+        if filespath:
+            logger.debug(2, "Searching for %s in paths:\n    %s" % (path, "\n    ".join(filespath.split(":"))))
+            newpath, hist = bb.utils.which(filespath, path, history=True)
+            searched.extend(hist)
+        if not newpath:
+            filesdir = data.getVar('FILESDIR', d, True)
+            if filesdir:
+                logger.debug(2, "Searching for %s in path: %s" % (path, filesdir))
+                newpath = os.path.join(filesdir, path)
+                searched.append(newpath)
+        if (not newpath or not os.path.exists(newpath)) and path.find("*") != -1:
+            # For expressions using '*', best we can do is take the first directory in FILESPATH that exists
+            newpath, hist = bb.utils.which(filespath, ".", history=True)
+            searched.extend(hist)
+            logger.debug(2, "Searching for %s in path: %s" % (path, newpath))
+            return searched
+        if not os.path.exists(newpath):
+            dldirfile = os.path.join(d.getVar("DL_DIR", True), path)
+            logger.debug(2, "Defaulting to %s for %s" % (dldirfile, path))
+            bb.utils.mkdirhier(os.path.dirname(dldirfile))
+            searched.append(dldirfile)
+            return searched
+        return searched

    def need_update(self, ud, d):
        if ud.url.find("*") != -1:
--- a/bitbake/lib/bb/parse/init.py
+++ b/bitbake/lib/bb/parse/init.py
@@ -73,6 +73,11 @@ def update_mtime(f):
    __mtime_cache[f] = os.stat(f)[stat.ST_MTIME]
    return __mtime_cache[f]

+def update_cache(f):
+    if f in __mtime_cache:
+        logger.debug(1, "Updating mtime cache for %s" % f)
+        update_mtime(f)
+
 def mark_dependency(d, f):
    if f.startswith('./'):
        f = "%s/%s" % (os.getcwd(), f[2:])
--- a/bitbake/lib/bb/parse/ast.py
+++ b/bitbake/lib/bb/parse/ast.py
@@ -226,6 +226,8 @@ class ExportFuncsNode(AstNode):
            if data.getVarFlag(calledfunc, "python"):
                data.setVar(func, "    bb.build.exec_func('" + calledfunc + "', d)\n")
            else:
+                if "-" in self.classname:
+                   bb.fatal("The classname %s contains a dash character and is calling an sh function %s using EXPORT_FUNCTIONS. Since a dash is illegal in sh function names, this cannot work, please rename the class or don't use EXPORT_FUNCTIONS." % (self.classname, calledfunc))
                data.setVar(func, "    " + calledfunc + "\n")
            data.setVarFlag(func, 'export_func', '1')

--- a/bitbake/lib/bb/runqueue.py
+++ b/bitbake/lib/bb/runqueue.py
@@ -1242,6 +1242,8 @@ class RunQueue:
                prevh = __find_md5__.search(latestmatch).group(0)
                output = bb.siggen.compare_sigfiles(latestmatch, match, recursecb)
                bb.plain("\nTask %s:%s couldn't be used from the cache because:\n  We need hash %s, closest matching task was %s\n  " % (pn, taskname, h, prevh) + '\n  '.join(output))
+            else:
+                bb.plain("Error, can't find multiple tasks at divergence point? Was there a previously run task?")

 class RunQueueExecute:

--- a/bitbake/lib/bb/server/process.py
+++ b/bitbake/lib/bb/server/process.py
@@ -135,6 +135,9 @@ class ProcessServer(Process, BaseImplServer):
                    nextsleep = None
                elif retval is True:
                    nextsleep = None
+                elif isinstance(retval, float):
+                    if (retval < nextsleep):
+                        nextsleep = retval
                elif nextsleep is None:
                    continue
                else:
--- a/bitbake/lib/bb/server/xmlrpc.py
+++ b/bitbake/lib/bb/server/xmlrpc.py
@@ -241,6 +241,9 @@ class XMLRPCServer(SimpleXMLRPCServer, BaseImplServer):
                        del self._idlefuns[function]
                    elif retval is True:
                        nextsleep = 0
+                    elif isinstance(retval, float):
+                        if (retval < nextsleep):
+                            nextsleep = retval
                    else:
                        fds = fds + retval
                except SystemExit:
--- a/bitbake/lib/bb/siggen.py
+++ b/bitbake/lib/bb/siggen.py
@@ -62,6 +62,13 @@ class SignatureGenerator(object):
    def dump_sigs(self, dataCache, options):
        return

+    def get_taskdata(self):
+       return (self.runtaskdeps, self.taskhash, self.file_checksum_values)
+
+    def set_taskdata(self, data):
+        self.runtaskdeps, self.taskhash, self.file_checksum_values = data
+
+
 class SignatureGeneratorBasic(SignatureGenerator):
    """
    """
@@ -185,7 +192,8 @@ class SignatureGeneratorBasic(SignatureGenerator):
            checksums = bb.fetch2.get_file_checksums(dataCache.file_checksums[fn][task], recipename)
            for (f,cs) in checksums:
                self.file_checksum_values[k][f] = cs
-                data = data + cs
+                if cs:
+                    data = data + cs

        taint = self.read_taint(fn, task, dataCache.stamp[fn])
        if taint:
@@ -197,12 +205,6 @@ class SignatureGeneratorBasic(SignatureGenerator):
        #d.setVar("BB_TASKHASH_task-%s" % task, taskhash[task])
        return h

-    def get_taskdata(self):
-       return (self.runtaskdeps, self.taskhash, self.file_checksum_values)
-
-    def set_taskdata(self, data):
-        self.runtaskdeps, self.taskhash, self.file_checksum_values = data
-
    def dump_sigtask(self, fn, task, stampbase, runtime):
        k = fn + "." + task
        if runtime == "customfile":
--- a/bitbake/lib/bb/tests/data.py
+++ b/bitbake/lib/bb/tests/data.py
@@ -266,6 +266,13 @@ class TestConcatOverride(unittest.TestCase):
        bb.data.update_data(self.d)
        self.assertEqual(self.d.getVar("TEST", True), "Y")

+    def test_remove_expansion_items(self):
+        self.d.setVar("TEST", "A B C D")
+        self.d.setVar("BAR", "B D")
+        self.d.setVar("TEST_remove", "${BAR}")
+        bb.data.update_data(self.d)
+        self.assertEqual(self.d.getVar("TEST", True), "A C")
+
 class TestOverrides(unittest.TestCase):
    def setUp(self):
        self.d = bb.data.init()
--- a/bitbake/lib/bb/tests/utils.py
+++ b/bitbake/lib/bb/tests/utils.py
@@ -21,6 +21,7 @@

 import unittest
 import bb
+import os

 class VerCmpString(unittest.TestCase):

@@ -51,3 +52,52 @@ class VerCmpString(unittest.TestCase):
        result = bb.utils.explode_dep_versions2("foo ( =1.10 )")
        self.assertEqual(result, correctresult)

+    def test_vercmp_string_op(self):
+        compareops = [('1', '1', '=', True),
+                      ('1', '1', '==', True),
+                      ('1', '1', '!=', False),
+                      ('1', '1', '>', False),
+                      ('1', '1', '<', False),
+                      ('1', '1', '>=', True),
+                      ('1', '1', '<=', True),
+                      ('1', '0', '=', False),
+                      ('1', '0', '==', False),
+                      ('1', '0', '!=', True),
+                      ('1', '0', '>', True),
+                      ('1', '0', '<', False),
+                      ('1', '0', '>>', True),
+                      ('1', '0', '<<', False),
+                      ('1', '0', '>=', True),
+                      ('1', '0', '<=', False),
+                      ('0', '1', '=', False),
+                      ('0', '1', '==', False),
+                      ('0', '1', '!=', True),
+                      ('0', '1', '>', False),
+                      ('0', '1', '<', True),
+                      ('0', '1', '>>', False),
+                      ('0', '1', '<<', True),
+                      ('0', '1', '>=', False),
+                      ('0', '1', '<=', True)]
+
+        for arg1, arg2, op, correctresult in compareops:
+            result = bb.utils.vercmp_string_op(arg1, arg2, op)
+            self.assertEqual(result, correctresult, 'vercmp_string_op("%s", "%s", "%s") != %s' % (arg1, arg2, op, correctresult))
+
+        # Check that clearly invalid operator raises an exception
+        self.assertRaises(bb.utils.VersionStringException, bb.utils.vercmp_string_op, '0', '0', '$')
+
+
+class Path(unittest.TestCase):
+    def test_unsafe_delete_path(self):
+        checkitems = [('/', True),
+                      ('//', True),
+                      ('///', True),
+                      (os.getcwd().count(os.sep) * ('..' + os.sep), True),
+                      (os.environ.get('HOME', '/home/test'), True),
+                      ('/home/someone', True),
+                      ('/home/other/', True),
+                      ('/home/other/subdir', False),
+                      ('', False)]
+        for arg1, correctresult in checkitems:
+            result = bb.utils._check_unsafe_delete_path(arg1)
+            self.assertEqual(result, correctresult, '_check_unsafe_delete_path("%s") != %s' % (arg1, correctresult))
--- a/bitbake/lib/bb/tinfoil.py
+++ b/bitbake/lib/bb/tinfoil.py
@@ -84,6 +84,11 @@ class Tinfoil:
            else:
                self.parseRecipes()

+    def shutdown(self):
+        self.cooker.shutdown(force=True)
+        self.cooker.post_serve()
+        self.cooker.unlockBitbake()
+
 class TinfoilConfigParameters(ConfigParameters):

    def __init__(self, **options):
--- a/bitbake/lib/bb/ui/knotty.py
+++ b/bitbake/lib/bb/ui/knotty.py
@@ -536,24 +536,29 @@ def main(server, eventHandler, params, tf = TerminalFilter):
            if not params.observe_only:
                _, error = server.runCommand(["stateForceShutdown"])
            main.shutdown = 2
-    summary = ""
-    if taskfailures:
-        summary += pluralise("\nSummary: %s task failed:",
-                             "\nSummary: %s tasks failed:", len(taskfailures))
-        for failure in taskfailures:
-            summary += "\n  %s" % failure
-    if warnings:
-        summary += pluralise("\nSummary: There was %s WARNING message shown.",
-                             "\nSummary: There were %s WARNING messages shown.", warnings)
-    if return_value and errors:
-        summary += pluralise("\nSummary: There was %s ERROR message shown, returning a non-zero exit code.",
-                             "\nSummary: There were %s ERROR messages shown, returning a non-zero exit code.", errors)
-    if summary:
-        print(summary)
+    try:
+        summary = ""
+        if taskfailures:
+            summary += pluralise("\nSummary: %s task failed:",
+                                 "\nSummary: %s tasks failed:", len(taskfailures))
+            for failure in taskfailures:
+                summary += "\n  %s" % failure
+        if warnings:
+            summary += pluralise("\nSummary: There was %s WARNING message shown.",
+                                 "\nSummary: There were %s WARNING messages shown.", warnings)
+        if return_value and errors:
+            summary += pluralise("\nSummary: There was %s ERROR message shown, returning a non-zero exit code.",
+                                 "\nSummary: There were %s ERROR messages shown, returning a non-zero exit code.", errors)
+        if summary:
+            print(summary)

-    if interrupted:
-        print("Execution was interrupted, returning a non-zero exit code.")
-        if return_value == 0:
-            return_value = 1
+        if interrupted:
+            print("Execution was interrupted, returning a non-zero exit code.")
+            if return_value == 0:
+                return_value = 1
+    except IOError as e:
+        import errno
+        if e.errno == errno.EPIPE:
+            pass

    return return_value
--- a/bitbake/lib/bb/utils.py
+++ b/bitbake/lib/bb/utils.py
@@ -31,6 +31,7 @@ import subprocess
 import glob
 import traceback
 import errno
+import signal
 from commands import getstatusoutput
 from contextlib import contextmanager

@@ -386,10 +387,30 @@ def fileslocked(files):
    for lock in locks:
        bb.utils.unlockfile(lock)

-def lockfile(name, shared=False, retry=True):
+@contextmanager
+def timeout(seconds):
+    def timeout_handler(signum, frame):
+        pass
+
+    original_handler = signal.signal(signal.SIGALRM, timeout_handler)
+
+    try:
+        signal.alarm(seconds)
+        yield
+    finally:
+        signal.alarm(0)
+        signal.signal(signal.SIGALRM, original_handler)
+
+def lockfile(name, shared=False, retry=True, block=False):
    """
-    Use the file fn as a lock file, return when the lock has been acquired.
-    Returns a variable to pass to unlockfile().
+    Use the specified file as a lock file, return when the lock has
+    been acquired. Returns a variable to pass to unlockfile().
+    Parameters:
+        retry: True to re-try locking if it fails, False otherwise
+        block: True to block until the lock succeeds, False otherwise
+    The retry and block parameters are kind of equivalent unless you
+    consider the possibility of sending a signal to the process to break
+    out - at which point you want block=True rather than retry=True.
    """
    dirname = os.path.dirname(name)
    mkdirhier(dirname)
@@ -402,7 +423,7 @@ def lockfile(name, shared=False, retry=True):
    op = fcntl.LOCK_EX
    if shared:
        op = fcntl.LOCK_SH
-    if not retry:
+    if not retry and not block:
        op = op | fcntl.LOCK_NB

    while True:
@@ -575,11 +596,30 @@ def build_environment(d):
        if export:
            os.environ[var] = d.getVar(var, True) or ""

+def _check_unsafe_delete_path(path):
+    """
+    Basic safeguard against recursively deleting something we shouldn't. If it returns True,
+    the caller should raise an exception with an appropriate message.
+    NOTE: This is NOT meant to be a security mechanism - just a guard against silly mistakes
+    with potentially disastrous results.
+    """
+    extra = ''
+    # HOME might not be /home/something, so in case we can get it, check against it
+    homedir = os.environ.get('HOME', '')
+    if homedir:
+        extra = '|%s' % homedir
+    if re.match('(/|//|/home|/home/[^/]*%s)$' % extra, os.path.abspath(path)):
+        return True
+    return False
+
 def remove(path, recurse=False):
    """Equivalent to rm -f or rm -rf"""
    if not path:
        return
    if recurse:
+        for name in glob.glob(path):
+            if _check_unsafe_delete_path(path):
+                raise Exception('bb.utils.remove: called with dangerous path "%s" and recurse=True, refusing to delete!' % path)
        # shutil.rmtree(name) would be ideal but its too slow
        subprocess.call(['rm', '-rf'] + glob.glob(path))
        return
@@ -593,6 +633,8 @@ def remove(path, recurse=False):
 def prunedir(topdir):
    # Delete everything reachable from the directory named in 'topdir'.
    # CAUTION:  This is dangerous!
+    if _check_unsafe_delete_path(topdir):
+        raise Exception('bb.utils.prunedir: called with dangerous path "%s", refusing to delete!' % topdir)
    for root, dirs, files in os.walk(topdir, topdown = False):
        for name in files:
            os.remove(os.path.join(root, name))
--- a/bitbake/lib/prserv/serv.py
+++ b/bitbake/lib/prserv/serv.py
@@ -77,12 +77,15 @@ class PRServer(SimpleXMLRPCServer):

        """
        iter_count = 1
-        # With 60 iterations between syncs and a 0.5 second timeout between
-        # iterations, this will sync if dirty every ~30 seconds.
+        # 60 iterations between syncs or sync if dirty every ~30 seconds
        iterations_between_sync = 60

-        while True:
-            (request, client_address) = self.requestqueue.get()
+        while not self.quit:
+            try:
+                (request, client_address) = self.requestqueue.get(True, 30)
+            except Queue.Empty:
+                self.table.sync_if_dirty()
+                continue
            try:
                self.finish_request(request, client_address)
                self.shutdown_request(request)
@@ -93,6 +96,7 @@ class PRServer(SimpleXMLRPCServer):
                self.handle_error(request, client_address)
                self.shutdown_request(request)
                self.table.sync()
+            self.table.sync_if_dirty()

    def process_request(self, request, client_address):
        self.requestqueue.put((request, client_address))
@@ -137,7 +141,7 @@ class PRServer(SimpleXMLRPCServer):
        self.handlerthread.start()
        while not self.quit:
            self.handle_request()
-
+        self.handlerthread.join()
        self.table.sync()
        logger.info("PRServer: stopping...")
        self.server_close()
--- a/bitbake/lib/pyinotify.py
+++ b/bitbake/lib/pyinotify.py
--- a/documentation/adt-manual/adt-manual-customization.xsl
+++ b/documentation/adt-manual/adt-manual-customization.xsl
@@ -1,7 +1,7 @@
 <?xml version='1.0'?>
 <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://www.w3.org/1999/xhtml" xmlns:fo="http://www.w3.org/1999/XSL/Format" version="1.0">

-  <xsl:import href="http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl" />
+  <xsl:import href="http://docbook.sourceforge.net/release/xsl/1.76.1/xhtml/docbook.xsl" />

  <xsl:include href="../template/permalinks.xsl"/>
  <xsl:include href="../template/section.title.xsl"/>
--- a/documentation/adt-manual/adt-manual.xml
+++ b/documentation/adt-manual/adt-manual.xml
@@ -86,6 +86,16 @@
                <date>January 2015</date>
                <revremark>Released with the Yocto Project 1.7.1 Release.</revremark>
            </revision>
+            <revision>
+                <revnumber>1.7.2</revnumber>
+                <date>June 2015</date>
+                <revremark>Released with the Yocto Project 1.7.2 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>1.7.3</revnumber>
+                <date>November 2015</date>
+                <revremark>Released with the Yocto Project 1.7.3 Release.</revremark>
+            </revision>
       </revhistory>

    <copyright>
--- a/documentation/adt-manual/adt-prepare.xml
+++ b/documentation/adt-manual/adt-prepare.xml
@@ -276,7 +276,7 @@
                            target, go into the <filename>x86_64</filename>
                            folder and download the following installer:
                            <literallayout class='monospaced'>
-     poky-eglibc-x86_64-core-image-sato-i586-toolchain-&DISTRO;.sh
+     poky-glibc-x86_64-core-image-sato-i586-toolchain-&DISTRO;.sh
                            </literallayout></para></listitem>
                        <listitem><para>Build your own toolchain installer.
                            For cases where you cannot use an installer
@@ -296,7 +296,7 @@
                    The example assumes the toolchain installer is located
                    in <filename>~/Downloads/</filename>.
                    <literallayout class='monospaced'>
-     $ ~/Downloads/poky-eglibc-x86_64-core-image-sato-i586-toolchain-&DISTRO;.sh
+     $ ~/Downloads/poky-glibc-x86_64-core-image-sato-i586-toolchain-&DISTRO;.sh
                    </literallayout>
                    The first thing the installer prompts you for is the
                    directory into which you want to install the toolchain.
@@ -656,10 +656,10 @@
            <ulink url='&YOCTO_DOCS_REF_URL;#var-IMAGE_INSTALL'><filename>IMAGE_INSTALL</filename></ulink>
            variable inside your <filename>local.conf</filename> file to
            install the appropriate library packages.
-            Following is an example using <filename>eglibc</filename> static
+            Following is an example using <filename>glibc</filename> static
            development libraries:
            <literallayout class='monospaced'>
-     IMAGE_INSTALL_append = " eglibc-staticdev"
+     IMAGE_INSTALL_append = " glibc-staticdev"
            </literallayout>
        </note>
    </para>
--- a/documentation/bsp-guide/bsp-guide-customization.xsl
+++ b/documentation/bsp-guide/bsp-guide-customization.xsl
@@ -1,7 +1,7 @@
 <?xml version='1.0'?>
 <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://www.w3.org/1999/xhtml" xmlns:fo="http://www.w3.org/1999/XSL/Format" version="1.0">

-  <xsl:import href="http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl" />
+  <xsl:import href="http://docbook.sourceforge.net/release/xsl/1.76.1/xhtml/docbook.xsl" />

  <xsl:include href="../template/permalinks.xsl"/>
  <xsl:include href="../template/section.title.xsl"/>
--- a/documentation/bsp-guide/bsp-guide.xml
+++ b/documentation/bsp-guide/bsp-guide.xml
@@ -98,6 +98,16 @@
                <date>January 2015</date>
                <revremark>Released with the Yocto Project 1.7.1 Release.</revremark>
            </revision>
+            <revision>
+                <revnumber>1.7.2</revnumber>
+                <date>June 2015</date>
+                <revremark>Released with the Yocto Project 1.7.2 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>1.7.3</revnumber>
+                <date>November 2015</date>
+                <revremark>Released with the Yocto Project 1.7.3 Release.</revremark>
+            </revision>
        </revhistory>

    <copyright>
--- a/documentation/dev-manual/dev-manual-common-tasks.xml
+++ b/documentation/dev-manual/dev-manual-common-tasks.xml
@@ -1071,7 +1071,7 @@
                <filename><ulink url='&YOCTO_DOCS_REF_URL;#var-IMAGE_INSTALL'>IMAGE_INSTALL</ulink></filename>
                variable.
                You must use the OpenEmbedded notation and not the Debian notation for the names
-                (e.g. <filename>eglibc-dev</filename> instead of <filename>libc6-dev</filename>).
+                (e.g. <filename>glibc-dev</filename> instead of <filename>libc6-dev</filename>).
            </para>

            <para>
@@ -3027,7 +3027,7 @@
            <note>
                Although well within the capabilities of the Yocto Project,
                adding a totally new architecture might require
-                changes to <filename>gcc/eglibc</filename> and to the site
+                changes to <filename>gcc/glibc</filename> and to the site
                information, which is beyond the scope of this manual.
            </note>
        </para>
@@ -5911,10 +5911,10 @@ Gateways via their Web Interfaces</ulink>"</emphasis>
                described here combined with experimentation and iteration.
                Here are a couple of areas to experiment with:
                <itemizedlist>
-                    <listitem><para><filename>eglibc</filename>:
+                    <listitem><para><filename>glibc</filename>:
                        In general, follow this process:
                        <orderedlist>
-                            <listitem><para>Remove <filename>eglibc</filename>
+                            <listitem><para>Remove <filename>glibc</filename>
                                features from
                                <ulink url='&YOCTO_DOCS_REF_URL;#var-DISTRO_FEATURES'><filename>DISTRO_FEATURES</filename></ulink>
                                that you think you do not need.</para></listitem>
@@ -5928,7 +5928,7 @@ Gateways via their Web Interfaces</ulink>"</emphasis>
                                support wide character support as is done for
                                <filename>ncurses</filename>.
                                Or, if support for those characters is needed,
-                                determine what <filename>eglibc</filename>
+                                determine what <filename>glibc</filename>
                                features provide the support and restore the
                                configuration.
                                </para></listitem>
@@ -5937,7 +5937,7 @@ Gateways via their Web Interfaces</ulink>"</emphasis>
                        </orderedlist></para></listitem>
                    <listitem><para><filename>busybox</filename>:
                        For BusyBox, use a process similar as described for
-                        <filename>eglibc</filename>.
+                        <filename>glibc</filename>.
                        A difference is you will need to boot the resulting
                        system to see if you are able to do everything you
                        expect from the running system.
--- a/documentation/dev-manual/dev-manual-customization.xsl
+++ b/documentation/dev-manual/dev-manual-customization.xsl
@@ -1,7 +1,7 @@
 <?xml version='1.0'?>
 <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://www.w3.org/1999/xhtml" xmlns:fo="http://www.w3.org/1999/XSL/Format" version="1.0">

-  <xsl:import href="http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl" />
+  <xsl:import href="http://docbook.sourceforge.net/release/xsl/1.76.1/xhtml/docbook.xsl" />

  <xsl:include href="../template/permalinks.xsl"/>
  <xsl:include href="../template/section.title.xsl"/>
--- a/documentation/dev-manual/dev-manual-intro.xml
+++ b/documentation/dev-manual/dev-manual-intro.xml
@@ -5,7 +5,7 @@
 <chapter id='dev-manual-intro'>

 <title>The Yocto Project Development Manual</title>
-    <section id='intro'>
+    <section id='dev-intro'>
        <title>Introduction</title>

        <para>
--- a/documentation/dev-manual/dev-manual.xml
+++ b/documentation/dev-manual/dev-manual.xml
@@ -76,6 +76,16 @@
                <date>January 2015</date>
                <revremark>Released with the Yocto Project 1.7.1 Release.</revremark>
            </revision>
+            <revision>
+                <revnumber>1.7.2</revnumber>
+                <date>June 2015</date>
+                <revremark>Released with the Yocto Project 1.7.2 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>1.7.3</revnumber>
+                <date>November 2015</date>
+                <revremark>Released with the Yocto Project 1.7.3 Release.</revremark>
+            </revision>
        </revhistory>

    <copyright>
--- a/documentation/kernel-dev/kernel-dev-customization.xsl
+++ b/documentation/kernel-dev/kernel-dev-customization.xsl
@@ -1,7 +1,7 @@
 <?xml version='1.0'?>
 <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://www.w3.org/1999/xhtml" xmlns:fo="http://www.w3.org/1999/XSL/Format" version="1.0">

-  <xsl:import href="http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl" />
+  <xsl:import href="http://docbook.sourceforge.net/release/xsl/1.76.1/xhtml/docbook.xsl" />

  <xsl:include href="../template/permalinks.xsl"/>
  <xsl:include href="../template/section.title.xsl"/>
--- a/documentation/kernel-dev/kernel-dev.xml
+++ b/documentation/kernel-dev/kernel-dev.xml
@@ -61,6 +61,16 @@
                <date>January 2015</date>
                <revremark>Released with the Yocto Project 1.7.1 Release.</revremark>
            </revision>
+            <revision>
+                <revnumber>1.7.2</revnumber>
+                <date>June 2015</date>
+                <revremark>Released with the Yocto Project 1.7.2 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>1.7.3</revnumber>
+                <date>November 2015</date>
+                <revremark>Released with the Yocto Project 1.7.3 Release.</revremark>
+            </revision>
        </revhistory>

    <copyright>
--- a/documentation/mega-manual/mega-manual-customization.xsl
+++ b/documentation/mega-manual/mega-manual-customization.xsl
@@ -1,7 +1,7 @@
 <?xml version='1.0'?>
 <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://www.w3.org/1999/xhtml" xmlns:fo="http://www.w3.org/1999/XSL/Format" version="1.0">

-  <xsl:import href="http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl" />
+  <xsl:import href="http://docbook.sourceforge.net/release/xsl/1.76.1/xhtml/docbook.xsl" />

  <xsl:param name="generate.toc">
   appendix  toc
--- a/documentation/poky.ent
+++ b/documentation/poky.ent
@@ -1,9 +1,9 @@
-<!ENTITY DISTRO "1.7.1">
-<!ENTITY DISTRO_COMPRESSED "171">
+<!ENTITY DISTRO "1.7.3">
+<!ENTITY DISTRO_COMPRESSED "173">
 <!ENTITY DISTRO_NAME "dizzy">
-<!ENTITY YOCTO_DOC_VERSION "1.7.1">
-<!ENTITY POKYVERSION "12.0.1">
-<!ENTITY POKYVERSION_COMPRESSED "1201">
+<!ENTITY YOCTO_DOC_VERSION "1.7.3">
+<!ENTITY POKYVERSION "12.0.3">
+<!ENTITY POKYVERSION_COMPRESSED "1203">
 <!ENTITY YOCTO_POKY "poky-&DISTRO_NAME;-&POKYVERSION;">
 <!ENTITY COPYRIGHT_YEAR "2010-2015">
 <!ENTITY YOCTO_DL_URL "http://downloads.yoctoproject.org">
@@ -27,7 +27,7 @@
 <!ENTITY ECLIPSE_INDIGO_URL "&ECLIPSE_DL_URL;/releases/indigo">
 <!ENTITY ECLIPSE_JUNO_URL "&ECLIPSE_DL_URL;/releases/juno">
 <!ENTITY ECLIPSE_KEPLER_URL "&ECLIPSE_DL_URL;/releases/kepler">
-<!ENTITY ECLIPSE_INDIGO_CDT_URL "&ECLIPSE_DL_URL;tools/cdt/releases/indigo">
+<!ENTITY ECLIPSE_INDIGO_CDT_URL "&ECLIPSE_DL_URL;/tools/cdt/releases/indigo">
 <!ENTITY YOCTO_DOCS_URL "&YOCTO_HOME_URL;/docs">
 <!ENTITY YOCTO_SOURCES_URL "&YOCTO_HOME_URL;/sources/">
 <!ENTITY YOCTO_AB_PORT_URL "&YOCTO_AB_URL;:8010">
@@ -35,7 +35,7 @@
 <!ENTITY YOCTO_POKY_URL "&YOCTO_DL_URL;/releases/poky/">
 <!ENTITY YOCTO_RELEASE_DL_URL "&YOCTO_DL_URL;/releases/yocto/yocto-&DISTRO;">
 <!ENTITY YOCTO_TOOLCHAIN_DL_URL "&YOCTO_RELEASE_DL_URL;/toolchain/">
-<!ENTITY YOCTO_ECLIPSE_DL_URL "&YOCTO_RELEASE_DL_URL;/eclipse-plugin/indigo;">
+<!ENTITY YOCTO_ECLIPSE_DL_URL "&YOCTO_RELEASE_DL_URL;/eclipse-plugin/">
 <!ENTITY YOCTO_ADTINSTALLER_DL_URL "&YOCTO_RELEASE_DL_URL;/adt-installer">
 <!ENTITY YOCTO_POKY_DL_URL "&YOCTO_RELEASE_DL_URL;/&YOCTO_POKY;.tar.bz2">
 <!ENTITY YOCTO_MACHINES_DL_URL "&YOCTO_RELEASE_DL_URL;/machines">
--- a/documentation/profile-manual/profile-manual-customization.xsl
+++ b/documentation/profile-manual/profile-manual-customization.xsl
@@ -1,7 +1,7 @@
 <?xml version='1.0'?>
 <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://www.w3.org/1999/xhtml" xmlns:fo="http://www.w3.org/1999/XSL/Format" version="1.0">

-  <xsl:import href="http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl" />
+  <xsl:import href="http://docbook.sourceforge.net/release/xsl/1.76.1/xhtml/docbook.xsl" />

  <xsl:include href="../template/permalinks.xsl"/>
  <xsl:include href="../template/section.title.xsl"/>
--- a/documentation/profile-manual/profile-manual-intro.xml
+++ b/documentation/profile-manual/profile-manual-intro.xml
@@ -5,7 +5,7 @@
 <chapter id='profile-manual-intro'>

 <title>Yocto Project Profiling and Tracing Manual</title>
-    <section id='intro'>
+    <section id='prof-intro'>
        <title>Introduction</title>

        <para>
--- a/documentation/profile-manual/profile-manual.xml
+++ b/documentation/profile-manual/profile-manual.xml
@@ -61,6 +61,16 @@
                <date>January 2015</date>
                <revremark>Released with the Yocto Project 1.7.1 Release.</revremark>
            </revision>
+            <revision>
+                <revnumber>1.7.2</revnumber>
+                <date>June 2015</date>
+                <revremark>Released with the Yocto Project 1.7.2 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>1.7.3</revnumber>
+                <date>November 2015</date>
+                <revremark>Released with the Yocto Project 1.7.3 Release.</revremark>
+            </revision>
        </revhistory>

    <copyright>
--- a/documentation/ref-manual/introduction.xml
+++ b/documentation/ref-manual/introduction.xml
@@ -2,7 +2,7 @@
 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
 [<!ENTITY % poky SYSTEM "../poky.ent"> %poky; ] >

-<chapter id='intro'>
+<chapter id='ref-intro'>
 <title>Introduction</title>

 <section id='intro-welcome'>
@@ -398,7 +398,7 @@
                        Execute the installation script.
                        Here is an example:
                        <literallayout class='monospaced'>
-     $ sh poky-eglibc-x86_64-buildtools-tarball-x86_64-buildtools-nativesdk-standalone-&DISTRO;.sh
+     $ sh poky-glibc-x86_64-buildtools-tarball-x86_64-buildtools-nativesdk-standalone-&DISTRO;.sh
                        </literallayout>
                        During execution, a prompt appears that allows you to
                        choose the installation directory.
@@ -484,7 +484,7 @@
                       to install the tools.
                       Here is an example:
                       <literallayout class='monospaced'>
-     $ sh poky-eglibc-x86_64-buildtools-tarball-x86_64-buildtools-nativesdk-standalone-&DISTRO;.sh
+     $ sh poky-glibc-x86_64-buildtools-tarball-x86_64-buildtools-nativesdk-standalone-&DISTRO;.sh
                       </literallayout>
                       During execution, a prompt appears that allows you to
                       choose the installation directory.
--- a/documentation/ref-manual/ref-bitbake.xml
+++ b/documentation/ref-manual/ref-bitbake.xml
@@ -169,7 +169,7 @@
            <filename>packagegroup-core-x11-sato</filename>,
            which in turn leads to recipes like <filename>matchbox-terminal</filename>,
            <filename>pcmanfm</filename> and <filename>gthumb</filename>.
-            These recipes in turn depend on <filename>eglibc</filename> and the toolchain.
+            These recipes in turn depend on <filename>glibc</filename> and the toolchain.
        </para>

        <para>
--- a/documentation/ref-manual/ref-classes.xml
+++ b/documentation/ref-manual/ref-classes.xml
@@ -580,8 +580,8 @@

    <para>
        The <filename>debian</filename> class renames output packages so that
-        they follow the Debian naming policy (i.e. <filename>eglibc</filename>
-        becomes <filename>libc6</filename> and <filename>eglibc-devel</filename>
+        they follow the Debian naming policy (i.e. <filename>glibc</filename>
+        becomes <filename>libc6</filename> and <filename>glibc-devel</filename>
        becomes <filename>libc6-dev</filename>.)
        Renaming includes the library name and version as part of the package
        name.
@@ -1177,7 +1177,7 @@
        <link linkend='var-ICECC_DISABLED'><filename>ICECC_DISABLED</filename></link>
        variable to "1" as follows:
        <literallayout class='monospaced'>
-     INHERIT_DISTRO += "icecc"
+     INHERIT_DISTRO_append = " icecc"
     ICECC_DISABLED ??= "1"
        </literallayout>
        This practice makes sure everyone is using the same signatures but also
@@ -2278,7 +2278,7 @@
    <title><filename>package_rpm.bbclass</filename></title>

    <para>
-        The <filename>package_deb</filename> class
+        The <filename>package_rpm</filename> class
        provides support for creating packages that use the
        <filename>.rpm</filename> file format.
        The class ensures the packages are written out to the
@@ -2797,7 +2797,7 @@
        file.
        Here is an example:
        <literallayout class='monospaced'>
-    RM_WORK_EXCLUDE += "busybox eglibc"
+    RM_WORK_EXCLUDE += "busybox glibc"
        </literallayout>
    </para>
 </section>
--- a/documentation/ref-manual/ref-manual-customization.xsl
+++ b/documentation/ref-manual/ref-manual-customization.xsl
@@ -1,7 +1,7 @@
 <?xml version='1.0'?>
 <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://www.w3.org/1999/xhtml" xmlns:fo="http://www.w3.org/1999/XSL/Format" version="1.0">

-  <xsl:import href="http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl" />
+  <xsl:import href="http://docbook.sourceforge.net/release/xsl/1.76.1/xhtml/docbook.xsl" />

  <xsl:include href="../template/permalinks.xsl"/>
  <xsl:include href="../template/section.title.xsl"/>
--- a/documentation/ref-manual/ref-manual.xml
+++ b/documentation/ref-manual/ref-manual.xml
@@ -92,6 +92,16 @@
                <date>January 2015</date>
                <revremark>Released with the Yocto Project 1.7.1 Release.</revremark>
            </revision>
+            <revision>
+                <revnumber>1.7.2</revnumber>
+                <date>June 2015</date>
+                <revremark>Released with the Yocto Project 1.7.2 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>1.7.3</revnumber>
+                <date>November 2015</date>
+                <revremark>Released with the Yocto Project 1.7.3 Release.</revremark>
+            </revision>
        </revhistory>

    <copyright>
--- a/documentation/ref-manual/ref-structure.xml
+++ b/documentation/ref-manual/ref-structure.xml
@@ -695,7 +695,7 @@
        <para>
            This directory receives package licensing information.
            For example, the directory contains sub-directories for <filename>bash</filename>,
-            <filename>busybox</filename>, and <filename>eglibc</filename> (among others) that in turn
+            <filename>busybox</filename>, and <filename>glibc</filename> (among others) that in turn
            contain appropriate <filename>COPYING</filename> license files with other licensing information.
            For information on licensing, see the
            "<ulink url='&YOCTO_DOCS_DEV_URL;#maintaining-open-source-license-compliance-during-your-products-lifecycle'>Maintaining Open Source License Compliance During Your Product's Lifecycle</ulink>"
--- a/documentation/ref-manual/ref-variables.xml
+++ b/documentation/ref-manual/ref-variables.xml
@@ -2290,7 +2290,7 @@
        <glossentry id='var-ENABLE_BINARY_LOCALE_GENERATION'><glossterm>ENABLE_BINARY_LOCALE_GENERATION</glossterm>
            <glossdef>
                <para>Variable that controls which locales for
-                    <filename>eglibc</filename> are generated during the
+                    <filename>glibc</filename> are generated during the
                    build (useful if the target device has 64Mbytes
                    of RAM or less).</para>
            </glossdef>
@@ -5873,7 +5873,7 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
                    Declares the oldest version of the Linux kernel that the
                    produced binaries must support.
                    This variable is passed into the build of the Embedded
-                    GNU C Library (<filename>eglibc</filename>).
+                    GNU C Library (<filename>glibc</filename>).
                </para>

                <para>
@@ -6476,7 +6476,7 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
        <glossentry id='var-PF'><glossterm>PF</glossterm>
            <glossdef>
                <para>Specifies the recipe or package name and includes all version and revision
-                    numbers (i.e. <filename>eglibc-2.13-r20+svnr15508/</filename> and
+                    numbers (i.e. <filename>glibc-2.13-r20+svnr15508/</filename> and
                    <filename>bash-4.2-r1/</filename>).
                    This variable is comprised of the following:
                    <literallayout class='monospaced'>
@@ -8967,7 +8967,7 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
        <glossentry id='var-TARGET_OS'><glossterm>TARGET_OS</glossterm>
            <glossdef>
                <para>Specifies the target's operating system.
-                    The variable can be set to "linux" for <filename>eglibc</filename>-based systems and
+                    The variable can be set to "linux" for <filename>glibc</filename>-based systems and
                    to "linux-uclibc" for <filename>uclibc</filename>.
                    For ARM/EABI targets, there are also "linux-gnueabi" and
                    "linux-uclibc-gnueabi" values possible.</para>
@@ -8983,11 +8983,7 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
                    supported.
                </para>
                <para>
-                    You can select "eglibc" or "uclibc".
-                    <note>
-                        This release of the Yocto Project does not support the
-                        <filename>glibc</filename> implementation of <filename>libc</filename>.
-                    </note>
+                    You can select "glibc" or "uclibc".
                </para>
            </glossdef>
        </glossentry>
@@ -9045,7 +9041,7 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
                    <link linkend='var-TCLIBC'><filename>TCLIBC</filename></link>,
                    which controls the variant of the GNU standard C library
                    (<filename>libc</filename>) used during the build process:
-                    <filename>eglibc</filename> or <filename>uclibc</filename>.
+                    <filename>glibc</filename> or <filename>uclibc</filename>.
                </para>
            </glossdef>
        </glossentry>
--- a/documentation/ref-manual/technical-details.xml
+++ b/documentation/ref-manual/technical-details.xml
@@ -107,11 +107,8 @@
        <para>
            BitBake also tries to execute any dependent tasks first.
            So for example, before building <filename>matchbox-desktop</filename>, BitBake
-            would build a cross compiler and <filename>eglibc</filename> if they had not already
+            would build a cross compiler and <filename>glibc</filename> if they had not already
            been built.
-            <note>This release of the Yocto Project does not support the <filename>glibc</filename>
-                GNU version of the Unix standard C library.  By default, the OpenEmbedded build system
-                builds with <filename>eglibc</filename>.</note>
        </para>

        <para>
@@ -228,7 +225,7 @@
        The chain of events that occurs when <filename>gcc-cross</filename> is
        bootstrapped is as follows:
        <literallayout class='monospaced'>
-     gcc -> binutils-cross -> gcc-cross-initial -> linux-libc-headers -> eglibc-initial -> eglibc -> gcc-cross -> gcc-runtime
+     gcc -> binutils-cross -> gcc-cross-initial -> linux-libc-headers -> glibc-initial -> glibc -> gcc-cross -> gcc-runtime
        </literallayout>
        <itemizedlist>
            <listitem><para><filename>gcc</filename>:
@@ -251,9 +248,9 @@
            <listitem><para><filename>linux-libc-headers</filename>:
                Headers needed for the cross-compiler.
                </para></listitem>
-            <listitem><para><filename>eglibc-initial</filename>:
+            <listitem><para><filename>glibc-initial</filename>:
                An initial version of the Embedded GLIBC needed to bootstrap
-                <filename>eglibc</filename>.
+                <filename>glibc</filename>.
                </para></listitem>
            <listitem><para><filename>gcc-cross</filename>:
                The final stage of the bootstrap process for the
@@ -305,7 +302,7 @@
        Here is the bootstrap process for the relocatable toolchain:
        <literallayout class='monospaced'>
     gcc -> binutils-crosssdk -> gcc-crosssdk-initial -> linux-libc-headers ->
-        eglibc-initial -> nativesdk-eglibc -> gcc-crosssdk -> gcc-cross-canadian
+        glibc-initial -> nativesdk-glibc -> gcc-crosssdk -> gcc-cross-canadian
        </literallayout>
        <itemizedlist>
            <listitem><para><filename>gcc</filename>:
@@ -328,11 +325,11 @@
            <listitem><para><filename>linux-libc-headers</filename>:
                Headers needed for the cross-compiler.
                </para></listitem>
-            <listitem><para><filename>eglibc-initial</filename>:
+            <listitem><para><filename>glibc-initial</filename>:
                An initial version of the Embedded GLIBC needed to bootstrap
-                <filename>nativesdk-eglibc</filename>.
+                <filename>nativesdk-glibc</filename>.
                </para></listitem>
-            <listitem><para><filename>nativesdk-eglibc</filename>:
+            <listitem><para><filename>nativesdk-glibc</filename>:
                The Embedded GLIBC needed to bootstrap the
                <filename>gcc-crosssdk</filename>.
                </para></listitem>
--- a/documentation/ref-manual/usingpoky.xml
+++ b/documentation/ref-manual/usingpoky.xml
@@ -283,12 +283,12 @@
            <ulink url='&YOCTO_RELEASE_NOTES;'>Release Notes</ulink>
            for a look at all release-related issues.
            <itemizedlist>
-                <listitem><para><emphasis><filename>eglibc-initial</filename> fails to build</emphasis>:
+                <listitem><para><emphasis><filename>glibc-initial</filename> fails to build</emphasis>:
                    If your development host system has the unpatched
                    <filename>GNU Make 3.82</filename>,
                    the
                    <link linkend='ref-tasks-install'><filename>do_install</filename></link>
-                    task fails for <filename>eglibc-initial</filename> during
+                    task fails for <filename>glibc-initial</filename> during
                    the build.</para>
                    <para>Typically, every distribution that ships
                    <filename>GNU Make 3.82</filename> as
@@ -564,19 +564,22 @@
            <para>
                The history for each package contains a text file that has
                name-value pairs with information about the package.
-                For example, <filename>buildhistory/packages/core2-poky-linux/busybox/busybox/latest</filename>
+                For example, <filename>buildhistory/packages/i586-poky-linux/busybox/busybox/latest</filename>
                contains the following:
                <literallayout class='monospaced'>
-     PV = 1.19.3
-     PR = r3
-     RDEPENDS = update-rc.d eglibc (>= 2.13)
-     RRECOMMENDS = busybox-syslog busybox-udhcpc
-     PKGSIZE = 564701
-     FILES = /usr/bin/* /usr/sbin/* /usr/libexec/* /usr/lib/lib*.so.* \
-        /etc /com /var /bin/* /sbin/* /lib/*.so.* /usr/share/busybox \
-        /usr/lib/busybox/* /usr/share/pixmaps /usr/share/applications \
-        /usr/share/idl /usr/share/omf /usr/share/sounds /usr/lib/bonobo/servers
-     FILELIST = /etc/busybox.links /etc/init.d/hwclock.sh /bin/busybox /bin/sh
+     PV = 1.22.1
+     PR = r32
+     RPROVIDES =
+     RDEPENDS = glibc (>= 2.20) update-alternatives-opkg
+     RRECOMMENDS = busybox-syslog busybox-udhcpc update-rc.d
+     PKGSIZE = 540168
+     FILES = /usr/bin/* /usr/sbin/* /usr/lib/busybox/* /usr/lib/lib*.so.* \
+        /etc /com /var /bin/* /sbin/* /lib/*.so.* /lib/udev/rules.d \
+        /usr/lib/udev/rules.d /usr/share/busybox /usr/lib/busybox/* \
+        /usr/share/pixmaps /usr/share/applications /usr/share/idl \
+        /usr/share/omf /usr/share/sounds /usr/lib/bonobo/servers
+     FILELIST = /bin/busybox /bin/busybox.nosuid /bin/busybox.suid /bin/sh \
+        /etc/busybox.links.nosuid /etc/busybox.links.suid
                </literallayout>
                Most of these name-value pairs correspond to variables used
                to produce the package.
@@ -589,15 +592,16 @@
            <para>
                There is also a file corresponding to the recipe from which the
                package came (e.g.
-                <filename>buildhistory/packages/core2-poky-linux/busybox/latest</filename>):
+                <filename>buildhistory/packages/i586-poky-linux/busybox/latest</filename>):
                <literallayout class='monospaced'>
-     PV = 1.19.3
-     PR = r3
-     DEPENDS = virtual/i586-poky-linux-gcc virtual/i586-poky-linux-compilerlibs \
-        virtual/libc update-rc.d-native
-     PACKAGES = busybox-httpd busybox-udhcpd busybox-udhcpc busybox-syslog \
-        busybox-mdev busybox-dbg busybox busybox-doc busybox-dev \
-        busybox-staticdev busybox-locale
+     PV = 1.22.1
+     PR = r32
+     DEPENDS = initscripts kern-tools-native update-rc.d-native \
+        virtual/i586-poky-linux-compilerlibs virtual/i586-poky-linux-gcc \
+        virtual/libc virtual/update-alternatives
+     PACKAGES = busybox-ptest busybox-httpd busybox-udhcpd busybox-udhcpc \
+        busybox-syslog busybox-mdev busybox-hwclock busybox-dbg \
+        busybox-staticdev busybox-dev busybox-doc busybox-locale busybox
                </literallayout>
            </para>

@@ -611,31 +615,44 @@
                is set to
                <filename>${<link linkend='var-AUTOREV'>AUTOREV</link>}</filename>.
                Here is an example assuming
-                <filename>buildhistory/packages/emenlow-poky-linux/linux-yocto/latest_srcrev</filename>):
+                <filename>buildhistory/packages/qemux86-poky-linux/linux-yocto/latest_srcrev</filename>):
                <literallayout class='monospaced'>
-     # SRCREV_machine = "b5c37fe6e24eec194bb29d22fdd55d73bcc709bf"
-     SRCREV_machine = "b5c37fe6e24eec194bb29d22fdd55d73bcc709bf"
-     # SRCREV_emgd = "caea08c988e0f41103bbe18eafca20348f95da02"
-     SRCREV_emgd = "caea08c988e0f41103bbe18eafca20348f95da02"
-     # SRCREV_meta = "c2ed0f16fdec628242a682897d5d86df4547cf24"
-     SRCREV_meta = "c2ed0f16fdec628242a682897d5d86df4547cf24"
+     # SRCREV_machine = "38cd560d5022ed2dbd1ab0dca9642e47c98a0aa1"
+     SRCREV_machine = "38cd560d5022ed2dbd1ab0dca9642e47c98a0aa1"
+     # SRCREV_meta = "a227f20eff056e511d504b2e490f3774ab260d6f"
+     SRCREV_meta = "a227f20eff056e511d504b2e490f3774ab260d6f"
                </literallayout>
                You can use the <filename>buildhistory-collect-srcrevs</filename>
-                command to collect the stored <filename>SRCREV</filename> values
-                from build history and report them in a format suitable for use in
-                global configuration (e.g., <filename>local.conf</filename>
-                or a distro include file) to override floating
-                <filename>AUTOREV</filename> values to a fixed set of revisions.
+                command with the <filename>-a</filename> option to
+                collect the stored <filename>SRCREV</filename> values
+                from build history and report them in a format suitable for
+                use in global configuration (e.g.,
+                <filename>local.conf</filename> or a distro include file) to
+                override floating <filename>AUTOREV</filename> values to a
+                fixed set of revisions.
                Here is some example output from this command:
                <literallayout class='monospaced'>
-     # emenlow-poky-linux
-     SRCREV_machine_pn-linux-yocto = "b5c37fe6e24eec194bb29d22fdd55d73bcc709bf"
-     SRCREV_emgd_pn-linux-yocto = "caea08c988e0f41103bbe18eafca20348f95da02"
-     SRCREV_meta_pn-linux-yocto = "c2ed0f16fdec628242a682897d5d86df4547cf24"
-     # core2-poky-linux
-     SRCREV_pn-kmod = "62081c0f68905b22f375156d4532fd37fa5c8d33"
-     SRCREV_pn-blktrace = "d6918c8832793b4205ed3bfede78c2f915c23385"
-     SRCREV_pn-opkg = "649"
+     $ buildhistory-collect-srcrevs -a
+     # i586-poky-linux
+     SRCREV_pn-glibc = "b8079dd0d360648e4e8de48656c5c38972621072"
+     SRCREV_pn-glibc-initial = "b8079dd0d360648e4e8de48656c5c38972621072"
+     SRCREV_pn-opkg-utils = "53274f087565fd45d8452c5367997ba6a682a37a"
+     SRCREV_pn-kmod = "fd56638aed3fe147015bfa10ed4a5f7491303cb4"
+     # x86_64-linux
+     SRCREV_pn-gtk-doc-stub-native = "1dea266593edb766d6d898c79451ef193eb17cfa"
+     SRCREV_pn-dtc-native = "65cc4d2748a2c2e6f27f1cf39e07a5dbabd80ebf"
+     SRCREV_pn-update-rc.d-native = "eca680ddf28d024954895f59a241a622dd575c11"
+     SRCREV_glibc_pn-cross-localedef-native = "b8079dd0d360648e4e8de48656c5c38972621072"
+     SRCREV_localedef_pn-cross-localedef-native = "c833367348d39dad7ba018990bfdaffaec8e9ed3"
+     SRCREV_pn-prelink-native = "faa069deec99bf61418d0bab831c83d7c1b797ca"
+     SRCREV_pn-opkg-utils-native = "53274f087565fd45d8452c5367997ba6a682a37a"
+     SRCREV_pn-kern-tools-native = "23345b8846fe4bd167efdf1bd8a1224b2ba9a5ff"
+     SRCREV_pn-kmod-native = "fd56638aed3fe147015bfa10ed4a5f7491303cb4"
+     # qemux86-poky-linux
+     SRCREV_machine_pn-linux-yocto = "38cd560d5022ed2dbd1ab0dca9642e47c98a0aa1"
+     SRCREV_meta_pn-linux-yocto = "a227f20eff056e511d504b2e490f3774ab260d6f"
+     # all-poky-linux
+     SRCREV_pn-update-rc.d = "eca680ddf28d024954895f59a241a622dd575c11"
                </literallayout>
                <note>
                    Here are some notes on using the
@@ -660,7 +677,7 @@
                            However, the script does place a
                            comment before each set of values that specifies
                            which triplet to which they belong as shown above
-                            (e.g., <filename>emenlow-poky-linux</filename>).
+                            (e.g., <filename>i586-poky-linux</filename>).
                            </para></listitem>
                    </itemizedlist>
                </note>
@@ -717,17 +734,21 @@
                Here is an example of <filename>image-info.txt</filename>:
                <literallayout class='monospaced'>
     DISTRO = poky
-     DISTRO_VERSION = 1.1+snapshot-20120207
-     USER_CLASSES = image-mklibs image-prelink
+     DISTRO_VERSION = 1.7
+     USER_CLASSES = buildstats image-mklibs image-prelink
     IMAGE_CLASSES = image_types
-     IMAGE_FEATURES = debug-tweaks x11-base apps-x11-core \
-        package-management ssh-server-dropbear package-management
-     IMAGE_LINGUAS = en-us en-gb
-     IMAGE_INSTALL = packagegroup-core-boot packagegroup-base-extended
+     IMAGE_FEATURES = debug-tweaks
+     IMAGE_LINGUAS =
+     IMAGE_INSTALL = packagegroup-core-boot run-postinsts
     BAD_RECOMMENDATIONS =
-     ROOTFS_POSTPROCESS_COMMAND = buildhistory_get_image_installed ;   rootfs_update_timestamp ;
-     IMAGE_POSTPROCESS_COMMAND = buildhistory_get_imageinfo ;
-     IMAGESIZE = 171816
+     NO_RECOMMENDATIONS =
+     PACKAGE_EXCLUDE =
+     ROOTFS_POSTPROCESS_COMMAND = write_package_manifest; license_create_manifest; \
+        write_image_manifest ; buildhistory_list_installed_image ; \
+        buildhistory_get_image_installed ; ssh_allow_empty_password;  \
+        postinst_enable_logging; rootfs_update_timestamp ; ssh_disable_dns_lookup ;
+     IMAGE_POSTPROCESS_COMMAND =   buildhistory_get_imageinfo ;
+     IMAGESIZE = 6900
                </literallayout>
                Other than <filename>IMAGESIZE</filename>, which is the
                total size of the files in the image in Kbytes, the
@@ -811,7 +832,7 @@
                <literallayout class='monospaced'>
     DISTRO = poky
     DISTRO_VERSION = 1.3+snapshot-20130327
-     SDK_NAME = poky-eglibc-i686-arm
+     SDK_NAME = poky-glibc-i686-arm
     SDK_VERSION = 1.3+snapshot
     SDKMACHINE =
     SDKIMAGE_FEATURES = dev-pkgs dbg-pkgs
@@ -858,12 +879,12 @@
                Here is an example:
                <literallayout class='monospaced'>
     $ ~/poky/poky/scripts/buildhistory-diff . HEAD^
-     Changes to images/qemux86_64/eglibc/core-image-minimal (files-in-image.txt):
+     Changes to images/qemux86_64/glibc/core-image-minimal (files-in-image.txt):
        /etc/anotherpkg.conf was added
        /sbin/anotherpkg was added
        * (installed-package-names.txt):
        *   anotherpkg was added
-     Changes to images/qemux86_64/eglibc/core-image-minimal (installed-package-names.txt):
+     Changes to images/qemux86_64/glibc/core-image-minimal (installed-package-names.txt):
        anotherpkg was added
     packages/qemux86_64-poky-linux/v86d: PACKAGES: added "v86d-extras"
        * PR changed from "r0" to "r1"
--- a/documentation/tools/mega-manual.sed
+++ b/documentation/tools/mega-manual.sed
@@ -2,30 +2,30 @@
 # This style is for manual folders like "yocto-project-qs" and "poky-ref-manual".
 # This is the old way that did it.  Can't do that now that we have "bitbake-user-manual" strings
 # in the mega-manual.
-# s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.7.1\/[a-z]*-[a-z]*-[a-z]*\/[a-z]*-[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.7.1\/yocto-project-qs\/yocto-project-qs.html#/\"link\" href=\"#/g
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.7.1\/poky-ref-manual\/poky-ref-manual.html#/\"link\" href=\"#/g
+# s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.7.3\/[a-z]*-[a-z]*-[a-z]*\/[a-z]*-[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.7.3\/yocto-project-qs\/yocto-project-qs.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.7.3\/poky-ref-manual\/poky-ref-manual.html#/\"link\" href=\"#/g

 # Processes all other manuals (<word>-<word> style) except for the BitBake User Manual because
 # it is not included in the mega-manual.
 # This style is for manual folders that use two word, which is the standard now (e.g. "ref-manual").
 # This was the one-liner that worked before we introduced the BitBake User Manual, which is
 # not in the mega-manual.
-# s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.7.1\/[a-z]*-[a-z]*\/[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
+# s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.7.3\/[a-z]*-[a-z]*\/[a-z]*-[a-z]*.html#/\"link\" href=\"#/g

-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.7.1\/adt-manual\/adt-manual.html#/\"link\" href=\"#/g
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.7.1\/bsp-guide\/bsp-guide.html#/\"link\" href=\"#/g
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.7.1\/dev-manual\/dev-manual.html#/\"link\" href=\"#/g
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.7.1\/kernel-dev\/kernel-dev.html#/\"link\" href=\"#/g
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.7.1\/profile-manual\/profile-manual.html#/\"link\" href=\"#/g
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.7.1\/ref-manual\/ref-manual.html#/\"link\" href=\"#/g
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.7.1\/yocto-project-qs\/yocto-project-qs.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.7.3\/adt-manual\/adt-manual.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.7.3\/bsp-guide\/bsp-guide.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.7.3\/dev-manual\/dev-manual.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.7.3\/kernel-dev\/kernel-dev.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.7.3\/profile-manual\/profile-manual.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.7.3\/ref-manual\/ref-manual.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.7.3\/yocto-project-qs\/yocto-project-qs.html#/\"link\" href=\"#/g

 # Process cases where just an external manual is referenced without an id anchor
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.7.1\/yocto-project-qs\/yocto-project-qs.html\" target=\"_top\">Yocto Project Quick Start<\/a>/Yocto Project Quick Start/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.7.1\/dev-manual\/dev-manual.html\" target=\"_top\">Yocto Project Development Manual<\/a>/Yocto Project Development Manual/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.7.1\/adt-manual\/adt-manual.html\" target=\"_top\">Yocto Project Application Developer's Guide<\/a>/Yocto Project Application Developer's Guide/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.7.1\/bsp-guide\/bsp-guide.html\" target=\"_top\">Yocto Project Board Support Package (BSP) Developer's Guide<\/a>/Yocto Project Board Support Package (BSP) Developer's Guide/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.7.1\/profile-manual\/profile-manual.html\" target=\"_top\">Yocto Project Profiling and Tracing Manual<\/a>/Yocto Project Profiling and Tracing Manual/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.7.1\/kernel-dev\/kernel-dev.html\" target=\"_top\">Yocto Project Linux Kernel Development Manual<\/a>/Yocto Project Linux Kernel Development Manual/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.7.1\/ref-manual\/ref-manual.html\" target=\"_top\">Yocto Project Reference Manual<\/a>/Yocto Project Reference Manual/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.7.3\/yocto-project-qs\/yocto-project-qs.html\" target=\"_top\">Yocto Project Quick Start<\/a>/Yocto Project Quick Start/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.7.3\/dev-manual\/dev-manual.html\" target=\"_top\">Yocto Project Development Manual<\/a>/Yocto Project Development Manual/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.7.3\/adt-manual\/adt-manual.html\" target=\"_top\">Yocto Project Application Developer's Guide<\/a>/Yocto Project Application Developer's Guide/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.7.3\/bsp-guide\/bsp-guide.html\" target=\"_top\">Yocto Project Board Support Package (BSP) Developer's Guide<\/a>/Yocto Project Board Support Package (BSP) Developer's Guide/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.7.3\/profile-manual\/profile-manual.html\" target=\"_top\">Yocto Project Profiling and Tracing Manual<\/a>/Yocto Project Profiling and Tracing Manual/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.7.3\/kernel-dev\/kernel-dev.html\" target=\"_top\">Yocto Project Linux Kernel Development Manual<\/a>/Yocto Project Linux Kernel Development Manual/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.7.3\/ref-manual\/ref-manual.html\" target=\"_top\">Yocto Project Reference Manual<\/a>/Yocto Project Reference Manual/g
--- a/documentation/yocto-project-qs/yocto-project-qs-customization.xsl
+++ b/documentation/yocto-project-qs/yocto-project-qs-customization.xsl
@@ -1,7 +1,7 @@
 <?xml version='1.0'?>
 <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://www.w3.org/1999/xhtml" xmlns:fo="http://www.w3.org/1999/XSL/Format" version="1.0">

-  <xsl:import href="http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl" />
+  <xsl:import href="http://docbook.sourceforge.net/release/xsl/1.76.1/xhtml/docbook.xsl" />
  <xsl:import href="yocto-project-qs-titlepage.xsl"/>

  <xsl:include href="../template/permalinks.xsl"/>
--- a/documentation/yocto-project-qs/yocto-project-qs.xml
+++ b/documentation/yocto-project-qs/yocto-project-qs.xml
@@ -625,7 +625,7 @@
            </para>

            <literallayout class='monospaced'>
-     poky-eglibc-<replaceable>host_system</replaceable>-<replaceable>image_type</replaceable>-<replaceable>arch</replaceable>-toolchain-<replaceable>release_version</replaceable>.sh
+     poky-glibc-<replaceable>host_system</replaceable>-<replaceable>image_type</replaceable>-<replaceable>arch</replaceable>-toolchain-<replaceable>release_version</replaceable>.sh

     Where:
         <replaceable>host_system</replaceable> is a string representing your development system:
@@ -654,7 +654,7 @@
                development host system and a i586-tuned target architecture
                based off the SDK for <filename>core-image-sato</filename>:
                <literallayout class='monospaced'>
-     poky-eglibc-x86_64-core-image-sato-i586-toolchain-&DISTRO;.sh
+     poky-glibc-x86_64-core-image-sato-i586-toolchain-&DISTRO;.sh
                </literallayout>
            </para>

@@ -683,7 +683,7 @@

            <para>
                <literallayout class='monospaced'>
-     $ ~/Downloads/poky-eglibc-x86_64-core-image-sato-i586-toolchain-&DISTRO;.sh
+     $ ~/Downloads/poky-glibc-x86_64-core-image-sato-i586-toolchain-&DISTRO;.sh
                </literallayout>
            </para>

--- a/meta-yocto/conf/distro/poky.conf
+++ b/meta-yocto/conf/distro/poky.conf
@@ -1,6 +1,6 @@
 DISTRO = "poky"
 DISTRO_NAME = "Poky (Yocto Project Reference Distro)"
-DISTRO_VERSION = "1.7.1"
+DISTRO_VERSION = "1.7.3"
 DISTRO_CODENAME = "dizzy"
 SDK_VENDOR = "-pokysdk"
 SDK_VERSION := "${@'${DISTRO_VERSION}'.replace('snapshot-${DATE}','snapshot')}"
@@ -112,7 +112,7 @@ INHERIT += "poky-sanity"

 # QA check settings - a little stricter than the OE-Core defaults
 WARN_QA = "textrel files-invalid incompatible-license xorg-driver-abi libdir \
-           unknown-configure-option build-deps"
+           unknown-configure-option build-deps file-rdeps"
 ERROR_QA = "dev-so debug-deps dev-deps debug-files arch pkgconfig la perms \
            useless-rpaths rpaths staticdev ldflags pkgvarcheck already-stripped \
            compile-host-path dep-cmp installed-vs-shipped install-host-path \
--- a/meta/classes/allarch.bbclass
+++ b/meta/classes/allarch.bbclass
@@ -27,6 +27,10 @@ python () {
        d.setVar("PACKAGE_EXTRA_ARCHS", "")
        d.setVar("SDK_ARCH", "none")
        d.setVar("SDK_CC_ARCH", "none")
+        d.setVar("TARGET_CPPFLAGS", "none")
+        d.setVar("TARGET_CFLAGS", "none")
+        d.setVar("TARGET_CXXFLAGS", "none")
+        d.setVar("TARGET_LDFLAGS", "none")

        # Avoid this being unnecessarily different due to nuances of
        # the target machine that aren't important for "all" arch
--- a/meta/classes/autotools.bbclass
+++ b/meta/classes/autotools.bbclass
@@ -86,7 +86,7 @@ oe_runconf () {
 		${CACHED_CONFIGUREVARS} $cfgscript ${CONFIGUREOPTS} ${EXTRA_OECONF} "$@"
 		if [ "$?" != "0" ]; then
 			echo "Configure failed. The contents of all config.log files follows to aid debugging"
-			find ${S} -name config.log -print -exec cat {} \;
+			find ${S} -ignore_readdir_race -name config.log -print -exec cat {} \;
 			bbfatal "oe_runconf failed"
 		fi
 		set -e
@@ -105,7 +105,7 @@ autotools_preconfigure() {
 			if [ "${S}" != "${B}" ]; then
 				echo "Previously configured separate build directory detected, cleaning ${B}"
 				rm -rf ${B}
-				mkdir ${B}
+				mkdir -p ${B}
 			else
 				# At least remove the .la files since automake won't automatically
 				# regenerate them even if CFLAGS/LDFLAGS are different
--- a/meta/classes/base.bbclass
+++ b/meta/classes/base.bbclass
@@ -434,12 +434,30 @@ python () {
            bad_licenses = map(lambda l: canonical_license(d, l), bad_licenses)

            whitelist = []
+            incompatwl = []
+            htincompatwl = []
            for lic in bad_licenses:
+                spdx_license = return_spdx(d, lic)
                for w in ["HOSTTOOLS_WHITELIST_", "LGPLv2_WHITELIST_", "WHITELIST_"]:
                    whitelist.extend((d.getVar(w + lic, True) or "").split())
-                spdx_license = return_spdx(d, lic)
-                if spdx_license:
-                    whitelist.extend((d.getVar('HOSTTOOLS_WHITELIST_%s' % spdx_license, True) or "").split())
+                    if spdx_license:
+                        whitelist.extend((d.getVar(w + spdx_license, True) or "").split())
+                    '''
+                    We need to track what we are whitelisting and why. If pn is 
+                    incompatible and is not HOSTTOOLS_WHITELIST_ we need to be 
+                    able to note that the image that is created may infact 
+                    contain incompatible licenses despite INCOMPATIBLE_LICENSE 
+                    being set.
+                    '''
+                    if "HOSTTOOLS" in w:
+                        htincompatwl.extend((d.getVar(w + lic, True) or "").split())
+                        if spdx_license:
+                            htincompatwl.extend((d.getVar(w + spdx_license, True) or "").split())
+                    else:
+                        incompatwl.extend((d.getVar(w + lic, True) or "").split())
+                        if spdx_license:
+                            incompatwl.extend((d.getVar(w + spdx_license, True) or "").split())
+
            if not pn in whitelist:
                recipe_license = d.getVar('LICENSE', True)
                pkgs = d.getVar('PACKAGES', True).split()
@@ -460,6 +478,11 @@ python () {
                elif all_skipped or incompatible_license(d, bad_licenses):
                    bb.debug(1, "SKIPPING recipe %s because it's %s" % (pn, recipe_license))
                    raise bb.parse.SkipPackage("incompatible with license %s" % recipe_license)
+            elif pn in whitelist:
+                if pn in incompatwl:
+                    bb.note("INCLUDING " + pn + " as buildable despite INCOMPATIBLE_LICENSE because it has been whitelisted")
+                elif pn in htincompatwl:
+                    bb.note("INCLUDING " + pn + " as buildable despite INCOMPATIBLE_LICENSE because it has been whitelisted for HOSTTOOLS")

    srcuri = d.getVar('SRC_URI', True)
    # Svn packages should DEPEND on subversion-native
--- a/meta/classes/cross-canadian.bbclass
+++ b/meta/classes/cross-canadian.bbclass
@@ -16,6 +16,7 @@ STAGING_BINDIR_TOOLCHAIN = "${STAGING_DIR_NATIVE}${bindir_native}/${SDK_ARCH}${S
 #
 PACKAGE_ARCH = "${SDK_ARCH}-${SDKPKGSUFFIX}"
 CANADIANEXTRAOS = ""
+MODIFYTOS ??= "1"
 python () {
    archs = d.getVar('PACKAGE_ARCHS', True).split()
    sdkarchs = []
@@ -23,6 +24,9 @@ python () {
        sdkarchs.append(arch + '-${SDKPKGSUFFIX}')
    d.setVar('PACKAGE_ARCHS', " ".join(sdkarchs))

+    # Allow the following code segment to be disabled, e.g. meta-environment
+    if d.getVar("MODIFYTOS", True) != "1":
+        return
    # PowerPC can build "linux" and "linux-gnuspe"
    tarch = d.getVar("TARGET_ARCH", True)
    if tarch == "powerpc":
--- a/meta/classes/fontcache.bbclass
+++ b/meta/classes/fontcache.bbclass
@@ -8,13 +8,24 @@ inherit qemu

 FONT_PACKAGES ??= "${PN}"
 FONT_EXTRA_RDEPENDS ?= "fontconfig-utils"
-
+FONTCONFIG_CACHE_DIR ?= "${localstatedir}/cache/fontconfig"
+FONTCONFIG_CACHE_PARAMS ?= "-v"
+# You can change this to e.g. FC_DEBUG=16 to debug fc-cache issues,
+# something has to be set, because qemuwrapper is using this variable after -E
+# multiple variables aren't allowed because for qemu they are separated
+# by comma and in -n "$D" case they should be separated by space
+FONTCONFIG_CACHE_ENV ?= "FC_DEBUG=1"
 fontcache_common() {
-if [ "x$D" != "x" ] ; then
-	$INTERCEPT_DIR/postinst_intercept update_font_cache ${PKG} mlprefix=${MLPREFIX} bindir=${bindir} \
-		libdir=${libdir} base_libdir=${base_libdir}
+if [ -n "$D" ] ; then
+	$INTERCEPT_DIR/postinst_intercept update_font_cache ${PKG} mlprefix=${MLPREFIX} \
+		'bindir="${bindir}"' \
+		'libdir="${libdir}"' \
+		'base_libdir="${base_libdir}"' \
+		'fontconfigcachedir="${FONTCONFIG_CACHE_DIR}"' \
+		'fontconfigcacheparams="${FONTCONFIG_CACHE_PARAMS}"' \
+		'fontconfigcacheenv="${FONTCONFIG_CACHE_ENV}"'
 else
-	fc-cache
+	${FONTCONFIG_CACHE_ENV} fc-cache ${FONTCONFIG_CACHE_PARAMS}
 fi
 }

@@ -42,4 +53,4 @@ python add_fontcache_postinsts() {
        d.setVar('pkg_postrm_%s' % pkg, postrm)
 }

-PACKAGEFUNCS += "add_fontcache_postinsts"
+PACKAGEFUNCS =+ "add_fontcache_postinsts"
--- a/meta/classes/gnome.bbclass
+++ b/meta/classes/gnome.bbclass
@@ -1,5 +1 @@
 inherit gnomebase gtk-icon-cache gconf mime
-
-EXTRA_OECONF += "--disable-introspection"
-
-UNKNOWN_CONFIGURE_WHITELIST += "--disable-introspection"
--- a/meta/classes/gnomebase.bbclass
+++ b/meta/classes/gnomebase.bbclass
@@ -28,3 +28,6 @@ do_install_append() {
 	rm -f ${D}${datadir}/applications/*.cache
 }

+EXTRA_OECONF += "--disable-introspection"
+
+UNKNOWN_CONFIGURE_WHITELIST += "--disable-introspection"
--- a/meta/classes/icecc.bbclass
+++ b/meta/classes/icecc.bbclass
@@ -91,6 +91,10 @@ def create_path(compilers, bb, d):
    return staging

 def use_icc(bb,d):
+    if d.getVar('ICECC_DISABLED') == "1":
+        # don't even try it, when explicitly disabled
+        return "no"
+
    # allarch recipes don't use compiler
    if icc_is_allarch(bb, d):
        return "no"
@@ -133,8 +137,7 @@ def use_icc(bb,d):
    return "yes"

 def icc_is_allarch(bb, d):
-    return \
-        bb.data.inherits_class("allarch", d);
+    return d.getVar("PACKAGE_ARCH") == "all"

 def icc_is_kernel(bb, d):
    return \
@@ -148,10 +151,6 @@ def icc_is_native(bb, d):
 # Don't pollute allarch signatures with TARGET_FPU
 icc_version[vardepsexclude] += "TARGET_FPU"
 def icc_version(bb, d):
-    if d.getVar('ICECC_DISABLED') == "1":
-        # don't even try it, when explicitly disabled
-        return ""
-
    if use_icc(bb, d) == "no":
        return ""

@@ -179,7 +178,7 @@ def icc_version(bb, d):
    return tar_file

 def icc_path(bb,d):
-    if d.getVar('ICECC_DISABLED') == "1":
+    if use_icc(bb, d) == "no":
        # don't create unnecessary directories when icecc is disabled
        return

@@ -246,7 +245,7 @@ def set_icecc_env():
    return

 set_icecc_env() {
-    if [ "${ICECC_DISABLED}" = "1" ]
+    if [ "${@use_icc(bb, d)}" = "no" ]
    then
        return
    fi
--- a/meta/classes/image.bbclass
+++ b/meta/classes/image.bbclass
@@ -94,7 +94,7 @@ def rootfs_variables(d):
                 'IMAGE_ROOTFS_MAXSIZE','IMAGE_NAME','IMAGE_LINK_NAME','IMAGE_MANIFEST','DEPLOY_DIR_IMAGE','RM_OLD_IMAGE','IMAGE_FSTYPES','IMAGE_INSTALL_COMPLEMENTARY','IMAGE_LINGUAS','SDK_OS',
                 'SDK_OUTPUT','SDKPATHNATIVE','SDKTARGETSYSROOT','SDK_DIR','SDK_VENDOR','SDKIMAGE_INSTALL_COMPLEMENTARY','SDK_PACKAGE_ARCHS','SDK_OUTPUT','SDKTARGETSYSROOT','MULTILIBRE_ALLOW_REP',
                 'MULTILIB_TEMP_ROOTFS','MULTILIB_VARIANTS','MULTILIBS','ALL_MULTILIB_PACKAGE_ARCHS','MULTILIB_GLOBAL_VARIANTS','BAD_RECOMMENDATIONS','NO_RECOMMENDATIONS','PACKAGE_ARCHS',
-                 'PACKAGE_CLASSES','TARGET_VENDOR','TARGET_VENDOR','TARGET_ARCH','TARGET_OS','OVERRIDES','BBEXTENDVARIANT','FEED_DEPLOYDIR_BASE_URI','INTERCEPT_DIR','BUILDNAME','USE_DEVFS',
+                 'PACKAGE_CLASSES','TARGET_VENDOR','TARGET_VENDOR','TARGET_ARCH','TARGET_OS','OVERRIDES','BBEXTENDVARIANT','FEED_DEPLOYDIR_BASE_URI','INTERCEPT_DIR','USE_DEVFS',
                 'STAGING_KERNEL_DIR','COMPRESSIONTYPES']
    variables.extend(command_variables(d))
    variables.extend(variable_depends(d))
@@ -216,6 +216,27 @@ read_only_rootfs_hook () {
 			fi
 		fi
 	fi
+
+	if ${@bb.utils.contains("DISTRO_FEATURES", "systemd", "true", "false", d)}; then
+	    # Update user database files so that services don't fail for a read-only systemd system
+	    for conffile in ${IMAGE_ROOTFS}/usr/lib/sysusers.d/systemd.conf ${IMAGE_ROOTFS}/usr/lib/sysusers.d/systemd-remote.conf; do
+		[ -e $conffile ] || continue
+		grep -v "^#" $conffile | sed -e '/^$/d' | while read type name id comment; do
+		    if [ "$type" = "u" ]; then
+			useradd_params=""
+			[ "$id" != "-" ] && useradd_params="$useradd_params --uid $id"
+			[ "$comment" != "-" ] && useradd_params="$useradd_params --comment $comment"
+			useradd_params="$useradd_params --system $name"
+			eval useradd --root ${IMAGE_ROOTFS} $useradd_params || true
+		    elif [ "$type" = "g" ]; then
+			groupadd_params=""
+			[ "$id" != "-" ] && groupadd_params="$groupadd_params --gid $id"
+			groupadd_params="$groupadd_params --system $name"
+			eval groupadd --root ${IMAGE_ROOTFS} $groupadd_params || true
+		    fi
+		done
+	    done
+	fi
 }

 PACKAGE_EXCLUDE ??= ""
--- a/meta/classes/image_types.bbclass
+++ b/meta/classes/image_types.bbclass
@@ -66,11 +66,11 @@ IMAGE_CMD_squashfs-xz = "mksquashfs ${IMAGE_ROOTFS} ${DEPLOY_DIR_IMAGE}/${IMAGE_
 IMAGE_CMD_squashfs-lzo = "mksquashfs ${IMAGE_ROOTFS} ${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.rootfs.squashfs-lzo ${EXTRA_IMAGECMD} -noappend -comp lzo"
 IMAGE_CMD_tar = "tar -cvf ${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.rootfs.tar -C ${IMAGE_ROOTFS} ."

+do_rootfs[cleandirs] += "${WORKDIR}/cpio_append"
 IMAGE_CMD_cpio () {
 	(cd ${IMAGE_ROOTFS} && find . | cpio -o -H newc >${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.rootfs.cpio)
-	if [ ! -e ${IMAGE_ROOTFS}/init ]; then
-		mkdir -p ${WORKDIR}/cpio_append
-		if [ -e ${IMAGE_ROOTFS}/sbin/init -o -L ${IMAGE_ROOTFS}/sbin/init ]; then
+	if [ ! -L ${IMAGE_ROOTFS}/init -a ! -e ${IMAGE_ROOTFS}/init ]; then
+		if [ -L ${IMAGE_ROOTFS}/sbin/init -o -e ${IMAGE_ROOTFS}/sbin/init ]; then
 			ln -sf /sbin/init ${WORKDIR}/cpio_append/init
 		else
 			touch ${WORKDIR}/cpio_append/init
--- a/meta/classes/kernel.bbclass
+++ b/meta/classes/kernel.bbclass
@@ -403,7 +403,7 @@ do_strip() {
 			  gawk '{print $1}'`

 		for str in ${KERNEL_IMAGE_STRIP_EXTRA_SECTIONS}; do {
-			if [[ "$headers" != *"$str"* ]]; then
+			if [ "$headers" != *"$str"* ]; then
 				bbwarn "Section not found: $str";
 			fi

--- a/meta/classes/license.bbclass
+++ b/meta/classes/license.bbclass
@@ -49,24 +49,25 @@ license_create_manifest() {

 		pkged_pv="$(sed -n 's/^PV: //p' ${filename})"
 		pkged_name="$(basename $(readlink ${filename}))"
-		pkged_lic="$(sed -n "/^LICENSE_${pkged_name}: /{ s/^LICENSE_${pkged_name}: //; s/[|&()*]/ /g; s/  */ /g; p }" ${filename})"
-		if [ -z ${pkged_lic} ]; then
+		pkged_lic="$(sed -n "/^LICENSE_${pkged_name}: /{ s/^LICENSE_${pkged_name}: //; p }" ${filename})"
+		if [ -z "${pkged_lic}" ]; then
 			# fallback checking value of LICENSE
-			pkged_lic="$(sed -n "/^LICENSE: /{ s/^LICENSE: //; s/[|&()*]/ /g; s/  */ /g; p }" ${filename})"
+			pkged_lic="$(sed -n "/^LICENSE: /{ s/^LICENSE: //; p }" ${filename})"
 		fi

 		echo "PACKAGE NAME:" ${pkg} >> ${LICENSE_MANIFEST}
 		echo "PACKAGE VERSION:" ${pkged_pv} >> ${LICENSE_MANIFEST}
 		echo "RECIPE NAME:" ${pkged_pn} >> ${LICENSE_MANIFEST}
-		printf "LICENSE:" >> ${LICENSE_MANIFEST}
-		for lic in ${pkged_lic}; do
+		echo "LICENSE:" ${pkged_lic} >> ${LICENSE_MANIFEST}
+		echo "" >> ${LICENSE_MANIFEST}
+
+		lics="$(echo ${pkged_lic} | sed "s/[|&()*]/ /g" | sed "s/  */ /g" )"
+		for lic in ${lics}; do
 			# to reference a license file trim trailing + symbol
 			if ! [ -e "${LICENSE_DIRECTORY}/${pkged_pn}/generic_${lic%+}" ]; then
 				bbwarn "The license listed ${lic} was not in the licenses collected for ${pkged_pn}"
 			fi
-                        printf " ${lic}" >> ${LICENSE_MANIFEST}
 		done
-		printf "\n\n" >> ${LICENSE_MANIFEST}
 	done

 	# Two options here:
@@ -314,7 +315,8 @@ def incompatible_license(d, dont_want_licenses, package=None):
    # Handles an "or" or two license sets provided by
    # flattened_licenses(), pick one that works if possible.
    def choose_lic_set(a, b):
-        return a if all(license_ok(lic) for lic in a) else b
+        return a if all(license_ok(canonical_license(d, lic)) for lic in a) \
+                else b

    try:
        licenses = oe.license.flattened_licenses(license, choose_lic_set)
@@ -389,6 +391,8 @@ do_populate_lic[sstate-outputdirs] = "${LICENSE_DIRECTORY}/"

 ROOTFS_POSTPROCESS_COMMAND_prepend = "write_package_manifest; license_create_manifest; "

+do_populate_lic_setscene[dirs] = "${LICSSTATEDIR}/${PN}"
+do_populate_lic_setscene[cleandirs] = "${LICSSTATEDIR}"
 python do_populate_lic_setscene () {
    sstate_setscene(d)
 }
--- a/meta/classes/package.bbclass
+++ b/meta/classes/package.bbclass
@@ -394,28 +394,53 @@ def runtime_mapping_rename (varname, pkg, d):
 #

 python package_get_auto_pr() {
-    # per recipe PRSERV_HOST
+    import oe.prservice
+    import re
+
+    # Support per recipe PRSERV_HOST
    pn = d.getVar('PN', True)
    host = d.getVar("PRSERV_HOST_" + pn, True)
    if not (host is None):
        d.setVar("PRSERV_HOST", host)

-    if d.getVar('PRSERV_HOST', True):
-        try:
-            auto_pr=prserv_get_pr_auto(d)
-        except Exception as e:
-            bb.fatal("Can NOT get PRAUTO, exception %s" %  str(e))
-        if auto_pr is None:
-            if d.getVar('PRSERV_LOCKDOWN', True):
-                bb.fatal("Can NOT get PRAUTO from lockdown exported file")
-            else:
-                bb.fatal("Can NOT get PRAUTO from remote PR service")
-            return
-        d.setVar('PRAUTO',str(auto_pr))
-    else:
-        pkgv = d.getVar("PKGV", True)
+    pkgv = d.getVar("PKGV", True)
+
+    # PR Server not active, handle AUTOINC
+    if not d.getVar('PRSERV_HOST', True):
        if 'AUTOINC' in pkgv:
            d.setVar("PKGV", pkgv.replace("AUTOINC", "0"))
+        return
+
+    auto_pr = None
+    pv = d.getVar("PV", True)
+    version = d.getVar("PRAUTOINX", True)
+    pkgarch = d.getVar("PACKAGE_ARCH", True)
+    checksum = d.getVar("BB_TASKHASH", True)
+
+    if d.getVar('PRSERV_LOCKDOWN', True):
+        auto_pr = d.getVar('PRAUTO_' + version + '_' + pkgarch, True) or d.getVar('PRAUTO_' + version, True) or None
+        if auto_pr is None:
+            bb.fatal("Can NOT get PRAUTO from lockdown exported file")
+        d.setVar('PRAUTO',str(auto_pr))
+        return
+
+    try:
+        conn = d.getVar("__PRSERV_CONN", True)
+        if conn is None:
+            conn = oe.prservice.prserv_make_conn(d)
+        if conn is not None:
+            if "AUTOINC" in pkgv:
+                srcpv = bb.fetch2.get_srcrev(d)
+                base_ver = "AUTOINC-%s" % version[:version.find(srcpv)]
+                value = conn.getPR(base_ver, pkgarch, srcpv)
+                d.setVar("PKGV", pkgv.replace("AUTOINC", str(value)))
+
+            auto_pr = conn.getPR(version, pkgarch, checksum)
+    except Exception as e:
+        bb.fatal("Can NOT get PRAUTO, exception %s" %  str(e))
+    if auto_pr is None:
+        bb.fatal("Can NOT get PRAUTO from remote PR service")
+    d.setVar('PRAUTO',str(auto_pr))
 }

 LOCALEBASEPN ??= "${PN}"
@@ -790,8 +815,8 @@ python split_and_strip_files () {
    #
    elffiles = {}
    symlinks = {}
-    hardlinks = {}
    kernmods = []
+    inodes = {}
    libdir = os.path.abspath(dvar + os.sep + d.getVar("libdir", True))
    baselibdir = os.path.abspath(dvar + os.sep + d.getVar("base_libdir", True))
    if (d.getVar('INHIBIT_PACKAGE_STRIP', True) != '1'):
@@ -829,6 +854,7 @@ python split_and_strip_files () {
                            #bb.note("Sym: %s (%d)" % (ltarget, isELF(ltarget)))
                            symlinks[file] = target
                        continue
+
                    # It's a file (or hardlink), not a link
                    # ...but is it ELF, and is it already stripped?
                    elf_file = isELF(file)
@@ -840,28 +866,30 @@ python split_and_strip_files () {
                                msg = "File '%s' from %s was already stripped, this will prevent future debugging!" % (file[len(dvar):], pn)
                                package_qa_handle_error("already-stripped", msg, d)
                            continue
-                        # Check if it's a hard link to something else
-                        if s.st_nlink > 1:
-                            file_reference = "%d_%d" % (s.st_dev, s.st_ino)
-                            # Hard link to something else
-                            hardlinks[file] = file_reference
-                            continue
-                        elffiles[file] = elf_file
+
+                        # At this point we have an unstripped elf file. We need to:
+                        #  a) Make sure any file we strip is not hardlinked to anything else outside this tree
+                        #  b) Only strip any hardlinked file once (no races)
+                        #  c) Track any hardlinks between files so that we can reconstruct matching debug file hardlinks
+
+                        # Use a reference of device ID and inode number to indentify files
+                        file_reference = "%d_%d" % (s.st_dev, s.st_ino)
+                        if file_reference in inodes:
+                            os.unlink(file)
+                            os.link(inodes[file_reference][0], file)
+                            inodes[file_reference].append(file)
+                        else:
+                            inodes[file_reference] = [file]
+                            # break hardlink
+                            bb.utils.copyfile(file, file)
+                            elffiles[file] = elf_file
+                        # Modified the file so clear the cache
+                        cpath.updatecache(file)

    #
    # First lets process debug splitting
    #
    if (d.getVar('INHIBIT_PACKAGE_DEBUG_SPLIT', True) != '1'):
-        hardlinkmap = {}
-        # For hardlinks, process only one of the files
-        for file in hardlinks:
-            file_reference = hardlinks[file]
-            if file_reference not in hardlinkmap:
-                # If this is a new file, add it as a reference, and
-                # update it's type, so we can fall through and split
-                elffiles[file] = isELF(file)
-                hardlinkmap[file_reference] = file
-
        for file in elffiles:
            src = file[len(dvar):]
            dest = debuglibdir + os.path.dirname(src) + debugdir + "/" + os.path.basename(src) + debugappend
@@ -874,13 +902,14 @@ python split_and_strip_files () {
            splitdebuginfo(file, fpath, debugsrcdir, sourcefile, d)

        # Hardlink our debug symbols to the other hardlink copies
-        for file in hardlinks:
-            if file not in elffiles:
+        for ref in inodes:
+            if len(inodes[ref]) == 1:
+                continue
+            for file in inodes[ref][1:]:
                src = file[len(dvar):]
                dest = debuglibdir + os.path.dirname(src) + debugdir + "/" + os.path.basename(src) + debugappend
                fpath = dvar + dest
-                file_reference = hardlinks[file]
-                target = hardlinkmap[file_reference][len(dvar):]
+                target = inodes[ref][0][len(dvar):]
                ftarget = dvar + debuglibdir + os.path.dirname(target) + debugdir + "/" + os.path.basename(target) + debugappend
                bb.utils.mkdirhier(os.path.dirname(fpath))
                #bb.note("Link %s -> %s" % (fpath, ftarget))
@@ -1572,7 +1601,7 @@ python package_do_shlibs() {
            # /opt/abc/lib/libfoo.so.1 and contains /usr/bin/abc depending on system library libfoo.so.1
            # but skipping it is still better alternative than providing own
            # version and then adding runtime dependency for the same system library
-            if private_libs and n in private_libs:
+            if private_libs and n[0] in private_libs:
                bb.debug(2, '%s: Dependency %s covered by PRIVATE_LIBS' % (pkg, n[0]))
                continue
            if n[0] in shlib_provider.keys():
--- a/meta/classes/prserv.bbclass
+++ b/meta/classes/prserv.bbclass
@@ -1,33 +1,2 @@
-def prserv_get_pr_auto(d):
-    import oe.prservice
-    import re

-    pv = d.getVar("PV", True)
-    if not d.getVar('PRSERV_HOST', True):
-        if 'AUTOINC' in pv:
-            d.setVar("PKGV", pv.replace("AUTOINC", "0"))
-        bb.warn("Not using network based PR service")
-        return None

-    version = d.getVar("PRAUTOINX", True)
-    pkgarch = d.getVar("PACKAGE_ARCH", True)
-    checksum = d.getVar("BB_TASKHASH", True)
-
-    conn = d.getVar("__PRSERV_CONN", True)
-    if conn is None:
-        conn = oe.prservice.prserv_make_conn(d)
-        if conn is None:
-            return None
-
-    if "AUTOINC" in pv:
-        srcpv = bb.fetch2.get_srcrev(d)
-        base_ver = "AUTOINC-%s" % version[:version.find(srcpv)]
-        value = conn.getPR(base_ver, pkgarch, srcpv)
-        d.setVar("PKGV", pv.replace("AUTOINC", str(value)))
-
-    if d.getVar('PRSERV_LOCKDOWN', True):
-        auto_rev = d.getVar('PRAUTO_' + version + '_' + pkgarch, True) or d.getVar('PRAUTO_' + version, True) or None
-    else:
-        auto_rev = conn.getPR(version, pkgarch, checksum)
-
-    return auto_rev
--- a/meta/classes/rm_work.bbclass
+++ b/meta/classes/rm_work.bbclass
@@ -109,3 +109,12 @@ rm_work_rootfs () {
    :
 }
 rm_work_rootfs[cleandirs] = "${WORKDIR}/rootfs"
+
+python () {
+    # If the recipe name is in the RM_WORK_EXCLUDE, skip the recipe.
+    excludes = (d.getVar("RM_WORK_EXCLUDE", True) or "").split()
+    pn = d.getVar("PN", True)
+    if pn in excludes:
+        d.delVarFlag('rm_work_rootfs', 'cleandirs')
+        d.delVarFlag('rm_work_populatesdk', 'cleandirs')
+}
--- a/meta/classes/sstate.bbclass
+++ b/meta/classes/sstate.bbclass
@@ -42,16 +42,6 @@ EXTRA_STAGING_FIXMES ?= ""

 SIGGEN_LOCKEDSIGS_CHECK_LEVEL ?= 'error'

-# Specify dirs in which the shell function is executed and don't use ${B}
-# as default dirs to avoid possible race about ${B} with other task.
-sstate_create_package[dirs] = "${SSTATE_BUILDDIR}"
-sstate_unpack_package[dirs] = "${SSTATE_INSTDIR}"
-
-# Do not run sstate_hardcode_path() in ${B}:
-# the ${B} maybe removed by cmake_do_configure() while
-# sstate_hardcode_path() running.
-sstate_hardcode_path[dirs] = "${SSTATE_BUILDDIR}"
-
 python () {
    if bb.data.inherits_class('native', d):
        d.setVar('SSTATE_PKGARCH', d.getVar('BUILD_ARCH'))
@@ -144,6 +134,8 @@ def sstate_install(ss, d):
    shareddirs = []
    bb.utils.mkdirhier(d.expand("${SSTATE_MANIFESTS}"))

+    sstateinst = d.expand("${WORKDIR}/sstate-install-%s/" % ss['task'])
+
    d2 = d.createCopy()
    extrainf = d.getVarFlag("do_" + ss['task'], 'stamp-extra-info', True)
    if extrainf:
@@ -237,7 +229,8 @@ def sstate_install(ss, d):
            oe.path.copyhardlinktree(state[1], state[2])

    for postinst in (d.getVar('SSTATEPOSTINSTFUNCS', True) or '').split():
-        bb.build.exec_func(postinst, d)
+        # All hooks should run in the SSTATE_INSTDIR
+        bb.build.exec_func(postinst, d, (sstateinst,))

    for lock in locks:
        bb.utils.unlockfile(lock)
@@ -273,7 +266,8 @@ def sstate_installpkg(ss, d):
    d.setVar('SSTATE_PKG', sstatepkg)

    for f in (d.getVar('SSTATEPREINSTFUNCS', True) or '').split() + ['sstate_unpack_package'] + (d.getVar('SSTATEPOSTUNPACKFUNCS', True) or '').split():
-        bb.build.exec_func(f, d)
+        # All hooks should run in the SSTATE_INSTDIR
+        bb.build.exec_func(f, d, (sstateinst,))

    for state in ss['dirs']:
        prepdir(state[1])
@@ -545,8 +539,9 @@ def sstate_package(ss, d):

    for f in (d.getVar('SSTATECREATEFUNCS', True) or '').split() + ['sstate_create_package'] + \
             (d.getVar('SSTATEPOSTCREATEFUNCS', True) or '').split():
-        bb.build.exec_func(f, d)
-  
+        # All hooks should run in SSTATE_BUILDDIR.
+        bb.build.exec_func(f, d, (sstatebuild,))
+
    bb.siggen.dump_this_task(sstatepkg + ".siginfo", d)

    return
@@ -567,7 +562,7 @@ def pstaging_fetch(sstatefetch, sstatepkg, d):
    bb.utils.mkdirhier(dldir)

    localdata.delVar('MIRRORS')
-    localdata.delVar('FILESPATH')
+    localdata.setVar('FILESPATH', dldir)
    localdata.setVar('DL_DIR', dldir)
    localdata.setVar('PREMIRRORS', mirrors)

@@ -604,19 +599,22 @@ python sstate_task_prefunc () {
    shared_state = sstate_state_fromvars(d)
    sstate_clean(shared_state, d)
 }
+sstate_task_prefunc[dirs] = "${WORKDIR}"

 python sstate_task_postfunc () {
    shared_state = sstate_state_fromvars(d)
+
    sstate_install(shared_state, d)
    for intercept in shared_state['interceptfuncs']:
-        bb.build.exec_func(intercept, d)
+        bb.build.exec_func(intercept, d, (d.getVar("WORKDIR", True),))
    omask = os.umask(002)
    if omask != 002:
       bb.note("Using umask 002 (not %0o) for sstate packaging" % omask)
    sstate_package(shared_state, d)
    os.umask(omask)
 }
-  
+sstate_task_postfunc[dirs] = "${WORKDIR}"
+

 #
 # Shell function to generate a sstate package from a directory
@@ -698,6 +696,8 @@ def sstate_checkhashes(sq_fn, sq_task, sq_hash, sq_hashfn, d):
        bb.data.update_data(localdata)

        dldir = localdata.expand("${SSTATE_DIR}")
+        localdata.delVar('MIRRORS')
+        localdata.setVar('FILESPATH', dldir)
        localdata.setVar('DL_DIR', dldir)
        localdata.setVar('PREMIRRORS', mirrors)

--- a/meta/classes/toaster.bbclass
+++ b/meta/classes/toaster.bbclass
@@ -71,7 +71,7 @@ python toaster_layerinfo_dumpdata() {
        layer_url = 'http://layers.openembedded.org/layerindex/layer/{layer}/'
        layer_url_name = _get_url_map_name(layer_name)

-        layer_info['name'] = layer_name
+        layer_info['name'] = layer_url_name
        layer_info['local_path'] = layer_path
        layer_info['layer_index_url'] = layer_url.format(layer=layer_url_name)
        layer_info['version'] = _get_layer_version_information(layer_path)
--- a/meta/classes/toolchain-scripts.bbclass
+++ b/meta/classes/toolchain-scripts.bbclass
@@ -93,7 +93,7 @@ EOF
 #we get the cached site config in the runtime
 TOOLCHAIN_CONFIGSITE_NOCACHE = "${@siteinfo_get_files(d, True)}"
 TOOLCHAIN_CONFIGSITE_SYSROOTCACHE = "${STAGING_DIR}/${MLPREFIX}${MACHINE}/${target_datadir}/${TARGET_SYS}_config_site.d"
-TOOLCHAIN_NEED_CONFIGSITE_CACHE = "${TCLIBC} ncurses"
+TOOLCHAIN_NEED_CONFIGSITE_CACHE ??= "${TCLIBC} ncurses"

 #This function create a site config file
 toolchain_create_sdk_siteconfig () {
--- a/meta/classes/utils.bbclass
+++ b/meta/classes/utils.bbclass
@@ -259,11 +259,11 @@ create_cmdline_wrapper () {
 	echo "Generating wrapper script for $cmd"

 	mv $cmd $cmd.real
-	cmdname=`basename $cmd`.real
+	cmdname=`basename $cmd`
 	cat <<END >$cmd
 #!/bin/bash
 realpath=\`readlink -fn \$0\`
-exec -a $cmd \`dirname \$realpath\`/$cmdname $@ "\$@"
+exec -a \`dirname \$realpath\`/$cmdname \`dirname \$realpath\`/$cmdname.real $@ "\$@"
 END
 	chmod +x $cmd
 }
--- a/meta/conf/bitbake.conf
+++ b/meta/conf/bitbake.conf
@@ -771,7 +771,7 @@ BB_HASHBASE_WHITELIST ?= "TMPDIR FILE PATH PWD BB_TASKHASH BBPATH DL_DIR \
    USER FILESPATH STAGING_DIR_HOST STAGING_DIR_TARGET COREBASE PRSERV_HOST \
    PRSERV_DUMPDIR PRSERV_DUMPFILE PRSERV_LOCKDOWN PARALLEL_MAKE \
    CCACHE_DIR EXTERNAL_TOOLCHAIN CCACHE CCACHE_DISABLE LICENSE_PATH SDKPKGSUFFIX \
-    WARN_QA ERROR_QA WORKDIR STAMPCLEAN"
+    WARN_QA ERROR_QA WORKDIR STAMPCLEAN PKGDATA_DIR"
 BB_HASHCONFIG_WHITELIST ?= "${BB_HASHBASE_WHITELIST} DATE TIME SSH_AGENT_PID \
    SSH_AUTH_SOCK PSEUDO_BUILD BB_ENV_EXTRAWHITE DISABLE_SANITY_CHECKS \
    PARALLEL_MAKE BB_NUMBER_THREADS BB_ORIGENV BB_INVALIDCONF BBINCLUDED"
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -16,6 +16,7 @@ SECURITY_CFLAGS_pn-lttng-tools_arm = "${SECURITY_NO_PIE_CFLAGS}"

 SECURITY_CFLAGS_pn-aspell = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-beecrypt = "${SECURITY_NO_PIE_CFLAGS}"
+SECURITY_CFLAGS_pn-blktrace = "${SECURITY_NO_PIE_CFLAGS}"
 # Curl seems to check for FORTIFY_SOURCE in CFLAGS, but even assigned
 # to CPPFLAGS it gets picked into CFLAGS in bitbake.
 #TARGET_CPPFLAGS_pn-curl += "-D_FORTIFY_SOURCE=2"
@@ -26,6 +27,7 @@ SECURITY_CFLAGS_pn-directfb = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-glibc = ""
 SECURITY_CFLAGS_pn-glibc-initial = ""
 SECURITY_CFLAGS_pn-enchant = "${SECURITY_NO_PIE_CFLAGS}"
+SECURITY_CFLAGS_pn-expect = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-flac = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-gcc-runtime = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-gdb = "${SECURITY_NO_PIE_CFLAGS}"
@@ -43,6 +45,7 @@ SECURITY_CFLAGS_pn-gst-plugins-gl = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-gstreamer1.0-plugins-good = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-harfbuzz = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-kexec-tools = "${SECURITY_NO_PIE_CFLAGS}"
+SECURITY_CFLAGS_pn-libaio = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-libcap = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-libgcc = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-libid3tag = "${SECURITY_NO_PIE_CFLAGS}"
@@ -51,6 +54,7 @@ SECURITY_CFLAGS_pn-libglu = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-libpcap = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-libpcre = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-libproxy = "${SECURITY_NO_PIE_CFLAGS}"
+SECURITY_CFLAGS_pn-ltp = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-lttng-ust = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-mesa = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-mesa-gl = "${SECURITY_NO_PIE_CFLAGS}"
--- a/meta/conf/layer.conf
+++ b/meta/conf/layer.conf
@@ -43,5 +43,16 @@ SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \
  gcc-cross-${TARGET_ARCH}->musl \
  gcc-cross-${TARGET_ARCH}->uclibc \
  gcc-cross-${TARGET_ARCH}->linux-libc-headers \
+  ppp-dialin->ppp \
+  resolvconf->bash \
+  docbook-xsl-stylesheets->perl \
+  initramfs-framework->busybox \
+  initramfs-framework->systemd \
+  initramfs-framework->udev \
+  liberation-fonts->fontconfig \
+  gnome-icon-theme->librsvg \
+  font-alias->font-util \
+  weston-init->weston \
+  weston-init->kbd \
 "

--- a/meta/files/toolchain-shar-template.sh
+++ b/meta/files/toolchain-shar-template.sh
@@ -158,6 +158,7 @@ for replace in "$target_sdk_dir -maxdepth 1" "$native_sysroot"; do
 	$SUDO_EXEC find $replace -type f -exec file '{}' \; | \
 		grep ":.*\(ASCII\|script\|source\).*text" | \
 		awk -F':' '{printf "\"%s\"\n", $1}' | \
+		grep -v "$target_sdk_dir/environment-setup-*" | \
 		$SUDO_EXEC xargs -n32 sed -i -e "s:$DEFAULT_INSTALL_DIR:$target_sdk_dir:g"
 done

--- a/meta/lib/oe/package_manager.py
+++ b/meta/lib/oe/package_manager.py
@@ -531,6 +531,9 @@ class PackageManager(object):
        cmd = [bb.utils.which(os.getenv('PATH'), "oe-pkgdata-util"),
               "glob", self.d.getVar('PKGDATA_DIR', True), installed_pkgs_file,
               globs]
+        exclude = self.d.getVar('PACKAGE_EXCLUDE_COMPLEMENTARY', True)
+        if exclude:
+            cmd.extend(['-x', exclude])
        try:
            bb.note("Installing complementary packages ...")
            complementary_pkgs = subprocess.check_output(cmd, stderr=subprocess.STDOUT)
@@ -1722,9 +1725,12 @@ class DpkgPM(PackageManager):
            with open(self.d.expand("${STAGING_ETCDIR_NATIVE}/apt/apt.conf.sample")) as apt_conf_sample:
                for line in apt_conf_sample.read().split("\n"):
                    match_arch = re.match("  Architecture \".*\";$", line)
+                    architectures = ""
                    if match_arch:
                        for base_arch in base_arch_list:
-                            apt_conf.write("  Architecture \"%s\";\n" % base_arch)
+                            architectures += "\"%s\";" % base_arch
+                        apt_conf.write("  Architectures {%s};\n" % architectures);
+                        apt_conf.write("  Architecture \"%s\";\n" % base_archs)
                    else:
                        line = re.sub("#ROOTFS#", self.target_rootfs, line)
                        line = re.sub("#APTCONF#", self.apt_conf_dir, line)
--- a/meta/lib/oe/rootfs.py
+++ b/meta/lib/oe/rootfs.py
@@ -77,6 +77,9 @@ class Rootfs(object):
        pre_process_cmds = self.d.getVar("ROOTFS_PREPROCESS_COMMAND", True)
        post_process_cmds = self.d.getVar("ROOTFS_POSTPROCESS_COMMAND", True)

+        postinst_intercepts_dir = self.d.getVar("POSTINST_INTERCEPTS_DIR", True)
+        if not postinst_intercepts_dir:
+            postinst_intercepts_dir = self.d.expand("${COREBASE}/scripts/postinst-intercepts")
        intercepts_dir = os.path.join(self.d.getVar('WORKDIR', True),
                                      "intercept_scripts")

@@ -86,8 +89,7 @@ class Rootfs(object):

        bb.utils.mkdirhier(self.deploy_dir_image)

-        shutil.copytree(self.d.expand("${COREBASE}/scripts/postinst-intercepts"),
-                        intercepts_dir)
+        shutil.copytree(postinst_intercepts_dir, intercepts_dir)

        shutil.copy(self.d.expand("${COREBASE}/meta/files/deploydir_readme.txt"),
                    self.deploy_dir_image +
@@ -181,7 +183,7 @@ class Rootfs(object):
            bb.note("> Executing %s intercept ..." % script)

            try:
-                subprocess.check_output(script_full)
+                subprocess.check_call(script_full)
            except subprocess.CalledProcessError as e:
                bb.warn("The postinstall intercept hook '%s' failed (exit code: %d)! See log for details!" %
                        (script, e.returncode))
--- a/meta/lib/oeqa/selftest/bbtests.py
+++ b/meta/lib/oeqa/selftest/bbtests.py
@@ -97,6 +97,9 @@ class BitbakeTests(oeSelfTest):
    def test_invalid_recipe_src_uri(self):
        data = 'SRC_URI = "file://invalid"'
        self.write_recipeinc('man', data)
+        self.write_config("""DL_DIR = \"${TOPDIR}/download-selftest\"
+SSTATE_DIR = \"${TOPDIR}/download-selftest\"
+""")
        bitbake('-ccleanall man')
        result = bitbake('-c fetch man', ignore_status=True)
        bitbake('-ccleanall man')
@@ -107,6 +110,9 @@ class BitbakeTests(oeSelfTest):

    @testcase(171)
    def test_rename_downloaded_file(self):
+        self.write_config("""DL_DIR = \"${TOPDIR}/download-selftest\"
+SSTATE_DIR = \"${TOPDIR}/download-selftest\"
+""")
        data = 'SRC_URI_append = ";downloadfilename=test-aspell.tar.gz"'
        self.write_recipeinc('aspell', data)
        bitbake('-ccleanall aspell')
@@ -169,6 +175,9 @@ class BitbakeTests(oeSelfTest):

    @testcase(1035)
    def test_continue(self):
+	self.write_config("""DL_DIR = \"${TOPDIR}/download-selftest\"
+SSTATE_DIR = \"${TOPDIR}/download-selftest\"
+""")
 	self.write_recipeinc('man',"\ndo_fail_task () {\nexit 1 \n}\n\naddtask do_fail_task before do_fetch\n" )
 	runCmd('bitbake -c cleanall man xcursor-transparent-theme')
 	result = runCmd('bitbake man xcursor-transparent-theme -k', ignore_status=True)
--- a/meta/lib/oeqa/selftest/buildoptions.py
+++ b/meta/lib/oeqa/selftest/buildoptions.py
@@ -17,12 +17,15 @@ class ImageOptionsTests(oeSelfTest):
        self.write_config('INC_RPM_IMAGE_GEN = "1"')
        self.append_config('IMAGE_FEATURES += "ssh-server-openssh"')
        bitbake("core-image-minimal")
-        res = runCmd("grep 'Installing openssh-sshd' %s" % (os.path.join(get_bb_var("WORKDIR", "core-image-minimal"), "temp/log.do_rootfs")), ignore_status=True)
+        log_data_file = os.path.join(get_bb_var("WORKDIR", "core-image-minimal"), "temp/log.do_rootfs")
+        log_data_created = ftools.read_file(log_data_file)
+        incremental_created = re.search("NOTE: load old install solution for incremental install\nNOTE: old install solution not exist\nNOTE: creating new install solution for incremental install(\n.*)*NOTE: Installing the following packages:.*packagegroup-core-ssh-openssh", log_data_created)
        self.remove_config('IMAGE_FEATURES += "ssh-server-openssh"')
-        self.assertEqual(0, res.status, msg="No match for openssh-sshd in log.do_rootfs")
+        self.assertTrue(incremental_created, msg = "Match failed in:\n%s" % log_data_created)
        bitbake("core-image-minimal")
-        res = runCmd("grep 'Removing openssh-sshd' %s" %(os.path.join(get_bb_var("WORKDIR", "core-image-minimal"), "temp/log.do_rootfs")),ignore_status=True)
-        self.assertEqual(0, res.status, msg="openssh-sshd was not removed from image")
+        log_data_removed = ftools.read_file(log_data_file)
+        incremental_removed = re.search("NOTE: load old install solution for incremental install\nNOTE: creating new install solution for incremental install(\n.*)*NOTE: incremental removed:.*openssh-sshd-.*", log_data_removed)
+        self.assertTrue(incremental_removed, msg = "Match failed in:\n%s" % log_data_removed)

    @testcase(925)
    def test_rm_old_image(self):
--- a/meta/lib/oeqa/utils/decorators.py
+++ b/meta/lib/oeqa/utils/decorators.py
@@ -18,14 +18,21 @@ class getResults(object):
        upperf = sys._current_frames().values()[0]
        while (upperf.f_globals['__name__'] != 'unittest.case'):
            upperf = upperf.f_back
-        self.faillist = [ seq[0]._testMethodName for seq in upperf.f_locals['result'].failures ]
-        self.errorlist = [ seq[0]._testMethodName for seq in upperf.f_locals['result'].errors ]
-        #ignore the _ErrorHolder objects from the skipped tests list
-        self.skiplist = []
-        for seq in upperf.f_locals['result'].skipped:
-            try:
-                self.skiplist.append(seq[0]._testMethodName)
-            except: pass
+
+        def handleList(items):
+            ret = []
+            # items is a list of tuples, (test, failure) or (_ErrorHandler(), Exception())
+            for i in items:
+                s = i[0].id()
+                #Handle the _ErrorHolder objects from skipModule failures
+                if "setUpModule (" in s:
+                    ret.append(s.replace("setUpModule (", "").replace(")",""))
+                else:
+                    ret.append(s)
+            return ret
+        self.faillist = handleList(upperf.f_locals['result'].failures)
+        self.errorlist = handleList(upperf.f_locals['result'].errors)
+        self.skiplist = handleList(upperf.f_locals['result'].skipped)

    def getFailList(self):
        return self.faillist
--- a/meta/lib/oeqa/utils/qemurunner.py
+++ b/meta/lib/oeqa/utils/qemurunner.py
@@ -12,7 +12,9 @@ import signal
 import re
 import socket
 import select
-import bb
+
+import logging
+logger = logging.getLogger("BitBake.QemuRunner")

 class QemuRunner:

@@ -37,9 +39,6 @@ class QemuRunner:

        self.runqemutime = 60

-        self.create_socket()
-
-
    def create_socket(self):

        self.bootlog = ''
@@ -51,10 +50,12 @@ class QemuRunner:
            self.server_socket.bind(("127.0.0.1",0))
            self.server_socket.listen(2)
            self.serverport = self.server_socket.getsockname()[1]
-            bb.note("Created listening socket for qemu serial console on: 127.0.0.1:%s" % self.serverport)
+            logger.info("Created listening socket for qemu serial console on: 127.0.0.1:%s" % self.serverport)
+            return True
        except socket.error, msg:
            self.server_socket.close()
-            bb.fatal("Failed to create listening socket: %s" %msg[1])
+            logger.error("Failed to create listening socket: %s" % msg[1])
+            return False


    def log(self, msg):
@@ -63,26 +64,28 @@ class QemuRunner:
                f.write("%s" % msg)

    def start(self, qemuparams = None):
-
        if self.display:
            os.environ["DISPLAY"] = self.display
        else:
-            bb.error("To start qemu I need a X desktop, please set DISPLAY correctly (e.g. DISPLAY=:1)")
+            logger.error("To start qemu I need a X desktop, please set DISPLAY correctly (e.g. DISPLAY=:1)")
            return False
        if not os.path.exists(self.rootfs):
-            bb.error("Invalid rootfs %s" % self.rootfs)
+            logger.error("Invalid rootfs %s" % self.rootfs)
            return False
        if not os.path.exists(self.tmpdir):
-            bb.error("Invalid TMPDIR path %s" % self.tmpdir)
+            logger.error("Invalid TMPDIR path %s" % self.tmpdir)
            return False
        else:
            os.environ["OE_TMPDIR"] = self.tmpdir
        if not os.path.exists(self.deploy_dir_image):
-            bb.error("Invalid DEPLOY_DIR_IMAGE path %s" % self.deploy_dir_image)
+            logger.error("Invalid DEPLOY_DIR_IMAGE path %s" % self.deploy_dir_image)
            return False
        else:
            os.environ["DEPLOY_DIR_IMAGE"] = self.deploy_dir_image

+        if not self.create_socket():
+            return False
+
        # Set this flag so that Qemu doesn't do any grabs as SDL grabs interact
        # badly with screensavers.
        os.environ["QEMU_DONT_GRAB"] = "1"
@@ -93,28 +96,31 @@ class QemuRunner:
        launch_cmd = 'runqemu %s %s %s' % (self.machine, self.rootfs, self.qemuparams)
        self.runqemu = subprocess.Popen(launch_cmd,shell=True,stdout=subprocess.PIPE,stderr=subprocess.STDOUT,preexec_fn=os.setpgrp)

-        bb.note("runqemu started, pid is %s" % self.runqemu.pid)
-        bb.note("waiting at most %s seconds for qemu pid" % self.runqemutime)
+        logger.info("runqemu started, pid is %s" % self.runqemu.pid)
+        logger.info("waiting at most %s seconds for qemu pid" % self.runqemutime)
        endtime = time.time() + self.runqemutime
        while not self.is_alive() and time.time() < endtime:
            time.sleep(1)

        if self.is_alive():
-            bb.note("qemu started - qemu procces pid is %s" % self.qemupid)
+            logger.info("qemu started - qemu procces pid is %s" % self.qemupid)
            cmdline = ''
            with open('/proc/%s/cmdline' % self.qemupid) as p:
                cmdline = p.read()
-            ips = re.findall("((?:[0-9]{1,3}\.){3}[0-9]{1,3})", cmdline.split("ip=")[1])
-            if not ips or len(ips) != 3:
-                bb.note("Couldn't get ip from qemu process arguments! Here is the qemu command line used: %s" % cmdline)
+            try:
+                ips = re.findall("((?:[0-9]{1,3}\.){3}[0-9]{1,3})", cmdline.split("ip=")[1])
+                if not ips or len(ips) != 3:
+                    raise ValueError
+                else:
+                    self.ip = ips[0]
+                    self.server_ip = ips[1]
+            except IndexError, ValueError:
+                logger.info("Couldn't get ip from qemu process arguments! Here is the qemu command line used: %s" % cmdline)
                self.stop()
                return False
-            else:
-                self.ip = ips[0]
-                self.server_ip = ips[1]
-            bb.note("Target IP: %s" % self.ip)
-            bb.note("Server IP: %s" % self.server_ip)
-            bb.note("Waiting at most %d seconds for login banner" % self.boottime )
+            logger.info("Target IP: %s" % self.ip)
+            logger.info("Server IP: %s" % self.server_ip)
+            logger.info("Waiting at most %d seconds for login banner" % self.boottime)
            endtime = time.time() + self.boottime
            socklist = [self.server_socket]
            reachedlogin = False
@@ -127,7 +133,7 @@ class QemuRunner:
                        self.qemusock.setblocking(0)
                        socklist.append(self.qemusock)
                        socklist.remove(self.server_socket)
-                        bb.note("Connection from %s:%s" % addr)
+                        logger.info("Connection from %s:%s" % addr)
                    else:
                        data = sock.recv(1024)
                        if data:
@@ -136,24 +142,24 @@ class QemuRunner:
                            if re.search("qemu.* login:", self.bootlog):
                                stopread = True
                                reachedlogin = True
-                                bb.note("Reached login banner")
+                                logger.info("Reached login banner")
                        else:
                            socklist.remove(sock)
                            sock.close()
                            stopread = True

            if not reachedlogin:
-                bb.note("Target didn't reached login boot in %d seconds" % self.boottime)
+                logger.info("Target didn't reached login boot in %d seconds" % self.boottime)
                lines = "\n".join(self.bootlog.splitlines()[-5:])
-                bb.note("Last 5 lines of text:\n%s" % lines)
-                bb.note("Check full boot log: %s" % self.logfile)
+                logger.info("Last 5 lines of text:\n%s" % lines)
+                logger.info("Check full boot log: %s" % self.logfile)
                self.stop()
                return False
        else:
-            bb.note("Qemu pid didn't appeared in %s seconds" % self.runqemutime)
+            logger.info("Qemu pid didn't appeared in %s seconds" % self.runqemutime)
            output = self.runqemu.stdout
            self.stop()
-            bb.note("Output from runqemu:\n%s" % output.read())
+            logger.info("Output from runqemu:\n%s" % output.read())
            return False

        return self.is_alive()
@@ -161,13 +167,13 @@ class QemuRunner:
    def stop(self):

        if self.runqemu:
-            bb.note("Sending SIGTERM to runqemu")
+            logger.info("Sending SIGTERM to runqemu")
            os.killpg(self.runqemu.pid, signal.SIGTERM)
            endtime = time.time() + self.runqemutime
            while self.runqemu.poll() is None and time.time() < endtime:
                time.sleep(1)
            if self.runqemu.poll() is None:
-                bb.note("Sending SIGKILL to runqemu")
+                logger.info("Sending SIGKILL to runqemu")
                os.killpg(self.runqemu.pid, signal.SIGKILL)
            self.runqemu = None
        if self.server_socket:
@@ -177,10 +183,9 @@ class QemuRunner:
        self.ip = None

    def restart(self, qemuparams = None):
-        bb.note("Restarting qemu process")
+        logger.info("Restarting qemu process")
        if self.runqemu.poll() is None:
            self.stop()
-        self.create_socket()
        if self.start(qemuparams):
            return True
        return False
--- a/meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
+++ b/meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
@@ -0,0 +1,50 @@
+Upstream-Status: Accepted
+Signed-off-by: Awais Belal <awais_belal@mentor.com>
+
+From 451d80e52d851432e109771bb8febafca7a5f1f2 Mon Sep 17 00:00:00 2001
+From: Hector Marco-Gisbert <hecmargi@upv.es>
+Date: Wed, 16 Dec 2015 04:57:18 +0000
+Subject: Fix security issue when reading username and password
+
+This patch fixes two integer underflows at:
+  * grub-core/lib/crypto.c
+  * grub-core/normal/auth.c
+
+CVE-2015-8370
+
+Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es>
+Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es>
+Also-By: Andrey Borzenkov <arvidjaar@gmail.com>
+---
+Index: grub-2.00/grub-core/lib/crypto.c
+===================================================================
+--- grub-2.00.orig/grub-core/lib/crypto.c
+++ grub-2.00/grub-core/lib/crypto.c
+@@ -458,7 +458,8 @@ grub_password_get (char buf[], unsigned
+ 
+       if (key == '\b')
+ 	{
+-	  cur_len--;
+      if (cur_len)
+        cur_len--;
+ 	  continue;
+ 	}
+ 
+Index: grub-2.00/grub-core/normal/auth.c
+===================================================================
+--- grub-2.00.orig/grub-core/normal/auth.c
+++ grub-2.00/grub-core/normal/auth.c
+@@ -174,8 +174,11 @@ grub_username_get (char buf[], unsigned
+ 
+       if (key == '\b')
+ 	{
+-	  cur_len--;
+-	  grub_printf ("\b");
+      if (cur_len)
+       {
+	     cur_len--;
+	     grub_printf ("\b");
+        }
+ 	  continue;
+ 	}
+ 
--- a/meta/recipes-bsp/grub/files/0001-parse_dhcp_vendor-Add-missing-const-qualifiers.patch
+++ b/meta/recipes-bsp/grub/files/0001-parse_dhcp_vendor-Add-missing-const-qualifiers.patch
@@ -0,0 +1,33 @@
+Upstream-Status: Backport
+
+Original commit: http://git.savannah.gnu.org/cgit/grub.git/commit/grub-core/net/bootp.c?id=f06c2172c0b32052f22e37523445cf8e7affaea3
+
+From 149d2a14f4723778ced23f439487201ccbf1a2c9 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Thu, 23 Apr 2015 07:03:34 +0000
+Subject: [PATCH] parse_dhcp_vendor: Add missing const qualifiers.
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ grub-core/net/bootp.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/net/bootp.c b/grub-core/net/bootp.c
+index bc07d53..44131ed 100644
+--- a/grub-core/net/bootp.c
+++ b/grub-core/net/bootp.c
+@@ -52,9 +52,9 @@ set_env_limn_ro (const char *intername, const char *suffix,
+ }
+ 
+ static void
+-parse_dhcp_vendor (const char *name, void *vend, int limit, int *mask)
+parse_dhcp_vendor (const char *name, const void *vend, int limit, int *mask)
+ {
+-  grub_uint8_t *ptr, *ptr0;
+  const grub_uint8_t *ptr, *ptr0;
+ 
+   ptr = ptr0 = vend;
+ 
+-- 
+2.1.4
+
--- a/meta/recipes-bsp/grub/grub-efi_2.00.bb
+++ b/meta/recipes-bsp/grub/grub-efi_2.00.bb
@@ -29,6 +29,8 @@ SRC_URI = "ftp://ftp.gnu.org/gnu/grub/grub-${PV}.tar.gz \
           file://grub-efi-allow-a-compilation-without-mcmodel-large.patch \
           file://grub-2.00-add-oe-kernel.patch \
           file://grub-efi-fix-with-glibc-2.20.patch \
+           file://0001-parse_dhcp_vendor-Add-missing-const-qualifiers.patch \
+           file://0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch \
          "
 SRC_URI[md5sum] = "e927540b6eda8b024fb0391eeaa4091c"
 SRC_URI[sha256sum] = "65b39a0558f8c802209c574f4d02ca263a804e8a564bc6caf1cd0fd3b3cc11e3"
--- a/meta/recipes-bsp/grub/grub_2.00.bb
+++ b/meta/recipes-bsp/grub/grub_2.00.bb
@@ -24,6 +24,8 @@ SRC_URI = "ftp://ftp.gnu.org/gnu/grub/grub-${PV}.tar.gz \
          file://grub-2.00-add-oe-kernel.patch \
          file://fix-endianness-problem.patch \
          file://grub2-remove-sparc64-setup-from-x86-builds.patch \
+          file://0001-parse_dhcp_vendor-Add-missing-const-qualifiers.patch \
+          file://0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch \
          "

 SRC_URI[md5sum] = "e927540b6eda8b024fb0391eeaa4091c"
--- a/meta/recipes-connectivity/bind/bind/CVE-2015-1349.patch
+++ b/meta/recipes-connectivity/bind/bind/CVE-2015-1349.patch
@@ -0,0 +1,60 @@
+CVE-2015-1349 bind: issue in trust anchor management can cause named to crash
+
+commit 2e9d79f169663c9aff5f0dcdc626a2cd2dbb5892
+Author: Evan Hunt <each@isc.org>
+Date:   Tue Feb 3 18:30:38 2015 -0800
+
+    [v9_9_6_patch] avoid crash due to managed-key rollover
+    
+    4053.	[security]	Revoking a managed trust anchor and supplying
+    			an untrusted replacement could cause named
+    			to crash with an assertion failure.
+    			(CVE-2015-1349) [RT #38344]
+
+Upstream Status: Backport from Redhat
+
+https://bugzilla.redhat.com/attachment.cgi?id=993045
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+Index: bind-9.9.5/CHANGES
+===================================================================
+--- bind-9.9.5.orig/CHANGES
+++ bind-9.9.5/CHANGES
+@@ -1,3 +1,10 @@
+	--- 9.9.6-P2 released ---
+
+4053.	[security]	Revoking a managed trust anchor and supplying
+			an untrusted replacement could cause named
+			to crash with an assertion failure.
+			(CVE-2015-1349) [RT #38344]
+
+ 	--- 9.9.5 released ---
+ 
+ 	--- 9.9.5rc2 released ---
+Index: bind-9.9.5/lib/dns/zone.c
+===================================================================
+--- bind-9.9.5.orig/lib/dns/zone.c
+++ bind-9.9.5/lib/dns/zone.c
+@@ -8496,6 +8496,12 @@ keyfetch_done(isc_task_t *task, isc_even
+ 					     namebuf, tag);
+ 				trustkey = ISC_TRUE;
+ 			}
+		} else {
+			/*
+			 * No previously known key, and the key is not
+			 * secure, so skip it.
+			 */
+			continue;
+ 		}
+ 
+ 		/* Delete old version */
+@@ -8544,7 +8550,7 @@ keyfetch_done(isc_task_t *task, isc_even
+ 			trust_key(zone, keyname, &dnskey, mctx);
+ 		}
+ 
+-		if (!deletekey)
+		if (secure && !deletekey) 
+ 			set_refreshkeytimer(zone, &keydata, now);
+ 	}
+ 
--- a/meta/recipes-connectivity/bind/bind/CVE-2015-4620.patch
+++ b/meta/recipes-connectivity/bind/bind/CVE-2015-4620.patch
@@ -0,0 +1,36 @@
+CVE-2015-4620 bind: abort DoS caused by uninitialized value use in isselfsigned()
+
+issue introduced by git commit
+
+https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=44f175a90a855326725439b2f1178f0dcca8f67d
+
+which is in this version of bind.
+
+Upstream Status: Backport from Redhat
+
+https://bugzilla.redhat.com/attachment.cgi?id=1044719
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+Index: bind-9.9.5/lib/dns/validator.c
+===================================================================
+--- bind-9.9.5.orig/lib/dns/validator.c
+++ bind-9.9.5/lib/dns/validator.c
+@@ -1406,7 +1406,6 @@ compute_keytag(dns_rdata_t *rdata, dns_r
+  */
+ static isc_boolean_t
+ isselfsigned(dns_validator_t *val) {
+-	dns_fixedname_t fixed;
+ 	dns_rdataset_t *rdataset, *sigrdataset;
+ 	dns_rdata_t rdata = DNS_RDATA_INIT;
+ 	dns_rdata_t sigrdata = DNS_RDATA_INIT;
+@@ -1462,8 +1461,7 @@ isselfsigned(dns_validator_t *val) {
+ 			result = dns_dnssec_verify3(name, rdataset, dstkey,
+ 						    ISC_TRUE,
+ 						    val->view->maxbits,
+-						    mctx, &sigrdata,
+-						    dns_fixedname_name(&fixed));
+						    mctx, &sigrdata, NULL);
+ 			dst_key_free(&dstkey);
+ 			if (result != ISC_R_SUCCESS)
+ 				continue;
--- a/meta/recipes-connectivity/bind/bind/CVE-2015-5722.patch
+++ b/meta/recipes-connectivity/bind/bind/CVE-2015-5722.patch
@@ -0,0 +1,490 @@
+CVE-2015-5722 bind: malformed DNSSEC key failed assertion denial of service
+
+Upstream Status: Backport from Redhat
+
+https://bugzilla.redhat.com/attachment.cgi?id=1069245
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+Index: bind-9.9.5/lib/dns/hmac_link.c
+===================================================================
+--- bind-9.9.5.orig/lib/dns/hmac_link.c
+++ bind-9.9.5/lib/dns/hmac_link.c
+@@ -76,7 +76,7 @@ hmacmd5_createctx(dst_key_t *key, dst_co
+ 	hmacmd5ctx = isc_mem_get(dctx->mctx, sizeof(isc_hmacmd5_t));
+ 	if (hmacmd5ctx == NULL)
+ 		return (ISC_R_NOMEMORY);
+-	isc_hmacmd5_init(hmacmd5ctx, hkey->key, ISC_SHA1_BLOCK_LENGTH);
+	isc_hmacmd5_init(hmacmd5ctx, hkey->key, ISC_MD5_BLOCK_LENGTH);
+ 	dctx->ctxdata.hmacmd5ctx = hmacmd5ctx;
+ 	return (ISC_R_SUCCESS);
+ }
+@@ -139,7 +139,7 @@ hmacmd5_compare(const dst_key_t *key1, c
+ 	else if (hkey1 == NULL || hkey2 == NULL)
+ 		return (ISC_FALSE);
+ 
+-	if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA1_BLOCK_LENGTH))
+	if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_MD5_BLOCK_LENGTH))
+ 		return (ISC_TRUE);
+ 	else
+ 		return (ISC_FALSE);
+@@ -150,17 +150,17 @@ hmacmd5_generate(dst_key_t *key, int pse
+ 	isc_buffer_t b;
+ 	isc_result_t ret;
+ 	unsigned int bytes;
+-	unsigned char data[ISC_SHA1_BLOCK_LENGTH];
+	unsigned char data[ISC_MD5_BLOCK_LENGTH];
+ 
+ 	UNUSED(callback);
+ 
+ 	bytes = (key->key_size + 7) / 8;
+-	if (bytes > ISC_SHA1_BLOCK_LENGTH) {
+-		bytes = ISC_SHA1_BLOCK_LENGTH;
+-		key->key_size = ISC_SHA1_BLOCK_LENGTH * 8;
+	if (bytes > ISC_MD5_BLOCK_LENGTH) {
+		bytes = ISC_MD5_BLOCK_LENGTH;
+		key->key_size = ISC_MD5_BLOCK_LENGTH * 8;
+ 	}
+ 
+-	memset(data, 0, ISC_SHA1_BLOCK_LENGTH);
+	memset(data, 0, ISC_MD5_BLOCK_LENGTH);
+ 	ret = dst__entropy_getdata(data, bytes, ISC_TF(pseudorandom_ok != 0));
+ 
+ 	if (ret != ISC_R_SUCCESS)
+@@ -169,7 +169,7 @@ hmacmd5_generate(dst_key_t *key, int pse
+ 	isc_buffer_init(&b, data, bytes);
+ 	isc_buffer_add(&b, bytes);
+ 	ret = hmacmd5_fromdns(key, &b);
+-	memset(data, 0, ISC_SHA1_BLOCK_LENGTH);
+	memset(data, 0, ISC_MD5_BLOCK_LENGTH);
+ 
+ 	return (ret);
+ }
+@@ -223,7 +223,7 @@ hmacmd5_fromdns(dst_key_t *key, isc_buff
+ 
+ 	memset(hkey->key, 0, sizeof(hkey->key));
+ 
+-	if (r.length > ISC_SHA1_BLOCK_LENGTH) {
+	if (r.length > ISC_MD5_BLOCK_LENGTH) {
+ 		isc_md5_init(&md5ctx);
+ 		isc_md5_update(&md5ctx, r.base, r.length);
+ 		isc_md5_final(&md5ctx, hkey->key);
+@@ -236,6 +236,8 @@ hmacmd5_fromdns(dst_key_t *key, isc_buff
+ 	key->key_size = keylen * 8;
+ 	key->keydata.hmacmd5 = hkey;
+ 
+	isc_buffer_forward(data, r.length);
+
+ 	return (ISC_R_SUCCESS);
+ }
+ 
+@@ -512,6 +514,8 @@ hmacsha1_fromdns(dst_key_t *key, isc_buf
+ 	key->key_size = keylen * 8;
+ 	key->keydata.hmacsha1 = hkey;
+ 
+	isc_buffer_forward(data, r.length);
+
+ 	return (ISC_R_SUCCESS);
+ }
+ 
+@@ -790,6 +794,8 @@ hmacsha224_fromdns(dst_key_t *key, isc_b
+ 	key->key_size = keylen * 8;
+ 	key->keydata.hmacsha224 = hkey;
+ 
+	isc_buffer_forward(data, r.length);
+
+ 	return (ISC_R_SUCCESS);
+ }
+ 
+@@ -1068,6 +1074,8 @@ hmacsha256_fromdns(dst_key_t *key, isc_b
+ 	key->key_size = keylen * 8;
+ 	key->keydata.hmacsha256 = hkey;
+ 
+	isc_buffer_forward(data, r.length);
+
+ 	return (ISC_R_SUCCESS);
+ }
+ 
+@@ -1346,6 +1354,8 @@ hmacsha384_fromdns(dst_key_t *key, isc_b
+ 	key->key_size = keylen * 8;
+ 	key->keydata.hmacsha384 = hkey;
+ 
+	isc_buffer_forward(data, r.length);
+
+ 	return (ISC_R_SUCCESS);
+ }
+ 
+@@ -1624,6 +1634,8 @@ hmacsha512_fromdns(dst_key_t *key, isc_b
+ 	key->key_size = keylen * 8;
+ 	key->keydata.hmacsha512 = hkey;
+ 
+	isc_buffer_forward(data, r.length);
+
+ 	return (ISC_R_SUCCESS);
+ }
+ 
+Index: bind-9.9.5/lib/dns/include/dst/dst.h
+===================================================================
+--- bind-9.9.5.orig/lib/dns/include/dst/dst.h
+++ bind-9.9.5/lib/dns/include/dst/dst.h
+@@ -69,6 +69,7 @@ typedef struct dst_context 	dst_context_
+ #define DST_ALG_HMACSHA256	163	/* XXXMPA */
+ #define DST_ALG_HMACSHA384	164	/* XXXMPA */
+ #define DST_ALG_HMACSHA512	165	/* XXXMPA */
+#define DST_ALG_INDIRECT	252
+ #define DST_ALG_PRIVATE		254
+ #define DST_ALG_EXPAND		255
+ #define DST_MAX_ALGS		255
+Index: bind-9.9.5/lib/dns/ncache.c
+===================================================================
+--- bind-9.9.5.orig/lib/dns/ncache.c
+++ bind-9.9.5/lib/dns/ncache.c
+@@ -614,13 +614,11 @@ dns_ncache_getsigrdataset(dns_rdataset_t
+ 		dns_name_fromregion(&tname, &remaining);
+ 		INSIST(remaining.length >= tname.length);
+ 		isc_buffer_forward(&source, tname.length);
+-		remaining.length -= tname.length;
+-		remaining.base += tname.length;
+		isc_region_consume(&remaining, tname.length);
+ 
+ 		INSIST(remaining.length >= 2);
+ 		type = isc_buffer_getuint16(&source);
+-		remaining.length -= 2;
+-		remaining.base += 2;
+		isc_region_consume(&remaining, 2);
+ 
+ 		if (type != dns_rdatatype_rrsig ||
+ 		    !dns_name_equal(&tname, name)) {
+@@ -632,8 +630,7 @@ dns_ncache_getsigrdataset(dns_rdataset_t
+ 		INSIST(remaining.length >= 1);
+ 		trust = isc_buffer_getuint8(&source);
+ 		INSIST(trust <= dns_trust_ultimate);
+-		remaining.length -= 1;
+-		remaining.base += 1;
+		isc_region_consume(&remaining, 1);
+ 
+ 		raw = remaining.base;
+ 		count = raw[0] * 256 + raw[1];
+Index: bind-9.9.5/lib/dns/openssldh_link.c
+===================================================================
+--- bind-9.9.5.orig/lib/dns/openssldh_link.c
+++ bind-9.9.5/lib/dns/openssldh_link.c
+@@ -266,8 +266,10 @@ openssldh_destroy(dst_key_t *key) {
+ 
+ static void
+ uint16_toregion(isc_uint16_t val, isc_region_t *region) {
+-	*region->base++ = (val & 0xff00) >> 8;
+-	*region->base++ = (val & 0x00ff);
+	*region->base = (val & 0xff00) >> 8;
+	isc_region_consume(region, 1);
+	*region->base = (val & 0x00ff);
+	isc_region_consume(region, 1);
+ }
+ 
+ static isc_uint16_t
+@@ -278,7 +280,8 @@ uint16_fromregion(isc_region_t *region)
+ 	val = ((unsigned int)(cp[0])) << 8;
+ 	val |= ((unsigned int)(cp[1]));
+ 
+-	region->base += 2;
+	isc_region_consume(region, 2);
+
+ 	return (val);
+ }
+ 
+@@ -319,16 +322,16 @@ openssldh_todns(const dst_key_t *key, is
+ 	}
+ 	else
+ 		BN_bn2bin(dh->p, r.base);
+-	r.base += plen;
+	isc_region_consume(&r, plen);
+ 
+ 	uint16_toregion(glen, &r);
+ 	if (glen > 0)
+ 		BN_bn2bin(dh->g, r.base);
+-	r.base += glen;
+	isc_region_consume(&r, glen);
+ 
+ 	uint16_toregion(publen, &r);
+ 	BN_bn2bin(dh->pub_key, r.base);
+-	r.base += publen;
+	isc_region_consume(&r, publen);
+ 
+ 	isc_buffer_add(data, dnslen);
+ 
+@@ -369,10 +372,12 @@ openssldh_fromdns(dst_key_t *key, isc_bu
+ 		return (DST_R_INVALIDPUBLICKEY);
+ 	}
+ 	if (plen == 1 || plen == 2) {
+-		if (plen == 1)
+-			special = *r.base++;
+-		else
+		if (plen == 1) {
+			special = *r.base;
+			isc_region_consume(&r, 1);
+		} else {
+ 			special = uint16_fromregion(&r);
+		}
+ 		switch (special) {
+ 			case 1:
+ 				dh->p = &bn768;
+@@ -387,10 +392,9 @@ openssldh_fromdns(dst_key_t *key, isc_bu
+ 				DH_free(dh);
+ 				return (DST_R_INVALIDPUBLICKEY);
+ 		}
+-	}
+-	else {
+	} else {
+ 		dh->p = BN_bin2bn(r.base, plen, NULL);
+-		r.base += plen;
+		isc_region_consume(&r, plen);
+ 	}
+ 
+ 	/*
+@@ -421,15 +425,14 @@ openssldh_fromdns(dst_key_t *key, isc_bu
+ 				return (DST_R_INVALIDPUBLICKEY);
+ 			}
+ 		}
+-	}
+-	else {
+	} else {
+ 		if (glen == 0) {
+ 			DH_free(dh);
+ 			return (DST_R_INVALIDPUBLICKEY);
+ 		}
+ 		dh->g = BN_bin2bn(r.base, glen, NULL);
+ 	}
+-	r.base += glen;
+	isc_region_consume(&r, glen);
+ 
+ 	if (r.length < 2) {
+ 		DH_free(dh);
+@@ -441,7 +444,7 @@ openssldh_fromdns(dst_key_t *key, isc_bu
+ 		return (DST_R_INVALIDPUBLICKEY);
+ 	}
+ 	dh->pub_key = BN_bin2bn(r.base, publen, NULL);
+-	r.base += publen;
+	isc_region_consume(&r, publen);
+ 
+ 	key->key_size = BN_num_bits(dh->p);
+ 
+Index: bind-9.9.5/lib/dns/openssldsa_link.c
+===================================================================
+--- bind-9.9.5.orig/lib/dns/openssldsa_link.c
+++ bind-9.9.5/lib/dns/openssldsa_link.c
+@@ -29,8 +29,6 @@
+  * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+  */
+ 
+-/* $Id$ */
+-
+ #ifdef OPENSSL
+ #ifndef USE_EVP
+ #define USE_EVP 1
+@@ -137,6 +135,7 @@ openssldsa_sign(dst_context_t *dctx, isc
+ 	DSA *dsa = key->keydata.dsa;
+ 	isc_region_t r;
+ 	DSA_SIG *dsasig;
+	unsigned int klen;
+ #if USE_EVP
+ 	EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
+ 	EVP_PKEY *pkey;
+@@ -188,6 +187,7 @@ openssldsa_sign(dst_context_t *dctx, isc
+ 					       ISC_R_FAILURE));
+ 	}
+ 	free(sigbuf);
+
+ #elif 0
+ 	/* Only use EVP for the Digest */
+ 	if (!EVP_DigestFinal_ex(evp_md_ctx, digest, &siglen)) {
+@@ -209,11 +209,17 @@ openssldsa_sign(dst_context_t *dctx, isc
+ 					       "DSA_do_sign",
+ 					       DST_R_SIGNFAILURE));
+ #endif
+-	*r.base++ = (key->key_size - 512)/64;
+
+	klen = (key->key_size - 512)/64;
+	if (klen > 255)
+		return (ISC_R_FAILURE);
+	*r.base = klen;
+	isc_region_consume(&r, 1);
+
+ 	BN_bn2bin_fixed(dsasig->r, r.base, ISC_SHA1_DIGESTLENGTH);
+-	r.base += ISC_SHA1_DIGESTLENGTH;
+	isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH);
+ 	BN_bn2bin_fixed(dsasig->s, r.base, ISC_SHA1_DIGESTLENGTH);
+-	r.base += ISC_SHA1_DIGESTLENGTH;
+	isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH);
+ 	DSA_SIG_free(dsasig);
+ 	isc_buffer_add(sig, ISC_SHA1_DIGESTLENGTH * 2 + 1);
+ 
+@@ -446,15 +452,16 @@ openssldsa_todns(const dst_key_t *key, i
+ 	if (r.length < (unsigned int) dnslen)
+ 		return (ISC_R_NOSPACE);
+ 
+-	*r.base++ = t;
+	*r.base = t;
+	isc_region_consume(&r, 1);
+ 	BN_bn2bin_fixed(dsa->q, r.base, ISC_SHA1_DIGESTLENGTH);
+-	r.base += ISC_SHA1_DIGESTLENGTH;
+	isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH);
+ 	BN_bn2bin_fixed(dsa->p, r.base, key->key_size/8);
+-	r.base += p_bytes;
+	isc_region_consume(&r, p_bytes);
+ 	BN_bn2bin_fixed(dsa->g, r.base, key->key_size/8);
+-	r.base += p_bytes;
+	isc_region_consume(&r, p_bytes);
+ 	BN_bn2bin_fixed(dsa->pub_key, r.base, key->key_size/8);
+-	r.base += p_bytes;
+	isc_region_consume(&r, p_bytes);
+ 
+ 	isc_buffer_add(data, dnslen);
+ 
+@@ -479,29 +486,30 @@ openssldsa_fromdns(dst_key_t *key, isc_b
+ 		return (ISC_R_NOMEMORY);
+ 	dsa->flags &= ~DSA_FLAG_CACHE_MONT_P;
+ 
+-	t = (unsigned int) *r.base++;
+	t = (unsigned int) *r.base;
+	isc_region_consume(&r, 1);
+ 	if (t > 8) {
+ 		DSA_free(dsa);
+ 		return (DST_R_INVALIDPUBLICKEY);
+ 	}
+ 	p_bytes = 64 + 8 * t;
+ 
+-	if (r.length < 1 + ISC_SHA1_DIGESTLENGTH + 3 * p_bytes) {
+	if (r.length < ISC_SHA1_DIGESTLENGTH + 3 * p_bytes) {
+ 		DSA_free(dsa);
+ 		return (DST_R_INVALIDPUBLICKEY);
+ 	}
+ 
+ 	dsa->q = BN_bin2bn(r.base, ISC_SHA1_DIGESTLENGTH, NULL);
+-	r.base += ISC_SHA1_DIGESTLENGTH;
+	isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH);
+ 
+ 	dsa->p = BN_bin2bn(r.base, p_bytes, NULL);
+-	r.base += p_bytes;
+	isc_region_consume(&r, p_bytes);
+ 
+ 	dsa->g = BN_bin2bn(r.base, p_bytes, NULL);
+-	r.base += p_bytes;
+	isc_region_consume(&r, p_bytes);
+ 
+ 	dsa->pub_key = BN_bin2bn(r.base, p_bytes, NULL);
+-	r.base += p_bytes;
+	isc_region_consume(&r, p_bytes);
+ 
+ 	key->key_size = p_bytes * 8;
+ 
+Index: bind-9.9.5/lib/dns/opensslecdsa_link.c
+===================================================================
+--- bind-9.9.5.orig/lib/dns/opensslecdsa_link.c
+++ bind-9.9.5/lib/dns/opensslecdsa_link.c
+@@ -14,8 +14,6 @@
+  * PERFORMANCE OF THIS SOFTWARE.
+  */
+ 
+-/* $Id$ */
+-
+ #include <config.h>
+ 
+ #ifdef HAVE_OPENSSL_ECDSA
+@@ -159,9 +157,9 @@ opensslecdsa_sign(dst_context_t *dctx, i
+ 					       "ECDSA_do_sign",
+ 					       DST_R_SIGNFAILURE));
+ 	BN_bn2bin_fixed(ecdsasig->r, r.base, siglen / 2);
+-	r.base += siglen / 2;
+	isc_region_consume(&r, siglen / 2);
+ 	BN_bn2bin_fixed(ecdsasig->s, r.base, siglen / 2);
+-	r.base += siglen / 2;
+	isc_region_consume(&r, siglen / 2);
+ 	ECDSA_SIG_free(ecdsasig);
+ 	isc_buffer_add(sig, siglen);
+ 	ret = ISC_R_SUCCESS;
+Index: bind-9.9.5/lib/dns/opensslrsa_link.c
+===================================================================
+--- bind-9.9.5.orig/lib/dns/opensslrsa_link.c
+++ bind-9.9.5/lib/dns/opensslrsa_link.c
+@@ -965,6 +965,7 @@ opensslrsa_fromdns(dst_key_t *key, isc_b
+ 	RSA *rsa;
+ 	isc_region_t r;
+ 	unsigned int e_bytes;
+	unsigned int length;
+ #if USE_EVP
+ 	EVP_PKEY *pkey;
+ #endif
+@@ -972,6 +973,7 @@ opensslrsa_fromdns(dst_key_t *key, isc_b
+ 	isc_buffer_remainingregion(data, &r);
+ 	if (r.length == 0)
+ 		return (ISC_R_SUCCESS);
+	length = r.length;
+ 
+ 	rsa = RSA_new();
+ 	if (rsa == NULL)
+@@ -982,17 +984,18 @@ opensslrsa_fromdns(dst_key_t *key, isc_b
+ 		RSA_free(rsa);
+ 		return (DST_R_INVALIDPUBLICKEY);
+ 	}
+-	e_bytes = *r.base++;
+-	r.length--;
+	e_bytes = *r.base;
+	isc_region_consume(&r, 1);
+ 
+ 	if (e_bytes == 0) {
+ 		if (r.length < 2) {
+ 			RSA_free(rsa);
+ 			return (DST_R_INVALIDPUBLICKEY);
+ 		}
+-		e_bytes = ((*r.base++) << 8);
+-		e_bytes += *r.base++;
+-		r.length -= 2;
+		e_bytes = (*r.base) << 8;
+		isc_region_consume(&r, 1);
+		e_bytes += *r.base;
+		isc_region_consume(&r, 1);
+ 	}
+ 
+ 	if (r.length < e_bytes) {
+@@ -1000,14 +1003,13 @@ opensslrsa_fromdns(dst_key_t *key, isc_b
+ 		return (DST_R_INVALIDPUBLICKEY);
+ 	}
+ 	rsa->e = BN_bin2bn(r.base, e_bytes, NULL);
+-	r.base += e_bytes;
+-	r.length -= e_bytes;
+	isc_region_consume(&r, e_bytes);
+ 
+ 	rsa->n = BN_bin2bn(r.base, r.length, NULL);
+ 
+ 	key->key_size = BN_num_bits(rsa->n);
+ 
+-	isc_buffer_forward(data, r.length);
+	isc_buffer_forward(data, length);
+ 
+ #if USE_EVP
+ 	pkey = EVP_PKEY_new();
+Index: bind-9.9.5/lib/dns/resolver.c
+===================================================================
+--- bind-9.9.5.orig/lib/dns/resolver.c
+++ bind-9.9.5/lib/dns/resolver.c
+@@ -8937,6 +8937,12 @@ dns_resolver_algorithm_supported(dns_res
+ 
+ 	REQUIRE(VALID_RESOLVER(resolver));
+ 
+	/*
+	 * DH is unsupported for DNSKEYs, see RFC 4034 sec. A.1.
+	 */
+	if ((alg == DST_ALG_DH) || (alg == DST_ALG_INDIRECT))
+		return (ISC_FALSE);
+
+ #if USE_ALGLOCK
+ 	RWLOCK(&resolver->alglock, isc_rwlocktype_read);
+ #endif
+@@ -8956,6 +8962,7 @@ dns_resolver_algorithm_supported(dns_res
+ #endif
+ 	if (found)
+ 		return (ISC_FALSE);
+
+ 	return (dst_algorithm_supported(alg));
+ }
+ 
--- a/meta/recipes-connectivity/bind/bind/CVE-2015-8000.patch
+++ b/meta/recipes-connectivity/bind/bind/CVE-2015-8000.patch
@@ -0,0 +1,194 @@
+responses with a malformed class attribute can trigger an
+assertion failure in db.c
+
+[security]
+Insufficient testing when parsing a message allowed records with
+an incorrect class to be be accepted, triggering a REQUIRE failure
+when those records were subsequently cached. (CVE-2015-8000) [RT#4098]
+
+Upstream-Status: Backport
+
+[The patch is taken from BIND 9.9.4:
+https://bugzilla.redhat.com/attachment.cgi?id=1105581]
+
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+diff --git a/lib/dns/include/dns/message.h b/lib/dns/include/dns/message.h
+index a6862fa..d999e75 100644
+--- a/lib/dns/include/dns/message.h
+++ b/lib/dns/include/dns/message.h
+@@ -210,6 +210,8 @@ struct dns_message {
+ 	unsigned int			verify_attempted : 1;
+ 	unsigned int			free_query : 1;
+ 	unsigned int			free_saved : 1;
+	unsigned int			tkey : 1;
+	unsigned int			rdclass_set : 1;
+ 
+ 	unsigned int			opt_reserved;
+ 	unsigned int			sig_reserved;
+@@ -1374,6 +1376,15 @@ dns_message_buildopt(dns_message_t *msg, dns_rdataset_t **opt,
+  * \li	 other.
+  */
+ 
+void
+dns_message_setclass(dns_message_t *msg, dns_rdataclass_t rdclass);
+/*%<
+ * Set the expected class of records in the response.
+ *
+ * Requires:
+ * \li   msg be a valid message with parsing intent.
+ */
+
+ ISC_LANG_ENDDECLS
+ 
+ #endif /* DNS_MESSAGE_H */
+diff --git a/lib/dns/message.c b/lib/dns/message.c
+index 53efc5a..73def73 100644
+--- a/lib/dns/message.c
+++ b/lib/dns/message.c
+@@ -436,6 +436,8 @@ msginit(dns_message_t *m) {
+ 	m->saved.base = NULL;
+ 	m->saved.length = 0;
+ 	m->free_saved = 0;
+	m->tkey = 0;
+	m->rdclass_set = 0;
+ 	m->querytsig = NULL;
+ }
+ 
+@@ -1086,13 +1088,19 @@ getquestions(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
+ 		 * If this class is different than the one we already read,
+ 		 * this is an error.
+ 		 */
+-		if (msg->state == DNS_SECTION_ANY) {
+-			msg->state = DNS_SECTION_QUESTION;
+		if (msg->rdclass_set == 0) {
+ 			msg->rdclass = rdclass;
+			msg->rdclass_set = 1;
+ 		} else if (msg->rdclass != rdclass)
+ 			DO_FORMERR;
+ 
+ 		/*
+		 * Is this a TKEY query?
+		 */
+		if (rdtype == dns_rdatatype_tkey)
+			msg->tkey = 1;
+
+		/*
+ 		 * Can't ask the same question twice.
+ 		 */
+ 		result = dns_message_find(name, rdclass, rdtype, 0, NULL);
+@@ -1236,12 +1244,12 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
+ 		 * If there was no question section, we may not yet have
+ 		 * established a class.  Do so now.
+ 		 */
+-		if (msg->state == DNS_SECTION_ANY &&
+		if (msg->rdclass_set == 0 &&
+ 		    rdtype != dns_rdatatype_opt &&	/* class is UDP SIZE */
+ 		    rdtype != dns_rdatatype_tsig &&	/* class is ANY */
+ 		    rdtype != dns_rdatatype_tkey) {	/* class is undefined */
+ 			msg->rdclass = rdclass;
+-			msg->state = DNS_SECTION_QUESTION;
+			msg->rdclass_set = 1;
+ 		}
+ 
+ 		/*
+@@ -1251,7 +1259,7 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
+ 		if (msg->opcode != dns_opcode_update
+ 		    && rdtype != dns_rdatatype_tsig
+ 		    && rdtype != dns_rdatatype_opt
+-		    && rdtype != dns_rdatatype_dnskey /* in a TKEY query */
+		    && rdtype != dns_rdatatype_key /* in a TKEY query */
+ 		    && rdtype != dns_rdatatype_sig /* SIG(0) */
+ 		    && rdtype != dns_rdatatype_tkey /* Win2000 TKEY */
+ 		    && msg->rdclass != dns_rdataclass_any
+@@ -1259,6 +1267,16 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
+ 			DO_FORMERR;
+ 
+ 		/*
+		 * If this is not a TKEY query/response then the KEY
+		 * record's class needs to match.
+		 */
+		if (msg->opcode != dns_opcode_update && !msg->tkey &&
+		    rdtype == dns_rdatatype_key &&
+		    msg->rdclass != dns_rdataclass_any &&
+		    msg->rdclass != rdclass)
+			DO_FORMERR;
+
+		/*
+ 		 * Special type handling for TSIG, OPT, and TKEY.
+ 		 */
+ 		if (rdtype == dns_rdatatype_tsig) {
+@@ -1372,6 +1390,10 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
+ 				skip_name_search = ISC_TRUE;
+ 				skip_type_search = ISC_TRUE;
+ 				issigzero = ISC_TRUE;
+			} else {
+				if (msg->rdclass != dns_rdataclass_any &&
+				    msg->rdclass != rdclass)
+					DO_FORMERR;
+ 			}
+ 		} else
+ 			covers = 0;
+@@ -1610,6 +1632,7 @@ dns_message_parse(dns_message_t *msg, isc_buffer_t *source,
+ 	msg->counts[DNS_SECTION_ADDITIONAL] = isc_buffer_getuint16(source);
+ 
+ 	msg->header_ok = 1;
+	msg->state = DNS_SECTION_QUESTION;
+ 
+ 	/*
+ 	 * -1 means no EDNS.
+@@ -3550,3 +3573,15 @@ dns_message_buildopt(dns_message_t *message, dns_rdataset_t **rdatasetp,
+ 		dns_message_puttemprdatalist(message, &rdatalist);
+ 	return (result);
+ }
+
+void
+dns_message_setclass(dns_message_t *msg, dns_rdataclass_t rdclass) {
+
+	REQUIRE(DNS_MESSAGE_VALID(msg));
+	REQUIRE(msg->from_to_wire == DNS_MESSAGE_INTENTPARSE);
+	REQUIRE(msg->state == DNS_SECTION_ANY);
+	REQUIRE(msg->rdclass_set == 0);
+
+	msg->rdclass = rdclass;
+	msg->rdclass_set = 1;
+}
+diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
+index aa23b11..d220986 100644
+--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
+@@ -6964,6 +6964,8 @@ resquery_response(isc_task_t *task, isc_event_t *event) {
+ 			goto done;
+ 	}
+ 
+	dns_message_setclass(message, fctx->res->rdclass);
+
+ 	result = dns_message_parse(message, &devent->buffer, 0);
+ 	if (result != ISC_R_SUCCESS) {
+ 		switch (result) {
+@@ -7036,6 +7038,12 @@ resquery_response(isc_task_t *task, isc_event_t *event) {
+ 	 */
+ 	log_packet(message, ISC_LOG_DEBUG(10), fctx->res->mctx);
+ 
+	if (message->rdclass != fctx->res->rdclass) {
+		resend = ISC_TRUE;
+		FCTXTRACE("bad class");
+		goto done;
+	}
+
+ 	/*
+ 	 * Process receive opt record.
+ 	 */
+diff --git a/lib/dns/xfrin.c b/lib/dns/xfrin.c
+index 9ad8960..938373a 100644
+--- a/lib/dns/xfrin.c
+++ b/lib/dns/xfrin.c
+@@ -1241,6 +1241,8 @@ xfrin_recv_done(isc_task_t *task, isc_event_t *ev) {
+ 	msg->tsigctx = xfr->tsigctx;
+ 	xfr->tsigctx = NULL;
+ 
+	dns_message_setclass(msg, xfr->rdclass);
+
+ 	if (xfr->nmsg > 0)
+ 		msg->tcp_continuation = 1;
+ 
--- a/meta/recipes-connectivity/bind/bind/bind9_9_5-CVE-2015-5477.patch
+++ b/meta/recipes-connectivity/bind/bind/bind9_9_5-CVE-2015-5477.patch
@@ -0,0 +1,45 @@
+From dbb064aa7972ef918d9a235b713108a4846cbb62 Mon Sep 17 00:00:00 2001
+From: Mark Andrews <marka@isc.org>
+Date: Tue, 14 Jul 2015 14:48:42 +1000
+Subject: [PATCH] 4165.   [bug]           An failure to reset a value to NULL
+ in tkey.c could                         result in an assertion failure.
+ (CVE-2015-5477)                         [RT #40046]
+
+Upstream-Status: Backport
+[CHANGES file has been edited manually to add CVE-2015-5477 and
+an already applied CVE (CVE-2014-8500)].
+
+Referenc: https://kb.isc.org/article/AA-01272
+
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+
+diff -ruN a/CHANGES b/CHANGES
+--- a/CHANGES	2014-01-27 19:58:24.000000000 +0100
+++ b/CHANGES	2015-07-30 11:03:18.871670769 +0200
+@@ -1,4 +1,15 @@
+ 	--- 9.9.5 released ---
+4165.   [security]      An failure to reset a value to NULL in tkey.c could
+                        result in an assertion failure. (CVE-2015-5477)
+                        [RT #40046]
+
+4006.   [security]      A flaw in delegation handling could be exploited
+                        to put named into an infinite loop.  This has
+                        been addressed by placing limits on the number
+                        of levels of recursion named will allow (default 7),
+                        and the number of iterative queries that it will
+                        send (default 50) before terminating a recursive
+                        query (CVE-2014-8500).
+ 
+ 	--- 9.9.5rc2 released ---
+ 
+diff -ruN a/lib/dns/tkey.c b/lib/dns/tkey.c
+--- a/lib/dns/tkey.c	2014-01-27 19:58:24.000000000 +0100
+++ b/lib/dns/tkey.c	2015-07-30 10:58:30.647945942 +0200
+@@ -650,6 +650,7 @@
+ 		 * Try the answer section, since that's where Win2000
+ 		 * puts it.
+ 		 */
+		name = NULL;
+ 		if (dns_message_findname(msg, DNS_SECTION_ANSWER, qname,
+ 					 dns_rdatatype_tkey, 0, &name,
+ 					 &tkeyset) != ISC_R_SUCCESS) {
--- a/meta/recipes-connectivity/bind/bind/conf.patch
+++ b/meta/recipes-connectivity/bind/bind/conf.patch
@@ -261,7 +261,7 @@ diff -urN bind-9.3.1.orig/init.d bind-9.3.1/init.d
 +	modprobe capability >/dev/null 2>&1 || true
 +	if [ ! -f /etc/bind/rndc.key ]; then
 +	    /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom
-+	    chown 0640 /etc/bind/rndc.key
+	    chmod 0640 /etc/bind/rndc.key
 +	fi
 +	if [ -f /var/run/named/named.pid ]; then
 +	    ps `cat /var/run/named/named.pid` > /dev/null && exit 1
--- a/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh
+++ b/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh
@@ -3,5 +3,5 @@
 if [ ! -s /etc/bind/rndc.key ]; then
    echo -n "Generating /etc/bind/rndc.key:"
    /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom
-    chown 0640 /etc/bind/rndc.key
+    chmod 0640 /etc/bind/rndc.key
 fi
--- a/meta/recipes-connectivity/bind/bind_9.9.5.bb
+++ b/meta/recipes-connectivity/bind/bind_9.9.5.bb
@@ -18,6 +18,11 @@ SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
           file://bind9 \
           file://init.d-add-support-for-read-only-rootfs.patch \
           file://bind9_9_5-CVE-2014-8500.patch \
+           file://bind9_9_5-CVE-2015-5477.patch \
+	   file://CVE-2015-1349.patch \ 
+	   file://CVE-2015-4620.patch \
+	   file://CVE-2015-5722.patch \
+           file://CVE-2015-8000.patch \
 	   "

 SRC_URI[md5sum] = "e676c65cad5234617ee22f48e328c24e"
--- a/meta/recipes-connectivity/connman/connman-conf.bb
+++ b/meta/recipes-connectivity/connman/connman-conf.bb
@@ -4,9 +4,9 @@ network interface for a qemu machine."
 LICENSE = "GPLv2"
 LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"

-SRC_URI_append_qemuall = "file://wired.config \
-                          file://wired-setup \
-                         "
+SRC_URI_append_qemuall = " file://wired.config \
+                           file://wired-setup \
+"
 PR = "r2"

 PACKAGE_ARCH = "${MACHINE_ARCH}"
--- a/meta/recipes-connectivity/neard/neard.inc
+++ b/meta/recipes-connectivity/neard/neard.inc
@@ -21,7 +21,7 @@ do_install() {
 do_install_append() {
 	if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then
 		install -d ${D}${sysconfdir}/init.d/
-		sed "s:@installpath@:${libexecdir}:" ${WORKDIR}/neard.in \
+		sed "s:@installpath@:${libexecdir}/nfc:" ${WORKDIR}/neard.in \
 		  > ${D}${sysconfdir}/init.d/neard
 		chmod 0755 ${D}${sysconfdir}/init.d/neard
 	fi
--- a/meta/recipes-connectivity/neard/neard/Makefile.am-fix-parallel-issue.patch
+++ b/meta/recipes-connectivity/neard/neard/Makefile.am-fix-parallel-issue.patch
@@ -0,0 +1,33 @@
+From 43acc56d5506c7e318f717fb3634bc16e3438913 Mon Sep 17 00:00:00 2001
+From: Robert Yang <liezhi.yang@windriver.com>
+Date: Thu, 15 Jan 2015 18:12:07 -0800
+Subject: [PATCH] Makefile.am: fix parallel issue
+
+There might be no src dir if src/builtin.h runs earlier, create it to
+fix the race issue:
+
+src/genbuiltin nfctype1 nfctype2 nfctype3 nfctype4 p2p > src/builtin.h
+/bin/sh: src/builtin.h: No such file or directory
+
+Upstream-Status: Pending
+
+Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
+---
+ Makefile.am |    1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/Makefile.am b/Makefile.am
+index 3241311..a43eaa2 100644
+--- a/Makefile.am
+++ b/Makefile.am
+@@ -164,6 +164,7 @@ MAINTAINERCLEANFILES = Makefile.in \
+ src/plugin.$(OBJEXT): src/builtin.h
+ 
+ src/builtin.h: src/genbuiltin $(builtin_sources)
+	$(AM_V_at)$(MKDIR_P) src
+ 	$(AM_V_GEN)$(srcdir)/src/genbuiltin $(builtin_modules) > $@
+ 
+ $(src_neard_OBJECTS) \
+-- 
+1.7.9.5
+
--- a/meta/recipes-connectivity/neard/neard_0.14.bb
+++ b/meta/recipes-connectivity/neard/neard_0.14.bb
@@ -4,6 +4,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/network/nfc/${BPN}-${PV}.tar.xz \
           file://parallel-build.patch \
           file://neard.in \
           file://neard.service.in \
+           file://Makefile.am-fix-parallel-issue.patch \
          "
 SRC_URI[md5sum] = "692ba2653d60155255244c87396c486b"
 SRC_URI[sha256sum] = "6ea724b443d39d679168fc7776a965d1f64727c3735391df2c01469ee7cd8cca"
--- a/meta/recipes-connectivity/openssh/openssh/CVE-2015-6563.patch
+++ b/meta/recipes-connectivity/openssh/openssh/CVE-2015-6563.patch
@@ -0,0 +1,36 @@
+CVE-2015-6563
+
+Don't resend username to PAM; it already has it. 
+Pointed out by Moritz Jodeit; ok dtucker@
+
+Upstream-Status: Backport
+https://github.com/openssh/openssh-portable/commit/d4697fe9a28dab7255c60433e4dd23cf7fce8a8b
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+Index: openssh-6.7p1/monitor.c
+===================================================================
+--- openssh-6.7p1.orig/monitor.c
+++ openssh-6.7p1/monitor.c
+@@ -1046,9 +1046,7 @@ extern KbdintDevice sshpam_device;
+ int
+ mm_answer_pam_init_ctx(int sock, Buffer *m)
+ {
+-
+ 	debug3("%s", __func__);
+-	authctxt->user = buffer_get_string(m, NULL);
+ 	sshpam_ctxt = (sshpam_device.init_ctx)(authctxt);
+ 	sshpam_authok = NULL;
+ 	buffer_clear(m);
+Index: openssh-6.7p1/monitor_wrap.c
+===================================================================
+--- openssh-6.7p1.orig/monitor_wrap.c
+++ openssh-6.7p1/monitor_wrap.c
+@@ -826,7 +826,6 @@ mm_sshpam_init_ctx(Authctxt *authctxt)
+ 
+ 	debug3("%s", __func__);
+ 	buffer_init(&m);
+-	buffer_put_cstring(&m, authctxt->user);
+ 	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, &m);
+ 	debug3("%s: waiting for MONITOR_ANS_PAM_INIT_CTX", __func__);
+ 	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_INIT_CTX, &m);
--- a/meta/recipes-connectivity/openssh/openssh/CVE-2015-6564.patch
+++ b/meta/recipes-connectivity/openssh/openssh/CVE-2015-6564.patch
@@ -0,0 +1,34 @@
+CVE-2015-6564
+
+ set sshpam_ctxt to NULL after free
+
+ Avoids use-after-free in monitor when privsep child is compromised.
+ Reported by Moritz Jodeit; ok dtucker@
+
+Upstream-Status: Backport
+https://github.com/openssh/openssh-portable/commit/5e75f5198769056089fb06c4d738ab0e5abc66f7
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+Index: openssh-6.7p1/monitor.c
+===================================================================
+--- openssh-6.7p1.orig/monitor.c
+++ openssh-6.7p1/monitor.c
+@@ -1128,14 +1128,16 @@ mm_answer_pam_respond(int sock, Buffer *
+ int
+ mm_answer_pam_free_ctx(int sock, Buffer *m)
+ {
+    int r = sshpam_authok != NULL && sshpam_authok == sshpam_ctxt;
+ 
+ 	debug3("%s", __func__);
+ 	(sshpam_device.free_ctx)(sshpam_ctxt);
+    sshpam_ctxt = sshpam_authok = NULL;
+ 	buffer_clear(m);
+ 	mm_request_send(sock, MONITOR_ANS_PAM_FREE_CTX, m);
+ 	auth_method = "keyboard-interactive";
+ 	auth_submethod = "pam";
+-	return (sshpam_authok == sshpam_ctxt);
+	return r;
+ }
+ #endif
+ 
--- a/meta/recipes-connectivity/openssh/openssh/CVE-2015-6565.patch
+++ b/meta/recipes-connectivity/openssh/openssh/CVE-2015-6565.patch
@@ -0,0 +1,35 @@
+CVE-2015-6565 openssh: Incorrectly set TTYs to be world-writable
+
+fix pty permissions; patch from Nikolay Edigaryev; ok deraadt
+
+Upstream-Status: Backport
+
+merged two changes into one.
+[1] https://anongit.mindrot.org/openssh.git/commit/sshpty.c?id=a5883d4eccb94b16c355987f58f86a7dee17a0c2
+tighten permissions on pty when the "tty" group does not exist; pointed out by Corinna Vinschen; ok markus
+
+[2] https://anongit.mindrot.org/openssh.git/commit/sshpty.c?id=6f941396b6835ad18018845f515b0c4fe20be21a
+fix pty permissions; patch from Nikolay Edigaryev; ok deraadt
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+Index: openssh-6.7p1/sshpty.c
+===================================================================
+--- openssh-6.7p1.orig/sshpty.c
+++ openssh-6.7p1/sshpty.c
+@@ -196,13 +196,8 @@ pty_setowner(struct passwd *pw, const ch
+ 
+ 	/* Determine the group to make the owner of the tty. */
+ 	grp = getgrnam("tty");
+-	if (grp) {
+-		gid = grp->gr_gid;
+-		mode = S_IRUSR | S_IWUSR | S_IWGRP;
+-	} else {
+-		gid = pw->pw_gid;
+-		mode = S_IRUSR | S_IWUSR | S_IWGRP | S_IWOTH;
+-	}
+    gid = (grp != NULL) ? grp->gr_gid : pw->pw_gid;
+    mode = (grp != NULL) ? 0620 : 0600;
+ 
+ 	/*
+ 	 * Change owner and mode of the tty as required.
--- a/Show More
+++ b/Show More