poky: sumo refresh 874976b..45ef387

Update poky to sumo HEAD.

Alexander Kanavin (1):
      openssl: fix upstream version check for 1.0 version

Andre McCurdy (19):
      openssl_1.1: avoid using += with an over-ride
      openssl_1.1: minor recipe formatting tweaks etc
      openssl_1.0: merge openssl10.inc into the openssl_1.0.2o.bb recipe
      openssl_1.0: minor recipe formatting tweaks etc
      openssl_1.0: drop curly brackets from shell local variables
      openssl_1.0: fix cryptodev-linux PACKAGECONFIG support
      openssl_1.0: drop leading "-" from no-ssl3 config option
      openssl_1.0: avoid running make twice for target do_compile()
      openssl: remove uclibc remnants
      openssl: support musl-x32 build
      openssl: minor indent fixes
      openssl_1.0: drop obsolete ca.patch
      openssl_1.0: drop obsolete exporting of AS, EX_LIBS and DIRS
      openssl_1.0: drop unmaintained darwin support
      openssl_1.0: add PACKAGECONFIG option to control manpages
      openssl_1.0: squash whitespace in CC_INFO
      openssl: fix missing dependency on hostperl-runtime-native
      openssl_1.0: drop unnecessary dependency on makedepend-native
      openssl_1.0: drop unnecessary call to perlpath.pl from do_configure()

Andrej Valek (3):
      openssl-1.1: fix c_rehash perl errors
      openssl: update 1.0.2o -> 1.0.2p
      openssl: update 1.1.0h -> 1.1.0i

Anuj Mittal (1):
      wic/qemux86: don't pass ip parameter to kernel in wks

Changqing Li (1):
      unzip: fix CVE-2018-1000035

Hongxu Jia (2):
      nasm: fix CVE-2018-8883 & CVE-2018-8882 & CVE-2018-10316
      patch: fix CVE-2018-6952

Jagadeesh Krishnanjanappa (19):
      libvorbis: CVE-2017-14160 CVE-2018-10393
      libvorbis: CVE-2018-10392
      flac: CVE-2017-6888
      libarchive: CVE-2017-14503
      libsndfile1: CVE-2017-14245 CVE-2017-14246
      libsndfile1: CVE-2017-14634
      coreutils: CVE-2017-18018
      libgcrypt: CVE-2018-0495
      git: CVE-2018-11235
      gnupg: CVE-2018-12020
      shadow: CVE-2018-7169
      procps: CVE-2018-1124
      python: CVE-2018-1000030
      qemu: CVE-2018-7550
      qemu: CVE-2018-12617
      perl: CVE-2018-6798
      perl: CVE-2018-6797
      perl: CVE-2018-6913
      perl: CVE-2018-12015

Joshua Watt (2):
      alsa-lib: Cleanup packaging
      swig: Remove superfluous python dependency

Ovidiu Panait (1):
      openssl-nativesdk: Fix "can't open config file" warning

Ross Burton (6):
      bzip2: use Yocto Project mirror for SRC_URI
      classes: sanity-check LIC_FILES_CHKSUM
      openssl: disable ccache usage
      unzip: fix symlink problem
      bitbake: utils/md5_file: don't iterate line-by-line
      bitbake: checksum: sanity check path when recursively checksumming

Change-Id: I262a451f483cb276343ae6f02c272af053d33d7a
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/poky/bitbake/lib/bb/checksum.py b/poky/bitbake/lib/bb/checksum.py
index 8428920..4e1598f 100644
--- a/poky/bitbake/lib/bb/checksum.py
+++ b/poky/bitbake/lib/bb/checksum.py
@@ -97,6 +97,8 @@
 
         def checksum_dir(pth):
             # Handle directories recursively
+            if pth == "/":
+                bb.fatal("Refusing to checksum /")
             dirchecksums = []
             for root, dirs, files in os.walk(pth):
                 for name in files:
diff --git a/poky/bitbake/lib/bb/utils.py b/poky/bitbake/lib/bb/utils.py
index 378e699..2ff7e82 100644
--- a/poky/bitbake/lib/bb/utils.py
+++ b/poky/bitbake/lib/bb/utils.py
@@ -524,12 +524,17 @@
     """
     Return the hex string representation of the MD5 checksum of filename.
     """
-    import hashlib
-    m = hashlib.md5()
+    import hashlib, mmap
 
     with open(filename, "rb") as f:
-        for line in f:
-            m.update(line)
+        m = hashlib.md5()
+        try:
+            with mmap.mmap(f.fileno(), 0, access=mmap.ACCESS_READ) as mm:
+                for chunk in iter(lambda: mm.read(8192), b''):
+                    m.update(chunk)
+        except ValueError:
+            # You can't mmap() an empty file so silence this exception
+            pass
     return m.hexdigest()
 
 def sha256_file(filename):
diff --git a/poky/meta/classes/base.bbclass b/poky/meta/classes/base.bbclass
index bb1f4b7..abb4ead 100644
--- a/poky/meta/classes/base.bbclass
+++ b/poky/meta/classes/base.bbclass
@@ -100,8 +100,8 @@
         # We only care about items that are absolute paths since
         # any others should be covered by SRC_URI.
         try:
-            path = bb.fetch.decodeurl(url)[2]
-            if not path:
+            (method, host, path, user, pswd, parm) = bb.fetch.decodeurl(url)
+            if method != "file" or not path:
                 raise bb.fetch.MalformedUrl(url)
 
             if path[0] == '/':
diff --git a/poky/meta/classes/license.bbclass b/poky/meta/classes/license.bbclass
index 06dd4a8..5103ed8 100644
--- a/poky/meta/classes/license.bbclass
+++ b/poky/meta/classes/license.bbclass
@@ -480,7 +480,9 @@
 
     for url in lic_files.split():
         try:
-            (type, host, path, user, pswd, parm) = bb.fetch.decodeurl(url)
+            (method, host, path, user, pswd, parm) = bb.fetch.decodeurl(url)
+            if method != "file" or not path:
+                raise bb.fetch.MalformedUrl()
         except bb.fetch.MalformedUrl:
             bb.fatal("%s: LIC_FILES_CHKSUM contains an invalid URL:  %s" % (d.getVar('PF'), url))
         # We want the license filename and path
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/ca.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/ca.patch
deleted file mode 100644
index fb745e4..0000000
--- a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/ca.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-Upstream-Status: Backport [debian]
-
-Index: openssl-0.9.8m/apps/CA.pl.in
-===================================================================
---- openssl-0.9.8m.orig/apps/CA.pl.in	2006-04-28 00:28:51.000000000 +0000
-+++ openssl-0.9.8m/apps/CA.pl.in	2010-02-27 00:36:51.000000000 +0000
-@@ -65,6 +65,7 @@
- foreach (@ARGV) {
- 	if ( /^(-\?|-h|-help)$/ ) {
- 	    print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n";
-+	    print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n";
- 	    exit 0;
- 	} elsif (/^-newcert$/) {
- 	    # create a certificate
-@@ -165,6 +166,7 @@
- 	} else {
- 	    print STDERR "Unknown arg $_\n";
- 	    print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
-+	    print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n";
- 	    exit 1;
- 	}
- }
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/find.pl b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/find.pl
deleted file mode 100644
index 8e1b42c..0000000
--- a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/find.pl
+++ /dev/null
@@ -1,54 +0,0 @@
-warn "Legacy library @{[(caller(0))[6]]} will be removed from the Perl core distribution in the next major release. Please install it from the CPAN distribution Perl4::CoreLibs. It is being used at @{[(caller)[1]]}, line @{[(caller)[2]]}.\n";
-
-# This library is deprecated and unmaintained. It is included for
-# compatibility with Perl 4 scripts which may use it, but it will be
-# removed in a future version of Perl. Please use the File::Find module
-# instead.
-
-# Usage:
-#	require "find.pl";
-#
-#	&find('/foo','/bar');
-#
-#	sub wanted { ... }
-#		where wanted does whatever you want.  $dir contains the
-#		current directory name, and $_ the current filename within
-#		that directory.  $name contains "$dir/$_".  You are cd'ed
-#		to $dir when the function is called.  The function may
-#		set $prune to prune the tree.
-#
-# For example,
-#
-#   find / -name .nfs\* -mtime +7 -exec rm -f {} \; -o -fstype nfs -prune
-#
-# corresponds to this
-#
-#	sub wanted {
-#	    /^\.nfs.*$/ &&
-#	    (($dev,$ino,$mode,$nlink,$uid,$gid) = lstat($_)) &&
-#	    int(-M _) > 7 &&
-#	    unlink($_)
-#	    ||
-#	    ($nlink || (($dev,$ino,$mode,$nlink,$uid,$gid) = lstat($_))) &&
-#	    $dev < 0 &&
-#	    ($prune = 1);
-#	}
-#
-# Set the variable $dont_use_nlink if you're using AFS, since AFS cheats.
-
-use File::Find ();
-
-*name		= *File::Find::name;
-*prune		= *File::Find::prune;
-*dir		= *File::Find::dir;
-*topdir		= *File::Find::topdir;
-*topdev		= *File::Find::topdev;
-*topino		= *File::Find::topino;
-*topmode	= *File::Find::topmode;
-*topnlink	= *File::Find::topnlink;
-
-sub find {
-    &File::Find::find(\&wanted, @_);
-}
-
-1;
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl-util-perlpath.pl-cwd.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl-util-perlpath.pl-cwd.patch
deleted file mode 100644
index 065b9b1..0000000
--- a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl-util-perlpath.pl-cwd.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From e427748f3bb5d37e78dc8d70a558c373aa8ababb Mon Sep 17 00:00:00 2001
-From: Robert Yang <liezhi.yang@windriver.com>
-Date: Mon, 19 Sep 2016 22:06:28 -0700
-Subject: [PATCH] util/perlpath.pl: make it work when cwd is not in @INC
-
-Fixed when building on Debian-testing:
-| Can't locate find.pl in @INC (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.22.2 /usr/local/share/perl/5.22.2 /usr/lib/x86_64-linux-gnu/perl5/5.22 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.22 /usr/share/perl/5.22 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at perlpath.pl line 7.
-
-The find.pl is added by oe-core, so once openssl/find.pl is removed,
-then this patch can be dropped.
-
-Upstream-Status: Inappropriate [OE-Specific]
-
-Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
----
- util/perlpath.pl | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/util/perlpath.pl b/util/perlpath.pl
-index a1f236b..5599892 100755
---- a/util/perlpath.pl
-+++ b/util/perlpath.pl
-@@ -4,6 +4,8 @@
- # line in all scripts that rely on perl.
- #
- 
-+BEGIN { unshift @INC, "."; }
-+
- require "find.pl";
- 
- $#ARGV == 0 || print STDERR "usage: perlpath newpath  (eg /usr/bin)\n";
--- 
-2.9.0
-
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/0001-Fix-build-with-clang-using-external-assembler.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/0001-Fix-build-with-clang-using-external-assembler.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/0001-Fix-build-with-clang-using-external-assembler.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/0001-Fix-build-with-clang-using-external-assembler.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/0001-allow-manpages-to-be-disabled.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/0001-allow-manpages-to-be-disabled.patch
new file mode 100644
index 0000000..3f7d649
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/0001-allow-manpages-to-be-disabled.patch
@@ -0,0 +1,31 @@
+From e1c39b80b01d4d18feeadfdc6e45a3e1dd110634 Mon Sep 17 00:00:00 2001
+From: Andre McCurdy <armccurdy@gmail.com>
+Date: Fri, 27 Jul 2018 21:41:06 +0000
+Subject: [PATCH] allow manpages to be disabled
+
+Define OE_DISABLE_MANPAGES (via environment or the make command line)
+to skip creation and installation of manpages.
+
+Upstream-Status: Inappropriate [configuration]
+
+Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
+---
+ Makefile.org | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile.org b/Makefile.org
+index ed98d2a..747d8cb 100644
+--- a/Makefile.org
++++ b/Makefile.org
+@@ -549,7 +549,7 @@ dist:
+ 	@$(MAKE) SDIRS='$(SDIRS)' clean
+ 	@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
+ 
+-install: all install_docs install_sw
++install: all $(if $(OE_DISABLE_MANPAGES),,install_docs) install_sw
+ 
+ install_sw:
+ 	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
+-- 
+1.9.1
+
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/0001-openssl-force-soft-link-to-avoid-rare-race.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/0001-openssl-force-soft-link-to-avoid-rare-race.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/0001-openssl-force-soft-link-to-avoid-rare-race.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/0001-openssl-force-soft-link-to-avoid-rare-race.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/Makefiles-ptest.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/Makefiles-ptest.patch
similarity index 87%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/Makefiles-ptest.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/Makefiles-ptest.patch
index 2122fa1..1b8402a 100644
--- a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/Makefiles-ptest.patch
+++ b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/Makefiles-ptest.patch
@@ -11,18 +11,15 @@
 Upstream-Status: Pending
 
 ---
- Makefile.org       |  10 +-
- Makefile.org.orig  |   7 +-
- test/Makefile      |  13 +-
- test/Makefile.orig | 987 +++++++++++++++++++++++++++++++++++++++++++++++++++++
- 4 files changed, 1009 insertions(+), 8 deletions(-)
- create mode 100644 test/Makefile.orig
-
+ Makefile.org  | 10 +++++++++-
+ test/Makefile | 13 +++++++++----
+ 2 files changed, 18 insertions(+), 5 deletions(-)
+ 
 diff --git a/Makefile.org b/Makefile.org
 index 111fbba..8e7936c 100644
 --- a/Makefile.org
 +++ b/Makefile.org
-@@ -468,8 +468,16 @@ rehash.time: certs apps
+@@ -467,8 +467,16 @@ rehash.time: certs apps
  test:   tests
  
  tests: rehash
@@ -41,7 +38,7 @@
  
  report:
 diff --git a/test/Makefile b/test/Makefile
-index a1f7eeb..b2984c4 100644
+index 55a6b50..d46b4d1 100644
 --- a/test/Makefile
 +++ b/test/Makefile
 @@ -150,7 +150,7 @@ tests:	exe apps $(TESTS)
@@ -55,7 +52,7 @@
  	test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_aes \
 @@ -162,6 +162,11 @@ alltests: \
  	test_constant_time test_verify_extra test_clienthello test_sslv2conftest \
- 	test_dtls test_bad_dtls test_fatalerr
+ 	test_dtls test_bad_dtls test_fatalerr test_x509_time
  
 +alltests:
 +	@(for i in $(all-tests); do \
@@ -90,4 +87,3 @@
  
 -- 
 2.15.1
-
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/Use-SHA256-not-MD5-as-default-digest.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/Use-SHA256-not-MD5-as-default-digest.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/Use-SHA256-not-MD5-as-default-digest.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/Use-SHA256-not-MD5-as-default-digest.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/configure-musl-target.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/configure-musl-target.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/configure-musl-target.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/configure-musl-target.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/configure-targets.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/configure-targets.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/configure-targets.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/configure-targets.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/c_rehash-compat.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/c_rehash-compat.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/c_rehash-compat.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/c_rehash-compat.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/debian-targets.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/debian-targets.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/debian-targets.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/debian-targets.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/man-dir.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/man-dir.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/man-dir.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/man-dir.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/man-section.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/man-section.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/man-section.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/man-section.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/no-rpath.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/no-rpath.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/no-rpath.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/no-rpath.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/no-symbolic.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/no-symbolic.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/no-symbolic.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/no-symbolic.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/pic.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/pic.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/pic.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/pic.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/block_digicert_malaysia.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian1.0.2/block_digicert_malaysia.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/block_digicert_malaysia.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian1.0.2/block_digicert_malaysia.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/block_diginotar.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian1.0.2/block_diginotar.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/block_diginotar.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian1.0.2/block_diginotar.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/soname.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian1.0.2/soname.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/soname.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian1.0.2/soname.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/version-script.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian1.0.2/version-script.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/version-script.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian1.0.2/version-script.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/engines-install-in-libdir-ssl.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/engines-install-in-libdir-ssl.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/engines-install-in-libdir-ssl.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/engines-install-in-libdir-ssl.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/oe-ldflags.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/oe-ldflags.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/oe-ldflags.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/oe-ldflags.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl-c_rehash.sh b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/openssl-c_rehash.sh
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl-c_rehash.sh
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/openssl-c_rehash.sh
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl-fix-des.pod-error.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/openssl-fix-des.pod-error.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl-fix-des.pod-error.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/openssl-fix-des.pod-error.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl_fix_for_x32.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/openssl_fix_for_x32.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl_fix_for_x32.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/openssl_fix_for_x32.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/parallel.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/parallel.patch
similarity index 92%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/parallel.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/parallel.patch
index e5413bf..41abf3d 100644
--- a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/parallel.patch
+++ b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/parallel.patch
@@ -13,24 +13,18 @@
 Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
 
 ---
- Makefile.org          |  14 +-
- Makefile.org.orig     |  10 +-
- Makefile.shared       |   2 +
- Makefile.shared.orig  | 655 ++++++++++++++++++++++++++++++++++++++++++++++++++
- crypto/Makefile       |  10 +-
- engines/Makefile      |   6 +-
- engines/Makefile.orig | 338 ++++++++++++++++++++++++++
- test/Makefile         |  92 +++----
- test/Makefile.orig    |  88 ++++---
- 9 files changed, 1108 insertions(+), 107 deletions(-)
- create mode 100644 Makefile.shared.orig
- create mode 100644 engines/Makefile.orig
+ Makefile.org                                   | 14 ++--
+ Makefile.shared                                |  2 +
+ crypto/Makefile                                | 10 +--
+ engines/Makefile                               |  6 +-
+ test/Makefile                                  | 94 +++++++++++-----------
+ 5 files changed, 64 insertions(+), 62 deletions(-)
 
 diff --git a/Makefile.org b/Makefile.org
-index 8e7936c..ed98d2a 100644
+index efcfafb..82eab91 100644
 --- a/Makefile.org
 +++ b/Makefile.org
-@@ -283,17 +283,17 @@ build_libcrypto: build_crypto build_engines libcrypto.pc
+@@ -282,17 +282,17 @@ build_libcrypto: build_crypto build_engines libcrypto.pc
  build_libssl: build_ssl libssl.pc
  
  build_crypto:
@@ -54,7 +48,7 @@
  
  all_testapps: build_libs build_testapps
  build_testapps:
-@@ -565,7 +565,7 @@ install_sw:
+@@ -564,7 +564,7 @@ install_sw:
  	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
  	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
  	done;
@@ -64,7 +58,7 @@
  	do \
  		if [ -f "$$i" ]; then \
 diff --git a/Makefile.shared b/Makefile.shared
-index f6f92e7..8164186 100644
+index bbefb2b..18013a9 100644
 --- a/Makefile.shared
 +++ b/Makefile.shared
 @@ -105,6 +105,7 @@ LINK_SO=	\
@@ -84,7 +78,7 @@
  			  ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
  		fi; \
 diff --git a/crypto/Makefile b/crypto/Makefile
-index 17a87f8..29c2dcf 100644
+index 875ea1a..c22b683 100644
 --- a/crypto/Makefile
 +++ b/crypto/Makefile
 @@ -85,11 +85,11 @@ testapps:
@@ -160,7 +154,7 @@
  tags:
  	ctags $(SRC)
 diff --git a/test/Makefile b/test/Makefile
-index 40abd60..78d3788 100644
+index 36506cf..c69af8b 100644
 --- a/test/Makefile
 +++ b/test/Makefile
 @@ -145,7 +145,7 @@ install:
@@ -172,7 +166,7 @@
  
  apps:
  	@(cd ..; $(MAKE) DIRS=apps all)
-@@ -444,139 +444,139 @@ BUILD_CMD_STATIC=shlib_target=; \
+@@ -448,142 +448,142 @@ BUILD_CMD_STATIC=shlib_target=; \
  		link_app.$${shlib_target}
  
  $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
@@ -345,7 +339,11 @@
  
  $(FATALERRTEST)$(EXE_EXT): $(FATALERRTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO)
  	@target=$(FATALERRTEST); exobj=ssltestlib.o; $(BUILD_CMD)
- 
+
+ $(X509TIMETEST)$(EXE_EXT): $(X509TIMETEST).o
+-	@target=$(X509TIMETEST) $(BUILD_CMD)
++	+@target=$(X509TIMETEST) $(BUILD_CMD)
+
  $(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o
 -	@target=$(SSLV2CONFTEST) $(BUILD_CMD)
 +	+@target=$(SSLV2CONFTEST) $(BUILD_CMD)
@@ -356,7 +354,7 @@
  
  #$(AESTEST).o: $(AESTEST).c
  #	$(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
-@@ -589,7 +589,7 @@ $(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO)
+@@ -596,7 +596,7 @@ $(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO)
  #	fi
  
  dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/ptest-deps.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/ptest-deps.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/ptest-deps.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/ptest-deps.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/ptest_makefile_deps.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/ptest_makefile_deps.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/ptest_makefile_deps.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/ptest_makefile_deps.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/reproducible-cflags.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/reproducible-cflags.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/reproducible-cflags.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/reproducible-cflags.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/reproducible-mkbuildinf.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/reproducible-mkbuildinf.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/reproducible-mkbuildinf.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/reproducible-mkbuildinf.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/run-ptest b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/run-ptest
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/run-ptest
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/run-ptest
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/shared-libs.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/shared-libs.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/shared-libs.patch
rename to poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/shared-libs.patch
diff --git a/poky/meta/recipes-connectivity/openssl/openssl/environment.d-openssl.sh b/poky/meta/recipes-connectivity/openssl/openssl/environment.d-openssl.sh
new file mode 100644
index 0000000..b9cc24a
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl/environment.d-openssl.sh
@@ -0,0 +1 @@
+export OPENSSL_CONF="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/openssl.cnf"
diff --git a/poky/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb b/poky/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb
deleted file mode 100644
index 413ebf3..0000000
--- a/poky/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb
+++ /dev/null
@@ -1,64 +0,0 @@
-require openssl10.inc
-
-# For target side versions of openssl enable support for OCF Linux driver
-# if they are available.
-
-CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
-CFLAG_append_class-native = " -fPIC"
-
-LIC_FILES_CHKSUM = "file://LICENSE;md5=f475368924827d06d4b416111c8bdb77"
-
-export DIRS = "crypto ssl apps engines"
-export OE_LDFLAGS="${LDFLAGS}"
-
-SRC_URI += "file://find.pl;subdir=openssl-${PV}/util/ \
-           file://run-ptest \
-           file://openssl-c_rehash.sh \
-           file://configure-targets.patch \
-           file://shared-libs.patch \
-           file://oe-ldflags.patch \
-           file://engines-install-in-libdir-ssl.patch \
-           file://debian1.0.2/block_diginotar.patch \
-           file://debian1.0.2/block_digicert_malaysia.patch \
-           file://debian/ca.patch \
-           file://debian/c_rehash-compat.patch \
-           file://debian/debian-targets.patch \
-           file://debian/man-dir.patch \
-           file://debian/man-section.patch \
-           file://debian/no-rpath.patch \
-           file://debian/no-symbolic.patch \
-           file://debian/pic.patch \
-           file://debian1.0.2/version-script.patch \
-           file://debian1.0.2/soname.patch \
-           file://openssl_fix_for_x32.patch \
-           file://openssl-fix-des.pod-error.patch \
-           file://Makefiles-ptest.patch \
-           file://ptest-deps.patch \
-           file://ptest_makefile_deps.patch \
-           file://configure-musl-target.patch \
-           file://parallel.patch \
-           file://openssl-util-perlpath.pl-cwd.patch \
-           file://Use-SHA256-not-MD5-as-default-digest.patch \
-           file://0001-Fix-build-with-clang-using-external-assembler.patch \
-           file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \
-           "
-
-SRC_URI_append_class-target = "\
-           file://reproducible-cflags.patch \
-           file://reproducible-mkbuildinf.patch \
-           "
-SRC_URI[md5sum] = "44279b8557c3247cbe324e2322ecd114"
-SRC_URI[sha256sum] = "ec3f5c9714ba0fd45cb4e087301eb1336c317e0d20b575a125050470e8089e4d"
-
-PACKAGES =+ "${PN}-engines"
-FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
-
-# The crypto_use_bigint patch means that perl's bignum module needs to be
-# installed, but some distributions (for example Fedora 23) don't ship it by
-# default.  As the resulting error is very misleading check for bignum before
-# building.
-do_configure_prepend() {
-	if ! perl -Mbigint -e true; then
-		bbfatal "The perl module 'bignum' was not found but this is required to build openssl.  Please install this module (often packaged as perl-bignum) and re-run bitbake."
-	fi
-}
diff --git a/poky/meta/recipes-connectivity/openssl/openssl10.inc b/poky/meta/recipes-connectivity/openssl/openssl_1.0.2p.bb
similarity index 62%
rename from poky/meta/recipes-connectivity/openssl/openssl10.inc
rename to poky/meta/recipes-connectivity/openssl/openssl_1.0.2p.bb
index 645d64e..5d41977 100644
--- a/poky/meta/recipes-connectivity/openssl/openssl10.inc
+++ b/poky/meta/recipes-connectivity/openssl/openssl_1.0.2p.bb
@@ -6,62 +6,100 @@
 
 # "openssl | SSLeay" dual license
 LICENSE = "openssl"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=f475368924827d06d4b416111c8bdb77"
 
-DEPENDS = "makedepend-native hostperl-runtime-native"
+DEPENDS = "hostperl-runtime-native"
 DEPENDS_append_class-target = " openssl-native"
 
 PROVIDES += "openssl10"
 
 SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
-          "
-S = "${WORKDIR}/openssl-${PV}"
+           file://run-ptest \
+           file://openssl-c_rehash.sh \
+           file://configure-targets.patch \
+           file://shared-libs.patch \
+           file://oe-ldflags.patch \
+           file://engines-install-in-libdir-ssl.patch \
+           file://debian1.0.2/block_diginotar.patch \
+           file://debian1.0.2/block_digicert_malaysia.patch \
+           file://debian/c_rehash-compat.patch \
+           file://debian/debian-targets.patch \
+           file://debian/man-dir.patch \
+           file://debian/man-section.patch \
+           file://debian/no-rpath.patch \
+           file://debian/no-symbolic.patch \
+           file://debian/pic.patch \
+           file://debian1.0.2/version-script.patch \
+           file://debian1.0.2/soname.patch \
+           file://openssl_fix_for_x32.patch \
+           file://openssl-fix-des.pod-error.patch \
+           file://Makefiles-ptest.patch \
+           file://ptest-deps.patch \
+           file://ptest_makefile_deps.patch \
+           file://configure-musl-target.patch \
+           file://parallel.patch \
+           file://Use-SHA256-not-MD5-as-default-digest.patch \
+           file://0001-Fix-build-with-clang-using-external-assembler.patch \
+           file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \
+           file://0001-allow-manpages-to-be-disabled.patch \
+           "
+
+SRC_URI_append_class-target = " \
+           file://reproducible-cflags.patch \
+           file://reproducible-mkbuildinf.patch \
+           "
+
+SRC_URI_append_class-nativesdk = " \
+           file://environment.d-openssl.sh \
+           "
+
+SRC_URI[md5sum] = "ac5eb30bf5798aa14b1ae6d0e7da58df"
+SRC_URI[sha256sum] = "50a98e07b1a89eb8f6a99477f262df71c6fa7bef77df4dc83025a2845c827d00"
+
+UPSTREAM_CHECK_REGEX = "openssl-(?P<pver>1\.0.+)\.tar"
+
+inherit pkgconfig siteinfo multilib_header ptest relative_symlinks manpages
 
 PACKAGECONFIG ?= "cryptodev-linux"
-PACKAGECONFIG[perl] = ",,,"
+PACKAGECONFIG_class-native = ""
+PACKAGECONFIG_class-nativesdk = ""
+
 PACKAGECONFIG[cryptodev-linux] = "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS,,cryptodev-linux"
-
-TERMIO_libc-musl = "-DTERMIOS"
-TERMIO ?= "-DTERMIO"
-# Avoid binaries being marked as requiring an executable stack since it 
-# doesn't(which causes and this causes issues with SELinux
-CFLAG = "${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \
-	 ${TERMIO} ${CFLAGS} -Wall -Wa,--noexecstack"
-
-export DIRS = "crypto ssl apps"
-export EX_LIBS = "-lgcc -ldl"
-export AS = "${CC} -c"
-
-inherit pkgconfig siteinfo multilib_header ptest relative_symlinks
-
-PACKAGES =+ "libcrypto libssl ${PN}-misc openssl-conf"
-FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
-FILES_libssl = "${libdir}/libssl${SOLIBS}"
-FILES_${PN} =+ " ${libdir}/ssl/*"
-FILES_${PN}-misc = "${libdir}/ssl/misc"
-RDEPENDS_${PN}-misc = "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}"
-
-# Add the openssl.cnf file to the openssl-conf package.  Make the libcrypto
-# package RRECOMMENDS on this package.  This will enable the configuration
-# file to be installed for both the base openssl package and the libcrypto
-# package since the base openssl package depends on the libcrypto package.
-FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
-CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
-RRECOMMENDS_libcrypto += "openssl-conf"
-RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"
+PACKAGECONFIG[manpages] = ",,,"
+PACKAGECONFIG[perl] = ",,,"
 
 # Remove this to enable SSLv3. SSLv3 is defaulted to disabled due to the POODLE
 # vulnerability
-EXTRA_OECONF = " -no-ssl3"
+EXTRA_OECONF = "no-ssl3"
 
-do_configure_prepend_darwin () {
-	sed -i -e '/version-script=openssl\.ld/d' Configure
-}
+EXTRA_OEMAKE = "${@bb.utils.contains('PACKAGECONFIG', 'manpages', '', 'OE_DISABLE_MANPAGES=1', d)}"
+
+export OE_LDFLAGS = "${LDFLAGS}"
+
+# openssl fails with ccache: https://bugzilla.yoctoproject.org/show_bug.cgi?id=12810
+CCACHE = ""
+
+TERMIO ?= "-DTERMIO"
+TERMIO_libc-musl = "-DTERMIOS"
+
+CFLAG = "${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \
+         ${TERMIO} ${CFLAGS} -Wall"
+
+# Avoid binaries being marked as requiring an executable stack since they don't
+# (and it causes issues with SELinux)
+CFLAG += "-Wa,--noexecstack"
+
+CFLAG_append_class-native = " -fPIC"
 
 do_configure () {
-	cd util
-	perl perlpath.pl ${STAGING_BINDIR_NATIVE}
-	cd ..
+	# The crypto_use_bigint patch means that perl's bignum module needs to be
+	# installed, but some distributions (for example Fedora 23) don't ship it by
+	# default.  As the resulting error is very misleading check for bignum before
+	# building.
+	if ! perl -Mbigint -e true; then
+		bbfatal "The perl module 'bignum' was not found but this is required to build openssl.  Please install this module (often packaged as perl-bignum) and re-run bitbake."
+	fi
+
 	ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/
 
 	os=${HOST_OS}
@@ -73,7 +111,7 @@
 	linux-musl )
 		os=linux
 		;;
-		*)
+	*)
 		;;
 	esac
 	target="$os-${HOST_ARCH}"
@@ -135,37 +173,29 @@
 	linux-powerpc64)
 		target=linux-ppc64
 		;;
-	linux-riscv64)
-		target=linux-generic64
-		;;
 	linux-riscv32)
 		target=linux-generic32
 		;;
+	linux-riscv64)
+		target=linux-generic64
+		;;
 	linux-supersparc)
 		target=linux-sparcv8
 		;;
 	linux-sparc)
 		target=linux-sparcv8
 		;;
-	darwin-i386)
-		target=darwin-i386-cc
-		;;
 	esac
+
 	# inject machine-specific flags
 	sed -i -e "s|^\(\"$target\",\s*\"[^:]\+\):\([^:]\+\)|\1:${CFLAG}|g" Configure
-        useprefix=${prefix}
-        if [ "x$useprefix" = "x" ]; then
-                useprefix=/
-        fi        
-	libdirleaf="$(echo ${libdir} | sed s:$useprefix::)"
-	perl ./Configure ${EXTRA_OECONF} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=${libdirleaf} $target
-}
 
-do_compile_prepend_class-target () {
-    sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile
-    oe_runmake depend
-	cc_sanitized=`echo "${CC} ${CFLAG}" | sed -e 's,--sysroot=${STAGING_DIR_TARGET},,g' -e 's|${DEBUG_PREFIX_MAP}||g'`
-	oe_runmake CC_INFO="${cc_sanitized}"
+	useprefix=${prefix}
+	if [ "x$useprefix" = "x" ]; then
+		useprefix=/
+	fi
+	libdirleaf="$(echo ${libdir} | sed s:$useprefix::)"
+	perl ./Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=$libdirleaf $target
 }
 
 do_compile () {
@@ -173,10 +203,14 @@
 	oe_runmake
 }
 
-do_compile_ptest () {
-	# build dependencies for test directory too
-	export DIRS="$DIRS test"
+do_compile_class-target () {
+	sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile
 	oe_runmake depend
+	cc_sanitized=$(echo "${CC} ${CFLAG}" | sed -e 's,--sysroot=${STAGING_DIR_TARGET},,g' -e 's|${DEBUG_PREFIX_MAP}||g' -e 's/[ \t]\+/ /g')
+	oe_runmake CC_INFO="$cc_sanitized"
+}
+
+do_compile_ptest () {
 	oe_runmake buildtest
 }
 
@@ -228,8 +262,8 @@
 do_install_ptest () {
 	cp -r -L Makefile.org Makefile test ${D}${PTEST_PATH}
 
-        # Replace the path to native perl with the path to target perl
-        sed -i 's,^PERL=.*,PERL=${bindir}/perl,' ${D}${PTEST_PATH}/Makefile
+	# Replace the path to native perl with the path to target perl
+	sed -i 's,^PERL=.*,PERL=${bindir}/perl,' ${D}${PTEST_PATH}/Makefile
 
 	cp Configure config e_os.h ${D}${PTEST_PATH}
 	cp -r -L include ${D}${PTEST_PATH}
@@ -268,9 +302,9 @@
 
 	# Remove build host references
 	sed -i \
-       -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \
-       -e 's|${DEBUG_PREFIX_MAP}||g' \
-       ${D}${PTEST_PATH}/Makefile ${D}${PTEST_PATH}/Configure
+	-e 's,--sysroot=${STAGING_DIR_TARGET},,g' \
+	-e 's|${DEBUG_PREFIX_MAP}||g' \
+	${D}${PTEST_PATH}/Makefile ${D}${PTEST_PATH}/Configure
 }
 
 do_install_append_class-native() {
@@ -281,5 +315,30 @@
 	    OPENSSL_ENGINES=${libdir}/ssl/engines
 }
 
-BBCLASSEXTEND = "native nativesdk"
+do_install_append_class-nativesdk() {
+	mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
+	install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
+}
 
+# Add the openssl.cnf file to the openssl-conf package.  Make the libcrypto
+# package RRECOMMENDS on this package.  This will enable the configuration
+# file to be installed for both the base openssl package and the libcrypto
+# package since the base openssl package depends on the libcrypto package.
+
+PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc"
+
+FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
+FILES_libssl = "${libdir}/libssl${SOLIBS}"
+FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
+FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
+FILES_${PN}-misc = "${libdir}/ssl/misc"
+FILES_${PN} =+ "${libdir}/ssl/*"
+FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh"
+
+CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
+
+RRECOMMENDS_libcrypto += "openssl-conf"
+RDEPENDS_${PN}-misc = "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}"
+RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb b/poky/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
deleted file mode 100644
index 94b75eb..0000000
--- a/poky/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
+++ /dev/null
@@ -1,161 +0,0 @@
-SUMMARY = "Secure Socket Layer"
-DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
-HOMEPAGE = "http://www.openssl.org/"
-BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
-SECTION = "libs/network"
-
-# "openssl | SSLeay" dual license
-LICENSE = "openssl"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=d57d511030c9d66ef5f5966bee5a7eff"
-
-BBCLASSEXTEND = "native nativesdk"
-
-SRC_URI[md5sum] = "5271477e4d93f4ea032b665ef095ff24"
-SRC_URI[sha256sum] = "5835626cde9e99656585fc7aaa2302a73a7e1340bf8c14fd635a62c66802a517"
-
-SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
-           file://run-ptest \
-           file://openssl-c_rehash.sh \
-           file://0001-Take-linking-flags-from-LDFLAGS-env-var.patch \
-           "
-
-S = "${WORKDIR}/openssl-${PV}"
-
-inherit lib_package multilib_header ptest
-
-do_configure () {
-	os=${HOST_OS}
-	case $os in
-	linux-uclibc |\
-	linux-uclibceabi |\
-	linux-gnueabi |\
-	linux-uclibcspe |\
-	linux-gnuspe |\
-	linux-musl*)
-		os=linux
-		;;
-		*)
-		;;
-	esac
-	target="$os-${HOST_ARCH}"
-	case $target in
-	linux-arm)
-		target=linux-armv4
-		;;
-	linux-armeb)
-		target=linux-armv4
-		;;
-	linux-aarch64*)
-		target=linux-aarch64
-		;;
-	linux-sh3)
-		target=linux-generic32
-		;;
-	linux-sh4)
-		target=linux-generic32
-		;;
-	linux-i486)
-		target=linux-elf
-		;;
-	linux-i586 | linux-viac3)
-		target=linux-elf
-		;;
-	linux-i686)
-		target=linux-elf
-		;;
-	linux-gnux32-x86_64)
-		target=linux-x32
-		;;
-	linux-gnu64-x86_64)
-		target=linux-x86_64
-		;;
-	linux-mips)
-                # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags
-		target="linux-mips32 ${TARGET_CC_ARCH}"
-		;;
-	linux-mipsel)
-		target="linux-mips32 ${TARGET_CC_ARCH}"
-		;;
-        linux-gnun32-mips*)
-               target=linux-mips64
-                ;;
-        linux-*-mips64 | linux-mips64)
-               target=linux64-mips64
-                ;;
-        linux-*-mips64el | linux-mips64el)
-               target=linux64-mips64
-                ;;
-	linux-microblaze*|linux-nios2*)
-		target=linux-generic32
-		;;
-	linux-powerpc)
-		target=linux-ppc
-		;;
-	linux-powerpc64)
-		target=linux-ppc64
-		;;
-	linux-riscv64)
-		target=linux-generic64
-		;;
-	linux-riscv32)
-		target=linux-generic32
-		;;
-	linux-supersparc)
-		target=linux-sparcv9
-		;;
-	linux-sparc)
-		target=linux-sparcv9
-		;;
-	darwin-i386)
-		target=darwin-i386-cc
-		;;
-	esac
-        useprefix=${prefix}
-        if [ "x$useprefix" = "x" ]; then
-                useprefix=/
-        fi
-	libdirleaf="$(echo ${libdir} | sed s:$useprefix::)"
-	perl ./Configure ${EXTRA_OECONF} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdirleaf} $target
-}
-
-#| engines/afalg/e_afalg.c: In function 'eventfd':
-#| engines/afalg/e_afalg.c:110:20: error: '__NR_eventfd' undeclared (first use in this function)
-#|      return syscall(__NR_eventfd, n);
-#|                     ^~~~~~~~~~~~
-EXTRA_OECONF_aarch64 += "no-afalgeng"
-
-#| ./libcrypto.so: undefined reference to `getcontext'
-#| ./libcrypto.so: undefined reference to `setcontext'
-#| ./libcrypto.so: undefined reference to `makecontext'
-EXTRA_OECONF_libc-musl += "-DOPENSSL_NO_ASYNC"
-
-do_install () {
-        oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install
-        oe_multilib_header openssl/opensslconf.h
-}
-
-do_install_append_class-native () {
-        # Install a custom version of c_rehash that can handle sysroots properly.
-        # This version is used for example when installing ca-certificates during
-        # image creation.
-        install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
-        sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
-}
-
-do_install_ptest() {
-        cp -r * ${D}${PTEST_PATH}
-
-        # Putting .so files in ptest package will mess up the dependencies of the main openssl package
-        # so we rename them to .so.ptest and patch the test accordingly
-        mv ${D}${PTEST_PATH}/libcrypto.so ${D}${PTEST_PATH}/libcrypto.so.ptest
-        mv ${D}${PTEST_PATH}/libssl.so ${D}${PTEST_PATH}/libssl.so.ptest
-        sed -i 's/$target{shared_extension_simple}/".so.ptest"/' ${D}${PTEST_PATH}/test/recipes/90-test_shlibload.t
-}
-
-RDEPENDS_${PN}-ptest += "perl-module-file-spec-functions bash python"
-
-FILES_${PN} =+ " ${libdir}/ssl-1.1/*"
-
-PACKAGES =+ "${PN}-engines"
-FILES_${PN}-engines = "${libdir}/engines-1.1"
-
diff --git a/poky/meta/recipes-connectivity/openssl/openssl_1.1.0i.bb b/poky/meta/recipes-connectivity/openssl/openssl_1.1.0i.bb
new file mode 100644
index 0000000..e700626
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl_1.1.0i.bb
@@ -0,0 +1,170 @@
+SUMMARY = "Secure Socket Layer"
+DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
+HOMEPAGE = "http://www.openssl.org/"
+BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
+SECTION = "libs/network"
+
+# "openssl | SSLeay" dual license
+LICENSE = "openssl"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=d57d511030c9d66ef5f5966bee5a7eff"
+
+DEPENDS = "hostperl-runtime-native"
+
+SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
+           file://run-ptest \
+           file://openssl-c_rehash.sh \
+           file://0001-Take-linking-flags-from-LDFLAGS-env-var.patch \
+           "
+
+SRC_URI_append_class-nativesdk = " \
+           file://environment.d-openssl.sh \
+           "
+
+SRC_URI[md5sum] = "9495126aafd2659d357ea66a969c3fe1"
+SRC_URI[sha256sum] = "ebbfc844a8c8cc0ea5dc10b86c9ce97f401837f3fa08c17b2cdadc118253cf99"
+
+inherit lib_package multilib_header ptest
+
+#| engines/afalg/e_afalg.c: In function 'eventfd':
+#| engines/afalg/e_afalg.c:110:20: error: '__NR_eventfd' undeclared (first use in this function)
+#|      return syscall(__NR_eventfd, n);
+#|                     ^~~~~~~~~~~~
+EXTRA_OECONF_append_aarch64 = " no-afalgeng"
+
+#| ./libcrypto.so: undefined reference to `getcontext'
+#| ./libcrypto.so: undefined reference to `setcontext'
+#| ./libcrypto.so: undefined reference to `makecontext'
+EXTRA_OECONF_append_libc-musl = " -DOPENSSL_NO_ASYNC"
+
+do_configure () {
+	os=${HOST_OS}
+	case $os in
+	linux-gnueabi |\
+	linux-gnuspe |\
+	linux-musleabi |\
+	linux-muslspe |\
+	linux-musl )
+		os=linux
+		;;
+	*)
+		;;
+	esac
+	target="$os-${HOST_ARCH}"
+	case $target in
+	linux-arm)
+		target=linux-armv4
+		;;
+	linux-armeb)
+		target=linux-armv4
+		;;
+	linux-aarch64*)
+		target=linux-aarch64
+		;;
+	linux-sh3)
+		target=linux-generic32
+		;;
+	linux-sh4)
+		target=linux-generic32
+		;;
+	linux-i486)
+		target=linux-elf
+		;;
+	linux-i586 | linux-viac3)
+		target=linux-elf
+		;;
+	linux-i686)
+		target=linux-elf
+		;;
+	linux-gnux32-x86_64 | linux-muslx32-x86_64 )
+		target=linux-x32
+		;;
+	linux-gnu64-x86_64)
+		target=linux-x86_64
+		;;
+	linux-mips)
+		# specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags
+		target="linux-mips32 ${TARGET_CC_ARCH}"
+		;;
+	linux-mipsel)
+		target="linux-mips32 ${TARGET_CC_ARCH}"
+		;;
+	linux-gnun32-mips*)
+		target=linux-mips64
+		;;
+	linux-*-mips64 | linux-mips64)
+		target=linux64-mips64
+		;;
+	linux-*-mips64el | linux-mips64el)
+		target=linux64-mips64
+		;;
+	linux-microblaze*|linux-nios2*)
+		target=linux-generic32
+		;;
+	linux-powerpc)
+		target=linux-ppc
+		;;
+	linux-powerpc64)
+		target=linux-ppc64
+		;;
+	linux-riscv32)
+		target=linux-generic32
+		;;
+	linux-riscv64)
+		target=linux-generic64
+		;;
+	linux-supersparc)
+		target=linux-sparcv9
+		;;
+	linux-sparc)
+		target=linux-sparcv9
+		;;
+	darwin-i386)
+		target=darwin-i386-cc
+		;;
+	esac
+
+	useprefix=${prefix}
+	if [ "x$useprefix" = "x" ]; then
+		useprefix=/
+	fi
+	libdirleaf="$(echo ${libdir} | sed s:$useprefix::)"
+	perl ./Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=$libdirleaf $target
+}
+
+do_install () {
+	oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install
+	oe_multilib_header openssl/opensslconf.h
+}
+
+do_install_append_class-native () {
+	# Install a custom version of c_rehash that can handle sysroots properly.
+	# This version is used for example when installing ca-certificates during
+	# image creation.
+	install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
+	sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
+}
+
+do_install_append_class-nativesdk () {
+	mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
+	install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
+}
+
+do_install_ptest() {
+	cp -r * ${D}${PTEST_PATH}
+
+	# Putting .so files in ptest package will mess up the dependencies of the main openssl package
+	# so we rename them to .so.ptest and patch the test accordingly
+	mv ${D}${PTEST_PATH}/libcrypto.so ${D}${PTEST_PATH}/libcrypto.so.ptest
+	mv ${D}${PTEST_PATH}/libssl.so ${D}${PTEST_PATH}/libssl.so.ptest
+	sed -i 's/$target{shared_extension_simple}/".so.ptest"/' ${D}${PTEST_PATH}/test/recipes/90-test_shlibload.t
+}
+
+PACKAGES =+ "${PN}-engines"
+
+FILES_${PN} =+ "${libdir}/ssl-1.1/*"
+FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh"
+FILES_${PN}-engines = "${libdir}/engines-1.1"
+
+RDEPENDS_${PN}-ptest += "perl-module-file-spec-functions bash python"
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-core/coreutils/coreutils/CVE-2017-18018-1.patch b/poky/meta/recipes-core/coreutils/coreutils/CVE-2017-18018-1.patch
new file mode 100644
index 0000000..6f31eba
--- /dev/null
+++ b/poky/meta/recipes-core/coreutils/coreutils/CVE-2017-18018-1.patch
@@ -0,0 +1,40 @@
+From 7597cfa482e42a00a69fb9577ee523762980a9a2 Mon Sep 17 00:00:00 2001
+From: Michael Orlitzky <michael@orlitzky.com>
+Date: Thu, 28 Dec 2017 15:52:42 -0500
+Subject: doc: clarify chown/chgrp --dereference defaults
+
+* doc/coreutils.texi: the documentation for the --dereference
+  flag of chown/chgrp states that it is the default mode of
+  operation. Document that this is only the case when operating
+  non-recursively.
+
+CVE: CVE-2017-18018
+Upstream-Status: Backport from v8.30
+
+Signed-off-by: Michael Orlitzky <michael@orlitzky.com>
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ doc/coreutils.texi | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff -Naurp coreutils-8.27_org/doc/coreutils.texi coreutils-8.27/doc/coreutils.texi
+--- coreutils-8.27_org/doc/coreutils.texi	2018-07-22 21:09:50.128736692 -0700
++++ coreutils-8.27/doc/coreutils.texi	2018-07-22 21:12:59.972219770 -0700
+@@ -10952,7 +10952,7 @@ chown -h -R --from=OLDUSER NEWUSER /
+ @cindex symbolic links, changing owner
+ @findex lchown
+ Do not act on symbolic links themselves but rather on what they point to.
+-This is the default.
++This is the default when not operating recursively.
+ 
+ @item -h
+ @itemx --no-dereference
+@@ -11082,7 +11082,7 @@ changed.
+ @cindex symbolic links, changing owner
+ @findex lchown
+ Do not act on symbolic links themselves but rather on what they point to.
+-This is the default.
++This is the default when not operating recursively.
+ 
+ @item -h
+ @itemx --no-dereference
diff --git a/poky/meta/recipes-core/coreutils/coreutils/CVE-2017-18018-2.patch b/poky/meta/recipes-core/coreutils/coreutils/CVE-2017-18018-2.patch
new file mode 100644
index 0000000..c8f5f54
--- /dev/null
+++ b/poky/meta/recipes-core/coreutils/coreutils/CVE-2017-18018-2.patch
@@ -0,0 +1,83 @@
+From bc2fd9796403e03bb757b064d44c22fab92e6842 Mon Sep 17 00:00:00 2001
+From: Michael Orlitzky <michael@orlitzky.com>
+Date: Thu, 4 Jan 2018 11:38:21 -0500
+Subject: doc: warn about following symlinks recursively in chown/chgrp
+
+In both chown and chgrp (which shares its code with chown), operating
+on symlinks recursively has a window of vulnerability where the
+destination user or group can change the target of the operation.
+Warn about combining the --dereference, --recursive, and -L flags.
+
+* doc/coreutils.texi (warnOptDerefWithRec): Add macro.
+(node chown invocation): Add it to --dereference and -L.
+(node chgrp invocation): Likewise.
+
+See also: CVE-2017-18018
+CVE: CVE-2017-18018
+Upstream-Status: Backport from v8.30
+
+Signed-off-by: Michael Orlitzky <michael@orlitzky.com>
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ doc/coreutils.texi | 17 +++++++++++++++++
+ 1 file changed, 17 insertions(+)
+
+diff --git a/doc/coreutils.texi b/doc/coreutils.texi
+index 6bb9f09..9f5f95b 100644
+--- a/doc/coreutils.texi
++++ b/doc/coreutils.texi
+@@ -1428,6 +1428,19 @@ a command line argument is a symbolic link to a directory, traverse it.
+ In a recursive traversal, traverse every symbolic link to a directory
+ that is encountered.
+ @end macro
++
++@c Append the following warning to -L where appropriate (e.g. chown).
++@macro warnOptDerefWithRec
++
++Combining this dereferencing option with the @option{--recursive} option
++may create a security risk:
++During the traversal of the directory tree, an attacker may be able to
++introduce a symlink to an arbitrary target; when the tool reaches that,
++the operation will be performed on the target of that symlink,
++possibly allowing the attacker to escalate privileges.
++
++@end macro
++
+ @choptL
+ 
+ @macro choptP
+@@ -10995,6 +11008,7 @@ chown -h -R --from=OLDUSER NEWUSER /
+ @findex lchown
+ Do not act on symbolic links themselves but rather on what they point to.
+ This is the default when not operating recursively.
++@warnOptDerefWithRec
+ 
+ @item -h
+ @itemx --no-dereference
+@@ -11051,6 +11065,7 @@ Recursively change ownership of directories and their contents.
+ @xref{Traversing symlinks}.
+ 
+ @choptL
++@warnOptDerefWithRec
+ @xref{Traversing symlinks}.
+ 
+ @choptP
+@@ -11125,6 +11140,7 @@ changed.
+ @findex lchown
+ Do not act on symbolic links themselves but rather on what they point to.
+ This is the default when not operating recursively.
++@warnOptDerefWithRec
+ 
+ @item -h
+ @itemx --no-dereference
+@@ -11180,6 +11196,7 @@ Recursively change the group ownership of directories and their contents.
+ @xref{Traversing symlinks}.
+ 
+ @choptL
++@warnOptDerefWithRec
+ @xref{Traversing symlinks}.
+ 
+ @choptP
+-- 
+cgit v1.0-41-gc330
+
diff --git a/poky/meta/recipes-core/coreutils/coreutils_8.29.bb b/poky/meta/recipes-core/coreutils/coreutils_8.29.bb
index 4704f32..b0572af 100644
--- a/poky/meta/recipes-core/coreutils/coreutils_8.29.bb
+++ b/poky/meta/recipes-core/coreutils/coreutils_8.29.bb
@@ -19,6 +19,8 @@
            file://0001-uname-report-processor-and-hardware-correctly.patch \
            file://disable-ls-output-quoting.patch \
            file://0001-local.mk-fix-cross-compiling-problem.patch \
+           file://CVE-2017-18018-1.patch \
+           file://CVE-2017-18018-2.patch \
           "
 
 SRC_URI[md5sum] = "960cfe75a42c9907c71439f8eb436303"
diff --git a/poky/meta/recipes-devtools/git/files/CVE-2018-11235.patch b/poky/meta/recipes-devtools/git/files/CVE-2018-11235.patch
new file mode 100644
index 0000000..c272eac
--- /dev/null
+++ b/poky/meta/recipes-devtools/git/files/CVE-2018-11235.patch
@@ -0,0 +1,288 @@
+From 0383bbb9015898cbc79abd7b64316484d7713b44 Mon Sep 17 00:00:00 2001
+From: Jeff King <peff@peff.net>
+Date: Mon, 30 Apr 2018 03:25:25 -0400
+Subject: [PATCH] submodule-config: verify submodule names as paths
+
+Submodule "names" come from the untrusted .gitmodules file,
+but we blindly append them to $GIT_DIR/modules to create our
+on-disk repo paths. This means you can do bad things by
+putting "../" into the name (among other things).
+
+Let's sanity-check these names to avoid building a path that
+can be exploited. There are two main decisions:
+
+  1. What should the allowed syntax be?
+
+     It's tempting to reuse verify_path(), since submodule
+     names typically come from in-repo paths. But there are
+     two reasons not to:
+
+       a. It's technically more strict than what we need, as
+          we really care only about breaking out of the
+          $GIT_DIR/modules/ hierarchy.  E.g., having a
+          submodule named "foo/.git" isn't actually
+          dangerous, and it's possible that somebody has
+          manually given such a funny name.
+
+       b. Since we'll eventually use this checking logic in
+          fsck to prevent downstream repositories, it should
+          be consistent across platforms. Because
+          verify_path() relies on is_dir_sep(), it wouldn't
+          block "foo\..\bar" on a non-Windows machine.
+
+  2. Where should we enforce it? These days most of the
+     .gitmodules reads go through submodule-config.c, so
+     I've put it there in the reading step. That should
+     cover all of the C code.
+
+     We also construct the name for "git submodule add"
+     inside the git-submodule.sh script. This is probably
+     not a big deal for security since the name is coming
+     from the user anyway, but it would be polite to remind
+     them if the name they pick is invalid (and we need to
+     expose the name-checker to the shell anyway for our
+     test scripts).
+
+     This patch issues a warning when reading .gitmodules
+     and just ignores the related config entry completely.
+     This will generally end up producing a sensible error,
+     as it works the same as a .gitmodules file which is
+     missing a submodule entry (so "submodule update" will
+     barf, but "git clone --recurse-submodules" will print
+     an error but not abort the clone.
+
+     There is one minor oddity, which is that we print the
+     warning once per malformed config key (since that's how
+     the config subsystem gives us the entries). So in the
+     new test, for example, the user would see three
+     warnings. That's OK, since the intent is that this case
+     should never come up outside of malicious repositories
+     (and then it might even benefit the user to see the
+     message multiple times).
+
+Credit for finding this vulnerability and the proof of
+concept from which the test script was adapted goes to
+Etienne Stalmans.
+
+CVE: CVE-2018-11235
+Upstream-Status: Backport [https://github.com/gitster/git/commit/0383bbb9015898cbc79abd7b64316484d7713b44#diff-1772b951776d1647ca31a2256f7fe88f]
+
+Signed-off-by: Jeff King <peff@peff.net>
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ builtin/submodule--helper.c | 24 ++++++++++++++
+ git-submodule.sh            |  5 +++
+ submodule-config.c          | 31 ++++++++++++++++++
+ submodule-config.h          |  7 +++++
+ t/t7415-submodule-names.sh  | 76 +++++++++++++++++++++++++++++++++++++++++++++
+ 5 files changed, 143 insertions(+)
+ create mode 100755 t/t7415-submodule-names.sh
+
+diff --git a/builtin/submodule--helper.c b/builtin/submodule--helper.c
+index cbb17a902..b4b4d29d8 100644
+--- a/builtin/submodule--helper.c
++++ b/builtin/submodule--helper.c
+@@ -1480,6 +1480,29 @@ static int is_active(int argc, const cha
+ 	return !is_submodule_active(the_repository, argv[1]);
+ }
+ 
++/*
++ * Exit non-zero if any of the submodule names given on the command line is
++ * invalid. If no names are given, filter stdin to print only valid names
++ * (which is primarily intended for testing).
++ */
++static int check_name(int argc, const char **argv, const char *prefix)
++{
++	if (argc > 1) {
++		while (*++argv) {
++			if (check_submodule_name(*argv) < 0)
++				return 1;
++		}
++	} else {
++		struct strbuf buf = STRBUF_INIT;
++		while (strbuf_getline(&buf, stdin) != EOF) {
++			if (!check_submodule_name(buf.buf))
++				printf("%s\n", buf.buf);
++		}
++		strbuf_release(&buf);
++	}
++	return 0;
++}
++
+ #define SUPPORT_SUPER_PREFIX (1<<0)
+ 
+ struct cmd_struct {
+@@ -1502,6 +1525,7 @@ static struct cmd_struct commands[] = {
+ 	{"push-check", push_check, 0},
+ 	{"absorb-git-dirs", absorb_git_dirs, SUPPORT_SUPER_PREFIX},
+ 	{"is-active", is_active, 0},
++	{"check-name", check_name, 0},
+ };
+ 
+ int cmd_submodule__helper(int argc, const char **argv, const char *prefix)
+diff --git a/git-submodule.sh b/git-submodule.sh
+index c0d0e9a4c..92750b9e2 100755
+--- a/git-submodule.sh
++++ b/git-submodule.sh
+@@ -229,6 +229,11 @@ Use -f if you really want to add it." >&
+ 		sm_name="$sm_path"
+ 	fi
+ 
++	if ! git submodule--helper check-name "$sm_name"
++	then
++		die "$(eval_gettext "'$sm_name' is not a valid submodule name")"
++	fi
++
+ 	# perhaps the path exists and is already a git repo, else clone it
+ 	if test -e "$sm_path"
+ 	then
+diff --git a/submodule-config.c b/submodule-config.c
+index 4f58491dd..de54351c6 100644
+--- a/submodule-config.c
++++ b/submodule-config.c
+@@ -190,6 +190,31 @@ static struct submodule *cache_lookup_na
+ 	return NULL;
+ }
+ 
++int check_submodule_name(const char *name)
++{
++	/* Disallow empty names */
++	if (!*name)
++		return -1;
++
++	/*
++	 * Look for '..' as a path component. Check both '/' and '\\' as
++	 * separators rather than is_dir_sep(), because we want the name rules
++	 * to be consistent across platforms.
++	 */
++	goto in_component; /* always start inside component */
++	while (*name) {
++		char c = *name++;
++		if (c == '/' || c == '\\') {
++in_component:
++			if (name[0] == '.' && name[1] == '.' &&
++			    (!name[2] || name[2] == '/' || name[2] == '\\'))
++				return -1;
++		}
++	}
++
++	return 0;
++}
++
+ static int name_and_item_from_var(const char *var, struct strbuf *name,
+ 				  struct strbuf *item)
+ {
+@@ -201,6 +226,12 @@ static int name_and_item_from_var(const
+ 		return 0;
+ 
+ 	strbuf_add(name, subsection, subsection_len);
++	if (check_submodule_name(name->buf) < 0) {
++		warning(_("ignoring suspicious submodule name: %s"), name->buf);
++		strbuf_release(name);
++		return 0;
++	}
++
+ 	strbuf_addstr(item, key);
+ 
+ 	return 1;
+diff --git a/submodule-config.h b/submodule-config.h
+index d434ecdb4..103cc79dd 100644
+--- a/submodule-config.h
++++ b/submodule-config.h
+@@ -48,4 +48,11 @@ extern const struct submodule *submodule
+ 						    const char *key);
+ extern void submodule_free(void);
+ 
++/*
++ * Returns 0 if the name is syntactically acceptable as a submodule "name"
++ * (e.g., that may be found in the subsection of a .gitmodules file) and -1
++ * otherwise.
++ */
++int check_submodule_name(const char *name);
++
+ #endif /* SUBMODULE_CONFIG_H */
+diff --git a/t/t7415-submodule-names.sh b/t/t7415-submodule-names.sh
+new file mode 100755
+index 000000000..75fa071c6
+--- /dev/null
++++ b/t/t7415-submodule-names.sh
+@@ -0,0 +1,76 @@
++#!/bin/sh
++
++test_description='check handling of .. in submodule names
++
++Exercise the name-checking function on a variety of names, and then give a
++real-world setup that confirms we catch this in practice.
++'
++. ./test-lib.sh
++
++test_expect_success 'check names' '
++	cat >expect <<-\EOF &&
++	valid
++	valid/with/paths
++	EOF
++
++	git submodule--helper check-name >actual <<-\EOF &&
++	valid
++	valid/with/paths
++
++	../foo
++	/../foo
++	..\foo
++	\..\foo
++	foo/..
++	foo/../
++	foo\..
++	foo\..\
++	foo/../bar
++	EOF
++
++	test_cmp expect actual
++'
++
++test_expect_success 'create innocent subrepo' '
++	git init innocent &&
++	git -C innocent commit --allow-empty -m foo
++'
++
++test_expect_success 'submodule add refuses invalid names' '
++	test_must_fail \
++		git submodule add --name ../../modules/evil "$PWD/innocent" evil
++'
++
++test_expect_success 'add evil submodule' '
++	git submodule add "$PWD/innocent" evil &&
++
++	mkdir modules &&
++	cp -r .git/modules/evil modules &&
++	write_script modules/evil/hooks/post-checkout <<-\EOF &&
++	echo >&2 "RUNNING POST CHECKOUT"
++	EOF
++
++	git config -f .gitmodules submodule.evil.update checkout &&
++	git config -f .gitmodules --rename-section \
++		submodule.evil submodule.../../modules/evil &&
++	git add modules &&
++	git commit -am evil
++'
++
++# This step seems like it shouldn't be necessary, since the payload is
++# contained entirely in the evil submodule. But due to the vagaries of the
++# submodule code, checking out the evil module will fail unless ".git/modules"
++# exists. Adding another submodule (with a name that sorts before "evil") is an
++# easy way to make sure this is the case in the victim clone.
++test_expect_success 'add other submodule' '
++	git submodule add "$PWD/innocent" another-module &&
++	git add another-module &&
++	git commit -am another
++'
++
++test_expect_success 'clone evil superproject' '
++	git clone --recurse-submodules . victim >output 2>&1 &&
++	! grep "RUNNING POST CHECKOUT" output
++'
++
++test_done
+-- 
+2.13.3
+
diff --git a/poky/meta/recipes-devtools/git/git.inc b/poky/meta/recipes-devtools/git/git.inc
index dd9d792..bea23ec 100644
--- a/poky/meta/recipes-devtools/git/git.inc
+++ b/poky/meta/recipes-devtools/git/git.inc
@@ -7,7 +7,8 @@
 PROVIDES_append_class-native = " git-replacement-native"
 
 SRC_URI = "${KERNELORG_MIRROR}/software/scm/git/git-${PV}.tar.gz;name=tarball \
-           ${KERNELORG_MIRROR}/software/scm/git/git-manpages-${PV}.tar.gz;name=manpages"
+           ${KERNELORG_MIRROR}/software/scm/git/git-manpages-${PV}.tar.gz;name=manpages \
+           file://CVE-2018-11235.patch"
 
 S = "${WORKDIR}/git-${PV}"
 
diff --git a/poky/meta/recipes-devtools/nasm/nasm/0001-Verify-that-we-are-not-reading-past-end-of-a-buffer.patch b/poky/meta/recipes-devtools/nasm/nasm/0001-Verify-that-we-are-not-reading-past-end-of-a-buffer.patch
new file mode 100644
index 0000000..a56a08b
--- /dev/null
+++ b/poky/meta/recipes-devtools/nasm/nasm/0001-Verify-that-we-are-not-reading-past-end-of-a-buffer.patch
@@ -0,0 +1,65 @@
+From c5785fdf1d660eaefb9711284414262d0cfe8843 Mon Sep 17 00:00:00 2001
+From: Adam Majer <amajer@suse.de>
+Date: Fri, 17 Aug 2018 14:48:17 +0800
+Subject: [PATCH] Verify that we are not reading past end of a buffer
+
+Simple reproducer is just,
+
+    ret &d:ep
+
+which triggers a buffer overread due to parsing of an invalid
+segment override.
+
+Signed-off-by: Adam Majer <amajer@suse.de>
+
+Upstream-Status: Submitted [https://bugzilla.nasm.us/show_bug.cgi?id=3392447]
+CVE: CVE-2018-8883
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ include/opflags.h | 2 +-
+ include/tables.h  | 1 +
+ x86/regs.pl       | 3 ++-
+ 3 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/include/opflags.h b/include/opflags.h
+index ef2838c1..8d4b6b1e 100644
+--- a/include/opflags.h
++++ b/include/opflags.h
+@@ -166,7 +166,7 @@
+ #define REG_CLASS_BND           GEN_REG_CLASS(9)
+ 
+ #define is_class(class, op)         (!((opflags_t)(class) & ~(opflags_t)(op)))
+-#define is_reg_class(class, reg)    is_class((class), nasm_reg_flags[(reg)])
++#define is_reg_class(class, reg)    is_class((class), ((reg) < nasm_reg_flags_size ? nasm_reg_flags[(reg)] : 0))
+ 
+ #define IS_SREG(reg)                is_reg_class(REG_SREG, (reg))
+ #define IS_FSGS(reg)                is_reg_class(REG_FSGS, (reg))
+diff --git a/include/tables.h b/include/tables.h
+index 24a665e2..458752ce 100644
+--- a/include/tables.h
++++ b/include/tables.h
+@@ -64,6 +64,7 @@ extern const char * const nasm_reg_names[];
+ typedef uint64_t opflags_t;
+ typedef uint16_t  decoflags_t;
+ extern const opflags_t nasm_reg_flags[];
++extern const size_t nasm_reg_flags_size;
+ /* regvals.c */
+ extern const int nasm_regvals[];
+ 
+diff --git a/x86/regs.pl b/x86/regs.pl
+index 3a1b56f5..cb5cea68 100755
+--- a/x86/regs.pl
++++ b/x86/regs.pl
+@@ -158,7 +158,8 @@ if ( $fmt eq 'h' ) {
+ 	printf "    %-15s /* %-5s */\n",
+ 		$regs{$reg}.',', $reg;
+     }
+-    print "};\n";
++    print "};\n\n";
++    print "const size_t nasm_reg_flags_size = sizeof(nasm_reg_flags) / sizeof(opflags_t);\n";
+ } elsif ( $fmt eq 'vc' ) {
+     # Output regvals.c
+     print "/* automatically generated from $file - do not edit */\n\n";
+-- 
+2.17.1
+
diff --git a/poky/meta/recipes-devtools/nasm/nasm/0001-assemble-Check-global-line-limit.patch b/poky/meta/recipes-devtools/nasm/nasm/0001-assemble-Check-global-line-limit.patch
new file mode 100644
index 0000000..682d4c7
--- /dev/null
+++ b/poky/meta/recipes-devtools/nasm/nasm/0001-assemble-Check-global-line-limit.patch
@@ -0,0 +1,50 @@
+From 7a46d6b9e3a1d8a0ab0d816ef1bf194ad285e082 Mon Sep 17 00:00:00 2001
+From: "Chang S. Bae" <chang.seok.bae@intel.com>
+Date: Fri, 17 Aug 2018 14:26:03 +0800
+Subject: [PATCH] assemble: Check global line limit
+
+Without the limit, the while loop opens to semi-infinite
+that will exhaustively consume the heap space. Also, the
+index value gets into the garbage.
+
+https://bugzilla.nasm.us/show_bug.cgi?id=3392474
+
+Reported-by : Dongliang Mu <mudongliangabcd@gmail.com>
+Signed-off-by: Chang S. Bae <chang.seok.bae@intel.com>
+Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
+
+Upstream-Status: Backport from upstream [http://repo.or.cz/nasm.git]
+CVE: CVE-2018-10316
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ asm/nasm.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/asm/nasm.c b/asm/nasm.c
+index 8497ec9..81f6cee 100644
+--- a/asm/nasm.c
++++ b/asm/nasm.c
+@@ -99,6 +99,8 @@ static char outname[FILENAME_MAX];
+ static char listname[FILENAME_MAX];
+ static char errname[FILENAME_MAX];
+ static int globallineno;        /* for forward-reference tracking */
++#define GLOBALLINENO_MAX    INT32_MAX
++
+ /* static int pass = 0; */
+ const struct ofmt *ofmt = &OF_DEFAULT;
+ const struct ofmt_alias *ofmt_alias = NULL;
+@@ -1360,7 +1362,10 @@ static void assemble_file(char *fname, StrList **depend_ptr)
+         location.offset = offs = get_curr_offs();
+ 
+         while ((line = preproc->getline())) {
+-            globallineno++;
++            if (globallineno++ == GLOBALLINENO_MAX)
++                nasm_error(ERR_FATAL,
++                    "overall line number reaches the maximum %d\n",
++                    GLOBALLINENO_MAX);
+ 
+             /*
+              * Here we parse our directives; this is not handled by the
+-- 
+2.7.4
+
diff --git a/poky/meta/recipes-devtools/nasm/nasm/0001-fix-CVE-2018-8882.patch b/poky/meta/recipes-devtools/nasm/nasm/0001-fix-CVE-2018-8882.patch
new file mode 100644
index 0000000..bc706c3
--- /dev/null
+++ b/poky/meta/recipes-devtools/nasm/nasm/0001-fix-CVE-2018-8882.patch
@@ -0,0 +1,30 @@
+From 33438037e00ec750bff020578b1a5b6f75f60555 Mon Sep 17 00:00:00 2001
+From: Adam Majer <amajer@suse.de>
+Date: Fri, 17 Aug 2018 14:41:02 +0800
+Subject: [PATCH] fix CVE-2018-8882
+
+https://bugzilla.nasm.us/show_bug.cgi?id=3392445
+
+Upstream-Status: Submitted [https://bugzilla.nasm.us/show_bug.cgi?id=3392445]
+CVE: CVE-2018-8882
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ asm/float.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/asm/float.c b/asm/float.c
+index dcf69fea..2965d3db 100644
+--- a/asm/float.c
++++ b/asm/float.c
+@@ -608,6 +608,8 @@ static void ieee_shr(fp_limb *mant, int i)
+         if (offs)
+             for (j = MANT_LIMBS-1; j >= offs; j--)
+                 mant[j] = mant[j-offs];
++    } else if (MANT_LIMBS-1-offs < 0) {
++        j = MANT_LIMBS-1;
+     } else {
+         n = mant[MANT_LIMBS-1-offs] >> sr;
+         for (j = MANT_LIMBS-1; j > offs; j--) {
+-- 
+2.17.1
+
diff --git a/poky/meta/recipes-devtools/nasm/nasm_2.13.03.bb b/poky/meta/recipes-devtools/nasm/nasm_2.13.03.bb
index 236d7e5..6a02df4 100644
--- a/poky/meta/recipes-devtools/nasm/nasm_2.13.03.bb
+++ b/poky/meta/recipes-devtools/nasm/nasm_2.13.03.bb
@@ -5,6 +5,9 @@
 
 SRC_URI = "http://www.nasm.us/pub/nasm/releasebuilds/${PV}/nasm-${PV}.tar.bz2 \
            file://0001-asmlib-Drop-pure-function-attribute-from-seg_init.patch \
+           file://0001-assemble-Check-global-line-limit.patch \
+           file://0001-fix-CVE-2018-8882.patch \
+           file://0001-Verify-that-we-are-not-reading-past-end-of-a-buffer.patch \
            "
 
 SRC_URI[md5sum] = "0c581d482f39d5111879ca9601938f74"
diff --git a/poky/meta/recipes-devtools/patch/patch/0001-Fix-swapping-fake-lines-in-pch_swap.patch b/poky/meta/recipes-devtools/patch/patch/0001-Fix-swapping-fake-lines-in-pch_swap.patch
new file mode 100644
index 0000000..049149e
--- /dev/null
+++ b/poky/meta/recipes-devtools/patch/patch/0001-Fix-swapping-fake-lines-in-pch_swap.patch
@@ -0,0 +1,36 @@
+From 9c986353e420ead6e706262bf204d6e03322c300 Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruen@gnu.org>
+Date: Fri, 17 Aug 2018 13:35:40 +0200
+Subject: [PATCH] Fix swapping fake lines in pch_swap
+
+* src/pch.c (pch_swap): Fix swapping p_bfake and p_efake when there is a
+blank line in the middle of a context-diff hunk: that empty line stays
+in the middle of the hunk and isn't swapped.
+
+Fixes: https://savannah.gnu.org/bugs/index.php?53133
+Signed-off-by: Andreas Gruenbacher <agruen@gnu.org>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/git/patch.git]
+CVE: CVE-2018-6952
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+
+---
+ src/pch.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/pch.c b/src/pch.c
+index e92bc64..a500ad9 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -2122,7 +2122,7 @@ pch_swap (void)
+     }
+     if (p_efake >= 0) {			/* fix non-freeable ptr range */
+ 	if (p_efake <= i)
+-	    n = p_end - i + 1;
++	    n = p_end - p_ptrn_lines;
+ 	else
+ 	    n = -i;
+ 	p_efake += n;
+-- 
+2.10.2
+
diff --git a/poky/meta/recipes-devtools/patch/patch_2.7.6.bb b/poky/meta/recipes-devtools/patch/patch_2.7.6.bb
index 823486d..85b0db7 100644
--- a/poky/meta/recipes-devtools/patch/patch_2.7.6.bb
+++ b/poky/meta/recipes-devtools/patch/patch_2.7.6.bb
@@ -5,6 +5,7 @@
             file://0002-Fix-segfault-with-mangled-rename-patch.patch \
             file://0003-Allow-input-files-to-be-missing-for-ed-style-patches.patch \
             file://0004-Fix-arbitrary-command-execution-in-ed-style-patches-.patch \
+            file://0001-Fix-swapping-fake-lines-in-pch_swap.patch \
 "
 
 SRC_URI[md5sum] = "4c68cee989d83c87b00a3860bcd05600"
diff --git a/poky/meta/recipes-devtools/perl/perl/CVE-2018-12015.patch b/poky/meta/recipes-devtools/perl/perl/CVE-2018-12015.patch
new file mode 100644
index 0000000..a33deaf
--- /dev/null
+++ b/poky/meta/recipes-devtools/perl/perl/CVE-2018-12015.patch
@@ -0,0 +1,48 @@
+From ae65651eab053fc6dc4590dbb863a268215c1fc5 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
+Date: Fri, 8 Jun 2018 11:45:40 +0100
+Subject: [PATCH] [PATCH] Remove existing files before overwriting them
+
+Archive should extract only the latest same-named entry.
+Extracted regular file should not be writtent into existing block
+device (or any other one).
+
+https://rt.cpan.org/Ticket/Display.html?id=125523
+
+CVE: CVE-2018-12015
+Upstream-Status: Backport [https://github.com/jib/archive-tar-new/commit/ae65651eab053fc6dc4590dbb863a268215c1fc5]
+
+Signed-off-by: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ lib/Archive/Tar.pm | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/cpan/Archive-Tar/lib/Archive/Tar.pm b/cpan/Archive-Tar/lib/Archive/Tar.pm
+index 6244369..a83975f 100644
+--- a/cpan/Archive-Tar/lib/Archive/Tar.pm
++++ b/cpan/Archive-Tar/lib/Archive/Tar.pm
+@@ -845,6 +845,20 @@ sub _extract_file {
+         return;
+     }
+ 
++    ### If a file system already contains a block device with the same name as
++    ### the being extracted regular file, we would write the file's content
++    ### to the block device. So remove the existing file (block device) now.
++    ### If an archive contains multiple same-named entries, the last one
++    ### should replace the previous ones. So remove the old file now.
++    ### If the old entry is a symlink to a file outside of the CWD, the new
++    ### entry would create a file there. This is CVE-2018-12015
++    ### <https://rt.cpan.org/Ticket/Display.html?id=125523>.
++    if (-l $full || -e _) {
++	if (!unlink $full) {
++	    $self->_error( qq[Could not remove old file '$full': $!] );
++	    return;
++	}
++    }
+     if( length $entry->type && $entry->is_file ) {
+         my $fh = IO::File->new;
+         $fh->open( '>' . $full ) or (
+-- 
+2.13.3
+
diff --git a/poky/meta/recipes-devtools/perl/perl/CVE-2018-6797.patch b/poky/meta/recipes-devtools/perl/perl/CVE-2018-6797.patch
new file mode 100644
index 0000000..b56ebd3
--- /dev/null
+++ b/poky/meta/recipes-devtools/perl/perl/CVE-2018-6797.patch
@@ -0,0 +1,45 @@
+From abe1e6c568b96bcb382dfa4f61c56d1ab001ea51 Mon Sep 17 00:00:00 2001
+From: Karl Williamson <khw@cpan.org>
+Date: Fri, 2 Feb 2018 15:14:27 -0700
+Subject: [PATCH] (perl #132227) restart a node if we change to uni rules
+ within the node and encounter a sharp S
+
+This could lead to a buffer overflow.
+
+(cherry picked from commit a02c70e35d1313a5f4e245e8f863c810e991172d)
+
+CVE: CVE-2018-6797
+Upstream-Status: Backport [https://perl5.git.perl.org/perl.git/commitdiff/abe1e6c568b96bcb382dfa4f61c56d1ab001ea51]
+
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ regcomp.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/regcomp.c b/regcomp.c
+index 3b9550b10d..a7dee9a09e 100644
+--- a/regcomp.c
++++ b/regcomp.c
+@@ -13543,6 +13543,18 @@ S_regatom(pTHX_ RExC_state_t *pRExC_state, I32 *flagp, U32 depth)
+                          * /u.  This includes the multi-char fold SHARP S to
+                          * 'ss' */
+                         if (UNLIKELY(ender == LATIN_SMALL_LETTER_SHARP_S)) {
++
++                            /* If the node started out having uni rules, we
++                             * wouldn't have gotten here.  So this means
++                             * something in the middle has changed it, but
++                             * didn't think it needed to reparse.  But this
++                             * sharp s now does indicate the need for
++                             * reparsing. */
++                            if (RExC_uni_semantics) {
++                                p = oldp;
++                                goto loopdone;
++                            }
++
+                             RExC_seen_unfolded_sharp_s = 1;
+                             maybe_exactfu = FALSE;
+                         }
+-- 
+2.15.1-424-g9478a660812
+
+
diff --git a/poky/meta/recipes-devtools/perl/perl/CVE-2018-6798-1.patch b/poky/meta/recipes-devtools/perl/perl/CVE-2018-6798-1.patch
new file mode 100644
index 0000000..3477162
--- /dev/null
+++ b/poky/meta/recipes-devtools/perl/perl/CVE-2018-6798-1.patch
@@ -0,0 +1,130 @@
+From 0abf1e8d89aecd32dbdabda5da4d52a2d57a7cff Mon Sep 17 00:00:00 2001
+From: Karl Williamson <khw@cpan.org>
+Date: Tue, 6 Feb 2018 14:50:48 -0700
+Subject: [PATCH] [perl #132063]: Heap buffer overflow
+
+The proximal cause is several instances in regexec.c of the code
+assuming that the input was valid UTF-8, whereas the input was too short
+for what the start byte claimed it would be.
+
+I grepped through the core for any other similar uses, and did not find
+any.
+
+(cherry picked from commit fe7d8ba0a1bf567af8fa8fea128e2b9f4c553e84)
+
+CVE: CVE-2018-6798
+Upstream-Status: Backport [https://perl5.git.perl.org/perl.git/patch/0abf1e8d89aecd32dbdabda5da4d52a2d57a7cff]
+
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ regexec.c              | 29 ++++++++++++++++-------------
+ t/lib/warnings/regexec |  7 +++++++
+ 2 files changed, 23 insertions(+), 13 deletions(-)
+
+diff --git a/regexec.c b/regexec.c
+index 5735b997fd..ea432c39d3 100644
+--- a/regexec.c
++++ b/regexec.c
+@@ -1466,7 +1466,9 @@ Perl_re_intuit_start(pTHX_
+                                            ? trie_utf8_fold                         \
+                                            :   trie_latin_utf8_fold)))
+ 
+-#define REXEC_TRIE_READ_CHAR(trie_type, trie, widecharmap, uc, uscan, len, uvc, charid, foldlen, foldbuf, uniflags) \
++/* 'uscan' is set to foldbuf, and incremented, so below the end of uscan is
++ * 'foldbuf+sizeof(foldbuf)' */
++#define REXEC_TRIE_READ_CHAR(trie_type, trie, widecharmap, uc, uc_end, uscan, len, uvc, charid, foldlen, foldbuf, uniflags) \
+ STMT_START {                                                                        \
+     STRLEN skiplen;                                                                 \
+     U8 flags = FOLD_FLAGS_FULL;                                                     \
+@@ -1474,7 +1476,7 @@ STMT_START {
+     case trie_flu8:                                                                 \
+         _CHECK_AND_WARN_PROBLEMATIC_LOCALE;                                         \
+         if (utf8_target && UTF8_IS_ABOVE_LATIN1(*uc)) {                             \
+-            _CHECK_AND_OUTPUT_WIDE_LOCALE_UTF8_MSG(uc, uc + UTF8SKIP(uc));          \
++            _CHECK_AND_OUTPUT_WIDE_LOCALE_UTF8_MSG(uc, uc_end - uc);                \
+         }                                                                           \
+         goto do_trie_utf8_fold;                                                     \
+     case trie_utf8_exactfa_fold:                                                    \
+@@ -1483,7 +1485,7 @@ STMT_START {
+     case trie_utf8_fold:                                                            \
+       do_trie_utf8_fold:                                                            \
+         if ( foldlen>0 ) {                                                          \
+-            uvc = utf8n_to_uvchr( (const U8*) uscan, UTF8_MAXLEN, &len, uniflags ); \
++            uvc = utf8n_to_uvchr( (const U8*) uscan, foldlen, &len, uniflags );     \
+             foldlen -= len;                                                         \
+             uscan += len;                                                           \
+             len=0;                                                                  \
+@@ -1500,7 +1502,7 @@ STMT_START {
+         /* FALLTHROUGH */                                                           \
+     case trie_latin_utf8_fold:                                                      \
+         if ( foldlen>0 ) {                                                          \
+-            uvc = utf8n_to_uvchr( (const U8*) uscan, UTF8_MAXLEN, &len, uniflags ); \
++            uvc = utf8n_to_uvchr( (const U8*) uscan, foldlen, &len, uniflags );     \
+             foldlen -= len;                                                         \
+             uscan += len;                                                           \
+             len=0;                                                                  \
+@@ -1519,7 +1521,7 @@ STMT_START {
+         }                                                                           \
+         /* FALLTHROUGH */                                                           \
+     case trie_utf8:                                                                 \
+-        uvc = utf8n_to_uvchr( (const U8*) uc, UTF8_MAXLEN, &len, uniflags );        \
++        uvc = utf8n_to_uvchr( (const U8*) uc, uc_end - uc, &len, uniflags );        \
+         break;                                                                      \
+     case trie_plain:                                                                \
+         uvc = (UV)*uc;                                                              \
+@@ -2599,10 +2601,10 @@ S_find_byclass(pTHX_ regexp * prog, const regnode *c, char *s,
+                     }
+                     points[pointpos++ % maxlen]= uc;
+                     if (foldlen || uc < (U8*)strend) {
+-                        REXEC_TRIE_READ_CHAR(trie_type, trie,
+-                                         widecharmap, uc,
+-                                         uscan, len, uvc, charid, foldlen,
+-                                         foldbuf, uniflags);
++                        REXEC_TRIE_READ_CHAR(trie_type, trie, widecharmap, uc,
++                                             (U8 *) strend, uscan, len, uvc,
++                                             charid, foldlen, foldbuf,
++                                             uniflags);
+                         DEBUG_TRIE_EXECUTE_r({
+                             dump_exec_pos( (char *)uc, c, strend,
+                                         real_start, s, utf8_target, 0);
+@@ -5511,8 +5513,9 @@ S_regmatch(pTHX_ regmatch_info *reginfo, char *startpos, regnode *prog)
+ 		    if ( base && (foldlen || uc < (U8*)(reginfo->strend))) {
+ 			I32 offset;
+ 			REXEC_TRIE_READ_CHAR(trie_type, trie, widecharmap, uc,
+-					     uscan, len, uvc, charid, foldlen,
+-					     foldbuf, uniflags);
++                                             (U8 *) reginfo->strend, uscan,
++                                             len, uvc, charid, foldlen,
++                                             foldbuf, uniflags);
+ 			charcount++;
+ 			if (foldlen>0)
+ 			    ST.longfold = TRUE;
+@@ -5642,8 +5645,8 @@ S_regmatch(pTHX_ regmatch_info *reginfo, char *startpos, regnode *prog)
+ 			while (foldlen) {
+ 			    if (!--chars)
+ 				break;
+-			    uvc = utf8n_to_uvchr(uscan, UTF8_MAXLEN, &len,
+-					    uniflags);
++			    uvc = utf8n_to_uvchr(uscan, foldlen, &len,
++                                                 uniflags);
+ 			    uscan += len;
+ 			    foldlen -= len;
+ 			}
+diff --git a/t/lib/warnings/regexec b/t/lib/warnings/regexec
+index 900dd6ee7f..6635142dea 100644
+--- a/t/lib/warnings/regexec
++++ b/t/lib/warnings/regexec
+@@ -260,3 +260,10 @@ setlocale(&POSIX::LC_CTYPE, $utf8_locale);
+ "k" =~ /(?[ \N{KELVIN SIGN} ])/i;
+ ":" =~ /(?[ \: ])/;
+ EXPECT
++########
++# NAME perl #132063, read beyond buffer end
++# OPTION fatal
++"\xff" =~ /(?il)\x{100}|\x{100}/;
++EXPECT
++Malformed UTF-8 character: \xff (too short; 1 byte available, need 13) in pattern match (m//) at - line 2.
++Malformed UTF-8 character (fatal) at - line 2.
+-- 
+2.15.1-424-g9478a660812
+
diff --git a/poky/meta/recipes-devtools/perl/perl/CVE-2018-6798-2.patch b/poky/meta/recipes-devtools/perl/perl/CVE-2018-6798-2.patch
new file mode 100644
index 0000000..fb9b41a
--- /dev/null
+++ b/poky/meta/recipes-devtools/perl/perl/CVE-2018-6798-2.patch
@@ -0,0 +1,37 @@
+From f65da1ca2eee74696d9c120e9d69af37b4fa1920 Mon Sep 17 00:00:00 2001
+From: Tony Cook <tony@develop-help.com>
+Date: Mon, 19 Feb 2018 15:11:42 +1100
+Subject: [PATCH] (perl #132063) we should no longer warn for this code
+
+The first patch for 132063 prevented the buffer read overflow when
+dumping the warning but didn't fix the underlying problem.
+
+The next change treats the supplied buffer correctly, preventing the
+non-UTF-8 SV from being treated as UTF-8, preventing the warning.
+
+(cherry picked from commit 1e8b61488f195e1396aa801c685340b156104f4f)
+
+CVE: CVE-2018-6798
+Upstream-Status: Backport [https://perl5.git.perl.org/perl.git/commitdiff/f65da1ca2eee74696d9c120e9d69af37b4fa1920]
+
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ t/lib/warnings/regexec | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/t/lib/warnings/regexec b/t/lib/warnings/regexec
+index 6635142dea..c370ddc3c7 100644
+--- a/t/lib/warnings/regexec
++++ b/t/lib/warnings/regexec
+@@ -262,8 +262,5 @@ setlocale(&POSIX::LC_CTYPE, $utf8_locale);
+ EXPECT
+ ########
+ # NAME perl #132063, read beyond buffer end
+-# OPTION fatal
+ "\xff" =~ /(?il)\x{100}|\x{100}/;
+ EXPECT
+-Malformed UTF-8 character: \xff (too short; 1 byte available, need 13) in pattern match (m//) at - line 2.
+-Malformed UTF-8 character (fatal) at - line 2.
+-- 
+2.15.1-424-g9478a660812
+
diff --git a/poky/meta/recipes-devtools/perl/perl/CVE-2018-6913.patch b/poky/meta/recipes-devtools/perl/perl/CVE-2018-6913.patch
new file mode 100644
index 0000000..157af7b
--- /dev/null
+++ b/poky/meta/recipes-devtools/perl/perl/CVE-2018-6913.patch
@@ -0,0 +1,153 @@
+From f17fed5006177dce8ac48229c424a2da0d6ba492 Mon Sep 17 00:00:00 2001
+From: Tony Cook <tony@develop-help.com>
+Date: Tue, 8 Aug 2017 09:32:58 +1000
+Subject: [PATCH] (perl #131844) fix various space calculation issues in
+ pp_pack.c
+
+- for the originally reported case, if the start/cur pointer is in the
+  top 75% of the address space the add (cur) + glen addition would
+  overflow, resulting in the condition failing incorrectly.
+
+- the addition of the existing space used to the space needed could
+  overflow, resulting in too small an allocation and a buffer overflow.
+
+- the scaling for UTF8 could overflow.
+
+- the multiply to calculate the space needed for many items could
+  overflow.
+
+For the first case, do a space calculation without making new pointers.
+
+For the other cases, detect the overflow and croak if there's an
+overflow.
+
+Originally this used Size_t_MAX as the maximum size of a memory
+allocation, but for -DDEBUGGING builds realloc() throws a panic for
+allocations over half the address space in size, changing the error
+reported for the allocation.
+
+For non-DEBUGGING builds the Size_t_MAX limit has the small chance
+of finding a system that has 3GB of contiguous space available, and
+allocating that space, which could be a denial of servce in some cases.
+
+Unfortunately changing the limit to half the address space means that
+the exact case with the original issue can no longer occur, so the
+test is no longer testing against the address + length issue that
+caused the original problem, since the allocation is failing earlier.
+
+One option would be to change the test so the size request by pack is
+just under 2GB, but this has a higher (but still low) probability that
+the system has the address space available, and will actually try to
+allocate the memory, so let's not do that.
+
+Note: changed 
+plan tests => 14713;
+to 
+plan tests => 14712;
+in a/t/op/pack.t
+to apply this patch on perl 5.24.1.
+
+CVE: CVE-2018-6913
+Upstream-Status: Backport [https://perl5.git.perl.org/perl.git/commitdiff/f17fed5006177dce8ac48229c424a2da0d6ba492]
+
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ pp_pack.c   | 25 +++++++++++++++++++++----
+ t/op/pack.t | 24 +++++++++++++++++++++++-
+ 2 files changed, 44 insertions(+), 5 deletions(-)
+
+diff --git a/pp_pack.c b/pp_pack.c
+index 8937d6d715..5e9cc64301 100644
+--- a/pp_pack.c
++++ b/pp_pack.c
+@@ -357,11 +357,28 @@ STMT_START {							\
+     }								\
+ } STMT_END
+ 
++#define SAFE_UTF8_EXPAND(var)	\
++STMT_START {				\
++    if ((var) > SSize_t_MAX / UTF8_EXPAND) \
++        Perl_croak(aTHX_ "%s", "Out of memory during pack()"); \
++    (var) = (var) * UTF8_EXPAND; \
++} STMT_END
++
++#define GROWING2(utf8, cat, start, cur, item_size, item_count)	\
++STMT_START {							\
++    if (SSize_t_MAX / (item_size) < (item_count))		\
++        Perl_croak(aTHX_ "%s", "Out of memory during pack()");	\
++    GROWING((utf8), (cat), (start), (cur), (item_size) * (item_count)); \
++} STMT_END
++
+ #define GROWING(utf8, cat, start, cur, in_len)	\
+ STMT_START {					\
+     STRLEN glen = (in_len);			\
+-    if (utf8) glen *= UTF8_EXPAND;		\
+-    if ((cur) + glen >= (start) + SvLEN(cat)) {	\
++    STRLEN catcur = (STRLEN)((cur) - (start));	\
++    if (utf8) SAFE_UTF8_EXPAND(glen);		\
++    if (SSize_t_MAX - glen < catcur)		\
++        Perl_croak(aTHX_ "%s", "Out of memory during pack()"); \
++    if (catcur + glen >= SvLEN(cat)) {	\
+ 	(start) = sv_exp_grow(cat, glen);	\
+ 	(cur) = (start) + SvCUR(cat);		\
+     }						\
+@@ -372,7 +389,7 @@ STMT_START {					\
+ STMT_START {					\
+     const STRLEN glen = (in_len);		\
+     STRLEN gl = glen;				\
+-    if (utf8) gl *= UTF8_EXPAND;		\
++    if (utf8) SAFE_UTF8_EXPAND(gl);		\
+     if ((cur) + gl >= (start) + SvLEN(cat)) {	\
+         *cur = '\0';				\
+         SvCUR_set((cat), (cur) - (start));	\
+@@ -2126,7 +2143,7 @@ S_pack_rec(pTHX_ SV *cat, tempsym_t* sym
+ 	    if (props && !(props & PACK_SIZE_UNPREDICTABLE)) {
+ 		/* We can process this letter. */
+ 		STRLEN size = props & PACK_SIZE_MASK;
+-		GROWING(utf8, cat, start, cur, (STRLEN) len * size);
++		GROWING2(utf8, cat, start, cur, size, (STRLEN)len);
+ 	    }
+         }
+ 
+diff --git a/t/op/pack.t b/t/op/pack.t
+index 664aaaf1b0..cf0e286509 100644
+--- a/t/op/pack.t
++++ b/t/op/pack.t
+@@ -12,7 +12,7 @@ my $no_endianness = $] > 5.009 ? '' :
+ my $no_signedness = $] > 5.009 ? '' :
+   "Signed/unsigned pack modifiers not available on this perl";
+ 
+-plan tests => 14712;
++plan tests => 14717;
+ 
+ use strict;
+ use warnings qw(FATAL all);
+@@ -2044,3 +2044,25 @@ ok(1, "argument underflow did not crash"
+     is(pack("H40", $up_nul), $twenty_nuls,
+        "check pack H zero fills (utf8 source)");
+ }
++
++SKIP:
++{
++  # [perl #131844] pointer addition overflow
++    $Config{ptrsize} == 4
++      or skip "[perl #131844] need 32-bit build for this test", 4;
++    # prevent ASAN just crashing on the allocation failure
++    local $ENV{ASAN_OPTIONS} = $ENV{ASAN_OPTIONS};
++    $ENV{ASAN_OPTIONS} .= ",allocator_may_return_null=1";
++    fresh_perl_like('pack "f999999999"', qr/Out of memory during pack/, { stderr => 1 },
++		    "pointer addition overflow");
++
++    # integer (STRLEN) overflow from addition of glen to current length
++    fresh_perl_like('pack "c10f1073741823"', qr/Out of memory during pack/, { stderr => 1 },
++		    "integer overflow calculating allocation (addition)");
++
++    fresh_perl_like('pack "W10f536870913", 256', qr/Out of memory during pack/, { stderr => 1 },
++		    "integer overflow calculating allocation (utf8)");
++
++    fresh_perl_like('pack "c10f1073741824"', qr/Out of memory during pack/, { stderr => 1 },
++		    "integer overflow calculating allocation (multiply)");
++}
+-- 
+2.15.1-424-g9478a660812
+
diff --git a/poky/meta/recipes-devtools/perl/perl_5.24.1.bb b/poky/meta/recipes-devtools/perl/perl_5.24.1.bb
index 91f310d..5fed896 100644
--- a/poky/meta/recipes-devtools/perl/perl_5.24.1.bb
+++ b/poky/meta/recipes-devtools/perl/perl_5.24.1.bb
@@ -66,6 +66,11 @@
         file://perl-5.26.1-guard_old_libcrypt_fix.patch \
         file://CVE-2017-12883.patch \
         file://CVE-2017-12837.patch \
+        file://CVE-2018-6798-1.patch \
+        file://CVE-2018-6798-2.patch \
+        file://CVE-2018-6797.patch \
+        file://CVE-2018-6913.patch \
+        file://CVE-2018-12015.patch \
 "
 
 # Fix test case issues
diff --git a/poky/meta/recipes-devtools/python/python.inc b/poky/meta/recipes-devtools/python/python.inc
index 979b601..69542c9 100644
--- a/poky/meta/recipes-devtools/python/python.inc
+++ b/poky/meta/recipes-devtools/python/python.inc
@@ -7,7 +7,9 @@
 
 LIC_FILES_CHKSUM = "file://LICENSE;md5=f741e51de91d4eeea5930b9c3c7fa69d"
 
-SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz"
+SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
+           file://CVE-2018-1000030-1.patch \
+           file://CVE-2018-1000030-2.patch"
 
 SRC_URI[md5sum] = "1f6db41ad91d9eb0a6f0c769b8613c5b"
 SRC_URI[sha256sum] = "71ffb26e09e78650e424929b2b457b9c912ac216576e6bd9e7d204ed03296a66"
diff --git a/poky/meta/recipes-devtools/python/python/CVE-2018-1000030-1.patch b/poky/meta/recipes-devtools/python/python/CVE-2018-1000030-1.patch
new file mode 100644
index 0000000..06ad4c6
--- /dev/null
+++ b/poky/meta/recipes-devtools/python/python/CVE-2018-1000030-1.patch
@@ -0,0 +1,138 @@
+From 6401e5671781eb217ee1afb4603cc0d1b0367ae6 Mon Sep 17 00:00:00 2001
+From: Serhiy Storchaka <storchaka@gmail.com>
+Date: Fri, 10 Nov 2017 12:58:55 +0200
+Subject: [PATCH] [2.7] bpo-31530: Stop crashes when iterating over a file on
+ multiple threads. (#3672)
+
+CVE: CVE-2018-1000030
+Upstream-Status: Backport [https://github.com/python/cpython/commit/6401e5671781eb217ee1afb4603cc0d1b0367ae6]
+
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ Lib/test/test_file2k.py                            | 32 ++++++++++++++++++++++
+ .../2017-09-20-18-28-09.bpo-31530.CdLOM7.rst       |  4 +++
+ Objects/fileobject.c                               | 19 +++++++++++--
+ 3 files changed, 52 insertions(+), 3 deletions(-)
+ create mode 100644 Misc/NEWS.d/next/Core and Builtins/2017-09-20-18-28-09.bpo-31530.CdLOM7.rst
+
+diff --git a/Lib/test/test_file2k.py b/Lib/test/test_file2k.py
+index e39ef7042e..d8966e034e 100644
+--- a/Lib/test/test_file2k.py
++++ b/Lib/test/test_file2k.py
+@@ -652,6 +652,38 @@ class FileThreadingTests(unittest.TestCase):
+             self.f.writelines('')
+         self._test_close_open_io(io_func)
+ 
++    def test_iteration_torture(self):
++        # bpo-31530: Crash when concurrently iterate over a file.
++        with open(self.filename, "wb") as fp:
++            for i in xrange(2**20):
++                fp.write(b"0"*50 + b"\n")
++        with open(self.filename, "rb") as f:
++            def iterate():
++                try:
++                    for l in f:
++                        pass
++                except IOError:
++                    pass
++            self._run_workers(iterate, 10)
++
++    def test_iteration_seek(self):
++        # bpo-31530: Crash when concurrently seek and iterate over a file.
++        with open(self.filename, "wb") as fp:
++            for i in xrange(10000):
++                fp.write(b"0"*50 + b"\n")
++        with open(self.filename, "rb") as f:
++            it = iter([1] + [0]*10)  # one thread reads, others seek
++            def iterate():
++                try:
++                    if next(it):
++                        for l in f:
++                            pass
++                    else:
++                        for i in range(100):
++                            f.seek(i*100, 0)
++                except IOError:
++                    pass
++            self._run_workers(iterate, 10)
+ 
+ @unittest.skipUnless(os.name == 'posix', 'test requires a posix system.')
+ class TestFileSignalEINTR(unittest.TestCase):
+diff --git a/Misc/NEWS.d/next/Core and Builtins/2017-09-20-18-28-09.bpo-31530.CdLOM7.rst b/Misc/NEWS.d/next/Core and Builtins/2017-09-20-18-28-09.bpo-31530.CdLOM7.rst
+new file mode 100644
+index 0000000000..a6cb6c9e9b
+--- /dev/null
++++ b/Misc/NEWS.d/next/Core and Builtins/2017-09-20-18-28-09.bpo-31530.CdLOM7.rst	
+@@ -0,0 +1,4 @@
++Fixed crashes when iterating over a file on multiple threads.
++seek() and next() methods of file objects now raise an exception during
++concurrent operation on the same file object.
++A lock can be used to prevent the error.
+diff --git a/Objects/fileobject.c b/Objects/fileobject.c
+index 7e07a5376f..2f63c374d1 100644
+--- a/Objects/fileobject.c
++++ b/Objects/fileobject.c
+@@ -430,7 +430,7 @@ close_the_file(PyFileObject *f)
+             if (f->ob_refcnt > 0) {
+                 PyErr_SetString(PyExc_IOError,
+                     "close() called during concurrent "
+-                    "operation on the same file object.");
++                    "operation on the same file object");
+             } else {
+                 /* This should not happen unless someone is
+                  * carelessly playing with the PyFileObject
+@@ -438,7 +438,7 @@ close_the_file(PyFileObject *f)
+                  * pointer. */
+                 PyErr_SetString(PyExc_SystemError,
+                     "PyFileObject locking error in "
+-                    "destructor (refcnt <= 0 at close).");
++                    "destructor (refcnt <= 0 at close)");
+             }
+             return NULL;
+         }
+@@ -762,6 +762,12 @@ file_seek(PyFileObject *f, PyObject *args)
+ 
+     if (f->f_fp == NULL)
+         return err_closed();
++    if (f->unlocked_count > 0) {
++        PyErr_SetString(PyExc_IOError,
++            "seek() called during concurrent "
++            "operation on the same file object");
++        return NULL;
++    }
+     drop_readahead(f);
+     whence = 0;
+     if (!PyArg_ParseTuple(args, "O|i:seek", &offobj, &whence))
+@@ -2238,6 +2244,7 @@ readahead(PyFileObject *f, Py_ssize_t bufsize)
+ {
+     Py_ssize_t chunksize;
+ 
++    assert(f->unlocked_count == 0);
+     if (f->f_buf != NULL) {
+         if( (f->f_bufend - f->f_bufptr) >= 1)
+             return 0;
+@@ -2279,6 +2286,12 @@ readahead_get_line_skip(PyFileObject *f, Py_ssize_t skip, Py_ssize_t bufsize)
+     char *buf;
+     Py_ssize_t len;
+ 
++    if (f->unlocked_count > 0) {
++        PyErr_SetString(PyExc_IOError,
++            "next() called during concurrent "
++            "operation on the same file object");
++        return NULL;
++    }
+     if (f->f_buf == NULL)
+         if (readahead(f, bufsize) < 0)
+             return NULL;
+@@ -2692,7 +2705,7 @@ int PyObject_AsFileDescriptor(PyObject *o)
+     }
+     else {
+         PyErr_SetString(PyExc_TypeError,
+-                        "argument must be an int, or have a fileno() method.");
++                        "argument must be an int, or have a fileno() method");
+         return -1;
+     }
+ 
+-- 
+2.13.3
+
diff --git a/poky/meta/recipes-devtools/python/python/CVE-2018-1000030-2.patch b/poky/meta/recipes-devtools/python/python/CVE-2018-1000030-2.patch
new file mode 100644
index 0000000..9b7713b
--- /dev/null
+++ b/poky/meta/recipes-devtools/python/python/CVE-2018-1000030-2.patch
@@ -0,0 +1,306 @@
+From dbf52e02f18dac6f5f0a64f78932f3dc6efc056b Mon Sep 17 00:00:00 2001
+From: Benjamin Peterson <benjamin@python.org>
+Date: Tue, 2 Jan 2018 09:25:41 -0800
+Subject: [PATCH] bpo-31530: fix crash when multiple threads iterate over a
+ file, round 2 (#5060)
+
+Multiple threads iterating over a file can corrupt the file's internal readahead
+buffer resulting in crashes. To fix this, cache buffer state thread-locally for
+the duration of a file_iternext call and only update the file's internal state
+after reading completes.
+
+No attempt is made to define or provide "reasonable" semantics for iterating
+over a file on multiple threads. (Non-crashing) races are still
+present. Duplicated, corrupt, and missing data will happen.
+
+This was originally fixed by 6401e5671781eb217ee1afb4603cc0d1b0367ae6, which
+raised an exception from seek() and next() when concurrent operations were
+detected. Alas, this simpler solution breaks legitimate use cases such as
+capturing the standard streams when multiple threads are logging.
+
+CVE: CVE-2018-1000030
+Upstream-Status: Backport [https://github.com/python/cpython/commit/dbf52e02f18dac6f5f0a64f78932f3dc6efc056b]
+
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+
+---
+ Lib/test/test_file2k.py                            |  27 ++---
+ .../2017-09-20-18-28-09.bpo-31530.CdLOM7.rst       |   3 -
+ Objects/fileobject.c                               | 118 ++++++++++++---------
+ 3 files changed, 78 insertions(+), 70 deletions(-)
+
+diff --git a/Lib/test/test_file2k.py b/Lib/test/test_file2k.py
+index d8966e034e..c73e8d8dc4 100644
+--- a/Lib/test/test_file2k.py
++++ b/Lib/test/test_file2k.py
+@@ -653,18 +653,15 @@ class FileThreadingTests(unittest.TestCase):
+         self._test_close_open_io(io_func)
+ 
+     def test_iteration_torture(self):
+-        # bpo-31530: Crash when concurrently iterate over a file.
++        # bpo-31530
+         with open(self.filename, "wb") as fp:
+             for i in xrange(2**20):
+                 fp.write(b"0"*50 + b"\n")
+         with open(self.filename, "rb") as f:
+-            def iterate():
+-                try:
+-                    for l in f:
+-                        pass
+-                except IOError:
++            def it():
++                for l in f:
+                     pass
+-            self._run_workers(iterate, 10)
++            self._run_workers(it, 10)
+ 
+     def test_iteration_seek(self):
+         # bpo-31530: Crash when concurrently seek and iterate over a file.
+@@ -674,17 +671,15 @@ class FileThreadingTests(unittest.TestCase):
+         with open(self.filename, "rb") as f:
+             it = iter([1] + [0]*10)  # one thread reads, others seek
+             def iterate():
+-                try:
+-                    if next(it):
+-                        for l in f:
+-                            pass
+-                    else:
+-                        for i in range(100):
+-                            f.seek(i*100, 0)
+-                except IOError:
+-                    pass
++                if next(it):
++                    for l in f:
++                        pass
++                else:
++                    for i in xrange(100):
++                        f.seek(i*100, 0)
+             self._run_workers(iterate, 10)
+ 
++
+ @unittest.skipUnless(os.name == 'posix', 'test requires a posix system.')
+ class TestFileSignalEINTR(unittest.TestCase):
+     def _test_reading(self, data_to_write, read_and_verify_code, method_name,
+diff --git a/Misc/NEWS.d/next/Core and Builtins/2017-09-20-18-28-09.bpo-31530.CdLOM7.rst b/Misc/NEWS.d/next/Core and Builtins/2017-09-20-18-28-09.bpo-31530.CdLOM7.rst
+index a6cb6c9e9b..beb09b5ae6 100644
+--- a/Misc/NEWS.d/next/Core and Builtins/2017-09-20-18-28-09.bpo-31530.CdLOM7.rst	
++++ b/Misc/NEWS.d/next/Core and Builtins/2017-09-20-18-28-09.bpo-31530.CdLOM7.rst	
+@@ -1,4 +1 @@
+ Fixed crashes when iterating over a file on multiple threads.
+-seek() and next() methods of file objects now raise an exception during
+-concurrent operation on the same file object.
+-A lock can be used to prevent the error.
+diff --git a/Objects/fileobject.c b/Objects/fileobject.c
+index 8d1c5812f0..270b28264a 100644
+--- a/Objects/fileobject.c
++++ b/Objects/fileobject.c
+@@ -609,7 +609,12 @@ err_iterbuffered(void)
+     return NULL;
+ }
+ 
+-static void drop_readahead(PyFileObject *);
++static void
++drop_file_readahead(PyFileObject *f)
++{
++    PyMem_FREE(f->f_buf);
++    f->f_buf = NULL;
++}
+ 
+ /* Methods */
+ 
+@@ -632,7 +637,7 @@ file_dealloc(PyFileObject *f)
+     Py_XDECREF(f->f_mode);
+     Py_XDECREF(f->f_encoding);
+     Py_XDECREF(f->f_errors);
+-    drop_readahead(f);
++    drop_file_readahead(f);
+     Py_TYPE(f)->tp_free((PyObject *)f);
+ }
+ 
+@@ -767,13 +772,7 @@ file_seek(PyFileObject *f, PyObject *args)
+ 
+     if (f->f_fp == NULL)
+         return err_closed();
+-    if (f->unlocked_count > 0) {
+-        PyErr_SetString(PyExc_IOError,
+-            "seek() called during concurrent "
+-            "operation on the same file object");
+-        return NULL;
+-    }
+-    drop_readahead(f);
++    drop_file_readahead(f);
+     whence = 0;
+     if (!PyArg_ParseTuple(args, "O|i:seek", &offobj, &whence))
+         return NULL;
+@@ -2242,12 +2241,16 @@ static PyGetSetDef file_getsetlist[] = {
+     {0},
+ };
+ 
++typedef struct {
++    char *buf, *bufptr, *bufend;
++} readaheadbuffer;
++
+ static void
+-drop_readahead(PyFileObject *f)
++drop_readaheadbuffer(readaheadbuffer *rab)
+ {
+-    if (f->f_buf != NULL) {
+-        PyMem_Free(f->f_buf);
+-        f->f_buf = NULL;
++    if (rab->buf != NULL) {
++        PyMem_FREE(rab->buf);
++        rab->buf = NULL;
+     }
+ }
+ 
+@@ -2255,36 +2258,34 @@ drop_readahead(PyFileObject *f)
+    (unless at EOF) and no more than bufsize.  Returns negative value on
+    error, will set MemoryError if bufsize bytes cannot be allocated. */
+ static int
+-readahead(PyFileObject *f, Py_ssize_t bufsize)
++readahead(PyFileObject *f, readaheadbuffer *rab, Py_ssize_t bufsize)
+ {
+     Py_ssize_t chunksize;
+ 
+-    assert(f->unlocked_count == 0);
+-    if (f->f_buf != NULL) {
+-        if( (f->f_bufend - f->f_bufptr) >= 1)
++    if (rab->buf != NULL) {
++        if ((rab->bufend - rab->bufptr) >= 1)
+             return 0;
+         else
+-            drop_readahead(f);
++            drop_readaheadbuffer(rab);
+     }
+-    if ((f->f_buf = (char *)PyMem_Malloc(bufsize)) == NULL) {
++    if ((rab->buf = PyMem_MALLOC(bufsize)) == NULL) {
+         PyErr_NoMemory();
+         return -1;
+     }
+     FILE_BEGIN_ALLOW_THREADS(f)
+     errno = 0;
+-    chunksize = Py_UniversalNewlineFread(
+-        f->f_buf, bufsize, f->f_fp, (PyObject *)f);
++    chunksize = Py_UniversalNewlineFread(rab->buf, bufsize, f->f_fp, (PyObject *)f);
+     FILE_END_ALLOW_THREADS(f)
+     if (chunksize == 0) {
+         if (ferror(f->f_fp)) {
+             PyErr_SetFromErrno(PyExc_IOError);
+             clearerr(f->f_fp);
+-            drop_readahead(f);
++            drop_readaheadbuffer(rab);
+             return -1;
+         }
+     }
+-    f->f_bufptr = f->f_buf;
+-    f->f_bufend = f->f_buf + chunksize;
++    rab->bufptr = rab->buf;
++    rab->bufend = rab->buf + chunksize;
+     return 0;
+ }
+ 
+@@ -2294,51 +2295,43 @@ readahead(PyFileObject *f, Py_ssize_t bufsize)
+    logarithmic buffer growth to about 50 even when reading a 1gb line. */
+ 
+ static PyStringObject *
+-readahead_get_line_skip(PyFileObject *f, Py_ssize_t skip, Py_ssize_t bufsize)
++readahead_get_line_skip(PyFileObject *f, readaheadbuffer *rab, Py_ssize_t skip, Py_ssize_t bufsize)
+ {
+     PyStringObject* s;
+     char *bufptr;
+     char *buf;
+     Py_ssize_t len;
+ 
+-    if (f->unlocked_count > 0) {
+-        PyErr_SetString(PyExc_IOError,
+-            "next() called during concurrent "
+-            "operation on the same file object");
+-        return NULL;
+-    }
+-    if (f->f_buf == NULL)
+-        if (readahead(f, bufsize) < 0)
++    if (rab->buf == NULL)
++        if (readahead(f, rab, bufsize) < 0)
+             return NULL;
+ 
+-    len = f->f_bufend - f->f_bufptr;
++    len = rab->bufend - rab->bufptr;
+     if (len == 0)
+-        return (PyStringObject *)
+-            PyString_FromStringAndSize(NULL, skip);
+-    bufptr = (char *)memchr(f->f_bufptr, '\n', len);
++        return (PyStringObject *)PyString_FromStringAndSize(NULL, skip);
++    bufptr = (char *)memchr(rab->bufptr, '\n', len);
+     if (bufptr != NULL) {
+         bufptr++;                               /* Count the '\n' */
+-        len = bufptr - f->f_bufptr;
+-        s = (PyStringObject *)
+-            PyString_FromStringAndSize(NULL, skip + len);
++        len = bufptr - rab->bufptr;
++        s = (PyStringObject *)PyString_FromStringAndSize(NULL, skip + len);
+         if (s == NULL)
+             return NULL;
+-        memcpy(PyString_AS_STRING(s) + skip, f->f_bufptr, len);
+-        f->f_bufptr = bufptr;
+-        if (bufptr == f->f_bufend)
+-            drop_readahead(f);
++        memcpy(PyString_AS_STRING(s) + skip, rab->bufptr, len);
++        rab->bufptr = bufptr;
++        if (bufptr == rab->bufend)
++            drop_readaheadbuffer(rab);
+     } else {
+-        bufptr = f->f_bufptr;
+-        buf = f->f_buf;
+-        f->f_buf = NULL;                /* Force new readahead buffer */
++        bufptr = rab->bufptr;
++        buf = rab->buf;
++        rab->buf = NULL;                /* Force new readahead buffer */
+         assert(len <= PY_SSIZE_T_MAX - skip);
+-        s = readahead_get_line_skip(f, skip + len, bufsize + (bufsize>>2));
++        s = readahead_get_line_skip(f, rab, skip + len, bufsize + (bufsize>>2));
+         if (s == NULL) {
+-            PyMem_Free(buf);
++            PyMem_FREE(buf);
+             return NULL;
+         }
+         memcpy(PyString_AS_STRING(s) + skip, bufptr, len);
+-        PyMem_Free(buf);
++        PyMem_FREE(buf);
+     }
+     return s;
+ }
+@@ -2356,7 +2349,30 @@ file_iternext(PyFileObject *f)
+     if (!f->readable)
+         return err_mode("reading");
+ 
+-    l = readahead_get_line_skip(f, 0, READAHEAD_BUFSIZE);
++    {
++        /*
++          Multiple threads can enter this method while the GIL is released
++          during file read and wreak havoc on the file object's readahead
++          buffer. To avoid dealing with cross-thread coordination issues, we
++          cache the file buffer state locally and only set it back on the file
++          object when we're done.
++        */
++        readaheadbuffer rab = {f->f_buf, f->f_bufptr, f->f_bufend};
++        f->f_buf = NULL;
++        l = readahead_get_line_skip(f, &rab, 0, READAHEAD_BUFSIZE);
++        /*
++          Make sure the file's internal read buffer is cleared out. This will
++          only do anything if some other thread interleaved with us during
++          readahead. We want to drop any changeling buffer, so we don't leak
++          memory. We may lose data, but that's what you get for reading the same
++          file object in multiple threads.
++        */
++        drop_file_readahead(f);
++        f->f_buf = rab.buf;
++        f->f_bufptr = rab.bufptr;
++        f->f_bufend = rab.bufend;
++    }
++
+     if (l == NULL || PyString_GET_SIZE(l) == 0) {
+         Py_XDECREF(l);
+         return NULL;
+-- 
+2.13.3
+
diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-12617.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-12617.patch
new file mode 100644
index 0000000..c89f189
--- /dev/null
+++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-12617.patch
@@ -0,0 +1,53 @@
+From 141b197408ab398c4f474ac1a728ab316e921f2b Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Wed, 13 Jun 2018 11:46:57 +0530
+Subject: [PATCH] qga: check bytes count read by guest-file-read
+
+While reading file content via 'guest-file-read' command,
+'qmp_guest_file_read' routine allocates buffer of count+1
+bytes. It could overflow for large values of 'count'.
+Add check to avoid it.
+
+Reported-by: Fakhri Zulkifli <mohdfakhrizulkifli@gmail.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
+
+CVE: CVE-2018-12617
+Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commitdiff;h=141b197408ab398c4f474ac1a728ab316e921f2b]
+
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ qga/commands-posix.c | 2 +-
+ qga/commands-win32.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/qga/commands-posix.c b/qga/commands-posix.c
+index 594d21ef3e..9284e71666 100644
+--- a/qga/commands-posix.c
++++ b/qga/commands-posix.c
+@@ -458,7 +458,7 @@ struct GuestFileRead *qmp_guest_file_read(int64_t handle, bool has_count,
+ 
+     if (!has_count) {
+         count = QGA_READ_COUNT_DEFAULT;
+-    } else if (count < 0) {
++    } else if (count < 0 || count >= UINT32_MAX) {
+         error_setg(errp, "value '%" PRId64 "' is invalid for argument count",
+                    count);
+         return NULL;
+diff --git a/qga/commands-win32.c b/qga/commands-win32.c
+index 70ee5379f6..73f31fa8c2 100644
+--- a/qga/commands-win32.c
++++ b/qga/commands-win32.c
+@@ -318,7 +318,7 @@ GuestFileRead *qmp_guest_file_read(int64_t handle, bool has_count,
+     }
+     if (!has_count) {
+         count = QGA_READ_COUNT_DEFAULT;
+-    } else if (count < 0) {
++    } else if (count < 0 || count >= UINT32_MAX) {
+         error_setg(errp, "value '%" PRId64
+                    "' is invalid for argument count", count);
+         return NULL;
+-- 
+2.13.3
+
diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-7550.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-7550.patch
new file mode 100644
index 0000000..9923d12
--- /dev/null
+++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-7550.patch
@@ -0,0 +1,62 @@
+From 2a8fcd119eb7c6bb3837fc3669eb1b2dfb31daf8 Mon Sep 17 00:00:00 2001
+From: Jack Schwartz <jack.schwartz@oracle.com>
+Date: Thu, 21 Dec 2017 09:25:15 -0800
+Subject: [PATCH] multiboot: bss_end_addr can be zero
+
+The multiboot spec (https://www.gnu.org/software/grub/manual/multiboot/),
+section 3.1.3, allows for bss_end_addr to be zero.
+
+A zero bss_end_addr signifies there is no .bss section.
+
+CVE: CVE-2018-7550
+Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commitdiff;h=2a8fcd119eb7c6bb3837fc3669eb1b2dfb31daf8]
+
+Suggested-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Jack Schwartz <jack.schwartz@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ hw/i386/multiboot.c | 18 ++++++++++--------
+ 1 file changed, 10 insertions(+), 8 deletions(-)
+
+diff --git a/hw/i386/multiboot.c b/hw/i386/multiboot.c
+index 46d9c68bf5..bb8d8e4629 100644
+--- a/hw/i386/multiboot.c
++++ b/hw/i386/multiboot.c
+@@ -233,12 +233,6 @@ int load_multiboot(FWCfgState *fw_cfg,
+         mh_entry_addr = ldl_p(header+i+28);
+ 
+         if (mh_load_end_addr) {
+-            if (mh_bss_end_addr < mh_load_addr) {
+-                fprintf(stderr, "invalid mh_bss_end_addr address\n");
+-                exit(1);
+-            }
+-            mb_kernel_size = mh_bss_end_addr - mh_load_addr;
+-
+             if (mh_load_end_addr < mh_load_addr) {
+                 fprintf(stderr, "invalid mh_load_end_addr address\n");
+                 exit(1);
+@@ -249,8 +243,16 @@ int load_multiboot(FWCfgState *fw_cfg,
+                 fprintf(stderr, "invalid kernel_file_size\n");
+                 exit(1);
+             }
+-            mb_kernel_size = kernel_file_size - mb_kernel_text_offset;
+-            mb_load_size = mb_kernel_size;
++            mb_load_size = kernel_file_size - mb_kernel_text_offset;
++        }
++        if (mh_bss_end_addr) {
++            if (mh_bss_end_addr < (mh_load_addr + mb_load_size)) {
++                fprintf(stderr, "invalid mh_bss_end_addr address\n");
++                exit(1);
++            }
++            mb_kernel_size = mh_bss_end_addr - mh_load_addr;
++        } else {
++            mb_kernel_size = mb_load_size;
+         }
+ 
+         /* Valid if mh_flags sets MULTIBOOT_HEADER_HAS_VBE.
+-- 
+2.13.3
+
diff --git a/poky/meta/recipes-devtools/qemu/qemu_2.11.1.bb b/poky/meta/recipes-devtools/qemu/qemu_2.11.1.bb
index 7de21ac..a447dc7 100644
--- a/poky/meta/recipes-devtools/qemu/qemu_2.11.1.bb
+++ b/poky/meta/recipes-devtools/qemu/qemu_2.11.1.bb
@@ -24,6 +24,8 @@
            file://0012-arm-translate-a64-treat-DISAS_UPDATE-as-variant-of-D.patch \
            file://0013-ps2-check-PS2Queue-pointers-in-post_load-routine.patch \
            file://0001-CVE-2018-11806-QEMU-slirp-heap-buffer-overflow.patch \
+           file://CVE-2018-7550.patch \
+           file://CVE-2018-12617.patch \
            "
 UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+\..*)\.tar"
 
diff --git a/poky/meta/recipes-devtools/swig/swig.inc b/poky/meta/recipes-devtools/swig/swig.inc
index bf61b02..aec5449 100644
--- a/poky/meta/recipes-devtools/swig/swig.inc
+++ b/poky/meta/recipes-devtools/swig/swig.inc
@@ -7,7 +7,7 @@
 
 SECTION = "devel"
 
-DEPENDS = "libpcre python3"
+DEPENDS = "libpcre"
 
 SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.gz"
 
diff --git a/poky/meta/recipes-extended/bzip2/bzip2_1.0.6.bb b/poky/meta/recipes-extended/bzip2/bzip2_1.0.6.bb
index de668d6..acbf80a 100644
--- a/poky/meta/recipes-extended/bzip2/bzip2_1.0.6.bb
+++ b/poky/meta/recipes-extended/bzip2/bzip2_1.0.6.bb
@@ -2,13 +2,13 @@
 DESCRIPTION = "bzip2 compresses files using the Burrows-Wheeler block-sorting text compression algorithm, and \
 Huffman coding. Compression is generally considerably better than that achieved by more conventional \
 LZ77/LZ78-based compressors, and approaches the performance of the PPM family of statistical compressors."
-HOMEPAGE = "http://www.bzip.org/"
+HOMEPAGE = "https://sourceware.org/bzip2/"
 SECTION = "console/utils"
 LICENSE = "bzip2"
 LIC_FILES_CHKSUM = "file://LICENSE;beginline=8;endline=37;md5=40d9d1eb05736d1bfc86cfdd9106e6b2"
 PR = "r5"
 
-SRC_URI = "http://www.bzip.org/${PV}/${BP}.tar.gz \
+SRC_URI = "http://downloads.yoctoproject.org/mirror/sources/${BP}.tar.gz \
            file://fix-bunzip2-qt-returns-0-for-corrupt-archives.patch \
            file://configure.ac;subdir=${BP} \
            file://Makefile.am;subdir=${BP} \
@@ -19,7 +19,7 @@
 SRC_URI[md5sum] = "00b516f4704d4a7cb50a1d97e6e8e15b"
 SRC_URI[sha256sum] = "a2848f34fcd5d6cf47def00461fcb528a0484d8edef8208d6d2e2909dc61d9cd"
 
-UPSTREAM_CHECK_URI = "http://www.bzip.org/downloads.html"
+UPSTREAM_CHECK_URI = "https://www.sourceware.org/bzip2/"
 
 PACKAGES =+ "libbz2"
 
diff --git a/poky/meta/recipes-extended/libarchive/libarchive/CVE-2017-14503.patch b/poky/meta/recipes-extended/libarchive/libarchive/CVE-2017-14503.patch
new file mode 100644
index 0000000..42fa68c
--- /dev/null
+++ b/poky/meta/recipes-extended/libarchive/libarchive/CVE-2017-14503.patch
@@ -0,0 +1,33 @@
+From 2c8c83b9731ff822fad6cc8c670ea5519c366a14 Mon Sep 17 00:00:00 2001
+From: Joerg Sonnenberger <joerg@bec.de>
+Date: Thu, 19 Jul 2018 21:14:53 +0200
+Subject: [PATCH] Reject LHA archive entries with negative size.
+
+CVE: CVE-2017-14503
+Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/2c8c83b9731ff822fad6cc8c670ea5519c366a14]
+
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ libarchive/archive_read_support_format_lha.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/libarchive/archive_read_support_format_lha.c b/libarchive/archive_read_support_format_lha.c
+index b8ef4ae1..95c99bb1 100644
+--- a/libarchive/archive_read_support_format_lha.c
++++ b/libarchive/archive_read_support_format_lha.c
+@@ -701,6 +701,12 @@ archive_read_format_lha_read_header(struct archive_read *a,
+ 	 * Prepare variables used to read a file content.
+ 	 */
+ 	lha->entry_bytes_remaining = lha->compsize;
++	if (lha->entry_bytes_remaining < 0) {
++		archive_set_error(&a->archive,
++		    ARCHIVE_ERRNO_FILE_FORMAT,
++		    "Invalid LHa entry size");
++		return (ARCHIVE_FATAL);
++	}
+ 	lha->entry_offset = 0;
+ 	lha->entry_crc_calculated = 0;
+ 
+-- 
+2.13.3
+
diff --git a/poky/meta/recipes-extended/libarchive/libarchive_3.3.2.bb b/poky/meta/recipes-extended/libarchive/libarchive_3.3.2.bb
index 5daca27..3269716 100644
--- a/poky/meta/recipes-extended/libarchive/libarchive_3.3.2.bb
+++ b/poky/meta/recipes-extended/libarchive/libarchive_3.3.2.bb
@@ -36,6 +36,7 @@
            file://CVE-2017-14166.patch \
            file://CVE-2017-14502.patch \
            file://non-recursive-extract-and-list.patch \
+           file://CVE-2017-14503.patch \
           "
 
 SRC_URI[md5sum] = "4583bd6b2ebf7e0e8963d90879eb1b27"
diff --git a/poky/meta/recipes-extended/procps/procps/CVE-2018-1124.patch b/poky/meta/recipes-extended/procps/procps/CVE-2018-1124.patch
new file mode 100644
index 0000000..bc78faf
--- /dev/null
+++ b/poky/meta/recipes-extended/procps/procps/CVE-2018-1124.patch
@@ -0,0 +1,176 @@
+From bdd058a0e676d2f013027fcfb2b344c313112a50 Mon Sep 17 00:00:00 2001
+From: Qualys Security Advisory <qsa@qualys.com>
+Date: Thu, 1 Jan 1970 00:00:00 +0000
+Subject: [PATCH 074/126] proc/readproc.c: Fix bugs and overflows in
+ file2strvec().
+
+Note: this is by far the most important and complex patch of the whole
+series, please review it carefully; thank you very much!
+
+For this patch, we decided to keep the original function's design and
+skeleton, to avoid regressions and behavior changes, while fixing the
+various bugs and overflows. And like the "Harden file2str()" patch, this
+patch does not fail when about to overflow, but truncates instead: there
+is information available about this process, so return it to the caller;
+also, we used INT_MAX as a limit, but a lower limit could be used.
+
+The easy changes:
+
+- Replace sprintf() with snprintf() (and check for truncation).
+
+- Replace "if (n == 0 && rbuf == 0)" with "if (n <= 0 && tot <= 0)" and
+  do break instead of return: it simplifies the code (only one place to
+  handle errors), and also guarantees that in the while loop either n or
+  tot is > 0 (or both), even if n is reset to 0 when about to overflow.
+
+- Remove the "if (n < 0)" block in the while loop: it is (and was) dead
+  code, since we enter the while loop only if n >= 0.
+
+- Rewrite the missing-null-terminator detection: in the original
+  function, if the size of the file is a multiple of 2047, a null-
+  terminator is appended even if the file is already null-terminated.
+
+- Replace "if (n <= 0 && !end_of_file)" with "if (n < 0 || tot <= 0)":
+  originally, it was equivalent to "if (n < 0)", but we added "tot <= 0"
+  to handle the first break of the while loop, and to guarantee that in
+  the rest of the function tot is > 0.
+
+- Double-force ("belt and suspenders") the null-termination of rbuf:
+  this is (and was) essential to the correctness of the function.
+
+- Replace the final "while" loop with a "for" loop that behaves just
+  like the preceding "for" loop: in the original function, this would
+  lead to unexpected results (for example, if rbuf is |\0|A|\0|, this
+  would return the array {"",NULL} but should return {"","A",NULL}; and
+  if rbuf is |A|\0|B| (should never happen because rbuf should be null-
+  terminated), this would make room for two pointers in ret, but would
+  write three pointers to ret).
+
+The hard changes:
+
+- Prevent the integer overflow of tot in the while loop, but unlike
+  file2str(), file2strvec() cannot let tot grow until it almost reaches
+  INT_MAX, because it needs more space for the pointers: this is why we
+  introduced ARG_LEN, which also guarantees that we can add "align" and
+  a few sizeof(char*)s to tot without overflowing.
+
+- Prevent the integer overflow of "tot + c + align": when INT_MAX is
+  (almost) reached, we write the maximal safe amount of pointers to ret
+  (ARG_LEN guarantees that there is always space for *ret = rbuf and the
+  NULL terminator).
+[carnil: backport for 3.3.9: Add include for limits.h and use of MAX_INT]
+
+CVE: CVE-2018-1124
+Upstream-Status: Backport [https://gitlab.com/procps-ng/procps/commit/36c350f07c75aabf747fb833f52a234ae5781b20]
+
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ proc/readproc.c | 53 ++++++++++++++++++++++++++++++++---------------------
+ 1 file changed, 32 insertions(+), 21 deletions(-)
+
+diff -Naurp procps-ng-3.3.12_org/proc/readproc.c procps-ng-3.3.12/proc/readproc.c
+--- procps-ng-3.3.12_org/proc/readproc.c	2016-07-09 14:49:25.825306872 -0700
++++ procps-ng-3.3.12/proc/readproc.c	2018-07-24 00:46:49.366202531 -0700
+@@ -37,6 +37,7 @@
+ #include <dirent.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
++#include <limits.h>
+ #ifdef WITH_SYSTEMD
+ #include <systemd/sd-login.h>
+ #endif
+--- a/proc/readproc.c
++++ b/proc/readproc.c
+@@ -600,11 +601,12 @@ static int file2str(const char *director
+ 
+ static char** file2strvec(const char* directory, const char* what) {
+     char buf[2048];	/* read buf bytes at a time */
+-    char *p, *rbuf = 0, *endbuf, **q, **ret;
++    char *p, *rbuf = 0, *endbuf, **q, **ret, *strp;
+     int fd, tot = 0, n, c, end_of_file = 0;
+     int align;
+ 
+-    sprintf(buf, "%s/%s", directory, what);
++    const int len = snprintf(buf, sizeof buf, "%s/%s", directory, what);
++    if(len <= 0 || (size_t)len >= sizeof buf) return NULL;
+     fd = open(buf, O_RDONLY, 0);
+     if(fd==-1) return NULL;
+ 
+@@ -612,18 +614,23 @@ static char** file2strvec(const char* di
+     while ((n = read(fd, buf, sizeof buf - 1)) >= 0) {
+ 	if (n < (int)(sizeof buf - 1))
+ 	    end_of_file = 1;
+-	if (n == 0 && rbuf == 0) {
+-	    close(fd);
+-	    return NULL;	/* process died between our open and read */
++	if (n <= 0 && tot <= 0) { /* nothing read now, nothing read before */
++	    break;		/* process died between our open and read */
+ 	}
+-	if (n < 0) {
+-	    if (rbuf)
+-		free(rbuf);
+-	    close(fd);
+-	    return NULL;	/* read error */
++	/* ARG_LEN is our guesstimated median length of a command-line argument
++	   or environment variable (the minimum is 1, the maximum is 131072) */
++	#define ARG_LEN 64
++	if (tot >= INT_MAX / (ARG_LEN + (int)sizeof(char*)) * ARG_LEN - n) {
++	    end_of_file = 1; /* integer overflow: null-terminate and break */
++	    n = 0; /* but tot > 0 */
+ 	}
+-	if (end_of_file && (n == 0 || buf[n-1]))/* last read char not null */
++	#undef ARG_LEN
++	if (end_of_file &&
++	    ((n > 0 && buf[n-1] != '\0') ||	/* last read char not null */
++	     (n <= 0 && rbuf[tot-1] != '\0')))	/* last read char not null */
+ 	    buf[n++] = '\0';			/* so append null-terminator */
++
++	if (n <= 0) break; /* unneeded (end_of_file = 1) but avoid realloc */
+ 	rbuf = xrealloc(rbuf, tot + n);		/* allocate more memory */
+ 	memcpy(rbuf + tot, buf, n);		/* copy buffer into it */
+ 	tot += n;				/* increment total byte ctr */
+@@ -631,29 +638,34 @@ static char** file2strvec(const char* di
+ 	    break;
+     }
+     close(fd);
+-    if (n <= 0 && !end_of_file) {
++    if (n < 0 || tot <= 0) {	/* error, or nothing read */
+ 	if (rbuf) free(rbuf);
+ 	return NULL;		/* read error */
+     }
++    rbuf[tot-1] = '\0'; /* belt and suspenders (the while loop did it, too) */
+     endbuf = rbuf + tot;			/* count space for pointers */
+     align = (sizeof(char*)-1) - ((tot + sizeof(char*)-1) & (sizeof(char*)-1));
+-    for (c = 0, p = rbuf; p < endbuf; p++) {
+-	if (!*p || *p == '\n')
++    c = sizeof(char*);				/* one extra for NULL term */
++    for (p = rbuf; p < endbuf; p++) {
++	if (!*p || *p == '\n') {
++	    if (c >= INT_MAX - (tot + (int)sizeof(char*) + align)) break;
+ 	    c += sizeof(char*);
++	}
+ 	if (*p == '\n')
+ 	    *p = 0;
+     }
+-    c += sizeof(char*);				/* one extra for NULL term */
+ 
+     rbuf = xrealloc(rbuf, tot + c + align);	/* make room for ptrs AT END */
+     endbuf = rbuf + tot;			/* addr just past data buf */
+     q = ret = (char**) (endbuf+align);		/* ==> free(*ret) to dealloc */
+-    *q++ = p = rbuf;				/* point ptrs to the strings */
+-    endbuf--;					/* do not traverse final NUL */
+-    while (++p < endbuf)
+-    	if (!*p)				/* NUL char implies that */
+-	    *q++ = p+1;				/* next string -> next char */
+-
++    for (strp = p = rbuf; p < endbuf; p++) {
++	if (!*p) {				/* NUL char implies that */
++	    if (c < 2 * (int)sizeof(char*)) break;
++	    c -= sizeof(char*);
++	    *q++ = strp;			/* point ptrs to the strings */
++	    strp = p+1;				/* next string -> next char */
++	}
++    }
+     *q = 0;					/* null ptr list terminator */
+     return ret;
+ }
diff --git a/poky/meta/recipes-extended/procps/procps_3.3.12.bb b/poky/meta/recipes-extended/procps/procps_3.3.12.bb
index ecf215f..6e15b0a 100644
--- a/poky/meta/recipes-extended/procps/procps_3.3.12.bb
+++ b/poky/meta/recipes-extended/procps/procps_3.3.12.bb
@@ -14,6 +14,7 @@
 
 SRC_URI = "http://downloads.sourceforge.net/project/procps-ng/Production/procps-ng-${PV}.tar.xz \
            file://sysctl.conf \
+           file://CVE-2018-1124.patch \
           "
 
 SRC_URI[md5sum] = "957e42e8b193490b2111252e4a2b443c"
diff --git a/poky/meta/recipes-extended/shadow/files/CVE-2018-7169.patch b/poky/meta/recipes-extended/shadow/files/CVE-2018-7169.patch
new file mode 100644
index 0000000..36887d4
--- /dev/null
+++ b/poky/meta/recipes-extended/shadow/files/CVE-2018-7169.patch
@@ -0,0 +1,186 @@
+From fb28c99b8a66ff2605c5cb96abc0a4d975f92de0 Mon Sep 17 00:00:00 2001
+From: Aleksa Sarai <asarai@suse.de>
+Date: Thu, 15 Feb 2018 23:49:40 +1100
+Subject: [PATCH] newgidmap: enforce setgroups=deny if self-mapping a group
+
+This is necessary to match the kernel-side policy of "self-mapping in a
+user namespace is fine, but you cannot drop groups" -- a policy that was
+created in order to stop user namespaces from allowing trivial privilege
+escalation by dropping supplementary groups that were "blacklisted" from
+certain paths.
+
+This is the simplest fix for the underlying issue, and effectively makes
+it so that unless a user has a valid mapping set in /etc/subgid (which
+only administrators can modify) -- and they are currently trying to use
+that mapping -- then /proc/$pid/setgroups will be set to deny. This
+workaround is only partial, because ideally it should be possible to set
+an "allow_setgroups" or "deny_setgroups" flag in /etc/subgid to allow
+administrators to further restrict newgidmap(1).
+
+We also don't write anything in the "allow" case because "allow" is the
+default, and users may have already written "deny" even if they
+technically are allowed to use setgroups. And we don't write anything if
+the setgroups policy is already "deny".
+
+Ref: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357
+Fixes: CVE-2018-7169
+
+Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/fb28c99b8a66ff2605c5cb96abc0a4d975f92de0]
+Reported-by: Craig Furman <craig.furman89@gmail.com>
+Signed-off-by: Aleksa Sarai <asarai@suse.de>
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ src/newgidmap.c | 89 +++++++++++++++++++++++++++++++++++++++++++++++++++------
+ 1 file changed, 80 insertions(+), 9 deletions(-)
+
+diff --git a/src/newgidmap.c b/src/newgidmap.c
+index b1e33513..59a2e75c 100644
+--- a/src/newgidmap.c
++++ b/src/newgidmap.c
+@@ -46,32 +46,37 @@
+  */
+ const char *Prog;
+ 
+-static bool verify_range(struct passwd *pw, struct map_range *range)
++
++static bool verify_range(struct passwd *pw, struct map_range *range, bool *allow_setgroups)
+ {
+ 	/* An empty range is invalid */
+ 	if (range->count == 0)
+ 		return false;
+ 
+-	/* Test /etc/subgid */
+-	if (have_sub_gids(pw->pw_name, range->lower, range->count))
++	/* Test /etc/subgid. If the mapping is valid then we allow setgroups. */
++	if (have_sub_gids(pw->pw_name, range->lower, range->count)) {
++		*allow_setgroups = true;
+ 		return true;
++	}
+ 
+-	/* Allow a process to map it's own gid */
+-	if ((range->count == 1) && (pw->pw_gid == range->lower))
++	/* Allow a process to map its own gid. */
++	if ((range->count == 1) && (pw->pw_gid == range->lower)) {
++		/* noop -- if setgroups is enabled already we won't disable it. */
+ 		return true;
++	}
+ 
+ 	return false;
+ }
+ 
+ static void verify_ranges(struct passwd *pw, int ranges,
+-	struct map_range *mappings)
++	struct map_range *mappings, bool *allow_setgroups)
+ {
+ 	struct map_range *mapping;
+ 	int idx;
+ 
+ 	mapping = mappings;
+ 	for (idx = 0; idx < ranges; idx++, mapping++) {
+-		if (!verify_range(pw, mapping)) {
++		if (!verify_range(pw, mapping, allow_setgroups)) {
+ 			fprintf(stderr, _( "%s: gid range [%lu-%lu) -> [%lu-%lu) not allowed\n"),
+ 				Prog,
+ 				mapping->upper,
+@@ -89,6 +94,70 @@ static void usage(void)
+ 	exit(EXIT_FAILURE);
+ }
+ 
++void write_setgroups(int proc_dir_fd, bool allow_setgroups)
++{
++	int setgroups_fd;
++	char *policy, policy_buffer[4096];
++
++	/*
++	 * Default is "deny", and any "allow" will out-rank a "deny". We don't
++	 * forcefully write an "allow" here because the process we are writing
++	 * mappings for may have already set themselves to "deny" (and "allow"
++	 * is the default anyway). So allow_setgroups == true is a noop.
++	 */
++	policy = "deny\n";
++	if (allow_setgroups)
++		return;
++
++	setgroups_fd = openat(proc_dir_fd, "setgroups", O_RDWR|O_CLOEXEC);
++	if (setgroups_fd < 0) {
++		/*
++		 * If it's an ENOENT then we are on too old a kernel for the setgroups
++		 * code to exist. Emit a warning and bail on this.
++		 */
++		if (ENOENT == errno) {
++			fprintf(stderr, _("%s: kernel doesn't support setgroups restrictions\n"), Prog);
++			goto out;
++		}
++		fprintf(stderr, _("%s: couldn't open process setgroups: %s\n"),
++			Prog,
++			strerror(errno));
++		exit(EXIT_FAILURE);
++	}
++
++	/*
++	 * Check whether the policy is already what we want. /proc/self/setgroups
++	 * is write-once, so attempting to write after it's already written to will
++	 * fail.
++	 */
++	if (read(setgroups_fd, policy_buffer, sizeof(policy_buffer)) < 0) {
++		fprintf(stderr, _("%s: failed to read setgroups: %s\n"),
++			Prog,
++			strerror(errno));
++		exit(EXIT_FAILURE);
++	}
++	if (!strncmp(policy_buffer, policy, strlen(policy)))
++		goto out;
++
++	/* Write the policy. */
++	if (lseek(setgroups_fd, 0, SEEK_SET) < 0) {
++		fprintf(stderr, _("%s: failed to seek setgroups: %s\n"),
++			Prog,
++			strerror(errno));
++		exit(EXIT_FAILURE);
++	}
++	if (dprintf(setgroups_fd, "%s", policy) < 0) {
++		fprintf(stderr, _("%s: failed to setgroups %s policy: %s\n"),
++			Prog,
++			policy,
++			strerror(errno));
++		exit(EXIT_FAILURE);
++	}
++
++out:
++	close(setgroups_fd);
++}
++
+ /*
+  * newgidmap - Set the gid_map for the specified process
+  */
+@@ -103,6 +172,7 @@ int main(int argc, char **argv)
+ 	struct stat st;
+ 	struct passwd *pw;
+ 	int written;
++	bool allow_setgroups = false;
+ 
+ 	Prog = Basename (argv[0]);
+ 
+@@ -145,7 +215,7 @@ int main(int argc, char **argv)
+ 				(unsigned long) getuid ()));
+ 		return EXIT_FAILURE;
+ 	}
+-	
++
+ 	/* Get the effective uid and effective gid of the target process */
+ 	if (fstat(proc_dir_fd, &st) < 0) {
+ 		fprintf(stderr, _("%s: Could not stat directory for target %u\n"),
+@@ -177,8 +247,9 @@ int main(int argc, char **argv)
+ 	if (!mappings)
+ 		usage();
+ 
+-	verify_ranges(pw, ranges, mappings);
++	verify_ranges(pw, ranges, mappings, &allow_setgroups);
+ 
++	write_setgroups(proc_dir_fd, allow_setgroups);
+ 	write_mapping(proc_dir_fd, ranges, mappings, "gid_map");
+ 	sub_gid_close();
+ 
+-- 
+2.13.3
+
diff --git a/poky/meta/recipes-extended/shadow/shadow.inc b/poky/meta/recipes-extended/shadow/shadow.inc
index 6efe4a9..9691c38 100644
--- a/poky/meta/recipes-extended/shadow/shadow.inc
+++ b/poky/meta/recipes-extended/shadow/shadow.inc
@@ -20,6 +20,7 @@
            file://0001-shadow-CVE-2017-12424 \
            file://CVE-2017-2616.patch \
            ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \
+           file://CVE-2018-7169.patch \
            "
 
 SRC_URI_append_class-target = " \
diff --git a/poky/meta/recipes-extended/unzip/unzip/0001-unzip-fix-CVE-2018-1000035.patch b/poky/meta/recipes-extended/unzip/unzip/0001-unzip-fix-CVE-2018-1000035.patch
new file mode 100644
index 0000000..37289d1
--- /dev/null
+++ b/poky/meta/recipes-extended/unzip/unzip/0001-unzip-fix-CVE-2018-1000035.patch
@@ -0,0 +1,48 @@
+From 349f566e6e757458843fa164a0f0584280e1501e Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Wed, 15 Aug 2018 16:20:53 +0800
+Subject: [PATCH] unzip: fix CVE-2018-1000035
+
+Upstream-Status: Backport
+
+CVE: CVE-2018-1000035
+
+backport from unzip6.10c23
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ fileio.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/fileio.c b/fileio.c
+index 36bfea3..7605a29 100644
+--- a/fileio.c
++++ b/fileio.c
+@@ -1582,6 +1582,8 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, size, zfn, efn)
+     int r = IZ_PW_ENTERED;
+     char *m;
+     char *prompt;
++    char *ep;
++    char *zp;
+ 
+ #ifndef REENTRANT
+     /* tell picky compilers to shut up about "unused variable" warnings */
+@@ -1590,9 +1592,12 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, size, zfn, efn)
+ 
+     if (*rcnt == 0) {           /* First call for current entry */
+         *rcnt = 2;
+-        if ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL) {
+-            sprintf(prompt, LoadFarString(PasswPrompt),
+-                    FnFilter1(zfn), FnFilter2(efn));
++        zp = FnFilter1( zfn);
++        ep = FnFilter2( efn);
++        prompt = (char *)malloc(    /* Slightly too long (2* "%s"). */
++         sizeof( PasswPrompt)+ strlen( zp)+ strlen( ep));
++        if (prompt != (char *)NULL) {
++            sprintf(prompt, LoadFarString(PasswPrompt), zp, ep);
+             m = prompt;
+         } else
+             m = (char *)LoadFarString(PasswPrompt2);
+-- 
+2.7.4
+
diff --git a/poky/meta/recipes-extended/unzip/unzip/symlink.patch b/poky/meta/recipes-extended/unzip/unzip/symlink.patch
new file mode 100644
index 0000000..a38f6f1
--- /dev/null
+++ b/poky/meta/recipes-extended/unzip/unzip/symlink.patch
@@ -0,0 +1,26 @@
+Unzip doesn't handle large zip files well and crashes:
+
+"This only happens if you have more then 16k entries and when one of
+the 16k entry infos is reused it happend to be previously used for
+a symlink entry."
+
+This patch is taken from Fedora (https://bugzilla.redhat.com/show_bug.cgi?id=972427)
+
+Upstream-Status: Pending (upstream is dead)
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+--- unzip60/process.c.sav	2013-06-09 12:08:57.070392264 +0200
++++ unzip60/process.c	2013-06-09 12:10:08.641696988 +0200
+@@ -1751,6 +1751,12 @@
+         = (G.crec.general_purpose_bit_flag & (1 << 11)) == (1 << 11);
+ #endif
+ 
++#ifdef SYMLINKS
++    /* Initialize the symlink flag, may be set by the platform-specific
++       mapattr function.  */
++    G.pInfo->symlink = 0;
++#endif 
++
+     return PK_COOL;
+ 
+ } /* end function process_cdir_file_hdr() */
diff --git a/poky/meta/recipes-extended/unzip/unzip_6.0.bb b/poky/meta/recipes-extended/unzip/unzip_6.0.bb
index 105d048..a47491e 100644
--- a/poky/meta/recipes-extended/unzip/unzip_6.0.bb
+++ b/poky/meta/recipes-extended/unzip/unzip_6.0.bb
@@ -19,6 +19,8 @@
 	file://fix-security-format.patch \
 	file://18-cve-2014-9913-unzip-buffer-overflow.patch \
 	file://19-cve-2016-9844-zipinfo-buffer-overflow.patch \
+	file://symlink.patch \
+	file://0001-unzip-fix-CVE-2018-1000035.patch \
 "
 UPSTREAM_VERSION_UNKNOWN = "1"
 
diff --git a/poky/meta/recipes-multimedia/alsa/alsa-lib_1.1.5.bb b/poky/meta/recipes-multimedia/alsa/alsa-lib_1.1.5.bb
index c5bf107..0f1e2db 100644
--- a/poky/meta/recipes-multimedia/alsa/alsa-lib_1.1.5.bb
+++ b/poky/meta/recipes-multimedia/alsa/alsa-lib_1.1.5.bb
@@ -19,18 +19,17 @@
 
 EXTRA_OECONF += "--disable-python"
 
-PACKAGES =+ "alsa-server libasound alsa-conf alsa-doc"
-FILES_libasound = "${libdir}/libasound.so.*"
+PACKAGES =+ "alsa-server alsa-conf alsa-doc"
 FILES_alsa-server = "${bindir}/*"
 FILES_alsa-conf = "${datadir}/alsa/"
 
-RDEPENDS_libasound = "alsa-conf"
-
-# alsa-lib gets automatically added to alsa-lib-dev dependencies, but the
-# alsa-lib package doesn't exist. libasound is the real library package.
-RDEPENDS_${PN}-dev = "libasound"
+RDEPENDS_${PN}_class-target = "alsa-conf"
 
 # upgrade path
+RPROVIDES_${PN} = "libasound"
+RREPLACES_${PN} = "libasound"
+RCONFLICTS_${PN} = "libasound"
+
 RPROVIDES_${PN}-dev = "alsa-dev"
 RREPLACES_${PN}-dev = "alsa-dev"
 RCONFLICTS_${PN}-dev = "alsa-dev"
diff --git a/poky/meta/recipes-multimedia/flac/files/CVE-2017-6888.patch b/poky/meta/recipes-multimedia/flac/files/CVE-2017-6888.patch
new file mode 100644
index 0000000..389ab96
--- /dev/null
+++ b/poky/meta/recipes-multimedia/flac/files/CVE-2017-6888.patch
@@ -0,0 +1,31 @@
+From 4f47b63e9c971e6391590caf00a0f2a5ed612e67 Mon Sep 17 00:00:00 2001
+From: Erik de Castro Lopo <erikd@mega-nerd.com>
+Date: Sat, 8 Apr 2017 18:34:49 +1000
+Subject: [PATCH] stream_decoder.c: Fix a memory leak
+
+Leak reported by Secunia Research.
+CVE: CVE-2017-6888
+Upstream-Status: Backport [https://git.xiph.org/?p=flac.git;a=commitdiff;h=4f47b63e9c971e6391590caf00a0f2a5ed612e67]
+
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ src/libFLAC/stream_decoder.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/libFLAC/stream_decoder.c b/src/libFLAC/stream_decoder.c
+index 14d5fe7f..a5527511 100644
+--- a/src/libFLAC/stream_decoder.c
++++ b/src/libFLAC/stream_decoder.c
+@@ -1753,6 +1753,9 @@ FLAC__bool read_metadata_vorbiscomment_(FLAC__StreamDecoder *decoder, FLAC__Stre
+ 					}
+ 					memset (obj->comments[i].entry, 0, obj->comments[i].length) ;
+ 					if (!FLAC__bitreader_read_byte_block_aligned_no_crc(decoder->private_->input, obj->comments[i].entry, obj->comments[i].length)) {
++						/* Current i-th entry is bad, so we delete it. */
++						free (obj->comments[i].entry) ;
++						obj->comments[i].entry = NULL ;
+ 						obj->num_comments = i;
+ 						goto skip;
+ 					}
+-- 
+2.13.3
+
diff --git a/poky/meta/recipes-multimedia/flac/flac_1.3.2.bb b/poky/meta/recipes-multimedia/flac/flac_1.3.2.bb
index 8315ab5..028a429 100644
--- a/poky/meta/recipes-multimedia/flac/flac_1.3.2.bb
+++ b/poky/meta/recipes-multimedia/flac/flac_1.3.2.bb
@@ -14,7 +14,8 @@
                     file://include/FLAC/all.h;beginline=65;endline=70;md5=64474f2b22e9e77b28d8b8b25c983a48"
 DEPENDS = "libogg"
 
-SRC_URI = "http://downloads.xiph.org/releases/flac/${BP}.tar.xz"
+SRC_URI = "http://downloads.xiph.org/releases/flac/${BP}.tar.xz \
+           file://CVE-2017-6888.patch"
 
 SRC_URI[md5sum] = "454f1bfa3f93cc708098d7890d0499bd"
 SRC_URI[sha256sum] = "91cfc3ed61dc40f47f050a109b08610667d73477af6ef36dcad31c31a4a8d53f"
diff --git a/poky/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-14245-14246.patch b/poky/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-14245-14246.patch
new file mode 100644
index 0000000..a17ec21
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-14245-14246.patch
@@ -0,0 +1,121 @@
+From 2d54514a4f6437b67829717c05472d2e3300a258 Mon Sep 17 00:00:00 2001
+From: Fabian Greffrath <fabian@greffrath.com>
+Date: Wed, 27 Sep 2017 14:46:17 +0200
+Subject: [PATCH] sfe_copy_data_fp: check value of "max" variable for being
+ normal
+
+and check elements of the data[] array for being finite.
+
+Both checks use functions provided by the <math.h> header as declared
+by the C99 standard.
+
+Fixes #317
+CVE: CVE-2017-14245
+CVE: CVE-2017-14246
+
+Upstream-Status: Backport [https://github.com/fabiangreffrath/libsndfile/commit/2d54514a4f6437b67829717c05472d2e3300a258]
+
+Signed-off-by: Fabian Greffrath <fabian@greffrath.com>
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ programs/common.c          | 20 ++++++++++++++++----
+ programs/common.h          |  2 +-
+ programs/sndfile-convert.c |  6 +++++-
+ 3 files changed, 22 insertions(+), 6 deletions(-)
+
+diff --git a/programs/common.c b/programs/common.c
+index a21e62c..a249a58 100644
+--- a/programs/common.c
++++ b/programs/common.c
+@@ -36,6 +36,7 @@
+ #include <string.h>
+ #include <ctype.h>
+ #include <stdint.h>
++#include <math.h>
+ 
+ #include <sndfile.h>
+ 
+@@ -45,7 +46,7 @@
+ 
+ #define	MIN(x, y)	((x) < (y) ? (x) : (y))
+ 
+-void
++int
+ sfe_copy_data_fp (SNDFILE *outfile, SNDFILE *infile, int channels, int normalize)
+ {	static double	data [BUFFER_LEN], max ;
+ 	int		frames, readcount, k ;
+@@ -54,6 +55,8 @@ sfe_copy_data_fp (SNDFILE *outfile, SNDFILE *infile, int channels, int normalize
+ 	readcount = frames ;
+ 
+ 	sf_command (infile, SFC_CALC_SIGNAL_MAX, &max, sizeof (max)) ;
++	if (!isnormal (max)) /* neither zero, subnormal, infinite, nor NaN */
++		return 1 ;
+ 
+ 	if (!normalize && max < 1.0)
+ 	{	while (readcount > 0)
+@@ -67,12 +70,16 @@ sfe_copy_data_fp (SNDFILE *outfile, SNDFILE *infile, int channels, int normalize
+ 		while (readcount > 0)
+ 		{	readcount = sf_readf_double (infile, data, frames) ;
+ 			for (k = 0 ; k < readcount * channels ; k++)
+-				data [k] /= max ;
++			{	data [k] /= max ;
++
++				if (!isfinite (data [k])) /* infinite or NaN */
++					return 1;
++				}
+ 			sf_writef_double (outfile, data, readcount) ;
+ 			} ;
+ 		} ;
+ 
+-	return ;
++	return 0 ;
+ } /* sfe_copy_data_fp */
+ 
+ void
+@@ -252,7 +259,12 @@ sfe_apply_metadata_changes (const char * filenames [2], const METADATA_INFO * in
+ 
+ 		/* If the input file is not the same as the output file, copy the data. */
+ 		if ((infileminor == SF_FORMAT_DOUBLE) || (infileminor == SF_FORMAT_FLOAT))
+-			sfe_copy_data_fp (outfile, infile, sfinfo.channels, SF_FALSE) ;
++		{	if (sfe_copy_data_fp (outfile, infile, sfinfo.channels, SF_FALSE) != 0)
++			{	printf ("Error : Not able to decode input file '%s'\n", filenames [0]) ;
++				error_code = 1 ;
++				goto cleanup_exit ;
++				} ;
++			}
+ 		else
+ 			sfe_copy_data_int (outfile, infile, sfinfo.channels) ;
+ 		} ;
+diff --git a/programs/common.h b/programs/common.h
+index eda2d7d..986277e 100644
+--- a/programs/common.h
++++ b/programs/common.h
+@@ -62,7 +62,7 @@ typedef SF_BROADCAST_INFO_VAR (2048) SF_BROADCAST_INFO_2K ;
+ 
+ void sfe_apply_metadata_changes (const char * filenames [2], const METADATA_INFO * info) ;
+ 
+-void sfe_copy_data_fp (SNDFILE *outfile, SNDFILE *infile, int channels, int normalize) ;
++int sfe_copy_data_fp (SNDFILE *outfile, SNDFILE *infile, int channels, int normalize) ;
+ 
+ void sfe_copy_data_int (SNDFILE *outfile, SNDFILE *infile, int channels) ;
+ 
+diff --git a/programs/sndfile-convert.c b/programs/sndfile-convert.c
+index dff7f79..e6de593 100644
+--- a/programs/sndfile-convert.c
++++ b/programs/sndfile-convert.c
+@@ -335,7 +335,11 @@ main (int argc, char * argv [])
+ 			|| (outfileminor == SF_FORMAT_DOUBLE) || (outfileminor == SF_FORMAT_FLOAT)
+ 			|| (infileminor == SF_FORMAT_DOUBLE) || (infileminor == SF_FORMAT_FLOAT)
+ 			|| (infileminor == SF_FORMAT_VORBIS) || (outfileminor == SF_FORMAT_VORBIS))
+-		sfe_copy_data_fp (outfile, infile, sfinfo.channels, normalize) ;
++	{	if (sfe_copy_data_fp (outfile, infile, sfinfo.channels, normalize) != 0)
++		{	printf ("Error : Not able to decode input file %s.\n", infilename) ;
++			return 1 ;
++			} ;
++		}
+ 	else
+ 		sfe_copy_data_int (outfile, infile, sfinfo.channels) ;
+ 
+-- 
+2.7.4
+
diff --git a/poky/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-14634.patch b/poky/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-14634.patch
new file mode 100644
index 0000000..39b4ec1
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-14634.patch
@@ -0,0 +1,42 @@
+From 85c877d5072866aadbe8ed0c3e0590fbb5e16788 Mon Sep 17 00:00:00 2001
+From: Fabian Greffrath <fabian@greffrath.com>
+Date: Thu, 28 Sep 2017 12:15:04 +0200
+Subject: [PATCH] double64_init: Check psf->sf.channels against upper bound
+
+This prevents division by zero later in the code.
+
+While the trivial case to catch this (i.e. sf.channels < 1) has already
+been covered, a crafted file may report a number of channels that is
+so high (i.e. > INT_MAX/sizeof(double)) that it "somehow" gets
+miscalculated to zero (if this makes sense) in the determination of the
+blockwidth. Since we only support a limited number of channels anyway,
+make sure to check here as well.
+
+CVE: CVE-2017-14634
+
+Closes: https://github.com/erikd/libsndfile/issues/318
+
+Upstream-Status: Backport [https://github.com/erikd/libsndfile/commit/85c877d5072866aadbe8ed0c3e0590fbb5e16788]
+
+Signed-off-by: Erik de Castro Lopo <erikd@mega-nerd.com>
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ src/double64.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/double64.c b/src/double64.c
+index b318ea8..78dfef7 100644
+--- a/src/double64.c
++++ b/src/double64.c
+@@ -91,7 +91,7 @@ int
+ double64_init	(SF_PRIVATE *psf)
+ {	static int double64_caps ;
+ 
+-	if (psf->sf.channels < 1)
++	if (psf->sf.channels < 1 || psf->sf.channels > SF_MAX_CHANNELS)
+ 	{	psf_log_printf (psf, "double64_init : internal error : channels = %d\n", psf->sf.channels) ;
+ 		return SFE_INTERNAL ;
+ 		} ;
+-- 
+2.13.3
+
diff --git a/poky/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb b/poky/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
index 281ac82..ed43b74 100644
--- a/poky/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
+++ b/poky/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
@@ -10,6 +10,8 @@
            file://CVE-2017-8361-8365.patch \
            file://CVE-2017-8362.patch \
            file://CVE-2017-8363.patch \
+           file://CVE-2017-14245-14246.patch \
+           file://CVE-2017-14634.patch \
           "
 
 SRC_URI[md5sum] = "646b5f98ce89ac60cdb060fcd398247c"
diff --git a/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch b/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch
new file mode 100644
index 0000000..7564d92
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch
@@ -0,0 +1,33 @@
+From 018ca26dece618457dd13585cad52941193c4a25 Mon Sep 17 00:00:00 2001
+From: Thomas Daede <daede003@umn.edu>
+Date: Wed, 9 May 2018 14:56:59 -0700
+Subject: [PATCH] CVE-2017-14160: fix bounds check on very low sample rates.
+
+CVE: CVE-2017-14160
+CVE: CVE-2018-10393
+Upstream-Status: Backport from https://gitlab.xiph.org/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25
+
+Signed-off-by: Thomas Daede <daede003@umn.edu>
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ lib/psy.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/lib/psy.c b/lib/psy.c
+index 422c6f1..1310123 100644
+--- a/lib/psy.c
++++ b/lib/psy.c
+@@ -602,8 +602,9 @@ static void bark_noise_hybridmp(int n,const long *b,
+   for (i = 0, x = 0.f;; i++, x += 1.f) {
+ 
+     lo = b[i] >> 16;
+-    if( lo>=0 ) break;
+     hi = b[i] & 0xffff;
++    if( lo>=0 ) break;
++    if( hi>=n ) break;
+ 
+     tN = N[hi] + N[-lo];
+     tX = X[hi] - X[-lo];
+-- 
+2.7.4
+
diff --git a/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-10392.patch b/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-10392.patch
new file mode 100644
index 0000000..f1ef6fb
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-10392.patch
@@ -0,0 +1,29 @@
+From 112d3bd0aaacad51305e1464d4b381dabad0e88b Mon Sep 17 00:00:00 2001
+From: Thomas Daede <daede003@umn.edu>
+Date: Thu, 17 May 2018 16:19:19 -0700
+Subject: [PATCH] Sanity check number of channels in setup.
+
+Fixes #2335.
+CVE: CVE-2018-10392
+Upstream-Status: Backport [https://gitlab.xiph.org/xiph/vorbis/commit/112d3bd0aaacad51305e1464d4b381dabad0e88b]
+
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ lib/vorbisenc.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/lib/vorbisenc.c b/lib/vorbisenc.c
+index 4fc7b62..64a51b5 100644
+--- a/lib/vorbisenc.c
++++ b/lib/vorbisenc.c
+@@ -684,6 +684,7 @@ int vorbis_encode_setup_init(vorbis_info *vi){
+   highlevel_encode_setup *hi=&ci->hi;
+ 
+   if(ci==NULL)return(OV_EINVAL);
++  if(vi->channels<1||vi->channels>255)return(OV_EINVAL);
+   if(!hi->impulse_block_p)i0=1;
+ 
+   /* too low/high an ATH floater is nonsensical, but doesn't break anything */
+-- 
+2.13.3
+
diff --git a/poky/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb b/poky/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb
index 20f887c..615b539 100644
--- a/poky/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb
+++ b/poky/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb
@@ -9,12 +9,15 @@
 LIC_FILES_CHKSUM = "file://COPYING;md5=7d2c487d2fc7dd3e3c7c465a5b7f6217 \
                     file://include/vorbis/vorbisenc.h;beginline=1;endline=11;md5=d1c1d138863d6315131193d4046d81cb"
 DEPENDS = "libogg"
+PR = "r1"
 
 SRC_URI = "http://downloads.xiph.org/releases/vorbis/${BP}.tar.xz \
            file://0001-configure-Check-for-clang.patch \
            file://CVE-2017-14633.patch \
            file://CVE-2017-14632.patch \
            file://CVE-2018-5146.patch \
+           file://CVE-2017-14160.patch \
+           file://CVE-2018-10392.patch \
           "
 SRC_URI[md5sum] = "28cb28097c07a735d6af56e598e1c90f"
 SRC_URI[sha256sum] = "54f94a9527ff0a88477be0a71c0bab09a4c3febe0ed878b24824906cd4b0e1d1"
diff --git a/poky/meta/recipes-support/gnupg/gnupg/CVE-2018-12020.patch b/poky/meta/recipes-support/gnupg/gnupg/CVE-2018-12020.patch
new file mode 100644
index 0000000..14698db
--- /dev/null
+++ b/poky/meta/recipes-support/gnupg/gnupg/CVE-2018-12020.patch
@@ -0,0 +1,47 @@
+From 13f135c7a252cc46cff96e75968d92b6dc8dce1b Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk@gnupg.org>
+Date: Fri, 8 Jun 2018 10:45:21 +0200
+Subject: [PATCH] gpg: Sanitize diagnostic with the original file name.
+
+* g10/mainproc.c (proc_plaintext): Sanitize verbose output.
+--
+
+This fixes a forgotten sanitation of user supplied data in a verbose
+mode diagnostic.  The mention CVE is about using this to inject
+status-fd lines into the stderr output.  Other harm good as well be
+done.  Note that GPGME based applications are not affected because
+GPGME does not fold status output into stderr.
+
+CVE-id: CVE-2018-12020
+GnuPG-bug-id: 4012
+
+Upstream-Status: Backport [https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=13f135c7a252cc46cff96e75968d92b6dc8dce1b]
+
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ g10/mainproc.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/g10/mainproc.c b/g10/mainproc.c
+index d2ceec2fd..a9da08f74 100644
+--- a/g10/mainproc.c
++++ b/g10/mainproc.c
+@@ -851,7 +851,14 @@ proc_plaintext( CTX c, PACKET *pkt )
+   if (pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8))
+     log_info (_("Note: sender requested \"for-your-eyes-only\"\n"));
+   else if (opt.verbose)
+-    log_info (_("original file name='%.*s'\n"), pt->namelen, pt->name);
++    {
++      /* We don't use print_utf8_buffer because that would require a
++       * string change which we don't want in 2.2.  It is also not
++       * clear whether the filename is always utf-8 encoded.  */
++      char *tmp = make_printable_string (pt->name, pt->namelen, 0);
++      log_info (_("original file name='%.*s'\n"), (int)strlen (tmp), tmp);
++      xfree (tmp);
++    }
+ 
+   free_md_filter_context (&c->mfx);
+   if (gcry_md_open (&c->mfx.md, 0, 0))
+-- 
+2.13.3
+
diff --git a/poky/meta/recipes-support/gnupg/gnupg_2.2.4.bb b/poky/meta/recipes-support/gnupg/gnupg_2.2.4.bb
index d3f1a8f..d6bfaff 100644
--- a/poky/meta/recipes-support/gnupg/gnupg_2.2.4.bb
+++ b/poky/meta/recipes-support/gnupg/gnupg_2.2.4.bb
@@ -14,6 +14,7 @@
            file://0002-use-pkgconfig-instead-of-npth-config.patch \
            file://0003-dirmngr-uses-libgpg-error.patch \
            file://0004-autogen.sh-fix-find-version-for-beta-checking.patch \
+           file://CVE-2018-12020.patch \
           "
 SRC_URI_append_class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch"
 
diff --git a/poky/meta/recipes-support/libgcrypt/files/CVE-2018-0495.patch b/poky/meta/recipes-support/libgcrypt/files/CVE-2018-0495.patch
new file mode 100644
index 0000000..c16bd3a
--- /dev/null
+++ b/poky/meta/recipes-support/libgcrypt/files/CVE-2018-0495.patch
@@ -0,0 +1,76 @@
+From 9010d1576e278a4274ad3f4aa15776c28f6ba965 Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Wed, 13 Jun 2018 15:28:58 +0900
+Subject: [PATCH] ecc: Add blinding for ECDSA.
+
+* cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Blind secret D with
+randomized nonce B.
+
+--
+
+Reported-by: Keegan Ryan <Keegan.Ryan@nccgroup.trust>
+CVE-id: CVE-2018-0495
+
+Upstream-Status: Backport [http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965]
+
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ cipher/ecc-ecdsa.c | 20 ++++++++++++++++++--
+ 1 file changed, 18 insertions(+), 2 deletions(-)
+
+diff --git a/cipher/ecc-ecdsa.c b/cipher/ecc-ecdsa.c
+index 1484830b..140e8c09 100644
+--- a/cipher/ecc-ecdsa.c
++++ b/cipher/ecc-ecdsa.c
+@@ -50,6 +50,8 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input, ECC_secret_key *skey,
+   const void *abuf;
+   unsigned int abits, qbits;
+   mpi_ec_t ctx;
++  gcry_mpi_t b;                /* Random number needed for blinding.  */
++  gcry_mpi_t bi;               /* multiplicative inverse of B.        */
+ 
+   if (DBG_CIPHER)
+     log_mpidump ("ecdsa sign hash  ", input );
+@@ -61,6 +63,15 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input, ECC_secret_key *skey,
+   if (rc)
+     return rc;
+ 
++  b  = mpi_snew (qbits);
++  bi = mpi_snew (qbits);
++  do
++    {
++      _gcry_mpi_randomize (b, qbits, GCRY_WEAK_RANDOM);
++      mpi_mod (b, b, skey->E.n);
++    }
++  while (!mpi_invm (bi, b, skey->E.n));
++
+   k = NULL;
+   dr = mpi_alloc (0);
+   sum = mpi_alloc (0);
+@@ -115,8 +126,11 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input, ECC_secret_key *skey,
+         }
+       while (!mpi_cmp_ui (r, 0));
+ 
+-      mpi_mulm (dr, skey->d, r, skey->E.n); /* dr = d*r mod n  */
+-      mpi_addm (sum, hash, dr, skey->E.n);  /* sum = hash + (d*r) mod n  */
++      mpi_mulm (dr, b, skey->d, skey->E.n);
++      mpi_mulm (dr, dr, r, skey->E.n);      /* dr = d*r mod n (blinded with b) */
++      mpi_mulm (sum, b, hash, skey->E.n);
++      mpi_addm (sum, sum, dr, skey->E.n);   /* sum = hash + (d*r) mod n  (blinded with b) */
++      mpi_mulm (sum, bi, sum, skey->E.n);   /* undo blinding by b^-1 */
+       mpi_invm (k_1, k, skey->E.n);         /* k_1 = k^(-1) mod n  */
+       mpi_mulm (s, k_1, sum, skey->E.n);    /* s = k^(-1)*(hash+(d*r)) mod n */
+     }
+@@ -129,6 +143,8 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input, ECC_secret_key *skey,
+     }
+ 
+  leave:
++  mpi_free (b);
++  mpi_free (bi);
+   _gcry_mpi_ec_free (ctx);
+   point_free (&I);
+   mpi_free (x);
+-- 
+2.13.3
+
diff --git a/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.2.bb b/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.2.bb
index b36e653..9d036c8 100644
--- a/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.2.bb
+++ b/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.2.bb
@@ -20,6 +20,7 @@
            file://0003-tests-bench-slope.c-workaround-ICE-failure-on-mips-w.patch \
            file://0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch \
            file://0004-tests-Makefile.am-fix-undefined-reference-to-pthread.patch \
+           file://CVE-2018-0495.patch \
 "
 SRC_URI[md5sum] = "cfb0b5c79eab07686b6898160a407139"
 SRC_URI[sha256sum] = "c8064cae7558144b13ef0eb87093412380efa16c4ee30ad12ecb54886a524c07"
diff --git a/poky/scripts/lib/wic/canned-wks/qemux86-directdisk.wks b/poky/scripts/lib/wic/canned-wks/qemux86-directdisk.wks
index cfa32bd..be51c4e 100644
--- a/poky/scripts/lib/wic/canned-wks/qemux86-directdisk.wks
+++ b/poky/scripts/lib/wic/canned-wks/qemux86-directdisk.wks
@@ -4,5 +4,5 @@
 
 include common.wks.inc
 
-bootloader  --timeout=0  --append="vga=0 rw mem=256M ip=192.168.7.2::192.168.7.1:255.255.255.0 oprofile.timer=1 rootfstype=ext4 "
+bootloader  --timeout=0  --append="vga=0 rw mem=256M oprofile.timer=1 rootfstype=ext4 "