subtree updates

poky: 4e511f0abc..a015ed7704:
  Adrian Bunk (22):
        gnutls: upgrade 3.6.5 -> 3.6.7
        dhcp: Replace OE specific patch for compatibility with latest bind with upstream patch
        Set XZ_COMPRESSION_LEVEL to -9
        gcc: Remove Java support variables
        Use the best xz compression for the SDK
        gnome-doc-utils: Remove stale patch
        libxcrypt: Stop adding -std=gnu99 to CPPFLAGS
        file: Stop adding -std=c99 to CFLAGS
        gnu-efi: Remove support patch for gcc < 4.7
        grub: Use -Wno-error instead of doing this on a per-warning basis
        socat: upgrade 1.7.3.2 -> 1.7.3.3
        bison: upgrade 3.0.4 -> 3.1
        mmc-utils: update to the latest upstream code
        cogl: upgrade 1.22.2 -> 1.22.4
        cogl: remove -Werror=maybe-uninitialized workaround
        libxcb: remove workaround patch for a bug that was fixed in gcc 5 in 2015
        sysstat: inherit upstream-version-is-even
        ccache: upgrade 3.6 -> 3.7.1
        lttng-modules: upgrade 2.10.8 -> 2.10.9
        iproute2: Remove bogus workaround patch for musl
        openssl: Remove openssl10
        Remove irda-utils and the irda feature

  Alejandro Enedino Hernandez Samaniego (1):
        run-postinsts: Fix full execution of scripts at first boot

  Alejandro del Castillo (1):
        opkg: add ptest

  Alex Kiernan (12):
        systemd-conf: simplify creation of machine-specific configuration
        systemctl-native: Rewrite in Python supporting preset-all and mask
        image: call systemctl preset-all for images
        uboot-sign: Fix build when UBOOT_DTB_BINARY is empty
        patchelf: Upgrade 0.9 -> 0.10
        python3: Add ntpath.py to python core
        go: Exclude vcs files when installing deps
        recipetool: fix unbound variable when fixed SRCREV can't be found
        systemd: Default to non-stateless images
        systemd-systemctl: Restore support for enable command
        systemd: Restore mask and preset targets, fix instance creation
        shadow: Backport last change reproducibility

  Alexander Kanavin (38):
        python3: add a tr-tr locale for test_locale ptest
        gobject-introspection: update to 1.60.1
        dtc: upgrade 1.4.7 -> 1.5.0
        webkitgtk: update to 2.24.0
        libdazzle: update to 3.32.1
        vala: update to 0.44.3
        libdnf: update to 0.28.1
        libcomps: upgrade 0.1.10 -> 0.1.11
        dnf: upgrade 4.1.0 -> 4.2.2
        btrfs-tools: upgrade 4.20.1 -> 4.20.2
        meson: update to 0.50.0
        libmodulemd: update to 2.2.3
        at-spi2-core: fix meson 0.50 build
        ffmpeg: update to 4.1.3
        python: update to 2.7.16
        python: update to 3.7.3
        python-numpy: update to 1.16.2
        icu: update to 64.1
        epiphany: update to 3.32.1.2
        python3: add another multilib fix
        meson: do not try to substitute the prefix in python supplied paths
        python3-pygobject: update to 3.32.0
        meson: add missing Upstream-Status and SOB to a patch
        acpica: update to 20190405
        msmtp: fix upstream version check
        python-scons: update to 3.0.5
        python-setuptools: update to 41.0.1
        python3-mako: update to 1.0.9
        python3-pbr: update to 5.1.3
        python3-pip: update to 19.0.3
        buildhistory: call a dependency parser only on actual dependency lists
        gtk-doc.bbclass: unify option setting for meson-based recipes
        python3-pycairo: update to 1.18.1
        maintainers.inc: take over as perl maintainer
        xorg-lib: drop native overrides for REQUIRED_DISTRO_FEATURES
        meson: update to 0.50.1
        perl: update to 5.28.2
        packagegroup-self-hosted: drop epiphany

  Alistair Francis (5):
        u-boot: Upgrade from 2019.01 to 2019.04
        beaglebone-yocto: Update u-boot config to match u-boot 19.04
        u-boot: Fix missing Python.h build failure
        libsoup: Upgrade from 2.64.2 to 2.66.1
        qemu: Upgrade from 3.1.0 to 4.0.0

  Andre Rosa (1):
        bitbake: utils: Let mkdirhier fail if existing path is not a folder

  Andreas Müller (17):
        gobject-introspection: auto-enable/-disable gobject-introspection for meson
        libmodulemd: use gobject-introspection.bbclass on/off mechanism
        gdk-pixbuf: use gobject-introspection.bbclass on/off mechanism
        json-glib: use gobject-introspection.bbclass on/off mechanism
        libdazzle: use gobject-introspection.bbclass on/off mechanism
        clutter-gtk-1.0: use gobject-introspection.bbclass on/off mechanism
        pango: use gobject-introspection.bbclass on/off mechanism
        at-spi2-core: use gobject-introspection.bbclass on/off mechanism
        atk: use gobject-introspection.bbclass on/off mechanism
        libsoup-2.4: use gobject-introspection.bbclass on/off mechanism
        glib-networking: upgrade 2.58.0 -> 2.60.1
        gst-plugins: move 'inherit gobject-introspection' to recipes supporting GI
        gstreamer1.0-python: rework gobject-introspection handling
        insane.bbclass: Trigger unrecognzed configure option for meson
        vte: upgrade 0.52.2 -> 0.56.1
        vte: move shell auto scripts into seperate package
        qemu: split out vte into seperate PACKAGECONFIG

  Andreas Obergschwandtner (1):
        uboot-sign: add support for different u-boot configurations

  Andrej Valek (2):
        dropbear: update to 2019.78
        systemd: upgrade to 242

  Angus Lees (1):
        Revert "wic: Set a miniumum FAT16 volume size."

  Anuj Mittal (4):
        gcc: fix CVE-2018-18484
        gdb: fix CVE-2017-9778
        binutils: fix CVE-2019-9074 CVE-2019-9075 CVE-2019-9076 CVE-2019-9077
        openssh: fix CVE-2018-20685, CVE-2019-6109, CVE-2019-6111

  Armin Kuster (8):
        resulttool: add ltp test support
        logparser: Add decoding ltp logs
        ltp: add runtime test
        resulttool: add LTP compliance section
        logparser: Add LTP compliance section
        ltp_compliance: add new runtime
        manual compliance: remove bits done at runtime
        nss: cleanup recipe to match OE style

  Beniamin Sandu (1):
        kernel-devsrc: check for localversion files in the kernel source tree

  Breno Leitao (3):
        weston-init: Fix tab indentation
        weston-init: Add support for non-root start
        weston-init: Fix WESTON_USER typo

  Bruce Ashfield (8):
        linux-yocto/5.0: update to v5.0.5
        linux-yocto-rt: update to 5.0.5-rt3
        linux-yocto/5.0: update to v5.0.7
        linux-yocto/4.19: update to v4.19.34
        linux-yocto-rt/4.19: fix merge conflict in lru_drain
        linux-yocto/5.0: port RAID configuration tweaks from master
        linux-yocto/5.0: integrate TCP timeout / hang fix
        linux-yocto/5.0: update TCP patch to mainline version

  Changhyeok Bae (2):
        iw: upgrade 4.14 -> 5.0.1
        iptables: upgrade 1.6.2 -> 1.8.2

  Changqing Li (11):
        ruby: make ext module fiddle can compile success
        ruby: add ptest
        cogl: fix compile error caused by -Werror=maybe-uninitialized
        systemd: change default locale from C.UTF-8 to C
        m4: add ptest support
        gettext: add ptest support
        waffle: supprt build waffle without x11
        piglit: support build piglit without x11
        dbus: fix ptest failure
        populate_sdk_base: provide options to set sdk type
        python3: fix do_install fail for parallel buiild

  Chee Yang Lee (1):
        wic/bootimg-efi: replace hardcoded volume name with label

  Chen Qi (9):
        runqemu: do not check return code of tput
        busybox: fix ptest failure about 'dc'
        base-files: move hostname operations out of issue file settings
        webkitgtk: set CVE_PRODUCT
        dropbear: set CVE_PRODUCT
        libsdl: set CVE_PRODUCT
        ghostscript: set CVE_PRODUCT
        flac: also add flac to CVE_PRODUCT
        squashfs-tools: set CVE_PRODUCT

  David Reyna (1):
        bitbake: toaster: update to Warrior

  Dengke Du (2):
        perf: workaround the error cased by maybe-uninitialized warning
        linux-yocto_5.0: set devicetree for armv5

  Denys Dmytriyenko (1):
        weston: upgrade 5.0.0 -> 6.0.0

  Douglas Royds (2):
        distutils: Run python from the PATH in the -native case as well
        distutils: Tidy and simplify for readability

  Fabio Berton (1):
        mesa: Update 19.0.1 -> 19.0.3

  He Zhe (2):
        ltp: Fix setrlimit03 call succeeded unexpectedly
        systemd: Bump up SRCREV to systemd-stable top to include the fix for shutdown now hang

  Hongxu Jia (15):
        image_types.bbclass: fix a race between the ubi and ubifs FSTYPES
        cpio/tar/native.bbclass: move rmt to sbindir and add a prefix to avoid native clashing
        acpica: use update-alternatives for acpidump
        apr: upgrade 1.6.5 -> 1.7.0
        man-pages: upgrade 4.16 -> 5.01
        man-db: upgrade 2.8.4 -> 2.8.5
        bash: upgrade 4.4.18 -> 5.0
        ncurses: fix incorrect UPSTREAM_CHECK_GITTAGREGEX
        gpgme: upgrade 1.12.0 -> 1.13.0
        subversion: upgrade 1.11.1 -> 1.12.0
        groff: upgrade 1.22.3 -> 1.22.4
        libxml2: upgrade 2.9.8 -> 2.9.9
        ghostscript: 9.26 -> 9.27
        groff: imporve musl support
        oeqa/targetcontrol.py: fix qemuparams not work in runqemu with launch_cmd

  Jacob Kroon (3):
        grub-efi-native: Install grub-editenv
        bitbake: knotty: Pretty print task elapsed time
        base-passwd: Add kvm group

  Jaewon Lee (1):
        Adding back wrapper and using OEPYTHON3HOME variable for python3

  Jens Rehsack (1):
        kernel-module-split.bbclass: support CONFIG_MODULE_COMPRESS=y

  Jonas Bonn (3):
        systemd: don't build firstboot by default
        systemd: do not create machine-id
        systemd: create preset files instead of installing in image

  Joshua Watt (6):
        classes/waf: Set WAFLOCK
        resulttool: Load results from URL
        resulttool: Add log subcommand
        qemux86: Allow higher tunes
        bitbake.conf: Account for older versions of bitbake
        resulttool: Add option to dump all ptest logs

  Kai Kang (5):
        msmtp: 1.6.6 -> 1.8.3
        cryptodev: fix module loading error
        target-sdk-provides-dummy: resolve sstate conflict
        bitbake.conf: set NO_RECOMMENDATIONS with weak assignment
        webkitgtk: fix compile error for arm64

  Kevin Hao (1):
        meta-yocto-bsp: Bump to the latest stable kernel for all the BSP

  Khem Raj (9):
        gcc-cross-canadian: Make baremetal specific code generic
        musl: Upgrade to master past 1.1.22
        webkitgtk: Fix build with clang
        mdadm: Disable Werror
        gcc-target: Do not set --with-sysroot and gxx-include-dir paths
        systemd: Add -Wno-error=format-overflow to fix build with gcc9
        systemd: Backport patch to fix build with gcc9
        libgfortan: Package target gcc include directory to fix
        gcc-9: Add recipes for gcc 9.1 release

  Lei Maohui (2):
        dnf: Enable nativesdk
        icu: Added armeb support.

  Lei Yang (1):
        recipetool: add missed module

  Luca Boccassi (1):
        systemd: add cgroupv2 PACKAGECONFIG

  Mardegan, Alberto (1):
        oeqa/core/runner: dump stdout and stderr of each test case

  Mariano Lopez (5):
        update-alternatives.bbclass: Add function to get metadata
        ptest.bbclass: Add feature to populate a binary directory
        util-linux: Use PTEST binary directory
        busybox: Use PTEST binary directory
        ptest.bbclass: Use d.getVar instead of os.environ

  Martin Jansa (6):
        connman: add PACKAGECONFIG for nfc, fix MACHINE_ARCH signature when l2tp is enabled
        icecc.bbclass: stop causing everything to be effectivelly MACHINE_ARCH
        glibc: always use bfd linker
        opkg: fix ptest packaging when OPKGLIBDIR == libdir
        kexec-tools: refresh patches with devtool
        perf: make sure that the tools/include/uapi/asm-generic directory exists

  Matthias Schiffer (1):
        systemd: move "machines" symlinks to systemd-container

  Max Kellermann (2):
        useradd-staticids: print exception after parse_args() error
        initrdscripts: merge multiple "mkdir" calls

  Michael Scott (2):
        kernel-fitimage: support RISC-V
        procps: update legacy sysctl.conf to fix rp_filter sysctl issue

  Mikko Rapeli (3):
        elfutils: remove Elfutils-Exception and include GPLv2 for shared libraries
        oeqa/sdk: use bash to execute SDK test commands
        openssh: recommend rng-tools with sshd

  Mingli Yu (6):
        nettle: fix ptest failure
        elfutils: add ptest support
        elfutils: fix build failure with musl
        gcc-sanitizers: fix -Werror=maybe-uninitialized issue
        nettle: fix the Segmentation fault
        nettle: fix ptest failure

  Nathan Rossi (1):
        ccmake.bbclass: Fix up un-escaped quotes in output formatting

  Naveen Saini (5):
        core-image-rt: make sure that we append to DEPENDS
        core-image-rt-sdk: make sure that we append to DEPENDS
        bitbake.conf: add git-lfs to HOSTTOOLS_NONFATAL
        bitbake: bitbake: fetch2/git: git-lfs check
        linux-yocto: update genericx86* SRCREV for 4.19

  Oleksandr Kravchuk (52):
        iproute2: update to 5.0.0
        curl: update to 7.64.1
        libxext: update to 1.3.4
        x11perf: update to 1.6.1
        libxdmcp: update to 1.1.3
        libxkbfile: update 1.1.0
        libxvmc: update to 1.0.11
        libxrandr: update to 1.5.2
        connman: update to 1.37
        ethtool: update to 5.0
        tar: update to 1.32
        ffmpeg: update to 4.1.2
        librepo: update to 1.9.6
        libxmu: update to 1.1.3
        libxcrypt: update to 4.4.4
        wget: update to 1.20.2
        libsecret: 0.18.8
        createrepo-c: update to 0.12.2
        libinput: update to 1.13.0
        cronie: update to 1.5.4
        libyaml: update to 0.2.2
        fontconfig: update to 2.13.1
        makedepend: update to 1.0.6
        libdrm: update to 2.4.98
        libinput: update to 1.13.1
        libnotify: update to 0.7.8
        libpng: update to 1.6.37
        libcroco: update to 0.6.13
        libpsl: update to 0.21.0
        git: update to 2.21.0
        quota: update to 4.05
        gnupg: update to 2.2.15
        lz4: update to 1.9.0
        orc: update to 0.4.29
        help2man-native: update to 1.47.10
        cups: update to 2.2.11
        pixman: update to 0.38.4
        libcap: update to 2.27
        ninja: add Upstream-Status and SOB for musl patch
        python-numpy: update to 1.16.3
        python3-pygobject: update to 3.32.1
        wget: update to 1.20.3
        libsolv: update to 0.7.4
        ell: add recipe
        sqlite3: update to 3.28.0
        kmscube: update to latest revision
        coreutils: update to 8.31
        mtools: update to 4.0.23
        msmtp: update to 1.8.4
        wpa-supplicant: update to 2.8
        bitbake.conf: use https instead of http
        ell: update to 0.20

  Paul Barker (3):
        oe.path: Add copyhardlink() helper function
        license_image: Use new oe.path.copyhardlink() helper
        gdb: Fix aarch64 build with musl

  Peter Kjellerstedt (1):
        systemd: Use PACKAGECONFIG definition to depend on libnss-myhostname

  Randy MacLeod (5):
        valgrind: update from 3.14.0 to 3.15.0
        valgrind: fix vg_regtest return code
        valgrind: update the ptest subdirs list
        valgrind: adjust test filters and expected output
        valgrind: fix call/cachegrind ptests

  Richard Purdie (52):
        pseudo: Update to gain key bugfixes
        python3: Avoid hanging tests
        python3: Fix ptest output parsing
        go.bbclass: Remove unused override
        goarch.bbclass: Simplify logic
        e2fsprogs: Skip slow ptest tests
        bitbake: bitbake: Update version to 1.42.0
        poky.conf: Bump version for 2.7 warrior release
        build-appliance-image: Update to warrior head revision
        bitbake: bitbake: Post release version bumnp to 1.43
        poky.conf: Post release version bump
        build-appliance-image: Update to master head revision
        Revert "nettle: fix ptest failure"
        core-image-sato-sdk-ptest: Try and keep image below 4GB limit
        core-image-sato-ptest-fast: Add 'fast' ptest execution image
        core-image-sato-sdk-ptest: Include more ptests in ptest image
        core-image-sato-sdk-ptest: Add temporary PROVIDES core-image-sato-ptest
        resultool/resultutils: Fix module import error
        lttng-tools: Add missing patch Upstream-Status
        utils/multiprocess_launch: Improve failing subprocess output
        python3: Drop ptest hack
        ptest-packagelists: Add m4 and gettext as 'fast' ptests
        bitbake: knotty: Implement console 'keepalive' output
        bitbake: build: Ensure warning for invalid task dependencies is useful
        bitbake: build: Disable warning about dependent tasks for now
        oeqa/ssh: Avoid unicode decode exceptions
        elfutils: ptest fixes
        elfutils: Fix ptest compile failures on musl
        bitbake: bitbake: Add initial pass of SPDX license headers to source code
        bitbake: bitbake: Drop duplicate license boilerplace text
        bitbake: bitbake: Strip old editor directives from file headers
        bitbake: HEADER: Drop it
        openssh/systemd/python/qemu: Fix patch Upstream-Status
        scripts/pybootchart: Fix mixed indentation
        scripts/pybootchart: Port to python3
        scripts/pybootchart/draw: Clarify some variable names
        scripts/pybootchart/draw: Fix some bounding problems
        coreutils: Fix patch upstream status field
        oeqa: Drop OETestID
        meta/lib+scripts: Convert to SPDX license headers
        oeqa/core/runner: Handle unexpectedSucesses
        oeqa/systemd_boot: Drop OETestID
        oeqa/runner: Fix subunit setupClass/setupModule failure handling
        oeqa/concurrenttest: Patch subunit module to handle classSetup failures
        tcmode-default: Add PREFERRED_VERSION for libgfortran
        oeqa/selftest: Automate manual pybootchart tests
        openssh: Avoid PROVIDES warning from rng-tools dependency
        oeqa/target/ssh: Replace suggogatepass with ignoring errors
        core-image-sato-sdk-ptest: Tweak size to stay within 4GB limit
        valgrind: Include debugging symbols in ptests
        dbus-test: Improve ptest dependencies dependencies
        ptest: Add RDEPENDS frpm PN-ptest to PN package

  Robert Joslyn (1):
        qemu: Add PACKAGECONFIG for snappy

  Robert Yang (6):
        bitbake: bitbake-diffsigs: Use 4 spaces as indent for recursecb
        bitbake: bb: siggen: Make dump_sigfile and compare_sigfiles print uuid4
        bitbake: bb: siggen: Print more info when basehash are mis-matched
        bitbake: BBHandler: Fix addtask and deltask
        bitbake: build.py: check dependendent task for addtask
        bitbake: tests/parse.py: Add testcase for addtask and deltask

  Ross Burton (14):
        lttng-tools: fix Upstream-Status
        acpica: upgrade to 20190215
        staging: add ${datadir}/gtk-doc/html to the sysroot blacklist
        mpg123: port to use libsdl2
        meta-poky: remove obsolete DISTRO_FEATURES_LIBC
        m4: update patch status
        packagegroup-core-full-cmdline: remove zlib
        wic: change expand behaviour to match docs
        wic: add global debug option
        gtk-icon-cache: clean up DEPENDS
        patch: add minver and maxver parameters
        glib-2.0: fix locale handling
        glib-2.0: add missing locales for the tests
        glib-2.0: fix last failing ptest

  Scott Rifenbark (34):
        bitbake: poky.ent: Removed "ECLIPSE" entity variables.
        bitbake: bitbake-user-manual: Added section on modifying variables
        Makefile: Removed Eclipse support
        Documentation: Removed customization.xsl files for Eclipse
        mega-manual: Removed two Eclipse figures from tarball list
        mega-manual, overview-manual: Added updated index releases figure
        poky.ent: Removed Eclipse related variables.
        mega-manual: Removed the Eclipse chapters
        dev-manual: Removed all references to Eclipse.
        overview-manual: Removed all references to Eclipse
        profile-manual: Removed all references to Eclipse
        ref-manual: Removed all references to Eclipse
        sdk-manual: Removed all references to Eclipse
        sdk-manual: Removed all references to Eclipse
        dev-manual; brief-yoctoprojectqs: Updated checkout branch example
        dev-manual: Added reasoning blurb to "Viewing Variables" section.
        ref-manual: Inserted Migration 2.7 section.
        ref-manual: Added Eclipse removal for migration section.
        ref-manual: Added "License Value Corrections to migration.
        ref-manual: Added Fedora 29 to the supported distros list.
        poky.ent: changed 2.7 release variable date to "May 2019"
        ref-manual: Review comments applied to 2.7 migration section.
        documentation: Prepared for 2.8 release
        bsp-guide: Removed inaccurate "container layer" references.
        ref-manual: Updated the "Container Layer" term.
        bsp-guide: Updated the "beaglebone-yocto.conf" example.
        documentation: Cleaned up "plug-in"/"plugin" terminology.
        bsp-guide: Updated the BSP kernel recipe example.
        ref-manual: Updated PREFERRED_VERSION variable to use 5.0
        bsp-guide: More corrections to the BSP Kernel Recipe example
        dev-manual: Added cross-link to "Fetchers" section in BB manual.
        bitbake: bitbake-user-manual: Added npm to other fetcher list.
        overview-manual: Updated SMC section to link to fetchers
        ref-manual: Added "npm" information to the SRC_URI variable.

  Stefan Kral (1):
        bitbake: build: Add verbnote to shell log commands

  Stefan Müller-Klieser (1):
        cml1.bbclass: fix undefined behavior

  Steven Hung (洪于玉) (1):
        kernel.bbclass: convert base_do_unpack_append() to a task

  Tom Rini (2):
        vim: Rework to not rely on relative directories
        vim: Update to 8.1.1240

  Wenlin Kang (1):
        systemd: install libnss-myhostname.so when myhostname be enabled

  Yeoh Ee Peng (1):
        resulttool/manualexecution: Refactor and remove duplicate code

  Yi Zhao (2):
        harfbuzz: update source checksums after upstream replaced the tarball
        libyaml: update SRC_URI[md5sum] and SRC_URI[sha256sum]

  Ying-Chun Liu (PaulLiu) (1):
        uboot-sign: Fix u-boot-nodtb symlinks

  Zang Ruochen (10):
        libatomic-ops:upgrade 7.6.8 -> 7.6.10
        libgpg-error:upgrade 1.35 -> 1.36
        libxft:upgrade 2.3.2 -> 2.3.3
        libxxf86dga:upgrade 1.1.4 -> 1.1.5
        nss:upgrade 3.42.1 -> 3.43
        sysprof:upgrade 3.30.2 -> 3.32.0
        libtirpc:upgrade 1.0.3 -> 1.1.4
        xtrans:upgrade 1.3.5 -> 1.4.0
        harfbuzz:upgrade 2.3.1 -> 2.4.0
        icu: Upgrade 64.1 -> 64.2

  Zheng Ruoqin (1):
        sanity: check_perl_modules bug fix

  sangeeta jain (1):
        resulttool/manualexecution: Enable test case configuration option

meta-openembedded: 4a9deabbc8..1ecd8b4364:
  Adrian Bunk (34):
        linux-atm: Remove DEPENDS on virtual/kernel and PACKAGE_ARCH
        linux-atm: Replace bogus on_exit removal with musl-specific hack
        ledmon: Mark as incompatible on musl instead of adding bogus patch
        efivars: Drop workaround patch for host gcc < 4.7
        sshfs-fuse: upgrade 2.8 -> 2.10
        wv: upgrade 1.2.4 -> 1.2.9
        caps: Upgrade 0.9.24 -> 0.9.26
        dvb-apps: Remove dvb-fe-xc5000c-4.1.30.7.fw
        schroedinger: Remove the obsolete DEPENDS on liboil
        vlc: Remove workaround and patches for problems fixed upstream
        Remove liboil
        dnrd: Remove stale files of recipe removed 2 years ago
        postfix: Upgrade 3.4.1 -> 3.4.5
        pptp-linux: Upgrade 1.9.0 -> 1.10.0
        dovecot: Upgrade 2.2.36 -> 2.2.36.3
        postgresql: Upgrade 11.2 -> 11.3
        rocksdb: Upgrade 5.18.2 -> 5.18.3
        cloud9: Remove stale files of recipe removed 2 years ago
        fluentbit: Upgrade 0.12.1 -> 0.12.19
        libcec: Upgrade 4.0.2 -> 4.0.4
        libqb: Upgrade 1.0.3 -> 1.0.5
        openwsman: Upgrade 2.6.8 -> 2.6.9
        glm: Upgrade 0.9.9.3 -> 0.9.9.5
        fvwm: Upgrade 2.6.7 -> 2.6.8
        augeas: Upgrade 1.11.0 -> 1.12.0
        ccid: Upgrade 1.4.24 -> 1.4.30
        daemonize: Upgrade 1.7.7 -> 1.7.8
        inotify-tools: Upgrade 3.14 -> 3.20.1
        liboop: Upgrade 1.0 -> 1.0.1
        ode: Remove stale file of recipe removed 2 years ago
        openwbem: Remove stale files of recipe removed 2 years ago
        catch2: Upgrade 2.6.1 -> 2.7.2
        geos: Upgrade 3.4.2 -> 3.4.3
        rdfind: Upgrade 1.3.4 -> 1.4.1

  Akshay Bhat (3):
        python-urllib3: Set CVE_PRODUCT
        python3-pillow: Set CVE_PRODUCT
        python-requests: Set CVE_PRODUCT

  Alistair Francis (3):
        mycroft: Update the systemd service to ensure we are ready to start
        mycroft: Bump from 19.2.2 to 19.2.3
        python-obd: Add missing RDEPENDS

  Andreas Müller (33):
        gvfs: remove executable permission from systemd user services
        udisks2: upgrade 2.8.1 -> 2.8.2
        parole: upgrade 1.0.1 -> 1.0.2
        ristretto: upgrade 0.8.3 -> 0.8.4
        networkmanager: rework musl build
        gvfs: remove systemd user unit executable permission adjustment
        fltk: upgrade 1.3.4-2 -> 1.3.5
        samba: install bundled libs into seperate packages
        samba: rework localstatedir package split
        fluidsynth: upgrade 2.0.4 -> 2.0.5
        xfce4-vala: auto-detect vala api version
        gnome-desktop3: set correct meson gtk doc option
        vlc: rework qt PACKAGECONFIG
        evince: add patch to fix build with recent gobject-introspection
        xfce4-cpufreq-plugin: Fix memory leak and reduce CPU load
        packagegroup-meta-networking: replace DISTRO_FEATURE by DISTRO_FEATURES
        meta-xfce: add meta-networking to layer depends
        gtksourceview4: initial add 4.2.0
        gtksourceview-classic-light: extend to gtksourceview4
        itstool: rework - it went out too early
        fontforge: upgrade 20170731 -> 20190413
        exo: upgrade 0.12.4 -> 0.12.5
        xfce4-places-plugin: upgrade 1.7.0 -> 1.8.0
        xfce4-datetime-plugin: upgrade 0.7.0 -> 0.7.1
        xfce4-notifyd: upgrade 0.4.3 -> 0.4.4
        desktop-file-utils: remove - a more recent version is in oe-core
        libwnck3: upgrade 3.30.0 and move to meson build
        xfce4-terminal: add vte-prompt to RRECOMMENDS
        xfce4-session: get rid of machine-host
        xfce4-session: remove strange entry in FILES_${PN}
        libxfce4ui: Add PACKAGECONFIG 'gladeui2' for glade (gtk3) support
        glade3: move to to meta-xfce
        Remove me as maintainer

  Andrej Valek (2):
        squid: upgrade squid 3.5.28 -> 4.6
        ntp: upgrade 4.2.8p12 -> 4.2.8p13

  Ankit Navik (1):
        libnfc: Initial recipe for Near Field Communication library.

  Armin Kuster (1):
        meta-filesystems: drop bitbake from README

  Changqing Li (5):
        gd: fix compile error caused by -Werror=maybe-uninitialized
        apache2: add back patch for set perlbin
        php: upgrade 7.3.2 -> 7.3.4
        postgresql: fix compile error
        php: correct httpd path

  Chris Garren (1):
        python-cryptography: Move linker flag to .inc

  Denys Dmytriyenko (1):
        v4l-utils: upgrade 1.16.0 -> 1.16.5

  Gianfranco Costamagna (1):
        cpprest: update to 2.10.13, drop 32bit build fix upstream

  Hains van den Bosch (1):
        libcdio: update to version 2.1.0

  Hongxu Jia (1):
        pmtools: use update-alternatives for acpidump

  Hongzhi.Song (1):
        lua: upgrade from v5.3.4 to v5.3.5

  Ivan Maidanski (1):
        bdwgc: upgrade 7.6.12 -> 8.0.4

  Johannes Pointner (1):
        samba: update to 4.8.11

  Kai Kang (3):
        gvfs: fix typo libexec
        drbd: fix compile errors
        drbd-utils: fix file conflict with base-files

  Khem Raj (3):
        redis: Upgrade to 4.0.14
        squid: Link with libatomic on mips/ppc
        cpupower: Inherit bash completion class

  Leon Anavi (1):
        openbox: Add python-shell as a runtime dependency

  Liwei Song (1):
        ledmon: control hard disk led for RAID arrays

  Mark Asselstine (1):
        xfconf: fix 'Failed to get connection to xfconfd' during do_rootfs

  Martin Jansa (13):
        ftgl: add x11 to required DISTRO_FEATURES like freeglut
        libforms: add x11 to required DISTRO_FEATURES because of libx11
        Revert "ell: remove recipe"
        ne10: set NE10_TARGET_ARCH with an override instead of anonymous python
        libopus: use armv7a, aarch64 overrides when adding ne10 dependency
        esound: fix SRC_URI for multilib
        opusfile: fix SRC_URI for multilib
        miniupnpd: fix SRC_URI for multilib
        zbar: fix SRC_URI for multilib
        libvncserver: set PV in the recipe
        efivar: prevent native efivar depending on target kernel
        libdbi-perl: prevent native libdbi-perl depending on target perl
        aufs-util: prevent native aufs-util depending on target kernel

  Ming Liu (1):
        libmodbus: add documentation PACKAGECONFIG

  Mingli Yu (6):
        indent: Upgrade to 2.2.12
        hostapd: Upgrade to 2.8
        hwdata: Upgrade to 0.322
        rrdtool: Upgrade to 1.7.1
        libdev-checklib-perl: add new recipe
        libdbd-mysql-perl: Upgrade to 4.050

  Nathan Rossi (1):
        fatresize_1.0.2.bb: Add recipe for fatresize command line tool

  Nicolas Dechesne (3):
        cpupower: remove LIC_FILES_CHKSUM
        bpftool: remove LIC_FILES_CHKSUM
        cannelloni: move from meta-oe to meta-networking

  Oleksandr Kravchuk (38):
        smcroute: update to 2.4.4
        phytool: update to v2
        fwknop: update to 2.6.10
        cifs-utils: update to 6.9
        keepalived: update to 2.0.15
        usbredir: update to 0.8.0
        open-isns: update to 0.99
        nanomsg: update to 1.1.5
        stunnel: update to 5.51
        babeld: update to 1.8.4
        drbd-utils: update to 9.8.0
        drbd: update to 9.0.17-1
        macchanger: update to 1.7.0
        wolfssl: update to 4.0.0
        ell: remove recipe
        analyze-suspend: update to 5.3
        chrony: update to 3.4
        nghttp2: update to 1.38
        nano: update to 4.1
        networkmanager-openvpn: update to 1.8.10
        wpan-tools: update to 0.9
        uftp: update to 4.9.9
        vblade: add UPSTREAM_CHECK_URI
        traceroute: add UPSTREAM_CHECK_URI
        nuttcp: update to 8.2.2
        nfacct: add UPSTREAM_CHECK_URI
        nftables: add UPSTREAM_CHECK_URI
        libnetfilter-queue: update to 1.0.3
        arno-iptables-firewall: update to 2.0.3
        ypbind-mt: update to 2.6
        ebtables: add UPSTREAM_CHECK_URI
        doxygen: replace ninja 1.9.0 fix with official one
        libnetfilter-queue: fix update to 1.0.3
        networkd-dispatcher: update to 2.0.1
        opensaf: update to 5.19.01
        libnetfilter-conntrack: update to 1.0.7
        conntrack-tools: update to 1.4.5
        openvpn: update to 2.4.7

  Paolo Valente (1):
        s-suite: push SRCREV to version 3.2

  Parthiban Nallathambi (6):
        python3-aiohttp: add version 3.5.4
        python3-supervisor: add version 4.0.2
        python3-websocket-client: add version 0.56.0
        python3-tinyrecord: add version 0.1.5
        python3-sentry-sdk: add version 0.7.14
        python3-raven: add version 6.10.0

  Pascal Bach (2):
        paho-mqtt-c: 1.2.1 -> 1.3.0
        thrift: update to 0.12.0

  Pavel Modilaynen (1):
        jsoncpp: add native BBCLASSEXTEND

  Peter Kjellerstedt (2):
        apache2: Correct appending to SYSROOT_PREPROCESS_FUNCS
        apache2: Correct packaging of build and doc related files

  Philip Balister (1):
        sip: Update to 4.19.16.

  Qi.Chen@windriver.com (4):
        multipath-tools: fix up patch to avoid segfault
        netkit-rsh: add tag to CVE patch
        ipsec-tools: fix CVE tag in patch
        gd: set CVE_PRODUCT

  Randy MacLeod (1):
        imagemagick: update from 7.0.8-35 to 7.0.8-43

  Robert Joslyn (5):
        gpm: Fix gpm path in unit file
        gpm: Add PID file to systemd unit file
        gpm: Generate documentation
        gpm: Remove duplicate definition of _GNU_SOURCE
        gpm: Recipe cleanup

  Sean Nyekjaer (2):
        cannelloni: new package, CAN to ethernet proxy
        ser2net: upgrade to version 3.5.1

  Vincent Prince (1):
        mongodb: Fix build with gcc

  Wenlin Kang (1):
        samba: add PACKAGECONFIG for libunwind

  Yi Zhao (7):
        python-flask-socketio: move to meta-python directory
        apache2: upgrade 2.4.34 -> 2.4.39
        apache-websocket: upgrade to latest git rev
        netkit-rsh: security fixes
        openhpi: fix failure of ptest case ohpi_035
        openhpi: update openhpi-fix-testfail-errors.patch
        phpmyadmin: upgrade 4.8.3 -> 4.8.5

  Zang Ruochen (43):
        xlsatoms: upgrade 1.1.2 -> 1.1.3
        xrdb: upgrade 1.1.1 -> 1.2.0
        xrefresh: upgrade 1.0.5 -> 1.0.6
        xsetroot: upgrade 1.1.1 -> 1.1.2
        xstdcmap: upgrade 1.0.3 -> 1.0.4
        xbitmaps: upgrade 1.1.1 -> 1.1.2
        wireshark: upgrade 3.0.0 -> 3.0.1
        python-cffi: upgrade 1.11.5 -> 1.12.2
        python-attrs: upgrade 18.1.0 -> 19.1.0
        python-certifi: upgrade 2018.8.13 -> 2019.3.9
        python-beabutifulsoup4: upgrade 4.6.0 -> 4.7.1
        python-dateutil: upgrade 2.7.3 -> 2.8.0
        python-mako: upgrade 1.0.7 -> 1.0.9
        python-msgpack: upgrade 0.6.0 -> 0.6.1
        python-paste: upgrade 3.0.6 -> 3.0.8
        python-psutil: upgrade 5.4.6 -> 5.6.1
        python-py: upgrade 1.6.0 -> 1.8.0
        python-pymongo: upgrade 3.7.1 -> 3.7.2
        python-pyopenssl: upgrade 18.0.0 -> 19.0.0
        python-pytz: upgrade 2018.5 -> 2019.1
        python-stevedore: upgrade 1.29.0 -> 1.30.1
        python-pbr: upgrade 4.2.0 -> 5.1.3
        python-cython: upgrade 0.28.5 -> 0.29.6
        python-editor: upgrade 1.0.3 -> 1.0.4
        python-jinja2: upgrade 2.10 -> 2.10.1
        python-lxml: upgrade 4.3.1 -> 4.3.3
        python-alembic: upgrade 1.0.0 -> 1.0.9
        python-cffi: upgrade 1.12.2 -> 1.12.3
        python-hyperlink: upgrade 18.0.0 -> 19.0.0
        python-twisted: upgrade 18.4.0 -> 19.2.0
        python-zopeinterface: upgrade 4.5.0 -> 4.6.0
        python-decorator: upgrade 4.3.0 -> 4.4.0
        python-pip: upgrade 18.0 -> 19.1
        python-pyasn1: upgrade 0.4.4 -> 0.4.5
        libnet-dns-perl: upgrade 1.19 -> 1.20
        python-alembic: upgrade 1.0.9 -> 1.0.10
        python-cython: upgrade 0.29.6 -> 0.29.7
        python-mock: upgrade 2.0.0 -> 3.0.5
        python-pbr: upgrade 5.1.3 -> 5.2.0
        python-psutil: upgrade 5.6.1 -> 5.6.2
        python-pymongo: upgrade 3.7.2 -> 3.8.0
        python-pyperclip: upgrade 1.6.2 -> 1.7.0
        python-rfc3987: upgrade 1.3.7 -> 1.3.8

  leimaohui (3):
        To fix confilict error with python3-pbr.
        python-pycodestyle: Fix conflict error with python3-pycodestyle during do_rootfs
        mozjs: Make mozjs support arm32BE.

meta-raspberrypi: 9ceb84ee9e..7059c37451:
  Francesco Giancane (1):
        qtbase_%.bbappend: update PACKAGECONFIG name for xkbcommon

  Gianluigi Tiesi (1):
        psplash: Raise alternatives priority to 200

  Martin Jansa (3):
        linux_raspberrypi_4.19: Update to 4.19.34
        bluez5: apply the same patches and pi-bluetooth dependency for all rpi MACHINEs
        userland: use default PACKAGE_ARCH

  Paul Barker (3):
        linux-raspberrypi: Update 4.14.y kernel
        linux-raspberrypi: Switch default back to 4.14.y
        linux-raspberrypi 4.9: Drop old version

meta-security: 8a1f54a246..9f5cc2a7eb:
  Alexander Kanavin (1):
        apparmor: fetch from git

  Armin Kuster (15):
        clamav runtime: add resolve.conf support
        clamav: fix llvm reference version
        libldb: add waf-cross-answeres
        clamav: runtime fix local routing
        clamav: add clamav-cvd package for cvd db
        clamav-native: fix new build issue
        apparmor: fix fragment for 5.0 kernel
        apparmor: add a few more runtime
        smack: move patch to smack dir
        smack-test: add smack tests from meta-intel-iot-security
        samhain: add more tests and fix ret checks
        libldb: add earlier version
        libseccomp: update to 2.4.1
        oe-selftest: add running cve checker
        smack: kernel fragment update

  Yi Zhao (2):
        meta-tpm/conf/layer.conf: update layer dependencies
        meta-tpm/README: update

Change-Id: I9e02cb75a779f25fca84395144025410bb609dfa
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/meta-security/recipes-mac/AppArmor/apparmor_2.13.2.bb b/meta-security/recipes-mac/AppArmor/apparmor_2.13.2.bb
index 62ed611..4eaec00 100644
--- a/meta-security/recipes-mac/AppArmor/apparmor_2.13.2.bb
+++ b/meta-security/recipes-mac/AppArmor/apparmor_2.13.2.bb
@@ -14,7 +14,7 @@
 DEPENDS = "bison-native apr gettext-native coreutils-native"
 
 SRC_URI = " \
-	http://archive.ubuntu.com/ubuntu/pool/main/a/${BPN}/${BPN}_${PV}.orig.tar.gz \
+	git://gitlab.com/apparmor/apparmor.git;protocol=https;branch=apparmor-2.13 \
 	file://disable_perl_h_check.patch \
 	file://crosscompile_perl_bindings.patch \
 	file://apparmor.rc \
@@ -24,8 +24,8 @@
 	file://run-ptest \
 	"
 
-SRC_URI[md5sum] = "2439b35266b5a3a461b0a2dba6e863c3"
-SRC_URI[sha256sum] = "844def9926dfda5c7858428d06e44afc80573f9706458b6e7282edbb40b11a30"
+SRCREV = "af4808b5f6b58946f5c5a4de4b77df5e0eae6ca0"
+S = "${WORKDIR}/git"
 
 PARALLEL_MAKE = ""
 
diff --git a/meta-security/recipes-mac/smack/mmap-smack-test/mmap.c b/meta-security/recipes-mac/smack/mmap-smack-test/mmap.c
new file mode 100644
index 0000000..f358d27
--- /dev/null
+++ b/meta-security/recipes-mac/smack/mmap-smack-test/mmap.c
@@ -0,0 +1,7 @@
+#include <stdio.h>
+
+int main(int argc, char **argv)
+{
+    printf("Original test program removed while investigating its license.\n");
+    return 1;
+}
diff --git a/meta-security/recipes-mac/smack/mmap-smack-test_1.0.bb b/meta-security/recipes-mac/smack/mmap-smack-test_1.0.bb
new file mode 100644
index 0000000..9d11509
--- /dev/null
+++ b/meta-security/recipes-mac/smack/mmap-smack-test_1.0.bb
@@ -0,0 +1,16 @@
+SUMMARY = "Mmap binary used to test smack mmap attribute"
+DESCRIPTION = "Mmap binary used to test smack mmap attribute"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+
+SRC_URI = "file://mmap.c" 
+
+S = "${WORKDIR}"
+do_compile() {
+    ${CC} mmap.c ${LDFLAGS} -o mmap_test
+}
+
+do_install() {
+    install -d ${D}${bindir}
+    install -m 0755 mmap_test ${D}${bindir}
+}
diff --git a/meta-security/recipes-mac/smack/smack-test/notroot.py b/meta-security/recipes-mac/smack/smack-test/notroot.py
new file mode 100644
index 0000000..f0eb0b5
--- /dev/null
+++ b/meta-security/recipes-mac/smack/smack-test/notroot.py
@@ -0,0 +1,33 @@
+#!/usr/bin/env python
+#
+# Script used for running executables with custom labels, as well as custom uid/gid
+# Process label is changed by writing to /proc/self/attr/curent
+#
+# Script expects user id and group id to exist, and be the same.
+#
+# From adduser manual: 
+# """By  default,  each  user  in Debian GNU/Linux is given a corresponding group 
+# with the same name. """
+#
+# Usage: root@desk:~# python notroot.py <uid> <label> <full_path_to_executable> [arguments ..]
+# eg: python notroot.py 1000 User::Label /bin/ping -c 3 192.168.1.1
+#
+# Author: Alexandru Cornea <alexandru.cornea@intel.com>
+import os
+import sys
+
+try:
+	uid = int(sys.argv[1])
+	sys.argv.pop(1)
+	label = sys.argv[1]
+	sys.argv.pop(1)
+	open("/proc/self/attr/current", "w").write(label)
+	path=sys.argv[1]
+	sys.argv.pop(0)
+	os.setgid(uid)
+	os.setuid(uid)	
+	os.execv(path,sys.argv)
+
+except Exception,e:
+	print e.message
+	sys.exit(1)
diff --git a/meta-security/recipes-mac/smack/smack-test/smack_test_file_access.sh b/meta-security/recipes-mac/smack/smack-test/smack_test_file_access.sh
new file mode 100644
index 0000000..5a0ce84
--- /dev/null
+++ b/meta-security/recipes-mac/smack/smack-test/smack_test_file_access.sh
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+SMACK_PATH=`grep smack /proc/mounts | awk '{print $2}' `
+RC=0
+TMP="/tmp"
+test_file=$TMP/smack_test_access_file
+CAT=`which cat`
+ECHO=`which echo`
+uid=1000
+initial_label=`cat /proc/self/attr/current`
+python $TMP/notroot.py $uid "TheOther" $ECHO 'TEST' > $test_file
+chsmack -a "TheOther" $test_file
+
+#        12345678901234567890123456789012345678901234567890123456
+delrule="TheOne                  TheOther                -----"
+rule_ro="TheOne                  TheOther                r----"
+
+# Remove pre-existent rules for "TheOne TheOther <access>"
+echo -n "$delrule" > $SMACK_PATH/load
+python $TMP/notroot.py $uid "TheOne" $CAT $test_file 2>&1 1>/dev/null | grep -q "Permission denied" || RC=$?
+if [ $RC -ne 0 ]; then
+	echo "Process with different label than the test file and no read access on it can read it"
+	exit $RC
+fi
+
+# adding read access
+echo -n "$rule_ro" > $SMACK_PATH/load
+python $TMP/notroot.py $uid "TheOne" $CAT $test_file | grep -q "TEST" || RC=$?
+if [ $RC -ne 0 ]; then
+	echo "Process with different label than the test file but with read access on it cannot read it"
+	exit $RC
+fi
+
+# Remove pre-existent rules for "TheOne TheOther <access>"
+echo -n "$delrule" > $SMACK_PATH/load
+# changing label of test file to *
+# according to SMACK documentation, read access on a * object is always permitted
+chsmack -a '*' $test_file
+python $TMP/notroot.py $uid "TheOne" $CAT $test_file | grep -q "TEST" || RC=$?
+if [ $RC -ne 0 ]; then
+	echo  "Process cannot read file with * label"
+	exit $RC
+fi
+
+# changing subject label to *
+# according to SMACK documentation, every access requested by a star labeled subject is rejected
+TOUCH=`which touch`
+python $TMP/notroot.py $uid '*' $TOUCH $TMP/test_file_2
+ls -la $TMP/test_file_2 2>&1 | grep -q 'No such file or directory' || RC=$?
+if [ $RC -ne 0 ];then
+	echo "Process with label '*' should not have any access"
+	exit $RC
+fi
+exit 0
diff --git a/meta-security/recipes-mac/smack/smack-test/test_privileged_change_self_label.sh b/meta-security/recipes-mac/smack/smack-test/test_privileged_change_self_label.sh
new file mode 100644
index 0000000..26d9e9d
--- /dev/null
+++ b/meta-security/recipes-mac/smack/smack-test/test_privileged_change_self_label.sh
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+initial_label=`cat /proc/self/attr/current 2>/dev/null`
+modified_label="test_label"
+
+echo "$modified_label" >/proc/self/attr/current 2>/dev/null
+
+new_label=`cat /proc/self/attr/current 2>/dev/null`
+
+if [ "$new_label" != "$modified_label" ]; then
+	# restore proper label
+	echo $initial_label >/proc/self/attr/current
+	echo "Privileged process could not change its label"
+	exit 1
+fi
+
+echo "$initial_label" >/proc/self/attr/current 2>/dev/null
+exit 0
\ No newline at end of file
diff --git a/meta-security/recipes-mac/smack/smack-test/test_smack_onlycap.sh b/meta-security/recipes-mac/smack/smack-test/test_smack_onlycap.sh
new file mode 100644
index 0000000..1c4a93a
--- /dev/null
+++ b/meta-security/recipes-mac/smack/smack-test/test_smack_onlycap.sh
@@ -0,0 +1,27 @@
+#!/bin/sh
+RC=0
+SMACK_PATH=`grep smack /proc/mounts | awk '{print $2}'`
+test_label="test_label"
+onlycap_initial=`cat $SMACK_PATH/onlycap`		
+smack_initial=`cat /proc/self/attr/current`
+
+# need to set out label to be the same as onlycap, otherwise we lose our smack privileges
+# even if we are root
+echo "$test_label" > /proc/self/attr/current
+
+echo "$test_label" > $SMACK_PATH/onlycap || RC=$?
+if [ $RC -ne 0 ]; then
+	echo "Onlycap label could not be set"
+	return $RC
+fi
+
+if [ `cat $SMACK_PATH/onlycap` != "$test_label" ]; then
+	echo "Onlycap label was not set correctly."
+	return 1
+fi
+
+# resetting original onlycap label
+echo "$onlycap_initial" > $SMACK_PATH/onlycap 2>/dev/null
+
+# resetting our initial's process label
+echo "$smack_initial" > /proc/self/attr/current
diff --git a/meta-security/recipes-mac/smack/smack-test_1.0.bb b/meta-security/recipes-mac/smack/smack-test_1.0.bb
new file mode 100644
index 0000000..7cf8f2e
--- /dev/null
+++ b/meta-security/recipes-mac/smack/smack-test_1.0.bb
@@ -0,0 +1,21 @@
+SUMMARY = "Smack test scripts"
+DESCRIPTION = "Smack scripts"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+
+SRC_URI = " \
+           file://notroot.py \
+           file://smack_test_file_access.sh \
+           file://test_privileged_change_self_label.sh \
+           file://test_smack_onlycap.sh \
+" 
+
+S = "${WORKDIR}"
+
+do_install() {
+    install -d ${D}${sbindir}
+    install -m 0755 notroot.py ${D}${sbindir}
+    install -m 0755 *.sh ${D}${sbindir}
+}
+
+RDEPENDS_${PN} = "smack python mmap-smack-test tcp-smack-test udp-smack-test"
diff --git a/meta-security/recipes-mac/smack/files/run-ptest b/meta-security/recipes-mac/smack/smack/run-ptest
similarity index 100%
rename from meta-security/recipes-mac/smack/files/run-ptest
rename to meta-security/recipes-mac/smack/smack/run-ptest
diff --git a/meta-security/recipes-mac/smack/files/smack_generator_make_fixup.patch b/meta-security/recipes-mac/smack/smack/smack_generator_make_fixup.patch
similarity index 100%
rename from meta-security/recipes-mac/smack/files/smack_generator_make_fixup.patch
rename to meta-security/recipes-mac/smack/smack/smack_generator_make_fixup.patch
diff --git a/meta-security/recipes-mac/smack/tcp-smack-test/tcp_client.c b/meta-security/recipes-mac/smack/tcp-smack-test/tcp_client.c
new file mode 100644
index 0000000..185f973
--- /dev/null
+++ b/meta-security/recipes-mac/smack/tcp-smack-test/tcp_client.c
@@ -0,0 +1,111 @@
+// (C) Copyright 2015 Intel Corporation

+//

+// Permission is hereby granted, free of charge, to any person obtaining a copy

+// of this software and associated documentation files (the "Software"), to deal

+// in the Software without restriction, including without limitation the rights

+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell

+// copies of the Software, and to permit persons to whom the Software is

+// furnished to do so, subject to the following conditions:

+//

+// The above copyright notice and this permission notice shall be included in

+// all copies or substantial portions of the Software.

+//

+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN

+// THE SOFTWARE.

+#include <stdio.h>

+#include <sys/socket.h>

+#include <sys/types.h>

+#include <errno.h>

+#include <netinet/in.h>

+#include <unistd.h>

+#include <netdb.h>

+#include <string.h>

+#include <sys/xattr.h>

+

+int main(int argc, char* argv[])

+{

+

+	int sock;

+	char message[255] = "hello";

+	struct sockaddr_in server_addr;

+	char* label_in;

+	char* label_out;

+	char* attr_out = "security.SMACK64IPOUT";

+	char* attr_in = "security.SMACK64IPIN";

+	char out[256];

+	int port;

+

+	struct timeval timeout;

+	timeout.tv_sec = 15;

+	timeout.tv_usec = 0;

+

+	struct hostent*  host = gethostbyname("localhost");

+

+	if (argc != 4)

+	{

+		perror("Client: Arguments missing, please provide socket labels");

+		return 2;

+	}

+

+	port = atoi(argv[1]);

+	label_in = argv[2];

+	label_out = argv[3];

+

+	if((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0)

+	{

+		perror("Client: Socket failure");

+		return 2;

+	}

+

+

+	if(fsetxattr(sock, attr_out, label_out, strlen(label_out), 0) < 0)

+	{

+		perror("Client: Unable to set attribute SMACK64IPOUT");

+		return 2;

+	}

+

+	if(fsetxattr(sock, attr_in, label_in, strlen(label_in), 0) < 0)

+	{

+		perror("Client: Unable to set attribute SMACK64IPIN");

+		return 2;

+	}

+

+	server_addr.sin_family = AF_INET;

+	server_addr.sin_port = htons(port);

+	bcopy((char*) host->h_addr, (char*) &server_addr.sin_addr.s_addr,host->h_length);

+	bzero(&(server_addr.sin_zero),8);

+	

+	if(setsockopt(sock, SOL_SOCKET, SO_SNDTIMEO, &timeout, sizeof(timeout)) < 0)

+	{

+		perror("Client: Set timeout failed\n");

+		return 2;

+	}

+	

+	if (connect(sock, (struct sockaddr *)&server_addr,sizeof(struct sockaddr)) == -1)

+	{

+    		perror("Client: Connection failure");

+			close(sock);

+        	return 1;

+	}

+

+

+	if(write(sock, message, strlen(message)) < 0)

+	{

+		perror("Client: Error sending data\n");

+		close(sock);

+		return 1;

+	}

+	close(sock);

+	return 0;

+}

+

+

+

+

+

+

diff --git a/meta-security/recipes-mac/smack/tcp-smack-test/tcp_server.c b/meta-security/recipes-mac/smack/tcp-smack-test/tcp_server.c
new file mode 100644
index 0000000..9285dc6
--- /dev/null
+++ b/meta-security/recipes-mac/smack/tcp-smack-test/tcp_server.c
@@ -0,0 +1,118 @@
+// (C) Copyright 2015 Intel Corporation

+//

+// Permission is hereby granted, free of charge, to any person obtaining a copy

+// of this software and associated documentation files (the "Software"), to deal

+// in the Software without restriction, including without limitation the rights

+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell

+// copies of the Software, and to permit persons to whom the Software is

+// furnished to do so, subject to the following conditions:

+//

+// The above copyright notice and this permission notice shall be included in

+// all copies or substantial portions of the Software.

+//

+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN

+// THE SOFTWARE.

+#include <stdio.h>

+#include <sys/socket.h>

+#include <sys/types.h>

+#include <errno.h>

+#include <netinet/in.h>

+#include <unistd.h>

+#include <string.h>

+

+int main(int argc, char* argv[])

+{

+

+	int sock;

+	int clientsock;

+	char message[255];

+	socklen_t client_length;

+	struct sockaddr_in server_addr, client_addr;

+	char* label_in;

+	char* attr_in = "security.SMACK64IPIN";

+	int port;

+

+	struct timeval timeout;

+	timeout.tv_sec = 15;

+	timeout.tv_usec = 0;

+

+	if (argc != 3)

+	{

+		perror("Server: Argument missing please provide port and label for SMACK64IPIN");

+		return 2;

+	}

+	

+	port = atoi(argv[1]);

+	label_in = argv[2];

+	bzero(message,255);

+

+	

+	if((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0)

+	{

+		perror("Server: Socket failure");

+		return 2;

+	}

+	

+	

+	if(fsetxattr(sock, attr_in, label_in, strlen(label_in),0) < 0)

+	{

+		perror("Server: Unable to set attribute ipin 2");

+		return 2;

+	}

+

+	server_addr.sin_family = AF_INET;         

+	server_addr.sin_port = htons(port);     

+	server_addr.sin_addr.s_addr = INADDR_ANY; 

+ 	bzero(&(server_addr.sin_zero),8); 

+

+	if(setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, &timeout, sizeof(timeout)) < 0)

+	{

+		perror("Server: Set timeout failed\n");

+		return 2;

+	}

+

+	if(bind(sock, (struct sockaddr*) &server_addr, sizeof(server_addr)) < 0)

+	{

+		perror("Server: Bind failure ");

+		return 2;

+	}

+

+	listen(sock, 1);

+	client_length = sizeof(client_addr);

+

+	clientsock = accept(sock,(struct sockaddr*) &client_addr, &client_length);

+

+	if (clientsock < 0)

+	{

+		perror("Server: Connection failed");

+		close(sock);

+		return 1;

+	}

+	

+

+	if(fsetxattr(clientsock, "security.SMACK64IPIN", label_in, strlen(label_in),0) < 0)

+	{

+		perror(" Server: Unable to set attribute ipin 2");

+		close(sock);

+		return 2;

+	}

+

+	if(read(clientsock, message, 254) < 0)

+	{

+		perror("Server: Error when reading from socket");

+		close(clientsock);

+		close(sock);

+		return 1;

+	}

+

+

+	close(clientsock);

+	close(sock);

+

+	return 0;

+}

diff --git a/meta-security/recipes-mac/smack/tcp-smack-test/test_smack_tcp_sockets.sh b/meta-security/recipes-mac/smack/tcp-smack-test/test_smack_tcp_sockets.sh
new file mode 100644
index 0000000..ed18f23
--- /dev/null
+++ b/meta-security/recipes-mac/smack/tcp-smack-test/test_smack_tcp_sockets.sh
@@ -0,0 +1,108 @@
+#!/bin/sh
+RC=0
+test_file=/tmp/smack_socket_tcp
+SMACK_PATH=`grep smack /proc/mounts | awk '{print $2}' `
+# make sure no access is granted
+#        12345678901234567890123456789012345678901234567890123456
+echo -n "label1                  label2                  -----" > $SMACK_PATH/load
+
+tcp_server=`which tcp_server`
+if [ -z $tcp_server ]; then
+	if [ -f "/tmp/tcp_server" ]; then
+		tcp_server="/tmp/tcp_server"
+	else
+		echo "tcp_server binary not found"
+		exit 1
+	fi
+fi
+tcp_client=`which tcp_client`
+if [ -z $tcp_client ]; then
+	if [ -f "/tmp/tcp_client" ]; then
+		tcp_client="/tmp/tcp_client"
+	else
+		echo "tcp_client binary not found"
+		exit 1
+	fi
+fi
+
+# checking access for sockets with different labels
+$tcp_server 50016 label1 &>/dev/null &
+server_pid=$!
+sleep 2
+$tcp_client 50016 label2 label1 &>/dev/null &
+client_pid=$!
+
+wait $server_pid
+server_rv=$?
+wait $client_pid
+client_rv=$?
+
+if [ $server_rv -eq 0 -o $client_rv -eq 0 ]; then
+	echo "Sockets with different labels should not communicate on tcp"
+	exit 1
+fi
+
+# granting access between different labels
+#        12345678901234567890123456789012345678901234567890123456
+echo -n "label1                  label2                  rw---" > $SMACK_PATH/load
+# checking access for sockets with different labels, but having a rule granting rw
+$tcp_server 50017 label1 2>$test_file &
+server_pid=$!
+sleep 1
+$tcp_client 50017 label2 label1 2>$test_file &
+client_pid=$!
+wait $server_pid
+server_rv=$?
+wait $client_pid
+client_rv=$?
+if [ $server_rv -ne 0 -o $client_rv -ne 0 ]; then
+	echo "Sockets with different labels, but having rw access, should communicate on tcp"
+	exit 1
+fi
+
+# checking access for sockets with the same label
+$tcp_server 50018 label1 2>$test_file &
+server_pid=$!
+sleep 1
+$tcp_client 50018 label1 label1  2>$test_file &
+client_pid=$!
+wait $server_pid
+server_rv=$?
+wait $client_pid
+client_rv=$?
+if [ $server_rv -ne 0 -o $client_rv -ne 0 ]; then
+	echo "Sockets with same labels should communicate on tcp"
+	exit 1
+fi
+
+# checking access on socket labeled star (*)
+# should always be permitted
+$tcp_server 50019 \* 2>$test_file &
+server_pid=$!
+sleep 1
+$tcp_client 50019 label1 label1 2>$test_file &
+client_pid=$!
+wait $server_pid
+server_rv=$?
+wait $client_pid
+client_rv=$?
+if [ $server_rv -ne 0 -o $client_rv -ne 0 ]; then
+	echo "Should have access on tcp socket labeled star (*)"
+	exit 1
+fi
+
+# checking access from socket labeled star (*)
+# all access from subject star should be denied
+$tcp_server 50020 label1 2>$test_file &
+server_pid=$!
+sleep 1
+$tcp_client 50020 label1 \* 2>$test_file &
+client_pid=$!
+wait $server_pid
+server_rv=$?
+wait $client_pid
+client_rv=$?
+if [ $server_rv -eq 0 -o  $client_rv -eq 0 ]; then
+	echo "Socket labeled star should not have access to any tcp socket"
+	exit 1
+fi
diff --git a/meta-security/recipes-mac/smack/tcp-smack-test_1.0.bb b/meta-security/recipes-mac/smack/tcp-smack-test_1.0.bb
new file mode 100644
index 0000000..d2b3f6b
--- /dev/null
+++ b/meta-security/recipes-mac/smack/tcp-smack-test_1.0.bb
@@ -0,0 +1,24 @@
+SUMMARY = "Binary used to test smack tcp sockets"
+DESCRIPTION = "Server and client binaries used to test smack attributes on TCP sockets"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+
+SRC_URI = "file://tcp_server.c \
+           file://tcp_client.c \
+           file://test_smack_tcp_sockets.sh \
+" 
+
+S = "${WORKDIR}"
+
+do_compile() {
+    ${CC} tcp_client.c ${LDFLAGS} -o tcp_client
+    ${CC} tcp_server.c ${LDFLAGS} -o tcp_server
+}
+
+do_install() {
+    install -d ${D}${bindir}
+    install -d ${D}${sbindir}
+    install -m 0755 tcp_server ${D}${bindir}
+    install -m 0755 tcp_client ${D}${bindir}
+    install -m 0755 test_smack_tcp_sockets.sh ${D}${sbindir}
+}
diff --git a/meta-security/recipes-mac/smack/udp-smack-test/test_smack_udp_sockets.sh b/meta-security/recipes-mac/smack/udp-smack-test/test_smack_udp_sockets.sh
new file mode 100644
index 0000000..419ab9f
--- /dev/null
+++ b/meta-security/recipes-mac/smack/udp-smack-test/test_smack_udp_sockets.sh
@@ -0,0 +1,107 @@
+#!/bin/sh
+RC=0
+test_file="/tmp/smack_socket_udp"
+SMACK_PATH=`grep smack /proc/mounts | awk '{print $2}' `
+
+udp_server=`which udp_server`
+if [ -z $udp_server ]; then
+	if [ -f "/tmp/udp_server" ]; then
+		udp_server="/tmp/udp_server"
+	else
+		echo "udp_server binary not found"
+		exit 1
+	fi
+fi
+udp_client=`which udp_client`
+if [ -z $udp_client ]; then
+	if [ -f "/tmp/udp_client" ]; then
+		udp_client="/tmp/udp_client"
+	else
+		echo "udp_client binary not found"
+		exit 1
+	fi
+fi
+
+# make sure no access is granted
+#        12345678901234567890123456789012345678901234567890123456
+echo -n "label1                  label2                  -----" > $SMACK_PATH/load
+
+# checking access for sockets with different labels
+$udp_server 50021 label2 2>$test_file &
+server_pid=$!
+sleep 1
+$udp_client 50021 label1 2>$test_file &
+client_pid=$!
+wait $server_pid
+server_rv=$?
+wait $client_pid
+client_rv=$?
+if [ $server_rv -eq 0 ]; then
+	echo "Sockets with different labels should not communicate on udp"
+	exit 1
+fi
+
+# granting access between different labels
+#        12345678901234567890123456789012345678901234567890123456
+echo -n "label1                  label2                  rw---" > $SMACK_PATH/load
+# checking access for sockets with different labels, but having a rule granting rw
+$udp_server 50022 label2 2>$test_file &
+server_pid=$!
+sleep 1
+$udp_client 50022 label1 2>$test_file &
+client_pid=$!
+wait $server_pid
+server_rv=$?
+wait $client_pid
+client_rv=$?
+if [ $server_rv -ne 0 -o $client_rv -ne 0 ]; then
+	echo "Sockets with different labels, but having rw access, should communicate on udp"
+	exit 1
+fi
+
+# checking access for sockets with the same label
+$udp_server 50023 label1 &
+server_pid=$!
+sleep 1
+$udp_client 50023 label1 2>$test_file &
+client_pid=$!
+wait $server_pid
+server_rv=$?
+wait $client_pid
+client_rv=$?
+if [ $server_rv -ne 0 -o $client_rv -ne 0 ]; then
+	echo "Sockets with same labels should communicate on udp"
+	exit 1
+fi
+
+# checking access on socket labeled star (*)
+# should always be permitted
+$udp_server 50024 \* 2>$test_file &
+server_pid=$!
+sleep 1
+$udp_client 50024 label1 2>$test_file &
+client_pid=$!
+wait $server_pid
+server_rv=$?
+wait $client_pid
+client_rv=$?
+if [ $server_rv -ne 0 -o $client_rv -ne 0 ]; then
+	echo "Should have access on udp socket labeled star (*)"
+	exit 1
+fi
+
+# checking access from socket labeled star (*)
+# all access from subject star should be denied
+$udp_server 50025 label1 2>$test_file &
+server_pid=$!
+sleep 1
+$udp_client 50025 \* 2>$test_file &
+client_pid=$!
+wait $server_pid
+server_rv=$?
+wait $client_pid
+client_rv=$?
+if [ $server_rv -eq 0 ]; then
+	echo "Socket labeled star should not have access to any udp socket"
+	exit 1
+fi
diff --git a/meta-security/recipes-mac/smack/udp-smack-test/udp_client.c b/meta-security/recipes-mac/smack/udp-smack-test/udp_client.c
new file mode 100644
index 0000000..4d3afbe
--- /dev/null
+++ b/meta-security/recipes-mac/smack/udp-smack-test/udp_client.c
@@ -0,0 +1,75 @@
+// (C) Copyright 2015 Intel Corporation

+//

+// Permission is hereby granted, free of charge, to any person obtaining a copy

+// of this software and associated documentation files (the "Software"), to deal

+// in the Software without restriction, including without limitation the rights

+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell

+// copies of the Software, and to permit persons to whom the Software is

+// furnished to do so, subject to the following conditions:

+//

+// The above copyright notice and this permission notice shall be included in

+// all copies or substantial portions of the Software.

+//

+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN

+// THE SOFTWARE.

+#include <sys/socket.h>

+#include <stdio.h>

+#include <netinet/in.h>

+#include <netdb.h>

+#include <string.h>

+

+int main(int argc, char* argv[])

+{

+	char* message = "hello";

+	int sock, ret;

+	struct sockaddr_in server_addr;

+	struct hostent*  host = gethostbyname("localhost");

+	char* label;

+	char* attr = "security.SMACK64IPOUT";

+	int port;

+	if (argc != 3)

+	{

+		perror("Client: Argument missing, please provide port and  label for SMACK64IPOUT");

+		return 2;

+	}

+

+	port = atoi(argv[1]);

+	label = argv[2];

+	sock = socket(AF_INET, SOCK_DGRAM,0);

+	if(sock < 0)

+	{

+		perror("Client: Socket failure");

+		return 2;

+	}

+	

+

+	if(fsetxattr(sock, attr, label, strlen(label),0) < 0)

+	{

+		perror("Client: Unable to set attribute ");

+		return 2;

+	}

+

+

+	server_addr.sin_family = AF_INET;

+	server_addr.sin_port = htons(port);

+	bcopy((char*) host->h_addr, (char*) &server_addr.sin_addr.s_addr,host->h_length);

+	bzero(&(server_addr.sin_zero),8);

+	

+	ret = sendto(sock, message, strlen(message),0,(const struct sockaddr*)&server_addr,

+			sizeof(struct sockaddr_in));

+

+	close(sock);

+	if(ret < 0)

+	{

+		perror("Client: Error sending message\n");

+		return 1;

+	}

+	

+	return 0;

+}

+

diff --git a/meta-security/recipes-mac/smack/udp-smack-test/udp_server.c b/meta-security/recipes-mac/smack/udp-smack-test/udp_server.c
new file mode 100644
index 0000000..cbab71e
--- /dev/null
+++ b/meta-security/recipes-mac/smack/udp-smack-test/udp_server.c
@@ -0,0 +1,93 @@
+// (C) Copyright 2015 Intel Corporation

+//

+// Permission is hereby granted, free of charge, to any person obtaining a copy

+// of this software and associated documentation files (the "Software"), to deal

+// in the Software without restriction, including without limitation the rights

+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell

+// copies of the Software, and to permit persons to whom the Software is

+// furnished to do so, subject to the following conditions:

+//

+// The above copyright notice and this permission notice shall be included in

+// all copies or substantial portions of the Software.

+//

+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN

+// THE SOFTWARE.

+#include <sys/socket.h>

+#include <stdio.h>

+#include <netinet/in.h>

+#include <netdb.h>

+#include <string.h>

+

+int main(int argc, char* argv[])

+{

+	int sock,ret;

+	struct sockaddr_in server_addr, client_addr;

+	socklen_t len;

+	char message[5];

+	char* label;

+	char* attr = "security.SMACK64IPIN";

+	int port;

+

+	if(argc != 3)

+	{

+		perror("Server: Argument missing, please provide port and label for SMACK64IPIN");

+		return 2;

+	}

+	

+	port = atoi(argv[1]);

+	label = argv[2];

+

+	struct timeval timeout;

+	timeout.tv_sec = 15;

+	timeout.tv_usec = 0;

+

+	sock = socket(AF_INET,SOCK_DGRAM,0);

+	if(sock < 0)

+	{

+		perror("Server: Socket error");

+		return 2;

+	}

+	

+

+	if(fsetxattr(sock, attr, label, strlen(label), 0) < 0)

+	{

+		perror("Server: Unable to set attribute ");

+		return 2;

+	}

+

+	server_addr.sin_family = AF_INET;         

+	server_addr.sin_port = htons(port);     

+	server_addr.sin_addr.s_addr = INADDR_ANY; 

+	bzero(&(server_addr.sin_zero),8); 

+	

+

+	if(setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, &timeout, sizeof(timeout)) < 0)

+	{

+		perror("Server: Set timeout failed\n");

+		return 2;

+	}

+

+	if(bind(sock, (struct sockaddr*) &server_addr, sizeof(server_addr)) < 0)

+	{

+		perror("Server: Bind failure");

+		return 2;

+	}

+

+	len = sizeof(client_addr);

+	ret = recvfrom(sock, message, sizeof(message), 0, (struct sockaddr*)&client_addr,

+					&len);

+	close(sock);

+	if(ret < 0)

+	{

+		perror("Server: Error receiving");

+		return 1;

+

+	}

+	return 0;

+}

+

diff --git a/meta-security/recipes-mac/smack/udp-smack-test_1.0.bb b/meta-security/recipes-mac/smack/udp-smack-test_1.0.bb
new file mode 100644
index 0000000..9193f89
--- /dev/null
+++ b/meta-security/recipes-mac/smack/udp-smack-test_1.0.bb
@@ -0,0 +1,23 @@
+SUMMARY = "Binary used to test smack udp sockets"
+DESCRIPTION = "Server and client binaries used to test smack attributes on UDP sockets"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+
+SRC_URI = "file://udp_server.c \
+           file://udp_client.c \
+           file://test_smack_udp_sockets.sh \
+" 
+
+S = "${WORKDIR}"
+do_compile() {
+    ${CC} udp_client.c ${LDFLAGS} -o udp_client
+    ${CC} udp_server.c ${LDFLAGS} -o udp_server
+}
+
+do_install() {
+    install -d ${D}${bindir}
+    install -d ${D}${sbindir}
+    install -m 0755 udp_server ${D}${bindir}
+    install -m 0755 udp_client ${D}${bindir}
+    install -m 0755 test_smack_udp_sockets.sh ${D}${sbindir}
+}