reset upstream subtrees to yocto 2.6

Reset the following subtrees on thud HEAD:

  poky: 87e3a9739d
  meta-openembedded: 6094ae18c8
  meta-security: 31dc4e7532
  meta-raspberrypi: a48743dc36
  meta-xilinx: c42016e2e6

Also re-apply backports that didn't make it into thud:
  poky:
    17726d0 systemd-systemctl-native: handle Install wildcards

  meta-openembedded:
    4321a5d libtinyxml2: update to 7.0.1
    042f0a3 libcereal: Add native and nativesdk classes
    e23284f libcereal: Allow empty package
    030e8d4 rsyslog: curl-less build with fmhttp PACKAGECONFIG
    179a1b9 gtest: update to 1.8.1

Squashed OpenBMC subtree compatibility updates:
  meta-aspeed:
    Brad Bishop (1):
          aspeed: add yocto 2.6 compatibility

  meta-ibm:
    Brad Bishop (1):
          ibm: prepare for yocto 2.6

  meta-ingrasys:
    Brad Bishop (1):
          ingrasys: set layer compatibility to yocto 2.6

  meta-openpower:
    Brad Bishop (1):
          openpower: set layer compatibility to yocto 2.6

  meta-phosphor:
    Brad Bishop (3):
          phosphor: set layer compatibility to thud
          phosphor: libgpg-error: drop patches
          phosphor: react to fitimage artifact rename

    Ed Tanous (4):
          Dropbear: upgrade options for latest upgrade
          yocto2.6: update openssl options
          busybox: remove upstream watchdog patch
          systemd: Rebase CONFIG_CGROUP_BPF patch

Change-Id: I7b1fe71cca880d0372a82d94b5fd785323e3a9e7
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/meta-security/README b/meta-security/README
index ef80f2b..e238271 100644
--- a/meta-security/README
+++ b/meta-security/README
@@ -48,209 +48,6 @@
     /path/to/meta-openembedded/meta-networking \
     /path/to/layer/meta-security \
 
-Contents and Help
-=================
-
-In this section the contents of the layer is listed, along with a short
-help for each package.
-
-         == bastille ==
-
-        Bastille  is  a  system hardening / lockdown program which enhances the
-        security of a Unix host.  It configures daemons, system settings and
-        firewalls to be more secure.  It can shut off unneeded services
-        like rcp and rlogin, and helps create "chroot jails" that help limit the
-        vulnerability of common Internet services like Web services and DNS.
-
-        usage : The functionality of Bastille which is available is
-                restricted to a purely informational one. The command:
-                bastille -c --os Yocto
-                will cause a series of menus containing security questions
-                about the system to be displayed to the user. For each
-                question, a default response, specified in the configuration
-                file which is installed with Bastille, will be selected.
-                The user may select an alternate response. When the user
-                has completed the sequence of menus Bastille saves the
-                responses to the configuration file.
-
-                The command:
-                bastille -l lists the configuration files that Bastille
-                is able to locate.
-
-                The other functionality which Bastille is intended to provide
-                is actually unavailable. This is not due to errors in poky
-                installation or configuration of the application. The Bastille
-                distribution is no longer supported. Significant modifications
-                would be required to make it possible to make use of the
-                functionality which is currently unavailable.
-
-
-        Additional information about Bastille can be found in the package
-        README file and other documentation.
-
-        Alternatives to Bastille include buck-security and checksecurity,
-        described elsewhere in this file.
-
-
-        == redhat-security ==
-
-        Sometimes you want to check different aspects of a distribution for security problems.
-        This can be anything from file permissions to correctness of code. This is a collection of those tools.
-        Depending on what information the tool has to access, it may need to be run as root.
-
-        - rpm-chksec.sh : This will take an rpm name as input and verify each ELF file to see if its compiled with the intended flags
-                          to most effectively use PIE and RELRO. Green is good, Orange could use work but is acceptable, and Red needs fixing.
-                          It has a mode --all that is the equivalent of using rpm -qa and feeding the packages to it.
-                          In this mode it will only give a summary result for the package. To find which files don't comply,
-                          re-run using just the package name.
-
-		!!! WARNING !!! - in order to use this script you need to add to your conf/local.conf file the following lines:
-						IMAGE_ROOTFS_EXTRA_SPACE = ""  - specifying the extra space of the image
-						IMAGE_FEATURES += "package management" - for the correct output of rpm -qa
-
-        - find-nodrop-groups.sh : This will scan a whole file system to see if a program makes calls to change UID
-                                  and GID without also calling setgroups or initgroups.
-
-        - rpm-drop-groups.sh : Same as above, but takes an rpm name instead.
-
-        - find-chroot.sh : This script scans the whole file system looking for ELF files that calls chroot(2) that also do not include a call to chdir.
-                           Programs that fail to do this do not have the cwd inside the chroot. This means the app can escape the protection that was intended.
-
-        - find-chroot-py.sh : This test is like the one above except it examines python scripts for the same problem.
-
-        - find-execstack.sh : This program scans the whole file system for ELF programs that have marked the stack as being executable.
-                              This means that if the program has another vulnerablity such as stack buffer overflow,
-                              any code the attacker places there is executable. Any program found must be fixed.
-
-        - find-hidden-exec.sh : This program scans the whole file system looking for excutables that are hidden.
-                                Anything found must be investigated since its highly unusual for executables to be hidden.
-
-        - find-sh4errors.sh : This program scans the whole file system looking for shell scripts.
-                              It then does a sh -n on the script which causes bash to parse the file to see if there are any mistakes.
-
-        - selinux-check-devices.sh : This script checks the /dev directory to see if there are any devices that are not correctly labeled.
-                                     Anything found by this test should be reported so that selinux policy can be fixed.
-                                     This test is very hardware specific, so to be effective a lot of people with different hardware
-                                     should run this test each upstream kernel version release.
-
-        - selinux-ls-unconfined.sh :  This script scans the running processes and looks for anything labeled with initrc_t or inetd.
-                                      These both mean that there are daemons that do not have policy and are therefore running unconfined.
-                                      These should be reported as SE Linux policy problems. Because it checks currently running daemons,
-                                      the more you have running, the better the test is.
-
-        - find-sh4tmp.sh : This script scans the whole filesystem to check if shell scripts are using well known tmp file names
-                           instead of obscure ones created by something like mktemp.
-
-        - find-elf4tmp.sh : This script scans the whole file system for ELF files using /tmp. When it finds this,
-                            it also looks to see if any of the known good random name generator functions is called by looking
-                            at the symbol table. If not, it will output the string.
-
-        - lib-bin-check.sh : This will check all installed library packages to see if an application is also part of the package.
-                             The relationship to security is that the SHA256 hash check will fail if a 32 bit version overwrites it.
-                             Also, the less binaries on a system, the more secure it is by virtue of removing the chance for an exploitable bug.
-
-
-                usage : simply invoke the script name in the terminal.
-
-
-        == pax-utils ==
-
-		( This package can be found in oe-core )
-
-        pax-utils is a small set of various PaX aware and related utilities for
-        ELF binaries.
-
-        - scanelf : With this application you can print out information specific to the ELF structure of a binary.
-                    For more help please consult the man pages or the readme file.
-
-        - pspax : is a user-space utility that scans the proc directory and list
-                  ELF types, as well as their respective PaX flags and filenames and
-                  attributes. Depending on build options, it may additionaly display the
-                  process running set of capabilities.
-
-        - scanmacho : is a user-space utility to quickly scan given
-                      Mach-Os, directories, or common system paths for different information. This
-                      may include Mach-O types, their install_names, etc.
-
-        - dumpelf : is a user-space utility to dump all of the internal
-                    ELF structures into the equivalent C structures for fun debugging and/or
-                    reference purposes.
-
-
-                usage : simply invoke the script name in the terminal.
-
-
-        == buck-security ==
-
-        Buck-Security is a security scanner for Debian and Ubuntu Linux. It runs a couple of important checks and helps you to harden your Linux
-        system. This enables you to quickly overview the security status of your Linux system.
-
-                usage :	!!! before starting to use this tool please run the following command: !!!
-
-						export GPG_TTY=`tty`
-
-						This command is needed for the usage of the comand --make-checksum, which creates
-						a checksum for the files in the system.
-
-						switch to directory /usr/local/buck-security.
-                        before running the script, you should check the activated checks in conf/buck-security.conf file.
-                        after altering the changes, save the file and simply run :
-
-                        ./buck-security
-
-                        you can choose between different outputs : 1, 2(default) or 3.
-
-                        More detailed usage can be found typing ./buck-security --help
-
-
-        == libseccomp ==
-
-        The libseccomp library provides and easy to use, platform independent, interface to the Linux Kernel's syscall filtering mechanism: seccomp.
-        The libseccomp API is designed to abstract away the underlying BPF based syscall filter language and present a more conventional
-        function-call based filtering interface that should be familiar to, and easily adopted by application developers.
-
-                usage : More detailed usage can be found in the man pages and README file of the package.
-
-
-
-        == checksecurity ==
-
-        checksecurity is a simple package which will scan your system for several simple security holes.
-        It uses a simple collection of plugins, all of which are shell scripts which are configured by environmental variables.
-
-
-                usage : To start checksecurity simply write in the terminal :
-
-                        checksecurity
-
-        More detailed usage can be found in the man pages and README file of the package.
-
-
-        == nikto ==
-
-        Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items,
-        including over 6500 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific
-        problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files,
-        HTTP server options, and will attempt to identify installed web servers and software.
-
-                usage : To start nikto simply write in the terminal :
-
-                        nikto
-
-        More detailed usage can be found in the man pages and README file of the package.
-
-
-        == nmap ==
-
-        Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing.
-        Many systems and network administrators also find it useful for tasks such as network inventory,
-        managing service upgrade schedules, and monitoring host or service uptime.
-
-                usage : To start nikto simply write in the terminal :
-
-                        nmap
-
-        More detailed usage can be found in the man pages and README file of the package.
 
 Maintenance
 -----------
@@ -260,8 +57,8 @@
 When sending single patches, please using something like:
 'git send-email -1 --to yocto@yoctoproject.org --subject-prefix=meta-security][PATCH'
 
-Maintainers:    Saul Wold <sgw@linux.intel.com>
-                Armin Kuster <akuster@mvista.com>
+Maintainers:    Armin Kuster <akuster808@gmail.com>
+                Saul Wold <sgw@linux.intel.com>
 
 
 License