build-appliance-image: Update to fido head revision

(From OE-Core rev: 511ea0fcc9c238ad8e3b3089ec2bcf82bb1ecc77)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

bitbake/lib/bb/tests/fetch.py

@@ -315,6 +315,7 @@ class URITest(unittest.TestCase):
 class FetcherTest(unittest.TestCase):
 
     def setUp(self):
+        self.origdir = os.getcwd()
         self.d = bb.data.init()
         self.tempdir = tempfile.mkdtemp()
         self.dldir = os.path.join(self.tempdir, "download")
@@ -326,6 +327,7 @@ class FetcherTest(unittest.TestCase):
         self.d.setVar("PERSISTENT_DIR", persistdir)
 
     def tearDown(self):
+        os.chdir(self.origdir)
         bb.utils.prunedir(self.tempdir)
 
 class MirrorUriTest(FetcherTest):
@@ -618,8 +620,8 @@ class FetchMethodTest(FetcherTest):
             : "5.0",
         ("xserver-xorg", "http://xorg.freedesktop.org/releases/individual/xserver/xorg-server-1.15.1.tar.bz2", "", "")
             : "1.15.1",
-        # packages with valid REGEX_URI and REGEX
-        ("cups", "http://www.cups.org/software/1.7.2/cups-1.7.2-source.tar.bz2", "http://www.cups.org/software.php", "(?P<name>cups\-)(?P<pver>((\d+[\.\-_]*)+))\-source\.tar\.gz")
+        # packages with valid UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX
+        ("cups", "http://www.cups.org/software/1.7.2/cups-1.7.2-source.tar.bz2", "https://github.com/apple/cups/releases", "(?P<name>cups\-)(?P<pver>((\d+[\.\-_]*)+))\-source\.tar\.gz")
             : "2.0.0",
         ("db", "http://download.oracle.com/berkeley-db/db-5.3.21.tar.gz", "http://www.oracle.com/technetwork/products/berkeleydb/downloads/index-082944.html", "http://download.oracle.com/otn/berkeley-db/(?P<name>db-)(?P<pver>((\d+[\.\-_]*)+))\.tar\.gz")
             : "6.1.19",

bitbake/lib/bb/ui/buildinfohelper.py

@@ -419,6 +419,11 @@ class ORMWrapper(object):
         errormsg = ""
         for p in packagedict:
             searchname = p
+            if p not in pkgpnmap:
+                logger.warning("Image packages list contains %p, but is"
+                               " missing from all packages list where the"
+                               " metadata comes from.  Skipping...", p)
+                continue
             if 'OPKGN' in pkgpnmap[p].keys():
                 searchname = pkgpnmap[p]['OPKGN']
 
@@ -462,13 +467,20 @@ class ORMWrapper(object):
                 elif deptype == 'recommends':
                     tdeptype = Package_Dependency.TYPE_TRECOMMENDS
 
-                packagedeps_objs.append(Package_Dependency( package = packagedict[p]['object'],
-                                        depends_on = packagedict[px]['object'],
-                                        dep_type = tdeptype,
-                                        target = target_obj))
+                try:
+                    packagedeps_objs.append(Package_Dependency(
+                        package = packagedict[p]['object'],
+                        depends_on = packagedict[px]['object'],
+                        dep_type = tdeptype,
+                        target = target_obj))
+                except KeyError as e:
+                    logger.warn("Could not add dependency to the package %s "
+                                "because %s is an unknown package", p, px)
 
         if len(packagedeps_objs) > 0:
             Package_Dependency.objects.bulk_create(packagedeps_objs)
+        else:
+            logger.info("No package dependencies created")
 
         if (len(errormsg) > 0):
             logger.warn("buildinfohelper: target_package_info could not identify recipes: \n%s" % errormsg)
@@ -1015,17 +1027,21 @@ class BuildInfoHelper(object):
         # for all image targets
         for target in self.internal_state['targets']:
             if target.is_image:
+                pkgdata = BuildInfoHelper._get_data_from_event(event)['pkgdata']
+                imgdata = BuildInfoHelper._get_data_from_event(event)['imgdata'][target.target]
+                filedata = BuildInfoHelper._get_data_from_event(event)['filedata'][target.target]
+
                 try:
-                    pkgdata = BuildInfoHelper._get_data_from_event(event)['pkgdata']
-                    imgdata = BuildInfoHelper._get_data_from_event(event)['imgdata'][target.target]
                     self.orm_wrapper.save_target_package_information(self.internal_state['build'], target, imgdata, pkgdata, self.internal_state['recipes'])
-                    filedata = BuildInfoHelper._get_data_from_event(event)['filedata'][target.target]
+                except KeyError as e:
+                    logger.warn("KeyError in save_target_package_information"
+                                "%s ", e)
+
+                try:
                     self.orm_wrapper.save_target_file_information(self.internal_state['build'], target, filedata)
-                except KeyError:
-                    # we must have not got the data for this image, nothing to save
-                    pass
-
-
+                except KeyError as e:
+                    logger.warn("KeyError in save_target_file_information"
+                                "%s ", e)
 
     def store_dependency_information(self, event):
         assert '_depgraph' in vars(event)

bitbake/lib/toaster/bldcontrol/models.py

@@ -39,40 +39,6 @@ class BuildEnvironment(models.Model):
     created     = models.DateTimeField(auto_now_add = True)
     updated     = models.DateTimeField(auto_now = True)
 
-
-    def get_artifact_type(self, path):
-        if self.betype == BuildEnvironment.TYPE_LOCAL:
-            try:
-                import magic
-
-                # fair warning: this is a mess; there are multiple competeing and incompatible
-                # magic modules floating around, so we try some of the most common combinations
-
-                try:    # we try ubuntu's python-magic 5.4
-                    m = magic.open(magic.MAGIC_MIME_TYPE)
-                    m.load()
-                    return m.file(path)
-                except AttributeError:
-                    pass
-
-                try:    # we try python-magic 0.4.6
-                    m = magic.Magic(magic.MAGIC_MIME)
-                    return m.from_file(path)
-                except AttributeError:
-                    pass
-
-                try:    # we try pip filemagic 1.6
-                    m = magic.Magic(flags=magic.MAGIC_MIME_TYPE)
-                    return m.id_filename(path)
-                except AttributeError:
-                    pass
-
-                return "binary/octet-stream"
-            except ImportError:
-                return "binary/octet-stream"
-        raise Exception("FIXME: artifact type not implemented for build environment type %s" % be.get_betype_display())
-
-
     def get_artifact(self, path):
         if self.betype == BuildEnvironment.TYPE_LOCAL:
             return open(path, "r")

bitbake/lib/toaster/toastergui/views.py

@@ -39,6 +39,22 @@ from datetime import timedelta, datetime, date
 from django.utils import formats
 from toastergui.templatetags.projecttags import json as jsonfilter
 import json
+import mimetypes
+
+class MimeTypeFinder(object):
+    # setting this to False enables additional non-standard mimetypes
+    # to be included in the guess
+    _strict = False
+
+    # returns the mimetype for a file path as a string,
+    # or 'application/octet-stream' if the type couldn't be guessed
+    @classmethod
+    def get_mimetype(self, path):
+        guess = mimetypes.guess_type(path, self._strict)
+        guessed_type = guess[0]
+        if guessed_type == None:
+            guessed_type = 'application/octet-stream'
+        return guessed_type
 
 # all new sessions should come through the landing page;
 # determine in which mode we are running in, and redirect appropriately
@@ -3209,7 +3225,7 @@ if toastermain.settings.MANAGED:
             if file_name is None:
                 raise Exception("Could not handle artifact %s id %s" % (artifact_type, artifact_id))
             else:
-                content_type = b.buildrequest.environment.get_artifact_type(file_name)
+                content_type = MimeTypeFinder.get_mimetype(file_name)
                 fsock = b.buildrequest.environment.get_artifact(file_name)
                 file_name = os.path.basename(file_name) # we assume that the build environment system has the same path conventions as host
 

documentation/adt-manual/adt-manual-customization.xsl

@@ -1,8 +1,16 @@
 <?xml version='1.0'?>
 <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://www.w3.org/1999/xhtml" xmlns:fo="http://www.w3.org/1999/XSL/Format" version="1.0">
 
+  <xsl:import href="http://downloads.yoctoproject.org/mirror/docbook-mirror/docbook-xsl-1.76.1/xhtml/docbook.xsl" />
+
+<!--
+
+  <xsl:import href="../template/1.76.1/docbook-xsl-1.76.1/xhtml/docbook.xsl" />
+
   <xsl:import href="http://docbook.sourceforge.net/release/xsl/1.76.1/xhtml/docbook.xsl" />
 
+-->
+
   <xsl:include href="../template/permalinks.xsl"/>
   <xsl:include href="../template/section.title.xsl"/>
   <xsl:include href="../template/component.title.xsl"/>

documentation/adt-manual/adt-manual-eclipse-customization.xsl

@@ -5,9 +5,17 @@
 	xmlns:fo="http://www.w3.org/1999/XSL/Format"
 	version="1.0">
 
+  <xsl:import href="http://downloads.yoctoproject.org/mirror/docbook-mirror/docbook-xsl-1.76.1/eclipse/eclipse3.xsl" />
+
+<!--
+
+  <xsl:import href="../template/1.76.1/docbook-xsl-1.76.1/eclipse/eclipse3.xsl" />
+
   <xsl:import
 	  href="http://docbook.sourceforge.net/release/xsl/1.76.1/eclipse/eclipse3.xsl" />
 
+-->
+
   <xsl:param name="chunker.output.indent" select="'yes'"/>
   <xsl:param name="chunk.quietly" select="1"/>
   <xsl:param name="chunk.first.sections" select="1"/>

documentation/adt-manual/adt-manual.xml

@@ -86,6 +86,16 @@
                 <date>April 2015</date>
                 <revremark>Released with the Yocto Project 1.8 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>1.8.1</revnumber>
+                <date>November 2015</date>
+                <revremark>Released with the Yocto Project 1.8.1 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>1.8.2</revnumber>
+                <date>March 2016</date>
+                <revremark>Released with the Yocto Project 1.8.2 Release.</revremark>
+            </revision>
        </revhistory>
 
     <copyright>

documentation/adt-manual/adt-prepare.xml

@@ -480,8 +480,8 @@
             and are ideal for experimentation using Yocto Project.
             For information on the image types you can build using the OpenEmbedded build system,
             see the
-            "<ulink url='&YOCTO_DOCS_REF_URL;#ref-images'>Images</ulink>" chapter in
-            the Yocto Project Reference Manual.
+            "<ulink url='&YOCTO_DOCS_REF_URL;#ref-images'>Images</ulink>"
+            chapter in the Yocto Project Reference Manual.
         </para>
 
         <para>
@@ -492,62 +492,28 @@
         </para>
 
         <para>
-            Furthermore, if you plan on remotely deploying and debugging your
-            application from within the
-            Eclipse IDE, you must have an image that contains the Yocto Target Communication
-            Framework (TCF) agent (<filename>tcf-agent</filename>).
-            By default, the Yocto Project provides only one type of pre-built
-            image that contains the <filename>tcf-agent</filename>.
-            And, those images are SDK (e.g.<filename>core-image-sato-sdk</filename>).
-        </para>
-
-        <para>
-            If you want to use a different image type that contains the <filename>tcf-agent</filename>,
-            you can do so one of two ways:
-            <itemizedlist>
-                <listitem><para>Modify the <filename>conf/local.conf</filename> configuration in
-                    the <ulink url='&YOCTO_DOCS_DEV_URL;#build-directory'>Build Directory</ulink>
-                    and then rebuild the image.
-                    With this method, you need to modify the
-                    <ulink url='&YOCTO_DOCS_REF_URL;#var-EXTRA_IMAGE_FEATURES'><filename>EXTRA_IMAGE_FEATURES</filename></ulink>
-                    variable to have the value of "tools-debug" before rebuilding the image.
-                    Once the image is rebuilt, the <filename>tcf-agent</filename> will be included
-                    in the image and is launched automatically after the boot.</para></listitem>
-                <listitem><para>Manually build the <filename>tcf-agent</filename>.
-                    To build the agent, follow these steps:
-                    <orderedlist>
-                        <listitem><para>Be sure the ADT is installed as described in the
-                            "<link linkend='installing-the-adt'>Installing the ADT and Toolchains</link>" section.
-                            </para></listitem>
-                        <listitem><para>Set up the cross-development environment as described in the
-                            "<link linkend='setting-up-the-cross-development-environment'>Setting
-                            Up the Cross-Development Environment</link>" section.</para></listitem>
-                        <listitem><para>Get the <filename>tcf-agent</filename> source code using
-                            the following commands:
-                            <literallayout class='monospaced'>
-     $ git clone http://git.eclipse.org/gitroot/tcf/org.eclipse.tcf.agent.git
-     $ cd org.eclipse.tcf.agent/agent
-                            </literallayout></para></listitem>
-                        <listitem><para>Locate the
-                            <filename>Makefile.inc</filename> file inside the
-                            <filename>agent</filename> folder and modify it
-                            for the cross-compilation environment by setting the
-                            <filename>OPSYS</filename> and
-                            <ulink url='&YOCTO_DOCS_REF_URL;#var-MACHINE'><filename>MACHINE</filename></ulink>
-                            variables according to your target.
-                            </para></listitem>
-                        <listitem><para>Use the cross-development tools to build the
-                            <filename>tcf-agent</filename>.
-                            Before you "Make" the file, be sure your cross-tools are set up first.
-                            See the "<link linkend='makefile-based-projects'>Makefile-Based Projects</link>"
-                            section for information on how to make sure the cross-tools are set up
-                            correctly.</para>
-                            <para>If the build is successful, the <filename>tcf-agent</filename> output will
-                            be <filename>obj/$(OPSYS)/$(MACHINE)/Debug/agent</filename>.</para></listitem>
-                        <listitem><para>Deploy the agent into the image's root filesystem.</para></listitem>
-                    </orderedlist>
-                </para></listitem>
-            </itemizedlist>
+            If you plan on remotely deploying and debugging your
+            application from within the Eclipse IDE, you must have an image
+            that contains the Yocto Target Communication Framework (TCF) agent
+            (<filename>tcf-agent</filename>).
+            You can do this by including the <filename>eclipse-debug</filename>
+            image feature.
+            <note>
+                See the
+                "<ulink url='&YOCTO_DOCS_REF_URL;#ref-features-image'>Image Features</ulink>"
+                section in the Yocto Project Reference Manual for information on
+                image features.
+            </note>
+            To include the <filename>eclipse-debug</filename> image feature,
+            modify your <filename>local.conf</filename> file in the
+            <ulink url='&YOCTO_DOCS_DEV_URL;#build-directory'>Build Directory</ulink>
+            so that the
+            <ulink url='&YOCTO_DOCS_REF_URL;#var-EXTRA_IMAGE_FEATURES'><filename>EXTRA_IMAGE_FEATURES</filename></ulink>
+            variable includes the "eclipse-debug" feature.
+            After modifying the configuration file, you can rebuild the image.
+            Once the image is rebuilt, the <filename>tcf-agent</filename>
+            will be included in the image and is launched automatically after
+            the boot.
         </para>
     </section>
 
@@ -622,50 +588,56 @@
 
     <para>
         As an alternative to locating and downloading a toolchain installer,
-        you can build the toolchain installer one of two ways if you have a
-        <ulink url='&YOCTO_DOCS_DEV_URL;#build-directory'>Build Directory</ulink>:
-        <itemizedlist>
-            <listitem><para>
-                Use <filename>bitbake meta-toolchain</filename>.
-                This method requires you to still install the target
-                sysroot by installing and extracting it separately.
-                For information on how to install the sysroot, see the
-                "<link linkend='extracting-the-root-filesystem'>Extracting the Root Filesystem</link>"
-                section.
-                </para></listitem>
-            <listitem><para>
-                Use <filename>bitbake</filename> <replaceable>image</replaceable> <filename>-c populate_sdk</filename>.
-                This method has significant advantages over the previous method
-                because it results in a toolchain installer that contains the
-                sysroot that matches your target root filesystem.
-                </para>
+        you can build the toolchain installer if you have a
+        <ulink url='&YOCTO_DOCS_DEV_URL;#build-directory'>Build Directory</ulink>.
+        <note>
+            Although not the preferred method, it is also possible to use
+            <filename>bitbake meta-toolchain</filename> to build the toolchain
+            installer.
+            If you do use this method, you must separately install and extract
+            the target sysroot.
+            For information on how to install the sysroot, see the
+            "<link linkend='extracting-the-root-filesystem'>Extracting the Root Filesystem</link>"
+            section.
+        </note>
+    </para>
 
-                <para>Another powerful feature is that the toolchain is
-                completely self-contained.
-                The binaries are linked against their own copy of
-                <filename>libc</filename>, which results in no dependencies
-                on the target system.
-                To achieve this, the pointer to the dynamic loader is
-                configured at install time since that path cannot be dynamically
-                altered.
-                This is the reason for a wrapper around the
-                <filename>populate_sdk</filename> archive.</para>
+    <para>
+        To build the toolchain installer and populate the SDK image, use the
+        following command:
+        <literallayout class='monospaced'>
+     $ bitbake <replaceable>image</replaceable> -c populate_sdk
+        </literallayout>
+        The command results in a toolchain installer that contains the sysroot
+        that matches your target root filesystem.
+    </para>
 
-                <para>Another feature is that only one set of cross-canadian
-                toolchain binaries are produced per architecture.
-                This feature takes advantage of the fact that the target
-                hardware can be passed to <filename>gcc</filename> as a set of
-                compiler options.
-                Those options are set up by the environment script and
-                contained in variables such as
-                <ulink url='&YOCTO_DOCS_REF_URL;#var-CC'><filename>CC</filename></ulink>
-                and
-                <ulink url='&YOCTO_DOCS_REF_URL;#var-LD'><filename>LD</filename></ulink>.
-                This reduces the space needed for the tools.
-                Understand, however, that a sysroot is still needed for every
-                target since those binaries are target-specific.
-                </para></listitem>
-        </itemizedlist>
+    <para>
+        Another powerful feature is that the toolchain is completely
+        self-contained.
+        The binaries are linked against their own copy of
+        <filename>libc</filename>, which results in no dependencies
+        on the target system.
+        To achieve this, the pointer to the dynamic loader is
+        configured at install time since that path cannot be dynamically
+        altered.
+        This is the reason for a wrapper around the
+        <filename>populate_sdk</filename> archive.
+    </para>
+
+    <para>
+        Another feature is that only one set of cross-canadian toolchain
+        binaries are produced per architecture.
+        This feature takes advantage of the fact that the target hardware can
+        be passed to <filename>gcc</filename> as a set of compiler options.
+        Those options are set up by the environment script and contained in
+        variables such as
+        <ulink url='&YOCTO_DOCS_REF_URL;#var-CC'><filename>CC</filename></ulink>
+        and
+        <ulink url='&YOCTO_DOCS_REF_URL;#var-LD'><filename>LD</filename></ulink>.
+        This reduces the space needed for the tools.
+        Understand, however, that a sysroot is still needed for every target
+        since those binaries are target-specific.
     </para>
 
     <para>

documentation/bsp-guide/bsp-guide-customization.xsl

@@ -1,8 +1,16 @@
 <?xml version='1.0'?>
 <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://www.w3.org/1999/xhtml" xmlns:fo="http://www.w3.org/1999/XSL/Format" version="1.0">
 
+  <xsl:import href="http://downloads.yoctoproject.org/mirror/docbook-mirror/docbook-xsl-1.76.1/xhtml/docbook.xsl" />
+
+<!--
+
+  <xsl:import href="../template/1.76.1/docbook-xsl-1.76.1/xhtml/docbook.xsl" />
+
   <xsl:import href="http://docbook.sourceforge.net/release/xsl/1.76.1/xhtml/docbook.xsl" />
 
+-->
+
   <xsl:include href="../template/permalinks.xsl"/>
   <xsl:include href="../template/section.title.xsl"/>
   <xsl:include href="../template/component.title.xsl"/>

documentation/bsp-guide/bsp-guide-eclipse-customization.xsl

@@ -5,9 +5,17 @@
 	xmlns:fo="http://www.w3.org/1999/XSL/Format"
 	version="1.0">
 
+  <xsl:import href="http://downloads.yoctoproject.org/mirror/docbook-mirror/docbook-xsl-1.76.1/eclipse/eclipse3.xsl" />
+
+<!--
+
+  <xsl:import href="../template/1.76.1/docbook-xsl-1.76.1/eclipse/eclipse3.xsl" />
+
   <xsl:import
 	  href="http://docbook.sourceforge.net/release/xsl/1.76.1/eclipse/eclipse3.xsl" />
 
+-->
+
   <xsl:param name="chunker.output.indent" select="'yes'"/>
   <xsl:param name="chunk.quietly" select="1"/>
   <xsl:param name="chunk.first.sections" select="1"/>

documentation/bsp-guide/bsp-guide.xml

@@ -98,6 +98,16 @@
                 <date>April 2015</date>
                 <revremark>Released with the Yocto Project 1.8 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>1.8.1</revnumber>
+                <date>November 2015</date>
+                <revremark>Released with the Yocto Project 1.8.1 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>1.8.2</revnumber>
+                <date>March 2016</date>
+                <revremark>Released with the Yocto Project 1.8.2 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/dev-manual/dev-manual-common-tasks.xml

@@ -3317,6 +3317,10 @@
                 <literallayout class='monospaced'>
      COMPATIBLE_MACHINE = '(qemux86|qemumips)'
                 </literallayout>
+                For more information on <filename>defconfig</filename> files,
+                see the
+                "<ulink url='&YOCTO_DOCS_KERNEL_DEV_URL;#changing-the-configuration'>Changing the Configuration</ulink>"
+                section in the Yocto Project Linux Kernel Development Manual.
             </para>
         </section>
 
@@ -4620,13 +4624,22 @@
         <title>Configuring the Kernel</title>
 
         <para>
-            Configuring the Yocto Project kernel consists of making sure the <filename>.config</filename>
-            file has all the right information in it for the image you are building.
-            You can use the <filename>menuconfig</filename> tool and configuration fragments to
-            make sure your <filename>.config</filename> file is just how you need it.
-            This section describes how to use <filename>menuconfig</filename>, create and use
-            configuration fragments, and how to interactively modify your <filename>.config</filename>
-            file to create the leanest kernel configuration file possible.
+            Configuring the Yocto Project kernel consists of making sure the
+            <filename>.config</filename> file has all the right information
+            in it for the image you are building.
+            You can use the <filename>menuconfig</filename> tool and
+            configuration fragments to make sure your
+            <filename>.config</filename> file is just how you need it.
+            You can also save known configurations in a
+            <filename>defconfig</filename> file that the build system can use
+            for kernel configuration.
+        </para>
+
+        <para>
+            This section describes how to use <filename>menuconfig</filename>,
+            create and use configuration fragments, and how to interactively
+            modify your <filename>.config</filename> file to create the
+            leanest kernel configuration file possible.
         </para>
 
         <para>
@@ -4656,18 +4669,23 @@
                 <ulink url='&YOCTO_DOCS_REF_URL;#structure-memres-core-script'><filename>oe-init-build-env-memres</filename></ulink>
                 script found in the
                 <link linkend='build-directory'>Build Directory</link>.
-                The following commands run <filename>menuconfig</filename> assuming the
-                <link linkend='source-directory'>Source Directory</link>
-                top-level folder is <filename>~/poky</filename>:
+                You must also be sure of the state of your build in the
+                <link linkend='source-directory'>Source Directory</link>.
+                The following commands run <filename>menuconfig</filename>
+                assuming the Source Directory's top-level folder is
+                <filename>~/poky</filename>:
                 <literallayout class='monospaced'>
      $ cd poky
      $ source oe-init-build-env
+     $ bitbake linux-yocto -c kernel_configme -f
      $ bitbake linux-yocto -c menuconfig
                 </literallayout>
-                Once <filename>menuconfig</filename> comes up, its standard interface allows you to
-                interactively examine and configure all the kernel configuration parameters.
-                After making your changes, simply exit the tool and save your changes to
-                create an updated version of the <filename>.config</filename> configuration file.
+                Once <filename>menuconfig</filename> comes up, its standard
+                interface allows you to interactively examine and configure
+                all the kernel configuration parameters.
+                After making your changes, simply exit the tool and save your
+                changes to create an updated version of the
+                <filename>.config</filename> configuration file.
             </para>
 
             <para>
@@ -4748,6 +4766,70 @@
             </para>
         </section>
 
+        <section id='creating-a-defconfig-file'>
+            <title>Creating a&nbsp;&nbsp;<filename>defconfig</filename> File</title>
+
+            <para>
+                A <filename>defconfig</filename> file is simply a
+                <filename>.config</filename> renamed to "defconfig".
+                You can use a <filename>defconfig</filename> file
+                to retain a known set of kernel configurations from which the
+                OpenEmbedded build system can draw to create the final
+                <filename>.config</filename> file.
+                <note>
+                    Out-of-the-box, the Yocto Project never ships a
+                    <filename>defconfig</filename> or
+                    <filename>.config</filename> file.
+                    The OpenEmbedded build system creates the final
+                    <filename>.config</filename> file used to configure the
+                    kernel.
+                </note>
+            </para>
+
+            <para>
+                To create a <filename>defconfig</filename>, start with a
+                complete, working Linux kernel <filename>.config</filename>
+                file.
+                Copy that file to the appropriate
+                <filename>${</filename><ulink url='&YOCTO_DOCS_REF_URL;#var-PN'><filename>PN</filename></ulink><filename>}</filename>
+                directory in your layer's
+                <filename>recipes-kernel/linux</filename> directory, and rename
+                the copied file to "defconfig".
+                Then, add the following lines to the linux-yocto
+                <filename>.bbappend</filename> file in your layer:
+                <literallayout class='monospaced'>
+     FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
+     SRC_URI += "file://defconfig"
+                </literallayout>
+                The
+                <ulink url='&YOCTO_DOCS_REF_URL;#var-SRC_URI'><filename>SRC_URI</filename></ulink>
+                tells the build system how to search for the file, while the
+                <ulink url='&YOCTO_DOCS_REF_URL;#var-FILESEXTRAPATHS'><filename>FILESEXTRAPATHS</filename></ulink>
+                extends the
+                <ulink url='&YOCTO_DOCS_REF_URL;#var-FILESPATH'><filename>FILESPATH</filename></ulink>
+                variable (search directories) to include the
+                <filename>${PN}</filename> directory you created to hold the
+                configuration changes.
+                <note>
+                    The build system applies the configurations from the
+                    <filename>defconfig</filename> file before applying any
+                    subsequent configuration fragments.
+                    The final kernel configuration is a combination of the
+                    configurations in the <filename>defconfig</filename>
+                    file and any configuration fragments you provide.
+                    You need to realize that if you have any configuration
+                    fragments, the build system applies these on top of and
+                    after applying the existing defconfig file configurations.
+                </note>
+                For more information on configuring the kernel, see the
+                "<ulink url='&YOCTO_DOCS_KERNEL_DEV_URL;#changing-the-configuration'>Changing the Configuration</ulink>"
+                and
+                "<ulink url='&YOCTO_DOCS_KERNEL_DEV_URL;#generating-configuration-files'>Generating Configuration Files</ulink>"
+                sections, both in the Yocto Project Linux Kernel Development
+                Manual.
+            </para>
+        </section>
+
         <section id='creating-config-fragments'>
             <title>Creating Configuration Fragments</title>
 
@@ -4771,23 +4853,27 @@
      $ echo "CONFIG_SMP=y" >> my_smp.cfg
                 </literallayout>
                 <note>
-                    All configuration files must use the <filename>.cfg</filename> extension in order
-                    for the OpenEmbedded build system to recognize them as a configuration fragment.
+                    All configuration fragment files must use the
+                    <filename>.cfg</filename> extension in order for the
+                    OpenEmbedded build system to recognize them as a
+                    configuration fragment.
                 </note>
             </para>
 
             <para>
-                Where do you put your configuration files?
-                You can place these configuration files in the same area pointed to by
+                Where do you put your configuration fragment files?
+                You can place these files in the same area pointed to by
                 <ulink url='&YOCTO_DOCS_REF_URL;#var-SRC_URI'><filename>SRC_URI</filename></ulink>.
-                The OpenEmbedded build system will pick up the configuration and add it to the
-                kernel's configuration.
-                For example, suppose you had a set of configuration options in a file called
-                <filename>myconfig.cfg</filename>.
-                If you put that file inside a directory named <filename>linux-yocto</filename>
-                that resides in the same directory as the kernel's append file and then add
-                a <filename>SRC_URI</filename> statement such as the following to the kernel's append file,
-                those configuration options will be picked up and applied when the kernel is built.
+                The OpenEmbedded build system picks up the configuration and
+                adds it to the kernel's configuration.
+                For example, suppose you had a set of configuration options
+                in a file called <filename>myconfig.cfg</filename>.
+                If you put that file inside a directory named
+                <filename>linux-yocto</filename> that resides in the same
+                directory as the kernel's append file and then add a
+                <filename>SRC_URI</filename> statement such as the following
+                to the kernel's append file, those configuration options
+                will be picked up and applied when the kernel is built.
                 <literallayout class='monospaced'>
      SRC_URI += "file://myconfig.cfg"
                 </literallayout>
@@ -4843,9 +4929,10 @@
 
             <para>
                 For each output warning, a message points to the file
-                that contains a list of the options and a pointer to the config
-                fragment that defines them.
-                Collectively, the files are the key to streamlining the configuration.
+                that contains a list of the options and a pointer to the
+                configuration fragment that defines them.
+                Collectively, the files are the key to streamlining the
+                configuration.
             </para>
 
             <para>
@@ -8656,9 +8743,19 @@
                 <ulink url='&YOCTO_DOCS_REF_URL;#var-BBPATH'><filename>BBPATH</filename></ulink>
                 is extended in the layer's
                 <filename>layer.conf</filename> file as normal).
-                Just remember that filenames need to map directly to test
-                (module) names and that you do not use module names that
-                collide with existing core tests.
+                Just remember the following:
+                <itemizedlist>
+                    <listitem><para>Filenames need to map directly to test
+                        (module) names.
+                        </para></listitem>
+                    <listitem><para>Do not use module names that
+                        collide with existing core tests.
+                        </para></listitem>
+                    <listitem><para>Minimally, an empty
+                        <filename>__init__.py</filename> file must exist
+                        in the runtime directory.
+                        </para></listitem>
+                </itemizedlist>
             </para>
 
             <para>
@@ -9079,6 +9176,14 @@
             you debug and fix them.
             This section presents a real-world example of an error encountered
             on the Yocto Project autobuilder and the process used to fix it.
+            <note>
+                If you cannot properly fix a <filename>make</filename> race
+                condition, you can work around it by clearing either the
+                <ulink url='&YOCTO_DOCS_REF_URL;#var-PARALLEL_MAKE'><filename>PARALLEL_MAKE</filename></ulink>
+                or
+                <ulink url='&YOCTO_DOCS_REF_URL;#var-PARALLEL_MAKEINST'><filename>PARALLEL_MAKEINST</filename></ulink>
+                variables.
+            </note>
         </para>
 
         <section id='the-failure'>

documentation/dev-manual/dev-manual-customization.xsl

@@ -1,8 +1,16 @@
 <?xml version='1.0'?>
 <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://www.w3.org/1999/xhtml" xmlns:fo="http://www.w3.org/1999/XSL/Format" version="1.0">
 
+  <xsl:import href="http://downloads.yoctoproject.org/mirror/docbook-mirror/docbook-xsl-1.76.1/xhtml/docbook.xsl" />
+
+<!--
+
+  <xsl:import href="../template/1.76.1/docbook-xsl-1.76.1/xhtml/docbook.xsl" />
+
   <xsl:import href="http://docbook.sourceforge.net/release/xsl/1.76.1/xhtml/docbook.xsl" />
 
+-->
+
   <xsl:include href="../template/permalinks.xsl"/>
   <xsl:include href="../template/section.title.xsl"/>
   <xsl:include href="../template/component.title.xsl"/>

documentation/dev-manual/dev-manual-eclipse-customization.xsl

@@ -5,9 +5,17 @@
 	xmlns:fo="http://www.w3.org/1999/XSL/Format"
 	version="1.0">
 
+  <xsl:import href="http://downloads.yoctoproject.org/mirror/docbook-mirror/docbook-xsl-1.76.1/eclipse/eclipse3.xsl" />
+
+<!--
+
+  <xsl:import href="../template/1.76.1/docbook-xsl-1.76.1/eclipse/eclipse3.xsl" />
+
   <xsl:import
 	  href="http://docbook.sourceforge.net/release/xsl/1.76.1/eclipse/eclipse3.xsl" />
 
+-->
+
   <xsl:param name="chunker.output.indent" select="'yes'"/>
   <xsl:param name="chunk.quietly" select="1"/>
   <xsl:param name="chunk.first.sections" select="1"/>

documentation/dev-manual/dev-manual-model.xml

@@ -491,28 +491,44 @@
                         changing source files.
                         However, if you have to do this, you make the changes to the files in the
                         Build Directory.</para></listitem>
-                    <listitem><para><emphasis>Make kernel configuration changes
-                        if applicable</emphasis>:
-                        If your situation calls for changing the kernel's configuration, you can
-                        use the <filename>yocto-kernel</filename> script or <filename>menuconfig</filename>
-                        to enable and disable kernel configurations.
-                        Using the script lets you interactively set up kernel configurations.
-                        Using <filename>menuconfig</filename> allows you to interactively develop and test the
+                    <listitem><para><emphasis>Make kernel configuration changes if applicable</emphasis>:
+                        If your situation calls for changing the kernel's
+                        configuration, you can use
+                        <ulink url='&YOCTO_DOCS_KERNEL_DEV_URL;#generating-configuration-files'><filename>menuconfig</filename></ulink>,
+                        which allows you to interactively develop and test the
                         configuration changes you are making to the kernel.
-                        When saved, changes using <filename>menuconfig</filename> update the kernel's
-                        <filename>.config</filename> file.
-                        Try to resist the temptation of directly editing the <filename>.config</filename>
-                        file found in the Build Directory at
-                        <filename>tmp/sysroots/&lt;machine-name&gt;/kernel</filename>.
-                        Doing so, can produce unexpected results when the OpenEmbedded build system
-                        regenerates the configuration file.</para>
-                        <para>Once you are satisfied with the configuration changes made using
-                        <filename>menuconfig</filename>, you can directly compare the
-                        <filename>.config</filename> file against a saved original and gather those
-                        changes into a config fragment to be referenced from within the kernel's
-                        <filename>.bbappend</filename> file.</para></listitem>
+                        Saving changes you make with
+                        <filename>menuconfig</filename> updates
+                        the kernel's <filename>.config</filename> file.
+                        <note><title>Warning</title>
+                            Try to resist the temptation to directly edit an
+                            existing <filename>.config</filename> file, which is
+                            found in the Build Directory at
+                            <filename>tmp/sysroots/<replaceable>machine-name</replaceable>/kernel</filename>.
+                            Doing so, can produce unexpected results when the
+                            OpenEmbedded build system regenerates the configuration
+                            file.
+                        </note>
+                        Once you are satisfied with the configuration
+                        changes made using <filename>menuconfig</filename>
+                        and you have saved them, you can directly compare the
+                        resulting <filename>.config</filename> file against an
+                        existing original and gather those changes into a
+                        <link linkend='creating-config-fragments'>configuration fragment file</link>
+                        to be referenced from within the kernel's
+                        <filename>.bbappend</filename> file.</para>
+
+                        <para>Additionally, if you are working in a BSP layer
+                        and need to modify the BSP's kernel's configuration,
+                        you can use the
+                        <ulink url='&YOCTO_DOCS_BSP_URL;#managing-kernel-patches-and-config-items-with-yocto-kernel'><filename>yocto-kernel</filename></ulink>
+                        script as well as <filename>menuconfig</filename>.
+                        The <filename>yocto-kernel</filename> script lets
+                        you interactively set up kernel configurations.
+                        </para></listitem>
                     <listitem><para><emphasis>Rebuild the kernel image with your changes</emphasis>:
-                        Rebuilding the kernel image applies your changes.</para></listitem>
+                        Rebuilding the kernel image applies your changes.
+                        </para></listitem>
                 </orderedlist>
             </para>
         </section>

documentation/dev-manual/dev-manual.xml

@@ -76,6 +76,16 @@
                 <date>April 2015</date>
                 <revremark>Released with the Yocto Project 1.8 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>1.8.1</revnumber>
+                <date>November 2015</date>
+                <revremark>Released with the Yocto Project 1.8.1 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>1.8.2</revnumber>
+                <date>March 2016</date>
+                <revremark>Released with the Yocto Project 1.8.2 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/kernel-dev/kernel-dev-common.xml

@@ -238,6 +238,65 @@
                 section in the Yocto Project Development Manual.
             </para>
         </section>
+
+        <section id='using-an-in-tree-defconfig-file'>
+            <title>Using an "In-Tree"&nbsp;&nbsp;<filename>defconfig</filename> File</title>
+
+            <para>
+                It might be desirable to have kernel configuration fragment
+                support through a <filename>defconfig</filename> file that
+                is pulled from the kernel source tree for the configured
+                machine.
+                By default, the OpenEmbedded build system looks for
+                <filename>defconfig</filename> files in the layer used for
+                Metadata, which is "out-of-tree", and then configures them
+                using the following:
+                <literallayout class='monospaced'>
+     SRC_URI += "file://defconfig"
+                </literallayout>
+                If you do not want to maintain copies of
+                <filename>defconfig</filename> files in your layer but would
+                rather allow users to use the default configuration from the
+                kernel tree and still be able to add configuration fragments
+                to the
+                <ulink url='&YOCTO_DOCS_REF_URL;#var-SRC_URI'><filename>SRC_URI</filename></ulink>
+                through, for example, append files, you can direct the
+                OpenEmbedded build system to use a
+                <filename>defconfig</filename> file that is "in-tree".
+            </para>
+
+            <para>
+                To specify an "in-tree" <filename>defconfig</filename> file,
+                edit the recipe that builds your kernel so that it has the
+                following command form:
+                <literallayout class='monospaced'>
+     KBUILD_DEFCONFIG_<ulink url='&YOCTO_DOCS_REF_URL;#var-KMACHINE'>KMACHINE</ulink> ?= <replaceable>defconfig_file</replaceable>
+                </literallayout>
+                You need to append the variable with
+                <filename>KMACHINE</filename> and then supply the path to
+                your "in-tree" <filename>defconfig</filename> file.
+            </para>
+
+            <para>
+                Aside from modifying your kernel recipe and providing your own
+                <filename>defconfig</filename> file, you need to be sure no
+                files or statements set <filename>SRC_URI</filename> to use a
+                <filename>defconfig</filename> other than your "in-tree"
+                file (e.g. a kernel's <filename>linux-</filename><replaceable>machine</replaceable><filename>.inc</filename>
+                file).
+                In other words, if the build system detects a statement
+                that identifies an "out-of-tree"
+                <filename>defconfig</filename> file, that statement
+                will override your
+                <filename>KBUILD_DEFCONFIG</filename> variable.
+            </para>
+
+            <para>
+                See the
+                <ulink url='&YOCTO_DOCS_REF_URL;#var-KBUILD_DEFCONFIG'><filename>KBUILD_DEFCONFIG</filename></ulink>
+                variable description for more information.
+            </para>
+        </section>
     </section>
 
     <section id='using-an-iterative-development-process'>
@@ -347,7 +406,14 @@
                         configuration task as follows:
                         <literallayout class='monospaced'>
      $ bitbake linux-yocto -c kernel_configme -f
-                        </literallayout></para></listitem>
+                        </literallayout>
+                        This step ensures that you will be creating a
+                        <filename>.config</filename> file from a known state.
+                        Because situations exist where your build state might
+                        become unknown, it is best to run the previous
+                        command prior to starting up
+                        <filename>menuconfig</filename>.
+                        </para></listitem>
                     <listitem><para>Run the <filename>menuconfig</filename>
                         command:
                         <literallayout class='monospaced'>
@@ -565,15 +631,35 @@
                     to store your patches and configuration files (e.g.
                     <filename>linux-yocto-myproject</filename>).
                     </para></listitem>
+                <listitem><para>Make sure you have either a
+                    <filename>defconfig</filename> file or configuration
+                    fragment files.
+                    When you use the <filename>linux-yocto-custom.bb</filename>
+                    recipe, you must specify a configuration.
+                    If you do not have a <filename>defconfig</filename> file,
+                    you can run the following:
+                    <literallayout class='monospaced'>
+     $ make defconfig
+                    </literallayout>
+                    After running the command, copy the resulting
+                    <filename>.config</filename> to the
+                    <filename>files</filename> directory as "defconfig" and
+                    then add it to the
+                    <ulink url='&YOCTO_DOCS_REF_URL;#var-SRC_URI'><filename>SRC_URI</filename></ulink>
+                    variable in the recipe.
+                    </para></listitem>
                 <listitem><para>Edit the following variables in your recipe
                     as appropriate for your project:
                     <itemizedlist>
                         <listitem><para><ulink url='&YOCTO_DOCS_REF_URL;#var-SRC_URI'><filename>SRC_URI</filename></ulink>:
-                            The <filename>SRC_URI</filename> should be a Git
-                            repository that uses one of the supported Git fetcher
-                            protocols (i.e. <filename>file</filename>,
+                            The <filename>SRC_URI</filename> should specify
+                            a Git repository that uses one of the supported Git
+                            fetcher protocols (i.e. <filename>file</filename>,
                             <filename>git</filename>, <filename>http</filename>,
                             and so forth).
+                            The <filename>SRC_URI</filename> variable should
+                            also specify either a <filename>defconfig</filename>
+                            file or some configuration fragment files.
                             The skeleton recipe provides an example
                             <filename>SRC_URI</filename> as a syntax reference.
                             </para></listitem>
@@ -649,13 +735,27 @@
         <section id='building-out-of-tree-modules-on-the-target'>
             <title>Building Out-of-Tree Modules on the Target</title>
 
+            <para>
+                While the traditional Yocto Project development model would be
+                to include kernel modules as part of the normal build
+                process, you might find it useful to build modules on the
+                target.
+                This could be the case if your target system is capable
+                and powerful enough to handle the necessary compilation.
+                Before deciding to build on your target, however, you should
+                consider the benefits of using a proper cross-development
+                environment from your build host.
+            </para>
+
             <para>
                 If you want to be able to build out-of-tree modules on
                 the target, there are some steps you need to take
                 on the target that is running your SDK image.
                 Briefly, the <filename>kernel-dev</filename> package
                 is installed by default on all
-                <filename>*.sdk</filename> images.
+                <filename>*.sdk</filename> images and the
+                <filename>kernel-devsrc</filename> package is installed
+                on many of the <filename>*.sdk</filename> images.
                 However, you need to create some scripts prior to
                 attempting to build the out-of-tree modules on the target
                 that is running that image.
@@ -673,7 +773,9 @@
                 Because all SDK image recipes include
                 <filename>dev-pkgs</filename>, the
                 <filename>kernel-dev</filename> packages will be installed
-                as part of the SDK image.
+                as part of the SDK image and the
+                <filename>kernel-devsrc</filename> packages will be installed
+                as part of applicable SDK images.
                 The SDK uses the scripts when building out-of-tree
                 modules.
                 Once you have switched to that directory and created the

documentation/kernel-dev/kernel-dev-customization.xsl

@@ -1,8 +1,16 @@
 <?xml version='1.0'?>
 <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://www.w3.org/1999/xhtml" xmlns:fo="http://www.w3.org/1999/XSL/Format" version="1.0">
 
+  <xsl:import href="http://downloads.yoctoproject.org/mirror/docbook-mirror/docbook-xsl-1.76.1/xhtml/docbook.xsl" />
+
+<!--
+
+  <xsl:import href="../template/1.76.1/docbook-xsl-1.76.1/xhtml/docbook.xsl" />
+
   <xsl:import href="http://docbook.sourceforge.net/release/xsl/1.76.1/xhtml/docbook.xsl" />
 
+-->
+
   <xsl:include href="../template/permalinks.xsl"/>
   <xsl:include href="../template/section.title.xsl"/>
   <xsl:include href="../template/component.title.xsl"/>

documentation/kernel-dev/kernel-dev-eclipse-customization.xsl

@@ -5,9 +5,17 @@
 	xmlns:fo="http://www.w3.org/1999/XSL/Format"
 	version="1.0">
 
+  <xsl:import href="http://downloads.yoctoproject.org/mirror/docbook-mirror/docbook-xsl-1.76.1/eclipse/eclipse3.xsl" />
+
+<!--
+
+  <xsl:import href="../template/1.76.1/docbook-xsl-1.76.1/eclipse/eclipse3.xsl" />
+
   <xsl:import
 	  href="http://docbook.sourceforge.net/release/xsl/1.76.1/eclipse/eclipse3.xsl" />
 
+-->
+
   <xsl:param name="chunker.output.indent" select="'yes'"/>
   <xsl:param name="chunk.quietly" select="1"/>
   <xsl:param name="chunk.first.sections" select="1"/>

documentation/kernel-dev/kernel-dev.xml

@@ -61,6 +61,16 @@
                 <date>April 2015</date>
                 <revremark>Released with the Yocto Project 1.8 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>1.8.1</revnumber>
+                <date>November 2015</date>
+                <revremark>Released with the Yocto Project 1.8.1 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>1.8.2</revnumber>
+                <date>March 2016</date>
+                <revremark>Released with the Yocto Project 1.8.2 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/mega-manual/mega-manual-customization.xsl

@@ -1,8 +1,16 @@
 <?xml version='1.0'?>
 <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://www.w3.org/1999/xhtml" xmlns:fo="http://www.w3.org/1999/XSL/Format" version="1.0">
 
+  <xsl:import href="http://downloads.yoctoproject.org/mirror/docbook-mirror/docbook-xsl-1.76.1/xhtml/docbook.xsl" />
+
+<!--
+
+  <xsl:import href="../template/1.76.1/docbook-xsl-1.76.1/xhtml/docbook.xsl" />
+
   <xsl:import href="http://docbook.sourceforge.net/release/xsl/1.76.1/xhtml/docbook.xsl" />
 
+-->
+
   <xsl:param name="generate.toc">
    appendix  toc
    chapter   toc

documentation/mega-manual/mega-manual.xml

@@ -45,6 +45,16 @@
                 <date>April 2015</date>
                 <revremark>Released with the Yocto Project 1.8 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>1.8.1</revnumber>
+                <date>November 2015</date>
+                <revremark>Released with the Yocto Project 1.8.1 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>1.8.2</revnumber>
+                <date>March 2016</date>
+                <revremark>Released with the Yocto Project 1.8.2 Release.</revremark>
+            </revision>
        </revhistory>
 
     <copyright>

documentation/poky.ent

@@ -1,11 +1,11 @@
-<!ENTITY DISTRO "1.8">
-<!ENTITY DISTRO_COMPRESSED "18">
+<!ENTITY DISTRO "1.8.2">
+<!ENTITY DISTRO_COMPRESSED "182">
 <!ENTITY DISTRO_NAME "fido">
-<!ENTITY YOCTO_DOC_VERSION "1.8">
-<!ENTITY POKYVERSION "13.0.0">
-<!ENTITY POKYVERSION_COMPRESSED "1300">
+<!ENTITY YOCTO_DOC_VERSION "1.8.2">
+<!ENTITY POKYVERSION "13.0.2">
+<!ENTITY POKYVERSION_COMPRESSED "1302">
 <!ENTITY YOCTO_POKY "poky-&DISTRO_NAME;-&POKYVERSION;">
-<!ENTITY COPYRIGHT_YEAR "2010-2015">
+<!ENTITY COPYRIGHT_YEAR "2010-2016">
 <!ENTITY YOCTO_DL_URL "http://downloads.yoctoproject.org">
 <!ENTITY YOCTO_HOME_URL "http://www.yoctoproject.org">
 <!ENTITY YOCTO_LISTS_URL "http://lists.yoctoproject.org">
@@ -14,7 +14,7 @@
 <!ENTITY YOCTO_AB_URL "http://autobuilder.yoctoproject.org">
 <!ENTITY YOCTO_GIT_URL "http://git.yoctoproject.org">
 <!ENTITY YOCTO_ADTREPO_URL "http://adtrepo.yoctoproject.org">
-<!ENTITY YOCTO_RELEASE_NOTES "&YOCTO_HOME_URL;/download/yocto-project-&DISTRO_COMPRESSED;-poky-&POKYVERSION_COMPRESSED;">
+<!ENTITY YOCTO_RELEASE_NOTES "&YOCTO_HOME_URL;/downloads/core/&DISTRO_NAME;&DISTRO_COMPRESSED;">
 <!ENTITY OE_HOME_URL "http://www.openembedded.org">
 <!ENTITY OE_LISTS_URL "http://lists.openembedded.org/mailman">
 <!ENTITY OE_DOCS_URL "http://docs.openembedded.org">
@@ -62,7 +62,8 @@
      build-essential chrpath socat">
 <!ENTITY FEDORA_HOST_PACKAGES_ESSENTIAL "gawk make wget tar bzip2 gzip python unzip perl patch \
      diffutils diffstat git cpp gcc gcc-c++ glibc-devel texinfo chrpath \
-     ccache perl-Data-Dumper perl-Text-ParseWords perl-Thread-Queue socat">
+     ccache perl-Data-Dumper perl-Text-ParseWords perl-Thread-Queue socat \
+     findutils which">
 <!ENTITY OPENSUSE_HOST_PACKAGES_ESSENTIAL "python gcc gcc-c++ git chrpath make wget python-xml \
      diffstat makeinfo python-curses patch socat">
 <!ENTITY CENTOS_HOST_PACKAGES_ESSENTIAL "gawk make wget tar bzip2 gzip python unzip perl patch \

documentation/profile-manual/profile-manual-customization.xsl

@@ -1,8 +1,16 @@
 <?xml version='1.0'?>
 <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://www.w3.org/1999/xhtml" xmlns:fo="http://www.w3.org/1999/XSL/Format" version="1.0">
 
+  <xsl:import href="http://downloads.yoctoproject.org/mirror/docbook-mirror/docbook-xsl-1.76.1/xhtml/docbook.xsl" />
+
+<!--
+
+  <xsl:import href="../template/1.76.1/docbook-xsl-1.76.1/xhtml/docbook.xsl" />
+
   <xsl:import href="http://docbook.sourceforge.net/release/xsl/1.76.1/xhtml/docbook.xsl" />
 
+-->
+
   <xsl:include href="../template/permalinks.xsl"/>
   <xsl:include href="../template/section.title.xsl"/>
   <xsl:include href="../template/component.title.xsl"/>

documentation/profile-manual/profile-manual-eclipse-customization.xsl

@@ -5,9 +5,17 @@
 	xmlns:fo="http://www.w3.org/1999/XSL/Format"
 	version="1.0">
 
+  <xsl:import href="http://downloads.yoctoproject.org/mirror/docbook-mirror/docbook-xsl-1.76.1/eclipse/eclipse3.xsl" />
+
+<!--
+
+  <xsl:import href="../template/1.76.1/docbook-xsl-1.76.1/eclipse/eclipse3.xsl" />
+
   <xsl:import
 	  href="http://docbook.sourceforge.net/release/xsl/1.76.1/eclipse/eclipse3.xsl" />
 
+-->
+
   <xsl:param name="chunker.output.indent" select="'yes'"/>
   <xsl:param name="chunk.quietly" select="1"/>
   <xsl:param name="chunk.first.sections" select="1"/>

documentation/profile-manual/profile-manual.xml

@@ -61,6 +61,16 @@
                 <date>April 2015</date>
                 <revremark>Released with the Yocto Project 1.8 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>1.8.1</revnumber>
+                <date>November 2015</date>
+                <revremark>Released with the Yocto Project 1.8.1 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>1.8.2</revnumber>
+                <date>March 2016</date>
+                <revremark>Released with the Yocto Project 1.8.2 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/ref-manual/migration.xml

@@ -1254,7 +1254,7 @@
                     <listitem><para><filename>bb.MalformedUrl</filename>:
                         Use <filename>bb.fetch.MalformedUrl</filename>.
                         </para></listitem>
-                    <listitem><para><filename>bb.fetch.encodeurl</filename>:
+                    <listitem><para><filename>bb.encodeurl</filename>:
                         Use <filename>bb.fetch.encodeurl</filename>.
                         </para></listitem>
                     <listitem><para><filename>bb.decodeurl</filename>:
@@ -1351,8 +1351,7 @@
             <title><filename>PRINC</filename></title>
 
             <para>
-                The
-                <link linkend='var-PRINC'><filename>PRINC</filename></link>
+                The <filename>PRINC</filename>
                 variable has been deprecated and triggers a warning if
                 detected during a build.
                 For
@@ -1413,6 +1412,35 @@
                 it encounters the variable.
             </para>
         </section>
+
+        <section id='migration-1.6-variable-changes-variable-entry-behavior'>
+            <title>Preprocess and Post Process Command Variable Behavior</title>
+
+            <para>
+                The following variables now expect a semicolon separated
+                list of functions to call and not arbitrary shell commands:
+                <literallayout class='monospaced'>
+     <link linkend='var-ROOTFS_PREPROCESS_COMMAND'>ROOTFS_PREPROCESS_COMMAND</link>
+     <link linkend='var-ROOTFS_POSTPROCESS_COMMAND'>ROOTFS_POSTPROCESS_COMMAND</link>
+     <link linkend='var-SDK_POSTPROCESS_COMMAND'>SDK_POSTPROCESS_COMMAND</link>
+     <link linkend='var-POPULATE_SDK_POST_TARGET_COMMAND'>POPULATE_SDK_POST_TARGET_COMMAND</link>
+     <link linkend='var-POPULATE_SDK_POST_HOST_COMMAND'>POPULATE_SDK_POST_HOST_COMMAND</link>
+     <link linkend='var-IMAGE_POSTPROCESS_COMMAND'>IMAGE_POSTPROCESS_COMMAND</link>
+     <link linkend='var-IMAGE_PREPROCESS_COMMAND'>IMAGE_PREPROCESS_COMMAND</link>
+     <link linkend='var-ROOTFS_POSTUNINSTALL_COMMAND'>ROOTFS_POSTUNINSTALL_COMMAND</link>
+     <link linkend='var-ROOTFS_POSTINSTALL_COMMAND'>ROOTFS_POSTINSTALL_COMMAND</link>
+                </literallayout>
+                For migration purposes, you can simply wrap shell commands in
+                a shell function and then call the function.
+                Here is an example:
+                <literallayout class='monospaced'>
+     my_postprocess_function() {
+        echo "hello" > ${IMAGE_ROOTFS}/hello.txt
+     }
+     ROOTFS_POSTPROCESS_COMMAND += "my_postprocess_function; "
+                </literallayout>
+            </para>
+        </section>
     </section>
 
     <section id='migration-1.6-directory-layout-changes'>
@@ -2218,8 +2246,7 @@
             The following QA Check and Validation Changes have occurred:
             <itemizedlist>
                 <listitem><para>
-                    Usage of
-                    <link linkend='var-PRINC'><filename>PRINC</filename></link>
+                    Usage of <filename>PRINC</filename>
                     previously triggered a warning.
                     It now triggers an error.
                     You should remove any remaining usage of

documentation/ref-manual/ref-classes.xml

@@ -77,6 +77,10 @@
         For more details on the source archiver, see the
         "<ulink url='&YOCTO_DOCS_DEV_URL;#maintaining-open-source-license-compliance-during-your-products-lifecycle'>Maintaining Open Source License Compliance During Your Product's Lifecycle</ulink>"
         section in the Yocto Project Development Manual.
+        You can also see the
+        <link linkend='var-ARCHIVER_MODE'><filename>ARCHIVER_MODE</filename></link>
+        variable for information about the variable flags (varflags)
+        that help control archive creation.
     </para>
 </section>
 
@@ -856,7 +860,7 @@
         <literallayout class='monospaced'>
      inherit extrausers
      EXTRA_USERS_PARAMS = "\
-         useradd -P 1876*18 root; \
+         usermod -P 1876*18 root; \
          "
         </literallayout>
     </para>
@@ -2093,7 +2097,8 @@
         You can create a recipe that builds tools that run on the SDK machine
         a couple different ways:
         <itemizedlist>
-            <listitem><para>Create a <replaceable>myrecipe</replaceable><filename>-nativesdk.bb</filename>
+            <listitem><para>Create a
+                <filename>nativesdk-</filename><replaceable>myrecipe</replaceable><filename>.bb</filename>
                 recipe that inherits the <filename>nativesdk</filename> class.
                 If you use this method, you must order the inherit statement
                 in the recipe after all other inherit statements so that the
@@ -2132,7 +2137,7 @@
     </para>
 
     <para>
-        A number of classes exist that are could be generally useful in
+        A number of classes exist that could be generally useful in
         OE-Core but are never actually used within OE-Core itself.
         The <filename>oelint</filename> class is one such example.
         However, being aware of this class can reduce the proliferation of

documentation/ref-manual/ref-features.xml

@@ -176,6 +176,12 @@
                     PCMCIA/CompactFlash support.</para></listitem>
                 <listitem><para><emphasis>ppp:</emphasis> Include PPP dialup
                     support.</para></listitem>
+                <listitem><para><emphasis>ptest:</emphasis> Enables building
+                    the package tests where supported by individual recipes.
+                    For more information on package tests, see the
+                    "<ulink url='&YOCTO_DOCS_DEV_URL;#testing-packages-with-ptest'>Testing Packages With ptest</ulink>"
+                    section in the Yocto Project Development Manual.
+                    </para></listitem>
                 <listitem><para><emphasis>smbfs:</emphasis> Include SMB networks
                     client support (for mounting Samba/Microsoft Windows shares
                     on device).</para></listitem>

documentation/ref-manual/ref-manual-customization.xsl

@@ -1,8 +1,16 @@
 <?xml version='1.0'?>
 <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://www.w3.org/1999/xhtml" xmlns:fo="http://www.w3.org/1999/XSL/Format" version="1.0">
 
+  <xsl:import href="http://downloads.yoctoproject.org/mirror/docbook-mirror/docbook-xsl-1.76.1/xhtml/docbook.xsl" />
+
+<!--
+
+  <xsl:import href="../template/1.76.1/docbook-xsl-1.76.1/xhtml/docbook.xsl" />
+
   <xsl:import href="http://docbook.sourceforge.net/release/xsl/1.76.1/xhtml/docbook.xsl" />
 
+-->
+
   <xsl:include href="../template/permalinks.xsl"/>
   <xsl:include href="../template/section.title.xsl"/>
   <xsl:include href="../template/component.title.xsl"/>

documentation/ref-manual/ref-manual-eclipse-customization.xsl

@@ -5,9 +5,17 @@
 	xmlns:fo="http://www.w3.org/1999/XSL/Format"
 	version="1.0">
 
+  <xsl:import href="http://downloads.yoctoproject.org/mirror/docbook-mirror/docbook-xsl-1.76.1/eclipse/eclipse3.xsl" />
+
+<!--
+
+  <xsl:import href="../template/1.76.1/docbook-xsl-1.76.1/eclipse/eclipse3.xsl" />
+
   <xsl:import
 	  href="http://docbook.sourceforge.net/release/xsl/1.76.1/eclipse/eclipse3.xsl" />
 
+-->
+
   <xsl:param name="chunker.output.indent" select="'yes'"/>
   <xsl:param name="chunk.quietly" select="1"/>
   <xsl:param name="chunk.first.sections" select="1"/>

documentation/ref-manual/ref-manual.xml

@@ -92,6 +92,16 @@
                 <date>April 2015</date>
                 <revremark>Released with the Yocto Project 1.8 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>1.8.1</revnumber>
+                <date>November 2015</date>
+                <revremark>Released with the Yocto Project 1.8.1 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>1.8.2</revnumber>
+                <date>March 2016</date>
+                <revremark>Released with the Yocto Project 1.8.2 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/ref-manual/ref-qa-checks.xml

@@ -216,7 +216,7 @@ can be found then it should be implemented.  I can't find one at the moment.
             <listitem>
                 <para id='qa-issue-dev-so'>
                     <code>
-     non -dev/-dbg/-nativesdk package contains symlink .so: &lt;packagename&gt; path '&lt;path&gt;' [dev-so]
+     non -dev/-dbg/nativesdk- package contains symlink .so: &lt;packagename&gt; path '&lt;path&gt;' [dev-so]
                     </code>
                 </para>
 

documentation/ref-manual/ref-variables.xml

@@ -283,6 +283,49 @@
             </glossdef>
         </glossentry>
 
+        <glossentry id='var-ARCHIVER_MODE'><glossterm>ARCHIVER_MODE</glossterm>
+            <info>
+                ARCHIVER_MODE[doc] = "Controls archive creation used when releasing source files."
+            </info>
+            <glossdef>
+                <para role="glossdeffirst">
+<!--                <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
+                    When used with the
+                    <link linkend='ref-classes-archiver'><filename>archiver</filename></link>
+                    class, determines the type of information used to create
+                    a released archive.
+                    You can use this variable to create archives of patched
+                    source, original source, configured source, and so forth
+                    by employing the following variable flags (varflags):
+                    <literallayout class='monospaced'>
+     ARCHIVER_MODE[src] = "original"                 # Uses original (unpacked) source
+                                                     # files.
+
+     ARCHIVER_MODE[src] = "patched"                  # Uses patched source files. This is
+                                                     # the default.
+
+     ARCHIVER_MODE[src] = "configured"               # Uses configured source files.
+
+     ARCHIVER_MODE[diff] = "1"                       # Uses patches between do_unpack and
+                                                     # do_patch.
+
+     ARCHIVER_MODE[diff-exclude] ?= "<replaceable>file</replaceable> <replaceable>file</replaceable> ..."  # Lists files and directories to
+                                                     # exclude from diff.
+
+     ARCHIVER_MODE[dumpdata] = "1"                   # Uses environment data.
+
+     ARCHIVER_MODE[recipe] = "1"                     # Uses recipe and include files.
+
+     ARCHIVER_MODE[srpm] = "1"                       # Uses RPM package files.
+                    </literallayout>
+                    For information on how the variable works, see the
+                    <filename>meta/classes/archiver.bbclass</filename> file
+                    in the
+                    <ulink url='&YOCTO_DOCS_DEV_URL;#source-directory'>Source Directory</ulink>.
+                </para>
+            </glossdef>
+        </glossentry>
+
         <glossentry id='var-AS'><glossterm>AS</glossterm>
             <info>
                 AS[doc] = "Minimal command and arguments to run the assembler."
@@ -851,8 +894,26 @@
                     The OpenEmbedded build system automatically configures
                     this variable to be equal to the number of cores on the
                     build system.
-                    To gain optimal parallelism, you should not have to
-                    override this variable.
+                    For example, a system with a dual core processor that
+                    also uses hyper-threading causes the
+                    <filename>BB_NUMBER_THREADS</filename> variable to default
+                    to "4".
+                </para>
+
+                <para>
+                    For single socket systems (i.e. one CPU), you should not
+                    have to override this variable to gain optimal parallelism
+                    during builds.
+                    However, if you have very large systems that employ
+                    multiple physical CPUs, you might want to make sure the
+                    <filename>BB_NUMBER_THREADS</filename> variable is not
+                    set higher than "20".
+                </para>
+
+                <para>
+                    For more information on speeding up builds, see the
+                    "<link linkend='speeding-up-the-build'>Speeding Up the Build</link>"
+                    section.
                 </para>
             </glossdef>
         </glossentry>
@@ -3613,7 +3674,12 @@
             <glossdef>
                 <para role="glossdeffirst">
 <!--                <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
-                    The list of additional features to include in an image.
+                    A list of additional features to include in an image.
+                    When listing more than one feature, separate them with
+                    a space.
+                </para>
+
+                <para>
                     Typically, you configure this variable in your
                     <filename>local.conf</filename> file, which is found in the
                     <ulink url='&YOCTO_DOCS_DEV_URL;#build-directory'>Build Directory</ulink>.
@@ -4772,9 +4838,10 @@
                     <link linkend='ref-tasks-compile'><filename>do_compile</filename></link>
                     task that specify parallel compilation.
                     This variable usually takes the form of
-                    <filename>-j 4</filename>, where the number
-                    represents the maximum number of parallel threads
-                    <filename>make</filename> can run.
+                    "-j <replaceable>x</replaceable>", where
+                    <replaceable>x</replaceable> represents the maximum
+                    number of parallel threads <filename>make</filename> can
+                    run.
                     <note>
                         The options passed affect builds on all enabled
                         machines on the network, which are machines running the
@@ -5393,24 +5460,50 @@
 
         <glossentry id='var-IMAGE_POSTPROCESS_COMMAND'><glossterm>IMAGE_POSTPROCESS_COMMAND</glossterm>
             <info>
-                IMAGE_POSTPROCESS_COMMAND[doc] = "Added by classes to run post processing commands once the OpenEmbedded build system has created the image."
+                IMAGE_POSTPROCESS_COMMAND[doc] = "Specifies a list of functions to call once the OpenEmbedded build system has created the final image output files."
             </info>
             <glossdef>
                 <para role="glossdeffirst">
 <!--                <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
-                    Added by classes to run post processing commands once the
-                    OpenEmbedded build system has created the image.
-                    You can specify shell commands separated by semicolons:
+                    Specifies a list of functions to call once the
+                    OpenEmbedded build system has created the final image
+                    output files.
+                    You can specify functions separated by semicolons:
                     <literallayout class='monospaced'>
-     IMAGE_POSTPROCESS_COMMAND += "<replaceable>shell_command</replaceable>; ... "
+     IMAGE_POSTPROCESS_COMMAND += "<replaceable>function</replaceable>; ... "
                     </literallayout>
                 </para>
 
                 <para>
-                    If you need to pass the path to the root filesystem within
-                    the command, you can use
+                    If you need to pass the root filesystem path to a command
+                    within the function, you can use
                     <filename>${IMAGE_ROOTFS}</filename>, which points to
-                    the root filesystem image.
+                    the directory that becomes the root filesystem image.
+                </para>
+            </glossdef>
+        </glossentry>
+
+        <glossentry id='var-IMAGE_PREPROCESS_COMMAND'><glossterm>IMAGE_PREPROCESS_COMMAND</glossterm>
+            <info>
+                IMAGE_PREPROCESS_COMMAND[doc] = "Specifies a list of functions to call before the OpenEmbedded build system has created the final image output files."
+            </info>
+            <glossdef>
+                <para role="glossdeffirst">
+<!--                <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
+                    Specifies a list of functions to call before the
+                    OpenEmbedded build system has created the final image
+                    output files.
+                    You can specify functions separated by semicolons:
+                    <literallayout class='monospaced'>
+     IMAGE_PREPROCESS_COMMAND += "<replaceable>function</replaceable>; ... "
+                    </literallayout>
+                </para>
+
+                <para>
+                    If you need to pass the root filesystem path to a command
+                    within the function, you can use
+                    <filename>${IMAGE_ROOTFS}</filename>, which points to
+                    the directory that becomes the root filesystem image.
                 </para>
             </glossdef>
         </glossentry>
@@ -6210,6 +6303,58 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
             </glossdef>
         </glossentry>
 
+        <glossentry id='var-KBUILD_DEFCONFIG'><glossterm>KBUILD_DEFCONFIG</glossterm>
+            <info>
+                KBUILD_DEFCONFIG[doc] = "Specifies an "in-tree" kernel configuration file for use during a kernel build."
+            </info>
+            <glossdef>
+                <para role="glossdeffirst">
+<!--                <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
+                    When used with the
+                    <link linkend='ref-classes-kernel-yocto'><filename>kernel-yocto</filename></link>
+                    class, specifies an "in-tree" kernel configuration file
+                    for use during a kernel build.
+                </para>
+
+                <para>
+                    Typically, when using a <filename>defconfig</filename> to
+                    configure a kernel during a build, you place the
+                    file in your layer in the same manner as you would
+                    patch files and configuration fragment files (i.e.
+                    "out-of-tree").
+                    However, if you want to use a <filename>defconfig</filename>
+                    file that is part of the kernel tree (i.e. "in-tree"),
+                    you can use the
+                    <filename>KBUILD_DEFCONFIG</filename> variable to point
+                    to the <filename>defconfig</filename> file.
+                </para>
+
+                <para>
+                    To use the variable, set it in the append file for your
+                    kernel recipe using the following form:
+                    <literallayout class='monospaced'>
+     KBUILD_DEFCONFIG_<link linkend='var-KMACHINE'>KMACHINE</link> ?= <replaceable>defconfig_file</replaceable>
+                    </literallayout>
+                    Here is an example from a "raspberrypi2"
+                    <filename>KMACHINE</filename> build that uses a
+                    <filename>defconfig</filename> file named
+                    "bcm2709_defconfig":
+                    <literallayout class='monospaced'>
+     KBUILD_DEFCONFIG_raspberrypi2 = "bcm2709_defconfig"
+                    </literallayout>
+                    As an alternative, you can use the following within your
+                    append file:
+                    <literallayout class='monospaced'>
+     KBUILD_DEFCONFIG_pn-linux-yocto ?= <replaceable>defconfig_file</replaceable>
+                    </literallayout>
+                    For more information on how to use the
+                    <filename>KBUILD_DEFCONFIG</filename> variable, see the
+                    "<ulink url='&YOCTO_DOCS_KERNEL_DEV_URL;#using-an-in-tree-defconfig-file'>Using an "In-Tree" <filename>defconfig</filename> File</ulink>"
+                    section.
+                </para>
+            </glossdef>
+        </glossentry>
+
         <glossentry id='var-KERNEL_EXTRA_ARGS'><glossterm>KERNEL_EXTRA_ARGS</glossterm>
             <info>
                 KERNEL_EXTRA_ARGS[doc] = "Specifies additional make command-line arguments the OpenEmbedded build system passes on when compiling the kernel."
@@ -8468,7 +8613,7 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
 
         <glossentry id='var-PARALLEL_MAKE'><glossterm>PARALLEL_MAKE</glossterm>
             <info>
-                PARALLEL_MAKE[doc] = "Specifies extra options that are passed to the make command during the compile tasks. This variable is usually in the form -j 4, where the number represents the maximum number of parallel threads make can run."
+                PARALLEL_MAKE[doc] = "Specifies extra options that are passed to the make command during the compile tasks. This variable is usually in the form -j x, where x represents the maximum number of parallel threads make can run."
             </info>
             <glossdef>
                 <para role="glossdeffirst">
@@ -8478,20 +8623,39 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
                     <link linkend='ref-tasks-compile'><filename>do_compile</filename></link>
                     task in order to specify parallel compilation on the local
                     build host.
-                    This variable is usually in the form "-j &lt;x&gt;",
-                    where x represents the maximum number of parallel threads
-                    <filename>make</filename> can run.
+                    This variable is usually in the form "-j <replaceable>x</replaceable>",
+                    where <replaceable>x</replaceable> represents the maximum
+                    number of parallel threads <filename>make</filename> can
+                    run.
                 </para>
 
                 <para>
-                    The OpenEmbedded build system automatically sets this
-                    variable to be equal to the number of cores the build
-                    system uses.
+                    By default, the OpenEmbedded build system automatically
+                    sets this variable to be equal to the number of cores the
+                    build system uses.
                     <note>
-                        Individual recipes might clear out this variable if
-                        the software being built has problems running its
-                        <filename>make</filename> process in parallel.
+                        If the software being built experiences dependency
+                        issues during the <filename>do_compile</filename>
+                        task that result in race conditions, you can clear
+                        the <filename>PARALLEL_MAKE</filename> variable within
+                        the recipe as a workaround.
+                        For information on addressing race conditions, see the
+                        "<ulink url='&YOCTO_DOCS_DEV_URL;#debugging-parallel-make-races'>Debugging Parallel Make Races</ulink>"
+                        section in the Yocto Project Development Manual.
                     </note>
+                    For single socket systems (i.e. one CPU), you should not
+                    have to override this variable to gain optimal parallelism
+                    during builds.
+                    However, if you have very large systems that employ
+                    multiple physical CPUs, you might want to make sure the
+                    <filename>PARALLEL_MAKE</filename> variable is not
+                    set higher than "-j 20".
+                </para>
+
+                <para>
+                    For more information on speeding up builds, see the
+                    "<link linkend='speeding-up-the-build'>Speeding Up the Build</link>"
+                    section.
                 </para>
             </glossdef>
         </glossentry>
@@ -8510,9 +8674,15 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
                     This variable defaults to the value of
                     <link linkend='var-PARALLEL_MAKE'><filename>PARALLEL_MAKE</filename></link>.
                     <note>
-                        Individual recipes might clear out this variable if
-                        the software being built has problems running its
-                        <filename>make install</filename> process in parallel.
+                        If the software being built experiences dependency
+                        issues during the
+                        <filename>do_install</filename> task that result in
+                        race conditions, you can clear the
+                        <filename>PARALLEL_MAKEINST</filename> variable within
+                        the recipe as a workaround.
+                        For information on addressing race conditions, see the
+                        "<ulink url='&YOCTO_DOCS_DEV_URL;#debugging-parallel-make-races'>Debugging Parallel Make Races</ulink>"
+                        section in the Yocto Project Development Manual.
                     </note>
                 </para>
             </glossdef>
@@ -8883,6 +9053,64 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
             </glossdef>
         </glossentry>
 
+        <glossentry id='var-POPULATE_SDK_POST_HOST_COMMAND'><glossterm>POPULATE_SDK_POST_HOST_COMMAND</glossterm>
+            <info>
+                POPULATE_SDK_POST_HOST_COMMAND[doc] = "Specifies a list of functions to call once the OpenEmbedded build system has created host part of the SDK."
+            </info>
+            <glossdef>
+                <para role="glossdeffirst">
+<!--                <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
+                    Specifies a list of functions to call once the
+                    OpenEmbedded build system has created the host part of
+                    the SDK.
+                    You can specify functions separated by semicolons:
+                    <literallayout class='monospaced'>
+     POPULATE_SDK_POST_HOST_COMMAND += "<replaceable>function</replaceable>; ... "
+                    </literallayout>
+                </para>
+
+                <para>
+                    If you need to pass the SDK path to a command
+                    within a function, you can use
+                    <filename>${SDK_DIR}</filename>, which points to
+                    the parent directory used by the OpenEmbedded build
+                    system when creating SDK output.
+                    See the
+                    <link linkend='var-SDK_DIR'><filename>SDK_DIR</filename></link>
+                    variable for more information.
+                </para>
+            </glossdef>
+        </glossentry>
+
+        <glossentry id='var-POPULATE_SDK_POST_TARGET_COMMAND'><glossterm>POPULATE_SDK_POST_TARGET_COMMAND</glossterm>
+            <info>
+                POPULATE_SDK_POST_TARGET_COMMAND[doc] = "Specifies a list of functions to call once the OpenEmbedded build system has created target part of the SDK."
+            </info>
+            <glossdef>
+                <para role="glossdeffirst">
+<!--                <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
+                    Specifies a list of functions to call once the
+                    OpenEmbedded build system has created the target part of
+                    the SDK.
+                    You can specify functions separated by semicolons:
+                    <literallayout class='monospaced'>
+     POPULATE_SDK_POST_TARGET_COMMAND += "<replaceable>function</replaceable>; ... "
+                    </literallayout>
+                </para>
+
+                <para>
+                    If you need to pass the SDK path to a command
+                    within a function, you can use
+                    <filename>${SDK_DIR}</filename>, which points to
+                    the parent directory used by the OpenEmbedded build
+                    system when creating SDK output.
+                    See the
+                    <link linkend='var-SDK_DIR'><filename>SDK_DIR</filename></link>
+                    variable for more information.
+                </para>
+            </glossdef>
+        </glossentry>
+
         <glossentry id='var-PR'><glossterm>PR</glossterm>
             <info>
                 PR[doc] = "The revision of the recipe. The default value for this variable is 'r0'."
@@ -8995,55 +9223,6 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
             </glossdef>
         </glossentry>
 
-        <glossentry id='var-PRINC'><glossterm>PRINC</glossterm>
-            <info>
-                PRINC[doc] = "Causes the PR variable of .bbappend files to dynamically increment. This increment minimizes the impact of layer ordering. This variable defaults to '0'."
-            </info>
-            <glossdef>
-                <para role="glossdeffirst">
-<!--                <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
-                    The <filename>PRINC</filename> variable has been deprecated
-                    and triggers a warning if detected during a build.
-                    For
-                    <link linkend='var-PR'><filename>PR</filename></link>
-                    increments on changes, use the PR service instead.
-                    You can find out more about this service in the
-                    "<ulink url='&YOCTO_DOCS_DEV_URL;#working-with-a-pr-service'>Working With a PR Service</ulink>"
-                    section in the Yocto Project Development Manual.
-                </para>
-<!--
-
-                <para>
-                    Causes the
-                    <link linkend='var-PR'><filename>PR</filename></link>
-                    variable of <filename>.bbappend</filename> files to
-                    dynamically increment.
-                    This increment minimizes the impact of layer ordering.
-                </para>
-
-                <para>
-                    In order to ensure multiple <filename>.bbappend</filename>
-                    files can co-exist,
-                    <filename>PRINC</filename> should be self-referencing.
-                    This variable defaults to 0.
-                </para>
-
-                <para>
-                    Following is an example that increments
-                    <filename>PR</filename> by two:
-                    <literallayout class='monospaced'>
-     PRINC := "${@int(PRINC) + 2}"
-                    </literallayout>
-                    It is advisable not to use strings such as ".= '.1'" with the variable because
-                    this usage is very sensitive to layer ordering.
-                    You should avoid explicit assignments as they cannot
-                    adequately represent multiple
-                    <filename>.bbappend</filename> files.
-                </para>
--->
-            </glossdef>
-        </glossentry>
-
         <glossentry id='var-PRIORITY'><glossterm>PRIORITY</glossterm>
             <info>
                 PRIORITY[doc] = "Indicates the importance of a package.  The default value is 'optional'.  Other standard values are 'required', 'standard' and 'extra'."
@@ -9626,26 +9805,113 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
             </glossdef>
         </glossentry>
 
-        <glossentry id='var-ROOTFS_POSTPROCESS_COMMAND'><glossterm>ROOTFS_POSTPROCESS_COMMAND</glossterm>
+        <glossentry id='var-ROOTFS_POSTINSTALL_COMMAND'><glossterm>ROOTFS_POSTINSTALL_COMMAND</glossterm>
             <info>
-                ROOTFS_POSTPROCESS_COMMAND[doc] = "Added by classes to run post processing commands once the OpenEmbedded build system has created the root filesystem."
+                ROOTFS_POSTINSTALL_COMMAND[doc] = "Specifies a list of functions to call after installing packages."
             </info>
             <glossdef>
                 <para role="glossdeffirst">
 <!--                <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
-                    Added by classes to run post processing commands once the
-                    OpenEmbedded build system has created the root filesystem.
-                    You can specify shell commands separated by semicolons:
+                    Specifies a list of functions to call after the
+                    OpenEmbedded build system has installed packages.
+                    You can specify functions separated by semicolons:
                     <literallayout class='monospaced'>
-     ROOTFS_POSTPROCESS_COMMAND += "<replaceable>shell_command</replaceable>; ... "
+     ROOTFS_POSTINSTALL_COMMAND += "<replaceable>function</replaceable>; ... "
                     </literallayout>
                 </para>
 
                 <para>
-                    If you need to pass the path to the root filesystem within
-                    the command, you can use
+                    If you need to pass the root filesystem path to a command
+                    within a function, you can use
                     <filename>${IMAGE_ROOTFS}</filename>, which points to
-                    the root filesystem image.
+                    the directory that becomes the root filesystem image.
+                    See the
+                    <link linkend='var-IMAGE_ROOTFS'><filename>IMAGE_ROOTFS</filename></link>
+                    variable for more information.
+                </para>
+            </glossdef>
+        </glossentry>
+
+        <glossentry id='var-ROOTFS_POSTPROCESS_COMMAND'><glossterm>ROOTFS_POSTPROCESS_COMMAND</glossterm>
+            <info>
+                ROOTFS_POSTPROCESS_COMMAND[doc] = "Specifies a list of functions to call once the OpenEmbedded build system has created the root filesystem."
+            </info>
+            <glossdef>
+                <para role="glossdeffirst">
+<!--                <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
+                    Specifies a list of functions to call once the
+                    OpenEmbedded build system has created the root filesystem.
+                    You can specify functions separated by semicolons:
+                    <literallayout class='monospaced'>
+     ROOTFS_POSTPROCESS_COMMAND += "<replaceable>function</replaceable>; ... "
+                    </literallayout>
+                </para>
+
+                <para>
+                    If you need to pass the root filesystem path to a command
+                    within a function, you can use
+                    <filename>${IMAGE_ROOTFS}</filename>, which points to
+                    the directory that becomes the root filesystem image.
+                    See the
+                    <link linkend='var-IMAGE_ROOTFS'><filename>IMAGE_ROOTFS</filename></link>
+                    variable for more information.
+                </para>
+            </glossdef>
+        </glossentry>
+
+        <glossentry id='var-ROOTFS_POSTUNINSTALL_COMMAND'><glossterm>ROOTFS_POSTUNINSTALL_COMMAND</glossterm>
+            <info>
+                ROOTFS_POSTUNINSTALL_COMMAND[doc] = "Specifies a list of functions to call after removal of unneeded packages."
+            </info>
+            <glossdef>
+                <para role="glossdeffirst">
+<!--                <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
+                    Specifies a list of functions to call after the
+                    OpenEmbedded build system has removed unnecessary
+                    packages.
+                    When runtime package management is disabled in the
+                    image, several packages are removed including
+                    <filename>base-passwd</filename>,
+                    <filename>shadow</filename>, and
+                    <filename>update-alternatives</filename>.
+                    You can specify functions separated by semicolons:
+                    <literallayout class='monospaced'>
+     ROOTFS_POSTUNINSTALL_COMMAND += "<replaceable>function</replaceable>; ... "
+                    </literallayout>
+                </para>
+
+                <para>
+                    If you need to pass the root filesystem path to a command
+                    within a function, you can use
+                    <filename>${IMAGE_ROOTFS}</filename>, which points to
+                    the directory that becomes the root filesystem image.
+                    See the
+                    <link linkend='var-IMAGE_ROOTFS'><filename>IMAGE_ROOTFS</filename></link>
+                    variable for more information.
+                </para>
+            </glossdef>
+        </glossentry>
+
+        <glossentry id='var-ROOTFS_PREPROCESS_COMMAND'><glossterm>ROOTFS_PREPROCESS_COMMAND</glossterm>
+            <info>
+                ROOTFS_PREPROCESS_COMMAND[doc] = "Specifies a list of functions to call before the OpenEmbedded build system has created the root filesystem."
+            </info>
+            <glossdef>
+                <para role="glossdeffirst">
+<!--                <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
+                    Specifies a list of functions to call before the
+                    OpenEmbedded build system has created the root filesystem.
+                    You can specify functions separated by semicolons:
+                    <literallayout class='monospaced'>
+     ROOTFS_PREPROCESS_COMMAND += "<replaceable>function</replaceable>; ... "
+                    </literallayout>
+                </para>
+
+                <para>
+                    If you need to pass the root filesystem path to a command
+                    within a function, you can use
+                    <filename>${IMAGE_ROOTFS}</filename>, which points to
+                    the directory that becomes the root filesystem image.
                     See the
                     <link linkend='var-IMAGE_ROOTFS'><filename>IMAGE_ROOTFS</filename></link>
                     variable for more information.
@@ -9999,6 +10265,39 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
             </glossdef>
         </glossentry>
 
+        <glossentry id='var-SDK_HOST_MANIFEST'><glossterm>SDK_HOST_MANIFEST</glossterm>
+            <info>
+                SDK_HOST_MANIFEST[doc] = "The manifest file for the host part of the SDK. This file lists all the installed packages that make up the host part of the SDK."
+            </info>
+            <glossdef>
+                <para role="glossdeffirst">
+<!--                <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
+                    The manifest file for the host part of the SDK.
+                    This file lists all the installed packages that make up
+                    the host part of SDK.
+                    The file contains package information on a line-per-package
+                    basis as follows:
+                    <literallayout class='monospaced'>
+     <replaceable>packagename</replaceable> <replaceable>packagearch</replaceable> <replaceable>version</replaceable>
+                    </literallayout>
+                </para>
+
+                <para>
+                    The
+                    <link linkend='ref-classes-populate-sdk-*'><filename>populate_sdk_base</filename></link>
+                    class defines the manifest file as follows:
+                    <literallayout class='monospaced'>
+     SDK_HOST_MANIFEST = "${SDK_DEPLOY}/${TOOLCHAIN_OUTPUTNAME}.host.manifest"
+                    </literallayout>
+                    The location is derived using the
+                    <link linkend='var-SDK_DEPLOY'><filename>SDK_DEPLOY</filename></link>
+                    and
+                    <link linkend='var-TOOLCHAIN_OUTPUTNAME'><filename>TOOLCHAIN_OUTPUTNAME</filename></link>
+                    variables.
+                </para>
+            </glossdef>
+        </glossentry>
+
         <glossentry id='var-SDK_NAME'><glossterm>SDK_NAME</glossterm>
             <info>
                 SDK_NAME[doc] = "The base name for SDK output files."
@@ -10084,6 +10383,34 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
             </glossdef>
         </glossentry>
 
+        <glossentry id='var-SDK_POSTPROCESS_COMMAND'><glossterm>SDK_POSTPROCESS_COMMAND</glossterm>
+            <info>
+                SDK_POSTPROCESS_COMMAND[doc] = "Specifies a list of functions to call once the OpenEmbedded build system has created the SDK."
+            </info>
+            <glossdef>
+                <para role="glossdeffirst">
+<!--                <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
+                    Specifies a list of functions to call once the
+                    OpenEmbedded build system has created the SDK.
+                    You can specify functions separated by semicolons:
+                    <literallayout class='monospaced'>
+     SDK_POSTPROCESS_COMMAND += "<replaceable>function</replaceable>; ... "
+                    </literallayout>
+                </para>
+
+                <para>
+                    If you need to pass an SDK path to a command within a
+                    function, you can use
+                    <filename>${SDK_DIR}</filename>, which points to
+                    the parent directory used by the OpenEmbedded build system
+                    when creating SDK output.
+                    See the
+                    <link linkend='var-SDK_DIR'><filename>SDK_DIR</filename></link>
+                    variable for more information.
+                </para>
+            </glossdef>
+        </glossentry>
+
         <glossentry id='var-SDK_PREFIX'><glossterm>SDK_PREFIX</glossterm>
             <info>
                 SDK_PREFIX[doc] = "The toolchain binary prefix used for nativesdk recipes."
@@ -10125,6 +10452,39 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
             </glossdef>
         </glossentry>
 
+        <glossentry id='var-SDK_TARGET_MANIFEST'><glossterm>SDK_TARGET_MANIFEST</glossterm>
+            <info>
+                SDK_TARGET_MANIFEST[doc] = "The manifest file for the target part of the SDK. This file lists all the installed packages that make up the target part of the SDK."
+            </info>
+            <glossdef>
+                <para role="glossdeffirst">
+<!--                <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
+                    The manifest file for the target part of the SDK.
+                    This file lists all the installed packages that make up
+                    the target part of the SDK.
+                    The file contains package information on a line-per-package
+                    basis as follows:
+                    <literallayout class='monospaced'>
+     <replaceable>packagename</replaceable> <replaceable>packagearch</replaceable> <replaceable>version</replaceable>
+                    </literallayout>
+                </para>
+
+                <para>
+                    The
+                    <link linkend='ref-classes-populate-sdk-*'><filename>populate_sdk_base</filename></link>
+                    class defines the manifest file as follows:
+                    <literallayout class='monospaced'>
+     SDK_TARGET_MANIFEST = "${SDK_DEPLOY}/${TOOLCHAIN_OUTPUTNAME}.target.manifest"
+                    </literallayout>
+                    The location is derived using the
+                    <link linkend='var-SDK_DEPLOY'><filename>SDK_DEPLOY</filename></link>
+                    and
+                    <link linkend='var-TOOLCHAIN_OUTPUTNAME'><filename>TOOLCHAIN_OUTPUTNAME</filename></link>
+                    variables.
+                </para>
+            </glossdef>
+        </glossentry>
+
         <glossentry id='var-SDK_VENDOR'><glossterm>SDK_VENDOR</glossterm>
             <info>
                 SDK_VENDOR[doc] = "Specifies the name of the SDK vendor."
@@ -10137,6 +10497,32 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
             </glossdef>
         </glossentry>
 
+        <glossentry id='var-SDK_VERSION'><glossterm>SDK_VERSION</glossterm>
+            <info>
+                SDK_VERSION[doc] = "Specifies the version for the SDK."
+            </info>
+            <glossdef>
+                <para role="glossdeffirst">
+<!--                <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
+                    Specifies the version of the SDK.
+                    The distribution configuration file (e.g.
+                    <filename>/meta-yocto/conf/distro/poky.conf</filename>)
+                    defines the <filename>SDK_VERSION</filename> as follows:
+                    <literallayout class='monospaced'>
+     SDK_VERSION := "${@'${DISTRO_VERSION}'.replace('snapshot-${DATE}','snapshot')}"
+                    </literallayout>
+                </para>
+
+                <para>
+                    For additional information, see the
+                    <link linkend='var-DISTRO_VERSION'><filename>DISTRO_VERSION</filename></link>
+                    and
+                    <link linkend='var-DATE'><filename>DATE</filename></link>
+                    variables.
+                </para>
+            </glossdef>
+        </glossentry>
+
         <glossentry id='var-SDKIMAGE_FEATURES'><glossterm>SDKIMAGE_FEATURES</glossterm>
             <info>
                 SDKIMAGE_FEATURES[doc] = "Equivalent to IMAGE_FEATURES. However, this variable applies to the SDK generated from an image using the command 'bitbake -c populate_sdk imagename'."
@@ -12529,6 +12915,32 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
             </glossdef>
         </glossentry>
 
+        <glossentry id='var-TOOLCHAIN_OUTPUTNAME'><glossterm>TOOLCHAIN_OUTPUTNAME</glossterm>
+            <info>
+                TOOLCHAIN_OUTPUTNAME[doc] = "Defines the name used for the toolchain output."
+            </info>
+            <glossdef>
+                <para role="glossdeffirst">
+<!--                <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
+                    This variable defines the name used for the toolchain
+                    output.
+                    The
+                    <link linkend='ref-classes-populate-sdk-*'><filename>populate_sdk_base</filename></link>
+                    class sets the
+                    <filename>TOOLCHAIN_OUTPUTNAME</filename> variable as
+                    follows:
+                    <literallayout class='monospaced'>
+     TOOLCHAIN_OUTPUTNAME ?= "${SDK_NAME}-toolchain-${SDK_VERSION}"
+                    </literallayout>
+                    See the
+                    <link linkend='var-SDK_NAME'><filename>SDK_NAME</filename></link>
+                    and
+                    <link linkend='var-SDK_VERSION'><filename>SDK_VERSION</filename></link>
+                    variables for additional information.
+                </para>
+            </glossdef>
+        </glossentry>
+
         <glossentry id='var-TOOLCHAIN_TARGET_TASK'><glossterm>TOOLCHAIN_TARGET_TASK</glossterm>
             <info>
                 TOOLCHAIN_TARGET_TASK[doc] = "This variable lists packages the OpenEmbedded build system uses when it creates the target part of an SDK, which includes libraries and headers."
@@ -13114,6 +13526,42 @@ recipes-graphics/xorg-font/font-alias_1.0.3.bb:PR = "${INC_PR}.3"
             </glossdef>
         </glossentry>
 
+        <glossentry id='var-UNKNOWN_CONFIGURE_WHITELIST'><glossterm>UNKNOWN_CONFIGURE_WHITELIST</glossterm>
+            <info>
+               UNKNOWN_CONFIGURE_WHITELIST[doc] = "Specifies a list of options that, if reported by the configure script as being invalid, should not generate a warning during the do_configure task."
+            </info>
+            <glossdef>
+                <para role="glossdeffirst">
+<!--                <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
+                    Specifies a list of options that, if reported by the
+                    configure script as being invalid, should not generate a
+                    warning during the
+                    <link linkend='ref-tasks-configure'><filename>do_configure</filename></link>
+                    task.
+                    Normally, invalid configure options are simply not passed
+                    to the configure script (e.g. should be removed from
+                    <link linkend='var-EXTRA_OECONF'><filename>EXTRA_OECONF</filename></link>).
+                    However, common options, for example, exist that are passed
+                    to all configure scripts at a class level that might not
+                    be valid for some configure scripts.
+                    It follows that no benefit exists in seeing a warning about
+                    these options.
+                    For these cases, the options are added to
+                    <filename>UNKNOWN_CONFIGURE_WHITELIST</filename>.
+                </para>
+
+                <para>
+                    The configure arguments check that uses
+                    <filename>UNKNOWN_CONFIGURE_WHITELIST</filename> is part
+                    of the
+                    <link linkend='ref-classes-insane'><filename>insane</filename></link>
+                    class and is only enabled if the recipe inherits the
+                    <link linkend='ref-classes-autotools'><filename>autotools</filename></link>
+                    class.
+                </para>
+            </glossdef>
+        </glossentry>
+
         <glossentry id='var-UPDATERCPN'><glossterm>UPDATERCPN</glossterm>
             <info>
                UPDATERCPN[doc] = "Specifies the package that contains the initscript that is to be enabled."

documentation/ref-manual/usingpoky.xml

@@ -914,42 +914,51 @@
 
     <para>
         Build time can be an issue.
-        By default, the build system uses three simple controls to try and
-        maximize build efficiency:
+        By default, the build system uses simple controls to try and maximize
+        build efficiency.
+        In general, the default settings for all the following variables
+        result in the most efficient build times when dealing with single
+        socket systems (i.e. a single CPU).
+        If you have multiple CPUs, you might try increasing the default
+        values to gain more speed.
+        See the descriptions in the glossary for each variable for more
+        information:
         <itemizedlist>
             <listitem><para>
-                <link linkend='var-BB_NUMBER_THREADS'><filename>BB_NUMBER_THREADS</filename></link>
+                <link linkend='var-BB_NUMBER_THREADS'><filename>BB_NUMBER_THREADS</filename>:</link>
+                The maximum number of threads BitBake simultaneously executes.
                 </para></listitem>
             <listitem><para>
-                <ulink url='&YOCTO_DOCS_BB_URL;#var-BB_NUMBER_PARSE_THREADS'><filename>BB_NUMBER_PARSE_THREADS</filename></ulink>
+                <ulink url='&YOCTO_DOCS_BB_URL;#var-BB_NUMBER_PARSE_THREADS'><filename>BB_NUMBER_PARSE_THREADS</filename>:</ulink>
+                The number of threads BitBake uses during parsing.
                 </para></listitem>
             <listitem><para>
-                <link linkend='var-PARALLEL_MAKE'><filename>PARALLEL_MAKE</filename></link>
+                <link linkend='var-PARALLEL_MAKE'><filename>PARALLEL_MAKE</filename>:</link>
+                Extra options passed to the <filename>make</filename> command
+                during the
+                <link linkend='ref-tasks-compile'><filename>do_compile</filename></link>
+                task in order to specify parallel compilation on the
+                local build host.
+                </para></listitem>
+            <listitem><para>
+                <link linkend='var-PARALLEL_MAKEINST'><filename>PARALLEL_MAKEINST</filename>:</link>
+                Extra options passed to the <filename>make</filename> command
+                during the
+                <link linkend='ref-tasks-install'><filename>do_install</filename></link>
+                task in order to specify parallel installation on the
+                local build host.
                 </para></listitem>
         </itemizedlist>
-        These three variables all scale to the number of processor cores
-        available on the build system.
-        This auto-scaling ensures that the build system fundamentally takes
-        advantage of potential parallel operations during the build
-        based on the build machine's capabilities.
+        As mentioned, these variables all scale to the number of processor
+        cores available on the build system.
+        For single socket systems, this auto-scaling ensures that the build
+        system fundamentally takes advantage of potential parallel operations
+        during the build based on the build machine's capabilities.
     </para>
 
     <para>
-        If you need to achieve even faster builds than what the build system
-        produces by default, you can consider and implement some of the
-        following:
+        Following are additional factors that can affect build speed:
         <itemizedlist>
-            <listitem><para>
-                <filename>BB_NUMBER_THREADS</filename>,
-                <filename>BB_NUMBER_PARSE_THREADS</filename>, and
-                <filename>PARALLEL_MAKE</filename>:
-                As previously mentioned, the build system scales the values
-                for these variables so you should probably not override
-                these to try to speed up a build.
-                However, for completeness regarding this list, it is worth
-                mentioning that you can manually override these variables
-                by setting them in your <filename>local.conf</filename> file.
-                </para></listitem>
             <listitem><para>
                 File system type:
                 The file system type that the build is being performed on can
@@ -981,7 +990,9 @@
                 helps.
                 </para></listitem>
             <listitem><para>
-                Using <filename>/tmp</filename> as a temporary file system:
+                Using <filename>tmpfs</filename> for
+                <link linkend='var-TMPDIR'><filename>TMPDIR</filename></link>
+                as a temporary file system:
                 While this can help speed up the build, the benefits are
                 limited due to the compiler using
                 <filename>-pipe</filename>.
@@ -1013,6 +1024,11 @@
         Aside from the previous list, you should keep some trade offs in
         mind that can help you speed up the build:
         <itemizedlist>
+            <listitem><para>
+                Remove items from
+                <link linkend='var-DISTRO_FEATURES'><filename>DISTRO_FEATURES</filename></link>
+                that you might not need.
+                </para></listitem>
             <listitem><para>
                 Exclude debug symbols and other debug information:
                 If you do not need these symbols and other debug information,

documentation/toaster-manual/toaster-manual-customization.xsl

@@ -1,8 +1,15 @@
 <?xml version='1.0'?>
 <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://www.w3.org/1999/xhtml" xmlns:fo="http://www.w3.org/1999/XSL/Format" version="1.0">
 
+  <xsl:import href="http://downloads.yoctoproject.org/mirror/docbook-mirror/docbook-xsl-1.76.1/xhtml/docbook.xsl" />
+
+<!--
+
+  <xsl:import href="../template/1.76.1/docbook-xsl-1.76.1/xhtml/docbook.xsl" />
+
   <xsl:import href="http://docbook.sourceforge.net/release/xsl/1.76.1/xhtml/docbook.xsl" />
-<!--  <xsl:import href="../template/1.76.1/docbook-xsl-1.76.1/xhtml/docbook.xsl" /> -->
+
+-->
 
   <xsl:include href="../template/permalinks.xsl"/>
   <xsl:include href="../template/section.title.xsl"/>

documentation/toaster-manual/toaster-manual-reference.xml

@@ -133,6 +133,11 @@
                         browser by entering the URL of your Toaster instance and
                         adding "<filename>/admin</filename>" to the end of the
                         URL.
+                        As an example, if you are running Toaster locally, use
+                        the following URL:
+                        <literallayout class='monospaced'>
+     http://127.0.0.1:8000/admin
+                        </literallayout>
                     </para>
 
                     <para>
@@ -214,7 +219,7 @@
              "name": "Local Yocto Project",
              "sourcetype": "local",
              "apiurl": "../../",
-             "branches": ["HEAD", "master", "fido", "dizzy"],
+             "branches": ["HEAD", "fido", "dizzy"],
              "layers": [
                  {
                      "name": "openembedded-core",
@@ -241,13 +246,13 @@
              "name": "OpenEmbedded",
              "sourcetype": "layerindex",
              "apiurl": "http://layers.openembedded.org/layerindex/api/",
-             "branches": ["master", "fido", "dizzy"]
+             "branches": ["fido", "dizzy"]
          },
          {
              "name": "Imported layers",
              "sourcetype": "imported",
              "apiurl": "",
-             "branches": ["master", "fido", "dizzy", "HEAD"]
+             "branches": ["fido", "dizzy", "HEAD"]
 
          }
      ],
@@ -263,8 +268,7 @@
                         indicate which branches from your layer source you want
                         to make available through Toaster.
                         For example, the OpenEmbedded layer source makes
-                        available only its "master", "fido", and "dizzy"
-                        branches.
+                        available only its "fido" and "dizzy" branches.
                     </para>
 
                     <para>
@@ -382,14 +386,6 @@
                         or
                         <ulink url='http://git.openembedded.org/openembedded-core/commit/?h=fido'></ulink>.
                         </para></listitem>
-                    <listitem><para><emphasis>Yocto Project "Master" or OpenEmbedded "Master":</emphasis>
-                        This release causes your Toaster Projects to
-                        build against the head of the master branch, which is
-                        where active development takes place, at
-                        <ulink url='&YOCTO_GIT_URL;/cgit/cgit.cgi/poky/log/'></ulink>
-                        or
-                        <ulink url='http://git.openembedded.org/openembedded-core/log/'></ulink>.
-                        </para></listitem>
                     <listitem><para><emphasis>Local Yocto Project or Local OpenEmbedded:</emphasis>
                         This release causes your Toaster Projects to
                         build against the head of the <filename>poky</filename>
@@ -436,14 +432,14 @@
                         Git repository.
                         As an example, consider the following snippet from
                         a Toaster JSON configuration file.
-                        This BitBake version uses the master branch from the
+                        This BitBake version uses the fido branch from the
                         OpenEmbedded repository:
                         <literallayout class='monospaced'>
      "bitbake" : [
          {
-             "name": "master",
+             "name": "fido",
              "giturl": "git://git.openembedded.org/bitbake",
-             "branch": "master",
+             "branch": "1.26",
              "dirpath": ""
          }
      ]
@@ -484,7 +480,7 @@
                         The branch for the layer source
                         (<filename>branch</filename>) used with the release.
                         For example, for the OpenEmbedded layer source, the
-                        "master", "fido", and "dizzy" branches are available.
+                        "fido" and "dizzy" branches are available.
                         </para></listitem>
                     <listitem><para><emphasis>Default Layers:</emphasis>
                         The set of default layers
@@ -517,8 +513,8 @@
             <para>
                 To summarize what comprises a release, consider the following
                 example from a Toaster JSON file.
-                The configuration names the release "master" and uses the
-                "master" branch provided by the layer source of type
+                The configuration names the release "fido" and uses the
+                "fido" branch provided by the layer source of type
                 "layerindex", which is called "OpenEmbedded", and sets
                 the <filename>openembedded-core</filename> layer as the one
                 to be added by default to any projects created in Toaster.
@@ -527,13 +523,13 @@
                 <literallayout class='monospaced'>
      "releases": [
          {
-             "name": "master",
-             "description": "OpenEmbedded master",
-             "bitbake": "master",
-             "branch": "master",
+             "name": "fido",
+             "description": "OpenEmbedded fido",
+             "bitbake": "fido",
+             "branch": "fido",
              "defaultlayers": [ "openembedded-core" ],
              "layersourcepriority": { "Imported layers": 99, "Local OpenEmbedded" : 10, "OpenEmbedded" :  0 },
-             "helptext": "Toaster will run your builds using the OpenEmbedded master branch, where active development takes place. This is not a stable branch, so your builds might not work as expected."
+             "helptext": "Toaster will run your builds using the OpenEmbedded fido branch."
          }
      ]
                 </literallayout>
@@ -710,7 +706,7 @@
              "name": "Local Yocto Project",
              "sourcetype": "local",
              "apiurl": "../../",
-             "branches": ["HEAD", "master", "fido", "dizzy"],
+             "branches": ["HEAD", "fido", "dizzy"],
              "layers": [
                  {
                      "name": "openembedded-core",
@@ -737,13 +733,13 @@
              "name": "OpenEmbedded",
              "sourcetype": "layerindex",
              "apiurl": "http://layers.openembedded.org/layerindex/api/",
-             "branches": ["master", "fido", "dizzy"]
+             "branches": ["fido", "dizzy"]
          },
          {
              "name": "Imported layers",
              "sourcetype": "imported",
              "apiurl": "",
-             "branches": ["master", "fido", "dizzy", "HEAD"]
+             "branches": ["fido", "dizzy", "HEAD"]
 
          }
      ],
@@ -757,8 +753,8 @@
                 <para>
                     This area of the JSON file defines the version of
                     BitBake Toaster uses.
-                    As shipped, Toaster is configured to recognize four
-                    versions of BitBake: master, fido, dizzy, and HEAD.
+                    As shipped, Toaster is configured to recognize three
+                    versions of BitBake: fido, dizzy, and HEAD.
                     <note>
                         HEAD is a special option that builds whatever is
                         available on disk, without checking out any remote
@@ -770,12 +766,6 @@
                     Here is the default <filename>bitbake</filename> area:
                     <literallayout class='monospaced'>
      "bitbake" : [
-         {
-             "name": "master",
-             "giturl": "remote:origin",
-             "branch": "master",
-             "dirpath": "bitbake"
-         },
          {
              "name": "fido",
              "giturl": "remote:origin",
@@ -805,14 +795,14 @@
                 <para>
                     This area of the JSON file establishes a default
                     release used by Toaster.
-                    As shipped, Toaster uses the "master" release.
+                    As shipped, Toaster uses the "fido" release.
                 </para>
 
                 <para>
                     Here is the statement in the JSON file that establishes
                     the default release:
                     <literallayout class='monospaced'>
-     "defaultrelease": "master",
+     "defaultrelease": "fido",
                     </literallayout>
                 </para>
             </section>
@@ -833,15 +823,6 @@
                     Here is the default <filename>releases</filename> area:
                     <literallayout class='monospaced'>
      "releases": [
-         {
-             "name": "master",
-             "description": "Yocto Project master",
-             "bitbake": "master",
-             "branch": "master",
-             "defaultlayers": [ "openembedded-core", "meta-yocto", "meta-yocto-bsp"],
-             "layersourcepriority": { "Imported layers": 99, "Local Yocto Project" : 10, "OpenEmbedded" :  0 },
-             "helptext": "Toaster will run your builds using the tip of the &lt;a href=\"http://git.yoctoproject.org/cgit/cgit.cgi/poky/log/\"&gt;Yocto Project master branch&lt;/a&gt;, where active development takes place. This is not a stable branch, so your builds might not work as expected."
-         },
          {
              "name": "fido",
              "description": "Yocto Project 1.8 Fido",

documentation/toaster-manual/toaster-manual-setup-and-use.xml

@@ -506,7 +506,7 @@
      MANAGED="True"
                         </literallayout>
                         </para></listitem>
-                    <listitem><para><emphasis>Set Up Toaster for Normal Usage:</emphasis>
+<!--                    <listitem><para><emphasis>Set Up Toaster for Normal Usage:</emphasis>
                         You need to configure each build environment, layer
                         sources, and BitBake versions.</para>
                         <para>Verify that your releases have been loaded correctly by
@@ -539,9 +539,9 @@
 
      # Go to Home, Bitbake Versions, Add bitbake version;
      # Take version information from: http://git.openembedded.org/bitbake/refs/heads,
-     # This example assumes "master" version.
-     # set Name: master, Giturl git://git.openembedded.org/bitbake
-     # branch master, dirpath /
+     # This example assumes "fido" version.
+     # set Name: fido, Giturl git://git.openembedded.org/bitbake
+     # branch fido, dirpath /
      # Save your changes and exit
                         </literallayout>
                         You also need to configure the project releases, the
@@ -550,19 +550,19 @@
                         Continuing with the example:
                         <literallayout class='monospaced'>
      # Go to Home, Releases, Add release
-     # set Name: master, Description: Current master release, select Bitbake Version,
-     # and Branch: master
+     # set Name: fido, Description: Current fido release, select Bitbake Version,
+     # and Branch: fido
      # Save your changes and exit
 
      # Go to Home, Toaster Settings, select the Setting for DEFAULT_RELEASE
-     # set Helptext: This selects the default release., Value: master
+     # set Helptext: This selects the default release., Value: fido
      # Save your changes and exit
 
      # Go to Home, Bitbake Versions, Add bitbake version;
      # take version information from : http://git.openembedded.org/bitbake/refs/heads,
-     # this manual assumes the master version
-     # set Name: master, Giturl git://git.openembedded.org/bitbake
-     # branch master, dirpath /
+     # this manual assumes the fido version
+     # set Name: fido, Giturl git://git.openembedded.org/bitbake
+     # branch fido, dirpath /
      # Save your changes and exit
 
      # Update the information
@@ -573,6 +573,7 @@
                         "<link linkend='toaster-useful-commands'>Useful Commands</link>"
                         section.
                         </para></listitem>
+-->
                     <listitem><para><emphasis>Install and Set up the Database Server:</emphasis>
                         You can use any SQL server out of the box.
                         It is recommended that you use

documentation/toaster-manual/toaster-manual.xml

@@ -36,6 +36,16 @@
                 <date>April 2015</date>
                 <revremark>Released with the Yocto Project 1.8 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>1.8.1</revnumber>
+                <date>November 2015</date>
+                <revremark>Released with the Yocto Project 1.8.1 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>1.8.2</revnumber>
+                <date>March 2016</date>
+                <revremark>Released with the Yocto Project 1.8.2 Release.</revremark>
+            </revision>
        </revhistory>
 
     <copyright>

documentation/tools/mega-manual.sed

@@ -2,32 +2,32 @@
 # This style is for manual folders like "yocto-project-qs" and "poky-ref-manual".
 # This is the old way that did it.  Can't do that now that we have "bitbake-user-manual" strings
 # in the mega-manual.
-# s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8\/[a-z]*-[a-z]*-[a-z]*\/[a-z]*-[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8\/yocto-project-qs\/yocto-project-qs.html#/\"link\" href=\"#/g
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8\/poky-ref-manual\/poky-ref-manual.html#/\"link\" href=\"#/g
+# s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8.2\/[a-z]*-[a-z]*-[a-z]*\/[a-z]*-[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8.2\/yocto-project-qs\/yocto-project-qs.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8.2\/poky-ref-manual\/poky-ref-manual.html#/\"link\" href=\"#/g
 
 # Processes all other manuals (<word>-<word> style) except for the BitBake User Manual because
 # it is not included in the mega-manual.
 # This style is for manual folders that use two word, which is the standard now (e.g. "ref-manual").
 # This was the one-liner that worked before we introduced the BitBake User Manual, which is
 # not in the mega-manual.
-# s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8\/[a-z]*-[a-z]*\/[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
+# s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8.2\/[a-z]*-[a-z]*\/[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
 
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8\/adt-manual\/adt-manual.html#/\"link\" href=\"#/g
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8\/bsp-guide\/bsp-guide.html#/\"link\" href=\"#/g
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8\/dev-manual\/dev-manual.html#/\"link\" href=\"#/g
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8\/kernel-dev\/kernel-dev.html#/\"link\" href=\"#/g
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8\/profile-manual\/profile-manual.html#/\"link\" href=\"#/g
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8\/ref-manual\/ref-manual.html#/\"link\" href=\"#/g
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8\/toaster-manual\/toaster-manual.html#/\"link\" href=\"#/g
-s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8\/yocto-project-qs\/yocto-project-qs.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8.2\/adt-manual\/adt-manual.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8.2\/bsp-guide\/bsp-guide.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8.2\/dev-manual\/dev-manual.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8.2\/kernel-dev\/kernel-dev.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8.2\/profile-manual\/profile-manual.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8.2\/ref-manual\/ref-manual.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8.2\/toaster-manual\/toaster-manual.html#/\"link\" href=\"#/g
+s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8.2\/yocto-project-qs\/yocto-project-qs.html#/\"link\" href=\"#/g
 
 # Process cases where just an external manual is referenced without an id anchor
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8\/yocto-project-qs\/yocto-project-qs.html\" target=\"_top\">Yocto Project Quick Start<\/a>/Yocto Project Quick Start/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8\/dev-manual\/dev-manual.html\" target=\"_top\">Yocto Project Development Manual<\/a>/Yocto Project Development Manual/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8\/adt-manual\/adt-manual.html\" target=\"_top\">Yocto Project Application Developer's Guide<\/a>/Yocto Project Application Developer's Guide/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8\/bsp-guide\/bsp-guide.html\" target=\"_top\">Yocto Project Board Support Package (BSP) Developer's Guide<\/a>/Yocto Project Board Support Package (BSP) Developer's Guide/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8\/profile-manual\/profile-manual.html\" target=\"_top\">Yocto Project Profiling and Tracing Manual<\/a>/Yocto Project Profiling and Tracing Manual/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8\/kernel-dev\/kernel-dev.html\" target=\"_top\">Yocto Project Linux Kernel Development Manual<\/a>/Yocto Project Linux Kernel Development Manual/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8\/ref-manual\/ref-manual.html\" target=\"_top\">Yocto Project Reference Manual<\/a>/Yocto Project Reference Manual/g
-s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8\/toaster-manual\/toaster-manual.html\" target=\"_top\">Toaster User Manual<\/a>/Toaster User Manual/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8.2\/yocto-project-qs\/yocto-project-qs.html\" target=\"_top\">Yocto Project Quick Start<\/a>/Yocto Project Quick Start/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8.2\/dev-manual\/dev-manual.html\" target=\"_top\">Yocto Project Development Manual<\/a>/Yocto Project Development Manual/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8.2\/adt-manual\/adt-manual.html\" target=\"_top\">Yocto Project Application Developer's Guide<\/a>/Yocto Project Application Developer's Guide/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8.2\/bsp-guide\/bsp-guide.html\" target=\"_top\">Yocto Project Board Support Package (BSP) Developer's Guide<\/a>/Yocto Project Board Support Package (BSP) Developer's Guide/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8.2\/profile-manual\/profile-manual.html\" target=\"_top\">Yocto Project Profiling and Tracing Manual<\/a>/Yocto Project Profiling and Tracing Manual/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8.2\/kernel-dev\/kernel-dev.html\" target=\"_top\">Yocto Project Linux Kernel Development Manual<\/a>/Yocto Project Linux Kernel Development Manual/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8.2\/ref-manual\/ref-manual.html\" target=\"_top\">Yocto Project Reference Manual<\/a>/Yocto Project Reference Manual/g
+s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.8.2\/toaster-manual\/toaster-manual.html\" target=\"_top\">Toaster User Manual<\/a>/Toaster User Manual/g

documentation/yocto-project-qs/yocto-project-qs-customization.xsl

@@ -1,7 +1,16 @@
 <?xml version='1.0'?>
 <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://www.w3.org/1999/xhtml" xmlns:fo="http://www.w3.org/1999/XSL/Format" version="1.0">
 
+  <xsl:import href="http://downloads.yoctoproject.org/mirror/docbook-mirror/docbook-xsl-1.76.1/xhtml/docbook.xsl" />
+
+<!--
+
+  <xsl:import href="../template/1.76.1/docbook-xsl-1.76.1/xhtml/docbook.xsl" />
+
   <xsl:import href="http://docbook.sourceforge.net/release/xsl/1.76.1/xhtml/docbook.xsl" />
+
+-->
+
   <xsl:import href="yocto-project-qs-titlepage.xsl"/>
 
   <xsl:include href="../template/permalinks.xsl"/>

documentation/yocto-project-qs/yocto-project-qs-eclipse-customization.xsl

@@ -5,8 +5,17 @@
 	xmlns:fo="http://www.w3.org/1999/XSL/Format"
 	version="1.0">
 
+  <xsl:import href="http://downloads.yoctoproject.org/mirror/docbook-mirror/docbook-xsl-1.76.1/eclipse/eclipse3.xsl" />
+
+<!--
+
+  <xsl:import href="../template/1.76.1/docbook-xsl-1.76.1/eclipse/eclipse3.xsl" />
+
   <xsl:import
 	  href="http://docbook.sourceforge.net/release/xsl/1.76.1/eclipse/eclipse3.xsl" />
+
+-->
+
   <xsl:import href="yocto-project-qs-titlepage.xsl"/>
 
   <xsl:param name="chunker.output.indent" select="'yes'"/>

meta-yocto/conf/distro/poky.conf

@@ -1,6 +1,6 @@
 DISTRO = "poky"
 DISTRO_NAME = "Poky (Yocto Project Reference Distro)"
-DISTRO_VERSION = "1.8.1"
+DISTRO_VERSION = "1.8.2"
 DISTRO_CODENAME = "fido"
 SDK_VENDOR = "-pokysdk"
 SDK_VERSION := "${@'${DISTRO_VERSION}'.replace('snapshot-${DATE}','snapshot')}"

meta-yocto/conf/local.conf.sample

@@ -219,11 +219,12 @@ BB_DISKMON_DIRS = "\
 # Qemu configuration
 #
 # By default qemu will build with a builtin VNC server where graphical output can be
-# seen. The two lines below enable the SDL backend too. This assumes there is a
-# libsdl library available on your build system.
+# seen. The two lines below enable the SDL backend too. By default libsdl-native will
+# be built, if you want to use your host's libSDL instead of the minimal libsdl built
+# by libsdl-native then uncomment the ASSUME_PROVIDED line below.
 PACKAGECONFIG_append_pn-qemu-native = " sdl"
 PACKAGECONFIG_append_pn-nativesdk-qemu = " sdl"
-ASSUME_PROVIDED += "libsdl-native"
+#ASSUME_PROVIDED += "libsdl-native"
 
 
 # CONF_VERSION is increased each time build/conf/ changes incompatibly and is used to

meta-yocto/conf/toasterconf.json

@@ -12,7 +12,7 @@
             "name": "Local Yocto Project",
             "sourcetype": "local",
             "apiurl": "../../",
-            "branches": ["HEAD", "master", "fido", "dizzy"],
+            "branches": ["HEAD", "fido", "dizzy"],
             "layers": [
                 {
                     "name": "openembedded-core",
@@ -39,23 +39,17 @@
             "name": "OpenEmbedded",
             "sourcetype": "layerindex",
             "apiurl": "http://layers.openembedded.org/layerindex/api/",
-            "branches": ["master", "fido", "dizzy"]
+            "branches": ["fido", "dizzy"]
         },
         {
             "name": "Imported layers",
             "sourcetype": "imported",
             "apiurl": "",
-            "branches": ["master", "fido", "dizzy", "HEAD"]
+            "branches": ["fido", "dizzy", "HEAD"]
 
         }
     ],
     "bitbake" : [
-        {
-            "name": "master",
-            "giturl": "remote:origin",
-            "branch": "master",
-            "dirpath": "bitbake"
-        },
         {
             "name": "fido",
             "giturl": "remote:origin",
@@ -76,18 +70,9 @@
         }
     ],
 
-    "defaultrelease": "master",
+    "defaultrelease": "fido",
 
     "releases": [
-        {
-            "name": "master",
-            "description": "Yocto Project master",
-            "bitbake": "master",
-            "branch": "master",
-            "defaultlayers": [ "openembedded-core", "meta-yocto", "meta-yocto-bsp"],
-            "layersourcepriority": { "Imported layers": 99, "Local Yocto Project" : 10, "OpenEmbedded" :  0 },
-            "helptext": "Toaster will run your builds using the tip of the <a href=\"http://git.yoctoproject.org/cgit/cgit.cgi/poky/log/\">Yocto Project master branch</a>, where active development takes place. This is not a stable branch, so your builds might not work as expected."
-        },
         {
             "name": "fido",
             "description": "Yocto Project 1.8 Fido",

meta/classes/allarch.bbclass

@@ -27,6 +27,10 @@ python () {
         d.setVar("PACKAGE_EXTRA_ARCHS", "")
         d.setVar("SDK_ARCH", "none")
         d.setVar("SDK_CC_ARCH", "none")
+        d.setVar("TARGET_CPPFLAGS", "none")
+        d.setVar("TARGET_CFLAGS", "none")
+        d.setVar("TARGET_CXXFLAGS", "none")
+        d.setVar("TARGET_LDFLAGS", "none")
 
         # Avoid this being unnecessarily different due to nuances of
         # the target machine that aren't important for "all" arch

meta/classes/base.bbclass

@@ -351,7 +351,10 @@ python () {
                     newappends.append(a)
                 elif a.startswith("virtual/"):
                     subs = a.split("/", 1)[1]
-                    newappends.append("virtual/" + prefix + subs + extension)
+                    if subs.startswith(prefix):
+                        newappends.append(a + extension)
+                    else:
+                        newappends.append("virtual/" + prefix + subs + extension)
                 else:
                     if a.startswith(prefix):
                         newappends.append(a + extension)

meta/classes/fontcache.bbclass

@@ -9,12 +9,23 @@ inherit qemu
 FONT_PACKAGES ??= "${PN}"
 FONT_EXTRA_RDEPENDS ?= "fontconfig-utils"
 FONTCONFIG_CACHE_DIR ?= "${localstatedir}/cache/fontconfig"
+FONTCONFIG_CACHE_PARAMS ?= "-v"
+# You can change this to e.g. FC_DEBUG=16 to debug fc-cache issues,
+# something has to be set, because qemuwrapper is using this variable after -E
+# multiple variables aren't allowed because for qemu they are separated
+# by comma and in -n "$D" case they should be separated by space
+FONTCONFIG_CACHE_ENV ?= "FC_DEBUG=1"
 fontcache_common() {
-if [ "x$D" != "x" ] ; then
-	$INTERCEPT_DIR/postinst_intercept update_font_cache ${PKG} mlprefix=${MLPREFIX} bindir=${bindir} \
-		libdir=${libdir} base_libdir=${base_libdir} fontconfigcachedir=${FONTCONFIG_CACHE_DIR}
+if [ -n "$D" ] ; then
+	$INTERCEPT_DIR/postinst_intercept update_font_cache ${PKG} mlprefix=${MLPREFIX} \
+		'bindir="${bindir}"' \
+		'libdir="${libdir}"' \
+		'base_libdir="${base_libdir}"' \
+		'fontconfigcachedir="${FONTCONFIG_CACHE_DIR}"' \
+		'fontconfigcacheparams="${FONTCONFIG_CACHE_PARAMS}"' \
+		'fontconfigcacheenv="${FONTCONFIG_CACHE_ENV}"'
 else
-	fc-cache
+	${FONTCONFIG_CACHE_ENV} fc-cache ${FONTCONFIG_CACHE_PARAMS}
 fi
 }
 

meta/classes/kernel.bbclass

@@ -51,9 +51,13 @@ base_do_unpack_append () {
     if s != kernsrc:
         bb.utils.mkdirhier(kernsrc)
         bb.utils.remove(kernsrc, recurse=True)
-        import subprocess
-        subprocess.call(d.expand("mv ${S} ${STAGING_KERNEL_DIR}"), shell=True)
-        os.symlink(kernsrc, s)
+        if d.getVar("EXTERNALSRC", True):
+            # With EXTERNALSRC S will not be wiped so we can symlink to it
+            os.symlink(s, kernsrc)
+        else:
+            import shutil
+            shutil.move(s, kernsrc)
+            os.symlink(kernsrc, s)
 }
 
 inherit kernel-arch deploy

meta/classes/populate_sdk_base.bbclass

@@ -166,7 +166,7 @@ populate_sdk_log_check() {
 	done
 }
 
-do_populate_sdk[dirs] = "${TOPDIR}"
+do_populate_sdk[dirs] = "${PKGDATA_DIR} ${TOPDIR}"
 do_populate_sdk[depends] += "${@' '.join([x + ':do_populate_sysroot' for x in d.getVar('SDK_DEPENDS', True).split()])}  ${@d.getVarFlag('do_rootfs', 'depends', False)}"
 do_populate_sdk[rdepends] = "${@' '.join([x + ':do_populate_sysroot' for x in d.getVar('SDK_RDEPENDS', True).split()])}"
 do_populate_sdk[recrdeptask] += "do_packagedata do_package_write_rpm do_package_write_ipk do_package_write_deb"

meta/classes/testimage.bbclass

@@ -30,8 +30,10 @@ TEST_EXPORT_ONLY ?= "0"
 
 DEFAULT_TEST_SUITES = "ping auto"
 DEFAULT_TEST_SUITES_pn-core-image-minimal = "ping"
-DEFAULT_TEST_SUITES_pn-core-image-sato = "ping ssh df connman syslog xorg scp vnc date rpm smart dmesg python parselogs"
-DEFAULT_TEST_SUITES_pn-core-image-sato-sdk = "ping ssh df connman syslog xorg scp vnc date perl ldd gcc rpm smart kernelmodule dmesg python parselogs"
+DEFAULT_TEST_SUITES_pn-core-image-sato = "ping ssh df connman syslog xorg scp vnc date dmesg parselogs \
+    ${@bb.utils.contains('IMAGE_PKGTYPE', 'rpm', 'python smart rpm', '', d)}"
+DEFAULT_TEST_SUITES_pn-core-image-sato-sdk = "ping ssh df connman syslog xorg scp vnc date perl ldd gcc kernelmodule dmesg python parselogs \
+    ${@bb.utils.contains('IMAGE_PKGTYPE', 'rpm', 'smart rpm', '', d)}"
 DEFAULT_TEST_SUITES_pn-meta-toolchain = "auto"
 
 # aarch64 has no graphics

meta/conf/layer.conf

@@ -45,5 +45,16 @@ SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \
   gcc-cross-${TARGET_ARCH}->musl \
   gcc-cross-${TARGET_ARCH}->uclibc \
   gcc-cross-${TARGET_ARCH}->linux-libc-headers \
+  ppp-dialin->ppp \
+  resolvconf->bash \
+  docbook-xsl-stylesheets->perl \
+  initramfs-framework->busybox \
+  initramfs-framework->systemd \
+  initramfs-framework->udev \
+  liberation-fonts->fontconfig \
+  gnome-icon-theme->librsvg \
+  font-alias->font-util \
+  weston-init->weston \
+  weston-init->kbd \
 "
 

meta/conf/machine/include/arm/feature-arm-thumb.inc

@@ -33,7 +33,7 @@ TUNE_CCARGS .= "${@bb.utils.contains('TUNE_FEATURES', 'thumb', ' -m${ARM_M_OPT}'
 OVERRIDES .= "${@bb.utils.contains('TUNE_FEATURES', 'thumb', ':thumb', '', d)}"
 
 # Add suffix from ARM_THUMB_SUFFIX only if after all this we still set ARM_M_OPT to thumb
-ARMPKGSFX_THUMB .= "${@ d.getVar('ARM_THUMB_SUFFIX', True) if d.getVar('ARM_M_OPT', True) == 'thumb' else ''}"
+ARMPKGSFX_THUMB .= "${@bb.utils.contains('TUNE_FEATURES', 'thumb', '${ARM_THUMB_SUFFIX}', '', d) if d.getVar('ARM_M_OPT', True) == 'thumb' else ''}"
 
 # Whether to compile with code to allow interworking between the two
 # instruction sets. This allows thumb code to be executed on a primarily

meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch

@@ -0,0 +1,50 @@
+Upstream-Status: Accepted
+Signed-off-by: Awais Belal <awais_belal@mentor.com>
+
+From 451d80e52d851432e109771bb8febafca7a5f1f2 Mon Sep 17 00:00:00 2001
+From: Hector Marco-Gisbert <hecmargi@upv.es>
+Date: Wed, 16 Dec 2015 04:57:18 +0000
+Subject: Fix security issue when reading username and password
+
+This patch fixes two integer underflows at:
+  * grub-core/lib/crypto.c
+  * grub-core/normal/auth.c
+
+CVE-2015-8370
+
+Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es>
+Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es>
+Also-By: Andrey Borzenkov <arvidjaar@gmail.com>
+---
+Index: grub-2.00/grub-core/lib/crypto.c
+===================================================================
+--- grub-2.00.orig/grub-core/lib/crypto.c
++++ grub-2.00/grub-core/lib/crypto.c
+@@ -458,7 +458,8 @@ grub_password_get (char buf[], unsigned
+ 
+       if (key == '\b')
+ 	{
+-	  cur_len--;
++      if (cur_len)
++        cur_len--;
+ 	  continue;
+ 	}
+ 
+Index: grub-2.00/grub-core/normal/auth.c
+===================================================================
+--- grub-2.00.orig/grub-core/normal/auth.c
++++ grub-2.00/grub-core/normal/auth.c
+@@ -174,8 +174,11 @@ grub_username_get (char buf[], unsigned
+ 
+       if (key == '\b')
+ 	{
+-	  cur_len--;
+-	  grub_printf ("\b");
++      if (cur_len)
++       {
++	     cur_len--;
++	     grub_printf ("\b");
++        }
+ 	  continue;
+ 	}
+ 

meta/recipes-bsp/grub/grub2.inc

@@ -25,6 +25,7 @@ SRC_URI = "ftp://ftp.gnu.org/gnu/grub/grub-${PV}.tar.gz \
            file://grub-efi-allow-a-compilation-without-mcmodel-large.patch \
            file://grub-efi-fix-with-glibc-2.20.patch \
            file://0001-parse_dhcp_vendor-Add-missing-const-qualifiers.patch \
+           file://0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch \
             "
 
 DEPENDS = "flex-native bison-native xz"

meta/recipes-connectivity/bind/bind/CVE-2015-8000.patch

@@ -0,0 +1,194 @@
+responses with a malformed class attribute can trigger an
+assertion failure in db.c
+
+[security]
+Insufficient testing when parsing a message allowed records with
+an incorrect class to be be accepted, triggering a REQUIRE failure
+when those records were subsequently cached. (CVE-2015-8000) [RT#4098]
+
+Upstream-Status: Backport
+
+[The patch is taken from BIND 9.9.4:
+https://bugzilla.redhat.com/attachment.cgi?id=1105581]
+
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+diff --git a/lib/dns/include/dns/message.h b/lib/dns/include/dns/message.h
+index a6862fa..d999e75 100644
+--- a/lib/dns/include/dns/message.h
++++ b/lib/dns/include/dns/message.h
+@@ -210,6 +210,8 @@ struct dns_message {
+ 	unsigned int			verify_attempted : 1;
+ 	unsigned int			free_query : 1;
+ 	unsigned int			free_saved : 1;
++	unsigned int			tkey : 1;
++	unsigned int			rdclass_set : 1;
+ 
+ 	unsigned int			opt_reserved;
+ 	unsigned int			sig_reserved;
+@@ -1374,6 +1376,15 @@ dns_message_buildopt(dns_message_t *msg, dns_rdataset_t **opt,
+  * \li	 other.
+  */
+ 
++void
++dns_message_setclass(dns_message_t *msg, dns_rdataclass_t rdclass);
++/*%<
++ * Set the expected class of records in the response.
++ *
++ * Requires:
++ * \li   msg be a valid message with parsing intent.
++ */
++
+ ISC_LANG_ENDDECLS
+ 
+ #endif /* DNS_MESSAGE_H */
+diff --git a/lib/dns/message.c b/lib/dns/message.c
+index 53efc5a..73def73 100644
+--- a/lib/dns/message.c
++++ b/lib/dns/message.c
+@@ -436,6 +436,8 @@ msginit(dns_message_t *m) {
+ 	m->saved.base = NULL;
+ 	m->saved.length = 0;
+ 	m->free_saved = 0;
++	m->tkey = 0;
++	m->rdclass_set = 0;
+ 	m->querytsig = NULL;
+ }
+ 
+@@ -1086,13 +1088,19 @@ getquestions(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
+ 		 * If this class is different than the one we already read,
+ 		 * this is an error.
+ 		 */
+-		if (msg->state == DNS_SECTION_ANY) {
+-			msg->state = DNS_SECTION_QUESTION;
++		if (msg->rdclass_set == 0) {
+ 			msg->rdclass = rdclass;
++			msg->rdclass_set = 1;
+ 		} else if (msg->rdclass != rdclass)
+ 			DO_FORMERR;
+ 
+ 		/*
++		 * Is this a TKEY query?
++		 */
++		if (rdtype == dns_rdatatype_tkey)
++			msg->tkey = 1;
++
++		/*
+ 		 * Can't ask the same question twice.
+ 		 */
+ 		result = dns_message_find(name, rdclass, rdtype, 0, NULL);
+@@ -1236,12 +1244,12 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
+ 		 * If there was no question section, we may not yet have
+ 		 * established a class.  Do so now.
+ 		 */
+-		if (msg->state == DNS_SECTION_ANY &&
++		if (msg->rdclass_set == 0 &&
+ 		    rdtype != dns_rdatatype_opt &&	/* class is UDP SIZE */
+ 		    rdtype != dns_rdatatype_tsig &&	/* class is ANY */
+ 		    rdtype != dns_rdatatype_tkey) {	/* class is undefined */
+ 			msg->rdclass = rdclass;
+-			msg->state = DNS_SECTION_QUESTION;
++			msg->rdclass_set = 1;
+ 		}
+ 
+ 		/*
+@@ -1251,7 +1259,7 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
+ 		if (msg->opcode != dns_opcode_update
+ 		    && rdtype != dns_rdatatype_tsig
+ 		    && rdtype != dns_rdatatype_opt
+-		    && rdtype != dns_rdatatype_dnskey /* in a TKEY query */
++		    && rdtype != dns_rdatatype_key /* in a TKEY query */
+ 		    && rdtype != dns_rdatatype_sig /* SIG(0) */
+ 		    && rdtype != dns_rdatatype_tkey /* Win2000 TKEY */
+ 		    && msg->rdclass != dns_rdataclass_any
+@@ -1259,6 +1267,16 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
+ 			DO_FORMERR;
+ 
+ 		/*
++		 * If this is not a TKEY query/response then the KEY
++		 * record's class needs to match.
++		 */
++		if (msg->opcode != dns_opcode_update && !msg->tkey &&
++		    rdtype == dns_rdatatype_key &&
++		    msg->rdclass != dns_rdataclass_any &&
++		    msg->rdclass != rdclass)
++			DO_FORMERR;
++
++		/*
+ 		 * Special type handling for TSIG, OPT, and TKEY.
+ 		 */
+ 		if (rdtype == dns_rdatatype_tsig) {
+@@ -1372,6 +1390,10 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
+ 				skip_name_search = ISC_TRUE;
+ 				skip_type_search = ISC_TRUE;
+ 				issigzero = ISC_TRUE;
++			} else {
++				if (msg->rdclass != dns_rdataclass_any &&
++				    msg->rdclass != rdclass)
++					DO_FORMERR;
+ 			}
+ 		} else
+ 			covers = 0;
+@@ -1610,6 +1632,7 @@ dns_message_parse(dns_message_t *msg, isc_buffer_t *source,
+ 	msg->counts[DNS_SECTION_ADDITIONAL] = isc_buffer_getuint16(source);
+ 
+ 	msg->header_ok = 1;
++	msg->state = DNS_SECTION_QUESTION;
+ 
+ 	/*
+ 	 * -1 means no EDNS.
+@@ -3550,3 +3573,15 @@ dns_message_buildopt(dns_message_t *message, dns_rdataset_t **rdatasetp,
+ 		dns_message_puttemprdatalist(message, &rdatalist);
+ 	return (result);
+ }
++
++void
++dns_message_setclass(dns_message_t *msg, dns_rdataclass_t rdclass) {
++
++	REQUIRE(DNS_MESSAGE_VALID(msg));
++	REQUIRE(msg->from_to_wire == DNS_MESSAGE_INTENTPARSE);
++	REQUIRE(msg->state == DNS_SECTION_ANY);
++	REQUIRE(msg->rdclass_set == 0);
++
++	msg->rdclass = rdclass;
++	msg->rdclass_set = 1;
++}
+diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
+index aa23b11..d220986 100644
+--- a/lib/dns/resolver.c
++++ b/lib/dns/resolver.c
+@@ -6964,6 +6964,8 @@ resquery_response(isc_task_t *task, isc_event_t *event) {
+ 			goto done;
+ 	}
+ 
++	dns_message_setclass(message, fctx->res->rdclass);
++
+ 	result = dns_message_parse(message, &devent->buffer, 0);
+ 	if (result != ISC_R_SUCCESS) {
+ 		switch (result) {
+@@ -7036,6 +7038,12 @@ resquery_response(isc_task_t *task, isc_event_t *event) {
+ 	 */
+ 	log_packet(message, ISC_LOG_DEBUG(10), fctx->res->mctx);
+ 
++	if (message->rdclass != fctx->res->rdclass) {
++		resend = ISC_TRUE;
++		FCTXTRACE("bad class");
++		goto done;
++	}
++
+ 	/*
+ 	 * Process receive opt record.
+ 	 */
+diff --git a/lib/dns/xfrin.c b/lib/dns/xfrin.c
+index 9ad8960..938373a 100644
+--- a/lib/dns/xfrin.c
++++ b/lib/dns/xfrin.c
+@@ -1241,6 +1241,8 @@ xfrin_recv_done(isc_task_t *task, isc_event_t *ev) {
+ 	msg->tsigctx = xfr->tsigctx;
+ 	xfr->tsigctx = NULL;
+ 
++	dns_message_setclass(msg, xfr->rdclass);
++
+ 	if (xfr->nmsg > 0)
+ 		msg->tcp_continuation = 1;
+ 

meta/recipes-connectivity/bind/bind/CVE-2015-8461.patch

@@ -0,0 +1,45 @@
+From adbf81335b67be0cebdcf9f1f4fcb38ef4814f4d Mon Sep 17 00:00:00 2001
+From: Mark Andrews <marka@isc.org>
+Date: Thu, 25 Jun 2015 18:36:27 +1000
+Subject: [PATCH] 4146.   [bug]           Address reference leak that could
+ prevent a clean                         shutdown. [RT #37125]
+
+Upstream-Status: Backport
+
+https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=adbf81335b67be0cebdcf9f1f4fcb38ef4814f4d
+
+CVE: CVE-2015-8461
+Signed-off-by:  Armin Kuster <akuster@mvista.com>
+---
+ CHANGES            | 3 +++
+ lib/dns/resolver.c | 5 +++++
+ 2 files changed, 8 insertions(+)
+
+Index: bind-9.9.5/lib/dns/resolver.c
+===================================================================
+--- bind-9.9.5.orig/lib/dns/resolver.c
++++ bind-9.9.5/lib/dns/resolver.c
+@@ -1570,6 +1570,11 @@ fctx_query(fetchctx_t *fctx, dns_adbaddr
+ 	if (query->dispatch != NULL)
+ 		dns_dispatch_detach(&query->dispatch);
+ 
++	LOCK(&res->buckets[fctx->bucketnum].lock);
++	INSIST(fctx->references > 1);
++	fctx->references--;
++	UNLOCK(&res->buckets[fctx->bucketnum].lock);
++
+  cleanup_query:
+ 	if (query->connects == 0) {
+ 		query->magic = 0;
+Index: bind-9.9.5/CHANGES
+===================================================================
+--- bind-9.9.5.orig/CHANGES
++++ bind-9.9.5/CHANGES
+@@ -1,4 +1,7 @@
+ 	--- 9.9.6-P2 released ---
++4146.  [bug]           Address reference leak that could prevent a clean
++                       shutdown. [RT #37125]
++
+ 
+ 4053.	[security]	Revoking a managed trust anchor and supplying
+ 			an untrusted replacement could cause named

meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch

@@ -0,0 +1,29 @@
+Upstream-Status: Backport
+
+https://bugzilla.redhat.com/attachment.cgi?id=1115781
+
+CVE: CVE-2015-8704
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+Index: bind-9.9.5/lib/dns/rdata/in_1/apl_42.c
+===================================================================
+--- bind-9.9.5.orig/lib/dns/rdata/in_1/apl_42.c
++++ bind-9.9.5/lib/dns/rdata/in_1/apl_42.c
+@@ -116,7 +116,7 @@ totext_in_apl(ARGS_TOTEXT) {
+ 	isc_uint8_t len;
+ 	isc_boolean_t neg;
+ 	unsigned char buf[16];
+-	char txt[sizeof(" !64000")];
++	char txt[sizeof(" !64000:")];
+ 	const char *sep = "";
+ 	int n;
+ 
+@@ -140,7 +140,7 @@ totext_in_apl(ARGS_TOTEXT) {
+ 		isc_region_consume(&sr, 1);
+ 		INSIST(len <= sr.length);
+ 		n = snprintf(txt, sizeof(txt), "%s%s%u:", sep,
+-			     neg ? "!": "", afi);
++			     neg ? "!" : "", afi);
+ 		INSIST(n < (int)sizeof(txt));
+ 		RETERR(str_totext(txt, target));
+ 		switch (afi) {

meta/recipes-connectivity/bind/bind/CVE-2016-1285.patch

@@ -0,0 +1,141 @@
+From 31e4657cf246e41d4c5c890315cb6cf89a0db25a Mon Sep 17 00:00:00 2001
+From: Mark Andrews <marka@isc.org>
+Date: Thu, 18 Feb 2016 12:11:27 +1100
+Subject: [PATCH] 4318. [security] Malformed control messages can
+trigger assertions in named and rndc. (CVE-2016-1285) [RT #41666]
+
+(cherry picked from commit a2b15b3305acd52179e6f3dc7d073b07fbc40b8e)
+
+CVE: CVE-2016-1285
+Upstream-Status: Backport
+
+[Skipped CHANGES and doc/arm/notes.xml changes.]
+
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ CHANGES                 |  3 +++
+ bin/named/control.c     |  2 +-
+ bin/named/controlconf.c |  2 +-
+ bin/rndc/rndc.c         |  8 ++++----
+ doc/arm/notes.xml       |  8 ++++++++
+ lib/isccc/cc.c          | 14 +++++++-------
+ 6 files changed, 24 insertions(+), 13 deletions(-)
+
+diff --git a/bin/named/control.c b/bin/named/control.c
+index 01fbe35..b1b744f 100644
+--- a/bin/named/control.c
++++ b/bin/named/control.c
+@@ -89,7 +89,7 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
+ #endif
+ 
+ 	data = isccc_alist_lookup(message, "_data");
+-	if (data == NULL) {
++	if (!isccc_alist_alistp(data)) {
+ 		/*
+ 		 * No data section.
+ 		 */
+diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c
+index 95feaf5..31bdc48 100644
+--- a/bin/named/controlconf.c
++++ b/bin/named/controlconf.c
+@@ -397,7 +397,7 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
+ 	 * Limit exposure to replay attacks.
+ 	 */
+ 	_ctrl = isccc_alist_lookup(request, "_ctrl");
+-	if (_ctrl == NULL) {
++	if (!isccc_alist_alistp(_ctrl)) {
+ 		log_invalid(&conn->ccmsg, ISC_R_FAILURE);
+ 		goto cleanup_request;
+ 	}
+diff --git a/bin/rndc/rndc.c b/bin/rndc/rndc.c
+index c7d8fe1..ba3ac3a 100644
+--- a/bin/rndc/rndc.c
++++ b/bin/rndc/rndc.c
+@@ -249,8 +249,8 @@ rndc_recvdone(isc_task_t *task, isc_event_t *event) {
+ 	DO("parse message", isccc_cc_fromwire(&source, &response, &secret));
+ 
+ 	data = isccc_alist_lookup(response, "_data");
+-	if (data == NULL)
+-		fatal("no data section in response");
++	if (!isccc_alist_alistp(data))
++		fatal("bad or missing data section in response");
+ 	result = isccc_cc_lookupstring(data, "err", &errormsg);
+ 	if (result == ISC_R_SUCCESS) {
+ 		failed = ISC_TRUE;
+@@ -313,8 +313,8 @@ rndc_recvnonce(isc_task_t *task, isc_event_t *event) {
+ 	DO("parse message", isccc_cc_fromwire(&source, &response, &secret));
+ 
+ 	_ctrl = isccc_alist_lookup(response, "_ctrl");
+-	if (_ctrl == NULL)
+-		fatal("_ctrl section missing");
++	if (!isccc_alist_alistp(_ctrl))
++		fatal("bad or missing ctrl section in response");
+ 	nonce = 0;
+ 	if (isccc_cc_lookupuint32(_ctrl, "_nonce", &nonce) != ISC_R_SUCCESS)
+ 		nonce = 0;
+ 
+diff --git a/lib/isccc/cc.c b/lib/isccc/cc.c
+index 9915568..ffcd584 100644
+--- a/lib/isccc/cc.c
++++ b/lib/isccc/cc.c
+@@ -284,10 +284,10 @@ verify(isccc_sexpr_t *alist, unsigned char *data, unsigned int length,
+ 	 * Extract digest.
+ 	 */
+ 	_auth = isccc_alist_lookup(alist, "_auth");
+-	if (_auth == NULL)
++	if (!isccc_alist_alistp(_auth))
+ 		return (ISC_R_FAILURE);
+ 	hmd5 = isccc_alist_lookup(_auth, "hmd5");
+-	if (hmd5 == NULL)
++	if (!isccc_sexpr_binaryp(hmac))
+ 		return (ISC_R_FAILURE);
+ 	/*
+ 	 * Compute digest.
+@@ -540,7 +540,7 @@ isccc_cc_createack(isccc_sexpr_t *message, isc_boolean_t ok,
+ 	REQUIRE(ackp != NULL && *ackp == NULL);
+ 
+ 	_ctrl = isccc_alist_lookup(message, "_ctrl");
+-	if (_ctrl == NULL ||
++	if (!isccc_alist_alistp(_ctrl) ||
+ 	    isccc_cc_lookupuint32(_ctrl, "_ser", &serial) != ISC_R_SUCCESS ||
+ 	    isccc_cc_lookupuint32(_ctrl, "_tim", &t) != ISC_R_SUCCESS)
+ 		return (ISC_R_FAILURE);
+@@ -584,7 +584,7 @@ isccc_cc_isack(isccc_sexpr_t *message) {
+ 	isccc_sexpr_t *_ctrl;
+ 
+ 	_ctrl = isccc_alist_lookup(message, "_ctrl");
+-	if (_ctrl == NULL)
++	if (!isccc_alist_alistp(_ctrl))
+ 		return (ISC_FALSE);
+ 	if (isccc_cc_lookupstring(_ctrl, "_ack", NULL) == ISC_R_SUCCESS)
+ 		return (ISC_TRUE);
+@@ -596,7 +596,7 @@ isccc_cc_isreply(isccc_sexpr_t *message) {
+ 	isccc_sexpr_t *_ctrl;
+ 
+ 	_ctrl = isccc_alist_lookup(message, "_ctrl");
+-	if (_ctrl == NULL)
++	if (!isccc_alist_alistp(_ctrl))
+ 		return (ISC_FALSE);
+ 	if (isccc_cc_lookupstring(_ctrl, "_rpl", NULL) == ISC_R_SUCCESS)
+ 		return (ISC_TRUE);
+@@ -616,7 +616,7 @@ isccc_cc_createresponse(isccc_sexpr_t *message, isccc_time_t now,
+ 
+ 	_ctrl = isccc_alist_lookup(message, "_ctrl");
+ 	_data = isccc_alist_lookup(message, "_data");
+-	if (_ctrl == NULL || _data == NULL ||
++	if (!isccc_alist_alistp(_ctrl) || !isccc_alist_alistp(_data) ||
+ 	    isccc_cc_lookupuint32(_ctrl, "_ser", &serial) != ISC_R_SUCCESS ||
+ 	    isccc_cc_lookupstring(_data, "type", &type) != ISC_R_SUCCESS)
+ 		return (ISC_R_FAILURE);
+@@ -797,7 +797,7 @@ isccc_cc_checkdup(isccc_symtab_t *symtab, isccc_sexpr_t *message,
+ 	isccc_sexpr_t *_ctrl;
+ 
+ 	_ctrl = isccc_alist_lookup(message, "_ctrl");
+-	if (_ctrl == NULL ||
++	if (!isccc_alist_alistp(_ctrl) ||
+ 	    isccc_cc_lookupstring(_ctrl, "_ser", &_ser) != ISC_R_SUCCESS ||
+ 	    isccc_cc_lookupstring(_ctrl, "_tim", &_tim) != ISC_R_SUCCESS)
+ 		return (ISC_R_FAILURE);
+-- 
+1.9.1
+

meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch

@@ -0,0 +1,78 @@
+From 76c3c9fe9f3f1353b47214b8f98b3d7f53e10bc7 Mon Sep 17 00:00:00 2001
+From: Mukund Sivaraman <muks@isc.org>
+Date: Mon, 22 Feb 2016 12:22:43 +0530
+Subject: [PATCH] Fix resolver assertion failure due to improper DNAME handling
+ (CVE-2016-1286) (#41753)
+
+(cherry picked from commit 5995fec51cc8bb7e53804e4936e60aa1537f3673)
+(cherry picked from commit 456e1eadd2a3a2fb9617e60d4db90ef4ba7c6ba3)
+
+CVE: CVE-2016-1286
+Upstream-Status: Backport
+
+[Skipped CHANGES and doc/arm/notes.xml changes.]
+
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ CHANGES            |  4 ++++
+ doc/arm/notes.xml  |  7 +++++++
+ lib/dns/resolver.c | 33 ++++++++++++++++++---------------
+ 3 files changed, 29 insertions(+), 15 deletions(-)
+
+diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
+index 735f7d2..0602070 100644
+--- a/lib/dns/resolver.c
++++ b/lib/dns/resolver.c
+@@ -6701,21 +6701,26 @@ answer_response(fetchctx_t *fctx) {
+ 				isc_boolean_t found_dname = ISC_FALSE;
+ 				dns_name_t *dname_name;
+ 
++				/*
++				 * Only pass DNAME or RRSIG(DNAME).
++				 */
++				if (rdataset->type != dns_rdatatype_dname &&
++				    (rdataset->type != dns_rdatatype_rrsig ||
++				     rdataset->covers != dns_rdatatype_dname))
++					continue;
++
++				/*
++				 * If we're not chaining, then the DNAME and
++				 * its signature should not be external.
++				 */
++				if (!chaining && external) {
++					log_formerr(fctx, "external DNAME");
++					return (DNS_R_FORMERR);
++				}
++
+ 				found = ISC_FALSE;
+ 				aflag = 0;
+ 				if (rdataset->type == dns_rdatatype_dname) {
+-					/*
+-					 * We're looking for something else,
+-					 * but we found a DNAME.
+-					 *
+-					 * If we're not chaining, then the
+-					 * DNAME should not be external.
+-					 */
+-					if (!chaining && external) {
+-						log_formerr(fctx,
+-							    "external DNAME");
+-						return (DNS_R_FORMERR);
+-					}
+ 					found = ISC_TRUE;
+ 					want_chaining = ISC_TRUE;
+ 					POST(want_chaining);
+@@ -6744,9 +6749,7 @@ answer_response(fetchctx_t *fctx) {
+ 							&fctx->domain)) {
+ 						return (DNS_R_SERVFAIL);
+ 					}
+-				} else if (rdataset->type == dns_rdatatype_rrsig
+-					   && rdataset->covers ==
+-					   dns_rdatatype_dname) {
++				} else {
+ 					/*
+ 					 * We've found a signature that
+ 					 * covers the DNAME.
+-- 
+1.9.1
+

meta/recipes-connectivity/bind/bind/CVE-2016-1286_2.patch

@@ -0,0 +1,318 @@
+From ce3cd91caee698cb144e1350c6c78292c6be6339 Mon Sep 17 00:00:00 2001
+From: Mark Andrews <marka@isc.org>
+Date: Mon, 29 Feb 2016 07:16:48 +1100
+Subject: [PATCH] Part 2 of: 4319.   [security]      Fix resolver assertion
+ failure due to improper                         DNAME handling when parsing
+ fetch reply messages.                         (CVE-2016-1286) [RT #41753]
+
+(cherry picked from commit 2de89ee9de8c8da9dc153a754b02dcdbb7fe2374)
+
+CVE: CVE-2016-1286
+Upstream-Status: Backport
+
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ lib/dns/resolver.c | 192 ++++++++++++++++++++++++++---------------------------
+ 1 file changed, 93 insertions(+), 99 deletions(-)
+
+diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
+index 0602070..273e06c 100644
+--- a/lib/dns/resolver.c
++++ b/lib/dns/resolver.c
+@@ -5808,14 +5808,11 @@ cname_target(dns_rdataset_t *rdataset, dns_name_t *tname) {
+ }
+ 
+ static inline isc_result_t
+-dname_target(fetchctx_t *fctx, dns_rdataset_t *rdataset, dns_name_t *qname,
+-	     dns_name_t *oname, dns_fixedname_t *fixeddname)
++dname_target(dns_rdataset_t *rdataset, dns_name_t *qname,
++	     unsigned int nlabels, dns_fixedname_t *fixeddname)
+ {
+ 	isc_result_t result;
+ 	dns_rdata_t rdata = DNS_RDATA_INIT;
+-	unsigned int nlabels;
+-	int order;
+-	dns_namereln_t namereln;
+ 	dns_rdata_dname_t dname;
+ 	dns_fixedname_t prefix;
+ 
+@@ -5830,21 +5827,6 @@ dname_target(fetchctx_t *fctx, dns_rdataset_t *rdataset, dns_name_t *qname,
+ 	if (result != ISC_R_SUCCESS)
+ 		return (result);
+ 
+-	/*
+-	 * Get the prefix of qname.
+-	 */
+-	namereln = dns_name_fullcompare(qname, oname, &order, &nlabels);
+-	if (namereln != dns_namereln_subdomain) {
+-		char qbuf[DNS_NAME_FORMATSIZE];
+-		char obuf[DNS_NAME_FORMATSIZE];
+-
+-		dns_rdata_freestruct(&dname);
+-		dns_name_format(qname, qbuf, sizeof(qbuf));
+-		dns_name_format(oname, obuf, sizeof(obuf));
+-		log_formerr(fctx, "unrelated DNAME in answer: "
+-				   "%s is not in %s", qbuf, obuf);
+-		return (DNS_R_FORMERR);
+-	}
+ 	dns_fixedname_init(&prefix);
+ 	dns_name_split(qname, nlabels, dns_fixedname_name(&prefix), NULL);
+ 	dns_fixedname_init(fixeddname);
+@@ -6470,13 +6452,13 @@ static isc_result_t
+ answer_response(fetchctx_t *fctx) {
+ 	isc_result_t result;
+ 	dns_message_t *message;
+-	dns_name_t *name, *qname, tname, *ns_name;
++	dns_name_t *name, *dname, *qname, tname, *ns_name;
+ 	dns_rdataset_t *rdataset, *ns_rdataset;
+ 	isc_boolean_t done, external, chaining, aa, found, want_chaining;
+ 	isc_boolean_t have_answer, found_cname, found_type, wanted_chaining;
+ 	unsigned int aflag;
+ 	dns_rdatatype_t type;
+-	dns_fixedname_t dname, fqname;
++	dns_fixedname_t fdname, fqname;
+ 	dns_view_t *view;
+ 
+ 	FCTXTRACE("answer_response");
+@@ -6504,10 +6486,15 @@ answer_response(fetchctx_t *fctx) {
+ 	view = fctx->res->view;
+ 	result = dns_message_firstname(message, DNS_SECTION_ANSWER);
+ 	while (!done && result == ISC_R_SUCCESS) {
++		dns_namereln_t namereln;
++		int order;
++		unsigned int nlabels;
++
+ 		name = NULL;
+ 		dns_message_currentname(message, DNS_SECTION_ANSWER, &name);
+ 		external = ISC_TF(!dns_name_issubdomain(name, &fctx->domain));
+-		if (dns_name_equal(name, qname)) {
++		namereln = dns_name_fullcompare(qname, name, &order, &nlabels);
++		if (namereln == dns_namereln_equal) {
+ 			wanted_chaining = ISC_FALSE;
+ 			for (rdataset = ISC_LIST_HEAD(name->list);
+ 			     rdataset != NULL;
+@@ -6632,10 +6619,11 @@ answer_response(fetchctx_t *fctx) {
+ 						 */
+ 						INSIST(!external);
+ 						if (aflag ==
+-						    DNS_RDATASETATTR_ANSWER)
++						    DNS_RDATASETATTR_ANSWER) {
+ 							have_answer = ISC_TRUE;
+-						name->attributes |=
+-							DNS_NAMEATTR_ANSWER;
++							name->attributes |=
++								DNS_NAMEATTR_ANSWER;
++						}
+ 						rdataset->attributes |= aflag;
+ 						if (aa)
+ 							rdataset->trust =
+@@ -6690,6 +6678,8 @@ answer_response(fetchctx_t *fctx) {
+ 			if (wanted_chaining)
+ 				chaining = ISC_TRUE;
+ 		} else {
++			dns_rdataset_t *dnameset = NULL;
++
+ 			/*
+ 			 * Look for a DNAME (or its SIG).  Anything else is
+ 			 * ignored.
+@@ -6697,10 +6687,8 @@ answer_response(fetchctx_t *fctx) {
+ 			wanted_chaining = ISC_FALSE;
+ 			for (rdataset = ISC_LIST_HEAD(name->list);
+ 			     rdataset != NULL;
+-			     rdataset = ISC_LIST_NEXT(rdataset, link)) {
+-				isc_boolean_t found_dname = ISC_FALSE;
+-				dns_name_t *dname_name;
+-
++			     rdataset = ISC_LIST_NEXT(rdataset, link))
++			{
+ 				/*
+ 				 * Only pass DNAME or RRSIG(DNAME).
+ 				 */
+@@ -6714,20 +6702,41 @@ answer_response(fetchctx_t *fctx) {
+ 				 * its signature should not be external.
+ 				 */
+ 				if (!chaining && external) {
+-					log_formerr(fctx, "external DNAME");
++					char qbuf[DNS_NAME_FORMATSIZE];
++					char obuf[DNS_NAME_FORMATSIZE];
++
++					dns_name_format(name, qbuf,
++							sizeof(qbuf));
++					dns_name_format(&fctx->domain, obuf,
++							sizeof(obuf));
++					log_formerr(fctx, "external DNAME or "
++						    "RRSIG covering DNAME "
++						    "in answer: %s is "
++						    "not in %s", qbuf, obuf);
++					return (DNS_R_FORMERR);
++				}
++
++				if (namereln != dns_namereln_subdomain) {
++					char qbuf[DNS_NAME_FORMATSIZE];
++					char obuf[DNS_NAME_FORMATSIZE];
++
++					dns_name_format(qname, qbuf,
++							sizeof(qbuf));
++					dns_name_format(name, obuf,
++							sizeof(obuf));
++					log_formerr(fctx, "unrelated DNAME "
++						    "in answer: %s is "
++						    "not in %s", qbuf, obuf);
+ 					return (DNS_R_FORMERR);
+ 				}
+ 
+-				found = ISC_FALSE;
+ 				aflag = 0;
+ 				if (rdataset->type == dns_rdatatype_dname) {
+-					found = ISC_TRUE;
+ 					want_chaining = ISC_TRUE;
+ 					POST(want_chaining);
+ 					aflag = DNS_RDATASETATTR_ANSWER;
+-					result = dname_target(fctx, rdataset,
+-							      qname, name,
+-							      &dname);
++					result = dname_target(rdataset, qname,
++							      nlabels, &fdname);
+ 					if (result == ISC_R_NOSPACE) {
+ 						/*
+ 						 * We can't construct the
+@@ -6739,14 +6748,12 @@ answer_response(fetchctx_t *fctx) {
+ 					} else if (result != ISC_R_SUCCESS)
+ 						return (result);
+ 					else
+-						found_dname = ISC_TRUE;
++						dnameset = rdataset;
+ 
+-					dname_name = dns_fixedname_name(&dname);
++					dname = dns_fixedname_name(&fdname);
+ 					if (!is_answertarget_allowed(view,
+-							qname,
+-							rdataset->type,
+-							dname_name,
+-							&fctx->domain)) {
++							qname, rdataset->type,
++							dname, &fctx->domain)) {
+ 						return (DNS_R_SERVFAIL);
+ 					}
+ 				} else {
+@@ -6754,73 +6761,60 @@ answer_response(fetchctx_t *fctx) {
+ 					 * We've found a signature that
+ 					 * covers the DNAME.
+ 					 */
+-					found = ISC_TRUE;
+ 					aflag = DNS_RDATASETATTR_ANSWERSIG;
+ 				}
+ 
+-				if (found) {
++				/*
++				 * We've found an answer to our
++				 * question.
++				 */
++				name->attributes |= DNS_NAMEATTR_CACHE;
++				rdataset->attributes |= DNS_RDATASETATTR_CACHE;
++				rdataset->trust = dns_trust_answer;
++				if (!chaining) {
+ 					/*
+-					 * We've found an answer to our
+-					 * question.
++					 * This data is "the" answer to
++					 * our question only if we're
++					 * not chaining.
+ 					 */
+-					name->attributes |=
+-						DNS_NAMEATTR_CACHE;
+-					rdataset->attributes |=
+-						DNS_RDATASETATTR_CACHE;
+-					rdataset->trust = dns_trust_answer;
+-					if (!chaining) {
+-						/*
+-						 * This data is "the" answer
+-						 * to our question only if
+-						 * we're not chaining.
+-						 */
+-						INSIST(!external);
+-						if (aflag ==
+-						    DNS_RDATASETATTR_ANSWER)
+-							have_answer = ISC_TRUE;
++					INSIST(!external);
++					if (aflag == DNS_RDATASETATTR_ANSWER) {
++						have_answer = ISC_TRUE;
+ 						name->attributes |=
+ 							DNS_NAMEATTR_ANSWER;
+-						rdataset->attributes |= aflag;
+-						if (aa)
+-							rdataset->trust =
+-							  dns_trust_authanswer;
+-					} else if (external) {
+-						rdataset->attributes |=
+-						    DNS_RDATASETATTR_EXTERNAL;
+-					}
+-
+-					/*
+-					 * DNAME chaining.
+-					 */
+-					if (found_dname) {
+-						/*
+-						 * Copy the dname into the
+-						 * qname fixed name.
+-						 *
+-						 * Although we check for
+-						 * failure of the copy
+-						 * operation, in practice it
+-						 * should never fail since
+-						 * we already know that the
+-						 * result fits in a fixedname.
+-						 */
+-						dns_fixedname_init(&fqname);
+-						result = dns_name_copy(
+-						  dns_fixedname_name(&dname),
+-						  dns_fixedname_name(&fqname),
+-						  NULL);
+-						if (result != ISC_R_SUCCESS)
+-							return (result);
+-						wanted_chaining = ISC_TRUE;
+-						name->attributes |=
+-							DNS_NAMEATTR_CHAINING;
+-						rdataset->attributes |=
+-						    DNS_RDATASETATTR_CHAINING;
+-						qname = dns_fixedname_name(
+-								   &fqname);
+ 					}
++					rdataset->attributes |= aflag;
++					if (aa)
++						rdataset->trust =
++						  dns_trust_authanswer;
++				} else if (external) {
++					rdataset->attributes |=
++					    DNS_RDATASETATTR_EXTERNAL;
+ 				}
+ 			}
++
++			/*
++			 * DNAME chaining.
++			 */
++			if (dnameset != NULL) {
++				/*
++				 * Copy the dname into the qname fixed name.
++				 *
++				 * Although we check for failure of the copy
++				 * operation, in practice it should never fail
++				 * since we already know that the  result fits
++				 * in a fixedname.
++				 */
++				dns_fixedname_init(&fqname);
++				qname = dns_fixedname_name(&fqname);
++				result = dns_name_copy(dname, qname, NULL);
++				if (result != ISC_R_SUCCESS)
++					return (result);
++				wanted_chaining = ISC_TRUE;
++				name->attributes |= DNS_NAMEATTR_CHAINING;
++				dnameset->attributes |=
++					    DNS_RDATASETATTR_CHAINING;
++			}
+ 			if (wanted_chaining)
+ 				chaining = ISC_TRUE;
+ 		}
+-- 
+1.9.1
+

meta/recipes-connectivity/bind/bind/fix-typo-in-CVE-2016-1285.patch

@@ -0,0 +1,31 @@
+From a078c9eeae8c2db7edf2b15ff1d25a3a297c7512 Mon Sep 17 00:00:00 2001
+From: Evan Hunt <each@isc.org>
+Date: Wed, 17 Feb 2016 19:13:22 -0800
+Subject: [PATCH] [v9_9] fix backport error
+
+This fixes typo in the: 
+CVE-2016-1285.patch [upstream commit 31e4657cf246e41d4c5c890315cb6cf89a0db25a]
+
+Upstream-Status: Backport
+
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ lib/isccc/cc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/isccc/cc.c b/lib/isccc/cc.c
+index ffcd584..9c7d18c 100644
+--- a/lib/isccc/cc.c
++++ b/lib/isccc/cc.c
+@@ -287,7 +287,7 @@ verify(isccc_sexpr_t *alist, unsigned char *data, unsigned int length,
+ 	if (!isccc_alist_alistp(_auth))
+ 		return (ISC_R_FAILURE);
+ 	hmd5 = isccc_alist_lookup(_auth, "hmd5");
+-	if (!isccc_sexpr_binaryp(hmac))
++	if (!isccc_sexpr_binaryp(hmd5))
+ 		return (ISC_R_FAILURE);
+ 	/*
+ 	 * Compute digest.
+-- 
+1.9.1
+

meta/recipes-connectivity/bind/bind_9.9.5.bb

@@ -25,7 +25,14 @@ SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
            file://CVE-2015-1349.patch \
            file://CVE-2015-4620.patch \
            file://CVE-2015-5722.patch \
-	   "
+           file://CVE-2015-8000.patch \
+           file://CVE-2015-8704.patch \
+           file://CVE-2015-8461.patch \
+           file://CVE-2016-1285.patch \
+           file://fix-typo-in-CVE-2016-1285.patch \
+           file://CVE-2016-1286_1.patch \
+           file://CVE-2016-1286_2.patch \
+           "
 
 SRC_URI[md5sum] = "e676c65cad5234617ee22f48e328c24e"
 SRC_URI[sha256sum] = "d4b64c1dde442145a316679acff2df4008aa117ae52dfa3a6bc69efecc7840d1"

meta/recipes-connectivity/dhcp/dhcp/CVE-2015-8605.patch

@@ -0,0 +1,101 @@
+Solves CVE-2015-8605 that caused DoS when an invalid length field in IPv4 UDP
+was received by the server.
+
+Upstream-Status: Backport (v4.3.3p1)
+CVE: CVE-2015-8605
+
+From: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=4ce21cb6301d665de01c1a6209e40f5f35072c0c
+
+Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com>
+
+=======================================================================
+diff --git a/common/packet.c b/common/packet.c
+index b530432..e600e37 100644
+--- a/common/packet.c
++++ b/common/packet.c
+@@ -220,7 +220,28 @@ ssize_t decode_hw_header (interface, buf, bufix, from)
+ 	}
+ }
+ 
+-/* UDP header and IP header decoded together for convenience. */
++/*!
++ *
++ * \brief UDP header and IP header decoded together for convenience.
++ *
++ * Attempt to decode the UDP and IP headers and, if necessary, checksum
++ * the packet.
++ *
++ * \param inteface - the interface on which the packet was recevied
++ * \param buf - a pointer to the buffer for the received packet
++ * \param bufix - where to start processing the buffer, previous
++ *                routines may have processed parts of the buffer already
++ * \param from - space to return the address of the packet sender
++ * \param buflen - remaining length of the buffer, this will have been
++ *                 decremented by bufix by the caller
++ * \param rbuflen - space to return the length of the payload from the udp
++ *                  header
++ * \param csum_ready - indication if the checksum is valid for use
++ *                     non-zero indicates the checksum should be validated
++ *
++ * \return - the index to the first byte of the udp payload (that is the
++ *           start of the DHCP packet
++ */
+ 
+ ssize_t
+ decode_udp_ip_header(struct interface_info *interface,
+@@ -231,7 +252,7 @@ decode_udp_ip_header(struct interface_info *interface,
+   unsigned char *data;
+   struct ip ip;
+   struct udphdr udp;
+-  unsigned char *upp, *endbuf;
++  unsigned char *upp;
+   u_int32_t ip_len, ulen, pkt_len;
+   static unsigned int ip_packets_seen = 0;
+   static unsigned int ip_packets_bad_checksum = 0;
+@@ -241,11 +262,8 @@ decode_udp_ip_header(struct interface_info *interface,
+   static unsigned int udp_packets_length_overflow = 0;
+   unsigned len;
+ 
+-  /* Designate the end of the input buffer for bounds checks. */
+-  endbuf = buf + bufix + buflen;
+-
+   /* Assure there is at least an IP header there. */
+-  if ((buf + bufix + sizeof(ip)) > endbuf)
++  if (sizeof(ip) > buflen)
+ 	  return -1;
+ 
+   /* Copy the IP header into a stack aligned structure for inspection.
+@@ -257,13 +275,17 @@ decode_udp_ip_header(struct interface_info *interface,
+   ip_len = (*upp & 0x0f) << 2;
+   upp += ip_len;
+ 
+-  /* Check the IP packet length. */
++  /* Check packet lengths are within the buffer:
++   * first the ip header (ip_len)
++   * then the packet length from the ip header (pkt_len)
++   * then the udp header (ip_len + sizeof(udp)
++   * We are liberal in what we accept, the udp payload should fit within
++   * pkt_len, but we only check against the full buffer size.
++   */
+   pkt_len = ntohs(ip.ip_len);
+-  if (pkt_len > buflen)
+-	return -1;
+-
+-  /* Assure after ip_len bytes that there is enough room for a UDP header. */
+-  if ((upp + sizeof(udp)) > endbuf)
++  if ((ip_len > buflen) ||
++      (pkt_len > buflen) ||
++      ((ip_len + sizeof(udp)) > buflen))
+ 	  return -1;
+ 
+   /* Copy the UDP header into a stack aligned structure for inspection. */
+@@ -284,7 +306,8 @@ decode_udp_ip_header(struct interface_info *interface,
+ 	return -1;
+ 
+   udp_packets_length_checked++;
+-  if ((upp + ulen) > endbuf) {
++  /* verify that the payload length from the udp packet fits in the buffer */
++  if ((ip_len + ulen) > buflen) {
+ 	udp_packets_length_overflow++;
+ 	if (((udp_packets_length_checked > 4) &&
+ 	     (udp_packets_length_overflow != 0)) &&

meta/recipes-connectivity/dhcp/dhcp/CVE-2015-8605_1.patch

@@ -0,0 +1,131 @@
+This patch is needed in order to apply the patch for CVE-2015-8605.
+
+Upstream-Status: Backport (4.3.2+)
+
+From: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=0ce1aa94454ce9b50d592c08d7e0c559d38d3bc5
+
+Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com>
+---
+From 0ce1aa94454ce9b50d592c08d7e0c559d38d3bc5 Mon Sep 17 00:00:00 2001
+From: Thomas Markwalder <tmark@isc.org>
+Date: Mon, 8 Sep 2014 09:31:32 -0400
+Subject: [PATCH] [master] Corrected error in UDP bad packet logging
+
+    Merges in rt36897
+---
+ common/packet.c | 55 +++++++++++++++++++++++++++++++++++--------------------
+ 1 file changed, 35 insertions(+), 20 deletions(-)
+
+diff --git a/common/packet.c b/common/packet.c
+index 45e96e8..7460f3d 100644
+--- a/common/packet.c
++++ b/common/packet.c
+@@ -3,7 +3,7 @@
+    Packet assembly code, originally contributed by Archie Cobbs. */
+ 
+ /*
+- * Copyright (c) 2009,2012 by Internet Systems Consortium, Inc. ("ISC")
++ * Copyright (c) 2009,2012,2014 by Internet Systems Consortium, Inc. ("ISC")
+  * Copyright (c) 2004,2005,2007 by Internet Systems Consortium, Inc. ("ISC")
+  * Copyright (c) 1996-2003 by Internet Software Consortium
+  *
+@@ -234,12 +234,12 @@ decode_udp_ip_header(struct interface_info *interface,
+   unsigned char *upp, *endbuf;
+   u_int32_t ip_len, ulen, pkt_len;
+   u_int32_t sum, usum;
+-  static int ip_packets_seen;
+-  static int ip_packets_bad_checksum;
+-  static int udp_packets_seen;
+-  static int udp_packets_bad_checksum;
+-  static int udp_packets_length_checked;
+-  static int udp_packets_length_overflow;
++  static unsigned int ip_packets_seen = 0;
++  static unsigned int ip_packets_bad_checksum = 0;
++  static unsigned int udp_packets_seen = 0;
++  static unsigned int udp_packets_bad_checksum = 0;
++  static unsigned int udp_packets_length_checked = 0;
++  static unsigned int udp_packets_length_overflow = 0;
+   unsigned len;
+ 
+   /* Designate the end of the input buffer for bounds checks. */
+@@ -287,10 +287,10 @@ decode_udp_ip_header(struct interface_info *interface,
+   udp_packets_length_checked++;
+   if ((upp + ulen) > endbuf) {
+ 	udp_packets_length_overflow++;
+-	if ((udp_packets_length_checked > 4) &&
+-	    ((udp_packets_length_checked /
+-	      udp_packets_length_overflow) < 2)) {
+-		log_info("%d udp packets in %d too long - dropped",
++	if (((udp_packets_length_checked > 4) &&
++	     (udp_packets_length_overflow != 0)) &&
++	    ((udp_packets_length_checked / udp_packets_length_overflow) < 2)) {
++		log_info("%u udp packets in %u too long - dropped",
+ 			 udp_packets_length_overflow,
+ 			 udp_packets_length_checked);
+ 		udp_packets_length_overflow = 0;
+@@ -299,22 +299,31 @@ decode_udp_ip_header(struct interface_info *interface,
+ 	return -1;
+   }
+ 
+-  if ((ulen < sizeof(udp)) || ((upp + ulen) > endbuf))
+-	return -1;
++  /* If at least 5 with less than 50% bad, start over */
++  if (udp_packets_length_checked > 4) {
++	udp_packets_length_overflow = 0;
++	udp_packets_length_checked = 0;
++  }
+ 
+   /* Check the IP header checksum - it should be zero. */
+-  ++ip_packets_seen;
++  ip_packets_seen++;
+   if (wrapsum (checksum (buf + bufix, ip_len, 0))) {
+ 	  ++ip_packets_bad_checksum;
+-	  if (ip_packets_seen > 4 &&
+-	      (ip_packets_seen / ip_packets_bad_checksum) < 2) {
+-		  log_info ("%d bad IP checksums seen in %d packets",
++	  if (((ip_packets_seen > 4) && (ip_packets_bad_checksum != 0)) &&
++	      ((ip_packets_seen / ip_packets_bad_checksum) < 2)) {
++		  log_info ("%u bad IP checksums seen in %u packets",
+ 			    ip_packets_bad_checksum, ip_packets_seen);
+ 		  ip_packets_seen = ip_packets_bad_checksum = 0;
+ 	  }
+ 	  return -1;
+   }
+ 
++  /* If at least 5 with less than 50% bad, start over */
++  if (ip_packets_seen > 4) {
++	ip_packets_bad_checksum = 0;
++	ip_packets_seen = 0;
++  }
++
+   /* Copy out the IP source address... */
+   memcpy(&from->sin_addr, &ip.ip_src, 4);
+ 
+@@ -339,15 +348,21 @@ decode_udp_ip_header(struct interface_info *interface,
+   udp_packets_seen++;
+   if (usum && usum != sum) {
+ 	  udp_packets_bad_checksum++;
+-	  if (udp_packets_seen > 4 &&
+-	      (udp_packets_seen / udp_packets_bad_checksum) < 2) {
+-		  log_info ("%d bad udp checksums in %d packets",
++	  if (((udp_packets_seen > 4) && (udp_packets_bad_checksum != 0)) &&
++	      ((udp_packets_seen / udp_packets_bad_checksum) < 2)) {
++		  log_info ("%u bad udp checksums in %u packets",
+ 			    udp_packets_bad_checksum, udp_packets_seen);
+ 		  udp_packets_seen = udp_packets_bad_checksum = 0;
+ 	  }
+ 	  return -1;
+   }
+ 
++  /* If at least 5 with less than 50% bad, start over */
++  if (udp_packets_seen > 4) {
++	udp_packets_bad_checksum = 0;
++	udp_packets_seen = 0;
++  }
++
+   /* Copy out the port... */
+   memcpy (&from -> sin_port, &udp.uh_sport, sizeof udp.uh_sport);
+ 
+-- 
+2.6.2
+

meta/recipes-connectivity/dhcp/dhcp_4.3.1.bb

@@ -6,7 +6,9 @@ SRC_URI += "file://dhcp-3.0.3-dhclient-dbus.patch;striplevel=0 \
             file://fixsepbuild.patch \
             file://dhclient-script-drop-resolv.conf.dhclient.patch \
             file://replace-ifconfig-route.patch \
+            file://CVE-2015-8605_1.patch \
             file://dhcp-xen-checksum.patch \
+            file://CVE-2015-8605.patch \
            "
 
 SRC_URI[md5sum] = "b3a42ece3c7f2cd2e74a3e12ca881d20"

meta/recipes-connectivity/openssh/openssh/CVE-2015-5600.patch

@@ -0,0 +1,50 @@
+From b47bdee5621f95387c9ac5b999fd859ccb1213a9 Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Sat, 18 Jul 2015 07:57:14 +0000
+Subject: [PATCH] CVE-2015-5600
+
+only query each keyboard-interactive device once per
+ authentication request regardless of how many times it is listed; ok markus@
+
+Source:
+http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c?f=h#rev1.43
+http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c.diff?r2=1.43&r1=1.42&f=u
+
+Upstream-Status: Backport
+---
+ auth2-chall.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/auth2-chall.c b/auth2-chall.c
+index ea4eb6952f8c13928c3fc595007f2d844dde422f..065361d3ec22f4f131308d1b4497afada3c3cb78 100644
+--- a/auth2-chall.c
++++ b/auth2-chall.c
+@@ -83,6 +83,7 @@ struct KbdintAuthctxt
+ 	void *ctxt;
+ 	KbdintDevice *device;
+ 	u_int nreq;
++	u_int devices_done;
+ };
+ 
+ #ifdef USE_PAM
+@@ -169,11 +170,15 @@ kbdint_next_device(Authctxt *authctxt, KbdintAuthctxt *kbdintctxt)
+ 		if (len == 0)
+ 			break;
+ 		for (i = 0; devices[i]; i++) {
+-			if (!auth2_method_allowed(authctxt,
++			if ((kbdintctxt->devices_done & (1 << i)) != 0 ||
++			    !auth2_method_allowed(authctxt,
+ 			    "keyboard-interactive", devices[i]->name))
+ 				continue;
+-			if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0)
++			if (strncmp(kbdintctxt->devices, devices[i]->name,
++			    len) == 0) {
+ 				kbdintctxt->device = devices[i];
++				kbdintctxt->devices_done |= 1 << i;
++			}
+ 		}
+ 		t = kbdintctxt->devices;
+ 		kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL;
+-- 
+2.6.2
+

meta/recipes-connectivity/openssh/openssh/CVE-2016-077x.patch

@@ -0,0 +1,56 @@
+From e6c85f8889c5c9eb04796fdb76d2807636b9eef5 Mon Sep 17 00:00:00 2001
+From: Damien Miller <djm@mindrot.org>
+Date: Fri, 15 Jan 2016 01:30:36 +1100
+Subject: [PATCH] forcibly disable roaming support in the client
+
+
+Upstream-Status: Backport
+CVE: CVE-2016-0777
+CVE: CVE-2016-0778
+
+[Yocto #8935]
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ readconf.c | 5 ++---
+ ssh.c      | 3 ---
+ 2 files changed, 2 insertions(+), 6 deletions(-)
+
+Index: openssh-6.7p1/readconf.c
+===================================================================
+--- openssh-6.7p1.orig/readconf.c
++++ openssh-6.7p1/readconf.c
+@@ -1597,7 +1597,7 @@ initialize_options(Options * options)
+ 	options->tun_remote = -1;
+ 	options->local_command = NULL;
+ 	options->permit_local_command = -1;
+-	options->use_roaming = -1;
++	options->use_roaming = 0;
+ 	options->visual_host_key = -1;
+ 	options->ip_qos_interactive = -1;
+ 	options->ip_qos_bulk = -1;
+@@ -1768,8 +1768,7 @@ fill_default_options(Options * options)
+ 		options->tun_remote = SSH_TUNID_ANY;
+ 	if (options->permit_local_command == -1)
+ 		options->permit_local_command = 0;
+-	if (options->use_roaming == -1)
+-		options->use_roaming = 1;
++	options->use_roaming = 0;
+ 	if (options->visual_host_key == -1)
+ 		options->visual_host_key = 0;
+ 	if (options->ip_qos_interactive == -1)
+Index: openssh-6.7p1/ssh.c
+===================================================================
+--- openssh-6.7p1.orig/ssh.c
++++ openssh-6.7p1/ssh.c
+@@ -1800,9 +1800,6 @@ ssh_session2(void)
+ 			fork_postauth();
+ 	}
+ 
+-	if (options.use_roaming)
+-		request_roaming();
+-
+ 	return client_loop(tty_flag, tty_flag ?
+ 	    options.escape_char : SSH_ESCAPECHAR_NONE, id);
+ }

meta/recipes-connectivity/openssh/openssh_6.7p1.bb

@@ -25,6 +25,8 @@ SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.
            file://CVE-2015-6563.patch  \
            file://CVE-2015-6564.patch \
            file://CVE-2015-6565.patch \
+           file://CVE-2015-5600.patch \
+           file://CVE-2016-077x.patch \
            "
 
 PAM_SRC_URI = "file://sshd"

meta/recipes-connectivity/openssl/openssl.inc

@@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8"
 DEPENDS = "perl-native-runtime"
 DEPENDS_append_class-target = " openssl-native"
 
-SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
+SRC_URI = "http://www.openssl.org/source/old/1.0.2/openssl-${PV}.tar.gz \
           "
 S = "${WORKDIR}/openssl-${PV}"
 

meta/recipes-connectivity/openssl/openssl/crypto_use_bigint_in_x86-64_perl.patch

@@ -17,15 +17,13 @@ URL: https://bugs.gentoo.org/542618
 
 Signed-off-By: Armin Kuster <akuster@mvista.com>
 
-Index: openssl-1.0.2a/crypto/perlasm/x86_64-xlate.pl
-===================================================================
---- openssl-1.0.2a.orig/crypto/perlasm/x86_64-xlate.pl
-+++ openssl-1.0.2a/crypto/perlasm/x86_64-xlate.pl
-@@ -194,7 +194,10 @@ my %globals;
-     }
-     sub out {
+diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl
+--- a/crypto/perlasm/x86_64-xlate.pl
++++ b/crypto/perlasm/x86_64-xlate.pl
+@@ -196,6 +196,10 @@ my %globals;
      	my $self = shift;
--
+ 
+ 	$self->{value} =~ s/\b(0b[0-1]+)/oct($1)/eig;
 +	# When building on x32 ABIs, the expanded hex value might be too
 +	# big to fit into 32bits. Enable transparent 64bit support here
 +	# so we can safely print it out.

meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch

@@ -9,14 +9,15 @@ Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
 Reviewed-by: Dr Stephen N Henson <shenson@drh-consultancy.co.uk>
 
 This is not meant as final patch.  
- 
+
 Upstream-Status: Backport [debian]
 
+Signed-off-by: Armin Kuster <akuster@mvista.com>
 
-Index: openssl-1.0.2/crypto/x509/x509_vfy.c
+Index: openssl-1.0.2g/crypto/x509/x509_vfy.c
 ===================================================================
---- openssl-1.0.2.orig/crypto/x509/x509_vfy.c
-+++ openssl-1.0.2/crypto/x509/x509_vfy.c
+--- openssl-1.0.2g.orig/crypto/x509/x509_vfy.c
++++ openssl-1.0.2g/crypto/x509/x509_vfy.c
 @@ -119,6 +119,7 @@ static int check_trust(X509_STORE_CTX *c
  static int check_revocation(X509_STORE_CTX *ctx);
  static int check_cert(X509_STORE_CTX *ctx);
@@ -25,17 +26,17 @@ Index: openssl-1.0.2/crypto/x509/x509_vfy.c
  
  static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
                           unsigned int *preasons, X509_CRL *crl, X509 *x);
-@@ -438,6 +439,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx
+@@ -489,6 +490,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx
      if (!ok)
-         goto end;
+         goto err;
  
 +	ok = check_ca_blacklist(ctx);
-+	if(!ok) goto end;
++	if(!ok) goto err;
 +
  #ifndef OPENSSL_NO_RFC3779
      /* RFC 3779 path validation, now that CRL check has been done */
      ok = v3_asid_validate_path(ctx);
-@@ -938,6 +942,29 @@ static int check_crl_time(X509_STORE_CTX
+@@ -996,6 +1000,29 @@ static int check_crl_time(X509_STORE_CTX
      return 1;
  }
  

meta/recipes-connectivity/openssl/openssl/debian1.0.2/version-script.patch

@@ -15,7 +15,7 @@ Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld
 ===================================================================
 --- /dev/null	1970-01-01 00:00:00.000000000 +0000
 +++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld	2014-02-24 22:19:08.601827266 +0100
-@@ -0,0 +1,4615 @@
+@@ -0,0 +1,4621 @@
 +OPENSSL_1.0.0 {
 +	global:
 +		BIO_f_ssl;
@@ -4631,6 +4631,12 @@ Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld
 +		SSL_test_functions;
 +} OPENSSL_1.0.1d;
 +
++OPENSSL_1.0.2g {
++       global:
++               SRP_VBASE_get1_by_user;
++               SRP_user_pwd_free;
++} OPENSSL_1.0.2;
++
 Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld
 ===================================================================
 --- /dev/null	1970-01-01 00:00:00.000000000 +0000

meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch

@@ -8,16 +8,16 @@ http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html
 
 Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
 ---
-Index: openssl-1.0.2/crypto/evp/digest.c
+Index: openssl-1.0.2h/crypto/evp/digest.c
 ===================================================================
---- openssl-1.0.2.orig/crypto/evp/digest.c
-+++ openssl-1.0.2/crypto/evp/digest.c
-@@ -208,7 +208,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
-         return 0;
+--- openssl-1.0.2h.orig/crypto/evp/digest.c
++++ openssl-1.0.2h/crypto/evp/digest.c
+@@ -211,7 +211,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
+         type = ctx->digest;
      }
  #endif
 -    if (ctx->digest != type) {
 +    if (type && (ctx->digest != type)) {
-         if (ctx->digest && ctx->digest->ctx_size)
+         if (ctx->digest && ctx->digest->ctx_size) {
              OPENSSL_free(ctx->md_data);
-         ctx->digest = type;
+             ctx->md_data = NULL;

meta/recipes-connectivity/openssl/openssl_1.0.2h.bb

@@ -6,7 +6,7 @@ DEPENDS += "cryptodev-linux"
 
 CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
 
-LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6"
 
 export DIRS = "crypto ssl apps engines"
 export OE_LDFLAGS="${LDFLAGS}"
@@ -25,7 +25,7 @@ SRC_URI += "file://configure-targets.patch \
             file://debian/no-rpath.patch \
             file://debian/no-symbolic.patch \
             file://debian/pic.patch \
-            file://debian/version-script.patch \
+            file://debian1.0.2/version-script.patch \
             file://openssl_fix_for_x32.patch \
             file://fix-cipher-des-ede3-cfb1.patch \
             file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
@@ -37,8 +37,8 @@ SRC_URI += "file://configure-targets.patch \
             file://crypto_use_bigint_in_x86-64_perl.patch \
            "
 
-SRC_URI[md5sum] = "38dd619b2e77cbac69b99f52a053d25a"
-SRC_URI[sha256sum] = "671c36487785628a703374c652ad2cebea45fa920ae5681515df25d9f2c9a8c8"
+SRC_URI[md5sum] = "9392e65072ce4b614c1392eefc1f23d0"
+SRC_URI[sha256sum] = "1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919"
 
 PACKAGES =+ " \
 	${PN}-engines \

meta/recipes-connectivity/wpa-supplicant/wpa-supplicant.inc

@@ -33,6 +33,7 @@ SRC_URI = "http://hostap.epitest.fi/releases/wpa_supplicant-${PV}.tar.gz \
            file://0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch \
            file://0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch \
            file://0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch \
+           file://0001-NFC-Fix-payload-length-validation-in-NDEF-record-par.patch \
           "
 SRC_URI[md5sum] = "f2ed8fef72cf63d8d446a2d0a6da630a"
 SRC_URI[sha256sum] = "eaaa5bf3055270e521b2dff64f2d203ec8040f71958b8588269a82c00c9d7b6a"

meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-NFC-Fix-payload-length-validation-in-NDEF-record-par.patch

@@ -0,0 +1,64 @@
+From c13401c723a039971bcd91b3856d76c6041b15f2 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Fri, 13 Nov 2015 05:54:18 -0500
+Subject: [PATCH] NFC: Fix payload length validation in NDEF record parser
+
+It was possible for the 32-bit record->total_length value to end up
+wrapping around due to integer overflow if the longer form of payload
+length field is used and record->payload_length gets a value close to
+2^32. This could result in ndef_parse_record() accepting a too large
+payload length value and the record type filter reading up to about 20
+bytes beyond the end of the buffer and potentially killing the process.
+This could also result in an attempt to allocate close to 2^32 bytes of
+heap memory and if that were to succeed, a buffer read overflow of the
+same length which would most likely result in the process termination.
+In case of record->total_length ending up getting the value 0, there
+would be no buffer read overflow, but record parsing would result in an
+infinite loop in ndef_parse_records().
+
+Any of these error cases could potentially be used for denial of service
+attacks over NFC by using a malformed NDEF record on an NFC Tag or
+sending them during NFC connection handover if the application providing
+the NDEF message to hostapd/wpa_supplicant did no validation of the
+received records. While such validation is likely done in the NFC stack
+that needs to parse the NFC messages before further processing,
+hostapd/wpa_supplicant better be prepared for any data being included
+here.
+
+Fix this by validating record->payload_length value in a way that
+detects integer overflow. (CID 122668)
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+
+Upstream-Status: Backport [from http://w1.fi/security/2015-5/]
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ src/wps/ndef.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/wps/ndef.c b/src/wps/ndef.c
+index d45dfc8..f7f729b 100644
+--- a/src/wps/ndef.c
++++ b/src/wps/ndef.c
+@@ -48,6 +48,8 @@ static int ndef_parse_record(const u8 *data, u32 size,
+ 		if (size < 6)
+ 			return -1;
+ 		record->payload_length = ntohl(*(u32 *)pos);
++                if (record->payload_length > size - 6)
++                       return -1;
+ 		pos += sizeof(u32);
+ 	}
+ 
+@@ -68,7 +70,8 @@ static int ndef_parse_record(const u8 *data, u32 size,
+ 	pos += record->payload_length;
+ 
+ 	record->total_length = pos - data;
+-	if (record->total_length > size)
++	if (record->total_length > size ||
++	    record->total_length < record->payload_length)
+ 		return -1;
+ 	return 0;
+ }
+-- 
+1.9.1
+

meta/recipes-core/busybox/busybox/0001-zcip-fix-wrong-comparison-of-source-IP-with-our-IP.patch

@@ -0,0 +1,34 @@
+From 4d15068d83054a9f82b3f8842706cd6deb401e25 Mon Sep 17 00:00:00 2001
+From: Vladislav Grishenko <themiron@mail.ru>
+Date: Thu, 19 Mar 2015 16:19:35 +0500
+Subject: [PATCH] zcip: fix wrong comparison of source IP with our IP
+
+Commit "zcip: fix link-local IP conflict detection" has introduced
+wrong comparsion of source IP with our IP. This leads to a new IP
+being picked unnecessarily on every incoming ARP packet.
+
+Signed-off-by: Vladislav Grishenko <themiron@mail.ru>
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+Signed-off-by: Brad Mouring <brad.mouring@ni.com>
+
+Upstream-Status: Backport (4d15068, added in 1.24)
+---
+ networking/zcip.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/networking/zcip.c b/networking/zcip.c
+index a3307c5..962ba2e 100644
+--- a/networking/zcip.c
++++ b/networking/zcip.c
+@@ -521,7 +521,7 @@ int zcip_main(int argc UNUSED_PARAM, char **argv)
+ 			target_ip_conflict = 0;
+ 
+ 			if (memcmp(&p.arp.arp_sha, &eth_addr, ETH_ALEN) != 0) {
+-				if (memcmp(p.arp.arp_spa, &ip.s_addr, sizeof(struct in_addr))) {
++				if (memcmp(p.arp.arp_spa, &ip.s_addr, sizeof(struct in_addr)) == 0) {
+ 					/* A probe or reply with source_ip == chosen ip */
+ 					source_ip_conflict = 1;
+ 				}
+-- 
+2.7.3
+

meta/recipes-core/busybox/busybox_1.23.1.bb

@@ -30,6 +30,7 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
            file://login-utilities.cfg \
            file://recognize_connmand.patch \
            file://busybox-cross-menuconfig.patch \
+           file://0001-zcip-fix-wrong-comparison-of-source-IP-with-our-IP.patch \
 "
 
 SRC_URI[tarball.md5sum] = "5c94d6301a964cd91619bd4d74605245"

meta/recipes-core/busybox/busybox_git.bb

@@ -1,6 +1,6 @@
 require busybox.inc
 
-SRCREV = "1ecfe811fe2f70380170ef7d820e8150054e88ca"
+SRCREV = "4d15068d83054a9f82b3f8842706cd6deb401e25"
 # Lookout for PV bump too when SRCREV is changed
 PV = "1.23.1+git${SRCPV}"
 

meta/recipes-core/gettext/gettext-0.16.1/gettext-error_print_progname.patch

@@ -1,19 +0,0 @@
-
-# Pulled from OpenEmbedded
-# 
-# Commented by: Saul Wold <saul.wold@intel.com>
-
-Upstream-Status: Inappropriate [licensing]
-
-diff -ur gettext-0.14.6/gettext-tools/lib/error.h gettext-0.14.6-patched/gettext-tools/lib/error.h
---- gettext-0.14.6/gettext-tools/lib/error.h	2005-05-20 16:03:42.000000000 -0500
-+++ gettext-0.14.6-patched/gettext-tools/lib/error.h	2007-01-13 20:57:24.422168053 -0600
-@@ -50,7 +50,7 @@
- /* If NULL, error will flush stdout, then print on stderr the program
-    name, a colon and a space.  Otherwise, error will call this
-    function without parameters instead.  */
--extern DLL_VARIABLE void (*error_print_progname) (void);
-+void (*error_print_progname) (void);
- 
- /* This variable is incremented each time `error' is called.  */
- extern DLL_VARIABLE unsigned int error_message_count;

meta/recipes-core/gettext/gettext_0.16.1.bb

@@ -21,9 +21,7 @@ SRC_URI = "${GNU_MIRROR}/gettext/gettext-${PV}.tar.gz \
            file://hardcode_macro_version.patch \
           "
 
-
-SRC_URI_append_linux-uclibc = " file://gettext-error_print_progname.patch"
-SRC_URI_append_linux-uclibceabi = " file://gettext-error_print_progname.patch"
+LDFLAGS_prepend_libc-uclibc = " -lrt -lpthread "
 
 SRC_URI[md5sum] = "3d9ad24301c6d6b17ec30704a13fe127"
 SRC_URI[sha256sum] = "0bf850d1a079fb5a61f0a47b1a9efd35eb44032255375e1cedb0253bc27b376d"

meta/recipes-core/glibc/glibc/AArch64-Fix-the-big-endian-loader-name.patch

@@ -0,0 +1,49 @@
+[AArch64] Fix the big endian loader name
+
+Signed-off-by: Szabolcs Nagy  <szabolcs.nagy@arm.com>
+
+The patch was imported from the glibc's official git server
+(https://sourceware.org/git/?p=glibc.git) as of commit id
+44cb254f9a024db33ba549e59dc9d90355b797c9.
+
+Fixed conflicts raised on glibc 2.21.
+
+Upstream-Status: Backport [glibc 2.22]
+
+Signed-off-by: Adrian Calianu <adrian.calianu@enea.com>
+---
+ ChangeLog   | 5 +++++
+ config.h.in | 3 +++
+ 2 files changed, 8 insertions(+)
+
+diff --git a/ChangeLog b/ChangeLog
+index dc1ed1b..503ad41 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -56278,4 +56278,9 @@
+ 	added check.  Only act on the data if no current modification
+ 	happened.
+ 
++2015-05-01  Szabolcs Nagy  <szabolcs.nagy@arm.com>
++
++    * config.h.in (HAVE_AARCH64_BE): Add.
++
++
+ See ChangeLog.17 for earlier changes.
+diff --git a/config.h.in b/config.h.in
+index 695ca35..85c1761 100644
+--- a/config.h.in
++++ b/config.h.in
+@@ -114,6 +114,9 @@
+    include/libc-symbols.h that avoid PLT slots in the shared objects.  */
+ #undef	NO_HIDDEN
+ 
++/* AArch64 big endian ABI */
++#undef HAVE_AARCH64_BE
++
+ 
+ /* Defined to some form of __attribute__ ((...)) if the compiler supports
+    a different, more efficient calling convention.  */
+-- 
+1.9.1
+

meta/recipes-core/glibc/glibc/CVE-2015-7547.patch

@@ -0,0 +1,633 @@
+From: Carlos O'Donell <carlos@systemhalted.org>
+Date: Wed, 17 Feb 2016 02:26:37 +0000 (-0500)
+Subject: CVE-2015-7547: getaddrinfo() stack-based buffer overflow (Bug 18665).
+X-Git-Url: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff_plain;h=16d0a0ce7613552301786bf05d7eba8784b5732c;hp=014eaa22077fd4759083b1a4619ded513a181f92
+
+CVE-2015-7547: getaddrinfo() stack-based buffer overflow (Bug 18665).
+
+* A stack-based buffer overflow was found in libresolv when invoked from
+  libnss_dns, allowing specially crafted DNS responses to seize control
+  of execution flow in the DNS client.  The buffer overflow occurs in
+  the functions send_dg (send datagram) and send_vc (send TCP) for the
+  NSS module libnss_dns.so.2 when calling getaddrinfo with AF_UNSPEC
+  family.  The use of AF_UNSPEC triggers the low-level resolver code to
+  send out two parallel queries for A and AAAA.  A mismanagement of the
+  buffers used for those queries could result in the response of a query
+  writing beyond the alloca allocated buffer created by
+  _nss_dns_gethostbyname4_r.  Buffer management is simplified to remove
+  the overflow.  Thanks to the Google Security Team and Red Hat for
+  reporting the security impact of this issue, and Robert Holiday of
+  Ciena for reporting the related bug 18665. (CVE-2015-7547)
+
+See also:
+https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html
+https://sourceware.org/ml/libc-alpha/2016-02/msg00418.html
+
+(cherry picked from commit e9db92d3acfe1822d56d11abcea5bfc4c41cf6ca)
+
+Upstream-Status: Backport
+CVE: CVE-2015-7547
+---
+
+Index: git/ChangeLog
+===================================================================
+--- git.orig/ChangeLog
++++ git/ChangeLog
+@@ -1,3 +1,18 @@
++2016-02-15  Carlos O'Donell  <carlos@redhat.com>
++
++	[BZ #18665]
++	* resolv/nss_dns/dns-host.c (gaih_getanswer_slice): Always set
++	*herrno_p.
++	(gaih_getanswer): Document functional behviour. Return tryagain
++	if any result is tryagain.
++	* resolv/res_query.c (__libc_res_nsearch): Set buffer size to zero
++	when freed.
++	* resolv/res_send.c: Add copyright text.
++	(__libc_res_nsend): Document that MAXPACKET is expected.
++	(send_vc): Document. Remove buffer reuse.
++	(send_dg): Document. Remove buffer reuse. Set *thisanssizp to set the
++	size of the buffer. Add Dprint for truncated UDP buffer.
++
+ 2015-09-26  Paul Pluzhnikov  <ppluzhnikov@google.com>
+ 
+ 	[BZ #18985]
+Index: git/NEWS
+===================================================================
+--- git.orig/NEWS
++++ git/NEWS
+@@ -27,6 +27,20 @@ Security related changes:
+   17801, 17803, 17806, 17834, 17844, 17848, 17868, 17869, 17870, 17885,
+   17892, 18928, 17905.
+ 
++* A stack-based buffer overflow was found in libresolv when invoked from
++  libnss_dns, allowing specially crafted DNS responses to seize control
++  of execution flow in the DNS client.  The buffer overflow occurs in
++  the functions send_dg (send datagram) and send_vc (send TCP) for the
++  NSS module libnss_dns.so.2 when calling getaddrinfo with AF_UNSPEC
++  family.  The use of AF_UNSPEC triggers the low-level resolver code to
++  send out two parallel queries for A and AAAA.  A mismanagement of the
++  buffers used for those queries could result in the response of a query
++  writing beyond the alloca allocated buffer created by
++  _nss_dns_gethostbyname4_r.  Buffer management is simplified to remove
++  the overflow.  Thanks to the Google Security Team and Red Hat for
++  reporting the security impact of this issue, and Robert Holiday of
++  Ciena for reporting the related bug 18665. (CVE-2015-7547)
++
+ * The LD_POINTER_GUARD environment variable can no longer be used to
+   disable the pointer guard feature.  It is always enabled.
+ 
+Index: git/resolv/nss_dns/dns-host.c
+===================================================================
+--- git.orig/resolv/nss_dns/dns-host.c
++++ git/resolv/nss_dns/dns-host.c
+@@ -1032,7 +1032,10 @@ gaih_getanswer_slice (const querybuf *an
+   int h_namelen = 0;
+ 
+   if (ancount == 0)
+-    return NSS_STATUS_NOTFOUND;
++    {
++      *h_errnop = HOST_NOT_FOUND;
++      return NSS_STATUS_NOTFOUND;
++    }
+ 
+   while (ancount-- > 0 && cp < end_of_message && had_error == 0)
+     {
+@@ -1209,7 +1212,14 @@ gaih_getanswer_slice (const querybuf *an
+   /* Special case here: if the resolver sent a result but it only
+      contains a CNAME while we are looking for a T_A or T_AAAA record,
+      we fail with NOTFOUND instead of TRYAGAIN.  */
+-  return canon == NULL ? NSS_STATUS_TRYAGAIN : NSS_STATUS_NOTFOUND;
++  if (canon != NULL)
++    {
++      *h_errnop = HOST_NOT_FOUND;
++      return NSS_STATUS_NOTFOUND;
++    }
++
++  *h_errnop = NETDB_INTERNAL;
++  return NSS_STATUS_TRYAGAIN;
+ }
+ 
+ 
+@@ -1223,11 +1233,101 @@ gaih_getanswer (const querybuf *answer1,
+ 
+   enum nss_status status = NSS_STATUS_NOTFOUND;
+ 
++  /* Combining the NSS status of two distinct queries requires some
++     compromise and attention to symmetry (A or AAAA queries can be
++     returned in any order).  What follows is a breakdown of how this
++     code is expected to work and why. We discuss only SUCCESS,
++     TRYAGAIN, NOTFOUND and UNAVAIL, since they are the only returns
++     that apply (though RETURN and MERGE exist).  We make a distinction
++     between TRYAGAIN (recoverable) and TRYAGAIN' (not-recoverable).
++     A recoverable TRYAGAIN is almost always due to buffer size issues
++     and returns ERANGE in errno and the caller is expected to retry
++     with a larger buffer.
++
++     Lastly, you may be tempted to make significant changes to the
++     conditions in this code to bring about symmetry between responses.
++     Please don't change anything without due consideration for
++     expected application behaviour.  Some of the synthesized responses
++     aren't very well thought out and sometimes appear to imply that
++     IPv4 responses are always answer 1, and IPv6 responses are always
++     answer 2, but that's not true (see the implementation of send_dg
++     and send_vc to see response can arrive in any order, particularly
++     for UDP). However, we expect it holds roughly enough of the time
++     that this code works, but certainly needs to be fixed to make this
++     a more robust implementation.
++
++     ----------------------------------------------
++     | Answer 1 Status /   | Synthesized | Reason |
++     | Answer 2 Status     | Status      |        |
++     |--------------------------------------------|
++     | SUCCESS/SUCCESS     | SUCCESS     | [1]    |
++     | SUCCESS/TRYAGAIN    | TRYAGAIN    | [5]    |
++     | SUCCESS/TRYAGAIN'   | SUCCESS     | [1]    |
++     | SUCCESS/NOTFOUND    | SUCCESS     | [1]    |
++     | SUCCESS/UNAVAIL     | SUCCESS     | [1]    |
++     | TRYAGAIN/SUCCESS    | TRYAGAIN    | [2]    |
++     | TRYAGAIN/TRYAGAIN   | TRYAGAIN    | [2]    |
++     | TRYAGAIN/TRYAGAIN'  | TRYAGAIN    | [2]    |
++     | TRYAGAIN/NOTFOUND   | TRYAGAIN    | [2]    |
++     | TRYAGAIN/UNAVAIL    | TRYAGAIN    | [2]    |
++     | TRYAGAIN'/SUCCESS   | SUCCESS     | [3]    |
++     | TRYAGAIN'/TRYAGAIN  | TRYAGAIN    | [3]    |
++     | TRYAGAIN'/TRYAGAIN' | TRYAGAIN'   | [3]    |
++     | TRYAGAIN'/NOTFOUND  | TRYAGAIN'   | [3]    |
++     | TRYAGAIN'/UNAVAIL   | UNAVAIL     | [3]    |
++     | NOTFOUND/SUCCESS    | SUCCESS     | [3]    |
++     | NOTFOUND/TRYAGAIN   | TRYAGAIN    | [3]    |
++     | NOTFOUND/TRYAGAIN'  | TRYAGAIN'   | [3]    |
++     | NOTFOUND/NOTFOUND   | NOTFOUND    | [3]    |
++     | NOTFOUND/UNAVAIL    | UNAVAIL     | [3]    |
++     | UNAVAIL/SUCCESS     | UNAVAIL     | [4]    |
++     | UNAVAIL/TRYAGAIN    | UNAVAIL     | [4]    |
++     | UNAVAIL/TRYAGAIN'   | UNAVAIL     | [4]    |
++     | UNAVAIL/NOTFOUND    | UNAVAIL     | [4]    |
++     | UNAVAIL/UNAVAIL     | UNAVAIL     | [4]    |
++     ----------------------------------------------
++
++     [1] If the first response is a success we return success.
++	 This ignores the state of the second answer and in fact
++	 incorrectly sets errno and h_errno to that of the second
++	 answer.  However because the response is a success we ignore
++	 *errnop and *h_errnop (though that means you touched errno on
++	 success).  We are being conservative here and returning the
++	 likely IPv4 response in the first answer as a success.
++
++     [2] If the first response is a recoverable TRYAGAIN we return
++	 that instead of looking at the second response.  The
++	 expectation here is that we have failed to get an IPv4 response
++	 and should retry both queries.
++
++     [3] If the first response was not a SUCCESS and the second
++	 response is not NOTFOUND (had a SUCCESS, need to TRYAGAIN,
++	 or failed entirely e.g. TRYAGAIN' and UNAVAIL) then use the
++	 result from the second response, otherwise the first responses
++	 status is used.  Again we have some odd side-effects when the
++	 second response is NOTFOUND because we overwrite *errnop and
++	 *h_errnop that means that a first answer of NOTFOUND might see
++	 its *errnop and *h_errnop values altered.  Whether it matters
++	 in practice that a first response NOTFOUND has the wrong
++	 *errnop and *h_errnop is undecided.
++
++     [4] If the first response is UNAVAIL we return that instead of
++	 looking at the second response.  The expectation here is that
++	 it will have failed similarly e.g. configuration failure.
++
++     [5] Testing this code is complicated by the fact that truncated
++	 second response buffers might be returned as SUCCESS if the
++	 first answer is a SUCCESS.  To fix this we add symmetry to
++	 TRYAGAIN with the second response.  If the second response
++	 is a recoverable error we now return TRYAGIN even if the first
++	 response was SUCCESS.  */
++
+   if (anslen1 > 0)
+     status = gaih_getanswer_slice(answer1, anslen1, qname,
+ 				  &pat, &buffer, &buflen,
+ 				  errnop, h_errnop, ttlp,
+ 				  &first);
++
+   if ((status == NSS_STATUS_SUCCESS || status == NSS_STATUS_NOTFOUND
+        || (status == NSS_STATUS_TRYAGAIN
+ 	   /* We want to look at the second answer in case of an
+@@ -1243,8 +1343,15 @@ gaih_getanswer (const querybuf *answer1,
+ 						     &pat, &buffer, &buflen,
+ 						     errnop, h_errnop, ttlp,
+ 						     &first);
++      /* Use the second response status in some cases.  */
+       if (status != NSS_STATUS_SUCCESS && status2 != NSS_STATUS_NOTFOUND)
+ 	status = status2;
++      /* Do not return a truncated second response (unless it was
++	 unavoidable e.g. unrecoverable TRYAGAIN).  */
++      if (status == NSS_STATUS_SUCCESS
++	  && (status2 == NSS_STATUS_TRYAGAIN
++	      && *errnop == ERANGE && *h_errnop != NO_RECOVERY))
++	status = NSS_STATUS_TRYAGAIN;
+     }
+ 
+   return status;
+Index: git/resolv/res_query.c
+===================================================================
+--- git.orig/resolv/res_query.c
++++ git/resolv/res_query.c
+@@ -396,6 +396,7 @@ __libc_res_nsearch(res_state statp,
+ 		  {
+ 		    free (*answerp2);
+ 		    *answerp2 = NULL;
++		    *nanswerp2 = 0;
+ 		    *answerp2_malloced = 0;
+ 		  }
+ 	}
+@@ -447,6 +448,7 @@ __libc_res_nsearch(res_state statp,
+ 			  {
+ 			    free (*answerp2);
+ 			    *answerp2 = NULL;
++			    *nanswerp2 = 0;
+ 			    *answerp2_malloced = 0;
+ 			  }
+ 
+@@ -521,6 +523,7 @@ __libc_res_nsearch(res_state statp,
+ 	  {
+ 	    free (*answerp2);
+ 	    *answerp2 = NULL;
++	    *nanswerp2 = 0;
+ 	    *answerp2_malloced = 0;
+ 	  }
+ 	if (saved_herrno != -1)
+Index: git/resolv/res_send.c
+===================================================================
+--- git.orig/resolv/res_send.c
++++ git/resolv/res_send.c
+@@ -1,3 +1,20 @@
++/* Copyright (C) 2016 Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, see
++   <http://www.gnu.org/licenses/>.  */
++
+ /*
+  * Copyright (c) 1985, 1989, 1993
+  *    The Regents of the University of California.  All rights reserved.
+@@ -361,6 +378,8 @@ __libc_res_nsend(res_state statp, const
+ #ifdef USE_HOOKS
+ 	if (__glibc_unlikely (statp->qhook || statp->rhook))       {
+ 		if (anssiz < MAXPACKET && ansp) {
++			/* Always allocate MAXPACKET, callers expect
++			   this specific size.  */
+ 			u_char *buf = malloc (MAXPACKET);
+ 			if (buf == NULL)
+ 				return (-1);
+@@ -660,6 +679,77 @@ libresolv_hidden_def (res_nsend)
+ 
+ /* Private */
+ 
++/* The send_vc function is responsible for sending a DNS query over TCP
++   to the nameserver numbered NS from the res_state STATP i.e.
++   EXT(statp).nssocks[ns].  The function supports sending both IPv4 and
++   IPv6 queries at the same serially on the same socket.
++
++   Please note that for TCP there is no way to disable sending both
++   queries, unlike UDP, which honours RES_SNGLKUP and RES_SNGLKUPREOP
++   and sends the queries serially and waits for the result after each
++   sent query.  This implemetnation should be corrected to honour these
++   options.
++
++   Please also note that for TCP we send both queries over the same
++   socket one after another.  This technically violates best practice
++   since the server is allowed to read the first query, respond, and
++   then close the socket (to service another client).  If the server
++   does this, then the remaining second query in the socket data buffer
++   will cause the server to send the client an RST which will arrive
++   asynchronously and the client's OS will likely tear down the socket
++   receive buffer resulting in a potentially short read and lost
++   response data.  This will force the client to retry the query again,
++   and this process may repeat until all servers and connection resets
++   are exhausted and then the query will fail.  It's not known if this
++   happens with any frequency in real DNS server implementations.  This
++   implementation should be corrected to use two sockets by default for
++   parallel queries.
++
++   The query stored in BUF of BUFLEN length is sent first followed by
++   the query stored in BUF2 of BUFLEN2 length.  Queries are sent
++   serially on the same socket.
++
++   Answers to the query are stored firstly in *ANSP up to a max of
++   *ANSSIZP bytes.  If more than *ANSSIZP bytes are needed and ANSCP
++   is non-NULL (to indicate that modifying the answer buffer is allowed)
++   then malloc is used to allocate a new response buffer and ANSCP and
++   ANSP will both point to the new buffer.  If more than *ANSSIZP bytes
++   are needed but ANSCP is NULL, then as much of the response as
++   possible is read into the buffer, but the results will be truncated.
++   When truncation happens because of a small answer buffer the DNS
++   packets header field TC will bet set to 1, indicating a truncated
++   message and the rest of the socket data will be read and discarded.
++
++   Answers to the query are stored secondly in *ANSP2 up to a max of
++   *ANSSIZP2 bytes, with the actual response length stored in
++   *RESPLEN2.  If more than *ANSSIZP bytes are needed and ANSP2
++   is non-NULL (required for a second query) then malloc is used to
++   allocate a new response buffer, *ANSSIZP2 is set to the new buffer
++   size and *ANSP2_MALLOCED is set to 1.
++
++   The ANSP2_MALLOCED argument will eventually be removed as the
++   change in buffer pointer can be used to detect the buffer has
++   changed and that the caller should use free on the new buffer.
++
++   Note that the answers may arrive in any order from the server and
++   therefore the first and second answer buffers may not correspond to
++   the first and second queries.
++
++   It is not supported to call this function with a non-NULL ANSP2
++   but a NULL ANSCP.  Put another way, you can call send_vc with a
++   single unmodifiable buffer or two modifiable buffers, but no other
++   combination is supported.
++
++   It is the caller's responsibility to free the malloc allocated
++   buffers by detecting that the pointers have changed from their
++   original values i.e. *ANSCP or *ANSP2 has changed.
++
++   If errors are encountered then *TERRNO is set to an appropriate
++   errno value and a zero result is returned for a recoverable error,
++   and a less-than zero result is returned for a non-recoverable error.
++
++   If no errors are encountered then *TERRNO is left unmodified and
++   a the length of the first response in bytes is returned.  */
+ static int
+ send_vc(res_state statp,
+ 	const u_char *buf, int buflen, const u_char *buf2, int buflen2,
+@@ -669,11 +759,7 @@ send_vc(res_state statp,
+ {
+ 	const HEADER *hp = (HEADER *) buf;
+ 	const HEADER *hp2 = (HEADER *) buf2;
+-	u_char *ans = *ansp;
+-	int orig_anssizp = *anssizp;
+-	// XXX REMOVE
+-	// int anssiz = *anssizp;
+-	HEADER *anhp = (HEADER *) ans;
++	HEADER *anhp = (HEADER *) *ansp;
+ 	struct sockaddr_in6 *nsap = EXT(statp).nsaddrs[ns];
+ 	int truncating, connreset, n;
+ 	/* On some architectures compiler might emit a warning indicating
+@@ -766,6 +852,8 @@ send_vc(res_state statp,
+ 	 * Receive length & response
+ 	 */
+ 	int recvresp1 = 0;
++	/* Skip the second response if there is no second query.
++	   To do that we mark the second response as received.  */
+ 	int recvresp2 = buf2 == NULL;
+ 	uint16_t rlen16;
+  read_len:
+@@ -802,40 +890,14 @@ send_vc(res_state statp,
+ 	u_char **thisansp;
+ 	int *thisresplenp;
+ 	if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) {
++		/* We have not received any responses
++		   yet or we only have one response to
++		   receive.  */
+ 		thisanssizp = anssizp;
+ 		thisansp = anscp ?: ansp;
+ 		assert (anscp != NULL || ansp2 == NULL);
+ 		thisresplenp = &resplen;
+ 	} else {
+-		if (*anssizp != MAXPACKET) {
+-			/* No buffer allocated for the first
+-			   reply.  We can try to use the rest
+-			   of the user-provided buffer.  */
+-#if __GNUC_PREREQ (4, 7)
+-			DIAG_PUSH_NEEDS_COMMENT;
+-			DIAG_IGNORE_NEEDS_COMMENT (5, "-Wmaybe-uninitialized");
+-#endif
+-#if _STRING_ARCH_unaligned
+-			*anssizp2 = orig_anssizp - resplen;
+-			*ansp2 = *ansp + resplen;
+-#else
+-			int aligned_resplen
+-			  = ((resplen + __alignof__ (HEADER) - 1)
+-			     & ~(__alignof__ (HEADER) - 1));
+-			*anssizp2 = orig_anssizp - aligned_resplen;
+-			*ansp2 = *ansp + aligned_resplen;
+-#endif
+-#if __GNUC_PREREQ (4, 7)
+-			DIAG_POP_NEEDS_COMMENT;
+-#endif
+-		} else {
+-			/* The first reply did not fit into the
+-			   user-provided buffer.  Maybe the second
+-			   answer will.  */
+-			*anssizp2 = orig_anssizp;
+-			*ansp2 = *ansp;
+-		}
+-
+ 		thisanssizp = anssizp2;
+ 		thisansp = ansp2;
+ 		thisresplenp = resplen2;
+@@ -843,10 +905,14 @@ send_vc(res_state statp,
+ 	anhp = (HEADER *) *thisansp;
+ 
+ 	*thisresplenp = rlen;
+-	if (rlen > *thisanssizp) {
+-		/* Yes, we test ANSCP here.  If we have two buffers
+-		   both will be allocatable.  */
+-		if (__glibc_likely (anscp != NULL))       {
++	/* Is the answer buffer too small?  */
++	if (*thisanssizp < rlen) {
++		/* If the current buffer is not the the static
++		   user-supplied buffer then we can reallocate
++		   it.  */
++		if (thisansp != NULL && thisansp != ansp) {
++			/* Always allocate MAXPACKET, callers expect
++			   this specific size.  */
+ 			u_char *newp = malloc (MAXPACKET);
+ 			if (newp == NULL) {
+ 				*terrno = ENOMEM;
+@@ -858,6 +924,9 @@ send_vc(res_state statp,
+ 			if (thisansp == ansp2)
+ 			  *ansp2_malloced = 1;
+ 			anhp = (HEADER *) newp;
++			/* A uint16_t can't be larger than MAXPACKET
++			   thus it's safe to allocate MAXPACKET but
++			   read RLEN bytes instead.  */
+ 			len = rlen;
+ 		} else {
+ 			Dprint(statp->options & RES_DEBUG,
+@@ -1021,6 +1090,66 @@ reopen (res_state statp, int *terrno, in
+ 	return 1;
+ }
+ 
++/* The send_dg function is responsible for sending a DNS query over UDP
++   to the nameserver numbered NS from the res_state STATP i.e.
++   EXT(statp).nssocks[ns].  The function supports IPv4 and IPv6 queries
++   along with the ability to send the query in parallel for both stacks
++   (default) or serially (RES_SINGLKUP).  It also supports serial lookup
++   with a close and reopen of the socket used to talk to the server
++   (RES_SNGLKUPREOP) to work around broken name servers.
++
++   The query stored in BUF of BUFLEN length is sent first followed by
++   the query stored in BUF2 of BUFLEN2 length.  Queries are sent
++   in parallel (default) or serially (RES_SINGLKUP or RES_SNGLKUPREOP).
++
++   Answers to the query are stored firstly in *ANSP up to a max of
++   *ANSSIZP bytes.  If more than *ANSSIZP bytes are needed and ANSCP
++   is non-NULL (to indicate that modifying the answer buffer is allowed)
++   then malloc is used to allocate a new response buffer and ANSCP and
++   ANSP will both point to the new buffer.  If more than *ANSSIZP bytes
++   are needed but ANSCP is NULL, then as much of the response as
++   possible is read into the buffer, but the results will be truncated.
++   When truncation happens because of a small answer buffer the DNS
++   packets header field TC will bet set to 1, indicating a truncated
++   message, while the rest of the UDP packet is discarded.
++
++   Answers to the query are stored secondly in *ANSP2 up to a max of
++   *ANSSIZP2 bytes, with the actual response length stored in
++   *RESPLEN2.  If more than *ANSSIZP bytes are needed and ANSP2
++   is non-NULL (required for a second query) then malloc is used to
++   allocate a new response buffer, *ANSSIZP2 is set to the new buffer
++   size and *ANSP2_MALLOCED is set to 1.
++
++   The ANSP2_MALLOCED argument will eventually be removed as the
++   change in buffer pointer can be used to detect the buffer has
++   changed and that the caller should use free on the new buffer.
++
++   Note that the answers may arrive in any order from the server and
++   therefore the first and second answer buffers may not correspond to
++   the first and second queries.
++
++   It is not supported to call this function with a non-NULL ANSP2
++   but a NULL ANSCP.  Put another way, you can call send_vc with a
++   single unmodifiable buffer or two modifiable buffers, but no other
++   combination is supported.
++
++   It is the caller's responsibility to free the malloc allocated
++   buffers by detecting that the pointers have changed from their
++   original values i.e. *ANSCP or *ANSP2 has changed.
++
++   If an answer is truncated because of UDP datagram DNS limits then
++   *V_CIRCUIT is set to 1 and the return value non-zero to indicate to
++   the caller to retry with TCP.  The value *GOTSOMEWHERE is set to 1
++   if any progress was made reading a response from the nameserver and
++   is used by the caller to distinguish between ECONNREFUSED and
++   ETIMEDOUT (the latter if *GOTSOMEWHERE is 1).
++
++   If errors are encountered then *TERRNO is set to an appropriate
++   errno value and a zero result is returned for a recoverable error,
++   and a less-than zero result is returned for a non-recoverable error.
++
++   If no errors are encountered then *TERRNO is left unmodified and
++   a the length of the first response in bytes is returned.  */
+ static int
+ send_dg(res_state statp,
+ 	const u_char *buf, int buflen, const u_char *buf2, int buflen2,
+@@ -1030,8 +1159,6 @@ send_dg(res_state statp,
+ {
+ 	const HEADER *hp = (HEADER *) buf;
+ 	const HEADER *hp2 = (HEADER *) buf2;
+-	u_char *ans = *ansp;
+-	int orig_anssizp = *anssizp;
+ 	struct timespec now, timeout, finish;
+ 	struct pollfd pfd[1];
+ 	int ptimeout;
+@@ -1064,6 +1191,8 @@ send_dg(res_state statp,
+ 	int need_recompute = 0;
+ 	int nwritten = 0;
+ 	int recvresp1 = 0;
++	/* Skip the second response if there is no second query.
++	   To do that we mark the second response as received.  */
+ 	int recvresp2 = buf2 == NULL;
+ 	pfd[0].fd = EXT(statp).nssocks[ns];
+ 	pfd[0].events = POLLOUT;
+@@ -1227,55 +1356,56 @@ send_dg(res_state statp,
+ 		int *thisresplenp;
+ 
+ 		if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) {
++			/* We have not received any responses
++			   yet or we only have one response to
++			   receive.  */
+ 			thisanssizp = anssizp;
+ 			thisansp = anscp ?: ansp;
+ 			assert (anscp != NULL || ansp2 == NULL);
+ 			thisresplenp = &resplen;
+ 		} else {
+-			if (*anssizp != MAXPACKET) {
+-				/* No buffer allocated for the first
+-				   reply.  We can try to use the rest
+-				   of the user-provided buffer.  */
+-#if _STRING_ARCH_unaligned
+-				*anssizp2 = orig_anssizp - resplen;
+-				*ansp2 = *ansp + resplen;
+-#else
+-				int aligned_resplen
+-				  = ((resplen + __alignof__ (HEADER) - 1)
+-				     & ~(__alignof__ (HEADER) - 1));
+-				*anssizp2 = orig_anssizp - aligned_resplen;
+-				*ansp2 = *ansp + aligned_resplen;
+-#endif
+-			} else {
+-				/* The first reply did not fit into the
+-				   user-provided buffer.  Maybe the second
+-				   answer will.  */
+-				*anssizp2 = orig_anssizp;
+-				*ansp2 = *ansp;
+-			}
+-
+ 			thisanssizp = anssizp2;
+ 			thisansp = ansp2;
+ 			thisresplenp = resplen2;
+ 		}
+ 
+ 		if (*thisanssizp < MAXPACKET
+-		    /* Yes, we test ANSCP here.  If we have two buffers
+-		       both will be allocatable.  */
+-		    && anscp
++		    /* If the current buffer is not the the static
++		       user-supplied buffer then we can reallocate
++		       it.  */
++		    && (thisansp != NULL && thisansp != ansp)
+ #ifdef FIONREAD
++		    /* Is the size too small?  */
+ 		    && (ioctl (pfd[0].fd, FIONREAD, thisresplenp) < 0
+ 			|| *thisanssizp < *thisresplenp)
+ #endif
+                     ) {
++			/* Always allocate MAXPACKET, callers expect
++			   this specific size.  */
+ 			u_char *newp = malloc (MAXPACKET);
+ 			if (newp != NULL) {
+-				*anssizp = MAXPACKET;
+-				*thisansp = ans = newp;
++				*thisanssizp = MAXPACKET;
++				*thisansp = newp;
+ 				if (thisansp == ansp2)
+ 				  *ansp2_malloced = 1;
+ 			}
+ 		}
++		/* We could end up with truncation if anscp was NULL
++		   (not allowed to change caller's buffer) and the
++		   response buffer size is too small.  This isn't a
++		   reliable way to detect truncation because the ioctl
++		   may be an inaccurate report of the UDP message size.
++		   Therefore we use this only to issue debug output.
++		   To do truncation accurately with UDP we need
++		   MSG_TRUNC which is only available on Linux.  We
++		   can abstract out the Linux-specific feature in the
++		   future to detect truncation.  */
++		if (__glibc_unlikely (*thisanssizp < *thisresplenp)) {
++			Dprint(statp->options & RES_DEBUG,
++			       (stdout, ";; response may be truncated (UDP)\n")
++			);
++		}
++
+ 		HEADER *anhp = (HEADER *) *thisansp;
+ 		socklen_t fromlen = sizeof(struct sockaddr_in6);
+ 		assert (sizeof(from) <= fromlen);

meta/recipes-core/glibc/glibc/CVE-2015-8776.patch

@@ -0,0 +1,155 @@
+From d36c75fc0d44deec29635dd239b0fbd206ca49b7 Mon Sep 17 00:00:00 2001
+From: Paul Pluzhnikov <ppluzhnikov@google.com>
+Date: Sat, 26 Sep 2015 13:27:48 -0700
+Subject: [PATCH] Fix BZ #18985 -- out of range data to strftime() causes a
+ segfault
+
+Upstream-Status: Backport
+CVE: CVE-2015-8776
+[Yocto # 8980]
+
+https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d36c75fc0d44deec29635dd239b0fbd206ca49b7
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ ChangeLog           |  8 ++++++++
+ NEWS                |  2 +-
+ time/strftime_l.c   | 20 +++++++++++++-------
+ time/tst-strftime.c | 52 +++++++++++++++++++++++++++++++++++++++++++++++++++-
+ 4 files changed, 73 insertions(+), 9 deletions(-)
+
+Index: git/ChangeLog
+===================================================================
+--- git.orig/ChangeLog
++++ git/ChangeLog
+@@ -1,3 +1,11 @@
++2015-09-26  Paul Pluzhnikov  <ppluzhnikov@google.com>
++
++	[BZ #18985]
++	* time/strftime_l.c (a_wkday, f_wkday, a_month, f_month): Range check.
++	(__strftime_internal): Likewise.
++	* time/tst-strftime.c (do_bz18985): New test.
++	(do_test): Call it.
++
+ 2015-12-04  Joseph Myers  <joseph@codesourcery.com>
+ 
+ 	[BZ #16961]
+Index: git/time/strftime_l.c
+===================================================================
+--- git.orig/time/strftime_l.c
++++ git/time/strftime_l.c
+@@ -514,13 +514,17 @@ __strftime_internal (s, maxsize, format,
+      only a few elements.  Dereference the pointers only if the format
+      requires this.  Then it is ok to fail if the pointers are invalid.  */
+ # define a_wkday \
+-  ((const CHAR_T *) _NL_CURRENT (LC_TIME, NLW(ABDAY_1) + tp->tm_wday))
++  ((const CHAR_T *) (tp->tm_wday < 0 || tp->tm_wday > 6			     \
++		     ? "?" : _NL_CURRENT (LC_TIME, NLW(ABDAY_1) + tp->tm_wday)))
+ # define f_wkday \
+-  ((const CHAR_T *) _NL_CURRENT (LC_TIME, NLW(DAY_1) + tp->tm_wday))
++  ((const CHAR_T *) (tp->tm_wday < 0 || tp->tm_wday > 6			     \
++		     ? "?" : _NL_CURRENT (LC_TIME, NLW(DAY_1) + tp->tm_wday)))
+ # define a_month \
+-  ((const CHAR_T *) _NL_CURRENT (LC_TIME, NLW(ABMON_1) + tp->tm_mon))
++  ((const CHAR_T *) (tp->tm_mon < 0 || tp->tm_mon > 11			     \
++		     ? "?" : _NL_CURRENT (LC_TIME, NLW(ABMON_1) + tp->tm_mon)))
+ # define f_month \
+-  ((const CHAR_T *) _NL_CURRENT (LC_TIME, NLW(MON_1) + tp->tm_mon))
++  ((const CHAR_T *) (tp->tm_mon < 0 || tp->tm_mon > 11			     \
++		     ? "?" : _NL_CURRENT (LC_TIME, NLW(MON_1) + tp->tm_mon)))
+ # define ampm \
+   ((const CHAR_T *) _NL_CURRENT (LC_TIME, tp->tm_hour > 11		      \
+ 				 ? NLW(PM_STR) : NLW(AM_STR)))
+@@ -530,8 +534,10 @@ __strftime_internal (s, maxsize, format,
+ # define ap_len STRLEN (ampm)
+ #else
+ # if !HAVE_STRFTIME
+-#  define f_wkday (weekday_name[tp->tm_wday])
+-#  define f_month (month_name[tp->tm_mon])
++#  define f_wkday (tp->tm_wday < 0 || tp->tm_wday > 6	\
++		   ? "?" : weekday_name[tp->tm_wday])
++#  define f_month (tp->tm_mon < 0 || tp->tm_mon > 11	\
++		   ? "?" : month_name[tp->tm_mon])
+ #  define a_wkday f_wkday
+ #  define a_month f_month
+ #  define ampm (L_("AMPM") + 2 * (tp->tm_hour > 11))
+@@ -1325,7 +1331,7 @@ __strftime_internal (s, maxsize, format,
+ 		  *tzset_called = true;
+ 		}
+ # endif
+-	      zone = tzname[tp->tm_isdst];
++	      zone = tp->tm_isdst <= 1 ? tzname[tp->tm_isdst] : "?";
+ 	    }
+ #endif
+ 	  if (! zone)
+Index: git/time/tst-strftime.c
+===================================================================
+--- git.orig/time/tst-strftime.c
++++ git/time/tst-strftime.c
+@@ -4,6 +4,56 @@
+ #include <time.h>
+ 
+ 
++static int
++do_bz18985 (void)
++{
++  char buf[1000];
++  struct tm ttm;
++  int rc, ret = 0;
++
++  memset (&ttm, 1, sizeof (ttm));
++  ttm.tm_zone = NULL;  /* Dereferenced directly if non-NULL.  */
++  rc = strftime (buf, sizeof (buf), "%a %A %b %B %c %z %Z", &ttm);
++
++  if (rc == 66)
++    {
++      const char expected[]
++	= "? ? ? ? ? ? 16843009 16843009:16843009:16843009 16844909 +467836 ?";
++      if (0 != strcmp (buf, expected))
++	{
++	  printf ("expected:\n  %s\ngot:\n  %s\n", expected, buf);
++	  ret += 1;
++	}
++    }
++  else
++    {
++      printf ("expected 66, got %d\n", rc);
++      ret += 1;
++    }
++
++  /* Check negative values as well.  */
++  memset (&ttm, 0xFF, sizeof (ttm));
++  ttm.tm_zone = NULL;  /* Dereferenced directly if non-NULL.  */
++  rc = strftime (buf, sizeof (buf), "%a %A %b %B %c %z %Z", &ttm);
++
++  if (rc == 30)
++    {
++      const char expected[] = "? ? ? ? ? ? -1 -1:-1:-1 1899  ";
++      if (0 != strcmp (buf, expected))
++	{
++	  printf ("expected:\n  %s\ngot:\n  %s\n", expected, buf);
++	  ret += 1;
++	}
++    }
++  else
++    {
++      printf ("expected 30, got %d\n", rc);
++      ret += 1;
++    }
++
++  return ret;
++}
++
+ static struct
+ {
+   const char *fmt;
+@@ -104,7 +154,7 @@ do_test (void)
+ 	}
+     }
+ 
+-  return result;
++  return result + do_bz18985 ();
+ }
+ 
+ #define TEST_FUNCTION do_test ()

meta/recipes-core/glibc/glibc/CVE-2015-8777.patch

@@ -0,0 +1,122 @@
+From a014cecd82b71b70a6a843e250e06b541ad524f7 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Thu, 15 Oct 2015 09:23:07 +0200
+Subject: [PATCH] Always enable pointer guard [BZ #18928]
+
+Honoring the LD_POINTER_GUARD environment variable in AT_SECURE mode
+has security implications.  This commit enables pointer guard
+unconditionally, and the environment variable is now ignored.
+
+        [BZ #18928]
+        * sysdeps/generic/ldsodefs.h (struct rtld_global_ro): Remove
+        _dl_pointer_guard member.
+        * elf/rtld.c (_rtld_global_ro): Remove _dl_pointer_guard
+        initializer.
+        (security_init): Always set up pointer guard.
+        (process_envvars): Do not process LD_POINTER_GUARD.
+
+Upstream-Status: Backport
+CVE: CVE-2015-8777
+[Yocto # 8980]
+
+https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=a014cecd82b71b70a6a843e250e06b541ad524f7
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ ChangeLog                  | 10 ++++++++++
+ NEWS                       | 13 ++++++++-----
+ elf/rtld.c                 | 15 ++++-----------
+ sysdeps/generic/ldsodefs.h |  3 ---
+ 4 files changed, 22 insertions(+), 19 deletions(-)
+
+Index: git/elf/rtld.c
+===================================================================
+--- git.orig/elf/rtld.c
++++ git/elf/rtld.c
+@@ -163,7 +163,6 @@ struct rtld_global_ro _rtld_global_ro at
+     ._dl_hwcap_mask = HWCAP_IMPORTANT,
+     ._dl_lazy = 1,
+     ._dl_fpu_control = _FPU_DEFAULT,
+-    ._dl_pointer_guard = 1,
+     ._dl_pagesize = EXEC_PAGESIZE,
+     ._dl_inhibit_cache = 0,
+ 
+@@ -710,15 +709,12 @@ security_init (void)
+ #endif
+ 
+   /* Set up the pointer guard as well, if necessary.  */
+-  if (GLRO(dl_pointer_guard))
+-    {
+-      uintptr_t pointer_chk_guard = _dl_setup_pointer_guard (_dl_random,
+-							     stack_chk_guard);
++  uintptr_t pointer_chk_guard
++    = _dl_setup_pointer_guard (_dl_random, stack_chk_guard);
+ #ifdef THREAD_SET_POINTER_GUARD
+-      THREAD_SET_POINTER_GUARD (pointer_chk_guard);
++  THREAD_SET_POINTER_GUARD (pointer_chk_guard);
+ #endif
+-      __pointer_chk_guard_local = pointer_chk_guard;
+-    }
++  __pointer_chk_guard_local = pointer_chk_guard;
+ 
+   /* We do not need the _dl_random value anymore.  The less
+      information we leave behind, the better, so clear the
+@@ -2478,9 +2474,6 @@ process_envvars (enum mode *modep)
+ 	      GLRO(dl_use_load_bias) = envline[14] == '1' ? -1 : 0;
+ 	      break;
+ 	    }
+-
+-	  if (memcmp (envline, "POINTER_GUARD", 13) == 0)
+-	    GLRO(dl_pointer_guard) = envline[14] != '0';
+ 	  break;
+ 
+ 	case 14:
+Index: git/sysdeps/generic/ldsodefs.h
+===================================================================
+--- git.orig/sysdeps/generic/ldsodefs.h
++++ git/sysdeps/generic/ldsodefs.h
+@@ -590,9 +590,6 @@ struct rtld_global_ro
+   /* List of auditing interfaces.  */
+   struct audit_ifaces *_dl_audit;
+   unsigned int _dl_naudit;
+-
+-  /* 0 if internal pointer values should not be guarded, 1 if they should.  */
+-  EXTERN int _dl_pointer_guard;
+ };
+ # define __rtld_global_attribute__
+ # if IS_IN (rtld)
+Index: git/ChangeLog
+===================================================================
+--- git.orig/ChangeLog
++++ git/ChangeLog
+@@ -1,3 +1,13 @@
++2015-10-15  Florian Weimer  <fweimer@redhat.com>
++
++   [BZ #18928]
++   * sysdeps/generic/ldsodefs.h (struct rtld_global_ro): Remove
++   _dl_pointer_guard member.
++   * elf/rtld.c (_rtld_global_ro): Remove _dl_pointer_guard
++   initializer.
++   (security_init): Always set up pointer guard.
++   (process_envvars): Do not process LD_POINTER_GUARD.
++
+ 2015-02-06  Carlos O'Donell  <carlos@systemhalted.org>
+ 
+ 	* version.h (RELEASE): Set to "stable".
+Index: git/NEWS
+===================================================================
+--- git.orig/NEWS
++++ git/NEWS
+@@ -19,7 +19,10 @@ Version 2.21
+   17722, 17723, 17724, 17725, 17732, 17733, 17744, 17745, 17746, 17747,
+   17748, 17775, 17777, 17780, 17781, 17782, 17791, 17793, 17796, 17797,
+   17801, 17803, 17806, 17834, 17844, 17848, 17868, 17869, 17870, 17885,
+-  17892.
++  17892, 18928.
++
++* The LD_POINTER_GUARD environment variable can no longer be used to
++  disable the pointer guard feature.  It is always enabled.
+ 
+ * CVE-2015-1472 Under certain conditions wscanf can allocate too little
+   memory for the to-be-scanned arguments and overflow the allocated

meta/recipes-core/glibc/glibc/CVE-2015-8779.patch

@@ -0,0 +1,262 @@
+From 0f58539030e436449f79189b6edab17d7479796e Mon Sep 17 00:00:00 2001
+From: Paul Pluzhnikov <ppluzhnikov@google.com>
+Date: Sat, 8 Aug 2015 15:53:03 -0700
+Subject: [PATCH] Fix BZ #17905
+
+Upstream-Status: Backport
+CVE: CVE-2015-8779
+[Yocto # 8980]
+
+https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0f58539030e436449f79189b6edab17d7479796e
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ ChangeLog              |  8 ++++++++
+ NEWS                   |  2 +-
+ catgets/Makefile       |  9 ++++++++-
+ catgets/catgets.c      | 19 ++++++++++++-------
+ catgets/open_catalog.c | 23 ++++++++++++++---------
+ catgets/tst-catgets.c  | 31 +++++++++++++++++++++++++++++++
+ 6 files changed, 74 insertions(+), 18 deletions(-)
+
+Index: git/catgets/Makefile
+===================================================================
+--- git.orig/catgets/Makefile
++++ git/catgets/Makefile
+@@ -37,6 +37,7 @@ ifeq (y,$(OPTION_EGLIBC_CATGETS))
+ ifeq ($(run-built-tests),yes)
+ tests-special += $(objpfx)de/libc.cat $(objpfx)test1.cat $(objpfx)test2.cat \
+ 		 $(objpfx)sample.SJIS.cat $(objpfx)test-gencat.out
++tests-special += $(objpfx)tst-catgets-mem.out
+ endif
+ endif
+ gencat-modules	= xmalloc
+@@ -53,9 +54,11 @@ catgets-CPPFLAGS := -DNLSPATH='"$(msgcat
+ 
+ generated += de.msg test1.cat test1.h test2.cat test2.h sample.SJIS.cat \
+ 	     test-gencat.h
++generated += tst-catgets.mtrace tst-catgets-mem.out
++
+ generated-dirs += de
+ 
+-tst-catgets-ENV = NLSPATH="$(objpfx)%l/%N.cat" LANG=de
++tst-catgets-ENV = NLSPATH="$(objpfx)%l/%N.cat" LANG=de MALLOC_TRACE=$(objpfx)tst-catgets.mtrace
+ 
+ ifeq ($(run-built-tests),yes)
+ # This test just checks whether the program produces any error or not.
+@@ -89,4 +92,8 @@ $(objpfx)test-gencat.out: test-gencat.sh
+ $(objpfx)sample.SJIS.cat: sample.SJIS $(objpfx)gencat
+ 	$(built-program-cmd) -H $(objpfx)test-gencat.h < $(word 1,$^) > $@; \
+ 	$(evaluate-test)
++
++$(objpfx)tst-catgets-mem.out: $(objpfx)tst-catgets.out
++	$(common-objpfx)malloc/mtrace $(objpfx)tst-catgets.mtrace > $@; \
++	$(evaluate-test)
+ endif
+Index: git/catgets/catgets.c
+===================================================================
+--- git.orig/catgets/catgets.c
++++ git/catgets/catgets.c
+@@ -16,7 +16,6 @@
+    License along with the GNU C Library; if not, see
+    <http://www.gnu.org/licenses/>.  */
+ 
+-#include <alloca.h>
+ #include <errno.h>
+ #include <locale.h>
+ #include <nl_types.h>
+@@ -35,6 +34,7 @@ catopen (const char *cat_name, int flag)
+   __nl_catd result;
+   const char *env_var = NULL;
+   const char *nlspath = NULL;
++  char *tmp = NULL;
+ 
+   if (strchr (cat_name, '/') == NULL)
+     {
+@@ -54,7 +54,10 @@ catopen (const char *cat_name, int flag)
+ 	{
+ 	  /* Append the system dependent directory.  */
+ 	  size_t len = strlen (nlspath) + 1 + sizeof NLSPATH;
+-	  char *tmp = alloca (len);
++	  tmp = malloc (len);
++
++	  if (__glibc_unlikely (tmp == NULL))
++	    return (nl_catd) -1;
+ 
+ 	  __stpcpy (__stpcpy (__stpcpy (tmp, nlspath), ":"), NLSPATH);
+ 	  nlspath = tmp;
+@@ -65,16 +68,18 @@ catopen (const char *cat_name, int flag)
+ 
+   result = (__nl_catd) malloc (sizeof (*result));
+   if (result == NULL)
+-    /* We cannot get enough memory.  */
+-    return (nl_catd) -1;
+-
+-  if (__open_catalog (cat_name, nlspath, env_var, result) != 0)
++    {
++      /* We cannot get enough memory.  */
++      result = (nl_catd) -1;
++    }
++  else if (__open_catalog (cat_name, nlspath, env_var, result) != 0)
+     {
+       /* Couldn't open the file.  */
+       free ((void *) result);
+-      return (nl_catd) -1;
++      result = (nl_catd) -1;
+     }
+ 
++  free (tmp);
+   return (nl_catd) result;
+ }
+ 
+Index: git/catgets/open_catalog.c
+===================================================================
+--- git.orig/catgets/open_catalog.c
++++ git/catgets/open_catalog.c
+@@ -47,6 +47,7 @@ __open_catalog (const char *cat_name, co
+   size_t tab_size;
+   const char *lastp;
+   int result = -1;
++  char *buf = NULL;
+ 
+   if (strchr (cat_name, '/') != NULL || nlspath == NULL)
+     fd = open_not_cancel_2 (cat_name, O_RDONLY);
+@@ -57,23 +58,23 @@ __open_catalog (const char *cat_name, co
+   if (__glibc_unlikely (bufact + (n) >= bufmax))			      \
+     {									      \
+       char *old_buf = buf;						      \
+-      bufmax += 256 + (n);						      \
+-      buf = (char *) alloca (bufmax);					      \
+-      memcpy (buf, old_buf, bufact);					      \
++      bufmax += (bufmax < 256 + (n)) ? 256 + (n) : bufmax;		      \
++      buf = realloc (buf, bufmax);					      \
++      if (__glibc_unlikely (buf == NULL))				      \
++	{								      \
++	  free (old_buf);						      \
++	  return -1;							      \
++	}								      \
+     }
+ 
+       /* The RUN_NLSPATH variable contains a colon separated list of
+ 	 descriptions where we expect to find catalogs.  We have to
+ 	 recognize certain % substitutions and stop when we found the
+ 	 first existing file.  */
+-      char *buf;
+       size_t bufact;
+-      size_t bufmax;
++      size_t bufmax = 0;
+       size_t len;
+ 
+-      buf = NULL;
+-      bufmax = 0;
+-
+       fd = -1;
+       while (*run_nlspath != '\0')
+ 	{
+@@ -188,7 +189,10 @@ __open_catalog (const char *cat_name, co
+ 
+   /* Avoid dealing with directories and block devices */
+   if (__builtin_expect (fd, 0) < 0)
+-    return -1;
++    {
++      free (buf);
++      return -1;
++    }
+ 
+   if (__builtin_expect (__fxstat64 (_STAT_VER, fd, &st), 0) < 0)
+     goto close_unlock_return;
+@@ -325,6 +329,7 @@ __open_catalog (const char *cat_name, co
+   /* Release the lock again.  */
+  close_unlock_return:
+   close_not_cancel_no_status (fd);
++  free (buf);
+ 
+   return result;
+ }
+Index: git/catgets/tst-catgets.c
+===================================================================
+--- git.orig/catgets/tst-catgets.c
++++ git/catgets/tst-catgets.c
+@@ -1,7 +1,10 @@
++#include <assert.h>
+ #include <mcheck.h>
+ #include <nl_types.h>
+ #include <stdio.h>
++#include <stdlib.h>
+ #include <string.h>
++#include <sys/resource.h>
+ 
+ 
+ static const char *msgs[] =
+@@ -12,6 +15,33 @@ static const char *msgs[] =
+ };
+ #define nmsgs (sizeof (msgs) / sizeof (msgs[0]))
+ 
++
++/* Test for unbounded alloca.  */
++static int
++do_bz17905 (void)
++{
++  char *buf;
++  struct rlimit rl;
++  nl_catd result;
++
++  const int sz = 1024 * 1024;
++
++  getrlimit (RLIMIT_STACK, &rl);
++  rl.rlim_cur = sz;
++  setrlimit (RLIMIT_STACK, &rl);
++
++  buf = malloc (sz + 1); 
++  memset (buf, 'A', sz);
++  buf[sz] = '\0';
++  setenv ("NLSPATH", buf, 1);
++
++  result = catopen (buf, NL_CAT_LOCALE);
++  assert (result == (nl_catd) -1);
++
++  free (buf);
++  return 0;
++}
++
+ #define ROUNDS 5
+ 
+ static int
+@@ -62,6 +92,7 @@ do_test (void)
+ 	}
+     }
+ 
++  result += do_bz17905 ();
+   return result;
+ }
+ 
+Index: git/ChangeLog
+===================================================================
+--- git.orig/ChangeLog
++++ git/ChangeLog
+@@ -1,3 +1,11 @@
++2015-08-08  Paul Pluzhnikov  <ppluzhnikov@google.com>
++
++   [BZ #17905]
++   * catgets/Makefile (tst-catgets-mem): New test.
++   * catgets/catgets.c (catopen): Don't use unbounded alloca.
++   * catgets/open_catalog.c (__open_catalog): Likewise.
++   * catgets/tst-catgets.c (do_bz17905): Test unbounded alloca.
++
+ 2015-10-15  Florian Weimer  <fweimer@redhat.com>
+ 
+    [BZ #18928]
+Index: git/NEWS
+===================================================================
+--- git.orig/NEWS
++++ git/NEWS
+@@ -19,7 +19,7 @@ Version 2.21
+   17722, 17723, 17724, 17725, 17732, 17733, 17744, 17745, 17746, 17747,
+   17748, 17775, 17777, 17780, 17781, 17782, 17791, 17793, 17796, 17797,
+   17801, 17803, 17806, 17834, 17844, 17848, 17868, 17869, 17870, 17885,
+-  17892, 18928.
++  17892, 18928, 17905.
+ 
+ * The LD_POINTER_GUARD environment variable can no longer be used to
+   disable the pointer guard feature.  It is always enabled.

meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch

@@ -0,0 +1,388 @@
+From 8f5e8b01a1da2a207228f2072c934fa5918554b8 Mon Sep 17 00:00:00 2001
+From: Joseph Myers <joseph@codesourcery.com>
+Date: Fri, 4 Dec 2015 20:36:28 +0000
+Subject: [PATCH] Fix nan functions handling of payload strings (bug 16961, bug
+ 16962).
+
+The nan, nanf and nanl functions handle payload strings by doing e.g.:
+
+  if (tagp[0] != '\0')
+    {
+      char buf[6 + strlen (tagp)];
+      sprintf (buf, "NAN(%s)", tagp);
+      return strtod (buf, NULL);
+    }
+
+This is an unbounded stack allocation based on the length of the
+argument.  Furthermore, if the argument starts with an n-char-sequence
+followed by ')', that n-char-sequence is wrongly treated as
+significant for determining the payload of the resulting NaN, when ISO
+C says the call should be equivalent to strtod ("NAN", NULL), without
+being affected by that initial n-char-sequence.  This patch fixes both
+those problems by using the __strtod_nan etc. functions recently
+factored out of strtod etc. for that purpose, with those functions
+being exported from libc at version GLIBC_PRIVATE.
+
+Tested for x86_64, x86, mips64 and powerpc.
+
+	[BZ #16961]
+	[BZ #16962]
+	* math/s_nan.c (__nan): Use __strtod_nan instead of constructing a
+	string on the stack for strtod.
+	* math/s_nanf.c (__nanf): Use __strtof_nan instead of constructing
+	a string on the stack for strtof.
+	* math/s_nanl.c (__nanl): Use __strtold_nan instead of
+	constructing a string on the stack for strtold.
+	* stdlib/Versions (libc): Add __strtof_nan, __strtod_nan and
+	__strtold_nan to GLIBC_PRIVATE.
+	* math/test-nan-overflow.c: New file.
+	* math/test-nan-payload.c: Likewise.
+	* math/Makefile (tests): Add test-nan-overflow and
+	test-nan-payload.
+
+Upstream-Status: Backport
+CVE: CVE-2015-9761 patch #2
+[Yocto # 8980]
+
+https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8f5e8b01a1da2a207228f2072c934fa5918554b8
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ ChangeLog                |  17 +++++++
+ NEWS                     |   6 +++
+ math/Makefile            |   3 +-
+ math/s_nan.c             |   9 +---
+ math/s_nanf.c            |   9 +---
+ math/s_nanl.c            |   9 +---
+ math/test-nan-overflow.c |  66 +++++++++++++++++++++++++
+ math/test-nan-payload.c  | 122 +++++++++++++++++++++++++++++++++++++++++++++++
+ stdlib/Versions          |   1 +
+ 9 files changed, 217 insertions(+), 25 deletions(-)
+ create mode 100644 math/test-nan-overflow.c
+ create mode 100644 math/test-nan-payload.c
+
+Index: git/ChangeLog
+===================================================================
+--- git.orig/ChangeLog
++++ git/ChangeLog
+@@ -1,3 +1,20 @@
++2015-12-04  Joseph Myers  <joseph@codesourcery.com>
++
++	[BZ #16961]
++	[BZ #16962]
++	* math/s_nan.c (__nan): Use __strtod_nan instead of constructing a
++	string on the stack for strtod.
++	* math/s_nanf.c (__nanf): Use __strtof_nan instead of constructing
++	a string on the stack for strtof.
++	* math/s_nanl.c (__nanl): Use __strtold_nan instead of
++	constructing a string on the stack for strtold.
++	* stdlib/Versions (libc): Add __strtof_nan, __strtod_nan and
++	__strtold_nan to GLIBC_PRIVATE.
++	* math/test-nan-overflow.c: New file.
++	* math/test-nan-payload.c: Likewise.
++	* math/Makefile (tests): Add test-nan-overflow and
++	test-nan-payload.
++
+ 2015-11-24  Joseph Myers  <joseph@codesourcery.com>
+  
+ 	* stdlib/strtod_nan.c: New file.
+Index: git/NEWS
+===================================================================
+--- git.orig/NEWS
++++ git/NEWS
+@@ -7,6 +7,12 @@ using `glibc' in the "product" field.
+ 
+ Version 2.21
+ 
++Security related changes:
++
++* The nan, nanf and nanl functions no longer have unbounded stack usage
++  depending on the length of the string passed as an argument to the
++  functions.  Reported by Joseph Myers.
++
+ * The following bugs are resolved with this release:
+ 
+   6652, 10672, 12674, 12847, 12926, 13862, 14132, 14138, 14171, 14498,
+Index: git/math/s_nan.c
+===================================================================
+--- git.orig/math/s_nan.c
++++ git/math/s_nan.c
+@@ -28,14 +28,7 @@
+ double
+ __nan (const char *tagp)
+ {
+-  if (tagp[0] != '\0')
+-    {
+-      char buf[6 + strlen (tagp)];
+-      sprintf (buf, "NAN(%s)", tagp);
+-      return strtod (buf, NULL);
+-    }
+-
+-  return NAN;
++  return __strtod_nan (tagp, NULL, 0);
+ }
+ weak_alias (__nan, nan)
+ #ifdef NO_LONG_DOUBLE
+Index: git/math/s_nanf.c
+===================================================================
+--- git.orig/math/s_nanf.c
++++ git/math/s_nanf.c
+@@ -28,13 +28,6 @@
+ float
+ __nanf (const char *tagp)
+ {
+-  if (tagp[0] != '\0')
+-    {
+-      char buf[6 + strlen (tagp)];
+-      sprintf (buf, "NAN(%s)", tagp);
+-      return strtof (buf, NULL);
+-    }
+-
+-  return NAN;
++  return __strtof_nan (tagp, NULL, 0);
+ }
+ weak_alias (__nanf, nanf)
+Index: git/math/s_nanl.c
+===================================================================
+--- git.orig/math/s_nanl.c
++++ git/math/s_nanl.c
+@@ -28,13 +28,6 @@
+ long double
+ __nanl (const char *tagp)
+ {
+-  if (tagp[0] != '\0')
+-    {
+-      char buf[6 + strlen (tagp)];
+-      sprintf (buf, "NAN(%s)", tagp);
+-      return strtold (buf, NULL);
+-    }
+-
+-  return NAN;
++  return __strtold_nan (tagp, NULL, 0);
+ }
+ weak_alias (__nanl, nanl)
+Index: git/math/test-nan-overflow.c
+===================================================================
+--- /dev/null
++++ git/math/test-nan-overflow.c
+@@ -0,0 +1,66 @@
++/* Test nan functions stack overflow (bug 16962).
++   Copyright (C) 2015 Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, see
++   <http://www.gnu.org/licenses/>.  */
++
++#include <math.h>
++#include <stdio.h>
++#include <string.h>
++#include <sys/resource.h>
++
++#define STACK_LIM 1048576
++#define STRING_SIZE (2 * STACK_LIM)
++
++static int
++do_test (void)
++{
++  int result = 0;
++  struct rlimit lim;
++  getrlimit (RLIMIT_STACK, &lim);
++  lim.rlim_cur = STACK_LIM;
++  setrlimit (RLIMIT_STACK, &lim);
++  char *nanstr = malloc (STRING_SIZE);
++  if (nanstr == NULL)
++    {
++      puts ("malloc failed, cannot test");
++      return 77;
++    }
++  memset (nanstr, '0', STRING_SIZE - 1);
++  nanstr[STRING_SIZE - 1] = 0;
++#define NAN_TEST(TYPE, FUNC)			\
++  do						\
++    {						\
++      char *volatile p = nanstr;		\
++      volatile TYPE v = FUNC (p);		\
++      if (isnan (v))				\
++	puts ("PASS: " #FUNC);			\
++      else					\
++	{					\
++	  puts ("FAIL: " #FUNC);		\
++	  result = 1;				\
++	}					\
++    }						\
++  while (0)
++  NAN_TEST (float, nanf);
++  NAN_TEST (double, nan);
++#ifndef NO_LONG_DOUBLE
++  NAN_TEST (long double, nanl);
++#endif
++  return result;
++}
++
++#define TEST_FUNCTION do_test ()
++#include "../test-skeleton.c"
+Index: git/math/test-nan-payload.c
+===================================================================
+--- /dev/null
++++ git/math/test-nan-payload.c
+@@ -0,0 +1,122 @@
++/* Test nan functions payload handling (bug 16961).
++   Copyright (C) 2015 Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, see
++   <http://www.gnu.org/licenses/>.  */
++
++#include <float.h>
++#include <math.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++
++/* Avoid built-in functions.  */
++#define WRAP_NAN(FUNC, STR) \
++  ({ const char *volatile wns = (STR); FUNC (wns); })
++#define WRAP_STRTO(FUNC, STR) \
++  ({ const char *volatile wss = (STR); FUNC (wss, NULL); })
++
++#define CHECK_IS_NAN(TYPE, A)			\
++  do						\
++    {						\
++      if (isnan (A))				\
++	puts ("PASS: " #TYPE " " #A);		\
++      else					\
++	{					\
++	  puts ("FAIL: " #TYPE " " #A);		\
++	  result = 1;				\
++	}					\
++    }						\
++  while (0)
++
++#define CHECK_SAME_NAN(TYPE, A, B)			\
++  do							\
++    {							\
++      if (memcmp (&(A), &(B), sizeof (A)) == 0)		\
++	puts ("PASS: " #TYPE " " #A " = " #B);		\
++      else						\
++	{						\
++	  puts ("FAIL: " #TYPE " " #A " = " #B);	\
++	  result = 1;					\
++	}						\
++    }							\
++  while (0)
++
++#define CHECK_DIFF_NAN(TYPE, A, B)			\
++  do							\
++    {							\
++      if (memcmp (&(A), &(B), sizeof (A)) != 0)		\
++	puts ("PASS: " #TYPE " " #A " != " #B);		\
++      else						\
++	{						\
++	  puts ("FAIL: " #TYPE " " #A " != " #B);	\
++	  result = 1;					\
++	}						\
++    }							\
++  while (0)
++
++/* Cannot test payloads by memcmp for formats where NaNs have padding
++   bits.  */
++#define CAN_TEST_EQ(MANT_DIG) ((MANT_DIG) != 64 && (MANT_DIG) != 106)
++
++#define RUN_TESTS(TYPE, SFUNC, FUNC, MANT_DIG)		\
++  do							\
++    {							\
++     TYPE n123 = WRAP_NAN (FUNC, "123");		\
++     CHECK_IS_NAN (TYPE, n123);				\
++     TYPE s123 = WRAP_STRTO (SFUNC, "NAN(123)");	\
++     CHECK_IS_NAN (TYPE, s123);				\
++     TYPE n456 = WRAP_NAN (FUNC, "456");		\
++     CHECK_IS_NAN (TYPE, n456);				\
++     TYPE s456 = WRAP_STRTO (SFUNC, "NAN(456)");	\
++     CHECK_IS_NAN (TYPE, s456);				\
++     TYPE n123x = WRAP_NAN (FUNC, "123)");		\
++     CHECK_IS_NAN (TYPE, n123x);			\
++     TYPE nemp = WRAP_NAN (FUNC, "");			\
++     CHECK_IS_NAN (TYPE, nemp);				\
++     TYPE semp = WRAP_STRTO (SFUNC, "NAN()");		\
++     CHECK_IS_NAN (TYPE, semp);				\
++     TYPE sx = WRAP_STRTO (SFUNC, "NAN");		\
++     CHECK_IS_NAN (TYPE, sx);				\
++     if (CAN_TEST_EQ (MANT_DIG))			\
++       CHECK_SAME_NAN (TYPE, n123, s123);		\
++     if (CAN_TEST_EQ (MANT_DIG))			\
++       CHECK_SAME_NAN (TYPE, n456, s456);		\
++     if (CAN_TEST_EQ (MANT_DIG))			\
++       CHECK_SAME_NAN (TYPE, nemp, semp);		\
++     if (CAN_TEST_EQ (MANT_DIG))			\
++       CHECK_SAME_NAN (TYPE, n123x, sx);		\
++     CHECK_DIFF_NAN (TYPE, n123, n456);			\
++     CHECK_DIFF_NAN (TYPE, n123, nemp);			\
++     CHECK_DIFF_NAN (TYPE, n123, n123x);		\
++     CHECK_DIFF_NAN (TYPE, n456, nemp);			\
++     CHECK_DIFF_NAN (TYPE, n456, n123x);		\
++    }							\
++  while (0)
++
++static int
++do_test (void)
++{
++  int result = 0;
++  RUN_TESTS (float, strtof, nanf, FLT_MANT_DIG);
++  RUN_TESTS (double, strtod, nan, DBL_MANT_DIG);
++#ifndef NO_LONG_DOUBLE
++  RUN_TESTS (long double, strtold, nanl, LDBL_MANT_DIG);
++#endif
++  return result;
++}
++
++#define TEST_FUNCTION do_test ()
++#include "../test-skeleton.c"
+Index: git/stdlib/Versions
+===================================================================
+--- git.orig/stdlib/Versions
++++ git/stdlib/Versions
+@@ -118,5 +118,6 @@ libc {
+     # Used from other libraries
+     __libc_secure_getenv;
+     __call_tls_dtors;
++    __strtof_nan; __strtod_nan; __strtold_nan;
+   }
+ }
+Index: git/math/Makefile
+===================================================================
+--- git.orig/math/Makefile
++++ git/math/Makefile
+@@ -92,7 +92,9 @@ tests = test-matherr test-fenv atest-exp
+ 	test-misc test-fpucw test-fpucw-ieee tst-definitions test-tgmath \
+ 	test-tgmath-ret bug-nextafter bug-nexttoward bug-tgmath1 \
+ 	test-tgmath-int test-tgmath2 test-powl tst-CMPLX tst-CMPLX2 test-snan \
+-	test-fenv-tls test-fenv-preserve test-fenv-return $(tests-static)
++	test-fenv-tls test-fenv-preserve test-fenv-return \
++    test-nan-overflow test-nan-payload \
++    $(tests-static)
+ tests-static = test-fpucw-static test-fpucw-ieee-static
+ # We do the `long double' tests only if this data type is available and
+ # distinct from `double'.

meta/recipes-core/glibc/glibc_2.21.bb

@@ -30,6 +30,7 @@ SRC_URI = "git://sourceware.org/git/glibc.git;branch=${BRANCH} \
            file://Fix-__memcpy_chk-on-non-SSE2-CPUs.patch \
            ${EGLIBCPATCHES} \
            ${CVEPATCHES} \
+           file://AArch64-Fix-the-big-endian-loader-name.patch \
           "
 EGLIBCPATCHES = "\
            file://timezone-re-written-tzselect-as-posix-sh.patch \
@@ -47,6 +48,12 @@ EGLIBCPATCHES = "\
 #
 CVEPATCHES = "\
         file://CVE-2015-1781-resolv-nss_dns-dns-host.c-buffer-overf.patch \
+        file://CVE-2015-8777.patch \
+        file://CVE-2015-8779.patch \
+        file://CVE-2015-9761_1.patch \
+        file://CVE-2015-9761_2.patch \
+        file://CVE-2015-8776.patch \
+        file://CVE-2015-7547.patch \
 "
 
 LIC_FILES_CHKSUM = "file://LICENSES;md5=e9a558e243b36d3209f380deb394b213 \

meta/recipes-core/images/build-appliance-image_12.0.1.bb

@@ -21,7 +21,7 @@ IMAGE_FSTYPES = "vmdk"
 
 inherit core-image
 
-SRCREV ?= "963a0c2f76bd93f44df39c7476df01cef30a2731"
+SRCREV ?= "e6b06016bcad22d79ad67cc8193af490027c2dd0"
 SRC_URI = "git://git.yoctoproject.org/poky;branch=fido \
            file://Yocto_Build_Appliance.vmx \
            file://Yocto_Build_Appliance.vmxf \

meta/recipes-core/initrdscripts/files/init-install-efi.sh

@@ -97,7 +97,11 @@ rm -f /etc/udev/scripts/mount*
 umount /dev/${device}* 2> /dev/null || /bin/true
 
 mkdir -p /tmp
-cat /proc/mounts > /etc/mtab
+
+# Create /etc/mtab if not present
+if [ ! -e /etc/mtab ]; then
+    cat /proc/mounts > /etc/mtab
+fi
 
 disk_size=$(parted /dev/${device} unit mb print | grep Disk | cut -d" " -f 3 | sed -e "s/MB//")
 

meta/recipes-core/libxml/libxml2.inc

@@ -23,6 +23,22 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
            file://libxml-m4-use-pkgconfig.patch \
            file://configure.ac-fix-cross-compiling-warning.patch \
            file://0001-CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch \
+           file://CVE-2015-7941-1-Stop-parsing-on-entities-boundaries-errors.patch \
+           file://CVE-2015-7941-2-Cleanup-conditional-section-error-handling.patch \
+           file://CVE-2015-8317-Fail-parsing-early-on-if-encoding-conversion-failed.patch \
+           file://CVE-2015-7942-Another-variation-of-overflow-in-Conditional-section.patch \
+           file://CVE-2015-7942-2-Fix-an-error-in-previous-Conditional-section-patch.patch \
+           file://0001-CVE-2015-8035-Fix-XZ-compression-support-loop.patch \
+           file://CVE-2015-7498-Avoid-processing-entities-after-encoding-conversion-.patch \
+           file://0001-CVE-2015-7497-Avoid-an-heap-buffer-overflow-in-xmlDi.patch \
+           file://CVE-2015-7499-1-Add-xmlHaltParser-to-stop-the-parser.patch \
+           file://CVE-2015-7499-2-Detect-incoherency-on-GROW.patch \
+           file://0001-Fix-a-bug-on-name-parsing-at-the-end-of-current-inpu.patch \
+           file://0001-CVE-2015-7500-Fix-memory-access-error-due-to-incorre.patch \
+           file://0001-CVE-2015-8242-Buffer-overead-with-HTML-parser-in-pus.patch \
+           file://0001-CVE-2015-5312-Another-entity-expansion-issue.patch \
+           file://CVE-2015-8241.patch \
+           file://CVE-2015-8710.patch \
           "
 
 BINCONFIG = "${bindir}/xml2-config"

meta/recipes-core/libxml/libxml2/0001-CVE-2015-5312-Another-entity-expansion-issue.patch

@@ -0,0 +1,39 @@
+From 69030714cde66d525a8884bda01b9e8f0abf8e1e Mon Sep 17 00:00:00 2001
+From: David Drysdale <drysdale@google.com>
+Date: Fri, 20 Nov 2015 11:13:45 +0800
+Subject: [PATCH] CVE-2015-5312 Another entity expansion issue
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=756733
+It is one case where the code in place to detect entities expansions
+failed to exit when the situation was detected, leading to DoS
+Problem reported by Kostya Serebryany @ Google
+Patch provided by David Drysdale @ Google
+
+Upstream-Status: Backport
+
+CVE-2015-5312
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ parser.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/parser.c b/parser.c
+index b7b6668..da6e729 100644
+--- a/parser.c
++++ b/parser.c
+@@ -2806,6 +2806,10 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
+ 			                      0, 0, 0);
+ 		ctxt->depth--;
+ 
++		if ((ctxt->lastError.code == XML_ERR_ENTITY_LOOP) ||
++		    (ctxt->lastError.code == XML_ERR_INTERNAL_ERROR))
++		    goto int_error;
++
+ 		if (rep != NULL) {
+ 		    current = rep;
+ 		    while (*current != 0) { /* non input consuming loop */
+-- 
+2.3.5
+

meta/recipes-core/libxml/libxml2/0001-CVE-2015-7497-Avoid-an-heap-buffer-overflow-in-xmlDi.patch

@@ -0,0 +1,40 @@
+From 6360a31a84efe69d155ed96306b9a931a40beab9 Mon Sep 17 00:00:00 2001
+From: David Drysdale <drysdale@google.com>
+Date: Fri, 20 Nov 2015 10:47:12 +0800
+Subject: [PATCH] CVE-2015-7497 Avoid an heap buffer overflow in
+ xmlDictComputeFastQKey
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=756528
+It was possible to hit a negative offset in the name indexing
+used to randomize the dictionary key generation
+Reported and fix provided by David Drysdale @ Google
+
+Upstream-Status: Backport
+
+CVE-2015-7497
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ dict.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/dict.c b/dict.c
+index 5f71d55..8c8f931 100644
+--- a/dict.c
++++ b/dict.c
+@@ -486,7 +486,10 @@ xmlDictComputeFastQKey(const xmlChar *prefix, int plen,
+ 	value += 30 * (*prefix);
+ 
+     if (len > 10) {
+-        value += name[len - (plen + 1 + 1)];
++        int offset = len - (plen + 1 + 1);
++	if (offset < 0)
++	    offset = len - (10 + 1);
++	value += name[offset];
+         len = 10;
+ 	if (plen > 10)
+ 	    plen = 10;
+-- 
+2.3.5
+

meta/recipes-core/libxml/libxml2/0001-CVE-2015-7500-Fix-memory-access-error-due-to-incorre.patch

@@ -0,0 +1,131 @@
+From f1063fdbe7fa66332bbb76874101c2a7b51b519f Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Fri, 20 Nov 2015 16:06:59 +0800
+Subject: [PATCH] CVE-2015-7500 Fix memory access error due to incorrect
+ entities boundaries
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=756525
+handle properly the case where we popped out of the current entity
+while processing a start tag
+Reported by Kostya Serebryany @ Google
+
+This slightly modifies the output of 754946 in regression tests
+
+Upstream-Status: Backport
+
+CVE-2015-7500
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ parser.c                     | 28 ++++++++++++++++++++++------
+ result/errors/754946.xml.err |  7 +++++--
+ 2 files changed, 27 insertions(+), 8 deletions(-)
+
+diff --git a/parser.c b/parser.c
+index c7e4574..c5741e3 100644
+--- a/parser.c
++++ b/parser.c
+@@ -9348,7 +9348,7 @@ xmlParseStartTag2(xmlParserCtxtPtr ctxt, const xmlChar **pref,
+     const xmlChar **atts = ctxt->atts;
+     int maxatts = ctxt->maxatts;
+     int nratts, nbatts, nbdef;
+-    int i, j, nbNs, attval, oldline, oldcol;
++    int i, j, nbNs, attval, oldline, oldcol, inputNr;
+     const xmlChar *base;
+     unsigned long cur;
+     int nsNr = ctxt->nsNr;
+@@ -9367,6 +9367,7 @@ reparse:
+     SHRINK;
+     base = ctxt->input->base;
+     cur = ctxt->input->cur - ctxt->input->base;
++    inputNr = ctxt->inputNr;
+     oldline = ctxt->input->line;
+     oldcol = ctxt->input->col;
+     nbatts = 0;
+@@ -9392,7 +9393,8 @@ reparse:
+      */
+     SKIP_BLANKS;
+     GROW;
+-    if (ctxt->input->base != base) goto base_changed;
++    if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
++        goto base_changed;
+ 
+     while (((RAW != '>') &&
+ 	   ((RAW != '/') || (NXT(1) != '>')) &&
+@@ -9403,7 +9405,7 @@ reparse:
+ 
+ 	attname = xmlParseAttribute2(ctxt, prefix, localname,
+ 	                             &aprefix, &attvalue, &len, &alloc);
+-	if (ctxt->input->base != base) {
++	if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr)) {
+ 	    if ((attvalue != NULL) && (alloc != 0))
+ 	        xmlFree(attvalue);
+ 	    attvalue = NULL;
+@@ -9552,7 +9554,8 @@ skip_ns:
+ 		    break;
+ 		}
+ 		SKIP_BLANKS;
+-		if (ctxt->input->base != base) goto base_changed;
++		if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
++		    goto base_changed;
+ 		continue;
+ 	    }
+ 
+@@ -9589,7 +9592,8 @@ failed:
+ 	GROW
+         if (ctxt->instate == XML_PARSER_EOF)
+             break;
+-	if (ctxt->input->base != base) goto base_changed;
++	if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
++	    goto base_changed;
+ 	if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
+ 	    break;
+ 	if (!IS_BLANK_CH(RAW)) {
+@@ -9605,7 +9609,8 @@ failed:
+ 	    break;
+ 	}
+         GROW;
+-	if (ctxt->input->base != base) goto base_changed;
++	if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
++	    goto base_changed;
+     }
+ 
+     /*
+@@ -9772,6 +9777,17 @@ base_changed:
+ 	    if ((ctxt->attallocs[j] != 0) && (atts[i] != NULL))
+ 	        xmlFree((xmlChar *) atts[i]);
+     }
++
++    /*
++     * We can't switch from one entity to another in the middle
++     * of a start tag
++     */
++    if (inputNr != ctxt->inputNr) {
++        xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_BOUNDARY,
++		    "Start tag doesn't start and stop in the same entity\n");
++	return(NULL);
++    }
++
+     ctxt->input->cur = ctxt->input->base + cur;
+     ctxt->input->line = oldline;
+     ctxt->input->col = oldcol;
+diff --git a/result/errors/754946.xml.err b/result/errors/754946.xml.err
+index 423dff5..a75088b 100644
+--- a/result/errors/754946.xml.err
++++ b/result/errors/754946.xml.err
+@@ -11,6 +11,9 @@ Entity: line 1: parser error : DOCTYPE improperly terminated
+ Entity: line 1: 
+ A<lbbbbbbbbbbbbbbbbbbb_
+ ^
++./test/errors/754946.xml:1: parser error : Start tag doesn't start and stop in the same entity
++>%SYSTEM;<![
++         ^
+ ./test/errors/754946.xml:1: parser error : Extra content at the end of the document
+-<!DOCTYPEA[<!ENTITY %
+-  ^
++>%SYSTEM;<![
++         ^
+-- 
+2.3.5
+

meta/recipes-core/libxml/libxml2/0001-CVE-2015-8035-Fix-XZ-compression-support-loop.patch

@@ -0,0 +1,38 @@
+From f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Tue, 3 Nov 2015 15:31:25 +0800
+Subject: [PATCH] CVE-2015-8035 Fix XZ compression support loop
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=757466
+DoS when parsing specially crafted XML document if XZ support
+is compiled in (which wasn't the case for 2.9.2 and master since
+Nov 2013, fixed in next commit !)
+
+Upstream-Status: Backport
+
+CVE-2015-8035
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ xzlib.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/xzlib.c b/xzlib.c
+index 0dcb9f4..1fab546 100644
+--- a/xzlib.c
++++ b/xzlib.c
+@@ -581,6 +581,10 @@ xz_decomp(xz_statep state)
+             xz_error(state, LZMA_DATA_ERROR, "compressed data error");
+             return -1;
+         }
++        if (ret == LZMA_PROG_ERROR) {
++            xz_error(state, LZMA_PROG_ERROR, "compression error");
++            return -1;
++        }
+     } while (strm->avail_out && ret != LZMA_STREAM_END);
+ 
+     /* update available output and crc check value */
+-- 
+2.3.5
+

meta/recipes-core/libxml/libxml2/0001-CVE-2015-8242-Buffer-overead-with-HTML-parser-in-pus.patch

@@ -0,0 +1,49 @@
+From 8fb4a770075628d6441fb17a1e435100e2f3b1a2 Mon Sep 17 00:00:00 2001
+From: Hugh Davenport <hugh@allthethings.co.nz>
+Date: Fri, 20 Nov 2015 17:16:06 +0800
+Subject: [PATCH] CVE-2015-8242 Buffer overead with HTML parser in push mode
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=756372
+Error in the code pointing to the codepoint in the stack for the
+current char value instead of the pointer in the input that the SAX
+callback expects
+Reported and fixed by Hugh Davenport
+
+Upstream-Status: Backport
+
+CVE-2015-8242
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ HTMLparser.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/HTMLparser.c b/HTMLparser.c
+index bdf7807..b729197 100644
+--- a/HTMLparser.c
++++ b/HTMLparser.c
+@@ -5735,17 +5735,17 @@ htmlParseTryOrFinish(htmlParserCtxtPtr ctxt, int terminate) {
+ 				if (ctxt->keepBlanks) {
+ 				    if (ctxt->sax->characters != NULL)
+ 					ctxt->sax->characters(
+-						ctxt->userData, &cur, 1);
++						ctxt->userData, &in->cur[0], 1);
+ 				} else {
+ 				    if (ctxt->sax->ignorableWhitespace != NULL)
+ 					ctxt->sax->ignorableWhitespace(
+-						ctxt->userData, &cur, 1);
++						ctxt->userData, &in->cur[0], 1);
+ 				}
+ 			    } else {
+ 				htmlCheckParagraph(ctxt);
+ 				if (ctxt->sax->characters != NULL)
+ 				    ctxt->sax->characters(
+-					    ctxt->userData, &cur, 1);
++					    ctxt->userData, &in->cur[0], 1);
+ 			    }
+ 			}
+ 			ctxt->token = 0;
+-- 
+2.3.5
+

meta/recipes-core/libxml/libxml2/0001-Fix-a-bug-on-name-parsing-at-the-end-of-current-inpu.patch

@@ -0,0 +1,138 @@
+From 51f02b0a03ea1fa6c65b3f9fd88cf60fb5803783 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Tue, 15 Sep 2015 16:50:32 +0800
+Subject: [PATCH] Fix a bug on name parsing at the end of current input buffer
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=754946
+
+When hitting the end of the current input buffer while parsing
+a name we could end up loosing the beginning of the name, which
+led to various issues.
+
+Upstream-Status: backport
+
+Depend patch for CVE-2015-7500
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ parser.c                     | 29 ++++++++++++++++++++---------
+ result/errors/754946.xml     |  0
+ result/errors/754946.xml.err | 16 ++++++++++++++++
+ result/errors/754946.xml.str |  4 ++++
+ test/errors/754946.xml       |  1 +
+ 5 files changed, 41 insertions(+), 9 deletions(-)
+ create mode 100644 result/errors/754946.xml
+ create mode 100644 result/errors/754946.xml.err
+ create mode 100644 result/errors/754946.xml.str
+ create mode 100644 test/errors/754946.xml
+
+diff --git a/parser.c b/parser.c
+index 0edd53b..fd29a39 100644
+--- a/parser.c
++++ b/parser.c
+@@ -3491,7 +3491,14 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) {
+ 	c = CUR_CHAR(l);
+ 	if (c == 0) {
+ 	    count = 0;
++	    /*
++	     * when shrinking to extend the buffer we really need to preserve
++	     * the part of the name we already parsed. Hence rolling back
++	     * by current lenght.
++	     */
++	    ctxt->input->cur -= l;
+ 	    GROW;
++	    ctxt->input->cur += l;
+             if (ctxt->instate == XML_PARSER_EOF)
+                 return(NULL);
+ 	    end = ctxt->input->cur;
+@@ -3523,7 +3530,7 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) {
+ 
+ static const xmlChar *
+ xmlParseNCName(xmlParserCtxtPtr ctxt) {
+-    const xmlChar *in;
++    const xmlChar *in, *e;
+     const xmlChar *ret;
+     int count = 0;
+ 
+@@ -3535,16 +3542,19 @@ xmlParseNCName(xmlParserCtxtPtr ctxt) {
+      * Accelerator for simple ASCII names
+      */
+     in = ctxt->input->cur;
+-    if (((*in >= 0x61) && (*in <= 0x7A)) ||
+-	((*in >= 0x41) && (*in <= 0x5A)) ||
+-	(*in == '_')) {
++    e = ctxt->input->end;
++    if ((((*in >= 0x61) && (*in <= 0x7A)) ||
++	 ((*in >= 0x41) && (*in <= 0x5A)) ||
++	 (*in == '_')) && (in < e)) {
+ 	in++;
+-	while (((*in >= 0x61) && (*in <= 0x7A)) ||
+-	       ((*in >= 0x41) && (*in <= 0x5A)) ||
+-	       ((*in >= 0x30) && (*in <= 0x39)) ||
+-	       (*in == '_') || (*in == '-') ||
+-	       (*in == '.'))
++	while ((((*in >= 0x61) && (*in <= 0x7A)) ||
++	        ((*in >= 0x41) && (*in <= 0x5A)) ||
++	        ((*in >= 0x30) && (*in <= 0x39)) ||
++	        (*in == '_') || (*in == '-') ||
++	        (*in == '.')) && (in < e))
+ 	    in++;
++	if (in >= e)
++	    goto complex;
+ 	if ((*in > 0) && (*in < 0x80)) {
+ 	    count = in - ctxt->input->cur;
+             if ((count > XML_MAX_NAME_LENGTH) &&
+@@ -3562,6 +3572,7 @@ xmlParseNCName(xmlParserCtxtPtr ctxt) {
+ 	    return(ret);
+ 	}
+     }
++complex:
+     return(xmlParseNCNameComplex(ctxt));
+ }
+ 
+diff --git a/result/errors/754946.xml b/result/errors/754946.xml
+new file mode 100644
+index 0000000..e69de29
+diff --git a/result/errors/754946.xml.err b/result/errors/754946.xml.err
+new file mode 100644
+index 0000000..423dff5
+--- /dev/null
++++ b/result/errors/754946.xml.err
+@@ -0,0 +1,16 @@
++Entity: line 1: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
++
++ %SYSTEM; 
++         ^
++Entity: line 1: 
++A<lbbbbbbbbbbbbbbbbbbb_
++^
++Entity: line 1: parser error : DOCTYPE improperly terminated
++ %SYSTEM; 
++         ^
++Entity: line 1: 
++A<lbbbbbbbbbbbbbbbbbbb_
++^
++./test/errors/754946.xml:1: parser error : Extra content at the end of the document
++<!DOCTYPEA[<!ENTITY %
++  ^
+diff --git a/result/errors/754946.xml.str b/result/errors/754946.xml.str
+new file mode 100644
+index 0000000..3b748cc
+--- /dev/null
++++ b/result/errors/754946.xml.str
+@@ -0,0 +1,4 @@
++./test/errors/754946.xml:1: parser error : Extra content at the end of the document
++<!DOCTYPEA[<!ENTITY %
++          ^
++./test/errors/754946.xml : failed to parse
+diff --git a/test/errors/754946.xml b/test/errors/754946.xml
+new file mode 100644
+index 0000000..6b5f9b0
+--- /dev/null
++++ b/test/errors/754946.xml
+@@ -0,0 +1 @@
++<!DOCTYPEA[<!ENTITY %
+
+SYSTEM "A<lbbbbbbbbbbbbbbbbbbb_"
+>%SYSTEM;<![
+\ No newline at end of file

meta/recipes-core/libxml/libxml2/CVE-2015-7498-Avoid-processing-entities-after-encoding-conversion-.patch

@@ -0,0 +1,89 @@
+From afd27c21f6b36e22682b7da20d726bce2dcb2f43 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Mon, 9 Nov 2015 18:07:18 +0800
+Subject: [PATCH] Avoid processing entities after encoding conversion failures
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=756527
+and was also raised by Chromium team in the past
+
+When we hit a convwersion failure when switching encoding
+it is bestter to stop parsing there, this was treated as a
+fatal error but the parser was continuing to process to extract
+more errors, unfortunately that makes little sense as the data
+is obviously corrupt and can potentially lead to unexpected behaviour.
+
+Upstream-Status: Backport
+
+CVE-2015-7498
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ parser.c          |  7 +++++--
+ parserInternals.c | 11 ++++++++++-
+ 2 files changed, 15 insertions(+), 3 deletions(-)
+
+diff --git a/parser.c b/parser.c
+index 134afe7..c79b4e8 100644
+--- a/parser.c
++++ b/parser.c
+@@ -10665,7 +10665,8 @@ xmlParseXMLDecl(xmlParserCtxtPtr ctxt) {
+ 	xmlFatalErrMsg(ctxt, XML_ERR_SPACE_REQUIRED, "Blank needed here\n");
+     }
+     xmlParseEncodingDecl(ctxt);
+-    if (ctxt->errNo == XML_ERR_UNSUPPORTED_ENCODING) {
++    if ((ctxt->errNo == XML_ERR_UNSUPPORTED_ENCODING) ||
++         (ctxt->instate == XML_PARSER_EOF)) {
+ 	/*
+ 	 * The XML REC instructs us to stop parsing right here
+ 	 */
+@@ -10789,6 +10790,7 @@ xmlParseDocument(xmlParserCtxtPtr ctxt) {
+ 
+     if (CUR == 0) {
+ 	xmlFatalErr(ctxt, XML_ERR_DOCUMENT_EMPTY, NULL);
++	return(-1);
+     }
+ 
+     /*
+@@ -10806,7 +10808,8 @@ xmlParseDocument(xmlParserCtxtPtr ctxt) {
+ 	 * Note that we will switch encoding on the fly.
+ 	 */
+ 	xmlParseXMLDecl(ctxt);
+-	if (ctxt->errNo == XML_ERR_UNSUPPORTED_ENCODING) {
++	if ((ctxt->errNo == XML_ERR_UNSUPPORTED_ENCODING) ||
++	    (ctxt->instate == XML_PARSER_EOF)) {
+ 	    /*
+ 	     * The XML REC instructs us to stop parsing right here
+ 	     */
+diff --git a/parserInternals.c b/parserInternals.c
+index df204fd..c8230c1 100644
+--- a/parserInternals.c
++++ b/parserInternals.c
+@@ -937,6 +937,7 @@ xmlSwitchEncoding(xmlParserCtxtPtr ctxt, xmlCharEncoding enc)
+ {
+     xmlCharEncodingHandlerPtr handler;
+     int len = -1;
++    int ret;
+ 
+     if (ctxt == NULL) return(-1);
+     switch (enc) {
+@@ -1097,7 +1098,15 @@ xmlSwitchEncoding(xmlParserCtxtPtr ctxt, xmlCharEncoding enc)
+     if (handler == NULL)
+ 	return(-1);
+     ctxt->charset = XML_CHAR_ENCODING_UTF8;
+-    return(xmlSwitchToEncodingInt(ctxt, handler, len));
++    ret = xmlSwitchToEncodingInt(ctxt, handler, len);
++    if ((ret < 0) || (ctxt->errNo == XML_I18N_CONV_FAILED)) {
++        /*
++	 * on encoding conversion errors, stop the parser
++	 */
++        xmlStopParser(ctxt);
++	ctxt->errNo = XML_I18N_CONV_FAILED;
++    }
++    return(ret);
+ }
+ 
+ /**
+-- 
+2.3.5
+