build-appliance-image: Update to thud head revision

(From OE-Core rev: d3d3f443039b03f1200a14bfe99f985592632018)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

bitbake/lib/bb/cooker.py

@@ -391,8 +391,9 @@ class BBCooker:
         if CookerFeatures.BASEDATASTORE_TRACKING in self.featureset:
             self.disableDataTracking()
 
-        self.data.renameVar("__depends", "__base_depends")
-        self.add_filewatch(self.data.getVar("__base_depends", False), self.configwatcher)
+        for mc in self.databuilder.mcdata.values():
+            mc.renameVar("__depends", "__base_depends")
+            self.add_filewatch(mc.getVar("__base_depends", False), self.configwatcher)
 
         self.baseconfig_valid = True
         self.parsecache_valid = False

bitbake/lib/bb/fetch2/gitsm.py

@@ -129,7 +129,7 @@ class GitSM(Git):
 
             url += ';protocol=%s' % proto
             url += ";name=%s" % module
-            url += ";subpath=%s" % paths[module]
+            url += ";subpath=%s" % module
 
             ld = d.createCopy()
             # Not necessary to set SRC_URI, since we're passing the URI to
@@ -147,6 +147,23 @@ class GitSM(Git):
 
         return submodules != []
 
+    def need_update(self, ud, d):
+        if Git.need_update(self, ud, d):
+            return True
+
+        try:
+            # Check for the nugget dropped by the download operation
+            known_srcrevs = runfetchcmd("%s config --get-all bitbake.srcrev" % \
+                            (ud.basecmd), d, workdir=ud.clonedir)
+
+            if ud.revisions[ud.names[0]] not in known_srcrevs.split():
+                return True
+        except bb.fetch2.FetchError:
+            # No srcrev nuggets, so this is new and needs to be updated
+            return True
+
+        return False
+
     def download(self, ud, d):
         def download_submodule(ud, url, module, modpath, d):
             url += ";bareclone=1;nobranch=1"
@@ -157,6 +174,9 @@ class GitSM(Git):
             try:
                 newfetch = Fetch([url], d, cache=False)
                 newfetch.download()
+                # Drop a nugget to add each of the srcrevs we've fetched (used by need_update)
+                runfetchcmd("%s config --add bitbake.srcrev %s" % \
+                            (ud.basecmd, ud.revisions[ud.names[0]]), d, workdir=ud.clonedir)
             except Exception as e:
                 logger.error('gitsm: submodule download failed: %s %s' % (type(e).__name__, str(e)))
                 raise
@@ -176,7 +196,7 @@ class GitSM(Git):
 
             try:
                 newfetch = Fetch([url], d, cache=False)
-                newfetch.unpack(root=os.path.dirname(os.path.join(repo_conf, 'modules', modpath)))
+                newfetch.unpack(root=os.path.dirname(os.path.join(repo_conf, 'modules', module)))
             except Exception as e:
                 logger.error('gitsm: submodule unpack failed: %s %s' % (type(e).__name__, str(e)))
                 raise
@@ -191,9 +211,9 @@ class GitSM(Git):
 
             # Ensure the submodule repository is NOT set to bare, since we're checking it out...
             try:
-                runfetchcmd("%s config core.bare false" % (ud.basecmd), d, quiet=True, workdir=os.path.join(repo_conf, 'modules', modpath))
+                runfetchcmd("%s config core.bare false" % (ud.basecmd), d, quiet=True, workdir=os.path.join(repo_conf, 'modules', module))
             except:
-                logger.error("Unable to set git config core.bare to false for %s" % os.path.join(repo_conf, 'modules', modpath))
+                logger.error("Unable to set git config core.bare to false for %s" % os.path.join(repo_conf, 'modules', module))
                 raise
 
         Git.unpack(self, ud, destdir, d)
@@ -201,5 +221,7 @@ class GitSM(Git):
         ret = self.process_submodules(ud, ud.destdir, unpack_submodules, d)
 
         if not ud.bareclone and ret:
-            # Run submodule update, this sets up the directories -- without touching the config
+            # All submodules should already be downloaded and configured in the tree.  This simply sets
+            # up the configuration and checks out the files.  The main project config should remain
+            # unmodified, and no download from the internet should occur.
             runfetchcmd("%s submodule update --recursive --no-fetch" % (ud.basecmd), d, quiet=True, workdir=ud.destdir)

bitbake/lib/bb/tests/fetch.py

@@ -942,6 +942,25 @@ class FetcherNetworkTest(FetcherTest):
         self.assertTrue(os.path.exists(os.path.join(repo_path, '.git/modules/extern/json/config')), msg='Missing submodule config "extern/json"')
         self.assertTrue(os.path.exists(os.path.join(repo_path, '.git/modules/extern/sanitizers/config')), msg='Missing submodule config "extern/sanitizers"')
 
+    def test_git_submodule_update_CLI11(self):
+        """ Prevent regression on update detection not finding missing submodule, or modules without needed commits """
+        url = "gitsm://github.com/CLIUtils/CLI11;protocol=git;rev=cf6a99fa69aaefe477cc52e3ef4a7d2d7fa40714"
+        fetcher = bb.fetch.Fetch([url], self.d)
+        fetcher.download()
+
+        # CLI11 that pulls in a newer nlohmann-json
+        url = "gitsm://github.com/CLIUtils/CLI11;protocol=git;rev=49ac989a9527ee9bb496de9ded7b4872c2e0e5ca"
+        fetcher = bb.fetch.Fetch([url], self.d)
+        fetcher.download()
+        # Previous cwd has been deleted
+        os.chdir(os.path.dirname(self.unpackdir))
+        fetcher.unpack(self.unpackdir)
+
+        repo_path = os.path.join(self.tempdir, 'unpacked', 'git')
+        self.assertTrue(os.path.exists(os.path.join(repo_path, '.git/modules/extern/googletest/config')), msg='Missing submodule config "extern/googletest"')
+        self.assertTrue(os.path.exists(os.path.join(repo_path, '.git/modules/extern/json/config')), msg='Missing submodule config "extern/json"')
+        self.assertTrue(os.path.exists(os.path.join(repo_path, '.git/modules/extern/sanitizers/config')), msg='Missing submodule config "extern/sanitizers"')
+
     def test_git_submodule_aktualizr(self):
         url = "gitsm://github.com/advancedtelematic/aktualizr;branch=master;protocol=git;rev=d00d1a04cc2366d1a5f143b84b9f507f8bd32c44"
         fetcher = bb.fetch.Fetch([url], self.d)
@@ -958,6 +977,33 @@ class FetcherNetworkTest(FetcherTest):
         self.assertTrue(os.path.exists(os.path.join(repo_path, '.git/modules/third_party/googletest/config')), msg='Missing submodule config "third_party/googletest/config"')
         self.assertTrue(os.path.exists(os.path.join(repo_path, '.git/modules/third_party/HdrHistogram_c/config')), msg='Missing submodule config "third_party/HdrHistogram_c/config"')
 
+    def test_git_submodule_iotedge(self):
+        """ Prevent regression on deeply nested submodules not being checked out properly, even though they were fetched. """
+
+        # This repository also has submodules where the module (name), path and url do not align
+        url = "gitsm://github.com/azure/iotedge.git;protocol=git;rev=d76e0316c6f324345d77c48a83ce836d09392699"
+        fetcher = bb.fetch.Fetch([url], self.d)
+        fetcher.download()
+        # Previous cwd has been deleted
+        os.chdir(os.path.dirname(self.unpackdir))
+        fetcher.unpack(self.unpackdir)
+
+        repo_path = os.path.join(self.tempdir, 'unpacked', 'git')
+
+        self.assertTrue(os.path.exists(os.path.join(repo_path, 'edgelet/hsm-sys/azure-iot-hsm-c/deps/c-shared/README.md')), msg='Missing submodule checkout')
+        self.assertTrue(os.path.exists(os.path.join(repo_path, 'edgelet/hsm-sys/azure-iot-hsm-c/deps/c-shared/testtools/ctest/README.md')), msg='Missing submodule checkout')
+        self.assertTrue(os.path.exists(os.path.join(repo_path, 'edgelet/hsm-sys/azure-iot-hsm-c/deps/c-shared/testtools/testrunner/readme.md')), msg='Missing submodule checkout')
+        self.assertTrue(os.path.exists(os.path.join(repo_path, 'edgelet/hsm-sys/azure-iot-hsm-c/deps/c-shared/testtools/umock-c/readme.md')), msg='Missing submodule checkout')
+        self.assertTrue(os.path.exists(os.path.join(repo_path, 'edgelet/hsm-sys/azure-iot-hsm-c/deps/c-shared/testtools/umock-c/deps/ctest/README.md')), msg='Missing submodule checkout')
+        self.assertTrue(os.path.exists(os.path.join(repo_path, 'edgelet/hsm-sys/azure-iot-hsm-c/deps/c-shared/testtools/umock-c/deps/testrunner/readme.md')), msg='Missing submodule checkout')
+        self.assertTrue(os.path.exists(os.path.join(repo_path, 'edgelet/hsm-sys/azure-iot-hsm-c/deps/utpm/README.md')), msg='Missing submodule checkout')
+        self.assertTrue(os.path.exists(os.path.join(repo_path, 'edgelet/hsm-sys/azure-iot-hsm-c/deps/utpm/deps/c-utility/README.md')), msg='Missing submodule checkout')
+        self.assertTrue(os.path.exists(os.path.join(repo_path, 'edgelet/hsm-sys/azure-iot-hsm-c/deps/utpm/deps/c-utility/testtools/ctest/README.md')), msg='Missing submodule checkout')
+        self.assertTrue(os.path.exists(os.path.join(repo_path, 'edgelet/hsm-sys/azure-iot-hsm-c/deps/utpm/deps/c-utility/testtools/testrunner/readme.md')), msg='Missing submodule checkout')
+        self.assertTrue(os.path.exists(os.path.join(repo_path, 'edgelet/hsm-sys/azure-iot-hsm-c/deps/utpm/deps/c-utility/testtools/umock-c/readme.md')), msg='Missing submodule checkout')
+        self.assertTrue(os.path.exists(os.path.join(repo_path, 'edgelet/hsm-sys/azure-iot-hsm-c/deps/utpm/deps/c-utility/testtools/umock-c/deps/ctest/README.md')), msg='Missing submodule checkout')
+        self.assertTrue(os.path.exists(os.path.join(repo_path, 'edgelet/hsm-sys/azure-iot-hsm-c/deps/utpm/deps/c-utility/testtools/umock-c/deps/testrunner/readme.md')), msg='Missing submodule checkout')
+
 class TrustedNetworksTest(FetcherTest):
     def test_trusted_network(self):
         # Ensure trusted_network returns False when the host IS in the list.

bitbake/lib/bb/tests/utils.py

@@ -42,6 +42,10 @@ class VerCmpString(unittest.TestCase):
         self.assertTrue(result < 0)
         result = bb.utils.vercmp_string('1.1', '1.0+1.1-beta1')
         self.assertTrue(result > 0)
+        result = bb.utils.vercmp_string('1.', '1.1')
+        self.assertTrue(result < 0)
+        result = bb.utils.vercmp_string('1.1', '1.')
+        self.assertTrue(result > 0)
 
     def test_explode_dep_versions(self):
         correctresult = {"foo" : ["= 1.10"]}

bitbake/lib/bb/utils.py

@@ -120,6 +120,10 @@ def vercmp_part(a, b):
             return -1
         elif oa > ob:
             return 1
+        elif ca is None:
+            return -1
+        elif cb is None:
+            return 1
         elif ca < cb:
             return -1
         elif ca > cb:

bitbake/lib/toaster/orm/fixtures/oe-core.xml

@@ -53,7 +53,7 @@
   <object model="orm.release" pk="4">
     <field type="CharField" name="name">thud</field>
     <field type="CharField" name="description">Openembedded Thud</field>
-    <field rel="ManyToOneRel" to="orm.bitbakeversion" name="bitbake_version">1</field>
+    <field rel="ManyToOneRel" to="orm.bitbakeversion" name="bitbake_version">4</field>
     <field type="CharField" name="branch_name">thud</field>
     <field type="TextField" name="helptext">Toaster will run your builds using the tip of the &lt;a href=\"http://cgit.openembedded.org/openembedded-core/log/?h=thud\"&gt;OpenEmbedded Thud&lt;/a&gt; branch.</field>
   </object>

bitbake/lib/toaster/orm/fixtures/poky.xml

@@ -58,7 +58,7 @@
   <object model="orm.release" pk="4">
     <field type="CharField" name="name">thud</field>
     <field type="CharField" name="description">Yocto Project 2.6 "Thud"</field>
-    <field rel="ManyToOneRel" to="orm.bitbakeversion" name="bitbake_version">1</field>
+    <field rel="ManyToOneRel" to="orm.bitbakeversion" name="bitbake_version">4</field>
     <field type="CharField" name="branch_name">thud</field>
     <field type="TextField" name="helptext">Toaster will run your builds using the tip of the &lt;a href="http://git.yoctoproject.org/cgit/cgit.cgi/poky/log/?h=thud"&gt;Yocto Project Thud branch&lt;/a&gt;.</field>
   </object>

documentation/brief-yoctoprojectqs/brief-yoctoprojectqs.xml

@@ -148,11 +148,11 @@
             <literallayout class='monospaced'>
      $ git clone git://git.yoctoproject.org/poky
      Cloning into 'poky'...
-     remote: Counting objects: 428632, done.
-     remote: Compressing objects: 100% (101203/101203), done.
-     remote: Total 428632 (delta 320463), reused 428532 (delta 320363)
-     Receiving objects: 100% (428632/428632), 153.01 MiB | 12.40 MiB/s, done.
-     Resolving deltas: 100% (320463/320463), done.
+     remote: Counting objects: 445141, done.
+     remote: Compressing objects: 100% (105214/105214), done.
+     remote: Total 445141 (delta 333098), reused 444745 (delta 332720)
+     Receiving objects: 100% (445141/445141), 156.60 MiB | 5.13 MiB/s, done.
+     Resolving deltas: 100% (333098/333098), done.
      Checking connectivity... done.
             </literallayout>
             Move to the <filename>poky</filename> directory and take a look
@@ -172,8 +172,12 @@
      yocto-2.5
      yocto-2.5.1
      yocto-2.5.2
+     yocto-2.5.3
      yocto-2.6
      yocto-2.6.1
+     yocto-2.6.2
+     yocto-2.6.3
+     yocto-2.7
      yocto_1.5_M5.rc8
             </literallayout>
             For this example, check out the branch based on the
@@ -388,16 +392,15 @@
                     You can put the copy in the top level of the copy of the
                     Poky repository created earlier:
                     <literallayout class='monospaced'>
-     $ cd ~/poky
      $ git clone https://github.com/kraj/meta-altera.git
      Cloning into 'meta-altera'...
-     remote: Counting objects: 25170, done.
-     remote: Compressing objects: 100% (350/350), done.
-     remote: Total 25170 (delta 645), reused 719 (delta 538), pack-reused 24219
-     Receiving objects: 100% (25170/25170), 41.02 MiB | 1.64 MiB/s, done.
-     Resolving deltas: 100% (13385/13385), done.
-     Checking connectivity... done.
-                    </literallayout>
+     remote: Enumerating objects: 219, done.
+     remote: Counting objects: 100% (219/219), done.
+     remote: Compressing objects: 100% (116/116), done.
+     remote: Total 1463 (delta 111), reused 172 (delta 79), pack-reused 1244
+     Receiving objects: 100% (1463/1463), 211.60 KiB | 0 bytes/s, done.
+     Resolving deltas: 100% (706/706), done.
+     Checking connectivity... done.                    </literallayout>
                     The hardware layer now exists with other layers inside
                     the Poky reference repository on your build host as
                     <filename>meta-altera</filename> and contains all the
@@ -435,8 +438,6 @@
      $ cd ~/poky/build
      $ bitbake-layers add-layer ../meta-altera
      NOTE: Starting bitbake server...
-     Parsing recipes: 100% |##################################################################| Time: 0:00:32
-     Parsing of 918 .bb files complete (0 cached, 918 parsed). 1401 targets, 123 skipped, 0 masked, 0 errors.
                     </literallayout>
                     You can find more information on adding layers in the
                     "<ulink url='&YOCTO_DOCS_DEV_URL;#adding-a-layer-using-the-bitbake-layers-script'>Adding a Layer Using the <filename>bitbake-layers</filename> Script</ulink>"

documentation/bsp-guide/bsp-guide.xml

@@ -128,9 +128,19 @@
             </revision>
             <revision>
                 <revnumber>2.6.1</revnumber>
-                <date>&REL_MONTH_YEAR;</date>
+                <date>February 2019</date>
                 <revremark>Released with the Yocto Project 2.6.1 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.6.2</revnumber>
+                <date>April 2019</date>
+                <revremark>Released with the Yocto Project 2.6.2 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>2.6.3</revnumber>
+                <date>&REL_MONTH_YEAR;</date>
+                <revremark>Released with the Yocto Project 2.6.3 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/bsp-guide/bsp.xml

@@ -243,11 +243,11 @@
                         <literallayout class='monospaced'>
      $ git clone git://git.yoctoproject.org/meta-intel.git
      Cloning into 'meta-intel'...
-     remote: Counting objects: 15585, done.
-     remote: Compressing objects: 100% (5056/5056), done.
-     remote: Total 15585 (delta 9123), reused 15329 (delta 8867)
-     Receiving objects: 100% (15585/15585), 4.51 MiB | 3.19 MiB/s, done.
-     Resolving deltas: 100% (9123/9123), done.
+     remote: Counting objects: 17179, done.
+     remote: Compressing objects: 100% (5307/5307), done.
+     remote: Total 17179 (delta 10209), reused 17139 (delta 10169)
+     Receiving objects: 100% (17179/17179), 4.76 MiB | 4.39 MiB/s, done.
+     Resolving deltas: 100% (10209/10209), done.
      Checking connectivity... done.
                         </literallayout>
                         </para></listitem>
@@ -289,13 +289,12 @@
                 <literallayout class='monospaced'>
      $ git clone git://git.yoctoproject.org/meta-raspberrypi
      Cloning into 'meta-raspberrypi'...
-     remote: Counting objects: 4743, done.
-     remote: Compressing objects: 100% (2185/2185), done.
-     remote: Total 4743 (delta 2447), reused 4496 (delta 2258)
-     Receiving objects: 100% (4743/4743), 1.18 MiB | 0 bytes/s, done.
-     Resolving deltas: 100% (2447/2447), done.
-     Checking connectivity... done.
-                </literallayout>
+     remote: Counting objects: 6205, done.
+     remote: Compressing objects: 100% (2700/2700), done.
+     remote: Total 6205 (delta 3342), reused 5916 (delta 3146)
+     Receiving objects: 100% (6205/6205), 1.43 MiB | 0 bytes/s, done.
+     Resolving deltas: 100% (3342/3342), done.
+     Checking connectivity... done.                </literallayout>
                 </para></listitem>
             <listitem><para>
                 <emphasis>Initialize the Build Environment:</emphasis>
@@ -392,164 +391,15 @@
     </para>
 
     <para>
-        Below is an example of the Raspberry Pi BSP
+        You can examine the Raspberry Pi BSP
         layer that is available from the
-        <ulink url='&YOCTO_GIT_URL;'>Source Respositories</ulink>:
-        <literallayout class='monospaced'>
-     meta-raspberrypi/COPYING.MIT
-     meta-raspberrypi/README.md
-     meta-raspberrypi/classes
-     meta-raspberrypi/classes/sdcard_image-rpi.bbclass
-     meta-raspberrypi/conf/
-     meta-raspberrypi/conf/layer.conf
-     meta-raspberrypi/conf/machine/
-     meta-raspberrypi/conf/machine/raspberrypi-cm.conf
-     meta-raspberrypi/conf/machine/raspberrypi-cm3.conf
-     meta-raspberrypi/conf/machine/raspberrypi.conf
-     meta-raspberrypi/conf/machine/raspberrypi0-wifi.conf
-     meta-raspberrypi/conf/machine/raspberrypi0.conf
-     meta-raspberrypi/conf/machine/raspberrypi2.conf
-     meta-raspberrypi/conf/machine/raspberrypi3-64.conf
-     meta-raspberrypi/conf/machine/raspberrypi3.conf
-     meta-raspberrypi/conf/machine/include
-     meta-raspberrypi/conf/machine/include/rpi-base.inc
-     meta-raspberrypi/conf/machine/include/rpi-default-providers.inc
-     meta-raspberrypi/conf/machine/include/rpi-default-settings.inc
-     meta-raspberrypi/conf/machine/include/rpi-default-versions.inc
-     meta-raspberrypi/conf/machine/include/tune-arm1176jzf-s.inc
-     meta-raspberrypi/docs
-     meta-raspberrypi/docs/Makefile
-     meta-raspberrypi/docs/conf.py
-     meta-raspberrypi/docs/contributing.md
-     meta-raspberrypi/docs/extra-apps.md
-     meta-raspberrypi/docs/extra-build-config.md
-     meta-raspberrypi/docs/index.rst
-     meta-raspberrypi/docs/layer-contents.md
-     meta-raspberrypi/docs/readme.md
-     meta-raspberrypi/files
-     meta-raspberrypi/files/custom-licenses
-     meta-raspberrypi/files/custom-licenses/Broadcom
-     meta-raspberrypi/recipes-bsp
-     meta-raspberrypi/recipes-bsp/bootfiles
-     meta-raspberrypi/recipes-bsp/bootfiles/bcm2835-bootfiles.bb
-     meta-raspberrypi/recipes-bsp/bootfiles/rpi-config_git.bb
-     meta-raspberrypi/recipes-bsp/common
-     meta-raspberrypi/recipes-bsp/common/firmware.inc
-     meta-raspberrypi/recipes-bsp/formfactor
-     meta-raspberrypi/recipes-bsp/formfactor/formfactor
-     meta-raspberrypi/recipes-bsp/formfactor/formfactor/raspberrypi
-     meta-raspberrypi/recipes-bsp/formfactor/formfactor/raspberrypi/machconfig
-     meta-raspberrypi/recipes-bsp/formfactor/formfactor_0.0.bbappend
-     meta-raspberrypi/recipes-bsp/rpi-u-boot-src
-     meta-raspberrypi/recipes-bsp/rpi-u-boot-src/files
-     meta-raspberrypi/recipes-bsp/rpi-u-boot-src/files/boot.cmd.in
-     meta-raspberrypi/recipes-bsp/rpi-u-boot-src/rpi-u-boot-scr.bb
-     meta-raspberrypi/recipes-bsp/u-boot
-     meta-raspberrypi/recipes-bsp/u-boot/u-boot
-     meta-raspberrypi/recipes-bsp/u-boot/u-boot/*.patch
-     meta-raspberrypi/recipes-bsp/u-boot/u-boot_%.bbappend
-     meta-raspberrypi/recipes-connectivity
-     meta-raspberrypi/recipes-connectivity/bluez5
-     meta-raspberrypi/recipes-connectivity/bluez5/bluez5
-     meta-raspberrypi/recipes-connectivity/bluez5/bluez5/*.patch
-     meta-raspberrypi/recipes-connectivity/bluez5/bluez5/BCM43430A1.hcd
-     meta-raspberrypi/recipes-connectivity/bluez5/bluez5brcm43438.service
-     meta-raspberrypi/recipes-connectivity/bluez5/bluez5_%.bbappend
-     meta-raspberrypi/recipes-core
-     meta-raspberrypi/recipes-core/images
-     meta-raspberrypi/recipes-core/images/rpi-basic-image.bb
-     meta-raspberrypi/recipes-core/images/rpi-hwup-image.bb
-     meta-raspberrypi/recipes-core/images/rpi-test-image.bb
-     meta-raspberrypi/recipes-core/packagegroups
-     meta-raspberrypi/recipes-core/packagegroups/packagegroup-rpi-test.bb
-     meta-raspberrypi/recipes-core/psplash
-     meta-raspberrypi/recipes-core/psplash/files
-     meta-raspberrypi/recipes-core/psplash/files/psplash-raspberrypi-img.h
-     meta-raspberrypi/recipes-core/psplash/psplash_git.bbappend
-     meta-raspberrypi/recipes-core/udev
-     meta-raspberrypi/recipes-core/udev/udev-rules-rpi
-     meta-raspberrypi/recipes-core/udev/udev-rules-rpi/99-com.rules
-     meta-raspberrypi/recipes-core/udev/udev-rules-rpi.bb
-     meta-raspberrypi/recipes-devtools
-     meta-raspberrypi/recipes-devtools/bcm2835
-     meta-raspberrypi/recipes-devtools/bcm2835/bcm2835_1.52.bb
-     meta-raspberrypi/recipes-devtools/pi-blaster
-     meta-raspberrypi/recipes-devtools/pi-blaster/files
-     meta-raspberrypi/recipes-devtools/pi-blaster/files/*.patch
-     meta-raspberrypi/recipes-devtools/pi-blaster/pi-blaster_git.bb
-     meta-raspberrypi/recipes-devtools/python
-     meta-raspberrypi/recipes-devtools/python/python-rtimu
-     meta-raspberrypi/recipes-devtools/python/python-rtimu/*.patch
-     meta-raspberrypi/recipes-devtools/python/python-rtimu_git.bb
-     meta-raspberrypi/recipes-devtools/python/python-sense-hat_2.2.0.bb
-     meta-raspberrypi/recipes-devtools/python/rpi-gpio
-     meta-raspberrypi/recipes-devtools/python/rpi-gpio/*.patch
-     meta-raspberrypi/recipes-devtools/python/rpi-gpio_0.6.3.bb
-     meta-raspberrypi/recipes-devtools/python/rpio
-     meta-raspberrypi/recipes-devtools/python/rpio/*.patch
-     meta-raspberrypi/recipes-devtools/python/rpio_0.10.0.bb
-     meta-raspberrypi/recipes-devtools/wiringPi
-     meta-raspberrypi/recipes-devtools/wiringPi/files
-     meta-raspberrypi/recipes-devtools/wiringPi/files/*.patch
-     meta-raspberrypi/recipes-devtools/wiringPi/wiringpi_git.bb
-     meta-raspberrypi/recipes-graphics
-     meta-raspberrypi/recipes-graphics/eglinfo
-     meta-raspberrypi/recipes-graphics/eglinfo/eglinfo-fb_%.bbappend
-     meta-raspberrypi/recipes-graphics/eglinfo/eglinfo-x11_%.bbappend
-     meta-raspberrypi/recipes-graphics/mesa
-     meta-raspberrypi/recipes-graphics/mesa/mesa-gl_%.bbappend
-     meta-raspberrypi/recipes-graphics/mesa/mesa_%.bbappend
-     meta-raspberrypi/recipes-graphics/userland
-     meta-raspberrypi/recipes-graphics/userland/userland
-     meta-raspberrypi/recipes-graphics/userland/userland/*.patch
-     meta-raspberrypi/recipes-graphics/userland/userland_git.bb
-     meta-raspberrypi/recipes-graphics/vc-graphics
-     meta-raspberrypi/recipes-graphics/vc-graphics/files
-     meta-raspberrypi/recipes-graphics/vc-graphics/files/egl.pc
-     meta-raspberrypi/recipes-graphics/vc-graphics/files/vchiq.sh
-     meta-raspberrypi/recipes-graphics/vc-graphics/vc-graphics-hardfp.bb
-     meta-raspberrypi/recipes-graphics/vc-graphics/vc-graphics.bb
-     meta-raspberrypi/recipes-graphics/vc-graphics/vc-graphics.inc
-     meta-raspberrypi/recipes-graphics/wayland
-     meta-raspberrypi/recipes-graphics/wayland/weston_%.bbappend
-     meta-raspberrypi/recipes-graphics/xorg-xserver
-     meta-raspberrypi/recipes-graphics/xorg-xserver/xserver-xf86-config
-     meta-raspberrypi/recipes-graphics/xorg-xserver/xserver-xf86-config/rpi
-     meta-raspberrypi/recipes-graphics/xorg-xserver/xserver-xf86-config/rpi/xorg.conf
-     meta-raspberrypi/recipes-graphics/xorg-xserver/xserver-xf86-config/rpi/xorg.conf.d
-     meta-raspberrypi/recipes-graphics/xorg-xserver/xserver-xf86-config/rpi/xorg.conf.d/10-evdev.conf
-     meta-raspberrypi/recipes-graphics/xorg-xserver/xserver-xf86-config/rpi/xorg.conf.d/98-pitft.conf
-     meta-raspberrypi/recipes-graphics/xorg-xserver/xserver-xf86-config/rpi/xorg.conf.d/99-calibration.conf
-     meta-raspberrypi/recipes-graphics/xorg-xserver/xserver-xf86-config_0.1.bbappend
-     meta-raspberrypi/recipes-graphics/xorg-xserver/xserver-xorg_%.bbappend
-     meta-raspberrypi/recipes-kernel
-     meta-raspberrypi/recipes-kernel/linux-firmware
-     meta-raspberrypi/recipes-kernel/linux-firmware/files
-     meta-raspberrypi/recipes-kernel/linux-firmware/files/brcmfmac43430-sdio.bin
-     meta-raspberrypi/recipes-kernel/linux-firmware/files/brcfmac43430-sdio.txt
-     meta-raspberrypi/recipes-kernel/linux-firmware/linux-firmware_%.bbappend
-     meta-raspberrypi/recipes-kernel/linux
-     meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi-dev.bb
-     meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi.inc
-     meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_4.14.bb
-     meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_4.9.bb
-     meta-raspberrypi/recipes-multimedia
-     meta-raspberrypi/recipes-multimedia/gstreamer
-     meta-raspberrypi/recipes-multimedia/gstreamer/gstreamer1.0-omx
-     meta-raspberrypi/recipes-multimedia/gstreamer/gstreamer1.0-omx/*.patch
-     meta-raspberrypi/recipes-multimedia/gstreamer/gstreamer1.0-omx_%.bbappend
-     meta-raspberrypi/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_%.bbappend
-     meta-raspberrypi/recipes-multimedia/gstreamer/gstreamer1.0-omx-1.12
-     meta-raspberrypi/recipes-multimedia/gstreamer/gstreamer1.0-omx-1.12/*.patch
-     meta-raspberrypi/recipes-multimedia/omxplayer
-     meta-raspberrypi/recipes-multimedia/omxplayer/omxplayer
-     meta-raspberrypi/recipes-multimedia/omxplayer/omxplayer/*.patch
-     meta-raspberrypi/recipes-multimedia/omxplayer/omxplayer_git.bb
-     meta-raspberrypi/recipes-multimedia/x264
-     meta-raspberrypi/recipes-multimedia/x264/x264_git.bbappend
-     meta-raspberrypi/wic
-     meta-raspberrypi/wic/sdimage-raspberrypi.wks
-        </literallayout>
+        <ulink url='&YOCTO_GIT_URL;'>Source Repositories</ulink> by
+        following this link:
+        <ulink url='https://git.yoctoproject.org/cgit/cgit.cgi/meta-raspberrypi/tree/?h=&DISTRO_NAME_NO_CAP;'></ulink>.
+        Following the link puts you in the Source Repositories and the
+        Raspberry Pi BSP layer for the "&DISTRO_NAME_NO_CAP;" release.
+        You can use the interface to explore the configuration, docs, and
+        recipe files.
     </para>
 
     <para>
@@ -840,13 +690,13 @@
             files for the BSP.
             Most notably would be the formfactor files.
             For example, in the Raspberry Pi BSP there is the
-            <filename>formfactor_0.0.bbappend</filename> file,
+            <filename>formfactor_%.bbappend</filename> file,
             which is an append file used to augment the recipe
             that starts the build.
             Furthermore, there are machine-specific settings used
             during the build that are defined by the
             <filename>machconfig</filename> file further down in
-            the directory.
+            the directory (i.e. <filename>formfactor/rpi/</filename>).
             Here is the <filename>machconfig</filename> file for
             the Raspberry Pi BSP:
             <literallayout class='monospaced'>
@@ -866,7 +716,8 @@
             formfactor recipe
             <filename>meta/recipes-bsp/formfactor/formfactor_0.0.bb</filename>,
             which is found in the
-            <ulink url='&YOCTO_DOCS_REF_URL;#source-directory'>Source Directory</ulink>.
+            <ulink url='&YOCTO_DOCS_REF_URL;#source-directory'>Source Directory</ulink>
+            (i.e. <filename>poky</filename>).
         </para></note>
     </section>
 

documentation/dev-manual/dev-manual.xml

@@ -113,9 +113,19 @@
             </revision>
             <revision>
                 <revnumber>2.6.1</revnumber>
-                <date>&REL_MONTH_YEAR;</date>
+                <date>February 2019</date>
                 <revremark>Released with the Yocto Project 2.6.1 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.6.2</revnumber>
+                <date>April 2019</date>
+                <revremark>Released with the Yocto Project 2.6.2 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>2.6.3</revnumber>
+                <date>&REL_MONTH_YEAR;</date>
+                <revremark>Released with the Yocto Project 2.6.3 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/kernel-dev/kernel-dev.xml

@@ -98,9 +98,14 @@
             </revision>
             <revision>
                 <revnumber>2.6.1</revnumber>
-                <date>&REL_MONTH_YEAR;</date>
+                <date>February 2019</date>
                 <revremark>Released with the Yocto Project 2.6.1 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.6.2</revnumber>
+                <date>&REL_MONTH_YEAR;</date>
+                <revremark>Released with the Yocto Project 2.6.2 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/mega-manual/mega-manual.xml

@@ -82,9 +82,19 @@
             </revision>
             <revision>
                 <revnumber>2.6.1</revnumber>
-                <date>&REL_MONTH_YEAR;</date>
+                <date>February 2019</date>
                 <revremark>Released with the Yocto Project 2.6.1 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.6.2</revnumber>
+                <date>April 2019</date>
+                <revremark>Released with the Yocto Project 2.6.2 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>2.6.3</revnumber>
+                <date>&REL_MONTH_YEAR;</date>
+                <revremark>Released with the Yocto Project 2.6.3 Release.</revremark>
+            </revision>
        </revhistory>
 
     <copyright>

documentation/overview-manual/overview-manual-concepts.xml

@@ -3186,7 +3186,8 @@
         <para>
             In the
             <ulink url='&YOCTO_DOCS_REF_URL;#build-system-term'>OpenEmbedded build system</ulink>,
-            the program that implements fakeroot is known as Pseudo.
+            the program that implements fakeroot is known as
+            <ulink url='https://www.yoctoproject.org/software-item/pseudo/'>Pseudo</ulink>.
             Pseudo overrides system calls by using the environment variable
             <filename>LD_PRELOAD</filename>, which results in the illusion
             of running as root.
@@ -3220,10 +3221,8 @@
             <ulink url='&YOCTO_DOCS_BB_URL;#var-FAKEROOT'><filename>FAKEROOT*</filename></ulink>
             variables in the BitBake User Manual.
             You can also reference the
-            "<ulink url='http://www.ibm.com/developerworks/opensource/library/os-aapseudo1/index.html'>Pseudo</ulink>"
-            and
             "<ulink url='https://github.com/wrpseudo/pseudo/wiki/WhyNotFakeroot'>Why Not Fakeroot?</ulink>"
-            articles for background information on Pseudo.
+            article for background information on Fakeroot and Pseudo.
         </para>
     </section>
 </chapter>

documentation/overview-manual/overview-manual.xml

@@ -43,9 +43,19 @@
             </revision>
             <revision>
                 <revnumber>2.6.1</revnumber>
-                <date>&REL_MONTH_YEAR;</date>
+                <date>February 2019</date>
                 <revremark>Released with the Yocto Project 2.6.1 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.6.2</revnumber>
+                <date>April 2019</date>
+                <revremark>Released with the Yocto Project 2.6.2 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>2.6.3</revnumber>
+                <date>&REL_MONTH_YEAR;</date>
+                <revremark>Released with the Yocto Project 2.6.3 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/poky.ent

@@ -1,17 +1,17 @@
-<!ENTITY DISTRO "2.6.1">
-<!ENTITY DISTRO_COMPRESSED "261">
+<!ENTITY DISTRO "2.6.3">
+<!ENTITY DISTRO_COMPRESSED "263">
 <!ENTITY DISTRO_NAME_NO_CAP "thud">
 <!ENTITY DISTRO_NAME "Thud">
 <!ENTITY DISTRO_NAME_NO_CAP_MINUS_ONE "sumo">
 <!ENTITY DISTRO_NAME_MINUS_ONE "Sumo">
-<!ENTITY YOCTO_DOC_VERSION "2.6.1">
-<!ENTITY YOCTO_DOC_VERSION_MINUS_ONE "2.5.2">
-<!ENTITY DISTRO_REL_TAG "yocto-2.6.1">
+<!ENTITY YOCTO_DOC_VERSION "2.6.3">
+<!ENTITY YOCTO_DOC_VERSION_MINUS_ONE "2.5.3">
+<!ENTITY DISTRO_REL_TAG "yocto-2.6.3">
 <!ENTITY METAINTELVERSION "10.1">
-<!ENTITY REL_MONTH_YEAR "February 2019">
+<!ENTITY REL_MONTH_YEAR "July 2019">
 <!ENTITY META_INTEL_REL_TAG "&METAINTELVERSION;-&DISTRO_NAME_NO_CAP;-&YOCTO_DOC_VERSION;">
-<!ENTITY POKYVERSION "21.0.1">
-<!ENTITY POKYVERSION_COMPRESSED "2101">
+<!ENTITY POKYVERSION "20.0.3">
+<!ENTITY POKYVERSION_COMPRESSED "2003">
 <!ENTITY YOCTO_POKY "poky-&DISTRO_NAME_NO_CAP;-&POKYVERSION;">
 <!ENTITY COPYRIGHT_YEAR "2010-2019">
 <!ENTITY YOCTO_DL_URL "http://downloads.yoctoproject.org">

documentation/profile-manual/profile-manual.xml

@@ -98,9 +98,19 @@
             </revision>
             <revision>
                 <revnumber>2.6.1</revnumber>
-                <date>&REL_MONTH_YEAR;</date>
+                <date>February 2019</date>
                 <revremark>Released with the Yocto Project 2.6.1 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.6.2</revnumber>
+                <date>April 2019</date>
+                <revremark>Released with the Yocto Project 2.6.2 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>2.6.3</revnumber>
+                <date>&REL_MONTH_YEAR;</date>
+                <revremark>Released with the Yocto Project 2.6.3 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/ref-manual/ref-manual.xml

@@ -129,9 +129,19 @@
             </revision>
             <revision>
                 <revnumber>2.6.1</revnumber>
-                <date>&REL_MONTH_YEAR;</date>
+                <date>February 2019</date>
                 <revremark>Released with the Yocto Project 2.6.1 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.6.2</revnumber>
+                <date>April 2019</date>
+                <revremark>Released with the Yocto Project 2.6.2 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>2.6.3</revnumber>
+                <date>&REL_MONTH_YEAR;</date>
+                <revremark>Released with the Yocto Project 2.6.3 Release.</revremark>
+            </revision>
         </revhistory>
 
     <copyright>

documentation/ref-manual/ref-variables.xml

@@ -1350,7 +1350,7 @@
                     For example, the following line specifies three
                     configuration files:
                     <literallayout class='monospaced'>
-     BBMULTIFONFIG = "configA configB configC"
+     BBMULTICONFIG = "configA configB configC"
                     </literallayout>
                     Each configuration file you use must reside in the
                     <link linkend='build-directory'>Build Directory</link>

documentation/sdk-manual/sdk-manual.xml

@@ -63,9 +63,19 @@
             </revision>
             <revision>
                 <revnumber>2.6.1</revnumber>
-                <date>&REL_MONTH_YEAR;</date>
+                <date>February 2019</date>
                 <revremark>Released with the Yocto Project 2.6.1 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.6.2</revnumber>
+                <date>April 2019</date>
+                <revremark>Released with the Yocto Project 2.6.2 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>2.6.3</revnumber>
+                <date>&REL_MONTH_YEAR;</date>
+                <revremark>Released with the Yocto Project 2.6.3 Release.</revremark>
+            </revision>
        </revhistory>
 
     <copyright>

documentation/toaster-manual/toaster-manual.xml

@@ -73,9 +73,19 @@
             </revision>
             <revision>
                 <revnumber>2.6.1</revnumber>
-                <date>&REL_MONTH_YEAR;</date>
+                <date>February 2019</date>
                 <revremark>Released with the Yocto Project 2.6.1 Release.</revremark>
             </revision>
+            <revision>
+                <revnumber>2.6.2</revnumber>
+                <date>April 2019</date>
+                <revremark>Released with the Yocto Project 2.6.2 Release.</revremark>
+            </revision>
+            <revision>
+                <revnumber>2.6.3</revnumber>
+                <date>&REL_MONTH_YEAR;</date>
+                <revremark>Released with the Yocto Project 2.6.3 Release.</revremark>
+            </revision>
        </revhistory>
 
     <copyright>

documentation/tools/mega-manual.sed

@@ -2,39 +2,39 @@
 # This style is for manual folders like "yocto-project-qs" and "poky-ref-manual".
 # This is the old way that did it.  Can't do that now that we have "bitbake-user-manual" strings
 # in the mega-manual.
-# s@"ulink" href="http://www.yoctoproject.org/docs/2.6.1/[a-z]*-[a-z]*-[a-z]*/[a-z]*-[a-z]*-[a-z]*.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.6.1/yocto-project-qs/yocto-project-qs.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.6.1/poky-ref-manual/poky-ref-manual.html#@"link" href="#@g
+# s@"ulink" href="http://www.yoctoproject.org/docs/2.6.3/[a-z]*-[a-z]*-[a-z]*/[a-z]*-[a-z]*-[a-z]*.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/2.6.3/yocto-project-qs/yocto-project-qs.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/2.6.3/poky-ref-manual/poky-ref-manual.html#@"link" href="#@g
 
 # Processes all other manuals (<word>-<word> style) except for the BitBake User Manual because
 # it is not included in the mega-manual.
 # This style is for manual folders that use two word, which is the standard now (e.g. "ref-manual").
 # This was the one-liner that worked before we introduced the BitBake User Manual, which is
 # not in the mega-manual.
-# s@"ulink" href="http://www.yoctoproject.org/docs/2.6.1/[a-z]*-[a-z]*/[a-z]*-[a-z]*.html#@"link" href="#@g
+# s@"ulink" href="http://www.yoctoproject.org/docs/2.6.3/[a-z]*-[a-z]*/[a-z]*-[a-z]*.html#@"link" href="#@g
 
-s@"ulink" href="http://www.yoctoproject.org/docs/2.6.1/sdk-manual/sdk-manual.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.6.1/bsp-guide/bsp-guide.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.6.1/dev-manual/dev-manual.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.6.1/overview-manual/overview-manual.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.6.1/brief-yoctoprojectqs/brief-yoctoprojectqs.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.6.1/kernel-dev/kernel-dev.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.6.1/profile-manual/profile-manual.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.6.1/ref-manual/ref-manual.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.6.1/toaster-manual/toaster-manual.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/2.6.3/sdk-manual/sdk-manual.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/2.6.3/bsp-guide/bsp-guide.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/2.6.3/dev-manual/dev-manual.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/2.6.3/overview-manual/overview-manual.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/2.6.3/brief-yoctoprojectqs/brief-yoctoprojectqs.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/2.6.3/kernel-dev/kernel-dev.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/2.6.3/profile-manual/profile-manual.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/2.6.3/ref-manual/ref-manual.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/2.6.3/toaster-manual/toaster-manual.html#@"link" href="#@g
 
 # Process cases where just an external manual is referenced without an id anchor
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.6.1/brief-yoctoprojectqs/brief-yoctoprojectqs.html" target="_top">Yocto Project Quick Build</a>@Yocto Project Quick Build@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.6.1/yocto-project-qs/yocto-project-qs.html" target="_top">Yocto Project Quick Start</a>@Yocto Project Quick Start@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.6.1/dev-manual/dev-manual.html" target="_top">Yocto Project Development Tasks Manual</a>@Yocto Project Development Tasks Manual@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.6.1/overview-manual/overview-manual.html" target="_top">Yocto Project Overview and Concepts Manual</a>@Yocto project Overview and Concepts Manual@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.6.1/sdk-manual/sdk-manual.html" target="_top">Yocto Project Application Development and the Extensible Software Development Kit (eSDK)</a>@Yocto Project Application Development and the Extensible Software Development Kit (eSDK)@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.6.1/bsp-guide/bsp-guide.html" target="_top">Yocto Project Board Support Package (BSP) Developer's Guide</a>@Yocto Project Board Support Package (BSP) Developer's Guide@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.6.1/profile-manual/profile-manual.html" target="_top">Yocto Project Profiling and Tracing Manual</a>@Yocto Project Profiling and Tracing Manual@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.6.1/kernel-dev/kernel-dev.html" target="_top">Yocto Project Linux Kernel Development Manual</a>@Yocto Project Linux Kernel Development Manual@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.6.1/ref-manual/ref-manual.html" target="_top">Yocto Project Reference Manual</a>@Yocto Project Reference Manual@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.6.1/toaster-manual/toaster-manual.html" target="_top">Toaster User Manual</a>@Toaster User Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.6.3/brief-yoctoprojectqs/brief-yoctoprojectqs.html" target="_top">Yocto Project Quick Build</a>@Yocto Project Quick Build@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.6.3/yocto-project-qs/yocto-project-qs.html" target="_top">Yocto Project Quick Start</a>@Yocto Project Quick Start@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.6.3/dev-manual/dev-manual.html" target="_top">Yocto Project Development Tasks Manual</a>@Yocto Project Development Tasks Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.6.3/overview-manual/overview-manual.html" target="_top">Yocto Project Overview and Concepts Manual</a>@Yocto project Overview and Concepts Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.6.3/sdk-manual/sdk-manual.html" target="_top">Yocto Project Application Development and the Extensible Software Development Kit (eSDK)</a>@Yocto Project Application Development and the Extensible Software Development Kit (eSDK)@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.6.3/bsp-guide/bsp-guide.html" target="_top">Yocto Project Board Support Package (BSP) Developer's Guide</a>@Yocto Project Board Support Package (BSP) Developer's Guide@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.6.3/profile-manual/profile-manual.html" target="_top">Yocto Project Profiling and Tracing Manual</a>@Yocto Project Profiling and Tracing Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.6.3/kernel-dev/kernel-dev.html" target="_top">Yocto Project Linux Kernel Development Manual</a>@Yocto Project Linux Kernel Development Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.6.3/ref-manual/ref-manual.html" target="_top">Yocto Project Reference Manual</a>@Yocto Project Reference Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.6.3/toaster-manual/toaster-manual.html" target="_top">Toaster User Manual</a>@Toaster User Manual@g
 
 # Process a single, rouge occurrence of a linked reference to the Mega-Manual.
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.6.1/mega-manual/mega-manual.html" target="_top">Yocto Project Mega-Manual</a>@Yocto Project Mega-Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.6.3/mega-manual/mega-manual.html" target="_top">Yocto Project Mega-Manual</a>@Yocto Project Mega-Manual@g
 

meta-poky/conf/distro/poky.conf

@@ -1,6 +1,6 @@
 DISTRO = "poky"
 DISTRO_NAME = "Poky (Yocto Project Reference Distro)"
-DISTRO_VERSION = "2.6.2"
+DISTRO_VERSION = "2.6.3"
 DISTRO_CODENAME = "thud"
 SDK_VENDOR = "-pokysdk"
 SDK_VERSION := "${@'${DISTRO_VERSION}'.replace('snapshot-${DATE}','snapshot')}"

meta/classes/image_types.bbclass

@@ -171,7 +171,9 @@ multiubi_mkfs() {
 	echo vol_type=dynamic >> ubinize${vname}-${IMAGE_NAME}.cfg
 	echo vol_name=${UBI_VOLNAME} >> ubinize${vname}-${IMAGE_NAME}.cfg
 	echo vol_flags=autoresize >> ubinize${vname}-${IMAGE_NAME}.cfg
-	mkfs.ubifs -r ${IMAGE_ROOTFS} -o ${IMGDEPLOYDIR}/${IMAGE_NAME}${vname}${IMAGE_NAME_SUFFIX}.ubifs ${mkubifs_args}
+	if [ -n "$vname" ]; then
+		mkfs.ubifs -r ${IMAGE_ROOTFS} -o ${IMGDEPLOYDIR}/${IMAGE_NAME}${vname}${IMAGE_NAME_SUFFIX}.ubifs ${mkubifs_args}
+	fi
 	ubinize -o ${IMGDEPLOYDIR}/${IMAGE_NAME}${vname}${IMAGE_NAME_SUFFIX}.ubi ${ubinize_args} ubinize${vname}-${IMAGE_NAME}.cfg
 
 	# Cleanup cfg file
@@ -205,6 +207,7 @@ IMAGE_CMD_multiubi () {
 IMAGE_CMD_ubi () {
 	multiubi_mkfs "${MKUBIFS_ARGS}" "${UBINIZE_ARGS}"
 }
+IMAGE_TYPEDEP_ubi = "ubifs"
 
 IMAGE_CMD_ubifs = "mkfs.ubifs -r ${IMAGE_ROOTFS} -o ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.ubifs ${MKUBIFS_ARGS}"
 

meta/classes/testimage.bbclass

@@ -314,7 +314,8 @@ def testimage_main(d):
     configuration = get_testimage_configuration(d, 'runtime', machine)
     results.logDetails(get_testimage_json_result_dir(d),
                        configuration,
-                       get_testimage_result_id(configuration))
+                       get_testimage_result_id(configuration),
+                       dump_streams=d.getVar('TESTREPORT_FULLLOGS'))
     results.logSummary(pn)
     if not results.wasSuccessful():
         bb.fatal('%s - FAILED - check the task log and the ssh log' % pn, forcelog=True)

meta/classes/uboot-sign.bbclass

@@ -80,16 +80,16 @@ do_concat_dtb () {
 }
 
 python () {
-	uboot_pn = d.getVar('PREFERRED_PROVIDER_u-boot') or 'u-boot'
-	if d.getVar('UBOOT_SIGN_ENABLE') == '1' and d.getVar('PN') == uboot_pn:
-		kernel_pn = d.getVar('PREFERRED_PROVIDER_virtual/kernel')
+    uboot_pn = d.getVar('PREFERRED_PROVIDER_u-boot') or 'u-boot'
+    if d.getVar('UBOOT_SIGN_ENABLE') == '1' and d.getVar('PN') == uboot_pn:
+        kernel_pn = d.getVar('PREFERRED_PROVIDER_virtual/kernel')
 
-		# u-boot.dtb and u-boot-nodtb.bin are deployed _before_ do_deploy
-		# Thus, do_deploy_setscene will also populate them in DEPLOY_IMAGE_DIR
-		bb.build.addtask('do_deploy_dtb', 'do_deploy', 'do_compile', d)
+        # u-boot.dtb and u-boot-nodtb.bin are deployed _before_ do_deploy
+        # Thus, do_deploy_setscene will also populate them in DEPLOY_IMAGE_DIR
+        bb.build.addtask('do_deploy_dtb', 'do_deploy', 'do_compile', d)
 
-		# do_concat_dtb is scheduled _before_ do_install as it overwrite the
-		# u-boot.bin in both DEPLOYDIR and DEPLOY_IMAGE_DIR.
-		bb.build.addtask('do_concat_dtb', 'do_install', None, d)
-		d.appendVarFlag('do_concat_dtb', 'depends', ' %s:do_assemble_fitimage' % kernel_pn)
+        # do_concat_dtb is scheduled _before_ do_install as it overwrite the
+        # u-boot.bin in both DEPLOYDIR and DEPLOY_IMAGE_DIR.
+        bb.build.addtask('do_concat_dtb', 'do_install', None, d)
+        d.appendVarFlag('do_concat_dtb', 'depends', ' %s:do_assemble_fitimage' % kernel_pn)
 }

meta/classes/uninative.bbclass

@@ -2,7 +2,7 @@ UNINATIVE_LOADER ?= "${UNINATIVE_STAGING_DIR}-uninative/${BUILD_ARCH}-linux/lib/
 UNINATIVE_STAGING_DIR ?= "${STAGING_DIR}"
 
 UNINATIVE_URL ?= "unset"
-UNINATIVE_TARBALL ?= "${BUILD_ARCH}-nativesdk-libc.tar.bz2"
+UNINATIVE_TARBALL ?= "${BUILD_ARCH}-nativesdk-libc.tar.xz"
 # Example checksums
 #UNINATIVE_CHECKSUM[aarch64] = "dead"
 #UNINATIVE_CHECKSUM[i686] = "dead"
@@ -89,7 +89,7 @@ python uninative_event_fetchloader() {
         cmd = d.expand("\
 mkdir -p ${UNINATIVE_STAGING_DIR}-uninative; \
 cd ${UNINATIVE_STAGING_DIR}-uninative; \
-tar -xjf ${UNINATIVE_DLDIR}/%s/${UNINATIVE_TARBALL}; \
+tar -xJf ${UNINATIVE_DLDIR}/%s/${UNINATIVE_TARBALL}; \
 ${UNINATIVE_STAGING_DIR}-uninative/relocate_sdk.py \
   ${UNINATIVE_STAGING_DIR}-uninative/${BUILD_ARCH}-linux \
   ${UNINATIVE_LOADER} \

meta/conf/distro/include/yocto-uninative.inc

@@ -8,7 +8,7 @@
 
 UNINATIVE_MAXGLIBCVERSION = "2.29"
 
-UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/2.4/"
-UNINATIVE_CHECKSUM[aarch64] ?= "af2e2faf6cf00ff45cc1bcd5e3fb00cee7f79b3ec7c3be15917ad4ff8c154cfe"
-UNINATIVE_CHECKSUM[i686] ?= "fafacfc537a6ce2bd122bd16c146881ab5ac69bd575abf6cb68a0dd33fa70ea2"
-UNINATIVE_CHECKSUM[x86_64] ?= "06f91685b782f2ccfedf3070b3ba0fe4a5ba2f0766dad5c9d1642dccf95accd0"
+UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/2.6/"
+UNINATIVE_CHECKSUM[aarch64] ?= "a37118fc8b423f48146120707b81dd15017512c3e8ef9e6ca2cb3a033f4f4046"
+UNINATIVE_CHECKSUM[i686] ?= "3234fc3ded810225071f23a0e9a99f4f8c2480059945a848eff076ce78122ade"
+UNINATIVE_CHECKSUM[x86_64] ?= "133387753a9acf3e1b788103c59fac91e968e2ee331d7a4b9498e926ada7be57"

meta/lib/oe/package_manager.py

@@ -1329,6 +1329,8 @@ class OpkgPM(OpkgDpkgPM):
         cmd = "%s %s" % (self.opkg_cmd, self.opkg_args)
         for exclude in (self.d.getVar("PACKAGE_EXCLUDE") or "").split():
             cmd += " --add-exclude %s" % exclude
+        for bad_recommendation in (self.d.getVar("BAD_RECOMMENDATIONS") or "").split():
+            cmd += " --add-ignore-recommends %s" % bad_recommendation
         cmd += " install "
         cmd += " ".join(pkgs)
 
@@ -1397,45 +1399,6 @@ class OpkgPM(OpkgDpkgPM):
     def list_installed(self):
         return OpkgPkgsList(self.d, self.target_rootfs, self.config_file).list_pkgs()
 
-    def handle_bad_recommendations(self):
-        bad_recommendations = self.d.getVar("BAD_RECOMMENDATIONS") or ""
-        if bad_recommendations.strip() == "":
-            return
-
-        status_file = os.path.join(self.opkg_dir, "status")
-
-        # If status file existed, it means the bad recommendations has already
-        # been handled
-        if os.path.exists(status_file):
-            return
-
-        cmd = "%s %s info " % (self.opkg_cmd, self.opkg_args)
-
-        with open(status_file, "w+") as status:
-            for pkg in bad_recommendations.split():
-                pkg_info = cmd + pkg
-
-                try:
-                    output = subprocess.check_output(pkg_info.split(), stderr=subprocess.STDOUT).strip().decode("utf-8")
-                except subprocess.CalledProcessError as e:
-                    bb.fatal("Cannot get package info. Command '%s' "
-                             "returned %d:\n%s" % (pkg_info, e.returncode, e.output.decode("utf-8")))
-
-                if output == "":
-                    bb.note("Ignored bad recommendation: '%s' is "
-                            "not a package" % pkg)
-                    continue
-
-                for line in output.split('\n'):
-                    if line.startswith("Status:"):
-                        status.write("Status: deinstall hold not-installed\n")
-                    else:
-                        status.write(line + "\n")
-
-                # Append a blank line after each package entry to ensure that it
-                # is separated from the following entry
-                status.write("\n")
-
     def dummy_install(self, pkgs):
         """
         The following function dummy installs pkgs and returns the log of output.

meta/lib/oe/rootfs.py

@@ -879,8 +879,6 @@ class OpkgRootfs(DpkgOpkgRootfs):
 
         self.pm.update()
 
-        self.pm.handle_bad_recommendations()
-
         if self.progress_reporter:
             self.progress_reporter.next_stage()
 

meta/lib/oeqa/core/runner.py

@@ -7,6 +7,7 @@ import unittest
 import logging
 import re
 import json
+import sys
 
 from unittest import TextTestResult as _TestResult
 from unittest import TextTestRunner as _TestRunner
@@ -45,6 +46,9 @@ class OETestResult(_TestResult):
 
         self.tc = tc
 
+        # stdout and stderr for each test case
+        self.logged_output = {}
+
     def startTest(self, test):
         # May have been set by concurrencytest
         if test.id() not in self.starttime:
@@ -53,6 +57,9 @@ class OETestResult(_TestResult):
 
     def stopTest(self, test):
         self.endtime[test.id()] = time.time()
+        if self.buffer:
+            self.logged_output[test.id()] = (
+                    sys.stdout.getvalue(), sys.stderr.getvalue())
         super(OETestResult, self).stopTest(test)
         if test.id() in self.progressinfo:
             self.tc.logger.info(self.progressinfo[test.id()])
@@ -81,11 +88,17 @@ class OETestResult(_TestResult):
 
     def _getTestResultDetails(self, case):
         result_types = {'failures': 'FAILED', 'errors': 'ERROR', 'skipped': 'SKIPPED',
-                        'expectedFailures': 'EXPECTEDFAIL', 'successes': 'PASSED'}
+                        'expectedFailures': 'EXPECTEDFAIL', 'successes': 'PASSED',
+                        'unexpectedSuccesses' : 'PASSED'}
 
         for rtype in result_types:
             found = False
-            for (scase, msg) in getattr(self, rtype):
+            for resultclass in getattr(self, rtype):
+                # unexpectedSuccesses are just lists, not lists of tuples
+                if isinstance(resultclass, tuple):
+                    scase, msg = resultclass
+                else:
+                    scase, msg = resultclass, None
                 if case.id() == scase.id():
                     found = True
                     break
@@ -93,13 +106,13 @@ class OETestResult(_TestResult):
 
                 # When fails at module or class level the class name is passed as string
                 # so figure out to see if match
-                m = re.search(r"^setUpModule \((?P<module_name>.*)\)$", scase_str)
+                m = re.search(r"^setUpModule \((?P<module_name>.*)\).*$", scase_str)
                 if m:
                     if case.__class__.__module__ == m.group('module_name'):
                         found = True
                         break
 
-                m = re.search(r"^setUpClass \((?P<class_name>.*)\)$", scase_str)
+                m = re.search(r"^setUpClass \((?P<class_name>.*)\).*$", scase_str)
                 if m:
                     class_name = "%s.%s" % (case.__class__.__module__,
                                             case.__class__.__name__)
@@ -118,7 +131,8 @@ class OETestResult(_TestResult):
         self.successes.append((test, None))
         super(OETestResult, self).addSuccess(test)
 
-    def logDetails(self, json_file_dir=None, configuration=None, result_id=None):
+    def logDetails(self, json_file_dir=None, configuration=None, result_id=None,
+            dump_streams=False):
         self.tc.logger.info("RESULTS:")
 
         result = {}
@@ -144,10 +158,14 @@ class OETestResult(_TestResult):
             if status not in logs:
                 logs[status] = []
             logs[status].append("RESULTS - %s - Testcase %s: %s%s" % (case.id(), oeid, status, t))
+            report = {'status': status}
             if log:
-                result[case.id()] = {'status': status, 'log': log}
-            else:
-                result[case.id()] = {'status': status}
+                report['log'] = log
+            if dump_streams and case.id() in self.logged_output:
+                (stdout, stderr) = self.logged_output[case.id()]
+                report['stdout'] = stdout
+                report['stderr'] = stderr
+            result[case.id()] = report
 
         for i in ['PASSED', 'SKIPPED', 'EXPECTEDFAIL', 'ERROR', 'FAILED', 'UNKNOWN']:
             if i not in logs:

meta/lib/oeqa/core/target/ssh.py

@@ -207,7 +207,7 @@ def SSHCall(command, logger, timeout=None, **opts):
                 logger.debug('time: %s, endtime: %s' % (time.time(), endtime))
                 try:
                     if select.select([process.stdout], [], [], 5)[0] != []:
-                        reader = codecs.getreader('utf-8')(process.stdout)
+                        reader = codecs.getreader('utf-8')(process.stdout, 'ignore')
                         data = reader.read(1024, 4096)
                         if not data:
                             process.stdout.close()
@@ -234,7 +234,7 @@ def SSHCall(command, logger, timeout=None, **opts):
                 output += lastline
 
         else:
-            output = process.communicate()[0].decode("utf-8", errors='replace')
+            output = process.communicate()[0].decode('utf-8', errors='ignore')
             logger.debug('Data from SSH call: %s' % output.rstrip())
 
     options = {

meta/lib/oeqa/core/utils/concurrencytest.py

@@ -19,6 +19,7 @@ import testtools
 import threading
 import time
 import io
+import subunit
 
 from queue import Queue
 from itertools import cycle
@@ -50,10 +51,11 @@ class BBThreadsafeForwardingResult(ThreadsafeForwardingResult):
     def _add_result_with_semaphore(self, method, test, *args, **kwargs):
         self.semaphore.acquire()
         try:
-            self.result.starttime[test.id()] = self._test_start.timestamp()
-            self.result.threadprogress[self.threadnum].append(test.id())
-            totalprogress = sum(len(x) for x in self.result.threadprogress.values())
-            self.result.progressinfo[test.id()] = "%s: %s/%s %s/%s (%ss) (%s)" % (
+            if self._test_start:
+                self.result.starttime[test.id()] = self._test_start.timestamp()
+                self.result.threadprogress[self.threadnum].append(test.id())
+                totalprogress = sum(len(x) for x in self.result.threadprogress.values())
+                self.result.progressinfo[test.id()] = "%s: %s/%s %s/%s (%ss) (%s)" % (
                     self.threadnum,
                     len(self.result.threadprogress[self.threadnum]),
                     self.totalinprocess,
@@ -65,6 +67,23 @@ class BBThreadsafeForwardingResult(ThreadsafeForwardingResult):
             self.semaphore.release()
         super(BBThreadsafeForwardingResult, self)._add_result_with_semaphore(method, test, *args, **kwargs)
 
+#
+# We have to patch subunit since it doesn't understand how to handle addError
+# outside of a running test case. This can happen if classSetUp() fails
+# for a class of tests. This unfortunately has horrible internal knowledge.
+#
+def outSideTestaddError(self, offset, line):
+    """An 'error:' directive has been read."""
+    test_name = line[offset:-1].decode('utf8')
+    self.parser._current_test = subunit.RemotedTestCase(test_name)
+    self.parser.current_test_description = test_name
+    self.parser._state = self.parser._reading_error_details
+    self.parser._reading_error_details.set_simple()
+    self.parser.subunitLineReceived(line)
+
+subunit._OutSideTest.addError = outSideTestaddError
+
+
 #
 # A dummy structure to add to io.StringIO so that the .buffer object
 # is available and accepts writes. This allows unittest with buffer=True

meta/lib/oeqa/manual/bsp-hw.json

@@ -1,7 +1,7 @@
 [
     {
         "test": {
-            "@alias": "bsps-hw.bsps-tools.rpm_-__install_dependency_package",
+            "@alias": "bsps-hw.bsps-hw.rpm_-__install_dependency_package",
             "author": [
                 {
                     "email": "alexandru.c.georgescu@intel.com",
@@ -27,7 +27,7 @@
     },
     {
         "test": {
-            "@alias": "bsps-hw.bsps-runtime.boot_and_install_from_USB",
+            "@alias": "bsps-hw.bsps-hw.boot_and_install_from_USB",
             "author": [
                 {
                     "email": "alexandru.c.georgescu@intel.com",
@@ -61,7 +61,7 @@
     },
     {
         "test": {
-            "@alias": "bsps-hw.bsps-runtime.live_boot_from_USB",
+            "@alias": "bsps-hw.bsps-hw.live_boot_from_USB",
             "author": [
                 {
                     "email": "juan.fernandox.ramos.frayle@intel.com",
@@ -87,7 +87,7 @@
     },
     {
         "test": {
-            "@alias": "bsps-hw.bsps-runtime.boot_from_runlevel_3",
+            "@alias": "bsps-hw.bsps-hw.boot_from_runlevel_3",
             "author": [
                 {
                     "email": "alexandru.c.georgescu@intel.com",
@@ -121,7 +121,7 @@
     },
     {
         "test": {
-            "@alias": "bsps-hw.bsps-runtime.boot_from_runlevel_5",
+            "@alias": "bsps-hw.bsps-hw.boot_from_runlevel_5",
             "author": [
                 {
                     "email": "alexandru.c.georgescu@intel.com",
@@ -151,7 +151,7 @@
     },
     {
         "test": {
-            "@alias": "bsps-hw.bsps-runtime.shutdown_system",
+            "@alias": "bsps-hw.bsps-hw.shutdown_system",
             "author": [
                 {
                     "email": "alexandru.c.georgescu@intel.com",
@@ -173,7 +173,7 @@
     },
     {
         "test": {
-            "@alias": "bsps-hw.bsps-runtime.reboot_system",
+            "@alias": "bsps-hw.bsps-hw.reboot_system",
             "author": [
                 {
                     "email": "alexandru.c.georgescu@intel.com",
@@ -195,7 +195,7 @@
     },
     {
         "test": {
-            "@alias": "bsps-hw.bsps-runtime.switch_among_multi_applications_and_desktop",
+            "@alias": "bsps-hw.bsps-hw.switch_among_multi_applications_and_desktop",
             "author": [
                 {
                     "email": "alexandru.c.georgescu@intel.com",
@@ -225,7 +225,7 @@
     },
     {
         "test": {
-            "@alias": "bsps-hw.bsps-runtime.USB_-_mount",
+            "@alias": "bsps-hw.bsps-hw.USB_-_mount",
             "author": [
                 {
                     "email": "alexandru.c.georgescu@intel.com",
@@ -251,7 +251,7 @@
     },
     {
         "test": {
-            "@alias": "bsps-hw.bsps-runtime.USB_-_read_files",
+            "@alias": "bsps-hw.bsps-hw.USB_-_read_files",
             "author": [
                 {
                     "email": "alexandru.c.georgescu@intel.com",
@@ -281,7 +281,7 @@
     },
     {
         "test": {
-            "@alias": "bsps-hw.bsps-runtime.USB_-_umount",
+            "@alias": "bsps-hw.bsps-hw.USB_-_umount",
             "author": [
                 {
                     "email": "alexandru.c.georgescu@intel.com",
@@ -307,7 +307,7 @@
     },
     {
         "test": {
-            "@alias": "bsps-hw.bsps-runtime.USB_-_write_files",
+            "@alias": "bsps-hw.bsps-hw.USB_-_write_files",
             "author": [
                 {
                     "email": "alexandru.c.georgescu@intel.com",
@@ -333,7 +333,7 @@
     },
     {
         "test": {
-            "@alias": "bsps-hw.bsps-runtime.ethernet_static_ip_set_in_connman",
+            "@alias": "bsps-hw.bsps-hw.ethernet_static_ip_set_in_connman",
             "author": [
                 {
                     "email": "alexandru.c.georgescu@intel.com",
@@ -367,7 +367,7 @@
     },
     {
         "test": {
-            "@alias": "bsps-hw.bsps-runtime.ethernet_get_IP_in_connman_via_DHCP",
+            "@alias": "bsps-hw.bsps-hw.ethernet_get_IP_in_connman_via_DHCP",
             "author": [
                 {
                     "email": "alexandru.c.georgescu@intel.com",
@@ -397,7 +397,7 @@
     },
     {
         "test": {
-            "@alias": "bsps-hw.bsps-tools.connman_offline_mode_in_connman-gnome",
+            "@alias": "bsps-hw.bsps-hw.connman_offline_mode_in_connman-gnome",
             "author": [
                 {
                     "email": "alexandru.c.georgescu@intel.com",
@@ -419,7 +419,7 @@
     },
     {
         "test": {
-            "@alias": "bsps-hw.bsps-runtime.X_server_can_start_up_with_runlevel_5_boot",
+            "@alias": "bsps-hw.bsps-hw.X_server_can_start_up_with_runlevel_5_boot",
             "author": [
                 {
                     "email": "alexandru.c.georgescu@intel.com",
@@ -441,7 +441,7 @@
     },
     {
         "test": {
-            "@alias": "bsps-hw.bsps-runtime.standby",
+            "@alias": "bsps-hw.bsps-hw.standby",
             "author": [
                 {
                     "email": "alexandru.c.georgescu@intel.com",
@@ -475,7 +475,7 @@
     },
     {
         "test": {
-            "@alias": "bsps-hw.bsps-runtime.check_CPU_utilization_after_standby",
+            "@alias": "bsps-hw.bsps-hw.check_CPU_utilization_after_standby",
             "author": [
                 {
                     "email": "alexandru.c.georgescu@intel.com",
@@ -505,7 +505,7 @@
     },
     {
         "test": {
-            "@alias": "bsps-hw.bsps-runtime.Test_if_LAN_device_works_well_after_resume_from_suspend_state",
+            "@alias": "bsps-hw.bsps-hw.Test_if_LAN_device_works_well_after_resume_from_suspend_state",
             "author": [
                 {
                     "email": "alexandru.c.georgescu@intel.com",
@@ -535,7 +535,7 @@
     },
     {
         "test": {
-            "@alias": "bsps-hw.bsps-runtime.Test_if_usb_hid_device_works_well_after_resume_from_suspend_state",
+            "@alias": "bsps-hw.bsps-hw.Test_if_usb_hid_device_works_well_after_resume_from_suspend_state",
             "author": [
                 {
                     "email": "alexandru.c.georgescu@intel.com",
@@ -565,7 +565,7 @@
     },
     {
         "test": {
-            "@alias": "bsps-hw.bsps-tools.click_terminal_icon_on_X_desktop",
+            "@alias": "bsps-hw.bsps-hw.click_terminal_icon_on_X_desktop",
             "author": [
                 {
                     "email": "alexandru.c.georgescu@intel.com",
@@ -587,7 +587,7 @@
     },
     {
         "test": {
-            "@alias": "bsps-hw.bsps-tools.Add_multiple_files_in_media_player",
+            "@alias": "bsps-hw.bsps-hw.Add_multiple_files_in_media_player",
             "author": [
                 {
                     "email": "alexandru.c.georgescu@intel.com",
@@ -613,7 +613,7 @@
     },
     {
         "test": {
-            "@alias": "bsps-hw.bsps-runtime.check_bash_in_image",
+            "@alias": "bsps-hw.bsps-hw.check_bash_in_image",
             "author": [
                 {
                     "email": "alexandru.c.georgescu@intel.com",
@@ -631,7 +631,7 @@
     },
     {
         "test": {
-            "@alias": "bsps-hw.bsps-runtime.MicroSD_-__mount",
+            "@alias": "bsps-hw.bsps-hw.MicroSD_-__mount",
             "author": [
                 {
                     "email": "alexandru.c.georgescu@intel.com",
@@ -653,7 +653,7 @@
     },
     {
         "test": {
-            "@alias": "bsps-hw.bsps-runtime.MicroSD_-__read_files",
+            "@alias": "bsps-hw.bsps-hw.MicroSD_-__read_files",
             "author": [
                 {
                     "email": "alexandru.c.georgescu@intel.com",
@@ -683,7 +683,7 @@
     },
     {
         "test": {
-            "@alias": "bsps-hw.bsps-runtime.MicroSD_-__umount",
+            "@alias": "bsps-hw.bsps-hw.MicroSD_-__umount",
             "author": [
                 {
                     "email": "alexandru.c.georgescu@intel.com",
@@ -713,7 +713,7 @@
     },
     {
         "test": {
-            "@alias": "bsps-hw.bsps-runtime.MicroSD_-__write_files",
+            "@alias": "bsps-hw.bsps-hw.MicroSD_-__write_files",
             "author": [
                 {
                     "email": "alexandru.c.georgescu@intel.com",
@@ -743,7 +743,7 @@
     },
     {
         "test": {
-            "@alias": "bsps-hw.bsps-tools.video_-_libva_check_(ogg_video_play)",
+            "@alias": "bsps-hw.bsps-hw.video_-_libva_check_(ogg_video_play)",
             "author": [
                 {
                     "email": "alexandru.c.georgescu@intel.com",
@@ -769,29 +769,7 @@
     },
     {
         "test": {
-            "@alias": "bsps-hw.bsps-tools.media_player_-_unable_to_play_MPEG-1_without_\"commercial\"_flag",
-            "author": [
-                {
-                    "email": "alexandru.c.georgescu@intel.com",
-                    "name": "alexandru.c.georgescu@intel.com"
-                }
-            ],
-            "execution": {
-                "1": {
-                    "action": "Copy sample MPEG-1 file to a system without the \"commercial\" flag.",
-                    "expected_results": ""
-                },
-                "2": {
-                    "action": "Launch media player and make sure it cannot play the MPEG-1 file.",
-                    "expected_results": "MPEG-1 file can not be played on images without the \"commercial\" flag. "
-                }
-            },
-            "summary": "media_player_-_unable_to_play_MPEG-1_without_\"commercial\"_flag"
-        }
-    },
-    {
-        "test": {
-            "@alias": "bsps-hw.bsps-tools.media_player_-_play_video_(ogv)",
+            "@alias": "bsps-hw.bsps-hw.media_player_-_play_video_(ogv)",
             "author": [
                 {
                     "email": "alexandru.c.georgescu@intel.com",
@@ -813,7 +791,7 @@
     },
     {
         "test": {
-            "@alias": "bsps-hw.bsps-tools.media_player_-_stop/play_button_(ogv)",
+            "@alias": "bsps-hw.bsps-hw.media_player_-_stop/play_button_(ogv)",
             "author": [
                 {
                     "email": "alexandru.c.georgescu@intel.com",
@@ -843,7 +821,7 @@
     },
     {
         "test": {
-            "@alias": "bsps-hw.bsps-tools.audio_-_play_(ogg)_with_HDMI",
+            "@alias": "bsps-hw.bsps-hw.audio_-_play_(ogg)_with_HDMI",
             "author": [
                 {
                     "email": "alexandru.c.georgescu@intel.com",
@@ -869,7 +847,7 @@
     },
     {
         "test": {
-            "@alias": "bsps-hw.bsps-tools.audio_-_play_(wav)_with_HDMI",
+            "@alias": "bsps-hw.bsps-hw.audio_-_play_(wav)_with_HDMI",
             "author": [
                 {
                     "email": "alexandru.c.georgescu@intel.com",
@@ -895,7 +873,7 @@
     },
     {
         "test": {
-            "@alias": "bsps-hw.bsps-tools.Graphics_-_ABAT",
+            "@alias": "bsps-hw.bsps-hw.Graphics_-_ABAT",
             "author": [
                 {
                     "email": "alexandru.c.georgescu@intel.com",
@@ -921,7 +899,7 @@
     },
     {
         "test": {
-            "@alias": "bsps-hw.bsps-tools.Graphics_-_x11perf_-_2D",
+            "@alias": "bsps-hw.bsps-hw.Graphics_-_x11perf_-_2D",
             "author": [
                 {
                     "email": "alexandru.c.georgescu@intel.com",
@@ -943,33 +921,7 @@
     },
     {
         "test": {
-            "@alias": "bsps-hw.bsps-oe-core.Test_Run_Integrity_-_Check_that_image_is_buildable",
-            "author": [
-                {
-                    "email": "corneliux.stoicescu@intel.com",
-                    "name": "corneliux.stoicescu@intel.com"
-                }
-            ],
-            "execution": {
-                "1": {
-                    "action": "Check that image can be built using either of the following methods:  \n\n",
-                    "expected_results": ""
-                },
-                "2": {
-                    "action": "Check that image is built by autobuilder \nPlease check at: https://autobuilder.yocto.io/pub/releases/ \nChoose the target release that you are validating.  \n\n",
-                    "expected_results": ""
-                },
-                "3": {
-                    "action": "Build image yourself \nPreferred to build an core-image-sato-dev to ease the process of the dependent test cases in this run. \nNote: Please set MACHINE in conf/local.conf ",
-                    "expected_results": "If either method fails, this test case will be failed and dependent test cases will be blocked. "
-                }
-            },
-            "summary": "Test_Run_Integrity_-_Check_that_image_is_buildable"
-        }
-    },
-    {
-        "test": {
-            "@alias": "bsps-hw.bsps-runtime.Check_if_SATA_disk_can_work_correctly",
+            "@alias": "bsps-hw.bsps-hw.Check_if_SATA_disk_can_work_correctly",
             "author": [
                 {
                     "email": "yi.zhao@windriver.com",
@@ -999,7 +951,7 @@
     },
     {
         "test": {
-            "@alias": "bsps-hw.bsps-runtime.Install_and_boot_from_USB-drive_to_HDD-drive",
+            "@alias": "bsps-hw.bsps-hw.Install_and_boot_from_USB-drive_to_HDD-drive",
             "author": [
                 {
                     "email": "david.israelx.rodriguez.castellanos@intel.com",
@@ -1041,7 +993,7 @@
     },
     {
         "test": {
-            "@alias": "bsps-hw.bsps-runtime.Install_and_boot_from_USB-drive_to_SD-drive",
+            "@alias": "bsps-hw.bsps-hw.Install_and_boot_from_USB-drive_to_SD-drive",
             "author": [
                 {
                     "email": "david.israelx.rodriguez.castellanos@intel.com",
@@ -1083,7 +1035,7 @@
     },
     {
         "test": {
-            "@alias": "bsps-hw.bsps-runtime.Test_boot_on_serial_communication_SD",
+            "@alias": "bsps-hw.bsps-hw.Test_boot_on_serial_communication_SD",
             "author": [
                 {
                     "email": "juan.fernandox.ramos.frayle@intel.com",
@@ -1101,7 +1053,7 @@
     },
     {
         "test": {
-            "@alias": "bsps-hw.bsps-runtime.Test_boot_on_serial_communication_HDD",
+            "@alias": "bsps-hw.bsps-hw.Test_boot_on_serial_communication_HDD",
             "author": [
                 {
                     "email": "juan.fernandox.ramos.frayle@intel.com",
@@ -1119,7 +1071,7 @@
     },
     {
         "test": {
-            "@alias": "bsps-hw.bsps-runtime.Test_boot_on_serial_communication_USB",
+            "@alias": "bsps-hw.bsps-hw.Test_boot_on_serial_communication_USB",
             "author": [
                 {
                     "email": "juan.fernandox.ramos.frayle@intel.com",
@@ -1153,7 +1105,7 @@
     },
     {
         "test": {
-            "@alias": "bsps-hw.bsps-runtime.Test_Seek_bar_and_volume_control",
+            "@alias": "bsps-hw.bsps-hw.Test_Seek_bar_and_volume_control",
             "author": [
                 {
                     "email": "juan.fernandox.ramos.frayle@intel.com",
@@ -1196,5 +1148,139 @@
             },
             "summary": "Test_Seek_bar_and_volume_control"
         }
+    },
+    {
+        "test": {
+            "@alias": "bsps-hw.bsps-hw.Check_if_watchdog_can_reset_the_target_system",
+            "author": [
+                {
+                    "email": "yi.zhao@windriver.com",
+                    "name": "yi.zhao@windriver.com"
+                }
+            ],
+            "execution": {
+                "1": {
+                    "action": "1.Check if watchdog device exist in /dev/ directory. Run command echo 1 > /dev/watchdog and wait for 60s. Then, the target will reboot.",
+                    "expected_results": "The watchdog device exist in /dev/ directory and can reboot the target.\n"
+                }
+            },
+            "summary": "Check_if_watchdog_can_reset_the_target_system"
+        }
+    },
+    {
+        "test": {
+            "@alias": "bsps-hw.bsps-hw.Check_if_RTC_(Real_Time_Clock)_can_work_correctly",
+            "author": [
+                {
+                    "email": "yi.zhao@windriver.com",
+                    "name": "yi.zhao@windriver.com"
+                }
+            ],
+            "execution": {
+                "1": {
+                    "action": "Read time from RTC registers.  root@localhost:/root> hwclock -r  Sun Mar 22 04:05:47 1970 -0.001948 seconds ",
+                    "expected_results": "Can read and set the time from RTC.\n"
+                },
+                "2": {
+                    "action": "Set system current time  root@localhost:/root> date 062309452008 ",
+                    "expected_results": ""
+                },
+                "3": {
+                    "action": "Synchronize the system current time to RTC registers  root@localhost:/root> hwclock -w ",
+                    "expected_results": ""
+                },
+                "4": {
+                    "action": "Read time from RTC registers  root@localhost:/root> hwclock -r ",
+                    "expected_results": ""
+                },
+                "5": {
+                    "action": "Reboot target and read time from RTC again\n",
+                    "expected_results": ""
+                }
+            },
+            "summary": "Check_if_RTC_(Real_Time_Clock)_can_work_correctly"
+        }
+    },
+    {
+        "test": {
+            "@alias": "bsps-hw.bsps-hw.Check_if_target_can_support_EEPROM",
+            "author": [
+                {
+                    "email": "yi.zhao@windriver.com",
+                    "name": "yi.zhao@windriver.com"
+                }
+            ],
+            "execution": {
+                "1": {
+                    "action": "Check eeprom device exist in /sys/bus/i2c/devices/ ",
+                    "expected_results": "Hexdump can read data from eeprom.\n"
+                },
+                "2": {
+                    "action": "Run \"hexdump eeprom\" commandroot@mpc8315e-rdb:/sys/bus/i2c/devices/1-0051> hexdump eeprom0000000 9210 0b02 0211 0009 0b52 0108 0c00 3c000000010 6978 6930 6911 208c 7003 3c3c 00f0 8381\u2026\n",
+                    "expected_results": ""
+                }
+            },
+            "summary": "Check_if_target_can_support_EEPROM"
+        }
+    },
+    {
+        "test": {
+            "@alias": "bsps-hw.bsps-hw.System_can_boot_up_via_NFS",
+            "author": [
+                {
+                    "email": "yi.zhao@windriver.com",
+                    "name": "yi.zhao@windriver.com"
+                }
+            ],
+            "execution": {
+                "1": {
+                    "action": "Connect the board's first serial port to your workstation and then start up your favourite serial terminal so that you will be able to interact with the serial console. If you don't have a favourite, picocom is suggested:   $ picocom /dev/ttyS0 -b 115200 ",
+                    "expected_results": "The system can boot up without problem\n"
+                },
+                "2": {
+                    "action": "Power up or reset the board and press a key on the terminal when prompted to get to the U-Boot command line ",
+                    "expected_results": ""
+                },
+                "3": {
+                    "action": "Set up the environment in U-Boot:  => setenv ipaddr   => setenv serverip   ",
+                    "expected_results": ""
+                },
+                "4": {
+                    "action": "Download the kernel and boot:  => tftp tftp $loadaddr vmlinux => bootoctlinux $loadaddr coremask=0x3 root=/dev/nfs rw nfsroot=: ip=::::edgerouter:eth0:off mtdparts=phys_mapped_flash:512k(boot0),512k(boot1),64k@3072k(eeprom)\n",
+                    "expected_results": ""
+                }
+            },
+            "summary": "System_can_boot_up_via_NFS"
+        }
+    },
+    {
+        "test": {
+            "@alias": "bsps-hw.bsps-hw.Boot_from_JFFS2_image",
+            "author": [
+                {
+                    "email": "yi.zhao@windriver.com",
+                    "name": "yi.zhao@windriver.com"
+                }
+            ],
+            "execution": {
+                "1": {
+                    "action": "First boot the board with NFS root. ",
+                    "expected_results": "The system can boot up without problem\n"
+                },
+                "2": {
+                    "action": "Install mtd-utils package. Erase the MTD partition which will be used as root: $ flash_eraseall /dev/mtd3 ",
+                    "expected_results": ""
+                },
+                "3": {
+                    "action": "Copy the JFFS2 image to the MTD partition: $ flashcp core-image-minimal-mpc8315e-rdb.jffs2 /dev/mtd3 ",
+                    "expected_results": ""
+                },
+                "4": {
+                    "action": "Then reboot the board and set up the environment in U-Boot: => setenv bootargs root=/dev/mtdblock3 rootfstype=jffs2 console=ttyS0,115200 ",
+                    "expected_results": ""
+                }
+            },
+            "summary": "Boot_from_JFFS2_image"
+        }
     }
 ]

meta/lib/oeqa/manual/compliance-test.json

@@ -0,0 +1,194 @@
+[
+    {
+        "test": {
+            "@alias": "compliance-test.compliance-test.LTP_subset_test_suite",
+            "author": [
+                {
+                    "email": "corneliux.stoicescu@intel.com",
+                    "name": "corneliux.stoicescu@intel.com"
+                }
+            ],
+            "execution": {
+                "1": {
+                    "action": "For real hardware, run following component, \nsyscalls \nfs \nfsx \ndio \nio \nmm \nipc \nsched \nmath \nnptl \npty \nadmin_tools \ntimers \ncommands  \n\nFor QEMU, run following component \nsyscalls \nmm \nipc \nsched \nmath \nnptl \npty \nadmin_tools \ncommands \n\nRun Instructions: \nLTP download: http://sourceforge.net/projects/ltp/files/LTP%20Source/ltp-20120401/ltp-full-20120401.bz2/download  \n\n(link is outdated, always use the last version released or the one found in the image)  \n\n\n\nbuild steps: refer to http://ltp.sourceforge.net  \n\nRun steps:",
+                    "expected_results": ""
+                },
+                "2": {
+                    "action": "Build LTP with toolchain or in sdk image. Or use a sato-sdk image which has LTP already included in /opt/ltp",
+                    "expected_results": ""
+                },
+                "3": {
+                    "action": "For QEMU, create the qemu target with \"-m 512\", which makes some memory stress cases pass. For some issues, we could only set 128M for qemuarm and 256M for qemumips.",
+                    "expected_results": ""
+                },
+                "4": {
+                    "action": "Copy LTP folder into target, for example, /opt/ltp if you have built it yourself. Modify the default scenario file \"scenario_groups/default\", remove test suites not to be tested",
+                    "expected_results": ""
+                },
+                "5": {
+                    "action": "Comment runtests/sched: hackbench, which is not suitable to run in emulators. Reminder (comment it also for Sugarbay Devices).",
+                    "expected_results": ""
+                },
+                "6": {
+                    "action": "Comment oom01, oom02, oom03, oom04 in runtest/mm, which consume lots of memory",
+                    "expected_results": ""
+                },
+                "7": {
+                    "action": "From /opt/ltp run: ./runltp -p -l result-M2-20101218.log -C result-M2-20101218.fail -d /opt/ltp/tmp &> result-M2-20101218.fulllog \n\n",
+                    "expected_results": "Check the result on wiki, https://wiki.yoctoproject.org/wiki/LTP_result, there should be no regression failure met."
+                }
+            },
+            "summary": "LTP_subset_test_suite"
+        }
+    },
+    {
+        "test": {
+            "@alias": "compliance-test.compliance-test.POSIX_subset_test_suite",
+            "author": [
+                {
+                    "email": "corneliux.stoicescu@intel.com",
+                    "name": "corneliux.stoicescu@intel.com"
+                }
+            ],
+            "execution": {
+                "1": {
+                    "action": "In a sato-sdk image go to /opt/ltp or get latest LTP sourcecode,  download location is  http://sourceforge.net/projects/ltp/files/LTP%20Source/  and install it.",
+                    "expected_results": ""
+                },
+                "2": {
+                    "action": "Go into the folder of LTP, and posix_testsuite is under testcases/open_posix_testsuite/",
+                    "expected_results": ""
+                },
+                "3": {
+                    "action": "Run connmand: make generate-makefiles",
+                    "expected_results": ""
+                },
+                "4": {
+                    "action": "Run connmand: make conformance-all",
+                    "expected_results": ""
+                },
+                "5": {
+                    "action": "Run connmand: make conformance-test (this step may show errors, ignore them)",
+                    "expected_results": ""
+                },
+                "6": {
+                    "action": "Run connmand: make tools-all",
+                    "expected_results": ""
+                },
+                "7": {
+                    "action": "Run connmand: sh posix.sh > posix.log, posix.sh as below:  \n \n#!/bin/sh \n./bin/run-posix-option-group-test.sh AIO \n./bin/run-posix-option-group-test.sh MEM \n./bin/run-posix-option-group-test.sh MSG \n./bin/run-posix-option-group-test.sh SEM \n./bin/run-posix-option-group-test.sh SIG \n./bin/run-posix-option-group-test.sh THR \n./bin/run-posix-option-group-test.sh TMR \n./bin/run-posix-option-group-test.sh TPS  \n \n",
+                    "expected_results": ""
+                },
+                "8": {
+                    "action": "Check the posix.log after testing is finished",
+                    "expected_results": "Compare the test result on wiki, https://wiki.yoctoproject.org/wiki/Posix_result, there should be no more regression failures met."
+                }
+            },
+            "summary": "POSIX_subset_test_suite"
+        }
+    },
+    {
+        "test": {
+            "@alias": "compliance-test.compliance-test.LSB_subset_test_suite",
+            "author": [
+                {
+                    "email": "corneliux.stoicescu@intel.com",
+                    "name": "corneliux.stoicescu@intel.com"
+                }
+            ],
+            "execution": {
+                "1": {
+                    "action": "Get lsd-sdk image and install it on target device or start the image(if it is QEMU) with option \"-m 512M\"",
+                    "expected_results": ""
+                },
+                "2": {
+                    "action": "Comment in /opt/lsb-test/session any tests you don't want to run.",
+                    "expected_results": ""
+                },
+                "3": {
+                    "action": "Run /usr/bin/LSB_Test.sh which should download the LSB suite and set it up. Some packages may fail to download because their location changed on ftp.linuxfoundation.org. You need to manually update /opt/lsb-test/packages_list",
+                    "expected_results": ""
+                },
+                "4": {
+                    "action": "Tests should start automatically, you can use the web interface to reconfigure the setup. ",
+                    "expected_results": "Check the result on wiki https://wiki.yoctoproject.org/wiki/LSB_Result No regression failures should be met."
+                }
+            },
+            "summary": "LSB_subset_test_suite"
+        }
+    },
+    {
+        "test": {
+            "@alias": "compliance-test.compliance-test.stress_test_-_Genericx86-64",
+            "author": [
+                {
+                    "email": "corneliux.stoicescu@intel.com",
+                    "name": "corneliux.stoicescu@intel.com"
+                }
+            ],
+            "execution": {
+                "1": {
+                    "action": "Bootup with core-image-lsb-sdk image",
+                    "expected_results": ""
+                },
+                "2": {
+                    "action": "Execute the crashme test with below command  \n\n./opt/ltp/runltp f  crashme",
+                    "expected_results": "The stress testing should not make the target crash. Check CPU usage and basic functionality of the system after the tests are over. "
+                }
+            },
+            "summary": "stress_test_-_Genericx86-64"
+        }
+    },
+     {
+    "test": {
+      "@alias": "compliance-test.compliance-test.stress_test_-_- crashme_-_-Beaglebone",
+      "author": [
+        {
+          "email": "corneliux.stoicescu@intel.com",
+          "name": "corneliux.stoicescu@intel.com"
+        }
+      ],
+      "execution": {
+        "1": {
+          "action": " Get crashme from http://people.delphiforums.com/gjc/crashme.html",
+          "expected_results": ""
+        },
+        "2": {
+          "action": "Follow the setup steps on above URL, build crashme in target",
+          "expected_results": ""
+        },
+        "3": {
+          "action": " Run crashme for 24 hours",
+          "expected_results": "Target should not crash with the program."
+        }
+      },
+      "summary": "stress_test_-_crashme_-Beaglebone"
+    }
+  },
+  {
+    "test": {
+      "@alias": "compliance-test.compliance-test.stress_test_-_ltp_-Beaglebone",
+      "author": [
+        {
+          "email": "corneliux.stoicescu@intel.com",
+          "name": "corneliux.stoicescu@intel.com"
+        }
+      ],
+      "execution": {
+        "1": {
+          "action": "Build LTP with toolchain or in sdk image",
+          "expected_results": ""
+        },
+        "2": {
+          "action": "Copy LTP folder into target, for example, /opt/ltp. Modify script,  testscripts/ltpstress.sh, set Iostat=1, NO_NETWORK=1",
+          "expected_results": ""
+        },
+        "3": {
+          "action": "cd testscripts/ && ./ltpstress.sh",
+          "expected_results": "This stress case will run for 24 hours Check the result\ntarget should not crash with the program "
+        }
+      },
+      "summary": "stress_test_-_-ltp_-Beaglebone"
+    }
+  }
+]

meta/lib/oeqa/manual/kernel-dev.json

@@ -1,7 +1,7 @@
 [
     {
         "test": {
-            "@alias": "kernel-configuration.kernel-configuration.TCTEMP_2.3_MANUAL_Kernel_dev_defconfig",
+            "@alias": "kernel-dev.kernel-dev.Kernel_dev_defconfig",
             "author": [
                 {
                     "email": "ee.peng.yeoh@intel.com",
@@ -18,12 +18,12 @@
                     "expected_results": "Review expected results on thethe \"Kernel Development Test Cases\"wiki. https://wiki.yoctoproject.org/wiki/Kernel_Development_Test_Cases#Expected_Results_7"
                 }
             },
-            "summary": "TCTEMP_2.3_MANUAL_Kernel_dev_defconfig"
+            "summary": "Kernel_dev_defconfig"
         }
     },
     {
         "test": {
-            "@alias": "kernel-configuration.kernel-configuration.TCTEMP_2.3_MANUAL_Kernel_dev_defconfig+fragments",
+            "@alias": "kernel-dev.kernel-dev.Kernel_dev_defconfig+fragments",
             "author": [
                 {
                     "email": "ee.peng.yeoh@intel.com",
@@ -40,12 +40,12 @@
                     "expected_results": "Review expected results on thethe \"Kernel Development Test Cases\"wiki. https://wiki.yoctoproject.org/wiki/Kernel_Development_Test_Cases#Expected_Results_8"
                 }
             },
-            "summary": "TCTEMP_2.3_MANUAL_Kernel_dev_defconfig+fragments"
+            "summary": "Kernel_dev_defconfig+fragments"
         }
     },
     {
         "test": {
-            "@alias": "kernel-configuration.kernel-configuration.TCTEMP_2.3_MANUAL_Kernel_dev_Applying_patches",
+            "@alias": "kernel-dev.kernel-dev.Kernel_dev_Applying_patches",
             "author": [
                 {
                     "email": "ee.peng.yeoh@intel.com",
@@ -62,12 +62,12 @@
                     "expected_results": "Review expected results on thethe \"Kernel Development Test Cases\"wiki. https://wiki.yoctoproject.org/wiki/Kernel_Development_Test_Cases#Expected_Results"
                 }
             },
-            "summary": "TCTEMP_2.3_MANUAL_Kernel_dev_Applying_patches"
+            "summary": "Kernel_dev_Applying_patches"
         }
     },
     {
         "test": {
-            "@alias": "kernel-configuration.kernel-configuration.TCTEMP_2.3_MANUAL_Kernel_dev_linux-yocto-local-source",
+            "@alias": "kernel-dev.kernel-dev.Kernel_dev_linux-yocto-local-source",
             "author": [
                 {
                     "email": "ee.peng.yeoh@intel.com",
@@ -84,12 +84,12 @@
                     "expected_results": "Review expected results on thethe \"Kernel Development Test Cases\"wiki. https://wiki.yoctoproject.org/wiki/Kernel_Development_Test_Cases#Expected_Results_2"
                 }
             },
-            "summary": "TCTEMP_2.3_MANUAL_Kernel_dev_linux-yocto-local-source"
+            "summary": "Kernel_dev_linux-yocto-local-source"
         }
     },
     {
         "test": {
-            "@alias": "kernel-configuration.kernel-configuration.TCTEMP_2.3_MANUAL_Kernel_dev_linux-yocto-custom-local-source",
+            "@alias": "kernel-dev.kernel-dev.Kernel_dev_linux-yocto-custom-local-source",
             "author": [
                 {
                     "email": "ee.peng.yeoh@intel.com",
@@ -106,12 +106,12 @@
                     "expected_results": "Review expected results on thethe \"Kernel Development Test Cases\"wiki. https://wiki.yoctoproject.org/wiki/Kernel_Development_Test_Cases#Expected_Results_3"
                 }
             },
-            "summary": "TCTEMP_2.3_MANUAL_Kernel_dev_linux-yocto-custom-local-source"
+            "summary": "Kernel_dev_linux-yocto-custom-local-source"
         }
     },
     {
         "test": {
-            "@alias": "kernel-configuration.kernel-configuration.TCTEMP_2.3_MANUAL_Kernel_dev_recipe-space_meta",
+            "@alias": "kernel-dev.kernel-dev.Kernel_dev_recipe-space_meta",
             "author": [
                 {
                     "email": "ee.peng.yeoh@intel.com",
@@ -128,12 +128,12 @@
                     "expected_results": "Review expected results on thethe \"Kernel Development Test Cases\"wiki. https://wiki.yoctoproject.org/wiki/Kernel_Development_Test_Cases#Expected_Results_5"
                 }
             },
-            "summary": "TCTEMP_2.3_MANUAL_Kernel_dev_recipe-space_meta"
+            "summary": "Kernel_dev_recipe-space_meta"
         }
     },
     {
         "test": {
-            "@alias": "kernel-configuration.kernel-configuration.TCTEMP_2.3_MANUAL_Kernel_dev_External_source",
+            "@alias": "kernel-dev.kernel-dev.Kernel_dev_External_source",
             "author": [
                 {
                     "email": "ee.peng.yeoh@intel.com",
@@ -150,12 +150,12 @@
                     "expected_results": "Review expected results on thethe \"Kernel Development Test Cases\"wiki. https://wiki.yoctoproject.org/wiki/Kernel_Development_Test_Cases#Expected_Results_6"
                 }
             },
-            "summary": "TCTEMP_2.3_MANUAL_Kernel_dev_External_source"
+            "summary": "Kernel_dev_External_source"
         }
     },
     {
         "test": {
-            "@alias": "kernel-configuration.kernel-configuration.TCTEMP_2.3_MANUAL_Kernel_dev_building_external_modules(hello-mod)",
+            "@alias": "kernel-dev.kernel-dev.Kernel_dev_building_external_modules(hello-mod)",
             "author": [
                 {
                     "email": "ee.peng.yeoh@intel.com",
@@ -172,12 +172,12 @@
                     "expected_results": "Review expected results on thethe \"Kernel Development Test Cases\"wiki. https://wiki.yoctoproject.org/wiki/Kernel_Development_Test_Cases#Expected_Results_10"
                 }
             },
-            "summary": "TCTEMP_2.3_MANUAL_Kernel_dev_building_external_modules(hello-mod)"
+            "summary": "Kernel_dev_building_external_modules(hello-mod)"
         }
     },
     {
         "test": {
-            "@alias": "kernel-configuration.kernel-configuration.TCTEMP_2.3_MANUAL_Kernel_dev_local_parallel_meta",
+            "@alias": "kernel-dev.kernel-dev.Kernel_dev_local_parallel_meta",
             "author": [
                 {
                     "email": "ee.peng.yeoh@intel.com",
@@ -194,7 +194,7 @@
                     "expected_results": "Review expected results on thethe \"Kernel Development Test Cases\"wiki. https://wiki.yoctoproject.org/wiki/Kernel_Development_Test_Cases#Expected_Results_4"
                 }
             },
-            "summary": "TCTEMP_2.3_MANUAL_Kernel_dev_local_parallel_meta"
+            "summary": "Kernel_dev_local_parallel_meta"
         }
     }
 ]

meta/lib/oeqa/manual/sdk.json

@@ -1,7 +1,7 @@
 [
     {
         "test": {
-            "@alias": "sdk.sdk_runqemu.test_sdk_toolchain_can_run_multiple_QEMU_machines_under_UNFS",
+            "@alias": "sdk.sdk_runqemu.test_install_cross_toolchain_can_run_multiple_qemu_for_x86",
             "author": [
                 {
                     "email": "ee.peng.yeoh@intel.com",
@@ -11,22 +11,22 @@
             "execution": {
                 "1": {
                     "action": "Prepare kernel, rootfs tar.bz2 image, and qemu configuration  \n    \ta. Download kernel, rootfs tar.bz2 image and qemu configuration from public autobuilder webpage  \n    \tb. Goto https://autobuilder.yocto.io/pub/releases/<target_release>/machines/qemu/qemux86/ \n    \tc. Download  \n    \t  \ti. rootfs tar.bz2: core-image-sato-sdk-qemux86.tar.bz2 \n      \t\tii. kernel: bzImage-qemux86.bin \n      \t\tiii. qemu configuration: core-image-sato-sdk-qemux86.qemuboot.conf ",
-                    "expected_results": ""
+                    "expected_results": "Download completes successfully."
                 },
                 "2": {
-                    "action": "Download & install sdk toolchain from public autobuilder \n    \ta. Goto https://autobuilder.yocto.io/pub/releases/<target_release>/toolchain/x86_64/ \n    \tb. Download poky-glibc-x86_64-core-image-sato-sdk-<type-arch>-toolchain-<release-version>.sh \n    \tc. Run command: poky-glibc-x86_64-core-image-sato-sdk-<type-arch>-toolchain-<release-version>.sh",
-                    "expected_results": ""
+                    "action": "Download & install toolchain tarball matching your host from public autobuilder \n    \ta. Goto https://autobuilder.yocto.io/pub/releases/<target_release>/toolchain/x86_64/ \n    \tb. Download poky-glibc-x86_64-core-image-sato-<type-arch>-toolchain-<release-version>.sh \n    \tc. Run command: poky-glibc-x86_64-core-image-sato-<type-arch>-toolchain-<release-version>.sh \n    \td. After installation toolchain  Run source command :   source  /toolchain-installed-path/environment-setup-<architecture name>-poky-linux",
+                    "expected_results": "Toolchain gets installed successfully."
                 },
                 "3": {
                     "action": "Extract rootfs twice into two images \n    \ta. Run 2 commands below:  \n                  runqemu-extract-sdk core-image-sato-sdk-qemux86.tar.bz2 qemux86_rootfs_image1  \n                  runqemu-extract-sdk core-image-sato-sdk-qemux86.tar.bz2 qemux86_rootfs_image2",
-                    "expected_results": ""
+                    "expected_results": "Both images build successfully."
                 },
                 "4": {
-                    "action": " From the 2 terminals, start qemu to boot up both two images \n    \ta. Run 2 commands below:  \n                  runqemu core-image-sato-sdk-qemux86.qemuboot.conf qemux86_rootfs_image1  \n                  runqemu core-image-sato-sdk-qemux86.qemuboot.conf qemux86_rootfs_image2 ",
+                    "action": " From the 2 terminals, start qemu to boot up both two images \n    \ta. Run 2 commands below:  \n                  runqemu <kernel-name> core-image-sato-sdk-qemux86.qemuboot.conf qemux86_rootfs_image1  \n                  runqemu <kernel-name> core-image-sato-sdk-qemux86.qemuboot.conf qemux86_rootfs_image2 ",
                     "expected_results": "Expect both qemu to boot up successfully."
                 }
             },
-            "summary": "test_sdk_toolchain_can_run_multiple_QEMU_machines_under_UNFS"
+            "summary": "test_install_cross_toolchain_can_run_multiple_qemu_for_x86"
         }
     }
 ]

meta/lib/oeqa/sdk/case.py

@@ -8,5 +8,5 @@ from oeqa.core.case import OETestCase
 class OESDKTestCase(OETestCase):
     def _run(self, cmd):
         return subprocess.check_output(". %s > /dev/null; %s;" % \
-                (self.tc.sdk_env, cmd), shell=True,
+                (self.tc.sdk_env, cmd), shell=True, executable="/bin/bash",
                 stderr=subprocess.STDOUT, universal_newlines=True)

meta/lib/oeqa/sdk/utils/sdkbuildproject.py

@@ -42,7 +42,8 @@ class SDKBuildProject(BuildProject):
     def _run(self, cmd):
         self.log("Running . %s; " % self.sdkenv + cmd)
         try:
-            output = subprocess.check_output(". %s; " % self.sdkenv + cmd, shell=True, stderr=subprocess.STDOUT)
+            output = subprocess.check_output(". %s; " % self.sdkenv + cmd, shell=True,
+                                             executable='/bin/bash', stderr=subprocess.STDOUT)
         except subprocess.CalledProcessError as exc:
             print(exc.output.decode('utf-8'))
             return exc.returncode

meta/lib/oeqa/selftest/cases/pkgdata.py

@@ -13,6 +13,7 @@ class OePkgdataUtilTests(OESelftestTestCase):
         super(OePkgdataUtilTests, cls).setUpClass()
         # Ensure we have the right data in pkgdata
         cls.logger.info('Running bitbake to generate pkgdata')
+        bitbake('target-sdk-provides-dummy -c clean')
         bitbake('busybox zlib m4')
 
     @OETestID(1203)

meta/lib/oeqa/targetcontrol.py

@@ -159,7 +159,7 @@ class QemuTarget(BaseTarget):
 
     def start(self, params=None, ssh=True, extra_bootparams='', runqemuparams='', launch_cmd='', discard_writes=True):
         if launch_cmd:
-            start = self.runner.launch(get_ip=ssh, launch_cmd=launch_cmd)
+            start = self.runner.launch(get_ip=ssh, launch_cmd=launch_cmd, qemuparams=params)
         else:
             start = self.runner.start(params, get_ip=ssh, extra_bootparams=extra_bootparams, runqemuparams=runqemuparams, discard_writes=discard_writes)
 

meta/lib/oeqa/utils/qemurunner.py

@@ -320,6 +320,7 @@ class QemuRunner:
                 self.logger.debug("Target didn't reach login banner in %d seconds (%s)" %
                                   (self.boottime, time.strftime("%D %H:%M:%S")))
             tail = lambda l: "\n".join(l.splitlines()[-25:])
+            bootlog = bootlog.decode("utf-8")
             # in case bootlog is empty, use tail qemu log store at self.msg
             lines = tail(bootlog if bootlog else self.msg)
             self.logger.debug("Last 25 lines of text:\n%s" % lines)

meta/recipes-connectivity/avahi/avahi.inc

@@ -19,7 +19,9 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \
                     file://avahi-daemon/main.c;endline=21;md5=9ee77368c5407af77caaef1b07285969 \
                     file://avahi-client/client.h;endline=23;md5=f4ac741a25c4f434039ba3e18c8674cf"
 
-SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}.tar.gz"
+SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}.tar.gz \
+           file://fix-CVE-2017-6519.patch \
+           "
 
 UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/"
 SRC_URI[md5sum] = "d76c59d0882ac6c256d70a2a585362a6"

meta/recipes-connectivity/avahi/files/fix-CVE-2017-6519.patch

@@ -0,0 +1,48 @@
+Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/e111def]
+
+CVE: CVE-2017-6519
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From e111def44a7df4624a4aa3f85fe98054bffb6b4f Mon Sep 17 00:00:00 2001
+From: Trent Lloyd <trent@lloyd.id.au>
+Date: Sat, 22 Dec 2018 09:06:07 +0800
+Subject: [PATCH] Drop legacy unicast queries from address not on local link
+
+When handling legacy unicast queries, ensure that the source IP is
+inside a subnet on the local link, otherwise drop the packet.
+
+Fixes #145
+Fixes #203
+CVE-2017-6519
+CVE-2018-1000845
+---
+ avahi-core/server.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/avahi-core/server.c b/avahi-core/server.c
+index a2cb19a8..a2580e38 100644
+--- a/avahi-core/server.c
++++ b/avahi-core/server.c
+@@ -930,6 +930,7 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres
+ 
+     if (avahi_dns_packet_is_query(p)) {
+         int legacy_unicast = 0;
++        char t[AVAHI_ADDRESS_STR_MAX];
+ 
+         /* For queries EDNS0 might allow ARCOUNT != 0. We ignore the
+          * AR section completely here, so far. Until the day we add
+@@ -947,6 +948,13 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres
+             legacy_unicast = 1;
+         }
+ 
++        if (!is_mdns_mcast_address(dst_address) &&
++            !avahi_interface_address_on_link(i, src_address)) {
++
++            avahi_log_debug("Received non-local unicast query from host %s on interface '%s.%i'.", avahi_address_snprint(t, sizeof(t), src_address), i->hardware->name, i->protocol);
++            return;
++        }
++
+         if (legacy_unicast)
+             reflect_legacy_unicast_query_packet(s, p, i, src_address, port);
+ 

meta/recipes-connectivity/bluez5/bluez5.inc

@@ -41,7 +41,7 @@ PACKAGECONFIG[sixaxis] = "--enable-sixaxis,--disable-sixaxis"
 PACKAGECONFIG[tools] = "--enable-tools,--disable-tools"
 PACKAGECONFIG[threads] = "--enable-threads,--disable-threads"
 PACKAGECONFIG[deprecated] = "--enable-deprecated,--disable-deprecated"
-PACKAGECONFIG[mesh] = "--enable-mesh,--disable-mesh, json-c"
+PACKAGECONFIG[mesh] = "--enable-mesh,--disable-mesh, json-c ell"
 PACKAGECONFIG[btpclient] = "--enable-btpclient,--disable-btpclient, ell"
 
 SRC_URI = "\
@@ -53,6 +53,7 @@ SRC_URI = "\
     file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \
     file://0001-test-gatt-Fix-hung-issue.patch \
     file://0001-Makefile.am-Fix-a-race-issue-for-tools.patch \
+    file://CVE-2018-10910.patch \
 "
 S = "${WORKDIR}/bluez-${PV}"
 

meta/recipes-connectivity/bluez5/bluez5/CVE-2018-10910.patch

@@ -0,0 +1,705 @@
+A bug in Bluez may allow for the Bluetooth Discoverable state being set to on
+when no Bluetooth agent is registered with the system. This situation could
+lead to the unauthorized pairing of certain Bluetooth devices without any
+form of authentication.
+
+CVE: CVE-2018-10910
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+Subject:    [PATCH BlueZ 1/4] client: Add discoverable-timeout command
+From:       Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
+Date:       2018-07-25 10:20:32
+Message-ID: 20180725102035.19439-1-luiz.dentz () gmail ! com
+[Download RAW message or body]
+
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+
+This adds discoverable-timeout command which can be used to get/set
+DiscoverableTimeout property:
+
+[bluetooth]# discoverable-timeout 180
+Changing discoverable-timeout 180 succeeded
+---
+ client/main.c | 43 +++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 43 insertions(+)
+
+diff --git a/client/main.c b/client/main.c
+index 87323d8f7..59820c6d9 100644
+--- a/client/main.c
++++ b/client/main.c
+@@ -1061,6 +1061,47 @@ static void cmd_discoverable(int argc, char *argv[])
+ 	return bt_shell_noninteractive_quit(EXIT_FAILURE);
+ }
+ 
++static void cmd_discoverable_timeout(int argc, char *argv[])
++{
++	uint32_t value;
++	char *endptr = NULL;
++	char *str;
++
++	if (argc < 2) {
++		DBusMessageIter iter;
++
++		if (!g_dbus_proxy_get_property(default_ctrl->proxy,
++					"DiscoverableTimeout", &iter)) {
++			bt_shell_printf("Unable to get DiscoverableTimeout\n");
++			return bt_shell_noninteractive_quit(EXIT_FAILURE);
++		}
++
++		dbus_message_iter_get_basic(&iter, &value);
++
++		bt_shell_printf("DiscoverableTimeout: %d seconds\n", value);
++
++		return;
++	}
++
++	value = strtol(argv[1], &endptr, 0);
++	if (!endptr || *endptr != '\0' || value > UINT32_MAX) {
++		bt_shell_printf("Invalid argument\n");
++		return bt_shell_noninteractive_quit(EXIT_FAILURE);
++	}
++
++	str = g_strdup_printf("discoverable-timeout %d", value);
++
++	if (g_dbus_proxy_set_property_basic(default_ctrl->proxy,
++					"DiscoverableTimeout",
++					DBUS_TYPE_UINT32, &value,
++					generic_callback, str, g_free))
++		return;
++
++	g_free(str);
++
++	return bt_shell_noninteractive_quit(EXIT_FAILURE);
++}
++
+ static void cmd_agent(int argc, char *argv[])
+ {
+ 	dbus_bool_t enable;
+@@ -2549,6 +2590,8 @@ static const struct bt_shell_menu main_menu = {
+ 	{ "discoverable", "<on/off>", cmd_discoverable,
+ 					"Set controller discoverable mode",
+ 							NULL },
++	{ "discoverable-timeout", "[value]", cmd_discoverable_timeout,
++					"Set discoverable timeout", NULL },
+ 	{ "agent",        "<on/off/capability>", cmd_agent,
+ 				"Enable/disable agent with given capability",
+ 							capability_generator},
+-- 
+2.17.1
+
+Subject:    [PATCH BlueZ 2/4] client: Make show command print DiscoverableTimeout
+From:       Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
+Date:       2018-07-25 10:20:33
+Message-ID: 20180725102035.19439-2-luiz.dentz () gmail ! com
+[Download RAW message or body]
+
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+
+Controller XX:XX:XX:XX:XX:XX (public)
+	Name: Vudentz's T460s
+	Alias: Intel-1
+	Class: 0x004c010c
+	Powered: yes
+	Discoverable: no
+	DiscoverableTimeout: 0x00000000
+	Pairable: yes
+	UUID: Headset AG                (00001112-0000-1000-8000-00805f9b34fb)
+	UUID: Generic Attribute Profile (00001801-0000-1000-8000-00805f9b34fb)
+	UUID: A/V Remote Control        (0000110e-0000-1000-8000-00805f9b34fb)
+	UUID: SIM Access                (0000112d-0000-1000-8000-00805f9b34fb)
+	UUID: Generic Access Profile    (00001800-0000-1000-8000-00805f9b34fb)
+	UUID: PnP Information           (00001200-0000-1000-8000-00805f9b34fb)
+	UUID: A/V Remote Control Target (0000110c-0000-1000-8000-00805f9b34fb)
+	UUID: Audio Source              (0000110a-0000-1000-8000-00805f9b34fb)
+	UUID: Audio Sink                (0000110b-0000-1000-8000-00805f9b34fb)
+	UUID: Headset                   (00001108-0000-1000-8000-00805f9b34fb)
+	Modalias: usb:v1D6Bp0246d0532
+	Discovering: no
+---
+ client/main.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/client/main.c b/client/main.c
+index 59820c6d9..6f472d050 100644
+--- a/client/main.c
++++ b/client/main.c
+@@ -877,6 +877,7 @@ static void cmd_show(int argc, char *argv[])
+ 	print_property(proxy, "Class");
+ 	print_property(proxy, "Powered");
+ 	print_property(proxy, "Discoverable");
++	print_property(proxy, "DiscoverableTimeout");
+ 	print_property(proxy, "Pairable");
+ 	print_uuids(proxy);
+ 	print_property(proxy, "Modalias");
+-- 
+2.17.1
+Subject:    [PATCH BlueZ 3/4] adapter: Track pending settings
+From:       Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
+Date:       2018-07-25 10:20:34
+Message-ID: 20180725102035.19439-3-luiz.dentz () gmail ! com
+[Download RAW message or body]
+
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+
+This tracks settings being changed and in case the settings is already
+pending considered it to be done.
+---
+ src/adapter.c | 30 ++++++++++++++++++++++++++++--
+ 1 file changed, 28 insertions(+), 2 deletions(-)
+
+diff --git a/src/adapter.c b/src/adapter.c
+index af340fd6e..20c20f9e9 100644
+--- a/src/adapter.c
++++ b/src/adapter.c
+@@ -196,6 +196,7 @@ struct btd_adapter {
+ 	char *name;			/* controller device name */
+ 	char *short_name;		/* controller short name */
+ 	uint32_t supported_settings;	/* controller supported settings */
++	uint32_t pending_settings;	/* pending controller settings */
+ 	uint32_t current_settings;	/* current controller settings */
+ 
+ 	char *path;			/* adapter object path */
+@@ -509,8 +510,10 @@ static void settings_changed(struct btd_adapter *adapter, uint32_t settings)
+ 	changed_mask = adapter->current_settings ^ settings;
+ 
+ 	adapter->current_settings = settings;
++	adapter->pending_settings &= ~changed_mask;
+ 
+ 	DBG("Changed settings: 0x%08x", changed_mask);
++	DBG("Pending settings: 0x%08x", adapter->pending_settings);
+ 
+ 	if (changed_mask & MGMT_SETTING_POWERED) {
+ 	        g_dbus_emit_property_changed(dbus_conn, adapter->path,
+@@ -596,10 +599,31 @@ static bool set_mode(struct btd_adapter *adapter, uint16_t opcode,
+ 							uint8_t mode)
+ {
+ 	struct mgmt_mode cp;
++	uint32_t setting = 0;
+ 
+ 	memset(&cp, 0, sizeof(cp));
+ 	cp.val = mode;
+ 
++	switch (mode) {
++	case MGMT_OP_SET_POWERED:
++		setting = MGMT_SETTING_POWERED;
++		break;
++	case MGMT_OP_SET_CONNECTABLE:
++		setting = MGMT_SETTING_CONNECTABLE;
++		break;
++	case MGMT_OP_SET_FAST_CONNECTABLE:
++		setting = MGMT_SETTING_FAST_CONNECTABLE;
++		break;
++	case MGMT_OP_SET_DISCOVERABLE:
++		setting = MGMT_SETTING_DISCOVERABLE;
++		break;
++	case MGMT_OP_SET_BONDABLE:
++		setting = MGMT_SETTING_DISCOVERABLE;
++		break;
++	}
++
++	adapter->pending_settings |= setting;
++
+ 	DBG("sending set mode command for index %u", adapter->dev_id);
+ 
+ 	if (mgmt_send(adapter->mgmt, opcode,
+@@ -2739,13 +2763,15 @@ static void property_set_mode(struct btd_adapter *adapter, uint32_t setting,
+ 	else
+ 		current_enable = FALSE;
+ 
+-	if (enable == current_enable) {
++	if (enable == current_enable || adapter->pending_settings & setting) {
+ 		g_dbus_pending_property_success(id);
+ 		return;
+ 	}
+ 
+ 	mode = (enable == TRUE) ? 0x01 : 0x00;
+ 
++	adapter->pending_settings |= setting;
++
+ 	switch (setting) {
+ 	case MGMT_SETTING_POWERED:
+ 		opcode = MGMT_OP_SET_POWERED;
+@@ -2798,7 +2824,7 @@ static void property_set_mode(struct btd_adapter *adapter, uint32_t setting,
+ 	data->id = id;
+ 
+ 	if (mgmt_send(adapter->mgmt, opcode, adapter->dev_id, len, param,
+-				property_set_mode_complete, data, g_free) > 0)
++			property_set_mode_complete, data, g_free) > 0)
+ 		return;
+ 
+ 	g_free(data);
+-- 
+2.17.1
+Subject:    [PATCH BlueZ 4/4] adapter: Check pending when setting DiscoverableTimeout
+From:       Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
+Date:       2018-07-25 10:20:35
+Message-ID: 20180725102035.19439-4-luiz.dentz () gmail ! com
+[Download RAW message or body]
+
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+
+This makes DiscoverableTimeout check if discoverable is already pending
+and don't attempt to set it once again which may cause discoverable to
+be re-enabled when in fact the application just want to set the timeout
+alone.
+---
+ src/adapter.c | 14 +++++++++++++-
+ 1 file changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/src/adapter.c b/src/adapter.c
+index 20c20f9e9..f92c897c7 100644
+--- a/src/adapter.c
++++ b/src/adapter.c
+@@ -2901,6 +2901,7 @@ static void property_set_discoverable_timeout(
+ 				GDBusPendingPropertySet id, void *user_data)
+ {
+ 	struct btd_adapter *adapter = user_data;
++	bool enabled;
+ 	dbus_uint32_t value;
+ 
+ 	dbus_message_iter_get_basic(iter, &value);
+@@ -2914,8 +2915,19 @@ static void property_set_discoverable_timeout(
+ 	g_dbus_emit_property_changed(dbus_conn, adapter->path,
+ 				ADAPTER_INTERFACE, "DiscoverableTimeout");
+ 
++	if (adapter->pending_settings & MGMT_SETTING_DISCOVERABLE) {
++		if (adapter->current_settings & MGMT_SETTING_DISCOVERABLE)
++			enabled = false;
++		else
++			enabled = true;
++	} else {
++		if (adapter->current_settings & MGMT_SETTING_DISCOVERABLE)
++			enabled = true;
++		else
++			enabled = false;
++	}
+ 
+-	if (adapter->current_settings & MGMT_SETTING_DISCOVERABLE)
++	if (enabled)
+ 		set_discoverable(adapter, 0x01, adapter->discoverable_timeout);
+ }
+ 
+-- 
+2.17.1
+Subject:    [PATCH BlueZ 1/5] doc/adapter-api: Add Discoverable option to SetDiscoveryFilter
+From:       Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
+Date:       2018-07-26 14:17:19
+Message-ID: 20180726141723.20199-1-luiz.dentz () gmail ! com
+[Download RAW message or body]
+
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+
+This enables the client to set its discoverable setting while
+discovering which is very typical situation as usually the setings
+application would allow incoming pairing request while scanning, so
+this would reduce the number of calls setting Discoverable and
+DiscoverableTimeout and restoring after done with discovery.
+---
+ doc/adapter-api.txt | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/doc/adapter-api.txt b/doc/adapter-api.txt
+index d14d0ca50..4791af2c7 100644
+--- a/doc/adapter-api.txt
++++ b/doc/adapter-api.txt
+@@ -113,6 +113,12 @@ Methods		void StartDiscovery()
+ 				generated for either ManufacturerData and
+ 				ServiceData everytime they are discovered.
+ 
++			bool Discoverable (Default: false)
++
++				Make adapter discoverable while discovering,
++				if the adapter is already discoverable this
++				setting this filter won't do anything.
++
+ 			When discovery filter is set, Device objects will be
+ 			created as new devices with matching criteria are
+ 			discovered regardless of they are connectable or
+-- 
+2.17.1
+Subject:    [PATCH BlueZ 2/5] adapter: Discovery filter discoverable
+From:       Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
+Date:       2018-07-26 14:17:20
+Message-ID: 20180726141723.20199-2-luiz.dentz () gmail ! com
+[Download RAW message or body]
+
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+
+This implements the discovery filter discoverable and tracks which
+clients had enabled it and restores the settings when the last client
+enabling it exits.
+---
+ src/adapter.c | 56 +++++++++++++++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 54 insertions(+), 2 deletions(-)
+
+diff --git a/src/adapter.c b/src/adapter.c
+index f92c897c7..bd9edddc6 100644
+--- a/src/adapter.c
++++ b/src/adapter.c
+@@ -157,6 +157,7 @@ struct discovery_filter {
+ 	int16_t rssi;
+ 	GSList *uuids;
+ 	bool duplicate;
++	bool discoverable;
+ };
+ 
+ struct watch_client {
+@@ -214,6 +215,7 @@ struct btd_adapter {
+ 
+ 	bool discovering;		/* discovering property state */
+ 	bool filtered_discovery;	/* we are doing filtered discovery */
++	bool filtered_discoverable;	/* we are doing filtered discovery */
+ 	bool no_scan_restart_delay;	/* when this flag is set, restart scan
+ 					 * without delay */
+ 	uint8_t discovery_type;		/* current active discovery type */
+@@ -1842,6 +1844,16 @@ static void discovery_free(void *user_data)
+ 	g_free(client);
+ }
+ 
++static bool set_filtered_discoverable(struct btd_adapter *adapter, bool enable)
++{
++	if (adapter->filtered_discoverable == enable)
++		return true;
++
++	adapter->filtered_discoverable = enable;
++
++	return set_discoverable(adapter, enable, 0);
++}
++
+ static void discovery_remove(struct watch_client *client)
+ {
+ 	struct btd_adapter *adapter = client->adapter;
+@@ -1854,6 +1866,22 @@ static void discovery_remove(struct watch_client *client)
+ 	adapter->discovery_list = g_slist_remove(adapter->discovery_list,
+ 								client);
+ 
++	if (adapter->filtered_discoverable &&
++			client->discovery_filter->discoverable) {
++		GSList *l;
++
++		for (l = adapter->discovery_list; l; l = g_slist_next(l)) {
++			struct watch_client *client = l->data;
++
++			if (client->discovery_filter->discoverable)
++				break;
++		}
++
++		/* Disable filtered discoverable if there are no clients */
++		if (!l)
++			set_filtered_discoverable(adapter, false);
++	}
++
+ 	discovery_free(client);
+ 
+ 	/*
+@@ -2224,6 +2252,15 @@ static DBusMessage *start_discovery(DBusConnection *conn,
+ 					     adapter->set_filter_list, client);
+ 		adapter->discovery_list = g_slist_prepend(
+ 					      adapter->discovery_list, client);
++
++		/* Reset discoverable filter if already set */
++		if (adapter->current_settings & MGMT_OP_SET_DISCOVERABLE)
++			goto done;
++
++		/* Set discoverable if filter requires and it*/
++		if (client->discovery_filter->discoverable)
++			set_filtered_discoverable(adapter, true);
++
+ 		goto done;
+ 	}
+ 
+@@ -2348,6 +2385,17 @@ static bool parse_duplicate_data(DBusMessageIter *value,
+ 	return true;
+ }
+ 
++static bool parse_discoverable(DBusMessageIter *value,
++					struct discovery_filter *filter)
++{
++	if (dbus_message_iter_get_arg_type(value) != DBUS_TYPE_BOOLEAN)
++		return false;
++
++	dbus_message_iter_get_basic(value, &filter->discoverable);
++
++	return true;
++}
++
+ struct filter_parser {
+ 	const char *name;
+ 	bool (*func)(DBusMessageIter *iter, struct discovery_filter *filter);
+@@ -2357,6 +2405,7 @@ struct filter_parser {
+ 	{ "Pathloss", parse_pathloss },
+ 	{ "Transport", parse_transport },
+ 	{ "DuplicateData", parse_duplicate_data },
++	{ "Discoverable", parse_discoverable },
+ 	{ }
+ };
+ 
+@@ -2396,6 +2445,7 @@ static bool parse_discovery_filter_dict(struct btd_adapter *adapter,
+ 	(*filter)->rssi = DISTANCE_VAL_INVALID;
+ 	(*filter)->type = get_scan_type(adapter);
+ 	(*filter)->duplicate = false;
++	(*filter)->discoverable = false;
+ 
+ 	dbus_message_iter_init(msg, &iter);
+ 	if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_ARRAY ||
+@@ -2441,8 +2491,10 @@ static bool parse_discovery_filter_dict(struct btd_adapter *adapter,
+ 		goto invalid_args;
+ 
+ 	DBG("filtered discovery params: transport: %d rssi: %d pathloss: %d "
+-		" duplicate data: %s ", (*filter)->type, (*filter)->rssi,
+-		(*filter)->pathloss, (*filter)->duplicate ? "true" : "false");
++		" duplicate data: %s discoverable %s", (*filter)->type,
++		(*filter)->rssi, (*filter)->pathloss,
++		(*filter)->duplicate ? "true" : "false",
++		(*filter)->discoverable ? "true" : "false");
+ 
+ 	return true;
+ 
+-- 
+2.17.1
+Subject:    [PATCH BlueZ 3/5] client: Add scan.discoverable command
+From:       Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
+Date:       2018-07-26 14:17:21
+Message-ID: 20180726141723.20199-3-luiz.dentz () gmail ! com
+[Download RAW message or body]
+
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+
+This adds discoverable command to scan menu which can be used to set
+if adapter should become discoverable while scanning:
+
+[bluetooth]# scan.discoverable on
+[bluetooth]# scan on
+SetDiscoveryFilter success
+[CHG] Controller XX:XX:XX:XX:XX:XX Discoverable: yes
+Discovery started
+[CHG] Controller XX:XX:XX:XX:XX:XX Discovering: yes
+[bluetooth]# scan off
+Discovery stopped
+[CHG] Controller XX:XX:XX:XX:XX:XX Discoverable: no
+---
+ client/main.c | 29 +++++++++++++++++++++++++++++
+ 1 file changed, 29 insertions(+)
+
+diff --git a/client/main.c b/client/main.c
+index 6f472d050..6e6f6d2fb 100644
+--- a/client/main.c
++++ b/client/main.c
+@@ -1166,6 +1166,7 @@ static struct set_discovery_filter_args {
+ 	char **uuids;
+ 	size_t uuids_len;
+ 	dbus_bool_t duplicate;
++	dbus_bool_t discoverable;
+ 	bool set;
+ } filter = {
+ 	.rssi = DISTANCE_VAL_INVALID,
+@@ -1205,6 +1206,11 @@ static void set_discovery_filter_setup(DBusMessageIter *iter, void *user_data)
+ 						DBUS_TYPE_BOOLEAN,
+ 						&args->duplicate);
+ 
++	if (args->discoverable)
++		g_dbus_dict_append_entry(&dict, "Discoverable",
++						DBUS_TYPE_BOOLEAN,
++						&args->discoverable);
++
+ 	dbus_message_iter_close_container(iter, &dict);
+ }
+ 
+@@ -1362,6 +1368,26 @@ static void cmd_scan_filter_duplicate_data(int argc, char *argv[])
+ 	filter.set = false;
+ }
+ 
++static void cmd_scan_filter_discoverable(int argc, char *argv[])
++{
++	if (argc < 2 || !strlen(argv[1])) {
++		bt_shell_printf("Discoverable: %s\n",
++				filter.discoverable ? "on" : "off");
++		return bt_shell_noninteractive_quit(EXIT_SUCCESS);
++	}
++
++	if (!strcmp(argv[1], "on"))
++		filter.discoverable = true;
++	else if (!strcmp(argv[1], "off"))
++		filter.discoverable = false;
++	else {
++		bt_shell_printf("Invalid option: %s\n", argv[1]);
++		return bt_shell_noninteractive_quit(EXIT_FAILURE);
++	}
++
++	filter.set = false;
++}
++
+ static void filter_clear_uuids(void)
+ {
+ 	g_strfreev(filter.uuids);
+@@ -2510,6 +2536,9 @@ static const struct bt_shell_menu scan_menu = {
+ 	{ "duplicate-data", "[on/off]", cmd_scan_filter_duplicate_data,
+ 				"Set/Get duplicate data filter",
+ 				NULL },
++	{ "discoverable", "[on/off]", cmd_scan_filter_discoverable,
++				"Set/Get discoverable filter",
++				NULL },
+ 	{ "clear", "[uuids/rssi/pathloss/transport/duplicate-data]",
+ 				cmd_scan_filter_clear,
+ 				"Clears discovery filter.",
+-- 
+2.17.1
+Subject:    [PATCH BlueZ 4/5] client: Add scan.clear discoverable
+From:       Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
+Date:       2018-07-26 14:17:22
+Message-ID: 20180726141723.20199-4-luiz.dentz () gmail ! com
+[Download RAW message or body]
+
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+
+This implements scan.clear for discoverable filter.
+---
+ client/main.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/client/main.c b/client/main.c
+index 6e6f6d2fb..1a66a3ab4 100644
+--- a/client/main.c
++++ b/client/main.c
+@@ -1416,6 +1416,11 @@ static void filter_clear_duplicate(void)
+ 	filter.duplicate = false;
+ }
+ 
++static void filter_clear_discoverable(void)
++{
++	filter.discoverable = false;
++}
++
+ struct clear_entry {
+ 	const char *name;
+ 	void (*clear) (void);
+@@ -1427,6 +1432,7 @@ static const struct clear_entry filter_clear[] = {
+ 	{ "pathloss", filter_clear_pathloss },
+ 	{ "transport", filter_clear_transport },
+ 	{ "duplicate-data", filter_clear_duplicate },
++	{ "discoverable", filter_clear_discoverable },
+ 	{}
+ };
+ 
+@@ -2539,7 +2545,8 @@ static const struct bt_shell_menu scan_menu = {
+ 	{ "discoverable", "[on/off]", cmd_scan_filter_discoverable,
+ 				"Set/Get discoverable filter",
+ 				NULL },
+-	{ "clear", "[uuids/rssi/pathloss/transport/duplicate-data]",
++	{ "clear",
++		"[uuids/rssi/pathloss/transport/duplicate-data/discoverable]",
+ 				cmd_scan_filter_clear,
+ 				"Clears discovery filter.",
+ 				filter_clear_generator },
+-- 
+2.17.1
+Subject:    [PATCH BlueZ 5/5] adapter: Fix not keeping discovery filters
+From:       Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
+Date:       2018-07-26 14:17:23
+Message-ID: 20180726141723.20199-5-luiz.dentz () gmail ! com
+[Download RAW message or body]
+
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+
+If the discovery has been stopped and the client has set filters those
+should be put back into filter list since the client may still be
+interested in using them the next time it start a scanning.
+---
+ src/adapter.c | 25 ++++++++++++++++---------
+ 1 file changed, 16 insertions(+), 9 deletions(-)
+
+diff --git a/src/adapter.c b/src/adapter.c
+index bd9edddc6..822bd3472 100644
+--- a/src/adapter.c
++++ b/src/adapter.c
+@@ -1854,7 +1854,7 @@ static bool set_filtered_discoverable(struct btd_adapter *adapter, bool enable)
+ 	return set_discoverable(adapter, enable, 0);
+ }
+ 
+-static void discovery_remove(struct watch_client *client)
++static void discovery_remove(struct watch_client *client, bool exit)
+ {
+ 	struct btd_adapter *adapter = client->adapter;
+ 
+@@ -1882,7 +1882,11 @@ static void discovery_remove(struct watch_client *client)
+ 			set_filtered_discoverable(adapter, false);
+ 	}
+ 
+-	discovery_free(client);
++	if (!exit && client->discovery_filter)
++		adapter->set_filter_list = g_slist_prepend(
++					adapter->set_filter_list, client);
++	else
++		discovery_free(client);
+ 
+ 	/*
+ 	 * If there are other client discoveries in progress, then leave
+@@ -1911,8 +1915,11 @@ static void stop_discovery_complete(uint8_t status, uint16_t length,
+ 		goto done;
+ 	}
+ 
+-	if (client->msg)
++	if (client->msg) {
+ 		g_dbus_send_reply(dbus_conn, client->msg, DBUS_TYPE_INVALID);
++		dbus_message_unref(client->msg);
++		client->msg = NULL;
++	}
+ 
+ 	adapter->discovery_type = 0x00;
+ 	adapter->discovery_enable = 0x00;
+@@ -1925,7 +1932,7 @@ static void stop_discovery_complete(uint8_t status, uint16_t length,
+ 	trigger_passive_scanning(adapter);
+ 
+ done:
+-	discovery_remove(client);
++	discovery_remove(client, false);
+ }
+ 
+ static int compare_sender(gconstpointer a, gconstpointer b)
+@@ -2146,14 +2153,14 @@ static int update_discovery_filter(struct btd_adapter *adapter)
+ 	return -EINPROGRESS;
+ }
+ 
+-static int discovery_stop(struct watch_client *client)
++static int discovery_stop(struct watch_client *client, bool exit)
+ {
+ 	struct btd_adapter *adapter = client->adapter;
+ 	struct mgmt_cp_stop_discovery cp;
+ 
+ 	/* Check if there are more client discovering */
+ 	if (g_slist_next(adapter->discovery_list)) {
+-		discovery_remove(client);
++		discovery_remove(client, exit);
+ 		update_discovery_filter(adapter);
+ 		return 0;
+ 	}
+@@ -2163,7 +2170,7 @@ static int discovery_stop(struct watch_client *client)
+ 	 * and so it is enough to send out the signal and just return.
+ 	 */
+ 	if (adapter->discovery_enable == 0x00) {
+-		discovery_remove(client);
++		discovery_remove(client, exit);
+ 		adapter->discovering = false;
+ 		g_dbus_emit_property_changed(dbus_conn, adapter->path,
+ 					ADAPTER_INTERFACE, "Discovering");
+@@ -2188,7 +2195,7 @@ static void discovery_disconnect(DBusConnection *conn, void *user_data)
+ 
+ 	DBG("owner %s", client->owner);
+ 
+-	discovery_stop(client);
++	discovery_stop(client, true);
+ }
+ 
+ /*
+@@ -2586,7 +2593,7 @@ static DBusMessage *stop_discovery(DBusConnection *conn,
+ 	if (client->msg)
+ 		return btd_error_busy(msg);
+ 
+-	err = discovery_stop(client);
++	err = discovery_stop(client, false);
+ 	switch (err) {
+ 	case 0:
+ 		return dbus_message_new_method_return(msg);
+-- 
+2.17.1

meta/recipes-connectivity/bluez5/bluez5/init

@@ -1,5 +1,8 @@
 #!/bin/sh
 
+# Source function library
+. /etc/init.d/functions
+
 PATH=/sbin:/bin:/usr/sbin:/usr/bin
 DESC=bluetooth
 
@@ -44,14 +47,7 @@ case $1 in
 	$0 start
   ;;
   status)
-	 pidof ${DAEMON} >/dev/null
-	 status=$?
-        if [ $status -eq 0 ]; then
-                 echo "bluetooth is running."
-        else
-                echo "bluetooth is not running"
-        fi
-        exit $status
+	status ${DAEMON} || exit $?
    ;;
    *)
 	N=/etc/init.d/bluetooth

meta/recipes-connectivity/openssl/openssl/CVE-2019-1543.patch

@@ -0,0 +1,69 @@
+Upstream-Status: Backport [https://github.com/openssl/openssl/commit/f426625b6ae9a7831010750490a5f0ad689c5ba3]
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From f426625b6ae9a7831010750490a5f0ad689c5ba3 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Tue, 5 Mar 2019 14:39:15 +0000
+Subject: [PATCH] Prevent over long nonces in ChaCha20-Poly1305
+
+ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for
+every encryption operation. RFC 7539 specifies that the nonce value (IV)
+should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and
+front pads the nonce with 0 bytes if it is less than 12 bytes. However it
+also incorrectly allows a nonce to be set of up to 16 bytes. In this case
+only the last 12 bytes are significant and any additional leading bytes are
+ignored.
+
+It is a requirement of using this cipher that nonce values are unique.
+Messages encrypted using a reused nonce value are susceptible to serious
+confidentiality and integrity attacks. If an application changes the
+default nonce length to be longer than 12 bytes and then makes a change to
+the leading bytes of the nonce expecting the new value to be a new unique
+nonce then such an application could inadvertently encrypt messages with a
+reused nonce.
+
+Additionally the ignored bytes in a long nonce are not covered by the
+integrity guarantee of this cipher. Any application that relies on the
+integrity of these ignored leading bytes of a long nonce may be further
+affected.
+
+Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe
+because no such use sets such a long nonce value. However user
+applications that use this cipher directly and set a non-default nonce
+length to be longer than 12 bytes may be vulnerable.
+
+CVE: CVE-2019-1543
+
+Fixes #8345
+
+Reviewed-by: Paul Dale <paul.dale@oracle.com>
+Reviewed-by: Richard Levitte <levitte@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/8406)
+
+(cherry picked from commit 2a3d0ee9d59156c48973592331404471aca886d6)
+---
+ crypto/evp/e_chacha20_poly1305.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c
+index c1917bb86a6..d3e2c622a1b 100644
+--- a/crypto/evp/e_chacha20_poly1305.c
++++ b/crypto/evp/e_chacha20_poly1305.c
+@@ -30,6 +30,8 @@ typedef struct {
+ 
+ #define data(ctx)   ((EVP_CHACHA_KEY *)(ctx)->cipher_data)
+ 
++#define CHACHA20_POLY1305_MAX_IVLEN     12
++
+ static int chacha_init_key(EVP_CIPHER_CTX *ctx,
+                            const unsigned char user_key[CHACHA_KEY_SIZE],
+                            const unsigned char iv[CHACHA_CTR_SIZE], int enc)
+@@ -533,7 +535,7 @@ static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+         return 1;
+ 
+     case EVP_CTRL_AEAD_SET_IVLEN:
+-        if (arg <= 0 || arg > CHACHA_CTR_SIZE)
++        if (arg <= 0 || arg > CHACHA20_POLY1305_MAX_IVLEN)
+             return 0;
+         actx->nonce_len = arg;
+         return 1;

meta/recipes-connectivity/openssl/openssl/afalg.patch

@@ -0,0 +1,31 @@
+Don't refuse to build afalgeng if cross-compiling or the host kernel is too old.
+
+Upstream-Status: Submitted [hhttps://github.com/openssl/openssl/pull/7688]
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+diff --git a/Configure b/Configure
+index 3baa8ce..9ef52ed 100755
+--- a/Configure
++++ b/Configure
+@@ -1550,20 +1550,7 @@ unless ($disabled{"crypto-mdebug-backtrace"})
+ unless ($disabled{afalgeng}) {
+     $config{afalgeng}="";
+     if (grep { $_ eq 'afalgeng' } @{$target{enable}}) {
+-        my $minver = 4*10000 + 1*100 + 0;
+-        if ($config{CROSS_COMPILE} eq "") {
+-            my $verstr = `uname -r`;
+-            my ($ma, $mi1, $mi2) = split("\\.", $verstr);
+-            ($mi2) = $mi2 =~ /(\d+)/;
+-            my $ver = $ma*10000 + $mi1*100 + $mi2;
+-            if ($ver < $minver) {
+-                $disabled{afalgeng} = "too-old-kernel";
+-            } else {
+-                push @{$config{engdirs}}, "afalg";
+-            }
+-        } else {
+-            $disabled{afalgeng} = "cross-compiling";
+-        }
++        push @{$config{engdirs}}, "afalg";
+     } else {
+         $disabled{afalgeng}  = "not-linux";
+     }

meta/recipes-connectivity/openssl/openssl/run-ptest

@@ -9,4 +9,4 @@ export TOP=.
 # OPENSSL_ENGINES is relative from the test binaries
 export OPENSSL_ENGINES=../engines
 
-perl ./test/run_tests.pl $*
+perl ./test/run_tests.pl $* | perl -0pe 's#(.*) \.*.ok#PASS: \1#g; s#(.*) \.*.skipped: (.*)#SKIP: \1 (\2)#g; s#(.*) \.*.\nDubious#FAIL: \1#;'

meta/recipes-connectivity/openssl/openssl10_1.0.2r.bb

@@ -53,8 +53,8 @@ SRC_URI_append_class-nativesdk = " \
            file://environment.d-openssl.sh \
            "
 
-SRC_URI[md5sum] = "7563e1ce046cb21948eeb6ba1a0eb71c"
-SRC_URI[sha256sum] = "5744cfcbcec2b1b48629f7354203bc1e5e9b5466998bbccc5b5fcde3b18eb684"
+SRC_URI[md5sum] = "0d2baaf04c56d542f6cc757b9c2a2aac"
+SRC_URI[sha256sum] = "ae51d08bba8a83958e894946f15303ff894d75c2b8bbd44a852b64e3fe11d0d6"
 
 S = "${WORKDIR}/openssl-${PV}"
 

meta/recipes-connectivity/openssl/openssl_1.1.1b.bb

@@ -7,7 +7,7 @@ SECTION = "libs/network"
 # "openssl" here actually means both OpenSSL and SSLeay licenses apply
 # (see meta/files/common-licenses/OpenSSL to which "openssl" is SPDXLICENSEMAPped)
 LICENSE = "openssl"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=d57d511030c9d66ef5f5966bee5a7eff"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=d343e62fc9c833710bbbed25f27364c8"
 
 DEPENDS = "hostperl-runtime-native"
 
@@ -16,17 +16,25 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
            file://openssl-c_rehash.sh \
            file://0001-skip-test_symbol_presence.patch \
            file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
+           file://afalg.patch \
+           file://CVE-2019-1543.patch \
            "
 
 SRC_URI_append_class-nativesdk = " \
            file://environment.d-openssl.sh \
            "
 
-SRC_URI[md5sum] = "963deb2272d6be7d4c2458afd2517b73"
-SRC_URI[sha256sum] = "fc20130f8b7cbd2fb918b2f14e2f429e109c31ddd0fb38fc5d71d9ffed3f9f41"
+SRC_URI[md5sum] = "4532712e7bcc9414f5bce995e4e13930"
+SRC_URI[sha256sum] = "5c557b023230413dfb0756f3137a13e6d726838ccd1430888ad15bfb2b43ea4b"
 
 inherit lib_package multilib_header ptest
 
+PACKAGECONFIG ?= ""
+PACKAGECONFIG_class-native = ""
+PACKAGECONFIG_class-nativesdk = ""
+
+PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux"
+
 B = "${WORKDIR}/build"
 do_configure[cleandirs] = "${B}"
 
@@ -197,7 +205,7 @@ CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
 RRECOMMENDS_libcrypto += "openssl-conf"
 RDEPENDS_${PN}-bin = "perl"
 RDEPENDS_${PN}-misc = "perl"
-RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash python"
+RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash"
 
 RPROVIDES_openssl-conf = "openssl10-conf"
 RREPLACES_openssl-conf = "openssl10-conf"

meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch

@@ -0,0 +1,52 @@
+From 94c401733a5a3d294cc412671166e6adfb409f53 Mon Sep 17 00:00:00 2001
+From: Joshua DeWeese <jdeweese@hennypenny.com>
+Date: Wed, 30 Jan 2019 16:19:47 -0500
+Subject: [PATCH] replace systemd install Alias with WantedBy
+
+According to the systemd documentation "WantedBy=foo.service in a
+service bar.service is mostly equivalent to
+Alias=foo.service.wants/bar.service in the same file." However,
+this is not really the intended purpose of install Aliases.
+
+Upstream-Status: Submitted [hostap@lists.infradead.org]
+
+Signed-off-by: Joshua DeWeese <jdeweese@hennypenny.com>
+---
+ wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in | 2 +-
+ wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in   | 2 +-
+ wpa_supplicant/systemd/wpa_supplicant.service.arg.in         | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in
+index 03ac507..da69a87 100644
+--- a/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in
++++ b/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in
+@@ -12,4 +12,4 @@ Type=simple
+ ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-nl80211-%I.conf -Dnl80211 -i%I
+ 
+ [Install]
+-Alias=multi-user.target.wants/wpa_supplicant-nl80211@%i.service
++WantedBy=multi-user.target
+diff --git a/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in
+index c8a744d..ca3054b 100644
+--- a/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in
++++ b/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in
+@@ -12,4 +12,4 @@ Type=simple
+ ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-wired-%I.conf -Dwired -i%I
+ 
+ [Install]
+-Alias=multi-user.target.wants/wpa_supplicant-wired@%i.service
++WantedBy=multi-user.target
+diff --git a/wpa_supplicant/systemd/wpa_supplicant.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant.service.arg.in
+index 7788b38..55d2b9c 100644
+--- a/wpa_supplicant/systemd/wpa_supplicant.service.arg.in
++++ b/wpa_supplicant/systemd/wpa_supplicant.service.arg.in
+@@ -12,4 +12,4 @@ Type=simple
+ ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-%I.conf -i%I
+ 
+ [Install]
+-Alias=multi-user.target.wants/wpa_supplicant@%i.service
++WantedBy=multi-user.target
+-- 
+2.7.4
+

meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb

@@ -33,6 +33,7 @@ SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz  \
            file://key-replay-cve-multiple7.patch \
            file://key-replay-cve-multiple8.patch \
            file://wpa_supplicant-CVE-2018-14526.patch \
+           file://0001-replace-systemd-install-Alias-with-WantedBy.patch \
           "
 SRC_URI[md5sum] = "091569eb4440b7d7f2b4276dbfc03c3c"
 SRC_URI[sha256sum] = "b4936d34c4e6cdd44954beba74296d964bc2c9668ecaa5255e499636fe2b1450"

meta/recipes-core/busybox/busybox/CVE-2018-20679.patch

@@ -0,0 +1,142 @@
+From 6d3b4bb24da9a07c263f3c1acf8df85382ff562c Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Mon, 17 Dec 2018 18:07:18 +0100
+Subject: [PATCH] udhcpc: check that 4-byte options are indeed 4-byte, closes
+ 11506
+
+function                                             old     new   delta
+udhcp_get_option32                                     -      27     +27
+udhcp_get_option                                     231     248     +17
+------------------------------------------------------------------------------
+(add/remove: 1/0 grow/shrink: 1/0 up/down: 44/0)               Total: 44 bytes
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+
+Upstream-Status: Backport
+CVE: CVE-2018-20679
+
+Affects < 1.30.0
+
+signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ networking/udhcp/common.c | 19 +++++++++++++++++++
+ networking/udhcp/common.h |  4 ++++
+ networking/udhcp/dhcpc.c  |  6 +++---
+ networking/udhcp/dhcpd.c  |  6 +++---
+ 4 files changed, 29 insertions(+), 6 deletions(-)
+
+Index: busybox-1.29.3/networking/udhcp/common.c
+===================================================================
+--- busybox-1.29.3.orig/networking/udhcp/common.c
++++ busybox-1.29.3/networking/udhcp/common.c
+@@ -270,6 +270,15 @@ uint8_t* FAST_FUNC udhcp_get_option(stru
+ 			goto complain; /* complain and return NULL */
+ 
+ 		if (optionptr[OPT_CODE] == code) {
++			if (optionptr[OPT_LEN] == 0) {
++				/* So far no valid option with length 0 known.
++				 * Having this check means that searching
++				 * for DHCP_MESSAGE_TYPE need not worry
++				 * that returned pointer might be unsafe
++				 * to dereference.
++				 */
++				goto complain; /* complain and return NULL */
++			}
+ 			log_option("option found", optionptr);
+ 			return optionptr + OPT_DATA;
+ 		}
+@@ -287,6 +296,16 @@ uint8_t* FAST_FUNC udhcp_get_option(stru
+ 	return NULL;
+ }
+ 
++uint8_t* FAST_FUNC udhcp_get_option32(struct dhcp_packet *packet, int code)
++{
++	uint8_t *r = udhcp_get_option(packet, code);
++	if (r) {
++		if (r[-1] != 4)
++			r = NULL;
++	}
++	return r;
++}
++
+ /* Return the position of the 'end' option (no bounds checking) */
+ int FAST_FUNC udhcp_end_option(uint8_t *optionptr)
+ {
+Index: busybox-1.29.3/networking/udhcp/common.h
+===================================================================
+--- busybox-1.29.3.orig/networking/udhcp/common.h
++++ busybox-1.29.3/networking/udhcp/common.h
+@@ -204,6 +204,10 @@ extern const uint8_t dhcp_option_lengths
+ unsigned FAST_FUNC udhcp_option_idx(const char *name, const char *option_strings);
+ 
+ uint8_t *udhcp_get_option(struct dhcp_packet *packet, int code) FAST_FUNC;
++/* Same as above + ensures that option length is 4 bytes
++ * (returns NULL if size is different)
++ */
++uint8_t *udhcp_get_option32(struct dhcp_packet *packet, int code) FAST_FUNC;
+ int udhcp_end_option(uint8_t *optionptr) FAST_FUNC;
+ void udhcp_add_binary_option(struct dhcp_packet *packet, uint8_t *addopt) FAST_FUNC;
+ #if ENABLE_UDHCPC || ENABLE_UDHCPD
+Index: busybox-1.29.3/networking/udhcp/dhcpc.c
+===================================================================
+--- busybox-1.29.3.orig/networking/udhcp/dhcpc.c
++++ busybox-1.29.3/networking/udhcp/dhcpc.c
+@@ -1694,7 +1694,7 @@ int udhcpc_main(int argc UNUSED_PARAM, c
+  * They say ISC DHCP client supports this case.
+  */
+ 				server_addr = 0;
+-				temp = udhcp_get_option(&packet, DHCP_SERVER_ID);
++				temp = udhcp_get_option32(&packet, DHCP_SERVER_ID);
+ 				if (!temp) {
+ 					bb_error_msg("no server ID, using 0.0.0.0");
+ 				} else {
+@@ -1721,7 +1721,7 @@ int udhcpc_main(int argc UNUSED_PARAM, c
+ 				struct in_addr temp_addr;
+ 				uint8_t *temp;
+ 
+-				temp = udhcp_get_option(&packet, DHCP_LEASE_TIME);
++				temp = udhcp_get_option32(&packet, DHCP_LEASE_TIME);
+ 				if (!temp) {
+ 					bb_error_msg("no lease time with ACK, using 1 hour lease");
+ 					lease_seconds = 60 * 60;
+@@ -1817,7 +1817,7 @@ int udhcpc_main(int argc UNUSED_PARAM, c
+ 					uint32_t svid;
+ 					uint8_t *temp;
+ 
+-					temp = udhcp_get_option(&packet, DHCP_SERVER_ID);
++					temp = udhcp_get_option32(&packet, DHCP_SERVER_ID);
+ 					if (!temp) {
+  non_matching_svid:
+ 						log1("received DHCP NAK with wrong"
+Index: busybox-1.29.3/networking/udhcp/dhcpd.c
+===================================================================
+--- busybox-1.29.3.orig/networking/udhcp/dhcpd.c
++++ busybox-1.29.3/networking/udhcp/dhcpd.c
+@@ -640,7 +640,7 @@ static void add_server_options(struct dh
+ static uint32_t select_lease_time(struct dhcp_packet *packet)
+ {
+ 	uint32_t lease_time_sec = server_config.max_lease_sec;
+-	uint8_t *lease_time_opt = udhcp_get_option(packet, DHCP_LEASE_TIME);
++	uint8_t *lease_time_opt = udhcp_get_option32(packet, DHCP_LEASE_TIME);
+ 	if (lease_time_opt) {
+ 		move_from_unaligned32(lease_time_sec, lease_time_opt);
+ 		lease_time_sec = ntohl(lease_time_sec);
+@@ -987,7 +987,7 @@ int udhcpd_main(int argc UNUSED_PARAM, c
+ 		}
+ 
+ 		/* Get SERVER_ID if present */
+-		server_id_opt = udhcp_get_option(&packet, DHCP_SERVER_ID);
++		server_id_opt = udhcp_get_option32(&packet, DHCP_SERVER_ID);
+ 		if (server_id_opt) {
+ 			uint32_t server_id_network_order;
+ 			move_from_unaligned32(server_id_network_order, server_id_opt);
+@@ -1011,7 +1011,7 @@ int udhcpd_main(int argc UNUSED_PARAM, c
+ 		}
+ 
+ 		/* Get REQUESTED_IP if present */
+-		requested_ip_opt = udhcp_get_option(&packet, DHCP_REQUESTED_IP);
++		requested_ip_opt = udhcp_get_option32(&packet, DHCP_REQUESTED_IP);
+ 		if (requested_ip_opt) {
+ 			move_from_unaligned32(requested_nip, requested_ip_opt);
+ 		}

meta/recipes-core/busybox/busybox/CVE-2019-5747.patch

@@ -0,0 +1,60 @@
+From 74d9f1ba37010face4bd1449df4d60dd84450b06 Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Mon, 7 Jan 2019 15:33:42 +0100
+Subject: [PATCH] udhcpc: when decoding DHCP_SUBNET, ensure it is 4 bytes long
+
+function                                             old     new   delta
+udhcp_run_script                                     795     801      +6
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+
+Upstream-Status: Backport
+CVE: CVE-2019-5747
+Affects < 1.30.0
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ networking/udhcp/common.c | 2 +-
+ networking/udhcp/common.h | 2 +-
+ networking/udhcp/dhcpc.c  | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+Index: busybox-1.29.3/networking/udhcp/common.c
+===================================================================
+--- busybox-1.29.3.orig/networking/udhcp/common.c
++++ busybox-1.29.3/networking/udhcp/common.c
+@@ -300,7 +300,7 @@ uint8_t* FAST_FUNC udhcp_get_option32(st
+ {
+ 	uint8_t *r = udhcp_get_option(packet, code);
+ 	if (r) {
+-		if (r[-1] != 4)
++		if (r[-OPT_DATA + OPT_LEN] != 4)
+ 			r = NULL;
+ 	}
+ 	return r;
+Index: busybox-1.29.3/networking/udhcp/common.h
+===================================================================
+--- busybox-1.29.3.orig/networking/udhcp/common.h
++++ busybox-1.29.3/networking/udhcp/common.h
+@@ -119,7 +119,7 @@ enum {
+ //#define DHCP_TIME_SERVER      0x04 /* RFC 868 time server (32-bit, 0 = 1.1.1900) */
+ //#define DHCP_NAME_SERVER      0x05 /* IEN 116 _really_ ancient kind of NS */
+ //#define DHCP_DNS_SERVER       0x06
+-//#define DHCP_LOG_SERVER       0x07 /* port 704 UDP log (not syslog)
++//#define DHCP_LOG_SERVER       0x07 /* port 704 UDP log (not syslog) */
+ //#define DHCP_COOKIE_SERVER    0x08 /* "quote of the day" server */
+ //#define DHCP_LPR_SERVER       0x09
+ #define DHCP_HOST_NAME          0x0c /* either client informs server or server gives name to client */
+Index: busybox-1.29.3/networking/udhcp/dhcpc.c
+===================================================================
+--- busybox-1.29.3.orig/networking/udhcp/dhcpc.c
++++ busybox-1.29.3/networking/udhcp/dhcpc.c
+@@ -526,7 +526,7 @@ static char **fill_envp(struct dhcp_pack
+ 		temp = udhcp_get_option(packet, code);
+ 		*curr = xmalloc_optname_optval(temp, &dhcp_optflags[i], opt_name);
+ 		putenv(*curr++);
+-		if (code == DHCP_SUBNET) {
++		if (code == DHCP_SUBNET && temp[-OPT_DATA + OPT_LEN] == 4) {
+ 			/* Subnet option: make things like "$ip/$mask" possible */
+ 			uint32_t subnet;
+ 			move_from_unaligned32(subnet, temp);

meta/recipes-core/busybox/busybox_1.29.3.bb

@@ -41,6 +41,8 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
            file://rcS \
            file://rcK \
            file://makefile-libbb-race.patch \
+           file://CVE-2018-20679.patch \
+	   file://CVE-2019-5747.patch \
 "
 SRC_URI_append_libc-musl = " file://musl.cfg "
 

meta/recipes-core/expat/expat/CVE-2018-20843.patch

@@ -0,0 +1,26 @@
+From 11f8838bf99ea0a6f0b76f9760c43704d00c4ff6 Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Wed, 12 Jun 2019 15:42:22 +0200
+Subject: [PATCH] xmlparse.c: Fix extraction of namespace prefix from XML name
+ (#186)
+
+Upstream-Status: Backport
+CVE: CVE-2018-20843
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ expat/lib/xmlparse.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
+index 30d55c5c..737d7cd2 100644
+--- a/expat/lib/xmlparse.c
++++ b/expat/lib/xmlparse.c
+@@ -6071,7 +6071,7 @@ setElementTypePrefix(XML_Parser parser, ELEMENT_TYPE *elementType)
+       else
+         poolDiscard(&dtd->pool);
+       elementType->prefix = prefix;
+-
++      break;
+     }
+   }
+   return 1;

meta/recipes-core/expat/expat_2.2.6.bb

@@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=5b8620d98e49772d95fc1d291c26aa79"
 SRC_URI = "${SOURCEFORGE_MIRROR}/expat/expat-${PV}.tar.bz2 \
            file://autotools.patch \
            file://libtool-tag.patch \
+           file://CVE-2018-20843.patch;striplevel=2 \
 	  "
 
 SRC_URI[md5sum] = "ca047ae951b40020ac831c28859161b2"

meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-12450.patch

@@ -0,0 +1,59 @@
+From d8f8f4d637ce43f8699ba94c9b7648beda0ca174 Mon Sep 17 00:00:00 2001
+From: Ondrej Holy <oholy@redhat.com>
+Date: Thu, 23 May 2019 10:41:53 +0200
+Subject: [PATCH] gfile: Limit access to files when copying
+
+file_copy_fallback creates new files with default permissions and
+set the correct permissions after the operation is finished. This
+might cause that the files can be accessible by more users during
+the operation than expected. Use G_FILE_CREATE_PRIVATE for the new
+files to limit access to those files.
+
+Upstream-Status: Backport
+https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174
+CVE: CVE-2019-12450
+Signed-off-by: Armin kuster <akuster@mvista.com>
+
+---
+ gio/gfile.c | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/gio/gfile.c b/gio/gfile.c
+index 24b136d..74b5804 100644
+--- a/gio/gfile.c
++++ b/gio/gfile.c
+@@ -3284,12 +3284,12 @@ file_copy_fallback (GFile                  *source,
+         out = (GOutputStream*)_g_local_file_output_stream_replace (_g_local_file_get_filename (G_LOCAL_FILE (destination)),
+                                                                    FALSE, NULL,
+                                                                    flags & G_FILE_COPY_BACKUP,
+-                                                                   G_FILE_CREATE_REPLACE_DESTINATION,
+-                                                                   info,
++                                                                   G_FILE_CREATE_REPLACE_DESTINATION |
++                                                                   G_FILE_CREATE_PRIVATE, info,
+                                                                    cancellable, error);
+       else
+         out = (GOutputStream*)_g_local_file_output_stream_create (_g_local_file_get_filename (G_LOCAL_FILE (destination)),
+-                                                                  FALSE, 0, info,
++                                                                  FALSE, G_FILE_CREATE_PRIVATE, info,
+                                                                   cancellable, error);
+     }
+   else if (flags & G_FILE_COPY_OVERWRITE)
+@@ -3297,12 +3297,13 @@ file_copy_fallback (GFile                  *source,
+       out = (GOutputStream *)g_file_replace (destination,
+                                              NULL,
+                                              flags & G_FILE_COPY_BACKUP,
+-                                             G_FILE_CREATE_REPLACE_DESTINATION,
++                                             G_FILE_CREATE_REPLACE_DESTINATION |
++                                             G_FILE_CREATE_PRIVATE,
+                                              cancellable, error);
+     }
+   else
+     {
+-      out = (GOutputStream *)g_file_create (destination, 0, cancellable, error);
++      out = (GOutputStream *)g_file_create (destination, G_FILE_CREATE_PRIVATE, cancellable, error);
+     }
+ 
+   if (!out)
+-- 
+2.7.4
+

meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-9633_p1.patch

@@ -0,0 +1,316 @@
+From c1e32b90576af11556c8a9178e43902f3394a4b0 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Mon, 29 Oct 2018 09:53:07 -0400
+Subject: [PATCH] gsocketclient: Improve handling of slow initial connections
+
+Currently a new connection will not be attempted until the previous
+one has timed out and as the current API only exposes a single
+timeout value in practice it often means that it will wait 30 seconds
+(or forever with 0 (the default)) on each connection.
+
+This is unacceptable so we are now trying to follow the behavior
+RFC 8305 recommends by making multiple connection attempts if
+the connection takes longer than 250ms. The first connection
+to make it to completion then wins.
+
+Upstream-Status: Backport
+CVE: CVE-2019-9633 patch 1
+Affects: < 2.59.2
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ gio/gsocketclient.c | 176 ++++++++++++++++++++++++++++++++++++++++++++--------
+ 1 file changed, 151 insertions(+), 25 deletions(-)
+
+diff --git a/gio/gsocketclient.c b/gio/gsocketclient.c
+index ddd1497..5c6513c 100644
+--- a/gio/gsocketclient.c
++++ b/gio/gsocketclient.c
+@@ -2,6 +2,7 @@
+  *
+  * Copyright © 2008, 2009 codethink
+  * Copyright © 2009 Red Hat, Inc
++ * Copyright © 2018 Igalia S.L.
+  *
+  * This library is free software; you can redistribute it and/or
+  * modify it under the terms of the GNU Lesser General Public
+@@ -49,6 +50,10 @@
+ #include <gio/ginetaddress.h>
+ #include "glibintl.h"
+ 
++/* As recommended by RFC 8305 this is the time it waits
++ * on a connection before starting another concurrent attempt.
++ */
++#define HAPPY_EYEBALLS_CONNECTION_ATTEMPT_TIMEOUT_MS 250
+ 
+ /**
+  * SECTION:gsocketclient
+@@ -1328,28 +1333,82 @@ typedef struct
+   GSocketConnectable *connectable;
+   GSocketAddressEnumerator *enumerator;
+   GProxyAddress *proxy_addr;
+-  GSocketAddress *current_addr;
+-  GSocket *current_socket;
++  GSocket *socket;
+   GIOStream *connection;
+ 
++  GSList *connection_attempts;
+   GError *last_error;
+ } GSocketClientAsyncConnectData;
+ 
++static void connection_attempt_unref (gpointer attempt);
++
+ static void
+ g_socket_client_async_connect_data_free (GSocketClientAsyncConnectData *data)
+ {
+   g_clear_object (&data->connectable);
+   g_clear_object (&data->enumerator);
+   g_clear_object (&data->proxy_addr);
+-  g_clear_object (&data->current_addr);
+-  g_clear_object (&data->current_socket);
++  g_clear_object (&data->socket);
+   g_clear_object (&data->connection);
++  g_slist_free_full (data->connection_attempts, connection_attempt_unref);
+ 
+   g_clear_error (&data->last_error);
+ 
+   g_slice_free (GSocketClientAsyncConnectData, data);
+ }
+ 
++typedef struct
++{
++  GSocketAddress *address;
++  GSocket *socket;
++  GIOStream *connection;
++  GSocketClientAsyncConnectData *data; /* unowned */
++  GSource *timeout_source;
++  GCancellable *cancellable;
++  grefcount ref;
++} ConnectionAttempt;
++
++static ConnectionAttempt *
++connection_attempt_new (void)
++{
++  ConnectionAttempt *attempt = g_new0 (ConnectionAttempt, 1);
++  g_ref_count_init (&attempt->ref);
++  return attempt;
++}
++
++static ConnectionAttempt *
++connection_attempt_ref (ConnectionAttempt *attempt)
++{
++  g_ref_count_inc (&attempt->ref);
++  return attempt;
++}
++
++static void
++connection_attempt_unref (gpointer pointer)
++{
++  ConnectionAttempt *attempt = pointer;
++  if (g_ref_count_dec (&attempt->ref))
++    {
++      g_clear_object (&attempt->address);
++      g_clear_object (&attempt->socket);
++      g_clear_object (&attempt->connection);
++      g_clear_object (&attempt->cancellable);
++      if (attempt->timeout_source)
++        {
++          g_source_destroy (attempt->timeout_source);
++          g_source_unref (attempt->timeout_source);
++        }
++      g_free (attempt);
++    }
++}
++
++static void
++connection_attempt_remove (ConnectionAttempt *attempt)
++{
++  attempt->data->connection_attempts = g_slist_remove (attempt->data->connection_attempts, attempt);
++  connection_attempt_unref (attempt);
++}
++
+ static void
+ g_socket_client_async_connect_complete (GSocketClientAsyncConnectData *data)
+ {
+@@ -1359,8 +1418,7 @@ g_socket_client_async_connect_complete (GSocketClientAsyncConnectData *data)
+     {
+       GSocketConnection *wrapper_connection;
+ 
+-      wrapper_connection = g_tcp_wrapper_connection_new (data->connection,
+-							 data->current_socket);
++      wrapper_connection = g_tcp_wrapper_connection_new (data->connection, data->socket);
+       g_object_unref (data->connection);
+       data->connection = (GIOStream *)wrapper_connection;
+     }
+@@ -1389,8 +1447,7 @@ static void
+ enumerator_next_async (GSocketClientAsyncConnectData *data)
+ {
+   /* We need to cleanup the state */
+-  g_clear_object (&data->current_socket);
+-  g_clear_object (&data->current_addr);
++  g_clear_object (&data->socket);
+   g_clear_object (&data->proxy_addr);
+   g_clear_object (&data->connection);
+ 
+@@ -1485,34 +1542,68 @@ g_socket_client_connected_callback (GObject      *source,
+ 				    GAsyncResult *result,
+ 				    gpointer      user_data)
+ {
+-  GSocketClientAsyncConnectData *data = user_data;
++  ConnectionAttempt *attempt = user_data;
++  GSocketClientAsyncConnectData *data = attempt->data;
++  GSList *l;
+   GError *error = NULL;
+   GProxy *proxy;
+   const gchar *protocol;
+ 
+-  if (g_task_return_error_if_cancelled (data->task))
++  /* data is NULL once the task is completed */
++  if (data && g_task_return_error_if_cancelled (data->task))
+     {
+       g_object_unref (data->task);
++      connection_attempt_unref (attempt);
+       return;
+     }
+ 
++  if (attempt->timeout_source)
++    {
++      g_source_destroy (attempt->timeout_source);
++      g_clear_pointer (&attempt->timeout_source, g_source_unref);
++    }
++
+   if (!g_socket_connection_connect_finish (G_SOCKET_CONNECTION (source),
+ 					   result, &error))
+     {
+-      clarify_connect_error (error, data->connectable,
+-			     data->current_addr);
+-      set_last_error (data, error);
++      if (!g_cancellable_is_cancelled (attempt->cancellable))
++        {
++          clarify_connect_error (error, data->connectable, attempt->address);
++          set_last_error (data, error);
++        }
++      else
++        g_clear_error (&error);
++
++      if (data)
++        {
++          connection_attempt_remove (attempt);
++          enumerator_next_async (data);
++        }
++      else
++        connection_attempt_unref (attempt);
+ 
+-      /* try next one */
+-      enumerator_next_async (data);
+       return;
+     }
+ 
++  data->socket = g_steal_pointer (&attempt->socket);
++  data->connection = g_steal_pointer (&attempt->connection);
++
++  for (l = data->connection_attempts; l; l = g_slist_next (l))
++    {
++      ConnectionAttempt *attempt_entry = l->data;
++      g_cancellable_cancel (attempt_entry->cancellable);
++      attempt_entry->data = NULL;
++      connection_attempt_unref (attempt_entry);
++    }
++  g_slist_free (data->connection_attempts);
++  data->connection_attempts = NULL;
++  connection_attempt_unref (attempt);
++
+   g_socket_connection_set_cached_remote_address ((GSocketConnection*)data->connection, NULL);
+   g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_CONNECTED, data->connectable, data->connection);
+ 
+   /* wrong, but backward compatible */
+-  g_socket_set_blocking (data->current_socket, TRUE);
++  g_socket_set_blocking (data->socket, TRUE);
+ 
+   if (!data->proxy_addr)
+     {
+@@ -1565,6 +1656,26 @@ g_socket_client_connected_callback (GObject      *source,
+     }
+ }
+ 
++static gboolean
++on_connection_attempt_timeout (gpointer data)
++{
++  ConnectionAttempt *attempt = data;
++
++  enumerator_next_async (attempt->data);
++
++  g_clear_pointer (&attempt->timeout_source, g_source_unref);
++  return G_SOURCE_REMOVE;
++}
++
++static void
++on_connection_cancelled (GCancellable *cancellable,
++                         gpointer      data)
++{
++  GCancellable *attempt_cancellable = data;
++
++  g_cancellable_cancel (attempt_cancellable);
++}
++
+ static void
+ g_socket_client_enumerator_callback (GObject      *object,
+ 				     GAsyncResult *result,
+@@ -1573,6 +1684,7 @@ g_socket_client_enumerator_callback (GObject      *object,
+   GSocketClientAsyncConnectData *data = user_data;
+   GSocketAddress *address = NULL;
+   GSocket *socket;
++  ConnectionAttempt *attempt;
+   GError *error = NULL;
+ 
+   if (g_task_return_error_if_cancelled (data->task))
+@@ -1585,6 +1697,9 @@ g_socket_client_enumerator_callback (GObject      *object,
+ 						     result, &error);
+   if (address == NULL)
+     {
++      if (data->connection_attempts)
++        return;
++
+       g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_COMPLETE, data->connectable, NULL);
+       if (!error)
+ 	{
+@@ -1621,16 +1736,27 @@ g_socket_client_enumerator_callback (GObject      *object,
+       return;
+     }
+ 
+-  data->current_socket = socket;
+-  data->current_addr = address;
+-  data->connection = (GIOStream *) g_socket_connection_factory_create_connection (socket);
+-
+-  g_socket_connection_set_cached_remote_address ((GSocketConnection*)data->connection, address);
+-  g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_CONNECTING, data->connectable, data->connection);
+-  g_socket_connection_connect_async (G_SOCKET_CONNECTION (data->connection),
++  attempt = connection_attempt_new ();
++  attempt->data = data;
++  attempt->socket = socket;
++  attempt->address = address;
++  attempt->cancellable = g_cancellable_new ();
++  attempt->connection = (GIOStream *)g_socket_connection_factory_create_connection (socket);
++  attempt->timeout_source = g_timeout_source_new (HAPPY_EYEBALLS_CONNECTION_ATTEMPT_TIMEOUT_MS);
++  g_source_set_callback (attempt->timeout_source, on_connection_attempt_timeout, attempt, NULL);
++  g_source_attach (attempt->timeout_source, g_main_context_get_thread_default ());
++  data->connection_attempts = g_slist_append (data->connection_attempts, attempt);
++
++  if (g_task_get_cancellable (data->task))
++    g_cancellable_connect (g_task_get_cancellable (data->task), G_CALLBACK (on_connection_cancelled),
++                           g_object_ref (attempt->cancellable), g_object_unref);
++
++  g_socket_connection_set_cached_remote_address ((GSocketConnection *)attempt->connection, address);
++  g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_CONNECTING, data->connectable, attempt->connection);
++  g_socket_connection_connect_async (G_SOCKET_CONNECTION (attempt->connection),
+ 				     address,
+-				     g_task_get_cancellable (data->task),
+-				     g_socket_client_connected_callback, data);
++				     attempt->cancellable,
++				     g_socket_client_connected_callback, connection_attempt_ref (attempt));
+ }
+ 
+ /**
+-- 
+2.7.4
+

meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-9633_p2.patch

@@ -0,0 +1,231 @@
+From d553d92d6e9f53cbe5a34166fcb919ba652c6a8e Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Tue, 29 Jan 2019 10:07:06 -0500
+Subject: [PATCH] gsocketclient: Fix criticals
+
+This ensures the parent GTask is kept alive as long as an enumeration
+is running and trying to connect.
+
+Closes #1646
+Closes #1649
+
+Upstream-Status: Backport
+CVE: CVE-2019-9633 patch 2
+Affects: < 2.59.2
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ gio/gsocketclient.c            | 74 +++++++++++++++++++++++++++++-------------
+ gio/tests/gsocketclient-slow.c | 55 ++++++++++++++++++++++++++++++-
+ 2 files changed, 106 insertions(+), 23 deletions(-)
+
+Index: glib-2.58.0/gio/gsocketclient.c
+===================================================================
+--- glib-2.58.0.orig/gio/gsocketclient.c
++++ glib-2.58.0/gio/gsocketclient.c
+@@ -1327,7 +1327,7 @@ g_socket_client_connect_to_uri (GSocketC
+ 
+ typedef struct
+ {
+-  GTask *task;
++  GTask *task; /* unowned */
+   GSocketClient *client;
+ 
+   GSocketConnectable *connectable;
+@@ -1345,6 +1345,7 @@ static void connection_attempt_unref (gp
+ static void
+ g_socket_client_async_connect_data_free (GSocketClientAsyncConnectData *data)
+ {
++  data->task = NULL;
+   g_clear_object (&data->connectable);
+   g_clear_object (&data->enumerator);
+   g_clear_object (&data->proxy_addr);
+@@ -1444,13 +1445,19 @@ set_last_error (GSocketClientAsyncConnec
+ }
+ 
+ static void
+-enumerator_next_async (GSocketClientAsyncConnectData *data)
++enumerator_next_async (GSocketClientAsyncConnectData *data,
++                       gboolean                       add_task_ref)
+ {
+   /* We need to cleanup the state */
+   g_clear_object (&data->socket);
+   g_clear_object (&data->proxy_addr);
+   g_clear_object (&data->connection);
+ 
++  /* Each enumeration takes a ref. This arg just avoids repeated unrefs when
++     an enumeration starts another enumeration */
++  if (add_task_ref)
++    g_object_ref (data->task);
++
+   g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_RESOLVING, data->connectable, NULL);
+   g_socket_address_enumerator_next_async (data->enumerator,
+ 					  g_task_get_cancellable (data->task),
+@@ -1478,7 +1485,7 @@ g_socket_client_tls_handshake_callback (
+   else
+     {
+       g_object_unref (object);
+-      enumerator_next_async (data);
++      enumerator_next_async (data, FALSE);
+     }
+ }
+ 
+@@ -1509,7 +1516,7 @@ g_socket_client_tls_handshake (GSocketCl
+     }
+   else
+     {
+-      enumerator_next_async (data);
++      enumerator_next_async (data, FALSE);
+     }
+ }
+ 
+@@ -1530,13 +1537,24 @@ g_socket_client_proxy_connect_callback (
+     }
+   else
+     {
+-      enumerator_next_async (data);
++      enumerator_next_async (data, FALSE);
+       return;
+     }
+ 
+   g_socket_client_tls_handshake (data);
+ }
+ 
++static gboolean
++task_completed_or_cancelled (GTask *task)
++{
++  if (g_task_get_completed (task))
++    return TRUE;
++  else if (g_task_return_error_if_cancelled (task))
++      return TRUE;
++  else
++    return FALSE;
++}
++
+ static void
+ g_socket_client_connected_callback (GObject      *source,
+ 				    GAsyncResult *result,
+@@ -1549,8 +1567,7 @@ g_socket_client_connected_callback (GObj
+   GProxy *proxy;
+   const gchar *protocol;
+ 
+-  /* data is NULL once the task is completed */
+-  if (data && g_task_return_error_if_cancelled (data->task))
++  if (g_cancellable_is_cancelled (attempt->cancellable) || task_completed_or_cancelled (data->task))
+     {
+       g_object_unref (data->task);
+       connection_attempt_unref (attempt);
+@@ -1570,17 +1587,15 @@ g_socket_client_connected_callback (GObj
+         {
+           clarify_connect_error (error, data->connectable, attempt->address);
+           set_last_error (data, error);
++          connection_attempt_remove (attempt);
++          enumerator_next_async (data, FALSE);
+         }
+       else
+-        g_clear_error (&error);
+-
+-      if (data)
+         {
+-          connection_attempt_remove (attempt);
+-          enumerator_next_async (data);
++          g_clear_error (&error);
++          g_object_unref (data->task);
++          connection_attempt_unref (attempt);
+         }
+-      else
+-        connection_attempt_unref (attempt);
+ 
+       return;
+     }
+@@ -1592,7 +1607,6 @@ g_socket_client_connected_callback (GObj
+     {
+       ConnectionAttempt *attempt_entry = l->data;
+       g_cancellable_cancel (attempt_entry->cancellable);
+-      attempt_entry->data = NULL;
+       connection_attempt_unref (attempt_entry);
+     }
+   g_slist_free (data->connection_attempts);
+@@ -1625,7 +1639,7 @@ g_socket_client_connected_callback (GObj
+           G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
+           _("Proxying over a non-TCP connection is not supported."));
+ 
+-      enumerator_next_async (data);
++      enumerator_next_async (data, FALSE);
+     }
+   else if (g_hash_table_contains (data->client->priv->app_proxies, protocol))
+     {
+@@ -1652,7 +1666,7 @@ g_socket_client_connected_callback (GObj
+           _("Proxy protocol “%s” is not supported."),
+           protocol);
+ 
+-      enumerator_next_async (data);
++      enumerator_next_async (data, FALSE);
+     }
+ }
+ 
+@@ -1661,7 +1675,7 @@ on_connection_attempt_timeout (gpointer
+ {
+   ConnectionAttempt *attempt = data;
+ 
+-  enumerator_next_async (attempt->data);
++  enumerator_next_async (attempt->data, TRUE);
+ 
+   g_clear_pointer (&attempt->timeout_source, g_source_unref);
+   return G_SOURCE_REMOVE;
+@@ -1687,7 +1701,7 @@ g_socket_client_enumerator_callback (GOb
+   ConnectionAttempt *attempt;
+   GError *error = NULL;
+ 
+-  if (g_task_return_error_if_cancelled (data->task))
++  if (task_completed_or_cancelled (data->task))
+     {
+       g_object_unref (data->task);
+       return;
+@@ -1698,7 +1712,10 @@ g_socket_client_enumerator_callback (GOb
+   if (address == NULL)
+     {
+       if (data->connection_attempts)
+-        return;
++        {
++          g_object_unref (data->task);
++          return;
++        }
+ 
+       g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_COMPLETE, data->connectable, NULL);
+       if (!error)
+@@ -1732,7 +1749,7 @@ g_socket_client_enumerator_callback (GOb
+   if (socket == NULL)
+     {
+       g_object_unref (address);
+-      enumerator_next_async (data);
++      enumerator_next_async (data, FALSE);
+       return;
+     }
+ 
+@@ -1804,11 +1821,24 @@ g_socket_client_connect_async (GSocketCl
+   else
+     data->enumerator = g_socket_connectable_enumerate (connectable);
+ 
++  /* The flow and ownership here isn't quite obvious:
++    - The task starts an async attempt to connect.
++      - Each attempt holds a single ref on task.
++      - Each attempt may create new attempts by timing out (not a failure) so
++        there are multiple attempts happening in parallel.
++      - Upon failure an attempt will start a new attempt that steals its ref
++        until there are no more attempts left and it drops its ref.
++      - Upon success it will cancel all other attempts and continue on
++        to the rest of the connection (tls, proxies, etc) which do not
++        happen in parallel and at the very end drop its ref.
++      - Upon cancellation an attempt drops its ref.
++   */
++
+   data->task = g_task_new (client, cancellable, callback, user_data);
+   g_task_set_source_tag (data->task, g_socket_client_connect_async);
+   g_task_set_task_data (data->task, data, (GDestroyNotify)g_socket_client_async_connect_data_free);
+ 
+-  enumerator_next_async (data);
++  enumerator_next_async (data, FALSE);
+ }
+ 
+ /**

meta/recipes-core/glib-2.0/glib-2.0/run-ptest

@@ -1,5 +1,6 @@
 #! /bin/sh
 
+set -eux
 useradd glib2-test
 su glib2-test -c gnome-desktop-testing-runner glib
 userdel glib2-test

meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb

@@ -14,6 +14,9 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
            file://0001-Do-not-ignore-return-value-of-write.patch \
            file://0010-Do-not-hardcode-python-path-into-various-tools.patch \
            file://date-lt.patch \
+           file://CVE-2019-12450.patch \
+           file://CVE-2019-9633_p1.patch \
+           file://CVE-2019-9633_p2.patch \
            "
 
 SRC_URI_append_class-native = " file://relocate-modules.patch"

meta/recipes-core/glibc/glibc/0026-reset-dl_load_write_lock-after-forking.patch

@@ -1,37 +0,0 @@
-From efb0fca7db742f4195e1771d8ba4c7fba4938819 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Sat, 27 Jan 2018 10:05:07 -0800
-Subject: [PATCH] reset dl_load_write_lock after forking
-
-The patch in this Bugzilla entry was requested by a customer:
-
-  https://www.sourceware.org/bugzilla/show_bug.cgi?id=19282
-
-The __libc_fork() code reset dl_load_lock, but it also needed to reset
-dl_load_write_lock.  The patch has not yet been integrated upstream.
-
-Upstream-Status: Pending [ No Author See bugzilla]
-
-Signed-off-by: Damodar Sonone <damodar.sonone@kpit.com>
-Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- sysdeps/nptl/fork.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/sysdeps/nptl/fork.c b/sysdeps/nptl/fork.c
-index ec56a827eb..0f48933ff1 100644
---- a/sysdeps/nptl/fork.c
-+++ b/sysdeps/nptl/fork.c
-@@ -130,9 +130,9 @@ __libc_fork (void)
- 	  _IO_list_resetlock ();
- 	}
- 
--      /* Reset the lock the dynamic loader uses to protect its data.  */
-+      /* Reset the locks the dynamic loader uses to protect its data.  */
-       __rtld_lock_initialize (GL(dl_load_lock));
--
-+      __rtld_lock_initialize (GL(dl_load_write_lock));
-       /* Run the handlers registered for the child.  */
-       __run_fork_handlers (atfork_run_child);
-     }

meta/recipes-core/glibc/glibc/0027-Acquire-ld.so-lock-before-switching-to-malloc_atfork.patch

@@ -1,65 +0,0 @@
-From 6ea962e0946da7564a774b08dd3eda28d64e9e56 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Sat, 27 Jan 2018 10:08:04 -0800
-Subject: [PATCH] Acquire ld.so lock before switching to malloc_atfork
-
-The patch is from
-  https://sourceware.org/bugzilla/show_bug.cgi?id=4578
-
-If a thread happens to hold dl_load_lock and have r_state set to RT_ADD or
-RT_DELETE at the time another thread calls fork(), then the child exit code
-from fork (in nptl/sysdeps/unix/sysv/linux/fork.c in our case) re-initializes
-dl_load_lock but does not restore r_state to RT_CONSISTENT. If the child
-subsequently requires ld.so functionality before calling exec(), then the
-assertion will fire.
-
-The patch acquires dl_load_lock on entry to fork() and releases it on exit
-from the parent path.  The child path is initialized as currently done.
-This is essentially pthreads_atfork, but forced to be first because the
-acquisition of dl_load_lock must happen before malloc_atfork is active
-to avoid a deadlock.
-
-The patch has not yet been integrated upstream.
-
-Upstream-Status: Pending [ Not Author See bugzilla]
-
-Signed-off-by: Raghunath Lolur <Raghunath.Lolur@kpit.com>
-Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
-Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- sysdeps/nptl/fork.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/sysdeps/nptl/fork.c b/sysdeps/nptl/fork.c
-index 0f48933ff1..eef3f9669b 100644
---- a/sysdeps/nptl/fork.c
-+++ b/sysdeps/nptl/fork.c
-@@ -25,6 +25,7 @@
- #include <tls.h>
- #include <hp-timing.h>
- #include <ldsodefs.h>
-+#include <libc-lock.h>
- #include <stdio-lock.h>
- #include <atomic.h>
- #include <nptl/pthreadP.h>
-@@ -56,6 +57,9 @@ __libc_fork (void)
-   bool multiple_threads = THREAD_GETMEM (THREAD_SELF, header.multiple_threads);
- 
-   __run_fork_handlers (atfork_run_prepare);
-+  /* grab ld.so lock BEFORE switching to malloc_atfork */
-+  __rtld_lock_lock_recursive (GL(dl_load_lock));
-+  __rtld_lock_lock_recursive (GL(dl_load_write_lock));
- 
-   /* If we are not running multiple threads, we do not have to
-      preserve lock state.  If fork runs from a signal handler, only
-@@ -150,6 +154,9 @@ __libc_fork (void)
- 
-       /* Run the handlers registered for the parent.  */
-       __run_fork_handlers (atfork_run_parent);
-+      /* unlock ld.so last, because we locked it first */
-+      __rtld_lock_unlock_recursive (GL(dl_load_write_lock));
-+      __rtld_lock_unlock_recursive (GL(dl_load_lock));
-     }
- 
-   return pid;

meta/recipes-core/glibc/glibc/CVE-2016-10739.patch

@@ -0,0 +1,232 @@
+CVE: CVE-2016-10739
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From 8e92ca5dd7a7e38a4dddf1ebc4e1e8f0cb27e4aa Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 21 Jan 2019 08:59:42 +0100
+Subject: [PATCH] resolv: Reformat inet_addr, inet_aton to GNU style
+
+(cherry picked from commit 5e30b8ef0758763effa115634e0ed7d8938e4bc0)
+---
+ ChangeLog          |   5 ++
+ resolv/inet_addr.c | 192 ++++++++++++++++++++++++++++-------------------------
+ 2 files changed, 106 insertions(+), 91 deletions(-)
+
+diff --git a/resolv/inet_addr.c b/resolv/inet_addr.c
+index 022f7ea084..32f58b0e13 100644
+--- a/resolv/inet_addr.c
++++ b/resolv/inet_addr.c
+@@ -1,3 +1,21 @@
++/* Legacy IPv4 text-to-address functions.
++   Copyright (C) 2019 Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, see
++   <http://www.gnu.org/licenses/>.  */
++
+ /*
+  * Copyright (c) 1983, 1990, 1993
+  *    The Regents of the University of California.  All rights reserved.
+@@ -78,105 +96,97 @@
+ #include <limits.h>
+ #include <errno.h>
+ 
+-/*
+- * Ascii internet address interpretation routine.
+- * The value returned is in network order.
+- */
++/* ASCII IPv4 Internet address interpretation routine.  The value
++   returned is in network order.  */
+ in_addr_t
+-__inet_addr(const char *cp) {
+-	struct in_addr val;
++__inet_addr (const char *cp)
++{
++  struct in_addr val;
+ 
+-	if (__inet_aton(cp, &val))
+-		return (val.s_addr);
+-	return (INADDR_NONE);
++  if (__inet_aton (cp, &val))
++    return val.s_addr;
++  return INADDR_NONE;
+ }
+ weak_alias (__inet_addr, inet_addr)
+ 
+-/*
+- * Check whether "cp" is a valid ascii representation
+- * of an Internet address and convert to a binary address.
+- * Returns 1 if the address is valid, 0 if not.
+- * This replaces inet_addr, the return value from which
+- * cannot distinguish between failure and a local broadcast address.
+- */
++/* Check whether "cp" is a valid ASCII representation of an IPv4
++   Internet address and convert it to a binary address.  Returns 1 if
++   the address is valid, 0 if not.  This replaces inet_addr, the
++   return value from which cannot distinguish between failure and a
++   local broadcast address.  */
+ int
+-__inet_aton(const char *cp, struct in_addr *addr)
++__inet_aton (const char *cp, struct in_addr *addr)
+ {
+-	static const in_addr_t max[4] = { 0xffffffff, 0xffffff, 0xffff, 0xff };
+-	in_addr_t val;
+-	char c;
+-	union iaddr {
+-	  uint8_t bytes[4];
+-	  uint32_t word;
+-	} res;
+-	uint8_t *pp = res.bytes;
+-	int digit;
+-
+-	int saved_errno = errno;
+-	__set_errno (0);
+-
+-	res.word = 0;
+-
+-	c = *cp;
+-	for (;;) {
+-		/*
+-		 * Collect number up to ``.''.
+-		 * Values are specified as for C:
+-		 * 0x=hex, 0=octal, isdigit=decimal.
+-		 */
+-		if (!isdigit(c))
+-			goto ret_0;
+-		{
+-			char *endp;
+-			unsigned long ul = strtoul (cp, (char **) &endp, 0);
+-			if (ul == ULONG_MAX && errno == ERANGE)
+-				goto ret_0;
+-			if (ul > 0xfffffffful)
+-				goto ret_0;
+-			val = ul;
+-			digit = cp != endp;
+-			cp = endp;
+-		}
+-		c = *cp;
+-		if (c == '.') {
+-			/*
+-			 * Internet format:
+-			 *	a.b.c.d
+-			 *	a.b.c	(with c treated as 16 bits)
+-			 *	a.b	(with b treated as 24 bits)
+-			 */
+-			if (pp > res.bytes + 2 || val > 0xff)
+-				goto ret_0;
+-			*pp++ = val;
+-			c = *++cp;
+-		} else
+-			break;
+-	}
+-	/*
+-	 * Check for trailing characters.
+-	 */
+-	if (c != '\0' && (!isascii(c) || !isspace(c)))
+-		goto ret_0;
+-	/*
+-	 * Did we get a valid digit?
+-	 */
+-	if (!digit)
+-		goto ret_0;
+-
+-	/* Check whether the last part is in its limits depending on
+-	   the number of parts in total.  */
+-	if (val > max[pp - res.bytes])
++  static const in_addr_t max[4] = { 0xffffffff, 0xffffff, 0xffff, 0xff };
++  in_addr_t val;
++  char c;
++  union iaddr
++  {
++    uint8_t bytes[4];
++    uint32_t word;
++  } res;
++  uint8_t *pp = res.bytes;
++  int digit;
++
++  int saved_errno = errno;
++  __set_errno (0);
++
++  res.word = 0;
++
++  c = *cp;
++  for (;;)
++    {
++      /* Collect number up to ``.''.  Values are specified as for C:
++	 0x=hex, 0=octal, isdigit=decimal.  */
++      if (!isdigit (c))
++	goto ret_0;
++      {
++	char *endp;
++	unsigned long ul = strtoul (cp, &endp, 0);
++	if (ul == ULONG_MAX && errno == ERANGE)
+ 	  goto ret_0;
+-
+-	if (addr != NULL)
+-		addr->s_addr = res.word | htonl (val);
+-
+-	__set_errno (saved_errno);
+-	return (1);
+-
+-ret_0:
+-	__set_errno (saved_errno);
+-	return (0);
++	if (ul > 0xfffffffful)
++	  goto ret_0;
++	val = ul;
++	digit = cp != endp;
++	cp = endp;
++      }
++      c = *cp;
++      if (c == '.')
++	{
++	  /* Internet format:
++	     a.b.c.d
++	     a.b.c	(with c treated as 16 bits)
++	     a.b	(with b treated as 24 bits).  */
++	  if (pp > res.bytes + 2 || val > 0xff)
++	    goto ret_0;
++	  *pp++ = val;
++	  c = *++cp;
++	}
++      else
++	break;
++    }
++  /* Check for trailing characters.  */
++  if (c != '\0' && (!isascii (c) || !isspace (c)))
++    goto ret_0;
++  /*  Did we get a valid digit?  */
++  if (!digit)
++    goto ret_0;
++
++  /* Check whether the last part is in its limits depending on the
++     number of parts in total.  */
++  if (val > max[pp - res.bytes])
++    goto ret_0;
++
++  if (addr != NULL)
++    addr->s_addr = res.word | htonl (val);
++
++  __set_errno (saved_errno);
++  return 1;
++
++ ret_0:
++  __set_errno (saved_errno);
++  return 0;
+ }
+ weak_alias (__inet_aton, inet_aton)
+ libc_hidden_def (__inet_aton)
+-- 
+2.11.0

meta/recipes-core/glibc/glibc/CVE-2018-19591.patch

@@ -0,0 +1,48 @@
+CVE: CVE-2018-19591
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From ce6ba630dbc96f49eb1f30366aa62261df4792f9 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Tue, 27 Nov 2018 16:12:43 +0100
+Subject: [PATCH] CVE-2018-19591: if_nametoindex: Fix descriptor for overlong
+ name [BZ #23927]
+
+(cherry picked from commit d527c860f5a3f0ed687bd03f0cb464612dc23408)
+---
+ ChangeLog                          |  7 +++++++
+ NEWS                               |  6 ++++++
+ sysdeps/unix/sysv/linux/if_index.c | 11 ++++++-----
+ 3 files changed, 19 insertions(+), 5 deletions(-)
+
+diff --git a/sysdeps/unix/sysv/linux/if_index.c b/sysdeps/unix/sysv/linux/if_index.c
+index e3d08982d9..782fc5e175 100644
+--- a/sysdeps/unix/sysv/linux/if_index.c
++++ b/sysdeps/unix/sysv/linux/if_index.c
+@@ -38,11 +38,6 @@ __if_nametoindex (const char *ifname)
+   return 0;
+ #else
+   struct ifreq ifr;
+-  int fd = __opensock ();
+-
+-  if (fd < 0)
+-    return 0;
+-
+   if (strlen (ifname) >= IFNAMSIZ)
+     {
+       __set_errno (ENODEV);
+@@ -50,6 +45,12 @@ __if_nametoindex (const char *ifname)
+     }
+ 
+   strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name));
++
++  int fd = __opensock ();
++
++  if (fd < 0)
++    return 0;
++
+   if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0)
+     {
+       int saved_errno = errno;
+-- 
+2.11.0

meta/recipes-core/glibc/glibc/CVE-2019-9169.patch

@@ -0,0 +1,63 @@
+From 583dd860d5b833037175247230a328f0050dbfe9 Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert@cs.ucla.edu>
+Date: Mon, 21 Jan 2019 11:08:13 -0800
+Subject: [PATCH] regex: fix read overrun [BZ #24114]
+
+Problem found by AddressSanitizer, reported by Hongxu Chen in:
+https://debbugs.gnu.org/34140
+* posix/regexec.c (proceed_next_node):
+Do not read past end of input buffer.
+
+Upstream-Status: Backport 
+https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9
+
+CVE: CVE-2019-9169
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ ChangeLog       | 10 +++++++++-
+ posix/regexec.c |  6 ++++--
+ 2 files changed, 13 insertions(+), 3 deletions(-)
+
+Index: git/ChangeLog
+===================================================================
+--- git.orig/ChangeLog
++++ git/ChangeLog
+@@ -1,3 +1,11 @@
++2019-01-31  Paul Eggert  <eggert@cs.ucla.edu>
++
++       regex: fix read overrun [BZ #24114]
++       Problem found by AddressSanitizer, reported by Hongxu Chen in:
++       https://debbugs.gnu.org/34140
++       * posix/regexec.c (proceed_next_node):
++       Do not read past end of input buffer.
++
+ 2018-09-30  Martin Jansa  <Martin.Jansa@gmail.com>
+ 	Partial fix for [BZ #23716]
+ 	* locale/weight.h: Fix build with -Os.
+@@ -10917,7 +10925,7 @@
+ 	(CFLAGS-wcstof_l.c): Likewise.
+ 	(CPPFLAGS-tst-wchar-h.c): Likewise.
+ 	(CPPFLAGS-wcstold_l.c): Likewise.
+----
++
+ 2017-12-11  Paul A. Clarke  <pc@us.ibm.com>
+ 
+ 	* sysdeps/ieee754/flt-32/s_cosf.c: New implementation.
+Index: git/posix/regexec.c
+===================================================================
+--- git.orig/posix/regexec.c
++++ git/posix/regexec.c
+@@ -1289,8 +1289,10 @@ proceed_next_node (const re_match_contex
+ 	      else if (naccepted)
+ 		{
+ 		  char *buf = (char *) re_string_get_buffer (&mctx->input);
+-		  if (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx,
+-			      naccepted) != 0)
++		  if (mctx->input.valid_len - *pidx < naccepted
++		      || (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx,
++				  naccepted)
++			  != 0))
+ 		    return -1;
+ 		}
+ 	    }

meta/recipes-core/glibc/glibc_2.28.bb

@@ -40,8 +40,6 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
            file://0023-Define-DUMMY_LOCALE_T-if-not-defined.patch \
            file://0024-elf-dl-deps.c-Make-_dl_build_local_scope-breadth-fir.patch \
            file://0025-locale-fix-hard-coded-reference-to-gcc-E.patch \
-           file://0026-reset-dl_load_write_lock-after-forking.patch \
-           file://0027-Acquire-ld.so-lock-before-switching-to-malloc_atfork.patch \
            file://0028-bits-siginfo-consts.h-enum-definition-for-TRAP_HWBKP.patch \
            file://0029-localedef-add-to-archive-uses-a-hard-coded-locale-pa.patch \
            file://0030-intl-Emit-no-lines-in-bison-generated-files.patch \
@@ -49,6 +47,9 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
            file://0032-sysdeps-ieee754-soft-fp-ignore-maybe-uninitialized-w.patch \
            file://0033-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch \
            file://0034-inject-file-assembly-directives.patch \
+           file://CVE-2019-9169.patch \
+           file://CVE-2016-10739.patch \
+           file://CVE-2018-19591.patch \
 "
 
 NATIVESDKFIXES ?= ""

meta/recipes-core/images/build-appliance-image_15.0.0.bb

@@ -22,7 +22,7 @@ IMAGE_FSTYPES = "wic.vmdk"
 
 inherit core-image module-base setuptools3
 
-SRCREV ?= "9dfebdaf7af11b69006996f3253e435bce0dfbfb"
+SRCREV ?= "d43a86de1a37ce9daede726a49231547a21429a5"
 SRC_URI = "git://git.yoctoproject.org/poky;branch=thud \
            file://Yocto_Build_Appliance.vmx \
            file://Yocto_Build_Appliance.vmxf \

meta/recipes-core/zlib/zlib-1.2.11/Makefile-runtests.patch

@@ -1,38 +0,0 @@
-Add 'ptest' target to Makefile, to run tests without checking dependencies.
-
-Signed-off-by: Anders Roxell <anders.roxell@enea.com>
-Upstream-Status: Pending
----
-diff -uNr a/Makefile.in b/Makefile.in
---- a/Makefile.in	2013-06-10 13:48:14.321959162 +0200
-+++ b/Makefile.in	2013-06-10 13:49:36.686476448 +0200
-@@ -83,6 +83,9 @@
- test: all teststatic testshared
- 
- teststatic: static
-+	@make runteststatic
-+
-+runteststatic:
- 	@TMPST=tmpst_$$; \
- 	if echo hello world | ./minigzip | ./minigzip -d && ./example $$TMPST ; then \
- 	  echo '		*** zlib test OK ***'; \
-@@ -92,6 +95,9 @@
- 	rm -f $$TMPST
- 
- testshared: shared
-+	@make runtestshared
-+
-+runtestshared:
- 	@LD_LIBRARY_PATH=`pwd`:$(LD_LIBRARY_PATH) ; export LD_LIBRARY_PATH; \
- 	LD_LIBRARYN32_PATH=`pwd`:$(LD_LIBRARYN32_PATH) ; export LD_LIBRARYN32_PATH; \
- 	DYLD_LIBRARY_PATH=`pwd`:$(DYLD_LIBRARY_PATH) ; export DYLD_LIBRARY_PATH; \
-@@ -105,6 +111,9 @@
- 	rm -f $$TMPSH
- 
- test64: all64
-+	@make runtestall64
-+
-+runtestall64:
- 	@TMP64=tmp64_$$; \
- 	if echo hello world | ./minigzip64 | ./minigzip64 -d && ./example64 $$TMP64; then \
- 	  echo '		*** zlib 64-bit test OK ***'; \

meta/recipes-core/zlib/zlib-1.2.11/remove.ldconfig.call.patch

@@ -1,21 +0,0 @@
-
-When /etc/ld.so.cache is writeable by user running bitbake then it creates invalid cache 
-(in my case libstdc++.so cannot be found after building zlib(-native) and I have to call 
-touch */libstdc++.so && /sbin/ldconfig to fix it.
-
-So remove ldconfig call from make install-libs
-
-Upstream-Status: Inappropriate [disable feature]
-
-Index: zlib-1.2.11/Makefile.in
-===================================================================
---- zlib-1.2.11.orig/Makefile.in
-+++ zlib-1.2.11/Makefile.in
-@@ -322,7 +322,6 @@ install-libs: $(LIBS)
- 	  rm -f $(DESTDIR)$(sharedlibdir)/$(SHAREDLIB) $(DESTDIR)$(sharedlibdir)/$(SHAREDLIBM); \
- 	  ln -s $(SHAREDLIBV) $(DESTDIR)$(sharedlibdir)/$(SHAREDLIB); \
- 	  ln -s $(SHAREDLIBV) $(DESTDIR)$(sharedlibdir)/$(SHAREDLIBM); \
--	  ($(LDCONFIG) || true)  >/dev/null 2>&1; \
- 	fi
- 	rm -f $(DESTDIR)$(man3dir)/zlib.3
- 	cp $(SRCDIR)zlib.3 $(DESTDIR)$(man3dir)

meta/recipes-core/zlib/zlib-1.2.11/run-ptest

@@ -1,2 +0,0 @@
-#!/bin/sh
-make -k runteststatic runtestshared | sed -r -e 's/^(\s+\*+ (.+?) test OK \*+)/\1\nPASS: \2/' -e 's/^(\s+\*+ (.+?) test FAILED \*+)/\1\nFAIL: \2/'

meta/recipes-core/zlib/zlib/ldflags-tests.patch

@@ -1,7 +1,7 @@
 Obey LDFLAGS for tests
 
-Signed-off-by: Christopher Larson <chris_larson@mentor.com>
-Upstream-Status: Pending
+Upstream-Status: Submitted [https://github.com/madler/zlib/pull/409]
+Signed-off-by: Ross Burton <ross.burton@intel.com>
 
 --- zlib-1.2.8.orig/Makefile.in
 +++ zlib-1.2.8/Makefile.in

meta/recipes-core/zlib/zlib/run-ptest

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+if ./examplesh ; then
+    echo "PASS: zlib"
+else
+    echo "FAIL: zlib"
+fi

meta/recipes-core/zlib/zlib_1.2.11.bb

@@ -7,8 +7,6 @@ LICENSE = "Zlib"
 LIC_FILES_CHKSUM = "file://zlib.h;beginline=6;endline=23;md5=5377232268e952e9ef63bc555f7aa6c0"
 
 SRC_URI = "${SOURCEFORGE_MIRROR}/libpng/${BPN}/${PV}/${BPN}-${PV}.tar.xz \
-           file://remove.ldconfig.call.patch \
-           file://Makefile-runtests.patch \
            file://ldflags-tests.patch \
            file://run-ptest \
            "
@@ -24,32 +22,19 @@ RDEPENDS_${PN}-ptest += "make"
 inherit ptest
 
 do_configure() {
-	uname=GNU ./configure --prefix=${prefix} --shared --libdir=${libdir}
+	LDCONFIG=true ./configure --prefix=${prefix} --shared --libdir=${libdir} --uname=GNU
 }
 
 do_compile() {
 	oe_runmake shared
 }
 
-do_compile_ptest() {
-	oe_runmake test
-}
-
 do_install() {
 	oe_runmake DESTDIR=${D} install
 }
 
 do_install_ptest() {
-	install ${B}/Makefile   ${D}${PTEST_PATH}
-	install ${B}/example    ${D}${PTEST_PATH}
-	install ${B}/minigzip   ${D}${PTEST_PATH}
-	install ${B}/examplesh  ${D}${PTEST_PATH}
-	install ${B}/minigzipsh ${D}${PTEST_PATH}
-
-	# Remove buildhost references...
-	sed -i -e "s,--sysroot=${STAGING_DIR_TARGET},,g" \
-		-e 's|${DEBUG_PREFIX_MAP}||g' \
-	 ${D}${PTEST_PATH}/Makefile
+	install ${B}/examplesh ${D}${PTEST_PATH}
 }
 
 # Move zlib shared libraries for target builds to $base_libdir so the library

meta/recipes-devtools/e2fsprogs/e2fsprogs/run-ptest

@@ -1,7 +1,7 @@
 #!/bin/sh
 
 cd ./test
-./test_script | sed -u -e '/:[[:space:]]ok/s/^/PASS: /' -e '/:[[:space:]]failed/s/^/FAIL: /' -e '/:[[:space:]]skipped/s/^/SKIP: /'
+SKIP_SLOW_TESTS=yes ./test_script | sed -u -e '/:[[:space:]]ok/s/^/PASS: /' -e '/:[[:space:]]failed/s/^/FAIL: /' -e '/:[[:space:]]skipped/s/^/SKIP: /'
 rm -rf /var/volatile/tmp/*e2fsprogs*
 rm -f tmp-*
 rm -f *.tmp

meta/recipes-devtools/elfutils/elfutils_0.175.bb

@@ -27,6 +27,10 @@ SRC_URI = "https://sourceware.org/elfutils/ftp/${PV}/${BP}.tar.bz2 \
            file://debian/hurd_path.patch \
            file://debian/ignore_strmerge.diff \
            file://debian/disable_werror.patch \
+           file://CVE-2019-7149.patch \
+           file://CVE-2019-7150.patch \
+           file://CVE-2019-7146_p1.patch \
+           file://CVE-2019-7146_p2.patch \
            "
 SRC_URI_append_libc-musl = " file://0008-build-Provide-alternatives-for-glibc-assumptions-hel.patch"
 

meta/recipes-devtools/elfutils/files/CVE-2019-7146_p1.patch

@@ -0,0 +1,52 @@
+From 012018907ca05eb0ab51d424a596ef38fc87cae1 Mon Sep 17 00:00:00 2001
+From: Mark Wielaard <mark@klomp.org>
+Date: Wed, 16 Jan 2019 11:57:35 +0100
+Subject: [PATCH] libebl: Check GNU property note pr_datasz fits inside note
+ description.
+
+Before printing the data values, make sure pr_datasz doesn't go beyond
+the end of the note description data.
+
+https://sourceware.org/bugzilla/show_bug.cgi?id=24075
+
+Signed-off-by: Mark Wielaard <mark@klomp.org>
+
+Upstream-Status: Backport
+CVE: CVE-2019-7146 patch #1
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ libebl/ChangeLog    | 4 ++++
+ libebl/eblobjnote.c | 7 +++++++
+ 2 files changed, 11 insertions(+)
+
+Index: elfutils-0.175/libebl/eblobjnote.c
+===================================================================
+--- elfutils-0.175.orig/libebl/eblobjnote.c
++++ elfutils-0.175/libebl/eblobjnote.c
+@@ -350,6 +350,13 @@ ebl_object_note (Ebl *ebl, uint32_t name
+ 		  desc += 8;
+ 		  descsz -= 8;
+ 
++		  if (prop.pr_datasz > descsz)
++		    {
++		      printf ("BAD property datasz: %" PRId32 "\n",
++			      prop.pr_datasz);
++		      return;
++		    }
++
+ 		  int elfclass = gelf_getclass (ebl->elf);
+ 		  char *elfident = elf_getident (ebl->elf, NULL);
+ 		  GElf_Ehdr ehdr;
+Index: elfutils-0.175/libebl/ChangeLog
+===================================================================
+--- elfutils-0.175.orig/libebl/ChangeLog
++++ elfutils-0.175/libebl/ChangeLog
+@@ -1,3 +1,7 @@
++2019-01-16  Mark Wielaard  <mark@klomp.org>
++
++       * eblobjnte.c (ebl_object_note): Check pr_datasz isn't too large.
++
+ 2018-11-15  Mark Wielaard  <mark@klomp.org>
+ 
+ 	* eblobjnotetypename.c (ebl_object_note_type_name): Don't update

meta/recipes-devtools/elfutils/files/CVE-2019-7146_p2.patch

@@ -0,0 +1,65 @@
+From cd7ded3df43f655af945c869976401a602e46fcd Mon Sep 17 00:00:00 2001
+From: Mark Wielaard <mark@klomp.org>
+Date: Wed, 30 Jan 2019 00:04:11 +0100
+Subject: [PATCH] libebl: Check GNU property note data padding fits inside
+ note.
+
+The GNU property note data is padded. Make sure the extra padding
+still fits in the note description.
+
+https://sourceware.org/bugzilla/show_bug.cgi?id=24075
+
+Signed-off-by: Mark Wielaard <mark@klomp.org>
+
+Upstream-Status: Backport
+CVE: CVE-2019-7146 patch #2
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ libebl/ChangeLog    |  5 +++++
+ libebl/eblobjnote.c | 17 +++++++++--------
+ 2 files changed, 14 insertions(+), 8 deletions(-)
+
+Index: elfutils-0.175/libebl/ChangeLog
+===================================================================
+--- elfutils-0.175.orig/libebl/ChangeLog
++++ elfutils-0.175/libebl/ChangeLog
+@@ -1,3 +1,8 @@
++2019-01-29  Mark Wielaard  <mark@klomp.org>
++
++	* eblobjnote.c (ebl_object_note): Check pr_datasz padding doesn't
++	overflow descsz.
++
+ 2019-01-16  Mark Wielaard  <mark@klomp.org>
+ 
+        * eblobjnte.c (ebl_object_note): Check pr_datasz isn't too large.
+Index: elfutils-0.175/libebl/eblobjnote.c
+===================================================================
+--- elfutils-0.175.orig/libebl/eblobjnote.c
++++ elfutils-0.175/libebl/eblobjnote.c
+@@ -486,16 +486,17 @@ ebl_object_note (Ebl *ebl, uint32_t name
+ 			  printf ("%02" PRIx8 "\n", (uint8_t) desc[i]);
+ 			}
+ 		    }
++
+ 		  if (elfclass == ELFCLASS32)
+-		    {
+-		      desc += NOTE_ALIGN4 (prop.pr_datasz);
+-		      descsz -= NOTE_ALIGN4 (prop.pr_datasz);
+-		    }
++		    prop.pr_datasz = NOTE_ALIGN4 (prop.pr_datasz);
+ 		  else
+-		    {
+-		      desc += NOTE_ALIGN8 (prop.pr_datasz);
+-		      descsz -= NOTE_ALIGN8 (prop.pr_datasz);
+-		    }
++		    prop.pr_datasz = NOTE_ALIGN8 (prop.pr_datasz);
++
++		  desc += prop.pr_datasz;
++		  if (descsz > prop.pr_datasz)
++		    descsz -= prop.pr_datasz;
++		  else
++		    descsz = 0;
+ 		}
+ 	    }
+ 	  break;

meta/recipes-devtools/elfutils/files/CVE-2019-7149.patch

@@ -0,0 +1,148 @@
+From 2562759d6fe5b364fe224852e64e8bda39eb2e35 Mon Sep 17 00:00:00 2001
+From: Mark Wielaard <mark@klomp.org>
+Date: Sun, 20 Jan 2019 22:10:18 +0100
+Subject: [PATCH] libdw: Check terminating NUL byte in dwarf_getsrclines for
+ dir/file table.
+
+For DWARF version < 5 the .debug_line directory and file tables consist
+of a terminating NUL byte after all strings. The code used to just skip
+this without checking it actually existed. This could case a spurious
+read past the end of data.
+
+Fix the same issue in readelf.
+
+https://sourceware.org/bugzilla/show_bug.cgi?id=24102
+
+Signed-off-by: Mark Wielaard <mark@klomp.org>
+
+Upstream-Status: Backport
+CVE: CVE-2019-7149
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ libdw/ChangeLog           |  5 +++++
+ libdw/dwarf_getsrclines.c | 11 ++++++++---
+ src/ChangeLog             |  5 +++++
+ src/readelf.c             |  8 ++++++--
+ 4 files changed, 24 insertions(+), 5 deletions(-)
+
+Index: elfutils-0.175/libdw/dwarf_getsrclines.c
+===================================================================
+--- elfutils-0.175.orig/libdw/dwarf_getsrclines.c
++++ elfutils-0.175/libdw/dwarf_getsrclines.c
+@@ -315,7 +315,7 @@ read_srclines (Dwarf *dbg,
+   if (version < 5)
+     {
+       const unsigned char *dirp = linep;
+-      while (*dirp != 0)
++      while (dirp < lineendp && *dirp != 0)
+ 	{
+ 	  uint8_t *endp = memchr (dirp, '\0', lineendp - dirp);
+ 	  if (endp == NULL)
+@@ -323,6 +323,8 @@ read_srclines (Dwarf *dbg,
+ 	  ++ndirs;
+ 	  dirp = endp + 1;
+ 	}
++      if (dirp >= lineendp || *dirp != '\0')
++	goto invalid_data;
+       ndirs = ndirs + 1; /* There is always the "unknown" dir.  */
+     }
+   else
+@@ -392,11 +394,12 @@ read_srclines (Dwarf *dbg,
+ 	{
+ 	  dirarray[n].dir = (char *) linep;
+ 	  uint8_t *endp = memchr (linep, '\0', lineendp - linep);
+-	  assert (endp != NULL);
++	  assert (endp != NULL); // Checked above when calculating ndirlist.
+ 	  dirarray[n].len = endp - linep;
+ 	  linep = endp + 1;
+ 	}
+       /* Skip the final NUL byte.  */
++      assert (*linep == '\0'); // Checked above when calculating ndirlist.
+       ++linep;
+     }
+   else
+@@ -471,7 +474,7 @@ read_srclines (Dwarf *dbg,
+     {
+       if (unlikely (linep >= lineendp))
+ 	goto invalid_data;
+-      while (*linep != 0)
++      while (linep < lineendp && *linep != '\0')
+ 	{
+ 	  struct filelist *new_file = NEW_FILE ();
+ 
+@@ -527,6 +530,8 @@ read_srclines (Dwarf *dbg,
+ 	    goto invalid_data;
+ 	  get_uleb128 (new_file->info.length, linep, lineendp);
+ 	}
++      if (linep >= lineendp || *linep != '\0')
++	goto invalid_data;
+       /* Skip the final NUL byte.  */
+       ++linep;
+     }
+Index: elfutils-0.175/src/readelf.c
+===================================================================
+--- elfutils-0.175.orig/src/readelf.c
++++ elfutils-0.175/src/readelf.c
+@@ -8444,7 +8444,7 @@ print_debug_line_section (Dwfl_Module *d
+ 	}
+       else
+ 	{
+-	  while (*linep != 0)
++	  while (linep < lineendp && *linep != 0)
+ 	    {
+ 	      unsigned char *endp = memchr (linep, '\0', lineendp - linep);
+ 	      if (unlikely (endp == NULL))
+@@ -8454,6 +8454,8 @@ print_debug_line_section (Dwfl_Module *d
+ 
+ 	      linep = endp + 1;
+ 	    }
++	  if (linep >= lineendp || *linep != 0)
++	    goto invalid_unit;
+ 	  /* Skip the final NUL byte.  */
+ 	  ++linep;
+ 	}
+@@ -8523,7 +8525,7 @@ print_debug_line_section (Dwfl_Module *d
+       else
+ 	{
+ 	  puts (gettext (" Entry Dir   Time      Size      Name"));
+-	  for (unsigned int cnt = 1; *linep != 0; ++cnt)
++	  for (unsigned int cnt = 1; linep < lineendp && *linep != 0; ++cnt)
+ 	    {
+ 	      /* First comes the file name.  */
+ 	      char *fname = (char *) linep;
+@@ -8553,6 +8555,8 @@ print_debug_line_section (Dwfl_Module *d
+ 	      printf (" %-5u %-5u %-9u %-9u %s\n",
+ 		      cnt, diridx, mtime, fsize, fname);
+ 	    }
++	  if (linep >= lineendp || *linep != '\0')
++	    goto invalid_unit;
+ 	  /* Skip the final NUL byte.  */
+ 	  ++linep;
+ 	}
+Index: elfutils-0.175/libdw/ChangeLog
+===================================================================
+--- elfutils-0.175.orig/libdw/ChangeLog
++++ elfutils-0.175/libdw/ChangeLog
+@@ -1,3 +1,8 @@
++2019-01-20  Mark Wielaard  <mark@klomp.org>
++
++       * dwarf_getsrclines.c (read_srclines): Check terminating NUL byte
++       for dir and file lists.
++
+ 2018-10-20  Mark Wielaard  <mark@klomp.org>
+ 
+ 	* libdw.map (ELFUTILS_0.175): New section. Add dwelf_elf_begin.
+Index: elfutils-0.175/src/ChangeLog
+===================================================================
+--- elfutils-0.175.orig/src/ChangeLog
++++ elfutils-0.175/src/ChangeLog
+@@ -1,3 +1,8 @@
++2019-01-20  Mark Wielaard  <mark@klomp.org>
++
++       * readelf.c (print_debug_line_section): Check terminating NUL byte
++       for dir and file tables.
++
+ 2018-11-10  Mark Wielaard  <mark@klomp.org>
+ 
+ 	* elflint.c (check_program_header): Allow PT_GNU_EH_FRAME segment

meta/recipes-devtools/elfutils/files/CVE-2019-7150.patch

@@ -0,0 +1,51 @@
+From da5c5336a1eaf519de246f7d9f0f5585e1d4ac59 Mon Sep 17 00:00:00 2001
+From: Mark Wielaard <mark@klomp.org>
+Date: Sun, 20 Jan 2019 23:05:56 +0100
+Subject: [PATCH] libdwfl: Sanity check partial core file dyn data read.
+
+When reading the dyn data from the core file check if we got everything,
+or just part of the data.
+
+https://sourceware.org/bugzilla/show_bug.cgi?id=24103
+
+Signed-off-by: Mark Wielaard <mark@klomp.org>
+
+Upstream-Status: Backport
+CVE: CVE-2019-7150
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ libdwfl/ChangeLog                    | 5 +++++
+ libdwfl/dwfl_segment_report_module.c | 6 ++++++
+ 2 files changed, 11 insertions(+)
+
+Index: elfutils-0.175/libdwfl/dwfl_segment_report_module.c
+===================================================================
+--- elfutils-0.175.orig/libdwfl/dwfl_segment_report_module.c
++++ elfutils-0.175/libdwfl/dwfl_segment_report_module.c
+@@ -783,6 +783,12 @@ dwfl_segment_report_module (Dwfl *dwfl,
+   if (dyn_filesz != 0 && dyn_filesz % dyn_entsize == 0
+       && ! read_portion (&dyn_data, &dyn_data_size, dyn_vaddr, dyn_filesz))
+     {
++      /* dyn_data_size will be zero if we got everything from the initial
++         buffer, otherwise it will be the size of the new buffer that
++         could be read.  */
++      if (dyn_data_size != 0)
++	dyn_filesz = dyn_data_size;
++
+       void *dyns = malloc (dyn_filesz);
+       Elf32_Dyn (*d32)[dyn_filesz / sizeof (Elf32_Dyn)] = dyns;
+       Elf64_Dyn (*d64)[dyn_filesz / sizeof (Elf64_Dyn)] = dyns;
+Index: elfutils-0.175/libdwfl/ChangeLog
+===================================================================
+--- elfutils-0.175.orig/libdwfl/ChangeLog
++++ elfutils-0.175/libdwfl/ChangeLog
+@@ -1,3 +1,8 @@
++2019-01-20  Mark Wielaard  <mark@klomp.org>
++
++       * dwfl_segment_report_module.c (dwfl_segment_report_module): Check
++       dyn_filesz vs dyn_data_size after read_portion call.
++
+ 2018-10-20  Mark Wielaard  <mark@klomp.org>
+ 
+ 	* libdwflP.h (__libdw_open_elf): New internal function declaration.

meta/recipes-devtools/file/file/CVE-2019-8904.patch

@@ -0,0 +1,30 @@
+From 94b7501f48e134e77716e7ebefc73d6bbe72ba55 Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos@zoulas.com>
+Date: Mon, 18 Feb 2019 17:30:41 +0000
+Subject: [PATCH] PR/62: spinpx: Avoid non-nul-terminated string read.
+
+Upstream-Status: Backport
+CVE: CVE-2019-8904
+Affects < 5.36
+[Fixup for thud context]
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ src/readelf.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+Index: git/src/readelf.c
+===================================================================
+--- git.orig/src/readelf.c
++++ git/src/readelf.c
+@@ -558,8 +558,8 @@ do_bid_note(struct magic_set *ms, unsign
+ 	}
+ 	if (namesz == 4 && strcmp((char *)&nbuf[noff], "Go") == 0 &&
+ 	    type == NT_GO_BUILD_ID && descsz < 128) {
+-		if (file_printf(ms, ", Go BuildID=%s",
+-		    (char *)&nbuf[doff]) == -1)
++		if (file_printf(ms, ", Go BuildID=%.*s",
++		    CAST(int, descsz), CAST(char *, &nbuf[doff])) == -1)
+ 			return 1;
+ 		return 1;
+ 	}

meta/recipes-devtools/file/file/CVE-2019-8905_CVE-2019-8907.patch

@@ -0,0 +1,120 @@
+From d65781527c8134a1202b2649695d48d5701ac60b Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos@zoulas.com>
+Date: Mon, 18 Feb 2019 17:46:56 +0000
+Subject: [PATCH] PR/62: spinpx: limit size of file_printable.
+
+Upstream-Status: Backport
+CVE: CVE-2019-8905
+CVE: CVE-2019-8907
+affects < 5.36
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ src/file.h      |  4 ++--
+ src/funcs.c     |  9 +++++----
+ src/readelf.c   |  7 ++++---
+ src/softmagic.c | 14 ++++++++------
+ 4 files changed, 19 insertions(+), 15 deletions(-)
+
+Index: git/src/file.h
+===================================================================
+--- git.orig/src/file.h
++++ git/src/file.h
+@@ -501,7 +501,7 @@ protected int file_looks_utf8(const unsi
+     size_t *);
+ protected size_t file_pstring_length_size(const struct magic *);
+ protected size_t file_pstring_get_length(const struct magic *, const char *);
+-protected char * file_printable(char *, size_t, const char *);
++protected char * file_printable(char *, size_t, const char *, size_t);
+ #ifdef __EMX__
+ protected int file_os2_apptype(struct magic_set *, const char *, const void *,
+     size_t);
+Index: git/src/funcs.c
+===================================================================
+--- git.orig/src/funcs.c
++++ git/src/funcs.c
+@@ -595,12 +595,13 @@ file_pop_buffer(struct magic_set *ms, fi
+  * convert string to ascii printable format.
+  */
+ protected char *
+-file_printable(char *buf, size_t bufsiz, const char *str)
++file_printable(char *buf, size_t bufsiz, const char *str, size_t slen)
+ {
+-	char *ptr, *eptr;
++	char *ptr, *eptr = buf + bufsiz - 1;
+ 	const unsigned char *s = (const unsigned char *)str;
++	const unsigned char *es = s + slen;
+ 
+-	for (ptr = buf, eptr = ptr + bufsiz - 1; ptr < eptr && *s; s++) {
++	for (ptr = buf;  ptr < eptr && s < es && *s; s++) {
+ 		if (isprint(*s)) {
+ 			*ptr++ = *s;
+ 			continue;
+Index: git/src/readelf.c
+===================================================================
+--- git.orig/src/readelf.c
++++ git/src/readelf.c
+@@ -750,7 +750,7 @@ do_core_note(struct magic_set *ms, unsig
+ 			if (file_printf(ms, ", from '%.31s', pid=%u, uid=%u, "
+ 			    "gid=%u, nlwps=%u, lwp=%u (signal %u/code %u)",
+ 			    file_printable(sbuf, sizeof(sbuf),
+-			    CAST(char *, pi.cpi_name)),
++			    CAST(char *, pi.cpi_name), sizeof(pi.cpi_name)),
+ 			    elf_getu32(swap, (uint32_t)pi.cpi_pid),
+ 			    elf_getu32(swap, pi.cpi_euid),
+ 			    elf_getu32(swap, pi.cpi_egid),
+@@ -1655,7 +1655,8 @@ dophn_exec(struct magic_set *ms, int cla
+ 		return -1;
+ 	if (interp[0])
+ 		if (file_printf(ms, ", interpreter %s",
+-		    file_printable(ibuf, sizeof(ibuf), interp)) == -1)
++		    file_printable(ibuf, sizeof(ibuf), interp, sizeof(interp)))
++			== -1)
+ 			return -1;
+ 	return 0;
+ }
+Index: git/src/softmagic.c
+===================================================================
+--- git.orig/src/softmagic.c
++++ git/src/softmagic.c
+@@ -616,8 +616,8 @@ mprint(struct magic_set *ms, struct magi
+   	case FILE_LESTRING16:
+ 		if (m->reln == '=' || m->reln == '!') {
+ 			if (file_printf(ms, F(ms, desc, "%s"), 
+-			    file_printable(sbuf, sizeof(sbuf), m->value.s))
+-			    == -1)
++			    file_printable(sbuf, sizeof(sbuf), m->value.s,
++			    sizeof(m->value.s))) == -1)
+ 				return -1;
+ 			t = ms->offset + m->vallen;
+ 		}
+@@ -644,7 +644,8 @@ mprint(struct magic_set *ms, struct magi
+ 			}
+ 
+ 			if (file_printf(ms, F(ms, desc, "%s"),
+-			    file_printable(sbuf, sizeof(sbuf), str)) == -1)
++			    file_printable(sbuf, sizeof(sbuf), str,
++				sizeof(p->s) - (str - p->s))) == -1)
+ 				return -1;
+ 
+ 			if (m->type == FILE_PSTRING)
+@@ -750,7 +751,7 @@ mprint(struct magic_set *ms, struct magi
+ 			return -1;
+ 		}
+ 		rval = file_printf(ms, F(ms, desc, "%s"),
+-		    file_printable(sbuf, sizeof(sbuf), cp));
++		    file_printable(sbuf, sizeof(sbuf), cp, ms->search.rm_len));
+ 		free(cp);
+ 
+ 		if (rval == -1)
+@@ -777,7 +778,8 @@ mprint(struct magic_set *ms, struct magi
+ 		break;
+ 	case FILE_DER:
+ 		if (file_printf(ms, F(ms, desc, "%s"), 
+-		    file_printable(sbuf, sizeof(sbuf), ms->ms_value.s)) == -1)
++		    file_printable(sbuf, sizeof(sbuf), ms->ms_value.s,
++                        sizeof(ms->ms_value.s))) == -1)
+ 			return -1;
+ 		t = ms->offset;
+ 		break;

meta/recipes-devtools/file/file/CVE-2019-8906.patch

@@ -0,0 +1,27 @@
+From 2858eaf99f6cc5aae129bcbf1e24ad160240185f Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos@zoulas.com>
+Date: Wed, 2 Jan 2019 19:44:14 +0000
+Subject: [PATCH] Avoid OOB read (found by ASAN reported by F. Alonso)
+
+Upstream-Status: Backport
+CVE: CVE-2019-8906
+Affects < 5.36
+[Fixup for thud context]
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ src/readelf.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+Index: git/src/readelf.c
+===================================================================
+--- git.orig/src/readelf.c
++++ git/src/readelf.c
+@@ -745,7 +745,7 @@ do_core_note(struct magic_set *ms, unsig
+ 			char sbuf[512];
+ 			struct NetBSD_elfcore_procinfo pi;
+ 			memset(&pi, 0, sizeof(pi));
+-			memcpy(&pi, nbuf + doff, descsz);
++			memcpy(&pi, nbuf + doff, MIN(descsz, sizeof(pi)));
+ 
+ 			if (file_printf(ms, ", from '%.31s', pid=%u, uid=%u, "
+ 			    "gid=%u, nlwps=%u, lwp=%u (signal %u/code %u)",

meta/recipes-devtools/file/file_5.34.bb

@@ -16,6 +16,9 @@ UPSTREAM_CHECK_GITTAGREGEX = "FILE(?P<pver>(?!6_23).+)"
 
 SRC_URI = "git://github.com/file/file.git \
         file://debian-742262.patch \
+        file://CVE-2019-8906.patch \
+        file://CVE-2019-8904.patch \
+        file://CVE-2019-8905_CVE-2019-8907.patch \
         "
 
 SRCREV = "315cef2f699da3c31a54bd3c6c6070680fbaf1f5"

meta/recipes-devtools/go/go-1.11.inc

@@ -1,7 +1,7 @@
 require go-common.inc
 
 GO_BASEVERSION = "1.11"
-GO_MINOR = ".1"
+GO_MINOR = ".10"
 PV .= "${GO_MINOR}"
 FILESEXTRAPATHS_prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:"
 
@@ -17,8 +17,7 @@ SRC_URI += "\
     file://0007-cmd-go-make-GOROOT-precious-by-default.patch \
     file://0008-use-GOBUILDMODE-to-set-buildmode.patch \
 "
-
 SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
 
-SRC_URI[main.md5sum] = "eb9e9792247143705a7aacea9398cde0"
-SRC_URI[main.sha256sum] = "558f8c169ae215e25b81421596e8de7572bd3ba824b79add22fba6e284db1117"
+SRC_URI[main.md5sum] = "f2d2e44b9954b827daa8ad4d936a7a82"
+SRC_URI[main.sha256sum] = "df27e96a9d1d362c46ecd975f1faa56b8c300f5c529074e9ea79bdd885493c1b"

meta/recipes-devtools/go/go-1.11/0007-cmd-go-make-GOROOT-precious-by-default.patch

@@ -65,8 +65,8 @@ Index: go/src/cmd/go/internal/work/exec.go
 ===================================================================
 --- go.orig/src/cmd/go/internal/work/exec.go
 +++ go/src/cmd/go/internal/work/exec.go
-@@ -440,6 +440,23 @@ func (b *Builder) build(a *Action) (err
- 		return fmt.Errorf("module requires Go %s", p.Module.GoVersion)
+@@ -436,6 +436,23 @@ func (b *Builder) build(a *Action) (err
+ 		return fmt.Errorf("missing or invalid binary-only package; expected file %q", a.Package.Target)
  	}
  
 +	if goRootPrecious && (a.Package.Standard || a.Package.Goroot) {
@@ -89,7 +89,7 @@ Index: go/src/cmd/go/internal/work/exec.go
  	if err := b.Mkdir(a.Objdir); err != nil {
  		return err
  	}
-@@ -1435,6 +1452,14 @@ func BuildInstallFunc(b *Builder, a *Act
+@@ -1438,6 +1455,14 @@ func BuildInstallFunc(b *Builder, a *Act
  		return nil
  	}
  

meta/recipes-devtools/go/go-1.11/0008-use-GOBUILDMODE-to-set-buildmode.patch

@@ -18,11 +18,11 @@ Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
  src/cmd/go/internal/work/build.go | 6 +++++-
  1 file changed, 5 insertions(+), 1 deletion(-)
 
-diff --git a/src/cmd/go/internal/work/build.go b/src/cmd/go/internal/work/build.go
-index 145b875..595d703 100644
---- a/src/cmd/go/internal/work/build.go
-+++ b/src/cmd/go/internal/work/build.go
-@@ -218,7 +218,11 @@ func AddBuildFlags(cmd *base.Command) {
+Index: go/src/cmd/go/internal/work/build.go
+===================================================================
+--- go.orig/src/cmd/go/internal/work/build.go
++++ go/src/cmd/go/internal/work/build.go
+@@ -223,7 +223,11 @@ func AddBuildFlags(cmd *base.Command) {
  
  	cmd.Flag.Var(&load.BuildAsmflags, "asmflags", "")
  	cmd.Flag.Var(buildCompiler{}, "compiler", "")
@@ -35,6 +35,3 @@ index 145b875..595d703 100644
  	cmd.Flag.Var(&load.BuildGcflags, "gcflags", "")
  	cmd.Flag.Var(&load.BuildGccgoflags, "gccgoflags", "")
  	cmd.Flag.StringVar(&cfg.BuildMod, "mod", "", "")
--- 
-2.7.4
-

meta/recipes-devtools/go/go-crosssdk.inc

@@ -1,7 +1,7 @@
 inherit crosssdk
 
 DEPENDS = "go-native virtual/${TARGET_PREFIX}gcc-crosssdk virtual/nativesdk-${TARGET_PREFIX}compilerlibs virtual/${TARGET_PREFIX}binutils-crosssdk"
-PN = "go-crosssdk-${TARGET_ARCH}"
+PN = "go-crosssdk-${SDK_SYS}"
 PROVIDES = "virtual/${TARGET_PREFIX}go-crosssdk"
 
 export GOHOSTOS = "${BUILD_GOOS}"

meta/recipes-devtools/go/go-target.inc

@@ -40,7 +40,7 @@ do_install() {
 	for f in ${B}/${GO_BUILD_BINDIR}/*; do
 		name=`basename $f`
 		install -m 0755 $f ${D}${libdir}/go/bin/
-		ln -sf ../${BASELIB}/go/bin/$name ${D}${bindir}/
+		ln -sf ../${baselib}/go/bin/$name ${D}${bindir}/
 	done
 }
 

meta/recipes-devtools/opkg-utils/opkg-utils/0001-opkg-make-index-use-ctime-instead-of-mtime.patch

@@ -0,0 +1,59 @@
+From 0cd38bb1bdcdbfc091014a1f39d015a1586a33e6 Mon Sep 17 00:00:00 2001
+From: Stefan Agner <stefan.agner@toradex.com>
+Date: Fri, 19 Oct 2018 17:38:21 +0200
+Subject: [PATCH] opkg-make-index: use ctime instead of mtime
+
+Upstream-Status: Backport
+
+When using sstate, two parallel builds can produce two packages
+with the same mtime but different checksums. When later one of
+those two builds fetches the others ipk, the package index does
+not get udpated properly (since mtime matches). This ends up with
+messages such as:
+  Downloading file:/../tmp/work/../image/...ipk.
+  Removing corrupt package file /../sysroot/../var/cache/opkg/volatile/...ipk
+
+However, in that case, ctime is different. Use ctime instead of
+mtime to prevent failures like this.
+
+Suggested-by: Khem Raj <raj.khem@gmail.com>
+Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
+Acked-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+Acked-by: Khem Raj <raj.khem@gmail.com>
+Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>
+Signed-off-by: Ming Liu <liu.ming50@gmail.com>
+---
+ opkg-make-index | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/opkg-make-index b/opkg-make-index
+index 3227fc0..db7bf64 100755
+--- a/opkg-make-index
++++ b/opkg-make-index
+@@ -115,12 +115,12 @@ for abspath in files:
+      pkg = None
+      fnameStat = os.stat(abspath)
+      if filename in old_pkg_hash:
+-          if filename in pkgsStamps and int(fnameStat.st_mtime) == pkgsStamps[filename]:
++          if filename in pkgsStamps and int(fnameStat.st_ctime) == pkgsStamps[filename]:
+             if (verbose):
+                sys.stderr.write("Found %s in Packages\n" % (filename,))
+             pkg = old_pkg_hash[filename]
+           else:
+-               sys.stderr.write("Found %s in Packages, but mtime differs - re-reading\n" % (filename,))
++               sys.stderr.write("Found %s in Packages, but ctime differs - re-reading\n" % (filename,))
+ 
+      if not pkg:
+           if (verbose):
+@@ -137,7 +137,7 @@ for abspath in files:
+      else:
+           old_filename = ""
+      s = packages.add_package(pkg, opt_a)
+-     pkgsStamps[filename] = fnameStat.st_mtime
++     pkgsStamps[filename] = fnameStat.st_ctime
+      if s == 0:
+           if old_filename:
+                # old package was displaced by newer
+-- 
+2.7.4
+

meta/recipes-devtools/opkg-utils/opkg-utils_0.3.6.bb

@@ -14,6 +14,7 @@ SRC_URI = "http://git.yoctoproject.org/cgit/cgit.cgi/${BPN}/snapshot/${BPN}-${PV
            file://threaded-xz.patch \
            file://pigz.patch \
            file://0001-update-alternatives-Fix-link-relocation-support.patch \
+           file://0001-opkg-make-index-use-ctime-instead-of-mtime.patch \
 "
 SRC_URI_append_class-native = " file://tar_ignore_error.patch"
 UPSTREAM_CHECK_URI = "http://git.yoctoproject.org/cgit/cgit.cgi/opkg-utils/refs/"

meta/recipes-devtools/opkg/opkg/0001-libopkg-add-add-ignore-recommends-option.patch

@@ -0,0 +1,260 @@
+From 2eca28b6a37be92e4e835c51872c7df34ec6dedd Mon Sep 17 00:00:00 2001
+From: Quentin Schulz <quentin.schulz@streamunlimited.com>
+Date: Fri, 31 May 2019 17:30:40 +0200
+Subject: [PATCH] [PATCH] libopkg: add --add-ignore-recommends option
+
+Add option to ignore specific recommended packages. On the libsolv
+backed, this feature will only work on libsolv version > 0.7.2 [1].
+
+[1] https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openSUSE_libsolv_issues_254&d=DwIBaQ&c=I_0YwoKy7z5LMTVdyO6YCiE2uzI1jjZZuIPelcSjixA&r=wNcrL2akRn6jfxhHaKavUrJB_C9JAMXtynjLd8ZzgXQ&m=GObNHzFJpWpf_PripIrf-K2RhsktYdAUEieAJexXOKw&s=3G-meChUqClFggFPqsrAxIZBfLnRKIHm62Uuy1X6nQQ&e=
+
+Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>
+Signed-off-by: Quentin Schulz <quentin.schulz@streamunlimited.com>
+
+Upstream-Status: Backport
+---
+ libopkg/opkg_conf.c                           |  2 +
+ libopkg/opkg_conf.h                           |  1 +
+ .../solvers/internal/pkg_depends_internal.c   |  3 +-
+ libopkg/solvers/libsolv/opkg_solver_libsolv.c | 21 ++++++-
+ man/opkg.1.in                                 |  3 +
+ src/opkg.c                                    |  6 ++
+ tests/Makefile                                |  1 +
+ tests/core/43_add_ignore_recommends.py        | 62 +++++++++++++++++++
+ 8 files changed, 97 insertions(+), 2 deletions(-)
+ create mode 100644 tests/core/43_add_ignore_recommends.py
+
+diff --git a/libopkg/opkg_conf.c b/libopkg/opkg_conf.c
+index 06880a1..f2330cd 100644
+--- a/libopkg/opkg_conf.c
++++ b/libopkg/opkg_conf.c
+@@ -597,6 +597,7 @@ int opkg_conf_init(void)
+     pkg_dest_list_init(&opkg_config->tmp_dest_list);
+     nv_pair_list_init(&opkg_config->arch_list);
+     str_list_init(&opkg_config->exclude_list);
++    str_list_init(&opkg_config->ignore_recommends_list);
+ 
+     return 0;
+ }
+@@ -938,6 +939,7 @@ void opkg_conf_deinit(void)
+     pkg_dest_list_deinit(&opkg_config->pkg_dest_list);
+     nv_pair_list_deinit(&opkg_config->arch_list);
+     str_list_deinit(&opkg_config->exclude_list);
++    str_list_deinit(&opkg_config->ignore_recommends_list);
+ 
+     if (opkg_config->verbosity >= DEBUG) {
+         hash_print_stats(&opkg_config->pkg_hash);
+diff --git a/libopkg/opkg_conf.h b/libopkg/opkg_conf.h
+index dc11516..fc42de3 100644
+--- a/libopkg/opkg_conf.h
++++ b/libopkg/opkg_conf.h
+@@ -61,6 +61,7 @@ typedef struct opkg_conf {
+     pkg_dest_list_t tmp_dest_list;
+     nv_pair_list_t arch_list;
+     str_list_t exclude_list;
++    str_list_t ignore_recommends_list;
+ 
+     int restrict_to_default_dest;
+     pkg_dest_t *default_dest;
+diff --git a/libopkg/solvers/internal/pkg_depends_internal.c b/libopkg/solvers/internal/pkg_depends_internal.c
+index cd56d84..5deee70 100644
+--- a/libopkg/solvers/internal/pkg_depends_internal.c
++++ b/libopkg/solvers/internal/pkg_depends_internal.c
+@@ -228,7 +228,8 @@ int pkg_hash_fetch_unsatisfied_dependencies(pkg_t *pkg,
+                             || compound_depend->type == SUGGEST)
+                         && (satisfying_pkg->state_want == SW_DEINSTALL
+                             || satisfying_pkg->state_want == SW_PURGE
+-                            || opkg_config->no_install_recommends);
++                            || opkg_config->no_install_recommends
++                            || str_list_contains(&opkg_config->ignore_recommends_list, satisfying_pkg->name));
+                 if (ignore) {
+                     opkg_msg(NOTICE,
+                              "%s: ignoring recommendation for "
+diff --git a/libopkg/solvers/libsolv/opkg_solver_libsolv.c b/libopkg/solvers/libsolv/opkg_solver_libsolv.c
+index bf0b72c..ea00a37 100644
+--- a/libopkg/solvers/libsolv/opkg_solver_libsolv.c
++++ b/libopkg/solvers/libsolv/opkg_solver_libsolv.c
+@@ -484,6 +484,7 @@ static void pkg2solvable(pkg_t *pkg, Solvable *solvable_out)
+ static void populate_installed_repo(libsolv_solver_t *libsolv_solver)
+ {
+     int i;
++    Id what;
+ 
+     pkg_vec_t *installed_pkgs = pkg_vec_alloc();
+ 
+@@ -507,6 +508,15 @@ static void populate_installed_repo(libsolv_solver_t *libsolv_solver)
+         /* set solvable attributes */
+         pkg2solvable(pkg, solvable);
+ 
++        /* if the package is in ignore-recommends-list, disfavor installation */
++        if (str_list_contains(&opkg_config->ignore_recommends_list, pkg->name)) {
++            opkg_message(NOTICE, "Disfavor package: %s\n",
++                         pkg->name);
++            what = pool_str2id(libsolv_solver->pool, pkg->name, 1);
++            queue_push2(&libsolv_solver->solver_jobs, SOLVER_SOLVABLE_NAME
++                        | SOLVER_DISFAVOR, what);
++        }
++
+         /* if the package is not autoinstalled, mark it as user installed */
+         if (!pkg->auto_installed)
+             queue_push2(&libsolv_solver->solver_jobs, SOLVER_SOLVABLE
+@@ -533,7 +543,7 @@ static void populate_available_repos(libsolv_solver_t *libsolv_solver)
+ {
+     int i;
+     Solvable *solvable;
+-    Id solvable_id;
++    Id solvable_id, what;
+ 
+     pkg_vec_t *available_pkgs = pkg_vec_alloc();
+ 
+@@ -602,6 +612,15 @@ static void populate_available_repos(libsolv_solver_t *libsolv_solver)
+         solvable = pool_id2solvable(libsolv_solver->pool, solvable_id);
+         pkg2solvable(pkg, solvable);
+ 
++        /* if the package is in ignore-recommends-list, disfavor installation */
++        if (str_list_contains(&opkg_config->ignore_recommends_list, pkg->name)) {
++            opkg_message(NOTICE, "Disfavor package: %s\n",
++                         pkg->name);
++            what = pool_str2id(libsolv_solver->pool, pkg->name, 1);
++            queue_push2(&libsolv_solver->solver_jobs, SOLVER_SOLVABLE_NAME
++                        | SOLVER_DISFAVOR, what);
++        }
++
+         /* if the --force-depends option is specified make dependencies weak */
+         if (opkg_config->force_depends)
+             queue_push2(&libsolv_solver->solver_jobs, SOLVER_SOLVABLE
+diff --git a/man/opkg.1.in b/man/opkg.1.in
+index 026fb15..c0d4bf3 100644
+--- a/man/opkg.1.in
++++ b/man/opkg.1.in
+@@ -143,6 +143,9 @@ conjunction with \fB\--dest\fP
+ \fB\--add-arch <\fIarch\fP>:<\fIprio\fP>\fR
+ Register the package architecture \fIarch\fP with the numeric
+ priority \fIprio\fP. Lower priorities take precedence.
++.TP
++\fB\--add-ignore-recommends <\fIname\fP>\fR
++Register package to be ignored as a recomendee
+ .SS FORCE OPTIONS
+ .TP
+ \fB\--force-depends \fR
+diff --git a/src/opkg.c b/src/opkg.c
+index f23467d..5181065 100644
+--- a/src/opkg.c
++++ b/src/opkg.c
+@@ -51,6 +51,7 @@ enum {
+     ARGS_OPT_ADD_DEST,
+     ARGS_OPT_SIZE,
+     ARGS_OPT_ADD_EXCLUDE,
++    ARGS_OPT_ADD_IGNORE_RECOMMENDS,
+     ARGS_OPT_NOACTION,
+     ARGS_OPT_DOWNLOAD_ONLY,
+     ARGS_OPT_NODEPS,
+@@ -110,6 +111,7 @@ static struct option long_options[] = {
+     {"add-dest", 1, 0, ARGS_OPT_ADD_DEST},
+     {"size", 0, 0, ARGS_OPT_SIZE},
+     {"add-exclude", 1, 0, ARGS_OPT_ADD_EXCLUDE},
++    {"add-ignore-recommends", 1, 0, ARGS_OPT_ADD_IGNORE_RECOMMENDS},
+     {"test", 0, 0, ARGS_OPT_NOACTION},
+     {"tmp-dir", 1, 0, 't'},
+     {"tmp_dir", 1, 0, 't'},
+@@ -235,6 +237,9 @@ static int args_parse(int argc, char *argv[])
+         case ARGS_OPT_ADD_EXCLUDE:
+             str_list_append(&opkg_config->exclude_list, optarg);
+             break;
++        case ARGS_OPT_ADD_IGNORE_RECOMMENDS:
++            str_list_append(&opkg_config->ignore_recommends_list, optarg);
++            break;
+         case ARGS_OPT_SIZE:
+             opkg_config->size = 1;
+             break;
+@@ -335,6 +340,7 @@ static void usage()
+     printf("\t--add-arch <arch>:<prio>        Register architecture with given priority\n");
+     printf("\t--add-dest <name>:<path>        Register destination with given path\n");
+     printf("\t--add-exclude <name>            Register package to be excluded from install\n");
++    printf("\t--add-ignore-recommends <name>  Register package to be ignored as a recomendee\n");
+     printf("\t--prefer-arch-to-version        Use the architecture priority package rather\n");
+     printf("\t                                than the higher version one if more\n");
+     printf("\t                                than one candidate is found.\n");
+diff --git a/tests/Makefile b/tests/Makefile
+index 148c844..ddf027f 100644
+--- a/tests/Makefile
++++ b/tests/Makefile
+@@ -38,6 +38,7 @@ REGRESSION_TESTS := core/01_install.py \
+ 		    core/37_globs.py \
+ 		    core/38_install_constrained_version.py \
+ 		    core/39_distupgrade.py \
++		    core/43_add_ignore_recommends.py \
+ 		    regress/issue26.py \
+ 		    regress/issue31.py \
+ 		    regress/issue32.py \
+diff --git a/tests/core/43_add_ignore_recommends.py b/tests/core/43_add_ignore_recommends.py
+new file mode 100644
+index 0000000..7da0096
+--- /dev/null
++++ b/tests/core/43_add_ignore_recommends.py
+@@ -0,0 +1,62 @@
++#! /usr/bin/env python3
++#
++# Create package 'a' (1.0) which Recommends 'c'.
++# Install 'a' with --add-ignore-recommends 'c'.
++# Check that only 'a' (1.0) is installed.
++# Create package 'b' which Depends on 'c'.
++# Install 'a' & 'b', with --add-ignore-recommends 'c'.
++# Verify that 'a','b' & 'c' are installed.
++# Uninstall 'b' & 'c'.
++# Create package 'a' (2.0), which Recommends 'c'.
++# Upgrade 'a' with --add-ignore-recommends 'c'
++# Verify that only 'a' (2.0) is installed
++#
++
++import os
++import opk, cfg, opkgcl
++
++opk.regress_init()
++o = opk.OpkGroup()
++
++o.add(Package='a', Recommends='c', Version='1.0')
++o.add(Package='b', Depends='c')
++o.add(Package='c')
++o.write_opk()
++o.write_list()
++
++opkgcl.update()
++
++opkgcl.install('a', '--add-ignore-recommends c')
++
++if not opkgcl.is_installed('a'):
++	opk.fail("Package 'a' installed but reports as not installed.")
++
++if opkgcl.is_installed('c'):
++	opk.xfail("[libsolv<0.7.3] Package 'c' should not have been installed since it was in --add-ignore-recommends.")
++
++opkgcl.remove('a')
++opkgcl.install('a b', '--add-ignore-recommends c')
++
++if not opkgcl.is_installed('a'):
++	opk.fail("Package 'a' installed but reports as not installed.")
++
++if not opkgcl.is_installed('b'):
++	opk.fail("Package 'b' installed but reports as not installed.")
++
++if not opkgcl.is_installed('c'):
++	opk.fail("Package 'c' should have been installed since 'b' depends on it.")
++
++opkgcl.remove('b c', '--force-depends')
++o.add(Package='a', Recommends='c', Version='2.0')
++o.write_opk()
++o.write_list()
++
++opkgcl.update()
++
++opkgcl.upgrade('a', '--add-ignore-recommends c')
++
++if not opkgcl.is_installed('a', '2.0'):
++	opk.fail("Package 'a (2.0)' installed but reports as not installed.")
++
++if opkgcl.is_installed('c'):
++	opk.fail("Package 'c' should not have been installed since it was in --add-ignore-recommends.")
+-- 
+2.17.1
+

meta/recipes-devtools/opkg/opkg_0.3.6.bb

@@ -15,6 +15,7 @@ SRC_URI = "http://downloads.yoctoproject.org/releases/${BPN}/${BPN}-${PV}.tar.gz
            file://opkg.conf \
            file://0001-opkg_conf-create-opkg.lock-in-run-instead-of-var-run.patch \
            file://0001-remove_maintainer_scripts-use-strict-matching.patch \
+           file://0001-libopkg-add-add-ignore-recommends-option.patch \
 "
 
 SRC_URI[md5sum] = "79e04307f6f54db431c251772d7d987c"

meta/recipes-devtools/pseudo/pseudo_git.bb

@@ -8,7 +8,7 @@ SRC_URI = "git://git.yoctoproject.org/pseudo \
            file://toomanyfiles.patch \
            "
 
-SRCREV = "6294b344e5140f5467e6860f45a174440015304e"
+SRCREV = "3fa7c853e0bcd6fe23f7524c2a3c9e3af90901c3"
 S = "${WORKDIR}/git"
 PV = "1.9.0+git${SRCPV}"
 

meta/recipes-devtools/python/python-native/0001-python-native-fix-one-do_populate_sysroot-warning.patch

@@ -0,0 +1,39 @@
+From 12292444e1b3662b994bc223d92b8338fb0895ff Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Thu, 25 Oct 2018 07:32:14 +0000
+Subject: [PATCH] python-native: fix one do_populate_sysroot warning
+
+Fix below warning:
+WARNING: Skipping RPATH /usr/lib64 as is a standard search path for
+work/x86_64-linux/python-native/2.7.15-r1.1/recipe-sysroot-native/
+usr/lib/python2.7/lib-dynload/_bsddb.so
+
+setup.py will check db.h under include_dirs, for native build,
+/usr/lib64 will be insert to postion 0 of include_dirs, so
+it's priority is higher then our sysroot, cause db.h sysroot
+is ignored, and rpath set to /usr/lib64. and this cause warning
+when do_populate_sysroot. use append to fix it.
+
+Upstream-Status: Inappropriate [oe-specific]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ setup.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/setup.py b/setup.py
+index 7bf13ed..6c0f29b 100644
+--- a/setup.py
++++ b/setup.py
+@@ -40,7 +40,7 @@ def add_dir_to_list(dirlist, dir):
+     1) 'dir' is not already in 'dirlist'
+     2) 'dir' actually exists, and is a directory."""
+     if dir is not None and os.path.isdir(dir) and dir not in dirlist:
+-        dirlist.insert(0, dir)
++        dirlist.append(dir)
+
+ def macosx_sdk_root():
+     """
+-- 
+2.18.0
+