Squashed 'yocto-poky/' changes from 7b86c77..c8a4ed9

b1f23d1 build-appliance-image: Update to jethro head revision
7fe17a2 qemu: Security fix CVE-2016-2198
50700a7 qemu: Security fix CVE-2016-2197
1f0e615 libgcrypt: Security fix CVE-2015-7511
dc5f155 uclibc: Security fix CVE-2016-2225
ef13511 uclibc: Security fix CVE-2016-2224
ae57ea0 libbsd: Security fix CVE-2016-2090
eb9666a glibc: Security fix CVE-2015-7547
5b12268 build-appliance-image: Update to jethro head revision
a3a374a curl: Secuirty fix CVE-2016-0755
f4341a9 curl: Security fix CVE-2016-0754
35f4306 nettle: Security fix CVE-2015-8804
3e8a07b nettle: Security fix CVE-2015-8803 and CVE-2015-8805
5ffc326 socat: Security fix CVE-2016-2217
5cc5f99 libpng: Security fix CVE-2015-8472
21a816c libpng: Security fix CVE-2015-8126
6a0fbfa foomatic-filters: Security fixes CVE-2015-8327
d57aaf7 foomatic-filters: Security fix CVE-2015-8560
941874a build-appliance-image: Update to jethro head revision
d74a3cb cross-localedef-native: add ABI breaking glibc patch
12fae23 build-appliance-image: Update to jethro head revision
67ac9d6 e2fsprogs: Ensure we use the right mke2fs.conf when restoring from sstate
5812fc9 build-appliance-image: Update to jethro head revision
3de2492 ref-manual: Updated host package install requirements CentOS
79de8cf toaster-manual: Updated the "Installation" to have TOASTER_DIR information
a23d262 toaster-manual: Updated instructions for production setup.
b6def81 linux-yocto: Update SRCREV for genericx86* for 4.1, fixes CVE-2016-0728
db0f8ac linux-yocto: Update SRCREV for genericx86* for 3.19, fixes CVE-2016-0728
c8122a0 linux-yocto: Update SRCREV for genericx86* for 3.14, fixes CVE-2016-0728
cdeb241 meta-yocto-bsp: Remove uvesafb (v86d) from generic x86 features
52cd219 yocto-bsp: Set SRCREV meta/machine revisions to AUTOREV
a88d6cb yocto-bsp: Set KTYPE to user selected base branch
4e74b36 yocto-bsp: Avoid duplication of user patches ({{=machine}}-user-patches.scc)
6680773 yocto-bsp: Default kernel version to 4.1 on x86_64
4c075e7 piglit: don't use /tmp to write generated sources to
ee52ac6 gen-lockedsig-cache: fix bad destination path joining
e9f95df linux-yocto: Update SRCREV for qemux86* for 4.1, fixes CVE-2016-0728
e63bab1 linux-yocto: Update SRCREV for qemux86* for 3.19, fixes CVE-2016-0728
64a4920 linux-yocto: Update SRCREV for qemux86* for 3.14, fixes CVE-2016-0728
5b043da libpng12: update URL that no longer exists
655c8a5 libpng: update URL that no longer exists
96fda8c busybox: fix build of last applet
ae037d9 ghostscript: add dependency for pnglibconf.h
26eb877 gcr: Require x11 DISTRO_FEATURE
e632cdb uClibc: enable utmp for shadow compatibility
e8c9613 git: Security fix CVE-2015-7545
108ea6d glibc-locale: fix QA warning
9a88c1d grub: Security fix CVE-2015-8370
443b09a gdk-pixbuf: Security fix CVE-2015-7674
6c91068 librsvg: Security fix CVE-2015-7558
9fd2349 bind: Security fix CVE-2015-8461
5a40d9f bind: Security fix CVE-2015-8000
1bbf183 libxml2: Security fix CVE-2015-8710
2ec6d1d libxml2: Security fix CVE-2015-8241
55aafb5 dpkg: Security fix CVE-2015-0860
029948b tzdata: update to 2016a
2bcf141 tzcode: update to 2016a
cc3a391 kernel-yocto: fix checkout bare-cloned kernel repositories
049be17 libpcre: bug fixes include security
5e94ac7 qemu: Security fix CVE-2015-7295
7ee1828 qemu: Security fix CVE-2016-1568
ca6ec2e qemu: Security fix CVE-2015-8345
b55a677 qemu: Security fix CVE-2015-7512
4922f47 qemu: Security fix CVE-2015-7504
3ec0e95 qemu: Security fix CVE-2015-8504
942ce53 openssl: Security fix CVE-2016-0701
ce8ae1c openssl: Security fix CVE-2015-3197
080e027 tiff: Security fix CVE-2015-8784
c6ae9c1 tiff: Security fix CVE-2015-8781
049b7db bind: CVE-2015-8704 and CVE-2015-8705
d632a92 rpmresolve.c: Fix unfreed pointers that keep DB opened
5b993ed openssh: CVE-2016-1907
27ee5b4 glibc: CVE-2015-8776
a4134af glibc: CVE-2015-9761
e10ec6f glibc: CVE-2015-8779
a5a965d glibc: CVE-2015-8777.patch
2fb7ee2 bitbake: toaster: make runbuilds loop
b9ad87b nativesdk-buildtools-perl-dummy: Bump PR
0a1c63a nativesdk-buildtools-perl-dummy: properly set PACKAGE_ARCH
d4b400e nativesdk-buildtools-perl-dummy: fix rebuilding when SDKMACHINE changes
8c8c4ed Revert "gstreamer1.0-plugins-good.inc: add gudev back to PACKAGECONFIG"
b832202 Revert "gstreamer: Deal with merge conflict which breaks systemd builds"
dd0ba9e build-appliance-image: Update to jethro head revision
325d205 gstreamer: Deal with merge conflict which breaks systemd builds
53b114b build-appliance-image: Update to jethro head revision
02be35d poky.conf: Bump version for 2.0.1 jethro release
f5551f8 ref-manual: Updated the list of supported image types.
aa179ae dev-manual: Added three new wic option descriptions.
20007c8 dev-manual: Added the --overhead-factor wic option description.
2dd7f46 dev-manual: Added the --extra-space wic option description.
81cc737 dev-manual: Added wic --notable option description.
2b1dce5 dev-manual:
a6f5293 kernel/kernel-arch: Explicitly mapping between i386/x86_64 and x86 for kernel ARCH
e79a538 openssh: update to 7.1p2
b171076 devtool: reset: do clean for multiple recipes at once with -a
255115f devtool: sdk-update: fix error checking
3f69105 devtool: sdk-update: fix metadata update step
5ba94af devtool: sdk-update: fix not using updateserver config file option
d03d145 classes/populate_sdk_ext: disable signature warnings
00ff950 classes/populate_sdk_ext: fix cascading from preparation failure
22446c6 scripts/oe-publish-sdk: add missing call to git update-server-info
8597a61 devtool: use cp instead of shutil.copytree
95cc641 buildhistory: fix not recording SDK information
84d48ac recipetool: create: fix error when extracting source to a specified directory
4369329 recipetool: create: detect when specified URL returns a web page
4c3191f recipetool: create: prevent attempting to unpack entire DL_DIR
caca77e recipetool: create: fix do_install handling for makefile-only software
383159e recipetool: create: avoid traceback on fetch error
be40baa recipetool: create: handle https://....git URLs
a897bfd devtool: sdk-update: fix traceback without update server set
9c4b61e classes/populate_sdk_ext: error out of install if buildtools install fails
4c07dd2 gstreamer1.0-plugins-good.inc: add gudev back to PACKAGECONFIG
83b72d8 linux-yocto: Update Genericx86* BSP to 4.1.15 kernel
44639bd libaio: don't disable linking to the system libraries
a0be9bd linux-yocto/4.1: update to v4.1.15
53f0290 libxml2: security fix CVE-2015-5312
f4b0c49 libxml2: security fix CVE-2015-8242
fb409c9 libxml2: security fix CVE-2015-7500
55d097a libxml2: security fix CVE-2015-7499
8e6b2d6 libxml2: security fix CVE-2015-7497
332eb1d libxml2: security fix CVE-2015-7498
cbc4e83 libxml2: security fix CVE-2015-8035
c4b71e1 libxml2: security fix CVE-2015-7942
fdea03d libxml2: security fix CVE-2015-8317
6fc1109 libxml2: security fix CVE-2015-7941
9eb4ce0 openssl: fix for CVE-2015-3195
6880f82 openssl: fix for CVE-2015-3194
7dcaa84 openssl: fix for CVE-2015-3193
435139b logrotate: do not move binary logrotate to /usr/bin
5f49c0a cairo: fix license for cairo-script-interpreter
a29ec81 glibc: Fix ld.so / prelink interface for ELF_RTYPE_CLASS_EXTERN_PROTECTED_DATA
b1e980f gcc: Update default Power GCC settings to use secure-plt
ed82690 prelink: Fix various prelink issues on IA32, ARM, and MIPS.
9a620da autotools: Allow recipe-individual configure scripts
f828071 toolchain-scripts.bbclass: unset command_not_found_handle
49858bd devtool: upgrade: fetch remote repository before checking out new revision
d213452 devtool: upgrade: remove erroneous error when not renaming recipe
fec97f6 devtool: upgrade: fix updating PV and SRCREV
3b4f659 devtool: upgrade: fix removing other recipes from workspace on reset
61a7de0 devtool: include do_patch in SRCTREECOVEREDTASKS
82c0072 toolchain-shar-extract.sh: do not allow $ in paths for ext SDK
f181e72 scripts/gen-lockedsig-cache: improve output
4b5d4ca toolchain-shar-extract.sh: proper fix for additional env setup scripts
d2ea8f1 toolchain-shar-relocate: don't assume last state of env_setup_script is good
02ef437 populate_sdk_ext.bbclass: Be more permissive on the name of the buildtools
3653b17 classes/populate_sdk_ext: fail if SDK_ARCH != BUILD_ARCH
8879571 classes/populate_sdk_ext: tweak reporting of workspace exclusion
eeda3c6 classes/populate_sdk_ext: make it clear when SDK installation has failed
dee9fbe classes/populate_sdk_ext: tidy up preparation log file writing
d001d46 classes/license: fix intermittent license collection warning
777451c classes/metadata_scm: fix git errors showing up on non-git repositories
cb0ca72 oeqa/selftest/layerappend: fix test if build directory is not inside COREBASE
8970ad6 oeqa/selftest/devtool: fix test if build directory is not inside COREBASE
4f7fdd0 classes/distrodata: split SRC_URI properly before determining type
3b7df55 uninative.bbclass: Choose the correct loader based on BUILD_ARCH
f3d7c3f openssl: sanity check that the bignum module is present
96b1b5c glibc: Backported a patch to fix glibc's bug(18589)
7aecb57 directfb.inc: force bfd linker for armv7a
75ca2c8 texinfo: don't create dependency on INHERIT variable
02c7b3f package_manager.py: define info_dir and status_file when OPKGLIBDIR isn't the default
003c94f libsdl2: require GLES when building Wayland support
ad6db01 gst-plugins-bad: add PACKAGECONFIGs for voamrwbenc, voaacenc, resindvd
f0d87fe gstreamer1.0-plugins-good: fix PACKAGECONFIG for gudev and add one for v4l2 and libv4l2
35f34a6 gstreamer1.0-plugins-bad: fix dependencies for uvch264 PACKAGECONFIG
3b77e20 gstreamer1.0-plugins-{base,good}: update PACKAGECONFIGs
e2d4412 libunwind: fix build for qemuarm
ef69078 guile, mailx, gcc, opensp, gstreamer1.0-libav, libunwind: disable thumb where it fails for qemuarm
4700e40 icu: force arm mode
743ee04 libxcb: Add a workaround for gcc5 bug on mips
8a3deca bitbake: fetch: use orig localpath when calling orig method
0073b23 yocto-bsp: Typo on the file extension
71dbbcd bsp-guide: Updated the license statement.
41f1026 dev-manual: Correction to the KVM stuff in the runqemu commands.
38e3c6e mega-manual: Added four new figures for GUI example.
b99ec28 poky.ent: Fixed POKYVERSION variable.
c670dc7 yocto-project-qs, ref-manual, poky.ent: CentOS Package updates
b968190 dev-manual: Updated runqemu command options list
1278753 toaster-manual: Removed SDKMACHINE from the json file example.
7b25b70 ref-manual: Updated list of supported distros.
d9423fb ref-manual: Updated the GCC 5 migration section for 2.0
347347a bitbake: lib/bb/utils: improve edit_bblayers_conf() handling of bblayers.conf formatting
5935783 bitbake: lib/bb/utils: fix error in edit_metadata() when deleting first line
7fdad70 rpcbind: Security Advisory - rpcbind - CVE-2015-7236
0cb2fa5 subversion: fix CVE-2015-3187
5b52e9b subversion: fix CVE-2015-3184
59bdde4 linux-firmware: rtl8192cx: Add latest available firmware
8ad2bcc init-install-efi: fix script for gummiboot loader
c3087bd init-install-efi: fix script for eMMC installation
d2bf9fb pulseaudio: Fix HDMI profile selection
0556c58 allarch: Force TARGET_*FLAGS variable values
e683dac libsndfile: fix CVE-2014-9756
092757e libxslt: CVE-2015-7995
dab5555 unzip: rename patch to reflect CVE fix
1753d4a readline: rename patch to contain CVE reference
9dd3422 libarchive: rename patch to reflect CVE
1401976 binutils: Fix octeon3 disassembly patch
a54a0db opkg: add cache filename length fixes
fc45dea build-appliance-image: Update to jethro head revision
e14498b meta-yocto/distro: Updated SANITY_TESTED_DISTROS.
01bba74 meta-yocto/distro: Updated SANITY_TESTED_DISTROS.
e1aa897 build-appliance-image: Update to jethro head revision
96cab33 unzip: CVE-2015-7696, CVE-2015-7697
1b2a942 vte: fix DoS from malicious escape sequence (CVE-2012-2738)
370a291 build-appliance-image: Update to jethro head revision
00911c9 linux-yocto_4.1: Update SRCREV for genericx86*
c86957a glibc: Allow 64 bit atomics for x86
b02c5f6 local.conf.sample: Disable image-prelink by default
1630dbb ref-manual: Applied a correction to the GCC 5 migration 2.0 section.
37677d6 ref-manual: Updated ADT Installer Extras
a79e303 kernel-dev: Added cross-reference to .config information
e03b19b ref-manual: Applied review updates to 2.0 migration section.
a0791c1 bitbake: toasterui: Create per-build logs
290534d bitbake: build/utils: Add BB_TASK_IONICE_LEVEL support
3ebf761 bitbake: cooker: Ensure BB_CONSOLE remains correct over server resets
5b19b71 bitbake: bb/ui: Use getSetVariable command for BB_CONSOLELOG
acc7b4d bitbake: command: Add getSetVariable command
c8051c5 bitbake: bitbake-user-manual: Added new description for BB_TASK_IONICE_LEVEL
183290a bitbake: bitbake-user-manual: Added BBTARGETS variable description.
66d3c35 bitbake: toaster: templates Add meaningful title tags
5724b2a perl: Remove errornous extra path-specs for Module::Build based modules
884cf7a perl: Correct path for vendorlib, vendorarch, sitelib and sitearch
2d0c499 perl: fix Perl5 module builds
24cfcc4 runqemu-export-rootfs: update location of unfsd binary
da386d3 gtk-icon-cache: pass the native libdir to the intercept
63a0311 connman: Move wired-setup to ${datadir}
1c3c76d useradd-staticids.bbclass: Do not require trailing colons
8a0d8ee toaster manual: Updated the set up and use chapter
f19b52c ref-manual: Updates to the 1.8 to 2.0 Migration section.
b73da6b toaster-manual: Added new Toaster functionality descriptions.
947e156 ref-manual: Updated the rootfs*.bbclass description.
62e200e bitbake: toaster: orm Fix restrictive LogMessage message length
78f935d bitbake: toaster: Remove all navigation when not in build mode
c5f147b bitbake: toaster: Run tests in build mode
1d17109 bitbake: toaster: Hide builds for non-cli projects in analysis mode
a580479 bitbake: toaster: Hide top bar buttons in analysis mode
1ec2ec3 bitbake: toaster: Show mode-appropriate landing page
bbac0f0 bitbake: toaster: Add BUILD_MODE flag to context
851f0d8 bitbake: toaster: add get_or_create_targets API
dcd9cd0 bitbake: fetcher: svn: Add support for checkout to a custom path
4ab7202 bitbake: cooker: preserve pre and post configs
fdfdfc8 oeqa/utils/decorators: fix missing keyword arguments on decorators
a2d5b7a classes/gtk-icon-cache: don't pass STAGING_LIBDIR_NATIVE to intercepts
5171329 intercepts/update_icon_cache: use STAGING_DIR_NATIVE from environment
d18d902 lib/oe/rootfs: tell intercepts where the native sysroot is
9336e1f subversion: add explicit dependency on file-replacement-native for native builds
19358d0 rpm: add explicit dependency on file-replacement-native for native builds
698c3de file: don't replace host file when built natively
83a2bde sanity: check that the host has file installed
43c46e9 bitbake: add file-native to ASSUME_PROVIDED
2925cd9 Revert "runqemu-export-rootfs: update location of unfsd binary"
d023d99 populate_sdk_base: Ensure PKGDATA_DIR exists
9b956c4 Perl: Use CC version not $Config(gccversion)
0f75740 wic/utils/oe/misc.py: Preserve PATH when running native tools
273bcb4 mtools_4.0.18.bb: Use create_wrapper() for mcopy
031d464 scripts/oe-pkgdata-util: Fix variable name in error handling
d8d4ce7 Add 850 codepage to uninative-tarball
c1d5e89 e2fsprogs: backport a patch to fix filetype for hardlink
426a9b7 oeqa/selftest: Added testcase decorators.
835525c runqemu-ifup: Check if the tap interface is set up correctly
b13c0be qemurunner: Show the output of runqemu script
9846275 runqemu-internal: Enable support for use virtio devices.
304c956 linux-yocto{, -rt}: Enable support for virtio drivers in qemu machines.
eebcbe1 runqemu: Enable support for kvm without vhost in x86 and x86_64
135d094 prserv.bbclass: remove it since it is null
c509c78 initscripts/sysfs.sh: Mount devtmpfs on /dev/ if needed
022f8cc image-mklibs.bbclass: update i586 TARGET_ARCH test to i*86
d492a70 base.bbclass: considering multilib when setting LICENSE_EXCLUSION
54b7471 gcc-target.inc: Add support for executable thats may have a suffix
0d69a171 cairo: backport fix for compatibility with OpenGL ES 2.0
64b5e3e mesa-demos: fix deadlock in sharedtex_mt
dc8495f bzip2: fix bunzip2 -qt returns 0 for corrupt archives
5bf1430 gnome-desktop: add xkeyboard-config dependency
48443cc gtk+3: Do not try to initialize GL without libgl
59fdbae classes/insane: rename invalid-pkgconfig QA check to invalid-packageconfig
73e1d33 uclibc: Implement syncfs and AT_EMPTY_PATH for all and O_PATH for arm
2e4575d systemd: Fix build with uclibc
40911f4 libtirpc: Fix a bug exposed by uclibc
d90d3e8 libpam: Fix build with uclibc
32c8625 coreutils: Do not use host paths in getloadavg.m4
20b7d87 coreutils-6.9: Add missing dependency on virtual/libiconv
8bb6436 uclibc: Fix build with gcc5
e5e8fce libtirpc: Refresh uclibc patches
fd66dd1 rpcbind: Fix build with uclibc
369c536 scripts/oe-publish-sdk: create directory before making git repo
8a555fe rootfs.py: add more info to the warning message
787253f package signing: automatically export public keys
579e254 package_manager: fail if signed feeds are enabled for ipk or dpkg
835e755 Add new bbclass for package feed signing
822844d sign_rpm.bbclass: make RPM_GPG_NAME a mandatory setting
48d60fc sign_rpm.bbclass: be more verbose in case of error
dbb9af6 package_manager: support GPG_PATH variable
b682fca sign_rpm.bbclass: introduce GPG_PATH variable
8ccbc26 apr: remove conflict with ccache
5e42593 linux-yocto: nf_tables: Add nf_tables feature
1c2fdd9 linux-yocto/3.19: fix ARM boot with gcc5.x
3bab714 linux-yocto: skip kernel meta data branches when finding machine branch
1561d0d kern-tools: avoid duplicate .scc file processing
47dcee2 linux-yocto/4.1: drm/i915: Fix the VBT child device parsing for BSW
380f2c6 linux-yocto: axxia configuration updates
505a826 build-appliance-image: Update to jethro head revision
7d30d67 ref-manual: Updated the allarch class description.
a8674ae ref-manual: Updated the MACHINE_ESSENTIAL_EXTRA_RRECOMMENDS variable
e7c8c79 ref-manual: Added the 1.8 to 2.0 migration section.
cd48ccc dev-manual: Added notes to clarify use of pkg-config
dc9e4cb ref-manual: Added correct class name as part of pkgconfig description
5bc8fa6 ref-manual: Fixed typo in 1.6 migration section for BitBake
2fe3809 ref-manual, dev-manual: Applied feedback to edit several classes
359b7fb ref-manual: Added three PACKAGE_FEED_* variable descriptions
2f4e90c toaster-manual: Updated the json file example bits to be current
66653cb ref-manual: Updated the image-swab.bbclass description
d66cf20 toaster-manual: New section on PREFERRED_VERSION
4b9daa8 ref-manual: Added many new class descriptions.
ae0d508 toaster-manual: Added note for creating virtual environment
98d7d24 toaster-manual: Updates to example toasterconf.json file
b263a3e dev-manual: Added CentOS packages to enable runtime tests on QEMU
9abc72c adt-manual: Fixed PMS typo
2e7d650 ref-manual: Updates to clarify Fetcher URL directory parameters
7facee6 toaster-manual: Updated the section for setting up virtual env.
10970a6 dev-manual: Added package requirements for runtime QEMU testing
acacf6b ref-manual: Added linuxloader.bbclass reference description.
8fc90a7 Makefile: Updated the make file to not create toaster-manual pdf
0889848 dev-manual: Updated devtool build --help example
1944d28 documentation: Updated files to support 2.0 release.
8d2a6f0 toaster-manual: Removed "dizzy" and replaced with "jethro"
3bff581 ref-manual: Added descriptions for 5 new variables and 2 tasks.
a87268e dev-manual: Updated the Marking Packages information.
1c7f462 ref-manual: Added oe-seltest package requirements sections.
3d82046 adt-manual: Updated the build toolchain section with more detail.
54b4aff adt-manual: Updated some hard-coded distro values
196210f dev-manual: Updated the multilib example.
3930f04 ref-manual: Updated the EXCLUDE_FROM_SHLIBS description
0d1c86b ref-manual: Updated EXCLUDE_FROM_SHLIBS description.
eea7521 ref-manual: Updated distrodata.bbclass example
2eaf843 ref-manual: Added new description for PACKAGE_EXCLUDE_COMPLEMENTARY
97298fb dev-manual: Fixed typo in path for wic plugins
05d8101 ref-manual: Added new EXCLUDE_FROM_SHLIB variable
316d432 ref-manual: Added new variable description for SKIP_FILEDEPS
a1b25e6 yocto-project-qs, ref-manual: Replaced "yum" with "dnf"
d284fba ref-manual: Added cross-reference phrase to some variables
5a226f7 dev-manual: Changed multilib example
6ca549f dev-manual: Added note about building out Autotools projects
92b26ad archiver.bbclass: Fixes and improves archiver class for kernel and gcc packages
2d00803 oeqa/selftest: improve config writing and cleanup
1881564 oeqa/selftest/wic: remove numbers from test names
2ac34d2 oeqa/selftest: clean up selftest.inc in teardown
a66ed33 oeqa/selftest/wic: fix cleaning
b67b1a4 oeqa/selftest/wic: corrected testcase decorator for test18_iso_image
e191120 oeqa/selftest: verify that devtool can use plugins in other layers
b8a9728 oeqa/selftest/buildoptions: Use the correct script for cleaning the workdir
94decbc oeqa/selftest/bbtests: Updated bitbake TCs
322c324 oeqa/selftest/bbtests: clean up local DL_DIR/SSTATE_DIR safely
cf311a7 oeqa/utils/ftools: From functions that expect data, check if None
900639c oeqa/utils/ftools: Ignore the exception if file does not exist
2e91cbd oeqa/selftest/manifest.py: Test support for manifests
c9bef34 useradd_base.bbclass: Do not warn without a reason
accb59e qemu: disable Valgrind
ac1bc7d i2c-tools: fix inverted RDEPENDS
35c043b rpm: remove spurious build dependencies
41cbfd7 gcc-5.2: Fix various _FOR_BUILD and related variables
a27da70 sudo: fix file permission for /etc/pam.d/sudo
abeaed9 openssh: fix file permission for /etc/pam.d/sshd
96a5cfd sanity.bbclass: expand warning when chmod fails
409e6e0 populate SDK: prepare calling of bb.utils for exceptions
db55d31 devtool: handle virtual providers
8578bc1 libc-package: Fix localedef multilib dependency issues
0942aff toolchain-shar-extract.sh: print full-length title underline
9630fc1 classes/populate_sdk_ext: detect and warn if running in OE environment
254ff38 classes/populate_sdk_ext: add note to env setup script
9a81ba7 classes/populate_sdk_ext: prevent image construction from executing on install
ec5ec35 classes/populate_sdk_ext: consistent indentation
b8f7042 oeqa/runtime: Fix setUp and tearDown methods
3327401 oetest: Add tearDownLocal class
3b7853a test-empty-image: rename from core-image-empty
5febb1d scripts/gen-lockedsig-cache: fix race with temp file creation
3b5d6ff image-live: make SYSLINUX_ROOT changable in image recipes
5009966 toolchain-shar-extract.sh: provide proper path for env_setup_script
ae7703f classes/base: provide hints on PACKAGECONFIG error
5a02ec2 devtool: extract: fix error handling
3aac110 metadata_scm: rewrite git hash logic
59668f2 linux-yocto-custom: fix typo in Upstream-Status tag
c52dcb0 grub-efi, gummiboot: Emit correct path in startup.nsh
f9d29ab coreutils: fix for native and nativesdk
b1a7405 gcc-4.x: fix wrong warning when using the universal zero initializer {0}
402723e tzdata: reinstate changes reverted in 2014c upgrade
3770461 build-compare: drop PATCHTOOL setting
4846260 common-licenses: use correct GFDL-1.1 license text
a9053ac bitbake: toaster: Add tests for error message display on the build dashboard
2517987 bitbake: toaster: Modify "New build" button behaviour for cli builds project
56d4c84 bitbake: toaster: Clean up template code
d96cedf bitbake: toaster: More linting of tests
7c8877e bitbake: toaster: Show tooltip next to cli builds project name in all builds
7670234 bitbake: toaster: Hide tabs and add info popups for command line builds
da4c614 bitbake: toaster: Make the builds view the project page for "command line builds"
ef6fc2b bitbake: toaster: Replace "Run again" button with help text for cli builds
7467b68 bitbake: toaster: Exclude "command line builds" project from projects typeahead
b5624c7 bitbake: toaster: Show 'not applicable' for default project machine and release
3c4c984 bitbake: toaster: Reorganise and lint tests
3ba43f2 bitbake: fetch2/hg: Include missing errno import
6fa3fec bitbake: cooker: normalize build targets
5effe8f bitbake: toaster: Allow any text input to machine configuration variable
320d05e bitbake: toaster: exit or return depending on the mode
2e2e40c bitbake: toaster: set TOASTER_MANAGED variable
a73895e bitbake: toaster: get rid of SRCFILE
779539c bitbake: toaster: use path to the script to guess config path
eb8b2b9 bitbake: toaster: Guard against builds with no targets
65e8bde bitbake: toaster: Remove Toaster exceptions section of build dashboard
93f0b61 bitbake: toaster: Record critical errors
069a611 bitbake: toaster: Test that exception isn't thrown by project page
026e981 bitbake: toaster: Check whether buildrequest exists before using it
1feeb8e bitbake: toaster: Always run bldcontrol migrations
ae82d77 bitbake: toaster: buildinfohelper Detect command line builds
596c219 bitbake: toaster: Disable add layer button when input is empty
24e5a17 bitbake: toaster: Have 'Version' next to recipe name
c895838 bitbake: toaster: Improve directory structure layout
2f52ef4 bitbake: toaster: importlayer Update property names for importlayer api calls
556c0ea lib/oe/image.py: Fix dependency handling for compressed types
d302c98 bitbake: toaster: Fix missing tooltips from layers on project configuration page
7e5464b bitbake: toaster: Fix broken test case
2e375e6 bitbake: toaster: exclude recipes with empty names
fa3e82d bitbake: toaster: delete recipe if it can't be saved
82675fc bitbake: toaster: Remove project name from latest project builds
6aeaca1 bitbake: toaster: test get_alldeps API
0fb6be0 bitbake: toaster: fix orm tests
dea679a bitbake: toaster: fix NameError
6e0c0fd bitbake: toaster: use get_alldeps in layerdetails renderer
bd2ec77 bitbake: toaster: implement API to get full list of deps
05594f8 bash: Disable custom memory allocator
adbbab7 icu: fix install race
b1d0aab webkitgtk, gcr, libsecret: force ARM mode
67d6500 gtk+3: gtk3-demo needs libgl
f385ed1 lib/oe/distro_check: Remove '_proxy' on dict values used by urllib.open
4bf7b7d cups: fix non-deterministic xinetd behaviour
32dbf71 cronie: clean up bugtracker info
6396d6a irda-utils: clean up bugtracker info
8d5878b screen: fix CVE-2015-6806
acdc2db kbd: provide a workaround for build failures
67959b9 machine/qemu: Fix OpenGL/GLX support with xserver-xorg.
fedff4f busybox.inc: remove redundant @DATADIR@ replacement
78b9d2d insane.bbclass: remove misleading path in warning
8995a30 iptables: only check libnetfilter-conntrack when libnfnetlink is enabled
e35c404 bitbake: toaster: Don't descend into directories for cached_layers
d9528d9 toasterconf: update meta-yocto to jethro and drop dizzy
2d6701f bitbake: toaster: Update JS unit tests
ab896df bitbake: toaster: Fix stale layer state buttons
41a5f82 bitbake: toaster: tables Add the recipe filter back into the Recipe table
2bebcd4 bitbake: toaster: Fix typo in returning pk list of layer versions in current project
d6d680d bitbake: toaster: layerdetails update build recipe button class name
7794b57 bitbake: toaster: Hide "Download build log" button if log doesn't exist
8c69539 bitbake: toaster: fix naming for clone directory
41286f4 bitbake: toaster: buildinfohelper Skip packages we have no build info about
97d0006 bitbake: toaster: buildinfohelper associate build data with built_recipe
0dcc963 bitbake: toaster: remove bashisms so script works in dash as well
8068aa3 bitbake: toaster: get rid of interactivity in bldcontrol
7d7823e bitbake: toaster: check for configuration file and exit if not found
315989c bitbake: toaster: remove layer and build dir interactive questions
489d5ff bitbake: toaster: removed superuser question from startup
c7d1dab bitbake: toaster: orm Machines filter don't pass self in as parameter
dd957fe bitbake: toaster: Rationalise mimetype guessing to fix artifact downloads
ce9011a bitbake: toaster: Use Python's mimetypes module
466bbec bitbake: toaster: display warnings for bad "IMAGE_FSTYPES" values
8b7d846 bitbake: toaster: Set default columns in recipes tables
9daf6ef bitbake: toaster: Comment out broken sorting and filters
b661f53 bitbake: toaster: Don't HTTP cache ToasterTable responses
a3742a0 bitbake: toaster: Don't add new history entries when table data loads
fa68ae0 bitbake: toaster: use meaningful logging levels
bd8b27b bitbake: toaster: ignore ReachableStamps event
ceeb52a linux-yocto: Update SRCREV for genericx86* BSPs
7766265 os-release: fix do_compile() when RPM signing is enabled
9a02df0 readline: actually apply readline63-003 (aka CVE-2014-2524)
a856580 rpm: fix return without value in patch
49bf4b1 Revert "qemu-native: Enable temporary debug info as default."
ad8c021 linux-yocto/4.1: drm/i915 backports
48e5579 oeqa/utils/qemurunner: Add support for Unicode from qemu
1f99452 report-error.bbclass: Support Unicode reports
b25af33 udev: add PROVIDES = "libgudev"
a0d9d2d lib/oe/image.py: Add image generation for companion debug filesystem
8ee9a93 package_manager.py: sort output of OpkgPkgsList().list
37c54af ThunderX: Add initial tune file
a0e7311 tzdata: update to 2015g
931dda4 tzcode: update to 2015g
8cacd22 recipetool: create: fix change in path structure if --extract-to path exists
e961688 devtool: update-recipe: avoid updating patches that have not changed
07fc8c2 oe-selftest: wic: fix LocalSetup
eac61f3 build-appliance-image: Update to jethro head revision
c9bdcf5 oeqa/runexported: Replaced optionparser with argparse.
038ae3f systemd: remove glib-2.0 build dependency
0516cd2 webkitgtk: Add some PACKAGECONFIG options.
dff30d2 fontcache: allow to pass extra parameters and environment to fc-cache
d5ce2f5 webkitgtk: Use ON/OFF for cmake switches.
ebd5035 testimage: Added IO commands to dumps
b73a35e distro-alias.inc: Updated for jethro 2.0 release
b7f9cde build-appliance-image: Update to jethro head revision
cf8ad8d toaster: Special case the openembedded-core layer to avoid duplicates
20b888b build-appliance-image: Update to jethro head revision
8fb5a5a bitbake: bitbake/lib: Update version to 1.28.0
0eca7ff build-appliance-image: Update to jethro head revision
34fede6 poky.conf: Bump version for 2.0 jethro release
a7329e1 Revert "oeqa/runtime: Added one runtime testcase in connman."
c2e78e3 qemu: Drop BROKEN usage
e788961 smart:cache.py: getPackages() matches name + arch
f3e57ba devtool: modify: use correct local files directory name
7cb0765 xuser-account: Take over xuser specific D-Bus policy
cdaa8fd bluez5: Use upstream D-Bus policy
e4a4961 ptest: run-ptest not required to run do_install_ptest
12cd705 distrodata: Take account proxies on distrodata tasks
f047ee8 devtool: update-recipe: enable var history tracking
979de77 lib/oeqa/selftest/yoctobsp: Basic tests for yocto-bsp script
e20d8b8 scripts/lib/bsp/engine: Indent the karch properties when stored into a file
f2933cc yocto-bsp: Update templates to 4.1 kernel
8283a57 scrips/lib/bsp/engine: List properties to stdout when output parameter is omitted
b355a5e scripts/yocto-bsp: Exit successfully when asking for help
ad9ee3d meta-yocto-bsp: bump to linux-yocto 4.1 for the non-x86 BSPs
cdc57f6 bitbake: siggen: Make it clear why nostamp tasks signatures don't match
1630f0a bitbake: runqueue: Add handling of virtual/xxx provider mappings
0b96e6f bitbake: taskdata: Add a function to return the virtual/ mapping data
40fae32 bitbake: cookerdata: Rename BBPKGS -> BBTARGETS
1e467b3 bitbake: bitbake-worker: Guard against multiprocessing corruption of event data
e5b9c2a oeqa/selftest/wic: Use SetupLocal instead of Setup
4266cc9 kernel.bbclass: fix the bug of checking the existing sections in do_strip()
ec1146e linux-yocto_{3.14,3.19,4.1}: qemuarm enable virtio drivers
2ea0e4c runqemu-internal: qemuarm enable usage of virtio devices
a23239a gnome-doc-utils: xslt - don't install Makefiles
f671163 apr-utils: cleanup buildpaths for target stuffs
f68d739 apr: cleanup buildpaths from target stuffs
a7ac905 curl: cleanup buildpaths from curl-config
833bfd3 dropbear: fix key generation when systemd is in use and rootfs is readonly
d592abd image.bbclass: tweak the key location for dropbear when rootfs is readonly
299806d openssh: fix sshd key generation when systemd is in use and rootfs is readonly
006497e image.bbclass: when building a readonly rootfs, tweak ssh settings regardless of init system in use
f1e2515 lttng-tools: Drop KERNELDIR reference
381a7bd meta-ide-support: No need to mark as nostamp anymore
ab9d2bb adt-installer: No need to mark as nostamp
d8ab563 distutils3: Avoid MACHINE specific checksums
a0d6322 gstreamer-omx: Improve variable expansion of ${S}
c71bd57 bitbake.conf: Exclude sstate-outputdirs flag from checksums
f02cbc6 deploy: Mark deploy tasks as MACHINE specific
a0435bf layer.conf: Add SIGGEN exclusion for oprofile kernel dependency
f4a8917 layer.conf: Improve siggen exclusion to handle virtual/libc
6fe4fd2 multilib_global: Add handling of SIGGEN variables for multilib
2c19695 lib/oe/sstate: Add tasks_resolved handler for virtual/xxx mappings
ff17f14 oeqa/selftest/sstatetests: Add test that MACHINE doesn't change target sigs
d822764 meta-selftest: Add qemux86copy machine
6cfc7c0 oeqa/selftest/sstatetests: Add check for same sigs for SDKMACHINE
5dbd061 multilib.conf: Ensure MACHINE doesn't change target sigs
71fdb36 gcc-multilib-config: Ensure SDK_ARCH doesn't change target sigs
c9ea0c6 lib/oe/package_manager: Handle empty package list in opkg case
ec504e0 oeqa/utils/decorators: Append the testname without the full path
8fe5b48 kern-tools: fix multi-layer patch application
b054506 linux-yocto/4.1: braswell bug fixes
c6c093b linux-yocto/4.1: update to 4.1.8 -stable
a502a2d linux-yocto-rt/4.1: integrate axxia BSP
38f0ffa meta: fix build with gettext 0.16.1
56c0fdf hostap-utils: Use C99 stddefs in defining local typedefs
34707c2 linux-yocto-custom: Update for newer kernel
df09a6f oetest: Change logic of a failed test
7a6cb2e cwautomacros: cleanup buildpath in autogen.sh
1222eb1 oeqa/runexported: Fix a problem with ssh_target_log existing in folder.
cb93670 qemurunner: Sanitize output from qemu and qemu pid
ba0f6ca oeqa/testimage: Add ability to run single test from suite.
3e40688 recipes-extended: remove duplicate recipe and .wks
6f2047a runqemu-internal: Make sure two serial ports always exist
385a5e8 cross-canadian.bbclass: big-endian ARM is also gnueabi.
7c96fcf openssl: fix ptest failures
d9ce095 python-async: inherit setuptools
adb6987 util-linux: add runuser PAM config files to fix runuser error
9549f57 oeqa/decorators: Fixed a problem with decorator logs link.
790b6c7 oeqa/selftest/wic: Added testcase decorator to all testcases + fixed minor typos.
ffd4bd6 toolchain-shar-extract: Correct environment-setup script names for multilib
249b810 lsb: add lsbinitscripts and util-linux rdepends
c7548b5 systemd: add PACKAGECONFIG for qrencode
3b04553 opkg: create opkg.lock in /run instead of /var/run
c275627 toolchain-shar-relocate.sh: make it faster
434665d populate_sdk_base: Simplify postprocess commands
5bfcd13 classes/meta: Add DISTRO_FEATURES check for gtk+/gtk3+
5b629a9 devtool: modify: make bitbake use local files from srctree
e9bae50 devtool: better support for local source files
a74fa38 devtool: file mover function that creates target dir
109c09b devtool: update_recipe: refactor patch generation
c976028 devtool: update-recipe: add new patches in correct order
2f8440b oe-selftest: devtool: add method for checking repo status
0a9f59e oe-selftest: devtool: add method for checking srctree repo
afb0142 oe-selftest: devtool: add setup() method
31c3078 oe.patch.GitApplyTree: add paths argument to extractPatches
d5e2dd4 recipeutils: implement get_recipe_local_files()
4bc3f09 bitbake: toaster: move clones into subdirectory
9e1516d bitbake: toaster: make clone directory name unique
552fd83 bitbake: toaster: fix reimporting module
55dc927 bitbake: toaster: fix bug in resetting git repository
6939340 bitbake: toaster: use git reset --hard instead of rebase
3d73dfa bitbake: toaster: don't use --single-branch when cloning
226e7da bitbake: utils: only add layer once in edit_bblayers_conf()
d48b7ef bitbake: toaster: display most recent builds for projects
f902dc6 bitbake: toaster: orm remove the complicated querying on the ORM
fe29297 bitbake: Revert "bitbake: toaster: don't re-create Target objects"
e6d967d bitbake: toaster: buildinfohelper Create a copy of the built layer and recipe
17fe16b bitbake: toaster: tables show all recipes in the layerdetails even duplicates
aed6d2e bitbake: toaster: Prioroitise the layer more generic vcs reference over the sha
922503f bitbake: toaster: Create a relationship between build information and toaster layers
0bc0a44 bitbake: toaster: Special case the openembedded-core layer to avoid duplicates
e68f63a bitbake: toaster: Add test cases for new Image customisation features
d98c771 bitbake: toaster: Add Image customisation frontend feature
37948cc bitbake: toaster: Add ToasterTables for Image customisation feature
a3ff4b2 bitbake: toaster: Add new ReST API for Image Customisation feature
28153ac bitbake: toaster: Fix indentation of jsunittests view
60f3ddb bitbake: toaster: implement decorator for REST responses
a7f43bd bitbake: toaster: add toggle for enabling image customisation feeature
3ff6401 bitbake: toaster: Add CustomImageRecipe model
8948d04 bitbake: toaster: ToasterTable remove unused class definition
c1157cf bitbake: toaster: add nocache option to the ToasterTable widget
1cafc39 bitbake: toaster: widgets ToasterTable Add more info to search field exception
c71bbad bitbake: toaster: widgets ToasterTable add logger to notify when cache hit
934f8d7 bitbake: toaster: create custom layer and recipes for Image customisation
340b398 bitbake: toaster: tables Move the title and name into the widget
e1851fe bitbake: toaster: make a workaround for old style index
f78f902 bitbake: prserv/serv.py: Better messaging when starting/stopping the server with port=0
134b267 bitbake: prserv/serv: Close the DB connection out of class destructor
caf422c multilib: Add TARGET_VENDOR to saved variables list
3af9f06 oeqa/sdk/gcc: Fix makefile test
00f0d2b gdk-pixbuf: Only apply native cleaning in normal task, not setscene
452237b runqemu-export-rootfs: update location of unfsd binary
aa1253f runqemu: don't complain about conflicting machines if they are equal
994915b oeqa/testimage: Remove absolute path to oeqa from json
f8da3b6 iproute2: fix the configure process
218d9f4 gcc-multilib-config: Expand ccargs variable
be13cdb Empty image: core-image-empty recipe
2bbec56 Empty image:rootfs.py:handle empty PACKAGE_INSTALL
4562f3f gstreamer1.0-plugins-bad: change glimagesink rank to marginal
677a463 linux-yocto/4.1: rt update to 4.1.x-rt8
cdd9c4c linux-yocto/4.1: common-pc-drivers: add CONFIG_PATA_SCH
9028d93 ltp: replace 'inline' with 'static inline' for gcc 5.x
5942dfe waffle: Fix build with musl
cfa3ed0 cups: fix pam configuration file's permission
8227d49 busybox: Use CC instead of bare LD to be the Linker
a3c4817 busybox: Use UTMPX instead of legacy UTMP
ea031f0 distrodata: handle recipes with empty or absent SRC_URI in checkpkg()
5cc44fe recipeutils.py: don't hardcode the upstream version as 1.0 when SRC_URI is empty or absent
320500e oeqa/parselogs: Updated log parser whitelist.
adeba9a connman: Don't use a blanket "allow" D-Bus policy
907c8a7 connman: Depend on xuser-account unconditionally
1b146c5 byacc: add missing patch header
5fd3089 sstate: run recipe-provided hooks outside of ${B}
3fb464f oeqa/decorators: Add timestamp to decorator logs.
5f371e5 image types: add hdddirect
ca52ca0 packagegroup-core-standalone-sdk-target: ensure libatomic is in SDK
6d68ba9 glibc/mmc-utils: Rename 'BRANCH' variable to 'SRCBRANCH' for clearness
c5aab3f sanity.bbclass: show warning when chmod fails
5702a19 systemd: apply persistent storage udev rules also for /dev/hd*
cb24cbb rpm: search for gpg if gpg2 is not found
217cccd openssl: Add mapping for nios2
3408d0d qemurunner: Handle qemu start failure correctly
79e3418 gcc-runtime: Add multilib C++ header mapping
09af262 oeqa/oetest: Fix SDK command execution
5d4f39f mulitlib: Ensure SDKTARGETSYSROOT is set correctly
c356961 gtk-icon-cache/pixbufcache: don't set GDK_PIXBUF_MODULEDIR
4a36842 librsvg: tell configure where gdk-pixbuf-query-loaders is
8a12632 gdk-pixbuf: move gdk-pixbuf-query-loaders to $libdir for multilib safety
b070778 gdk-pixbuf: move gdk-pixbuf-pixdata to gdk-pixbuf-dev
7fb583a multilib: Drop populate_sdk variable manipulation
eb7b1a5 package_manager.py: make rpm install mutilib pkgs corectly
5a51fb2 bitbake: prserv/serv: Start/Stop daemon using ip instead of host
2687b24 gdk-pixbuf: Avoid rebuild failures
94184a0 systemd: fix tmpfiles location when multilib in use
179ee77 p11-kit: configure without trust-paths
c7624b4 oe-pkgdata-util: avoid returning skipped packages
dd11f5c toolchain-shar-extract.sh: remove checkbashism
99fc786 archiver: stamp-base is dead, remove it
ce7bc12 gcc-shared-source: Set empty SRC_URI
47ef201 libgcc.inc: package baremetal multilib libraries
aff7e72 meta-selftest: add error recipe and error-image
261e68c libksba: fix pkgconfig patch
3235a64 systemd: disable problematic GCC 5.2 optimizations
6e7ed5e Revert "systemd: disable problematic GCC 5.2 optimizations"
9673278 oeqa/selftest/archiver: Test that archiver filters on recipe name
6807327 oeqa/utils/dump: Add default commands and directory
5d31e94 webkitgtk: add REQUIRED_DISTRO_FEATURES
8733b53 oeqa/runexported: Removed DEPLOY_DIR as mandatory.
f1e7fb0 oeqa/oetest: Remove bb as requirement for oetest.
d70c5cb gcc-5.2: disable isl
66dca4b kmod: Change SRCREV to fix return code in error path
61e77c7 oeqa/runtime/parselogs.py: Fix dmesg log retrieve in sato
dd26efb insane.bbclass: make package_qa_clean_path return a relative path
bdbd8b4 devtool: upgrade: use shutil.move instead of os.rename
346784b devtool: runqemu: avoid recipe parse
85d8b4a devtool: second fix for running from a different directory
6363a95 guile: cleanup buildpaths and add RDEPENDS on pkgconfig
6d1447b gmp: Use __gnu_inline__ attribute in 4.2.1
42dc902 pseudo_1.7.4.bb: fix f*open()
9f66aa1 bitbake: toaster: start script warning text formatting small improvement
c6eaef0 bitbake: tinfoil: remove logging handler at shutdown
fb26ea3 bitbake: toaster: remove time from builds in progress
15b482b bitbake: toaster: Add fake entry to Target_File for filesystem root
767fe69 bitbake: toaster: layerdetails Fix back button tab behaviour
4c0320f bitbake: toaster: UI test improvements
4c5af77 bitbake: toaster: support selenium testing from mac OS X
e6c4970 bitbake: toaster: add 2 UI tests
f6a70ad bitbake: toaster: change UI to show tasks
08000eb bitbake: toaster: don't re-create Target objects
ea37358 bitbake: toaster: store task name in Target objects
524ddd8 oeqa/utils/qemurunner.py: Remove duplicate message on LoggingThread start
376ce71 oeqa/utils/qemurunner.py: Fix HIGH CPU usage on LoggingThread
6c0066c devtool: add search command
0613301 devtool: add basic means of running runqemu within the extensible SDK
c4181c6 devtool / recipetool: add handling for binary-only packages
76084cd devtool: build-image: delete bbappend at end of build
ef197f9 devtool: build-image: improve image recipe handling
8f67bb7 devtool: build-image: tell user where to find output files
afb9340 devtool: build-image: fix recipe/package terminology
d736518 devtool: add: move important "recipe created" message to the end
3bd0f33 devtool: add: set up fetched source as a git repository by default
e759b0b devtool: better handling for recipes that don't unpack source
a34f733 devtool: fix extracting source for work-shared recipes
5bc437b devtool: show proper error when extracting source for recipes with disabled unpack task
210d959 recipetool: create: fix handling of URIs containing #
a35ad72 recipetool: create: fix creating empty shell functions
30c7e7a devtool: add: properly handle separate build directory
99fc284 devtool / lib/oe/recipeutils: ensure we can parse without bbappends
5d1a117 devtool: add: ensure --color=never turns off recipetool colour output
ae788fb devtool: check that source tree still exists
99cd79d scripts/contrib: add devtool stress tester
e0b9a96 lib/oe/patch: fix for git am not cleaning up after itself
8fb70c6 classes/externalsrc: fix setting of deps varflag as a string
586291f classes/externalsrc: scale back warning to a plain note
72810f9 toolchain-shar-extract.sh: show progress when extracting SDK
0dc9299 classes/populate_sdk_ext: drop work-config.inc
3a08728 classes/populate_sdk_ext: allow custom configuration for extensible SDK
b853dde classes/populate_sdk_ext: fix missing environment settings if running installer with sh
374e1fe lib/oe/recipeutils: properly split unexpanded variable values
7fb3fb9 linux-yocto/4.1: hid, bluetooth, aufs and yaffs2 updates
9241ec5 image_types.bbclass: Don't try to create ubi symlink twice
266e417 oeqa/selftest: buildoptions.py Removed unused imports
329d09f systemd: disable problematic GCC 5.2 optimizations
554c817 libgpg-error: Add support for nios2
84e1100 pixman: Fix missing FE_DIVBYZERO on nios2
9baffc1 libtool: Fix nios2 support
ba1e0ee linux-yocto: depend on libgcc for nios2
8efff24 kernel-arch: Add nios2 to valid archs
4d9af35 siteinfo: Add nios2-linux
76a8c74 insane: Add nios2 support
6adffd0 autotools: fix traversal bug in aclocal copying
6a02bbd python3-debugger: Adds pkgutils dependency to pdb
a7dd758 python3-debugger: fix importlib dependency
0e5a911 libsdl: depends on libglu when both x11 and opengl
d762ea1 lttng-tools: sessiond: disable: match app event by name
c8a7d76 testimage.bbclass: Fix break introduced with SIGTERM handling
7d166a6 sysstat: Include needed headers explicitly
d36384e connman: Fix build with musl
0df9b98 quota: Replace using -I= with STAGING_INCDIR
433a7a0 opkg: Include stdio.h for FILE definition
5aadabf syslinux: Dont bypass gcc driver for dependency generation options
05b9a0c gnu-efi, syslinux: Support gcc < 4.7
cdfd96e gummiboot: Fix build warnings seen with gcc5
0141652 qt4: Fix kmap2qmap build with clang
6b73a05 xz: Correctly specify GPL-3.0 with autoconf exception
a96069d insane.bbclass: drop extra line-feed in pkgname check
10fb575 insane.bbclass: show PN and relative path in package_qa_check_host_user
5624889 package.bbclass: add summary line to installed-vs-shipped QA check
d6e40e8 initramfs-framework: better error reporting for invalid root boot parameter
288a9ff initramfs-framework: fix "support dropping into shell on failure"
5ff7e8d qt4: remove already merged patch
9578b09 gdk-pixbuf: remove redundant libx11 DEPENDS line
fe70aa4 runqemu-internal: For qemumicroblaze use the QEMU provided device tree
9aaf7e3 runqemu-internal: Fix qemu networking for qemuzynq an qemumicroblaze
be493ba libpcre: Allow building 16 and 32bit libpcre versions
f32a6e1 oe-git-proxy: Allow socks4 as protocol in $ALL_PROXY
18309f0 oe-git-proxy: Correct the parsing of a port in $ALL_PROXY
c035f35 oe-git-proxy: Allow explicit IP addresses in $NO_PROXY
bbe06b4 oeqa/testimage: Enhance -v switch in testimage
e0b38f2 wic-image-minimal: add dependency to .wks
dd7726f wic: fix partition size calculation
219d73a wic: use ext4 in wic-image-minimal.wks
ce2cb45 wic: add dependencies to wic-image-minimal recipe
a66f586 testimage.bbclass: Don't require an image manifest
39c11d8 gstreamer1.0: Fix basesink drop buffer error
5f13793 grep: fix install if bindir == base_bindir
b17c02f gzip: fix install if bindir == base_bindir
b6f8ea1 cpio: fix install if bindir == base_bindir
fe0cdab tar: fix install if bindir == base_bindir
c6b52f3 bind: fix too long error from gen
81d65df ccache: fix file name too long
cdbe5c9 bitbake.conf: update APACHE_MIRROR
12772c8 linux-yocto/4.1: hid-core: Avoid uninitialized buffer access
88b11e6 kern-tools: optimize patching peformance
0864782 linux-yocto/4.1: aufs, yaffs2 and driver fixes

git-subtree-dir: yocto-poky
git-subtree-split: c8a4ed9a63de6124c8a3cceb80c7db48f12f7aea
diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc
index 53dcfd9..8af423f 100644
--- a/meta/recipes-connectivity/openssl/openssl.inc
+++ b/meta/recipes-connectivity/openssl/openssl.inc
@@ -118,7 +118,7 @@
         linux-*-mips64)
                target=linux-mips
                 ;;
-	linux-microblaze*)
+	linux-microblaze*|linux-nios2*)
 		target=linux-generic32
 		;;
 	linux-powerpc)
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Add-test-for-CVE-2015-3194.patch b/meta/recipes-connectivity/openssl/openssl/0001-Add-test-for-CVE-2015-3194.patch
new file mode 100644
index 0000000..39a2e5a
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/0001-Add-test-for-CVE-2015-3194.patch
@@ -0,0 +1,66 @@
+From 00456fded43eadd4bb94bf675ae4ea5d158a764f Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve@openssl.org>
+Date: Wed, 4 Nov 2015 13:30:03 +0000
+Subject: [PATCH] Add test for CVE-2015-3194
+
+Reviewed-by: Richard Levitte <levitte@openssl.org>
+
+Upstream-Status: Backport
+
+This patch was imported from 
+https://git.openssl.org/?p=openssl.git;a=commit;h=00456fded43eadd4bb94bf675ae4ea5d158a764f
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ test/certs/pss1.pem | 21 +++++++++++++++++++++
+ test/tx509          |  7 +++++++
+ 2 files changed, 28 insertions(+)
+ create mode 100644 test/certs/pss1.pem
+
+diff --git a/test/certs/pss1.pem b/test/certs/pss1.pem
+new file mode 100644
+index 0000000..29da71d
+--- /dev/null
++++ b/test/certs/pss1.pem
+@@ -0,0 +1,21 @@
++-----BEGIN CERTIFICATE-----
++MIIDdjCCAjqgAwIBAgIJANcwZLyfEv7DMD4GCSqGSIb3DQEBCjAxoA0wCwYJYIZI
++AWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIEAgIA3jAnMSUwIwYD
++VQQDDBxUZXN0IEludmFsaWQgUFNTIGNlcnRpZmljYXRlMB4XDTE1MTEwNDE2MDIz
++NVoXDTE1MTIwNDE2MDIzNVowJzElMCMGA1UEAwwcVGVzdCBJbnZhbGlkIFBTUyBj
++ZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMTaM7WH
++qVCAGAIA+zL1KWvvASTrhlq+1ePdO7wsrWX2KiYoTYrJYTnxhLnn0wrHqApt79nL
++IBG7cfShyZqFHOY/IzlYPMVt+gPo293gw96Fds5JBsjhjkyGnOyr9OUntFqvxDbT
++IIFU7o9IdxD4edaqjRv+fegVE+B79pDk4s0ujsk6dULtCg9Rst0ucGFo19mr+b7k
++dbfn8pZ72ZNDJPueVdrUAWw9oll61UcYfk75XdrLk6JlL41GrYHc8KlfXf43gGQq
++QfrpHkg4Ih2cI6Wt2nhFGAzrlcorzLliQIUJRIhM8h4IgDfpBpaPdVQLqS2pFbXa
++5eQjqiyJwak2vJ8CAwEAAaNQME4wHQYDVR0OBBYEFCt180N4oGUt5LbzBwQ4Ia+2
++4V97MB8GA1UdIwQYMBaAFCt180N4oGUt5LbzBwQ4Ia+24V97MAwGA1UdEwQFMAMB
++Af8wMQYJKoZIhvcNAQEKMCSgDTALBglghkgBZQMEAgGhDTALBgkqhkiG9w0BAQii
++BAICAN4DggEBAAjBtm90lGxgddjc4Xu/nbXXFHVs2zVcHv/mqOZoQkGB9r/BVgLb
++xhHrFZ2pHGElbUYPfifdS9ztB73e1d4J+P29o0yBqfd4/wGAc/JA8qgn6AAEO/Xn
++plhFeTRJQtLZVl75CkHXgUGUd3h+ADvKtcBuW9dSUncaUrgNKR8u/h/2sMG38RWY
++DzBddC/66YTa3r7KkVUfW7yqRQfELiGKdcm+bjlTEMsvS+EhHup9CzbpoCx2Fx9p
++NPtFY3yEObQhmL1JyoCRWqBE75GzFPbRaiux5UpEkns+i3trkGssZzsOuVqHNTNZ
++lC9+9hPHIoc9UMmAQNo1vGIW3NWVoeGbaJ8=
++-----END CERTIFICATE-----
+diff --git a/test/tx509 b/test/tx509
+index 0ce3b52..77f5cac 100644
+--- a/test/tx509
++++ b/test/tx509
+@@ -74,5 +74,12 @@ if [ $? != 0 ]; then exit 1; fi
+ cmp x509-f.p x509-ff.p3
+ if [ $? != 0 ]; then exit 1; fi
+ 
++echo "Parsing test certificates"
++
++$cmd -in certs/pss1.pem -text -noout >/dev/null
++if [ $? != 0 ]; then exit 1; fi
++
++echo OK
++
+ /bin/rm -f x509-f.* x509-ff.* x509-fff.*
+ exit 0
+-- 
+2.3.5
+
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch
new file mode 100644
index 0000000..125016a
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch
@@ -0,0 +1,101 @@
+From d73cc256c8e256c32ed959456101b73ba9842f72 Mon Sep 17 00:00:00 2001
+From: Andy Polyakov <appro@openssl.org>
+Date: Tue, 1 Dec 2015 09:00:32 +0100
+Subject: [PATCH] bn/asm/x86_64-mont5.pl: fix carry propagating bug
+ (CVE-2015-3193).
+
+Reviewed-by: Richard Levitte <levitte@openssl.org>
+(cherry picked from commit e7c078db57908cbf16074c68034977565ffaf107)
+
+Upstream-Status: Backport
+
+This patch was imported from 
+https://git.openssl.org/?p=openssl.git;a=commit;h=d73cc256c8e256c32ed959456101b73ba9842f72
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ crypto/bn/asm/x86_64-mont5.pl | 22 +++++++++++++++++++---
+ crypto/bn/bntest.c            | 18 ++++++++++++++++++
+ 2 files changed, 37 insertions(+), 3 deletions(-)
+
+Index: openssl-1.0.2d/crypto/bn/asm/x86_64-mont5.pl
+===================================================================
+--- openssl-1.0.2d.orig/crypto/bn/asm/x86_64-mont5.pl
++++ openssl-1.0.2d/crypto/bn/asm/x86_64-mont5.pl
+@@ -1779,6 +1779,15 @@ sqr8x_reduction:
+ .align	32
+ .L8x_tail_done:
+ 	add	(%rdx),%r8		# can this overflow?
++	adc	\$0,%r9
++	adc	\$0,%r10
++	adc	\$0,%r11
++	adc	\$0,%r12
++	adc	\$0,%r13
++	adc	\$0,%r14
++	adc	\$0,%r15		# can't overflow, because we
++					# started with "overhung" part
++					# of multiplication
+ 	xor	%rax,%rax
+ 
+ 	neg	$carry
+@@ -3125,6 +3134,15 @@ sqrx8x_reduction:
+ .align	32
+ .Lsqrx8x_tail_done:
+ 	add	24+8(%rsp),%r8		# can this overflow?
++	adc	\$0,%r9
++	adc	\$0,%r10
++	adc	\$0,%r11
++	adc	\$0,%r12
++	adc	\$0,%r13
++	adc	\$0,%r14
++	adc	\$0,%r15		# can't overflow, because we
++					# started with "overhung" part
++					# of multiplication
+ 	mov	$carry,%rax		# xor	%rax,%rax
+ 
+ 	sub	16+8(%rsp),$carry	# mov 16(%rsp),%cf
+@@ -3168,13 +3186,11 @@ my ($rptr,$nptr)=("%rdx","%rbp");
+ my @ri=map("%r$_",(10..13));
+ my @ni=map("%r$_",(14..15));
+ $code.=<<___;
+-	xor	%rbx,%rbx
++	xor	%ebx,%ebx
+ 	sub	%r15,%rsi		# compare top-most words
+ 	adc	%rbx,%rbx
+ 	mov	%rcx,%r10		# -$num
+-	.byte	0x67
+ 	or	%rbx,%rax
+-	.byte	0x67
+ 	mov	%rcx,%r9		# -$num
+ 	xor	\$1,%rax
+ 	sar	\$3+2,%rcx		# cf=0
+Index: openssl-1.0.2d/crypto/bn/bntest.c
+===================================================================
+--- openssl-1.0.2d.orig/crypto/bn/bntest.c
++++ openssl-1.0.2d/crypto/bn/bntest.c
+@@ -1027,6 +1027,24 @@ int test_mod_exp_mont_consttime(BIO *bp,
+             return 0;
+         }
+     }
++
++    /* Regression test for carry propagation bug in sqr8x_reduction */
++    BN_hex2bn(&a, "050505050505");
++    BN_hex2bn(&b, "02");
++    BN_hex2bn(&c,
++        "4141414141414141414141274141414141414141414141414141414141414141"
++        "4141414141414141414141414141414141414141414141414141414141414141"
++        "4141414141414141414141800000000000000000000000000000000000000000"
++        "0000000000000000000000000000000000000000000000000000000000000000"
++        "0000000000000000000000000000000000000000000000000000000000000000"
++        "0000000000000000000000000000000000000000000000000000000001");
++    BN_mod_exp(d, a, b, c, ctx);
++    BN_mul(e, a, a, ctx);
++    if (BN_cmp(d, e)) {
++        fprintf(stderr, "BN_mod_exp and BN_mul produce different results!\n");
++        return 0;
++    }
++
+     BN_free(a);
+     BN_free(b);
+     BN_free(c);
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3194-1-Add-PSS-parameter-check.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3194-1-Add-PSS-parameter-check.patch
new file mode 100644
index 0000000..13d4891
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3194-1-Add-PSS-parameter-check.patch
@@ -0,0 +1,45 @@
+From c394a488942387246653833359a5c94b5832674e Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve@openssl.org>
+Date: Fri, 2 Oct 2015 12:35:19 +0100
+Subject: [PATCH] Add PSS parameter check.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Avoid seg fault by checking mgf1 parameter is not NULL. This can be
+triggered during certificate verification so could be a DoS attack
+against a client or a server enabling client authentication.
+
+Thanks to Loïc Jonas Etienne (Qnective AG) for discovering this bug.
+
+CVE-2015-3194
+
+Reviewed-by: Richard Levitte <levitte@openssl.org>
+
+Upstream-Status: Backport
+
+This patch was imported from 
+https://git.openssl.org/?p=openssl.git;a=commit;h=c394a488942387246653833359a5c94b5832674e
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ crypto/rsa/rsa_ameth.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
+index ca3922e..4e06218 100644
+--- a/crypto/rsa/rsa_ameth.c
++++ b/crypto/rsa/rsa_ameth.c
+@@ -268,7 +268,7 @@ static X509_ALGOR *rsa_mgf1_decode(X509_ALGOR *alg)
+ {
+     const unsigned char *p;
+     int plen;
+-    if (alg == NULL)
++    if (alg == NULL || alg->parameter == NULL)
+         return NULL;
+     if (OBJ_obj2nid(alg->algorithm) != NID_mgf1)
+         return NULL;
+-- 
+2.3.5
+
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch
new file mode 100644
index 0000000..6fc4d0e
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch
@@ -0,0 +1,66 @@
+From cc598f321fbac9c04da5766243ed55d55948637d Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve@openssl.org>
+Date: Tue, 10 Nov 2015 19:03:07 +0000
+Subject: [PATCH] Fix leak with ASN.1 combine.
+
+When parsing a combined structure pass a flag to the decode routine
+so on error a pointer to the parent structure is not zeroed as
+this will leak any additional components in the parent.
+
+This can leak memory in any application parsing PKCS#7 or CMS structures.
+
+CVE-2015-3195.
+
+Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using
+libFuzzer.
+
+PR#4131
+
+Reviewed-by: Richard Levitte <levitte@openssl.org>
+
+Upstream-Status: Backport
+
+This patch was imported from
+https://git.openssl.org/?p=openssl.git;a=commit;h=cc598f321fbac9c04da5766243ed55d55948637d
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ crypto/asn1/tasn_dec.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
+index febf605..9256049 100644
+--- a/crypto/asn1/tasn_dec.c
++++ b/crypto/asn1/tasn_dec.c
+@@ -180,6 +180,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
+     int otag;
+     int ret = 0;
+     ASN1_VALUE **pchptr, *ptmpval;
++    int combine = aclass & ASN1_TFLG_COMBINE;
++    aclass &= ~ASN1_TFLG_COMBINE;
+     if (!pval)
+         return 0;
+     if (aux && aux->asn1_cb)
+@@ -500,7 +502,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
+  auxerr:
+     ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR);
+  err:
+-    ASN1_item_ex_free(pval, it);
++    if (combine == 0)
++        ASN1_item_ex_free(pval, it);
+     if (errtt)
+         ERR_add_error_data(4, "Field=", errtt->field_name,
+                            ", Type=", it->sname);
+@@ -689,7 +692,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
+     } else {
+         /* Nothing special */
+         ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
+-                               -1, 0, opt, ctx);
++                               -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx);
+         if (!ret) {
+             ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
+             goto err;
+-- 
+2.3.5
+
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3197.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3197.patch
new file mode 100644
index 0000000..dd288c9
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3197.patch
@@ -0,0 +1,63 @@
+From d81a1600588b726c2bdccda7efad3cc7a87d6245 Mon Sep 17 00:00:00 2001
+From: Viktor Dukhovni <openssl-users@dukhovni.org>
+Date: Wed, 30 Dec 2015 22:44:51 -0500
+Subject: [PATCH] Better SSLv2 cipher-suite enforcement
+
+Based on patch by: Nimrod Aviram <nimrod.aviram@gmail.com>
+
+CVE-2015-3197
+
+Reviewed-by: Tim Hudson <tjh@openssl.org>
+Reviewed-by: Richard Levitte <levitte@openssl.org>
+
+Upstream-Status: Backport
+https://github.com/openssl/openssl/commit/d81a1600588b726c2bdccda7efad3cc7a87d6245
+
+CVE: CVE-2015-3197
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ ssl/s2_srvr.c | 15 +++++++++++++--
+ 1 file changed, 13 insertions(+), 2 deletions(-)
+
+Index: openssl-1.0.2d/ssl/s2_srvr.c
+===================================================================
+--- openssl-1.0.2d.orig/ssl/s2_srvr.c
++++ openssl-1.0.2d/ssl/s2_srvr.c
+@@ -402,7 +402,7 @@ static int get_client_master_key(SSL *s)
+         }
+ 
+         cp = ssl2_get_cipher_by_char(p);
+-        if (cp == NULL) {
++        if (cp == NULL || sk_SSL_CIPHER_find(s->session->ciphers, cp) < 0) {
+             ssl2_return_error(s, SSL2_PE_NO_CIPHER);
+             SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_CIPHER_MATCH);
+             return (-1);
+@@ -687,8 +687,12 @@ static int get_client_hello(SSL *s)
+             prio = cs;
+             allow = cl;
+         }
++
++        /* Generate list of SSLv2 ciphers shared between client and server */
+         for (z = 0; z < sk_SSL_CIPHER_num(prio); z++) {
+-            if (sk_SSL_CIPHER_find(allow, sk_SSL_CIPHER_value(prio, z)) < 0) {
++            const SSL_CIPHER *cp = sk_SSL_CIPHER_value(prio, z);
++            if ((cp->algorithm_ssl & SSL_SSLV2) == 0 ||
++                sk_SSL_CIPHER_find(allow, cp) < 0) {
+                 (void)sk_SSL_CIPHER_delete(prio, z);
+                 z--;
+             }
+@@ -697,6 +701,13 @@ static int get_client_hello(SSL *s)
+             sk_SSL_CIPHER_free(s->session->ciphers);
+             s->session->ciphers = prio;
+         }
++
++        /* Make sure we have at least one cipher in common */
++        if (sk_SSL_CIPHER_num(s->session->ciphers) == 0) {
++            ssl2_return_error(s, SSL2_PE_NO_CIPHER);
++            SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_NO_CIPHER_MATCH);
++            return -1;
++        }
+         /*
+          * s->session->ciphers should now have a list of ciphers that are on
+          * both the client and server. This list is ordered by the order the
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-0701_1.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-0701_1.patch
new file mode 100644
index 0000000..cf2d9a7
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2016-0701_1.patch
@@ -0,0 +1,102 @@
+From 878e2c5b13010329c203f309ed0c8f2113f85648 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Mon, 18 Jan 2016 11:31:58 +0000
+Subject: [PATCH] Prevent small subgroup attacks on DH/DHE
+
+Historically OpenSSL only ever generated DH parameters based on "safe"
+primes. More recently (in version 1.0.2) support was provided for
+generating X9.42 style parameter files such as those required for RFC
+5114 support. The primes used in such files may not be "safe". Where an
+application is using DH configured with parameters based on primes that
+are not "safe" then an attacker could use this fact to find a peer's
+private DH exponent. This attack requires that the attacker complete
+multiple handshakes in which the peer uses the same DH exponent.
+
+A simple mitigation is to ensure that y^q (mod p) == 1
+
+CVE-2016-0701 (fix part 1 of 2)
+
+Issue reported by Antonio Sanso.
+
+Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
+
+Upstream-Status: Backport
+
+https://github.com/openssl/openssl/commit/878e2c5b13010329c203f309ed0c8f2113f85648
+
+CVE: CVE-2016-0701
+Signed-of-by: Armin Kuster <akuster@mvisa.com>
+
+---
+ crypto/dh/dh.h       |  1 +
+ crypto/dh/dh_check.c | 35 +++++++++++++++++++++++++----------
+ 2 files changed, 26 insertions(+), 10 deletions(-)
+
+diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
+index b177673..5498a9d 100644
+--- a/crypto/dh/dh.h
++++ b/crypto/dh/dh.h
+@@ -174,6 +174,7 @@ struct dh_st {
+ /* DH_check_pub_key error codes */
+ # define DH_CHECK_PUBKEY_TOO_SMALL       0x01
+ # define DH_CHECK_PUBKEY_TOO_LARGE       0x02
++# define DH_CHECK_PUBKEY_INVALID         0x03
+ 
+ /*
+  * primes p where (p-1)/2 is prime too are called "safe"; we define this for
+diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
+index 347467c..5adedc0 100644
+--- a/crypto/dh/dh_check.c
++++ b/crypto/dh/dh_check.c
+@@ -151,23 +151,38 @@ int DH_check(const DH *dh, int *ret)
+ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
+ {
+     int ok = 0;
+-    BIGNUM *q = NULL;
++    BIGNUM *tmp = NULL;
++    BN_CTX *ctx = NULL;
+ 
+     *ret = 0;
+-    q = BN_new();
+-    if (q == NULL)
++    ctx = BN_CTX_new();
++    if (ctx == NULL)
+         goto err;
+-    BN_set_word(q, 1);
+-    if (BN_cmp(pub_key, q) <= 0)
++    BN_CTX_start(ctx);
++    tmp = BN_CTX_get(ctx);
++    if (tmp == NULL)
++        goto err;
++    BN_set_word(tmp, 1);
++    if (BN_cmp(pub_key, tmp) <= 0)
+         *ret |= DH_CHECK_PUBKEY_TOO_SMALL;
+-    BN_copy(q, dh->p);
+-    BN_sub_word(q, 1);
+-    if (BN_cmp(pub_key, q) >= 0)
++    BN_copy(tmp, dh->p);
++    BN_sub_word(tmp, 1);
++    if (BN_cmp(pub_key, tmp) >= 0)
+         *ret |= DH_CHECK_PUBKEY_TOO_LARGE;
+ 
++    if (dh->q != NULL) {
++        /* Check pub_key^q == 1 mod p */
++        if (!BN_mod_exp(tmp, pub_key, dh->q, dh->p, ctx))
++            goto err;
++        if (!BN_is_one(tmp))
++            *ret |= DH_CHECK_PUBKEY_INVALID;
++    }
++
+     ok = 1;
+  err:
+-    if (q != NULL)
+-        BN_free(q);
++    if (ctx != NULL) {
++        BN_CTX_end(ctx);
++        BN_CTX_free(ctx);
++    }
+     return (ok);
+ }
+-- 
+2.3.5
+
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-0701_2.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-0701_2.patch
new file mode 100644
index 0000000..05caf0a
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2016-0701_2.patch
@@ -0,0 +1,156 @@
+From c5b831f21d0d29d1e517d139d9d101763f60c9a2 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Thu, 17 Dec 2015 02:57:20 +0000
+Subject: [PATCH] Always generate DH keys for ephemeral DH cipher suites
+
+Modified version of the commit ffaef3f15 in the master branch by Stephen
+Henson. This makes the SSL_OP_SINGLE_DH_USE option a no-op and always
+generates a new DH key for every handshake regardless.
+
+CVE-2016-0701 (fix part 2 or 2)
+
+Issue reported by Antonio Sanso
+
+Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
+
+Upstream-Status: Backport
+
+https://github.com/openssl/openssl/commit/c5b831f21d0d29d1e517d139d9d101763f60c9a2
+
+CVE: CVE-2016-0701 #2
+Signed-of-by: Armin Kuster <akuster@mvisa.com>
+
+---
+ doc/ssl/SSL_CTX_set_tmp_dh_callback.pod | 29 +++++------------------------
+ ssl/s3_lib.c                            | 14 --------------
+ ssl/s3_srvr.c                           | 17 +++--------------
+ ssl/ssl.h                               |  2 +-
+ 4 files changed, 9 insertions(+), 53 deletions(-)
+
+Index: openssl-1.0.2d/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
+===================================================================
+--- openssl-1.0.2d.orig/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
++++ openssl-1.0.2d/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
+@@ -48,25 +48,8 @@ even if he gets hold of the normal (cert
+ only used for signing.
+ 
+ In order to perform a DH key exchange the server must use a DH group
+-(DH parameters) and generate a DH key.
+-The server will always generate a new DH key during the negotiation
+-if either the DH parameters are supplied via callback or the
+-SSL_OP_SINGLE_DH_USE option of SSL_CTX_set_options(3) is set (or both).
+-It will  immediately create a DH key if DH parameters are supplied via
+-SSL_CTX_set_tmp_dh() and SSL_OP_SINGLE_DH_USE is not set.
+-In this case,
+-it may happen that a key is generated on initialization without later
+-being needed, while on the other hand the computer time during the
+-negotiation is being saved.
+-
+-If "strong" primes were used to generate the DH parameters, it is not strictly
+-necessary to generate a new key for each handshake but it does improve forward
+-secrecy. If it is not assured that "strong" primes were used,
+-SSL_OP_SINGLE_DH_USE must be used in order to prevent small subgroup
+-attacks. Always using SSL_OP_SINGLE_DH_USE has an impact on the
+-computer time needed during negotiation, but it is not very large, so
+-application authors/users should consider always enabling this option.
+-The option is required to implement perfect forward secrecy (PFS).
++(DH parameters) and generate a DH key. The server will always generate
++a new DH key during the negotiation.
+ 
+ As generating DH parameters is extremely time consuming, an application
+ should not generate the parameters on the fly but supply the parameters.
+@@ -93,10 +76,9 @@ can supply the DH parameters via a callb
+ Previous versions of the callback used B<is_export> and B<keylength>
+ parameters to control parameter generation for export and non-export
+ cipher suites. Modern servers that do not support export ciphersuites
+-are advised to either use SSL_CTX_set_tmp_dh() in combination with
+-SSL_OP_SINGLE_DH_USE, or alternatively, use the callback but ignore
+-B<keylength> and B<is_export> and simply supply at least 2048-bit
+-parameters in the callback.
++are advised to either use SSL_CTX_set_tmp_dh() or alternatively, use
++the callback but ignore B<keylength> and B<is_export> and simply
++supply at least 2048-bit parameters in the callback.
+ 
+ =head1 EXAMPLES
+ 
+@@ -128,7 +110,6 @@ partly left out.)
+  if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1) {
+    /* Error. */
+  }
+- SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
+  ...
+ 
+ =head1 RETURN VALUES
+Index: openssl-1.0.2d/ssl/s3_lib.c
+===================================================================
+--- openssl-1.0.2d.orig/ssl/s3_lib.c
++++ openssl-1.0.2d/ssl/s3_lib.c
+@@ -3206,13 +3206,6 @@ long ssl3_ctrl(SSL *s, int cmd, long lar
+                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
+                 return (ret);
+             }
+-            if (!(s->options & SSL_OP_SINGLE_DH_USE)) {
+-                if (!DH_generate_key(dh)) {
+-                    DH_free(dh);
+-                    SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
+-                    return (ret);
+-                }
+-            }
+             if (s->cert->dh_tmp != NULL)
+                 DH_free(s->cert->dh_tmp);
+             s->cert->dh_tmp = dh;
+@@ -3710,13 +3703,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd
+                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB);
+                 return 0;
+             }
+-            if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) {
+-                if (!DH_generate_key(new)) {
+-                    SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB);
+-                    DH_free(new);
+-                    return 0;
+-                }
+-            }
+             if (cert->dh_tmp != NULL)
+                 DH_free(cert->dh_tmp);
+             cert->dh_tmp = new;
+Index: openssl-1.0.2d/ssl/s3_srvr.c
+===================================================================
+--- openssl-1.0.2d.orig/ssl/s3_srvr.c
++++ openssl-1.0.2d/ssl/s3_srvr.c
+@@ -1684,20 +1684,9 @@ int ssl3_send_server_key_exchange(SSL *s
+             }
+ 
+             s->s3->tmp.dh = dh;
+-            if ((dhp->pub_key == NULL ||
+-                 dhp->priv_key == NULL ||
+-                 (s->options & SSL_OP_SINGLE_DH_USE))) {
+-                if (!DH_generate_key(dh)) {
+-                    SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
+-                    goto err;
+-                }
+-            } else {
+-                dh->pub_key = BN_dup(dhp->pub_key);
+-                dh->priv_key = BN_dup(dhp->priv_key);
+-                if ((dh->pub_key == NULL) || (dh->priv_key == NULL)) {
+-                    SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
+-                    goto err;
+-                }
++            if (!DH_generate_key(dh)) {
++                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
++                goto err;
+             }
+             r[0] = dh->p;
+             r[1] = dh->g;
+Index: openssl-1.0.2d/ssl/ssl.h
+===================================================================
+--- openssl-1.0.2d.orig/ssl/ssl.h
++++ openssl-1.0.2d/ssl/ssl.h
+@@ -625,7 +625,7 @@ struct ssl_session_st {
+ # define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION        0x00040000L
+ /* If set, always create a new key when using tmp_ecdh parameters */
+ # define SSL_OP_SINGLE_ECDH_USE                          0x00080000L
+-/* If set, always create a new key when using tmp_dh parameters */
++/* Does nothing: retained for compatibility */
+ # define SSL_OP_SINGLE_DH_USE                            0x00100000L
+ /* Does nothing: retained for compatibiity */
+ # define SSL_OP_EPHEMERAL_RSA                            0x0
diff --git a/meta/recipes-connectivity/openssl/openssl/ptest_makefile_deps.patch b/meta/recipes-connectivity/openssl/openssl/ptest_makefile_deps.patch
new file mode 100644
index 0000000..4202e61
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/ptest_makefile_deps.patch
@@ -0,0 +1,248 @@
+Additional Makefile dependencies removal for test targets
+
+Removing the dependency check for test targets as these tests are
+causing a number of failures and "noise" during ptest execution.
+
+Upstream-Status: Inappropriate [config]
+
+Signed-off-by: Maxin B. John <maxin.john@intel.com>
+
+diff -Naur openssl-1.0.2d-orig/test/Makefile openssl-1.0.2d/test/Makefile
+--- openssl-1.0.2d-orig/test/Makefile	2015-09-28 12:50:41.530022979 +0300
++++ openssl-1.0.2d/test/Makefile	2015-09-28 12:57:45.930717240 +0300
+@@ -155,67 +155,67 @@
+ 	( $(MAKE) $$i && echo "PASS: $$i" ) || echo "FAIL: $$i"; \
+ 	done)
+ 
+-test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt
++test_evp:
+ 	../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt
+ 
+-test_evp_extra: $(EVPEXTRATEST)$(EXE_EXT)
++test_evp_extra:
+ 	../util/shlib_wrap.sh ./$(EVPEXTRATEST)
+ 
+-test_des: $(DESTEST)$(EXE_EXT)
++test_des:
+ 	../util/shlib_wrap.sh ./$(DESTEST)
+ 
+-test_idea: $(IDEATEST)$(EXE_EXT)
++test_idea:
+ 	../util/shlib_wrap.sh ./$(IDEATEST)
+ 
+-test_sha: $(SHATEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(SHA256TEST)$(EXE_EXT) $(SHA512TEST)$(EXE_EXT)
++test_sha:
+ 	../util/shlib_wrap.sh ./$(SHATEST)
+ 	../util/shlib_wrap.sh ./$(SHA1TEST)
+ 	../util/shlib_wrap.sh ./$(SHA256TEST)
+ 	../util/shlib_wrap.sh ./$(SHA512TEST)
+ 
+-test_mdc2: $(MDC2TEST)$(EXE_EXT)
++test_mdc2:
+ 	../util/shlib_wrap.sh ./$(MDC2TEST)
+ 
+-test_md5: $(MD5TEST)$(EXE_EXT)
++test_md5:
+ 	../util/shlib_wrap.sh ./$(MD5TEST)
+ 
+-test_md4: $(MD4TEST)$(EXE_EXT)
++test_md4:
+ 	../util/shlib_wrap.sh ./$(MD4TEST)
+ 
+-test_hmac: $(HMACTEST)$(EXE_EXT)
++test_hmac:
+ 	../util/shlib_wrap.sh ./$(HMACTEST)
+ 
+-test_wp: $(WPTEST)$(EXE_EXT)
++test_wp:
+ 	../util/shlib_wrap.sh ./$(WPTEST)
+ 
+-test_md2: $(MD2TEST)$(EXE_EXT)
++test_md2:
+ 	../util/shlib_wrap.sh ./$(MD2TEST)
+ 
+-test_rmd: $(RMDTEST)$(EXE_EXT)
++test_rmd:
+ 	../util/shlib_wrap.sh ./$(RMDTEST)
+ 
+-test_bf: $(BFTEST)$(EXE_EXT)
++test_bf:
+ 	../util/shlib_wrap.sh ./$(BFTEST)
+ 
+-test_cast: $(CASTTEST)$(EXE_EXT)
++test_cast:
+ 	../util/shlib_wrap.sh ./$(CASTTEST)
+ 
+-test_rc2: $(RC2TEST)$(EXE_EXT)
++test_rc2:
+ 	../util/shlib_wrap.sh ./$(RC2TEST)
+ 
+-test_rc4: $(RC4TEST)$(EXE_EXT)
++test_rc4:
+ 	../util/shlib_wrap.sh ./$(RC4TEST)
+ 
+-test_rc5: $(RC5TEST)$(EXE_EXT)
++test_rc5:
+ 	../util/shlib_wrap.sh ./$(RC5TEST)
+ 
+-test_rand: $(RANDTEST)$(EXE_EXT)
++test_rand:
+ 	../util/shlib_wrap.sh ./$(RANDTEST)
+ 
+-test_enc: ../apps/openssl$(EXE_EXT) testenc
++test_enc:
+ 	@sh ./testenc
+ 
+-test_x509: ../apps/openssl$(EXE_EXT) tx509 testx509.pem v3-cert1.pem v3-cert2.pem
++test_x509:
+ 	echo test normal x509v1 certificate
+ 	sh ./tx509 2>/dev/null
+ 	echo test first x509v3 certificate
+@@ -223,25 +223,25 @@
+ 	echo test second x509v3 certificate
+ 	sh ./tx509 v3-cert2.pem 2>/dev/null
+ 
+-test_rsa: ../apps/openssl$(EXE_EXT) trsa testrsa.pem
++test_rsa:
+ 	@sh ./trsa 2>/dev/null
+ 	../util/shlib_wrap.sh ./$(RSATEST)
+ 
+-test_crl: ../apps/openssl$(EXE_EXT) tcrl testcrl.pem
++test_crl:
+ 	@sh ./tcrl 2>/dev/null
+ 
+-test_sid: ../apps/openssl$(EXE_EXT) tsid testsid.pem
++test_sid:
+ 	@sh ./tsid 2>/dev/null
+ 
+-test_req: ../apps/openssl$(EXE_EXT) treq testreq.pem testreq2.pem
++test_req:
+ 	@sh ./treq 2>/dev/null
+ 	@sh ./treq testreq2.pem 2>/dev/null
+ 
+-test_pkcs7: ../apps/openssl$(EXE_EXT) tpkcs7 tpkcs7d testp7.pem pkcs7-1.pem
++test_pkcs7:
+ 	@sh ./tpkcs7 2>/dev/null
+ 	@sh ./tpkcs7d 2>/dev/null
+ 
+-test_bn: $(BNTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) bctest
++test_bn:
+ 	@echo starting big number library test, could take a while...
+ 	@../util/shlib_wrap.sh ./$(BNTEST) >tmp.bntest
+ 	@echo quit >>tmp.bntest
+@@ -250,33 +250,33 @@
+ 	@echo 'test a^b%c implementations'
+ 	../util/shlib_wrap.sh ./$(EXPTEST)
+ 
+-test_ec: $(ECTEST)$(EXE_EXT)
++test_ec:
+ 	@echo 'test elliptic curves'
+ 	../util/shlib_wrap.sh ./$(ECTEST)
+ 
+-test_ecdsa: $(ECDSATEST)$(EXE_EXT)
++test_ecdsa:
+ 	@echo 'test ecdsa'
+ 	../util/shlib_wrap.sh ./$(ECDSATEST)
+ 
+-test_ecdh: $(ECDHTEST)$(EXE_EXT)
++test_ecdh:
+ 	@echo 'test ecdh'
+ 	../util/shlib_wrap.sh ./$(ECDHTEST)
+ 
+-test_verify: ../apps/openssl$(EXE_EXT)
++test_verify:
+ 	@echo "The following command should have some OK's and some failures"
+ 	@echo "There are definitly a few expired certificates"
+ 	../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs/demo ../certs/demo/*.pem
+ 
+-test_dh: $(DHTEST)$(EXE_EXT)
++test_dh:
+ 	@echo "Generate a set of DH parameters"
+ 	../util/shlib_wrap.sh ./$(DHTEST)
+ 
+-test_dsa: $(DSATEST)$(EXE_EXT)
++test_dsa:
+ 	@echo "Generate a set of DSA parameters"
+ 	../util/shlib_wrap.sh ./$(DSATEST)
+ 	../util/shlib_wrap.sh ./$(DSATEST) -app2_1
+ 
+-test_gen testreq.pem: ../apps/openssl$(EXE_EXT) testgen test.cnf
++test_gen testreq.pem:
+ 	@echo "Generate and verify a certificate request"
+ 	@sh ./testgen
+ 
+@@ -288,13 +288,11 @@
+ 	@cat certCA.ss certU.ss > intP1.ss
+ 	@cat certCA.ss certU.ss certP1.ss > intP2.ss
+ 
+-test_engine:  $(ENGINETEST)$(EXE_EXT)
++test_engine:
+ 	@echo "Manipulate the ENGINE structures"
+ 	../util/shlib_wrap.sh ./$(ENGINETEST)
+ 
+-test_ssl: keyU.ss certU.ss certCA.ss certP1.ss keyP1.ss certP2.ss keyP2.ss \
+-		intP1.ss intP2.ss $(SSLTEST)$(EXE_EXT) testssl testsslproxy \
+-		../apps/server2.pem serverinfo.pem
++test_ssl:
+ 	@echo "test SSL protocol"
+ 	@if [ -n "$(FIPSCANLIB)" ]; then \
+ 	  sh ./testfipsssl keyU.ss certU.ss certCA.ss; \
+@@ -304,7 +302,7 @@
+ 	@sh ./testsslproxy keyP1.ss certP1.ss intP1.ss
+ 	@sh ./testsslproxy keyP2.ss certP2.ss intP2.ss
+ 
+-test_ca: ../apps/openssl$(EXE_EXT) testca CAss.cnf Uss.cnf
++test_ca:
+ 	@if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then \
+ 	  echo "skipping CA.sh test -- requires RSA"; \
+ 	else \
+@@ -312,11 +310,11 @@
+ 	  sh ./testca; \
+ 	fi
+ 
+-test_aes: #$(AESTEST)
++test_aes:
+ #	@echo "test Rijndael"
+ #	../util/shlib_wrap.sh ./$(AESTEST)
+ 
+-test_tsa: ../apps/openssl$(EXE_EXT) testtsa CAtsa.cnf ../util/shlib_wrap.sh
++test_tsa:
+ 	@if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then \
+ 	  echo "skipping testtsa test -- requires RSA"; \
+ 	else \
+@@ -331,7 +329,7 @@
+ 	@echo "Test JPAKE"
+ 	../util/shlib_wrap.sh ./$(JPAKETEST)
+ 
+-test_cms: ../apps/openssl$(EXE_EXT) cms-test.pl smcont.txt
++test_cms:
+ 	@echo "CMS consistency test"
+ 	$(PERL) cms-test.pl
+ 
+@@ -339,22 +337,22 @@
+ 	@echo "Test SRP"
+ 	../util/shlib_wrap.sh ./srptest
+ 
+-test_ocsp: ../apps/openssl$(EXE_EXT) tocsp
++test_ocsp:
+ 	@echo "Test OCSP"
+ 	@sh ./tocsp
+ 
+-test_v3name: $(V3NAMETEST)$(EXE_EXT)
++test_v3name:
+ 	@echo "Test X509v3_check_*"
+ 	../util/shlib_wrap.sh ./$(V3NAMETEST)
+ 
+ test_heartbeat:
+ 	../util/shlib_wrap.sh ./$(HEARTBEATTEST)
+ 
+-test_constant_time: $(CONSTTIMETEST)$(EXE_EXT)
++test_constant_time:
+ 	@echo "Test constant time utilites"
+ 	../util/shlib_wrap.sh ./$(CONSTTIMETEST)
+ 
+-test_verify_extra: $(VERIFYEXTRATEST)$(EXE_EXT)
++test_verify_extra:
+ 	@echo $(START) $@
+ 	../util/shlib_wrap.sh ./$(VERIFYEXTRATEST)
+ 
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
index 32d8dce..8defa5b 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
@@ -36,6 +36,14 @@
             file://run-ptest \
             file://crypto_use_bigint_in_x86-64_perl.patch \
             file://openssl-1.0.2a-x32-asm.patch \
+            file://ptest_makefile_deps.patch  \
+            file://CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch \
+            file://CVE-2015-3194-1-Add-PSS-parameter-check.patch \
+            file://0001-Add-test-for-CVE-2015-3194.patch \
+            file://CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch \
+            file://CVE-2015-3197.patch \
+            file://CVE-2016-0701_1.patch \
+            file://CVE-2016-0701_2.patch \
            "
 
 SRC_URI[md5sum] = "38dd619b2e77cbac69b99f52a053d25a"
@@ -55,3 +63,13 @@
 do_configure_prepend() {
   cp ${WORKDIR}/find.pl ${S}/util/find.pl
 }
+
+# The crypto_use_bigint patch means that perl's bignum module needs to be
+# installed, but some distributions (for example Fedora 23) don't ship it by
+# default.  As the resulting error is very misleading check for bignum before
+# building.
+do_configure_prepend() {
+	if ! perl -Mbigint -e true; then
+		bbfatal "The perl module 'bignum' was not found but this is required to build openssl.  Please install this module (often packaged as perl-bignum) and re-run bitbake."
+	fi
+}