reset upstream subtrees to yocto 2.6

Reset the following subtrees on thud HEAD:

  poky: 87e3a9739d
  meta-openembedded: 6094ae18c8
  meta-security: 31dc4e7532
  meta-raspberrypi: a48743dc36
  meta-xilinx: c42016e2e6

Also re-apply backports that didn't make it into thud:
  poky:
    17726d0 systemd-systemctl-native: handle Install wildcards

  meta-openembedded:
    4321a5d libtinyxml2: update to 7.0.1
    042f0a3 libcereal: Add native and nativesdk classes
    e23284f libcereal: Allow empty package
    030e8d4 rsyslog: curl-less build with fmhttp PACKAGECONFIG
    179a1b9 gtest: update to 1.8.1

Squashed OpenBMC subtree compatibility updates:
  meta-aspeed:
    Brad Bishop (1):
          aspeed: add yocto 2.6 compatibility

  meta-ibm:
    Brad Bishop (1):
          ibm: prepare for yocto 2.6

  meta-ingrasys:
    Brad Bishop (1):
          ingrasys: set layer compatibility to yocto 2.6

  meta-openpower:
    Brad Bishop (1):
          openpower: set layer compatibility to yocto 2.6

  meta-phosphor:
    Brad Bishop (3):
          phosphor: set layer compatibility to thud
          phosphor: libgpg-error: drop patches
          phosphor: react to fitimage artifact rename

    Ed Tanous (4):
          Dropbear: upgrade options for latest upgrade
          yocto2.6: update openssl options
          busybox: remove upstream watchdog patch
          systemd: Rebase CONFIG_CGROUP_BPF patch

Change-Id: I7b1fe71cca880d0372a82d94b5fd785323e3a9e7
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/poky/meta/recipes-devtools/qemu/qemu-targets.inc b/poky/meta/recipes-devtools/qemu/qemu-targets.inc
index 66dd675..810401d 100644
--- a/poky/meta/recipes-devtools/qemu/qemu-targets.inc
+++ b/poky/meta/recipes-devtools/qemu/qemu-targets.inc
@@ -7,7 +7,7 @@
     archs = d.getVar('QEMU_TARGETS').split()
     tos = d.getVar('HOST_OS')
     softmmuonly = ""
-    for arch in ['ppcemb']:
+    for arch in ['ppcemb', 'lm32']:
         if arch in archs:
             softmmuonly += arch + "-softmmu,"
             archs.remove(arch)
diff --git a/poky/meta/recipes-devtools/qemu/qemu.inc b/poky/meta/recipes-devtools/qemu/qemu.inc
index dc73df8..b05c1ce 100644
--- a/poky/meta/recipes-devtools/qemu/qemu.inc
+++ b/poky/meta/recipes-devtools/qemu/qemu.inc
@@ -5,11 +5,11 @@
 RDEPENDS_${PN}_class-target += "bash"
 
 require qemu-targets.inc
-inherit autotools pkgconfig bluetooth
+inherit pkgconfig bluetooth
 BBCLASSEXTEND = "native nativesdk"
 
 # QEMU_TARGETS is overridable variable
-QEMU_TARGETS ?= "arm aarch64 i386 mips mipsel mips64 mips64el ppc sh4 x86_64"
+QEMU_TARGETS ?= "arm aarch64 i386 mips mipsel mips64 mips64el ppc riscv32 riscv64 sh4 x86_64"
 
 EXTRA_OECONF = " \
     --prefix=${prefix} \
@@ -27,6 +27,7 @@
     --disable-werror \
     --target-list=${@get_qemu_target_list(d)} \
     --extra-cflags='${CFLAGS}' \
+    ${PACKAGECONFIG_CONFARGS} \
     "
 EXTRA_OECONF_append_class-native = " --python=python2.7"
 
@@ -36,27 +37,23 @@
 
 export LIBTOOL="${HOST_SYS}-libtool"
 
+B = "${WORKDIR}/build"
+
 do_configure_prepend_class-native() {
 	# Append build host pkg-config paths for native target since the host may provide sdl
 	BHOST_PKGCONFIG_PATH=$(PATH=/usr/bin:/bin pkg-config --variable pc_path pkg-config || echo "")
 	if [ ! -z "$BHOST_PKGCONFIG_PATH" ]; then
 		export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:$BHOST_PKGCONFIG_PATH
 	fi
-
-	# Alter target makefiles to accept CFLAGS set via env
-	sed -i -r \
-		-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
-		"${S}"/Makefile "${S}"/Makefile.target
 }
 
 do_configure() {
     ${S}/configure ${EXTRA_OECONF}
-    test ! -e ${S}/target-i386/beginend_funcs.sh || chmod a+x ${S}/target-i386/beginend_funcs.sh
 }
 
 do_install () {
-	export STRIP="true"
-	autotools_do_install
+	export STRIP=""
+	oe_runmake 'DESTDIR=${D}' install
 }
 
 # The following fragment will create a wrapper for qemu-mips user emulation
@@ -74,10 +71,9 @@
 # END of qemu-mips workaround
 
 PACKAGECONFIG ??= " \
-	fdt sdl \
-	fdt sdl kvm \
-	${@bb.utils.filter('DISTRO_FEATURES', 'alsa xen', d)} \
-	"
+    fdt sdl kvm \
+    ${@bb.utils.filter('DISTRO_FEATURES', 'alsa xen', d)} \
+"
 PACKAGECONFIG_class-native ??= "fdt alsa kvm"
 PACKAGECONFIG_class-nativesdk ??= "fdt sdl kvm"
 
@@ -88,7 +84,7 @@
 PACKAGECONFIG_remove_darwin = "kvm"
 PACKAGECONFIG_remove_mingw32 = "kvm"
 
-PACKAGECONFIG[sdl] = "--enable-sdl,--disable-sdl,libsdl"
+PACKAGECONFIG[sdl] = "--enable-sdl --with-sdlabi=2.0,--disable-sdl,libsdl2"
 PACKAGECONFIG[virtfs] = "--enable-virtfs --enable-attr,--disable-virtfs,libcap attr,"
 PACKAGECONFIG[aio] = "--enable-linux-aio,--disable-linux-aio,libaio,"
 PACKAGECONFIG[xfs] = "--enable-xfsctl,--disable-xfsctl,xfsprogs,"
@@ -115,5 +111,10 @@
 PACKAGECONFIG[bluez] = "--enable-bluez,--disable-bluez,${BLUEZ}"
 PACKAGECONFIG[libiscsi] = "--enable-libiscsi,--disable-libiscsi"
 PACKAGECONFIG[kvm] = "--enable-kvm,--disable-kvm"
+PACKAGECONFIG[virglrenderer] = "--enable-virglrenderer,--disable-virglrenderer,virglrenderer"
+# spice will be in meta-networking layer
+PACKAGECONFIG[spice] = "--enable-spice,--disable-spice,spice"
+# usbredir will be in meta-networking layer
+PACKAGECONFIG[usb-redir] = "--enable-usb-redir,--disable-usb-redir,usbredir"
 
 INSANE_SKIP_${PN} = "arch"
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0001-CVE-2018-11806-QEMU-slirp-heap-buffer-overflow.patch b/poky/meta/recipes-devtools/qemu/qemu/0001-CVE-2018-11806-QEMU-slirp-heap-buffer-overflow.patch
deleted file mode 100644
index 8622360..0000000
--- a/poky/meta/recipes-devtools/qemu/qemu/0001-CVE-2018-11806-QEMU-slirp-heap-buffer-overflow.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-Upstream-Status: Backport
-
-https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg01012.html
-
-From dc21a9d2951f0a2a7e63633e2b5c68c54e4edc4b Mon Sep 17 00:00:00 2001
-From: Jeremy Puhlman <jpuhlman@mvista.com>
-Date: Thu, 14 Jun 2018 01:28:49 +0000
-Subject: [PATCH] CVE-2018-11806 QEMU: slirp: heap buffer overflow
-
-Subject: [Qemu-devel] [PATCH 1/2] slirp: correct size computation while concatenating mbuf
-Date:	Tue, 5 Jun 2018 23:38:35 +0530
-From: Prasad J Pandit <address@hidden>
-
-While reassembling incoming fragmented datagrams, 'm_cat' routine
-extends the 'mbuf' buffer, if it has insufficient room. It computes
-a wrong buffer size, which leads to overwriting adjacent heap buffer
-area. Correct this size computation in m_cat.
-
-Reported-by: ZDI Disclosures <address@hidden>
-Signed-off-by: Prasad J Pandit <address@hidden>
----
- slirp/mbuf.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com>
----
- slirp/mbuf.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/slirp/mbuf.c b/slirp/mbuf.c
-index 5ff2455..7fb4501 100644
---- a/slirp/mbuf.c
-+++ b/slirp/mbuf.c
-@@ -138,7 +138,7 @@ m_cat(struct mbuf *m, struct mbuf *n)
- 	 * If there's no room, realloc
- 	 */
- 	if (M_FREEROOM(m) < n->m_len)
--		m_inc(m,m->m_size+MINCSIZE);
-+               m_inc(m, m->m_len + n->m_len);
- 
- 	memcpy(m->m_data+m->m_len, n->m_data, n->m_len);
- 	m->m_len += n->m_len;
-@@ -158,12 +158,12 @@ m_inc(struct mbuf *m, int size)
- 
-         if (m->m_flags & M_EXT) {
- 	  datasize = m->m_data - m->m_ext;
--          m->m_ext = g_realloc(m->m_ext, size);
-+          m->m_ext = g_realloc(m->m_ext, size + datasize);
- 	  m->m_data = m->m_ext + datasize;
-         } else {
- 	  char *dat;
- 	  datasize = m->m_data - m->m_dat;
--          dat = g_malloc(size);
-+          dat = g_malloc(size + datasize);
- 	  memcpy(dat, m->m_dat, m->m_size);
- 
- 	  m->m_ext = dat;
-@@ -171,7 +171,7 @@ m_inc(struct mbuf *m, int size)
- 	  m->m_flags |= M_EXT;
-         }
- 
--        m->m_size = size;
-+        m->m_size = size + datasize;
- 
- }
- 
--- 
-2.13.3
-
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0001-sdl.c-allow-user-to-disable-pointer-grabs.patch b/poky/meta/recipes-devtools/qemu/qemu/0001-sdl.c-allow-user-to-disable-pointer-grabs.patch
index add5d8b..b8a9206 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/0001-sdl.c-allow-user-to-disable-pointer-grabs.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0001-sdl.c-allow-user-to-disable-pointer-grabs.patch
@@ -1,4 +1,4 @@
-From 273e1af49d3e0a58bb9464369deb2652f243e649 Mon Sep 17 00:00:00 2001
+From 18fb45c34a473c4ba247bb82bcea94b7c3ba493a Mon Sep 17 00:00:00 2001
 From: Ross Burton <ross.burton@intel.com>
 Date: Wed, 18 Sep 2013 14:04:54 +0100
 Subject: [PATCH] sdl.c: allow user to disable pointer grabs
@@ -22,25 +22,26 @@
 Signed-off-by: Ross Burton <ross.burton@intel.com>
 Signed-off-by: Eric Bénard <eric@eukrea.com>
 ---
- ui/sdl.c | 12 ++++++++++--
- 1 file changed, 10 insertions(+), 2 deletions(-)
+ ui/sdl.c | 13 +++++++++++--
+ 1 file changed, 11 insertions(+), 2 deletions(-)
 
 diff --git a/ui/sdl.c b/ui/sdl.c
-index 7b71a9a..29ce1b9 100644
+index a5fd503c25..ab8d1b1eb1 100644
 --- a/ui/sdl.c
 +++ b/ui/sdl.c
-@@ -63,6 +63,10 @@ static SDL_PixelFormat host_format;
- static int scaling_active = 0;
- static Notifier mouse_mode_notifier;
- static int idle_counter;
+@@ -68,6 +68,11 @@ static int idle_counter;
+ static const guint16 *keycode_map;
+ static size_t keycode_maplen;
+ 
 +#ifndef True
 +#define True 1
 +#endif
 +static doing_grabs = True;
- 
++
  #define SDL_REFRESH_INTERVAL_BUSY 10
  #define SDL_MAX_IDLE_COUNT (2 * GUI_REFRESH_INTERVAL_DEFAULT \
-@@ -431,14 +435,16 @@ static void sdl_grab_start(void)
+                             / SDL_REFRESH_INTERVAL_BUSY + 1)
+@@ -398,14 +403,16 @@ static void sdl_grab_start(void)
          }
      } else
          sdl_hide_cursor();
@@ -59,7 +60,7 @@
      gui_grab = 0;
      sdl_show_cursor();
      sdl_update_caption();
-@@ -986,6 +992,8 @@ void sdl_display_init(DisplayState *ds, int full_screen, int no_frame)
+@@ -945,6 +952,8 @@ static void sdl1_display_init(DisplayState *ds, DisplayOptions *o)
       * This requires SDL >= 1.2.14. */
      setenv("SDL_DISABLE_LOCK_KEYS", "1", 1);
  
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0002-qemu-Add-missing-wacom-HID-descriptor.patch b/poky/meta/recipes-devtools/qemu/qemu/0002-qemu-Add-missing-wacom-HID-descriptor.patch
index 281803e..90e4b80 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/0002-qemu-Add-missing-wacom-HID-descriptor.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0002-qemu-Add-missing-wacom-HID-descriptor.patch
@@ -1,4 +1,4 @@
-From a42726e017605ed3ca2b3fc2b1cc8d01ccf34730 Mon Sep 17 00:00:00 2001
+From 41603f745caaecdc7c9d760fb7d2df01ccc60128 Mon Sep 17 00:00:00 2001
 From: Richard Purdie <richard.purdie@linuxfoundation.org>
 Date: Thu, 27 Nov 2014 14:04:29 +0000
 Subject: [PATCH] qemu: Add missing wacom HID descriptor
@@ -14,11 +14,11 @@
 Upstream-Status: Submitted
 2014/11/27
 ---
- hw/usb/dev-wacom.c | 94 +++++++++++++++++++++++++++++++++++++++++++++++++++++-
+ hw/usb/dev-wacom.c | 94 +++++++++++++++++++++++++++++++++++++++++++++-
  1 file changed, 93 insertions(+), 1 deletion(-)
 
 diff --git a/hw/usb/dev-wacom.c b/hw/usb/dev-wacom.c
-index bf70013..2f6e129 100644
+index bf70013059..2f6e129732 100644
 --- a/hw/usb/dev-wacom.c
 +++ b/hw/usb/dev-wacom.c
 @@ -72,6 +72,89 @@ static const USBDescStrings desc_strings = {
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch b/poky/meta/recipes-devtools/qemu/qemu/0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch
index dc07300..0d43271 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch
@@ -1,4 +1,4 @@
-From fda1eee8bc717528d57f6ff454f72c5325043c31 Mon Sep 17 00:00:00 2001
+From a9a669448ba6f1b295427e271d99f61736fc5189 Mon Sep 17 00:00:00 2001
 From: Juro Bystricky <juro.bystricky@intel.com>
 Date: Thu, 31 Aug 2017 11:06:56 -0700
 Subject: [PATCH] Add subpackage -ptest which runs all unit test cases for
@@ -14,10 +14,10 @@
  1 file changed, 8 insertions(+)
 
 diff --git a/tests/Makefile.include b/tests/Makefile.include
-index c002352..f557c26 100644
+index 3b9a5e31a2..dfbcd728d7 100644
 --- a/tests/Makefile.include
 +++ b/tests/Makefile.include
-@@ -935,4 +935,12 @@ all: $(QEMU_IOTESTS_HELPERS-y)
+@@ -972,4 +972,12 @@ all: $(QEMU_IOTESTS_HELPERS-y)
  -include $(wildcard tests/*.d)
  -include $(wildcard tests/libqos/*.d)
  
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch b/poky/meta/recipes-devtools/qemu/qemu/0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch
index 4f28e16..5152dca 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch
@@ -1,4 +1,4 @@
-From ad70fdcaf75084da2e02474c61d1d441ca100ab2 Mon Sep 17 00:00:00 2001
+From dd4404a334a545e9beafa1b1e41b3a8f35ef31a9 Mon Sep 17 00:00:00 2001
 From: Jason Wessel <jason.wessel@windriver.com>
 Date: Fri, 28 Mar 2014 17:42:43 +0800
 Subject: [PATCH] qemu: Add addition environment space to boot loader
@@ -18,10 +18,10 @@
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
-index ec6af4a..6e76166 100644
+index f6513a4fd5..d5efafb1e8 100644
 --- a/hw/mips/mips_malta.c
 +++ b/hw/mips/mips_malta.c
-@@ -61,7 +61,7 @@
+@@ -62,7 +62,7 @@
  
  #define ENVP_ADDR		0x80002000l
  #define ENVP_NB_ENTRIES	 	16
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0005-qemu-disable-Valgrind.patch b/poky/meta/recipes-devtools/qemu/qemu/0005-qemu-disable-Valgrind.patch
index b9e0183..70baf0f 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/0005-qemu-disable-Valgrind.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0005-qemu-disable-Valgrind.patch
@@ -1,4 +1,4 @@
-From e85ee3cc9988172662d6969af01f23fa8ffd5262 Mon Sep 17 00:00:00 2001
+From 4475b3d97371e588540333988a97d7df3ec2c65a Mon Sep 17 00:00:00 2001
 From: Ross Burton <ross.burton@intel.com>
 Date: Tue, 20 Oct 2015 22:19:08 +0100
 Subject: [PATCH] qemu: disable Valgrind
@@ -12,10 +12,10 @@
  1 file changed, 9 deletions(-)
 
 diff --git a/configure b/configure
-index 0c6e757..c30fd45 100755
+index 0a19b033bc..69e05fb6c0 100755
 --- a/configure
 +++ b/configure
-@@ -4741,15 +4741,6 @@ fi
+@@ -4895,15 +4895,6 @@ fi
  # check if we have valgrind/valgrind.h
  
  valgrind_h=no
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch b/poky/meta/recipes-devtools/qemu/qemu/0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch
index 9315f85..a9d798c 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch
@@ -1,4 +1,4 @@
-From c79c48a79710d0e2ef68062435596ac455cd9f71 Mon Sep 17 00:00:00 2001
+From c532bcdae8259b0f71723cda331ded4dbb0fa908 Mon Sep 17 00:00:00 2001
 From: Richard Purdie <richard.purdie@linuxfoundation.org>
 Date: Wed, 9 Mar 2016 22:49:02 +0000
 Subject: [PATCH] qemu: Limit paths searched during user mode emulation
@@ -24,7 +24,7 @@
  1 file changed, 22 insertions(+), 22 deletions(-)
 
 diff --git a/util/path.c b/util/path.c
-index 7f9fc27..a416cd4 100644
+index 7f9fc272fb..a416cd4ac2 100644
 --- a/util/path.c
 +++ b/util/path.c
 @@ -15,6 +15,7 @@ struct pathelem
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch b/poky/meta/recipes-devtools/qemu/qemu/0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch
index ad52f37..12456bb 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch
@@ -1,4 +1,4 @@
-From 4b21a8db60c32f93df56e6111bb926c91680d6f2 Mon Sep 17 00:00:00 2001
+From 2d29d52b6f755758cfca6af0bcfd78091e16a7bc Mon Sep 17 00:00:00 2001
 From: Stephen Arnold <sarnold@vctlabs.com>
 Date: Sun, 12 Jun 2016 18:09:56 -0700
 Subject: [PATCH] qemu-native: set ld.bfd, fix cflags, and set some environment
@@ -9,10 +9,10 @@
  1 file changed, 4 deletions(-)
 
 diff --git a/configure b/configure
-index c30fd45..b5312f4 100755
+index 69e05fb6c0..12fc3d8bdc 100755
 --- a/configure
 +++ b/configure
-@@ -5115,10 +5115,6 @@ fi
+@@ -5413,10 +5413,6 @@ write_c_skeleton
  if test "$gcov" = "yes" ; then
    CFLAGS="-fprofile-arcs -ftest-coverage -g $CFLAGS"
    LDFLAGS="-fprofile-arcs -ftest-coverage $LDFLAGS"
@@ -22,4 +22,4 @@
 -  CFLAGS="-O2 $CFLAGS"
  fi
  
- ##########################################
+ if test "$have_asan" = "yes"; then
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0008-chardev-connect-socket-to-a-spawned-command.patch b/poky/meta/recipes-devtools/qemu/qemu/0008-chardev-connect-socket-to-a-spawned-command.patch
index f0c0fa1..2afe4e9 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/0008-chardev-connect-socket-to-a-spawned-command.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0008-chardev-connect-socket-to-a-spawned-command.patch
@@ -1,4 +1,4 @@
-From 55c9510311b7481a0c8f3f71b3ce130cc25563f9 Mon Sep 17 00:00:00 2001
+From 20a09bb18907e67565c54fc505a741cbbef53f7f Mon Sep 17 00:00:00 2001
 From: Alistair Francis <alistair.francis@xilinx.com>
 Date: Thu, 21 Dec 2017 11:35:16 -0800
 Subject: [PATCH] chardev: connect socket to a spawned command
@@ -45,16 +45,16 @@
 
 Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
 ---
- chardev/char-socket.c | 99 +++++++++++++++++++++++++++++++++++++++++++++++++++
- chardev/char.c        |  3 ++
- qapi/char.json        |  5 +++
- 3 files changed, 107 insertions(+)
+ chardev/char-socket.c | 102 ++++++++++++++++++++++++++++++++++++++++++
+ chardev/char.c        |   3 ++
+ qapi/char.json        |   5 +++
+ 3 files changed, 110 insertions(+)
 
 diff --git a/chardev/char-socket.c b/chardev/char-socket.c
-index 53eda8e..6c63555 100644
+index 159e69c3b1..84778cf31a 100644
 --- a/chardev/char-socket.c
 +++ b/chardev/char-socket.c
-@@ -852,6 +852,68 @@ static gboolean socket_reconnect_timeout(gpointer opaque)
+@@ -934,6 +934,68 @@ static gboolean socket_reconnect_timeout(gpointer opaque)
      return false;
  }
  
@@ -123,7 +123,7 @@
  static void qmp_chardev_open_socket(Chardev *chr,
                                      ChardevBackend *backend,
                                      bool *be_opened,
-@@ -859,6 +921,9 @@ static void qmp_chardev_open_socket(Chardev *chr,
+@@ -941,6 +1003,9 @@ static void qmp_chardev_open_socket(Chardev *chr,
  {
      SocketChardev *s = SOCKET_CHARDEV(chr);
      ChardevSocket *sock = backend->u.socket.data;
@@ -133,24 +133,24 @@
      bool do_nodelay     = sock->has_nodelay ? sock->nodelay : false;
      bool is_listen      = sock->has_server  ? sock->server  : true;
      bool is_telnet      = sock->has_telnet  ? sock->telnet  : false;
-@@ -925,7 +990,14 @@ static void qmp_chardev_open_socket(Chardev *chr,
-     } else if (reconnect > 0) {
+@@ -1008,6 +1073,14 @@ static void qmp_chardev_open_socket(Chardev *chr,
          s->reconnect_time = reconnect;
      }
+ 
 +#ifndef _WIN32
 +    if (cmd) {
 +        chardev_open_socket_cmd(chr, cmd, errp);
- 
++
 +        /* everything ready (or failed permanently) before we return */
 +        *be_opened = true;
 +    } else
 +#endif
-     if (s->reconnect_time) {
-         sioc = qio_channel_socket_new();
-         tcp_chr_set_client_ioc_name(chr, sioc);
-@@ -985,10 +1057,26 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend,
-     const char *host = qemu_opt_get(opts, "host");
+     /* If reconnect_time is set, will do that in chr_machine_done. */
+     if (!s->reconnect_time) {
+         if (s->is_listen) {
+@@ -1065,9 +1138,26 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend,
      const char *port = qemu_opt_get(opts, "port");
+     const char *fd = qemu_opt_get(opts, "fd");
      const char *tls_creds = qemu_opt_get(opts, "tls-creds");
 +#ifndef _WIN32
 +    const char *cmd = qemu_opt_get(opts, "cmd");
@@ -158,7 +158,6 @@
      SocketAddressLegacy *addr;
      ChardevSocket *sock;
  
-     backend->type = CHARDEV_BACKEND_KIND_SOCKET;
 +#ifndef _WIN32
 +    if (cmd) {
 +        /*
@@ -172,17 +171,18 @@
 +        }
 +    } else
 +#endif
-     if (!path) {
-         if (!host) {
-             error_setg(errp, "chardev: socket: no host given");
-@@ -1021,13 +1109,24 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend,
-     sock->has_reconnect = true;
++
+     if ((!!path + !!fd + !!host) != 1) {
+         error_setg(errp,
+                    "Exactly one of 'path', 'fd' or 'host' required");
+@@ -1112,12 +1202,24 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend,
      sock->reconnect = reconnect;
      sock->tls_creds = g_strdup(tls_creds);
+ 
 +#ifndef _WIN32
 +    sock->cmd = g_strdup(cmd);
 +#endif
- 
++ 
      addr = g_new0(SocketAddressLegacy, 1);
 +#ifndef _WIN32
 +    if (path || cmd) {
@@ -197,25 +197,25 @@
 +#else
          q_unix->path = g_strdup(path);
 +#endif
-     } else {
+     } else if (host) {
          addr->type = SOCKET_ADDRESS_LEGACY_KIND_INET;
          addr->u.inet.data = g_new(InetSocketAddress, 1);
 diff --git a/chardev/char.c b/chardev/char.c
-index 2ae4f46..5d52cd5 100644
+index 76d866e6fe..9747d51d7c 100644
 --- a/chardev/char.c
 +++ b/chardev/char.c
-@@ -793,6 +793,9 @@ QemuOptsList qemu_chardev_opts = {
+@@ -792,6 +792,9 @@ QemuOptsList qemu_chardev_opts = {
+         },{
              .name = "path",
              .type = QEMU_OPT_STRING,
-         },{
++        },{
 +            .name = "cmd",
 +            .type = QEMU_OPT_STRING,
-+        },{
+         },{
              .name = "host",
              .type = QEMU_OPT_STRING,
-         },{
 diff --git a/qapi/char.json b/qapi/char.json
-index ae19dcd..6de0f29 100644
+index ae19dcd1ed..6de0f29bcd 100644
 --- a/qapi/char.json
 +++ b/qapi/char.json
 @@ -241,6 +241,10 @@
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0009-apic-fixup-fallthrough-to-PIC.patch b/poky/meta/recipes-devtools/qemu/qemu/0009-apic-fixup-fallthrough-to-PIC.patch
index 915bfda..5969d93 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/0009-apic-fixup-fallthrough-to-PIC.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0009-apic-fixup-fallthrough-to-PIC.patch
@@ -1,4 +1,4 @@
-From 945f428016f278fa8e38bc8d153397c3195f85a5 Mon Sep 17 00:00:00 2001
+From 5046c21efdbc7413cddd5c5dbd9e1d53258d3e8c Mon Sep 17 00:00:00 2001
 From: Mark Asselstine <mark.asselstine@windriver.com>
 Date: Tue, 26 Feb 2013 11:43:28 -0500
 Subject: [PATCH] apic: fixup fallthrough to PIC
@@ -29,10 +29,10 @@
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/hw/intc/apic.c b/hw/intc/apic.c
-index fe15fb6..8352c39 100644
+index 6fda52b86c..cd7291962d 100644
 --- a/hw/intc/apic.c
 +++ b/hw/intc/apic.c
-@@ -591,7 +591,7 @@ int apic_accept_pic_intr(DeviceState *dev)
+@@ -603,7 +603,7 @@ int apic_accept_pic_intr(DeviceState *dev)
      APICCommonState *s = APIC(dev);
      uint32_t lvt0;
  
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch b/poky/meta/recipes-devtools/qemu/qemu/0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
index ceb3980..e110f63 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
@@ -1,4 +1,4 @@
-From 4333b2b269d997a719e19f00d044105e17700be2 Mon Sep 17 00:00:00 2001
+From 3cd92c7a885e4997ef6843313298c1d748d6ca39 Mon Sep 17 00:00:00 2001
 From: Alistair Francis <alistair.francis@xilinx.com>
 Date: Wed, 17 Jan 2018 10:51:49 -0800
 Subject: [PATCH] linux-user: Fix webkitgtk hangs on 32-bit x86 target
@@ -18,10 +18,10 @@
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/linux-user/main.c b/linux-user/main.c
-index 146ee3e..1332b5c 100644
+index 8907a84114..ea42c43610 100644
 --- a/linux-user/main.c
 +++ b/linux-user/main.c
-@@ -78,7 +78,7 @@ do {                                                                    \
+@@ -79,7 +79,7 @@ do {                                                                    \
        (TARGET_LONG_BITS == 32 || defined(TARGET_ABI32))
  /* There are a number of places where we assign reserved_va to a variable
     of type abi_ulong and expect it to fit.  Avoid the last page.  */
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch b/poky/meta/recipes-devtools/qemu/qemu/0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch
new file mode 100644
index 0000000..41626eb
--- /dev/null
+++ b/poky/meta/recipes-devtools/qemu/qemu/0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch
@@ -0,0 +1,141 @@
+From 3ed26be2091436296933ed2146f7269c791c7bfe Mon Sep 17 00:00:00 2001
+From: Martin Jansa <martin.jansa@lge.com>
+Date: Fri, 1 Jun 2018 08:41:07 +0000
+Subject: [PATCH] Revert "linux-user: fix mmap/munmap/mprotect/mremap/shmat"
+
+Causes qemu-i386 to hang during gobject-introspection in webkitgtk build
+when musl is used on qemux86 - the same issue as
+0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
+was fixing in 2.11.0 release, but with this patch the fix no longer worked
+as discussed here:
+http://lists.openembedded.org/pipermail/openembedded-core/2018-May/150302.html
+http://lists.openembedded.org/pipermail/openembedded-core/2018-June/151382.html
+
+This reverts commit ebf9a3630c911d0cfc9c20f7cafe9ba4f88cf583.
+
+Upstream-Status: Pending
+---
+ include/exec/cpu-all.h  |  6 +-----
+ include/exec/cpu_ldst.h | 16 +++++++++-------
+ linux-user/mmap.c       | 17 ++++-------------
+ linux-user/syscall.c    |  5 +----
+ 4 files changed, 15 insertions(+), 29 deletions(-)
+
+diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
+index f4fa94e966..0b141683f0 100644
+--- a/include/exec/cpu-all.h
++++ b/include/exec/cpu-all.h
+@@ -159,12 +159,8 @@ extern unsigned long guest_base;
+ extern int have_guest_base;
+ extern unsigned long reserved_va;
+ 
+-#if HOST_LONG_BITS <= TARGET_VIRT_ADDR_SPACE_BITS
+-#define GUEST_ADDR_MAX (~0ul)
+-#else
+-#define GUEST_ADDR_MAX (reserved_va ? reserved_va - 1 : \
++#define GUEST_ADDR_MAX (reserved_va ? reserved_va : \
+                                     (1ul << TARGET_VIRT_ADDR_SPACE_BITS) - 1)
+-#endif
+ #else
+ 
+ #include "exec/hwaddr.h"
+diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
+index 5de8c8a5af..191f2e962a 100644
+--- a/include/exec/cpu_ldst.h
++++ b/include/exec/cpu_ldst.h
+@@ -51,13 +51,15 @@
+ /* All direct uses of g2h and h2g need to go away for usermode softmmu.  */
+ #define g2h(x) ((void *)((unsigned long)(target_ulong)(x) + guest_base))
+ 
+-#define guest_addr_valid(x) ((x) <= GUEST_ADDR_MAX)
+-#define h2g_valid(x) guest_addr_valid((unsigned long)(x) - guest_base)
+-
+-static inline int guest_range_valid(unsigned long start, unsigned long len)
+-{
+-    return len - 1 <= GUEST_ADDR_MAX && start <= GUEST_ADDR_MAX - len + 1;
+-}
++#if HOST_LONG_BITS <= TARGET_VIRT_ADDR_SPACE_BITS
++#define h2g_valid(x) 1
++#else
++#define h2g_valid(x) ({ \
++    unsigned long __guest = (unsigned long)(x) - guest_base; \
++    (__guest < (1ul << TARGET_VIRT_ADDR_SPACE_BITS)) && \
++    (!reserved_va || (__guest < reserved_va)); \
++})
++#endif
+ 
+ #define h2g_nocheck(x) ({ \
+     unsigned long __ret = (unsigned long)(x) - guest_base; \
+diff --git a/linux-user/mmap.c b/linux-user/mmap.c
+index 9168a2051c..de85669aab 100644
+--- a/linux-user/mmap.c
++++ b/linux-user/mmap.c
+@@ -80,7 +80,7 @@ int target_mprotect(abi_ulong start, abi_ulong len, int prot)
+         return -TARGET_EINVAL;
+     len = TARGET_PAGE_ALIGN(len);
+     end = start + len;
+-    if (!guest_range_valid(start, len)) {
++    if (end < start) {
+         return -TARGET_ENOMEM;
+     }
+     prot &= PROT_READ | PROT_WRITE | PROT_EXEC;
+@@ -482,8 +482,8 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int prot,
+ 	 * It can fail only on 64-bit host with 32-bit target.
+ 	 * On any other target/host host mmap() handles this error correctly.
+ 	 */
+-        if (!guest_range_valid(start, len)) {
+-            errno = ENOMEM;
++        if ((unsigned long)start + len - 1 > (abi_ulong) -1) {
++            errno = EINVAL;
+             goto fail;
+         }
+ 
+@@ -623,10 +623,8 @@ int target_munmap(abi_ulong start, abi_ulong len)
+     if (start & ~TARGET_PAGE_MASK)
+         return -TARGET_EINVAL;
+     len = TARGET_PAGE_ALIGN(len);
+-    if (len == 0 || !guest_range_valid(start, len)) {
++    if (len == 0)
+         return -TARGET_EINVAL;
+-    }
+-
+     mmap_lock();
+     end = start + len;
+     real_start = start & qemu_host_page_mask;
+@@ -681,13 +679,6 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size,
+     int prot;
+     void *host_addr;
+ 
+-    if (!guest_range_valid(old_addr, old_size) ||
+-        ((flags & MREMAP_FIXED) &&
+-         !guest_range_valid(new_addr, new_size))) {
+-        errno = ENOMEM;
+-        return -1;
+-    }
+-
+     mmap_lock();
+ 
+     if (flags & MREMAP_FIXED) {
+diff --git a/linux-user/syscall.c b/linux-user/syscall.c
+index 643b8833de..271f215147 100644
+--- a/linux-user/syscall.c
++++ b/linux-user/syscall.c
+@@ -4919,9 +4919,6 @@ static inline abi_ulong do_shmat(CPUArchState *cpu_env,
+             return -TARGET_EINVAL;
+         }
+     }
+-    if (!guest_range_valid(shmaddr, shm_info.shm_segsz)) {
+-        return -TARGET_EINVAL;
+-    }
+ 
+     mmap_lock();
+ 
+@@ -7497,7 +7494,7 @@ static int open_self_maps(void *cpu_env, int fd)
+         }
+         if (h2g_valid(min)) {
+             int flags = page_get_flags(h2g(min));
+-            max = h2g_valid(max - 1) ? max : (uintptr_t)g2h(GUEST_ADDR_MAX) + 1;
++            max = h2g_valid(max - 1) ? max : (uintptr_t)g2h(GUEST_ADDR_MAX);
+             if (page_check_range(h2g(min), max - min, flags) == -1) {
+                 continue;
+             }
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0011-memfd-fix-configure-test.patch b/poky/meta/recipes-devtools/qemu/qemu/0011-memfd-fix-configure-test.patch
deleted file mode 100644
index 880cb98..0000000
--- a/poky/meta/recipes-devtools/qemu/qemu/0011-memfd-fix-configure-test.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From 0c8af3f651a125d636a71d93bafd35ff5240431a Mon Sep 17 00:00:00 2001
-From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Tue, 28 Nov 2017 11:51:27 +0100
-Subject: [PATCH] memfd: fix configure test
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Recent glibc added memfd_create in sys/mman.h.  This conflicts with
-the definition in util/memfd.c:
-
-    /builddir/build/BUILD/qemu-2.11.0-rc1/util/memfd.c:40:12: error: static declaration of memfd_create follows non-static declaration
-
-Fix the configure test, and remove the sys/memfd.h inclusion since the
-file actually does not exist---it is a typo in the memfd_create(2) man
-page.
-
-Cc: Marc-André Lureau <marcandre.lureau@redhat.com>
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- configure    | 2 +-
- util/memfd.c | 4 +---
- 2 files changed, 2 insertions(+), 4 deletions(-)
-
-diff --git a/configure b/configure
-index b5312f4..ec12f36 100755
---- a/configure
-+++ b/configure
-@@ -3920,7 +3920,7 @@ fi
- # check if memfd is supported
- memfd=no
- cat > $TMPC << EOF
--#include <sys/memfd.h>
-+#include <sys/mman.h>
- 
- int main(void)
- {
-diff --git a/util/memfd.c b/util/memfd.c
-index 4571d1a..412e94a 100644
---- a/util/memfd.c
-+++ b/util/memfd.c
-@@ -31,9 +31,7 @@
- 
- #include "qemu/memfd.h"
- 
--#ifdef CONFIG_MEMFD
--#include <sys/memfd.h>
--#elif defined CONFIG_LINUX
-+#if defined CONFIG_LINUX && !defined CONFIG_MEMFD
- #include <sys/syscall.h>
- #include <asm/unistd.h>
- 
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0012-arm-translate-a64-treat-DISAS_UPDATE-as-variant-of-D.patch b/poky/meta/recipes-devtools/qemu/qemu/0012-arm-translate-a64-treat-DISAS_UPDATE-as-variant-of-D.patch
deleted file mode 100644
index be92502..0000000
--- a/poky/meta/recipes-devtools/qemu/qemu/0012-arm-translate-a64-treat-DISAS_UPDATE-as-variant-of-D.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From 7354b9b24c36ee712bb6e881d39504bf1b6a4c8b Mon Sep 17 00:00:00 2001
-From: Victor Kamensky <kamensky@cisco.com>
-Date: Fri, 23 Mar 2018 18:26:45 +0000
-Subject: [PATCH] arm/translate-a64: treat DISAS_UPDATE as variant of
- DISAS_EXIT
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-In OE project 4.15 linux kernel boot hang was observed under
-single cpu aarch64 qemu. Kernel code was in a loop waiting for
-vtimer arrival, spinning in TC generated blocks, while interrupt
-was pending unprocessed. This happened because when qemu tried to
-handle vtimer interrupt target had interrupts disabled, as
-result flag indicating TCG exit, cpu->icount_decr.u16.high,
-was cleared but arm_cpu_exec_interrupt function did not call
-arm_cpu_do_interrupt to process interrupt. Later when target
-reenabled interrupts, it happened without exit into main loop, so
-following code that waited for result of interrupt execution
-run in infinite loop.
-
-To solve the problem instructions that operate on CPU sys state
-(i.e enable/disable interrupt), and marked as DISAS_UPDATE,
-should be considered as DISAS_EXIT variant, and should be
-forced to exit back to main loop so qemu will have a chance
-processing pending CPU state updates, including pending
-interrupts.
-
-This change brings consistency with how DISAS_UPDATE is treated
-in aarch32 case.
-
-CC: Peter Maydell <peter.maydell@linaro.org>
-CC: Alex Bennée <alex.bennee@linaro.org>
-CC: qemu-stable@nongnu.org
-Suggested-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Victor Kamensky <kamensky@cisco.com>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 1521526368-1996-1-git-send-email-kamensky@cisco.com
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Upstream-Status: Backport
----
- target/arm/translate-a64.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
-index 625ef2d..c381091 100644
---- a/target/arm/translate-a64.c
-+++ b/target/arm/translate-a64.c
-@@ -11384,12 +11384,12 @@ static void aarch64_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
-         case DISAS_UPDATE:
-             gen_a64_set_pc_im(dc->pc);
-             /* fall through */
--        case DISAS_JUMP:
--            tcg_gen_lookup_and_goto_ptr();
--            break;
-         case DISAS_EXIT:
-             tcg_gen_exit_tb(0);
-             break;
-+        case DISAS_JUMP:
-+            tcg_gen_lookup_and_goto_ptr();
-+            break;
-         case DISAS_NORETURN:
-         case DISAS_SWI:
-             break;
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0014-fix-libcap-header-issue-on-some-distro.patch b/poky/meta/recipes-devtools/qemu/qemu/0012-fix-libcap-header-issue-on-some-distro.patch
similarity index 96%
rename from poky/meta/recipes-devtools/qemu/qemu/0014-fix-libcap-header-issue-on-some-distro.patch
rename to poky/meta/recipes-devtools/qemu/qemu/0012-fix-libcap-header-issue-on-some-distro.patch
index b662a41..aa24f72 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/0014-fix-libcap-header-issue-on-some-distro.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0012-fix-libcap-header-issue-on-some-distro.patch
@@ -1,4 +1,4 @@
-From 47fdb0b6e2e393194a8c81544c647fdd997aec7f Mon Sep 17 00:00:00 2001
+From bb9e48e331eee06d7bac1dce809c70191d1a3b4d Mon Sep 17 00:00:00 2001
 From: Hongxu Jia <hongxu.jia@windriver.com>
 Date: Tue, 12 Mar 2013 09:54:06 +0800
 Subject: [PATCH] fix libcap header issue on some distro
@@ -59,7 +59,7 @@
  1 file changed, 5 insertions(+), 2 deletions(-)
 
 diff --git a/fsdev/virtfs-proxy-helper.c b/fsdev/virtfs-proxy-helper.c
-index 8e48500..6490030 100644
+index 6f132c5ff1..8329950c26 100644
 --- a/fsdev/virtfs-proxy-helper.c
 +++ b/fsdev/virtfs-proxy-helper.c
 @@ -13,7 +13,6 @@
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0015-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch b/poky/meta/recipes-devtools/qemu/qemu/0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch
similarity index 87%
rename from poky/meta/recipes-devtools/qemu/qemu/0015-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch
rename to poky/meta/recipes-devtools/qemu/qemu/0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch
index a5621ca..8a9141a 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/0015-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch
@@ -1,4 +1,4 @@
-From db914e0f93a32b6731a636517002ecadc207718b Mon Sep 17 00:00:00 2001
+From edc8dba74c7a4a2121d76c982be0074183bf080a Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?An=C3=ADbal=20Lim=C3=B3n?= <anibal.limon@linux.intel.com>
 Date: Wed, 12 Aug 2015 15:11:30 -0500
 Subject: [PATCH] cpus.c: Add error messages when qemi_cpu_kick_thread fails.
@@ -19,10 +19,10 @@
  create mode 100644 custom_debug.h
 
 diff --git a/cpus.c b/cpus.c
-index 114c29b..c3dd2e0 100644
+index 38eba8bff3..b84a60a4f3 100644
 --- a/cpus.c
 +++ b/cpus.c
-@@ -1510,6 +1510,8 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
+@@ -1690,6 +1690,8 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
      return NULL;
  }
  
@@ -31,7 +31,7 @@
  static void qemu_cpu_kick_thread(CPUState *cpu)
  {
  #ifndef _WIN32
-@@ -1522,6 +1524,9 @@ static void qemu_cpu_kick_thread(CPUState *cpu)
+@@ -1702,6 +1704,9 @@ static void qemu_cpu_kick_thread(CPUState *cpu)
      err = pthread_kill(cpu->thread->thread, SIG_IPI);
      if (err) {
          fprintf(stderr, "qemu:%s: %s", __func__, strerror(err));
@@ -43,7 +43,7 @@
  #else /* _WIN32 */
 diff --git a/custom_debug.h b/custom_debug.h
 new file mode 100644
-index 0000000..f029e45
+index 0000000000..f029e45547
 --- /dev/null
 +++ b/custom_debug.h
 @@ -0,0 +1,24 @@
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0013-ps2-check-PS2Queue-pointers-in-post_load-routine.patch b/poky/meta/recipes-devtools/qemu/qemu/0013-ps2-check-PS2Queue-pointers-in-post_load-routine.patch
deleted file mode 100644
index d2bdf6b..0000000
--- a/poky/meta/recipes-devtools/qemu/qemu/0013-ps2-check-PS2Queue-pointers-in-post_load-routine.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From 065061dca34fa5b91be6dce9a87a8755d8826c78 Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Thu, 16 Nov 2017 13:21:55 +0530
-Subject: [PATCH] ps2: check PS2Queue pointers in post_load routine
-
-During Qemu guest migration, a destination process invokes ps2
-post_load function. In that, if 'rptr' and 'count' values were
-invalid, it could lead to OOB access or infinite loop issue.
-Add check to avoid it.
-
-Reported-by: Cyrille Chatras <cyrille.chatras@orange.com>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Message-id: 20171116075155.22378-1-ppandit@redhat.com
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-
-CVE: CVE-2017-16845
-Upstream-Status: Backport
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- hw/input/ps2.c | 21 +++++++++------------
- 1 file changed, 9 insertions(+), 12 deletions(-)
-
-diff --git a/hw/input/ps2.c b/hw/input/ps2.c
-index f388a23..de171a2 100644
---- a/hw/input/ps2.c
-+++ b/hw/input/ps2.c
-@@ -1225,24 +1225,21 @@ static void ps2_common_reset(PS2State *s)
- static void ps2_common_post_load(PS2State *s)
- {
-     PS2Queue *q = &s->queue;
--    int size;
--    int i;
--    int tmp_data[PS2_QUEUE_SIZE];
-+    uint8_t i, size;
-+    uint8_t tmp_data[PS2_QUEUE_SIZE];
- 
-     /* set the useful data buffer queue size, < PS2_QUEUE_SIZE */
--    size = q->count > PS2_QUEUE_SIZE ? 0 : q->count;
-+    size = (q->count < 0 || q->count > PS2_QUEUE_SIZE) ? 0 : q->count;
- 
-     /* move the queue elements to the start of data array */
--    if (size > 0) {
--        for (i = 0; i < size; i++) {
--            /* move the queue elements to the temporary buffer */
--            tmp_data[i] = q->data[q->rptr];
--            if (++q->rptr == 256) {
--                q->rptr = 0;
--            }
-+    for (i = 0; i < size; i++) {
-+        if (q->rptr < 0 || q->rptr >= sizeof(q->data)) {
-+            q->rptr = 0;
-         }
--        memcpy(q->data, tmp_data, size);
-+        tmp_data[i] = q->data[q->rptr++];
-     }
-+    memcpy(q->data, tmp_data, size);
-+
-     /* reset rptr/wptr/count */
-     q->rptr = 0;
-     q->wptr = size;
diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-10839.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-10839.patch
new file mode 100644
index 0000000..7e1e442
--- /dev/null
+++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-10839.patch
@@ -0,0 +1,52 @@
+From fdc89e90fac40c5ca2686733df17b6423fb8d8fb Mon Sep 17 00:00:00 2001
+From: Jason Wang <jasowang@redhat.com>
+Date: Wed, 30 May 2018 13:08:15 +0800
+Subject: [PATCH] ne2000: fix possible out of bound access in ne2000_receive
+
+In ne2000_receive(), we try to assign size_ to size which converts
+from size_t to integer. This will cause troubles when size_ is greater
+INT_MAX, this will lead a negative value in size and it can then pass
+the check of size < MIN_BUF_SIZE which may lead out of bound access of
+for both buf and buf1.
+
+Fixing by converting the type of size to size_t.
+
+CC: qemu-stable@nongnu.org
+Reported-by: Daniel Shapira <daniel@twistlock.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+
+Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commitdiff
+;h=fdc89e90fac40c5ca2686733df17b6423fb8d8fb#patch1]
+
+CVE: CVE-2018-10839
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ hw/net/ne2000.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/hw/net/ne2000.c b/hw/net/ne2000.c
+index 07d79e3..869518e 100644
+--- a/hw/net/ne2000.c
++++ b/hw/net/ne2000.c
+@@ -174,7 +174,7 @@ static int ne2000_buffer_full(NE2000State *s)
+ ssize_t ne2000_receive(NetClientState *nc, const uint8_t *buf, size_t size_)
+ {
+     NE2000State *s = qemu_get_nic_opaque(nc);
+-    int size = size_;
++    size_t size = size_;
+     uint8_t *p;
+     unsigned int total_len, next, avail, len, index, mcast_idx;
+     uint8_t buf1[60];
+@@ -182,7 +182,7 @@ ssize_t ne2000_receive(NetClientState *nc, const uint8_t *buf, size_t size_)
+         { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
+ 
+ #if defined(DEBUG_NE2000)
+-    printf("NE2000: received len=%d\n", size);
++    printf("NE2000: received len=%zu\n", size);
+ #endif
+ 
+     if (s->cmd & E8390_STOP || ne2000_buffer_full(s))
+-- 
+1.8.3.1
diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-12617.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-12617.patch
deleted file mode 100644
index c89f189..0000000
--- a/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-12617.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From 141b197408ab398c4f474ac1a728ab316e921f2b Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Wed, 13 Jun 2018 11:46:57 +0530
-Subject: [PATCH] qga: check bytes count read by guest-file-read
-
-While reading file content via 'guest-file-read' command,
-'qmp_guest_file_read' routine allocates buffer of count+1
-bytes. It could overflow for large values of 'count'.
-Add check to avoid it.
-
-Reported-by: Fakhri Zulkifli <mohdfakhrizulkifli@gmail.com>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
-
-CVE: CVE-2018-12617
-Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commitdiff;h=141b197408ab398c4f474ac1a728ab316e921f2b]
-
-Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
----
- qga/commands-posix.c | 2 +-
- qga/commands-win32.c | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/qga/commands-posix.c b/qga/commands-posix.c
-index 594d21ef3e..9284e71666 100644
---- a/qga/commands-posix.c
-+++ b/qga/commands-posix.c
-@@ -458,7 +458,7 @@ struct GuestFileRead *qmp_guest_file_read(int64_t handle, bool has_count,
- 
-     if (!has_count) {
-         count = QGA_READ_COUNT_DEFAULT;
--    } else if (count < 0) {
-+    } else if (count < 0 || count >= UINT32_MAX) {
-         error_setg(errp, "value '%" PRId64 "' is invalid for argument count",
-                    count);
-         return NULL;
-diff --git a/qga/commands-win32.c b/qga/commands-win32.c
-index 70ee5379f6..73f31fa8c2 100644
---- a/qga/commands-win32.c
-+++ b/qga/commands-win32.c
-@@ -318,7 +318,7 @@ GuestFileRead *qmp_guest_file_read(int64_t handle, bool has_count,
-     }
-     if (!has_count) {
-         count = QGA_READ_COUNT_DEFAULT;
--    } else if (count < 0) {
-+    } else if (count < 0 || count >= UINT32_MAX) {
-         error_setg(errp, "value '%" PRId64
-                    "' is invalid for argument count", count);
-         return NULL;
--- 
-2.13.3
-
diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-15746.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-15746.patch
new file mode 100644
index 0000000..2f61ea0
--- /dev/null
+++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-15746.patch
@@ -0,0 +1,64 @@
+From 9acf4c64dd4560bd268006d7356c7455fab7e5b1 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Thu, 6 Sep 2018 14:52:12 +0800
+Subject: [PATCH] seccomp: set the seccomp filter to all threads
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+When using "-seccomp on", the seccomp policy is only applied to the
+main thread, the vcpu worker thread and other worker threads created
+after seccomp policy is applied; the seccomp policy is not applied to
+e.g. the RCU thread because it is created before the seccomp policy is
+applied and SECCOMP_FILTER_FLAG_TSYNC isn't used.
+
+This can be verified with
+for task in /proc/`pidof qemu`/task/*; do cat $task/status | grep Secc ; done
+Seccomp:	2
+Seccomp:	0
+Seccomp:	0
+Seccomp:	2
+Seccomp:	2
+Seccomp:	2
+
+Starting with libseccomp 2.2.0 and kernel >= 3.17, we can use
+seccomp_attr_set(ctx, > SCMP_FLTATR_CTL_TSYNC, 1) to update the policy
+on all threads.
+
+libseccomp requirement was bumped to 2.2.0 in previous patch.
+libseccomp should fail to set the filter if it can't honour
+SCMP_FLTATR_CTL_TSYNC (untested), and thus -sandbox will now fail on
+kernel < 3.17.
+
+Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+Acked-by: Eduardo Otubo <otubo@redhat.com>
+
+Upstream-Status: Backport[https://github.com/qemu/qemu/commit/
+70dfabeaa79ba4d7a3b699abe1a047c8012db114#diff-18106d3b47a2d249f9d41e772b7db22d]
+
+CVE: CVE-2018-15746
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ qemu-seccomp.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/qemu-seccomp.c b/qemu-seccomp.c
+index 9cd8eb9..ba5500a 100644
+--- a/qemu-seccomp.c
++++ b/qemu-seccomp.c
+@@ -120,6 +120,11 @@ static int seccomp_start(uint32_t seccomp_opts)
+         goto seccomp_return;
+     }
+ 
++    rc = seccomp_attr_set(ctx, SCMP_FLTATR_CTL_TSYNC, 1);
++    if (rc != 0) {
++        goto seccomp_return;
++    }
++
+     for (i = 0; i < ARRAY_SIZE(blacklist); i++) {
+         if (!(seccomp_opts & blacklist[i].set)) {
+             continue;
+-- 
+2.7.4
+
diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-17958.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-17958.patch
new file mode 100644
index 0000000..af40ff2
--- /dev/null
+++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-17958.patch
@@ -0,0 +1,52 @@
+From 06e88ca78d056ea4de885e3a1496805179dc47bc Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Mon, 15 Oct 2018 16:33:04 +0800
+Subject: [PATCH] ne2000: fix possible out of bound access in ne2000_receive
+
+In ne2000_receive(), we try to assign size_ to size which converts
+from size_t to integer. This will cause troubles when size_ is greater
+INT_MAX, this will lead a negative value in size and it can then pass
+the check of size < MIN_BUF_SIZE which may lead out of bound access of
+for both buf and buf1.
+
+Fixing by converting the type of size to size_t.
+
+CC: address@hidden
+Reported-by: Daniel Shapira <address@hidden>
+Reviewed-by: Michael S. Tsirkin <address@hidden>
+Signed-off-by: Jason Wang <address@hidden>
+
+Upstream-Status: Backport [https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03273.html]
+
+CVE: CVE-2018-17958
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ hw/net/ne2000.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/hw/net/ne2000.c b/hw/net/ne2000.c
+index 07d79e3..869518e 100644
+--- a/hw/net/ne2000.c
++++ b/hw/net/ne2000.c
+@@ -174,7 +174,7 @@ static int ne2000_buffer_full(NE2000State *s)
+ ssize_t ne2000_receive(NetClientState *nc, const uint8_t *buf, size_t size_)
+ {
+     NE2000State *s = qemu_get_nic_opaque(nc);
+-    int size = size_;
++    size_t size = size_;
+     uint8_t *p;
+     unsigned int total_len, next, avail, len, index, mcast_idx;
+     uint8_t buf1[60];
+@@ -182,7 +182,7 @@ ssize_t ne2000_receive(NetClientState *nc, const uint8_t *buf, size_t size_)
+         { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
+ 
+ #if defined(DEBUG_NE2000)
+-    printf("NE2000: received len=%d\n", size);
++    printf("NE2000: received len=%zu\n", size);
+ #endif
+ 
+     if (s->cmd & E8390_STOP || ne2000_buffer_full(s))
+-- 
+2.7.4
+
diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-17962.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-17962.patch
new file mode 100644
index 0000000..88bfd81
--- /dev/null
+++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-17962.patch
@@ -0,0 +1,70 @@
+From 20abe443ad9464b18ac494f71f7d53f19ee3748f Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Mon, 15 Oct 2018 16:38:08 +0800
+Subject: [PATCH] rtl8139: fix possible out of bound access
+
+In rtl8139_do_receive(), we try to assign size_ to size which converts
+from size_t to integer. This will cause troubles when size_ is greater
+INT_MAX, this will lead a negative value in size and it can then pass
+the check of size < MIN_BUF_SIZE which may lead out of bound access of
+for both buf and buf1.
+
+Fixing by converting the type of size to size_t.
+
+CC: address@hidden
+Reported-by: Daniel Shapira <address@hidden>
+Reviewed-by: Michael S. Tsirkin <address@hidden>
+Signed-off-by: Jason Wang <address@hidden>
+
+Upstream-Status: Backport [https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03269.html]
+
+CVE: CVE-2018-17962
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ hw/net/rtl8139.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
+index 46daa16..2342a09 100644
+--- a/hw/net/rtl8139.c
++++ b/hw/net/rtl8139.c
+@@ -817,7 +817,7 @@ static ssize_t rtl8139_do_receive(NetClientState *nc, const uint8_t *buf, size_t
+     RTL8139State *s = qemu_get_nic_opaque(nc);
+     PCIDevice *d = PCI_DEVICE(s);
+     /* size is the length of the buffer passed to the driver */
+-    int size = size_;
++    size_t size = size_;
+     const uint8_t *dot1q_buf = NULL;
+ 
+     uint32_t packet_header = 0;
+@@ -826,7 +826,7 @@ static ssize_t rtl8139_do_receive(NetClientState *nc, const uint8_t *buf, size_t
+     static const uint8_t broadcast_macaddr[6] =
+         { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
+ 
+-    DPRINTF(">>> received len=%d\n", size);
++    DPRINTF(">>> received len=%zu\n", size);
+ 
+     /* test if board clock is stopped */
+     if (!s->clock_enabled)
+@@ -1035,7 +1035,7 @@ static ssize_t rtl8139_do_receive(NetClientState *nc, const uint8_t *buf, size_t
+ 
+         if (size+4 > rx_space)
+         {
+-            DPRINTF("C+ Rx mode : descriptor %d size %d received %d + 4\n",
++            DPRINTF("C+ Rx mode : descriptor %d size %d received %zu + 4\n",
+                 descriptor, rx_space, size);
+ 
+             s->IntrStatus |= RxOverflow;
+@@ -1148,7 +1148,7 @@ static ssize_t rtl8139_do_receive(NetClientState *nc, const uint8_t *buf, size_t
+         if (avail != 0 && RX_ALIGN(size + 8) >= avail)
+         {
+             DPRINTF("rx overflow: rx buffer length %d head 0x%04x "
+-                "read 0x%04x === available 0x%04x need 0x%04x\n",
++                "read 0x%04x === available 0x%04x need 0x%04zx\n",
+                 s->RxBufferSize, s->RxBufAddr, s->RxBufPtr, avail, size + 8);
+ 
+             s->IntrStatus |= RxOverflow;
+-- 
+2.7.4
+
diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-17963.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-17963.patch
new file mode 100644
index 0000000..054cdc8
--- /dev/null
+++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-17963.patch
@@ -0,0 +1,51 @@
+From e5ff72a8005dd1d9c0f63f8a9cc4298df5bb7551 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Mon, 15 Oct 2018 16:39:46 +0800
+Subject: [PATCH] pcnet: fix possible buffer overflow
+
+In pcnet_receive(), we try to assign size_ to size which converts from
+size_t to integer. This will cause troubles when size_ is greater
+INT_MAX, this will lead a negative value in size and it can then pass
+the check of size < MIN_BUF_SIZE which may lead out of bound access
+for both buf and buf1.
+
+Fixing by converting the type of size to size_t.
+
+CC: address@hidden
+Reported-by: Daniel Shapira <address@hidden>
+Reviewed-by: Michael S. Tsirkin <address@hidden>
+Signed-off-by: Jason Wang <address@hidden>
+
+Upstream-Status: Backport [https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03268.html]
+
+CVE: CVE-2018-17963
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ hw/net/pcnet.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c
+index 0c44554..d9ba04b 100644
+--- a/hw/net/pcnet.c
++++ b/hw/net/pcnet.c
+@@ -988,14 +988,14 @@ ssize_t pcnet_receive(NetClientState *nc, const uint8_t *buf, size_t size_)
+     uint8_t buf1[60];
+     int remaining;
+     int crc_err = 0;
+-    int size = size_;
++    size_t size = size_;
+ 
+     if (CSR_DRX(s) || CSR_STOP(s) || CSR_SPND(s) || !size ||
+         (CSR_LOOP(s) && !s->looptest)) {
+         return -1;
+     }
+ #ifdef PCNET_DEBUG
+-    printf("pcnet_receive size=%d\n", size);
++    printf("pcnet_receive size=%zu\n", size);
+ #endif
+ 
+     /* if too small buffer, then expand it */
+-- 
+2.7.4
+
diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-7550.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-7550.patch
deleted file mode 100644
index 9923d12..0000000
--- a/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-7550.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From 2a8fcd119eb7c6bb3837fc3669eb1b2dfb31daf8 Mon Sep 17 00:00:00 2001
-From: Jack Schwartz <jack.schwartz@oracle.com>
-Date: Thu, 21 Dec 2017 09:25:15 -0800
-Subject: [PATCH] multiboot: bss_end_addr can be zero
-
-The multiboot spec (https://www.gnu.org/software/grub/manual/multiboot/),
-section 3.1.3, allows for bss_end_addr to be zero.
-
-A zero bss_end_addr signifies there is no .bss section.
-
-CVE: CVE-2018-7550
-Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commitdiff;h=2a8fcd119eb7c6bb3837fc3669eb1b2dfb31daf8]
-
-Suggested-by: Daniel Kiper <daniel.kiper@oracle.com>
-Signed-off-by: Jack Schwartz <jack.schwartz@oracle.com>
-Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
----
- hw/i386/multiboot.c | 18 ++++++++++--------
- 1 file changed, 10 insertions(+), 8 deletions(-)
-
-diff --git a/hw/i386/multiboot.c b/hw/i386/multiboot.c
-index 46d9c68bf5..bb8d8e4629 100644
---- a/hw/i386/multiboot.c
-+++ b/hw/i386/multiboot.c
-@@ -233,12 +233,6 @@ int load_multiboot(FWCfgState *fw_cfg,
-         mh_entry_addr = ldl_p(header+i+28);
- 
-         if (mh_load_end_addr) {
--            if (mh_bss_end_addr < mh_load_addr) {
--                fprintf(stderr, "invalid mh_bss_end_addr address\n");
--                exit(1);
--            }
--            mb_kernel_size = mh_bss_end_addr - mh_load_addr;
--
-             if (mh_load_end_addr < mh_load_addr) {
-                 fprintf(stderr, "invalid mh_load_end_addr address\n");
-                 exit(1);
-@@ -249,8 +243,16 @@ int load_multiboot(FWCfgState *fw_cfg,
-                 fprintf(stderr, "invalid kernel_file_size\n");
-                 exit(1);
-             }
--            mb_kernel_size = kernel_file_size - mb_kernel_text_offset;
--            mb_load_size = mb_kernel_size;
-+            mb_load_size = kernel_file_size - mb_kernel_text_offset;
-+        }
-+        if (mh_bss_end_addr) {
-+            if (mh_bss_end_addr < (mh_load_addr + mb_load_size)) {
-+                fprintf(stderr, "invalid mh_bss_end_addr address\n");
-+                exit(1);
-+            }
-+            mb_kernel_size = mh_bss_end_addr - mh_load_addr;
-+        } else {
-+            mb_kernel_size = mb_load_size;
-         }
- 
-         /* Valid if mh_flags sets MULTIBOOT_HEADER_HAS_VBE.
--- 
-2.13.3
-
diff --git a/poky/meta/recipes-devtools/qemu/qemu_2.11.1.bb b/poky/meta/recipes-devtools/qemu/qemu_3.0.0.bb
similarity index 70%
rename from poky/meta/recipes-devtools/qemu/qemu_2.11.1.bb
rename to poky/meta/recipes-devtools/qemu/qemu_3.0.0.bb
index a447dc7..776548b 100644
--- a/poky/meta/recipes-devtools/qemu/qemu_2.11.1.bb
+++ b/poky/meta/recipes-devtools/qemu/qemu_3.0.0.bb
@@ -7,7 +7,7 @@
 LIC_FILES_CHKSUM = "file://COPYING;md5=441c28d2cf86e15a37fa47e15a72fbac \
                     file://COPYING.LIB;endline=24;md5=c04def7ae38850e7d3ef548588159913"
 
-SRC_URI = "http://wiki.qemu-project.org/download/${BP}.tar.bz2 \
+SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
            file://powerpc_rom.bin \
            file://0001-sdl.c-allow-user-to-disable-pointer-grabs.patch \
            file://0002-qemu-Add-missing-wacom-HID-descriptor.patch \
@@ -20,22 +20,21 @@
            file://0008-chardev-connect-socket-to-a-spawned-command.patch \
            file://0009-apic-fixup-fallthrough-to-PIC.patch \
            file://0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch \
-           file://0011-memfd-fix-configure-test.patch \
-           file://0012-arm-translate-a64-treat-DISAS_UPDATE-as-variant-of-D.patch \
-           file://0013-ps2-check-PS2Queue-pointers-in-post_load-routine.patch \
-           file://0001-CVE-2018-11806-QEMU-slirp-heap-buffer-overflow.patch \
-           file://CVE-2018-7550.patch \
-           file://CVE-2018-12617.patch \
+           file://0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch \
+           file://CVE-2018-15746.patch \
+           file://CVE-2018-17958.patch \
+           file://CVE-2018-17962.patch \
+           file://CVE-2018-17963.patch \
            "
-UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+\..*)\.tar"
+UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
 
 SRC_URI_append_class-native = " \
-            file://0014-fix-libcap-header-issue-on-some-distro.patch \
-            file://0015-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch \
+            file://0012-fix-libcap-header-issue-on-some-distro.patch \
+            file://0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch \
             "
 
-SRC_URI[md5sum] = "61cf862b6007eba4ac98247776af2e27"
-SRC_URI[sha256sum] = "d9df2213ceed32e91dab7bc9dd19c1af83f91ba72c7aeef7605dfaaf81732ccb"
+SRC_URI[md5sum] = "6a5c8df583406ea24ef25b239c3243e0"
+SRC_URI[sha256sum] = "8d7af64fe8bd5ea5c3bdf17131a8b858491bcce1ee3839425a6d91fb821b5713"
 
 COMPATIBLE_HOST_mipsarchn32 = "null"
 COMPATIBLE_HOST_mipsarchn64 = "null"
diff --git a/poky/meta/recipes-devtools/qemu/qemuwrapper-cross_1.0.bb b/poky/meta/recipes-devtools/qemu/qemuwrapper-cross_1.0.bb
index c983fba..4aada52 100644
--- a/poky/meta/recipes-devtools/qemu/qemuwrapper-cross_1.0.bb
+++ b/poky/meta/recipes-devtools/qemu/qemuwrapper-cross_1.0.bb
@@ -13,38 +13,26 @@
 do_install () {
 	install -d ${D}${bindir_crossscripts}/
 
-	echo "#!/bin/sh" > ${D}${bindir_crossscripts}/qemuwrapper
 	qemu_binary=${@qemu_target_binary(d)}
-	qemu_options='${QEMU_OPTIONS}'
-	echo "$qemu_binary $qemu_options \"\$@\"" >> ${D}${bindir_crossscripts}/qemuwrapper
-	fallback_qemu_bin=
-	case $qemu_binary in
-		"qemu-i386")
-			fallback_qemu_bin=qemu-x86_64
-			;;
-		"qemu-x86_64")
-			fallback_qemu_bin=qemu-i386
-			;;
-		*)
-			;;
-	esac
+	qemu_options='${QEMU_OPTIONS} -E LD_LIBRARY_PATH=$D${libdir}:$D${base_libdir}'
 
-	if [ -n "$fallback_qemu_bin" ]; then
+	cat >> ${D}${bindir_crossscripts}/${MLPREFIX}qemuwrapper << EOF
+#!/bin/sh
+set -x
 
-		cat >> ${D}${bindir_crossscripts}/qemuwrapper << EOF
-rc=\$?
-if [ \$rc = 255 ]; then
-	$fallback_qemu_bin "\$@"
-	rc=\$?
+if [ ${@bb.utils.contains('MACHINE_FEATURES', 'qemu-usermode', 'True', 'False', d)} = False ]; then
+        echo "qemuwrapper: qemu usermode is not supported"
 fi
-exit \$rc
+
+
+$qemu_binary $qemu_options "\$@"
 EOF
 
-	fi
-
-	chmod +x ${D}${bindir_crossscripts}/qemuwrapper
+	chmod +x ${D}${bindir_crossscripts}/${MLPREFIX}qemuwrapper
 }
 
 SYSROOT_DIRS += "${bindir_crossscripts}"
 
 INHIBIT_DEFAULT_DEPS = "1"
+
+BBCLASSEXTEND = "nativesdk"